From a15b1939cd821a12242575fc7bc5a25fa15cb57b Mon Sep 17 00:00:00 2001 From: JonasCordsen <106592722+JonasCordsen@users.noreply.github.com> Date: Tue, 2 Jul 2024 11:49:25 +0200 Subject: [PATCH 01/11] Update Deploy-MDFC-Config_20240319 to use the newer defender for CSPM initiative: 72f8cee7-2937-403d-84a1-a4e3e57f3c21 (#1682) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jonas Nørregaard Cordsen Co-authored-by: Sacha Narinx Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> --- docs/wiki/Whats-new.md | 45 ++++++++++--------- .../policyDefinitions/initiatives.json | 4 +- .../Deploy-MDFC-Config_20240319.json | 4 +- 3 files changed, 27 insertions(+), 26 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 9ee6e32d6..ddcc5a29c 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -58,6 +58,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Added new custom policy [Do not allow deletion of specified resource and resource type](https://www.azadvertizer.net/azpolicyadvertizer/DenyAction-DeleteResources.html) that provides a safeguard against accidental removal of the User Assigned Managed Identity used by AMA. Assigned at the Platform Management Group, it blocks delete calls using the deny action effect. - Updated the custom policy [Deploy-ASC-SecurityContacts](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-ASC-SecurityContacts.html) as part of the [Deploy-MDFC-Config](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/deploy-mdfc-config.html) initiative to use the new API and revised construct for the Security Contact API in Defender for Cloud (`alertNotications` alias has been deprecated, and replaced by `notificationSources`). +- Updated the initiative [Deploy-MDFC-Config_20240319](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) to the the newer version of DCSPM: [Configure Microsoft Defender CSPM plan](https://www.azadvertizer.net/azpolicyadvertizer/72f8cee7-2937-403d-84a1-a4e3e57f3c21.html) #### Other @@ -105,7 +106,7 @@ This release includes: - Deprecating the ALZ custom diagnostic settings policies (53) and initiative (1) - NOTE: going forward if you have issues with Diagnostic Settings, please open an Azure support ticket - Updated [Audit-PublicIpAddresses-UnusedResourcesCostOptimization](https://www.azadvertizer.net/azpolicyadvertizer/Audit-PublicIpAddresses-UnusedResourcesCostOptimization.html) to check for `static` public IP addresses that are not associated with any resources (instead of `not basic`). -- Fixed the bug with [Configure Azure Machine Learning workspace to use private DNS zones](https://www.azadvertizer.net/azpolicyadvertizer/ee40564d-486e-4f68-a5ca-7a621edae0fb.html) policy where `secondPrivateDnsZoneId` parameter was missing which was leaving AML private endpoints incomplete. +- Fixed the bug with [Configure Azure Machine Learning workspace to use private DNS zones](https://www.azadvertizer.net/azpolicyadvertizer/ee40564d-486e-4f68-a5ca-7a621edae0fb.html) policy where `secondPrivateDnsZoneId` parameter was missing which was leaving AML private endpoints incomplete. - Updated `Audit-PrivateLinkDnsZones` display name to include the fact it can be `audit` or `deny` - Added the [Configure BotService resources to use private DNS zones](https://www.azadvertizer.net/azpolicyadvertizer/6a4e6f44-f2af-4082-9702-033c9e88b9f8.html) built-in policy to the "Deploy-Private-DNS-Zones" initiative and assignment. - Added the [Configure Azure Managed Grafana workspaces to use private DNS zones](https://www.azadvertizer.net/azpolicyadvertizer/4c8537f8-cd1b-49ec-b704-18e82a42fd58.html) built-in policy to the "Deploy-Private-DNS-Zones" initiative and assignment. @@ -227,7 +228,7 @@ Yes, the Q2 Policy Refresh has been delayed due to a light past quarter and some - 🎉 Added new initiative default assignment at the Intermediate Root Management Group for [Resources should be Zone Resilient](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/130fb88f-0fc9-4678-bfe1-31022d71c7d5.html) in Audit mode. - Added new default assignment at the Intermediate Root Management Group for [Resource Group and Resource locations should match](https://www.azadvertizer.net/azpolicyadvertizer/0a914e76-4921-4c19-b460-a2d36003525a.html), which will help customers better manage and identify regionally deployed resources and ultimately support improved resilience. -- We are deprecating MariaDB custom policies. For more information: [ALZ Policies FAQ](./ALZ-Policies-FAQ) +- We are deprecating MariaDB custom policies. For more information: [ALZ Policies FAQ](./ALZ-Policies-FAQ) - Fixed a typo in the Private DNS Zones initiative for the policy definition IDs for Databrics (corrected to Databricks). While not a breaking change, it is recommended to redeploy the initiative to ensure the correct policy definition IDs are used if you are using Private DNS Zones for Databricks - specifically if you have configured any exclusions or overrides for the Databricks policy definitions, as these rely on the policy definition ID (which has been updated). You will need to recreate the exclusions or overrides for Databricks if you choose not to redeploy the initiative. - Added ['Container Apps environment should disable public network access'](https://www.azadvertizer.net/azpolicyadvertizer/d074ddf8-01a5-4b5e-a2b8-964aed452c0a.html) to ['Deny-PublicPaaSEndpoints'.](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deny-PublicPaaSEndpoints.html) - Added ['Container Apps should only be accessible over HTTPS'](https://www.azadvertizer.net/azpolicyadvertizer/0e80e269-43a4-4ae9-b5bc-178126b8a5cb.html) to this ['Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit'.](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit.html) @@ -394,7 +395,7 @@ Major update in this release: introducing the Policy Testing Framework foundatio #### Other -- When the option to deploy Log Analytics workspace and enable monitoring is enabled (Yes) in the Platform management, security, and governance section, Diagnostic Settings for Management Groups are also deployed. +- When the option to deploy Log Analytics workspace and enable monitoring is enabled (Yes) in the Platform management, security, and governance section, Diagnostic Settings for Management Groups are also deployed. ### May 2023 @@ -507,7 +508,7 @@ Note that a number of initiatives have been updated that will fail to deploy if ##### Update - Removed deprecated policy [[Deprecated]: Latest TLS version should be used in your API App (azadvertizer.net)](https://www.azadvertizer.net/azpolicyadvertizer/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e.html) from initiative [Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (azadvertizer.net)](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit.html) as recommended policy is already included in the initiative. - - **BREAKING CHANGE** (parameters changed): + - **BREAKING CHANGE** (parameters changed): - Delete assignment [Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (azadvertizer.net)](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit.html). - Delete custom initiative prior to applying updates as parameters have changed, then re-assign. - Delete orphaned indentity on Landing Zone scope. @@ -594,7 +595,7 @@ Note that a number of initiatives have been updated that will fail to deploy if #### Docs - Migrated the following pages to the [Enterprise-Scale Wiki](https://github.com/Azure/Enterprise-Scale/wiki/) - + | Original URL | New URL | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | | [docs/ESLZ-Policies.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/ESLZ-Policies.md) | [wiki/ALZ-Policies](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies) | @@ -607,8 +608,8 @@ Note that a number of initiatives have been updated that will fail to deploy if | [docs/EnterpriseScale-Roadmap.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Roadmap.md) | [wiki/ALZ-Roadmap](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Roadmap) | | [docs/EnterpriseScale-Setup-aad-permissions.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Setup-aad-permissions.md) | [wiki/ALZ-Setup-aad-permissions](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Setup-aad-permissions) | | [docs/EnterpriseScale-Setup-azure.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Setup-azure.md) | [wiki/ALZ-Setup-azure](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Setup-azure) | - - + + - Updated the guidance for contributing to the [Azure/Enterprise-Scale](https://github.com/Azure/Enterprise-Scale/) repository #### Tooling @@ -646,20 +647,20 @@ Note that a number of initiatives have been updated that will fail to deploy if - "**Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace**" definition added and also added to `Deploy-Diagnostics-LogAnalytics` initiative - "**Deploy Diagnostic Settings for Databricks to Log Analytics workspace**" definition update - + - Version 1.1.0 -> 1.2.0 - Added missing log categories - "**Deploy SQL Database security Alert Policies configuration with email admin accounts**" definition update - + - Version 1.0.0 -> 1.1.1 - Changed email addresses from hardcoding to array parameter - "**Deploy SQL Database Transparent Data Encryption**" definition update - + - Version 1.0.0 -> 1.1.0 - Added system databases master, model, tempdb, msdb, resource to exclusion parameter as default values - Added as Policy Rule 'notIn' which will exclude the above databases from the policy - Updated "**Deploy-Private-DNS-Zones**" Custom initiative for **Azure Public Cloud**, with latest built-in Policies. Policies were added for the following Services: - + - Azure Automation - Azure Cosmos DB (all APIs: SQL, MongoDB, Cassandra, Gremlin, Table) - Azure Data Factory @@ -670,7 +671,7 @@ Note that a number of initiatives have been updated that will fail to deploy if - Azure Media Services - Azure Monitor - Minor fixes related to "**Deploy-Private-DNS-Zones**" Custom Initiative and respective Assignment: - + - Added missing Zones for **"WebPubSub"** and **"azure-devices-provisioning"**, so Initiative Assignment works correctly - Minor correction related to **ASR Private DNS Zone variable**, so Initiative Assignment works correctly - Conversion of **"Azure Batch"** Private DNS Zone (from regional to global), to properly align with latest respective documentation and functionality @@ -679,28 +680,28 @@ Note that a number of initiatives have been updated that will fail to deploy if - Added `Configure Microsoft Defender for Azure Cosmos DB to be enabled` to the `Deploy Microsoft Defender for Cloud configuration` initiative and updated version to `3.1.0` - Fixing issue [issue #1081](https://github.com/Azure/Enterprise-Scale/issues/1081) - Added `AZFWFlowTrace` category for Azure Firewall in associated Diagnostic Policy - Deprecated the following ALZ policies - + - [Deploy-Nsg-FlowLogs](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Nsg-FlowLogs.html) - [Deploy-Nsg-FlowLogs-to-LA](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Nsg-FlowLogs-to-LA.html) - [Deny-PublicIp](https://www.azadvertizer.net/azpolicyadvertizer/Deny-PublicIP.html) - + in favour of Azure built-in policies with the same or enhanced functionality. - + | ALZ Policy ID(s) | Azure Builti-in Policy ID(s) | | --------------------------- | -------------------------------------- | | Deploy-Nsg-FlowLogs-to-LA | e920df7f-9a64-4066-9b58-52684c02a091 | | Deploy-Nsg-FlowLogs | e920df7f-9a64-4066-9b58-52684c02a091 | | Deny-PublicIp | 6c112d4e-5bc7-47ae-a041-ea2d9dccd749 | - - + + - "**"Deploy-ASC-SecurityContacts"**" definition update - + - displayName and description update to "Deploy Microsoft Defender for Cloud Security Contacts" - Added new parameter `minimalSeverity` with settings - Default value `High` - Allowed values: `High`, `Medium`, `Low` - "**"Deploy-MDFC-Config"**" definition update - + - Updated policy definitions set Deploy-MDFC-Config, Deploy-MDFC-Config(US Gov), Deploy-MDFC-Config (China) - added new parameter `minimalSeverity`. - added default value for multiple parameters. @@ -753,7 +754,7 @@ Note that a number of initiatives have been updated that will fail to deploy if #### Docs - Updated the Enterprise-scale [Wiki](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/) to reflect the latest updates on Azure landing zone accelerator. - + - [Deploy Azure landing zone portal accelerator](./Deploying-ALZ) - [Deployment guidance for Small Enterprises](./Deploying-ALZ-BasicSetup) - [How to deploy without hybrid connectivity](./Deploying-ALZ-Foundation) @@ -1003,7 +1004,7 @@ Note that a number of initiatives have been updated that will fail to deploy if - Replaced `Deploy-Default-Udr` policy with `Deploy-Custom-Route-Table` that allows deploying custom route tables with an arbitrary set of UDRs (including a 0/0 default route if needed). See [here](https://github.com/Azure/Enterprise-Scale/blob/main/docs/Deploy/deploy-policy-driven-routing.md) for usage details. - Updated `Deploy-Budget` policy, to v1.1.0, adding new parameter of `budgetName` that defaults to: `budget-set-by-policy` - closing issue [#842](https://github.com/Azure/Enterprise-Scale/issues/842) - + - Including Fairfax - Also Mooncake (Azure China) even though not in use yet - Added `AuditEvent` to `Deploy-Diagnostics-AA` Policy Definition to ensure correct compliance reporting on Automation Account used for diagnostics - closing issue [#864](https://github.com/Azure/Enterprise-Scale/issues/864) @@ -1138,7 +1139,7 @@ Note that a number of initiatives have been updated that will fail to deploy if - Various custom ESLZ Azure Policies have moved to Built-In Azure Policies, see below table for more detail: > You may continue to use the ESLZ custom Azure Policy as it will still function as it does today. However, we recommend you move to assigning the new Built-In version of the Azure Policy. -> +> > **Please note** that moving to the new Built-In Policy Definition will require a new Policy Assignment and removing the previous Policy Assignment, which will mean compliance history for the Policy Assignment will be lost. However, if you have configured your Activity Logs and Security Center to export to a Log Analytics Workspace; Policy Assignment historic data will be stored here as per the retention duration configured. **Policy Definitions Updates** diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json index b82c80aee..e6225372d 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "10303493817097178140" + "templateHash": "9203697895916455860" } }, "parameters": { @@ -109,7 +109,7 @@ "$fxv#36": "{\n \"name\": \"Deny-PublicPaaSEndpoints\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Public network access should be disabled for PaaS services\",\n \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n \"metadata\": {\n \"version\": \"5.1.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"CosmosPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for CosmosDB\",\n \"description\": \"This policy denies that Cosmos database accounts are created with out public network access is disabled.\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"KeyVaultPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for KeyVault\",\n \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"SqlServerPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"StoragePublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access onStorage accounts should be disabled\",\n \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AKSPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access on AKS API should be disabled\",\n \"description\": \"This policy denies the creation of Azure Kubernetes Service non-private clusters\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"ACRPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access on Azure Container Registry disabled\",\n \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AFSPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access on Azure File Sync disabled\",\n \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"PostgreSQLFlexPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"postgreSqlPublicNetworkAccess\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"MySQLFlexPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"BatchPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"MariaDbPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"MlPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"RedisCachePublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"BotServicePublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Bot Service\",\n \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AutomationPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Automation accounts\",\n \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AppConfigPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for App Configuration\",\n \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"FunctionPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Function apps\",\n \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"FunctionAppSlotPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Function apps\",\n \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AsePublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AsPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for App Service apps\",\n \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"ApiManPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for API Management services\",\n \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"AuditIfNotExists\"\n },\n \"ContainerAppsEnvironmentDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Container Apps environment should disable public network access\",\n \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AsrVaultDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"logicAppPublicNetworkAccessEffect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"appSlotsPublicNetworkAccess\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"cognitiveSearchPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"managedDiskPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\"\n ]\n },\n \"containerAppsPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"adxPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"adfPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"eventGridPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"eventGridTopicPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"eventHubNamespacesPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"keyVaultManagedHsmDisablePublicNetwork\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"mySqlPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"cognitiveServicesNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"cognitiveServicesPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"serviceBusDisablePublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"sqlManagedPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"storageAccountsPublicAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"synapsePublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"avdHostPoolPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"avdWorkspacePublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"grafanaPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n }\n }\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}", "$fxv#37": "{\n \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n \"metadata\": {\n \"deprecated\": true,\n \"version\": \"2.2.0-deprecated\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"metadata\": {\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"displayName\": \"Log Analytics workspace\",\n \"strongType\": \"omsWorkspace\"\n },\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"ACILogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n }\n },\n \"ACRLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics enabled.\"\n }\n },\n \"AKSLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n }\n },\n \"AnalysisServiceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"APIforFHIRLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"APIMgmtLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"APIMgmtLogAnalyticsDestinationType\": {\n \"type\": \"String\",\n \"defaultValue\": \"AzureDiagnostics\",\n \"allowedValues\": [\n \"AzureDiagnostics\",\n \"Dedicated\"\n ],\n \"metadata\": {\n \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n }\n },\n \"ApplicationGatewayLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AutomationLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"BastionLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"BatchLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"CDNEndpointsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"CognitiveServicesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"CosmosLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"DatabricksLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"DataExplorerClusterLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"DataFactoryLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"DataLakeStoreLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"DataLakeAnalyticsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"EventGridSubLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"EventGridTopicLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"EventHubLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"EventSystemTopicLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"ExpressRouteLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"FirewallLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"FirewallLogAnalyticsDestinationType\": {\n \"type\": \"String\",\n \"defaultValue\": \"AzureDiagnostics\",\n \"allowedValues\": [\n \"AzureDiagnostics\",\n \"Dedicated\"\n ],\n \"metadata\": {\n \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n }\n },\n \"FrontDoorLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"FunctionAppLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"HDInsightLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"IotHubLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"KeyVaultLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"LoadBalancerLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"LogAnalyticsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n }\n },\n \"LogicAppsISELogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"LogicAppsWFLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"MariaDBLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"MediaServiceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"MlWorkspaceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"MySQLLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"NetworkNICLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"PostgreSQLLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"PowerBIEmbeddedLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"NetworkPublicIPNicLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"RedisCacheLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"RelayLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"SearchServicesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"ServiceBusLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"SignalRLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"SQLDBsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"SQLElasticPoolsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"SQLMLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"StreamAnalyticsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"TimeSeriesInsightsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"TrafficManagerLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VirtualNetworkLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VirtualMachinesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VMSSLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets to stream to a Log Analytics workspace when any Virtual Machine Scale Sets which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VNetGWLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n }\n },\n \"AppServiceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AppServiceWebappLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDScalingPlansLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"WVDAppGroupsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"WVDWorkspaceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"WVDHostPoolsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"StorageAccountsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VWanS2SVPNGWLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n },\n \"diagnosticsSettingNameToUse\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"logAnalyticsDestinationType\": {\n \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"logAnalyticsDestinationType\": {\n \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"True\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n },\n \"diagnosticsSettingNameToUse\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}\n", "$fxv#38": "{\n \"name\": \"Deploy-MDFC-Config\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n \"metadata\": {\n \"version\": \"7.0.0-deprecated\",\n \"category\": \"Security Center\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"deprecated\": true,\n \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Security contacts email address\",\n \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"High\",\n \"Medium\",\n \"Low\"\n ],\n \"defaultValue\": \"High\",\n \"metadata\": {\n \"displayName\": \"Minimal severity\",\n \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n }\n },\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Primary Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"ascExportResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n }\n },\n \"ascExportResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n }\n },\n \"enableAscForCosmosDbs\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSql\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSqlOnVm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForDns\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForArm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForOssDb\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForAppServices\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForKeyVault\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForStorage\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForContainers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServersVulnerabilityAssessments\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"vulnerabilityAssessmentProvider\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"default\",\n \"mdeTvm\"\n ],\n \"defaultValue\": \"default\",\n \"metadata\": {\n \"displayName\": \"Vulnerability assessment provider type\",\n \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n }\n },\n \"enableAscForApis\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForCspm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForOssDb')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVM\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n },\n \"vaType\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForAppServices')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForStorage')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforContainers\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n },\n \"logAnalyticsWorkspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForKeyVault')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForDns\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForDns')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForArm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForArm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSql')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForApis\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForApis')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCspm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCspm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"securityEmailContact\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"value\": \"[[parameters('emailSecurityContact')]\"\n },\n \"minimalSeverity\": {\n \"value\": \"[[parameters('minimalSeverity')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ascExport\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n \"parameters\": {\n \"resourceGroupName\": {\n \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n },\n \"resourceGroupLocation\": {\n \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n },\n \"workspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n \"parameters\": {\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}", - "$fxv#39": "{\n \"name\": \"Deploy-MDFC-Config_20240319\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Security Center\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"replacesPolicy\": \"Deploy-MDFC-Config\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Security contacts email address\",\n \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"High\",\n \"Medium\",\n \"Low\"\n ],\n \"defaultValue\": \"High\",\n \"metadata\": {\n \"displayName\": \"Minimal severity\",\n \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n }\n },\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Primary Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"ascExportResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n }\n },\n \"ascExportResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n }\n },\n \"enableAscForCosmosDbs\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSql\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSqlOnVm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForArm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForOssDb\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForAppServices\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForKeyVault\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForStorage\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForContainers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServersVulnerabilityAssessments\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"vulnerabilityAssessmentProvider\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"default\",\n \"mdeTvm\"\n ],\n \"defaultValue\": \"mdeTvm\",\n \"metadata\": {\n \"displayName\": \"Vulnerability assessment provider type\",\n \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n }\n },\n \"enableAscForCspm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForOssDb')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVM\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n },\n \"vaType\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForAppServices')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForStorage')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforContainers\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n },\n \"logAnalyticsWorkspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForKeyVault')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForArm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForArm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSql')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCspm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCspm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"securityEmailContact\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"value\": \"[[parameters('emailSecurityContact')]\"\n },\n \"minimalSeverity\": {\n \"value\": \"[[parameters('minimalSeverity')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ascExport\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n \"parameters\": {\n \"resourceGroupName\": {\n \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n },\n \"resourceGroupLocation\": {\n \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n },\n \"workspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n \"parameters\": {\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}", + "$fxv#39": "{\n \"name\": \"Deploy-MDFC-Config_20240319\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n \"metadata\": {\n \"version\": \"2.0.0\",\n \"category\": \"Security Center\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"replacesPolicy\": \"Deploy-MDFC-Config\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Security contacts email address\",\n \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"High\",\n \"Medium\",\n \"Low\"\n ],\n \"defaultValue\": \"High\",\n \"metadata\": {\n \"displayName\": \"Minimal severity\",\n \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n }\n },\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Primary Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"ascExportResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n }\n },\n \"ascExportResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n }\n },\n \"enableAscForCosmosDbs\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSql\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSqlOnVm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForArm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForOssDb\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForAppServices\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForKeyVault\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForStorage\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForContainers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServersVulnerabilityAssessments\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"vulnerabilityAssessmentProvider\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"default\",\n \"mdeTvm\"\n ],\n \"defaultValue\": \"mdeTvm\",\n \"metadata\": {\n \"displayName\": \"Vulnerability assessment provider type\",\n \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n }\n },\n \"enableAscForCspm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForOssDb')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVM\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n },\n \"vaType\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForAppServices')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForStorage')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforContainers\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n },\n \"logAnalyticsWorkspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForKeyVault')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForArm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForArm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSql')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCspm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72f8cee7-2937-403d-84a1-a4e3e57f3c21\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCspm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"securityEmailContact\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"value\": \"[[parameters('emailSecurityContact')]\"\n },\n \"minimalSeverity\": {\n \"value\": \"[[parameters('minimalSeverity')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ascExport\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n \"parameters\": {\n \"resourceGroupName\": {\n \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n },\n \"resourceGroupLocation\": {\n \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n },\n \"workspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n \"parameters\": {\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}", "$fxv#4": "{\n \"name\": \"Enforce-EncryptTransit\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n \"metadata\": {\n \"version\": \"2.1.0-deprecated\",\n \"category\": \"Encryption\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"deprecated\": true,\n \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"AppServiceHttpEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n }\n },\n \"AppServiceTlsVersionEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n \"description\": \"App Service. Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n }\n },\n \"AppServiceminTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.0\",\n \"1.1\"\n ],\n \"metadata\": {\n \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n \"description\": \"App Service. Select version minimum TLS version for a Web App config to enforce\"\n }\n },\n \"APIAppServiceHttpsEffect\": {\n \"metadata\": {\n \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"FunctionLatestTlsEffect\": {\n \"metadata\": {\n \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"AuditIfNotExists\",\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ]\n },\n \"FunctionServiceHttpsEffect\": {\n \"metadata\": {\n \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"WebAppServiceLatestTlsEffect\": {\n \"metadata\": {\n \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"AuditIfNotExists\",\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ]\n },\n \"WebAppServiceHttpsEffect\": {\n \"metadata\": {\n \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"AKSIngressHttpsOnlyEffect\": {\n \"metadata\": {\n \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"deny\",\n \"allowedValues\": [\n \"audit\",\n \"deny\",\n \"disabled\"\n ]\n },\n \"MySQLEnableSSLDeployEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n }\n },\n \"MySQLEnableSSLEffect\": {\n \"metadata\": {\n \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"MySQLminimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for MySQL server to enforce\"\n }\n },\n \"PostgreSQLEnableSSLDeployEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n }\n },\n \"PostgreSQLEnableSSLEffect\": {\n \"metadata\": {\n \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"PostgreSQLminimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n \"description\": \"PostgreSQL database servers. Select version minimum TLS version Azure Database for MySQL server to enforce\"\n }\n },\n \"RedisTLSDeployEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n }\n },\n \"RedisMinTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.0\",\n \"1.1\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n \"description\": \"Select version minimum TLS version for a Azure Cache for Redis to enforce\"\n }\n },\n \"RedisTLSEffect\": {\n \"metadata\": {\n \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"SQLManagedInstanceTLSDeployEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n }\n },\n \"SQLManagedInstanceMinTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.0\",\n \"1.1\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n \"description\": \"Select version minimum TLS version for Azure Managed Instanceto to enforce\"\n }\n },\n \"SQLManagedInstanceTLSEffect\": {\n \"metadata\": {\n \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"SQLServerTLSDeployEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n }\n },\n \"SQLServerminTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.0\",\n \"1.1\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n \"description\": \"Select version minimum TLS version for Azure SQL Database to enforce\"\n }\n },\n \"SQLServerTLSEffect\": {\n \"metadata\": {\n \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"StorageDeployHttpsEnabledEffect\": {\n \"metadata\": {\n \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ]\n },\n \"StorageminimumTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_1\",\n \"TLS1_0\"\n ],\n \"metadata\": {\n \"displayName\": \"Storage Account select minimum TLS version\",\n \"description\": \"Select version minimum TLS version on Azure Storage Account to enforce\"\n }\n },\n \"StorageHttpsEnabledEffect\": {\n \"metadata\": {\n \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"ContainerAppsHttpsOnlyEffect\": {\n \"metadata\": {\n \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n },\n \"minTlsVersion\": {\n \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('RedisTLSEffect')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n }\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n }", "$fxv#40": "{\n \"name\": \"Deploy-Private-DNS-Zones\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n \"metadata\": {\n \"version\": \"2.2.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"azureFilePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureFilePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAutomationWebhookPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCosmosSQLPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCosmosMongoPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCosmosCassandraPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCosmosGremlinPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCosmosTablePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureDataFactoryPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureDataFactoryPortalPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureDatabricksPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureHDInsightPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMigratePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMigratePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageBlobPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageBlobSecPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageQueuePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageQueueSecPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageFilePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageStaticWebPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageDFSPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageDFSSecPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSynapseSQLPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSynapseSQLODPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSynapseDevPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMediaServicesKeyPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMediaServicesLivePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMediaServicesStreamPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMonitorPrivateDnsZoneId1\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMonitorPrivateDnsZoneId2\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMonitorPrivateDnsZoneId3\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMonitorPrivateDnsZoneId4\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMonitorPrivateDnsZoneId5\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureWebPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureWebPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureBatchPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureBatchPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAppPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAppPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAsrPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAsrPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureIotPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureIotPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureKeyVaultPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSignalRPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAppServicesPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureEventGridTopicsPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureDiskAccessPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCognitiveServicesPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureIotHubsPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureEventGridDomainsPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureRedisCachePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAcrPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAcrPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureEventHubNamespacePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureServiceBusNamespacePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCognitiveSearchPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureBotServicePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureIotDeviceupdatePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureIotCentralPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageTablePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"effect\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"effect1\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"deployIfNotExists\"\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"Webhook\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"DSCAndHybridWorker\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"SQL\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"MongoDB\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"Cassandra\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"Gremlin\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"Table\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n },\n \"listOfGroupIds\": {\n \"value\": [\n \"dataFactory\"\n ]\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n },\n \"listOfGroupIds\": {\n \"value\": [\n \"portal\"\n ]\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"databricks_ui_api\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"browser_authentication\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"cluster\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n },\n \"targetSubResource\": {\n \"value\": \"Sql\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n },\n \"targetSubResource\": {\n \"value\": \"SqlOnDemand\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n },\n \"targetSubResource\": {\n \"value\": \"Dev\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"keydelivery\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"liveevent\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"streamingendpoint\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n \"parameters\": {\n \"privateDnsZoneId1\": {\n \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n },\n \"privateDnsZoneId2\": {\n \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n },\n \"privateDnsZoneId3\": {\n \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n },\n \"privateDnsZoneId4\": {\n \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n },\n \"privateDnsZoneId5\": {\n \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect1')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect1')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect1')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n },\n \"secondPrivateDnsZoneId\": {\n \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"connection\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"feed\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n \"parameters\":{\n \"privateDnsZoneIdForGuestConfiguration\": {\n \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n },\n \"privateDnsZoneIdForHybridResourceProvider\": {\n \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n },\n \"privateDnsZoneIdForKubernetesConfiguration\": {\n \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n \"parameters\":{\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n \"parameters\":{\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n \"parameters\":{\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n \"parameters\":{\n \"privateDnsZone-Backup\": {\n \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n },\n \"privateDnsZone-Blob\": {\n \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n },\n \"privateDnsZone-Queue\": {\n \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}\n", "$fxv#41": "{\n \"name\": \"Enforce-Encryption-CMK\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n \"metadata\": {\n \"version\": \"3.0.0\",\n \"category\": \"Encryption\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"ACRCmkEffect\": {\n \"metadata\": {\n \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"AksCmkEffect\": {\n \"metadata\": {\n \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"WorkspaceCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n }\n },\n \"CognitiveServicesCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n }\n },\n \"CosmosCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"deny\",\n \"allowedValues\": [\n \"audit\",\n \"deny\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n }\n },\n \"DataBoxCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n }\n },\n \"StreamAnalyticsCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"deny\",\n \"allowedValues\": [\n \"audit\",\n \"deny\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n }\n },\n \"SynapseWorkspaceCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n }\n },\n \"StorageCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n }\n },\n \"MySQLCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"AuditIfNotExists\",\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n }\n },\n \"PostgreSQLCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"AuditIfNotExists\",\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n }\n },\n \"SqlServerTDECMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n }\n },\n \"HealthcareAPIsCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"audit\",\n \"allowedValues\": [\n \"audit\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n }\n },\n \"AzureBatchCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n }\n },\n \"EncryptedVMDisksEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"AuditIfNotExists\",\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Disk encryption should be applied on virtual machines\",\n \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n }\n },\n \"AutomationAccountCmkEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"BackupCmkEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"cognitiveSearchCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"osAndDataDiskCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"containerInstanceCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"adxCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"adfCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"eventHubNamespacesCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\"\n ]\n },\n \"eventHubPremiumCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"serviceBusDenyCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\"\n ]\n },\n \"sqlManagedCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"storageTableCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"storageAccountsEncryptionCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"storageQueueCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('ACRCmkEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AksCmkEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('CosmosCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('StorageCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MySQLCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('BackupCmkEffect')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('containerInstanceCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('adxCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('adfCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('sqlManagedCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('storageTableCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('storageQueueCmk')]\"\n }\n }\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}", diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config_20240319.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config_20240319.json index e62007a4a..63036f61f 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config_20240319.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config_20240319.json @@ -8,7 +8,7 @@ "displayName": "Deploy Microsoft Defender for Cloud configuration", "description": "Deploy Microsoft Defender for Cloud configuration", "metadata": { - "version": "1.0.0", + "version": "2.0.0", "category": "Security Center", "source": "https://github.com/Azure/Enterprise-Scale/", "replacesPolicy": "Deploy-MDFC-Config", @@ -355,7 +355,7 @@ }, { "policyDefinitionReferenceId": "defenderForCspm", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/72f8cee7-2937-403d-84a1-a4e3e57f3c21", "parameters": { "effect": { "value": "[[parameters('enableAscForCspm')]" From eba566cc026ed75f1e640e5b42a384b4369bf7ef Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Mon, 22 Jul 2024 16:39:00 +0400 Subject: [PATCH 02/11] =?UTF-8?q?Remove=20duplicate=20assignment=20and=20p?= =?UTF-8?q?ortal=20option=20for=20Azure=20Policy=20Add-on=E2=80=A6=20(#171?= =?UTF-8?q?0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/wiki/ALZ-Policies.md | 3 +- docs/wiki/Whats-new.md | 4 + .../wiki/media/ALZ Policy Assignments v2.xlsx | Bin 49917 -> 49786 bytes eslzArm/eslz-portal.json | 47 +--------- eslzArm/eslzArm.json | 38 --------- .../DINE-AksPolicyPolicyAssignment.json | 80 ------------------ 6 files changed, 6 insertions(+), 166 deletions(-) delete mode 100644 eslzArm/managementGroupTemplates/policyAssignments/DINE-AksPolicyPolicyAssignment.json diff --git a/docs/wiki/ALZ-Policies.md b/docs/wiki/ALZ-Policies.md index e72ad4ba0..70c76a24c 100644 --- a/docs/wiki/ALZ-Policies.md +++ b/docs/wiki/ALZ-Policies.md @@ -224,7 +224,7 @@ This is the parent management group for all the landing zone child management gr | **Policy Type** | **Count** | | :--- | :---: | | `Policy Definition Sets` | **13** | -| `Policy Definitions` | **15** | +| `Policy Definitions` | **14** | The table below provides the specific **Custom** and **Built-in** **policy definitions** and **policy definitions sets** assigned at the **Landing Zones Management Group**. @@ -239,7 +239,6 @@ The table below provides the specific **Custom** and **Built-in** **policy defin | **Subnets should have a Network Security Group** | **Subnets should have a Network Security Group** | `Policy Definition`, **Custom** | This policy denies the creation of a subnet without a Network Security Group. NSG help to protect traffic across subnet-level. | Deny | | **Network interfaces should disable IP forwarding** | **Network interfaces should disable IP forwarding** | `Policy Definition`, **Built-in** | This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. | Deny | | **Secure transfer to storage accounts should be enabled** | **Secure transfer to storage accounts should be enabled** | `Policy Definition`, **Built-in** | Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking | Audit | -| **Deploy Azure Policy Add-on to Azure Kubernetes Service clusters** | **Deploy Azure Policy Add-on to Azure Kubernetes Service clusters** | `Policy Definition`, **Built-in** | Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. | DeployIfNotExists | | **Configure SQL servers to have auditing enabled to Log Analytics workspace** | **Configure SQL servers to have auditing enabled to Log Analytics workspace** | `Policy Definition`, **Built-in** | To ensure the operations performed against your SQL assets are captured, SQL servers should have auditing enabled. If auditing is not enabled, this policy will configure auditing events to flow to the specified Log Analytics workspace. | DeployIfNotExists | | **Deploy Threat Detection on SQL servers** | **Configure Azure Defender to be enabled on SQL servers** | `Policy Definition`, **Built-in** | Enable Azure Defender on your Azure SQL Servers to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. | DeployIfNotExists | | **Deploy TDE on SQL servers** | **Deploy TDE on SQL servers** | `Policy Definition`, **Built-in** | This policy ensures that Transparent Data Encryption is enabled on SQL Servers | DeployIfNotExists | diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index ddcc5a29c..dc0eb4b64 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -46,6 +46,10 @@ This article will be updated as and when changes are made to the above and anyth Here's what's changed in Enterprise Scale/Azure Landing Zones: +### 🔃 Policy Refresh Q1 FY25 + +- Removed duplicate assignment and portal option of [Deploy Azure Policy Add-on to Azure Kubernetes Service clusters](https://www.azadvertizer.net/azpolicyadvertizer/a8eff44f-8c92-45c3-a3fb-9880802d67a7.html) at Landing Zones scope, as this policy is assigned in the initiative [Deploy Microsoft Defender for Cloud configuration](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) at Intermediate Root scope. + ### June 2024 #### Documentation diff --git a/docs/wiki/media/ALZ Policy Assignments v2.xlsx b/docs/wiki/media/ALZ Policy Assignments v2.xlsx index ef277d5bea41a5236c971165936a8ba25363e0f7..56b3f486f23c6e76d09a0b7647e2fba6e9d6527c 100644 GIT binary patch delta 18751 zcmV)2y{(Ie_R*1WHlM+&qU}S z&wu^pY{mHFjIl=z0BSMN7g9E%X^MP7DlAS}Luy!=GhSf{L;hfjh7(+f1tGF3P1~}3 zv%<92JA{xQgTdx=nv;a(%Zk*p1L35^66lKsZNwI>%8!AoFn?S&M$W1RAZE0r^0@`o zwJHxUA8N+&tOT>yf5_9;9KJsMkOhssJqeZ$j;d(RnP78y3eaXp`oMl4mrWc@T60%^5c3Bh^qMDupsZ2kOfPD^szNms*7^BGqv zQl+kySje=Xk`x2I2Sc_ZZzlM%87^rFt9CDNEZscc$$7+Ke*m$MN=bN)C5c%rL24W7 zKP#&iJ6^t2YMV%KT&zHoQ+At#B|bd$V(w1 z6Q?QA;xHD(nB=%5(}Lw7G9EVKV#&h2mT}$ONZ!#JlHj9R&P&xK-gu zat)p@lPieCe*`~4Tp;?uuua=ba6EGE>zs$^{w1;FsApxC(aSvFaIIc!^iw}Iyq+DT zR$}$h(D@3+a6il$UdqKLxi!7s|M*yvq0BG9Id<`DKBWsYifV4uCj&An?2cv3~$E;>0+38QAPz zc3O39f9)yAoYtgJxeV6rjW#ykugkhRz0au1&jd?6!-A+3ha8w}4Me)OphZE{ji#S} z_>NyXRv&&liB3>>^7{!oGxyGW_u(M)BM$F^^8Lg2semKEx_rbn)wS8vN0uEZ$C0(X z60+@~WKfV3axKWGzH3;i;~8$yw~fGcY$J9Pe>?ShX_5{-l~3y04*!qKtF2t&_Wyul zxxifBaGXCvwHlN85JIFPp{fY*-6uQrf}!OAMK?p4;i5ihf9Si0mt>CDLrI)^*(+IP z{`{R+M_{&Z6D*fdb5*%*$DwMo&FpS+-c4*Y_oh~c<3t&|C1qD6|=Al zWdaIOKf~z&9{>Pmtdqbk8I$k31%I5C+m6~W5Qgt7^&KMLlf;fg2qL@M!lG8~#j4xW zt#KT%Hi=W)EYPa&-iea{)k+nt1Wa&-Z|0vvnBDHH(t8%#NL6PD`yui~%~dYzb%wrv zS&k;iGnUmkD^)ErbPxvJ-n@M?+bR8IHbPhr2(`)3#@c2Y1cq-!#f+~SQGdgoLg|WG z_^Q`|X|!Ou`%zT}Bn-zv#bk{-!clRSSY@&L~T2W7A3QgzuCyf477@0f~%N* z+BPGuss<1%SxS3wP~=s7`e9uw%~mDo-ebzRx7Y9@@Q#Ks?)*ihN^-4?Dy$FWpv(EC z{4_`d#*d_z`Y*y@8fft>+kXb0P~>$f;rPfRCs_1K*!T!*%cZAVnP=$tT@t48eX<-8 zy0{zbOXzT`%G09A&>fzB98XYiGjjvH4{#I$vSGFG4v!6V+4)%2d=iD7i?W0OgnuHBaVww21NdcV zrL0v|>)=+v!cn2sFHyTBT&y;`7W%Jq2kEI1Xg5DQ2~jltv0T6js0fZS&aVeaOSd); z+RH`3wxyk`^1ICKCPNcHj_G)k#AvwpS?%5nx!$yzs1G9COiuH|LKqH90@{5SlB*K< z@aa{uU3Qppw(pA7v42V8<1md{wy}qH?7@d`4V0mej@#6a1eg&=0K4l55%Hslgb^l} zGN3$;0k&t5^tvoSu_J)(2{=3z=^`PJtV4huk_fL$V%!tJ_5_NrEk)8Zzz#yLYzRE8 zoer==7SvCYB%+r$HSHN-2L{Z~bxpPbsG1_&21OTjrU&w0096000030|D2uej@w2OMPJ332e8F2NfX!xcG$K?@>3XI1NoD9 zk@04C-+m>sJYwH_q;Ba~lEGmWrK@UIT{fBbFTa2P{xg03`Ss)bzkdAZ&0ilLnuj+p z|N8pp%kkfSYkyAv@!_F;c=PSwFF$|$@%hJJe|-HpF~6VwF}z(ry!mg_fBp8`KmV7$ zzkK`t=kd?0x81|X_uo#z{_z^%`1hCNU;qBNdjIb4kMG}o3*yO%CMQNG+MGyEbUE?K zi9RPjJ2B+M&WUwSJUg+;iM)KI%t)Cp@Qn=TPyFtvAJN%les|F<=D)SuK9jR$z2G^4;$sl}ZRrk9m@tbr0hCJzPDNePqbvIfvvRD7mDYnygYU+ss7<;vEsbYO}|Wu4TS zs2pX(#5f*(ah3(7(N8?qK#3q-;fOJv<`I8+(#=}eIQoBNQUuR<)*`_^piC#7<_`gt zbt225?~21yQ}!GHY1ZhHJYX{IzX9@kf@Ev8A0kj*PueL2RMv?sh+?nM zlpP2_nzde$YM?}rRTFpvR!zXH<$K#fvaMd2=!7=f&IOdKWHw)=7159vQDGEK#}%$l zFi$sjb*g`W5+t)>h#1p}lG)X%!jXVvZ6kv313I>EuNQ{4)rmHsU)9uX&peThIm7>ys1q*Lwt_Q zb`XAL7aYAN^Bs`iw!$ayUY7NzDRy3ijT&}i4U`D7D;8M`T42Da+qR=*gEi_D zNvElZl$m=gTMBazqFD@od4**r#0^UMK<-MBJzzHsE1=X=coD={kx?@1)E)97qd@9M z#2J6}iz3VIhi=gi=c;7>L#R?-_h1y4!hdRjv30M^B#NUJ1Tf}7P#n89!THF7{tR)n z1oy!#eF&|Y=P^hBSn~uv@uU<6*rfs!uYM=y=U7U!qd$zMTu$*vP_2G9E z$Zp$GAZ;NcP}b{pY8VAn?Dg8ri3p);ZmNI#P`|i;HEo!9nquc-E^h5l%t(xUD+w4I zaDlO6qFmZS0ArRO#nBETn5>v&Avpw7E~ddk2_H@K(OBc+tnA9pe1XC`i%!H`#=vp7uT_YIhH+E&JfD&YLl^~E^nJAg-=&a<|AoY#N0%p_o3BQOPYdjsWC-xV0|9z2)Xt`TRck**_$ zV9FYi*-+Dp`>^dA!R7;PyT-NxN&tEHP+>M;GTo&|$*dKJv(|kA`v{bG4^p^?fXb~n zc?~tKxDVU9GC#GzSeI9362x(tz>To$66DfbO?1xk-98gz3*MY7D<)g;a_4{H;#Sv| zoQDeMZaOX>ghAO&rsGN)xj&&hs7Hz;=2`;A zHS%1(c^uA1y9dZ+l?2SK^ld91Fk4v_#tJ3@ z<063@pe-Kd(&Y{q7s+#Nb^k-e$wboaM8T9rBHy8AvGY0KHFD-rN7}B;Bw$=4kK=^| zx%3tVosVuNB1V1>`(TzDJ!*FsOj#rH9V)uJ&WCf?$eBm^EsYT8QM!Mi1dMA0`x>l{ z;C%G11>~|(37EFg+eiT|MQZGRUqG)aE$&$5k1~<`f9dF(2n1d!_l zflMb#X2k^lg$_$_Li(WJKA7yjtSWv8sH_ti4>c z+ap${5}dT&1cYRE6EJ_6Wi{DNz+lQt9yt%k+AKdA=(D$16PN)j9cjA?C;{Zv1a5#; z6D8B37Ls}UK!L1(n4x^xvj!sH=5YB5PO=_qo)YXTya!;KmEKgZff7Kj6m30_9VwX1 zE>IrGl>)0{rT1$iTc(ulNDio6Q)EC?JhIgJ1nwmTQ@UTEDxiM^*<2_Op;nLWTHTwt#k7kWkPk@jR#UNWOm$DDNHgai)OEN|6gu;T82T zs=HFOA3MLQ1Um-N&-9>2%k44U`Bnp(^YL zilfWs4j^0YFp!+lKA>Eu^KU1A&01zS+)yz-aoeMQ18hDp8GzBZCL{>tuUf0v=|Cr> ze(-;el4;8gj7_n@WGd($f$>6^T?;$}9-4T}1h z?~20K27Nwh90<}KfB<=kR&2JQWE*QyDmGhCAl){%4=7V~t1oT|sGul(wu?2I*&#P5 z3cD9{G8n+0uoqh)B!!#+az!iL5K6XDhmn$5jY6`m-b#r;xuWVY22@ZK(p^+EvrT_) zP}FS$uTk(Z^u=J~0FXW}lK^r>D_j#yrtUr^Gesep?!nzhpnTP}*UCzJ0?75O@K!LH-d3YzrY9t`Exi#auTWVJzR)RMluG@T z%GU%AV33$tu>Ha|jY6PSH})mUru%=~fU#R^n9P<_IBnek|BR7rhMyyy-|_Q>4!b1H zn*5cDTQt*g@`4MM2AI|!FsXqOKvqY@sJ%kTHtPG+N7F5c6lkmSML_wwC|}YcpzBvU zN_SCFvSBJ5v$eY(wzCQteJk=vjLrW5xuCSeLw3MXGMoP?nJ$dL*!&;N_4$84pn{(8 z(JtzFr=PQ~*gyh|&HunGU*tB={{Xq36@CsSv-zKrnVz0ZHyrFE&h_~}pn{(8(JtzF zr=PQSkHPDcdqZ2qTYCMYDc`9A_(pZ^0YD0+jVv%b^OnT{*$ z90I1b`5z&j{{eDE!Szs!j*@@b{7=bDQF3&2mqP@)KK}<)Q1k{zXMLxmGaXk_l*}64 zN(q5leLHRf$Q7+{bSRn4|CG!Wg=9AWN1*HTe?SFAZ*X+hcRD)LaV15`(b4@a5U92J zA0St>!qLHGI{#BLQQKb_LWmWQmGnjzEO3U7JHtdWmBt}CDfkc$O-Q*6j2 zXUK+3@S$wTB(uhb%o!>SnKM)V)Wy-#T|(hNNOgYApd<&OCGr;wlb1P??Q$l$`-r2 zZ&jT~6@S}a?Kfq0zOUOC+d95^8Tfa9;4feNZTsETYIyVV?>uWJ8^cNJph!vXsqs=! z&RM3Ywa9_}vq5Txo%&r>;857^X2Az)qh^CSNm1FU;S8jU;oGJR4>mr zpXpsHk>X}Ou0Fjw+h3f|B9Dy^K^9G{G@6vKoEoPjH6bd+vn@rqyODp1*36UK!*ZMl@e;ewqf75R+ zF57MW{cf}Vm-gcFU(f5fe{)?;zmefLqTtU`P2tDCRMppW{vW&v{^2nZeB`efzNX)} zzU+4O>Fj_1flkW^k6)O;3&oR*SwPAFcT7-xAoJS5U>c=p)vK3sL^ru3K9 z{%mu#r$6lu8YP!DC+-pznb6{e(B!#JWDR#&=0<-OwcIGhyi>YkYSs;`^P{72@aP&I zJ<_=NdU5bx(nBc|C5neWkqax1TTf|GjP3yVd@FMQG!lk5ZH1q9NrHC&z6=-kE4w zE+v1-<${%LP9X5&xQhMtl87Gkrb+0;8R4qr8gfxO3e0++74u0iW3QY80)H~sne`Uu zdep?wQeV9x)d5qzK`^86t(Ue6&)EG3%uup21WVa_AhtnvI3^hx&jJ%n1J3zkPRKh9 z?a8EP7PewwH_UNroklZJ+EQB)f-s1>jz)jU(ccf-72`SMg|t$*)rKhw4KgH|QgYKY z3G87x?0F;S$8eq2jGdAiG@%<2HW&kSt;6~EgBTU>tF8xOmu715JW<0PerIB$E;7(j zCJHE!<0-`Du)%M>^5J91jx>Yv)uH}fj}S&tsjGEB>|hT}be50bm^M5nf{$O}`(%H# z;gQ#!2+KrQX0$<+sJ(T8l1rIXNCApQanjMpP?DBT+T~-L!yP|{?LCL1X6;=N5k+FA zey@?7_yPL8MAbLNrI7S;*q{(!v+WqV<8>W6CpZlQShYf_leeI&#u%n_W!iM=8^iP? zBKY_fE>D(ikGb>f>+<{Arj!@F$r*nNC<60X)D%?KWTSArBxfvpptsFonjb?0d2gy0 z;8fm^U{_Ux-}R#))(feIUb)fV^tNxNEgloWM|*m9_2}y!99!UCvm699S>xCmmdIJ) zFptGXoq<^F0je_BvHTcP%v;^zcv?t8gKFzX92>Je>R)ox^}HLu2-$CUY>$74;9HR5 z$K3h#bq|iM;lVUf1Ohoms!xy{EE<+JE_2Bt2(w&llIjj5pNJKwdMgj#x9x|#9xgYl z^?r9i+oComcttrVpg2#Kf&?$Nup@+y4cDqHM?F`H;>o=DpE_&rx2qr9eWmoL5A@f~ zx*kLwbg@>0rdi{_+OkQ69|?c5LJ2KG$y(oY2EX`gb3B?1lv4+Ps|YRj`4%UXvM&BBRYf2EON{x~hcp#%kB!f9@hWC>;1Xk|V{G0*!1YaEP+e zETR1fy)3=eT*rzhGsu7CJNQL=|NB+D9k%W2d`Ew%pa0xmogWBrpjR;_BW4D7Q!&md zz$qZ%3oo%qI8w_`Uf&7)$sF>Z2Oj?TS4tI@=Eb3#oS|exB7@dVsxZXsQL9By2DsuP zn`MQi=Q3P8nLPb^ydT>2&~5&9(8*;3i^EIkSJ?H}Msj0Omb!mL1EtYu7?aDLd@jJn zF|~jT3$pXCe4%_9@?VOp0vv>NaIuz zW;yITz5L0rIr9y|)v(&r7tr}5#z<+sTZEkgkYrPvR?6WKdmE{VoDmD!1?H7xc{wN4 zylqd8(z8t@({q0=2327e^pIk<#Y}`jLDp6be(3wbsspniTBU=Fn4>ifVh;soQo>+F zyGDxWofUey^u(QU&M}VCH63~P>0KG#R zN*grD2D&en3_7*!F3yS6WGfwK)jcxYMuKcaND9O24|t{X%xyyI*+fhW`G zRvgPGBjIwRxXI=3*H^nb{8!y=u3(Ms;%2x1&&&PlV)ZkInVa?fC+=O7iZx(T3f_cb z7+HDXBngK$ttTXXpf~e*>yXE|NzAkswmTy~Ibm?UAQ^@1Y3wZQ7U@K*4n}7V2?6RF zC>Zc3l|z33iOML)WPI{TVdT23Zzpr~>ytk*7KZqtIe5U4M~R^ei2`n|EG8U5AY2h) z`EVX!2Q611pM#$~#z1*alsueT>3*dU;0k$+32l5yL0SwP` zF&gqMLw;7!y$)25IPaiDK>)Qs7zCSO1Lv40p%;H*49gfY1l}}Z?rsAfx5Ygy4}#~A zBA<+eM{}f%7GgMbn91Pa3jGg7ATSNnD#V6y>+G`f=XW~ai6mq=pH?E)pXfu~{KRjLW(r$z@MV6)OODf<8-&J$XlNG{$6{B}UB3(waj#hvije#r^lPQwIo zNMG^^KMlmasoSGF=NW3Wr5MN+-3BgGdPie^a86> zBhv&=0e8^hG=Qrp1xScN)K*G;V3vOfr;3tFBliLNid%RM*F#2~ymSp~oL+A2dhYQ| z+UFEy(5u$M`hXai7QvL^JwjaNPOeT$4>z*B&OB-sin1)u<~ z#X&DJIwe@)5Jh3yrb-ydMEHLcS}Wef?4(K$WYHWBrUN;}9f*$MY1)CX>wsuHhVN~w zTN+s>dbk2cii0fjxqw2zZ7ZO_Q~yF0Ma*-ZgPs-%zMNm~MP^RY^obDp%l>Tm{vE}$ z+W+wV`7*qm^H#02! zfMzTgubG3`ga`j$5TM~V8|++Ak_F`=CWBOZbR%hCm75Zbd*BS_Af`_Q!_R>LOoMd7 z!Vg9*&6j0t05Zn-+UkFRNwLS+aghp{I~&3$g5l>tK*=z1uu6scoyc4Q7zASj83zUt zgpBF|U2E=u*ok2HSrE|Z2u8{%2CSkhi+zfaaU@tNRQOB+cH_gcxo+<4`<@7fp929Z zz&&sfWioRR2@YxvMUX*-1cn0w*8KyEZe~uXr<6M3M<{*`0*Zft%hW)96c3x6@y;R}&;$Z;ao3zu#QGnZ84p>NflR z=Hi!EXSE&bc6x<_8#fzR)Hg5iF_YKZul;m!~^~3sti5vS%T5H4Sd{Pd^QRFn?$)(>hg9ex>l;796zQL#An!<&Eg zWyWEu;)U{jnJV!iifZo}sbvt|i!Q80!LS&hvmQ$aU4V|4|ES_{(Ke7rtOc3 zPWa}wg(B-aIyQ@`M93fz>9rDPqqoN*Q7Py)PhN^-$?gMD|Z$9={;>am2QglAdfbr@!i{hJPDcuHH zAPS9V=TUm{*-z4>#@q4vi9=`5N4tmu-@PvwxAS{aXZqG;7tiGvne%!lRB277^_tEH zl|-x9RnEwl^ST@|yXmViN^o#7F?1K8$neW5R``TzSv%+DwV#M3pN_aCJQjbQgjrY- zkwio@A(uqWM(@FqB&#&%vz{4CYIo5GBgjjFl(og85s$R zV3^@tqG=O+VxFS&u;fBQKG&W*-3_YddntC#fFh6<&EqlF?aqW7uwsGp} z<`TCmW9IrA*hF??MXaD}6KsD$bCH?r)6E1I=mN!2kO+UV3>4{8IzfKFV&z5)eCjca z6G#J8rt%t&nD1WPcIkqu|NSQ!fdp1S-pHLrvMaw}+38|Ou!zYZiTFa(M)bzk&Z3D% zuav7G&1AAT*N*rlS_v1zw@$Z+w)mjX&|AwxM=!Uum5)(C)u`!aMD z=#=0^P!c{CXyIW^6o)I%PhSfDUrBwu6eB+&!SEVocQ|=tC9AFMeOOT#xzsBd>11{P z@vL^~TYpQ6`__+B(!LAnf-GRybFA=!M1a0cmdf>KK4c=%c32adE%Q8%R!dU#)7&l+ zD>4-!`1=IdP^#61iagoKVohGn&! z$I?@p`T`f0K7=vAb|7sp>E|L;kSj6}Ff;coZt8QYLh?-MW0HSAaxWl{`RTC86n+6d zCPijmBIx&UMR&wF6vwAyts(BBRp5y!*7zcB7fFI&L(eH_T5@k)l{DL(k7tv~(@Re~ z-)wyXXq>veC;x8f!f_*SiEfy^OO*R?#>nK$unEUHNeUN!K`RzYz|!5)TyOSUv@s~T z44Ko&+DqS@d@p~+Hp*HCCWX|p$aX4Ql?$F!R;nw=z&v%FGA7ww?#TG-@QI?hUA7y$4E-CxaBDv0P&oaghcT?O{Ts+O5 z(I}dT3;j9W)d`1-am^N*pJ>&P*_r$ma*luyG39L(th9f($Sw=LFLI+m$P~W+jkebh zym&{vB_AMy=w$t`SLlCXD5%BTEn__V-25Dt`H;Zm_WK5&XbOCag|~jAc)o1l4F3} zX>JK&s;+;64)@^LL9@4d3)lcu{|&_PG5cs%`FL4QlPz!irhPtUgWE8B?2$j8*2HwA zLTyc5C~(F<5XvoAQ-pG2e6h}oazuy)DRL-3cac2@`^k_3TV-~{GpDdlRBWKe@ssmk z9KG0hIrKcR-Zq}wbQ%kK!QFw*fdisd+O@oeOCW#FwWfm$W@4*%An~RByeeFGcZOHc7sjwTG~F<=}I)z$N7XH1}{5L?99_P zG_W9PVeO_+(W@mnV6`}c;w(*%Ie;a2Xp-F%3AgVKL4q3r^t#VLpG4ep7)TF+g4L*S zohyGQq~j6MnU|9jM1Epz2QXL~-yn@5Ti=<5I*37_yA0ex`fE)+nK*XsHEmwx8>Y;b z>g2nS(}KaLI6e{WS3tmZ2Z{6xXm0Q?q7*!Mpa|mfbONINu|mL30f)vQCX-Vj%*-*4 zLLe&zij)b-N$AG+46U-OA4^05HJtPE&GCP_D744t3~W_H_BORNBJgi`adC1!a&QC( zJ9aFwrtd@v3zlUH%_l5s1`IUUc%FtTp!+k#4y?7*bjDi)Q}R{su6gJwHDqiQ>+)41BC)9|tqi@T zgKhwmrR8_(KctH&B7MEmYY7aU^k>reI0xjetClIhADjRb93nnv+?}CA7(f$CL?Q5^ zpDr&iCct^F5=GnOf8t;X$Uu=Acng0w#i-RO_^8Mju$;s&0nG61pMd}KAOJxJ5J{QJ zl19**$b=z~_w>Ap6S9;85Gus@4wiHlzUKum6||2q_Q z!-ZhY(&)uZG`)=p{)u2vD_L9TpOs`-=L}4UWB?aA9H-@m= z0RJspe~=6ogl3T-vq&-Tf1PT48=zMnD{s2Z<~gPcJxpwX^wu6`o>lS_~o-5uQh94~1GxF1T4VZYhg?Qm^^XDkS1FWi^c z6wAQnAS{9~hYAa7GQ1AQ>`%=|`G zgADyI2Ka!52gfK_peR^T1_N5J8Zc=0Hv_qi?!=|^V-ekjCVJ67!h4UqKrgV5H^ zK*?elOOffSFan)$_&a|DvCvC_nu7+Msz?5)Zcj#$c;Ja5o+fQ2>Tfnl#cH~ek_w=E zO19>BJQ4dl-JLz~le|+-5aM2WI>CVKXN+*uXh{?BXC|ujIu#dyORxw5;fXE^aqaj?m zlv6*T3>>rslnZ|u5*YKx=?iGUr&bwT2Pzvb_C`)@3oIce71tnF12|_fo^gK)H`#y) z9&6MKDJMCExCzoI)ysfMQr9MskoG`O3vc*=7m;9m=g11-xe{v?Zo@AlcyaHs*$G3H zqc_PYa#uB1?b}e>CRSz~J6*m{lF{@VM1C5wFsMEt44rKT2AoyYv`GY4Le?Vaa_me7 znf_f{@=xG>4fHc)o%|8}Ib_`;)E=Jx3Xp`VIx~NTA>OTkhsTImnu~!;TKmoiti%aQ zlds`0WlpYESgD^e){+$SGC-<9D`k^M^Qx~e)t_;S)fD`3*rvg-ayeT0VT#rfw-Nk7 zn0D`(PC3O0$QzfR=rOMKi#0#U4zdIA? zz0rU4v$;>4cVp^55g|`X6f#G&#AuN)Yse`fDX(+1d6@zg`$jIcJk-jH+H*D(c5;3{ zTV`34`7Iv4KyKr~g8hc_iH7rW?quU3NzVb>v#+sesHb=zo{x|1`9Mh*ogdeE*%{z? zDzSEp{A^7X>H?9?Pl*(*HCvR6WcMY9cL;yAnde%oR2TTOx)&d*PN31%FKIGeDbB~z zn0&(7f39`M;&d}Nzo12RG$w_z%TOp3$mfp1Iq$x!+F;y;-FWm$xWexTDO<^H0OKFB&p4jNz3Yc&E?3 zE{wWuh`~lIWWSEd(rCo7g?ZTTySqQEbA=ip?ih}fnLFiRNX6F4Q_cPJP zQESLyiLVtCk!{hBYb2lAo{}4soTs{sLEm8W9W6_~3p(5Y3)QQmXbb!sv{nROLnS&1 z^~bZTu(X~X%QM65CUy}3U!P;G_p_EOYK^o@XvNSmnyLtm`JQ`|xSi8@pX{hoQNx0YPWgpg@WmNIlVqc+Wt8N(NUY5jN2mE# zcf={M9xj~Vlu&&esP~e3UDHOzC^H^H5DZ;=EvZ$i)DTC77330^Y0z?wHQh3L+tIq@ zNOS7lAY<%WkSXUjQ7S|%u(E$CGE^v)tyyuBuCw_fy+A)@@)rG+*|SzM*5LBUl3Q1F zm#qNSGOWhgqQo?5v3c8gg1Xm14UcHg%+Rx%SNGo+I?eJwKV(&DEzPjm3IYW);g*fG z)o1Ben`|M0(*6P~wzQO#Hf}}WN1n#QTm3M)$P&trkef#{e*LwXxHW%gx$x_)WpcZN zJu{AKC&|lG))3?p*n*lITA5< z|L3~ZumTo}ev#*+{Se&e%H0xghPr|Tuq5{azZA!@;?@D!u?s{>=`~8<=P0`-4DNV* zMve=0&Y*h(W|W=Y;pibQPHt9PAONkjdnEgA$?o~#@1{72_FR7upy4LmH#0h~;s01! z&xWBJcTfx_XmRz5&C;9g30c+|xwy8R!p1zPKp`k-Id3I|-W)z}fmr4Uo(W^u(93du z<11FpaJVg(d#Vu8V&@Dku*R*l-}<>U!L+qq9_es^Qt2VP0dcpF_1A zuL!fQUuh=YG`Aj`cj`y&M$l|~5DYrtL&Cm0mDkzJ-NUck)NkBQIYTPsn-$W?JTidX zCPHk>3zlO^o-@%LGa7nl^D&xO{7}oR#S(3en2$PTNndJ>Q;cq~m%j~E%r^UU6fE1+ zC)uJ|kYRuBhiJeR9%adR=*IA%r+g-c&95_x+5EP&^{2YJ6|pZ}+{)+HQzRa~wkD?w~5r1$~_fDM4sBtlPVUKOtMVl>hS zWpp~70*}h9;34%#3h%kvnIlU}wlQn)c=0!p&_aKeC-rl~027h0h<<8qJWPTIDX6PI zj3*R2ZBcu}Z_idi*wnb2_OUZ)`+B1&Or(Sp?3~_>7a{*gfH_48I23aCAOe$!=DQIj zi(DsQUQ+EdjQ@k(H%%S7ew&(g4N0;4V8!2><4SFF8ZDo$lvu)q3&qTZj2 z+VX$tGSmSat2u4OG$IF)1cZ!gWfV=tIBZi{(61T$(Y#hELudhiiNv|YYzqiJEQ2ua zd%ezVIvC8H&dfb>`Ui&tXF5}RPH(T%?RtlM?xDB8MKGm8VBJ*Zk#}vARGD7oEPiXm z_U%)$x>FNc+fXTvQV*fJoE zC)Wv3lz}afvGy^4t!)}&4lGlbEmb*^0On(HSQ0nQc5Ht!U9WHaawJPf!^?}8g8%p1 z$v=)yuSO@oosQ41{_)$z)tl4t@oyI&PCkxLK4rhTIv>9spNxK+yg$9V9KSyoDs_K% z^xgU)uek#d5r;dAY^3E5ynKw910J@EL=X?RbRZ*+OT#U9OLTK8UuU(Y)q6=}N*r&>ga_S97^@XEBRo?Ww{C$rp&Nh3*hwK#{< zDIvC84o3kwm$ntjK~k7B27~9G5x8nP2IzB4LGtIKL0(8I;J^hAJW&WTvL?V`?Y%#Hn0i z&?OC=q?Rk1`&RT@$(pIw=HASVNHFS6On$z4nWxA9LoSwoqkoMly~e%tT6)QUc>WHp zdtDkZ7ztJvx&Tm4DgSU;*^Yl11+`w$o9Z70yyX^aZ5G0@+-oc2z#yDcJO*ks2d6yT zl_oOT&j8eQF6&fmd;XZk2rv&fxU&fzha|D2A;`k67dfx3lmBdhE5h>Vnw6IhO`i@L}a$zkEQN4$_FU)^XLGHn3^VD3H z@`&S912y6n9i-I!P#Q@)q-6GU_#m};!W-sUP9{&cS|*qI4(skvDXDEX_0{6}^-FG$ z)JH774VMe=kYw=z8Rgrzcq3U<~&HjMuZc>D)F3alo${{lz;P)0IrAyodSERf5L%M+>4PqLCwj6hO}c-ku`;^sn5Ua{`>2#y z#aS~s7q+?lM+VCEZm2(CPy=IY@_s~HG0iU4*2H!x2Wlg zlm}X(QQ5|~53ZuQn=H#1omV7+Z`gqGJ*ZeH~iHywArl~-dfSH+`JG?pr!7%gfibrwV)xG|io)Q2GPj&XZ z-eAv}O2t@e#~BO`JI>+YU^Y0K^^a8dzyhFn0{0i2IqHAP-odQ1@2DvOyHnsMM|)kM zyZuAyb(QS(_WR#uGv&g1N4R}?*ct5gouh-P0^Ypmf<{L(r#tN)_Pf|&$8*2Uwl=xk zpx1t{-ygW(R%dWDb^5dYt}~eR2F~DU@94lgoOM05XOFTyE+k{N^?|?lq;q)CodN7q zhtA*t6WV`(^-YiV)wFY@Y-H%`f;sGCwm+R69Q9qtb>$)U(d#)#6ZD*(?Dl$HBnA2d zyS#vI^k#g%{I@3>!a%&WJMDCOM~9x{_Bs&SBe(BJxi6hrXWDi5r|v4}7P< z99uVkj%QtOS%^%x)9pJQq+I$n@TWWv$wQq(Hllx-06Prd!$kjVymH+y9tjNt-K4AF#Zm&lpoT0K;}>v`+w8(@zN)t@L|jc%!%K~Lbce>u&9=jH-JMfePq zoec1YW^{`T_KQE)q9?T}{@YlM^`paM!vE1@3nHki;n~$f`@6O(xnKS2{{rdU)<>KHi z_CwRPM>BrNW(U}&E;sG<(d_lBm*8dx!x-8e7F~-+vs)Zy&!7GA4_|+ei!joUhMRw8 zH5|}U+Tmz+Gmfi2&*wwB!DSc@yA`(dP3ih&80l?)Jzs_NCS2oOFlOfc_AzG9es;`* zvwSq`&oY;@gIBjJTKd-y-j&iMJnhnYiS78n8uJ@EQom^0H+0a@U*mXx*nv*^-Me>( z;X}xDF~;Tt_J=Kw^YCHSEt+)u)5m}FU`kX{JJ7KxP$650!3hv4i=uc!jsEavTrNH> zao%M*`xoy=?Ax%I&3_?Iy3kd{$%Bq6rvNOP0xA^^p4kN2NN!@{vB-QE=ktt1I!fJg z6?*)~(6xUG%hg{NSjMBxmJMIYkaUDu}SXs z8ZNPaOQquP7#8Ergdhd4H%PR$Bo-wUi=GmfN)@H6gcPlom>nvEQ}$I=R-l*()}dhF zH`SObuLmz=f)cGXSvnEaeSv>^T!Jd`JGg((GBvnnyq&O*%GMj77eSiBG+?CNR51qd zT+sciY{&wGlv+&)Sre-H-}lysYpxe67L)<35!7ZGT5u+3(8)!wF*1*4O33>EZkMaL zueZACDYmz8xsHS*;or@8)2&DNcDSC>ZR*`iUSue_c*ty%u}Nld$`*fcJ_o}kS{B?C zG+YHr+S*J?#T=dBkaM6kRZM}mQh+grDUD2k|Qg z#ZZtrM+_Rld?C4@wrU)Nh!M0BA_dHx$tmzbS3w#+T#-(3wdj9t;rR7AoZMh~^Lmx3 z)lBIxx(dqhw;gLL;~*SLG@Q5=;#-IU7Fknm%2k|cI22kK$7hCwWLIOj*~T`Qv89qO zLdY_P>x#0JeHlw3Ya@kgUycyNWg`1JW8b%IWnUs&C~e5T*PYvkdODx}=bZPv&v~A6 z&i^?d&iS37pkwNEMlC)cCuG+XTe;Q`uzCrrl#;!M)y0c&Bbmk>&;33LyX$MA6OmrX z^+mzQeP{6&UV1u${j|2v6c*xMtG*jDH9*G)8_`}>e~DZ)Se0cXNMZc-r_B53Kjkj@ z%Gz3Yd0lvS=UJYT;bdOQ#clE4M3*43!0eu|t-2KA$x&5%%ZTV%{igw__lDJ-L>+c_ z>)i*v{01jfW)Ysc3%6`Skj)~!Ry?dQBVOr$zTCS$Ss=bqSOiBBW_v(iv;I>L6kYqR z3ifn~mfp}m<&$c@5rTP<_O#C>u?lm^3z|+Bxr7$8gKc9t2o8dV-AWJdH3j|ChEi2S z_Zh(%%*#s}a^sxu>G~vxTSzcp-(gD3y*w4K!eIKsz{ciMy}!6Ufp?wRzKo@-10CmjKP=K1ti+FBa{;wDFd#KTSR6?ZxlZ|b)m^NI9qyJKdRrMdB}fk1~dG)Ek6-?_#k zwGUJ}Q#LHx2>vrACtuDj4i@(eD-b=~_hy`2l3s;fe)B02mv_ft-%;Hsb;g*>x+f|M z)JAgLBzshI_tD!7DSy@#fa`U{q%0-pr$oNt=w{_|w&c?uk5yD6KJaHSGWIc+2{@8m zPY+AFwaznfz*%b2d2pC9Jfm5T})2&qTCd!nq*-cXCWG811iSejvMbU^`qnkZWSpVKx(}54Z9DZ9! z37+tlr2R!Xc&yDQ=QK<@@}wp|R#Uka8y)x~JGZu*k*&c(!A{mOhfdclz3Glv$9(a6DU*Kftqb z?l()D8PrD7%0~Z-5Pv?3G+Ljpp>8d5+1@dvJ>u}QXy|8+ zw1YQedj%{jgGW;orSFqQp9UV#0w^;lxirj{6@;}g1HqIlWR?v1Q-Cg2itL_01|>(P zU4jAMW@a#)euZqAk_!cD`BG%L)EiK;Mxi8>Aq5`4ln#YJ&}6?N43t1Te>0@xL{(O< z7d(!M$9qIfVaQ1*xMOsE4qL?`Y8pAC{^!Q}dU#*GnvwkgoaEu%*->Ogb=;}fD-nTn z)60A}&S;w!JK1}5Dn@-N@jJ9*un0c2Cv`FQA=3*I!? zxdUg8v`ekY*X*k9J`&-^S2}G+jfmaHwg18=;|<%@KkjCoqnCFtDp%Esk9<16Y}Pi| zVZuYVM5>S(-KUJ;R)woW*@y)!L%JdOH~mxl{6Zhk9xb;gZC3*UD6Xb~euaS-~v?hvP9tK5oG6x<)~hgEUg=kP8*rAT{&s~dme$MSJ9HLgzcN=+q;7O$kM%QA$l2)Ip7?LxcD2vD=m!YWOx0yBg)fLrF_*+pbT6DU}#l7EqEc5CIIfQm6joS<$-WP1Y=K-2zjUV{@Wh@JHhXi8)$MtQedxpcEt50H zOzb*BE5Uz|(7MeIOw5JHvD;&u{x0);qNLO5@Oeu_;F|h^)q2(4@oCGIX&s?c?xWid zEBG0$5u5`>W0m6D7A8_zJ>34;a9Q<%WX_|g+18pZnHClb)+D~$-pp0`ZLM-$4JJpN z-~WkE+6T)Ii(jvFe)8kS3;G2BxP5Z0*tZ|#jcXN~^b9|FJ>Y7+KC}qL*GuvKqH#bV za4PBGS7BoYnVMWwJ_iP>3HTZ`U_zSI1_TIdK*739Kv9D-EZYJISe^kijVS1CfNtdH z`TwyKHv$4-$3q~Tzfw_^GjMDa<^6T_hCqaV>#rgJ{U#ouAH)cT8d0!wVLz(yCV5y> zG*x1uejuYs2j&HUN;49$G-IFvK)G3w>Ou(Eqh#=;Sr~Lv<;Fa{zCPGHfLW zn75#)c7%Xk$pz0^gh5?1f`%y{0xCf#`9k2)D#ZKq zU{C{Ce+!_LfU;I4SYTC0lG~GcCHFw+RlLZHhGwE%?~-#hM<$I`+wknkWvM+ delta 18980 zcmYg%V{{;0(`~GYZQHh;Ol*5%+a24sZ5tEYP9}CT@g$k}o9DfM?yp|!tgfn4wQEBr;%Up|;oxjz;^1Jz=xJwLqhaT;#fkhW zX!Iq52KFbJRQU$;0KJK#a3E>WvB!)69wJ73Oq^Vq?0j8h{;RLpj7Omt(|~t~as*4j z_xifCcuvs1O2vm%Pe}vG&DHuGx6(yp{?)kRi)AWCX)R8;JyVRydFu&OvLn=YG83d8DoYA&6Y$Fbn~|~(Rw^RS|JzXI{xb(H~HGp zQDhbNwU*OYZp}ME+810{O}?ZUajga&3inN}^l_cYT3~Z#xaC5G&#hHaP$MrZZvG#ce|0PLczEb)kS6&#XtxLZj9lMStpqj$f*%u zd7|?kQpk}90geN)^Dk(D1HH~62rO6j?o)?tP+PBM8++1Ds5z_&ioYMYLL%tIt3Mm$ z7r!~O0nXPKIZ|iW6fV$hMBa6Y6iy}`6V%L5!6Me=GPvc&{F3ACeL*b0;+?}ZojVa4 zf(S1d#UG5$;T&Eu%p~Y^dKNt!+la&-ciBHSHGeeF{@_Zf8L38JR@(Zt*kyECc&#NE zlmlFkK{XYy*KMun>Wr6evN{r5bag6*2+{|#0{6kf6sYYOt%aYcyus7)+rtgY_}JIj z+N0EnLat2Rj|J{4XSlZ$I<~SG>ye~?dZ?~q*mHU(YKIMLtCt> zHrkfSmpwMZ%HkJ^z?53404>A-ZXe>?9`Hs0gmr(I+Y@K~w}HEk*W(kqnTU-_#WLh2 z@Fb~=cfPcTB&IeMc-IZMNAlZ$2Ed@S6hjM$TDPEKJYirkXM7qpD$8T$@TsX zmY3~$*5`S@;13z%P0;)ZZm$ifEJ& zX$jF(l)Y|6_oGm?jg>?nrlpN-GCTL* zCx5L|hR1H=%a{I6(SI}x4ZdrJyMt=l(Wy44PrL|$B#SVhH+Oye0S2epdRt^e1OhT$ zpKQp01F-y8A#zgm9X6TK!)~aqgv9%(BGITwB3i5qx2vv-be^5;@S$rcoy@aUIIsF| z)=7Sbu!~UaWej`Gdim`npFi5D`Y`EPk!*n(3yBjtWYSA?)6cipKNqvyw-nmR*lgT` z*>y^;Y2NJ0bEybiVw{eGi&lSYVJ*vs2sEbyc9gEB;@Ta{ld1}#KC6Bd@QqlV6Ix#o z!ws=pR#+-4W>mOfH&sC#x=gGhILIR@_mn|htkEr;2d*}_I3lReUD^+uErFVlSR1z? zM)icr6QZ-YZpTJ0ZU_N|{8dOcbVflqU>JlGw!9(ymNq z$4ZrZEC+pc#!iMc(XZ`aVy`NKCCnzTWWxlv4%hsE#Z&)s&I5 zyX^Z+4@j`})esy^7l!N0Bfb$$)McVUlTXKrmZxle|~Ojtl%~zBC%!Aa@{&q>o>JCalzb zO $2RyQcssZ`Ix%d?f;T91pGh#e%2Fxc|EL!ho9`vO!fDD0x!<*4*eYEUw8Y3 zex46kyG%mB``yc!A>jML!_uGsY3kYS@A_Vs$z4tz5C0WVJR!_8>f zIqQ6lGm%4b{DM7z*T+cK*jUaBSpT?V-+_k|h2b&3b^3(YqTM>W8y^AZ`MWo!Goqpb zJL#2{Bq}lK7nQL1*Id9j(N9F=mv5d>;-3&tY>NydiT!~?G4M;f-a<85&3&1SW7uWi zyZyQumY2>OF1xrFY>#B6Opa90n5$yQYBex^BpKR5$Hm%O4!;DFp2qY(3xrkaAec|=4lr#y;W>% z{mbXNJgH0x7Tipb+Fl4Hd)DeT^-E4`7_LPGN1~EO-r7RRY-L8o)g$>W7}&XS?@xTv zrKqCV+B44pTM`X7j7vu56x`xQ-j_WaWPEPun$eq9k4tV`cU=Km?Jp%s;iIr5e3lR5 zsJi$7%Pr7|CxU>p3vRM0KF#W5F0zpkC-6brHHUZrTXSu6$#~7psc3=1sKyADxr>w6 zBvc~v2x|+pI22O4Je7lOEdT4*eQT2*zIhq-Y$E{KP_>a_pUj8G1(1LiJ(Ed!zwmt= zMaY0Fi|^%<#nS$J?taA3uQeOA@J&lAr=NHNz2zAB|F#BCEYC#upao75AV&ySl8j2Z z^aG)wwc@W_;40@;p8qBi(o|}#{`pVz#7W*tHf5g4ut+EV*8}=*(#4wmtHP1Q`uhZNc&GxkJ_1OnZDeN zGDXZl34J^ytFWfPwN-Gq^aHg@Ki|Q*Q>mQA<0as5Su!PEfT(c=*}*c6EA^jbq8SiLO~u(wUv@O{L7w#91S^>6%*RqQ44KkdErm zH^85MHh{^>hhmAuVBk|4FNV*<@k6NEj&Dszz=YE3^qzP4K3=Gk z8EtA@mi>ckVK z0xxRf)NyS*vrQeZs5Ssq*g%d0kC-}hLaiAZ3~b{eiu(@Vi<)|_Qa_|zWJwkz3%O-h;H{xcBPtu$LxdN$TJ zO>U$|8E?A8aNIdri`~sOBc~x(wlJN-F$o`m*9A>9s841w?PUi{$$^b>fT;?% zb15-C>IdFk54dDr;X0+^p7T1xl+~bQB5>4pAZ^v5*b2_K+1Sz*KqPn|VVHwcF6n!x zOzSvt+iX)c#0z^p6Nmc1RQ!rcUQ=3%dTXeqdr;Z@;yU3Pe{JkAlc4Y4DjCJfv3k^~(nM|MfbQb%E=M>cnyJ+|-L;uD~!A@h@-@K7Gen-t6_mDF8$MV8Yh zyC=+w>aEUI+-*AmZBA7;{;!%bqIQ689w;;FUk5lP@~>$;3yJ5*k#8%Y%W0F}6If&N zgAf zIHkz^?2v4z2L>)+W~GS87GBQ6m`upm1T*Bwu6_p7*odczNkH$stY6{sJWxLhisndF zwnD_%K=7f+k#Q4MlQl59Dg-@P;rT6N&8w7*=1oBTsaia!H2Lhp$wcJ1$sX8a08$kR zut9nEVmOq*#@(tK2$(Z5lA-S*=WzURT!1wrl*!eKOo_9B{p%GORp2fw(N7UDwXC!Q>Eu#Jp-cA+5@i%^1 zbAYP??gmt$LR-6>3wqLCsm+F;6eIOw!l%Ns)|R)9c@1o79ii$Ur!$p)W+-LIr3(hs zlrSf_qk**yFO+h%M{kSm7Tk#|MHv zp9;JGGN@(#C1-bi>Ku9eU+OctV$6b5sv;o~ZxP4@y50;67W_h3(>DOcAYyp*$U<6j zqA2`{+~AQ*qE!7a=u_n;OaGX%8knU0^0U;fZFZn6Tp_n-T*Kh>`q!WNp^_ayn(s9v z!5f)FNmN=;RXk=p>8z#n>X!)d4FPq6bl*Q>-4xX4K&ok6%+?|a#9Y*&3%~NtNhhMq zW+f}d7Mp3PqK{i!hq0ErY95d@rKWZ*g`XLhd6a@&JmNq}ENb?k3HxVP zHIOoA3L-*`+e9(S=R->t{747Z&ax5zbv@Zc9OeDrkIXUMDn>{(u1i?r))=xNohlgS z5V>vk2|J)i2#|VT1(IG6lX!4$li;-f@&skfsp1}?jIhjG6Ru#Ok6s;=Li$uzJp;vc zGx(Yo?4Olc9U%_nz_?=%|I8)Z;(#bwgiIVKwTp{%J4&4$!llSBSb+HLRueLrHbW6( z`V`JwbAVry`3>&m9~p69;lx7~*?;?ho* zaN3{yuIib&kIcFZsKvxTKk=S`Uj9DmDw8d1bE?;A$&el@!G<}J?e#)Zbd#bVl0+^R$suCo}agOP1p zxROYj{u4sC)W?5t|!1i_kCE(}lAz-Wu3>iVfCHPO$Aedo}%fZJ0 z^{7eb&sH8O(-5J;n@2ZfN_7>uL7*7urH1#5QP~^#T+|n)eRLOc)q-c-$R*wEp!cYu z!mrr*Np>|7pwL6;p=MpJPDC55678=}xdCudqFvD(SsNr=)NtKcM@{)qw^Y9mO<`n6 zr~>pB;J8A7B)etf60q;tV@KZr?9{WrB+{K^9AlI{xX4Z35ep&7_Ev|osCzkh)w z^hG9tI1AAAV91rluTW>6!%o<4xj{_QsjUVxxyq&kB|6ppDlar+=iD!gp^W7}TiUG9 zN%R$Hvi;*Buzgk_lFyxG6Z%SSV-j7%kj~x-%9vc&C9K8`E7xbc-GPw{n2c2eu>Z)c zAvIjlD>}h>@wQZYjwue;vhqS&;H$sv#|^4)h(+_yp^31{jIT9}E#ZI#Ce8Ta^>?I% zZ-CAnCmcodOMcS%AWY26*MMIB7dY)1Y`VMh9N$My>lRg8DGGM>SD?1PtwY`y=s#E9 z@ny{)geceq1TyWp*QIhU9{^!Uf&E3s3$OD0X7~7kM{*+3Qvhap^FISR#%D^b*6RFHod36zjd#TfIb~;8*K{$6 zF2OHoHKjjLQWk#qaDR#mIi8iCv3n#ZY8Gl!mSB$n+*=J4bY;$*{Ysfe2PmYZ@)aZs{^x{*gQM%}(HZ*b z*Lg)!-qGn99S?Fv>kAR_TJzxCfEn+XD(h16JH8(U6_|eh*LezK8^77gGJNK>#$RVy z^H{y7j=Fz`Ax6yK@{J_PIV506gyTkTNwX`bIBg3sq~!>#%{jgRWnFLP~W z6m~LEFPRdfI0!2437%;5)Ps$sFMi+!*s7lsG+4cQvHtk5zkitV={uRrx9i8{CgOEQeO5|X#ZTDfAKWZb#2Hgq;Ef~xjnYx-D=43 zwu0pL{PN|Qd2#%5Lgtk$OYYQ6s6k|qbHy}El{mK7gC&8Y6GWPXCmEC)1VK~^m~EsC zUTu#HNmNrUkls@i{Rp-U^LH#M&n0U@6KGt7AMWZ~kW&-G^FbCeSx&)2^*j-`&W~gu zLD95Kn#HE2$dBEXKfsEQ1)PWVtV?Su#5GJ&*i}nb>?mUA^|vx-+gv+{*qgasS{AOB9_qy2R%}wtNz5Y2&?dZ z)j29_%3pQ$-Ph{vogKDqkMZ3zuWK_S#}2cX4S<`zd_U@^X3t)JXVxH457br7J-;jV zzB%fKwh@RJdlH7I=e)h> zimCtF!L9mm!tjRWn~e7*W8Va<`6OH_-qS@t~%)uMn<<|*`4FN!&NxlNF6 z-_KMX^6^*!lb_htd}{_~R`Pti`9NeTb`QbGv!$J7o5ETUElw-_YiV!)g|>@w-GTt1KR-S<+e4@PnzPsDp3ey z!H;Z(MwXT-oU^hpuP2N807-Y2BD^Hn?)W9~<7UmW9k5Fow zJ7w_HVQ4ey#nK~WQ81qjBp%8zPL5XgNX5Zbw*exs*voOWOo;TS~rby@i z;mMRHRRArZIZKitv%z9dHh|uUWl7`;PX%2jD{=5;q3{)LAC=SEmYGED;VSeW!32ICh8dcB}(5aK=n}g)DnZ7||t9WM6 zWevL3CI$muUsBsD^_$o)r9BM6Fyl&qJm@)Jd(Fi5CUB0x>tvjj$~Hc|BBwErJUhWo z&JEs@Ze^(G9otAGOemW0+XoQ(-`sbqUEGh?yU zBHyfPS)khLz+h2wLlQ=goW%{ETG(2qqF&`n*U#MTEevrZ)SNTYbVZW?{@VH5zfIlO@}{sk zux+%3l^lW;x!0@RMCoxmns@pCA>yA4|WmZD`^Oz`E=1*wjKxnArjPk4!V zWeiCBjR5l9Dm&9?{!V*3s3fP&?9_tnTf z%^YmT&VxR)(rcWqeA@*pyyI^#MJpMgtWrS2!1BVsu|X^nX0cT=a&wE;O+YDeFt`L6?SWu9Y;M-nZ1SC&c)L#46mCZe!-! z?ga!i%4G1A%&_cPf#~sU%Sem{LsYJf(i-0asr!>zjGV#jTFV;yjW$dk$PG$wiHP2VE^g2K-FH0_|uGT*dk$m>)T(9${>K09r z4@0Cz7ZtAiBXwGJfU&I2*0v%(Vc{{hE%!iziAs=USR;=(3c7p%QQZjv8V|-}@p)^> zkNdZ3^DT$$m6teQRiV$?PF|r~`FWr>Y88h?HDfV}Rgxc`a8Tcv0uz+X>GNnM_b1T| z$!YwjMg7>#CxLZqg_AuA&YZV_ab+dK0Fiv2KhKWG zOqT=K7q750%AOn#=oYAIn$4FGc1kI&vX~VFq>vZkL^%|MP$(xgL-=OVTPqN3U+_)Y zqSjVd)F)1;=0agtt3Z{waI|5NtWY$50`znc@;IU?)4Q-%PH!$;Aarm+&!;K>r2h3^ z*|g>b2LCYCdNkXW7sxE4l$Ew{n^=&-CMt{eHs$fsSmw>adRgSSMHQFvje0WCO$Q;W zOtWMEP^KQ=yxn=!U&HeRB2>YXRnQlf+2W#PKymI*AemT7&@jdA~-p`ARQUPwR;Y z)tnZ!fjmNNdt_oflot>|ur5Xju?~}xOI&3a3!GfVy@ks+->&%U5a2=BDS2wQw%)z< z>-)A{-Ja#mfqDDa!?C|x<0~xN+05%_Bp;p%3$C2(V0Hp}vShfROb4V~bz?H&fH~&~ zuTxaExSJ_6L*a0&0=6ELv?L=hYYUWnbVE-fG@4>`2#DL`u+1%1W-oN)B=uN{zO#&p zieSBil;YdN1kUC5CeaU=~6;#|nZ$|+jgh75Jkb6WJWGGmO&+-5_>b<7GhoOSdxF!@8 z5>)Nl$iKe#F2)!hhJN@@j*1zKBpk#g>gZtyg5c2myZ@y82ry_`3hh_|53>NzD`(;8 z2>ULE;t0=@`iDiyye3og(>BVt7@+~8^WpT6a_SY_OS4_5rt39)Gv{Uw(NiUGBW40# zxupOYiU+R`M$;$Xn`e$4*hz%FV{esm@3NfMD%V~^{Ki%NG4@6xmADs$VQG*E>Va=@ z^jodYgnKKmh5y>Xsr$yttuwt-3ZK`3az+dx zmqtrz73Vr^B{~&)bYSg$TV0 zGFFlB)y=?pV?EtPOZzJ&kuYpZ=U(I7bB7aj)%=}%7~l&$3@n&~v@(Gl1RfSj6vVk6 zf9|21-Q&WMB-0Y!m8Uw$sIW|m8T(Ru0dY@^z+H-X+l>rSh2N7LGK+^57nvFdMD2$> z>L}6%HD%$p1hWow3YE5d%m05ZI|$I>chvdV0C*%Lf?H8=;EOF#lm330a+ z{202{5WtjZq$YS`Ys@zd1n}``eVZ8RQ-MMqWd4QAK!|%!y6r zO=7&`9gG;|Mkr4|c407`aZjym^k=#_CW}+CGa1*P$YT_`!vt8tnA#& zE<_319Jaklngqj{NZybYynf$%ydnvWbKYo$A84uOYiL#?x-v60@)L%SdGk?eM)cT& z8q~EX9}6%12-G!63Q!A|sF>oepx0u6h4o*tlrUPG{8=TS0;TFyiD_LS8(`=mjb|;D zZ>N;OfuuFw5XZBf9r&EOT^~H1JhW&{sx4{OKY$AD%HIQ1%No`@(8+$&Tv^$LEs#R7 z2~;1VuG8TDt;0{lt6h&-_EQWHXE;$~aC}uNU+kdtCf4 zx~vSQNt$DGhUaH)Mv}n?|vV#1MRE6uj{7pEx_oWZ$M=dBsa$d z*9roPHo@&yx_Ar}MmoU@x9|r2MpXYV4Fd?gmNV190ZU>4M}R&(5^~V#L<7YrHX!|r zKX%>&)uNE|Jp~g48f9xZpoVzt!v!jw%u)?3ic9skRiODaR(&34V*M-kV^Oe-ce$e!?*nj6#7fCrq9DSXdXwl86oFIQ^%j__*qPN{nJx|iL3@eR!Z*e z8!U|bTlH@Y-2i39u%^syDwL2z-K7;8-ol@+6|jP$%8iUB*I8<-5N+Lt^}w zY=vr8yDioXX+0GTV@7;?&wz&qf0q~QcUbN%`=_^=k-7R=>!r1;zi^dYwww(W4hDN$ zB8P8%)o;~P7TH&Di_e?i{T|;@(>Toy-_8a5u>0lz+>gyXy=`mPzU?*(G4OIjpuGl; zC;R=_13vwqGqplLiRj#Fgf858=M4H~-`DCF*M`XNPWMGaD>FK@4ETk7o)1>+Utd=k zKMJ0TT{@L64da)mkv`DJ(B%yccbIJA@#~Y=b$<70zldCfKSH8$J*BrCylPT4XF4xE zD(=3VD^^!h6P(l%EgSH@v;O%Rzx-8X;&c(t1zb+W45^KLJAPqRKM+G-*~i8q9XBD0no zBLF%v?T#w$G7gc^s$?ZcKQL!zNoa4pszAoZii$oa*R~&p;YN?`j5=urau??)QG`8+ z5IJLIJNyURTXuxw(G1(z{|}VTlQ+rX=A*gY;quB1g}wUd^dm<@L!=-q#0G8XgivMDB20#t?EF$X@&Zg0ocBBc7)n<6V1 zY)wEUO0o#*U1(YCS!`{t1X`>CjiyM}gqc$v!QJ;3RK}38hsHVf zjxkX)4C3m9{ey5O$dq5AVa|0SNC0UK3JCP`k2BhNnt|v7a$oxS!J#Z_M9sYXKJ@qg zq*qTGNq^CxeU8a%$NN!P4c(2mh9YL?N=@d)iHpxe?W@K1&ouPsTB7n2KdePa?Vok0 zTKkZZAb#2Osh4xULz7_3Ib>ckj{MHuBrRgPW zEj-_0wzB#9(K&V-nUV4e(qMk14>mmvEI~BL$X*v5NBqO~ajA_7?@TS4yoJ0k& zrWvu3`L*`10uy}EQ&qak7)W-+h}EmV;- zv%SzA;e(QxOm0zYSpg1-`k3B^N0NaFG`?SWcJ)M_cX6KI1%)BT){xw=qx^b9?7qLZ zoK$)mgxsbmh8lV$>aIapM1)&BU#ju?2;ugBj1(T~!j3E{xqWk5XGrmTICdePQy^q& z4RgC1#T6{oBavKX33TPjp(5BnpdDcqMy{@>7z62C`h_~ErVl_8Tn{t`n>##WHh@-q z;zb;qJ}uPT-!>h3(rzxhr>wHrUJlL3OYk>}E(n^|2-dociUif&yQ%<=GFlU$7B z2;^@nM@s(Jq&|pG$s~|%lfNS@6pV8#)`epasZRU3y&LbG&%BI!?fBcz*)jhFb%W=E zLyK3p*m!+Q7Y1@{8@T7KXO`Pp8i_0pZps%HX?}P9Y3&3tqMb$P z0`mQKp1hk1)qa;C2!adj%q>4qFtX#AIe`!ivRZkcR})Z>9wRGaW1^ypcpu(GG-_b) z6Ty{e>tp-oh8!&HfzuKEXD!Q{)#>-9&1TOyms}>p%7h0=Ib^V+lP~FJeL%n^BI-HT z{I5MjaT?ECVU*$Ha|rP_)6jriFvM69Im&Y3j7(GfP+<)?bQ-jz~SrDF>O!Cd_H%06$ zo8uki`Eez1vb^8m-f#`(6?Ry=_Gj?!a?yV5bYs9BB)-TXxsxazqP+|Uo{JciM4|yw zG7gA6qH$5iJk25Fag2zq_4qpV>T$KWxQVK|4vzPC=xq?n?^8F+fHan}_^Ws68Y(vL z`CQ4J6XLkOCWETK5H~0_x47?Y2cK9ta{y&pgy^1xkiLO|T)=}KMO53w*YE&pLLe!} zEhbbMA#kWkv%{tQK)c zKz~l}JNGR?NvYu_5=&}|;z*PV4fQY4?Pspdmk0Gl*tdbK(uL?uOK&{1ceH^5ji$C) zA-ai%S)2^y2@uBH2K?BfvxKYD6}6E9JZ`{51$+=8;YyUy@grtf@PJIAYI(hdVd3hKA4iR-6433p%MSqZ6$~ifMbjOblSs0h{=oScM&<~in zooE{zCUd$l!DSN}Sb~7!`4JfSJqLi~3r9Sl*Ljp{7uUA(wu}(cKwEhV4&h7lerbf7 zbo25zO3{WmO684F?p_8lK&09#!gH7j_GxyM`4U?Nh4X3%e+&8zDNeaTSh=AH9;(HF z!)X560m>O~JM#Pa7-`ox`9DQK2(+;pF7f#dbYX3FVA2S48tIa{F$C}atp@;OQkV|L z0gb?|9{;YqofkuT_Y+NmUw%_|dDk{6YQ>d;0z>#Y#dhY-lk~}>i_d3|%Bwtwc)0i8 zH3)QL4tu|BA&GKtPEPIIjaJ+d%V}H2WT$hv)0v)IlbgU$)r;;UU}^9uhciQi(|&VK z*#2o%>gSa7#~d1Y#z_I{t}hVmHfDbQ%h8qwoarD%5m0&|L_ytz6lhCf3*TjMZp=y39UrADjhVrq)wiA zYTz}O-zF|P@(;XTDvAM`a*AOo2MR_BMFTUGZg{8m;E3foHRk$r+n{6i zEOh8M=twsP9?s&2$iKj12xM9_bQ=3?0;n^g z_~jG!23c|>)g4(F8__YUrpK~mZY|T#H{^*LomLY_zik4i#I!j_iQb)x*DYA|E%w(Q ze>BXJr*|EUWTb^=}v?9?`C=G{*E&K6Y-oA40DsvnTr-%zU-!mokvP{mWO?x77e-F(X6r z{KVV3g0k(@VHe<*ls)^SSuQJA{XMmmDiTYQ1n{7o_bCR>EnM=sZ$_5^QqjB=YO^@Y z$OTg4)dW>h6@ydD2UbYhr&v8}uZmQR)>B*R-$(EMZPQJZ54!xmfxkwBA>R;=(GX4# ze@%>vCFOy)Ss0owC@J0v@)HqlJp?8(@(R^GG_n1>Q!}~3eA&pNU4|sh&PS!uv1y~m znz;Usc!LaBv(2??R5IRLxG@Q;^2e0a6BKoQ)(m&LFuG8>rHUkj~mOB z`;7w*%}0^Dp0bMd<7w&E_xWh(dMw(7WsIRW`B@i;ni<7t3fc`v;wXx~UHV{u5^!m^ zbLr1V_imOYV02J!bCk+VJ*0}qWXmTu{JF;B>`FJR>otPL?ECTK_~vE?LBPrC#)5 z_t*(&j4yfOTpkM^iPd48qC=j;2G3WAOi#bbTw4^y7Oy4@p&HUrl5Q0dtw{^E3Q%xS z^C-IE1osV`@csMtfaTf&idm&8wSf7T%d!@xCrs8A^&;Lv)7VOYFU=xsL;g1@NT1-C z&W#0w<}$8T`eL6b>9^OGiqkuoJg7*0_Oeuf+;B%yu*JK0bM=(ggIyg3_d(#9(uuG9 zPH;oHv?vS`BlrGW=Uy~h2<3#N`V{qqOQKdbU7W&0?RA8zk$@ie08Qa5r_v3@V^>*h zl(IR02r+iola5NYS|v#w9Njnt<5Iyfu1(jEKW)Ws6Nx9w-6Eswt;DLcc13CtT1Gzr zRkI2uTHWRYa(#;j3GYDv$s>kWnr4eyvzme9M2hyhGe%v|njc!R%@UDTizW|kcMxv% z!MKDAd6|V49QD`zOs-kSfd6>aqE41^GX?~l`5*(HRrTCrE$4bw?$nVxv`>zq1J#k8g+7*blGY@5J!;i9 z7^*;#H{zdZa|WbZj4j*zdj~YmqSA2rwzd(sdcF^@rIv;2yxBF>_wPc8#WmKt(@H@D zt#*kWlph8_<@IVo)vgIJBgdH6dz=2mG8H`5HYVFLP-YtRcW-pikbzciJZl2T{$>O_ zB;IB8QF&ypE;S(6Nszd7;%8=oX_*CaBI*Y9-I?6v`g6{$+8B}^{eyH)>W!phF14Ft z2i^@5)=1_W(w`>Ibfgx%!4xYZWzi<3Z%)}=9{bnb-xz$XiyV<>sA+1x-k}9Cy_{b) zZNeZrR?pH;+ezCGL%Z@$$XA^JvG9<5hl9DR!O&M@QyzjC*L4B5-2A}>Ms_LJ7Ftsc zo3oQ0PiU-{QlO~Pyz`DMOfQe`4p`$f3P0LtU19q1`>1A3*1n@I0j!~?x zRX>Zd&i@Oysv1c4p9*7c3FyKoM?isKAGU@eJ-KHQIU z+z1i8U3_ku|SomE9{3J}W$O zt4%v?b?PT9i=lUKpEnD@DP>XlS8b@7Yp7>bM=0Ey#{k7#zkgA#%gSDW^JY1IGqzyk zi5T1UXLyL82W@?GdUv>CXXS23u5*~$I2T<>qL&#+r+mnI8W#On62CrDBsrGw~4c3uz&Mj(;-gZa#Kj zMDaxqKHJa&z4^t?>Qd3ojn2fdt0Q%;wp^Ou*Wo*umbdQt5|yteV@xU6alXL553Rl7 zx&99spTBNA2AVVRL7$_yFG0MmCre_8Ol8TZhfUQXFx>@uTwwqTQ)KKZfb!BQX z|MV!SoFNTMwa(Lv$0Yh058@Jq>PUTbEdoJ_GUGuejoGR2v!`U!0{aWP+aZhB^@Ee+ z5;w`@c_6BvV=RBsRnWyKq)y9cNG)fw%?Nk|m*^G3YCQ&)epG;SYq)GiS&1W(!ouLJ zOj2h>Ijxs96&SKT6?@gHgw2C}qDHzzZeSw&YC#$QdiKuUaAnTm$<6dR`h$cBJ?mQb zl(S<{zV(Rs{7cLMh&GZ9{n=GHNp`bIS;^Wvsr|khakW)$<`%9(2+w-)Gp_l%cy%vC z5gb|m)H4?77~PdL#%V3t;wkdJFhrz7nhVqAZulXLt5}CtKn<=-YDoIwF}_-tou>Szy+F^6ww27Lwbt9^97p) zn%@>Hl9fl_O3*MK+;bnt0=|kQymKNjWV&|6(8r^E2I(bHyTzNbaK+Xd(l9TS!>Df z?;LbKr!IwlfZ6d#O+NR-zx`77_{z;29FKSpOvSUQ z@9H60u{8qusz|~r+jjz;=Pq_5X4D!+SI~kSmCyaACIWyB z&bqgVYefjobBbYglRm_>b4_D3P=veO6MoqeQNgQ&PTs63AGG39Z?$s$>76AS#fZ?} z(E^PZQN~0@EFn~%$=R~=X{%1Ps>}0t)X=(H6AD^dcMZG%<<|y?X2|gZ2OX0(t$=-d z9`(*G3-t8LBSGft(Vz})kvEc)VFpkb^ecGgq_UI#7-g&y%6gcASGw}0kUhy=dgAx# zt%&tQ2-kFTj$EF7s~qD4!RmIQiprMlMfJ$TW%@7T%6KhbJVvY?l8FOw*2$4VH8Ujj zUk9*@wDiXoL-g(vr<|ud&DHy_c+1T4zn55Up7>0cbbO~DjUg3|Kc9tt3Z~DV^gGG_+@=2MdF{;_znbFqeB_2NIa$5=bSpYS< zdh`*|W|E~}Q=3Yo$tWtJl!#{m#66Z4uRnlm+AA+%&>*#l7dOQ^5a~&{aA~Kp@CQl~ zER;Cho3c=6Gtp!449C?Cgh@qA3gxMeFVROi33v6BR3Wb?_&pS-w|oMI5pW1x4_|ZV z3^hf$eCt{^at{%BpP%4`QY${sckpU$;d!e>{_n|X-H|Oh3@@H#k9TRRbuZelXgHb0 z@~VOKplobB9-eMcLB=Or81V;f)jl6=0u&(Vc^ALEdI$2@QllD|U6z5=-e7HuU1e1;_wt|eaZg>s9&h1`m$Vy~SI_-Z=98h1agJ~I z4Q%U|d{WS=kUd^=kg;**3LcvRzdag<;!gdu?d+U8Me08c`h^?^YG?N>FaB7(>02;g zBIFD#>?{O&a9?^`&k_Fc(UTsvy#xntWKM4j_`ui85pxGXDO&*0%WT4{YO7P}jq&+4 zNSF07TY#63`=UGUa#HMf@tR8l6}N*8*1}*z3I8et^0e81;?H&MG$Ci&mv4FSN_YOT z*;Di)ObX`>w-pE2K;5zX!XrO7JdbTD>bg z*B(|ExPB7iR0%2f;clyN1?T;=`f|>KoST6RiMqw1=EK=TnmNP7`HcnCNhn&YzPC5x zUP^_Jg?tr{VTvnh4mCHrftAIEjpWmgH`g5{X{aei>*G zkX7O2S%4PMvvI(0$M`TP_!7|~{%~*gMaq=qRGUy(k&Hy%U`SvBBT8Rf?q-Y5)ZV(U zztNwFkG&+O6U}CYA&1do5Wl~sV44#+jp_4xb?@Z%j2&8k+FpnuYT5vGZ&bAN@MHIR zIpA5}7~pDPM!{bG6AHhgz}T!TD0 zw?v!#o67$w%U^!OG$Yslx!d_A7Hqq-ZVah;pRllY!gO6muz8uiYi981w1Y%+=aoP>@bp{tZu*t*;Id+q#y)SNjy^*Z%> z+5Ys_$_uR|nX_9{U|6YNP zdXou^tQ7T!Mi=^BQH3nsFzr)yO^hamRCy2a8!}*@x zPhmsE1j1201-8bzqSR>ukFn8s2UC2y`lq|@gez^~tqfSxIE_O7K>28pLKQ5DPNo^{ zge}InJ)MG`+9)wjh%G;LH3kF*SOfW4ba7=6QgogX)LP;Hs<`rSD6}>{GmM=kVPq!PGFir6 zvXmlQGejCBVbV+(O1ZL?7%mZ#ifQHrZ&+ZB9=-%ASbRSnHMC_!>S=nSbO`-STJ?GS z<@*6TI+4ct_Jf)hrD{3Cn^Q?dOcCjDcJnMk{SV*j%uj+(k{*c}oo7g|Hm)a{O%wx*+hn9@nhw3>+kwOm7`Ng<}Y<@{aiJWY4sgsZIdUaBF z8XAw%&y2XJeDB41L8g~;)QJL0TyFa>N*WZ`ZGxM-D8Ge+Z2>kX=8N7u7cHc6Hyewx z))5XPchEu^kmC3Db1eM(TNS!S|bkgA8p2ugvI#s3Ma(U zxel*m7ikeI91G5zn}SPN*qr^b(#l8LJ^ci;Ed1$i?Jz^0FJnqYov!1#8>4B73Ns~q zyjQlfYmk!B%h+{%SjM|QEipIbI(J>#Juh`M2%qBtkC}Xz{Nd*M@>*9c#;qiVeAoUc zJeWEubA9`Z<4SVRXQGDj7;A67l(qRVf@Q?PY6g0B+pUttqG-5WN`)YQvV!C_ms+H= zTVB=T`6(%NG}0@fvegaNTF{(IA5?zd5ij%5;!z4KW9vB8++iSbaP&zRJkOcYeti^|vAZ|;n+3m!|_qYwS0$_th2KPCOMKRv`% zk9ofkmu+-+6B{Yd6W4lGp3&8Rw860G&5rw@sxtFvoj8*vl(e1xMAD&rc&g?lH0$WD zB4HpARqx`r8*X4#?wEg_(ZJi|NK_@?80O!TUXC5yz>X>yG_84=sXs}1;3}GAs>($c z_Kv@_qfRhW0$kH#jABfqsx4g*E{rNwUS57oDVq>oVQb645Kw%LfGi=<IBcog-(M ziuM*OmSmj9Ee+R|E7fGa)MnB2q&s@;BO~Pu$UI58(n7=#dFn8&@~>tR_2sRIE0xDr zL`UGr_jWO#WamvvqC-bP5cN(Mr4s9W?I(c%w7oaYzrwEV9#y96zle9vIeDwISH8!` z#3zHp+J5jgj!nWsM$zEIJ9+GCF{J2f!hu+z5vdhVWIOTxW@6^s?8mCAxj{b5&jpnj;B;f8OyCU~uxXklczHLF_Y0nb2BMc zPudrpOLjS~D0V+N80qXWc_;0W&ICClJ;1P;gemD=3M|eg+%f;8kF*uWQB_$K< z4%x?dtC|Fpp8WgU{gysMI_HJGzlQ{%&-sjG@nXsAXM#VjKHWg^z$WaQ3V~sI5CXVX zsDt_iSQDF(czSUSR_UrUO z53N(214qn3@E?7+HTdS=AHzp;enkl`!ugM{NZ`}3hR82bZV#H)7q8hlT#_R|Vc5tr zfBmuQxfYq859^cUGS(Nkpht9x>bdSzu(rops>gGUpZrBDZ?G`)b8g~NZ)sb2-_w`d z!(xpNUKyh{Ncu%X_DykmCnc4qQ9R<p!0(F}#39|;o4fwwamtL^BHr6i66r0sorwOI@ofDWMoR;BhTf~>yr}s(8q>zMr zjW{?Du^58+KAIZd5knA~{xVuW&v#L(!dpx{$wG#xEBRDZpO%j^AJDmMmSZhe6A*Ux z*2k7t%g>Mlrh4@1VP9OFEWiHs>=Dv@fcybfJ7-0eZNyZMdZtt~w6Meawo%ZoSp#MM z-xsN`8~Z6uF>6&Y6e9?I(m6sV&=VK(w+27HJ9^uOk9l7#_}09cw;J3rDz}Yq_E&Fk*9QNb+1+ z@)ly3!KI;2Tg$b{tk(2rg2(s^oA)l%)IR2U{+V(=+WS9eUCVgQW=mV=-!WT`L5cfl zd*w47%52J`Bs+)Glg5S)B;d79hCZA~t=JGwu{|u(KRZo@Gg=1MH&Bner)`McQJ0xF zt`cpFzsP>8-_E;>QqtcghXA+P9m)U-Ek@`c$|4Yms_0kE50g{?wuh9#*%lL6rO`Lo zD1xbnL{JTUZNb9yjsty;Eew7Vv=dc85(f+I05u$q|GtrW%29##gBgx4`p5Ph0@404 zya*waKwm2g{6&=k?yXo@S^BqTVXHap;B^r^0{se5ZLY8t0P=u7$ZNyGHVZ`%175Z% zi^xdfU)iMZCUFA-N{f_$E*AmRsuUEyJ49ggCOFluETSwp23)L`u2fJXaHV98a3DuTdvCzxdo7_3HtJ?#keck&X0K(_wx@DOq>_|UG6 z{$4Yp0L1?V*w+Iio(;^Z5uD-KLg}D}=PF*thCqM~TOFu&V4;=3p~Fm~zWLu?{{S+A BRXhLy diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json index 047668d1f..5554a5377 100644 --- a/eslzArm/eslz-portal.json +++ b/eslzArm/eslz-portal.json @@ -831,26 +831,6 @@ ] } }, - { - "name": "enableAscForDns", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable Microsoft Defender for Cloud for DNS", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Microsoft Defender for Cloud will be enabled for DNS.
Uses the custom initiative Deploy Microsoft Defender for Cloud configuration.", - "visible": "[and(equals(steps('management').enableAsc,'Yes'), or(equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'), equals(steps('basics').cloudEnvironment.selection, 'AzureUSGovernment')))]", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "DeployIfNotExists" - }, - { - "label": "No", - "value": "Disabled" - } - ] - } - }, { "name": "enableAscForContainers", "type": "Microsoft.Common.OptionsGroup", @@ -3966,7 +3946,7 @@ "type": "Microsoft.Common.OptionsGroup", "label": "Assign recommended policies to govern identity and domain controllers", "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, Azure Policy will be assigned at the scope to govern your identity resources.", + "toolTip": "If 'Yes' is selected when also adding a subscription for identity, Azure Policy will be assigned at the scope to govern your identity resources.", "constraints": { "allowedValues": [ { @@ -4374,30 +4354,6 @@ }, "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]" }, - { - "name": "enableAksPolicy", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable Kubernetes (AKS) for Azure Policy", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected the Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters will be enabled.
Uses the policy Deploy Azure Policy Add-on to Azure Kubernetes Service clusters.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "Audit only", - "value": "Audit" - }, - { - "label": "No", - "value": "No" - } - ] - }, - "visible": true - }, { "name": "denyAksPrivileged", "type": "Microsoft.Common.OptionsGroup", @@ -9073,7 +9029,6 @@ "enableVmMonitoring": "[steps('landingZones').lzSection.enableVmMonitoring]", "enableVmssMonitoring": "[steps('landingZones').lzSection.enableVmssMonitoring]", "enableVmHybridMonitoring": "[steps('landingZones').lzSection.enableVmHybridMonitoring]", - "enableAksPolicy": "[steps('landingZones').lzSection.enableAksPolicy]", "denyAksPrivileged": "[steps('landingZones').lzSection.denyAksPrivileged]", "denyAksPrivilegedEscalation": "[steps('landingZones').lzSection.denyAksPrivilegedEscalation]", "denyHttpIngressForAks": "[steps('landingZones').lzSection.denyHttpIngressForAks]", diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index 2c25864a3..29f595d60 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -771,15 +771,6 @@ "description": "If 'Yes' is selected, policy will be assigned to enforce Hybrid VM monitoring." } }, - "enableAksPolicy": { - "type": "string", - "defaultValue": "No", - "allowedValues": [ - "Yes", - "Audit", - "No" - ] - }, "denyAksPrivileged": { "type": "string", "defaultValue": "No", @@ -1610,7 +1601,6 @@ "azVmssMonitorPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-VMSSMonitoringPolicyAssignment.json')]", "azVmHybridMonitorPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-VMHybridMonitoringPolicyAssignment.json')]", "azVmBackupPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-VMBackupPolicyAssignment.json')]", - "azPolicyForAksPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-AksPolicyPolicyAssignment.json')]", "aksPrivEscalationPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksPrivEscalationPolicyAssignment.json')]", "aksPrivilegedPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksPrivilegedPolicyAssignment.json')]", "tlsSslPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json')]", @@ -1735,7 +1725,6 @@ "azVmHybridMonitorPolicyDeploymentName": "[take(concat('alz-AzVmHybridMonitor', variables('deploymentSuffix')), 64)]", "azBackupLzPolicyDeploymentName": "[take(concat('alz-AzBackupLz', variables('deploymentSuffix')), 64)]", "azBackupIdentityPolicyDeploymentName": "[take(concat('alz-AzBackupIdentity', variables('deploymentSuffix')), 64)]", - "azPolicyForAksPolicyDeploymentName": "[take(concat('alz-AksPolicy', variables('deploymentSuffix')), 64)]", "aksPrivEscalationPolicyDeploymentName": "[take(concat('alz-AksPrivEsc', variables('deploymentSuffix')), 64)]", "aksHttpsPolicyDeploymentName": "[take(concat('alz-AksHttps', variables('deploymentSuffix')), 64)]", "aksPrivilegedPolicyDeploymentName": "[take(concat('alz-AksPrivileged', variables('deploymentSuffix')), 64)]", @@ -6236,33 +6225,6 @@ } } }, - { - // Assigning Azure Policy enablement policy for AKS to landing zones management group if condition is true - "condition": "[or(equals(parameters('enableAksPolicy'), 'Yes'), equals(parameters('enableAksPolicy'), 'Audit'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2020-10-01", - "name": "[variables('deploymentNames').azPolicyForAksPolicyDeploymentName]", - "scope": "[variables('scopes').lzsManagementGroup]", - "location": "[deployment().location]", - "dependsOn": [ - "policyCompletion" - ], - "properties": { - "mode": "Incremental", - "templateLink": { - "contentVersion": "1.0.0.0", - "uri": "[variables('deploymentUris').azPolicyForAksPolicyAssignment]" - }, - "parameters": { - "topLevelManagementGroupPrefix": { - "value": "[parameters('enterpriseScaleCompanyPrefix')]" - }, - "enforcementMode": { - "value": "[if(equals(parameters('enableaksPolicy'), 'Yes'), 'Default', 'DoNotEnforce')]" - } - } - } - }, { // Assigning Aks Priv Escalation policy to landing zones management group if condition is true "condition": "[or(equals(parameters('denyAksPrivilegedEscalation'), 'Yes'), equals(parameters('denyAksPrivilegedEscalation'), 'Audit'))]", diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-AksPolicyPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-AksPolicyPolicyAssignment.json deleted file mode 100644 index 9079653de..000000000 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-AksPolicyPolicyAssignment.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "topLevelManagementGroupPrefix": { - "type": "string", - "metadata": { - "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions." - } - }, - "enforcementMode": { - "type": "string", - "allowedValues": [ - "Default", - "DoNotEnforce" - ], - "defaultValue": "Default" - } - }, - "variables": { - "policyDefinitions": { - "deployAks": "/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7" - }, - "policyAssignmentNames": { - "deployAks": "Deploy-AKS-Policy", - "description": "Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc.", - "displayName": "Deploy Azure Policy Add-on to Azure Kubernetes Service clusters" - }, - "rbacAksContributor": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8", - "rbacAksPolicyAddon": "18ed5180-3e48-46fd-8541-4ea054d57064", - "roleAssignmentNames": { - "roleAssignmentNameAksContributor": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').deployAks))]", - "roleAssignmentNameAksPolicyAddon": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').deployAks,'-PolicyAddon'))]" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[variables('policyAssignmentNames').deployAks]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[variables('policyAssignmentNames').description]", - "displayName": "[variables('policyAssignmentNames').displayName]", - "policyDefinitionId": "[variables('policyDefinitions').deployAks]", - "enforcementMode": "[parameters('enforcementMode')]" - } - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2019-04-01-preview", - "name": "[variables('roleAssignmentNames').roleAssignmentNameAksContributor]", - "dependsOn": [ - "[variables('policyAssignmentNames').deployAks]" - ], - "properties": { - "principalType": "ServicePrincipal", - "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacAksContributor'))]", - "principalId": "[reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployAks), '2019-09-01', 'Full' ).identity.principalId]" - } - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2019-04-01-preview", - "name": "[variables('roleAssignmentNames').roleAssignmentNameAksPolicyAddon]", - "dependsOn": [ - "[variables('policyAssignmentNames').deployAks]" - ], - "properties": { - "principalType": "ServicePrincipal", - "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacAksPolicyAddon'))]", - "principalId": "[reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployAks), '2019-09-01', 'Full' ).identity.principalId]" - } - } - ], - "outputs": {} -} \ No newline at end of file From 7799e50ab0f7c19eececa7bcb2e39ec52b87dafa Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Thu, 1 Aug 2024 18:10:30 +0400 Subject: [PATCH 03/11] Policy Excel updates (#1715) --- .../wiki/media/ALZ Policy Assignments v2.xlsx | Bin 49786 -> 53524 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/wiki/media/ALZ Policy Assignments v2.xlsx b/docs/wiki/media/ALZ Policy Assignments v2.xlsx index 56b3f486f23c6e76d09a0b7647e2fba6e9d6527c..8211ba8e23fd0664790d486cb5d25fed68730ceb 100644 GIT binary patch delta 24641 zcmYIuV{|6rvUP0RwrwX9+qP{dZ*1F~m=oK!ZQGdm&N=s6_xsb&THRgMwf3&s^`PHF zKvRl9u@q%M!O(ypfS`bYfQW(K6wK4EfPsJpq5oi!fB@3;Y&MzD!fqiy5XD*h1xTfW)8#^6cy%9a*JGc5sE#`iDNSLT<%(O7m)Guk9SnJ(4ZOdv9+ z{UeDR-~du8fv_+ir5Z8NPhXy|Fo z{ciQt0;q}GYF}d(C$}1!gj(%vD!n2^BC-}BQ`ht0sJMNch=ZYod;M7*#A#F&GZa^X zvv}wNCoIeKNEY#val>)pqz3u70T^=IgzE$i=tbo{)s6JirQ>U(5 zeM`1;VIuGkmJN+KZ>*8@z_G_~X%p)vG(XU#UOdq{unXj&>p1Wn84 zRv z`~-?7-k=5^Ph$;p8-dC#9nCZ>{?^cnTB(oI08YE9HIbPAdYuW{MR}FCuTAT&XY@bG z%(Q@*5vZ9E@gdPwRDX7LwLZtGU`boNC@lMNO2!GSg^mPN;bB&j@PB1OeJ#G#_2$rH z19Dhi%7KN*z29{wc-Z6;r==o?sjH;Gd09tf=!_-^WtCilT$m}v(n76t(j3w<)V-sT z9!!|lY{gko8f}%5q+5t`&@@5(n9G{i3R2gZ9m!APqc_GhwLphbFjNIN3p&)z_m4$~ zx$-dfUSI%T8&QL+;e-u_^_*#jmwl>ItTSNQ<0=6hIt!5Bq?2N2YEbIo%v=cL?A%^O zG~qhxTL4O0K=ko#U&8aECDiX_OY)GtZq(^b=f>y9Mr`^qJ6b*X)n^OcN?G&{bwlFh z9O^fc2x8fax5l^-oF_O)Pc zP-Gj@hu0uykY-R65D&v4t%x$?h+|!yyP~qu{Uc5qMvO(|ip-1{8w59MGSvezU~RmU zAgn_;Ow*)BS=qFwM0x2X6~6UFN&&jCp90043ZP7+lr&GD9}c0u{BT@!1oG9rZJfMYB3yPucSs-UY0rdb#Ek)6@1h)p{i=|B0#z>Kjn|Aykm?1=R-{?wd|EzZJEF%vP=_c znW>;?BpXYl%z--C`uQ<_H&R>X;V?Y;3@ntgH@|?@Wp<}CwzxQ^m3kBVR@0&S)+JCf zz-K+d=3)WO1XIhsfJ8$5L3->21|JX+#FJ?A3%}|TNBzJv4A<3;)DeFZtL;y&XD*ri zdmfF#GX~N(;p{*ua#;2%?67lOd)GdfPsj-;Nu$7#WQhnn`Cg|&%PqLyByf~{l=9#& zJ*twPTO9oy9(~B+;2{|g)6|bf4}nOK#y8G>XJC3=w_9_9N@l$}drXV#0c~;DI&BB8 zs8rHRz|YwpRu|(~V))`FDI$V^!LBZ$*9%R1d#_A9Kc3#};o0BEc}q0EZmI9B45lCU z0=t3bwXvnGv7=AI|LO_Sw5k0n!@phv2LS|x0|W(}jNFOSsNDhu4CqRcvl(Q93%d>e z3g7!UAiM5Bym(@P=(fkdvc@|O9&xW=gAnV>C^moPe3mhE5 z>0jV7LdG(S9#IYQ%hA6j&vreCBLY>5g)&VYf4c-8DI%%;%m{klo zaC+4J%i!Y|3ftaF=QKq92c8oTVM1kpB+Nf~rp=|Y94==xLFdF+OA`<|vyr9-lbAGR zAcuLm1-)_t%+HZzTbwN#kYqbpWF0NsqvImqS9Bb84e$;WX&7(P=@fR>nA8YG1akT@ zet+v|tquzx+G^;>+gS=I*tD9vBIJMVzcKz7NElEw(}*}wARuzcWP^W#$owB6&Pmpa z{@0pAcVWK}MQ-&E+XzrC#)8hfQfp_UeDR|t(`c!2OMbdnrIWG8WU%f?Y~E(t7w)g# zev@$r{1JIYmmA1HIcv8U>#aG9zjaeoG{(QgrEo(;=MOHKeT*kGm#}kh0d)j}?yj*s z-BJ`!JjSOo7v&d71`#7iG ze|bntI~Ld2>qQ)$9lZ5?mYq=>e~Ne1{SeD0{enO+=Ihf?eHQ@8j6aP?8yF>f3_Rf4 zZZW9b{8E`0bW>i9R(K}STps2bOY+60TS-<+kc%?S`t6m7dD-hKU;~zSr-{xyr|z0L za?FxDXDRRq{Z74Sx!V+JlI=hg$Saf@lEhqqTjOy!gn1Q}X!RA6INpW|sTr6;$}^bo z^UatXi!v{FX!ilA)c8;YF#irryDs^tjL#RgO6iaV0MmG|5TH(X?AExbk!;e_lXXT#nO1`5?GYBgI!1rjDTg2-!SXzt6x zuh&24YfT%UhTHyEDGyZ+|68Xq^IUTDL_k2GjsNPD5Rj_pu<@VCGv&3QSPx|+YB-XZ zw%eTba%siJX|oeveb!K>9gOV;VE0cl5b6S0D%5CX?rGQPDf^VYhud+tV@as3bI2Ex zSC>%((lm|4ZjV3=#n@sP2Y8L?pi9#!&h}21AM2*{bMo*tg5S)@HVe3)uTI%0J83V!U(_Mq$+Ib z@3fNpKs?v1*~!@;x`Hbqp1L0rIEugn#sQ8yKtz;2B{U_Zx@*XAT}UhUJF2lB5t z|J@R!w5>A4;t0AM39>v!@pV2a2{P$oI%1~>1PQ?0bT!hPkxpuvXJ#=k-&aByRa+)E zs2`?pmBL8g^P%#D1@AqSmxxeP)Beu446Giw1L^G83n}Atjs`kVp~ysx=e|NcorH`P zAg21d%cUz&q9m!;^U(PrYET==B=d*ih6w*jMP%kBDV>(ugq5*k}!0Sw+H|M-O;v#Oas>~F$Yri1nsrYjFuMzwvz;Z1>fcJ(QAGl=#ndl{i>*0_K#sp7q0tk@{ zVo3OxdoE1*+P?>2cm$m1MIu7gqC$9LA*+#CuV4}UfqOQsB-hwT;UcxRP@goNJVXdI z5&5N7vJ4K^E38BaaCftAa>I9kc`sN9QTjv$D2n~RLpb%jKYuU z9PIZ;LoE~t@>{DzP9y|3JA6OJ+k>LhpD?{+@5hn5xhcMBfXCl@t=VJ#y-MS7; zKUzI`X4&-b?`yx}yqR?R%LB32RLX5+(s=CvB{RJ9=1QvMPh%fLRUDY&5_aZ8-Rv5S z)giWFZg6HNK*yq`$AY_46R$yQbsXv!RqtmU*4uOxYi^~ek?9nvnEwjDsj?eY3{!Yy zX4PVR<;>8hs>Ri@x_>C&WqM%&O&vRRn>PF9rSEn_ko=R4R{}m$aZLU&whB|i@|D5{ zOpLvR{|EnXWoY7w@YrFj{01rQHe@A zYxfk@FfuAq(HRhQ#0!3ahg?SOw2?^r zIRXBD0NOuTBxG?W$oTgOuu{VYBvT0~N-t<2BL78M%2t;5&0h2Ot-;JG2g_9)M2wP5 zLi~;Q>nK7BR7q^Fn>3f^-?%#%GBw($)Wj<n_BD9t97i(skkZlewTp{)jt9)a7}pSq@Uj+fBk9 z$PM>;2k60DS`#rt7S}PLE01Vh{3{$vbv4-?2DsUc1hHtH*3}LcB*DIzRT+W?Obfss z$Zfa`HYM)g%1_q08X0MCS#_-|)GU4SNZuV0Hx&`0;@V!z%-bK-(YQ_xj4o*&O>8Vn zDQ(`UGLRHt>PHzw2*T6sFpDa>dzr*hkiWdN-3zqr-7Gq3w8=>yJ{byMXt>Rnp$J_r z#DW=h1?x6Roe6!MfQbgqQbW>F*_GpB37XzB}4>aAKOS$bscWBaK@Vj(6U)`@wWbM8|ynY8$1$r=^$O$MgrBFFR0t0|Gd_}cgc4RD} zBc7FH=%-XGl&f+K!Hc|Q>2n$r`WTv;u90Ve#9*onga>fpX70ZXSt>}xw7B+9MN8?` z|Mv^B5xx?uAIjV8LC2pf=A~e&MA=nffwtyFrtSq}#E(yVVI4K+Y~YpKB)HEM<@Bn@ zB3nc$jDvbq797fer_P>fG(%mAc#|rf2{TcGt$1`)CJt6PSvA?x`JpEEO1KEz4oHKL zPVt$H$BouZkQf`V(f|U70^N&Fki+fZQn#AzSw#%=o^XFtTX?kRzH#vh%RakHCc|m<(a|d##(-EMCj8SXT5GT=h!{AKo7)! zxy?cNK$K7+HeT)HIMxXXW4b*E#@-QrBoz?|7ZIYEeu*OjY_cu-Pogqp`!rvL+M9fc z#5*C4n=$}FT2}-?Rx`4LwB6y8ZuGHR`E#U8yiuel+Q1|154!%|csCNAkYi@4U{kiZ zw+9t?L76tLjM{|3RyJZgqUl^+Jby1X#rX_x%vAqNR5X}ep?Sy&vu3cD&`7X$p6#1x(?{bATLX@QQ|m0i zHQmZ>PU3xn*Et-bNFoL27 zJ<$;`Uz{PESllBiH$o9NKY>(wLtnmuSkwMe7Za}tL1j+jE#Pha=k@5ekupx$kcF0- z38#sBR7hP}rC?pFtL>_cMq~CMw(g05VYL~8$KcZAC5#7*<(~nl-hf}9>BS+iDJ2m@4mq_X2If$;*Ny079(P7X@O7+@0Rs;g;9pAMWXhe<3*L0;LKaBL4xIiU@{d zo0DB2T`s)cHMT-jE|{A1 zIq-sssSWKfd9l(`L-HGGV75vb0hHekTOdcl1_P0OrX4P@39D$^&Gy^k1#f4o=Q7lz z0UOe4@iIR9F6%|>U-1@>fw@cDo8o6nuF5o}ON(~+Z_%&frc(&pV1P7uex371pK@7qZ z8^~zh-tGg;Zev|z5UTkJH6M!M_q6H>HYTu;W+)x>21qd!pv>?K@{(o>2XlcdrI$PA z7egk$>SF&3qc3I%38yahPhNO_&~yfT3%EM+)=A00A3_q`eSnt_bM5yameML&$V4hn zCIf9WKRw=0u!Xh@7>!H|L=xV;hAcJYV-T`^0(_f5tISe(dBh5|%hGi!1$8vn;W<@f z>RPX-0qgA5<8ly&=C|_(^3v!~N6#REu9xxuW&xx4RGBSXeHrUWvL!)zkz5c@w!7z- z5xooa247%i$C6tGCAdJfC9Lmi4cj;|U|&Kiz+=s_Tqr5Bg1nt&rlsV3nJ-7kWh=_O z-2oU)A)_6YW@bA7j2JidWVj~lTL!=+>B}1c6v;v>1AU&HP~$Bf14X736kr{k?3Cr| zDt3KiEd>-`QLEzX6B}*9a$K0i@t|5vt4z=xFFbgntzrK_vi9$@Du^1x$FzlAntP>LO}uc$Mv zBLkO2q03j4o)MVJTXHEcSMJ$~DCxbMo89O@&6GEX4=bWZg2^G+FWoI8m zJ}|#;jroXwN52JFb3Z2s0@IH{bNZ>tvsj>f@Zx%i=*lxWKIx?KLM_q$YwHKHo~-}y zfS}~hB48~MdiADaDA1Pk^I<6fXW!T8s-$@1%sg;~9CYvH+vMKxc7_cu&~VWbnS)WV$MBcV1;TaOdBzv{)P7+yaWHgok(R>^P4oT z<>5(4l@vz;L2Rf{H#Q_tdlob<;^CpzCB=0-u&EWxTO1wz&#a zxQ$y?h;S{&JLl^Lgo${krN*C{A4P@W4+{h+Sl7g{N;)`Z?8m{RtJxS=*=bO*bi{7{ zGp(aZ#@f~`HEme{lN99q5(~5~!Jd1NW-Yi(m8y`P_F()m`11pR{J&-IkdBQ5-gx3C zEeP;#YtqHnTBGgKqkM}QY?%)39cCfn^1)UT>(G?r>c-%gheWb=!}$3hDfvlAdJHm+ z$?@8Wn3#yEZ#S3j-IV3w9(x13%e$AU##?`fv-PT8yWURyXNTGEbhBT-=3=0Z$rFRP zQF8XkP62evs!X(G>$#o8Zb6)=!>yPcfmo2y6?k|-F*R>2; zj1IFiuOC(09u7O7Pm2n5+4oq0`+`@{98swip0^qF3exZ+JGREBwX>J)F3dz64UjRf$PDsUhyi* zd6Eb6BC}x2Fn`D2Wx1pcsQiBx;D$PS=4Dkyaea^kjh9kzQ9Mt?tn(x3iIFudlV-4J z$n#@&w6pExG93XM_^h;H$(bA{k?$ zW2Rhxv@ucW5qZEV?PMF3TudMJ%&Sm~TGUjhwS_IC4-UE{MppcZq~TZK{Hk)4IhB4| z>N;=iTHCvAwc|L4Xr$7{Tw7%A4Caz@5w;VIE39 z|el^@0I)W+o!=p`{#`dB{)NDYDb%-?j2X{?=#KKxB@0V!~vR_ug{u7nj3rg zF)@Vi%2)_@l3<9gOIezntr zVl>S`oYW;mU8tp|Fsp$`+bNO$o-{>$osuKtpUFuI9mF`AH3Y6v(cLd`rIWi!O~2|h z+d*Be>skcSueg^-_7Lm2WsPC*FI$1JI<9gV(Ric?2pC2sq3_@(<%*83i~$g2z{xk1 z6u8waPi;9Uhd{$#Y!_Ieb(HIIt+B1DK{6!GBvp_>RwFtPw4?g@5jHWdvCKlLsPD@I zr4K+^$j+6Wp@;+dr^5Nco!wzpt!(ijsQbrwAR9_}fU{VeB;{a927T;s9_^6NsF8h9 zCQ0X#1vF-e6QtIe?MeGFy#Qq8hH@->I;19a)ZTVepUrZ(c)X!k(AzQ^^mnuFV=aLi z3o9GREx}`oUC9i0N5=3ipv#w&8hUW z;U@J%R3ip<8^WG*t6@*AR4&nZi?y2g$Em9VCdOn-8QaQ*fu9)UK=!KY5UX zxtA^A;gmo(+d_UG04Ij1wZ8!(H-vMCgb^J{Q*5&6RY^gp*sLN3Y@-@|X+;#tURi_d zXt(5A4(NB?{Nw(Y=BRhOnV&ewffy$5;fOQe$I&j(3!mf_>;R}jAj@P2s6M476BM`A31g}cJ4H8zw^ zdn+%)j}+9w{1mmgA9Q~ZeG{Pp;Iu3EB@SP5t2yIYOi*vbaE83bH_s(iW3TiWG}QKx>7$gTfRx08*U9q1 zNaUPHq1`hfvu}{mdJ~F2nhvJq`o*a^uet3Ae;O2<0`wQGu2y0V&N;|te2tzwBjlP3 zokkR2E89^+TZaid3;Ka?q&g~qD$jyN#pHdx$xC1pKwHM&oJ-QNnq*nxQ?&mPSJ?=| z72njdeK@p_TolniivmYYL2hY^l`V=UJP-DF-+IS8LB(wm8{=R5(&UKw2mgKMoAr2YwvUkm+4mBda?L2EBFgkUc}lBrbEg zZM#WrndBN`MNJ>KmMJM>nxa@&T_z8c6@N68k{KJf5iQ5I%{=0x6*+(fC7K7pN(=+8 zg}c+)bLmZr$d_mN`+>ta4hzKi72I5Vz)*6X$kTPjk=?-iuwtiTW?r9n`orhv&H2X& z(71goxo*!e-pMYWe>aLqAwtKZM1t}*Qu#Y#NvZ@m0l0%P4UUKXwiYD)c94HqN(TMv zJaQibxB)p4agVg%QiLglR=lGYncX98{tb*kuJOY$e;fKV@PH$|*TCS``p3YnwLOfz zD>{4oTS4Pv`S`*D&V}=Gl=8+_a@djyKn?96q8xLD_fEEt!BjIM?+uo{j+Q-4ZI7}X z+rJiwLfMy3hD%P0iI1%f+WAX!XDoQW@RvwHhxY;d-{h&CU@@~4lLdx$GG^zz)z)He zU%&(Gs|cZBSTJZD9SmG96yx5?g5kg+_rNi78lnk-`3o?>Vb;22so zrPxpgEotN(tUPTFYAN{gjnvkP#%hQf0tAa7W=0rwRq@CIeA`C&8Onq{g$k;`88X=M zI@SX2kekm(g8`yUt6jy1W z^g9+6>&g`E&-_@o!dWQU?_MkofXGVz_-MzM)AI69_4M%fX8Vzd4ZV0=j)&YeHaaA(rs@e0v5KUydpuU0Q)QR| zNq@QT)cSyXh9A%ukUBk^=t9qY!vDO?Jd<>x=ub(05BpT+mBUV?*7Lt!eCD>Qgt z4TQ;9^=hn(9!jAi442BZ4sS)sD6ew!{d#U*dddz1I}_nU`tmpZ2`F87)d%T71&k_2n^o=W+jvl2o=$p zRo>oYyB8f`L1l!MM+f!>@#A(k*;Buhu&4K8|AjE)Q@%chMToL2LmVeC5XKarZ{f@d z2n5A6Py7rryRfW$!D%uPgiF|-9*%ysZw_P!NuYcq)*dt9$*BdZEUB-9-js@p!jMp9 zm2U%-i9Jd|&~pl??_fBboZ8sW0w?Swg|*b}b@(>^0q$0X$pRL@k6& zN%7eC$t@H#0tPTWPIOCAj^bF-!&6` zu7x8&#Xy#R$;V)!T{`SF1fHvJW=t5>8|$T#ZysZ4)CKt%nY*^E+k@=4%vOIikA@<$ zSXR>6JwzazCg?r3Mv$Chq=wX;bZ~w?^qJKy{{7QWm5UVO;-H93)Knh;3k^6#79#jC z!^+X{F7a#VUM}n7*JG&n?JB3ix7H~Q-ian4z>>}}h7ziwJ5cO7_WaK;XskeomA!Y|Xm$jtKR~t@bN?1I;HmocHn8rXWePZ4a5IJQj^$Wa z_1dU}y$(-ql?;TYlTr=|d~UdY?+uBl;}U8>Y-q{9u4V^kjMm^I63uEXp$rNirl0uD zDri0FZ?msYm%U#vPSE36-@UmAk zr)d{_dy|oy z(392ZNr71#z34Zwf!P|>Byez`5Be5ikN^E#Vwvn|gb%3y5uVeVCrw**CvSGcD+KTO z75KZ4z`Kxqf?^=gs8RtYDJ39d(bENi`l*fA*3dt=g<_FZD`B z;fcsn#vmYFS~3g`?s&q%I#Oxfl3e_Y3Ti|^G^BH7AO`&u%Sdv^&bkh%T0Dvln%vsP zwjF`i+(AQEvgtRHHEx{Ze$&3DxIC>7rTBX;p*RdRj#33|{bh6|3HZ0bR)yfR(w|na zw0v{wm@gt8O&{8PORFOpUj;T_`?Ndw$xQ1U5nDhT2$u)RsK1v^kRzWne)L2t75neI zk0a)naoS1DI$c4T&l&kN)u7wyz`XIDtGMV{zSaC{M1ESCEXEoBA|mMKSP?~HeDG!< zhL{l2u?d5EcGyHgO;s)Oa_;d|duZWR1X;zwy5G;XSgxvn|!2 z8nb{@;oUuGE6S9cO0poD`5?N$FlEgLJP7$$|IQj9%IL;bE>YBSSWOzYWgN}Y zI;jDfE#osVOE4P+-nT#TGg_b>84I{}*ZF`8qVE=*Cye^CnREDL)m7II|G_lPlQ892Skh(BYYCU+!>_;W(F;E5B%vqxRM@L;bV`2FI->qKTP-{U-mU<$ z%>WU?4!7D0`Q!}zXXu;JS>z4UP(#tnT%9XGv|`-JJ{iS!nro#KL4orcT(1X=f1&g& zLn!OzovKF8{w;AZ{+@@s#urxaPwy&2eDaM6+Z~?W&tjn^6T1hf4q{7rFub+Ib({cN z$qnw>JURJitpzubZ#%Ina_zadF#^Eh%Y5~`Yn2xPf9^nNzaIj`DdpNfn#~|pAR&9& z1rr+y5J}rqc;Wua?Dl#KI83s|T2kh`1Z~Hh$dKIr`r!4`h8pED-TU-_&k@<*U6)Mi zFsM5P$YHK}9mxf~4dLn?tYwcphGNFoo<#o=fG^s+*xb{;gG~o_%4)U=9(@5`qWVnh{7P(@H!h$a-YPa1vaL-zTF&is)qM2`*=S_(oQj0*(B?2;U8 z#tcY4LZhFEqe-eZk$#c-cj6*yC`k+f3;{$wso;`lmT%j8gS`c8T|Or7{zyr!(x>a~ z{r>O_zWe>P$b!^LBmYVDd9%JFf19aTi0kFw_V;G}dD+I|NtUbvjvrgB@cm}JTRQLS z>jUu9>X1x^?#U_JUtx=8WohtUER{3PrzoMwplwxdGqS1rs z{L;TQ^q~H_%XBPu%P`*A_y5V%4F7hpajOR4Ts`Oc{n#Alrn^2 z&d%<3{dMR3`rg#@F1Viy)vbKbr?kEa_m8rRY7sQpuEVLrt4n6nzUk5a5WWbX1_q#V zzG$!+e<@HtwmUDr*ExJXg+I%ta6E1x;v~lj#`EV$TmaPna6JyjKO4ypst(H>zp=q}fdhlJo2{w&J5z)Sa!t zm7)*_3;pJl&QZ`Oj20^?*d+0yP69OhkeW7l$+BL!aQ4{4_9Q2&MPaViyzQwM>tUhe=K>RI$;hICa1dUcm`6r^7KY5BrEtQ zQN%X#cXK&eB6{1TEA4f@4){qBW`@$E zDF`2&7V`(F`bUPB=JWzc4rebl_c2S&O!752{YlijczNjenJ>wFL(nm##Mm&Mn?dk1 z%%%sv{tD0>S zIfcQiTP}J&l#weWQcE z(GirFdS@tsZP;teGXaEP4uL$anwIDSZh|RMYQotIwOAPsEW1gR1Sg+K@PAQ|fc<=d zV~O|=)#Ino?FVaN-Dqvl8Y+1?gD00Ky!Ymxj@tr4y1Ev;g( zH?R<|2%(A4c1_ODAOhY)0uIdXGJ91jP(njCnc`3JP5KD(nQ@B{JY|TvXMtjBjv_oe zh_;PfR>&p5yNq(cpbeRqVH7ia;GRk5iQ_CUypZH|S@~P)X+NFKm>7(1n%?i?+C5qwf;^d+6-Uea zJUh9rL{nUALZ~D`6JuT4tjw|hL#C#k)_4MXsRjn@8?AI+cY`!BzlVqi6!*+omf#{o?Z4 zqvKP{_g3k)<{az^f++$V68(bx5xp#kQz1FNEYqP*H?hr15LeR=OCXsQhHRhzuO@lk z(XbjeKT>evP&nUe1}ukm2-U2owf1q zuv-+wKCqD-7llaPK(cT@qp84Q38;eFc(MUOmc2Fm^~r;U%n|2La8RuISU$visUW{5 zGLFbx4}HSa*O%hSy8<9)yq+)GW?;6zxj}W*(z|8os?TYa z1`ftp0#8se*dZaZWcU$@p}0M@=tGN1w4 zWh~?Ycq6hXcGF*!Xw$LIf+%xiilC%XdEd%eG7K)M&q)`DIUl+SWrOjYZ00+EWPOd{sn8)LR$~$VpJDDi_8QbT-Z*n6z;G z%if6e#E{P~Q+Ff{&&ULmS60`FJ@f$0(q8^KU@p1KU>fNi@;*ar43}rPb4hn zP)GdT4xb@(M?fJk0zJXRxh1z=z#uR%Jc9QJmdzjrXNDpmAD}C}E{8ub!rK66V$Fso zZDtiYhvFar5!O=F>cy$WF!l;F=phMqA2>!@u@c&K!&h5g1(xezWX4>8BdAy>5@hvl zVw_U%64qovwKk_SlQ=2kUO1jPcv}z?`riPrMwgeHQa>_ zYvL4s2hNj4N8a;CN-w^o>gM5;x9zh)HBll ztJ^1!7sou)T;~9!*NH`72r)sEwrp`}oNz%ErIK@1s8fc6u4KT_RQtjoXSg=SHGBgV zFWRqw!2#2pmU4A<`;8eP+n1H_!AZ%lconb=i~^Kh-(a^gwCRx_ZLV3sqsoqL@e=xl2978M^lJY zAdu9+`yx?b6Q52GASibgzeZN#Cc>h-@5x%g(~y#)a1*M4b65#yGXz63ZH2(%$uCM$ z7V$*3z^qap%p4_^Pbm^k4BzC_*guBFydi2Qpz7|aCR6}cQex0n&}=dND~0yzOw8IO zQQ$9r#(94_JmM*b)v@e1zlj`;i2hWQ51KnOqvvnd_c=fHC5>RS2#tWo<|fyS=~v-Z zCE%^dprgQyZ5T(aRjc8>xv(djMl9~;mgQ91heY- zHpRxwud_%Vb47p{>r8{{A#=1f2N7k(V(wGYvmsqw&@+s>Nc8ve1gwaseB}pCC z;+Aft7q-OKO>wz*cxRI(uVdbQvY8qw`Uzq2Y`_8FxF*Zb51?j3Y(3}9b~DjfzB-wY z2pwPG=VlY!-gWLq6Wm}me0*P6g-|9groh5H8zBe?22HFKAQ+^sc?s)LAgScK!nRYu zGqsJ#0V9?&C{tBHg%I>9a(L5K@&*%vhe%aYe@$BDf{l({n;s^QY6cxh{{}N%kNBnZ zpKb$m{gMG{3P4uyvZQW}1UT09*Ta{sw{gfQJRj>7D2o@$X8Te+u%rpS@5FOm^H<63 z3V0qS7lO#d3espSI!!~C$V@ho)WlSECQV*hAmkt745@r<3sD^=97pcXzJj>s%X@G1 z`aNQ{hy5X6X-|=9Urtx1hZIsXz?+S;e=GsxWuCbDIRu;epx}D0zPh7krvZo5!yEJm zjqpn4sA3$wMFft#xa|O$ znG`75y}X!biWLAqcegXcGMVfZ{XSoIx%XKs;Rt3Y<*oa!fqn$I{dsQJZjv2GTmt#0 zKvxB{UI^ih#h=^EPCML>uL8wvwMs{?*rrh4sA|3+CjYM@a+X0X{qs;x?_D?ZB{NYt z4r8JZC)pHn(m4F^@aLZP52DjeY7#(8Zya*5&fx9@Yo1{st+U|7JTC&8TM49XkKqRS zrZq;-1|bqw*Cgo7`8+)Q8;%` zqO4fQuin~3Um7220g_|BWh=OMi0t0^dehE=0r+}FR^F(zzS)8%k~?jd`A9&;ZoWZy z$^BIvpURZI@hR}#Gxv(KAZ>fmf@EjH3pAdK^4Us<{S&VKHIl!0u zL(mA&?CF8Nj1{BoW~wnPhvWdR{)A@EBeyeMf&1a{2G}sw(uQz zmXT8M3TFn?60so=+H7KxP}TJ?49XiG1G+_-B^8P~C56mxn_&}rig>zAw_k4SIEM6t z)_C;NvWXZ~t+Bk8+W4w>5f4*v{5G0yKW-I+bU$BmX{jqpaM`g$2}}S~do4*FzjXWN zNDLIJYer^c2`MS7eRVMZBYV2)Wsl@Zx`I!r9jTXwt~%6-Z4eaxLSKZXDRXkfT2*q?ZI#Y>3{p|p|#5Ur$og7sS8^sleKRqv^3_IOV8ZQEq!J93k(oF-Uc0qr+ zVoQ4U)e(qkDI636$l*};gWh$RM2`K?7;m}9A85C*BLrO?@DBU3-AaH1;JEgk>F23Kr z*ZY0X-T%y{>cvps+pHgCFJaFkD@VjK#9hP3qIWn50@P=o9bY;s9b7F} zFo}dt8WCi!GtJdeyJmFWxAJBTzH>B^8cELV9Dhox!Z%A)$8hschNwiY>22AiQ`>HFi~O{RwwS5+>f- z)GgMjIXN$zOOCEeoH8uR7G-K7(U>*m1^nrbGb+)8Y1cYUr2MmvsF8S{@Zke>OHrRz zAI~3ZXW!@J`EsS34QM|OaG>X9zh+S3N8uf~CBPN#%o!lVp9edh#$R-O@e<8R9<0jC zlbo0+`{K8~qU&F`Pj__K!og!|Q#)GmLRb&+F)!tKG2?AU__W@qk^vk17fGvbjG>V! z#K3c8z!W=^KT<>c6EtY29$dpOO`eWd(4Ngp?}>RE+wN2DP8vEI=Q!|4{Pk}&27Zlo zwc7>Z=L!rs*^9+BAxejIB5s38N5Rs09L_M$b9>@?wX%|JN3p=l3cc_-*+;@sL)#Oc zk5>THWO!158m&7%9d}q^8--M5s2lPI}$O?jkOyWEyD%lV735@n#{ap={1_TfSA~_kGVzQR0kF8YY{Pj z;tHKn0?~F8Iwu6rEb@E&6Poy&g-oH(k@7ADLLSj+%N@(TDT5Okfus?)tseE8RNgm+ zfUq_j>ZFMZ7V&Pi=2g;~tm3jaju6nOwZM zvN|w+a%C7(`kiUT0Zs@8y#iui zh50(L&}Roh$&V%Soy}jQ^$Cz0YjrBIHDtHKb~N?4=j+ZJfP;x$&%nl8^}GtH9J4>iPM4}O-g{0s)wv-X15CG*`BGrD zDS^{j!nYdV#qE_MlbZ;2l6S?zY9hNDmo(?RRoP_5;4voK%UdzgH#0zyRrYwFyDHD& zCbu!UL#R-7N1FO)$Lf#iCnSPpg<9-$?7uu*&JL)ZQ355+4;|DS0B*LhAZk+w1Z&=$ zui_ydN}T+1zmo*Qh)R~lqB6Ul=#b2R-?n&O=OzcrE_7RVl4hFUe@)7-RpyHE>XmL{ z^Yognt>YK%&W&LK?xk|tQ#P86r8_=i0*fDBwJ3_ZuFO3;-MC0ys6&JNrT%?P0p;^S z;fyMLuA0=7!+0k4z=apSj$^l&T++uj5aSPzfMKWc*qpC8P`A77ix+1Jjb)&w3Ko>X zRF@rzI#eTTbwny@`9i;Kf$8r4e)W@XvV{VxR)`n$K>nk0ddF#Afmiu5&%vK(BgL64C@|v3E z=1{}ij}asAc3ICrwV}P^@xBJtxxA0e=9X!Gz|BEJ=E%t0_Rw`mr-bg*$sAWzshR}N zR*fVWz*FE}DH#eIxHrnq^SDT%RF zjF&!wB)X2|l1{l-V(<{ObU1u)67@Ce>dxN(Ex#+}&x8>D9@8ZnBfhujm6G7o$7y6y zyDNN+OBt&S>#%_8%ZcO~$(=KFg^-L@Ja5w(fZk(Ev4Jby3pVL-0p0J>=e_K`xaQ zF%lgmB3>pL3U0Hxzs1`SM%`cNtZ_g0p~pJz&Eo6qcDg?CTi>U~*{t8tz2ecx!A&}U zHwbc5~>nVe(Rveh!QillgbJgmDJ{g#Vi#G-a zfPv81-xG7@U&J7~xVR3n-H$9SJbj~L+ddp?^X$i0OSX32MM2(H2}s0lCyLio`Qx@i z1D-TO{*x?Xj|0o14vR83&qyQg;G?Y4T?Kt9;tRoCUjrxXhGwcf+253crYBd=nL+~| z(iOA?qO_9Qnk{aoOC|LTckhYz&W~ZL!1hM{+`O7!Hsm@HpI(y$EMbs^JrM!RPHx@s ziUhmWuEQ8dFvgur8lJfYFbLVtPlUGy2hHG9Hc5;;t&fYqrTtMc#s}Mrz7nQGZM6t1QEh#!4ov;5^+C0?BAp(*S|5ro zU~x!&6wwYsK5CcIW)}H*kajXH0@OZbaH#((U7|!>*Ywya;g@RRtkNlP(Bx%D9P6fP zscPHJJd!cHHGO)}hVV!sgY6~If;HSf&MH;AmP0&51&xp2PuFrbe48~&eJ?WiX;$58 ziZma4TB&i~tS2$JYJgM3LvJFru(rp)<5kCp@O)a{x(Pnc^&sV>nU~SdIT5xAwjz5O z9=_=QWW--Q(>KRFJwcuOC<(iRM8>6C2%aeh&io7FXMT{y16Lo4oJgSQnSB!$i zQxWeu8_0#ve2=)$oxKv8N@RxYW06)DtwNGX9d6r`+U6oNB@+inoG^Pr#>cF>ncoj+ zfFciKnY2i!lhHiBFDQq?lkulcyoB`+WVUe<4<+ zN`$~4UnS|a)RPQd2UhLxvZvs#3~55W7qCWz?r9^6e@SdMa#kRduDSPuQ3%F;p>sXG z=+#r6Nfgxt6!d_^@wY4kx)}=*W%-gb0%i16>5Q_$0IW|xRK|`xZq2K;IUZx{0cMR#h%awq|zX!^qu7fmY#*ZWmrD|<$ zWAu)3iAg|I*o)BVg;b*@YByOZO0}m64S#sTMPwJlohoK+ge38W{ zoTS2zgg`^_O|BcPrD-@k&*Ou74_Z0HNiITXXN5f1f0JUWj`uA*MS89l= zc=>R*Kr+^o@=6M;sZ?r1pUm@gf)&vZ-kx)(^IB6FNWMaWIieiN>zN`1Qyrw1qQ*~* zLk8sF;c?#F+@x(bLGswhYvh@l6Y+*nP98?L9{*Se}J z+9){og&ic?JETv&jr%4#Dw0=!p^6-(h(_q9vVocM&hS*8=1kCdf^`8qa#)>UBGIC) zy%dJ#I2kp{_^F$|Ydphs8*2`^YpHqsJC72(TEkkfhyzW+Ncah_wIW$p_WfI3;Vs@m z`VWAKeHkq2D(PmorAJ{3WHV1`5Q$!qBOiw$>=!JJ#r!43;qqW-SSE!xGW+UUcOt91 z)uxZ=+v7)!P&w8sEV+Xk1EoP;Z^Pr4rX{&4-=88efduBTD{nC}Z>OvWVxtbsch7oz zDSf8uc3LiF3@O<_nyO@FM<*C+5%3N7CI_HOEYXXQ#AB|S1jD~D{>d@b7c60jW1kJO zh$&GfrbM=kf!IZJI>9$vV##v3#&7mT33+H3Libqu=;|J07b>(@u$UF#u!$EX7_}0?OuX(!7?rdm@1IygD<@k_4>k|;%;gTCd zs8QlFurJJ84#(r2?Vbq*a02$t_;DkLK)QY0{rN%_mkncFB9DPoTiv7=YilLZ^C~e^hB0?cptok4ea>pwW^Mx79{xr`;xe;?xThG7EntJ#tdx`$SIiVC*zUF0s+v#WtXgS|V5#_*irk+UXxX z28jC_RgfAt?q56pDqQdo_P>j~>d#PC!3>eSMOR4H?O(rJuQr-9zIl^iGs7jRDtv0j zlM3WKUvPY9?V!Z2%tHFCFqg8ci!s-_rfXM&tdzx|m{i&SOUwZ3jt2K(obpR?uS01j zmJwxm9+A{~xM+g4hYkLdRKEq2cBg!wJRr5)?pM{`C&sYP(){TzN)!b!}%y?8a*X$U@4ws$rmqJrJB7yJlu;&cDuuzaBXc1 zH6#tCBi8&;a{{t8247yR4H4||rPp^JN&>%EAxQT;<=1T=)~_qD*~dD9Pa+rlIuE*@ zUjHVS%b{M3tsb(t58;&NvgZqQX#<9~EKZ_Q%|iB9jsZc=HnNLY-w~l;wGh3A)Fs!g zg&-_|&e3l?x-C{8Y$xbM^yadI$vx_lYd$$DX){h%ES!$g&+q0CVXrWLqJ4aT7>^G&t*rQURilp?afdiRSb%q5ltd6{#*Ly!hFU)YpjdNaOKr!^lDOm=ds z+$wxy7`bGVOy<(347iqqo>Fj)=syyEOFwVfW9$Ro6o+o9z6=M??1DTwB!ll7Z{CPBec~?& z8~i;CUaTFMCtEcfSen~w2QOO94F&&ReXb%@8W0}U?U_K6_Z%qTgcD-cGWOEs5~Gg( zm{@Xk;bFY$no)XhnG08B3};9UK zc!%G69Ia>8D+6qi(*Gu^xF;zm)yY!qoVyaN^BpsZOa{80+~mr9S0g5bZ!0qzEiaDp zTfWLa5>U-J$Q>RlEw@ePJ1FE+6xtQpFT7Xbhg|w82TKT0w~q`#HD69d?t2<^smpYZkxrYA(M?f0|W zeOi#S%N|$y<%TtWtHrx`N;`u}%nSX&>8YsPfw+>1N(HUx+|zX%QvfOpntL`&dO(mKMwuSNv59K zbMw6kXWg{6P4a%FhO2G!=Ic(|S(>ej*|Ou7T_?c4glP7eE?D+{)EJVha1MUBML0i8K&Nbtbf$@Z7{Xb^AExA* znF}T|TI?f4A2VX9#^guovBG+em7MoEU(A@JHz~H(75%oF`y{R;i1X@Va-9tCV5^Pq zHzj_jdE;*sPX7COAj$LG>;(Q@D?@2#(mQyzd%6T6|GU#5^57FDr3;bQIQqBclzi z0B1Y7cdw~_!Ql{g*mdvD5X8Tt?5ATb(b;1!*AI!E*E?9`=tx>Z_Qyt8&;;_Rs0t=7 z>Deo+sUYZgzi2uove_elHnt|tAHQs&As@zt5{@~eR`wu zfV~i&oXX7WT~|GJ;V`paNySBR)|>|a@}1dcxrj6D#8jUMvCjWi>j2&Jjfp)~xm!Kz z_tqB>s=as=qoab$NLKvy)$s{m%gWtP7%KUgb_@u!us6uI%(S4gf(`5g_I~jkc7^R; zh7G4LCjlPP@t}d%78gI$fFpmScD*r^@51{K8*np3AO{gAw!XEFbtQ3s>UGjyEKMxO zY00@k!P?)QO-${7ZfJaV;TRdVQFw6wQK+H5KWHvgPNa<^A{F~Pk(2*xSK`3I>Oo^T=y`Y@9jodur$qt`VX552 zJ&VkHV*1U@F%iYAyyc^=+ElMdSZxaS2Kg|)JQ6&1GMFk@q^%~NQA#*>cf30hdvdv6 z#AbkkS0mu`C0PLpCC9#4jSAzU2Uf*}B*Ue~rea5f_o{tK%lEE}2x|BCH41MWHy9)6 z;*1GLlSD%)O?yUzsj56K!zc*|5$vyiZ&#AR#w}qaKO%?8jL#J0s*C?#s-oWJ_kDQ2 zuAA@WTYEcXQeVTLdAg(8Nh`Wfp(9oqe$QB0yoA-Av&90uooDLkR+gvMF&I^*V!!mh z32X2C30e%?4Ng?t(>VMNBiC3E4Zg;YbRhd;LYUPV7AP;u5y@OyUh07W+zoO(R+`+R z^+BF%v?Qk;RU+k-v)&w&o5;NRLFv!&rNdZPG;atGIaP8`?rB~}hYjI8gGIY2FppVZ zK4XID*9l1)nAO;2twbHPgQ7^u82N=-MTJOJOx2j^ zf6jK5N^C|%`8PbcO2NNtl7ENOv_CNA9vIGl{trM4BEbTIwtN1p{TCYu BgmVA@ delta 21024 zcmY&;V{l;46K!nUwr$(k*tYH5*tTuk$!0gU?M<>VHqJ(GfB#qYs@|8W`=NWf=Jc7< zJ#{;+1pIFpIF5=uI0Oa=6bK9m2nZ<%_N^S~Iw%Op5KJ=;85p3s6|=>H62SaG9A_wB zcZnrO>+)2LP4m#wq<4BTjJIX$F3!F|1sLf}M6`If+7VbA+1uO9^754~Si7{hS9A@@ zZ1&3Or@5&X)%Gto)DI_aDYtf(kU&)qdPkQ}?nC zmLr}oPac(q&jWqtZK{Az|sdG+CW_j*HtiRJL2e4iI z5x2SHgnY3I(l5x(Y;#g$k=`2WRN{|!Pb}Czh%AHjf76fOA*TjGW2W+rBejY`sDs0T zj=K;bK!AYwrWQcs0CrBlcrZQ&7C$5H)op~zqwmQi%1e{R+BQAIingxnlIT*iOgW=l zJ80Ec-kR*}I!5_6|v z+!bZ?vAfJUaZl$YPKoD$k7N6hm&3SbX+#iP)_Lr2T*WpqfWIgmgOZN8t#&rMp$V+` zr*TXKx_%TSX$zg=R*Qe@&$d-^<;Kt*b&&9@EJA% zX-<@r^^T{E)?pO2#XlFOuf^gwWI<`>q5_y{sgw9g08$oc-MmO|Dk*KIHcDn_Ujijz zRiEa(c-f(0_eJM%c~VmJO4|8fELg)?M_m+4A;+dYC5i63$sxba3WWZcu)RZv|I+6j zhp2QP?mclLgn0Mq(m0TDMJ!-WrH>kh5Ej)Z`8(L8xFzo_;Cg+L7kTTqU?p1+x6`>kkIQd{z@N> zZGXk7`Ks7x2+)A4{pBe?A=eipj@bT4SP$QUcM8=~#3S^buwiqAUw0g`s@92Aro{0& zWIhs-MJjktD|^IY#J=b|gp%+*IXA04#v=l^6p+EH@V6TE;gUj0fLcDJ%)>FBzvXwUInp&4-~f!pHq zCXG*R93Y#powq~O&HCvd;1+PSTl?_)lZoHc&0SETch=1?6naI{tB#N zQ?uf?Ce_K;e=-60uI5ut`L7xTLbm>arw3)1A7(*`xC!|xK5|_0^f0hk>W^yDGWcO9 zQ%P)}nl@dx2{@e=w>J&TpHZ@)-whzMXK$n`BjNy_3}Pu2N%fp0+Q{QbuU9jlh`O?$ zsH=*R$y%&5+KS79ZV5F|jI14mIDndNCFSe9MqlbV1O2{EihcK6?T@=`OLqncx3QmZ zg@0%HzZxB;T2yaMS0qD=>9O<;lIlK}>#@@tz|a^HDjA$$+_C)3M;n*yGs<2&uH!gC z6ggDQ;9i|uVSflT802tBq}J=_7#A+4n}noqFu{hlyQ}o2-lNAXjb)dMJNRm2MEqT4 z4s*$JjuL-*mfuV@VrS__CMBLV7A{yV$aRT%wYU5I{eS4F3J;xu5QBhN)}K7{$VWv}ujTI?GT@_$Wto4Oe;VUi|6$mI0t!@)JZKMI z#>uF)ALQ0wVC<&KEA_IiPM;0XD*gnt5TN#S5ieK|;FRC<;Hsu1aa5?jBc%$TT4uEJfsr!gFQhLo&>cf|#sF(EX}?8E zM0DSH)n4&O3(t>j2?Gfu0}@^63rE0TEUe4xG&C;uH3xsH7Oya?_EPBAarI*TZFGY^ zt46iv7UqXl<@jjUAB3%fNno38gqD@>Ot!6{bU!49gCq~O8GxNqi}rGRrqN>HndQ=P6SLAR3;a4{iP!CDj`Y0z z5$S}OR-BlywVVi%g(?lwdjW&`r!*=Il`501NFV{U!z$^ahe4#7Jm?CRM*#DTj5MiE zJcuv_rcvH>8-4HzBBqg1a*=%yNvy#hMxZVqsYx7bSviHGB$J!-3fCAKYI@E?apabJ zaRy5tK{ra7w&LK$9^fe2{laDT&zpDQ;PrU62Tz!Bz@ChMHu~4seSQ6J$;-b=*pfn% zG#bf*ZW>{hMPG;VT+j!_sXu#xc1pn4pM&B6@B6DgW?|s{&+C{G z;QztP`n~Xzwa-Af@6~Au_;}h9{>mKq?*I0A@@KBLb7yGmc~9xb=O4WNm*>nwqp!~{ z->>VN#GAbU_+JyzRMb+`n|U%y?!12{qJ^l1_*svJXQMro1o)dLqWjUe@_43)4~KHs zoa%i1r?Ua(+jxW%<@f8VquM;_D>h!`9>m-d$I2n9e4{zB*@KB_sWQST88C^XFNmnq zFI<#Y&`XeHqd|6(JM{HAnNAGpK=4Rh+=@M4;kumGfo!HRoC^8gfL_MsrL(4s9-amJ zqtt}qacRZDDz=0+U5zx^fo4J$I>hjW#hmQG>KQ;P*3L5K7eQzi&x}huzpbA~J3pb9 z0U`CK;lOJ$&g*Ondwh+!iTMn<#K0<{`8N-mIF`3;otmYmn%U|1ZH{JL2Yndk z$DBzawHnO>N@E6E^UdKoLf&mBuRB7XSBA5YER$9(_di&E=$7sUmQLsIgZ{uRYAAO>CN07tpv2U%Eg zk;>3&(42CTiitgh3fpMdBLZ-=)<&01);wHF7ATGDjL}$nxcE%NC9{w4w?Iq7A!RDl zIoZb=zqaq%Tl5JmD`;k$fu@>`G$y^uP@qBnP-4j@*YF30u{xf#0^TGAW*@jzc`?hk z!Cjl*4BbWAl%@1@PE(@k1yPZvzN)M(fxe1iY zxX@wVB(yB6l6UJH*juDXAPh+Qt=scdu= z8F@Up+Td;+BV&=joLxm=F*M9W6yTBpS+<}ouqqNwVsH?}n*SRW@L8PEUE}#{{taTz zdzI{mP>}+4{%>T^bPuwr;+vQuHMJ)K5S!Jz=rKGR(4$B70|8^UtM8z9z9Hsz?Zjj% zhRU0?5bCSZ3{j?y^J#=IB024VVX|$JM3M%&H@K$aVBN9bmS{`8Vb*CF*XAr_TCF*k zQ90&961J)dhT<4zgA$7}x2H!<5E@0RNfgdfbjrp`_0QxWa|iN}8*si3r$+3Ej+JPx zBBPaM`#BM=2Ch>c`^}O=7D8-<&`)(wm=J#~+nLkxlls;$XIvXo%@F!??#9fnZuP9{$g&XFWy?-|{z&1EJ-Q>S} zWvGBD1Tm~Lh3P0A_vAioEss6jlC@07|Gx-fRX3-)#485mI49hm7XMOh?v_rHWROjh zeMRj$E+EKLY-z?f6YSbKuGx=E2cO>k-~NDE7yR+GZcL#4lmghO#T^gV&Nn8#yM6z< zte|H4rD^jKbG#V^ozm%`u42Di(rr%H(Y&>eX$oU~au!H;Kk(ykdzd&kL;{%`4X9St z$qnR@#*=u-8!AgNZ%tQtKYoKd^p19b$$|JhtC(;Zv+a~iPt;*Xwyp+%y}_h;A%6q9 zB7-LDd3+E#>${M*df0^92emV`EYXHtvIpavF3^q^^%UJ_?{ z6;~X>iGiB^GfWL)%?@h54tBM976IZsk%z5WA>G>jU@E*V&aWScDh}oFx`m7RtE6Md zf9ryca^C3=_z=uW_d<_bq(e;q;@Ul`z6{l|ZNscb{*lH>c2iuv-n;qw;6P8rqNjs7 z3P%NcNEVD=#7K0!c#MRDJ>lly@g+VyA+dNR@gq%=Y_Hg|`JQ)=)AhHi^d`{oKP(du z!y&pKupsjj9jVBq0+HX0Gw=j$y|5K@$nOa0dU|Ig-PXplrC%B2QBG8QiXh_bAl~rm z688Nc8X%8aRAI9^7Pe$S86|Bm1C2x)=@_rIj}zIF&s6RiQjvEX&@PeZfBRh0{UiAW zM6d$2oaG3_XE>6)v)EstXiq5Xa-fbb5T>dQ9T%CCo(N&@F1V1-%D&VNGBs+!FKF;3 z26~HJvjQ!zZ5JZU+!LK8%Yt)5anN{Do`@HDY?DD4_q4TB3q1>zp3tWEKW48$I0k8; zQ!W)_rTDyw1lIvs#r_+uP-J_*onK*;f!FfM z5kW)2e+bp6zaXjEZ;;y{3$2O3lIWcVHHRamRtrNU)r!p-o;G~Kr197HgwhoKa)|v@ zx;No#XqyivHJ)1#E7B~6NXksKVsFGuwYd)cOH41o3zB38kZEoRA6zPeCgqahRSz&9S!#N} zwGoRNd5I@K_@soLsaMDBAZIBsrSON;RnTOwq}>44?qge|E$Qh!OOdB06<*~a=PSgO zGJjtHXRvW*HB3Jemh4?yuyH7AgtF%xFkMfd`0Em32zAZ#SqBtBgu@1mb#VF}6^LZr z@PFA-562a)tj~4w0`Uq}ppdy@rLH zM2Y=00W+wt;Q055mK^?k|uGz{!>r-nh0YNNXfI@zP4YMTw{naf3t34ey&0V z2-y(8ED{ER_(W^kcNCf9+o{rV>8X(HaCIWnsJYiNJHl2K(fD`7a^`H10^Brkz1Z$- zID>^v*m|TC;dvmglJwgsaviFX$tgPVVlDN%a?v8)CFd+q>M9tE2I?HGijFGF4&aTd zx2z8%#)lwDLd^fpCP}Z4u269;M9D5mntlCaN4m&=rG0JwbMvQ5J9CITHs;J_`ne1E zHd3vMGyi3}CAi4nG;y$T;IZyj^B?y#OU)~&DOwr(QE3`gbdU$;X${ikKGG-GAdrlc zvb38%esabCyFc7dl#>;2+d<8Gc3IOIYCH}*AYXCG_7R2T`Fnrv!;yL^W^&%sWAr$d zT<${P)1k6fiCC)t35=%na8Y(yr=p=~eH8{XDEtDaqwx(bZ5>!z$WEZYBmk>uegw*EDGt#i^aZW1@&F}m6;N5qPN?-QZ5nS!4mMaffZq{p9JAipohEzcD{UGh z+??x6y6EB__{SM1XZKYvKE5RvNHzSP*%(g+Cq`7whV z=Dt8NG5UWj=%kja_3iKwYAmL{69iB|gSB&gfgky5zVK!#oB(o`zA1&JiANIu_7~1y z9Lb2R%gG^K+JSTO8LvxD6l|dXS9)S0{nYHoDXhjL6mEdy7if`reCghnvtYg-n3i4|DaM&?I7>yxg zOI1Mf6`(9n)J@sJmLhW_7C}0R)!XBwkuQx2Y#Cm0TX+mKZeefn4fx=`cmey&M(+-9 zJ1e%{_jfk}fE^Y7knDMpjO=ywpKmI&Iu%vzGy!It%yu1h#INz4rP8KbDk*`)vWoNa736?|-`;jp{ExJ>Kq* zfBUZhhV@!+8ofpz+FnLqV;AbobKHez26V~4ECm~cfPTI$qr5q?#CT*;EX6vGoV2Dq zyh;jAQo4~=M#-+;WFUHVxCKH_3LfSRZ8ZmRFWtDI^5eE@H z11}kp7M-nok>W0#^0?kYE_&qUgCX#B`Nb+xo2IlqHC??ONz_d-|BSAE@xj2!Z>{-H z;QaOhP>fGS%Q_~bV=-}D7X_Q_s>U!hWQ342SE?y3akZi%$uCn=cM{b@SWSrXoha?9 zXLmvr>A4i?TUG^ac-M5edP_(iYj_EIyllJ{Q^iOXWXmg8>m#aaFJ0|HKE-NrR~SxG zvj>js#lnWmY1`UgzHddsmtvt9+BW;H=T8o0smwIVkr9_*V_j<*~_U?;YVUmgVE%t zHXcEyQfb>h1`Jpaw8pL7LOtzVR-^tL{;18#2p1A1BoXkmkp z-|!>p5cTAt!o{5fLstNweKl1Y=SR4jD6_)qFg50$cCpQuVprY#riU8B64jF+HLJ}MUuxJUia>vJd$ z=1pw_v`MC=?H>WvA;Lf_(-I~&U|y99jwb1lcKEpIhtt5_f!TNhN9f&3@uxu|ij-<~ zt%t~^F|vYtM&e!;mjG2rqS3*ddD}tqT0YE_gqCHSXj)ajM{tUKwz>>xjFijb!k9`* zhSKJ-S?&;_aKx2hWU1wq0Sc<5X+>aTa^4H*-+qY|?ve7O2iNr?6r6OFYrLiZj^Nmk*jBMiG2_8vN%Dj12-e@OfJ zdOn_B5E1C@8@3WaaOxZa>v$RCI{Pe%BU1Un+Lxd;Y-`Q$INzrAb`HFCWyC^lFQf_Z zTLsUJT$djE@V~=sIC8V zZ=Z6GL{S)pS?NoUyw`aZ*+<00UHcg5C9+k*MddBYOH;(7oDl*6Fn2VOhb17c)i6j4 zYQ_AT=zA&Tv%Bf6CEf}sf2c%$Sexk~k|1<%)(oxCIUL+@^{u&2U;t=8roGNoQj=L6A4(eQyt~`JHa|L>xu_AlmDodQ0p| zNGpkrQJb_X>qJHfCUJW)%$j+(rq;99v#4DAmq45<-_}5d%}BqbO1T7z!&*X2!&7-g z@HsOb)Wx|NvoVB9UEs7b8P6i4GB0cN?YxxN&5qGa^s}CuKb~VfUl9 zYkR;o86OS73vUYfNE%qYJ(Y7*%K}632TVUh|BC)t3^n`sG5?FC-`77)C+xU7_m>8$ z3ct1u^NC@ci?mp&$St9~)L3U}2Wd$T;F+6cc)m?38}7lrPY~P{LKA(yXvtw_{2nRJ z%_}w+Ckq8u6>C_AFH~zKm7%(Rk>y&1m!Gid3uFs?`1TQRKF&LQdd^Q+fX5EWpK7f? zu1UF?sb=&@fR`^=~4G8w8l(N z>l#W>P|c(f5N(z$6tqn-$Q-JpS@K@;_rFgx@!kW7KUbPIm$2tw$wy^u`t`!{!II3? zay2IpQ2p?$qw`SVHz9wgoBQxmFZVepCoHxqQY^VKL1~y^JtUcSj3|VOimqxR1fIVA zr~z*!(Jc>+%_`+YG)0EA{PxpWqE{;BG#}Hq`(ZfWWtKHzk(1Ep`ONeyuyyCA%AOnh z;oqO>3F7yI&}f)M{fsDyfsS(=vPU_5j&Z0S<_rYB_DiPO=w)+yLaP-)wr!~pdx<0P z7nswYG=hW4=mvZV#=b*)-eBsbQ%!;?YVrfu(yoc)n>DRozIUx1hX&*L>tB|gUvpC* z=cbSB5!tzqAJo?dsWF_!-{5w`OmTF4_9u`b!^HmnYQa$#N* z=YA60@JpLZhD)q7iCQEnDViX zX}$)N0}OuO_W-nm0~`7d2OJb(&W#oCj!`^NbG{!*J(1_8NJ12(T^I)<*BJaHi@F%w z6k!U74PuwWIpC z?!=34FPg%fr%;n@weVDY=dTY@WxPd1B}h$V<_|z zXsP)7<%0Dy+O~Cv>Gdh?HKJVn+K-brQt9md7))!!?1gKH0uPvQ^v?Y%g}3b{3w}2= z{muaKd>NtLi1!AA&cbs^17cSzr*PWw{Zp1fKYM4t{QpawPwDJ#YecM`;McMaJk3Rv2*xA{LqCSD!-_Iw@JE{be40bo|n1ENGX9 z86@s6oGXNkXV0!|wdnv~YO;4^95{m2DARAMp_Vd~itz&0%y)O+M*EPcjZQFl9T?qt z8&jIHSxK@C#caLEUsMt)A!GorrO8kXC$JPSv;2hQN;3Qi0q#ZTnF`k7%W>sT#(%+ZH z{0w`8dA7Ca6C=fJNN7Jpt=kq4`RqK&K@VWHYUE20%Aj8J2OL4QG>|e;qRX0c0md0Hl`$!D7fV34s{ zR;*@-jKcy?9qW>Y12zy?F_$#98T(liP=s*JF^djbld-=hxERqrVTI4B*)OH=lz*~| z;E5rA3@wx^L$s9`-4Zh%80!FX>g|mxWrg5}f3wswS8<}v=|fY=1I~=$TWNpL3#aW^ zXF4*A0A7slk)`G_y%x$hFCfAxpLm4=ZFy5U6AKkULJ50hF$e*?ieSw=E*#b5{X&vL z*ofB>d<=+Y9qlGL2X&4b@X5*vOK0uK)*{qPm8JBp$(52rUzATeNHeVn> zssQI5A&g2mu-Oc5x(Kosh`4d6)x*=F_U!_biV0=7>kbkdbf7O9RQnRcl$>_U4=uog z9mq4fmb6q_e24~6UZ+0oUp@&(S~tILKaN2FjCL{@*0$Acn^ zh=njL!LTzM29RL{B0&U!(xYN%3s9joK{YL-&xh^%xYpsjAfa_CkWc3i^P(aMLxb&; zm@;BA)~YU%u}2Oq;HZPeaI-VK2U#*;H)e;fhe3ZCp%eiJ-1wLJDk+f1WK^N*zV75U z#_73eaen&vWfBr<4Vw}meum@oqec3z@l5HMacS(lJ=Ewg@9dd9Y zA~M0^(j*uDH-B6o3;22CA-vJ~kjG$%R6j zR{cc*%<~W!YUy^ozI-cyi6{gIr5hAt z(L$%tcZ%Ed|GuX`kUb!tdH%08{{1Uc%c`C5+|!pUJQSZBUwfIG`Ia^HEI@eqW92w@ z#uM_)@2Y&j#|Ks(zqRqhzgbU#Sl;Jj$?|RJx^DI3<})?f7BkhKjXc$901w3a1R^=gdnxhk`S2xA~|h1MV+$iP1)p2mnXM^i;-E1GVUyW}F(GcoGD)&>X`t6wO znW|xlW>{VVa;&;{B>s)c?@@ZOigAS7E-oFM$~(2kuKYavhI<5$eOW&W&kgWagPlkU zDc65hWMrkouOF@=hWxQ^73I99o7Mb_fE;0>SMdrnWJM;KvRJ|)o^j1&tmJ~{)V zsN(sT}$tCoH=w-cs zNqI8!AHjt)x7IKx?OF9h3{zkTv&@a!^)eTk5@w8ity!lVtz3!Lf50~`;BoTqQEzPy z?R#q~W%|CKTalHLljqn7cfp0$YUFM@<&4(}k!n)drW9#aQbLF>2)5Ku)FIEY^dxzO z#|Ai7u})1qo8amKM||=m`Oq=Grak=r3skM()t5ql#>fGL0c`k-!4*J0zsTthc1($8 zM?)4uqXbe146(fFh?gPn`qfiU{FCQlKrw8?%k){U!~tgn9CD9mI;A{`(pk}{aI+QD z0(K-lWGTbEef7KC@@+qcoT#v+tn9p;vxJAs6P}edmaOc%ev$Mz9xymg7cbqHC5r`dn`t?`~%?UC_KK z^gVw^LwIhl@uq$1u{_3%Em%-DKlI38&O45S=ip=G=!|KBaB9v zT}*x!yq0hgUp}DhD>o0Cj)*~&B(zVn^`Xt~ls+Jl8{8=lWp3~b&Y`Mjr(a>`n+cu>l5CGT8|a);3~f+K_oqQwSp`)g{NtSQUV&QfM0v+v{cT&&1;4bPv_+c7IY z{(LL3aL1$9gZD8jtxTui$d1|ox-2p!0*or zbz)zM>3plik9_%7jYgE87g}c*CMhrX&c#2~74#XH3kv)F{@8K{eAs3Ns=O_9>sLKC zO56U942&_0sc2-r$!wQS(2~Vt^xUg^CwUzD8v;b*zsc*meAK3HD0H9wt-N`Es9aG` zL%Lr@wq+&^#P!{mJ_l5rc^-#yA1y{rYJP>^`DfGpA&s%U!L7DH*@6* zDvmrJL~|jKphtE`w)*tPoT|7=j8=O2-4RZ9!OzDPTP-n8f^yc5W>wlbMy5)8%B5@= zV-6e}!e`s>E}`*1h|hh0>`zCyb@#vMg+r$I!hAaubl^*OjCmwU6bmqva-p+yX`649 zCwIY{8DUBL5pdoc-4**Q*PM0-N{0k4-s(iv_ijUZv21kf&ug@})x30X6xd!rGfwBd z-#4qjtLE5q$Jp8TzSQbAiWQGJv(V`hwd;V!?0DvV4*^^6SuKm4vokBJJ9g3d?G&Bn zOPGxg|H*NCVH9OyLKmd~R(_a{Hfpkj1UqS_{Cu$FXdQlT{6Tb7*@e<*L6Es6KWquF zIoPyr6$e$uz7-n>awm&jWil=XMzmh(sq9~J^H>@i1>w{#boD#Ag;@NW(-Q(pi< zu>4n!FIyaourD~HUw@Lzm2Yc@%lY|lv`#v+-+%GeB|Oa}>x%5q?M2;^voDrrAh1ut zMpTnvfMx`YGc`WZ!0)EVQtoC#d)=ULZhz21ckn_xnrKD?Mtel31L|um?&aI($6Uy!F?LZ2J~T&3zPo1 z#k26@@iC*Ut-lP=R>kRFrpGxm_xSo#=Xs_F$j7{`CaNtCz@LRM7_Yh2-G%@XK?8~z zlaE$H=41<=+UPlq_W}u;^4}hpwwciA*)U08-mp<%d_pbsn1p4=zKu5RA!^Ck4Z-cK z@h-@GC0dOHw3`lB=g2=B@|dFQT(wJrYayi1aikxt$XH{ZUR`B9HhW}iM&$pQp<%bb zb4S=hZK^tlKA0O8M8FCQOOOO2EZXzN7S(e8f?;O}g|QBLk~lD*osg*~(X*kjus<_6 zp1akE-6@=zr3kw+lO(>LHH~8gf(lVdS{jm_K08Z#4f9}(Rhre4UYBU>N7JspkU3(@ zh8T&@(OT=eIvJ#MY~?3frA{o#EA#K!2Y^}U_4HGJIiCJ>A$N*)%<2c^)83p%$B(9( zV8{4m;jjZm>9OPn7k3u*ou2gCSZTTuvX{m;<@fUZnMb%Lb)l%jms`d?>Gaa!3yiF% z3{=&WiX1gaZi%&LED;@}V!-uilPb$9!V9`#%;gSN|L)FtMP3kF2=9zwiLa|>q(2f{ z_(C$#zRi<$&pOVrjUobGYTN4i0y6~*G&xc5AG|v&u#vGYGgvu=)+uh37E9UfHCiZeKL|C-vTlpnu()_d%d(m#bjQ9S`33$4>BUFnEc^W_w?_ zJjrZ(MJT+bX|31Mj4n##tPxcb#Z(Bkvp#D5;%fT=z2a`P9VWxs01hODvyCM?ixiq? zsN$XOrqIfn9LMt5YZwU>Gr#iX^b!|G6N!zx$d5`MA=E1^kwFjW=m&Uf$6MwS3<2*V zm|u79U?m?wv)G^#XyhmfRjL}v^fYUN7zsUOOd9Nj?CIz;LVZguvAhH*XWsqY%%2{b zwy_fgdkyg?u67QxTPJT97gr%yX9#G1Plo1-8wptW3=6m!Y6e><1dcWDf(W{zH}+wq zy7p!FQ9W?AJB^!$0OQ^m7uLoenqXmqPu6LOS~VYlGKgSQ0qtt$gBoF`-PH-k+Po?l zRrv{25K^0cxg*wz+Z~F(Vniq>{qO}Wfy5+*rx+8uvn(gRn>4gUrZI8?0fak}MOEQ6 z%_Y-yl!S}Z+#ciNPJ@iBxtgvXp}#!T5hS(z*y~)lES82WpnuU079sz^YVm~!`lz8c zgZ4W>oCktIKqh3honI`DBZ4k3L3&$K$i&P{HR#iTCb@M4{4$0e7fHtRhUXrsTA_WZ z8pmnM8)gBWzP&6A`no3p5rsyP&7Mq=n$H~%BTagK=!-^gNdrfr8-78`aK{=rfs~=4 zS$`jnEj>naEl!1neMk2Gnr;8$$M6^mH=Y3&Pe&9u`r~0gqm5PQb@WaO)6KO{5EP=! zL9o5G6Qoq#$Di(PYfR@630SK^51__9Ns+q(rA$i$t2#17b=n<{%;TgCNsxJ`;hZ6D z=*B^(EHAbSk%5A~@#lGaiAe5!Mm-?upWay}leEgP-T?Ww{`f^&MD$KQGr(`& z3OGRp`=EzaBFiKC2!)nQWy-E#3>?WTgmXLY+I-U6s^{5$!Ax2b(4AebCay~O3iSBgS5_q4ei!8X7G<9& zuxJWyD$z~@KYGl#y((hMb9VIDqIf6j8=gwLtzG&r>`n?Ce%$Ia!I_}OEK0DWJv(B~2bibf!`| z0R+$>m<-jbfoQTyQ3j2ZA(fKqcc-Zd7aQx+cZB?9qUSgM3b z5b_sGS~bdwmGa5O)M5D2r0@Lbr~L~Lt=-CbUS{XQsHDnr7;MsQ!`8_xcH^|9w2f|U zKG|THZ&FO{0?U&zn{Hefp00tydX_q=uZ%S*S{s|K zt17*Tfr7-ut5*?O?0n)ipAFo7Z@OmB*mrwH%yY2h8Rck=WHu zb?lec9&F-jrJ{uuW*asG+S#$iEdQSyK!eBFFL!qC??sXx98}>gQz|sNm#LjL$Qijc zGOG%>+;Mx8f}%8?OS^2{Jx8M%uBTEr-&iQYfYdH(tNw&XqxjLx*>Jq@=zi)vEp(0S zz&9K30lzzw=fjcitiz1mi8sa(%R@MwA2&mhcngv*XMuQc1>IX6-FwP#{W|4HnVmFx zU8U2L_sT<^%y?|id4d5_Of_mge;zN~r4j4E~0%5dSwo^Hb{$9gTb;|A}tlv*WKm{gF*y+@mY; z9qC$(TTIA9nCPj7nC0&eif8tPQB}KfljufF^kj#HL_3PY&4LvCw7klmIMF@hdqPI} z0eHS`5crkaQfv5k{5DMpLvczz*vGNfTA-<|fN+X^=#t746~w5}tp2$*gWfj2P2R?c zG#N5Lclq8MLOFDp32#X*h1rRmShru*;leGQKc@yJ{>pF%2qeJQ8LV7)9kb59n!NVikN6UH$C5)qxHOp z%{Ox=ENre}!#LBl0S5-jevlF02CP_}Y3ACK1}}bs(RZ|^rExh*?n@Vp{?z+m=^00x zOiap^W)J*m&+g*1>b||Gw{YzZ6`XDCM8E53ZGh*LWw6N8f?aV0jV4kRg!Z*;&4^r$ zap+Kf?S#c&SRA6#+xpeBmjBsjvw5nad}0UtSxy|Os@cwHN%LcWvqMHd6$otnuI^>0 zvf|YI-I5A>&hSP4E$jG)*_IjQrtuQ1sK2w>K_eC>mHEuk3}jQ737J9Dr@CuvO{sCk zcEY&Ly-*7~JclBfTQOfKB`+GQ*VjqUN)s4XOkna!=?BX8$>a{2Q$$Y)L=(j`*msPv z=3lFz>&@^Ia%Y@!dnYu#Q~<)Yx4%>ZyvJ;jAGl>&{_epkDU*_;rXC4MeVZS}o8!dw z>%mP0Pt=n>O3?w;Ha9z8zLyFDm9@)b%*?+THdvii-0rT9yq}{2RU)J` z*1S%XVY>uEPQlv0VG3Z)*5;>N0}tsnXPmnjGyQ5%7EDhN7@J1x+km~Sro!JL%Pc`T zroPj7SbF?(aDj544WK?mP~${59lDqHQ!hg~h|8|i1$GlS8AC$&<}8uHdL=jZL=tK* z4yl(5;zmr;)W~V98T}m$&y!ZYWoRDiD#_SlF%a#tlIT(?*p%6F@~Q7O^}NfllJYAf z;0iQ*?7pS+$1_}A+W>ypgs-T5PU+M{g2&8C3NmLt{R-Cy0TM1$)MmS0`ik6FSQc}? zp;13hZfUE!f6c*0u8E;peW7?eK_g6SgOLr@4o4?ZuGhKrmDIew9|{8BzWC1p{`9qt zshy$5?PaHJC0=p5qg>3zaRIiVZ7MPQDfkRC*#hz->)-v@*iB6Kqb)@wmCXvO2_vz?uQKdgs#7rZ5%*K01 z+hb)<4`ws7!S>|Isu~5+KqnUS?HMXWxxvEjEX_PDRm9e`VruqQA##{*He`OSD_FXvF% zhOdy9MNF%%--J%dLa*uj-{6wn!r0BbGqz<=f?8gO5e_owWQedhTMG=u5gvOro%u%G zw}n1UT5)SoAbPla*d886h#{2a+OL1so)2d_Z+2SH^)GZJxD}t8pORDK(v@$d-*s{4 zcS)9VF~E37{W#gnAyqxw@R%XcZusd+t))kt78wfH!+1>RS=G+@XC-JkmdmaR#Lo(Aj%>ov756h zovcOikdAUNqTkOHIVCGDqDUN-R1QAir9Ieib+-!1PL)-k-F1#bwl9H{ahLkuHlE|; zD&wY&uSL+2;h9%d+?d%?KMhywo6J)p=9Oj8=e%h?=uP~eHm*7-s`mRYOG!5@p>*uh zAxbD9_|h#RNGY(Wu!My4RZx%yFDda-N~j<%UD7N|cQ;BmOC!Ja{p0oh&iu}uJ99qw zIdkU5dCr_WbI#{|!N|{&+dS4(Vul-V0ED^{7qTqFHbqD6Y9f0>Q>Mwql zY!WcC`z+NE13mbqtJ!!oD{+}sf9e`1aqSOgM-+2Y$&{n;Vgpy2u_DPc8PYt(sRRM3 z@m|P~r`Y;EC%<3Gtyd&yZd9Vlu7>iJKuhvH!^5bvGIswc3 zA=ki5rP1}e1h2I%j)O?qsU3tYQs+dG)? zOkoi57>5LzcgJ7j*Pg@{N~{~{8k2jCD9c7(Qh1+}-Xi}jP^xK>vSZPl|*o$43Otlkg+Abg}#8v0* z{9YGuvTvM|n?cjyCUh#d51;h45#^>ef49FHEaoHV`%Of*`eTVy^+s}Ds^?jL{DW3A zX*rhis&jP`EY3M!$;N=t)^RUT?V)71*vJSrUYI3|Cm$1qR%$;TFx)tKC0voe8Xiw- zo^3eZRzXvgU6m@*3CmE ziW8>(q+i?oQe5p#Nb1Su@&WVx{+_E&pRa%PX`uoxU-jjz)tz~hASPAy*J+e~b%af; znfE06D-ND|cfv={MJ~c3yZS#CC?~#5Nl8i1~I)jL)_l_v-smuDf?%I>Cl< zXwMvkVd5oDH|B7-)IHb9Ze=}4Zo{@*Dg7!3&a&O}2lrwBx|{~XL0ZPfp|2$$@hM?V z?Mvqaq<{T+g&6OU zansNfo~d?=r;g8)#w;fifq;;An-WDq1{9KYDk>@vP1o(7ne-It<+O{_ld~TSbE1c; zgJt-V6N4lj`zUr}6W70i`;;_?ByEOGa4=g&sG}cpAbbD5*rl-sVj?64VnTpalW(6oaX`TLtryJN$ z{nEKT5-@d}!npbN4V1KO{C5|(vFbAG()dEM`Qud1ImV~zNes?*tLs!d-X)q_hiqac zfcA%lZ5Z=n_iHZV;u{*J<$TQij1d|1Nm}@EgtUa9Mq$lCO;G1w9Izgbk?H_6!KPT!Lx*|F%m z_~e9v2FIK0UNK`RJefTj33V)DK`_S?e5M;hvYNXJIP`VgEtZsuL26-6FP)P%k6wI1OG%SqV<}7xX zZn`^LOT`)qxyy_Oqh%pQjC| zZ|a2=mm}A7xcDAW9yhFv+s&xhepw%E& zPMwmi(Vx32v-}yy>$h~J^gP5}X&vw#6;l}rlvRc1*ms^w8$h3Q^ulsJRwCK2Y zYw;$`ShDWW|9oP0&2@%-eQI5;-m>7`IWZb#@rb#fZ% zkcxwKc+`wuia+9~QAKN-HodFuQ6QGffLM8k%|mCw!tM>*%iIofKvzOs#cD8K0*x5vNRM)@ER5 zCs*SKcK|qcsU5!3w6}=Gxws9+Xd^9mB@8e`cC}iuMw!knxkLyDdOKPpa)cFDx4^p0 z2go2Y{5YYBFx6l(=P%-RE@UYv3!9M8OmHGUYjds!&&3qwgwQ9c8-oe>XKB58Uu#)##YR(O&mV4j9*}mn@3rYlV(NvTL$n-C&qZEP zD=*ECWc3C-VJ19haJgg}iO@V%ZcW~^0-F4$i%7d>7yG_+49KQ=G#^htb4u(ERhV3h zH_U%*aPm~m`~9>DlWj+2Bv=)}@DS}*!PmPCci3qN zP4SR2EYl1EOJW6OA~X|L}bO6&2mDO*E4_ir}%$00uB z-MLD9XraFzUqG6}&(;M)*6*gCP7WUz(rosfPn0TNjvKG_1`>gkr?w z5SM4=dBS2T*}VpZWc#0K2el0C&gz#l2%1GqtKHt)-3{xkQ8jkxg=M>WwYGe=!DrZs zvCZ&+*{NmD2h5sgU!FO*waQ0s6#1SZ$*h7Xjzw?AyrOIqksKFlEFO!-X!r1Ld^L1S zL^we?EuS!ckZ`Ip-N`M-bUx00utTEx^ltdk>#DzD<8emKYO62+5ki+%NYk(L1~u6;al*yB%5uKkoP_)O%-Lz1iR)7$ z8y{<7iTU2Xblt+QBTn$LoE2d3`a&W9@$i!n&M}fUGVdUc_r!$9WE3%=dOEHid}@2t zo0jCQBsPa$6}RPh5iLV$75(1Oq2sEYug{&pE~S8(DRiL-R*Hp3{3kp2Qg@VyGk|+& zi92$R3j3MAeHppEw-8{J$Zm*z&fU5Yw5w)7MOt{JLd+w_KRJ8eOO*D*q8XTd(XZ=T zoGT_?drI;9qmgaRT+8ajGxYSJTPwH;fLWJR3EK8q!A(H9R!~6GL^sYY;X~?P-!qM@ z^zs|M95zf&OYVka*57$ciAJ{UU5+}ffvujOH}a~<&0X`qgf$OKkrPT_krRw=$FYHy z{^W!Q19soOkt}>Aq;zR%r%`k(Cs@92qfAe-`1PQETq>mSwfVxkfe@)G&$5H1Y9MG_ zag^Noi*He*cX@QSBZ(l5K(JGPWYBzOCF~ZF8=A>C>KwU81?LR z-46)|Lv@v-ShLb9n))=xduh60T7FDsM*5*;v83mTVF&r4M;6BZO~W{U0}a>NBLO1? z##-DYb9{xE@Bzef(c-n{_ zDu7>h87lSjOR~?M_@6QljBb_7zF>6{}o4ja1HO_PpJ=q@cwrlQVxJU5&U3y7cF?)$p*a^ ziihm@oW=%fcCkV0qyB;7U2NccJoJ4BmUn4EJwebg3l0i*BcT2Xc$E+I>lP;rPJ)0o z9~i;EI%&cFZZ_y_Hu$}l3GDky43hRB2#G#G!1-^CphgcZXxYmK-Td&+vQix}=+Qw7 zcK5L{+{%MMY(3pQTu={CPU25J>`~I7YX>8kgEyxvz?&n$8Z<5CpZhN@1Ut~|U`!7! z$3M9hzp2IW&98KSEb!XgC$Of6m*d}Ek2j$GAA`~&@U%w}T2=zy?B&PD4;vI#3L5tP t4j~!nwQ{_w1?8{&eT7R}%p2t-_B&Jzw24W6d%1=`ZsK_$MXG Date: Tue, 13 Aug 2024 14:39:21 +0400 Subject: [PATCH 04/11] Private DNS Zones Generic Policy Update (#1700) Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> --- docs/wiki/Whats-new.md | 3 ++- .../policyDefinitions/policies.json | 4 ++-- .../Deploy-Private-DNS-Generic.json | 21 +++++++++++++++---- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index dc0eb4b64..e9a0746f6 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -48,6 +48,8 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: ### 🔃 Policy Refresh Q1 FY25 +- Updated the initiative [Deploy-MDFC-Config_20240319](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) to the the newer version of DCSPM: [Configure Microsoft Defender CSPM plan](https://www.azadvertizer.net/azpolicyadvertizer/72f8cee7-2937-403d-84a1-a4e3e57f3c21.html) +- Updated [Deploy-Private-DNS-Generic](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Private-DNS-Generic.html) policy to include the ability to configure the location/region. - Removed duplicate assignment and portal option of [Deploy Azure Policy Add-on to Azure Kubernetes Service clusters](https://www.azadvertizer.net/azpolicyadvertizer/a8eff44f-8c92-45c3-a3fb-9880802d67a7.html) at Landing Zones scope, as this policy is assigned in the initiative [Deploy Microsoft Defender for Cloud configuration](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) at Intermediate Root scope. ### June 2024 @@ -62,7 +64,6 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Added new custom policy [Do not allow deletion of specified resource and resource type](https://www.azadvertizer.net/azpolicyadvertizer/DenyAction-DeleteResources.html) that provides a safeguard against accidental removal of the User Assigned Managed Identity used by AMA. Assigned at the Platform Management Group, it blocks delete calls using the deny action effect. - Updated the custom policy [Deploy-ASC-SecurityContacts](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-ASC-SecurityContacts.html) as part of the [Deploy-MDFC-Config](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/deploy-mdfc-config.html) initiative to use the new API and revised construct for the Security Contact API in Defender for Cloud (`alertNotications` alias has been deprecated, and replaced by `notificationSources`). -- Updated the initiative [Deploy-MDFC-Config_20240319](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) to the the newer version of DCSPM: [Configure Microsoft Defender CSPM plan](https://www.azadvertizer.net/azpolicyadvertizer/72f8cee7-2937-403d-84a1-a4e3e57f3c21.html) #### Other diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json index 2edbae4ca..89e201baa 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "1159734146410583397" + "templateHash": "2449863039247600800" } }, "parameters": { @@ -124,7 +124,7 @@ "$fxv#139": "{\n \"name\": \"Modify-NSG\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Enforce specific configuration of Network Security Groups (NSG)\",\n \"description\": \"This policy enforces the configuration of Network Security Groups (NSG).\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Modify\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Modify\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"nsgRuleName\": {\n \"type\": \"string\",\n \"defaultValue\": \"DenyAnyInternetOutbound\"\n },\n \"nsgRulePriority\": {\n \"type\": \"integer\",\n \"defaultValue\": 1000\n },\n \"nsgRuleDirection\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"Inbound\",\n \"Outbound\"\n ],\n \"defaultValue\": \"Outbound\"\n },\n \"nsgRuleAccess\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"Allow\",\n \"Deny\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"nsgRuleProtocol\": {\n \"type\": \"string\",\n \"defaultValue\": \"*\"\n },\n \"nsgRuleSourceAddressPrefix\": {\n \"type\": \"string\",\n \"defaultValue\": \"*\"\n },\n \"nsgRuleSourcePortRange\": {\n \"type\": \"string\",\n \"defaultValue\": \"*\"\n },\n \"nsgRuleDestinationAddressPrefix\": {\n \"type\": \"string\",\n \"defaultValue\": \"Internet\"\n },\n \"nsgRuleDestinationPortRange\": {\n \"type\": \"string\",\n \"defaultValue\": \"*\"\n },\n \"nsgRuleDescription\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\"\n },\n \"equals\": 0\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"conflictEffect\": \"audit\",\n \"operations\": [\n {\n \"operation\": \"add\",\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\",\n \"value\": {\n \"name\": \"[[parameters('nsgRuleName')]\",\n \"properties\": {\n \"description\": \"[[parameters('nsgRuleDescription')]\",\n \"protocol\": \"[[parameters('nsgRuleProtocol')]\",\n \"sourcePortRange\": \"[[parameters('nsgRuleSourcePortRange')]\",\n \"destinationPortRange\": \"[[parameters('nsgRuleDestinationPortRange')]\",\n \"sourceAddressPrefix\": \"[[parameters('nsgRuleSourceAddressPrefix')]\",\n \"destinationAddressPrefix\": \"[[parameters('nsgRuleDestinationAddressPrefix')]\",\n \"access\": \"[[parameters('nsgRuleAccess')]\",\n \"priority\": \"[[parameters('nsgRulePriority')]\",\n \"direction\": \"[[parameters('nsgRuleDirection')]\"\n }\n }\n }\n ]\n }\n }\n }\n }\n}", "$fxv#14": "{\n \"name\": \"Deny-PostgreSql-http\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"PostgreSQL database servers enforce SSL connection.\",\n \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version minimum TLS for PostgreSQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for PostgreSQL server to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#140": "{\n \"name\": \"Modify-UDR\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Enforce specific configuration of User-Defined Routes (UDR)\",\n \"description\": \"This policy enforces the configuration of User-Defined Routes (UDR) within a subnet.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Modify\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Modify\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"addressPrefix\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"The destination IP address range in CIDR notation that this Policy checks for within the UDR. Example: 0.0.0.0/0 to check for the presence of a default route.\",\n \"displayName\": \"Address Prefix\"\n }\n },\n \"nextHopType\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"The next hope type that the policy checks for within the inspected route. The value can be Virtual Network, Virtual Network Gateway, Internet, Virtual Appliance, or None.\",\n \"displayName\": \"Next Hop Type\"\n },\n \"allowedValues\": [\n \"VnetLocal\",\n \"VirtualNetworkGateway\",\n \"Internet\",\n \"VirtualAppliance\",\n \"None\"\n ]\n },\n \"nextHopIpAddress\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"The IP address packets should be forwarded to.\",\n \"displayName\": \"Next Hop IP Address\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/routeTables\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/routeTables/routes[*]\"\n },\n \"equals\": 0\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"conflictEffect\": \"audit\",\n \"operations\": [\n {\n \"operation\": \"add\",\n \"field\": \"Microsoft.Network/routeTables/routes[*]\",\n \"value\": {\n \"name\": \"default\",\n \"properties\": {\n \"addressPrefix\": \"[[parameters('addressPrefix')]\",\n \"nextHopType\": \"[[parameters('nextHopType')]\",\n \"nextHopIpAddress\": \"[[parameters('nextHopIpAddress')]\"\n }\n }\n }\n ]\n }\n }\n }\n }\n}", - "$fxv#141": "{\n \"name\": \"Deploy-Private-DNS-Generic\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy-Private-DNS-Generic\",\n \"description\": \"Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Networking\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \t\"AzureChinaCloud\",\n \t\t\"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"privateDnsZoneId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Private DNS Zone ID for Paas services\",\n \"description\": \"The private DNS zone name required for specific Paas Services to resolve a private DNS Zone.\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"assignPermissions\": true\n }\n },\n \"resourceType\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"PaaS private endpoint resource type\",\n \"description\": \"The PaaS endpoint resource type.\"\n }\n },\n \"groupId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"PaaS Private endpoint group ID (subresource)\",\n \"description\": \"The group ID of the PaaS private endpoint. Also referred to as subresource.\"\n }\n },\n \"evaluationDelay\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Evaluation Delay\",\n \"description\": \"The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists\"\n },\n \"defaultValue\": \"PT10M\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/privateEndpoints\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\n \"where\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\n \"contains\": \"[[parameters('resourceType')]\"\n },\n {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\n \"equals\": \"[[parameters('groupId')]\"\n }\n ]\n }\n },\n \"greaterOrEquals\": 1\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n \"evaluationDelay\": \"[[parameters('evaluationDelay')]\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"type\": \"string\"\n },\n \"privateEndpointName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n }\n },\n \"resources\": [\n {\n \"name\": \"[[concat(parameters('privateEndpointName'), '/deployedByPolicy')]\",\n \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n \"apiVersion\": \"2020-03-01\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"privateDnsZoneConfigs\": [\n {\n \"name\": \"PaaS-Service-Private-DNS-Zone-Config\",\n \"properties\": {\n \"privateDnsZoneId\": \"[[parameters('privateDnsZoneId')]\"\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('privateDnsZoneId')]\"\n },\n \"privateEndpointName\": {\n \"value\": \"[[field('name')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#141": "{\n \"name\": \"Deploy-Private-DNS-Generic\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy-Private-DNS-Generic\",\n \"description\": \"Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.\",\n \"metadata\": {\n \"version\": \"2.0.0\",\n \"category\": \"Networking\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \t\"AzureChinaCloud\",\n \t\t\"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"privateDnsZoneId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Private DNS Zone ID for PaaS services\",\n \"description\": \"The private DNS zone name required for specific PaaS Services to resolve a private DNS Zone.\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"assignPermissions\": true\n }\n },\n \"resourceType\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"PaaS private endpoint resource type\",\n \"description\": \"The PaaS endpoint resource type.\"\n }\n },\n \"groupId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"PaaS Private endpoint group ID (subresource)\",\n \"description\": \"The group ID of the PaaS private endpoint. Also referred to as subresource.\"\n }\n },\n \"evaluationDelay\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Evaluation Delay\",\n \"description\": \"The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists\"\n },\n \"defaultValue\": \"PT10M\"\n },\n \"location\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Location (Specify the Private Endpoint location)\",\n \"description\": \"Specify the Private Endpoint location\",\n \"strongType\": \"location\"\n },\n \"defaultValue\": \"uksouth\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"location\",\n \"equals\": \"[[parameters('location')]\"\n },\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/privateEndpoints\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\n \"where\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\n \"contains\": \"[[parameters('resourceType')]\"\n },\n {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\n \"equals\": \"[[parameters('groupId')]\"\n }\n ]\n }\n },\n \"greaterOrEquals\": 1\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n \"evaluationDelay\": \"[[parameters('evaluationDelay')]\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"type\": \"string\"\n },\n \"privateEndpointName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n }\n },\n \"resources\": [\n {\n \"name\": \"[[concat(parameters('privateEndpointName'), '/deployedByPolicy')]\",\n \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n \"apiVersion\": \"2020-03-01\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"privateDnsZoneConfigs\": [\n {\n \"name\": \"PaaS-Service-Private-DNS-Zone-Config\",\n \"properties\": {\n \"privateDnsZoneId\": \"[[parameters('privateDnsZoneId')]\"\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('privateDnsZoneId')]\"\n },\n \"privateEndpointName\": {\n \"value\": \"[[field('name')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#142": "{\n \"name\": \"DenyAction-DeleteResources\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Do not allow deletion of specified resource and resource type\",\n \"description\": \"This policy enables you to specify the resource and resource type that your organization can protect from accidentals deletion by blocking delete calls using the deny action effect.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"General\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Name\",\n \"description\": \"Provide the name of the resource that you want to protect from accidental deletion.\"\n }\n },\n \"resourceType\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Type\",\n \"description\": \"Provide the resource type that you want to protect from accidental deletion.\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DenyAction\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DenyAction\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"[[parameters('resourceType')]\"\n },\n {\n \"field\": \"name\",\n \"like\": \"[[parameters('resourceName')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"actionNames\": [\n \"delete\"\n ]\n }\n }\n }\n }\n}\n", "$fxv#143": "{\n \"name\": \"Audit-MachineLearning-PrivateEndpointId\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Control private endpoint connections to Azure Machine Learning\",\n \"description\": \"Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Machine Learning\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Audit\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\"\n },\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\n \"equals\": \"Approved\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\",\n \"exists\": false\n },\n {\n \"value\": \"[[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\",\n \"notEquals\": \"[[subscription().subscriptionId]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#144": "{\n \"name\": \"Deny-AA-child-resources\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"No child resources in Automation Account\",\n \"description\": \"This policy denies the creation of child resources on the Automation Account\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Automation\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"in\": [\n \"Microsoft.Automation/automationAccounts/runbooks\",\n \"Microsoft.Automation/automationAccounts/variables\",\n \"Microsoft.Automation/automationAccounts/modules\",\n \"Microsoft.Automation/automationAccounts/credentials\",\n \"Microsoft.Automation/automationAccounts/connections\",\n \"Microsoft.Automation/automationAccounts/certificates\"\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Generic.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Generic.json index 25a41b067..5697371cd 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Generic.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Generic.json @@ -9,7 +9,7 @@ "displayName": "Deploy-Private-DNS-Generic", "description": "Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.", "metadata": { - "version": "1.0.0", + "version": "2.0.0", "category": "Networking", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -34,8 +34,8 @@ "privateDnsZoneId": { "type": "String", "metadata": { - "displayName": "Private DNS Zone ID for Paas services", - "description": "The private DNS zone name required for specific Paas Services to resolve a private DNS Zone.", + "displayName": "Private DNS Zone ID for PaaS services", + "description": "The private DNS zone name required for specific PaaS Services to resolve a private DNS Zone.", "strongType": "Microsoft.Network/privateDnsZones", "assignPermissions": true } @@ -61,11 +61,24 @@ "description": "The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists" }, "defaultValue": "PT10M" - } + }, + "location": { + "type": "String", + "metadata": { + "displayName": "Location (Specify the Private Endpoint location)", + "description": "Specify the Private Endpoint location", + "strongType": "location" + }, + "defaultValue": "northeurope" + } }, "policyRule": { "if": { "allOf": [ + { + "field": "location", + "equals": "[[parameters('location')]" + }, { "field": "type", "equals": "Microsoft.Network/privateEndpoints" From 27e31f4e43d250373acc235fc4977b3d0c05952d Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Tue, 27 Aug 2024 12:25:17 +0400 Subject: [PATCH 05/11] Private subnet policy and portal update (#1728) Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> --- docs/wiki/ALZ-Policies.md | 6 +- docs/wiki/Whats-new.md | 1 + .../wiki/media/ALZ Policy Assignments v2.xlsx | Bin 53524 -> 53834 bytes eslzArm/eslz-portal.json | 17 +++++ eslzArm/eslzArm.json | 63 +++++++++++++++++ ...ENFORCE-SubnetPrivatePolicyAssignment.json | 66 ++++++++++++++++++ .../policyDefinitions/initiatives.json | 2 +- .../policyDefinitions/policies.json | 4 +- 8 files changed, 154 insertions(+), 5 deletions(-) create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-SubnetPrivatePolicyAssignment.json diff --git a/docs/wiki/ALZ-Policies.md b/docs/wiki/ALZ-Policies.md index 70c76a24c..d4dfb669c 100644 --- a/docs/wiki/ALZ-Policies.md +++ b/docs/wiki/ALZ-Policies.md @@ -107,7 +107,7 @@ This management group contains all the platform child management groups, like ma | **Policy Type** | **Count** | | :--- | :---: | | `Policy Definition Sets` | **10** | -| `Policy Definitions` | **0** | +| `Policy Definitions` | **2** | | Assignment Name | Definition Name | Policy Type | Description | Effect(s) | @@ -123,6 +123,7 @@ This management group contains all the platform child management groups, like ma | **Enable ChangeTracking and Inventory for Arc-enabled virtual machines**\* | **[Preview]: Enable ChangeTracking and Inventory for Arc-enabled virtual machines** | `Policy Definition Set`, **Built-in** | This policy initiative enables ChangeTracking and Inventory for Arc-enabled servers. It uses a Data Collection Rule to define what data to collect and where to send it, and a user-assigned identity to authenticate the Azure Monitor Agent. | DeployIfNotExists, Disabled | | **Enable Defender for SQL on SQL VMs and Arc-enabled SQL Servers**\* | **Configure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LA workspace** | `Policy Definition Set`, **Built-in** | This policy initiative enables Microsoft Defender for SQL and AMA on SQL VMs and Arc-enabled SQL Servers. | DeployIfNotExists, Disabled | | **Do not allow deletion of the User Assigned Managed Identity used by AMA**\*| **Do not allow deletion of specified resource and resource type** | `Policy Definition`, **Custom** | This policy provides a safeguard against accidental removal of the User Assigned Managed Identity used by AMA by blocking delete calls using deny action effect. | DenyAction | +| **Subnets should be private** | **Subnets should be private** | `Policy Definition`, **Built-in** | Ensure your subnets are secure by default by preventing default outbound access. For more information go to https://aka.ms/defaultoutboundaccessretirement | Audit, Deny | > \* The AMA policies and initiatives are in effect for the portal implementation only. Terraform and Bicep will adopt these policies in the near future. @@ -224,7 +225,7 @@ This is the parent management group for all the landing zone child management gr | **Policy Type** | **Count** | | :--- | :---: | | `Policy Definition Sets` | **13** | -| `Policy Definitions` | **14** | +| `Policy Definitions` | **15** | The table below provides the specific **Custom** and **Built-in** **policy definitions** and **policy definitions sets** assigned at the **Landing Zones Management Group**. @@ -257,6 +258,7 @@ The table below provides the specific **Custom** and **Built-in** **policy defin | **Enable ChangeTracking and Inventory for virtual machine scale sets**\* | **[Preview]: Enable ChangeTracking and Inventory for virtual machine scale sets** | `Policy Definition Set`, **Built-in** | This policy initiative enables ChangeTracking and Inventory for virtual machines scale sets. It uses a Data Collection Rule to define what data to collect and where to send it, and a user-assigned identity to authenticate the Azure Monitor Agent. | DeployIfNotExists, Disabled | | **Enable ChangeTracking and Inventory for Arc-enabled virtual machines**\* | **[Preview]: Enable ChangeTracking and Inventory for Arc-enabled virtual machines** | `Policy Definition Set`, **Built-in** | This policy initiative enables ChangeTracking and Inventory for Arc-enabled servers. It uses a Data Collection Rule to define what data to collect and where to send it, and a user-assigned identity to authenticate the Azure Monitor Agent. | DeployIfNotExists, Disabled | | **Enable Defender for SQL on SQL VMs and Arc-enabled SQL Servers**\* | **Configure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LA workspace** | `Policy Definition Set`, **Built-in** | This policy initiative enables Microsoft Defender for SQL and AMA on SQL VMs and Arc-enabled SQL Servers. | DeployIfNotExists, Disabled | +| **Subnets should be private** | **Subnets should be private** | `Policy Definition`, **Built-in** | Ensure your subnets are secure by default by preventing default outbound access. For more information go to https://aka.ms/defaultoutboundaccessretirement | Audit, Deny | > \* The AMA policies and initiatives are in effect for the portal implementation only. Terraform and Bicep will adopt these policies in the near future. diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 6c6c8e1b7..2a5304ff2 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -54,6 +54,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Updated the initiative [Deploy-MDFC-Config_20240319](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) to the the newer version of DCSPM: [Configure Microsoft Defender CSPM plan](https://www.azadvertizer.net/azpolicyadvertizer/72f8cee7-2937-403d-84a1-a4e3e57f3c21.html) - Updated [Deploy-Private-DNS-Generic](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Private-DNS-Generic.html) policy to include the ability to configure the location/region. - Removed duplicate assignment and portal option of [Deploy Azure Policy Add-on to Azure Kubernetes Service clusters](https://www.azadvertizer.net/azpolicyadvertizer/a8eff44f-8c92-45c3-a3fb-9880802d67a7.html) at Landing Zones scope, as this policy is assigned in the initiative [Deploy Microsoft Defender for Cloud configuration](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) at Intermediate Root scope. +- Added new built-in policy assignment and portal option for [Subnets should be private](https://www.azadvertizer.net/azpolicyadvertizer/7bca8353-aa3b-429b-904a-9229c4385837.html) assigned at Platform and Landing Zones management groups. This policy's assignment effect is defaulted to "Audit" in this release, giving the community time to adopt the good practice and address subnet compliance. We will default to the "Deny" effect as part of the next Policy Refresh. ### August 2024 diff --git a/docs/wiki/media/ALZ Policy Assignments v2.xlsx b/docs/wiki/media/ALZ Policy Assignments v2.xlsx index 8211ba8e23fd0664790d486cb5d25fed68730ceb..6a85fda88bb91b5e75c419cf24abd01196e6ac3f 100644 GIT binary patch delta 20046 zcmX6@Q*F2wutY#x$6YC`55w}WK3mCE=1yRJeNCad{E|$1eN+nS z&yU#5fopd~8GQ>LOX`!eX^G=pn4V9UX47})q2)ptu;Sx0MEZ(e4oP4;88l95B?Wcm z1U^e`FgcJ_au9xMAP`Mwzr@ay74Xv`qqSJV!=jQ0|hQZVG-nfT(E4ZTXw$z~g zF3ia_mxhPFm8`@4=J@K+ic@xGjbayr@wzx?DeBQzAKXwoNkhf!ADsGgM4A^4(~s`1 zwaIsB{a`kvhY8mh@&MCfsB-(VugXfB^Vz_F@Fw^dUs>LOO>iK*D38;iHOSI5>Of5I zwzEdM@1C1sI<*15JT1*oi|AEN=6JvwsgWlNnyp$rE75vLjm=c&ku_qi7T zGf2$&H-@>G8o}=5-5L})kff1;NWQx7PSOoNxphcc1-DFywQ}td0wXr-4R8S74!oJA zyFYiZl5obuuLk1k4Y7&}_Dgpy<9paoD~E28;cddJg{HdH(YFO&o-r>x8J{53tYMo& z%V%6zb!um(=3hE8U#xOt*8*DfB)XQbJ3Kfd1!yDQ%Ph<< zRe#%Kl`VQ!RTh6i`@O@{1)4D?ez%5sIt<_oF*28tZ0Zs2e3vI|$SRrErGxrOmt2Z) zK@{D+dPxFTW(ofRm95+m1yZ$V%O*9B;blXq#cI1UZfnw9J2y91 zl24$w1OfFgqPg%pjE;Ud`{b%DUZAIVg+i-_f)l%M9HM1)=Og`IgeC1sYzo~UMy1_> zM^N$?7PUOw^u7`zB6jyuuiw})c$++V(&u>mSSu#i0q`y<*?BCYn|Mjk-8diOiO z!X0vx-;poKB#WhET(8se-@oS{fJt(TM(h-jG|tuT5f~=%7~)D6F3WqEe}BI7{KR;% z_^=N=!1$)$<|&A>z_~KvKzlSfAmvt5$(<&_5I5NZY`h^Tm>!MKOkAVnjuA52&?jzt z0#J9i^~lF;5E&vDUO#{Am}B^NMSR)CvVL*qEA}lmrIfFXnO~zOf?%;5ju0In5VGom z9lRmIz;0j?jZnydim_{CXrWihucT<6gl7B;wu3ssDBU#8Q-cuTr&R$2F}+alwLy2>B%1b9QjNX(hKFq`rQMYDN`B0BOnydos4!~aj2h{h|Gj6=8T)g7rbGv5{dZPfeL+=eg+_O2MLo$9+F&LLyRz(S zcdD?V~_ppgaLyg>(juqwiZ1VH45ll|4w#p^^*Ut-o4$+*t$|;?4oA~@7)?TX;cQ#vm0JMQGgoU=3VR*<{u0Nx4ibffE=kP0<`S}Eb7@jHunM1f zFW*vUcK#-pO2+5w34A1>VNF;viwGAjr#INvOzz2*mwIf2|Ahyit=07kt3h_du8$U| z$e1puMN~}zg9?k%d-+CUq8q9?2GsrDw8wmdp3uI$5Js zi%CedIAvLSCi>FFPaL~CF4@;yY*2PvI&ncGjwu{-;*~I9h4)tAK^mg(sLQxeT3cvO zRr+E=j}+Dbmhw@yIQAXh@A;l#CC54(u-4IjwoG;7oF>Jzwk)3Mkk;P<13Z7K*vpwm zH!dUsw^0rcCzYg%Vr@$Thj&6M3yQqw!`@y-&wGR-%HcYppd|ZCo`*v5=S(8X7h)kt zkY7- z?IPDpop`HPg*!5J`7`$~#3AhAU9ZSXij7vvP})Te9~Gvv!QVgM9JjhZ=#2dRUYd+sV~@V~;A)En`0=)P`q9xN+zou<42Pv{ z&*0&iU6OD%EsIcAs6p8Y) z986bQ%x480qEi^1p##eKu%y!F2PPIzmVQqSylYr)j90xQcympQi+(pGRC8*w`MdPc z{sTJunEO@~rML3O`?smIz<^2%VQWU#cH)=I*f=@rU{*jzE=`e|6Xk@rsRN^o=i7Tn z6;`Jk4)C9@KV1*o4O=SnF#F|7nJsx(x;u8z0I#xw zdWO96SBB=h&q_Uy5)vOJcmZYtrR__$zso>T03F5kY`ju(0A0bAwb$LgcpY?5(8D4UZ_ zy*mP}^2Hz3l4MkrR@?J|%~kNbfR(M;Ji){*ssHimHD3im?ms|{HlGSh794 zVS1xY8s^*Tp@H1=vf}|Nq_5#fsRHDSm_ zpC<8flO=AZu$w=jDzy$I3T03lWa)^Kk0I>`NfW^?BZ!d@=_;5S*hw*ek1(FCghNhS zrW5s<7TnYMw{}{a6UXqVfWA-6j~-Juybf=o&&eCL_w8eztsE&@8vy%|n%*TqrEpZ; z8NvBN9lv>=SlpzxIg?cYc%jEye1d(YYNQ}c5LV`Wdq_4uVd^xoC|$|kG%X3|#xOD|noVhAw=w}}_NQNNMFOz%`aBQG=;#R4y0nP+a&eBG*K2K+k)wiUQ4i;1YZa^Rf4x7{ujVr3I2 zutvY8xd?_6nNZEnbthKvqvCndD7WOmhe8F6JJYsvnihk2EV||dZA)<#zAFIYvVyE} z)epov^V0leuLyYO&xAJfmH$y=DG5do7*(KwGarQVw0{H2#aA)YY;?gLx25GIR~{9Q zg?k04bn7o6--VIj;p3ygmw@dJLOljVdr#T@2;~=JW`78u{mY-`%~r1GjZ$KukPIJx z)#+;#(jny(Wo*g*U-wLY4-_fEpl%2m%Qh9U6$2O1~qf!c2I(?e9h|?`&t0v8yp?PN1luM+qPTYy`2i8c?~CHBAPT+Of84?#Gxa;3FNdwUl1ok(yIy&cV7w7;8J@~L_Xo8R4v3P5%l{m2H&Q6_8-r&45}fRegf-3s z72KdC=ctS3j0D0a#s?A~4L{$H{z{D3Y@d=enI8RPnSzn%TWnFVk_uT z-4X+WvTJt!>G^mXj%xp3j6UEB%siY+IVDP4C32~+W+`V{o79uf^M4ub^HWU)qjq0= zL}%e^YRbTuiEwGbPf@1HB~8e|3qafV?}T2uJJP3l;|f*&lV}wMas?%V*{`#Dapwi& z)6nJ<%=xl-6M?lFBTJe!dE37-rMH_ko-EbjGJCh=XmDZW(_2ItxX7^vUY(0fwMTyE zME0%Qy@~^bpZ6&3)!Gs| zoD36E=lecdsZBpbxg=__9 zY$5^tYmf?h=UZ@KV)+YLT#NVpY~{4;Q+~tUM|@TJLdJR6f?13IW8bMY5;JY5+sDt5 zf7Ve)z^kBBD8a-MDZzr7b70A{39QHb1aC^F_#&UZtit?+WX)Do!7l^b7wg-Bv8Q59 zS5g6MQ!)0`rbQ31$#?zHZ-kZktYU>%Soq_s-iGGpP&-6!67e7 zF%%iMq=B?yl+=`vDi6l2qwy5+bYTCN?-u{|%DFLsrXc~MP&CsOspuapBRf5+=UwCA zFn#oau`BGReaHtsZEBM$E&xG9Xoh+nR-r_QM8qQ@8RFz6LS3YZvYNIF!p4E6Y7{h* zr2Gej2Q*tUeSFmS`6svc3l)lxF~F7>0|pA3z%DB&2sNnP8@*g`Djsr{nj}%@4X~am zz$2O0%`-5Y{R9z(tMMlg#M3XA=?t>7mM1mLk+o>l(x^*WBI!7!n9a$L zyui55f@r+6>)wzVTAWz45j|%FD)GU87OrX)vL{sOC}1Gnt;diN>go=4Z)KD$#kkMr z!jdKR{FbJaESD9~Yp$t*Ho_+$XQ7VujOH`*MAWjNVWa+nmakEeidSR1h$U*fF)0F+ z$u))@2^BVeM^?McaeGy&r-Z7{_|x&1=@E2TXjF>oo&B#C-~Ze8hi+>|OkY|U$ zSOy!ngyr`c-Ti|a!az5B1-L?CKl5J%eDqYKgI)P9uEyn5qd7>C$GLteb&QEps5{<1 zBFqW1Kwj!JS5|v#25ySbj^K;-fTkYYc<~Km$s`a$(VZ5d7@7SeT}(B9ESzkB07cP; zp~!<*Dd7cpQ}OTj@VMV?{;Rz^K}xy1P-TSoCh15TaB5r0c$ksEESR7AFc2?R(gFK1 zO6X;OPhL_^mq3~h{fG=hxKEE%uP{hpiQs7~zVt(w_RtXCT~zBZ|E32L`F!(L7f7=b z71m?~ACCi~nZ(J}ah4;k_JhnCx2kUuxK<}PAls9u?t`mZa7IxhFHJBPCd?ct>iH!e zQu=gj_}mGf+lX>tQ=^h&AWma&th@U7ShH6^iqmdiJF-`^iCGAI+zN;g0B_EO6jf78 zwxTr6st&-!gt$vhNO_ujeRd9bOS$rqhesMaF ziRkEk{4Yvsc24qi=EZ;PH0RqB=;s16;!ZW~9Y#N8%6Nf>w2s^}t578^Pv0<#P~)*d z?+@dbcG~u)fDO5P^WQYkt7qQnAREpfY67rsdWv%H>WcL;0GoDFlcqN4X|XL;Z!#Iu zcY3h44EQjp#1j;n|DvrJJ|$DCRFzyB!!+j66t$Prtk6yV82qaUwS=LM{1fQ|EWl?Y zm=UZk1qhECl5jFlCM{>7D+Ule07i;5rT7pDm0i>fKBH(f(W{*5#;7(`=#oE(Q%Tm;h`tWB0v#yahk`gD<2WDTZ_{o`R@pxVx zmLZ`|vH$tonWht8u30@OQ7D51wnW5NuoF)OSXCl)Krj=Sam}=;k@%je;7l`>XxDcz z`vA{oK?JsMN|R%mZ*D=P0wA>B>BHOj{flRONK^z-_s?*9`2nM1UX?Gi$1W5eI|}Gz zk_T+0Ng+)nX(9^p9~~b6r;#$cF?^$9mI8PQ_a2Ch9R>;+sqKN0Xtp0{-sVf5(NpWtU8Qo>*SlZAz>?vnDFnx8#VR; zr&eFx{;!SMB27D&46ae@?EJyNeH-4D@9FXA@hd%!H7FhRyuu3~zkU*Lbt1io3G3e6 z4jMfP>)VF{xmmt`Sx%ap@yHTm(T@sp8X}DGj$<|9@Ya6$zr3RM2*0_gJ{@IVD5o~m zIQpOHz5n?@ov&HzA$}gm?LWNT?fkesJXqOra(?MQTk3hg9j|y?@_25$M9nlh`&?`$ zF>L8EJfGtJNS*X>U2Y7UoPM}{bnH}m*!6n~*(}BY(qA_39nM!Y^dH^n?AP6pj}$~C zOC@5YsP82e(MS|~H5bEqa^Kd>X6Q7A`$b#5(5*S+2_jcM75VVSse4czh5dEXVY1y& zeGi{yH7Q5ei35-)GAdFSX{&AOmLzFMZB6f{Dn|o72E_2IvMY;zyTfJJo+@aSCzo9L ztaZcyqo0BfQNkS3iUx=%eOa5ied+Kd*hFRe8U9+EGwo=>~ zo{h}xj5XnJVZ+{xbwz!>XRmyvHRy`WpA?k7#8U$H~4Te zN2bjhCIV%+6d#j>b~oq#61RX@lW^6aE6~g%Vpq>8n7ZTEmNEmQ1QLYoL5S$2rRs<^ zkY4sEcy}?vIVH6}6EaSavlCT|cqZx7%#~-&fcSViRa#`Ucrv0xLXt+L6D>nvDWY^?9_&5~tbJn0vz6CL1P=&c3_~P83hV zK)P`M_$uro@+Rv>OqX83rXMQ=20uZ8zRfxV>amvSk!a+FUcc1cohTWC@=S0f<&xTJ zYMGpqI6Mk3%KqX>GH+PoTD3YBC=&as-xMsu^gEs^%Wlvt)|=PFbz zkhrKqOw#|;6oQp^j73ZQ6N%dTWFK-V6bFciQChok8g zc*xjQlkwqQJN$^r6?^Ke7C(Y2H39ur0rB19xNYF|CsiwCD*d#~xDAIB+MEkntiNDW z_Wx*m_iv^@fOZ6-DoEV>;c!AHbFR=4v5ex6r_>otLX!)Jz}#(Wu=LV*k@hiH!1P>5 zi&o;QA$PeH_E^hqDe4IVX#!(Ce%b-=k4OykwhbGQBpmC9nmE73H*Av&;1Ie?4O@(B zC~oB2l!ilWo}w(xi(wFI=n3zxrd_ChC1h3~Z9IP;0ruGXNU923mpDx~oUJQv;g&GDlWEdpmJWNtNWNp!Dj3D4 zp@1ffL^xp#^AHT(;Dn~`qbUCe+@s$*mF8iZw$jJYvV~QNePzV?5>yY_i}fhg4C=A_ zX$XoId?Nc`$=?^yffTe1^)muUB-W3pUha4L=#0EY-B;#YYbksu{3FDTo@wqmza1X7 zhi5%LLqXGN3Jzq>NOsofUJ{!U(n^1ZW&T*?)}tWnO%V!SG3{b)Y@44cFd}6k3aLVD zV|KQKo4Ag^n_wMrCmG{3<0_mYx$o=$F~HyJHP@!u_m0xR1;VR#PM9AK-6vY#)yEn_ z6Q-SUruWeSR*}rN-;{ng$nnHhdVG8gpraRr_fIDf(U)LZnX_|-(GgB!Y)c>iI1`;* ztn&f{>H7z6b%p^uZJzqOH?oZ8NY7G%jx|%UNN{d7rV3IMNSD>7S?VBlu|K$mrtwbu zDawY^Athb_VA%T>Br5O~u^2)A>8>s_Cx2g@0`i#VJKpX?*mh|8vu zxZQ|51E(F${cm|SB^TWL&f@*ykbD*-d_xK@dW0-HkQ(+I*p`*@>JOYEX9oBNzbV&d z%A9pB%Wm0L0xsCsRkzPzHr-W2=H~1`no*iG&9R;EuIL4csc`5Eh&#FZcM+wDU&=YA z1?f4iY-Mr;W@Jd-x)Z^8SmySF+hN_Lm3+5e1>gBv!+A~T$sSdVOQ?}T8*PiiH+Aw! z!Mb=gfyz?b)|*=$%DJdlo^Sos$sd>OT^pwN@W6K~iUG=0YKr)pD!EXZt~nU66_KaG z1kuuzjYaPRMThMzs&%PAJBfYBXSn0`B%+P9b3zpb=4}EI=frVg zhZ^Ry>zW4_PiWg`z$G*4my7eV-{yOy$)$rY@N1yUR;><3L9Q=T1&NYBR!H^_c*(

B0mv`UKnN3k}*bz&YAf+x-%iWI=Dyv$zvajR?kRAh}_2>61 zz`$zt3S$NIa;Q|G5e`)~jE?~UE{>2uBU!P~J8Nq5w+NwykLk?rPj&lgR7+`ra-JO4 zU9w4pSMGP7Yd)NEy59T)7|eQDsj54QETYoy+gB}Vb*c4Lf?Qf$VJuJLF@Qd7#+gn4 z7_NOckN;)f>&Zr$_CAhf|vf>T!LuCgD{;4a^Z` z5m<8LhB-F+HxcQq@j+SeN`mV(@H*zK8u>{6ow|=i%o(MAC}$a?TXn0th+On5=!R+5?XlVYbD6TY<#hm@SzQE?o?I zMbLz2s2s*W0-_Ls%@TIa{SPG&&b|RbyL!Vq| z4l1ikdL8+Ou7pjUEOl9U!sxKWDIwy!Fe<-PJ9P5HirW)sO!Ks`%Z8~EH9Wu?T?v14 z59M8^08;CoqhG+uuHS|p6DOX1r{>c2>w~#E!+vQJ%r0)`sdUoO>!~MTl`J`zGuI3?y*8FDp z(;aL@dTGhtgAyNn{wAncNMMMfvTz|*B_-Mdpz?NB@)DiCid(S@_z30GS)e??7 zkpxAVE#q?<*t*nOh&emqYkW@MaPa$PlxK;kMm1&VXArh^iFg^MN}(8u3g{Hp%;6!^ z;c~@n2Q$;MHBP`;vs;Y1)ZVa(`>j_4YR>|!1VXRuEA$9-Xnk5Cq#_Hy-L`?mdhHqW zdNKX;BWr0v5P>;B9Qf`mqag}*M=PJ=n0I#|&--)CuFeJU^~Mym1~k9*9aSF#%g!>* zu!4eNh;zS|G3y1Fk%{|3U~m+=B)sW2V1W3wwkIEtkw(19ili z{i+KSUw02aXR(cdShNU#5X23aG)N#b(u!dh$j~Vls73JSR-t#o_evu4uUFu|jIfP; zc&ud8d7n|kC_r(e#!e9I$lyr+#=_1%iH9Due#OAew~?vuP!n}91$DjfLvEfB6rnkU zKLfJO*w|;ri|lVH9D{^TpfLm+J$iAdjiI`Aew{fI|K-8zhp4UE+s5I;)$r-7W?Dwh z68f>j>J`gHmS&fG_-b4+>~8fpIi&XG6dY1}kpISQMCyU-SW@GJx^d~W{PXjoqhS@r zUHE5MAf6|`LbOA7U#8>y)rShI7A}j&8}fSD+09U9DsCFUgy?5lX>s;ulJCd3!`J+Q zPF0xj`~UxC@dGgMAOuHE*1{2ifpxki*4mH)rBXh7zQ3UueAd}&!DC3OVI(^PB!ATx zMpD@-jOLizGA=@8V3}eVgQ?WNbKHG?ZYzgfO@WLt_sI~>3CoxfRfFV$rCv7^%huJ;9y7M`X_G~Umzgx}wKx}x@g z65AVOpPwuC3Ez6w)_!g1HO1XHv}%BV0+0(s6t1VOnsHeusk@#v%gx!g&OG?Sd=XDz zr-KQr1EKC7V_9z)u7O77m>=qnU)w9FEM{L}siUa=UuulcLS)WkV6jpEY<_3xk{z# z2Q-UDThF7h6%llHhfTsYihS<^_f8}cUpkVz>!?DSVZ4YK*i1=B;}Q{`Cfb>nMJadJ zqWaGcSVKD;=*#U00!U$$=(KlE2LYFT3%OMkD~<2$1(=^MOJeb-kxCQB3^*=8A>7d_ z4BWycS_)10W3FGG5}huNAyG>;))CmR0Y_Uen{rb(9&Se+2rP`A*e|1yOnmVUfj7Oe zVn205RVhkTTW98}^LbD$P4Pxv#CJRDT2TvQZ`9h6J4LYgG7UpVPiTdec2`$&408Ay zVY`|toGv?1U-~XSah6bj+SdO99^E!fO!;uD$VQhwq)qW-hgFPxpBhPR;3K_tp3eRTq5r> z{{S{TB`Y@%S7DvWJmv^J_ToSyFWlV>qs+=$NR-V|W^uGSF85OF_Y)J%;a-Y4LPiQ` z9YQnsSF9JOpY7>9(Cs3sJh34?+Edu0>Z_t2JroC_i0`L2=)>DE;R*+wc5HfGt!H!4 z-@ooy)F9XzLGN^)xHmcPz$g>iUj}{OXpWpma5HcUa5Yzc(GV!oYu!;DjQSaM>>fE$ z>$AolnPrc@gG0t^g4G0u-NAZ71+R<2xReB=QfR<|qTc{c*vD9A6mamQkd0X;(b!>( z)5;!DU!`P19s?t>5p11Oo5V3jIyW|FHx4*hp)3z@q5L}QJw0Uxz}LT)vQAqss$z4V zXK=;Y5=EWK#Al%e)* z?*qj0_@Y2=eR3vbdAFJz3CfQxqy4AFQ?jW=g?7|G=w~A~EKCGSgDNj#>iC+`!5RVU zo0qklEhzIo#<+g$z(`mw|8~eV?3uDt{vG8(NGzPR;AY9lA5B@3bLttd5V$G+!GKo}{dA*5th*=g-0DMm#x+}S{wZn-s} z2E!0CP%op!pcjI;X=F8NfT2F6zfs=S`z2z_CGRAzVYe&?5}@W}+Mig|r`dP-zU1G= zUHO?L)E-6+gqbOvU|bASYlBEkvbRFtDrvFA-wEx2cVJ-75z3jRBl^Yo!N0M{*6~YK z5jR7+(Msk)fh#1dk33k}8+S@;Ro6T*S9;WxpTAt^*NZdHF^Z`3k1{LLw|U+8WmN7=@XPc7hY2{RPW9;wqoN(H<= zud~N@pkQQybU65^D_yr|ayRV9XdHy?53T|A!dfMbZ+RZOrK!UFKD7-8Gj~q+&7bS- z8`?97hbZPKNN7xR4hO^v5YFY)#0so?dR^qUe*<|MzbFEztZ@{2{UuxFbcaK$IQ%Ic z7X4(O2I0s8`sN$5sLo4`j~Y9rpd^L1 z648V$Vq)zVL=|b5&F=2L9VFs`-x{>9B`JU}+ze36#D0mSZz$$@q1kWb*><(d4Sz%= z18%nmNZdkma6jX!BH#$9Kso;uf|>O<>NBAY6E{QKyWvH%5Mp~2>t*DPOahErZ%d&f zRn?c1%6frwX5GCm$|hs4ez?Lkk1_jZY7?M8b9c7$brJC{2L@sDr)bY}7X%N+7eh?a zezQS9;z;z$31uLAQy)N)wxvIbY6=w}1xj`GJOo@Y3=MYP=0Sbdz74ZtHY!=mf$>JA z53FXqDbr=>9r#n_#plCF39P`}V;N71oH2KA#Npee9iCa?#8_&vLcu2vpj0V2$^Tv{ zBUGb{-1k9K26t*e#FPqF!gry?K4LLCQL!(QH)s zq~*d1LfS9iu`?;btK;kAWl)2ephedJBlUV!?)^%~1S^FMFH$fUr8t%>nqW;uz3;xk zoQs1*V|ac>33bEiKAJ>VQJHzE1LB5^Q$LHrVwx_K)_!K|eR0E`h9dSQ6wgND+xie< zzf<<*X?AJ~3NudC#^B@Oj)F1Q))GY*SfyT+E=ow|5h@J?!vyn7HzGRso|2s4J;*oJ zA&vcZr-U`*xP|Z^G1dez!l?(Krg7_80)^hK-zoIO8!(9dIf6G}o*i{wfl>f%v<#iV z1&Wu>FP^1mE|HoEEkn=DNnZtQpY#~;bv@to_!>BY(N5ub9^~NO5nD?Yqs$2N%bCSI z;rWNk&C;|e{lJ0a%k4``FIo29E_&9`hZ5hG{wDaGI27Rbb)TDU(%a?&b$ zI}AjL&=Sr^F6A92aTqvRz-UkeVpeu8Ram=#At@aSD!z$Uc+dMW-JGmioYS~5Hs+xc zt~ERv#4S4QE1AQO#VR(xEH!yF?hnK2b%78WGs%*S*-F(1hETLB zg8LY_*gB&!EFRhiFlyU@fZm$uQ$rHFL>)YJC;c#LgZ!Nk)~@gV#DhzN&f zuTiwA-eukc#Oe?&}mU0|L3*5b<&f~`hGQGlgCZy8`4zQb4Ezc0Ifm|Z26)9EPVn$C=Sw#oz`l{31 z48r`O#+kvnzq#|bQM^5q-oVN<`87i5940vn8V#k7$p6$YA`mLcANnttcsEDHO|EiD zp7KM385)k_nV|AC)rN8_NJQO43o^DI$!P%ALvy8TcQ;Mz%t9HYYj#zSt8GeFm-3sV zYbJO+fc1Wa!-b<-*Y6zWCMrKg@c34dka#A`toPuif-AjeB)8JB03RJ(`=m~foHNsL z?(c8!vE*ks)sNTjxFD*e#dHLu8w+RwfxzLpEF}H7)h8iiY7~_WFXRq-c0g00+Go^k z3RPOFYcN5h3YRlSjlfUxuPE_Knw{7UF62;b;QVYPOJWO3PxLnGpGMm!)hXetAE%k` z6*dquX2t~NnTs5~_bi zzk^wXsd!=SriF$J$a8n?oxD9vfhbsRvp3Gfso4-QrC7GyvD1Gg@|DnZ zzEWgVbQ>hwWqgbPUSTSkIy6lP-T}hpus1okPy~t}fmHM9yPZtYqr*fWNBW*fO5Cm= zP)r4dY;;M6q53nX*_{f$wd>}R_2zQQ!2abbeav7tetV|Ga(N3o@=%9;W?pqu2Z$&0 z%B8x`%-NMD*J3GAJ4blS6^R4!o;TLcb^f0%PoJl16HfA12mL8_4IaT9JDztXQf}z} zerXcjmY2=;=TAXm_L}*B4mjs@!qW?K#q0G4m1Sb_gAE6ZEH-1<`7wVGH3bqKKI;O|PjEik zrEbg5=|97h?j%atjtT8PrTP;tfPo0yy}09ckVZ$ekwAgTJ8yx&Qc+Xf5NqhERL^|W@=dzthweyh#UH^# z@7cDAty%Nhxprl0YW;x;O5S2h&%1E>@b#*H0cyAUP=75VyXNi6J9de*fvB`fPBLZP zNc+CBg4Oherb+lLeej``UC9~@-|4~&2M_=ezc{SghB6%JyDqE@Sc`b?9pc!ym}HV& z)9I)w4z*XH&>4!x{x*wbH{G)xw?hP18Y+1d{`zpsP#x=og@iq6XRP7=g zwY#b|L^uBZRhLe(EIHPh1pa=jVI;PAxw@LGY)mm-c7qBCPB$JGTfOaYt59r=6R`#c zpzF!WAt1I;TvK|QnN)QX8We*cNMBDDqIUDyk2y@LG7EHZDm%2)4X-?SC~P(_F{on> zs||Q#t6$>89itz(=2>ttd0R~`TYMyaa9U97daX#<>M1<6&*ow)0twqrPrR7=dhVUj zN_5stBe9UC>=6fDwev-;k`Ag8Q_i1e3QasXW-m%UNAaCtpMo1i+bt~=UzxrSC%J$Qk zmI49a+JAD57{frecx_n=htoW*(JU8ccI(F~aTl@SR5f!vj`?QD)12NyNCwUjZCFN%akrn7R*?o%H4<-RT8-&5KwxV{Cg}?e@e(&2vgk_8+ zyQKTWgdrVWuQur(B;g3fK-m=2-Jk5bR7o+WWv=kp=jSzw@phl zOj{jiKMq^*?J80?;D|S3n+n;aLVK4}D{Z#-<$V2BVKX?NSFJ5m&oz&*5D9JLo&~WB zL}t~U3^^5+R?>z}&eIRtDpPDSKa2~ ztS;%gKpN{dq<6uj--Z$_)!GXQ|3WubGKAm?0WJ%M_fi#nIzWw5{Dn_Tm3YIt_{w`y zR1KTjDls(>SF7~z-tEb_P%h)oU18PNis~w1RI=8Y>3Izi*vd^@t-l0lfD@JDGYw)< zOpC+A;jfIzWJK1klr-iU&Fx9w=+YzSL%&mFSQ0fbk+r77=C42bW}ld|rtxK$`<~yU z0%KvO%zr;-Z~B+6J;Xe2P+l1$TFOE9w$qPOR;$QcZU-wPqbVMEMYj%ZN}1v(7p>tJw4WKlFru=A>fzN&iV!$z!pD^cFrn2w&H}5d z2u)$WsV6i2;KhKnuy;Leoiop+ zq;%BY&YGflEt5cquCLF5$MP_9wyZPGOwxbwPBJlV$=j$SVARO2zpYBR4$RIL0X;iw ze3X{>ue1DzFL;AC%}b|F$J9&KUQ0f8lIPFU)W(E1ToXH(rc=|vR zl5HdCd+8cH9-M?_NQd7pe4o6L0~Y_jG-xQHY0!?8Ws-Go=INM+CvVO|kw)PyZ9eD| z#YkI#33|&xZ?$27IrelDy|rw)=II++V8Z;EBy&VpoI{g1E-2|;Ai&zUUTtgGlpPN) zKe=tWhEARbE8?#5xvp^`%tWP68d(YjP!M>P&|Fb6&^`{d>F3WIQ`rg>{K9?0efvz z*n|sWq96LQQfwMxS33c%2xw9vi^8vR0to zVvroMe7LEBK84W-L_UWi_k+FL;Dq9+U;2$zt2CrYE%na1{OJ_ZVf4>E#r~ZAUz^F5 zZ?Sn|D?NqcB_FspGzi&tVOWqrl=t$3po4u=9>T+!_aobEVRMCG@_e|5;1;SON%q5*^w_V@Y|7vtpJxWh& z+r8=?@b)RBJ~EXR>z<%AHdbb z{Jhl+4sc{NUJfND4?vVmuyzkzhLmrUy^=q*75V*|HY^1-+OV(i3;>@HNpzdwV#BJ^ zF++f?#h218;YF>}W{C6d0wfOGsj9bi45xfvUR&Mc1l2;qIkh0WQ>ns+>iuW)o}>mjNuc?E~(tpj;b2(pjmrJ2w8m7WW9 znJ`GoiloGdwuH3P4jlk2g+~zXG6gU@=AQ*UTt?bs(cwhd?a1O7@ImXFahb;Z2ElHc zayn$S6mO?`EHWQGXxIb}hhMoHdRCJBj4n)f#i`LghL}sP%I+Hl4S~oFlsb;wVh~jJ zc%vCeZMlAeGe8T{mdWL^5&wf=WdQGsv{=-Umsly&9$$V)_hnAuvoG~bt~I4{buC9U z*Dom+-gqmx5a#(8T%CG?uJgb-$*{OxePgLh=Fn)~wS}d&9e#q~KgrOuZ-}+og27rp zUv3;@F8JPD7EV4wG*$FG5RW`h)G5pR#Ws@d0;J6^QGm*D9OFXh0Kl+gljVG$mzOJe zVBymya*IUExbP>XqB59d&gr>tS6?@Kd?edN3_Bi?dsboJj+>Lf1!=`)KD5d`)F%{< z>w0omzx7eCDkj7-ZEsD?Q-{dP|8;TY(NMQ-cuY+SS;sn-WF1R{L1Zi0cS4MPi^f(; z5kCtd7ZJUeX!=jSkbtl!bkQrU@3<(_C3*fcN)i^rB21p=Q`)>ZVZVlEyH##G zsaHkVx2gI0+hliab&`x3nuv~52*rq{J?tKW1ZFMYN64NIOJ8jVwPyns1LzqT zvRkLs{FWVqAi^6Pfe9lc2y0UkA=M%x@A`01ic6nGm|Ls2>*EkbHc~Wot!3OYV2X2A z6uSN8I&x#yD6hk%=>Ee`NC;rV!R+D*J)-&mbAd&(ow}~H zj7z%=h;^8)ImV3TR7mcTV;%%gDijCYLvL&ptD4e>ypK*QrJ>7tH59papkQj?u>DFa zPU-W{hUC>#UN1+dvy{}65%n8)bsgSc`yP$8%UNSZ_f2Lnt~7YE(wlqC-xux~ej>Yz zRW3wfoy<#LFYOB7oyrWj>g!k_ORl-*Mhi4O0h(>hRQYUQkwQ<}V_afaUc(~`;B}3>eNmvQS)jq!{2)xkIx4`}efuL-GP2l1hFxSWA$x(GAMo^b z%iict)mdBqfEz=-#gjR@yIn9pUIUQRQ{(NwRN{Gj z{8+VEA06cn)OG)3kF0Rw6h3@_Pp`Tjgt+8)i9>dKVSxkZ(T2FUsmRwKwItDx+1%aD zC_bUg@)QM}ORyw)#T@Uvxbh`U?o;*ZVT0Ulj!S+`JP!(EL&+z{q5B*%$CryY1n7@c zjJALHx7Y-bn%0}k3W9*Sh5ZACFH*r`lKk8!I|yzk8_BezwBft{3VQ^xVYjy5(hEb; zU6_-2=%Z#>ew|Q_XrA>>Zt??0mbAqDQD)qAx9WV?G8@r@j(AsL>*(+&X%_j5ga~#S zjTp-eiR`mtRwHGa%?*2gHMhPV!?-=B#AgER%yYaORHee@B0Yh2oj~(0j`n*R>sFJA zurtWIa?x8X>h(0*_NCS)XDEFrCUlaDpzP{${y4`=ZFBQlpN8eQxZ#s!#`kA({Y@8qrgHhyu2U}pVgzYp1=PX>W6D+=4H$x?^i)ubO{fh<|{ zGtJTq#+{W3hg%BFv@Qb|eZuL~tUHNJ9gNrv{~9d&VE`)X4el9?(M(wzjT#vUQV*Fg3F&bxBrqw z^Kv;Z5j|An#r^ad(;McCu>LFp*I{mE?pp`#LIJdt<+$Jem(%uW=b$6^Y*K026$iP= zTa~>Ek}vMYbkg2a4HvTs6aT~{wLI%;tEpvQ<6wB_Eilv#&l+LAmS|Cu>#SlfI2idu zSGOel4N9i&vdywd{=#y05+JPp%)smXJ*vvs0&_X9s$IjE$^~to(H&QAwHg}&4H;I` zgGY*ocev{HZ@3x+W%BE4^Ue$Si8D{z;nZ{&kFw0_d&fs6fod6i8z@CQu@v~mWeGvoGG~jo_jb#o zQp2;txdlBsUr89t&t2PE%GE(hP$$!*UNI^zi_sC<*8CVHbs@i6Gvi9597;aUN6~oB z)ZN2IfNj=IhBY=KS>^K&P2&bOm@DV?q@(Oq#G2~)cNGDW>wQsWGN(S=0I*JnyHV_gUgBAMZioFqZBn8gXa zhNssR9ZdyMUk}unnD4;Fl74KVMAv$UrfUYX*GK!b6Dh3%j%>&+9s#1+1(cZtzMl3M#B_GEFi zWcj1zkYEqh+(??NXO`x|GwuZw|IS{NA^D5c=)Vx1LskyDhYr1gO@9 zw|^Y;F!_8opG&y$7jj#7wJa@U_>MhjRadN6X&%KC0UJPHxXA_AltHM&<8=`?OJnMV z0nEfkNRwmZ!pdRU2e80OD(vv0p4G7Nq|LL(!^ogaWuBa|r-p_m!_n?By`tAr!zBEZ zQ$}PsWn%QRU&NZHt;nnGqfjvwE?Z!2dxyE!;p-nr~4d2l=S& zJEzh)bj3mbYqy&|4kkh1)@(Z+9|g^qwg_YLi`cttqtfJQ(*mrIqTsYCM~AKc`J4@^ z(~~wL+lHRT;~V8%8;I4OSRPNzsnVj(ZtW}4*>PC6cG~=8S463U9TgXaf3^#8;;bRGt1RVe6wAC1kL7k7D z0wgA|)8#zm}_U4Cd+_yKfR6w%Z?Z{48Q(nn^jzl<5(6Fey=^g#3&XKJ-<9Zg6Td^~msz0~3 zVq!BxZo2z&o)G4L!0g1sxZ%0VaTF4t0r(rqJ zeXLLCP>38tb{Vb8upNH{`|v!H>PD)b1l#W&gDU*dcDVZWAUb9U73#p`l^o{&o;mgU zUdSfXsszwgztsVBj)XE5g+?%iS0Y1})kBkXMvJfkIiY)#`HkM>m)pFX-LS{F88^Bm zqogOZeHyYE5{(6Cq!K zUKC5)u7m68pfYnV^PYQtqK;bVj((8H;4(7zx**`H_@_6t%J_395hDkY>;ToD^5|`Y zBMhvp768>+Byq>pqf|IdD>cpkJjfn?Fr%6R`#wl=|Fsr^KsYG#O@EgTJ(x>i1(5_+ z?!V48|1bK*^he}NkfJ&Qa|kz};|70-BZ3q(*bbEFRfAf)g5JIAP*xAHs+W)ZZ~GSn z0{Eb zDFNFCSt%J01F4COVB!GRDO@Q8T&RVEIz%xj!yAx*Lx2fHM(#hUPX&QoqWCf~{p(iB zbzn151nU<3;&@lx6-lqU3Q2WUFP1|o*! dpx540pdM7W>kosYFeW`9X-Mb{AK|}I{sR`kNfQ77 delta 19797 zcmYJZb8s%a7d2Yjwr$(CZQJ%!p4#@)_SCkGQyZtY?Ni_P_uV_+{U@18vUc{YwI|6= zGWi=ktr)x^9U3z5Yu%hOH3ymi;OJZ;h4O7w`4b|Ze1jfxJcBdJYYMKod^Fp%^jlju zX0;(f8#Lpl&Rlxo>vcAC7wuKasV<|pfjQ_TJKGv+R;YGT%%99aMeEta!|oifk}YHD zqNx1GH5D(U4mP@)0K0}v@GBeUYw4}NKaUX?kjM5?0V+c2_iixB$Dx=En30VhrLC5Q z4R#0^hb!VlP$cV7j&v4Gj((;Q%c`#@B>mbFB*6g5~BG*QehoJ)&$Xed| z7nr`z>Oy&v7`rj9qYFNghNU6I4eZjg+CLT_4n3QO5@Q zcg5v@_K&#fn6Z{nE3>oW?2$ZaDKri!K=lYtLU9feuq{%W6%;a_l9l9A)CJa;sD&7Q z{Qy<+DnYVQ(lUJff4D>j3M26`kto;pzS;Uh72@vEk06_n5ptV)!w1Mu`zC#&Zj2fF zmlUC#)zRfgd|gdvp?G-FnnGDQG(R*VI8Ix zH>!3UG%EIWdMh$N@K5*DKo~-OPF+kZl5ug%2;&nO-&TN7*SkD^Q>fLP9tA{Tg@!Wb z1|(iU>$V^Y%stkK5ZZ_v$jCal>MPm>EM4IVZ-`Xus7FvR@6ia)fZ9=C*fE#hwgfdb zyI!(^CsY(*WygWA@k3KJz5JC{bA`w}x?Bfkg#}nVmWv}+?o1nI_xzZ+8?7h*a2T0- z1`$EsUkGG(pWEq-C5k`gb zCEH69R$t<29r*mh_i!Y4A>732Xw3J?r%-w?pi>4sW1)N#&kdEK{>oj0A9YLU?Ahn> z4?p21YZf|^DHY?S-0N0uyM+v#0*!HsQ5%*tq$%yY#WTv|GlCus8!;S)8d!@^sdRJ z;*QJX+>zP8&2}!{U%maN;0p8L>Cyr zl=_AjZECsb*!OAAcf*eaTOfUHDj~ecsehv8nOU_HgVn7BN5v-%6x``xvd(LHWRD%Q<j&N9Xk#LGc-PQy|53>8-Tv~g`8&~{SnO&j`6w{`$S}J^OBvvtuhq{49_@X+_5(984LKv(j&KeefZfJa5cEZebeKQU`KLX9PC2KYygiS5T}mSy+`_+5e0xlrP-f_) zcl(6msK%FmaY5Ev47<0S;%)Er1hQ|+J=d(|;UmMu&n|3adEr6i)cOJxTbcED1{7#D z6%n_pG=ch~w);j^)g*Akt}5yazyub}Oco1WxH0S$N4uRYq+%aQ#IrT~g^LiaW_cG* z&AD8!5sPgwGg>;+7o?b;97SU7cnuF-(QSSOnny1oT~v$_H7qr>mPhz#eRw=FOShq27pi1J&~B+|##T9U zNfg74G(`ck)VhGIG=*FV1F7o+k~Cm`rUqr+R6o7kC%c4S;4A4DO-D8_cp!E_wencO z^P$?LHUB+~ub4Hn$Gs;+ zx-_NV=g{pTW>^o!Jo|^~hJ^4*U2N~VP^pnHY-LFkQa5+7c^@U_UFJp7p{X&V* zJ+(QYhQ(E0gg|sJJbn?xu5M-g^)G2W+ga}l+kl-1QKf}=GfhEjAkw)W>qR3h`+RoP z@lS#paip%p`Uc>tw%-(S)8=om5dRG?A!yqqD#=SY&%+@PoH>EvBnUDO)QG60S3X?D z-~T!w2#C1Pi^W80#6<`s!q=j4ULm3cL-y?3$*yrxBE{+)U_R-(`ACrHq6*7w6_}ju zR@q6A5bowY6-Vy?3%>AB;*814FjV{hM(`STe;ToccmN&*$_d+oyr7XM8{o%RU)UfZ zKR+P5$`JhTxZ^V3JYyL z|JMTe{`g1~2K;=U8utUmfjKAOdAFe;voB?^?zRzAAAOF5D zdH)I*faiUGeViNre0TW$+}tMK?gkN{{<%lfGP)%7Y>+;{p#d-;C9JNdOmgzG^p>w4x~3! zVpYie{=N<@DVWV^$9{WSA8(ZGW%Ddl86G{~*RS{ngy zjPgRVx^^wucrSXnw(uLb*Ce2S(e!^N;JnSmu;*8an_5hhO9ZV7TBv!_#IZz1XIC#J zR?UulYFJ+#YXwCJTxJ#l>FPOYJM=g&F9WulLY1EEeUk`TO5zGfan)IpR<4vc;NqO5 zgFXa*tHF}S#hpaLR$>^yyXR$H!Yu-}`#!g|;0pNQ>j%G!c-`~s^|j`sO-t1?*?XsH zMp4mGiqAk`qh1JuZ4N=BkP^|^3cLJj`(bSp67*G0f*xOm|>p`>);|4xj$htlGk_B%_{r!!g)bhTU(_UV}igO+)_31dbW3Km_+& zo>HM~7*7OW^*$QR(V^4-8(=HEH6z^?R7zhKwY(}@8-1k5We~TtqK(}g?D0O*ji3Ru zh?;=2WUF^L=iIeo?(O66Mf&*>!BttGouSG{Y*;HQ}h_uR`JW}>XB}_+!t9x|TvGNawb~Uflf?~>8#gdvSP|I00 zs}H3FTLe;v5`*!zI?tht?_Q>G0Si}_xBEd>{947QOgFh1Bc~z|i%hl!vQ%IzMA)!n zuHZeVXtQCDldv%$@!5)~D(GkkYZLEngd;AvnNtlImwmJOclUYPQ=4!o0Pe3$FJ1}v z1Z!U;pA&UDeul^Vd3aOJPT6fk+IuAkmx-BwJrTVw{$8`Gkd9k1G-0(21gmyCDo?Dg zR;W`LDoXyI+*Vh=!kK?m;nDwG!PLq|;ifr;chio!0^MX)5Gj@SK^@UaR%N?fCVU_( z5xI~aA&hS(tGvtgDu;SLFmNyKQx1Qvn^PqBe6_@_K+eq2KCT z>najybCwTjiHH)>tmm#U#ZYNpyQHTk3!l8I`X~-+3-RP-z4wVW1jO=gZuYbAn;mJ> z4*Uhf#-XR0EMx4QZ^o)SkNgW-v?)s1nVq^(QUGiMA3k(OJ0I z6%{lU$`(diII9q%@VlUm!@H$svmQ6vv%%u*AROWRXkcS4`J*{ThK94)9){rTiae5y3PFepSINA@ z69YBh7XNPz%2F86c@^nw@h6e$hBj--3e~+L3bmb87^d%yobqIh-zuCZU*?Y?KhXmn z<9sj(@*}vB?uH(>Ooy0uz`s4HBnZv6_h8l|4g=WQOYDee^7QciyV#TxFuAeR_&-X; zLO2Dt`J~B5@|ze?%z4(I5|b%WrVvrXl`*2dA!QHFuD$&i3a=MY$c|+ohj_jO%oO9L z2|PzlTzNOT`Ku-;c!FnTek_jhW)}awbXu z8+;`0Cz5H>EMIJ)8ixV-4J7b&q-ds3H$!{1hvT=fTO=~eUk4v0@kh?O(J*}XxI3GOdA#CHsaM z^eC)=dWk(UGRmDUGqXej?+iypzg!zo;DHnHd|g76_p2ehat34km@Wk0#GL3aIv?CE zZMM@Yn0apN;B@r_mwlM6vZ94Ro?Y`7ob`||&H$oL<#SR9oJbuyp+M3jO_st8ba2m1 ziFC8j+;-&bY`k<^o0^5Nh0!TN0O-v#MC?;KrUn>Y(oFh;$j+rITP_go8+;3((%$6c z45y)};^ihl#+i;c0g!3&|4(U02$p0?#2Y7bsUDy4^FrN_09N!b8|*({>0bVIHoX03Y*OL014B zgQqhU70EL#o#7E_YblLfYtIhNR+b)?Yqtlto07niC@Tm+47%7mR#zhzwZpUoh9(85 z#o*A>bdl>4UXdoX`(ViAyo*Cr=?et%vjG32UyOpG7ZvNN4ueo`-q}TkB2ci}gin*s z6#^_(mbsaF{1-q-&Pse2LR0P>bkW?xo?cQ(qO8n>@Pz0^%KtjWB@6rMMd0A8FWWR|2;zDC6 z8o0UIeB~e9a~pPQeECZXqUu8^w>*WKbTu6vRgTi`!VQq$BV#3p+Ok?7{J&_Wg^UA8 zP8t`Tt@?o=faxmk8(wOYg7L+NFk5wY`h#-X+tnIJ=zPK~L|_Fzt@%KV3oT}t$c4V8 znFvv51%~>{u|z_+Ba|^J9t%pKQeO3N{)01;Fo8zUlK5|R;rqeR9|{2SbQP?VQ$Rk1 zCwcjU0#*+5o%W!XGpg7q#HvoFLhN-uz28r8MYe&=rWQc4q<7yD8*QaHq+I{tfEMs- z%QSvI37}qirhb*MzRo%#w?ITm=C5cJd!}( zN{}Nvsx4%NvhI(x>E&<>uN^M16+1b8PXrrLMHx>`#U>dxd#H981I0Urr(C~oPLX#p zS`K^)8_#~W|3H9?Ssf90JFzNzJEw6eTPAuY?TJ?gk37h-wY6Mt zi1QOA(D9bvA{(=4CC<24wApsiAh6{~8Ay3ihm@^YS<@|=3JCzi!*+(9S9bm&<- zJ4llv5l!dZ7Boqfu=V95mHr-pzsj>B>XYAUf=qkRDQ@x8?i zlvrGz^fUNjmg)c7)(;eX*#F}Lidry-h`m(g)sKb=sHYg{&jy6#+}G}@qI%=bKJb7Z z_Uh-}dpLU!$6-eTabrb4m8HqXg-)B6(o?n?6CJ5+O%wU^|0#A%uLx8;n1*GsA^=&+ zbp=VX&t?hve@6pao-FM8h{%*`OYxvV8Es$_JvFDab3}4SDlts_*pXn^4nat;+4sRz z+1Qb2vZG-qrg@@7rp847BW=e7+;NsFEQpVTeX@&pzk~q?$BMwfNhBfe+&d0lq>jp> z84Kn=@BYVk$o~%$tEz5&lf$<;JPEIs1#l%1#Yc$r;zEOT=D^~^q*l6$OeiQeg*-tf zz_d6JK(qi)5V_`0(z)i3yT+3B{;yBk?55zRY@GiyF3XjK2aRg8&I4m3I)m>3L|hkf zJRGQntyf?Rd0MHG_rtZ`<^ihnnzgHw;9F00FVqi-lJL*SPCT_f0>niS4}n5d?0=Kpav%~VEQkx}wxjz0Kb`kN)!Bz_U$h6Da z#_*T7bSglvY2v(5R%r^F5sN~5YNBp3E-q^N+ta;wH*ICK&&k;F^6q82`8LS;Y`wbQ zvA^5s*?I0e(^67$J`U!XGC7nNEpLzFltE1+##;I3_G-pCDDeBZ%86O)lGrP?-WhPt zAM|4PvHkC|?bgrhrONoajwy%Pd2aUgqk7xhc?a`6oRdU(8Fs+xL%?18e_GR)>zkjwA#eDWrA!Nx^|k*>Z41r2e0e-vS} zJ)mhS5tk@Ib>yvc~lp!%o2If ziu_VrK4$M3vGg_M8fltX)_BCY1y7?MHX48tnGcfMQK4DY-Qv;Esv5nxO;ck=Pt+#% z;Gjo(Y&D2P4sjJBusTnTTlJ@{zWc_py|c%z?b*9~=6yG3sv6K=G5me4$oVDr&-gwR zaAF51{9RggbNdFklfNS_KpUif$vK$&2iOX@@_K&zG=Av(ym6<7WQtGk>X0$G;{nwD zKGWGu0I~=m57EtjebyGy-8dnxeD}ZsK*TPYkA^+rv;1E7UDa@BOHO6z{&3m}J&M(! zg;wOL^w6nFJqGy5{O-P+uG|moaSACrVy^yrJMmNg?%)TJqf$_src#pt8*#6TGN(f= z$(|vDRy`6>d7xF>P`6usY4HrB6bIY}<00YLIv)SVc4Uvrc-(4ozc(s$dj-{AVk zf3wEB`s*-8WkVM`f-LV|*4G4KBHOjw}mYAl*hnWBuy zL7atevZ?h zt%~>r{1I2M+w$6scXM9jZ6Vr=s~f3pp#H@@oDToSTF(Eo(pAnJy8tMo4!V)~E7iqS zq}U^I9QRDI9&Z0QA-*6hrQxxV`8ym_x(?Cch$uqYw3~VVOqci47ea=lR;4JTgh%i_ zALJs!ELGV~XtV4qAz$n@uPV@R;(oBpg*l^!yH5Cdou&)zub4lK1sB%E|*webBQHp@ek^2Ne*%c~Ff(q<7&GBrbX zy}+qk4#i&bTf({>Wp@?y1t~+7t$ZB-52r*1xz_8PI5wj|M{eufI*MVMz4Q#NB!Haf&kJ`XHvL=ha>Jne;3CP zUqZ51hy##Hp&auakcPCjY*;AKyio?3$;veR-YiRjE`Hz7B3q#oPe7|~?Q1vq244E= zj%-S=1h(}A3NsKM;R>hD%tS8Zt)iSTT38?ZQ{4J~*z4K6xt`+dp8W07$`HBur3$A+ zL_NOEq*j+Y6hQ21)^QZ`k&^Cr6c_Z2O$^bSM5q^!3&e)NRUkx^vV@hBNUGzMTi(&C zybK{o6|$%jkU&z=mBJ)-E2eja>GuJ>y$S((1r+gT5xT$|u+4 ztnwZ<(esucpjM!QmLWjY&+*4f=3YRf-!rFhYLeG|1BfIZ&4f|&NOJ2e=xn@t2V@EBu-VlTMsaH`hg5PoD)h2lhc=tR^Oyrofs_-TZyM#aC#P zzFe?1pR8*w#irE1c>g1zsu_+av88SMaAY5~IBIYX4S|-5(#8TOR~$oh0pj1j-Hu<9 zy61G^41naca1Z--U$`#UvENY(oB!eC{djKXc{BtxT8L-CXNTTU&a)Zh24%$mlxFbc{8U6-a{|JvTGu-0i}@!A*IX#=`bDdg6pb|ukr#<2PJqG>KpsamW&0J?Dj3W~3Q|^n zt~%1YNa;Loh4?GlE2(`*rc^d@d&r2WlZ>+EhA=;rcz&1t^}8pcr=oh9iOlf z3sB_PW*zg_jUK{*5ifvZCxwI5#oy`fyYwSR7AUa!{lI0GfCFas3TdS`WFoUp;^VRE z!fEVxSh-UUY$#Y$<3G zXcuz^0w3pX9a!e=u;8eyJm%GT^ga}5696?Cd5;`;DaH~`FV$6t%ITf4@CHGo*!VZNEd`fa`LR>xYZb_Y;@vwy=NwMHAKfnR! zztriSFbT^v^F^jk3Rbs*we}L;0KfzMs~EBHuQ2cg1~`O#80NjzMU$aJ-l1dE3}ka6 zulWGTCg=gzn2-mwJ(Y;!V_5OD5)*lhl(Bb+ii~-f<*>^)atB*F+YwqQFdU+|SyA*g zl_P7&ZF|vY7<0xn8W^A(bePL^Jir>^k;8;^Y(9-ld~XK*iV!F9kjv-So9I6cq9|+c zp;TTqsBjx7!ZLQA4v6m}7@o2axpy2I_SI?npM~*W<+BKi-~Bk+VylG{f4aV0S5|&% zW=6k1gQ+p6(4+_?7DB%fg^_v^q|_+(=2_xl*OOH*Ia;MJ&0vkZvDshLRspTUCzEzR z$FAe56dh)eIocKjgnxAXjd4t&2-4{?!SmbMr3XE|r^$F;+tLQnxxom-gD2ERDQ1!rcoc0qlMH(J54{D=@_CJODVn!TKd7mJ`Ju38$$cY~ zpUaVrj6~;AOZ(vl736H9k$}~Wka^Rsp9LGIYZcL7I8yq(rupa2rx@ymI}b2F;J?7a zILRuLC_oTkspvu6>Ivo^f~%z;z7m=L+Nf}w)}(=lEk#1{?Wpyze?u1N=j z))%BWzP6RreUNwQGlDWT1KgaJa5Ho zTuf+u9gPzZQgs#*Q#H}WP=p})9XWCS%Dy5AX-={v4N!s6yc^FoO%K*v!*0_ z#$y+QU7+qPK_m_=iH~AKJk3@BK26pqND!-;%tcX2-+@oqzn z4}J-5W?~SYn&a64&W*C;M$Sw0>jl~=S{6)=5UYsk5ZGiQO-}Jovjj7wloGu9MFv+u zCtAOvhz>Mpo7Ay_FtAP3)P~=rd64hK!x?Hv`=uj^T^VV!5D;yFoBRc}i86nGN7gc# z{IF+`^SZu_5wk3Iz2XXcg@G8LjWiXnRfBWUM=er}Rx0b9w# zcyrBVFeO3X2dL9f>PD@@W&a0FgGv-yMGFXN$0)b;3pGTRIAjTM##>1WY3m822SN&u zlV!rwKy0;v!3i8-SHbv$(U6?k7VJ%R`Z6r4kFoRV!`~o(-0r6O7KFGTx{bG3SigrFyW+4xlIx|s-aefah z3@~Ltdks}t{zWrK*m5uUI)i@eQ@IV4Jq^8&b~Gb#OgjAL4P!;;fWyg3rG04`NH}4Y zR`$OI{Ef;Sf6eq@g3L8A*9@mnRXGlL@{9nFf?@02OwaW$R*cm;5zyubA^8`557MyT)z&t$RvGaH11z!{8Fi zx=k1oReUO?ZE}h;jj$|Wi_f_H0aW%2k$8?jZ*F)n(Tc@nIo_hG!vy*^#>d%ZZpOkjWagZRl^qjT!tajx4*Fy24k zm*#QaRgAO5;t$2=jzNxCV2 ztse7k-}!7=|8C%~_x#E22Tu)w#z^g&L}|ul$K!#EC>8{k6n~(oU!JN%MKLzN2)Ttx|;V8`SadX8n1^-ug*_q7p$6 zSEA_sX1!Og;OpxH@YC*`N&&$1;a2GL_ew3RcJ}f{f0bgiY(lTqi0Yp%@u5}!WH-8^ zs@9QZ?o_2SgzEk>x;62p{kqF`De=rQ+u0BL$<~SdcDDDd0pMLd7X71FpKH<0mC6ND25^Q12TT8%u9!->zP zO2ZnX^2cv%ng@m$oF~~8nkd_`?z{0N6glN!`r1X2`z{m*JW;DeXGF7KqkI{TQ^J&d z`^@cx7?t&Be-X;iNC9CYzq#e|l#PgEB}##tWWKa1t^VW|O}>isHS@@VKdY~+Yy+G3 zwYPLVHCvun<*zMg8eOzw;KFdvwwR-pS$`JPlryCc81$lCX~I61z0qB@!vOx?e{JuRn7*kOS?TVgaWQ&C_#!)Ec&7<G=EGGnQTA6%CThiC@JMwjOegUJr(E_L>?%Ph?cwYh`Hw0ijY824E(DFVVV zv1BDUu-#h02(v7wI~sLycA}!XZ!E50U98$tNc4iKU3BEr$2=%}6n>o?Ck$`c3dY4j zjB=$qDvieQVF94s&?a?3UJ_g+i*cqA6J~53{yyQj$&Di3TObVyJi)2GSkWGiJzLox za*WPkI%#@kJ+n4MU5&-)h^|uUgbGOt85BBEDTOep5I{!XWmbzM3zQNbz0zwrwT#pg z5xasp1&?bOO<_H*#BK^1syqw-kWnUyz>g=oS!Z8O&H-?|+O|-q&Ddnf`sQ0udK)&3 zI2LT=I*}IRsAB`KqY8^#T?PdT5=F~HvF3oFUKGnK+O?R6BGhhvX`J*`=k8USv>sL^U8Ig51JnGbAw$y9}> zp2-L$smLIHz94bLf<_t$GYdP+Db3GrGw6Spnnv6_r`nYMd^{fX=@E`(>&d(t@tC3O zUYANvRpQVU+S3hJB`47(ZEg~-e$1NkAz$S=O99>n%9OoL_`&cr1Ia%-J0gd`Qs>)b z8f&y;b^PSijrWEY6IGyekUFj@1)0Pk`^X?cIo;>3%7jYkD5lbasJ_V`!9KHYk;0}; zu=lLdEUeH(=Y}!1QOk>Xg!os`4w&?y3$je(<_^5FDSYtUltdR(d@rkh8{YN^7b+DN z_yfA;W>%?!M{F_RJ+8b{$|JqeeBgpx-O#g0jW~(jqCsJcxc*VS zyo9FOL9L&FiZc24UgRa-SeH5P7+uK4fH@btSMX4GmxkS`DC>d*@Ch<5Uwqq~I0sx7 z5^VHgstX`$wwpw5i~Vgk7J~k~I{H>C*I%oxF;$=B46wLHm&x4rO+jULg1HqQL+bx4?g>W@d}vc+mIBZnzC&=cHC{5{lnmrJ1q1(UZ9Nc zz^7WYTE+yyb4cuRtaXWN!0YO#D-4Kfl8yqMaHr|_&hCZ&nn(h(x8xdOFKLj~U;w%v zP-6@8`ZX-A{C#wJYWvG0CO#(BvfEI)bAy=Uk&AH`C$v8 zu*Fgs2$F13;{WrjmLrhdNu#0o!we#6pfr2Vl_jMCpCRSX;(Mj6c5%_pEHr?JHS3D3 zQC)d+ejxOBL|d+?M7_2}Fy|-CLogj1#Rae=LiPrhgZ~*z0|`$=6WYO-8*0;EyWfyHT*Ml6{)7O- zUWnsQx|a?nIhl1t;c@8yOKW{Ok+LTkYS#DpqGJ|r`7zUUleToGs)89g7nhDo0*GSsXLz3)d{Nq&3ZBOmDd8s06UH{cpev^U%!5 zQw0q0_scvBR+q2jz;xG9oR8q?@3^2}s9!M6{V$d0b~2F+za4_?T83lQAV3T6NXp zc#{6cITVX7UQqcPi6KA&_53n@N5Kkd3pwkaPoqcmgN`pR0`;)$(#E15r<1==fJqB}l8QqYj4bd$z4x;P8@vQ6 zp;p#Jf%-(oW(9L3*z5cm&Ts@04ky$XMw(xG>kA472gfITe*my)1v5S~5d-@GU+s54 z{DBkQb|ckkYSCj=S9C531(4t@$E;nPT94wcvVtFy;SNAzWt6C5TsM7n6jb7P3`b|p z2fKhvbfZAm+$JZe_Ald10c-TQ-B_f^nfD?ItROo=Sup73oE{RFGe2;)&@bFe zi~n^D{z)hmmH|M)i?Pcm=}{EE5?kZ#LY<|5Oy)W@`zBV3F)y(O`{OgSKVXJYXTMsb zm4~3<_+BGi*s~{36L#S}S$7pYf21WP%O~M%6K;JGFxx_R5W~fp_O9<-yEukgGr(BR zZE15KO${88Fod#1PNH)7bRhjX0#)7W6uS^&k%5Gtl?DuqP|h+brHC66)gxm>M#eSJ zj~KgpV4PFX%5+$ED8aaw$F_i>fWAec_hNIi8O^RC1Xdi!fboGylg94j4D5(~vPXgV zA4Bg3**E+i%JIYSv6N(_=lGnnD36tuXjxkz_i2tMQ`;5gA7l~z6e@EFa~olY{G1qP zFXV2*vjCg{xCWp(1eD_PARj_8C0R(GtB}ID0PIPd<4Oi{!dMH2Ha*y1C`RFGwjsa! ziNdwC!71ZSIV7p7hhRL0PHy)`#F!xMK=E8Ei0(_ugt8?LLb%}oIlt3wW*tIfR$M3{ zF-2a}JZA3CHLh--ykA@jEb`rgQC=sPK%pdr%>f;`QgV2a!s@D}=Nd4lOb0!wBh#IW zjcy1XDt`%$)qUx|f`^AJ^4co2w463(MI2sMBZsGCz7o|Tvao$i=DoCc_}#HwIW*(pj?-pLKBQ9vJhj-$w5@_d4@nd@wS z5dok!e&ku^WrIKxEsATA-(MTiA@6k%-_v3TcVLR7H&$$#jfvgFb?z@vg3}XKT}jvy zhh<>2>yD<8X~3XqLHEUCASORuAHdM=DkaBO6DEJf_TE#pL1v(&#Na1YgXXal&t(Zm zWIKpJBvM|KrY#YOZ9&+kJy^QPsGU+Jod8VUlrlI!MkV~9>Ly|8?`bC0ZDl23ZDBd$ z23L!mv{+d6$YLO00?i5rkzfc4$zN{bJ;bv7sXnuYmd4Ku~c&$%jYkv;m8fgl>ygjH%7?fZDDdi5obD5mRn z5s2lK-oiNz0-F-!R@XUXkNILC%=H$b4bXXdI>X2c5^?wGg7h7ya?5O6V};ZW2Rmks z>c8ly>r-Tp>hQ}pGK<>c>!*3Vx&VH;6shajcb^;f_5idzOdZt@ zJCpwlW4Rs+OdCAiHV8}wXexu)A}Wx3HWT65HC&Hgw%;b8qVavKSE4Ols9EmI^1+iQ z^}mzO_bgncb}AEin_mc{k}At#u<5sq*r2l5N7Ith)SI{X=73RtNHL`ga4g1jnR6X^ zxdjO0TdnN9F&gzrI2;a!e*rR{qBFi+uPhF!WM@G)o97yBCdz&Ajq->#3&9}`Jpv5= zSe^zS(vEI09yBAWR-j98^;4>)tvVz#rEF&s?2s;7CCk^U8SN!r81vc9Gh{a{u>id2*C0r@mGq}9 zE>dvyV~X%Q+$}VYEWN)<5Ky0XGCKvmd*)qr6Q=JhUX_he8BA*BPLV5>gLF;P5v6j?h9X?kSz;_{ zC#;qK#SyuK$Tn66S?R`vUMevHMxRS67NN2J3yb=O&zNCJep#KWUR61}*M8KTkt&fP z+f&kW9nXYu*p7fvP9Yhqx;>uXMvqYAF6v<#LC{{u6Y%3%In40$rI?Yvs)~>sPm;uf z?xZWDADHRX8jXcUbIr_ZCM_##yRQWibmYWPv*MjP#Q^+->GORWTq~dXTPrvjQQm$s zan1F@)4h{0(fy)lZFis(!&8qwxebOUSQLP?JZ(jZoR7O%Q~1zNRU;wKoNMD4dA`H( z{#a~F4$u}Ptf%~!NrY6wV6Q)&96H$PnA}17wv(r!ZLhNG+}QUb&a~6}r2Qf^6}H*- zN3Lb4%rW#IPkd>=kromuJ(aU^FeL)|e(1aY#2-&|NcM9t38maOnK=ek4%q342Lvq( znGu7p!YM6xjCqwO38KUo@jM~xn~Yhj8g>~Fd4L<^oxCdnJriLtQFnNG+78KcU`UJo z&|ZS_+=NTfB(8?DNPN=*e}RBU%u?bdBTBH+hTy|LC)wM#{dy|is8s_L;4#%!JF!Q> z@J}CG!Ayvgf#^aOaCn&>OP+lby@`R{&FlJaM7*C$NT~XJ<8BOm?|R@4SmQLRz~R{H zJYdQ#;LtlRXWvC1=~aWNcytn1&m>x(wx88W_!-jH1O##LDT|dM!z-EcGwsR{{6PRA zNpQ!ZRcAfpJMx)TWr9_|j?z-c>%$>wkO1oDuCF-=#qp+Hu|b+Uurnu5AZbjeZKLTg z{q1#(+H$g}q!tV;+7T6|B#vxBngtu9BH*r^{Zs`SgHaNjo2AHS?kIgWjeBa(!x@FD z8nTf#feD)bBBh#~$c|3C%JQ9;fDLJ{)xMc-D*YQ&$k?RBKVm#-virn$6Kcx9!wA@KY_E2#a3?EbEo zk=4YuZLwaNM|(D|H2Yz)YR<%aT-jVTo z&Sc*I5-VkNbM|?0!01q{tv+|+4{NH|j@goc;}M-ZU-3ab06=7=W(F&g0=$sPSfVTX z@kN`WJi$&V7lfoggwF!imx~_TD|ObAFshMPKed~`a6M1i@qb;$G;({4Rx-f9Yxk=h zeYmUX?->4~3pQ^BmS%|^k)#ACCD+FNuEfc8l!t%k!+xtDW$C+6)B0`|wVXI2WruwuXZygN>b{66$~)af8r6?KVxSGZi$D>Y|7 z+qE2ag(#}&)7-3+RH3=@JPBK&r~~YRZRq~sk8r+lp-oj#Y|o;s82-5F_y!2=3M1_XRNox6iXXbFZ zZNk9zz6tjm5Q&lfSvGsyPH=i+#*^U4YciCP8Aigps6#dPscp3Fyvf4mt;LJp-(006 z_rFGZnH4#t35aH)0Mh<;dr!TAbGR>CA?$e5C$ocn{CGsuP&Xk2I)DlG!b>f$gI*lD8XO<>VFs8u>>Ss&iyZ{@Ya2jPpZi0FRK-I+#C%zrqRB6_7iiUM; zGk-ps+0?nqQIflzJ}Lo4h^!+^$1QG1b(vXkkTf<0z!f|Z-9cfSZDAMT0c(K*QB;D- z4o;y~RJOn>pFcOhMIkGP2>@-Z!iy;4w^RlFQ`Oe^mLwV-;7CJW9AS<3AXMgNrkppy ziD#%bEKAo3DDHEX>`iy5u&cdMoQr~}-5GiMbD8Pu^C^7f_RRghMjNr#kzwS{ypBA# z3-qX0MuZ|CJP@M>nZz9>uA`e`tp#4-_ErYb>`{8#*t4Uw9q;JSLPPE69dN3YZ1WzU z)Ga4Z^g#n>-7D1_FTc#K$Oi-r_GamxI4BY*VMXx(Z3Rd3uGj5^>>Y54+Qu+=K#Jklj7?WT-rOi8KA` zcMdZc6q&`CwykPc3uYc*=rq3g`7Aa7l~%>e6J83ecc(0dc#curErWSVg-$JT`Hz@f zwH0arhAoB*Z};b0VmI(GVY53&rA`*Q=m=sH$64CatpJ%jB=8ie{V7+WSpy;o8uO;& z4)i5Q8-!^a=Ef4BHnxlxIBM@^l95q3J398__?T8pkd3Fy~;?;R1V~1B?WKE}0 ze#y+Zeh|t@@8EgY<>Zn^1Z&Ul^H=5P^sZWv?s^*VnOyfvp>_xZ8>QJ?tS*b?vtKRC zB)MG+XAYK5F{{L6gJy)*oM(B+rw{G0leTU$`X&qz+fEN`Qu zgfOW;?~BP(?+NIA6D+3MF>+WM0v9N&+2EeGu+6{q|2R# zlO%>n+PROYa3rxw^V8KZVQR+v{;kTZ{V+>JWaPg6SifTFEzHJjjR&k-mK3awJa4HR zwx89Q4qwS|ZN?{oOyEg1QHkGB8zZ*>*8e!NbI~;!^X{iAD19fR9D*pHwOATZx6H3? zyJGP^Tk0vlP$`-8F&nT(U5R2w5yZ({M8I=R{qecDhe8&b;3K0Dhmt0>{;R1)W(o+^y7D%eLL6N`?#EdHAvt z6HbQ7SA-itVhRQd2h0-Q-CS61ulenyKt2%utt=Q3(|p{i_ytlzhkfm9>nd~(45Hqs z5WPtGi=UpElm&m>b^;d`w$A4O?~%hoT7Mt6n44=9g%HkKg>jIinUt!z`Eq!N--32= zXQ0WgJzBgy_6TP`3O1Uh`H4>t9~u!+p>btS?|{P4XH`h~3!r?*pzisE*VVfJeQ3Cw zzkN(-OnCct2y)@@AY4n2{C~Q*@@S~nH$KL0Y-MRM_QpjR>rmOV#Spr#T*|(UWwM81 z+`5b~qHnfH*#_Cl7Q)bweGm#+rYxx#d$!^?x8Luae!t)Q*XMcO&wHLfp7WgdIp=-e z&$S*Gs)Uo;O_o|c=+3D;q14rnYAw|Kg|kZ-TwMMBM0SJT*IgD73(6dtZ#o!7h5)ag%y`SbJ)phONy$lMsV7}BbIL%EPcH(=}_0s ziNp9&JI{mlQT6M6moT~^QLL=26l>br#bEV$R=&NxLp+*Bs4Uy@ut0Z=r2FdhKlhaH zP@PArw(G)@SILZ#=S;RpWezHNr`5L$_#@Um%RAkx!fp|qloK`!DpyUf8Sw8Ri?I$t zkmgpg5~J^;NSEyceVN2K`Y7{NjZ|A)7OB_k#~Li{w3=u6$vb4~Y? zxg`5*#^hl{O7GX9)MaUJn&_^XAFPvT9n&K+xQJE$8adZ%;(hE+=odT=WmJl2D8}kG zUaLc72s8)xY3^RMxOmP66YQj{(ZTADHPc^`WX2fb|U$+`NJUYOlvYI#-j?o02HrqeQs;Hf{ zn<~!u9i$W0N!e?eO!gbh|3P~g-E-iAgn7GqMc354Q{NGH#@d-@ZTMtVXHH&m7IKfh zY%eT${UlRKI02Fuh`9Ksc%FnKiR&hya4F?SiR9ROW7=4!8o}!=w8OwJWw^Nrt=MD2 z!9c#b1sh)P2a9R;9|KFrOZ84O*N;3he5Vn5D6Jh=m0Vnr{#@W+J^_~%%w+|2%8Et1 zy5Pk=4PC3&LY1-(PX*0mpQQ~leYIBJxNrWucI1YkjO?g6P{L=hlyo7(C&HKKOm57a zb4L&{x+J&S?@Qg<+fT-6L}eTo)K|kUg+cpFJuZXG!6nVMBI&*cgGa^9#rPytjn?F=e(8i>MJXTmmNzK^`#b?)%HuyK+2e0u$``w3pj5aF+O zCxkS-;=Y}l>x!p++`{3IN+hAZbnK{Rf+gO*IhPu`G8fN|lM0L(zeh^H2K7S*@pNWI9F43)sY4>t(gwH8#eX7>`??N{Z#>SO}w#94Sbl6xFEhGy1+3 zUR`BqGaUW&0C{=Q?fj$a1mC~y$!PYTA10L_e!uGMhc8$A3kSuhP#KG=EKrHPHMJd) zi!vezIjf(Dl4l8Fs7fvxgQIJ9Epsjw#lIh<=2ecA65|~S=V(1K zFhzB)_lZ)fGHpX?XQjIrfZM#Gajy!^F33n54^fsal|Nt%1m&j2D$JHQec8MbN3A!) zbaJToG!rBJ0_7YEJu0;zO!i4}<`PC-C^632UX&4TU?6p!8sK&F_`oVk)%C?vlgR2M zTfZsC%Y<3C$Au{R^H6XIGQF}?q9amYH1u1^&THn_01Lv=`#uRIh^^KME?DGIE@{)M0m=F8&JF(-SFEJI zNmXa5R2*E=&Z=Jk=lF?|hRzkrdtYk$w5q2nY2%ouck7P(Cl~)r^X)+BtNwl5e zH@d$mk@UKlAV1#dU{mTlX%^EWTlWFCc39pE6xk!y#y_LHHd;GRb z%QCGUkNmq|)-W?pA?UQ9!BwAbW3K$)Sv6CmcCcsxs(gjavCyk2c@1adn5;ta?ffBLBfV*J~lmg zlq=x}jV7bQO)YhZt_{u7XXdr#)SP(6z5gZ)S>^T|y?)8L z!<`%uJxU2qpqGf!V_ok_w3FQwU%w+Dt4;4bY@W zP3g+C8_P?x_7~;fy=ES2Uq*8Nx%YNSh{( z$qRIri2+2SVjXAsDF_hLCJj6&RjeCon_vJEiDJNfnIbSo%&!xzS72biDIl+%UuV^z z#(>KsuB3D^Hx`tJLDTp}!pCHhqiBoUUE`bcR~q?#n@XBB(%stJygP7o>8f`Pv@j^V zdlB`FQ&B5mHM~0?$#Wn&ASG8}x28~i4WB-1zdoRKUD3xJK*Fma7jVRH z6|%d2DZDAAJL%E~c2ail<79hJCWNRPYwBvl{}S}MdSv$3;D%kzd2st-3uh#T`pTcNzrU>8i=1sG(JyKOwNV8 z<}=WMl}XLCj1ab5lM>!HJV^DnOoDtf)$D9bZ)x55!t*ngqD?N$0P8R}fGZUMp0p_z zb(S&!QzP7U&qxRC|IyQ`?z3f>0vP%gVZU^8Kp-exw&K?^}Lph+4 z!V6dq3xh9}03RuE02mQweEbXqJSXu3TEhbLa^U9q?}%NsAYi17ABY{62Upbr=jug( z?qOco&mv&}ft2VvM5q3n51Oh6Hivb<)h__$5p8fq3lKO0r{_$Vk-P2RQJ%Ch1AQa% zj5pf*New* Enforce subnets should be private", + "defaultValue": "Audit only (recommended)", + "visible": true, + "toolTip": "Ensure your subnets are secure by default by preventing default outbound access. For more information go to https://aka.ms/defaultoutboundaccessretirement.
Uses the policy Subnets should be private.", + "constraints": { + "allowedValues": [ + { + "label": "Audit only (recommended)", + "value": "Audit" + } + ] + } + }, { "name": "cuaSection", "type": "Microsoft.Common.Section", @@ -8940,6 +8956,7 @@ "singlePlatformSubscriptionId": "[steps('core').singleSubscription.selector]", "denyClassicResources": "[steps('core').denyClassicResources]", "denyVMUnmanagedDisk": "[steps('core').denyVMUnmanagedDisk]", + "enablePrivateSubnet": "[steps('core').enablePrivateSubnet]", "telemetryOptOut": "[steps('core').cuaSection.telemetryOptOut]", "enforceKvGuardrailsPlat": "[steps('management').esPlatformMgmtGroup.enforceKvGuardrailsPlat]", "enforceBackupPlat": "[steps('management').esPlatformMgmtGroup.enforceBackupPlat]", diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index d7241e47d..7354649f7 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -14,6 +14,15 @@ "defaultValue": "", "maxLength": 36 }, + "enablePrivateSubnet": { + "type": "string", + "defaultValue": "Audit", + "allowedValues": [ + "Audit", + "Deny", + "Disabled" + ] + }, "telemetryOptOut": { "type": "string", "defaultValue": "No", @@ -1634,6 +1643,7 @@ "resourceRgLocationPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/AUDIT-ResourceRGLocationPolicyAssignment.json')]", "VMUnmanagedDiskPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-VMUnmanagedDiskPolicyAssignment.json')]", "diagnosticSettingsforManagementGroups": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/diagSettingsMGs/diagSettingsMGs.json')]", + "privateSubnetPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-SubnetPrivatePolicyAssignment.json')]", // references to https://github.com/Azure/azure-monitor-baseline-alerts "monitorPolicyDefinitions": "[uri(variables('rootUris').monitorRepo, 'patterns/alz/alzArm.json')]", "azureUpdateManagerPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/MODIFY-AUM-CheckUpdatesPolicyAssignment.json')]", @@ -1764,6 +1774,7 @@ "mdEndpointsDeploymentName": "[take(concat('alz-MDEndpoints', variables('deploymentSuffix')), 64)]", "mdEndpointsAMADeploymentName": "[take(concat('alz-MDEndpointsAMA', variables('deploymentSuffix')), 64)]", "corpConnectedLzVwanSubs": "[take(concat('alz-CorpConnLzsVwan', variables('deploymentSuffix')), 50)]", + "privateSubnetDeploymentName": "[take(concat('alz-pvtSubnet', variables('deploymentSuffix')), 64)]", "pidCuaDeploymentName": "[take(concat('pid-', variables('cuaid'), '-' , uniqueString(deployment().location, parameters('enterpriseScaleCompanyPrefix'), parameters('currentDateTimeUtcNow'))), 64)]", "denyClassicResourcePolicyDeploymentName": "[take(concat('alz-NoClassicResource', variables('deploymentSuffix')), 64)]", "costOptimizationDeploymentName": "[take(concat('alz-CostOptimization', variables('deploymentSuffix')), 64)]", @@ -6388,6 +6399,58 @@ } } }, + { + "condition": "[or(equals(parameters('enablePrivateSubnet'), 'Yes'), equals(parameters('enablePrivateSubnet'), 'Audit'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[variables('deploymentNames').privateSubnetDeploymentName]", + "scope": "[variables('scopes').platformManagementGroup]", + "location": "[deployment().location]", + "dependsOn": [ + "policyCompletion" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').privateSubnetPolicyAssignment]" + }, + "parameters": { + "enforcementMode": { + "value": "[if(equals(parameters('enablePrivateSubnet'), 'Yes'), 'Default', 'DoNotEnforce')]" + }, + "effect": { + "value": "[if(equals(parameters('enablePrivateSubnet'), 'Yes'), 'Deny', 'Audit')]" + } + } + } + }, + { + "condition": "[or(equals(parameters('enablePrivateSubnet'), 'Yes'), equals(parameters('enablePrivateSubnet'), 'Audit'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[variables('deploymentNames').privateSubnetDeploymentName]", + "scope": "[variables('scopes').lzsManagementGroup]", + "location": "[deployment().location]", + "dependsOn": [ + "policyCompletion" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').privateSubnetPolicyAssignment]" + }, + "parameters": { + "enforcementMode": { + "value": "[if(equals(parameters('enablePrivateSubnet'), 'Yes'), 'Default', 'DoNotEnforce')]" + }, + "effect": { + "value": "[if(equals(parameters('enablePrivateSubnet'), 'Yes'), 'Deny', 'Audit')]" + } + } + } + }, { // Assigning deny storage without https policy to landing zones management group if condition is true "condition": "[or(equals(parameters('enableStorageHttps'), 'Yes'), equals(parameters('enableStorageHttps'), 'Audit'))]", diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-SubnetPrivatePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-SubnetPrivatePolicyAssignment.json new file mode 100644 index 000000000..c1092bb31 --- /dev/null +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-SubnetPrivatePolicyAssignment.json @@ -0,0 +1,66 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "effect": { + "type": "string", + "allowedValues": [ + "Deny", + "Audit", + "Disabled" + ], + "defaultValue": "Audit" + }, + "enforcementMode": { + "type": "string", + "allowedValues": [ + "Default", + "DoNotEnforce" + ], + "defaultValue": "Default" + }, + "nonComplianceMessagePlaceholder": { + "type": "string", + "defaultValue": "{enforcementMode}" + } + }, + "variables": { + "policyDefinitions": { + "privateSubnet": "/providers/Microsoft.Authorization/policyDefinitions/7bca8353-aa3b-429b-904a-9229c4385837" + }, + "policyAssignmentNames": { + "privateSubnet": "Enforce-Subnet-Private", + "description": "Ensure your subnets are secure by default by preventing default outbound access. For more information go to https://aka.ms/defaultoutboundaccessretirement", + "displayName": "Subnets should be private" + }, + "nonComplianceMessage": { + "message": "Subnets {enforcementMode} be private.", + "Default": "must", + "DoNotEnforce": "should" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2022-06-01", + "name": "[variables('policyAssignmentNames').privateSubnet]", + "properties": { + "description": "[variables('policyAssignmentNames').description]", + "displayName": "[variables('policyAssignmentNames').displayName]", + "policyDefinitionId": "[variables('policyDefinitions').privateSubnet]", + "enforcementMode": "[parameters('enforcementMode')]", + "nonComplianceMessages": [ + { + "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" + } + ], + "parameters": { + "effect": { + "value": "[parameters('effect')]" + } + } + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json index ced61236c..e66394676 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "15544708819382265845" + "templateHash": "14175278704503096" } }, "parameters": { diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json index ef6f1f445..02faa4153 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "49176136240050651" + "templateHash": "1206003654465253802" } }, "parameters": { @@ -124,7 +124,7 @@ "$fxv#139": "{\n \"name\": \"Modify-NSG\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Enforce specific configuration of Network Security Groups (NSG)\",\n \"description\": \"This policy enforces the configuration of Network Security Groups (NSG).\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Modify\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Modify\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"nsgRuleName\": {\n \"type\": \"string\",\n \"defaultValue\": \"DenyAnyInternetOutbound\"\n },\n \"nsgRulePriority\": {\n \"type\": \"integer\",\n \"defaultValue\": 1000\n },\n \"nsgRuleDirection\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"Inbound\",\n \"Outbound\"\n ],\n \"defaultValue\": \"Outbound\"\n },\n \"nsgRuleAccess\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"Allow\",\n \"Deny\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"nsgRuleProtocol\": {\n \"type\": \"string\",\n \"defaultValue\": \"*\"\n },\n \"nsgRuleSourceAddressPrefix\": {\n \"type\": \"string\",\n \"defaultValue\": \"*\"\n },\n \"nsgRuleSourcePortRange\": {\n \"type\": \"string\",\n \"defaultValue\": \"*\"\n },\n \"nsgRuleDestinationAddressPrefix\": {\n \"type\": \"string\",\n \"defaultValue\": \"Internet\"\n },\n \"nsgRuleDestinationPortRange\": {\n \"type\": \"string\",\n \"defaultValue\": \"*\"\n },\n \"nsgRuleDescription\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\"\n },\n \"equals\": 0\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"conflictEffect\": \"audit\",\n \"operations\": [\n {\n \"operation\": \"add\",\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\",\n \"value\": {\n \"name\": \"[[parameters('nsgRuleName')]\",\n \"properties\": {\n \"description\": \"[[parameters('nsgRuleDescription')]\",\n \"protocol\": \"[[parameters('nsgRuleProtocol')]\",\n \"sourcePortRange\": \"[[parameters('nsgRuleSourcePortRange')]\",\n \"destinationPortRange\": \"[[parameters('nsgRuleDestinationPortRange')]\",\n \"sourceAddressPrefix\": \"[[parameters('nsgRuleSourceAddressPrefix')]\",\n \"destinationAddressPrefix\": \"[[parameters('nsgRuleDestinationAddressPrefix')]\",\n \"access\": \"[[parameters('nsgRuleAccess')]\",\n \"priority\": \"[[parameters('nsgRulePriority')]\",\n \"direction\": \"[[parameters('nsgRuleDirection')]\"\n }\n }\n }\n ]\n }\n }\n }\n }\n}", "$fxv#14": "{\n \"name\": \"Deny-PostgreSql-http\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"PostgreSQL database servers enforce SSL connection.\",\n \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version minimum TLS for PostgreSQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for PostgreSQL server to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#140": "{\n \"name\": \"Modify-UDR\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Enforce specific configuration of User-Defined Routes (UDR)\",\n \"description\": \"This policy enforces the configuration of User-Defined Routes (UDR) within a subnet.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Modify\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Modify\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"addressPrefix\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"The destination IP address range in CIDR notation that this Policy checks for within the UDR. Example: 0.0.0.0/0 to check for the presence of a default route.\",\n \"displayName\": \"Address Prefix\"\n }\n },\n \"nextHopType\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"The next hope type that the policy checks for within the inspected route. The value can be Virtual Network, Virtual Network Gateway, Internet, Virtual Appliance, or None.\",\n \"displayName\": \"Next Hop Type\"\n },\n \"allowedValues\": [\n \"VnetLocal\",\n \"VirtualNetworkGateway\",\n \"Internet\",\n \"VirtualAppliance\",\n \"None\"\n ]\n },\n \"nextHopIpAddress\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"The IP address packets should be forwarded to.\",\n \"displayName\": \"Next Hop IP Address\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/routeTables\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/routeTables/routes[*]\"\n },\n \"equals\": 0\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"conflictEffect\": \"audit\",\n \"operations\": [\n {\n \"operation\": \"add\",\n \"field\": \"Microsoft.Network/routeTables/routes[*]\",\n \"value\": {\n \"name\": \"default\",\n \"properties\": {\n \"addressPrefix\": \"[[parameters('addressPrefix')]\",\n \"nextHopType\": \"[[parameters('nextHopType')]\",\n \"nextHopIpAddress\": \"[[parameters('nextHopIpAddress')]\"\n }\n }\n }\n ]\n }\n }\n }\n }\n}", - "$fxv#141": "{\n \"name\": \"Deploy-Private-DNS-Generic\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy-Private-DNS-Generic\",\n \"description\": \"Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.\",\n \"metadata\": {\n \"version\": \"2.0.0\",\n \"category\": \"Networking\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \t\"AzureChinaCloud\",\n \t\t\"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"privateDnsZoneId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Private DNS Zone ID for PaaS services\",\n \"description\": \"The private DNS zone name required for specific PaaS Services to resolve a private DNS Zone.\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"assignPermissions\": true\n }\n },\n \"resourceType\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"PaaS private endpoint resource type\",\n \"description\": \"The PaaS endpoint resource type.\"\n }\n },\n \"groupId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"PaaS Private endpoint group ID (subresource)\",\n \"description\": \"The group ID of the PaaS private endpoint. Also referred to as subresource.\"\n }\n },\n \"evaluationDelay\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Evaluation Delay\",\n \"description\": \"The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists\"\n },\n \"defaultValue\": \"PT10M\"\n },\n \"location\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Location (Specify the Private Endpoint location)\",\n \"description\": \"Specify the Private Endpoint location\",\n \"strongType\": \"location\"\n },\n \"defaultValue\": \"uksouth\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"location\",\n \"equals\": \"[[parameters('location')]\"\n },\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/privateEndpoints\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\n \"where\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\n \"contains\": \"[[parameters('resourceType')]\"\n },\n {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\n \"equals\": \"[[parameters('groupId')]\"\n }\n ]\n }\n },\n \"greaterOrEquals\": 1\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n \"evaluationDelay\": \"[[parameters('evaluationDelay')]\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"type\": \"string\"\n },\n \"privateEndpointName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n }\n },\n \"resources\": [\n {\n \"name\": \"[[concat(parameters('privateEndpointName'), '/deployedByPolicy')]\",\n \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n \"apiVersion\": \"2020-03-01\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"privateDnsZoneConfigs\": [\n {\n \"name\": \"PaaS-Service-Private-DNS-Zone-Config\",\n \"properties\": {\n \"privateDnsZoneId\": \"[[parameters('privateDnsZoneId')]\"\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('privateDnsZoneId')]\"\n },\n \"privateEndpointName\": {\n \"value\": \"[[field('name')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#141": "{\n \"name\": \"Deploy-Private-DNS-Generic\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy-Private-DNS-Generic\",\n \"description\": \"Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.\",\n \"metadata\": {\n \"version\": \"2.0.0\",\n \"category\": \"Networking\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \t\"AzureChinaCloud\",\n \t\t\"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"privateDnsZoneId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Private DNS Zone ID for PaaS services\",\n \"description\": \"The private DNS zone name required for specific PaaS Services to resolve a private DNS Zone.\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"assignPermissions\": true\n }\n },\n \"resourceType\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"PaaS private endpoint resource type\",\n \"description\": \"The PaaS endpoint resource type.\"\n }\n },\n \"groupId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"PaaS Private endpoint group ID (subresource)\",\n \"description\": \"The group ID of the PaaS private endpoint. Also referred to as subresource.\"\n }\n },\n \"evaluationDelay\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Evaluation Delay\",\n \"description\": \"The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists\"\n },\n \"defaultValue\": \"PT10M\"\n },\n \"location\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Location (Specify the Private Endpoint location)\",\n \"description\": \"Specify the Private Endpoint location\",\n \"strongType\": \"location\"\n },\n \"defaultValue\": \"northeurope\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"location\",\n \"equals\": \"[[parameters('location')]\"\n },\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/privateEndpoints\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\n \"where\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\n \"contains\": \"[[parameters('resourceType')]\"\n },\n {\n \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\n \"equals\": \"[[parameters('groupId')]\"\n }\n ]\n }\n },\n \"greaterOrEquals\": 1\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n \"evaluationDelay\": \"[[parameters('evaluationDelay')]\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"type\": \"string\"\n },\n \"privateEndpointName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n }\n },\n \"resources\": [\n {\n \"name\": \"[[concat(parameters('privateEndpointName'), '/deployedByPolicy')]\",\n \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n \"apiVersion\": \"2020-03-01\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"privateDnsZoneConfigs\": [\n {\n \"name\": \"PaaS-Service-Private-DNS-Zone-Config\",\n \"properties\": {\n \"privateDnsZoneId\": \"[[parameters('privateDnsZoneId')]\"\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('privateDnsZoneId')]\"\n },\n \"privateEndpointName\": {\n \"value\": \"[[field('name')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#142": "{\n \"name\": \"DenyAction-DeleteResources\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Do not allow deletion of specified resource and resource type\",\n \"description\": \"This policy enables you to specify the resource and resource type that your organization can protect from accidentals deletion by blocking delete calls using the deny action effect.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"General\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Name\",\n \"description\": \"Provide the name of the resource that you want to protect from accidental deletion.\"\n }\n },\n \"resourceType\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Type\",\n \"description\": \"Provide the resource type that you want to protect from accidental deletion.\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DenyAction\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DenyAction\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"[[parameters('resourceType')]\"\n },\n {\n \"field\": \"name\",\n \"like\": \"[[parameters('resourceName')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"actionNames\": [\n \"delete\"\n ]\n }\n }\n }\n }\n}\n", "$fxv#143": "{\n \"name\": \"Audit-MachineLearning-PrivateEndpointId\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Control private endpoint connections to Azure Machine Learning\",\n \"description\": \"Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Machine Learning\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Audit\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\"\n },\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\n \"equals\": \"Approved\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\",\n \"exists\": false\n },\n {\n \"value\": \"[[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\",\n \"notEquals\": \"[[subscription().subscriptionId]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#144": "{\n \"name\": \"Deny-AA-child-resources\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"No child resources in Automation Account\",\n \"description\": \"This policy denies the creation of child resources on the Automation Account\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Automation\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"in\": [\n \"Microsoft.Automation/automationAccounts/runbooks\",\n \"Microsoft.Automation/automationAccounts/variables\",\n \"Microsoft.Automation/automationAccounts/modules\",\n \"Microsoft.Automation/automationAccounts/credentials\",\n \"Microsoft.Automation/automationAccounts/connections\",\n \"Microsoft.Automation/automationAccounts/certificates\"\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", From 1f15462f273fada7ca0f16c9378899ed2b306ac4 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Tue, 27 Aug 2024 13:19:07 +0400 Subject: [PATCH 06/11] Diag Settings - AllLogs vs Audit (#1729) Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> --- docs/wiki/Whats-new.md | 1 + eslzArm/eslz-portal.json | 21 +++++++++++++++++++ eslzArm/eslzArm.json | 11 ++++++++++ ...E-ResourceDiagnosticsPolicyAssignment.json | 12 ++++++++--- 4 files changed, 42 insertions(+), 3 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 2a5304ff2..3e98a9f7b 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -55,6 +55,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Updated [Deploy-Private-DNS-Generic](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Private-DNS-Generic.html) policy to include the ability to configure the location/region. - Removed duplicate assignment and portal option of [Deploy Azure Policy Add-on to Azure Kubernetes Service clusters](https://www.azadvertizer.net/azpolicyadvertizer/a8eff44f-8c92-45c3-a3fb-9880802d67a7.html) at Landing Zones scope, as this policy is assigned in the initiative [Deploy Microsoft Defender for Cloud configuration](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) at Intermediate Root scope. - Added new built-in policy assignment and portal option for [Subnets should be private](https://www.azadvertizer.net/azpolicyadvertizer/7bca8353-aa3b-429b-904a-9229c4385837.html) assigned at Platform and Landing Zones management groups. This policy's assignment effect is defaulted to "Audit" in this release, giving the community time to adopt the good practice and address subnet compliance. We will default to the "Deny" effect as part of the next Policy Refresh. +- Added option to select Diagnostic Settings category for logging to Log Analytics in the portal experience. You can now select between the recommended "All Logs" which covers almost all Azure resources, or "Audit Only" which is limited to resources that support this category. ### August 2024 diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json index 1f5e6446e..7a66359da 100644 --- a/eslzArm/eslz-portal.json +++ b/eslzArm/eslz-portal.json @@ -431,6 +431,26 @@ }, "visible": true }, + { + "name": "laCategory", + "type": "Microsoft.Common.OptionsGroup", + "label": "Select Diagnostic Settings logging category", + "defaultValue": "All Logs (recommended)", + "toolTip": "The selection will determine the category of diagnostic settings logs that will be forwarded to Log Analytics. NOTE: All logs is recommended for full visibility. Audit log category is limited to Azure services that support this category. Options available:
All Logs
Audit Logs", + "constraints": { + "allowedValues": [ + { + "label": "All Logs (recommended)", + "value": "allLogs" + }, + { + "label": "Audit Logs only", + "value": "auditLogs" + } + ] + }, + "visible": true + }, { "name": "retentionInDays", "type": "Microsoft.Common.Slider", @@ -8961,6 +8981,7 @@ "enforceKvGuardrailsPlat": "[steps('management').esPlatformMgmtGroup.enforceKvGuardrailsPlat]", "enforceBackupPlat": "[steps('management').esPlatformMgmtGroup.enforceBackupPlat]", "enableLogAnalytics": "[steps('management').enableLogAnalytics]", + "laCategory": "[steps('management').laCategory]", "enableChangeTracking": "[steps('management').enableChangeTracking]", "enableUpdateMgmt": "[steps('management').enableUpdateMgmt]", "enableVmInsights": "[steps('management').enableVmInsights]", diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index 7354649f7..a566addb0 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -45,6 +45,14 @@ "description": "If 'Yes' is selected when also adding a subscription for management, ARM will assign two policies to enable auditing in your environment, into the Log Analytics workspace for platform monitoring. If 'No', it will be ignored." } }, + "laCategory": { + "type": "string", + "defaultValue": "allLogs", + "allowedValues": [ + "allLogs", + "auditLogs" + ] + }, "retentionInDays": { "type": "string", "defaultValue": "" @@ -4058,6 +4066,9 @@ }, "logAnalyticsResourceId": { "value": "[variables('platformResourceIds').logAnalyticsResourceId]" + }, + "laCategory": { + "value": "[parameters('laCategory')]" } } } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json index 66eff0769..714311206 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json @@ -14,6 +14,12 @@ "description": "Provide the resourceId to the central Log Analytics workspace." } }, + "laCategory": { + "type": "string", + "metadata": { + "description": "Provide the category of logs to be forwarded to Log Analytics." + } + }, "enforcementMode": { "type": "string", "allowedValues": [ @@ -29,12 +35,12 @@ }, "variables": { "policyDefinitions": { - "deployResourceDiagnostics": "/providers/Microsoft.Authorization/policySetDefinitions/0884adba-2312-4468-abeb-5422caed1038" + "deployResourceDiagnostics": "[if(equals(parameters('laCategory'), 'allLogs'),'/providers/Microsoft.Authorization/policySetDefinitions/0884adba-2312-4468-abeb-5422caed1038','/providers/Microsoft.Authorization/policySetDefinitions/f5b29bc4-feca-4cc6-a58a-772dd5e290a5')]" }, "policyAssignmentNames": { - "resourceDiagnostics": "Deploy-Diag-Logs", + "resourceDiagnostics": "Deploy-Diag-LogsCat", "description": "Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This initiative deploys diagnostic setting using the allLogs category group to route logs to an Event Hub for all supported resources.", - "displayName": "Enable allLogs category group resource logging for supported resources to Log Analytics" + "displayName": "Enable category group resource logging for supported resources to Log Analytics" }, "nonComplianceMessage": { "message": "Diagnostic settings {enforcementMode} be deployed to Azure services to forward logs to Log Analytics.", From 21de55d193d4e8df823d095ba45ea7b63ea5d58c Mon Sep 17 00:00:00 2001 From: BeckyHope19 <105707948+BeckyHope19@users.noreply.github.com> Date: Tue, 27 Aug 2024 13:08:10 +0100 Subject: [PATCH 07/11] AddExclusionListToPolicy (#1731) Co-authored-by: Sacha Narinx --- docs/wiki/Whats-new.md | 1 + .../policyDefinitions/policies.json | 4 ++-- .../Deny-VNET-Peer-Cross-Sub.json | 22 ++++++++++++++++--- 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 3e98a9f7b..eb169a244 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -54,6 +54,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Updated the initiative [Deploy-MDFC-Config_20240319](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) to the the newer version of DCSPM: [Configure Microsoft Defender CSPM plan](https://www.azadvertizer.net/azpolicyadvertizer/72f8cee7-2937-403d-84a1-a4e3e57f3c21.html) - Updated [Deploy-Private-DNS-Generic](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Private-DNS-Generic.html) policy to include the ability to configure the location/region. - Removed duplicate assignment and portal option of [Deploy Azure Policy Add-on to Azure Kubernetes Service clusters](https://www.azadvertizer.net/azpolicyadvertizer/a8eff44f-8c92-45c3-a3fb-9880802d67a7.html) at Landing Zones scope, as this policy is assigned in the initiative [Deploy Microsoft Defender for Cloud configuration](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) at Intermediate Root scope. +- Updated the Deny-vNet-Peer-Cross-Sub.json definition policy to include a parameter for allowed virtual networks (vNets) in other subscriptions. For vNets to be permitted to peer, both vNet IDs must be added to the allowed list. - Added new built-in policy assignment and portal option for [Subnets should be private](https://www.azadvertizer.net/azpolicyadvertizer/7bca8353-aa3b-429b-904a-9229c4385837.html) assigned at Platform and Landing Zones management groups. This policy's assignment effect is defaulted to "Audit" in this release, giving the community time to adopt the good practice and address subnet compliance. We will default to the "Deny" effect as part of the next Policy Refresh. - Added option to select Diagnostic Settings category for logging to Log Analytics in the portal experience. You can now select between the recommended "All Logs" which covers almost all Azure resources, or "Audit Only" which is limited to resources that support this category. diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json index 02faa4153..76f1236d9 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "1206003654465253802" + "templateHash": "13226822217233465488" } }, "parameters": { @@ -168,7 +168,7 @@ "$fxv#26": "{\n \"name\": \"Deny-Subnet-Without-Penp\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Subnets without Private Endpoint Network Policies enabled should be denied\",\n \"description\": \"This policy denies the creation of a subnet without Private Endpoint Netwotk Policies enabled. This policy is intended for 'workload' subnets, not 'central infrastructure' (aka, 'hub') subnets.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\n }\n },\n \"excludedSubnets\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"Excluded Subnets\",\n \"description\": \"Array of subnet names that are excluded from this policy\"\n },\n \"defaultValue\": [\n \"GatewaySubnet\",\n \"AzureFirewallSubnet\",\n \"AzureFirewallManagementSubnet\",\n \"AzureBastionSubnet\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"equals\": \"Microsoft.Network/virtualNetworks\",\n \"field\": \"type\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*]\",\n \"where\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].privateEndpointNetworkPolicies\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].name\",\n \"notIn\": \"[[parameters('excludedSubnets')]\"\n }\n ]\n }\n },\n \"notEquals\": 0\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\n },\n {\n \"field\": \"name\",\n \"notIn\": \"[[parameters('excludedSubnets')]\"\n },\n {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/privateEndpointNetworkPolicies\",\n \"notEquals\": \"Enabled\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#27": "{\n \"name\": \"Deny-Subnet-Without-Udr\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Subnets should have a User Defined Route\",\n \"description\": \"This policy denies the creation of a subnet without a User Defined Route (UDR).\",\n \"metadata\": {\n \"version\": \"2.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"excludedSubnets\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"Excluded Subnets\",\n \"description\": \"Array of subnet names that are excluded from this policy\"\n },\n \"defaultValue\": [\n \"AzureBastionSubnet\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"equals\": \"Microsoft.Network/virtualNetworks\",\n \"field\": \"type\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*]\",\n \"where\": {\n \"allOf\": [\n {\n \"exists\": \"false\",\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].routeTable.id\"\n },\n {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].name\",\n \"notIn\": \"[[parameters('excludedSubnets')]\"\n }\n ]\n }\n },\n \"notEquals\": 0\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\n },\n {\n \"field\": \"name\",\n \"notIn\": \"[[parameters('excludedSubnets')]\"\n },\n {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/routeTable.id\",\n \"exists\": \"false\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#28": "{\n \"name\": \"Deny-UDR-With-Specific-NextHop\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"User Defined Routes with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway' should be denied\",\n \"description\": \"This policy denies the creation of a User Defined Route with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway'.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"excludedDestinations\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"Excluded Destinations\",\n \"description\": \"Array of route destinations that are to be denied\"\n },\n \"defaultValue\": [\n \"Internet\", \n \"VirtualNetworkGateway\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"equals\": \"Microsoft.Network/routeTables\",\n \"field\": \"type\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/routeTables/routes[*]\",\n \"where\": {\n \"field\": \"Microsoft.Network/routeTables/routes[*].nextHopType\",\n \"in\": \"[[parameters('excludedDestinations')]\"\n }\n },\n \"notEquals\": 0\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/routeTables/routes\"\n },\n {\n \"field\": \"Microsoft.Network/routeTables/routes/nextHopType\",\n \"in\": \"[[parameters('excludedDestinations')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", - "$fxv#29": "{\n \"name\": \"Deny-VNET-Peer-Cross-Sub\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deny vNet peering cross subscription.\",\n \"description\": \"This policy denies the creation of vNet Peerings outside of the same subscriptions under the assigned scope.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"\n },\n {\n \"field\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\n \"notcontains\": \"[[subscription().id]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", + "$fxv#29": "{\n \"name\": \"Deny-VNET-Peer-Cross-Sub\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deny vNet peering cross subscription.\",\n \"description\": \"This policy denies the creation of vNet Peerings outside of the same subscriptions under the assigned scope.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"allowedVnets\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"Allowed vNets to peer with\",\n \"description\": \"Array of allowed vNets that can be peered with. Must be entered using their resource ID. Example: /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}\"\n },\n \"defaultValue\": []\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"\n },\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\n \"notIn\": \"[[parameters('allowedVnets')]\"\n },\n {\n \"field\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\n \"notLike\": \"[[concat(subscription().id, '/*')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#3": "{\n \"name\": \"Append-Redis-disableNonSslPort\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled.\",\n \"description\": \"Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Cache\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect Azure Cache for Redis\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Cache/redis\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\n \"equals\": \"true\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": [\n {\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\n \"value\": false\n }\n ]\n }\n }\n }\n}\n", "$fxv#30": "{\n \"name\": \"Deny-VNET-Peering-To-Non-Approved-VNETs\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deny vNet peering to non-approved vNets\",\n \"description\": \"This policy denies the creation of vNet Peerings to non-approved vNets under the assigned scope.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"allowedVnets\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"Allowed vNets to peer with\",\n \"description\": \"Array of allowed vNets that can be peered with. Must be entered using their resource ID. Example: /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}\"\n },\n \"defaultValue\": []\n }\n },\n \"policyRule\": {\n \"if\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\n \"in\": \"[[parameters('allowedVnets')]\"\n }\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks\"\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*].remoteVirtualNetwork.id\",\n \"in\": \"[[parameters('allowedVnets')]\"\n }\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*].remoteVirtualNetwork.id\",\n \"exists\": false\n }\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#31": "{\n \"name\": \"Deny-VNet-Peering\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deny vNet peering \",\n \"description\": \"This policy denies the creation of vNet Peerings under the assigned scope.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub.json index e8137b9ab..56c6c5f8f 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub.json @@ -9,7 +9,7 @@ "displayName": "Deny vNet peering cross subscription.", "description": "This policy denies the creation of vNet Peerings outside of the same subscriptions under the assigned scope.", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -31,6 +31,14 @@ "Disabled" ], "defaultValue": "Deny" + }, + "allowedVnets": { + "type": "Array", + "metadata": { + "displayName": "Allowed vNets to peer with", + "description": "Array of allowed vNets that can be peered with. Must be entered using their resource ID. Example: /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}" + }, + "defaultValue": [] } }, "policyRule": { @@ -41,8 +49,16 @@ "equals": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings" }, { - "field": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id", - "notcontains": "[[subscription().id]" + "allOf": [ + { + "field": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id", + "notIn": "[[parameters('allowedVnets')]" + }, + { + "field": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id", + "notLike": "[[concat(subscription().id, '/*')]" + } + ] } ] }, From 7c83e184876a9411917489d3de130701cef3d042 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Fri, 27 Sep 2024 13:11:28 +0400 Subject: [PATCH 08/11] MDFC ascExport Fix (#1760) --- docs/wiki/Whats-new.md | 1 + .../policyDefinitions/initiatives.json | 4 ++-- .../Deploy-MDFC-Config_20240319.json | 17 ++++++++++++++++- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 343293f3e..8e56d8d17 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -55,6 +55,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Updated the Deny-vNet-Peer-Cross-Sub.json definition policy to include a parameter for allowed virtual networks (vNets) in other subscriptions. For vNets to be permitted to peer, both vNet IDs must be added to the allowed list. - Added new built-in policy assignment and portal option for [Subnets should be private](https://www.azadvertizer.net/azpolicyadvertizer/7bca8353-aa3b-429b-904a-9229c4385837.html) assigned at Platform and Landing Zones management groups. This policy's assignment effect is defaulted to "Audit" in this release, giving the community time to adopt the good practice and address subnet compliance. We will default to the "Deny" effect as part of the next Policy Refresh. - Added option to select Diagnostic Settings category for logging to Log Analytics in the portal experience. You can now select between the recommended "All Logs" which covers almost all Azure resources, or "Audit Only" which is limited to resources that support this category. +- Updated the initiative [Deploy-MDFC-Config_20240319](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) to include an additional parameter that allows you to specify if the Defender for Cloud export to Log Analytics should create a new resource group. This is useful when you want to specify the resource group name or requires tags on resource groups. Will be used by other RIs - Terraform and Bicep (portal accelerator will use default values). ### September 2024 diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json index e66394676..ef64fb3ab 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "14175278704503096" + "templateHash": "12010320152289014343" } }, "parameters": { @@ -109,7 +109,7 @@ "$fxv#36": "{\n \"name\": \"Deny-PublicPaaSEndpoints\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Public network access should be disabled for PaaS services\",\n \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n \"metadata\": {\n \"version\": \"5.1.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"CosmosPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for CosmosDB\",\n \"description\": \"This policy denies that Cosmos database accounts are created with out public network access is disabled.\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"KeyVaultPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for KeyVault\",\n \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"SqlServerPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"StoragePublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access onStorage accounts should be disabled\",\n \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AKSPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access on AKS API should be disabled\",\n \"description\": \"This policy denies the creation of Azure Kubernetes Service non-private clusters\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"ACRPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access on Azure Container Registry disabled\",\n \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AFSPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access on Azure File Sync disabled\",\n \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"PostgreSQLFlexPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"postgreSqlPublicNetworkAccess\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"MySQLFlexPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"BatchPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"MariaDbPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"MlPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"RedisCachePublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"BotServicePublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Bot Service\",\n \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AutomationPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Automation accounts\",\n \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AppConfigPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for App Configuration\",\n \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"FunctionPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Function apps\",\n \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"FunctionAppSlotPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for Function apps\",\n \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AsePublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AsPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for App Service apps\",\n \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"ApiManPublicIpDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Public network access should be disabled for API Management services\",\n \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"AuditIfNotExists\"\n },\n \"ContainerAppsEnvironmentDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Container Apps environment should disable public network access\",\n \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"AsrVaultDenyEffect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"logicAppPublicNetworkAccessEffect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"appSlotsPublicNetworkAccess\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"cognitiveSearchPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"managedDiskPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\"\n ]\n },\n \"containerAppsPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"adxPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"adfPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"eventGridPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"eventGridTopicPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"eventHubNamespacesPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"keyVaultManagedHsmDisablePublicNetwork\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"mySqlPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"cognitiveServicesNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"cognitiveServicesPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"serviceBusDisablePublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"sqlManagedPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"storageAccountsPublicAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"synapsePublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"avdHostPoolPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"avdWorkspacePublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"grafanaPublicNetworkAccess\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n }\n }\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}", "$fxv#37": "{\n \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n \"metadata\": {\n \"deprecated\": true,\n \"version\": \"2.2.0-deprecated\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"metadata\": {\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"displayName\": \"Log Analytics workspace\",\n \"strongType\": \"omsWorkspace\"\n },\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"ACILogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n }\n },\n \"ACRLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics enabled.\"\n }\n },\n \"AKSLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n }\n },\n \"AnalysisServiceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"APIforFHIRLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"APIMgmtLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"APIMgmtLogAnalyticsDestinationType\": {\n \"type\": \"String\",\n \"defaultValue\": \"AzureDiagnostics\",\n \"allowedValues\": [\n \"AzureDiagnostics\",\n \"Dedicated\"\n ],\n \"metadata\": {\n \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n }\n },\n \"ApplicationGatewayLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AutomationLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"BastionLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"BatchLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"CDNEndpointsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"CognitiveServicesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"CosmosLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"DatabricksLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"DataExplorerClusterLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"DataFactoryLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"DataLakeStoreLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"DataLakeAnalyticsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"EventGridSubLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"EventGridTopicLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"EventHubLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"EventSystemTopicLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"ExpressRouteLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"FirewallLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"FirewallLogAnalyticsDestinationType\": {\n \"type\": \"String\",\n \"defaultValue\": \"AzureDiagnostics\",\n \"allowedValues\": [\n \"AzureDiagnostics\",\n \"Dedicated\"\n ],\n \"metadata\": {\n \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n }\n },\n \"FrontDoorLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"FunctionAppLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"HDInsightLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"IotHubLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"KeyVaultLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"LoadBalancerLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"LogAnalyticsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n }\n },\n \"LogicAppsISELogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"LogicAppsWFLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"MariaDBLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"MediaServiceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"MlWorkspaceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"MySQLLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"NetworkNICLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"PostgreSQLLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"PowerBIEmbeddedLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"NetworkPublicIPNicLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"RedisCacheLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"RelayLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"SearchServicesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"ServiceBusLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"SignalRLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"SQLDBsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"SQLElasticPoolsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"SQLMLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"StreamAnalyticsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"TimeSeriesInsightsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"TrafficManagerLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VirtualNetworkLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VirtualMachinesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VMSSLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets to stream to a Log Analytics workspace when any Virtual Machine Scale Sets which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VNetGWLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n }\n },\n \"AppServiceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AppServiceWebappLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDScalingPlansLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"WVDAppGroupsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"WVDWorkspaceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"WVDHostPoolsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"StorageAccountsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VWanS2SVPNGWLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n },\n \"diagnosticsSettingNameToUse\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"logAnalyticsDestinationType\": {\n \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"logAnalyticsDestinationType\": {\n \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"True\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n },\n \"diagnosticsSettingNameToUse\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}\n", "$fxv#38": "{\n \"name\": \"Deploy-MDFC-Config\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n \"metadata\": {\n \"version\": \"7.0.0-deprecated\",\n \"category\": \"Security Center\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"deprecated\": true,\n \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Security contacts email address\",\n \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"High\",\n \"Medium\",\n \"Low\"\n ],\n \"defaultValue\": \"High\",\n \"metadata\": {\n \"displayName\": \"Minimal severity\",\n \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n }\n },\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Primary Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"ascExportResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n }\n },\n \"ascExportResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n }\n },\n \"enableAscForCosmosDbs\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSql\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSqlOnVm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForDns\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForArm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForOssDb\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForAppServices\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForKeyVault\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForStorage\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForContainers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServersVulnerabilityAssessments\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"vulnerabilityAssessmentProvider\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"default\",\n \"mdeTvm\"\n ],\n \"defaultValue\": \"default\",\n \"metadata\": {\n \"displayName\": \"Vulnerability assessment provider type\",\n \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n }\n },\n \"enableAscForApis\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForCspm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForOssDb')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVM\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n },\n \"vaType\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForAppServices')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForStorage')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforContainers\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n },\n \"logAnalyticsWorkspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForKeyVault')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForDns\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForDns')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForArm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForArm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSql')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForApis\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForApis')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCspm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCspm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"securityEmailContact\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"value\": \"[[parameters('emailSecurityContact')]\"\n },\n \"minimalSeverity\": {\n \"value\": \"[[parameters('minimalSeverity')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ascExport\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n \"parameters\": {\n \"resourceGroupName\": {\n \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n },\n \"resourceGroupLocation\": {\n \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n },\n \"workspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n \"parameters\": {\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}", - "$fxv#39": "{\n \"name\": \"Deploy-MDFC-Config_20240319\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n \"metadata\": {\n \"version\": \"2.0.0\",\n \"category\": \"Security Center\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"replacesPolicy\": \"Deploy-MDFC-Config\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Security contacts email address\",\n \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"High\",\n \"Medium\",\n \"Low\"\n ],\n \"defaultValue\": \"High\",\n \"metadata\": {\n \"displayName\": \"Minimal severity\",\n \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n }\n },\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Primary Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"ascExportResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n }\n },\n \"ascExportResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n }\n },\n \"enableAscForCosmosDbs\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSql\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSqlOnVm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForArm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForOssDb\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForAppServices\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForKeyVault\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForStorage\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForContainers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServersVulnerabilityAssessments\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"vulnerabilityAssessmentProvider\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"default\",\n \"mdeTvm\"\n ],\n \"defaultValue\": \"mdeTvm\",\n \"metadata\": {\n \"displayName\": \"Vulnerability assessment provider type\",\n \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n }\n },\n \"enableAscForCspm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForOssDb')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVM\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n },\n \"vaType\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForAppServices')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForStorage')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforContainers\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n },\n \"logAnalyticsWorkspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForKeyVault')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForArm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForArm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSql')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCspm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72f8cee7-2937-403d-84a1-a4e3e57f3c21\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCspm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"securityEmailContact\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"value\": \"[[parameters('emailSecurityContact')]\"\n },\n \"minimalSeverity\": {\n \"value\": \"[[parameters('minimalSeverity')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ascExport\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n \"parameters\": {\n \"resourceGroupName\": {\n \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n },\n \"resourceGroupLocation\": {\n \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n },\n \"workspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n \"parameters\": {\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}", + "$fxv#39": "{\n \"name\": \"Deploy-MDFC-Config_20240319\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n \"metadata\": {\n \"version\": \"2.1.0\",\n \"category\": \"Security Center\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"replacesPolicy\": \"Deploy-MDFC-Config\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Security contacts email address\",\n \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"string\",\n \"allowedValues\": [\n \"High\",\n \"Medium\",\n \"Low\"\n ],\n \"defaultValue\": \"High\",\n \"metadata\": {\n \"displayName\": \"Minimal severity\",\n \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n }\n },\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Primary Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"ascExportResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n }\n },\n \"ascExportResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n }\n },\n \"createResourceGroup\":{\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"Create resource group\",\n \"description\": \"If a resource group does not exists in the scope, a new resource group will be created. If the resource group exists and this flag is set to 'true' the policy will re-deploy the resource group. Please note this will reset any Azure Tag on the resource group.\"\n },\n \"defaultValue\": true,\n \"allowedValues\": [\n true,\n false\n ]\n },\n \"enableAscForCosmosDbs\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSql\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForSqlOnVm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForArm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForOssDb\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForAppServices\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForKeyVault\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForStorage\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForContainers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServers\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"enableAscForServersVulnerabilityAssessments\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"vulnerabilityAssessmentProvider\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"default\",\n \"mdeTvm\"\n ],\n \"defaultValue\": \"mdeTvm\",\n \"metadata\": {\n \"displayName\": \"Vulnerability assessment provider type\",\n \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n }\n },\n \"enableAscForCspm\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForOssDb')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVM\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n },\n \"vaType\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForAppServices')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForStorage')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforContainers\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n },\n \"logAnalyticsWorkspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForContainers')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForKeyVault')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForArm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForArm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForSql')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"defenderForCspm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72f8cee7-2937-403d-84a1-a4e3e57f3c21\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('enableAscForCspm')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"securityEmailContact\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"value\": \"[[parameters('emailSecurityContact')]\"\n },\n \"minimalSeverity\": {\n \"value\": \"[[parameters('minimalSeverity')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ascExport\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n \"parameters\": {\n \"resourceGroupName\": {\n \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n },\n \"resourceGroupLocation\": {\n \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n },\n \"createResourceGroup\": {\n \"value\": \"[[parameters('createResourceGroup')]\"\n },\n \"workspaceResourceId\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n \"parameters\": {\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}", "$fxv#4": "{\n \"name\": \"Enforce-EncryptTransit\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n \"metadata\": {\n \"version\": \"2.1.0-deprecated\",\n \"category\": \"Encryption\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"deprecated\": true,\n \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"AppServiceHttpEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n }\n },\n \"AppServiceTlsVersionEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n \"description\": \"App Service. Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n }\n },\n \"AppServiceminTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.0\",\n \"1.1\"\n ],\n \"metadata\": {\n \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n \"description\": \"App Service. Select version minimum TLS version for a Web App config to enforce\"\n }\n },\n \"APIAppServiceHttpsEffect\": {\n \"metadata\": {\n \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"FunctionLatestTlsEffect\": {\n \"metadata\": {\n \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"AuditIfNotExists\",\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ]\n },\n \"FunctionServiceHttpsEffect\": {\n \"metadata\": {\n \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"WebAppServiceLatestTlsEffect\": {\n \"metadata\": {\n \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"AuditIfNotExists\",\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ]\n },\n \"WebAppServiceHttpsEffect\": {\n \"metadata\": {\n \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"AKSIngressHttpsOnlyEffect\": {\n \"metadata\": {\n \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"deny\",\n \"allowedValues\": [\n \"audit\",\n \"deny\",\n \"disabled\"\n ]\n },\n \"MySQLEnableSSLDeployEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n }\n },\n \"MySQLEnableSSLEffect\": {\n \"metadata\": {\n \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"MySQLminimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for MySQL server to enforce\"\n }\n },\n \"PostgreSQLEnableSSLDeployEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n }\n },\n \"PostgreSQLEnableSSLEffect\": {\n \"metadata\": {\n \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"PostgreSQLminimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n \"description\": \"PostgreSQL database servers. Select version minimum TLS version Azure Database for MySQL server to enforce\"\n }\n },\n \"RedisTLSDeployEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n }\n },\n \"RedisMinTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.0\",\n \"1.1\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n \"description\": \"Select version minimum TLS version for a Azure Cache for Redis to enforce\"\n }\n },\n \"RedisTLSEffect\": {\n \"metadata\": {\n \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"SQLManagedInstanceTLSDeployEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n }\n },\n \"SQLManagedInstanceMinTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.0\",\n \"1.1\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n \"description\": \"Select version minimum TLS version for Azure Managed Instanceto to enforce\"\n }\n },\n \"SQLManagedInstanceTLSEffect\": {\n \"metadata\": {\n \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"SQLServerTLSDeployEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n }\n },\n \"SQLServerminTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.0\",\n \"1.1\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n \"description\": \"Select version minimum TLS version for Azure SQL Database to enforce\"\n }\n },\n \"SQLServerTLSEffect\": {\n \"metadata\": {\n \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ]\n },\n \"StorageDeployHttpsEnabledEffect\": {\n \"metadata\": {\n \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ]\n },\n \"StorageminimumTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_1\",\n \"TLS1_0\"\n ],\n \"metadata\": {\n \"displayName\": \"Storage Account select minimum TLS version\",\n \"description\": \"Select version minimum TLS version on Azure Storage Account to enforce\"\n }\n },\n \"StorageHttpsEnabledEffect\": {\n \"metadata\": {\n \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"ContainerAppsHttpsOnlyEffect\": {\n \"metadata\": {\n \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n },\n \"minTlsVersion\": {\n \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('RedisTLSEffect')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n }\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n }", "$fxv#40": "{\n \"name\": \"Deploy-Private-DNS-Zones\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n \"metadata\": {\n \"version\": \"2.2.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"azureFilePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureFilePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAutomationWebhookPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCosmosSQLPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCosmosMongoPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCosmosCassandraPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCosmosGremlinPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCosmosTablePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureDataFactoryPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureDataFactoryPortalPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureDatabricksPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureHDInsightPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMigratePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMigratePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageBlobPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageBlobSecPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageQueuePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageQueueSecPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageFilePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageStaticWebPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageDFSPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageDFSSecPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSynapseSQLPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSynapseSQLODPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSynapseDevPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMediaServicesKeyPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMediaServicesLivePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMediaServicesStreamPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMonitorPrivateDnsZoneId1\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMonitorPrivateDnsZoneId2\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMonitorPrivateDnsZoneId3\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMonitorPrivateDnsZoneId4\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMonitorPrivateDnsZoneId5\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureWebPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureWebPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureBatchPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureBatchPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAppPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAppPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAsrPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAsrPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureIotPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureIotPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureKeyVaultPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSignalRPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAppServicesPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureEventGridTopicsPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureDiskAccessPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCognitiveServicesPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureIotHubsPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureEventGridDomainsPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureRedisCachePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureAcrPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureAcrPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureEventHubNamespacePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureServiceBusNamespacePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureCognitiveSearchPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureBotServicePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureIotDeviceupdatePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureIotCentralPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageTablePrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n \"strongType\": \"Microsoft.Network/privateDnsZones\",\n \"description\": \"Private DNS Zone Identifier\"\n }\n },\n \"effect\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"effect1\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"deployIfNotExists\"\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"Webhook\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"DSCAndHybridWorker\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"SQL\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"MongoDB\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"Cassandra\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"Gremlin\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"Table\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n },\n \"listOfGroupIds\": {\n \"value\": [\n \"dataFactory\"\n ]\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n },\n \"listOfGroupIds\": {\n \"value\": [\n \"portal\"\n ]\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"databricks_ui_api\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"browser_authentication\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"cluster\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n },\n \"targetSubResource\": {\n \"value\": \"Sql\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n },\n \"targetSubResource\": {\n \"value\": \"SqlOnDemand\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n },\n \"targetSubResource\": {\n \"value\": \"Dev\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"keydelivery\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"liveevent\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n },\n \"groupId\": {\n \"value\": \"streamingendpoint\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n \"parameters\": {\n \"privateDnsZoneId1\": {\n \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n },\n \"privateDnsZoneId2\": {\n \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n },\n \"privateDnsZoneId3\": {\n \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n },\n \"privateDnsZoneId4\": {\n \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n },\n \"privateDnsZoneId5\": {\n \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect1')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect1')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect1')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n },\n \"secondPrivateDnsZoneId\": {\n \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"connection\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n },\n \"privateEndpointGroupId\": {\n \"value\": \"feed\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n \"parameters\": {\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n \"parameters\":{\n \"privateDnsZoneIDForGuestConfiguration\": {\n \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n },\n \"privateDnsZoneIDForHybridResourceProvider\": {\n \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n },\n \"privateDnsZoneIDForKubernetesConfiguration\": {\n \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n \"parameters\":{\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n \"parameters\":{\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n \"parameters\":{\n \"privateDnsZoneId\": {\n \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n \"parameters\":{\n \"privateDnsZone-Backup\": {\n \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n },\n \"privateDnsZone-Blob\": {\n \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n },\n \"privateDnsZone-Queue\": {\n \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('effect')]\"\n }\n }\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}\n", "$fxv#41": "{\n \"name\": \"Enforce-Encryption-CMK\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n \"metadata\": {\n \"version\": \"3.0.0\",\n \"category\": \"Encryption\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"ACRCmkEffect\": {\n \"metadata\": {\n \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"AksCmkEffect\": {\n \"metadata\": {\n \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n },\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"WorkspaceCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n }\n },\n \"CognitiveServicesCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n }\n },\n \"CosmosCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"deny\",\n \"allowedValues\": [\n \"audit\",\n \"deny\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n }\n },\n \"DataBoxCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n }\n },\n \"StreamAnalyticsCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"deny\",\n \"allowedValues\": [\n \"audit\",\n \"deny\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n }\n },\n \"SynapseWorkspaceCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n }\n },\n \"StorageCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n }\n },\n \"MySQLCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"AuditIfNotExists\",\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n }\n },\n \"PostgreSQLCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"AuditIfNotExists\",\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n }\n },\n \"SqlServerTDECMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n }\n },\n \"HealthcareAPIsCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"audit\",\n \"allowedValues\": [\n \"audit\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n }\n },\n \"AzureBatchCMKEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n }\n },\n \"EncryptedVMDisksEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"AuditIfNotExists\",\n \"allowedValues\": [\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Disk encryption should be applied on virtual machines\",\n \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n }\n },\n \"AutomationAccountCmkEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"BackupCmkEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"cognitiveSearchCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"osAndDataDiskCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"containerInstanceCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"adxCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"adfCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"eventHubNamespacesCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\"\n ]\n },\n \"eventHubPremiumCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"serviceBusDenyCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Audit\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\"\n ]\n },\n \"sqlManagedCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"storageTableCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"storageAccountsEncryptionCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n },\n \"storageQueueCmk\": {\n \"type\": \"string\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ]\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('ACRCmkEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AksCmkEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('CosmosCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('StorageCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('MySQLCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('BackupCmkEffect')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('containerInstanceCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('adxCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('adfCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('sqlManagedCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('storageTableCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n }\n }\n },\n {\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n \"groupNames\": [],\n \"parameters\": {\n \"effect\": {\n \"value\": \"[[parameters('storageQueueCmk')]\"\n }\n }\n }\n ],\n \"policyDefinitionGroups\": null\n }\n}", diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config_20240319.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config_20240319.json index 63036f61f..d87b4d22e 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config_20240319.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config_20240319.json @@ -8,7 +8,7 @@ "displayName": "Deploy Microsoft Defender for Cloud configuration", "description": "Deploy Microsoft Defender for Cloud configuration", "metadata": { - "version": "2.0.0", + "version": "2.1.0", "category": "Security Center", "source": "https://github.com/Azure/Enterprise-Scale/", "replacesPolicy": "Deploy-MDFC-Config", @@ -59,6 +59,18 @@ "description": "The location where the resource group and the export to Log Analytics workspace configuration are created." } }, + "createResourceGroup":{ + "type": "Boolean", + "metadata": { + "displayName": "Create resource group", + "description": "If a resource group does not exists in the scope, a new resource group will be created. If the resource group exists and this flag is set to 'true' the policy will re-deploy the resource group. Please note this will reset any Azure Tag on the resource group." + }, + "defaultValue": true, + "allowedValues": [ + true, + false + ] + }, "enableAscForCosmosDbs": { "type": "String", "allowedValues": [ @@ -386,6 +398,9 @@ "resourceGroupLocation": { "value": "[[parameters('ascExportResourceGroupLocation')]" }, + "createResourceGroup": { + "value": "[[parameters('createResourceGroup')]" + }, "workspaceResourceId": { "value": "[[parameters('logAnalytics')]" } From c3d4bc76933febd65fe03579c78ca253d209e745 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Fri, 27 Sep 2024 13:20:08 +0400 Subject: [PATCH 09/11] Updating custom policies to evaluate TLS 1.3 successfully (#1762) --- docs/wiki/Whats-new.md | 1 + .../policyDefinitions/policies.json | 26 +++++++++---------- .../Append-AppService-latestTLS.json | 5 ++-- .../Append-Redis-sslEnforcement.json | 4 +-- .../policyDefinitions/Deny-EH-MINTLS.json | 4 +-- .../policyDefinitions/Deny-MySql-http.json | 4 +-- .../policyDefinitions/Deny-Redis-http.json | 6 ++--- .../policyDefinitions/Deny-Sql-minTLS.json | 4 +-- .../policyDefinitions/Deny-SqlMi-minTLS.json | 6 ++--- .../Deploy-MySQL-sslEnforcement.json | 4 +-- .../Deploy-PostgreSQL-sslEnforcement.json | 4 +-- .../policyDefinitions/Deploy-SQL-minTLS.json | 4 +-- .../Deploy-SqlMi-minTLS.json | 4 +-- .../Deploy-Storage-sslEnforcement.json | 4 +-- 14 files changed, 41 insertions(+), 39 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 8e56d8d17..0393f1779 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -49,6 +49,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: ### 🔃 Policy Refresh Q1 FY25 +- Updated ALZ custom policies enforcing minimum TLS versions to properly evaluate the minimum TLS version, ensuring services configured to deploy TLS 1.3 will successfully evaluate. - Updated the initiative [Deploy-MDFC-Config_20240319](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) to the the newer version of DCSPM: [Configure Microsoft Defender CSPM plan](https://www.azadvertizer.net/azpolicyadvertizer/72f8cee7-2937-403d-84a1-a4e3e57f3c21.html) - Updated [Deploy-Private-DNS-Generic](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Private-DNS-Generic.html) policy to include the ability to configure the location/region. - Removed duplicate assignment and portal option of [Deploy Azure Policy Add-on to Azure Kubernetes Service clusters](https://www.azadvertizer.net/azpolicyadvertizer/a8eff44f-8c92-45c3-a3fb-9880802d67a7.html) at Landing Zones scope, as this policy is assigned in the initiative [Deploy Microsoft Defender for Cloud configuration](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) at Intermediate Root scope. diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json index 76f1236d9..0fa47d8e2 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13226822217233465488" + "templateHash": "13634999173647754981" } }, "parameters": { @@ -77,12 +77,12 @@ } ], "$fxv#0": "{\n \"name\": \"Append-AppService-httpsonly\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"AppService append enable https only setting to enforce https setting.\",\n \"description\": \"Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"App Service\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Web/sites\"\n },\n {\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\n \"notequals\": true\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": [\n {\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\n \"value\": true\n }\n ]\n }\n }\n }\n}\n", - "$fxv#1": "{\n \"name\": \"Append-AppService-latestTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"AppService append sites with minimum TLS version to enforce.\",\n \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"App Service\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.0\",\n \"1.1\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version minimum TLS Web App config\",\n \"description\": \"Select version minimum TLS version for a Web App config to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\n \"exists\": \"true\"\n },\n {\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\n \"notEquals\": \"[[parameters('minTlsVersion')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": [\n {\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\n \"value\": \"[[parameters('minTlsVersion')]\"\n }\n ]\n }\n }\n }\n}\n", + "$fxv#1": "{\n \"name\": \"Append-AppService-latestTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"AppService append sites with minimum TLS version to enforce.\",\n \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.\",\n \"metadata\": {\n \"version\": \"1.2.0\",\n \"category\": \"App Service\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.3\",\n \"1.2\",\n \"1.0\",\n \"1.1\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version minimum TLS Web App config\",\n \"description\": \"Select version minimum TLS version for a Web App config to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\n \"exists\": \"true\"\n },\n {\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\n \"less\": \"[[parameters('minTlsVersion')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": [\n {\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\n \"value\": \"[[parameters('minTlsVersion')]\"\n }\n ]\n }\n }\n }\n}\n", "$fxv#10": "{\n \"name\": \"Deny-AppServiceApiApp-http\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"API App should only be accessible over HTTPS\",\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"App Service\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Web/sites\"\n },\n {\n \"field\": \"kind\",\n \"like\": \"*api\"\n },\n {\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\n \"equals\": \"false\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#100": "{\n \"name\": \"Deploy-Sql-vulnerabilityAssessments\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"[Deprecated]: Deploy SQL Database vulnerability Assessments\",\n \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Sql-vulnerabilityAssessments_20230706.html\",\n \"metadata\": {\n \"version\": \"1.0.1-deprecated\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"deprecated\": true,\n \"supersededBy\": \"Deploy-Sql-vulnerabilityAssessments_20230706\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"vulnerabilityAssessmentsEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"description\": \"The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'\",\n \"displayName\": \"The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'\"\n }\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"type\": \"String\",\n \"metadata\": {\n \"description\": \"The storage account ID to store assessments\",\n \"displayName\": \"The storage account ID to store assessments\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers/databases\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails\",\n \"equals\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n },\n {\n \"field\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled\",\n \"equals\": true\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"location\": {\n \"type\": \"String\"\n },\n \"sqlServerName\": {\n \"type\": \"String\"\n },\n \"sqlServerDataBaseName\": {\n \"type\": \"String\"\n },\n \"vulnerabilityAssessmentsEmail\": {\n \"type\": \"String\"\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"name\": \"[[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\n \"type\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments\",\n \"apiVersion\": \"2017-03-01-preview\",\n \"properties\": {\n \"storageContainerPath\": \"[[concat('https://', last( split(parameters('vulnerabilityAssessmentsStorageID') , '/') ) , '.blob.core.windows.net/vulneraabilitylogs')]\",\n \"storageAccountAccessKey\": \"[[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]\",\n \"recurringScans\": {\n \"isEnabled\": true,\n \"emailSubscriptionAdmins\": false,\n \"emails\": [\n \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n ]\n }\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"sqlServerName\": {\n \"value\": \"[[first(split(field('fullname'),'/'))]\"\n },\n \"sqlServerDataBaseName\": {\n \"value\": \"[[field('name')]\"\n },\n \"vulnerabilityAssessmentsEmail\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n }\n }\n }\n },\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\n \"/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\n ]\n }\n }\n }\n }\n}\n", "$fxv#101": "{\n \"name\": \"Deploy-Sql-vulnerabilityAssessments_20230706\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy SQL Database Vulnerability Assessments\",\n \"description\": \"Deploy SQL Database Vulnerability Assessments when it does not exist in the deployment, and save results to the storage account specified in the parameters.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"replacesPolicy\": \"Deploy-Sql-vulnerabilityAssessments\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"vulnerabilityAssessmentsEmail\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"description\": \"The email address(es) to send alerts.\",\n \"displayName\": \"The email address(es) to send alerts.\"\n }\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"type\": \"String\",\n \"metadata\": {\n \"description\": \"The storage account ID to store assessments\",\n \"displayName\": \"The storage account ID to store assessments\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers/databases\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"count\": {\n \"field\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*]\",\n \"where\": {\n \"value\": \"current(Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*])\",\n \"notIn\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n }\n },\n \"greater\": 0\n },\n {\n \"field\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled\",\n \"equals\": true\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"location\": {\n \"type\": \"String\"\n },\n \"sqlServerName\": {\n \"type\": \"String\"\n },\n \"sqlServerDataBaseName\": {\n \"type\": \"String\"\n },\n \"vulnerabilityAssessmentsEmail\": {\n \"type\": \"Array\"\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"name\": \"[[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\n \"type\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments\",\n \"apiVersion\": \"2017-03-01-preview\",\n \"properties\": {\n \"storageContainerPath\": \"[[concat('https://', last( split(parameters('vulnerabilityAssessmentsStorageID') , '/') ) , '.blob.core.windows.net/vulneraabilitylogs')]\",\n \"storageAccountAccessKey\": \"[[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]\",\n \"recurringScans\": {\n \"isEnabled\": true,\n \"emailSubscriptionAdmins\": false,\n \"emails\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n }\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"sqlServerName\": {\n \"value\": \"[[first(split(field('fullname'),'/'))]\"\n },\n \"sqlServerDataBaseName\": {\n \"value\": \"[[field('name')]\"\n },\n \"vulnerabilityAssessmentsEmail\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n }\n }\n }\n },\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\n \"/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\n ]\n }\n }\n }\n }\n}\n", - "$fxv#102": "{\n \"name\": \"Deploy-SqlMi-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"SQL managed instances deploy a specific min TLS version requirement.\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.2.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect SQL servers\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version SQL servers\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for SQL server\",\n \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/managedInstances\"\n },\n {\n \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/managedInstances\",\n \"evaluationDelay\": \"AfterProvisioningSuccess\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n \"equals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Sql/managedInstances\",\n \"apiVersion\": \"2020-02-02-preview\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('minimalTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", - "$fxv#103": "{\n \"name\": \"Deploy-Storage-sslEnforcement\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS \",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.\",\n \"metadata\": {\n \"version\": \"1.2.0\",\n \"category\": \"Storage\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect Azure Storage\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure STorage\"\n }\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_1\",\n \"TLS1_0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select TLS version for Azure Storage server\",\n \"description\": \"Select version minimum TLS version Azure STorage to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n \"notEquals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n \"notEquals\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Storage/storageAccounts\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n \"equals\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Storage/storageAccounts\",\n \"apiVersion\": \"2019-06-01\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"supportsHttpsTrafficOnly\": true,\n \"minimumTlsVersion\": \"[[parameters('minimumTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('minimumTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#102": "{\n \"name\": \"Deploy-SqlMi-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"SQL managed instances deploy a specific min TLS version requirement.\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.3.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect SQL servers\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version SQL servers\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for SQL server\",\n \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/managedInstances\"\n },\n {\n \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n \"less\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/managedInstances\",\n \"evaluationDelay\": \"AfterProvisioningSuccess\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n \"equals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Sql/managedInstances\",\n \"apiVersion\": \"2020-02-02-preview\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('minimalTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#103": "{\n \"name\": \"Deploy-Storage-sslEnforcement\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS \",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.\",\n \"metadata\": {\n \"version\": \"1.3.0\",\n \"category\": \"Storage\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect Azure Storage\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure STorage\"\n }\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_1\",\n \"TLS1_0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select TLS version for Azure Storage server\",\n \"description\": \"Select version minimum TLS version Azure STorage to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n \"notEquals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n \"less\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Storage/storageAccounts\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n \"equals\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Storage/storageAccounts\",\n \"apiVersion\": \"2019-06-01\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"supportsHttpsTrafficOnly\": true,\n \"minimumTlsVersion\": \"[[parameters('minimumTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('minimumTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#104": "{\n \"name\": \"Deploy-VNET-HubSpoke\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Virtual Network with peering to the hub\",\n \"description\": \"This policy deploys virtual network and peer to the hub\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"vNetName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"vNetName\",\n \"description\": \"Name of the landing zone vNet\"\n }\n },\n \"vNetRgName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"vNetRgName\",\n \"description\": \"Name of the landing zone vNet RG\"\n }\n },\n \"vNetLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"vNetLocation\",\n \"description\": \"Location for the vNet\"\n }\n },\n \"vNetCidrRange\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"vNetCidrRange\",\n \"description\": \"CIDR Range for the vNet\"\n }\n },\n \"hubResourceId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"hubResourceId\",\n \"description\": \"Resource ID for the HUB vNet\"\n }\n },\n \"dnsServers\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"DNSServers\",\n \"description\": \"Default domain servers for the vNET.\"\n },\n \"defaultValue\": []\n },\n \"vNetPeerUseRemoteGateway\": {\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"vNetPeerUseRemoteGateway\",\n \"description\": \"Enable gateway transit for the LZ network\"\n },\n \"defaultValue\": false\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"type\": \"Microsoft.Network/virtualNetworks\",\n \"name\": \"[[parameters('vNetName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceScope\": \"resourceGroup\",\n \"ResourceGroupName\": \"[[parameters('vNetRgName')]\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"name\",\n \"like\": \"[[parameters('vNetName')]\"\n },\n {\n \"field\": \"location\",\n \"equals\": \"[[parameters('vNetLocation')]\"\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"Incremental\",\n \"parameters\": {\n \"vNetRgName\": {\n \"value\": \"[[parameters('vNetRgName')]\"\n },\n \"vNetName\": {\n \"value\": \"[[parameters('vNetName')]\"\n },\n \"vNetLocation\": {\n \"value\": \"[[parameters('vNetLocation')]\"\n },\n \"vNetCidrRange\": {\n \"value\": \"[[parameters('vNetCidrRange')]\"\n },\n \"hubResourceId\": {\n \"value\": \"[[parameters('hubResourceId')]\"\n },\n \"dnsServers\": {\n \"value\": \"[[parameters('dnsServers')]\"\n },\n \"vNetPeerUseRemoteGateway\": {\n \"value\": \"[[parameters('vNetPeerUseRemoteGateway')]\"\n }\n },\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"vNetRgName\": {\n \"type\": \"String\"\n },\n \"vNetName\": {\n \"type\": \"String\"\n },\n \"vNetLocation\": {\n \"type\": \"String\"\n },\n \"vNetCidrRange\": {\n \"type\": \"String\"\n },\n \"vNetPeerUseRemoteGateway\": {\n \"type\": \"bool\",\n \"defaultValue\": false\n },\n \"hubResourceId\": {\n \"type\": \"String\"\n },\n \"dnsServers\": {\n \"type\": \"Array\",\n \"defaultValue\": []\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\n \"location\": \"[[parameters('vNetLocation')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {},\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('vNetRgName')]\",\n \"location\": \"[[parameters('vNetLocation')]\",\n \"properties\": {}\n }\n ],\n \"outputs\": {}\n }\n }\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[concat('alz-vnet-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\n \"dependsOn\": [\n \"[[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {},\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/virtualNetworks\",\n \"apiVersion\": \"2021-02-01\",\n \"name\": \"[[parameters('vNetName')]\",\n \"location\": \"[[parameters('vNetLocation')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"addressSpace\": {\n \"addressPrefixes\": [\n \"[[parameters('vNetCidrRange')]\"\n ]\n },\n \"dhcpOptions\": {\n \"dnsServers\": \"[[parameters('dnsServers')]\"\n }\n }\n },\n {\n \"type\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\n \"apiVersion\": \"2021-02-01\",\n \"name\": \"[[concat(parameters('vNetName'), '/peerToHub')]\",\n \"dependsOn\": [\n \"[[parameters('vNetName')]\"\n ],\n \"properties\": {\n \"remoteVirtualNetwork\": {\n \"id\": \"[[parameters('hubResourceId')]\"\n },\n \"allowVirtualNetworkAccess\": true,\n \"allowForwardedTraffic\": true,\n \"allowGatewayTransit\": false,\n \"useRemoteGateways\": \"[[parameters('vNetPeerUseRemoteGateway')]\"\n }\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[concat('alz-hub-peering-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\n \"subscriptionId\": \"[[split(parameters('hubResourceId'),'/')[2]]\",\n \"resourceGroup\": \"[[split(parameters('hubResourceId'),'/')[4]]\",\n \"dependsOn\": [\n \"[[parameters('vNetName')]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"expressionEvaluationOptions\": {\n \"scope\": \"inner\"\n },\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"remoteVirtualNetwork\": {\n \"type\": \"String\",\n \"defaultValue\": false\n },\n \"hubName\": {\n \"type\": \"String\",\n \"defaultValue\": false\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\n \"name\": \"[[[concat(parameters('hubName'),'/',last(split(parameters('remoteVirtualNetwork'),'/')))]\",\n \"apiVersion\": \"2021-02-01\",\n \"properties\": {\n \"allowVirtualNetworkAccess\": true,\n \"allowForwardedTraffic\": true,\n \"allowGatewayTransit\": true,\n \"useRemoteGateways\": false,\n \"remoteVirtualNetwork\": {\n \"id\": \"[[[parameters('remoteVirtualNetwork')]\"\n }\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"remoteVirtualNetwork\": {\n \"value\": \"[[concat(subscription().id,'/resourceGroups/',parameters('vNetRgName'), '/providers/','Microsoft.Network/virtualNetworks/', parameters('vNetName'))]\"\n },\n \"hubName\": {\n \"value\": \"[[split(parameters('hubResourceId'),'/')[8]]\"\n }\n }\n }\n }\n ],\n \"outputs\": {}\n }\n },\n \"resourceGroup\": \"[[parameters('vNetRgName')]\"\n }\n ],\n \"outputs\": {}\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#105": "{\n \"name\": \"Deploy-Vm-autoShutdown\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy Virtual Machine Auto Shutdown Schedule\",\n \"description\": \"Deploys an auto shutdown schedule to a virtual machine\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Compute\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"time\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Scheduled Shutdown Time\",\n \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n },\n \"defaultValue\": \"0000\"\n },\n \"timeZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"UTC\",\n \"metadata\": {\n \"displayName\": \"Time zone\",\n \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n }\n },\n \"EnableNotification\": {\n \"type\": \"string\",\n \"defaultValue\": \"Disabled\",\n \"metadata\": {\n \"displayName\": \"Send Notification before auto-shutdown\",\n \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n },\n \"allowedValues\": [\n \"Disabled\",\n \"Enabled\"\n ]\n },\n \"NotificationEmailRecipient\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"Email Address\",\n \"description\": \"Email address to be used for notification\"\n }\n },\n \"NotificationWebhookUrl\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"displayName\": \"Webhook URL\",\n \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"type\": \"Microsoft.DevTestLab/schedules\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.DevTestLab/schedules/taskType\",\n \"equals\": \"ComputeVmShutdownTask\"\n },\n {\n \"field\": \"Microsoft.DevTestLab/schedules/targetResourceId\",\n \"equals\": \"[[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"vmName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n },\n \"time\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n }\n },\n \"timeZoneId\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n }\n },\n \"EnableNotification\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n }\n },\n \"NotificationEmailRecipient\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"description\": \"Email address to be used for notification\"\n }\n },\n \"NotificationWebhookUrl\": {\n \"type\": \"string\",\n \"defaultValue\": \"\",\n \"metadata\": {\n \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n }\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"name\": \"[[concat('shutdown-computevm-',parameters('vmName'))]\",\n \"type\": \"Microsoft.DevTestLab/schedules\",\n \"location\": \"[[parameters('location')]\",\n \"apiVersion\": \"2018-09-15\",\n \"properties\": {\n \"status\": \"Enabled\",\n \"taskType\": \"ComputeVmShutdownTask\",\n \"dailyRecurrence\": {\n \"time\": \"[[parameters('time')]\"\n },\n \"timeZoneId\": \"[[parameters('timeZoneId')]\",\n \"notificationSettings\": {\n \"status\": \"[[parameters('EnableNotification')]\",\n \"timeInMinutes\": 30,\n \"webhookUrl\": \"[[parameters('NotificationWebhookUrl')]\",\n \"emailRecipient\": \"[[parameters('NotificationEmailRecipient')]\",\n \"notificationLocale\": \"en\"\n },\n \"targetResourceId\": \"[[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"vmName\": {\n \"value\": \"[[field('name')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"time\": {\n \"value\": \"[[parameters('time')]\"\n },\n \"timeZoneId\": {\n \"value\": \"[[parameters('timeZoneId')]\"\n },\n \"EnableNotification\": {\n \"value\": \"[[parameters('EnableNotification')]\"\n },\n \"NotificationEmailRecipient\": {\n \"value\": \"[[parameters('NotificationEmailRecipient')]\"\n },\n \"NotificationWebhookUrl\": {\n \"value\": \"[[parameters('NotificationWebhookUrl')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", "$fxv#106": "{\n \"name\": \"Deploy-Windows-DomainJoin\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy Windows Domain Join Extension with keyvault configuration\",\n \"description\": \"Deploy Windows Domain Join Extension with keyvault configuration when the extension does not exist on a given windows Virtual Machine\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Guest Configuration\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"domainUsername\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"domainUsername\"\n }\n },\n \"domainPassword\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"domainPassword\"\n }\n },\n \"domainFQDN\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"domainFQDN\"\n }\n },\n \"domainOUPath\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"domainOUPath\"\n }\n },\n \"keyVaultResourceId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"keyVaultResourceId\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n {\n \"field\": \"Microsoft.Compute/imagePublisher\",\n \"equals\": \"MicrosoftWindowsServer\"\n },\n {\n \"field\": \"Microsoft.Compute/imageOffer\",\n \"equals\": \"WindowsServer\"\n },\n {\n \"field\": \"Microsoft.Compute/imageSKU\",\n \"in\": [\n \"2008-R2-SP1\",\n \"2008-R2-SP1-smalldisk\",\n \"2008-R2-SP1-zhcn\",\n \"2012-Datacenter\",\n \"2012-datacenter-gensecond\",\n \"2012-Datacenter-smalldisk\",\n \"2012-datacenter-smalldisk-g2\",\n \"2012-Datacenter-zhcn\",\n \"2012-datacenter-zhcn-g2\",\n \"2012-R2-Datacenter\",\n \"2012-r2-datacenter-gensecond\",\n \"2012-R2-Datacenter-smalldisk\",\n \"2012-r2-datacenter-smalldisk-g2\",\n \"2012-R2-Datacenter-zhcn\",\n \"2012-r2-datacenter-zhcn-g2\",\n \"2016-Datacenter\",\n \"2016-datacenter-gensecond\",\n \"2016-datacenter-gs\",\n \"2016-Datacenter-Server-Core\",\n \"2016-datacenter-server-core-g2\",\n \"2016-Datacenter-Server-Core-smalldisk\",\n \"2016-datacenter-server-core-smalldisk-g2\",\n \"2016-Datacenter-smalldisk\",\n \"2016-datacenter-smalldisk-g2\",\n \"2016-Datacenter-with-Containers\",\n \"2016-datacenter-with-containers-g2\",\n \"2016-Datacenter-with-RDSH\",\n \"2016-Datacenter-zhcn\",\n \"2016-datacenter-zhcn-g2\",\n \"2019-Datacenter\",\n \"2019-Datacenter-Core\",\n \"2019-datacenter-core-g2\",\n \"2019-Datacenter-Core-smalldisk\",\n \"2019-datacenter-core-smalldisk-g2\",\n \"2019-Datacenter-Core-with-Containers\",\n \"2019-datacenter-core-with-containers-g2\",\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\n \"2019-datacenter-core-with-containers-smalldisk-g2\",\n \"2019-datacenter-gensecond\",\n \"2019-datacenter-gs\",\n \"2019-Datacenter-smalldisk\",\n \"2019-datacenter-smalldisk-g2\",\n \"2019-Datacenter-with-Containers\",\n \"2019-datacenter-with-containers-g2\",\n \"2019-Datacenter-with-Containers-smalldisk\",\n \"2019-datacenter-with-containers-smalldisk-g2\",\n \"2019-Datacenter-zhcn\",\n \"2019-datacenter-zhcn-g2\",\n \"Datacenter-Core-1803-with-Containers-smalldisk\",\n \"datacenter-core-1803-with-containers-smalldisk-g2\",\n \"Datacenter-Core-1809-with-Containers-smalldisk\",\n \"datacenter-core-1809-with-containers-smalldisk-g2\",\n \"Datacenter-Core-1903-with-Containers-smalldisk\",\n \"datacenter-core-1903-with-containers-smalldisk-g2\",\n \"datacenter-core-1909-with-containers-smalldisk\",\n \"datacenter-core-1909-with-containers-smalldisk-g1\",\n \"datacenter-core-1909-with-containers-smalldisk-g2\"\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n \"equals\": \"JsonADDomainExtension\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n \"equals\": \"Microsoft.Compute\"\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"parameters\": {\n \"vmName\": {\n \"value\": \"[[field('name')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"domainUsername\": {\n \"reference\": {\n \"keyVault\": {\n \"id\": \"[[parameters('keyVaultResourceId')]\"\n },\n \"secretName\": \"[[parameters('domainUsername')]\"\n }\n },\n \"domainPassword\": {\n \"reference\": {\n \"keyVault\": {\n \"id\": \"[[parameters('keyVaultResourceId')]\"\n },\n \"secretName\": \"[[parameters('domainPassword')]\"\n }\n },\n \"domainOUPath\": {\n \"value\": \"[[parameters('domainOUPath')]\"\n },\n \"domainFQDN\": {\n \"value\": \"[[parameters('domainFQDN')]\"\n },\n \"keyVaultResourceId\": {\n \"value\": \"[[parameters('keyVaultResourceId')]\"\n }\n },\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"vmName\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"domainUsername\": {\n \"type\": \"String\"\n },\n \"domainPassword\": {\n \"type\": \"securestring\"\n },\n \"domainFQDN\": {\n \"type\": \"String\"\n },\n \"domainOUPath\": {\n \"type\": \"String\"\n },\n \"keyVaultResourceId\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {\n \"domainJoinOptions\": 3,\n \"vmName\": \"[[parameters('vmName')]\"\n },\n \"resources\": [\n {\n \"apiVersion\": \"2015-06-15\",\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"name\": \"[[concat(variables('vmName'),'/joindomain')]\",\n \"location\": \"[[resourceGroup().location]\",\n \"properties\": {\n \"publisher\": \"Microsoft.Compute\",\n \"type\": \"JsonADDomainExtension\",\n \"typeHandlerVersion\": \"1.3\",\n \"autoUpgradeMinorVersion\": true,\n \"settings\": {\n \"Name\": \"[[parameters('domainFQDN')]\",\n \"User\": \"[[parameters('domainUserName')]\",\n \"Restart\": \"true\",\n \"Options\": \"[[variables('domainJoinOptions')]\",\n \"OUPath\": \"[[parameters('domainOUPath')]\"\n },\n \"protectedSettings\": {\n \"Password\": \"[[parameters('domainPassword')]\"\n }\n }\n }\n ],\n \"outputs\": {}\n }\n }\n }\n }\n }\n }\n }\n}\n", @@ -105,13 +105,13 @@ "$fxv#121": "{\n \"name\": \"Deny-CognitiveServices-NetworkAcls\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Network ACLs should be restricted for Cognitive Services\",\n \"description\": \"Azure Cognitive Services should not allow adding individual IPs or virtual network rules to the service-level firewall. Enable this to restrict inbound network access and enforce the usage of private endpoints.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Cognitive Services\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.CognitiveServices/accounts\"\n },\n {\n \"anyOf\": [\n {\n \"count\": {\n \"field\": \"Microsoft.CognitiveServices/accounts/networkAcls.ipRules[*]\"\n },\n \"greater\": 0\n },\n {\n \"count\": {\n \"field\": \"Microsoft.CognitiveServices/accounts/networkAcls.virtualNetworkRules[*]\"\n },\n \"greater\": 0\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", "$fxv#122": "{\n \"name\": \"Deny-CognitiveServices-Resource-Kinds\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Only explicit kinds for Cognitive Services should be allowed\",\n \"description\": \"Azure Cognitive Services should only create explicit allowed kinds.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Cognitive Services\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"allowedKinds\": {\n \"type\": \"array\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Select the allowed resource kinds to be used with Cognitive Services\"\n },\n \"allowedValues\": [\n \"AnomalyDetector\",\n \"ComputerVision\",\n \"CognitiveServices\",\n \"ContentModerator\",\n \"CustomVision.Training\",\n \"CustomVision.Prediction\",\n \"Face\",\n \"FormRecognizer\",\n \"ImmersiveReader\",\n \"LUIS\",\n \"Personalizer\",\n \"SpeechServices\",\n \"TextAnalytics\",\n \"TextTranslation\",\n \"OpenAI\"\n ],\n \"defaultValue\": [\n \"AnomalyDetector\",\n \"ComputerVision\",\n \"CognitiveServices\",\n \"ContentModerator\",\n \"CustomVision.Training\",\n \"CustomVision.Prediction\",\n \"Face\",\n \"FormRecognizer\",\n \"ImmersiveReader\",\n \"LUIS\",\n \"Personalizer\",\n \"SpeechServices\",\n \"TextAnalytics\",\n \"TextTranslation\",\n \"OpenAI\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.CognitiveServices/accounts\"\n },\n {\n \"field\": \"kind\",\n \"notIn\": \"[[parameters('allowedKinds')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", "$fxv#123": "{\n \"name\": \"Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Outbound network access should be restricted for Cognitive Services\",\n \"description\": \"Azure Cognitive Services allow restricting outbound network access. Enable this to limit outbound connectivity for the service.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Cognitive Services\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.CognitiveServices/accounts\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.CognitiveServices/accounts/restrictOutboundNetworkAccess\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.CognitiveServices/accounts/restrictOutboundNetworkAccess\",\n \"notEquals\": true\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", - "$fxv#124": "{\n \"name\": \"Deny-EH-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Event Hub namespaces should use a valid TLS version\",\n \"description\": \"Event Hub namespaces should use a valid TLS version.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Event Hub\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minTlsVersion\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Minimum TLS Version\",\n \"description\": \"Minimum TLS version to be used by Event Hub\"\n },\n \"defaultValue\": \"1.2\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.EventHub/namespaces\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n \"notEquals\": \"[[parameters('minTlsVersion')]\"\n },\n {\n \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n \"exists\": \"false\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", + "$fxv#124": "{\n \"name\": \"Deny-EH-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Event Hub namespaces should use a valid TLS version\",\n \"description\": \"Event Hub namespaces should use a valid TLS version.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Event Hub\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minTlsVersion\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Minimum TLS Version\",\n \"description\": \"Minimum TLS version to be used by Event Hub\"\n },\n \"defaultValue\": \"1.2\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.EventHub/namespaces\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n \"less\": \"[[parameters('minTlsVersion')]\"\n },\n {\n \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n \"exists\": \"false\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", "$fxv#125": "{\n \"name\": \"Deny-EH-Premium-CMK\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Event Hub namespaces (Premium) should use a customer-managed key for encryption\",\n \"description\": \"Event Hub namespaces (Premium) should use a customer-managed key for encryption.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Event Hub\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.EventHub/namespaces\"\n },\n {\n \"field\": \"Microsoft.EventHub/namespaces/sku.name\",\n \"equals\": \"Premium\"\n },\n {\n \"not\": {\n \"field\": \"Microsoft.EventHub/namespaces/encryption.keySource\",\n \"equals\": \"Microsoft.Keyvault\"\n }\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", "$fxv#126": "{\n \"name\": \"Deny-LogicApp-Public-Network\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Logic apps should disable public network access\",\n \"description\": \"Disabling public network access improves security by ensuring that the Logic App is not exposed on the public internet. Creating private endpoints can limit exposure of a Logic App. Learn more at: https://aka.ms/app-service-private-endpoint.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Logic Apps\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Web/sites\"\n },\n {\n \"field\": \"kind\",\n \"contains\": \"workflowapp\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Web/sites/publicNetworkAccess\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.Web/sites/publicNetworkAccess\",\n \"notEquals\": \"Disabled\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", "$fxv#127": "{\n \"name\": \"Deny-LogicApps-Without-Https\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Logic app should only be accessible over HTTPS\",\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Logic Apps\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Web/sites\"\n },\n {\n \"field\": \"kind\",\n \"contains\": \"workflowapp\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\n \"equals\": \"false\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", "$fxv#128": "{\n \"name\": \"Deny-Service-Endpoints\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deny or Audit service endpoints on subnets\",\n \"description\": \"This Policy will deny/audit Service Endpoints on subnets. Service Endpoints allows the network traffic to bypass Network appliances, such as the Azure Firewall.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*]\",\n \"where\": {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*].service\",\n \"exists\": true\n }\n },\n \"greater\": 0\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", "$fxv#129": "{\n \"name\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Storage Accounts should use a container delete retention policy\",\n \"description\": \"Enforce container delete retention policies larger than seven days for storage account. Enable this for increased data loss protection.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Storage\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minContainerDeleteRetentionInDays\": {\n \"type\": \"Integer\",\n \"metadata\": {\n \"displayName\": \"Minimum Container Delete Retention in Days\",\n \"description\": \"Specifies the minimum number of days for the container delete retention policy\"\n },\n \"defaultValue\": 7\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled\",\n \"exists\": false\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled\",\n \"notEquals\": true\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.days\",\n \"less\": \"[[parameters('minContainerDeleteRetentionInDays')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", - "$fxv#13": "{\n \"name\": \"Deny-MySql-http\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"MySQL database servers enforce SSL connections.\",\n \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version minimum TLS for MySQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for MySQL server to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DBforMySQL/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", + "$fxv#13": "{\n \"name\": \"Deny-MySql-http\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"MySQL database servers enforce SSL connections.\",\n \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version minimum TLS for MySQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for MySQL server to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DBforMySQL/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\n \"less\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#130": "{\n \"name\": \"Deny-Storage-CopyScope\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Allowed Copy scope should be restricted for Storage Accounts\",\n \"description\": \"Azure Storage accounts should restrict the allowed copy scope. Enforce this for increased data exfiltration protection.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Storage\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"allowedCopyScope\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Allowed Copy Scope\",\n \"description\": \"Specify the allowed copy scope.\"\n },\n \"allowedValues\": [\n \"AAD\",\n \"PrivateLink\"\n ],\n \"defaultValue\": \"AAD\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Storage/storageAccounts/allowedCopyScope\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/allowedCopyScope\",\n \"notEquals\": \"[[parameters('allowedCopyScope')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", "$fxv#131": "{\n \"name\": \"Deny-Storage-CorsRules\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Storage Accounts should restrict CORS rules\",\n \"description\": \"Deny CORS rules for storage account for increased data exfiltration protection and endpoint protection.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Storage\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Storage/storageAccounts/blobServices/cors.corsRules[*]\"\n },\n \"greater\": 0\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Storage/storageAccounts/fileServices/cors.corsRules[*]\"\n },\n \"greater\": 0\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts/tableServices\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Storage/storageAccounts/tableServices/cors.corsRules[*]\"\n },\n \"greater\": 0\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts/queueServices\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Storage/storageAccounts/queueServices/cors.corsRules[*]\"\n },\n \"greater\": 0\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", "$fxv#132": "{\n \"name\": \"Deny-Storage-LocalUser\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Local users should be restricted for Storage Accounts\",\n \"description\": \"Azure Storage accounts should disable local users for features like SFTP. Enforce this for increased data exfiltration protection.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Storage\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Storage/storageAccounts/isLocalUserEnabled\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/isLocalUserEnabled\",\n \"notEquals\": false\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}", @@ -159,9 +159,9 @@ "$fxv#18": "{\n \"name\": \"Deny-RDP-From-Internet\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"[Deprecated] RDP access from the Internet should be blocked\",\n \"description\": \"This policy denies any network security rule that allows RDP access from Internet. This policy is superseded by https://www.azadvertizer.net/azpolicyadvertizer/Deny-MgmtPorts-From-Internet.html\",\n \"metadata\": {\n \"deprecated\": true,\n \"supersededBy\": \"Deny-MgmtPorts-From-Internet\",\n \"version\": \"1.0.1-deprecated\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\n },\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\n \"equals\": \"Allow\"\n },\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\n \"equals\": \"Inbound\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\n \"equals\": \"*\"\n },\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\n \"equals\": \"3389\"\n },\n {\n \"value\": \"[[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), contains(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),'-')), and(lessOrEquals(int(first(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),3389),greaterOrEquals(int(last(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),3389)), 'false')]\",\n \"equals\": \"true\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\n \"where\": {\n \"value\": \"[[if(and(not(empty(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')))), contains(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')),'-')), and(lessOrEquals(int(first(split(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')), '-'))),3389),greaterOrEquals(int(last(split(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')), '-'))),3389)) , 'false')]\",\n \"equals\": \"true\"\n }\n },\n \"greater\": 0\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\n \"notEquals\": \"*\"\n }\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\n \"notEquals\": \"3389\"\n }\n }\n ]\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\n \"equals\": \"*\"\n },\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\n \"equals\": \"Internet\"\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\n \"notEquals\": \"*\"\n }\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\n \"notEquals\": \"Internet\"\n }\n }\n ]\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#19": "{\n \"name\": \"Deny-MgmtPorts-From-Internet\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Management port access from the Internet should be blocked\",\n \"description\": \"This policy denies any network security rule that allows management port access from the Internet, by default blocking SSH/RDP ports.\",\n \"metadata\": {\n \"version\": \"2.1.1\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"replacesPolicy\": \"Deny-RDP-From-Internet\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"ports\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"Ports\",\n \"description\": \"Ports to be blocked\"\n },\n \"defaultValue\": [\n \"22\",\n \"3389\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\n },\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\n \"equals\": \"Allow\"\n },\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\n \"equals\": \"Inbound\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\n \"equals\": \"*\"\n },\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\n \"in\": \"[[parameters('ports')]\"\n },\n {\n \"count\": {\n \"value\": \"[[parameters('ports')]\",\n \"where\": {\n \"value\": \"[[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), contains(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),'-')), and(lessOrEquals(int(first(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),int(current())),greaterOrEquals(int(last(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),int(current()))), 'false')]\",\n \"equals\": \"true\"\n }\n },\n \"greater\": 0\n },\n {\n \"count\": {\n \"value\": \"[[parameters('ports')]\",\n \"name\": \"ports\",\n \"where\": {\n \"count\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\n \"where\": {\n \"value\": \"[[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'), '-'))),int(current('ports')))) , 'false')]\",\n \"equals\": \"true\"\n }\n },\n \"greater\": 0\n }\n },\n \"greater\": 0\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\n \"notEquals\": \"*\"\n }\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\n \"notIn\": \"[[parameters('ports')]\"\n }\n }\n ]\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\n \"equals\": \"*\"\n },\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\n \"equals\": \"Internet\"\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\n \"notEquals\": \"*\"\n }\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\n \"notEquals\": \"Internet\"\n }\n }\n ]\n }\n ]\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\",\n \"where\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\n \"equals\": \"Allow\"\n },\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\n \"equals\": \"Inbound\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\n \"equals\": \"*\"\n },\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\n \"in\": \"[[parameters('ports')]\"\n },\n {\n \"count\": {\n \"value\": \"[[parameters('ports')]\",\n \"name\": \"ports\",\n \"where\": {\n \"value\": \"[[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'), '-'))),int(current('ports')))), 'false')]\",\n \"equals\": \"true\"\n }\n },\n \"greater\": 0\n },\n {\n \"count\": {\n \"value\": \"[[parameters('ports')]\",\n \"name\": \"ports\",\n \"where\": {\n \"count\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\n \"where\": {\n \"value\": \"[[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'), '-'))),int(current('ports')))) , 'false')]\",\n \"equals\": \"true\"\n }\n },\n \"greater\": 0\n }\n },\n \"greater\": 0\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\n \"notEquals\": \"*\"\n }\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\n \"notIn\": \"[[parameters('ports')]\"\n }\n }\n ]\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\n \"equals\": \"*\"\n },\n {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\n \"equals\": \"Internet\"\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\n \"notEquals\": \"*\"\n }\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\n \"notEquals\": \"Internet\"\n }\n }\n ]\n }\n ]\n }\n },\n \"greater\": 0\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#2": "{\n \"name\": \"Append-KV-SoftDelete\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"KeyVault SoftDelete should be enabled\",\n \"description\": \"This policy enables you to ensure when a Key Vault is created with out soft delete enabled it will be added.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Key Vault\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {},\n \"policyRule\": {\n \"if\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.KeyVault/vaults\"\n },\n {\n \"field\": \"Microsoft.KeyVault/vaults/enableSoftDelete\",\n \"notEquals\": true\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"append\",\n \"details\": [\n {\n \"field\": \"Microsoft.KeyVault/vaults/enableSoftDelete\",\n \"value\": true\n }\n ]\n }\n }\n }\n}\n", - "$fxv#20": "{\n \"name\": \"Deny-Redis-http\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Cache for Redis only secure connections should be enabled\",\n \"description\": \"Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Cache\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\n }\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select minumum TLS version for Azure Cache for Redis.\",\n \"description\": \"Select minimum TLS version for Azure Cache for Redis.\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Cache/redis\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Cache/Redis/minimumTlsVersion\",\n \"notequals\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", - "$fxv#21": "{\n \"name\": \"Deny-Sql-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure SQL Database should have the minimal TLS version set to the highest version\",\n \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"defaultValue\": \"Audit\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for SQL server\",\n \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/minimalTlsVersion\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.Sql/servers/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", - "$fxv#22": "{\n \"name\": \"Deny-SqlMi-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"SQL Managed Instance should have the minimal TLS version set to the highest version\",\n \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"defaultValue\": \"Audit\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for SQL server\",\n \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/managedInstances\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", + "$fxv#20": "{\n \"name\": \"Deny-Redis-http\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Cache for Redis only secure connections should be enabled\",\n \"description\": \"Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Cache\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\n }\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select minimum TLS version for Azure Cache for Redis.\",\n \"description\": \"Select minimum TLS version for Azure Cache for Redis.\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Cache/redis\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Cache/Redis/minimumTlsVersion\",\n \"less\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", + "$fxv#21": "{\n \"name\": \"Deny-Sql-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure SQL Database should have the minimal TLS version set to the highest version\",\n \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"defaultValue\": \"Audit\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for SQL server\",\n \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/minimalTlsVersion\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.Sql/servers/minimalTlsVersion\",\n \"less\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", + "$fxv#22": "{\n \"name\": \"Deny-SqlMi-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"SQL Managed Instance should have the minimal TLS version set to the highest version\",\n \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"defaultValue\": \"Audit\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for SQL server\",\n \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/managedInstances\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n \"less\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#23": "{\n \"name\": \"Deny-Storage-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"[Deprecated] Storage Account set to minimum TLS and Secure transfer should be enabled\",\n \"description\": \"Audit requirement of Secure transfer in your storage account. This policy is superseded by https://www.azadvertizer.net/azpolicyadvertizer/fe83a0eb-a853-422d-aac2-1bffd182c5d0.html and https://www.azadvertizer.net/azpolicyadvertizer/404c3081-a854-4457-ae30-26a93ef643f9.html\",\n \"metadata\": {\n \"deprecated\": true,\n \"supersededBy\": \"fe83a0eb-a853-422d-aac2-1bffd182c5d0,404c3081-a854-4457-ae30-26a93ef643f9\",\n \"version\": \"1.0.0-deprecated\",\n \"category\": \"Storage\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\n }\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_1\",\n \"TLS1_0\"\n ],\n \"metadata\": {\n \"displayName\": \"Storage Account select minimum TLS version\",\n \"description\": \"Select version minimum TLS version on Azure Storage Account to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts\"\n },\n {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"value\": \"[[requestContext().apiVersion]\",\n \"less\": \"2019-04-01\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n \"exists\": \"false\"\n }\n ]\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n \"equals\": \"false\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n \"notequals\": \"[[parameters('minimumTlsVersion')]\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n \"exists\": \"false\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#24": "{\n \"name\": \"Deny-Storage-SFTP\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Storage Accounts with SFTP enabled should be denied\",\n \"description\": \"This policy denies the creation of Storage Accounts with SFTP enabled for Blob Storage.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Storage\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/isSftpEnabled\",\n \"equals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#25": "{\n \"name\": \"Deny-Subnet-Without-Nsg\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Subnets should have a Network Security Group\",\n \"description\": \"This policy denies the creation of a subnet without a Network Security Group. NSG help to protect traffic across subnet-level.\",\n \"metadata\": {\n \"version\": \"2.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"excludedSubnets\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"Excluded Subnets\",\n \"description\": \"Array of subnet names that are excluded from this policy\"\n },\n \"defaultValue\": [\n \"GatewaySubnet\",\n \"AzureFirewallSubnet\",\n \"AzureFirewallManagementSubnet\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"equals\": \"Microsoft.Network/virtualNetworks\",\n \"field\": \"type\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*]\",\n \"where\": {\n \"allOf\": [\n {\n \"exists\": \"false\",\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\"\n },\n {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].name\",\n \"notIn\": \"[[parameters('excludedSubnets')]\"\n }\n ]\n }\n },\n \"notEquals\": 0\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\n },\n {\n \"field\": \"name\",\n \"notIn\": \"[[parameters('excludedSubnets')]\"\n },\n {\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\n \"exists\": \"false\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", @@ -180,7 +180,7 @@ "$fxv#37": "{\n \"name\": \"Deploy-ASC-SecurityContacts\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Microsoft Defender for Cloud Security Contacts\",\n \"description\": \"Deploy Microsoft Defender for Cloud Security Contacts\",\n \"metadata\": {\n \"version\": \"2.0.0\",\n \"category\": \"Security Center\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Security contacts email address\",\n \"description\": \"Provide email addresses (semi-colon separated) for Defender for Cloud contact details\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"String\",\n \"defaultValue\": \"High\",\n \"allowedValues\": [\n \"High\",\n \"Medium\",\n \"Low\"\n ],\n \"metadata\": {\n \"displayName\": \"Minimal severity\",\n \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Security/securityContacts\",\n \"deploymentScope\": \"subscription\",\n \"existenceScope\": \"subscription\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Security/securityContacts/email\",\n \"contains\": \"[[parameters('emailSecurityContact')]\"\n },\n {\n \"field\": \"Microsoft.Security/securityContacts/isEnabled\",\n \"equals\": true\n },\n {\n \"field\": \"Microsoft.Security/securityContacts/notificationsSources[*].Alert.minimalSeverity\",\n \"contains\": \"[[parameters('minimalSeverity')]\"\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"value\": \"[[parameters('emailSecurityContact')]\"\n },\n \"minimalSeverity\": {\n \"value\": \"[[parameters('minimalSeverity')]\"\n }\n },\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"Security contacts email address\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"Minimal severity level reported\"\n }\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Security/securityContacts\",\n \"name\": \"default\",\n \"apiVersion\": \"2023-12-01-preview\",\n \"properties\": {\n \"emails\": \"[[parameters('emailSecurityContact')]\",\n \"isEnabled\": true,\n \"notificationsByRole\": {\n \"state\": \"On\",\n \"roles\": [\n \"Owner\"\n ]\n },\n \"notificationsSources\": [\n {\n \"sourceType\": \"Alert\",\n \"minimalSeverity\": \"[[parameters('minimalSeverity')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#38": "{\n \"name\": \"Deploy-Custom-Route-Table\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy a route table with specific user defined routes\",\n \"description\": \"Deploys a route table with specific user defined routes when one does not exist. The route table deployed by the policy must be manually associated to subnet(s)\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"requiredRoutes\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"requiredRoutes\",\n \"description\": \"Routes that must exist in compliant route tables deployed by this policy\"\n }\n },\n \"vnetRegion\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"vnetRegion\",\n \"description\": \"Only VNets in this region will be evaluated against this policy\"\n }\n },\n \"routeTableName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"routeTableName\",\n \"description\": \"Name of the route table automatically deployed by this policy\"\n }\n },\n \"disableBgpPropagation\": {\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"DisableBgpPropagation\",\n \"description\": \"Disable BGP Propagation\"\n },\n \"defaultValue\": false\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks\"\n },\n {\n \"field\": \"location\",\n \"equals\": \"[[parameters('vnetRegion')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/routeTables\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"name\",\n \"equals\": \"[[parameters('routeTableName')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/routeTables/routes[*]\",\n \"where\": {\n \"value\": \"[[concat(current('Microsoft.Network/routeTables/routes[*].addressPrefix'), ';', current('Microsoft.Network/routeTables/routes[*].nextHopType'), if(equals(toLower(current('Microsoft.Network/routeTables/routes[*].nextHopType')),'virtualappliance'), concat(';', current('Microsoft.Network/routeTables/routes[*].nextHopIpAddress')), ''))]\",\n \"in\": \"[[parameters('requiredRoutes')]\"\n }\n },\n \"equals\": \"[[length(parameters('requiredRoutes'))]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/subscriptions/e867a45d-e513-44ac-931e-4741cef80b24/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"routeTableName\": {\n \"type\": \"string\"\n },\n \"vnetRegion\": {\n \"type\": \"string\"\n },\n \"requiredRoutes\": {\n \"type\": \"array\"\n },\n \"disableBgpPropagation\": {\n \"type\": \"bool\"\n }\n },\n \"variables\": {\n \"copyLoop\": [\n {\n \"name\": \"routes\",\n \"count\": \"[[[length(parameters('requiredRoutes'))]\",\n \"input\": {\n \"name\": \"[[[concat('route-',copyIndex('routes'))]\",\n \"properties\": {\n \"addressPrefix\": \"[[[split(parameters('requiredRoutes')[copyIndex('routes')], ';')[0]]\",\n \"nextHopType\": \"[[[split(parameters('requiredRoutes')[copyIndex('routes')], ';')[1]]\",\n \"nextHopIpAddress\": \"[[[if(equals(toLower(split(parameters('requiredRoutes')[copyIndex('routes')], ';')[1]),'virtualappliance'),split(parameters('requiredRoutes')[copyIndex('routes')], ';')[2], null())]\"\n }\n }\n }\n ]\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"routeTableDepl\",\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"routeTableName\": {\n \"type\": \"string\"\n },\n \"vnetRegion\": {\n \"type\": \"string\"\n },\n \"requiredRoutes\": {\n \"type\": \"array\"\n },\n \"disableBgpPropagation\": {\n \"type\": \"bool\"\n }\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/routeTables\",\n \"apiVersion\": \"2021-02-01\",\n \"name\": \"[[[parameters('routeTableName')]\",\n \"location\": \"[[[parameters('vnetRegion')]\",\n \"properties\": {\n \"disableBgpRoutePropagation\": \"[[[parameters('disableBgpPropagation')]\",\n \"copy\": \"[[variables('copyLoop')]\"\n }\n }\n ]\n },\n \"parameters\": {\n \"routeTableName\": {\n \"value\": \"[[parameters('routeTableName')]\"\n },\n \"vnetRegion\": {\n \"value\": \"[[parameters('vnetRegion')]\"\n },\n \"requiredRoutes\": {\n \"value\": \"[[parameters('requiredRoutes')]\"\n },\n \"disableBgpPropagation\": {\n \"value\": \"[[parameters('disableBgpPropagation')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"routeTableName\": {\n \"value\": \"[[parameters('routeTableName')]\"\n },\n \"vnetRegion\": {\n \"value\": \"[[parameters('vnetRegion')]\"\n },\n \"requiredRoutes\": {\n \"value\": \"[[parameters('requiredRoutes')]\"\n },\n \"disableBgpPropagation\": {\n \"value\": \"[[parameters('disableBgpPropagation')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#39": "{\n \"name\": \"Deploy-DDoSProtection\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy an Azure DDoS Network Protection\",\n \"description\": \"Deploys an Azure DDoS Network Protection\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"ddosName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"ddosName\",\n \"description\": \"DDoSVnet\"\n }\n },\n \"ddosRegion\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"ddosRegion\",\n \"description\": \"DDoSVnet location\",\n \"strongType\": \"location\"\n }\n },\n \"rgName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"rgName\",\n \"description\": \"Provide name for resource group.\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/ddosProtectionPlans\",\n \"deploymentScope\": \"subscription\",\n \"existenceScope\": \"resourceGroup\",\n \"resourceGroupName\": \"[[parameters('rgName')]\",\n \"name\": \"[[parameters('ddosName')]\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"Incremental\",\n \"parameters\": {\n \"rgName\": {\n \"value\": \"[[parameters('rgName')]\"\n },\n \"ddosname\": {\n \"value\": \"[[parameters('ddosname')]\"\n },\n \"ddosregion\": {\n \"value\": \"[[parameters('ddosRegion')]\"\n }\n },\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"rgName\": {\n \"type\": \"String\"\n },\n \"ddosname\": {\n \"type\": \"String\"\n },\n \"ddosRegion\": {\n \"type\": \"String\"\n }\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2018-05-01\",\n \"name\": \"[[parameters('rgName')]\",\n \"location\": \"[[deployment().location]\",\n \"properties\": {}\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2018-05-01\",\n \"name\": \"ddosprotection\",\n \"resourceGroup\": \"[[parameters('rgName')]\",\n \"dependsOn\": [\n \"[[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/ddosProtectionPlans\",\n \"apiVersion\": \"2019-12-01\",\n \"name\": \"[[parameters('ddosName')]\",\n \"location\": \"[[parameters('ddosRegion')]\",\n \"properties\": {}\n }\n ],\n \"outputs\": {}\n }\n }\n }\n ],\n \"outputs\": {}\n }\n }\n }\n }\n }\n }\n }\n}\n", - "$fxv#4": "{\n \"name\": \"Append-Redis-sslEnforcement\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.\",\n \"description\": \"Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Cache\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect Azure Cache for Redis\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis\"\n }\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for Redis server\",\n \"description\": \"Select version minimum TLS version Azure Cache for Redis to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Cache/redis\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Cache/Redis/minimumTlsVersion\",\n \"notequals\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": [\n {\n \"field\": \"Microsoft.Cache/Redis/minimumTlsVersion\",\n \"value\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n }\n }\n }\n}\n", + "$fxv#4": "{\n \"name\": \"Append-Redis-sslEnforcement\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.\",\n \"description\": \"Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Cache\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Append\",\n \"allowedValues\": [\n \"Append\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect Azure Cache for Redis\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis\"\n }\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for Redis server\",\n \"description\": \"Select version minimum TLS version Azure Cache for Redis to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Cache/redis\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Cache/Redis/minimumTlsVersion\",\n \"less\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": [\n {\n \"field\": \"Microsoft.Cache/Redis/minimumTlsVersion\",\n \"value\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n }\n }\n }\n}\n", "$fxv#40": "{\n \"name\": \"Deploy-Diagnostics-AA\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n \"metadata\": {\n \"deprecated\": true,\n \"version\": \"1.1.0-deprecated\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Automation/automationAccounts\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"[[parameters('profileName')]\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Automation/automationAccounts/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"timeGrain\": null,\n \"enabled\": \"[[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ],\n \"logs\": [\n {\n \"category\": \"JobLogs\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"JobStreams\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"DscNodeStatus\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"AuditEvent\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[[parameters('metricsEnabled')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", "$fxv#41": "{\n \"name\": \"Deploy-Diagnostics-ACI\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n \"metadata\": {\n \"deprecated\": true,\n \"version\": \"1.1.0-deprecated\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.ContainerInstance/containerGroups\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"[[parameters('profileName')]\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.ContainerInstance/containerGroups/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"enabled\": \"[[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"days\": 0,\n \"enabled\": false\n },\n \"timeGrain\": null\n }\n ],\n \"logs\": []\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[[parameters('metricsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", "$fxv#42": "{\n \"name\": \"Deploy-Diagnostics-ACR\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n \"metadata\": {\n \"deprecated\": true,\n \"version\": \"1.1.0-deprecated\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.ContainerRegistry/registries\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"[[parameters('profileName')]\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.ContainerRegistry/registries/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"enabled\": \"[[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"days\": 0,\n \"enabled\": false\n },\n \"timeGrain\": null\n }\n ],\n \"logs\": [\n {\n \"category\": \"ContainerRegistryLoginEvents\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"ContainerRegistryRepositoryEvents\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[[parameters('metricsEnabled')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", @@ -238,12 +238,12 @@ "$fxv#9": "{\n \"name\": \"Deny-AppGW-Without-WAF\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Application Gateway should be deployed with WAF enabled\",\n \"description\": \"This policy enables you to restrict that Application Gateways is always deployed with WAF enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/applicationGateways\"\n },\n {\n \"field\": \"Microsoft.Network/applicationGateways/sku.name\",\n \"notequals\": \"WAF_v2\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#90": "{\n \"name\": \"Deploy-Diagnostics-WVDWorkspace\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n \"metadata\": {\n \"deprecated\": true,\n \"version\": \"1.1.1-deprecated\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/workspaces\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"[[parameters('profileName')]\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/workspaces/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Checkpoint\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Error\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Management\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Feed\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", "$fxv#91": "{\n \"name\": \"Deploy-FirewallPolicy\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Azure Firewall Manager policy in the subscription\",\n \"description\": \"Deploys Azure Firewall Manager policy in subscription where the policy is assigned.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"fwpolicy\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"fwpolicy\",\n \"description\": \"Object describing Azure Firewall Policy\"\n },\n \"defaultValue\": {}\n },\n \"fwPolicyRegion\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"fwPolicyRegion\",\n \"description\": \"Select Azure region for Azure Firewall Policy\",\n \"strongType\": \"location\"\n }\n },\n \"rgName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"rgName\",\n \"description\": \"Provide name for resource group.\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/firewallPolicies\",\n \"deploymentScope\": \"subscription\",\n \"existenceScope\": \"resourceGroup\",\n \"resourceGroupName\": \"[[parameters('rgName')]\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"Incremental\",\n \"parameters\": {\n \"rgName\": {\n \"value\": \"[[parameters('rgName')]\"\n },\n \"fwPolicy\": {\n \"value\": \"[[parameters('fwPolicy')]\"\n },\n \"fwPolicyRegion\": {\n \"value\": \"[[parameters('fwPolicyRegion')]\"\n }\n },\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"rgName\": {\n \"type\": \"String\"\n },\n \"fwPolicy\": {\n \"type\": \"object\"\n },\n \"fwPolicyRegion\": {\n \"type\": \"String\"\n }\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2018-05-01\",\n \"name\": \"[[parameters('rgName')]\",\n \"location\": \"[[deployment().location]\",\n \"properties\": {}\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2018-05-01\",\n \"name\": \"fwpolicies\",\n \"resourceGroup\": \"[[parameters('rgName')]\",\n \"dependsOn\": [\n \"[[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {},\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/firewallPolicies\",\n \"apiVersion\": \"2019-09-01\",\n \"name\": \"[[parameters('fwpolicy').firewallPolicyName]\",\n \"location\": \"[[parameters('fwpolicy').location]\",\n \"dependsOn\": [],\n \"tags\": {},\n \"properties\": {},\n \"resources\": [\n {\n \"type\": \"ruleGroups\",\n \"apiVersion\": \"2019-09-01\",\n \"name\": \"[[parameters('fwpolicy').ruleGroups.name]\",\n \"dependsOn\": [\n \"[[resourceId('Microsoft.Network/firewallPolicies',parameters('fwpolicy').firewallPolicyName)]\"\n ],\n \"properties\": {\n \"priority\": \"[[parameters('fwpolicy').ruleGroups.properties.priority]\",\n \"rules\": \"[[parameters('fwpolicy').ruleGroups.properties.rules]\"\n }\n }\n ]\n }\n ],\n \"outputs\": {}\n }\n }\n }\n ],\n \"outputs\": {}\n }\n }\n }\n }\n }\n }\n }\n}\n", - "$fxv#92": "{\n \"name\": \"Deploy-MySQL-sslEnforcement\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Database for MySQL server deploy a specific min TLS version and enforce SSL.\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect minimum TLS version Azure Database for MySQL server\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure Database for MySQL server\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version minimum TLS for MySQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for MySQL server to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DBforMySQL/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.DBforMySQL/servers\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n \"equals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\n \"equals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DBforMySQL/servers\",\n \"apiVersion\": \"2017-12-01\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"sslEnforcement\": \"[[if(equals(parameters('minimalTlsVersion'), 'TLSEnforcementDisabled'),'Disabled', 'Enabled')]\",\n \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('minimalTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#92": "{\n \"name\": \"Deploy-MySQL-sslEnforcement\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Database for MySQL server deploy a specific min TLS version and enforce SSL.\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.2.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect minimum TLS version Azure Database for MySQL server\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure Database for MySQL server\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version minimum TLS for MySQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for MySQL server to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DBforMySQL/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\n \"less\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.DBforMySQL/servers\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n \"equals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\n \"equals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DBforMySQL/servers\",\n \"apiVersion\": \"2017-12-01\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"sslEnforcement\": \"[[if(equals(parameters('minimalTlsVersion'), 'TLSEnforcementDisabled'),'Disabled', 'Enabled')]\",\n \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('minimalTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#93": "{\n \"name\": \"Deploy-Nsg-FlowLogs-to-LA\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"[Deprecated] Deploys NSG flow logs and traffic analytics to Log Analytics\",\n \"description\": \"[Deprecated] Deprecated by built-in policy. Deploys NSG flow logs and traffic analytics to Log Analytics with a specified retention period. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html\",\n \"metadata\": {\n \"deprecated\": true,\n \"supersededBy\": \"e920df7f-9a64-4066-9b58-52684c02a091\",\n \"version\": \"1.1.0-deprecated\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"retention\": {\n \"type\": \"Integer\",\n \"metadata\": {\n \"displayName\": \"Retention\"\n },\n \"defaultValue\": 5\n },\n \"interval\": {\n \"type\": \"Integer\",\n \"metadata\": {\n \"displayName\": \"Traffic Analytics processing interval mins (10/60)\"\n },\n \"defaultValue\": 60\n },\n \"workspace\": {\n \"type\": \"String\",\n \"metadata\": {\n \"strongType\": \"omsWorkspace\",\n \"displayName\": \"Resource ID of Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\"\n },\n \"defaultValue\": \"\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/networkWatchers/flowlogs\",\n \"name\": \"[[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id'))), 'null/null', concat(split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[8], '/', split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[10]))]\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/networkWatchers/flowLogs/enabled\",\n \"equals\": \"true\"\n }\n ]\n },\n \"existenceScope\": \"resourceGroup\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\n \"/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12\",\n \"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\n \"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\",\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"resourceGroupName\": \"[[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs'))), 'NetworkWatcherRG', split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[4])]\",\n \"deploymentScope\": \"subscription\",\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"Incremental\",\n \"parameters\": {\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"networkSecurityGroup\": {\n \"value\": \"[[field('id')]\"\n },\n \"workspace\": {\n \"value\": \"[[parameters('workspace')]\"\n },\n \"retention\": {\n \"value\": \"[[parameters('retention')]\"\n },\n \"interval\": {\n \"value\": \"[[parameters('interval')]\"\n }\n },\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"location\": {\n \"type\": \"String\"\n },\n \"networkSecurityGroup\": {\n \"type\": \"String\"\n },\n \"workspace\": {\n \"type\": \"String\"\n },\n \"retention\": {\n \"type\": \"int\"\n },\n \"interval\": {\n \"type\": \"int\"\n },\n \"time\": {\n \"type\": \"String\",\n \"defaultValue\": \"[[utcNow()]\"\n }\n },\n \"variables\": {\n \"resourceGroupName\": \"[[split(parameters('networkSecurityGroup'), '/')[4]]\",\n \"securityGroupName\": \"[[split(parameters('networkSecurityGroup'), '/')[8]]\",\n \"storageAccountName\": \"[[concat('es', uniqueString(variables('securityGroupName'), parameters('time')))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"[[concat(variables('resourceGroupName'), '.', variables('securityGroupName'))]\",\n \"resourceGroup\": \"[[variables('resourceGroupName')]\",\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"resources\": [\n {\n \"type\": \"Microsoft.Storage/storageAccounts\",\n \"apiVersion\": \"2019-06-01\",\n \"name\": \"[[variables('storageAccountName')]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {},\n \"kind\": \"StorageV2\",\n \"sku\": {\n \"name\": \"Standard_LRS\",\n \"tier\": \"Standard\"\n }\n }\n ]\n }\n }\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"[[concat('NetworkWatcherRG', '.', variables('securityGroupName'))]\",\n \"resourceGroup\": \"NetworkWatcherRG\",\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/networkWatchers\",\n \"apiVersion\": \"2020-05-01\",\n \"name\": \"[[concat('NetworkWatcher_', toLower(parameters('location')))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {},\n \"resources\": [\n {\n \"type\": \"flowLogs\",\n \"apiVersion\": \"2019-11-01\",\n \"name\": \"[[concat(variables('securityGroupName'), '-Network-flowlog')]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"enabled\": true,\n \"format\": {\n \"type\": \"JSON\",\n \"version\": 2\n },\n \"retentionPolicy\": {\n \"days\": \"[[parameters('retention')]\",\n \"enabled\": true\n },\n \"flowAnalyticsConfiguration\": {\n \"networkWatcherFlowAnalyticsConfiguration\": {\n \"enabled\": true,\n \"trafficAnalyticsInterval\": \"[[parameters('interval')]\",\n \"workspaceResourceId\": \"[[parameters('workspace')]\"\n }\n },\n \"storageId\": \"[[concat(subscription().id, '/resourceGroups/', variables('resourceGroupName'), '/providers/Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]\",\n \"targetResourceId\": \"[[parameters('networkSecurityGroup')]\"\n },\n \"dependsOn\": [\n \"[[concat('NetworkWatcher_', toLower(parameters('location')))]\"\n ]\n }\n ]\n }\n ]\n }\n },\n \"dependsOn\": [\n \"[[concat(variables('resourceGroupName'), '.', variables('securityGroupName'))]\"\n ]\n }\n ],\n \"outputs\": {}\n }\n }\n }\n }\n }\n }\n }\n}", "$fxv#94": "{\n \"name\": \"Deploy-Nsg-FlowLogs\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"[Deprecated] Deploys NSG flow logs and traffic analytics\",\n \"description\": \"[Deprecated] Deprecated by built-in policy. Deploys NSG flow logs and traffic analytics to a storageaccountid with a specified retention period. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html\",\n \"metadata\": {\n \"deprecated\": true,\n \"supersededBy\": \"e920df7f-9a64-4066-9b58-52684c02a091\",\n \"version\": \"1.0.0-deprecated\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"retention\": {\n \"type\": \"Integer\",\n \"metadata\": {\n \"displayName\": \"Retention\"\n },\n \"defaultValue\": 5\n },\n \"storageAccountResourceId\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Storage Account Resource Id\",\n \"strongType\": \"Microsoft.Storage/storageAccounts\"\n }\n },\n \"trafficAnalyticsInterval\": {\n \"type\": \"Integer\",\n \"metadata\": {\n \"displayName\": \"Traffic Analytics processing interval mins (10/60)\"\n },\n \"defaultValue\": 60\n },\n \"flowAnalyticsEnabled\": {\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"Enable Traffic Analytics\"\n },\n \"defaultValue\": false\n },\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"strongType\": \"omsWorkspace\",\n \"displayName\": \"Resource ID of Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\"\n },\n \"defaultValue\": \"\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/networkWatchers/flowLogs\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"resourceGroupName\": \"NetworkWatcherRG\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Network/networkWatchers/flowLogs/enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled\",\n \"equals\": \"[[parameters('flowAnalyticsEnabled')]\"\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"parameters\": {\n \"networkSecurityGroupName\": {\n \"value\": \"[[field('name')]\"\n },\n \"resourceGroupName\": {\n \"value\": \"[[resourceGroup().name]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"storageAccountResourceId\": {\n \"value\": \"[[parameters('storageAccountResourceId')]\"\n },\n \"retention\": {\n \"value\": \"[[parameters('retention')]\"\n },\n \"flowAnalyticsEnabled\": {\n \"value\": \"[[parameters('flowAnalyticsEnabled')]\"\n },\n \"trafficAnalyticsInterval\": {\n \"value\": \"[[parameters('trafficAnalyticsInterval')]\"\n },\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n }\n },\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"networkSecurityGroupName\": {\n \"type\": \"String\"\n },\n \"resourceGroupName\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"storageAccountResourceId\": {\n \"type\": \"String\"\n },\n \"retention\": {\n \"type\": \"int\"\n },\n \"flowAnalyticsEnabled\": {\n \"type\": \"bool\"\n },\n \"trafficAnalyticsInterval\": {\n \"type\": \"int\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/networkWatchers/flowLogs\",\n \"apiVersion\": \"2020-05-01\",\n \"name\": \"[[take(concat('NetworkWatcher_', toLower(parameters('location')), '/', parameters('networkSecurityGroupName'), '-', parameters('resourceGroupName'), '-flowlog' ), 80)]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"targetResourceId\": \"[[resourceId(parameters('resourceGroupName'), 'Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]\",\n \"storageId\": \"[[parameters('storageAccountResourceId')]\",\n \"enabled\": true,\n \"retentionPolicy\": {\n \"enabled\": true,\n \"days\": \"[[parameters('retention')]\"\n },\n \"format\": {\n \"type\": \"JSON\",\n \"version\": 2\n },\n \"flowAnalyticsConfiguration\": {\n \"networkWatcherFlowAnalyticsConfiguration\": {\n \"enabled\": \"[[bool(parameters('flowAnalyticsEnabled'))]\",\n \"trafficAnalyticsInterval\": \"[[parameters('trafficAnalyticsInterval')]\",\n \"workspaceId\": \"[[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').properties.customerId, json('null')) ]\",\n \"workspaceRegion\": \"[[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').location, json('null')) ]\",\n \"workspaceResourceId\": \"[[if(not(empty(parameters('logAnalytics'))), parameters('logAnalytics'), json('null'))]\"\n }\n }\n }\n }\n ],\n \"outputs\": {}\n }\n }\n }\n }\n }\n }\n }\n}\n", - "$fxv#95": "{\n \"name\": \"Deploy-PostgreSQL-sslEnforcement\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL \",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect Azure Database for PostgreSQL server\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure Database for PostgreSQL server\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for PostgreSQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for PostgreSQL server to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\n \"notEquals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.DBforPostgreSQL/servers\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n \"equals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\n \"equals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DBforPostgreSQL/servers\",\n \"apiVersion\": \"2017-12-01\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"sslEnforcement\": \"[[if(equals(parameters('minimalTlsVersion'), 'TLSEnforcementDisabled'),'Disabled', 'Enabled')]\",\n \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('minimalTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#95": "{\n \"name\": \"Deploy-PostgreSQL-sslEnforcement\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL \",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.2.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect Azure Database for PostgreSQL server\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure Database for PostgreSQL server\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for PostgreSQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for PostgreSQL server to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\n \"less\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.DBforPostgreSQL/servers\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n \"equals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\n \"equals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DBforPostgreSQL/servers\",\n \"apiVersion\": \"2017-12-01\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"sslEnforcement\": \"[[if(equals(parameters('minimalTlsVersion'), 'TLSEnforcementDisabled'),'Disabled', 'Enabled')]\",\n \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('minimalTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#96": "{\n \"name\": \"Deploy-Sql-AuditingSettings\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy SQL database auditing settings\",\n \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers/databases\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\n \"name\": \"default\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/databases/auditingSettings/state\",\n \"equals\": \"enabled\"\n },\n {\n \"field\": \"Microsoft.Sql/servers/databases/auditingSettings/isAzureMonitorTargetEnabled\",\n \"equals\": \"true\"\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"location\": {\n \"type\": \"String\"\n },\n \"sqlServerName\": {\n \"type\": \"String\"\n },\n \"sqlServerDataBaseName\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"name\": \"[[concat( parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\n \"apiVersion\": \"2017-03-01-preview\",\n \"properties\": {\n \"state\": \"enabled\",\n \"auditActionsAndGroups\": [\n \"BATCH_COMPLETED_GROUP\",\n \"DATABASE_OBJECT_CHANGE_GROUP\",\n \"SCHEMA_OBJECT_CHANGE_GROUP\",\n \"BACKUP_RESTORE_GROUP\",\n \"APPLICATION_ROLE_CHANGE_PASSWORD_GROUP\",\n \"DATABASE_PRINCIPAL_CHANGE_GROUP\",\n \"DATABASE_PRINCIPAL_IMPERSONATION_GROUP\",\n \"DATABASE_ROLE_MEMBER_CHANGE_GROUP\",\n \"USER_CHANGE_PASSWORD_GROUP\",\n \"DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\",\n \"DATABASE_OBJECT_PERMISSION_CHANGE_GROUP\",\n \"DATABASE_PERMISSION_CHANGE_GROUP\",\n \"SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\",\n \"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\",\n \"FAILED_DATABASE_AUTHENTICATION_GROUP\"\n ],\n \"isAzureMonitorTargetEnabled\": true\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"sqlServerName\": {\n \"value\": \"[[first(split(field('fullname'),'/'))]\"\n },\n \"sqlServerDataBaseName\": {\n \"value\": \"[[field('name')]\"\n }\n }\n }\n },\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\n ]\n }\n }\n }\n }\n}\n", - "$fxv#97": "{\n \"name\": \"Deploy-SQL-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"SQL servers deploys a specific min TLS version requirement.\",\n \"description\": \"Deploys a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect SQL servers\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version SQL servers\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for SQL server\",\n \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers\"\n },\n {\n \"field\": \"Microsoft.Sql/servers/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/minimalTlsVersion\",\n \"equals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Sql/servers\",\n \"apiVersion\": \"2019-06-01-preview\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('minimalTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#97": "{\n \"name\": \"Deploy-SQL-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"SQL servers deploys a specific min TLS version requirement.\",\n \"description\": \"Deploys a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.2.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect SQL servers\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version SQL servers\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for SQL server\",\n \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers\"\n },\n {\n \"field\": \"Microsoft.Sql/servers/minimalTlsVersion\",\n \"less\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/minimalTlsVersion\",\n \"equals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Sql/servers\",\n \"apiVersion\": \"2019-06-01-preview\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('minimalTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#98": "{\n \"name\": \"Deploy-Sql-SecurityAlertPolicies\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"emailAddresses\":{\n \"type\":\"Array\",\n \"defaultValue\":[\n \"admin@contoso.com\",\n \"admin@fabrikam.com\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers/databases\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers/databases/securityAlertPolicies\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/databases/securityAlertPolicies/state\",\n \"equals\": \"Enabled\"\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"location\": {\n \"type\": \"String\"\n },\n \"sqlServerName\": {\n \"type\": \"String\"\n },\n \"sqlServerDataBaseName\": {\n \"type\": \"String\"\n },\n \"emailAddresses\": {\n \"type\": \"Array\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"name\": \"[[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\n \"type\": \"Microsoft.Sql/servers/databases/securityAlertPolicies\",\n \"apiVersion\": \"2018-06-01-preview\",\n \"properties\": {\n \"state\": \"Enabled\",\n \"disabledAlerts\": [\n \"\"\n ],\n \"emailAddresses\": \"[[parameters('emailAddresses')]\",\n \"emailAccountAdmins\": true,\n \"storageEndpoint\": null,\n \"storageAccountAccessKey\": \"\",\n \"retentionDays\": 0\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"sqlServerName\": {\n \"value\": \"[[first(split(field('fullname'),'/'))]\"\n },\n \"sqlServerDataBaseName\": {\n \"value\": \"[[field('name')]\"\n },\n \"emailAddresses\":{\n \"value\": \"[[parameters('emailAddresses')]\"\n }\n }\n }\n },\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\n ]\n }\n }\n }\n }\n}\n", "$fxv#99": "{\n \"name\": \"Deploy-Sql-Tde\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"[Deprecated] Deploy SQL Database Transparent Data Encryption\",\n \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment. Please use this policy instead https://www.azadvertizer.net/azpolicyadvertizer/86a912f6-9a06-4e26-b447-11b16ba8659f.html\",\n \"metadata\": {\n \"deprecated\": true,\n \"supersededBy\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\",\n \"version\": \"1.1.1-deprecated\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"excludedDatabases\": {\n \"type\": \"Array\",\n \"metadata\":{\n \"displayName\": \"Excluded Databases\",\n \"description\": \"Array of databases that are excluded from this policy\"\n },\n \"defaultValue\": [\n \"master\",\n \"model\",\n \"tempdb\",\n \"msdb\",\n \"resource\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers/databases\"\n },\n {\n \"field\": \"name\",\n \"notIn\": \"[[parameters('excludedDatabases')]\"\n\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\n \"equals\": \"Enabled\"\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"location\": {\n \"type\": \"String\"\n },\n \"sqlServerName\": {\n \"type\": \"String\"\n },\n \"sqlServerDataBaseName\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"name\": \"[[concat( parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/current')]\",\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\n \"apiVersion\": \"2014-04-01\",\n \"properties\": {\n \"status\": \"Enabled\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"sqlServerName\": {\n \"value\": \"[[first(split(field('fullname'),'/'))]\"\n },\n \"sqlServerDataBaseName\": {\n \"value\": \"[[field('name')]\"\n }\n }\n }\n },\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\n ]\n }\n }\n }\n }\n}", "cloudEnv": "[environment().name]", diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS.json b/src/resources/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS.json index 31383ad3f..2b44e9fef 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS.json @@ -9,7 +9,7 @@ "displayName": "AppService append sites with minimum TLS version to enforce.", "description": "Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.", "metadata": { - "version": "1.1.0", + "version": "1.2.0", "category": "App Service", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -35,6 +35,7 @@ "type": "String", "defaultValue": "1.2", "allowedValues": [ + "1.3", "1.2", "1.0", "1.1" @@ -54,7 +55,7 @@ }, { "field": "Microsoft.Web/sites/config/minTlsVersion", - "notEquals": "[[parameters('minTlsVersion')]" + "less": "[[parameters('minTlsVersion')]" } ] }, diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement.json b/src/resources/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement.json index 9540d3dab..4f8178f51 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement.json @@ -9,7 +9,7 @@ "displayName": "Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.", "description": "Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Cache", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -56,7 +56,7 @@ "anyOf": [ { "field": "Microsoft.Cache/Redis/minimumTlsVersion", - "notequals": "[[parameters('minimumTlsVersion')]" + "less": "[[parameters('minimumTlsVersion')]" } ] } diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-EH-MINTLS.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-EH-MINTLS.json index 7bf5dfbdf..5d5ab9768 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-EH-MINTLS.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-EH-MINTLS.json @@ -9,7 +9,7 @@ "displayName": "Event Hub namespaces should use a valid TLS version", "description": "Event Hub namespaces should use a valid TLS version.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Event Hub", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -52,7 +52,7 @@ "anyOf": [ { "field": "Microsoft.EventHub/namespaces/minimumTlsVersion", - "notEquals": "[[parameters('minTlsVersion')]" + "less": "[[parameters('minTlsVersion')]" }, { "field": "Microsoft.EventHub/namespaces/minimumTlsVersion", diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-MySql-http.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-MySql-http.json index 3c8f30f98..8b93a4ab6 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-MySql-http.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-MySql-http.json @@ -9,7 +9,7 @@ "displayName": "MySQL database servers enforce SSL connections.", "description": "Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -66,7 +66,7 @@ }, { "field": "Microsoft.DBforMySQL/servers/minimalTlsVersion", - "notequals": "[[parameters('minimalTlsVersion')]" + "less": "[[parameters('minimalTlsVersion')]" } ] } diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-Redis-http.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-Redis-http.json index 88f6f22a9..cfdba1b84 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-Redis-http.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-Redis-http.json @@ -9,7 +9,7 @@ "displayName": "Azure Cache for Redis only secure connections should be enabled", "description": "Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Cache", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -41,7 +41,7 @@ "1.0" ], "metadata": { - "displayName": "Select minumum TLS version for Azure Cache for Redis.", + "displayName": "Select minimum TLS version for Azure Cache for Redis.", "description": "Select minimum TLS version for Azure Cache for Redis." } } @@ -61,7 +61,7 @@ }, { "field": "Microsoft.Cache/Redis/minimumTlsVersion", - "notequals": "[[parameters('minimumTlsVersion')]" + "less": "[[parameters('minimumTlsVersion')]" } ] } diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS.json index 4a89ebafb..52597f642 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS.json @@ -9,7 +9,7 @@ "displayName": "Azure SQL Database should have the minimal TLS version set to the highest version", "description": "Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -61,7 +61,7 @@ }, { "field": "Microsoft.Sql/servers/minimalTlsVersion", - "notequals": "[[parameters('minimalTlsVersion')]" + "less": "[[parameters('minimalTlsVersion')]" } ] } diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS.json index fd456950c..b5caac55a 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS.json @@ -7,9 +7,9 @@ "policyType": "Custom", "mode": "Indexed", "displayName": "SQL Managed Instance should have the minimal TLS version set to the highest version", - "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.", + "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -61,7 +61,7 @@ }, { "field": "Microsoft.Sql/managedInstances/minimalTlsVersion", - "notequals": "[[parameters('minimalTlsVersion')]" + "less": "[[parameters('minimalTlsVersion')]" } ] } diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement.json index 12d288e12..7127cd3f5 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement.json @@ -9,7 +9,7 @@ "displayName": "Azure Database for MySQL server deploy a specific min TLS version and enforce SSL.", "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.1.0", + "version": "1.2.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -61,7 +61,7 @@ }, { "field": "Microsoft.DBforMySQL/servers/minimalTlsVersion", - "notequals": "[[parameters('minimalTlsVersion')]" + "less": "[[parameters('minimalTlsVersion')]" } ] } diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement.json index 29bef9f8c..87f3ef5d0 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement.json @@ -9,7 +9,7 @@ "displayName": "Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL ", "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.1.0", + "version": "1.2.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -61,7 +61,7 @@ }, { "field": "Microsoft.DBforPostgreSQL/servers/minimalTlsVersion", - "notEquals": "[[parameters('minimalTlsVersion')]" + "less": "[[parameters('minimalTlsVersion')]" } ] } diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS.json index 23867cc99..5129df565 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS.json @@ -9,7 +9,7 @@ "displayName": "SQL servers deploys a specific min TLS version requirement.", "description": "Deploys a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.1.0", + "version": "1.2.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -54,7 +54,7 @@ }, { "field": "Microsoft.Sql/servers/minimalTlsVersion", - "notequals": "[[parameters('minimalTlsVersion')]" + "less": "[[parameters('minimalTlsVersion')]" } ] }, diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS.json index a7e921a66..ea45bdb6a 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS.json @@ -9,7 +9,7 @@ "displayName": "SQL managed instances deploy a specific min TLS version requirement.", "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.2.0", + "version": "1.3.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -54,7 +54,7 @@ }, { "field": "Microsoft.Sql/managedInstances/minimalTlsVersion", - "notequals": "[[parameters('minimalTlsVersion')]" + "less": "[[parameters('minimalTlsVersion')]" } ] }, diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement.json index 8cc105cab..b966dfd04 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement.json @@ -9,7 +9,7 @@ "displayName": "Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS ", "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.", "metadata": { - "version": "1.2.0", + "version": "1.3.0", "category": "Storage", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -60,7 +60,7 @@ }, { "field": "Microsoft.Storage/storageAccounts/minimumTlsVersion", - "notEquals": "[[parameters('minimumTlsVersion')]" + "less": "[[parameters('minimumTlsVersion')]" } ] } From b311dc3b38e5a65ce6c1597097a666136ccfbfe3 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Tue, 8 Oct 2024 14:22:17 +0400 Subject: [PATCH 10/11] AI Ready - Policies (#1773) Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com> --- .github/workflows/test-portal.yml | 36 +- docs/wiki/ALZ-Policies-Extra.md | 8 +- docs/wiki/Community-Calls.md | 13 +- docs/wiki/Whats-new.md | 8 + .../sept-2024/ALZ-Community-Call-25092024.pdf | Bin 0 -> 4241864 bytes .../sept-2024/youtube-thumbnail.png | Bin 0 -> 200226 bytes eslzArm/eslz-portal.json | 1143 ++++++++++------- eslzArm/eslzArm.json | 64 + eslzArm/eslzArm.test.param.hns.json | 753 +++++++++++ eslzArm/eslzArm.test.param.std.json | 620 +++++++++ eslzArm/eslzArm.test.param.vwan.json | 679 ++++++++++ ...-GuardrailsBotServicePolicyAssignment.json | 83 ++ .../policyDefinitions/initiatives.json | 100 +- .../Enforce-Encryption-CMK.json | 24 +- .../Enforce-Guardrails-BotService.json | 107 ++ .../Enforce-Guardrails-CognitiveServices.json | 76 +- .../Enforce-Guardrails-MachineLearning.json | 166 ++- .../Enforce-Guardrails-OpenAI.json | 93 +- src/templates/initiatives.bicep | 1 + utils/github/alz-repo-standard-labels.csv | 3 + 20 files changed, 3428 insertions(+), 549 deletions(-) create mode 100644 docs/wiki/media/community-calls/sept-2024/ALZ-Community-Call-25092024.pdf create mode 100644 docs/wiki/media/community-calls/sept-2024/youtube-thumbnail.png create mode 100644 eslzArm/eslzArm.test.param.hns.json create mode 100644 eslzArm/eslzArm.test.param.std.json create mode 100644 eslzArm/eslzArm.test.param.vwan.json create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsBotServicePolicyAssignment.json create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-BotService.json diff --git a/.github/workflows/test-portal.yml b/.github/workflows/test-portal.yml index f855e3fea..ae0435797 100644 --- a/.github/workflows/test-portal.yml +++ b/.github/workflows/test-portal.yml @@ -104,12 +104,42 @@ jobs: inlineScript: ./src/scripts/Invoke-ActionRemoveOrphanedRBAC.ps1 azPSVersion: "latest" - - name: Generate eslzArm configuration - id: config + - name: Check test label set + if: | + ${{ contains(github.event.pull_request.labels.*.name, 'Test: Standard') || contains(github.event.pull_request.labels.*.name, 'Test: Hub & Spoke') || contains(github.event.pull_request.labels.*.name, 'Test: VWAN') }} + run: echo "Test label has been set, test can proceed." + + - name: Generate eslzArm configuration (Standard) + if: | + ${{ contains(github.event.pull_request.labels.*.name, 'Test: Standard') }} uses: azure/powershell@v2 with: inlineScript: | - ./src/scripts/Invoke-ActionGenerateEslzArmConfig.ps1 + ./src/scripts/Invoke-ActionGenerateEslzArmConfig.ps1 -TemplateParameterPath "./eslzArm/eslzArm.test.param.std.json" + Get-Content -Path $env:TEMP_DEPLOYMENT_OBJECT_PATH | jq + azPSVersion: "latest" + env: + DEPLOYMENT_LOCATION: ${{ secrets.DEPLOYMENT_LOCATION }} + + - name: Generate eslzArm configuration (Hub & Spoke) + if: | + ${{ contains(github.event.pull_request.labels.*.name, 'Test: Hub & Spoke') }} + uses: azure/powershell@v2 + with: + inlineScript: | + ./src/scripts/Invoke-ActionGenerateEslzArmConfig.ps1 -TemplateParameterPath "./eslzArm/eslzArm.test.param.hns.json" + Get-Content -Path $env:TEMP_DEPLOYMENT_OBJECT_PATH | jq + azPSVersion: "latest" + env: + DEPLOYMENT_LOCATION: ${{ secrets.DEPLOYMENT_LOCATION }} + + - name: Generate eslzArm configuration (VWAN) + if: | + ${{ contains(github.event.pull_request.labels.*.name, 'Test: VWAN') }} + uses: azure/powershell@v2 + with: + inlineScript: | + ./src/scripts/Invoke-ActionGenerateEslzArmConfig.ps1 -TemplateParameterPath "./eslzArm/eslzArm.test.param.vwan.json" Get-Content -Path $env:TEMP_DEPLOYMENT_OBJECT_PATH | jq azPSVersion: "latest" env: diff --git a/docs/wiki/ALZ-Policies-Extra.md b/docs/wiki/ALZ-Policies-Extra.md index 7c3cc818a..d9eef5174 100644 --- a/docs/wiki/ALZ-Policies-Extra.md +++ b/docs/wiki/ALZ-Policies-Extra.md @@ -30,10 +30,12 @@ To support the additional control requirements of these industries, we're provid | Initiative ID | Name | Description | # of Policies | |------------|-------------|-------------|-------------| +| [Enforce-Encryption-CMK](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Encryption-CMK.html) | Deny or Audit resources without Encryption with a customer-managed key (CMK) | This policy initiative is a group of policies that ensures Customer Managed Keys is compliant per regulated Landing Zones. | 30 | | [Enforce-Guardrails-APIM](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-APIM.html) | Enforce recommended guardrails for API Management | This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones. | 11 | | [Enforce-Guardrails-AppServices](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-AppServices.html) | Enforce recommended guardrails for App Service | This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones. | 19 | | [Enforce-Guardrails-Automation](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-Automation.html) | Enforce recommended guardrails for Automation Account | This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones. | 6 | -| [Enforce-Guardrails-CognitiveServices](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-CognitiveServices.html) | Enforce recommended guardrails for Cognitive Services | This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones. | 5 | +| [Enforce-Guardrails-BotService](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-BotService.html) | Enforce recommended guardrails for Bot Service (service renamed to AI Bot Service) | This policy initiative is a group of policies that ensures Bot Service is compliant per regulated Landing Zones. | 4 | +| [Enforce-Guardrails-CognitiveServices](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-CognitiveServices.html) | Enforce recommended guardrails for Cognitive Services (service renamed to AI Services) | This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones. | 9 | | [Enforce-Guardrails-Compute](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-Compute.html) | Enforce recommended guardrails for Compute | This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones. | 2 | | [Enforce-Guardrails-ContainerApps](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-ContainerApps.html) | Enforce recommended guardrails for Container Apps | This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones. | 2 | | [Enforce-Guardrails-ContainerInstance](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-ContainerInstance.html) | Enforce recommended guardrails for Container Instance | This policy initiative is a group of policies that ensures Container Instance is compliant per regulated Landing Zones. | 1 | @@ -45,10 +47,10 @@ To support the additional control requirements of these industries, we're provid | [Enforce-Guardrails-EventHub](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-EventHub.html) | Enforce recommended guardrails for Event Hub | This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones. | 4 | | [Enforce-Guardrails-KeyVault-Sup](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-KeyVault-Sup.html) | Enforce additional recommended guardrails for Key Vault | This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones. This includes additional policies to supplement Enforce-Guardrails-KeyVault, which is assigned by default in ALZ. | 2 | | [Enforce-Guardrails-Kubernetes](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-Kubernetes.html) | Enforce recommended guardrails for Kubernetes | This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones. | 16 | -| [Enforce-Guardrails-MachineLearning](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-MachineLearning.html) | Enforce recommended guardrails for Machine Learning | This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones. | 5 | +| [Enforce-Guardrails-MachineLearning](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-MachineLearning.html) | Enforce recommended guardrails for Machine Learning | This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones. | 14 | | [Enforce-Guardrails-MySQL](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-MySQL.html) | Enforce recommended guardrails for MySQL | This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones. | 2 | | [Enforce-Guardrails-Network](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-Network.html) | Enforce recommended guardrails for Network and Networking services | This policy initiative is a group of policies that ensures Network and Networking services is compliant per regulated Landing Zones. | 22 | -| [Enforce-Guardrails-OpenAI](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-OpenAI.html) | Enforce recommended guardrails for Open AI (Cognitive Service) | This policy initiative is a group of policies that ensures Open AI (Cognitive Services) is compliant per regulated Landing Zones. | 6 | +| [Enforce-Guardrails-OpenAI](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-OpenAI.html) | Enforce recommended guardrails for Azure OpenAI (Cognitive Service) | This policy initiative is a group of policies that ensures Azure OpenAI (Cognitive Services) is compliant per regulated Landing Zones. | 11 | | [Enforce-Guardrails-PostgreSQL](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-PostgreSQL.html) | Enforce recommended guardrails for PostgreSQL | This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones. | 1 | | [Enforce-Guardrails-ServiceBus](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-ServiceBus.html) | Enforce recommended guardrails for Service Bus | This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones. | 4 | | [Enforce-Guardrails-SQL](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-SQL.html) | Enforce recommended guardrails for SQL and SQL Managed Instance | This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones. | 5 | diff --git a/docs/wiki/Community-Calls.md b/docs/wiki/Community-Calls.md index 0c3121d95..8f204b76c 100644 --- a/docs/wiki/Community-Calls.md +++ b/docs/wiki/Community-Calls.md @@ -1,6 +1,7 @@ ## In this Section - [In this Section](#in-this-section) +- [September 2024](#25th-september-2024-25092024) - [June 2024](#12th-june-2024-12062024) - [March 2024](#11th-march-2024-11032024) - [December 2023](#6th-december-2023-06122023) @@ -13,10 +14,20 @@ --- -On this page you will find the meeting recordings and PowerPoint slides from previous Azure Landing Zone External Community Calls. To sign-up to the next Azure Landing Zone External Community Call, head to: [https://aka.ms/alz/communitycallregister](https://aka.ms/alz/communitycallregister) +On this page you will find the meeting recordings and PowerPoint slides from previous Azure Landing Zone External Community Calls. To sign-up to the next Azure Landing Zone External Community Call, head to: [aka.ms/alz/communitycall](https://aka.ms/alz/communitycall) > Short link to this page is [aka.ms/alz/community](https://aka.ms/alz/community) +## 25th September 2024 (25/09/2024) + +### Recording + +[![Screenshot of Azure Landing Zones Community Call from September 2024 recording on YouTube](./media/community-calls/sept-2024/youtube-thumbnail.png)](https://youtu.be/eta4v9ETDl4?si=DJl93_95uEVWK8NC) + +### Slides + +A PDF of the PowerPoint slides are available [here.](./media/community-calls/sept-2024/ALZ-Community-Call-25092024.pdf) + ## 12th June 2024 (12/06/2024) ### Recording diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 0393f1779..a7288688a 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -56,6 +56,11 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Updated the Deny-vNet-Peer-Cross-Sub.json definition policy to include a parameter for allowed virtual networks (vNets) in other subscriptions. For vNets to be permitted to peer, both vNet IDs must be added to the allowed list. - Added new built-in policy assignment and portal option for [Subnets should be private](https://www.azadvertizer.net/azpolicyadvertizer/7bca8353-aa3b-429b-904a-9229c4385837.html) assigned at Platform and Landing Zones management groups. This policy's assignment effect is defaulted to "Audit" in this release, giving the community time to adopt the good practice and address subnet compliance. We will default to the "Deny" effect as part of the next Policy Refresh. - Added option to select Diagnostic Settings category for logging to Log Analytics in the portal experience. You can now select between the recommended "All Logs" which covers almost all Azure resources, or "Audit Only" which is limited to resources that support this category. +- Added additional built-in policies to initiatives for the following Azure AI Services: + - Azure OpenAI + - Cognitive Services/Search -> AI Services + - Machine Learning + - Bot Service (new) -> AI Bot Services - Updated the initiative [Deploy-MDFC-Config_20240319](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) to include an additional parameter that allows you to specify if the Defender for Cloud export to Log Analytics should create a new resource group. This is useful when you want to specify the resource group name or requires tags on resource groups. Will be used by other RIs - Terraform and Bicep (portal accelerator will use default values). ### September 2024 @@ -73,6 +78,9 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - [Guidance](https://azure.github.io/azure-monitor-baseline-alerts/patterns/alz/UpdateToNewReleases/Update_from_release_2024-06-05/) for updating and implementing these changes in existing environments is available on the AMBA website. - Updated the Azure Monitoring Baseline Alerts (AMBA) integration section in the portal accelerator to include new features exposed by the AMBA solution. To read more on the changes https://azure.github.io/azure-monitor-baseline-alerts/patterns/alz/Whats-New/ +#### Other + +- The September community call recording and slides have been uploaded to YouTube and wiki, all available from [aka.ms/alz/community](https://aka.ms/alz/community) ### August 2024 diff --git a/docs/wiki/media/community-calls/sept-2024/ALZ-Community-Call-25092024.pdf b/docs/wiki/media/community-calls/sept-2024/ALZ-Community-Call-25092024.pdf new file mode 100644 index 0000000000000000000000000000000000000000..545d6b2ef9890976a61ab3e16b3dc40c510d148f GIT binary patch literal 4241864 zcmcG#2Ut_v);5YLC?$x}q+>yl7HVh$A|SnY=_NpbB-GGBP(VRNsUl6fbfotp0@9_2 z&;$h}RHfJ41-Q@I=eWP`zyE!nnOTH3rD0aSi`~=>dL|oJk|oMSRicKp@=&yU~M-ScPlp?7bsK< ziF9KT5*0ZmPR zbM;_Q52%ZV3)BYc0!3H>ivW*APgaqX1QA0K)~D>9F!CRKp7IBlLAoQ{SOkT^$}nqJ zBNoAvX)J=LJOI3$-U*$u$O1Wg1`$3Tgq#fupNOx;B7F8tSm^BT_p?(TSVVYF2Sv^( zMNSpMB63D4az-g~Mk#tmDSAdJdbXzM8KvkMOQL7H^YNaM^6{S0^6{P#^YNZh^YNZ7 z%*T7SG9TY>dcNQEd}nO%@tujt$9J|oAK&lw`F_vm|4q;To1XtSJ^$H$LcjMB`n|3Y z-`V~`zt<7^i%#Hl9TS$nTjXS^zbvAvt*Bw9Vqpn&G!qdPfe7=73US-;TZ(WCT3GRO zTk={$xFMF7!U9&70sjdDyD-0vsECNA4YvryhL2m2&%%aVl+VJFo8Ma4 z%9@vt&)QN@7;w7(+tmRdvqM_5Yq-ErFh{5@)cXI!8gd8=OGl_RyAI&Cz;qp$ndz!0`9I#4S+1kB39kwpt?VSN$-t}K6l4nwfWA>5!YPA)K4D2p~g zc(RzZJHVd{yOM>K1B;G}g%#8b7?g2=TDZZG2w4j^D7&l}KQF%^uP8rY3BV~tIeGcm zczM}Qp+y=OF0iORkiv>>r4}vH37n=a{|9>q0ckeoJ(7(LvG%uaRJCKxs6yf$eD``Pp zk?t-)!T^$toTr<-wi}>2;96cA!g7{{^%$sI+C#0}PErz(goIg6W99Uk zPml$8pJcj|CxG*x`9D|@4r~g<(pfm2-3sut0Phpp)29N0EWrEUw-A=!8Sw0>2#dgJ zD4r1u^0EN$e-R7vvjFdZ-wLt_o-PIO`T&VIVe|nX%h~h?{4D%uGam@B@Sk!HPywd4 z(uTSjfq|?J)`5Duoo#df?2pXZAH|cf1xq6kNH-uu@}EUG|EYpZ0Dpp7!z}J2J&gc9 zcv(atyevY3yui2&zyP3XAful$DDQ%FcLEqXHO1)-SQ`xZF2dF6#3WW;U>R+&EEEN^ zf@;a%2lmskuyh4T&d!T7v$?YH{@ubS3;$)|2QWtt@Ho z$ImBvGRxHshz~f3*fX)*z{r79nA~4@SL(;l%}3Cl=MM(%^L|oeP=me8c3x~ry?p%^ zB2{r*5SQ|j$7f@89!tSnDo(eUP-|0q*UxudTLo!;waPk+Jp$gVCoQPc5- zcU@AS|3N;}eCb?kjP?O8ZKB}{gpAZ#eSdYsciUZ3d%*=;655~0Vm@+b=>=IvlV^|g zb(od7(>pj+nzsD&yE)>P;T5bK6iD)Z=R8+&*bsa!8j&7Fmz!$FmA z{?tlBWK5r_7*KiB!>jFk%f6#+*e1g-VoR1sWVWfJy2a^a=}IyRWCECRj!bQDa*tLg zfk4cpZ2P$`@MetPV>0sZ=ms)lx8ggCS?>sS$%s>%M z3JV3NTQa_KPYpfC6&U7@Ri2b@n4I4+82#YiPvyn+i*+3YGHejF)t(|@Leh=8E>y{g zq*|@aEMy6r!!AyStOgCf%O|wf`cb!?pYiG@%uf*`vp$)%I>u3S=h9;0Be?BF@qUbv zyPXQ-jULnM4;iRhN3tra@tz(DWSyg`46VDCPM4Cdkvut2 zXQTe>*an#!cD4V43x-n7gclxMMq~wHZ8g>8n>i4|SNguf8s*54LxjIN`o{jYp0$e{aRif@;qlb)mn241}$KRXpDdCU>Qd(k;D)CenUXV|y)iA1k)UMSE@~a}XD`xNUe^)c%#v z{;F?J^6_8U@HEN(>qG7voxxh|RKM$Xfz-i4590EMTd=Qb7bLiw4_@5IqKR-m^ zKNE9|p>iREFzJNU*U41ys|U(MMG-RscW?E!kt`gCziLezit@a0jn^?wL6H*Iv$wbR zlOmvDMqR97$?Ql{UbM}9UNeHZ#;I$}him!EsCDnCq3laW{`u>+wQOFGsa+YfhYrxG ztrG)Yb9CSJdQ*4kYp5o(zcX|@ScHByemTP zRS&WM?6XwA*WHm5hFy7h3;W86uYE)K^P7!=gWD(kc&-sj_Z0iR623&puppu&X{3ua z!fX7Zx|166sy2u1R;?~(%)S2=hYE4@rFm<(cWvY=J_Yyfbl$e3;9vLH2{W+~CPKN3?ZQLcZ?Yc@=#KY2NW;;u@mUahNfCePH? zqptg02{*UNiaV!l7(IKb<;+h~Lscv8zG zFnl4XQvLgF&Y5GwNl{e}W0$x3k&IC{;NK@yIS2!KW8b{Q94?NPI8bH4*KgPAvI@ix z?+C(jSvlxUxB zU*yqZ^=qmsZ{t15{ZNEHlh2E)&dp1pOS)wI($Z4}!v)4+5^sNS)=9iCe1cx28+j>j5He^v<91HUniidnVjiV=#N+|f>uNWGaZCTz#o7e0N{3bA-+j*xr)QWNN* z=Ij8F4 zU$b)W9!D4@KgYLomZa93Rknf?HwP!q$E(ng2h*3mX(6TGJm`+O9lZ4X*AIl*(U_lc zNn_{HuTX9l^7jN+E)cmh+tG!Q%+AFc8A6t=pBP%-=&+kCk$-w?oHE|5tO4akNm$M0 zXlqeLKah*;sa*elU%a)x(6Os3c06C_T(qF*xlo$EE8t+Sqc2;k(Q7ZCe_d?(PODiw zSM%D?Ml^0He~ZW^Buc1Au85ATz|3j!`Qecjx8QUnLiUiLB%{}@(;yA|qau>uZzA75 z4ff2i<9->DYlKIM#7&gx4?L!voi_ca4{Osi+_jBlulI9sHIPHwEA4US*2#6mvC~~H z4_?;|Xnr*$WF>mO_~{Ayr5_P9Dni>t-8pCJ6@Gp08~f2qWx_gDuXE}jUa4fe&y2l> zt$K)lmm9>>PFy3blIB>*=<6cbwW_x>)PvunMMuK)b3#$Q^s&6xE!Nu6<$Dy>Dwvt( zxLo}(h)IDZ2XDtJ@rUxkT`o(k^MXpqz`NJ4J~oEv;YY=$+(3S@B%_&rH*Nc%bL195 z{MNY*?a)4>z3`%lV%Hv(CwdE4(h+?uG!{vpgb0pv^-Ha;1iA{?$x$T6Iq*`zu$(+0 z;O<*vU##5Y3}02F1Abb^lu%ws+VyDk&hd*1yL>aYPw7M7BRh=hye0ET8`JjbP#mhhJLJXt&OKt1>J-0sOh#S!6!zfm%0zsdCpF zJTFG-6o)5)4E=A-w+S*#V7vA)%})XqxLu#zlzd|$-1N1q@4{lcL)O-^5ig!W(u4lX zjtN#?*_v11x)N%>8-qCoGIbR!3w93YS9L!~H$Jw6&QjG8S}V8ixg7&XT5jbvo}OVUeO)JtnzNI%@1jQW?NgGBnY_shlx;jv18OcpbI>e#d#e zir08UQbx=se^~&(NAfX==7^s|w6E0Ol|6sws!Ed9X#8jTDKmXUbPw~OERsd@Y^G}#!O3U=!=5SF#J+l=@EC1XG$X^zyoVJKNvttrsyzvv2&n_zI-TJfpPGCbBzd(@Ke7p2sQh z-q-RDcMU(^tJtmPIHs25RLWft4a$!1U}w?iUhk6Pp%5NhO|#}MHHAsw5{a3BtWFSN z)2;EQi0ric%vLWulpm<>NW(hV7ZZzP6Gz#p^VtI@$H`UmVp)1ER-ZE zhp+0S!{hsFWR#z?0KPs?ZXKGXO}NGVCeeA(sQ3o=dq6N~@UD2-8&P~7s&to;FIt+t zde68)qT-(=<==kxzq(m?F`s~W-`6Yekbu&E^vlnZr2V(B7!n}gp&~HX`OQjSOkU?r zm;Tx)UlK;M6xjs$`P*%1t;)dj@eNxz+NGwYq>jG?=b7ChtcQ?SEFGl;9Dg5iiD&_N zTF^^Hj%H=(;-nJXWV9ptePTA|c$6Q;CGU21UFFFwqLDxy;mr@O>FsIXO8_ZKy30s;kJY4TZxjk&f12IRwz>0w5At z(Hdy9VQyaB3P1<#Y6Vn;76`YKsje)i@E=$QsSAKiKvN6=5s*^^@9#z63C$@pMnGW) zTx*%I{2Mks9r=sZ|07F(m5nlrvM2kW2*Q8X@}Eiq4C^4}6=hW|oc_f$SXTd}p5z4s z54F8q-JtLj*q7xDP&|b(PGoX{Ik_QSfM))LKQJ&u1agWi{9TUIDSxr5?qUsf0hGi3 zmvR8;NegNV1IlJEc4+_-KEctn-JP5qq3{z#=s%E!({27*>9m+WVgKKJoU)~60f&PB zC))r(gsm%p^MDlrFdSwjjj(luvhaeXPpsnx$SW-R+f;5W-28li@D@%AP?)Wq8;dZ% z2v{0rs}HjVzzZRW5Kv=#p55>Z3G<)stbaxc0hDI&dltVCF94N5;d;Q7Q<}4yom)s) z;B*5PK2e}N2i86*$pKk_vK-2PqQ&2M(ccXIcUbmR_J3+5WTgMIkvK)a{zGH`*h%~y zar-x#c7~DxZN+bs0_e}*S`L05Q4s+EFy{e)oWHdkd^`|gp%Ya3q~j0~6g-8}|M!kV zEi{ExAID%Jn0np63~XGRtf5(fX} z3B1Apisp!P(RKnL-hYE*;QKH)R}H9(3=-~yM4b4O2w3qHBu1XVUo18jj;>I!wyK4z z1Irn%|G#u$fGhH!`u<=2q-Wytq@h#Ng5UH{oL65^sk!)qd3$ri+Q9>I5~8atRgVsC zBQSCu(d=3!dXZ_jx}xtG#tIw0WX+CEQYfE8D=nj6EIH3Tvou1m#k&pkx@4QREiD3QOh{|jL(t4XB2FzPlJ-t6Ki6t>CGAJ5mDnEZBl!+)qkfCAXROA?R_G3# z?tnNYacKFXN;)N_eGAWGMTY*Q?WNkJH~tT@k_-YK?A00B>yyQhy>w{IKMw_qxHm>30_1Na zMhhF(pEBTTAj`dB^0<+8_N3!LQl_DhO4C>8&4xlIDRzDYludHi*Ot$$^mR`4*|i)a z_MjrKNeQqUcPV4-?$e_-)!#=cD3fd2JhtO{7zyDrwG{1B4WMk*I=)OAHES<}KAInJ zZIsz+bSel>@Mo*B?J1+!5qQxm##}Sue5@sCk~JA|Eb5{-XePc_%fDLk24(rscV&Y6 zo+*KJNtUGHG=pq2|#wY`?!ELY8owvvf88NBv>ET~1AbsE69a`Ldbj^ZWs7^bl(Fg8#bz%IZx_tCVcu z(c!@!NAa4UpoRGG1fP7CU#P`d{d4-MmyX znBdJ*uQ4RtR&K5Ff!eUisDdV}r}upStk%jbLLkeb5II>xVpl(3lk|jmb}{wmN7R<9#nEEX zo%09KRcW}$_zkuOi}Nx2;MLfUiBgpV< zBe9QF>xywBj|o$2!Oqk9)I*Fl*mbeev6jmjp;irT?``jxvAMhm z=EgeMO+G94E-DH%>KgT`4M}wp5fIab)RPm-my36(2Tpb^Es=~Qhoo0}NNp!VlHjku zA+P1;uoVcQR(`m`lA=PnRM%Y_*JI$BORn8pmCcLHpMUT{D|UWmXE$zHt#pov&Sznd zW(h>s!ypqC9c!`y%{>(8a)NEAT)TO3smWi1IEJp+JiToKR97!^aYI9sNT8ntN!kae zkNih>O&u>Sl(!`}USHlbzWcOw1D$0iKJ4RQS|7!dod0ktO5CY4iJp0HHhGJVKakO& zE9enMgx{IrTeL0?2&)?0p7%yU!s8$MFiWMUt}9{Hyv#7 zYvZ!|hN`j=3L(i=z^9n_dR+2;X4FIkdo?c6OlOso|d6`3zpF^eFX-n*r%X zd^|_Ln3u>BhjcvcmpRl#QS7`B$FGrv$8*o6zemCEX$giubEU|Azt2H z_=Q>SHA=zgWts^Ppf+Z`Fx3Z3X=3`-Q2C5oa5TX7A6CNqN=Wfi5rKYHWGAc>nm@NR z@znq3V)IX6N7dlX%bMnW(?U9{w=RYG5Mr3CG|(e4aY-8Hjn}J7XD7g<1l!`%uld~J zzVrT~htMsxLfysTzW&(*9H3V-{|DOv()5V8+q&M`fs_Gv~l=( zJ8^00q)k2h;0wj7ytiyPwFzED2c-Xe? z?QHe+kEGy6CypsFt(7LRekp??^uoIw^(9TKmY0uJ#A3_B#dmzAmID{63 z?+G7=O6s%=D z88Xy1DgC`LHOCtXoMGOk^jS@0|G*tybXaaii8B56+)__SEB$TKxh1#yRHZeN<OYINmPKo=?VXd zF$ZJvn0-E(h8q2=nHVR{OdU7-mIhyV{FsSUay!0H*K-TDk+Gi@__a_}U3nAYEhE75 z3Z~dSOk#wkC8XFApP&=DYl?eS> zpES;UT1OG-BmpTtokhS!l2U-8$W9)CE!$Oa;Z2@5feZal!KHYvHwE&D zO8_@0JTl%C=c7SyK*Xn3p5PydX$`W~O07(5q`IvuAJb~Sm13h`1QoxvS{^W3U*kEOoj)V)I2{@JU;C81_9&mog(r;@=uTz^E+!QMUfcn(7^+;+sB=9bY+zp}e?eAm^ z5!8z>N$`XVG}seW{N_QmBmdKTl&REsyEGNus0HQM;)3H^(u)huc zmf?TwqG{wYJYtd>gs+QPNwv*J(W`Bgr8YdA!jh~hA=t2m4kEAZMEpItj0&d|6H=AT zH0*xVSWeQ4-)X62FOB~h-%%8xUh6_0bF)a%Fb^UXpmrN^^wmJIAkkNwn6s>F6<4>p zqG?kLHci^=t!AOH7a_aC#=I&Ta#;@rEE zfP-&(^C_3I0}Te*dq3vwVNoe1`Z zclnc+3wU*z+i~?v;c_gz!k8jkFq@f=S=rWT)r&p0!=45?Y5l$^wp^jWo7z`8)xx0k z+s7KB<=1Jm7?X=#w$!BJi&F?Rkt7FqDZi&eJh$Tt!|qVrL~5#u?_%W8CalFO+xk!s zUX><8)-XH1q$F>;k>2et#@sOByiK&yxjH0vcoDPiezV0yLu?y%^sUVHVo`GwuO^OcF}zNL z?CeGFCrZ+*O4kUPRuex9>4Dc2h061{A3WLuQ$Ac_{65{Y{-=_hS}xsam{>X1wSV&^ zt|$t`9p4XI>Fj@!n!Q-ot(fZV?Wr4qV{eTdsO>6_GEkDrA6r7_CJ`{d)LBF8mmWB= z=W=e>B#|x)FK0N6X=D~L3U&v9*`pgKLz2u*oYW_N34|>41`i`Yd|r|2chxjHALmxj z;62Ptr*t5>piY|kY}|U@A6`|XuU4NEuoq&TFgH?pl%DH$2wF54y3o=wgw~&$TA#n1 zo>>!$p+Ps=qB{zZv^LF1zmEaY6U{CQ9_1Ezxas@-L7QJaQI@x#=BaD`5gK^;VJuaF z?Kfv1P|Ie(9s_YvVWG`slxk8Z$X0%YaT1(KnDpi@jntxnan>Hm--(S*P6|o-q%}~R z*8MTxRI-$n@`UVWY35CnQ;HsGh z10Jv~arvGqv+!My6%u}bC3>FR=$O2H{DaR6(+ZbgIM8@RY=jJAoOB}?d|NflJ+f!H z&4j*RuH)#zVvj!a#Rn(=S+476Q65myXf!xm%uM2R0u+wUzm-^!Qd%_^-O7THn#03m zqqFFY-mLt2x;x1b$p^^>8LsnQx-r0O!Ct%&!m61IiW^dJFM=?MRaJG z7yXE?xdKPiper3(MmLUpSQ!TA$Ekq=4=V{v)LD}?F~1xX*)Y?rUjLRUVSvX}z?}W2 zHc$s`bxty`+PV}j@;$w&+6@u*= zP2%Ox>9L|Rf%V1rEAFO(i@QeJLFGRSp)FjyVQORU!y4w(TXoEs!b(qRx*^-qCjWT7 z(YDeae^i|f{(<{NRf6qr{C*Gr$4aq8RcjI`L+hIgdCamqGkih;Wfp!fZIZOUQyjN{ zrQ6%j$B_W#=Qm7)z6?}}g3sw!P0h>$CN#`b#5r}b7|&4%t!N?0*2wyx6wq0(ItFOm zQh?(1V5fu79e#J5>p;?hy_k77Xy}Dq3*aUZ5aU5`XhR0*{GSHLdnCm3HoEN&QE>U* zMDZ;Fj8m3k?m^j1(2Yg(+e&<&h*aMdlI8Jo3pUf)i_A;(`K#kYG*cT7&6)4MD#EWd zLMce7(l5zbR6kEz4-Fakaz)0l)_-WHC?+fqx^WZe9CwzZUt3|EDhy*&Aa{=!y$!uI zEwK(&TSP5g!Xacv#LKE7__g6HxVqG)Ri1YZO{-+Fj{#`y&zb`d&me&~j5U5Zq(!qs zFziX07tKo=hZdk8CUoYSV;jZ}lkGn!)iMmnv9k&ch``W_C$+86d9D7R%^&QHYhpnl zy~TXG?&1iAu6&5^O)4}A=dHnapxV$O z36K39-l~+MV+qo^l@Q_k8J&koS-!%-;qJ&d%Pk)&y4y$L;OLT`kc4KFnh#MS<0T$) z?nX5?9k$N_65d`DtSd})pIS4#V**yD0dj2hMc}{VdVcTwKu6y3asfyVbJ@U9^J9MJ z1jsVa*0#D`%Rkr&53k9a`VJ2_d)}9<7R@^a0{O{^^&}70r30Q^Z&L9b##ge>Ac^p8 zas85pwKT8vPsHUjxrm+vo*Tif+&hWjlqt%WY&u;Jr#lkXvA7L|^DVcUK* zy-kvL3P(bWglQ37ZuKftg`iqxVfV_J3b%;l@$QR?^K>DS8=+hBYfcLx_G9q^Av-2+ z$hgHpAP0P|HC^9%HW1sM34kGhF5Dvk&Liu=4$~ep%ecgu3)e(%(+`Q~EXJL8u zib7|(;d%wWPo+QG9%nI4v~FylqtNoL%LJ%rZJ9tpK@W7)c@?Wzk${}yYSoyRal4q^ zeU9Rb(u++$nuft~sy#58MnjV2NRB9#bO?j00>Z$|++$SAv_SG)=lJ2#yXek+OZQ~J zqX+lL`G*ZW0A%~tx6kB`Db{DnyI=#r z?z^)>Z!7I{rN1|_Ar-$eeqlRuD)4y0j622j)vMLXD_QtH2vqrA>$Rqmc+N@cZ-8ppE+zqdHnFWk)+%}R2U79 z<&L0b!nxIRnFy+wr$}XU6^9bfPDV(K;-2-%Mcx_i9J@W{C1+&r@nOz3ngE6T@k(U^ z2pObPyDNtGQG_gc70zfy^$#)ezM5SPYb8k#zv>Pe?PO`HvE(YYZOe)h-MTcd5~Z^P z0}_0L-JRk-Ad}XI+-b|t zMYDijGcqTqX|=Fgt41y4m=L4YOLA^YweX0ffz?~%T(!wS%~>hs;29h& zZghL?q|>U~h{EvxDV(HIndLd(R~qc5+9|Zt*EomCJ`?)Vlsk9w2l^Q(*_T^51lGGM znwb|pG*;Bf>l$rnk}L#ecY-$J<{k$6t-nic##H~XW#+6VnYxn6Qa7Pz=F#jm8y%p`N|;dW7m z#xH_xHaNjHJdT?J-KYF`f7xZ6sZsX?IqlR1q%|~>I^Ivw;dvi$PbTz8`Fu2c@t-GZ zK6RVe`CW5q3uXDak1vCMg$+*;ja&xgKzsu922t#J1aagp2Ct|M4Z&!NDyY$b30(ku z$W1}~GunAN3pfFJJi{}aB)yF(NC{?KfRn%0(qFN*3S0~{lY{R3DuG8K+6Fw2LxGbc z@JMSU4J53h(5D6<5%&dbHwm_1y3!~g0NKL>xg+71S)ym?IizKdjGnUv=v6N(A{6ME z$|%uYZ;v$Gdzz_;siO5?2J9J8xdO0P=*w$rcpf5ab!q=lDtyIpQ<8<=z~+)XO3=IY zu)?AN2<@P-PM}LRkAugyDZ;DXp)arK?%Z=dP`?JCaTYM`xFYR2et#``)NO=7^!^+s z+S&seJwY(^B9p9@*dSrSzr`3&n=bR_`5u7`Q2J#OHubO1xng~geU z5Bk$#x7>BTD>oSRNsG?WN@Asy5Mw4O1OHf9H1*`ywCkBOOWI$vzUwO+mRB}Ya|LGh zB}CcY`WFuz9bY#&3fm$Ca(C7pXyBxB2J~BfNK$v=2THWC(r5`Ju`te%c)8dvF|uLu z1Y_$?8KglU6_`%ufjoHj&dn-83re;WhZ#1OVtHs$vs`zv5#UVV-17xfm@wXl|#%#=Zv zRVJZa#mv$Cet~|EHeG;$w@DB`I)QWkkzFF?R$LV(jZ&i9v zzTaFK4$+44<6Z$k)=ZfW$^rOP_?lP-sP>y>KYw8T`+*4lh|IFRo(KgX-hdBpe`;fj zeH1+I+U87|#bTu4Xp?(KLR`owlRk%k6adfbD){GMo0THme>p>E#~%2U#9ysO>jvDR zSZxw&w^hM?4Hen_d4#Rp!uDrSYSUDM-2RSTOFW@eES9k1k)o z3ZnVMdP&cR8E>R4s3dHruc6;8H1Hv!K%{x&Y0YZf1Mc~!t~=%Mk|wv z5UAd<(rt_0X7rQ<`WWBWrwBX$9dfCqIq8+3k;nmG8|Gp8FJ0nh); z?e}i#XpnRFT=)<)Jf*-y@Y7l_3M4n=Cun~3%e4=@9}r{Hr}P5#%6Um*fekk-&U%92 zX~rPU=;(6P=?H0e*7!*Idj&ri=H(_`klyQ_uU^C5tz3AI`Z<$+oIa_T&MW}Rzp{6i z=Pj}^V0pMwOSK?()B7&Z{nX7bpW4>yj7sa&Yem`#)@v{H+r3gyAU9lj@m-TVJUA*x zL!=Hv|7U|?5dJaeMB&f?haX~|$~A?J=XbZ|*^jRtc(Pv| z=8<$xuudqS>1AESWC2h>=g0Jrmrn)ki%5$_4s1 z`Oio9=(D2@J&Xk>y;D}I*b4_j#)Xv+f*{K;!*hJfEUF>bP5g|%Z!_j$YLshTYSiX? zffQ5b7)`X|tTQxRIn%=&OZL(}BD^PpZa&$A3-gl11OLrSk{x5tTP~pU`lhf(oZ^-m z9dvvUK=w8+1><{2PNN@xEeePLKA2nk^MEs-BnfWG$r?%PWwKBc8wv9K&@J%;r~6hk z9jUFyy=+&zW3kdH7t`=7AE}M-GPb{1KGQJC?`=#E7&8pP`_sL3xMT;ae0dW{r4or8 zbVnbVRU3ZR+dbUjf1#4Td|YP1wi>kXpls%~(V=`!n#>83ZB_4dv2|$j>U)wk?HvWL z1b!pQ(sH2g#KauQZn1$X_Yb`kM}f}(N%-9Wu&2FsfVD*}(h#U+gWIE#@t0aH884gu z@Y|kaN!BUwt%o2)s*?4n(e=&ekJG=$n)vI{6Ry90C-5iqQ#>yhuH3m$5xpG|@^NN( zio~1}{2DlFa9B5~kN0}*5f4Nqzbs>$(UY&upLA34^G0;cXUHbI2RPbu))kqyexdnL!)Xz z!NeR{vvM4{dTwP_l|I8Z8%T(svqFI*=;D!U!I0RJIw=stIM~{hcY1yr9%+$3Jd{j; zJ1N;NdqFLGFm|yziIz-)nf*O?CZ)8jGSP*nLGQ`sA}v*-$!}gIS7{=t|M_wErotiU z)-nAK0$lIJ-SUNcitR~WOj2vvbo;Ql&pydYvEzm1K{F0v59G7WBxdY94J*4AV{#&| z^*02?&aY9|miw{3 z0vS7N6EP!?F*B(G{3um%)r_*x$_VA@5)@kESfH}3rR2lj^SRaC zWl@|lCo3EL+`*>moTGET{d#kekN40t?JPvm2p_fePm&r2rD<4XL?@X61SbS2^(n5 z67aVN8?WJ`b^@2qZ_fzuC&xXi_jW{K_rgbpyD%+8=owSWbY@zn7u~r-D2LGT_KdYE z6x#M{oS!T-#E&cPh08pGL0^lf?-uMeTdAP{t%%U8RIA zXuF1hGhqyoFYl~4RZU0@jmt`&M~QllQJXcMJ6F3%h>Cc`_@^+QEue?^+p!Gi#492c z97_1bbCbyAGF+#~i#?cPv1BVwE$@oH#dKo7e`UQha&dV9bk4_HnxEM&lyltr*g>Z0 zc-tf7k>74ULroeZ^*7M6P|jV#w-DiflM!3kh%~${HAsfcdo&48Ls}IifG0LaDL4(! zqmJfB9!-{Ya1x=9*5J?t6#C-w5s)H#$Wf;%j3%nl3SML_Zu@SN7d{u>pmKmmGd6?id11$8*HA z`sJ@2>piTpy~J^#Z@pT9dh_UL8iKzafHyn*>(f7fNA-_i5B~SpcmHp`qbl!W;dS!U zKsV^wkHSyBmHYqdJFEZmj|CyTe31YAvEa%i%uQ#o!bF!M?>;oc9KwK9*9DK3-+`bX2t7PbWE7>c>yXdd8B6@J}W5zI;+9fu6H;mRq>>j(}3~pRJ?h2?6x&)3rYM%rR?d#qbBu z7dyKAA8Zs!Yl)Q(M)0NdFIe$7)$51Qu6(-tL4fMpo~dQewC@gb2U=wcVJ7?aeTQ7V zF|fZ`{@K&hm%i1pxUyJuaFkX}_7rqynJxRS+|!bgXD=R#{ae`Un! zV%GJF6?sSG@Ls&b@E(Ts)3#m`tFVE8eC|d}03*{iaV>Xm4*y!lIMv~?O;Mb^*vlL- z3fd@ItJ(Oymq|JgkXK6w$A$KHDMaRra{K%?Rllh+;66P?`PLrMF!T%jB**Q@f9 zabQHh;FAi3TM_?b%FOL?!j<>U%8(tG0l&^MrNhD&%?o*1Aqn>Pey(m91j@m#_ zQLfr=|9So8X@NOYr|!oiuU>aYR{4bCb(^w2odn_GTrT(JdR~mcp);bFHbW1@Nrh|8 z-DpvL>T}HS;g`oD$iFRjg9LeF1lO#Sl*N8zn=Bi!-6!%^cVTmStqH3AJj7#|_IldD z#qslTzl|*`rs)>Z>mO9x%4BaH*3W0G?U<*wV>twf1rr+@T^Zaqov+GNC|TmLYz-*I z9>#e+wQUFyc_z=&>faf&-5W8P+smYWe9jeWC6%zokBP^{-&~=N83DU3ES&}I)2E+T zu)@UsK2qS(5^VRkhIbu?b8ghCm_rH`Q`%$O+!aQHjQ^UI}lMeH0YEDIB*)C;C6!y7l0&GKi zNj7SB#~M>z&&fEwroTNr^e`|*R6h}!rO6k=At1BOT~CE@t8z?Rcc!sYPHI0idx;9Z zCTc898$3_;qIJfwz5Gi>3T$D*;*KxX?=f_z_fV+r8NPlh;;V6Q9a3VO&=kp2$u_75=;q6P zG-amil?Y#g53{5BVgb#To10#rV9eq-{(8;iebz~uPuz6TOKKq`yns{=V_Ua$r)!&k zE?3qy-5zf_v`k_@|Aa6{OqGugfkMjU`_S;s`yG#^jMI`6;;hrb>$6+B*J```_6~ML z**4?B*I(i;qlTpf4uXV zc=w$Vg^>5~yRYdrX+L%m*AEKceEQ-S_uB+dBJ%Hk5-EM-XL;9B`nu(PkbDBhRYB5n zmeO@iI_7CkLiH6p3gv1`9uM_-H(6VV%_M72?wnoWU_)0{;XN)9s!-oB+b-n969bnR z<>_hKz}-*jPle2ccTBsIB(o1a#cX>0Y^izHB*P5;AJV=uD$ZqDbVvvi5#p?9siLm@&zzPQ8L0hi%seo?*{mKo;ef>jZ?|t3ex1C}SwoQ3f9^c?NEqs7^1g9q2&4=+{ztK#8vMA{>vxyq2 z(!A%6lGEecTYM5|4mIh)9zZO_i2l^$5F5yo{MQLwqgdXiXd0l++0k~dSA-cX%}{exy7m(R_{hIpvbNtzcXK zcgEezl3@(}`?gaDsEU@33+CmkjRx)baxapq-MIjbf`ap$;Kr6rdfO}1C}-`Fw8o{t ze^h{=>;*-P5GwbN5Dkkbz^{@aZzD2)eWKq1CfQs_3o}OyLg|H}g~1vYR^-NGD;;aZ z9^d|KXio+&8@TMR&-anDM5j*Cnj5U$7j0gWvTQ7*(=IM4zg`k78P;mj_T58*X1h7C zsH}(1JAIf_1DhabV=%+z&rm4o{+0m828kX?yM`GN$z4LP;g1!Qv61{Cb-I)_h2All z9+M#G(?QXQjC&f0lToKrNl6J#jiwMzNmwX}SvtV?FGAl%It0GcvYjw`BruK(6^AvZPedXxX=DSoWS_K--X@ z?I&>v!0__LfWl(6e|SoxNu8v-sP5vpvc825CdN7*Ah=AisD_h`6m!)@<`AY7$K~ly zzGO63TwA#rw9s+cH}MegA~!w~&`c*(fL#ff4Ck@1W3=}dpD5bBt<1RjlGwWbk17QR z6+vbH#JuvPB{-BJTYNTE?4-_P93qg&WJavlMC=Qt(%3u>0O!NWYRAxxeE2>i24SVN zB@UptaYUsJOu(MicvPotVt$}y%BeI{s|wEY0k-WEsIe)inXaKl{XUpj*a>pqq3|N84n8;o&7f=Lif@0K4CW|v!b1e8HapjUeqaeZlBkwBc<4J{_Cyza-j@FM1FMBN9rA`*`EWiFCy; z&Ax0p{bj02-alRNhRArPRmg?+C4HHmg=pa48`Jv;!#a@@nGVKEo(-go!M?Jp>^gQ1`6u(!zj(TwImG1rqNJ=jVrP*QWcXWg=P zuAc6yX))Yn(m3l)`J;XeuV6d(pCirZvXkmkF^LmaXS?3*l;|IPgQAJg7`z(Y*CV!=D`dGbw4sUWG2 zOVq}*&S!~^N^+#SO%ZCT4vz6}HZppegkAx+B5-oeEV>ckXKy5X4bPn(tOe*oKA-O9 zfq(VrxNM|%wyun@bt%_JFiO5KG=+I&JUNytuc>HT`sWxrXS0n>yW|)8zF__-9b5zj zPS1km;TjfkMS_ep=Q^EUc`O#M_)7d6Hm)yfT>|>lE(F=Nq*Y-}X&RfxiAi`H zG}oCQU{^%aBg_4FE1L>1kB|$`Z|$;k4A4$_KrY&ce|W%nB{b6i=IdCKy32w?#+Q(V zzm}9O6?~=RLJ%c+T2~FX9hM?9DOMU5byn4MH0jmUOiy?Yw%U2D)*xGP^dS?@08Qgj zx`a1>Ia?hwhJHiELESZnH3b&P4Xt56g>frdwc-W577&atL)|jNRSw0HJDi| z2%rD5log82sPFiXHkF_m-x7po*l4?y!$Y+N$Vc1Ljp|*fP5`ei&i$*(tWwm%Q1OXK z#(G?HPndQb0gd^d1*|Dl`d!^ID4%-7sd(2a$~EfvJ5YegrzY9UMQ{_CY2CLdhwZ;S z#h9Y_l5VeZGuYL8KPdbLV9rv~Cq9kMuQbqW5Ae2m#zuxdlsO+hzavq4)A(ET1{+h> z?L2{ccwJ#2t3X@RH=wyhu%`qk$?;;ycptXi0%b*;{MfE;F_A>}Z;i^4APfa&TB(K^90 ztV82mr79Wj@n9JpOaMO~DjhC8k?jp_nuB}q!%}W=MejQKp$RQh*n2SMf3)RAVf-KA z#}<#Zl&2i@`nbpYKUu6!Rg-bv2`ub*Xr^DVO9554?sIWi)@5EEEA3~_9@KG95< z?#Chg?7aWvp3cGpJo=I?k+Qf|@Nb_*LQvAVR4KE4+_Sv}_v8hi)0y*|5qde%KEpjK z2tnqsG53W8%W;t~lwKbDLslF2emwJu1$hzv2K4 zS$e%~@_$R#nz9Uw%yW?~&Gr(0decRigUL4>F3OFCG(C6j_ph*Sh(E`-&V;=Mo13rq z=4>pmLTD#%KLBbey|`mNZx?pl21O6GsN`=uWrwU<-#;n9i%bbhZklZ|rBGk&6mjS< zxvd7M#^R;fAmg~m=;VThdiy*xJXRSVPqQ*SCO(Nhc^rqJqhv)qk-leoDd?;wmXn<$ zes1v3?)`KbASc7~R+oUEsk5*B(N|xne8RayQ!-*=?sDo0ZIRy{z4l4C;w~P}mDf_i z+4M`vVOOUSfd=-58aQ-nRY+e=ZB}K0U4#>R?X0eWa;)jYIbV*Ij(N^RM!cUruevxg zaR?AVJc;r}(kK|83`zEzjM4kPulhH8I%SV@M-5D4too^y-uiq+#o!V7lI)Wr9hSKS z-=d$xIce*qC__vgZVw)iOYKc|3w*!Qy4()e0NYH_gt)*`j?qenL*=k{HmUPPyNXYk z?Nnz!@G`&Y_B!(=s9@cf;Yu{*t8N+OhbmJV!)CZCITs@c{yr;BCBlL>t5GMe4~Ko>1>93Wq&IXspe2NzHPPFpb5l zsZU7;PMunC%)}(p%HSfWMRDkY^yMsOrEgmOGtNwmtMrJ?tL@NGYF;2>#zA?yjziW8 zs`AhIN5=QdlXKZ#3svDsCX|hA?^-l|N=b6x7}^d4%QteF-Wy#;S2QLjm`zRpc%i>p z0K72RIj8@i5Ye(`>_4 z?SF(`w1=8vdFs+n$=otB3vTF!z|wXr>dg+q9nB*-(??@7{mg+wJ2)7_AHHN=?4dWd zd=kwpjcn#x_*FbU2;X&wrD%THDqB$)K%W5%z`%Xs?)le)0pJ8yaM9eCH_x1nVJXY^ zR{u6wG+9-^wPLST&t>EI^HDBflxo~Rxczzty%*y5BrO?!LW+aY-cfu)Q!@O#`O*{! z_=S1FnuhA&5v`g-?Csn$d*k%y{b?sVt_Odx?Ps>g9; zOg#gWQemA18j)Tq2-KlW6DA#Pk29(tQcr&+H!qU@QKU5?v)o>i#nLGF)jwy;K-rMT z_}G@>o-37cKz&&9^uQF>l&&U0XeZ9n(h*W|dFH%EI0Kjnu)7*;TURsDz{0{p)TihH zqbY+DC9Z3N;$a$z1O7I!s%E;!I=Jn@<inJG(RbU>wxBa~sQ)DBWyhYNVV0 z*B;<(f3KE;?hcvvT@yhCgxAe`Q<6Kj-e`Rt(Bq|@YzrZ}L6N4^4c%(rmu`bv+dhE| zZUYXwZi!OcdAk~n_2z%hBK*IW6XX?O;{eKBbMdipzvlXHwLLhv|EfIALB+`?@S5wP zLe2lZv*BxQ}Nvt%Mao7ah zSz|6rZM|jD{$R&L2TQ~=j*5J20e<7eXfbl`+3ulwaEoQ$6L@)CbSFWueL88yU?^a5 zb9U!zQhjI{r{Jx*2Z8Pc6Rr4C$4f+1HGcfK!dx@Pa`wIABK7$SMW|T4fQxUp9&U5G zF6my`%Ny*16h#iTYVL`rl#wsOdGU@jA|utcULQ)ZD-CM;bydIDe;>UT#VVW@R8tfe z!iQ5GF*X{HC0@y)SoMyIQHpn4Y$4>g#LM1{5)AA=PqCbNP$IKzNN>p%9tHA>v*;#~ zg?>;^Q&H)5z!tZ4@s2kn>L;TlSRgo}3ht$3mE4Ei?9Cz4UWE)MmnZWW*pwpIzsnvi za`nAQb#KMZUlr$=-^}xoi#K@MjC`E1hZTg!|HUCuQQcnd=@sAddych2D6(_qoQS|Dj};B!0ZYeYzsGI;qD=$}LxkCX5)r?ZP33mLe9M6k{hhM) zmM1vKQv#in)9h;zg{BMt6zu(JoDLLiUVQ$$yIoH2sK@&!7d%s`OphJfyMs*6 zCHPNG1nZ|$nJg#_ZC8j;byR1ijVfw_H~AL4R_*?05&YjOEB)URS$ur|Rcu9o_y4=t z%InwvD!251PGi011d1d7cR}6#<7ca}nZD_8jB)jQnP{-rYF&5 z(SmQkcNYcjO_1u!nXtc0VzXhs`Nin8I^DLJ;dS6Kd~tPjzm<1qQXk}W@J3W5?L>Ga zg)0sUr2)t*~M9Nc%*K{>UnVORETK^bn-K0O19vF#MWN>-(CbRIC=ttM; z*DWP=^|b68rQ;Vk;%L;+_BDGX$rrubsiHICc6^cv%s)mY(17{1aQ|TRH+(;jyM}ej zAOG68!M#X&_%8pt46TSTq(dbUXhlchMPlkUqzj2-g7;baAoQZdfvo^`(dsk?mcKSg zFK8Z7((a*N;j9QA<6~qO0zD9|xe|jt9q9jjxae z#)IGKRIYWi&`~7*WSaR2)S%Y^0TjCC7jJZ{=S-$Q%afWkO^PE|b`{NN1ZY=*+@`jg zk&X;}z?gYq7P_X1`#{im<9T=cxQFtqQhK3+-RuZC025=jQQ8_k%F%W>5`9d1V$UaF zu`#(?VV+1d3a}tiMmmTBQE2wQyH{Q9PlOEj82C#3|qWKnY;1Z8Q4E)?Zd|o zUVupA5L~1LFvHFue5V0EV+90GA27t!txZ-aDtaHiEC|hw|?=ht&Bk6*$%Oq^@ii|Kp3SHl1 zg0N#9++9(oAqBPo?SiAtMjoyx{B*k9u@4_&?W_qGh`KsjxH?oE5BsSH^?3ma6Lw@X z6T?}0E|A6yz^fXPXdYW*btpSp4j?I^QPX`~OY38@>F{z)R*MFjBJng--1v0B#`7qW zCVQd;$z%GNU*n0(;LG9oqdf`3#&u_s1es@3;fOy{=;{~H^E?~r0F}}gpmhVE#L*s? zA<^|veG&)vWZ@$*VF3UuI@W~M?zH}LeO5sUwdmC4p;O)<8Nvz@>LC7a#UzGk7#-j( zvpUDv2hkp@4NyhyU=ir!=*h%3_9M}(R>$$*?L`m8nGM1gQfrPzw*)!&_Jtw=qp`V@8}ByKYThXogS>D0o6y3$E3xhQA^Ob>^}BSckcrTTdmZ^0o_zR!lkB5 zJw$%)|H{2h3XPK_<2%x4oRKLs>Y{?;5JpSTJOd-=Mg@+zD!RPhg#}hb!JMKfrs(MFb+EDc~1JlTCgiPh|JJ!_P50Zk(Jt2pXj23qpHdK?ul~TvtEo zL8YdsB9d75+Ckg59Np0c{FNLwCmj@&@}ODtGCcISxo&PAOMmj}aQk@rDwlO2?=n4$dhu=mpz=WHQrq*OBGX99}7s zx`R(M~f&`#-~X)=mzB(Zb%Mk#Rm zGBpW^DK?IS8XC)i_Z(!~F~}osE3>K#jPPe&3t}lS69;SR)^BG5KPDOP?MrzOSw<4j zbc9W&Y`<6%_8C3pZ3x_(tYl#N*8S@V}N zk@8Oy9uQNiJ{lUeN_A$0Ig_yFV}H5cb^qv&93I)l`PA4-Qfi7ueL&s=yJOpU zsX(`YVe=lP^_C+YVHjGXbkMtJ5Q74$t1wrIw5at~%g`(4TNN^oQq8Fub}hU;3=--h zv)ftZyW3xx2^l?A=xVeP+L6*$ z(1Aiq9gbjE39_&6S}mm+)Gl)#I; zWcmee?s?8=G0aD!!0Qg>gnPZ#PyIv)L^TKYC`a3(aAF;2F{6rsnWJ1KN+ZKtnPP|V z@0nahHFpHw?5ns{SpCYLO+)sp_8R8eQz+kY3dB=hMKg|$|HzY=(#$z|P0~h4(dmH6k z*NZ3$V00Lo48|U~um@sTn{&&2JCMZQe$aN)U;eIUV=F8Pm|p$v&K~Z^Dx;!MC?)pQ zQd)x36~e@(xUF_+-?W~Xk&)pnKU%x%b)K;9=c9=jc>D4}EXL@Q7{#k0yY738XBUXt z_}9UHSI6u5z{oF9ayrTf5zCcl12!+#L3l?p2DwMY#pMjZlIxYEn$v+=fo;ZA$jZY+ zs?tIRa+mn`srGG6u_}`Z1s7LI9&H1peS!*WKgH=Ae+VE zBs}mMjnc_KsB2h|4y7Uiv%gZk3J&W8Bd&j_9%?`Ht`~xvc=JQd<&X>a3A8j7V&V3p8bxJ`KnW; z>27XV? zt=YfM-;HCPw)5>Kr>#v_mwms?DgB*k?IVV8LK0c#p#cBM3rm#f}Io6k+{j`GjJ zUCEd^Wur+19DC8PUl>Je%a5&t%h8H9x8?Fjtx0Kf+szNxJLY8ZR;J?$Oh}=hS5^)Q zlF|oe8CAn#>kZpC`R$J_N&xAaJ!53M&?jP_2#0o$hAE5kf4?V3iL^#;6leRau*pbI zA4DHvK7KMUyLYX|aq;~2bv~hFo8!3_eDUM&LMi`u+PmQRc(HuAU+fTMEcTSfVIR8)F0H%BhNuj8*=D4n47yfJfOicG?gjRa3AShKT>8K+2{`uA z(urg#!Vrv;3$NwI!q@yxItMD&5WT=Dkhr^fh7Uvgj5B^Et3bdqx+uw`?KQCV)9K(> zQnt{-&E8^~ugz>G+~?lxtb+SJ3C!}oEh~gkdL8lN#FZ11k_iKEvbVIzfM`km4xHW) z(RS7?bfo+{m;c3e4RA1~7BXd|bbk0u)%xVPxM#0Vz%+cc5-EP**X1{n-@&DcKkzi& z_DM!Z7ooez>E;4LTC*!Gi@O-U-^6hrsHODl_UKQuo6UhLT@K5gr$sFF^$u#eyishm zIs%Hum*lU*@i9_ipbWBgkSJ%jFBqq@ESsEcSZn2+y{X_Ai;(g0X+1ZTtd{At=B{Bb zgEv=ScKn(RMS(%yb`Ur+)6vNRo&~w;h!3hEmw}6%oC5ogc7&fIxgB|CBq^Wufi_)u zyjEoX8-E+$kEP3fDjCg4Qc}-wH^&+^{j}80V4&T0pS{6S!iwh5ieWMUDkFnp&nMh8 zroUuV-DaVs{<1?dqmkOuQHPG2v9}>tvF^5Fgyf}wnS|$P{%BZih+a>@j~}{TShU@7 zc0Ad%NG%^(w~((AYpr%uQh9CIua!k_Ty8(_T+Vx+49yA=b5gv6F;%QjXk^q;^FQmu zP z=%TRSdSSSi9zg`zw#EW}WVgMH??uT%tMsx|i>L+o`7hG_ux%v<`)tf`pmo5j)=U#KZOJzHGY-l}!Ab#bFY z$PLRVAwPZ+h3t)|x|bF}paaj>Qp(1*)8F(N)j$0J?CFpyJl{l)a!&gl|I+(1cGQm3DuV3ozmrZSYp=jh5_!&28yN}@6OWgG;X-dWEaEY@5 z_`ZNoRxE(xawPSFbQOt8G&XXRC2srp4>do&nvkY#D;xVZ0S_MB(eJc)StK5mXVwyL zzaZAeWW5!~QSQhG88(VlWLsst&)rC$e?mXGXob+jn2e%{a-WO#J&C_eTGDb$>wC}R zS>4<`VNIuC8@5*7yg#;Z0-n*5iBuK?u>%#$v0_FX)S9EH5LL91`Lm z!ai4CBi0ArP}|ZnsiwY7n{X_Bb&THV=r@l;)$(&XM zPEA!4iKMQQff@0q%fPqN6hRshPv@NB)mb(_J5x22)FTtU^Zxu!oOkZ|GuuqXNqSSF zV!E9r4-XZNexxaQO!bWOtuHm+v$q#dwYUee)w^~8Vt zg;0IVT4`}t9jZvy8Ky*xZF%Pz2z54&n-hS$=i(>*!@Nx8B8OLM>@v6gIG#`e&KY*stjlrphmu1+YRa2&KLA&+)wFz z)pO?8e$%3ucWF2t(Yu=e#J&5|_15qDb_B-$l%aCkgz6}tWF3GffxuW4fY3)-&*{Z; zRF5l#z4I6w$6vJ)cZ7~7q78!f`vve?2tmb)8qZgbPtTQN%f}pK@u==2_#FtfO6tGN+IS6GRuKsaP zU;XP?{e4p2I+(9(%6ZnhSWBstz$^~gFWi~LAZaVB>DPztu!<*EO`BgtGwJy}oS1)< zLE{>AR&99tN28W#C`xp2Df04uZrw~&ubr~yWKWWb&N=%LLKgD7SFPi7$bU)-YpP*E z#>Q5Az_g4~#CgUV7t0}vpXTL`oBu)&2Li+I%BfXn^}M|8R#~l3=YpSK+*kB8L_F1T zy4_uAp4+?|rrCR}%DA9K%lUBbu8^3J{smOq)Yd(!6WE!tj*<>8PhYJ9+&6 z(Lz}waP@{G=G$&oX}jQB0c*Tu1uv$s!+N&Z}t8xg6Aih}5) z<$3$48eDb|lSr2rjDAJFFJ#1Z^?g$}T~DXn(si!WwREG}$FGM)i|tc`Z(qq|Y2=WN zUo8_fnc|IG&3;F`L(SP6teB{Hbd-OdowBh<@|}68zu*i02OivKeIfE|or;5b#pX&k zvUf%TbVm21Hvm@RD_)}tjyzWGr|RQs74>90T8r+amnzYnrBY>GcmNpJTIbMf>5Z`; zY6wP5NbqVDZxX?;P^z7JNhfIi?bmvmZ{`@V{ z`ATumBB`&yavvT8$+=H3H#rIjhclv5F)vUU)3BK47VigS&Q_AFB{qmgv-T~WNGV#u zE=Gd6j>^_k@W$9`At%l>lypH+6N18=_EY}XeL!r&EJ}6c>(I66D~3h7Y?m9Rgiy=% zl(|t+M0NhTR&g@}i6eU0D9hn)e@?5END)y?jmQQ9z^yhBj z?A1*=>hTk~A@;3x@SDwvim;7RzfaRO7ZJTZNAAL^cX+h$o+r^@{eGPdrZSG}SrNWH z%E67RZxbBMCh$zR{6g9?0fAy)Gw$5&d$vqFN?CY&blhaY{jYqxyAGGLE+m<+N7F?? zqf-Pn0HZ?osXmdVSJvYza``R3cRC=2Pf62G%}<5268pqMlH%@kka5{Q3cId0dNJA zN`FRQts20zF%sI(zYAOeY(_iw6@sTqJm$xB56Wcwkx2z^%_axR*$Dy#9)8QISC* zq6;aZ$j>;}rLxu{{M=?AezdzhdplBgZsO3pLD)TU;qe_=VU3;V;pkY4{n~Intq@2! zd;LDYOu%=t-8J{VEdPt!a3{TE7Gqymkk4h_)lC~~0ifpQYdr3Jg>_6gc*(jX?$>5K z6%ZGXRO>FiDC%>r+1F~739PyU=^>hD1}clN0Nmd73_4lBRiMP+_`WO@2u~WG;IXwH z7ct9C(fAVzYX?G~n979*n_^aL*~%-xO73OLvRFneD{4aDZi)n_j2JqFdH6%ZZY9U7 z6%iJX6tc;6D5gS9+21(J`Y@u((I)w-GSy);nFV40j$%XodCV&DLn$e_n3*wRd=tX%54r8Q;l4D zsp+3aVuWC z#96Wz(gpN$%c4%MPa-o{^*Y?>199U0rnC;)lk%1BQ8GJXB+8RIa)G;go+4MEvnbKG zHO|km^W!}K>{ton6=?FXj(nYgviyqEX(;l2cLb*D z_bE=DGqZPQ%VPta0d2qkz=V5G^b+cNH8~6;Z}{Q zdc^S??LOvs$wu4yv5ai;9@E%7Obrp7cD_BhQk$v1C>n4o8+`b>Oz5m#uY-`f0a#Qq z7qD2?qRk37E#^Az-%yNz0qg*W#t7VnvT28KGxC3$-2dUXp2&`*;$|tJG><22y*2f2bdXtV28D@iHmp?yqGH^lYYqXig(8^&%fPLI=D82(%xeO z3Sc>mn71CWXwc9&VSj(A3=iU4HmmmkSeru!Y-vmJO(l08aNfN26k_$H&;t0_(>?*_ z%A}E6|3FVY5hE9C2At zR)Y3=<#&uoGj6UbN)8PC83-+oPDY43Fl%W?0J1H>I7i|CdD)ZqUZL{I`HeTo{vQdi?KfvVKD2;`n>k&Jd3<3$`IN63mIm4 z5Yn`NSuS~*pN;+N|OP1oxbvh&H1L>uL!g3NaN!Y!j8!1e3Q0AHs6{^#_w4iqwn z)#ce#%0i=SoSgOFkWJt1_S~Chwa6vX8&s1MCbG{x^HKMCs3 zVoP?iDVyXceIi!3If!@ZyGJvM<{Qy$LzL(#$E}`|efNpqBdm1=TPQ3dpH+MskmWv{ zeAortc7!h|-V6vKB;w)Ine8Y?P5{+xr0m=I+Br0xxlAqIFH#5K%G_0Q0l3XGPC+*o z_$Elj{d4hoY!UTgjF#i29w)k^kwre1?|rn8YVXw;lLGe{F;TG6C!h;Eq{&!eNOy_9aPA-DJtF zeUF1fh6^@*_nssya`uVQPI?8EFlFP0#zvwo1|X*@X{lbreeRzA7T*!cdld*L#Y#?CpM?Mvev#%; zWi+zyOenWF&wdCQHBfS}4g5ts&^1O=W)8Tgc_Jb?gwzr`B5G=gN>HszWHo0)j!|3p zHKWv84iIiq9oyyd#EDj6f7l~gq(ypW3NhI&Nwk>w#AgpyJ?>Fk4hgjZ5JQk+7YFCo znnnY5O_X^_s2E4Jw)o)b$teyKGi!bgpxb(oABpjZ>k?2l7Pg5#{+9cLND;VUj-Vm? zTL<+YVLxwtTO2-mD5pb(r%tO5NYR&6$qwm=HtR&m%7D`Mk?$#(CFQXUj7@P4(Kix* znd8_}y;7%*|Eh|NZ)&Gwo4@y1CyRu-35d>-WRPhrS|NF*q;@X)sv^dbK7J>mHrzRs zm;g5_BI7eY>6S>Y$1(+52U$(Fc$5Jly}VF1S#skA;`gud)GoDbClUI<52MYZN#Z>1 zcK)L=A&L(IiOq~DuIkIiv&s5t&ths;1dKaj@hkWawkTY*^tg$GF!+7%SA9ei^_=WCcKE(&N)!cN#-L z5ypMeAl-hw%a~sjNJK9v&xRf^RUH%fsxR7td{^<2#Z-zuR!M{MRU$!5FI|><09DpN z?7vtj1;UqwF*5^(`#+mN()T}`aMEWTUTMLgExC**@}~_1{ucn8v+S}g(d18*Xry8s zkU`%R)STQF1X^lcvoWs0B?~!>`yN z5H^^u0>f%1zdapb332qS8g~l~PP^7~vZD zBq{4Rk^m{DI;?@Ow?A+FB<=%8{RFP{)+)vk=pc#QM?)m$`;U8L)0~WxZ%gu0YRSnG z633i8732mk>%xw|DX+)0>+*{6zT=hRmE~1HxFJ1Kx4akOxT`9muiPBZ=wc za@A5cxnIt|_*GysBO&tLTj8p5f{uzuHDH(M6b+PsR)G29DG$2L(BK5y#Nta3Q+|1k zXoFww=4mosPDpixH}!E{ZxXFh%=HLzqx9F`wUvc9pzyx+w!NjTWhbp#3@~X7yIdQa zAnyAwDe|N|pMC?AT;>AonT6=Hcg}OBy-&^@*(w~5x=CG-@0ckSM31l!J}&2B@?bB zUcgmv*8qJH=c%Rwa)rx#bRExCgYqSP;y^)b-QNj|V|W0T4a?B^TO*78%6{`0*rlEd z#rKi6;kQi3Dr_`aN1>WfTvIJ zIEPD|)G$RivYujmkphINTWdk(Tgr1J67f4kG#7I{r;QUtHsNs_dv2C8jhj*N6VS;Z zGo8CjY~|m*wTIr%MZl^WIqmcyGL@;BOjBbKblyRuz`0!fp=DNTP;CDm5`{qyi*dsn6aJ%gD)%k{NzS`QSQmj+xenYVUZS^0Ig%dr8_S=aC>yAJsRdSO$ypJQW_)4~zuRWk4lN zZ~V-2^NJP*u4JJreaG|YOVavMw$(N`vY#Plx9d0Ubg(sY(9rMKQ$g|gGw4>*m6Ga_ z^`~%qbpOFRaxz#O9qzG%_8FRHv?`s-;xkanj{Vw@!&8?VvO7N#INj6F0RAnkWw-9+dk z!$TAHPDnf-NZJ*!97s~CM#?Z}ky8r+;L_(8*;qwVxzOKH(KrA+Iiu%jC=gfow3O}z ztk+@qtJbY|#W>8bYH5i8n|HhN+e@raD!1h@gC|*%=aKNrq?ZW*zWY1s12!;Ra`Q-j zcB*7doQEbs!qxpO5YsoC1j*1+h`-n;kA`li*RH~M>n9Mn@9+VR(O8=lPBz}m6%0%4 zGQ=90-wx1gM>cq~giPYjG(zoUkKm!yEkO2Ef8)2hkN7hnsVGAX6rXJr?7oYo{Xbj10dc^-R&9?g;G#U z?QOL6XjKVd$)$A+(;_LTv*V5Q1ePH`KyKsr@|wj0YN@ODk>Ks#fG!iB_=m3@sWaE( z0RM=Cnr@k%!_b&MjAjJDAXw|?5NC>Zx*ykUnShAePcHvHJ{T`TkP1*s`_h3ot1V`JG~f5wp6aqIepM{ zDqu4vM${|6#nTky%r{&gWo3+;%+t~Y;ST{q08`efB!Qu^mF(==i#om_w&qYMCBZk(-|0NsY*r*yiEHvz91RBE0>Wy^cGf)Be~Q}QbmaaR_BGFZ zf?JHEg2k@c#VAAGA39a|6B96DRgNb7z~pD2SJ5)DTg3o5Wv zTNUvSE-o-#+eNw+>5K&d78Yf4WSPS~Au8W^x9nfEbS-5^bDjP?i`w+NO0m!9_06fT zK`hV`5*I5Dnz`@(xVFNx&P7wiC=sFg6n_5fa38{PveK+|;O#jvUw$UNNCEftQMggV z6&-i|y;P1-qG)iyDYqwnSN28vfqRlwS!TPl&@P`OwH8Hu$kjbmLi?UmUp2^F%BN%r z!&AjF%zVXW&wlWNaXUokHsBkN9%S2|Xuij^_A@T)^yQ5gD(vEiz(aQ)u%XxY5v8(E zzVWbp3i>)4{z%q?>!{|Zx1Z|A?h3`igYMqhLCMJM%37S4@7SMG%M#euBAwjH(tqS| z{cO%=jUSvB`5wtLW)WC&&Lfox1?clwPO$!&(p0Dt|CfWxHySQHoaLm&yGyCE*z*z! zOl?gRK~7L4RucjM6L`iX^|>?n@+KcB#})wU%mcItd=6!bumW#>v_I!HM@px(54)&!zj1N#CK}+;JAfB{8lOzC21IaP|F; zIFb=wzRiwDuESeYo<4v~UMjIBX&;S0y19_up3Z)25FfJA(Y>WxN*;1|pZsF6Xg$_k z=mKMRk#T)Y=ykt$Ei$zFUyxQ0klb@kMjsF&%ti?QHQ=m<4 zfJXDSmH~k-+wrl)*V%D8?0|9iVuWC^C@)i>N;Z;P_Mmqw*x`PUER+t*_8B$MhkY`E ztGu&k^@O)5hC#sDTD(=_qunm_0{iBqdQp^eP)%OAtfAn=bgq>7z_43+;S^(S>~cUP zb?)>*#r>g5#ZFwqnifeB=Rbpj2y&Q8J^j3w+EqzB6c_zOT9;5Mi$pyp?DlNP5D9j= z_R6m+Wh1>gYl(gtkFN`P+)l+I&Nq|Rk`#}1ju{II?rW~&r1zwv^b?F6bIS*t-jsFF z@r*^c_EZ!l(Z{RCOG##k_}QEx+9ofIEW2FOGGa!5A*?(plODjPJ2P!{m6dIv3_Qm= zlWnestqfVE-D8$7ZItHSFD=rJwx}Kt?I@fvVo`d|%to8`+bX{ju98QL$AUVwtQ=D6 zxL;N;pAJc5`P}AFR@XPAUv(7_+#lvlBFG?gQZ_1Xf?ixGC&lPUnf@^lmFad=!K5AWwC}A>}IuHy5!tK z=dug3ftBQ`$ju5@rpV}JS6LDHG;?2nkIL}lbB9U9ENdi*ULEC|&$7NS^pgrhkw1M1 z{ky&{JS9FkR!w+qumd%5ft%^6AZ<2{dK33I&#=?2EJ)4lfvEkZ`iM-zl*D-U{n~Qa zU8;)jC~gun7ftSHf7x|r3i!A?bQS&rO~YB6L~(t`PbkK_#C0_wGF|#%_K>1Hf>$oH zosH4@T?*0eO)n$!b?cH4Bd@~htl2MrN?+Vp1^zvCU+_`tu}yNLLJAJ`c(0#%c5jsv z-^2jcOGiBtMKgd-gy8+CttL*we3%h6K;!-ALle~^f3B(%4AS!)O*JcZx`k0&yLO>e zo`>GwVd+Z!nSp=64+AP9vNdh2)Yp_s&YK+~%y)>1)A_vnM-YH?go+NPC^D{({Ir9n zOsAO5{gj7mppqZG2i6=4BQ?Ts;nrJ(c>Aqq0o0F>Qbr9_d|qLA7(Ovxf#?hC;b3ER z6_L-Oc^hf|ifgwtzfjcUvMXhJ8~QcP`awM`hb0~MGa=o}=M)LQBp;gG*T>p?*i^YT zeLU2vjg?0h*3p1a14p_-WuX74t&GoO9M>S z;(rWL=ijZ0x!q*svG{yJd?xppZ>{cqO_EGH#5}dYriu*@km-tZigt$fHJO5KY*f*F z3Wj|8cZN^uhNlp&*`2)-ggP3# zj)ngpt$8DzVD91~6o`k8N;=!%1%xD(veAhBXn|1!0?mkjA7 z*?S$>I$ErOGbN$FqC`kRc2*Wshfi;4eRd*w=OD$4vUq|0@`=e<+?$c_O#Bm)<^Cl| z*kbGGf3HD*IV6b}`b)&z*jRcqXZ)4XA1<=lBWUe+0*C6hJ@0->mxf%CTYXICN|5YF zC{TV=JyD=;yB5onZkfR8=_zIv^iGMeCn2@rh|B9(;I2xB&TO+^4dVQsaNr4V;KZv` z&GB_8o!@!GPmu!2`j6<)W%Ddmel*-k8t4^0$jcPyKJP5iS5Tt*i>3rNz4mR~Lt*~i zSYQVKKS~`kebgQXKX8hnyPZ9$^Gw7FN2*-+G{mHuYUpW}!DYHMR+=MnMr>epudWj)%~4sn))hV{oL1!y3IeWAC=a; z@oTY8RI&5E@#T?tdtA2L-!*1>teLY;mS?^(uzJk49}HXnM_8e^rBp8Y$MH48|yrznvE&0NU;GPAL~YtD)< z?$+`DXrIlFEKuq&iJX4-T;^4@^Pi^ST!O^OfEB6nXPt9nTL|@HjCc>DLQIFbh%fst-^YnFcuFn2y90a$aY3bE=)Q$YX@$gpo0b$^!8=F0!N6D+8DSB9F$|tBaIuUjv4Su;QwBaTN(n^`WS`S<@ zyzNwZZa?OQ)EJ|Fyk&wxOnAftZ5z(`{l%48ib**R()T;`y@!{yy>z*D2uvir9624! zm{5<{VA*R57V#W)dbg4-8LL%Zu#dJEJ=DHPsISWK1NeeuM1Oj6Ov6H8F=We9SG>W;_Du8^B!C{4DXwP7DgTSlS0JGKXe&zq(`v6 zI>zB~uNH%Ws3Wcn8~UdUkP7$EiM%t4O2M*^VEDY7@y>wucln(A1rVkoM`2Tc`q!B3 z*w5vO__9b5(DOq}vAGSN$3y{&koQ5Mlz&pe?pS|(+1UY42kfH%vgOUZ40Rqh?M49O7;$T0wh&Z*{BJxg0*ykIC(^G%P;8`g%Y!4VWs?=(t$MrC= zrpJ@HfkF?vy0+_iuza8Dga!dam=A#$dSZVyNkH(obA{ShhcEWxY!^lIZYLkEdqpMx zU_)rQ;F8Bdor~_cYq^hoiOM&=n)0MpYh!erD_2roW2-Or3GQs1fkLZ4ZnBnEuKXYp z3hD*pR5v3X_m>;MjG*W$AIIUQGFrnN{mOj&I(&{+dU=zA6iyeJn+nJ*xZ`P1f*A_pz4?Xu2W6J47 zRQ7oIxcG3I+JO;~%YOY$h)*$+h<4Dsja0?n z?_^&M5r~3!&x#kqvx&vUQvL~y+`K_H{~@Ff_vWs>-ukB5&RbFvApF9t+K6Grgf#8Z zo79${<_#Z^$GSzQ-}2>azSH=&bEz?Hiula8F@Cy_lPC%3Hy~QRiUml!c9SFUU;5UVLo7>l$6{d;<3TKJR zYx5cqzm<`%w31(r2rq8<+GGHJ(t)@^;iuFRi;E8I*M!C%g82{)3ZSCxZ)fH$8%7*P zjpqoe!u{nP^b&*^N%|r}>w5UPf~qF`wOl)XbbciInDJYf%KI%fq+Xlwqlk9oMGt1{ zg#QdL!La&TlIa}5Sd_r$O>}t+nfpX#im&)m!1V3-g-S^!`0n0rIrgv{VLPFpB95nx zl}`Nk`ffCO-*hq$Mv4p9A^>EY^R?Uh!#BX~9pJ@RA9os3MS-Sg--|J(zi72o1$>u{ zF}LwSXFYsYOnz+=qeA#nr}rBX#P8RH(M!a!=9!zjv}GS)2)fAop7=!M=J3rP%&I6* zXvDZJn*pVK>(7WsTY({20DSb8MVqC$9pK_@JxoJVnB?C645ea0)qRQVe%{k<9i|eP zs%ibA)Zc_uMIm=}a<3<1DwP>`K5#KDX?H8U%O+LM1f}fI=ZT&$#dw&(g2J>DNTlXF zSm|v2bRIC-pJqvVLXf|LM1$Hea^Mi$yIxES0w@rcVJzDfReiLnYmzdX2x-hR5NJ+k zLH_LGF5GT{eFlwqn~`}ycrRfx1%Z~r%u5NYq6&j9*LPohLj-|J!c6dms-g(tF4n`~ zZ9&4ul$O2QiR0{}9iH)qAiA0bHsd}efG7e5&P)q1i7qlcuFcTN@OBJgK&&i)JPH|W5O~vf z_b$g`hcDPc!Y>~;CdHAv9d2d!zP6Ga;XqPfyQ!H z;*}K(;su(N8yz|otYAUHH2fLYma(=TW0Q)1-X=<3^oNkyWEKI`vsuZ2#^q}t4@_dF z@M%Gy`zd`wr?_~(OQFpZY+_(#;u8rtROPI?HLOJTe%ke3$Bz_fcfT$p@$RL08 zSsDkP%E#h286?m$0IdEXfivP{N#c{|b5l;zNoI7=MMk?B^|=oP74eMOe*TUf7?8%PR9Nju&_nALWTM$WCJC zb&w0tS*Y@b&_k|Kvl-n2%VwY7D)dbBlja@HD831Yq9nGB1-g&IX@G!6tW>oG+Ba)#_A2NiQIn<8j>6*9n2ZOAPjz?0F3$>|9db6N>9wz9 z-(}p?J*TcRo5Z}iq`o+u&(p7k`fbS7>eW853@niC8lO{mGAQ!$f+PIKf4g0uTS2T* zzmTh;7{bPTuJ8dfHc{03dWS2D^{Y3`DwAb)n%zWw*aX-oi*R+N`UT<&jlnon* z8oo>>!Mc4L+&46AIbi-tB;A z4)(Rp;%s+~pRuXSSxc}5y08MoEV~UkvQq68H>PaZT^_`2Rmv706;BP1fv1BvMX$=3 z+QDipN2u-LL6tVOFLuc>be33#km=>rh4OQueWvzqxC@nUN(l3Ox9=i*?}FX?1gb)y zI#R}(!$?Iomq#)uI59po;quZpKw33=5XMAQISBk+})T2@%?h= zL&`Ol!r0ok(CIQJQ+Te!rb};x9e$;)j*6RP!HcNt&|vt$>3z<@i@G8Mbs-1L=t?F? zW*c{9N5n_bOV`Y#D&6+YG@%xY-MOWrAr4c3Jv4qu?zKgz!@0?<-Ss(pLw=5YyBulL zNt)smzBBKW3AwLL2gW)yI~?3M(B)b+-xOf`=;&)TShrtm1PC=K70;F?Kw_eNeItQ@ z<%&tCS#3Z0xEZtIfs2wGlro8|FB>b(z=bcH-u(J|n8|k9LXNOh`=;V&8Pg8Vm`_Ha zS=r2wM%RZSJR6N1H9l;BlTBc?k@Z8V^8sPMhB!RHT`9 zxn8jP(dK+^j(#K7xhFcO4rJ}?m?By+(|#BWBZJzYdPUWk@ey5}HO&wn>UDL-&2m^= zqRzD9+x!g(Rj0batg^AL_6J^vYByZ%det67jvZhDX;dbdp2urFJ2&^7=t5PcPP0rO zyB@7#A-uXE(APG!QgJ1hQIy0hng5HClpO&fp-NSiW8U!}zNs7hi)TNBZx0HsDB+V&47n5<1vb@xDxQ$-=R^FbbULqJ)AZ@NLNa)UH;8aeu`Ip zYP^($Lq~FoUhDiYz$}&l@)3J)<5fQo3Adwgdtq)a0@;s=+B?L zH>4R6_BdU8A)GViCA{k!q z*E6tANnjX9^|MFGq5P;(JGg0R`!H&gI|C>U`I)*+q`;@CQOV7iear8U21@@*n_%fP zRrMd~ylZGH)@b5Z!l%G^E7d4;)M2ix{mI$#N&103hV`t#W(TK~sNFYMu2j1|6m6rQ5l2~gqRWjzV-fZVJm1vWroFlb)LoUPNm8S>G& zoGfK9MTzkmMnQDNr2L==kgJan$grx$>-|0+P^6!)rt{wS5ZVR(LhX8i&(zZG$jAVX1bb=#^JTaUGgd+BM=e{N zn$azY;W8z>KtRpDX+e{Sfl#dUDi_)(i0J`X@HHY{Ln``oUfH?r!4Hv zOuIPG@8LZfE7e2LiJ77|K053&ibaQDKP#4lo*sWxvyG9;p_WXft2(WA{Z-O1g-*iM zfpK(kWL)6fBN`r&NDcr@V$c&9GPjbf$9S?+%I$St?1dXe$}p49f}-z{tbQ~yKasCb zvRvB->xx-3(YhJ1TbdUhj?`PAWa0J{E#Kb zR|Tp=LW6{bu_6^PO0h@|+7$0jcSpx>Xb=vff&}i}Sh zOg@JMkPJ*bou(-p3tHO=gzqS(szS@N(Llh@?n#AB%T?3yNrruK>ubxo2ZMWip4?aO z&bTo_n$wdi4n(seSV7Ian0c{sZtM3^-AO^hs7D^;|~1}XAYo6^b#Am+;5}OR;M23u&<#fz0l@McvooWaWf0wsFPKl=Et`m z?aJJg0;g>W8hdo__@O4o0Y!ImpDOwu|ER8Jfp~2%u7;32KoT%{i0?{u1UP8CF6X1O`Eb3otU44y! zL|7FCD;65cryI>1%m?ck7WQ}G<2rB;IHza55-yt9wabxGl8CkI)c}ri3ik+43JYiQ zf?BJRE42N7%-q#!Vo$ubYP7!j*;m+%80Wa?1-Nd~X2{*6NB5-0eUPbFTg2nax|?Ii zhZ058iNzvHZm^y90?3vm0TZ%OqoQ%ef-ij8xGrqamw^%~+Gx4Fo>UBtz4`mXWu<-Z zg_IVAGACzDj0Cj4ar;MSwsbAEtls9pq!{`5rmTShTv?i(VvDIRgaCTeXy;*2&oqlh z%$==Y%_|zoK|yNVs0j_=TjF7guw65IO^8vBd~=;gnk)%a-kWggwN)&PAe2>$ks%uV z{D81cHK z+*a!8GSNlby@SuM*5%mACC%I_d$<{+^{#?oKX@1ryK-wrXIKhP`Cboh3?CnV3q>!R zEs7bl6c3|QZY09Bg(_FapU*ATpM?TjA2oIe{Ti$f4-aSWEnoobw4n%dodL;Kg?Bqb)EgN9M@;dy}2VDLwI0$5@sHi3Q`Cbe<^&Jj_ z^zQ~GrMKpeOt_Sz7-sCMdp^7BbyrIWqjlVFF_mdh`TaFbWU&T`CwPa%%twEmbGKlq zdtT0Yw&Pc#{~7A{XWMyJh{~qUcqxP5I&fjsA*YPhCtDds!K=-o+}*DZf@@}&apBZ* zNyW1i1UDMY2$YztY^S7(o8Rkv53}yixJhP(U$(TgBrzFO>Ia* z5WYwCPvSl!UEoPLQ!bF>kj{#in$T><9A;&i=dUyTNBsFFII`r}5p zZgqi5yEe>8!0`d{Cp|f1Mf*N%9wWH|hEMw(M8ZecH#gG<^5us=7Jv@p1r|4H1OS4F zKeg>Gt*z7a^5;OmT*SxW2MfKn;FYLasz{987?9W=gZf4|aV{B=^jxk)ljm zem${2QIy`+*fGX8vQeZ~L0+;#gXf*irhhgQL2vg{R=*;it+Fw|ft@RRAQ$Msj6dt_Vs! zw^zTW4-gi<94@4PI~5Sx(=)o$$2C3nbfO@cM)rCCeiw^ zslOy?L1fXhU-uSJ2hP{;0nI*i0nI3*4X6TG0iG@s*j@p$ zMMT}080#mU8LF({AXW^r0!YFJAKS2h3y`)4I$H+#+L9B?B{QlqAt4gh+VG+GVH+tl z;FM*-gN}jCn=IYq%AjJ|kstHB$!9|H+39JCOCVG8;Q}CM%D09ntbx;@iu-$Ch^)UR zOKXD`cP3)SXW$#Wrl2zpzx#I(LVp}!0RjknHG*Mee+MRxwzr@wC*5M!nICh>7@$~f zIZg>#j)mRgY)#q-SHjlGomNC5XVTNti;@$on8?%{JQXiaV;Bd-Bgn#t>YLB?*lraS z7}o*VLOx)9dTen5sMnt>FfeeRk2EF1$<5A*AM;0s$k!wr2sVr~*~SDp{@|f@42>uv zAb_dpW1Aoo$8RwpbaA>E8tv;jwtXRV$Iw4hObu{<4@3{`4gSbehflV9>Ounk?7-L* zlOvT!^Y`1pEVthY#moojkb~g)bEO|YzAU|Kuy*0cG&VwMx+Z|m4>`8!E;ydA?>QBJ z=N=L^7K_@{)5I?R{pyKiKEMNaoyVy$L;w|>|4DCgK<)*=8ni8ohL9p4FP~`Bw`q^4 zq~Y)8{ILN!czqwL-14A&5e^t}=%e#qvM42+*V^!8B3c1z8AEERiVrNAuLm?t3=H;qtApVB>;Djc0>>&T;Q~SSCR@b* zipF&#wf3HGSrN|2hI+$W;$T4$yXrQHRy`21o|8{9X|Xlz!1@yeam(*R*uE#MPw^{g&Bar2W9RM^zl# zp9G|L^W`mjd$5$gsrN>UCD)`4PGHKPa@v~Tv5U(>?V*MCL(17WTgAbI5P@CLWqSQV zDMj7D2F3G8`OF#e3wZLe-x^?=&vWa1Q|Y*Me=uQlC}^hP0=4@;qsTZ=NCDmhK`9NwjS3ph)Bz5@v!LHzE~Lx3|9sUg=E4hlsBEOXjf)?A?>@7LR?ap z!G7_VBi!kcBi~65QtDyWcag?wSLenJOtV$bhP(_F7E^agPfKssf9<||M?25XkG%X6 zjf1qkQ~DRJ9Ld}SzFW~AzJ(D9{;l=UW-?x-?YnZp7L&F(N+8>uI6`g|B-CQV3M%)_ z?|uh}F74Q0GuN@GJ6h$u3ynlnWmMj3)@5kUB7&*a^>-vE-~H0o8b(^;WwE%`#T^o< z#vcZrS%S9TX*zpR;BJ!F_4i^#3ey_w@4r)HX6|pknolq-{2^GfHiZ5DUfzk`Mo+Pp zzfo>{G(UT>qCVY>LH=~ff}p`*WW;>j^fltG0Crb<15VyeIlA|C(BjzgbYeo&A#%&W zb@jcsBW%mJmiYZBA);4)EX(w_+$>7y0tAp4G`iT=?i10=Du*|4yP2oo;?F({qe!S6w4W#Lz4m_3Ophuu06bb3kncp~;(fa6T7p^3 zRM^!ujU)6i?69&VATAOmAXXC(oRz= ztjazFyM;ctKW%uCRcyivtk|u52CuOPhe|8zF8(40LR^5KM2z7M^SrMkHEmHt?B)2I zI+e84Y}HmHW5E_&=!Ne+w7YTP0Uq7De%?INOtx4)$5Zpr58L@a_#lE(MO^Wmge9SO z%P1Mbo$kJlhfsz1oZ(6Sx3$f*bbNBGcPm#1*i$`xVl`u8_*p(2riE{0b6s8#e)fZH zVpiIBMHV>zVwgc><>6sxd8a_t^D+AVu!l@Imd9~3nw7J4*KaZt;YgRn*wn3FBd3o@ zbApesF^kQX^XPPPMr1=jmNovRdR@bOF_mFp&A1pU{{=egJjSc~4u4WBayrlHFlD`5$*38JVZ~lFX84H^wH!_w+nm5(zWhsc%w~7|({OcRYVhn1s~5BRhGyZk zw{7laPM@(L&$qgP5!PTgE5e_jI2+d+T0=;~2gDD8YuEYgf;v061Jm676ViTRd?CEN~)3?=68cJ_= z$7M0lBS_VLHIYZ>L@IfHZcU0fSx3(qd^vlU9C2cv9r+Shg^+Hfa=vOeR|akowr5Sg zs2#nHdrH{I4Jmny`lDW5npX2u}z4p6_r_q>{0?Nley(o&(5M= zc4iM!t3@eetbnh3HU=rKM!n>B31Zm_HcUgg;uTcR%(Iqk2EM9}7hq{fD1IMQkS!d* zy+2H9ti+e;Gvs-@B&Y5na~|23hrYQ)PTE4K_tJ^xQh{L2H9Lhxa5$Moijz$5h11XE zLcvYXt-tkFZ0_K-^)pA(OU$;AcH?w#GUFfIv_wxHQe`>>5gex@RY!n{bTm4a^X`hxN{eU`Qkp565@^fCco2S)K^$#*hxCvkcwT41a0WMf5dEz;^7IVwRr=PbQ`RlthBd-jOX5uk6%}&zvfMo8@1^(v{kdWQ$_?%AEW;8XAJL8bgGhbdm{|R_O-ALEC!F3hA_Eq2;l6iyV*6&o)E~*d@rXXAcz9Ec(#YT2OT8IpR zUDhzVEiMJFg2uNICAWq5Xy+<+EW=DFKXb6axZ;U^iHdT0k>vY_&n#@|S`c#;WQk4a z$0RUZC$yOxaP?r7cdYSyV{(8NbJw4>t#&EHWCzMm;lMyt-_a_1^Y~w)+?}xnK6k?U z;`#E_t5SwTf))X(w^DPaU?lO1w}a4+|7syg*>dF88H&Gg^q`gL^OnsYOUoGz@_$ z@42@{GX@m9cC5X59CI?By@#^=hbHUt+^bTDd2+Ad*Mm_m%BC>^Cx>P;)>}kX3S&*3nn%ft0qrI-_lK$e}}Hdq@9-k)V2vzU+=n=HnVdXF*ZX=Lo|Wz-o(tqAX|o7_=2eUpbUr`M)9D+5R%q;_;3@dmz<7=M4Pva|!1)jEx^HT5l*C=ji zOc$^%q?B1c`7Um+&;7>XFt2Q#)V`YJS&66+jRWNkBY!q=Zd1M77+P8=WCm`upA z^9*;^VKlCdZ`L7hw~oeCSB)iN8nFKSg|pJF0=DZ8h2ango_(J=$+Pomo0hLvPzqnF zZE$~;r;XygeV{R#gFkdO%uV5!UDM8?=9nnhwL8rPwLPehcl`2YAMv07e~w02zLY?W zR;%Y=jLe4B557(`SWnd09@AX<7nuoyI|6*YDC|7p!~m*ATcyXEX^~7}wG4-UL#?!$ zP>+K)`C~CZUoY==_QA`}2YZ7}*W@}Hiid1hfwrMu>l%}CBls3)V{c_Ww8&JQ_>FUp1iIh>DwTUfuSr1Q+3$t&Y(gqDyKspK7hK@fMxpcadi_#S_J+dZ8< zW$})`#1CEo`WIcws)1WnbZ#WEa>I9St#!R_uk+_a`?BbMwI=0k?V&^_mFs40`|r(j zrHm9hry)XoyNnDoZsm@4J7l!0F?oFq@_KEq zdK;uZpXlQ>aYx$gCDqe`t0-!bBW1!!Lui#uVlrNLw=6shf78YYd~fl*$Lje_YpP`5 zr*jS7V*3OKB1>Y@NbN|{k6OAjh6latMw#xCuJ(-*M^E2~LD{C@}+c^jX*)x&{86+kg z<`bitq%o!Z&}DCa(drFETl2O`Z)h2gt-ck9 z!dgJ~6r|*FE@s?07urKY$2ZVmuS_rib4^D(zGAqs`bK)93(kR12;mNonN@vyeVHX0 zt8d#dzxMg?xs5lJfNwnRD1xL$;bPS;T3DGO-Z5XTXqCa30EXK5YYC>5afw)VFn+hG zxBR!ss?vIa*yF&kh@BjlvauuX7VLG}^nx3EsuZt+Y;THG8$UKjsL{~YJyvUp@;nH4 zV39h1L6PvtbFjV|$DB01xN`ye>Yj@Rd^?Yb z%D*Zt&%~MOT=7AqF~mLQ5_^o+(|9jAvPFVmAv zTLUm}hxlk7K1 zbii2FLC*w3j*0b;7aMb2lxUqQ21ZADN6^>Ivf`a{n9{sjdaCd2!O-_{f|6VqyXzh~ zq!^`pHYF?$2qB8^UKnKJV>`(aSf2Zbw0#`X}!_%xkrM?I`8cXgw9aC7lS29heR8rsH6_EHgD}I z?UculAwG_FTGHr|-Xi^N0gd%Rij`zDlMa!_FoTQcUGTe4;#HK8*G0Izq*bYDSGwVf zF&zAgPO=W;`Gs86cVkGN;{odL+ZI*HNaCfG4YJd|@huMSM)AjgkoUCavM1LE6HUn12X{P3w~qoTIfRUe7JrZ5tglJsiGP)F;493^m3dklfN%DJFoO* zYLelWcF@T8#B*q$lg;lQpp2wQb@me4G!twKKFa%;<1lGkm~khyaW4F2j2z-Es|Yqz z^cE6hr#Cx0o8e}#0_(Ic4J5p^X;{0sm$DTz`ysIp2$WVhh5zv+k`>6!^{*$9k`DG@ zCRJBs@Z+)Mn!Od!+KilqoAWW2#>ylEHnO!c5wW+hH6v$c5_!}M7{JQK^EV}d$r)H# z0N_TBe>-C4V&!HMakJ2{G6h?bbMP=T$s2k6dBe)V#ria=#-GDzEGvN3q+<)ov zjg`F(AUYE;U>e+v+~nL`jNF_+?l~SVMotz04i6(cCqP+L6*y1Vc$6cPBsn{i$X}=H zA|_xf2YV(}CN&kA$JZ-MFxb(Bmx;;9#)#3*g-PU%HjqEe&d${yuwOAFTU%OkfP^a8 z+0_KBWaRuLvVYMs=l_I9Mu0hhOd|BsyfX_&t#{l7W+e-y<3El20%_+L9Z=YMu| z&i@@p=X#3h|7@LX{~Xbuu>W@-f&t0*{`wG%m4*F(obB&#+5E)C-in(&&OA&q_Fyw- zM+aLYuo*ev-)2mz@h{(@yP@kcoJR`uu zM#mu`BqJpuBqk<*!AL_+`I?HD_!SrJYi1U9c6Krv9szDvenvKS)<+^xNJvP}P@X+U zMSadnK}^B=zy0^{1%!zRngPwiKv9CAF`-~Ep&q(HWB{jdfFyvwC$=9shlYWLgGWF_ zLPh}^)MJ34pEQS7rR< z1)H(+dn9B${O1IO)GujX(b55*b#ig@@QR5`NJ>e|$f~|oQ`gYc(l#+QGqUf`mX<_YtqMq5tKjMB61$43*Ht!5o%3O}Du1PiI%KsL@jZ zKZiC2mDLcX_RHo-nWGs8N+lw_+lMxoWx<~+Hz7h6^eQ*vfALDkX9s@#kuN<^LKXIL zqK@Hk&?Ev>hFfAk?aaWjbW&eyR*2V!JGQV}WXS(^$$}OyoC>{F!)WZKfJuMl#E&;n z{`OK6^{W#VGTSN$g|xcpg0bIf8mT#BWz|m>gGX2(Rnqq(5p2PB8+$4!+zm!~qYbZG zVTRB{KjlD<)X0QC!JN717hk`VpLp#Bavid&ZFeP6tM-kUr=x~LX#SyocJ*M{(U zZ0Z)IRiYNk&3~twq@>8vB6Glc@Rma>kE$M={QSih!rEK2dbHLAr?*r%Q7URBMs$j} zx|Oe>>XaowIREleP)-G@=}vz#eC?&u1!c@#v53mwOvV5bu`tw)p)Z&`kDj}-zE8{F zA!Be|a7zG@QOkcBnmi|;>+f6B(<_WL#}$L8Ax>?zDgq%4s@30V+>odse!M(m6uVGX z`DowoE?s*Uio#-aR%HmM6DrXV?^gC{&Xu8`qgSGAUs>O$6rWX&6E_e82VGa=ooUR@ zn}qyvK2I8_=zy-idLBtRk(VhL<92WS80KJIUpOgoCWUn)zVEOUuV~GWP&TDYZd%w+cvSLrqZ+xp0{7sTL!UYN_$H2d zd|y^*;C=ul88;WzND=hdD14~zPgp*5xlD2kR+xRWF;OB>bkz`4yz6M=wLkJ|^o7fz zjjD8g9UfLl*Sq6B5*FFgNs;bfHp47qSxMD}jjt4O_q^&b8{EkIrZmX>EJa>a!kI_# zByP}`s~*<76jnENtX}d+7;Ev%$d}F7HyT!JzfFu9+@S*Y zR}w=D7o(oVPPBM)HE{`2Jyi1^> zayfa3{ChlC%Bylck|vI{g5(G7zl@+~m$g_#+LhPy9e8GO);7EPuEtN4GSFI^ACH%; z%N%3ca0_H zAb#RYi|{tb2#WnxY`p~!4FmFf+n+H7MwX(Z&JhowW#ZJlyXpd6-G;?DH1CLCSI2!R zePWX|S)=W|oRY75L<0sE98s-Ct_kTZ&s)9Ah(hI)UwM-Mir77GmCl{2s3aAoQv8&$ zFD}xGgs4;hFGmKJw+9nkrnR)bYi54gpy@U9@d>spP1&`UnI;|qa| zK(H$Y@O#yxI5+#NGzZzd+`U6aDBew5Y9ah@(`CxVhx^nRXS0F^XA; zO6) zZMq0jjb*)!8L-W9vkBqbVaO;;U2_$nwq>j&kCBY)o`Xw%KK3}#qM9Q=Z4 zkVcL@W>W9CLeYe$q1=0xoDs)f(S(Jx6EWhp3~ic@O)($-U{;jvOOaA7Oy{YSN^kZ^b1uV94~&Yy z^PcV3BuI$j8q}W^3^yD<lT`cXGm&Hj*zFeb;~39; zmBbWb5QA0E%LA(o+6m^X(IV@C7W#|i*cZ4o6?$$gi_5Ge-68>_`iW&rgE^VD>f3KH z>#&9=1xoSjW26%Tx8hi#hzVPbn*BX-LRqTG?@$dUzv#VOdm~bVFyeGJVJU^;WA#hW zb2W8~iJZQRgnpc{A{qUC7Wj@nwzb|9g;_~>HO_{IGJasF$wUb=qSKRf08K*KdZ_ww zI>CKmk{VMOE+g;?MqwC=in1kx?Gh0=;N$2Jn`WwBTNJ)6b*-LVeM-dAAVZ$5DAW$F zRSvt|9(K9qwn~oZsxyLs_awuu1$v_M*@srLDB@G?BtlrO7AvSINwvMH08OvZZ~gKU z0`*h$)_L1M$Oouq;X@XEchlv#1i2>7-b)AecjY}7VD%16-L9*`?nt$-xV=0hdyN5_ zzeS}U4dn0Xc3NT-A@5F`^7eHdS+e}4vvg(0y*!s5cwXY1tn8e7lvFde&uS)~bnMP< z>+u3yI@^d>t2^r0zuHO8JSvz7R}snay~Y7?xYifyn;Y(!+#1pE2{CVX9L;zt+Np-) z^`h)o2RSmwnewcC2o7XSB|KHeR^FGcq!o8u|wX*(vua(9?3Tm%C3!22V;kUS34xkU{6miw@x68rpPIHcvGY zP}&qvnFi4EZ_Le1&1#olgVCyG&{LhZcLKF!)0*3?B`TB;Uar%g))il;?(ka~fv=4R zaE!)1O=fYo$A-NaH}Gk_*~M3Jou#j@HFDLqk!6sy=yMQqJ)Wb28f^^k;+SG0jc$Dsp2n zM_sCCoOT_)JmXkeO3mBrJNjH)s^RZ03JJ|T*I1ScH3t(Rdf#1Q*pz>Vh&gcV>Z5-^ zRM$_Rp8J65^g_M5X5<0H8i%-muHxPkHi`i4 zorjaspk97vi&}5-LtAMmx>&Tz|H^`O9UsFC=d|EF+-6Jj!noxQU7`KGS?0w2o1*uu zie$3tCe}MemfFsD(Q>+;{>0GVC55y%T%|-@UU)8W#iv8I8`-aJrL)VG#MQXTqo97z z=v_n>>n_#(d}ht6fal78|FQ+=s2W*d;7AiONK*KD)HA|W2r9w)v^|9)ubJe^8D`RL zS$nOeVT)qDsJNlwk(mjk*V@khMj~QCvbrS#DGfC6!cPF}!-px|hPl%#wOr#*^vSnj zkji9@)*zWeghWy$jG^ju|0N8Wa;CaS0Sli&pIp3TPp6f7S5&$cluwm*`C61sx<}8@ z1jxhv6~5-AJNox3b1V^1+);KAb>ra|8*+dTsqb?44z7B~6%} zubG*d$IQ(3n3l|NB_lv=t{ck6an zRd=6r>Ur5>y@wSL$Q2ki%JGcDuqmN}X#+HuMb+~Og>_dj+FdPbaeTy!V`x7(rZ<@B z_V>N~6`>}Dt~_g^PNc#=QQCG<{sMrCqs-G{Um=UZG!JKM8Zrwq>!P?Nd&Wp*wrV_~ zl6X7?VKuz87tG_5lCX5IZ@$+wN>3>S#YB!awRMe(iG6r%5zzEx?qGGbj6I9+ttRRc zidW+IN`W>Vf0jERGm_0EE4=x|*xFs`ZI*98I%q4U^vn_JQ@v5ntkbFsOD1=0y*g@0 zC3md0-nGgde09vq^bLkMj?-A%0at^rH6CJZX-p2+e7`9e^k4 z;rKOn#9W-F%07xEEa(r(CX8PcT}Bj2gkAjm-kW}sDt1OQ3PCm7TqbE}ym9&zBuj6s zj&P9Jt8zNUrA}Kr|46uUxnuA=fNWx?hL)7IfWsake2C0Yu@ubK&k#b(Ls)PuHI zjZ>BY>Ah-`0qSY5nx6{o%9xmjP&L~De98=ziXF@Chh9JJ4S(zg1iOuFrCmE|B7KcSTv^kHl`s>#(QISg-@HciQR^ zx*gkIj|+Mh52NKZYltSqiBr`D$14#m6ylipc7HvBv7sJz=H%7HF=(ln*b4gkr=&eO zm#e$_jrzYXZKS2`nci-GJ3&ff9a%1!zqfg7nN*q_n&vy2p7h`bZk{j}M^bd5ddU#J z*ZDr(54rX4Ik@iOABIuKDG;xaRc&vaI^o%O>0hBB^L$&LBPV|BiivzT6Ui;FS}5i8-;{9zx($TVPn7mk4bNP;y$Vv2KPBuOS=%`8SS3{EO=eWC!vqD!_}XUM9Z`~n`73i}7AFwy!^hWUkpTw^pcHED}G)&6hUQTCjwr>0a&f}YFqq7ViCES%P(%I`MPVw<)c>2;~%Un zyGct*z|H61FH7Q;LM%~Kr69_~UgZ_zj+S8BbL|-Q2)~+MGFhMsSNQFi)d_6$so#h6 z(eZC359h6SEp>IL^JQR12Y@%D?0Jm_k-@;xSjs=~X&rv_mp|;-8thd+0nAww%U$1F zSwUcFI(&iSJh0Z(B-l>~e3QdkIKQrj^U~0y@EeNBCStk$*D86;Vpf#nnYgt;KvYeW z?`w`%q*Ui+wSPq0$8^dXxsdz?1U|l7YS@p$2f#eL&+TU2DO$M2I6F)YU)(Hic1rV;F>3*AVm|7_u)KuaQ5N zJCmO0OKSNILlJqc?CJcyhoX`8<1>K9G|oKU>g1z9Jc=*Y9g+`%Z<%#AVr2-gn2ueOm!5ir<}_;y$6r+`xY zs0XkCbKaa2&HREa@boXhwc_gyRhqgGjbg>YxU)%fSBcCk=q8CHK0v!aOe;1qSady1 zw*KAow;q`lM^`_yBc|B{ z--=18Xq|TRV0eycy!Y?e4&-42g`;iKIAn%}5%0t66-duWUJ*0DMm@2W*YD&T-Z?>+ zx}U{l?TZmD{u1NoqL1LtcC;Jg8t%gPm9M^k;M#KI<`Q70G!|{&vjbh0^DU#^&v-Og z#Ut~o4XemdX)B8mVRJ$hw*Y38ao)%6LdGFGEBMkf+Y+pn*rB2jnH>=LE0p^aHx9h(Cnp9yAYXH9&kg@nZq)fS>+TU{Ufele{F8RE$^pFZlN_Q0 zrh!DA4^>mZafqiV&lN?JZK zZZms26{QjN+2{?YPx_|t+FP%8eHabvOU?VxwFO#>ej^TDy|GSAXU;S)EY48)^HR>L zM+yW$JXt!+bM^WwtEy>}tK1=%WQNfvdmMoWy9davgw18MiEw8LoJ-B7DBAY1Qsv|+ z3X)KCB_W7^8nbuyTaLLRjJx|I$%d_F&% z&x#0Tgz;_vgm(mBcv0CVfSmedReyeLbc z7gRHytUcR{G1qp;&3?45m!XgH8S{9L&Xq38rb)B6#K4xqRBO6ik_3x5XWv_Yer*|H z>d9nCaM8K;Cw^Pf{Il*Lw5RGVuiDUUXJq`%RSCs%)1OREXaV7AA^V3(?G32*IN~o| z>AvFH>`lDrt9IWNzfV?c!N{@x_@-k9_*+({fR!$cxvVtv!~t0zRJVG(fU~3fojeg55L+dt zg=qQ`{q^Pw!Ue=iN5g@=)@wT}%2JnPQ0d^chdbeolPWj+s*y}INV&~P#0ne3gq6!P8~i82n`nOfg~nZ-Lu z%W0EI7wlCvNw-cUdC)#~P6%Il$8BIC7(MJ+pZ z%!)b`H`sb=v1egw(Pj~T;sU#nE^?QPl8hh8k3qn?ywn4*4U8*}So3`8NZ5)%MI4^%X`1r{r6Dz4JNQ$E_JN!N6d!1Rcq8lIrBQhM&JGbNsfW@P#rs zsQ|VYvFXA=8jCTFx+s|^vjw^kI#aj*rip~t^R;|7;QOC}_)WOa8KfLn^mV|& z{(NLLYV=9j&#->nVSSPCPw?njrFA7B0^QWADqU)XDBDb((Li{7AbV1`cnr3HFPE4^ zagi%oAp$Z3L+&aK2r3wx^J4j2(MSvqYg+Sg3=Y5dB2`qJ`CE|jdEpu$|2x$rg*F8_ zE;nk>a2y_||N9RZKEAHS{k=>kqxWa01L$ok(;~N`F|O|VolIzSmICPra9ohNXBZ(? zr+IP#0sqgj#r>0$gKRddebGZaL3_GF6ppM5-ZaifG#n@lEHq-2*g(sDa)Hk=l~UPU z4!@4T!2JA#goOP3z+d;j7fR)FK?8l00rq@nVGVPpI}6*ZjJliBMgkuZiQyHZqWigA zD3PUdSjgz8m?#)%Xjth92`MQl3CLJjXlNK1D43||8HkSW5s(e_qyDDG^+f0g>QSh$ z`4O^co|DCYKQ`6b##P`gfWdWla z3WK|0ZshWKvD^X{pJHsQ8q| zUD5ITfq{XEJQvm0a>{5}l%|z-WJM(vcICu06}M3VIYNop@p#P_CDrNtH_~-ozv>MS z5h+;7TpS*rS_*o^RmY}=W{%m4m@cTQD5XHn4T^%3 z;G)=GSkjD9)d}qG#|cVPM+j_7C6~!#p`xT`k(8BJl@?T2S}<)4ZlVU_$n`HX6FqX(je(!;Qtu3{aV>@ z>B){x{=mnRaX};V)1yZqPEJIH8na|_Cx2wY;;l@uKCMF`BPmm)20>w#!ttUooM&a@ zXe5`s$`gRYgan6#U^J*_u~ic_HC0u0b#+xW9R&WVn@uq56Al8LT>ic~Gj*`A3o>0l zqlu!*ME)A#=IElN9$^op81=BE7@9oCi>e?-PSjcuW^Q(RU?!}z8|`rnfrlqV*iCe% zW}c#|lV{CN=Lcx0Xq>;KWg`rF8SLe3WmQEzEhQaijRORUkT|izxtB3Z#l3m5fYQ!v z*oWA>s6L6&*|5dI#aW}AW*v1IDOH70!?OHjDl!}G@^{BRjGE|eu3na&qOKR~ZZLQp z-yG!EvO4JL2{g3VTNdf5vy+lh4_2xpW22zq^e~$|6Km6XlQQw}POX6?84wR{>IpZdn9x3g2*eNN&ottxal>||r&bqEN)#wvc>=*q&>+V*n)ppXV!-=G+H z>8*ljpE$gUnI@y7ld=&YSWW01CQ5QrQE_f|j{JA`wrUASExYi-owhwe)S+b8~&-9&IodHRwu{I>qaU^tyADB`#D;& zN{ii2Juj`#-@eVRU^20xl9BN^B1XpA@^UIhL4EhC;^))E;I7S(UoAcougg<-X#2)w z1K)!|F+HbUNDZ@quq;W1!A*vikvV$C@hr@$yMaX`^1DZrH)Z8O_KDHW;q9e?6+tR; zKI^GhgzT1Lvy16gP3C9j%}OT(F{n3t9na~;9@ z&u$Bi;TCk_=tyV;{fm>MV@nGw9|x4^{;`y#F@kGQ*-01qQY8LT6!0IGM&e* z7XW-TRWtL_8k-9qfO2VYw^P{4Y4UeF95)N{*T2KJr8hsfs-zxQ4vr;)L-;eB=Pnv& zpGy#^0wG3Wmb%#VAV+tZv+4Jq9wt6mBeUK`PsZvKVE>u8-w=gHX>%_BlY3=#(YN5i zc%x(@y>_?5_hr7MCAyk^>I4s@rl#dp^rgPApO1JWvxkD)$W9eI(5quzCtH{tI2$|{ zv|6N#-}A{&5Qs(s7%DzeV{?n0v?Dn2qStL8HGX*gn)7qDxZ7VOWa2`k-4HDBvbD7t z^*elz)*rrl>{f?dwN9)3cANj@S?Yux7Go0|dmgtR5OOpM?heuPdRlVphhZN`&t2|` zX4YwlAqy%gsLC_d$*B}Wjr9yidWV^ z*ZRv_HSi95MHof;t8|Ze7JpoRq94=fiHyMtz?G_J|zj zVLWH5#Pa*X3~X_=C;NrCVX+XUscmeK`4!Dz(ioVH{w8N}RbVe-W~uBC7Bj6)dhPyq zk9x2$fq^GW=PM4|?_kS1?>EO&=PR}P-J%_o5zGEWqMhCq&F%Gjs%l5y&&JI1!{#GitH-|seB{|a##f;ELB@my`SyM0LOz=6Cb-O&y^&!ZO&*Ss^+@~PUIX+YJ&8TfcXozT3~?H3Zb zlt;yzm7biL2O1m-{@TI2o`o~1N(M8m;Pi3t=IyowONTu9U0PmDW@dHVKhNV=!`EsW zl@^Pu8Co8FJ&&;9jxTBGdnOe*?CI0a-(B6_0nj!N;_VqKyaax)#Wnx5KQlm)l9rZaI`$g>P1cCdxL=`HCjReV@#m-Ybi(ERS$BYla!8!d5CIi zGr|cYU~%gWiICqbj0XfwxG?bZWk!&DMbL-@ANDCOq1*fA{rAB%B6#PjZ%fUqr_%Q4 zU^GsUz5vg1B}q1jw_kV6 z4LE&h(fH-exTR1IaqrxEf{fkfr17o)$cnh|N>=XHt^P>4^g%?=SCy+yuib$x$rFI0 z%8Fcurv4;7-&uT()(4Lh7hwVT+*~+WylrJ`Y-mRqhCf}dw>asko+d$D#c`Ax;yWvk zviHEPoTz*_XwZnU6Ocu7*KB`&u`<`{+$7w;>P7%N8tJhE2#_L`9Rf;Szkh>_+>V2!-Cu$TZqMC*a4JzzF$Cq4KX=c4hlJiFarzBdr^jnN0?A+ zo7sQztGQi_7F5Ng3@+{UMf2rePEs*QGpZ9kcsbX*#|p9gF0R5PQ_(QF`*1Qvm%EKw zbv~V>t1jnRb$C7;^Cz5fLxlE)%finG2z0Fi=aQ5Ru_Ie+4SHrZ4fOO~xqMERi<>Lc zUVMT`a4jpx!LXkBDh1!Wm`txj3y?&C)WOC-#>cnq`jTc(AF}74@TvI3L6IAPXvN+i z@jnAz9yqnj8G@du4Fi-79d^3BKM#$dOjn0W!`7pcx^lKQIEKaOkn-DqapwCA_Xd6N z3E+Ofuk04$a+|*oQiJ{&UmfrB>q|;yzM;m^3Xe-sTj6Z^4wzT|_}(86G4y`+_j({2 zLgF??9Uffdye;5uodS9gtt7$FYRoASK0PX@_z#=FJWV(8E}`?dCKMkJHwa^Dn?#Ep5YqNLpY}E|#e< zXVp)Jm}2vcg!r`9=<@}<9^Mq8V+|HGR#)VO?ZY$oQ71=tV0YYizUfslW=eW(@Dv%v7!(+aenHAxRF9OG__dP3 zdcBLjVf)f?(V8uz19R3bak%wfl8hZ2&**g1QS8QS_0c#{S>B~B4BOEnCa6rHGV(b* z9(%AE5XDP2jzT<@R6s^UEXTK)l8#shfuSSr zu3U1=RfvrI`q)MdAxT%?al}PnT{3p83A#NYhRO-eGAlaR?#?e_Pdr zWgSQ$nwQ!~=;53mSckWe(DM*f-bN@Oh@`7NYh2PU-|b{?sM4fWb5cki4mIx z#en&Hsk@b7J0}X6y5!Q)ZuZ*Pe4mU0FjC@~=&^fMjbn!iG8;X&W)8IxtJ5i2i6QW_ z)YtN=nbI zr?ywCBPzyHJ;EsjeeY6L`n=lcwL0R4y|F|MR;-VqBj9`QV`#ZpH}HHXSKJb66$0+~ z1x{B^Ydw5BD9~`Ye0K?G7$Z zvz6P#;IsZL?D)$-EQETDQ@?f*#uxBg^?$QIZ(qMHGQ^8a(9erg-@R?Zi!&U1;3Rn_ z(16Zb?RcgmiA>dTF8uV}c<3Y;1oM%g#l$hg|8YLFF#XnA)09)etq=XXS-^Siy9d08 ztB62eebFaJXBd+)N^b@o@wcKXJImjvD0QS^YlWx9fk14K#F2^wg-vXYqn<-sRk#A|SeV*{B9jgRz6pRosu!QD1 zxWwGz{uqWVyPcP-p}jO4^X>V52(P@qTV|+YrM6cn;JG|Rx|ZzCLl`?4Z<;x`1hEE0 z2i@{WFir1X1qU4t@98(`ytHD(<;h#PAv7Tkuxen?`_J>xd26@A&=7>*^+NcQgPy%r zIm6V7^|{p00?jBg;MRz}G=ijC@BTAoS3lLvzoAOHj^5VZ3*YkuMlY9Syj*q(;1yxIagK`6Hq~tPZBD1=;9_pU49l6n^_*6wsW~Y z4BvNur4zA(zvhna3o@F+??1~fkmuom8s}QB0|eOz>JTq&tJpKDi5L>?;s}2wFZZYE zNMO7kv`TleCP)ujuOP9=NuakNq^f%I3)?g9y~B)FHx<>KxoGLB-9vlBLm)DIHQGCd zg6$K4TE4`X8J(%g8iuRuhcSNt+>2Q~#mFTr)f`=N`0D~Zb$tFhn~B$m63bg2pl!QA ziryg8X%@Q}G7H?0b{iiLvzvnbP2>V{@Dq`M38gxbV*NM^T3BnXK9|p}roa2^@KON? zaXLt%%{+LVx{0I)6%VA52n&dH8k;#Lip@e?PXF!taP)4lf_~3SJ5oi4K$I#YY8WRY z`;rDG!R8co`Y+RMB#$sUkMJ$BYtwQq>yA?Q1g*KqjYoWj3VX|T=gtolj9^*g2Of;p z2@!08w&)rqb-*`;v9F1r7@|4)48C*3xRcj4WcC18GZ>*z^DRE*r?qV-NGP^$0y$>i z85j*F)@4}y`qwQ63M%Gk0_bW>iJR)mNVf@0Np)R?VNW z(rY+)@cH+__VpANR$?86%}#i1cW-;w9CM9Bm~-uH%PQy*@(e`MeO=_&&+vk;4-YVp z^purZ&ekVrXuaedkW9BTzKBr&Acoa4)vt%r#FFo;D9SiQ^TgV^q>fb9(an}8iE$#f z=m2u6`aDO2`;8thN-z7JqLbPH1k)2GBiBdaOr0fza+gqz&kAE+B{dkUY!r;vA!2R; zt{JYZ)NwzlfaD1Ag=B=$q?KK2qYPw9cs^>?{ijxfEt40;&G-asx_Y;zZWQ1u#NkJ@sZV8W+47wM{=GGmJs z2db42-W7(N3Wl+%O6^m>0AbA}XSrWh#KDN>Tv z5!D~jc41ErP3(D~Ulvakg4U_IMPU&Q8DxpgB=j)c&NWm$W}~sA*L|4lI#WKLZ!F%2 z;NK-AW2daW>~sYldjsKki3Mn#i{FMd3KAp>LQbPY()3kByCKLScLkPq>t4H-6eifc z_ZsldOEnrXR`}D>a)DH?^&E?ZU4K3-a4-CkvpoI?BUt8irC0T1(^U&>c*kNxZXrC@ zBRD%IP9w`598;|RM867=2P;Z=?1wSwcnqEF$vA@&tHa!AW6;FxCZXpgGWm1tXX#As zaebaO)F;LxGR{`h!lsHrK(2IZeKb5My z$kycisD+zZM^9V(b;~E9-a5uE$A?^T6^LOAf_S1ZxEFW)5Y28b4)^;>w|J%Kn>;jn zkC>%4o-oox=zEsred`Q(;29X!;ePUiGyaJ3we%S8_#>oX$wu4`{+xMetj3_e)NjF> zpP?zQ6j)s;R3cBOfb8 zKfYbN6MFnXj}h`AAtphx_O3Ff7B_~`Z5sr4ub|n^#TU}|8rDqRM?mf>FCasP+HyI? zc+m9ZKSHV`NwJc8>@8UnbGSqTR}lRZCXX3`zlfL4HKw9pIZC@OWDuCzQ;WQ@snZr@ zy5`es{2@lEak6EDg$s--aIV&a$uk1VV3?ZEh&fQ;(Ah$Z<&&_rxanY{X6MxZJ&jzT zSIyoC_#nnw?kzv`_WTQ}S~EY8sk0oa0->cY3+U7vh7GSHDiMwkQgAU-H8kN9G(1|L z>O{oU_}ModDP8SfrLC*k+tv43QC;6cCkO|7i^}+w`gNPPh%wUIL!QpP!M>e@dDZn9 zXGTo#M??i;(l)=MMSDVu?=kM;5bWZ(?c!KPetCcq7}B%qqw6Ft7cpMn;G!lf&ULu@ z^=Spz;Rp^;*MvV=0CiN+;fLR6+Wbl?2s^jPjYGq-V3WS9Y!CFa$~U1%&x&KGW~Au} zMKLcRKiVwq4+c-cELq@>jjduwU!pmAUcd?lhIXRLiHt)RjFkTpz>2=%okxCT#Gq8C z>ay%43xo7b^!)P;Tjj|DIa>0-0V ze28?_dCD|P&mC#TFtH&tn|}2VBYdA8%o2|qB2$$C2wZ1><5IDsaHGxFh-VQ=sTtYv z7&6AyGvRF&qpc&Ot0C=7vZ%ERxDKcaU=4+9)h%A5c*yAAKUmL#|E(PBCVP=TS2B*d zgwo^xb{^Ot-0yZhJmf-<hjK>%HAI`$k~-2|SwbWihC_UQpF!Qv`IGf72F$tLiO6 zEi1d7f`RT=h+(83K3rA|_pIq)31E4w5evkIn62a5q;DC#emRt0oNfup2*J!`s-(_Y z2IPF0|JBR>ultW{qrJHE)jfqlaTxqj2Mqaqp*2y^*^Vrv=#LlfRh-twXaE9w z)y(?+U#=9J1)@j=!T6s%0g-F>Pn`n+dt|u2x1xk|r&?UzdzGX7p6&&gkRu{neV;;8 zCQjHbIEwL7d&Y!)NYGV`0q!` z`T`y*A$APUgh@Pyr`%uLRC-PPj-rWut2#~9-k15qZ@SP3v`!Sa+la|<1`^76 zrnjX5vxJ6*l<6y|eCdf3ITM}_?uvw*M%}Re!BtUj{(lvH^${?U>_}YXTd$FtoDKc@ z_K26;J7Es{Y94JZ_s7;|e3#pK%SS()3RA@%C?wk3;^vqr-88B>97sq0>utPo5;JWIr_`JxZGKY70zrE0(qx0o`HuWiBqPCg|W6j`G;TMN%a~C4d zNO?nqjWC}KIW!9rR!JmqD>NsWC@3Z-&p+)M>DlH({tj}IXC&V-=6a(WDq4D`7f(mB zfLyupkE0q)PI^9?v|dhUeS$g|!N%X=78c862=gO3=cOD!fI28+#n+eYkxt%!r9tR5 zCKx2*VYV2)5sn4cL=wD=o9Zm@^?hjJj*PI9vYs*u3>gdmTJ2UI)By zQ~tbvS{=F8J0jJ<5T#(!z}ReCdHFGc;Db|HRzq|8XdIb3IfP0-d*j}&S@=}py=xrV z+YWiCd(Q5RFuKvRcUEsBByc^SreCAa?`AczqhGHwT~Vomc2l`0;GJmDuiiCUdn`MVn*GGx2013?Pt@b?G{Dj2UZ2*05N1=S+xgrl z!!oe4ujlXiU~#T?%8~bosBx{E^in`8ce%yf&0%I5Vz-)F-{=txk_R1|_nVjE%O}2cnSR=<_Hyr+ z{d3_G#=r>^Bc`)vTFP4R5!5EVPB|nU!>OU?=<3y- z2Ijw2Gvbnti0{A7LPK2H%rjTHP-+l#oFYWMDs6HDLYC=T@!Bkmgc!X26f+K&O_% zE88!rQvb7Wud>3)iXxT03{QvApx3Pytn2{b{IbBEm}FES~&nd=m2|dJTlb{m%KRuPkIAGum6mi#r|H@@&s1{@O|^oUgvD zw!Yd%Ag&lTYC8uE=#8PUl-ShoFEJN-d3%gGIw1=?@(#Vi>xU^Q3A=IP_p^AAXub9f zlxQxl`N1ssxF15BvgW>Nx#f125dnI4e+kwp3kC_!@ zpAV+4l42lyvG9`-w3{tqlZF)l_1u})Y0VhGO1 zWH92xDmuKAclzk)xb5GJRL;dVcEm{WE9KN~$^9mgr8CO`$ z;fXyMWYo3o^gW`%N%Vh1Y%VAH%|%9#kTvsjNO&K^%uj$cHzb-55}P9l=YxTwtSTsY zt<(Dzf&mV!?vS4A?ZZ&t2qi)7fbXp__9R$0-5v!*%oco!56G~gshWTIj35RWdla_i|StUk_0QvpZpGkwd(ErgO3 zw2>fOPJD}o#uxn3L&t@&A>gDug&9pb4IOboktMlB+37p`yR-kKO=77xSllniwgaeY zcO{*yw7iBQfywO6WoKt+=L$as^b8C%JidI@hsg2UhWSFWmv*Q}v&-?-77A`=1`bj- z&-$O~*+sb}kwI}`Ec6&i>a^o@-f2;L#vC-OPKLzt5GM&rigSzXY|TwBStspZ_PCd( zDP4lyc21z}8V_xy zIt~_23%BlNCk@h;Df#oqod z#$IB*%>gHQS#hb^#Uyyk2b2ra$uEPA=b~zhx7A^zft#Ad-c9v6 zYWJ6z0AURxxU`I%l)7|Gnl-vwbvfWdi-rToYdQ=DlAe?zqpc|?DJ!ieC^EFVyD_`$ zy71R-LS4k^lG9Bj9;cm@+(wVd$<<_4_uAXz(e8RHBd^WOl^$Az3==zh z+x*H%MO4yY#UL;0iZ=YZk%|sgrhl%Ke#}=vXO*SJIaZctAr?*~BEi2y!hIwKdniiG zl`DhQ(F&5AbtEt=VS_)OADnD7MnuJagfbxMqt?xiEKChK)x?HYB<97H(tMAEmHXL0 zBGV9+2rO#^@-lR=6&WH&`l>)@e1$zaT55U{BSV{WyOS$B%btQmKZAt(CNzG8g-ZOx ziINx@92Aw15EHM0)oC~O`j;SyLG8<34#7ngy{yGo&ZDxDYJ6T1&1=}nT+Kn*&1sOR z4^@hsG$TKvEhVNa2^fZ%l&P~mS?}TOlzsjC^1O96z-c!rzoc)X9HWcPa%?|P%)e)w z@aj(Jn-1;2L~HC2)F`}gsGU%RLD>njDA>Lvckk4w36!-&$zP=~&_$*~r8Ol*7KWzA z=2mvRBinOpZh4*IW$CT)*Pzxfubw_$(;hBv?oB^UqFHdxet*fHG_?7O{h$k$RO;^! zAQ(eKnMNXWXd`h0_}Q>Yky6qVqqJW+c%*^cUOib+T?98l;?9HwDHWUNW;#x{OfDMITk*yyY z5edH*$9$pLA@enFRwPv6agvQvj0Ys*aKY+Fc_WE}l@v8q@kNu9HNZLC2fpIvvB`0_X5c&NWRfQ_l*cfVih_}Qb7xXE>UVN(PIV96+j<@ zBnhX-=h&5l;q*5#EIKq^{lp<$;FLA za13ZcenrVZyglt}Tomm9)lfM(9)wm{*3FGVW)zSl`(LAR|0LtYbYWp{of}wKi%ZBU z2ERHdcv*<7Z#kOjA{9*uRmm$&Wye9GatubaBxIJ{?w;6EX`pTJcK{{LHwF?CYHDf< z2*I!Yh5(Y9(4Y=y=#piTd}tB!WD<3S@$$f)(tUD~p;JxM#8?WT9QfKdu+1i`KuRid za&kI&L2w9&QU$1d>SW=P$gV)Pv>{OmgI=noR5*;HGi(tKV{#*rHGus-c`#I9+c$;d zeUh7mEnv+#A-+oyKyXE6e|M}5~F9BqH-v9 z72!&`k{~7eAVNnfLbXE$i;2+IV=GcU$Uo3$LxQu~{XN*uwbt_zh9I#}j|msC@B~SY z(i{fAryLt(vgfw}VVQqE*d7M&6(1Km0y6kA^ZKUoS0zoH{r2^B!uY;sGdiLk z@YmU({*$-j)$SvJucPzjKThrbZ#c96N@`bG;ydGaD_0jqGv_aEm!pIIKZq_a#{Xm5 z&p(VYWyXJ{{jhyOy8eA!_y5y={y**Kzf+9_EB4{(tNCr)?{4NXx6YCttqHl z_UsxR7Ov`yCT-sjWF8%&&`LrrD-qH_2dw`a8Rma%%c!ORG&R!@>3 zMC=EWHP$moV9Z;+syp4@so!tW^7?C^7Psmk@JNmJDGA}LcY4y9FbzG;K(=QXv9vt# zTMrjGKBXr~j&Sp-KB|AZFTS6GZlwk#AA?1$x6FqiJE>pTfr_HTuC)GuhgXE)^&=z} zKN_nXD;0(0Q2(L08!VP}IFufjYQx!xcSd?SxXJAn*&jRW+QXWING}T`_0Q2>(XSSq%IAo zl2rf{ItW8}Qb}XoZaOmMqdBf@+hm>($yg1KL@wXjq9Ll)n} z-|4ro-XXIpnl?Wy?p&62^o|_LCqG9xk_9+-<7Y#5Y##ioiOuQTeD0A}kaDA&S6OzX z69u?Ae`EP^qnRubY%|O5gHX~|Bk;ImLr4XNAA>8MB-U4c3Mh=C0+c9CQAlBr<->8z z9fi8C>y;ks)8Y=()zz$sH;w62ffdZtdFsf}{<9 z&IM1hQmT6c+H@=F_Qo5rdU~sYm9c^Bfx8XaKbxb@r`=bHA2!4lMV-BK0(9)QPQeN^ z)NsBPBx?pkts}9kzr@YZv+$qO8-_UD+(!3Ssm2TTJvJ6dM&%)RW+0 z0iGDC`$Qy7RtKr+PRfur8kA%hN86l>-+rpS(b=mBpP+-Bw5l^Y(AHx^wAD0<2(^$c zF3IVyU@{*bg{x>Z6{4;)QGqTE6|tEf?zi8Sb&l>uQb%2?i6%hbOz~MUvzU}xf`u)x zWn40b4pz4XxVI_~ukY`bh|-kRRmWd=D!m++`FQTO8b?O~M(X27dqEJPnq8g2$PMw6 zb>GQ9@&&tHtzkm-1DP4=lx5Roe|i_#6pO(RtHxUiEG^V5ryt{BIO+@*V+w!mztGgS zn?9{JKq$x1MM!nf7O^*b!rt_qG{+y~`zNy#jEE3{V3>nx&s>q0mytGV1#zlb3Iidk;e_vC^Sf=n&s@U-&hJfM(z>xEl$t$j`R6*Sy}!kYFXbZw7k5E4K!6+< z01O+?A%Ik8c`eh8U8O`-*yjz#Z{bfP-S8OOiHs|uQ%kUj?%W#tv?Ymgo~(LPz67*7 zc0H0L+5u`D_2Vj9h?G}F$W1H~P4lLMHgHFqyx0)<5cT}TR^vd9)K(5_0%>7{3i6;V zNu9Xn%$j5t8u%L_49F5Y2U7ARD$4B+Z1zg?*0o`DXPapUx_z&%G0h_%^JZJL>6lu{ zh+&tnuDje(oq923cc@Oh*IsS-Zo-W*e5!5MUA>n?Dnyx+buPY{gFg$VH%d02&!APm zo=XM_%{KZ4erg7|5#nMu`t#oCAmmx6#X?8*vj|4j^oj`KJXPLi9k3U_=&-Nr{Y+UQ zsLsO;ks7R$N8h) z4JVa;gmJ7byJ~jaxkYnuq;Cn<+L~a8Vaji+J&}sP^pG3{sMBHB{@h};Esh-4!B>e! zr4~sL=kb^Vc)c&rSYF~C;OsXX5|6q+V4P~K(_uAwg+>UZ4xC}ySOu_IA`vzL5(rZ* z1^Q`1JB@;~+NtQk=mA!J#2d+49o_2|mRwxt$}r4?v~a4dT_L8jyB_EuAfYuB>p-3D zrox4*ed?q5^lsH326cF3YuYWdXZHDCQBd6gsTLnCFpv@Nxu!*#HvO%$^wkH1K^)}c zN;sQy-UQQi#aBfr$tyf;qFDX;rZIN75E=mtaRk$s;{LJ{_dM(fu`;ZY9X60!2jtdP z$#84z_bFv}a#e-VDS%>^Ep-j6jw428RkttoSPh=;&#-(%IPHMU%7hL<<}V0KI^EKQ zE{EnUg!=hE&>28*S!kV@u!6`Gz?H{$L(@gCCef|`PT#|dVHtl#tz^sa>%qD}N4W{b zUfyu1L0P)x$XyeL(*OamgyAYd#SP>Tw|eWQ0`>bqa3LgVHE3cBbkjZ!ns(Ca7_ZcJ zAj<;m)v2CrSL1{X0{9kP7*@FP)!fLOHs%8vD;fVAdv6^Z*Yoe^J2A)1%oH;-J7#8P zW@d(%nH@7T#>}{8hBY%YLyYz3_V)JM-%q!y)b^h$E1lidN-Le6nH{~)oOxbP611)5 zEaq!Xl3B#a#%LoGvo($^9EhaGG_Fgzjh_$hCbfec*=ujgLBn=^i~v?*jwXn2hJypc z+pUutJ^5F}4)pQ_`UFtWDM?&gg{cVv^eTmF?-sQb@=m%@@aBdXLdM`~<~}xEpXD4Z z<#(6$Y|QDeW}s+bHH|WoLugrU4BtF*VXI_!Et^>nSN0b-4%(s(uRzuovrgH)BAo1#83Fco{5+^C?&Z5@? zL{5Pnw;I=-<8Ars7C{x~rZsYNB=Iz~166G@1uh^S=W8@k!&`wI2X*^;-xJgCY4rqR z<)cP0#u%z0<>&UA;{ZG+>TbEPrY)oQWmOkf0_1ru&EI_m(*yF1LO!PtMbi;js0y~` zb8Kr0^13ha;$>p#vY%yX%Od=B*8CK21QkMujLDx{q~=cBqjV=u=1D%=`7cNK$PH|5 z8oaCN8>Ht4rN;u~8TeEl#US#arm2=dhyr&sIab5xE2?a(*o8(Khy#CS){GC3&Ixx$pm04g6CPpt0Bm$yw3=YTc+zI8_A{=8g+uXr5`ddTj{HkFzykmFTDcom_1gvmy$82I;@w;h!_ zYYATIAoDY3NT;fE!+ufdH3iN$&FI6!?o?2$x8J0qkb3dpywv(Hks~K~Y4`m$M20A; zKs>(<+C!dhRGe_}Ru@2PpxU0TpUgW}WFAK3INqav+1H#3xo}>_>bs0=TIu=DJmKYB zM>?$FukVGu*VqkSG;L8CCc*gVV-6aCc)|1Sm(3*S8Exnq(=O@He)^pNZy~bwuZUx{v+v$eV zM^dEIoqwmWYG+P=MM?jU%Kg9QJi^W%e2!MnOyz)+Z}u!-EVSLKHsMYwq!&mM9iY}& zodnB85>db0xn@*C8>k_~iTXA+!{`5WIn~A4_CwQP;fa@T&afSjssx zuMB)Prnm*Oar^Bg=f&O6*Pm-ba&kz?zw)T4o#9m1t^DW_Tc;m$sRL^ZSaG`haxZ(R zqk&jaYj7!mS>sz?a!}SV2=K9&g! z#M;;)NZ0QJ1RAbq9XFH^JN;6TJ|}~-+IKIA$Y8^texmeG$3dwCr4cZfJdp*Y@bicM z_p$ZQ`1+UQi<4CPXC8s!%6`=Wd9>9f6e?R_jc$!QqVK{{Dyhb1V|OK&`}Ytp5s!3GUQp-X?& z%lu2M=KrS){v&Sl-#^D-F`f|t`HWNi_o#&bMxFo5E5Uz;eE(}E{Qq`T^k3xrFY^5t z`TmQ1|3$w4BHw?J@4v|RU*!8Q^8FY2{)>G7MZW(c-+z(szsUDrhtmEPs)2rq9Pm z4+s(z2oU5i^8NoV@~y2Dhz(+bSte{eH$XZKhFO4S{Nr3|Paa%bA>y|_U(y^jUg_6P zG|H&CZ#$oCFXsPjPk#yc1PD20ualhmNQHxD%DDhq0?k5WBTa5VdM9`|uZX&Q%FVe! zGD&QeRJP=9A@0b@k;u0M1Ik#S} zxXwI7j;d7~X2+lyOD$^Lcz{J6dY;3Sx3WaK2(xI2)dfBs?3X)8VMBBmLjr@@1{Y84?IwMN#rocCL5N>K&7LIiKhbLDxdb5^uZqq#|f=lBS03=ZjLvRkUFco0l*Io11-HqjO|)0P=d)eM74 zuukBtFxN3BRn2}`;=|Ua`IUX^Z$TS8?SgKLU`rWJ6&#UPYu@+)|5|#g!Olh)8|S3B z5KU6f=O8{RJ2PCQZ7*27t`4CyNISKf|ZIkrK5RH5wXAw5v9l|p-L7DkxPOm9R5F|<&9uuVWmde z>C1EHj|@Bhw8zf|NiozFbywFWkTw!|OBHCt)$fxd$cwI=UlXx8EUJQkT7TQy1p$Ju zT@v+jpe?&cLFKCZkGGCge>;<$T-vGogr2C08y=|%6y3hLL?y0k57|obUHp2-t|H64 zSdG|Ic_YTEss>vXH(FZI5>l9a5Iu2GRLyeMwLTktJf6X-s=IN}z1s5t7ey26S8;?_H5^k~;6Fm# zq;Ha*G3H+vD!tOw)Cx81NFolcQJB76-r?B0UQ2E{uaIX#tVLW@RU$0cLTdKS7APCz zMZ4r5aC-;LgLOCbq>duIhEMy+BRODKexq6e9&@RSHQkMBc);l=%eGYM-4EJd#*E ztK_f_x;d%P#EDq58#@3vwHf)@7je^jE4Z0|W7L_D_M7nsYe$WW?!0=cv3pdktVq@E z;|%G0lo4JhXVo4+B)wUQ&m|tgHyE{ZnOBp+^`TrwEHwjlK*Y4wvZr>J_qj=$#1otU z0Mz8L!&PST`1Jp{+3hqalN#NZ+gy0YEgEe$rh(oUPgJB8+L44Tr`^@we1a z?9hwrQVoy9-!{~5td?GpBP-nbHau#zO|-LR1z9DtVmzjPWgC<(b4<#|_O(jAm@2xn zUTAj31xvtWKGtvn?|Oo}G#kQN4{pif)L83$?CN6Cl1_u9g`GcVJ~SGm^e~k$F_tf7 zhB+KH!dK7xsx8#ue}X;5Lblf`G@6*}Ya@e=GL;&=QqTt(B!&d2&hx>-93~8`9uGz- zB|%Jh-@YgQreowdceHC5em4SbeiF0XCvV)(U6$EPu_D#<&D+cnDyob13Gl} z>(@@stkl^KNfV7bWJ|ZcAKjPul<%ySujZNZ19a9Gf7(%+}-dZ+Tef%l_w6z=kzJc7bNpuYI!)UDJutqgNtXkOnA-kPKnx+S%qRYE_h3j zQ?bdGN73WsOgAWNw{yqZ>S?l$9WqCQs&#wpTrT%bCB&0>D{MrCLy%}I7P{yW*J#zq zB8s^o!&N>~3SmOS5AW{0Qn0sbEMBFi^(#YTpn+Vliv>ajR!Rwt5Y3zqGX;U$yE3fB zA{Us(Z=B@?lJzQPEnji*-X$PO;g|2Le^pf#q$0Sr)PKd5gcx-#a>!qoz{{+snZ>V$ z6vczL%9B2DUO01fqb_Q!Z!1~WG7~*b5AAbJ#jtDQNKs8X1Ao@PP7l&-N;#Fkfq*64 zLK?9=e&vL&HRowuBH5*g7%W`jvR`s9Da-QO9(iSTp-n0NS$OEJI5c-W1*{@Vj;~GO z)-Z}+a&{Dj^NcAgUVWM6ufR8v+ZF2!QS&a$`apbhTGt&+@ zjhc&;9xSB5xWx2KWF{J};afDKa6>z0p9%cATV?;eM*;^>BEnZI7Ynha&Q8-$KWz-F zozSit-HsL%;i8n&{0@R=Ilyb#Qo(Rv*t1&8LEK5up9&KUa;s}+=n!%0Y@tIDRqc>I z(kbeN7G)^T$y@RBnuPUjuQq7EpJ2mJ^X%@|*eZQBmm1~HDJS9F>~|EJ3!O<(uQ|)3 zS!A9~HS<{yRbp4l9?P@4)6F|6T~TZ@kmqY{xIcy&vTp2Po~rMmuJ!7)1=qaY<6XO* z#xtuS$%QU^$TDM`DzVwzGcHbOZyieCx1!RgI_5Ek5$~Absen1SMzSVGw_g&z94i@> z=ZmLL7v!Sxw7WX2)K$^dv2FMxgIk$V$7;%8k(>Um7hjfFUa+un932a!CerD4PTMDu`L#hz2Xjbgh8K_uazbo7b!O_7E@Cg&{l_v zlov@FQ+9Cr0~k4sS)=WCq4NAg_1FX-EePv77H#(D+23#7pqIYMgdFObROaXB$_Lm( zQ0FzLX$y9^)UemKsv6+_48=9tXt(()1H35Q119NpI2kHB(CAdlFJe`dj4rIKUxl=+ zTfbK6MBM;Ge_2W0vN}8(9k4E2nH^Z}R=;1DnxNuTp|WdI!h);+yj2O7Lpn$VwHb&}R-$^Kd z=_yq+bxOuqPlao(nA0F#Lvn}(PaiaH-MPAj#{;h~0t;4$4qR|d*1q$wRImLX6aeZb=0;A76`c$dO_mNgzQ<(`1xhK$Mn>t=1InhbMtY6ID-wm0i7E6Rj}EVk!1flVx8^xSN0{+*Pwx_?GAUZQ~QcI%56 zRl{tJE*Nv$aQ4sZLvRyr^%ERA7VoCjLPz`2&gl)UrqzbqzX$W8%Gb?v@AKmZ%8X7G zl;g9_L3JmjkaPpKP0b^s7IV}`LeSQZ+(4La#m#Ch+=%kN#9G?cSl|H)>QQ>mH8f?0 zzjK~YyXtMK4+mjU1K@PNx|*e0uJE8=vyL(iBiMUXJG$?N%35rGS<6Z7MgxjfYFOM( zz*ks~AIVO1yHtb$?ZDsGQYi^i(S5}MhR&4QQ@{D_!fa5ZvR(-!A5=L76C`Q~rV&SW ztbEp@KR{B^PA8$rlO`W-KoU&fKn91XhbMeKz7TM*2sCHC@Sf zWe#3yf8d4hBkO_{yZaimu1n?mUNh^`B$$(D(rOwIwJO2#ZLd8IXqA~BIQWkUU9qgU zFyEhURjM)A1zYA~P}eFpy4Ff@bk_*pf`QjhWWGxUY|+fZl{6OXgnFnUTFiFCs(tpJ zw%6Cv0Te|&P|B*kf;&PW%spvTMNyVz#!m$yfbwLKoj6s%E z>E;p5UNV9F%AL1@SPb{strYn@pA__FmgP4aY}$#1qCHNPG0wj2-JHF|FiSd8ld&pi zImT(&2<|~{%-J1z6?F*KR;=fb&Pk!;C@1~w0+w*!;cmtWJ4;XY6_oKXCv`{jM*+Wb z(l@I3#OZdUau5C8PQFt$$L`OhFU3`{4)5;)kDfbinBHhEJVaR!nU0JyLTA5J_Qm+k zXdV;GtHq6Cl8-WgV=^(gyD*9O<oz2lrc;e$@+~kqfGKfZbss__<_}y{O0W~Ms}cQFoQE12oFDP zqQNTef2ecd)s|NBX>gn>lV{*6UnDj|gPOg~Qjru{D#5wXe*q@b(bBdk{t& zoTCNFnp@oV%s^QWF3aUez>$Uv2nMKyrc__Z>MKT~9;%2i=JzWXe^_a?slXc9^>sX| z&TG*os@~gJIoPGQoD01U%gWd|r30*1fA8IDFpVTw%t=b{EI2xe8~*QDi4 zniZ1p-$6Ym?~_AW7mhu1qk^)nri{|cs$i@>8(#o_toXDCgk4R_rd(?hGA(RVo_c`h z-c{RsVOryK-{E!|>i%Aa%VAs+p|mhjyvb#p`8R=V;~}t%gva{>q{>QghyUTY#DLYw zQwINk2fS~txJTrc~d4AriNR~uh}S{twbmF*6}&AZPdT?RxD~( zRqj5<7pSq8jo1Z|Qdry-mqSwKKkvjqvr5{ycpPhwKkk{qQZxAo-%gOvQR?840h>xV z2Ca}UmEaQF>L|J>c!1u`G+y(JsTY^aBY!HWG$QdEaYki?Wi3EZ(k1^j;qSk{2W7c; zq)d_rZ@IwoS{SbRRa`?6fz*8fzlcMcrd zsHV}*(bQ{XuL5zIs%9kcEt{xh{>tv4z1+&z(9g+x1S)GaD?wDAnM%5#M9I?kCl?x9 z(Q96$US*wVy!he=A@y`PB|FPBT{~H+-jGWBO|GH@H zo_Ut#p+4pD_|biv<;7++*i{p(dft%eYC&HlLy1NyQI;fWF_RzG@LeQ7Nt}|%rb#HG z(nRk^6yt&JL6@0tx07zo<4e6V6s_&zql?a?kIpWA?5W4(ZRX<8i_7H4>(oaU0>578 z`Q4-5S>mKt**i?@)5r72>cSs-(zA$TtBd1^%I=TROU^8J^^|T0ImnKWuWY*He3^Fc z2n6`_8h#)5?Ht}z4gueXn_ojyV+vNyMh1%v<2ZOWd;esAY!O_~Dl|+*RRqZ@7uZow ze+pkg%zFF@Jf{4=Jca&@u@qBz>0mj{MOg@g683WA8jH#3 zxcA*tGzOQ^@af8+A8Lcp*vPqH`GH;6?#!*Yrc8GDj%307DlV@-gk<7q#%M4KkK1<5 z-E%M+hud{LZKfdJ?x{8}OmqnfYv%0KmuxqW7{8YZiCExkE~C*G)4lqZEkwkKtOb~ygA&@ou`A_}Ka9GeC21d8yX55z1FL_b{Y)FAbaIg~TEb`9) zVj5y%Dk^evaw;lfVj3D!7Ml}P!GIAEcK8_qHh3(EUG}#^%+Igpi@`o2{R)#LL>4C{ zgc2amH{6*cBP}W{EHW`R{tQ|-E-Wf4Bqb}3j0}$e$;<_Tg8YrN5C_}aRZ_QfsLc~2 zn?x*xloe;e6UG7_K2RbhIWjytk)$TCtgNW0s;Z!%psK2v%nXqBxJa8UV_7|Hk8fWS>9Jf+*=)oL`R3fR&!6rMb$< z!3i4oPxg6@pTJgn?p9o*yHH>d5Den!<)0+K>~NEy{+68K0l5+DQt zFUoZa3YZZ;eCqcdjRPDLzyZaN;t4^1i?OuA%|-8`cd>tdN`Q%qjE#`*5b}}oOEsO>~teutJ)y3ugb7B`A+0`h#aHO1!d~{@3O~64=vbj9^mS*A% z3DxPHuH|Pc1D|lXeP>aL7$r2o(O4&1A&Sv~FnBs^JZjI?@S5#(Ok8Zfy9b4P^ESt; z%x-7nlN-Sl++K$<G1|>+=8czs5H+Rxg-u z2&ibONhx@A^!$M(9k2Ep77`9K0eyj;tvyXXTB9j4IEKXifoe6Hb>j;&wqK~&v@DA6 zoROl0i7`)cdB*{V{zquSpUz=QPJjk>8$@vm$bQ|dos7A#w6~$6rKjq{1rH$=pR%g& zp1O#Mii?cRIW$jWBkO`nGTKl~QYs!5L{rE5vc_?lMEEr$Ql8bTswYTVQCUFsAdLto zWt6ZegEflR3KFM=2q@w=21)RD3L=skCNZtefj(Cxfj^MJA^;mn$%&;pYWD8h(!$DD za}g7liSWddsriK*UbhRLY^TFX;9?f1&yBE*iwR)n=66DV-|LzVH+9*Y&&!7Huqyir&|-AiHTG?9cxQ#4!dL#l z0l3q}FKO+OK@;92ykP@agqR}?ro zZikojbhP}c(Bdv;ICLyJ)?MEFCyl4tuX6WH534aAET$P%KDjXmdcSj$nVSpaA(3 z1Qk6syNpL{sAqho7tqhGZ)2=&_)XxPTitWdeWI+*2~H-JPOo#r@fMiX{&>Of{&Y1{ zFch1^<1q{I;r047QxJ+ku-5JNI9ZiJyI7;!H9v1(eW5&YO;QB;_(fgPPnD_=N4*uEU{(&)M;HNlZSQaB>1s0kujWI^<;6z+xPEuJ&)}kq;s|-zi9|g0C zkH}&*h8If3=l8{0aAayt<5~xt_@}EwF#7?6UbpLYKUK}%7x3}2pPEXq*I_Q!MiDF6 z)ZT2@q}}d)-PhWdxB%5;Hq=!3^WGqUk1#E{tP5yO#tE%J-s>3>nQ9557>yfbLBwnP;%smL2ACMEVE5wMpk^%HX=Tc`l27$|5qQ&LB` zCu2H3s)n9;quxb8(Y^}n0k#&6v+E-~luk}9D+#yVM;=Ks#U#jlV~Um=;axT&spQ>i z#^&~Gme&>k=IdZB(FzLG5O=d?^_QhzD9K{*=Tl>oOX;6(CLuL+f1$KA(E3mbANq< znI!0d`~caOZ(;v=Ch}6x_SN-%Hn_f|JT_ndSmIj2>a8<{OEUwr;4JNTixAVi95lL!CI--sWp)fYJ146&Gg6 zUaf6i%I(mB3pOUbjEaZ8)oERK?)?Lgm5ftjhOUKAlBP*lp}Z_VK_9(M6dgu~N3{w% zb~Uq!Bvss{`ue63$o;5LmI`uz;6^vw{qaU{@G61uk^>ea`0@tl-zf~Z*tF<$ZN0`t zqHz;jIcT|Jt>Do{*Tg&ybP$h_Ez-_>zTbA7K{PJE(uYre);5yzQj_c68h)z6YQKpj ztT@3Ye7D{7dfKyi8B;_3mWCP4!QuBVGL?hNBg#%n@@b22;`h0^+OP>52;my8&41Ow z(%K~ndgIYKr;R==cWQyCclp!bANK_A+?-^I`J*VGZ_zlQKLPFCYLSA}>|#UByYOUw zd2npeZo}v5>DUR1KZ-9Or9u(%yDx(%>pZLxlF;>^xgms$jSk<|>$9?Q62ObA897Cz z-f6dCc>mYL))Ok&MTXH}j4=e~=oa^RmU0+BBImjn)^b*o90^ zKcu3-r~XXOekg#-aZNKpwPlnsW&}MUvO;a-;nX}X^?FW5avLSNb>rf!h$^`!b`p%Y zFXCESx6%FyA4cf6bHi!*QZ*%Eb*kp%FQ92)820fcyZr$F7NGf=eyfr z7NF1ca+mCC7?BD1Tbyn^Z^7+je&=^&t+EYO!>At*I)?jC#o}^>)kP!h>=ZnE9ECBW zfQyjsB`r{@Y_+w}9xwla9HW-YwrTU;MK?y1yvI2}g^c(U`O)o$2aj8UxrZsb!#rH8 z#ZJeb#jBy=%iyQ>oYLYFkR+v}AuA+ozmtaa!|xr6uGlbM6j9oK98A!_9F(ZWf0Ubn zhmMk@BzF&rgAj}md&?>AWa2U_Z$k#Ky#o$<>3)C1sYwh*%&`-n5SSTN*m5Ocx0hZ4 z50_uN^^w{*a!V}r zCHm`c>KH?ctU4C0J_NW|sd~$m&zMDAl!K<2U^{a|k9N)47KW`mKyY{3x@LxH#Vlx7 z4uf&16&vUJ@3*Qn;*~RT>d1~%*tg^7+B|BZ0Gknz^4;8pWb`W+djVSz#qwDFodhBb zoUpC1tvgyZftuZ(&BAEtUo+(Xti(w*98`yE^}}m9eBuAq~s|yX}M(+JNv$Q zj9Rl!4*{xX8FAmd-xjPYRs8HhuL{aIw3TbSKj5Js&Y&Gxv%ota_6zO8q3^Z2mIhJJ zNF{1)*%Y)fehvgiu!<;a8Z=ecB^R{Yi97E!ecI@V7E~Gp?p%=lbK+F+T9;sh z1cXb(esn}=hd!LIq+sIhoL-olRB~$xYC3;Ytq}xmKMldfc)czm>KBtkBn>x#a^1#5 zZDge7?%q?U6(%ftPQF9SNm0paF%OB)-c=g~cTo4LB<1I}F;b3WUkV|TpznqLtOouZ z581X7<-p`O!^os60jG1irx&Ohi1|#0Hg*bFUEiR88XR-%GhM`zV+`knI51gtL3!X zx9-CisKhF{^xp4nXQhl`Oe&{h?3>y~!`wbPhuozXd?#UZF>GFsD?vmcC;CptFEwQT zg%r4g$-Sx$`SN`4~v@7~_)2~(=;bN_2&A#pA%JQ<3sX?J4}t zZkO|&WfXlJZl#@mP}P>D^yBN`?RJ@WYE_yYj9u`bWM-3}Ds;!YE0}1R(Q$6~!s4!L z%hOIV`5MpoauSUB8nH*s8aCh}E@xWmFI1e9!);@eLSCz4QdE;c){Q^?5V7h@FhWG4 z7z2pfIcYKBBIo(%;ALtwDhSMV#<+B)V>a__44tzmi$<9FI6?}88*yUQZU#PM_b}j% zt>kQzh=I^$%iy7eb?HQPE7?Xv^XU<7iT+Dm6V1|k|(!4^xi^-P1aMi zTwjUY@u-3HHLc2>(SYs1yTB6{yuK@Og^LGTMk2l~?A!Td zBN?^bH8~?F*jKET%Lu7o9~(A7gAhI4OMh?BhVx~t;xwZNJg31)s1~90sYUl=_8n}k zwydko+i$WdIzGVsM!DL7z(a=jSp=s= zpFo+$m#)b(0H-O>YJM?^V5!qa$vF4W(8@4m+EU+a*wY*1*FBu>eI5=fYP_m{dZT^W z)XGv7_YDFb|GItA{e}@A#u*BgZYm_Zw|C9GWdHGQ=#86ow9aY0GtoR9xCN5nEY@$b zR#5cC^*k4hRHYfFz;tjnC_@D&vF@!leFB9#?W2$*?D;)GI))#mI-;6Xjyu!Cx9;Al zh6??NDM>lJi{rN8ZsM>@`XkqK7(HtqlB%1e=#lpra@SuIyX~Ldq0s#yh z$%0#pX9VeFLj~bL*L3=OW@q~SbcC>%^x?upCbA+HDCmZR?lF=h(|LwfKuyz9Y9}}Q zXJ!S0Jb5U-{b_OMib66X7fg)2xcJRv{+2S{u@j+$$5cUI#x*SR`&3!PLH8i#UXWU6 zdN*%7i^WtpH4Ea!3&jEwd`pxGa?R(L-BL)BPHR>$sxMrVjUqa>YcCTzdnOS&s?2bvuLNL@nAe)IST- zP+^!ZW-KmQuC@Hcx#?)QlYcg2=QWpcb`m*ruE5*b_Z0Hl{r{PLJz&%^nN|CsZJ z5|sJo*fNoXbze)lNcX`;%S^5Qfd5G3+D zl5(VK;!qYhSeAq+Q<%s-uNI_i_|=Dq9U?Ra8=+BMV{Y2=I-;j^VpSqk5O!B>aQ!7H zf&?RNux5Zoyrj;@NqH**pc;}sDjz=-i@h=fgH`zjw2okaAk$gedIpjRVyyf$y?WCC zuE38e(orFnqS)ckQ%T1KOPI(ruPPk=9W2;qyXQ+*9i~?f&Cj>oR^IuYCzdP0uwL{t zhG~Xp85&hO7PvDOO~P-zFmpS3#H$%bdQfhDF#xAp^94gKSdo@UP9*w^Bf?hj(pG z>5^>FL%Vvs)hJ9oW2-h}>(wkksr9L@hw-WnL9Hs-wkz+tj8p&ekUprhxqIhH|HCle zw;7M-{l=r#Jwe+RW_vbR&F>BtpQdT3$50v~T)vTNibc17m9JQpUt5C9 z;0-4c=JI_JdrDboUs8Cg7HldP{8#hT)_Y`MT>R5+R00J0F6(KtvEZYwTfA!3CO=N) zrp106RJKA~BlwEY_hD?wryp7sH5y~7mSHe4HZiFzN}afeXf zmT2gM%d5x@r+|-jOC<0+`YAGs{?1hp`Hl~9{?cnyf?d7leT8Mn+u~8QJzp0zJ%AFr z2-vhR-#+md83PKpSjWdqBfNFC1U6jq@QQvI&F}@WT%!TJdbZ!h)u7a>!+C-u0naIA zgF?tRmYxUlO~kb%Jn-+nFj^&>{3Ml|bv|w2@P4@MeNf-E4?HbzkcFgq-%|)+YRHTz z(Uo@>kTRP3gFmEEl4wsZa}dxucu=d0neDGPvoY(iPZ$B%Qq|--28=R;#IXzV(YKOR zbu&J9XUs=X8Z;|td|p2%Y{?8osvpz`ny~DKkVR=CMewJMjW2kWB`)JoEA%26gYGFJ zgV{$$e|Ryoi$S<=brSf6`%$33$9?Hknm6q+OplsEhFO6fi0H#v?BM*iKGe4g1mNUQ z0^!cGZ$1!C$6)*DXPLUBgFbFXuQ8T+eDbO;Qau^}DAvU59Tk1RyoMi)y$YVgy#2Y2 ze64$ic`FH~ehNoNVfu)_hk2v8rhftrvGuc^)l(<9Z5@I1#+~<5CwO&`50z{E zoGe}5C>Q;n!(qza=k80iO`im}wfOc=p8MPH$3xxJmJu$WcN0}ZA_fR=x7QageB2iS zW(m)j!P|Gt5?6igvHYo1q78Vke_zgke%q3?cKS8-5^B#?BCEb+&JfF(#0rbf;aN#utPr!Qy6G{@ zw{e0&^8mfr&;6w1!pRu5fFA<`%aXJ_gbCW_{;+&}9EGjjmV!Lj<0c!eX1DHl^QzK4 z3_v?wxTScs)3Gtu}1N`OD*?2ZRr^dxO!@x>W4uVU?N zgu2g-U+VNJEUxQG8zmSYA)08Uy36lm;Bh?M7`-9r=t9BjC}Zl8k9hAc_->>m0m2!3 zPhon}XDVj2wowPKSIo zuZS?6Y{j*h9#8Rs{M$&!(*Q(Jm`VdA;Ks3z3<2FeyW8zgdCnu}z3@TrIW2>f&WotT&X?$(o=Tg;|b4J$Ntf5Ux>M~tlPb6H}RdX zXUA{e@7&M_ZiSEyc`;iah5(>gP zL-SL%UHN@v^9x%T3NtKAvI*d6{jD>Iti^FV@&q??DR7r*Ndw&Hx-i`i5lWUypqrzE zA97RC4gK_7{fs}$e(x)@vwD-I4J`NC-ZL$7$k}kph77%7U}hby9R6C{WDI+_M!V&& zAaL1&?TC9BHNN3%A+C5U#AK@jYdmj|ZY~}^Rxg6dFBS)|OUFK`hxe{r#wA!K{%2#d z(Fl6c2%9dZQ-y|bo>RuvF^=1Wh_}H~_V)6F7ohtKF41ZnyK$Zwk$$CMF~V)L>S{W^ z`fd<0@S4A;Ghx3R6RN7oXVt?TqG8hZFv>Y-)weLa+PkAMA6GB7a40|FU~~6;`@vvk zrCmzUa3RW3wDtCDfwR4KK|YOn5mtvJP*#|01dH|I;IgwELyek=JuC)?TjG#NBv&tO zA}i>}H;NAWdM+~z=Md+g=|LHCSDs8fP>}tNYrPV3^YC63G`G@}-nZ1U9&K|%q5b=X z6x9e14o(0*yf@;12(lV9~h*Iy7Z^wxOr$aq>zQ5_z;xV8ql)!c?Z3 zbTa!#DcQt0g_IO%Xk{u&zJ?$A&T|zy>4dS7th2{AGRa~R3La#G%b^X}---G-BP#ib zv`IVKlA}{u*ap?d$PDN`6P~+>9zH`1;YT=-&Lu0z0_|rfHQPr^R?9MN6K?i8n5jRZGU$HzBiwLfDIOBPUvVyPoVIF=vEz&}G0II6vqlCnhq1M8LoUlM^fU zW5NhML9j$Orr}Ao6q6Jhz_w#|#e7T(H(J(sT*n=pfa?z!cQ#{U!?W(E_@0moW7g|b zQtUTB?W{|l4Lxk^$~F1(uqXodMk9nd?$^vQ$;f#5MXapZ;%^3S#^E?GG8bMYD~d;z zUIiRV4A~32qW+d;u+#Y7nf?Otg;C^^p~2Ih}B~={Lwqi|y^5N>Y$j zhI);&UPrt^UYPMCXC}n1{gb zPA7w*wTzLH1r&WnNfK&*%FR3GQRgYR7;!{rwD_Z;2{GJA#evK|iHhI1PLnDg$ZLWd zU!C!%C78e%@5`>goP?%M9~^Dyw?|`g3SmRAm2@2QiG);i5*STB;{jfNjC#pKv)__t z>1hpL$IyPh1f(Ss$f&hMN|%!P?s=kH`meE)tEH#85Ue&2ib2#Vf15R&8|KQ&;kV3! zXNUa-5Hr7pO>Lh_4})_SgdtrDKCr5CTW(~IG9;*z4i#dQGP`Kfwd#_OJuSbfpKG=b zQ{Ua4l%J`>?B|ra;B)?iWF~{QKF#FGV{d?alCjD`dke3Pk&y;5sG!+P2kjXqRgTHv zDkJ5lM!<*@2sK~d6nYks8==S$*)Xu=60k9rX-!x|_%*=t)!dbRY^bvQq*mGb&i%_M z>(uzljE#wa`Q2dBIBzi7xFp4RZIc=OQ9hyQ?+dzep}Zr{T#Ts|hKjUc+0O-8N}Pfp zpsH=0ni&%X%3pt;>|#VZsP^~_IU;o`vmXA^+%7MV`~KS>W^pCUz_n<*nks)Ov<8ht z-dGB4In@;cV=ew(OM$4Rcy!b`yO>Iiy14x*jn!VyWeYn%+i;dyh2_q^Zpm@;)9+5Z z>N@LUVdkJiAWW=sMv~H_P{ijH>5gB4aMe zEj?4eFZ2BBdV1j#CZZksM~WS2@GivW!{_V%aY6f4#jpHXT|+@o*7Td1P2sOD^bb#f zT;b04^8QwG{_J>hFC048^9)(N#U6o=JAy zHpk9=^7ZVOca?hM$cu@TQ#Cr)Yzld@ms?jGxn(fL_~go4IF|(#Q_1UUx;N!2u48}( zn-sFN)~0hnC(Ji=v~Dt5X0yxpgnqOIipfj>pl4A_({8=>aRbovc(G;)UVKpe&mCZ8 zHC(#oZgvW08!2y8$$i7_9%a3ZLbR#;Wx2)j0^Ku9{RI7Q^(+V28cX^5RzML7Qk${S zWi54W*M{E@sJ4*r{;ZQNC{M~Z`!m0H`Z_r^Ruho(7ptzp%dBam4lKtN2`vB`Fl#89 z*G_ejnGU>-i1pbk^P?NfK1F`^!sDVKtI5qZrAajF)i3@NxOb$@O01e~I7h*MpOMgT#snzVx68}o^p{mRK z!;N<0H*H>9KMLwumsI9x~x0H@#9K za$sPQ9t&d!1yB>e_Odv`O`y|g!|GQAEmm#TQc|*l4&T5;N{)`ksw%54W`eY|J=Y&j zW(_%AtSvutfp94(>1a4KbW|3WG7zNwv!TI8y_?RRRe)BvrDt4T4YV);xgP{KdUeLj zHOmK*&JtI>SClDmLRocgmYJ#fw_b;HYqOucxv{kO4zMAr@@(A$JQy+pAvu|VQ&mAj zMMp`?>#LlNjf{(m380Q--y}2w0Tq4kd~$MBd^H`D00j$s@3PbT*wBmGiG-Jyb^lkC zGD)4LLj92j6(1b~Ja(8e!{?ToumKOz10YORio5$C2(Zx4ouRapt4)`~lOyXe)*=A1 zB9qXuvDht2dVXzHO+{@mVJ|1A-)`2MDZfon7=pnepFBNi95l^sY*`R?$$_hgrpO#8s_p!Tmx`as%kZz!>EnON z=+vLMcx_o1OYHF1Qk7ZFEe%&BQGqB1M-#Z~*xXEj`D ze+!P>ijt!8;?F8#>NLuD0x=dqMondFO>F}~d>)5A8+ZjdB_rE~zb-a$EO&W(0R-AZ zYNv~QqYdG{SEyk7kPz{O9YnS_czm}ya7eER+;PAtj*A!24!ZcSZs48L+LshT_=%i2xV_tbbf2{UPkNFZy z82u5AB*eu0yE1krhoX*#fta3GL{D)OLzC_CPjF6!vyF{~g@c2cgM)>IP31>r=eh(O zOo;69sigD_bX;IQkEF@YL*qMc*uSSMt-*w!W2(^@{1J@+y77bE&kygU2CBp;$g*4F zh#KgtDkrsaO6rQLs>;f0YirBOs;Y{Fr5)QqF_`FMV=|!%6k_Ud{d#-r;H#)$uH_$7plP(|vuE+Sp2Z|?AXowY-uJ6MEw^2L ze%WYKR9|dA-8U$D$4Fev_EpKHIK!i~a=u#$%!o_Oe#=~plHIvVtQAY9pAB`9b||Tu zp{bc}sk--wD58s$Oi|Oa+SM~>R@W!&TDeg>YpJ8~DORrS04zA#hOl;p_gyxnTsNc4 zHf87v1M~bIeQY;CG_jP5Wtj*Mek=> z^sD-UoX{Bjwf{-mEsh@1X`T|N zAHc&ZDC^czDNanNXa#6Xeel>GDS<`tijEg$9?#9Fl(}lO!ij_~PZrBe9H`2vbS{Df z9K|5yaS|M3#Z}Us49Q2CJAS4@7vf0yA~7Y=5^1HOICrd0B6(s=8_?zW;mk$szQ|wd zMr2BoYb4GNv%-g1n(IVCNNWbqf0o|pJN{APa^OB`e4{pp`2l5{@dG3;dg`wF#r93z z($Uygy(bA334($7Ux+Xt{(ByKE>;;!TWcE+G7fewR&i$sXE${hQ*%pJ2}>_qbIbp) zL>RvRi3r2Z&hwwm^>0gWTL5%9DOo816ciM+4zvyc@U{)mlk~B*0ss^h0So{D;2i)C z1_}TNX+c3|IT)CKtpBzFs_6f0|J_i<0Kh_4kfwo@D(1i2f8PgyiYNpC8WZ1E0pfsn z@bC!maPJTh5D*dHA)#QSq97xq;A3K;VG|ROk`NOR5s^``(2`LwQ4$f+@zOJ~v2$^8 zk<#)Bec%ve;pF1@dk`o@L_`#16g*T^JPvXq^1qCi|K9X3BFq8|6a@ep0}2KM>TL)> z3OQ3aNKZhff1LK;GlzzOg@Z?Uhxku&3OWE93I+xm76uLu79tla0J0wdivfp8&Mpd% zrD}>m;fl=>oLuydQmk?zqo{?l(dYj zoVtdlmbQ+rp1Fmkm9>qnox6vpm$#3vUual(L}XNSOiF56dd8Q`tnA{F(z5c3$|_J( zb4zPmdq-#2x51&|k?*5p=X? zDeHeI`+w=efarpTg@u7d_^S&F+WW6?3|KgFc6dxtRRmL4EDDa`ci3XdMU4Z9l$>h6 zfM#wpNH|nn+tgQorTs(Me@$4(|CO@;A?)9}RsblF8xtA>1_SUB@c8hQnJ?D8>Q zP=E;*h$-Vos(P%Mzp5#Z`l=Meb{m;TITx%~@wZN`n9LDrJ5vROe zLWdyIz;H=9r@~K4>~z6ojFlqBm{8Gw<=FjuorVMeOehmc&CE#L7WltMna2IE#C`X>)Q7Z0zHzSKN;UytWQKqUOBq_vbGhjgS z-SpQv%=#L%fOf@k#?}Na>7bGAuX(H2y`W~J`f?iD)R&d3m6u1n#BG`6+Q>5PlxY%h zrBSH)+eN7K9gp?q?!N9(G9w;yz#7|??okTiWAvqg zW}|EQS*z7JYGxq9EDIMsb;mq(QL;}QX=Z?Zcgq4(ae7wPh!lH5`uFuU0ST)0PVcR& z>G_Q2?~FYPn*!INr^iNu)vdzrvZ`^r0CD7I=?%LsN5n&mj?EW5GTi-?%7f)f!=zdOtI)&7f$MBk;*8dn~)m6hu9S zp&;1l@5gPEY!uHoQhX5GB^c9EA!pF6Wl3KI>rqo(E%NnBf09$vG7dxAzJ!{QGisje z6%9Cc!t-GYc-)>b5WLgrs5FWWA+NO5d8yV~`PPE_W_@Z74G2y=2@OlH3~q;fXnIzX z8c)@#Jk+?3O8;?-VymaAz&5fd+Aj~LFoZW*#2j%wh;zi8lp&`~1n@8Ax*9U4 zeSnFXYK)=-c0+&e1kTZ|P)KLm!#GvBK`v3v+^Jsn;-B!k{?nqGa_+OiEooXUu9uTj zLHg~oZr4iV%4dc{JGSS;Ka2&l4y!6)$Mdx73-|y=uoKVV{^~FuU8YJ&L!E=6Hr}!) zcgVa)iYx{_hA0U;0o1fvamx6Pk4V}V$JOBP;(9AinfI8HuAlk+wPi9IB!cBa6ZNiY zJ-kK`01H^C)no#qQ*x1GFRO^~bENC81ND;r^1cIjfTx&|&KXyF0XH-QZ8+QIrQ>+4 zblZH37^y&SH)Z&mAq`nF0YEBTWYujgy@$}~fU?r(1WBoeLUKEZK`scsuo$4 zKnGt~bTqtEeZ7Ef)H~lC+6P&|7kZ`}(^1$2s0j@)m#@QyKzLfyVTyoOrh!J~RF;Ej z?7&DbFTRsg$4+(ET+M|r*sjSOq3CHYS9@VDB}I`GSM5EftAB~G&ov{mO8a;_a8|Aa z_{En*<4W(tIu^cezAs2W;DRx^H_}#6yZ9vI5p~$rFAa~T=jmoj8BODW%77pWJT?al zmI5Bg>gKl)PeXW9vZiWMe3d6QkzCURJhmx}rE|NFk-$i^+?bP=qeukcvFVn$)q2WR zqTW)pS2?QH*US+{H4a^&Q@!y~nd^1uc)iotE`m|J z!(ft~cRKZR1vfIiin}HTC!xG%jDEG}N7pW^+73_#a=T71LRS^g^=WZoi}*<5p=MIB zBMZ1kq!lo3fu+Ym!T?FY_b&Nq%~>UW-3}bKOWJA&Zk`|}fk#dnUrt6^oDyQNnm^=} z4iZed>f=^NaHoKDF24Fb*gaRh?B9tZqKP)-cGS+*@{ALb%73U4Q%pP)T?cRZU17PL!-%ptG z>fKQOlAb;=#^UXv_yVKuOBuWY9Zuy^8h&%oJ;5(RrCXBERP>m1NYUB<&TtAReP3c# zwLFN;{PI%?aM8v^)YTeGi(Q?(m`dXRg`u9R38c z1SB&d>bih-rTh&L7Hj@#?{Kz}%NRv8sJ@36Wfg~;1sF9*TE?mRYcGSKb`7H^;zQKe zF$ZY=-v+4_Kt^JW+(#$RJ0r$0+5Pk+zVo<+9iNc#BVRL1T?8u=RNsJvXs1PZ?fzu6 z5^Y(>q95oaia(T*IF$4gu1jKH0e@oU_nW%vZ#x?E2fpHN`~<(_ zvDEpsYJme|QGc4yG==OJnLLphvncHOfV->nqXZw*812CzWy*`k~8hJ@H4MbH5VM^f~1ma_@X{Y?i)% z?rTA~gB_dh58k^FHZS(GFSaKoMc-R}rSH;r4RBMmlY7zRmgiV5R(9x7e^6PVYZKeK zB0Z(c-U!(9G<~p?`4xCf=B{o$O4(}t*(ozlD*v@#Zij_rXJPwwOn}PCZ9G0sYb4ga zkA3p?R-9?m{NJsoKAoCv(Fa%ZB^-Qebo>0AELem z#JTf_L#?Y~-9!hVai40%HL&a?rx8fd%fhH2y*dG`f2pk<_<%a$nq5=i*Hm-EQ$nny z_vg<@W7(;mcYOx;7xIH1xyiHpUnirG2SS~DCH++{fh9w}Z6Vh=DGFo7+y#Jf!VO&* z)p2Pegs<)d$RscAY3uT#wldH}hI@2bIoI7#D7SFf(39FH)jaHq>uyEbKcTfMy+Eci+SU&1`R>mvgsg@^^9Eo_r)h8T_XaE_qK9W5*~tDFl->MrQWx)h15!Mic^cJ=OEiEw6o_;5zA z7F$L2MV&uYMM>?*Lkme;DV8#YH_+n{zZy=gP~`&*5ay=7xr9Wf@=o}D&r9jrb5nO5 zea&=y-0 zcA?q%-aiOx?8kGug<@QrFdFY$z_rP(7`tt(YE zZwWFLzeQ9_7bxJg?z&|p_rl>tH2%}$WQFTP5W_bW*{=w+tzI90#hqkdlpm}>H}ZV+ zr$zekV&D5~b8wwg%A>2(xplpstl<&+8R<@o2BQoZ;Na5HXXQeG_SsWW?1V6#p-F-5SkWAx9ydMFE;eI6i~jxI`0VIp48(l@dU@Y8s+QC(RcPvQF7PP0^yoD z_VlV*q3b6*YJOC#pmASHNl%PZGiJGipQ==|2>4`0~vt-;?L<37-;a$hJ?8Vz2hDJi2#>C|0H`q#e~AO#Pqv|I&z zwu!xNGv|93A^XM|y%k(-)7}^TRu`3@8VUAxk@j2pVFVMsGvsmjJL%?QBZJcgcGrzQ z0<`@8UP36sG?y9vxjVR&fvM8kV*vm3XW8aF35(c0|w$ z-zcN+p?@2p?v9Ng`mLecWLtWW(z%wyuc3xSS6o_H976~Aj~QxwsTxB;;}+CXxbvCU z(K!ZV!g<*)^ZSH>oSdXV#9195NI|-M*)59LkG(k-0n{gHplrsrufFq<=->&MJGm*REE@)?7W+3o!* zPoQXSeXojsMtCz=8G&dAWHi2r+6&QrsW;iq<)C0{?OxV8f3F|znglQI7jz3sC;`=U zISgyC@hL9vE6;Wg^`$Iv>^)kTewka-SRmILPVs^r_f9t83^RC4sGLuUqzBvLV%hmg zxEeLca|=rK;0uk_x>gR_zKcPxB8Y$Z{lF$E6#kq}}D5zuUoTsp-p26__BZ0S4bkdV(I*kvWNOz-Go3P014 z(J98rs58;U5Om5PaGM;*zA$5e51PRjN^JPEj$5(^|ypONXm&vHxNpZ6d zXLLLw)WsNO=ul$0h*&gAxm>oh7FJ);uxOPsMH(@{nc1#%JmVS)G}%#VHh<8fIDI+L zrqbxuE0l70@)B(4%9Zjs!XvG(sY0YAO2#q`N@RvjcSd1lBuXw-$pKi`!^0AiVTVYF6oi*dVp3F;F)#6%2+T|07h;e7f=o+EWP74hMJUO3 z_F*98P9WBoOjdeoW=cv%Mp{}la#~tOMoMOCzM%XLyaq(1U%#(HtjO?HQQ%52uUHkN z|70q(NG8pP+C9Bb7AZTfoFNh=2c%@u{*9_Zd?%$nCfmi53=AN228LK178NZujifK> z8PHs+$(1Skd7HR|YVJ68o4B{xP_RpBG5W0_Nm!vqK!o(~h)F(9V{_bp2g zDN{fZ8Iza+;#i!&_ZJw?&WN?^+`K&9y^R&Wtxte0(^E@AA<B*NCG z8-^SZ3htANvs?ST_Y5E4%wdWtmbE8Bt>`Gi0YmYeK3P{S)En>u4ZVmE>41W|*<$N1 zAu)6?k@Ia(j2FHh4Fz(a+_`wWx;3;mv2pTD&n;*eR!YEPQ5dAop!MS?MNo>2KuM-J z@9fbh`G?6$8R<$AYjE&1H?+AM?02pFMW@&djx;D@=og!}ImN~*%Y@0uL?tG!5)k%M zo2l!JMtuF;xQ1VfSE;4N`9@A&YEJu`i10}8i*G02^WDW?XG(qw9xfpe0|yg(>vaF( z%%=NO)|DEu;x}pWec31A*AbA1h{s>IpM$?R(CTtbZZkQhgPDdykZN@E z``pCX=qdqDuk(rJ0%H}Q(vFrhAK$;Alw10^6A&mBxKBGS7n_JpGCuWVBQL8>i2nTm z^h?jWHs6vC*_W7<+_bQF<>c}#b^hdYG#|n+Gm*zCI%Ev}={fl7jduHmxhVYf&Fu7W z(1`_6M85xEtX9gatF4CMO6=?+Z0zhD1l5hT_1!_BrkKbBb=R{AH>x2ev(8OitrnSITkwoy@;sl zRU;NaLmlA*v-MPKtG9=jmndZRYH822ceHhKsI0CM)-}>{D<%8L>#wb6C+1+W6agSb zvqrH0>mO=`gM{xX#L^5<=C+FU&g7EMc8kJN(!%%VxVf5}j9XV|$vz0$>CYy_3GpEy zC8VWkYUF_&Z5)JGR~BY`U&Zc+<-gP$9Fx25Uzf$M<4$^eLSlkkc~t_2nyx)JquYOS zh42MZ+9bmf5FTobES)W_Dv@pJ7-h$X2Y-rPR1G7-Eh8+@%7m#cF7P(Cc)A&jXQp^t zSsoHIG4L6wdUlaSt?+lTc)(18?RyuUZ*JF1OD;!lH|(|jS&UDFH34Sjn` zk4%ib7A7sewT`ThEzC+7>*tM9zq5L$I~qMKR92bt?JNfdNL^i7+&MJ5HZlYL;Vfjj z(t7!IyX5;gM%6wMx?#_nd+oi{=D)xzuP=d^_m}J4{~)gfEc(|QbJX_d#^@^*C>5#$P2+c_hEKXI!@RI4+76lC**cxeVeaCLynk0RY zhqQj`JN2upadl5?^eV!ry3Gzm2;Ai!0$e$o+5N73!!Y7yVd_1vg#m z_7&Ev#&?Iq7;Wt>YzphYGj#8lKdq=3s_lGB3Xj{_iP78rP$(lSdN%=cIycP?TeQ{# zBgXTc=3Mz~hEBc}hsbP%v(q?A|5a%6l(hrEA?WYTg1vx#-`x>+@vq%bI_E=*XkG`4|(1IG4 zynuCL>*-+0t~%%4g>-p##DRMrE(`fAF&Tx(l<}X3>;28QR|rOqbGM@4^%ZjqaDG*S z@N$0v(3vVj&O6K|v`eyo+lZTgIQn&KFO+-Eq?ln>#V|IB3*0G?^o7TrC-{ySE&f^nopMfEA-UX5CIJ? z0(Lg(Ls&=JH!)O0%2=RMwQ6M;u`VA%B2l&A`t;g@=aroEW^H%jEY|e9;K0}YMeTay z{#Vo;(x0D6jr!r+jFV8PU>csioo{cAI+wr;kW};QrQ}dPT>(s$I9s#DDmagLW=}*H9X#HCg`sy4_zZ28)Y8?3&J&#Y~ z^}XrK3xc4iaAy8uRQO*bVRvcYH!ao&K4$H7`Jaw}_trp&=e z?hsImpvXvh_o z8~Z37%lzqB$!j++IjVpjL17n?TXWlYNikQxRlNpt)Kx^?W>OwwE+pu(_XpO8JH0Gi z45o({FX7)A>7oy7n^C(E;ld4I|=L=6M+|- zy`1C>9(nDt#5zU%17bhEdI{!cCArFk1>?{l@zBZpFLDQ)&P3b#|4t;T2RS?SyOe#Q z+Km08kXPBW8-~w-mmO?^(reU5X1nCSFXrza0KTGp^q<2l8H8T!SkZ4X9Y}*JVcErd z%-3+ahO4~7@|~W=kc$jKN|c=(71lvn_HO&V116-y#+k3b{5~`tpLeRw#F_@_$k;q< za^zSvD{HFnVd^^kQQ`1YFr3@G#_Cfx8+kEx3@Jgot_mT-)G*wZ7N(acSlA>vxmoU& zrN!{gmn#$9Xe1x~p%m)rXu2|vHlKqwF%`Jf%&`|4xBRZou0p$c>rHVMG}4I1#}pD! z(XL%v+u1@^phF8n2j_ek5H>5CmJ0g{*zm3TJEtq~RC3JJIoy%t80~Xb*q$$nR5Cxc zC}}XiTwQ1csQ{%;!)>G7)(4p!>_N3m%%fup(d$EBL;ARJt-g)fgelbAtDMMxN<+Nk z^`z-f>S!ru=pYSV$xcc4e^?spI=H(a85LGj&HPle_N<;S>QEy%#6<;$(_NZd-!SmL zUfN!(Nvp-qC`teow{)Pt{j4$xdjQ<52PAC=4bgv{vqp}VrLVLh)LZJTgQ}dbS^L%m zddf(M)qcLX`4}k05Thi_leZCjf+iJ!(b>?IFLcpA=Y4A?Egzt%YwD!MU{dSa+RQeu zrJ96^l^y@8M6{b1khEMiO<%5Xh=rY=W?X7%;&civg^`nz9;vd0rK6^tUvi646j3y% z;#Xu~6ERg_;u>sCre&lh$D|VxTiY4DK;bK^Dk{t-HqO2QM&Qc}@lF^O>lQhRlK6;#%%m{=XlV63*RIhT!~}mD^Sm-59(BL${!^%Qu^-m z9rW!FOvUG7=n9pEY0g%!YXe-I)Lhv@2%@h@8GtQbX?n_~!>Y#;;#qyKrp-7ou8@GJ ze|T)+2&yQGOMtR|Mchm!`t)Vo?19u!0|Hr?m9y&_(P9+(BVIBvi}pnmYToj*-wk%} zC9m8+4@H4%wVkL;3bkPQ6~rKb0#8bOa@jaLuA{9etEUi^$WrV5TeSQwKz^nEb0rmj zcv)z-v5bb9l+pluC4E>|qDp3fhh)Gz3;}#Y!_4p~PtwN1wgljw1(j6zL#KdFvAIkP zQj*ml<~fA7w3zLn)W#PvRc1&=jr%QXf`ZHsVGTdbxE)Md?B?PQF-dE3LY#T6m$6y# zWn0ALfxbGggQwV{mIi!ftEa8iDj7}HRQ?Cj%&v~Ormp;|_-60vgAQVUG#u@PR+O-( z`=E}&p&f$Cg|f+vuJN5vfA1m3_t#!+>|k~63=C<1=|-9NeZ5UKbas`6*UFj*G2`xr z4-4~#2niXBT;2vfQef=%bTd^~kmuz>Yb@~u_r5gRncO---z1itymb1w=t9&Ltp-yy z;EnRp+QjtoqMe{WH)9cJdLj{peT*zgQ%Zhv}btq`er#@=Gut;2j~g(rtWXniD8GC zDR?-PYPti24)qDYvfo`Swb4(z@4Hbt0v{hK+^rgi{M;=YK}ZGxBWInMO~_mWZ)|UB zg_R5^dR;8W{lB-yVxi>X0YHI;SX#6TgZ?$Jnl@BfdI;Y;;mS@CEwhU={2IhvW(^O` zE7OXz>!Ra-6O8u9t$o|A$l+(X-M9$)^XIZZu2hW+7why(|Hq)UpzeD$>AByQp+fP&(`^HOMxvN5$*>Sw~#0Q4?4X=<3?w&~I-gG*|OJ{G!2~ zTXKySd*aQZ8b^jTAz2=`SvC8ONN`a_Go@dE+iF*jch%DG=z?xRpV7WSV?|0!X+spl z1Sm;sr{7fvd8CCs-lJ*62>d=PP)XLseNU4ans{+%cx+cCqzW5>fw6b~mo%eO)2t zN?=g{ST4OrTScl1Ji~58!ehuR7rs`&#+}=<$~&!U458ON zcr5|m*5cNMXt)#yz06!EmKQgO)ZmgWfRSr&fztQZ9K*%%C>*GL$uT}~SpaGv7{cpW z|05;}3TaYT%=_Z3QhTzyPbxV)Dhje)?^s**0M!77kZ#?Zx#!fi)2Qaid^fnbfa#xI z>UOX&BO9Up(zR72%xE+;g}VGcfZpaqT{z&DrlC}fcIAz+w^+0&i5$PI?rJ!aZ$`k-Ly_L zH_>t!wZW9kmZtK)aLNQ=8kCVpm5uhB&!e;|InLm^Dx`O@D4>O02@J?6X-4^YQ2Dff zCB3gHHh0)P!y?LSdfsY08F`-;vwuRG7`$tm(ffCZ9V$OY?ZDYvbT>#1w~PVzUm2w;KsF3|OhjxZ z9?rss@PQb_JG%~!algZ-Rp>{vp{{)K(?7FmhdHiy);AD2zVP_Kt?IDzYgl}JxH=A9 zEycp!FC7jaWV3;1w(tAppoPTIsKZH?Tk|jjB?~P@WpTkO9Bl+Oh-rCB+OFMLDKllp zdk;#1(UnaWHJWbX(q$QS9pA}>DuSDPkC)zra1di9BXSd?jZ*)x1i2^DL+Zb>Zi&o- z-3TH?ZFH&NX5jb;uF(5f!gjkF?8ADDR!dPMZ%e4f2MOi_=t zel|7f?PFo4cC~N$Oe`a_F$-DpZ&k8ku<D_KDy+)P_o-RMfPx@Eo1TecLHC^Qe|p zFVb%uXQ+6mq%|FaKR0W$Pg+zww1hIQuFiDbF-qj%&(u1L)djcN$Zj&v@J~bDKwjSRnKHW>FWG!-u?ak{)wf1 z&TIRy?VChoCRyOcsOWIRSKA?IPlYW9Ajy|}dB0!r{v{i=csdT^5D*zKR|=CS6fye* zG&-=9u<%O5fXD}ofV*I=vpefp^L`tPRlU?gVeoUh><7<*C2|TQUz(^*&VBH**r+1j4Y{@yK2Hi@Xw2VOlHZMVUYertQ2la9mp zUUX%tARZs|##VVj2EGarqE{vC*-EP~qLWo;PaJf>dX8KE=3_zC%-qJ930=QVLpu_b zaM3eV_{952wEaj4G9AER^n(FMxY`8~0&TzTjmlW*J80XSnMcGBNhN_UhD-~Q?!5Hg zf8TCbyGnJBq9zI}F*W6UjjZN6A%0N;-{f?`AdT$v%9J z>FFL4)zlHjsd~LSp*t}xxI@5GM0MQMIi+LqM?zzj!QK+^W(ER_G-jWL&5NU%_q?21E^2qRyeGg{?(Qy`56Li@1InXm6KlDG#V5U5-0 zc?-McvTCV{fGiny@ly$f&Bq1wmZt+dFE@4%Yj~NZu8rQ9c#1rIqc)Pl|Od`_Che`pFdk8y~_6!u;VO8 z-#A)5e}C5|X*Bmt<((9sX_wKt6dV^LZSyKOQY=(U3b1(^+ITSS`N6_aR%&ZWO z0_8w)UwOg?i(LOig0bL|@u#Mua|++Ahg5&@^r&GO$l!D+wN=~~KILiFz@R2)tU3B9 z78#?Sb@cR}*q6yPv%F^0qwIQ_1!&|Po;CZ zZNSqegZWQfpXPb%J5-SsR^e`E`@o3Jnis)-IH4Qfg_n=V&NV^#?Z}_{cttXES#>lcWv97E#EB}>NZ>M6WS?+cRPT|_TK00b<5_W zLc8O&QI~$9`^|~&q5GUpYbK8*?eW6Tc#y^JxMNAdw8@Llu$MY$W|1?q|jI2Ej-8@WCExN`x+vdRDE zL(?dF(N4ZKu}Z{bTk~^muq?f`Lw=8+MY!;C z&f2y2o(BO33sT*nPN*Y6K+=v;9_`R-RwaY9X<|D*hu6cFX{|?9MNM^X-it(N7pnJp zi}xTU=6<7RKu7h8u=n>C)YH&oTX}X&3iMi!sQ7W<^g%o?r0l6yKkRl!T0msX59I>e z^Dd8Cw5Ft$KOt_7JTZSBQ?M5@u;-)6vGM%g^7`z*bm>jyvakxbptYC6HfHpr1j&yV zIJHE}%1upv^eZONM!PlW54a?!USyn)4S4=hAkNO?RH#%>S46VW9ngz_i>_JlA-f9{H74(xcXAATUcVz+tMfWK zf*s$r;;mlaOw7cKg+@M(K8-?SY2EeGd^Ag_?q{ zr7PL|n#m<2g1Z3-jyz#@PswM+J<^$zyPzI9bURY3%@NOyy1O5W8E)>)+a|4aOyQE* z@^Q?Lc|tE_$f>hlhd^x7dXS^wYT&CHBum-R4w<@FD|KUev@O)_E6zBnv5G#O^Zo6e z0sm%TTVvaakE`g$MGMua@JD59efeGL>{#rG2!i(z_}m2WONz0KRyTj`9V*f)w3{U< zT^Lu55R3utaeNUP>F&rh>G4aph4GO+W++d@4zyeoJGKYEe>qM{{Vx%ocdgV+qquTN zxIHXsq<*ajY*p};w}Vt9ei)#p?6$tF^w4T=5jLlq_4HI@4Lu`Ge|X*^qrR0@@7Nl# z0ELWh3W5u-m+&FZMm zJl|fa*i&p0ZsAyY&VaUAIL*A8GUs(j!o(n?8m@0IAkt86fpz&3Xotbt8hKA0UBq)` zGyoi&fTZ%$%Ei7vxKNVcXrtyDT{KT;*2O_Opp|pp*-ub|0T<(C4i`qC@MQ$* zVd-<-!<`8GyDW5CpV^Lwa0yq^7Mf8@%geKE!VZiMwOOz8)u77CJs(R?#Q<}6d;i17 z3;8epb+g^0&dD9V&1j3sXd6<2HgA1~w)9_H*ryidMhV3JVxJFfRio7~T@ zE(v@k?vOCGmPLe%s$ef1lHCU7u!e6vWCSCJ5t zQ_|H`U;K*QVIcSknkVcpJit+Tvz7P$YtgroGRysR%?dlaQ^H9u9&X-t5iVX{?tI(I z`dU6sNT65CujSWt@LF&8Y&-3+q;#0$yI)r>P&Dc=hKib&eDsJIqS#1ZMnaWcbRnZI z{8BrV1WYWy#Mn?PS;FB!vGgp5;Eh00^6litE7{dK4sYwjeNqNNH3L1b;^J!y&D$#V z3UZ}9P#wRnu4{2k%Y)2z(Vw2P^(@=f)E#rmLGh43J=y~53bC5FbRv?$il6V3Q@-tD z|5Km_j#9oHNZtUmV;+Z2Iu_pTFB5!g>gY^yTmfb-9D`kEK@Y%f7Xq7ldoHl+lk3 zA6dOOH-x%5X4@*LMuw#%!@^8k{0A#jUkujJA3pEAm; z$=NB`{me8BX6i=~B0;3A-e1zaAmv#i{P?p$qg3P+uww{7I5Abj7&cc!dU)I%T+B`~ z)W#kvGPHC}NWp?5!W`X|B|iRcU!Qu^cWdaFZS-dH9%l<34`D+?R8d1iVGkX(jWhZb zJmKLE?@)A3&$kcGY^=>~t!nxuse&Px3Z!95D{Z1Qd2Zlj7rO^ zdL=eT=hq;t1k-&6ZEv)C?mqh$m<71mMwYKZwU-2}Xx@vOjKmJL%oB?7H(zY*LCk7e zN$J_NG$@_C$a?cs3Vq2nl~5Y6vE+;1Ek>M=4{+odhw?w@p)(^g>hhsdbeEU-KJfE( zcXZa@6`Hqp=fpPu!%_pp#6LQ=vjwCS=iYph5fTloq?N0<%oL0Ne2+SCJB;gKD|5;n zK*LH^45@uo+ENoTD+csbB%9;q;^A!9akA|Fwg55yKz)Olf4su~W&H^t`?vK6iUaZI z0ks0wa#r7iS=c|m)ee4&`5dU2$)pSl3TAz2aXrNxDa;G-TrlF4SnAD|KQgj%21%{T zX`~|H0j0fo(P{r-OA_V25LLbV$r z39=)|{(sne%b>X8JzW1b3%#XdHsOyC%1@_sl)J z?wvVxrcRwNr{+VW&FWeUYO&V;_df3v-R$a`CVF(do!8F)?@6hECU8(Ho0f$^K3=(G z42w3#k}bCA5k+R`%s`$+dT>k)e))_q$VD;$nKKEzN~f-B*eWflp%EKWQ88W+IxZW9 zc+>C$13hvAkj;@r7ATM9k2lI$u*pM(FMtaj1J`RYu?IT_bBGun0hw8p4DM>l?(Bp@ z@bco*!MCQDfxyJV$Yq45xSq;}lomuTQkjVijxu1yj#0-`v0J^vZ}hahoyI`NhT>KM z2Tr`uZx46#Fn3G}dMT;sK8E{qUsmDImtv$ybLGny7Gc5R4@n|Ou_wq%l8AG=;INW5 zAizUythe>|UxkB%au7FH*Hf7?5uRm(lo_9aoCN$%$|~Noz8Pi|GLp$L;o{Ig|0eOi zHOgFFU*AkYkswBdM{wqreHsh-R9J!qw}KlZ|AyEn&49^HU_ZW4K3}4chx)CT-S?%* z8l3pc4}`~%5&UE_f${grfIbs-JOwFgO0g_n>$##abV2kdr6(r}$bz{z8WWBAqmw}y zDKu4x2Q66+c`0m^6>0f^AHStMMJf2tyZiqfvR2JnEkrJtX-CytKk!t{m5E|w!W=r- z5uhkrGbyX|)!^+%!JsU|6Tyx?tu2LwFGf6svkglOK@8DNYCC3&?S70L{vmtT7xu89 zCjYYs6`lqyYd2Pbgn<{Euy+_4XF6RgQfRn7C?^&p`(qvi8eo@qCz?Fywg()l;N_u_LqX^DE$xX5ja2o*CMT4|0nAaINAQS9)XjSoA3T#Od(9dGD$YKcX;du)3hA@UkP8~=XP?cv+5q2Qxx5(xLXu{u1QqfJ zq0#PfdGEP{zN@E&a|wSSB7#+k@#scPd{2bR{YH0Uznjp1FA3rWtc;c9tKy42R!m_B1e z0*WI|cx$3Yn*6eUS2JXefKS2RJd0lrR{h!{HU|I~Oun%h=tOMt}6NXco+u+Yg*kQ>E_1)vM^8{7TYWX;~H0;$D zPHLH*%8x_Pg#UtMKm}@2e5Walb+%QU`sGBV3|mR4Fz96PHKWv$lv!==%=t55%{r9~ zb|)UZIO+-Eq;h)1fl|i{eP|>id(3R#A2{UFz6_@k{{q3tFg43vP)o_MIDy0Rd9Eoa z0HR0|F(}Pl!Lh~6J3i8aNn@}VAWqW<@a0p{$!gLOOHhQkC|iQDzf?m_9;^G|1g`4v zDppLsDhR~D-YK+$?W;s)K!6;@rZB6~^yC4ge5MS(lp`X{n7I>->Vok}j*4T8&QCZu zz&5w0496fWF*+e|1UFE)mzJ7(01Zps?C_NUz!P_f;303gTrbJ6SBC4hs%H*?VcdEw_Pllt zC&H5Y=*+)RM2ZrmLkzQHxTal*eg(&iy~>x?0`)0p24!gZMz>(KdLlIXYb97U6I~OT*rS!~Xry254#O3z~FS4UQ^y`Bu-S zMuGg2pw87LwId*<=cp?&0tXnIws-M@s*ut&l)$m`<8qR@XG==dl0D4V1!9-6aat~O z+ssPBKsftWhR<{AEgPH1BwIkUVUjWS)~-*Eu?SCUP|a+Nf)7h zVkxXOmL{qLB9m5g7IL3ANhZ;K5g*DvkffU^PMbL>i8muSc%w_Co;*sbO}8!mD(Nwk zl*}?kh816v#(zWrXnmmWOX9M7* zpw=QnS1Ed}$}X^XYiFUP&eeOI0G})W2Vz=n$eR#lT>TNR24y>uag0)>H_c;PzcsYN zvNXUWWC!@JBt$=n2$*8P9Px*ysiM(_u+5ZHt3f=f87zoLCm3&yvd#xvqS2vN!nf`99hf^mI7`T{-D~DmA7acMR$9o9K zAVT^2tZ95^o6kKzTwF+btdag93AOd>ot?a@xmicM5jr3AYVDfnpn3Z&pgr*;tU(k- z(^u5lWgI~kG%nbM;Z+Q>-2?o}L1QQNi&?XPO5`Z3VX)8X8;bZ<*;co$)m_y&_qzC8 zE8nJzF3eJXxMqph)3b}_OsT7|ntpCgCzo5Ai0cw#<(u*OPUx+6DZ8!4>E zpBCs-FU<&J73cU-slkN;_^q2L#@>Xh8v6%a?M%uRM`VEmOSxj+9J*~)-ib>t0T~*ethVy z5MyND?-~MiPTYJEeEp7b27%ZV!pri+vYzc;VT}*QV|O>v5Urae>Ny?uM(0}&aoJ8RH6<_P5A^01}?ThK7r}!s3p}rf{5QCnyuk)Wrs2IC=PsK z8a1W6zm}Am4v}%jc-AVi?Q05FG(IFbUud*DBrnlc_MjLr@1?6vI;{@=^3H(6t?Zcq zjf2HaOA-}wsWu0Pe5R@@I_fB7NUY+i7O%0mPHL z$|}G?{IpDc76V_k=P!yj1@1#K7Xv_N8&o`SyKGXbTJb~t1hJ+F%hOL@r_4B<)v>4r zkp0`51Dlktus`CcDx%Y3tL^ZdkRa!C{*kmPiKz!n=3%pf-mCCdusLOoBav%O3=dGf z#z;m6^+&Mw(8`G$v+RpuKFTYZj*3nPN%M@}>T|*+X5mL(O28CNEC!z>>3G#hp>+MT zQwIad55A!WUWcZGl74vZ3;p_=)DfQ@oeNK8Vi6 z>n+^a`fZLAnhn~(l~*iBJHILJ>)~Be9$Yw4nr5>=R6blkODj3MD6Aw!)yIL-)cDv? zIATGR>U=ewoDPiHo*BA0q?u;l1I6q#3sJUp>+&qAeB)nk^VzXR4%f z&av64r5?}yFb&p3KxE6z=NxcBzN@L?8FVqxYGq0c;9nHFU!3tOXQ}BAo^;_)`2zu$ zd2Wdyr_r_DR>Ps(wmt%`nX2``nsm|P_)43Z%HBDhq%p}irNAEF|8J#cupf$JuWSgE zt)MOD{vH^a(qCI~wvkct1oO=u44*lX?|{S-WG;F?9|Hm>y{c0SW4?iAR&9(Rd#MPK9rrm`>x?HRZkg$5LVri4`#Qx0o_sJ2NxmJMpXWohLb@OPv&kJxe7RMgxN5 zt-s)p*7A{LEo5$p@{U$}IyKgE#Uep{uC^YS=N#MvCIl{IWx)N6w<=)&F&8~7% zW?;nsm#0;BQu|E);YaZ#g!O=@TGtl^v3^XwT+nnS_zp+akwcU?F2`$s@JFr^P4nU% zrx{i*V|dtE8PQ@0&zmWi7ClGZyc;QV=0?`VO^@t~-VAWD^Y~I$Hi`bYuiD36n;*Kp zwL-P2CT`WOsZjvFChVfQ+QAbsPSVk~-1MnpouC_@uu@pc=7h#0=-k)JXCL~~uX)7Z z*2vOLGf%IVj7v2TGn2nEM@5~8%XrgP8}8uUHnVL}W_nWlQ8&ZL&!!ogR=K0v7KNfA z>{O@RV_y#j?nhO54RRusl5FH5m0L{&BhhUN5EoZ6@}P0!#v1>|hTTQof}S&3MHCkM zKX}k_f~&MD$pP$&pS{avQ6Q|Mv&&(w6~oR8>@1@u(d0VkY<3lgZ%*Kdt$(e;5FONg zD)K1x8ZJ%lc6X)Kuy5VaC|bb#0|7979?mqQ?Gjeu!`p8VacP}`0xG@HZbH-HiP!Gisn_3r zhh7Gc?}Cp>!!asCvAZ6`;TEn>h11tU)0bX`N{_y|e{Mzo_zSiik0V^wc_?&Qx4pG!H7Uso1ff45 z6Y*Nj82!fQwA$*0gr*}Nc%U{v{h`D9gM#09tDXRI79xnlY;-1nAPj|6I4E~}ARL8| z-*pr{hzDW?Zv&6Lh6gd{n4jt} z8w4E#l%s?SPjW2zYtXe+z9Ry|Js*N_DuN_bkqQK-p}f9HP*HMnQ&UV#RaJI&c2!kO zOjA>G@*WI=Q~fmr58|vSH_3{Y9TTD$n^LgEi9;OXs9Qrq+kQ~_RY*86!noqpjRSnq{ECt7h;ry8Ln!#k=dI9Xpd$AG zVD1mJz{T0z)a>T!>UMv3=j!I>+SJ_4$ps$&fw!`kpa5ki0Sd#K)E= zih+itjF_Snq6Q%cA{U{cRc}kD_M4BAGu!n@>o2V@Saj$%R7WuEGQe@hiZaNAn(n}D zY*Vbpa-4al>S}vCJNt7xdwaX8YUWZMc`gpNToW)ehh%5N5OvcqN4B~=iyk{5%09|o zf!8Ab2oI=Mv%*IA3l2ku&KISXv5uGd+rN$$DL=`~RBeAwTr%zG?C$R5p-WSWVDU)Fj=5{8Yd}1c{ z1vk{@4s$AAH5$ao@{9U0N5 z{zusFJ;c18bSko#A*%B;i##wiwgR7NaXpkAzCa)%py=U|VBj}%^3%BE=Psuo6{{p* zY$FYbOF&F5t<7%?jm=IGj3K*nf>hWMpt#LuAR<2XA)jh8Xfik=evDE<_hY{q2TzZa zO44<;R}}J&54QIOcs}xSG6_;J@N={Hd6~?O?Ko^@8%8g^1XK4X__lQ*SD+GgA8+Vi8X%yTU+r$g@HjJeqIGBM9d}?!u?kakPNC6nkiwTMfo1#*;Dd|Z2)A<~o zIygvMQdDc0)nSZJE2^wGxyzTP@2X zs^O7OVc{PpuXFdsd+(YSlJ|-R@%v^l+YC(7RM}7?48@B2pVTy$xIcom2OdymKVYNN zhO4E=M#l~FdfKek6v-F_v{k(Jv_X+cAn>r?=6YcvyF%Ej;AA;rJSy0{_os{A>_M#8 zX+r=L3qJ*uXU+HU#=_Xp$o!hHiXdc4Jh!--gB^1KiYQ$#9pEXiprT~cOiiu>|7#;8 z0|mb@y}jGROKhl~$Ju5_PiMi66)5sVt+{kMw^G1Azq=b!$@e|<*6naAw?+tjVmh%h zmwf)+)!~7S`&B=$i{IB=d?GQF+{M>o(zTA8hkZs77I}{{?vAMUV;_riM0a;lzqAEf6w>^3Ye*gUZYgM(|eIPTl)>TuJe)syi zYkB>4zgGa5%l50fnF*Z3Bm+(xBxN*EaAWp%ZseRXkz;b<_oa)Tsj@(RDTSnCCul@0 z$~5`9zjd}P!0O5-YF;(A(Q3YSG1nlGGNK5fx)C}YtuV=~rCV#*;kSD*$?g4hv(xE) z6|~3*o-X4Oo=)cp`JPb4r=+CXv92bkbs_fk2fbN#D7Msp{Lq(dMm;nfp?Y{E%fbRE z0%#h+i^}j(yV=K&yN6{xuE$>$Uqdwesm;bE`oe)(_Qh;I5AZIz$en6zS$DX-D!y)X zJYH;!xLj^-bewy9{bd8)UJ0IRrxCC&*(hpd5*_uh%EuC5b z@o*b-JKw*63GKDZ&5l1?+XJ7!lZg1;?2V~C-9B9xf|+dLR{zVdujhI^wO_iN+n!B? z;&XU)RepMCu?3jZ&@!Rqi7Wx_!zR@!p_#cP@gtq6&|lSdkDyor3EmX`1jcJB2NnYs zn(ksn89XinW`@{+YFdYOpUR?4X>F%+9qeqZyW9&=;x9x*v%!BzLjJ#ZhJb0TU;6U? z$y1-v??CFkp8w2R($mW%V9l;4XE<6 z+vokohu7f>c)Ik<_wfWISL739<*_E#vc4S6}!H850A?gG+3HhaK4u! z{3!Gdh5`};!uQX?B$~+E6=iPA9^>2jWY#4H>N3Rn_PdYA*Nsm1;to_xt6fo_u_g`Li?@mNRxjdPQQYumd$2bKnmHxzE9qpIvobos@@;N?% z$%GdT;fe~$V{K06J6$I9E|h~@{qt=!rYas~n(Dv^q`h8roM9NNT@3M)5MlX&VmYkYnz3LY_+2O)tn|6#RNtdY zu$>us{tz{^$SBJtrin1oziu(i)bm49F0HhBjB#D8sG`SpUsvzdSN%jF!21=8^calr zr||vB4}WJ2G@Xe@?llzjdE2@;C#;@~{ZzN1$5R88j*3ke8JS=4Bftxf5_Cp6@4eqv z_cyJ)5+wm8m;Y2G`Ar^eipjBPzuxX6Vy0n0IruBb2Q5#~=Xv818!;U()|2_ z?QOPpNCF$F-jCR8DQiyQd$a;Z8#+i|j&XM){oqoF#Vec0dPVE~OQy=W9CYX(^fL0Pg8E&}^c!N|&eaLiiX6tne;-L4mL=RhPnXpK3e| zV~JGK>GHdco0Aw(%(1nSDkuB>v2>GN{95DX(t)(wCdLdKnX>*|7dUj=Ji>@}#xnjT ztJ~zbUzGIYCoE`YjV-9W!~1YjoG?L#rfA6Ed_$ShI(0}S3M|#7J^Pim9;nV86X3nx zIT>K^7n(?r>YtZFW#T@+d?N?L9`E0K+d`vtB`+MH&*O4YJk>zy7(?tq$3O?s_aHy$ zSFbm#J7|50fRnYpfltFxK)Q-k#e8)Y1Z&&dXm`>wL8lk-`4qwy@=E0jQnpf0%ykB5VvhNumk2;@pOr>+wrn(4U=4_TIa+g#j(5Ti>&=)4qb03pR8y4^L1w$%O+o2#a=1Chv zH?`-9jK}PJr?UGUE&w4eEm;f1&DoL@i2-iCBoWkZ1q31u$>Q`r$xOi)khDnL7k6r1p$hOMk3G!-fp1vbG=_J1v?kw2M41EI~ulkNaBaAP@Mi6ln5pSel1CSel63nrips}v_VUJ8G-w`|gI|As^NsMXB zOOr~F{-di>>1wAnx%qj>N3;@2K^nIE_dA+)rQbH(R$j@DW4_Vf?GV*W@*M*U#Sc9v z>YxN**6=u->D0P@M-bi^pkpF2q=r;QEmFDYS=RPmE$>yK=sgmBs;IOIJUXR<5TU5# zCpU#k;1wEhJJ{Ry6+mp5-$@Gr6WIm!bkeaS73+V#hmlXi_8f~?9gVW>P}NuUvGf-t zY3>8gSwu9UF{H~kg z_SFShuw#zyqnr)OgftCRlUo>^te5qrS&SO(ERELDsGHM#iPn*w!jO&6kUq8 z>R@Os=yT&pU$iuy9txR@7j_g@FaU@4v~hMa5GDC$(v;qm7#0Yo+_h$QS{KfOa^T{! z`TdV=*1A3`*S4obxp`-Pap?BB-s{UDOe0hz713605_XYPFYD;}F$er@UFwuvKIZu2rAK#(9* zdykBo+ag$&=o0C`BiwrpP2E-((E0-3H*qgX4M$$DOIDxT-5Xc#Q{L+Ren)v1{{3S1 zZnedpGK9Q!`_5X;wU=uv3aa|;wITXh{lifIuy1Ek|0kxwMrd#!BuRCCB&>TN^DFCy zEOjre@8x{>IgcK}G?7Sasg+QxaYSup4qt0n)05Q^*Gm^`N15@rsVGnOZ>4O_V80-o?5NGn%wSj$6BPk6g>2MT8 zk3-woyAGf|$y(+2fn$|{z#T-l>x9}EYE1j}hzxMfpH>qHxeGdRJ0@!14g*EXNxZM0 zl`77ur;4?Gxbsmu$DCk7;M2&VpYLVG87`^XXfpkS0pEA3U2piOxAX+8DmJ&zEn4D0 z9th*m*zZ7cncKyM^PX(_kaS6>RjNIM!p;qEVvU!+(*6|osYW}c#m!-8%q0zM861cT zjRb*bW0y_|A3KA;dYb)th_%&}Viir|S=a&pe_D}5mJnqE;^#s}rxsf{Y-+flakd)0 z4p`QDk}pH6cQ#Cf8S9-6xzM7X(~nO|N5Dh1$w%l@4DeP<<;5wZ2g?VGu_FzNyL^|` zZ_aORYIymE)w-3G)`@aXI~I7~3@$oY9!!z5yNmdBf&5x$A{H!Wj}HF9 zC^>@`FAu&K$+eBooG?B#^-ub5A3OaC4GK+I(*;w2+DZx}Hn``=0wV<%aT{cuc!M7d zzKIuLYB? zIhD{UM=GTnkGiJ|)as7T_S{I61*SSN^yo~17ua90J`queVc*&a6iEdFoW;(an>jer z%X)90Ji6kScrXUyHRrN9L4Cf8+IEP`M$gxcxP9w<)RmT)askoUtnsH)%_Z$g0HZK4 z7JDn0&#_Qa(wAxm$z&KVh6265F*-iRNJl}=fo6Aw9U(cH69uAVp&Jb~9!)zv3Opy& zq6ODqv@ZV`;V8MT!FA@3F{ar4F(&EpsE6L=Y~MEpKCcq9S6Y^9xBZsc4>}84)lh9^ z;d0+z*V($ZA}AOTIOklR&XN|O`@oYpwsmpazdP^Jav_Awg~WbJk5Os)9u$2K6wzs8 zSz01mX|b0$xS{SdRMfO0SRbyV#G(BFa_s|??Ty?QybvfK?pnX+snvVuM&%iZ6zYSO z;9Z^%p3gNw&0}mxZ+)D1eVn|-auCt6VobU-#`5efp9dg3SovT!wm@rWxz6mB;pOnS zzmV5zdGbVHN%FEtNJ+M~t&GcxsZfe-mHiiy+O*#oBh!)H@i;8tSQJOsm18daoX-~VGeWvteP8}zGHhntU(a$$i`ZvH7pNO# zcddW06_F7aYP71X&sZiD1L<5FIY6a`Pg9lzzE6_^FJ!K5=)udzdv+_(VPfmV9b(4I zWZ}`SVO9h@ECcUFu8gh(c%d=4sDumktb2FC=)rSG;5W)mKL&Vp^?uC_r|#s|>JYKa z;j7MD*$b+<8No%0v(f_TR~Z~n`@5B|mXP1@hy+bI7fcLHZ7uVjRb*_r6HtTkh6#r^ zLM4Wh&F(x~^F&JnRa*H3`1lua85=SM??NxN1%p8?qz}PQfk_!TgfC=+Mv`s@^Y`wH zA48IKm~f=X{d8~fWS3xfLam*m58BtV2(9Qaqr>-J3Mg?*FL#UUNL}v&bh8uSgyGpd zu>_Dgk+&muiDeOK&4E*b@JkSmQlgxehGLM*J?>zCMW`0DJhQ)ibwSrmrv$U##I=~Q z3Y&^F%OB1*2DY|T=Iq@M?^v2FahC8Vfu>t-q&2#YQ2o2?i@3pEJo=D6{?9_waG{Zs z1@SaXDPg+OHJuY7R}e=#w1Ji}64P5o^+F$TOn2~>yWpglzNGZLi-Pd&*m^hFnnMnQ znHFp1orPL`?{_jP*vs@8Qv)pJv*eN3eGVzKWcA@`s;DeY?HvQ=IlY5cecbF^}@L(LxW`seRtP$Fg8vQFMJ=tvrJ;-#X zg1Si{5@M+qFH|JRavgfQ403u@Ce~oluec=b`z>3GJJC^XuM@E4mm z0*=0-RbG89FDoU<8tu;2GQd4ZavaBx-!$$w3EKH1E zPuAqj`owisD+EYs%ySqlQvR%!6z2k^Bk007&-$^vZz~lI=g*a?thsPnH8OUMz{~CO z9uAPUEZCIUk1@W8cm}Sb==n9gcwA~2a*t(XtmS#ZORqn3#;=QK!ywCc|AZvQ)R`Kg z%2YNir&+ZLgZtY>LHTD{&m&^hpSn<_TK%FG>icw)NJM>wR&DttHUTRH_1&C(+PYca zyG~r!5GZZs)(d@y3V}fFNVy=3X`|JcU&Dz~Rrrm;KgQ^m-L7D|BvhI5adzXh&m-I% zwfZs#N6A=&sNemV-pHW6ON+PyhB)!NFp+9#B2uvNW3+YsiI5!hCV9N+aW-2~&wu+@ zDRIDy$N-->QGU-ej^vr$-bMaw&pR2~Q|prQD@gmTbVZq|bPL_AbhkULbTe?Gbf<-s z_re+^-1TM6H?zm={gXfSZv>Ivt8h{t41&cx&-FcM5>!ka@JGC51BLoY6U6-f$){T6 zPVZx%+xY#jzEa672^b5`jTgRb!Cmru$^FyY(qVhTWLOgT*ME*bhTh#XS6a3Dh!#^zixx9q`pV}3jSzUEB>Zve zPAS;)`(wv5YlNbqUR`DOrebdAxA#IvmL$@9Pmy`6kF2Ig1Ui#}3PJ8Gx!`ipH@*igPrAJ2i-9`ib%4C$PG2P-*pI*-hvN+9jO{eF1gx~5xd zybMV&AiXb`7pN`HxAuf#ijo7as5&1F^64gqUfoQLbf+#}Q;WY0AI?$Td0HXMxZl53 zDw6)eB(G&Hs{M9?CsrzEh`8Di-f0Qt+;y~qtJATUqO^(B9-M*eI(ZH*eNm}7e~r}d z)Z9(W^~z{xG@Jo^%kgHq?cX@-9lAcI>XN=+u9U9g_Qg%bJPI=p?55wPUrh~xMsHW{)m}eOMYNL% zQXJ685^y)j2r}T(4tfV6D6xE$nDzo+NYxD})cm3`9*wg*-n=_$U?b~{)Q2w9CrFyO zf_-vuD2cV<*K^5k%b znZBKjjt-Twdg=QI&N@P^++W!7618i)bR&cdK`x2!I{Wh(nW%B2G9>-=f&0`jpek= z4se`XkH|dv+20G>Jk>YY*E0yi-qVk#%PLske&?0&+V-ftU+huVIic6BUg6x z?t!!4hP(&4B5_&R<_)6a2o(**g;`3XUs`^9u5GQ>ne|Ce9_raC4rFuXXYrG!B`F-w4JZ1 zK&rl6wm9jf$-C81Qm9JTZt6-`s(tk)?Ha3fw85%3E1P{*_WaZ*$Wxu8pi~mQ>3$Rm zi))Nk!2v+4<8hR0`wv*mGZSF*&yKTIe5ra7#Kn1_E3a+EQCMn1VIb1(%-k%<$52~c z+(wfGZzP|=U1ml?Uv(&;-d5Mo^gdzhrjW$IchJMjqI`LD)+E_BGdNnSH)ynVPooWX z?J<>uG3Vm|c$riZ7nUv2t-CC$1HbGLSL0f%*LTbrqw6lVbVXpdqGFk$BN#FJ?xj9&UvN9 zbyh~sQOEd=^jX5>UVG8Ipwl%%^c(@(WAkpYlko0oEU{;HeLFozAH>^D5-1Q%`wAe^ zwxT4l9zi*#0S%FISIdzjEQN&Por63aZG}o zM1$CDg*h6?2Og3&G;=77TI26GeH*?v@7~O{cpkl|Hf-MtL?w2a18!OAea_Yc2v+nZCi{2HerF+IhlWcgpaU76L~@dSJEu z#KN3kNjNEDYH~ey?GH~a>*wu?lT{a7N4Bf`EPL=U!9HIWOm$(r0l`;HW80HCa?!6YzQZz!DLmlhApk3Ck(WE+2MHN zO@hZw=6uM#2@?4quuLyi8BlS#P^*jv@c-KB6`1UZa)iDe{8O-AVrEtiTx$i7Pp1;Q zUdK^2)k*j?-FD3G%QG`qSLaKWmKGQPPEnoSmS@33RJe!pm1bYt?cq*0TXr?9-9oT^ z{qV(;S722;9q+{EqbkaXjpSs3Z8=P9FRvAuYG3j~6B%ad3UB+wO)eHT0SP`9npx%2 z!PjMVZS_u5+`4mC0nf4>NAvvzO7QGW$hoND<|;qf9Q-=WkVVX}&!>%z?5ataCX@rX zFn=e*J60ShJ4$j2k^dCPYk>vwo&ONX%K#ab78YrZI5xW8pn?W)J`WAnN-F{<#;3-B ztPnr#1>DbBRvKHHTuF21=DK{`FIVfkTFV^Oe!sZcYL=E#(F{s4qk`w^hx@`wqQ|yM z>ZxfKMFgUi0F>UE;sX6MILM+PwxCFvak?_H^vKZW;H1j%mOq{GbyuTD<_M8v<@lA0 zW`|Y3;(N+}ILgf~Ru6gp{L0L*-f6x2cY3c=Ij5#o6A>NxiN@anO^X)J76~gvRRydx zH!Y$7MS1jH>Vkhue--i=%2`9y<{0u04P)wz9mgCSg1&Euu;DB*5ixPGUviVP!R^lh@a-e}fJ-6=P;XA&Dv2;fR7kvea7v z2J%CR*H9Qa&@hDL{1%-d*g@9E_yidWjZ*ArtUYakefh@Q7%H>%P6$A(Byh|5{M_6% z*v(5-E3cn`j!Q_4Ur%S}ryP*i5}tL7>~m^uArX); zyozx-kOMqDdpM?Xs6)l95MU?@(gpCzzP*&xlF{_&VCBZ|-g$uJ3R2B)<3L z)qa1pL-WwGEImf0ODYE^Y-&=&2oSl%?1-R;qI*bwoE#B-$#;Xm+e;rkswc~6$_`4b z02}0U{|1ZHT#)2!^?U-dj?Z>ZP7V$(E-nrZPId(6t-}hts+)^p$rN&nY76;PG;~xH z2|@^vq}c36jqZB7gLFXE>iR5xRDJ@E=s}TjB#boV^vsO4Wd+zkV!8(Uf$8ylPJe>P-ugVq;3qw)iD<5I)gqY{IvnuI5 z7b+f1J+HVKHca6Y3_U)&f}{rVvg_R)Exux|iJ6@VI89;k;mbdwRd|Z*GxMOu?6MEi z;0P4fAo-J2WK6&jAtyxtchP%kO}BAaBY8S;Xyin()X111E120La8~SpB);7Kk@vbj zIzB$JvbDC6R}b!00~;z*vjggRWMSA5LxM_D5kyL=kN6k@kqe_{sR$u-!ZIV{2sm&w zB)Iv!U?r)|0U8=yTyBCkHWdv2z^e z%zmuYZBr^Yvyo-B!t~0>07u8i$HvBh1Gs<5YluuT$Uq)<fKsd^dz9vdquzW7Mk z|G}zkEj}LxZA$u$-Q?-YcpwawIOtQrCo_|D7+-N|`5^rTVR(Fg_=fw!b`(76s}Gdq z&(m9C@Si@NJfhsgheZZras%>Ws%J!p%N_uggvA3K5Za^00THqblyq3Eg&`AEqeE6w z8oS3*$5&)Xe97U3s&F~pkN_d5OcjTsc5))wM?k{&XVUS3iox_xtds?%!4~RVs5x84 zo}SWOO0*Z-4ZaWfq;dJX#3blTkKWW6LcTBXWyAf~SHCwQ%UVtc!Jl_Zj125TIQ_|} z^WPJ3eYrc1k>7&#-9o_(vk^)=XG`@AwhcY*n zihOQohXSyNUeSO!{A$VK;gNCX@Kiy2Ia>jp?*f)fg-tdj;c(vCj^hS|V5j4wRSGQn z%$^uPYBSt93qK9irN`&=I!oR6(Qud7((x!xnFeYv;h4+pRP6laU$qk{O29IDlYa$+ z|IOQWub&A4aJJdQ*^k(X_C&%MawYJ~)sLg+W+!CkZ6jrNeesLaBW3EUF0D)Uz8R&7l`n2AvN`x8%^(`&bijjiB6 zVwMq-n^TaQ(dBu8XhDR(oSi)H4=V;&mS z5`I>8#SgnLj)_{A5CySG4(`PHR?8CAe#m8>+jegc*z9huWFi4+58`HPCS-kPwn50g z$S=6>U!pIwhIP4FD(|fnHu7tIR8a7X9cBxqF*39C#T@6HWliLELbGY5FG7!q zySzAvaKDC7bDsO+*>;7sY5;o3sl7WB-XXP}VoK^eQFjxa5+IhzN5LbrD{O9Ei_+`E zqM&AEqFE;WMJwlc{y#7nJ}Cw6;#g-ZC{UGNx|UXv&V~6--QAPN$DNL9)Ol*pGCQkd zS3OkRs0+?l@L{R)rCDI81%ULV0FovvR`uAP0N!H-U0>;mcbDIyOQd3Nr;*|iR9B2& zc7*OHzlVu6yMOi)HR;Yf1ng_7$+_TWc{m9Mxn@GApGvg&Z8c|&55*?pbeTc?dP}DR@vSv z$EmK76B;Gm9KxY1TE2MS+w+^Z&YhcoX`d~}f6<_8y>QViE3RAFfgxecT{s({-)Rrm zkDBZZcNEkpgdT4OqIC^<{Vum{{th_HoXnMQGIXfcHEID==`d|s%Cl7r8Z8#@>1i+8 z#t<|}fq9@_IPfHCKUB-G*?q;iKY$;FfvDlyFgjoFeUmX_wh+kdEgVe(u%*Y2Yf+3w z?9@DyfY4L`19S7Sl{7k51aTJ@LE~OYmsEBGSJ)LRCF}W_b5`M6vB`cE@r#EUVm10F zV!Mf2p5S#xnNb*TP2n6P^Ey`zn4-AwwIt1^CqE!1<@fZ_g(DhYh6m@XG3ui89#>N* zsmlcIl5^A9a=dZ_{6kS`S{?3Gs{2a%Lft;6hhPlm?>CInC*H0XZ5?qR`Q8u5{dF_t z&UwFQskE$}^=4wlcV&|t(mNRw+QjljWZ$eD!CF6=$^>ascjt1sr$lN{^6Gw9?~K~_ z8!2V%kazFwkVfo!S&}FouG1}&?O~{aRkQz8;i#JPLYZg4&&)G8FJ2!EJ4ih%1b+hi z=^;LY3K3u8B`&45mU8&vC4^2_PHSD=jn30p%YHboERd^dHq|(>ZO>N{r3){cA}ji1 z(*`8-wzK|dIIr3${;AGE|IXB{oq4A4z+6Y!SwHE$tn^()Vv*BEqfE0FKG3yrRk+B9 zZpg~nW3ffc!zN+-%Q(#8JlFd1CS_ZlEfT(&{I~iLjnmb-vwAnKjh*iaqtf3iYW=6V ze3TkrE&m_(?lLx#E=muu*&Z`9!J@L0mcD0Fi zqg9kY(flZtS}k>T_pN)o>!{BAgk3Dq30WPX$S7EkP|gJvtnp9=3#+6t!D#|ua|{~U z;Wd>5C^l5HESt7H!XKnXxO1yObprLv_9VHB6+$f2`;u&>oisXJO{z@(N%0^p7ly1v z9pJF|$ax8p(`odczlP>_)}VMv?!*y&`)ZBOCrGoLWeI*!sf#l^zm!2$@n=Iz`MFI| ze$$MWCfsO|q)}F`G-3{XoPI&Pt&>WzBPPQGd{id-{e=&E;YNz@hC5k%z!(xVcdy1U z)`-iZI7d?%HrN5v4wQC?Sz4@DpW<6hwEOnj}FFlGy{ z#Ba{@wOZlZA+h)Kq|V?6TIY4~rXTjQg|w9qhYc{D$)Z<^xn+%`it?tK9@b?deK^rc zNgp9#19emZn-YsKX^mXIzf9BFYyJ1jy{N5Gv$>3t1@DmV6x#&~nyKjm&wJuhK9==A zEch;5N#fG?nX=bc;$D{)TsR_l7bW)eWcegyq~rHdgN@}`{TdvBRONR)zy!!nu?%l1 zAFs9SoRg0zdWT8lExUj3>Rvd?2^bsToTr!2%DB%p;6-Vf@ZcQ90K|* z%llQ`yq=_O+fH{&bD1Zcl3vnVxqfw6RxNeisggN7MOlPVW;e*W&ngjpr2}L#lz~=i zHveQOfHckTo@hML5R596*dFw3Vj2c4kem7-r(ht%k#hhbNiIK7YA zGTC>Cz;P|Fsv^=hm=Elx3bHc(*wKQ6+zU+25G5m%T|bGcV6^RmtELrFpxvr@mrdU` z7Kxbsmo$$o4(SjkEb|r%#{muwnYESjWDZN=f=l5Bz={Ja#5u*ey*cm^(ixWUmTj|D z-q(PmCHqT#ZRa>A|BeNwxHApU7x_u+zIW(-mhuX}NhkEWE0B6)5*_CBnns!Lrz$fG zwaLge@9ISn?Fc*=Ori@h5*rdJ7Hz0{&~g4$0$diZ_ZX4P0e7G=Ips@r6;a8g-7O^@ z;wC=<5uy8|((5((n0V&2KT5WMa9TE`jVZDc&s=CGKGioHj+gR3m#D_tTVGXtZwo@H zqb->v#f+SLdZxb@;<-4t8J9H1Fml%&ME6w=2}VZVohx0^>_lDxy?1!yH#(~$p$0yD z{qGLHT1#`-TRWc^>E&aZ2RkJ#%Q1Q&sYabt9ssg7s2DyhnBSpB-Vn>I>4AJ%s*P$i z#S_2dBALG@Q<~jbYZ;j|GX-Sijl~r7Acc(OAf2k-sn~Z8Gh&vxAOjT@#r>wHdfd0j zHV++Itg@|~bX#h5%Gy{~tkl_I0~~7%ZtZO>g&|LQ$Y(fYTcQibTO4j=q%J~m0F0vY z!YO?f0w&2&fh{0=(Pqq>xzrrA`dH!2)?^!^%^CCO9V52eC!N#1X7o6!@fwzv)`7iE zD%*8&#eeny+TzaJatG@Yc#^lIdz9zxP?25|#Nu+!rh1@n1E1sd{L-vYn|O6II_+G# z2p2j8+>JV0@ewbEvhaY@o>pzW=Fy~*6haD%FqRW7 z94#ZF%0Yq}eNG{+bf^Xb2N>4_Kh>gq;wqMv%ojHnS3=h-^ghKqUYuZ#Qh{@Pn3{acdTnW{c+E_Q{{Se7jwrhAQ?olB-4G%1V#B-RGDo`RSwO~Q6 zP8J{5fu}~%S_1IFjlyVHpj^cM+8lZF9bRfCA|fE4YazfnGj}T`rLeDwwmX*y+8D3O z%dtM)M!6;um3$tYk{#RL5* z%!M`lHm;TQ@opcle9mhgfV;@{GhIbY6_5Ig#{yIsbpZ7%=;oh|g1xvR(52)g2gYtZ z7^1SGJp_D=tiFc_C%~Fm@G;iM1V}_#sc4ID zLPhd>S2p1)CFLT)#kaRWxLA;J4sQnIa>Y$AW)w-|G*+a2Dn+#Re4RN4J=*!|zAE0M zmZoBE4VVxe3wL|BP_TCviI#wBuRdcmPd6OXf*eA0`Q8z|cUYKKV3=%}pwg(VbFSRR zw88gQzA9`a^JWWtzSLf-aG-Hzt5QDo9;Wfr-$8vDA!W)!G~sZstlgTUQj=qlc2Gnb ztDy9M0_y*|F9r>_LIvjRl!fo!HGLax9(^oa^jxnn-=&-|AuD>+1UUdR$G5*mu+$>Y$Ify? z^+TX* z@LG^aNRtu%$I)tezNpx?Kfi?YZ-VnnGK;z_t;M$Fca(h^mFaBqwzO^y{bYh|2`pOQ zV7|KYnS}{a(kO3#Q*Ic;Xmrl|EB`@U+B&M&&!ejPkQtJ66Jr1^1np+U!wdk zQT~@G|4WqrCCdL2<$sCtzeM?8qTJyxQT~@G|4WqrCCdL2<$sCtzeM?8qWmvW{+B5K zOO*d5%KsAOe~I$HMEPH${4Y`dmni>Bl>a5l{}SbYiSoZh`Cp>^FH!!NDE~{8|0T-* z66ODY6Xh)bwOd;Mb8hPYw!g++8UA+I|09(DCCY(8K)Dd5GMPV7K{JcYVq&)GRpsu zelD;bczl1chL_PEl4v98{t zF|HP*0`;q$Hbxv@>^f2szE=|0@IM+# z{_RuB$fpA-Yb~bc(yql*+*+Cp&3{?jL`}(LwSzY5rv-k4S~c^&Kylh+NzshAc2d%* zDb5karzjh^5HLa0rBzHrJ(Ij@5abEj4<}u8QNoev2fnyhd;(gJzf2<6{eQFLKLn|- z3%WD3wM^3Y2TP_N%O~oroIWqMZ^Mm}y!-A$HcQ-RA&ANsijvT=Ek&mP{1%g_O3-MP zbrxQ`U+cXyH1k$Y@GuIJEVTkno5;B(!KCu>9-u!Xg_}z56CzR?>;~E4s?b#I@C2qu3 zRA<8G%<;vYOq4^1B_@)I3znU{iZc_!kLhW~828%ahV+>BGE@pfOSzSu|2Z#(|BXM) zQM&mqEfSHSp%QCN5)P);&`2kWHgDcU8aJpsUkRl@==ADT7F8U%sFpmAj?PVwt14g# z;>!Surh@r{USh8K<*NssGSAxflR9zZ9AAupMzZ;)l!X>hWt|%c8m#|IUxh4G$HGBu z+bwfhe|HjhU5XA@4?a^hLB%D3$AY0jewLKl#-f&@N5D`0iAH=_qutIHh`3%uPk{7J z9?Xe2bFdY&Y?26~V%pZ%-u0pEZ9f51KmEdwiNN~BRtzwsF@;G8NnU6WfY;b+&X_R2 zRAnAdB2|GvprN=z934DP)E}4azAO(C5{RoJ9aLi0uW~?H$3R6gjXHysc)O+GyyILvbR#B?mSvD_GHzY@!(C%%FLG2kQjxTWPEjhvb zhoe;R6PFd31XA;3vdo#UY(^S1S`$r1TQaxZ0Sz}xwlZJxL`ZIv1oz_x+UE4j!Ci`V zR6502X{)mtVFxI65q`j7^TK_in`qxq$vjtYHs7!rRfy^yL6~5u&)>DhSd! z>w?LO9Q+=;SCy#@b8ZKJQo7*kG+O8YD?HDXBP|Gv)!8Z_6;f5Q+Pxo#4$6f$Ea~ov zQTASDnGLmejnj6sjUZ#Fw~$y>dCaYlfIH!of${V2FN%j(P}LH@j|aK97NV?i%()TW zkLrurAe|iyDDK(^?q8=C4#akB_qqHA)#|$ZUx8`hv1AJ!x+vQiyL#M-0F5SvXyY6E zfx3WSf_~|Yq}8Vh>QAg`QzF6^JNsMZV-RyZ=cTxpnI^?X@E6c~57bsww$$?gC?*87 zA&aI>8IB^T-D4^2GGPlH;fC}{yGi1qe+C;moiUz@XsMFFl?Av|A6?zGYFoS+j2>;= zy!Mv8>Rco;mc3j^JR`aGQa)y=(I67)x$Jiz$Sp_tDb{+VGFAi*uHRfeV70KmsWlzx zvsQ@_KdH=MxKXO<_p~XA1X>TcXA>^K!60eZp_?u}N|U$H=G*E=j8NEy_pO222b_hj zuOU@`BX1u>^x76TaHE~yT#8&|Lc;u9$6z^+_UgdaDQmE4vZirrTtJ6Ot7Rvo)W-G= zoqWO&1fxzAN2EWTfmVTDrk}Rsu2pC$%so5sZVT-0eoz8rB!1GOS)1WtJ9o)(_98O{ zeGs4#y1+SNHPu0)e37si2IJuOa@MY9mN4#19G$bFKlO+cPDD8yMf6_a$XA91V(DHUxJY!K&Xw zQEr9oiu7sU4sZ>!s#YQzJCcr|PME^7)u2x=^KPwXzl|z`0uI~4C%Ek@wHhjB3#gG{ zf5Rw7YH@hUh<(0gORtR-^+YQz7@>3DQYr7>2(4eR(RKYpErrTR)wqP16Xi&{cxX<$UT0E4z1Sx!l0nB*z`Qfo9rV+PC zVInn$@3Yj-xG&ok>dP6HR1%w#6h!KKH|neHD0|3Vbtn&nK9Kw>R1U?wa-Pr01nT*i zqa?%eP$Gf>k(SykXjOMSV;2|4BWnT^+gikXEAed|#CfmeCI16t1UfMD{E20GK$wPCC+1~&6pIIZ`NKk z?&L+}v0xs`{03ljtcF$7d%eaqr^GMGv2DRDf?kvv#%6;2Od)6_cV;f5KJIZ+l|h0 z(H2a(lJ#>QZf$bGzImfb6OGo0L6Zw8DSXnAMn%A-Vx<0I!i0}5KlSVb7CQB}0*4@B z(zoSgNsQYPvu|W>GfVJ#yM?J-8I48AZN-1`7w8^v6 zBpZvfVo)mw?AoCVMZFllg=O&av{nMfs$vxq@~;KsV_(iJT(lCEO@k5^y?PyASPswP zuwFk1g!2RU7--q0P=ujCHQQWKKe>JLyHBi29CO^VCVqC33$Q5KFJnSm9*Z}zxFYR7 zzcWig#yW~2_XTzkKKGG@cikej1nkyqYd?}JOW0@sH@U5ey(RFo(&ZD`XC?8KMu=&_ zsGz|_yW?D}3NH^>2s^b;4EQ_rP)lIH}d>KRz6FlvvjI)MrCR9Ajgr=KLv z+GkBqsV|{B0CyI}NVI8eyRMQ39P{<11eY%*eqW?5$a7>kwfo|s;yu<@1k)K%=dvPj&BKJ7;k}PR^>h` zW>z2vo&CMHg!07J3^Z@vq#ye7zI;Gf>sMdL){Oan|y4rLqjH0k&Xcp~UR$XG-+G}--y7N?30%fLod0^FHOk8QAQ<*mmQJVB1wqJb)uXiM_M zpUNHS5`&a2XH)r-jg6AhL!_9vnf8_;HxR)JSCScG-A+WLWijpA>+5Ypu_C;UfWZRW zRlI(hzSc!iJQ-7pt?SYuS7s?OQp;8m5XVWiMS!FYT(4XCcmPY_i4skx8s2*vrS9e6=TnKrL6-W*T>2dMW^Dbf#r(QVyh_|^<~n2$j~30oU*>bc zc}TeWx$3${Z=O#%nLA&B?L0xW3E!lwrHrTQ*Df!$TDk9W`A@_0h`wSVC@>WQ#D#&Rabhhc=6*6v8kLqaN;ai~=4B`lGn83erRMXQ zrCgOv1I7i3;^h+tEhk+S7DPIs%72i1ge(HI`>#rSD&Jf+$TXb@dRzz`)Z9S|q~=CP z`5axoH$!Ijsb_UG=!oG>N(D#T3|vjJh>1WCG4Y%i{$>k1s1GAHeGvu29=mZw9L4M0 z&he^!woSj(oW^x za((409_?q9JNA;|(T}69$j8LCAGyy{)Sv@hM9s4emQg=m5=F7INR1ANrm?}Qiwt_3&DW^Q;6T=WeCafzv-dCC)g(Gue{>guj(I&on?EDG#Q49|s< z)6p=#Cdc;!FkFVJe33-+pC_!f<+rCy)m@K)h=!4Cdh;vDZoS&H^elCyX zjSg|!3^I*6=W@g$=d6pP>8FeBqFmVyw& zxm(U0w2@RaaO+%5b6q9H#dF)^MS2j$`2PU;rr%ith6?=KT%9B{xIEHG5{#^aNr6LY zWOb-hoAo~mvwKvPF;{UP$ehh|>99JQfbh%L$~8CKY{Gz1-&#e^@=W@bmArrF))oV1 z^l!7NIo+NImE(0&clJ+}HFkmzj?pq=hc~8&db}HjGgywj2GXMoeZQ^-eE%&+F&v0W z_@|Pi9C)fxe}GCA`8IJa54b6{-a_O{4xFV5N;wfbPt;cw{Eqd`Js`u1b!bx4ytztr z3pYTT*Vm@cH@p>>BtWfcIp2(<60=$W&jQ!l5=*VU9waYGRUZvUySh>(`NFVLFszzU z!NbXA+TKnDYiQnhL`3)-MP@Nn}e) zt6q^b<6GpS*+D-_`l&smShpRoMj3Y_Z2ZB3)Jw&|)tDxN8*{pEBiOtJ#J^R0{(GFr zzdmj)$n(Xm3{NvAE}uK{r4{86j9xUS8@X0@D~4o&Kk8nW;aqgPmf4_uiIK=Z!nVG$ zcb}_qK$lvHF}vK#i>ghKHw_2wDQhL2{BE96D>eDutYsLz;Cp;H|GysMe=9isFK^-h z@Vw7|lpXO;ZTr8F9r2$R+W((qM{scbyL!88=4FQ?*MShrfRqF4-}mSUheL zjTkC8lDtrCNuFsTk#k!BNuRFjR0k^74e z?vL4k`J6_`bVOYP+TWWCt3-}CF8&qVhdrbt81e}gF(bbwUj|1rxuQgq6e`3rU8CP0 z65|Vq?-Yr|^BsR!{+@S_>G&pV_|PMjY0qY*=`?di^3@1DSwo`vvxZT z3Y95WA`}c8c=q`lKeOE&DKD@0=jg)T@$r5Ji}{|=0S=!vO&$_!`UO`q+an4VBpL<^ zAySmD*&ZqH=crbQXxOX9AEl_gQe=tkL%T)(XAW zhJ-%vM`&C~sgTfK7CTZ{ku(M(Dl$3}8VU+VN^ERmVqz>J1_lZW8X6KhGHNQk?RzLh zUG0dskwGm1>b^=iGIUO;6pAZlr(bF0KpFlUu$12z5v|UQLWjN)Vi{o-VwwhBp-?G>^XDoU zB8K~nu>kAKLvgF~D=aT8%`!7Eu>zWF>S{AAuXj!k4lXYCE-nrZPR#gRqAR14g3?BR z3L4ETDat28&JGBH5n&_!yfC90rKsWE*^B0rpbX{R5>F_W!9YezNhc~UsVK^=EH`CX zAJ{gSIs_O5IK6Hy(@$j~BO@gxM@L5`qk*#DH8Zisy#jtf z$Csy9XGS)rR(?inXH?-7X^3Al+yqsK*d_RZ7_AnX7)_1yXh8{B-;Pop+}O!V8`O}Q zdc8H8&iCM$0JDL{$kgZmwXE+=-o7Lp(TEpcl9(9lU`lsHpsjZBpR*&Q8OY>4qRx7E<7)?C9ueplbGO|2B zxw^H~H^8q7(>ovxR&*;X)GGpOXskwWYp0+O}5=OwtSh4)M_n0J-e2gnVRdkr+1^@?FAe>s0I4=4xWIsg^!$z+QC#r!$RUV__?t* zZkO60gZ}=;)~TkR1t7$rPRY1?nm~RNc|1{*?E+5+i3?E$uORRqCOJ-7KE1%k+H7Z= zc3n?ltA0{;0ysxWP;9c=uH~Zk_|v=5;ZGtwSU5ZuO+ZgyT~b0p&!^*DQSf{c=ijjr z(9`50`noiUgR=J}di?MQL3f>UAl6GSgJz1)^KZ~I3(M3th+$$>+VRaFmf1NZzbP&$ z1B{Ps3~ep;FY{55a$8J($;M3u#urm-E<18My|a6Bb+=fSV-4QguTE3dp(a$qh%hKPor~kcBQsNTgPi54U z>4H(hMOZguIBh}2^H#b$FVN&FH8hlz)DAK$(W9-8kXz^oiRdI%m9L4v$d<|BQFY^~ zsK{JVRCE`0JeAF%?Njz>q-^Y_K052)59v_nY$dyy+2HMTFlOxMt#gO_lh)+iyqt1O z!9R)s2JZJvwzE*Qbrznl;yYX;vm$|~Gh)UYYV;tbBs-{<=m)g8OZo>7nE;0^%Dh%J5-DMrCrJn@oF(DI!C_YmhpNP{{Sq#GSGw>&lSyV-Y=Q(isVIo48fPAw?L#q|kqWqeI6Fd3uqch3|mbHMI?OC$9FDJ?Uy z)H^xeeS^}$!fPfX^KyCY?Z_`YRBn7QonmVyo}1Kk0V>%SIPU+lXZXBt4@MQA@1Ae+ zMG**`c~8u`eV(Q&ah9vJEZS$ljL50S!(r?lfM__pAIf6Myz%KAXrmq)l+jE=VWdg? z*!`KJ@prxs&QO`77A7G8G{w}ExxaVXY$SY;J}_zCUWagmfmhD$R+d}a`Y@Md$%a_E z-`g+hdw0KjcTBI-;rVil_U?AG_i|@ColT5iv)S$OwiH#KLf@3hr>U#y)KS2|M$T+_ zKIFux-}}jH4bN&4%z36nD6=O(#}ZwAyqAX^90gvK)WQOhQ`!hBfrei1ZFm-40s10r zoCJ6ZuP!<)Q0}%>wCO-{)IffgDz>l-yBVzFIVey3bm1kE_o9OwY!%#w$|<{ zDZ7d9=6bcyvyoSYsR8?QOxLFJNGhtMgT}>#V2UD~3^n6 z^J=rz=|e&j2AFz^uf;|5Z0La^^@-cV62*(wR){gT)U!jaw@as*PD7xb#k|fJsvs%& z>L+ZEu%zlxg{;hG>yws*EX)TbgT&_l5az@b|3dn?oNx)G>8*FBxHmo zr&q?jvt4@Xl*>^Rn@q2!sX2ADU4s4F{s1}tNTVQyK6%>yv!m7B57Od7xHV0I6U*ba zu<9M-o5iKAsIK8^c0IKab)F{}fbQP5l7anWe(?j&&1Md zKRpzPt>W5MW=G!b*{cJsm8t+`XqPFy?yMBp=`YmT?iLI<(R`%3^r9}KLe*(30#ZcQi2X#V&ywED}jlZ9`L9+ zO45}n)!Pt-*}RYx>0wJyl%K@s+Y7G|I$+Tvf=oajHy3uMZ<`sa>l&eYAy1cUO?KK! zC-LA{(X2&!xb_MofG(KjW5o{}RVrZs9!Ug8)z;^@O66*elc@7mTwPgPJuRjW9zvLc zjZcx|kM9s+doKu$pObz0PM|Cck-qvATOnd#yV&9<5T(WM1`oK`SQ zI+gC5RwcpTz+4#;P$dgaku=9scj~yvwXBp*7!W(7^HCUd+d##x?-$^pgA8_N1N?RY zjAgkd-AIFk!wksPjeuV~%1##}xfPL#1B<)85!_jq6BKk3^eO}oZuYg#QTzbUg_Um! z6jTh(9&8K|B~GK}?N7%kN=w=1ZLSYTJh5jS;6c41Qm}JAyd5iLv+?qJm|@M;x?MAB zy4pI9>>kHU1&!s&FCKnG*kP>RV`E!Zz40?A4;gb$ zxD?zXAc%EkCbxKM(XFjaCMWg4e?1J2E%dS%-va z5OP|3*mArDy8S-5d9goWmv{28IZWOMC_w_pR>pe0dgGHAZz!?UL!uLvm)V+r0L>|U z{OF4TAACRibKM^SE_xfO0t+U1-s1DNMg}#2QW&deK57>Sn-ZQ`@SBBqjv)T_fx}u% zl|~^r&Z5q@qyfa@a0h+}KcfbGBJbpRbpDtTs250{Dv}Srkk>DKP`Kwa?*~%H{$)lA zq1xLQ_D-K!Ue2lFYAfr0+ctuDz{EVGker0r_i4Kjn)?eU*l{rL(m%zgEi|zs9sU4K zE@<$(^=j+2t-SEpMZcaM2$8d11SlaM)x4&Ms4!0MWpKBo+as_N8 zi5E(LVRb1f2_3r=vT}0w9~w5Ji@o7o5|OC=-Cy5nD2qAgp*9Qzrq@mc7-4b_2Y57B>2UkJ9^B-kVhrTgSC(c6@4+(mQYM7reg4Lx zlXZJzYtYVVlpHBD!_k;1ENKE!7C$Vlr;Sy)MEKPKM5R$Sty&gg00s+AG9`dqQCXT> zl(~ERekdw|IzV25Q)3wpGf0R-%?ClkLqd*Bu)HkW3A%br7GYLC zm|^`MS=bh3!#jA$(UC=pz5WPxBbUayVabZGZzerGTHx;L1O#3)~BZn*+>Wywo%O4ZrK=kA|hS~tPiZRS!K1TiL z=Cr{ULKPZ$b743h=9-9{8UW6GJv^H7LUv(^7@P@6jc6)+s~BOI;k|_=r?wXjpQ)*Y z=Yo9=oFs`An))~7U=m(R*!GqkC4F%>fE3Mj&&yk41u}Ptg7E05=@ZeG)Uhu`%?|iir3_gF| z9GD+a7H1jLPIoZTYRw#mx}UXY!AFv8S9y?+(JI#t0=T?hE8cGw=dEkE`Fc2Eu{zn& zDm%9gIMI5e4{Suwc&bq8D{ap-L}5vq_IaP4>ksXC1E3zF)aY2oxPj+`^HXolRSlV? z96C^^jlA}&KU`o19R+!_Yx6%@+k+Vlkh)W82*2l7Sec!kAk`2Dld24s4lP+WbK%$W z)VP#j78l>1U!G&ga$awCEO@rHvCw;X+^+p5)K%3q)K;b#o5At7e3y2%3kC1oVWAi} z@yGN(S9Cr?Ozh`nd-T^V?SQTz6$tD%L?YS zQXHCSs|eg5vCF+F8lrD*59&ob7~{nI%~uc@q(o4g;NlfsIeD$A_wK>^D;sjk_UzQO zl+HojApzj2o~o^FgZ|dBW$K=U=&9{V395Q4YX^~D|BS_qwp`dEhEk>$DeQGFjtVYM zjpg`jXrb9HXW7qI-bC#IhLd!FFd`GophgQfC!>?B^-b73qW=>CuOYb#fn4nv6H0J% zwGO+-t(v#<>(F8@FkuRCoaG!?w2GmaDg`Hmz918@MKX&CI+EplbY|b}+EB!fzpPHz zODjTYDsQ+FJ#sJ`Jz!B49dBcjGNs383&ACr#wBEvzDxr}h?; z_{-vFJ8%%DRxBxc?-?i+I>u#i%-Yuwm+{GahQ^N%LRey4B)Czuwynz4Niepx`=(Ze zN7q)K`|p&1ja1B?G1IErxNv*-Licv%<&|R`2G5MUY;|tAR~@mBft#>zZ%N5&<8$_h z(R_W$ub&~gUl$&rE-8u2Gi=RIP*B>4!I)u0#fLm_q%CNh))!b~cy_W~uOR>Id*yx!A_oQsPH_#Jpm|gco9=`V&sN4aBVG9?rctYa$vIx)imq1K_Q# z46v*A%IJ72jU05`GvlMkJlU*KPo1_y(Rcf@J7StR@PMdP3Aj|3 zSo-5X%{oX_bQK$zF56Hn2XHOZWtP&7PHtcmv@T#s3BpJPe4DJLV z2HfSES*^M4n2{M`cHgVQ+AmhAMw;VJNl5!rIM%W*N^ub z-3+?#`DK<&kQO&*2Y7EWDof0aD=`L)WLP}-kK{AvdZ<_8Q87@rL*W&K;9k2P=+hl! zM6|(#7mp7Uc-)}<%T}viB?Ye&;E@7*0UwF#u;?O0yp?XSh3DKieQ=E9A6ix>mekXP z=m?_^UKli-jX9G^3JWX^_K)h=X*FL=<=2ppL%y|*UXFc1Sh9rBxqh7CXdDaMUhu{@ z7YBQN#G72=v<)t*-G_|g>rZIOg0x+WGM+WMoUn9sYcRifz~}?RJ-VQqYphXM#5ET|BT76d>RgNA->-^~lb1$pb%FZ3o`x@Lx z*^5W&D8nmBg4}dDNx$FlsvM>98W$MjbmhKpF+4s zO~61|Qdc$N`i5qUpV6vEx50-nx$5zzB?fj`c&>e=_P1>PGD$QelWAcaGAx>(P{KJx zEKN?Dn8+EKwSP{+=4q8O)_pz*F_yYZ4%}V;Kqyts^`~hr1u257t4IO0YY#z()DRR3 z#Q4cN7%S-+a`WjOu1&VXqpSYvoeGnv^sdm*QtR&M{Vc7lZKC0Wfxbni7lrY1nlp{m zSKmdP%DTb4o%r^uGmBae7y8rlf6%enil|rw~xFk@W}*JLlF^j@MF5gtFRQmeUsE6C^#KD{)ggL ze;>0<1Cqpy2xd}hvNnG><2>S{<>KCe|KzttQ{2(f70ifB6g$@oXg=Sdc4TS6F{s?( zk{(`+h#Rgs#7BBGaussc8}jfRFJgE;oL}e)LFZmHb-SWI&3;Ri&W0jWNGm_`khgw0DHep%fb;ZHX2L@iC63=jncK95vKLx>Vh(8SANsO_G*7y)#g6eJ{3O9K`_l)1*>EaseOC< zYw5733QWt&SNtyh~4D5!^2eewDR+ zN`@PPAWJ+OKjGLb-a?hrGg`^$XnF$l!n|-{(jz%$j0OsUmPYF_fGr7G+O7?Im%wV5 zf@no(77_H}j14CXYwRU~&xd$k-K_sO2VU#%MxU?j$_^Mb2cn`s%KQmg3{m@2DDb>( zj`b%B;t%+tnmd2WKD|wLB82_jePLx)4eI9E5d4hF6E)j+M)8Fqut!Z$#Pj*)I6iwT zl7Rf*ZrE4R>gyvuaHtj2YxjTH6D{Wn!esekesTJQt=>Pi_xtRUV0+#Q;m@9^v%Bw> zkMOuU=Uze#3vTv)@=qGtVK!mO#fa}3;P)axRnYsqkGg*$@_0IW-1*zJU3>ZfR657! z)Ts4d=uzq=a{51v4B5Rt59Q$7dS?Peu0xZ~uPut*hF*segq{`cM#}F?JRvt7DEKml zPgnsLjhoFIA<{FpuoL0ESy#DUg1z#eX7y=(WZ){>w1dM;U~N{7eEe0*D{R&mm45Z=K} z_gc|w6OGHqfoSftZyy(f_~X^%+Wz4pNQ|Jp>r4)5_(8eb))wylyqwp0b!Dsn-q_HU zabsQQ@N9K_h}Rpi0sm^jeumw>wSRU~zRT+#r`xB}F;aabHJ+65#L)sVD(p?r0OD%o5$=JziY!qO%0BF+b z+>|*VbW2<7>72U<#h96DvJbou@3VBelPo`**6k3ntEJP$1;dzecF_J!(?REY6P_Aa z$>nexL$ti8d4ef)~=d)9V$ zxMpZuct)F^r{J0OPFa}^Sm#LLqRm#&oyZG|1F3Qp55RLD(Q5M|j6mTB-n zH#7HHJb>}_=Z@&|4UJJ^bYy%{b{O2it^zJeEeY4t$xXroyZA93N@(Ju&yXv+1;6C4 zDAQ9;DO229!9MU8VUe^iNgB^6Cd-ZgYa7N!ycgH=;*mP;oE7bON5we6fX^n{cVt39 zWf1hY&7QwYfyMNYkZaD5X$c{CI6cX)3Mdw){zhJHyb?> zP`>tiIL@J33W&Ncu?`pv63jY!0i%ggYu7)I?hF|LsybpttiXdLL}FMfXy98dtG)T$ ztTr4}TZ~Ba2~6;{Ys$O&`Bkda`Rv^-FSRo#O9B+*XwvI;J5_@gKLBF_=%b>BVEx`A z6hbQ%d|>_dF;|C=`WS6FgO8l2@L>W}M5<-Cnz)XC%M-5*QnOiapPzV2LG&`ByrsT4 z)37hibbaEkE+@fw>PTtmD6jis3u7X;vVH@((Gw6Co;>|3=0YuPjWR~WrelWPp_aM@ z8i5c24B~#A#Q;ZWx27URu(Qt%q{BuB@^46)cqV6+SecRPxvbmSlg4%$9C>v0zoc}3 z3;_@mvaw!byfH&ogCej(DTyh|D>z_~Ck9bK?eG9`jV&E#sKD*s=Tn{VgdVpS9Dt~# znz-Gaw z2)CLlUvFc_*l%Koe?Cthga6oHvij6oqF=9vTgLta17wz<7?0d)bYxi=)yj^Z1!FrB*#APv4@NGc8B)^ zlSib3zHXG=Ri7}N{SnDGks(D*u8BJxR8;KN@A`^o(L8VPhXgz-I?A9%$C|eM4}i>8 zuVcD2dARcW`UL!T=^|_0Zui4EVLeVoS%l50)B4=?4Xyi?OL0d+i&HF3f4wf?Uh4cM z5VfJJ3sAS9!QnC4g-p(<{Q-KdpY5K9R9JD|Z}5#JM5pW|c(LizzXk>N(2Tu!iL(MC zxFIlEZ6V`G)K7Ks8y@}8+C61 zS5?>T3vWUiky5(5yBjv$DcxPt-H5X37L@K5r9n_qK)O*{LXZ@Y=35)|iT6D3`R=** z+~4^=-E7vHYsQHG7;BC>2Wze5NzWNOyc+>t0biecJ<(SNG4GZUE2%IH5FE*hio!$0 zevZXKH{*b+|IEh-RL|iG>;n##e)fWyT@KBswp>fmqP16V8~vb_pXC_nD6eV@;)VWzgd+WMFRTH_x6FlAOxB1_E}3B%_iG+|=)U0A+* zJufBT2CGHkyF#ai7N)O!1Bj8ExiX+MYun z3`_*|416oTd;9o+!IqYmV6e~Gfq7v!SO(<~Wb3>>v{On?h&^2yi-M|4@cO-5R#Ijm zeOGo_C>k{`aj?xp;6?F$$IJwX$Wre2KeFk9wU}Yomjo8Amsgf>mlJC2S9z(53yLhi ze}b>SLUhB}SOZd0NIqyiejFdf_j4)a)%S{d!3O8gZ}{oSojf#8AxrPUA|zG!;pG*S z1;$&@Uu7Oq1et6eVu)esk$U$D-pq+dLnBeNpf z19@dV1F7Ith$iC{LVIy(vo@RbYuiu?ETp1RdlLsI;ocA3^8;R^D>;_ArkH9q_EX)o zG}O-Wvxz{SM1Wx3*tmK_k%O|bJdnA7ja_HAc32qohQ4a)ZjHHCq_9r>clvBF-S#ky2U?`=PqNav6oMGRYs}EetAuf zJRQ*$etPU;uhT094u8smVTAR1q<4I<+odYzX=y@MY!QP*B#KgYN3X&gNJ3fh+cH6x zX0Cjb2a*07NH2h7kLLQSwuH#1b(!yy%3F$mhCaOx5&tlt6CUwYMoJnCmg(*4l9G`D zOIM)iH<|g|CXyIepZ$16{Jnx%(Hh9}C@-h$A5+El>2a~ra#r_n=_37rB}YZ^BIkKy za&&8AS;WJ{bp5$cHD0bRFZaIfY&VPqxhy5-6n+>e!ENQT>01c~2evJc?EVm=(Pz9( zt#L%xqV~b3cfk~gn1x=53f&IaQyQZ;S*?g zsa4D!Ru&FsR!*k2mX?l==H`x$j+VBjPF8k8pH+iWW9y5W%iiPxDO=$$p2xqR=<`S7 zM#y=5FfF5rhM#1bY}P3gO8{5%Q81D;R8949P(De-mXF(wqbr%3m_~I}{ z{}ODA2|9*Cy25jY^5)e%^=RBES%eIwrDgDBQLsa(1c;V_hJ~D*o}Qlio+!|+8zlP} z3D$WFN47Xp2>ZD*rOfNRIOVdoq7^F1?#;&*2{F`VO7OEZa9?U|gK6ogsHm9GMB(q< zD^fwsp-&PojBE|&O6``CF>a@uOhLuX-@=pRF{3h-oCP_pP=z7}H`1uALsJgn#ae}! zs3IcEG_Hy!{48z;x+usA1)^WW5Nz={34I9T#thm&+*f?T7I?`=1xrPNJ=nE_ebv=9 z2%beGmqZk=Uru()m&R_bk(IqB5JU)hF5CG`jYOPtRP{=!o5q}hD}J=>>f@&L=rX}Q zCW}!qDe8VoIvQ>1V@_<|N0s=61PZ*6`;XqlgAbmROn{4F#K6ofgLKXX?vi}TyD}7{ zSEM)?`B;uvaM92847u_(S94a4xG+#{m%ep1@y)iKMWD-!*E~dhKK>Jd3bQT(ZCO1g z#C$p6^F5oK?XIQ>G@rQGr@b&;XT#?gI@bl<7P4Lz22mG4bi#T$YyYuVJLtyMxaL~0 z^xW|(NT|8x3?0SN$->Ru)zZ}Q_V6}Wmy73LvvyTYtu0wqOE`U= zYHsN!B*Y5#c9+p`H+8oJj%74>$e_*Dfg^TKGT;Loi-@p3Rxz`)GZ~ zNpq2L{Vq~wOI|5}~ojsla!)W?Ev1GkHVbx&ObTxHydjge|xeu$P2CI~% zr>(gq@Q4tgV@*>tH=v4!yQ_z}`<*o1$T&qr{vvs3&%g7frEMMDEnQiq9RSHnS(-ar zSh6ZwI$68hka2TzL0kRSoA;}yno7=}+0fn*?guTgv#6#gmteqwLkhn^?xVgYC-KDd z{5aONP5y0a{l+|bXU6qqF28E5V%yIn*`~{VfB!F)yfQCXotK=m$a5s5#t4Kp?|DubX=+AsbNTPg9GSdJPa)f1!KkEK5kl*S1pi##HhScU^X zZH3yL2uAdV9(|`45l6c?^&-rkd&2b5o&FhK1`DfVx%Y`Z9beLg!6u0-cBcl~&O)c^ zvFc^`xklFfl(~7%B?lfjpO=LX{2o%vowJs+5Xy~{HcFN+bT7O9qdr2lVm!6@h6hYss?PFI!WG zRj%z9#g)Qk)DlvwBK5Uua|jwrM1g55#N)e-M&4gY<7ca_&y<>kv_@X#$PZ}oGna}F zq0UMXO0)|;#k)7!68arqT)MH_17&`t+doK8UA$tg`4#VgH%34Qj^jkp;^cZFzN=Y) zM@BnJN{X{0{E0xq#9pude7nN-`DoK(^-Jcb?w;2$stnkH|7_Y&d-x5oTi`-%g;m4D z%pHniO;-=g+frpyM@ztdSS3u|EN^Q_NJ`0q!HgP~*3On%a?Bc*j<#mb4i>CnCjgkX zPS&hCwoc+sZnl4%Lt9B%x|zG$K5=(;CF9};23BX4wsm!Lm$Wf;CFA5^RW$u|%+A39 zw6}1#aRY3a_tqKw%_^X6{{zu~cFqbN>z3kwM=KVYbLC(In|Y^;)|Ph>4^t!>=Ncscl3#XYTWsUzd&;bv7b^}ajd;O6DH z9a-nDCJ!4M>*HUoIJnsWGq-fq2AbT~k+}6I%-p=3WY7V~*!lVSp?w2x1xh?%>XsZ( z-ftb+UwOZEe}CismnZ#0XVT8Dj;we6L;V#y5Dstyz7YD07wBHe)ZNt<@MSzK?7Tcs z@5y#|2zAU*ulDb~3?C=|-@S}uDt{~yI~w>0!ufpag53tU07P! zGf;wA30p*5j>ft_JbM!oo6n+P9+d3pJ!6tIpwdBVi>3a3=3!lGrEm@`O%XPO# zGO2FGHK36p^Hdk~7EVdwtnP>8j&Iqq<;RJoKTRG<8Gv5_J`g{az+PzmWQ;So>ll70We69bNX;T0QvW z+FeRjEAr%p^&d5dnUyvEED2=D#5vaVQ4eacWA3-rgZPs~ONe-&b)$%n;w>^*V&CSX zwlA`7HJ`JNYs#8@|JizFDNn`MJ+d7n@-cF;_z^=yjl0|U@|Q+sjtxkd#^Rv6)@!~q z?ZNRASlJ=deh(hb_Xnk~UgO0jE6~1~@p&(c@&r>xZC9vd6Q)lsWFgLNBYnK$3#^57 z9P+v81sN;+NqFwJ75p&LO19PERylJi|_!uaq5Ba`gB9Z7zhJgK+ULr+$d=Cw0A4u&Cju%@o|kfoY@iInR~)nR(+u zQ8m4}E}c6Y433^>`cQso=sw#l(7nE6%t}JX_>XS+c3Sg4W96Lee1Erc!zA(8PBtX) z&ji+JFsLA8^pLb6RF-~+_M~^Wt;ZN7`Nvizxg}q*(!ciQr5Vz6| z2LALZTVz9(AfJm_n=rIzT-uMXwTk?5=@laNaXHadoG;aiGP27%R`p@0VBxK$0^Cy0cwQ8Dmf)C_4QsjRig^?GNhbLu%P1?5I;zLr zNcNH#tk>RS8wkZUOqU55C)HYS!F3F$^mW8B*w}9Rv_vxR&BK*0f3_!>e^_>$Wlm|Yoer7rxkYN6Kehvz z)Rb5WRY>RJbekno;rn$>eC$t9Ws6xozw>)+Oo<9LOSYE7{Zj|ku3i=P|`N&d8v{hzj*ia%F20{AYkGA zgBy=s=JRLzQCvKyGZa!Q8k=d`-*N?2sQ-x;>?{IcY9 z7i50oc`sTSbi1msw!aHvA;}^9XFdIg7hV5Pggt)`X71t=Zf-K*1D!wJUghQirWMdr zAf|xM9-yHPJK6t@NQe6_F#GR`bZ%o7Al$q)h1;Hg8^yn$g8)-A-oGQbPDkHapBF8V zcj+dlw<_3DEsq5e39ZW$%l&b1J@UviGYshjZ@5&4fx{d2Ef(Tzyvn3=@I!FIL~mT) z(Bb8`v*C;R2J8B^h1WqFoFCvHNdzZ%y!n7sr1rYFNkd+VAU~r*TE-AA=NVV@RSb-&EeeWV>63UzxaGpzTEdQqY=V!R5 zZUH}A-#T3I4h+p4u4m6v3JU5QIg2=?KfbQ_`|{SyD=w=1n6(^N-+7fi%utM)tBGG| z<2*Im7*-=y5~HPf+ry4S8AyHoa34SUuK?m9cPpS~kH8#tF!dC8^S(*E|d z@y6Sz&+!MO9jU0WZm`CdR9;mp`l=~-DwPfS8e0T~PRf+5#czXoVqRL%4h;LbPu34B zkJ?{uT2(z0iRIZA$bEETcv2F#vxUftqC@b$r`P>bTM&en`a3J%#+h!3kP-9<<@0}bVdj0N*RVH$7gk}{68(e zQ8{X5zIO89nQOdC#L3E3h1ffT)30(U zf#c2lLq*NnUu_xh_gtZtewi$Plk%c)F;;xY)lwxAS-Qcsl;QJRQJsMFmufnA-{PDv zB0>x?{J&}2IE6{}yjkl_G}Ohmd$s&NK5POaXWlfa$ha>FR&`OZsoSF{Pr&q#jpzxj zh@%Xx^dr{Vu**=2JynWhFO8=RVMgSblP2R9o{?B@q-Kb0&GoHi_37GTPgfZobBTeK zPN6jPTcG;6Fs9dnkvEKi(Q-xHnD%OGOH;q^Th*JkHMMQZg;7dn^hDH2688Rg;LgD^)SvvIFP>{W+tkpDRvExB%xvrHPRP&)8HMXpiR}{y z47Tum{p^bOzJVPlqlF^pVQ5xqrI>#2T5>Q8@@BoJIENnmtRp6ot>($3``!mn1_M#r zyv)r2-#CJ&*g5#h$cPr3sN~~q6BaAhEE#O;C`zuGCngM|CXz)yOiB)eh3b?C2cD~T zdJlJ=T_}(qU}D){J__w6zjjkTN4!7w1N`xXhik|2RCLu#F5{oQ{eS6C)1iKd^;dAm z&c??FECx9^yJ|c!HMjh8iHB9f*4<6j(pA#g@rkn&G_vIT9bQREYW`ZnkpmWyT%R~Y z7j?*hg`hvyboja0`8fXS>TYIkmOu~WrRAhSFfcG66W~AS<}*kVgoJ>Ah;R=H5fKp? z83_dq2OSL+6%8K?8v}=!fRu!ofQX2UiiMVpf{Budh>n+@iH)6$i;I+&Uzm?Wh=r4j z1KJ4;GBPq6DjFU-Ivxi(5jpgEtN*osH}651Nbq9t+;A`yAXrQoI82zEE)XdQ1al9d z7E181fB*6n(+40}7&tgsc({A_;NgMV0l;+-Jmx(ta&~b9Y&BCv3KtxXkc3<$N{N~e zxay<(RGen6p~xr?AK~E>P}9)T(KB#y^YHTV3rI?VrDbI0X}-K;4nd=ptZ|B(T(yO(4ur4hsxR34d~}+(I{jf{S{p6 zKV9H|asLO^4JfPn1{6Rb^t;AOFwrMOpTwYHof}YF42ebdkI5U*UcORZtkpku1D^Tk zULKhUeoDIbZNECQ`EwLU9K+zf-?Zibx^7#m=K24JNwfP_h}&$*J-JYn~O&NiW%ELfzy z?di5^o622bzJK85^UPP{Jns{<%jZh7a$QE!1+0047G(Qg_Hx&fuP z{4qH1?}1#(gL?}%pgW2Dp_Z2rJ)H-CN<`^5Pk==JNl;(ZM?Km9gT5LI0SM)rfDV>_)%m!~Agi5@32XWA`BDL~BM@BQZb z4@7(c(A@h6ETAsr77V4>k1&^4ndd{Gs2?tbj2Q&&B{O-uY1X z_B$V{2(^S8(681uKMDbSz6n~CP6v#abVC8KCyQI33)G)dfjXYw-RO$$<;!HUULGd_ z#P&nQ@~g_|pRG6`EIofxPG74IE2IX|W8?_$#w*MV#>O#Ag@6=+5;_=mX?mL+`2VwF z(53CxX_1-|Pxz>*0fC1$JjAyTGQ}+zzoG~EYU0sOJEgPCz) zNB~*kRrEsz6#efd@oxn5zgk?_jiU-13KllX&nuP7<#zqZUs%@PrCCm6Z!@9z3`~P%{m^%Pov<`-4|sfs)*qkE0GnKX3)AJc?hG z%bJ;m(!1QL4}e-YAO_$UfLlSFTQvQRH=6<|(|_O;AP7n$P=E=HKdPJjH~s#l;+-x0 z3Ce%K`G2i;DjFB6X6tdrr0+rz}g1zHOQKR&)ZYLf&)&_v$UyK84Ykvxrjw1C|U3s^N0DK5A;x7h(p;W=l)OQXd z7(i?$RBu54f1}~n%72;ZFNG8Uz6c-_uv-~0j<)4J95u23)*m`E3_W?e#>iCpc%n(Q z1m*i+dxFe97bdf44Xq!_l^RXt0Gfd(p5HQ}K6>|TwtoT(7=SroI_jWqfJ9`-6TYIc z@mnQC%Hh(uG9*z$z|=U!g=|>SY7mVvs67_mdL%G2RL>AScxY>={M8ho@>f%U8YVC@ z;1JbEZj0yQ(Yx{TQbQtva_C@Ox3&vr28yXW6&jGB5eoR)5_#0PsW5p>l-i z0Z!#(s|de4C&Nn2 zoJ$PGg32H{`EF#OAs|k4yu1)G1bX`UQhLyw0iY&mJCHm*;9%5&KfOZW34`8I02u)& zhr%1Uk|Xga-7>y<2;>FD>SoZs>2C#!30xKbOO=1ak_TzIv2uz18|A zPEo~aqx8_0f!jBpXsWabTmiU5MRH!LngC;}1Lb$pWe2pF41zv_QXViAKyYK~ z&}V+$zK;MXgH(AljPp}qdE9%xD@g2DJ!d~gfFMDa=#yRwt1PJGD~_?wN$Vx&hVtPV*mV$Xs|mo4V%ylp2#5G%IY^ zKSw}jQXAD_lBPzlh)`B;J7+6H>-=iKZn!R`s~kq14?*%JyS=ciRCJneoeVAlDk|^ zw_COASRfM+EcN)+HJSFq?BaR5w3^x39*Ydgr)t3Jr1>>?+xdL&igECgv5NKC@r-j8 zC6x)T2l0~tI{ioLn9(~U4V9=OY4k)t?rfR$ zYTy1#`?ATY{&i^n^(7DqcL5O&Dq_dt5iaS^6_sn6;`9^V6Siyf&cFee8;}q+Ft11F zUP@(8i<$6Ep=e8}X|JEC#M&DD6fZh&_SEh40lLp#H?t?4GfCV-62}fXBvH4K02}qj zVsUAqX`wfXsSsSx^A=WpIC-!N}d=LLH{|mjQ}VBLH_(s0u-VrVmz{VVL<_4nSb<^7XlRv)Y05_3IY!jje^C+q2C~)(Lt!q{cj$6kbp*qYF5fE zJwCCK@~Ctcx*qR{A|D04u}R$GV4-SupckFT8JlQ!X^mlhp7Fyb0~Sf&;fHKl;}IfF z{m$30E+YbIKAYX859bNj++VYCxt$xl6C6h066ZPIfI>*>rY>nFuP1W{iv=xrvKg~? zGs?G|ihXK*?iX9qWR`xJ{fJ~^!C)sSXw}*pF~g?87>?#=G3|3;E^|TC^e~@bMX<2b z{Gy`~k0x=>dn2;Gj}Sp4dI^$R$N#m-(tJ#GS!rSQTJk~AV$ltV!1z?dtNjQs?D~rL zbXpY9I%jv#5vIx|A`rbsRyDkz`x)i0RGQk@4%l*l<$1yU3SkkLtLkx+~Ex2Y{+As@vD3z-esSH z#)Fjbu_hmqB~EssBuQC~Xbm~S^Tkfoci1vb6UG`5S|MIIk3Z5LSD|K{Q}(tWQf&nt z51daA9TikC)TsFqlZIbX@%k3C%8Q7 zFb%1{Hej9E64_{OOlM>-vtGui2TdbX>rK}&DiJCrX*3&le8CE9GM`aRe7%g+IG^Q$ z_+d7%ciqr#o9Mz-ozIKzWJu<)nkyACc4udrrGE_pQR9`4wP?37rkv*(dA;m?7sO@kL@2yhHlz}`2H86d1$Gk+tWCZnzH=dX)FtfOs}WhX zSI|;#1uMI@5vS^>mPcRa;%PULe4&lvC9tV8JWvt_*{uffcm*NrIqD%e3E2TN{1)1KEJdw~xC zH>sd_1FC{;#qL@>5)1)=sMo7J})| zO5n~D4Dn7mUiwTEdet@DfGi)U1z{f})eh*RQ?NVKNR^E9p>>7KxZ}nk#`&wD_YYoG z3WXCT`{RntbZbXU7sZfb`U_0Dqk6W)O10J*w~mJ5%ar1NEMISn8+D#G-rspQQ4`EU zaW-;v#QkHa!H$W0;Ir1Ud3tgHrWcpwxf+jQZb{s&r-`@sF?d6i^On?U1O^`iV}y~OCNL6#Ba)fuZw zp8ga*X$D2xQxT!|G+n`ik_vdFK4m9)Kh)P^57~kyc#CZs2S}}`i zzAymu&sAw6XkQBI=pJCG#QyBiVd+Qx5c%L-%`+?SN%-<0b_Zk8{zfRbF=ln}UBtHFi5-57aAVj)sDAQ@gjqHiL;%#iv_f!88-7T#hOGw7eeN585esp6khEg5$ zlgiC-BSgrW_IcQxaalk;d80ryBB^puYEk@&vO=0fdw1N~qn-Bc_M>W+k)vnR+&1o~ zYmYOGVmrxnN-iG*hzR_A-EsqxU%G_30a2#JP27MO9(HNzl$-s0E<*HWQ$VUYJR@9# z$pSqJAAaMYO1@*X`WT5Bw*&tbnHgvFbi<`I&a z1`wW_0-H!!#zBnvigJUO|9Z!go<3vX4lWFpUm~5-Te*%`#IuzF`;ZkzPd{Qct7NqB zMCSBMaqbN-&!m}oIY&1_87^yk`tSC0moO_WahNlM#Jl5OF!&yL3mE=7v45x8hKXtu-Rj-Mk8B^KS$}y(jxjyh+iRe~-<>RyNrjw1dOA%a` zT9PEokIbYG15o&~z@KM=ThNv&^&2x)tV9f9kKD(yhl`k(3in1*6}r{U5$>Rou)&A8v z?YgPbmD}Dt!ayr3{IRH`cJLmNR-mtJ#uC^NZWk+ZRLPYn~3^+dHFfG*x_A)dsWts|U&F#3(G8ei6DW`T?nRC){HQ9_=ke<2CwLaY4vj5!V z-Lsce`qG{qSz*%$6(|%HxMglF%#mab8C&iVNON)q%WBec z-1FbEQR)OsQWY*5D`7TF2xkI(F{T>Y@V$K*9XT(IEYMvY>!}*oKC!0~=6sl~wPQ5B%^Lf`KK}N!fdT>9(ZIHi7HiC< zi%b5ZNLv1P2>7h%r423ZYv8t?yR=AZm$=O~vy~L}+*(lbO>n=TE4`hbW^$8mpZBv) zf@cxC;W~Degg2n_6p`(qGF(Z{=?BOD2uFJHW>-NTK!#lr! zG~Ucvu9B(^ZpS#4(K;YZvL`42Ef*&*%ZyL8NS%uDU~uY^Up#I2cmow{hC-!8&wl;{PCGV|uLH7Zh}_KrAh#1I;hv z++4XvNl>xj?Q>9#^aHb2uVwAHlf?(Zmr*Y&A5q4w2s5^x#;njE5hLGw)x+4dXvek% z+OkW9Y=BukSrmucPSs3<0=U1-6)q=QvwUF<>ZrZsTp~0^vt#yh402=nI@3pHK-%A$ zbdBAP6EtGAdT6{~XiRdNX(%_jK}HlW@#9>*8LL!DaOU_1^qfHSr2Q!i?jug|i;3ga zO8<*6W5vyegKb~*x<$0NUA%GrCey*EFTrUF2jHn}0_=2AchJTAqhgk2T}LX-Q7-#R zFRh4x2JC0Cn1U21xV%7w z=`bF&{Ti4kchIh|p2KX3o}%4=mKDb`3`x7{V?3}ssW_{SJU$rtg{hlY?hd;h>|I6* zWM8>n*Zrsq;4hzLd7JxXjuFj3N}^%9(Eq|~S;=$gbWSAAeasp~o#MkgAfbS}B6D2O zI4t<8T}||8Fep>$Aa3tlwsck0^7PY<{gX7Rh8*hoKKR~w9CyTprp4%>AjNYaNVJ=% z;}F5R0ezgLy?SD|EyD6~d%49zNXO5=zHS^d3{K_w@qlE@cP#d+THwKmy>=E-nnuF$ zv+?WCJ-|LsK;=%4z0hNSZbb5<>`UYu(D!oI6`9cLI@HnfZwdG_CAxXW?|PpIPQSPT zncGDe)7ef3TDdgzIRJNl$25Mf6X6qM>{CasGqNb%@ssBehN!1P=EZtvEB=I$^6@%8 zJ;I#&X<7HDxOOn>6gEW$ADHCvi<}KNIQP7!=do6I($58=yM%Ng@E85pz~6bp=;t!V z8BXo+`4VFv_a3}=;2HoLf5kv!7YMS(%hE zx?MlOzyTZsiSxy`pq{!`%p!x$1(DkNN#;-3$<$iUg=L5t9L)0eO6R_1V+ir**xrEb zrg#iw!#EV4%)|tS6>q3D#P}l@V%4XPvKwVvy@flZLK!(tC|tB_d&EA|GuG;gXfs|8 zvneK;AP*T3huAb*c`;%9Yst06G4vML7N`8tR-!|2bj(RfOE zEj15J&>;t;51Vd4;cwM}eZSP6cP$@C4{5$-A9v|I^KQA89#pt)As~E%YaD{Q3^a$t zseAycZC`HB`x^tV0n37hOiJFg5s^R_Y09^guI+_Z)86np*7Fs+q{dQKmn`G`CfwG? zsF*2FpX1K?Yj_!>Qk0T$4P^WXg4>ELJS`iu#ba{vucv*@y+cAhs?$Y)b|N0yf7fF~fKR!X(*Q89u}H0GPJl&^u@BZa-wOGd}K`9-5G17sV1LT*eojOIvM7 z7R@v|eRo}~1iWFZEUrWJ48=HTn*4I>XZPN*fb+$mj9T?l1`t_e>U3C!z}F6DEML>M zG(@F8e#IpJu-Q0#uE5dSqlgoRqTxl@1WBFw3U4?|T@b7Kcs|E4!A>Ii{0_8&*S&Qh?h3hUxO)zD#PH@cUL)&uh$-^I-VYy zt>%63Ztgl@zz4BLwr^syULCcsYSyu$ZxaZi3SUKiASBLx5tejH(2}3hq2TV9_Ebx! zcO)dXsy{*Y50kQ{`5Tyl(oL7nb$5@noR<-<5LEx5V}zbIEKS7sZ} z-R1g&$tC(twt*KesavJ@z4^^(6gstYhfeKm{BXew`8Ef`cwbLjG&ZjF3CeS@gv3q6 zZ;fwjI$HFr6Cl9tnzCk$%V*z3x8DFxw<-c-^(<=}3Pf&F0Eqq9cxBlSOP%s)x_yg* z^_H)i6G7XN)wuf+Wz8~?jw}{@ah|;*J-H6<+McBkhn=VMMhk0DD{En=pY=!hCX z)~`S8Z(N+~T*KdhPPAH90&x9haujR{OFUs#0%v!Ohy#`f&6QtuyA>NS!u?F;=no9{ z$fYRj>%Qa_eyKR&Pn=I#lwD#wwY9F1>#KArlWj$tf*0&P-+3p z$1xD}?MJpxc1+RxSq|1S3uqQDTGVYyCeu2(U5BHE?ukCr*hw9G8HM#kj+86N*tpUq z<%l&p3-6M;1plD6OKiB>?rb;1LOV3N7OQ$QN!+n=cFgDMo>Fxg?ru;jZ?QTaGh;=b?2 zFPo^7Q09v$2#MgPWZ>SHgoMO16W!G~C~Uf6c98|AZ7PHgin4gP&} zRZMN7ALg*#k21QZ;@Xr7KiW$cX4dPFv~0k|#gOhd*0!G`7zNs2bFaEnrWeb)xH20_M)Y98Hz~T*=3`v#5EYU-uYl6e15~bL zvZmqD(l9?O;)uOFrn?<&94m{S^$q!V@DGnQZqXa0@pD_bXQ3Vtk>E{{oU9XSY<6w^TH?hEi9&IB)A!Ge6sJmcf}~s%4Xt zG|iPA{jdjDNv}gI`MyO%C&J}@_Oq$v>_Md=2c?P#qg$uViHwZq}!A*#1=B?|JYh<-?U7 za0B~`WWDEcb_ca|^JhhuU2KDn&{{92FYUt)WFQeWD>ij8!qoLPDV}?jWO0SAN9rv& zW%BZ$PS9yrj+6Atwx-+)w%Ck7`1*_R(Hh*@QB&=f7Ng(SZC{wk@u56g1ihM0P*eUM zIOSQhl|kEWuaC|^==WKnX;+6vPO}OxY1e+JuKepHcX`X^Xaa3~qxKfVQ=BTrqOTRh z>iajKZgfGJkxC}&*Ubq_N`=W)7~4jEm5W8Cm4=Jb(UDwFI{+OYsXa;ll9KKv-)bnT zUDx8l^!g)F*)di2R!MxmG27n-^jJ5BlUhW*odgJ zIa2amRL$T`prB>QRN2tw(t12Nq-^l%$Qb8Rs%E+tzxLFjioyqp{8bf#NJOI{%Z>xL zf_;Pf09r_YY%#7ngo$6NZ$2x#(qCo#SeRg|Ul6sxC!Y=;C z1N>-i(ykcQH7C_-8$p~=TO{Y4Eh&0rkn%8t<6+35(V=YAU|$|(pta{~L$A>di30Mfm1?fRNy+G=3J zIMG5l?&h4~N5X$Vp~BgtLq_yei?q-c^2BbvrbMK?{L4bSZUGZw&W@&C>NBeOud{U3 zvio~ohN9q+o$n+a%UR?R77Q?=nLcG10ftF9R!h5a`oLtQ4tQjsz}^qzgZ%4<3+aFx z*=~orkywa9$@n(5u-jito7(ZcSBATq4Ycb|k~;cm4#zO##v1MP_*Dz_T(vC+Sv6Zn z_tba$&56p-FgImfjM9oOb?a&v|$%tCv*+fHn82f<7ws4rLtInM8w=vq-%I3Yw&}Xt?No=bBub2$rw?TG3T4xBs&%3Y}1*?saO< zy3AA0RP{#DN}oEMxhA%kVa=@DY2V7Wy}U;ADOAXxR8D9Lc=XTOY5!y?Or?j57kH&* zWHSiAsGpTt>96z`>@eJ7XC2t`mG4$|a{9h=$$mia1Kgk>IHNRQwqNW?j9BCc`Tl67 zK3MZ%#3`u?v&!|L5vzhEgoV2p*L>20HA;JhMu}G?;Y&1PW@yMM+QyG+&PQ=q1+2Q_ zLA;;Ho*)m|)!|SnmdWd9y|X+pm$%V0oHdkKGCA{hx$IUD?T*2uq(Rm1BYpFxEN+;l z)d`S%yEA9uflLhRrD6xKRzs~u%G3L<0dji=gE$(TuC89D;(50l<-jgAkYomjlMLO6 z2X?5@f30>vcgxj5TtG4VZBE6nb&tf`TONwM#_a~+uOtAI(J*Kl!0j&(4LTkd(AWQ; zPv9uBs=yo&+Zm;YFoU>AKr)8|kXTJ#ejnJM&%N8Qq$|up7e+K{-QUe&b?CBEYLWlg z1h3=cd=S!sQMcc}K+*0Bq`p zL;{t92%4tw_jR!U))GLrcWD^^ zF9(J25P3Zl*=lvTjLJdb$B@Q>CKjp*4N0qPy$3Yt(0yYZb@dUpyu`nxX`rABX=?7< zC1DeTiN+?8013n+asjmf>@$O)D}A>T#!3a+06S`lK*kannmv+yo6YgZ8IT=FZwt-D zxucN&HiP3f#RR%tO@<;*mtzWKi2S)Tez)aKmjesT;gEhv+vL5a;{?8g(MB`qa^SeE zfS14y;sey0daPdxzpfLQURP+KNk zw9GB#8s|ywWpK)Gj(+^OR8Ic^v8JGu9T@!QB4}n#Vd*ns;uNA;G1F+M3is*)2RN>W zAdjLf=T&eS8zO9G4E6oTMW*Y~qhLz5-&9s5b+n$^z&thuGzG)8Au>ff9XT3}(vS1o?9bk)l>CD_;`1?V$5-tsLH15 zS&s-|T*rBZC;JznvuJ)#)z&LUSl+`mnI6yAe8)KiwzHY=B!~yZJugpAkEYphzlfON z#i=$8x_!cbTn>xGM|M)}@%A)rxhB7tDUF$^4-a8+z;PBXXO*F-qjg0O0rX4zSZ4Lqcf5xG3oW<6i0c!Rsli)IS2r&J&p zH-jJWGq>L%k%L5&FA3?731=LclibH%YvJx>5uXMW*i3z+{(`w+xXN@GU6yU)T`(V2 ztTb%i3GXB=!G4Z{(tNc>xy86C828BAULlA=Nq&yU2t^vz{Q3+Lm$|KGdGP@T4dYA3 zH!|l9prjiRjFYXw^bB)TT$Xs{AZv%fdX0@!MMe5DG2Uy#Ma3+8QN0+lX;!mHTuR*+ z3?=X3xVHka57wVKE`RpZ@4Fu4Lar^9ko1d2X=$;sL<0AZStl9j584ZUa3PdoAmU*A zfRMLdf2mvES$P_9*h90u(NX1 zo#8K7Z*h*mlo5@bwThuKrf&3r2iA|}#}+W|zaRPBP3Y5^EQX1hv6=SbnN>9Q8)uKMTE`_G)F8f${?)2aQ{D3Hq5aS8z z;?7Ii184rOe#H48s+^Fe`TD#CIQy+Q-I~z=AcaP-k6}T zZj(XVP1h1HXUf`P*|Y%ogv#-Oys8FdPt8}*)u}V2AVW0xBtGQNfp?x^Y#5SuRHJrM zDODNv5QjN7XcM7%*exEk$Mr@O=rhtK+OHG744RMj3z-ffXA{QiHTRgVzy5SylXeSa%G>P+nNl%HFZcGt@fq*( z&TX0x)Rhz744uUd6KWRf;k5hN{NH@t&+CitJ#C>F5Oh@EK+X2osrMJ%Pt9GnseX8^ z;Kj+t__an@*!7-|bS`>tn2^~DsFJ#%W#tEgIPqJfYG^3g{0w5&YJa*j(jjI{Eq{F6 z$3?C#CqE4QHTflO>1p2ils&Senpt$Y&(Qk~k@wRnr%|1}3wX`33ujAS30`ohSnQ`E zMy0F32IyAcqqe$;9zknebEXAXEVpbk#{Ns075hEx`Cb?Qc*dR@=?{l5A*Iwt_*LBYK!_SI%78+_Fi~JUO}kAtNwiks2;4CF8i>s8v(-6pJJTdsq-38)3b#Z`_t?xOnkJ zz&S;y_S8V-%gagumz0Ii_xV8a=k>6aec$6(jHO$j7&be2aBop&;Gc{TRqDmeAMzDz z@o^0~Mq+v(y$A+^1$ef(B^mr;}Q7greKG#A7(K6Ir9 zD~B$+Pfj|{KuFI1W;jQaz{hqxMWrFIb8lnpKKm1eI*W6}4j-KwGB(Z;n`Di;Ao7`W zMf6P#qSrsN8D}B_t{=Boh$eeAoTGI+-jOla>fW*|2(BAut%x* z@?^u?p7!%mG!KAa(2u2WfF(0}-P#i|A#8=z%rikh^J0F7x4l|oe=2TbM3eSAI>O#4 z4#`xZaj3gl7Tdw%V>!sr2G!}Ve8B4DD!N^vc4wKi?$T~ z@K~-h%KEmHuKo{y*MlCCEt{K@BY#gCN{tE`8sy$H6?-@0{>JB- zzd(5i^r^>U-Q}f6Vzz1|>U*v7pIC`DofQX1U&_j*Hj17kesp3u_0)mJ#9K55r&4eH z%Jzze9E*_4)p{d$<;BLYI(OgN2UoPVp!~O6by!L&3zCAcTtI9-g=wjwyO!GWhy~R` z3$@wnG?gBLLGq$Q&Dlz}?`jV!^6p& zwGr=*1V?=2jS3~4^xPL*A(4{xWO0eizR*`8W}QxyWpD_7%I+9jp7?m!>9O0@>8yw4 zlM5{`HN5i5dOkE@GK+CA`cc!R#a7FESV@Kc-1loQYB|(+UyEcn3sf49Q^!N2ALOJx z5g0#))af;_d&+KGfjM6GG??A;{d44Khn~{&4WC_zaO@j`5N7$_(eIU&FL_Vgzh{ht z*l+dakQe~f^_e*qhl`unCp*T2=j2b~TlBCKas6cuCndhzY@ILX{_K=5&@z_wT{&=STCa2%w11LKTiNlJ$Ty~@ML+K+&)-T7F(4(dXV+?fG$(*l_ zzgT+uns4^YMLg8n>iZX`Oe*FdlMX9qEzF`?9WVYO`*w|Y*Xixb=K#yq$hb;hns z)1H7q696za@^me+hcNS~Hgmt!tz_Pu*`8UW(Ef}2>E9Rk3pv2(0tW{@Tb}w23B(y* z($|TyF>A;oi5}7*m0{An&S42IiG~~RvJcfae&_S<+t}{A_`tzTE72=^>R}Z#*l_mw z>C<9)&!^3f)_L34>-AT0+88Mnn4|_TF|nB)b`@H$&TnaeGs3S{Nc+5EaxlpzPDDB6 zEYLXKG!m~DUG<2x#wqd_2HD8k6vfLC4`jMOvJ&djifJpvKgc(|rR2=HaZ-x$(ji`| zh@Gj@gU`78r&Kxpa3A!-6PVX3%+Ei3!|DFO;nQsJRwHQfd{IA5bg`Shdb{4}^_^I- z>oDH=-Q4!WiyN!APU)SVJgWMcbV*M?PnPW+9PFIqT%o%B=-Y#M`y)BqZCem0sW+#Y{`?dzEZ`($yvk(r8YP!Rl9n(6AvG<#V|?WM&ich2O5^@Ufs&BtE} zIFm;Osn+cKhX+ujUmIiZIJ}d)j8en~)fq3U+=$TXyCHCllP|kmRsN|{e$W_q0(a`D z@pHO}3&WewyyYy*ueWktQs?ZH6-)$9s8M>%b(~TO5+G?Ij!b99E4n3wtbzqzq2Z7rSi-ppGmf z;O+R9A^-1(5q}-luWWyb*q^NS#%k5NER^NKIGRXBiJGB2=9 zW4p^4YK#RueId_#` zS;Rg!T!rHKo5S^-uD*|MLZxVl*=FfFzCN{4lfA zrOBT3zA*)X=YFaRJ6}A^D}obU&*mIfy9s>s_(b6-;KFOPF+pB;X|(YJFI_5g3SgH6 zB`QGMQyVAXHUaSlXE$h*BQI`U*4N~?0P?!~XCPAXt2+#YBweZpO2O=i(ES#v{fyWC z#aFqOQ58b4AgNr^eY0*Cvc;7Tn@Hj(_3`gC;R(3E`>hk zxq8aja)uU_M6dxsjpSSa)aY1Y8Zd}Wi(IUtetr*Y{xWyy6f)nYj$m^t+O1aCinb}{ z2~vGsD`2qBb%@RQWNmw)jQZxcuNYCBX!T~!+vaz-6jqJfTGJ$(mDhP(QWuUHzDbnD zByKD}jVi~R>YK%?wGZN2G%swBCT$mO%@cL)ix`m|-Bo^ApFppRqn~Uo?(k2kg}d!r zC*+(I5^Qs9sX8SDXUU<8rkpCN0!f8zP=FqSPnxKNOFr$dFmSd%_9#FrE~xkL`Zof{ z-AQYkWLM#OE|udRnGB)u6&3(B%op6kBs!Yr;{0kRmrmIo6|`igJ1^9vm%KjNeOW?1 zjPH8zxX3Nl?{eAq4e$d1yaVP#55TDXFdaiDItYA5K}1)(X}AJji=-q6uq$F-#4+d= zYZ1ft(s27Li9Bq21zu_w0^N=$I>M**yzcL8TXemJ`Xh0>kQ@X?lH`1`L2EtHqAPm_ zx-zr!72Th;Q&aT{lxknlBi0vSz-fsRU(X?7QEwK}6I92Eo(x3lr%cjF>8}m^IEl09 zA2ulr#C5phylxRH2z5VXneR{uRDJ7nd;j2vB#%a^yLd@&Xx8m-HiPtfyflGhr!L6c zzZ1-;GZ&GNknp{LGs?lL0;4e&K{ICx?d7K)QWHCPjB_R6TrmtAWwFb&X)@>IQ7*K)DTUFuRUufc#FUhFT$!TSJ z^Jd;WbY7+SBaQsE%e3nfU75mCPV$fX(GwTFfy@qXVcvN`!Ehd$Cc2VhC$=$!z-9D2 zz;;WoNBB=5?wZoC2tdC?oy)|%E~!Utu><%}{y`JQ_EAv1!t)>9+(#w>c+fAcVh_8oQ0Jo1dr?u;Xe=zRpJ;3i58sS;F> zFQZ;9@moqJn49K2zUgyFGqHch`@}n$%PFQ3UQ8vnpSBHK@5kM%n~08vU$ZhS-rj`- zjV7_mI@T89zK-uReCn27;}H?GF08XSVWV4De=bKv1@j>_;DJ-3)QBoicv@9LC)XS7 zq`#^|8|5@i9Sc2-H`BpUr!$=~Zk|}8RttXdwsH&Q)tkRqAv4-6;Bt_;P{vTMiIwsx z6LbE+>QqXqm(C@w{R3o}=}fMla=;0iea28Cb(PJn#OWKizAdX=GQ$^n3p(#Yc-Rp0 zUw0uh5+}OmyqbjtECln%Z9!&%)qr#>L56m%dFapDp5o$$HUGzDP zX!<}ybY-6QIe@dm7Qg8bk%)_ie0;mkJyv;aY?=_lh``tra+?+%RcUP85{Lu+!UGG}Yvc9&F{l7$vNa)sN)?$U*5|XIqupWb@pq^P-EvYSe5P%<#OHLpr~n8gKOy zFfCmcQ{pn*P|+Std2Z5GZUR$)j!rPL%4{E$eUQc>~Xi<$RL)JMFEQOVClwDk72xd?6=aWth`Q{U_t(rbRj6)d)- z6MD=t);=nIg!I^EI@k8NenpIuUDglP>5p~8C{DvNytwkG&WelsGrPFm`3Ekyf8WTl z(4=NzD5|W zErWdP3jbFGNc=F|$%xACmJMpCi(s9DulH9r*5cmDbH3N-JivroLmkGU3E|T5L}!#4 zRyiXvKH%Yxo5#asOSqqEZ_vT&BF8`|BVX>#OPoq5*y=|}4&aw-Fo}-}>63fZ#}{wqi!%Gdt&~mr=EqbI~yP{?(} z7QHC~V@`5jv#l&M8c=zJbdjKgQNX1D;%bGp0<82l!rV!xdrrY}jh}~C1gy~O9ov|2 zd|iQCxh~)IW?U4O({B5o==9qSbfENG zQ@6*r;<=r384YC@DbOpM^Mu_7=ZJ{AWl6U>5kKOdbydzw}Y7V746LT}`rvKs|55F>p4JtSE9zQ`S$I8;i_a$?%NsnMDno_P(*)Tz zxSz*u8FWD0uEP(1ZI+v%Tp8zx;aq^LPx^??&Dwk0zPVam;cI%$#cVLk#qN>%1q*TD z?s2S<-Mz1}9t+9zy>wBu3YWGq5qNQuGVvm*EO=9#(F*ZRn(Ig4Vx9MrGuNGcGQvASaq;Hn_Q0qWp)*VjfCtB3S8Ct#I|W2gV!QQG+qlX0M-MU^<(_ z7{q#73z4b!wc)jKqKegcXI6E|4!Z2@dYjiSq|H;MUd}+Qkg2CHD9K@Dyi3WgUMT*V z4}Q;MYu!iA!m_1M0T)_AmxAm^t5cIbKeBrVUV-Cx*b0;f_x_;3q@#4^uqC+#lkD{U zbp609DEUzwmjH(xwYABwDiV-?=YJHlRr_)M5u=Nc0l0U1+v-7|CAnG}T)tLASzCVP zm>O!KqJzInVd#^rr=eUMXQ%Ni`^m#LipqWY5}G#-?wFq#dl*R^{eA->;duF=;`elX z!DtVA0t?P0;^l!S)r9$`3KhiRoH5b)dE23DEAg7OG|aK!GA3`OM9*s|^)DA5QWAf7 z{~OO}46&d4sbQWKoTbp_rM|UJo5cnBdrW1}H&R5=x~=p?N=bgM2(Rcdi>Ikqa6=Vg z#NLv}T2qkxWA(^mkDOn*e&{)AV{AD3Bcgr0C)}@MCs8VGQvF@x`wEQG$TCyQsO`<~ z?&iks)B|QTQF1Dkj$nqUtqPYSyh6rY0|cH*#D7#)o#g(}41IC3qGRm%GXTnDoWp9o ziMLFPxNELi3Tk2zU^-75Jm5F?d!Udz`DW?zb}y2VVE6`~@GcxV?K8nO zbkBAkk2wTJhjTeT#(^t8V{IS%#xoxwyt_nU3Cw17-wB2#<@2E)nBY|viGAkdANZE| zK1E{ErFd8KU)7jitio0Vou^R( z(X{*x!2rA7_wm(qT>C?>rmpj$JIvJNGcvAPtIKe=<$39KEsEWiP;INPrKdT|q$Hnp zNg#}OEG~>X(vErON99+oq4yy?CDW$o+n7vHwxZvQvfJa0Vq0<3_oE6xWs1O-a-EmL9^mOQi~D(o`cB9wx=YZtk#zi@6vF0vBl;%kT5W=X8!b3-KI z;P%m{k-jb?uFTb|O8Y%k+FCuk@Bt&G2O^g+h@BhZS|tBlMjiE)=Z2^wR7;}99^N%o z`szQ-rRj!|&?|jZ7;Nk$5D2>`8NJrYN#9O&N0z|Yg96sccnN=@-_`A^R;M72Q&@*6m8XZkJ^T-e+ zPLVI{yg!D=3MeI;JVR=UX|kWinpMp;f5~vBS^P@echB^NaFM3V{RMD)2maLy5w{Qbqs?lJwHZR(y*O zT-o^M8hw80Hc&RMH9n`yv6bJL;L`nyJ73iryc;VWW4kPU4)uB|W_Gw|6<){5_Z;NP zzvU} z1u9nT=-m7U;iomZS6%E^>Tdd&1%CUr$`fxa1}UCLNN=K;tUE2`xsvZy8(YL5-HtjVI^A$@ z;Z|96^mU5op1i$;^EjHT-Ci;lW{w+3X{Nz%yiM&sMbpVVRUx_cSah!_>yqbS$x}%enjqjkZRM;NWH z!^cjzW{rj;)O+lnbF&E$nHw5SnDtHssO|pO7Gmp^6_?)_W*Uib;Vn|tbD-g0R zj>p7z$YS&=R?F2ylUiHd1=6R2kA8SPr|$V`hz>;kXmUm=tunX1WRo2pxP-EO^{~_T z3xXX7-w#5UQF8uC$FzEUdF$vp!zRsYj%N~+)0@^X@iCtO_lH?}3^tdbXU@j!dOxE^ z<`8r{7w_1;cQ1)Ho1~yS?cHLwWf<(JB(HC={`_lKe^G9mt8UZ=Ze{VaPM1o`yCop+ z=3>J)$jO&gfXM-=m~J|VR9a}4DrLB3iuPHur3P@GDSu@vhz?j60JcLN3;|`{z0xdr z{b}BTVgFe;2k@Q)?x2R7%?fO`jsguR+=7+#|DCsVw9F!vit2}jv+h`aP?2P>1n4L0 zq$W!+PUitB1jcxjfm37DGPC4@mHocF(kk0`3?`4Z@$=CAtap>E+xHwV15S#c88j+I#ooZkJfq=4WrKiCCYpUD;L3-L znXnH9IcB{{IHh^!v!f7?4=YM0ErjK*x=0g9)5QfJAWtK}+a(?ba-sNhPB}m(?w4=2 zCk?{nwA^*T{6?;;XHatf%F+G9$J_Jt)Y`}d89-cUBml%*v5m7QXD?+(X0-#-FsBXy zzefgvk^l13AN=3>Y6Kx;900=*cm^v=iV852VvvjA*)vn9fu~Ve2pIyy5$DT6UJspA zK%kBO8>i4VW#uM55Id+K2$q9(?h)Og^Lg+LZ{Z`9%wg~;hq@-gy#lT)hTgEpn^UVfFlMnPw2xD~MV z&w>5==~g>xDAbXs3rrdi9WaC7ME-xc@* zgM!QyM*bRLcmnv8-}IycS-i;1GCvV@!VoZDfG7_*?ci(a0)TG`%=a(U3*dT76t-O6 zo5#QA%vYz4>1RX*777{A7($M*?)NfrcD1pk3y|@EpCnVi2+#{bQEd@_Ncnrn8-w1f9dF--vDz;My}F>mG|<0FJIYj zINE;zYX3cN#K9vo7)oHR*&T`jKVO@R^139^e?}m5j~>opXm2GFF2#FOHxSU^FWq)9;1A)f>qy@Jx(`aVMp@7 z0Hm)FaJKfq)5m~}O$Ac}s5}`J4eT>e5(;4K^jJYV*slh$pG7rYVB3!d19&7P1ps^@ z&3hva0CRhnIRQ@d18DAl6NdUV1s~*`)?K5=ZjQ!f94Xy)_qlVaptB0yrLju3pbhoJ z7!35pL-B`)K^g8OH}5Vag*$Z@;=4#dl= z#~5p)t*3d&z~xkwSfVgb>{u)tpJLz*Rvt{R!8BkNI~l*B_3l<<$S36o2GIHAm^qR0 z)1ec2myHtz!|!(~vE?29$=e7#ybOxyJ#PZEy8L2+Yz726e{~FznO8xVH2E7R{<3>y zHl01cf!wU5KpPF5w|%!Hz-58o1}>OF^>2PnIx6uo!}45vwMuV~jd2b3Ad<=IeR7y| zr$qjO_rcLh5jl?94HuozhoLO;@7yJGm6#%wL`BKu%r(KE`zmZlljzn4tP}e(Gn=#< zgyA$asc&J}0>Tl%w{QWu3qc4`<)xL1<8P4;>_Sps0m?IU45Fq3t3sq7L=Xunhl_(J z(4!WB=_AkpyqG4BCOZ&Hn>E`s`piON21-uF?rSVc}Yw;UVvl};4ON9f}^0@gI9 zKK8Dc%NWN(3U%cVQ2R>L{nxG!{SQy}L#DBcxoI* zT*Z2aeJ?ICJ@Fyf?UhYK_nn+INrwOM0QWFs7yVI>(u<36%%KHes&!bd-%PG4^Z3nO z%$f7Z3kRqAD-YQ_Tq-y0H|QH=DSQ{3en6HGgrFdG(|e8-a+iDf+ui;{TWm*gu6(o5onl z0shDH{UL-3T(->3zX>sD<^87!LYxZ?`TvmOSRVmA|4R{kycXYUiYaZHTS}5#55n#% z(}z;%%J^STp^WUh&BjXk?#$&SpvoCu6AVFp*bE=H(xuGHPzw7Y8(fc4z!yLw>ReVL zwybDYBtPG1F>A>#HSYu};@Xq*zv2~LibJ3;?kBgk`L9?-mjbj%X;Ua`vZXx<5CGLq zNE?|IJe{11*&FCk0CPLjOb+?UG|ObGk^MIfv}d9I&`JL{M`9~SI<`0qQQJ$RbR}MF z0PztQ3vf5}`&GtNx}9{Cc)Q369eHj1)-Htq9DI8tV#_cdlkEixx={(@L{AmM+n{Q& zJvojhg7-t;!}0RsGcv3b?dND{f+4GOq6^D-19^~(PPJ}Xu>)HvopLs30*=U)0NKqOM{Tp&AtZqh0!atCd#E#d zd&gs1#IvO(?8=I9d8v`{^OuED7jMWH?T6R_Wvt@OL8|K6!hC1ON@n(MT(rM!tlp({ zj7G)ut%?W0N{rgL&65I+huaV}zVhv9pU?qDMWhn!juyH%-*jqD^V_6PR$@JVc#O-q zHu-3AS=VxAK~nye^NpdA;jcSsvUK3AAl~Z7VTkl4=tOXbP;5~J01_#REl;6G6`&S| z$zC8Li-KnZ+z_(8%IVLCn5*J;%QC?=hT1xbAG6l8_AnU@jq4e=VZ781NnzkaeIfuN zz?0??pdlm@uyuU_XX}l?w^`ny1whNhRu3E>G`4sgj_#3IbeS9c(r+Hjs>h*2@tGv+N~f|1pv&L3>gl$;HCq5Pn+C2~Qu%ge^oKFdwqu%a+F^;6(LvefanNF&Hl zTGiPAkwCuw`A!>ZXZFJ z;E#GtVczT=Tn;2#H z!I#EP4yPTmFnP`r6u9_$_?EE8FhJD#l@AX9Qm#YBq)N;dWQO_VK%c4E7lp-rLNRuB+&XB{|?C6YBmn+){!{5BMKn=H<=w_IUcT zH#vh2;_PnMIJ_mW3SH^eg&V9cV{>GbT7Ng-4LdQ=~OoD`5N-i&UD_+4$KFoatExBhHx1IH8m zNo9cN3xUUsAn5U~)%HVH>~fWv)ujgKR9=s4OkjMCK>c?Dy55CIf_M+VK{N?;kUj~L z{6zW;dSDaBEC37%NWx`i>pi9dS;W{TA@Ch+{t3x>T5<+`Jc4i?ur`rDITyOfei^R2 zr;~VyskIJRj~IwK;CuYJ9|F1k{Q}6?{N#cB$qfnYMIAYl_)jVzatk+|`d(fqW3RXS zzP|2MXfMdIfgCYN_5h&HzO;A=b8w0Y$jAQchx3-H5lxes062K_R^Bi*6#tHFiiAX9 zN9Ci_f`z%C0qO>dm7vCsEn(nW0ulHU;fq+&9ovPVtYEQFC~V@52AJC}pf}_xb|K9g zA*9L-l0L<{BiCEwPVMH$DVm?Z`vll4O~(uObuvIBZLA> zn^!Y=twA<-A$TiIC@ElPd1pHYQLApb3t1B%Mhy3&Ud^O1WWYu*te2$Gr_nSHKSgMR)+yi7uGR zy8B?1W39ZZ_(@y;l@^g4UhXMh8Ld#nipDwu6qixq^YeBgWeo|A*q$4~ht%6|u~8qD z>U%!j$-X7vE9ZZeh+MyIceS8*ynkU#BpL9ip?^Y!~8_T#;38%Jr(IinqKgD@ibFpg4h%k%4=CQ_{;B7erDI z2dm*W%?cBR#%Fn|GTcUv{aqW+L%E8_Um6+k9eHgQy!Hw<&|+9rRr1N!qyDL`=!=s+ zj~(@47SJt@b@A;r=r*(WS%pJkE?1wq4??nZ3{E@WmTrfO%#r$O&n88+zO`Qy@D=Oy zxZ(QykfiS*lz~~R3?l8z!gtaHS`Qag%p#^>Y@oa{KS%2c-nc|G=~M?8K5q4K^@ zdoC{rD#_lvaNu|-SKlJ~+xA7`{skD8AJ$O8F}{7FGv;tQbRW`m0(MK)?L9z_xriBqIszZKZfYu^&783*CT74UEV>c%edsljF`uJ|X6;Tgb*2QxhJpL>XY%q^ zK2XfEQ-YI5^Zmk@hHk!Ksw3YG^D*_XqlgKBl3w2!?)H^KlGyct>Pz+6A(1kn*zQCa z@!;n0=DO(Awh+}U!#`Dd>>T%D+%@jA*a_*j%ECC@m)10?1AJz)a0UzpMunb;2XJ_d z8Y~I&fYgaz(E=J7Rfu{ih8SOA*q%YRS0Rb1hzX<;@Mf&wXZ~wu+Hst=p%koM6NXik z%ng(xzIGRKqMTuS1d-(aSu(>k=#}yK{X)R)l62!fQvxWyQ2sL2Df>X-Rc9}`@|ROU%!)bJ)}sx*;qh^m+Dk3IiiC8QAYM7|}z{ zTM3-VU4ZyB{G~##A(^emhtbl%&gY04Pp{Es3Y(yF`3>{cC|JaJNw`JiJb7me`ubA+-1{#ce3L~V4)gmmIM=C2d7zWyfgsrWNxm$tN)uS%&2jYB zP65z)2I-{Z!{J~*;H3^=n{EJwgbJ@Z0~|q}e#CqV=?ch0j(X#lNj?j}QZw5;#W=SN zADKVSo}V^@(R*F0G{`Wjz@58u3Hn1XA~?1V`TYy7J>$UxcWpwnc}lguMi@r~p|8`?s?$o5D^}X*uo#fwa^9rc?_1 zz1emyAex{+)8x+*a;K%|D)?~>b=-7*V_fW(yc&V@r28jURQi48v++s05WZocx>06u z7EFo_l&!)n-|C|DgT=O7V-ta9%5QI@zH)KFnYrJaEz(WD z*C<2@-R_Nyd~r^6vJt;N4mLYp>VS-sCs#+Lj=;7CNjVUzsq*B-r^X4NUIy{GDNR?pXJC(fnk8e-xLfj00ltBr;63Zah z1pFB$idD?tg1BSYXp(whz+RY|n*VL%1(+)&*>S!>p1$XJ@Rnck%1`szNi$%8)2c&m z32ko@y-U_mMY&_h=dcx>_2umyI}o@R0j0Iy+Yu{6QuB@=Iz?|`n)=o|J}+r`Dp|yJzx#IVUAkh6q+r}>;A~EtGQkeDY63F zRMZcPggzG*I+SR1?=QT=FA#%}#2yD14?sBpOxMro?ht?g*)kRS0V=b9)R@f43}FCW zNCrae11+$+f9z59kAUz0`5RHsYQ&0^6?`2_P8R})_gA{`WIB#_7Lbl*toebAFhh*I zJfitpJeXLLz84kHsqvuoQH_xOTNY6V%K&^1IN8leVaPRM3GMw&40;_*T&$Z#03hNAuF4#YctD%x`}k5s=Hp}meEBGXc3#&?I-zpsnl)QR z_Qlf-RW{{NCvVXSWH@3)Zy7NkgZSbrcf5W`sHf_j6;-V%)48O}_m3fqvSMBtqGVT1 zuE8L(52G6BrO4b@B~H-^S-47@d7eRPaH=q%?{&_?LxkSAo=%? zn7$Zonl^5BJjXbfXkD2zvFZJa*z_%^ZNqhng|l!C@N?vHpQ7tA%?Gk-VI3So9XZS^ zU}-=(G@K=Z%Um!ncV8vf5k==bgs5s|PmIYh__OQbJ?oP#tKt-;iIK8>gC35Jk}6|{ z^&rLWmRo(%<9ec~|Jjpcka+(qmDv6w`;0km_+VZ; zw8gds&%X1qN}9YB`BiR#)#txO2bo9w9%Gz99Qb9g<4w9-vI!Tla&F8UZC=wmKq)qv z0T(u(fiOeWux5L5-n3t=uv`pjRq7qN{E&VpaZL+vvCOdxaRsdVpOK`7Qe+@(MOOm0 zy~Vr{3-LOUZ;A1N_CIpUT|`=y*rFzjCp$jm&yQ?|OCa`HV>YErKON~{yt-mGfRb1dMWbwG=-4O38>M2$>sZG>r@-kR3Ih_IO!yGJN*UnJiqr#&F*HSq3 zu3d`?rf3s8ca=<+NX^eiMtqa0R4KKsEK{hvC%Tl#P&)vU0NWM=WS*MpZxoQfLm#yF z0R(EHevAMhUITH=&k9#)Hz=Vef=)Ncf8%gT#a~7VPWe99^_R8!uFL7e=Pj(nq@Voa zKV%duz6fVN*{l@>qBW$HZYv}4O1e8V)uLw3XXuLTPb? za!iSkt)3k{?Oh0R2em^O9#`3T0~}4*CVX=X-B1IC5St8VG}6ZBV>I)KPQ?j_FxzC zn4A}_gxB0aQ@sNZE!_1;p!ak_06N+;?B%1ZNyyZDK4LmSk?&!UQupUODz{+xw~&=Z zJ-uG)JdgeBO_Z+VZFb90k8R!!w@-=VHSGRc5>fBVKA*0S(DK+y95ZutKD7X`;w+^~ z;hU<8CB8;aTgwF3#uH3H*ax+3QWC)NI!eOjTX|eLg^902I9@;^%fDOAOO+ zE)Xvb?Q@C#oG4n(VrKm`%0bgzWs%F--j@6Mgx0BB;z{9#uvib2FJj_K7i_*uv>9Qg zweA7!o1tpGZ{Xxt6& zPgGb+Uzsq4$TvS2AA5lvd#X4p`y?s6AMampm+c3;LbT1VqslCvY1#3eQaviHtMV|^ zFuY~w65huuSufA}PB{zDfgNBdEGg}LUo>XBal6}@X(a6LfvgHSM&#td!!EEqCYtnnY97?ALD+)fdhpi>ccO6-N#HQKp$9{u{RJ1l6;lpk<%*a>Zxig<@W_mu&y{3~U&#)2BikQfrhpl%aPQdSBe*dVzWw$U6 z{9m6;P=D|T!8u81u%<8s2=+-b z6snPuoHru~#dh#KZ!zpiRul=EfI6v>;M2!5d@ksrx26ta0A1U@&}h_mt}Zzelo=&w zl4-HFSx?r)7hZ`bES+3s*IYGo(dwjwO!{0fzHEl=U-DEnD|xBOdh}{4tK*#LWaL|G zHt6gx{qPpQ2x7*vRZ@99VSeH*WCvAy&A67`_$=S6o6UmgFQV0Z{x7{HdL6t=G6xo+ z@B%u^s=r@nX4{7E$UEz{sr$ZXJKAougxo_y)8jxK=F$V#l-IX0>+*MuMoUmk!s!tc z8J39k712eJl?Vm`O(#JPb!)DFyEye!@kd%_zJWrd7u~uC1m7}-BE(eMk#}pne7kXB z-gbXGI+u1dTw4r7(R)E^Gavff7j*CpjhjOhm8E4L3X4l^o*t<2{tDs5`3X_Y-$q>j z5K+4wk{Mg}@mneV2O*wC`99pW#5bu^7q^`;z|@KXmE32Cw)FPduJKgqTI*9ww`|rE zP~e3Qp}5UTpRY@$FuWt}Z#xA5bYP!YcW4J9;cGNzC;>O-eh2TgOpoFqroj?e{V{_P zzUUQA;9umgAf)GItws-OaaanfReVYu;yqb~w=d_N1L;q|Y?JNYOrG5!FuOR^r?o4_ zmwTG|qV2eWFXm(zExs^3I(etosPB^0EOZxg%(UL(VX=$0Q98>_vzyg&s#L&9iTGRS z8=}HnH#+X3!UZ%I>b~C6sT5C~Lk%U-6 zFRuc4!eC+$0r*jf;VDpH-xmMVxWN82J^zD7uEyqD`O^W()^2eV*{2cxQ5X`8Jm?{W zd63-w-LzVDk=nVr!}VX-7$t~&4t=(R_zcX`pP_g5;wZ~TmqJEt7$v30YkK{?eak7v zp=^i=sb5Y|+hvqGz6IoG+hC+m&}mZ}{ct)o2Oo`udE%R-8~17@K=M?9j)R%!VehTX zL&5hfUnE}ZjteL*Sg64RDbwB0BLiwjV&`R;{&(|Xx|~f_dOXIa06-VJ3rn z{&0-6FA-F?bwSgE91nmLQ6=<~PPiG?CO&`Pw+?oj^b0)uQR!9aG0lkiLD-}zTmgEYA%sN9M=^Hk9AY*GNzin8tjX1Sq~joUxDx$48UIeq z=PpE^)@FeBKnkL%@(pl0$<_RnL+m*@b1p^~k|ar~($zKxe(;6T(!uCTOyGd_Ouz#} zv?mo(KnbTAARv9x2sV3;25uKf`O)|yX3W60(O@CfVH%mVX+Q%1&l}7v#-m0&Te9== z2$!kaME5BjX>OLI`GE?ZhyNDq3sEfv3)2AXj}c@AF?fumHb~Crv@oy37HNT!T!ew7 z&txz}bQU$xLb|%BNUGX}WO}v0HGSIQD}vV0^-ZD>RWUv(W7sAc(pyNp@FV~9r1nus zo?{(o=2aL$7;r}+I!j?hBJdZ3Q6FYf=(T7DOss|&y5B90oi$N>lymYZt*(qc*vF`+ zhJ7_*q3D%8%Io(A0viyVE9DXANS{F zuLSW1qx!d}nu0%1EDA3fCu(W;JYpH^wxE_`Vq`TNP6VB_3>L)KhzUDD^wJ3mQfu!% z@|~6ac%fJ6RAcAiqE*Acn{!FKEh?~?S_N{OHs!ERl{lXEW)6-C;_tshz8fvP2{#3p zlyHWfbwQxL;oMqavO#2Cg-B9SfNFUu;;x6_7-~R9q$YkgXYONDcwASmut*l)q%Wtp zO#@<73%^4OXa-2w1q8vs$_ofwRJsKyJ@A9lL(YsP)rfJ3yY1-*B}sG|$C#Yuo&jcX z#6ST_VH-nq)tWRtGKSb(oxp!i83ekRcJknFFOY z<_64z-{C#^7xr)@@*nUAfuwgcY%c@Wh3lxZe|+4_S5oH8C1%EjylKm}KL3v8MgA<` z9aSB?qoHUpz66|#24JClXs@bs`Ff}(N{hKhX2ep@7|(%vKN81Oorg3+x#c#T-!gJY_E8TXh}n9@|)PFE-zP9T}A5 zBK$SK;FvgHKu16y0O>^Qmw=oO;5B8ETEq1;qLz3a7yp@91Fe;An1^HhLGIWRY0Gg? zkp@UC&~>zZlT#8)qBYr&z|kZXKYh09X{vF6(LL)#bmN&f3J~;7fY;)|CP=l0lNg{R zZTHBK)l?kx0NlQX{)zczOSbr-(m_e8X%vJ6OLrJ}mWM2P>FDvUK4UK-XuxGqYOZ3@ zuj*8mt@L_{1+;s#!k;eY_#HnLL8>U_IfqG|AUN9{qPLr;B=9)g&e$_%^|h34%Au+k zYx_bTS^&ZIR%-O|>dTn4aiI6IsVC6`AlwJQ7ne=7*AAwsKLq#7-A=(53rypq8$7lQCTw zBeWqgj1Ve**!{kpW|~6k!IQ~%u0pf!-ZXr!OJ%ZY7+So|Ko@Yickv|d(YNNk8On-P z27s|O3u7QT;JmNngcEEKX!y55je7ZOZN{e0aF|T=GcpV4_jkcYV4pDcDXh`*cH`}w z#_rvQfK<zpV-&Lx6LG{GlCO6D`Bn4)DTnn~GtNvr+q- zL`y=_znlsldiHh5;yCC|DbrF0-qeG z(Dd}-SK*ki+(Y?2@j|Xrgzevp=>8-h{6a*^H`{T|?o)T4y!l?w7C6-IWf*2yP3}Sw zmQ#O1%6>xHs!Wx-u2!PIOgo4^8M-WZfTQi(dIQ9|(_$4g6S|$j&Xa@_84$!burcI4 zAnX9eCn^vJIh43jg^{EP;G5~ey3K$I@5N3qdjp`ngqRYpS{_5!8hcUYnZq%83I6V0 z)nW8kTwYBISF?f!UX;}OwkJ4MQ;-niMFf$Uu)R#0k&XH5tJ!WZYWxHEVRyGJW2xsw z{0{2hi)c38+EgLRcoFjD2yj{_Y#8&WCZ- zUs*mDvh?H$-yY{aG@?$+6s)O2aWV}n@NgN#In`^Bj|_kLrk*90@HI_TMGO1rsy7Y9 zmZU&v4=rZppIS>uKGGvn8b2!5Bs8c0G?imD&P#mE(bnCqzK^F;$%gZNi2U0@H&5&8 zN-~eh2stnjffq#(B&lZIFm(8mG`C|z3w~Mc&PQ8Xgcyt?%hBA#^|1&>tT_>xX&Y_i<7~DztIu2203N-=Rg3q_9n$Z7*qXyrEWP(ohy} zLvOJ1eiL~A_T!Q02JZ-H9h&w<4~l8}@rR#~1XuJk5-4^G3cmz#;4DziUc}5sZeK%G zfZ{etW-EqsMn`zG(uw!T$!z^^1AJMe(U= zHqD>!07E8HMc->iy3Y?wIn}qDm><_jXPUn$V5yU68~fy zS-{bY9Xl2lfFiEKNcx`N153XYZ8=;U1T*eE--VCfkp#^>{wlqKDT|}sN4s1dT0|#G ztzG@Er9NB8;;1K5H}I^7csXZG^9<)d&bI46H<#S^;~L@PSr8(?QEtb&!M%doTy@%J zsH&^w*(Aan40u{hU-~%+FYkA(EL%-sMgO*UF%AS&7)dpS*reZ8lw`m8skYCBkF(>7 zzM$S$r75uv#8^f?xO&D3fVlCL0`rgJ94*}g>MMfs-o8-%mZ{9`IOsAc2|;2*T&o`o zYMbg;RvU$giaamro=3_{?KM;s={}My6?6Qwp7|lmGa{)4v13hjiHb+fhU@s#OW;n@7?I_xcBRESX&c&6-hqWP^UTO}POPR_va1y$e-yx0idg>Q>GNeoSk z=y(TCq|tNzIu<(PP7!a3()Ha_?XNW--qv@LG^1%#&+Jw@9J%|EUFbS2Z7waGY5HbB zlxju)Df~~!IFp53|KMfq!}ARFmdiZ%x8?5asaEvm34ZtbwWz+HFP+ly9?)P1O?G~9 z!t-&nf8|c)e?aYDxs$|YW?@_Q&mkZ^qRPnBprB`9MuG$!V^OM4J##(A4GJbXXC>t* zNc>7PcofL7n67kLCrAQ?4B#V!K~tJYGa!-yS(Xd%45U16CpT(^{GjAKK!LfFk1>I9 zVN@)j`M`1Pf825Sx3)$8A`Oa|2i6dgBM_ujpjz3k2~uR7Kcz=*BKo@U7u5a%iy-s$ zt%?W7d^4Js?mzR=y(y82Y4(+epLz`|i-U(vz087m(aTv|)vAEcNLtl41r2l-NZL}G z^9%`yAY61>EWBI4XYBdVkt1Z+cmIXbycMR?TQqNQKK3f6wDOXSwZHBt)XPwuaEGj! zTnxYlBLDtKA%YZ!EZz1(FBMGUnnrev>oJ*A_vZcGz#Ezu|9-#`v!vpe6<0VZUW8e3!oop69P7dMK27`2B2OfQAHkvj*DwKV2MVOIo1!eQ{g8`N0UWB ze&u-sN9v49gjqAr&n=bt@ZF16}L67~Ug{nV#g;Pr|?^^5ob0EGp5T)Cf!|BZMNZbOx* zx*nd~YzJBE*upJ!-QuE=b@>f_Y439mVjo~jM{QB7Q*jg6qO8qo)|nNmX+<%@`G9Qq z>o*GD_uV~x+Pd^%=%E6Rq%Y4PkO}05${(K`s3n)=rT~2rsANV{Sp62}3W~PkOR7ra zhh4WiKLr|jE2E9KlMoZ`RiM7DLYhSp!G<}e4nDmv06tSN8~6slIBXV#eObun;}<95 zZ}0Jo(Xnq(Jd6MI&VWGs0t~$x5`pI1*~6BYK*C!fPKxk4>IsnPI&`%co0!6Sg-FOT znn^zI@4)!+^lQ#fjCDtxQCC8j<>bWjFMfB-%g-oF!pu1zwTAg-i*=CcL8{h`9YTCp z;%oZzUTlfg>Ne9odH5nTA}#t<6qp!AcX(euQj~fUI{+#c4`J)jjsE8(P`Zc-0Qm%{ ztmFb5_fKw-HMUNAewY>HnZAkxdAZnwQ|G0{9o_Q2D9hgOY`OoYZiYVJgg86SN{Tyd zL#|+*5T%|$5wB2WE-EbGAoH^$OPT5s+@6YbpT>n*bX%wg_Uhe>ia(|S$jJ4@E@0P1 zwMK4xfpwG00O@{NGc0VEZiOdjD&JP-M7P5(Z|aO%Bzb1KLuwFq3V9>;F5g?Z)tU;J zJ+43ri(Fd)8#kU){lFdu1X18a>yAzGii4Yw9)XWz{umU!ab(ve-5H>PgzY27*!F3x z9M_)v9nreWewkqXs4=Ty$A1U*wd@yX>I&vN^KI$3pFgpA?cFf8p4_UVExi38OO ze&my{BBH}mqe?leS&&Ax?BeGp2y-o_GZKu5V#@}9B0y^j_I(=Gh~WnfXb_p7wAVpb z&P*eSoTzd2|F}7#+*|7Qj=BeEwQqZi5c@vKehi(ei4Ibsj#Bkv{C~;V3N%#_Lp5ov9K^p;y5qo4M@8Jgrq88|RuYLHn z!VKb!=Hg23pix9&#In*yiRl=zY1v;R3-?gUBwV{|zIMnJ>~4%->~N<&m#|Zh&9oMk zoa?5_3P9Rkq2PB4il;#74i?e$)}t|E*M6kYre8;>if4FXRzTMTjvo=K3XbvleHG zdoc#5n+`S0BUjNx8#w1rNc#e)Pb1(vMPBay2JG@y24bY2(mbaw+6H;(gjp|k_B$fZ z4aNzZNSuYQHf{F5a<{n=FsffP01t^<5WzUf3f`8^)@zb0SvFingqn!dd!I(oPjjwE z!$BwP(zLl^zjE{`Uuk_-l~r(=o)qS z;O+rB#bv#5smO=w@WRG(^pnMavKiz`a3YbX;p+e*5s}F5QMV8;xyLMpZf;pp#bIF~ zoEHwg)1Md@1NE2=KKghclFN|ITE}1G%CXXgr79OKaPoRIK}Z84P4*I9mzP(nju=<80pavuIlojCi%8tC>P)_!(Q| z1RTB*+a3s$6~@ScgSGMN=RT}?q}qNh+G7HT62cU@whpU#UKkgPt!|Va`^<& zh6+5Fye?gUo<%ec?vD|~V**@qhllJIo$gUtg{qzONz}7&Qi9$C#pO$<4w9=6R3)rE z{|PZn-L}Xh-WkURNjfpv4LCMrrgxhvy(`z~@mJ4kHIr@_2_8_7JgCiM#-+FYq67?s zhO~K~(S|(EkC@wZT;VD~zjx=8cMKnmykkB>I=u)A?YCff9+2rmwYoEUi?tjTY4ziA z$~;^$5R}O(;N$$h!cthz^{oO7$Y%e3#^Y73L%DNxZD5;1pb>r~v=~7TuU?3FaBA}5 zm(RNA)jL90;D0_Ja58>hp|m;?7IN_-5v#5zW^P0lHg%9WK2#RPNW5z~D}-{fD3qRC z#eF;yV^G!g>2FTXWOf-ij$_Dbm#cS);+-a8D%Rkd-^InQG%d&y>{> z5Dhmcncx*O#`784ny$nTU$}+(d`E8o+3-iSRrki%JPGE-MTONr;thmOE5$AQN^B26 zn&1%_1$_poCm#+$r#itIB)K{~4b8a9pOavOAZYBKb zEIdMAhii6eP$z3JCnTmdOhXHQW*_xx!3T1u#epW$V|(oS^bRGZS_d~7zT$Xo_R70n zPB|@2lS9`(suZ)2GDWxVsdgJhg%`IUva5JCF!ZI&{g{4uaPR$nYaGj*?;i7~=35M3 zI;1YYC=fJ5b>T;~_!w7xEANL#JWqJixgJQ>hfYrjL_rQs3hC1ItQfwSg7Z~L;h69B zUoI}{G4M?I5~R^13NkDy4_Am+I|%4uisw2=&Ts7cc#sVadn@m#?BQebh_>*?IYHec z8`khO`EbVIF~^U4FPFi5b5R_KiHupq>c}R;xb2>`2&cot#a2$|7DA0X`E0oNF2fD7 zYQ(A7uRU~YrY2ihQuNrSbt6mXfYtsog)6%NfI_dx7RV*!iN#|>5_SC230J#ro-xVO zs9}tsSe@u+v`E^eF0#0z#2U8!08u5jFvLn$;&B5G0-)9tO1vz-+6=~|R6c}lKt$&UX?*Dk+0!wfkBj=8{D4aia+QDdG zK+R_POSu2pMk=&;5fO@mGY_leTbSFmJKn_M^q;An)PF4VX%*+I`0{ntQ!D=38amGEyO`$1J2vDHknmxn}0(2!95N}cIKKjfvOWD<2I4}KZG1_ zF%%Qx4O78#I1lHQ92-Nis7qDP$drkD>=Evr{S@OuG(1Z;N5FlYjA&g*2)udq z7y`a-OFeDMZQ-amV9a8UGq^LO!ErmKFff14aqI!3I!|iT6~EBrU&>_oxH##lO4=0APQ3%#0TJ;2 z-D?2PM@gNwKl6o>bH#&%sQmSdC*X<5<4ij^-}(hDc%9c#JO2VxCXh+d3ja+hOau)M zJ>c8O2XH^Iko{k2qwjtZ(_zNHusukn^eZW2wJ4x}CzFc*CzIN3ow1Abp7u}Pr2YX& ze4T;79dzy#(Udkk;AITRN+Z~&kLkVKK3u`HUcftc!wFiS&z;15L%UfJ;tao2WIK5} zbVLt{BcEvELomC>U(&zDN~5+9h;qdhp&K)(^^Pq6Lzes1v(bKD8`#M_)OshnNRcOI zgr(@BrqCdZHpKPh6v{i!CyOHjm-yO=VJ1c6$xGui)T|3g&<$4}lC0*vbB?^a$@d7& zf-mYS4J}Hse8AlEm?knig(-ILVB`XdydkxU`taR~c*pY4ey^`Gg2UDOlv(H&(m)?n zRpU+enKzJ?J-)P7%JDbTdS2;!CXQ{L9I4hR8>v?i`;4#^u_Sr~8s%(Vd%z<09joZH z0qAz?ohkIIIvb3`05O8YxFf=wcT2XJ#~r52G?O)N-X>@GdF6Y|r9*~R{7vjsAjxVx zp5_$9Q)awBDZsa`52Kh>)b+MbW5R<|@)N{8=-N4f2MQOFZ~>={3Gm|0=wdG#CiM>< zN6#LGSzWyxI#m^nn0$^{|CquWQgx6it#RP&SsAE<&X{8H+PvD4V7}le=(?(=5|iDX z>p{^}D<_W|XnY$pH`?Os|A^)O5$z)~bIbC+q6IbdGJxkHmI&Tq+DEt6RC*?>A>Ja{ zh>z!I$z|9jDSXDM*`(zWj)s?n%^d}@4q;+1Qkfq44)7gXG|#<+vEBbk@R~@GjBkkUfni-Gc|L)eyH~FW7P~Y%x_G#Y$S$*_tw} z;rAL@?gL+SPPT$n37piJ2#6Nfh5lS@dL;LcQ386 zf22!j#+!Dw&PCri`Ym}>J*>jv6T-I168{XT7m6xQehRIF%i3N4VaY>lmK01 zfcU!$Z(TxF07sN3oBg1~0pY$yd}N@uZ^S+}NJb&I=ZHVFuxTrOD}bn;;Z;M}MnZ%A zZr=`DGa_F18}?Oj7*Bs!TF3bI{c%MvGwMaSaQA>Q->viq3iO$}R9B6L$T$gaTD#&E zow*Sn#mIaoRi}|Gy=2fY#4-y+D+=1)o%-~8!ZO-dY_9#Utx|9uXQr1`m*g1DVPwj; z|BR}a&8`dSisjhn6k_sqFWclQ^zwL)=E(>3u`_m})LQ>37-HD*>!fg`)3#R=rSh;< z09(~0PXSd7Szc9;boo`@UG-?_5l_R!#|IJZBH&JGd*eIRCQtFaTNRW{z64wT1lyX> zrK@pPmVO1UQ5Eb-|F;UEPG&kC+8cXK)f>mQI}MNdLyrL#8R{V@qoIR}%fIuirR*($ zl*dLiZ8iETz}KF+A`aReGm_pEdw79-0*CoqV=L7tQTeJ;!uzU2;h##W8+DSG?^`OV z->yZ$IY}BwePRTfO3e54OW&pe;2g6&1{Q1%ST+nF2{$^WpRC>#x~QG^g6b(?JHr0C zS`I`5JJSZFh8{%W~XUMqbU9@heH+E+S%;dL$0hNnc9@QxjHj|9K?pYgPQ1(?2de*kt} zfa++}fa4yR)T6EdYCSa6k@b-o*{?%CuGCTr7m5V8T3`j!ZsusJSAl)@NcG}djnw;! zZ*1|AwanBtNZibTYcDDG%{iK6Rk45-J&OP!>A7}*{eTCHgMS&Zb5zbW(eX#0u~kT@ z%+|@Qz4sA8zGr++k#ze2SJ-G^I(`ipc5&UgA6~!Tx$%%8Te{cvKC+N~l)IKu>HDBM zJ*N{kC2GcywPV5CCr0Yc6(@0PX?EG}!mxQUQ;pBp<<2~HI2d(SxC_CMir*T8g|CS7 z*&*Z8((?@7YE`IjU2*h_RQj62GD+s{u7xdc=K`M%kkf!Rh64YHQm5m?N`vT>5~bj- z{YH^q27%5zSq<$pwgb;Mz1Ipl&6Ng)bP6wjf$5f|FeaZTA~M{UhWid*bI6V#3KRJ{ zbR)+50rUNS1htpM*q~-{u2!|?!d=~Om)?I2)DjmwB8saJCz^v+Ehs>rA0g69gT{<8 zsFyav_l&qBbc;*-jDH~MF2Ub_I;SxnQ$+Oxf$y|9&FB48bDW$A`w8K)n8Xj(uVcjV zju>>dI+NQ0x#LDR0!O!E;avQgm=Yprwg}a>kSm&j+9rz-8L;vb!fRWn)ss>7jOs}2 znKR7MtF&d}L>nDY9Bf|$=mT;6CnOlHPT&eDLNVB->Gs{zu6}p_W&K@J@+(o{a-Bcl zt#xHM%2+>Xn)JGh{acu0duUw z5sN?I1lpDTIN@kdf{RgUFNuS7Eh4VS;>vr8eUC6M;hIHA$TAe-?$h0%DDk#)(c(sF z*=_FEN6w6wD5JeVy7>?v3Am&7KxPjkhAxlL5f9eGS*vvHaPR|P!W4u*$0s|V(=1|( ztauVjWB>)0KQ6Ko|MhGyD*|hP6g^2g%Vc`Vc)GxG?D6>R?}nMULri3jsgZpc!5OlG zw}yR`iR#+T48^wa^7aBv^hXc7phM>#d#S4PVZMGAwmKx$U(iWl(d7g82?)ud9+Yo2yp#Y;5di%%GthH{Jiv$$ z4o`-zPOpYd1fCXd{QhKr8h@g2wcwg7NC|PvmB!wo z?rRhbj<$yuA?V#Rf2^BSobOw_r)Q+r9*a_?1>)t3xRkfK}M2l z6eALcp_XKGhjWSL?CD0>dJ)Aw43;`RFllN+9Gvw~=u335$vi22_QkiRgJ3F(Rc^PU zv^#IT;u+LsN0xfCV2&q=i3hpmy>VjAus`qA<9Y8eyeC=nQ3PmqwJ%F8Pm+$a218f& z!byxzDV)r74DVDwSU>zPGwpSQ?~Ps*QmT3DGDFW!RYUF^SrP?Eca1W9oKiCVr<<^e z8rOMJjOKEG(Aa&ch)Y8CzIo5b9KT2dfhxETQEdE+l$ddP=M5nj!LwU8%pl6J1|_JG zGVll>Aj)8IUZuN4fasjt*WSKPPF0dx>Yt|r-JU}TAcF7nz2Fpt;d)Pa8a~>&N-z9u zSYxQ=;)nA}c9S29s3u^491UjuA!th?t0bo)7o!X3>rCUTDbi7fei4-p zodp;P_XD36OpRCLjbA@_hP8S=`ivFd|B|F$^m3f$d(w#i!L7@TLTA58u(33X9J#Gs zP7t&z?RXDOlquTyLjwQXK;+ zK#hs`u3!((B=ilW_v;C<(Oth+qbaohQ7Yj#B4fa4R=6Z=p94=sW2w7i8ghU3r7Iht zy=ch;S;R%h80$p|I1z=?A092_SNCDDi@@;By+B z!G}f2+mx`NPLhO&VJDlwV!?tQP(vT|_vMyGW`A1Gy156?M(V(?b!i8EIxS9Fow)n( z68<6-%#AM~0SRB&|LR9t{T08%gt>JL0hpeFl;W@c>B(G^YOYSK+N6-rq+$>dIVFYI`apQTla={*o+$Udn0g2ihuyxOll|mAmSt z#<3y6`BQ$8%B>LZcNVwuNeuY5>U{H=QbQ!N-Sud6-vwP!k!~?V#P6H<(WZ5VL!Mp9 zW<+?hV}7ku#9G|PO@3SImOnOs-ZaSTy~HwS&ab~6o(a+rIv{FyeQ!Xr&*k|lopEit z8iKNLxrbxSBQb6^xrt}khdi}K#O6`c*^iE=R^uOM-VX+g(K7i}Tnfull{gLtW{?xr z8{K480}D{csx&(&6UVbqA=Oh0yUi(K9W4y7I+4w6ZKl_M^pTT0B~(3la= zl^R~!kDKq%w&-}Q4SGZL9DtT-{XIJ+)19&@?k9vB`?n6@^Rh)E;U!t+ucAd)ktx5o zQ$z@mCL)g~?))bT0jAOtlHVok8-!ye(>t$R1ic-~+#5;2LU>Lg^_K(UzD!oGbs~}~ zQvggc;FX-Q3<2B(V6_I)$<||g02@I{)_hcKh#D3 zVkr#c;iP9CI@?|hwfQ47pkY3l4lc!q6lXy41V#wP{4YQe8KMV2OL8IzS7v&t#1Ge* z^f(^jBt-LZ>F`V*zRz;pXPl0Lnjgh>?NQq*pFoZX;NVtViW`jZNO51o06EozPe=v z8orifSHJ=M?HT!6VvGvsznB^gC_C(V6`T?-5c$Dbi66do5z#ECv$=J7<2EL1I~6vO zl(p@h;Z=T*syvu2%FGg)4^iK(A`ruNd-0CBb>$6_q|*u|_i3I#d*Es(xz%xc(;x{< za;EOCC@XwVzlo4$PWow!tOkJ44Y{1r5iyBpvu5)LpTRGe}m9u{dtZJdzJBGGLaqWb$_ zj1SGl>iHpWdy4bVwO_*~xFx!H?r9YpUANwgYO53{UL=9u!o@ZaoqgFTWH$IOV`g)lnxR zm8hM8`<|YK;FiLyY$n<%FG=fKRki5!+iz`Mj^iabXN#d<_BibN+IoqSFPqd(v`|MW z*U;IeFuE>bcLnjXkSZHow7jo-f-wZJ77{kR5yN>e=Pz&FDBDs?^>lGNe|{t3Kv6{G zl^AV^2i*s7>CPioYvJGFCdomVeebbV-S<>m1HY{m`YOfKGn|3yx&X&}qCS9>v2}^g7%fZ$$=KfE&6{mDZ@Pn-cq{+3Yg>hVF*t5XI(?5=Bt$7)G^(m z=W~lWk-Y-pV}Pu)0+x$%1$4(x3OWYc;4MOJZbgFS%rOU}7D8~2*mn}+22C^s)IwYZ z*P^*aVp5kQYpYAd_qkis8yHo|rK=0@<`m{ zbjQdmzG9bmit&_QzC3(f`k#V)vO~9`1mfer3}=uAVRzc||3z^4t9YJ48+ttWk!|aq zcuKi_M}wA_K_TMNQ>MdEei8+_d&BofT82U9ljh^c!SJ|d%6O_hz{r|XKl!Cs`&(cD z$bW19semp# zW|oJc)A6SVy}~Eb^LdhpvMsTO32JQk0!@Xt*hp?0S;|f}sBo12lw`~C#nVhvwW9kg zZ}MNIfjnL(N#-qiq3~g9($1(-C|Mw%_3HxjedZg)7!B>kP33Uops$s$Y~0%AQWBwDM$^nXJ0$5uY9AU5xKqI z?#xB0nrt7^r};JS7vqPh3XLpI5SOJxNK&3@rBBmJxsDgMa#@v-d1)Qg$4}*vHLBZY}!mt~rl zA>7_e5`;LHRFDe1O<@`dL9wM1J?*Sy?ZUj*62yXDwha1_r&}LmNsSA1+1g;Z+emuJDPTjE9A>Zxpp#My?r?AqbjDgOj0pjud z3p_;BT`@y+h z3To}TEaDgK0*F6TT^DnNMp-md_RZhil1e{wZ|J*PPUWFCTCr9|A(C0b2cF)NWaK%E zkkn=A;^s)c@k0X+xrks3mS<|}1jU$w^dQ>lbHEQkf#lY=Qtj4YATezcSUjicSe!hp zG|IOEx(F(Gc$0CJF)mkuqY8HTZJE&H*K?R*h4ZYF7Oik@l335l6>Kol{QGu~L0{)P z@skA{hR-JYdqx0j8YK8CSEF}`ZIV>ohJJu8H?soE?XNO5tMLTW0*aa?51gKeX3>9| zEj12|efc213Jb}cMcz1||Xvw369bm`hX_>odck6N_Py$Jl=0)4^t=-Yae$2y#7 z?TOgr$p9f0T%;zkwyL9};+zBSSk1CB{BREY*>7p`k#|3cwqJ9G!#il{0=&*)_Tw8$ zLQB=Alu^Sk*6ua0G?QJil>AWRb9VT`#W&$Go(w+*anJz0(9%%Js1Kt74_`ssd}U3R z+as{R6&AW4yV17@)E6}1;O|aHjG7=K9zYMutANSZAJ&oTPmATWuU~tf^Q^B;?_^{^ z8~X!W>hC6EnE>9nj_Yi46eB3?(Sk>~VF%NYBV{44k>^iLjnn9)vQrI_WQZt{x-W}* zl5vIj>WoqC;f?deRmM4BAOXH?O zYfm#1n^~@W%y|y=97(EmFaQE<&IUYun^{(!Op`_In-5C0d1Ku4_?8PtYf-@QlUKM+ zr&J-vyUoFSKjr46X=Yfcg&GggF{C`uyxsuuIt(LuX^}U`u7_Q(d&v@5V1SAHJB`>J11|k%(RRf4(Vvh54zT^g zmE8{&E-rkl_0`(TG#jO$gqHt(*`%=8nL6Zp@b#A)kvo^a8kr76GO6JX^(l-v3d$U6 z|AsyX1E({UNbP0`-L@=@Xece@#FWn-s@D-`b<2O>ywc%>dU!A^f$n-ymABMg?J6~e zFzLifkqd1!cZe!=vp5uok!}71$H1PKOsUfIrfb#PMZLPaXwc5B-PM&*ozLM}UX!mVH7Gp)b~k}%%Wr$N7dCbq zGy#H=z^d8PO>#&nsw~A8h0b)jPnO2Hsh@N#H}VKj;%Ao1-cI(d^7{!XWy#rkU7*NN*I2oJ0SJj_Fr zpw@Jjf}Pe*VrNj>-EjI@pb9%P17BShAwO}*(Fr3fxam8wT~U@1YzFCR2s&kDG0=y; zr>Mnrwwjjv-aP?htEiSECqJLlVV+gu%bFVj^B8`Bo&;Qslv_@G2U;2JfY?|7>noK9 z(wBp^eM>d3zZ^@yRx+t?eHT@atlRw|S;mMk;si6tplGiIvFI z>qVszOdwkq-&1hAKr;AS7Vm*H45RbMhmzuGZ;0d@HfeEm#?dEp-$=^|RaBl)oQF7P zEkg6X9q|%m&A^0hS76)N%+X^z!d7KEHZLW)EoK})&`B@G)A(eM$Lcj(>UodQNwR|V zPlz)%&I{1t8J{+dtekBJTKL-lDcJFX0#Ky+<GmG_ZSRCuKT61-hPb%u;BMQj;I|YtZy^905;GI0FxnG{Gr5g zG8bzkcIpm_Olkn1qw~+tYD+ykuTEA@09p<39?(z35#!`>az*K~RDUzUvni&r6C0c< z`XQI~grYJ4<^7xsU2<}Kg?zCywp7Jah`rc}Y`c*K>=If&cT=%Ady40|M^M6pzJBM4 zlc7|CFkPU^AA_^Fw}6)A9WrKu>{|ZkJ8+1otW4fqFwIS5iv8R$^sy1=kqm~}0HngO z#WlK4ikasnm!p0-jK7(cM2GmC=~($vv@LBKKitI@JZ?08R2^5I!df(i-bXw-jy^!l zs!!;v=*vC!?d;&wOO~oN?G_O9y&fy~hb`rI91EfcxqMjFldEooeHOl-WXk%q%Ft&sIrgNJ;Go7E z-}m7GaS*~P+6vqf1)x;tIs!If*G?(6lenAc@2*ZUBt9C!MJ|Iaqf_VeaYZGe!+YtO zF0-*eqE5+!?{^og!<>lccC9`q*YpGom3lut)1)>=`~q) z-Jy$vX;E57ParrOTzepfyXpUBi^1@NRaR-lMg6zktIaoygUsJG3WNt9S~u&%*3J$_ zhI+)!Cq!7uRu|{p*0`p7@XkShpDVg_5&sdS8=~wHjPe|rc5a4!9!zJ=P3yZFfG4rO z???F(*?xc<1Df7^Hv|_HP<{Zq2Q=+D6EWadVWtQuiK)*JTgxD&J*ZAP4F&AnCfN1{ zrOF1pCXW4tTm!~hNTL=!M6HW{D|KWS##BQ}ge}hy%s996aDm%Q9vBUd1 zhdp!8&azvIu6%b<;xGJv3YM7!)(CkOT=rO`Y0pHJk)~~(KtUH`Xiq90MT!^zLyEwm z0z@cV$rP9jiWm|60=-odqaPO^dNvl7OEUzi>Wk2o9_jZRB*6)@-|F*m$3qK!)nlRP zts<&54i1Z2^_N#mVpPh9k6A0G`x)#^fTC`|04VPU4o!-8EYiAKd^gh1a5zk%LIB&E z(Bp|9y8Ued{)+kh^Xmr>gSo+e^x&VJLctE}0RsGKz&L4L7VtxUUdi(8nwlKh?n`ee zZhyByDS<+?`|DMhK->hg?$RV*=|yX#0vVo6nt(5tq;+iQIZ>*A|Mr~d#}pb6r$7Gn zD1q=$2vGH1`RmdDUw#doY|y`$b{u}uyThku95e(9Y)d&prUQTJ4aG)(yc>seV$fFE zUuqaHMbEwTnTt%3`iQ8L29sd}WZ`6R1mhg0JuC}V_c+C0ia=D&fssTn53V^8cq&TQ z+7fEoNkx>0Otqfx%`2)jHN4r%q{S_mdgONGycl$28_?3Rxxo0(&Iq*e=RwmGPDo*q zYeKNEV5#7yCh#xAX7W?!S9tG3WG00Sk?!5&nNM+WdV3z#l7wtksn4GJ6JLwG@AqC` z3sl1rXye!H@98^!Ik<0_s=e5~<;zfg;6!l}yQ_7$ujrm?j}kvT)SN*3)b7pTOvOWI zv&O^Mw6}cMYx|$~|Ko@*N?i}&@XIQ7;HZ@(4x%ea4gUPV7YdG)LRuxA1G+t_P;IZx zFE+n8F>D&+L3LsoXl~kI_|{>NYNoU$fDi$^PL_4Jh$gc&!$%U-tCG2YMCgarC1t^M z#THI%2>vrgD}}|WMv=LS&{*~`SM0@+=W3QC=N|$62l`^{nlpjjxiIOD)=_2HQa9Mx zd5gXWRq5)v9;a*c&lQ}TgKRrYw?wGb4_>DEUM|N?3Xg=d-mCc;VXL&?^*l)@DjJZ+~52K?)luA*GCjO zVJAOLlDDOax^%_vi{m~aI5gdeZC`~INy1E&VQFsQ!eW30mjU*l2kLFV^!^D^Gz7y) zu(iGl<8^T8!^2#49zKcZ<>PAHu_qpMTi;K>9pObE^lJjT-)Pn~^}HF1PYZK0kOB_(#vo&N#iEZoJ|{=7ir zH{LbR4m zFwrVo$WXVE^U8^j^x(CQ85Y>V3)ir3rVT2dn3N!+zo`l7J8nQWNyQVczd8RY@q=O= z(-4^X%ruSI00nQ*toi+7!Zo#BXfX2A;++mO-JV9=nK|vVpm z!F5Y-sseuR^IP)=5UFO~<3AxMU-nPKbx2e}Mv8}@Bc&rSy+`YE=zyG6L=(^P6H=4A zN_h6p)ydQ59+Nh6=Hi)zQMNLw&3+X?Xb~K1-=wxjZLk7PL;m9KEGC5&tgf+iir`ks z@jA#wC|L@kPJ`$|_8rI~gD2y1e}u;KnuhsaIiq#t@S~$Lpou!8!%A}Ns8T8TI(>fA zB8{)~+P+?JR6)I@Jc_*>@Ljb_u;2>8>hu}Fqb#zdf?Mg*`4d}44a#vkoHIPtB{^9Q z%%5NO3XPPpdYv)=9tA#ow1sofvi5B7NMWgWGwHx6kYnYrJ9?hWNvhE=J@{74#nZe; z*vE<8cP$M8OXRxmSj7zmnU?N2}iZf0yz;Yhc^^ zLD5=C5H^H9@}C3@kd2W)*5kiz?&$cL;ctGD1T`I{1zLoxJ>2B-m|%t9mlge}1GdzY zz|!uwjs94zI;}Oup%kfIA0kxp{?OO)wl4KdhlLqp7EXus+}o3k8Qj#}OQt5eWxJC- z%kGMw%5QxWbVqUFfpa5O!O{r08DqJ@t1U^_b>bOmxeloFZ-35hrWOk)fOe}jc7xsl zMbT?}J`ICS=mA|_*Uq8^NB(bX1CR}ZqVbd4R6xu96jWCYK?XqAG0+}5?<4ayl5r|Z z`_{wo(@dphUyD7x(qHun!3raT(~>W+yvvBnqi;(50vy|ocQ-5`L2U<}toAY~+m7E5 zdMI-!C;L|hB5z7bULNk&4WNk0ARqhXN31AjH1~KFbN=)WOxNdTL`rBztFuGO(%Emh6idJPmeWAG*97#~oS(yOxrv*TYsq$Ja{KuY%4b zi{&QroVT|3RbctG=pT0|sOLQujDQE5VI%BDiI#%N(!j|L=POg?@}mbtsexx$9g4;N z>*V&)9o;0rnt?X?_hCIi;Xj52h31WW}_d2A|(Jlxm86!GGYe**BWf+szZrrLnU$1-F|< z)dNXuHUqo@jaL?3(<1laU=stgoTV+B z%RLw0v)ePVWFFQ=>`*rX&$olqR@LZI(x^KOKLIm?4j(D<0wBcuf-n`D_QwMo-M7f< zLr!GOaQWwGxQ-oyj&ydM`Sf7D3Gn`Z^x7YXIB_$lZ1n>$KOPz9s%t&?p*i#Lk#DG? z_>sxx%B(EVt&iLbA{IR+q8XGKipZ|(G+rE;GY9QVl8U!WMr4PT1@3Wk^A}H}et#n= zOsEJUP?+xMy#T8t<+d;Bcx+y;!?HevhsvH*JV~H0=ZX8_HBzYgPGj+m!Cv*k z8?G0NllB2ODu`FUR_u(!OeE2!od)3v5Z4F4UnK#ijZyTXJ)F27EE>oLT%@Nnb`}nT zf}*?F)<6PzFR-*JhlRlCs?LtVY0PH^oWYO-)r%X2v=%y@jq^MObfi;|VNcsd&_U?8aTwSEEs|Y9*-dO%DdM+ldFcLJqB- zpwH@{Ly{hW=>NCGU*EeGlzG0mS6+(M?5P?l)cDl&$uU2=`<3Bd1h}qu{<)4On6T}a zO0tT@O{7v_&_|PRqJArX#6+d?Q;=JPG~X*~Ka1^MgI%(zzr9tUIRyZfngm>qI6iI| zN>Ug}eMg#o$23;9;<3Fp}F^6{~SE>mwQ5|6)#8Hm?xCwYOp z>#L|gtNIAV?j@c@RB60sXJV7IW)))g7+wC}n_y-RQT%r~p4gb^e;CLK2FwG`oIUCx zE6IrOy}zb;QSP=1_O{ z|F#pR`|e=(=T{uihtR$!Uc{&Ba%G<9*iFCLhwxkJb{Y2 z_!$d}yCl_wq#>{$X-{S#uYoMdj~e8aXc}U|SS2exv2Rkd8|*H%;FcdHKPEgn=nS{O zI5cH2)r23Dfqq(b3^%V+gDkW+(S6!}_C@=vmqDy0s&4mvIus>iaFSNt_diqpgs3ZG z7lCrK=LYAs;)aN-_K2=adCoIx_P-{E6P!R*`*8PPeuA#ks9h|yRx#VT$Gw>IBJ5yp z^yjOhls0_maiChjg_;2VS&}yU3%mU_tJ$00>}fLqpGcU_c@ z7I{!8O_IenQ)7qPMQPswoiJrM*tL_Cy7#|Z0sjB_Apqsz@aOpD8Ti)0vj)B-YX|%& zj{k~s0F?g~IZC|ti<=M+F8iy)-VciUQm$XcxM3z^T9OJDYDY#6gq4ZVvpoq zn$< zHny+!llN46CH&j(;V>^f0%sBq#b-8yG>bfz7yUX{mg53-GPCn@UE2O2d9gP{>ukKs^sv;54M z(01b>nanupY)xw5r0-n^KS%DwF3C`mqv>s1>PDamfo!?_?N3urvcn5kj$i6(4BLC{ z<%40HMA0iYv*x9LyVIwou*LvTph8?GdpRQT$3;O>z&hT(K_~_>A|0I%#3elVtVl^{ z5Qe`LUm9W)&uq}Gc-Q%orCzf7XBjE*uwB;(xI|=usg60o3y7=_W=*YT?Y?MGJVu@l zP{R9xQQYd1IheI35=b&mC)Q~@Z1Wonl^Tj_HR?`IIV2DVDQ==5`agyx-6sDBg4Y!F zgzRQO9fF6%kx6vA`o6rn+<4Sa??cILD(XHA9EgxXttOB#3fmx8fX`tFjDnkd!ECV2 zS@6y*Fk1ii0CbX~!0aOn0YY2G8@sl42RZ-nPdAbkm>=}$(yj-3LG#={ZJH|Z9QuwF zTIQ4Yqm^|l_%t}05K*+1?R4*C{*&_y??0-3is87b164Kw+1P(`yz`acP?RNd3K5^LAq1~q!GAfX|IcHr;?-_e+EsNScg*}~i_3L2uP^u6VlvJ`Tz<*Rn4t&vQ$u7% zw{~64Hvz1<46RvHKL$Y#2=t?))I%n3uB?5* zzgg$TlyhnDfN^wM#jWlpyi4^S4EK>1p2d%?wPA${$;B#hi^iSXy+|5=P%Ph29o`m60 z|LMPiOzd`(3R4>G&&p@J0X)?k1`|vfa@z=*eE#DyaK($B#H8oBr~UL2#EtZ(R@bzO zei4{R+c(Sclp^ozS>VOkZ)E=6dEAb*D0J-Lj`Mtc;#;fjn~@xs{9FjzyQDj(R*8}Ze7>ItKIt z+pUW8?mYY*VvE9qkSANUA{-aY6S~g}J73*=txex7lE(vUMDlF*KiJT>PcpcnHw?inTR{RgCNUHl1D0QBwDZ|=>`5)eSAjtyyJ(R+jaMZ8!C^*G%7tNC?!x6TXL~cl)V!W|p__OpQP8;x%ycY-_gQ z%t`+@gjPOX0*<%Wq1{@u$`ir5RYod+qY4niyd$s>5kD9-1we&vG-AhhA1cz#Lmw84 z+)+>;$oZ^gKV!X-CzJ+YN-&Osug27?I-+M4Z881uY{Wq16vmT_U{TXhjf+BfDbS=6 zr|BH-Fmf3~PWumj(;c~{q-T@WVBZt(oYPi)Hd>QEtPd6Mzup@zg?IgJC+sM{si7)- z({Ha!+QBOe>uMjv^bj?zprV@XUIgMRA2#)<>U$P0Qgupq)sAaYQuuB&)>U%@w1;7^ zN>jj_{<5v)>I!g{pE(%a5y2cvYXk^iu)KaO)YX^Gr!k`PbUOZqlRd=PYAmq$-C3gM@z>n{!qGfqW&zCf7ML^3 zW0AZth-s=aZ0g%|yRJsQ=2L2gH?i!@)5FKPua3yDO0-dD>JDyu(lI|(&z^cGRg#qF zLXda4m**^Y!*sXKivWz}XpM*$Uw?CVXJ<&uY}sudtuqcE6*Y((@maP3AJlCMq8eY3 z*@+@)_J~(i1NHzCdr3=guX#-2O&h)6&mURt~zO9LC`KHNASna+r<_~haI=p zWYUvi{w%P4;{bufiSFDv>l)^1k!X`HwAWDO?8UN3y@3s{zgDRJ_+^J+i)qf#pXNCD z!p(6iy)62$h0@kgNzRY>`^YbOhRw9dpEn$+A-r-ceFEfQ`%7jq=OD0u&@?Ar^A@*B z+nG1km9@%xB9R+{BRka*aM*9g*)VH1sgTDgKuN03ppaQMI1Z5zV0vPY>JoPbY$fX@ zryD9CxNjQ%K0?WYgax?mw+B@6qvg7?kp^~W{A2w`Hb!pPA_Lyx#MiX9G{j z8d}~6a0v_K7@=~lOC%i8TDXxv#3KOFerc+pRBfuIA%yFVi1iu!Qp7b&30!_F_LT0P z0)HvjD-o|3_ztep(-Hk%(;QQuC>mw(sf0Fwc~^`H@iQKrUKCa7r!K}Y>C+3=n6Wte zC+&4TmR6?^Y$+{|SbgKe>pL>E5Mgr<{If+153;eu^N5Q!x8dCgYS6c2i{@-{Ax7KJs>yH0_v13GwPrnNJ3y zNB4-XU1dRnE`~hQ@3}#sAHdu;-gB79IX{Yw;d(-ud3qRL~!@|65BDP^mwiF zL`*oEuOMJ^&zJh^*+vfX*3T4ET)v1*TMPek$Wr*(f7>6bv(vS7t#_v=p7!23-8#N* zZTlPx?bfRy$O)GchkrG67yA4TzM!aG>*FnYcH1-vzYs+5lxcaH6dZwAcw{4awCH|I zN&BSyP}ANU5jiphoR<%%&HD<8I9K^JmW$P86K# ze(+h$0dy_O&~uf{I9T~pDCR?1bn_D{;#r72vfs-vi_U<_E`MmNm}qkwYCnCr#URo0 z2**ZHcwv&p(pe1PKOp#`%gRiOxmX$njZ8F4q{ z>2jUgf%yf(QrVzU6oBMkUXx|kvxOp#G3(ZUeS=xN7K-?#X8kmdS;@APT`pk%`9&Ye zf)<^~Y_fXw8i-BonAf8K&){FBPMB#)`77uOSg0){z8e`>Vlt1z-llgay9!)(9SBv_ zZ`ddinvJPzC+(&4bRieMKLgu;b)s_7uo=f!h0gIB zwx}v5(TC>SK3J-)(-ZNDb{^}NVFgAMOpF7;=STD=h8fGdH)K?;qW&k` zt(_-7#-Fh!9Ue4-x6K-GrHbaGrk^te$z6F+>GJJ|sTPczP8kUQ@=REzI-f?Ghq}j0 z$LsF0b-Lo~t!4}F*6gRiO>R4=4?-*eJTI*ejE|RGlY_F;6^S!1M!YlrjzA1e$_v#d+Z=_lf;nphyy;*s&Qjp#H$CsNk?7z?slRQ$r1v9e3FJ)FdENd1kdWY0$gw9;q ze^Zcyd&*t(C1C3RKnOV_*OnSiq7GD5l*ZQ@nCS2}ch#gqc726nnAJ;D$GfWXi)d3- z(@EYYMs9oZYOddim~$~CV1h2RO%Y=n5_V2==LQbnH6xZ@LzQ^aBE($j{>gNX8v7K^ z_Xmx)aBeP=1g=yKmsfwi7Lug+ytDL?m0@zpOYdt%oSdoHC)vRN`gKQf67Jt90`{tE z7=0d7SEG>PF2K^~jAZWbaf|XUTVz#I7r`?@)0FC{V}i&TH0 zQ-huGt;_GE-LAOI@I>Y7*LFXO(Lo=xNTB%xObz+@GGxXV^B-_rby)*kZiS6+1G>_R z>@`cU%0r{OUz|%;N!Ba#qJZgnQ!=#KJrt+{!@tbTW%7mgrEszu8nKpV%KEE8Qk)5X3JRF$r!4;{^T+?g50Fg# z%b@3r{bTBl&!vL8cZAH-7p*@t*n|IAZL&`cLp{xi|&#EhIPhKuBd zL?dcR6MWwx7#ZzDeRxkP{_GvS)mTZ23(05cRn2x6bE0{9T*cLnfa&30wm&CASG4c|8DUq8}WJS z?6WN?YopP6n?q8oo3~x>t}^`F<7oLa_bJwxf=qGL+DdlmEX3OJ4sl;PZEA9d&!?kr zEd`nF^|Ich`@L98Y1Q@NbyY|8Yv(vBeffFcktFO0ntFq(rwTd0+}tx}cg9%l-Eq!L zw4Va$kcTi|l2{Q>ks_Py0C5~G(VLqwG?K7zdHVFhmZ2AeKg$&_)UEI^>S3e<0|ysJa(iP~cX$sgGN~r6alN z;F4p3=pl~r!z|?RcCsw-NsV#T~G{+fVEEalhe`$0R0md2KniABb8j>zB%KzE_Sw(K;jKjSyi8M?O(XPiAOs zTaHrHXECd2n`+1(ZqN%{^Q^kF5WRu0hC#U09!RyLza49N)i78NCIx>0+e(>*Y zdVd_b&hKodvqjk++s#!$U45PrGO?lSbY8JW*JVRg)efGN2N1G_k6;RhRjnF3+S-m$A@BdnboEaVN1)MRj{a=igFzK&VkQkUy_H2DSRZ2Xi5jhs+?lr-bc zZy}k6rw@gy?vtnB0mA>)$RG#-TWJT$9`VFp%eT$ws-SLJ2wHa6MS2h_p$ z>+_xP!bMGqpOIe5lL_&2jeVra#J8$`3gt9~Yc#NnNAY z!TRxBpiou$N?h82=o&dM!A0gC6&BNNd6z4<82dI?ZGP*E{nKK#P__{+!G{wCCg3V&RTgN=^`dSoF z?h>qwd7UiQ>f0smw?FSbmd?j}1wz#T;a-|nWykgx9Vst`^>f*-#`gp#&GnB9$>)sV z6J!R(2ttvHqO6jlDf}_aVD7&?VBHU$u? zH3&8-gOnVY{4KpGMs+KESwJlM-bML*uf)Xc;x?$$uQCOU{O|uD+MgR`9pBs{U~+U- zgscpL0Oi*$OycnxnEUoiT*0D~6>QRe@8fo@2$@U+X7uswuc+fE;0`f5Gfw}vk7ewB zIiqD}wakxyVvgDsu}J#-4&-{R2OvB8cy1MhY+M%VP4_SCjdRaAUAs%U_;jZg@_=)T zma1*HGn#*>q^&R&_d+>swafYSH7rAu)`>GQG08J0z`S4qvx`R}AT`fugym|3-n{|b z;6^-Zgcr{GfE33hvk?L`xxaQFK2=yyWC9h@$anTwiXH% zy29tLjZGU#;fGWi?in+}{ntGsNzu-@S@sSLlZaVYGx0PKvPM>2DJ_mqPZRb;>y{pW zOJqY{wY69}G>XTQM{st<6)(Eco^czrv?>Ir?j7f>!~F6VF_goq{nS-sC<}VAE(9^k`H+X}jFd`#w(`tJxX8^%+C`Yi%LrKv%zhqUHg}9zS*Ojt^`$ z6_yqp!ij-uz*sT~`OSuNVjPm7#$mb-a#&l!-EMHwMU~s$A9?&FPe(_LT9pUO#jbT(&dzb&VSC@7ag&y(>473$f4L0C|VRQhY?qi++QXJ%cR z6PwV!t)0-kJKOrod4C=e+YWUNX3{s zNH_8@TL#x=Je#qLvJffZSHp2OAaOH}99R|@PFvAXo1?{od82PkosU~Q&e>T4Z!Fm8 zX9Y#?K6I(qQ6&Mq3q}VURJ8NXIr8VN1H~T(<5Cx_H;U?@85+8WN z+uQY$c!=_moa9U+2-bqlTVJeZ$~A@|avJ1WXseuHJ;)6o`z#xnp9?n^oM$)FLMNB?g>gA6Ec$Zc5#lv5BlkdLWzWLmRV{}}rR z%f_Dno|YEo%~4<`r7=#{Q=A*RlW)$Q%^6in_tfFyaO2zULvsGgkfm)SD@1Bs*q)d1 zNa4APOz?*XdFS1U92LnFdz?7N_b8k~Fy0Lx*)LEgiREXa{GDMK@JJ3raAFUdy-GOm zRBd+e7wgiN4ri78@?9(!MK$cBjl2&qTKiO^f)myJFu6g zB)${Y&M1AY41%!*;MeOlDLqTw_6)XUXs?JOU5>k+>UG$tU15*^)9$q~-yRqGM=kl-G{+l6GX?si!Uy+beuoGp~byVkvtVO;2@vb z+4#mPbVt&mvx^c{5d-e6F%o0cb2yPrd%9NAsOgLbSz_)G{roA;T2NM8vXTs zROZB8bN80o4{M~CO3@6_>8Ad^b`**EL{(TU7{aYFs9^>~`79flkU+=}pbPzhD1|+9 z2rPF2s6g1tl0MwJn&-q(Kk<7(M>}iTTu@}>X z&E<9S$`Bg#!|mF3)P58#kI$iPq69zn5}i}dyZv<6fr%MO{&qavx1m=O!(X{xEPgJJ zJ&D`nu9BYiW*>|9C{m4|H}Hz)ag^1`gSI(2e&fd|!w5`gz>un(r(Q|aj=Y=`jEE=vgSOWt zONv#Z79J#^PS~dIeZ?*t5W)=k7FrB?d`d|`t_z7Cqy|ptGOHIGiJ8obt@va zT**KGV~fQH{^~2X>nN>6BXnc8ZL+uTrLF~G?u|EG?yTppk+W}7EN|XhcE3)9J8RW* z`pX6D@}qWY`B0^#@sT~E2-V7_mFk|cF6ytBcCFbb5$uBSmxOqmGcsVMoMx_QQlHoN z$U)+nG5sk%U4OY>o$>dIExwP!Q;xdE*6jifM9>pZXvS=M8X`Pj!OBWshpM~(%ZA+X zmeE?H>SoTHc_uPumTAQB>jYR7IoPi!$pMNsEoSVxr_@yiyDC1iS$R7P)k4*mJY3r)+}?e(^8O>%2mLM;lA8yJ z-?LGJsTv#Ty|4*cpb`j!QnmI{_73#&*Cu9W*x6sXzlU@`D)HNA*4gbf&e+U3Y(&jQ z^7okQgZ?76QHM>9xASYQy;VVd{FuM43WSq?Ii%A_F5FO}LozhOLQ8%N(a5}t4k#D+!*inJ@=9;k#H^aHjaW)ee!)sOl0NUH$;dynLLQza&%dzIIt#w%~G z=DhyC-Rr#KuFlaJtU$k**9ilPQA+Z9$}w5_IaT+Y8f~H$&hCp=5&bLXjTgj31PFHc z*$vFM%|2gUp)AK(oG;|8;YE0D#7Jm(waM(AuaM%W%z_cgnSC)-*>-7a+vYbrWhS(n zrB*qAm!c>8ITgzZweMbyBG14%rTQK%_chwl)@|(#+_29Y=MgfjuLG3*^vK9y)oLxg z?u$^F%)pnowphIRuphr+5F6enNeL#1qqx0-zKfO==+N@Qi6M3uZL4+eovAa}a50AVx)&tL}zN!)n9K-GzXYL6fFKJp#w z94p;Ix!vxvdzfufYL2souxO>L`w?X~xc8RE^}JrMWc@t{jXS=6)fs+oGM{V`91OVU z8bWKh)@E|PIoa7_-I1~hOVlpGqZ?-PqgJ(TI@loQ|K!zn(X2yP_|~uu{IG@KaHY-q z^s$D`tN9o{U%}pG@7o}^*!i#PukanyvP8^IQ;zqsf_>)3(zr2XY;u5%m+vtWF8Xpw z^{&0qT`C81r%nw;d#ld7cu6SfSYPQ>fwXsT(P;F5s z_OL_6+b&`t^?>beBIjqkBWJVgrZ-pDtIid6UE!zh@S*Q;{WaX^xDx;YL^NUV#rEC# zYyLnOXyIUzb^E+h)x1!<+PkVF@BLqMWM%Js>abIO(9bn`n|X7#NX`f|iDPXH0E52V z0FAv)8-G9EuBGy`AA0%Aio$R|=|@(?b7Wm3yv&gkNNPMtINT03?duXL%Vl%4oS)ar7h!~>If4z@xQj6% z*Eo;-P?+TIU!*}6hARNzdm;T_L_nNy^C8nThBc&zYeoR3AYr?W89F`+ zOx-)QI==r}EziK3r_tK#uE(z~c1cHE+KI2L%(2pE5h^|t-kh4kA2yPK@`7@2en2Z` z#staa&u3u+35lny+)OoG#`1OY%)3LTyP>{$v|@?KutcH@5dPnE&D!3m8^uaXzlOdv zix0RG-OdIHh4wDlZ;|4*;X{x-SW=pqjA6(euVBNEEx^D)(Uw{Y7 z%R^d_G{yGoL0)LyF>Qgy0PBA`K!<)T}S)%q6wUNFi*8H_O66jEMyVnyF zp683+jGsc5>};zYc%&C`II5;YO>gsT3cpzgW=PZ>vNiOg80EkM12u&j&%-F2=POK$ zo0M`)UE|4KtptLku3tW%ek6X)WwTV%3$0VLRG0xVYth&LWgh)w*cIv=_h~Z!^Ud7S zIG5^oAul%&QR#wdSAJtXX+`hga?y1Qj(O4XbjHS-gA>DINZUk1;Lu5@wvhgiH$qS}!m3$#s}c zCJwS^Z@IAl)&A=75lz#&7Ps47uoc#-vFYtwG(tG&{PC|E*ec1#tA*FIcwSwIp_ORi zEDLtF9qq}89db242f~=Bl|C4RF_1AF z`MIWs>rdS^HibbQ1r$4|@=G3stB*xHS~TK#Fhl7Mn7J9b$sGvFI|7z=uiBOI5@=S| zF8-u>^Sf%EWg!pdGnw4s;XAv`{IM7 zZ{4z+#3$FyWN{WCeEbDT)|MgDkCR95BfT*1pbQ|kbpMdlh`P75RL|kN7-p3iKe+|q z9W97&Y=KykY7t@4Z`xz^K__u_x@4*wNIO=ycT(ryFMe*Yk8vWSxcd9{ z-d2fse(`#*$&e`jLI}birz<$)+BE*|L5(z8%2Ro3IC0SW28?elep+*eo;+2!olMJ< zZzxvyf)2Z;>yP?VCKa$PSs?l`$vwW%3~diopA}!(tfd(5DQ~KaI40{9$@~leU0j4E zLMEM%5XdFFF9Y~J`<{ZdldWu;z?5wGF_|<-xR+n!k|8h~JVCSq@ibZ{Kp-C+aaX3>=Ig4P?n3_F2 z{ew6vk5lqv49&TCBY z8|$x9Q=1}}uB{d!B2M;;!HgH@I?GV3i@>!O7m05M$|dxxr;>ktzZaPB z+GpubYK57%FI^4)dRc8jfTe-i4eS-i2&AIF!QT?Jr4P!Vb6x9YVcdCHQvchF@cmNW z-TYgOdicbn`C-g?Cncy1NE3JE|=@JMy)8YsFZ) zn9GhF53V$+$1K_sjjl_&UJ>2hGQ#@pTunDvw#;aYFy^k*sF7P1VpR1NrY8#~heA<1 zcZ$}EwqA3ZMX&brR594;!axq+# zpq^8up|TgtrE(3QWQ|A6!Z#iH*JC~+4Qc7jZu^^^HKG*Uf%Xd>?($;#@>@l{dBU}6 zQP-`s^<#r>y2yfx=0EC0s;V|r+h`Wu!P+3U&N&g2@ ze9$}Z2ebVsc?4XLJ3p6GLPF(`sj=$Ibcd~1D`MNH@NdnSleKDH7q@l8poB#{YDpLK zI>sInRJ+BK#v%Rdt0Yq>9QDUK=E5hZ2)#AR;*YOS$cYmzV*Ef9i_7ZtNcU5lWA|CU z2#TDs!)`v#89LfOvjNb8!Z)-=|NaZ$1psN8dxN=yy{R(2xCU}i{CUQ?nrU#=G29sH z5bpJHwpkN1)hEuzB*vrdX}Q+7eNU0Z4y<>``Kf+URm1qr z_zcjsSaDoWqqv_02sC1lQO5Izw#B6tal?I_=og8z@AxBg8ZthtfF@7mrc1z#ozUK(ymwK}(G+aC^LN)<7#Lhufr>!Q}QUc6aoHB_+NG3eN)y5Q{SfQw`=i)#6iPIqe1(H_lX)z_<4ExV>u) zsqE~^BJMjDZ-1RXPM~=0V6s}1uylrx%Wz{dYv1RumObM|8b9KR zYq9)JHKHVgXI=7QUBi=n46EH55@A6OtdF1y=}PLSbEq1BKrw9+umpJlMz=Gg5t)KH zou$>DMx?1kYINSUvaax2OFdI<=`0=Va@sBw3+7|3Fr5l+>{be&Awv{bkC_$eMD1hF z%bjVxjpPSrE~5XG&RNgvSIQNi7bRcTh@(Lf%dvIOj=@E(`* z3fin)OYZ;y7=SC+2Pipfag#44>Lw)HX~>CHc$ZJTp{_dxbV`K)RW$#aadXnCZl#Cs z%e?#JN3_oAp}1NoVS`WX2&jnjc$)OZ?t}z#zVnqx0ijKLBEiQf?t?8bbvr`XmhAG# zG4Wi(C(+*EsOFTqyAG_+P|xp&Npk4qjorjbZrAE3i4A2?V0VuE(0a%hpIK!dc}CBF zaf=rlt=9`{iHVe8b-RFGd+1ao%Qsl)27GHdER2Rrw$t9dWtAI?t-c;zDzdBNUo`brEI!B0ode7?_U1yOf z+oP8^`w&VTQutTXGf+d~sbF^O87BwSU4D!v#+S|>$)BIu8By@@&h-|5WpZns`gFvE z+k;s{&X*1sJnqQJbgy36T4nX?o;l8G1zUd$!I;WAin*6eJL#QuyUN6!$iLPo-&Ti5 z`ABZY)(@Xzatfv?Cz1f$P7OdWEkQsac$g;J3VgtiI0ZT#3`Rr>U+}ySq+`JfbRSKB zL$oSw&&N`QP+KW~*CwHsjL{bE1JWLR+)2S)23Tt}EVSoISm@Kyh#96=abT@@`e@@V z@KW|NW1_~{Dr3ua5wdX<^4F5cuV0UZ)p?iV!s~&#mi>AkGe#mn^_UgD3W(7^^$^< z`LpoB48)B8Bv=1r+~q;})pg`gxv%=O3kNW`a(cb~U3Pj-fgo5df!{p8YXH7q!M>`8b+_jglrMe`Le)mb!6 zuAdX$zBGf`hz9l#vH$O$2j(`c%? z3Bj6DXmOIv_q;H?DKDqjb`f*E^-fKHrUR?epDa{vbx+#ONz8aLh*Nof!8C{9=-1Fg zaswe34_lZXlzlB(R2UVo*{fP$2PN(V7Y9O^w;5!nT<}SLuoidGP|dFbYJdY=S_qM! zD(Y@bTjNU3tqhCQFv#sz%}g!mx9-99MVx+kkHHbBDEGV0MPVraCa=OSwjlnsV;I5{pDZ}hK%FXIbuiZne?M08 zvRRVpE2OQn{HC;68i<^cy777XY&<(jjL#F2#2dl z7&^Bln!&07+{T8|S^EhntZ(*rX1vUr!5)LV^Bn+nAE6Q)jRSy}jg)qk8jcRP&l+-) z4xg+KwJ4oRmeJQ4cb8( zOqOn{k#1*f9-A-onNMY}x_(wN8shs+As)#Hnqk3s;`c0xyxiWttuTwi+mKytG7&M4 zT?_a?c@DD@4tfzGU|1|+Dy7)c*r~Kc=?F7^@u2*CrPZ^AUNkL|x0;sNpB5lc4gKFW zBl~DQ$@uIrAA~1dy zo>iTNJaAVIRMX`F>znWV-~7lR8liExz_~K?Sz=+1r%zEs2;0p4?(03OQzZab`qh)e znj|FK0=D*9I#PS*3M!jI&PANdRnlZf_()H318_i9U=Feg!ZT2tA%MS48#g>bw#5}# zal06ws(u-`XK-V?kmy`(eh->L3uaU*0B!T-Z0jN$JbgSH)7n_(R@&2oE`iKN5N2d+ z!7@O~8Q}-VaG85$JG_X0c(Hmf5frA}V23Qgr0BPmXGv)-1vEYANxrIUatDg>jmstZ z|N0sFmNNwIJzehBAv_34f1N^z&=wT{-y>oQ0#N^*z{Ss!{wt=F`~UMH=Ua>Vsc|94 zQC_tHaG6YqDAB9pK4<&sQ=KAY3J-Pyc_2{ZK7q3~jEuY0f6B(ug%vp77kTOXhp(g! zLVk5iV;$jqm$;?XGiXab$NR*0_$n53Aa{jje0}6hKiAZCg+&p1nCwQDsT4hRpjqsQ zp$H`twZ%Kk`DxqxAc;!7&GbtUGDCan9#T1-2TmYJ*ni~QMwS~iq-l2)?82K{DLijF z;TRS$@pw495N4Y{MN>uLa#_Hy3EIAc+Ff}FbZIiTyF98XhGJAD5Bp5$KI}6`*k?ol zDAvP+e4k8NjiKbu_wzVp)%S@PwH@vAE)75YoxSH}zaW~i!Ic|2Kbf{4g#MAFM_yKp zPf1+3CE4Hl{wZ<7MkL;8=*71$OBl`sQan2eMY}s3TIcMhv>mBO5$5u;k z?!y1RlMtk8*Li52|D>S0fgo_t>QLLIB}MU~p8a_Zc@wT8UiI~!T6~?U!M5$^<0qe- zT>ov2U3B2Z8nqOD868_PBfFX;7q?DqHM>W4JS;XWhuJghGm!A6Tz z8tmP>Hn3Y>;hy-gBmBr$m-ZU6mpsSR9SM7P;PaB~Fe|DL%aw@Q?!EPchoUug0N>{m zLkr%88@~;w4ZYeHkZpQ1-QD%O18bX>1PzIia8Pn`&X<2+a5Ug_aKP1mHNopmI5sH~ zCUlo-0$yn7fc8vC&DSC7lxnx%YO>Jn46p58s=StO+fH12zuvo(PxFeAGwm!{??yIF z4OdnSb5-mw8WlBO$!|{9hS3y>^ONH9-uKNv<ZVBqYt;}Y7 z@rMNMN2J}>>h;s}t_fWqd}AmE>#DN9kmpZ);J{Ryq3n^1;&TerStM1^Uo;Q%T5O3? zJp`K=;Db$DCt~B&y7jTgp)Kkv&3&*vZ&z_yaEk-&IS1p(k62r~zwm`Q=?S2PNWt&n zzb3Z@s+o~k{e)d9M~6B%vdjKJR4(mk{3g`j|QUsvEn)vSGfHf>gqX+_bN;r#e`s3rJCnZAIiDr|~nD$@@D=+)6O z;k}pRiY^3g9pdq9MA$q2fhaj|L5(U+ArZ5lY;ArysZEp?T`HY|Sr}Srs^rVJ2a)S7 zojvvniwR{2C?1QR(R?0qlI?t4G`qh;k}Bz0lnz-aVKuAdB-1!Icuf-zKxH;2tt=y0%uC$ad)=nNq zTrw5UBj1TiW`BJlIJ}o3hF5usDM614cRd@HIR8;;S3vr4j&p^>C+GHI-HPasGpe7J z1NeF~R`^5I`JQ>xtFe#$$4H<5RT_-@w|#E{!1gBvI?o%Bv_GFvrr%yiBK>No>YTJ zANJgRKzsGl6Vj-u%3lP-II`+d;qOTE->Dbdji$R}Emqk)x^jKQxuXQzy;a`Wyrf8C zlUGYa9;D)>tmV?8P2G!2$3B&6o_*rht2IVW6TQl&J5RrABOK-@O^`#b8^v4rNTjh> z?Oi=%xb1oF)8IE!(d-ESWVEE;Rj_EO5cydX87F7^e>bX&*NNNcnHgk>`R`3*;t#}B zR_R+SB?0~C3UK&o0Xk495?<^`40wpi{VJleq&Ahw>Up2-LXSj+;B%J&tUy7B6vfjF zp?=pWj|v^Ulk&<89heqZ%TztgEqk1wc;V@@9q+hS@gKjkqh*<;=#>S-`1nR444uL} z@s9U#ZHig(rCa^r;YU`KNJ#N_ybt~@8_SN!{z zhB!o2|0l{~T|i7SrkPhRw^A2Ovq9`Wo(_iPPyXX0AiLk0I{;Vu3;*%k+!zvx8p;Is z$BeRfyrbw2_9`?m_Qf3QoUHlebk;+*3cLC0>&+iIId%Op;OmWFp=Q}olnv59K^YVR zj2=W414jYOLHOPHzxyFeh9H2u&kX=R1D7zn#Wt1v@>R_yQb_2-UANB8+b8Lr=1*+7 z!?|<_#EC5!dM%(jlm-_Ag|`n{BUIBi{z|R*AGk)>TQ%||eDqXFuiS|l`SmJ0l8)?I zvvEcb`aKfmUNQJ+dSv5>s`Fi9O&RmI&t9H>{ziAmZHUEo5$bUkp?;1)a&cYbmGGfm zw?nIiEn(@4U;3rTOE5uZSl6$IgeN3Nsscdo*nK%8_g2C7bDK17T9d~(oJXNj8q?fA zqcx71o1gn&@tGP{r@%Ircyj^oqjQ(wsUW#H!xJ|lR%K7b1i_>bwzlY7cJp>>uF4CM zi_J?gQzHhp(65Ds6pJP?=|-e5#nBr4OAPP~Dm0snV09_)2BReFlH^01^-7mCUs{F9RzFJ4*YEsTVQjuaDSUl3>Xdq@NgqB9S022`wIuZ0 z3y5)0JN|E6vfuC$z~!&|A(c&m4U#u{`l-R-T~Q8G-5vEE>w>kBtgV3kK+Il)dE#%d z1i+XYYHmS#w!niTH?aL&^C2~9Y5G>cv#YQK{_r{DkR(Y7B+0*ZKH$N*(^XG`jGt6K zuGk)^DYufrp7+I%o6ze_Ku2sL;UlIP{ps(cBx}FrdtVUc+`&S3?lP`LA&3lZFzu_( zL)4kgIwVF_o`<~ej#epHxAsMg8{=i4PLESVO1R5J3OB90{urSzIGz05o_1pnOPxx7 z8>lHx@TA50UuRTD`B|ZToDwf&KF@5;>ev0={o$pQQNwxv!>Wy#x;PR)orRyl2A-tx zIQ#Sp{`<+9)`*%dUXN(Xb$?hF{)w`1CAD*=d?{hBX9MCms(-QRBf1q=7N6Dm2y(jDCDB7Yp=g2V` z*5}xW04eB`J&ebVPvSEC3(x{IuugYlurOK`a|F0yU$Be=mc#U`&=)*NXk8R=ccn7< zl{%{A^3bXa(2;U_=#xUg`}V+Mq&#{vri$0S+qe-UI-XdX8K3P`XSM%@xoFyqqer$hk8?i!goe=Tm*)pZ`4{pAAR{gdCS=D zp@<)Hm?$kx-v_a!DJLJV(rR6vmND14JT1exEaBjNulNVlyX>cy(Q5t;l=gqRyOdhM z9j^3_f4M_&U4)3|o0msn{2Yk!+h?YGW2%twF8E6f_47oE~15AAd`EMbO zKw|T?Pb!mW`}P<2r^N!#*YGx@I-OzW=LgUBp#t6aFfE(H3ASgK!k^6_?>%ztKJwt> zYy&<92o+Z+bs6%SRqZl~XnG*E5fe~-?%$idW<6;t_BR2^Lgr!m!J|z%&=-%54^K|Ddv zWZq&Z(xQCx4Tddu3SAZlH#*dM%uNT;q9WF$bPIirHB}{zuA&rz<9*_ z-b9x(p>9xHt+hzCdF+lM9qYT41%ClHJ*LVjD|Rn!2D3Euk@MgHa&0%os>xieapKw= z*UJsX4J>xemtt+_pqeB)h@x_i^)HN}7`tlh6!p{O#czz6wac(h%S)aJvuu-hmveUy z{jRuGE^;>~UU0ZySZkA0pQh11$NNID{tt>UCCWU*?FhWdfb3HV)=w<4EK55uYYT6; zhB17y=(94c-=0_uAaBh^?HE6vv}EW|KvddifRy4lPN>SQ=_QwZLb8o-*1t)Q{R0v1 zW6@y7GAbcVktZMpM|L|4?M-y^_%ZDCeoDj+&*l7#G#z%C!O@Qj_cM^PFfU&-?{2v2 zbiKs2gX|(S=T8i7Na_Gr8bE(|@du(?j&aBrMO{L^4dkadw5|cyg)#>M2bch|8>U_l zq!w>b%jr~jB)72-WK#IX30aY|(1q`nC~tTylptfuB6_-m<27}IHB&bktv7;1`YC33 z1=Q6!Z!*a!zhQSSHggSYc?(+YM1xXn?1oszXbOMU@4NET?@N4sX8RwABx7i4PiRZL z`OP&O-s(SU^@dN&;m7z z{y;cjxg?99pv>Ps#^f!pg&-x3$jvYA^~|Z#&0?L-&`w|b{#8Xf`qq3%+8K>o-jdxl&oy}wesToNqL@3H zN{s_wqB;c%rhhx)D#-@urBWHg&CM}~$n|0_j;>SjcfOv>psPRjNZ~(^cYlQ8AGz;S z(56qa+P-k=)y~6Z&hLL;X}ld-=~VyVhl=d6_b$;0we2;^|1344hg?|hLO=8?j{oZP6i!K(*i*A?VpL-zda8!JeWqoP!P(sV5!>|S#LnDN zq*E7j(`UA!X8yas0b24auhQ?$(ErEYTYy!ybqm8AkPt+=Q$RYT6$t@p>F(|>=~AgJ zsgy`}BOTJPNs*Ee6=8$4G>DY{+<4w|Jm)>{d++_9@A>Zipa1Fu%(d2BbIllIj+|qF zZU|>yeCP8a2pR!9Wt$=-K=7~N=)3!{60H?JtgKlthmTeKCZZZbin0M6_+#o!uTbKO zQ$<5OGtiF%O1zK!8f%B1>ZHDx6q_Xr6TiI(na;M!gb1sG*g%3c#%qq01Z7dgG6Rs6 z*rbB~oze+8(Z`~_5C4#6 z9VsJt`Ugd1VRH6>AB_u|mI7xOzXiSkcA=MIC-a#n7^Rxp;NV%DV&=IEV7fF*ep;=? zqQ!o(TC*N}{`2*Ecvq}I!!BtWIFYRyhxiR)BCG{RuVIK|+8|v6A;cBo3kU-g7L!{+ zmc<4aag7W-v{jH1a_qHByEdT9muG>0`-?2ZoKuF1mWENFnx=*<&yqF1D~tMTl-iO958dv>W(xd#FmeX1qd3L3`nSBi~t`0T!?}XfQT7Xip8Oek*Oo68|Oj zMmlu(8`p08t%1LbQHth?U@rchAv*QnkkCr^%TuQ$IiP#MKVl){&vNTM8u!>{(F7tj zHw~JukZ&^MNx`_RF;Mgc1p_gdGO3;D)t#L6REvk>O4d5NE}_ZjGk8WU0LV!eX}<4| zwQu)ip1B2!X3u1PqDiD6I4%9IJ@k2JERY*`R*O(vAUM!IwwVk3jWR; zob7GULb@;&@NrHZIR{c3IL|YRKJ;NG2=8ol?gwPf`E6S^P*Hj8c%5C?ivhpv3qg>z zrSNh4%03Xv+IIm}YKDCG^P_=_r3)Y=@&BOe$75hNVR#KR4MBq;`U(V{3kyC-3^FjY~F&3J2H{*36CZxi_m#|0+)rCOslBYXLoiclb`xq z+veHf2AJ9Gj&iGi8FDN0XFXtgRadSa7(fN7*dl_(S1cLSP zC*P!(ro@Q_`a1UvV9un`SZU9I!?F%oJ>$Wq_6X+Og^Q+8n%&h;r3DrCaGbN}UxD;S z9V~jYvPu-EBs27cn-ynk#M#}LYI>#}y?rU!=JVm3AApCZ>er-#(1>gDJAX$3S?^nb zO%`$BIEG&tc~!t`Rzs^=f$u^eE5VAi*SnKwQIMvV>FJhZe#qv5%d>3h9(?O7<`=#y z=!qkLh`KVTq9vK(OsqI32I(^6ZMqLRH~Wh3@XvWm!dD{viE@F@R?>+_oKM(;kM}p< zi!K1o$|EB2eiboH_0j2}%)bC3OVC12i<$Q+bu?gGft<9MfV6x8HtqOAO@OP#Vh8lP zrV*>MC*&t?6Z6KQE#kJ{+^$I0a(KOiE2!LAUhtvh$x=<)qDRqkEI0UO$O#l0bZbR}~| z7sTiRK{iPbeh;$wz$Qb@zjX9rWoQd{m7eh>Fkb=`T$O0sh&@*e0x=f8;Kb76M5+gK zpGE)<+$TC92tM-of@(LZezrc}y(qt%R)RK>$VCK7v!WBU^ELwvFmu@Y0-)~?Nbf4j zm*byW;f>L;pjUi9AOOB<1KQscEtj6&^}eHXt7XdVdeAhY?#85}4QvETz8%8cQb+({Rpr?8=4Yu^k5FOHAiDNzo zG`uIa5ZK-qMN9ydML^rX3PJM6@pcV=6d=PUlbrj>0fB6N8a3BMC{D`1u=I>*_sdk3 zpX>El3Muxj)xc@oeunrn%|j3faF6MX`Evx#0U96xC^ry_DPWSN*hRSr9s`1jh1i*9 zfENfM5ef7Vf^hV6B(TwU^aDHhiE}5p27#^brw#hn7ofKDlMWxzOxSEeYO(7+aI?`mP!`brsfWNad+LQPjo*{ zM1C!Qygk1Hlt}dF`)8$_@({N4U6~kRvH3A4&!H(`!5!-1{N88WjP0R0Z~W7R>i`La zSLoV12D)=`V1U2wjPU<8GR6Tz<7K))8b;Xa`a#4K<6S|+i8GnS*I$(tQig3gKgFn2 zxQJk&y{36TeIfI77B4~ev`L&nPk+#1O@;)4nLo9afJhQJi;LYvJAk(zNM=5v1-+$y~%H#Jm}F8 z^t1=_)15?r4qt-no!b{ky<@Lm(d0YTJ5NA;!|Sck`KW!=bQ|-r3@jCUDhTc^O&Pum3(Q(a#i?OlVrN+8Bb)UxQJ5=6QXiZ=@T7(;a1F?{b z#jHoZGXc%h64)*msA-Q4;oH}2xr*0k?Zj=Oh|&zCkC_TFd!{Lcp#K#0gvQhRUuQ)2 z+UYxk&T60g0y2;V-H8Q93nj_9&Rv2){2K0jTQA?KLgzxA`!|~#9pkf2n#9y$UNk$o zfwV!Rpkp!sqD01qWA|tnXZ)#m+nyKcuM0Lm zaGjm)uaSqZGtQQ{DWO>G8qKy-3PYeobuW0(a84*cpD8{J1lvZuv)Uzxen4Q1DR)r^ z_(yQsQYO4bCjYol!B9cAk$1L+=(@SZlIKD&Uk2SSXX1k4t#u(-=c9MG6yXAa%1VR; z24Wq?-x+}%1ah3n{Hg=y3i?kV)N6mq38%JO>srmpkLbyx^V6isKFx^N4fK;fw-xr) zR1R;y>TjKOye^xg0nvUFC~z#k z=xE-XTAyp4&ydtWg1YGLiN6$pWuZL*(6>MH&l6qFg>y!_I~g9~ar!!%jxUVjiI;O- zj|VhvBuqE)Yx`@n#7!f(|NcQc1?D?82O=LiD z@dBsvbn>v35Xq>QDO|Z8DjqJIsN;)^ssog(2yd+2KMR1IY!iX}LH&NpU;z*ZeO(Pb zE(m=Rfp)4JYQ(}V%^LL>Y5;wJphEfmfR0^fabrPvF&jYT|3tTPfn2Cm0FIRrL%HPu zK?Ay5N;Ox6w208h{zBjo6@R0BfI>oIfpxUVREiYbu2lo^r=@NZLgsDVSQ2V=(8mZI8dS_5g4SS@Q1;k(j+MKkK~(O)f^%SYPZ zQXM-Qt6pbJnQ$+Q-;nNmM>+j29(d^o5Hg%2 zXw?QVkqGXO1jteUhx@12`?or!WIF5fMvTY5Nn0v7l z{`il318=_64S1-am8j{TUw<7<3qeNc#swQCh5=9j##N+Ac7As{0Shm--~kXz>jOX1%25*zO-zFkV!bPjTA`vfH3lZ zTE?js9N`90jIrem?Ii6wwYQtPz`o);9d|LFxqcv4I$dw0r!soL#=&jLi>33#Orr5q z%yES_T(DcG?FL8Oa}7VP>LhvxI>q;A(#$A}&1|dAe_k%YkX;+I2ga=XpO4YRj+-HC zZMetI679#%1s{!Unmv2IzV>*oms_>cM9-hR+x+%JH#I^1>rsyEaVMjBdPS2*=xi~e z&(WzT*F>>*2E8S_1!h?d`Numm=c*l;m?ju&E@+R*#i&#l;x&`oh{pXZo{n z;y=LVZd$U=(M>|*A7O8%h#eoAKhuq5c;>_Ktuh-#i~M)My^{JL59IrD+v1M%S!Al% zxv$JwX@C2ln>2c#yVfl?_Lc82Zjd8Kr#n7+hRXFGH6F-0-}g5BViCl%+KFIFo%Kk) zYQ&=Qg<61hFhHD&ZR2yq=WAxip*Nool(Z(lmxK`GF>YSa6LtMxz+g4Or!DfUs%Mg= zJg+*@jwCREHnSAukoosh^-ST?(=as+?501jQZc6(j;oxS-c4}eMJ-#}uCUy=8p zpkc8McRe*cB9K-exGJAd6 z4M7QJn{GpuqJh>9YZ>Fwt?x;)mMItE)Dm8CBW!a$);LMtTyrd1_tGxxc`j|8m^Z_L z^x=7$b$}Pm^)@Ql&dK=RoQT}E)KK`%Y`m`>eZ^VVp`W`hXlm1$>PKt)tt1nk-Ibk8 zIK|~*(*m;3Qcz?D)AZ&AojvhU^K#)876Ibh6-%0`F&&hcU)!xeIcrVwe^TYAQajqk zM`djw!J$PLsaEt5Wj@AohCAaMZQ#JKI?k?rO9?G9X^&aZZ@+#)*u8Ucv9&IuyRFz` zidl;!Fux+^J&K+!#86f1M%R3+o9)^o5tupPS(rx;iG4jA z8>(s_P2sxHKf3iaGYkIo1D1$94&BK(R*`!qr+0Tn;1jbl)qA9FV9M#3=(|&8KoX@d zG{B|Kn8=>FY9o0SN<<95Mnl()>aVk>EjpA$LH4e9{dJBnRB<0LZAg5MI>4 zNcpF&>n{ZH9yQZHb)>D}nAgv%$X~F!v9&pM`C)wLGh3{xm3R9FTz}ekH>QLM7BqI8 z!%W81fR2OFYF}4?Ak!fgI9uFZ7o4>YG0*7QgO96wJbv>?E4pee&VB{UndCU-Qx{G| zof}q#cznCw zKBj{BIi++bt`R_~`3@}ACH*5f7Mhul_M*8Q1t&~853Q951DM(;4=M~)g*Gv?eiE4-x zktC9W9PEN$yJ>+1WI%53zT)F~hL7Oe&a0+2%|Ld{0|Bh?) z@H6W~3=Q+{V& z|E7Q`k6>&8i;Ka+;wo!{1iTb-LY^Wx-CruJg*?B9S(?gfsl=RzD$fifG9gq&7*V2r z@nqom$1ACxJWws9gG+|_U(XnNr9Z>2+Z9oomN=FHdn@zlN&9L0C7UI0OI>=mm~hrX z7x7A)9c`F`eUbUA=_OnPX3PeeEwR(N@VTaS_4SxRqQoW(kk@c#NiJ8H&eOv*(elof z0Ncrs83cR(-}yt-?=QY#RPVaiOk;sB+9l!qWGqL~uaeqOAZo){fB6DPn4>y!g zWf~^Ry%}rD<~C*%lE3Y}xaoe(e1I}uSE$&kJFHg?t@UEAAu)U7_Qp+a%a%Ep=$#92 z9YF|62+#*=HcVz9n5asTBHUaMafpB#E(?rZ2r6%&LR*k(phkXK_ZHBy{cf`=HaAF( z)@Cd#nO8GmMuzIKN~-{@dnWX<*#nD=P&k5{0Q;mMx78+C zF2A7%aQ1I1{c#gTTMncF$j&@Yw&U$+|A?I^wnG5(6!-xF=X)_1U{M!)5;7N$x*CC& zF`4k2RBzs5jR?sFiA)5@-8lm2LAx44BsY)DOyFePzaoP$jbHl1!3rMkH|Bl5p>|92k#7asl>FaCeJKV-}8Cihe{>hR5s zlytp6*O|Iry7(D?17qyt`m-{{soSpPnM397-noSD=$fy-d-*A3X(=rg?Cd4H_({KS z{eSH02%`TRJ^1TQJw175NZw_T0E9{Cmx`#Qg*g_ZD2wt5uJ;Y6Smd`1tLr#kKAyBhH)>&@ngdntT!Fs=(H$WV(gxJ2DWkxzs zx5?=cLMQ<5aS*0lYUzO83PfWDW-BZyMnDw*%eMiU1G(NXFW*NcMI?bkzHBi>8o|JJ zTzR&wl|OlZCn9hAnd*jP~cyU^&l!_8N>sg~x7?6IF&>qeIOEWSo}; ztVGte60rQ`LkOlFw-#XnM7=Zzrt$(iAT5a}=eiR!j2L&v)=k7th((884#pt^yj~ym zB&hQ$q-x==gS2??r;u6%KLTI?r0rA838s>|$#LUnJD2)Y@DRbW{NDKA-judMFc?u| zh+1TqYzd+Z5JIa<5FAG6WmQuVpq9%A)*b2p6V(wz#*(%H3xFyAm$7I>yx@Zwq*gx- zk&9Bfou31ZBYyT9mrdrO3T1P91m%_jAe{g}TTRZC>G9C4s-T2px8R{xBN`P+-FW)PqQv|DhWD zKcnjYZ>vLC`zR?GABuhR=NyfqDUueO%R~I_q0i#3slAH=7KVF3Ft~--KzLU30E|Nc zLR=y<03swQ4%*+*LJwFM5C{+84{QO5+cAhcxV37C4F;cEB_4I5A8?%rR01G;PN1HJu z=KetOI}v;>obB(<$vtt zKsfo!oJ;(CcrOpe@f%La{bk7zZ(QNv5G1S(*3)xB#Cg5M4g~uAqW~sVzf1>M3gYm?8*e(`oun-Cf!iP$cFo@ZrDt(9co*31t4- zq9ZN8xIkmqXzQS)S{_8_RwQ=zE z8$Xc;cG-L*0?*>GpqH)v^F{FGD{4rtmvo(z`4TmMc@uOAY>tFYKzo6eYA|7wg$lN~ zS~aBixqN_Ac&BcYg|0RMU_fmG5Gja(+Jw8b4U#KBEaXeP`x8zfAPwLg*r~y71bu;V z0E|XpAlMH8;vrZKvn0f9fOo+-0KOt#F;KmnGsFm(|8+k}2rnldehCH!;QeH>tScyt zh0)w{l-|XzYBQsa2+k=!j2U5qM2xcl`M1iTeGnfrmr#YC2P)5I)`e)oe{tYr_S&Slwq-OBt#R$D5CE|#Jz#xEXBc=ra zm@4$aul@X^VJV1}D%2}!E-aR#72DB6XO>%O@5AWWmxk<|RkX3+pOAnvM88}J5;o@l zUQI$(0aVW&a+Z`Dy(+~8+Dg7GW9OuQ$&{2y3cv<$tBrrR{;k<7Imza}VS8e?fbx^~`$GLTyVe#nPr(%_a#RZFKfL7eE=VxNA&0Sx8Z+`45<-x`X7VAh7oRq4^!*=lJouY zKo;%y7jV8PEtvj%<*ewk3kK|hgz7Ez2V#lT;Jci}6wsd?K=c{Ii5bx|n?2AAmw!9} zJ*(hO$uIO#ynHZxyM2H5pj!o6g5Au^B@;}JQ!2&vJx{Epy@dIq@oF^kCL9F zk4MqSU*RB}v&q8w@g5t~(#gWz!_Csv@v`V_W`~W*FF<>X_Oc`_%%$PuV#%eWY-VR^ z?!l$*Y36~rmUA?bweYZ^<>BVzlC`w8w(+mchuAU_r$ zdQ#rDRuG7yB7_wJfnY#TQIH_0po9c|&Bw<_!*oaFHjgkTFCP!05u~eEuU^BtMv9G1%5#JA2G4)_-;WLm z9tLCzGKGRf2SLU|Lcv4&(F36YJw*jG0sdWf8_{!Qlq;xc=onWqu|S17TnI7}3JUTS z6janJV7N#D;5p<99xDC~ZgDgMRa102S3;hU_-qV%iK2;ROUBza#-T1Hk*UR^^|OIt@*&)mY&%G$=(&fUZFp_jLh@8c(-Vc`*x z&}YvR5|ffsUZm#a=H(X@78RFN*VNY4H#9aicXju`di(kZ2FEAfO-@bEyq{fwFD`vq zURhmR-`(3kI6V4x{QU$mE+h!b&td&OvcHTA4~z@>$`zC==!kJ4A$uVPj&}w11~(eM zxGK7-D*+u(2nL}_0cKNB^%z_WQv87}qT1 z8URdWJQO^L807l}&;TH`0Du1BR)9W4f(&!cCSeRcV|8^~1Sf!W&%afB#Iq_&xnghD%ssN4S;>%~t;nQbI ziFLfqA?7R}uho1btTFAWFMmTO+cm9CJzeYG*{7ZL7XeGTWE~YpeG1sT{;jC)Zh?C} z?-H}#!`k9xb|!WCs>Q-uZyv;-&lU>A-T7{>eScBs@vzlI|5uItTKYQQn{Q(;hRr{& z-M9Wy_CQJ2-)Ps%_1((8PP)4-yns?Nr<0zBg^O zi=t^+k6y=gWl)n`c<-CS#@_T@zd|A==poi?Tyc2Q#yKCZcNx?DjeLXsyD!c1mb5&o zOj5r(ADmf3S2)Y%pTk_!XAbuSc} zUVGsk`?+i^aZ1Pao^4fyZ=rH$nv|K|TH`aWA5GU;{rr3?81Om?`oDH)7(6$m32UKe zEYVs%5Eck%?3Oz?`c`o)lJOMMP<=m)yJPmwnX77w`$+VpFgHQ>*IgC^E;QE!RtQfOBJv(aet2<5squ`hFY#gF zTf5a>*Dux<88@n)X-jjFQh^h7XU&?&1<(b-ZaUev5_bc9C;al3s#ol{s`278C8Tt! z(igEA+(-)}k6xia*6ZVzJ6(krCrT@Pb9%GonrhCW@@n$Q7qdo{XBkl-ct)sgyiv4J zd{I-*RxEWL*;q3BBvf4jV@=mfD;FH#&wF=Ii*S z$i%zCSgraBHCt*qTW&?PJ+-~3b8QA2|1?^2x%7msu(pUR@wokPF&1?lYqAu9)SWPv zx{&cpBPb@zATzQ~GGpE5!T?dG!wb4*Dp6WpaiU3ilAAU9N_9+>+KQIfA@G__GYnLx zds&=P9)kiA@yot5A4)&r91UA$>P=0zFL8Tbd@l>Dw94FpyLp-`&sEfPWsoa07)qRL zZOqo2-BYOF81B>2#=|7nZx5tvB`#6_*j`E5}Mi-egCc4`6##ySeGn8*Bc|)<`G! zp_{A&e&C@_bb|bM?$}%YX93&3Q^}Io$_N)n@g~+Zr-qZHqAXs`XBz7*B@Bzal$?)J zAnOJRno)|%{jl0uU@aqYfon|hUzKadk_&0gi;1)~$H=EG2j$;noy~mJ4ui=@D_K^> zuw5m8_tC=f6+Fu`r+4wI7IevfXfM;(4|=lhrUres?r*5)gzuWPI+7s_?QX9h%wWq+ zl(I7HOXSau9>Ys~vC^DhIR|f|n0fdd<||N)Ch2ORm5)X`jp}QiA70|N$B8Xr_qEF; zwWzCQfQ@(haWjP!p$0J#gL!I9L4>;^Qmz$PRz*=!8KQ8r7U+8IY8VpCSH~OoeS^g< z?hSoB&UY}Yj+9m@WtBv!M9=n5uv)d<>rEqKU z`Ddk-&L&r7XQED~vuC779$J`xi&d82k40ayzrPzoHtfrpPP^Z=0`>~H=8`>0@$3iE z@tG?{84`*-gnMyl{IuN`QGxs`13Cv;TeqCPrZ&b8vEQq7R@XcmBU?g&R$b4gv_>c8 zUxI5DI)Vi2Z#KdnoGxclXNFzF6Q{28Huxahv=2GTCwaI?AH?4=%sDvDmTUF6{yys> zYj>QTRyrf8dTL}s(Vdcr7tw{RlAfMUX{dKl_#I&yHHOV!Mny*Pv>7&xb%VXK3E=y( z9|-7L9z(NTUJzw7$>-nRFnXfQkv5l4tl3z>rV*Z0ajNp*v4K-5jb3l9hhR1vZ^Y{d z++{12Q^R`;(H63IDv7IWL{6@+LZQrM*W-#8HdHhtgeLD}ml8Z;E1U4e{K78#k*(|% zEp4UowOZczQT-j(O@GW>r_aobsqGZlb@`rKk<|8ZvG3T1L9IF*Q_VPdvB&A4Y;fvX zDM8a6oBgJZ(dk&8t@5inpTM3RM6J5H_=fml#kO+1e)t^{_kAeE(V7jCSx8!k$onFqUkj_`;+RCA~bg z7&!Sv*9Mv~@ZMzx4lmc*Gr&H2c#A98{*<6QXB)b4_~RZD!Rg1*=AXL53>0x zJ`KM(GtliiPn`a=r2HjqlEq(@=|v_>{SSzb&xK~RXZHKnjzs^xjSnJ0@)5Rb!YR>= zl)wd8e&3q3-lNxDMh-nf&rLXaKr~VCj6sUx+mq*`(7thDZu=lO4&w%UDJc)6$Nj_Y zT#cR1S5urO4YvM89hNEzCe&xkjVns5TGsciMfKAaGoRAy-nY6VnGt+#xq*K7X7tEb z)atYAZ#&5MDLAeVR6KY#H%#G6E#)zlO3+i{Sh18!Ov*Z6xxdb8N!n+1yJ^ThKg=?~ zq52l9Y3H5o3|3&>nm^#6gHtJ8ol~N=j+V$N!f0zm5mPr@bWNKc`|_-n;-RSiop26I z&ef3hv_qE+ySz`|EA^Nn-q``>Z|gt|+}E+$gKdnSqSxXC zXR|JD2^O8RmF^5GP*>6qmOtYj_NjkfRG(ZT<#tEKWn;Z{W18<=tLre^o`qIpX)K!J5^sSM>4E5}y^~xXtNHKk2H5lFWyr3qe5Mj3?|MF**u)T^$Pe#f z=wmdz^YJb@usc3%Rh?L!sQI)(DI7 zZQhDp4+u=`HmIHY#yRC)Yx>sE+^ywgS8w*_ND^rS=i;*a5KVD~N14s=OA57Q;;QGF zH?auT?WL6pvLde~}8G|Zj6-{q<8T;_yuE3|VG&bu(bGXhUgK-3(EVoKWT6e)qFd z1LY;d8*UFXE)ttou9^-O(Nm%O?va0a-t>vY)5AS-;p@HX=5=B^rNU*p^7_a!>DM_) zyViL7(Znx4+q|&O2Rh@bI&G;#0s6xkwxa=uI3>TwD}n&uXNT!s9wk*UVoZ z^Zx3CC1^ug`wO0;^*j9~N$cO-r66y07Gt^+nVX|;zI&VZjv%3#ia0IbW2Rd4+pw~0 zYE>;A>vbr%iWqX+V3ZGS?#!{Ul(Maw`c^-ssdBlsK^ls7z5|Lb$+LL^Lz1dT+P4l_ zTyXedcF!$R*Z39U1hq+uhLiYVM%k;TYoylUGZo*R<&ip} zuNW*H)%1}J!Y#yl>K?3P>D=HMqz6rM~(pnZ#oJKqaT4 zgy#SQJYP}I?Sqo+R|EBY_hPNP1Dr_;#SB&yD&}`8lJ8ACc=!Y2kR(#c^bsA5{BR>? z2Uhsf-I;$cleQ6w^nCFH{{{~ECdIuEG2BKO`tmGIts_kQ<$^@0H9Sj1YR0ei2rAfk zz8pP%%QhDko0=dm$TLsA!cUQ&-BgZs8kZG4*}tBg<@CK+DL+16NU?@ZG?R~j z&Qw^oXJdvvnh%enPhyF|VUc<@?ZbhhHMzVBt%nSNcfJvdh@~JK{aAIpxU(RIJjvlr zcN&h~X03L8=;Yvbkk$%KsEf)Qjl=SnZ15-US_M608%N~z_l7`bb?-wh(+kfy6DG=k-S$=jaxTo^X);E5J;(%IMOgR*B7;px8D5Ia&k=NWFe8o5YqN-jg ze5!eEvc8um1ax$=&!geZ{MyPL?;1T)drJ%X=GPU4i261jq2(fDo2kJ9_#HKTC4r16 z`!}%p1NXuP^LCub*I!-?b0$4mu%PvW&W?d39EUzUn|H`oS;lllT?WO!mD`ZtC4CTc zuVaKCK5!r+%bCCNs9XJ2U5J~io)+~-B%{ZKnT^uuWRx+JE50JLea?OrhBA!~-(7rZ zMc4`^>P{Wil@v+?2BXi|Z^_ho0u2jATFMI+`QDa2gSy z5XafMMEcav)sx&&b*^$Z&?+Q7G-7NE*r;DvmNkcj4?8fHRR`0cwRC+@V~b6#=QuPC z#?matAA8@j?xwQi`&f74m1_Jqbmy%p2Vdx`(}PO)*IVuUW0=EuthUMKP2Mx4o&HBe z#8n{C$Lbc&VBVIx25NWLhj3QkU|wjcADaQypb|-e-&9TcFa;i|?#I=y{5(?&I`~-@ zG+P&zq@!Zvf z%+=&63srMQM04}Px|L%YVDu5&m^rb_5uT97TqbQ1B_Q(&!&UUfADtg58SeD`B5(x zbm5!>zu5TU*T27ucU|Iyrh@m%jQ0;%cc%CWZj5r%TSzlbW;7}c{{2I6w^Sc8#ddq( z&VpKGF3zLl)2!|=bB$A6BJ(U}I`Wm85z*5$A!C2>A80?GhtONlq?w^;&|#WVKid0} z{DXF-w6e&!?QHKU7cQL@y#)#(g)^g5qD^!##)5yO3gd&6h!KX{OAS{E+9aM}#EfGr z^r~%2(wb?Q@gXyG@!F0r4X779c!6n6PIENu1u*@Cmjj42&5pE={J zH!tpb%?VRyd_Uglcp>QZHtl`H^?68iT)=>q1LdJvb>s|+*45BY_wPRmS$>n=$D8TZ z*%kVfc$dSdB_)$4kbQYkzt*J_dG0%glYm6-050hg=`jCw4fb@5aqHVVZC!MxIZgYx zIHNmQ?0AIuMwl}9ubdMS6XP4ub+nUqB7OLH=gGB@bCfSL){BKC3QX(-57G1RBd(AS zFD@81Vt8K(O@c;1BNb%jKG<;qSt6{HxwBWYQd}rNi9STW zX8FyR7wslvW+68r42(BeIOy4!DvR>Ua&n-tP-ykDoJTEbW!E|)BRPqP3FlYz`-gaO zLKM?^Y~hfKZw1q|>9`Yl1L}pQ40ECWXZILb8E@QVtIW#FDJiJPZt@QmproQYaEG~Z zC}JO4mJG^cx>b)qgJ-2?b(kRwn9n8*#F=gzb0sD6J|JKUdBAIJ&VVFtIx4HDWu)r! zqB(2|lghAF^CV2VmywaNpkSwarhoKaP~x0?I*}f^-H-+ZJD%gFiM#bkPe}hNjOC5F zl9c4wgE&RniI(qK&$3<>HReT8(v4rq(nRYmu(E%{QC8;Y;5gk?RaaM4UtN34*wM<& zp;4YBx0rcwNLDTa6KijuBL&A`qR{OCZW7H+FiBqJA@M-C?hDEI-PNaH+n+4JP}Em2)RYs~k~g@IaV58rv{m$+ zM(A2!0(6TWK>XBI31_7KT8#&4XmRiAYCZAdLl5=*WUQwTDTG@EPfi^73g0q{8D~Zt zQEzP+rl)UC&+4SUB%@eeV@JQ`Lx$^c)n%C8H^kY5UFdahR74n^gsRYR=qLd$K3;N? zx`yiX_!#dk0p13qjaP3yTf>uMGk+{+aojLn(5I)PTeyGU0UHMk`|9=C&F%0RgXuf7 z?{z8!xZh1osi~{RB@*T~72FWB2wl+exj{mB<@1%Uo*IaRvWA4Tk!o0uGeocNa&l6qH-36;?zI&WGfRv|jZaBB-!Mkdzv;-KO|h|2 zF{+}Okch9}e5LQk@r~<}oMlxeIrfAYp^u!`J^Bk#{gJzJp7CI^t`B)?k-gBJnW=RD zH2-CTh7_N=O2pUN!5^LxAcy`8ry#GOfLbUa)osVbZTzCu4qd z{oA?Tt~avE`tC2DQ7*t=@IHNVqaRjbn5zVP%gpfZ&HH`t8%Ma$OL{R4QJ(WpJyfco zXgNoIBuQW2w+U7F_%b2Q_qcy7%KSxNP4(`8P=*gXy~x-8?1ZJffXLmdyE$}S^$tfL zRu|T5r|hD4S*bYQ++^?QQ|NN(BDI=ka$rtSeO?HE0w;MigTm-2LeHz9k51yn^*NYh zA%5)cBK|ij**j@T@h?2#7IVcDsG*_OJ1p$%{bB*Ef=qYWctyUt*zH}2xW3M52t`Sm z_ObN&I4>vJ)YLVAh*A$mV?s7pIp`@E8$&3xrGnfm{!QrvnI+H@~GE>`Q zU4LTx$(O6WV>F`3aMuqfk9y#CAl)~Qh4=9BYG}#&Y%|s&c679&3poV^`8wCTNeykS z1SEaaKqDnBX}$H3*4@`R^-foJkT~rlBptDddbh<1 z?O%`kHhmd~6@;BMrBLuG9}pCG?MQ8_D@h_?61((ZxefS*^N38yt!-N%Wz zVdG|9w_g`1lLhl*8hliFUhqI>3Z3j`XsmTsMdp&W5F){6y?G=tnCVwvKRSIQ64xhWhZWHscCG~M$T?CjCCD-}CCYF9e4 z4;GpBN0Jh>C;1Ip-px+Ao})ny59V6E+P6Eq!$J1C`GarY#Qcx5wl7*=w~BZ{u>1A& zIR)NnB@$)c@q7fwoLl;`Zqho7yYws>p9py(1>5L$h(^Vj>QhuyQKT?Ybg9h7s2p+( zOVgE>PQhCarxiUY;k?!ESkSlHQ&YwcP2+*(H5*gu8LuM>e~c|MDQAlM9Z_alyJU#^ zoE6c`Y<>FL7(adtjJNv%FIiwpO9x^ge4felf6V}$!oc1oRJ138L_sOqv+f-~v*zW@V zWk|cysQrRGbGp*F-S_(*?CDAenoYpB?T08jG9SJ?J>(}!+1Lr`N&lciDx_B_Fgm7^ z^qAS;{;ReVH;;Gluv8w$DFY)>al!z-=H6xdbdj@1^}Rh`6%*2zlZ%=f6MP@Hz05N_1yP@NBFO`0`^xXkc3P!HF4Qb<#Shg>pWccuVZ|ww;$=OU2H;y zeVHWTG(vmf!IW!{KW((S@1JOPX{PuI zf1S@T{2+nS@`;jNQI$~sskqxP3R@ZgaW3J=ow zesX2IRm8>jk<6eA)J)@D@%Hnx{Sl1o*#X};ko_(WcDvhNe~Q?Ehn9@<`sm7tSM+nd z6i#!TCarj~KA~o~vq7X(Sx*@v|2R{8ejyReeh%WNEhjE-PQh(B#`L9c^_f zCFC+(l8W}cDag0Qd$wyY?#VkoSyi|lhbEC;S>f#Twb7L#g&JkT9xd|5iJ<2NO8A*{ z6%rZJ=@G@e?-41?RJ$*6`DA^cR(m$&N<>$5oB^Y+UT~d;$&C@(GCVg|AH@!I*7 z5zh9vkLxYIO~v(R1{aYYgrS{nTQOP%rAeiO3fCj~)mRG@Px^WWuD#pSESOTFIIDMf z`pIi`W}xd?3D&SS?eUgq@Qfeo`vVaxxXu0jv$vGjsZ_Dq&O$gEm&O<|ePaW?p-ySj8Kvu5#hAE9oM}6QjryhjZIO zduKPTB$^I}Dr=>q?zR6ACEXB=F?)h_;QJlKg*-QkE6uN3K6~G?82%idBO&NhR>M7E zTy@R-#?U>(-psYD#bqai{Iw8%cTUuNXRDgG-C}$~)N1PoO?%A+Q!y2HZyy`AcM4_q z(?38lMWabFBb;tt zGhqEqQ_EA9e1|EYlW-{}1{#rgV*{V;rmrXE)C_h>asv97dFTaDtRi z@~m`a>aczpD-rgcDTa~hemJVjtGG_(m%<@kKc-?8)mNUMalyxO=3AP~UsLu4&EBF3F>1IyaGc;2liT ztCooV*!UKSZ`ajTpN$DTOJWK;IN|E}_a{A;o#Tq-NUXw)cv+YVr4)JCLxDw_uzOpjl@Oz1q0(C~O-%kK80!!*q zZ2m-lQH0U$)>q)D@2Rhok-cLH$K97N0|X56*AV087#W72ha;zon-DYeMs)m$D-zaH7h#sf1;lKTra zG6Ag(6~;|E+JOS!bmYw*q_nRH*{h2vT9S?3e46E8+IRfn?kO#*)E$_CQJ|@u55J=% z7P?n^9P=$q^7XC9eIv%IV={i(j!*UWZ_Pmxz zA6#pDuJ%Lm<|Lsks|)6xNg_1+&5!;K4zUVKBR5n`0!>z(i&jqs7yam&;4bG%)+A7g z4&S}F$DX%t2zgAP$tciM@uMzn&v4JZM}HxI_&vF?P^a;}hP1Bzq@DhBbms^7^}KXu z;gNd_33LLxBpzm}=StOBQa9u|(MmTr_#Yp1A_ zedp(Rb9VSbOy@#V#E+Mw zBf-F8&pq;Ah^)=~6fZu0!vJeCz(~Zlg zmTFac?!QMq@?zgMunbV>8=ec1KhKXMmpwd%)KPzI^=z%HYGx4I7@easy`Z3EzouO@ z2*ujleG@1{W09%{55f(?TxU}(OK(M?_o9&%^Qk}U$}cq(35eBINwMXN(6Q*@UHyn$ zW}i$^0#&vwV2}Fw*!}QWuz4nBz2rHmKM9RRHB<+c>zD>A_WCf8xwwPHE_GID z`(x0-we@#8EK;tnrXpJ#Yt6pJ*Q0K6un3sd6h6<7KjOLLnuK#bSvRc$xy(!eClmLW zCZ;{haTlF;@2zIY`KPw&9|t!HKUb+ibIi_dQ^NKJ9$Oxv2X? zcgUC!oYNKA#H%7A-W>71E_h> zzZ6}SwQ=)AL_9bX=(*mo5M@wU|MQ{0S+|=n2C&q*ivZhzZeiNGGA%oV5M#(|qXRxc zJqP9wlm@XCYDS;ym89UU>nm20($6A-nX`Dm9KG5AJwao7S)?p3Cq_5-h-Fq%TvJ)a zN__Br%Z7JLMY_=6c+Dbf7!^dEq*M>CZj?P+JB4Ue9p%V~5YT#2Zy zy4lq=HSl&$q{uS$z|xj_3z}q!;gz*P@QOV<7yZ@XPEQ-?Bm90g= zJ$TYZTSHvmpa{Lsfbyk!pPSxf=)+)Axa(-hTR>Ov+5r%G6KSIXETO?ufLf)xaVIIO zKT4jlnQV%)Gak61~6BEp!- zz|xLAP5|sHfq=F8#eysMejWN6YLtS>`)fGC@U;0Jdsqq%u4WPmQH@a5@SD-)Vt;sz zO!O(OP!>)2ks`>KDE}@eE6x4({K(w*y$%j{ff)mrrxpp3_ee*AwnDH#!*>d7Xocq& z2C|!5P@e&mps+vy{;ijx{~%- z^K9}yc;?tD`g{%ZIOy|>sBbz_;LjB;n7p?*Xl?_;9aPRA-1j*dG-c*S*GC1gm#+FB zh%iN4s2E3|IyS|NiiEIh)~qb1p`~d-2;Si(L&xD01}A9nv!Ik-u6o{vYVv7oXgXZ8 zHlytNa?z@bu(JWC|=Xf}LfyXD0y3%`fU|Eij#NIY8ArXUzrn zdNuK?`|-wb{#xMK%t^DDcu+`s33cz>s2@zA9mb2f0xXlx5*Z3Y@PL}f`Gh}7Ez;yu z{k>|ruoNSxf=D4zf#2WOL%dUg-Yc3d2NZzwaC!=W7kWK?!j7U&9b-ytJB~HCc9-{mrqu2{5L3rM1nUmA8 z``EdvEa_kLj~FyYr=l=G{OP&R0p$-u@Eg4wc62TMO}U-l8#BXoSkA!4DrMapU&JA^f=R%NFkZXuw>iCeNRJ zlUeP53FPfJbVjpMNnH)VV}Bu_i;NeB4tGMs zvuk5LcqkA11QWBB;c}<-I9T4SX3kutR59Q&6MYe|pzlUNLc*4C-VfbY{{mjix3H$c z=FVu+t5kk_3aGB-WYFpHR8w4!${qcCIOM$z30X)fs?oR4W~F#y0Ig*MA-l5A1$U%} zx#hjLMU^rlLW#->y>kFWaj(h7A+QP8gT&y{wg4$vp@^D}vAd$Hu^v48a=25&Ufvs) z1Y%kZ)wE7wKhLy|c~(AH1_7^@1Xf%alk+Tv#X34L)N?`oAs;Jh(m-oJHjj`btm2bO z&C|$_^9;nkH+}5N7L(%Pm4r*H^elBHpjNOO1lCg%-3d((jn@}JN$-;P`(-l&JvOdU zHBSZsDme@D%=Yzo`sfYh8M#PHTKG@`j9aS}T!;i`tSIVp5L_5^2@akptc(o&x%n>) zytuHhbq~C-8}XI3d}{#B%@X&=z{~y1lOz-BCmm3%+T`M~OgzJc1@R7;rez$2d06 z$<~CGRot(cRo;Ax4J|kejPszJTAWD;geH=$h! zwcOiW+FRayTe(t;K`&Y_xa=yjdO56{zCqCkYgX;bmF-UpC!L% z>J9a4O_)cMzR)kUQQuUOKONYDI@5a|tR^#>zw!IAd8OKefdBZ!hI?!p+^lEf_pYly zsBVq`o&rS0!mRk|cp7!PbB3J>`XpSj%5=xz{DI_q`|NprVJ-r^M)pOqKNl|2-$$JJf(oBW;n^Lcb|lwv`3 zryYFIU2u~dw> zBh}MbtPIXc8f5eIR`mJ=zGMD=6rfDsmO_46wL()dFvSe)!d8`wfnStT#d)7?E9hr3_PJ($o(XE=qV`#f^YiX|dMck{txW~5 zr_=RQND?ot=%^VP0+I?SSnAoAc{xBYdriU_$SlG+bc)X%StM=Z4s~}>Y zoEn9TWFZ3Mu#~qjLN8Kf3(vHbpJHfM-a`dpNKJEV0ye&&rQ!Co4Pi`9?WHpW$CuSt zLJsR1ETG}5di-ATTKZ^;lLAp(m|+y8$4L4U?;i0NtxV%VEUZ@EvLsyZa?<%{MLn3P zTu;PQ`n8~9Z;EQ~%FQFWwe!8G2G&h(AfzDTY7%oZzX2`EYKnNc%i4%;Nz+ZF+;MJI%G4 z1W*L8CX+tYbZ^@26P%r$Nu0c?qA8ssyR}wFVACKjpP>GE`g(iYyBXCOq^SE6ktYQq zCjQErnlg-dqp9c$iL0k$;2{M={?1u_k&K5WIGd13T&RIbK-rfC6B-M}uAYdEJSa2z zEhaOn%Y#X@LkZXv_8>CVeSPf3dLwgB|LB~UXqABNo^5#ym@no5uK?4 z1shnJzPO?NWH2stA(#xdGuU_kZL^<+<#)`GL)W^I+Q&K3wEcSt_)Ew{wf7Qo5*0#KV6~1|1GQGcI^MbU@hqQ{%FSYTjrInHWZ&t+AvT`0Bn9s@c6!69<% z@a6@x@yV~=-ta&P1sM%0I#X0|V)iY1JdhP+Bpwz}k;LZ_^k=9hF{mCFP=?k>1Q0v_ z484jMN>$JTbiH|UdG0&5=H;iV6lIqIyxPT2z5RmdzCCU_LTaOBZC*k{Jt5AUDweF2 z3cGSd7w`#yf_fR)Vv*+!m(Sq#2&iYh+QoS)wp5yb*A}T-wRu4zKeDROJ9m!DYP%y% zz7PUsglu*U_#(7k_*NDlfNXXzf&n|Y)Tnyngi=%6LDO zyvU*xa?tj^Gs|dE0AZRjxg*RH2yd!8-K{pR%SRU0m9c~Dj5_$bYHlV8rT$fy=_xt3 zEz&}4%(vL*sqhjs@Uz_TC{+?H;i(vVm`z?8a$sQViwU``M`Ce5UciImoq}yS9wB3l z%OB|>Vp#y&Zt;ui;MzJxTW{Z@};5a++0U2~K37w`XU~nExu?fT^j0l(RE_zD^cBX_2W( z>k_0DkHqsUh7hWqsTywe-F60eMmW@J=sH4;tF+O7_-Qd&N< zO!y;fXim-C$mVzt6#)%5#fc3$zosnPs^?5_JzuBWx*UBr`kqrd=&44YqjR8lIXcLq zgva+uNkzk9FQ$^8=Umjj9KF~gZjc2;5++kF^kNKp6|J3>nF!pP($dPj+Xp%LSK+cB ztW_qi74UQQXOzp)=MDD~WGdbUQO4LAg(Q@W37$+uEZq9Vr3r5Y_KF$)U)LJ@ni(BI zY*N?l+%VkmQL}n2b5x^c<&NM=d}?N#2I|<=6jnP`yx^eZF?|vUo(|=z6Q`%y#Ln7v z!4GcjrF85{oJMQ+D0l@*IY>18&cL~`Uh936Fo6b8go85k7N^2}u(hR?Sk)s$x{h+h zJo$Fm(cKH?-(qgH`n>uU?F(wqn9dCMBmP0Sh<_B$t!~z4X4kDo6e6J`FQ6N19B+fj zHX6all@-*NSLQ-kEVqa?$!>iF>s0SWtGE;0K#5oR!;|H@2qnqhuYl$oo05mx#uOTu zn2fitN@^ytH*qR@J{C}nLv*TMO;bY@pf6oe;}VG?$(F5eV4;Q`ve>kpy2{|J`3qS> z_OuhLOF%QW308m z*S^)icJYRy`1N;Pd%0Stbs;SE?$^rFeySyra|2jQw+gx_;P(O_%!UTEcNv;K5$W97?%+G4oa-QR5^ z)e`ymQXElKmbA_Uq45_~j`E3AOAmP_+zuTS%a&w~KKq|cQ3nMjlPoJG8Wb&j-f|KO zesnH#u2s;_Eef=^2fv`-P4tfEidtGSXi_iH+zA6o{(`z?IcYp+d9i}qY+?j-%;Hhh zQc>58?WxN5o@s6$jj(LkPtOGRHtKeMwkBwELH)J3tdjh*NFAMq8#SvY>s{$*?QxHlsBL$&ReRXlhyoMxWf0D*{&zn$~9D+Anp@{m=W+$c1^w)tB!T8uHXhXg5AaUXG_}JKPVp0|@H8~9jG+!&bI$vUXhp+5L z)yYT=fiFJ1s_4MqcANlN2^fY52w~Cf6AEE@K(s6^HYoGffx<&&gp|_Y=)lPK6k9$! zHKT=?O-Rp#ctv>p$&rb%snJPJXO3=woR9h9I|s+QdIrWAJQ-=3wTv21Q6(caJHP6b z_Q=5KU~&V6xD+(qHly1Be}U*a1t#=nbfngQC@W&)fjX41QcG&0C`yv;Tcg(}1+JP{8KUqx*-G5;p(nf44UPsn=2LJmyI zP3T|(!T%Ph;faxZ2~3e!iOAb~>LZ`;fpPC;rb|gro}wUPgvJIrI;=N$v@>%%cuLKx zwTJY4x?1-oV1FgZJU9S;f4i3z1;5U=3)DA`}i2Re|}y+yFTCV-C16r5SRsvkcI&iUz8pZ-x2k9MS=fII5ivu zf3#%wx$9R685JRV(67P4b~}2cAC?}9;=EQ>W&7C7ic@rOVPj=hXTdy&DLT3;8x76W zc_z-~rBx+0^-?MpcGcXX4xCto14F!6(IB+@57P`8jz^?~evHh9rfN;taWVrwfcl3? zD5y79W`U(a>Gbdb8zm*BT20?v(@-}wJT}+oHEE%UOa$!B{V&I{Yz#tNO2`dzgvl4r zBp}E@%Ycf}0sxh>9RmGj=%SSX1OFT87a~0*IVL+Oagy;5^H5aPHmS=$50U5RRW5&U za&ADJVL&AYWyd6kq({sn{_rB0-&kcVmKEms+#d&Iwx}p2tNS)tG}=k0GrvqeB?{7>x7731^Wn~glI67EXHR{P}X<`@4TCf<2HSC z2*LWTzXCx0;{lKW!-JlE#f~PTh7D<;gOoJ6BhfU_ULQDjIi&Bs_9yR|w0GGl%}!jk z!Wk>)&=+)F$CNyLSNRVNHbXLCJ!eK-u!b2g9eStjx#GYH!b%YFxwA(KYu z0)gpxA~vkvB^!JIuI&CI2D<>5o-y z{W}_uVlg-V)nHN}9nz-tz=5R$J%&l(Z#u;*H%fvDUWy40va;If^lUoGD#|fC^lLY8 zQrFWn^e;;^>mtTzG>K>nmC-)rDW@X)%row~KbOaYce06HThr)U6%Wqd&EKUI4Vt&|2kwKVEK>Ze{1R42!7H(wg2AANPW!M{;vyB2U};mpQrp+ z>gL}AT18qV2YnkyyMJ25(4AIL@qdZg{1{f!H*oy9MDa(a#?a|Mt@dN=pFn^gHJ$%R z==@{(zd{%Or_{}V6F|Vu@_&R6RH|&+Vza{dvhIBQdvc;SQpx9lqkx_jL32=@H-WA6 zH-VGZX93)bY8Q)qy~oX|yQXkR`whU~$>)pRir$e%Z(F-A-=7}Bk(gfZj@#w(i5Dh{ zC;?hj_o#!euiD)#Q>wv&@6S);q3NpI$|oi*kF{h!eJtAD4BG+Vk5EMM+7?l|-J5tl zeeFY*+*Z#o0+lTeo;1tuU23Lg8cmNTHi@vyiE7DCjebs}MWsMdXHJI#OGiL4snH@@ zEzHe+#7kpZpIS8vXl&BVwKk4|Usry*bKrbvO9wSAN|~unx~tW9kAd@IV!O8FffGDVv%@Eb(K3!Wf5-mJ&S@k^nE50(ly3s z!+uk(K{+K_!mF)xg!QoT+gl%)O-6nVac%UrGdmVU;Hwg=FuS@qr^(=9(aQRx>{{3` zMP3Tb{oZJegye!=MZ(#;QNv5oeX*eqGww{T^XTD*L7I|}hXLDD+HUTpq94;kLGGWu z3UUqWSmhO7RD4_7Km9eO=B-!=c9WyV)p>t5Or=s&Hdg;Ydd+ZZN>8tRPZ z+E-%L(3p4>pNdQDXF85@k_F$}x^?=K?!bzj)#_*XzDec!_`4 zxhzCbYLpqj6bMgd4N_70z{5B?eCR}95S=EWLlDWoJjb0XbnCYAHP{aNI(Pe^DtR6w zr)mO_@b07S;WZu2upj)JMzVS1uoYNwhFJfuN%~hiFd$YJTYBq*vo?wyE@{cMzW*U&lD97f(Zp2||pJ;k66p&tp&kyFe!WN){JX-6w*R!_3 zfeJJk@lnYi@WQ5&vuO%WF`;ca)jjJ5VAY)mRd1}GZM3!=Q>S;|y^Wt_Zjbe8G=wQ+ zz@qR}Mn&a?vAL!9wZl#;zD&+KR%MUaopEaTI$DkKQ^FYN5JxZ8Zx{od$1^m%X2X12r#b=2dXe!uFR2K3s81p)HsBS3)of6l^o^%t;h zqdYAaJduZ_-q+c_;=?75hD|PHwWPb8lm*mpc^UP+C0NthF7I!Vw=lU~CNlaz9|^zY zhhp3f*Gz5K?Ra#qSsE$Kzc#ZDh9pd$&2^sD`KR6Wra} zlQx$pva=Jn$j~k{WS=xxyr&vmx3MDQ>EbbXucVJUx+@&hyr`#3>LZq%6KA~x79Art zT|?GgV~Srja$Ct3w2&-mB^y`T@+WO;E|Ef(y24a2(O=}f;C?8`5|U2G%eMKN2;$%8T_XzF`j?-U8S#egp2tj(^!f7}6|I`crG>iUhfN8gm+^p@t zT0Os_UjFRRdan;WG9BJ(kJ)rpmhGy2(&6!(z*qqNA_C}|H;LuNV6QaZ?t2Q9Y#UF0 zQi*?yQDBwbJ zgy}Yn+^+BUZ5qDf)O*IQ1*f<`Z@fZpd{QNyq@Ch^&f>f(c`|V%?fPD_^F9AwrvEV5 zm_k*wY{Fu`(t0tt-kXXq+${XNB~f>Tp)9FZ%{ji5b*Ojjj-k)(qaNi;+3WwfeDDH` z+~>h)_6eU{t=Wy!eeK6jq~07k+mf@YGIqv2 zHJ7DtXxiH2@eu&fO*TLqemjozp^53E9HYzXAN3`>1v|k{jrOVJmmZGq=`Hf1t!j?8R*Mn8;$ur zIKZBmrZOiCxU|5AN~%3bJTNYI%cv9}MW$aQkywak>Yn!ZHN6mwRulicp@@#@K_JG_ zurT~800BJM7gCLOuzKXS9IDTo`0KMgJNDD4;C)o(K2ZBydGV4W=T16K-7?-lkU>E8 zpu&#w#%1fosCjkNCL!UHgcLhhpx8KAW(j*y1$!|W8+Y=)!dP5EC2ZE}75w_kx&{2A zJIHmYOElX?Us$8kpr}+0Tj>IJ#$yT$l~s9AQt@{FeG|V1Pa?iD*`(Z!vA@O7%~z3g#5p={HKeT641f%F=*7;P{@nqKZWX5%W)^$JY z9UARZJf>&bA62zF!j#DPg$S!gahgQ)Ev)KB+Uc~tZKPn|$wa$toOb;!*Twwzc=vhp zbM8?@n{n1MYbe|bsEbL53gc3f4>eH6i6G3sdLVwHknCa-kW0`!r0)`9IswF6nZY`l z!dpcb7~pms#&~QgYrkXL7rZCP8mK-Pqp;trW@h^1vhxl8QWp$3nt0NFYro4nD1HDE>d-oQYg~#gE!u!UdyZVD$W>b2{AiF065Aqog#VC{O^#i8! zYBOyBv){SdZjdHR<|{oYfont<`Rv5gTBmsF+j5z+8`ni}EQa%JrqPclF|S8+4`*4P z^k!U-vfd$4J)lwDA<~4z0J#1|;eGOA?Ib!#Yg!5rQi~t+BEA2JnrR_o2LxvgO8gs) zQXGUM13eKQcIz?%n$R*vv7L!O&E!-xr9gk&=5XwJgYFS%7?BJxtSTnP=Yw?TC+4#w ze5;TO0!j_g5o&xQ!f3~kZDTqV5qvf7NY#348|`h{66*LHaOobZfS~WqsLKC1p7uga zm*Y>D(_bl-`G=)xCu2;$bN0X`T0$<3Gs=P&(!q-s-{Q6-^ZmH~?No+9wUDY@_#5;# z{^xLU%&DoP0VY@yOG$%ClSV|EEh=cK)VK$Aiz6%aDK2>L{I^QoGw4dvcX9GBg|hA_ zDEwW=x|{^}jncC6=^Unw_fz|gF#!aOH!IU29CUDdFfC`XdS0*V@m;*xI1t04$}Nv6 zD%pKnoDtnJKe7a+1#+1N^QkCInhEu)i&dM}oE;3R+5@@BG%z#zJ7OCZQ-JRfMn33ibWV;Qx+{Tw>va9SXfjluRagVNnIKE8E7te z7ujkbB}O+61a{VPkUuyxfL3nec8BDnU*`ju{oMIPA+lRpZJBj&Ew%i$$AlHk#3b0-x=UTGt~Kb!opp zz5oy~Ymh1ov0D0k1cJ_MbbG`;aNuZo9VeZ8EH zLqpTTg>!N3kJ>bAk$SHB`ZYv(jd_y6-+bAIomCx$eE47A!A}vDM%KTx-#c6BPMi0H8;5nMQVe z!K9*>Ox%Hrd`V$YG=CSrL!I~_K=4V)0kSPG7k78t-L>D7+GKLW$)+SUz)1`3->JY}-i zyer*KCA_=fY}X%_V0seM$@4#fYtq$RxH3=kAY4BS?$%kVFO_E^Jy!O}big&BoOJQ1 z`l`u1xcZ#&9h-uTo%);Kw*Oe-sX14=RV97CW~+6@=F(2IrLn_57|u>9LNcj4Di8gq zeHeL(OU+7qyuYZf^Om~PA57cme7m>KUAHwb;!<1)Xe-%R8`)UheO>0dCK^2rfuMJ2 z^zxc@ zopQchH>8qWY}8uf@RB!rUUATX5E(TAmbYxx7+!P=_P}Gg@{WZ<>5HNu&=h$ zwVE%sPy3a!=Ig!n-QQ&uUhOkq3}BsxM4-_YpmyPYkM71Efz-RS-p_PDYGdpeS7U7(oj7bV@WM$)jeqLwuu@221W01vKy%QCx?W;A9qi!BzM@OwQO31TxxVuDJj?cwwL8ITSu z409IhtbQiSf~55k%3t@r{X6p+0U*R#Ls!;KV5ngysiRaFDiAe2vB>xDILhd z&=3LgzrX1LLh!0%y7dUmfeF2y_a^UAChip+Y1Fv_cSa6(LKDp!N3gU>V8&Zct9R|t}*UpnOQ1afM0vDY#6c= z#$mJpJ^KgMbDbn;nz4WIe&q^;1N6Z0RRHFS%3bx4-$3wyFpz@we8hHjg zr;I!IeD)*tc>~&gr!cvg=TeV^XrvxeNCjLWOGf4aVsQERA``s%@tAD*xZfRl+#Y*C z!*t@P+gq5V19N}XKhJ`FPv2~<7pO*FDE+`vnmmMK1hi!YwqgAF3=9kifD6EzQwo19 zL@OeYPpd{;;6eve&1FPQge`5H{_x)wdGl#~am~0I{fr%Tyyso8r{!6P8!%?xe(iYb z)Jx`;CL9H?20j+=;(K2j0*aZh;3P8X=m*60f;H+ZIYR~7p&;>f*A6UwQFJ!;aVF|t_) zOm;VU(tayu6Ap&hEsii;t@WKR^_`&g-Y;NV27mzIW9CfT68U)WTiBKGC@>C_SGOQ*SUhWU6Be^xZFL?@q!fdPs&(M9aZ zKJUrgAIUx+$_DO9-vjCs5CRTn9KjCc98ss9TGx^Z4f;vi)a*(q2D4npnT-wR9{dF2 zxfLp@l3daxH(VmISfO!EA9BkaYiUy3?~?>Rb2>6|1)Y-I1MSd{vREG`_tOqUEn%e1XOO;2a|hWWJa%f^w=x8V16 zU<-Vc2WjLtITcj}0uqqYlKyA{!=Oyu00JUN>HhlZN2CB)1nad`yCqi-_Q~x8N5p|0 zOvtRFAH3#^EvS<8@lS^?jr%>i6~fS_JSK^8JcnsEL7qXs$kw;QE3$KLYJ>66Z)WA# z2u6VEoKJ(w`~phfrA^-@4Z1_ceo?0iICjV{4yc|?$#G*D*Syc-ek#bi5^ax%dHeaL zh8gX((5rTub%)elh0n{O(njp|!in zZr%!Lw>VIssJOLmp5NyO{u1v43+sV@g8|m9ewje4tWia)%9?*^G2EaVh(sEi2ri@eQ5)7SW(TUg-}IE z%pM;PZpcRk8Nb`*w}N$YC?pvpSHXd2y?ulFZ49Za2v?@_(e|jI$E`!sFKL{PWUd<5 zVjWsyo{-BD`%MK6;@3SsIha)IbK{p=$T>f+g~5lNiD|wg=*FSI@M7S#0=fSAaqVrq z?L4L6x`_4dgXuCa^4#e>4|;fh@<>vQ0CQ-GpDUWvU;U*K3S65gP9zN%vlTxX^rdYXh~f>FRrE2Q=7;s z!?7*Lqc+>h8|)>%71yP<>k2rVT$pFF7_lu+&k1Q-6KS?@_20*<6i@SuQDl6P2Nz6WJB_(6 z!T@+FLIRc~L!Lf-p5c)>$mTCnoUfCetkAnxs4OTDmX4t;>OrUL-JawBqUTe=SIJ#F zxo%&cs_Y#*5L&!eGDRM*8`DM@UmD+48A?pDJ6_Zg`%EHr+XQPj&uKSbw42xr33s|-*AKcqJ{9G{oSE-PmLjw??PUo`(qiY+F~7@c#7 zv5fNPj5Q&nNm288hBGpaJ9Kpo3Jrbc|FMR}z`aG_3eqfK_sUT#S_?}S^wjMFwmx2~tV zv8P(Y4?u63%4vB5KQUqpm)D~O+(BqhHvNrCNDh0-R&CHSVxNV$CS$2KJt1|HJgP`Z zV;{^y5Uh|VQY%N&W`va4n!#qv;=_Qnv@`6kE_KN<_4N)xQ*(4M7U>Ef&^pJiTjILQ z=p<^}_VX9Jj~v{_F#JfZx5K23`a8?&_+@+wryix*HefQyUQ_kJW&6OTaQxI~dV&iEM8on=XcuFsCyFRV`y?8-E_nqkI#b0S zYxQnZ)nOB9J?ETS*6BnHm4_!>C3oyvQ`}rv@J4OcLTltgW6FY~--4>dDV4q#YR_}L zxQa$twioEe@pHQ_@et);&?A!C3tyq&X3A;haO7cQa2<|nX|WobHHq~G)%iN~V!P~` zBGn~z+#_zX`Pkta5!6Ksq|X`(Z}9*vz;n{f=Qsg?$x5@tX7kwFetc<8-uBY#&r}5C zSsNvCi*B(iZw&axwb-sxVZCR)y7%iuSM);{bwd|!VwX0`rB2-y04AqYAElVLapG^z z>{EkqOl1=Rq-v)9$K?C)JN&aQrylQ9{LOC~^}PX93UUR;_=yEEFB%aj&%R&mE^0AJ zqqk6?I)y#46n1)_;yYcCK2s>XwosejU?6lUs~GxB8wG3%X>VVg&)zNH zJ=HWp+|+P~?E#{B~420wnI7FSF8 zsY2dTAntaxbU%$lBz2`fST>6}YJr#-b&-SmaBz)y&3;N5D6mltkE6J?;#4c`h@!mE zgZc>g=P2x$O5N0x%zRc$-$WLzuoku1qO3_q6zv-XiX(^o^OX+ec;BqZ0&K!#+wsP& z#|@mW^<0e`Sl*|#34k?4$9N0(KgrSW_&{Rv!fbXYOQ=pD2Ba%vN%Fr^MhWi)YtbT} zo3Oy^90o2SV>x}-C@B(p{vnl7y-ys{dR6dV{L$)=kb()u&KhV#>U&dQZ|D+;Q60S{ za`>Nkbx25=iMWO0T3@%7e=Z% z;Br*Qpv_(ww^1M7Q4jesX14W}^wH>|rHUt7_lHQ6kd9b#f{fu1sq_@6wlU7EIabJ# zPecuVDKzLYDd=4k@>%w5GiCqy;02UjM9h`H=u_kA9B^tFKNo-H>;8o*P2rN%1C6Qz z7L`Q^GF|0fci?_)*-^L1-h**X<2zh;?$7Lq(-Lur~R`0%eW4u5U8!`+aEJ?C( zMlJ%y2;hZMeFPcPUKpB9P6Q`4f*9yVwq~nWsum@&1H&sHUebwC8LBw2f1s`=s)a!g z(iWm`Jz&`A1rpOoAtWb$*VO2R9n(c8BrD-`O0og{_ok_ESMtf+6|WGPF^Ll|M4K)? zxmm<+w_3lY?yz@S->JB%rNasb+aqJmrIQsYEae=lFO=1nF#*8BH7gx%G^idFT^cRe zJnIBND=(O!aS`jL8k9;n33TqYOQdjnC-LSx7!44NhHhT74pb#C$)K#*ZGyrFlbvov zPLjd#-!@02OZVENj+d1X;*;se&%l8hSRc(_9#~`*u!u{d5a}wnnoBq9OLrUz?3>tO z!MZ%qGM}2@8N8@0-+?F{Q9v8RlqJr(^oo~mX!pT%z(3Kyz(lDaC4&R|0+4Q?9dKXD z=41~h;S#D58LqHaAQIqcU~lVyNduR9CtV=Ca1|*##eVNdA5kEjM6+3_meUbTroynO zT7lyGp`JG)Ts@z|J)Z#jlM?#gExCv-_~Vw62hIVdy4xT3VMpD;W?$`LceG0>-+BNi zZp8PqBra9R+i4VXQ>YXs{l8(7K9TeZbX!)X9~6sP+A-Xye^ro5E!#pqE&*?shhc+= z5(mBi3`yvHG@`Q5&Zoi}OoP%H`>K#T=-SEqxgEY?LE=rgo{+gA5f*!bb83ER%ygu0 zV@;m}DEd+qlLnf7y$aoLi!gn2H+=-5$d z*qL|UxHO&ccby2wiK#*@eH(O0!Bm1%;JZ4y?rO5am&{o0uDf;57y*$c(z8y_p`ZV5sYriV$zxD&j zy^nVb-~+(@qR|=cr+jq_2B=05NQ%6HLUi(#Lk&88)6V<)k#mloK?IZk!QhEO^K4S858Q1;L%y&Capbty`h&-9IEpqYxHqQI} z*tm`Nc_BLpuW;M1)Dgvk06?PC>w)SQu?!4Aj73QARe>Xy1flagXbJk(P~d|N#YHQZ zvv)b`z*6>xiL|A2n0-3J9H-zp)N|s?Gxh$~llOfL4_u-=P`Jl?<)c9F-WPEiobvmt zahvb;JS6$shY%q20T2Kez(|h{;KKjzco)@6Aizf%N;epgs~QWTgFm-hn5-w3Uw`d7_J%oUOOx1kwU-mf7I^pMYdvf&gRT07`XWK)KU?K7<%y{yNIQ9DRX6MS}LuayXar zO-E$q&k*(P5wkiXk*cyHl%2kyPxmG~5H;Q?R?4{fUT7rM;RwsZ(AWlHmS2!JZMvou z#hh828G~~Nh=417GuEVUytQAXKzyF4ehi-|J${OOpmBg~h%n**xQZ3cts%l8z(vvY z3@T*ryC^q!P?~EWGymx~LsA%hc1MKo4{6&sdtw~ixENs4^9ypaUbTzHu>l1IAN5Vy3mDum6q6$VumZhFGr*w5-21yYB!q0|Px;aJU$1feg zTb3SqE&9ne+(|JohsxB6DyX( zHkXL)FTwiYyj7WHAK_3yviws%6c-X3o>K zO(tu^|3TYZz{Rm_d!x9!2Zvz6-609VT?PmcAVGpVgG+$m!QIJVGedyj4gmrL2+lxo zx4}Yif3vgiIs4r6&b!~e?>o1r>epS>)jhS=swI=Bb;i}-4uxDh8 zOfly~M*f+fB+y{qQ41z=yAsb1cuTzwirTqB-urJG4y-zVjQD5vo~NkOOHtn)aXvUN z1>fXZI2%a+%Duoo&;cO)j?8NNR8*^0vZ} zs`1ThUZ_OzGGr?E$E~%YDYC&V@@8-M7AtZgY_EzMGc!Jt1=Gtd`tL3(oL0(w$Y{;V zlbSt{@~N1=Xb8MRL_#tsVv~MSZF(xSZ|{u=`K&_+dYEv+=l64^X<|Q&qAeB zZsoyyFIRKt?T+^eZ5dKNdGqLW^JoVqy-qnLd^nrK=%pIX6qH41gS`bs$qZhIX;Sk3 z2H%y&YDw`273J&6v9r_q&8Y}f@ujZ**{t#FbLLSH>nK#h#>lcX z(6VK{mtRk6qRzVywA_117%Jntq;vDNA6cpZ&Bd2G`GQ+`-PgxmLtai}3O=Ww1T25C zw-!o0eJRFvDa`68Qgvc$v^|}?v5>nzl?-xL(XTI-XmE6ORPnY|@n$KuSMj!AT3JZl zn#+WbXYStxRLr~~)bqDQ-M9&6JNocwuNL5|nPx<%eJkuUTAO$<`U2OX+ugoL$o{dO zebEf8BBm-fy2892D$85L#M>qyTlYk^_{ke-}xLc^0X>r=4ppS1MzxHeIZvFV3gmA42ix4QM(bqRgGV zf@Qp%wY-w;vXT`+`u2h9?sxWuEF728C9-Ur8J|V^Uj-IjqQFyC*84%7`I5gf`OgoU z88i%NRB$&!dJP;#$~}&54g#n?pV+yMpCks>f4q6_;X_e#prhSI_wXS_vl`R!PH>Z; zQq2hW;k;LAy+6T^RR21da9uIs{%0OGLqhOH6{+l{V|QeM#^p{G=@RC(&#k#E)x`+a zhRFZW2j;)@mihX?dXE|PlQa5XyC41G0rYQkKl)$zjIy}!KY2kO%&92@bf~@@_kgq3 zadRRCRS8qSap<~2tdqjWL3puIQ6RjpbJ42k_1X@W3S*$cV&*5x;Y6Hu6s((l{3P=) z4YcQW#0T0u58KUWl-`O?^*uF3VnpmZ*dzvWPkhVJu{XoER~M z)G;DCKSI^VBu@pRO|&v%x{gIN4)|uTA``-YprVETe0}_J4ebjR0rcK{PLt6I#dWn% z7wLKpyZGoeo=2qaNfY$YuF@` zHQ8A9X11*6YGToa78Qh;Ks|0H^|XY5(WbIxg4B!N$LKDO5knixvfNL3^RB$d<-&U*gq(SgBXEwD z8BUq+N)J_JNIL_f={Y}1E@=j&VLUtgURK1aC?5Xu(XN3n18i`qEnYcEeA56rb91F2 zqKE|4r@oTV8sw_b+;mG1(G7Zetf_|NW$`+1l?WZTURi}9pVveALbO)PF}DPQTP8o^FStq3%X_6vK*FxB{MBz-oN+D(0)#at)oB=f?jkuy6lG3AhW#L=tLV>nDICW-{;}?KM6Sc zK0=@+-Sxk|9W#8@(~>^!_RuP7yPl{GzF)6e3b?xpzP)Om33}j4UB2JS+73Pg1V3O% z+>`q5hL_1K-yAW;WNa(k1AF!xYYdz7=bwP1&MTviE7XZ*ij{L}$l{D*-~eA>_L^ey zt#Rn>KC<1Mc`mPSf_)!JflNoca<`(C(BTFCqquNUSB(6jWlb+Ur_;N7yM+q-DSH2f)aOc8P}V;oXVI7 zb#Ey~Jbe!mM$aw^^4E2?2iOZ-Z~8qP*gJx3GCWLjm6W8bq@rC^iL)oAd3MdF)m^x% zQwPcQd`URXRms2Y$e}yc0yG#V$Jjm9tMi{6TWVellpueHJlpal@?gu9py|%VwH}ES z*zU=y!Mc`13v?q2bmIrwVa05&5uJo9uZMp-tofLx)MF4l@^G`qcY4vc;v?^S)@w7Z z5zua*q37_yK`GbY5M?y=t5_Kpx1F2=h698!ZC!0M2HayIsinF-w1Xl+lJ-PbKneC; zfXA|S>WeW>8Oo|UQ7(Rj2a{|5OJj%G^)ZA zGN*TL5&m?u_Om6qYiR2v=wjaH#=qQET2A`rJ84pK#z>Wa8Ny}GdwQ{&#IbnsBZgkAsIquib9ex$^kiwb=diBlu;6o8d-X|M<&WbG6}`;qeFfOR zY8}tqFGh-u80AzB7pFtRMao$Y^!pUO&J|>j70y$C%!+x#0I-%)> z2qrhn;)Hj|#HsUoG$O}P!mZGv&(*`O3AFY%k5$TiF(5`obe(AC7z>D8C?nX4u0B1p?Nw5 zF$MHXwm*ZPPB1n}XTGGy-h8n-=L)6@K{#qGP@#({3W@b6ekgH?FL92qU!Zb;Qq7yn zZmB+h-#W=~?H}fLimD}Z{ME5%$XgTvp(OJexcqL!mfbQp_A0TQwQD&0z5J#QB*4)w zf<15Zh0V=`1T&lAciQx49b`CG+EMcQOFZ_~$g1C3Tyix1P5JZf3r%Ns3Frz!1&0HYe^`!<7G>(`T- zWex49tsqQl%e>*pSKP;y27odZdH_yBHxRC31M{u`fLqN4XNDub8+ASgRQjq811&B#D;|eFndQcNwQ=z+%tlb zB#j9qS4l-s3rYquh(U3-!4Xl=+UOYSGplD+U>lvHIqxFg*}XcO@y;?er*s32ckpO! znP^D<_lU}D$BJC57Ln@qfQ8&>-rVws^FrQ5(feQrP;O2`bHjn>;oRO7oy-{Ro|VLg zV=oY{$hwaBTQtuW_LS9LMxCS*3FcO?-~ON@ zMoEi5M#A&MCK-Dsw9bu+0g|i55hA*HPt}5&TvX?|AQ)Z8hO3VIJ?L0 zV*0dJk6mVb_tfaKk9(yi4y9SpQc*Md?agERU>BYEV42F`!21cYk+Z$UY_ZnHBiFsT zO^by+$9S)rJ_325D(h>VT`NM#@XAXTc>`Cj+MLijpBr3JeTe(T~QsT(U zf;Sa;@vquF-cA*m-Dw277{&*)^4-EAxr9qqChOyMUF}Zg{@VmIhl{+WcO&VU^g5+giwuJMFL(}Ef>>yWxBku-go%LLfxL5p>^&12Kuh^%k0!+E`kh>pc&lZHYOsLrPS`VxqaqiCFh~$K#M&r5kZjQUD zjw~kBwP>r{5kye~f=7Y<+O8ScK@{@}GUO;_FILs5a`F2s^BK^rUu5EPBzay5gAsEx ztgj*HEx1&;V+XIB(HE5pfkMIo?-UNI>wpAxL9f+@a_J3uL?)r53BCtu+c*9+9=Ev4 zdFN(}I6;%fW_uWBH*XV04h~BfowwR6r%^`$+!SewH#gXa>0|;xH`MeKrNWjKO*~qB zb|I+g)MI(TKGfU=LV@{Qg(w#jMP1y3^ShtmcXwy%#mvaz07ksA9hZJ4 z+iRk1og|W{^ILNk-f7OcDzH(0L#@STgW2Wz%=L$upf3+o+@!*v$m%|=*E_8M9nW{> zLKN!vJ*pKS>*Q6qjg-DL^jM-QUEfN00*`{w4^lh}!H6|hmbX?r1BW!h3E7n)AVx#A z&{ZoeJrWBUdPhlWi{^%;YOlK~${GW?J?}Afc-_GZTXv>O!C?<&$Vj1m8E`p&e|S3{ zNqTAHyDQX$*VZ^(!D;!+-oo1WU3;rRV;zsQ5E#WD?;ex* zLqvz!Fp*15pk<{8CwoUc!^cAcc$b00B%=|VpF);Nc||gpl5m=!Aj``R|XS&zT~%Z zZ*60lQNO&Ry@4kXq7doq&e`?Nr?g#Fon4%7U52y7GiY~C)$U5Y!KKh2t4>;OAMSZC zzjzRFel2w_-bg3NpFU!~Ll`RBlO>^D*i%WtY>3Z-5Vk#%9@%SI$DMCuz&ulIyt`nZ zkD9h-SQ@p*R9`R--Vp0N;)VkpV5z1K#J<<7GtQE^jD&YU0a8$j=-|k6XY=KZG3SOJaj*QJng78r8O5B$DP5k z`nL(MzdKz7dU_igI$7)cJM8tCiljZi;ic?^?|azR@T8h^LZu{>~~R=2C%}et!75}SH|CFo_8$j(>|3P9ZiKeXaKwoSr&?(rWB+LcyDBCySPP_@eN`=R@`P` z)gwEztQ4(?nA_DBLoEx!kPU+Iqec%-Y4((T0%&GS+CK|+0mc{f*J?fWwd*Jhsy3Vy ztV$>EZV>5?KMOq^4ww`*yCAqYcdEoUd8OWnLvJhp0s*PYPO~8GzkV3LHhMDq^T6An zyneJ@YLID^kYLYg;Dtb;_U!ctnTCfdnv?U9UYz23%~b&=c7PuVx7GU1=68v_gTTXu z$iqo(8GQRvIi8lh2$wzApUwKP6bMvhQz_!~B4Yc}*XRDA5r*4Nvkz*hqVQ5=(n0U5 zXd7`l9L_O?cTftYUUf(o8s9h$a_7a4Q5b5GwaWz2FI7tg@0=jb;q<038R9leeuJe@ zWxfiNFr7&+bd)+iFdgmmIEX;X_eNr1AERI(GnhLw=X~Fx=*bdbAQ>?lEzFV691y zVn*NBXhL{}P%pd4h+MzzY|{!O@I@dQemyXd-ouS`V`qQ7h~LQ1GNzQ(VB9om&8MGc zb4IS++BW^CP0xuU_D;@8Ng4gAf7l$ks{_db6NCkl{T-lX0cBe~LRp}HYSX3{?BX9^ zFqonxts^~IH1d3kfW@ASqTT_w3YcQzli~!8iFEfFRCd{Eh@j5y3-_^ z&`gdyYfM5Hoj)=KWQXKfY@|oT#(RI5tsZhq|JllAMQ?TiOU8_ut7C9hf0skLGL6)A4W0j1N<(eUW8p6?CesD98^n7orbi1*CiWH(&?Af6;!6jxI0 z#8|XNzskc|qI$Q3d5la1IL5Jg6R`Pi3G8PYJK)KX0B$6CVH;9uUu+yQd!<9#=XLLZ$Y>1tbop@o@Y)>6$?vuw3dAkO)5DYBSQ&$a$Za;}f@M$~7Y{ zMp4<+iH(H&Hh?9tA2FEWrJ;|>jWb<&A1Hum23*L3bu5zS=_-@dqyQewjp=lpeko`3 z`ujtpZduLK?>*%mm)Flb#lQ(6Lq#itwj2!jGkq(743PPl~mz1{^8)xW#stCll@68vz$G>n`ZF6+5-3!*tFaUVa3+Ol$!OcfX&rL zXN9A}6%<3?S4kCIT4I;sq}Vx)GSflrZKJ4E*%G4jrMA>GbS?F4_L7!li#Fa1XSd4% zmye{B#YaeFu3Y!Y%6oAxB15=5K01oOqC%!r`m#yvYR&RWp{qr3vuNj65(lLa>dlSD zijR1(|M86XRY!>s(AW-9=sqkaR zgQw+Vze$SXz3!}&?^_+1ucgW}KRi>O{K2iksxm&VLT&k}M#fT5b`1VZ$>e51K<_8k zD!;P+$9+MFDGkRm zdoV500O(B4bW|+Yfc$c%{f$KZsKt)wMSsDkTbGPC0V(IbsA)*HcJ^k+y(D3gfM247 z&78iGl$;Ys^DTSMYC6NFSID{|=Zp#mD$~Ymusi{3hn~$=`p|r<{yB{|7J2T4M8hO8 z$f1mU)>CWbPCQSqKL&4_iHo3(;PqDKE42`W;r6Vo@i)Eqq#H>b%ZSV#WPZ3eJp2Vs zkPJEMcqL=5d(+$$^bx$v#ckj3-CTUu3SHiE+bilmP-H z_2|(p3ylsX33hpn)?pdewV(ZkI)Oz>2Yxd-<$2C`{MjEFgo*CasA4$HzO$73x02mJ zLRfeRu7RNRm>Ewc2W~M2AG0p40M>xRy<=AndbES_4-GQaZfgBZl=yGb@pUQTJTp5aD;W2?b=Tmc^(96`D! z;iXQu=REXrISbHfDRYy4jqriPTX1HTqb|IbJZ1V zx+vL;)z=(&At3F2IQANR085@y&Si3DXtV^Op$O(j zSQ@HDSAK&D5xaU3c{mdViiS#3R{KzR+Yc6vNG|%r7*rg#)!0M+I-e@&rNbxl?DRCo zb?4q9=4_@XiaXNjYnJIJKAP;qJCOF8ZToJ29(D55>3i;4e8YLa|LhxnsPr0~cn$8h zVNc~ILaW-NQXe5?!>qj{v^q8WbCbapBn#iicdNYDHjpwme#k05#&r`S0Y-x@v#Q+E zs(dRFL-X4{$<({#>fCVAzcT<1!6=mP1iZq59{%jY?B$Jpg~ zaZ@G3dDH3heYlZxdS%}GN!f&|SyrsY=TXp(R?VXt;rKWL3!rD+bd8d=qRmb%R%t}#Ty_W#3w;Au| zdK&jvA6@u(?z_3nZccn&Y<`>K0rSg{a(GqVz~SH>Ieo-n+{p)elkw55+=Ke`E`fMc$9W*{HBg<(2S?vTuo_@%Co>nhJ^|#I@|Fb;HmP( z;}STb1hV|pGY+iK$Io4bsp2EQL=$lkgd`JfaE6h}72thTeLzCFYUue1Nf}Ga5LLcevC#^$p$7W_4>VB zm*#ep_Q?Gbp!_=iqK?H+Pes-emUT1`6)8g;;SUxv;LA8Q~WQL6d0@JuV-K3vsGdUu`+q85Sfyw=iz0G z!7Ki>Oeo_y`W_oT>Ur!Amw>s`@ZwD_w;Kz$ZNVhBk}B&sKJv{lgJ8c{$}m-6M&i}; zFGM;_>6no|iC@Cx=~Gx8^7rXd3=zn zxDEqq>B$l}m#6Cfnb}SCC;B)DF3YgF>Rbo0_X^D1s;|70(D=>{0G%I$AE_7wBh#+* zJeU1?%t#-Lqk{5ULF1SW6cYs|VTOL6MvPi)mpc={bFDNY4OQSDx^&e5%$w66`UW#p z$v^USVN$73!VRNNPQqkfvftTO=TJ493pD+7+fK%E9R;M?-odMjoE4V5j){@Pzz z>LWO?6o)ClInUx$ZIJ_ha;~cYVk6Z_i2_I4`xh-eh8C4HNWv`DE_Ua=c7|qlvK#g? zQO|Yb9+wQp*mLQl7SntN8wDk3m9n<5&_WOt`3XAoR%7yhkgF2mS`OaCpV(cJ~skqHz4 z+8&XJS+zH9dL^Y=#$n79LiU70B%EA-+yp8Um+kXZ$H>sK?p(1Kr0WlKV}L5!16JJ^ zvC?GS^7G%a!^G)`^)aLUlqX)qEU|H#-Qmjvo^soFJSDrfG>k?0Ssxbv@p7{N7Gil{ z`Zz+&e497x9(>ZcENdvBZy;i#a}v@t zZ)$0@(cPS9*T1jc1YspHz4}C$vD;&njnyn2oRzBSG1Hm%vKLd= zMT_1PRb%x#CD{oVjT0l%0m=hR&2`Qa-+TeB>56=LgW4gghTPl@BYuie@-2Z^P@82F zv*hlM&GnXLO-{ynRJ%~OB9E)8=jOg<3w>f*VdC7y6++!fYGe=%1~%wgH=L~03OwTLNWTj=5$#Wz2!DQ4u9D=9#80k7`r!&1+VlMYjiY|ub6A07A&(g} zd!G*%zN_0>vJ>v5F1k|m((Nn4;#V3@c_ypNSnXDWo4>*WQ2jMTF*c(@WI<)xF{jnB zi`O@FE0-$VKLhusJry>&b)gIcdjq`sL#8Dyit-f~C1QyxX*{sSeI&-ugh;owv>v5nqyOIUnGKl5kaVB zRGP@DE@jdQNUqJ73y&%$5!1?aERPL=O*)f6pED)U+mvz)y6F^$nn#%^GB|O%;G+1Q zPvI?BJrCo{M@aoz%m}r0(bQkc`UvhTfr1OzU98m3)BsSD2EcF=KmkBTkCa)lZ6r4D#KsBiNrxS<5rEk7V}4SN5z4^P9oaKI`72`s&Hc z`IX@8a4!fMuo#fzSi*Vml6jX01_T2FcZQd~pWhH7sY^e#>k!U8O7QH4#V8suglQN8 zq6JMe)niX_)4?bTzlfp(66Hhz;iSAN9~n>;a85hN=(;}_NZt||=rBBOP#&KoI6fV{ zo%%vsm-i+dGXl+h1nGt@gzT4om+&ug!vH&6cUU1UT?ZQtiHO$FhTX0-eqPnbUn0{1 z8cOMFgq`b^slR?CihaGAPRM|}C;65{8LMF+y@D=%C*Zp=OG|w2uP=Zijr0{UQcRES zQ^D_Qdq)(aVQ58dTu=9*cVg`uuvn(R^QC(3vRo26{w3IIfeY*aC#^6r6AMk z%WFm*p>Js~Yw8k^chb#^w&^pCE195uRV>MZ3~?(0Dd z28=rrS9MLfca1qkKej_*K1hW{`~Ld-NT2)NkcghOA(5cP`L}h@R1&PCGq$?6GF!?- zS1%P?2I7Bed}9$A<@i8%VUtjRk^>^XeHUkm@6>vrgz-{sU8FsoEs3w8IPs{t*lr(W z&!~nfLH!NJ&+%>Il}O-Ag-ysOj>t3yg^uy%`TTX8m9vZtPBu<$h{2L6v}T&m`oO$M zH;pPI+6^*y4n3qpdf$MIXm>4xEIww&d}d^oxF=XxUj2P*@zy2e$xP{Sl+kznW)jgG zJ0UOLBdcNDn3|SZuKnn#pq?Kwl$Ln)CCEO}>S6jBPBmF9Gz1TyLWCw7s`$oz>c_+@ z^0e||07m>SaH>i&?CjCoaHQr$X@Kcuo76=|3N$)wE@ z^^0>Pa$%!kcp^tJX&Y}g67n+nDI4qAy@~ze4lmAwO40~IYkt#MIzj;Vl~>u zW@A-tV_gd>MLYp>egiyDkLl7OQ6ndd7Ey8@Ne&d=aJg%TNd$?y+>N>nvOjTAug`$f zDlA6&AlbG!Aid-jy`VQ>MMb*D`f>=D-GCBVycabjoHf-rjgV(h{uRzb%o45PHqn4u zbG`V>#3aqI2*AYPwP*W%SDlPGpz=ihO=O^s4%HSq;Rn7{75dW>+kv@A8GztZGh(n zJ3|9NF1sg^R-el90yzsO0?j0w^+omD0mQl|8 z_oHWa**QXhMw{dp`sc`BywF}VQ6v3SLh^YDlr|0@HGE@w249Ci$244*iLNvgMLe#u zomUu`RGmA`w0=-faaXRXnVBF9Ke#cn`=%>_6PCS^EFEb zwvFGe*E>w&&6GK~i~tt%D?VixfwK^X>KqG+-k`+iW&P31>dLhQ1F@?ylbdsRP^6iR ze0NLs*gDk3+|bB$cHyxTiGT7tkl4U^@sF_10@g@jS~iWoVl_Kj?C@l!hT_=aU1m$D zi+2p)k<;O?zyvWcfKWl1v-D;;^JAxoTA)pQ%{8j^L1auz!uV%Shimni2z_@8^7|&J z|CMQ_-*Ugc*E0N}-n;CnTdp_l7n*%q)f_e;6c9I2s(Mh$Hz5x(KKi~t5Qs+ep_-0# z{xaUuu~w}0GxvTCEe75eKb0jOMi}82T3oLsz#Zy!DU@^bS*F90<@u8J=xNrh$m=p) z{d(exlbfA#rM9!3a+@HbS|NIW>8eU^U=J1la0y8PTB(?@s4U?pYrmdlAsWFO@zWeW zfz-$Wj`7I0ofpm<9%Pz3OzfBMNHeXkY+jPWeva(cu6Vn&ohuCFUrpSi2OTE!tFey= zD^F-x+fDHyt#=|9@_ovO+g~0ZAr<5r9)GRZx4`>CY8q(oU|Q~AVPCSBt*p8h>L3G| zl1%y4RC3&Cs=MQjonjgN6GYeqP-Ae{mLvSph56|V-cXgbvC<g6f?R%F5Owms z3(1A%3TayBA`V}kw2AEHtk#2>yHEbZz~inEh4Ce8m3*^o2aX}pben9lT?1=qyX5Rg zO*eZmC9<|*;BYR|B1{`oiZ=KW5wJcXir^EFyiCbpO8+)T;I_cALhrZ&SW!u%Msswq zem+v@y5@kVpjM&7>6rQrk4vxz&o1jZPj!swgvxiZ5Z}I^d{seM>~}W0_pS4tlED`F z=C{f(>lo)cxu1+>Y(BDT?)&AK!rTK=uZ8F;x0EBKtG)cGNj}g#{N9!v&dKE-=QkiZ zrzH=WH~0~eBw{vGPlMvKX2zv&*is#>#xs3=7gGQIE5oD0pqlk)`&mx~BVryQ5No$F zvv^!6CY!)R;CHcjUq!dc;k+z{j+R*^vHip07p+mnE;;CY9i4#^O7 zZH0dRBbo1knBD}Wk`#l% zaWf(v{cH`hKZJ>Mj0yF}?U?hwk7$}g(FP;D_NkoU@XyUy^h(puEh-kqfv zZ;Rf%3_Y5jE-v0W-EY?2l`iOHMx*;g`9(C%=I~{D_e`y2ZlN)D1B6Lxx*4rnm3& z4{@BwUJS7sh5TT33x{Zs`o|THBo%Jy=x{bLT7NZ6K=C!%$zo5tx9g}=H!yaW)=KKS znWtB(!8s&7h;PhvQN|FOxsC8z3T1U0sM)Bi+;1`q`k`%RrM)lq`adcHx?tQJgu$@u<&v)YgY*%H9pG6g&RONZ%Z;6jA*Rv08*nq=OBv z8cs}SBYz|WB25q)h*BSG9>t0~!iy6MwZxkmh3Rm+Ql2b!wLgAuletT8A%Q6#Pa|E! zR}wHP<(l=-9@=6&FmQDp>X&bRrp#zU7M;#QX;56SYt4T4t4Ohzsc6m8111{_{Q@1S zb?{26mx#aS-tNUS)XQ#V?VTJvX>bdqb9^8-D9ow%OMA3$jd2sD{gjyc%Zo6dOA31W zuAW9Wz}z=FZgHt8+TcyTD2!fupYm-$!Qdw=28 zEQ(2t1XULCW$kNBdY9&H+@XwIE^D<0pWK^|7FJF_B>__?#IRO-8gY)L<;@I@P;qKf zk@vD~GI_wB$J%$+zpXM&(V9MRp9J_~{G&797drjICNy87(qug@;+3mXMzIIg^3XPyIRqQsh(<^{0bGLt@{4Ep7N< z_*C9o*_cC%#PaqB>VVs~3Tf*5KN@D0a2-n<%@;*Iv~R(6P9e*69G^@{^m)_<4U0+g zK2&8C2pQxGaB60!_J4;(R=}AZhLLkh$IJ|$O>aw3dr8oEm<~%+rgM8cl(zEpOy+Ox zs-Jn4__gW<$P9EiNC)%H1n2D?tzWvh-rgk$y)$r@mgST-53adTj49)T1)XV=S{^M)t8iclLRNDaUxwlk+#egdHek}UpA9xt?$@4d-%wu7WS}i_frhw1Y~c%R>1bAOngItjZ|K|41uJTQbVTO9)eEz9|CcwAb zfgwJ}a~*C4+&5<}TLzv6?~`1s{EO_?U|E>4f47ql)LHqN!YQ7nH(@%aoPRGamEIQ04=g_cfR*9;81%-(| zbGh+ry%Q&ql7?(tQT#z)&Uy~YPXN^l>JIc0#n%wxEC-giz$_!42V>sE5`o5cymgMt zi?+|!dzExQDgridn~%xwH)39^v$s`{;_oWlVYpT4xWhOOgwyLES@W>@)XaHUO{neAkk)+l-4%~(B-yP} zL;Gn@?t#=^iq_rk*kCewIDafyzv) zJT~95=C+{ftlM8OhTC`6tpj-7{xjap$ApjidD!9OpwaC}u2y%gnPQ5d zU&uLEL*5PDNI0T|k{%B`;gmBd?Cwba>)Xo1x2H(itEj90dTGTUs~i4pODp~tR$2-0 z^Z(Q0ii3q&HNYFH{^P81_b=2RNN`AF9FbcEu%f{q&|=%{9vc_G4~+uxa)Lhd*4Wl^ zqo#r4w7X-YLPd*t2YDTf(4QCM3yr&mEcE;4JRkDt6B?25$j{iOy9vAx-5&B!_a4c8 z6p8vzVp-|j{N=;OKANAEno2Y(gVP=z+d$iHpnq{%UbFJA%-d65Oc|&LZ`B&_JY{EKaUXTc_E0D~ z`||GE^Ke|loo+Y!lXg@?yXN8Uuxno23gg|7KR*ujI*ucmqC(MLe1+VDm(rQyHj{ry zNT2Bf@naK9iyjKiZRW$6q~gXOd}M1G-6jU3{xNb)haQpdy&_7rFB{x5-Y363v5+ig zjc#RqZwLsNOZ8}^GEp<+2#9TVzzbwlCreupQJmJHfHr^7FOKHSkAqlcOd{vO7awqK zal?P~n38>8RLr|flX~(Jl;+Dd#kId6%@nLuq%I^)i?0)8mj< zRrZVy?MuPta?cnRmYBN*eaWvTImoI`t_yU6Bo58Bb-HbWB>oEvrqpWRTyBw<$PRhq z;skNRT^@O7^btRaw!rnyQ2dxHpLR&i>P|xF=54o-oZ^$+s#c_~x#o)~%wF{L_(AAdpe`YY#QDI-aPE2q;kir{Xi zd2Y`l8B0f&WOam;U8XKv9u}_`X~}z>G$#<=YTMLU7tPu6xjCY4tnpoI|FiE>gI^;T zBqBJLt;jfeLBWsAC&{7BQ3U+~HH3XQ9Y|t3Wcq6ahslWxBEsPb7R_pMYK^BuliKh! z8Ff^5EY1EA$HN$63G5EOr9L|1zDyb~Ts4a(n(jyblV)#rsSZPb?u%@31qjdyHt?_6 z=$p2tJypeYiu$?gV~TOHu~pI*UHsEb@M6K>>p^WBw(YmLm`QC*zwi=vy1NW^H!a6J zhc~`evtJIm>|!1Wq*LvBOYaFvdCaSoZql1(o)Xli9?Tdjb`1wvMLVd;oK#{AW%3OYsWRpK{itF8*t?^#?4+ ze==MD_i!NpHTH)Dqv)T|8^6Im!~_`;;qOo&Vxo+Q@b{#+5F;Y|l@w(Z|A(^@f{cjp z_p=h>jEL~}qyWDl;~()KGDHy>|8Tv)AFw3Jqf1{@`ivO9C`172^ z@0ucL`ZFoO|L0i&f!`HIRQ&gy5TGajM=%u8KS})efT4)~BN)o>JO8bH{eJ@yh=}|X z4nbPFmc#rrqTVBvz(@&9!ThW{p;jUkjaPC65flu5qFn+{Se*1;bOssLfEMeivtE5$6%Qy*IiD-Aer{o@Dx|V%^{tHL)k;zqbF2`fnGT(JPY>(OBLD#o zS_V5iGmwHzLpcK!`lZJMG{2u9)$sWqc{bq2<3jMp%mh6L@Ew?M4Egip*pB|F> z#bi#0OgXUV;O^w`^M%_lRx-@sKC|jaISN$rtGrAC0g+u2pFfbxE85V-M)Fg;JjC%n zG6e`^dYu|)jO(+VR@XEnXQ{t^aot;-_i38k>ORi#<*Lbm1dXNDj2~z5CQqvy?BUdCvsWZ> zbN@~VK1#_|s7T`B1yPWPH_6ziR9Z=m8XL>)n&0S%mMZ+nM!btf7Gpryn=_vEA#Qxz zU~E{^E9p|#*?uV#U$Jt_0c{vGDeq^AUO(9OU%oOX`NE;6I!iXy=(kMa3yw2odG4(Ua7 z#Om(vXKV(XE`9P`(@8j<3Y#n=LJLFR)3BEtN8MIi?<6j`zyH^U?GJ7GTf@@>T6p@p zTJx#fIXfWGjVwJ)7{vs5MTHrKgoJq!Y9uJe&nt#NFA^5x6%<4$jGP_<63CE|AEC&K zjKT=~9}mP8qJJ8fmqx~jJ0sA982`W%`bQifMzR0Y^8e7rzg6Hj^2h(OWfc%aKqVpK zU&cxhVa^couZ;h$_4*s2lMsS4e_Z}QGid)ub0Z-5rxpJ9*c*Z0!`i>0Fa4I%znSg- z%nm+9LB>CgD}ph9^>%-vR|z4y9Yp+#=|YHJ1`+?t_^+fOAcPPiBK}oc2vHmn{~-e* zRiS^BDxxVO&|?0fgs=c2<2Uxp|4eXy>xl$}e#_^-({l(2{fRO2?-8XSLgRjG^KSwE z9w+=KQT_+7`TnNQzd6olXlLbVi+~>cJ9Z92o&Vdb)&HYUl79h^x3+Y#vgZ3oFdYQQ z7s6;*JKG@cFDND^A@Gl@(;t33tRNAoDyk?VAtNIry+-_y9#)Zz6@2X8A|YvLAaNpw zU|2}#sK`j@h$Cb~R7FMoz5nAFNr&jq<3AEQ#7Jm}9paFnM~CFE<3GwFAx9J9^_mP70b zH@|?eurLF=gp9bLG_R1b;2$?Z#>U3R!^NY*$EOlxqGb~NA8!v|kchF636NJ%k(rTD zh>=l=ksrPyF(7J+j^M-}%=nKD83h#$9Rm{!8wVFrpq>Z`1sN3;1q~G)9SuP)av^&hdm(SVUAz zTtf1Nyn>>VvWlu6K;OU+VUaDZtl!!o+?hQ*fnMG|zJ6iv!y_W2qGOU%Qq$5iGPANl zMa3nhWnc)jrnauWp|PpCrMu^AZ(sknfx(H%DcJPPkJ-7^we^k7t?iv%`0=lk)3fu7 z%d6`@=t4$9{gbS}Q}$1E5hLhAK|@1D!~BCTWE5{iL?uQ;XA;05d9H)`#*LI&Fa(QC zF6m=+7xrTz-Jj$Z?&CNVEW)d-$A6Iao3j5NVWI!ODEm8Mf6+CEgokLDD8#75NKcWj z?qfI#QDX8ZM&S3WPWuO?O<5iLZcJWJ-&Gc=UOKHgz0hl@FHmo)jWD>{&f>4Gau2-2 z^aJBthOJbsVs^kYoB)w-vJ@%u1NadUluM^GGud-}0F1`4C zn<1W3bESX=U87ODNm?wc59L9MEo#9?OVZEFT4UIsc0)}V63BNl4E2`2)tIWD2-?_r zCV&Y8Qjj>r|(W9Kl3;BMyr%b3x0mNzskT0UoK*QGPu>F9AbJ(80u*hDU7J}6Y z%fXXs8eu4&fHI^eMGUB^gZEb2Je@q(sv>i6px5~p;qGY~2qBV^E80p<s;zv4{dU751v2e zI|hgKVWOf*k)FOqeH@=rk$L;T=a9QL*{+VtMg4nA^t%t=6%I#H83(%b?!2!! z9nTc%_XE@#0}EguU<9Z+P;0OBFo~TH>M^e$-2-gCAKr_9Y;C-S#8{Wj!`vWD!4;IF(&p-)c>D;D=WuRt)r) z`aQ6c?niSENV2;k?}4s+ptoe|{b$0O>he8sjbjVDK++)jWNvw)L+*h;4CTm4G`pxb*kGS!Fs`^m&ROy}5F*^ZvWI)nox0GLY=QNad4291 z(>8osyXg-EhnI?Id-5#5xv{0*J<(vE<$&@q%MI~f$yPa{*rra%nY77`H)-P@_;AZ; zvLg0eL_tFC23tu>z(mfxp~N)O|N|H++xe{ z!kWwe(2!4((2G{%hzN3oJ)xonn_YJQW>EN_JWWZPFfw}YGLkLGw6M|bmDH7{fx?ej zcO;CxMzVCFV@{Nm-~;7RdNi`u_AKR`T}gkL6(Q{nW9^&F-3lAx+9Urchh{eIq%*X81~V96!|PI@T8N@3hv-J+5Y90i=aKvi)dfz z?T@>-4Jy31E#u{)>zyW5^)W)Taza!(?iCDPIg1~f<(K)Gw6_Rp?>7!VV<7)qz9`)qFDAT_H+v4Z3_=l7x5&|JJP1O zapWLgu86}-+xQ72y;t+QpHcCJJDkoIooKADsZVM?>Ngm`(b1-AUlbkD^fXO|&r0W% ziVeqO;8)=L&ROF(IyFbrQrDpDh(8Zo*@%S}Us@c`_M<;3jg@rFZlC>TLTd7?5no{$ zwL3P#{g2H&HTAgY>!M34KAjJTGhSkxL{DDr&=p1i1K4ch?>*KmNh@fYE;CkH_ZUu_ zGaTgX%|6Vv{V`qq85^9h)Z9l`uEMA2wb@Gf1GHa)55WU4q%o-0r3Q;Pem8%UK?Nvvw%E;W8Bh_!*0b(-~Hn14#{C_0oE_Q=r7SALw6 z{Z`7}vTk5n>cN_Fe+A0d|zmguSXW{(&N*T1&H?eJ_p;WtbKVI+MLR_p7pu;{NJzl zcBjp;{s>R8XWavRJ^9e7d82F6@_56aNV?0+J4g2nETg6jRq5QVY9>vpL`?wg4|5aa z2S1toZ7xHDOU~}6FP;)ozV9`E+m#=nf9M3o{krq?{Z{Tq`L4S-SLOg2ZxP>nlGQks z7qUZP=-zMY7MJ$d&Ns`P7U>&*I!q`OH21scV_M>iOEjQiMZLsYH?U|fu=Ux?Xl;QJ zw!C&=pRbX|dlx97ftoF!h<9Anffl>(I->7IVZ;T^@p|1o_`+wtqozg1ff)+Gjl`5C@n#`TZWQ%Tglo}m0zUlas7(A zSo=yP@Iy#V5c-o;J_4WETO5C5@4s2Z`86iDPGC;%*YhI~P~5#~K#SJhfUck)h27z% zZX)sW?}6V|+I6`TYwZoLr`nPr@M4UB{Lz?#92yAR1CM2HX)|Bm1KH~O_duuH(ybCV zK|uH)$bY;681oT`i6fVvE+cDU%jc|z z7eCf?$q?t76^hO`xl}uv7GE2MCDExH4PnS)n;#QWQJ7fB7jcztCLy$cBsUMSP77&v zt5}jJ3ygRe^oA(!1kd?|Ral+xqF%)!7B&U3PLUcLmM?QS67oWfv*!}2vrhM|JkVc_ z>wYz3)Nz{Y$1N8;1%E4V#vX_l?jGET;Wi^RXvv(WbUrQmLaf1>6A~Nu)Ddee)xliV zZ-H@bAt<;Y*g4&w8K1Iatl(COL9+w-?BnU?RP42e1ADN*tumw9z&?TSUjN<{7N5zY zv;%KT;GD~xx2iL2&4$;L3GGj(#CD_lh)9423IV(3JMDJ~B1M{}v$@SD7Y z)KLVWuvw6;(m^W3f5&OmCt1@QX!#MLJ?EEU41_$CQZ$Q6V3fsj?j+NXl3_e?97quT z8mlKyp+SV3cvb0j>x<+?AxbfOM@OE!X|mW&EkPyie3ok#))!6Q(wEoh((#17Z*QOL zQlp=(akfcP!qY`QXuM6#ihFo1Y=?}1 zmVkiMKS@7dWBf8VhsFe)&=Pq%`8%sf^!3u^aweg4zHR6rLp$Q7ALD|b3tOJW>EOB|h1}a4o>nwObfh zstAuZSUYV%OLb;0Zm9Wt%}M`i>Q442)o8Y89yysR6)Erf8F4}ADA70)IR`x& z5br)yTV+ z*^#g26s#)tcr^{%0*SMPcgHHLhU$i2Tn`<8YpxF^KNY4M<_&Z0XSl^5@|WY*Fgna_ z1M9`n)_Wix^yJp1!A2!hS*G??a&><8^vN~rC}c&>?==|1eD489`+MMWo#sFPC2QjU zn_ZwNGJKyC`Oxb?alG8|fR~eFa*{FC@vWg8Vv z>HUmrXPqh*WujF5AZs5^hc#I<+0~nGKZVq-k&SOWebjJ+JqtkN znlJ4HtTq&nzVm9c^~yM7GGQlUizt4lQ@HK1TCObOlRD$Q-)5mCJ!m3`9`$u=sp9f& z>qHQAjlry(C(t=$E7J;%#elQBdcFlV`*N2^AR(;*FM&mNuK!AJs|jXJ_-T1^?{`Dv z$sT`|H=xS(u>-=?-*1=^rhN9zp`gDv$FyGXrr;h3zXt^K1Rj5;Lq+y|L<<%&?eE(h z3*^2BzPD(^2J(4jd?K4CHs0G7S5B*To(H&ve|i4&Q>W8+_(h8+Xne_d(?EI^pf(lM zcg9!EX=cA{<3Vp4j75tK=*<&wsQPHT18G5_b>bOspA2NS;TPVW;-*k~CAjSIBgfd@ zpcv95w+SVql0=Xeo(>W|($kmVIKyVBmw6ULP*jhW(a0!xux%^Hk#j6&gadQRoN_4Y2L2f!pxr{CP?fBBR}g3*$ZB1qIS3d82=JLy;P zCA;d7E@wS7K@mgaFq()6mP=%)KdSs7F#sm>2lF$4{iO*r6pv3 zQ><9y=dBVBCc84=(#U>d;`9|4_mCUs0%12f+7vsFKEc*UhfWaS=-_W1FwU%sahAUu zo9=!W0D8)ykT2s)5~K7=Bgtv_q{1CR6((4cm^u|b!nxbD8h;N=?P!%{tg#{e-oobw zsR*ZdbvV2sdsO!T{fWvwP+1DSX3@P0ZiC(Bw6A4?RM9y}^gSS@0N&C|2Bvz`SR{>? z4&3+L@iI{ltwW^UEwi??O8;T5Eri4C>T%{YV&z>M9>_ah`meZ(vOY6lnR8f4w;(C& zEYJxq*sZz^#JKV?jg@$qk}H=uQWSI?oXbH0pq=(3-D#4=ck4=XV9D$H(Ch7S>q*6) z$Z8^=jG8c|O2K>JO?32m0Bjk;0+i5465F=xXkyemFg4OT$!w~a$8czCYhFpq;d=M- zT&BWqgyFd2gVZGQ6@#Nbs=RX~LQi5tA}lT2pcw$aV0mt=x!&?mvxnIz`0YkM5jsm@ zcH0gb>8pd3n$yq1XP;5Z)uJ#08fk6qiGZrF$dpuX))wu&01K*E!!=acFDco<=;>~D z^Z+Vha?sW3oz2EU#kw>&B#1E*ml?^w#KuW5fgY1Xr}xPjyQ|uCf*kRw_VcY zm6n9#pyhs5gfjw?&m5;?Fi4a=VTO)5$P%b5jin+#x^Q+|_}4%Uo37A${#eyzRm78a zD-&zI*E#_1rN^l1L_mN_fW345Yj4SDAQBvbJhKD$fP?m1`wn9Zt`Io17e z%RW|Qp#9ePSxGZEC5peNrNBBGL8E5D)__RDB#?n5$*d|yE44(tGRBixibSGX$yVI>g-jlh1W(Z4*+Yb_h%!HhdwkEU@> z@bNj@G1R`1f%c1z-vhg>G|2FzR;cIHaRu#NPE-K34s==za!0}r_;nhBsSyk=L!g}l z>_)c*70d$X=J&wY0^|bZycY1S-D@3Md{^IaEKhkla!|1|J;61*jYn@cb(1JN-;6aR z-mvr55biVfW-^W?D5JB9MiE(y2en;GK!9p#u^*`sTV6?3--02BK#LuZ-js{9 zd~ZCrhR-jfz9aF(E~_a>wy}vPGh`jLY+T(lsrjfK%|pz30{EK>l_Ew#Tpl3hHa|mm zN!&rGklIFDQGe_C*WT=IKgVqX0fmy$LshKVOhO`oKtDFRs2Rk$R6S89^cSOw%_NTd zy5o&lh+H2nS1*?GuUL?7tAzf*STXf@PQaV?Hj;MhCimd1ER_6ZO6ZM13W0N`Bqh>K zpG}lLH__IYD%YXcd&Fx`>9|~vWpa`fdBAw>Z~e0^29AB+ohfKC{47o8#FLCYB!XXo zaPu;HBr|xzDr(0;QP?L=TB3hm=pd>UqHC>}YtSqs*F-`)ODDN6bsYFt?Cl82I(A+B+Yum4dcJ84Mx5{XJ`t3j z=Xt>f9HWr9^CJv^ADc!#W&4SVr~fxmOEN?qG!f9W)oW+3)0-|yhvLxQS@+w!nHry; z>($*h81fukrB?Fcac74P>B;qa64X#h_iMWvyn33c5Xgl32>pt7Ru`R&btiM7nD66} z!TF3%VK2`@*!ox*N45o`%HchGy79{$CE>ilxwM7=2bkbS;Ik;a7A{*`+HPuT6~@Ed zC*K2g-c5(S_jHFS|H{Rtqg^9sLKE1%u#p}Vd2}4D7IFnv5>K;&>*~l5jF~CdS{cMB zN$lmZ(sQg2y4TJ+?!;^9<)8#dluxYi9*4f?x%Ov$6%HKT1G55 zyl^h@n2xNoe+~awFh7G))4HYWH%`ZcL^X#%)6pZuJ)oP%6U`;@E1^+6P}O*1v{}F5 z*qwH%`&HJKQipzbyG6>DlGQ~u?;e>-%`Qr{%woqXUuKhZexW*&2rrqcUg9gwC$h3H z!5B5UgX=)S1#Drp%p5P*Y_X{WkJ^(f!Z_j{IBU<4d~JVPrp&CiHdRhfk(i-~^AWB# z9_U|U>vVBjLbGQZ*gnUc{)E0)m>QPMJJIkC@@q%(^Ru97L4E3W{Y{8GFgq`H53mRj zLI)~`XZ`-n{@&+0T+~5vkw9!k_a^Ay?qb%3Rudz4o#7{Is+fx_2UlthzDUg|j;EZ> zI`sB^KTvvkU;(f^mJ$9ZJ&FeEZS=51J9^YvJE+^m^9^tLtK?B}z^UUlZz&i46n~xc}0E1K*CK z+WST^C;#i?qp8+j3r)s$nQ>^iAIQhU$)u6f0||cy#O?f=+l7Ite@&`tt>JFGX-6$E z3|}4}Efbba+}niP99733Iej;}mcD!w1RD$FzW}En*|l_BT6m$aIEY#Gl`A6~rB|$Y zOwXV+Fl}srz#|1tmkzFYW&(=iUn~1p9WxFKtAm_B0rUTxLBntCoQcwWsKc4Aq@A0o z$A5iGk#c*{ccD38RN@}R8X`FW@ge8!Fywse9;hwpU|qTgER3#Fp?hFlw^hYzHk9)u zi{7m)O~1WKql9KcaZ4}Avy#_qrIlNqci={ON`;0h7KJ7?zL5(aW~=QcTQE3U>#L@W z&g21Mzs^Jf5#zlPVYDbK;HggvMQTsL0WPW2%o#%7yJ3Pq_^I|bR)v;->XyH9@kQxxso=Emr_SN0CRS^78uY|7__t-Up0D7mX zv3<=FnSb4d#z_7CXy6wG$8uc!{vq}3A~^;B|Q zdld5F*_OaqcgH2E$2`3!k(LF@(oCo{dl|&({%!C~?^tKBR4(bKd@M!znNsnC!|VF0 z)6(|cRvG6P$9>mmCg6joF3S!C&;TD?AluzH|J~5@rp(EwD;+VR2c4UXaqKd3neHE1 zOPCp;O~u;^&T~`YoO_%cmeTc^vx4UO?YyVBqEKL&=3} z=-F1FVW2Zfrt9&sSAiL8^=V`^zlD%0w^uRDq0(w(D|;@6^yR(}+F1!oKL1{W)W-6% z<@))smV47&?1Pf{`e5ISLN=8>DiM1BeEh=BtsYT>=?_br5>G{31BFft=IB52oEPqO zSq9P2(L^e(cftEWUp^!dDC938)n zeyM^J@o3a@Pg!pc2dAeSU!s4j>BTuEE6ILNMS>;thgmc&0P0CYhqX?{gj&=({te1GQjaeyB0;v< zzVjw|)=jx{vtC=RZ&eWVTnOvEncMPPQe*Z8IGLR(gR~WDjc#bjdQK*XNKn)%)K+KD z;znObYu5Wf>w{A;wrnRFu&lN&8R6}``iBXX)N#*&gBsg`&iiSh?s4?rfi(*Hhn)ub zIjPm%G?c>S8>?F%pdB0VvjF^Nftya!>K-^%tU)<>;JdUt!x{fHT#q8k?nm@nzhw+B z24DE@!bJ;6mKfOG0|{p&6lxwUEV~!)7-c(ciwY=-UKOdnl<1&RG4d&OS3rqS@EA-d zLOZ(DD!sgNDPB6jpENo@3yhtVi+iCMvcbVECR3QVn>{Tw!#T(1fpxMk%Sh>na6BUZ z>~BK9gFCN(AlM-SR}Z>Q{U~OtKpV@~(9iao!23WR`E0B^z|~MM(a?2@W|P>L$%DY# zlTUo0{bbVd=F;kh-I{z4?ZRXDDO^U0&12j;jpuK7Z;fn z?;?u~_SGfUQ2kXwzNhD*bh#C=*;Ge)~74)A9MeI?xUJt*CAEa{f9 z%Hf({6{I@@>CJq?Id)lDBg5qk`n)_ic$z(2Y!c3grnp~*uLZjv>)Wft^KBJiHhGX~ z#auMO{o}KmLi5LtSkz(ABJS!+(O8?t>TAaJo60?2#nf7e?=#DE8pp z)AI%Nt&Xi>{+180uWzv}LhJ7`*FTM*={xL9@i~m}M|+ulb#cAv7ueiF5Fgad?c;5} z*dRkK*qqI~CfxXE$iMFTX9K=u1NYkZJn|lh^EH88|IP5`SEN|u-`I9WY#pw4S%`tX zlxlnDmSt$M{0xy{;ys`V2nt@^oR>n;yW_!UKjFf$F05GuzpK`rAvaIKN7sJ|M8abr zWH1Gq!HBi>wq1(>%mA3**sfgys%plLbn#XRP!{QOviO zHu;FLc__maV=3E({PtEW3^QyR>Vg>}d%tk3*$<#uVog=lDjbuaaLVxA^fbWj<780! z(WWv_f5Fsvn5@cP9W{8TN1xoWR3wtOJ(Z5Pb%8sr#vdG9kFwccRQfX@RVBntXd|aV zDvKPbJK1LW@QM910@Csaa;HD8>#yPygi($g=lX1C?^@GB>Lf_`O?Nd3!a$60>}{6>Ub@0iJd-`b&4c)SlV*>I!IIW1#yJ*|C-@p|fa>(KW|T(;*g5;-wGsH@sc^ojDOEn+Lk+q9Q($6DAwaY@ zLN}(=i_HgR{(R%RX^l28_)WHyvU)E~@M7)y*XQT2ztYIXw3O6VUWsP9Ueojja$MCn zAJPRzK%v=iuoM)QiM#nG<9Oj3w;2*XqVqo7D*Vq0Ccb=VfZ!jW@x@88pT%3;)vFsX z^i4%GZ_~%yV@eGkFQSA+0bXQFog>ieU+*zfif&%@mSytuOP2Q3MZPKIP3pMnrC;e2 z_1u|Ed9UHlnj`Pmnk^oX*?QEA@gOv^a$sgwva=Iz^LJtTZ;*egOjm|dYn$#pc;PILV@v|Do#@YBq zSc>|LVz|}F{!|m!R0{B;B9Dr`$Hqzlug{(DR%K@3 z7m-R*fJ*?+2SU`#hP9&tu;scX=J(FX&I^Hjqe2Ru7T&xE@I(r=qqA!gOecu?@)tOhc!!Q@Bd&M_rB`nD7_x|3(fY9k2lfi}pBmMT}ILir?J422*s zaLvMe`z!io@%POfE;JH?o1uFE-s10bRS+_ za;Ne9_ZN)*KgH4;s<|n@`+I+Go)zG5Af99Q!O`WRKccjrzB2fVo*nmY0%MKdB&YzJ zL(s(IPMDbZN^u+NPF_znM>!_c*f&RR+6Jx$OxN=fn@wMk!C>s|8&f{~q?4A2L61MV zPT4XfrdAiX+X>$n=toM3@pJa$`3Zk>$r1MlAe<4`roMh5;hwR~ihNyMXS0~X&@*sD zSo;QF%I28CmrhiS@|j7>uNKh#3FTBS)qj0?WtHQ$(Dv#|)XbEGL6g&Sgnhi?_H6G; zGf-N4YdIHy6-R#wU2*r+v>YpY z73>UKV7JS7)ua4i$mn9K&K9ln;5(>#3ssq(1?e_(y@wK5j{Dk^wWtztDfd8?G#W8} zRXNu_37}!w>a|O zw33~JQOp}wXuI55(Ea_5LgezNL2G(4y%6#lByVIT;ma+lwMF4VdQ-}fOTvLD zEy}(Ihdng=lhqL%hyXy)GUi{05WG>8DR)|4MPocI+hK-FQEIw2>`M> z)?nM#OJ-mP5$4slztkY?`)zbA| z@kHE)q`&nKMmQ{0OV$g)lejW#0RQ4SvXhwGyaur_qk&Y;(yy=aQYw89NSJEtsc0jd zWag;|buFjaj-snUiAF#V@T{eV;Nkom(unAE7iQi4U*e}nQ66{uSG^E5g>w;orW;;C zqvm4*@r2I&8C3XgWn6dMI}{;CUf`^$)aOGDuD{hM5J*%031ms^; z8YtRH^r=m_Wno5Q&c9yA`%=ks(XtB5_h&YGUGIT!0Sm>IUUm)iS#zC$^`_SeWXF4a z+ikG#$XbhquPgcsUxgP=^c1(Qi&O=RRlV0HRWa)vK|>$meo>(JW5lnEeQY^8>6H+C zEF&@0(`AydOg(w`R2)GkT}-{L$dw3+>jXMg(T5oFL3EFe_uZt8GqIb zUH`gC6RP{|OV)Q*hPAhX5{QP=Av;K(PUl(Pw~svVe}D^`e>5XOmSqa0mj2Sg?hyV% zQ~^S6W|VmyKcl0?uLXKK?{?Y@%1Y(%na^bjCR9-)68byP%D~MLI(I~f{77>f2g(~( z-8WBFv9h2)_AbNjf!BmcIlX(}sA)C?4kO=x|54BF*Lsv0(VL?`pMJcdeK_z&KjKl} zSp`EyMGXzX{I((H;rdzGO_xh5Rn5ynQdN9feicI(LUjM164YXhk!=FqX=@?6QfKxL z0FWQmSXqTcy)o0X{Q%O%(+Z%L+IAk)S3hb_vVJpL)23?tzIXMH&y!_T0+E}EWWz@d zO=11UAxHotpXd1B@Caj8ZPqNY>{V91A)@5wJ4A zZ}1+#NrpqN&Oou)oAz6a=u5>mAu!gJgL>{@kO5ugJG~=DIl;PpVMKWkY)*k0yc48B zk5VBk+?ODf5pUW=Vkh4N5mV#fat_fPe)R)u4447<2mP;!f=tE#@Xtu)rv%MQ=nwNF z1k&Ffar=n#9w5s>KIV*qp6rxEmp?-udx2>dt=0CdN64YSe#;gBLbB7PPVsHefw?oqndnBs)drw&8fve_? zL8;52!w98$CV6-e$~@9e!N`BO&VwEl_01<1boZpvgutG zfD!cQ8x!QN#-GBstuaPQ8l$I^9d-d7C$6aq(Vq;xCCM6fucWaVNjrCzDmJGM*|4sJ z3ldzNAB&^Va0uZ;6fM54ZSSpH{C+4gxCeG)SJc_AKbo=Iq~Ik|G@52+K#jnn_0`D^ zCO_&JgPmWV4z=q(6tN|N8=}ej{JTuUOWaG~5z<*%=S)9;E1N~Le#ILL%K;*9)i_a~ zGCS%pt@F?eL1}rCo3yHh`6g^ zfQ6_(!6Bm%L~CPK>Mck8Jwl{l43^k#rWLKvVA?0|0tTr&aPYA=N8PVSfuA-=4~*^? zY%U(lV4IA*$|`w#rYVl!&`a$Uepa9>=dmjAveeHBWdx#IMgN)TX>4%ezBPYb^MeuF zUg+_2uP$Wg6y#dP=<(DXHMbUoP*k0jS)Jpn+nkE3XcF2f$&r{8XV}5*K;|ZR19nCk zlG4j$;s@lnwiQmovgv^CFNLjXPK2>Cj-9NJuO=rNOMTZ8{=Vv8JbxkLwpw@b(Hnv{ z3NVA(YzEABzuP#S*gzL^NVH>_l}tQ&5?(`;^H?hTGI&}HeiNMAN7XJ5M450V-vm+L z-UBp>0VIUi4$xn7XJ?{>17()eKVhcIzpK!Vthocup5big#@`l=;~clW>XtcjL~Mm8 zi}yy{kaIj?iLQ6!n)BRbJS;MKOtt9pMvR}xM*oJKXVU~ zQyjc6U#LUV!CN#Sk)fNA^`o`~mPNF?Flim(BD%$hq(+Yz8@q#2&>xm3PpKUTs_go9 z(pOuRV5ZXkk#bVj;xo;U;11HlRiZQlLFZi=Kj)$vIvKaLTz9PyRRzvE=AU`v1hI_75$4eKGJD(?um(0WSz71#>q68o` zR2c|lZW$yMwBWS)FHMzstL!}?^%EKosk9)^eMf7`*q;>oNJc+g&^am9A0~`%#POkJnd4qgc!?)sBSr zb8C$#=Dz;c^i&Dj#6PhVST%$fcUN(JbFKQ%U<=`Aro|F3(+NJrWzP`EqV;9I5AFKj_d^L^=cI>k<;fWa&wYE4}Rt3B%@mi!){~k?TqiOVkOuqUO)roui6DLw1sDldcM;+M199( zuVRjq-n^xua#7vPjIdVk)YeN<_aqX2>17&GH|V;_7OFmH6MGM!iWL>Bs=NuwG(a#k zUpgOg>o}BgiqlHcOO&;Cb8k;677PLC=FB5|9j0xz5F{BK)YcP?g1z0_rCXcU9o@s0 z+5B>jmDU?kC6sq0lJn-OKNzv@GIj&9{aLvQ(e!g4eQZ`^vp#;f`wEg0+2~{X0rG`L zT}y6d%nvx?)&62NTNir%QMD8O`{Q6)tWQm5hQoxxoU2VI zk-I1j51t<^age`myc;>X@@I*vSfRLK7a6E|;6Y8pZa=}L#vH0X%;?l*W=7+>7$^$+ z4|k(4Eon%hqY7Y8sr>|cRD5kS$sayOx|A&YOK%%P;V(c39{TG75B<^H-2))u9jW#o zzWfvR{oil(Us5hWd$tWX^OqmaN=m*8?B>O2uqi#w0;iv^c8}(H@`p1$C4rTL(6%Xo z1p2YP;J6RbXL4KPg;@_yyp1)g&~QCA2gLk^)y@amNAj>~9fUp|3!Yz)=y)Y7JX4t^ zby%}_y0tS_^E=Tplp(S@Dm!60B1D3O==#U2G#O~ZmCP+O#y;%XwE6*6E~yIRctNXC z=lN|BSsfjhC`x>g1o4B74Duo-Vj}08_|Dtbtu3foF_lZ}(@#;*L@jEDu~e~*mB7_! z*-p~RVq!MKQAO5;aqM|)9S*d;gYe%>C~%Eh(m}yKbPN7J(*9ywm}O?Biwq*3_9MMJ zSDGXKGV9Xw`1qz<62zbq#9r_U2D`Rc;7UI&hrDBGv#F2E4xnU_@m5q8^R)VMw1Ar3zwzLe5K&v&Kb0e9UluS zo~8L6@D)rA29|uFcY4 zpNEf+PxvDc!+3zyjqZ6%$T>)m#d#NirP<$-L?5uK$@yES`28NhJ@26TXIm$WFoo$` zIPmX-HS3V^HUaVgWDLQWCSB%wHtO{lDNpmUeV5ht9>~!O6dx6i_`;L(Zb-sDJHgCz z=PKY^%4}|U@jWne!JsR)1_+=vlhU2-jAd?Wa5t#g(an3Lr|(@{6rPj@=Gd1|3sAwM z^_{O&Q3p$S9k%PVIYF-4_gXbIw=}R0=0YJz%ZXNT8So8kJ3KZfW~zm->{~FF3yJ!U zFAFE9ijUUa2*h|;iuh9dj-t`1GqW;Im+M(!xfD>Q6CUMDl_WjFvD<&{O`Ohs_>zz& zkMmY(0>EfCri@b=a=mtz6F9E|*Ei|rlb|UqIr=CItGsZy{tk0zLvZA0(D>5QX_5H+ zT;L5ad}G$BRoL}(^E5wtPb|(%Z-3Uq#pfsjSxYM1LHXtN)J@lx1lD=|2=Kk}*=Lks zXZY3cBqg<VkiC+WlnfFH zh$|`OIJKKJ*+r~tJQ{VLs(@tY%N5t?Dd@~U)O;5n=&@P9G7^x;Bpib)-=W;Q5G=7U z!nHS+x-^?sjZw#6F0HZ%7reF3a~3dB&gvAvlSAx(2(;gr3jN=&0Mo?k$|I4_8Ks=%S9sF-IT zV$!HuNU@>#I6mTSuluXgk-FtX3~k1cUdcP_hF_}P5T|>9>4d;}#2Ze<)$^hhXWqt^ zVzg;`VGnrd;f^Ta&C#;Ystp|#?Ehg#zyrd`0-8M|=8-w$%eUb;y)G^|*YClo`ZyQ_ z1X7gL+|KDo*A_87VH(zCB&GWgtCQ#}7CIQQmZE-9`b=e1GDJ@5k>RIwY*wtl^-eA6 z4SgPJv@uVa?k)mVd|Pl{#2t3?l5&?7rZxpGEARGjOOUCXh9#q=dY~6rbO`%yD}LlU zXH8nlL_O{GK^m3u)9e|mq_d}>1NMv?b`da>2qf>D+4|v)vWf-4SrvWf>rr&*oYY%6 z`l==k^-ktFGBCfN6~WY*>1e+<_!p2#_3;jE_l%g<&cybv!f94vV;_a9;&Iu}g9+qB zPsWe4FobhHjY*oi*4AShv~$OxP|t5p))2>K#Rki$$bTy<{@~wlr#C1fLGL%SDn4D} zfpiWE7=5U4t0x>ljB?2ESCQ~{p-{ElNFTj&@XttcVb$2vY$CaAm?eQI4P?Fy$ULp`6bMD?m(5O=7- zoAX#!q4wudUVL>GdGn_IWDBCA3D%iksWQ2H1ztfu#Kx=P-KgIKoR8cPi$!xE?7QvZ zys)gF+Iw&J^k|)a;SAy6Z-r{!+{l_#nLrs7x$Sie%J6KHjZG|tgy_f&#ja0_Bbr{3u(L@N z0Rg9Hh^fU)*vy;IckfqeQJx)4wF1gh>gCYUd_g;>!C*0;v9zy&Si7#U9L~#MCe(@b zR!Q90s~5R9M~GV5XgPE96FSxy!UGj`xc-eQMq=~V@5oT$Llw66Rhij!?A)0V9Kl}g z=n6hPBm+nBqMH|srd&cq#GMt_7MuD-?BnS8i!d=~xOfeU<(~ROXLEk%(dy_O`6+e$ z_XDoupw2l`gE?2+{3PcpN&rWh8%q5^r}ks_fZdh^Mucx6>3jQ8TS(_voD#^ z5wL-l_`hSg|9@ALyOcNoJb6|6Pbt7`%DE$} zziSdX>y$cOBIs7-sG3;;O1p5eF&gO30`{+^HZ^`xR_6rr>7fZE*sy8T$DVl z%kD@L6n1${-M&de!C$OaMOEqG{87|LZQv>P=?tAd#Z9t(s3(tQ1+)w&UpD(Y)MZHB z>bXF3(#T?;Wc@OmiTRh;DqW4AG5ftMto1wucXR7T0<2O=dJ}aWT)>Rb#E0EteCX z^*oC}4mNUsr&3-ust-Fnh^J>q)OhM9PY9g>7$b7xwHr*wvK1`-rW>A@*5zKr8k9a9_A`> zn9#(qd8`)qd}I*}3JmfD)uKeG-(495No% zyeYQe$A1++O%6DoYh;3Iy*<42HPhG*8f25_xm}xV^v$cya!)e{QPYYYMQ?XA8CP_C zO>s?WMptL>*bVXFb(Q(uaH0M!+?$aYpyC>``-WU2>Z!*hTSK{n=*scV%mSYa=P@5N zJJY6vV&vN`(Y<$6o|0(HP6U%eXq2hi@mdSVl8%9d+M*}$EeU+37v>CUY7N{EH8O?G zVsE!)Yv7+_?%LLamzQHtOebTPH2d&~DWjD4VVmJDa>bZN+}Qtzx3>;!``g|`p-`YW z1&TYxij?A(Kygih7Fyih-BU`D;!>b!C{A&AZ*d6j9^Bm%Cg1OwGjq|R=2M^Rx402L{KiXF!NJ)>0SL@ZtQ0*V1>ePULEAlOZPv` z-UV9hsEr%nwb(KeJnk70)j9ZpHgX3p2pUUUyABTTeFaml+Y%9kU9-09=Hai@NOa<2k$??2RU3Btr_`NBg=G|WNOdS?NX zjhAPbH{)ETT_MOAyk2H#AN2=wMJ-U$_&zp1aJ=CP#?Pq{4;*ti?FHIg-HlV2&4XG& z^TbwYOb4*k4|VChENf~C9cP%N?-qo?NRDcHCxUrje7Ln=qXI=;3oI6|*FfID>Pbg+ z1C2vs(`7x0Kwf{(LaqS@Xs%bMk?a%vCYy$bB3Unjbu{B?EqypZdtu2A@uYjk&XP50A2`n=jP@(qD$ z;fpLBTWcr6Ah&1R=pDlOY0B9Ja4u=*peyHIpkev;I~Clhd&_ssQAL$TA(aB)7zfCFL&FvqYJvl;euy%{wvx9=UTf6=(q ztGG1ZY$;*JZMx~t0(_VMz=y*iq0|2i$r$9=#LIF(7&jbNlhd5kBezSv!GC*P{s&O1 z5Xn^XA5=QnJL1nCQC<>s8(xtjFRx?8dT=*dbfhgFx>kOVJ&)u!naU!lVy;WF-g;GB z@pgkm1E5AQc;o)C3pKfY=dSoR8$K4}00vE$DCX^+^_ls4&3$7|7*X6;y0iZp@966_ zXups!L;D@oK-q*V8m=Xa8swe!xtH1Ww2v;d^qIq{sN+x5DOR&v9=a)^@p$V3g6bI%bib2{H#fhHH zxWfi}Uk`x_;)CfulWHH(A|^8KFtes|*Mm2C;rXF`JF9Vh!Fd)I?UI>AhJZB@dE{Ep zB5E`OCcv~HbX56EA;%_*!Z0HgTy%lFg_v2-fiB#rFv!qPmEkEyqHl8w-uk*BQ^DG= z{C=3E)(m!_BX=gqDL>3;Sy8%3v7yr4F8bLL0+?0QUR86e zukx-!(eEIy`*7{}I5M_E?VFx=c zZziz&GGDZ~>Gc$LD60{=KWI1n$F7buI+fLlPdMlxL#*#LJQc`UY0{Q^3C!a^U@4Op z*MGm~kW26*(h{AJ_hvm`p$qB%w5r6#GSH?G^JmA8%dgy;=j#FLJ)*n;i-NE0lX|2n z6S)o1uXjNyp&SfIs;WK#Md}>C0fhr_UjbK3IE4;81xvp)t~m(0ta>Z5a=Q1q{tm)hbGaF~up_hoNU^=$SU7M!WuHv759||lM6;rlIB@Zi24qE#)i5RiMp+}*;3P^wZCBC z1EHioBvxzhy>TORp2ldtTbP~K5fdl+#pm9+k8sxVL|aa<|Ds5TGA2tBLW1PvBE9PU zQf5+rZiem=I?Rx(`zvcJvbZej*r5W|% zgLP@4E?a*FZzO_-P1iS8&f!c9ap0=uB=J-NO{1}`9*xCpPkwVczt5}Qsc#TcSnyOm z9Ti%O*Ci+l8&9a18VZC*K6ym>bz3FpdRZLdZ~goiXCDeVisfe@`~&Ean-I-Ym~~Tc zp0@E$Bkh|ssSxp(0(5wSNRNxugZ!ofj;Ur1H=!Pb=|ZaXuQ~jB-s{U>>ua5_u2Phr z^CH5fdYo^~!XrWKei13rnDp}=e}Vs6;d!=+v_5{_uV#=R`t$|0F(xkVh@%|Brmg8L zJnN!g>g(3qzNYp?k=Z=vP}3}KP}hFPdz*agGiQ|2WEJY0_(v2^lyihLGW#p`5heM@ zY2Fafjra}nb;oj|J?6tnb;TwmSzj?!6j z5tQEqx9hRGR(mVDKpJq9VEW}YTbx@RE*(`K5 zl@5fwF5&R;E)BYMFWNY9D2zz7^(M$}gzi0cE1_j5F62vrz22Q0roJRKIqKQ!0da3( zertB1ru%vPVLwyd*~3;d`;CUS+Rp#c3la;h65u(UN;FiuCzfN{68qBaYFUR_(5kI{ z`cb?yFXI3U4nrK6#(Hf-R4z*u^D;%=%iC}D$SI=ZQd%`Mu$5oEppG4kOZ6+!mSqEd zQ|aH%Ppb5W2qm4pn7fItecm3vtXCtd!j_vrVu+1ztRTXl4YN!_CIq%`+|x_ov^RL#|sS~>eQ0pefL@U*fpp*Rv2+Ca#_kH zy!RD&6|ci{4Hy~n_t_w@i8=KA8768=C>DYSR07O+w_8o93AuRU|JawLe6QuJw~R_e z>EZdD!ZWh;^|Aq*g*|UwNC#@5@MRXB=qtWM&tEUO@{{Hd$ZQEx*}P zR0I?kUsxL@5(1VQ=1dl{<(`_jX7yMUAwm5qYr(a7%2A*~pCY*J)KyLmnf|`CeAqD& z;HVEHLCsTGYOB>5w}gPxY>Zz81|hvUMxS{dJzVmTz7i|&$0iqBwk5U9&+_Dkg+}3}h+X*G#zRn3x6^zT_VwR=4Z$3{=aJnRklzJ;HLi6lrMddra#f+ST z!Av0&Cub->RYWFAEkzILIFxz{bg+_)5HI0FoIauu=)~EfCh@+^gM3HD3t@&8_L79C zUPWX@4m+guVP_jdkvC%pkBS#LL*!kzu%A%=^McuG2f!7}YFBBqjVESE+UKrBOs~AEdbxTHF7N< zYVWB&Y{Y`n*$uYVv>9iK>zTc~qpjuA3WDNn@x2g43wda&6&5fSC= z$O!9**LjF2IEKVO`*>*KN>W>xlZA#u+Ssg*C@ZpX1eK!4XVi`}+7(@|Y@*lBlmwMu zHbd=l-o**cGPkw@5EA(0e);R;b-bhsR9{tw~M{4DL(d63*|bSEo5d@`XDbD;2kzZ za}r@V(rj*_nP@^#C|vH#)yb+n-%7R6cfu!bmk2VaNkW(yF6&woh#KtP*H2*;jf|lY~jt%z#isky+r35v|(POF?+Ly zWVuX#;gR2pG_6As6rKC^mNS9jhw;CAva7cYoj325)bL#9u9v`u-ihwEPdB)5PfOzJ zO$|KDcA&ZXpL1(l(tCPu>3lBg=V|JmYl^?vvwdY)rF%%}b($=DPP_*kVTYZ>l`A&; z4mzF*4W7FERA+(DwBKf0>SH32VLxwd5nXldcLKJM|MX&EU#6R1LEJtVP za4ePKq;b(Y+je&9Wvw^_HCW3OZR*RC4GuIwVd};D6m)RW#i&(NN2%SJasivG#ZcR1 z6DeF{RF7Vdjnsg(9WX~;-Ic6X_#V@Q^Fn9mHr>Xk$)r-Go^+;^m_*Zf{g2}f{Y43a z&G-3L@zylKheJl`ffOC2{Lehf?{9P57a}=~wx^2+uY#L7lSjh_qsA04Bs=<$SSUlC zr0}5*_YdyzEq)<(@5cKXX+aH)*yozTNqE|2u5i;YkTxGKBv z8pFs>8&U<+Gj~iR_;r62Z9y$A83VCj&MMK$-VJh+zjGhEt^VS|yQ|*36pSSY2PDIZq z%7J-O%*l$(VX09STo6vtjiB2Lk{iTqp0wdY1v>Aohb=A>c@rLX5YPl_Lw!qh_v8H!L#gpaQedlbqqy%qV1v0LX@lwp#8_NzQw1HeP1k*WhmQu*M4hyjb z6JPZ?LMKQmL<6Jh_Oy&H@T!G@87OLQt6j!dX`f$ew9qw=xJc}hsbDwDPW1>@oq3Dw zC)~c*Q1-#UY^z0Og0Gqhk2pi}1YWk%o2u7x6vr`FcdM8}hGd3t_F%ZYu4 zMv-mLtXd5hJbX(iH{DB*nwdG-?JC-%rK&VBdfL zuXl^>iMp{6{mSC1pu9w7BqbHd6BiG@Okm`!PE?rCV58Nr5Oe8gS>|)65#;mCT7b%s z>)mI`&ZXG|B$CbQZ9ZEf#qwL=w@{W$HDq`o&l1bs607TO5ypHN5p*{-D}KxX7^@$K ziut(1F8-kS;r%n^*U-jGVh%v(rE5FXIDXhZ)!RU~SfF!L);4?cK8CLQ7}rkLZda>u z@gBSx?v`IqJUj8GIhb+%@RQ`gEfcHAVT_Gd;*}}1i7Psrz_6=?|2*2SumVHjyeZ&& zrhC8eM-x^W@nuNfCnkFfQ^9H9Q0VpgJSI$A_p5|FO|bTgYs}5H-gW`f!9QIfGf@Gs zI7$>?umm{wBGUbg#OP@ zhZoE)1>vHRZdU@v4i4W2b-RkwEs>72eT~vTBP*#`)tSyfM}y27R1J~54p(Qt_q@zh zPS0pFIL7A|4{zNmD!gyw6cO*ahDTN@u_U3)pwWQ$+3VYmuiutNw|Sx?-lLRSyXjS} z^kFjNMf?%5FC*=ynj?RLKaL#1_iwj$zps`0h!-XitL@L ziUkfLbAFNN(T%qh{HF_fPfqs~It!z>3>0FWsP(oyq(UO?ul`E>0`C+d-5HcfcZOIw zI_#bWY$(2sxYgOWD=BlQ>O16Ou(pg{Q}>-gTWubrS)8^5&!F@pP7ZIu9CyAQ2DtW5 zfi-1$+D#2#QOOM$G1Dy@cMWCbsj!9F29eBx0GB#!_sXgm)#D9UQO9noAKcGj`c3s; z{$T8S^g}0D124;Fx~Bmznk&6Hx!iUWnPW+@%4V0H)Vz1Y7pF>)ZWFcmrML03YfY4} z2Zl8+X@ygXs~mA&DVx21%2!W7OzHS2>kX`7Ug0hoigTs$V#cz@`@i1rF7tSp`bnNh zltIkq+Y;##DT%f_L{YpJfwb8zBP!nZ&H4DYyZVM8eQky23d^%Uzg1};EFI+aw1*AE zYtp)GeNA2VCQz#c4Wh}N_iGr3s#Xsu)jSDcHs(P+Vva-$9{C#1+nY_2v&1px+*6$TW zM{sWP#g1IHqXU^sr2U9k=G3ZOn&&;##eEIOy;&K=xA#fhbhRjj((w6>{~TafG*S-? zo1%Mo3Bc&V{Kk)jvBESW3U?nqobH}n)zsrSxcN(}4d|N+LK_NKV|mkEfTG3T#@+=g z46QYp^BT=xKooLJGnn-l$t@8YUo)fVY*?ek=_t`bBvu?bS(Ja3K6!kj_P~S$5NicL zq6Cq*-~76%T2P+kp|?J?b13-skx7w+bAbE;J#Z%OcCx$sZmdzTTcKSD6+MKf8nBuR z6Yg=&ylB+L6y~A=3?tz_$6de+0V~5B-UuWQ*RQIZ;*RQO{x+tQ`y`QC3hle?Top{PbD3H)k1HAgabUo(D>vw*#Sv18p;NJt>m<7w_$=ofkjCp>u z`HAEWx-w($B@8mL8waLfuNoOS_wBKr&U`I-5S$jGG&_fyyOcF=GK9H{pP^6(P0UU; zX(+b!5dG0~i4^VEr$fR(xdqs4w1~micdEJqD zO2wOC3NMSn?&*2)r1(WKgN55F?-G1`vV0U+!oKE>qvA<^y+CH>*iGOih2(Q@0O)%` zv)LJm`T<0UM;&fM3!N{nMaWMAPZDkjAUB165`zxF)7KH@<;w-&F6~wO10+#(oEO-Y zdmLP2vfw2sQ5Wqq%HN%ZZF`R>Onc7jVAP_%Q-aWHB<_m5)fIkh zU=0fQ!*YcXdHLeH$X`Y3LGJfwwTIe7PE`;jen@hqw{ zhHh!A)*X+j<4$$4$-XD280w4tJ>E-;7c15>(x~1*7&;waz~!L%yOTe0!RC%T16p8? z95WVcN)X|VcjOOzWGCKMPTaH>fx=s`-?N{Rg= zF)0wD8}Rk#;zyL)HTkCDFvOfbR0IVkz3lKst zw?lG@Nyb%Ey5(HtgvHkox(VtYj!v00fg$-M$|J0@2x>yVJzzZpp2Y27ZY}Z^$#(V# z-!|j{*iIOjksa=rFeCb19?3pZ9>JDHP|tMQ9<(0G=#?Y&!2pFa((vJf7=pMRD;@mj z!%y&P4-bN)jp1J?-tTogOYH!(H%59Kv2MjiLfpthU;B^174(a#HPS{fwX6EeQFa7_ zEEbdsG^CUmf|wb;;jf~=$F}S9o(X)FQ3xxPT4<1w!xw#@z5GF=-8PM!I-`-szkP&V zOaET#qESjrHW;?}o?1aY((iPd9$6S;$xGEf>U4LVYp(Z*g;XHJRKq&Wc{8qlHv z2016kN?hj0zD{1iCAz+MPmNg;8w#TWjL2hNR(8PZ^R1S0yT<9*N#a6i6*t^_m1?*) zC0#v5`o%NamX}vbS?4VFujWoCogizHq%BLV#?B3 zU&u&-;1Mz{LN(n9!=<%4a~TPZeKM~mxD4$;flnamY8a&RNZ%{u%zL5r10W!!A2vxp zP|bw<)Wa6q)h5ernKu0ER%vHBc>4gElUyZ%f%p2ImlVh&{4>GfE0bsVzauxWM!YC~ zy1%ku!e8MErVLOc$hLNrr^?b2|(xf{sr&ei)GHq!CV`QkS)-U(@r%^iLeLTUI3HVSc~&| z(Ixr1l|2d8YE+Dvyz7xI&1GI3wm{kYNFro#w)7J#h48MPQ0;-I&Q;?vfNVlnfl_o~ z*c)u?i~;i$%#~5kNSULiUuzo0F;#RfN77SpDenhfuk!6yXD zApAYPn@1Gwrb);0$ZQ_be$MSPyva|{Br0*X+xL;t3L@Lgr)3Gww*7Lp_G@7Q#md@(?EK1*=RB@vPUu(U77=&{3&|Tp4c7Hp{}OQUFd>1O7_`19wP!5G}94)j{mV?3t03FeCSJe zN5&7mzePIzdkYaWl}KJvR}~~SG8y>b6KpUrczGPq$w{1^o?Gj=(^Twvn^|ALoh2@{ zPG!YE0|7O*FK|xR8_0|b{(0FH85B3Vee6E+iW29QJ;Cob`ctYsO!XM$`j0=8JaC~- z@7OfDzjUBH>j`l1#%Q^|H|RwK5Az`q$neJLUYnmuudF`ZJ+aD*Cx$`;n!w;fQAK1<=5G_%b!QX$0 zrY`T6mXuC_4O=c8DQ^rvo#LmhZI2%yMl0q58P3&TE9m*JOK>>i+~~ePS^4T9fI~&v zICGp}C+$PP$cLn?qSK5nK&!JILShFGz&m;qz~fEi1%o!{-MZwb zw0*nM+4lu{?fdbp=^j%3uG-6Fsz1w~D4oBpSEzDy@Hl(6%@9+jm3srukpF#GA0fbW zUn~>vX=jFEmk9``x+wD?Ag`^9bIy~_w*F@BvbGgTakgPfCzO`%Bs{_qdes^O$4Rw> zKQtmUq9(tuQR(Kl0~;FO6{~|Fp5}RV`!hwmqHgoR2tVF+8YV@1#qGG%3!KB0bMozt zg-jtH;IZ%Ia~jsJHq>$cCF4u1{1$Ls{VXY32>R=#=4gP_rOx@vzjf(<&MHWq)~}+ z^2!`M)1TYqTG4x(O*NDUDkAQQ5~K(H_a=dDXOWon#(eO~AOsA0UnzBSJpf8#w~iB^|ZTMs;p%tJgU5|*#ZfAD*1?6~ij($?|Wm0Fr<(cGB;;5WEW`)M7>`*nUF^W^E?!RuYMJ9cc~xwet$QN z_9A-vrD-S9N&QFP_&XCt->w1D{KVr2?`S-t3?x6I*yJE6ky&Y@c}V6q9>kQ!Qcq%x zjV+l~7metO)ve@t7%axorYhCEAn{z6BdOCI7sS}Y_irDOf8ZZOE_q~n8;2qMS1iF!9{&yc+`k7OYGmue%a+werk6d0eP zb1y&JRYeR`A*pxJ@&TvFSldbajdc!kzfVTIZ@)*TGW^f+K)JS$fgOm{6_n3)p^#I5Dhs8A-510w^BtbHd zpq&4O9soYh{clwe{}vPdr-a%+Rnz`O1raG~#w{THPZ>mhAwh1W=-PiRgDCV5!MFcH z2Jvqx&wuLi{r&hqYw-Vz4B~$!ulGMBTK}Qg%FB;b+e5yP;(AD>y#H0^52^mj|F<;i z|3e);{{ODb%Kx|g-~TN=J^p`42mZgLr}ySx_4I`PD*E4s;{O9Zy?>R@voN-EHRt)i zR(<8;=N0}B-PeN*Og&;ns!*Y4%>3+(;bA7nn-}81!8wpDbeZ%ZoP?eAW5qSM<+0IB zwa|A)tS@0%ZiMKhI2>>3B^4CV+B~b9LhP_m**VT13}8oQ79N6P=aA&N6n$K2dO|Fj z&9~jJMahGH=I4)?6;|)q>{UqTjO7_J5MrTc-!Xho2{hg#SIy`j9~~Vx-rM1=b(<8Z zA>UJ>l*TLKe-ikPNPuSP`8}??ifWEbSbnA-B^O#FN|Jie^ZPwY@?x_(cO^L#H!6*{ zDjU)lN+F{ZXSY@}-IE_*Ch%vQG16tv6@JSvqKHy^d|@`L0{D=^kc!dZFU2t!!X=r& zONoW7Lb_he0c%6At%^e5`N zKY7VtURyWxztv6vp-~z1RC-#%Zro>p0!m@YXV{_*)z;liU1F8Q?MDP`A?&n0G#9NL-yRdXJ{IZJ6! zPK;KL+7$Q&vVkw2xC|H-+S*v{?~sp9Q5o%7@LTv&;+Qq^sM^!3+OtK8q?DarGb{I+ zH-mT@sI9%X#&UC(!N(24PMd3)5rUp6jk%jEd{mdz(^>XHK_RMc7kj^o_;y{;RHvdt z$^wLxU!`??{c!ved-!Fb#L?<4eojGQ<%t*xzkmhKV2*h>pY^K6%)v88!Y~~ayx%GP zlamvCzbq$z{G6kl*io9;lb@iJok&&CgeaJ*{N&vp6JQ-qZ#T)gw=cl7o?b3;b!e|> zc`kD6)>nv@3AP8UbQ{ax_v7codnoI6wR&eGi}KJu1w6(o|9NdUW>J&YdzO5g$6lQ- zBAXu=pN8wKrJvp@%Htmyl0y`B_EX&@JD8GKb0!|oXsVb8BGan?keO-t&8>+uF`0}v zDrn0M`JMI6PhlzF{Oc%%OHmD_ka>mDh@iSTONfWWqM7w*-EU`peyRrn4SlGjI7rqiS z;PAP>*vkG?x-U(CMqYH<2@YO0L0LroJOENFUim20xuj&-z#dqopK6FJWJ!dX?}fO9UA%6IvTk& zcuD0tw-0=rl;x87#J#F6oI7yU@d{qBUsgj{C$PWxbS&LuvqowIiSDtDj4nA5&w zZ`-A?lK+L5e4+5X_=bXu`8PgeD-y~;$@ilClo@}GtrsrLGs4_S$fKlnKfP66FiPm7ouc|7p#^{(4Gu}(QU0ipkOgvnj8f!kkQ6pcR!6?@) z`x!ykKNtG1Y2=4}xLxg{n>d%-?5BS2%fsOkeh>K6;??t~qw6WY2doF~cifX`+{T22CE)^fFs(nwR zWHf{ZROIGAZ7Z>Q55*6Zq{p(t6~NHc%qS`u^3ARKKKA-qhM$c|8#4 zAB{Sv73iI`OhN46x6}UU9J)!i7o}ga?2IzpK-x2&?Y}}OAB3;JwTN9*!LlGRNVRtQ ztBS?$UFq#4+$szWIWrmEL=*Za1^Mk(T5c;0T4{QsR_v=!Vr!SAGA#CA>sv;eFVyw+ z1S><2mo|N8;FZwRtk0&)Ac>JY13>(tZ#vAAk+mZO=6L`w^>-{kY^-xEI7hqsB6*}j zclC8)Hz-;bUU%vs9T8QM39}wKor#k2VI(fe(&n7ej+gl8nEq)kfSF|MBS;*Pf9ZG z4rvwhNEa~MnNHz*tTuG(oJKS_6qo*3ey%cD<_nFQAj{ONIEo7@E`YbFMsSrLvZ&S2 z2>6Yy1WkkXs;vhgR9u)e50>Mt_7U9nhK&a!uZroHBk$)Dj;cb_Rd*|STE4-b9mYl1 zj7VFBL`{86C1uNQvz|CUP4DCs2Wq7W2MJ^}6pxn^KM9Nt`k6O8$&Fi*>_H*hg^ ziQ(Z9sEM)9&U z{CepnE=}ksG-@r7$87ukSbwQdH0O%9&D6ZItvR4MTLEW5z&YRm#{AQ%y z(4v85D?;z2#i%Wq$Fj;Y>2~gW=6$B1t5Z4O__r}{EG>q|MyXKl74{J$Q=ZmhHGc4sQ1W-Zyzp-oOBD9-5mS~akq?x>-}@i_Q<_S%LImz56(qMgWo<#jy1Dotj)Tb zsMV)A65{05=|`Y@pKy1GK<>r7Tm@UI$;Td|jh2?9oiqU7WV(5A->armxR4q}Ti@cM z&niTWI?AJ1r~vBR8B0+a=9tH>SJW zyT3%56@`2GQ~jT|^J1npLaP6|Uc6m}F26IKDw>%5oeQd8A&aD}wLMB_@`z@|6Fun0 z)fzit_wb-WA}{MiRy#b(?bQ}M7v>#O1>OGq_=zu#DT;g0=-LIj&%bm@TfQG(ckYex z77ljW#@tZ39{Aw}Gkt`|h;acO#XWe7yHQe|mHiN|B9N(a$N7u_m!)T`cCUBeM+s zF9LVf+wBL<7jCvfKZoM7Mpj1S)7sS$bCi?9iF{zRZpxbO-YkK=-Q8NNIlsQo>b3b8J*pb$cX}6!qX7;I)GM85?%ri;{QA1Na>q?teZG7h)?E1^W zvJsv3Y2$N@f=gw~5#b&FURM}nc`aWK!KbHo)xt0&1ze?aF(Wp0kcbu{MYD`KMws@h zS0iSNI0LUajW23wheN!5q(V0B7+fLufy#~I-N;@eHx~L627g3#Qb>q#&|Sttjo|T$ z=g8N}ktVMC&j3#WPs0btht%`N=%Y_bBifdr8XaNxqe%6fLzahD@2j2G^H92KKA_PQ z7)qJEwDxH~=O!X(ZaQF>ctnoC{e0J?b>gC&!spPZXqRGazz5;#xRAF}{kB3Bc@8P-27DZ0wq;8{%$*FyE@*11*+-paDIkr|EcTX;p&L44e zTXOMRN%`DbKzk^B`rBDP?C|JDu~?d={8@^y>ETTvTF=$4V7BfcQM*9x!OGgK$zXz5 z{moa_OdQ|Z&h6Xu>YqW=nTPzosyP7(d;EueZ(d_KYn^R~(lD8lt|(ke&pkQD63}`| z$NEK*K7gh08a{|?Y||gL^J{-kn|Xn!{2^aa`_~SofX!U(Ocs%8{z#RJ^T)Pxh=9DF zr=IJwpF3htHzCO<+O0*fe+rzwdDkCw2c?-_u$cU;KTRBiFm+zE-;NS%BjZ_F^n56p z*b0(h{g~#qTVOe!o>$syWb^sPbpE?%4meLkD{C_B^2heOc|~Mb7>4pNe##^qwR}y% zzo%(I_MKIi(26A?&;H#??x%&Tj3zu^d8^6xeI9CtVbenpYvf$y|xUKGo{=T+HA~P z!}2-F`G%cWXa8)ypt_5x+ZQ#8za1U(_qlvDTrnnQ0nzcgsH_B_iMs9C%{P3LT56)C zq_mm5X3#+1cJq78uY5}=%dnmVO2&@vy2Wa#s&eV;!|(7^hEi(}MvM08B<}GkMaTUn zC)?%J=!9K7Anh#fMIrCO7N1xO4^ht#b`=_zey%RV znMu<>s7Xg>UgZUj##q0xCFzZKFQk`7+%PX0B~bE#a8e-WD?b<0*Q&N=e0Tjc4xT4g zlHLdHLp0KQ*;MXN40Q^k9VBuv@>PdY1s&(Awoj5u7X%%r>H@l1q9}!U4=;498FKh* zYovx40A)jOQrH0DxWGxqBNvL)cBH9o^MVq8SK0PULP?G$Cc@fwzv3gZ!%|f;L~STj z$E`L4gs@p?z91-&Xz0+kx95MgE~ZmEQ42Ez@gztJ_l>qplKHNEb4|}>T}w!k7ZY;v zc7gZ@P?rIebCSqY2>V0<{1CkC>JXf@J%gOjbj0~(v`DOZk45L-R=nYq3Q^6`f^g_TMN z;}mC(zmp=el&}O6I0lkZ(f^m?{!utvXQBBw{nDm}#IR8%fFgX_{Hqn!dcHU^S9?xa zAXloN@acZ@Si-A+ugX8)g_XZ%i)rTJlj)?CPW|3-M| zLoVGa6PEeSkE1ay#0?`~_l+72?0JGHNy!a&BQv#T4Tc`K%pjrArvW`?H9U3mIN>Mi ze@>njikwf~Kon&Ntt7G_*Vk7Mc9} z2@)-ZKm|s2PK;NC;l|o*Nny;g1G-Xy@0htc1=Nh4E4!$_uD?}OcQz*Sd#M#K0-}Ge zh#e6g!GM_Q{ zRR526y^`7IUQcXT1eWB8YRPQuzYe5#Zhe*Q0YpVZ`vy>@e9yVL7F%WV8xU=V7%DK-K>9;>;$rI25)^Wc68Lvab zFnmkvrO8P7-k6A*3&49@mV8`1=^4-HCzL!Gqpa|iIaYdh0!xj%{$na1f2(C2Z=e(d zVRgfgKBYVMPQIa`^%jKy#jj*AeK`hi8Eb-U$?-V&WKyyr${FsAgs32cD0e6DH5<#3 zNVz0>_Hgpm%scmf12IGT-+$8M6;sI=}&vQ2-lFI>DxFIAn z4vW!|(dTEUIM47xyCnji&Ii6J!XxW4zT^$(I_zv8M@o`?h?krP}Tf1y7MJt=kwn3W!7TWMjX6|Wy0X;|o@27^=4roL3Gpww5o_@7T$RF z9lI*{O)NsB%CK7!A{Ax2{@m~3iFm7@kmJfz(r4m?qsFnDo^*iLfOFbCW0Nyw6D-PI zzV*;AI(f3|U9aj}xb<3H*Y*yZ+X6qOFQSFU#88S+{3a$DUzh<;rQ#JiF3-(BRu9@A zujR0o*d6%8(cZkN7PMb_=1^g1RI&fd{k-IWTfa46^+f$unk@Zi5B!K^PDA%DSmb?C zHIChZ6zxpO0?DKJvxgTknn)))k70A;K(a)bIg@3{e_Z;npb&u&4j-XAks zvM8GR+DX3_F(Pqn{%RUS0(+_Y_+rW$hTi)FemKhcMWMWd22GKyZUZ|;w(oNE<%f4LAQLiL`O%3wzmw7 zTJC)(K+g{UsbzigDpN-0Sj5HVacpAjl*a@HdGx%*xG6p=7~wK(eDN@J*nCARu~zB5 zpmw4LNBfeVo(#YZz(rIi47$WN@NM&yeu}~2LrjJeGQ= zCWdKgMVVC-k)95MG-ElO%p-Zr8V>zmP{0DtO78pl#5|6l@~%|*3l+Ml(H`$bEyN-z z?{=Pgz?p{>KKY+}LJc4f>Q`)$6>kJ(-H@6z`c4~O@%rz?sN0#E?00iOV zt9F^46WLAql=YP`GYuLFByerKv0CoE7>cP#$T%0_qe29ULi;z@&RDmw_N*ewjeWiM+dE%-6y91y;HK78)5cHQC;-EfnaZh9+j6;;4G#YEK~i0v zC_qfk;^zzAJE>^3_u(oySe8MfY9B%-nq(XHeLhqAUto?6|5wUM*Z6{=~n{@g5VEy=olEc zK&+cRahTE#KgZD>4V_6yW;!6~b(_yQ;vrF29;Dym4qXAVk+k7Gi)q@YA|y>Fhup*` z4Ehs3Z1h+E$m)f5F~Krrev4zr_+2nFuBv}jd5GB1c5E;_WB&@jhML)FmtT z{&LW5eS`7U>mF0Sw_QQe|9VYRZf9cWX1hO-Va=GR((@QN6g#pat%b(&eU;_rXD=iU zz+^)h>>fY4J*09a!2=QJ7TP#X*cWmP0ssS^V~F}~&PU-q>bH6CN7o`pUU_L|e?VRs>(n)q4V}`T@Bx6uH^;LwCLohp6 z;Vk*NZ|4VvT4{k%_%V@~i2;Np*du~rwqEb`&i3molp}Te_V~&ru_$qWAvi@DL;>uZ zm%57Tya!zjlIO$;hF}X<$u;RN##VYZ&gZ!XqWVo+?kICH)(Q|Jfv_&o+hOp?K$F)l z@|;;tF4yzD*r|NS#>vU~U4fY~jvVmk^9EH#@&%)apkOrh`YIWg%h}1#XAXeJg`4W3 zo1OyPx&lx~9+fA&Q#M+WP&quzypBh6MVU1gYuW!sMVuV9>sz_kxS|imr}UZ_3PTog z92t>CN5pw^&BdTli-Yg2_bp~#ZW|^Z>ybiRz~`CV zvit?M?5nq0Z!2XqJ_FMYBXQ?=ES}zI4*!vnAj3MP8W_NfCm|(c@RyquHhcM1w4W?2 zJY0E^j5D5b--xVVQZ9CZ8?RA#QlC-gzwz{yVQ~e^wzveB5Zo=eTVQY}Sa5d>?lJ^- zm*6mHaCdii2r|Ll-TltJ=e+lSe|vZD?y6q3s=C%aq=DwIPes*bOiTJrI}q z`lF565;HA36Jt`;02HIMU?pEEOH53h?4jOlzZU3_l#~>)_Vve~+q0GCHaSiE+$?1s zzS0a98Suz)y@(DS$|tz2EaIB1EWLQyTCLanw=fTDvbs8cAOQ5&Awed2c#zH59ZhAf6Co8`)6YnYGGk9P%9=bzSotQ1i)71{4DmFj1uG^j1-4B z9Jo`a+Tnb}iA8X&Npmn4i8wGY;6Ihhi1YcW^e%mJ3f%|qGx0MQ%NBe%!-%t)!t2T3 zW~XUG&ljO+-yB?$2SETkKNTkJUWJZFHZ>t9y+>HZ7$mm;2Z53)qBZXSg#VcVMlNll__?P z2sCNf7j-bPu!Nns257_gkr?myCD$`QaEQ7~K}PYrX9D485HUd}E+N)~;2!hU?Jo{H zZm#~fmj}PEba8aW=|xAJR+=2}GUy2#-F`|!a0wU^@iDSOSz=>F)0_O_O`pbd;aazA z!L}yN4AjrXiBSx;Yo(Yi7TSP@*z<4I&M4{?nnbw||o(Io#>_ zBtXuG%SGJ4E6A~*;{Zhs2OqlD-i09&0GafYFz}T>iG(B-DiDLn7;9FkVCUNF^>8_O z*cdB!y?UeL;0ncL2M0C?1PAB~A?85#C5*TwP|+SazFBFQ&YRxe#x{fxlN64KMifOy zhd=}_mZQCIGY84M*5KBK%IRE-K~>)%r5PJ=wcNZV1G)KN(a#J$0QvZU=-cb-*hFi` z4$)`-4A`rm{$KRB1m$-umn>_wV8rBX#Vc8u280K&BSh$v*QIb}3U{z;GN*UU&FU!N z^1}yB5@aSOr~MwbOlxmLsYVzNYh;)ZibB#Phy$PugOMmG6H0PLp#HJ0F=ET7(un0s zP(ruTIvkQ?ZeWy7=XMS}a%$NFK+ELOsFp4*kW|E`Bc6QrIvNoV?hjm9$s^cK8sJpD z%CM2IkfFL=dWW5k8q-cs^yxMl1O^L)ziV4qkUeqG%F>O;9i< zR+}8^w~=+dA1Z%(&@@P6GBEPmB#^F{fr%T~lv2U*�YHu4Dr|w(+J^f3GaH*~8|M z(a>lVD_d~m^gsKCg2FGKBF+`=G0^zvlf#G`5{PudD#E8w02IF~07*qOLs8+o5>t+R z9G{=)keyg0Je@{Go$Gqy=~NU)8<) zI{w!u_wROsA9_5c!YhaK&OzZbmiS_gyd3+JCDN=5Ryq!HM1%9Q!mh%x@NC{lY%oqB z#uLsn22o+ocn-_}9ZG4Tuxf${986yFCtenHa)cP!JgOmLGl#0*rPJoIw)7K-u1Xqz z)c#stV>&8R^5f$FD4Ui5eBw^m>6qJ1ZSnh5EbBcuaG~+qXqZG&K~C3iWH=lfS#(~j zC&uqfs~F70mL4qlgAxEY=Di=BGyWc0H=Ov^F8*|sDpjOz0=NC8$b?y566r!wLuW6P zZ|v^@hcu7bO+pZ^+2^}-Z#_ye>t}^A({va~=A2UpG1RgVH<7x4cwt)+q|z!0X!4pg zj>2k3pm-Ja-*3MQ=`e_9*5b2eoMe4dzNJ+7Yx+kn>A>Z?E7ztJQJN8@2Dy^_KB;G* zBC30eM`ze&WhDGOV+p1%I;ua#Y-Sjwa*21Fs#QHdOn@i<2!vt}))z~PfKi@CDK7!w zq+@2o@TZ8~fqoO0!^Gd^m6VhWfs&L-;!NVTOSE=EN~dm^QxpeFuddY^KaZi3XfD!J zX^pGGn{WmFRe;GK4T8aRN5hke~UyGPpGF9}beT!u)J(I$3C+jKmlnZYszX~6=Uotp%!HeaH zAmy0Z1C(UB@@nE60zt30{CcEWtiR5Id39-&$cB0&#T_U)HlOYF#wZ+2RZ^2M+rE36 zIPYM?&0HdHWX4CCeflf-`-GEUSwV4Hxn$b;;X=kxB?9ncymagp?es)oV7t12csH6G z41@Uw-}=m<_KE)~W+W`jT$DEX&U(CPdbe5v6?4>F(%`E}AR<4OihZw2D}Bm40n+dI zzXvdRTGU^$C%`)#vcq^Le$|K!M+Xm9#mr23}*Z!Ya~ z0#?Yg9ytTHTqOK9rAewLd2oG7SLf}D%1EN-;!9VNwmP*qM;8O~P0>YofP7Z}-smnl zHeO_}Q4p)I>~mPw#6#9?b5@)+Kf!7>tJ24F+f7}ZYVC%EEO%~B!ExB;uF5R|2LxNt zGwjP7YDF0S$O|6c+U@oY>ZTXd;Ws}nd;MJMxTA`GgrnL`IV@B&cX2Yhj#Qxf?}j&- zZ^cphnA(`%7XeJ?rn*R@0r*Hy%Tj<7+yCTi9WqEIXbf((E4&v|aCRkp5jcxMqFdA1 zW|Wbi>Z0v>%ek@y8zMKA?hr{_d?hMwAk+I?@{BskfA1w{c6u{?YFknwNcz#gvirDP zvix`u;gpaLTEB!Bv*u30L@+^bCtstKr2qy-phQvRX{jPjg6Lw>d-uZ&12HP0uMal; zTz8PKVsmTKM$oXGz2IT2S)l?X;>d?IS@A}>MMj{nx2{80ue*if%ckLBW)B*^RGSJ4 z7Y+FyCp3)25u^h!(UjUictbyRQ)Gd_3*7 zLr^c)gfnT8?%W`|!Phi#<$eGbV;&S9GB_|8vcZr#PE|z$#KYTSjO)_(Zc&{p$Jl$C ztCSyCaKHMny!d8HEn9Vq$0zF17a$y)3ndDL3?_q-I8^Kr9S)+-BFDmp7L&%Nj@!&u z6p(|9(3PW3&Czpqu$(-N1*d0&(~piwH`aZ0^%uI@{;6qdrar86_Va z&ZhmFf!Ujk@&SX3@h8zqrmlUppTkGb4hm%wNvnysA~o9b)=F&FPdnbh=5u~U_m_2GD9zB0nFOao`WXz_GY3kR)3A(!Cr#_7EtiY%rV2269JD;34*wtB1QKOLVPUeuV`;Lcx_Rm?o* zNtw`T_v;eF{Npr9_hYyFXV(??-3M^qTcx#JonAdE@iWplL7s?DZeFiCoz|iq6|V5}V3i8;?=zhg(A}M&yh4JXhx%svhf+*)KfoGo;0brRh(j>0Zez-`D~p-P=0jb@J2-LWKLz z7xOt4iv6eAEToDhu>vRdZst+ORRSqYMf(G6m1?`2n>}(>b=7~);y>KN^%dN^- zA0{6w*DIW95k3pHmE!%>0_yK%cJRMUfC#j@W)5`~Lk=CqE5Kw6?Xl|IS05(e=UT>BlY`~1)$_2o42K+MA>Oty$XM~xamGg4>T)Ej*h}wzbHDb$qMyK2 zZFhD)IT6w3gLtv-7u=JX-0>To8dXxZ6U@U0*x=-9?WonaHd-1!P~+KYqQSkv%{1A0 z?*IlwhH&yu*nxh(ZKeJ;^ilulRH_1AFYR~#u>Hwm@O*jw`{aOCPYTKhKd0xwVI4>m z6z*w#r=q#>`zLReL3hN+8|>Xg2NE}mp6|&TO198jT-yt|qNc+~ERZaMT|oHsw9|d( z{x0)O+!UwhmB@~yZz@NKC`*DA8as(x~T zS742wt*fgD>T-yPEidG8qOR*jUp6Fgk{Wi&onRTlAJ@4kHUvR-is$YL_ ze`=Kh>`h6&^jc^2$NuW$?x}S1zi;g?0zL@n?PD%Jel?PoL5k2I=$ShGy$&-wI~NaI zonS9AEHtf#c7!0TUXxlFkZcB4L@IQRz7Q-M|G$41Fn*9V>Uvur%n2~oBEQgog!0An z#Ytd;nH_AEE&|y;5EeTpng*ksO6OS=V9TO&kdi9 zp~qpx3!pl~)_jRFb=h`};`=)WPKhXeg0LFbI~t4YT78GT%^A-u6BQU!M>=J7cw`9O zkIXnc^gm`TQ-obsX74`_rWz9X?YXTva74gx#TmOAJ0X7#Eyc7!gM$kzDBT zecwI}#2+>K=*O4hhA!XWdpNHWLrxa&7a^P=x7f#{;E-yF(yXHDy|0298|d8dJ1g$F z98HHeYj5j9E|Jzy9vNB2H6pHO-gM!UdJALD?#-%%p?(-bVqTkAbUEPz#cgiq* z_CmxgK;-)AF>4bT@imnfsvUmOnj@(oJX}?vlkeHcy3WVCZoDvlASsKJO^SoM8O=jb zPFVzM;;NrL@!?Ns0kJ(Lnm;a`3;~su)^8*ke}9}`E@t?e1vs27BBUSQ4LL z3t;C(Zi_GkT0~+y5no4d(M=O6Iu6iGjl~Rj(m=FlirJ@}P_Toe5|h<>Hv*B}K4wa` zMbMJ)n|HADosg})uAb6iR4EOu5SJy{ho?yx-lkV|NEps|=meYKaFmMYTD=ao=^(ek zjzW|^*8g6-O)X#OajqKGGZ|{r<4RXCKx8i*r;N!9>91q(trC}zr+WD#ci?y75BByl zq?0#KNRGbaz2vBVkGB#YHOY~EXCPzS^<`oj%oWO|NRXWVK)&Qpn4(UjHh00c5o#D3 zG`pG2M(bY!cw9OFjD7FQlNXXlc0Fmt33Dv}lCr`t`-HAlN-}#>mbLv7cNCj-<1ACya zRjdT2l?cicDzJ7c=AlP|+pzH_6ETRN*K?l0#~zv^WyhrhNqd*zGlBEx)MUTt>5lHhBNqTdaJbvPdWEQ8nXSW~AF3#fmDPH*9>|I^qx zRpH5GWT}x&xomAY4z=eooKC!kZvqx4^>gD(KTcGGWQ#yevb^naO^16l_edaQ21R8B zWDpjC;6KWHTg*!^S?p&+3PgaV6LvIaD;03+;D%a~?nmi9hnLBx$Bu$E{bu2owvL80 z*7Nnu$-PHO@4ZK28o-ccU_SQfhK84l6Ga@ji}gzD_Z45iH1^)(gzt5f?n=b*el=dE z>n@x*_kTX!L>yI10w?GJPiL0>Z~|0B(`i$(pIH4>w zQo-$#|F;}$yc6~(X{aCWsnVs3XAJ1B2=g6g>U9j<8I_Y3-K3%j#ojmTKR1585E-VR zc__p6E)H5oONcQ1if>#dM#Tv$Z1+L@Id?Wm65^`cRaYAVmPjfpllPu%D!e!@_;`p( z*FDI>Gw0~_&8|QPtYlS5B)+h4;V9uNXoQWIFA}H>#=DBvH8r-!sg!DH|7Sx-REAC` z&_6g6;>3mZsoeg6AZ}hAM-w(3Gz&)2csSV{RbimJ8Y0M;x?Rv<^YbZvq=k{T^)0Oe znVx<1tnH2G+l+WUxLP_skU~uS;{9~n@a<`Rpwen)8Zven!pH%(&wU*|UyzFCj$j+7 z&aNO~`d?N!55CpWFDrM(oF^B)p6{>C-K+15N<2#guRQFKA4MFKz?CgS{T6^Z$)>?& z9Rz;2}0*jn-FN@+aSrx zTFZS2wyiaR$&#TqvT9u;4ILs&nzX?Bag5ta`McRn%N|blkE(TI;qg6Vlk)0tk}>`+ zW)xQ1cNay3=5P3@MXF!J`c=HCHCOjIhv}y9!1YG%$Id8qW@(;p#h!Op{Mn=N3t2qz z^pNVBAkn5n1PY}5S1`Q^edJgQn$2btP}-t~y5-Z6RmP}4bZD(sCFZg6(CKhSa0kpT zKlH-z0n$E-0onKYJF+{A@|dL>{q$jvY{laFqGZgNd|^^}a@If8CE36(D9L}P?gq#m zn>1q7cP(LCaB?L-g~fNnr!O9!Uv0Gu80bo1Dmw)cgwNci|Knv$%D3tji>2!&mVaN^ z$(VDxpd3!=>VA6}g9YEmnixhTW$QoPPo3wO7_w||;(repeUUCE0%bW1tVJc7H%djF zjEGkAZiXilW~0-+$kCh&DO*F?w>!fpR#wWZP>xAXNhOW$-IE`LNYBsfWjtElr`tj7Jv;@Z-YM)!*o0X8290aCSlF zpAP%`S)@{5!&i0rh@8_HSS}dEF@ZaZ3g+b+_F| znN-Ry`tc@TG8rAd%1(wvk?uBH6;hptEyK%uhtMCZXI~3$@D_^PPxi_U^{(Vu`LWH3 z6k}=QjfaNsC0E3eZma8+t3iLyjF$;i3dqmH;bMx>KoM=w5i%21pJGPhb+A*3Qj96v z=Jej^4fy20>U8j4FlGNLvAe%`fBM?ji5SNMfu$$zVR}{gB$+KP4*^yxb@VB>cNj2X z9`3vSRN*<^%U~gPZr}P!62AErVW?;r6F=9RduiU46b%g;`EkyA7q)W8xrMbTLCgL9 zJMRJ+Y6K~Qn4!+jx3#s-gxRa!t=Zqd7tV74$&f=VY6@L3nwGO|8Bw#kV6`+I3_rWQ zhf(EzcgtK|5gV)Ik3)SzhL1ob^Hd9w$paa$ZQXCpvil1TrFI46T}8;&njM|Lg}H}` zcQi!*65#xXA#!p?l$MkJo2jy@!s$^7lUnYA3?Fz|^V7^$jA59{qETn-f$HoH@nWtH~WuGwq(I?ych{S z-YO`$ddPxowDXZKw!TP>|Y~^7(ofD$|{~Ht$|oY63!n zATA72cQHClBX9SBC{UJ^8!R}NtT13G7n4nxLjd}!dc%rSm&w0tg~X%X=LLGOgdB=$ z|EraZ^2p)xRmrSiuN5`y+$ z#DDZQ1nSUNjXG;HGf0G)Rw{!0+$gOA=c}-sR?}8t%Cp9rPj5=xjm1re=7nXCsN+1? zF(&9JC+JXtt-`u`!FX|Wmqbm(6V?-!#>~yHkVAIpWXaS`LML%^(DKiXEC}T;W?(nhX4fUdUB2nas z^zZzm@Pq)v?w6PEXQj;E1f>jsf>h{9&uO!~=tyCV%;(u@aj|ZeqAg_d>GnrV?Xfaf ziT9$%p(D5>qFRuW$nW*>ow)-dI0DhHPX&>lssggeT zhmXo26eb!uL!pj_u0M(D1?Mtk z-wF3qn)(*CCMx*fR>Q9ONw=_!N>G16T12iB-rKr&=j@2x(jSd}iQ!lHB#DW~EX7ov z0?8R71^YNeyOo27{~}ljjC8m-otliIEw=D}L4+>rFED)|b2s@@xo}*RS@#5w-bORd zIM3-KKhD_c3;PBu4lzrVsO`qan1H;5ysgQ6YnkFeKdW^l@#U^or zkT2}YH|NZ?_d<=sd1WCW%dU&8bPDc4IGBk&mCCXnX~342C!4}zZnjjAs!vH`pWcbZ zUgQ}lkXW?HQJb#jDj+?%cjQH!fIW=Lo?R@7)RGaah*!;mYl>I5>&&tzK;m_><3a)Z zUWECn?@vT4%;2alD(BINS!~w0)2nzx2vg^ek--EKBGej1ANFOSfcS)!2}x7nf?kcT zQ{VQXa}6ooiJOyjTog(;au|5NY){}3f>4aic*S`(pe(UWP+G?S147(D^pHO9AgueK1)F&*SF0Y~m3FIUYT1x} zEYNfu980l}oxTl6x_BPusd4Jc$pfO}`IYA-CnoCC+pn;G=oj$W)j#997QLE$J^NL-&j%{J`(atpz+C{MO5RSeWA39Od^0QaNz=B}5Jri)k2{%5=TTjt5WpVwCo zWD{?OJO55rg8VwaT{GXk{?xfrT0jxzs_2TPAP2?oan$~ZZzcsCs6GWJey{v<^f|r3 z!Rc3v572*dB>%o@ZPwu^)h|!~HNtt{#|LMl)&ay?xL9{fD$icAvD5fZI@Lqs#D^!! zMZi^Ouco;@3+H8wU)JT7{ddrwExD4vh9O zx)19gJ~mMXQYJq)UAlUPRGHE(cKB1K>LfB=z9L;YGbzo6ct%gMh2ReEC)x(~OqT^r z@*MP|yS)*C1q;UJT;z$qw3Gh2IG+UhdfsTNS!LYcvb_h?w5~Du^jCIBw6@RBjxu#d z-L@7|Nk@QB>%{LwR&V5;mZmFxNRo?rZEcG6^s&ZC=D-A8>!_Iyh^|XiDd=+xlC3_@ z4fLrqIa4kz&+jpMW0M@?2s>*{KGiI!ulsk+ze{b@}`@qOwo&VYZ zaLfXn4U~qA$qZLp=J@&B^ODCGD*96r?JbgDv@2<8l4vxS5`X?AXw4!dEkX$WQ8(EE z9zl3L{n6dKM7}U=$z@GB*l0#O&V4j?A1#vVk|F0rh0@PeWcq7#Jf)A!*RlDlU_;3f zB>XwB&1sy2q@kA1%9`%TV(8oNW}}6sBy|WDha9EhI42PjCCf9=Yg8-&$7(STpYI11 z9*UyfKt*p%M_*A4QXHvpDbf9(j$D_W1@@ne0KdP#h+)~W6@Gedz^kXk@u=1IqadO; z>#!cnlIH^xPrZfcZL@VN(1Y$RlB)FPvLn9zNUn^(s%<4dXCQ@L#iEEa^^cOUPdB3Q zlk1;npGHK{<{_ezfoSI`NkwZ!ao}>*X&WXyiDWdH;eTV5$!Wf4|5G?`8)%%*4&uc` z8RnoKAYTpEoF3K>0ZE#3J&*Z_q zexcPIpi1^+G%!L6K)^$67W8i0qlwgf**bbF39GF-X!*YFz<~2w4$5NG{L*(IP<&z* zu85Fa%rNr!&9|E$8 zqzSGHEJ#Rl1^@d$;+S)pmnBJ$wX1;|p2ppg)eU17nHJi&sH+m@sm53OgxyPi>a>b^Qe{Kb~er5g8G~Y{AU%X?#Ap(f5|h53Q^6ZO#cq*ipix zibz361iI5d?&33)81+IgSK6jFy@@%zMN3%({`E;)7O`1x3M~yJsrP=DlaovD|G0Q1 zR{lmyDcHtHG>2|Kb4$_GdAw2DYef+)f=jYvK*wVTWseGUsy&Q;^vBl-`s+Plly#A` zmtCjVoi}3&A8M&KU&|i`BO$Yh92$d`wEZSkmiZ`%g=1JbE*TC4um3vPR{Y}AW{U9a zj^JIqM~AqriTeM{7E&26UU2_JyKv>U^wmcJdBM=8-a_I6g-gVb`weyY(Xt3H@2W>V zODq3Iy&UW;GR9x(!2K1@3M;LV6q6dxicDi6r}Gg+y}>N@$#%r+R+!K9!Dp>CR9_nK z#N1PE@#t9(hI4`NSv$e#j?#VOLX@^cQ8sZ~E>1ot5)45{j>);0P_uTJTSm$X-NBAYJDu|()6mDb=KGD1`iPUD}?Ehv?`Bfs;MDVqbx0SdsJ+JzU8!;ztiVfu^zS2 z4^*$|OV8xdeLj$jp!WGjc%tR=6ZzoNvi#%3lS`zOn?RCJMvBY!)C&rBuBa{HTLC`KCWAfy2-*FQElBFQR}HgZAb2;-FS9h_L_1V*GS^(a|{(w zF)wnSJrOxLr%4u6aif7f1FP&W>ogksoF5Q8sQy{X209!{*Hf86|Lx1h+bmi09YjYp z12Gw%s9N-ArN%5hO!}qQcK8i8CbZ;LJvG)qsSe(pxPl(DVKg+L*N&OjmTDbp)gWhu zG47@OXYVFwujOH(9-gSAn(CAIga7~&x|VE*lUF?$9-9XJEy?n$(IK<|bSb%MoynUE zPo`Uo;Fb)kbYlM34D{eWL3ikeCyW#xtngTxznkapy_K;|ko2PG4Ckh!li_GpcNYt8 zY+9vz^U{|XY?&ihpLywD|2!#ssj*ofi%(tu^=Nj1uR^-LKM-A>rT^jUZgvdCRaVQJ zlY0t2p=R773pmgq)Aj}Sn9B33!(-;^JrNUZ)gM%)*kkEo2M?*pIBM=4bCW*zD9}i$ z50X)r_v=>H76=~b%xLC>YD)5#`IQcFwpa#E!%VxpDZq^%6S9Ud_gfNA14|;O{b|eB zwCQ(Yd)Y))p~_)n41Th;cfQ-TI;*$Elz$&8XxqJcfs{GEY5HB=x%j>K8N3{^lDfLr zxj_mQ6yW=@&cy_FoPBU23a5-T${OSU88walW;klf%2zrnI!&6r(_Q(vy3u6q{`DU7 z&G*BU@Doz)=SS3+r}Tz&9M^TZGCf#Yq`(CY^_MOvAe@Hz+bfolK5t){(PjzfA2oPO zXgKJhpETt`(|bW;dz*te1Es+x0Z|3OSBBa79hcTMgRp*V?roWBIa?G^6sQaVcZXUk zo(l(&&|&-`29Jnbr>Py|6egVeOYHHFtcdQL#czJkbRX}GA4k(&&oSMnB!|W)+b#^* zu>(l!%$ry6+YyDf(s`UZYC8Rk=UuaAD%Q6%;{Qtn>%WCoznU)*Z3sWy5a|mi!yRo~ zT?4P4etf*j`Z)1liG)$bBR={=d1B=nwm#Hhi@=Ta>(=Z^CW{d9-$>?GIQKV-He1pJ zQ!0_GsuSTSbj<%*)FNl=_CiD=gUV^CWdM-1SD>rCbJgfII0MS7o;~G&c+n{MzQ@(c z-+JrXuxlaC;ntxAde)*mi2mGG_k9~y_o_GROT5MsPxs@2;m0cI*ZV;?Flxi+byV@^43<(H@nd*$cs=2C_t8j&4paw#XO- zN}4kN9-@Kzy)SecSDy{@OVb=SOEVFClP_~-Hx^M>g1H;a!ta$)n4Kn76{Vo*nHmw~ zVL8`8b2l0j-AAAXeS$)8-&SJz>qPfPOfNP1e7EiV{TBj|d@%Y{X6#{8;GNN)2u1jp zT)j6$1rci8-VGYZB%bTs8ax92> z2LS~CY`aU+gTqwLh_%vpkdF|#@|kw$%2ObFYR@@bbhtQ*Y)GMK-fT@tz5f-@HYS)j z9z&7@pfzDp_Z!c855ml99;e)!j+xabSmD|VVgVswum;f>16;0UrZuIz-*VT_)|#MO zDP0280NYlje9uv!1^sS)r`+K@?bKljG`(tVaL?~T)94z@*YH#Y;u)nHrCIF`$pziW zOOr;JZXj0NghV=LRW#I|wDT!OPs5CN%nho^#_-LZV6OC8o{J}zHo6^!s?loe)UJ@& z#4KJsj6dK)qQ1kz+2ab0%#|H9xIpxNX%@e_cURi5J<##L*^w`?!@eXu<;3rWQ0T znWzN>v;C&e_5VOf6~{aEQsrylgfF~4G`!}zMzC{vdRZc>^<}C@7CLwe#)f& zDpJhpHK%6fTf0RRH|{6Vn3<-fgD{?WG}`knqA)D-2}63we=xD2NjJC zbsoI70$$)0`qs>{HZXd)JkYbrcF9i|6_J_(t?hzBsh6FWm6L4r`FEC|Vm zq0JnQ7ZxgA{Ks-I(H!^hk}%sh-Z z*OOyYk$Q;c2W+X(BL<2P#iQVaov#B{DRq)3AoR+gKkYuxn4zJ=@v|C7u+&hjf z)QRSYmL@h*Oxl6bEe#!Y2$B@w%aP@YRl($mFTuJ)w8f6Q9)kRK!1o|irXqxIUwiOy zfFf|hG!AeeMzS7cBaKZ07NHP{4ydS%z-hs-@KOO^On=8#@))KVdupUeK4^euY>m2R zC{oGlyy|#@0SJOJ@rp0~N#LOB)~y1;f0l^UZMeI|^C$O3P!;%kXl?bgAoNXNNf0s` z6^;fys%`Oj$ju$v*J#V-q?+fzyvtZ1#$q+lVcLl6D+W5c8bg8%D!D3yI)vehmV!$* zX#}s?vwDhzvgxTapxLUWHL{Vr2?RlM9a+syP1et&dc(tlWYH4bgq5mAsy`by70TzS zL}2L|@lo4W&yUjii&W93m^B!w`=X%;dqfZlmJaS9+Ml^N#q-E9PVJ?~F*8t1z+Czv z!ZfgmUQdNo|5<<8pj(hiQ)A3m*b2kSDX88?9g^*&QM25Z8(b5kUprFvye94X1@lfH zM*J%z?mj9D8bouM6Kp+arD}I^WB^0pyN}-o+}p|T9nuZn@M#!O*`|7<^Sq)zEGrTq z6)6y@18y(sitrZUuLq7gLT};@&Srhjncj!cId-<^|LteJEVKd{OnQmT7L zfDk}WsWegJKS*`|s4}EJD5eVb!+de_0=6Cy%njnK(&>K9VBt^kLQ77(Iw%qY50h*L zqJqK=6h1yotvpmiJ9##cvWFX_1oAx(a z>E!k0}zND34gSvD8_bI>P>~7)siZp;d)I>3_Io~G!6`0UDpIJ zD=HZ2!WT^YB!;BGkz_U^N1g-)OJU5OCPY1OI85$j~NqX*kFG~jsTAu?RU!$GE;W>I(|2&#D%XfghfIPIQ39xQgSC|S^ zOU%l0gY(THnmtPr=D-#pPl^T>g0f7R-ljt>Y$dv$=V^K2bB7j#h)$y7;m*z7+_IL_d2yCB`b{lczXsZkFf-#@J6HS0 zui`&V2DF-g7kK;3@nimsl@aE;uIn0P0Ehm32(cW^WhG2w*O-Nte2Pw$RZQ5b4{iWw zBct>lz@%Iy)%WV=dT2UJ&p#DmKXA8OoDlm_BmdnBP& zZGQc%RIXh{7yFY>6|KEC!n8%2jc1V*#3%a5@S`wsaD^|0?S~@O&n3iYSaHH^O-mCJ zi$yTW0=IW^Kk^ShTR4NeRLMcj-WWtc9`h@dQ&%{Y8$X$9Kbq@_@kk_<|qx&-3=ChU3frOIuNH={Rw z%Kv67cgxSCSt8=Dki_=p<^93qiyF1}xV^t4l8S*76$u$6AQME}(=Qe)Jjr^D-b1;< z9xv9V5#N3{e`G4{o_W7I^TP!(9@=7pH%+_g!4`apfIH;^Blxm zERD)&NWqG7u^q7F;GBB69R}I@xh;u+qp}??@E;uyHUoxN4A#np1jMwZWp&$@T0JwI zenrmAPqKYw`7PM_`VUvObx7#yX$p}yV}e>XXA0h|A^E@qHj=ZvIYPc?^6M|EA35z3 zsuqzF_rXq1|J=47W43RF`|TpH=t4BBGR+*Q^V~niP9l*)o7KOf0!wx^3=ss2;uM_H2 z;H*~Aj30`oV>eQQde^FOiqkxuC2w(QFWB~CVu$kJOz?;Q8f>9 znQ#kdUuvTu@Vz~0?uhQgJa&MsfutD<1n)zAj zDD%Vi1Uy6|u$<<-W$$Hu?L|tGHj)xS0r;}X2~4GXqi~2IT-70mX_nc$Cg||`BE;V( zKv+2(qx4p@KgBBOGmU1R?Zc&V*4}0+&3t#MV^M)10jlBdED!>YsQC=&c>pW09&PhU zaHTn02#HM@R?EtOTWgjVe6M3dDLD^Rv2RrYnydeK6~^d>!wi~Ba?-g@oo_plXmFnO z*Jszh<_AUmoYnwLd%SPvi$j4Exd#qjfrp2Q22AM zZ-wc8L^B?pT$g(FrvhHu*9?)-*8V=+f?5Udr2 zi(_d5Yumwi{`<-9jzSa1wx+gh;T8b?5u@ zVx_J*hZiLU`Lh~uO&UnMSxu}2Cx&H6uI9ZThNu+nFU-EpsX7{N_y?GS{ecQcTK~<| zsc-LIBEQ9Q?wbi$`znrzZD#+%ituSV{rzb-e+2btUS6JXvD@RNaq;}2jcI_us?K--;B=eU9_WZaISuOaMllnD2V{d+sxdE|QoaYsl4+K@@ z2*}}@SVSv5X_{ovJu8TZ6qv#9- zu;U)HQbrD1>%n z8}<(fQv0_&-^f1roK9zIJq)aYr}ux>rrjUzBK*D$927AP9C(FG0~LMZOnEYUtzcBK z-~x8oOR%E`H4DuAY2;o_$4lr7VhK+eigCck5>a1hG6!V)c!`sC#?r3ypU%kXAf& zV~lwK;+2(^YBdj@#)hWRUAH^5JGAdJxXI0p<715Fxou*l_s_uM=~{wokFdV;h*1$X z+=$Ifk=k#=I}()GgPrdpOp3vM31-d_?yWw8Im4tr6;*$p4-sD;guM*=U%sKzhCMF! zT|ecQf4R$Kuo}`+$)EhTvKIL1%8PUx3p9Uaot<&so44h9Tr@SSl2le-URz24-0bb8 z5MjA=vC?8pa&vvSU0hsvfrZYkvNtQtD z4qSXjM8F^w_>_E3=5KL(NmjC6bVN!>7z!iujojPF5uc%ln?9ML`T;fgX0ip)EleH^ zoL-fzzx_KuZ^}hzr{M#cB|sqYtKt5;OOttG850QwU|JkvhyVO?(z0%!UfBghcbp!# zFhCK)LhcAF)UuL2;{#V(OpqS+o1c&8xz6sMw>ND<#Www%OVzx2jf^a2~p%Iwm z>3T8D=d4S`M{gA=MML|yTpgqX6{oqv{`4itBwEaokX+Slw&w&8uybCw-u@4BZygrL z(=G}QA-Dw#Zoz`PTX2Wq?hxD^2G@|_7IbieySrO(cXxLm?&SBKbIwPEntRhBwaPbKgfoLz2_{e^IWyP zdwP1Mp}$^{fE*;TGy;@;H%`~;UEbK7#>=65j2k}tD5v!bn{({UbD{S;ad5YUxW zU!U3>TAaFcl)AK+RNr6lapBjE*XYON<@45(!?VZAldllT&d^(Z7W!OLUW6HMw`}9q z=G%Md;_80?#cbho#czI(hj5Xi&>D7jPRK&5P|M4^M3Bt|9X>8(4lpp83!3m0wNV!7 z;pl~rUw?p@n=!PJUN2AOAr+Y@)f$AvN_pBvO}-xulbckZ%`eoc)-rP-Be@irNo1p7 zL}}e5`1(8y#I7t~U04EoRq{j{<;0)tDqYQ3lVm3a$M6VZTab;#yFwsFYoktGb*^@V z*FO?6jI%whPMUKoQ$X9{SJGdco?f1qP}SFhsZAKdhD^WdH1!NqraJyzTwYdY@9)H2 z*_tDh{ngdYEr5;RihY<5OEMY+*m3)u@WtDxvQGY6m8NAX>^NZzWWq@^`|3tHAK}=X z8{Q1RlF}?=ylCARqx@$q*bULNjiK@LB%Gvi0w(<#`{Jx_U{Y(^$o_4zA7T2@iRw}% zRLfUxJ$x#Mk-n4Vl)O!cL3!#O7$;?ei#{g5+n^=6S9@37-r?y>9(x6c#yq(xx`oC& zG_-F=qSj58!;06#HPf~~=Bd`i_kseur=@!Y>>)h94&HYwij?TMUpF|6y{&roa z319QQJz6C1_Z)hBmimPhj@&!z#a~Nn&M7n1^QBN^;l{Coku3Vb`*K`?d2D1V@Z9+| za|YPQKiIUUn2Juc7&aYnJJSv`KCBO)77emzHY`~xL~3aYR;+5iR1}JZJf@@IF-vC= zZHP}n#o1n{b3%)o?emP*wF)}86=)23?9x9XSB@%3{$fFo_GCghlKmhsPnUeb(@=9z zFOK+g6CDI27>~R*#um}F86-K9xn6aBn;Lo_&yrGijb}aY>~E$wO(LmHQtc|F2wTkK z5Us^e^RVocspLN2Ui<3jTX_xE`FYf^(tP?<09TqZjynH_M)=#>%dqi`*mn9g_iCWO z8RU-A`bUL`esYxM(v#fcj`q*K2Y=LdoNZ5>HR0rg+1T&VZTv8`RX5in}_Qj-=hzC)ZNJQ3=6=ZO`3;u?UpQqHsfCFl4rf>y+})2T3@?Ala=Ho@E-wp}4OYQj|e75|whVho#(^HNU%o zocQt(Z^;)EHFI;XsGp^U4F)CCX>xlJ5ykbKTJDOVQ9FA}+Y)=5xFJ5T=O?Ibh2DMf zS(`0T0Cij@%22e=_Y#^z&p|hOBb}*`zyd=?I2c@MZxRS!6va?Ti?AJYJ+GwH)4=~ANFzyG_-U^8?-Zf7kX8TtP z!bs==nejj)vRzDK>dBV`wx0bTr-F$SG%BdShM%E@?1L6( zuTY7`;>Ka3;&g!l(EAWhv_C{@>A#5lFv$En8i7TUa4;Y}K?#-_f9aB9&kR=_MSDgE zsn8@j)$|Vjk&w^i50<+K=#)l+ZS;T3U46${A+?u3xKEkYT3(Q6A{=P(n@va%dI1SJ zewUM*yep!Aze%4b^r6+1K5hKFOF6F}{C!wXzPU)bst0VWi@sn@US#Bu@*%T*=!dN~ zmBOFj>ktA~5+b^mJ(OcVsnQ>AN=Mu`damagf`^DREW6LJ>f0~_zwdgYtTBAdNu~x> zxzswidAbSt=lw9e111HtchYRQ7+3UR>|g6v5T<<}kBhRN=};mRlr;IyEnJ`sq|y9X z&>Ljg+zQ>kWrjpSkjVLLa6m>xO$ZFr&pX zTKG2;Xnx{->Xk{yWb;3n7alohj*(qsky@|zXAuo`l&ZAVg=t6UKN@O7(Fmis*tZgA zt3oCEO?L#gfmJzINemE|XaBbzb6ywogj3rHm$(noQz_~9Vv9Hc6q#lRO1qbCNXJYg z)B7^cI_5=$X0P|rY}nip$ow;T>WP3|{s+?6A1%l|5-?QzhkhSFDZ&#e4(DWtLQ5J{ z2sCf!H@IPLa;~_3UH0hEdQ2#PRP4FE*X9G&-SdNF2DL=S2jG2;S8VZ?RSH+M){2Si z*>55X2^`q$mtK;Y6 z36i+tn4)z4;QK_W7{|atc@7Wt(oVeSfoKw;%cGJCOIKb;&o`AzSI;f3FZ8F|LxLHP zo!P_GygF_+-jCng*U0(HHsP@)T|$T?Uz4g$Yl9+-7CcA>dLJlyo_&Cwg)_(}C9!q) z_1TzOi7?TiAvG)Qr) z`37=5=y4JGRx_pE!x@KtLa&)6?n-u95aoT`IDkguzqsf@BjNXOFc#6=cIkgyB^1qz zgA&BvYa$&FQ~3$XZ`EB=mKJJFT)Qi5RB?eh38I#x@`%{M3^u&PRqTZcLRr9W=*mLX zhkWUni@JbZ@?i`RMTh}`WiqDXIz5!J#`;{UZY(5 ziitydRe!EG6rx*T3dD1`g(+NMO-!r@I%D+hnd=7CPKh#L6={k_H*}7<=7b*O1(^-1=*+DcB#4Ord?^*U7o}kGHqZPegH>Fe^@&*I|r<7?w znQ~1AqE?;91^f>pA`l&K_jCn&7@mWSsw!`g&qhcvjMbCaAo`)f>`hGaa)&ctG1Bi8 z(02fkyeJ>!^?rz{OVN_b3r7D*hMj$u+$hW!AQ3Kol!c`yErNnFkww1T4zCyWe zlv%LTs_S6wUW1ChvS+$-QBpp<1pK)$*ZVAJ@bF#ywcry&)(22>`0lRrXDmVB&98#O z`@zZWGsgzyvbB3*Eky$%W;fu<>TLcY_QFE4rL5K3JC3`BQrDiM~F~nuybC4<| zfxJI}c_$1S?|{6>2oe>+7xXA8YQi4CvE^qRe;}=-YtF-Q5S0IZxrWrYpIGwo(p#Im z9H4bs#_i`$4Eg@ct|hzbabhzUvIog1gY6ZnSxc#Cwlb7QownXvCu!^K%!<>-MC>-U z8e)EPep#Cy6$$ZNX!mAwDAfit;V;yjgW}?%AZY5gHT0f?i%L6mBQ@@JRA2f|v|#So z!BLGkUh8MioP2_})&p)4s;aG*RnOjimvb>@+^ZlsLgdKE#ZDAAZ~kl-U#p0mF1S!V zL)SDpK^7LvdQGU2EKT|`=F$N+C_zrb!FOo6+#`cbnLc6szy@y|ld7E91RbwPw7`SeA^hFXGfYgj;)hbUJ21O=H^5eaLcO zz>fmvVIz?PTMVp;GSd*BLEa(J$q}AKVo6Wzf$@4*ddS01b|ErBCiJwZ@gl4qW&I?V zJ(gjZ3f-qf%2l8Y;gzhT3wH?+KkbQ8@-YIo1mddI@LLgJff{pWwsDV|c9}X&L4Gf) z@7KBM@*D!f5PqWn$tDJrpk?{%%;9DWjwPQd3XYKdt(<_!+36wE6Q4ozjuyfMHJCy}1QSO? zwMM_7yw8rPsN$1-O_`r8j2>UA6d8}Wuq}E1zUI;0e2;0nM?^Z+tg1pv^eyYnl*zezCRe1MhWEt(SICEZ2h{RES(Yqmp$gH_Q zNL&|=yj=9-ZOzgVz6)sKpiuPS$+ijA%$ouGFV%Z1lhhX|q^NS?4 z%P-E;YmyD?xAuH*&n1eLm=y!KeHh=!zT zij4Jpd1luv_4V_46nF!7r2LLiJw2Zp}*^t!&+CJnk! zCzt&EtFfKC5;C>`2Xt-kVt=dIz1Yl!C|!mge#QL!@_dE5yPEp!Aa4SL?J2FRIR(C2 z@yu=_hjzxAAueR@i+}*c3DkM$B#fYXa7w`K^&;l3cs>{|Tu4%-IUq>SXIiuT!#Ns* zOprYBmq)L;5=|&MwQ`<-IG^WIYz`4UOFxxO;h(NpH%=%@#@{r=ol|6?l}-pc5!FGC zBx;#!zrW{n6$3y`L#elW z5?6W(Ve+?f)y?UK<0ss%>%9hAH3oVR7gP6DoYaW!%hirEuaM1B2r5X|Mn%)UMwQ-& z&%xm0=KJml8eN1TCfM{neaz2bP2H8T`Y%h>GTlm4WBCfNTT)^w-#;iydgAZneM*Ec z3^yeH0ryCug$R@op>2k=YDPHiWB%3BlP~$khs#j=c!Px0hpj+V7A0~st|>Q@DI>#y z#Q3&?yq;d}0nLUG#}vF|n!{QryKLse_p&&=+2Hr5`wv*ridX0w#=w~chd_F&4k{)PV{ZS)ly^;nb)X7+N zR=j=aIn{;T*;`H8VV92A^2>Y%X^;S~=70zCWIO)U6!vt(W)MoSu)^ZA2S19HU01TU z_+PWepdwiK41zY|AEIA+`h&#KSjQfJeIulzJEhPfiI*1Z{;a)z=69hZ1Rjmtg?6pm zzIrQPc=9+N@l!kV5U;t{db~UJdDfpg@oYNINN!#WuvPo*7hF$iL8xoI;rwNF2e@~3 zx7INoTG8h?X11|JABeic}Y_VZrU`)NU ze8q(3r##83)vgDsrjdj z+&Y5yBXctrk%`vx`Vfat1&{r70&gKvN7d$V2~+c?^+E)_Ajln|{;ahqEb9S5uB!vYf~l9cTK9@cvsd}Dc zJo|e0i?_)NL~egFETe*hgKH1oaaa6e1=d@=!dem`U^vSH#^P8S>!u{s?N=yhVkL|X zr}(K#=0GiHCds9mZBMzM{24UsDPnQi5=%Af5I0)AdiwEDg+=~7Xsc^CA?mcDw(LwV zpmg;5K74W;U^(%HsW*f7Rt*zi4PRXkc-@0{8(FV9w#T9B{vt1pg972D@}Xs4MB;vW zjq&W(CaPh}qs&SFx=BY#H!*>98nL%3Q;cWCVaU}0vPekFa8$N&GJ7ZQ^q$2?7FwrNZ#x#waE$*>}7V6tXmfA=R>$n`&pq zU%dF-(ckuc^@TOo!&j$))r#A(*`PJY@fQ2@rRj<5+xy7lh8y5!-)7p{%zEQ%LYrmd zC78?Z<#wCvly$Xno~9Nt#^Q%`X|huSLi^ThG@t}Xx9096Dl8UyL^4VK1qN2 zOLh4|6da?5Hrh@VxjkNN1uW4!_&$EF7G2>Fr z06p*dHleOZo%EuLViTMWBg_Zg&*h>_9+O;eC^{XUv3A%H!XKVY4$m&&__;Zq4bjAu zdx`k9eR4~S?ilS^TOfE|34=D^$$oTuzTi4)X}_|2r1te17>en@rV|98H>~e%`kw6j z?d*2&$mu^svz%ma20FUKo+vTgh3HWJQ2z@znY8Pq+QO>*A@@FggxzHMTghdFKsnuA zGp8L}*;|Y2wRM!DMyUPe#T(w9J?De{g6Bs1C{E|3HKbb@q2qTKG&$(k{{Z^%a(mUA zT8O+r4%24AJ%3J1NyPV$EUVOdF}O{)9cD%nMhNBz;Ef{_7@}Eg2o|?A|8cH~e02o8 z9L>n@65;5-sa2)?=m3wF`1LvAsHw?pUa*~HpRT;#m(UfkPr2KJ(* zxw(*_2iR=k)yd{qj$433+-&#bDF>VY*K!ky=i@Tf!@0GO!D}VBxrLgs-=ZR5&RBf!709vi6Jj1nBAGLpI90!56@bwm+9$bb=U5P zbiZAz7}-WHjxVj{=v0Zj@3vo_;~p&Yzss>F+V{06^fmmxYSUd&;a=`-b#diRNMOJ` zKG8?kI6-xC%>}x&+51bo{49>+Do_V?V|C5`wMjF!&MjTT(YW8@)uYwhlDXu#-_Q$_ z{3eIu!MJCCrPuM`o<D-)xmAq=4geMdFXZSp=L|i)8v%&UqC!>I_y)@ zu7TA*M7^DQKb$1t2ri9j20YR08Z)RT(r*lRBbj?ZHO&9uO`Cc(GU^KqkDpCTLv7x&Vq=u?o_;!R@4+;7p=tS^Weh!dI5q#iW#YC_NE>ZPrU>UiIqf4 zz3*92p^IkOpMI^WY3d!CZKk|Zv|uRGM3Us^IWyz-qn&?Xr%?6{|9R{4Ycliv8W~nA z?beg%?PTN{c+ZdKe*S#*dV9i*b{1`FXdBy`GA_}Kgbx4!jBaCD&e}jmF|C>cg_WDx zE2139US)3hxy)Tm<|UbfXfcEujCQFV>`&&clglYq-|4EfZf_m7gYZJV z5eZ}nn(Z`U7mAkM%KQ|~23}!=urdx?-7>cQ$@UB?qSsY>R!3qj#c1Go7?A-0@P6F7 z8+V6Y56{u97pAjasQj_3tb%kJ_|~f<+3M>z`3*WM!fhC8-_w)B{XhF_1kfY*T+UqC zY$cP`z`sNQI0)Sr@acl8H&?h^HF&P;TfH}+M8|ia%W{(CgXmNaghkZ?9`}=o$F`pt z=D3EJE?HI{`K=R6K<@y6Mv&!o)4Y2H*PqpCkJ)n2;+ng_T%zq8;Bl?CCXDr^=sggQ+H9*c$D-DI4>-uhEU|X?jBk^X}1?OA{L-DoN)B1XXUU_;Kk+ z!QG*lk$O@6FE)?qGsb#LTQ-6OOJ0ed-<-lf_}Ncc4~q6W8UX+oegmSh_qmZ=_xt;1 zxO=Uu4h8ve4e4-%dKo<^`=DL%%G2upxUS2us=IQ{QWArj@^+h9!dBe2W1x|^ zq&d_54vL78XP9I`teup3+Qc?oOz-;aJsJRT7I7Y6tdVuX+ZF1pBg@1WUnT1BiGc4( z!gV-g-HxJtUTl1Kuv~OTxj)kzqD=5pUv3rxHcnCcsLl{v8`S$Z)f1Ft?QM@>n8IKH z+(zkKT3bW3k7z0@g$wG=t+6f6xz=(|&yblJPEqx_=Cn#4fhFg70A|8ilIvAxe&V_S2f*2&;r;fryRIjQL z?`c|1?ar~;{e12B@6V_52@06lWl`Y~X_(CiMSSWf`1dQ0;3wKc%x7u_AK{eB_aq<6 zG7IwA>vPp;)nsI3+__AYU8E1C%@X=&xgd6{0hChn4Ncs|+4;KF^V)$;Q+9JBazcrA z_arYXUu$Xx?Ez0HJM#8(P3YPe^5vh^R=p)Z%!Zb`_bT#?jZIW#i1Pc<%hXHI7HvQ1 zsjHXIk2~BlyaRNe(yCW5(eTKi?djQ}BPd*!XC) zB;70;q+m%toYQcQ3%UZ&gcK<`Iy=_jk(3hIc&z_)kEEgqzC}X<0Q{9O5JP10l?$gW zwH(B@N#uVD9+i7`Nn1iN^elZ=x^u|;|3=CX= z8WEc$_iM&YA1cN};4VLu13POIQK#Q=U&FlX8Z>|?EaY4NPv67CH*ENwciA}>qPr#y z_jr>Kk%RRu0AQWgb5r2Xh93nMn@nCQA!z|uCAEnZb)0B0xRg=F*oUh;_!m}} ze(Gpu8H@3E**SM;h|WL);RE#WPDL>aqM4nkvx}3Nk?lW8dt)mUL@qW`X3~FB{QOKR zuEs8&4rWYpmUh-m%4Q}mI;8B}Y>ezIq-<>Lj66J~oZPI89PFg*>|Bhjta_wOA}Wxl zG)S2R1(_sB*_p)5oFR{JaX^YxX42HshMYOrnMs);IaOSoTuofQ8abKSxsdV*3jQ|; z*#8>@s(-8hYGnTR&p%mN|0zq^%-P=6$;8YVQk}Smi=>K+k&785Evdpu%K1+YNfj10 zQpf?R83K%^qOlbOd`J#?GZ!Nkc2dak7ba<2NYO0Zq>$t9m~;$DdhOC zyd2D=ERguGVkPYD{+21hM#}oHMIO{;5;`v)Lggo+Qrj|w`_8vNrYi3d&&VL98`M)TnMhL~6AzA+g zvZRx}s{;gve+c!@1(OPss*{nOv%_D4nRqgZszCVQW@%!kEGYu1OV!BO8It9{)8Cnt zmE+$y@Rwo#DFgri;{Yp!1OF0(f3c4P!e~hRZ#;tV7b2DaYaT&J@PELW|2-c#SpKQ` z|06zd{TmBGO$e=n5K0q-FvND{S23FE)gfAayLLbCvXs_3_6 zfG7YS78VW`1|AL$4gmok5g7{w83_p)4+9eoiwGaGiWEK}At?nTHR&gMazet-Tr~8| zEbQ#;B-A_t+^qbJZ0xLm3;8=DLqi z=umIH01^nKFc3=oCB}aQsCUrsVPN6l5fG6e8R|X&-a$b_zk3f21M?n&E|d@CKHxn% z3sTvho@Iia7bua`1gpo_=Loy*^aCo0_|Odi(kZ28V{Hre|j7<`*Cffo*N??C$L!93EX>UEkc^-9J1& z{lyCk0R1nt{wHSt7rf9Rc)ff79{N4pU%a5+xkDl}`g<5M7FY~nB{(BT%ulQV@K_?T z*;QQ#OLj?03Iy5>!2=EAw z_?-1FB6Di&2)t=~a$3-s(thGd2AO43o-6ZUyJah?QeOv>Ype-Xf80-DuBveId4==( z-LJfe&Kncfd*T$MGwRCPV~-UtvyT{C^v&c1#;zg&sCx03`=w*~z=*7aeAI_va~;W2 z5U1+nl5M5>z&VwjY0OiNpF+aP)z4*^tHu(%o%D&nt5<6 z-vIcR4a#w>#KltO$ZptQ;~W<=8s$XGa7LR6#IZCG=CG8+0slk|*^4(o&s-+mWq(SJ zfi%C{yxis*EL1=FH(UzzSxKv@OEXZQd@05Hdnz)r%XEmpRb+&_C*%z zr-&Ir{P|=#@Dwjq9zCc1vr?TOoqhR>3GrijbniN{YXypjx%8Y_;F*yp=7{Tu8rNr3 z&JC&6?<-yb_lnwptx17%Z^Dt9M*yym=*liYp%n33RFOFzKV+K%`BG+NZJnZ# zSP5ToQF)_fI{b1i)RXo3>hX!o_zv%@#Z3eX^pV&xnxlE5Nk0JI?{f>Fu|suDYR7ok z>oreD<=W>Qv1x|T+nLn4{e+r1gT}?>STOKlqyvRyV$R&?5%2A5btE0=rWsL`eaicp zyMqU@5`*vj`OhL!&&H0rk7RY0Ez8QuxjhO*qS_weVpS}c6!J?I45!(jTNV@SSe8Ym zn28&|TD;4^_Nf)n;!r%PpE}q0`UU`r+HL8lJpUS3wBleuQ=d%1QJXrqkxN-%EL&q( zxLJXRHv47Ojs^Sa(37LQgL}uDQAMK+LZlRI%Mrw^Q-3V z^KBxZ18BjBnc9oFHa}!ct%KCWKN?U!nNV_@hiW(LV|cnYw)5$UaW7$}bs5@2ivG-v z);kjA{WKPg47dW70nC)tOWBuC)pv9(=QOyI- zC(V{Kxs$Fqm8y((Nwa^1B~?0b2imR5)>8b8P-^FsxHvEMs8j5&#RjV@?h|6KQ6S(Bm zCt#$icZsZ-MwUPUm@8=~feGgAYPWwcA2cV-k;xMLI@QYsxbpe;!=gwQSZMdx?D?5l zYRs?cbG;_5?k?Xhp?-!IjC!S0Cqc2k7c`H}u~L3ienhLDl31j^M}#4TT%f+IU;9IxYi z49gchfhVP<^2I~#jHeZ8GZS~G`jKY0P%1}^rz+@OLgMy>Q%TX;8`tn7FTK<7v|r#^ zyG#3lf(^F$hBCm{LKfxT;tj8FX@|07+v9>wS?^C}=LwZV4MRkU@&YBiW>+~UR`f-J z0|^Sy6fX)AS7RaqsfJ*zOD{Tt3G}NPQ@nZ?USa4{$yzQyPaE^O!>lZf!A?Nde^1^V zIY(Q5)VBH^8P59I_K#w_U%uOHp-cz|&Do$*ks61h^ALw0qW8;|S2vCgctlPrJ)?M|yfo$`seeepg=B8S!*S zsYPnG%rFtZHFkj8*LV@g)_aK8X_z|cyr$%DaS}Dnmehtfvn8d0<{7xzpARk zs54>dauU^GiV00)_i8or-T;P&e%HG=yK1gXNS5!a+fqgj8neh`ARAP`C$DD` zCEehAOg*`2MY<7kS92bYJrkD75;(|@W>w^Y#px35ZT>{ekaC|z-T=YT zV7x`4OX-g2dcu+=~ug$)l{*nC|cMP+Vsg_zPUEp&0b@vg5lHZ3!V-rRpc|+JEhl zZxqMfZy*IrK2+%z6jmHHlXNn{MACx2sWbPE|HQ2h^B}PYqx7Vkr@MDnaDw^-$(kyk zk)O^A88TNp%;U}^qKVU_`)Sjg6L0Q5Xv%v#QzkZYlkNj}84OH< z@DEjpP17U;r3pwp8wS~)5GN)=D?6Z+TCo@v3YOyitkMWyv#3y4O!oRYeb)W%N`_of zRKCs@NY@b@mkgN*;|uhTlG7r`WL0q!W(piG+0_(VOtm)a=X;uv|72SloBT+;D>Vx6 z777yDq{Y|x0iL`I+6J90+gH67l2|-*@hrdST>jioKN;tcIIP>ez|kRQeKuG^c_Eht zPp|Hut+d>oKUOvPZ8o=po~_lu(|>=h;E6Hc+5LvJX%au4!*hxJGOOm1+@sWt)9ZeC ziRO%aS~OidY9bhb4_w7Vm`3fx{6-t?^4ClPxElW%LEjC?f7ss={uoMIJMcHN{3*ZxYrO_pI18gXbv4J zM0X`1av) zF&mVMU()))X98Xq0(4!i8t>iKSmrjqiwu0s=KU1l4~X^0);&&bntcP*jg+JN)?C&xyPoRrgYLQg$*u^|kVh&&jL4xlvQZdBu58z)dtbShaIbGBT87_UdEL z+?>+nq!6+mCZiX}^i0Pn3Whz@&+}~?pjxeczA)%1oV3Yr3%BfElO|Ih!Q6yelU#*H ziSyW)PhR!N?d6)27(UmVIb(qD3e;&Lf`0?Jq^qhwfom)ar3-be<}Vh8V(unan)?@z z6XD<>cqZtKpAwZm8p%Rh2Vi!yIm=<%%AMU?s2oEz@lW?46ex~FGwy~U&sq%tZ!iYU~*pja{{hP>zJ5w z0*v<1eRsB{V+*vVBfJK-8?#XehtvIIF7X78GiU86n_n|d7#YptEb}kPTjQkqQWgft zDB_1Gu2ZiI=Uk=f_iKD)F3apFuM0v7jpK#}#zxXVZa8^v{aQ+Vwk#>AJMF5J=AW%& ztqK=}U%})aL)gdL^B0W1EPSC3+m?uG{yY;J-Hy?Z(!Emd=e@VRJ0{dN#u7EFBH6~~ zQL;6f6u>{g88>8&Qp5EEe6%Sagu6^(X62#A-Unf}lS&tROkM4FgGoE|7`JeHkUY%- z^a3|_6;_^{=*CMq_+DvubPwknINhOSzT4(oti$~tjY_)!}b=PQW zXlekdwk07I0S~vlL(P&D1l`_mrUeY`2PiLjfOiPa=tF?MsWrm)-F?8&1YmG1AYCnobhJNIA9D`Ys_*uou}BbU=HO8nRlp!LpP;%mQHHK0kh?D`BaVq5V4RN{7IKpI&-G z&uGV3ma26Yw*iBwXR_oRug`Z0v&sA8{qyWG4sT?6@@BTv6=`gjyV?O-)?Eecd>zv% z-6NGsB6W}w!fzvTg{O25GTL8@s&&aXQ574jw{@T>WasJ<-KAERk3s{9Hoj!?J}3r6 zlH`4#h6t*8KMW5$2ou3`ENcU`FI~%;MeL2!KX-a&tJ`>Ivfc7eihjr@*23LpW-Al) zU^{rC+qZwv)n|AEWX^#eP(MSc)VH<%cnTTg`)@Tot+M@iW^IVQk;lGncwuDv_y!oa zR(yfO^6TEZw12s)eFJnlO3odI-I>{wAEf?!Sv2uL{Y#fBR)*D9v7h#`u7gkJ?ClM5 zev65%ksVQ7ch}auW(hWB0=0}&+rQT|EQIcdgd#oVWu2V`cK;;fu<=hzx%0=dd^0(c z{#_E9_qem;txDrfYef_o@%c9g;^!Rye~WSORLzYMYirc0p1Kr{{rM>i=>Wh^oVThg zWm|83GK;P-S(HUOzg?SJz##c$7LusMtd2T(2;XdTrl#S<81}m6=k_-)bHbZLWi1bH zof$johN{V1q@vSho5?Plv&r;rWWXQ~Tt&Y3>q@;_^(xTtr`ShZg!i9erP`f$eSabP z;g3!HVYtu{&Fljz(RdeSKE4RimUV$V_f!IVO>pm)GiRVSD-W8>`d0h$@XdA_I0wi1 zX`tD9OL{(jWz8}*%}gmYINqAyOiFjSg)=c&84NhHTRJJjX@{V48f{V4-?F!t( zlFe7`y|Lj5j-12YJRS9`#Gi3B7$WbahbT}zZqE6Y`Sn5Q{B$HC?JMm#Qnsx@X0f)r z=KI(1kB$w`t5p$E_h8BMAM1Beey`NpfQu4E6zlnmE{@FaMY`gSEkho*dUJY(D767& zXmCWddCjgjyaCg@HH}d>%%V1v%<+x~oZCEi6>75_ry61pa2pjTEzduwQ}>R6Nmp3L zA1&bt!nnt|@30Tz2atd+)s3G%&g5TIWLTI1?3&g((a$TnHd6tQbAAXOadSMTjTd)i zh~juj5^=-g@IfUQlF)0_*`Ycq+kx!Vj={Oe68_T<^K}0=BW}3v8@E5(9)_+0!LX>Eiqu5KAhktHA(4U&UoN<59c3-ur!yS%%3y2y!fJW0I6 zL~@Q3^?PEn<_8=T$4zPbZ!-lmdp=e=RNtE2>HB1{AIBuR6{qX1bA#zq2fAx7!xbN- z*m%-)xBo1MUh)6AZgGgl+jl#A%tD3UOzv6aV8W^;roFg*vOG7Zk0l7t576po2_3e0ZG1UC6!OS(j&;sa5!y?~vKzF5Y0=yp*RgbP=if9SOQx^M>a6m3gr*5$%; zxFlohfNR_SF~{`#EM$8UAm0oS&fO*+ue|JA2<{rvwiDMA~3 zcVO<)ju5{qsu%G$Kqbo?V8S#DRY!fAo}>p%pvNXWmpyY1T^g^5$D-f<#en>IC5D@* zbLU#C`a!3cS$o`-Go)z19_o{&{?wP)*cldbXyV(Wdy*@(2eLPSLD(BWvP+LEv~E;I zCW-TUq}Qjn;A<=2QLr3%yzG{VCLpv6Mo+# zqS9bW&FsvK{YrIRHV9N*Dn&MXj~rWrcX+D5x+&gZ5YTMB(6{w5{&Xts{6UgJwQ;?v z{(K{@#m(go;@`VeyU}NPcJkosWj&wRuI}(DX6k0+9IDK~J>}W-g6;>95+fB^;wMG( zb`@LByRosJX`W?U{EGgHi%Of}#nl%HyDyn6))=of%YkIQ{4HsXK}X1{9`Ak0{>rn9 zVB$XeUxxy~5oGl_cRm6@<1y65ecDHD)JO9?ushI@51?c!WY1{!Wp5k6g32{2(_7#= z%eV1TZ+WO%BfC$m8C#=EzTJKUl*uT3MaeP*r8N~RTc~r`-yWCrp(B8XpaCx6y4d;5 zn>O(IrlcJxk`yE2a~@mHB}w3|0kYQO>e?@ghGr7-&fXC2F#=Mw%F}R?5GRX7$=tKO@UFbq?TeG*)4b=Q;8t^sG__-IizJpcwE}P0)UBX)EHkl z$SxX!fjqxKH1n#dc;NyP_xvQT{en5oyCPh`j_HXjn(e(@G|Lu0pw0TGwO>!BsJPeb zE+`Z{TV(0J-+fpAIU2jEfu8A;>!vJ=z9QjIu+LF>V!ocPg+4WSybj;Vl66I2XW(7< znr7$};x-=rc7?7gKi`>M4gAs>)02kORq@n>iw+3gTK!2aw>N&g#ac#6sZN$K2H^nB z>fH4dQ*okO!fdX&A^G zNSAZ*w93`X$5a(|9h!wUG;j9?NV`~0fBx1IX@~Nu-yYi|_vB-9!sU8d9*Z1TAAybh z$;kR1g^%Q1$zs3bp0;M#_Y9gV#kFSj!?IJ8!Gj8EJ!<*O=rHy+InAX*4g2B(5KFBh zBafOt57Gn|zjx5X*Gq|pLd(?9{48w`bNQ$_z}*mAPg-QBq4XZH*Oh>{Y`&S>4SOh4 zrfzIh^SUj)L#>jyu^SAQ(wF}paR}6BK(g`-w@CHVllS@ADL-Xat}wab;{OM0Zygm! z7wrocuEB!SNCLqjc<_c0oZtb1CyfPYg1ZwS!JXg)f?EhKK?9AuHx}HQ;7&9B-8XOM z-tW%LdwGG&&dfmyAvBLXww?@a4Z@q6a#F$nc{jlUION!+Rhl}L>+~}hYXzeW0K53H% z6Yx4Jb?iytm&gOQvTG*Z3q9QCGw1B(W1Go~$$@_^z02RN_z^;joT@Az3Q3UV=&ImExxrk6F@N?EK_L7T1* z*1(|m(HE8ne6Y5oYG31Y-fR}MN7g;3v=eVdpB!n5(2ZHD8CA|0|9DH1&3-ROC zWyqyp#LzuMc<7JMyqOd>+NVgpH?ME>47qoYPyZ$l7`IN>@yJ7GZZ%t)jojcswv`jf znQ=A_Mu9=wF>6c70>NuJ!zl+u5T=}y>j@L=mSyedPANoSc^PqAu_z@9|vTQe!=)s1b8U#OoI z)!C8@O6-BFOh30*`??HuVBncMUr?~M@qJwdUs3fVYAR9mVkdakWzxsuD30E-G4qBT z&FWV3*VN(bk#Am39*zox4P>=Zic<-;b>y08^8fsStQSym*5~~01Bd6RIy;(#Hc}|7 zcs&A;^2)CRxhUEKruQEt+zQsEI3)h#E7+CoYXt42%iV5XAPyEyZu}?OXm3XF`Xx^d z#j9e4E8cg%u5YrD+dbiqTYMV-#F8583(MmxeL;D%+LY!)%L9(vvQ%hmOyvUrYgmZV zxxUehy(n3;`QB=zrq&rY;b9G|o}(A{tSzZ9;;H_rBe{=ITsAH_1^V9SZd3Q29opeX z&@2CPQ0dlI8ITTeYAN$<(3)|Tl2B?g!20zWT_8eEn#zV-S&Yg1eW{K3^k}$SnV;VH zQ?J#fI!nxw#R7F1rZcu*R^zJK`de)UrF@!>s){#Oo-)VX#Amlhzt?&_mEqAu@Cem>O#W@g0&2eS zm`W(Q8@)AL5V_(x$Uli^yzQ{ayxqQ@9(({8_QaFRtCv39=$NSD1^sOsyuHxo^S56w zs&lT@La;4LSEy=unCC@sKI*EI6fW#8zbaFjIHZ*izPOV-}ST`?;Tc z#CDeieiSgLH~Ro6Q~*9iO-Dvu;?EET)!{uJ0k%#cZKFj)gf&xEyFf4zdG^=KB9lA1 zs{riuOUJ#1;Xy@i%|XH!DF@?%jhb|%aeNv(cJpo(tS0LF$|)S${Fa`)bdGF}bAv&D zPx04b-H7*F673DPj3LdDNMxaP12x`T8G|EwxocgrkgwX&0)aI0R$`{VEg zlH-qymF{jXcXHpD#VSUruUxc`vC7@+_2cCo%+qNg$yv@OGI|3iPNM^!V%r6Pmw)vU z#DV|vqlh@_+1cN;%~!*SI21-3nxH%V4wlx z^Y{d@ONu#gurRn5p_+ly;4^3hOLzt0vq>h;mEv=E^s$K22@g7_Gi#_zzT;FYtyhwJ zo@{R^(CQP;smf0m&cr!}L-D-h0SG6NB|o`JzkizMp@8snz=&FBy7rAa)@19<39Ird zHhciOluNmr{a0%LwgkPjUW6Uu%tjn?BT*ZYTO2JK8}{{fT}(TdcN%(mlwALG#KHNc z?#o;bkLM}4)jwpwd^le8XrmP4yURFD^|SBW8WY6KPnjAyt>XxThXLI@0Tl%8X=7_R;D2@0zS%)Nk`dH4HHK zVH9dO`f*LP%Ksr)GSZyNUht9qSZdetKENH6eF5NShu@pY%}wdIV;~vl;X*m^ z=F9|YwQ>22eK&zhJUZnlLK0#r(aMRHj^>K!L`Cd;f<88-StpC(OxrHehUY`Lyvoc~ z>Kr`MjK;G0#tX_Wwx|8y0xV&y-6tXz*G=0WN2IQDiC+2QUIkn7UhJnMoRpsdANMk7MUssWaprlel%uI*78bX&R!D+26jZ2vdmmx9^Za{K zzTY=mVcBYp*G1-?2h>rtCB#9(&ue<@yjZhb?4a+YqO`VN3E-r>ApGt89TTyF9Vq6C zLdi7T(#z==r89oM#~#=tjkn9D;>Vh?K@R{C?bH(SW3vp$Ey3sTii<;xXD*xTq6m|b zru@D5JHFOQ2P^T=V*tI_jA;N@r-LW7gAK^EN_md8G+G8LS&{neQmp8DarES*3r3*O zII8#Tr}7y_9pJ=whjZoUQy<7rE! zZ!vO?sr3h;Sp%4Tv41UGFDaH|0W)RVxj`>G`hunw8;2)y+kMvhW;ylPC+fr!iYg!P zm~MW5+fIP;awP>1Gbu4UhE{BzqB&eiiSGWD0cDML#D>?SLW}g%sXt#>PSQ47gJc2@ zH(;|1d6WJ)caqbGf1&nnOYc9Fe?QrJ)AR`;ii7kz5$pAntz2WowWGWo-wXB=v72sf zYUJyy+CZdfI(mnhWI6S*6@0X5mKsSd+kf0*RQKy_-!TJ?sG|B!(gkcV{ydjh;sFSA zItsYQtQ);W$+9RnOcm~x$DbB3mFM5rV}CcYC5)3{E$|NO6CU@Lf^ImkM; zA}uD$_@%tRuC9UqV_jN&uWIiLz*+H(O?a$?i`F^+Gio$`M;iB7!YjA;RH(t^BWW%> z!Dr;N0e{cT?rdA&^oDfT3oK!-mL~J@eEgYjZlsdr;u)+T0K(hVoEv<*_RE{+NMXf0 z!N0))I~=I|y0X)LHSKLl?!zAYzj<8vQ^`>z&Fz1>Z0wcwUrZE!)j<&+?c)K*rDp@| z7g|KGymIaYFaPs(7>`Dm@kRpbg#Z4J;a92U#afa&GY_H6IXSJ59{}0c9>@m(g@=2K zQMc-Ur0#NGQWfxjkMVzATNHLt*zy1bo z-kZ<(8tU^f-!~%1zR%Pg;kA=hgx>-+-TM^TmPIJqom`;yq?J|?OfY;4a{(u~^nAgI zIna->2u6p`KZ25fEfT?o@?{Z7FB4VNGPly)s4*wV($&8If$^8 z*)XUt%P#&}J4an02un4F#^ap*j82lB1-)IWLWIiaX1$4nZi#4P5js}?bUm{6C#>G%;%z#+nLsNcK6w!#7)J~+owtLw1Jp505!m#OXTMZv1E3L z5hDcn1-w_S0Y5&MiOL1Li&>8xD}znF&c)&A+~9ed(OcHq&{nP}d1{y%`&#n*XaJA4 z7y|=?I+sxN&gdPt!kZWf?GFWLD>m5GU%05y^Z~GW>z8k?*8dbDc3Y`m^+ykrq!dBQ zWG0hOe*Q)tKY~J01{(|T?Y>nE=$D&(01hY^k1Ia~?*Vv5+--J2QTG6hm&q``y$b)GDz4WGeN{s7qx$V7 zwQm<_k;P9yv>O7ive(^TkA99A{m8BF_&Y&^v?+n_>2us?y)M~-*J8SW>L6wD)A~vzho{=FlcG0hHrK zB?OZGxXX-UD9Sud-+@BcYih$5NM32?^#*2Uq6PKu%aD!#4_C&25GntsL*u`F*6(A) zY~QG|F}pZ^0KT8-&;C2IolEsf?!JJ~#Tr`47;m86=!!Q6_PkiII)M-o-35hYi{H)| z8tmF85I0~eYVu76lVcO|NjFy3RsR&JiO0Z+zmaW zIm=sxj;D7;4D{*Ecg!-7z!x3H$!uH<66@<%ti zXWij|p{py3?du(!&Dj@vJ^g@ZNf2(o>Z6Gr-Eij%JFgPH&u`zzMoB&w6tSpCt7@8z zVr>}t@9l;IZ2n%er3c)HLQp?=?HLLW!R+lJiZj&AL2+d)rzlI|kMf)wPR{G#ww(LS zfQ@Wh#tVu>)H&qel6c1y6=uDXt+$LFv|@Ah`AMS^KV^P8Q}gsFi9fjAKC|RwMq-L7 zAF=4jOOy)%TU=lMZF6?1{WD#Ig$A72j^Qj&8P@$uo(o=gwbk*AI};s|xdZ|@!-z@dMyqAxlkOlDh~Db@pm)Q55txh-OSwBT4XK6txA{> zc>25P+EgVLPJCmgIW@LtE-?zCAdlihVJHzP_v5_MUUk{Pb*6*$7^lft6(IgjwWxB8 zrk|U9Q>jN>gLL<}FaFSZsO7jJZ#4@xX6~Q&E%*U=^(sZx6B`olrG@sWT0sE~g#&to z&nvJW4QWwPkMP9EZpUPKN@`+NSIzw#c=MfAh*zOI6EI>lCY-YV-E0nRbNRTa$=jXK zjVcYKlSHcW;S1$3+gB4pGPp_-Em06D6z%ODBc-os?XE;+ua!n~7X{rw7q^y-8pA5C z8|283A73F2G$3a>aTL9o((+7H%W&w26XFqS2ElJg0%)sH$q_r2X645>ma-g{4f9o} z7-w(YD(Tc`tsa^S@*KS8nwo4Z8zGsHLa$uBit~NCv=r*4p(s3zciR|3kyZ0j8H-hE zq4LlIFR>BevXA+wbhm2f0cdv9CK`r+V!QNWGS77CXG|usqZPX3vWVxkCJ20TZB~4S zXrK`ScJ8!_lolm0VZ6Gl3<_YCbSeK{&w_-Tj(rR39Rd6P+>y|fg! z`q>hL`l;!~*u)B7d=|0{dmZ9wZczLw@a~?!f7B3&m((Z{c=G&dljcw;k-l`Dj+dj@r#LT+#F(^> zTucVmA0MJ@E$m4I8!9~j#iwm}?hcA{VV{MPdUnDFA-zq!U(O}$G-5FnSqXW1&iP0Ga*FM~m0tT$yp&VIbE zdSp>G%e-O&JQk;_;$!_co6y$5&+GU~gIT%pvzX^FUmb;_qQoFSdv!r%owvVRRo%(+ z%x>}58ImzGf6^7WhvrAwSp1|)s1$z4CD&>?#o+Bu&NPgCvmg;`X~1{J@Cw19{{XHn zSBs=>39LbvArdF5y|0RM`RcqYq9Z6&|9R+&TS-i`06A3KMO;JpBtBz`$eH3)%C(kh3CpIJ|uSi%&%Y910H_0Ld3 z)M_4cuUMJ!8#LDw$%2vJw6dtwc^c;xv&A|O_>I~Zn*DYCeiBx9Fqm)Ot$jDzf1!;! zBSBO=)4CMc>{?1VL|K5ib_K+ z=5Sfi>Ses7#C3YVSq-Qxz3fz2uj}j>5j@LZxW*9+a~%|@u9{D^H*+*U9tp^jqYN$T zYP{uhmwJ1mye&Kyt^0<>1U$~h03%1S{bDH8pSNx+`cS7WnL(3D$ zav$$3gSm0ById}7{iygU?kn?ic(z?`UaZ{)Xp5Kl+g)+z88{iLrC5*p2Im}OEv$3j z^us@;q2xcMAr~VuBIQ?bYrub$hF<@ahI-(83La}Q7XhQDQ!GF5t>^>LFF6H1;9^5Y zM6{V#p^mX;MCHry`%nv1zSPqFe1RWh@Z@Vr3X5|QSCdPGYEm-7(!j{RKPc4qZhqbxANkyz8tpME#d_UqzXe0%43F#*k|^2>*oiI zD4>)i1x9vip_1pk9c%}v4C%-@(YzBzDeOjO_q27Rv$Cri*X;hZsB)vC3K?w(+=^Uk zPF7U9n{cMdnEL)&(!c~M_7DJZG%CTAoNw6GjcF2_%tN%*u^+8$7la!OC3*H=kU zT8kzZ`fiTfC?-1Mv>$(7Tr}lsWc8K$sX+dLE6LsOY+{EG{S`K=62EifoZ;qTqtv5} z8Uuk;w;xsXNJD#P*z*T^HFDP%{axqIvqX;7dFGMI&*<`~IlrHdmVk6!_QiR+zOuaR zf0_jwV1h6)I4vGuy=jp^@Y>8n$DqN2umlBiBANBBS<*PcvGw7=VFLamxZdNg#h~lIo=!xy4+l!GMxCm03&j z^WnXJ1X*NyB@??S31Tu)-TP%o;roX2lX4`HkHrX|@|~0~3BqX33;e7Vl&zuzm(hqM zvvaMbnszk)sHYl?BMw{Z7ud9Q2=G`);Xzvcr8^${d}&%CY)oD1f3g={MgnL7#pzll zQ-voQUrUExS!_@4UWTuI7_PMWMgsz(<~jraj81}XrheMezGBCCY9Ei0^<#s=KHE_W z4JGb23vyryC{SZJFiY`yF|6k}$&ksGe9+hDB9nQcq(JixcsyF=`~0L>$8>^JZ4@sw z!7QN!e4nb6dCUazKWeF&u3m@#Do9Y0p`cur!}row7)kH~v70W5?%#97R_*jV5Ndga zJej5>6HJU=jPkJx9^vZaNzFcM@f?qXMTp?$x+jXzf zN1{3H+1r0{HTee1O0~E|`IGOS`!S65(U2DvsJ5-?~VxPGq;K6v9kiAFN0k$8=481~id+5;Wa={$%_)f+p zl&O8ZE}bjGBAxjBV?vWj({?30y6u0>uQ$jxnX6|gsO*Dswl~Dyvn2#d*ZGMIDDqzP z{Z3en*{%@UMIm$O)6E9IWn_DWvfrcM7tZo_ZWnLod=tIiUAWv&b`~ynJD+gLvK#aA zDN~E>PiBj57YJ3d9thWFP;zA0T;x8{XM8T<6VRc!`5H>64oRu`d@s-9WGmChk}a}Z z8x(VQf!Z!+0#{hQ-Tt$W{jjtdzl+yndhwysl7^S$hcq;u9W?hio5~ES5Zrh4-EyLgONPiMg}un$K;)JEfA)VK6)^5p^fd5tjaw> zz`Q#vG221)wNC>S<_i((89&=(s`zdm5+}3!hIY{KebKGLlNkP*D(0NY6Vc1UUxlq3 zYse*C^Gd4B+e{buXJ^`gUDvJ8OlNW?MHOn!@{()kXE8>Yy1{y-Q?EwD17M6EaNs9lTQ&Em>j-9SCuYGSO+tnBr;Sd&>3f8!AIaD9yQY7D!AB6`E_;5QxIg03c>!I{XDQ6u%d zq_VsYFJbfjFVZwpJrSB~B{nwtMkasyVhr_&p#-?@>&TDZp>JgF_f8ze6JyRX;C9vB z%+EHol`~7B7}E31F;i%Drr>|&YHz77VIo=IN58#iAv~zIXqA*I5*`4mzOzM@u@NzCwgK>uQHRP7%2Vg57Y1Xqf@nT zsLtTyfeu!sImZC$#*4o)lx=Y6RzFpC(E9CaCM0U2ZmBtrus`ADDkwAOV{i3Jx1n$7 zf^vboJ8#cdi)u{kqHn_NW8CQM0utn6FMpE}Z94qAmX)D>iX0nwYV>*GM{S0Y$6%wmgGo_Cku3l>`fQS{XE66;Ah2UYH#wX#9ILIGVnZPB zRbV267`G||@w?OXh118k-6%KK*LD<9!0sJzADoXWe16Wx&Q>AEzrXm+g-#T(_U1oG zw%|bge-miN_y2~@xx_Wk&v^tEHjGRT1O%=#R2){VbGj4X#MBgYbM;>Iis)m8kX&51 z6V7zY67+8gX{GkQprC;je#o0yWY_vgImUq4(|9&!~2j8Oh#0+$FIZ)i< z7`I&zirV5!i(&m5Pkcm#w~M&Z`%+!Yj6DN_P@ljwG^WNb+$R*qYe|zW_~UB{OZKFb z&|>ea@;Z8PbC)|(+?0a25?nHGL$qNPHi)`>8tM+qPpcTPBDtU&y_~stt-W`*c9jI z6?c&D0a5U-(bjGn|CWfT$=3zdVj{Z0Kl$1p|QrB4GEmorHBfiw!ex z+JZ`q-~+HnAw`ZxQXgdSBbZM^o5V$N9@<4tB44}C^}~Fc$R4k_N%22h=o0C)0QO*AtmUosRO^6Ogw z9EMEnH#3|4uau!C&g{9u&9d^Qe9V2td=Q$V&I)rpG61w(n(FQPB1$c^S04fu?Hf@* zRS|^?Qu7222F=Ex>~QAEYose|;@P{WS%#K`&K(R{QtFD^%h|p!ib$gqh-CZXZnly< zJv49*l}C-GUpV53?vJ^h<>EXN*`2|LDroMuIGM_!%VJcS^QT*+>&`x=nSGP#JEZgO zk9VxGQ=+;F_Lxz*L;-$`34T5P1_T36K6Nycor%UP*0(Y%1SEWD$a$}nH}i}vjBV&$ z)*Xc2lTk(K%%@{bS@`YSsZ8Hi=&0Q2Ndamtmu>fuhx9w{-?15VvIkP7h?K04Md6fx z0{xA6GII=pymX$mjjZ>pHJ}t2%Fv$7Kgl~}YB0@)F}%{kD6$A~aJiYuB1cPVem(F# zNL_I*VZec1`*R$FCTp5*M%WMLnR4kI=h-sxJ%Lgj!uJb&`nTJf7XptzBCc3dx>pNo>U3_n@sHdcc2cG{_jvp|Nn_q1kTH1A`QeV%P**A z#;mB<6JEsii}*W#_eV$>Y-IZAox|iyH7hfNY(Q$h+VpnY(i`zmCtud=RXkQDyY-FOqfcIv)nIY}Q zDp0`n0U)cmUk!Y#6rq(dyo{f~-*FB)vXeHW`weCGgt`xH3D#}Uy{sv%9?k9FF7&f2 zJ!M{?^M*=d#D^%RF(@sk0onPvxkT=a)SW_+jPo=!_3OSJgrwPxFmRW6Ljj*>#}_iz z$(7+G>=-Z~Hd81Qku>BqYP|@xBT2Uh)QLEYu;4EnK7H<~z7#L-FJZFZDA4gPZ*ILNnLe>|_-j&UZMc|@-ED6?H;#(uafD2R1x zE1KSOb|eT!iGwnU6b+q!{tVN`mBJOn4wU|Ik4l9b0Y6Zv$~fRg#PCGrynTTYsd!6# zi-pRXD87>=7yZ9dnX_OMoFMSVw<|kjSAF}9unoq6-)rH*R;{9bT6i*DB!uaNNbnj- zK@0xei9bFcS9aMa1{u9IwvHW@p0+*P>)LGl{o`vrI$;)kvWh~US5lr?@hM!U_;;AT zD3kX(c=jll;IXlt!kX4cDB2fLX(}ca2y~)YLUYa#E(9+TKB-4QG4bIZO69V2Kf39C ze2Ze*^3pAisa?%j$4YQqZWy{zi1k!bCQOgt=m$W7^X-BfY&H-`W_?V+G*8j^Ucu3m z8UE$-x9Nh<&3SU?zJwui)11jcB;Tu`qL2jBh*lVY29l?W_t>?ChWuUV1>Yl zMMJ~Ovd>eX6#EnJvtG~jqtc1jYmX3Qa+E4ue*trlGq#3t?7mJXYrUl`Hy^ioG-^Gi zb*9Vi=+eUU0D0NHlFWGnzt2*7>y?yvb%#mZkN02 zUcNHcZU#KBd=d5=IT`eVi!N8Ux+=)0rz|dn)ND_vqX>yYa3r(0Pjb;YB$b0FI&BT& zPhtYi1M2p33Vo&rGhU$i&!5Vc|-efiZ5YR6@W}bHp{A15?TX7)Ht>!&ZVX3y^qgX$?`{1b~vowK%Q9?GpmT@ zhH$+O5DRFKEKBgsIw*aQr8qEW9Q$kRZYoi^N;us<3@fugrE}ee(`okpPqvTKD5jp8SGSF(G(-vwGv+77j&+R8?P7`MG0ev%S21)Du7!>f zs_(W&nXd4bY(E%wk$`8Q=ts`6N&)Yiv;EmBaDg~Y-MSziv?3UHF_`Wz_$a2882RgE zgDI068uvHGR;Jod#7Si0)^M;~4idf1yU8vaI*0oEE zzUi$-Xa-Av+SoW}LorKLGbQD1PjH-qnG-LSL4>>#H;1FSQhQ68=_So@FY=c>O-l^o zH*TX3K-qGjP;p)a!1cc*G?#A?IgrEyY&5snrR!@H@`XtWsx`mJ)4dfaF?Pv>NZ;SM z_866V#ILjv|I|PcXNNS~U^!%fLe{70KFsD0oO=dru~jM4 zS%4>v;xo=UU4f7Rq0-BK&_n&vnlRBA+3t{-Mk)VH?N;%@PO4NlOlQm1;r?s^k@XeE zk$6O1xyaxS9z2v)I-Fi({T@utA3t1$^TndRfpdtU(H?4i0*sp0aVPFe^u>&z=S$YC zOQGDeqq}mQ<>b+NCsKFRnJOHo5osw$9t^8l-0{I|kygQ#U4Bval znv&XjfH8UcG^Zmz_VkL1Y(JVM66;qplQZd{19#hZrwE0bnI_9AW-RdxJA1{JuXY!C=joKWtbRSj_LfJtz!N3#tYSpK8P|JNwV74 zPUak!C}h%T&3>rTt>w?eJ_*6t$pS#EaAxQ+8r0z@0$YHNS&RmUZBi)Pzdk%elm&=C zX~Sb^%|<2_4(bSe!OjoXqDZwKj1vQYDJ-aO+AjNb-Zng#Y=CmAMP2OA-kkwFyl!8z ztx{&#$7OXfvkg2h8UMUa@bejbVvlH8FZLI_$~m3QPTGaKg+Bmqdqoh_4BTm-;Ti{n^Dij)=OZscgHfMZwE_TODC9~Yu=D%zgiPjC$XR4oLgi5@ zAoek%s186exLw3WpSo%X=CoRXGj;`MA_WMDQAh0~`kWV0#Az!3we9af{V))T=*VfN zUi`7~Yl5%kTPvsbD}mn$H^0zyfUGASzcX+sEv=;x^N&$3VFXuVA3#U&Zj0tLu|M8D z85YT~vvv_(NKiZVQo{D_jCxMZXpEuVznX!=5}qZP;2yg9Q{CHjW5ZQyzqCG!x8i-4 z^hN}=OZFpG8IZFl!#F_TXt2LIB_A9b;-PuER3Y*pVnKUs$*kbB_y@TB6yu->9O5j!^7d+9JsbkM2PC@x7 z0u_G~5Jm<3uKdRh;q}Z12SNXj_dx?yE9m}HD;(bdT>mnYx}5*ZF%c-eQdpDs#NE8K zH9-SCOBY%jNynv{VPxamSZU$)4DHJxcv`aBgvOMe0La4M|G>{y<4Td6azaAef|QFAh(CQCwH<@%4mn!~ z*nR)<^iWaHc%5l0%fRd?@7)?EjpO?z5N-qha)b$=6$N%)S$G{qR?IGtf*m{ zJF)2LFtg`Xkn&dHh#Zp%iuQ6{bh{|P5SV$J|AEl%X{uI2?g@^@&WE1hU}b=UKB~;w!m-K<+j?IR zhR5jjw|JH11CgsO5g>IaGSH+NC4}j>|TG6dvSMSh_MnVS@=4qTpk-e^J@d_F7 zg-a+VcE6aU`+A|%o4)?-SK(?&D+EEs#-Ymwu=ptRP4vB~x@)2A= z!{ekV3Z5SEkHp_+$<$|4>Cy&^mja`lCK)>LZTG3xcqVKvu|6|$o+EM`n(n2BMQzg~ z;cEK@jmgyZdMpk&(n~+U;&R-qS)9Y<(E*N~BpfDlgfhJvr#I8eLNp7DOw&~afqWwy z8!_Qk70UNzzRT`Qyl+lsnVP`-15t#;F9SF&(tn|>>ZXa({3FQWEB9QS%19AesNT`K z6eHvI15hrQPW9>?q0&O=xJ`q--!>BoPL&kc(66`5iPRO9Wmksz3%&UWvQ|`r-2CLf zkD~S}=Vri@_=14n9ZyyO>dmjpK>4@oN41}I+)qz#W98IdQ))4J2}_iSw4GzM{l$dr z4y!ar|9MNWo4`A@*ywvG)+_EWwOduP%+uT_R5DltouhW-N3}#DOy}8O>}Q%jd?|5A zka!Z688oV%vmK%HO?C6TU8xDTtxMqCD7`3RIXgWicbK;R>z)U2cO2!c$k5ifuXm9gJwL;8Atgny=gcY7-%ueUZa0d%AfUBjFA_mi9E(n@#sMI zenP>_$M+K`0&YUfpdqEXwt?g;n?nG z!mgq6%T)C@DpAR+pvO@};{L{3Y+>tm&XFGAwA#@4>TIW3jO?6L3R`-Ig}0vwf3nOy zODgGFCG)!Iq(Jw~QBOi6O-8voDex&+T=r4*9-rs?d6)XFO=nqAb1@8>-Px5o)#u@e zO;j*9HqKL^epD5;v7KYAlk;1IU*6$_2Gt}%7v9ITjx(A5`6{p58F7ja+N_U9d3W}6 z1_Ei9sq3HdyEvm~-XD35nkt&kpMCR{+F0U_Gf`s3?Iv>epkR(wZ<1csjb1aNXtDu& zzEvi4Kf*=))u6r4kQEwu#zktf!YX}?5o>In4g^UGqW>;+IFt)Svor_uitc%Pr_*)w z@w;4<1)9a+0*_i8vH5Vk9gh{#;V;wD(mb$8LF;!90Kd+XT}n!|(ExnjiY^Ri$rNRZ z2n9?U8dPltSkCUZNxX9OmneCsKzRWQ>9w_Y~hFSV}M5crOS_rK{-g0UGLeI*=c}uB1 z#DTySB{KLC&rZZk%0Zqiw0$s_f!Aa!F%F>|_Ao`%Via_>*d zy^_fO2==3xBTcj1P}UTV@0Ol{Y@3qXA2rNc!DcGf7w37hE<#;ODT{&g zG<__A3gRg90$}^!(jH~1lPUbmAC_+{&U~JtyJpOH|Cx=IVKkejyPT4HItL@wxlFr> z@y~C#KL4d##Z$SR{+xAx;1h|3rkFiwUHYCKoxsbjY8h{}{s}|^zk0A<^e;@Lad2#zQWrF=*FNEwQe50-F$E^jj9c5bz1qxT-e zFob$GAJo<3V;k{Iox)7B#84HFkCz+7F?ekm4R2&E`t&)-wlJi5pq9lQMMkz6J2%s3)2|Mf4skK zBjO&IUD3Mgw3}ndQ;SfciQk-3+bb8}@crf#ERo=KlQ{DYIXcS{{VKgQUp)E`xdnq@ zNNklYkcgnYj${031l3#Uc7H)6pa?cY{xUjs6ZG#eddY*$*VE>{o>L@jV(;en6*+|g zB2*}9_l3(j0M)kRgnL`e|~f)DK;Cn%`NoW&h%jS+bR5t^1tQ z*U)EuN@`Tx2M_kE$?3|33WJ|%+R6ys;y2p<8bFd=hvHV92$|$eT!=ZZHqK7_yQoE*5Cl6?S z9c0`e5;AJq>NFal;jLRUeRnmK9wB7A`tx%KHyX(GtnUGkRJfq+Ryu4hErWJdrQpZ- zM0p3~XyO=4*E?h!9CvPDL{(ompEHJoE~S$u+`8>Wa9cN%9=8MHr!abO`0TF_hKiDU ze;lk&3otj2a3+HgI%C+-r1Y9a;`;87APJ3|pUOPF68CmP|J8Ro`$IqWU-iJHj>i1 zYc)gvw?MHd8?>&YAKn1oyFsk)zCzV^{#1j|P1ZKZQ$ezv>O~O8Qhapg{izH?8tXS} z5}jvLD%4~G>v7_f;JVts*T{w);+xKuAX5*v9*r;oZaE|w9@Stp1Pkhb_C#GbXX!+C zgV8V=$?D7P865CYbTh-TzKKv3!X_b}sfm*(-Bbu;?dM&StF2z_z`~fiC{nHX5EpFG z7HFP)yLy6)bHaj;+O<3OsNiP*C&bB7de|it(#gEBr$~Nrm3CB}#faMd(rWD+)Imnu zpoz(Tbz=-CKg&qt&9lEx)Y#wCbTBa_zo+}k>v8>YZoc!ZieCeTN(h*fSxnr1 zM$yRDHFcPO^Y9yK1pF!9!`8ODUyCa7+{vtpVTOEglz|l;UgZ*V{R960i_g|H{Di6r(~} zNyc0j2jYVu3_ zH%qTABL%s=aKt3qnKZ`qI>Q8dqCPa9ODMc%oBzW^%qfYEd#&j3kLcKv|8%2p3OHm1 zVd2Dh{?#$s7k3-_0q>?`6h#=rg1Qd3rN1(MtpKw=zuw5X>?_Q$!7sh$|D(hy5`()N z0gTj7o$c~Q|LjGPLriARD<@p~5S^v%NAbIAYr>yuxT4Slfr_X$A0p+7YCGVo+EZDk zenK3Vse2pB`t|RmMEqU&Kra$L@ysWH^SS5%=94$lJ8VHAy@Ig=bsfHiL9Qk2x!8H!c6H>OF&*ameP;iQ>V5&DOw|9+e8xTL-Id3AiDC=GM!c1$?+_f+kcPY7|>s8{bIIaV{#WmeCI z^_khSFl>6(q95JQ;TmLum-|Ph8L*~*&iZ8~Ej{HR)e{;9!h|*6*pG}2zL z19Ky1=6j?9KQnQ|QniHz_h{mX*d71PxRX!u_qeb2zC9M)yCb?W^Sfv3XT?;Adt*yK&LtEh;Sor+u#m;zYp4k7FlsPH!}^Vh=p;{xCIWLSM%h zJ3QWm$N!B$Iks_6f`=L|Z4YF*f0}1PVvESH+@$1ZtP+*uMS4xB+?CC72K<}A$rw6Q zKk&vEt#ip@XJgobrg6)(DOic|Z%V!lId6w zT*}2A*gh98j3}{${f&Kh^};r8&tu2lJIa)uoT3 z{3(0l%N5B4-fv#Ctr-JcM`A2Nh+%0SIZdC>39mU4UYHYH=OU;_lzMD6vFLat4zvY% zrcO9CMF!y2e@ACp8~z3Te6Uc)=6?t|meYR-x$=M;PD9{2ID+HN+d0k>D@g#y5K!T= zg?BYq421EOb9#GKgj~CoY#cchM<&~O5$83H?qRu>Gdw9P7ED{`+npZ~oNW+JEr zU0`9S&{)J_Igv;oFMck0Y6+fipS^}|p54x^SN#ICLvG(W_%>l;V`Acfy&6Tgr5i^X z+6~KpdZrFW^36MlKJUEj>ph$UZT}($e>PSLo*<_SaK8=nFh8eR^;y@%WLlNIl>T(jHK|Xa^%|7W<^PCPp!C_tHJ7ve>N3B}Er3Xsz zDNt;y*XT#}>$M8u<=RQ5_cdSg^ev4uDKR8Z6j0lsGbBIBFt~l%KL71B@HZWl3C&bl^3{m~8J%magYj{~;*qpNme@Y*j~}xXK{jp6mLvZIl#o-NVzp zzf%JvFcB;u5(1NMwZ5JlKVSKgk{|(b zX?&+^js*kv?8ltVq#E0KJY5z}w$KiQY#D>Lx6WY!h5rY0Zvj+Sv+ao=0zncaA&}q% z4{pKTAy{yS;O_43?#_YW?ry=IgA?4{-C=g#ojdpY-pv2i)W2>`y;HS|bDG_~yH~I7 zCA-)9851|mY*mJ@)(1)Gv0?t2$Ivb3<+bz>L4*1lSyDo89swKGiq^JIh|H8+eF=M5?Rs?66P(&$a1`|3;0~)H5KLU<3ZM)=mS;Ylxt2P!K zb?vL@8sGDsaya}%7mx|Ab@XG$8=jaohl0N3^CKSDeBh)4=Y%S*Jy|%->t?>nP;PGX z->de0TIZAoA)tzuF@uLpR^}7qV2tB=R#`y?za}}+mv#I{LLU9558G4u4nL? zn*4WI0?T*3j?NAfP%UOShIx}Qp356!a%<-HGi$lxPK#ARN(FBd1~{*JIc9p$pnQnW z=oYuJ8C>A+p&&Qa85t|_Yzy5Iu&7h!_GCB~n3#QB^v$>&cBO+~K;==~2%ZC)W9>&k zn3ULNdHKQL-{5_LKDdWW=}&DW5a`0l3ftf`ZsPq$&yuG-JfYDKE-jaA$|vF9vF^YJ z5|WFMws<<7E_f+DXozrB0T)If7D9G^81Ny*Rh?ojeB%4oI9#RM~3Y!O~C3F8c?>vj3 zzg_pjY}aIHe6JSN(Mir3z3&X1VCc3tP>Ip^#^`&0X{FQq?>(o7N?WU#Bo{_71IJtlqnRe>GQEL?+)Xim1LV#LAP{j$i5=_@Bhd^_&0A zC0PS?K}O7bP9KT`Gih~;esF5!9K>pA3FWV9 zDl{bH`Cuu=N>mX`Tf$x|m!r9>Rh?$NO8SD5yTnCjkBL}c^*Z+(t=VOL4b=|kw*s7| z#OA+e(+`>$_dfj~r?w=cuY49+Zl%5sH1~^xylzSvoIOl<5YFJ#A9w4%kGu$RdL%ZT zuvk7{cnm*(R4%hU$lbPIEt&{t8tvS{ObID+Mbpx5v-kpB3#( zevE92{rtX}G3j}n8;(Q38^XDP#_VfMBw~IY@D`CnkT>jn4pBtAMjh|Qtr_GBkpA7PjjvZ4}Gh!aG#32=P=xfKE_c(*O!dpoYaS45XAI@V_c_Ahf zmVn8*Q^pPUdgaBG;iQYwCa>Z3aR@5xa)h4NT<;-~u3jpFr-Uvp8_rqBeF$hSWF2z|K39ao%AwBsn?V?>0ATX0G#DUMM62SWiHj<-Uef6XbZ#4ztKgCAv% zh3V15(6DgY$`b3;2w@8@!EGL11Mhg{@$hL2jeGIk-JrpmyxJHtEBI3=l&@$s>)}!%| zdx`G$#8l+~Aeun56o%k;M)qP>0k8WD^r zy{E$%&y(oe?G($aA0?hu-mG^bX>5D5lZ}sGpf&%u$TgRUbVpaa(OG7lWvsp|?Bu$mng zJ-pYBXz`;#JltV_`7IiD?gAN)L^cC1ncC3_GAWiqDTJd zfn|kq`A)5K;b+jluAAIrP44AAcifh%U*-HSyNv-Cz>Yb_?H^9f6Y(xdR9VhPy(ITu##4t#&dt=on1n1ZW_cA`kS4%HeBrkt9) z3?TsTXcR2?zW|Q_;G_SW#1WQLj_*o)S}H0D^!RfkvWd`132C=eTDA2~@;N0{Uu-&D2oN20+n1h=3Zup{dnr zf3=1BX3#n7zU|(LBoHLe2~D8Wp}=o5H%fo!fx8Q>8ZsE!{ZV#NlH z;NelzwXTMAUUXNY>q!;WVzC3weG9x`F_Te2S;tmx0W-5H4F~J%di%-dY+j7g&xcyR zS6LkWjKDCk?d-|$Cu@}%)!K*K^%CF~zgBleVe9xgH<8(0(W@Du&OEEs6 zsv_9*Jj;by*PzTY;iQ;9n7!Yhpe*6jqD=4GzN=g)-;)){U+((=JGB|VfJxPW^UkSH zA}q4kiwL27Yu|^!6{x6vf z-xV|@hPw*kN^%e~e}pIo*~Jm>`~D0<18lqjSOzO;S#}$Cl)YQ|l{3zTH=aK&sFrnC zS80Sf&aG2K0rx?ftQeEwXP-Cd7`nb;hLdasiDFYSxUkhU6yl6QpRJ>O zWi|`(5?+i#01o;>@M?54s(z7Nu;6iPG~knOG%i6JfT+}Jrq|KB8XBEZVuOz>fjjq; z5%F#;7BdF#k1+0d`*6~poHJpm%bH$&Y70BmTH{MbhSOx-;qez|omJU6R~^w^6jT{K zYRj)PJ~zIpayCl|6&!je9q;(+*V9Hui#*x4wqAVYq?kSnc@%ZK174Ig(;$sZQ>E{) z(?1;XfDCn?pH~)>nOPTEa9AY5Hcm&xk>U>t`R{|>`-d)Q-?+XX5rR#2!uph`5Tma^ z(xz@fBHG_^19zGU6{{(hCPE$CtsZ}YUWFFB2RK`Wu*Pb!=f@z;>6u=zJiSGE$*x$L zk?K*x*}&20Os*FY?O;ymx7Hxx@ZzC9zKHhZZ707B!2$52)=Ued1iWtxj098;vMlen<(L=*Y)dDdbx6T+1wESfaT7U> zw^*+iUSX^onWMq4hDUOU*dCkWUgbu=VJedkd*2Sk-KvmbvhJy~)E+vjUN->Abprlt zi7_@-%X29GZZD-icE>&7m=a9su=Ie#ytul-+G}M5eS9C`tn0HZmdhHBR*hrmtqJ!6 zLIT32Wh0;E+aDC*u9IQjxe-LUdK!CP7lE#`OZSSQHMkW%D)?2CaYVA-^wkPJ6He-O zmt&XcvtUZN(?Nl5PBdwOM#w*owVwu%j@iIndjYu$`+-DS--IBKGQkk7+azSqb99g^ z|G~ZD$g*5Hhdf4wGAbM19M_YHIJMljDT`MNUck?XUPGRneIW8q(o>`X2x1hgw<_5kjPRuq z?PrCMmW`C`Re-7rWe17Lw{}3`b3D)B7t7ta>04t~2Y(=XhlVS26XggBcw-+`C~`!J0fPdY30Lquj{j)l#TDfgDE)!%<1q*( znfZr3ek4gdd*xGg-W>wttAYszpYaW(Fz_(e8SSmHXqEIMK_LYH{2fry_u-ph7hFey zNY)fEQ&^cOfEe?O{1ykMv%>HvVL*|Kaz7KNY0q1zwg~Q`SqDYN2)wg?0lmT~|A=1` z2c7Q&xRE-%?mZzC0uQ2Ui6Y!@!>V4P0mn3vp$>q77C_G@YD{>`ZAHy})}dOBklspr zX0jPP23%#Hv7qyB0CIQ-aTFgOAOhBOuj7L3PIZv!UqA#{3it7mc>XhgCW@&$qnIao_=7i&NoMIU>^M|mX^*^I z$u|?CM9O7(^yIp6R^lJLXBRB@O*>Psy(iP?xM3raZYm4kXQX@DAM#LCTRw<(nPNuZ z!zJSaMpckYAjzm8%YP_F?hDNUGBCTeKnBPu?=u;Ig{KU!{4 z`^zAC*7Dl-WnMsoi7z0NOcVoYBsCgG^(FdI`4eay-N}Qy$-qErK_Kh*%r+;O&ShtE zxkc;$ySkY)jgoF;8mZK__b{5Lt7g&NWl}8Pu|Uj08pO)nhue_ z&J)y8<*vgxRZ*-u6cOyU#8Iymh^w*aU@eqsE;O_~?uP+j>~PvRooE7^)L%BL|HMQ! z`GIQ>939ld=fV@8@L5=YVUV>;)$CoqHC|R^`6RXtY7nzRgNlHq?D^a9v;Q(M(6!u} zE2(?0YxdE$^~%EHRQcM0lFyfxgXk@|H_HanBR5SE?vy>Ae+jZxJCzZEM;i^p z>uL5_cZKQqMvRppFQC6NJV5!s3Hy3HwnJ6!F|7V=_KY-!?#CHBa;H)#Vve7WI{u5`Nm6eqS0Q~;1 zan@P?0gC-!;H=XF!0dkkTK|I}{?9J__k;On20*<3hP(~{vormn+8;poeJ+90J;CqqJJxMGygjw>ly#Hr?CEM`oAxgnE)#P$IAZ87V`g( z%6t|UmUgykKzm>ROp(TCT1kC9V{Lv*CpF+V-Dfsn%`knX1Ih&~E$s9y>}-Ks8UNf$ z`|sIQ80r7U-G6xJzaiZv_3gCjnSq@fxc(n8_djIDzlq3-{D6N_5n{l)7A z@`iZ@^-AS)F!ATl#qh%LnN);o7=m_IKYdm~KAEiRbc_wdlQ$Tc_>BFw%)&b(*UvAG z&pWs6lHvN(rTZl5QtV=$Jo%S7mKIAz`+1%UjrN}P7_cDFW2inx1QlobxRHH}BE-06 z^YxI;jpu6+=tw$fn6t|WQ?Ymw8<8}0RA(}oO4T=bc3)Z3_X`q8b3(bKYPKa|97B&p z7`ruMfDe6_=%-$JEvzuDC9|NWcSY})Z#sLZsV#mRdk({EVZyXpBvRw>8aiR(Uwg?a zac>! za_s{uEK=m|I0SWe=?BVe?2vKmGUm?#4zbqO!6OG$0&H^ONqQP*qX*gaN}d zb7(v2Akb_-`GB*cj@rTiFO3%)>Q8@D0~)_I0Zi_cHB^i?xNO|+eON?XZu;^D!u;#P zz(GaB;j+VcH4HEtDIpgl1qn4LbB7Mfbn0-L@R00I)hKDrOU|-_A#BN=|9(tVeKd<7 zj0-;0=OFkFm5s2n-iHphm~rCD`L6*dedoy~G>OxZqp5WTHcO1Q$Z6oFjlf21WIZLW zaZ3aJ8*6_A0sM&L^!FcEMzFBTSTNF`Cd~TYj9X)(IN&pRbe~^!#>6qjPz{<8pOQ+> z?Ncy>io1-wmQ!!P=6M5x=O<1(Z<#ToQ=>wb!tODORo1{)l2FfQ9fM`u=OIRvCq@YV!sl6IpB}gdV&19c-$Ur`%BmA<0qSB+~3eJUY~!( ztd>k-n%4!L2Ei=Ws+!4=KRrzRf&XW%JM7@tW15xbMKE>xYo4T>6T?-lMg_~=B zrN!}=uZ!l0^T%?MTot(!pu}@pVVozry zE;8hggp+eco>8vGw52gk?)9fxlekbee_u?lV;72H&S!jgZ%*5Gwd?9h<+$1p^X+W4=6%l;(Mg2+{d7q@BsbAQBB_Gzt9t>rk))pH zQ|b#f_rr9OI}4oUV}X#iN>kLqkpnk7XjexRekN)7G81i0>Bg0Lc)KDf$YReu0BJNW z^DVejSzOr^(^RcDnNr!Dyepn=UdUSPZQ?9fk6t8>z z=E%ZpGVY9umv1xsU9CH15xDdtX=!Elg4LUw{k2-OfgL7b>stj&nxtZnvsvv0o+}`8 zQDQ}yj{^rU2%dto(P2h~Um!L%77hhBg=c%MF(An~tTnAxv5J7Hq%lN$N4QVnBf5EM z`I2m7=Kgq(0_9*rNkK{3N=5c|JU04?d+Y5v{zvu4r9-*)42ShZUB@(B`4_iue6_l( z%I>MsjJWs5V<&KZdXgMJf%ewH8>J z>aShLi_hS(DO??c6V;y#mU~t{rMITu_+k@bL$0V-K0ck|$jyHr{n)WPBC!y;HMWbS zzhmh%w~%)6xbysGw9`k^2z1JkuyyHTDk^FwdtN~xV6e5r!`|%F%2t_CIa^sLg4tDN z;XXS(ds1AyeEz#?q_|kITvN8zhVQIsV(;Li)RHQjy`}qFPE(kac>9_!fX2kzD9LHLS2U%flqx??qn^9qoFG=^X(nUR0%nJ=I&mgQ?4x% z{CL}}FgDG&sN(65YSb(?2)`-l(j4d~%ueDlN-)%By6Oh0^BU71Vg?mmny zbO5pmN9)U|V$kL=dvZ3nY?#&#%pYgAu-&dim}Uk;UYfZ8n@qsCl#q~a&CduMJd~pD z-AuV0^kNL%b^UTNE5+k5x2ZsGPKNWWN>#a_Ih+sg$LlRue9j_EQd!!q*VfawElm5b z7)v2o8~XCX|-6N_r`lsz*;xYjFD|uQ|nrIDpy+v94|+| z18`kYs9Nu5UnjPcyIkDd@!XrwT!(Tc9--hW<%!`AU-y$foFs;IYHnQYw4K-8WGUNY zdhRByY*d%-6wKh`g1o%8m|8{)rZG!ra(@3FhC)H(Iq&bS5`s|CteEfBMO0E7BE~}p za4FpVejAwKe6aL^Wfa%#rgUdibHVd=CfLxj{qgcB5&O8U>B!OYuw|*`V)Ov=ynDCA zq|~PQII6Xi_M+Qy@WNyRsl8O7^_NyDJK_ilKknF-G&^Ww{W$>_m*KIplcatX+Ad{w z->C)7949_l!nL~&0`aV~rb`(jzdeYJVc@20cG<7NMHkPYET1>rtBbCjp}!xj86FW= z%y6nZD`kmPZ?@XqkN4g2T)tdCQp$L_FBMo(XMaqj6lrU;I~|&A_I%i9EI(e>biC7? zUx{S99fwX`2_s)F!DkOYVveHcVBOl3(G(xVQhAx<0{hzT#q-=**94@J zFqpQzaN~gB4K`zDetezJ&JMiXV{{$r{T?`#4X&~4Q1}YE zg${-Y$C6W#k~UkeIJ0eJP>|oPRprtu&~WG-ouTQfbtDzRqAaP`Y#Pn=f`L@l&1P${ zLpyOwl3-0XKV*>YZFT_fH82Y2Qyjy3IH)ece zBgamBo1(_W{KP(~Da4$Z+q7gFJ$8l*NY!E5HEm8AN!6dKmd0UwE`TCEfTu}!m~~a% zOFc4@#-!69g2@Jn-ziUJTdU;CA6kClv8DB3Jm}NfX}e6#f_TQrdUmqABk|Owg&*e8 zC%N~_o-tsKjl?(}I=J@k)R2r&a|we$uWg>p7?L}6b@2CR%k2)k)Ivg~sY+dPb>`ly zl?(Sa`P9opuoYS@46ZV8dD!l!4j|?8&%U+TQWga(N@|tb9&^$TJob%Q=bItPiS-KZ zr-#{=W>hPe>#lEC9t_XaR)#qrb{0441CF1a>-UKWoNL`)aC-9(b_y<`N)bo(l5NhV zfbQU3MAY?&yaw?F=%+tHBKivmS|<#`v05t&cKrtj6N`&He@HKM{8pmhPAQzD%t%vc zJ=k+ZX3Fr?e+cDq(YeSqr%Xwpb;&Eb=I`2$yq<1v&D}I~H7PqOZEx794FB|O+X1i~ z`^%0G%X6IVp}}^GLtw@N6cqK%-WkQ7yJ#Cxa#$vAHyewEojmz zzOvN2T?#DZMY1;OEl&E+m6xX2dqB1oluoE!cG?ZW%`8vAn&i5b>D^}82xY+zl-h8^ zZLd7^rB%fTE4^%cE?6kz)?R8kOA6Q-qbL|jlHZ(k<8su(t z+t2cqtUY-#ACGTGOMlq7oNdQy+)-^;Ap4n5HJcx)lP#CN0ajyGYUko^yy{R*kkYP`qQ>Y!QcSp_|r?rZ-q$4|fewNX?A8+m0*>g!bWN>~+m{-NIM`y2x4RImf~sS&rMGKl!)X^%z1*mLZu zAivjjHq*q#BPD9nNN@-}>fjkRsmY`8kcjD*gImK#*e<~6sLUOijQu8E* zs%o1(ZMa}a)&XlDmT>){_u|G?v6idORwY?cy+ujMikgN^p7xP=F=eEJq;tD}qz zhx1mAfN5fB>*YdrpfxS9>{(At0cJ5o`eKx^m%8jHq5-1X)pNP&{J*c z_AJIZm08}>`KQC=U`*qKi8#bU)5StypbtXbHu3$Df9W#7muzLgi1$)#`W7rz#Xh8*3Sp1VC~aqceCnzrvIKhY-F{y5GVPFJxo!k(t0&^{Hcud!53`C@i>`cexh`IYuDR!V_4?tdB2D>DIA%?K&7iAyx$EM zvlAx4)8IBbexyeGc*vvK^4#;`({tiD_?aP70bYdun8u3vX+9|4*|YM` zb1|r>-~mGIAo(yFBe7~?-UBo5hTc=`F!iin64=^mAX8)!DCL)Z@q9~ z@v=b`?co5M=9RPOU~gRWWWaV&f_n{G)oQt*Uv^1ddjBDHjKiIGMnIQTDno^{U5C&4 zX|X3#TC2jt?JO_aUyUpdcaYLNjk|dN>~#-1)%+S*~{=-1Orl6SQSPG-_MY!Gvn zGmxgH8UkxDx(uE#u9FE%m0_`(2p=~LbX5s+v%0x;4F3#vzUvYR`*t$R!%Z;$9?OId zsdeQSfk0p+W?~|T@l2Pq zQ1-<(imQ|GOBNf~gFXr_x5Me!nr{H&5zDG~+!P*tr8RTvk`Y7nM^@UZ*8^98y-rmI zhRU=h_%y)@F|}uhMwnuD1t5g$kGUR@FfM;(mUO5P`RBUM|Kfgv&C9!rhzPCc;Flz= zmMSMRwbrSx{={ziasikl^Or;*FJywRVlpv@S%T3kxIc$YFShwWG9ktLq;r*@hmB z9N)e4^YsP`=yQcK*_rCRC`}A?!nvxSqJT%b~p@#0+cqItkg#L&5S}xqzDJKLF;KXZX>}DQE!tE)sr57szJ#ocJBH zJqrhhKYaJQ)cJ|=uKy?=7QGo_{$yj}eI4icn~rxbflu{6PZty*r5Nb3E-O*5uw8M1lqp3 z9=gj|vEcRPcO7I~nqzT7bmNV|m@m%3-#l0h%Kld67P&m>cv(02TSSHqdOWIU&NG4M zJCIKxbp%Z%ph-r+%!&JsH1<;vPZax6h{xI5^^1oM8gs><7dug$oaXDf47`&F}V?h z>?!$hV*L&t#5=YcZV*o5x8)2`fcjr;es;nrk@p@YXqWD@4%5^OY$5h1EbV9%O~$E$ zby`mQ9X>foc9ee%YZ5-%Bl$WY>-fod_@f*@YL{ql_-@!}&lLp-l#YNtcHGA$gd2NE z65M;dQ7wZ9ws%oGfx;3GDv>JQsHSHhO-UH7is9mOg9RC3)=|TXzL+jD{m)MDer9bZ zby|jS;ZY6QaJq1UGCz!|U`P>B!XxD$d^zbz-m*tzcH#Ck>GYH(Ng0IOQLyRV!d$@; z7v0UIk|Hv0oQ{2rouOKqlt37$deeUbJOUxSr|2!xMvW>&p;cIQGEl@wBBX=t&-2C% zCMG9u4(BEp7h6ncY0hmk9pONrv;Y)*kDbx<@-_jF(SZSkODQN23`e-|#a=$xgGA(; zsB@+xHAW>)AGYN4Q6{XHRERpKXKp|ooXhNdj1FCZ?Xf$XoSDyIZHI8atK7xihig_L zF-{Hsku_TU_73BkHI?jIg7Y{lNbDo!_Kp(r9ms1mFDFNkiTe{e`fHb2AJj$B+ zvsWNQIVGihEU*~xL?qDXf}{CbaVBmSW@cEISrEu)ejt`iVdJ7F^wZn7Z$F@-a%TZS($`|taWnj%PKHHrM%cnTVFMR`tA zWn8~CJVs=Z)Axuj1=)QW4UP~*A%ShSwQhd{vO^_ih^5rKiB{R$9!Zsyl+@SP-`m?u zcLm{zYgH9-2Ba2cEBni6-nhth4&mkN1ci*VZIZnWe{`l?jy&5e!DTZ8f0B9Y9gBi=yzO)shJBf{#5bPmVS zbdGxCNzy8r;&=~ON)QNso{^!r$?eWYKtRC5!$Tr$T?+HoZ*nghggjRGnv;Q2qus-O zwoJp{-`^YmjgHLlZ|U%vA81{Sh>H7|b9uMKF6jEb^^(zNxHFR16T6ui_mX5@l-~fC zW|nWY9*XvvL5wG87xajpT&~gVusw{qH|5}QdDe%2veK@F@dkC5r6hJdiK@jrjr{RZ z*$QMN_uOh=VPZmPo-(q%))hEAJcyHZy?kp}mx(f1v^Iyg|~ z*hIfXS%~A&{1!Kx|5s6Se;8?0eo6`o(Opu$+G%f<*KDt&K0vYI>KPj9et`$snY0OQ zZ*J;Ul|3A2qk1n{vU72@=H%$TJU_8mEE?JWP+Xa2G#o8asU{^OgA?Fu>$CRoc*P33 zRWl`I#_pXhJ2iSo)0qcm*Tr>5p>BqcHi z-LJqUBAN6|vW4AiLbkVGnVIjoePhSVzF3cuOa;NG`;Yfe5MR9?Bs?k0?^p`6pY@>#`=`FC2V8TxQL)Y!6H1GE#s?>~S3H1n^jVu(DL znVF$bGK)@2OJg#fNn^L)zdl-MgVjZ`SZo-7ZD?iVD`;?O39=&wxD!~srrGai^`l~y z3=9l1c_=~fgq!8Jb6XtrVBF;|2+vJ+AE6$ehFqT41^kFo>;#y?mz zxWhMmIB$lU7Z*tt%l74PKG)0Sp>JQif?YO}b#?;*;`8qA&O5?6T})F`6ZjX(Xhyri zScv&sBljBaJqD<$&d2A~|13dLcFT*YMc-h-C?;%Q*zdVTN)M*V>b3M6=(S|^rxfQ5 zUxDwtMe-Uo0hXXepct1~-e;Eql4UQ+1(^BY*@n!P(-JL?48(7fNz zJc>yEZ+A zF{x|UVB|bM+?KPIpmna%)j|=8~=2@-2$u85TX8;x zS=z8pA$5#d*b#xoFbhcY7n|%&f!(I)><(DxP>X8nJkY$SMtiouXf<0fezgkydFYzE zO~~q`G!N41G9f_HC?jK=5Z>}xSBoa|&;R`W+3O#pAO=S9m5FKkKX#Gg=ej3ZdF6z` zV8vhvEM;o~AGZ>$u^+{F;27rEl;3rj&idPgZ1H}Img|Q^cB1t4BkO&{-q15_x>|;I1`&U2uAiRGT~0<(LX2V zHW>3+PGO0}CEp-{R*Mrz^WonH<&z&>ubCD=IYP@#suyB@MlB$**mB62ti_xNq z-+k%B9PZhuv_rB!X_MQDHMIEQytQXtTiR0qW$Io~vk9% zBlVkT-YatQ1-I%lGSREWkB^Vnkq{8bW0Qid2fHf}<>qAc`&lECKuO^Szgs}2P+PvY zduG7u<=*6q$HUPM*b{FTcTeIE-vEMW*0CQ_WdHb_<@j_vT$Lu=W#iH2-G7FqlJB^x z-ekA8@bKty3=2j8i~bV$x?YU}R1BG?>3yd%P}MG@vUYucsnhB z-Ct?vHZydvJAC=Xw_k=+h)N1+A;o4Iv~0pOKYz3cwT-S49>N+kGIPJbfUU2-KPVj) z8l(YluBZ?WZO^cEn(aaBJuSng+D6MR7n(ue94~$N33bO%x1<;o6Vo5;WmbH|JRa|M zx0U#E+sE_DqgT-F+WP^ZNip|+Z?EvnaoEs-;eJHwIc(ZbV%Ohv?A)#ver+WRjbpj{ zU$kUNCU%cnybHzy18muSTOy>cW6a{_X%zTme%8*5R#y=b=Hu-jX3KnCx0L2Q^E-V_ z{9-w|s-mGmo%VX(;=`(A5QO`?q*SBBQA$mOX1P*0giI>!^kmfT={cO{$QOkhK(C4QPltL<$J?A~a=!Z?Xv--}fMl^)koU}*NyUkeXxT|9At zPH*%Sh&}YZt&7qMw#2%Mh}LqROS!eKH-@CHEHzjQTy?UlNihZb!~n5 zO1@?CALCQ~$V}}32{}uSbF%@T%GQztd;1*B9KP(A!}tbjRFm$~w}IrnhAe>)w@+ZP ztg#Y|p9A7+ncXZRP1qB+hui6i$1!8pNA%pG;Zc$ecb^MbL~h{(D57l69!U-ZtdQ&v~}CtzEQ{V-)Y{%@+Ca#+o=$k)6Q0*5wp8Z-!TDq{g?B!v=t4bK zcB^xYh4Ly8T!@Y)j3RLs=x)$o^{l^*s?n#;K1_X4`Xg(mz3 zpQMCyaI<0sU7jRfMf~;_cvb#=#obg-sIpzvrEuj;Mr@4x^rXY#`i{jX;S>p#okytC zK6Kxm{YIv9=fE)XVejI~)^xr45=;2DS*_snk+r>jPLaPkF1T>Pf4R>P829EXC=y?g>vTPPp)}o~8gn|Ff_xY!Z4h4Dn0^w>vbN!x}oiCLxTe`P`hTgq1D!Tjh zplDr4o=V8Qce;6yPQ8U5Z$D>tP%jv6K8$jI*x zLQi~CXZkrv-Cg537NgDQYs8pRdb+#6P!`WzS_0y(`pvaRiUeH72kHJj#a?at5DJct zMG*vH?hxK9S#@?;U$-T{B+@we`n`7h=&mo9AWusCb^_s?k3ELl%|^7ykavM^;M>s^ ziT!ij3D#tqsL$)*ul%QTH&_<&Jr;TlE9(`1=hB{-%D6dP@O@AH2)7o+J|Ts821Y6* z59@xn%yRae`CSWVo$&F%W*UnR>2)-+&fzLD9%lifzT@$tOzEKsaR&YkS=3o_(@nl& zr?K9E7hd)2RvPO>9zd80$WvL;HL3~aMqdx%qqT7tJz-1?36V#hseF0gj8yo*H~hr< z8CmH=SxQcqmOssRCC}b(aJw-nn?sZ{X2x!L0b<41mQlDLSjd(>W@DsKa`iQ`J=TRn zrc#Lx%>i|6M_awZd0Qawnc}`6+4qBq$;B_|@wx zXz|0t!<}`}iHSSf3ltkHhw|PuU)7)IC8QB`Vj#=XNnPk9@9lyY?pQ?K94_&@vA51t zxLhT3Z8uWnPx5HCZ%V70mu$Bou2zG7bKBJgD^Vzo0H%5)IA_JJ>}#1w`uFJp%r`Z$xp z?KeJXIFBMzLI?)04CG-nW28`-W*erkiDiTyof$8M5xOs+eai<2Za{Fnr2eR);&)Hv z6nqgZDOOL2?=}IAqGqa0qxqHl7Z6Azr1%WOLb1`~si~^1_{<3eTE(8;M7wczC@NNO zb*Wvt#sq!F02I!zEG*5yGSK#~w^%Z%cZXF_Z5Gf)*z32o1M!C5jwJ(HZDv!#bdhMp zv0Ys7?~hx059ept!q`k6U1;T^NBO9gY!Rc|iWZ`l4m7e^AqHCl+=w#t*B+Q9U%Ayf z(^1f(WTnngK)5l0rg-B^-*2ff`%PTjw4MtNv^)P8pGL?V@&@G9eoM(FG$te~4+61+ zJW2B5qkf_)rzs8@qg^OL^X_bxZ=&%jiOOUh=h25?W~q!Ok5T6`$zJeGeh_2~sj-fb zlcJPNG(s8``UV&dD#6?oy)iKq*zJ7CfrDK2U$)a>y^seKY(gxX_(MX3qh%#ui|He% z2t7Zdg^Ru4v?qm-;NiRfR2p8TpdAnR9Tr_#bt~b+xD=$b0?HJS9r;S&U&P2G4%qLK zjf8*t_$b80=C3aAs$SXHsPfOE+EksP1Zq4byDRwFvZ$Z0K<|v&fRW6Us^vG)$jZ-$ z_v+0A{HFT>ohfbujN4tgk+KYS+x`g+Jwca$Gx#@P3C8X?k`YguIuD;P2aeaj$e%as zkC+@~X$w@bl`2k9L0D1si};a9kc;S^W{0tYe*x#?I9)p*vG% zMSfq!ksuX<6XAZ2`Pl#RIRe$aW>#6*wWDUo?c+$WoDupa8$GbLC|poTD8j!eLV@7% zRDEru8Q6E(N%h4FTHa>^`f>8LmL@+xJ=1(QTAq^w$Y2>b&iSv;DVeVNPjY(yNuzdJ z*}QPMxy3NTX!YckQi+kgZ}Jz-Nb*F5G&k6w%;F6sz(CiDw>^jcSM3^-gbnBHdt0hoWNmq7Uab-I*wZcrnOVqYLWO?(__drq$VM*?#eJ4eK<6(1J;){!!DFu_0@!q3mC;o z33ESxN0Ce1f7^kt&Ar*Miy64EC%vy+C5W~ol1G?}x_dBSOQ*>ZvDA%wtjlJY!~uO? z6}2+ZuZK8gCzlEM3+n%|m$_KEmV$b9a=-0HV<0}^d{{PO@Dr)R8o3b~6ajxHqUVgS z;FR{M?ln8B_%n--FW1MMMTL}+(6^GWyek4oz7Pfx!XS9V2x0&+OZyG9yEXHLj0&dc zLY*H?tg&Ym&C~aP7nQO%D9G#=D45n7X~+;D_b?3uh>eIzdcAL<@=V3E8s^7@Dg%P>}!gs7P@%HWFHEKZ?Lqd!cMZ)CliN!>$ z#grOm*(bI%S}1+G?;8o9pwK?@F0>(zB;gjvNeqpn-Qkj%#62$-$xIB0`@+|knJQ|b(yfMGBFvPZILYuBfGp|op=w#tX@L9Q4&Bpf2ldNE#xA6 z%!w9$!J{fU*ff3TR0k)lRVnGLl)KJ>wh{gF(+9vt-)QlXADFZ*h*kpCXX=z3Y18=E zcdD&S<2y|^8gD=Wx8Q!b=m*4M=gH!x20gsx>S#8XeJ?)5BpyC=r!O|t_$_bvj$8xY zf)}zkRqj3^tbID+z-!GiRq?$UT{%=d_oHLC0%D4+KO$IuDURH+2%3CgJ`385gnCn3-dE z$BYDb8zDDnYOLbg_MjeSp8+a!$MvD6qXKS=6t9U@?2^tC_nvpv#D#X+Nu4BxZn5K| z6!)lRtV`beasHT9v1Mr48_=i6?>g1Zj%5fCTv!pAiwDd8%IC-3vIU#21h(T|+?0Ht zZErF^_uc)VOyBrFC`&CnM~pt+5wE^<*CWnNXQz(m4Uz2ejCC!a#h%dopNaVngs>0* zdm~H$lYWgQL|PL0C9Q{FhKs(#=`uQSYmm9ayR8+R?(cTYGgJuv1c_sngE4;mLco#( zBQ-;vq@4fp(Cby(vO!lN2IbJ*g>v^7+tCn{3Lq}1ynD1Rt=yRzjC>Ij*Q;vRZtIaX zRH_?gb3M=Qfw4HqqqIb6dbjEW&*!^4ft^9F8aljf*H2ChKl7k9cXU2ZUDq_LN;;Wz z710(4;<(uFK=s~zizMvzoEe&(whQoD>;rHoUhm?Pn?Dfz{?RV2R6|OmN9!Rs*I34x zDUQXUKb&HIk@7bbWr zTj<@v=DGt7tMCVqMX|ndZRR?Bl|u88N~EU6N3gwz8zN@`3@Bi85muu3$hK%o zUfkRXr>sEag&S)3yohe)L&vqJ=-L%zPBqH&13e|uDAg?^@lSTLl_*YFp#DScrfBbr z9AGEXdn)G7wXWCksYB~dHIodni}xFgJvO6h?mq|^2+QjUNNcS?mairelyp1k>otF4 z7YcKh(zm?7$prEi!283QVP?dh4S_4cL0DDw2B{2-E;`k88$5r%-@U-O9bHn=$hMt! zns;$87(O#WSgw4LlRSL97YaV^s9Hevw{yb)8v7TYpAEasP}~BiZw%a9&lpZSn-(E| z#Ln#1^jDIEH$;v*tNN_%*@WBgQeD>7hpY^L5M6ycHAMmd1QF{{JEz9bmw9L-b05By zKyG-s$v0K&E3K8T_=r6AeF}aAiDSvH?lUadW|Lu+KJoBDK~?FKTD0E?kHIJ)5Mus9 z<8S96LG)RR0paUYeaynVUc9EXe0Jqs1*q$l+y}gea`9e_6)3=H0MFPXoHmWHS%*2J(ZR87`*UX=};t^FsH7-O*bfjMpTV9QfL`LWK&QD=$$LVB|P`sd@j*v z+Suz^G?yJtt2w>>&03g)leOPpX-Pfrdk&?xFo|CWM(&Qk1^qdDA7f-~E(xzFNI0c% zt}BqJF(#fLjQom~t7s;LJKa1OSuu!?3pXM_#fukxwZAzAQp_F!q z@LXUIEMfFsmaTB+_;ylI=Y&Xx!E;{r?_&HINiIxRMyBV!hik9=C3$akov!2JubgxsWE>TX6s7Spsn_|nhb@C z_8`VIvlW5E<66>t>>bxW+4!)h}4goIu%Dl)s5UAa-AQ7>OB#F*OSUIaj z&6L%KWIgFu{#S**|Q2 z^6srOZ#S($jRn)zR8!sEPLV)r%};ZNjb@ap>_&jwe0T8{qc?z#f@Td+@Y#U7sQiyf z1F;h!5Z!`n1(<+BqZ2dGtSfBa25mOni7ATwcp;^<_Wp4J5FU7*y`bV;aRo7LNpm;N1T6pU7x04`RkCDj z0^RTO80}jEu6t%KXeW1$hE=K)xP$CbNoLMD{~?M&@K=e4wKq%_I2tX>10h1H`vq{F zzXkZxaEe3|7bKeUQ<>UIGgOpX`?V5=P~5vQH54a6?|JC&jj-G$6eppp;2Gk-$@8;K z4s>d&$^vfYhP_T$s~*|T38(A-xCODj621^}zK%Zo>C>K++J|KPA6{RivOG1tYc~%% zek^MzRz1-*jd)iyj^guVdv}B_dMQb~0|mJC^@K9k%rbb|K22E6!#`5q;NZwAC_qvj zf?E2yIXvMdqF0pz^3*K$$h=HYfnay+(Pp0q*oce)PBNl!?bY-pl*9SV*F;o!=88vf zSisWpCA9M0M#2W|LUPlsxjHVqVZIBD?RAx;_;E`ZHeI}fwDa9RPH|l|j=XNo&H%2}WN$-0Z;|`gRQBaqUhWP9AzKRi@{+<(YHErj zMWzi5fJ8<0BrB|Q-IowiHjndfnf2fKVT>XcQC^R5xSNkA?}#>5Y=~Xgy>1Qfl$Cpg z^ZPz`6ukH)fRuY%U|@v2Z&zzg5#qrjFHSAqD2_V*8X%B`IrR3#eP>TWFK&KrPC`<0 zT803Z7A>;irE`0e^$Z4sKRTi=+cjK2l_*CH9N){b+p;=T7Z~247dCN@Ktzl6IK@Vc z8W7~WSZ$b2O>l3}?!(8)Szpmb1^V?&!7r`F==Iqh!;HJphB?(SCYeGDzJ`e-QX%F1 zerPp8d2_%AoktRp&dA4oK!-bwFuX5E6j6ZRBQ6=0%7w}fNUzc;O%oA?Arl?1wed_W zf-K`$pH7(V!H(&TQ${aZUi!N2>AJWvLE3(iOl@{|-HJ_9Y-@1x*C@#S3KoQCH8nNO zjp^yj6s024lqz4(fNdl_SA;9oc;cxIFLGS>(QF{fx>el%f?c_1i`S=Y>|V@YVITO@9X<;H(ACkcsc;GGa=#jnBt?+hWC*1kLdf2LZf( z(<3SlI}u2&vEBBqGelW={dw^54sk}0IaxL+CxTwa|6q!(USJ%sEe5Z+bC0Hr=J zG=#{5y}e@7lvxJ35c}{qZ>jtYgIbZYx^phLXrT0G`T2JKG3cRP6v!X@{cSV5rZ6iN zXfd^Qbee8b-vYWeHaslDh)pm78Q60P=n6hfeMvM}L{+YOfkCHZhDXFC=n9UpaCdjd zj+~p{KmnbH8TKBlo7N0dt*gfjWe(C#ZMX#f%+3|T>zzm@BzKw3*!f(3Hjs>(NX}?G zjJ4r4Bg&X5)ZX4+pkm1(Gm2=%HevZyvH#)t?CfmwmmaD8$nrlv2rvTRUl2qe8Q}gO zn0r*_e zuY!Us8l(V>nMIP6698vA18?yDcl`hVTQ7zG#NYn&{J%N)zurrMjT=Dm1D}7;#{Yt( zvhlEy{`2|&34;6oC5oSe^FJWC|Db#SW1jzSLvXn{IJo{d2yPaPL)Z?VhRvw2hC>WQ<*VN z$NXB!9p}DJlow0Tgjm%zj}^I)g3R~q1B^E_d16LSLP0_b>(n?w`eiC~HB-g~VfJ{h zyR+w7e0V1-4)BU#@esSvV4h}+ST0jDIo;6=?bqO~8~_5ngLhS{#XMulB}{C$1tXl> zdHQln&63|ORuy@1r_CwUB5ZFbW!ZhYmn_w`aAu*c)EGn(IhrA8o5fyZ!hmpDNG+3x zO}w(^HwGD~sM)QpRJ3h8!~>eD+6*Oa?xE9}M{U|7?H*5~VNIPLXH!)Rgq>J}m) z#+Tl&Q;Q0+xe)L5^b4fBlQax?>woXrx5|%JJu78>*mrIHB(l-BA709~#m6xNDe5a0 z4`KSr_b^)obyu``e&`qK>Ueotu-|~*DP=z$Eadn;Z0#5bdhNiO8+e#%xZgaD%?1y} z4dLQceS&qz8t)oqWp!1nLp5E${_D@uaTmr1ezm&1jeSowx*9mY(kmzc0%fxmAW|$G zN*80=y{*#{vjfmUqJcCt1B%hHnYgDU1lt4{hdRRU10l92BEoZz_a2bPXB}Z7?@jk6 zedtx}`u%7k$@4`=SeO6fW0%iOG7Tg~f2qb$ZEF=T5##N%Z~Rc~5WTi7YjSoAok@55 z?XW>H$-T=^?HJSPaDT6$0thsKA}x*e5f&YCf8X4mSq@uQTsRm?8T=6P;6)Yuu7O4C zX`tKI{>;kD+WSPnTidU_>*#q$z~Aqp&tAXnwhHCU?*Uqtv(bEg(4UABd&XB&YH4XW zKPwXfPzHn#_Dq}?RL~iu$o4wV+sfa+*KPob>Nbl zo9pT6$z)BS&Nz{kh{?u9Pbox3&A?~47O2J2ps{hF?V4Y4cp9pP(w0GTa_sTi*SXOS zy(A%ChXR$72J7wDf1^`HT70%U5Tx8IE0~#w(tn~Jo&3#JE(^7VXVNIO-njqttAX!m z7h)8_!Tc@cJ?IY}B4hSnpri}PLR%jmp`5NXRko75TdkG{pSRCO$e9&3Vwv7nG4U;^ zditGA%N?bx9oYEzu0Y|yt|G#Y=g&Bg!h*iL!x2FuLVo8RiD4w|9^VXfP7eQ?@?Dwr zi%Yep%lGb0)a*ZuzUgl{U3*2<$W)$!D@N=k1W-mK1*-M1X#StYhvCcOM@lCp+B72O zm_%Y?m47Eu^UxW`%+6bI#>dA;%Kpe%>AD+euwF^WhbTm)qY)($6LGT8<<*ep``a!> zTFWYxGYYil-D~!a7@sJ3&vTtt*zPkKOt;w#$G0ZyFpS^>xie*L<)p-h`r7*Z4pT$J z&*C1qhiS@IL-D+!%ilgKf-_rx^X2>MIH?gq37*NmWGd5n-&jxGEMaCaodVoe!){IG z&dRDj#j)|Pyw9Q)GbUG6-Vtlaz4Aci!q;FIPj409A^77R-Iqp;xN#)*ck3^oag2OL z{4j1%Hx(aWX;J0rWPB&bv(!Qg(^wROLd3P)5BRZ6K|{}pOrbf13C@W#`jIhN#o?^P z)cB5X(__b$X(2Op2sGd!+ToEb0SXQ_V|8d|drMv2k5PtLV*k!UTVHMM){Kmd9-0Kg z;V%&*TFuAa_VB4jkyMatd+`PHonS4aaiDJd6MZ7b$HJv5F=l6Hj`5%I%gf6yyMNY$ zR`}IfekSwK`Ka4CSh+Z;$WQL>hquCBRGnt6D5tUV(RJ2Z-HdRZV9g=*j}joHRHS95 zueX1@m`{#QPA*GTt<+a@@Lso9%o6Pw>{PLE-*KKJ~PEIWKwb-3iY|Sn!Yo8PlYUw$q zu@#ioYF*|#gs4)vF>OofmuFfYCSxF8t={|sZE}}#do)ycRVC1eIR>~UTLV4iHGK{5 zyVDL0yH(%Q&3Fka(=9X%7ygbUZfqo=gla4X+=*AqyC4Xy3tz|Q{-FW=7%z+sY~FRk z)||hqCj&+Kg`GW=d}VHX>YGntuhx%kT2`i9a$8O(e_T3Oa4l$S=$Dr*8mL#7 zdG${~8!{Hkm+Gw)oY%LJuC8KP3@$Ga2L0W(R?~`H@0#o%H&0I<@74u9Z~v+_+{h#* zC{$Jg%`BL4Uw2iv3QM>LohN)(SJ)6RKraSn!ZN zU$D&+y7O+s(v?;fGW-QI?GUf)?^hT9jl=1u1B@rx9SU%Avfl4iXJEhnKDCqtT;hCyVz%0(Vub z%^S-tmV4zb`ZXM($EGx_xRa7}&F5`fvygo*o={f6fP>P%-_+654lz`Ho0u{Vt89;Y z*KDJ1wD=T!&Xk51c6Eu8oO)ZK*;-eA?jyIBd}H0Yu;k$FJlerTbjRJ4Ravn=kuk;Q zeK;^yUr{&H1eR%=ZGQTbu*xy6c4yE6oi5Z^;Lg9fa%uM?4ixqtRB-vnIJDkA0xS$2 zUQOKp1c7kFNS9R0lDoV8l9LOI!C9TYNAoWyI;jxTv1k;A$gD{Xm0I`DFO~hUZ48kU z+!e%=5a^k`wg2^MicVH^n5;98xzY-|JG3#%a>cBGh;gX3!BG#mEo+DK`tMf*aLOqH=2twyqlK)^_#t>l@2nrKW$K`?UnHCxq*H z&-!co!8kZX39&fX|2%yjO3{`m(NI59_8MJ%r?o_4O{GRHnj zia+asbs+r2oQfA6s#V7Ul!v=+9hW9Px>xFCeof+LV<7wOV6@slu}84NUukREF<*0P z23bBjvaV_dZ&igmmoOs=7KVPS$T5y>)c#+<6Snv>%^-UuH}231I&{ z)BbstyEr*xm7{QDG^YEjVZ5lsr=dd2_C$h$WYELEpMJl{2dU z>^0PHZk83joze_aq zkKCG{M|k1&sU|<{h#@j%*NpnThpEDkw%HX=XDP_qnvUJc^0k%y;4={sikqE}uhd}l z_>tnQnj6;G(oc~lcjfhq^l9&vm9vxe^XY-*byo&%`%`9my4dijX^Vy^dqz)#qv{B* zk0?19$~i=g6(oKYch@x{Uch=OcMs?I`m`6BkCj*0A1}>+P2phR;j(iI*O=Pvvlb$# zva@SzZFxRDt>9_0Z*FP0X~@30Yiin9pLX$DyF@}@Cx8^Vjpa1d*}PoL6@r<@b%b~d z?S{7x53#;Z7khd={K^i&Hs0x_|U~Gw5E%Lx1wey{zLZ`BTGox1D~gy+z+`r4#)spRffow&yhCe1dX~Hk(Rz=ee0$4ctS732vj|#b5YYZ z*L1Gbm7y^OQjwk7X>?jYknj}xS1yG~FFi2>2aCv-75}f(VRSl_a;m|4}+GWw+&UVm#p^}E31)4WVu zs+P7CY(gzPuOidAmY7f+ZqDr0>Bh2r%h7?Dy#9WSJY$7QJ5i(eH`&5(lnU_G3U8xP zcKh%;K_J1z$;THr>m+UR=gyvQ__9q;6kUb%St|BUuC9?W5m^E}WxorWEoD4cdY%-h zLb4=UDzxyBIA-w8imJxttGF0~SISyJLqWU5#9Z6#N79amQUHtJkSObs$pSaVPv!o zly5sbJ3B!j01Bp{SSj*H%*E{m7p}Zjw0iEBU#3^TwwtG*o_$={^FXLSN;z(we6C-# zV&*_sPp_j3_Bq;WmOsnr8-s(zLDpd9v**-Rs)TKQsW9{z zw641BZ^UB%3ns;2z$c+x7Y(&am43Q;=NSktvx@K83~af#;X8W8p2G5Jrl~o1aC$PY89tTIT=RuO za-XCRkQ!D$R%jwu5vX>6EACFkmJ>%mi1ZSjr!{n9s=I1x(o#sYMDBR*!@+-z5dE8} zY_)(So->SuXE(nyZ#`>XD06AlL z(aHBNu~zwiJH)MQbaJ?SeARzPv0?o6!qF!PyV2U&u@8?)l;xv<@dZ*nxP&U^ywb0+ z8~?^q{=?88>2KT$Lnh=pf(0sc6mKKp0IHxu{hlFDEIVQo0xuNBLHm5}gomey;MbA} z6f_j(I#iB{*!z?ty;YTIJicP{u*9eQ_3N#vlj1|IXL<6dE1{VD;v6v7Qr}hvLht8DhR0S}Z86sOqPfNR*o*v@7 z`R6-;w}Qpx2DGb>nu%#Vy;O_0qod<%kv!f(DQE)*fLeZ&$H2#@@0(>LoL%v7Kc9?0 zh*#4WHX-Q1=?Xz;5s|i~OMv*wF=nApY_QF~53vl7mezQYb5@AU!fzPXwE+I>Mj>hHZ%)<#nrubaa$^=8xqSje`+?&7lWK#fMTulRcwH zbPz~fH22Hy-@iyBv#YbS!IbV_(0ze_Gd-=c$PefZ>QEBhSGSX8DqS;gFE4ZqjEe>s z7?_)zn;;d-e?3qwXJN4qL_R{~j&jAqoSdC4Eu(?Z>fs@Nl5Foh8DQBZ5a0KHQy4Gl z7&fV$C+lSub9mT4K1M`AX_}{D#s8K>{{aLSumw}$H-(Q|5uBBqw;1CKOxx$u>pBwG zl4AB-jCFkU5g{>K(utw@_wN!@C($+}>9<#elI~P?WHX@(?*qPa(W9_54Ii|NX$Dh1 zz=6KS6%-U)-`;-InCS4nQ_SFw#w!?P)XvmURV5T~lfRFKLZKfK5P&@*ks28huSK2Z zYd%fL&|n}?Hh_+aIXgd3t;Zl8(rrg%x8Baj&8?o)1{4EEDPn$d8#$QD}etlVz~ z7rN&MJieq;{i0yZY~ix#y`Hvrm-e6lqBy9Ux;pZRV_sRA^}SHs6h=X5sbw{^9QmV? z*A5PLe;QM^#Aui&Ggw$Ut-BKjgdCtS9^@pr-sXN5g~uT|sYNaCqR9Rrhj$^OpRLnv zGq(h2$i)Q_a>0fIiXUeoGAP34Nyel_-M|yU&5N+ycTv~C z6&ko_nzQC((kQmT4IN@VR`Uw{9$o{{QgnkXp$m=pI|=1nw>nF9Vww3+dsh4t))+n2 z@Nc#w{$fVIw%d^2JnNI6xlke_s5uK7O$G2zY%D@)@kl1xrWcJe_v^csWm^ zh41iXPhQ@p3N6K}&ou_5+xPc;;6D`{`QK|Q!743+&zDE_>~*FSD><}4C)I^KiCVc4 zm$TaC&57ri8@-~jhmZX3K)J)84{Wti#^m8-zi#NRWqP<~%h8w2J92z}n{W>1VPA*@ z2_ImN>hS!0%~Y*Y>zBS~AX5q6yIz7{6LqM4uTzKWs=U=I)L@m1X4!a}k{=E&#wbkDN^)R5i*An(X& zGPVu2KGvf;x-#0^hFBWkC!RJc53pq$J(2zjy?Caw44>Z=-VC0rG+x9=h(`V->O&3_ zW&Hf5I}|rmezbg67So4A*h^-1za&S5|HX1ADyltR)|@yyT236+a_1|uG)$Zs|C!r6 zw;MiQUI6|!=>Ph-pOqwLhb8gtF%gjv7f776 z^af(<`x}}2Kl!QRNb$eKq><3g0e26Ie(@(T)aCdJ<{W1}9+qjEkdpMxf`{7;o+Z0g z0KYg>jcmSYMKm%|8gj12{``JSqdg6w;8(`#5AEoZEU>bi*$CRAk?gpL`*pVUHHq8A ze%aSkuXv*HLOy9z+Aqr!o{t#cq3!2)uc(gve>C6uUo1&bCm=8exoP~K$4wgUaWiHl zJ$6FlY3v|&GvQa9WAG~SD0xF-(#(dR8!q<7xA8l(q3pKEtIl+oKb}*B;NAQD`b}z{ z=jFHGp_z9FIsNI#tdeB!kS@-*#M;;`-a-yIh<~1N6;RCJnfVgW62L;o`j?>P=eLoM z#RgQq=OoA}n^`mm6FY4vA7&xfqg9dYMBk1@5%6o|`)@zCf0TI5>srcrI>sSv=oVSD zqQ&bTu0ey5GG%_m6~stsY` z<^c>{F`bHtv^-=-xmyT`nBWZ^H*#X#&%JWuPa*xXL%-jx5c@~gjDLR)%vaR>Ti?vMdq|JXU+&#_gQquidg0hK zZS%BOnx%yCRKUCu6UjO~-TI;uJ|LP;<)|cGQTcoh9wqW_ZEu_ zftdO?@UUfaqStsg5etbHtoz!P;>ICO%_-Rb;&`WEVHlV5yNeX=vcDuQ^Bw9SVf?~f6H-A!s3ymVmBWHa!{u;bs6mbN^2M4e@&H7=F11T=X;%3 za@H$>ey~*7VUU_%><2G2*s&o*y~FXKBUEI|{Ya%nW6KMZu32oJpBBUY)~YTDPosJO z4&0#s<;k3CdAUS92U#QMz_QkX3s2+=Blpe(=8cR;a&?bKSfBulXbzKhUBsvs1-CVy zlt1c`d1GQtt?|B~FEXDC)mF|ctry!kL*5zH*HS>I9M(>pgzxEF&f2HPo!Z5Qip01t z7y1nza##1QE<^!EBe2nW-?rI@I{kgcIn_kBv?do^kM@>BuBd z;qUzILU>v&fZxC9uFPT5m+K<9ehggzH!5Hp3zKpe1PEjNQnOnP@{f4k>Wa{R(@0q7 zXwaf)pU%6~*svtjgo~_%7q*DXIZTSwh--688T{d_NQPIG(&2fG2)EJWTSHT$GVQiY z^G;vvduxKEMVF`*%}Dc_+qyt5^_@~QNtD|{Jzuj8%~P>=zS#TdoRp{4OP=3_G4>Ot zcZhxeMxlEiNW~z^Z|(72oJxsKD6yGNxbI5-vFL65Rdb4=8wTf=F}A&shV^lk_)KRj zb+I(SH7#***1XdB!_oc4wT=PW$}N&|QSY4jY5w=4uJ4AnUEC>E*YZokHOX&978W1S zV`q!%-LZgRSV;C!iB$C#shj|{Sujr83uM&~HHboU>E1Q##^e!_r1p;FyOpc9+_C1;XJv5<_<-nU|Rh!_ESMOvuY z?J`8GbY@hcx#lv*F`n<7D0jx;wkCbM9Y;ez&KgX7&+}$M0NH_FaoYUu68e*;(?KP^&1;$DI~F-gJ0sv- zeb*BOZ3Y^@@0VqOTkMyC+GIBILSG;fZ&S&>hs7Uz% zTDCp2C2d_UlJEjMUuN6E30~i!gwH*;Qg-h^VDw`@!tg7HZA#yiHgBcon^F$hKesb6 zh+|Zyt)G06HQVOm38J-eleLTHr6UR^fir+`CQc5z%ei+vj~}xa8@M>1z)zC$41NoDm}-%vU5U)u8K*$$MCfry!3af`w1DN(-d5p$-F+KZl$( zSLqfI+z;;wQ2db65!i@g9WK#9xP!cGoo)5P+sjgUI3YC2>tR8v%nR>Bhg7i>B~P+udA+`6mBOpdXHPo0qGr>6>+QPFQ;o2Ux(1h`0IJgz!Dosbc;*@;#wf z=XFygE{fcQ1c73d;iPDGt32^X*}Qbg6VmofMm_0q=zI@h=XL?Yv1Y)A5v5Mzv;BEr zE>?mryNt1q4|VI0(YnRJ7BU~7t~9bIN|b49 zh)C}jttvZD>$>|wTEh^Q-h7qsI;p_*WF9>*6ni!g#FE~g(Ev-tGeDiNk|nP0pWLn6 z{PSMsWt^+s!mhBajm?f6d|JVsj)3D;tRlFWgtT?gM!}!KOBgJj z-Y4W05xqcN+lQdMfVKdsK}UU#Vnc-Vwwf>_3g5&~P;GA7wzR?41u3b2|8rH5r=4}i zD0SRCMc^P-QZpH#JFl&|k8ZmUcyt;aaEer4TRh|7E=Q8uQ}>Jdd?VhgM)!OZU%NC5 zCKl?Oky3OeCw7tLLA-Miy5>P=;C2l~^)&-)Z?A`x4X+LaX9fztZNz);E4k0{@okPj z?tM=_8RiC2DyDE!+XAQu940YpgI4@Diq9q|^>g^|;1OXHfi|?ZU}|hIC+|gi;&qz$ z5JCoCL^$mhwL(whUGWoUX}M!|hC#S+S%^@1+<1X_0iUQnYz7QG&0U>kTiPZy;F+#cVJh~KWEgfEga9yqZks!|Pn7Vp- z^Q}WA@id}rjw2(t_W*VVY0?nUkHeO*%5AN>u&&LP&0W{~N#^;zAh4C8Qo`T8tG*L0 z=jUFSFBRTHL|-um~9f*z%PGTVNiqm zGaYikG{Mb_^`?i`ZI21Ly?Y+FL#Um$QqF@b1eYU)3B{s3mQ=UgEsb7ir?>f;y+$ff zjSzv{=bL#>sg5JoJ^0HNh+SciAh~Rr(5QHC*w$U=jhswkIYvCgdUCUI_mJZ#Uphd0{o(eD1}DzY z!q$i0DlnrHih-I*g4w0ubNk1&>o>03E~Xacs9I(b7W=3rV7kF!y)l+Cs<3}@7|vNkQv7~LIJdY@Q&0aUKV5Qhp;*+}3$sr~JcBN|as6kq zdHnFmuP0#ij1}{8ml>VJce+dsiz0Wl7>IYnMnGZr8^zc-Z}=nqz*sKBSlJrx&rg@g zu-v{53Ow_Q^zV+@1EI&fq5JnCU9VxNzPIB{_y^rFhH)wEvW3mWQzbl<_hYPH;xmKm zhUdh1WNStT9BoBdMga}E;PM@k8p8e`KgMyeb3W_B3<^0cfLEVCGY+j{b;jM)MSJGv z)}BU+-Lm3AqAYzS#j7^#G%|~`TkZ1U!jL+RQ*<9JG ztakq3HM4ky$Mk;cts5SY?!k+*sQ=Muu`hipV9zFjzAJ@}ckt=wnC4K#pio4zkWt2M zI;untQ_+IQNG!97X^POU>gMLfa&p_EnSEFi1_H}rCM#n#T;297x%_-d=uNXR6a8_6 zg@;Wzzdo6BM`?{e>Fo?DvOTOLF+2A)A7j+=23|kzP6BXDFUoEehMXv=fY*K;tXeX0 zB*Z=C4P5i}3iueJdi$qX;qtNIPTJM~+Qiqn2#S)gyuD2k&{49Qn=wcWF>wN<;K zG5OTbCRgbvK_kZz`lpK(bRV8d6wc7I0+)R6S{jek! zE^G{R8@odcegn^Dx0&EVB8m(|SY&3c8a@GpJAJ*!)4BMGTqh3pd%v-&s;UD0&sy8A z#wsvk^f5}nB>`XSxlDkYGgOxB;Xnb#V>u$P0Q$Q}4SM-^6u^2@2w9cUV*XfNT@?#M zzCrnf$W`4U1vogX_ZQL%-So3tYxGL?wb9vK4aH9JwD)PZdL?p*Nuy2i%Q$WbTQ_WE z+Bjpe{f*w*O~D^G=3C>pAjD|9R3O$8!rIG5F({#V2C9Wkc{N0 z0Dp*uO|JHM5Be6Br%FFMI%>b(PN!QKk4{ZViFn0}^{+T95aVK`ujBHS47TAn5zE}E zdP1#r0CHvN7w6{|_Vy%6Eylf}Nc+FH@brCre3X=8kxUzN!3p2h>LtXaCZR%zXmD`h z-+OlH7uupC2#G+f>ft|r@Ozy9a){{kd*;{n&c|xL3f+Z37G`HnG}3I3>P-G%pTrvw zFRo&E-pgt#b-8O*FuNsOg)+TyA#Kc7Yy{tJOya`7BH4oe_9?zI;y}b3SJ;p)a?-jYW$MA`&O-$xLXCKYPXDa?*QuiNNLo4*H;(k_`Zm##wP z+jvI*wyGuU6`N%g>dA4KZmeQ8G2W^6w4A~8@SUY0r6TOV-ep4KJ^3J696MJ}zP?Sy zV_K>e4kKYbYrS*@iG92|T$N96VWT2=fH1kWk&%&lrLLv7EQ>*>AUXN=_l;1={D|0C zo`pG^gxJ^vb09k@$d383Ka!<$@t5L3d3iZpLofQEBLJs{@#Ef%W;}nE-q(}aSmAibVj-M1R(6=Z;-~Q7-mzybnY;oLTY)PE-NEL!0Xy#RDjWuaG^q{sl^!r@Et3s zQI};Q(;z?V*q1aZ7YtUa`5Gar&z!DA%UlE9$MBxoD6JOX+bnUhrW-QHpRl3I^L`uf zxU;pz=Da7rLNHxFXKNQm8U1_?>k)USS6(6=mA`jdsKjdU(+8>Ity4C=nVzR3c;dW-mzE%_>|C6)S6AQ{G} zQZ{Ei5H&nL-oTbekTjN-me$?f9sP{f{ZSxUdv7xwo&cnf2xP$3)#u-iK_0FkKr=7` zz3~)j-fdFd@Cp}lr!A=6+5EAZ`ht6z-r|-B#!(yW+(>4o9(kJ+dzx~CN*+e#-`RbM zqc#a0=-WSH7-(oUE(g<(W9BYgJR*cN-CYGBg=|&&=*Y;r^AAj;51BuIhF6+_0>Y%q z<^aX~d7Q+Z3I_Pv+EVZq;{ydqNtCHq)YjEi>|H%QTp1f1n+|lO0tw`E2`MQ+1XoRj zA-lVXB*N_xf-|U~O*YEZQJ@Qp?h2h=4mctr0*I*3v%Gh<`PtPyF~2F-4$JcJK#(1X zp0Q^i-Z*d0y)yWO6ksM%JfrZFm5hObfr<+DpGp6pLm}z@VeO-o8;7~n6b4z^)TbB< z?JYjptecC^S^IqL^6)gKVbp5O$M?VP$u>ctSi~*6r(-!4jIMdPf)xF9O5s7P2qu8v z|1ty{30IfU&GJHmDVDJV(UW7cx^gip_o%t$>o+&FH7hy>pwl)*!Rn*(;K}Bi2 z*y?$^D8|%{&p0WQv}R@*CA#8ZWYlq{|Bd9Y>ucqQ`oG5}?vZ_?18H-s;`MR5?VUR9 zoEda%EuA{us?+PozJO{U7JLj*Elmi&+XYg({~jJcDKk}nt2(o%-Fzhw{jK8s5v$^* zTO9#(zF)0z6~?w@gEXcshAkaNZTK3AC0E-;p@_W zjhN!1)|A07!YN>vISToV_U)|k*mpuuSoh85!E$>tT+~mk7%3vy3wF$klZoav;*Pq#TNw(asK*>^P zz8z)|<+GKL^!?TDftJbr$Aojfw8oqQ%(#OGN=p&ErXa*exPwH|H#yW5`S*!Oa6*<1 z%oVV%{LOW51HBAxePMvQ3;}PyjF{?fpC?5yg=IfwLwEspLXxO(<{5E_57{%8kRg?^$N6akgvYX+9NhF*QUq@2ZYoH5}LZ)CEd@#_K z`b>3#(ua1#I$mFK`Uig8n2l^|Vwc_4%Cv0pz>73sh;uSX@UF3CSSYjxty@}mlN6JP96HI(6aL7$vymUCwMlHkp>NX$>(IaAr@4e#r+U+7$#pnF50GNwLVN#J;G01?-efh9v^SlMp6NesSARX!_g%hwSrSkc%(Z=v$L8U-}X`^7$@PdC;@k`J#f%R`F$7PuwELf8T!h1<@$*VF6! zOnIP$0e1O%Gnw!D6V~IU(V%=P?<0D#TVJV=<1Ixcj5vvO{rWZkV*ril%Y)c#r%pD5 zlH5VV%%zM|XW?ftDE8|!njMQTG*KQMFs!gLE5o3n(Jeog*k9Al)t9Ae{qBsicyUgQT={gS51C4BZVw z=ghy=^Pca#?>X10@0{!Z|ABqYo@e&#{jBx$de(g}#ah=;$MEg+@3@tOqveNN6|SfA za=|E_`E`h`JZlAJVX+6h>mQY+Fj!5io&hc;!D>?JQe%N-gHh3$S7Z4sP{9M~Y3(Pc z*W=gxsc$EIx%l>skx_Ej2mO-8Gev;6)rqyYW>vpKF^!rh({A$X)aj+K_?~g22}8WM zsKwA){XyTiIZgc9Muu$7&nqkMDPwhDR!~b!%1&Qx#|zbKv-LfQ z$|QE$Xzw2Hp>Jw9pz2$2#-JEMQRUjI432wtBieA!(93Ebt{V_BcZBHVeD@A6o_%2K zi>0!r@6JRy?#_Cu-GH#XmR$I#$z+` zoBOyBMzAcgY*2oZoT(-xa@KyvB&L<*{j$hb#UP3IKwGUvXWCtS(ASstl2HV2`G&vT z96UehP2V5zqxRTTnAUDRB*hO<(A$G|6@3vD6z5(=%QCH!|JWQpWBi0v8l~yL?BLY( zk{w{C;GD7!r|H=%G%^twrx`xjR>7Sr629ZSk0DyST|=d-b8Kp)UIn$6g!r}EZOB}1 z52dk^+U7lMNOqxlJp=4PYH{5oZ#dt@v8N=E(fPF0f^#k0d9+7`|4nqS4qorJ@Zk$J zDXc(nr#eld>g>xFO!`_(XzOr+IqBhZR(ghUZbDJOGsD+MN#v0weBPYM>k)X+w>9Bp zYv2sx(tO&Q?zTsI0rB~C9bC3E2L1GAucORh4;rJDV9X>E=&g+k;$ccZp4qm=hmTzl z*!NOc7y8}QmFXP`UUim7N{J;TcGAkUn@&)0`QRg4V?+?2S)t~w^Yb(JT{y8J1eb@X zAS^t+?`i$`Cm)q%4JIEO=qP5Bz!#pwdQ}g*GM`)x#KqslIjDIr5<56yhz5Fm=WtUR z|6@%v6;F6{Xti<@G!c1RdaYR*XKQ=?rCg}#}Kt}D*^)}J)Ye^7jn&l0N?Ypr6 zRwFmHxcrZjo?L}@yx;BUlk~Bk}Hq5kv=LlrUUH9aPRq?>!UC4 z2S!qt##1baqfHO@xZuJF8DN}La#&>RS+I@QIa{8K+!gY=juZ|S4zA6ZwF@wU?V<{w zP*t1oC3*7a@75zm(S23k)bL+yjr~bGAGRJ1%su;7c(rp1{#c)7<}r8K`c~`s^WYta(csB=JV>O5^lt4od=|SdERo{=+CBTCdgE+teRT-aR_LK= zRIZN#%U$XV-V;(3P+$0v^1cfFU0EjacMYg@RgoUaJ<8R7*?~(?1H0!L78nQ5w>un+ z5y4+{;D>b^DIC%CZ8o1F-nXJDHx&D~nikLCbM{F+Yulm07A*MeSLW-U^NHs6*;6!hBJR_E65!f4I1Zry64@PcyTiD*U-INQWIMS?$GAuWn$xRM6STOx6a zj&vQ92i7j$_6t0hzUqDm3{{>KbwTCqkm>aBr> z__w@^yXGEjl~)@N?ixnu)k8YFvx2)>)E)B`##l8!g|7vs_?!anFK=a5GA})%`hksE zqdpm%NuP1MfCZn5g)Lll;Yg(Kg{*pPpQf+6W1qXYd_1q62pG<_@bm}Kgr(FrukAYt zHK&2(`fn4|5oNN-lWR%c;d90EX4{IsUISx}Bjmh*%tQJNemFw_2!zixUV~*I$M`hs zPRxUHLV#x?|K%RU_=(uzA-_(UyRj=m$_~3B>njS4GoeFolkxq)zC3)(vL;@WiP~XP zoxAWolZ{zmYogSBgwS&-Ab`J3+w1&b#ST`vvbySPEwQ^gt;n}#&vl%ySYK*M;txpgGc_5bfT^zq2U16F%DootyaxZ5EmD3K3*SqjnXVmEfgquA=z=}9zuXa zkjsiqLLua`4iE_^;1sKoUziu%+l(9A!v=w@UEXb~&`m!oPfJU4-<##J5+1|B$Hv9Z z^uuu5n91JD?`LmfNvf3=-BsN~QN6Ci$J#i0>hbc0mZj26&8JTQ1G_<`EqU|+)bG^f zlHhJQz{L(qOxT_ArV?@a%=aumKc7iHv5m>DGs5Vu_(C(v-CO!T-uU){57b57?liFp z7luI@r2U>1zgL{fqODAmpVPdNVchcM#yJ@wepWLLC8e%?`D^4XtzTG3i1oH2HmHww zSp4CKePHQ3VMQfSqxUkRJE1UeGETdtSC+5XfBeIlh-&i%?*}V4Ko2Ghgsy56ti96iv*1U#_F(dC5qGS1EF#(W~9Nx zX$s)pd&mOnif-rmqmzbUH0h^<_j$rkV`7MOU^_7Nq$(d05)%6@fcrsm!CM;i>NsUvvw2xYEIz&=$8v~A@WaET%hme3Pl88|Yy*Rz zKCK9oi@(3akdSl6R~E#Yp&HuNYr=T__ONFU<0)9a7#{}*FnNvVsppe69&2ok6;i$g z2zp+G0BhXNFJEd?mlIE%w{kkG!?ft3N33>C(IdB&xrR@i(fO}$+JU|CKW@Sf&*%H~ zt=S0)2_xUW{a#nYdtz||WO+hGMRnuG6*A01>=Sa^F9JXeB(HrXI<8ji3R7u}XUKZ* zz@4M{jcIR;PpDg?y0B5)%_MlG^Yg1^Y34HtGEG zl})j7=Q3oN#Sailv$1mYkX`jU1B$;vBj zzUB;Z7UB^I+lxmOe`SOCr>>JzkSNFrx#4m8Vbc!I&d%O`mstX)1&Q$SwAia-ce24X z1n(rMDACWl_$Q>^O%3~W{NfE(ilnp1$K#pu+vX~PEwA`5!SiOyaK-w zPVn&au>oWZf1hwd@FzI~``;s+_!;Tj%-;0pg9UzYEc}**|Cb0Se$Z$D5$^#`4XGbo z8$T!~*rj-YXz0Jr_y8V?U)&l}KvZ}Ej$f$)!0C?&_A0=ym7E+*RLxv;*_ED3v8$PR zxcs89kofiXwJ{@qWxV^oDi?c3p%O3>yqT$$k%WVXF7TOyPLPj-j+ci6 zNPhxk35c)m3|#snh`S2=e<(iuPwIz1m&p&tjsI`Tmj@c)m>{@+*oe?ss7Q3e))-|78FNA>@X-hpbs`Ling#&jdd1tk2|m;BZf{nr2d zYu(E~q32&5JO82jE%-Y<|B&H#dj2mk-AGy4x|lh!KYgP1)Xc=e)QnvQ=q8bUIz~1o zI{HTpR8$Z6nICa*^6>D`G6{+baEY*S^KkvR2?{ngHXbe>89qK4*IlZ+T>tV5`4w~v z3xxn>9uMayx8wh~Ppr8Yq_@RtHy-;qTqM>78VqxRp0vA-=1l>SEMZJNB zijIy3h>HRNz6YV*Lce{NQyk-tvJob|BN5l@51+6YBubizRR;GNxs9Ftv2jR9$;c`0 z-Di5h{E&y2k6%Dg=*d$_Dd}f2vZ`w88k)e2!NkK+;%866v+n4DTzTv}dP zU0dJSgdZFp9iN<@onQQr3k8JwORPUj_6NCc0dn0yLqkQw{2>?04R_!`y@iH;mlNZ* zxH6`Z;~jdg*H}anA3l{dV>588>=PS14dRe6@+{ng{}An`WdEFC{{NO_e-`Y2f;st{eDOQHJc9-J;zS)yfL!^Xjr- zjq|kx01@K^xyJPR+@UggOX&TZwr!{Px_z!(tqw%dvTHaWa?MS)(d~<0`>5@oXFP6# ztsC8KV(5cVF3jOti2)R^Q+8i8I`{6|o4&s&^HYe~ySZ7MHG%Pl#-*?Vo4hl(Xv%}l zj&kH6Cy}2;H6qobhc(+!+NV-Qdw_bF3d=Ms-&d+u&JQ#zBA!zh!US%~)1{3hUXRyQ zo&8p-FMG&kVdb1svlS^DQkQEMvvei>GSx^$V?{$GLu>!|B<#uaPYX;p)K;9=A^4`_ zWd=Hu5DV7wo?1atD@gx`Nzni5 zaNm%mT788he3VhaE=YB_l?aj*R^F0>O})C)BrB}4yjCn$lezO4T`(l>o+j!r&z!7* zJB{aYABf3XR3HcAMbH!KOn)h_(R^HHc83>LD%kJCUaV1lN8{A(dKib}wuZW;d(%T& zvnEi6I^)*GxO>5wI*+#;1LS21?{$xU=N+;uZ!L1Jg+B=^%!rH@Q1V#2a z^@;L6vnnkyM)IaNFkNEGAwkdwO%L;PJ#-bChF2=z@+MVNS_Ghc4@l+yfCP;d`j*kO z=jJD)d#**;vDzJz(V(ftsoj@Uj<}-oK0H^4lC~~_v9|1t9CPI!+14$5#KXQbK5-GU z%v7DYX`bk5piP-C*j3C;9v-A67KIedPK;B;zvjRKU>$27WQu*ug4RA z{&GOk8YGY&HuxBm{3Ij7`Aj7&mlYPy~4L^-`g zeoC9-Dc!EkI@cCP-!U)P?yiBjU$wvc&Q+urYW;pkjrtW84jf{l8m}>OulD`H&SUDx z=DIB#FcsOFnMO^8hw&r7$cGbG5{VZSjY1L9A(B!2rY?75W9I#ZZrW6qpH(bw>AD2Y zwhJh~I+Q4wI2Ezj^en0+3&J}1cF6gWd<-f=egq*tth!=jCqaS+Y!t6BiTqj?;SN_P zZT@kg?^`ddXGw;Yj`u zH|lC+_o&rMAlaRzm*UT=U50Qc8tP_)x4UPh<~k`aJu6bUy7@Fxr%0_FM;utnX)l+d z9rf8+H8rURt8$?UsaBc7sWN0`oX3nK>a8k12Tr1SL=CaL1kI8}Y7{|4%8$|iLkCbT z(nCZ&(r(0uCEtmdR&k?Jf!6!#d3!0{Q0^ph+c+CKrBXu8_>lf`y+la^g`)|TMk!g3EJUt_F#u4if3m96?|Yg5o0Dta3)ohSs)F4E!DSv zuwOJ+U^QX{RKHdX))DNiV6mM!SaWF7aj*tGNDuiB9S!{R=J7e32)>4@kpfl+BYnXc zlbRq?rCC!GIt~T_CaCjc8Z${q3KE2+7>ER|YYqDC-(W}Fk35s`VM2l=Izo}4SGWA& zJSgyR;uH6)yJB~cpid@}K*PamI!gpEVDCe(aVgjlARwvjJ7x!u=H%Rd;F%&KD4Y}t z0?{Kui3_mOBgJ3lbi~D-iIIcX_7VCq`T8Dy z67TdDv_!aFR#YA1AnH^bd+nLA1!y~9TvG}91;Lu1fnhzOJ0wl=XDo*2uVflIX z*o?_sBn$ZzhGX=3A_)Gzz}?9Cb#$k!g5!?(S0>De*`t(PJg2C_l(b|Q`sieDBYTk$?IBWVzcr+d+1(Oq(c zNyfCHFUI-ZxY2mn6+@B4D%dm74X)qTEAtig{^U-ozb+ajRaK{UuQk0 zxwF+yoeS|qg0{X(eH?(%JcD$E#uM{HBUuD?x`bV$Y@@HkZIM$aw za?B7eX~_$Vf&^&`X{6Ws=mco#<1%L+q*rrP#qAAr7lz$wp7&Bhmu1!`r~WXK&)lrS zA)fh%qIlRgMjChGHXf~`NL@I#SJn%EAGIT3SKwhwLm;Gt?)4!370y38jw2@z5z?@| zOY|-zD8smzsaWe83SNdZB0*pDpci}(K^F=k53=bSX14h_3!)vS`pRv?nnb+`t#gnd zZ1i9?zs%(|gns7IRwr?;cFDR1XV2<`BzIABTPlAc3+g@)x6=5I%MQhwYLs9v$4#7= zhcb*PVb{{UtsAsN_Z#7ol_{*{_gQK*7@u{`ka$PWRy8urO-U~3hLW?H=+^oBKaleo zc!LJtc;#74G$IiGKO%` zvNj~>=8+$P!)wEx_*R6L#56M!WK~O;qjO-V*iL~2g|hWl0R?LmxMxYHLLcS@RXr}C zmX@m?=4C2%i?AY18RVOvJufUIY$v5a1Di$n0IpJT0o2^%tBB;`3|WpShqMx2i-&fq zqot?*8tuHI3cEIz*>Tj3azbkk29K}u`Z~j1XYQzzjyofLqGB1w4%h2+X~kT zRHCxUU7suLs0R%82ioi?+wK~DK(zb#tpxV9(w^vkx^OLW*E%b;b3iGp3e%Np;{tqA zBXeeoY0b=RIp_kuk52ORG$<-nmX?S1R>#Vyf1`5k;tj_kTFhc*xk#xF8MfyPEA;z* zAtmZIvEimUl=-d75nKH>-}|D+0>aV_%;N=5^Jy=nR?#Al+&gK`@-B!@wz8%yhh)=5vCAfmBT(J>n8-<($)sfdookMs`Dv02npJc zLV{X8jv+w{x96@)t_vD9W)fhfqH}&L8;SefJ1$M+I#zQy$L#nIXR>n~KX-cK!C&3F zv5jDb1(*?Vhzh0=Y;_nAJ5YI4$qXAu&A9f6K9FBzsk5yATKWJKUUGfT{h>liK{|(w z-w%Bcy(8iguMEwcay_5fF}|2CGyTi3^Mkp2uhndCjf6pX3VhktXI+ajK5twESjY3> zXK%6FRiMFGvBA-U!6DN9x~ z-$vb;$~pUrr(6-^Nv4m?5YHZ=N5|7K^tKWi##)*1!jO*6mok(DnKy)8`&`^L+;hGf z+$oJzX7=?lA7nj^!q)cLcpPv3((}CXXb0$__N!dTj{R_Dzi$ZzdWn>Fv3>IWKv|_3 z9z!=Z!SD$CUfDrNZ}g%;*oAqJEo<@VgvZCt11Kwp(V_lH@xbYRYryN&BhW@8nROyC zTGq>X=UI>6Znp4w5qAQ6ZnaXAybv+L0DjPnmOO9ji`9gFUti;5YRy1S_Zd&qjzCdP zndx-0e<{Pw!4DB$A2z0PXo-&GxgxX5#4WSY`_R&iZroPE{YqnOdnb{jgWAg7n>)b z1Rd>dNWFp6&$S}3zaPPLt>#pRU7L1DW{D)=wyw-|jQ&rScH!zGGT=ZFX>UjOg;3ht z_+BT@TvMeTaF#nYCp$f<%Svc0`v;b$aA2m5=)!y>t`XB*w{x2WMuAdo;-|N~#1No? zAo1(nLV}F5P7z)D;0}DRXZ73}R;rI#E5bDdDp<`qo;h$DYYl3-U1rW7J!J9U#|)+0 zfAjWUZ9^%4C8=Afw*FTF@^l{y>av5#V$lbvehcnbp|fD1XU1z9OZFvOkMlBr?Okv- z#wvViJ;@ZzH#{Yg^=kh884f?;$EA(21okkIy9-DV?v{>WK!Iy;?buCm(T>l9h)p)9 z&o`5oZwnp|*lMaT=IjU3ke+#iLs*ZsWvw{NZC;qLJbV?H`T853cR;FQ1<1){K_ree z@f=Q2MG&90K9tF2@Rq`arCQ_hXDqO53{<|gSYQ+${O*Mh`94f0K-b@foUsY_a{+6W z&GYaSsQ1f$oa1lp(%^P#(l+RR)TBp_LZdvtMs36<#&9=zn&qI9g(ql5+0W2`+5yhe zDrANPy@n|aRnV4rxE7<8C@80j^W)41_|IsCfe29}EN`Ud>}U7Le_tA>ZR5Af%4%tL zW$h1tbo(jU%k{9y_ZFyOt|vvIolW>IeTIvAI_$yO!9(*ck&YJB3D0&u;r7N`yytmFQ4(wU8hG!>oFjrODcJ;zcy#i({c?s{F z$!b=HPy%M4>96*2+Nry6{GKMwQ*weD9wVqZ_BYNXdbX67|ZQt4j_k$N;apvhD91y8@=wwU^03daWVFo24|*Z{-lmj>ZLB}l?w*|BJPx+p{E7xwgP0RI>*;dluB&ojZpY9_$#voVgBFx%1kCXQ2;nOH zF?xEnTx5j|Y}qwnrAV8lk&wKTV)KslRsgiD`1;5uf2dxwKub5%+o&ce zdijoAR8yp$x5oEeqJn-ZNs5DbQE+vYBkE@9v|i}R7m~RKxpdjjzOU@5_Z6Qf4(^Y) z=O^*$%6sCE(Cv^a6DAX?fJ2XXziwWHA72lWMg_x8O(H2t*D;B0p6&Oo=FmrF3%uKu zX4)^vcTyWIBq$KEkdr!HhmdDm#|gDZ&03vuPCuT;c=G+?*2JZH_i8Pg;lf{$h^hQP|fq+dDSSnVk9koASuf!W;Uu^jG(5>uMTnqc#r~bwl3~7-%Qg zl^io3SW^H-sY3lt_tSmY6HkbxnRUG_a{-x-{!e0~m-zN5d?_ION zcK~`IHs?3Nrg%+B>?!KixqXfVG3=aP`!6FwgC$CsLoUjaoLFic&Ey4z(od`EpTv?E zT0cPjCL%r0q1T7=ahd9k?BR~Yu z(nX?9M^Tkrd5ap%ux8CtFA9wgwJdz3 z)50R-p|a-C$+z3I&%<)*;0&g|yhI-xt8uN&8JNy)#vxo-zPQP*=nM|;xU!sT?WEde zgu~wAuw;A(ZVtD3r_@ju!~i2n%uRkX=T54l%uLR&_V#*&&hk6b&k|y5MvQ01bHVSyXh*&?_>(RknFcZt1|B^56Y7(Lv0v}!zl)@S6y4AU*d9)=L3uEo;n_U5KE`QLX5uPVB9C{_<@K5Jv%a`Wr zK496nV+d74z%JdBtj7?BlRgDzAIeg8u6s?Ww}veLv^soZB4F;E>Bm!~uhU31a+l z2Ns4Wb?McLXL_k9NKo1-LS_K43Mm8go#?ONBN`;AOArY<3jyt}7v1@TlzuJC`-In+ zO$Q3VlV1tf0#%mhy$_doGp%(q64b;y^ScY`p-Y-!<%EDe*9iEZyDr{t^h>!+V1U*2 zz)nXjgcTKKK?nXajL}_N13G{$MUp63@U>>gyy9n`S;rj(yShfbozv{^biim#_V+rT zKYWLBs!yc+TwIb!2}P1PHqRqkW-#;Fp8Y7J6Gl7bM?w`$adj+N`$0|9enV|5FZtWrn0sq)Ql$@3KzU8UjvT0(GM ztTb~~{DFVr%{ zyi)Q9S-BfEj776SwGSiW3$$$bW+6c>-5GoAQmX6H)(x`Cj&4z9SY0v(Z0ms8=m|~> zyz1($0Ru2a)*nEGSkDx&Q~G@iS_EIBPXqSG>@>nK%O98h!74&9Qok$We3Y3H_8ny^ z9x5yQ0L61HM5Qgw;A^s@eEKWWnSRmFOQM#*uGqh5B&T&9lq71S&WF|wvcCL$54cMSST-Mj2mF94J8?tH-?;2}8*gH53ihiG}x}nd}j0E3)+}@o+8q zGiO_)%4w(SF|WbEhnYa@ORa;9?~#Gqd%K0l)HLV#1&XVW7?L^G(@w6e;^9)KcK0jD zL%uQJ#t?8{dX?tn*(u8Me#jw70p@Jyb8d+L56J4EvWCA4NP5=6ytoKUhmMIz6)<|7kg5aM_ZKz^w5-=kc;j5zd^NK0|99 zr`0>^G7)R-3?=f95uV2bOS-j$?O2S-RtUx_A-m0#Yze}+&beA7h}~!tXlk(d(vZ_k% zmhalTEC*6uW>ofM>U5I?pF5$1Ezw0vh_ciVi|A%pZ(|fY5Ess?q%TqV;*ZL!!wFx_ zVp_4ro4CRz#vdGXy$H2)w0!bOBuenY(ID{QhKF#fJp(pQ@tj7yb6Oo7Ju7y&CsTe^ z@tbbK*%WwEA>kAp>oks1bl)?xM#k(zXWXyf}cJm2ps@k|sjz>4{+qm(zTd)}^&UX_2&btkW^lFMS8yD8N$0l?2UJ+mp z>zHXb?!w?8Gpm&BrUFZ)=QLx|jmG>~F+1-RYc{1XdB0iLHmsJppM*}jH*%!mq0_ul z|M;nTjM%8MVhYu?i3}l8=Rk0VX0Lr;k@H&XrC3a!#?Ybhr{FL#YMsrtGdEBHjve2m4wXMExcS0amzt$Nmse1qg(i%Cv0$d8l(uJr3JfIk0 z*EdS;wxZ}d2;J?y_{_v=RK%zV->GIqE}Dw$*B5Ad^QtmcruT<5O^MtJUHAJ-yPuT_ zh!tgAj0zWWU3@cNoq9Gd`fTa2@Sa40`U*+>r(~O<=yKDfV-`-8N%gxB>^}YqLG9Sm z9878}VQ&p7e_*uyi`@LOW#!y|i1PU2_ zvgzV(;E;9id8_t*_-yj__k0;L1kGa2%Jc49Z=WaMo@uN&+WnLco4wnOH=gVf{Z)q9 zib1}3azs;)B`33-BbJHUBzJXgau8F=l|?>t>80^YQ7=`C;UO%afhwJv&0AzqezFim zsCQ1c%Cm&{vIqUvCm$AU`ea6Gc^skk^0uR~uY4~WXeiZGSJ01{a*I}h$`#cudx z>Q_bSlpYI8w;tzuDeLuB?)C>pX#g_{70@3B#=@yTjGUmej*thL9DiXzK#}6&QV@pA z$n`IDihWG8z<6~#KJ2ueYF_Q6a?c$?T^lA6S(Wqr@=wKV-ub3pXe!}SvO{Bn3T0;C zO!Jd`R_8(;uF2XO3Mb6lK9T@n>iQx*N1OoGO**vZ3px9`|I=xJ-fI;LIFvp6g^EEa-` zzA71=>(P_sxXp(7e2w9-&$A|*fWu%avC4U>yCf>Hk`zfQQAKgCl_V0Q?W0p!`y-PaTH?gV|<@_8&i>>~nFL-|w>s%;5ZJgVhGj_J>uRnJfmetf{3O6m<`aS&|h_GjS7GK*>h+I&Hb9HsM)19ulg_D zS&R{KljQo(n$bv_(cCh*N&dWT_rvc6jPn4rCrNz)I7--@S+ZX-x}_zDRT5sIEtWp) z3mPmNp{qf?)(vKWHP}eV5}Pm$W;}#DXFVv&O)b>N_%L7Su2Vs(5$EyhdOWrTL>u})Jun{Zp_{6A!JXUEt*vUEK~UaxWPh>2-!dkO?kqLbvrU`ck<1Tft?VLzb~*PwS3C*v7=s zm+}Q=*_aJ&R^CmYmE4Wt4WZcfpl>&{46Qn!tV@>=H=ixDCz$$$5<+u`_kdk?A9kn1 zu04U9MIcyzSOWdrg#F*9xn=E*MTLNbl{fl`ly01gAVJ6L+k#ij0)0fF zA5I+vZxR)_B|+>)eN?+5fRBgcW16mg-9-pAm_i;`*MY5j@$vWR<6Hb0ex(p^4d`3n z`yOvJ;H-n+kNL}nM=K=)ET=QhBBWKv>V?KktCF7$o+o+XEtWS``EAT0LA1d3uzH7F zg5c)c7(*7N!PLq|R=9iI6OX7pzt2xQ5AwR;gdG$LpU_SzdS)b|Ff4WLshz(ukgwK{ z`e?d*IJYjWLex56<<*RbQYASl=0+nyh58;L)!O0@m8>q1AWcDzqY~vLSM$UpM1l7} zJA3Gq@R`zv&Z8#F#u0jzWtU3TfPqW>5<~td1sOrc<;&5ep7Od6hFue1U!+V9Y^Zx{ z63-O4O&Y8rC;ukG28h%8Kiz|F?P`5VH9Pk@V!_aB9H75s%o_-42{ftMbwP)BteC$xR3R|I)^v{Oo}%HfgV{J8MfmjIaK zSGD>TX7_&z=^vHJpCLEwQoj|?e;Ay=#qkSL_MZVK@ca&a_Os^v*VO(~ms}hGd<-~# zsQOO{KnQ1!Uq$g>ESSH5=ln052p7lCCIV#oXD$0@nhF=kuPXZ=Dzo4BXFn?Hf33{^ zg%bI3DHjI-j|7gtC|yAy;U}EtFPhGO3Ae+=@vG7Pht$mXyB_I>P`^|2e*w4imoOc3 zBU@)P_CFzcq<$cG{)FZE4Z6e2$@Nzesy$z-ji&$+s^?};?Q?Zmb4LsHCF*Y8zWtWE zt&uEH3;hP#TggW^@QiQW zKA?5b+l%xZ*i)BpcsOg7@)EKqSVbyRczv0x8gsFp>^#t*@3S{3*d&<&pkv-YFV`tl z$hjjq`2CGRF%vkN!j6_f6yP%c_*Tj6exfa3QlUm@s}WPXeUPU z-Uq#~rJJG(84zla;$gP#Rj7Xuyz|lreSI4AAoQS2qxA}(?X4|s`hqN4gZR1j zcaHq0DWxdl%Qj)xMdXi35BT6&38)+X2DBOSR}=@OH|ZlILdpg$%Y|m_tGN6205_@J zyhjen24KI1s~TtX{sd8zsq);|ShLJo=!Xrrx^F{MmOM`xb(n_4jrHBbUJT?a+Ds>u z?JDeMlgiu$XDVnrymZ>r13>=~eDq;LC%inb9Lsf-M-rY()y+tm3i31Q>8ta3j~%U! z_PFiY?g*7%>J1DYT12LZd9Ht3n4zxI(M^o+OW`)@j@i7rs_*T^i|jNh)9%voD%kVz z=#D4egXE-NYUbUmJ}T%prQHy`0lI%vExC(pV&UbPPwx4-V1;U4Jge1Iwb3!6K{&N$ z+IjDslD)xYZ6$uU@!(*_!a={rac8@R`_1XLwVidMp^{o+QamjVx~huE)7j&6fvJ9c z?z}B03*J5fpWry9>*p$G=1)DIu&_(2n&-w)o#o!kusz!Y;#;8%ZlIO!x=!r)LfOIK zs_g7MtL9{R%5fUuQe=0QY6Cx;n8(U)tEQpPR^d2JJzh%uT9Tlw<&Qbu#mGl=4a(-bfQ3V(?bI|0dsSxIY4l+#P`;q1J*2b;TMpkPK7L zP|L7nB}>UCfX0_X%GADbd7C=i1gIeI%IOD)J5*>5p<1;|qH|MFjumJRPS$K~a$6Wy zdpA^_PF<5iFV~?6#3+B0GqSlge_(bGf@nTPta>+{@^5SCaW- z#fFC?dG|)uSDJfW$|e~%rEQ6K`dIaR51ZjgL{kPcw<-Z*mHlbg@S6KQw*Jf*+RK}; zLC_Il^w4(+9?K&V&mhkBPPdY*Qr-xjcIf~~6Sppwf=^VHp~9hs@W7=JETQc9dt_te zv19k&X&Gy&(o04(J#(avo&-DO&Tg#2ZekOoHQQI^1mnorP{chl_+oOonjuY?BH((p zD|cEvTVHWHF*!DKY2dd6i+5;zd9^54S6k%n2KGiw%}6^S_Z?<^N2WY0E0&I?Sl?(A z&Pg_mz%!rbD6*axw zTy@u|vWE?o6s|267DdOy+^KiAMIaZw-0aid8|RupSuePqu6ScA%ubYEPBcE5+2XU+ zt+v#b@r-5S1;}95UDDmi25{sFG!J|HlD_$S?iC|UrYaOMAN3q878;1!@?(KMD&2JC zOL)FPp3q#sSgS3+#aB+V;Z?iV5{|!vIc7Um>$ukpu_$7%6p{Ct7oW>EpYXp~!$1Mu!70?R;UMdh;7?8g=a$+dhAIl} zE)`PiJ&rHrq`kc?9_dBts^|&3_eZU^b7zmm6UPv(5NRspJ!E+}fNQ3y_;6>U5qW|; zSLb*st~pS~G%zCu*)>1x(3jIJfY!b69F4Kk7DVT(3kU<_)qPJN96=B^DZH%mMBw^8 zixU|3*S7>c9=e70`q^jxc1@n#`XWa}?bytl$kaNYl^UCdIWgzs*pq;n=$!F42d()U zkBV5KddaHq;}g`02uOpuMG^eA!!%MU^g27V*ws`hG4iOi-)` z<1?8Z@{huaXKJ^t#0wBS%Byo=e9$lK2M0&9^k+^;M8CNJG%=U9!WeXm{53a?T$&V% zQ&Fg+_dOe}EL!Lb4vHCr6w5EddasXqL-MB3dlFBn1tIXM(6v-g_(_1YD8GTA)5+>k z#a7-{{_1mRqbGb(_tJfCs%%B0Gg~+X=2ck$u{K`{5p<5+0Xr=W9b!i4!@SR07VZqV z&@@Svdv(s{XcpS!f7IKV=A;=Rt2{;cw4DLDoORlyRz;zL?{m+d zww)du4zu-V)*Ox+_h+Itcg3y?leXM;wPB4m-M!?z zuF)2NgV&VvRg;Lv$3l@?M)+mro|xalqzO~;X>#4@jB~?b zTSWkq!?u`*6GT^9eW$$sNL9O8MhoqL_|!g$jW?KHya9W zI_w=NPPtks6QvdPgF_8BAZz_A#LlbR_At-Y>As9k_PJWurnTvc6wH1q5yzeVccHp& z)CIXveFNncdHFl-%@=uRau26yu8qGY)}Lx3OU{~Uqs_iF$0xhGe`!YnJ)?)beiFX1 zk&u-|jJwJ{+2FjlIu>5G+EhIILR2KJv5Q`AJI~d;EIFO%lIv73+}W+EwV5k9m($SH7)Kup zxF4-e%eg~2Pa^%(RFtxI zV=jX4Aq*L{Y>xbo8>!A6knSA2OxLVhlBl4l8-o@(t#QyKb#}c8#QV~>GY-`z?h(xWXu6q&(9I>qaJb&y3u4Fd(WnfDhat+0`tcJBx5&p> zZe~iqtCcVBxS1Dt$Da!;VHgb{c zitnnM6z_|iUND@kIXVa?X1CY5oDr=vn5$Wt8q%hn7P;=>-)r#Nm^eu(Tr1X__4{IT zxQY*(a<`qCEHT$V^v~9gjlHL>P2R6`tM6@lKNHGr7mP6FII$}qf#Vv>aYBrjNkFVE zx{&mC+kR||0sG_%8(7g{4!dvu+E8xMZjSr*)^xpHbA3&-lDV1sd4YDtR$QNlhvnt# zj@tf&;VStQC#Q`T>fxOF`r`ANLut1iJ@?h^cR6*DB9PLp{SWky^qY40ukH~C0Nsm5<8k}TO=m=$17SN5H}j+ATZoKGy}i4#g2Hh5 zMp7b4C98p#)7FV95U9SYyijW-=2q`B8JWU7HoIhfXX_qS3k}|eq1lrRfOE+y@3Oi1 z1VEPV+StHqT^%m_XQ~_wMIqTXbBIbviX98oI#IaE2)>vAL^rm2O;k4{K{9~)Wlrnm z$?E*EXOB11MBrEu;ybS7qY8TU4x_Jg$F0VxtaNo`tSCv?TUB+qanz=g&2X~T_x;+cNJssP)f3NQgPBn;tA!R!*x2VxVftDRxmWMRIXs z!|E=u0R&`+5Xm(kHCD|n1&?8WA|(L|CTvIuKO7Kr(Jd38#GdtSZJBU5n$rnzh{n6b z_vb4VxJ}z-eVmoKyh6;w>tImpWnwRGB;zTwHCEaGBuA$zC3);j&0ay`?`Bcb6^4lu*VI2!BZ3a{3JJ2f&i+)Mxy$XJ)fmoTvWG@V+QQ7Bklyer)>_6!| zR=&3(=!(e78KeGKW$E10F(VIzMUIO-yUHaA4GN=mhi~_>Qu(|H|HQT&E50fyGKUKS z9j$DW^qH3ptP!FOadVX=lJFMmm02ttMBv-yjM)nr@Y_jplzla>tkGjGv$19`cW7vY z46lqGlTHbDAL15jSSTAwiW^Oqs>9s(n#!%V-X-SBJ-pBUQOsFeQr(V&<*5|O(#nDT zgtILNjeo0l#MN&8w6=Wf$qoo~UjU*kfX5c!vqu;cBcEH860fUP<>J~IcT(0z8L60S zsHY~;J2YvObB_@1N$^_y5Efu(Y* ztW)JL&m***$BE_haz7{E!U{yS5=8NHGnZ;!U~n%oKssuC`MPvMOsZ+I7GrL@>ecXi zWF)M#+iD{LJvHWe75|IUiSYZObnC{CQtfiBu+4wO3csfHW#tm|K>;n@Mofe4!<$%1Yjl^H(k&_!+U+O2MxUdi-Z-d36z zRG>`z5l1#WJTcCscoj7DrkQuM=97c6SkG3u?ZA*0A0?&E{G_TfueI`h`u8-`>K5m?lw2@Bk-U*3fy{+4L7Z}HJNuHtE0}(?Ht)Xj_fYw8_DDgxGP zOCM1p=;+Oo)W+!OGSV_r&n`m328oc(*f#XPj6-gCFCzW($~ih88zFY@09}q~K&#oB zJ&MZLU_jN^;-S|``mURlMtJ?e_E?g$@}nlVJ1sYNDD|MZV`lVtMaBh1j!uq8dit~hM}i@=mv^o@+kzwNyRk@z^W&pi&+ROL8yNhvPIwX{%$29Tmu<%eF(G8r=N?>#kK9Ca^UOV@OM`jjs^Y*du&^Jhqf1$#~HfXSf9cYDG+@MrgS z7dN_T6txh!=P%yLuf?KA;t-RXr3}5s0eg-#1?q^^Q(1+f^9M1ze4p)EQbKnKuO)M*)Jv!B{-8TH zEb8o-hfHrf6lokQF6|BlI|)5D4V*q-0ro!f>NGq|B(A{w3Ton_;H$HSD<9ji53kRi z3}0|)g0;$pwqQsRr{5p;fy%kwQpdS)euN85rEL&Q$>0K$#$C|3I%}Dse=i-xS5sVh zqN@VnMI%x7H*SGAA|KNVc!dy$Ot2zCR)J0DWkU#Xfq8h?7YM&lYj2~{fq=0Hl-TEban9)- ziE0{^igtvt+tOPqV*+rG{`=8SuO(tEr#7RZ!ok;`+n+jqYlMpOHlshs##l)O-=)~y zn_jn@(+ad9AJs?n@#_{}*cE3OPuPEx37o$=x-`V1o>CA1x5d}zd2NGY3=yfDk1H&$ ze)xS$H0MykStL9ew$33vWI7OO4T&qOdU1>r20#(JfzFml*Damy16JREISjT8zOvxJ zHD3NuMCXt+CAy4LmEBi}qZrsyN6wzstgU(5&SoLxL|Du%B^wDxh~jihqh*_9Ae|St z7==F?huIFS4v|#&B1hAL6;Towam9`{U@rQbMFVHtFQHtmxntQki$9V!X#vW6Q+9vQ z8yMl2Nz@?!YyFdo|AYsEkqj7|`=*$@LxNVWPQPEZ4H(03@NEc1R8`%T7q}h?eyA<> z@0e`gv%h+gN#N)w(<$0wueiR$wRN4?@f1mn64)nyG2zg*i=)C<=kW981{N%M$S#X} z8xVHvwCs+BM1CyE4PpoV^ND{+ATt{WHe)e<1;q*wrkq1Re%!)?EW?3FpLs%p%OA6? zdn_FS9R+Ibp5F5>OZEu4paP$UwF+m%7_yzLh>3}GZ=ei(WRoWwHl$qqPO85N75|2Z zIJ)AqjGWwvv=9;Sf0=-;jpV#|vd0a0$|oB*gaF7ZnE38Hh&eqG>Egbe@$!QAFs|#Z zcPziM$radorsf;H5;CJEuh}m7RQV%*$xyh8@mC4iVL75#zyjB?~#yBY3E5XRyH}c!8;H zpfTakCSb%K=8Oa39-+TFJDkk>Echv&AGCRv@ z^XD1h%e}%%`E+CsF`7;tOs5#K?0N+wvw3|mEygf02_WL)Blrt%{ONoVye0rzf*%A> z<9MHU!B6gm6;A}j?jUc#_`UZ-FcTAM_I&|er^=j@hz!ir+J2~ey)8<+&r2pqVy>RE zz1-{cwB1UZ@k*j~dPDKEG{+_5c3e(BSrXQQ!OG?X^cF#lE6cpIWDzg`tY$A2ToRxLP?ROKXDvoQ=o%PVwtxew<$LBVtYPlln{V z^N2oUuY>=r;%~J9#2iUUNnJ-*3lW{Hu9E}`e6|a|4c#UV9mC;ul2vW`Ai4 zG7)JEjh1ukgwTrsvyx*C8aVphcG=jXy#?_P-$u$;4=8~_<%Y-HZSNkU5I%Y<2s}h# zF8~4|4BMomU0=)={;Od3^LuZIG8P*@5%%B8M1#0y-e;i5c3v-TIygtk4(cL5<-LXR z^Ec)o^nF-f|9NQZ=GJJH>~p{l=meVYUC;JF44I%O#}w89d`3n_4tg>MkKv$iU4MUn z4iQ<}0BuRE@$#NZKo-S{qrH z>A7l@vMo1d8#9~KNfzSe$ti~wR)m$Frc9f&sj+P;f$mKVR>N-NPxXDDZqTF9`eE(c zZ<2m4tabVdY2ocVsp2nw*eV;%>P~aA;3%_&(--SEp&*Hikw?MGri>$`7?*#>?vT4o z@q>ClKYFlj{#o;~H&`7SP7S@vdU-U5#+4-uebNWtsMYkt=aH4p5}uf_1TTnYiTI}a zL4WA%e@$bV!g|#sRW}y(XWdswl6jwfpLudm8BuO3hMRTif_Lyzp?+96hS{ zCiQVq@wvE2>w1VL3te|hTh?fHVL^IHIx3GOiFLT&f`nivF9rmK9#tOrR36g%+1{DhQjgu1R(4RJ;kzdN5o@;a$30dd)@z;1_GzdEYLYOXjgkR>sF; zs)4C*dbpfe8a8kwqd$c0bhhQ|?g;VB%3C3p{G9MT4SWo5h@^hadY!tDb|MG&J`n3E zj{YYsjxZZ5UFOt@G~I_WDK()2?L1CcwnXpl%Zma$e-4?cFH@sZV01`Aj1sd{&ZYDo z`a|4L5LL?oV|!KpmDJSlBhVnZ2`%5tyq;IoWB4;e)X)lH#;MCqJaf&LOikBDSEaaR z?;$J$*3F)BqEteWf!#am#vWn>&zeP%cz7I+OQAn#vc(9KFKx~_RLN3M{d9{U>Tr+> zcyiDriQ(n0bYRjPTKl-7pw^oI_UE;>C3;JDzEFZ=KHS%*{6^|CMbFP9d8MB$y=Bf* zB|x2>U6m6box{=xDb>KTQ?P+$K!?S zCa|@&_3sP5!HEPKC3RcG7m;ik8{fc3c;7O(?|6Dy1k3C{F@GM_;X@e^`Qzg733IJR zCBKX~r^>?T8_}PM(kR(S9WYfU&Q1JG*b%bI-Df9J(Q57Y$^WS&)A1l;9lA56fUL%$ z#2~XDHAz3!2m}7&Gb>dGkCf~9dl*M;Q>)3rkYaVH`);Ev5SRpa)-95z2m#fl!~iG3 z?!{r!dA5PrDa2a;0L;NsEs5YV9hdFn9_5rXj(&X>D!>=U0!3c>z9s1ChU%`Ok(w@t*)RJ8Z zIl*S?rq^ftulCs`_#We5aF|7cq9Fu755xAI0*>~&_G{}5Db_dtR($+VklfLp1^6H@ zZ){%@UXU=BIbWpnPJ_|<5Lh4I#C``@osT)+-jtjF;op8nx+?Gv8)0N)q#0|&(i(6RJW9-p*a&%?1@~D z2OCpTP>y}#{X^X)49`asO2TU-wb^hlo&|k(Flj?w6*374$>d%fg~$V6vngIlqW$^L zLv{?5DP=aU&|5bSlB6`fSXRsJ0i|*HA*m_9NO|TQD_DvHc3XzjR2ibT)i;_~CSH%# zQ$Av84m#jDpaNEv-3uYo52KINl95uw=-OFS4_Iv7c_1;odpw$UP`;2={(a9IFbwSL zS8CvBTrA69=g=Q37nBzDRv?J1F=j%bW9fYtnr|h*SRox=9&6>qRKbwIP}E4PfVvnV;}Rgi z@`=$$f(P5NglXk9YMqW9I7DS_?b4qUy1KeU?UN4sPDWMG$eXJa)4Pm=T!PwHEZ6`V zrf`;&6}3UEa8}nH926N$+WKF=2~a>8@D=zHG)G{A;9y_~whz5Ol~Uyv6=Nvq7o{K`CflD|`< z3j;$b!qFHf9$=4rDLOr;%I(0(9taV+QhmPN0zrNS_8}PxxWJ3;NKA zD$Z^kn*I(~oKj5w3lN(Pt52qU53w^V zn(AD}{rHvGGW?Y|gco3~IyK3K5|IGYU;*+aS;=R2C!!TSbD1Ec_2r#NY~Dv1)5}j$ z2z(ok!Cf`c{Xvo&Ml8xKo>Y*zxuo7wasE(ZN7cEB(P|Rk@PWm?5(ei~u1Bdt$%?hO zH{y_e84P41mxDoJ-wD8B}Nh+!?7;2=gflJbiScvLH( z)A>@NBeSK}9}f!5@mB ~CqSa}-ih)m<8ynIwPvI+n1io3(XM>*tAS@~(8=y*#&5E>@DvD$tlyZjt1}x^%F>yH60g9(RBvyAY7xdYLFMTRSdH`fzAH)c5#+y-wKkrL ztH?5rq%44mg-wOy{EqtScT{S6Zu0ht#jBcqRcKg6LY)gNMRspKaTui2uSgz1f@m-U+;^Jj8We}41T&R0gp;Gwb) zoY8{OGZN3}J6~nFx%Z8dQy?nMsJ+YCEyEQP7{VYE7fLwaPb)R5!7d1o?U&P!WHS;xOVFBW%gs8v)}XTdXqg;?pmh4 z&Cok3>sV)ea8gpJe9dP%PSy6XGzd5_zbq>?wO87O?u+6(&clT3Sf()Jm^?zIFjR_y zy##R$&=5X+$rOF$tD`-~NGsfK<^L zAwfFs#*tWzq$P>4ht&-FjO;QkDBYcH`*I3CsBdOu#5?Rvrt)P^EKxX%ftiq1Ib({Qhgtw(j82Yl@?Lt1(D;W1 zRDPX0au11J=A$4*JLQm%nBBaHnJCH$dc5b#72y8?mH*4O{~Wna7Rj&#;!cH-V8yJf ze^0-hGR+Y{D-nP%_4XC(DUdN;N?7k-TaRVxD&i}k32e*aOwd=$#O2Z&o&g@he4$}! zQPd*CM3OUQXxYB9lEz91zx~~!=-ap3+uOLz)nbtiJvE&ua=IU{wmp%kb+AT!KTU>F z`?idmgw0Br#v0y`5o1mE+16dp!9-$1kaL6{j%y7Z5PH}msetH_j(kv8Lhhr@Y^bC} zlmtP0mVv^imGWX*$^~~QsC9(qXjB%g-oL(I`q?L@hsf7h9{t1w-7k)+9}^nIy@o$J zsBZniafsFgaJ_~+Jpm@rd~t12EG;+;1(N5Fz^OFgAmg|+lS1PQlxW3bbDgS*C`t3-hYBp3sZ&)V8Vw#nNg zuVgqXC)z1{m+dx7dc zPzL!Ssf>6_c_(&2N3{j$y!Lql_Yg;x(~Em=lMG_9Tr6bacVJSKeO)_<8QE`EKB&YN zw2aO#@VzFll_fU+tj)(TebIO8@Qnjuk~U#J=Nlpvfsth3U6N{B?<#P?Q}E)@g1rV? z^NV;SWdnKD+R9^4_Mt1p`M>J<|WiPEC4c)ep^K9BNDnt#j~HfGvz z3P`r_!1Q)uAvG~L#sq32e zOdu&JW!ufVK-eKBHy_pf^}vwW>`)P12wi90fe8KY%{$c`B|kW)!Y_&I_5o0Ndri)< zS1IJ;3Hz|yU;b{)QCo?uM_%$W*tb_6k$fqvxKtEJHK%A>n7ck?nO^g{9y+ik)_I6({Unq)-zxc8 z@N>FQ+)GM29jE$+fS-t56Hpdh-efDu5BGqnm?|Vu=Rjd!)ms^s4*kZuw_$bdTC|v4 zF=1lTy}trxXiG& zLaQ7cX)D!2ZV|-Q0 zY4iKn5A7h;`L)Ck-bw}mtUg;20V2XEDJ2c)UHR}PksvI!4^Xk7=$XO3a*3qIw8)-g z``C5acxmp0-%xoU`UBoo(Xb@GA4>fsC$4wITbHauohI^Xj!AQCkN0`bDl=^7tnl`p zV=No?@bVhj6Fo5&)rTkJahwbLc=4c^YjKzq4S90#+&jY7DU9XgDg4Ce)h?E0`U>C1 z*%8v0k~=s0;MrDzwT~zPddx)XMULhlTNadgU+kFjUmRY6;S9u6grNeS=&IED-lX|}(m0i_o#2-vu`@Mn z7}aoBu_%v1ki}-|q*`0!7d@LPRqBZF}ZJhXLmv3JvqdGyXyNU8D(k z-N52FnGS3uTpVktKIbI;O}_irNV(P56w6Pk=BjpYUU~Jy79f=R_rm}^g}sJBlQ*FF zr7+x$$h@tY^9LpG+4@+k89V3C=T&O6*tX&;AZU0IJ#I3U%BTgR7W%gmSQ0JXW&kVE zHS|v5A#mIXM;@2W`)ddgEV~GV5PtlcI7b)&*{`UWUM30W3T#-fGBfom;;^V=12;Ty zP`B0~9Rp!|$<2%v>4QFKlhf`!Jb0`*!cW*)OX%l2A>k#1Ws#uXe4Py*mn88?&*T7UJ3g z{#TeK5>#_kg>&erO`OfURcnl_2&3<|(q?Q0PLOq#{f0W>g*APk)qEg$G>%(# z?5sdgd*12rrx4r32C?apoPxGKjO4&v_Q~S!gPF6hP+?$5NUVJo8C9r5O~E=~nti$h z(r`1Xy!$=KhBSxKM=b{&3CMef&@b<>YVil+B+|7`nU}n~T znJl2O!F1@SE6~T5U;VP;eaxKNQe<$LG@{~0TX@QtnWmc0+Z`VcwIAE-uWIGTrUjva z-I1GbB<2)%9-|cXY#$|HU^Zg%rSz{M1T8so1D3bFDPuDHjU+->BT_~7NXATIM$Dc} ztt;MTZKnhs^G^F5XS~{AE}W*yAxG`+C)Hf@PT-1Zp&H&6&wQ+}kYlVt-s1L7Iv5yd z;-((;xq*3+uVlrZmuF4{dZgKW58&LnV_V|Ks-9L3mBx?IZa% zPq}9>@7*C%(b?(Md3^+XtUzA9h}a{B?-S`_b!Ipa67U-n{YLF8frem3p_*x#SxlUv z&iUJHGjuz7y(G583ggTP*lfXh~=_xHu?%;Foa;)<_8?=mzXl&ZeD1F#x|v zLgL74aqRguLKV;#*i6=UnK`I?xN?dV>^g3Eof$7*bw19XX+`b%xBAnB2Nxwr4Kw-D zKZ#gOA%5)Dam=h1^@^_xTkYKH1I};nG|X7H{qQ_ zjI_N?A7|x~=-HlCNkq}G$NX;D_JRIf{=Ny5FLz+Yi=d8bXlWqEoQ|d5tqSRo@=&NZ zXPsPRf$xLTygrd#HJZlc-7&s}H1LYGtAQw7-q^MfA}elwo=j^h^vt!Z*VCkIB}%|~ zYp3ucwwF)O6}GJ&nwNZ&LNt((VI+(vMcsaBy4lzNlnltT?wfXbPVGTECo;16ST)Zo zEp_d{TD%B%))wWCXrF`Hs)2;=`Vn&gGsxxc=b%Zd?2pUA?4MgspDPcl_~C&pkjS?d zbC6w}6*%G_8bLQu0mv?Y?$}$sA+%LAfjX@$WWk%fPn+KgNt z#UP-4#C>YHq52l-t)7j6c=99$>=Pu~eG0TqX%->oiTW*j3NIy9CfItT^_x{~_Mq($ zt66P*jaENad8>md*-n~hW+X>=+O6Ra8t~%QKIOiol3@H2Il{efKuBQ47xX0S$x3&8sz`(fo4BEHr@$gp+u6VQVwgPGn=@dz-9JPpk=-+$UM? zUGO>hV#~O|mtVE*qI&{V9P`q7YNyD5E_=09jS1rN6g#>eHT=t>aon+Q$WB^_H8Vmbv z1IX9d?(0Q@IdfQBpQX-i-E+~8Lyw`pj4wOR`U$N&Gd&}2S!x26^Ei;?Q;>^J&J?S9 zv9RIt(nAO^$8eAG(>ss*MoVWkJ=n>pk?`ACAC_KH1CNhPp*|dBL zP9N5~YOedq#84vbg+;jjYjXeg`8_bFqEM!nfuFJkrnj(uFD}n&_1ww`*4OPK4r*&2wca`Ml9|3BFkc^wGd1 zd`;+=h3Lq^3FjzgVyUl>s!FM#&A~1E_};_Jw-D9!Qcm1bC(ipemV$ckHJ=li?S2wQ zJe;kV%m$L%N}%5`?MC4hr4XB=ED2H}mX_+rL-0a)s>$jH`?7__m!4Ml_A{|wGb!+g z-g*Uk!-8jpk3t2r%+9;)73T(KzqR?_9eCS??|)mCW+S}y1>($%Wv$t7ORmW?1bUcQ zt&OcTZNW#=ziElP+zyM|)n*1dKl>;Dyr*}1&9wv0gz|KjHHb_Us5+XiHt9-4ji@Go-1kh~hPjFuakGNK#6TtX_H*eHs|pv~<(g$0jy?kF#Phw`@kuoKyUnAL(;G z<`|!R3^H*2@`dd&{uwW^iCGUVYdy4cbiK;_v^@rS(A@JmnBIfNbI;yF_MGuP(pAUh zL0GaN8huU%Ym)Efr`W>UgGKdg4^-QeHK4u*)N{Eq^loe3!{bvxBnEi3OG86L2BEmO zxXj5L3aNiOkOmUcWDBO!CbknuvtNB>d^z~*Hde>|j_cOxV}{i#Los1tKVS=%ZGirR z`+azOdw~e4NT9$Q(Y_8$g)rvn#E&YOLcWTs8k$lla?+x^y4UM}*}e6#8?o}cW;v;; zsbay%T{1_Nn>2B<-shd5_hKz*UhB8*jQtpRqkF`Tq$Hb*Zgn5B8%O7*4r%NJ<|irv zZ(O_4j_UG$K)>SpI;rlD8(@T^7V39CbK9>@!CHdBV0U+(jJoG%M>3x3 zkp=v##gGG+#cJMbV%|pzPz;%mB6dT?LscrME6@a!jIaOc(V+^B3?$Il2lt#@p@WEu zYIkOj2(y0|imHqnqBpr35En$1JYoLB*i24c)MjLKGoI@8dp0gpY#!FE-Y5*Q@RZ5a zi=+`sc#4Z6^qy!groW74-7u9;pC(IGoTUafdqSYs2Z8K!O1K*YP}j!By(NWplbQ`; zL1rd(2`1zL5fa~Y`cA`}E~X;Z&w}uZmng{n3Kqm?5D28HVQHx)@1u}(0h`zv;K*rp zWu}d=n?0|F_Lx?H*^T-+b-T6NDLNyVUevMYlm*R#nUfq9$GJB|PZEjXu-K5DR zP?vadJ$~@-((UiNqNvQJ`m@jFM6WG5V3MPBntkWJ{HMV^D7tq(yl>0@4gBd+z1Nd@ zR&z^B!{%T5VliEB{l&MWu9`-3)yI|OK4hb)lDI?OTMsp}~dBS6*Si9+I#l`vC zgCAl?yC_HUh)K<_U&3*LVqU&9FfjY)42+EJZ36mz>=~1l(5%2!_((TGEL+eXLbwW~ zofz`2WsEp$KtF}On9dgCp z3v_Z;Y?om0820#M8lH#3IfS)HNXk99gAx&;-`6&+6M|VWHa$JPveMSx33w~c2ClBI zm|@~xAa2g0C+`C1&g(31(co||wDW{vhp^60@jq0~;{5#lPCP$upM7BbgpiTU8tFph zm@c?#CHh}WB6>|D8hOHbu?2spd(xv+$JZ$M!LU_UobCkD-~T&|7R46eU-OAsS^j?@y8H((;y)Q${}Yb@$iDt30K(rB z?^ywa0^s-W=m`HG=vmqR4z2M2DgmDLe-*Ug-xx#xF8Y5<&Hld$7Qx2K`4@i4zofte zP!eo^hm-i16!?F1(f>9&#D9QV{4b@z{~L8B>)%ie{!P&Tw{zgRIXV88rT-85O7|bf z8SpyT19$_?YZg-c*dGJlN=Q_@^^xL~&?V94Vwb!Q2wH>fea$5vSGd4Qn2=&5&wh(3 zcibP}+l!wU2I+(hzO0t(*_orA?o*tl->>YQo{SzJ>)owhoum_xkid$d=W`iWYY+o* zl;4-`0v*JpZSY77M4lE10ptqUvZ*3TL83Vt40B+VzyAKY00S06T2TQyVGk+l!I@&9 zcvBOlA&U=N$hKsj`AJInOg%>L)uerY6$cF?oHJ6o*exY1Wb@s=0t0?VEN)!T_u?SV zh_UAhla+Xz0tiL?a74ft)Y`J|(jTU#r#U$}>+5U`&CQo9lAT&zZ$BL$A2XDf{i-lu zeRcRqGeei5>aGVXl17)!a6Q35(%oh3G{lv?>AWBSdSVAM1D|#j_HkgCrYVYR3J4W8 z=6gqVX3BWe2TJp!&5#~7s(v>{W154qn5Wn|SXg3*Ok7>#~W-5LtZA8sZ391 z&DVdNh;{^P{xrQ83_;#soE@re4-Bl2ib|C)tgJ-q;JE%p?K471B$?6QfaJOE*o9c% z_f?)ks(60VSR6ec@s%CBG<{PS6zW-6Sm^57pxeT8d$7xroBWh-s4FVqIiN_?ATUGe zHr{J$s22vxqZG_2LOo-xYXxUjpssp3+gsbOmw7my7l^FoWN|an+HTHF+f9bP!njba zJ{3fNS4)UcS#RwrFtWj`B8FjnQit zE->BQ-H=wnI0$a1&FRRQ#_s&Z%+$N)k<%cq+jQ1ol@K@rTOs`XEuioBvVvym=O5qS zt{exq3&V=6dH$Mz%Zn2x4lJ84rRwdTH~8#k*B>gY6GC|5kdK-SB2~r{yCi(_8bZ8$ zIP8bbt3g@RP@k0jR&K-H+n^2!ry}MwRz9msmKTCGQY`9gG9L5~ODiinA8^I8P<~4g zE!VqfwivF}58!-c|J<$ggdn@-t&xAbgcJ)c1JPZ0wnNiGN{ z6(e-FF2=h$dhpXMd36I-x^%g8L|hacFb3){wU-=VuWhhw*;qeNU*?97X1bE*NOL(O zPY4f}i3y@4N`EMvvt8o9A>^>wxVy-F-{sHVkAgrvO9^RT|5-9_`pS4MChg8LU?SPl ze?1?bbQt-Wn({85nO_ZFok9z=9xaFFyr^cYI~%l?8VQDv7*;0#!@PB~9?| z$slBoRnS|k{`2lV_e*Nqnfabtatl>vMLa_(?s?>p#PqCmMyC7FTFzBV)G9Hd3f6x(zOD&n=Z!1+N*Tk1#Git3x42cME7v{G z7%`#I!a>0YBp%;YthQ<|FZgMX?_C|y3>z+VQ$NncEQLDt{!#j|r8pbTBWAg+t&a93 zgj`zXO`^&NY(hdpKAt)T3*SlRV8E8REZ8(;R#eDSA1&rRz$(S;H^-H# z|4y`H7?q3BA=%O+-m0FppIP&B1ED%Sd|lh=L1d4~hmy&m@StM0Gd#-M?YPnBDOQFH zbQq1t;W%|N$$R>WSq=3AIX-iJ3>qwsmpgi3Xi9qe(ZNBN=Al;Zs=Doz@{cD}!D3y< z;9Tp~dc{gq5p+TZ$(h8^yc&WbV=WC0o&Fh#sB)`PZKwct?wzxqKva9O-HWf2Tvx;5u{h@~;02u=}%jLLdznhUxlZG@G3l18;6r zsMT!kfD=+QC!VFles&)G?M-@Z{4Gr|o@xfj~; zCJ`Sw#hPU}Sz8FVRycd&MXOJl3z*ABsI8#_sPGs%0SPc5{XnLX%}a1jImmJEbHXW{ zBuRGpNWV#ZpemAPPYX?}&j!OenxO_~-n?gFWhY}%EiSS*Gh1p-Nx-_i&6T-T-{^9P&FhWNa+wN4$-Pz^tnbPe8`Qn+0-b!=#bwW^>)LcJ_ z4$+_c%Wo&kjTM91cv*>Tj#Jo0cB{Z*`%UzHvQ&kGGL;ExG{_58O*IxSr@PlJp)vkBWVdC3`ST}Vv)4NM3$L6Yv$LE2o?T*pt zJHB6D6aDe^5>%;jNn`I2h zOr2z2c5)b~Qo=507PZ1+x{#T2pkD}2teEb?$Nkv56hx!Wz(e@^ zVQrUDBE7MEa3l*0M{sp)0V`FENIwo7$RROm07LTl0sjY?06BPEtRaB!~22ujvfQas5E3!hI_i zB@^7JNaE^nT4z7?S|}#{*(Y@1`5aMyK%T#r=h6E)V47$vnkoH3E%EG>QCqg*RHN2M zY&2j2aV^2~_Ry9(!9PzA1sDj1Dp(T)!#iN1`E(w!>Wk5e2xcS^bTu9$#PwJZ(URYV z@MP6n%lC!uNG>iP`Z*%1Q5MA`4wgO3EfVT~t2Bq*FqU=@b_&#vH^{L&X=dpO(s(Ip z;Ini4jt$4>y6`t7b$n5;8=22D89ryMT?M_ngTZ`7&CEhn;9r8`G+5$_ayzTkG|9c@dSck8iuo{noyZMLeoZjf}^|7J#+y zjFFaUMDsfyDervWjmx8^^6$H=^WFl^`8~_5)lwy}9f+YOx`P=oic!NKQ9w=g<;Ta+ zn-f9X;r#r&Ao^redpfO7Q)5WzGJ zrqr5#T*oOoT~E|+vvoU|BNGJxTT(Qc)h;u)oqxZdGoefZVC&xnB{e#X! zkzA5)&|K|_uA4qC;LN;34e8l-R8UY@saE(y_M6GSyYZlx9 zI)|%UlmgQTTxOJr6n@WRo(I2y_3ZNb4{JDt< zm6ul3Nocj{SyD6YdrJ->VmEFKZtB3>gaSE+6@H)7sZmx>pT^hRRzYdJ7w6p@wblva z0HqjxB!B0}dmT+EB>tFDyAj7`rLCcg<2|o!p>Ot8tl=CN*A$mvoxZPFb5-!j6iR*Z z1Si90k;>DaY2)qRtG=_E&4 zc#51XcRe0k?G>Pd*4y@AJ9V5Om&;V9)bS}Ex*B{}TOec3Rq$h}Za*DGld2&7%O0K? zvpxJSB;hm=P0}AtNU*<0#4Y6M;o5(=V*1v49yh-i8@?qG zwiOq?*#?pDkKw{yrLj4wF1Dw)%uE<(^*}^?3{DYPJJGX@_9S9Wi=u?{sy)1i9FFQqV-Gyj|Wx9<_AOybUj27k+5GkYK6@ax< zTus1J9mgs8_cC3Eta@0~e-5}OmkJBw;)0*xT@=RZSKDXbBWG9FD5cZoMkDt3&#N{K;tX6#nsv7GIr^1)6~+UjX`5ICxVU8LRpdMZ6BG3x zdTqt3zQ`=}W;n77=@Q@n4u7j(9{oTk^xME^xaj`l!`I!j@o*hdUhq=>!Rfa7H7UzX zM@C?ESc!PfW6D(E})j6QQ~ zqg5FMo2Dh3rMve9aGp}`F=+yI=6gxF(HSjEi;F}Aso~#@n3A>c1Eh8QtEvTXO_Bh= zcV_uZAUVS84yI7Ltbv43D&;qnD#n`H{0~edt+&T3w$9ukw8K|HE#9qd(oYf`gXaTHm=@M- zduM9=N=A6Q!G`1^;4hv`U-sNz`In%!DZ68P=2>3|L}IyNhcn>5?+zoS7rCq5jm)Z= zQGv~*xSQ70>o>6NfyEXfigx(b8c320C|cQ13c9OweY@y{FkdN#zBBf%(*74Wm+{q| z%S>mGijvjE9(Os9r-GQNB)YhucyvgwM#p96JF83X6d7`HNqDC?UxgApZ!ya0j&U1M zXFQ+U@VYQM5SaTfKjJ98S0Xt%(Subr@A$OjG4W)E6nAhxj^&!gH&I8VDdJxZV*sHM z!lu_tQd}VmLP2HOQ9+9`BrYR10pvh5@4x&=Q>8TIg0YE)kjh1^Yr-^%P;kSl+f?mX zjpd2VwM?8N((YHAzP|l$_aOwd1@~y2>g7p{5erIUaV9OLKtrzJF<>qE@HJv_dvNn5 ztYjW&Ib!j&-qP2EVN7@Hb|W1FoPtN?AlA)9DiuAT_8U7#gRWA1aX=<&&<`l5GMR} zc^Wct+_%!wfh`A)FB1Qy57JOY!QH=-r?RH27x`X$lH4IkQVHa=6;mWl@ohMKP-k2e zfaX5+P77yB>(P~D=ZOhCY|A?LCC%~i(RomM$F-@h0QJph6+uW7{e$n)TNjhv|NW>o zv|_^BUxZ((qJp$sG3rLs#4gAF?3YnVB68sdVG0^jVcUmXKwKXLmndesM?p+wI0b z+zAfF=q*OFs!^bjxJB;k8}dtAbH~>_0USm^GDHq*z=l#60as+FNg29HtbRmdX;R62 z*>pvte5YNy&#E0HO8xrpHF?9yh@FdK`>{NDEn8{78G=;LWZdUNp)D2?m-&8%=5`Rb zv5GpK#oU{S#mt)s=q+rSFx}1}#0}(#U%jKn+V)G-3`-1`G33&Ll=WMYidX}B9G?bj z7!Kau^{bc6YthX#x%5Xh5O5!}`&uO5i#?R3qiS;V|3A!~1yo#5m*5)+9!T)u?g4_k zTX1&^A-KCkaEIW*Ew}}D2^zF+bjJR^6() zxBAuZPM~Ucqf6(Z&jdeCpe*SY4mA+yTkm6eg@QNVfA5v-oZ^;61p!m_v~gs1cV^!Vfs z^A3VueeUP6rt~SSKzY#df~n*z_nY;8Ub0w89?*#f81Ptd z=?~iyO2S7M+#1tU5DL!d(zN7Z$s`__m~e*?eY=BJFe@V3r}Au2AQrkf+XH6MCEZiIeTi~=Z*O;hNw?7!B25U z?;npv?@XI^JL@U7CfQzELwe#vFB}G|Y355k;4tvn-m6ZDeUUhKjo{^nRohD-jy8p) zS(5h=fW>@0^E5uaKTtA?53;v0Tc}}F$O%EX6tfPDv%~li@Zsmi($m5HDz4}s@(eo4N%AfI3n|C9P<$2?ddGWHDBQwkChq1s1hE9kOTh!}P zNs%G8rilvulQ$jvgTTn5O<}u2czBm#}P=jeajWy!&V1A ztv|u-m_jkI8no(>E6{p(n)AsK44tdT5*{$TZ`hgZT~^}w__FH_@km`MBs!Rj46mn{ zbClt^3q}tufDUV_+OBxx!icaI**>#0CtexRgy<+up5xwKf)5~5>e}{$Tk#2Kv&{c+ zlSa2Tcv|taDM~Gd28w~~yT5~rel-ABV3p#dk?x?w0U?s*fI6b^r8pkrWaDICxelBh zPrtd=$=z1Ai^mzNzfEbrp05k9>-wOfR^YHvo#e=(97(z>!QwpM zv0y6w*Pg?ofKb(D9GN|b59_*r4*4!`v5|fGTTmx&(;IzHRYB9LG9hdAgI-|);^s@~ zRtY1_SN==dv_JPJNl#co?%d|@f7o|x$K-s!U}BrW__&X|_iU#(t0dqnUU2F=1kcT| z`br;t{7mYb7hHQu!~?0$Lpz!T4&bkONR&S8lPF7ADj46 zU&cv+tEgvg`aY;s1bz}5#eE;ZnD&QKY)`0@1hFE&F(PJdNWYT(&Vcc@i0-7&>*YHk zpdNpL5~4ecr827p{q}s1V^i4lY<)x7_LlYV!0J~#&c zv?*2w?e3FDB!hVMiiYbriLhBg&=zcJwVlEr=jH1t?j2JZAtZj_cP_O#Cj7mZ$L+{} zHD#C-uW`KDIN58A;~>&*MN(5KC$uvj+GjUJ_DQ^RUZUHql^oV+lf1;I%c`@-A@b}~ zm;5w+5~hKMe7*Zn&N6X$@4#}ZcbTNBdwJ_p0`3beg+ zPyl(s1?#i2pKqvIX&&|CdDNgyDqwp{?}M3Mf1Ow}O6+oNXlK@+`vzNDLwmv^nM+SP z^#xC_MHZmp#ARkqXHu$_oJ+$^+FKAF%h2%=9wY_Pu4^9J?Mag9lI(u#Gn}#9oSC>& zw+x>(;en9mdshINE2{hFPL54gXNKB% z*Sh5?y;1YPMgJsVmyvHoRkjd&KkwrT%d$UJ0kb>ULlHi|lrD^8vsNG#TF^h@dutCW z3Ed~(%VaChb8Sl%_g`wnA;GLb+*^)-mpw@q$|I+UoWhJ1p+e<2=0EQqw-DGl`9LFK z>Pfvc2H7Kdc<%A0!tHtXOwi#pX5-;Bfq?|IQFX`Wdbq_I!fGqiss|kDIPIJ=Z@_#x z=oloR*44;qC^do>o9W8tvV`Ha5#%XVw#m9fIXm_YQKRCMpV!mHQg zw9UCk=+pU#xifipU@TCXZ2esgf6KhT@b%MraAwb7P?z9%`(?&c{IUerpEf0tS;_`^ zt`0`+c-S$DU98r(U}u=GdYTFC?1I+GY%qVrj53C2Q6|XPQy3!-{*3^6zYbwUDEC3C ze;Y);yfCk;6~cYrixa_4=XsviX61W~ z-TMxiEz|OPYxSLn4rdPAXOO8US+D0D-DE(qf9GwpRhxc5n7-3d-qk#J+E#@dr$AXZ zd47%(^UF!e_iNiMw^gWu^W5ggwupmJO-!oPvBDS!2t_2vZcrMN zQ6F?4+aWJvk2G zjOq>rPzCoF$Sc&Y@G7Yk@?K?vG-z^1ylm&-!F4@~mUai-WsQB*^PZaqZRV<|59M@8 zcyc@)`pz~gfjt))K^oz`0uN;Z7_IZ8p`D9=WckW&S0nmdJ{kkHc3v9e53D-7tjd8I zkO~FIqFgf?gq^cx93pS~k|@=*Ql}x;NYxx^;#SG}n58SiWF*^or`ZpinC?AG2yG*y z*9e~rY;iL(*O}PJoTq^mT zCpYHwe0U0?C2Z1n&Jg=uTWf=+R7TZzv3ck3t{R-Xc^Hk!f=Us~bv-6!)n}gLE9G1F z@^nXwPTzHn!>IXz5K1RfmA*SBXJ=wOP{Xl6a_xLNZQ~;rRs+x*tD_Qq&JN_0c$c>v zd1#G%=-k_lhpG_-Tx=SDksk?Pen@S6d~SHOtu7n7Dxd``e)Q(~A}=}oI@@_E|3*UJ z>jrHp_?q8e;H&~kR87Y%KV;n`-L7B{{GvtvzG#%8%cTKRSEg4My)+>+^R=tUrz4kV zd6-~!!#rouc)9fE2dX{#67k>~p&NWDcq7qWZmdaMXGF&epQTSD*GDI8{`(2OM>5}%EpGe!W#yL+6P81^Vjn>3^RhXK40;rgIKXVd z<-1>D(C~=#mQkwH>>D_1XMSfL#Y#CTT^<+D%LV>}G+J99a&E4NKI-v%tS>T{F4EWK zjwRw)Q*TO~NukoIw)9y3ka(xAbwhXKss&2=gek9ht z>j_Xl)Z<;{FC+-0Qib`Vu{yC(%%JXE*r!qqS5v6oq>rIhx^s|syIs9Q)7^!d8#Y{S zSpbwp4vAML$Mc}xx^+;$`Bo;>+t96I`W=2vIUe`$eHk6F4PMnVB05JNm{%n0 zqitUiJ)9SO+3d0FWhm6do?U*rE^Pb-BD8XgExecn$BFm!fFz_OB?m`i((nZBh1z?( ze}45HxtEbQ1&;_{FJ`|n1XC*wfDaCwZLjf%Ss(>tde`f>)`%fO+)D9hCHZE!9|K!PgCJxmZ0E6O`s6Sg1=!A8XMa0YQt{?m7$NmPK%!m8VxDrGFM){ zYrcJaO&P{of@Z;(W1@;-f0!!CD^SMG@VnyKGmsE{zHr9a0{)DCtoTqF_fT*b!gxaz zowQLfuh8ultEx~%X@)*WfoigC_V|E^0FM|J8bB5n3JmzmwG30pDoWawHWA3#sqk|w z?HQcY2uzo}XXr=2#=pC<%TzW@Q5B(+QE_c5sU`&PXe29x8gNyZjd%@mIB!cMb$vCn zCFwaiN&O`SEuw8oZpGit9@bfD&CLEPaWRDWB$Yo8(8Jx&oIf%uyD3JrTn=DfpdB75 zcbp_iF#5APkjTK2ECdANg@CK$h*4vB^0ToIzv`PQwo!= zG_MTfu|grItYp?)gSYU#RpNCShhKyFJWXxh(i>y-a$uQ?msPO3xRp&`7kv0VdwU+H z+;@EXU?Ij{yjRKr1UUM5?bQM;HADH(pYvQxflApz#Gu2y%>z!DV2{hBA+;jKv`6N@ z)Q310?6~>V%5%f$J1*jD*GE^Ennouma!5%{Ci^DF>4c6l54dz)8kzD~p($L>=SQ<7 z!KMC0&K%(M8QGU+T$1z48l4%|p;O66HuVDRW(waTAyrNd6*tM3Q{`Uk+G&4=z-as9 z$I5(2yj6IPe>Z=@V6-a?wVS*1ox|OE@L#nVq&z?Axy{-+d7qaLb6%E?Apc?jMO~{H zao=buy?7J3Y_z0@mh_ly74mx@ng zeElt_J$dcV&yMP?$+`)?vXviEw-oJ=5x`ds`~oaML2YP3vQmH6P2EY$2M_j^Pw)`Vll()9Ec$%=WCiu zg{f6BKxS0aMy&$b!cF{v=(S|0c zekGjQIJOEEun6wIwAHd(d(bU>aO$L_yt(ce>EIAS#S$H-rtZXv>NS1rP6D%yb2-#aC)i)P2 zy;tf27hzwE$(+JJA=UuIyx>&HTvJ8nP0Y~)(%1aJqmyQGzXtGZDlFc9VHwvvL_3xwutXlLp|%p_7y2DN zJgL@R$XI=lYE>9yr>k`EXcy$Lz}}Fco~!O9HBj4|HChEGNQ9n}<9@)Cr7CZk#kB{P z@W^yEg%vw2B*v+WIfp1&P?GUF;*o!CiwYoma5`LMb@w>^s{xo3ML zIr-pWb_MF@aTm4*d@WKD?rP~oF@T@b3mz8U8DTlkmh$I~oMP~JkHe%FBt1UZs`xNRd z(8r50Ckv5XyNJ!R7WCWweqI(h`EDT<_V?}8{QbR*kh1{mJuB$LQJaQTA~m^ALg9Q% z=hM=qtzju!sOuDb7>5fiU`1blwV=pQ8H=wd8&KE=BwbZ{{Jr>qT**zoYfM_Pd9J)|+~l$49=mz}bGGG? z$%>vdFWV!_wt>24bAw|tcVS(?SHePYuTyneL&t>5mTvMC*0IgrGwK+3CZm#3i?wA) zC8)(scXgVybwI2~)XdD)XN$Ra)j8?nKD{e1954Vo8leNn>1fz4 z9Z6gEyCqE@cLPXd^1P2HaF)G zoDhyjuP(3L>-oK!tN5AtGR8X=ev2bFJ7ITw5vdy94iQd^_%>2#n*V%9cw)$Ind0#w653qW?lKc3-PSL_30(90$UzsjY;%6pV#nv@jahDI4TO({98popy{7$C>I$ieG zQ)?3=_N(NEwT?@iva_2OT950l6%Tt`8hB_dzSm};wqo6hI%SEKi$CFSGzA<@$O&@} z;!d6%J?3NKr54)@IIbyR9aqh0vvcSCxO+=^%e$;QF2O<|^ZBu{K`=+{vJs zds?BXzV7)Nz15iJ-Me=Zh5f{rkOEyw{Mc}LjRX4S)f=1BCYCYQD1`QSV!Wl!=Ouhy zeb)Kh&dSUDxSf=YT$5L;{ z5`D-UMLQQeUBIDpiD_MV)~hL%!8+k%SI1U%4|tZ>J;p#e%}STyurU9xyfpE3K=Yuu zb1@k2O9e2@M&ouq;=Zc8USFuo5ij)#2*vvKky`83)@4@(-{WnZx!o65IcS06@Rvzd z3oW_Ic={Nyxnp~0*p8XW@$qHC0Ei}^=$;A*ijlAQbWM>~i8**JN4P$N!6op8HK-$) zeYt)+C*pFQLJhtU`1Gb2rQ6)DLeK=e(XyA<{-yY}t}a|9t(R!2FI&^_+fY~q%a-e9 z;`)y;fbIdz3W9Hz=_;S(ESFO3xZUj$Ym8bG-_6vo5;lGOec0E(Yk-@2_c$032JsDV zj4Zb0iLW`(dNg`uA9K)E^v|F(bIN=-qVoCuw3mhL$#J5mRDhQV%~hlz0N@aQ6{q~h zJBy}R%PViaBENgF|Cg)is)~)uaxI^3^wB~q<@hP+T}_tF$PQ9XgH6=##weyPVdeBl z%4o0QAQf8Eh6aNn{c;xpKo^ObN9IAf$gk(ltcF)Xob!_#tF21Y7$4;sMu%Jyb}#~?O<`b;sAMIo_QImQQkgldT-|=0MHaR*8|^wQ4@3@ zycyY+(1(k09KLnWNl@`EOr_ z9yMbK0GZ#Zmn=H(P|I3EGcf;1znf~2nZ#2f;f4(8&Jy1xC%Uc2y(P+O?~~Jw(BwJh zUAQ&U6)X6jW}APN(!npn)dU5}{KIDVm5WXrZzWr+tO{o+HHICU8yoT#AKxY)OD?r7 z2j3<{HJLDkGeW>dlj7!P-ozo#L-zAOe7^~EkP%x~uv(Q@xPcyZtIIl#ZhC}t%PEUwPZU{AFSHH)BkT;J zTFbWC)pIq~@Z66z$see%qps)6c4w_jv}r55TozP1p=6=%6AK>agiZDkO<;DfM1Fg4 zC_6hsu`#0xfxJ92KUUDsGgcJ~R}vw=OjXaykKjWrGn&vkOvSw1&59YqOnoS+;qRL} zTkQ6%m13TQ9}S?}KH-^oG3C>f5(oK>ZQ)S`n$Yoij=OgwW-;M`T9L>Fs)sSs6t)N^ z3H6&%intE(?59k5s7vJhd&h>&64BEQ3;zN4AXS!vl#G0+XXqv7t#48GZ81YT_0#@)sOI<4Y2@X9Z05kH3vW zmL9aA7^1`px9UQsgNyeM%ky7!^WL^6h}d1{(iY<+u097K;bS}U}+h>Vt8elg77W>GR|FlOqi`Sn)_V>~p7ZCu! zipZL zR3?tKW-*iY{WwtPB`0mvGX%q#j@6yakT^o=)kO?d5!W@Jg2eoH$P?=W^r<`uZ%OXF z;wTOMVhkF=RQ3I|e?-%9r8boPWqwZG3#NaKv_!!{EiKGw-(6L<**0>ze!opB2fWe0 z_bT^3y*XMOq%F+|tN!w&EN(HlM%akXYf7xFIqmD6%v|@4m^8`VMV^r&2)9n}2UNku z^C*Ut!Z&T2cD|^({f-<)yfeV}S@61xb>6fd=J(f}6h7(`hcEU^b^S3o4D>lWwQkeh z-k#r`#R+1lMi=^ANV{Hl)b3R@oi_DZg7$U)PclHg$LIp7V?9TPPNyvj6-mN{s9Ldh zBWBn6QrW-@nS9MBT7w-6b36hN9%B*6QO)_G-sdDU|A#$LK+O3*JQ=~YFY2HH3K!D< zGMpKPqJ;LojicoFb4HUaFXDEP{O&`~+aHArCs}{sLb@eK-`~^ni`I_$z3?);nG#mW z%s=k&N*v-XyM7)w$|Ugl7``8XSVhI8cYu#yem>!Ke-G`B?mCLA*H?Y(De>Zy-h&z@ zalNZ+8qQ)x#R;GxA7)eJm#CNJ3*y7aHH$&iKH#HnI4wldMj@{rzLMt^K~i6=oCn#N z`q7e^#gm+jfjGl6F+AzmpO>c3cMVT0Fo3UuOI9bWx(j-}{SJ-9SanHiPD}m{CBW0G z>;1+P7f8>cw==Y&+LNANJiGigEzIzwDuwq{H7xsojL;pAL+u?^%c1EUeZ5~NJ--yj zZuIrHo^(skte+_7NYM10XX-tSo{O+f)`a(4O8PD@4Rf^a+@H@K&f5_6%N%4$JU`=H zO+mpuZwC-}djn%gp6ge>`X{?<`Ui4zM8;NIF9?k~3xL%b_`4}0^<(I+Ww#y02d zwHy?S7G&NW7|ub7CJ{Ei-28gtoeiCnaXR9*C~=<|57_fcAKu^Ee@R5v>0zbMiT246 zxa~aejne5cX3W{|+1O~HaS@8}ef4w&2l)6}f9A(H+U|x)aJsB zRbF?gY9{lfD0=GeIer)%?*67ONNIb5V*fbUS!_DS9TbPSe(ZuzrVGlu#vbX*yBS;` zRTU;L1uRK>lnrT%s&8dKm+h_i^?{;YIO(S538k(9#dDjn}!QJeCBxqGHWOLF5&jH zP=r0$sChiAPL)$DQg}VTIUa)pJey6>%{_gTwb+^rZ!AEw7&A=1jA9(B$jHX)s^0-Z zDl?lm&y9r2^jl9ne4kI3T7pPocG#gyH8STbd=jS4o7&H_&WoU9WyxI+cT8BFlk8~+ zWDPO~cGjxWt=6@U^GdCpi_vqpU1~hC3R-;MtnKSMo;nyTLyYD-X~f<9x582KnYe$B z0nKSyLk>7@_Qj?eq(xVVij4Qr-Jp5S5^+Y3FKJcLZ+SrbI=lMVwBzuA=2m_cHeHN4IU8_Uyz5Noyxt(;=`NAo) zo{8>Jr_XCpVeB)vpu_;=m6{G`esm$+F$@w zNhCX^oC!28kv}^^?Y!2WtK+iTj(KcCZrR5`L37e^y53-)@ef@KDZuS{?i8T?8IMkz zW7tc+*yC(mN6gC+0H9sZy6%acW~iT$l34q~epzhCcX{60v zL&*~-oFxxGySj-EC2B|^t_55O$!egW3V#)-$xfsoYc(gQ+BS$Rz~bRMx@s&IuFJ9tL3Fz=6R$L=U$X~_9lEfI zn3Gp0NeCo6$Y`cF`xwvG1huzujzy?maLpDbF-J9fl8};LQBzafuDy40@p-($@J|deb;yJv*ASd5V6;rnA1%8j0ui4 zH8nL$+f)`U|61_${rxK~D0nCrk&`cKFilR~?FWGGV zMnkSw6Y7S7QfHD~ju#x)p5evA&~d!EKAZ5-BBCp*$v>w3AbqRxeeoG3k@!Hw$`!kZQs8IjW|U`^#l2j;>6b5t@1GobvDxK*a(LSoJZf46dpRR zPr0$BsglW=E%`BT(w^m=fac(6f^WPyTIINxcaf2iv-sU_Z?2s0)}eOs7Jke?c=&m% z2QFr76@-_!VxCeIPVEL*MLCTUVi-H4pEs7NnNQL+>%Oyf`vRuB79NyZe9SqjF0QmN zGOE}{05p@Mgit_9J8R5Y)fjvB68-)C(r#@{FTP6YInPa>r_fKX2m?v7->z-nu|^DC zH{D!uA5Sjz^!DC(b+kcv0AF#TkwN)sXa*dG=DCYa3bsT14%#T%ZlVsC7`cQ3Qu_M) zIea4CPTDTjZ}N<<`jY}ySYJ=sX~deRdK|Tf%QDi(+w=XB2Yyo;_yGS?JlL?7mt^$O zP8XS-zNhzh)qRQr>g4^au+UH%Dk_eI`l;O5Jl>PxQjVO0f&wO7$AET5Yv5n*dN(}e z4aJ>u@IM6)v3_8Oa$){XQ28h1A#PS?E)FtYE@tQ>EM#olAE0|Owhz3_A9$gZ9WgZl z0TwMX=nq;fQe+$~5~j{BdSt90{)U>-*3pGtnv(-c6@q?L&Be*p#6{WI$<)q;jFt1> zgNHc&ArI=F4yG*sZ*e*QjE=)a#>)LSxupJ;V8kNDK?db8{pWE-Y=4MLs$^_zf3b+5 z`@h&n(EXoE`E&kH!Tj0(b!X_F>t9}T|JncVVUGTgrBqq|d+0ly(3<{Bjs8-Yzg6_# zb?5)5dSm$;PKx~l85=Y~<^KoF(SNSW6imNZ8jIO`=s~ac0ook?Qfz1ih}+w_KsDMK zS~q_w!hcsm{|C&`pL+jy1^s^kb0lSH<6`Q>A|b9WVQOOk#gs(`Dw>mny^XPpDH*i& znzG27+L^mpK&9vSD|>%O96=T!8-Ta6QZiBi7#L{OIp`k%vI)?Y^sqDo02CAeP<$@{ z2>=fV1Ar2D0e?CrSva`A_J4IyDsTUG{O5%V2H?*W81xXmR|WImj-ltEXG3!VfSNeS zGC&-Fgn$5jU~3FS35+G|wQ*Z7!NZ?K68NJ)qZh=|Cjm}$u<-cu40(Q(ti z|G)~3NkmG^E6Bqpz|79U_U9rn&_Uxh>g#uCXz$p_iO8YN@BeUvbOSJuV9;SU;9w{K zuoy6K7%-4N0Caj21|C`xe+uJYHW*mASMUgkNXRIt&<`}c1;E0#^|Sj{gS)yZ=z_Rmg%$SAmY@9+tzX=v%_88|q( zxOsT_#3dx9q(92Ys;O&eYC(HklP{)b<`$M#&MvNQ?jD|ALBS!RVc`*x35iL`DXHJn z((?;`6c!bil$O=j)i*RYHMg|(^!D`+4E`P(o|>MSots}+T-w~)-r3y)?H?RoTwYz@ z+}_1YDf;VlCPl}q;I*%R6-GskZ70BM(ZrO^fH8$kPH`j$~K7i6b)Kok9 zz94#)45%(*@O=yGJ9he}H|EOLYmc2M3qpx6H8VMex2q2DQ9pku5b0XpHzx0*9P=gI zTt~GO!mGhuvi+$!ct&IQ<=bPOzhcta+r#R@1%xmXm&yiY{K3+yB@bp>!kNqBbZ$nq z*lhC=rXnM0pGH+3An`O2(wFFRKdDwZf54i6XmML4t#D779%&rTeyWz*+V5He*()}4 zOXsYXqd3{fwo=oi?PqC+Y-3f;T}^=k?em-4XmRUFUsYv@i2@hPslz=1lb? zt-N@a5CFkNlWGDRN!iD$*KRn<366_d&GO=vcw?=ElGs|vbJ!}9fd5i*KaeEa`-;MU zUC_Y7OLTRV4v^(nIg(pm`ij*h%dffvsupVbaUufG8<|3_1vkyHE^Fvc;(0R$ptVvN z0-z|5zAZ7S|Mn56J2P>8+cA?Hy%8$#2}HUn0v{UY=*FEy{su6wg%}{PZ179*Y@jW5 zio7;*4D*BH==E8@olY+6ntVK9{u1K?9_NqeS#rI2ZjuWU%j%a%6$q+7 zN{QyD?g$JzmOi-Z^K^4=8Zu9H)p5#TNMYw(R30d0bMsoO-8%2`4yP=w>5Vko<{C`P z9}%#WV|^9o>)Jd)IqOSb?MyX8Orzgj&Zj#ZT+nLW7e?kF#yp(6DQatJZ*omGSYbFL zI?r_hepYaqE?`Knj3ts{&O)PZ>Dm-VUhq)*7&|qKQ~U|7{}(Ao<@)(Gak*b4(@reTjTz0r5T09q6)Lh$XDg4`XhrXInKzd(pl3!#hmc>Y5vz z-%5_0Gh-Z=?X}#R&WVO*?1U&kT^?Mo1fyy22W0b;CyB9D40R6Ru~kI=O9`%;-y+kxK_4`*?-QY>-NmkwDHbn zzY&;+F1O4h(IKH>hvS2TXp@{!@tu*fbGdwvg ziq+-5j{{IzNL-P#+>y)ROPb#A<@;@ad#<`79jW2zWw8@xzL;INAPB%G@qRvOriq(< zO@GMInSG2S%z20s*G%X~dStVeQnsRWgIH>9QQiVweq@kxek2{>zbkDE&8SFMV*^w# z5(6EVBNcli)$Za(;_PJsvPO!Q{4URy-m!GBvsHP5<)&0N=*d&M9*4JcXaNyC1CIJ} z)ub<0s!m^R;a)wjj?v;U4M*=1$1q9jwsd7>%VY(-1H~QbWO>r2^S`Y3#I6bxxYaPN zJ3?gu{9jK6(N9q2XYuQbp=QB9=!bTTMgxfrM2;ee)f{dGu@)yHsOy!qcJ=M%g|t@x zJ=rM))Bs>*jv1xaMP`}5vM&C{zVlD=Yj7y$Z4=dxm#2d$=?JUEysO!Q^gOxnplrYP$#KC_p1s%^Ks%^fSeJLOfzf955@g?{YyV#@n=B%G zjwm84orO(xSDN4|v;~V--vC2`<%Lu2l!6mF)!M%>cF3MU&y4n>=R3MiO#Qzx4YGYD z{FVH@y7KzB6tpy3LR<#Y$7#Q?4`hf4w$Nq^3R*7|1QtuDcvN-p`2YzT`3lYHjJ;fs zE~#p#D(Y`wmsYW%4Jx|k*=ko;jt1|@(w$;4b2IysLykVIwe%CpAUITk8~gz6-ovY1 zWwSVvG_&QN#?Vm?w89y5k^w1fKZz+6$S6!)S-Uh?S;l>!hrzg9h`7Tap z9Fj^DcSm=7-qG-s^YCUtaen&DXwO8Qn=9om{b#3osL38XT z_J-U$e!YWlXsSu(#RuRo&9XTij}SoofR!JbDuDs-xz~fDhp;%9^EdES<1~kw)a37W z9OFR7xg%lC$&&^PuHiOQxSb?)t!GJ3kM=Sw{TUbER{w560UB!_A>E~_7ypfHV@cha z_q5Y?OKY1Bz2BszNb<|(fwIg@19EEn1=Li9cm*hQ`9E_1MQva_fgQ9w0xAQ(CAqMv znc2LLswx8(fRhu&_lj$P?(Xg*g+c%(n*)E2EI_%!-Pk!GaZpy#@kF$n7BP11I;#X` zShmqE&~YLXdQuwyNM`9P^z#4tblT3CkE#uS(*p*JUcx=2f@xa1&<_e!XI1pg-hn*@ zyZ42$3=<94)IwDKmJGNc0QTOo8au{?!72z~2WS5S=XEE+PXh!!?H{Vy##wS`1!vK3 zwyK3nPtNQr*>AlgKBLW0Vx-^HXj^Pi6flQHNpjtu?uSc0tfcp>`BL zn?-&V(}H+Wg>v+3{q2bfo2Tl}I7uCejL-ap6BtS;?T@L^R7#uNg;xvi%3hxM55@ya(i_%YS%FMpW70XJMP>+iAZsS!=PH zfdGP^`ZrA5kzKoYz*i7JL`4n1f&UKy*wx*KQ8Lg7ZB|!^w}*gIL%TPLz`pvAjwjy( zuqf1;bxg~sv}8S;lVT5GyTW=TRm!X8OrZ_cij-v7m;EUi-^&Oy4LB_o%)W(^rb!auuzL(zU=nW z9d&Ggisb(^!K`}-jf(!r2o&;M$bwDGI_XmjM zFSOHR3oVt}pt)-LfRa78YG+C}k0HXEHI;xk9T^xYk6td&%qS=%CTh_?0)*)5(Yex7Sr7upa?mvH>{dn_Y<3OLK|#&X!-s-~u%*sYM7A zC!*o*QFhBpf34Xv-qkqdF+^OJ*NN>N-kxG%uaVVVE{CGV$KNxVT4Cu{ywzDEWhEaG z=y&*HaWij!yAynQ?W?s08F>8jS{Dr}Y89Z+7CMeL~Ei67UtD1$+FDCP- zUAkE|J?Ch>qXr#oe*9+0F1KK*ABl2e(?MUq3!}U#Pf{OdP;vBTE1<=vXPVr3^=acK zzshRjB}cO@+yPf}aGF!Glfuz4F>2qpkE#%ddImc9Cj|cGMnYZ5SawMkUZHwGlFCwQ zHXRHP)ZY=9a?6E_o?J@Je1aaq{`q7F)~1BYK`Oy|v>grs6KwyFVE#{>eP4fA-#_;r zN_wt(;YMAMKhvJy5>xi78t7U(tu>6DOiL1y%j2lagMO+yA@b&;2lctVZ5oI}^hg-u zTDT899C#E0ppwVKRnPO#u9i!0vxKepE!`%UT9y?Z+KOJwg&>{|L+Oe)Vlua|Ef*J> zXeRRK&)Kwisk(D9m6BemA9_hhR@hR-hc}zI;SjBMW;+fK$8 zML$;MR4)4l^rwW`?{?Be*``V|EN zKsmE*f3umfPGCf_cle0LyzZ5A;~g~KJHJbs4#w&CkvKm;?~1)q;NpZ`9=ob+jAluK z0N4T!0sQ_b`=>(h4K3CPCODK3^bIU0b@VViE_*T9#|ND;veucMW5cpDHI?E7%%PlF zG=x)&Q-ls{8{6tV7Zsvzq5^uv>h~X)gzg#u)<^!A_I~&fz|RT@;7QO*G7kdikvZ?$ zoQt`QtMjc>ZH*dV>@qWG8Ibbl1J%EI=i%lLn}h7pIHKyU%^WkEHJ7e778A~^O7vBl zcK*z*n{(2llX==Thr|O<^!z1xtSI8gN<31_C)4DW-K^V-Oi*#@qcVbe7m5u{%bZIG zZU5Y3Xh&g1tzh6{E26s1TPmg|Kh|UrV)VI!T<){*bbZwNYeQ>4y1-tIE)V7tmuZVj zT(NDlJH(yU>G-34YdMVz_YeWnEg?PnA6*N4)hPEv01C)qdI zYy9VK)er#EX?eBf%0(&s@*sV8R5!9Qg~etw`&a6y6cw(E$t4@k zz;x#6N#v+~q#to>+r{TG+%^-0I%n+jHOoDY7UjqS6VsmvqWel~9JBWg`Mno!q~|}? z%=p(;)@w|iQpP9m{eJIMp$9r_hgysx?^;=U_Bj`-8yE#YU)rJ|r>vp2`I6`qH79;D z>qC*zP<3q1^k-=GL)F(iY)#T?1tu3S>hyYp22H3E`DC@}E_ptQO8usd6+BNjihX7> z&RxGZa*xQJ?4MfIHq;#=fX3VaxH=%I7B-O-2OYw^)xIC;*Y#BH#c7z) zVjU6q&iv&{ym9qM?WUB-lCK3^@La{Q4X0&g{pv?6O)Km{7jjm6cu`?;sz7AQYAaw> z&K6?CiGb18Q|0I3-eU*Zvb>LkD*-WQvD~EgR(t={b%LA!+6{2QZop{|wATJXObqAu zxv;ub@o@iMs^YjOlCkvMJ&5)~uvdWr#OQ%HC zpf08KxZ;$PaG?TfE+{eDN|H2Oqi1Z|V#$P4S7ianoGDA(g;hOE8<1T(aA$A$!zrT0 zSUV^PA9w&JnF%7*6gs2!79uy>i5%6u%U#dBahpbP3m#tB>FRPZBGL7uY;PawPHv8L zg>d}Yd%5KGJ2g5@sGQ9Ag!|ti`NL@Q#l`NVjBlY)%60H13{YXny&cX2e}Lg{2H{uu zBi)Zb_R45C$ni&gCs0Un9)#_i%9bJY)9C&MiW_LRnkwZ2X}o|M!fqLIPIYT7Ej!k? zUX+wdn2%4YPqNoek@i9c@QIz!)F*FBIKO|fC`iFKwoT}zgZZ{inMW3Mh-RsYkunv< zo#Y-Jzm?5%&hO#dxo+I5z`Oj4M4swas9<6q$4GunSKQy6v#IK^Zg7QwHJp>{}#r*!&#l1U%;cQDk> zn2vgeO0TXFlbaK0qxE?F@Kq=wupnHcoEk z;$9h6McT@d*X9InK^e}X@Yj+e5Apu>HUv;Df-K4M$DLJ#x~Tx3G3+grMwE?5HE)+^ zi+}2DmsZ-H+SnDe);FiDZPBa})$mG-A0q7#ghm1qJoj3gQ?|BrXtK3fs1jJs+-Rv1 zJgK0|)F%Jevw~hqp;eOOA@;zrcdR+R#RrjdRiwYtzlL7Q(emho?m*X)`iFxx_FJV= z9V-qSAANt4*o;MINAf2g!~5Eyw3~;j+S`Jqe{VZnhEo4xTFYVk_Uap=T6cB9H4~d4 zsYLz%VDBxU;@Yx(?;;_P;K3ad+yfNuNq_*sokD_JaQBb|5H@1=6RBYzX73I_=kg=ti#dRVuy_L|FI^IN0CO{Uo7Q@v&@lWspeu9HC~CI&c_)G0 zu|Ze{n_X?NIbL&3#%e)&tYd+NF6HUz;cl#la1$o6dkSX?k~NyOt;GJ+XuBVH_i4{I z=M-+V_2DZNdB}Xn9`T~ET93O!zc8BwaqQSuQFE@B-(#CJXQ)GFz3Met-`X9h`Ra4* zzMPt6dTp@BH@{V_qR@BB(dVyd;9b{hYmVoAa;R1dv+^~wrMlxPkJGe2_kJRGb8qxS zs7ETz!Ee(nQF&Fzp1m+D?l?W~rZvIP+(7-ZrvAL%f&-23M;`^NxZ|y~eu}rX>t<=NX zROY_UV}EUf380Uc6ymjBzN;91kef88Nla!);?>lUSooARb(_OL~x7hAQ`*^vIj&XY~7n} z>KVh$*i7{e!@A_=^@C-GqWkBGBq|TDH*8jCgk|_U`ZZli7sf@2U*53IRb>z;ORJoFF{|cCF;oQ&xMjI*9zX~;WuCqf zkqpcFy0p=LxFJL)xz3B0e7@cE?u)x<=8D&F*BvN`qt0%TTA^TxJ>+My- zL}Z>l*}Y{-FXsdLltep zGX41xvyh`l_{Gz=>}H7BrJuqplVCrg36@nbZ!Lf+X%fua+-@DvS%TH3sS#HtYVz;sLkxaNqn+no6`L0GlMrs#XRt&u&tx{ z585oZBSS>Ob>Uo&3}2;4waH}9A1!Z)y4oMNTEK_*(~F{*sn7P|2yaR3&?EC#E`z^7 zm}6`h;HSc(^=}3%8Vp9u@kTiwF+-lnK7`K757o{G3Slf9Ce}q=s$1>UaR$pniNE@*$y|;jzt>RUIY96LdEQ#Za-~Xp0zN*i}}+}W!yju$EWaK z1fEn})=ZKXPJ%K_mZnI+6!1i0%iaHq<8BFm`9XS}bYyM1cC~Nb)#4uTaOLguFL=mF zgxT;j6*%LCu?n5`HyIJ>|27Tl?)GJr}m8_c%_r%*SuXnvd+vJ?Fy{Oa=VbEBzG@}B*z7o zp85_i(K&-r^1;rdcI+uyz?CH984{D#)k`ttxDD(s&Nd~cqM?ARxl*U;pZ9?M!``zre*JO~w!(4f zws0RRhzi>gJ3Xu=yx$cBrg zJA3}OFvdRgyzJX@neEpN-w3KJ!Z`XBxUaV*+IHCkdsuVX=vfyNHPPQ@wj47X?hYBSMY{J zT83d}Sm+xgH5!xfECic9BoCgN<9@0sPUs`A8m-Wv667;88RF9&?!Bp__yT@I)Q!t{ zT)IEJML)qs(7|C)dyLNXGB_xA%f|GSt5n*C*)jVAaqvuRxtj$sCO+DcE3Xvkj3-V? z_S8mA%W2KWJ^LFyipZL8kxCVaHuKk~xl@6qny;v;Mo^~@awVUB5jeFOEBv@!T{WuV zBrc#Tk-oXPa&~pft>x8p_;qgYJLk8+I;nvW`CFVeFW!^O<07mHWD>3G@)kw7rwjId zwnF^laj|cfAMEDjISJ(F5zs;P<>yNRfW7i(H(gO|Ik^9^Lgs@Fa!L)p0bDcX*I>L` zOg=doF$m)AJsWi#qo$3?EeuWX+k)oDyL06!R7fS^8-tO~)k6`gO8qK@A6^}()D~z2 z`o%(<_rd;2!7OBP&pSus z+jo;FJN=a?xIi+%McsIq^ug)`($Cq}#TBb=YlMP_d^=e5yaZ5jGcA63f7q7WLVWbV zC30Jazg%Bs7q;W7reU3(A!(l<6?-CRI|AE;B}gtct-vv|lr5*gC?@L2z$1Kg?&c-1Z|hw#h=NU4-1%MWbY_B~S@tPTy2X15W*VPj5f3(H?eg695)D^ z6s*saZ4tuaf05@LwXxwEH@Uer{Y0e9QvO<;B4=Bh#GDP%M`?21TaRF)p)(DI?caey zfYaXGWvZU|lb4b#k=Z8w5FOm}+U_TH5>C*Or}`Jl2IrraQEBAfy9F8UrAXWdGgYEh zuRIPs);4QksCji=t}=ZG(&D*Q*4%Clmae85>AVAt71oJrGA2jTf^WR?;=j78W%t&U zO1pZg2&^wfx9*Z$)7lr{>Xhl2J*Kneh0uLpzbTw3itD7Ij1RN**y>%K(&{K$*?IF! zW@jCiTc78@H^%q2$nI|PKOsSXK!racv%f=vvT<=Sb8!DeLBU*{%$z*`9SZuFe2gsr z6$<)Gwmd^igI|%t9~9ls5ApAa6aw@s`!7`HZ;-;j&xZbU`4mMgEv@YBAi#h5g#rDC z7*F>iYw4uE&8vua+C_gCVU+Nq{>jUMlbpS7C1Il0P z0A|hhD{B4A`?)#E*?{ub-}3-?Hc)=n*`EQKaDnpIItM2?J5Yf7Z>H!!*W>>^^~?Te z;?U+`Zh<=hKf z{IEU0NDjap&&Yq2|4)n$82lG2_~$e<7whjE`bQ`JuA%>*N)A{#ezA@JD>?XI$-(cX z6#pwZ_+QDv@6LYyGikz~COH@y%qKjS^JRZel!<2Z`h^9|&F_urbtYXSK8eHz{qeb~ z21x&PlIg~C!c!6!k;+#E`pzF1y`Y9J?laKAt4Q5Tf6r5tcfwb2zcmrTycTC>tDC@%lt4Dq zW~jmPP$uRkA)7b5DLiRiRYpc~UEtMGSK9+A3oEA88O{Ob%}j?NyivbKvIL!jQy-@# zY0G)3()&FTN4taA4*EL`v-V^kW6}H^%w31IX67I@U4?r%PQlJ{yv8NeHFSfK(kktw z6nHYeVKegwNgsFkY0||_&HRUp5tbH0VpaCfUC~CNqBvXWVc!HT73?e(X0md-83~np zioFWdIu-cb#$#&hg0&`NLKNC5$MYYDeo)^{*$iwAis0ctVAaCT&1RBYrVQaot*5y{ zlmZ;!v{3rI9A}6Oba=JmGe=w%k?{w(fe(r7p@1`_z_XOJH776rfy;WZ1(U@IJ}JCX zloGY5eDF1~+wp~R5?=F?(8FyDU7H*!#<#VLUr`=mjZa+quh3M*ZW+b8XsZ+D@pKlk z69oCF@w(SsB(`CpEK|u#ZUh4^DMlD@g!3O9<9~FN|Ce>|@z`JP&@XES;!X`56h;K} z2f=pd3W2`FC^vKhCZHeG_Jl&bF9q>gGJGMl(FlFlq~$9hNLb-h&LgU3Tvx|f2pNmT z8o3lhl>zd7*Vhe7*{mdF^Q@DO2BhiCO?jDUO24Ias`!Gj`Q>9EN;V=zgWHvA{N~)# zIBCwyK+OBRl0uHIZ1xm~y{=53LhN^$i4vp>6jY*~QUo4M_aEG_YnF$v*FX}^O*5n- z>x0v-#D=U;HZENuqUKI)W&8JN6(;aING`_%-NnM@cipf(4;)UHGDfdo*fcpcpseqV7({#Q>3H(yl6Uq_gW(D^n zTY+5c`bZA6@1odBg#XGJ9zb{eP9Xyfr&NCdX8>XjjK>O|QE((yNUHPHbaMr$k9KUw z&GVr%VmbH{O@8tB*1ReaH9KLDd|jo-^Ejc~?SMciB0iZ&_`497oiOzvc${kD-Hy^3 zMQqXarrWRT1wBlE+Vp3sf1>*0@7^nzefI|ydwC0vs58z2j+%132xUfWT0x|BgHypg zY2_dm&$5J?p~J+8gzVp)&i&on{kI>NHy#N@|B5_nP1*n9lmt;~b|*(|hO^Ax@!Lv+ zXs=@Sd*>IMQhl=gH>PyXov>v1T^U0|y+`ZY(rJMM z_l`r%c$Sm0z^Jt{cD4Mj3O2&X{ropBY4L6fHoYX-z~Q8}XPI4ynabpkLuAjgxqtD5 zQiXBH(rWE7UfJ1tc6zdf|Eq1FUGz!Wy^u&o`LZ11&*glp(DBO z^|Mt_JAfzAdo_p3x(kfu{oA_Oj$e5_AnAnN%QmXlS)3A0b7oK+Pvl?=TU86r{ooCo zjjb8wp>U|iHa+g@*H1bO`DhPC-W>bRK|nQPK*5Uftb4ZJ*F2zCZKRy9Ku0d>@>G%X zC_c;;U048=wMi(tSDj52`BB@T=MfA^Kw^jPJ9qoMUP6|T4FT7sMP?RmclL+ny{g6N z4fDWJcLpatLde^hMjk%#zO)%Hd2Mey_=;$SX_+``KY*?7L3@~88XSp3+myMgP{1oI zT}vt@>Pnrnc*XP@Z+b<>Yc&-ODnD1%DK*H%6oCuHT3UV?)1im1KX#*_Liiq5cX}2_1bb#fO0-+(|Q3KQA?)M~YB!(3iqC zJu?HTSP>^Wjt@h0H!!N&hc{7~B8{438XGrD?oEHqLsP0ha(cb}qDfU@+mn36T{)*> zf^nG-(O@ASJ$3z%oF~q?_sOF-y*1Nmx|RgzHe1+s=ftWS zyBXIk2a`$$)uWcYq`qP&ry`o1d51JDyaBwTj!bVTcQLY20}rFNhpHvAVwV&dk2)DY zL+xwvXpk=<4Nz^b8^A<0LN)kfZ>2TBU}Lj0v28Gk}p73Ej9pynvfQ z7Z9L@Q@g$cS+kULm2-#nhD{1)#!VM33cm+#p{xCU!Rk{DLeYZ3?P#D^lSrXQ))h`* zVeL!0aT9W~ucXO`+7jk)HMPDo64+v@O7jf6qMbnI*89~(7UQ=R&Wg>6G((K}V9GJ9 z=7H7+i5X~_TTpvT`kYA1D#{b`53L{@PsD?iO6K(S_xSPN@%IGGLl2zZl}WMSH{Mbls`^q7@9N_{cr&tW5OeGk7#_S# zQ-n{lanFlj^A>$bkZck-V5T9BULsL*i2@)Zt3-Wx0m9)wp5_xP?JD+yvdo4*>* zuamXQ*$By(%9_kSttjcG2ZtQHr*-pCE};3wE$?F9fz+TQb<$o-{YbMs7hyyF%9tJ5 zXt>1cc#vSMMxWsoQ=Y^}m1S-@yne=pLpBKIJ{ttnQZ z;Ov8O$w7KlO<@KDQ3$H6drJ+%h3$TqCD~m2@CQwIPsBs?&vjDyQyX(+&b=8Uc}!Ia zD30koq&l%JbZxBh$ARNHknJhQ81(nx1mjj-&!RkyZGF=M2G>p#ZU0|?# z-}d+IlW;aj=?_+uK9|)q@777#cz)BGdAQK}@ zjtxPy+TpS!gzZF3-bx?pQN0n|Jvt6f^|zLCZSQ;>@foXxLYB-^1~{Y=H1=Dfq6z2x zGl!c|AJz^I6x4t1euF^rJdn8P^@4peI?f@Ucb(Ltlp3=`0n=`BLWMYOD5b(g-=pW& zHi>BHh(qOdB*~_+Mep5Bv*)H=Dm5(1fcTPYY!`2P8sqQ5ZSbyDl$(P0k=)6v54yKw zE%S2Bc>QNmO~*;?9XC>Jr5tH2S--DOjI#Lh27j@i$9A?-9(g(pt;ioGuZ>@#3`NGk zKkeIVXm6ms&(d5&o#1h>+!kBj+iCMOY*jSH`JU%_GuwsIRz+bbB+Z&C;dR5iNX)58so!93}!FY4XoCs)k?Nw*( zF3TiO2|THsjUly%+R>R1)3K;wi3g+o(a)6i+Ph_!Py?+!Y*_S@G$&y%3CuQZi{<5HVxVPlx)7zJ)k%o&x z$fBHSi_LcWOWcK)7BIF3CHcUx@8XQCffc;*js;YsWh8t{Tz-27<8^%e+LWaR-xAi; z7yTlY-d2&|Kn4;WFPGl&d+smx2fQt3AQ7~{RkU$`Rq^;$SpG+pc(xL4L>e0Zj3t(b z+lkob4rBQ~l~Y_UqQ=3((>Apc`hf-xCq){hlw;tl1k$eYmWF$!QAB>mzQ`y{$wWv= z93#6#m885Y_d_+UTBf~Fn$f~8`Ai45!tz71H8#1#mipMgV5iwD2(OC2cDpCcfAohZ zMfB$fIe%RU`^>SL+HWZzdo|4WRoH3Ypf8FKk_qXYe>>4H)%xUJN6%4P35CLe^Au}T zJmEjuRc_9VvG~>rIV?$Q^D$T}3&Mt$KMz-5UaIDv$BB&g1z9DZyY^BH4~oaGDJ$I0 zk0hQ1Q$ty*5{nKvo8{KdR?2kznw{HQc9&3vMXe%-cW>1&P%L+A$-1X1_+Qq+q#qA}RP7v0G$|{eFYU9=`0s-Mrz~ z+X)TDb;Fh@cojpCE+JphHqXTJL8LEHp{DV}84A3e;1{v}3wNN@-aC-y^o3&S-xkoy z5@frM5Di)ZlcFfW{Qm%wEQ1w}!?ywM9U%FZ-eLLkDIE6#T4?TGpbjWP|Gx5-#Sv%s))o3d5UOM3yM7YwL4AAD~JlTwan(QEo8d3md3V5)|7o!{aG9 z8^qQh`CcT{on9z82zd3GXN+H~+nCzNlKRy^BA;@`^qn$ou#a4ZtIwlGc+|>=lhvu= zS*>|BDziL#cNUv)cyWTSZ|sMjLu2P5ev(01ofwD4bX3GPP=2^1wf2ZP0L|v~BgO5- zY{*dI=2SvakOk$yNr$`@h?*|a+6irW@Ke?cbyg`##q_}v%sd1Y5<3O6?5IS(lBnrN zHVmzlhb-5np&=AU>xXGYUu#@Qy>d;DO?eY~eHw3e(BzVIUYrLKrdWFo8r^{kEw1w_ z&eK09vQY^?*iAEPFI4j)XZTblv{C9c&Uvf6qnISXK{HCq^omx=MvGvjy#SlEOtm*j z@^3E6`HUZ9gT=0W@t3jLvRYb(t}Be18jWbmz2KBK9CBL^ppFf7UMD#~d;$~DGFb65 z{RG2@P3hg?!+*&`g|^XTt;LzN^vbx! z>CFq8v-Vk`MePI>B~2yLDE_GlQ#zgkS=EE+7E>4l%TBM@^zM|EsDju=dvZU#o2qHn z`EsMeYf4s$w>Ms1$QbAYm<%oV5#YSxNkvFd3Gxz2F`Xv9s>Ul<3LLBP(gc#STP?*I zDv{Mz&LkU;!+(hFh+FJSN7#mRL%gTMpv&4Ev85K-bCVbrR?Ot>*GG}j7lb~~|2l@t(trlgxmM-M~EvjiM}NqhgOtL1V&}_e5CE`xmnfS z@GyT@c6jEub6BbpD~u@d&gRm8w(J~Q*z9d*VQkA6mVv%ubEyzTn(H+9(FQxVB6~;{ zcUqh~O5om%WI?rT;yU7{h9}YB8l<{Twumbf1(J!NjZC($UrbVOPIiksTNA=2gfd;w zehoYRq;s__RA8%3ahO@Mr2lPCo}`!u;w*+Gc+ByQdu0s<0KpMbA2D&}@qd!61vrJwX8F&;B0a-NP54}*3-~1&& zL9}039t{qot)LI>5b(6KsnAeUtbf4C{Xp-=bbOch+?G^Sr&svZV;1z}#Zw z$b;;V3o5mr6Q5j?p0o@?hFWA2dK~(ncwR*3#7282;M6bCO1pI} zUO&L8*BHnwqP81O;|(4Z7jetc*gV{;`f|^ed^KcIGc#j}A#bJ~?ajwi#bdIZd_PJT z0~U(X>MgaESPPfP61&8Jm##|1Uwn&HfVpZ*BJzjEymuVh503Z|bc2Wg_#{1JS>RCk z(NqNHL-HeDHwAfNBmnAn5pda-=o83JeMj7ww`@%_LTJT(n#DOg&+K?LY=Qw;ew6>4 z*8F?#r5o%xsB)eSZGWDH5GM+fwR5p?UfiQLeYlzU;Q$aI#97pqP=wNZt^uYK;I*aZi(#MeUOfwkV} z27>^%Yy<83y{z&|x7v-}5#1G!dS2tHSn1j)oME+``~r((BmGm%Y!!_QXnS5w^+*=X zLZ}lE67jA|iAM?*C8a)Z*n{H_#5v$G#4W6dA2U+~JtkwXZITw`QZr9J}mBTx`^VyX=Z+GP5e0Pe~+L+)`Sjz9RS$3Zjbu z2~~)t5YoVig}s)Zo7QtDUeA)pU9;+vxsdx+`?qe&7Gmm!l$bMS2)pOXRF7YgUU6@$ zK6jXzF)QFpOUz3jvWFeH-CPkfLl>QUteoD&sf%e-ZHQ+Bc4}ED!S%*v+;8VWaN(`S z65YE{YhGg>vPARV-e)%NPe(>;6UUSTBj!u8_a|C`H~}pJ#lLaY{RvL$Kgf1Nn*2e0 zgW{eMa&Q{Agvh|AizJ(df(eME1jn84U#e^W_T(Y6@Eu5H@$>1v#z2^lS|`k;t4?!M zk|EbPPgNw{nL%r;Ky)-CkzB}O)!MruW?SK$y-DG`JgDh)$wZq{*+*kfm&R*`xu<^Q zK2L+5r_w3|Q5zXHSSLeD%&>RnSKLn#nNGVC3x=-yc?Yi_CvW0$J~l_UvdfmlFSG67 zEF!sgb~(0JaBwC(QlS2(Op2%END9=3UbP|m#<~A{NooW3DZFJm=30_nd0ANx&E;NQ*GU$sMoFIIrK12N6StB=2Cs^gv}+QNnXCP!OoolFEhq|a z%4Xp5@s6mqClB(PI@wb5`ev&euyLM8o~b)>evhZ(Baf+e_`Yh{2@0gqJpXoKdGdh} zL*c<>lII<0@m$rD1&6ST)O>5F!L2mlkxwL}6H}S07gMMYuw3?&J^$OD?7!Eo{-f_D z$#FXYWJ72pu692pi2Z<*jt|WXNrqh%IM#p$-A`Ey2Tlf&C+x)eLWF{-h~*H!x#ONE z887;VKOdX!{#Nw`%q8$rdSiYkNqaPFiOetY$!MLFy}f|+4(!C@OY#&K?JY&<$Vm}e zc?{D!CfL(x?gMuL%kKQ8(;Wyn=D8fT30sqKO{K!?8UY&@6a~0zt$vxKtexL_%zB;s z&HcrpZ+NzdK-;%7xpePX-04r6M-SUvia2y|W+^>2@+^QYZam=EFLYRHr=AJlG5`XU zsA@kg#FdkbAoPTe_PrKhR5F@X&#V{9BRxKpS~?BB#pYEBV3}eme;83s!W6M^d^`SD zwRa^vOh$r7@Wkk7mw83?$nhCIjicSAvi4}JlQ~I+YW05xp|k$L&3e+NPbbF(vp zS${(4oZM{89RF=RV%EO^TK^S<&h>lt=?Clf^F#bUXP*B)QwEUr;9n`)-v%UR1;X0` zkp2%K?O&vv!JPj%dCBo-0_a?SpqqayOZa!{j9-aAPA+mVP<~JR{U=!LZ#w5^7-AN& zzY^;IBq7WBE1}8xj}w}|;?{o>I0*jz*qGHCZw9|^uxhY$B_APU)Tw4u(Jz)E z=pw#neP!?{lZiUTCv@<5!=1`D()zO~_>sk+S`+xmqJr;5_X?Ioh^^V6^Q6Xuey$$x zLEeHk128r>mv*Tm`Et_+v0M@v;}1Y!rO)3U z&P!2^oCb#u>woq|*2R`wbQ5b*6`IBX{=4Q|dF4rkpeHNSEkbfw*gdq^XqViTUs#aa zPV@B7dgvn+jKOYhaZKOgr1jIVrrXb6?Hcs%m`m@QO7D-RL2MO1aY`=}LYkg?)YW%5 z#=%FnnO-sp;pM<=kV7bQhrISwG*97v}5I^UMC1~YFt!|K5?-YE^;+MIQe(~vmp+|e19or-}nQMU4whVh3W6Jen9o)(yu zcXhu-L4wh^t;zUVunpCObP@3zw@pMMQy0Z?+8#&joKd6A3hHiby$`&o-c&qB4DKO) zrBq|Sj#i-2;^Tu5USB3wphAls_^CRb>2No#=5&kS0&cnqtM&`^p4dmOnVLE_!!?ak zy7jUsTn8^a&^v^OR~Q3t+29c;BdYa3Ih$*ou|80@Gr}!UWAoVEDVg@SL+>YcDKwaA zeXz{J^wrvSEc+(hZY+ef%mns@M^Q|MG)c(bTElFdGIi)llyK@nzIctNm81o@-53v7 zi!SL5b~kCk-j!r%=?+zQjnXu9d;TPnA?;fwH;!>(sD-O5W&Gj`L zlK4=l!`cRFx3&&{k@HTr?u}~}h94U0qo<{zJlhP#%`~|Zm$4+J(5v}KI`&cj{p*(z z{8jDtmvkNP>+TMDXT5lP=+i zLFy>t)$j>8B#8*0C_YM)*7R!`xR@eLdZ+f?VI=n5o+(mzbQL;LuC5(7m%l~a1Z$d3 zW$GYB6ia+Xx&7v$e(hON+}YwaD;X2<@#GQRnMx$TCUj--vNc2s&#T_?_CxuxRZ*gy zVQWt_l~3(j@N9+U;IvibYi3d_68>U~xF`|tTLT%0ocJ5!`YDaf+3e0j+T(b#JL8tk zBtu~Xk0-bv6sg=Q-E5`r}Oq_*%$l_{tt+9_;n#(~2Md918H13Du?aJu6 zOx@ROSVF~pmKdM`Yw|ebNJ-OY8-(KG_M0Px#pK(&t9EER8g3`c_bY|?T#m2ju&iY2 zs_dKQ$9ik-`s%F4Sk5h*Q)!6&Ub47d_chVPMc)?dD_^uxam^<>SWc$DU@+2zI&Un@ zp_;4oun=?9N!ebt4Tc&Rv3bop^YlD<-0I|MD;l5WapSeLK5rAi9gfRx=0!3?0!mK# z{wz=>@9^YM(q!1Sqp=}iO@_D3_-3{As>>?L#r|$+H{eRPo?~;Wi*7Y;U0|*OR?B3? zKUuZX?i77fY_oYr6n*V6Ujy|jK0I`@@=&i?2S6tp&(&ul&RFGa|t zDl=W(UY1@f`e4mhEh(_JV}V!SE5Ipa8_ivcs%-*#=k}ylBPNhFE->YZ$gCo7FiVg2 z-RZSmmg8)l>-nN8UIPQv_3X%dIL}|ULEe5T=+KZMQ_I7xZ}#N4L7i*=c8dqyPi0?6 zr@^T=p;yYPFzK%IGRzJ#=WKs>w4OvN;$sT?&`JANOl_iE~-bp?l zx#(`Ve(80rV4ZZq90^GHol@Cq8mD(4t#i+V03~KgEqmTBtzo3&bNmd+-CYV*+8g(J zeL``xj*aqSgQJE7b1Q8D*Zt#f`_P8VGa4?T8Azz6*q{)ie^Env$P zJp7KajpT7ftr0OhXT500G-{{B3Ua~PFLl%`n%KrezQi}3yO(b*r-rqh5JA>xID;u8 zl1fbxtTyGSHYq4UF$$v6$=M-Q!H9-~&VzJAsZU~)F}}M!?OSSnm?o&yaO<5=YaS>j zW!(rEb=yx6)dr5c=KFD0Izl#g0j2ZNIyZ}XrPHeQiSsOmw$PTDLJNcwlcaeX8?{eW zWx>1Ru-9~bJDd&TO$&)6{)lJH1W}v!n0Z!1q+_e-WvCb5Uh*MM&TVpNFH%osIum=b%OLc-S)LL~5Z zxJEP!&FW%nt+Qx9-tDM&w0oavnw46Ab)u&roQ(_H=q&?jMa}>(d)jedYJ9VzcqA^` z+}H850{Q!M39(#4c~%m8ja*`A+)($ndRbY)D!auVKY@J<4IUd!ZQFK7`Orm;Af~ip zYSQ3$Mg>SRnne}Vvgb=74SWqws*S!?9E2K3c!;1zEntl**Dz!w)Bu|g6{(KLwCX!r zXgQp=1hZHr(nCE?YmcO&=d`{tK*y(-5#lw$mj)8wt6lVi`$?+})Sw~8xSkCrQ&Fiq z`laGp&iYH`qwHw?M5TtVw{x2pS;m2vYbujmPAob+P8$mi(o{vVlCs-_xuWrt1|!*{ zqmCk?G_5b3xWvr4O>X@zEN`&jK!mg}nND~MphZrfK92jMZ$b?`4?pck zYcoz?tp!fB& zd8N3e(n$bSZpMiJ8pMiY(RFTf2DhK&Ospb!{n?eb`ng{@Ha~D&49%-kcim_EH^PG_GuI zm33Flg?@Jwb|h2c!ER)lEa{xH=I!Qgf1ft()j|S?ls}T4LM^5G`};u%9vrDVfaT+u z7VnJU}~# z+$^59?nA2&&%d9rSS8c~VQ1 z&ourYZ0B1Hj~fk&cG9%5p-d46#c)LsiTiGlX*AyJx+?3X!O1jE83OH!w^L3@Ue`C{ zNdlhMy8+wA9ku4U%q51#A} z)~g2XRrB*X9CL3ccD@Mi>ze0as)e0|0w3c$RG{vp>bg|?tZ=r9Oi}C zuM+59%(G~nS6vU2kqN{%n-}mnzl^!aIm0#&-QpT+_5vc@{#ZA-ErN|q6U30m%!+}i_W6Imv7)`IR+|{B{)=Wm&`HK0K zpS9lufob2;*fXra-8KME3k5fBeTh7}%Tru3WK)itJGcEsBzId;y{(4_x2+a=Iy(H{ z<}>|b43Ck5Uz42fWy4U@hS6nu8@{EV!|H6zX^fZ>BhC&7NrVJzF3!Kxpzmp3F1b!F z-avp>ie`6zv#rw0_}zQ7gRBg&5z&IBwHxodq3Ar9isg_uwkaRhX1@u^P{Jqg$(d~M z-lcxD)cQ&*_M8}+lCi{b2_)W-&GXt<#N$hKI~Rer1Pwjn>|f-dE?c5m1E)f`~s4BdeP*fm`9;5L&I_S z9LvDP7Lf4O;~9#6v8c^CRYd?9E2G`_9lF|zd_jke`hI4zYPapQPfq>wb+$V#dk))~ zA$EVVPo{k!PLDVTE!4SHsQNoW*{= z8n2VPuJ&1k%#$epONYSlO9w%DX)|rLv&#I9`jA&sM{=kV@VAY!EKoi)RK%qmm=%=-{gANZe>A<*&=w3BQGan(ke{+us zE+xf#F$He1Ag+}w*aY+O2rY-8?hD{m_se4x7QuBE@o)Br<~eiCm$=c(Un7*_^<3mB+!C1$a<< zc|9|qBbt-Zwa*Z^w)Glfvr;*-w(^C31*v>)dWB?Todjcp$lws!&te2j|CE`Ho1Xe9 zbCz4XwEl2~Y{vxmSPgBhQ|ITofTJNP8iRVF(l>WKbsp@c^UQ=poQ0-eidyG|db-C` z6>>X1+Q!UK_l(xE+Bi?o~YUJ%V!4d zc?!7>ylI0AtIMmhu|=xFuih9KIEPzHz5ZmxB$jpJF5tG%vp9A*Hs@n1;OnqIQ)1X% zoO~b*#rSqOW{OH!F7rfH<#XwXO^>f;hNn6yvOi=n@`(3p7zBFvQQ0((Pa{Ps*KcU6 zOl+vG{@(k0P0fr!FW#rV_&_A?!xiLbMu0QegNePmPPAl*_Kd&-)wNV5O_4SNM-Vky z=EI4fnZiCBBwPj23rHrq@TB02Nz7~N=EIPfrWPu0q0Y4 z<3qB2a=r1**BU|E8ABL0Mrj=MEtA!P;Wu{m=8UKPpm)(|V|?F{%Ad;^Xh&^R&{Q_ zguH`;Y|1@)jus%jFuymRn;WASwaPwkk`G`M*BAX$@o5KAeo#`pW`nDJA`gzy=%`(@%+z&tcZ(!hEIN`dcfZeVf zUK>V8B6{RvL;srR>}S5S;`=A=au!i0J;A)MG+$wkI}e6WFlyfmNT9Sa#^nqDeAER8 zOeB#)%sNAZkqbI|L{-Km2{TiTLyVty_<4PI|2p-7Rry>6^~S(g(j~Ixmek`Cj&@ux z`KhW2O!Bgc&V8{}q@VBpdDSMzimY`qD+y1dA=GOJAOfKk^m`yeG-_lE)=vYtMRMOE z<(*^jBuyJn=JW!p#6AtAK8`;5jDc!nWMhc=^DaNH+REvHFZXGR0jD3EPoo}Erno#h zDnU#O?T-FKY&U4(%k5W6U?-X$hLJAITVkwy`s=_FN!T0-DHk^X*6X~asV`tBS zaXH$A{}Ph@87;NGP1w5?qcLQDK=kD%Ve2!t3mp>ov<;pFG5e~#9q2GQ&?qL)I>5Zu zbL5eo@lHRI=>7FIU@b>P_hCrtJU&>Ll3thWC<>nk+YGXtc7pkuJbbh1DS=P1iO>mH zE~SJ6k%SU+YcfeQYuwjYin6ZiaYox1JsIFPWxU`iec|C5IA$K)LTVt(07^o+0@h7c##vQoOkAEKgkkGW-7KweUc}H`KIj&q3}! zsImJaEq=3#o6cuWZlwcli`3!z9M@a;Qc;6PDNIVJUb@!^6sqUcnY1WP5!UOXx1uK( ztxtedeIT=YlR|kMftq`DG=IJIJL7kH_MnlE#mSx`w{$1dG*hl@{=j-fPTz^*n&fH|u7i;sP^4 z1tx^%ED<^cQQ>R1R`huJf^x~Dhygcdfg8s`_zTd1hEMPkE0_FzLMLOFpMdK8%S8j*Q}eS7cRCmYtNt-}#Sn58nfi4Jti zOmM(uPmX=zNu^*y|HlU>;r{G|pllwLIFO#d+$Dt1hppcp%s^`hFKGbw+fNaB8T~Lqht|fpt7q z=l*Y(f@UPDspF~m??0um1~6)u`S^d9+oH0?nNL2#ir&G9yuthABgb()Dh9!_#}Ivs z#9&M7aox)_^$@0R@r~m<#x)HhA^hmDu{O%w{$@_nOSSwH53&ViZ(8~RGdv(C7~3Q)O9}g zm5M%L;A!8!Ws6tVv)Fnp-k}Fv#H9Bu?_bO&>n>P&%!$pZq!SAgP3_mFkC_KKe6^*G z?5eBNsI;t4H6K@`qcha1O{8Q=?oSMSoe^bP<`@ig;7F8U=^zR8OAO-4WvI&qY!+EC|h1*fG5^|0tm6sgxU zk+H76Sv>>Bpq(#~ktaY(aiP2GW1YK8Rga7!PyR)_d?VmOU#VLpww zyGHF9btokb4VJnQo|sZi1q-6ttAveXyGUw0!l5kwhRNqa8WC|S4uNeGYrX4^yRJ{E zRw>-NP&^Pu7u$k}95a*^ss(kbtQSKu96v~soAvKYoEB;(8TTiKqOH&vKS>(ftCyfO zI9y3xAvM2x-pDkPB51c4JYO(t)$(#pl@CF-;4~zd`L&E-M64?{)vD6!5{gG5F}*qj z8~TLRzu`p?bBh&iIWRWo4<5HzO&s7r;#;lG$5gJxoSnJzV)C8CW~uLnyI|@)KqByj zE^>y*!k#s;t<}`zsgV*vsGRAvdf99kn#R2vRnu~|7Dff=_fb87YvRWg?Z2mYdsi$Z)B1ztgTcSymVugJ9^Wo`Z+piJUr=R2~tu15C z*PI|d?T)O9P3ce0EJlh~hRZ8ik|hZsT3>M3dR_RMzB6NTmuqozI4hng{#YvGcbDMq?(Ul4 z?(Tu$?!kjQ1b26Lx8UwJ@jH{X_TFosciy|_oV(tCcS8SwX8dZ5Q8lW&x<=Rci4!F4 zR%mncHCz6g(=ZS;P`HrxR-B(!A+<@e?qmH%UK7$^99EAUZo@cT{XNz#kd;amLWXi$ zJ3a-6Mx;;W4G+Q^IUi5>^7@+#<|b4OmIBYcy2|&NmV+n~riT}2P3#+eRQQbv@GC7o z)nBCXIxJDUWo4!r*+Z3%#BQX0OmBtL|C}V|9Xl_49}-$+z`@48!-_FJPM4}fvL`}b zF^IM(!5&h+WP`szJW;QtIh3~&zHVREKHCaX@qwN_llRH;y|&>1fa;AL9h)%d5tdxC z`sj@K0KWorl=L$ycNz^Dx zpqS}0o2?Nc=fsgAAJNe_ybe(2T)xDCw|jp~7xSK|GOW9jxA}DO6Y>$0he)%yYg2!c z-ke|ncx;BHILuycp>*aVl#(5>XO64)So_A$c_Ll%LPFiX{E&(=%(Yia>=Nz0hbQek zxHm78O=d97xjjAUMMWkhB_NLulCP5JN#^_!4!ajEzP|up889ND!bxO938(VC8x0QG z7Tks(aa;)TSUfS}P>L1vjvMUX3q~BDP9}itG zo{AyqJ9(A++n&A&P#%K3cRG!6WG8>dFK^~rDIWJ3AAX9Oli8~}I+*zEf#5tg zVImKu&IjPbN?!J{|7?$V-6)xXfDZj=()c9I%y#}v0U_T6eLK#<%ogtbq3h)7St`m{omZxkh^Gc#MvfcL=yg3$ow+V=ndr=8 zui1%TLYSEkeOX5_5D%`L0wlTYUHCIQhY?e!t?KchN^D9Y648jvqeefPT!?>#a0$}! zGKTo^TKYEmd&_&eLne%?zCa)LIg>Gyv8Z(dbZapLuUkXU7ERLn)s*xXrGVz{Hc6ph z@|q)RQcwFIcouN;S2?l8B5{zhIdHxvtDwJ1x6w4XvZ@;6_J{;0M9UDG7$x55a7~y< z^x~ziu$N3(e#2Q`1@pSKHDq*Bx7BQ?+jF1_>GbFIz}Y;1bNJngQfSY`LfSDLGNIY3 z`tA6x@dqxn$0D-?POYsiTKjQDbWzdF3mNMmcY=K#7m;4DbI)yiovVF`5%ooc^h0nH6!o&In&HGhNVI!r4B12RuyE z(ejI?I<>#Fpoa1rPKXpL(~rn#ZPAQ10q`-DFYYBX6O?PRQYPZs!RzOOPj3KDQOZ;a zc{S@i_8s^cIpd(`lqRw5=FtPJg9%wo$zLs%ECvcR=2TDs^+x@sPN(;N&3rI0d7=iE z&o8naAS=dP6i_^B5z&w;dn}+Svg+iK86{?oBfP`EvKX{tGbwmgZZ*$incs_#pEg`x zDVpva7_h8eTE8#{vxO}fe;OL0v7R&`dbH$t9^#y7<~>_&z5@-N1JIr<(UL}lUs@kX zGRFpizb1L7qH*D5E*IXZngi){x@=t^=%2G+O2l6a3Ox(8t{2S~U)|?Twk_Jh=@s36 z_!NuYcn%jUf78c~!2Cr0c&3Qkf_2DrkQ}Rsj^DmCU++(w2sr~UnwMC_qF7Af=>K)r z0Z=NE%+%Yg|o__R%a15J0xCEu?STM=yTgPRQ*ithfV2kg*N!Lm^AJ$iIQj+q;I% zp;e|2?32#y-Xw-?JvS59@(e(?|2T636rB_@e^U~ztTN807r$tDa}SziE$uiiKYE!H zsPG1J#YVw@KBBJ{Nd#&R-6GGcR+ZF)hI#VKZMp^&=O+g_pi}e!t$b}hHJ3`_)rsx7 z6m7^Esw<7KM-z!9KF81YL2Hh@=L|rm@M#WUJyK`+teE2QwZtHyJexODQidlk&69$& zNj?X8_7IH4m!evktlkTQ8PL-;%vTqsR~eybFPXW>>3V!na%@qj&*vhJzZ|z5{a$8E zIg+bdrGaMQgGKeogUK$MhgO|*EXt+y|zIeO5x(?1SLq{T>;9z8tE?<@fz zqpSL{2YhCUTYZ0dlT7<JPcF+}qBk|T$KYUj!)vp9aOEJYfB=E&NJ z!L@wfLFB8bMk=cX1Vr=P@~WR2TwB+V*V{c=v@9yTYMXnsER79)i-WKY$MBPpm+hd# zMup6KI;>NvAT8`yrHdLw*@V37#e;Nkq_0yZvU!8njbi=8gkU_48Eg6I5@qXyr>}89 z8qNNPCn9HSA6KA!f@C}q^dU-7e9UlOcq%>tBV%L7fsWdbM=e#S#Z_YRtj*Bt(h6V4 zpGQoODNf+$8-@`M_m{YoC`mWTmv}!?)g?2F#9Y(Bxn7hvkCinfGt<{7&-srJ9Yh|J z_s@fC3UHS#uNhfACX*{69gh|-D5!t_y2;~}jfRFI&9Z%gSt0$<9Ul^bEXQ z6wO@4rRapt&;bb0fQ%OJgNKsFc{O^y@w=&0uR_NdZLyjTn8TU9Ho zXNvb?AYcOs>n15I?zFVwGe8rE!Je*%Rb!N#;PYx`>i3L>5d036Zv6s?*0S2_$-IZ) zbw%_x_hmeSA(geZa7EhV9Ml$4jJ$Fwr*|5tqVJPcZN;`rf*x*T!pQ8PkL!{j2N!!E zMx1uxl2(aZ8kwruUzrL{wAob6a0hVj0Fl#jr=`^9a>IHgug7Z6R@=*8FJ(b-%X)U0 zTtZ%(63#m1xpdmWua#cHao%Hrb|fq=Q4&uDYVNH1Qk^6ry z0&H_@*0Hzm=3k*+cu$&1EXljKQb$c_B_uqk^!G%Im9sg`05jmF$MP?qn;&T0DoJ;3 zXzm&Mj@J^-Qg$Jer?q4k8p*8_P6P+vy^I(JDF1-mBiXn#U8wGDMBHY1rHc3Iz9_0% z!Q4rM%d6so!V4RIc=s z75ryjN6~w1X4~T8ac%fD(DIlSv^-WM!rR*EOGGK3mB4fn)r(#<)a1!2L<_nqfxO0K z&&T?;XqN4>Y2{3Ri*Ty8&bD!}aCi>~DgT*y(yIsUg{6y^ipPt>w=ko9NKO4gZb_q$vU8Of3~TWU#cW|{aNjSm00ZqR=-&{5!Deu{rh+a!|dGe#j@zNPs)mMi2}aP zdOdhC#H6BVk)w?;b8^I6UL}0w$&VNlCO^NW9DvqMbfDGfQ9kL77d2>tmfS$}Lhs>& z0Im1oKu18DiKIw(7luIlih)86)It-VTbgj~X!w0*tqG&BoF@TMGBs$(;TcUap<`)9 zv3q|&OBa784;0r0w(-#SYxMjl3Ma?U@5+9-^9hg-p-kORq6giu1@n5;S`tr#@>uFV zIbB3F6$)xMYyj7QFT4-{UlZ_OA;tLbWL5^uHKsf$wmAO0nJa$}XM9nch| z3pAB8il+FwqlJ)7*!A$lDxJ;b)=CWN(9?6+70|dKD|eI_JXK%2=J?R~kx?3~5NpDO zpK#i=(&tUbd*9z@61)aYEvJ59uTZ~EDVJmBsGy3!%%Ji+RAGMd;>@jCPFJ!sc5!|f z2SuNxsKy@~*L<;X0W&C!qG)E7`FYv{wJ#}g7u45{<;djvN4>qb0TV&U6N)^tT9fznBhA}#S1K9HBq_CtVQOxU3s1i&1>jPr*~HI$HhlG^U6FK;v0p;?NsGP35-0!q_8 z1+((ANfUpKa6Ic6{btovjYw7<3$JsiI2=u}FM(H%sld~lMqH{p?T^J=2mssn-fJ-F z@7IP0fu!>f*mq==`GiHFgc8pdwiZ`o^Ll`}vGxq`seV+;0 z#2saF3G{x#|8x9CCulbohZIQ)zCZMDt@9T#vqdE{|JcK&dxP}rhBEvW@DqSb%iRyp z(I(G4AFnch+k*o9xykY92OlWw26Ft8vszzH!SY#3crr*!z|VUMw7!PIF0u$wNd@mL z)fh$;e|lssgG7pe`_(MuYl?#VRZjeei_G*V>&_b3>UudrlpOi<`~-=XE=bT$y6h)w z1qmNeF6%Vlb1wW=3n;_+@1O5W4e#0o#4HwQvi$1nfCyn7n~G0?g*Ch?miQO{kE0tf zF78*&-|LJlUcW9kUp3^H3nTp`han;P^5c!j*X#iz!cs-o%{HfL1+6kgz54mKBFz$t zDxos1%-SV|g7i7Fg1Q`D?Ip=P-rA*JRW8jk6@uf?1_0d*LRqNodgB+t(?%E=XXAIz zUVL{~3>+&S_HlgP8RLuP7#?U$SQH5;5$8C0B{vrW#>aBnL;Pd&=2a+CDmCYqz!F;)w#v`h zP_L6+=4g>~Nybd1HJZlmfjQ(_AwhgvF#jgt2~Ux-`I9`E$vAS-0*q8HqjOniIuIow z0fi|cm<|lk;IqJW9z>Z(?GY)dy-8LoJcyq^V)^)yCQD&tgjJz2ECZJyMGKU4{L81^ ze`;B6XIabKWL=d+mvyXkmn=JAd-G;>GjCBkWbtMdQJU0?W{nNd(JH(9lR&AMWRvIq zUrBJlO9BaK_i<6;(y|s`EwLe0?Tmm($?Kjf9KiNWzVN;~-nK4KImx#j{`w$6UE;kft@(t2&pm!+~c;3!I+nFm93Bh+p|GGk79|#Y$>fY8ao#Bj} z+jlJql8aW!XjslRCX-86Mo5!&BazuiijAplam`H}N7sstgS+?kXpic)YNhjKM`7uo zTWlGqfa6=MyCz=#&4L)U zHqzug&vRJt##R4}G!;qXW3p#G61ue!NI?Lg!GVemg(Kvwc7Tc;Qv_Gsm=%;r!oLF6 z)lB78x1#{~=l3wh`&vb+h6XIi!*wwGe#o%6FyGmKqh#Y?92VCE!+hqvc<1B`0dRE6 ze&!gJPX3g5BT<(AsVG;C+l?V<7z?wFQ-^H`Fz|8FZDubq6@;R|A-HY)cP&fh4Q*tiIA$w8yeaxJw+6tvD?I@{n;yJ zjQU~B7#+Ei%e%~PV=u)3fDW`(=Tx7S1A75_)5yoCX|;eOR+}Nshuswa`y5@#ga)X0 z7(Sa*K@CtSQJ=CA2(j?p(}{or&#!pFJg(D^XC{W%ON~$@dEZ+FgdUJzZz%0Bc+fyk zL=R5w_Mpo>Sm*9r8A|2xk5~@C!(3t&BrCr2>ktcwwI``Nfo^VS_?zGmhY8p^B&Ta6 zoGQ@HEUA@m#eFZY4aJ(;Ly<_KT%3%<0}VUJ=tZD4E}+}w|?t=8I3)4*yR9=C~&qs#fy zv3OQd$8BMFIB@=?{_tmH2dV1ho#hm~9szpZ!UOC+)lJM9MU_o&?@%bNgKYW6A2SCL z_8QJHB;5p~RH}4TVfUv)Tg*Y@_RNL;dm|Q$SeisI5*o}+*Ha6{sawU?z^9Y1JtIH@ zB{v2>$b-Xad-4zXkiK+>h-AYdvhOUb*WDvqAutn+(y}eP-Q#8iAKiK<^>ncGy2Y*+ zrt1yXhV2kx;y5U9xw%&j9xR{{?r_+ZlYfNgZfjLU)Ga`do4Yx~V}V{I!Pi5JUw)o6 z#ySyp{Nkyru$|N%&a=wgmgtckiS2T^^nLtRm_|2mSi4k8Yr(@k-_bk+K?f(`X((xt zujaTN#X#WI9hlMI1C9q;7T=%dpnih!TOFZf*g$>F<|ZsQewqp)7d|G`zX> zO>`=5Owy868p_#sFPx2jlGnE3XVw*UT@zg%i|%Fxfvg&Z6dDAz%#)k^rlLLLxVk8R zyf39gZVcK}d;2wu@O=8pi*@$FrZh{eV|OV7KOS)ZKytA_^2rAf1IR*x+aF6JI& zGe)q?Wuha?3{4fqt`-;C75HN>?};0~k(83lmF?+`4DLnkUN*AABi6BGg-I-IEo9;Y z_&*(2Av#(A5HqH9vwrX9PAoyS*_~XM90x1Dsqo_TDD@WV-jV>x$mJFZ3}Bn&_7aCU zvhoQrrH@i%3ZstqdY7#PNoP^j-N{AdIr6du|JBn>Rad5?%D#=zO6gJLV%hl=u$ zvqxo&mTd^O#^Q(Sy{h>~@{_6vmXWc{+S-TE05V4*gK3NA@fcx;`!of?2i~bgK1hHg zi=;`XR>)Th9Y|7Ga%UU-3-+XH+gIt3cpvv#N-LZ>B4@ud|_<>oR9wlTitE zg>dP=ep?myaemonQBlFL(HPnba9S~#U5UeJ>O^UxL+vm7YVCF>+VD+#@^amtH>G~(%@=kVGH4L?0!eO+w>%O>a%!G#WowVAv zoT|npNHrc(BW%rQm}`^^VvkR|T&!{d00d-labK9k(c62@25$;VjT}<7a9qk`9(O&v z%Zv5KwarX_+z(YyA3`KzHkX=h-FKPx4srrA!!V5X$Zi_gaqufHbY5Kc-xB$RA z1=m~6^Sjke8l6gg5oP6g*#bB#5xpSDpu>mTh+vp-Oe|Ei3b*0{=u^AlT$N&M2$Z3CV z>JZJ!%1TB?b}504hnF=k68PpQXA3+~dY^$#hsO!7osKIfJd;>V&roIH{hjIi#2c)8 zZSms?aj&=dTc1BOFNj58saRKid40k636F?4IktfT=-^KaP{o|XHOVY+a7yghcXCj% z)u9+`8HdEvDm1`m_@{DS{Fgcr4_LXvj`XVwUWU)5v zY=5C@r~2jjaXK6!EF3n}=lY9SL9?7j-nZJIOpGLjAv*X1fpjP7l*{VffZ8bmv{)Z4e~V>>!JNNs4++3m6`O^BsIJG~7&6KU=Vl3h}4nCh#I z9Nih*ZXgFaPj5#&Ixmo>Eu1)4qX~uP%600W%Icqknn+0IUZ_FksUiS`@5{x|U6D;}09?n`?l)$wOL;!NjOyQQ%A$E{0WcUr}`NALK8 z4pJU7wJHkAOv})Z8o&VF7|GJRM@QJ7W5=w3_t;J6=fTkppIgOv_bykUtG0!PlIq=F z2`MRF7`&8eo-K}^5R_`_zJDjE)m&ZFLj-(>b8vB)Kf2kyYOLkJMaSyAlX?{sUwOOg z@83;CWG3O-uy#r6Df|coij%~Sy?6s`*KJXqOC)oTQEU>hE7f2nds1cTrMwor4ZUlElGE#|C1|VP|Kj12M@k(sR(! zbAV`e1eLhCKdKRc>S;fU5-@)hHga&(B4A+rgIeeR3(DZ%`EnS4RXYF8)!6@FS^G!P z^heSEtlS-R;eXa6gKp#xavTt=7xN#?UjM^VcedZR57N&6zVe#wH+sR}LLwLgr zs1d?K%70=;{1sTj(ca1E<3B(om>B8*4MgH~;q@orousIQC;$u$41`kk2>^KA0BDN1 zni&HCGBN-v&`kUm00jXC__ZF%JcYpl;>kkEF04N9X>u4h{hc z9XSCJ4KWT51sf#|Jp+jK4xgNZhn5xAu@>lJB*_boSymk zV?*S)wk>tJToC20_C|8$4D1c2C54o-m z3H83yL=Ft~Xa-w}EAO405>=lj;R@{Tq9jTwy~TkQ$MuQ(=H|Kup=$^X(a#(Fa_a6U zs~jK0Bb4lLLXH=wGLA-CX{t^^Rk4qX%UZ*3E(kSnO=jr^A~*WB(0gi6JXt!xIIa4r zgaovjR1#N=a%@)SoSC6&tV;NI!1 z+Y`&Fq?Eu!aWW-Gt^BJpWpoNfGxVlG3Qu__XEtddkD9;Wr5mH26oV zjLMN~H@ntn#7WM^1~Zj|EJu)rpXNMF-3=HFj1c9x;nhT_is6*m2Z={bDf&5h*EUxi#-;-rLx2n4-125O!km&dCFf_TC5j%7*;|bC8GKen z%%p2Gsr=f_KB%nNL<~Y}9OfbTKSgW&?gXNg2jM(2O)vQ(QsgkpgY|h8Zl%4T<`4!! z@JY&P0w}h4XPi+B2!s21_Q9y@fG*6)77F*iCd3tU4H>gpxrYb^dLryE@6+6;%=eM6 zcN>vgCR9yl80v|nU6v;{8{k8+)>3KEwxAQ#oxFZo_N>-t4^$lJHlnezV@^%RF$uSqE2wqDYb{@~sE=^qEF`(sO{o2F;E;(- zwo^3giQQILebE`|tYVR>7D&_&yey0Ap{&R%*(%(2&D9`w78AtOkbO&>^`_ZEE=-rM zwq9K3SSjEG5;N6kltZ6)LCUqMJ}U7rac|!z6HU)^lgVqfvGwzY7OhtRPZ{4ij>0Pd zF08lxYH1pTY1wOY(`15iYh**bpF+K71Ju@~eFbF9Wdac?UI78Uo9p){X0HI>%_vZv zG>Df=Y?Arkg(;B%TQ?8%4YitGLq4n}9>rXbnR!`%dj(WeyJ7p_*qrRnISx}SYI>OJ zvrDhY`b3ST5L-TCw9tlF;B} zxGkBqV3Y4tRAjIDP z1EgN1?1cv@|6ztJn*o@-U2ww%g)cwy(zLT8(WG z_pj)%<$OJ|Px$ga9r8kcnQ6=95`E5z-^TAR%+A-+q&kuh#3Xh?{Y>(KVg_ko|a*=YiWVV=IlwTgOhd1NU&nIh&?VPsf?0TKM8Qr^=;oUMh z##6)&vIn4LuYymLqraBga`kf0rd`wKe-8Cct<@dlmeM8eE?7qR1dU&W7N>(BxV32E zV(VV1{^j=2=T@`H{8D&yiRPq*yyResE%>DTMvJ7S3R41kf_1`m)xWbp&-zK^oLSQn zZj%ow#x85ccW;>EoyjY}h_68MY7r;yORO9K@#YjCzNXcndkwp-;X?Ra)79H_7*1=f zBqMk4)Q>NyJC#L)oC$)JNQvACy8t0DRl4qV_GC#8Keq$Xz*`zq_~W#me3@$P2% z1utVZ48B1t*{2a%;l?KE9>oWCOp%r-Z7R7SRw=C+o#T!L7gd!k>lfy?Wbs(1GD^=+ z0HZ`nifo)m*`b2jgC_z@PXTPsk5h?b=rS*upA|t^HUaul$+L7ff{fEY?hQb@kiFdJ zY6^#PrVWzbhXz2ES5)rmVgZH9j;NBb!Vnl|8^J|JN_mp%w{+8UpQz5u6N?S2EDprf znyk8C?mwU{P3oL?ck$4SYcbBlFOO63v+18N-fvh#WE zsS1Pedp7h~-boh-Yk`;ZL+bKr=4LChQLB?A2w>Wc!=d?!7)gLAse%tlR}77>bDa-;WboaetKI`wQzrtpoJSQvs23o_=%23k{Ciu z%07#H7D~xMDOLM16=LVDEaTAPswx~4``H9SU*bIN>`l}|%43Dunp7+OkxtHyAW8z9 ztP1M(%1qg|#5t#)U=PH%H+ZwhPJ_TbX^qnN@*>aMeR9g5@`b@<#~sgeg|4Dd<@(XsF}RgS&VKv-=X?Kt8+X|m zzz(SvmjL^|2&gkB95kf;&j&LnXSiE0tVN%YZb_f_UmgHHSUc1jPW_h#5hs(OMENH@ zhG1VFV4Lg}TnuGcYk0_wQ{5}lW(8Q#HJ+berUmd6$DDa_^ zH>dXK($-GWo}|Hfpm%8FZ*GTYEWW60M--R%3>Uuw){V0~1~SWjyaL)rm10rCxZ1IR z_yXs*LATFbeX5#y{ojgi)o)J;ZiwOC)gZlPnAS9W=yP5HRr#P&f${nmUNh2fqdVF8 zGXenu<4RA5*ffEm*X=N#1T#*-TP<^jR=kses{S(iVH+xI1S`t974KG}bfvHc4 zAO-+hYq6C6tDoKg)roFd&0{;&5lSUz&359QV`UJD+N!pg4Wt#x)DK}1oJt-jFZVj< z!e+%eD1`-4z>5m>EpPH|!zpMMFM}E}p`;IRDY|7JDD%#LOj}prCk9MO+3HO(q*IZuHfXWvKMLKsc~+!Vy(bIMQIMy@fqzM8#Zugr$=<^7 zk}jsmZjSIPVnWw9-}0KiE;i5mM&+lT2H;AWOHxWgSqpBqDc0$CjBVNF=T#)TkFUtW zOQ0f4ws3KA${y!UC++At?{E?9$8~0W#|N+Gknc%3n(M+@b|t!iM1o9a%Nf%=f1raA z=#&mtD;0r0)Omu>l_Np0+$!iRcd%aO){rIx^EeU3Mt3{4&XgSpp6yvnIyhPd;-De! zNi}u&5!)K_VN}X`CE>|p+M5)pIEKLYXx@kFCv01t4Nnbji;dUVzo+{d`e9OMhPoeF zDuWD-LJmPkP^7q^xP#6yY(RVrsE$<5UXp-wIBr8!IL!DCx{ZpY0zI;@nRy&NXF9ae zCr|ev66N$w6c3X8y3kayyMrD%MME=-u@{xO_$xrykC)#CVq8u#CbWO= z@rzecYf(?4W#Zrs^V+HpEF>tRf`C0@#t%xF4{jkZ0!9v&1!QElyNi#I#F+PH8g@5f4V`R`~ET`SJBm>Tc}6IzCdTPrhiZy*X%wwMM zd{YQ1J)nsfh~)?_>fK=ZK3m;Kicn%B`%6qMc0xv9oKJD%2Ffj@Kef&<77vpWmm-r5 ztn%M3ZR!XbNAPKA%3Gpuh>y7A0g~y*Y4QX^HCc15e4m1udVF(v)B0qZsAtJa5=8D5SUP6|I z&Ci4PeJOKM8%J8p7G6|KhZNSOl0?IgtD{);R9~qom)tOSeYs)lo|rZ)UIA#j<4~!~ zooF?*b`DNX?9;9B{o0xO2MJFWF4nZ(ae=FX5Vir3=08 zqs+HLl&$mE*kOga>f2Q{O(y9Qd!(@NNEaYF7=Pu7QctNzX>BvkXaf_TIYSjoYq&Sh zjdxVgTbfuiFHmi@Gt4`Fowd{!4PW65zO!W26MYJgt=mN`;PSR~I27-I4w}>xJcQ`J z^mMH}cf@-?u~8Xn$9zgNQ!`?vQMYv({9?pqcbDY!c@dk(q}Q9EDXjYiW186pv7hE6 z$%9)eVDJmEXs%nuV;#hIuqaKyWd)+C8ZYSuLS%&TK=tYXv8qFW?sn#P$k`}#(LD0Ojr-^kByy+JZ8!ttS22UT%e5yT`yDKaGZW``VqPU=Mf;jO-&HI4UdM~93>#XU!Q_l zRtj7-I(PORjqdY@Ij=$>lvfZzq1X;O3`DG zCWWtZbNv&I%ZDq!1%5_{@J!9^7lwUJZ~v|P&(pLywRH`3q1yr_;6KP)8Y<8aqiEL`i1mrWpe~+3emhq_ z*D|dI&(b`x>N%~oF=gLO2d5Z-s-V-?`73_aY47HNlWlKlX=({EPF%?fz|P(ycjnD* z2=#Pt%gSbGoyHPrQuw;Sl=cw0S=m#>$*ADWoHKl)zg_NuS9XEXm7;Ugm+Dmnl|fvk ztiJfeZkoWU+X&3B;4-uN|*ZW4Emu|$gv@a1G~97i$;Qj zoWE{t-+#*s%cp86sZOM& zQQ41P6p7%H3+n<`aEKZ~|6vK87FDUmw798AeOO&dp@In7K^m0DG6f5qSX~4EMZ;5Tf2$i=j`5Or z4o}XdzE$H5Zq$x$zwYNPl!BgmY`f?}qWn>@WnmQxIjdO)60g6YnFVE11Rkx;<~ zx-ZoFqRrW`zPb-!sJ-ilufi6Wy_Q)PfMV#|-76aBfs)Pq;OQ7Q$Y`NZ8cQJd*}&$C zg5=9f#dFU6JkNKan)U_DQz9pCD$8h(5MyE2+kUy^Z@%pzWk^6ZT^e2jPL%yi-fW`x z%w{x}#X&h32sMaYDFE-<3+mnsqN%)T78x1x>i8np-dxJGcVbk&HxR8#=kpPs0vk}x zIrm;YZRXm~Dx~gcHTZr%1h1dAt zu1P(&HZHklRy+@SSNhP z79`GfKgahs2d@C+C#^gky%kLh#3&!~RQn2e>sY?>KE?0X`_KaW)FtOWJw;Z`uK>(L ztg(8kqx#z)W#NHDQsSxSZ)TUi8@aOMJX@qx0`<0NB}hDUJ~T)e`tI(ck#6aiqhetH z5Wq3Xvo_UxdxK!mffZT1Gt^Y-0*);unn5w^*EYy@N>BvJ-bv+pmIB!37TUt~=`}_= zDHAzWT|q{H6rW_8hxLVj+)V0TW4wS4fIP}R{Ah*S$GtFOM#Rgb(usN3t2^0-1#IuZ z(l_U{4kM|HH5rb{i{t^m>^noX!-j!E@y%A76MwnM{Djg1Esw7z!lv8g05pB1nJtK- z?=UP#A$YX2mS>hX2%k^OY!nntjRRSwKgtxVy%p0gN3`{T-9523u4?f+UA>iq3?s4f zb*@VD_wQHGToMge>UYM%E3@%qVLv|ISbqh`2y&h(-C#oRTX@Ky-zGu#&75C5H#_E( zcAI~?`tWj)E3fA4;z*vh3kqGvkq__I2(7$5=3i#bAoF+WiLE*SZ(#wr&;nXm^*!wv zM~T_X@^e_~!Xbnzek3ac0*bxL)}4T>j0ES$jj_gJ*Qg%qjaI_^X-gK3(ixhg#};wH zim~Nj2%M`^3vz{X{7~jH>tV5$$vv&dHLD!KDj4tZ+zQEmoKNQ?Jkj-WmtR>o+955U78}3iaQkWD%B zcJuPh?X_0cV&_SSsw5@IN#9brk>l9KMb^%m>%o4c@y66}je)3rOiDa_?|_tq3SfY5 z+4<&M0Eio7P^Ueg?xW1bRjADoZKbC__r(3Qhf;0F7y>qjsxvhfVs>jkLp&p^BP{_k#m9-Lk0zREw(mj`eDOw zaV5u@tN=!-T!?Js;$#@`NpqwTpg8qGVf_n=xFAyzELUFk@4yzSTyc|BWq zo;Q21x2Ci54(XACo=#B zL1J!QQNYM{1$xZD;N}E4M^|v3@4ERhUoYgF&oE_@8J{SQ8kmQXL%}Lf*)|gV;9X1~ z0v7#Ffs(<&I{|=yv>T)v`DPiq1j)-po#2zc3Pc9iJlfB3T&Y~~6z|*V|ED8Q+r4d8rqhRO{^N++5%4Zv3q-D0#Y|dRe|SEtF3` zb%{?_>q9u6S>sOiMGCLh2Xj2V#huY#XD#zQJ%wN?GOu!6`3qAN5E+!%HO@QF77odj znc<#?2;S3ad%OLfT!7Y91g{zZv{)8F*p-)}NOTs1r>BN3&5658$)x(Dz$qE# zJGyBZ;-S^mL9(3dtye&Wt}`_TjgY1WaWg`ovYPY1h(j&H4-uI}*!{}<8hGQ^R{5|1 zzvu)L=OCP15E^1B!pn==)Rw~H!YhxV9dwr~o#z>4rxA+sj{j^TW zgI}Pa{R#-Qa(pHiywLL}yATbrDKwAfKR1`xv97Z%brGEU2{rKZk>O~nB{39mD+fqt z>yp{jLtL}Sz-(xqIo|NlN+x~3kSOZePmCOC&-d)9Cbm(5D)xCx4rvJ#3w|Z4t_?hy zW%i3%UOt8MH5|~cTyc()zDl{@1c`fw*7-5hhUMx#EZ2DM$r+hA)o*9DNg}uD)g_+X zoKb-5gQ%o+VX5YW^yEx>ftb!);^t%heX%{^_A3l5U*gwO$^e3lui)-j7g!V!t1Xxx z1FlbqyD$>ng95T$w-JhEihqDoYOaL(s(b{4d~5)(GerwAk6fU?ATVMBcymHFwt1&( z(QH;>J;!boH8!SlzuM(Iu5hGFDgyAJD?&`&vfH55?e4=8jY3a0f~vVqa?zEptH2y) zmK4RVlyOWMF94S~RyZIJg4i|}KBVPVZ zU_c>R+$JuQLJa0sO>?NT%3&uC1H^jhEp<9^HwHecQomSV3jQs9gN$(JZRT~^Aq3=Q zWo8R>8<$$(BtPC>E+>e@{kI~Ojv93uWOG}$QiJh2) zmX0B1-vVcb%gFC@2mlZCOoIZTS_dzCW#ff+SmCN(C$b;5)Fjyx!+m3)`d&1nD90gn z&H3})S4SD=F)t>S^LQ+d={k~2X~gfBmXGBl_F-Qpw!VM3zRwQ@+zex%P|E{3K&TZZ zd3j?2g@bMm22Qpp8WT*s3p3A`oxZrOM-}s)Y8bbx>%rGNE*+B^a#ro*i2x@YHv@*M za4r=74?L9_30HZjU?)k6`%9UAxjq=?ZMaPh)l)t0Mz^W%-fOZeB#I(WI^rB1I1h<< z1S3TB{ER(|!CI-Vf{ zR4jHNq^-Jb&K1E6+O?PSh8g);^}t9aEuRtoH_(b@#r4GVZD(1nLIk`#M6PXJR2b(EVo7255(P!flu+Wla}OQMV_{!R zm9L;;+6}pw#eJ9?4`cQ@MnXO0)ZZHpG}wuI?jCyis>IVMO&)B8 zUXG4#@LqzB)KO0yvX!@Z6wa2C!W?<1 zh^7zUH6zA!buPR>Jj}fM5c?2<)&EdR_==~s8s$?UxeFNVIP`!$^yK@=qo(B; z`@fhw52&WPcF&`tpooYx=^_G373p1i6CxtLDZTgJq9{lWN|oMwlU@Qur1#!S=)H%Q zdWQGC>(0G*X1?{!%=%`nN!H3bN%lF}duO-v?EmxpbmxW!PA%e{b-`6FpwsLr!tp2x zy&qZIUdg!Z1W%h7A1^6SfpdX9FUcEYdB<}*8qbx@kYihnys?dv-D7n%4v)H}D=8Cr z9gNGj65MvxtVd=eck9k1-6#1=25E4rVl$Dh1?%k-46F4RjJQ@Y(*aZX?y~%X;D1Qz7&X3 z8q`-Tvyo&T^Jr+-GgdfM7Wc}Bs_l@Ot|!$O9yIPVJH zF>$fdtK{v+F*@B2`LGZU(d*tg`LZHAuSpZ0#8_Mthh~H9Hh7cFboX{2PW%OHS7VTr#>E zhxp(WYZG26)~Hf(LmPR?Ki3UAh)^7oJ`wkx_WvPEIbmwkPOQ+eY@wT?@uu@- z?(@0^lTYy`QU5%nIrHO(Y+pO1s)kjvo2UP$Y+Y}ZK-@zfLYA3E}7PBBA_YSt`o-oaWky{9g*h zcnob80`MgDGq7k7jyu{3)PO4qy{;UU;_P6pdpVi6u5a>^0la@wCjsiP)9SIp3V~}a z(&7pXc{*{eIGF>Vxc5p5UHQEKd4^S<|MmP+pkLvCluEGqXw?g{GUDFro^n^#Ht}w4 zc*Z%QZ|tETNmoM|cuk?KQ0~}9u(v>A!6&c2KiVvkq_25Q&-_}*W<#S)cWC7n(>;;A zRT8FM^I)Ibh=oNI=G>la?8R_R=GN%4`+6Z;%Oe>V_x2`Ym^?4+b<1br)oU6!kI2sO zSZu1FMwjpCHMsh}s9XNC(&b-w`~dqmr2J?sT>G)TBf-Mko1WQ_YxeCmW}e(L?|kd} z4&`rFHxWFK&DIzTrcuA1(f+;@`Cq}!|8<{5o?NS5G*pKa%l;->Ys|chQGEoG*v7l< z`CWQ(W-|sdDK2=a11Z9Pr}Fy)zTvW_a=kh0n2tHQXPL+GP*tB&wXkG)4r)@Y>=mlV za&t~;T0&_JQN|)us*0Oe&DD}d>sLvmm7{^Thqqn%JI+4uB29zl1hASR4T`fRQIhQk-{fIVs_rkVJ>vG z6!OMKDoA}nDmP0>DsFXxya2WPWLXsZiy1~jk|0uu$2xLyTHa4LuV7bHu%xK7U}kAh zprdgv`@XA~tL@}LjkD4RvEJ<+PCu6`?T{S1>^-u%U9!gU^H7NPZlBh>8TxK8Vy?vY z)u79hgtfOqPJfD?hrhm@?bdH1E8kqxvRR}%H)4$~D2Rn0&8%DxghX9teo*|mzE>wa zG7^ecI@FlG>Aj(5&<9QruhVJLH~0~s$3=QD2xCW^FOgJr`DF_iRi)s4MZvlwECV8!@^Tp9lbxh(~$OyRYsgNZa`ARyvxf#tOhVC$ENQ=Q?tW8$XIRP=Hb zfl}kI2wgwFG?}-ZISJCW-rH2Lsd^8mZ%uddZ2NC#>kUT7=-zo5&@IDpt1FNgHt8fj zPy2ky#-jJeWG$jw+dMGw^%7jlRqYUcDD|bHH{K<}gF;=B- zH-YTe94{F2;D{jlj{mE59P(`>+LYtVNsq~^9srM$QA(Wyj$^$t-q?!mc-U0K9vagf zNzqN)f(l2%IurZ7N*|8|ediuPUjld}f1oGcg_FM#COQ^~#Z=uloJD4h4%twoeI)zy z>{f5oUyF@@IdT0!6<)?dj^~*(p8P!X_My*THmw=At9LHR&u{phW31^(_){&z@r>J( zMHYN8HqTc-NyIMKcc7*2^Cwf*Eg8jke9mgzed?qD;F+T?%A_7*-kdxrTQ$hZ+I6xj zD6tQ|Guo(lLI)`*^Y$q1brSxOgAhEU?z90r0(j#voYeJVqa-r%mD?og^H%Mw90>=1 zgViI>kQ0_`ZO7ZN=nbvdRmMpEG?}}H0*Ot*&+d=ZEr@P?SKu4;DZVP-VLqKSaKgH8 zA+_8pC`AOsTCu-M8^ZDQ3KW5pNc98leZs+Qq@#O;3d zmnYP}du#n;MC`R=+F!8X{{Y11y;rlFfBmq9=!|i5=1y~R(qfX)XVM8z(|5Mkm8v9p z1Z4K(Uls+=fdY;)+p=ALk@Yk2^yo`Z$@eXO;$XNFy8rCuw<}B8{bBNn*vx)^km(bdbsaNm-Cb?u=8WhAqnsYk zw5PfWozpL#4%3c>1`*FvI>>lUf4Af1f0hK8YBCN*i} zpLN>)CzRBew>YzpwVc!-Qf!iI9P8pYLy8VeGuB!pqoztPG~Vjhk19Xe_1-@o%Ct`H zSX8tOqKQ)aq_ius#Xbg`%JM z72~qYFQk41=1MJp8s?l^aA1}7#urj2cU4@QlSMtAVDEiab3UjE8#9Y{iZVPh zHtue3EnH=t9GsmTEgapS2=n}BpR<318EdM2bhEp5tNu6t$$#8#h4}>jrdOnq7(RlOYaeuvW|JiYW5%2v1q^sXrcgkjWH}lU;whrb$%w5b$n`~*D zZ0*e5Yo9vdF3B)5hAj}YI$u&lYuXozN`z4h_-O7xanGcjdxG!?M-03bn{RXynt>cLp*&E#HY%7o~|z3>n&5 zG1Ts{*Y45OmVBSnk~?6}@-!;2b$lye@qUo2c=LkoN4nntoFTM|*~ZNZLVF04cx)Nl z9W7eh$L&B{_JPNhEmhki^#UWF4UwHV2^GDe!S;0bnOs^>p;o9U#m*a9(eWQc_jCEk zb_QfbtACVp)RY_Q>qw^C)s){%&i|hOBHKpAI(d&@?S-1#m;6TM@r7&~$8mly$*{8p zE5Mi=YZd==htLS*)Nq9Nva~^a+^jXH;K-ajob##85I>+mC^&7MG8*7c>TQmt5H_;a|=!@KMir<@xt7Sc0f&YZH>sn3)l5meNo5Hl;6eV)y&_=r}dJhgL02%7%>%5W$p^*C@__P6PfoXO^&C{x5y=cbg>fY8cpq=IeW4z0?l zy7s8LCrWtM&(?pP2L~3<5$ciIjpQ~p>EiUHe#lc#0ilPs-pLL4S0C2GH z$-Iu7r@HM7&-jCPNCCd^obEhAYR@lFRd~MQO}#?^{=NJF$`eTQrh;%|fn@zX0n=og zk_X{CijemqOrZ83_xK5ZgcGj!GOhQ1%*7DC3ncgPzwhHt*XZ{%rn)k&yrP#;68b~{PTW-7uAQO5bTKb}_)Vzv2ZKZeaN6B83dFgC{Q~m;pnDM}n zanFQtU&y#?I%4(aR;T$uyjV`ZCivj=1v&Cv*#Y-UkQ*}G(95}&L;_ptOF@=rDrZ=+?0pYq8vV(8zeVbt znLkJH$9N3OHuqQDm*Gh!c_$!8o0MQt7v%JHwA2NS89bDKwHw>WB@#4bw|Zzg+nog1 ziw7Lvp9APez{jK4GpqY|+@%l@_^eto44%%cZ9-PRac{nyu<7107M_`P1b#LLT%FOU zco83X-N}S!?7&V+Pd?wUBpLoiqltf@^DO!1Y`?hjmv9|Q1C|W?SSo*VWCVk ztOX0l#}Y6`)B&LOJBP5|(i7<$o6$p6qnogfWFAGdNk$LU_tPp{vV;q!XMj-b00Ztp z!x#?0a_{xU2f)7-C*VLehshqSXoZTYpHd>+9EjocPvSUW|6aSLl+JRBXfKo$Z|CWb z9&-#ihi&Iv0I#l3>qdA2gCm=0u0ZcpO-2rDDCf>VVy%U0I*WCR6cmQkw*~|l3xGY$ zlnokY*AM!;(y6j^G5AN|eSNWNJrjICo>s5#n)EDJ8!?3}TBlF745^0uNdg=Ort|25 zc}W>y8dV|YcV*}+qu{-KBOpNc_>SZ~2VfKnACpL}daaJs2y}@1#ia0_k-1c|yPrg1 zgcrQ}dT_dL>;mXhoB@m)c_nw>8E;PRpK(Czam^iLGz_;t^qfZnUP0a@%vT`Ly<&Al z$x~!!R^-N?#@MAr|1v2Qqi_cn-hhJ6@VV#}@9$5fM&?H5M)Wc`rXN4VlP#$SRxZ3` zuSgyob3jf?KzG5;uad++e&5U);Wid|gHys3aVoi5P3|}?Py?(^WTgX<6O1BGL;iQ-8^^q~I&iXyLoDVcRXhq^>KTFo)=q?& z`14CZ{mGGZLnfv$^EB=ktBS6d^u%K}M-_6RJf-vkm6Y+^!6Mz{cPwh`y*%tEJVk#t z`-AE@o~mWtrw63`vA0C)k){|bW<`kq+TON~VP1K+Omsn4fw6kS{>tjfXCeI8Ql-G> zvp#3Em^21$4MY>NgYK1#;uIrj*I3k)b&)2yy~c(KElP=IiQf7n{r7tj_cc@#-iqPC z%P1iU2?<`%DPl@uZ@M(&<;Op?fT-hsgAx2FJS?(TX<+7@neM@D+07?QV0R49>>yEr1hu#8u0y!?BwG!DCQs>tXojJhO9RuDwhkGT7 zbbgqBx5lh-__X3yG&41*?G? znw`1>C4|eE9zP{G#=%-}D-PBOA&w}=v=1NbKD*}8Pd~dtfi!e(2ws={1mI!wZ@lad zuzHXtQUi?W10HvBh!vvwe@eBRU)0=2`J(u&2JS78lG9QoQfAaSZqzfn%HnN{9yrm9!!RU{1YwQkRV`6*C{8ZL6STw@u zXM&8-&?}v~jI`TW=p;N1B3u@(swSMF#6YzHX4)}RHtgElfAt>gwk z5|>XxPruabb5a_0jA`7(dBs%LHjt|47F2gfks&ftlpL7`L?2={`st=Q8g7_YjpNGD zF+8kArtkgg4&*avB#%SzwlB+Z!^y8KQ=q+zWTlqzg?yk8K^T|8yNut%Ls@;J@lArLLC5Xya`c9Dw81 zfl*#?N=k29duf;VN57C7KAok67eyfQ^_;;i8uiEMxfA3PZtK1pps~*4nI41(?sn3F zI=OyCj#5=RL^)VT6f!)@V~S(EUyECl8nsh$Yh{3T&em|oX}M{Sq&{&}ju!`!N<~nu ze_Jub%?Oz!(R@CKdlI563JR=vqqn&Ub=N9;Wq--2dofe%ky7bv4DMS;{3s$T2)t6e zjv{pcm^A}=e!@Z*)&0?@cG+KvsVdJi1gN}`Oz)iz_i?jB^C5KrAM3EEIj7M|)2KmH z*OI>E&~ilB8msQ0p1GBb92%tehTaZu3qc@zHw_S9iarO_A0BDo!&VzIPjfR*`C(5& z5BpR2mXpCovNJ&CowY_mR}&-+xV!dUF*>r>P2q#p*Kxj7@mm4+UJtzBV>x+^jlk2@y>^~YftNUp+ z4uF`?&jyL3UgX!^znSLXAZ3MGAZcX6bH5&AE&`WYUK(%Q{b&^T+>eCoV~N88rRjpU z>45grx_!5lL3#gKtFvf9s=$3CAgQ4{pZ)W=5Ah!C5D98!5I}7q^OY^@lJeh+D}}r$ z<2mckkK`xw4ZkZf`jgV>YX@hpp{|m#Szp}vV!(RI;(kCt*ii2#M$Sxq!r!;U-u0Ms z?6A?iiI;Sd$dYH}IJ8-I^JaXJoCUj9Qr|mYX2saZPNvxj-r0$}(QZ{ms@X~X@`{-S*G!iiSQC&?si@6Ag70e?TwS?U_AJMEgy_&S&tE zUU2+6lXPhnxmc``gxrnot0U{JWQ&6_^Bn6s7w{YBAt4H*}60=!W-@| zSim?L-a0aQTera+nU3pSoL9UXi7+hW z^$%5Tf`fCDpOi86F!IEZC!cB&%}{NQnQrkdsy%lnqUr83eogvqUR39iVKHI3_d-q4 zv*+x0`&5GbOvKsmrfX?0aZN<+ZN2?=5`AA%uVoGVxZsM-^N-j1y4rf&pl5NJXYqk& zk(h%P)Lu(!Hh-VhCN`2SAmbp1uk;j=nvCzLTBob|44eauE7I;~Skct~RuLFR)roA> ziD_cj5BA9&&nYLIsHTZwd*Q*6rfZbo86 zi^j$t*2D4c6n*+t@-J?kgWD3#j-EenYTQuZ_Nd`XhzYmIy?=K$=~>L^;>al?tg8KH z-C;ug;&Y+YUinw^B~Ra_fBI@n*}Jcj+Cyti*qz+Y7Ln`TeH}|x?e=+8$~NdTvrWv6 zGsb3;DInm>8F)8$bT5_CQ0kAZQUYv1vzcA5xHaGYO{{ps?_$*zPl^v%&;z>VU4_^# ziIalMf`w>L@Qd?=Aph~n@;B0Ys%!TS=*-=9BsE&od%@d^(~FM>nHlHky>^MITz@Ro zy|(mPO!8M%e)0aPV;v`h@)HGfi2XFty%pN&T~HALHHu`Z0tRf|*#&Bp@9d>f#xYn3 z6tB}GRces*I`QYdRkYnd=bIz9)EQF(LKlp_MgwSqL$Ewvi&S)g&87H@dWv-@L)@*K ztke3>@C>0uM$0r=bi0qn%y7Zl}ccKNyZGg8oG)M$0~M}c?3GpI{k zqn?eqaIF`;%oLM7cHR$V(il{(CXaWJC3IfSb~}JDw{hg_l%b?@c-NB3!?l53_+b81}wgE+Ln5ZKL;pQ zTr%3Ve$m*up&d|K!!@2)@_Wsqe7;(4Cn~3u(IdGc9*e_)7<6i5vIb)Y429waJ&EF=*+n3=sTV`io99%M#0Nv z!!O<4tI&ThTqxjqY}ad`4Q-7!2`&R_(nMxI&C9}sCzvAYx?z=OyI-A7A(nD-2SHF;-Ig; zoGuxQL#Rh#bi7UmSpvPOqmLq@wg!J&tVr^>6EJB7rr0@%c;>~M-ZOz~Gpgv~sdf}Ir8FlWQ#-`I|L17;W z!@;SRsWgib@Jm7m;N+YH^Nn=1fQ==-pp$~_wgrLiJO%5KP3zPXEMRN6C|cSA(iuxH zf31SGHdXy?omd>+$ zVX>F-_kJ8ngDeI`Edi~=JJ=uDrokw9j7sn6A_5*LU^|h}sIV1PHa^&U;IBbT5+xkd z#gy`P1eddtJm$#ztn8);1A#cC>?WIoKK>Bb%|y!29LZF=3pGANI{YpaQFQVWsv7-o zgWk~`kas8#1+2oFfUEva@hL)5P#g0-r;tLn&VysI4rdiniV zD-uY1Eh&nV65%d}#7(3pPIdPt$Izu0h}N15*IPm}ZKPv^yO6ijxAaaE=z9D8i}IBq z7bce&9jO5WXEW(LVoF0i%G^B4<=1v!>pA6c z&zMKiezd(gQR}k``r-NU>ys*{U2Eeqrw&ZW+V2>X4|>{82X1zib|IC=3*wu$L2_?A zUCe#GLlX&%wZvXB`6w0_N|vGX?sY9>cSoaP5t>17PR3x-K$?ZVLKf z4cv8)QZ07#OE6Gut*U-KtF^tPwLO~hl>dp>7*UQgpc?=baTDUYjxLa@xQeSueua72~R&X z9C>fnrX9G%>(#^isAJG9{pax8Ibo$2jzbqqk`GGEW;kjhq&V)XmX!JH|A^YN`m46_ zY5hCIvg5X#Z1@@)5m7C{$({Hs|7SCS$ozhp&bax4aT(Ed}sz-E-4B zbLR2H0GJGK;F5F(7@NFYr_nZC7R(QuN0_JGK0P!o1&Tf&i33|T%6!*YFSkW;i|IXXH&`-lss!bd|jLLd7f0g>9RoE*4+c(Rt>P?biwG*N)%w}`LIkm z7=jEhziD9rag(h&+q`?hnm1bdq6HdzwP$i|pKA1l0=kGFdU}2~Q72UwZ>T)dvjzH# zDv({+!Rg%tFzXqke*y{({&=0SIse_#$h4Z|=PsH-vZ}?JZsD@nYk%>z(m_$PR_<-7 ztI}ZGOK|(_G}zM0J|~fp!n6V`-@nVFV#gEe$YAN9eSg89>+fV25MX8xMnZCr0}_#u z{!l{VMRP!Ci<*t;)#0X{G|*OeGA}0%9c8!8*+@Df`~fE$@{cxBz`Yi3>3!;2-8p;k^-4mO zW~_0s^RGhh?n$9NpBx1?WbS@#IE>82l{TDYpCMWFRI8dL7FR6t+xt1cCC&yUide6g ziNsuRn4W7XdsWgMz;+k+81b&mgN1o~e-Wer3+-C~C_2I}Czp8ibSn(vP&7n8Tb^7J zt|Naa(Wx8Ab#iqsnvlN7VARQ-b{n!=Qg!&$$1VRk*JH}ZUxq=?|1xvH8WUq%q7tAH zp66D+ZIZqkFI%2P8vA}X_WkLy_I$02S7Fwri15_ZZr9i7 zj0aeP45ouC6Z)>!h6MhP`_K7JBB@0JBPEkv?&x;4rdO~=>T@R{o`)MHKKK5?wZr)x z#_l4AuJFTw@g%9RSnx1Ph-=^DW7k0BYg@JEZJz|qZh^!h8MXt|*5-YUK3tX$pooWy z#k~PWH=(aAE$?X9@q`&v8S;0gO9+Y2Bd*(Rup0GEwX9MRS;FhgFxLQ=@I|mY<$4$Y zz&(ZCN6*S;xfiVws)?S4S`#d)>Q0rcNuWNlHpRq3 z$ro$teC{rJG@OWZtPL9@gU_D{ne6TIu2TpCRJ-ZGjZee!V1TEz4FWvh2}u&O0f8cD zR@ciCjV5)-9rU8IcxXcYX?i>Qan`e8?)gstz|eV@)M=OS zY0}=k&{dDrjiTX`QTNm>FT-UoIm9Fta`$noXhH>Ktz-?ktLpD@(vsKK6>QN3xg~qq&3@txEa83Vf{aP6Ch@7M1qk86~`5%7{-nvW{8G4B71SFLV zEf@1O?s7Wnq%TiD+BvFE!y(`5{otlPgwx{PKV!srL{5#@BVFgh^(e)*=I#vTWZpIU zwD3cC63U_99BeZXwtH_CDX+de;7;JRIo?H=G=blUZpN>Npnelb2I_4B-CMok%sk3*!G^cS~ zmFoG62;9<$<8AJz4kSL?pzrAeKI1OW8Py(q7SslT8;)3xHMXNih^p4fUnVSlym~*H zC{a+hJ@rEBjBybD7-BrWdH<6Bwq&@^8mr|<{516v33aQ-*(X8!(`p)2#XJChnO1$b zM@cu~1Rjb$U$6^3WnI-%KlfEQcVIz##olV_?METP_oIVPJu&X9C1i{azQ4R-3_P3@ z_0{j$(yapzqQ0pwcw|q6$q2!)q(W&8yB!~fAkL@pltw4bt*s!cv(U&<7Ul1UHkTn*(W%Qo=P8H952_|H>yz0fSw;-A|s3{j{Ox) z4tFGUV*e{-?!VW3r2WhvipmwXwEkhQm<#eG!KGL z0_wdJ>zw=?d*)wC@8uf1DxHb7ABdkNcqbCMoP{QmYr$-;Q=GGt#D{I8G>PV#F>b%N z&g=GRGf&?pec$y8hA)b56zO@aXG!^8JIZwThQ9~LpBZtxExb6t)1!NY0u>6q?ot9{ z87db{GulvP*^GnZt&Up905}HOF!5;2DZLe@g*%Tfm=09U#CeuXpfg@)U=yebtOE|9 zvSmL|5$|c}{cwT(WCS~@zXbUv&0p!mEH+mzKC}ekGA3yl+;V|Gv5J`UqujA5Qgqqf z-AIVU7<`gczakTcu1|D7r6r^T7X5hy8Z=sAA#fO)EC6%U8s@e3a#S$Fs1E!^r$Ln! zQCZXm07smpFIYgKDm&0Ku;rqSYvh8ka*IY4vj9-^0P6LJ5S29i$*`)wz!nl4Ux-3m z2&H8)UVFW6Ht-cch$9_?A9C_=c+9AlZk5UfgPOpiKARQWjV2cUX$YdDR%C|F!h?!4 zjME+DqJ1V>&is_cB)(@)qej!Kkt@lkP_>Z7I*yH?R z;~H#3f^EoAUCSkIe*|}TKIQB4EaQtSp)aix&gao3LJA2=;GK1PrgK;9T`^_gz>jYF zq}W#0JUjy!1xc2dQ9qh_z6kpyj@x79dV<){4@kwkO9xC^uqOc$u3y$fsgfUg#wtqV zUdM;@kRMz+sE|3;C^rKnoX^mQJ65lVy<(`3ZPVxg!f((A&_M+&@YEweA_*LA^`-sq zqt2;EDedwQ;(+p1H$im9y5wc}aELHguWCwQG&TkBXK_i%oz$O}1C@ipHQ2qH@-T)S zr;?)b;$nBGk@`~SGRDcjb?@4)U{dSmq~8H9A7;X`tY#=WDfW#@=F8jz5 zM9v6M=Ysb)!9nK=dpz`)jf#d&H8@Xw`1eJ=96oJWrVVu49dd%Ylwx19ZpKAWU|u{- zA3S_+m%jxlY+|lTR&fxr+lPbb<$fH~B)n_(+Rc*q`Rn zZh`Kt{UaRGY1OnIKm>Sw(41>KwIG$;RvlpX>;Gf>DKZRw>-;Y0qdl~L5P3IM;_6nd7>XLJTsx8sM zEl>8Af+v{9OcG*Vc{{tlGhKaR+JWNEIgi)`EB6-%g!thu&th{vWVKfJhhlsCcZvYW z8X~Q0kFojmQJIt=Tig4OHMqFQ{y){NIm|v3J@=q|-zZXyOUDHrs?3Lk3wx z?w~HVrq$W;I7qVn+za~>&uk0gsFhTIOWxFY>``ORWnZ@~{o}R;%LF8y z&O|-Wy*;mR2gxm?T#xM1Zc|)K{iWD!0gTd;Y0v+#g1n4&V?eiGUjZKYccA$HKG^>+ z4>oYOc$XS~{)1^%IFse&L^YAUcCD&^vhw-VV8cM7Euo>yYmp>fnvZ|WaE@pD%b0bi7 zg6UacN~$Yv|c>Ek|t?XuX|R%hv5HuEn{{gxY(( zjx8wo`r6yN!i{YyOxs(aKW@zROG4F=q7Cx8d(QS-OHMo=0XMjO4G!*6 zA@i7LTMLB^i0DpZ?`KUbt)E-OzG7R!ET8Q1ABG*#X}iM@m}#4L5*H!;j$$cq=BL%& zYUOpFQfw-o?fK1@0XUMK1zvk>M~AFijO`YJ)?`g!a3wvZ7kL&xLo}Yvqeg#*T<_sA z3B5ugalm8v<@l(CpI1|t*6m~T?r7P3=t8sK(bf1ZFZlSfmr*{;vNCkv#ZZqhXR8+x?s({Rs%vE?KUcKE7V_W z=L&rowY`Yw2CHvD9E2b$lCPxS^YPXO1|1Jvt#?_)3_-~FqtwKOLcDM<4udsLs2JC- z;hz@+0bhJqFt>#6IJyt?G-IG46pMWRauTWi%)93u0_9LuwXISX1DQTGGV121zI{eR~kxo{l9oMo34*MOZ!l??xByxMBC`p0Q+bTi=y zLhWv|e@!QQ^X+2J(FlP$Z*lstZn9>I8(M2+UFK5XOeBnjQ|6UYqtyUPoMMm-^=L&_jB(;`tkzE-&&^J_S~hBanIutC#&NVRbS3C~62F zH6)~@6%mRKBL zHI9e~5j-p)`UCA29C0ws1Gnd{nY~w5C%OxETy}+IsMQ@Y<}hIQk4J}hX^M~;lWC3a zO)Kxz7CSX-snoSigk5&W*R;M#&IlY1lbvJmh%0he$o$VVq}#ijI!1R^r5{jrUo`b; z?_tV;+UxN^b?c%9{|D>s?h^I0y_hcw8g-kM~ z=@94dv-IuzLbR9E9umi>`V?J%DUU*ovDQsL@BG3?&HIBt*0ee*KV}f!-OrkPI^4@o zb%!r}VM-?AY2m6^EOS&ei*=wD0PB4NOvRp*39YG$As7>2(gTAL_4W5F9uQZkpA|K@ zZ#f8vqYaODG=sD)9!T7@zIx;KS?^GXHJ?rXaXM)7=p+9&pjP6BP9M`1a!AiQMVFtk z4KYW%^k*-g>Q*qlh+f(1%iiX*@7{j8Z+?1f=;OrGoC%Jo`iQ4VgPO)j^PQ@k{scyY zR*bjHNf-qOyQ)gDcDZ=%br4Q>t-)fg+7fuV0oD_nEI@2GEtn85;IJ@*84^>Y?W374 zm4sd#Cd^#b(`H$EoSj_p0icaTsiT5<466 zG#uqir+=nas1E#)_gk-IKpEu-_gipgD(Z&t!k=7(u9c!bH+c!zo&lQ^d8$+&OFyGz zy^K|?w=Q1@+k@A6)1j_Fm2dAiv3k12lO;CQ&6e0B?@;X<5>!7YK8=4r0@3b{Y*@$e zy}Lux9hL0v477#cqWJcJLDbOYDppnz!hlB z<#AAy+_XD~N**V!^{`T(7Mc=BEt48w81X(Fm_PRVPG86Km@)&nNJE}Iu#l+Qf`ZzJjGF~bRrKp_tJ2y|n-}2^vgsk6*pc;k=%Q z0Hb4ZPo>0bFpub5Qm%Bpk8=obG$~Y`ck?y*65vX9*J*w#F&Q=Wv(mtFh&^36UeKR4 z9vhM+pROvTC@QFGw!l5ub4ssO)(?*~}ZRl? zb3l;{*vA&9bo|Aw$m-1q*eC`sMD8g1Do?GuopcUFKtm2z6=xW@XB^ z$76C>f%@Pq0BmlL@Vm_4bb1uFL=gcei!eY*amdSd-zgCn8t0#JU@(nYFZ7md5>fX- z4Q3nyttiFApK{p5?#7*8a?o;(M{ijz37LrvD5e*{DLZ!19a<<-0<;;rQm=XVSTfr) z;vhvfzk=j3Y{3j;4_#TM+{7s4+eEdx1eXW4W_zl<8{``;IHI4){eU*%PMjDV$I@P>A6t(*Ccp)muzaJGx@oj3J}hF$ zVcu6?0LG$&mNF^SMiky{bnO5B+V_W1e1+P*5hSt*n$Ng|CfkrQG!|L_Q1&pkPY8yNG%b#>5kjGT~C0iDmcJ$jrwXP&6{kzXj`)a^Xk)24OSK zI)Vbk0<$sh%*U_1dab=727}O7&EjpndnFHK0U(nBvdKx-ryWkNqsgvamn)Z>i8UEK zPht__UR(aq<&3hU3>*P2r;o;2EH#74>FNM?laYJ=r``p&-+iL` z8nmo1-?N1rh&GtJn$viXUcTiNlbyBr;c*^OQ?O-MT%cOa_G}_DO#Ec|lW9DLE6h~8>MYDVFL{fv-<5Ar zw(3=g)#H0R+?k;WOKOIN%9W1j#MdXZN9?QquP(k>*aIHDH<}20R?|)b;<6H}{xFV= z8@9cxEcQrHo`_?4bT0G5Rl9iX&tPuaOCz1vXxK3CK>1LPX^&|O36(n1TXt|o0v->n zm34n>V9aYLG05@;^@GB9o^nRGHJNf*_^MKyExzW}6{4|^^NRHBVt@?!re*ZOUK{W!y4e<=O?Vrh z|LoaiLvah*S#r38Rkb1E@iuFV*GstA7xzUYn(MLzEx5(}Bdzw+s=ea05}bf?%u(V2 zg8Il&r16D82-TIAcr?FYz=zA+J*-v`ydQJ{E|P0eDoxHP{>dCi!Kzz(^Md@K^1(;O z8~JVSIl03`GAgdG>l6G(NrEM~6FfKs*Ghr~5AG5)xKnr~kl+&B zA-KD1k>DQODcqreqA0BD4$s@uAEx_#R?n>N>6tIJ)~$Qaz31Gs_u2bw`R%-=Sj978 zSJb$`q*}J%9pA7AuHuI!4CP|l9REz6fL2v8JHTAxv!eizrV8+FFOohEpO~PRt5;5@ zsxLclzs&jlm*MNlc|F^9O{dt~>;Si+ol&M+q4GPgMYo8_M238w5Y^LQZO1QH#q}rD zScdQ_f;;1YLZDQrcW6$XxK6_&@0x;*kJ@+d)ta>lokqfMqDg|kMUVGI<;&g;4^J>! zOr)An3}=udDYIk*x1Pek$`U^rEp*gLEm?{C?WILRy;f5)h^Dz0`Hpa-H=bt8V zzO789PGL9LlYFr=nVTNL7JvlbZ1E$*k~LYFLreQy%H-szeBYeob_5hE359V(*c1{# z?@AO-QyCZd-MaL)R4J1xxqmUeiwN{z`jDa8Kdk2RD2~jwGd)6TmGGQKUg_pIEJ;8Vp)Z)^LDXT{v8upo zZl8erG~7S$x3N`y#dIo6{lHpYGycbpmD@`B0)|^7gx&37q@YT{KP1=BRw^Jt{cS z^%0S6r@c>{Md>^7RBnpl__tJ~$Enlwp3n11C-efNr!@2V9VAzt6{`@nu?Z>1%f&no zVIF@oIQdNcZS)kCc`CyUxB4EbMgk5caUEkq0ox&}|=%I{qdtgJbjlwT_#<2FF=7-Kz8MOIWy#vp$87(AER{=|nG z2}v?UnZ=peM_!HlKY6n9Zq-o1{7lP5wu=7)v`6H| zue5v7CbH?HXaLP5#CV;=L}&jYZ5Y%1_9gtCbOYpDwkWTf@VDf14(@B?$`7Mwd-FP8 zJEF)RG?ce#-fZeT?!~{plRUY#ORniE9dYz#2zxsus{bpEE>6SPGS8Gjd!(I!$ujAC zZf-lhw$dvF7N)T5ZR~z#Mv1ZYU8XlOE`s4H=Iq{G&Bv@e-7Jt42i1cnQ03L$`?KJO z`wu&^hE!AYrlASBRQ<8y;;*mA9L1fSo*3CI=y*+@D&@>cM#>hf+w4GaL6I2x&ib4j zT3zeIIEh*>Yct47#b@d&)EriT$)iPZ=<)piEslQ?QY6^NUh3`W51SkD`{MzjI%JaY){a3Gx#Rv~*ZtrwA`E!{XCbD>$XC`g#&n9| z1MSot!CaBYMNNkQZ-+atL@&DSxsT_z$Nnsv5uqq}+w*_|R)bw6mE3%3l-tJg(cH-0 zp=kY>ZE+X73I|T6pkq$4YRRTFwVk&8-spuy<76{h^LXjUJ+x!<-8om77e$Mqr z^AcTmG$_|g6Yyn;U!nL~l4+bNyio?F)FDvbjm$#%iZ;O$`Tv$Ho&H#TnBiK%F;95*q2DtDfm*VT_`PI0;pmkRUJbWQM+mBZcE4QB8 z(kO+fLxzZB&Zwg?I5Evkj?pe<-F3wTK_T%X)b4I(ouL)s8;qa(NHskh0EhhVGPp4zNzf{zl-tBM6aE3jb==vU~^2&XHgZ@p8`d>AbrAtSrbjS0t zijI!8I&1hUe77+f^$mvd@4G!wegA*M({R6hTbxU$^Lqo~bZtl8wH3CqGgo!;m*NXn z*BBcINS7YLg&rHw3eE~}4=8X=$a%Fm?PTl2mr=$d^w zA9NWts&rkXxP|(@$7Kr}DH$^g6Z)ogV~{IW_2olb6E|%W`tRi}q7hbBs-T;GgVuC8 zYSub|u%b)Pt4q6v(50e{GZ$#$thNsB;M+<8ZD|vtMZ4vqB{AQpPvwlc>^N02QYuaS zb-=&eR(sGh)FvCsL%U@xwC!2?hQws;Y6Ktw2Pj1-BUDfadg!n4*EZ+y4Etv%M1T)T z+JK%s4m1905Y5!&-?^Zd4F`XbVH{nsI&gZ9k?VZVd{C8baO+2iOvZUWAfyJBny4Dw z47lZcb#1j@)yk6ta11X67##Myk5@KSr`$pznpu>jbtv8;k_B(kTx9O0WMB5utrG}% zZ_!bzvU>@b_&?~DSx?xtU?jTP75WzDx)4SlMLs4}Y~uOZ>d$RQEjAzF3aC!+{wnu& z$r9_}@t9tLTD4qY^{^12Ql4rBi% z4o-fNqT23(Om3x-=!9w8wM$xcAQa}_0UdQ>qk8!NmZ3kwxnG7fJpMNf_^;aJ|CIs% zy>m!V;J=4ti6P|0>4@P6e#`0FNYo%WwG#IljW}}&{?g-xN;TMG6Bw8-0Nfd=)$zrg z$r4Ia;{5@Qh>Vlb%_$W667$@ujPhzl@C6ZDL8zX0sLD5i7c^i8#Py44hpClHYAQ^= zTgYzrQ0!!*Xb03b9pB**cG!!Ro4Lzp@$yZrE$KlAs}3<(UJYW#5PfKt%4b2^l-o}h z^|imoK8*{0fKLCSw!d_ca{c(=fk@EUx91Ong6|c5svBu}R4T!8<7jf2x_zOAg@B_% ztD#h1viGR3U7gXL@UeeiOQV6%QDRoWkI|(@J$o(^Rr9l^`$P6&j!#MEAHeDL+qb9& z-}D!AeR&Ve8Q8E;>H%O>wZzd!z7a@Z{#otbL=OL*l2?59E*lJ#JYcRx(t!60$F}<= zu|DNHvi99L*DgZqMlHuD*3Hr-s;rzjQSXu_^q$Gqf}gN3)X)$3$Bub{9HqzKeH;@j z&O?@zd#W0odoa%sr<3ld%fQ~KSMbwt%36MXmdBXLU->g{+2ZfM&=AnyO@3;w-N}2- z8JzfKF+zuFotZBG_fIEQqZHEHix$4XlTy-6dzv`MP@0Fbq|YX$W&f;U9)R+J-{xx% z|Gv+|FZvq)%hlPP{2P_~#_>f*>FQJ8(8TE3utn^;aN*G-zYE>Vl6{C4v(y?26v zxs|u1>?96;{-CCBV#XPPHJM15gL-Jq7kQF6Inj^!zR|J#n^F*8gJYfQp#ekFD26h{ z)d&1T23$spPGrLbe_dx_G;l>~`-1E$-4Y8lc4dptuYW_;|0-nvU#a?kJ5UTC-~HRw zx&J*k3G)g6_dqea8s4j@vj-1qBF*H8KD`R1fB8C}g+*ll`O8xN_th%2{j4feYVW6O zf?kJ)7Q4shYLa^#sXrlpKwOg3Tqo96he8}>kHa&b$r5EAlF(S}-nOplaOphaIE&|F z@##XXKKi#C#Q)3wFICdb_!sd(WR_Wx-bI4d zh)!#hNDHkaYfz{)IK#}NsK)p0K<&U-wXf^EM2p3>#qPk1g$|jcRWnbg=WR_1D+YZh zoYtrut~etr6nf~SO~EtssITqiE}Zy^w&4V5Y4RKHAC|pc$I7#hM@?#&R3n7kxKDPp zX?6s%*1#4BU)P!}@mjy~qJIuWg&@y*HIVjqZOs7@lJS3~t~QZVW`5YMr5(Ots_&2?nEMnO+c)6X(x3|z!-7>nSROz*Lt1w`y7fo ze&I+HtDUVGKw!$JV&YU!8*r+U!n-iAy8PWyAgJcc({5W)7sWf%V2g!}ji~aarDmvO z-w@O)(cxF3?QNhvL&b%n{__L&+>NR*h0Yver(9x(Tw=fdjJAn=#}}(9Tov*J4$ljC z?5*yqZl?!#!gXDx=sQ^bjfCcCGRB#f(V3E<85QFSr`=pt+*p+u>mcub zv#N3|%pKtK{`!qvt%}2$AfWoDPXkhuIJ?*)v{;sIJoCsm#zzb_RKNzkqFz}wF8u)Y@q1u>Al$uvbMf0`d1NrSz~nE?5r`|= z?yiPd#C85oOBEc%ZYd%;Q{f`nQd>ck&=lK;GkUxNS<=DnrYx&4$O~+@{VT3pDzO4uNEL%XDNgWMXt`0l96!ouMb-L0k}j(4b#-s zVv=Np^&G6$#_(-ccm1b@c7&J>lJzdc+F3dFXrH?@#5x!Pyz0Tke+Epq_D*2g0&paF zcFNZ&cK>@tj-b${aFmUgU1xro?xGRB)Gol#0CYRwVKMBfo@DD{mY*+aFD{2~3KoPd zVp~WQgkK`!k_^=h9(ZGdF5$f8x7jmLAYSCdJcx|E2P52V<`?BnznZh@Rt!y&i#xd1h+)es)n`dhhOP$KsU zY|&ob;!VK;4^%{JQturX^dC+WX$}($LCcLgZqDfwXqBM|!7WQPP_uPL8#H|NJJib? z5VVT-EZ23t{b%+kqvL3t2l1Ol*KK^2h!^18?L2b~wuz?V5r~!=xF2tw_1Nm=jHmk@ z$nBWV?zy?S>As@-=k+BZ;*F`3 za&{{!wuLrd{%ponUu~$I=%;Q^=OkAZtUzGT+A*1u4mXX;OVRzz)`b?CBAM~&S;;Q+ zd|fR6WIZ$`%R!SuRH%Tm-0ySX(7$JZaruQhQMMTdLlu8kS41%?=)KA@J&hU2UKdgE zjpIIO`(;aWf@XMYh&kSc!53@Ad~`-izH3~kJ|SmK6&G~!0=>9mr<{k}Czl)ux?>nB zV`7)1;+MtfOF;Cc5&ehJ;Rn&{9`eGi9d1gYrOHIVYzdwqS*rVRJ{xrAH$~0^i|eZ( zGkbe+@R%V)6_7AMWvPf~CdWd&OpX}6IR6QLz6go+1jHT-d4`r=hQp;J;C+geF@tFu zTbwrGv-Xy^dRlT>24b<{&7)d5i>`?k-sg=E@AD5cgfZ6m-I!6O(G2Pg7S%NIz1{vO zO42oAvO2M+na?b<23%d81BUS*f1O33nRz*Iq@?;8~;}Aj4CQy9@$?5$AhhBYl+FFgucI4-$x+6A5?2N%0ymbz0 z>dWI7*h&r@BwzmX=;@^iIo&+%!OK9s@6Sf0)c#!4{kdj8_5OX;{+f@n`TT-uj_`(CW^k z2Rx>xfYz%(A!8scMMY?Ft?pETzl~LD+W7T8TdZgDKsH|gnaMyOzATMsEqvh8iGgFs z0PjYNZ_0b`3L?rYz{g||Jp3OIS{sMcazgUpxn;Z=J2)wTlQ zKKng@)?;}ak4IayDAutp_rUb4CjbV!K0T)81Sny>LU?C11&R~A&?f1bEN&+yV$x%? z#~W7hERj>IQS%TQNse7WUx`h^Rzte^CeL*H200A9=v$`Xx%2DGS+ns(#OmhM^v4x3(zFjTMoCKCpuVfM-|;BJBh2HMmd!xFf!fEknfh` zDB>R#CY`(=J5_cz_S?I%8t20rzRTC;;SS$onRfk)W(9qh0=7TG7Rolmp(G8iynX@oj=V`pvRb5b*RI9|C z-i{9W$Ml~XU_2D9LjVDo%9j~RK^!*1Y%SSuTGC&$g|ETE|Vv;nE=0K$1!Fi3{BuB$89f@vMVR~=M$-2Wv4NqlRC=dR+C%%2B-5;wpq(# zm?QQTM0{F~)c)lH;L~cMom~$Ty9Wl^h0% zQHdR903Qy{C{BMmIXP5RDz`;cFJ(lB$4|St!iej6yv9leEZf1B=X3P8Gy6y8b!YKL zBgwyXelJ^6MY8GgxOJvZ^kA5wH49JoY;aV`PhWfiek>xgsRPTFPQxX}D}i=5vZ^TJ zS*lmlJ=mo&W&(1&?uvJWJZHL=;?Rv}P_}O-ZW&+@F+&xgd2m9j%(*;r_aYJflg%-2 z=u?HJH@nt^f>v(UCoN7*t-7Ft&W`i3x84Pr7k%n381*w(Qq}sqe-_w?S6BwsR`&Lc z+D7V@WwRPSc@4#pHvH_a^|a#toQw9I*wV>(m|je$JpGsXU`RHXr}h+UTFau0ve=HI z*luuk#qEY?Ro0j72R{mdb76<`{KSd zC-j)WlZ7>+yPvHabOKv+0txopQntE$0vYyNgdQG*9=HpO{amyt=T5f_aj-kB?I|9` zJY)v%cf+&09j`2Qk&nYg= z-VQF!ZI1WWRGUV7&n{uj3Rh)1JTnpa=c#We@bUMzPa!kS+Z3_A6k*%?CA}1>z51!w z6fM`bsn@nG*KF5!-!>%cszNvCXh`|9W50wG`)}`EaZgGB*^Z`bV*V=g{B{0Gf(7@U z;vMze(b!;xM(Z|_7H_j}_pRJKBXVjLsSFjVzA#CdVsUleeWD;k+4 ziC`z?>ikX#W!BW?yd6&jn;;M^`}^F4jx1!LnU%pPn6YS`bW#XC3kvNrWP%{#yP&=fg-p70uO{$L%O zP=d3`j$o>P4>xI|9@AzxP5B1UKmvd-*R;*tZ(#inN;;kys1tURRlTE$I2JpWaR@~i zIvskaZI?7!_RK<(`>Xd#a)6$4+t!KSLi{Bse*E9%<>pTHwEh>tTXWkSD`K#7YePhi z$+9#sufh8I#kEKC{6);_&^qOmZDYbkK@hjEOxrekIY9DybttL+AK<{L^i= z$jm82%o9@l)3mn14uVxf(I1vx1>AMb2VX)0_R!;Lwih-1e}=KVM^hb*WF%D~&-d6a zW%_|(tQHf_rZmv-{GVyEzTOtV=<8C)F&;+u+UwjA@aW*K zRmlptu z6Q}xs|JG!>9^0{gc=dwvL8RihqjyQVA9PBZjU_j_HXnp1!%lyuoCEtVkIkoWGSQHn zT8#8(kI$4C+4flRVv7LmrO~j?aY59)p~#K;m1F(DhwB%Rx<0JY z%C?2mfVD%K`-~00AFD&Fp6C+a*gAOZdOXqL&k`u&5O0{4N+Tx-;vaZ1C$U@=qT8tr zAhQ+BfRn0uK#pq%1zKA+>aWDLp8d}2RB3VDR!!b$I7=WI|L6AM=Bm;7d$5-|YPQbq zkDgEv8T6(#smvz1-Dm>xkWHsHm*_)DSzFxkHq(onA@*NZ)T*coGmC$H`SDBI-jZm7 z)kp%JI(O22n_JNuK% z9wc{%o_myu&N~Z98Dj^V&WJtB7M5?@e}QY{oy-ibv&=aoylu*rTL=@~&$2Miba&Fk zidDs0X$m@-Q>kyyJb~R8j>fjn!^+X$|6NhZ{)w~xryLi1Db<|<>(I1JpfXWxWTAGA zzds{gcG>Jq&8%c$-mHYPp2l%?X>jZ1U$ewlhQM><+!csK4P-rvdhbq7pO)Q8xYS<7 z#cuHQ3+Qmcd#tFfr>STp#@-v8Y9iFiiJVHfawqY1Cn;-HOza@lY`qoYXS{$HSJUn=p z{ppc@=tG0z_ngyf{nNxT#q1}GScdf;280HiQnpQgR`Jevl+=jtSFVT^b)&) z*~Xu95K$#T>Xi_R_Mm%hlA7t=E@%(wH2U7gsQf4(xBcw<`RCFDm%{#d!#Q^X_O zL@^PN~eWBC-0wSeh7FemK^+TWNN zY}({qy$%A;;?x7G1DlYobN~(Rng0lj64|}un(gM0k;_RhB+3MeZ|=`$cQ>#nb)+`^ zP}9o+ezO@F&#c@E2{P|c#-}!*DxWxRrg6w> zHRO?h(1OP9h#zED7#-{Xs1#{S9X{9U2V^gp{9FiRh~(mI%R|>53O}s>%{r6-x9WX`XsTA z*_8=bQ*DO1y<~q%JBIuczb`-MGA0S$o0bmEMDi$?u%4fAA|1wc2=B3lAnSGl;2W>w zl~5?a`MMGkj1H>V+eYVY`|^#t3e{1>6CYboQ+pd%SWBc${yq1m^hl}_s0NsUYAHPc6MUj2DFT} zlS^@#94=tiukibr>w&wN>|?;^``#><+VT6dsE&s@-5e2mgi1wG*#a}pJ4CtU+=5d* z&X@dBtt-=wZudqpZ5xycX>TPn6tJG5xd*^$zb-y9rV@Qcpe=`BH}}$VX+L0SFZD9^ z5GP&Hrry?OaxIG&7GTZj<51Gz2tq)3WF?jWJV8+mER;y=IDR!MQHb$PTD%r#(aK`o zOqzIA7CpR^AbV9kTk`Ei(CXXlEcL2N0wLwF+9svv{rBB*7a`l@8)8@mC^O5buyZ-q zp;>pWesZw#x7OWuYjBRWYL1RmjShZkPg$GvieA1ghy~8USPA*^G30(ttWANL*!eSj z!+_Jql_R^hg>kD0=&0(qM$i*Ir{|5U?SHHkLj`Qzijhg5HUzK5`hztBeTyE)xb~!( zonPVKVwwL%Y(f}GPFX4e#;VYic*@_+5dCvuoo_1Ne7KvDzcIh(rH=rH^DF2k?k!8w zIIl!orVBj(NIt9eHqZ(6q^i;^u~7Hh804fI^P7yn8c54Qfj+l)lJ+ME?_|d{?f70M z-2%t1raCpKAP$=`E+5}-^+oqWxsS0PXuogk(%y*=b~I+JTj#I2ldQi}>}mSP;iC=} zCh)+*p?1K2Bi@jg3iwSXFn!Mj{w-G5ODVW477knI*~U0~9Oo_Bg^{c8JgU=jt5okI zT$9{begYWmBicxLZaAd2<{NiEhZ7&dIQPhu;L#JH2B26%hVI_4J_tLdi2poxz#zciNz-sq)Fqd)^O zrbJ)HCP?3=Wd5XsQe@Oc6wd0;ieAR!GbkM{@XnzGE$@Hjn7(Et07*Nu!ap>Dnrk{( z>&VsGfnBqxNIYp?dG@RyyLcH;trA3N9b4%fnQ0waY2A&K&Ucs2D>lYxxqQ`f`Kjd+ zs`W~lq`NfC+HPzujjA0HSxxuDAhxUYqs5BK1|zW5lQTwkJWl+Tlp{ri7hx`Ilwa)+ zS|yGGQ}?xPoK`+Ibkoe2C-R^rw2O`q7~D7^k{@T4AGeWLEzM_%;>hHP=ZN4im~@k! zjAz)F$xOW1QSdv zC*`9X)f{7dW|shK^A2OB$PYVp7iEe{`F;U%i_~UjO1NYYcz12Z`s~E8T?`*S)}Nj9 z5pa=5_T!EN2HU9a)`C2=_oH{Z!giB~m$a(WVG1t^#(zkEp5y(j6IXrMT+OaG@9|+i zk^V@O=}46GNP*b1;Cb8R4(F1{G8K3Npvor7 z<8jJ=9v;!&$&l^uV;82v>vu>*i_0>S<}@CC!Z&>ATT@*WSPeU^hJ^kJAg%ICdQ5!N zma<3tMt%T3Zg3`UbGl|B4J2Ug6Mf8oc9;Bi&!qGhXgN^yaVIKs29+scJYvKmM4z0j zAt0_=690jvMddAhnqW!eE!X5>bYR}>*tv~cGE;kxsQef|_ZKPlH0#&Uyit>) zZ6F{kTcuO7j{bB(KT;*nuVDyXvbdeO3xq$i?C-`Ya@}gcb@@^142Qrr+Mh5 z$Fc*HDC-@!J1&L3}r)6M8cQZHEHHmR4+P2fqNa-(J1y?5atje3y0iUECtX z&K(a^4LQcB!P1waFP(_UUcHJSPc{^HZ1$QFzU3FbZ4~Boayxfoa12|-at#mxW%_xX zPt5WPJ7u;954i13i+aCoY0vQ8MJxw@EQpT_EmWQma6gME&O=i^k?kRR)UEea)?!nw zPL3z9W=YfE>&gF&>;8YfZ&&CQ#G>KW@ZSVs{3{INe_0U5|0^&u|7}#$@v@!0h9%WK zj7)r>eI)PW#@~%eiSlm~(tn43f64oe=|jd1Md%)LpN!y1`br;>`S-3q2MVr(Q1aKd z@62?64r534yq+*^4qGBidbUDrVcsE;rMTp#Fgul1vrDzKi}IEd;T#5*h8Mh53~-+Q z=L=w}d!9yE^mGb!sD7cM&VZyMx8If9r!ENe|BHBDGApL=BcAAHe2==|&m7TB%>9i& z4^h8%+eiIWzNul~VlFCRC(*sYqj;^@ zj0phm)`_2|mrr|XQ%ocAuVpc4NIG!Bb;4%oAICKsgEd}JY(CKWdm3&$lPd{MD z*X@2)Lh%ur{F5G6F5mVm`UgeyM`9ST|1kA#l6m$V zU>26A^4lt-e%^B13Nk29o~bIzE0~&JVJ4uiSeWfTdZ8vtr72t4w7^4XL+v>H`?2bL z?=ec1nS3Oq8Bz-g)s|A=c*5m#`(ee7tPmV+t8kd@;;>$c z(~XK;6)9y!;@`?!0-5d|ZkmL%kQvIdQZ{z>qf3-hH^$Eq$Y!LDyVdgTmTDn~!Qb4-Me|+{7Hrp1#S)oTc|z z2kd&LA69QQ8HWzdkpxeA5Iyb#biUCi|_59 zd~wN(e>a?O0*@DEAFZ}@G&VLC7RI&&T;FipTx$j2#^1^Pw!e(= zLezeO-~8ysY~`|l@P|!^#4i{C%uxSP6TmR=Gl3nN0rqO#2T7ed3MpevuE3;iK(~;F z(3p~ds!woHL9x>)!M>XxH=Azxa74|dlakU9;eiBbgw`=>%LSc2vP0%4riyE@A`l{V z*Ap{0!3K_4nqFD-K@YSGcVeHXb#wYNN(>{j;_h|tf$Q(?%Co*I`pg$HQ?#T&zYere zHc^%BA}c8{DC>}8 z5k0P{`V#OzULB7TQ)4tnS+>@ITd_~$Q@-aB%X~-`&H7YVNjfbb7PgycAK-HbA+ZGS zx5kOs|8Z>n*ZEUgo0T@ge$aTD0ZH zO|IR2szMI>Z4SeInM*?Og%%H>akNdyVY$X-B?&Z^GV@=;~0Enzj) ze3l&pF+D^RHcAM)_%3W^#upx?oqxJc2mvc+wfawPIam_zdifbiaCD7F&b7^XCYJMw zRSqSpI_fB}E+tGB#Sygn=zh&6M?wwru4;<6+eF_AiPV&ZJh{s1>grm}$&vE?jc;U;X(=TwiiM^m zN8xsL2Na`egimKk3a*p`4x0Czy`hpFfsS89KF0eT`_Uoy0u%av$a8WtHFlCg4qE2< z#(Oe+MQ{FS#FAQvKm^>b=2UUemo;>>#Fyv-lUH516n~pw0~yP{C+&x-1x&|W25rNO zC;7UI)I^9T^58tt>pIrwlb!ypSWoW;5Fg`xk28{e+|^vC%8ueA2o_0tGPC+cZ$DgI zTjzCpiEa!R$@)q7&NuOe_@R1!#f19;wpDm*{e#zm6HEo0vN6|F)J+X-_w)0`{=Mud zl15A6?~vir$?OW!eqYRiz-WW>=l- zN>vbbd@?Bkl^+rjdV?%!B(p7-RXB#`BM=u)v`D%i8tdzH=zg_Jv8-LHtvwkShKP%` zt-#x<^q&ESPm*8ML5-p7W^PNQQJmIx2ddhdvnMMMi{aU8RY~4zIIuDpeuK=*np;pp z3TixJTJiJPi@yMQRQ~wkr$X9k+-&p29UBMl=oNvxowMmj(|4!1e*R5=ySg6y{vFf? zrllbupr)W8USzl_?fHHgdNjfCX089kAc|fsY)WA0(0_WSrU?<y&2pP&`!>lxyO3wct74qX z(+jj(;W0x_aa)D#*he??$u08^T%HsWZ|k2}=|v~OV{7?Z)R_059k==QLM9>5i1UX2 z&XmzK5&EOF_ADYa7t6Yl$_C3_zE49jAE)=~Z0#9!OO?llR?fH*8PsZ-k%0xSaE;Uq zurY2e?Q-$Hip4WmYh{Kp4$q#7PxdG|epe&UK}%Z}H}ZI=hG2lo31!D~=ggGtq+Va5 zBZwm=*RYO%oNavg6R9w+jIlu&C~w-FIyGlhC>$M5gvC9?NM5POseV_FNk_sa95@Jf zpCqmkfli z+94CI(2C2`l>u14*n7V}FS(m+j^=}y^$({0vC36CXN^av@k8II#8(a#VKic?`aZ<- zD`tJ*eCw5)KpdVu4~fZi9W)2vx3G~I?npipa^u*&4qGo;+$x1jI}truHM|P5szkj% zo>Jf5Z^ScM7XCQI-kc7>S-j3j_}4p!FAjL$ksT-Wd0U)07T(!ciT{@Jh^sc-AWMF; z$W++F^CVAn|H*=<(Kk?Dj}05Yf}gsl&ye%6hPXr2u-dNcbQ@Kaqg?#b!jVU#S7wE= zPWrh2(5~b$Dg)^|b}d0#D^BWm2TLIG*U-Oku$d5PLMCV-HKwdInii*79MX2&kA2lS zM;CbgqY^$U$y9&iL87f zm&q{rOpn*_yEAJZ^jeh*?Y!SoKX7}$h=B<8%=mD7!dM=j!>zv0|F(M{aX7EKNE zx$CJJD&1r$WiPW;(VWwonbw&ToSqh#ofVo9;GYv}bO+s*^CoO;z|N^(JM1fPwq;6P$$QTYnUIRqNQ$Un4sOgeeSHTVVR@wLyh~6 zOJRhZf9DC00B~@$ps!5&aHsX>+9Y-@RdBAma%K48n)Crnr1#bw95|B8F3L3N9-N#y z&EQyE-JfTObiKMj+3P`4(jXp!RT6vZFlBD#ti8gZmn#!Xnj%B|zWU8$l2mA*V~?CD z;T6ecX?M-%i@ou_=*%SJKU9%FL`d|q)Djfso)vzG9kb3dbXC3AtZ25>#eZPrk>-)#CF_d~s(OElzJe0*t3ho4RhEvTow-crCCE zA5nCJh>2G@rYGnn(H)JR$pKjbCmgGj8@X4xEMvaFz9o7&+FCJ$`@Bi7#*G_(c8W*CCdK3T}audMSIfj2!I_b`Om|pC-7|A75m3?nSO2iO1mVDJln<% z0CpAgF73+J4a(Lb_I)iaB6$iPTnf?g++P2ett!r$jY8SyecL6IM02|0IddTP-C-ILl zSbEQK!TeV+@Kt@wSJ6bWVqZwL3MPLr7>wp%mh4}ZX8(oMVGP21Pu*3<9P%8Cl(Iiv zjY_V}-MX6`&l)XPc2w*6dUotwupG>8A0%0p_Wj6hEt>a;k>QUfcTpgk>x(JdVshMM zCIw%>3iHKc<8YMeB$9esXXIP5D@2`FFiv+CRpFV+=;R)enGvvi-HeSR-7v)jDH?Ei zf%mNXlJ@GYn2kVkQxZ#aoQL>tpHAmTCb~%$zZf1nWNFe>HS{nJ<}JxTpr*r|55`K& z?E{O%+qJ?~#d$zDV@%SaPGR$pn#S@k%83ek73#C4sna$IND9k5*_C`PA-fq)QKWok zt5%U@!Cc0q&EkcUetoH4=h0+rlSbi+j+aYW()oQ^D?~Q$HmFWvrBU7g++S;IX((7` zvbCkeBc^{^nc8qORAfx?&2H^nenA4Gp>eyhK}rAHxG^VpvDcB#9Zjco9ZQu{KtY5y zA8gL-2A-Q-vVKL(%Jn|dLznjM79XmN4h({=g~HYqlFkY;y_3U^Bs%R=-(8ZJi1NzI z^;^X=&RMcuT1V#^C7cBIa)3K+HpT=RLZHycc*l+@!ajH_rpA>om!#zIMAF$TD9Ni# zD&Cf>QKo)TvJ)uu&<{_oHI}Qf|Fy??VOpRML~C~FzVT&Nb_TZ=y)OE$E+`6L_QBmg z(l5L&lGJWOXR<;N>XzM z3F3pZsSf%mgfz^2+5PHOzi7dk$lrN)Y4Lbs&;Xi7% zRck8q$jZyycTkBpb4;b)_vurbm^bmmaE|;)?m@{0b>*B#ki!t_QIkSjAH{{!)>_Bd zT&t{hAG{{3r&B->N|rOp&iEypRjmwIZgA^4O)H||FrxPD|H0f_K*iN<>w=Y#K=334 z2oNj*D!98#0t6|na0yVj1$RhDfM7ui304Gmx8T7k+}+)^aO?e_bKZIPzV83^eQ$L4 z=rLf_sJ+(SyOvD<=3LVJVeJ(WTl4C#_7EjeE#}}tT~b8< zJ-H~=nancztc={i)0^voCI!*a`%JGXGNCP_A~*enE~1p?q}QwNPS|2`pXK#Zm7`l{ z<;rGVkekw-EI-dX@l7G#v^{)^FZP~y=+27@`YK2uHi-dtb~o1c{@@(V2KvONSw?!Aq* zM(;N+kHG{|CQG`wjPNtBe2x@6yIx2om%me9cF05A1LaW9-TAl_Pp_#^j1B&1SN6EV z9>%yD2j@Heiti?7_|V7bkDO1*9yfib+`gajn%WWClKA1KpZCc+O+B_t_hF8Z8nuCk zML^Zy+x|>_B)mR~uljAk6wf;*aI(AkOkDX~MW^NPO*gEVtC{wD|L?ChX~*|7cf~_G zvH3W5$WiP^Wi=Kp;K?K=i(0L%%uok`9Rnzv`#bTP?-du*$WC&amRsIo2@|q;M zDT?QMsViTGE?*cBcCIu0=#SLsjn(LlqV!gA^YSy=R_>F6Q}S04k4W{21uerU1w54#J-ESK;wc;Yls7oEgvb>YE~AQ z<7c~gAh2|wDo$4Pt zEvDtRq!jLD1ubg@L?u-}P7n^){u=m6Q_<{^8RQ}!Z6XnM#T~hP+W$R9o~D}@_>0f^ zDMPUyzgx@tXjEpu0S)eOeF7_Gsihc7#^zo~)Q>W`pFbpdvA4Fg zMQRoW%O4SndL#&*9p!|HX*9h%#NH-(!4)6F=ilBKl}nzA0oU3MVh=K54+6j-B2VEF zWb{uv`J(B22mEZh9|orWy!5~CRn{U;)iL(iHTKyn@5;;Y9%D3~sfjd|{&pDIHY#2G zEqOeCD>|dcJrpzWSjK32^c#>FD0^Q1yz^aWcu**JTka!vj}LSj)yEX=V_Np%%XY>v z%Fsw}KJEI7Zzp+Rn+$_7k&uAu5$Du4L#B$i4i)6S4_kxS@P0c>X*7u*_F!#}7kY~Q!KYpI#N74l`DmLF z^J7HYmMGb4^G33cb}y&GX8P2>!e2Ya{k?r`!cHuWY1WUyz|+uOil;9f_D*hOHbc-n zooKk;ejk35<7xis$y)4Ugb#JIMm9v|Q*p$ve$*2joZGlTaQp@)&bC|2uP?%_?#f$O z0L`#cZvEhc2TT}{h%Dswat|K9s-~fS*;keI z*0rqT*yZtGxdyU7ILi@`*PCNA%Dc&(i|7gOR@&ljC9#$xqfvYj*mtnZ6ig z{x!h-)fhw0Epm&iie{cU$dSFZb5gZ6Od0J`Sn>*EwxG3DftHQxCkuwR1jhLRe;V+M zEnIQ2Hs{AA=iZXWpl4NzwVq>=KPR2Net&n%^8b~~_u}A|wPh<3^f%u5zx?C>e-3N& z@^btSC2J-JDW)biU;^#xu&me6a%)B9HPL(o(ZVkot63GL`sCT$iYVZjF*ba ze`#f`jpGA@&!i_!is7H2j-0B`Y|18Ne_NK0>rCy?=$4&pFkA`#)dqfX%luc%>K5+| zxw}^0mh3y<{BI4`j53<`-W}fS)SE*X z7!!<$!>fl|rHdw58+qzU*gxGDCAQ`#LaMwDS#ll{?+38{sl8o+VnS7w*-H z+TiJ>v2QB8t2+ZPWW8Lv46H1Y&i0^ADqG>wDt6vcXKfRlawjdAXxh?bl?vSb^Rw6a zXyN*g5eha$IeAzu6q)=I?){!H-9mYeQfZ(i0S4|^RRYwil;jwoW&ak9zl^|mxZxhL z+cNp8)@vjD6JZxisKUnGrDGWy_luiNT>F|?Z^Y&X|CdJn$8j?wqHKKZ!oq}JFE>v; z=88=A8}FK_?NEV>y54!aVz^laCA-!kwAmh-rT1#-v~q@*FY_z^P^g%fPccm~#;(^? zF{THPfQxKTy<%Di)?f49d;8P(kMtx*o~z#P47))V9;)hP89XvT zOJ`;5n+~*-t)U&OmOH_5JNWy0No3d9V&Dq(zoBHF|3JyA&PGn| zpG;WgEo`k=RZNVXbg1~bS@_wwsCZa-IjA`KI9d2Pfe#iQuD=d2QWX+n)t~~3;;_D_ z;$jsCzWt-jh`6zng`F*{Dl1e)_OJi9=1xwZ90gce4Xq4WY#dp|<+WMG#U<&ffE!hv z9Gs1vlnfnAY@Mh${&Dt#i7o6OoQ0i}_doo!|Jwp4TwH9dGA0&g=1x>xY<#SecGh+d zs-FyvO<1K&Tr7-D{>vf2zb{$B&dJ5W^FOeaWW7*5=+uSX0yc|m&AGy1%co|-0BmE- z<|oR2zVUgu&m^*x-bhvW%)K3>QYJ}fmk6UyAZeGvXya`cXP)M{{rFUS^Yc5M%Gd3O z&|e)dOa&b826{(Cysru>C#E*6*1c|g;^q6NJoip3C$5rDOU)G1|9+(b7IfPZL;&Wo zo@5ggtQ#kJ@Y!&&EAq|GMDaqINl&h7_P7A6SwxbI4~<4t^_kIIPn7{h2*fp_vr#O# zq<=^@?19*WEh}S26oeR_WF9-Mt|f;UT@_%uV+j9Po?<&wWwTTALN6EVGqt3&t)T0E z^ujG?V^os7ynNR|m2?fWmer!rRNWC9;*m_G53{i1l^$4Sn}se(@oM*zr;3P_hg10> zjaYXZR#^E7-_E)~zpkr@shYQ8WEZrGBdakvF;S<<@03rreVM+eZM4vRaF>4lby%Mw zGP2~o8MV#h0ke({V+;0Mm@doESMd)XHBD`Cikz`{mlF0B>)adaDgII;AKor#H92jS zr*2(+Ls_RXbSwM62H}u2c4n#^n;Q&9CMw7so-i|Sy{Pr z*lTxznVNP8ZCzKkStxVsrJ&+*E;U*;@zx46CS_32PI%O2mCejH4e9>7ky}y&&AyUi z4A!Mjg2Q=lr3r&UY+jRH3JX~e)gzKZ7 zF0S1`=L{y0Rdxv7|Dam1B5RQEFC{6VARN!aeJwXUv*h@^Y=|pQL~8_n^O=u-H-WZ~ zfJi~P2npSs1%p-%^l?>}>NV7POi^e{L$K9DuUXl~ZTLDb!u+fwhL{D*c`^#D6NdG% ztLsObA7QIU^mEglurx4PAu6ljfft3!HPmLr)m3PVQ`MOvBS*d90C`2$w-&Sd-Z>dI zVpG9~V3K~!Ca-qN%^Hzc_-)t2xEb!R#LY;v~TbT?GbS7o@|}hS$S~O z?QZQzJBaY}Z}seu=U>m|zVxQ4%1~NEI;7E)@`Y+t+s-ju4prQMf0%G27M;U#g4NR> zzNEtvjM@H@ashCA8oPdCUJhpaMmY;DdqPK!v6jZ>xjPWdF^WDOSYzlK| z)wV2Vxy49UX(@ZD$xKkyDl&+0S}{K)5+tVJ2hJ>)i=&(snal&zW<7=VjL};>mLImE!$J(LOgnD>j(a-GYWEabllMx{Fq0qGf;t-2rVN1{%Fup=X-O$ zJos+wh-+qwdn{In{)3AC;*nzcMxCFO93Ni_8fWKDEm)&L$F#WBXmJCNo@Y>E1b7Vg%1l+;%$Q1h8J_Nq zj;gH`bmuwf>!;v+@y6ZMNnw;#g!s#ByE%Ay0SOE8?Kv?-+s!JEUYfK}fq%C!%E+2| z=_}}$JHSS;=CzM&Eu(f;N=J7>&Ah&y3R}Q!DTDA|MUQob@ncuQ02;-yzp~EQKGUdN zMIHvhZ2d$dO+$Yu*DFi9xlpFyWP4U@po!FNHrs%MdQI_nA2R`kqAg zgBz#W_im!jvK|xYiVkh>W<&F~Cr4tEL2i#?M7gK1jVDLWJga9c@96YT*Fag<1anQ^ zkM__1$Ov!MLD|Gcjxrj?H*B1SRKDdVKFKY++048PEoK|e-$L%v3!C3zvM}rhx!Mbn z1Z$1JeO}s0=Lu>3n93nNLkp#14g;5eO=24ymaDRz%Oe6lY-WISg1OLQrQBopFcE4~ zzz)l+s2}l@$3m;G64s*NB8oLrg=AShc?_v4J;Y|~=F&^SLGRjk4ZO6N)Wc0&uTq%p z3VY{$f2y-Y(PU?YKQ?*}yZWQ@HhE9hMD&^0luc7zBe+$E)xEvy=LlA*>Xh?JiLc%v z>`8H)d2VJ4Gwc?^@_8xi=6r6dro?yNPVYF{*fO<1`&K)tX_l3Ys6&WIzU7s$M@6Q) z>t)cJ9xoRMQjTKG%2nAAYCZhk@$BM=3cT{j&06VZco-~Z_@IAAoaS#%Ec_b^{m+-* z{P4-GxWBRkeKuVFr$DVfsI&W82IjtNuH0;ElLE(}fh7N+P^d|)*A-_*=16#y?#6T^ zpCIy++@kE~XVSGzG9LkAJl4S(*Qa6btHbDrgV>h8&q~?9u2n?&gCBhS9a z7~nZURo@E@a+e`h%fAa5r?ETczSuw z;?K~0KA#yKjdmYCx5qSPFs~JfN3U{274pvX_R7B@fs7wzylC^q>as$XuzJQYG=Q-$ zk2<;AKS6nFl=g_IK`2a~t?}w*l6#)Fa;=`SqFH|7H5LT6LH4K5=a4pLx#!o2SeQ8vC##&n zpgv`H1zSiZOeV#LC_=+n8w`cV76*!EaUWbe;qMJq1$Pdw5Y`rTv*F-!4QCDnDlVs? zoEry}4;fozyI@A`7ig0uyO*({&2qS_`vU}zz$K@iz)0a5z*>|hp`BAJqGDD zADp3MwSo!#G%^!0WQ5OEQIy0OT)?1uzN?C)#f1}0b zy<5JBd|&oKt8(j=OL5+@>Zz_tdOY|RD)an5Z_xjxZy(2Ut^|O+oC-5CG6H~FV8x_E z3^Oyci9#J-Vc|Xe;FlA{2CNu$o3cR)9E0vcAW(y3%-g10@u9d^IOuS;W#k*iiakK; zcuBZD2VK1)k?nRH#wUj)3sjo)5FNo@noV~RKpy^)NmYNb>Q6CrS-B}E9WL@y02jEJ zLtS?KA^Ng1lq{S=c)K&60g{YJ1i!Q2QGfCVl3c||RIYd!=A=B@QTjoXywW-vZd;Hu z`MMNGXPr5;DI%F3^p=3jNK)j|W<_2nsp8NymF+d*WtTsX0PcIN71`Es4ep@$`1rg6 zbz1WI>0ztyv)`=W5rMCtaf8JEShcZgbla&Wxn|jT>EO(#ePL6}KhDS^tAdx65=JSO z8%~{>M1m4|Y@$|3!-+%%y&i+udcpcuJpDLyvSztkZ9KhYBh8j#@SLbZNKS+kY0cJ< zK~6{-Pe4JgIq0RmHO;!&udL2r&1D6sO3Hc@@Tr!yMX9BehKvA{U4Xw5V@PAfAyG_G zXTUo}(C5!Ta_PX}TLJx*T|U(xajwFC1ztGJ?kYp2<~*ADE3)CSCbqVUbaSSPH6@C% zAdoc%O|O`9K}=q8BiQ+%juyg`$E)6rK!rrmYscCEl{(Q^+X1#Q7OPPH2=q$=8!=>W z`tu1d`KZ6F>!enHp8OAa1%<60wJL7-_^d~Bf6+(TE*TY;>Nm#{^V^4Ir&ws8BPIO_ z-rG;@#grA?2&DEq-qz2w>CnP5EqkY&u;~j_0+zo8MynJ*{QK=DHpA3-)VpO2#|}I| zh`M#&+=Vxlp9EL?p6sjQ>wmJm^1WCJr1V)H_)7f!wbTosqDw%IMIRy1Y|y%9RK(X`P2d0MG>6;VRjv9$_=^{IHFeLyTxEai3S zmwmhWIXg5x&`a^yxCe71(`mWfv*Kq_(Mz_zEJ+XlJb5i}?09GbEqdHDV$;+5WyWn0 z19XKQe@OAWkE`;E;BYN0vD_-EC+ZPsQ?5VvxEWjBQAc|Hu1cQa&CJ~^+5Z0i0M-W> zpOs-2OS6w|masL<@ZXu%l_PJ!)%&nnDN@lpoHl7ToO--3F|6RqOseld=~dCuh0) z$vQa2YgjE8qqDQ~e0Qq+_wSc!3^LXp9v*XAUN7C*d3flWz;tw|-2hxN#UwsM;%+N` zqimYf-Fls`NGrLweL(}QtE;QA%sMnfT=}tZ>j2uIUHb;5L0t=w>`><}M0Pt{G5JH! z+ma~I;PVaH-BW~9ieKWQ`Urr0A-jhQQGc@23 z+WIjynor|!M8pHk1MHk-?!w%U%qIytf;$UWMwb2FBu6x2`7m(%oYCbM?8BgDY#bDn5)p&u)A&h4xuJ{(i&_a`)5TqWNyf<1%GGnBjbX z&U5k47e5-ZF@##Ge~pVO#FX;dVgT+ln$2|z`^jzg#$xmgb`i?PqbbbS!E^<&g`%e)-;JL4xbzx zR00z?IXNv54}L-W`yv5$wJ&wi!Fd)KJeSa8rm zi_WLPpK`DEZDYSq%J6-{8OjgX_dA`If3m;RJeW2EW-PRn@t$M_Rf^;U+>De5LRDWR zD}$mz0ikOL4<0`o zb#HkE`uMpdyYHQSa;GW&W9Hj)&5hCrAQal`3KkJkm@nsi%EDJP&>)^1_F0p+KzQ$+ zp3a6c&;egBnhf#ibLu0=Lr`=x90W4Cnu3ELfUZDroqXbDS3sAa0B7F?@z3+xf2SiXnpE=oGp60_3nop zYXd4P(bi+}3x>YORwkaYdcYXmuJLmH2f3ha!>M{Mdv5i4<9UO@_4EWDrO2#o()Ia4 z(`u9);QcyW4q=yLPhljtdudf$1UTw4b9EE&U z(EuS*&sTXHk8lNFzd;^&Z3r649nCa<#SjejT@<3fjGq0Fd~+1;+l&6RN%mF-bgAin zbJRH&Tns!GP`Ta8d@{Keo_s8MNe{sS^snF7`*mv<6HRx{LlWR4{1kAC$98THYtv0$ zei4?)3&XojY0*3b3%BP1p~@#2hiwE9U6&~n%F8ZkU^-kJ+LM}Y)>w<{_63qHg0WD) zU0m2xCs)2;P`E8z&x6s1$n5Hs(X~k-+sHT4Ke{rYuQ8Q#eT$mzu6*xKQewld51I`8 zWQSi9^kuhswc_%2SzR(0(;AE39ffnxLA?u0`V#DhT|GDda_mI<5#NZ1wh |_anD$~#lD_^BMHF)mV zNY`H4RL{||HUi_6D~@Kl2bMSwSL)#~w76zHp>Dr+$C&c^r;9wft$!mc22|m7k)6*; zBB^HE>j3x5wK!h8d8TY@uTua4cO9!^8+rKGz@bb=L#3sq#a?TS9!r%I`i!KPz%(;# z>ASDRIJ7;VE;SB(E1@XMpd!Ezz)1FHT#pODyf)J`rARBxH+GeLMsg%F2HvM*4y%qS z*GVsU^fE_#%uG#(yQ4EQgDZx+x#0>qK6+a1A8@+@C*m|B5?_Cz^w>;=Ge$*st$lwL z*F}qN?;NP`_*d@}k7IxWo_;Zp^W81&WT{z=%FU%G7f0HWDC9C)A76|W`v4ALeZd-z z}>ly^{T0Wbxi+fSY=Xtgp`C5jKmVq!inNYZUP_2I-khQR| ztrC5Nu$8gQ2`trg_?vbfBQDca)t9t!L@2d^@2ztoOJuqJ^?IV6%gzJz&kXMe;T$XQ z)R5lSCaB{=JMW#eR}O_PF7VJapOL%$>&BPzLT5;b&+*043em+@c1o;x9EFevDhJ1? zUHj@|FF?t{L0T_dk9Vb@w7-b+ieXu~cDI^}9j3Kbl!Mma9;E)1@-k`!0%4cCGLXy_ zq(on|@Ki++S4n8K$>`p|_FCU|HwBF9O=a?0C0h)%m{-z9c?k&Sp>Yto8-oq@Tx>HxF13~Dq&y2ecSHeYYS7eLD zeKT^w?Y+<)_|;OHT!DgB)-E#3IR^bun#PW!Kl-w2%`H#Bk&6-T$zF^$0N?p7byk%U}epn5UFxzey&@54oLl5f{BI-e=nRS?n0Vka2? z+a~A72O3RRF$S1IHOIdf4}8uA7p4wsHYnySV&qT`P~AT6>c6(Uhg9o#02z3qIM+P% zLgzSRU(f*Hse&%MgXPa_dVQUF>$AY+oK`7jBs&xWPH%-o>D|W*PqMh-bfYT3`!4~; zG$!(9wMfr(&RGDZ|7?l?pGe#hW`m~Fh-gsmKi$CU=lZ{DmP zmG!XHolRTaRu%9`rF_Jk)6%7}@E4v1xX}=f*YU28)XS$;tFlAiH{Yq$Tr7vI{j$B# zw{IsDc+BFdQZ!~JU0i?sfxf`&eMSr&;jurfmpCW=(DcHJ%#gf?f)$-YPG&8Gr%K+t z{m5v!ZkD(%|Kl3taGVDyztr;#>IVH?)Wu48Pjnv!0cRK6`+oh3;|ceaJ5)Ac>Dr8_ z*KW)=c$zfQ*G7~N?~HWb6bJ@xTIQ< zE7deiAl>8@_1>G3l+#r3c7U367~CAKC|2OY~nU&2XsG9C{U* z!$HHj3vEl~Lr6=`7jXV&8ZHdwHUUh&*GV4-e&xIR=EwhTK`n{twUskx{Oi&KQ1_xN z=radknE%27wClHD0lEF(FUgB~0u7X#X|sT|#-aV2UjG+2{_9d8LN!~_W~$5t@EjC! zK4i|)1N&JoP2hQ{HNkQ zR&0-n8@PU}|P2t*@7%p&=la0kJOXedY9< zW(V1FWcV2J(5dT}o66s6{4BZ0sq(cZ+rq-aHqvd>Q;+4FS}e*>*$&1hnL<}PpO2|N z56Z}V(Cxz_1+5JDRim&m7n{b$&rc$hyL4K>8bUh8f`UF`>jr)fS;t)% zE&WGDegnxBYM~Szqt}5#BxyFM#N_*dN51H~v}V47dPBN*0FOT9u-TjBuQQcASAFVq zf8KIxBCM03nK>W-slRW#b6A1NL$`i2>Wu@Cos;tjb4$c7Ews~H?Nm5^doHfJJIx^m zoh%n%6A3s;U^2$MS-^Jsf`)+=WzD6N5?yY{&!QJx;VdMo#RD{We9o+TPn6s<)GV zOrS&V8gpK^;|9E&Vc1EW>J;`Qe&5xz+43_IDXV9joRCoVRmcJJBThBAl|k3#^9yx) z=1|{9L)Sb^pewaiHP4g%EM@L~-&z$8HeOzhQ{4#G$X9U@;vT7{C<#hYxGiYlsi%X& zVMxj?0U^lgA!3(B?}nAc`vRXA^qxRy3X|h2o+qP?sPANZ4(M0iB2w`Qws*2TyzV8? zoA`f4tNm~K@&8=+{dccb?PrY$vTcIK;#a>W7LiPUS+G z=hLFtUm-xVTbbi~Am*3?C@Ber?-<&AnFSHAo*cqrp=UG|ZEWt((fyPUS8r}^iuCI6 z$OS4YDptc;nV5C~&USxyn+-|9i(5qcphH?1II$2fDEoVRt>^16k>C_A=yvnb(UGv{ z850XjfE?CyxJ%5*Trx(gob9L5uM@KZK1uAA8}QeDOL*{s*P#zEv*+=V?aqQ@J6_ z;cfBqZEOmd4zwr_D-!g)ccO&ie61|)vPTm4VjFkjO4XwB;sbWPAX zCr_B(MpHZMKxEvvkl1`;uWhI?;{|ESpJNF{o9PN9F{fJPfDIoZER*^)de*6@@R6J-U)dT1;GRQ7|Gb@2 zs%W{&=&-gs)vl}YNG$Uo!_kr9r)936rTHcDW*Hfvy4L7@{g*Wm0ZTv2m~@R8B$uEO zpgNkkQcUm|#yB$@VTlib$O%-TOFf08LYtst7p0oJ45F`K4g=Y^)%}+Fo>*`jozSE@Lc8ZNlcFm4~(?#~B zvSu~$;95MEwc;4n|74e{>yL%hpOGgS(GP7LmK(^MxT-`?-Hv_B5vdvh3d$1Qh-Nk8n?xpfpC{YYvs$vVAeE zp5zcy9X$oem6KM|u0Z-aG6AMz?QU5mu!2+#%1!$$x+)k9Isc zY=pRlr;u*L25J3vwJ_Y%X1JE6$FQC63!!*uya8kW0g}tuFjw@c>8$^-|0$AzdDNGs zRuW@sq%Na<46D&ic2hAfT0vS zXC8Z?enaxET#>GxPnw#fDm^rW5RH3Onhu@i~8#Y!yJv)WLtQIrucln ziWNl(!36y+g!F!ofbQa3+34u4s0&jHf(27t4`ypdCNwXnE0_vB%9M(-2#sRmi(IzR zl87d44aQF3OCA0<#6s~RrI>RMA$S5)fwJi2Sz&`3i%9Y8?W6WD=nx5mFJO$2Lkw|e z3JyxCLmCvJn?p&?)z@Wew12eyN16Zk()@p?*DIspgMfXarI3rWy6=xPyc#IC?_O-6{U^hot^Y(2x#su-I9Ap24q{z$s- z0KttS0-@XmnmRgz(!TmSd=fgy4?MTBokiKVpTQWt>toQFexS7Gn}= zV*RNGG@gy7&~A@mVX^Xd2gXU3Eed4VIyi6$9>jh$Ha0$<;h@CYIiX@TH8u6pBe`07 z9_!AW_i3Cs!vZ~zfoE}JPJP2AHMpNuYNAQJ8J;S^l&>8Dq{1-f5{;xO>=c@QEyZq? zsBKDhDS7qV$Cw3X{MR7CZXBqP!HU%ad?9Xb+U!v@mlz)91v9|cSh%w_RluP7PUl=1 zf0BOBXzIlXkRO*Xlq)dyCzXm?Ijl<2_lRUrrZ-HxBSH#_jzvf&BTT|URsCl<^0^j$ z!aUUi#cbw*2!^VpVH+P-};ivq?kW6IFZ06aZ-&8Up-Lhji zm2xH{%(szjH$@2?Tn*wP?YomIE0~XEnO7YrRlZ{CsIBEzgbkE`ku=5&8>~*tn%ZgP(aXtS95sFt#s}n&K zr0pQ&!Ox~5M9`8$!PwkDj6Sa}0a4J6hS;@GLsRHGf~9*5Yq)LG)!jh3eOcW&tN~V} z#qDl42A`sq*4#Y#Mp7-Rsh<=Z_&-?lKeL zBbaMCsrhy>BrD{kc7dEG%ii={pG;Qn?8Vt*y8eYl7B>!swE6|TLAA+C<^xv^n7=^AVG$}agU(E61?;GmvW3; z>jZ1`i$UAb1yHahbQ9;e*i2doQTLddl6t&P=Fsc-#Ke=_Z-3T0l5E#jko)f+L!*f+ z(SPK{j5V8d**<*>@SB%qwwje?0>5#la34N~;1QwC;oed{;@%d9iG0FA;rcNgu6|@6 zocmO@j2|2r^rcZ;>GA*BBKd!eJ2~)`6zl1)6|>?jyq;sO;9FvBPsRIs+A#U`Fa7V% zb6#UluzY-w0bo%}*H_aW-4hCDX;7Sa@b&8W3X-BUp|4W9OuIGX2sVRC1nXQq?B@EE zGV38U_2v);W;?J=q&|VAdgn&NRQBVI&OMA{S`kE=87MOWhL0ZEGT1ymR| zHmYBz)_fGVi6sidE-P+sSQJ=ZmG)672uqPY0bd<~5I6PLbZ? z=?vGgd6aA!TR`<3>f*8UHM5e`a%Q13i{x;E$aLIio;jX`j4UxRaiotggi}Y4RMY2L zhca*4j8E-*pJ63cR8De?jJ4z^y)v*Sw1`X8g@;R#IU3TE9fkX9eQrtH;KbkB2@kRR z%)&8dX5-qQOHnwV8em1~hyi;OKY^yE;ZYJfUxf^Oe*ZjgfyB0LD!?rlbbmto9*DtMns{- z!2HdZJf_DGbc-1+X45XSk%Upwa)3`oh}dKy6lvxzef{lWc}hxo!XJm4z(Vx|!#&--)?9 zT zl=`Q_S}Yp*h|$YNgU*~4WC7}M_1B1#5Q#*raJV=J|}AB7s=e0xrEL zM`2Qly7~y*LS)3hk?SN?cd8}e6q$!pf#OpIBXFh^4~mP=cEjYbRSy55n{mwk@&lK< zzxDN6MBafbYInPD0E9_80z5L;0Vr%PO?87W>ei4g=&n<6>Q;sGx_quNKHrUrc~fDn zN&LQjSK=&m5ws<3LrY5rt1Ud?Em5uE4H7R~Z-1F@a5#J_0bs?tMP+9_Ah+?F2AkV9o zknfKpEXV2v>x^DeP#+TR!x_z}>fkZMOZ7S_mQQTxJ!fS`uCI=} zD)XLV=dT7Iv2R(X1ntfgGlGJ}gOfxCb2IMN09N?(6NNsy;2oi=%UjBcNyVlMrGJHo zxVRJF7M)D4b@~UwGQ!+@+rOg1IG}w@joT1+JY_f|oKn>GK^fZa?&OTdcSuVdZ=aX; zQll;qhJ>E%1L&H_uZnAh?VSAlT0faC+^dVd@^yR@Z_Jdm^-@ck;UaP()!IZ>G-(w-h1W?_a~ITUmJ-k zpIXw@rZ!Fd6myR%#Ve{AW3i~gwQJo2K#0uG#$&zH#*eH#hNT&^Xh>OshjOB<# zhVwu*ZXz|x`vQPdcj?wyGJIRC7RwPfKx+mq>1T|^5RK!XwoVQ&W13(R9rMdeAB(IX z?^y}Nj2jld(^*5ZRHccuWp%u+&~IzH=w`WgwE_0-NC=HO!Tqy^9N~jA_DS05T}d!= zL4Br$$;KQs4lqv}#xZ1K^d~LP!xmm__~%CBuGiHZWLwOao$Oot3=75aZdv+ta}{n^ zl+1sm&ae|rWy)2%)fB#drnGTpa^UmRL_@aHwJ@ic@0{zm%x;XH@COs0g;O)N`kg!q z+R}szOhqul`uC;jSO$~sq@`8y7P91F1iE>yzm9e8t8rSuAXhipbLSv$D5wG7rsWR> zfNv#SYv(5|dxmr`843ZlttzciqRrVy!-8t|c$68n~56c7aabxTXZ~PH66_s%#3@FqtOtgThaSJfZmc0;hO(Ps5tCVJunV<-Bp4a$~lXF9`@H(YFA$ueHdi8Lnsd?)Gz6H-+ts zpi`lmY6H*fq4UX`CTTy6!$)vfnO_l8nQ5Ko+x3a`h%4P^#<$`ghLj5yZbF@a>^gQ5WeBSdnRtTT6Di-h|qutLKKnPIX6 zA6mO&GZ$s$M*F+PFO#}WMOJyDX=kqvZ^WL=j;L3xGwJN?QW}Ibs&{J7_x51NpdAme zx14<3>G$O*w7=_~Y3m-bHJmSWbi`fMX|M3KWT_LjG|OK%-^%&LP#7>G0a*5inC#Xq zRiiB<`zZ=7t~q{SN&l{pbm{Oa_5<6bCSmHMfxf;|+xZ5^js6mxL}u-k8|ViE3ugB+ z`@5CjJ9(6tRy5TE32A*%UNqE%l)tkJ&BL^`OH7bZ#ADV*)OTjJq82Kb4D%}|j0_m1 z$yO2|jc^`q#9~p_i?vmD=dudj+sqgmsIPqvWw@pknnL%_#uj)0!Q+v`-k{;X6-_JP zMz-G&@M=-OV1i;+F}FAf>)_r47#7KTKNP;N_y_(qWOH-YNvFdBGF#!IrFEF6J3mfx zNPg%8g7DA^2{y2t2j=JjPkj6O^~`VnH^@rFAq(WsKoJz-anVBUR`eW%9=EnZGhoXV zk}z&rn_O03XiTCL{}q3~$pG#11CygLvm0HVjEXBVUXxgiTCH{u!AB}NZZ&mAfI+KT+E3qoe=9}&8dtgV_}n(-_Jh{_34k0s-#5rS{R^0; z<@4#S##Qfioc^W{};kbgs0}y zg)M!0Xv)HrdwZGCEh*Dqy~1yW+`hb(kfN@AYVln_ipr`n^7j4#PTkMIze(ca`(MeF zVrS$3cd8U0C)fWgsZu<=eC&MxIaO*mdBKWIWB&eHY{3!M3nGO#ls}93Sv<$ulA^d4P&HD}u*f2V?ET#Xq z*JsH0Jy~j8kGwaM;)i-K`8kJW?jp~z4JwW~Z_KH6FKeJI<*{L^{{d|LloE9oNp@H_lA6H*QEC&Yyh+lm$Qfp~^*# z6C@t0AN%O4LW6w?wrn?qM&!#%809&Yr-KeM)VLKy(!}F2z@gW)MhPEr=7^bu z&=bYFSV5##IYp5m(DzoM8X>rC(*!#@(l^8WhR)DIobyxoAp?5E(_-UZF2~Gv(dVhj z7ZA(Fbn(wPfqstgQ2D(zrL6}~zxDT7zmE2cbi&AaSrX_Z2q9gow7!Dn71&#)sBwa2 zBUang@;>1&!7!fXyfpY_boM0YrI#y`zt;$#x}wuF$^<-IBN0;k0)Z z?6X{gKRj!H)xtp`w%wENYSrxX;NOFPv_zHnvj6gn%~$W1^5a*OGCYymR(LNg(FoDb z&~twBV*YzXPaoyH1f`{_>aB9g3*GMhA*=gk^k*JKctZEz7uF9%h$cp}yB-gx4-ifS z=5`lXiQVqG5__Xq`|dL(cB&^z>>w$z>NApS>UAmm-zTRM`9BrQ)wTOFet1@yl1V@B zG#h4IRquOxFzg~f-hL`rTd$X`6$}BYA|>`~kS1%Os?(L&=UmcNXoy2Ss`?e=X`f@q z8)XiS8>Ho*Rd#jIa`v6?C2-F}dYOpw3?&}d4Qyw|pyZnvj0o(fxlYXzgy^k*jpP+& z?DooclurQO3c=M?_{sW?rtwb&vx&UEjWP{;o79ex<+~MkPw)44)y31Nr(Pc8NQyq4 zB@f1r{>L%MTlW_(nY}eymsau7j^2e9n7L~zddGf>J09%igT=n(HL5kI9@o%89H*2a z&Sg`A{w+%N*FmE-M(z`x5hOBD;@%{_t(VeS3ayO1)|^lBjcWJyROV-z=vFdR6W@)j z(qj>(TSlI_uya~z`Pr|+O6hM`G{|?Ds16!hO=pIZCRT-8PSzuQdc>d^eR=$TeN3je z(ritkL;QX(p}ud+_m;er1rzAO>HRB~L%n&bDx4|7`&5B9HT?3Ya+d1R{7QBLnW29K zp%uwf^y3_ys#Rk&#a)G_zr<&#VS)@8uPhb$tM3J3UeVy=NnW6*zih4Bo8z!>tv0eS z)9rczOIFt7#IqD+2iqE@^tL6lZt>7xyPQ#*3O9SJwDf9G>xqvXZjP=nb8o3nBqoE( z!(sE(Sy9~uSBY4BlTKD79av$#eW~k-N?9`im1lV?y6|LiW>P}m^F1Uy$%BgIi`aND zDB$6Qs<%5OtgVqWk-Z0-s#|`5sBBv~llp6!`9F)om*UGi^eUT%i!5vqtk`_k*5&7wq*K!oujz8O zTr4+$QZ8>C4cc9Ci;dbWB-(y5&V|XhJ0-S9FTC1obQjQp7c~Yq#%e{-H?3wlIG-}B z&CPjn$eeT$JhK*yr3{C3;g*nwwqfmM|DMmzEJ8sK9Ye@cUi+0|B|KGY012^4Xuo zsZN{fA0(qWW*O*)Z8Rgxq;={1jfd{vN(Cgo=K2jLtpNL#9~6p;{CpPzu>V|e$qA=X zmO%uVm?T(v=})}id=iWuewP3O7MWys-tBeN<5!Dn8~69o^j2)Jl&N}(aOZdHBve&D zrTzd>a~g3gz!+9O;AqmZoj<_0fO1xhf@&BJ8}M~n#e@@6LF@OA?YtD_U^OL|-njk7 zSxK&fjbY_najnQ2WHQ-SlS|USbR@g>0b16Wzye+d@6TEq;Q|Ynwfz>tp6od$1J=X| zhNBkYXS}M$>kY=^{w12&QRV{`sg*+o)|(PD^9JFI)5GUdKc1_S%^T96PG?lsja8nT zkv4sASYfS-?HWVnS99``UyBPHSSJ_qAgrRhDHl#E8IeOmDP|?+RyUbGCQgC9))VLA z0z(P0-)^@pbsBr*M=Tkk7As+WX)PuBEHboVj0NhXLv_j*p`S?2Wc~nIwiEyQQ_=aW zD-DUHh2ObW3(fg*$R)@9EJ`&iEpnA38Q6aU?&!veW3OY>!o8l$2a&c7O6THt5c*C;&M$Y{|%~gux*(j7xS#;@XfViO?d5eEK7mb zj+ij1tg?P>5F?aWEPK&PX~$PFm}(Cck~5if41iWvDGl$W zomsu7VGiuf!m~Q~s1@0GV!cyx({s$Tyo=+jI%fLc)BzE1Pp?!A4&kNTEZ3Oy6T`~vi%szQj+efoq@EZSBxj) zB_t{DS{}MverW7pm=_pkQAa2;t7XwnCOJ=KI?S8x%|O>Fb`k2 z!&@w{s)gCHf-YvXGStIf&nq*GV>Vx$Bffs)JEKkDu{}#U<{;t9N9^atE<;B@x|SMw z!W8_FVRzCDxIBx4o=Jolp2UVQg~6v%LbsN>Se6pHOb~}XsWTzPh(d>Nq$V_Wn*)$+ z5SG=yVo8neq+=p&u5*!z<(v?D#_;mVfr!Yj^fM**MVT~Itek~R|Bexw5#=(`uc>UT z7avPl-P9B*_ejCY>>O}@a)_=Oc}?YeOF$f`MXBeeQXRL9efZy7xSjiEab5VR%(aI> zqWEe?W5Ir?x!!%{mU`&a4L1x~O_&LzijNS}AfddFPcAo| zu(xQcP?wPaZdRNDD;@pTJi`{@(*SV^0w^y>h7yIYpUwKO!H)!`G5ZZOsq>ww9EZX` zmxYBG{+14tkfnhES!g@68g61~T}oNVz8S6VpQPn|g(Fx7`jto+< z(aVZ8ny@>WHn{I4dufb$=;c-7UFaYqf;e z1IAJxWNu{w87$%siA24q#0g#LVDM_{7C*kjfDV|f+2k65Yh;&f=O>-`UWS_tLX&CZ zMwv)?=tpiV4)A|pEy1wCO;ml(tBS>%92o624lP-?K=-@t^7L1TAdG+eN)zDVZazgVoZAs3miU$(ed0BXAg#R8bHVxYw^lzF;1ULYpnm2Vi5Qt;%O}%>H`` zL@Jw(uSrFmhK`XF?NB1&6oEs0S_rxPSQ0i=uX+78b8mUl^Yngjm{APpCd z&QE80Il9s_v6Xr^W3YVLhU`U0;mo`G{ZPLwv;B2Mkadt-&_q6LKjr#C;+5X2Eh4z% zS9D{_JSUWXa-4}5=u>gtjnl-lMgmw9!_G?0IE^P<&1w-P&@L?heU~0uAd3u_xDAid zoNa`G2Ur4XLqw8CQitX&8(1{uuk_(8yKq;c)F$9(QLl@!(AbkI^gdyXXR{LcII6wj z6<5U|Xu}eUH9eV}HIgbcbT))?ldK36l|Mu6L_Ki9Do184<}z~fnGHzs9urW*D<*Mj zg9bff2h=iQ?S6x^3tsy>^`Yi%s{EGjG+$9Blc31wEqM%dxeiI^i@ zO{B~y>I<}}9!Uq|fOkUie4P^4lT_fgw?ktuJtKp*yE76S;q=M)I371b16^h8ck#61 z4z3o$i#02Pl+IM=yj@vF3xQ{9fCZNiSpu#`o!$%JwZO}@an5n<1!Rc%huK+VNa#+l zqRbJw6nE%tBAP7uDbr*r&xmJ*nO5X!Nr>OZ38gS$w<8quJH(k~^o2W`o*1kC^KI#m zpIAW?HG$IX@AM}r*95DW$Y$AT3Go*|6zb66Hm}U~_~{Huxc;CvdZ2T}HyP*~7pHm% z1vt_Gx>sN|QbaXVA>(zJfA#OT4y}yt7YPyagmylU!Z9B2HG^O&nQ|ca0{z}dD;26q zc2o&ikqyLE+73%HOcC%&{dIC7g(1o!W1l1Fjw$3QT?yni5y&H}Lv!e>Vv&J|(*svO z zwIbtMcHzq|t3Y9eFL`Q!z-ziT+Tf*~FV0cS+IIEFR-1#yClTMl;RWB`XhTT^`tDW; z2=l7**R`-gWSyy+*ncKJWhs$I_(g7TVx7_ZOkg)D%zy+Z7Qd<_D zBO(oJ?>;zOXk~A_PyAd!z7?r9PxXCbo`T&ygl5?gwCw1{JDaE$v{Px-dl8zWzmRl*kwResydNi z+yCrtTaEXCs#Z#Z!cINr+96pcIaYO48XS=E0qJhOvD z-BiiCbmE=ZkleUO&UkdUh#Whoo;i9!+|K@p4!4u622d=~6Rs>`pH{f|MTta)QNDYu zVBfyg@k0)sj|^E!T2*0eyzD$dQN6DKfn?^taeWB#IO{)VQ5;2h!^b|=fvi;F!3<^( zD`v@{B7%(S@5q*YrNGxY!)wnWH@$BH@MSfnIseXHhYA(NE;IaDQY1Kttog2mJqvhB zZmQcQLbX^cc3cxTkcjo#ikxv~$8UBF>WrD=BZ&g<)3x{}3(2yVfzKC{%BX2@)4}T# z7_|Dxv~9%GyN`S>o$D|o9TQ$+^rxOb0yb)x5WJN!c3!*DZyTs8Po$QjLJ@GuUtOS# zM;_XCBi*0|E=bv*RpJ2?t!_>IFn1%5H{MipM4FRuFt%LXv|#EzO@coTFXhyb)IN6^EL+q~rM~LqB9T z`-KLv4;V?H0IimGKvYcvkn#nuG&Ky>k>TEJikhIeJHXc)SstYJfJ&zgAb9@zrhtDP z_Hh#TZXx_(t(fFwPU~21=x66@#31VW&+br{DDz0e4g;#Qt)QInpDmxe#)Qt6e)pZ? z{6kNBxZPfq@;Tu3Y@48zG_u^&P98=nzALR7Mh+RChdK}uaqN!H60uA@M8k%mGwD<8bkYvU?d z0-#O-X@_I2axUw)t}hx9mXUhUv*^qnMt+GyOfEspW>{f(UNJ4@&r@m(6Pc(et!^qj7&OVxTC7M9;#s1wD$SNilLv(wdC2LBzaO;i)B5?sND zhb>%gt>s2j*-f@JHri&QOKYb$(_dD%@FvaW!}f=jf_MFVN#)G`yn)P$kGw1niCjAo zO8c6$4ylA5)IsNUFeP<_KZuYvo4`I1u3GJn-m%E25v;!yWiNfw=2cb+K;E3wRCH;H z&m!@Crx{r#K@t(9tuZBJBJ)fuM#F4wOw~Nultw7{$MpRp|E9N*QA@G`KDO@?i_9IB z^)Mk}UY-kgMWfgHY)`k&cx{1yX0@4$8@f5HtV=L?F*yn=Lod*f1YxZOXc?wl}qVMm`C+W&|4sakSP7XTnUWn#O(bYPd|T^HG{botj7QODwew=92BD& zd4i;#v(l#$9q3)|75Is;0yOz~QO0^F(;bn_BlfG>Nx0ymV%(_RKe8)6IH_PE)~VT_ z53Y@nCwF2?<8O|NXvKYR@^Pwl_G{Zg11}b{vftO+Ul*Ik!~AKN+4w8-Y;v#z0>$RI z-K6NaR^97p(`Bam$1;cR%`Yofr+R5(-}}B=vErQe-ke;@z-#GGQ6nCvEcyaSCetP= z3S&ABxLLcz(`&R^PLzztm4|mqH(bQMzfJ6ExC$ezenumAt}?`STATzU&sTwhu(w!b zV(aEhKu+TIH|8(@&WlNkjTlCg$tsLIwHW8d;WPsdF&!(rB zp}lqDM`gN70W?xhwVj3kehaKbrEKwMtbEpramZMN|=YB|? zlWe)&nhhMU6%mnxMh+)+omtCWPZ39vo-)nxHTUE*^}Dt_?CvgE*zQ0TD$0A@ZvSE# zE#KFCGO3e4rY?vIRRgq*dj1pI>#$iUMmA^n7X6ah`i{>=hjFC55ZYG^Oe|L{%PQ`* zIkJ011ftJYlFA^mIPvO4w)6F@X3pb(?#TtN6}o53Gc*tA^#Px`Mjb~;VozE zj6ll!L#2j(=E_#Tc2Vkk4C>BG=8SLEZ(o+O60P0#9;0Y$?*5H{sy(Cd-&#FaG2l$_b_nU=_?Vqx6cXu5H+Wx&U>G$gqU9k(@_HKgg`OjE3M zqiLkc4Nu=FRR4#hMZD=Zu5>R$3reu~ycXrweoLJ2k57L1LFO>!x&P{@!wfLgQm5{adEwi9#kItSrcCIB4FiLyR~k|sx|uj6)%*=ya=yhmHH z1tGMFM^X6?f7OiXRuku8?pu>I@QP;b3I%qiqmUa@6VG%6dDn!{3UI-*8)KQZ6KBZ> zCTwSCFS9w;5KyJ2)rd&ehn}`MBX;K6ek=89?G7%fQec_4Xs!L?ld{r}S5_0O4BN{V z0h;aFEyntCF#Zu)v9Mi*jPiF`=@f0o!|bCzKYhO*4j0tgZ};MBU1GcOs)1S(-Nhyi zMs{a>RS72(^nd6@S;B6nMN|R7RbHNBnvq8R%WmiXe!ckSlCKr4CgGmfj^Ps?4GO+7 z>*HTifY+`aH4;<=kF9z}o3s{3e}*Zn^-Ib}Kt;ezhuImdG!$oU%7F$w!fm6~all_D zVO_#&_dU|iav~N0|WjjtAWZ{qZmJ!Cbngj zIB3jEGtGO~wcbYg(BXwAidTvfdzV~_H`IGE3bS0rdFcbjsiLK}XYJ(|mfm{>*Nsu4 z%0s3T*AkK+%k2TXV`cAZjZ!zoyP95ETrQUs8bFVH`lp&CY&A~o{R+sPzvb{qOmtir zAfX{0Vdb9Hcdm3-goQ5PAU464QT$ziC^z8{%6B`N9 z6X_dxzHhEpSRkQwVe9RT@3f;3J)0b8<>w(5p21dCG*Fq>0m$_i_j@0sN;lp zmTN$+R)M4mvrSXL0-ihPwVa ztkLV~%?^<*0a8uJ1o~W;*9tvUziNqLKSCqKrzd~-CdplL);c%m^Uz&--gVMj?zc@1 z%F1|Bfh^CJO_$|3*M#eSy0+d8;jajG%{VTMXRHeJg+PV!Zlredidds0QDk%%hcCJ*j~dnIKR`&%qD9q89u059Pr zJFMe-y0-~3;il~F&8kz+%Y{v4EkL5T0w}2DegE+IEP8I6*BkUYeT2YT__#GRb(?(NdV=bi}tEXevu+@~n5i8A!PBKz#t)ZGZ<+ zg+M0tbGU#q8~*iA^4I-=8UTb?;j&sgU_Oj3QRsU-RUDX9XT(L7kS@KC9947Jl>0)q z58nvm$7{mPKCuYv%68AsDd)FoU|&N;eaS^wDp3X0edhx#Og*$f>p7#d_ECs**%N74R0#OY=OWu791% zOC~G^ydOK#bV}}VE6);?@<1_OTv<@QO7w1R(LVTw7CM7y*!Jk9P6=RlXUyY^$V2Wjm2aaC9i8jaN6Tja^nV@ zgow3hz3z1?P~QoKO_Y#w|~xx_|@GaqTFgL`qXW?mW)T~kTvw~_zhZ^h|7OZvXutaPZf}=He^oYkD=4MLUvaS^Yr~pEheE{t{!y>y2O zh2B;p@Z+O@>$N0D*!E)b7c!gi`s8d4>E!QikUBj#Y{k%`^x^wR3!N=-$Fm zpQvr$)w6E$+6d}(QJa{x_wy{lPio_=)wPBD-J$(bXSU@a8n!fV^!uWVec{Q44Brv|b<&VwizXWVc{&@e`C9Ch-)MiNGhd@-lHHvjk4P2* zCz`gUHXN#(^-7I63JQm->GV7@{%EB$RTz4;=`WUP&2nN~zL1=bE0p>O6A9^DE~@;) zbuD*R-wERdWUv}B0qVA=6XD5oniVJfz2cgYlmj<%e-vN44uz<^$JaPFe`X22>n;Wx zeaN+m-XTB2Up_Wm8ZoY~6E-iPu-1xn#w&Z(T9vJ!ScpmZK+1(@-frQ$lEp}@y!87) zJs5}zQuFdX>33Ku0WZm2VjL$^n-JE}6x{Yl^wSY(-~`*4EyCfbO>TKlWs zAS;(ub_|=2{m}Vc;nW066a7E~q=YAVhMA*EnFDTT74NDP^{CL*u$Xea#9bXS#Zo?S zn7>p84>WgbtNi&l1X$AS&PC3b&{za7v9X-m>$_ay(YJ3Y~xR8JDK^V2(?f+EWqKHc_1xz zK9yA;D%r&H3K~dY0VBFQtn#wQm08Y|Xpc`YsjK6S^DWFVq1e@Fdo~PW;b#vgjP|#Q z6oK^=Vg3c-O2^mPC-ft>+j*zSgSfm6R8C6^diRw=4Jqde?)!BD<%SPyl`S`wMO+CU z$BD`{#Jnj)9WAN>jn(y_@4~8j&DW;;n}d(D^#9b?(*>GZZ&PyaIsUp2M&&EazBh@t zP%sI!9{qG`>{sPle6bSZ2lZF;I+r)=!#`_QT5&+9SBX`~|$K>I|65s1AFy3y#u#$IT{cN--tKM6= z(8#U*665}NhvkNI^>#l$rbCw8(maAz0&IBduHE66U;_|B88gxQsQ!c&^Wexk2%2Kz zaBPz73qdQ1`H~5)R=VHIITGW0fC^FTtX%VcR{_E2b|Yl1Y77c~3#E6cC_L@$vZq9i z;_h_3ICfK5j2h^WgXb?P3tBr`FFFgVPX2P~9hCpdX|iALnz)7~`SNay*Zr z|EU$sENiTDr~Wdc5e6E2Q2 z#Oe*xC)cxEj)E&`#ZZ$O&c_riqIpuw==w2i^zU9#&ft|8juA1YRxjYZ)@1RjCDOsn?PxEp21Z!&t9d#^MNeArRO% z$^~~e0)V_)&+@W(CQIhg^#9&9#Bui*R$RXN*>iUqAD>>Gg%4>$E+KK1`~EM}eW110 z*PsS{p)H`e%f~O+q+cwsQLTp3)IRQJVOw^TYk6nlb)iR*Mx9IH>5eWd{JcZV(%3>d zJ!r}Ih+eWwKTKis3BS@{#eFHY{m_!>Fss!s=D<~h+V_p-T1~AJ30oo`sE%At4TK)QiLg0#^r+MCsY@LUqU?vmkZ#caGJSzPc6O-4s zv_g2`a`SbC0fh|oh+w#*&2ur}#`6@SDy~mPn3t7N_Tj8jIALqZ@22Q5_N(vXHIFmF zd_)wE3N`WX<-y~%S6bL99~=|CFSA$f(;WuZpMr>IR`wLqMpqsjcNI7zuQEC-+a8ZK zh}0NU+uo_kup}^l65ti5{Cf)^@)HwlY~8nwG@%;K5czmY zaA4B1lXLk54QyKVuXY)_ES-&c$>{$z*fH?(5hV2x7*C!R_@I>J3dsF*H`N*A?EFEH zkgNM1bOiz*Cw%QFM|7(Q;YM#P|LGffms7L+(W0^~&b|>oRZMa~ff;@$o9I~*0q~L) z!(ibOy(EA;@iMA8{(Zj$LHqcF=NpJP>%Q``F+!Au@h+mqI|TUL{x>nDhHEh0_?O8g zB%9zKl`)QSXOjmsUp!^0VRH-NLsaPJJjSXV(-P zF0&C_DhM8rCM%yfHQ&&CH}#eh@uhY}+%q|;IF#e*#cd+!N3eJ2>vi0>@7?@WfWAo^p_% zuNqOzd2^G+Xal0`vN$gP?JNEGt>CDPT&9-Ecfv1k8MVEA>2QZsE}*?VYxa&@98)>N zw0bm+#Z&5d;kOg+B<&3-D=*MOi>V8a`%e?woP0F*Dp@uNBR_9uqY#+Nn_u5Eg~XOc zxAB_Wq{XL~kLildMA-E8v`vPfG5hAZx=uq)9naZ9r82b2TnFMcN{PAmCS|?w`{g~| zJ2^hHPnWAL1qS3V`ZK7SPi@ELzrL}A*1uW!ILlruyEKlebB)rwQbrRptEbY2XW4$d zZJ*QjPcu>rfvPEjN?SQCt6HibIR*NQXeCy=B2h7M4*5(do`i(LggqT4=jryU-%D}Z z) zyG?M(9NdZX_iFmFanRRE9K7aWy+(aL^T8N#&&x%k{$o)7V+|@W% z#>yIM;okC>p+(x}?ENM>fZTI{91gF3xe;5rRcv4C85th+hjUw6YiNktT0VgIx&=*? z)p8clZ$6+vXb0cq?-Z-kWM|@jDuiFLC+N36U+=5rSDqT)0XO$Hc!VTG%fRarW60d4 ztJ!`b<^v5i5N%{`lh{o3j1Tu>*+%c3dIRCM+huJkX4^B9#NUOvITiu{M|0a*8NmTw z0aFRHCt2QUxbH+jY!b1(H-)-R%%Z=+0}%zZXtfMhiC=^{|z12rTaY zh=d;DZaSV`AfvbjLaZSMm)4b(^?cq4!Z~3;T!wJ4Biktv!oKB9PgFTCWSEIPbU5Qz zyXsF*%XhUueMIaOt|f-6v#hr=PWD`Z#cZ8BZuT3 zz$VfP9yie6jBm3Hr+1nr!Fb7IU|1cZ$R{;~p2=rEZx+HI<>+{mD((#hKipPJ6DH^r z%1?EOe4m(S+a*qr8dfYAR9O<+YHz6G8Guv*y*ub(GqbGsUrIjAG_;XNT$D@}ZB1TX z{R~HmDkIMaj|a|8C^$)mc|(fJ#3>%($uYxk~zr zDpGFfmYU9Z<`cA-(N}?wnu`5u z+t-^f^FF^$D#eT%-RBozKA~Cw;Ih8+O$LYPUFqC!TyI0O+!MUzo8DPSyrv2z8+TAr z+jq_?us|YHLx{x}LdngnNAJUyF-OJ~$0_yKvWWse!pFMA|+d$t}?-0MRVdhIA1dA0$-f#@hnHFOSB^4F*nKn0m4bb-F4qH2U94@3kr-z zC_L{epCm0m`XJDpuT~3`Wn{4i^(^+QR&|9I!C@Z{iNPcmVyF{8Ox(|O0Nf{G2BDr~ zGKm7!#+zz@=Big-?y~5Fd90wYFis}*XpFkr%RWt%s0lnqLslf`*f7q*wF}OPkDN@j zPaK3JI)&MF2R-H7++GaogqQuFP^d4>cZKB%@qfc@w*IInZ^3N1cE(mj+TPuiw7=4d z^rxCNMR~m~?cAZvD_bV)F{A+TjL?UzURWl70Z~({6@j|9v|86Z(e=RC7J!5oCLt>A~M0hl{ug2`8-R<#^;x# zfaM7CzJ|&daBrpW(ijIhYUt-RG}t8iXgB(!>H079nCkvFGT~-6z{pXD-UVKtSY!zj zintLa?iBpobrJ|~11R*30zEG$S9qk#4_?=bP!c+~R!CPvco?ABNb5;W%V=4vJO(~^ zzm66&RZ^i}Zx^6hUJsUU{sY58*993|OD9|dU)%0K2{K-z8%JUm(s1#+*E*;MQn;;F zBn}nsRdohF)v%AA+}bZo`2l#nMvk}*;B0dlJXxnMur9@YJn9r}^V$c}s(gs*9mL=_ z(s%;(4=gPX8HE6eQrw9Gg;x{`1FoJvtExZLeSWazET3*Ypw~PEX!o5^8DYhhh4>f` zuT3XlnT2OsBxt8DpQb<-$T@nWiirwbnx&&Q`~Y$0yEPBX{l{PY8ciLR-Q*jnpR(5z_gM#|P@{sGiypK!xu9IZyvd2BHy z!{7!S*6feADy2g0AKOfEU_AUzogq~zW{BsG75!yETiFGVflH1s<)I76jBdudF>;FB z%)>~>i7wg_q&t1~tEb91vXsV_tH)*SGU{yJJ!?C0= zv9(yoYIC$*mM@R(5H)>*J<8A8rN5G2UJIw`DJlv`GnNlBv_FrTwfUw~xa9`%29EzK2UmoE#6#>pg>s8kh?wI30C{T2sGolFJBi!iKST z_zStOWM~3tH5$99e#FWw#ZMJ&oR1jpAaj&pT4tG&2`1$~l{g9W3=d*z*y?S6Vyxxg zPI6^GuP^YGsVUYp9v#-N&jxzwBm8 zf}IpT-)9jQF&g8+AR4E>V*gMe`Jo-)LoR*ziv)GUY^3jk#1ug zsr2qPUDItbuSiBuk;Cf4F1Pw#qd~69NN<2_B%R;TKnl_khYe|WpRojOZC*|2VE?$Q-ec+ml-v?DXOugycNoN zX=^1Y!pHLcUY7Lk_BCnuGkzcs_&49Zz+P^8GZ-Ph{J48VeEamkr$e6PoW?0A=>xzs z$8ES-JV~%WNw`C8V^R^&QdnMq&u})=sgH$ukK}-^|8|w9j3av&n%)i^1c5o~d!p7N z)|X_SJ=Up~gZ?Dna>UW=U_Mh-Q5!#LKC0{{55&CSImklgr674km437EKOo$`Y~oF9 zS-}7nkv|p0bpvh}6DiOK*fN`afjO+htYW=oM~v5&!)nbi^)T$M!RLag3~kwu-{bNr zsZgXawHJe*`nn+@;apTB44KsN&C(_Y;o7TNwR{bb7ajOsaP#;?lPRFzNbNGeH%Cm2 zk2ozZ?M)Lc<<#35I}h>JK{n`g5H|?&!yxQ z(j0DB?E`}IUBiv|jDKGBV+%!U3I!GEEpinxe%vf#J@T^+5(nyklr;r_Bea8#5Q#sr zbJuX)_X#m32JH-pIQ8vc+y(IK)YGDqD-F_`%WLaf+3jm&q;FzWoe}?S0Ezl*J_3G| z(KG!Z%~yT98FSL+d2(|efeSH1CU^OI{y5ObSQ2_Z)3gBn^+({~zx$&9ult(a0JC3Q zjt@i%z23;t@&@@+J*0z>);f`90iri2Sy%?K^CQsSFF*?HbOy9 zmjfFu5S8cSzEwuJe5abUH(j~y{z2_};IgyxmilCR!G1`VxbtM{L_&Vnvk!>>Jr$u0 zNfyZn52!W7Dl_MbDv^`P84Avv)cqRGGc9Ke`UcvEClN zr+SU%%^O2?vlQX`ysU??bvKZ}bG5~OFFm{2X@-w==Jux(8)(g8|K}Q1n4N)}?c5A% zmui(K8uaU* z8rt4d=#_!=XvDtW(AQ@|J5T#%JK0BqccG14XKUP|?>i&HV}2q~XamZoinp-n5BVix0<|#C1J55RJKrfk5?2zM~+k{M2q) zH9(kku=ozs0yIdyp&5D`TTeg7c583)n4Bf&MvXC`sze}ps<=(4S zl1{TO^n-RS!D3r`b8Z;Zx2Id6-^@j7fQYc=rbmPfnqbo8r6)|Q(^zpG?+M+_eFJ4B z(*7h{TV228!UM6T8R{A|5*f6PFwn?_;@defiUK6fGoS^(Vy*8Lk}>w$XR|k+F;V~@ z0H;UXbzo0hs`7SSvi|8EHDc=BW%4#O9i}NPIGlf@G!A*yn(AuG(Mp1sfP91VYv2Th zLngGF8)24A;>#TqF@H$2{=+1Ev2S!a@bIbJ9`}XWr}3e?etN;6!P%`n`EIYJuwxQO zknOiKY+2dR(dlK-7qCR$H^CTj+zWW5zjZ!mKSVUue*bF@~h3OJT|KjcTOb}FkDDuGGdKY&rA7xLqDm_3Xt)o_(Y?au=bMd zY3xZVN5BNQviC_nlQQO~qt$4NfsNt{)56rgVf_e7*Htuz~x@PB0&9TOn zY8Ug#p(ZfAPHx>3asr8EcJLBxZI-S43RALu`)7Fc3zEaYWT#9$hi|N2X;y_x$8lL9 zH=BL4N9+jtW!ISP)5@n$3|UPAal;j9$0_218ab^F8TJPpE`ba$CB#HIva?+#a5+U_>M4@aBy;{k~LSh0x~u@*(fzb*f&i zU<)SWJ7dZL{N`_R^b~tuzYRFz>djx4@G=4qX(&kcS`Evjxm1dL%=R`l>Ib$1Q25+$ z!Ya`rM+;!apZei*Z2L1Jfs+OJw#qA^^?6@(dw8)htm8+k1X+_^=suD47&aZN4_PJ?EWREjmBC(HG3kh$`1mxY*Iv{j~S3?*rwes*X(5!21tfO}mm9VY|@=my+%&vf^d z5`ZSy`&w-h^*toPr&Yg+7!5c5HObY6^tIJP{g=eey0uE}lpwn0`Z z+t{vwGL8vQv7i-+C+`wEainp zb#^8Qu9NhhKiG<;>)QL(hDqnB=_=$$ShcC~Mc6)|)!J(Zuzh!LKD^eav3#+L9<=PV z|J;$RWF&#Bd)P!jLpc&PJeBq%T*!9V_J{I8@nfi#cTg^e!O21&%UZXDnP{2;6D|ox zlsm&$tbrq?DVSe*W>${;@QAuT#%`%HBCAgvH+3Z7Wa?=!sdN-m9bGsMQtfTRJzn_+ z5CS1~+MTJX=ec86>NrZRt|3*+m@&}f=EDj(U_7Yu<%;O%*Rk;kmb{GL-n9h$RCt-8mR!P?7h99+9U8Muk{)$%@}Y(jr7M@ZS<=NryVs&!i^!?L zW05A!W3*%N0()Anr*q{UI;0WqwBkX32|082uKJC07GA@mA{ZYW83vYhT>b(K?N`kB z(7W$&=PTaPWHqGetTcZ()j!?*LyjULm=uUHMEbLJJE7#iWdf<2+2IX}!4dXb^NF>| zdFe(1wh{AnO0jQz0B$bE!wE6uQ^h@{Oc4#&#z2Z#^W9Uez#C--W5)oC79@julXH`& zn}dnt&7k?fgB<-i@duRusPv?fTzQ_7Bb5~i_cos!lvz>iEWxq;fQfuRGT73`@T<$j*-DQ>C zu5P`}WDi|$w0Gu%g~y#q_x*nPAa)3mOt-D8hzJ@6Z7N8C{k_G*0NoXW)x!s42P+;&rME3EYm{h39bqh z%3sKmYiAmdo>^t=^fUBJ?sic&vxPJz#D}=J%>*NDNVE;U3DHWG6IzQ{X~ZG9wvlYz zR@={?mM2mZd?j9tz^k8Up$(ySdTll?KEz7RLJ_9JeW}>dp8F6103)Z34nfoX*CToq zkc71?@hn0AbQ*EvZR9@XkwlX zR&{~1q|z*D4Gr@~3o`4a^13w^HzbRuR)fxE16(uaQ-dx> za$w8tcV|(v{R1!eX}0UuQ(XtV_otH_u|u`@XR9?QIGGIHgK49Ma_osHBHkf_#Z%n` zuLMPZYja-{8AuovI-+_J1|`*k#GP~Ap3PTKn|_-$eSS4fk2y3RpTk*r>}wLZkzIE7 zv){e%{Iu#l#)J5Yf#9_F8}ok)ON7Kve#U)RVuQYa!rrYz=Nye@Z0DuzUFIW$TNOT+ zN5-uQHy1qUZF!{JUsI@QK3 zG(ZEBYd5B!>h~zXvQ7ZjY~#^xE1^XAwu&sIH}+~|j{!&F4}Oymthrjctp$j?yYMk< za+5U<+jrqSl@J44mmmA-63vzvV=70F@M~Qd&%VkV7f3o}g9Eks><_Qfdo6Ea3Ko#` z1fEs8O%L`T_OQF2QB;w(ookaC#7dcZ=&IN+cCWD+>a{t^bB&SAjCWA#f==Iqk*@BW~UI^YkeS9^>shpS`Z}GF>;WIR;7r#0SN=7 z{~s}y+|6VKe-vvs!Ddcrc{6K$sPQS=PrV$X49`0}A~`FI7$yS}eS{tRN>{zwp@UrR9-eC0&ahrG@> zeaZvz+ui`bKY9#~1Rh5GTKmoWO+GKI{j-^xgwiK5WWo%Kr82 zHt(E=corIR@5Y8%OexZ9H2X#9>{Ot@B)Llz506|I2}22Zt4Se_13wf+%(9i!tzzPf zq-uj_c(DwO8Ap*$2f+R_CsIfa(RoceCf}w0ylb9(etx$EMIJdC#T|qlKac!U zF{V>s+s!l58r+|Xz&GzY(vg#%{#dMU1T9PYaUq_oS=LS3eKB<2d3%*VxM|B$G}{w6 zArv~7zJMIz_IMprGEMb(sbonl#;8l!F0H#v*x9Zp6Gtiq) zR|!Gyh4NdE#08ay@3^lIDhAUnCV{w{YJ~6~_!0}>z*ydZyQ1;K6q0O}N*1^`A%&#M zQ1m9=E;9L89cceLW-wanjoVu%G^M`GY@cL1dFU;Od0Y>>C>!JrkSf$D;CUE5V#NUM z#w75hYTR@ef&q18A?CG&uTJsSP58uOr~l|F6?r88G$S!TS&RD{E#IXn8Q%z@F7l*t#iKD$cQ7@o$a2MqW`Th!>K}v23SSIGc~1kygC56=1a-ca z8%1qHH$K&f(IEypQU990hC!d;xzbru9oWCB?j&)eS&dd0>^Uz%fdL)lF|0T;x94F@ znc>uE%IJB4;r3K`vJ})31*(3KyyGacknzSs)rBI@vX)oWKN)61AU7uyE*p}&7^DlRiyrjq&TeknQ1rTco zjCqO0@^j7ApJW5^jHlFaHS=JxSM_yA)sx=i27)>%X+`-Te#7yT4w89 zMIQjs9>*&lW?tukQCz}?5Vwy7SX3%b{}?>O&p^)MdK1rok7-8iDb-{RlG*WjQr00^ zIO92Fv!3Mn=9;SHAS@05`l8RqXkY~zjV)uNN~l;o<5=-`vJhANm%k~ZnUQMjXLjVN z7uzEO@%i(5+^B4JBroW&K5zntxD0|(Q*}pE92ZCoEd4uQ?tKihnz|IfY6dq$7vX!& zcJ7`*p=5mfI(kkx#_zg9+;JDPs+Dhg*X^U}NDdgO&*(Y<-|Lm`jkPgUJ0Nc_xx0(e zRF|T=eV8=5U%IvvN8we4<%SV%^<2G88}5}kg~sEK_Lxj>*nb&}iCl-Oag4PS7mL)V z4Lp)8sDH!Y_`n#fI3&K#UBa(~!?+zfd`c$38^{yhs1ZV;*t25Sg>B5qBj1CiBrvq1 zvpd6sv@W&u7OY-Tr-Vu*_~jbAD3#S(DQ%yPJUQ73QL;QopqVY&(k*5qH>rdCX%`_c z4r&5=k_GA|&87`~m}l;<7wUDdO6fO@4J8B?0d(X&Ld+vy_L+3N zOF5@2!2X(^?DSf)Pmx|O@jtp^nDH8v9g}4aTSN9NmA=lCY|ncrCxYBu$1X>e|7uQ; z*>hr%#&_)5wlB+!xHe?!%4YY$j-1&!Q&JKf83LQyW^nbW{C>;ZsBqICjpbhFShW{B z&BPr2VTn7yssNh?DAyM&{UBTH9EJrM`1vuQ{FLPNoZI!MS)OyyKv;+yRt}E_Ll(hg z`}e8zWa>?&F@-VjO7z#S0h zegIjsO&R}k|8gdqP;-)!F|JBhq*D=1H1We!$=4LuOj1qqhu3N5S60oOGeWj&#aY}w zT}Wf&9{jDB^FqWj99(fS zJuzljIOHK{9b8s~z)?3>4m5a7A1?t^BSs?2b&lcqpXv86S^}-Q@Bc(6gm^GKHwVPF z8rM-(XpkPbEO=i_>TYv(s$bmsd67zfMI4QO@&VX6OzqEBMQOp{=%(V;aEIYC6X#AV zKk7!42YtEj=-NqmzV~b^(d9yWV^VqSQ1h6<*rgMtHP6hC?X>5Ep1H=y@gS;DdKJ1& zqoQn%g{zGF2AAo>4vWqb*cT8i@UU^t?fKe4IgH)y^&HR#;K-7LtMq^Pnks{zP3^QT z?cgZ4(`NRoSNa?&smIJp8Dug_Di{KHA0-%ry|9X0oJtZ4t4KKPYlMW*+e5kU8Hhic ztDsvYg#;BA`3YE`%_$?Q05cI5o|Q_I4ljT);%Y*C7KB=PP0-kmV|}>?(Vn`-VPhEc zW~z7gH_xebHax)D*>ir7{QLgaBf)gBZKdZn@;7>!cs97GYqexqOoUkPKl*Eq`rMA@ zQ>_%>Za;5hdyoM|n^j*MBNgH&MWK%zkbfq(O_~l}$!op`>qdLV*kx~s6-+yA@k3ir zRC|JXd6>a3Uv|Zkenr#32}%Tx$lfcBMoXO>8!{m>XNY<1dzTUjQV-TLXMIN5!}NPj z9$lr0x(RaENT$Y4db=Nm#Jt?tT>oBSFR~N7_p#R*!#s1$Y1@-kYXW?YU=y&%hVrS&Y#%dC|PY*vCzsIG50_PF6`L{2Rp6JTfAJPfg_Wzsv3@& zw~-}iA8~(%t|Wy;wzR>~mT==1c(1=zj!tZqqWp0d*7Of6q~pskng3RZ&V+$DLwSYj zdtHvIfE_n^!sW;-fn*E%USQj(g#r!R;ywnGo>opI{1Gwsk!qDg`GQ8x*2zF2pLisN zs(`659Bt-Ah(S%$aiII`nx)i_fn++;KbB#bEml0DCrk6{sh^pp8yTQ}bJ=7)Cs8aE zj?W_bhPBD+0}w_G@VtK^+;Lar>v1IAdhl*IYdstCE%BVJ>p|{W3;7PhO5RpFg6g1) zWWlT;=NjYpf9U%OHp+7}?L`mc=u?q(h5z3_8}S`Mj0fLKZ#{^rIQh#Xk z+s)LJH#e}_A<$t@4<-T2Y8%MJ60DP2wPEP;VJ1-|VFyA6hW%uRzeM3=_yMM5_(Jma z|L`z_XY(4G{$IYIGX4lByBryLfm3E)_b<^0@JV$lU5S%?2Ls~GLope>`S3pHQ?>Ro zp#8mIX?1s?c*MzINb`%7i6GtT3X3Eb_q5Z85&tpKQYDqaXrD#Sk%Np_JY* zU6^5(f#nL{gNkdJHh$r^A@?qu3^_(|p&g!*RtulM&jng0Geq;|l`foXWWTk&eCO(_ z4$7n}9V?Aa$UmbRUl|n*`T+d$@9=(4Numf}09Be(k%2tc|9NXS{ z%1x3l#040Vl0tUScmh24AV z=Gzjar~Mf$joEbU%e@PY*>_|47SDP8VH%6VT9m_O!QYX9IWS{3jq5KQdYRq<0`)ij z7P{=W{b&5X3JpGD)#wlX^qFyuj8IB+H77ISkA$~pk@i~68x}I<)*{&h0-v;uNun@v z(ocV)4>B_t&8?_WkK?|h6w!fS?m%M{u1+lDdpEB^KO)OKwNZd0-Q5IHiJBK6?700n z(a360SVc^4bpGQ+P<-Aj|MqEM_TSQ~ZX~w?*Dq-;{;IqiNJITPEYNLKu(_n}h)5Df zX-=NrQTDeeH1+of4+QZDqpKS~*S1q1M&6=a-pCr}MW;oZ7!`%dbdp}h>Cptv&&CJ>HG3lGd-eyTI5}Our%p1-WxNx^Z6(I`AlWN zH!9b0MHN)ZCSv1bX4SYjwY?wl0j-0468Wc8$mPGF@L0Y3M&_0re3dEQ3ilN7vO|@ujN+UWUB)0C?6Oq}NLG9zi%sy?c{jX9n9<0XA{v&@vW{U}xnO35h(>SDs zrXK&JT?X;5hz5@{7XuXqV4S6aevAa)TauV%%T-R(!a@K^G`Yb^N<>!Bp~$gen($t{3Tq~wB~X0Fphuu zK%8~+jV}A0X%nq&lWcU3>Q?lwV%%@M>oY`1I!CjKUD!bO`&Zp;WFp-rRj2n$X57jZ z(eLX-;V}BfAIs2alb^4oKmB574WG7rT9(<7H}-oQIltP5@Gq`eJV1kxmr;UR`Tcr> zY(sNXMhsOZOM1q?OWud-zF1vw50b!wmNb;M>nr+<7`(q18g?+WFx*D@@|XRO+sQvF zhQfwJ*W?E!>d!f5vKbT@H0f{kuotIWhpZr-27{yKWsg5IGvuREufuij-v{4COudCG zg#D^IxLoA*{psjHJSDu<)^^lK< zniI*A1SCduJ4<5QtjxwpXH@@=fR=J=&`6}{PiCEgF}2xaPE#r*A`N7z`Cqkgn3DP$ zkQ_o)MEUdT?^SaLQIkKPXNAhcE>%DL)@EyVe0N;CJ9m!%6-myLMn?jdpD&4)vlVxp zHZ5XvxD6t5j101jwf>_viq}T%39X&^Av@nNvP_4Ixpg?bj6LZxsWQs=Uh!v-f&mff zP+$5(&8}s;cw&-^YS4(y18CMr*}_vZtz5U)Qtmff))8Ugt$kb3Nvm?CJuRIS{tGuu zNM)t4o$11mH)k7u(@A{Zwr3MTh)?-o#}8N0Co~LVrC%(7Zi2tuC3Up0*pU-@8&Y>J zBexb3idvSJ^b?!*2k*NCQ-Hmfks=)pG65t(CZW!*C<{w!f$UzOWCL-&?W@0>*;2(n zk_5ktEOsO|$f;+%=ZiAMNkB)EOmc7d2}J$c=+8l($5;SP!*a|HauuVc5c9kP$*-wo z9=@%uk-4X;JITeBGdjG$3D)lwgcqDUP;bJ)&vZm+FBxu?jI3mafu#Sr zI#*W@YFV^o49JM;PO4Vmw|st?zEf&nXp?(YdN_cb=p8}Ybp0QvF^HK#RQy(WSuvqJ zw#RUaz*JUjA~@lLGeVM+csB>?Sh;P_nOiQSh&-?8y$8HHtpww=Z@zs%>Q?^2k9C(? zQLT&mc9EsZPGAB7-E5m_8*z?|M*RY{;5;aBBwBE^?YcdTc+`+c-T!y=L(=cj?B|XV zmvPpG2IcTt?R+NcMCB@GCfsVC%!)5Dz$nJ@dZ}L-E|}j|#eK_1&l`!t6mt1N0-w4J zgv-vC;?Gi=xtOt~ZAcP6g5Y8NCwCkEs7`T)(CG7&>gjp`qgQ)b$wXkGHItVpuT-5O z3>sIAzJMkB1dY{6nWMEK=XE^k!cn6lkyI+Sfn?WVLDdEhdNkZz9?Wg|n%cuSJbc{} z6-r(l6?_+ev7Jloo7b4?Z^gM#BPXv#pt?L+_eqZAU6Ds^0y27Mpr_-&?2QkW!*5cT zN#su^mHN%;1Ae|wY6Dtd;#o`Rrw*j&I~JAu)nHfcECP|k-Sp- z!LUe3K^SxOvtQ(2TjW0rO7DS@47odVr3%%{2l)|)mq>MK95D4`Ol{F&e6)zY33jR;hG9BdT z@CUH!=r9^_-b2AIKXE%siv7~Z0mmcVFbN^sphOGGgv!3!(t2mUZFLm2*Y#)TyUT3M z?1etiv_W{aYo-nA7KOVuxz+EF{sL~LEGt`Ici|XFv^TXdRIK){NLGaX%I*^nGvZqy zkeAnGwERuIXb(t`7mn4%AUMNX15sk9XZ zA@9)oHI2@4`te5zvg29|t0D6z?5ir_l+>iwcHG4jg_9|y_{;(}j(&Z%E?1L@br40P zq;iUqt`WTwZZSb4ChIHqF8qwk%*F`jn(PmZq!GUQpU}n`SbDxX3hS~Y`~1~IGy84) z_B9&YWu*Fp$C4}NHONrN>ON)6kCm@1E4aX`N7Txfcm3xhL(b`h2`1_U6^TsC_8xR& zQ+-)C@|)vX79sNLl6yXQmzGK<=z4s|097fZD!Jz3YGnRH5xw{rtJWUBpn7OLdT3L} zNO@?p@!Zu*nWPU5U?~M4mrr}mA@r*lFGBU22GybVgPx8I$m&vopvrpI>htHT zR|Nm8TggI9%nzR&Ux0b~3-CA@-euD~nvNC+DEu>=+IW{g5={{;iX*^>hw)vBU4M{n zI4I5beB`1W1(iUF=eT7&4_mf`j{q+?UJ~D3zq&8lEaz{01I{>x-u~=_58&!@D&M0* zSuyduHWFFy)lp_G8~kda)QV_{QI*rcR$Scr&i_JLMupmuJ|cTV*6K}k#oG#<*439I z=F&e8FzMy8JJJLHJ|TP3q_UZj_|5RrCS7%-RweDeDqTk6wL-slKx_J+m~(zQ-p2A6 z?Ytr$5cODMb!zfk!y8132}R=&t>ms?f%lN#;?9ErI>`U25xDsLC%$3~+$~kgPWI{L zqyc&=yXwDhebEFJ?!L69x0$7NSIKnzwEq35Rp!N7d*K%cKkB>0HF(0`iML92OH|)- zGcj=NL1k}@q~Ic>b^fJow5AP5R6A27i~;Ni?OGeJ4zbVdUqlePR2*;L26}%430*kvD&gxd6->V zhh!zE%u>ON@Zg(zp_i`(4=b$$8iB8mplIHlt~Qu=x)RwKB`jf^LXOrK0Q;;B`_9uw zJ0{n(z8S)lAV?k%w{wl#*$n&ePtd<|sRDsFv(ldkgxd2$rSB7Hdwl=|ABrb1ssoxw zkr?{PN}qzJM&`$0K70Ihw2GJEGod&A%#UZRe>upr&C92>DiPyvbr+V znCJ$ywfu7BGGXqbre~c>t|gbIbTl(_KYDQdJ868UXOgV3%E$B9kkZxl#DM&K`=zwe z7emUKid=ijLK?-IZmSCzJm@lCkUQIV17c8H&o+_pA0pkr_6HqVI=uB`Jd6?RB%7Ae zNF$(M!G>&&y}_Db^P%RE7v*moKe>?JPg!hwL72F7@Yir-E$OUi36hl+d+a&W`pdc( z8O(HJ^nL$Kb$;CP=hvqT+x&k$=faC{I8E~9{z2qIVd{Ch5*>PlQV$GU{vKRWR+S=l zP&Mk}?1yrv@)Y9w5icujI`D@BvC$SVtPc`rZE}`9^7>nLOoTm-@Hp<@Lu87+My-%N zr>_MNx1{9z5#Fj;*(fl7OlSufGvzLp5XcTK*C6?>xC8yt!Zb5MK$tUIC2P_82bs*K zJ(D-F(Veh2c|>rVnkz+U%nwG=n%g1FwZ^+KZ!|~;XOYH}mvGWS4jWAGzF6bR_+tep zh_=f_=e5};kLqm9Tz!a(F92|#;e?up^pL^tQK2QBr7s1@&pp9>kG%^G-|xhUKS&lw z)(IcR91>an-y3}FGmJs>_tU@1G^^3Q9jivJ|Qxd^LR{zIeC1*Fa~6ce6sfa`tW5^@HE&Spzm$yU{Mo zCp*ZAb16Xto7zJY&TpR>bl>4E<^5_%2gW3^@2`HL{ZFZA9rPY~-ZzkG%n6XSLKvx6 zPap|9r0g;dxGQ5X)q>yC;`(85*UQxw$pGmu@w>PggfoJIaEdGr%QR)B<~Q|Cj-fU3 z?anfq|MbmFCGyi(t91)wID_owP0nzwP^&;+b;u>r|FKCN+>VzU{4ZxnectXzJ$Kj7fI_W zF?dJ;Lb<7Q9S2lsXa}DE<-!aWur+jLda4Lzj~2;+F)CNk9qSvlY%-pexXf=`TELkm zhk*ezX=|^Wh#K3Mw%7W>NEBg4i8}6oiv87=A0U_^P*q2i`6887qB_&GvF3e}!7!iZ z_vCM9Ls)``yS{6}CSct2B44(dM`KidO~~F$r^d||oND2Br#cU=KMqpNUy008j%F?P zA&V<=yn!lL6Kzx(8JDV`JA5lGlDHXQyy`r)iI+-CTdR70HBA1xMv&}G!$FFxrdjtP zXVEV@>iwuex6PgUO$X{G&Dn5)Um z>#_fwJBtgsF1{ns%p*z$v*MysccJ=4QHkPb!~QhA7M^ekUrZ5e`lDf-bX<#DYXXDf zx-qT~fMUP1|7ud2aV=b-;3(^kP)&A1rXZJm2gNQ<6hlkjI`UGHjUV0v$PB+B)pxt! zy~qcnIEm7cTpjWppyz#>XY^#+=dHX92Rs?z5~N2xq5DmQM>on3Q>&E!{Jz1#g%6!& z%!SG(vHtk^pPgqDvM5$X2}LT#C0tKrSxMrLqVSd~Ln@}`Dc6Qvoh$*SNwTE8i~$Fg zV5aBv7Pz$Ku?q$mD`H&2Z~F%+w^!}v+dw+xbAU3aj{;x8$UZiH7Xd^srlYt(nmf<04{Uk7}HuL?UB&s`%U&OsAo z9=ECt#J5?-?AjS72D_>Z?pY;oeQFFYs&r+A-atpA6L2dLEugPKiM;{>X=9bm1-*BR zeuYz4;!4k>zaCW3O^oDkD~(FHnN+w_Doi}rj~%%MV!Mpay~upUQnJ^Z?ae|?mTiD4 zk59vS+rql(N5t{!W;B&T?wJdMgu&@{=ldEp`3PtLXS|%Eg^cuHSeWUtvmoiwOAab> zS?To4&5`Xe+>4&KxWI&n;lVS`a0X!FHm!q|RJEP<-eG<-!! z@j$xIVN!8sroC~sf?2inzUbvq>i1VvhoEimK?3%fjfw|Jp*r>Dtf zvJ*i2xHjUEgDn<%#H%F!WK&s>-V^oas96M&(e9#Y;C}Pj<4&Z$?}VA}NcdoJg$m$o zox~1pv>_*(5i`y?p}rR)1%O@jE)=Kv5pr_GFTXsuhEye0l6cOnun}@J+lTxu9?X%< zDz+_2=+L+tX4!H6mSj&*n0_-FCiYL80gU?1=cdkJ*-@ZLSIs(AP(t+}1epY0(6thp zesffLkx(t6e6WdvV@Xg*{_CX%F3JdBt=-pMl|Xoih(B?PdUK0zXq2ZV`YwN`C9o;PN}yXeYtS8?l7bY?eqU*TLW zc2{R0nl$R*vBe>E!G)~(Q2mwRd6PTus){()gotIW(v9&Kq(A4a=V%gNLPP$_0;c)B zG*qfvQ%5Z>cXD(u9jB{3$JseDMuxH)cO46BmuWieiHZ7|2b8T8f}d1AMBZL!~zemXGygsr%4 zWx77LB>ob%0rI4J?p_2U2_${*)stBj`4fTBs`_~+2aEb0NXSFc$doQi;A5dDvBn5l zY(xn+ERcV8JzcOMo$n( z{jtTc&3i5@bnu>_y1{Sk4Jf)d8}dbdZC-thA|x@Q7E z;q~W(L8`B(H-#2nlIstPGB6Z1xCP5?y_&>B9;}Ebyf7Ws_3$sLyeLO6`=t7~!e$vU z{_N~j{d5#kj^9b1es9TtS7&mr^iL%)VDArn_$=vou}8PPB*3BBuw&7~0 zmZ8awR+{NoYHzx~Gx|awCsf7H^)kquDWtL3WLAiEZ#qI=I~^2r@sMIWt8Pxwh?s}e z?Y9o&M0Plj{jg(MD1c-Dn2^Hxf_K%Pv#PsoHFj{N<7LFP*A*}sMUVrD9qn0EP6>bX zDfFK_*s+)o5;`2Eu_s%x9fZwfjiJZc9qr`=rDRS9$1GPH{r+(IyeZG0A<&Ak1d|}K z#e6QW%o(-7xhCs{F-L-`Qk3TH9xqgHhfa+TzUsg}vZrNNtt-Wczn?s*{!j*gR6V^( z%2AUDdfH5CUUL=Q6BEky-*$3MXDwb2xES2K9tuIq$w@@a>-n+1tX|wA5)|mSeG}rg z)AY&c@$g7>iS}tr?%(E$xBs>LV_Xp3E1GqQMRBj4XAY+iYj$n63%19**(m>pdY4Qi zmTfdfZpW$cbM7pQwssUBV}-I$=wRNptLwQY5LX0-6Qc8!cCw^#89zwBG0dtUW{oqA zr$W~=99pX#IK$3UoqQ^oBki;@B&OrA({zLL)1tFqCLL z9eG5~U53fMBf%!C+z8Vf=iwhoEL7E&ywwhohf4=-3i(iG_)T%vzZEqI z`w6wQ?P^|IfrF2F*I{lU)v{y1AgpRHJ1BOn13${mWK0Hjkzh`@g`-A;5+*;)pe(BW2?cXMK_w2(c!`YU%KRMTH{{Q zyB4pR`mmD?7D9Qz65iuUUD9vlSYgDD>Yzp;OUC|<>6*_`l9PO10Ak)W`83ZLo+Rmu z_@F{;z95`P4{k*iEzip`%Cdk^;#mFIdEH!IW!cN z@L_Zr3w$^~$N!`6F4HaV~Zvo(5g9g zhy120qi!!VCea`8ko&g_<^nI?=|7jQw@Dlt({#Yx-_18JubyO0Zr{tS4g;sL%rCq? z!vQXmAN))n!a_Ah;;!-Rn3JYSWr%V#mnqc?mb>QWQq>+0&$l%c;OT|r0zmSooz<_m zYC87g60%Bbz6^9@&Fx(tJq=!Y0o4wNCm&cPnMTJE>&QD1^r+8v3X}Z3B6)p7#A3Vt z{M@U@y*`du5(KM|ax-dF&$JPf2( zE0mX=hAgJ!himWesSF5UL1YipDh1@QVDsKYp^H?E#(Cb1qX&_;{1YW{(++E+sVFsK zqz&0k^YH8vRaJ~hx)s8S&7iBReskm*pE{FoT!8Ut$VJ>A3E&&HybtuAV%@b8YY0wo zi0=|A;3Ot)nUsCgI`S5LPFolAOf)HV)}HSJ*hIr`R&y3!t7-VVIVrUUc z;2gzJPf)+8sAd5>$`rEtT#2`JxSRwd zyc0pW^DscQ#vILSUgFsbZx&-S!<@7mTY9+T(W!5Dj%?oODt0)}7$;Z*y@u_IOK+_# z0>3ZsQT{(sX*zyq?a%p0L#aUur7GQ4BT7Y-w-!FFC)`{W00%N3Yzu;PT9D1Zma-Q2 zS>;tAlM2alycn-QpJumnx}t+3S(y=3mT>O#hAkWUWEw$m6txB^bz$Z%3!>H>&%ft6 zux96JD`hoq1mB`R4%CB0AZl1GSx(I*yofW}{hJ+tU4JVV3FEz@+YgDS&}79It|hX`u_wFZ&)y`Z!=($(!$zLCF#_~QsLH~wreB3 z@`>*H!)n>>(C-&h;i`IC8Eo5J!fz;`-o3Fii}1;ggERc5=XaxOh}~(Ss+FJ}>+#MD zt&0PyG+5WgrCOJc5IG;%Cw)KmEng%E9X`I^2FhKP6qV;19S=mPEgc7Dh^8U#t9NWZ z@dXlJHe~CR*hCH9Evc^1`klgcpUSl%mK;?a8sE~VItw^+O2$s*5 zVMV&RiIO$;i;IT5uk*BmSfz-QAObE!01-FaMZn*}+eMcheg1Z>p zcdv@-#K;Ftem4UlK-RVTus1;Uv-gN345z04{G3el~S zMmz;cl=+ztW}Y+$-fXP01pW@Zb82tIm!z{wBiv#`3cK&h$7glB{%cVIEi`fmma3=A zuzT&d0?y$uHW4}DpCd8u5x|ajc!^1q+@!CUa{SjFE|h36?EzboN#j zs|0cgeHK|Q>RT)EqPdaf)*=(I6*li`$Z!{rZ^yaD$R8TXdaawasDm*Fi7vyo=@0MM zx=Eer8{(!2WK6Rim#t?>wmUL3;;QD?u-D|gy92JxjyuQ^`0d>sc&mD7yWp&AWH&)U zsb&PUMCf_+B3$9`ZP4RB;sMt8)V&nZC>g*v*Fnz0>V1(1!XDgtSbz9*Mg|_YWx(8@y{1oPKntDON(|FwU`>Rh^f40G( z3CDci(ypI}-PiKx?=P)&b*txRev_D(vqXc?Ltt%O2jW?(7n$RayIg*S^ImO6Kz1EE znyVc;a1$_JPL~2yDMp( z|30KEuPQXQ36%tH>HIGe+radIk#s~|em?T;`S1JxpFUrJ?#+698Lp4sM74Tj7P?0~ zg@Pi+qV3np86&&-KU}$a56@;QPFDsk$BC&DM1n$>9JiX1DpU27?y5YZU@sRI#htSDse0fTIBQ zA*;H3qu9AZ!^?Ve)ffVek-ObWtyK=3)a8XRKy@theTVA?i)dVnl-v`P=yezrwMMh&h@a8AFQE#H7H z$p^!Uu>AmIE|U*O&m$QrTUO?XBWF>ChsW3p0jG!(y{Z(d3p|;Fi|TKtFd@Nc4(ks7 z~HAqt!agrt(Z*CLDC;b)jo3Xw^f@lI5J1yhmM0iSI6g6ln?0d*HH*^2#ID zW2n2bcG>phP^(DSe0;U23kf~HuS=>iDftiX*+XZRe(5ZyrZAfHA1YVumVwq{E!4~oPJ`ZCIc2@It}L>@YPs*tFnucD=lDu=YC@| zwqrtUPsG}@YOD7ePk;Sh^bQRZ)Li$tvq5ODnq<3-T=ca96Rk{}9EzO$COh-?iqgMS*~j8u%?#ILFkLaj zy3V5}`BA<6r~Qq$%${fEQbApv-0U5fT-A!yfr%nXrt5fm=L1{HnTe78x^W=c@W+xS zcU9CsQEy0~$wOJKE6YgeqWroP83`G7`=8u9CxtxdG#@qBuG*h8WqQrKjdjgs_A}QZ z>ZX?*>^o8ipBmW5I|(3#)8$#$lWGFzx?4SQ0yJrt|`Hj4|sS^{Uo*2A{%G zRx^g@f4{!fqfAjAD{_LaK#12pd7Oogkh$3*{4+w_qN8vnA1C+o^Y#|lU6ipT?5TVP zms@-jt>ymByOvfHp!hbeHazUs%j=D@?xEzZ1Z%5a+Podc5X%vla`oN@a8l&gblT9h zLSVSCWSW5|H+=Uh25>XC!5cIloeLr z9J5-q)>+@}2UTHic2WCvVykBn(!#yYNd`2j^q$?&T{{sprn8)Sw?msO4fCSn$gn@v z6&qah6;r)v_$C)K*{05iZUyX5ozoSf9i%~o^fyiyW_B%?KF@IVr;KV)_WxeUSw1DG zSoh%TYSiK~VWsplEu21Ud|jLOBdx18WyqDdZJ&>6*Mjb9IqP&V=dsKyMwM6TNNjB! zs`t&=u)wXQ8RoC=F~n<=a3k}2K4Dh=wm&S%C4;Zr(&a(8QvDuG#}>EP@h%$F>6n(L zAj#rcS64?(1ASLfOLcwHW6;GQa0L6;=uqG$f1I!HTd)79!v5N?vDQQvS7Rh==fVep zX1m5EVymvEUwuDB0^{%CEA@W98oJQ*Cw8kh?x+F!5zly9KgJz}@!i)MiHX`p-EY1+bA*q;A6dSj*7T>boX}o&-%yeO${401FV?nrNCnOO?WZk)UJ^4Vc$ zw8EWl{RE}DDkb&Tb+_UC2^MLT2DasfS8!^R%0U9Y*3kU|fn_nP)y2>R1X;=>dN=0n z9iEK2Rn_8J>E$|jz?b}FpINaY7k;&_jQ5ZJe7) zllG4OPvTOcvVN_YB@3S;GqpAmrAF#cO^P^aGOuFUyyG=jvoME8nYKvmHxdJABL3+F zmRgmuIYV`ne1{mk@|THk!7c?*CIR@VC`OUJHgQr*za55zu(zZn_+i_%e>o(OUCxwI zC5=RexNtQ+QOoj!D39KDLAr`3M1WHO0ch@^1DxCGpJIW>;}c=B*ArBGksQ^8|C5Jc z@=BDAAL?6=f&%i!y#sfcDHV{X4{>xWy-cOS=$eH4MfZ`U07gt{#KiqtD(`dW7ZFrd z=Ay!p6tKJr-Is~NO6ay552_`F}f?dHwzn^ zbJF%ZU?_)=GIM&BtaqBaJ(#It0LM-jAZ0G41KG#n*Ja;Id#UI+#N6t?E}SIePY)Iw zh1>9RD*{(cn(+2<>Dq~*@5;1`3n!qtZ1fj{+?tjHM7GL)uP{rP6!GZT!5JWj6%L~a z#vkh)?;=4fM10ioZA_Nprit_V@IM$3D>h6~kX!%ESg37LDku29mQpM-0U{M3I4_=1 z)50oWhR%>SQy!I7E@hPP^A7J&^2cYz;}pFp5Z>wTY7HyDJSB>1WGSmv?*v6EdPJ6i z->Y5LVx)d-F)B0W*#!>Y7lx&$Egmf74|&yi1u3-3ct)SX07dep{MB)GE{*Q`gP5E&paQGPfoluRS8k zZ(Tjc@pqLVbLj%yTF1*qY1cil5?Ou_%S-*pTK7q_jMKV+;YNi*Hs`qM0|hREQUf(+ z`S0#ozSXT-wV)wY?4;>mTOg<~J#E+4E8!B9IKL1(K`Wm@oyC_bE(>HtqDqEre&er; z9E0xmw{~YDSSG3FM&sQCq|TWX746N-nU9ZDXK9-D#sYs!EWys-qW{6->!-Bz{p+!l z^Kiz+SBR*{DLtG0wcfddcOdRp+fb|H5upj2RmxB&E;LnW%a_8uuw+O-&3~G&y~^f_ zi&$B|cFJr`%MV&BrMhW#Qv7Hv)SD$wKefI#;=ApzQX;uULVM~Uq?Iuy1AGw$j_9lhou`f^%%RI_L!A21huznozWKC!@6N+Nb`~vk*wY+kk>H8w|-(} zK1Jy|^6+FY!YTOc`Wb)p$~1!$9A(VJcB&F3vG_SZIMbYfCe3j^E6?7->ZA_Od_Fv`nbu4bt2JhFPt$hbES* zfkUzo50|IF?a-ams?RLwMdjwTiN~Wk+dT3K9!;qgmk*T@L;@0fXC&>9-4B|_f5t)? zhr(a(5y}Dp)=DFTRby{4i!4W2nKkgnktA8OAov7dvVhYDC@VpBTDI4vmE3!&hkK4K zz`NygCd)W@U@S)fE-ZCIpZI73Ch$^`M$*`^vg~OL}m1- zG`za|&^l9Dhli5D90QU?a0TMJ?H}nCJzs0x9@4Lq5cAz$`v4Y?l-A`{MvMV!-$^ek z8V`!j6^H(XWIXlES98hJV5$S2)q$q%U6!BOS7hwsq=Bg>*ZMgfjHQAd5Mx~IVK4jba} zQn&J?&!r@QC`F}`HL?qga;jY=HN)BzYEmM)3MW4N>qbKD-?G(2UYs@#*w};~ntkGD`1^xt|C zl~(O(w{uQgOE#c^uXaB2%+m5038nk8lna?citjRPTU7hSZ!E24pieFy zN;X=OJm5Ltcr!D;y|RBbb}CFsHt!?!G>(mgPMI=D+2(fTEq2-J@5jX?k)-v=)0=g^04xfh@%H^SaJ%|S?Zq{>(k4c_)h};_tw3i=bTSKEPAF~ z$xf<1vWssO|I=+FDSC?fe$zP|dpU7ynIk?3fN`^nK$f`aK@4B^3zXflK8=x&J|2e5 zeu7?Q+5zrwW?2JQ%Yf&m7`l%m@Gn>2Yml^()#XO}8KvcE`;DlVvJdQ)!|*u|hP!FP z?#cA3gx*Spmvo_JGNWtYsa(B3^x?Mz!oz8}1it;@f5=EpS6&gKz<>hs@jZ{zhj-{$ zr6D_gmB*z%TfH+MDl3(p&^eusc$}&H7pu@kix96jM&A9CLUGsZch9KwGVDU_JrL&4a&|(}kiq-mE4jtvRxVX%od7+nrrE z*heI*gkCF>%?cI)FR@NNWIWmR%x?POve^A!yuEc?TV2>CN|i#XLU3uJxHY&_iqjy0 z;8udWyOm-kSn=T2;_glhBv_!hOM&9<4)^qZ=a28ZGk4~9=bL-aUyz)0va_?#v)8lM zdiK`y*e+fmW1V%CAa&vJIyM?uq;=mk&LX{>6?3foO;ox5r0oU2VTvZczV-WrxbkeI z->KHzf*^R-)n36{FU*&(9F_2f7OJjCYcQ+3Ecrcd&;&?}u~?XR0owBho8@Ki)=kyR zd-~NlK>*ufPLCdv{oU@cl;|)C{VxO+8NF$*OI9DdI zzuDptYJKg+1MJ3-M^J`TCPxVs{~6~gfWP;)tc5nVY?R2^mG`8)z{0YFJK5BKc$C_# zyd9usg+-`|0Orl&o~eRXks#y){W%*~_denOf9aM_l7ERItejOdfWW6H$$<_#cOu6%sQNnSK>2!tw5O_eH01#!uQU`gK%q=qs-^P|O#hiV)Z|bC202dR z-Xc>xUmNl?o*91ZtMF7T6h4()DKnSF)3y>i-elTlweh3vEm1>SqDudt!AOtlP==K< zzQ;p0JK4xVW8VHOy?0<&7AS@|&OJ!N_T>3#svDu9G21C4#pj9h*Y73MP?&+tY~sN< zfdj}A+mXS9CyQKsL{ztI|9+xSC_n7@gSK|D{vCc`p(x61F92Cdkk58ALJ8tlE3o`l)X)tGbUie-nt{Ie*bsH~Ggrx`A zg{O_l>5O4zV3b|e`k0{P6O!|g92F+=8X=a1EM>`lw{jK~{{n^SvI?dJNE`kvi%A#FqwJS1$rjj$3Ti33x1iXgE=e>xZs26Ht^JtKdjPJP~=cEGyK zLaclIZ9Yy~(2a~3En3G~KT?0(x|2qi87{5Pu$}b%O67yySsiu1^f8Y~K}pz@A|0wK92OcIKe@itTj$eUaWXQCq+0FcbTDUqmPJ0-Ghl6*<_wC1FKlK;3qht( zSxsPvt*e>%(=96#uPsZVzIMOj>w}&+t`4=eb`FrKTr{L6WhwilX?we4Hq*sE#OhGK zwZw}<>=^%&xUzUGiAd#HU$hTv-;m!kE9;Dka+w5Q!VdjA-;HQDOyxRhs}Wjvl^t+C zl=DZxrA+0N0<+kwGa1l!LCV>7_pMGlgFq9O>fzou87HJkI?e*QkjAV)R|{N76_3s& z-{MRnAaV5%DN84rO5nTND|O7lObG$Fx*2cwC-E3!f!^XW!{y{C z`Q>95cNDlx65P(j#GBTB`TeF=;+T^A+t6q(8~30`S@yAHb=t-r%Og?6ga+Ok6&jhE zDP~S=Zt3~1C#}3>7imaY61=mckh#A+MAhLJ;1AWzR-()@E z)$u=yk>RhT&L*bS#t8B|g>5 zFBKmjpA*rCz;hydB>XBxp^ z-(Y4I@g~=g%nm4|PW`P7D=i|?oWL-jbx8t@9-iTFfILYG3(+(xKZJ)FHiRWw%_Z*( zID`S@vi0#+7V$DEQ!P(ac9JP2ig*Xjeqqkx=}3kONRw0`Mt#dB3c#l|3FkOAugh;G zB10ip^&!lN!QDGd?Gx~9;wAr(yhHFc6teZaZmm60nIL=KR$W@9LkgTTeY`ZLoP`7c zXZL3G0*hKqECXV&1sT$kU9q<~#t`bUmTz3)Zi_DkcA%juuX$%hz!_NMk;Nb-=j-J8 zGLE>J%-skYrUn`7Ftk|VLkvor1>5e?B@xkxS{sE?N4&42jkS6HfQoe9V}5Q#`tgTq z-Nc4GCkkF`buMiJe0xhap?Hla7FpTEn?k3+lX&r)Thg1}IKQOis@@&9`<+EZv@{rf z?Ed-M+%cyr?+qQI91js%@I8}W31>wkRcSZ`-sXrMJxa*GDsI|PepGFHuEK)>bEqqa zb|tc`sJ0a)S_yS_{yl50N{sQMZ^4crChsDAQY{!8rMZeC9;R}S3#*I4C+#kh29GiS zMqXq5d@3~BWHJ3Z(%=h<{{1lq&Ip98eC{Jg6RJ~?=neg1dCR$9b+3oM!mWfbqtzy4 zYKV#qrO}cXVIH;K>@@w*{G&F#+@=(11Y1jXp-Its{KujD#974JH)KR|(LN(p~B2Ax5@vyv0{mkUfH5Jwbhb5-g0y^0o^#q2>YMC; z|Mphp1D~9|QG%?-u0wqH+L}@4%0{dJzLHPm8!ymE|1ou+x+UeOlSRT{39lXa>e7*V- zw`zl>z?Vh*JAekE30U?Xhci6<0e^+KV`9MdTzDjv_$I%JH>vpfhFwkX(75!{JE`lK z8eS&Imgc0!Q;l!ey}r0LtuQKDOD;{iBl>)mH&h8+0+Jtoz!hpky6!W!FMEwG%6)$% zbu3o!_QoeAWt?fk%(Ix>U$nd0CYGhzL&g^uP2M2=nj!(lOl@%n7l4>Fpc$|27_rYq zuUL;2bLv)e5=BmK58|6+R0Nz3 zgIU9Wn{~7;FVV(eGQ`s}{pxBHz@`y^7xk^~!t$q}bT{2c`N6+WPex1c3sYZj!k3`8 zKLs=x)(jqI1_0H=q^N)d7BZhKSFNTeQo66sGk@%@IC?q`W+4seT{IZl6`P8Pj~)DN zzFowlvg&>)SZ2E`9TCc+SG)vB#NpC zqH)pQ{3Mj->W}2LQ5a9pe6F&tcy*!n{2Rm_JG?LOPx;Z(k$8;FBEu7u=Jz)JpADK4 z-*5|cOSa-rk;08a;MAR@jG`7h1l>4#810Ivc4vta(xAO=vI(kR_0=+)20cfn)E6@E zfiTJcZD3Zmj z1C4AfTlhJ%Gzb-NITT9Ri+Ky|6KGx@_DCR$0sYp-+Rrd?QW89dBOhN%4ka+m^XcID zw_8>5CBY8q^d8=?+x3H6*IYIIuc>qimU6{6G+D=3LI9w^9~>_EaWd{8R4j2L`#CTl z-N$~7`W4C(W@i@7fF^FIWA*lKf}1^G#{j5UaA-U9!BfLKyEuvE_mp0mC zSiZSq2R*GE^B?sm^^Oj`0$J;YarOP=V@FRgIy~(pk6?Y?tWE-ENB?5BW>a>v82Zs? zWbNac_kl#q=XDiNYB3S%+z*bpc4AajZ@irqn6@8-)P&-E5ao)bgI%{RDX<>G;nNI; z*XFiC^EnM4dD*Zq*gzYmp4Q$(8vCnS5*TXVVH6tnnkY}S3+DiO`DUeU7Mbc4USZeD zdo`YC3MM^7m<9v#{!3IqYn@s9BT%r`p7mRsb?rhGGv|nfQb>bTA}s<;-qVII!-{wT zjLFB{bEvO-%P$i5bk&agb1Ux0`(*1)PcO_7;orO=K(SnPQHzU&aWq-`EJS3W=uX&{ z-{pT))_5&^cUbSx{>v#UKy=V^a3+}Q4F;0`F=k%P04C~<6&d3ZZ1 z=sLsak)i7e(n7kt`k@!}37_HeHN)sb@}3Y1#xokR5IkCXPK67xw@qL8hqts<%iY%N z^Z5^j-iml7?W}z7rrWeuEB~A0Vr8%@{gdQk4G`x2lM`c^J^s68J#bV#VESvez`~lk z`*%Ni;IQ`lCo#tQRPzqC)joYaIy#=)DyVmTy1uE}xx@H_6D7QnF1VwTWq=OwmA1HR?no8?i31(bqTrFsWJ%6+p@et(jBDwakcd>omKL zDMH;B+&;M$zn&oD|1~d~#pznUrj`S5fXI)s#k9nY>Q2qoHYd}}&VVxD3T^!xA4}1* ztb#C%-vHXQHN%eS^>7{{B=@&5NDTF^16LI?Ubs7-WOpNmA`hH@CQX{IIGj&TW9KDW zx`pjKngi@Nj?16s9f8mkEzTq6do^|@^u6L8st7N(E4N$(H0&Hyl7NoCy?BQr_una@ zTn!%!`DQ=BGQ_bi)M=x?6Lvk8T9dpViO{6zth$1NH-T>O%YYO5BmDd;1wfpw!L?B| zsrHsQLm7>4ieEf@01g;ZoMjObG-T>-;gu;E>DEGp4PK~onCJuK7%wQ1QZ_Nvrz9AT zN91xUam!(Rdih#`$2dU9{~e7vho$#GLTZO#Il&an3s?P70s>Q2gtyXdT1ceyqbX$}0 zqghr53!s|w#+%Q#uKikf=!wCls#NsafR=!q8w4Bg}-@(+TzAu|Rip6?{vD!#9 zYFnh`-B;O=B zbx?u4k5 zq&b*Gob|KrcnG~g^5kMQbVe zFDpV4cbWII!b~DF=RsbBSwpO3_9oi9u~Y?&mOO9G4VFdesPbIvF$8k3sxsVDY>BNY zzx^423~T@BHY3uB?nc&?`Bpv2A12xAUeCjwe7j@q!EeqbQ8*4CS!PmVh{-Rj&M8b= zjdgYXAt=KA;iH0a@TIwJX>q={E>+Rws%8F@dHo`D0hf>>1deI{`c=In3{vA54-1=X zg~K2TIq-Nco6K~i%d^P2<6>`Er|5O2Aw(zP{2Jx`aVgH2co3aiEnX87n9ng5o5;_V)P=|Mo?hdzi36m67LftBu_fBQe~In2_5pfGe;6xlpY(Xkr7N+#}DkKO31m@LndVTFF=| zEjDxT%hZ&81{Fn1D2gxYRYin7c#B;M`Dct*SiQNPy5OTO3FQt|EZ@uA{3By#307*G zSjP{b3$-_1KMt7a>Tk7Kc21_51;fjB0^}Jm56!on>B$6DEXXS>Dic|$Xbd0~Y1s*y zSQWtmpWo7H+6ZzdL;rBc@*GI!KnZ_(MWeb1ZesG4z|e)&{^uTFEEv5ja^V$hUQ3s^ z>qe~$%BL#2(Yq<`prxZ9b)4zg`;^89`}zZQp%)>{+mg691FwT#l@du>H_WZ>#FTr+ zg7j}r@h#ho1(Ir3>L(_50M(AnlcAYV3E3#0m@=N(R;6K88>=fz6k^V&P>bCmA9>oJC8 z8lIuDs>v!~n|VUlc76W7liF{HednJ#j9}8EUh1qpNB&A~L}5(v2UxTlbZ#!C2qF7S z@KRuTjK+%JGVk={)7z)ZIF5HqPDs{RseZj8IG0m#K_@Y!(MOxkv3v=YohZq|ZMlqT zeip^0QOd2V2DU$IFM6;TKjb>C3RciIdq!J7u*9R|bDmM+XrdZ6evh4v&BS0S{vyP@ zr!9Nq8HEEYdj3Y2_jzLx{aeRGUF6zVn~xj1-ds2WCacI6)2J2wW~t$HBsf80-D9jR zWyGQJJKuwGf;s%BErV&iJTuQf)nP%Y^^%i@!xH*oVy){m4`3Ctkd*fqPntGY)64qe ziP4*Ic_wtwSIF#}lMi8wbO?L!p%{A$U5~L)tsaVamHF6;5dB2IC~@$WPlbyL_-4aD zZ)7C#vTre<pLv#4DHNtAnCFAkJ~bY&ZyjgO7apq| zqSh#LgAo-q)R9!_fo>vbjFO4&;v)htQPyOt3c>i$wU;3imJ%w|oCi-i^k%OxYX2UW zQ1@+wzmf@U$qqb-_CzN!q#*of6g!vqmlalG?||@^T6ITO@|NsJz=7&!^OT)zlX{DN zX5ERs32!=;z=9L3-x=!)_RYH;JS5helO!Ev#5^sKUS5r zLHi9FQ3!j%GTrN=tEdA-V<)F>DOE-gU@2cFT6$Ve=*R$4(F#qx5v_}n|H(1E*uA_I zXbDb?){dTLDYVT*Yp&ItIe|E*UZOE%Rzk)fMv71!IbE}jr?h<+)yS~5%d^HE7=siRTm7UR>i}pyJF0unfxQ)C@23xx>L3we_=K{Z;nhG{j^_ z)Ht+GUVsfv8Rs`wp1;IM7nd*JqmS$|o~l7GT8n(GoO@ObhZ%lXg;dDUzIek1*^-Ih z^0R+4o@mDasw_%(Yc3ITs#{J;6S?Xv=q^UpUB>ZO4hhAW%%pqO$9m4HKVsF)g2&4r zx&J$~Tj&UAzg8S=?T)$Sse%jSt?yhUwHSXBlN_enD8yG0;P=mcaa)cY%|kj3oI2SW z>R0$_aOf<`vqmToaYGpU%bi4GfpMFOh zu5ld-6eaCKS8UI@17LYy_cnxksE50B=2Z9WwU&WVUW1qnD{-2-KO3)!JTj@gTYm~e z4^+onJNYy*YK9|1xFxSCjYG1t#baF*8_tA#;<8FLm-WaEw7=(+P>I4>F`nr9c0J*u9u z`EBeI*(}XJp*?P0`AA4IomEr6#gM0cqkJi0TmY*UE_MG`2)$u4urk^voRx_#Ux}yP zx;8nSEM2%P6!&~Egxr!SVot91;V08g1^Qf(vS>AM zvMif?WBm7)F@s{w7e6?>VAT89NoR(XnDxAx=4cg~$lLq8}x(iSIJyCkH^h ztVC1`ylU&C4Tq?&XVFfpBaC7CoFRlkIo6H+li60e8T8Y23t>|}9Blp<^9hUv#Jmab z4i3d%m3hYU+mIdN73#0&(#Mo;~8Z3nfvMyDuH?(vH`^)olcuVX<8rZ256nc1iW9>$ZBvD1N72QvQ=}Aa|go7rL znCnxsIjN&1*|u)Z=aux*07_UV-7$(5urk zY08_k_Mex|DQzDO6J{(x-8E$?F1a z5SJ2zSl^nytUce2D?~OJokGFBzB4)`vjiAV=LD_nlOQKKEj&8%e9x4?O1&>5D^&83 z-Y?l6g*VT{s1?A~U}c5_HPVx~su+{Q-OKHKIp?tqcn?=TT!2iZdgbMqnU-#Do_@+k zf$aS!UQBt!dCOKX$U100&GtZ@hENII_X)vo2p|)WXAHcb#VHW-!}9`X*}Q|&i35|( z2d;j6v3dfoLoet%Q`OiyE-8)0;9Uhd33%TIMUs}OM`)MH;$0sSM`}qvXB`e}E9&5${8BC=zsIDJWvn`!^+jo&TDnn~~GxDd+!6C=zyJ3FC ze&d(Zcq+(~1WJtP?SY*{#{=TV_f!|0{n2wyA-rv3gFi{z)JS662844?hE}nMT}KGS z=ie?+s(5aXfSst4dt-!rmmqrQjPGU}(>h_KV)G;I~^G z#Gomh`U344Adl;3#*!2Y3wty4Q^YaCJ(9zHw70OxvtE63j@W^Kx3j=1Dq>4gJlBD( zYLLMORV_=07lxbtLHpHXSXk5d{^!NE72`Pt(%*M~I90|h`CA-;e@d`xQCTX3ZJ%Ww z-mi3dD|bBgb3WJe_CaGUAq_}+Ezgng;ul27?QM{4OTYAGl-HRf5r~t%k%7%5MGUPS zwf}_KDi$2ykuqi(d`|d;bNnbp!M%H|+_ykEFsx^?QWq?Y7ED}7$y zosPb+sWtcM#i6W6^qAHr5d|i?3hErA5BA{12m_%#QJ-ew$HVkVO<pGLC}yd3I?q z*C9Qvav;NvI8|^1?rn=G9Sl=zlzf7&A6I>87{&H$V3`_78^mLJz{T*U&*mVNwNWX1 zE2{YXtA1pTQ&z=7>l^I$AuY@<_Th$e#hb@c3FnS(ms;Q9FY-aDec!lHJPg!!1> zCSIFqQKRjynzuZ2bk^wAUzkGV`%al6Zx&T>KI6OcTExEGa^h+547nBk7Nv2Z8sU>D zj)H6psl{<_OV!02jjH6wSq!Gis19c+ZRy(RqS@^ZO8fH+UoDJ)hE(0TR{sx_&U^4s zO5G|6y}F6GEX<t;y5rsz1Oj4IY$Nt|c$K$2>*`)BALUvZ0bq=;R z&j0x56F1XVnC5l*QFe2v=ONcbtbAwmIH+DuqC!a>byN0Y_)iyChEDE_A|+wcGhgdq zJfwNU#z5#6xc;*_VREAdVWFx@9&m;;c7i3*iL;(!#U|*kS>q?RmA^u(Of#ymqYFQl z^GDT)pKJnlHrh1l#8=!kyM=HsPi>v*p=x47KOkXFvHx+%fR7Warx|b`-w-;_U&!LV zZOwpZu84BGm$V99nF~J4^A@NWQalQn*oeT@DQLtaQHppco89Ypl6T6Wl02mf;7{uf z_t<*ZSDYeY@R?*m(sQp-1Pt>VD@Sd|=`6%qlM9HNJRGQJMKa$V2|zI=BTt!f$cbpi zzo8KU9i7t*L>vw(NS_mW6Hv_YdIkMi;fE3giSR?#JmNDvx?pRvJ+geHTgi*Vz$CA} z?Lt#z?|B+L92~pdt_i^n~Z3-XA&OP&xffO{U*+$YJ6$iB$)|1vdpln}8 z6bh3xUS$XXpB5pw6s0T6%Tl>$*V5LqJhhei*)bsmqC84Rpx>As#90^4$XmdsO5ENW~YC$+s<+(Ure1l@O z4+zct!aNn*6a=df-A-XC%!BqYhiVNx^lo|y9CtqSMeAwK&2T#m+4518vgz$@y^f=27+#gqVNwiUPFTKGoriZ@{THGH%}!S zPX4%KOa5C|G3rf?_aS9g{oj7?izgM{3D-Igx-Eo)`$g1aUfj5dl5LPQ&QkW2Mj!PG zRQTTb$m~LMJaTsO3Vuz84{`uQi<4ueIvHWV6!N(WoET(eYjXscf2Z}cp2Qf}ODr5y zJgWAQX~>$qK+(H-#;zxqy2cM{i<=5!{eYf1<|YW~h?XosI%}XiMjO`1%aA)1*8)3~ zhEMZ_dvapheKajkpPNOv-KK{jLdc+7P_;sMyi=H4Zz<8_d~~XTE2wfmb-UI$-ZHlT zeNfpN5L;G$feMIE?;Lps&QL?ta(YMb>X?(|Z)lVLZ`ZB#} zPGTTw)#y|$t@+MIraJEZ10Z=?%9vtkIalBXfF|0L>{P(lFcA}0BQW+2j`j4B7}##% z5&QLv#fv+?>&hNbr#y$@rO+RC+F-Fo^X=7C2@_!bNZXUt<)Z~csJOBq8CDAG#^L_X zDt9>>*6%Waf>*%4xI<0>Q2XyLCw3Y6CVL?^KQ6F?oU|F{eV+~19l)Yh+BC~v>uUu385i(XX-Hyn2V%r3f2w_Vid%Vpj; zS?jz!KJy$P1!RVZ+({&9RA`Y_!h3bRs9w8~K6T^$?bYK_U+l(9tbdynct6`)jiEGh z2$}A?8`obY1V&yAwY7S;r1d{zGUPZWN>7OhCAmND_Flhhb9y}`Lz7Pa4}l>8NA^=v z_N@B z08%SyU774)^e%k^h)$mz^SkcfYd2)AErs}O67>U9MfpPdh@7(CO`WSDSp@h?;mU1B z0tQOp@}uV;n93n4-w(#%I`!CgkNy>KM$M!d{Yq`7l)=<4=nzNE960*(3xa!{cmC0C zlp;roXiOUjX)NnBP+yXN&vSiB75k?&c7!HdhCr_gqu2Ha9|m#wZqCvU;3?XDtP`w% zt}F`>Su`Z%m=x~$qh^u|1*?Ssv)vBQU5ChuFa-Ggrat*rlsN*+5)K2(I5oLEDiV?F~H^hEZ*GWfms-)B?*dGP$NA71*{2WxcEx`d!2UmK!T(H-GohcOEGeP%@pWPR{r=qXbbEES(e=;L zwScpksECiS@A=7r$63Ha-GE&JUa@Zoxiujlqb_S&t8a=BP+!kJ@8hF6|70s|dHQsC zKJvJd4m2$5Us#x&dz(emN_90a`UHme<`HKX@N`^^`_9|?qE|XLvkwg)H=p1{eR_S(OZ6ec-v`jyiV9O)}k&LvbsZ=f5Vmipi#%VXms=@Yg0S}5{z z_0nxRV1zP`<-$u!T12k7r3+Ls^HjY3%fWyg^>%Kjv}9*qq>%vo%_Bm=sX9k#KF5S} z8)K%GO1-4wi2o$1!Sazkhp#`lF=lF8T$*iJ54d#iBt0s2w^Ex}12NI1WfBta(R1XA zildxry^H1UfMVd*fT(h_U~)N6rS&BP-k(sZ0-hrlY)MzQt+`fBCRGA68=1;$-3JY0 zbygQCfeVdN!}Va`@ksXmk>LmgKV=@0P%{;AzF*5}SxOnJ8;ao9?^i?}B}pn!8(4YO zbE@s^gpTJSN9`ewFF=(Z5hNj>5SomZ)<+eH^W$IkCQ_&j_>@r~lZhQ`OuY3s_~#)K z;*kztMPBvjJ9TdeM_I~U*DS7-_(|YWw*pr25w;N>xQWNEYof(s% z*z%XPyQMAsBb}FS1_T!lQPv#828(HrXA;y>ZtLe(_=D)!Qt38D<}vmj|DDJN=vQ?k zB*Z?OiepJ;oBMg;$two!LVLv5{qzRYY7DZZ~_#Q*rr%K}#5fOO`*| zPsM@k-Rae}Z=Y(ExO2kR$i3sYw2qO?W-y4a_WPa!b<>@1`cdmo%^;&IOnEpT^wvZ| zcAlK##*>$;@G^1A>+k{cu)nvUcAFef$n8{-lQJ`Xewg^PEPV*a z<*ZNLyy`K?uv8U~=N1Vo`%^0`Z#>|!ed=%bT_sp*`|Z^E>*4i3+fbVP6{p3^7zOG4 zCb7$~>Zj{gwr#LCtT@Br92R-yco&#Tolr2YF=_bdA8LxPR$IQr&Ol%cYpCUDdY^~% zd6X)}DeSxM6r^b@Q1G57%rjX}fi$;wqng;cJ_%T(1~-vM_gE;msqx<2e!e^NCd{QS z{p4gSX{s9eHdR>PQsrlgs51@>v!8EA2dTX=5~=^yOXtD5TXj=|>N_v698BuWK>NdZ zzmtQAcsxYWHl}y>tLVs@6;Ki)_bj+%5@vdMX>hIXuj#ztR6RD`&{S4cQee)+Qelfi zbkE2huD-gXeE3B-bnrZh$xShf?rH-V%WFcO`p zmk0tYd9=4*$4Z(ioZjvd58Z}1lV?9hXSqmMzBFO^#9-}oquK8E zwvr;1aJChBQ{&gQsY!hdN%O;%1t~?=geDI)4;_315h1vuu0aFhS+yA+E7eSNo0hNp z@PKY&B&$jsb1ix?%NBv?_MG~%8Z{>9b7r-?cR#AKQk9&SwCB0}{c?otT(_G|-<<4qiU;$Si^(tHkosIb8e4OV zBxZU1gkB5PunM2RSu(O_5fN(rjNqQzA;T zbK&3g)hhJ*1JihuR2zotdi2ob;fQ8sfH1!7iZ2r6NEcC>t=Xwa}Fpz zDQ|$DUp#&0;&CumEqq@2iVa;q1N*5Dai!m3XfliQchN+3l(SZX2x?LDniJ1~XrdC{9kk zXp~#WwC*{TYNEOxe9=UiX*XMKD~7(9y$vg*S4oOV)P;fR9vUHN83P45`}CsGD>Ml855%X zzR-on^RQ=I1Y)m!|7mmAhH98syJ+OY$!I}gJJO7rTTWV9cwMw4lchVbQK}xQ&e5_O zv0p1Vz+^I>E5Z-Yoqh_;7=2785t&^jC>daV)3RoN!O3al%2)v5Iv_*wF|91P{xMQz zQ`AC9zzft+MosmA=G!_vfhg4CSm}hM4odNz`{UK{f88wunSMQBJQ3Y$3&e8%6A@43h zYS5kh$hAm#rKei3fk57Zvs%-Cqf;BUVR+jk7T*HY1>n>`<_S<>!F61fNUvyp3Rx z5-6K0>d0|sHkuGP6PlCmp_=_!+_*Vk z-dx+u)sM69x|%e8dan~!215?G>X~rmB3%?_ z+Co0QZ0?=aaN>T*EGFl0x#r_SN+~ZdG^1fQ+v1}X)BjVirtMW!YLEyr^Pk1g(uhc&+Dys;tP=O14?9u7qs(kOHx(s$V%UY zM(M;UUC!@twB;*VIbJo(kSNVOM)SzgbLqEe>P26AKXRD&S{uAY`zzG(NUb4NUP#+jU~*bmq!i9G+$FTFMaZh!csW{#6~Exg6|y_tLDdL`&?h%1 zSx=br46mp{q_>o9)O#Qq134xhNj6$=ff&YQ^m|mw%j>%Jv~;uUEHTT)-$K)}M-BV; z2=kCJQID81vSH-#!-z}BXt zJ9~B3IC%mj&g*4+cxcHnx0$J3Ja@_;X*M$)c5vFL{sZot1qeS zhcgY6jXNuwYD!Ei$NQ@Z)2H6rH%r$ZHtaAA`0VuB<#G?|_X)Q4$(R02=$@AjpriZZ#FY6TvgcJ{?V$y@z%>TAzg+It^kVfCl#q1@Df5V&5{ zaUDL#k%wF=*FZU~3f*+4+P?!0(^faWPTi&~X4?ytOI)rLb#*K}{#9LYd=hN|^0(rD zu&E4AO+s>gPy(Mmdsf~uA&t8KGg@nY(hN-|SdlEsshsJ3G6X?$^=mx0UPX#2$Mq%I zdz~Wjq%&c5-;P1HpKQ`3BH4dJFwodO7%*n~)4Hi~*%*e{!ow0XoT~i2_ehm*4sX>j zUdXHCB+F@jn=02|5lP`mc^hY^;NI2nK{L_X@FJ^fENd7fI~`y#MUf)|_N&Z;~I`vPAnZigr<3kE@c#aH3qYjPITcR`K%5C5?%~izfYIZq~ zQ#nzuCX3^Y&={Lf+oex{v<6*Q8}7TIn%t^*8iRG|XEFy7veUHtT?bn{*&ZwqsrKC60pGZ!;v!jGz>5K;Ua(bJ;X+9k@Ut~waEH?PzJ z-6K%8_TkdCLK=R)!l+&pVv;g-*KzIrQaTBs^^|N`jNbc@I;>JbGpGgOG0tvsdY1AF z@50QJ7j|qJUt$4+ytY_xZ;`T7;uZCH2?giEC7I9-hK#%H%j$H}lD@i9h$LOrFkwfL zq!8cNTo18+w|&uTQ#?uIGMRBs9E|0lG>*z~tM^Q)Ka;ou$nCPIfV+((-BWb? zb7E?O|0d!@0X(n1vohf&YuL*aV$i5Z$(4dfXVNKeNy1CqS*&C_i8tB1r`zW|J)>ex z@2~+{1Ev&vy6v&Ktb6S72lM`9cXd?W3DXXg$F(ew35^p&qOwPAM%aNeQjQ1l&N(TV zA)A@hg9iG9ykcziK}*;qiQJlFa0M|zCSYxRIw@2cW$I3?6e@NJ9u#xPWWp5o6hXo+ z0T4Gj&r9k-R>(MWLz&D_aQw9%a4|<;WqtMxSzz-)w{8c-KrIC;(0*x{{GE4FLJ zP4LH~7T@%xRADiLCAbcVQ;)ev1#pkRIwS->^utgDw(ooJ;-578Bfx#BGvXhccqoWs zG;L(^4yNjmPCaUZc}9u_aNH=7NhS7DD~icie0(pNmBHPq@!Z+W<8C=q!bMAfXR`jD zAk8=Y(U(K9t$3I3HdteGMdx=`w~l;_x2o{4?99(hrt2z)jWBCZI(Sm^V#5Sd5ad%__245ZS8!_+Wu#k;!mxHi9WdvMGkL{$2j z)GRMGG=m$JjaOAVpN+xIbLyGPF-rdizjFJ&{bZc18dYJRmryI6I4ANHHi zIcne=5_4pmlV-+cGNF00M9YLWYG~eA6zaKKpZxKJ;ZStVur0PgsK=}p zen=?$*hGAK(_{zz=_(OHM{LBD#l#0quczoYo`4N0i~-T99pG?x5~7Qlb@cZiJ2V(@ zgsU={2s33ow~6_b0kFVzLSx6rE?9NX$G*eW4oACmVGweEz@%Y!@>}#CR{GB#7^dvv zYW=-QIYLwVuT4Fo7jTl_XomwO>jutDCKOvMP{5gPx3l){nO8T~@0fT0F1P-_F?$1Z z{(m&J|3?t;)bBd)I-yhaV6U^()cI)o@HEmPYfyFCm%X&J;4aoX&VMM(lRwAh!$hvT zi@A}fo3bdYTi-$vn|aX@+GD1NlXtN`{zI~EiOZTfS#piH-cZonV|{x3k0qr{&>&T^ zxXrA=n6w$UlEodM=09QoCBr|O3dBX>GtRz;NG;(twSHSP{u_$e{^F2Ny630BHn985 z0`AIRd~v|shy31rw{N`u!wHkxD5t09C->I_R<@w=-A}Q8!~f}?t)3Ppw5trhdO6`e ztlyviGVK$I@AqzO%5Q-?e|q`P?PnQ_Y6u7|HA3%TO#oyduyi`*{nTj92%O7E+5|(P z7X&DP&;k}2_~+#7wHlQgEkkBSG%Zr(y}s|6L!tM>zdDb}&EE*6@eh-EiEm4nGp_IP zo#rNFnasO*h^3#>_zeSmX^j36KvT_gB5{hyZqiA9xp7sto_A? zW_0tuI$xevTzU0HGa2FD*cv@^b>=zpd9tWgB$cgo*kP_(`-Paa&h166?=>)*Nc`Hn zn%c|45SsM5jb4ej!oIhBx^uev4c?*#LG<5KrxHc>4ttlV-1&s0Lj`4>M*aHg2PMdF zCKooZC5=;UzRX&Tv)DfSDdT>@ZhzI9n_TEVb$w}gIo>WtD^13P-fZp_2=cjVlx9gX z_(hfTo4`^TYykNh`DZuymkLQjj-qN?Voq36j;V8FwyIA23Oe2+3sUL~|g!2xoQ4o}{Jz{B?i9sKr! z)*{sH>twb|-%ug)TLiIQcNTncZhCWZihin#5C)MxCEkGxrM%vRf~DQirwcQHnilpa z!y2vkZ`sAvgyvVu;4$rQKMxWDfb#e8eHcV!c?51>C&x2jOd3D?#`BQdxHe2W^6a2Y z6Eysyd-YAiWFu|{oDOh`s?}%=G~k*wU$HJV#owMUpDgc;wH(fjF5LxH@~H9rs+pti zi)%fa*{+WV)XDXk#2(uRjt_cO<+@Mk)OsS`4KRwPQ3{Qp?i6p0=jJYHamyDXFZ7x# z2AwJX{Q#cU#^uSd1qwn-<$aE&sU5E)R#NQ|n)#5N?c3X((oLyLS*gT{lx_30HUwZG zE6^XoTclP`m`gm7W0kT+L-%*>s!mZ)xDg5wy{+~VSuJW20lI{`7t|EoWCc^jGHxZ< zhw=Hz`?daMmDDUbKHEYpohM?IcrBZ{6M_@`X&Vsc_>w@3X$Id~XEZ+FCC- z6?W|w-A6WiC2P7N!3OSZcKTZOHwf%)_?H-~d8?V9I+or^Rb)$SVCURA$(!^_1sIpo ztfvU#F^QDHOIcMFUK`)+nY7=hd0h&6FquiVjW+Q_Dcxd66R(SE|2Nlpl!~a1QXM8v zko2a7YY-mKJG9W(U=!OIpO-|AHhf&2<6R^(8WK|uZqq8LH@OD^FE~_LIq*L7N422AUb+pJxcVgGq)F;-?P4^v1P)l)@UhLBK1~Mc=TT=e# zJV|`j+mUl*gT3yxWz-=2^C+ocv^1R%ymH?b9dMgQ$)t)IPbLH3{j&%cD9`?UHgsd# zEP#9#7_B(|v=HO?^K%%7Z^U^))ayKCGMT$0Z02hSQx6(70p-%Mj4(mG?kw?yh51u` z%Xnzb|7CLG_Twjce`Vq-+w?v&(W}WwhpAH^0hL@%yw>5t?Q|*JzNOY0YqWi%2dk8B z$=yJXM7d?;Sd@BF-(UTl#>C}tNcrhh`>WwptB3BE6&njSFz{H)aJPpIKS{4d7@~bK zN?5B9p0&>}oYnJxvG2|BnAPVnIF zmH>lGaCZiRyW44!|2}u$`|N$s*=IlZ+wBkYOm~;8s_Lp*>#es|rA-)NuRgjIfXy-^ zvQKZ%pBnDG>f(c_fa8f+%p#`t)HGI~VT!_cr-+E6(XLwQC;T%+8F=jL2^3mKlvc=z( zr6=bOLN4jc<8K}Ssx@8T6`7&g6T5bt2yu4S0P{v0JY@poxDE3NjqAZ1{o$uXc*}mh z0f{&St?=Ba9q(C6;B-dPPG37)bWz>Q=SS^v1f-yY<3_E5t~Av;WBZW=Du4@=)FXq} zAiaF~vX2|UnfToly37Mg@$%*rF+Z7uK^&!^LPPF6*M9bdC6T7d(1_e@MsJDtPOY6W zFxR(hp(|T8j!yvG5-Cqa+WGg7swO$C+4)G#p9oDBx2sU82)l zzGCJfrT@Oi>DZoJe4YE=*rzR4Sot4WBrSp9Nc>_yU`PEvr8@`uCSj zH+lkRBTdri*gAR>uL5q`$yWyJe~xN`y^L$8g`vk#iG7b(Dl3ovX=qa=ny|20$6W$jCN1OiG_=sU6`ekPs2I!)zI@d z5K%fueRG4?`${QbA%l|MSD%wYg5o_3lLz(X0L(k^dF^87OJ*%2R!IR;M_cgvG@)_> zi+n1WUIo~C^OB;=Fk*$uul&Vz#+eMhm3pYe3B5!QG;n?Py=o9_IvnH zKX3=_7d>hE;MT-vc=o3|o)YC=jMR~Ild5X&MaWOJ9q}pgaBO=?>LWf+TCe!3RCqj2 zuZ!|_9X`%MpIFUwd*6vqMj`TvTkEp?r3mgA#j_v|bgiKHNd@Fc4WE_6t=1$bur<07 zM7pZWuZlko?G^1K^4~Tz2lvn`>iKNd?3-GJmCXqA+y1DGdw9M`t4+6`naL`t!l-(n zt<-xJT2V3CSzGFaH!N7y^#~y|#Ww7`J0pgCZr2*#ZDNjrgrBgXz z=;lXfRP*$X!SBlH6emJPsvFd^ll_^}=*1x<_|lgYo;yS^nVcc*i!m8c;5>8# zGRBnff-8JBiDOle`zJE-b06?h`ane-%v?RJsW}-UIo_UH(Ve*413d5h6)6EG-ylfC zsy+-3l)8!5HOeNihG(|?w$SuTM9A6K;&M&d0r=2ogI6p(F*2_>tw%nFul<&|x+*F@ z00eMXCN(0Y*B+Z)Z|wfhaQ($9HAP@=5uCrbsh-V{{%T!3YIcow_|UhVimmdS z@EUE8b~i@MOU>~Fm9l9P!`V~*>xK2=t1X^xx(ulX`iNPioh_y6PS`hQOIpU_>{L%U zVgU-b?eX!V>ttptYA(;i)pvs?ke{=)PEd^M4<|c&UM|S;cYi`x;45}-R8ZbFd&R$V z)45YDq3O31mv=uDMAcS5htI$X`F-tdOmNPmQ>3aX4n8kO>jUKr0%r$~lzdsCN$`N5 z6D|*No2#?RMaQWL%tkF%Qd7hc!+L96eL^kj@=M|`hGtEcL88uZr?tYqq=1n=ZHItb21YeSLg7e!{$Xf?DuAcfS=bJlGjXGxw-{k4FBZNOVs;CMhjsS_pQf z`JE0=bx27;3Qv#EH6--i(-l1{d_#U7c5Sy1q^=5o3eq+_vE?Ez4z%+nSIaHEB|SLMqz;r5CgjT>t@*I&iQ;n`p?pbjnFz%Rm1bF@ zikfRtpW){=O3etg1^J$A!rH2dk;oo`EQ@!#YFZLB6(iiHPq_6n0XHjS(NLkpPIgJE zX@_+D-;*xs=*>O`xGE{Si7rki%7Gc$4W(?_)fJ2JU}N72N1Fk5v_AMT%sNg&{N-?5 z#NuFD-Mf?+ODem}E?j(g{)Y39&5o=GzLv_^OOVOmV1B;*)`_9yC2u?hiXNd`Y3=*Z zbxUtFf5CF=cgx5e#$aMsh{P9@%-UCyp_hB_uc}^hnxSX=h75J#7#oRzsN2v-&sd*t zpK2IDqX}Dli9X`E2XqNmgQ!JQu0Gt<_!SY+X2A&?M#xKcGl@_>&Q_(yFxqN>T(;7PS zO#jL@)IoElIW=+7K7~EI?ZduFd$J)+(MDIms*|CB50=O5cp#E8=<=+>SOnBAa}V-0 z$V1Wxvs8_M{VGMjK8tYLjIF4AWTE93;X?j_*LiScU0a30)SGmIDv(i*GEaSk(m&a{ zwn#`&Hlbhpf|lVlQ4ct?j_&YaC5XBuV3>@q%COFFOtkc#rG_dT^vGuyLJ<%}(9Wb6 zpQ6vE7`(2KodUS4%q&mJ^#nSeu6$L#sK#hK-CI+17j1oTabaN|;C{{Y-8l7-alD?K zQD$68T0Dr_^uhi9uWVtuw?5POQC^o0x25LIpbpbMlIFBIXBIxYkVQ^zh-GHn2M1yZ z1%&#opTV%Cro*n$WlLN~$9O}(Xr2E`gEXuWf3lfOqDfM z0(3k(1bNs=LuVh|6~2^32)lo;l#;(2$cm3h)zszkrzJQ`nP@ac8xr!JQ*2V6pxY^Z z+O+<|;gNP!9w_@42fM2)$WsXda0aaAe99}+aifBFsW2w$D_LBZ_uAu-QOk3D3mcpZQsF6SPL!$3k`&UI4b&TWkE|C}}J17Nd za}#|X=2&_TySaAcs;v5b-W_L3bXHe4NCnY0Ov>o()yChzvxAlj!6l$QO!;L>=7Uas zc?VG|*f|5RU{20*2Y$22Io8@YkCQ^y`i^Etbd`yjwyHnCW-kQv?c7?A<^a$4F0jTy zHkM1E$||)54>;OtH6U<_UANo`FQ}VCu-6HS=`y-0MtTapV3&}3{G0W&<>uIWo%^~; zb?81OJ#iet&Mu#tY_!tiemSn@z3S3tR+e)w=1XeI5;Q19zP9= zXnT=XrTcQ2XSl&*wW&^{cNwf ztv4mX<|cy^^kJPUlxS+HIAME+AHX(Hz?ZJ8{nPt>8tQOR@K3>*S%@?V_u-_BIGQ}C z@%tOrwvj%x&}COhZKIK?G(PJ7(^eytC#~#o{WSW7{nzsLjDV zyt&+;9vwbBpl`ReU20IT;=^0dBRK1V!m56!X@)+2}Vjl?Z4{3*z)v1}hxe6z8H{qIz5O4?9Xv%Pv*2 zADBibXhp6&Y+^?hrpT(l%8A`L46qcF@mag#BFU+a;-|bgFlE7dm6t^Z6!&G9G2Ro{{a@UOa4L2o#4UoPC zdy3lqrP*YL67Zj@%UYg(^J~iczpJNuKf=}18re+oK-u>?_^dMHM)Q)7zHUs@oKgG9 zSjD4Eb%i53nUZ?{oFc_heL8vb(I0?;^2Jy zUOIG;(Q&Byxvo8YQm1n57{M)8sgD0$BfR-k(C@f+R^|59p-W`{ z5wr|_Hr%^y;hWvEl9BR>4HCH`;Pa>@p|$==SkSV4J{RGm2wcI9j>!RK>1UwO2$lbxqh9j;xPJzzeKX)jLf zMc_O|u6T^MTVamkwnhHN+l2XhHO?n8>)>RFV(_r1P`2p&15F$O{P<>Nze}1>& zN~`OjkU5{t*CR_T{x-I8^9yM)mo~P8UcL@}Djja2%6ZhhU?K_aWf02ctvJ><&7the zB%PgY;>_F;H3c}4|49xbE1P03Dy%1$JLI#;8Jhro%4>-9%uK};Vj6_B80WOK^0ypq zM>>q&fIw|$|D+^W#bjdTR?uC?UWUJ$H@$6n8}vdQR5aYc;cN^AOdP8A%QGb*BG|ej zDw6?gd*W8@OYYM3k_Kk+%khq)r19C34yt3f3#h$^%8N;skkvXHvhL|gOYjED?3=t^ zM%~Pg&M|kPYhT}m{f1Y6;&xaLf5S=g)P{TmyP!_z>ygbUb+0S&aA>HtsBz2HBzeBs z&MAt*G|0C9<|H@~H7XW_YyZ45N+2V*QA2>71KByCTvm9Ku3z+I<3WLdPiZfQ!>hfgvkYLls*dzf;gIK(!jhsUOm!zSex_VZ_K< zAKCJY+;nd;qb$yJ!dX3Vu)zwUNKiPHa`L)hX_E`!g}CW4BXQ})59;LLJWXzJP?Bek zQPx0E6tsI(f8Uc5Nz(Tdl&vDbXCFOEoUxWenDcRdB&jie>|!9&p68``XLj6VDpO)f z8K~X-VKu?L(BMXMH=70fIq1OXFjH3j_I3pgKkRERB_;FK25D7~3IfXO8B3J@vw_U8 z>vbK%ff2jPT*Zk{mX~4@bDA!P(D^F#35MxHw``b-=IAfuE&ZBb(z#;5;R*`WDhiS? z2+qJg2-xFAdR!UaaZxl*7jpY_$2e8T`JNpU`-x&C{&-cviQ79@v#*=(3Az6o<`>4N2h>1D`s(*lQ3qlEe3R#CBXIh*>OXY&P~jwL3uLZxu-+314$Q| zv5RWWxmV<+*BPo^zjK+yggLrzAqM8mTZW|SYS;`ryo&Dd8hPdwILe`&#*D^&b z29xujNP>@T!AlKoj!tY1S^9eIo}F2Qd{bbeHk2mX9TP`BvDu%y#p-;L)<9aYq$lBOxgJJ2RsUc$y$4Z-_64k(v?fGQtmK zblsxN3cAg~=s2(hca05)R3$_6E>&J{xSPO1$8v9wNo_OacKkpiD5A?M_F@C`PgbeX z&niMa9k}g)9V>6E6xjFX!LXF1CHTQH4}mqa_|6-nHD44tn z42mhj%_k+fa2-p5vKA6*lYxSjyBrCJA51q2D6lC?n`&m^E_0ww+Jf02(w54tgZ0hI zknh?zb%-o25OM-^|7cYLtXx`9Kgq2e8q^oX;NECA8XB~(*ek}%_A>l@5k5_Nx=4md?pxNkR2Gyq7hB` z5}cG#5DB%LE=&A9uWA@twm(3scvs%36$A72HYgG|s;RR1w0g40M0`SBl6THScZb9< zM%U4x$I(iN&>E8j)?M5bqKUYtp8y#^t*yyczpBV?)uPe3=vvJlrFm6tOCYeTTH7=C1r9?nO3tWb-$p@-+jVE)s zAOhrIV5=})2md(40=0@id?l#{ib!8Njv5{1~k~qD+ zh^*{l2qPGm80yL*++FKP)S{m_QaYH!E~G=^`agraCp>qi8*FS?>4R*&?=n*JZyr>i zt%Fa)+tZxlFOlC9$0?)I`eeZ8xdlEOfqRYIq9IPl4$NTcer&89l2CgpmGMkcBWvv(T0^9J%7u9uwL~rG#)A$ z&!#j(L3#m~BJ{HG{hk-k$D*LG7cs>F-U0W6BXc1(aWLOI0Ne2fbcB!puQzwP_kRiS z`S<#M!T9B-$Uc(~+8##)01~OSG^dVZ%@+Y^4s)GKJTz90eNl89(1jRlMA5ik+$s1N zPq3Hwm)zFnOHAOdw*U%sq1?ux_}p9NEhhVp0nBTZnYI3Ah@YChgbKGI%yZto?0$LR&CqdI>Fr#v(29ye%eLp>BY2;`$ zLgNPCmCv83F3Qm&NJ5&bZc>OkIUK6A(M5x36up@CiID-P;dNz4hMSXh*ccf76LcPQ zV~Qq#4q$KI!jvJ**^u~tZqf)$gYIzV^#>xLeX%2Hj7)tqvr9BI zu}^^Uw1CFTY#^G;kOFkeRdC3JU{cCvP|rKm4z2NFG^Jyevg zB~W*&Dy0nWl>t{E(M+D*<=TicJ9x*(y$m%dvuQ_mQbrPEEORAihUM4Zhc81L`2I<- z1p`Ute*`l8M^{#8UFP`K%WP?82C9u-VoK#^RMHY~bJhYXIkJyl&uzVk30rUN;YRUv z9~=VGpm|W=)rdQM^rrWdp8k*ZI{&UkHi@v}KFu8~R+MYkO1^{AI{6G!f!MF$`Uqg0 zYbp$$#Ron9VRnZ&a#LGt1uujEWErKuw?JYHVRtPL2Gah=^{$Mefxvwa@JRsIe+R_8 z`=-5H8*ja?oQ_$pryD#^$nO2%xl7k3t~xPXD*PT=6|@cPi{8Cw7AyBH7J ze%M_ntj4T`1ahKzBk#nVnBRmn^-)y}YF*tpFY({^F800?c~0nS(D=)Y6i--Vja!ZD zXjqR?Ldk~!Aw3%zHO+C6K2lwZ6uYrs#|E1jQLpo&<|WWfu`$caqz;ahk^= zFABh`32z&MYxM(Yz&Fx`JQs3!zEF5=O^SxEpA44f3?M)f-d&wvCd5M>vY!MluN$$g zMwGl71l-H#bXBEf&WatWvAO1G#<>omB{BaE8Ud}F0Ur@rc(yD15ofXIu(Xmi7&&L2g$r@VM|=I}YiBXl7vsW+H@%r)I&pc+D%Hs`9!3By zg~Hd}1J>VOnT4|QGkWVVT7uE~|F&grV!46e==5}(!@gKstR(!rBt!p*vbSr+XeZea zZGqvgt^QL?``-_7|Bcb{KaGkq0NNI~V(kEZ;7j4%-?L}`2iW_6L(ZP@J9Ayz>(=Y^ zV6y%m$=3Gj#^UOz`|9=ayVDW9IhdeVy_=hk7c!2D?Hm6bZJx0_JsY2YG#)^WB#9Wg z26~W}IL3+m?MzMu4YD8zMy8wEl$HAM7C7@BZu*JaWPYW&Z<=ODX5E}vAT>;|buF7d zxdA42u9ckHEfHq?k?9xd34BHQQk$W>4kBm{TZN?7p_nB)m=L{_T4xLY*qTd&-$J!? zZq&GO84{r_Q(iMc*A&QaIK>zz8}oR<+3$m;b|78q>hPz;*Ha>%&ly%rPGer$d*$RU zTaCp+TSNsby_$r;y&GXaPx5W|6nIzU2c*CUk2>f+^edw>JC;qGQU(&wL93mDB*^s3 zCAUTS5(~Hlyon+^uIQHveV8Gi;cP-73)08i<}$L)N0@Os!(xB7b<(CtKwH8D-r)(0 z1xhaGrbh~!S3$R&ALCN&ogyvnmw>AmPDu!UZ}R+ti^Ey!N*~R5S?pBHuj_GI)ONLdBPAYNjAJ+-Glnu4ESxnqE@1G-=t2j+0h3rFy8^0NT zp42t3E5fj?KAO zAI5Zcr;pXOt>j4&uytvzpCDr*eYiEL;4if5d($#Y-ddtz584%YJ}VX39Vr0HV!Ei> z7=pDI)ycBP<7NmbV4YC#H@?4obv-z{^L1jerW#5!E#7fRr*YsAR6Hc_k1J;FGR8Nu zZoEtZ(~tmnK={_r=MyqL&OMHBhYUC(PHMLz1P7(Y9g3}d}zbRU0I>*Xo( z3#C~2CfObv1UtAij(T7SE8QwSp1W5uU)ftK!+d)3Vo1rXfD!o|Z}*KUKcHoFpp-1y zrz(p^b#-L%F4gAAZWuD-iZGdP8aBH>Z!ZIfyBhm+*AO=9d+sUhZq`r6Z&iLP$=i#j zEvqX?oA;Wz6>$FkfC{tV010 zuZ)qpl(Q(2(SQ>iV_)uP0gvY&nx`(XfIlr1ud*Nrq}U0hGqcEtyTFjjxzgB7wAIdt zW%neF%E)CEkIO9KItQ-iaw_;Ig`L19@!0KQYbb?lAUh);c^!?nmt@h{CXM{>l{ZXg z%UF^ZleHk~+NQO9(E~{{u87`!$BH6IP)Sa~w7u&n&gCx2;tE^T6$`PhxtV}lrOs}K zP@_^x&5^KLaEOzz1nC=CnZ;v*MDgqcbNx6`ek7$>EB>P{Z)mcj3>>5yhBT%6k02RN z9KODqblO9BkkyMxT(-+$LmU-OOdTuQ*aBjLksHosq`w6plXov zT3sau8re=ToGWdd6e^C+YS@WzKw2;%N7{QFh6SdX%m7mZ|5RR^<_^4g z{bgWbW=CNK+etXJb=36ENFcOZWu#tFR_XPu*RI#ex+B4xH6eXwDpOm_9<$lY@0xS; zoX&&<%MCLPkE}D+ZN=dijyZ&-?gvk#cZIZUt}&ugJ$Yv*Jx*OWD_RkbO!-I5FCE@$<{T$;`tfi7n z^pXly=w|JW-KKTq4ZFD{n3tK`a2c?_n@BUw1NS=802pNbH)^M=7Z;*AIo4noMvA#o}E<#SQ9Sc_M9_K$c3|kO!K%fj=)kJW@Va76`UobXmjqi4FmXszAfTU4X_%3KDP(9& zEcL2w2G_o&DsDeSS~ZHP|2x6X1U?1A9y51lt=Ro({)Utkr1wN5E04V2G)SVS)hko4 zR=wFKhQZ;UMiV3Tq+8t}U`}2;ZuC)pv8qnpj`2JV+C9PEl}#w0hD!2Z<68&qJ29(o z*Jj2|3a+>T?Ugkw3Fk@gmMCT)V*s-1l>+am%ZeJi04s{Hf7~Q;8I5$Ti)ujt&J(vm zV(8?e|8Gc+Z69A1@;A~>_rsbKry2y_HM%0=bZ4g+ECvUaW+*h+g1y|uE?ihuKR9Ux zJEKdN)BFK*gcEzNm7E;UQRB&6z4MxuJKN4ZD2Vj&WHD2$BNuT_w{59wq+zjY(bPwL z9r*e8V2VAavh&9TJnz|@Pov_Op$C=oL!tw3kPgP%T`9#bj`fohn8YzVGgk0(S}cMC zrnbAlL!8c08S$WO`QYm2v8-??nvS56QnnD9yf0fnDe zvsRKqW^z=bph-SM!(S(l4WMRLrA_uDHLr|~SYV-LXD#dX^8*U8{bN*o32sC=?*ZnI zSNYOJ(o&vZWmo(pv?zkDHU=U+FD(6Hu{mm2Lk`0xNA=Q|Sx@5id&redNk(9)=0cC?&Wpf{eK+Dlqk3reZ3De12Me1H5gFK%qaSy>{d$wa`SEQ~DoRy1gtFqGU zo=V-Sy$&|9g50OVo>j+Y19ZrT>kW!VuW8pBMihg2Ms%E`w@mq+;6KIAGtn<(X;mko zWAVQz_^eQ9S@`MTg-+R?{_Og)DJ_bl6kx4AV-As$$Z!7_9`YRjQW5#0@4UM|Q?FP? zVx&7KZl7vhB?)&KK}=Xch3s7l35t*#{`nNx00aAr4*^C;fH>IX@gGwJFgE)Df&*|` z<2&RxBAKi|?4Umn&`h5H3GrVb2aRoBAE&zz2%()N0P6rZ_03l|*9YVCVPU|^T9c;W z&Mi~5Dqwr$#mqM`RPUq^d!5f0!x>qRZZ)`XlT#wOocP2SwQq72_ zt|+2sWM7>U?EA(ZPVoTk1;&2@J{8gkOL~DNVgD^zt@7~#9LUhYVvEHJ z6Xlne8JO+_fin^6>0m07_^3+ddmp|EeVAyV0x#|zGfm!K;DzrN{QWaC}`TICa>mQwn~J+UH{$Noz<&v*N2QVK0a zum}<`N3dUqp)FW62zUb48|H0LhCZkDQmw#(&qLeeU)NE|H7Q)S=W!|*j|_g%p3-7W zlj?9}<&+@T_pOXqE^>T_$qY9t4|3n$3w$&({m?rKU|~Gv*f#hEpRRecc?;|r|4p}Q znHN6;-f#IL#jQq%~Ql5j$ z2EcZ$JAlcL;T~GFK;S2Ep+jIcPE^bBa`Y4E5#jCg;#mPcDg+@;yWk-xJ4j?{AcqNQ zL7o~Z>(NzH_}aX_+8|NKql5@(60Kg|rZ7W7Y*GZ&A&eC^+|OXF-1Uu^ zlwZ1ioealab0(DtBzj7FSiRJ1$H`RT2?t=Gz|4K51KluD4#m)CX`%xv&u^WS2!jk! zuI=*ebQMYPO+bq2X9sB+OLBl5ry&i7@Lz>BalnZf-#z}?sS*ZYEj+n;Gp*-ep{(wF zO&wnqr2&>u^K@ll!1YKF0D}FQp{Jx&eCC(fDBua^)z>&U0D$>TfSI4 z;Wvf#F^-~-*mEG4R`nQvM2+DvN17-%iGcU3dpoKN1(A1;^&^Zoq}?h{PsaGCZZQhdc)$mV~l&TsCWm=B6wuOXx~bcf*KAy}ThHyj)Ua5mIJ@Ur4AqPm}M9vmQ~$KV@u=K}?&j9eWt| z0-H!dG-*fK7cfB%TPv&5q6ZTdulU*2^gh8n7ID=sc)E{9^sc)*jus7*4oD2o&-(y8 zMqoHWG1z%rs;^jNbD!EMe!^+_lpMk(+C`aMFKEZr=C&eZ)@IHY!a6yYiiK@+(WG;* zP5G9oUeFEf`abE#`n<5M71emh2l_y#a><6{8*(palZ@JbfRew7)4I04D|(G8s(45t z3uaSaLiUkuM|9N-d{M>fqC`_{#OQB zAR`guhiDpq-!LHyo&bZp4fnr6t9Lu+?m#(U-{ybJn)zQdLorYPaA#VNtPf8n-5;W@ z1>fPHdUIAncCKzIWap=cZkL_Q1E&MiAT)0CKM3H<2R+B;392bv)Kh3^_`-jX!(zE} zPQ))!`~A!Lz|$xHVh6cnykOE14t6`aK3)RQDrG^YMAMf0Z=d=8=hmkNz;syzKg>%*B*EYu52;%j5Ouu4n}T?N>(!3~w2t@n=qfGov{;+? zEmQfCt*F!WR4Jn<(^?i`DRJ-l^M&3&==g_yFYv+s#OeW?6HOxiM8k;;n*tb#>s}nA zD7~$YX7chbrPj<4(pd(B>~sD4iDlnThPUHdf;s_6I4FDfZMOejKF|p&(A+A4^#N|? zKP{7E)gMWuVr`8xj3md_qyw$ChK3GCvCu>%);h=D^Dh4Yv=tg~xYZqy{J$a!|2M$O z|3_52GN2NHON!@iVdB4Wc~_p3V=|&~y?AD5Wnk}MXQ*fS=dU%??8P%M8_ye-H-G-V zf6uJsYGcT(CI>Y$)OTQpI6@un?jKiJG2{8+qI@rq_+6h}*+E`l|S~8^Ta(G~Y17M}(u z;#DA}sHmyI5F_1wdicvvT$SCtpDb7|`gji0?Tz{yI%7%euf6s}-jOCF)*ATd;}3_{ z|BDs=q1l8E=dGU-O5eCs!aP4S6E$&GVqjp$;=!9+CE!%`ujFo&6yI8BF7At42*lHm zBv^*IgjU&2=F%hHMSgPtqmDcJiT{TDL9UBxVI^!V7(p_FLQ8-!ne8)@4^j93y#7)8 zjRqw|1Yg_euVxlgsjZ-w%IFso&v_S7`jM94ZwjGL8|ev_PUYyCE%!-^>`bd)C!Wuw zlU%=>Kf*lcBws5hYg94w;{Mh9uaD~@RHn8KU}M-e6y(z9PJ|0LNYgeLaI>Qndz`8# z_{tX-BqDoGEXeo{{zl;Tn}`W=IUeyBy%Cx?nWIuS8V@E-uv=u?%F#-o2Xmesk&>tV z`GSE}uE>WFCLaxeCdb5By0PLyix_GDXb5^%6LB)m zU-Zji``iI*o7zC2V#AOs9~I8?!kZ-X{aa%d$>ZwAxRD{1LcfGiFyYpWRvjJirxmUW-V>PZ={ibOjJ)SjQCX!V>< zn_oDTJB(MUWn{G8G~+cQc!C2Le!a&-^3*?f_Aw1>7D6;v^SHrIw?NAwvphG_Fx{!# zfzb?yB}3n>AZ_oF(d^W;2C%I0Q{1X&_`~0vNwB_v5GsuJv8Tyd27x%_KcjnG6p!U! zYt{n(;!b5ds9HT0nF{M07^2eSWfmn%LiIriptZy>9n-+6&Yq`>N=*8>-Jy)~^<}g! zwiMb<37uZsp+RVO4xrG`7F-q!wWbPQ`hW%Hzj?X&LJ@O0?r^7D~=n>V9 z$FaXz!1sW!(yV8O@7a0LEeCB(R=9fwXB4&PCz4{V_YOFzCejWCL|NLBN6>%ume2<` z-6Fhrfqll&FBVZJ_#dOC@|{|3IS~XvLhlU&;@X|HDz2DZrYE6Z<^!L&6rPpR6O13` zyZ<{WtkREKRPTnm{!6^9McZo?M1fti(v-z_)zB=vMdzbaT9R*nJuaZ_t%XNR)h8Js z{3VtHXGAlue?}xy6^lP45sOw{dn)k%#H-EA^AlGPOuf`=y3!>(m-5xD>BGK2YdzWRz$6+bT!Nt?G`nY*rk6u0rCS8-lYG2^!uF=4Od)D+~_Dvx<%G38!IAZdPU#mFkrJ03Xlfs_M^BGy$F>5=d|;;cK`q1 z|AQI`ebyJFMjM^yv1RdasgMp!BEq5YT0wDM+*b(DY`oIHhtsMgTz3x+W;#*4dx1Pm z@ylcI4VB5qkPiP+Ua`~jRgv=WXqkP@b6+Fy`kqGF*Njov`me?T?7$o>;hD5UbW8XS zNr&VXR`Uu|Atu8(7JG#+62A*H+KO=H9$l@9h!fd|@9F&|X zDnEW9p+Oz+lKb27Y*d)93ufCrRkDdSdW(s&E8y0+Cg}Fv`;)c_Rnzxi=^{+6JTeLL z?Y$VO`U{R|3~#%2u5F`2ExL7>b7X`(t=I6Cb*&Oi>I;cBsw|7z2({p~@c991NYE>+ z8>RLuZzdX;-mgUu(H#j+f59#dY_R2-e3qwiFTp=6Im-?vpN}_Smb`M#*Cmi;z|Dv< z*KK?saCX|YNKarx;tHwJNm9SeN>vc5B_VO}8J{mN0kW|h$yT66+}uMQL;zZ5+OMIe z7ch@mq-Uu=;P~$=Muwl=I>}o01eQ5Q_U_mGwi7vm92J5*8JRa%=bJF{5BD!0c0YQU z*2Gf#x=Xm01m~O9$}sz~>3q=2Sd$U6SDar>kgf*Hs6Mk%+1yMK`%`yyY7tPlZM|Svk zVF?ZGxx82YUY>v6_i37PV&WTx#?o6GXd#}i6aW7Ttwji9BmehVf_bl2gEmnhn zxkbhd4DAUoo+&mpwW3ewt|68d)525mQ^`NC4PU4Va1eu^+0eConowL5P8+U$j8jvV z=^Ld??H?oJ9`{3ZN6kvPzKF8_x!=Ubcqpc9OVs zVAtM!LNko7AH`<3W7?CeHRafcx%e>yU-7(dZ3pYMo{tJ`u5ZORc@098UG!^}AQsI- z%d#T8k5A<WPy?JzNnu#oFiFQR!&r%|31L*pPN*=mdfHoHQ)&;Kzh(w9Lk1o89&4V^{h&NvcrX`)`%-(y5;cz#S zom;H*`v_4GO-pj~3IrQ*YFjJ~aZipUqJl^1UOl>;7_*0Lxr7*fWE7TJ6nI+qJhQ0r zhvk=y$IrQ6@p6@J+*dbg$8%?B45_X->;7_{hZ;9tqgG`WFoFpww`MNyUR{JuA*}Nv zx<-BJ2xb$n_(ks%rY~O)jMlmy2-ELfrlvA7;0mObCTr2s3pU#iqzTtvjmgIbQKSwh zd8lxoI(oW~W1m%v?p#czW*?o6=Qr=W1-IKAupMmE9AY(HEH-nZ-Z3BrmRI^dNw2YQ zby@d$l>&a&M-OUiTb^E=r>?>=%$6I6`!!0gT3I-dG;2ZYyOTWV3pf@LvA+~*q4!v>PaTMPPf zF>{*FAs0RFbur?z*W1Xd^AOc2mUqVRLn6dIGqV#p1o1mYeF6%tTJeZ+m?PHn3x9-N z1Vk#LGb>4hDQ0JF1#HP4v|3g0=7pi?p>jqSUZoOKZuKkdZP;O6Ji zv11P>nJaXCTBd&VQza;=Wc$-7c6%}g=V=A9>S;J``*SU)$y2)e?{vFPWu{KQzx96V z8dFq7f+-Qv#;91K_?A93uwI}rolVGz3Xdqv7=u#voOr*4lew36w#zXma%hR1?Lnr# z20#f>-f=<=)!@)PVhR56j`9(ql=AO~<8*DVV(GC&Z`ov)E;%nHR*2JV_Brf2;%tl! zT{%^a^U50|-YHw)L$oE36%x7$Dmtu_HCoWM!jsddJ$X*3^l1ay*r92xKt>X><>;W; zbR&trrvt-oz0xnsYk36SstUJI#e+iH`L@1w;gTW5qj__Ym7T)IZ5K@9A}{ZcG>O-` zoG>J2d?zx~DtD*!qL9;A_M{TodLvWp0NG=H9XPy&?FJvJXo_vRuFIa}bmhgpc-OPz zaA;nU+}_RJHAW!1ZPI9A!|;A%o#~aK*(i5kCVN!15V~c25S*3GB348qh3casu}XbL zqp41)wn8GgTdpMQE2p5Sp^WX6s9!}45myQKDhO9TrA^A%f;l|tV)dp{+D;!~sD4E! ztReaRwPcd>+2q;TKQ0y{b6y_ksfqA0m%51H((9>QEsp~UblODmv;obTiv;)O3Pm|4 z)53SHN-s{s4X|Vet=Tb*h*Blw--p+o-miXIgop^Yg7z^-&gQFo?&hUb1rf!oXN>R1 z3Tgdr8I_q$1AH+r^z>O$b6Io3=!%?gn=Z;&SR9#8&Bm`R(NJabN$TIPI?v8`^HEVF z=c?jKiK>CzbXuM}t4h<+80WizwNMSJbA>YV1af!Q%O!r|Gc#8`E6be|d&UooCl444 z@6`@Ddd!Uyu#aDqyJNV%exn--^g-7-x!Ns0*-)qQZnes@8rH+}jlgE5Y6s#iP6-hc zom0EY4>Hj=^o-fr_i9N5)YNo{C6vYE{9}kBN$Me{&h#+3OJ#1z=!4!q(~B&%v(b3s zjOSso7#ismu+dEv4Qd+QzP&19wh)HTA+z6=Ww(=dqip-h{&)aEu72=^_nZK+d%ZrS z->5;r6#1@1NUhj8e+RyC(R*xc9apTC_%P&sGIN;P@r`A~CqoU3OW%{ly6k!})`9O5 zx(#o;9?LUTyhs!oJJeD;OJl@*ei4AMTcqhL)KW?e?*$F0Mg7?7G#8Wzb$hQ&v8ayz z^@DNJj@;2FF@oCox_z1GMD#~kXgmXgEK+LLhSnb1I2hwU7g?eR_a%^YT}7vD!Raw>Opc3iNqJ%3b;CD^UtJqgalry&ZlH59BOc&e1di8W_OczS*5? z(D_XQT z#U;2q1S?(~8Yl#J*W&J8+}*9XyW8ZPZ)UFNnVXr5Jh{lW?ES8HulN63a<;R`hjW{T zio7N!735VzTx+RNU`#DeTfl*Z|BDCH+VZie_c4YX>Z^%u#G_A@|{m< zx$gn#i_hKNBpzI(#TS-sK9rw`s+|Uu$(vr}C~KNv&(!LBb?yd-%4+664dA|jA!wDQ z)sEs|dab%*Uei5?t}2`~GSsW zh|hsaJR09Rq}Pn7J^yCu{gp3zw6hpiZoVPjFST(U)^B#2TujcIftEk|T!>!HT}U1} z!|8SU^62=^J0fO7e}z?u)Lv?sZVr24rQsh~4#X$^n3Sl~b=J@DcZcgQnC9Nc;b+Ob zAs-L53k-`7bO`!v;@+>^?;`1jTK?2Lc0Y=z9NvA@GB0%N@D|CVjV}Si1&RDE06u)t zyT(@1t7Uy{e9bYTJ^ZXQd9fy&^ZY@P`s;!=51z5Xv5M}WkWG3{tX*88PkM(3%t2DM zu9gSa+MNZG7JiHOWWN@d3nT|G5qD^9-IbcTJ0ke$TYq)XD9Fu~ouu^BZ?Po};^NHc z*>b+S<8}?Y_PoxXMWJQ*5UyJ{5uWcg5A}_TxV5f8p!7 zKzl<7p~_XB;Z^=4ilu@BV*}MogqF!SdaSpdiRI24W;{~8nNznC+=MN|s81KHtflxP zKbS>eqSa^eJiyzh{4$S8Ei+P(1NV!%BdaI4Tj_?L%~NCw%6weFvp&9E)ZA1D1Rw%3 zL$69U>FaEo?zROV_@zOwjKL*O&7b&GL?Vn+K84Sg#p87b;&wrY%h!iQ1&WAd3_mPI zj!COMN1_c`m06CAi}o&o?o(qLS2aKz5s&YhZ%tj%<=uvs<)i*%r@c+4-b2HnR$k>t zC7}Ph8yg%`5?F&*EwxwH0HbZwul_dL`%I~0LWCeSch>+_^+d@3Wq)W6d^~%+R&JQ? zN-kOT%&=Vq6xs$RUq#Pgyt?%Qm!=sjJ5mkFw7)mlqsgcVKzzFso<5QU&KB;vsoCFV z5Aryq(q1ktJgsoZw@ST?l`@ESOa*oGsKcbYa8a1s1r&Z`x6AyI0e zS#y{#gcCsszVO^N;R5gTu2X*8GJLLh1_FCsSXcX0ynIuBnPlhI8!lWma;A)24jzVA zH*82WKk(>QJHIqaHKwIK0zbzkM@cG?kVt>uopu@FX6+Y6diXV>oBezCyB=G)85bCI z;`(P18s+KXFv1qXxV-jFX80Eq8n=_cjN4oAhZ7j2taBmit z$Kga_27S3d6_`g*F)^iu`iIqdWGVPS1@LbB+GL<;Nih!8CE;)nycq7IbGd26YC)2J zKfMSz6};(t2Hp`A5&lMcTp;?hLH_v6ETfVd)k!!~`asGFqfoh0ecSu=!D5K@8yC}; zIQH2%j?;*ApLtjZh-)A>iZICg?0Z7ByCN_1NhIWCTITfr5@E5 zf{gDBt|ReWGx{Tj_ePkzSh3w2GZIitO>J-X%9vCztOS9k=7v9hHu?@QxOGg2ig?kA z)kwR4&HpoQ;Hy^v7<6b(bE5({vp5k>aOXJPTXol>J)A6%9DVZ7=n}jkgZX(luzE*i z;TZTqBvxx;+*g{<%Fy5E_Kt2zJ=U$w-N4-++o%BF^T;tQnhzAU<)##+eGkDe@!;FOwcrH{W#5`wA{E1(JbIa=)+W)a z`rQo|b9oP#&}yVCygxTFL!5}G8;&(zw>w6|? zlXGYmge~xc)$W62HWd3_Z|%%UVjs8ko}bkLnWcR~M_}gEH^=cl+N*i_e{HSBqJL`C ziuuZw;IXJfITmvlH{1O4XU1~IBz@Dhf7Uf*2ar~%-jyG>#@)L84ddmr1Hdvu$TK~u z7U;YW{08BZnS(r6Vx@hHKCxkhHwm_^!bfhHp^n=(F3tCoctKGX9f_A2@N48Sp0}`; zp5A0Ag5IhC;i73jk%hIX(Kn4jzu+6?wZ?y3WrDiO3&_21vdS!*Mp}%#qw!RsdjSVV% zjIEu8GoxRcNin_E0j?srWpU00&df(Om0Wf!{1oj&cg`&f8nGH9$D0&aYTqYBt;93e zw~_9cTNry!d!Vgqw#~;&b5?$q@8~`*#f+8gZ3$Df=t(xEB?~V_@auCeoe0%dnn_%f z#V)1coC_zwM6z53A6DpXWoo{OHM<}F%uo3?w~DgfyJN2uSGAO%85P>XRnno@-(a|s zr~OE@lBd-|Vns1bt0MKV@b(rDc2M5J^gVwv0pG=w@^^P^O;2D~F%z71cNpf;Mvd(` zHK^CHuFYlE+v0W-Ds1#Sr~zPfEf`YGgC?W;6{ztJkvD$Z?G@Sg<%m`@NmZ(?6r0p& z?e=uaqCnlT4+gO(K~C}o8n*RWVnNDZ<(ycx`I1I#&$1u$U-_In^Lg+V+8;CiiJF<% zU6)Wp=S_Xo>vzP(b5+>*&krL(vF>RwkIDGQ;)LTP$Q!(rpxGSCn+tMNJY?Ln0MQ?Kzd-6(fHYsY2f+V_|OF?NAEjiFA zd$96e2@O-#4x`bg5O71C`vEFgakVcGky9F%=Z$zq*`4g`a^ysQ*!QJHvQEzPjDn@{^BE2|&V##WSN?bdpA>p6cFsS=3W5vGyJ z-6x#v9zKvIY0>=2iOtoDtkw9ijpONOcn(Y_!d933vAmH5a(3n3RyUh>yJ052omq5o z4%^@5F9Nz!@TUW({!Z*=O-K6>m(zWu?cda`2rWvAHCV|ViXuNrDeb-TS%uca?=)9Z zP{z`sPqh3Kw)FXGQ!7Dzzh+?N*T_}T$urqXaW0efoBGarJa}*u1`!}wc|C(0XJ0O# znX1HkRapUxE&@q8yohnmul1{|ygqQeQ{REUd~@}P(W1T1$L{UZI{+T%iq#*ixY3OM zUAEp_EmsnR(>1M2i?3P5R>vxit(PEhnJSm4Sgx3F1ngC1Bm;$IXbf9ZS*_l-`uwlX z&3V&ihh{tVc`)}h7A7(b(^}8=uhWWdb!ATQDKuvm&NH^x*Q%T#DwUbShaUEOBL?fu zuAk5SDFy!`jeATikfkuQ0oS5ID0uWT&jSi6oH);?8;p0*uDFp8-dQ1)SnhGD`!}^reL*EY>ndp>T zijLs@DeA^n-WOAeXVvETRw5(se_Q2s`S)n`7D++Gnk`wkHJJ~yl{|%cd^2NYtIBeB zddmS9UA7m3BH-P*<*R0Ns+sGZvu-En$pmr`<(@6D-iCH1=5Yz`Uz1et3?BbJ&)O8h zsUlucV4GNmhEWe1vzSdf>*I76v0)tkb}#sRP;U9;W?{xA9Xt|yKsQ{}4DYh9Z`0>& zPNgsNr*k1&=IlW~p0sPQg21QI@OR3YzF%sS8cCpKvnx(WufFqgoA)u1&aGlafXlk% zQoGTw#ZS0~sy4rPL^Us&tuzbkTM>E9V+bWxQ|BOh)FN zAASJlGq*r*g~%a{N52DshYzvkKS{0kg;nFyqm~I$bR(_p~1M~&+A00(2v+x{(tAVX+h7`W``kfE#_t%2{Sy^I^ zLh(_y_@V-x?hehmZtXOX=wNvW@S$l}NN-fl+;veNYwVfmzJ7vMJDo+;PY?Ty{Ybj$ z+4lCXchK`XbT|ZbhU8GM`OmJ2fu*(dRZ+7y*M`W(Rnzsge4MH6T0t0P* ze~;&|VNw@aXeHx5UOm&d;R4gv!&qRYj?Zo8>u|X&q2SHCUi&NMOG*mNn~hRWsp4zT z%!e#d?xceDT8AT{%SU0*NIq-Udx;@WWhc77PRZN+pCuE2F<`?%pdT#t{fA3T-zoyw zIt497jJuzulgDuLU#JFRgP_5BB9qkNNem?^LK|)DClK4mZj9vxs3OBrK>g4n$ zu$H@9&G%jmw+kym-fG~z{>4$O`9~1E((R{zpvV0m65!xxe^2iWzaxZ&ZiV09kFgi( zQH7Na?D_&*^o0Eb^89~l{e(9gqLphyzjwmXLH(Q6zFX5!0vFbwR*$q_aZC^xld-9F z82S{amDRg&hNS}7qzq8=MeZ7Wg&!{P7i;!G#}sRh3Gy%4DzO{8W!N)?iAUq7Sr_%^ zZLBKHA`#=AHS~({gZ8gD9fX-={=X>Y{|k!r|7;hT3`0PZwOdp;VD{At0`FHW9jyr@Hq&StISJ0ngPTQ+; zG?WxPeK!xewM>xWC%gOXwvCR+kUs@U+Z7yAU~9K&?0#a5t;h*@gURX5K2CSD`mUTI zgSbxrWdLS?(0}*Jq8xd5S`euWxLiNF#gt_6$*(P5{@IPu0~(e>8-fmv^a=jGa*WIb zMfs8=+rhY#_QKq|Aog2_um)j4e<2D#w&8+mPS&UbCczWSQwxEl1-N_&f7Z7~Uf+s^FHHA){L3|;{eJS;Z zPYFS%6!Vrl19N^-9_k0*n(ay=bObs*WNx|=1+nCIdh(BQ3_W$su;A>oV+0grA2#pPumCkcD(M53k#MzJt%pR$G|V?bw`i1F3f*a z_%kbn&SczA?p3i2A@#F^%Xv(7foMU zoB~8rQm|!Ki}0Zvb6(1+rhYSNfhQUIgvE)@nsLo%eC3ZvXCvz260`=de+}?^Nki0q zfEz@V7||=LIL#E}U#)x(=VO!F~zI@}0bTJHCPxorjsI(8-T)K1J=F?T?oT1_6;xfosD6VwZmz@MalSw9i+{#)p zq-t05<-519fO~68+8%xFJ-PAZ*w1-yI6;+6#2bB0>|?P!URF!sCBf_}l?IE#PGR&B zkG`>#6IFpRZnx?0;!}=3%OW2Z2SukwRBOy?L!v>4b!Wq$7>gVG=PON>d|8Pthk(O&<&5n5En7yzjV-my)LU4MpIOQ#B=%3ZMPw#K&wGl- zVYju?T}x3eG&jGnej)z}6XnoSC>8y<;I9g$7fF8q(u?cUE^%jzoU3ie$eFj_#B=IH zmiPEq6ZM84DKrV*ls9z6dktCHM$5<6=nOwPi1L>-zk4Q5%M-Cb~spK7d%fc%pj5Q+GR0XRGa07?~J;og}P`CUOqnFgTdgSwc z-0kIevjp_>@|L?H#j(S1n)AuN9pyAH@~@Q?KMOR~PbF>>%cK~_n(T)fnF;Q982W$X za$O~;+cA)m*J5>&!tPQPB~n4;1%y#jURLd4BJ_x?8`$zyw;_MZ9XJFIb1dCP%L-i; zNZNWFY}-}}f)hh4uPyHTNgj1r=erkid9(zwUa7>1dsX|=Sppf7LOJt@1aLdQG$P{F zTwZoxEEacyJjVbFIm5OFyE3c)aM)@RTlTDKseaInSoBbyo&Arr;azvc(vVQ~lwjx% zyVn+`cyLUwIp$V294~3MH(=Np8t!tk4OA45opB#6dERER6#liuZGN_RUXZ(#Od^B_Z*eFtU zyYkzXcc{NL&B{ix=(sHf#kO3>QB;>CExKRdg~};7R{oOVwcLyOi|&4~s!j^IP};Cw zIfM-Tme7G|nPK+S#I)fFb@62TD&$O6xG~lX^F(B=2#O{PGKI)ceIavv6m#|yo}bTr z1;iNt?CC2gX8klz?&z=hc4K{dmXgz}%Wb_FFdJ`1@ia;UlsgrjjnQP1>R|uuCP#6Z z>GkXTI(+iycInt(QZx#zvS!>7hdFj3u(s&ZZl0lGbF9H7Vd5=~-f5W_%-j^TW z0C)p7)$YE=?za;uPu|CIYjhEJQ1bZHd1~_Q1KziN%x^!{is01&aJA8;CnO)A5TVS3 zF2Um#tlR%~=V;ubYpdm$keu_o++cFqOZ7Z>OmODUobiJGVkW1XzZMjDkwv8s(#YFI z&#(PBPo@-1*g@X@9zM@D2PIPUSWqHGC!aaoM=vn-JJup|uZe!QN7>Wt6m?(Db6|3; zVOL0vctbL!XoQvEt>FxEXD1P0_#5ruh_8JOSm>9Cty5j zPjrNjmtGT#LU3tImk1}cmeLnEsUyGUw|{qqxNQwKP;-gV(sDdHmVg-OCZgTx&6!d# z_6@ly2`dKe)<_g z{p9E3e@grKZ5C(>c^MsgE4y$|Ws~IFvM1BU_8xe0C3I#E9fKdI{EFgZTE?iq*G3cA z!Nq0gXTo{MoYfA@nS7Dk5<8bWS)2ywC$>;KWzU}_5{>Vj(hq&BOm8a3zpk6J<+&GD zqZZVizzD%-_CfC^@Ipxb>?@6%7hxlTWLtfApWmEfKkYHUB44oRiwglA@+d8TzpDho zYEw_1>}`GhL5*~K&1(Kd_yw$S)~#3XBd$i3*5js@d%?y;eZt8lx_i~}Vq^q5EhPZ9 z>AhFYhP@FVEH!Ao-RA>2SMNxfn#l2*zj@w&vvAu~y;Y>gK3RvUxfMHR-9U&rQI5^U zRF&lvPR$gt@nB+lpIEkBgln*r-62UJPVZ3{uq0lmgd6DnU7tC?g>@Bxjp{?n?QHfsrq_V8xaN5bU6 z?+ucGygOeh>P?5y8M);CF$A5D`#O zlHaX;p{rCIlv;L0j&7nb!;f1Z0-{Zjb^{RDQ$RuLA%8^a4LeqdJJ1oyn%%C>C!@sG zP@_@s67yb3cC&NwY8-7mOD|yrjHQJ8h$C6n1W>=AKS*%Qt(m;oJ2En3pG$XeKCf1JzNGI334iEO7eYQ`eNq4aJj!H3UU8q&~Ig%<#)=aoe zLpQ!$h&(XZH;h4lPRBxH6cosX5Psa}uk?1Iyg|<6-+KL6dG3SALngk{!*=)y8$0oa z18)Nhi|y~?AN*#q=T6mE8Goq`|9$^AS-#X!2%1M*ZgF?S`%KcizbKJGU78H^7%IqW z{&7;e_t&svF_l?&A0N?ixb-rCZ$($ls1Bw&WX%c#m4fAY(r%3^P4aQ_8B_%F9;rbQ z3T^;WdiWwEhfj|YReq*3>a)>ugDaiR-WfGci)KZ^qw!4L=vHX8{ACbu3ywEgdtGR7 z2EaY)bh73yKjMW~H?CM)Sgj%z9RfzHtQiay)>Ft-i@W-b)`bAOsI)8jq&?YFj$T8V z^G^3cGWj1sLQO^)D6hZXk|H?H;5ETmrE5I{Boa8z{ zCL@tRi*qE!SZwhl_VZ?rI`>ZAH6wz25UGB)fdfTK88kTY=z ze8!5LHr3clS;h(75tjJ`iYi&u;+ysFV0J6n-2z zRI@-v7Gyeu#6O;i>LTQYbJARKN&#M8EoeZGmyUW=7~THqRf}JLYp%he|p#VbI8h{WjzSo5B5!x zS=F@>INL+O-J4yV%mY_quF<|-22m!4Q({9sR0P|9Wl$D}w1Sk?xf;`#8p86hISn*9 zK{&~d-`4FQ;D>BSX(wMHvO7D16njzGReX4yE4n0*#K(1Cn$sUG3*S_yGVOx@} z5zLp*9&O0pk*W=`@F0Xn>4Qb5Juhm4t{u0cYNWZdLQO-r*yXUUt0l`c!mJ6w_ z3L`3w_2Gjc%ld!Z-`qi7WCT^aBH6MJg>-Aa|CR#Ss45~~D{vbZ{=`+om5NvGAsz~M z1uzAK%gXTw)Cv3Ui1W4d4ZH=u>vj+%Nq?@h6H<<@37M;fJEf75xHbd#9r9^mH!sHX zx$Wf6n_zy!cpGUUD8Cr04D|oNsOV=qnzh9_HwTfw*fLL3Z$7E(BT3I^yT&B@owyi? z`O%73{`)t?=M4hMgIMp=6F+}!g{RmfAb(`*oFL+sj>690h*Gwyuq{bTeD4UMR%1hh zoxj|uD2WK=X>}uiipNqt#SW6jx#FJ~OmH#+Y-493 zXadvq4U9NmU;BrL60@T<9h$uPB7vF&@5^r}hKW~6qOU=0=3o@aV3z;;Qjp>6CjCao zH_}$KNTA=O8Ek_8^FGBZhGEXcCzeM`0L-R$++RF~^v5|%0)Gq9$LXI4M!qr0obys09gQ#)F3rQ@$ao`q6l(kRP$|-B^?Db5 zGryac<$s&!AF2B=(scVl6{Pwd*6e-eTu-s-qkv5o@WkiF{^D^;R9uYvH7VH%dN!=|m}e+= zxu3g8#w3p;dHAb`otA}<8s?TYW99Wx+DF)Q(xS9M%kGaJMz;C75*KBm?=)GM7JL;S z^ZM02Q^mgnqoqd{pf6N`*Kl+jCjSeV&+(avbkYBpV-8Ic2f5Zr7P08epAA<*TxK!5`muIhN)yk3;qd z3VWIP;54%uT4Dolu;8E?q15@vT&G%X@?c0jL3!AHcc=%W%XNa{$w%sXB6s@RfRy0{ zB{)WVcLQre>f@ST29}d3T?-WV8267HfkUXPld@x-3+$x+gLw^?sCF#gmsg4B*OmZI zV;a*hmWgY?qP|${vya1qj}K!Z^ZV0lv-p*k8UGu8eI<%0vz{TTbM~T46{lLh-;C{7 zoo*Zmo69)gt{mTwJN;i5{L#(@&R+K@-tPU|Am{jTR0LO&+Z03ckel+M&ZkQ)!A`=r z*0bltL37^c8QZ7PU97hi$B8$JS7h?kd}XoNJO9@_`VGI44%o-6_orJnKeY$v2h6>U zEQ9n{c@{VSw>tvEZ#`F?k?8&JWN$293!LxQj_((i-Wh0-SE6r|?GIDYy~{7}S32yY z8=c=MZbt{Xv}IPkRZounW)@ie1^2%Kfe{C4uXjv4*dkv5WQ1jWdgHXXAUHhcC?S2Q$_1};S$eKh z#Z%mjf=a}f2~D`vTyFHnFUt;%%TYK#3K&?g)94jVJo?)wQMhB%K;AArng#0@OZK=q zx98kd0L`u5cbz{50;;vf9%@)bYEkw}p zT4yV?%Al^6r`5B)`TR$Dll>9(#1@wMDo2pcZjx^Ij^=%t<2nghfr|K0fi z}(8RIe4smEIwF-3d#IRXd?6sTuHdjP*#p~c%^oOyo2 zYc1~V;^^tMm@4VmEwJrt=czh7NC$bnAt>Nb#b34qLlg z&V)S-vU@Jwh*|@;L>6C?Z?c~H=$Ykf0^6|IK+ORrd16nVL~i%YZ%aKd3t`>T!lbLO zX%21+ow2)#y{oL|1x)wP5Gla6(xVsbqALU}PNc;L(y98CN|GYw#R2zdM4fc_-D&E0 z>OFG~wHdf;ebY(Mz9o2-U@PDPd1E<#XsV4Hv2WCpk;b9Gb=b`H>U-@7Y$F*ogUMa% zc%-KKD*6-Qxe_ZV%8S41_y|92K`L_f{HI=()V7-`^)f|=Zax@@H{8?$8Tp-IVS#_x zhrSaO1=Q|(1eeJ$<1{n4`b;)mbLa^Cnfr@ak)gSIZn^_9{Q((?4S;}aHa<2Qff2Wu zpf|D)l_g)mXs5=f478Iw>D*HtJvjUco$x-@yWr*X4u8cyv+~o2s}i{)$vDA7isu4F zRgr{ihmZH4^HP{XIB{x+F3Jp+T6U)>>@r zJFou5!KKSjYKZ&#MSCzUCa``blf5{JW5hX8ywI`9$ILoqB9b~v2DHP2+(XBG2_5v7 z?*dcRQ^tV0-gHd3@|WKHYlWsU+ntK~SnOz)5BkP#g7ARIQBI-dwrF%v9BliEh#zb)|rM4@V#@$zK*R*6A0zm7X|NgVdqiC?t zVy2%U3N?l}Seph zpg$x4og|FNSnZ&RyS7@JcyMrMA)eTaPPW8r*Unbx!St_Mm!w`(sEW~3O(xc!dFixJ z5X(SqVW)Dbc{v0PPq{pa_@ejBy4{Ba9z~Tw5Q)a4MwW{{%+*9XW6g+eK`!hR@Ypu< zQinaNFM|EM*fU12(@&d)%q@_@{g+%f7B6ONd#}%%G5F=E%mCf5b|@dCmZqJgzd3cM zbN`lVMPy2)^1`|nu6;rDQ^rD$oY#{(wvTFS+KBHmcY#;O`9fn`cGNJ(r%I3Y3P&V( zuiY8#{4a{+^T&E2N3uy(yMM42(^?mPcH|hRdj3+_K{#Q;6G7TbZ+scct~EJUyjq#E zPKmD-wwYm5M|t(rB53=E>$P3=G(F?~n|D~m^1^%O{q*C2b{?mCfkmmTgyM$ z8Ut2fEQ3nQ;Pk@Tg^>HEm1ww%hu9D5bcS|Ok;E?gj1&YhgIOQuEF?c3h>I|~rru#i z{FT01JtlpgtF8VO1@)-86>KO157KNDgOGhP-QtCe#IcSNyyxaUX&k%18rF>*=MQtn z#LP>GH@pj-NkjszqHR}h?*tNxriQBG#4L?6U^KF{hahr*O7qsZ7!{D7r;X}hQUR|FW>F&N7#I0_k27or{jrzl7$E41>zDqsSBF=qFqf<7YzF>V! zdVG{`G_1BxsV?`?BZIEuv3@AL>CROP z1gkKD$uT?4yASn6mJgdmo{Jwdd*51cvS~*v4VEu*T}{_qXAfeg?5PlsW5uBJhTlQx zoOM!!42*>K=q{bZPz=rJjfB3Ngff?`K1t3EDM-_G7EVnrhZN`hPN*%o?EXO2Fe@2n zxK>)Wb9rn7XNSBm_F<8VKv(FN_FBzCP0E0=oBr`hUa7!HKjVaOvNyyeH?;f8j(VW= zVMr%r#ccBPFKfq*ZH4<4hhq|H_YIHN>_a%`i4^-l3Iyz4q5_?|A7!rV98nj&q`u!2 zka;=BkjXrO2YlW$R2h9|Y*=tQOASp5%f1~4=%yFb=1Fl*{#Ov|OnD%k-l&n! z^qmQ(CV;7z1!ScANNF;?G`4&8$6Mu4fYKtiX~ptO60NpSpLk7Qa8o_OSBYFa>s!pa z$haMyrutYymvZdAWPA7!c9)ydSuXCXRx)=U2NmU@kr<;Zf}jC%YLK|#w3r=>2E+5c z(GFBK>phfa#E$&+$g+q?N)xf;4Q<*V(=DhAhi zA-NlD4LpY#T%m?)An)eL-oP27wjymX%J8Kz&$?W#M!St|a?&Kf^c@7}tIrmkSnWa| z6IuPar4uQ;>fsMKP>a=9^UKV?;V0Mpr@~hzE^>%&jXcoEfNAP0M?E7z7hW@ATe6!K zY&w6s2&g(1GE~XPjfYvA>yFNBS(;ye)}2Xj5k3YJ%Qwizv?!{343wT2>Lwl17O}hE z0M$^Z*iNS&ByWNxE8NA?iny-Q52jt6PqH~R_1>s43F zF)p+a7?T;MOa!ifQwR;M{{5N2c$b?-TF&pbKcs-tQc^rpQ=; zLnT{-Ey9;dcH*)bPougE2m3br$|Te-hKILqAmD^Z1wX}t*|Jb#&GGsEqRKQ{-9POM zC#kWTIJ($xwtU$@rW;u%$Mbw$x`s7oA$%sy3TDtJnV9uo4-NXsUs`lZ$a!>QKpRc| z7!b68P-|)abyhkl08|lQTF$xz~ClLAO< z<@T5t)nI;fe~#)$k?lSumn9jzOaAsyYHdJDoito6}G|#C(#57G`#f&h&?D{}b&Lk#0-qUN`&IxiQ&_yc`V(yZ2kePrCAU0LaTYRM&dfyJIlUUmSY({DzCR9rTh^*w}SS@NMsLC=;4k7Zo z?Of(WebyS(Jd$tOsRM57)KZjBJ zEH?NfmbsdW1)ksG&VV>Ir%27L<3-YdF+`{2Cul*)Fh^8t2ewbggl)1;-5wR1mQL`N zFI_xI&saE&I=RzOp$-A7*O~?<2<_QkW@rEDuM%JrFQ^L2!_Y|m0)G~nIiiomH(;0y zhmg}S7-DEt1O^)Yg14d9KhW6!v8ia_@GcqSGM7Hhsc<`oPee`Nm-J(vZ3O1KTBek&W|-Uvv8mSFRNYrzXq@N2f{5 zLQ}u{dl1-Zxg?g!2#~VVXx4*3jp{1R5)~Mql_w zs^dkgEVNs8glFtQAD2#`XCkz|wlD|<*;k?BDylLby-aee>Z~XVD0bMEVbPU-C#xk} z5%jdEnCNu|kG+h#o8ja0!S2}QQvCahEAwE|liMP%>>PMq+gyc6ZznbruEuuIB1=kJ zSgK{P&t@k6MYhD_@BN{D3ov|(DwxR_e^#=}d#ikKl@*MC%iWBQQ#e@Q|CI@$*f7sy zi?cD73DLyZ+G_xZF8(b3`f_Yb3~>M>?>^qsJZnG)h}WN)4e{NJ5+pf+nY__pSF=sv zYDY2F9f5MKP&yB@eW%dDK53};n`j`hlu%oJ>F3*i5SFh>#%)LwG8yPOftji6E%I}8 zklQbKuvMQf8r#_ejG=qtqW)YC<1s8iMha~wtAn^_%p;7D-%qQj(Z>{&pYk>r=JVZWdKxf0=Dbd^pl({8v2F zBnMgfFhmGzuW^UML#8E4F@qqJhV2i6Jzm4>o+kqhRQKKE_@jCo?C%!0E8xjI>Gi}G zp|}i{pyM_WY73YL&eLN}Cgw{~-h~p~>w87Dw0=@_$x$@Jk2C;$=|@_}PBtN76$fJB zb$IZ;#uRI4bmoogz8}E3a?dO-Ib?LzSXsg9W%l??VW$CiXQ_|WNjeWIS~qV5PCULD zXzED>hb#5Zsq+47vjcWD$nh@p)6(SM$tp*TF+QMVdt3JF$sy z!|?g&cRHbcYWa~sJE#?_?t!)Or91`fGlQaSGH%wzYPRPh$-%q7fR7uG1kRCVe_HU2;gI3B*B0E%0O~g ziBpOJ%6AwV6sN>SBixIW`}LN=3q%Cl5SqH!L;5|D@TZ z)7U$|kAHyK5lfyz6D=h_Oycqfi37y)k)#3t37}<^20T#4ZK1BYy3AI-3tFcigQ1IC zM~@WrPB{9;%+e-ouio&LsM`Nmi68PGXpRTMzoIELEpf%bv=UFVYpSJr=Iz1z`5e16 z;Bd1}x0wXLIJW1a-Qpf&FX9vSHO&962$Gy6RHQ}8ZrP*gSiOq zPBUxO!56npY9NkO*C1^-)yq`Wc2VGF!tDsf7Uvr^X$>(SRQZ)n{rIW=QMb;gBKeg@ zl_0a$iK6mJ2!NM3xC<3tRcPGxW!&=<%e~{fq zdl7v%&Q$gOkNQUg5Q5Bre1W(&SZ&BAn074EyfJ->-Qe%VmuSug<=Kap1+(5!N!+$= zPl}Fh+OU3Gl+q>v(1T&EtL8>Q9>}UNoUn|=86x0EInEL zGdW96wWPC_4DQwqB`(`<79-CMU)Q6M;AU!tu8L2!H452pxU()Z1gTd3fuD60eSv2Q z1#k4cwl(8^v8{=fva3E}FEM>hu4EefYs8R6Wx}-C$0>@DzCJ3>BpeiZ^3(LmPl8JS zXW8g=FR{A8^_P8(8$R&qkDuE&$m=WX-<6BW6$PxK`#|;B+tFS4B?WQWw=_@JDoQZ| zGL~N=bi%IGE>65+oI0sUrI}Iy-Z--AV>DB_TszkqrU=qpn z@r0;>7hBC2gLL1M_J4=Gf;>Fb7@ngIVAT8D4B~rYxidpE(ujYcaTthP;>)fJaaI81 zK+98#x*;_;2U+ZbQLGjPpYF#*o!HzlGTJe--fp_5O`;leW4hhrLT7K!C=3%*THmoP zE6n&(H$SUnF(J%qK;xPSmr!&5EPnR1j%>uiz@=#3IezhANrp!-mz!!y$m+xSPqI|p z;4HE74RFYOtq`lvXk+|Ivh3@0F>tBOW&V5~Rp3fxyndD9No3uqFxzwcp?AREG1js9 zKY1R4)(M%g*kE_yLU>w96J5HM?YE8U-X4Y$dl$?&6q~K^hXj4ksa`^=RpwKX5#@SBDIdimC=Me$M_$6O-eLFJA} z`VBo>xWP6-qEfvl9!XYet!ymn)Bx4dE8L@jm7Kl zw=i{8_(l!*mw62?J`n5LzvqQhIZ{xNFBT|f0Y_*g*Q_zbMpQ{yOUbUF;J+y}WdWAJ zZ4*IV4*f3~Vb4%kXI;{3C!`i3sw^B0%M2PO4O@TqHNL`<^+cU!!s~pI6W;_A9zs+< zxWAYOEetxLA+fxT{G&LY?5|}Ce7BFbBh9-y!n$*pOC2!MRd0ccfv<-RH>#c>fRAa9 zoBAw7Xr4LH5S!)kd5I=jEC=CQyN+;)??$7kw7ipC^>;|#&xczi>X+QEU*10sm8~p& zr^V@RZ)THueFZ{~Sm)kOAM0OF4bme})54D2VBydRt#01UTxY6il zpTi3v(>X3=--+2yvgR?(i@zAIT0kdBqgTo|p_FjZdI=);=r#^UO1ITcMPpv}!Hc{3 z3@;rj8F6T3yZI&xr^e3lcqTQSG@zdLW&b{r%FS8!M6krVrF_0!#)of*wO|!i=G4r6 z9lMkfzEa&Iu;oxI{oQuY2!f7c-vu|Oqn5N;mfKI?BoOE+d+D#aKn$rGVLk2iHznP* zKc#+|W?n$dk=}yFLZ3}K=|7M9@k{UN1#?(1TZX5?KpBwni+FWZ-s2BOC4J9ze=EN% z4m)lA&p`S%aceTvuh@B-#^&o7rwx{4?lxcjf{ubDpRR6vGK8QD>Yx+m!omIUZUj>e zGXxnWmMDM~${*8b8~rHLCOQ^JlAl7T_}g1B&rn_n*0CCOIOKEUE7SEa9p-b?qy!;6 zS2O@^b$P%es67w!NcTuKFPKM9I&tZdf%zc6e%T|@RJ&!%WBCOSUw}%G?dnEX%h;z0 zE^B(S+Kv37O1AX zXDObhId8(BoX-FfuwI1%yBC%eMC)-lXh=d!d26A|)xYkiw7%%P$$X)9^&Rw?qUg=X6>L>4`+A$sg+`ckW3($FU&C9kyJ<7~n z`T#dmEE@5}w{o%b=ISX`#JKB6Z*GTMzrkc8&V3o4 zGVtbq-drL4C_0GVI6KquD2MOiT@K}tt$?%8QE1qVm4Cw0U5OkLq>^6%fboxpm2-<# zIfYHIDAtvPh_b|4tNez>-E0%2T%<`Pw}zhEmot=pGT1PScWx489>Dz|RoI7Y+t%Ge zGN7@|?JXXDA|paI!k@|}>tB}5g@rioZw_v-KR@wHV+Z&DfhWX5`kRZNr`1!kp?4tV zoBG9ZWrpDDt7_9=hF3r`%_tE zi>>~~%?QxGISWS*U6QNbF6eSisH_>3QEXQHnH2b3sAm{i!m*!$#<(BWFfciIq|6vC z%$f8R_o80m#O$MeqaXYUS}6O8p5klRyv-%|H&!f(d>>d5X#M3iPa=6cNm=|eL+a{Z zm~y!r&jyl}EINq&jEQr8Dp%est`z^YNa|yhm4EU<$e+SplDX)Fq4%avvLU}m^?!;> z*06dWZ?N81uU!3%{5Z%|rQcaI+~{xD_G+TFiN;Qf0CF z-vsgc3a5Iv9VI?#=na5|K`I6_)S_!UApG41kS=N`R3I2JxxLZX(S{kb7}Z- zMnBkDcf8U3GhNvtI!s+96Icaq5+MtJXRq*e&hclJ?&F43yH;^?#kI2YbUT^Sv3%Co z`#)_+XE4fa4H%gdp~S^;=^0aDiHP^J;NHU*OyUKSQ?uUabK{3E=*ZOgoGNmN?l4>y zu%h~%>|j%EXazvr`Sle5T>T#n<>e{-Cd|(IXE38$YsXI5KK?B~Hf?_Jm@?u~e17Km zNLeX_p5-{?HqXOvA@JBZJ+oA|LMogu-Smt=+(%nh;L4Q$V?(W3ytJTuOhJ!=2cs!R z3WRog9(+jlp+fA3>}H>AdqWYWkn(eirv=XkXg)a)>JT_%#o~0FI#kvhGby4-CPNcz zg`!ThT`H%AnBWO_M8>>ucfAZe4UP_xB9%=1C+4$ubnOMV48BaGFXmjv=R@_#%SUbT z2_N$my&HglHZ-JJ!90rD*MDMp(zp_gz}9ur7d@sY@2mOQZav_siF!}!L#x=@EW$t> za!QMaf`qG}94`O2c+C9&&{DJmV2Uc2B((tzAFLul=?39A^X%aRm{s>lsGiLv^?TOQJBWfTKTbWP+LhG@~q z>nGhvS&l6#I_Q9k1-0$&1!WYGy3@Eg;RuLhuOeYMfpH4$`7R2O(6RW;Wg>#g&|DjS zR{6Iv@N*uSNihpXl?;}SowF2EMw!c}qjzYSwy+2Dyeyqs%Az6RQ&ohzqqIJ@jR~sjFy_ue!2}v?6|9)Slb|@j%Ax z=4685FAxst^eRyto!y7ute1jVwz$&#c~*F6SoyW-NuJW2nLV3+TnTivupVYh8pI$o zSOHy;*q}2f z`-Su>>|^9)cJCvHH~thJ6D52e-^pX>AQ6)B6j$hT()Z!M4dlv-%ml%R+fY6M<&8KwaHNs?S0+FeC67K`Y-KG}qu{j2w)PQj zI{UxDUV_s51sf8k2Pac=DEu0bj8D8aeNyT^IYPT*{mzIsaERe=#a%jBa?18i0a z**<_a`mg50EcnCZf79yT_L+O1t@mKGzu*#g(1xE8wj#ob-r@g1vK)rX_EEuKJX^Ts z%@_GQRVnwIHDo{Zlf%|gV!P!gWb4H#{qlEF5A)a5Sr^tU7f(HZIj)Yf8Ll^tiFDKL zyJ9DuW61mttqCgy;x1bp!w0>fWyWU6$`YbEO_73*R3$LV=2w`#wcw-*%XOh4(6zn zxT`*>-rncq_z&siWOe-0fi-{Doa1(rQSze^TDZ`hYmRhQ`U)#BCoe5wy8tEjz-(AW z(uC~~*%0zoz>=={#6~aYWcWEHemrYjkkzY}+Yg(US0|(`5jU}0_ZL{DnvU@G&i;#D zhioS442btq;&jUQDoBCD?v|?->G^Tvh7(Vd>6hSn^mUCkHay2C8>pIWn8ELh7Q<5! zX8s2wdQ*w8B-q5h(dj(%(#PCw{#PJ-oNz%(%1)K%tvHNLOwo%^JVBg+uYpWU9$|+9 z`)9-Y^{r;>j1$25KH2wGcbZRdZNOxXhb>EsTsm%AI^+CtYl*dsjBoJ=38?MbJYJv9 z?zep9IbmC$jpg}VpucB7&ud8b9nat8-*MnWoz)CX%LH#1#F9Ye=f|%n5eDG$> z9rCMZI!$!*vyJP20pxnKzE?w08>sC@CnLh`@;=ZDZt72oIXa?oI3$N!r5DPgvJ*Py zgz=P2!2&RJ6!IeWZ@M6JX`FvJt&`QB>%dShe%#YH+8LmF+mfLo-8M^$1gWtwcm111 zt#}(cvJgdmMiBYui@H~aY^CP&Zhy%mXiKj9S{mkIXUqIc(r8*t@p7#;am7781Yoqx#chBdLu)W+UBl z-}LY+vn+HjJFrPN`CHx!Ty~6cs!lJK==72QK$@D}HZkvbsm6OZ#|By%}7_MTc_#en&RY#NPT2&y)zbH#xFZ z61nfc0Ej2#6w!0GYSTG@qnImS=gxdJs`v9E00uaRe(~O8+gf6?zZp7t)tpW#UWpFm zb5csc#zfuP5P$m?fv`UQP2x`&_VUwgISg)9vTB(5*MjzNTDxBo6)lbZP8NXuHRHHA z&Z@kx85n{v_04YPdcobgFA#Tu4Z)owb{q_pw3f(rdP`!k@|XhL2GfwAA5%7l-5yk_ z+dI^1ijTE#2&eT_hL15XOhR+}+G~|~F0^368MrDX{l2OQjGYuASo#-i4p^$i>{pE~ z`R5wi%0k-3S&CG?Gfuy`0%MB`_pKKDDZh?ARR^~BY6@iysQts&7`%?UB@LOvdGFBLN)$fAc`M| z0Z}DO5qv*Abg1Tb`DIpPj}QEI%CvOr4tPslET(haXR&E1D8r%tg^UnBSauE?>q7(H zEaTSXz8C7r8ykB4qvWZ(plzKLsw(=a*JLvdEn`PPNAb10rS3yuuS8GIsgs)~W2NoDhG2GSGq#wmX-~zNk&W~jPh4X&D7vEfD%L&%e3xQrA z77bwt^{U=1v;VnX^-?&COJ{xJGJ(FegZ&gCwST2n8jQZEI9J!>ZgD4(l`9eQ{X6ax zaqAfS#^4t|FDHVFqzduG!*<@ke7sKi5uzkxVIuP@jD`=9orC)pkzM}l05jz!%i5Pt z z@Pochkd~Bj#b){FB+m)!3e{~<8oB?jH|>V=81^y&=NDZz=o%=|GiOY&|CW8vUeF$e zbq(CqWIo^QGTWe3ZxHZUKVV~Rmv7&w*q@U89;+Js{y_@qu~ABN?-5mD#N~fjP~^n~ zra}9FN@+6p?34dya`^w2_2vKVt?Ub>bIjll>l&1~J>Qlp4DAW=y7l4DX{RB;3|^}p z0E{Tf)v7O5DxS^6FL}ZmveMgKP>t93s~v|8mY(95CD>Op{T*4$0|D13E=7IXgGjI5 z{{L`Ww3KIqNH>SB;se;BGra`j$m8{nrH)lpuRJqXbc`|a+br5e3S87ajlZwY?G)>O z_3FB3NDH77-+r)s^T%(gUpKis5%}wB%OIFjZ(B05CTn<8d1Ktm{kXqt$!T#g_dnbv zZ`L>2plN@O0LE}oh94jKe&o{2%6qsd#JnZfCJ*176`In@ihS`;5|AM9j_8060B(^F zhWiP~{D-FG*LY)-&~jj7hEo|$i|@r+e7}}!Irwh{peJi_Ku~|B>1J*1Dv_{r$+Py6 zqkom}X_uBd9CSBwwB2f7IJn~71YWb)9|RbPAEjwL^K6-A z*U&8VtqMHeEvf_e5B#iJF88IS&M@{yv+Fz!viQCZ{rphGRv}2HT;(ZAMcvFgR3l9F z;KuKL{03;37hJ)l>UoIN;$x34qAsyEBC(h^QVjuLU5vGMtTwbi`8%{@48v%boV|4q z`X@=j?}H%=J`Zbaf<;AKDlwAng06R{03)a7Vd|C``Me7lZJ;-A^V-J1QuDjR!{9s} z_ebr@a-NnIm(Hgg?Q3(^m#C#?&s+rK1irySps-i~59HMAw3lOejG!Jft@$_Y0seyz z7@f~PM`wh_9ALN8VH(J_5=CLb-2 zwU-V!G3BjT5xr2s_J5em!m#ynz3!i09kxC;AekWt#QU?qd_Dz|F!9t#eJz568s?3#u|HNkKy0N1HdT z3vCYcT6{{olkB~MT;~nH?{P%N^RWFJrs&<#>bcT_pYbiv z91dt`e`ZAF!1XA783gxZ$_zNWIOteCDh54C?4~occ(oeZtAi*&&zQT}a?FQME3i-m za%zlrvXN;HuAh}9sEYM&c(V7`K)rEc;g#S^|uPKxpw@asOu;`_*r~IuQSM zX7LAJd0z-CRPX_zKA+#xU$0B7qg8(FW4Ww)8@FPYtD-%|T|ALZRoe+Jaglg+rNgEE zuhqJO5AY^09tpo1SaWTwA!_mmqI;ol-w`$ZaCd3k27xZ;JnVJv)OH1rc!UPd0${Tr zk-Q0=Z)eL#_xZ=n`lbJ7c&FTNOF(s)V``8_2JODwJ_2y!6dXLW?!*-|<+mEoXKT8V zk(tB+)pbk*Fkq*?J@5B|ew^%SD7~cr81=RHWSa`E$F`?7U`_5V{33sOi%_OSy^ujm zHZh+~HA51wJJcHZ*Ed$%(dk$+b~%1M)C+oC_#`|SS`)EHoF9#6&E{ksED4EUGpsPT z)gP3}=vRXKCH5PU{*e+R!(Bx=7Kn02J(=Z%-*r*oIh+V5Rs?b_M?Gw-K#U^+A_U=p zAW_D>rYMzxIOAwA>m*_s!a+UvjMn$$AD^2~k9i<)fo@D6zCoGtw7pdq+kzG9XAupX zds_e+Zf`6{C*4b@y)>Iu6 zm&lH0r=eEl7tjNsz3UIx9$QiYXD;Z}#E=*nM^@0TKWL$VU|g|EsC+qKX6__`Zh+KC zqu71zh4lT@7^a~%ghbE_b=tiq?nu~5Mfvi@#8_pIRSNCHSG@wh?R%ttOo>_ruvx; zs?jQZ1#}l~y%p_TnS(-(3sw?S%nV4tWEX}7wYh9ujG=YE8InVbyd;{53o@N?~ zlee*(t4N5tdLGUVfz0jgOje8>%KdEwsK?f7v1t-I@;m*0^bS_JE{CwGXobuMJ6V4$ev ztwum}NApGWeUZY#6*Oj`@tA-kI`E}&B1q}quBD}bR`nAOY+#}*CgPCWvN@^Y?irsk zn4?{TVrfe~Ij6zn?5J1v0-hi_z4CjIu=dV5(9cNK`6t4HO~O5u1UZaagH`^9fz`F# zt|$7}2_jm=hKok(iV#;BU>MK=^S|lFP9v1yRf4qt`uylxsX;%o_3A(6QM+U6>-{0j ze_y@?fCFw%8AMslO1swF|MT;snE`JP`_pM(g3L_Vozctxdia0X=c3#2e^EIm_3kDN zL`Y-&Yu^_b-v8)2?f=$7R$3)!SS~mny`^?%wxDmMI@~y)&ngpTOzSY06r36M3fc`B z`q%#PGCg<;dh?Avph>|3RpDdg-Gxz#Q`qot&1XD_P;?#bd3Vi{r~P9IEsGCegUTAd zhel}w;QrcaV95w&?*}IqsPvwK-bTnSy)z^3;L`TlY&jzX;KNAz81C7sBOf>FCKqEo=;Dq46csr*=AE(QY@7 zF>pD+ZCw&cBq;7d!W$*LMGV-WmjL&7*gK)VYFHyuJ&@FNgurdvNAY?)ydEQzjf(cGs5^!nkQYY$ssC3vu;h&O1|%O%K|xj=dC zN>IX-Bu{Wey<6+Mw&Bo&{U7X8%~$&VAMT61rr|3SOa%;BMJeh)xUFDgTh2WrR3(~> z+M43Sw6Zvth)u=jciy=HA-htNByjObGUFTdXDE9$Z-*5PK4ns-k$kXPgT-@1cMV*9 z%fhJBhFh;@z zo3rLd{UU}-#vD*CF!Ge;D>o5>(V=4Wfgn&1uV0wVQ(A`oiRY%Y!E3T)L+jktUgvt< z5UY&@uo@nVt-h`;Ws5Nux~^z^ai_$?^pPam$nN@D1~$cu27J1TPXhBKea1^D zWr1FOJaAPYdtc=-K#DIr%xCvs^oSMVMr>qGXOJ@wapwBv;%0EMp}Z%31C5R-G8ZMG z8v{OS{X12>9|p##t6v4Sxq)(9In1r>$vIayHd;-!(jw znaR?d?%q@r&XOimcxD*^Ky-^p=%8$|0iFk_~Ou zx2Hc?WC7LYL|DldHrH5RPD?;nlV7;+O>5r$BSl>886!gy5(>Z7KKb*cECur0RPXuq z<96yqNcC`eJvbI_^k>dY`I92CYbIxd0Mblf2y9RcO2DzA!{KdTN`QnGK*)p*aR0+I z>_pP43D~XHY*QsK^Gp>IoNdO9sM;q;xWszbmZx_6Lmhw;Hv(}c3}|lGgtToDV)eH3 zJzRjwjJ1O+K$9P*=w3_)fz&pqlXko{#QGzEs-@s?8kE@CW2SV zbK1>fCdDSM=pKAQGh>c5QrvG1p|1!A{l|=GKS#*Efo|I$e;Xj?@}d5}Uwb8lu;{Y* zpPyA9{WqYn{N%rL(2fTFuPbPm{5RidQuqIXR+=^e_^Z3rwTHef7*sh&*zb&QnP)oKjnn^ycpz65CM#?w6EeUSq=IZ&4#jzP~a#ID|IsWt_n& z4)4?x<@uVBn)8nN2I6(O4&h|2h~Y~g$dzT)E=JAr;|hYZJRDnPrvxBsb|o<2^dur~ zB6IH(V8#FFOf<%*Lb6iut68$HHgoObr~pX<@DZY5hQW4!J^^Ssn^a+AfUMz-`6I^) zt-ms)R-{7mO73X^TF-Z(GL=7S$28A6uF&v zu%2RJl4XiT5Ln^lhC< zEk1y_5`Z($P9G%<3_V5Gj7ue9AsD*{$PO0+j||VbR$522wU#dK2MUzW!zP7NcKeYd zb=p$h%PDf-&0R&bgc<~55sZ+Z;jOssO%CTpM1_@bb2qYS+iKfFR-CF9^v#0df|Q)j z7E#i_LsQSR^go2>5=KVXL;i3Rnvgr<2}Oy63_*CL`c2nBY=oGx( z7G?rA_SfFEY5Q<(NIy-XO62kmt6{EjF`Yme5k0V6AY0?;wxX-5!Eovp^x}P`htI6%LAoaWbOFnIVXNU+NBtR^ie&@Rb{1) zZfq}>|VL zP0bAf&jm0z_AMQ=nG3Se>c9tE?wEMI=Xbe*R&Dq)-wq%2iZOujMcBmVogQ29>7Zt^ zv3&VPcqQ4UR$S4zg|{tIi#=^mwxtTY)@Oy>f4FowT6HVyqnY&E)cY=|tnn$%Q96 zHv^Ps=z*!viNBUjX%rqTbc<9D1|rpQb(e*VHrV}IS2W{lRJ2V=Rq;H(wa<%DRx9wo z)FrXW6efe+hw0lwEsqOa^ax}>Jspu;p@>LjVvqZ|~q5QbUIvH!trSsA2^bR9Wgo*-};KyeP8QaICQkVKIn^S8ncw%rsRcc@&4{ zAfptg-1EaQ_(#%#47<9O+n5~JXqcs<41z~g>?pHSfpo~7BwUyNRCx5*?fj6by~ap( zKix;sL#ReR^-dUE-)?$4DFN+cIYe_e_Pf;%N>|8Y8gLdof1VfK=ne4629*?;J+FB5 zs&6N`4jkLb@M1dYW9*cfqq^(XN*4StlmD%i1ClVTY`27cudwG1dtAcw4VJ5L3}z@+ znKl0s)g+`Dds1gF$k(y~DPxV-d1pP=8bQxEHwWj8-w%Nwpc>XtbVL^lp+ zO=d~-JlHKb*9Di-Q8c2F^eF8NhCtrA1Va{CMRU^Q&ZsoERNGaq17v^D3^3(9_frrG z1&3=-7Prh%*AgOROGAcY0Sx z6pzT!sBFfw<8X|W(|0)f9u7@YE5(TODp|UuY=2h)qH|v!UZO%+7|nF{)cmF6{OB!E z(qT~Tfh1&k;V&8XP|_X(K5~zMU99N4lK5q$!oIDt~MKYR`Mu zH@6~;EX;zafG&h$Z9JRcp%?AwYiB-D}$V( zFV*8L#L!)N$({svfZX~c@qsu7(G!UuQst<~fm>ObN{ z0J1XE+}X+CSDg!k>hWB$g!itc{(vD_hxW+&O#}%}cN}-MbXgR53|~AG2>M#kZmzj%`z!k84Blh(!2+C2vYvOR$AD$Majw%7UJ#-`kUVY!q2AK)K9g&2rLuj`{ zl_tk7g?^@1=lZebZ!?Fg3Wm*WS{osWv=UG*X8{BpuHRe=-ccuL<>OF*Gwf{*OBL^`E5H34Wb=!Hmxf>UPd|MDg_{2M~P z9_xvaT}?X;jCr#nd_=*3_rR;iDrggex>8`Ohc9o!} zsV++4Ewk^oi}1hckm*pFo22c=?BC>+Qh5;MJXbn|m8=$S#$_QklVdqo3jokG#MG)MKMWDe-JTsQn2KHKIPP|GVd znfJk7Cq&)0!|c965GL-`;XiGN*vssh^xTCvX13pLm~5daHM55}jJO46kOJ2aEwlv$h(8qEdUEO|XQ zAdxP#NclA&3 zQ64aZ(~^x$70^9GiZdN9oT4>MTKW*FYT}L6N7#N|+r97lF1Hdd3IJ2K-V`5qI#T7~ zO?uXB_y_5=B4IE{{oK44`LKgW5w0cTe%Yg^#hD0!;VVj@xZ3;6but#?)(z6WbVS*O}K79@v{t1dfW- zk$8?JjVr)^`?O4=*kmv2D?-;q#NYiyiPF)Zy<3y=dCUB7;}Pd9BqCsWcB2i30lvx5(8@&S`Bp11~>Gp5LcHIl1VhZGBy? z8WCNuAkq!Svi%SN9e8qyxqj1h)&s1ezY|J$NQ`;Q6n&2P(QL?ZVPGEt%@VR{*5~M5 z>eTQDS>hvk6IT*aLQDo}cYM9Y>T?5znJPeq8cwi*YXZ`VB1!Dm;bR_Rwy)-0-KSte z$UGC>0O@X&5wHHi0cTcuDtxz8b@9s+d6leXcM-fRidb)L2;45y!tHn+zy8A?OZh;a z3aja%9gZWHi#IN{pf0YdP=~)&$6?Nq6pRHJ4LX2VY557jPty|a0tN>{+={g?ic6lR z2Cz=-B!+#=ua{Vf8tZZusN47DfA{094<#`kB4EiuF#S!zds+9~F#aa33R2gTOh0Yb zMn?o=*Y;7|mb6!W9Z(#1+(f4Y{phtOL}w+}v@j1XXzf0uk|tcDBazh|9~hIUOLtF5 zl~Vju>(3PcSMPHTQw@^5xcVRbuYHq?XIZ!qlO)R2oDXtdlpLwMva$$D34|~2J=A6 z_+ZZ&kCBQI?*Xb|kF02iz^&`X^PKldpYN5IyA3Zw6ecT>wUbRjV0aF?OZ1JT$nlbq zmh((1(tH9$x7y2gD)H1EDA~#o8FGXRb|@)n%ZTAv2JZiQ_s485$B`qamtCY9hF(vS zkM^_ynVNb~@X_9gdyMA*zbL|j@ma=TeK2^3NH4Ih{T{~Q{|x!$Wc(dc{bx+2q`$CE z0t;CJFoB;9npr)EurMrJV3md2KiaEcV1Wh%fq6{p$p?Xl2|$Sh-l9S&cs3{(oetm= z;Diayz@s*8sDP&Cd4e?i3J&t#K{KFSbl_&wp z|LK74p0qqf2?Z9kU#r-{cx zbREL7-fm%~@qnptIMub5EIU3^im6dGYMAgtaO8{uvOw+?>kC0Gq(;sUo_I3+=-lIk zqof$JLLs78NuDKV%%IP2GD(h-@FR($`Lg>gSy=LS(yiiok_5jssj@+NO@|!D^K*6< zzv<jO6x;a6(2Os3d|z}u+=(yGCqWx5J^VQ`^0^}9XXnffU@pFn{d!D> zxO)2i)!XJBT;ENx;HhBKsVL$fQ(dK92tLEGqjU_l{8SG=zG@wap0eDebLj!hZlDV6 zQv^z%GJ}gQef-jSSK%&$x{_S+$T%<=wmAQoCwlzDQ1&wmG)3;OU%)#&N!oT6fL=S9 zZSJ+W4sD|TD}-!*d7oF}cQK8Hm_WM~Ft$Fjc1Yw~{oyxwA zBrD*k6xkUp4gL6C!!@$_{QXi#LjSjHSrQ$O@7+gQOIuPik<)abD~f^qvRmEa(Xl);ML zSS@MOL5o>55lXFtMpngsl1nbvBhbnFlii}|!V;DY4ri_m0f$#0Uw)5ZC36UmHcp_+P&r=!9L72- zY>`KmUDe3)=o6KB_Ln*3^wDU->F`7T-rJh8|kq)bWyoEJmp zI{La0w%p%Ixc+fZz9A~oIWlJQ6gC+22`xL{4RG37F=?bQ#k96g*UVpINz!fKsEn&| zo%x*`)v}r9VQ2j*)QNc}{A(Bs8D|gLeVh>4XCX<4b~21%@>f3jh;uot>T~ekB;Gu- z+NGfip1Xugo5#w!M)K1rPuhAT6N#g6T8)@c(8GaR>(lDC6aa9$oHnD*{=?|vBc)+==^mw;npGKN~Np= ztgR+y_0k5Mg+)1|jt2sn)?JEqFNxOk9tA2wsVx{teji(YhYpH31q749q2Kiwx>G!OK1APJSO ziB&%$Yixks*t;-?Imr^8UiS;SLLX>0=rkv=8^K6nvnYGy0kFOiT`VH5(Vc{DO}~8U zJJI$U8K-E}>>2`ZFRd zVhN8fzG@MA&>(r;7j#PRn5qv+r*>k(VgZN(&>FqAgSQ>n%)Q3do5H2LS?1(@xd^|` z=Ouk+B%#wQ92T;AP@O-(lI~8PR1GkNCu<06;F<4IEPFX2Od^x!Q935G!%U>yv(taj zuu{RM3P>vkmC&#nvuTS~ zBQ52us!>f_pvWmR_AFPdrij9bRWZIBgMt ztu5u02>dBpxVHQQy%o$-+9?4Yd&eKEa4J-<yG5jbJ3PK|4$wHxd@cht{UNj_iDSQw2-!XlDE! zbRdjzR#dMiwBdc}J?C)iJZHZY&!R;49Ocb09^4`C0{hI+m!BG65?S;{Bu-u)E=xci z5C1xl`NtB5JL0D3z?F#F+{oLST04)_4hnouSjl92t`*`qvOzK+!vx4pHc$6U-}1H1 zRgTyzk%lPtjp4g7sYb}|Ye98VtO57Un9yT|!=sQw5ge!rXpgy)%>w^lkQ zDMt_yuzRE0GE-A+1bqfuG)Km{Q=^0hytC->8L;HU+cj(}L7hWInVPIK%YBJ7;4Dik zWE}cZZ0%UTwLYPI*wyJ+85q&FalNlx@QX4D+srSbpU3-ig*~~L%UY*Gc z$M%Sx^oob|czAa6NO<7k0^I*if^El%{QEI=@8>j39?qCnVY0)dwajt)WfI2`%iezX zgk$G+G4{rqb$WUVfUKx-%-6{zQk#9E(X9Ja^G<=ToP{)hrz%uDSkd-^v~uq=0Y^_2d>3@DinEvMIYndiGIGL zSx`J&F3iCCbca&j7P7)0l>Q6*I}=LdWh)C@uw;k+#Z%{Q+dkae#jk~ci@Pd+z~FXH z7^YcbMc{DxRA;pf9TMVKMNwuRC^pNTNCO1`iN|-zBVTBLo^pn z`a`k!g3o|@l10jwK6s$qb7!st)k#mTHb&8dQP0k-ZaW9U>Rt1qW8QT|k=FBI4ZYuM zTJPwW(B5#zSN-pQ&wtWh(^}oOt>zvutx{>FPNFS~MRQg|p6`^Y=YGa#50_Tj;OjFf zvFVj3@|Dbrs7FPgmn_Z>sL} z?z*#wjPBnV=NIpG2p1+rdArf$li2weu2KEJS|7i6a~fd!Au{N<_Dirsh|eJ`82nfl zg9XZe}(sNxex*U*Yv3clfJi0Jk@}cuu;1Uq%W+3OVuc0$aiHs9HzsRD!YsuZH+Y(6_ z@HFt0Gs9EAnJ@Va4x3>QQ?w5Ojr-~sg zt~i?G@<7vr-~@Dn0v3ct!Kn=V*6-GDbIR($xLtC@wp!T?A33h^36LQL2YvoRIhFkh z04z{NAr#-k2j!haLy={q1_O@}w$;RUp8zSkm!}rOCpD<&=+lMr6XZDEY})o(9;kxn zSCs9i|89FhHfS>smhlwP{TNyE^@nkr*VaAcuqN;d<=;@U+je0LaHx^b@9Ec61q2q> zKVdr`=Hq2Zn<(zAt`FA)=*cMWTU<^#)JkS>`wubZHCJgvwB9M}eL>!}{c-^e;gW1F zRey1+VEQ@!T9G)>#I4MbI5hTAm$Tj5LQwhvwk9aq}ITju- z=PKhg@p~=sSf9+W!>_$E)k^0}gD}IL9DmY!60YiqEtK3(t<{F-fjZZ;w$Z#pCllo_ z9q=Q*6HYD2dRCX&?jYG&PCYzad72x)HRoP1w3(hrC8*e^+GnQXC*FNe=^eeRrJ59G zgMZ)u>SsW4=RL=%+v+d$tNsx9xunPtlhE9|Vi@s3*Wl19J(6L6qImB-wB)yKwaFv# zTLWMEX60-u(xv ztZxk2T|4t)1Vc!M(L@LKR_}nO@Zi){O*xzIP6@Fe9Y*BL|3%$f2gTKXU7|@yAS59K z2%bQKYvXPqKoi`(are-;zd+DNf;R5nNN^fW2->*2)3^keMyB)r=Bt_cbLzXdZe9N9 zI#n&F&VD%i*?aA^)}du15h~J{atm40vA%7>q@yDAZ}Nl=jm>^hFZu);z+YF7{6ecm ziQ5TfU}5_jPHzW!0q1%f*l|h03M=IsE&wHfl^{?n=P*X-&1UbFgO(hhp=J*K{wDG_ z%Uu{a{EQ~kU7dS|eVsM6=r9gWRDUvK0G}AHuiOyllp6s;mMU6t38@=8RA1#;BV{t3U z)UM+g1qix78zpLD`fpGB(q|A|ccWmfP2KWU7jui3br#-}DS=c^8}vrD3=!{WeVI6( zq7bxP!OP=Z8d5V>HTU|QF-gMiQ*TJ_ri-2?fD$^)Z5p!GQ-&PQ z+h{X?(A^neAw>?)c!4Wm8@;wiP=YpNKhqn(H}v8}6J1hL&z)d4 z6_u4l^Ndh-wes6rbPOZFDzJhh-r60EqQ0r}q&8$lz88K;jfFdJioI;P{^?ubseyy! zN#l30jK;}Kjly$l@S#C}OCBvlrZCqJioC5%e1?|hbQ%(V`#;N<@KDLvhurF} z{CZ^>u@XosoV7$A-2o|gc}sKgv@(iQwN{zkwh`(S#43P3 z+01+W2>u!|NAx)DtRS|O@Zi(H-+&P=mEZz`Z<3fh=NO@i`j?yua`Qao_K9*PF1A7} zg}XAgNKR=jc7>KNpl7z4fKs(`1yUF+Uk*Oz zP1}y5IOe%%BlJ&`aSNXOrxLVVl7)|4Q^1ZgWVK)!EX7$%=o0n(sk@xGl*r{HR9R=t z5zk26U^rn&B}IL#9R#f zA&y+4nxC5ll0VK?AZT0ojs%_^4Bdey{C3tZ_=gpm+jPT8>^#rECVCua&dvIwY!0Mt zfjaw(w804Tg>V_5Vn@_Q$^F7iPfn15Gh0xGQZrjr*7niD@*;BJmVVs5g4p{{{6(MJ z;!chYA5zt91B{F#U8Jh4$;v#AAIUFqtJ2eAPjJeBP!_J`Bf3)Mt+%NkJTkQ9YW@x| z6X!m#RaRDBbGz4TpRiZugGXcfGgvp7h-sl?mJq4E&cF^bOUSu@A^i_^%+i6Z-?JuC z2y^}yET^KZx?VJen!ov6jeBWc2Vh^AA`Iqsi6TY%VG}6l2bMCA&ML*H_|mf*i4X(L zkDBwTM?cR!`EwCxqs({aCoNhO-52HM4^{-=zRiB(tokOL$hex)8_f*XLc4-?h3lCS3pF;a@j>wd(z?NX zkSx5wBWPFMt8LMKpt1}wWJt9}8Cx5!L{=75v65b#yD31^rhrHlXFiMSg%Pf&gG{Z) zf(?nq%j>id^_x7c)om`et7aJTE+0yA%!-C&(-&>P}U4OgJ#4bd5b4U^mILh03!z9l(pHLrnYI;4m@#vP6Vah?%kfft&eLvR6U^lLn+COy5 zl$?z_nTEXnY3vmd{Icy3ZqSL-%`%@)y2(XIe2w{z2S6{k+oDS38oPkl(2>}&f*Cwv zb0r!}5QM*bH)yF)25NcrNALVvWN+D---Qpj^j&j0y#lrD9D$Pa zfQ@dz%)s?}G;@C7dS|p@RQzeMG|nUWzpZq%yw~F~0WNzp123PRYjz1F_%2fTv9v=D z0~Ai+0G6>Ie$0=FWcFuG ze0>kwyY)WP*f|t=*qNC9+iO2c{;tLZ-BPl>Ho8TfT?cS#I2~Z1Yz=?PXd42E8Y&Gk z1j+w?Ou1Kn6BJEi*M55zRLMqhcTN%`h=;{#k+`qLR-|}tHXs2n(}HyE&W3aS?cu)? zp(nJI4A9fZ|B|JZUm%b-0bl{j|Im#K2DIR}XScb_*Z4k@-NOeIDK?NhrI@yIfK}zg zg}CdEA?3nL-XWI;EiKGuYs@<;w*_v-#+dl5vuUls;yW6=rT%geFQFJH&e7?&@NXPJ zEy1Dq>J5%+w)T_S5~;=BNlUTZG*p$iO2WkyO{_-VBpm@X!!`CR%QY=GPFIDxuiW5= z0PXTTJv3#ek^->zV2InN-|gO;;NPNqK@8EbtgLXrN_o+ys&fPF5B}*-^*01|7BJAR zGW_NK-bfRwzU^cl@&UghvA==%t@Zy)G^|8@tO}0Z&XZWKChIt#wsqH3B7UnL9+rDdxJ_EIffgt{D_h82FXGRsI0X6@UUydS9a3 zJh!&XgVoo1#os<=epiNnds3uH+aG#Cm&}V4kDKr+dN`eBYOK01 z?GH+%-TaqzEt^sRE|FMc|5EY$hz?V8^^7j=5ywHkJPN7~IA{qcDmjlW# z-YGUY;l(&!cX>n^4v7R~Lp{QIbb)v+!w`kHVR=cPKpxe-I%9<|92~r{IeljCBy*@p ziiu3>p3r!^B-iQ67al#&avO!-+R<)VO_|VYr$s0JZzml(YI$W0f0b-{KI+i64TwK( z4=c7$%s~ql7bp+~vyN2LY64)Ec=ajCL48$PoCi!K6;jFDw=sP{4KSLoXpZ}{m zc(kOuSps50T!cFg&}#g;kG3Dl)Mn+)H+o>`t3`o2BrxigMg{O@!(2eOo(RcNnuKF! z-tM@X75A@AS-sd1QxAYhRc6hl*OegNAnrHhtK_d+by<9B`NagTGN1=r@JW+jN@MDV zIsg9ef-KN#|DoVAy1ycre1x{qw*gGisFA6C2al| zi248G!Lay$ftc#=6yfg}%>Tyck;gpRWa97N&s*{Tj}IhU{%4AI-8Fl-Sy`GEL+v6b z`Z|O?>UCL?w8V%&*XxtuDs2%Vk7zm*eZu`!n3|<2era`j4AOoI3h6@LOu&mh&VPV6 z;>r>XJu`}Jb}uH+tpv9E!Y=%nh|AOSb5}+uf2#0yroR^xX}?<8Q_51xJPa@q;1{V; z0k|4H{A$4U6I6CX2!#CIaw`4Zj;?q5y;!XT9|)xL8K7K`kesv(P;LgOTDxlKSy_KXIGcu&Auj`vBox9IIytoibw>zx5{9>|D>O9h}oeY0!6 zn4m~8T%)^RHX|E?cAdcvjSm5$e=i&4_6!LIWP=n3xnW%uCE$`LaY|WQ4WKe;S}h^ ziLG_gM1NX^cE+Icnc|=dKe-9P6PT=_}AzH)yOI3!F?UyC75 z%R!b(K7F^W@`=R9{1wM)1I#rW6e-R=!6OS7eo2Y%vqV%LXE8O7!ond{4@$jt>y5ee zY|v7-CyNM~7JOh0_*LMUW;Q?24?%`fIZdzF{}~b0g{o`$`s#Ri6JylI${PhFjH-9n z^VQSs-gR;W2Y44SfWxus&9U*%f+$lC?neXqcN!HvOyAP=sg_}hRqm-}JLcbcRPBu&L0Gu1;oD@XJRK2Es>L6nth=HL^-BC(5@ZL>mlWERuOCxfxezMKFwN+2X>S z)L!mWu&jT2JZ_KdvRNwgdmJLB77TY!gi)q*C(59;XO1w88qk}!Q>GBrU zxUZ?1m*4SIMwp87yzf=I7wy=7auAr5EOu7VYq!+SwjB+4FAxw<02T}0(G_5e_{_fw z9hmUk8@JO}tRGo5xwf1p_dp;q#2j~r>kBq43)fCC74n9Bmftn;j=AEwIv^ViIFukB zpdPfOm|)ea+9BTmeRb*F z9F=(LX&N;W=li+wpZm&GC|FI0xp%zYN-`5^MKx5&q2 z3m>l}Q{1pbS2n)!M8q{^lIPl<-Yb9pS%LTGA{*7HV*7f7%C>P)Xye#jN&MM|>i%@d z(P_nSvI`8v6bBRE^~i%)OTv4znmISDi~y^pkKmCyV+r`%_CgIHe=Gud(6-;X0FR2 z)eh?*#}5Yt^l=EkK{f&{IG>~OgS;%2XYSXD; zZQ#UQH;3qtBDn9r6~wn?fHudYq2J}jX|24AbYoVum) z>yCxC84P|N<2>~;D%CmGJ>qE{INV_$W?kfJe$PbB7TO)rSzOS0`a^L(Hld<)@a!A* zJZ4HvT6ynGw9r}9C5=Tmr|+BtqU+Ri*^(th13(yDr5pfu$_vB1G|HW@srs-jEB2X) zsYw*=_0VPPVZDFH=xNM+U~2#21voA8hKkj*c+$mkpf6Ew;@v*qqdDgn36Lqq(moH{ zinU%etoedG@T_1JXnRoXU9auqWJDlG*C;?ts;QO~JCAi8?mA`k^J;07*nW$y9aoDy0W;Q%hTqz9EUJ%Xbh2{;-NYK-w<*w4R2nPGn7_(gX88C! z(Oy;J{j&gRkkbhs(}P5Lirgkh?fHq8?p|2Lgu$ePe8QLwD6|%C#Kj2dRzef>W4lkQhP1p|5P9Cze7FdqQ8sFd3H}agTC~K<~ zHQGzlWmJ$g(92&Ld>5Gv1HV77u!QVf(p-24fwJo3!N)$Lt6b=0R^>Nom<#HVOovuz z-cnlreAT2H5OMA`C8o#H=JC9b#WsKH2~Ht9QN8E2jFj(?_mO7{AoFFBCSWrcVa1~^ zJgi+iY<@L1$F^P$A6u%>3`=An-dpTYM0D+|a-xf6J^3>^9i+)&28Y{P`lD7!VIH9S zG%*vg_sjt%8CU6o3Y>e-v#jCk>|OE!17%G8QgY($0%yJ^!0Wv3IeR+4TE*2#g52B+ zZJHS>JaMxO{!wf-Z8!n!v|z0axUUFhm>MIMBO3&@t+l6$eg{_(?9><|Ezx=jH{MvE zU4;7EtsXmvc*f^3q1n0sZ)P<>Nqu&y%u)IF_Tj<%NgOYNu1Em$JqXR9C`n#jkHy&9 z#DaK#E)PE7F+vx^aA`?g)vj~{_=XQ~C29xwhAKC(+81!=ZeRt~0Qik0ssc7&PNH!@ zLPKPNTC9ZPoaj=}MVfQp29s}r^e$pQT`nBVrUICwGnt~+x2dZi ztPI;vhXjk@Brq5L^j7Xmhy2jE-q9-oSjj8#3v)D#P3{(7>ah}8FglSvgl~aB10O)4 zIGex~4*^YCcyjy)gUpSIaAKGDmP6((V2-Ic1>vnHspCw{-281bk)51$tX=9WSpTf4``Pe%DyejL~JQ*g^oy)1<$FpqRxIi7U$lr z^by{pKAA)aPs-ScR+TqJ@ENV^_P39^)XS)y>mqnfS6pZ~Z6d@EbcjawLh}fiR4pOb zmdeThJAQa;$ML{Wbb|AQ5otpCay?U+ZkR~zapb*bsP;+4+N8;`v8cFD?q_OGvbbZo zph+>J2Ccn%`>eI8=~c%++r97M!a!-;Q3ti@6PJuOPky@$P zY9ypwmE6%7vYsnn>t{YDK*px$1fno9B!jz)cm)u&J9fbP1Lk;irae`Uw|=Nq()B+7 zYF=q4pQO7Z+RiFzT;$~OWm<8vq-&Pzoy+itaHVG1bk-z(681^Aw{DXgUY{Fm;-bD} zmJ?rp%>g?>WkaOZQuDE5)4`+VJO}9A@XIYm+f8z(*pn|5GNqsKj?}3bC8{kU1%VYV z*}0TZA-w?&zzL7Xrd^fGn>`BrwCEc&usU+cj3yVQtHNm%`)qGlFCUCqdnXJQ0iy%& z4m3WxH+!r$xOy3Q`|j9OrGCw@bRW8YjWDO47C}>jHe>c%g=Nc=ZRxn)2f71)?fg(o z+xaRr$d9Zh#k>m^I15D)&nsXsNdFfl16hYoCA94UC< zQ}aUHDMoW&exCTW@Q@oI$}_>~F$zxTWv1%;o+ZdQFOh*xs_q51)`|I8MCHnHk!pan zY*n-4C`ST9GH8LFSY5cYIS}q*v4gE-w-?X3i8m!K;wcvJmNfw^%eqTDON7bC?$7i^ z(F+(XOE$PmN<*bEsh#_ZzdHseQ$&fHNveXr76#N-(h^^P$ax8;Z^}>TH&Sv0_t5i% znQhslsJ4^}!m`W@(*>zv;XM@t3Pd-ARd^9I;!rfKT0R3k4k33j#~{4>?JQJIWQ(8F zez!G1IqU6tCeypvewLzAQtVjBe4*4=;=cXcV+~n|HrC)ml0#Q|2WoBH1aruS;yK6* zR!Oo!L$5EDT^>D}2}lX)VIMDLT&{SwH4Jh`wV@>m7DJl*(pY$351&5z=`z46914fBPU>{*GGuHkBrFb0zb1{1k%Q>4+tva6a!0vowbq{Du229-^9+x&a;|0WTpZqFk3L5(zaG*=Qq(oO zdc>LI_x`}D79qdSaLL2qI=26l5H}q94_CApOx{fkGq~Jg`F_@K-VFG*y_ugS!;$D(nfchc z^BAjL^~Oq|(FhumL|BTy-=26r>ErPH`z~kY)WlW=SZ1+q&|r^7W_de7ZsmK@vTm@= zSK-;xl85Sa%{k+mSdmX@t?iXiDNib@O&(yd$xn(PfV8lgr z$#}XA4^>J{ilrKW1J3$YXN?FVL*}|2;XUWk4dLFzXy=YsJ*!nLif?GiK3b7T0I7|P zE1s50@qdn0X>6*-&4dMDw(Vo-7>2wROGz~ zwSJjsolkX)O`foy=VgkBRv~5@6||A$%N?*y)b|JMs$a=0EV-8>)$hCVAin&)dhnN? z^)G6my{je3P_Rl4L>-_IhJSlq3$KobHvK7SD^U6|CBAI%%BJ8o+xz2c1^?#_W`f7) zM`ff{#$`e5Tm%x1E#HTnUzg-H190oi51;9j0yJaI-ex;=K-P<^+eH;`Z~xrpaO7#Z z>u1{v4MY<*opWdu-6wrdM=N8jm1Ekr7~q-FsPg@&93(5w5ozmM{X1(gY=IonqT=*Cdzfh z-x2W{z_0EkvWx=4U2dl$KNz#UFG;>qC=_@bVw`vlo#V9&KjwlwSMynmc354slUcUsn$sb)$uQ^eoaZjD;M% z;opxf9wAL~(6$hllj3G;T{PXQ*B|byG}rget>fHSBeZojSyDTsdxt~6YrkYpXrJmQgF#i9r5Rc?u#Ch#e1-zW1y#brT?9wJ zB#@8CW0f7$>JEITze^kxI(13^PAZS2A`t65cc-D1({=Fa&+Hpilhrgk#Nk%Vom%@K zT+CKP#B!(Yg>FL~Ro`4&Lc(>4;^=2PyRSC>gd5lWQU80UvkXm~_K(_G>mg)WB1G>9H3Z*R z&q)FwYeGn0USlpp%%oz$eT#&S;1q3mzOcaP=X0&TSDnj;&fGfV)_d>A6^icUU8mIs z;aB@YTX8I#Dx08?gU_1{I|9T(7GE!?YPGZIiH+p(tl$J#ym?!o7l%<=5acF^S7Nqn zKq{BWf@3S!M8$RH^K81@7`+NLe%2`+RW)3|o$-~eoljxi z_pp5`3D3x4*i{$a>$}YqQKLGA0uAZHug)DbBIYVr8KH~J6EO`h8@}-)Xcy)UDnMuY z4xSn^Zdw3Fr3<~{0??W-a|M`DpWI^fDLu3ENQ-(MZB*!wklQ~QVgk4wAFradLGYW-(;W5S{H ztRxndEB)J@y!4RM?3;6%Un(kV8^v$d|1kJ!s(L)pK!tS-qt?@0B8f9xFK(?p(0x}| zc!9|po?rymFcHD9h$C|CCI~%}qCe&>1-g}u{J?k30IIaMWG|-UmpLZf8&(g~Iz!>f z3RfXq$PH$wd=768eUUA~UDtIgg@byt;ch~Qk7x14W7jBAuA+N8dZdX%=p~T(y+u9- zhVPR||FuC9q)C=)qNoWo$<@ZS*zUa5d>~0<=eQuA4PJ{3*pc1y-4c^KtCWf618 zZa&9%FEYQzObMWUAFOxJW=)P$`ugYPs6}gSKHk`D%$ihy`$%YBZ{iQ+@w-IPl_Fe*m5t(Rh8dD=T2T0o~n7lAP#RK5S^IoH62f>hVclSXa9i67+rmX$?bt6i0o{s6 z>;qR1Jub0KT;!JwSe{({q-YwdO4jdEx^dt#xz=Q;kvO7mqy*VycY&40Xsu6=}!orRR!Sf zOBb&xRq3)=zOj_?UyH0;P1X0|WLf9^g|6;giCktsQNkdxTafO z%<%P!QygU=)<3rW$>s9232eThPja(sODn6p#4ICS@7?fB-EI@vUHATRM(dq_;G##U z$#LPPHF)HCALNAjYVS5~(%dhnj~IxPDbPv`QFNDOBuf`H2(-fr5q1oJ1*#lthw(Ep zCcKo#K|C}1OJQKACFruak$*G;aWn1G`=G~r>=?bTVuSv~@VO@7-#Oq{k^lBU@TZ>Q zxwrk=WuWm>Wc$dVqo)$^T+c54zEN*SqOuS7XE_`3*4PHDEa^UVgIny#&*I=rN5g8F zwb@X8ztlTYq>`F`M=-k6Pt4Pk;!e+#Jgbl|nU#UqqhB1pkAXlw%?4eV8Y00gsF;DR z$b|mm+8kv7;z^wy{9ObX7;&yFzuiQ?9Xv)64W2zf)SzSMC=kyK6(JC2qjlv(f+;Wt zjTxdzFOCbC243d2?V0_tPVE0hwm&n2fuv&1PU|Z%fy+z!PP~2~V}$lPtS9t)UZ5Q- zi4tD6Akn9Oj0B@y=ujN?peV2aZTO@K12oyTR`(T>b2QNs8}V!jjD8nAYJ1E8z54{G z`2$2;*}Yx;48*2(EVE6f~)kcm=* zTnge`mO2reW`SB6&_>Ii7w@cDQs3C19HmhDkco+Uls0(KoNP_i<y8kKiA9BxFQjrk6 z)E8pFn>bsy`Fnjr7i#aX%@wIW2+ddty~LYqs)O!>t`eqb6Nqxy(J-~Z^ z;D-!++2|fwp+>wg?#5`1^fk*!0#v3xqvorHWf=K=@oV0i9Z{!aqks`kJ<-;MTNwh&4`$}cWez5@LQ~2raaD@}#kNJT%AyK9YzKV~mzIyd^N?-^=yBTyAuF%S+f$ZK=igK6nbnK0aVl<~l*xtNnDYRypC zAxo~1K>2s*S8L;2`NuuO@V7YjZvObp4(occ6Va`{3oj3rvS5c5zRDxa01W%MrL8sI zfH0>!y<8|eB6p~IUQ;v6E<;9zySBSj0iMdQ7S6nt%eXpl_ zBg;Wx;usY`v-=aY?fqkEX6UhmUUJHeWX1LptN|)>Fq$ra4ia*D?V{xrI zc~|*1MPm)Tv>Y?|ByHY+TNl2+D;KVSbM3m)=g}uK>pG1u#^z$`&0jARDv3cESH4#K zM`x#|E0?|O$Gl34Jl{dST7d}qqUFty?xMQoYp2J>az>R!L1pb@>WtKwi~m~1!q#@6|>v7HqO zkVNe8ihhRYxBSZre=VU;SYhK*aDL9L$Iy~ZRv5Ewf?#N-+^w2WBpM|Ko zrL9_tWdY$EWFGE$IRtlVu^QRiLIa10E^cUZzl4_u9NecF0edW$2-(3kVD2{*{tS=Y zdwMqXeAK8&1CSS5|HH}+Rh`)H*Ls({X*iN~2`s)Z^5!71t|DNB#u-pCg+W6jPhnbl z@eI)XONVrJi%oO}ct`qRQtIP0&7eOb=I#NimsS|YI$-~os_i&LOL|J&(jWDu?RBc# zkQ7pYXUhah57$IMxc7tbLR|UL3}1i4lNslsF1bnP>AV5B*_u7u@5zwV69MRo4z`le zMLMK~#Wju3R@d68tO8N{Fg*4449@YD@AC; zwZRn50Kbnhd|UX#TS>!k?Y9+f$yf};{BmV}JfwgmrK8Pd!9oJka?slQ>ig>JViq)! zF34}OizvP_iwED7tn4aZ#4FS)F;NRUgLNAn@P?U)Y17D!bbfdRc$@(@sgUDF@y z^1x#B^kGP{JmY%5%k<*!5`bMfGQf;v=&am%V(FOmcL5X!#f&3vV4>%#RXNHqnA;1B z#?7~g0`6CTz(@wDyt(;YV~uy0t`1aR_0Zg}?QbSl!2m4|AWuHRl-?{F-94l@Nrwcw zA{Ji~2>9SK>N(lHb=i@Kzx_BVyj0|({f_j+yiE6DCySRLYh{Chm~fu&(rxjasa$%% z&e9n$N{2J7E;Ibj+TY4SK2ve(-a3nZ-7~f}Mo^+}@qPL^?eu;~R6-U_Vt-gdh6VrB z@F{{8tnSPjzx-1UU8qw3L~@c2A%%J0J2C{pN|ii3y7|X`?8xp^RLbrS2}JK1jax#@ z0Tg*4pxYCK?BoH|{MkTv>(2Ds&5_Lu`XMKc=)b9j&Gx?Q&NDH^2CTLrESzW?Kc0!M z1sd;JN98*El9-^NzhNlNb{NcTpzpmfuzVy-AtZo>PA_dPzB`}Kig|`^UFR=|f6Zi& zySE$+Q!$$QS(2#YIN_C5FNyZPQzh=Un*8oLYW5Zmg4@MuYAmDke@XCiMJD_RY|bH- zvoWsbyl|IT>VE;QIG`eG>YriB0r4Uzo8DpChHLyvdz!fTd41mCt!RNhkMYq6<&Iqa ztisFk5VIPDc|(GpGq&11<375V9Ec&;x_mZTXWGf6FX-?~&GJPGjR-HQkek~SbeJB@gH0gtJ9L5Vd$No3ODj~+s@QDK;EqyA+}!dU zeW@o!^8P`8s=uc{g>?VuzFw0v+AA4&={Us55aEQ7GNaZ@+~HlSsN+hM3qEKadh`t~ zk@bL()-^vZH0o?RlTc}_zkMq2kX}N-9c>a4KyX2CS)2O2f)8Eg{_`8nxD_nY0vuAn z#<{ATfcBY8#@&T!&x-bxfOeOU_!<7!hcp2x%Xb2-<77oHr37|YqpVDVbe*iiHY=x>7k#(7 zyP*Dl@r~qho6g>weTE#8j;LXYaa)tE)HSsgkDQaD9l5 zfx`6yVxqN@0#hf=-`nSMix1G|5o?3{RWRQX7Q*Eul=@8z7ple=p`X&`*`aN);Q!Dq zL@6R@6{Gp>6-M+=JYYeb5nZ31P0wcSY?|p&6XOZ252JohL4UNNGJ4Mryc(_4^ zN+UKLP=L4i-5y7EMd`sDGllQR*P%UrHv@_NJG*;i3{XnSMYKqm7&*@X2xDtyIyWT#;UgCW3J7g}*^<1iZO3{82GE6Drd9%?s-lOGzwSQPy8vK#Z-`}mW z!$d2~^hg&|;+A1Z9iATKe?JX90uaG0SEZ$&J9X7416;q<0zyVD&c71cKaSO-N$Xv z?&IRQwFaG>gk&wZoObEz-`})TmWwv&3`zr*;OECd#FbHkUgu}`i-yy)mdrI^9e?R9S7%*i@xuRYk%-Qi)k52|qCaJx3;NO||Cy{j9w ztfh4S)%|)&2y(FmgZfjd5`ikFp}Tq6uxoGgpLAJAE%aLHyw4u`_s)qaHK&ewEW%?A zAGVA(^v1|C&X-zlEnJHLqfv%SO(^tZV53BH{I;bs)-G-!LeLn&mo1(r%?Cy9l+0RJ zSy&B35TWIkrR^Ig=a#vZ1{9yim?1eaeJemKZ8tnVpV6~WzflLz_p-TyCFj(UdGBHom78o%nEJ;D+G0y+ zHXLz?|M-)L|4rWmE?CQZx_Ol;wyEEyqRMyvUTu64b%Xq^M5eW@yLq4Gn$<)>7HCsM z=xFfT)%P@SlG=P)W=r~ieW^NS9GnKn`i%WbF?cnA z$o@Kwa-oM_aCN}QSY_rZCjIiJp}tz|Q4%WNK(ODNSLQAII)31YR9@8pWe`4(#^xlP z{b&Ey@|1o1zIEdTBD9ws9fgx5V5o>uzn1W|^p^ZRhX~8bp zM6bu!>6Nn3_w{1h%ik&*FZh<)ogdQZ=l3Y@?x%3zMkj+clf1$14wV&cFk%e@z_RDj zrh<;NnDFhN?zQeNu|PJGwHyv*eWmav55#Ii7Adz>kT-W&qUH0~% z^O1MQL-h&n_u2)w8_2zBwuT4ihoK*BXI-#O4u8YSB|Vm>i*+==-_ZTD>@-AQ{;tGj%OX$#j9_CFmDmpvac z(vDj9fFMVM)|t)SQ;0q7g8$sqXUDN&Km+Yv^>M>wCCmnQeXO>e%B)8t>SYkuboep| z2gPw}prxFa1fJzn=vy}6je^}>9>Mf-xa=}6?y>=G&AN+zMK=1ls9mPwk=iZ#Ubv?C z1)4Q92w{6LcB1|+)q6#Y-Fm%=f3^mQ$uaW*G^Op|NX_OSc>aLIa`zlUHka4xh_1nU;)n$PgGrKpd1axGA>b0!w`^y{M&zF3 zAw!f}UyA>JXc~iJFAbrakOp7#o1?H&CBS{xbFueYVm}+lLCYxlNr8oy>m>t3ff>J| zpp8t+nT4;;;sj5z{WrJEcsC_wi>CruEXdrZDgW7SmLobZc#ppq{@d%pb^oQpKRSAk z9j9OiVGn7rky8U-=S!frw5yQn`XYp_)Qdf_|GN^8Ex}F5`N9;2nAZfdo(OK@;dQ#v zFtrB?C4RX0;G=(f5<`4``{mMo)TXN3y|wu&ba+Z!Q0#UO+$)jM+iXbl8*W0)_Q2D) zakMvlk0x&}w1|3LI;*^_-Ypm`*PXvb+RV$i!pjYZUQI1=w<;SFQ8&p68u+$0W|xmt z!9X_gFP!i09_EDFr|Y9@V^EcE+6K+V`GP+^4?xdAI9iDD&T>uIZ17D92+PWTh4F|x z1{&Hwd2RFaxdatiy-JdA_yCa{#8xAJhOR_KnT*^rNMd1{?pLw{0hCwLj>B(wAf1xS zaxw?)goje;8r8>5UhyqPw$fJ4 zy4hzF$w6Co2ERo~yn2KOfN&My>S8b{g~%r`P4V$NAUsS#c2Tj2vDTgzk3#!!&qNT$ z<&kQG#8;)W_Owq4PuuwfNTU?1l!H5f+}RHcVEz5fQH z(wr&Q(Q*yZKWW}Gt}g@mRDQT&9P?}2IJMY_TNdUTIvCN)YNsA|=-92%xUFTq3)7TX zor!k~^P?y{EZ;4GbpOWvJe;^JhIdZfS9{y2Ctb-y{H_?xy6<#jO)4yMNl6 z`0-`q)|&moa;G`D%aZLqVs>|^J#i;FtTY}!kywS;Neo?*r2HcWDxREWeAVZvYE(MN zwhgO|X7tG!-63aIqG-{NH$PwF+({|d>IJ`!30Xpo(z_^G@+2-@#g1Y@$IV*T+x1Ztes8>cJv6FHOmJ=Mezp*dI4h78cx|< zWqKTnS4t2%he9+oNsJrb+!IwM z$pLS)!zcaIii@^t2F4(UPwo0I#V`=g4N8XD?1-2flXL6r_|M0x{!)O#D+;P-V^YlH z56cTYD#PM_llfXJNBpxk+6z>Ne~nzK=zV{h4lXTr1^%y!B8`@Pi4!-PRS&Zxf~B$Z4H> z=wmNyMnl=3R=DahcPw_-ZLGBfJ~nb;d}mlr*z;#%v*&ly(qIvC>HKIC4Hd6>qQjZ= zGfCqqlTBRXX-PFcS8xZ%{V6Tn(31(>a*p08ERuhseA~Aj|LMZU2u^Rth`U@nbk7pe zC}|p|m3sT~vc!2IZYSvan^{`ylj1d4@O1tZ5fs?uMbRnn?3H#WE4S60r!d)px?f_#EkQ9<&#GLwTdpCccgcg^2AP9} zxWcVLScxM*+RZ055oqkboPp#!(1o}FncGfrXVICulwXZPOQ_*(FF|pEoLZ*K5M$0{ zoRjv803D)55_*LuQ*LnGv+xiv#$lc}Z7K&_RKUl{KOeA^Kfjp-J_&hAt{34zgCqz=S2+SDa)+=~#X0T8{S5_((x?-m3CnEn`%I+$sN`P`@e^ARRyW`O!JyNZ6eooQP3IjST1LCf z=_wWh`x;nOz?S=4;g@ru7nrO)C<+#dxL=+uwQ;-@Dsqy8#;N0l zf`sJss?scB<(;U6!M%YNPiK>lsn6IolLcI#)IO=N3=lTvhj=_oWJPD5s?Nkvb*pmW z{1uk_>sn}TScqs*iLFQf`2;wc^` zAla?&OTDHS6fB7ZuYJ-j>ehZ8H#pjkDbTO_e6oiTFLBEp+oZ;1*1yfW8TExHjt5vZ zW?98T%Xm4o1go1d+(cKq0cC_GqVasie6^VGRMUy%Df^&}a-A1@j5+4+#6>dQG9~j` zHusAPbAVr7SNc3e%uxH;E6_rv#C%t8G|L>48ec4jI=`Ifxe-(gI;Ph39O|TCc+2AO z__dj&7$PwCV+$hkVxrU^x%0A`Gn6B9M2dzo2akAH;=$U`mnStzQ(g@fqIXRi--b$(*gV{9PTdAAE+rZ9Sh`%E|BcT%WNSH*C9!D%5sugC8|uz%59!tvKBIVJUje^h-(+T7zS^_ECx7?U)TG1WiAy)xAOgF zA1Kg%y>h3F}(4HLE6ZP-W`n<6F zgqxn4aV2>I*NvwZl?*ox@%bo{wXa9GkKPSd#xX=zs_dT5qP$(}D_8^TI8yO@CY-O< zekql(4rB)R)D^AQu$H!(PV0hU^9A&}-BS5icTztPweuP_frNc-&g@#cqlcV{*VN^- z%_uQu=p2oipNDY5qs${>Zkt8qsJ=(xEqw_A;&Tsjhpu^b+NoDYE$T`2UleZhRNph#{{U0y*UChEj3T<4y$ z9JhcqGj?s2ZC*FrmoJwE8qQAPeY`+?b}eH&ITn(=!!EPE!rM3wfYt2)s^iLhv%*z7 z>ss(10_MQ_Muj|vZr~h9iW`1Vvq&5XsAf-db+2)TFz4%v9JTR3#zy1H8qil>24vbD zNY)dTxlgZaL_SBzBD2pj9)V(WtAyi74(tqNQL{x%^HO%3sGb>ZQ>mWtAX#&M2uH9; zm?8Q`ZE=L3mS*PvG%#fSvVwT@vnfH}y2YA06b6>e(~{r6-xsj~>}DUWz6~h5LB&tu^_T z5n=g*d?}(<3x*}h)WUD1#SUF55=V#DAW>?0B$sdJH$5Bd9B7#DCJTP5$7Ze(zvGda z9NT?Wg$)3Ny!TxrlHzs0ij0jY&;B=d;|7ro*R{ze0o5O~|OHJqz z>YP|?C2{1GJD5!N%HHaQCR(!P-h;~CVlELe8FmQqz5ig{X&qDiOldJjpal*`O&RX%_5fD6UHS;X6*G)~? ztY)Vk;p%kQzu9#9d3W6TG&Ijl*?h-ZN+CFGHvW50fA+5+yTTuxCMH+SGT*9R#->Hi zCiR}}b?rCQE28lxY~AFiiEXQX>qBh`rC#_ zGNcie5ec%ux)aFWi^Ge}mi3XFu@?;_KYvSsOq|9v%LO!e;`PT({RIg~>5OzzLWdj& zj09OYn}2i*?n6%{dh51w2H$Kiu5N#uoSk33yaX;JT2Jf;KE~P*&?Ez4|6__J^L}Fh zNSYSqqDJgX*6cJ)_gAfE6QiLj`FK{hWyod;D#U~pjp&lX@C^g(O}Pl)LKD27UD)o{ zvd(Jp!M2x?zDueWaZ8sHJrAk?0kntaF2g*xF+LXc&EaDG3*v18TvXCTck9LkVqyXw z;kT#Wu0I|fx2l#i&5-5hCI`>Tz3$5w?rGMis?&`Q?(=O?!q=rX7rg59-Q*&MfQtE)>PFZy>Ln;eLa`B^%)1J9?rN!li zO`Bk+KnX)OVO|09m@kV)X8AcSZ?ADgqF(|q{%Uwp$gsWD-)1v#^ZY{+Xe*z6?(*kP_|PSx7xn8KGE6Fh&C!haZV4OWjv}U zc@q)!w~Vizyl`*r>dk_Rr>F80?H_*+ z{#9Q-U)KOklP|rCbBRxHhzp}nRoPx#><$eYZ`vwM0U@X==#_h)lHsoB{;JPcSzF)4 z`q{w?=cO%fS=kZU0{o#AN>l|4n@W!y2|s39W^0w8=XS1BBQi4j7OUs>M<)uiRZ{^meA|d~L2_2&aRv5G zsD>Hyy|sN09gBS?ahr+`S#Z_qbUYqP-8^TmMce~h%gnH?+hiQeRIG`V8>}i5y;@^N z6_%kC5J8or=L)^x=5ToCa?RVf#~Gx#V8HL+bY()N8BVWQMsK6q8_%p*apnwWmP<~0 z>MxzaJo;ADx1xS@-<6vALR=`Z=hb|PaD*c0LfP|LNl97GH(-7U@aj7dnz%y@<1HMf zbaXW~Q5KL3X`Td^aB67gn)J4Ey3G&Dw+L}pC3%N1%GaM|Kq}x;m4yv0qmNH4aFh@S zzpWlMx@B=Gygul@{wV-P+;Z`l=SQ~7PXyVwWr&UGF3GB)2_489y9 z743m94FhQne2rdHu(KU4m1rQK==&@3Niyb$zzl=xC8lUG@|T&iTcI$gFfnv-MT+Ov zghsP|kG{KujbJ+Ln#C~@0knf`ZSW_YK|u_rHcnZlbloeuq{ro!ZkN$$kOGGJ&^vH?64YvX=Wv{4<(FzjH#8C zm+#IvT6S-P`hg_NTXE#9g=RmYY2;1~oqpVRBl8Tm6zj`bD8*o#u};09pytm9&B_iI zH6{sZ`g}IMpv5C=_44$=tL3gqz4jde3{mhFz0yj)-}9^U!zmxP`+1=NK;PuzRnT9& z1L}_Zjca3Da5Av}CAD@#dfhhzXP!3Md?X)N-5k}jp5xR78sBIj6iI%v=xWo@@6RWA zE?WduFq>MI)+Sx!+jlu^9V!eLXQxOk&Uc;l7Sj`%Zr3?H0RJMD6GArbkLvQpPy?^y zATx*wjr6jEhrHi!x3xC_1~loU{7_o7G|aJOwm`b%QTOK!D~^StzF(oNbaJqLEs+)7 z1F@kM{QGB!Af*wV}nQqcBi2ui%2Sum1hpOB8}6o)%t^&ww9OM%{z^_&^>w=E0(BzgLEde}SNgvL7{fJ8>G7GQ9l66C9$tC4$* zCU)?Xhm~ytEsxYfjL-9mxs)GLO+csMI*#Cv#3@snFNRWN=H6CN@G}@rxm^nC{1oLT zbTQd(E@u1v5-w#&nF=xUG}1%f4US}lbP;`{+~te9M=is61)aN@#`vAE zYrJCYrC#?(QDyYUZwW$LWq%3P_Te+tn3k{-k-|Qk)=^M6MS^$ZSFuVZt#L{B#2qc{ z)S2KK&&J^RQA4ksogP`UhmGF^sOJipR9znft``#b_>r4@mcXy99M54Tm`QP86TjaD zfGUQ?uQr>NGe2FfK5sM`YLO$`*bG+R){aocJ2Gw6zQXgO}5kKR)?(^IF~gN zvQ5&shJ<@+IAQ_H{ckz@ZyN9sSk9(35U;R1w{KMshZ`kSP?BLpPXu)b!9(J+$ad$EC&_Z!XLc5RSz2=dV{OVxfOTU-#j`@pG7f* zXY_Z8&3?>@HSdRjP(9ME-wp>v>66z690S=X7X^N0BmqsJbs$e+iz{A@1G&Hc@}0kcmnADkt8>R&Jt8?%T6A@beM!;q%i!8-u|J!^ z>9=g{9Q+2GU-*;&r1|k>!)KuJBG|Tr6;dmz>(=dtQgB6>Zt>*v%eQ0Owy%dvh1Ld* zY$I_%m6o4ty0eJi$NN4qFB1{UXKOMiO6W_HUV+CR7po;&_WwTmU`*eL$#B@)x+`5E zAxUd9+=K>fh>jAIt+I`Ns-J<}S_3B)=KFkWwlN9Tm!-WA^Q66&dNPCKRF_Lry@O#QEmSq>c>(*XgwWU=WAUg zLC^%2uT!#9ZNupE(u$4kbdHBRE9-051;WV(Tnk=}TD0Tqo8Y=rF=$$ULBAHC<1Ogc z{uj;Xh-i*A7rb)Y%`F5OA8>3DpgR3kF zoHgW9Pp_ll4X4Fij;?;ge)`8rXjA*Ct8`Rl zv6i1BmFv$1VwM@8i16Q-o&WAeoo7Oh{%uJ*=*_TsL zz}0QYw+?w|=wF_X&#(kcPgRHR*rwPSYY5cINE=V{w0_&CLW@sJ-Lu1Gg;#o^Kou(0 zYQ#w`@)0<{Mkke2`0dt#zka+^lc64ifOp>A1454cp(KM?GuhI)qpE=}gBpO~{K<$f z9i=g0&qRZ2B7Ow`2#MAFH4b|{4E}1fi1xOe;?(5TZs31OMKS^K_Py*JYXYurlrz;< zUi`kfSpYiQRp~C6tawf9vn_Coa*PSg4k5~)LuZ@@xraBZDm-F3Z(&E}$#r-?ZF z5=v`u=7YCIl~A*G4K_haF2W6U(fmeL#o~XYc<)+M%@dKsZbhyb9Ovx^hJ_`i?#Cf3M^tQ;&P zEF}Lv3J5T(c{%`?wG>UP0j4g@s;(w3fB%=ZGqwOQYg(DPSdy@^aPu%r0jw-6T}U`t zc$h`)ZS9>@9gIx@%whmHD^q}qqzJQ!m5Z|yz)95J&cPlC0J@OyFiQhn08S3}w#F_1 z5_4l)X8^N=l`Z5Hv&7$1VgOTnGXS$30B8Z}gNucYol{T{8S#JLt4GFh=9vxoP|Mks zCWmKwGTh@BOaMZNC#xUex9=w8uZcl9kAa5Sr{+4O!qjSbLpK)!t-KbaG$=z>?A<|T zEDD@P!LxesTQ^BmJqtOd&<7w{kC8=OMlxj zqa(KV;cv6eRINAd60ubqz>Q*6@A4SBbl)u|6+7>-%ws987v+Mv^d>Q*aDwE6fWi}w z2j+}9!~~$ukBI#Ae;2Fjx#_^oO`ET4>CV%>QPx@Gpp2TFmv+v03-#=6l)x9btL5Tr z&uARac#d#v>2nSY7HU`7KZ?jyT_o6@$#d%`uB#(I?s=6sI_EW}z*A0Z+?~w(e1L&8 z-bGlrQZ1xoo{5GqwNRm&u*D=!v!)4CX*Du%m1NZ`ovIqLGKoE)R}fwz5;-o*_0`iW z5IUh5zTik;*VQ?shv@GOek)p7=Vq5SK^LQ$0k`+hYA|y_NYkf74eETdv6wV{x$R>M zzs92|uT!9~@y)@>*)uBf@IpCi8>~vrHUXV@VE?v(FH!X{Dpl|D9UcICtw6t9N=$e- z5)(eY)bM5QD1&d#j{dGD&w7Ks>7GVQW28JSF+M$Oi}P1Y4~=)Y>u08ulR}FxeW#)a zcRJqYZnTqQt4TAd0N{TpmHe5VRdCGLYj8~XT%dW|5%NJ}4F0%Z?EQ485|E<;5!7P| za@$+Jn>EJ}yfBCx7exP6e!PDCj#4=2FDUbl1)Fc~hn|Z{v0ssw?rG+HIJ5bFI;lu1 zt9(BzC=gYq6TrS?gAm`)99t`8fhPw`hVl0*1}gm@Yo#C+!7S%mUa|z-K=^`ygPoH{ zL<`4bJ`T;FN$adrbk*j6 z%ReoYI_>i_@5Cfc^4s%1QQEBG+@QwFEGnUD{YX7@uX5J9!S~nNtxnVA*D1ZpP<~F~ zL}lueMIAJ(Uwg@Y=)yT%`l`6vC?X3!S+$#Yt9Vwjy7BJl*Fd8c`0c%?(KH~mkW||* zQRBsN9J&ZEzD!>L;C81e!=Mv;Tr?Ug(wi)GU! zRGHEvL08i@QUmDF*0!3LN^I-+4U!)H&SI(6%M9el^xSm%2|XK5>6761k}FHZiL74f zYgRJ8FYE()DsMV78Y5#pxMDP#hqd=QPmWohlVblAa@CJXPxguxRC~6@#%cmhvuuZzReblLOewGxFp}LYOmb}L$>7v@LjvZiGZb)>57%1Qt&Jzli7T>L{(ZO zQ`ljDQNw)SeFUg3gi-EYn^O>*Q7zN9+oPqif>9Co@cOYQqvLy=f9B-R{IrcGIF&RY zK5zMee*`{Qz%UNiX%p+L&M+TT9?!NtZYyp7>28^@(J8B~#QDA2N}Qn~hxLze_~7$N z;6>G#WPX&=`&z}`mCt1MIl=Cz3alblOUFlEsYWlBrMesh5M?X_o2wm>*?f3lrV{jz zZVOVzIldqM>ir$NAN!gZw;F@b>U7hclpT`IDY7cjJlWQC zsKY_}^ELu=+am`^hJ+*{ej0Ij!=z0^%0f?6E{ZRt;Sc~FH z7zC=D;2tS#>0>*z+fDSQoR*}yla1xbK?U_=tq^@DH!H%*xsH|@?a>%v6z9Jf3W}wm zTwhBxAR4xjy3C52T(S`G3P3+?!FoX!6b*}VyfzV?=d?Xm@)6Z!obH=eu&Pz&uF_eB z0z4Md`&V^|Td0O9QJt_=#x|61om((b{LcV_@!E@{_&Mq7K_|vfwbo_Rb}P9>xR|S2XO5F2b;pci1!Uh+7R1MHxBP7or{Cn8 zWAItpuQ$HgFAOvma8FB)aT6}*awpHhX`_RRxX_-o<@@r@biQF{{hYe<>(8?7M5fH0 z!$C?%M_L0P!nP{Ju%|TN&#HGAJwH~~Cd6n~Wr8lBciu6jfV_g(tdbqiJ|I@jzJ$$$ zKqUE%U;eCJ`9bUFU7~M)!PO{>NR7b&Pe;atL>qVQRWnu70=7~Y7A%hx)^K~DJl#z_h zb|)@XTv(|Y(Q_P*FiJ6)-!DK?P)BUKnYOV)Op^Tmn=^kA>mjLx@&1#NWtDsQdk{C} z9E`)wAk;f+WPqpHBu-&ahidw5y5b#SPu7k z1Z8m=2nSJA^bS2lPtdDe~SB#)G6pw8^385Dq>RznU?d#azjOitxZ%% ze-<7G7@m^rSIP~Z42PIb3Vg6`cA92Tx8Wd(tl&1Yj#uN z%e3Gx_dJ)(0cqcm5=oj%Um6Aw5Hc5QipL`Q!ej0=(sI4Y9CDw*2QxajJt^5;}VrpgDQdH3QbV}`*0^$Oo{e|j}j?vF9i zZ?KY}aa=KPp$uH~CH@^8HmCS7TDAH**tyFVi)Q=IqA%MqNJWhpxxX!wSS*G!WnRIP z2_qc6oY-A-?3oPXb>4#v$2+OkfDcVAW@fHg71d0RRwV4q3-lb_RR~|;rh+?=BiUih@E#^^W zMg>iPC9?ilb}?4sH0`FiN7>GjTo?L61MtDJ*NAAXi~Jv4rG;vXAZ#q93AExg&lP0P z;5dRYLN2*%-JrNjANyAgng7N|#ddFrUve+>8K?WA%|}Rnt(arFaK0eyT`k{`FHI|0 zhLG{L^z?p2(lVb3J$s_Cm6Ub3oE$?wCWD5vaDjoH`W@27bDg4E=5I_@>{k)wn=#I0 zH1C_b$vTK?RJ}*D%M$-6cy1yyK&_{v(POrCIIIK9 z$dI_wBivH&S0;R+N~d#~@ESy05!qvudSC2-UrUPj}W-YK}`%mR-YBF$ujK#-cj zh@hQRw|>VFOwEoSIR+4ltW!U?Ua1Dy$J7wiN+;0gb)Vt}+PWmVsV7U2a;O0GCAS+k zmc_>M48T*CO4X81F#E<0ko{+vAtmQxwK*f66t?TPqj+pMKhe$i44yiH7XJv`hQ{Pn z=rqjKw9&Pd3Q7l|2{=^jOu|7My5Y5XR`PuDg8l`>xJzFvj=5d8sU8>b9&qox5*G_8 z@No!6)K6gU$+Ftl!>l9~nHrpnM{YF$U6}&{?NNr**)o^mM(=7B*G?x(PKmgdtq!Ms z`@AC`^WvOknp7wFU1ef;;OhT~frcL>XkzmlSP#n#?(@kFH6!M>L#IJ^%Rexk<*_|y zRU?#ge>ZG^u-HF5pB7^-h`~8bu!4dCdvv0D>Kcr$QXSGsr#(yXPsv-2`^B-HHK-WI2a-Dnr06z+j@~qD=c54YWzl@2 z-@#d%$;rrt5(@-5J4mL#ufd!>KRH5Qd7RYqN{hbdN)=cJ#LpHCFt1M5R$MU3|7>5( zb`C-t;>4@X9ZVz(H8{3`)<=FbT{ebHDm3N<*8^V+;}|e|cT1UNN4arumj7>2TL_=CQYQ!z+43e;e2g9k6&E$A7Tz2lkCnREy@ zDXCk^6XBiosxypw%8OOc#Yy==%yAM~4`VBwFoQ#Pt4EaGK}8Dckkf4#1*+{jDq?4e z+1F#tz2D5b6VB4QM*XPa0_OQcDOG$IcSU*@LDSfJtr(QepnbF=5liypaw*<*?Z0bOcvV(i6@8Peen5*@LYAw6F=dPqy1T`*h4$|0WXr|=d^0IF=u zCF+Tj;fOCysoQ+iiQ{}yy+PGOlsH+yjK{d7o57mWZ?_^HT}Qf}Rq}*EVP~i?=3eQ^ z_r{e*^~iy1Bb^d?o z9Ltx_Ip6rZ{zPZ}k#cTYJE@V}xoNd?pNJ&j$zsf=_+tF|U%PTBVl;m~eQps?$e6aB z+~ac2#y->%`qx1UQm9fFAqiRz4X)nXU)TNJyIm+U3`Gu$XA;C`t|8>>fR$9L}mvLf1wimKAAPUOjGbb9Om!u{vSWOrYb6ImKClf1g~rL zSB3!`@-rh9R-v4{0|5Dvg>j3=$ilZs$2|S!`8eQlqZhmHuE|ts`9Ugjk+-jqoN!at zLj5HtO1_xh52tm`O3}Qp0(+ePv*4qqJmN~jlEtw5kO|rh7~l!+W8A@L|LIu$Ig|q( zRzO7I%T(=Y)AY8k#Yx-Pa%G|+vVdjwsP+1?jSF_=nLRLQt0ld)aBmn6*?q%KQLNDi7TfxoxG5+ihvOPt18iO!9zW78SYCcwL5Z3zaIozVwA zBm7~eR+H0iu9S!?Lo-U(7y#>Hpu6;E?bXS6q>_ju!?&$odi|C;b?%nnsdF2cIuErr z%}pi}7JibviGgJSZ1ppJj}-|MrqsS2eluvEgki4}L{==4X2@-*)w1VopsMcBusjw8 zgZTt2Ns}vm(waJQEJSZ^9&AgTFHY^Cc=s5pZG3D^PUx`6Xev8q~}s(BYaK4h(vdb z9IYf4zwBDKA4rMGt~$lrfR+*NxeaOr&d;VsCixo9%-axd{=lvT56~#$JL^cch@;A| z_@U-}6E_yt;}N4lI(1^0(Cgh|Zaveu8EM0>#R>B!Nu0glLOM2w^ZqN1twHfZ)F=^f!rv~R?e#{mp zoL`2V)A{ja7cYCJ_F&q^hoIS(klQ?eBmF$5eW}UWhhdAi@PIdetxqS3gxew7M zpBdY2bv)JDFQ#5VxM@{cy)|msT(C{-wIgB7UPG%vx^N}g&SKyr(gl90&o9fp&}BUi z$@d@lZe^Y|NG^MV0;5e9+t*i&p_u?IXlc%ab`dE>Y_&? z(q}ytQu*H9;PxG~O5z#|B9poJ?(5O6UP^unz{Hfo=Jcmn+2YTq(7H%8xrK$0aW5j_iE;%X=)1MwU-u~YQ2fL6>1o3d<659sYnBlWr5=~ z4jlnXU|tw_zuyy&E@t9w_vUYK?>{q&Eu6=>ES5CF5;o3qH^_}*19ml>xDoNS{qcPd zs5LLq@FmG_5@xr@WG?x(T1SuE>!wjd3$bzY=~6QrQjW6BbEzJ=T@!0iwwGp_WqW;3~kEPF$GB<9UI z8~j~|;7$S!*1FnUBXqs>#>tP?@^~3{qnd8*wvAyijEkmsY3zwGDbf5{LLqDFg$nTq z|6@4VqSlx?Ez}g25Xov?24ws3=;%0AOm;xF;5h^H*^I{=rEI>mztCO5LW%vlmC>-; zu7?;ak=$BO$|dhUWPy8Q_J?70U_g9>B0#a#dg4~$c_0c-?Mz-7g_yeR{g3=3?>$Dt z`)O$Tr)D%d2;a6rimOurXOBRenVsaC-pi>0Xx3csRm-HatSZ}`lF{9~OMoql@;y$TKm;*)@`=1lm9ld!( z2&;iHAy1_{X|(LLdYdz;$h<1NmlB zu=%D`rt_m!C(9x=)zIZ3r@IE3Lhzep=Z)On_sZk_?Cow}{|Z(#qtAjfb|P$dCRB#Y zDa~`-v+m6LBh2<~(!Qyz6)z(pXSq=$XPhHPs`pHCHa;Jf0pY#6dpkDcraGw4l}HX zTDA2P5pYalXI)PGTGWYy!7?XI_~OYiLT|9K2(^NsBUgH^d8Q3vKpOc?J~VSs&B3KB zx^y#zJyp{kWK(M!pocClmZF9!-hduC79iSCOCL7hW4k%f9VTH0Hfhtcs|}J3vcgp7 zC8Me}dYP}B{!YoQI=miJR^p(OYNWEQFfa29vnFc(tn~?*Pr)_Yau#1rJgED!GA)m= zkEP`lsZ^giozn344s&vX2?fqKh{T^J&XuU72dn1grk1f(?_JD$;7c;X7yp`~&|!)k zo9aP@WUj?5XRhb(E?I|a zFOz-|5x>(Z6DMeE!ZW%egG#bRTIY&8Oy3S+psjfhx6$|?_Q{2Vrfo1dl|@l?bv(o? z^sYeYC+}6jaMyGyoh=o!ttko0m#a5A$#L!1Nv{xtq4FK3%yueF(9*eqRXIVLFF0HD zN!p3x{UE*AA!o1$k6e|%p4G1%|NQT8BY3Dx>VD&#t zw_oQ%2lQ6-IBh*!d!2Z<2BryPsn zqm&Z#iE9`yx_=&?+f^DMXKP`?G#s^ad@yBCk#Sj)SKQi^8@Yu#8!0$8nKwh|?I_K? zi5mLbvg@$*r6@yKKTzM?k zTC8XvyRNZP9`+oK9ML;=!j8v7!;}iy@g=0eYQ0H9&_yECrFy9HjcEPZh;ZF6(%VId0Qje>xNR-!PSbJ-2~iHQveHn!5c)vGq)c=3N1mTHD-Vck>w1aa-sF4R(-a?l!iXw-HKfY#1wY-lzVMk^_crq6yGp2z}|BX|$B0@pt zXg%X7#M$jD3ieX;wEzSw(_7I`NVb&OdB0j`Iz7~$La z8rv1+A9R%wm{hVPw-n)Ygs3m6TGbflGILKgoR|vqFW2#Sd1_(xWR+9z|64q3GONJv zH(Jmwg%57;HPGSV9#^S28&Yd7pfB#tD$QS?{6Ffi5nQmQ)Kl zf2L`=*+Fl!9yPS#Hn~FPCvPEuNGGwUu}H3WtMFUdVtgM&!%8i`EYeoR^egAKWFebM ze&`$%tYG!@4d1c5*xvFIcu}SJB%w6!fSKaEPx9cv+oWB4_g!ytw*%8+wCZ!txv9k? z>M)7F#~i~cY||!3wBA!71PI{kjR?&&^NZ=wl10n;**><39|@%zsWb`-H9&S2B!_RU za$he7Vh%#Vg|Jx3T=!VXVda^ms{Oq1H6F7N?l`<8FRRx@aB_($OX`QL_~Or&%MFcR zhVQR9L_l2`%5K>z7Fi4dF&Ga$COiBvGQODh(f$`+tzk4ujJz| zVR6g`o5PuvETI`SjY1@~RyDRvf+8t)8R%zM>-Fw4GohCsdP9Dt(XB?=A2u|cyPWj)_@zHDRv2peC zRn_vs%Fmp2!yj2kGUdGd%Yj!&wRAf}0S0ZgmC6B~k3Zt&v0~HHMH2C&<<0#fcdce@ zHdKjbKSGwyO?*{Zqp~PV6MfemxLn6|3i&w`&K^VKdXYrUzZz6Yk!5hyIGd=;rGhC@ zzfpAMhh}ZH@{B_)g+fX3A?lQ((eJFP{05_;v4q+?QyaP~qZtM3u)6ls8Qu0d<4mUE zAw`0mpLWbs*xg$lKhdcrzC)$Vzpr~!193;sjnV@=DYKCC@}20m{?5-%j)h8v8jhzgjO|F|VT6P#DFuxfyM#zbM<>@b4k z+ACiU^d1kPs#a53JT-;WykxwMSHMc^=)+Lt+6OE_Q-*xOSrs2Cj|)oY`@tsXuEY*+ z&^~au5^O4QEk88p?e>!oEo0ZY-y1%>ArPvxlG=ByJu?E++(83&rp;`W>Wcg@=++ z$W8!W%%S;)q9e5+w%)`cQH9jcS!nDfNCWp}j`LX!bB8Z|v6+|gZr9yYHfQN(2(%V< za7Q6PkP0Gpq6TBK)!PRz{47iszJQa#5+E`P6wQsx^*% z@uA=(o19Ki%iH|J~Kj4V2pQ7E##78iHgJ&c-GmcL3`-kONn3>;vg6@k4 ze-=S5Q|>z-2FaTmH5q&uoE2IMnz}C~1D$#B;Tqpu^dGaF=}^O!Ju(P0X>=){K3Tqz z@>xv55i!~8P_6l*qgY=?OV$1Wkdz8a$vDzi>4-Jsv7A(WO+GnctRv z!6yn<^Wratx!|BdVbOuXa$SI9wr#L2IbF!z%IHNx*BJ278)QQMboenQUY+QczlJW{ zW}v~}qq2ObxU%D%8n|YzfFJDvKg<-(t}RldI)+q3ZUT!{p1mm7ckL%9FHY+pFJ~P) z6Jpu`vHgP`MvrnvJp)AeCO^QY{On6(f`J14PCMR z5(;~jSUr$yIaSS6W`h-Z@SPxI46XerD?l|iUoOd+dh#F&G5LER0aEsS@bPT@CczgXi)>#&7{ z+C9;S`unN)>vRPhNQT-J`xgm{xF6T=2;GZVnkNooca}4uKyDzO_K#&sg2(VW->`Mr zTABGznS3c#`@ZD$wHNx*yhId^ts2jUWq>i8K*|mq;6xP(gl*XY*aaNg+U73{h@8nk z*hVZWzjVltVo#s25b3k6eL59FtTI4!Sy`l6P{`*#VF@^~a`hNUGR*XG%*J zj$p59um@AzeZ6p=-*25bw{E$MJzgDxb^Sv#j8aUY2s{biW{US-B0?h0!=Kgn5I*_n zTr?lI4s>Y9Lf){L7WApYl#|=mtCGTO#w%@mtyO=pbeOWfY2z{OpF8lNR*%3*-3K_J zQfY`=ojey|4+P)G2e*DE``|manx^eXNEgNdEkD<19Z!kQKi2-4ovaY}TVg`qtZ>WA zP+iqHP?4o1Z2D?e2X({Jz}elybxpL)Ys(ca3w)zbNzd_Sns_e3j-lM?lW&~rMe|>f z%P{#Ov=WMC=@C&4eYbL!}_`wR_ zyUL=+%RWdYT5j7unfb`I0TX?_SVZ?lAw`acYB}65_CT-<#Du1 zpnnsGMjaj_8GX>xUma1z4i!%&PA>@lyqyF^e8UvDp3M(QdqUoE+Pmm?dx!N20wYO} z_?aaR4n3O{S+Fi{7VOa#p=aB8CwD!2qzA-!B@3TT5JI|6sI0TXaxV*v+H+meLyE?z z{=}NrwFODoB0b=OS?ub?Rvkydp^oOVEZ0k9RQ^-&G?gc7LdN$JB zZn~QE0JJpzw8F%ylA7HCmsV*Jn~BL}Ig7$PS3kV1tCc;&*ZrQn4TGA5&gYAZiH`QS z&bN~@)mW?6=W~BIp@&QA?3c|aD~#I(?#|aC$DUjk0XNhrGQLD*?UWyLqP7 znHMNS56+bbo5G(%j{Q_e?MX%E52-paE5BV`hNIxJ5K<6Bm3AZVGEMDw>tvUIMn3R) z1{#(T?h~b`RzvSahrt7q1+VUfUC9RUt&iPzLp#CI#tn14QTgtS^qZlP~t1m!=P$jf?6CdPY#AyB(dv6sM zN6@|dk`RIf$>2_K5AGV=8Jytm?oNQgHMk8hxVyVU(BKZi-QCZ8-~R9CoQtzB&)vE0 z?x(wFt*Yvp-+Jq<>wFca13$T|zjUW_FMsM=ty4Ii%_36#7Odc@Ho@Af)n>aP;~v5HH9a4p2#t~ z$*Kc1&J%y)pTd3kpI;Zcua%y>W~parrsKiqpre;L(UAlgVem~2UZ}+Tg%WCg>=lsUSH)N{I29ErR!~uXtC%XHyUWdwAH{Dq8BvIr}8VnEgpd_~!YO}3a0n*@yP~?TJ69I#uFBFJ_(a{-O4|$M&xFmrPPHx#%?=2z zBgC#^ZdR|E@f5#8JT`cCQH*&OgNhIDk)4Mu_3upehs)FNwC7JSNS#g4^8Bix1Fj3Y z7)?ZIV;20WSk>Qz%`T(tnD^;NGNBi!Q<`2|V-h)>SuH^lHW!C(BbbP7m0(K);`6sK z0&OLqZ8e-Hu6@DG+Begn)>~uTQtQlA@(FHwTL+;Jzsb;b@Z<4lY_p%n=w1Wb$lh{} zvgq;xvzPvC#or|~oVBi(1?D(%04le>y4nGVSmNrrYc4 zd|%^=tq3AXu;0sizg$~t`uqyEkM+CR)R;Set$IBpkq!`gE7JGfD&>syIrkA4dtK>j zmCS=W?4{i4`{VkWenowGo!s!N#q-&$vw!}L3te7vub3S=cSC&r zNP6Y}uq&k5Rr#u~buvpfCH{V!;W%pI|2S^{zJcaT8FBb6w`nAeGSviLmKw_7PYshA z2l{moLSl|lgm#0zsoPWb@i2ee#*5=j{g~S)&uK8E$ba8u9EXkfpD;Nab0;-6eQO=X=t*5!_wM@th@CXZ;BzVoTE^Nc>8s%Ns7TWc~)L!kC1+27Ac<2<&3r{b%ia% ziR6D3F$$Jd_sd8iZ|26_9VXHJm)f6t*T!G^R-N%BqX!Ku+Rxmh^@?LV6`-7_mb3KK zaW@rVz*}YHNt~Zxm*`S=-qZ9c*ld2Zp)cee(|nTs1zVeuOR@vIxYEu?$I%BbCi9B? zecQ&fJ*Y&*TMp3^$g;q?G>3J|kAD5vAQ^Jc6Hn^AoL9*Bm@wD5m;?9GoOT}5bE2WoHh`6yuhI5)o%j{wWI!T2R?O|$@VeO2^ zX;L*n01?gHQSk1Mh31AL9^cHSy@pp-{Zv1VL_IjhCGNwB-u0Ne-w+cAIuZijj28)F zlO*@3AB?DF$s0ekDxWHuC{Owed|DK|TJ$EEOzV2824{TFn+a`-)^HC>iK0?YXsU?> z*;6)LC9JAzw>jNvP2el5I(Bm!%UpOJeRP$ZT8xBm{|kjhXU0YVmYWU+GixqWb|B~~ z*N*S|7M_9jsFaA>YD}P#mX7P>_vZh_f!`W^0cu?oW}zT>_MxyxKmXc{)cZ?_ zYE8nvqDYq6vy_Jx&Z_t0W+V7p`|o*ALAR%8+mF@vzb=B^AAVTsQS_e>qw#;gJ1F{L za3z15A>{iyez@Q1{<_(-?~kl&asDr*XHv-h9rKO}FC_VOl#HnQ}( zum8HU5C6`H4td#n)Of!*JnudCxr^-XdmlK@ze;fU$E7y({zvJS>rL@Zv%!B?Xt&5u ziuC~r5nk~5>C$}M|26ja3R48oM*rc5xK&b49Lf2cW&8MhsNJpqr(WF2E`f&-{)0!2 z>~}u~P67zUSId{1AEPF=%2)R3**;rCwE843;!rKfp+R{Qnv58VmTqv?>A`Xc8*@hw ze{cK3)iR3LN%N#ry{blvc9pplKePa4Bf$nCh(Un=XM$CT8wob(2^MsO09xa|r?I%WZi zYU7_z5*gH-B9|TbYuW!!4C%4XqHj$uvK|kG6(a(|8&@MANSuf$U-!Tla$9R_9`aI~ zc%KSZnSdQ zd>T)=MevZV1~ZJ>qKYZI?6=DI&_a^dAgTLyw8vl|mZ>FpD2wzS`;`;PBM*eq;vLv@mn*hjOtMMn#d%?5$ zOA;RFSsOOpKF&f1#v~=W02yTD6C?tLYTk?YCB7~k>iCAsXN^zx_gBIjgt&3y7e;$l zAJ2nP^l;l3b65?{4QuIkgZ&;DB^SIEXzD(e_Hof$St}ibAp7V(6jFx;`Iv zpFtM2&9eB@lu_P4hRi?bOXm2s$nZpULHl2vQS2nfB3wpsQA+sgGR~@ylgc%D-M=T@ zkFU}Q7Gy0p`K5y)WQhvfC#y%<*C>M;?t~{*je1*=7%?+%idF?4$6X!<gN%Ldm-prnW11^{LexwhdKT2KZz6`f7hb2< zE*g($O=HnrJo1d$YaVMT#kS2v$_fV{IuP<5;GLux-SCg zJLcJwWmba*M{|+DhmUKCW>%dpXQnN~G%f-hZMzuQ3sM9$(>5E0hy@z@BC!WhCHm|g z(g+2%Fq3l>1_S4)98T-{HkDAaYC2}H?fF2y*fMmF7%#46{!)Yj(;{4L`4&P7+t|06 zGA*}h>#Q9KR5dK`6}BlB4jK7_0X7@8j3)D;7g3(<=hpkjylWqF7VVt|k`5B8{lW2Xf0+iWd+tTUQ`5J6MhI!KDY$($7 z%$~X1;I$_R{s-Ea%3KP=XVGEUXg?#-t_zrq?fcOANeL8h&Kc6Kqb=$;;T;!>6rbDc2GSTW;sYsiNl-CghQ`+eOPVq<-2#2AuCeQy8#M-h?eCTE>`|PtbRs>M97ww&S#(+CczS;(yivkBe@i;;uHVbm%SAi6 zA#dSL6V$`sGB+WfzF9jl)DfHX>nat(Pg-UX!w>K~&?qyFPh#0DZ9)5!sPJ`vRP&g8 zhui7Xfbni2RG3~5qSX2=E?IM@yFPxTw$NAXw|_+tA3YIcY=~zgOV#Gp4yIUwXV)(d zV$i>z8Z?Y zg!=={L1vD~Z{~9h_v%-eP*_hpZLfYoOnk!coAUI(1JOCPo22zln}d2u9II~Uzkv}7 zY$uhNa1df63#GD^ETC&3W;a56^}kW|wxCSfErGD)eU=Zx3-0CcAj39Q>S+KFTx8jH zhjo>jgx$<(!fHN^tv3@D<;Z6U-^64gK75>w z1$xLz-I?xO4@E83t8I4VWrdE7uVyHiCtryt0yX~l_u7d)`8@!T!eeTT&&4)&5RuV| z)(3+0R)Kzb>Y(_}F^ZA+>{dQe@<}dh`=!UnPs(|)mV8%_)r2ps%Zj8k8?l1{W+WLZ zM0Nz<`LDt|{*J0K>FJVX|MR_{5U1I!3?{>5!bp8|#8_xz5;>IKn?|Ixq}D)%?j~Yp ztF8lH7EiqNy+}>crOQ!Wffu)iil6)2+&VIwE*^<7oPR&_CP8x;!}UDz5fA~KPd>|C z!#kN|nhZ+3pI=66!pJ7=@~Zu34)uRZyeNy?6r1YXLw~82sAT@p%C6-zM73u>=k2433Zn64Q4;20%nQ=?bw719Bma z*%t;(G(`d+x_JO1#u~|Q0Q&P6a1hZa6-Y;#HVx=&&Noy+7~x^*xyt(@JvO9 zs#PiKVx;3d4H>G|J~B?Fc6)+Z|JD^Z$&@D#PNH0AAr1-UF_${Hl(dLJl3BnZP)<#Zy5+1}yZ*lp(s zaOT5hBghz}nwH5pby%uK%889&+Mj01t-j(kzIe98Po!wRDSuV0xGE`(*FAr1DPi}m zF7_pPZ?H|Va&&l7DNlaIAy|K7z(4EZA0rJy3m(>;P^{VG@+^omq+(rDruj;EBC?gjAE4+Gj_3n=&;YEC*zQEv2k{8boEFCUZ-19-nh(?JcXUOXP5=^pD^x0d~vdvuvI} z!&6$Qi2xawd|`!O`fgkt^U&~qF@kY3SR}9btFGe-3Y=t5KJDHzEX;7~EhWQjr%Z@+ zTuy=$owg}B9cVLEGrbb~GQaUG{Ei;VHXCkEmyla~+DZinsSlVn6{C8E=J=&Oa_I@w zG%4mOa}y)gUd5SNP8PBxQ{uY||1a$z6~Dne_ZYA7fqcXKLOrWOnBh=Gy24 z6_wBQcvt8kp}T}TIaPqnLXwavugFjpse7c5Uvw?CX6cPmL?~mVpV!5h#Qif)`A&SO za?5os15>n&^dFOVgjaT$@yn7wv_XfptRk17e?+R0F{N#p(!QG+7y+K;jJZ+j8JXZP zw78pzUrv~l%&7avBHH26bbdHG^-7FOH->lIopwcj01`<#g*1Ac>6!2`kptbMaMhz< z{%%HDd>JgQwxr;nO_5*5()@T8>6Gg*-bg(>-|~NIG!EMIwB*$5AjZFvO=3|{->?SX z5JOz}G7bz{{|#G6nxpPJ6T1(&&Y z60&aZA+6RKx!6#-eLhfWK%3CEq!J;G#oSuLlH`W-R-wRdSi)l#DcMD(V9-!c+Db9I zG4n_HS=0W=#VhTxv2QKAlel(1Po-Fq-60GQclNWHq{Vz+P^+z@=H@nf`@Q$=_L*~Z(QQ%Ne+tjs%G-Fm8cL4!^?tf-46F;Xt}kDiSc zWyQI`!KxHGQL|)kYS^%FJ% zsaj*G@w)|TR135v27l6WUo89L;fsFM!6uM3oIX(nBLGcdJ=1PX>&f%kf1t)lNZu-# zU^9$Vrzppq@3hi*>~gTGX^5?BAg^x65LM-*f)#g2XzWdXt6zTbpt4fQ`wfe?CW-yx zks$bOxqc6JNV6+*Dkyudx@yxQ$_C{8qQ^lmyAH2^VeUnzXhB{MfP5VnCw*`C)g;7>*($NgE5BW z)O}0;QkEiJ3*O~^TJDNOgt;I(rVoLv(8{%LU2UqJ<+|Ni_KVK~xf<~31KH&Lxy*d95;PS@M!;sC6!S0V zYU=zw3%DKja3O&ok7Oeiimx6Uwo^DchpFNCy8N!^P_7z=e6y3stE>rniav|l3B5HM zzpyC}FE7blk5}J8+I{spUA7h3&O$L$&SoS-P-sOCTeBN8U&fBh$;&q2#?OkRceLZO z+q`$)U5*A%+|fuPQ919F7~!3^f9b!77xnxj?~h)M#iBPldKj6MBf0V9*cHT7{&7M1 zGk==8{G)loVOI5wJd5ERKqlo)FaMcktLF}4k@Uw!U$k10?$O|)$-1WqSESRxQACwnr)3cjI7>HO0@Ys;g29RmEGd z7jl?|5+#Tcf~4B$P; z7K>nD@;>lmK$kG0!U%7)mzOJTu$+XlAj1zf|XU0LcdXD?ZoL=J-+@dIsuxS zET4P)yi9!h@@=o7v5{TI*h3?>APf`T{D(fB(pW#Q1*VL_fO-KWdM>hR-snNQSXz=^ z5dJ33LL5mos~acmL99BDfRjdPR(8xlVa3*Xsc!>PdOh`02LP$DKq-#6WzEWX|(R9aIsAEs7d-4srvzhlt ztp?eaf4Hz%sMHLXy`9o%_a;xAsPl5|knuaYHe*Qs?(tqx$+dideqrow+9YN3>2%c( zwr#vR)+cnhGG(lKiRD;8=9|dle{cPI(Hx&vcQ?HqW>|f?z0zst`w!a^bdqY`>`jiD z9@b#o^sutsXZL#%VY%fP=dZ1Ev0H~p$hch^2kZyHNGLPpo5*446lLW(S);E{4_Wlr zFyQBpWQn9T+7zDw5$R|>5PUSZ(Q-V53wS{gA{;+aV zkM{D}VUt)#wnv|35EjewFG1J2>Zyu@XgT_Lq3H8-h2?4$rT&g5!u&k?#T^FtW2)a& zDVn6ggECZ(!;{(1PW}`uAMItXQP9{ z;o2T!Y#+ROcmv*#ULI4MeWt6z^VA*dh}?SlQ1~QAB%LOfTo7MfM@sJWdU!)ZCoI_* z#|+9>ejv^q_L^lp(YJ+@(bXwX@uFZ&W1z|wDNPihZC?QcJX>W71&S9Ms~l=skQDbd zRLcryTAZYs=`aCEy(O}8?k1|K$*Pfg9dn6w3Lv&ZBq#k{DtPzb9R}u zJdApydVe>}MT$HlLe`l`w{5H$&Zm!(`H$Y2#1}I{z9oY@1JV@O5{1c-FCHb0v~bS- z7E7@~LOjMl_GA-HQe_e`F0hU;H7RASBTr9A$!CRtKqelWxu+MeTHVU?p=vN~>-;QGf)Es5rsv05tViHf|qKI@p?$)i83Xrt^GrQH(ER+0zQ5qeGOY?7)$BKVkmI{(jKBIUQvgLV1bFl`R^m_ZT!THT z9>LR=MVi$IRmjvbZA=H#Q9y-#r_k{+r-D|!3I=V*qB_aQ0F+#v61O}pU8a0vmh1ND zy0ha7RKceHF!{{kl>@G%X``cm15!hE*Wb)}k6gKRY4X}%M`XSqM#cQ56Cm}sn_FA; zWAnz+1^QFferc9o8gSVfHG*s4*-kt}2HH|`I5LE$JJwmq^9^Vv8PGwpo^F?MFeZpD zBi|Gx%8~b-OGN+hy9PMMu*w!shwm7bpeJS{vBK!jIZfE3QaICNRq09Dz$nTAU+?eHnqe%^`~*~H_|yT<}h^|+wNk^W277=f0f0oVGFreSzIEo zS;T>>jm{-?L)guo0g|F@I?OT+7>8&ZH0V^v6vD3D=I`7rF;#fgC1(6ta2*W$f+ST| z*x|=WIpuMaI?EUdtS?GptD(CNnaOMCqE!yfHRiG;arCY&NSf`zXqlGhCz;&5bn1<+ zeB)?-bx!8cumMsvcygSES@d?4S?Mc~V}adP>CTZ%9FVWSX!JP`0ZVv}*kM@Vd~`*~ z+l1Xrt)%2Ab}SkakEEM^rgMB`F)B;i$bU1Ts1?(=WM|)_w=Grnf?G)aWqIt<`oKmx zbO694&`dgvlZWCB7(+IXf}JRlr&@U#Sw)q*C0n1`>UcKaKl%!JEMP`BrI1y~k@cH| zR0xw!P3MDeVun|Y9|PMy9H1aK-^+tcPyj0e=mmtf%<-T3qzL&bw?vN}o!}vr#T6 zkK)SZCoik@`&7jZ-QRr-?^=v_j~A54KIIy#v}DY!x~%plFX=)o;6;nTzXNT#GUxTA zpDUeQ>l&V8)~2F>nLM}O4s@GEJOOUeCeE|9?1L-J6T_t>hIurvRo~tVGahVA4{QH%d<_A8uH6HID6|IP#XZkIGQ+Lq)Hl1o~- zP?K6v99rD7P7KFhRViK&mr9Jk0$T1iF>a!6Jg+M3n0`;6Vxt4}d)+tdd{ei|EI+VN z_avb;AW73v8qw`lw=anDTiu;yx;YEMS;}QV5<f>i z)$(ZZ(4AUzQ0tuz1LvU-<&0I4NHvL6@&a}FXCvc`j{R2+EJ$36UCBA6CGC0=%>-66 zVY4*tyHcbX2)({K5*hr5|6cfXjJ2}4TDc3m9QlOq+-}jItaYht06e-l!g%RAHvzA} zeby!|z#w7}d^4DPufWm80kyhQD#&t0Y12Nt4$UcgHDRsGRVn>ySEtHNnm&-XcoZVP z8k9+Tt@S8V%woiWSH)Lu^Sg^Ei^<6ZfCOd9=|47YjBEQ{Q@ZeQ`fdPCp&D%MCr(OH zFZe&6Yies)zLfX@h}v;j#vOQ~IFV$+N`I%MB1tfsdXZ&Sq?%nyJ$TY88%%DoTo+U! z(paHY6d1ymF%wNCh@-Fx+sTT=M%D<$6^yIyNxq>kmktw_{@AM;flO=bdvV>qGH|)5 z{2`FeARyrn)B#PGmC}$ULJ*+e3!Go#`-+BhUb76ox!9@*YR_0RMbMH&e@yea)zpAw z1WJBE7D?C}k!eG3)IG>3)HswXagc^y!<=yO^XAJJzSDP&j@p@y!OudoxU~|vIEURW z3s^JZR7R^u-JiaBovI?-!G;65;gk4rZ*JAGAUSNuonq$$K*3EJ`KwYy4aSjuF*V#4 z`6pIWP_JHh!;&@iOoRLBpjSzCVuM0zVTSXt7|lx-jvsFx&hed-U{@SxY^t3W6)njE zF)Qns*~LMu#V0|vDlk$({L|kgr#Cipky|p%v;$STe9}y2aK%Tj48jblF&sM8LZy79 zM=ptIrIaKGiy;+e;*JwYf;i2-cdGjMF}G_!cd8b{94IZ?%a`IjPxKT~lI6qA})4= zs%#%qiCQ7KRc%-}@wcX%Vgb@)bsR93!n0h(igQ|}2TrP|U8}0PyT6<5* zSmGd7ihzU4^Zbqq#a$%gQcRFd+OjGw>J0^}#++A1WdBeWz&P%@3}r>K||#y z${%*g1ZlKbs6-5jYk!M8A_TuVguHJTrr+a1UNjmhXzBoCt3BkH!3WTKOp8N*yY<4T z=a=)@tW@WwH}Q&X+(TSf=%n(=Nz(NLQ#Pl6R9r;Z#W0LWX_gQNk*WPR>iJBdhZbc``qK5p zE%L-H>Kqx_0cict#bqFYGRo&yt_|Ok;6EW{Y`lGJaCNCu@e{bKjYmYOxx}}0#DWZS z6*KylX!kwGR}&uNdg;Y9aZX>m(F?i)CJ+gN0g);~^TUl%DYfDWYG)PxDf$_m!RsH> zm4WV{mq;UjI8!-$kV{^vigD*#B2-WTP!dh$evULL=S^W@lj0O%&Oea~4uKz}k= z4-<91HaQmBlB=851lYz91`5`iHW&{xhza{?xOxW1Ps^y6PyoAzsQ6psNd>Mn)hA{{nF@OQmm};Yk^%} zT$obsU`hO{Sy>P7uH8L?P|U?tG_ZJEz1Or@tVosACqReW5Vs)LslDc7q`Nl#V3?5L z7kll|2=^1KIut-eMikw8M#&Mmw561eCGh^=sq4!Jl`Ctp)1i{CUhvh~CHdy-+e5PO z5{S|x`iMnDsiZ(madn~)WI26XK&vz@F2?tq`b&lpg+R05Ff5(H$66J3=WKk8c|Id5 zT|cMIHnZiEJ$`f@fh>7)DsJlOi#BP`P4QQC6vR#v_jfj~BTB-6UN%LM-$W2=W8Fx>PvS1UncmGLyocX^ z|HNe;{jy<{kHl3rmt?e?Mt(QjgLe-zZN-z#-#sX%6STN3vDSCIm_XCGO@uTr`UC{d zq@V8+A!U``v^c=;SFo%3nPc42H~({5=Fc1jo2g=!`8sG?-6}f6KgP&WL!1 z*H1`rwS11cnU@VQkQ}?A&(Wg5LmL39eEBr(Dm=P6`CrwLUP)8k)Ica06`?iT=Tf~?Qj!Q6O#icpxJZT3rda^$+A!ViE3NZ)ea~Ko z@Ds_}__wA6Ok>Ps<|k~mUZPl7N9XSvSAry*(+CABOw-x@S~T-{u`$2zr)($N%uHE! z^<2j2sLq7*{d)H&{moomS9-kh8Hs-_y>z{KQbp+iAr0m zmn8O@^RDrDRGn-~rD%k*aPpBpE-J@i?x_|7Ak#$fW|loDh=~#aDtB+r`~WvS`b6y0 z8}AdM=#rdbC7_H*2b%viqOSL8;?A&c!2#7=tdVhUnI#Jtu_=5q3_3cBcDgw_3BVY9 z5xCMF_wGY+17$mQS%7u5 zJOCow{!#w`t~PLGH=mC|qA=(qG7PusN}rh^OE#m2q#-6wyhZkDjYvl*6Vrz_Kq}Dt zgCt7MR|I*Vrvmz94wi-RfYS}^DkZ0 z|Mh172VD67AO3%dKzC(<$<&J|a4Q_3cGQ4T%W}2sI8VWMuY%5EO?YJIlFk|Y89H!| z795SI(&!{1dnP2aL7Q(a*)h*|CY^cgWe=79_V2#EH6>5~$00G9psVs71j?4$eX5>j z%{>|ktD4ZfvhDBFq`7Ro!x$IT6T~&2+oGB#&*v4ujPI6%m-d&Fa*w^qZ>M=tKwbiW zA`z$!-}3T$EReTL2dc0C1$F!0O#>5u$wL9iD9&Eb)IjwV?LQl;)bBH$IcX}Kya?4- zSYm;L&_~y5kS99Uj44IU8lg#Q4C&^J=IXB!LVj;hl)*w=Pl8!){P?86MLw1)N#hObz=uTf8Qa%LHpsFYzu)my?&mHYY2kJrmsv%~4-9rH8n)CUbAfx2e9N@@YW5BghgSCae1@GW1S+Ql7aqqC+Pzq(c>~t_GK&y77GdHNE zK9p%21xEZ>7Fyv^wzMH*(JyamK?vqlSu77u`~FaCw?VHtR4teJc?`#jDHV10U~hay z{6nM0ix(m(09t33QM&1!=XkZT$-PSdnPULsG# zcZ91#t+`&Gc-5UKv-tCpf9W>`IXepEah^Wk&DqAI645(HU9jwU!Tx{GLVDhC$p!tx zmFm-wUFv+9vPHD$^xE?3rAR%?(-6yFV&d3#%@U#^VwDXBD5pQ$M5Z0Sn1C^=?%a$i zMez?^Ak}{&QVvDv+!M|N@poU6=tCCvgb`wt8J7cjCZt%L{_-9FEc$xPTO>ZdHKl1Y zVRs&vsC5i?EVfECV4Q|d`Jv)-96CRxG^2XD;w&IyLj!qXzyYR zP^_1#z-b}}kIMw&MDGX)x zJWAPO=^JCvC_SFDYB3;^-~O{=$NkvU(T!=BAc zZWlRPM&NbJEW{+MwVPX#(W}a;#d2r@%DsyRp^)A48*#Q7KjF^B1I~YF{ih>BY8&P0 z`9qh>{q86i;+@PxF0dDU!N5+x3qNsW1dz8vewFsTh})mpEMG=(RW^g3*1SX^ zlU^;eYn{OimG8Zdu2OQga*ROXS_&R~SA-f)a@R;O0S8CXbIn;<5JMTpcyy?9R!#3b z-Lp7lWRMshRwzKqL`l>~)P>pd4)cXVTT7bgrp+HUHWDM=BPB;>pTW9vF-NY7oP7pC z0wY#DDmjQr^Bq5*^vjuMoY25N66X;ZEEJG_=*c>zygWi4{9LQq}B*B>ct zOlEX`p3io@S&oADT9?Txt6xV%Dg+H$|CYHLpDtHvO6#=2P|8PB>@O;U{_TI7suadQ z{HUbG8W%V>Kf;(^>0yt}$XugAA{$#e}gg<#1F9gTUQu?_g zD?4gnk3LGHCMnyg{q%NXLJDz?`?n4Q+%5raTj=Lz86&^Vk?M=!L)?1W5|w;IXo;`v zF#I1rg{Ne7jU~0}eK7Xui&R@B_(;S6>>@Fru4rbj9NphF_MLa0R`G0vNYpxzj~yWZ zmbOE$tcYQ1Pl`>1N1tw-_~vtcqPTp-KCy><{1SV)Y$t2ZeBo6Fl4DIPT@AEbvExA4 zPg@X6QKZ0&a3Z4A9H(vwMBv}3O{=?qafw_(tS^5Mn4u;65mIy4jiMN#u_4-Y0Fu)~ zwzA@bz7YRz^C}K;r`Y@BZaGHK4ndFpM%QU;&1e-4A^gMjEnluXck|KQ_Q^D97*HX3 za<%Bp|NVx*+I2&xnnUj|9F@pnPTfbd#k)3mgz_Xmb2=wj5}omFf9?Rq$6nDNqe>|L zqD?758seu{8qmJ7>OssNUUE79y5f&2qoPi2<$PSUga4 zb)K*hBr#lstBTc5+NC?)QCHxb;W=K5B{^h1%dP8%z-MM5xmZQ2WTLIwE+zMPaNm}R zKLuEAM}%i{c&3mipv$HlszW99QK3QK>9>^!07#?TM!l9Z5$;@n3LmoQPShCr@G{7< zte}|PKiVybysjPhdCAr=`CpII&v zd878cS{*1-$A?%KuPn)A6k~7ENXVA>P32&QJgSH-(4fp(vMKdS55zbHV3$yA=qNbA z?yIkZ&WvB1yT4ZXW zMjdVgSM+lPKdWfaUStamt4b}ZgS2{4^KZPsSx!=gNl-qXF|uxaLhmKI-{G9H$bJJ8 zH$#~%<#^dj*Kpcvnl8{mS3X(UA1IQ@yOgko`gaDe#A{d=_4dF*jHW|DVhCA=n*3Y- zt;ON{Z*J350=gfvTq1@WI4-(4uXjW{r-G8CK^P$*=UmSDdp^DUWNwWS=k2~O6Yz!S zoA}^p1IH7T>`i-m98o0sV9i3!1<>E07>f_aKC1u(P5zDfI&QZqS~>EzKfM-h_xNY~ zv5~|tJ`biD@Wqz$`ZyMkpP%oj0g#BOodUf!xcTxJ5`xBdb>t6Tttgsn1u5K6mpq2n zPEK0c8*CP-___op&BHW@#fQ~z1#o8_AW)+;`i1O<{Tq=0!IT&RPi}gPkvcx;cNhtlT)Tt8<;w}cnc&gv$ty5;+{5d2!y<_b)4^mD? z_-$jLTKW^O=&Y;%rrjxjSfBv1&|r}fa>LB8pX*IGtJY$xAwe^~1qcvKXvD)gEY>Ma z=vcJP?sN%JK_hlk0>;KjfXI%UJpdqvDnZZpy~94XBK6BUuZ7F`@vA3lCR;DGw~UHs zs`cfs??--*DV*Np6%Anwo-Z2c+YVhjwe9#XU>ca80&S%216|#bKnDsZD}hyn*{auI zeKB2ByC^|2m<^}9q7**@GdphqN_()FkR4X(5!rHi0~)0aP|Nhnr4fn7^rPuDHXX|R z8v=Ra|Fdqe0Cn$qsV~_6(oP7LGQCkdPZBzaO#RR)r- zFm0Mh;OD9D9SGv8d`aNSlR)I?$1+u9rq?WcxH*MFa<8EE#{IyR%X!37N%CZL%f7nS zj?77>{BiQaHs6qNAO%WTs{1tfikFkwidS;Ti@RrVbn4XEL_89~`oa{|CD;m)Kfh>YD;qLA1rMby}({thDM z)*kx@fyQHvo2{vJas^|mPr(zrHj+Zh*=uFJcohsD(ypF-yLssFMt*43MT&J~2~+yF-^}1I;fuaEZ)T{2(EWVbJV3d0Do~yI>-*w! z>q2A9>FEm=SyKzcL7@RNY226Rk-!b{Pc31?;_}7}TY*XV{e`3l&COOwoHD`)LFCHI z!=Wm4&LWMdF{YbFY1|S$b|$OXN%>WBfdBy>B});pz^OKKGyk!Lx4$XIe8;3XHTeSG zX5;B;w`1iER4K|1$gUgQSoe$*#BEmjB$8$Fh052%(tO!FlRzCjq%Q0Jaj7a9#GN#M zD$MAjy*P7AOTEiWCGJ(i68`D)6t5_0Imjb+ z`!Ax`%)_sOS(`+=oaQt(oFos{=w5hY(?oT=2=230yogc4gK)^#O3D1tRb6h$oO$m? zYUBae#*`ntEj-b7A5eywzbaBKUgr^IC*mgz=pGZ13MSfd_-)C z*zn}tDE42Z1&soy*iKOU(>kd=)Bg&ypl)vogxlXE(UTAqvfi=QqU>Ib0HaFNyGaSK zd5-!=t;_#Kvq}ZXN(gx<<1-uY04N-97*_S}7w#5^I|BS`P#whfY}pc*x8uCi6pGhk zQFy;&50eOQ6`!X;{%uJqVG61wcoe;UGXiPd)>_%;@(@|j<2N$M+; zo?g9EE~-eDF4HUmfu`?YWpvSKO%e)?JgG_w53v>2#5ThPp1*%aBO_LNKT0x+cNMXE zcpNXSvtgn!x_;s-cQ6k=uO(Nqqdim~PF+g=loU=s}N!ons=R23`UXTJ@ED3@-aRCAnc z+Q-ywtrPPJn+eUf#N}bNq2||5go9gPNLG1Eemxu#rxx;sx_lM& zF%uUlVj*GZ*EWc=(oTf8TBtPcaQ2f|$>FhV>3J`3n3#&1OfoLv=C7^RQuW_*WTo1a z^vbXkEsrKz%&_NwWFBiL9wfh;j@K@`pWf>%gNuFPH%UU0xpL zl)RH?ieZzdv2(d^CU}Zq&*r}&HT+A=&l;M^sW3{o(A(z$@@8I2pd`?J{o><6TE!x` z=bGi!xQ{%bA`AY3MlWZ3z%3@AoDrLdR&e-;^**Q!r3TSseTF?nQ;h}F+;&4Px;lj! znNpOrf;Up0830MH)!9Gld$wO}50U5ADyc$4*AJs0aVC2eC=xJm@l40$rn^Vr@zue* ziW@p4T*&zCAVy-q{4iE#hYEK^xtz|f{6+v%ih}$LhHEA%Zsp{#V(;dKTiM%<32q$0l~|3|xvaXo zhpUw5ceiphTs3txua|+|9cBcr=grTM@`OQ&o;C%{qo^XIaTl6X zjvE&{Uol5s2hoI-874SPE2YUaW-KNXM*!6W5J|GI;rFOE^20u#*PP=`RL-SU_mOvN z?x>4%=F}eyn{5K%3kOIU_UOVm0)|kbV zU-SZRl;ohKg1^uX_hqF>i-UzLB-;lM6}gw}cDCdl@J7;h*kj>GhO}F9O{tTtJ9S4u zguAZ&tY7DU8L<+_S$E2i5vQgdE$ne)FHGPyHZ9Ab-LC9ML#sJ(-(ju1+<(_0X#$s> z5j40R3{0p$oHJ=pl)S25@xF+iz}wosTxeQ8%;>&olN(UeFzyPZ`8g^H zYg4$n;{00oMC)Ou54AS-m=(*BCF~1@d_W_?=g{p1DMy#lv&W08My@uBhO|u0Wd*{p zJl1bhVLLh!FKq4S%DxH977ZlGF2%7F8EU$ijO|55q z0ZCLnh~kcp<6fnL!kvwkS{9#pV?EOqe>%3NuFXF6UR_>jgM;<6q6C$84-;dz9Lo^T z>CE7zRNs!NOa+-PmWm*}(JAX*BqTaG;V0WZ5Om}KX=xZ1BXa_UvLQ7R= zhyA8Q=&(}Z)Bzyp#QURMM%vbzVYK%OnZ82G2|27tZlP}6gn?aa7O%D`P4-_;N`$g6 z;z#&zzDtqt_&)1jg&I|gcrM~^1gm94Fy>XAys`fY_R)o4#Hepy6ys`K*1gYQg)tv+ zYWp(=<3hNuC1a2IoyT#dZf@_F-l`mNeOp0RBWTfFd?3@iUljh(E8H!V5Tt{5glvQX zDo1x4du&)3K1THrySxw2{4+T#ELh&xmfEpX6;8~G!sl(o9f7NYX9^*gFE=dhEH?Y= z8H-Uv>U(r&{6hRI{qG2oV1WCyHyMR*mQMmr{f$C8+ro&92wlL!!hA#D_YcrJeWTWU zY_iNyf*QnIi`KH08+|DW`RuRW5h?muJ6LOZ-tFE{uwpkNVQ8^W#T9(8?}I_fNtx5q zzQ5Xe_!?WO@8a}uC<-yq_cR-QR`{#Xy{^~&i{%$Ca9%1X^St^qYibgqm_Z%Rnq`YgyjUfnG5ty2M_eUBAJR#dW@4?4XlaFv}we%k0w5@tD1ce*hU*(8@ zBZLLA+pX-Zj=n(UfsQRz<90IYf~jK$;NXZbj0RRbeqAEp3hX4!`8^I`>LTC0{^X7k zlji5i5H%v0`nzMv7Z*fN9dE!d?LX>=E&7n~i;Unu-t7J#;MD)*r8T@L41rbqn}!!P z55~Q>W%ei$i3JY-S3=TE_RY(CjGU7%>RPxbwgJQ-VWdWo)#Lp`<-{&}ZY{n}u@V<( zQ1{~A^vHPLqKJPQ<~o<-MoT2C@)Pp471EBpwM&hrKgEaaqMKyz_Z1DUhQ_p2ZltFV zt0QyUUT~`d9+L{Rk11~0^16)1=(!^Z!2?r$Etpkbp36@92JjFl`UTl$^IeIIj$UI@ z>)k95&ezq35(G<9@pV#P=KJN`nY~WC`WAk|6=DAAXMu=)o9D$CpX_*t0RtQd4T}0h z`>e*^0Si{uo&@~%z?#}4TYkr`!;MIMNY?hWi&~%kKE1W~yBlJ^1^A+-iu+@Pzo146 zdNaZZNn;$FC(5>k0B31A;SH(v^=$yfFv#*iy>94{_&`voMUkO&|8*kc(R+8Z@Z8Ly=q5eH z%Bz^7p}v8#w3^>6zLes5+{xJb_-2k$AWkuE>MW^D}H8 zIf7;iX?x)>qarJ2wQfHZ`R>`|-IoKU&0Z^uZN)$GuYA8b!n%W)CHN|7pL9yN^H9*& zS*sg$HV*8nD|GwilCR|x_A|!Z)3^1kOH!^UQZYJWuQE_+ov3nA8u4G)p#9d{@t|Ow zoGETwYd^s6qD;FX`6sgu$=dHvJVk%=HRGq%&Z6^*gEU!)hDMWKx&f*}#X+YRAvWT1pLg@fbnH2*-!>>fu&FfZK+ZLQ}>&@6E!o z;JJ~Qu8+7p+Vsg2ro4StO^MXa!uZoPHN~|`KLzxTXbRsKtNpAV++cj@dWhuWuvMk`86h zk0}jhQHe!m7qW2ivG?UYAw5_WchOK#HCf_yuG5tQD+H70>dhagV;2P^IS*K{gi6nW9 zPy}BqxKdn}PS`JNN6_6`YHEhO6`5Cxm3yH=uP=hLzu0npEnhJv=UdAivn#RoGPp`C zA2SfKgzT-f@Dy$YC@$uUFYvK)-Y{omZ@P4LW7{(qt%_yO@A9K>gfJ46F$<1|J=b11 z>M^{t`lC=$!Fy#V0v4tvP^8JNx`O41e^kXOTTz;#A$c}RJJ!jbnlUra) zkm9%B_BWUNc@&q(?v-K8($8s<5Q{UaPczIbsrhQltfTK@ss#2W)0wH!@o=~88)v{v zb8Y``a+N&n0q5us(^h`3nWeG1V;@8>cH8DXjh>rx51Vg(?q>|&k4aLYA&gaS2;xZY zMh{kdQe+Pg1rTh1xGp*MGQsFzHwTCB%I+hd>{AOp zlW|ZR9o2}1Sdv2Bw)KW037tth`>q2)n}qpw)bMW2>eg<&e=VO*p9JcQX_o5Ddl&w_ zOVNq0(PqUu&2{u{90{_DKR0UZc7?E&cn`st$TRd$Muio+1TOW=slr6iTo4rk=3sXh z=zDw3L{m?t{^5PT9{s1+)A`aOs_c`89kD?!N&oyj`GXPv?Y`iN8A)v}q-~$${M4AWP=tvnS zT$heho)S#t|2{_+$$DxZbs?kdQ`X-`AO-p-BaB?bgFhtk`Bvp48UL{m1Tl(a|E?;i z?%C_HaeUKcK>FhI_2=#<4kA=h`$@v9)f!;@p1pU&HrvM-Xg#tjOhNj22qzWVEh;>$ z0N(18R0gq;1Q7CsEatCW^li>Lc$xXUT%8%;T1-@U3(yVZXhU;L;FvpeArpDDx3Z){hmX%UaMZpA znDVV8y(lLXv7`#A;dLCoRA!j*L)$W^$>aHvoB^ksXJa7on`#*Q&)0#6-1(NrnxOWA$d+G)?N ztprc3=3xq9=~pFglWSId4Y>RrD|DH~m7j%Yq>W~(C>CBPSMejbVZE$2*+RDq-!nxT zT~PR2-3Kc-bOjTK)5@=u;(7)GiMuy5F@oW0p1fl!Gx6`4s^dv*i{HDCpQHAWOb`Wg zuK=3n`2IH`KkjHqM{z+|h9RJSuKkdzaI`Sr zB7&OqG1Av=GY{7Xt)p)S$X|3xR><{vpkGKz5Pr_xqe9jSi$)>m%G1jdCvUw~V&u)c znA*r)ft029Bp0E|hXROOw`7&~spU{#05NH!kN}V?U>eCgr1J$PZPOfkQGX(T=hAzJ z#*>#P%6$47W7^V{w2eLwyodVa*kSj)g4$8ru(>$M^)%Hbx?(#yk*g+JgTI304&D$g zCp5N3_ z&Sc0vXw}6nhSbp3m27oqUG{I36rIpd4xi$sT$1 zy6=$00dJ`95c4oX-GwHr5w(l}$tw3{zLm9=S!^++O$F zusJN*T7X}ywgH{JJk>lcrP@Sow-xQ45&;2z{A{hZ(W+xMeo0KA?KpAVubx#E4=if$ zA}wu_iF&5XX^Ci4UTGD2-#@lJIel*HUjHm9Jx^@GnPCGKJN0=wCh6f_YK%wt-2>n? zwof8r#?nZt={2%W8krz%>0!T-q-8dAIUIylw3CVf)E9KEzdz*qg_CyqWC6Rf%u!-x zEdgp8e!o30WR+xZ2*?TSlp6lYrn!VGm4zFZjOR{;v|6GObOJz|8{1A{&NA8i_PKDE~Ktrw6`(ds_an1C~Ba<^q}9OUY5 zRG+B(L(Fo{5fM6RBbST7!l7=!zjs5D%@DruhhS#5K3wBV_c1lg7}flTx)s}$uVxxx-Xouo{}UmB)`aNr*%+nUtq zs`!RwEKVW5nU*KG%=Rjwoj=^J2Q)d;BIpx-2rZK(={R@Ea`rU#9Il~1HFh!RqM>Ym zJG5r{bKYD$lBXCKvv&W7ICL!yI*0x1;HXWZmR@94rb=%K9!&18ol-7kJ5@U^!}^5) z{lh3Gj@55yxyz?b-ugeA2R>U8;0-0y%ADO1L|G3lc%1IC?vMF-*0#M>pQ&}^S-AUP ziV&OkM-r2(ty`usGZ^urj0RW7D=WhxyUvMwu}A4H(!VbgsWE$R=m&>f zbH9mAdpbp=2%gw6Y=>-WJ2Ba~1*B1jkOi8S8PR%tqW#JBX3u=1;&oW;1o12Xr~{xG z`s*vwvhbXr=672*?rMX}b~b79zE5Glw{o#)$-2A62b-H;hUvk!$43g=b8J`}x{9B6 zDGi05j~EaZ*0$&Ztk>kPZMc;Y2B}c|T!e4r{el?oVUDNml+2hM0JSCqkA`I>+*m1U zpeS_?GF@GC_a72&1Uf*SDFloXTE&pj(6ZP|nYfgh`DwDal8HGPVW$x$&B7@)&35oJV7 zqg3FrRgo%>v}m}|=#Ne0lp@`Vwh`1bcjjgU;Pi@*oIu6;VZW1!A)gx~e~}fj!P|^N zb*3`YjM@GmKI6mxYfT1#FF#C1vpd0ODMf<MjL8`(E$(kb_xC!&Z& z9`AEC7Hjbj&t(gyMBD5n`Y&%>2T??$@^HhtVhd0%wnp;=460DMPnAD47bQ5+!Xqf% zMh;H$CQci5Fs81QX0?{&W^(fi`H3u>gkfB@p^9DyGO}RBtRtapziwzqV#?&Me@#fx zaSOpP_pA7X8|E|IQoW2!nfx71Yq#qbd(b_&_ooDWbBW!~Y_Gk{LqS2Wyw>FfhLeZE z;SX01izy_*Qm{SB(Ra<;?eDok%cf;~KjUPx`H&q6^^YdnXu!ftNqwcKwzS_#JU(4G z?s8$g;qOJtt6@x_L+wEjkCy?!P>=8v@bgzmWsgp2@$$v8V$=8IUpUiSs_DnzfZx)* z8C=EJLq(ajOaW!|N|=%4VNveo<&F}#NM3J85~Xb5}|wfYPRSU;muctPeL9-s11^H?F2r_h6!Gh(+JHq!ec^(jsBc32fvyn^DRG&YZolO5XE8Du)2jE*sn`Y6xgR$m_z{1}tkdQa3{p@h141ClRXb5(s| z&U;;hgT-0|C_#{j_d(4dtbwU6Mj2Ov4zYeYQyN!hOunr0p+!?bip2^M^17tO8Yynr zU;A?}R3?U8^M@d6pd0IiqGpvO0@+Jl33Oy`6 z#XiZ1G&*I8g zk&i2s0dsGE_>EjO(ay7U5ewF{t7X9zV{IL-#e#G+08c6n%p48LU~{IABA>X~V&OR- zpW}w;?R8=4BQbhe_-8QtU%hkl`42x)*i8rU(l{CbRu-mNfn@y!7)}L3MI#b@opqBe z;Dnl@o~vMExYT}ukc$>u>71ElH8&CMXvg$X*A6*>&I@)haos4$p4Hej#q;%aNp|2?2F%C;@e1&p zXbh|Rq~4G?XXud5-gN8?l`>rjkZlMt4_{(59o?ENJ{m4yDSwNoIQvv zO`9cOq?-+5U%xsek%ZwmVfcDkVgGl?I~?!8(iFptpl60Q4evrm zIkfx`i!%)N9KPhj!etP+?wPF0vkBrwfe)_4s4Mk;u+^9e%j6+ZW6Zv)g7LONh+nvh zz=(A20;QXEnsrhhmZj5Alh7|vGj(r2cJ6N*I*`TDjIVMxU}kjBeuF!}_Ut-{X^=S6 zCO?N)l8<%hlPNAlkv7V93mwz{QPNypSC7&n`GlQoi;kuUj(JKcjUQflD@t7jWBK?;m!i*;7~7ix810yb|L7wX zD?eaiRk{vRJ*+AQ8?p~@!SNja@^te7~2~DAg1!|!9Bu)BdC4ARV^-6(` zUNK~Oepncf|6yysXCXZ7UHHu;JhGX5^>qZy06}!ekpNMSUBxR5#CbU zW!>rAW5mD6tR$g@5|r2qKrE+(C3lbNGhATRFm`kh;O_A?sI@sSFKOBdYf>Yn-tfM-D#&~PfGd0wt+o^y z$f8&miT|yL%Xjdlo(EgU%{<{R=*&(mAvPJmC}$~s0#xx@p>j&hcOZAPcLol}lpx zL%}qijVXbvD&kR)?J15kC_f=~2;Tb$)v716Dn&kGLB~+^DAm%39+;Zc&3m_W%ymP~ zd?_X1e4pUpq3TYp=R@O8(MFdi+5G@a(z8MGQyHd->~MI#Y^t7GGz2WL^59U<@`78r zz#m*vpf{OoR8%e694k}#3|)IEN0bfCZ=gNW5!~8k&#L6wYVE)!U#f7KQ6txc{}1Da zrU{psu z(+LCmfJYJzV$~xW?+KO;41CS|G-ca!cmoYKY$`sHLN+y>>T0u4$qCGq)nvcVwt=s7 zPto7^V$OeUB;|_HysKi?!o8DeleGCStXFR3JO%OI&re+SyjqiQzpgwvP?5Iym7n*1 zePHcM$&uY*<=DZljiN?U3NpLXc%#5I34#d{?<2P=C8mA|#=erONiwcH5c!ZM1MOVh za!b6<*;{KbA+*{2ZzKC;piEZCP2^zq)nb}BQFHLgdJI?IG|#=;K->ZFajGQ9lZIHG zaA2`z=?EjHM|?oa@u#V?aK)ovicK$1mB_6cFG^0oHg||vdrkb-LHckI11A;VBDGq0 z`jhn+UIbP+vx7W-Nsc>lV=m4Y?c_fvfK{c`=`Wc?Dz`~5P+a%K6x zq*Mp(U`sVOoP7yTDz5EPfq=DvrYB-A8^hUj9EiLq8Z2zJGUAVpPsBZ1|Bel77uN%3 z?IWCrL4&)E5AOHol^MJ*Ye?v{y6@6pnzn*oCV_~HA_H(}7~EV;IPQ+tXY82OtMEMR zFksj{I?rBEbV7nw1RspOa{&4*+H>yAI~YAXBzn2WH&mx(&qZ(p`xmq#c$2m<7R3YV z!MNuK1ta|h!RUyN;)V_KU%>nw7vtdF$-|)V?gMmtxu87;z~D+T31zaC7TYa|M!Uhi z-OhDojzi(J-~ilzh$%k^fWkC}m9jy0?}uOqGRJlaA_N2Bu>PKZmyHxN?2jNmX^9R? z1>RFaOcG7srNQA!;hY<5YBYET2a;uh93YJP&MXa+i`^e_2i_UkIc!g+9M;)Ocp1C_ zY^&5+L(g4%owk?uceqG@iuQPb?ULp`&(JxasBgmW{5zw>Jjk%Wm5I;9ZIRvQ^*U9d z*{{8oQ}jtgqU=45y*)dU*@zEM)BT^DndgQP7?f@QbJN}PuBps)%i|&sf2g|KjxZg^W%y)xVMMbMqOKRn}hBT_gylj){}Y9 z(|=dPh7gU(T}^DNTGe+I`N~|5*VsKq?curojXj51G(1w~3(5qIW`3jfuAAw8F`+R) z*XgNA(0N!)wL||nWa(aCbnuahZuZ-+p9;H(;_8@7pyc!G5no;@?hgY?fV^Ks|0gNF zR*m{;^fu#F?xN)U4zCuthbRFBR-P*v+$v%!+qw2T^;``DfgF0PjZF{VUMo#QWI88rv1OXW^d4*=w4^|TDkV9!E)k{aq zKijMU(5X{;ew7_K3|bUPw>Py9G;3vi+^_&SJSl#X?c&3%4iHb7S)JxVBR=tm-oDPj ztnwe#6^XteYScHfEH0FUj)?|_RvY=h1GdY40AG;3jYl^aly3MmRxAcdeE?CrOF10S zzyVA3lRjYNZVeYH-2yL~%nsmW^Yshf0T60#2CN7|+MQGLOH^gtfH8he0Xl*lS!X*uMbko~>uz;GtXeJ!EPb+7ilW0R`wOf-Kd~7I zWWChrM`%0iKV^@`%@5G$W>P&YzA^3iQIw2jPg*=N)ZW|>Yx4McbZa*eQ;zt*RxGH7 zi)(dGD^?SXXMDNZpjQjUAd+-+uNz_8&tT#TwHeN4JWaB0>*^ zxF~miD^2P`hUlQ7+qO0HNZPnzm#H^l_~XDC=Rh;l49ASaF3X)Cqgf_02 z_}c{UGW7b}m%!|+I?p}bzA2)8Awkq0l#x>8=p)~VvP#S1|-QDh= z<~guV7lbvR8c3aGIp^-tAqInWNOzRLYcx zzseYF?Q1nC_W`Wgk}MDpOSLaco10;*=>?#cC3nd8&q13Oijh-PvK4SV4xf(AY!;H( z)ks#Joan>QRQ~3j3Fw_Y(p~mvOMuv^CZwdrt4Z|KDn?x!W|&uAM9Cc(aZ^UEGIn>r z93LMIs1N@l``m-mhi)izTm}#{akM-4Nzdi$EIO#432R-)TSB(7d~hm3(fiIOC0p^v zhGePta(2o02@js1gbmdvUH!P5q+7*l_I;(mb4CNZymmFPewmnD{Tq7>0ctscxnG_; z5y{_O-F(;Yo23JO{=(4;rZ+BdV}5%*D1T};$g?m%O5tc%xz-A8D_0p4Ol8f+5(u~2 za5ymr3@XjMS)`_&j z#L;_LY=ReG-O*la=f>LHZc2 zuKUf*z>i?qcQYUC)3e^MiQapXJCgm@;Pj0eDz~l|gnZ|Z9rX@)27K>IvRdQY+ zoi5~=!vi{4E`&F4%u)iy0;!YEk_d>1npssYSTlp2E%N&fvb7rF!qM=f`QWctxJU;2gSjaG12A^12Q1_k-SUxp#hWDsg zwXEqLsINJx6oLM3!T06YIxDimX^)!rj_ggSkM#8S`4|r@(F0>joZqxBd*fm}b+s^r zFENbzO-ruWL$bG-i=fgfL5k(ie-%ut)huki8b^hR@uWoV$z$)Q+gIY9g}kXTI%+ZZ zeIk7luseKkFbgeYS(K7y+YPUaCqXu~{CGSi47xa0t}HI4|XYg(g?PDt|6yx*9Z`Xa4yUI=G=|4Cr^s^K*3 zb$x5N$sYwNa}(V>r19JnX;Y3sD)iCF9tpDq_k>I-L_rlU#?k!vRME#mEa2+{k{vkm&B$FQ>D^jHK zh|*nQQPX5#YY3g5Moz^II}9NXne+*ZO21CCJV+H5|Mm^AY~4#L9&8P)AGhHhBQz6j zmSML1djygcIfg!JCim+!H)|tz4OgHYK0i744#T|ZFFIeJ(@uaI$-QdefH6;r4w_>D zh@^r|il1hrn11%<67EQJloY~tUGlOwqPko#BYT(trl1i%T62tN_XWqG=cUN>uO6P; z4&~~|b(bI;FIHzwjb_G~qoK{}lQ}-}eONQL{$)+fv3=vcTE70NvRpcd%hWxepR&H0 zVK>PHiGkKsqH@tHf@nhCgv%kq24T@*RSDituP02?WXmTkOwJ|=ro)=;-+ZpN#=qU` zGS8CA9N7JRy#YG?p(f~wUr^mac5ie zqW&Ks!%tCea3bAzuSaRCMLPZQtB>dsx~GECYW(;p7JWb-rpagoy^Y}g;5B4RF=j+t z3}$>F1(!K~r@hl|`$wUyI|EQBN&}8{Kg!o{WTfM0grXmk3=D;cr$j7ldE}m$Keh9v zrs_PZl@!(#TE24c9ywj#>&qObw;axvYSy$isZN(39tsdw=)NY%*OY3ZW|Z<*anf}} zG8z0?`t(@p9;cc!#xqSt(N|-0rJg71kyEtOb5uj%7r(!TsE9;mFuC;eawd&P&!c6E zUuaaTh{6A%vgQ6-LZjC8b3+EFiP8tnP!*KU=xk7|Y?_}p1%rns6hf(f?@K^)GmXPl z)^8%z4eQP2{bh-e_#$3$6^cZ~x+%x~_k^lcQ0R3O-!-a3Q3#dR;eG2~mj`KZ zZcm=>cKY3-Qidsx%j|re%8-WgZ+wNi;oK`E^@39(nMOLDgu0r`h)(QHY>IWtQIR3#Fm&a6HG2nzP7gB04d zLk~z^k=Flr$3i9FO>@>NIV&B@$8UO~(7qPQYWp5Aj)%C?@e>r}{#z{{^m3oK`y6oJ z-hXfOWx(P{_P+PR?e(xjY8j%2yfwi2P-Y0hnJUO$nrN%KNkJ@<%fq;{#px-!JS|9T zwj=Q2&U^578GQ8fB#zIE%wcz&uMsX-b*y)po8GT^$dSE98j+QpCcvPP8xHNgG*Wm^c~N73JpT*o_z z)fPxOs#MpuKMsb=@oMw(%H@L;i()-b{k?Ezna+j_K$U}&Y_yPz_E?g_%?JZWQ@k8d z<>g517pcr3HqPcb-ekjF^tW@iR02ZdJjFIQE)0AV-;)R^dx)&iMRv=w9)(1P;quWYM3A=NGFk)a zAj+#B2RQ#&w)uISKEyn6>!-&cb+>Fuw)Shxx|V5{=j-Zed2Lyx(&Kv0jtDpll(UY7 z6>l`&dc$2nm}5wkP(|6MQ=!hkMXy$=by;_P z^|Tfc_S1aH0N*TQ*`v%Zu+Wu8u*FS!grO5ls>MS{uIw=3R)Blqr*MJ5Im1f7olH9i z5XwHDeQ}ohbmo9r!HsHniBnOvNJRDds6XCffGf-v?V3xOlK_1(>W{HZcb6G_{lv{% zuYWH3iEDwXro5@{|3K}mx@Cj z9o_rZ&ycS=9On!_P|HOllmXXauFRPfbWOL*kMf)vSh&-&MIo`XM%jm&3*YH0!fX_0 zM_S$8*&?Knmb;HO32gh>c(u^y&o=5XvZvqTfej^M2S`-_2Ng>g08mi;*ow&q0YA z#|*B_#gcMvws9IVa_>;&9}ZPxx8-lS4kA8&`= zG|nZi@TM%Pd<*u*6#_$8NgmFq`kPNA!Z!{)M}CCLfXiS@wbfcmWY>dT(N3F%%1 z5*3fo!~W*wsO|C{m!nJm1xuk3o3w5%$?JLKZIe>#p^@5i?X;k9LS5Lefgtx&^p!Sj zq?|tm$i%Dq(&-9-r1xzYc`)Bt7JEG{tN>iL-c7uSPjb%Dr=&p`qs}g5oOGKDkA7#m zj#14?!t?A{(JBBj1qwR!+6xl$xcEBZX%DH9-;J1hMRBQZE{Aa`kBWfK57MUjzgWOY zNjdtJzo;j#nzL3iQ#n)FJ}!a)^VlOY@*1b+jcI~}E6sODV$b7A=r0{DHnjWF*W&ic zQFuCDx4bl5f?iLBL}*U5kb}23I1Lr~fJ}wF<~P{gm6fp%P__Uwd-u zUcR+@YWrcGE(jK^8bPi-PQ&?9sQFrbFISlKa^!_VllN|!1lp$k6b~NFb}ydwq9Z|d4H)zs-=W3N=zKML3=5+ISf@tn)2&r{t+8evE%m2< zvPW@`m5W%Y8DXm>C(e4f#jPJLoW~EZIZiqi^{$@Rr*Y~8^4l72BuReMJxJb)<{c2| ziYn|;8PWAHd0%^Usjb+zdT;o+pWi*Y5&NlBi%6ND)-^HLp)s}0ITfB;6ddNW`%`w+z zVY?%tM)uCJp>F4litqKK-f9^amkJ3pzYm}_%M!IZRmGaIaOJ62SkmI)X_LUT-wBB- zUjM0EG7q{iTha)BcW^#WqCo;C$OdgBmA02WW_R8w(n4f_vBknH;rJW6FNY*;fC}N2 zE(ISM`;14>2ejW)AR-GCB{u08H9Xne0*~H$(SCrejK58mk2^k0Day*Yyrg|28bVzH zB~EP}s1U&97xg66q5lqMj*&5%gKwSWEmJqsqC+DZc*$)mA>x(jzB8yD7KWK7p{@RY zoaUNrce=EZclxC!>(=iMmlxT7+WqmZCLAl zLR+(+E{Rtxug}RR{c;$Xq5hQB)YXRl$2xC8Um%wrq5(nsuXsrC z|M~n4_kT6gIjsN~9r;B_gOl*cI3Q&2;k#TjyKlKl_03*4BcmS7=fz1DlY5(<+Lm6T z{ZC+ofnQishu!c)1=JwG&%KPk`2Z=%AaaZR@m&9DIE&C>iCi5s`M;cKanE#+Z#n}% zRRN_wwOSX<;Xn0&ELdTi5BDcL?fD#7G?IKaefUUkS-%gKevvvwuOq(DE;~n8gC70a z3SQ*qOcUPE31A9LC~9s@_scI*`}eC_CVogJ$Ken>zTHlj4h2Bgn;Omn4sEzj)OYB= z^z6AJ;eCEHL595Wew)F|MG_(%SS$Vmf^y)X+Wsy8^^d? zgvzs(i_h5k1krVpUbKKo4dV^wZThkS1Hr%EhoV1)#@U`A=89HguFV^jO;>l^3;OfvfyJg`7#!F%SpzD?&-t#pMk{IyNkQR zF(+s8Y7r+Z{nzbl-2+iq;kFa_qxb!6!!GofaRFd^UOZD zR`eHnF~}EMy1u~x-__7dUL`~bD|A#Cds)WU0HdmnFNePjzEdJS3OmA=viw%;3E61x zUjGqRSM~z2JNV;Kg+%q(wTWD<^{>!qaXCl8^XJmU;j$`v$O%4E;;N(Bg#(WqVLKOg3dF$=nEx4V`l{HDzZ3QoUA8tLV0tX3wY-K|2#N`kD1Wkr zAQIKp$|`XX#*sB0PuEaF&qiwCS;yO|ec|G#@W0jt&1DEHpmk5k88q?@U=-7FI@SNQ+VGY?3%7Rla$YO$K6x%_}_aPUG}11RL@>VEr2!+9o%zvL4r>4&DKHrA8$p z#%OtkLqf%|F7DDogb;)!()CHoHm!kVK{1$woh= z*#E})Pq9nMy;J}PEFfqRVK;5bRn$28J#m;K^J)!2G3d$aM>7)EfM$J7Tx)Qw1kIDh z(=DjD?Fd%~n$PGt_k5LAViMl3S97_6KLlXP%4)1c5R7~!4!g&B6Ve}OB93IjqxC@N znQ}ztC-K7$!W8<|MfqP+9k@;ls*Sq(VmY-@=>MM@OzhDr1R2kbk}>@$Rsamb2K}2K znNhI@0tVwakW4iGfZo2tK21l*j-`&qXGJe?d@bPtYc6@pG%J^4h=i=#MeEe<3?yjffOhU z1qwxiI}|TL3c-Rq6bTfU;#wqFfffj^!QI`96bJ>1yBBwNcsb|%@BQ$``*z2B??W=LJgA6TBz?=IKMul-0yAa^0i=H|QQ0N2}x zdGG0m%d?YJ0;)M5(TX<`_5vPj?$@wB1zio0`ZbJhIA7=Ta+$v>?o)%>i?BiMwT3~) z=S;~<%KQB`!^lFjh{jx#si4@;s%fH84VWpaP;59?38QsdDx9J}-S&L5XlQVP81?$j zCh0>3+S16_vZJMtZ=N>K(fe^KXIyt1MGiLJ!?@{sBK0rWQPPNzH2a*cDQtcg6Khry(+ZC?A-DZuqtvT zCFRaq$l(d|1i-*N!QDA~;PF>9UFdCz1hC|Mi?7SX;*b z@5tHV$7}OgEddloK^saf3N+r5aihEgi=AWpt-vNZ`GdRU8>-|srp5v$S=BEZz)Mfd zu5O>BmFLA7e-sjvlQgzM=878Ct~BCn`1urowwVQANlWm^Z1VXgse^-afMIp|Xa@ub z2W*^+hYSl3%s-@-Ax_Xo7G+(0SYoLz1SS!mLz4wM$XWz(qCA<{6Lm(R4qroC`0kbV zPXFkCKO8ZsD(i-HH>lAq($1=J-10U$z@*%X5gMWwUBblowB)R5U%H-9sICQ)|JIu` zSI#rk8gP^5CP!vyepvXL_;uK+(%M3a@hH1EYK^qOYNYp}`o&N(z9%$TjBG#f;Wx~# z!XwImj)52`!Q*duPuRjUZ0qAP@?Hw|>Hg(D)$WZ=l(W=nqShk^gDRr z2Y88Ev5YnQ8% zRoUmr`dUD&zN=l9N8@a2-1L?##%E(j;3BYh@`j6&kt}E|p~j5{qzq!1lwh8`RZZ#| zw}_AIFRd#os`81P%AS~=)j}q?m#n(lR(7Wx;d zGh8BTfsoAVA7aVcSu)7LlT<#mA5!6yTh1obN+RYr1HPRC!?i~4^psx4rbEA6a-;8H z*)cXyE13{l3xTt3RtbV{URKw8Y?zjA37|`Ln{k@b{-BwZo7Eub!Miszx^PWTuuL zi{-cvmTGM= zN~0EIxjq2s^kxo8(^LRC`o0zW5tV#6?$`+csoUWy@b+wM7s}#-=&hb!@0Fu?l78z% zV*|0pb35=iU|6E2r(X_~iTve+h*tq+OD2n_GCkLbVH>}Ch!>IFwsNisp#TXZu&R1M zm!9CW>w}vAd;Ktm=urn?r`UBri7s&ph@MAf(bo{0PS1i=}CrhPa+-_H-yL zIl|k-lpT%gow>^v{;dMftdV!vjM`Aw>G#j_v~Z*-EY-Js%~*ruz2q1m+-PDNVcHmc zSpq!$e2{J=X_Wyq?qqg6s+5`TbhdpC6B>C5HzpfbW9@K~fOAbiXNNkd0-g~4DnVl3 zu2Yb$t<~5s%+Sh1ilN1#S@HngDXK=|bKn}C29+1D(VmiWt-jlgxGEN%&rT?aJKB9B=Hh;ddzLnk3frb2nVzHR>GM%dbD;1hnD&eo!Ho)hx+3 z&suX)RANF$by)!e_BkSO?$ypR)y+TgV3gUX!tc0I<+9-kNqhk{?-OUIhs*+Ruie|TV(jtx6$ z5@{27WbEWWKC2_y`s7Z=n%gWmfl6eP{%-NxHg1~7#-DPIh*sV9dyi{)ag_Xo8VRG9 z2-~%bN>v_Snb(8el*Fn*qDA9dg@xc~>+x(toUG<*p3h1GdP~^Nr?vB31WqytO;3ff z7%WDhO*MWEUj?iB4rT2ZjX|4KKLP%mnP8%p6T3OLe)aP@ldf6jpG?5`hB_`TDP%Qi z&to;@?@cS(e&KlV@a%KA;}}*M6T;e`Z&kL@upcd=uuJ>&y?gs27X+NgNXmeQJD+oO zXtT-F78k8MM5ur)Pw=OLjR&LSl-^aNPC$s$Cj-3T2C(cTn|7IKoKO2sPwPt~kk1Bh z@ijArxOI?-HYqbga-vXG1U=)lfEcfv(;LHo#j~z@7EIa#jElfipMo4>C`}r~(?&Q^ z#9_9vI>sIv|q`IQh zm(&s@@N`?gWW2F3vax1?b49%&)}r7+zz8pA$S&9l6j}}{3S9NHu!Q}9&{EvS=u1>2 z{N{9&c5HuzYNVpCTzN4GZQj9m!|OH`vI5;H)&60ZE!U#Q)dUs1`8i*V%zz#vN|6a) z@z0IBbmoJjn?>1@W1HI6^rnNOXLwCsSFGiwD1*XscWh<%B!;&s_a)ptiBSj>lNMg@ zJKV%BQH1rTzjpaw@aSL6NT{PY`&%I7^9|fO-Lx6SvBUJFG%Twbu^#bP_n9>Geq~5O zW4uyb@sr=>3K$;kp3xu;+8j^RvFc{mC%5bcRyx_9HF`5S8Wd!0ann}v#ifT`AhYp9 z0nZ-xVF=v%SL1SfF5Ejr`YilbSpQVu-&y5S9kuToSMQZ6L4aioCmH`!eGRNB8f5fj z+vT@s+0B4j9o*N)M**V@u;G{<^vuG7Tf^6p4P*wcagLWsD}yLhd2Zz`XaEE8>^eZ;TDs)Brko(>T8 zec#nK;3}xoMCOx6lu)#;9E=npg4wqi{yKww=iW-(Z^TNb=+ZVo58rD!yvp}1WnD8L z(2f&d3((-1nGzYMrxR;WF8!R-HV7TT=^U zbU?`PFq_K<6bLxLP#0mDNdozsuk~T8KkZf))+WWj`iR}TpS0Zv1JLp61ZyXwlkSrK zj521%xZl*!-2EAWwpgCrRe8u<#0azh%vx=091XS@J<&6=2mf_XIxbZI!(fPOnR+cq zm3s{G^_Z)zWrgBHF8f3XAL0USlm<4RoRozi9rl=^@F;fPv1G#O@d5Z9jG42gK94FO zR?d=g-*U$ga6yV5`6Y_y-bDluLsorya&<9VZWPr#q|e{};^(EPQ(aibQpEbk@&-^5 zStnvyWjduaqJDmWs(-x(fTen5TuJwyZi5V)CY?3=@`KXGW+#8eL?`2)?kQH*WKAZx zP{ibR_BIw3#Cy)f?2bH3>9h94<&9wRGt7KVC6lwkA#eE-^!-@NtmH*=TiN_+8_`R z^c1f0bFEtz7*J8?B7xlfD&_oSityxBpLGVXJz6XEr|ts2$@oinB@_yRVgqu%+gtUC zD)0bcb}R+t?U4!nGC@uEkMSQhuy1{jdngV1M{a%erReehY`3mcT@^Hx-r5~I<8p)Sm|J7q#_&sT2TN;nmz~t;T5jG)4N(ji+^S$z*aOM z>o469BCYeepWXNMZRmLGmxS^$!#j`%!06h(>#x7Gn})j>mQ&mn?Ar{A+9oBZx#jwA ztrM&685FdYw&p9%DzT5u4UqdpYLml81#d+QioXwvYvdu!&6T~g9_#vw`t(lLC6^js zEHu_+4Z6Gg=*Q9hs&35~Gxi*+K8*7q>PskYRa4&SCK=B!&`@h?=qj%yhQ#(Rd(l#0 zR>bfk;_Jk`4hQGshZox#9*zQBMSVm!!g_3pQR#ZOdu_KDZTIF6`)Frm$oF!{(*$v3 zePTyChDIJ%KD495`s!}#wKDU#KVYBb?A4ED7Lb^NyA#r^x7qmwI}JWV5W@e<>OLKAcb?9B-Ulsq7VPu!p!@O$PYPWbG~@a!b8*$?q;KbTCootmnf$Vk=O)MYoMi{c zkH=W;eJsn6fuXLjUZEinqAvq#Ci?@!DfE5W5<44F@l|@=j7mwBT3BaEhh*DN{v>6C zaai($OJ#oRJ0RDB5(>mnXM8h==?9PB<93k`Ado(WrQ=<}vAkj-|m1?VNeBD=O7gp>jrznKQ+ zR?9L*yeUZu;W-~wepQ>;mCT?*M_w|h>kfZBHQyZfN#Y@I!uOEv`AMpbVS2rH<|AY| ze75nF7+0clo@&&aCCQTiVNc`;@xs_STu%tZct)WfF^!$CqB^mAdl{B1#*a5LKKWYV zNm#b#gEfrLXJZ(yr2RDTlDDP>sv7FHWku1t>fcB`-@NLi@q z&EkEPn;-9shg>&rpMV=NUUzpqkS$_}&L^kr^t^mBG3(9llO6vq6GuP}|Dc3FX0mO@ zeCDm%WmQzyldWMC7TG=>xMNOf;ri=bBT-jq zLu^tY*u4iucbnHwHzTylj4*7j_c}P$B#%;2ah>Aph{5eN&Ozb__|4nLwL$VSWi^tb z`cG8H4=0S6?%McW&tkwS^&E_8svBgTfw*Y%wD&8_c~HgDix(OqC7!D0hF`}EPWkQ_ z%QQjBV?^9vQzr#|8W=?AHug>*5CnB+(p_10>~SxycTTtkv_Itv9X<}U*1L$2>JvrC zQ=R0^yv^#DN}zZrOnC|3!jri#sF6<}#>{J1fjrh@2U*sxGijFPj5IZS6H+ zd~H|6#N#pr!GK{0zX-5%_hy7Gw%o-g_@`T{Ebn>j5scA$+q5ny=H;WfnaX5u1h^vI2ioM+>Vxyi<<0cHxRv=6lRp^BKW+u3 z-Rb7sd|#S*cuFHdU-5lfC4yAE;xwnG|B6xv4o(`9na(?Z`2mo6RZ;BlX(7TI^}JPI zmTkJ%qLf{Iv6&H06nb}TkeA;(He!kdSFj+tl1&Yg-P}?~xA)dTGB>ms=o5dlJ$u4} zFI_H0fMUh{4+r%3kT$Lf{FcfPJNc9~V#B$e40~?|7NdZ+ph`l!r45zMSw@G880UVmpCV7VxQnZ8DB@#hUnt|T>bf-`#W`3o5G z`eC`3Nn7ICSqN`Z5DDY*Al=Y$m@rvCHtyEK5o;}TPVDa{(W3-^^Fq&qf;#33&BXIA zNgU8LhWoS#5-e>~(}ylU9b~>8v42MH2om8@C-%N&22L27&uKyjpxdV0!bn9(%e5Ne zOpts&(m}T3pdBe{(&-dHg4Fp?MLmd!A7!CL9_tej1|}n|tUx6dk~LVYwyuQsEnBan z%T@PJ18hlZgM+SzekR}<$FeejPNz%ToEU-yfR#xulQqVIR6&+cTkTGS`mGb^WRPR$ z3N<;YTR3vFZCG++GM%3Bys~H>pW93N)&!h~7F(l0YM^};8$XLwDCo|!_L_sL%q{I( z9TnWzHQWdwb@eiEcf&@gD~jpL8)RfL+5jYBTuaDNBA?J?4&M!8MA+l?Zx0PmvNcD= z9xjGWG(;CtpIFKKIkR9@%YgcSv%2h4R0eraB^V;L?rPuA$T>Z!u+1z^Ct(@T66pao z=oDOk8ydkmTCQ|%vt9XG>_5etHH)j$zmNnT4oh{H`kkC1FIZsKcST#pgs2s_4sg-h zJxx9?G5u~uGNTew58JT<1ppz3Vn7sSDCzqR0}17Vyru9_l_)Qy8u^C3>d!!ax0Qv< zSc_1wtT*E?>y#)!4lT-RC8Yd;mxYxDvK0ED@dk;Rwgxw)+Lrn!F;@h`-|Bs5QH!_DDVc& zAo$xolHq!(GY9c=UJm=LmGunHK9siSi&fwwp`Xv;#@Xo$MdRw+j-objmDcWehS}ju z5XNf{XfYFI{)2Qh#kuF(n(k`$9YC!nHayluvfwfieTyB}*Cu44VjF z7Db>pBVd?S6!aiuQRM9-$nN=UKZvnAYLS=TisuuK%H7b;InhG9RN$|r0qY+LN=OjF z@WRu=L_#5o95o}hXX&&8+TS!m4Ue6l?`j~O7_K1#OM^?tb)CNMlVbh-Dxl$rhN@eKo3$hKQN**2qO)LXh`M%pvg0em_zis4= z1ic7i4tq@kpbI}aP*_Q1t6T}%8#+cyi_B%E`MDSQscW(J7F}Mz6ck-kAnUb;`SBs= z#pBADn736=0`H83lnp{7IpqsrUfiChedbY{L)&Lo0wF;_3yK>eeHES69(FMaF-h&F zF{KSvoe`=M6z@;^_;$N^TT5SWvFj0bvP_pzO-nr^l;{Uar{-SwlR*p!2&i4SkrlP-DO9d&hp%1UX5f7p`2 zqZ6YBH1N#LO$t0P;Y5)h<6M_E#+0wf1|a4O&-_q}qoT5om4nmgpDahsS~{fKF)B^q zBgG1V)auK&2m_~VVpO9lT}j4E;atl5(ab{ScBgKWAA9Re@%3?c^ICgUXF2nb zEmzhD?r|O)Tho^8xAo8Xxh@u;`A`2S>)k?&!N;oDw|lLRfrkA>Q7W)`qtO$9<1UR# z<_8k9!aA4JpYl88SNfgX6*5M>5i4QUt~OSA&C_V(-jH*x`53XA;VAGs)s34f!=qMi zZT6QjQqePfJ{b0*H-VYbulH~3)CkHv-nn_aH5gZjX(P(Z)UjP6IWF*;&|$)C2W)EGE3dt z=wX&<)-?cIZZ-MUa*4wzeBxfN`s9DsYn~>C{1#0Hs_Z1E?WvRk;|8qob`GAUo2Die zpVYSOh^fc_HWvY+VzX30D+rS>L_vY|ZNw~P;s6)CCwhdNdsQQp8ILvnnV(}h*NCGn zt6;$&1HZ_<(Mkeq>$pFv?fLSVFXIdSQ=C%FC!#&iJRieX+}wq(O=+nOIO4{bZgqPy zf#OWS$4iCE$HRDE>H^0tnk$&Sm$-MyfMK0zU%PLnY6%{#Y9qjp-Gs0QIUjwoS0c+Y zIr^8eKKdx||1$6^^B=PN=+V0I!7HqP7;6URKlJy}qyESLUjxgQ%n0@aQMZlGfrm7o zhJ$FJ3i0KBzjyq~;r|)8PGOc>l9#3%?l*zB9o-!qot!j|+fijHsUl_~e&f@_!+qV$ zE^$vl5AqbNk1Pcl#&NZjRo2G0?)R>CJALDxz6iDMHxMbh-g4B7M+^EJN~!YDd)J$* zu3xHZ3->)kZ41WujA&ngGHSK*uGYFpdCQoxbSk^6s94o$9twW54IuXTuNCFE-8f3uJ41V~HG$htNUO8<)y&2@*Lw3rbb>109i@qws`_sCBf(A@uk);ne(snD49#G#Mn z+^QLY+}fdL+QYj4`n5+?N4Kg}9hT>Nk5n3$t`Jz{JE5!i{cFgjX>D9R(W{kSVy%VE zI@y?lVR~_IDH6zdVdjF*0ww7Z*V&2X%xIZ1+DUYY#QuQ;LbFz+CCplZH5W}?k#Ao1 z-|rKBPWT(To>S{l;sM^I4w>KYlc1?ngzpy7g+~&rZ_pyMp#50TLe?B@&31ZJCR>sGtV>96tbl*!?zQ2- z4|T2HR)uQGt{2uq@5hvOyRa@smiUL?pdZtDPiuUU|J)sR7(&b)tGMVEnds7VYRCQx zQrIn*Q_N9nVruPEFn$&+;dHR%AUO5s+S%2&_E*+XMu1JSIM!(T;QJdp5y9b(X&&yk z)%SKV|4o*ucIxy)l5kn^w&BaZ*Ci6()ZD0|El&e!qeU6{(X8nzumhXz&S}^l`9A8y z{W;!-vY238ou^OPN%hT6Coga#|H8nj#8}W*XmHSVceYYQa9>5H@4F&R_up(*YHV1& z@G7tQVrQdnb}pdN>+aAZ4;m@v^T#So25D_MMqC*uhPJhG13li`>SsR6*yvUP**0HA zdhj2@gjKk33&@%))LH)FvYJ&_dDWgpsul~LPih2rh*9*so%T5=Iz0!)re7PTSyOu8 z55BY~OsQ`t9BYa9iiQ6wTXEb8^Lk&xS@$0(YvG*$?i({cNf1tc{Q!$8h)>e{2$+O! zCt->jXzFN|?=bk`jMeGt*X}TkT-7lN?HXuD=ePCsFi@f1z-fYQj3r_goz|D4vjK@5 zgq62tLqlrtXn8LvySiYT9To1**dlY1;Cxm`)6idj_6SZ@2Y(y1#Wa)5`7Zs=V3pg# zt_1wQq+P;`DcEWoqcnH%!U$KL!utkFkfwqo3A_mKO?uK78n|(uHV60y^BXLr$zk(* zT?~@iol_B&O=x(Y^8^XsRSuAi^FVyF&Vf@&g%to z$dg3# zOiLsp27NZgVdK_V?Z6^FV)3nzqn_kSxtCktvYa5&?L!-W;5-O;760qa#p(3&uwGoC`4S(y`z9RRt112qof%Tfp`2? z)S<*->OZ0h3&kADU_tm-U9ZC0?QWx#4SaCSy^&ohFPVW>&)0IdhIdtwAOqV2>Yn?y znzpRFP1!eCfmN*Ca$oCmLP}YD%h7sU?tVz5f1Lb(m)lK3eaI%0zQo<2@~cJ!opgJ9b`Fe={8tdirJW-rubd z^-J`4{5w?e2O_>YMwZunFsN_DazKa!#cYUkRkYUMm%xVP=}zv>MJqpEl+*;{0?C&-BF7(r;lK{b`ZdH-3OuD({lLbpus7U*wt5 zLB#9)mFE&I)yvJqpKRvla|^Y3e`O-!F{gTWWjy>2G)=(W0SC66HY01oTg=1)NAWC=g6`HRwwT=W2IG z4>>Qp)V~V3<{0p<{v?8{5Un}aOh8f3!pH65nUO2&kgAVwi6OFx$z3Z@O9iS#^l6>7 zCmswR&Xr5jH$|k21ePForI7Nv5{&i{yUYqsb<;WrFOLfKBv>YXp_MJQ576~aNCJ!d z?P1Wjkx(NgO>>1r7)Wp?jBs+fxP2Kv+a?brP@v44cMfg}GOkSJ1s3k#%=i_lbcRPYz+4c)Bt z3OFtad;Z~9P5Ww0`9#-_#ZGU0~@XI2Z%i6d#6#{%otQOfcDNVWPW%*tu+ z)=YbPrgyeL-lgG%8$ff*9}JV7-@PaG`O`Ik^%u?I{f&z z)7dQdZ2XJQh9DwOJE^Mf+uNGojp|?6LvPI8(L12A@e`62lN7d?O2w~$mk~wWVwcDk z_ILNN`Sbupnu0(1XLENt2>F=PFKvTPDqC{)`0pio2y$9`TYyS;XjQBjOkD zb-rk?c%rAM&(vsO`)ws_47i8}wm+=s#G*!HN!Hf#p1(X4{k--xe4ldFjfOQ_e2BSs zc$~+QbNbaX?mI0c&$+M*{h3Y4^p;9s<-^1Ipy7wgtgz0TN8bl=4oR{PpOSEn$n4(oe?_~dz&-(+tzT?mWNrcu;)metr^jtS$Z)JCHhzNxAkDTTA%O&jOG zF8V6XnrPX?JHTH#@-d{Ce-Y&jY>LCN$X!91^0C(0E-7(^NJ7Z<<&?shG_x z)zWQpbCY~$+QMZO-sBNDT+=8R76`1iYTpmcw|;Jlu60vJN%s+0yp$3W?%d9uepmU8 z%Eqx%{be3CaS!&H6C}|=4(X^?26gGC)G;Vd8D1j?EP$OAyY{%G>|@U+GTDLQq1-?e z8)YuR`Y!;+L_nJ#23y!Q$O`(h$Luebp%iI^6)HV7ec z6v=_1g@EP0FdApE4&J#Kd{j*EU_F99MofuTm&5uCkQ2$zURw3&**0FBxo6Bl7_49) zS(Q(b<{nG?leEwkfHyKc-;WDZA$6sRJTy&HxUcA%l#WznbemwEb zXKz@g-xmb@M{Lz1_#Xxc6p+o=yM43iKD}1hMrS;BNd_x9MZxWIluCecoJUaOpKqpK zju#E+`_7v+xc=3VBoGX?Q0weBFAKLznoMG62C2Z0_loLLZrHj#sk}w*FJ@UOpE>cI zSAB9LMZ>+T%u~Uh%Puyj8=XG^i=keq;XI1apz(p^hP3aZ0>F22Kf;HQiSpJ=I8;M2_4_!N!>)e&Ph0@xpp9PCOsq@u0;w9aR zX%=gA^KVo*v{g$hXZl$SRaKaae4ImV*O(FXQ3Btdv4vC>Bb$BB&-)pM49(MhFP59w z)0=NB`-s1tFdS{~4x{FZ|4z?H(E?RVcI2qYsc075CBb_nu>x@O0 zGemnMdT=N{qN+(!=`Hu0cb#lCtlTH3x)}NIU{u=8S|lED@V>J=yUX+nnPyoG*g5KiipYKV$>J*p~Q2fmY+d?u-l$u5p>~ZbLZf0H-_r=_?y`6xcNMTr~C2Bc-_sz z!-}h6CiEk}`FD|-D!~p&8451yYsM5bsI8X?CL`bW-Vcs`9hZX!!3=+c;FRx~JTK+D zidmc$Rwm-BlS#4arvq?wVCsl$$lT=SF&jgjnNQ=Z`j(?fsMCrGC2Eixu=WWG`kMV4 z6Agmd&t%D;O+3UG*YfPJM67($G^(^a!I=k@t()Jp>1vPNY2hUPDT=rAz7_1ZZ`(1w z-AKPbKR~yFns|nrw#A3d9i_HgO(~IfFfQ}Df8Ru3uR*`3yub7Kr|A9N=Z0tu>^X(n znEN9dMawYq?t*MzJ_6U<^+QfAcI~%6fw{P{WU>EXV8u~Rrdq158-@|u4u ztMw#fM%Uv@VzgqxH*=(|zX&>9Y*^b8j=I~Y?%U|G;=xc-gBFX5}63oRq z5yG!rW@O!gqyjnks%P;48gjM(?be z9gU6izveMrh(k9JK$L09##6lWf%e9(%RaWNx(g6rs3Y58-TVqv3HiHKlAJoJ>l^8T~kSd+}4OPuD; z1M?PV@4pOqrY!o56n##(JG6$G*AMKzGB5Q|)go8xO0N#`z1&Hrn)j+8W#okgtG*SM zr66I(tHH;#ZK}G}5G3}l90_l3XyL@OBhBTy^Yk6(0sRTZiHUya9LkAn+WQH2FSINg z+~6aKr!`-mhMTI&Sj#^$D<9k}i`-SkktTUCX!3GY@_>}oao?$m&ix=K{N{66@%ndL z!+h_L4z76=*7HgSemoN18z{hrg~GBdg+6|nFT9+RMKblni|9UmCLpSn%=8SZS?w4% z(;s2Bbs*8lokGieZr_JRdo&5j9V^C6=d(y`ofFM%>`W#l-%70K&0teIOE+)&!?rCr z6j7+5>k@hnPu*v(0|RwDEq;KfW!0%aH>!vuvj=a(Kh9JPRuxj>Dvn$*yDDW5G&xS& zj(y6+ik*ZmymYkw{hh11uZK0})Y)uiz^+oD#^_ zwZlRMb>)<}V{cu2Sv)l0V8;5cC?Jz*pR2Qf>anz2b6)MOrI-xzQpqrut<_HFNgM_C zj^VfqCx`U?n|>{wpSuQrv;$)Sss zd8@&Le>c}FO5ou_r&k%(Ifp1J@OTT44!uKzlKkFJ7L_VUx47Rg6#%33&tz9mb(&^z zjMKBh$fvb;<*6S?JINMMjXg)+!? z@)dT!f$1MD^8j;!f<&WH1g9}2y=AFv)%g0H+%d^Qo)z^~I;C)@w{+GXsYJhOwUrHM z;+Y&}b#+{e`wn2z?hWxz0o@wrBix8AuV_anN%Oj^u}g3R8vbsN37er;(H5q}Yp}S% zpO!C;ME;o8aoqXNS6NO#t0|8>M(0>C_Vv&PL)QD;q(3U246+~TGcpJF9R&1brxonA ze5hh>&?NIT&cqC#E%3ZzMT$$?;PsK{cosu{X=4zNsm;b_Hr$bIj}L{*bcK@@DTB06 zLP(uxB1i_y3u?Mmn&T#1Atk>Om?|9AM@zz#4PKz#(=K8P$p0#dSB#U;&unKXKm(Oy z>k?$K52>lhhL_1I?bFKVWeiuoQgCBRdav)`J`x8PDL9uuxIwe>5O)?b#t7v8ORVN9 z3wADVn+p}ZF`F3~KHZvAJozXd$`ajBoP}P9m4rF+0q9TB=gWnNVgWgK1vTx}I6xH7 z&;-SLj4Auk(f$YIC7wwdn9~50diDxR;GPX}rwSXi@rp;WNJVOU&6Kz3EYI1dfrqWM z3_J%HT%t~k+kK04HUR1p%eo5dXWG1KNa$EU?}+I)WsnQGmI2ajua<^Jjt32Xjf>MY zSO(l!d-@u*^Y=TO+^7xMb(MDL3wjGf<{gs;ifeXb7=g^Qa7O>Wr^F+ng*ks>SPG#* zfFryan8SoCiXd9NR9j1qdL=rh4Eak1w2kJzBGK$$*jj>&NAP}N0BkspyA|>Ig|htIVR~&Q4^GjqI|9TM)e?Vn3m78faqypx)f3p&m<1a>8)?_ z;R~56dO5q^MGmY|b2AY4B}?+2`a{#4B>y6u-0S;QJA;@hp41}jX945`n|Zhr2ku_e z7hd3rL-IV*sidZ7uI35JI>9ZgnSq3Q{|?EtYVY~YBwDGUqbimnmR}C}ns}`y1pF-X zwaCu0PHeOi5&i@g2tgZFlQQbYVXh8pnSFo=J_L~@gaE@FjGC6cYr&j@pnVM&CLpA> z@GtX@+VKgsWJ*%ug9;B-Q`4`1!D-HWB7SOz0aJtJJDy7BQHSd1NRPY2sPHm$1&9H3 z&6?E&-LH<#wCwm}X32eh3MklZW2EBFW#<>R2ktM5p(8<@ACT|1dOT}>8k-H~l|i@b zUdC6cJ=crMJP_=5(QxyEWVr90e;2tM@rXNMig#HF1UNuU$qx=*61{LH+IL7p{tbOU zFanESorxl{h#{t!U-6{Z%2^}59z*ueZ~8$|E1(1PNS9QDQE;=N>if)Yod%3NA*uby zk_QbB-n9Fx=2u91WE8V^d^^K4tes9`NP&d@(+zddYG|tpezm!M&g`<7Z(7>g8Y5!2 zV?^7a6ud=nz?8CvVbvk#(<98^c@`XTNZ_6^@b0T_m8;5rcTAdrSUk)fIIpSNZck#f zCRw*m2dVl{W2;xxsPZWphrwmrU0XdC#+z5V&tnJM0ysC9GJ z_Rq4(9!_s*S=k(B#%!krS`#*iQ>lR1i@VLd&z!K@{NzGtI&|ICBL0TRL`7q5BPM-@ zfOCRvZ}ciWN#3*Qh}=Bp>+x((vf!Q1w)YXOgofQYL?Jn`aWbkXC|ui?EPII2Nq z!zxzCb9s~Dgr%%qJ-G~;eaM6Ja(A;Y2~s;_d()Cw^2zoOyGYkD(@^{9{#t0PvVn8_5Rz~+Ib3zm!>5p_5%JolMeodb2h~AIts=oqb!ydl9l)vv#!*(*e)-R#WwBfjd_w`_ zg~3f~3irw6OeXM^;B*XcVLa!-s=9ix@>!J(RB38p(ue@v_6kkyv@y& zPZIs|H;?$f24YnAZxGM{#rYoZGkA^)W2fkQn11IYf~Pt+nYdV=+5?szcZrKwLqUA& z;zo~%mx!<@a-kD(R9{9pS5xrvGYEe82mg==3GkT8fa(~C^&61MhLFC7R0AG1wPI;P zz=V$|U-7cfKXRkBwmXi{Kk^&0A41^0CHZe;k65~CApb(%e?;d0>DNcbdjiejE^9mh%+~a?lOxQ?=AWRQ zu_YdWlZW#S$D4nG!ouuo?)ETtEhS@1n28g+sZ><=WVSPbYGl52jRoHaowk z{ND=u3r(UvL1RzqLid>GZW7Rszh%=ovMFF^+GO(Szqh{O*xA#;Es1jb;pLpZvQafD{u?t(NBx}&0Gig& zq{t}+I#K>=<(6}EqP(sBysm|5_7z%_^K44}KNd6|m(C`KJ?gGBaL)UtU$e%sFVWD} z=0IM?Z{4pmTj*MvW*;_LHvK1aQXoG*k~ktH(a?2U*UHDf@~Dxs-n|_4xBfm_ubVb2 zi*~Z$dcx?qCG9E+9EZKO#r>I_b~EIiM_k0esd~eFLS5B1W9v=DN0#1tyQN*0c}qwb z_Pq&?{jcGU+hKdG_tOK*UZTPuZ1S>ss#*!pn2*!g|b3s7X1|C{HQP1%EDFW;dGUlp83B%xID!-Bt%}Esd<2QY#wEjo$+8M(hx9 zC1HS!xZlO7&BH;^J$*kLe_JS?mUAFi)8<&6!r6@NsZTa02@1QrXjje zgNJe}k*l1>=SVNgvjuy2Y@G_gb2LU#nhgXV4wTu+ zdAGyzsfix^Ec(Yx&)&I1Rx2xO@nQNGs&quZ(5cumwcR;5d5zd0%p@WwCZ4_=M(CugttT2iS&}o6egZF z5gvs(ErW;j?l+=s4oe#g&Sli}jMK}CzPW@_k|0$! z$;{%tT95cq_vYmF3onmpx-;buAgl4Lg-s2ekc0*W(L*EtdD=fyjCPUG-1LTyPr5U6 z25E~6f0|igmg;L-D!;#%6VxU@$>lltFhuAtbW%(IPpuqkI?gYQ-Td@7DV`mBv%xhT zOJEX9#boZQ?pb$B7a!I!Gg;X2CkL-08bcDapc(v4X?KRf8SOqO?Rqzi5alvDzKgm1 zVsEPC{WA<{kSp6_Lba_*FW{77_!Cjg*F$K9cu*;K*Ta z`=+fI$R)Ct4QnIY#J_2@J^7KHu*Dz+g0NyRaX4aL#d za@1f>uRl>@D_S!_?2@3MZ!NckoqfyO>sT}H61 zn4;eUCP;Ma-w{l5omB5j^eYc+W}whKVkZzg$HM--ugf&+b>>@ENln(L)ygj-n`fN8>%kT4nrHM$kB~it z{~3HDuMWSQG>wkd1%?+_*X;|40pC$MmW}O^Y+UC0Rw(PgeDGQD86v4Q4Wz+F+3IiY zM0d=0iKtU7y5oA*e8Kfu5cHFu@yHQ z+PV*7OYKOplOeI&a`&rbKHN-0Fp9#V)yqLinQ!DskeIH8oi&!B)Yj=>aOY0JjiO;^9uRpbwDX_Le4%;Xyx%-Efa5Oa zgpSQO(gFS5M4mZ?Efs^G_kL>E#E!plmqCr@(ymABV_31Q0mNL{~Z@&s71n_?l=)5ky{|J5xn$4!;4i*tdd!p`+K{eBKc_O)u6-WxU$2#W zdzt@}-S{cCL3K0YjZZ~IruOCY6!j~K?<=I_yoO;2nh?#7#`cj#3BvdkzU0L!?{Wve zr8ue)FUN{oT*5FmQ||29h;I#}&DP$T@lbvX9HRfqKg(AiU#OOQR2)&Z9cs2_UvlmC zKJ9#AY9h#4-CMQAwJmL+F&u)sySw|MgKOgs!QI`1I|O%W+}%A8G`KrK8rR1C^xEIv z=O3J#bJJJzso7&x%^Fp2)p)BmgXc@+#{~W7kwxet5MI}f(G-0_IcJ6)9Gn-KkV5T7 zYn~zKQLeezM%CV2cw6i>uNRLu1*-SDX9Aos`zwYNW+RO zS``rmq1hUe$1@gc_%7nlO2VqKdV=gw)N;8U*}Om?mw^1gO~Beojg5hhU+FI;45e%g z$$>QM>}=JfxQ~HzoUQbohy1o4x=-(91;JbM7-`3>OXrxBi=1f4xm=`KB?fXj3`A>n)@75#CA~GP-jem zHTzN<_hN+!V+$msmW>2XZ9$=wEswP7i6(%v6rKMd%|`clUc$OFY{lgs3HrYzK~TCS z#4EK;BIp{83vhiflKa_nl{(xOIuOjN{RLz;&Z{3t#(bT1l-$afPBuubLa}i`X!fwN zn%=|y)y`ad70$anzkl`DlVZ#;by&R?Cj4| zT=21frw53&Y8pOtM#H(su3DsfS!!#vt35+8XY`tvMT&2;)z)bC=p2(;zw=E{ ze>M{AaHe6za`v^oLaJ)KIlTkU?cnqm_w_GItPg!qNzs?m`_cnS zt@Q`Ud~(gcA&{F){6KgZA;e9yVXqAmR`2JBZo8GKrf77~4|NVw9=lFA{#$ITYtL>X!SE*9fgWzGRem=q= z0DWN~lgEpH1`R(QiiIQ+A`5(g8ton|`dA{=-te_1xs-WH(8v1ww4Y3_V0~t0M>q2A zS0<3i&jd1K&LwkR$6!}Rnl)B!P-w=@5>W1YJhGQ=5^q&rE!iGZ^!nosQ)VZ_a$c>i zHX4G~L}R-CUi4ZFV3u|?OTO7VsD1Tzs-L%S{Bj-9etGO~;X3?6un^!rQ!@v*!paca zSgvS0+r-^@$k$n1ms(3GoZ@=}PQv(fv_jZS>ES(qD)1JWAk;0>s|;E@S!_AZVPrMT z5K0uHZ`mCxJ|4uY9J5{CEG!^<^*VaDS18BV6wRmzRYzH z@wI4lc*nqom@(douz!#VHRRu5oWcWHN)V^(?Jvp20=XgaTq~5Rw2A5#r|fo3S>HDE zf8OUULQ`l10(dLLpA%n>Xy#xP^6ZUgMUy**iHtZo6)fgU%Hie<7WvNQm+Gq^v<7@{ zDbFmb3Cc;G=7B3xTuyWT6Plr8;osr5KEY1sPu-gj(}YthPlq6Be8$%c{Me3KfNkJ& zF>v)(zqHD-qy#$mz^sNCYXq;7d z@9EI}9eq-)tvC+v;MThG;wivGiCD+>A&K{j^?d&I%1xTlojrGAAvEo*$gy>+qK5H! zOQ^!`v<0pxTkM3J-BzV;h)iC0FAth-3y7$PLSLYYL zdNG%&_$-lL6-&RK50lFJ`w^Dfmwm21F0W;Y+@w(`gfKPln0zU#%6_%J&bB*hx(~yf zG%u4wnI%$Q(=G|_ZZ6U-|1fG2C+XzEanm0~qT{i-*eS|o&U+gDR4I9%tyWd9u<_%f zd)2#G!h86vhdOxlF%yg9RfTqH)9!Y1Kv_Pw8%%g`7)9|VYx562WwLqg1!{4AqWy(_ zXwp>9$+ACYP~iUEi`cyg56txpx|MSgkN@W!$+nCj5$~mucE6{L;pg1MqXUyD-h9*E1u<&V0SnKe1{C88g#_H-G({-)#AJRl! z&tNZdi<^+opI=4j28SLCErJP8aEr zR=jP@Te_5%CiEzSc~hhoVgkCY+*3{Hwq@QzN;6+tz<(I0YCGl*#d;12x7v6W z2ZA3ysfSQ7{G)+clp~MJ?)MZqdO7`Qd#ZU`cbWxOWb;v!9>p(hd^}rbt!p>Y7M%FV znUB*v#H2>JG7@^1uq8JNqz#~#!dx_NL|tm!Y^AZfdwxiLft~&?FdnDyRjQy40kQA{ zB=vD@!~n(c!FS%99-CzRlh5atw{>p7XR{Ei6YFWSfpeMgdB}BgyOyqqAHu*_#Mw&| zoI!{O^`@i4GEGj-%6x%iRBtT{Id4uHwmFAn|{5)L?{*%J%ll|E~t-sA>C?Q ziKH#}Y)amR`WskA%@}@;SV{##>>^XIqoE^;|JZ{1C)V$EFC?w4%dOKrgKJF&JW}$y zC3%(da-5U)zJb|?=aiiUlUd^xV(>C~aTW_?#9+?3_g=|~wE96{iYOspiwIyQGSl`~ zOXhkv{i<=I=z^)iU)RGy+{?Q?5#$L9VP$c;orpiSK}|_+{&N=T=^S40Dyf>eNAi;p zoq2+2@LlD4+gqL0g`nFXdwt2X7qvJaqnQ=jqZPL4-HM#85624OE81h^k2^Gab%-N; zV6NvJtBlF7u0;TboqrY#0{{~TgGu!Iz6?jC-# z*|rhWF~1gk7TjpRix;qrvY(-%RRs|{eQhl96@YfsvRQatVO9eEmT;(oSm$=qOz;Qs znlf9Fx%N>`WRU2Q4hCmh;G)>idI~NgaO%Hwg=)h4u5KhOq%%2|N(UR{@x_iZ_uMva zmBNzwvI;GKGu!LQ54~`0ulGymLolsSK^d4q=QpMCbtex}I0MI^M?uT(l;YhY$E2&x zQ;@!5f`XrR5KAi+RdG7+|EMXhaGs|^IvV%@u^OC3$y_-mK=-Y~dL1v6?he2rmOYc1 z|M^%)Zr&ck!)7fvv=Yk*+{RR?rGJWn!LJ_YF513&!X-9CsZR)(`DCD~F49gmOaiAk zzeink5iH}yfg$-gXB^6((32F8^2txb_*>hwJU-}Bwyg{SgXUztWQvR341!h!Prc+y z0}W-O06{(M(N#DJ-*yRwG3jF>EXE(Dk)}k9rY31O2>dEX)9QYF#0uEESvh4gOY;rH zWYPNgy9<65kY?6iFHcKp#k0pl754aZhq}tZiUKQ9xlb20_wm$wTG*cV4w^r)1q%6u z0P+|o;gxgF7O_N*O;DxT6}>P44g2K zuYm#aX)-b8B<9P8D*bly%QcT~;Y<%YHYu-hg6u14ouhSIR-^(8InEh0ir45-`9D<@ z{pFuTzRt9QV#xq;90u~;bsgb63g@z8ZGT--CS=PZz-d@jC25W3UNYbY)-NUJ0bsJn zt_4zd1Zk@VGZJPU{sj@N>J-KyqKqMBZ$kB=vt(QX#vwAV>Keoec=dTu`mcTkc?fLa z^3F}hX%AB)p=v%>aTxeF%fy2xCqI8`Tf``%&8>kbBS9EFILl+qM*P)got$6JR8H=| zcc+-86(3x?3M7-KyUCkbGiTvag_>sKlu?jtlAHaUMRt0FCp<*&r-cBfO38CSyfv)eLV1cDm+C*97iL8$OFrnXCTgr_F zaBfY1SCdrWVws-`l#>HwbgSW${COFkC+-kru!wRJv3qH8K;u#uGUnhRn^LcJa_z!2 z{oyfu&2!K7cJY=64DX*EC1rW*M*8ZNZcDJ?pP<7T-pn9BZdk*L)+Nk#4ZQCd= zA3O^vf|r1d$zFKR77k<^MfOu9!+Di;l&MS5$swc`oP$pV!Pv28t+Y^*u8q$fKJzS6 zj1Sg^$;@H|xW_pVq3jf&GI;9hSO$(<@L+0h!~!;Z3{V0g8X4!CBRbzWZNo48I0yXd z5s^-_Xkbto)pAjv`OG?8;b}moa41SqY!Ud6!{BXFg3SDv3-9U8(r4eLlh4gcHpu~D z@YKr>XkE!PfbYZzU_~!QNIU_^lC~t20t?V`WLpkD=sHHEjaEb;eU8F}?ZvI&@Um$- zKI5#qx#s@dY-h(`10hx<`CPViP!*>@Gm6W%9aMmz(KoOWcN(CdSd-KBl;5K18!eHh zV?01;xm4^a^G$w4Q;N=2W<%Nj5m;55z^<;An#R&Uh7KAjA9Qv4_amStL(zo{nOwn# zmXKzRC4=xmfZTUKD7mu`X=XV^@nI3$^Q!dLywWvYNR!dG5J00-k!zf*>q#%Y4)I&; zQ7D{Gnf$qxPMT(4>k4tJ7=@V$AiE@7VP#b&6?Y z$wG;Uq`r|(-aNSj7WcroU6;Jz!Xn)}6S{07i?qNF_K8UrWwM0AG!%jKGS=Y(L$4OOC!Cqcb9N{j3*fH(Pn&#t%B)uRwcs5SF_Q9b359{&_{bWj)Cgtfk z0T0;j!If_1xcjGa`wC?;V*`7%-xc<0-UJEg0e9IrX1Bem7)gqbOM64DWW?9CZ8Qfb z@g-3#Msg~O$f6oP0HY20OJ*W-?ixOqD-bhNQeB!5G(8_Jv{GdB)?$pRpQ#ZZu)Fgc z&ig-mEes`VkoPZQWn8{7D7l6?SeTA6wkq`n?}pF^u7*5tQHex`Zr~7W6(xhipq~HN z7`91V%r0GbEMmw_Br=%Q)Xgh~QcXR)D@weJd)s@eIF*;bGd;IzK@E?qgaF^X)wDfZ zF%DYJKK0VuzFBqbeGJRF=R6vUy=fMzUs?E{i}ys=F>N%k4Z0_5_ExKn$I;C zpHJdqfDGFOG?t_AgF@_PvA~BMEc{YVGZb9xP{bXFB}IX+g;A!bMD7BD>(M#IC0+Rz z4zRawZ+-P$uxtZ+_U^VEay@MbxL8OzPtd7`K;no7nIph*mX4LMP$mao2vFd*M$bnz z3bpU_tyHL<`L@ZZ0%P=-w|y^hHV;wT$~gWH!b$&}JVq;J_v+oP<%^CAR5W-g{P5B> znbJFE6412RFo|WmSlpixOwhvs1Vv^kA};^5*`3!~YQn6ciz8)}^BLeRCL0C6^e|yO zetE8WXxXcg6Rab=Y1Coh6vQd?4ZEVKYpG!MPi|EE8DAK8@?qc4hjd_Xsbbb-rF#b$ zGz=4QfaV-7mf^DNUZAB|@J6g;BLmmaBAPe$vkh!w$|D^RY>&-2ZA4 zMxIhlJG?6x><(OfYg!ietr5B21+)T!los=LpUr3o4ODe=@sZVXEJWBR% zi!O_HWSb(pgYi!oyqPj)lWmA`dU}Hw{Jc$pm9zc9AHFHqlA7(HMJU{b-VOqQjI5p@y!w}5kqhqInhr6Qycg~v%i&aB z5jTcoRFjO}9bzbe@zwyz0Wb9^61mJB>9 zp5U?MYH}c>rTIY@aIdLT5RTM5Uk1kHP3LDIRHHlXao)Nr5UgOlMzd0?EggzxhNXD# z-NU-HZDrwg9190%GwQj5_t3A6GGagd%7!gsAJro!)|4Z2kx)sJ`V-g5($y*q!(zhG z(v>?M;WwL@4DW4n5{AYRE`?mb1v@rUF5BDT^+qJLs-Cp=D@Bp{VzuWj)%!A>xYnid zd&mgMD9g3jko9hIt>`;>Kg8hAYxzoi{yKeaqjLy&B7r?ecusacHC)*%GxpCPA? z9}6kd@zYI0^tjBtM7BPeU=MZhPY~ zzTl~0+CXKUO5e=AtVuO)J$WoyOM7fq%uJ=Sv3p(DF;(9yDtG}1;XlDgZM^(E?Nq&5 zNx$aE2kMzKq!2w#?Uz;AKYqvvOnLsS{dak<>L)xkbsiMj{Rf>4@aU4iGE;8&&*u+C zpBV4q8XBM{%p1fI2U;EkGDQI2u=)#mE_G0Uy!4H|239cuwna7Iq0=U?$pBs@F>AFs z`!aR!Hhg?`KVL1~i(R^x+v`5OZ2bEy76~W@j@G`8T==z*1qxw?{(uK(a1fFRE;z&Qv!p?^A0bv_}7h1|6&Fg?Ak^N<*Y~@j%fIir4ZW{oKc*t+J};*?L{gcx}{+ zb?wGKXO)j88bQFe3ZV`NTnl5yhWNRj#Rdy$ye7kw@##UW%td~KWV4%|bTdx)p-i)= z?ky$8gx62|C(iBePK(dkDrf`r1HQgp9dA(Bkw0HmlHivbsn37^KyuWvJAK^M_doJL7MjykZ zDpo}UISTbid}@E}O!r&z2L|^*`Pt;X$0)r|tP2e&osW76gs z%I7bIPaZ?3)c2coEWb9(PEkv|zSu?p+YVZ!JYLiz_o|z#y-#AWPhNdFEYDItmp}Hl zuy)7rHYm8xh$&x^@=;mMM=5HhIvonhfY=Qj~!0asuBIQ zHc%K<{g!mTUDoGk@(tkuycvEG`kV;59r#Y3jKU#-=*$UE6YEGL2F`C!beZag~B3VYnuJU>rv&@4f=z_9F=pZx7n0`U z4^n0b;lERFTYrE%054F~70~?RnmYsH z(plnG-Ft_c<>vsZMUxXyZ^E!(QxW$SY?x#oQ@#ZkaVzK)Wm+p~z!N=1=r*z&?*(tKlPpnt$UmfuaD+V3SCb_2geWtkho9@UE#~ znrdbmiSk4|okiy|4Y<~|4y7}x(0Cm~o5dY4O6;T-tqSOlC*5of6UF2rXVyGP<3ITM zm5pwAR6xD{A%_{dpy1FPba?7ahd^}taJ~%x(WTYhQ;&#vXjf&Ovqs2)_ldYmMs}^9 zLyV~H69dlJgvRA79Gr<&o*)9j((^o-30e z&gqmre+_nb`V|_Ts~DA+jN%p*)ddv{d5A_6x2z8wA8E6J^Yw+F@6sk2gIZ;41%|mr z+=M*o(QHz_L55ad#8n#0GlvVLempMpAFS-QL!>o@iPI|2jU1z&uyS~=vwI{`&(U+6 zhK2ib3NWcSr{M|)bB7fAU3f*LGdJ9nnmylTk_(R(&-_g^QT2ye!E7SMQj5!dpQsw` z(#r<4A|LPf%{efr@e@uYk|ZpQ?r^>ljGoFVaAhUHW*&c&^B*O~{f^e@*ks-@x*)2f zYLS3kVXQX!{lS*Rc`=MP@dfL9i=rz;c6`JSZC#?5fT^@#D~IU1XTh6fm10S7Q?J6N(5d>A8s>Y|QkaLC?Z3#2d<}ilQm6@3iGeGoE?u z?@IpIrBt6}kfRl6(sHuJ;d^N|c;`8MDhz{I$z(EJl-+bOwi8q+r57}^yAAPmz%6py@uoV5=N6ofEMA9G9m=eVG4!OInqW(-;rS_$GlIpzV3A_A+xn z#0)BQa~PksrW2y5|4x%&Ua#ZT8Ce!vKdxrUGyv-~$j5*rfUG?uLDw}?B23~2{N*y8 z1tC!*Q78YA;j&E_ujW}MK@R$J6Hhx@&Ps3Zlvf2mr%Gd zI(TuFvD8K6%HJjQ&_0=r=l54@X+10ob__8=4#=HIY(QV^w-eWa@8Coe0>ri!yB1R1-9!XtZ* zQ;*efMYmESb52&!P|CKFy!TFP3*35pjz;4>T6R4!iWT2OYt-)$^}ZY4q5SX_zCLD#z<9GmI!} zFB^?SxsxK+=Gn&M3c?A)l&V$6qV6TXF|Q*ZpSZHligo(QChn}844!CTvCOvXjRi8b zl6@BSl`&QcOYUQg+UBgEbLA6?uCa<+5X@QHtOSycEts=R`mO zR>BJuvq<@Zzj5Pd-Y{!gmyN%kiy~j9pd6=9FLflYs~487M!Eoid>AtAE9X?r?*g6c?dIKG zjMSsz46hD*d-F?H2`4svn^i3`z)ze55it(PfuiCJbyvT_6&h$$G(&ypu_(2ka0`Y^ zspDkK+2Rf*D6l#xrtH-7SNIY_tnQkrK4vQ7qc{%oxG;Axu?{7J`6uVIT-~cJiRZNP zur$dPPVc+EbJOsq(X|Q4iJAkk3!N)owN^c3PjUtY&?6KmA>{1Do&RpC_4agljQ}9Q zJo~%#F3)M5gQu&c)gu$@#=N#~h%w&Zp?%Xv9ezrz26DzJEKGf|64A}RAzqe~GNw~D zQ?p<2#moGM2{|f_JR)7HPjKIQy~n%17wKYrF{@+9L2$v`aHJw)GFd^H3@wzI870T) zNEYodlV9f*Z?|6Yr6RON#iGP|a|_XW5Nvm}rcNxRa%LDn>8%y|j3i07?G6~t9K5V- zqN?X4@+%=!M{B$+nOiwF?=Zj zhI~gbg2bFmDcH)zQVQ6F^xH}$qBi8eVvDBP=b%yjZEwoj`6wc?IdAvnCp>2dwjfw; z#bXSKVC2k-d!CkAPE_LbKIl6%_`8}pa>E%dV4wjbyN_v#G|VXhAF)nyehI)-7qOa# zy>)k0ey_{E!E-m@%a!ByTtJU9BXu+`Su@8pGdYWyp}TUhnLDmKoY(dYF(&wHo?zaf z!{15Iclp~Ef&UPMIrh2~3Ox)2k@2B)S@fP?z4c1xt77A~li%8>%TtA6YEDo8Y+F~i zkdS!u2-(OT^vq_5^ERvalCTQrC%Povz;(i0`0q9@vA}M8_O2tmRa+^%=DEueaQJwb ztZaSvI_3eZiI0ei>TXgU;&s&|nOFnu{nta5-AWXTCYawna!-_XNB5>MG zkYluChlA%TTcI*dcTPNXdVHp=&*;ZSa3M|>5SpfjOq;fDeN`lU3%HxyY>ov-Kfe#Y zVe2C5;i>#ifl)FNi;BR~{N5IXWuTHy?TF4op(kXliighTt@5S4tuCyu1O8+uNbd_4 z8{Hu4f9|hP8hhpRpSVz!a4L{mURcx#ZLb7=>Zr*fMl_?o8~%Y?dc2w zI-;st2gc}yA4%vgZh*jfu3dDJ4vBJ0n@S+evc3B%KuRtvKhR^b#nAn_FnV4)`LxN% z$*vv3RC~RDw*``9@3bDezK(+IT~MY*2{SGWB~^}fl#N@ts!4#dXZD+AeZ{Rcy_qbY z9(E{ButabU`S}TXT+Th}!CkkRG^MtI`iNm+yHZ+Ub(@}=p>U!5cl5Xxg9vv?t7HHu zW5R%};JPP|=?^ZH2?6BtxCKlm)}vP;R%cq1Url8Tqn{FEZC;KfmhSu_W#;4%9;hYl zQY)z9yWi#z(y+&FS*=*ELr6ME{~DZ*qEztgXR!KulHvKTMpZ_*^(c7JLR`|CwBoi^ zvczL{k)&c6M`5>DrSOtO=cMER9(EDMV3r>L z^s*2r^{TA)nj%HFS1#rXMjP#R|Jyd>7cj@T-QRW&7H4C7WF0dyEQ6WKASt9GlnQFG z4^2Ctu>nnnR)%m6Tfh@b|H)v{xpEy&iy6) z=dnLGZ&;JP;bhI!!Yd^PcsPpe=8mq;=TxyIvzr;-I{JIj6DK+drzZh@p96+aEbVuM z&mQg=Ni`8Rpy1l_O2Kiv+bSt0B#9AzKzF=>*e-S56(_m6#o-={ft@g? zIgzoI>Q&Ayb?Lq*$F)H6gvm|DR?G`gQ6Mo|pJJIPNjJN>U_67tx=c2~Ic(!#>GuWK zw_+K?37XFO`e}jC=~oEk877L^V*hK~@G3p&VV3?>dn7BjjIM1mJg-Qn$&ByfPAb@9 z%rPG10(C;z#Cj)}rYQ`Yg&ADTbh1oos2eekmmwgd(wPdh}et_r)h^n$Mre7S>c#-}{kBi^EY?3_1DZ zhs#c}`0oBQ&8*2|3ao}is^?-WPO%V(T0S9*?3pqQI8YVQI3M}LkFDs-=|+`K@m~a5 z+9Ca0l)YC_FqmMv+iKL@qK@Kkau6Qf=MR5nIFEZ8)=F*Vp8EuCX6#aKH}7fL1K*?? zZ{W?mS3FkSpA)5sYcR#>vPR|wn{;Sj9d{qSmR2dB3(w^E0F|(c^bvv3YdN`GbH5@t z;9DaI_8T)7oWj{Ol>)&~10p~wgfxI{@|e2)(LlBo*E3#!ywOQU`rK8XMeBM_(0{1@ zU+?n&S7`DNY<5@VLMIV@HylX|ytk852ZxO2q#557?N9is9(gtqqTvqW!y9Ya0iW>a zu7{qAsaobwXKT`%&u?X!hGj7W_y}i+V(Z{MSpa})4(m)3bsW=^Y1wKv7w)`lx zS%B8PI8rn_)-sNo5?Por_5CTw1&S2IqRaMk%v^oPbNW}yDRy_$8Q!MVPEqaedTtC5~%X;zjQyXZ@F-z5wBtWG`P|I96>5WlA z@2A+{295j{Z8(iKqyIpW9FllUWfM`pzl(;B<%gZ=K;k zqWQz1q1%6j+Wr2Z7WRKaQK2YRt(@^I08P8*6B$5;u3V90#_!_%i_A-T<9!y}Kk}2u zLp_3z`{`leS3Mi$MFfgu(eP3ueJ?anRdlRlBsxgkR@_CL4A2f20puV9Xk*Jo03*&M zLK-A#Uel_SB{vSj+}L$3v=?P`_$}VAvx8S#@XJb-SDHHvEfT{^gU`iM>_MwFq+Use zfG94Qr%L5=(mScfWFvWSTQZk~<-yqZ)ih;&e+9TwcayXd3$==8ccn6O(@=BMQao&l zV()3fV%I(UQ@5&P4LZ65L&w^sm!$K(Skj@28e<) zw!WJcqMX{2-6ugY1>V%uysd`C$BOBGXDhXqE5Y)pKHtnaCJJLgXH#=h0J~!-}J8X=H(JH9?_Di!;N!Z+%r27qzH#K*nzOQLFw|wNE zw!r1#!OFgk~-epS5D zn~NeSx!Q+Q!8pgI;eV|?*Pbn(%;Kb6?8?Pl@i1j{!FF!ujFRx4guT;Wf2Y-$#MDJP zgX;AJtkU$|k*mXKB;N`^?H&c7R_~KVN=?n5%^7tNikjCV>$-3}ui7P2gi0(BDE#&X zw*xCmube$4HvYuma=uTq8QeUU;JXJU+vQyp5BGEWc8^aiLtR zdx#q*dx{%hb3-{X%RXBpfY!;>3v8Xu&~gupR(ZTir1`b?BiZ+&nYoKzBFcHIZ0?>g zW+TRkP|7FbMBB*;6jK63JkvCI`s4jKMy})va}$y0#7?3K($!15(8U+g2AbZJ=QW#J zeafAvuqJ&^TMQDbEPr6ioF1^*rd5yR{tiGeORjCJOpFM?3=C2 zpw*WWdWee<894s!dFM+`H-RhB-O0xE3er$mrrU9XA*;THD3Gwxi=^_ynW_V^MeU-% zb+E+?XO`(Oqs-5d8lx}h9~rM@D5VRY$erDKJu1au-*5aFhWb7>LJr)u&c?gh%6~~r zi9nX;#OGQFCcRW(ubXjc#RU`2T&;~H)BFVK5|uCBNB%@Do-Df=I`9gx_zl`M(!8an zXN>aW^PgNSe}2VDNI5%zqlW=oh{6t5;(v{FQgA?_i-hx2ciR zyQ%7yb@M2NhSN34aV0ZR0j|LYse5vj`~PgBH_Sj{MuL?02~{)%5qhMs=B4QqNKx_D`LYZ0^#gJhGQ@ z{$E!+#ZIVdi+oG-5sOrmuV)mQ-BBdq=FtEdVo_3swj5^CqrOC4Ye;(rf+e#4+?kU} z#s>@s#v-R^-EqkbXgwQQt|75d#Sr8uo`H2{@^Bu8c)j zOI7@zO9c+bX2o+`!}Vf>9$V4VylzD3^mXa<;y^SOtXW5^gE1oak8Hj#^^%lZmw8Q? zS9j#uo-2<(TfGVy$> z@3wu^y!TrK+1_P0qJLMR?Ev){r9i5U+Au3wsz6x?Z zTJ;$nVbGD1pRgq93Q-qa>rJrSnUrdGey15xFKejwFoN+vqUY?xhN1pIjK8e%g948g0bQ?R!qmp$Q#?Fi?bV9#cSI=$#Zl-riLS~Z=^?s^wruD$o^>QFu z9HgHze9cxtuL;*@<;2nn`CfWk*)wO)_!h{8= zVPEhmF*O;m&KkmbS}BRZY*eIVc91g?%_7#a1bpZGOkTWCRAxey0k4w-EK=4UxsUFJ z90ct-$c#}R+JOq?Xc*gmCGVy4dQng0c(T%)k&S78ANwr~!|(nafgoCio**}P*DPfw${_&NL;Wa3Ycn2y~-p%jU-Ru znrSi{kbq4*BVew%G|gycoh`$BE^(L>R0B#ATOFTJ9_SsI76Iodt}2 z%hQpLw2j1%td0G-QU4j%QcB$w~UfXDq*ut9q*`VgDW7?)n44%7 zYcK2^_z4Euj6kITDC1^$qJMs0O${n&ZyRw?=SNqJcpapaBAse||V+zs_8rAk-BT^iBl%=CbWqMy5d?RLQZKDp|JD0gLO zfHJviI-+S{^ovUF`Y%cyK8?!rmX?dT$QtJ_(SDI=`i|6)D( z=^PIa9%^hkG#@IozmKW9y;YjsG~YgCBkiF@0<;>goF$QHtG`t{5CTFHUkj3Bfsh4t zN|ljiOdrTiLxRpLZ&uCy6nd|?-&cUoX6Ciu{OlD-DLZ5J6(WC|lVt~N zG4@62R$0shOJc6D!<$~+)leFoSC%~s4@Y|z^ID0O_?xO^hF;n!;>(KDwXVROo`-i> zshzRT-Z5i>u-yOgBR@n|$#6cFpgS(tvi+E;iKwfX}SjWRDZw(NhXM;kpTdz9BJ_Rr-?H8bdt=!8CL&qrn1BxzHnj| z0LrQKW89jt0=peOszSwD0crTv6}N;s9(Mzqi>O*{QbnMc*k_u7RiBZZjWEFWaN}#$ z91+AKk&2{OQ+B>>&oXf|jb(ab5}Wb3h8NZh;l4kqLc*Q|-Q@C}%2P((c!r@?sJmDk zVB&)|`=_!=(`#_}7R#+~7C=W-6vD+d=6(S$QJmd$f$1*l12MYMl z;6q2rshh5by|-y4)H7{^6DcORT;tiLu?<3Z}#=+$3}fC|s*b#3VfI(2GUAIfgW{F3pl)6`UYN%GEYH(BEo! zSu!(QpE&Jt=3~i`$L0D_r|jpW|wif?UCZ6UU#wM zer8T26|&Nf;-lq)z`KZ>bisMy@ecvOG-;9NyqRut6tKVn6D!4eHuj7^+(bwS&@NTG z^b=ONQ-r%{(pMlky4Z{zLMClk-_0UaEy0#8&r#pYT$W_~MO&J{I3X5T5G$9M15r0B zeMzKD#z7aS`Q!TyVUNdK>1%m}64GgR`GSDrHtk?>5xw(CLSxKV z?{YHN@fc)5Yf8TYvaMS#-}rfcH_aZORqLKeC4`!J)PY^J6_DNS3o6U0UcM4m0 zD7kM$QlE&(Q}s-4vW8}h}-@nV`JTW48 zB1xiIeKVy@j=5a18jz4;KX_F}2VrSVVo4}9u%P9XD#SI^w#G$yYyUlN3YiO&2b}>gmt?Wu%UvA(koW~UdlDf)L20UYTOHuwp1eNyo5i2v zB+v#fj&LKDuN%Xj``AD+YQtcgr}#g(wi3%n)7F;JNl3?%NHP?W@B9lG(q^*L$qn;6 zR)X~4V5f*a{XgWrWmFtp+cg+N10g`;L4r0OAVBcYSn$Rjg1fsXK;us1+PD+kA-KD{ zLvVNdI`{p|GvEJN-@LQd)UTo!RdwoEUDw|G?6a!`%cpyM2FxZ-P&aB7 zJ(;Fl$APS;FePqIztus6`#qidNBn8p9fQ{o-OV0p@V=kcdOk|fd)xJ>O=d(B5uH!P zqI`0+%rwjMu>IQ~lss4)j}|W6$_|?K_x!P$OC*mZ6lTjIaoT*N5`$u%Pb9TjUd6W$ zb6`7%B;UqdHlViU%2ANhww!y8VwhwYwPwr4MB(HQ8Vve9ZL_98oy?GoH&n2ehGM)o z5)120=nlhO?$48$5_Xq}=U!AA$$w#fS_3|PzYv}bb>v%LfLg5ruVD#YvXNf}^1)lH_Q-+(6llBF>98!&48po zjx;tU_3YKW)!;GWoVkJxKKqM(KZ~eHYrR*J8=@7GAX^+2sWf+#7qjmTW`4c0(W%Q) z^g;@*h4Q}&1fwFWiy3dwyfFW9KsG(gib3)!6-`z)FiJ_g->~~F++D)rivyoQg)91x z02r6+rErFM{ZMuHaUl4t-j>Ly&Cu*cam?B&=^Q;NcFn3cXZ3L9$+8W}-|OBh9FM}i z!aMjpceKnS4#X>%bw%2Q2t1E&4bo}rKkf&4eNEJ!oyKgm_Oa+VXn{3SuiTj*lKl0y z_$~;FP;t749x}m)H=~=;x8`d;ZpyWaR497JmvG*0@o&Pu&DPuTdUTb}9s3YQT^e#G zsyt2$S}uGB4IUm{_MbKUdJp4O@S4CE^3l(BmvEs{q zGA|)D5+Vh`zt!|3Cn^}6Fr($z5}TC20>5SKyOZl9nfJY^vdYmn`V^Rx9Tb2tfHE=6 zVvsWlzS{1;*L@TQ#+>J>ar3G@Bx0gEwyLbzm%<&j;N-zSOv(=?aX;4QZAC*;1pm}Q z(O8FXSdZsBznoR`l3D4dUiT2?k*Cg`OqL2z2qcf}UG3V$(TN&=A#E&)k6nGaLll4D zFv^#&{D{gM(D%Xwkid)$+pW0=;7dLW(svmD*rW8nz`P3f6&FGNZv@ z*?g{U%@ck2wuIvC^OHdI_j?H`8-C=c276Ha>9?lExtqW6v+mHLO3k%UQ8=%wPw;xk z+)Y#0_{Z@ZI!d z`RnWn?;`uX(g2f^?V()&YMjfA(8DvY}K*%>2FX^xAY7n7?6Idx-lI5f1T+jLfrl4l!7` zOE!BRAz|DYm#CkV2?^Nwn6SLFxX%zs3#$LXGh`fg)J5hp;I4zwM037GMr%-4u(DT< zBt!V~ty0dw*-mX%TkMRNF21!}_BR#ZQ`xX+k7F#Zhl%SxdhJyk_4*Zm6K>HiZekhl zEdg+5f7X$G#}~pA=}*sPhWMBK_R15O5~@E$dvbCvmt@%H^K??Gzoup6XPNV)ssqCY zT8IO=nFf6zAB_&BN3tsHv=a?H$rgGA(!+hWzmyXAPi2|D>mDC0c)!g3bGvF-RqoI% zvTwj^{RNVA6CRXbzC?0nt_~_ zc-*$1uaNidR|k%lAfJ%TO#!yKz~&LYydk42g&0`0x&xs^;LfpQHt5=L@kdEzW{y+Kq%Zt-l7wU?ds*c=GMgf&ih%zDf=c>Ft?XZjzf&!m zdT(v zKAbl?P(ZUBeh58UZtqIpF;`%qEr^pBae5?n`**X04i{cNqiWyDnr!e_0#?yiQN+dR92G3y^8LqYq;> z7bkWA)qmR33=r^SO0n{b#so213C?#$n~f_O42@9I*DRLamO0FgdDfT)@`Re8GT#+U zBJe5hd&9BJQ79L?gkNzm`12c}HG^_kJZ)!2|LccDE3dHTRBUOA4aOQ zDsD?wmMQ3MGW(wIl@b{r&!RD8jd*N5T$$si`Hb;GS@#)S!%J_tXx%w3M^0CpX83A| zn9bJs!`+2}v>!(cA&dzc((+>GeD+N={EyLw{N~&{9R(-F+J0x|94&V4G?wnI%5R;0 z0x=~T5{3W1mad=tBos>iv4|YN__9B{vlc|Q&df-+erVJ~yv#oy#{0LQ-YBej3=`E7 zeEHb;uGPd$4jw$w?Vh`|;kahp4I371L7v+WQRHRi=|SZ(Y^K`iqA+Z#2r#N7D8ci( zA>b1Akzsvz<*hxZg+K(})nZwH$Q%TRvGt>5kl);~lpmIiZQfX6R^Yap_IjUndI{=M z;}ZAoRo^>=*87=ea_FlS)qytZL2IPPEb1VpLBd*faSBlVX)$Ai;8VWjQFT4x4Namo za1QWI1ol)!0ZqwOM7{mL;0^Y4Im`i$;(xwu3@B|o**&gfTOSs&DM2j6x{2TB z-C@fz^C8I?;p^3R(R{1XdT`jp$Uxf5EjFH9%~1TN_Hp{$!a=!nRqNs5vG4=az{hIp zkkmTM-M3={IgTq)I#VjS;kOVu5uk(RILmQ?%wmoh5E24CU{3sD&T({z?TF(P1xLO+ z!f6-!DMf(<#0egSwmkmOJ01AgV9$~7#enDCC}3s~N@5sXy&ssqIh6gk-d(V=i9fkf z1+e0 zlEbo9n>k5XdCy4gId|?ADEQ*hAB&XTsf>;}Q1*5hO}+E^SBz6A0&_eGVPvJ_w^&CR zU1335_{yUr)A{v89uvbVvXF17P&zK?31z!{GG z>+VI#13=)W#pmiLyd$ALYl-T}SoFM)zwIz3>ZT;INdECYV+c3^u<+~z@O17@QwU1B zOy?iB6sd%(J5hrQnyr*K&cE%R*0lSu)QnK^pIw-(rdA)uFSXZO8Tw(BNG+Isxlq-T zZ<CUci8+(Z4!>$0G~oMOI&%>A82O0!K=xX0c>R z8f9Z?4Pxx78wL)eWcP+sIZ|X+_DMy=Ch02TB5|O5M5vdWx39ylEi@kdu>iAZGs(Bj zBWGV^4~g>jut?&PKk%~iSzA3H*2OyzEQoNLAjI5zQOdo*bmQ<*^X`$sI;y=gyVAWP zlBlf5N$VV_c<aR4`K6Y23Z%@LBJqRU{4mKN0%KoKo6}{<0^MY4dq!p|UlotY zMT7ot3#T!Si!fBSHPU(Ozp7U{!C4Ztu;T3VbQ<>r{-a2W$B0&XB(_eut74HXRYn^x zI9zBR2(sDlgs%}p;FF+lqK??q;IUaWe{z_XJ3h8_BC~n+-iwwhtJ65YDz=huM{CXP zI4^D1K`(1tu$-mQc1suArDOZU%IFp0A@6+JEqYqm)~(B2zyAwpPCy_?dktgode@Qs zIgG4$Kf)-+qKb#xvV!QvetP#?6t~K2XY6OnLh5>^Upp(5N{Qab=Ov@u*w%zlx*xwS zT(FjIZpV*wMyTg1n|!dAZ-!TN@$%2@s7?N~o^^LO!H1+;-Wn=Ge)+W3WCT+ur6JE= zMCKmFf5PEa+c7S5sh0oR(8Zzu*Jf_}zut1cxc+M>XYqfV)BUZ<|6d+A3JL!P^^N%I z4;P1wl}@ZlWio{xl^c{yV2Hf z4QVlT)Ad&D0#Vw_{pdPJqU(zMO36mO>4q6|Lh)(;FE2_Qcs)bg?pPcc3^&E{*zE_- zzMsF`5Nox<=SkI79uXrg?6wy>dkySRI774MdyCm`^aI)OC-T`ZrCu5wI*ZzUiru_YuZ0V;c$Ig8i+@Et9Kmn6C2MH-dejYZpWQ>~C0W=eTffK2a3>P< z?3>%gwwwP-3VJ1)EE7mg*C`N;i{C^NF;!3AI$}H|hJ@K4qi;ChlGX;-JD24p25J&K!Pr5$KCo~xn=#exmCfsDDmF=a#V`RZ z`#1QHeN2)N<&3|%J%#8W%Du$jzDnED481+plFPL}o3)~fVPMIAb$|5v&b|Nl@Y4<# zQuU|2ze1C+;|cV2)ZUFi`q06%{j>@Arj3M)-`cGI$n(_5%{D@N*smc_mroi{bN z>m~cddRrUiMm<;%6HR8U@BNQBh*R-!uVqP+(;2bwT|6VYXpHWNoV&W`VEbSL>w5%9U& zVgmTBL+0Dr+;H#1L(Q}Oh51bdrH7Mqb*BY>l_2eLNJLCZf|s~dLVlw<+T*BP}M+La!J^t!UXgi(HD*Xlr^pKf5$_@Rl- zR<#a(ck=QNWwQsi;Q=S^>UjZAft!27m1TB6W@SS=-4S=BpF#PbxtYXI`uCd)FllY~ zFHCYRui+b59oNNIX&>(`vQ^ritc%g(gBH@o<&b9JtL&=Al09m^$>@>`vZ+z#Eq$ll zVxucwy0&6BF}X4aPj)oK@^lH?KmS1tGf#EPR>b2oS5f4E6idWCyF2%M;#xx1v)6;V zwE8@30f{o+V4-0hV4{#rWNL>cyuou8GG+!UC_?@wV3FJ@J7z#vs{C!`4&7LCtzz{h z91Dw4^w)eCp=?v~Ws>8?)KP#-B)1(I#-lHJxVzuWmcGn5#4AGW;bGD4cRy~UOEy=L z-i-GuKd&Ut9V>{`8}V$UTU82`aN!QdpgmdHQXH}msD!&m7D`VJUnU0zrU9p zPb5*7(UaBd*y1YtR%Ta6+%^~%N{W1EWLVokk#E@dq@9vwHG!w<3tg3vCcMxUuy!K^zD()wrlH2`< z_EUOz{z=yJ-BrzZ#`x9q&KQ(qkRiqE7}I-Xd6HN6p=YHt?tQM*=dg246aH5UL9dys zvbQLpbMa)Zk3*4p^2FJG*~cQxC*`s`6WhK_Djk+91FI;m1+7=-dzjTW`19NH$-|7dOg^_2iD~o?I@_Q*@BH3 z2hqKX!bbemlR_Tym7wtR9b#8XObOlEe!IiVTjm!VByz>xH1yKoC9%-dE0wh<{$pkw zQ6Pqm`=oDmOL#1%`g}U=!GYO|R8OxYIW+UL;cJ4!;Uvif^C;)>#7zAQevK};og`KNwE8M&i53|t3B+{!5lwOB@hsaw1?KeVwcyvNhp zuaQy5f=>c7H1RGvpEILwI22Km({s=z`qMoPT~cOM=g}uh#N*RNv_kI`OPG%@syv3`MrsZ&8$V}K%k$CNRO5}Y_v8Fi#i4dn- zV74LKnkfV`u79zk5U`cMbkQ}P0R%;<&|%1>!POo;y}v$-yp~Oi2vD#VMuD1y6q}Q*JXiow=0dH8$!X^_*T}3iIrE?mXcMU4S z8RLb4ISop<^K%HPnr=RXo|__W)uQj6ZK!DB5y$!!5NY3iKf&LYel~#I!70Z&*Km^x zQ$jAOK#;ERs$AI*^x8XyGi~71^&9za>{|A>xy#H9z~mlbW1or40;mEx-7I%kbK;qq z7#5jE#k7ud`@d^D=-_&hDZ^mr^MVl0)8~S6k%Qq|n%4qf z*sr#qFkh!heN!GY}0_m$>l`%td#6#J4#^~SwxA^aI_^Py|~hnWxdrD-gU@cD7W z&_iQYnwuK8>|*azBb5sMcr0N|C2EfPco^blY|3SEa2)QWfDUi*VgMb|Sitk;nX&WB zoDja~;5OA%#-g#^GUF@i6V4S6O*{+BX3i{Ss&M%%2?NimFh*9q1)lpv&?+yM+jzG| z3U|YvIp2<>D8)v7Q9*@6%T2MJk2z@pVt_^=sra&{=kw;6F&@UU0N7Un6} zaJ0hC(SPix3-O5N6gM6c(DpjNS?fwaN`Jhnx+FR-otKtD17nNEDu#9`rIVn`qjv3! z5f_{d(m|tT%&f3+r__0SLjz^-3NkBDtl8^tj>YmW8PwFMrB`DO7o6kzD4Z06t_!bg zN%@1)B9siQaOylBpaPfky<{=c znR{~UR42(`CGM4bo%j{xvaY*yo-cT5TRE1MEag%pA@jxoIo*#yXi|Esx8133^XrR4 zjI=t1R?qhmtKg`=ZDhS1J@xcypsQq?%HYziriQQ3nZJO`&>fY^OP7ciib2v{f5h23 zOVg|gN&AiskjRoCw0<5n@5)%3IvYO35NN*1v}@7wa`i3-i3cmhoT3^|I5=tdw?3`5 z8RJFll`!EwGwtMhM>N4QP2DE*qr+_-rUu5}uH5DUBvJ}0&K6@p1+)YP)M9uF%`N%v z!j~2blT!;zcWux2rk|{>jQE~T*VmnEWxPC}3ur+-KxkO9)ljRK*Xay=v6k|F+qM1@ zpt~^$>1b=Jd0Cuu>Cg8L z)G-IcUT^mkE4}$8Fsw7}p_*pX0U{6h+t=I6G!$2Ouuu)LD~&0b%RGqa6@c}_Y1Ko) zh_|+=TYG)YiwCCi$D=IM;>%QSe!E&#at)5sPgir1_Ek3MAp1{Z^`DnXiaLc zycr})cMU7V(RjArPN*G+d!Jl*=Us1fYQ*k$a~N4>dYO`$U+v^M3M}P<=02xh`T-A8 zy4h+%%9kf|(O~K6({gA??RedDA#=MZr8OE^A*~W;-~4lU;h_-* zx^<6DI9YPBzv=i-!*JCh0o_l5b{7wz%4)*$8@M%sJ?~snZvteWmf_wy1uPu6N^V2-KAAo2WjsfZYj}?+DR`%ewT|^m zcO4y<=^7UAfQDAt>H1n{fAbDHHg7KPI*<7jss%7VV%MH&Sx#^=Rc5 z;h~?16!5Xt{<#A~lomQwM5FZXp3P-uW03in@u|v?xh!l#O*U{%u&uS;TR?LxKQv6E z4Y`JC%K0eOn+`GG_K^=y-*hTZ%r_epl(aI@gEwT_F?UvV_l?>nD`p$epCD+Y=RkdF z!aT209d}v;*Lp)aKtD^!S@%bkNK>g_CU& z_6JdIRc7t#jje4CS&!liPH)eP-GEx=1|N0jDvj29mp1YN6EsN0_E3Z@v;Xl-aZi4p zz=Oil+4))JQwY~oKxFhi*laV;TV_Rv_wkrh4m{Q4youyV4TMUaEqgozZ+yn*e3`d) ze)vSZRN8H_e_r!`j5Jew_BcJcKFnJud2HqGqUva$RaF*fy*X<;DQUjOi-$X^TV_As zt?k}6Uu6m2Ey&{tJRG(iZVxCN@~G~I1bBO2klnOTu9pMTEsjcCa8@E4zHJo+Jq9?2 zhNas-9M)^9g~@m;piN=jGDd~C!8n>(nznoLF!r*S?+kxkoR5&Ec};t|7d@#@Opvnq zj-9Y~AMMMOV-K9LRMS!9k*4UhydTh=;@sBuaDBd7(2_YEaYTUTRC?`@dbqa_2wvY7 zZu4kP!*zSaf9@nxd1h%_ZMmPzoBp&UyWV$*F?&6I47R-?)Yo`>`hvZ%HBX~7K| zQVv)Y`!K&`&9C}UB5sq*OYcC+@@m9kJOxC+)+-e{oPAXy&#pnbW}e_-NKxa`IZAek zCrdb{3(z;pU9Q^I_O$0m!^=C?$@Z@fgKrN@s%6bRJfN5f6?HC4+Z z9uZ9v9}Ysy*P(N zavq4hyBOtFuTY#Dv+O!sS@KWN%UOItKRdZ2@a2mSA1tDiyM_T0cRXj2d3=GU#vx!J z;76DsOp|CYjI#D1hVA8d#P2bS3^iq7ZQk2;)5_fhHu3HgcpPvo@R&JQd^Z%sOgiaq zYAx{KWz666@5LWzRlJ*@+j@qsJqtI8nVyV2WqL`|kGk`4U(~$d=o`{QLe1e$J)h>e zZuu^-0xWI0J$O=UG{4`RW-fY-9>Fl9A=e2_{}yJJB$*ys0wn(TFTlTxP6v_xM^6Iwv%#e#>8X6 zj*0f<%w}{zcl%2T9)$AIL$!qu+H2b0mUI45kbjia(bME#@f^*6~}5oq@yrE4PiCB z9!>Nx8k>h*q2$t|GgE-d^4b%jBW*Hs9m^~#m8wQ4QKgkkL%n~dsCHpGs+*v@Be6(k z-W$snY075!GhSQ`lHf=f`DNwCbe=9O_SN%NtF7_l=!5lDKqmP|i<2 zsBifckh%s0R68!2u%2if)$mi*9lnm1wrH76;{ta_--&fpjhaWk+;fPGlfCb0`v)uJG|=vX*{{yg zm5G{Kn@gBA*MNPFrhjC7L@bD)3jT<8WZotJa6@J672>UI^k`#~n@R9f> z=%2eSRWd`c4lj|xGMbG_!1f%SPI^Ju@2kE;A(UDZk;y~pd(GRhU+CQRL~kK~8-~q5 z7PV^y#G1h8-$g!@y@(zIcO(7aFAD>Izc&~@D^!O%1_}$;?RH!|1s{LN11nbM{inGj zKqx7yog?k%blmnzJRLh$_{|twbD09G`S)^faSvrksWqClkF0HYPs)eLlz~5|!Gvlb z4i^qM)pROE{K_%5_Rbck-W~BnOVRfuh9~~%z!3)`usZjzes+CnS22wruZ?C;KA$f= zUGi_mq06webNF_0ZlPloe91(#=1YRPn{v*^9vrb^02={;`?(3_=VLM;9n6(0uFqtBzlMX_je-% zRD@N3-@lyR4>cBwf9m$d3r>>%7pIPZl7C7CFMy@3P1wIXLXQ6Umu38M`#*bP^9bmN z?-zGDEjFTK%`-bA+v2rayAA?7BS2{s!w z3gi*JDg}GFU5u$%FFoEx#l62gPH#o?F0ATaD&u!uetf*U-Cf#?KT0pbyMlrDplB$* zm>FO*!hsVH8D$ig16A0E!LKERx<45=tEXg^&;s4n>1R06;x5l`Lua zU*}gCRZdLHt1O}uB^gZygMkY>-9P|~k`~fc37Br-X@4R@k4T9gs*Z_9m+{0l$-aLt z2khw$2T0%?U{3YAfp{C)YVq<`e;GnD^9F=yp`fBc%OdsF$zXltPv;~p6T}cy!@821 zg#Z_00}Yv+jF$(tTSpn9GD^t-@5Q=GOzvw+htC`!cKQb=7BY?mM|B1qfLM*mY#?+9 zlz;FrqNDsgMGm5a?yLk)#jqGLYHOb(LMjT81}_60?5Uv?#yzN8V5pj*mqu9p_fF<& zP`&-ORLj&9D2jyOWM*LO9R%wKNDv120jj4xP=PrZ88kK917dP)@*SWsh&+fb$DUucXMZx|v51OWQ^*F|6-(1Fn8c5NJq zYSwZ5+tbpRr}+L!MI!n6BEtqDI;hctdrfaD&f$k#zXM zJX(m#bXJo<@k-6~JkeDnbFP>BB0f=6*bIT+KwFmpn+}q*1W`9KU4;)w>{|E5G2-Cr zUhmK=z0zxWle)$LClHTqZ8GuQ8;2I51{?V~MOsJDiPs1%^sX@0mO`qzG9#Rd1H3i- z)-t6`0c$ZbZ9YW`V#*QCNOC=2cpg$*aGqo6MZ=^P1g;gw=B{8At9hSQjYr7Fnn{L! ztIe=52)E5bAriMKu>5H0wC7S%O6g{p&O60_Z`aGwOU8XGsl(bHK&4-hn__}+62&V zuM*_oWO2n;4+f63D%F%r{Z^51K;x9;WINyf3iCrz(35zaL(OawXTTc89~ZKn;&5da za!9yTa;%Jz{y96J#qrdOKjU5FOzq7{5sOMSY^0)G4Z6MiY=P!wNoWp~Ztf-W4>q|L z>Z0K|AUSOpCL)>VY9+B*d|652agi_`HhW3t?UZZjerqgnF(p_{p~3mW>2+$;1ZX}| zC4Prol?DRud#PTwzVo}kG(W2t(oQKP7$4_=MyD;jH9#=Gt=zZ$LG+avB1$pyPGd6m zB8k$*g`3T`6(wen%mp)@*4*48l9X()LuFJw{t9TXGi7OP+C@8?R|BX;)}Wn<7s8=X zM=BPt3xzzHdG4fEetNW3Q5U0I`SwSKkT=ablC_~G$lq6dYj{RUB2{NbK6o1ZplhZn zY{{*}7)XuTxjt2V%CSuR(m=@5vEIht)*QWy)JrUfG5lLt{?kcpBLBQL_H>qxf?bAc zn)A0M`%6if!9f0T|H*KTj(sZ~ zU+7}Y*%|6}tFXp#2U1ZWlz=pO5eCBKR8e-uJNsop$(p7BEGHx|0YK6#AXV?>er=E5~==$?N*zJXh_vPQEM%VcwFo5 z^Kr7`%_|-nx0n3F0F1GEq4WX+u<-vM#9OC^nG%*FQAkkJucj&+By$l$!F4sckfFG@j62?Icz6R|__rHpxn`i$3 z#HER;TnrW6z|nGVX_0k49LB_v3PjK=$Y?^+x&@&dLYP>P>kk3V$b4 zw$Q`g?f7WR!1gcD-!V9X>#@#pG7>An)#Ud#emQGO}E}jRt+~RErXg6?HKW?#TIeAI*AWjrvgwE z@xBO!jUfjtRg!lgn>bmJ*uSt=FA{SiTdkVA9*p|Qgkz(*X|Z-CMm=y!Vn9|UhM(q; zqClIMg*%Ep%N)Z|7vQ5X79Ow8pl^>ZFB;ERXypeIM_1S&@BeW59xqC*k~?J*c@$v1 zTt?lBLB+}*GHxUa*k*~n8NAS?=_{f=uRDt>ALw85AeCUvOQXCP)~cNWi(Y=I#y^CH zQgI9S{Ykw0gYkAL9>l__=BJlkOHwTsBfgH{Zo*N!tQKdkCIM6Bc%X#nd2CV@fs5^9 z^XLK1VjXk&;{rJ;J$qjd-rTh2QJ_~a*ER#yHWedxfC<{L5G;$JQP20@piIF!qgYyi zJAg4ouj;-i;Q%$aS8=-2?ZOB($DsVHWkFzY)h9n%)UE<)YdRFk-{r*?mh2)h1GZQt zV112Qp!u_O#x2M(6Lh-lC2Rgs0Y`#<3SzAC6I9OKr3zX1pfLmk3*YPQm!q^@*-%2tK7%~S+jK_rm6K`HYupFIgbKCiWnoa%sE2$vy zD{3}_L`;eX6h4{eTU!Zg9yb8vIw`ihJTSKl$ZJVnn-luY_V7UvMoFAO4a61B9z2BxUb?f6Ul0b9e(Tnz1Xl7Qnxm=; zA;G=&4EU@Up~Av+(_PaIy$jtqR$E9A28BeP&7#zJp>11jm_u1hmL?26A>_)&aNg%V zrk!El?7%>;OS8@Du@a}9Wo#O*1H2SB4hSX?tn7&*erHKZy76BY3VMur;7Rplx;K(U zx#pInn>x-BV4#u7t|t&8`5R7$oSaIbN((UQz+751w$gu-V1vf^p?)Q?-<0|*D)vMg zALD7Enz^i~Ip0mY`3DBvAFVuI7!H^NC)5MWF>*3QsA^+q+-)^~xzRU3Jm{*KEqp+j zkHhm8JPm?Yk}yh*UK5D?ra}@I@T*8tzvQ=e&Bd>$GO~YB}>fzL3O^MqcIw_ z>mlg}Sk(!vqboziPAxsZpkUTWZzd)Ny(5>W*~@k>H)GpVLsA-u z$|nd9rUL^jhzh;p*?dC?Hw_?q%N7_4aGpx>AWmI&s(8Y62s7jOxLcusAPq( zhRDGhJ)7qjcdEf8EU|C9&L&<51+Jg&-w9TiU;Ik^BmIh*!ZwCvW+Stw@^U?#>@Z{%|cLr5+=hi;X2tyqhbeTw^30j^i!QA2XO4ul-(z z!W4r}mm*U@L1~vuJDW6G(Ldj8>0C5UDvXU8ccg-F=rH$Ya*@Rfur`tzkmP^`Z0_#9 zHYp%AQ&M+6oibn4RQ1b9?HXHarA#m=KrK;S08*s;!;+b*xoJKh*T{r5Zc{^==FP3U z19vGrcF$h0;l&_~zY{CYDs^xb9gxaFrAjS;f@sZ(uHc>PZKral-CB#YbTa^*NIWKD zGj}qIG28NRO+ntueLza^$Ns29b5rJr0%PJ(b*2?2O9!gku}Hu8cuW;R-;`po&z?dO zU%01Fyb8Wz_sCEQ@tmuYZd&h8Ju+h%3^f^yR{aTFQT_1z;lFW$#g^3!^q{r7u!zVV z{~{s9Kk8~HE<0do5`YUKFcuc&tmqMmpph_&CE>FW_^L%A*6Gzsi&3<3cgOXCd8Pv$ z$Lh^gr(1@;arD!Pxlm?j0FsgHtrdIz_q#8+rOwhY@Rjsw_xm5xb<3~uG-;+SFTaDx z>=)a{NM}&kfl%8|o*z)Q7CuE_0s5_6A0Ix?f3S_jKxmitr9~u@U9*+4StVen2R{yC0Z&z#a_nv(^EnF@_B)>2F}C z%#Z?5f4`iQf+>87|IyGgd!7tJxR7zpn^)?3&YkoqAGXNia;dI8Ga`)@CDN5ysIk=j5VkUvp_{PBvfinXU3Re z5E2%g%2FtQbd|>GmwPwnq*W|w^q8f@4}wkl8jk`ds6N^KhT}lU|J(tX*9rha-v9yo zQOTv?29Kfkb_~?QD`Y~s)yi+rX8Z7*?&&AT_P6n86NiScu*o7LJ&Atk*Gr3Afd9Ym zc_p#2vS71gSAZkYoaTjPy=&Rj7K`U#;C%bjc|zfRi-1uLMIjnvpeSW-YxalOAideEe*teTvVo#0Rz(!U)}KbuT3r*Sw%x-9<>KOhOx!6A6 zYvQiVG@a*7dzuN8PepIE56f8NLXivUbk(*qVWL~B@o6(Uhz36d5k+1J+nY%iG`FET z`TCn7ObNrnI8*oeKO4_{O-9Qb^M~E$YRw=HG9rqcQd8LZL+gH@Z*FSiI57GyT0!V$?8#->(#>PQ-O4wNdTPykIX1ml{Y)k_Bv-z#gH2C4bv zdn;c-TiPhO%O+|bwU0yXz{scw-@SWbEkvUYa+2x@ZH)|EgDnl338+*AF5FBamS$dsM43y^rcXR2LJV*1*`XggEPXKnYhr_&Oht` z%y_y6Bclj)5uO0VSe%;RO{KY%loRagV|u_6Sj0`3oe|H?-b!auZnyrCD*lIwyU2uu zNa6J1O6>RqQDIa?#v6J1LS3V`P#=q`3gTR};oJ)4h)-fxX9swm*%#!{nMR zF6szzg7?_(q6K~+B?i+w|6v|qR^D>DbkQxg%0?XTPL_P4R<6r*#*`l7cOnwaeDgsN z!2iXtsu-!GlI^j$x8=k1!BGmMQx0{ZC->TqT&&fIl*HX2cBnXfTwFm|q637~3|24C z1C8hWv8Aa`Znjj{!)kSvZ;STEOF7^YfF|3cPQd$SR|RJ4sY-?BCLb4lHZp9Li+&mC z!Z!$3tm~(RhG8tZr68Ud6-RrzM5T_;jc`Ea*5UHn=O-{*d4i&_L* z_j3T{M(|NpTmtq$s?m{zL+& z7(v*J0~G6ZlYmZ_h65y<b~z-#DA*!Z-#FAnVhH zpWcH9T|$a|$e4^puk52F5~7CvG`^AQC_2wyIh7eD#dy&bKBg?0D>m>sFYqfCUSK_T z$^5Vx51A;?Jgp>m^AHLPN{UHEu-wN5B3Nb)e0t=c&2}n~t{!)JJY}3?Uw?C4qiVQYmr)?e7X2 zFY&ccSh}4PD_1u(uT;=%B2c=-G!PPyHHxxW`k8)sI=&S9VGg2*lLCZ1|CmE zhE&kQ=RbEncmNK$*_>{{k*IC_R9^f^3r3mhib|^bxJ5Pg5O$DU=B<> zjd3vVW90k%swWYyUN{crt}uNdl(_p4B#y46&!lKNf<2(aQkt4AkFQU*>sZzMou~|q znC@L`9;yKRrvcc7(xa=6%}#YGN%5%unMig1D)ZfoZwv9U8+mT$NY@{6dg*el;fQ1mcJC7WE>wvY^ev#g|Kr$I)KFRNHViU^6MXBLhpGjq305TNiw;7n(vvStim(L8> z$9M2btiK#rrnALeD4HKEYJS^iS$yP6*{VkP`(}lYoiewp(CoS~ZsQ8aC$9DU^iQW& z-a#zRa;}zS`f?Vd;LBqthViZLr7y=g&{{sVLb{%($%0tx$;#6-VgFM1@9MMcqIA%x zzw;iQ-*3YjgNqUxC5fv5@ydBY*Izpp2_yNl7ezp&_OX}MOc5KH@W5YBps$64aG z7xht`VJ&e1xrJ%~^w8Lqpo(VgP&**h4nD+YVlhhxu#|IpBJV!Hslk>$i>Wzko+Jip zS#1(2vmW@Day5yyUry)ucYdG6HaPd{ZX~OJGn_pdhl84RVe12WSx3S!l7+C3sgtT8 z2m|wWij62V!dc^Y-A4h`8y0>gN8mu*yEz@=EnKu3yXM5 zTBs8?`q}0e_~iWe`0era|NO~p@PAfx&Eg`>eEH|OFVO!($s}O>PoMmP$L<$LD(So{ zZgtE8_4iY|G3hlVOuvun+&rA@DpcXLin~Gm7cMS$563?S*<8WG+RWNoX{jl2wpra} z;5;Vg{Lz^~eHaL2`hw=J0uQx5VDn-2jU8`+<4mR-yK}s1YMsK;T8>4t-lNoV98x@P=xpOvZ$bw4Wbvtc*Tg3-b^O6uhL%$~FIS7)dL zADcEiapI+Hs;}hP()Lh4AuAXwi0-(#cIA}p%P4m`FI<`}ycLIxzdM_PdSVUEkKn>( zT9+IJ4fYAd^EQ)K@m7c^r49bh_n_jdDiqMWr5~4-c3DFpXR@ANwS81DKh2RBRG%;bpG0qjywu7J@SBB$*}7S{V=pVI1z) zOxS2J3A~$Rar?>cN4`6~*a^ez+bW-n-SLkEsAxK?O|@Q)-~w`B-xl>}>ki*D=S$N) zCN9G3LaAK`!phTyzu&m3*ObL^=@I8DqP@;yy1l6u*mUn@}(#~9zvy%$A@~a~ObuMh~W9FLc)yd3FsySp~Ha@klO=kG+JE~(B z1C>>QCdWH=!$b7ifn}-&O3O;@zqxnK{9H618_W!)Ii{idt|nEgwvy>gjPPjLZ2bl2 zX&(N!7KlUtw|Qnvobo&h}wRa3YWK^5hiuagJW^E8$|=~GRW}3*5XIY zS?lL6vyCMb^ob`GnX1UE0^%kt*p69MEB%0^vvQjq+gtnxvmc2syTj2K8nE%@<@TF% zZ_E?!JqFRSWq5;P$ZF-m{gJv#jioq*_Y5n`_eRh6Q z^S_(z(79{v{C+p6;YU#U3nV+{H9GbY90 zS7-J!ZXEnN+*6VJrX`(lHuRH&SuIMO#KMEUB6X!;Y0t_0pifbK51ctT9i48vj1e5d zPMs@=1}04mN>YdHLqqs#HDD;A0ySd7PRwxOBplIlD`AcW0GyPxmlEM<^y{&LtOWoJ z$*y|4%0->~RdEjr72C&O92$~S)xJB!Hfk#L%ri8eDxfIka_&gWs;bXOGr`O~>k+j& zW;#bfowMy9miTkEEOYOcb`S@(JaHMthJ8lv65Dw?3sGURI1Gs2eT9mm%{d^qPr6@& zo6*}i8p_wl;zpR~-;SDhj5g62U2A8elN}S&5*oD-eN3CUTZfE@ z9wzg_qXUi%qU0mtIUn=utyIL z*a|aT3QVr7Q9m)7BK}F9H5s|tqFkbMgw~ugQ<2z!a8He2rrwXDw^h{x3Ze2B5mqR_ zRNyL!r%`uE2_0}lapUZ)FH8Q?f0ri-l!5~{j6myCYkBGo3230(EDGF+t&8BtXqn`_8)2Y6ws@Es8w;{tRr-V~D?!*pe zK$^p8`)#loU08^=>!~P?y7`M(x<6}X149zSqyb&giIPPS<=yGp3erq{7tTj=%wc5MhR?Ja-J1&fXJRIDM!Uatkyb!58^DTr&K zbBpua#yUkAXD7#G>EPoZ!HEKMPB7+x`h5`4mqV&%%s%Uz@IsKAD-zOZ=VwgfCR#LK z;Fu~%g1UJ@I^Z}=ivP8FWbQ%QI{<8uw>wudPRc(Ig2uuki$svBa%vo^F-kZ+Pi-j0 z$(V)|e~Ph}o=^_zHAjMH7m54BRYBJT(f6GnO;Zr;eKY{-?N_Vfe0iJ*v8j-0$l&E< zlfI~ua8e0q!@q8U6FA^DZ-pTqKq*(yX9;4Nc7wYEsNGhK=n$3cP3sh`3>M1t z($pWOXPZ2E&fHk`B$002#%4Ej^ME~X>Qb=uwG&+me@$vxG*AGxCrV@wKFokc$JM%{ zIh^jv<^=q*YyKpuasCFb%v`AGTXa|4qDZFyGzT3ZV_;rD)*Q0&uuhGI5kY z3A^(60E+D7KC~h4pBR;hPnbz+k%!~B#5J=RZksLF^mUS9$8s5whX_-59bamh{Q1Kt z(4=Ys8lMg1s4}d?y2ykScSQv(F1upIMhE2c@%CSp${5$T`aDQqToq%(5(DXM4GC_A zGW`qp@KVmH4P<5aaRsmL=6|=)Gvl99G0?qo;&n20r(Sg!5V2r&CsX%`l9i0-9~gjw zloR!`s+ymr#F}}3ieODh*XYhmN|Vrrdij1O~{61I)3*Xj~VkJ z7}bQD_8WZmcmej738$o{bbniR9Ac1&|_M#wL0`QbAGNWt%?}O`Hp!|%oIzJvtrH9x)KW>%`;ZZs<}Jjb(JjX zhZRx0Kbak`?*He@s!gTcp9-|&v6;ceX{Z)$(UIs!X;Y>se#hsb_LJ8U*%LCN9_XaN zyrIy6Ah1;*QGeCM07HM1mrEE}6QeM@B*^k`15Y6O$mx98q`FSerVygmq2p^PuZ^NS z9i6=99IZkDIlrzcKD!)RXzcCIP_lgZt4x@6Du_7A`~eVO?>IN%!8)WnKiPS7O5?;H zQZ8GX-IikjHYp|keMbFn-c=#@qqtLuU|8bz6H$X`HR4gO6~{l#Gw+@_ssWm9YqZ$p zRL6W*1$63Vwbm)5=wChWccBG{Z%V~y+we9J*ZmOGy`xChH>r+VawMwR%a1M@7$Cto zsro!?_Ct`kQN~Nfa>dKoohm>)-f0RafkY#$D55P6|AQ{_I#p21?OgfUyg}O%LYQr= ziK~0h{oB6iHA>|+m@skB1^tzd{RAHU0?uX>5-E@R^y~Al;BVU*5S$FiW`}EfPmc_F zVkkk%|#%YC7 zlC&pwxQRn`Bc;rTDXN1Mtgmtl5iwmSzx#Neq2SeI$>!cMh8ZW+WCW#Oqrcf<21%@yJ0iU0O5c?G*@RNUvw=(jUMTdMl>{=li{pWBttfm{D zACtP8m`Ek=(C9y@@0zr2Lcm0mQfEW_MSnAojTWxPB zO3GC{D$4L40PMf`jQkvsMVxcl$+)+Z^#bnjVz6WYWfODhwvj1_{upXH>09$nH~6*s z2dlJ%yHHBhks`>!m;XNpE`5M2_x+$B1r{e!|oXmBwRg{ z-A&*0=3)5IW8di!nst%ytz$Jc{YUJestk_^mN*wd{=nBNZ!!+ zT@ClH!`o+NtCc?7&jTBlBggiC5Y~ToJ&lK*oF8ueig(_xp79X79M`Y2*1XYj{it3C z{nmLfwLiIhe4|MTHz>UM8t}rj62H;5N2ONDaP>Z~SC=O|V0b-oyXK<*w>h?O{|Q07 zYOwR`+fMoH*sOzxPv3{9aL&ob)a9L>8-BF$GZHAhUbNobt7Fw_z44AvEo=n8rF0-k zAd*sIz{vql8kx&tn`p!aI4cA`N&da(XKm|ZA#BsWjgG0F{Mk>gK%{*@Jtgg;aC%`d z*Jkm3q_{$2UbI217oo4Z+Uz&ky7#09?w6`5dp87!BAy6^hz^?xvhJCpXO~TR+z)P~ zC5mI%N)k@lw#>F}+YuiwZ=K?c9S+iC9d-20L{M}`6q#38!^nHB70CN97#r7h-wc)r zSNg9G_jjf+51Ec`EPNgBt!%GDzu>V5zj@(@F4k55P}Q=2mlmW-kKjpOP^k&Jx;gvj ztL1TcFOo1txA~>{=aVd>-!Zahd~bhio5CQL z%5E`T7`Rw^Lr1G{iMuQ?WSD;Z@e<+9sno`?qbX>?=n+(JScg!-;d ztXxdfYx5+Dl+>EL+kdNvzET|Gj5D#+j#7!-XF@_ivOPq~)V1u0MCE&hbGC)AyF`d* z$Xy%y_X|{hUg5!)Ms!WuewCH40j@=oZIh3*x)HU}xi z>bUOf;!hVQMfYaQ%uSe|L}^~ zy3~U=nf{@0Bca5jzXCVG)n=3K9+2C70cM70mMC$3%kX3bhYypR5SjEbJxOk{$N1gE zWRi+VD% z(V$U*OC+lE!~t^LTJ#w?80(;TAx(7~SW7(Q+%TzR-`7)$pEoW)DI+1(#B3xI6F7a* zu>ArQF7vgQWB}?kU-UNs#N`f-`FCowL~N0eGdX&bH4+8{9dxd^GNN<*d<;c2(yW>0 z{QY?{S#+_^!qmbRWfL}@BuidaH*y&QfJsGKU%o0@MNWU(YJJy1Tt-F8Ytn1oCjri#;qw% zjsD3gl0vH5=*=HhM*N@yHq{cc)b{{j3(NlCS-N>TgdPFmW%h0<@`W*`y3z+rUvBdO ztmR4yaAWBZw@zh%A9$9*lmX%1&o1gTc~L)2EaN#vZ$q0S{FVPUR6TV66?WAO zAPzw{3kUZl-$YD9Di1cfZpU7+$+*{^5QcTc?a(V`L*n4k7MF<7Dox3zePWr8s&G;y zq+myU$YJE#5`hv4ey)K1mdZhu&9+mLkDtdNc6Y(hO$Apy>mZ-h|yWGg#6j|RR`i$xmK1$AHZ3~%+b9zluQr+`ki{gZ-{-9{2^`0E$z|ju>2VO)UmvNL9<+hd zO#MnxcoKnyi)-q_+eRBjzyHDcH{qzMdt5y5-OlH)+d)Rq*D}#=rtSr9N+8dTXK=P# zb^_XX8nVrUD4w1Cm|YOi6!YFCNYc~S9rQU+;6_E>7V|tT7gK*M`KAT8I#-U4;H=}y zPxZEC(9!Am*o^nF-|E5ZfrANt70d`y0PQfSk`Ct-Zawkvp@K;=BTu=?vv&>FGy;{4i{gF*0_DRJY z&K;Tfj%@JB09`~7w!Q){{EM2!=1AoXZa@px&kV>#n4^qby_|mYF~cwuuNq!Ia2O{M z<46mzVYaZhrhb2L@&gp|Y+FgdC&!Sk`jvYhVi4?dl~)Kfa)}rrwzW`k#eJYvtrSc8 zJ~NU5hcTtxo;(TuVJ21;KY+%eDhLB3ima8j2m6g3Xe)*aqi6NXzt4SZNke$ zNz)BOOnD0iVQ5c%*7=)>cN>$89Eon-+OY1PBv`hBWOa@qPnCLSKF ze>+)_eq8FsI(+-zE}p&raRUC|*a$58A3Kkwz3YG5c|QG*i|79T{YLNg^~Uka%8|pN zu~qND%F4>|z=$U;9D8_P=S&?vh z`b|VjXlL^?E_Kl3{ljsjzR&&5ZRFdm78+k)A?oeOrPlc+-@EJcv!*-6KjWtBr@}r# zOOHDTk5_{I8`vj-!jDZ7Co7Y`Ng6|vH9pu`537O7)aLd&t{yM1S$8Q(s2wa-?qmR~ zQ!Dy88a8^h-nb{3ZoCN<8jD$>X7B5S;rI0eFa57|`y}VQK?uFH&XU(MwQ3;YR^O}h z-N48uw&BO?5=CV?ZV%Gq>7~=9mV*Rkl+#6ElD+Gyr%4^8`|-ubsYyka*<q?_C%4YGg7Gh?K6-8b%(Wm->4v*3aluJYb{#bz&p<`hKKMz_<2e_hDNF z>TSr2sj_0})$`E$8M%j2|7kXp!`Z@1)4pkOk$p5qab<27ufDYo`2M^SK@pG9P!XZx7*7O9jb&m87x5<#jODtBr@K5CFE8baA8{0gEa~_`%*d$k+VrmiSTI zk95c_ic*(2hCgvvl}7fw?oizDCi=ZCHql`kAN7|v?mePm);26^$Np zO;>T(_tv~0>v1=2;LDbw>O=Ice>J!p%zIOG{*wS|KW-yQTFiLF+g{mSB>vF`Vv_Cg zDajgY86~d%=FW^nZs_VV8FqK8kSqp^S5=E9Uc%}P z*Q|rZeUWl7+x-q2l!t9VgqCwlNE=m2Ew-Br3u&y;5D?)IW_aFEtnM+JHl*6aqf>%% zWxr)_pc?Z6$N-1g*uvn%E{^U6W7T&e(k2&sXuo-Qk~`;fS1-KBmj}?SV&+W84+xXQ zwjduo&?j&>ZL|#Rsa}oj5rn^ z*B;JdTF8J1d8u-rO&tO&(fh+?Zj$lrb+m+O>B#3{JK&lu( zGL~`nX)#h^Y#rC%fOR=}LP$`kzvzC=V`8$jO@=~RvvgirfaGT^N#9y#B`D_% z9{(ByQJa_cG#vafF(2%*eWi$;z#&q1UE(Ao&&i2WHEhL#ZHY8??@ty_LK!N`?}ltR zQ=jC;5I5IaFF8}iIskNpi;^HJ6~+&$YRHrYh8918gb+yXrWQ*XGle?B`I{;*1ayQ% zR}}q&AY8!J$CS|A9eW*kAmb_2_O$qY%6+5ktxs#aL7}-+bi{-w!Fn;0N?z8nQ8N_2 zHEh<8X;=|Xm7c4Z+Nc_3(|bLWhBYn!(m|3-6*NZ?3l>E(JvM^vr(PPDCjzx}n&W`| zzXz)#UgXmONj9SeY~5jCsRljGUX5Q4{DnBob(8s(^f)YjlN7xvSf3U?Y=mjKX`SSR z7Bv&WS7(1L-fHx*iO;Pl$n_jBupJ|agAC)b*q@T7zR{8+SK^5vNv_7XDh-ddGy$<+ z#7SakB$^DU>@a})lDSi%L>4nn!u?a+TO3j8 zB~r#}3)1J|(owMq^uRm{V~X*INsZvfcy~{bSOQGe1w0;AC>dRmX~o_sSVs`beZc!o zr$Svp^ORChq2X=G&1d9HxA2mh3TP$nj!o{?>gXm%DqF1fF9X+CD?4Tf154hWTTTMT zNm7LZZ@%|w6Xlz=tcu7K_dD@F*5e}1!RiH1@{SSG^t*g-dF3UzblUtxb-7ePaOEQ= zuMvS#5U@ycknE1_`&D#BUFdkg?ly~PoI%KXEC6-}9k)@>Axh`7l#iE*2|?&-&~6zRDEGYVe{R~O157*ov>%|a_9(0A`enZ4|Qmg%-UT8 zUD+FR*NjneG9nSI6O$V~Kl%YKhD@`r{(>Gxe#_8bH1)@%@h&Mp4replTfW2f^hU*| zCUl$`r|{|hOUyWoKENkaIfpB8*x{=O>@qoVoD;jT8pZO)e<7250G6NTIoTL&#J*Y~ z;w^Ws1cnwZY)9oM>}hmU4aQ_CX@*q=l*&JI^^DmTC%Bl?oxM3p0&L0zJxQs<9CD*8<}cBj!_cWz`+4v1YEm1P+-bUGzpE;__dSIglA zuRi%?H^`x${e*lLcyzUQ4`ne&WM^fPntD~qU{VgWZ8V#EZ%=-&Q9}aR3q%QQoyM9T zZ}95VO|+Qiorr1f3Q6+K0RV^PFNrL9@fOk zjDMeABbGZ!O88uanuaE4NmC0iM8@=1cC8Rx(BRfZPf5x!hw_qYtWsD&K{a~YCVxa& zTmvjvRY4{To!mm92o44W>+GWTCED?B_1_|{uf}$@O-H#8t}o%0RBLCELZ1(xd}p9X zd}L|m&PxAu{zdh5#E6CJiB0kw(b5+0!nPE;=tdG0VN+@wUB~)!ZgOM(K^0ld+cR@s zrEFdw0Zu$%+&?udLp_IJ!D0&lwV>>NB`5IsJ<72X3od9y=%Hmgj76qMGb@3%MW9OA zo?4>Pl~c_D%9`)nCW%9?N3F#Zu@;@DA7?Sb}Ia62Dbj zVC3{Q;#TveiI2o#YSkF>-l*mD?cw2tcov)$3Q8j7u;S+JnAJerjf!K{(HA;Opk3nj zMou8nZ*c&OK5n?n(#Cd8!l5Pfju?eeJ*#Fdk}6FtEI~KJt9Reex>Rce#)NbZBdvil z#yj(*7#o5Qt^R$lmCN z>ZjG1!v&GQVE|b3%5}_~)5X=sHTLxAIWR;BAZl6!>(~1|S#6Uv3|63x;OscZoE1a5 zg;GARve&zD4M#sP*b&H=LnhqbdiprZ**i|eekNR3R{s-@nM?P>3p3IQGAi*wB4`ZV=s$I^6;__hQG7BA*yC}MV)Glv;Q=Snx`9X!pTUYH4bXoc#T;Rjpk z8#xZCZErav=d)5)D-7uk#@|iIE_WMh9taa%borFhz@sl^Xa^1wrmoN^)j`8JGqKIh z6JNh{Ulg0?>|a-+{TATir+xB1(|#TZp42)xWge*|7B{@p8^(>b28dsljgk~9A+zDj zhu;O|GlUNPTBkz5#BmkA7~5imdWUU6u?nass|ot3p$?*WdMJ@s3DHtgJC)AwpDKE7+0wnZ8X;Un7qL ztrBP`*6b#gIUO&88dib6$VMMEn!Ah~>Md%xl+|HmBd}b|Dcg#r8O(PhICcmI6V+KI z7wa13HG}r^j@h~8S>lObkgwq{HosyTqw6ZT64wT(t|x>+Q8MsX`g1MK zC*UJu=~IqWxQ@P8WWa9syX^?8TY2|-%EQqjR0z#5#k{Kv=C&S^-HoaBtf_%L@@Dr1$WXMC%bnEID z+n@A<(C@Ze4Br>HmzE$ddQYdx`%BOIhSx^^<^={SdVz4%P6L1diw#uKXx^?!^H!b? zVWZ`BR~c)58UpO!w`{OXpXbabI4#-beyrJTzAaM%&0j=SnGx>>jHJfb7Tu#a_FFyL zUpEw-P1#PF1)6MfGm%a({EcNmRUp&DTA^lK6LYqO@_Oiiml515Al-8Ew#Ryx^0N5L zOvuz=EZiUf{HETWDP88_*gmE%HI37O%_xaJ)APc)HF9!cDap4ErPH!lVKQ3SPV1o^ zAw!J=QjSX}e`Q?pWPsDg){8R8J+qBnX9mPRS~~r_#S7c_pOJFSAK}mb`h(pUn(5$` zOl4BYKS?o~ZiPX^Jk9%eZY#h$54?~~9C&5GJw0L=F(t6%JlI(^o@4 zYy=VD>$AQ2_Li<&FIj(F_}FJC(u(t{`Wtu_>rx4{^mwx|Exh^o-C-Npvpur-g{;)) zUYDfa*EbF;Ku>SMI{lGomDHvdETO}vIqEA()2LwaPL-hG^42OPltf`$sn- zx=%y?W6t{MNcbeJpm`2=uNgX{&0i`UCi4CBxNUXr=^s`1+vd2DJHbGW8jjli&F zW@d?f=6t(smlXDSTKP@4E${`H(WNXA?? zS!0YEz1BdZ5QCBJw&uAFAx&{}BYM|>wUJMI#5;?Nuq zk0Y#Og~dNQAcTI`P|K(#)!5x%s-Qxe3Wd+)y@q#KT-VtjtP<{_j*dU%bscWfP zI(Ej=83Jw<2dEypBKv+s#@=iuMVd_Ib-mp{I(ynBKYt_fUN4ItU-a1nQ z@3-4V0zV@KW|BC&MUjz)lp>RUyGAPJK9$=M=c|dz;dwXB@55%TDrrRRw65$N9bdl0 zQ%VA~PFjapCQP;5)0}&QOgT4eQY*&F6!DlsxD}yeWefoEoWgRhX%BbjH_XoxGc~dx zzmV+`H_~lpI3hyAO!nuB1y)lx#a8KHA<0;V0;ditgW8UVJBM;WSHySC!czXLUJ~(a z41jpudiE^;Hm@Sm_?|oACH*brOv;i(dM?vRT4AWK53vNFCu`&6KRO}S9~gO58+dW@ zb69oCq?xTj7EWP%P;$V!ez0UBO+ETr)(TE!I}K|DMr_tqO!k0i9CaU>_kVGu z3icVHfNJ74fXEo>dnqidARt|D_fW%1jm6cmJ~<@h*FuJ*sWR7EEn#NP{!Uq5*h&KL z=-eYc9L`Dyu3Z62I3L)42p?2M1`(9d4>>49-oagz5ZPmxz!m-n+Fb1Q&KoBlvv1q8 zIUh6M`#C=?$MkFGGU2H>8ERGpP;2@r+~g87S!R zFE4E_FY`LGDsjaQQR7Q(_Z|pwFvNayyS^z12${W}qgDfTl zG=~9uwG?ixj1vjk@t~mt9S$u&bBb_>3~#rIB*WWV-yfwWRXQAXXxf0-Nwg_{BC}vX*~EH@ zVvviqS6Xy6Z~(_@V}`orH%n?nNSLRdo&jn&(h?a0SeW^ssvw&0q}f8=zf_=W+>hNT zuk{lvucZKl;}SM{w8-s0#EI8kFqSp5YO}D!q~)`#-PRl~$7lB+P8Wa+n36P>((DAO ziP2!krROJFpVkVeqr62G_`gakPUnwEbV1c@5>n%Awx}6xO#*ErTBVesL<};-)Csx* z7Mh~0t?|eF_(L!~y@UHcMift`PLTX13m=bcV}IFs1ut^xhbIW}lV8@|g%bpv4iJ__ z0xe(kG=k}-Fq=Q40N6s-yM5NgXzLTazZ41@)XGubB>{W6cx`@ubJg(Wx7b;b#nRAe zdtA7ouJ$>w4UBZdY{&YG0$I?~S5j)251w78z<#BOjzp|M9hwJOu3LcR7@PNpn0HN7 z#W%Ub!lKRvl4~ndnJ7#o#E#>~m9?a$FNrL6E3nkFxdn6`yi71F%V?$`Ud&XiJC8({ z#9`tty6k9zfEaF_(+acoO##$WqRoA>@92S5Hmm$*T_QOEacX|t!|p`LlOSIr5BRDZxvo0~^#}X<6I|@aG>N1#B-OX|1B<`K$P5UL7Eoq;BbH@Y zuQmWDP=!0>SDmqT2{OTR6*M;u+4NO(**1P7+f>~JV^C=DigIRvueL5R)QM~ijj)IR zaUmp5cZ{HaAgtj8Cilv`gwkj3Ban1I4022cH|rC%Zu1s&k;Qw{nuTLNy7p)c%+$B_uh{C6>Sd z>`(F^{)MJenpvtTs#ykM))sxIcollm)BUpe>UiGK7oK^MYzpXl_pYl-9?)eECC0~m z1~35Pf zbI19?Gj95X7C;RJO*OL?RqP;e_C39V!V=|>8Usflh4KPI@kK31k28psh&#$%_V+7H zVJ!Q}w9j|PYtgGkuEmf)yEAwx@AKP2VWk}_9LVQ+I z{xozcHeX*7(52J_`<7A$dH;BgqM&B;DTLc8T(ja;L&0=C`*hvE%u+@^a-ceue8PVD zu%=$^2u(rb!SdRkUm^}&az!}x4BZ;HC(F7Udsb2dF`f*^+xPeO84hvrg>a2iG92!J zEUDOecrsa=pzAChOKXjNWr%i5^QLf&DG6S`y%KenI4R@%t7Nu4_qJhIQ45qhflHuQ z)=SX%4m((obl|pDYWz@3F;+4?vE^FjWAa9JJr|7U;=946=qC^&BtG6Lw*(OWQm~bi z0TGeA&_C=SlauGVFaM1vcaCj>!1mjjo`#-N>tL%cSFEU-V!+zqE zt%-}5p#m^e1O0~L9G=a4_GyWplIU9Y(-5%MVYA3ZU5%>um%J-7Z057b&nTzJy`uNC zd_#rz%>FL`bEF{}OvkroFWy#~O@A=`4P20R!e>jsr;Z%-jJUg9%b*8{<0ZTvLf1bT z9=9&h(_33&!>{8P=xp+|SoowcqXVP?#4NKKGXPRlbuEvs^&bc3j|`bCSn!vym>wy@ z=tI7|h!GuH7HTvUSxSBxvB-n1maE=;vy~cu@HftU+e+HjKjF=$@MxcDl&sRG3uSomVCW=yl=;y76ap$oyZz}`b>Gyz zyqE*7kmN%NECZSq|653T`{I8#{wM0;_J4JwoM?f2nfa>PwU0~RVb9Q=M~8jk9};Cn z8BB-%%hRWd^7vVy{U?Mm1AsEkvi}!Gg`)ob3(7_9oR2aT&V(r;?{2*+uOtzzSJ!uE zN6Y#(h+A&Io32G5=_j+&zENc_Augo7wmU&O4((Bph-B;;KKZM zI|UadqHP^ULKa%0>3}TE|Dmp}-u!zo6!5W*7gne5KU`o1q1 z|1vBup8wk`1%vc72@VByH0YtC$8oJ1%omFc#bvH~Sy8nie>Q5=j!(EzTG?`i4e&{-E@=?I!4BUls*c8%&tm zw3q0w!=wA&4R~R}&^5^^oA(+YbE6G#)dJSC|EtsdyTZRKJ^5emGXIB;TA}|>7ekd> zwEpO>{pTW2(Erm@P<=)C|Mi9*-s9cHE;;$b-QnENhs)a@VV~=}ks5!v_tE~*Z^tW_ zLqy8J2uoz%dfOkmi+_B4`mf%@O!2x%L`sj3%t`ps;ptk(+G*Qx zZ1Qbl5wdXq@DQ(G-#64$_nRa8ukY5FfDQTb74#ZeN()Y=3u)T}Aqo6pnOX?Qy}T}~ zM!IuzRa_~QQ9lFH2xx2ycg-4h_UYJCmxWa{d(m5zmreE1_83+$HDFn*bfA(lg}F#_ zZ3LmZ&VKc%NeBBp2*|*yqtLi!Oz67Pv8XB3T7XANYvp)!;(?n1Q5*Y`?$q6}qJ8;T zgw+K?SW1M0&EH(41dJLByTTr}yO^#ksci*4P{Ny@mVg3F$Bs9KoZ1Ws^+7H`jtIm_ z!ok+lRigel&*8wT6x~49=?VR*ho^!f@t{(<{4DaP^mPy z$L?0I7ie3*0Kj~k-@zRQ-mDgPW67f0s z7-p^B!S2=s>PpxDmjfFij<;y^*M}J@8*kk8V?1@M3tx+kCLzFj z-d`bh>F6JU-{fPg(1UO5hOU)G?>;@p!eo~U<9;!lyo39lZa!&Kxv&ntIOcXvO3#}tW` zdu3HWXFQRulJ-f&)(Fd$3xvQTZ|j%3Rh1{&v&9q(Q3mBzGkx32JFzO)!;`8pZtv<^N2rh{xo$WuA_{-$ssX{|5-?` zclOmhJn+|YN_YCGiu$6h#PZ5YjH98(-lv$C2a29eB}S8d0}zjGDSFyepu>1LSCYkA@e7G8ZKg=?cL<6n>Uzp&@4pxpB5S zWiicPmEYq@OF+)tcV&jvoxmHsr@|T+2Pw!ZYDJoQ{B-nKC~>x(a5UX{ioY>B5 z<~yf_MNj#ewuEjMr*JRuRYsx3sO!I8d0OipS7q`euS6W_CP+~jQJz$(qb=(o&O-J& zB}$DWETQ7hFVyOjm21E}4DJ?O9&smnj24^d-p8Hgi>tdKB@A~KM~Ao(#{)ZEp~632qVJ&HKQro-M8b>shisWmD^Px5}p5~T1tEj~W}OI<%(avPUO@4WKm z0vHLTgc=DC;mK@OwaA=JHaE-lKiBW?j~?G|7$+bJjlbBSd1+8zo19wV$0LbU#Z}wv z661!o&ju=o=9EGLUQMQB0J;VaHBtTZ=J-@kg6g@`b8{$2E0y#0Obeu0$|-2`=N41X ziP1Kaincxp%sRe-%Gc#^6DW(edUk@7m}so@l%{d;xKd+~P=%%k4?umhE*}b(PH#a4 zP44tA0U=*fUn%dxV!?f5YDyr3$e=}wTwDGQ9Rgv~vk?xbChhhqQ?J^ZS&IX>Exsc2`S8{Z`kZCHh*XA8&>L8zvs>B#}Tpy@qr} zZ;UQcyet?TTyXUP)PNrqg5#Zqm&Gp6oU?H_I1zlH)4Yj8 z$ZaFrWYz-az0a&G0-6s@L!#%}Q0YVWvtt8AjR6#7jHzeC`l7sr^J?^n?f#FI?IeLZ zq`$&}GTweXa}ghYS*e38Zwk`qoHS;PFGE2r3eRxZ+~!w^tk z?bh7Q6%$^FLyTTSkbb>JvaG^3QQ&^uwsLM^Ef%%Lfxgk&hBkzA7lrX(75L^ktBTEe zc)`r}^|K*zB&b5Vabyr9QOzDGRgp18JPL6|sm*^8 zt$GM0SZ~LAgGQH4#AQn2ne3@+$eZ!7cDOZO+vywfz+=LAw=tvG-ij)?M<8wXt71GZ z4Fi+Gzei$S8hsAX{BHB2?&yox8>p5=r#igkna+6&vt&_Aay-6r7ZMTiN4m5O=N{KSp4jK29x_lko3eWkYc$b`qY<=yY^dGcnEUy!Je8Rphot z^CgOf^F0!xBKfb^r3qZw@^rpxfq-N|9)Gs4F;u?k0@|>sssCQ(PbOsN&8_d_`1}i2 zL5fx!2Y>*oNFA-TB#k5;>3pTxja6LDjMqo{KCh9-Hm_M;lmJ{#wtiT{TG)B-B#X+3 z&#HRnB5yuvsjpe`q3{;6ZnHW*gX8J$Za>SdJ3SvrLCKecT0+e7dfd0R*X@hSkfTZ| zL`;cLr5}BpMp~&qUdj7|kfU^`-r(!aS;yvPW5{upJt?U;6R`WMxquR@TBVLTn)zHD zLhSFemx8PL+Um!di$(RuvYzHY;=?<)t1?~Ey36Q;6ej+Bx~pWeDI$aXiC^jON?IMN zdTfN|(AQN6_WTM&p5Ktf_&<}j)X(iP|Nn@4%dj@WcYTnyl(xZI8r)in1TS8^xD^QQ z(Bkf{ZE1>oAUFhfiaQi28r+@Y?(RGNopW~g`<}i2`7~EDlVm27_kExHxrJ1LBDXSv zlCrF;h!@+)dg|D+UPXti(LPLvz)-!I?L%FLIK0AkN$EL&y(%GY|JrC) zU15vmUM}wYQkgwxFGFYSu<>uH3F_G=VsCE?w)BLMxHgFLPR!m`&!JG53$#}V&PRXO zi}->F(MmooZ@Nm(r63p0GQzAXab8aQV~;hC!o~r zZknY4Jsptr8EZar3PZEk0RWDR)q2p=lUaL)g*K^@rFfCNOd-p(J%d>g7?d0__v4sB zNc{2PIe@Ut#aPk99Z(p@e?DJ0{9SZm-qq0C-(2MSU+1A8R)c$mTkfvA{!zT$*wN1A zE>e~iz5U(%Zf|bg?`!_v*gdk-FP^-1J-^8)-Q4jm^|-D*uj|KH;MXHOZ|S*rOxJ7r zQm?dmbhYS3mk9tvpWo4VFG+LS+|!?dEwaC;e`_-@LHKZ=zcy z1uwS2!vo;n*q`Mxfw3Y0R2hZ==$pttB7a+DP=cycYZn7VJz$NGS%Gw8=sw^DXWQ8U zT3a5P_|d{zk_V*_CZ|AM7?nyPcR^rTaxiG_d+V0fiG~aWp7LF^?yXlD5Q1gTah?lh zAsOXfO9ZW<27RZc5e%R;CV(*s6zSKfQom0RTK)zGcRL3&2Y!C3ezz+%2Tt!{qFaAD zoHx1-gjZM69(a8p@7!Fxj4lacH0Zc3}iu>;hmf_vth=E3PKmrDf zgMXRynh?T0kQ86mwc?Y%?9#8z3IP+h3HNskoOn1^cO9Jz4isdi;k+XXDB7e&9KOz0 zl>xB!)*3#(HCzkddi+a~ecXGkYW!kZ$65xn6GuMAbx-296$An(W*4kKy+G&4FKXtE zw5sZ%A~yOKu@v#GFW<7DoVWh{n#`;^qLY@vHm`421loze$cCw-6Sd{$qtN9mcpknq zkVTm57I*c1Ckh6~?5q-xlbz$} zuY~nCq9taY@@vRi$+*&Uf=q~bt|KQ0O!(euoRsg)~5l@Mbpdfh;8{X-Bu;lNMpjLm>~5_%npxOv9LKEKEaFQpXseZ+M4^)EAe z2;~_SP#+ge8`stOxspVNID8t?c^nae8uw*Nc^GSzCC(0uNgGTH#U>lVb%;HRc4*90fke> z+8!sH1c=6hTc0tQ+1`z(3xCE~Rm5jB+J?(2EqAl%P~N4VY&G_o&0DFeB6DR(^`^6m>I?NRlZ39Nn)FxVDx^v%t)l0R9ft%a zw!soKZx}zO;29mxrd)iH!)P_6j*j{Lg*@xi9=QCB=5_w|q>m=wH*}5w9Oo242mQUSuw|M) zB55|lKd7C7RTf(oU8%TN?2forPzbjHRot>(Owwnz=QjsC>@Yk9xPz&N*9UlJeQ$Yk zYR1~VD{Pr*sL+rJEIVeM%*TAdQwDauU$bE^N*6eCik^E>mb?jQk{86{WEc|7M{pQL ziq#=s7#;Ct>&w$`qI5dWu7TzLu6wmUGFj(9i6nUmbxu$G+2N!=S;Fb3_zB^FMO<2#h4c=z&+&~8`V#-<##@r`_5RI6* z{)oRK#N~`l^7LEM8ZIpOld>>n9jOq6>iQeO!I~wt+ylcz9g}=f88QK2k-D?3x3HDn z>a+3YF}>_;oY`4&VI7$*cXX~#-6u6wRQ+=XP{*)gt5q0#MuBLZ<-ZFf3tJ8?lP8r) zuJS6&qWa;j`<2@g`B(urJW1F3suFJOkUX8MeL?_j^;+u;ww#d!pQ@9+SidM9(V% zn~U7Ujm3q!4a*Yme2B2djM)HTJjc5VjCU%<;{B=TygbN{NaG78_JkCh`NX4YPt^#s zJ%F$i+pY!bh{XWr>T7P|u1yweNj2{4-^ikWvxm9ja~y_)_jbYP$bu0VaaCNQb_V z0qj*`RuI4qqpE3&LkEN2=daaiD?Y^gZ&T=}TC?_KE7IUQPwSo&;LG+b^(s;Ir(LXG zK$ky?dv@Xic#0|RQ`lpnBTT5ez6WLyxR(=S!ks67yp97uSaU#)t&{(6T_DH{q9(*F z;fxpZ&)YUZ}|kSwxeRpvK+%zWc4$T}xyzc56+n;5WxXmUoR(sbW3z0=mkOb_Mx# z=v-t!FBlAR&#Ul?`;L;YXi)fgPW5M7&Z^`0xGzoz-<27_kP_uM(c34Joeg%A?YCC5 z)A`A5xy+rcIR+z-b7d|4Oz(vc8yTWy9E`qvK~Y9y%2b#vdSppGD}M4q|AeeJ7}Ozn zW9qA!4;^6)3eF73h2ml3@yuMKDl_St1}n~Ol#qWwJKFEAra^05)xoF@XtY{Y{cGZt zin<%NiDLMzcnqb|Xu04C{-ORE_6sk8Jd8+6^bu`eZ(mA2}HkT(-i2 zfmGBS<5!l?q^zti>^}96H0R5+OU|PwA9B(z2yJ9u9Imilu(0O)cLw?rx_RV>5xICw zI(HnAxlqY8HZ-a>Lcr285o9Edq@TyINsmt9=4ops%>K=jJThwRZJ|8!L4NUhnEqF_ zNkxj6EPk{V1p{aC+8*UP=v8xTYx5q_b=n({5}hM<{zZ{fZOtG@%&gBkIg^6f{3O>2 z7E(gbk&Vr-;H^Ek;1OC7=An*HQOy0cmXYbIXso3dR=hkA`ZrM$Zh4QfRWpgO= z8@3$XWZh?UXE}0Or{3D`O9eg6-Whg2iStwp9EtR`4QQ2w8Sd&#OP6p&Bfzrj7;Sv= zvS_LS8$ zdAf|7Z=Y?CmcJ$JmL^U&UP~rt?#^52I89fteAPlGH*K0w4L-7uJ@F*TT23eao*_-T zedW?N&^Y4rz<>wcnvF$7GkSuBiLblRb(v&Ra)lj3H|t@#Pw${2zDRTQC6cJTnh%Ubz?1GWuC{kxlYuWX45`d%m%Ff&4q?=HOjnn6U=|fJ0ICWxK{k zH7*4xvc`6(EG0#jl!vQl7VqqdtAxXe1u|+q?h>cKMCMVDOZ~V|Y!-{^N~iU9`xtw2*JbQDw4i=qRbz7dGLEz-&!{R3_rr%DKE=-G{0BsAcmg)jnJVzQF zSFMyT+kQfOE`r>}rA^%9jrH(8x4{R>AA5=T59gsi506p)XcB<@+&^d?qjBoWXiwq4 zI>%^V|2KrTwQuK><|xx9-Cx;V+!ysR`rK%AradThBIp*jpQE9X{)=;k?~m8G9TFTE z3`ShJb>rA2>Cw17ZEuLh#6B}T6zdt&*p~oh+bO6p>nb6gkExToWm-bBdWb0ONkV-} z?-E_G(a`LGvFNwyDedyo)y8q_$%;8!Nlj!kb__X1R^8y13s}}H2E}f@o(Rfjjmu@* zU7%%^Iwb(h3a#pg2?c#^p^OPo93;buxGvlJGER^2B2B28ije0m(3a)~D#_yR1P?o9 zqyWWZxzd~SLwEAGzsycXvWi*q?OIWVW6mM1sm9&(5h+A6shmJGd6MppttcAW5TK== zdR{eW;}HW|+q&Y_#TOPb=oy%+@|e~-mcvJ7)pvRf>S#bDp8Wz~Ug60#jz|c+P~)g1 z=_MMPGtgA6Hk@*kw&wL>Hz`Y@HON1OwwrH-4LoE@x+~$_X@BTW$1%_^Dvz|tE02?M zqaEDDZecK$5_p5%JuMI?CD8ZnX{?)tT*Uc9d@GA)?5`e8{4PilHmjm0Sqq`+Z^IH& zyX+~3RB&)#TQo-Qk8GK=i{p{;Yh@_Jmv~$I6n}6C-2u(e`FeJEIFlPp#8N5?x$I{Y2JKZ1XC7n&VZrfx$CiY^%?inipWnV zkVxqQD@L@?OEzMqilZW?zK@bLTPd93R`_(H=~Vo`0Ux6er1KN7ht%(WT%sQFOaA^7svOTjFP;$ao$78}V zS9LeHR#QLbxZlUko^A};;zkto<$hPrjZ`Qj0|I%`HvVxT;!I-4H!)5A@?sQM`bAgt zyhx$v68Kvr-DNs%)k?}NA6iDY!DVyiVdcvHv!;JwSA_ayj)f!tw@m2RV768gEx*q~ z=gk{#@l#jLef3AV-+uzrHbkN958VZ(iKa`+Ory@13X8{z-`VlrEkwQO9pd~v&pyw7 zkq8~TwcewCb|vxDL&zGC<`V!nmd^Wa@S5DaqI?O1?nQH*?h2x+*K!5mRU@rCWk)F6 zTgW@DcvquFuIb^Nluu&n$V&fThw%QD=ih}SG=Xp8`g zQH$^Bp-w8=ld*s7U8~LSJ_C`;7y3BZN3cX^mzn2;R4f@!8IN>~cojDr3zpsH%JPez zc^C(E$h(>sHk?0Pe%W1K%drRS$?@f~FW`vL9F37Ya<-FHctUpl-PDt~lQ&fFOi^M4 zrk9QLRYCP1LqwIX)?R|pe$xQAxviABG>;wMAI9;gFvs;K$r(>dBaP14@N+1)5~MX& z-L--VaQqOpYD^IXlSbW$?Tt-lL34=uY&*t&XEZU~d84w2ia`>_+r4%!kI-s?@&v6$ z>_%K7w=Q?EuQjYlbSv!l+m8<=)cC45o~0|dcKTnbDu$9%02X7;VzL;o3R3)r5ZeoK zvUJ^dguX!*JVst}&Xgu56Vjot{u$3>ix(V|nYYKR6=wz?80xO?$KqqD(V$5!wGg$? z{~qve{$gSu_Ziw0A@GBSeVCTmve8>2m)c*`*!E;JIpssR^?yrB-__G^w~?T#G#FG| zUZ?US|1fPJO%TSoe;iy9!%;n-IdM)=u=zDYUQ-mNP`L2UOMV*4|0CbVoZjXaCY3imTx(y8gfFv?BLqm%ap#ObmRTT5*z zWz5q(HqZL(HV+Loeivbx1-%kn; zJ3DK!LO>FkBLugyfd~wkqrKtq;!FW;ZpU@xi(2jt^4!O0Uja<#QLUSPcu*3k z220H$+Oa3(_PxKGbn7=@*k2&|2lPp`biN{Oc;r)#_E2)CRQr!~vq1ab1`<>MV?O@> z=f?l-R#8=3*ZJ?`(a?zgi=c(}+xP$MMy&?y_#kc3_vUhPap&3X;6{Xj@a@&&^`jP! z5_J)KoR(%X3W{*n8U;yA)~4|j{6R3AysjGKTYxKic9nuLrIg#`zKTI=Ngy4tyG)UjvhKzDn_fSXR=06F(? zJbVuh{-y1AdzN%R{^pDGhX-#-WTQxls)*mi{aMZ8gBJhT8E=?gKo@z?cMwcD-k;kH zA4XL^msE7D;s0ZJsgaCF9isOEOb&Pe zChke}seb$B0wT!9M2pJTOoVd&7bQ?v)IQ%|1;9mJ23Xtac3XVnSCir?FHXG!*oK4? zZ$N8~t|d@UHFob2T5KqUe*;J^pT?SsNMitH8znSouros;4aNcF_H+OX$3z2^&Czo6 zN7snDMFZxj)Gmh99Y|7wgsA4Xp=T@B28PA^`FU?X>@v+B>5zt8ZtrYRA`z43q;8MG zag%O)IlV7W()KyStmH15ZPr_8AZNuhN({6geb*=!5;l*k{utsB(|)|O4B`tMTV$0R zqzuF7q!1$UAD7@1vPLl%_z+tl)<*}s@_3@TPd+U%jVThep&ZVC^y4~=v}k{Nv@!*0 zu6mt)za-~6k&5G$BQp}-;F4K}Wkak$r=sg^HJa(?E)R2@V9ykq8hOyw*4@epE$eEg zJR2-lIgQRtAL;7k@ZH%?B*YJhMa^~s?KfFCZ^@v5=QPG$`&Tbu@Ghrtm z5-c8q5yZ2okaX^IPyAK&6yZuJ`XR9$JEduo>K~RTqI0H3-c{O~|KqOuh%Xj-QmA2t zC^+A}m;?L|*z)Qgp}++A-$suL`Qfu2&R4aR!K!N^ay3-s^T{Sk(PySDnmf{Gq87~` zGG7(Ej3zSq8vCwT)_?2G)p@DPnPZ7)5Z+&EyY3sUFxS3;DKkv5=@F@A-fNo*Cm6ez z2fbS<$Qim_Bx@J0U?6{fVvKhYcX<5k%89d040b$xnZ+De9qcT$Yrq|(_W1fEfzo@T z1-{_-kFFJCSaqDW-%J%^t=m1^os_b%iLnh#UtM&Wy``Cxc6qvW+HG(KT5G4HhbiEa zo|Sng?IN)xngmKwze-yb7aK8&OMYtO*G#l=TGGFxOLn@cvnDyZegsYYgxhJ>L(<*@ zovsaF|76w)XXuM(h+-ffUEMULyK+j#DOp`}=?qRg()9HJs-)}Lqm9x93R&H)CPAkU zswC};5ezStz`D;1=WMQI@Nj}ucj-i8uD$uY}1{U^+M>CJ4 z_u{QU35uj$NnDy&vbf^yNY4k6EbB_5;3$^gX@gxS_`yk8+cUU0>1wW!(vbWLi~2*G zHFYq;Qo?9fJ=4=IQe4d^g}K0zn>eKWM8f8sKr$YsvnyA|Hs1(MoLr0kfU>{x+&MNQBf;T%@(=Mk^HTTnRa$3Oz zX2{%B`8h;E_xf8kj@qVSsn(s2iZ0(8H(vup^`OkuGmSCjJBGLZyDbNE%F!jV7y)K^|0hGJR~9P`%PE54pNV6F<7! zligiV^MZhsU@;l*Wwj6OqbTuUW*H2ogWfVOSSo!|fPj7rj>-uzN@&E;#kpzP~_4xA5$ z{g;V?;HaP0T=*j~-C}gCFe~`!htE2u18_IewU~QH_mN;l)mU(_U3(HIe7_dj zpIIgblb5@)z0xwLFM+u2r+UFedzi5M{eJe}G)fYgF#D9>Kc(@s1wH8tW0>BIp8dIJ zr2kkpAeV&HCPrTjS%lwKw*e?(aMkG=a3?AXMUk~s%Vebd zM1O#bx~ijXveB3JPZo9XZ))R(^CE4`ELL=RQpB{9fA?D^U8+@&FoyH8s-@3q10jFS z^R;!N^e(??RPrlSj>u%`<6L3K+iF@(q857}a^7Rwv=gqE^$0ff24HCFBjZJf(vqS} z)F5Hxy<3JxHEI<6UkHLbVp;wcA)()uM{rCXPJ{|yVKBe-WRsUcVrd@5y^XV)M0Y`zd52*E;!Y+q~EAu-O^xe9IdH zsC>12Ud4Ei%b_S_xAV_B&!NHO_SbbAVJf9i65G#=;QRqN6A+ct8|(#H{}z0|yoZeU zC$;!)1=&NcKE4>-`myi5=LOMFg4l*J+GRwGMh&ZRi>^^k?H-tQ?>#DR3Rw14J5&tE zmvzdNKtdKmMUO(yv4~+A;a+BdLp{Sp0W?_;!>MxaGfo{VW!wN#{6(IdS$WwhDS;Bp zAC8V*uI}<;K~7^1F1imzuxP*eP7uv6?DCCQ%e;Bc-8>Ce2SgG!pbpYLxt~5VVB-jj z4;Qw2@TWn4a&^1`jxI3e{jbAp z*pnVYsu1iF5*SsLg=RR0s)q-cE16C_ta_=K!c39uvMj!FL$P;OfAoHVDkUEn0#qS< z9$WISvX|=tDR*#p>g#+cq;y(Ra|1)`U^KSp`>s#jIpvz>L_dD2(}Df<%7{3VCvdJL)Dly()yO!{wXk3s=V# z+LZaMI4|_ru=gn{jXLvWVFCtv@r$82o(9c#N$bO&2o3qi$x+O8sKVyq>**JG)-&x| z+jfh9vV9~b+16fTD+Oh}A+|WKukQrv=m`Xv8rCH1gx=y82KXiXP6m5QpFY}ae60S_ zK`2e}Sm0XvHyyXxz>*?*Qr5*45(TQql=6?%;XzqtO&JVm;=dmM+1$+U93krB< z$b#Ad4M^*?$NqM8wiLYaJ0mHQY_?)@=jw}T4VpOl)`Euh1Ff1_s#wtL$n|cw*+Q#I z1O)6B?mG(<7QcsxR~wTk(9pP7ar8veYa(}8FQ#bRBA;rKf_rVu1up-&9@6hU zd+nGv+qS^^??rNOFKr%TW^q;G8yeanAc84ca5gyVbpguDucFiFUiIh?02ETo&bm&G zf3JsjsQ$lLwCzR%xF#;{vCq)@4r@R_fYBw_9NbNXe;)IZ$BVx>bwy8I$FJ251RqYW zJ|;Q4qg*_7>Iq!j?>%;m8|45nqhWO)+dShpc|vAY>*rAYQ*d)icC!Q-c5mhC9gTCI>%wkA!yWEc8k+^vS#bIoJ(2`1Q0! zvO!-b4s{=eXSny>J zPOI)Xg8?U62>joE1TaSyul&}Ff4QMz*RXwJ!N(Vp9o?EfsU5!}C3f zu=t;=N>8~={1Ex^{Y0_cSKdY+==It3pYBW$(Y(Q?^Y~B% z&uYqFU#)@UQmq=DaO^ z&>n~YGU8Az61|LuWeVxHNUd7?+yBqL!Rqj5*L+N_=1qFJee&K$huv{HHBfB`} zM92Ea$6HCDB1=oSE zKW)WYSs5Z`#l~Asxm`E%vnVO;o+DD&=|k>MvtTL+aY9306aIvP*OL|dUxGA?uj0JV zTwcxKI*|^fi4kvW+`9hR=r;;Wvkb<3}vEEO$L#ww-Y%?1teH9+OZ5>ZO$2|gHYZD!#+t= ztMI5cG*kA&COGV&mjNz{p6CaIr23`Z|q(5(Vci*8L)OJO>7fr3D-NGs< zb8c;}&EGX}k>Q>ge~>M#1&pl|)uXkT^ot6ezee?N#}yAqAYGMVcoV7@b}7G-`68zs zCQk+W*$I@&;dCJ=1DLB^pB5e%w<{KpUjYu#a#dE@?W${k=xF=$@+m{UH1N??d|@bl zM37jkWM>J5z|;{8@bpD|jIuZZ98vw-_dNeiKnh%}o9m$~l?tG|Q5pANe(ZfU1V+He>nP>^N6Z-_(IuwZ?D++4u~`_9K+Xli}M!L2^+K2>@=D zOzKkIp^(LM^k5;vV0;KXWk;lthWBLNLE}Fy40vtx#i~J=NjCwVy{C|MdB8{sbeS-{ zs4)N!j~@QZSh)|h-~p1TEnQs{MDA6(!te+Nv=YM1wM|(Y*mJBVHKxSs>O^Jq;*SAI zl_2=l#XeZ}h9cP8Ru5LLDnHufH$8ms8P-KZvc$14FhJ4!cH`^JzPwM$w>*!Uix~iK z=WYuZT@JM3JAfRdd=`6~ihdIQ>9OBLyx9-T_7~W@e>4OD@6nB%swHk5`eCB<;}&vdL|(HM*_dWaxedRfM+2{HDfA7~ za|hH&BT$=t$#qYLu%0{ibop)>HR|E)mx;UE^B{72iUhr^bKlfUUKyT_P+3?6!#uiBVp zVttjK=lqb9lrC}A2KVk*%VF`l_t=U)B~mkFv<;_GhxFKq=@>rm;?%nf)S<6C=SFJy%V`9`txpX%(1lo;`&D%IGP2Y$?%&rx!+_ zZ@q=)q$JtFg13XqzB3>Bkx4_TGD)p_BoAJ;0`ke)GZYhw|30DNFQ)^YEgjDV`T{-? z5&!yHJcU_vThiYJMbb-}MUGVdi5e@{?1BZwl{(yi``>&dhq(W4VSMz&sB3DHPESU+ zC6oK}qRmm~Z9`wsf#6{{$)MixwepF}QLnpVNpD|vkv8G#dp9Mq= zwy1&`Ruvetx1IsfL>G_#jqnONmxgv1+kX#DevL}4vET8=Z-xw)JS2beF+e6ab6p!M z(-6bhyE59ysMvcB#k@QcDR)lFpGP8AUanuPBsUx-(6bZ+o=h8Q7gW!q0I~F839w?H z10kQoI~LwniCx%LWJe27N;xLC145tqlg=y4BbFUw*wizngkvF|?leYNG<7-qN8k)= zNr4lcUFPF|LC!Yf!*0#zuAT0TlZ~KgV=Q`b$rN>n$Y!!Mv_C4xW$JN_+SjRIhyu}s z!BrT5V-NmC@S0+s*Ey~M)6W8}s3Z~#$EX7DRWwo_d8q_x`nCDyENBPLm1=e*(D0|F z$~$DB1vu`v-al?YVDiI=r57Y9`4x!fjG)07w}aXgi?=`U^{`bQ)YdhP2-x$V+4^ru zO&FCTd;=_7d7+dI^)z5YLX{I?lgX#Ts*tOv*VvX1zggqM+` zDO~?9$v<}d>|6aej^*`?O^u$bkHTVNQ~Bvx6*ANMd|!vVzeUkoHdL|sS*Zr`PA<|( zH_>%8Sbkcq6eC*@&ZcXyTW;Y6SZ=_tqVT_1M*&~#|9dx06PTd?^C;@*=K_2mfX8pN z{}#9ZvjF(dGykVH)>2OXr&U*@fbqN6TUbZ{__HnW5o5NbQd06!r1{PB(a#Lz1`po%@$#0G-9V>qj+>FAY2vc}_Tol( zyallFIHegv;B$^l4=x1qd9x@DhN{~NgtnZvuquY!?b0iq&xTv0DqetP5nO47Gk6CM zkLQ&bMUh3)!jg4j(6oW(A&)pl(@r(eijVLV( z(!)zkDRBdwb4oVB?Eb8ZH%gEOqD^IPbx4Zf?TzsKgPqOPMVv>y@JM0w@biQFyCoIl z--?S1eDBETn+FqSl?my=A7Vz$?MV_F+1^$aj?=Z%!-(qKG`Su0)@PW zfWg72Y3xjcA?cA(p5rpHv!;WWd!!1B`!2slkaOR8R@TNlTy7Tzt23hDd>sQd!)|Ot z+17#BF1+|H!SB+mZLFIq_twp<54Z!fvm`x z@!nbz$vQK?q8(o^?~)_}B?tu0ybPEUw=RH#cSbWBwSF#KbnN;2TU<1*JbDIm#9Rm# z-P)KYWQzzHnWYT=oPCE(_ODnOm|vG^?}6DZJK=)$=a+YSY=6djmD`+5`F*YJN)2G z_4VV)9tujirp7U&g5^#;BAf$w!FtInD^?hJ%vFp>B5BtbyM2`R8cmx(j#f}b$ z?l94onw98|<6B&xu`pjgs;Hk9d@tE%uB7SKnP5~A8-b;r!(M#~lm{P>5erOW3sn(i z&b*Obdd>U}*_KLDxxya5nmNB5%^1mdma^X2sEDt$iy#x!S0{@E2~@4M`N+&V-70oD zyWjT(SIXSVUf{)C{>Z8$x}9}l*B8{8ENx~>GIIU%CPrXx?mbq%NS-jUSDIPubZK;Y zQMMUI-*#xg{ItjhpNuP%b>$6I&&n5Z!E|y}vr*uEs9KybME*4P&tr z!uAQkFsxRCe3k4h#tWL`V{M;h&8%d3Wu(ew5)*|&A|q{}eXeQGu(to9E8s@43i7ty z(w~{d2fBZ`fACVp29oxH)$*xp&uOk*fSVFi+aGi;qHXQn)3?cg#-gqEEV%2#dIGmk z*k2HrO5glp5+>vPuJMW&#-2+j6flzO>ftUOeXkA=nkn&A%v+l?X5ehkbWYxk@1k_W z+4FUe6D?~`tY+@l0t}dl(l$8rmTDCHmWH)gOrnnO%$-}48NB{7y;oY~#8fC;B1(Dr}3h zqa^W1AWeam*%gbmc0Cdp^e}$L)C5o+$HG5~&2T2j^4Q!@B33kQ#SBMu^MaxD&Yp!j zK1MAu%uA<-BYmIvEi8x>IyvOXPCl$#F$#W9FzZZZ>D~A>r6Ho99BNiy(I4FF;wed6 zf^c~G{HJX0#4Ssjc5IG)C>wo%`l#-S&Aa`_)of#~l}~}%#UbByst8(HB}}{!C937L z9QovXajj@>o{%qBic=6tgs@0$lT2(UpZ{Twbsp4|v58K=xVT267bHQtC-X~-m6ln? zur;GbIu0B>s0Pg)6u!Nm4B%ZbIf1Cq9zX9R_VB=;eSMt3QkBXv8$UV@4&JDvL&@hC z(|Iv%Bc!Ha4>NHIM#foPGADSR22Cg<6sQ9eCXL_l`W^I%GESJL5Mygt`9&|C2pCMK=uk&=k_@-Ojp|=2Uyc`WTl3dUq;XZAzXRExqr3TT2 zGH!dG0fuTbszyqHoovzvXTf!vpxM=R?2u2wXCsl6?wJdxiTS-w&z9t;KOw0nO6}6M z`GN2uP0|H-V-v+Fo!8oT>VY`Kf$ux^1`+ShbDt5MeNmwiNcpq>bGp@HAOvSlrucJ^ z6*Fvk(f5sSYU-DxxsCnQk(?m%p8ohZv|L;-ncGnb`ua=TZk#OHE5K@>e08U({4D3> zGG+|Q2Fmc>_=>FW5Qctq3JViHoSQJjX0w)aX`n7na#~zcg zKIe10UUiU(0K+mRcY=(dU%>#9$-r|%tNegdtF7j-h+oEqJguD0^wf!D&lcs$5`15# zF67HX8CB+x*C(@86A@jZ-H^mH{9sldDCFm<3mvX!)=0ZidE9bDdyjrQG2NQ~_yJ#1 zm+7i5%#ciARnhTvSW>qn46l*SLwIpv=M{-t&jg-sCOPz?JI`B#B0g~d5 zt{FXiBIq4S;#|8_hyTNsMjjk2%O_%Pz}5B5zC*;FUz9>Z0?|3b4^9Mp$nkfTEu|tw-~D^0f(t+Q$xJO4_N8-lSc$&+X3MqBQ;DPLqy8O2{Or*ykl=!^jHnoJ+B zo5wWD^$#{TKB%Ma3NSjb(4866(n8kak{Yol-t>Yx7+7si+@BrF_e&PfSZS*O#+I=? zjswP)pJofOsSBKqwwc^K66WOl`+$VNvzVQFVvV$h*!1}f<1uFJb~A>OtjuW#Cc(+i zI=lI`^&JE*n*2?;@4G`dvW)91T32V7Xh+BC|8vh!_>5%S-| zH<|i-FT$61o(CL`c16zzu<)H}9&tg|JM~hkRiM1A zrPqz!ZaJ5ha%ug8^SHEW0xv)Zz7>5pP-ofba?eRn$3ksha}u3_+m;Wzi zmM}Jy!(<~ep<737af+iptzTHVL0}s5`}$BpQ)8Sm3Gtm+BDfdsK-aIf0qv6$W7pSL z(3PIoI9r~SVmUfNo6(Jkc`>2N2e+2S0$C5T#pf|h z$Du$I9khW3JJ#lRFh+;j)cfWRNhI#+8YRlNIYXbqq8UyntNvZ%^OR$>U&J9Q7ZdR0 z8awuh)|uT74dTDFoN06Pu$mK`GnSwGQ%9dUwiT7;1p$if%_{Y4Tdv+UaPa)@Paf0) zHpAD#@)A)C;b)a>2ZoyiO;5}jp%4y$bE}!KO97h0gn->AiwdB};feP63fgZRESv87 zV4?{Cu=KkZaQ1ropVzaXyVKrNI5*8nde(SIsOf(Yr~e(N{fGO@!y|y)NGKV5{6C!6 z?WJa(`@54_J4(QFf1<~|#@X(^eu6ad{ISD|=r-;Spc7zY4YQ zVBfWQDS^&10J(4J8+!RqZe>83kfK*t-nE(K+I6ih-`f5`YJgSzx5+|!ILnlx@Vy@Y z)XfuExf>tp<>Bqg_EDo0%+X`I`M>vckOF)NfO1O5wghU64(d3jXlkrxm`wukH#Bnq zqbr5Lb%4lDeh7RA;Lb3U0Um~PxHU?EZvA?1W%5cGsms^la9zO@A7IyVhs2(1@k0n> zH8s|E`97Ehy17q*h>ym5g75j+hh3Co((9$02F+G<1?*)bMDMvXaa6(6A1(3Lr4kvy zdIJpgqiHKOVuo`w@D8hOCBf2dx1y?}Z(f3gqtiqj{$)`R_`*p1E82jS@Ux~0t*md8 zFm8w2h21r^K*LHp3DC{zSqsTYCABHLkV~|xQt~~xMLuR5JV}=Fyg*S=W-aX8?*P0i zxsfeCDRFW2P~rMnLx`J=Hs5K#W3Y2K0yg?A55Jelg|OVwSQgcLP;Vm*a6m0om;Hm5fvpZ|&+64&SB-E&e-KthxwQg7DGRq8me>XTvTCyD5#pY^vl6 zMm~+|<45?31*J_TUTD8lfSK+e>Je%qkd&W!SM;OPFhAAzQmv>bDd08iSV>@xv`Lbx z-%sIto;ltQ`sp{O&WF!2ilDZi(|%SIIOX|r`-66J*yC4Q1C#W8`}a20s_Z0Rf|%J>_L@H-+JP_t~e&WHJVwq6&(Fbg6|u{c~sMQ2OW2o&>nF@4N1-a;^Bk#pdoB zlp^~4^lIo%$Ipss4`LDql0Y{PI~>#HEDPy7CqN7o1?ugIf1uYA(6?;r2&E~tq~^6L z?rqf^-dsIH~G-IcILaW8J1>B4YBUOpDyP4E0-w&kN z`LMFK8ouyy%=doTzT4*BSzUE?cK$7ps^1jC7-t7l)P{#l_H9f{o1BkkaL~KK;RZ?7 zFK>2zF}isy$yXeh%qo(A2g5T_Q=>yYPYu}P;4p`n%h zVFvg9P01E$0Q%lm?P=N2Xu-%jTHQyq-F z@7XJe6q-0_1J{6<^!s{;)!)tMDx0mh7>{@9YI(Tq z|1aj=Dy*&cYxkw?TMJeR6e-YBB)Ge^!9BP`@#5~*LW33$R;MC)U0w^uW%8~zswJ%%CPr%Bwk$)|T$IFo4DKDYf#^XHyDK_O zJT`023uNIPIyR7}^WlUc!S{aAP8%UZZ`Wg?91;@evy5<)uZ(WEkE5U}M+Q2-*AjX} z!CJ_64g>c<(>#Bco4^E4MLY8F8er})|M91H+B2{N@p=>ZN(8*!xXSn27*D10zFb?k zi&MpWWSvgG7KHI4Jdz~Lzi=i*^|rOS+wNSeu3z^8do#(~Zo@cx+cvrN=d63!Pr1iA2oY;=wt09u0eBeTr3dX2_|^L0ZmE2nA*R*t~}` zXyF5YLAe0rTyJI0wv?(tuAUSgGP4CZ)VU=l?WB=64#T7VUUu}(^ZPLgDwK#-6(66_ zs1?c~(o?DOo_kw8=#Z|Mwt0WWT)s7AqXp^wAXsDRB_QpCzr53GV*Y| z5%TZj_dRXd&Zs#-51H3yX6YCrv?`5jYUIFHkCo(kM(pXcs&g_Y#}t>uq@Pv!u;2(d zZ811}P@Uq)Y%jsR_ay^(9x)+nlmMbd*-hq?eX8C zTuVTU>;}*YL30{3QK9OXfEQcA=(bKqHS9QO> zfIk$3ivr#5KuZ34;@s{u;=PDRI?Q3ms**1xn*!vFDr25Pj9J~1?KF3mH3%|Vz>Ndq zl@==buapbgV$O7aFJChsYZ8EaPiL1qsNFyqb7xJT_@Z}x=-ezX5N(aDeVG8Lqq1~# zpA85TNLqT-Bh$~1{$f6=-@Ek}pMt%smJ#A)(*LjMl4Sf2NGJ8Y7SIC#@<#1RmD`} z;5=TlV+7X|trRW3c(SzG>}LviQ-osn6=PC`-rME9X~xA_DnKj#H{7`Ee+b!K{{zPU zKYsxH0R0z9`6qFs&FlY&JD&;uJJ9&`{{$NU-#X~U-uV099nEfRM7jX2zyo}jxhSJd zF@K-Cix!_(56;)OuAa zZdVsNJ~MtFba%O{c8coSTwsc9cuXc}_+TTFFj_IyPo$uN56BwEo^8!G&d;xEf~Wj< zPoh224W|_NB}jR&=R#)(edRpPbGc7>V+gH?A8RrV$oRXsB;hm8Z!oNUU+6o_Z|OR} z!2B+v7*%brcE*4Cl}n3PqpH5(@f5HA!kpH?7w=&w{W{6l+DO-TBMY^5A&M^Qwu+O) z4qVI6%ukae4{Y#oyS5e}h|4si=`(Qe@>uT#DEBOKF<@ri!4^J}zcD9!cZtcl?|1-^xR$?2ycNI5OiG;Tby8^n*eLL{TRvU{nf#;+UhT(a0r#FbS^Z7 z)#mn`VbLb}O|J_kIQ!^4TI1#Si8=At8W&l4Zzp)7%8s31+22;OEI~o$@Tg(3^YgZS zLq#DaGB>No{ber`_kVYG7vp);!l~^vd^goovPYZvh}j%ekZD2^KVbI(ohMT34l`-p zd`rr0&W=8HAIP$gHKB)dn)wY% z?sdp5eHi4yzv@oUB}F#F)coqdXR033=6qRmVSo{7j)#&~igr~1RI47W_&+L!Ou6iy zEz(nujURbOzBS}|x|{=~|J2{dXz=bT^TH)!Ml0ZI{Pgk#JPY?gOJ~-{C;TJ@snI5ua{fyg!aa#KU?HE;8nq=bJ({# z-&xQ9Ia*PAKk-Hkt4T0yN`A>D<9H#U7R@E0Z3ot7FSPC8woIm`pu&6nrYa8IH4iCY z_#CF=I+;N1gZ>qSU;!p-scUZt=2~2V5d|drj)pavHxA8@OZ!gHX-mu!gh8kjy*nk7 z1ESB&#?+0T=hes{a~_=*GY4RA+F+1UZkfvN3E0@fbn?vF)%=5l{Jh<G|;@Zv*oc(P*UQ+a$kK{?|zmntfP9#&OIVh{)Zur*u% zs-H(Lb82WMN!IANtsyak@`X1Ugy&nE*S`jc2mnl!oJb&4)qY?bkYBe-7$2~(6Gg1UJ zLYw&atfY9Vb|yaz1YH@&de;_eHP90dOl>b10S>!jGSaaU>9)_x$81)UqsQV% zTLj;=G0zNxqFiID%<{1PWg6r#V@AZL%6qqI>l3$m^#gU(?g`C9C$+}|S_|%Pi@5Sl z!Er^U4nPBvz%o-`79^Y0^O9LLdTrIEU7D4kcW%`^S|m>G9MA4>-=# zlek$%6)gNQZm0G}NxeBW#9O7Q2Ol&qHFrCF^>VULfj-R_*zr#T&QjQw^lSQcl5WqY zOoxEeJ-|Amz_9tgoM4Yw6N30;(5CRgoKL?zsQH)&y!9JMp0#>CoV)~Vp-P-lc`^0V z=}<4;SIN$AtupEV-2R#QW{R@aPk+lc%3r22sv*FH%hbzcZ0%J16l&L)JdzbgsZbJR zg!k$b8OS{J$x!`f)_cHw&MR6`WH!Gl?q8+svMOw^reR`|HViV{5S$Wd5Zt}NeUL;8>iG6U zNEr!!Or0&+FnD6Nr8Zt}d#7{GeOIB4EnYfj)6B8oWOsP)Knb?5x=e2Mf1!%Lo-3qh zLyk&`Y9f+Sw8ro2m%vI2^T8N%;_>aZq$yTZ0(1)%K9#B{bsV`31a#)HmEJNh?`Y+4 z9k6wgTz6SAB9xfFy`q_BSqK@qn$2ZYPSnEHre2d>hnQvp?y?FeVF3Njq6*REVatLY zPo}%_50O;SGn!OB+o5xRA1d#ka{HusaATNArwDeHK*8inL)I_=9aM)5`l!xbj!`zX zy?^)|3R8t}HUb&HuK6{}{tWOJ)g_nQqIJ@pi6CNJ3kC$KITu$Y*}Q?@VM8t#rx}RW zR`X(S+u6OT-#p zm1w8FHG{#atV$rcCbGdrTHR;!XXKWQiq14Ckh^m+0E4i(lV6T8f?JF zyCxI3iQux}=Pto5KHsky0YZ1arN6^U|GWYk4!$#NAoo0IO0Sv@z{-TXUh4(zES6OT zb29Z7o2B)YBLV-4LW`uZ1vfxWKtExztgQJA@C6O-SVUSuq7Fx3xz`vXDc9Yf!PMo< z5ClKe0!!B00S-^U&iW=?mE>lB^ww-3F*lVQMa>27MOR|Xf0EDdDRsQ3i15Uxm7xK3 zq)l=he*-wk94At~gLrUNO765k($!gg_zNN){U176ur+E=$pj&tbcylvmtU}ZayAgR zzRg@7#IXYt{SRMC?!?SNJ#ksi)Kb_;UvHP$fUYSULkzZ13QiZVqfN%bH$z9*0v8*}bwzV4LK_#Jo`R28^wJ! z$p(Xr=!L#pb0cCchP6@xuTiI_odX*?*GsUH)FSO$uX}F^LDbpC{TQC#2VWNO`23P5 z=YYcF9=lAqt)aNCubo*5ym-ilOXe6d)#IgUB zvDA4OdV%bpR-u)e9|_gvaZS$t!m2v?eZsvK0P&%(i5bAzcndrlpbiR>zUwiG>-8)1 zW+(?UF=f$Dgd#Znj;wun(#=SMnnKd8GXChRmD zzIXW+^`{1vP_@4r#BLtMbgqFqn+Tx77M;>b&%=~$jiEnt@+mR6mtmRNw2(3wpOh+e ziDKw2-)Oh#x9zQ)gh-X?__fwm@JZ#XKDVb)swv?`yp-X|A=T6->&{f#VOGV_O@*ou z9pl6_OalJTQ56*;kYqTgA4u*uzUKZMAPb?j1Mub;`B$3~V-i z*2@DKrH9%q6Za(PS9lsmx<`SyWn;MuHAvDfjfcf%-lFe1*;l+HxvGp&4%L#5*yXEK zv%cD$iG_kMty+*_11qlTkM0KmRE+mrN|K1LL?yx+K60!1&DK9bay~w%((lTe%A@vV zSma>^DnoFmM-RmCtpWbL#(wiB-5b669O)Q*stHEK$owk?#M0;A?SHZQ`oL{d&re3> znqBZn!xY*C9VYIR8gv6fmLaFg` z&ML@K&qrHGc#ZECRutRriv;xSP8iV*QV}1B$8M2Gzszyqs_^*XIo{(jy4D#s`Dv_J zn^@8-(oNR3#vPF)h*9?E6MV7ml5a)beVg0m1DNX{f5ltvkrCiGYoFzep>RsU%9R~^ zsu{*DG1P2B%6sHQJfdB)(RtzI=4CS>al}hlhVWy~3n8B<`}z149}AgJbx# ziVw?dwugL|=0xzz-{mM+KkMWNZ0WUO3;DtGG?{Zbe*77|ejcR>m4A+Vqjf&g1EP;s z2a^V5f7t7>aaX;kko5)O;C&zo*pUZ>*+{yX+Qvo0u#t|Z^twMmfD~1{qQQuOln}6X ztQt@bqOeuc0Is=h9D;Ct8Ge#SQt$|VOb1Mz>JybKAPcxaAH`2KC;D8;|IZiwz3@+q zD%jPHg$|sl$oy;aYk14#IqPv(qkNOf#S`wDMxVJxFb=^0zsvREQ0}OeROxK_q<7MT z*RghBpq;X~;KzNpx6*cZJ(;gI0b~sO{T2oQ*8jM>WMpqq!jHcn5`jc#@9EU5V11iJ z=1W3|3xIdeWRBuNY*5j|kFf^KQ@afary+O3a~T^=Ku|oe^mPiq5jmjJnPhB(~nN|^w?(0S{u zzJ~VMc}P8KF*s9)v}Q-ti`CBUYA9YZMIV_1c-_LdZ*LItC>{$LO@wiswtq66A-6#$ z&&c{S;dAnCy#|JIkNel97;y#3RRg>ykN*y}h0ug87t_TeCW`yhEH7urPF|;_(4_M> zw8=8E)UsZheTny(eiU%g_Y*V58~8q!v`icBq&e@1v!H4eBhHGwI92>jNr3QbAHq@4qdXV)Uveb{i#5eEDYyCkYncP%9O72Pqp(@WyO}aL~n(YCwy?3C{(Oc7KWVUlhr4f zGWwSCpXwB)$>vK+B#iri5!HE1etkb=ou|Ph3x=TJggd|UE_AG3%WRmS9I^66ztq8< zO}suYJje1KH)KIsB#I9^8kDo&3I0}%Q!nb*MfUSh?DkOI{_uHUzuB3v z=WDH`*Y>VUH1|D{WLeOvvc4Q6mc~q@kqtx7=r}Q`S=*1v!J#Tx$2cpbU?c^CjfJcr z%agT~JpMAKX=}y)O)+z`wZCV8hZyhgFCOtD*zqCD zGdoG^M0EXVrlp6;xS_Mb=l*1_D?QKac2Mrvm6t<5Q8=H(nqo};dK{P;{cf@u6wXKfG!jLner7Y@KZjJ@8 ziL0RasphXzWTnISxkAFGO`nZ?#RCYUaYO!G=K75OMG);5HM_Qvtmr}6X33`%g|Si_Ddj#n9J2i zzw|!J!?Uug9_1I!?i~_ODIx!|z1IOG zt2X^onZS~{9JE?X>*%i)9>kki1qhHy^JVL!*iEjlh}XjiEc{J;v5~k6k;lASdTutX zv#W)v6zSRFl2RXRk{Iv%P7|5-$mbO`VG1aKWc# zdH+mQ>rm&G}4Y9Tb`39yZmDw=nNu~vy z6-I=rswD(Gx_GE6zsnmyC3n-UUaydF4Vzo32j6lmYE=w)-qqkAec$%HJ9L|gHQ+7> zRG&aA16VHXTliX|Zg|ca5B1#oshyvnE>CuSW8|Ly9W$3S5^*)_47fLMF`y3X`!z0e zg@eiRK*mhGJhwXW2*c^Uc!0t`;`CsNCtG@%-`~5G_Dx?x_o7f4rFhAdN;aJCT!b!P@K5CYV-Yp8+qfbx~T#!E3u^IDC@Rk3?G!$BNSni+;&jCWi!{=NQ@tVD z>yxvEqq4n_!!ti2v1s}6KC!NzsWtyhUyPVGFus0W3g7iFlH9y`# zNiEi15CC737157XYlEP!NK$Eh9Q}7d*lqpRtWROclu8_2;1Wc8U0SdEHtM0~lOyT{ zmN;VZG3sIPdZWBPLu{@sJe+o1AomBOP;;Vr%GO7RxRb-SANPI83+0x%W4F5eR?9n| z&~nTJLqr{4h2)X#vg!GNAm*_mwasSUbff*2L0sJ{7)D$5%gN19DsnXTfL59JdM)f9 zLP=cgRKy~FKjY5ik16G3+ynO`qF%F*^>|W{q&eetX(N`Xsj~gkzJQ;QpIYbPqh~e3 zh^hSjv~Z}SMH95AvfF;y8qPWGc*FkbwhG)Ev0LotY21-2mvg%@|J;c+K|D8I2}w9r z^WDc1z6xYuEbup?)hKa3%DdyICG!UV3Khn=T*@aQGI`>YvG1pWr8`O@xQ7!C7~Ph( zr`3>Y!j7-C2Eci4ag5T7uk=wDYhzu1kPOREMx6KefNi9{h^^>+QkPHwdG|0sL$7T} z-!RYEJ${CP-6dvf1kOi+f9bp408p2D^@I@n$za#Ae)$%husM10TI0+8Urhhssa^li zGynfv|025q_P!1W%{McRB+{#s8_|oRVp>Mn>&x3NhXc|7=wPpy!S8tjnim%4=EU3s zZchH(9927nO{{KV^Du9CywN)mCv_gOyeseLw~nw7+Api4r-`%W0q3lp1fg3vyv8o@ z5y2Cxmb0;{!OWNtdGLu{>aLG7VLawmHy2_=t!j|NH!_ zlfw_uW}S6fDT(DUbonzLpt}PFnvVwuVid~)^%GB8?yy*UWW28mT-7jaQ;t>P>L&X+ zt{(GFbuVOK^Rnwc9Ox!@DPQgp;U&hN^531=enR|AAJzkEG&Wj56?w%a>9@GM8FlK41xLwmq zElS1E`td;Yom$D+j>YR=k$X68-|jrcf(M8@N7m#7oJeHN#W6ocbUN_}2^5a)*gM1D z8*#XZgk>>A%M3bg36DgN`|YcprGL-UqX!MfSr-2ZZia5%f0SlN#yD`7-->M9;mUoJ zo#*yT$}jt`Y+*WGb4N-2_`bZK@{XE4C?z1PALE;xJiI3y6f|t~2P|$e>3>DT@=;5z ztKgMTLcce2vLA}r{{48mgkQ)ICS+@9Pe|*I=HRVG!nF{q6)wYcf8`d7{6cNs=!Rcj zwpVcog-Q*2J}42?NlWjy_{5*7E?7~nayZ7GSoM@cpezcm;J@iXV^<)9q`A_Hc4&wZ ze|Tc&^r7eR4!rHaj0@NUkguh?njLrx>mid(KhC^mYUr9Zk%z|tsZ!AwqlY;lpwf)5 z`{9-og2%f-ghJDNjf9fIzs9m}*#pBaCn@}A?-?~}Y~f&+&)vx=8wJ#{ z0!mbNs=XH^bWgl;-$&g6l`1a1*>_j7Q$SIe^RFWs%`KThsOat%q`|?|1ST;VNE115c4WNtvl z(wnPPp@R(@h<|>ZsOrV|-l>aKRx3WFVRVZL)2SfYOL=+aQFeMtdGH$FrW85HA4#56 z`ZIXM!nGkO9=&2rZ&%~oc+G-|l=t6%_zppd7MtIpr<{ph_$U*7fjlKrczkKWw)PQ! zy7EKzD{%Pci-oY)rpxpR>M)44RA}&`a8f&+RF(Hu=zeUCso_o~l;PW#666}-8_F5l z61|x$^8uvqdvUZo@^AeTlOPI-2jD@ouLb6f9k=?{nvd5+)6c-+l|j13&tJTYC9ID< zQD}_3)Xg`ucwTxUMHK#hG@-oU_2-*FZrU^Eg14mGCpqnFaf%={smsp?O5B5W){=uX zM1aoT(7n9t!skpUhcpxK%dMVNYhb$N-+&=WSYe5#2HA)>pt)O_sSufb!CibHdq3T9 zQ+TF}y>j$E%eR_8(~{|OmZdkcI)knFB$8fXvvR1sfQ^Yx{S;8Hdq@pL4-RE;o%uAy zQ0?O{}tp2-6doGR$M7y7f#V>n>fAZMq zH@p35rwr0_?3*wIoH_s`6a>yh;LgOB0TCq81tFJZgqg%YMxU!SUj`#8ZYFr|+|H5R z$*dI>#YQGk+qquecg+%H&Z2icIk6*MJ1GPD6S*#^qhLw9@mFI6I9x!S)*@vX zlADtVK?n~p{6h%MSgl!72(tK1Xz;bogAibdU#t>Z%efqT1XNi zDH#zm4~qKKLrtylJ3`$fjw#9&ce9hy{vT#W(4rBi-N{ zLi4MUnW2@Y*AiA=PrtNi&2++R&x13IVOQy7?oaeLi<5vm)GZn;*C0S^v{I-A5&teO z1wr63J>zp@v{0}-Pu3Sm$KDzj@h5737-#y6(RV@=6V2@K01z0Sy=a z!CX>x?v0(?30O|O_B({FNfblWEQK_CYxsLFGg7`{Yfu$(`_7d~(6#vOJmZ=(`~|mn z4lM1+J{>Bh75jA#Aqg)0#co#!n z{5|e6cS>Pji`rr>|AX*k-kff=%k&eurIaS?svu2v}K)ra+$?S;f zq3=Br0Lf@2f0oZaAa6WOCZ||fW{odt2xL?^2`}96Ao>7Gi&`llZ$Zl61hNiQv(9xJ zN;qzl2y8e_TQDM0+M*N|IsH5KGQY_qw}6-)<3Ga|;teX@xqwi03T03Bvj}Z@*K3Y4XQvYZ2^_M@NMAZS6+>i3s}>);-jU27lQl0-e3(l{FCeA z?qET(oj^}RF3XYcfe4wu+xj_hlX_YI(%A&iecj z0Bx!yCamcYAjYhqEGb_FT>r$|Do-EW4Kn(A;ux>Qz5SlvuX&WA=5p|GwJBWeIqv2* zKiz?A-rK8I4TzNDK|T+`7Wte2HZC3t$8Ty&TC+_^GhJUdr_?3N#Ly}|ElZ4aQU$c4 zdM4r1-)r=jDFS5xIx{1IDBQ1NzHprhd>1tujVmD$sd+Dj-fE#9*rxV5*2o<&IS;N@ z68TD67Ke)M&TR&>);7+oF4V1U7^*@#Sl1{PYL;U%a?$F@uaWx<;5*k3UV&eH)@Auc zNm7^4%Y4c@82-W>2*r4#deycqV-~uV!|~FGraYAeEVq?FdVt*tDDiuit(AsmTcsgw zg_ILm_SLtZeo;F!ZpmJg4B$b>VA9f$dz510N6Y5Vj&e%6O(z|QRBHCK&{=#P-Sd!9 z6fJzk;Zgv|%AL3(dQL$oH2CBsuj*CPhhN$toXxalF|Hro@&P0x4*g$5!tOQi zEhayMfDP0ce@p!P_ zl|j7!)$b_)o&rho$pwuTCQ5jD@qNUe`V^HQ-{es23TctCcy}`w>sRXtW@2)J35n7331G{exh>yReANyxZ$KnjeY4Tm% zUIge}e_k6*LaH!Q|HxX_GPhIqEp+@jD(e6lFA+@r4uq?cB%hkO%C*)WAVTJ!xKI4j z;H1}ng`*iv?nrqy+q=Mc3h}f7j44kb2-Krd(qB=I4+bB=RRbv>IsoiY@_X>(iI0L0 zrk>mX^7;Xj`;)y?`UUFs4tN5Yf+dbnD?UFVSnjDe7|jE8$NzmezW(1l06dBRY3-k1 zUiOzb`}<-4?%gilm1XSftzIlHF8bXZxg41M@)urM1S+F(qr3kM2=X+2*xfP7?g(CQ3g^4n(U~yL{S8{`){h0a z?97khl`N5|Nk6wFMm_1Q7MgZm_+$*A!s17J<5Tt(Q_Iupgf4m<*B@W1v8$L#y=w#} zNI8>KA>@~CNqKuCHZvP(qNK#@&p?>MrXVfm&U;V1ov#xFZU*T$Nfxw1$vo`Z;IY|&|xtkcULJ4*dm6zD?=C%YsLG|2P!q| za-co?-k<&IsNwhfJ|Jx+b|lFO0KPg)K!&FDW<~#zuq6{h%E_$8Mid?3+!FT^b(1sl z&83MBz*|{>9@>`aAk(f!w&*8``S`_=Y47?~Acv2DoJw4f`Ma#80{o1(AsHvMMB!Ua zc*Tqpwx38Ck3zQxKJ`*jf#n{7%q`2bklze;dIdX~;U=uCT7XH2@0TbDbJ^7xz1SHL z=4=J-+8UZL-fzCeCb>EW_{#=tN_p`l`CX10Rc$)@K6sU7Y>urJd?5sBS;x5iY zB)P*-e5*#PhP0_fqm*9UoU6{xtW6X87$EW67e8nEFk?&-Fgv?p#r)C3T=k>5bv_D@ zxI3VL@A?x%5*-A0>Eb1km6-3DE1PPiJ|_kp<{C&0W}v4%63w)lYE7S7v~Qv%e^4~Y z5FR_B>n^O43(c(FO{CAQ{Y3hxoWv~9Kb4j;T3GXUzL4&?iU*p*W8-%RY`3}iLX7Gq zp2D6MFNdUk!KTvX;UT{VzT^d@T%bruDi<2NH|3#wU6!;q@6U~pvn#66VHlQQ^@}3H z-*eS!c`!!6`IE{Af(W>~%JE$tR@}R_e9KLze0JLA(8J~B=9C8$rF(@^Dvy&{%?x_O z*w9{yV@Dl-vUs@`6!^!gcCjcT-CC~i_STQFHlaI5$6qX9zZoRP$CUtV5!YeC6Wy6{ z)RLuECCKWOUfj6gPtCWdw@pBRBlP!l4C7MU-X6C_t?BNmr4TqeAg{qR*(mra)KEZ) zy7SW<;i_}PbAq82KZs&=y6ebUzmL?gu&{U4n?*c zGHpbQ@E@}whMM%vbL^+Bg+Awg#I2pb_zw2cGgBDLDfAxm=E1e|XGl4=;^yz2Ny?jB z<5fm^KEt{>fNjTS-?T4^S-%^Pll$>JZ;q4Cu)L3(c6Z(ZQ+%O=x9@#*=e7LcO5>41 zHuwO5C#clq5Kj|UJpvM$QWy|lP1jfYhno~icTumcsEa76U;IncDa|w>`?DD{UQ~86eL>6K8D(S zY7Sq~V%bM^KIC~9U6eE;lqX-3z8$wp=6ZG>^d98Z(TA5n+(t5YpCV`I7(~_AKA^Hq zLTMNg%7F$F?`L$&A6h0l(!p6{PsnGkg&QW9KJVti%)qcB&YYMO^k%yNUvo`1`URcx zRGd5}lEj**)48^0h%JdQju}W`t~9yg4U;{wK6>FxY4KfCj4z$B9+|T{F(&mBl}i%{ z8HG(s!fo~%9-H$?wd*Q)M(K-1glW9+(h*DrDh1F7eZdcV56oE26G%hE=HtWNQsNQs z-c8={4s)iM$IXO=N9fF+;*93xFl)G_%`kcJeqC*76-D&#aAiwdlq12yvO~AE>BT?H zAG9UzORTPsD8Jav6het3jTjVsuH;pC#Hfljw^6mEJ5rRfD%y&BPbc}y1QBImQN{>b zsJ21V>jm$cYuM@K*I@(Ua?}2)5Ngu~DYZ!m*sqU2JJ*kGwrx;*krv+$|CP$)0#dV& z9_KKKfoo#uzZ}Rs!WJ2%naw|JKmc?pg?1P)!__3+HfzcW)*J6Dha3Hb=ElFMnXAO`yDFTd5MfUu{w60%P2#L z8~av>RGAjUU4`qGr;sS1*(x^y03*laeJ>>s%gKR#Y5J=Ga6zq|bNi$z+uid8{3$4)2_s{nwMsLq` zoCpHHXj`p3d+!^8GKpfvJVrzD>ldKSUKxBI<^E0Zy;aPY`DsJs*LzB-B}l*=By~F6 zYXc$p@GHRp=kA1k^gm-^1X_BP!Ok7POxqKU9=2mG?MLej2v38LitsqmB2G)kdPj$5 zLR!%IGc7WoloMRba)83h8-2_u7I8kvE#!bt+hZ#PSJfs<&4A3V!WIy@a$>j7t_mv@&8C4%jr>H2zY8Px56X>Ye5cQJUKunvUgnjA9U2fP zg{1VQ*l_JF-^qH2>bbc0nkP`nl(97> zLREw?B7U(J%e(0pyv2_a>_j>2Fv5Ao9F;YMl8rSB1kbZ$($A{#H~2?XTyLX59aCAN zddR=DX)Za|G=kxPf9>VQoPGBEeLsWE_$%u+lZ`#`r+oL-cg0hTLD`L+x3|MO zMl9{Fmy$%WxkyynByEJ8VoTLx2&b&p25ZJ7Ms{gAa z_KkFmhIvCnk>u@!EebTeBQE!^p5+sxb$lL!m87|HW!{;m*2t6>Nuct} zJ6|W1((IGK6O>Nol!eB>Bn8g=G6F%Y)(o9$e0QaUg@W$X)kpzcsr4lM4o zp^L4Sp6$&8v5==T2;s}NoM zm94*)wg&V1Ym=C*_%rFbX#Pq)`SZgi_3lK>96PJH@P(Yr^-x_vSApedE{t*Bs>uDTInB$B^G~GneU(<~S}F5?DjRiueoH)d z1O-C{h{+icZEdqd%l!KDA40hn_nL{5bQ{Z~9Lm3v1Z6wBc~Im0D!vCFQElS*XX#iU zX#_?K9GU3%e`8_-A80d9r8A*l-UEib9Mq6EH*pS8bqlW^w%V*R-ey6XcM{A|MbI!p zIHvvW(pFOjHyW89OE-JA}CE{OeNBisR z`@^?anIW^Osn_`rpWb=>eU^8l$w2b@pXdudK9tejuEDqQC3hc1VVCT)$2`2z!7XT3#T?%>|nj19d#k-{1|PIN|Jx<%&p z*1hQ}wT4t6%?I4R*C0VdpxVQSL2T}Pi6)^QAK$TmWUAGGw1|5ARtFR>j{8mD3#!~d zSVCsWe!$**e4R+R66?LY#L1$30-*`=(i;$`ky*^V`dA zX9C+!BdUJQorbwK3LA(TsOz9&BM7QW}i~u)x5~N3>)K& zY#_~%D0gjWVo_Vu-s!p60=M?OC`I&zug9ysP382J&-svTzH(}=y5eoHGn#1^xjP1! zuAX8~v(Ul1G!|n}x|+j{jXW969v}JM05#P@V{_uBW_i{>Aa&w5sOec_*R*d|WmLvj z-G@iT6J3zU@Vw>hQBTfqx;-fBhbf+%MyJ{OWO*4KJ~^fqLQ&Jdw~vdZ?~wMx#e_Tj zGkbUI*r3Bvbk@1XKGf^_R1#)C{(2bu$N3P?=!oN}7xaj#ya#u5sKZY!&)!Q_O+<%W zc8lfdsPe9_QSi@=5=s5`Gb>dWT>aw*FYnekT>MId{Z;G?oEQP0P}IW+Z1v$J`sW(12Vs_;mo2AZNVqjp_nASQk^XRo&HAQ(Y&@uRZU!fL|1 zT0w4qc6!@r9mX|RCEGh(R?zw>jS+!v8X=d9%FM=3uYgb$vX17pxt?d<8DoVlzu3IB zj#ct%Kw?B}ZmkRI2=0l<+c*@$yhG5mx&)u*j~4;}G2%ch3|Ci~-);U~EcMDjB^n#x za}htwJ96qIoPYS+_rZffj{E3{UCMv_6YGC5rz=(-?>`K*6+XOINk#JeH8ff#+)Tqw z!%Z#AeCEoZJt9njCpAanO!-#Y?~i9);)z;tH@nF3&1roi?7T6Ve62w=M5?jq^QWer zfT+kj2(mjdfQoxP)C}t-qi|OEzUaQVX9}B+(dCxwH0QVmI}v+`m(|!Sp@k$O6d&KV z{l|r~Xpf^w`Ds8&PD29;G)?eJdi-&SG&X>~(~;bK7{uDE9N z0f+G2M{((bY7L_y)JBo(2AO+f70k#`+?k}gNCCuw;yl6P-8h=EGoZ{>vB~0Bpv1&j zHAxikH#{p2$tx<~SVET_m4 z)E3g!_^7xBDH52WP8P>T#BeVMFV>I{20R7&5Jc>mbW_|DkdLgXoh}gRHs~K7U-5h355C zDX(mZ7^f>=^`|nQ2aoLAQI2g&=|01r`U`eN6+DnGW}erkBMmS2#&e1qmx6qTpUsIY zj-jlT;2RW(Y&61}%j!y-n?7IIz)rG0({;GBtJJpev1j`vU$G;mRK=!$3YUVn`%DIp z1GJLfGH=L365gL)%for$XjEoWaS<$}CSi zW+zpib|?lWd>whkihH_hrUwmUy_KW`i#!4PMjm=(O5Z6)i^B&}6+#YfBG}%$%YRpJ zPurV17ybqjt?c0*w^qYC1-aHj+^j?VH}GcV4)OXfdD(mu^~f5+IQ1f6bb z=P9K}lhZ%>lFXf`&Ci(^%voRx0>@kp1|%1Kmhh+n#XXI5YgMh`WT& zHJ^Xdp}YJ#U0P-0WM+NFb!%S_k2q$O_2;f4Sgay(KF;RK*$Xnry>H&kdo%O0`1<4T|L?A@s;;hT zt?t?Fc^u`_HU)E9$WyO{C9uWoOl0mmO$BDxf7hPm8jS=sV-OTU;WTH7I)Mq zftYtAxq*2^<-d+TkX&JLc;qQQLCTXM1C({C$$flxV)I=L%qs=20wbuiEW<=%f>q|o zi+2#G^3_q>htF%Sn?Imab-w1X#L6Qt!YvO`!mRREOV2?eK3d`iqKmG}!zo1hS`j%~C`10Yxvkd=Cp>`+yXj`qMjh&IP zhN&9K+!LJGV?@BUbF~?%xYnb@jHy8OW@U>z^WrxzrwImi zkmols7KE$tOHK6nJrtyTW@xR56!O1B1QW(8b`1>#rX@AxU)V`Rn`?2GI5vKr_Fn%~ z+cFvEZDi$PQZjgHGxPNL=k$2Px3AY`%Hf0$TF?FzOSz2sCkUD0(+3o42HE-z;HW&AnZ>u>L? zgrFKPQ7O}FL9#ajXYOb8c!AyZ%162FH$Qq=Uk(mS$>-AzSxg|*isk@imp)x%KQGIVQ>5j?3^^u>Sthtabt5xLPB96k4`5zgR^!*P%gGl&0Pm6ZLpX&nS;r zR<=$)Mgep*pSY_tDue6pd{1b9eQpFeqJ`gn#RdQvebW@h6o3$LJV3PPkU^^NA@MIa z^*>(z_e9V|>^Qed>`;T7DjZIDOy$&rQNj9XZU33TU zS1T@f@u$nF5aHydAtUP*dE%_eSjChNijX8XDrJ621P~mM$47LM5IsZ_u>1i%F)^1b~lBo2an6WJdss_2;oe}}HA47Dv zrD)UL3nQI;TIOU!0!d|wGLE7K_qg_-cKr6f0}r;(cej5}@JN?VxVa43K;wsU#l>0LGAGfvy@hvWMCD4^#=$MfG+EW9V& ztigMM*^jyDQwpk}hD7AWf(%aY*C2*F#oM^;!w_ax+vWOuV0rZs;^*A&u`g{-i*S!8 z>!{_YrBauwdJUH@veM6jaK80jk31Gu2!+ASAWGvkqWi}xw@O?={Bz5;v0ub#zgBI>?o(P4$dKi0)I!?kMh*I{jQOTg$cHP&Ca4= z$=LqxHp|*64_RQ5fNp|kc=$!oM?&S0cWJ!XQ_^(wVkR0l@t0L1y40_to|Xt+zh-}h zkG(44+;EO4Dh@xdMB2nZnX$&IW;g6pJ>T4{jT!nH2)U)bqiHxru_a4ztf_f+y~&Rk zS(_H`hv69?T?@gfarkLL-cDQCKt*a{;MxcRs#10xy8{o3L}JAy#YlR+KI;Ae>bter z0ViF@uC#JJ)f=PBDiht9u;*~CnK5G4I5gj)hq8W?>nJ7*Z$U%}&KBVjY>Bh1*7?Kf`#p7Piy36Jo@(6^JI!&%&m8 z@TJl-`R-|#j^8w~9F|QJ9sn?~F_WRLg;LiGaN1pOZ9$=6?8<=g5d{v!1&&XKIEsoU z(=8+vZ3nm?KApf4&4(z%MokAgT6j~x!wMT9+?_rE;cF8Lk0HAb3 zhi$X_J{DXrYTT?UuY`R#vf^-6FXyWCks1`-X>k_ev2cg>T4Crsp1?K8a2r7|T87#Y zdow0IHC-`PgKJ79opiq9Bl*X)w&&|i1+W(wGY%kgh#gEk+O)xWi{t7uyOH@66<1Xv zIzo_~Bl4voQK#3P_S@xWag(D|z`GaZ5Vh=^blT>lLKI5|a)aDM3E*Z!8=x@P0N_HN zf54&*!1ZB4L>_WMWl-R0d9uYW=!hmJY`&757(&Mh+#>WqZ84 zC;T&s-1YL$`GRK`9!g}B)OE994F&Ox+4i~NWdM0t;d-Hxw#4l_J4pR{&oNbW2 zv9dRr9D6+x^OhraUM2TI$Z4O=Z)Dwcx;y-Xq}XA;0V|)5=xWcfK(q=u`pYF7eQP$U z&o!(|PPm&ttxf8R0M$os`tR?rR9rH7aST1r4ofIa*Xq z*S7fQwOX6JzA62qJkxkYiKpp)LHe$omM(>4*!GZYA5MwVuWIKlpO#;P<(Ly@<%`I# z>3$YRv9x420Fh#Vd;3qD2>{du{9=Fs-~aTeQNpj109Kk5KLzqX{4qZwQ1TpTBR@B> zHFk1#G%>XK^=S9b68Sj`J1a3W@vldIekMr^YiAQjCP`~UXA^M~BRgXgrq?F6kUL|E zIoWsw1(BcsmEAoxPgTikUKq)T>sn}sg=T|3?Twomb#T6goYV_#d>re8ug(^nb-B9p zPb1Eiy7TgbINr+Vngt4DR7KpL?zbM=%lu#OPjMbMaG~+U$*ov~cTu}Y_)AX@&Y-N% zO1Yaazxcd%*xxod52Vl8nGfK<`)FpLt(kTGEF`3R6MO^xrP!eD2g}V4vLBmq(AQf7 ze_v*biL**X3>f0?c$8hlFa1{wO+S47HY8cntRpbBVc>uuaC70^>b+I4mc3MNST#31 zyfxAGiIR^;QmN|UNkHH7QU(6QJq9ITng<;AP9 zrf{9A0!+=?7IUwSaPpglYc#rdwQscE&#fFa)V6({X#TWR>+o*=xV-;ZG{Wd}L3dDz z-Ix0hW>kZEneW(P->1yB$-nz#RK#FrmL*PxmQ_Ou%eSKzQSh>MS#rcxG|g`BLiRnU za&f_iw=4-6#RrXbxNNqa2j7XkSHu@8-$>4*Us8V{0rE#yU$CJECq&-)1-s;qel%AD zBTUUC?!kWf4o^ltC4;)>yNu_@C2e6arGnEUQJzi{|zjDFQhZe^(! z7FrLc44>g!^y2Pv*dpaYy-lP}-q5GXcFSrH`e?>{wx0f^cf2XXS5p`*ZBfE{6@m9s z^6Dyd@y!-IMeTNbcf0ME6rnU1;;{v`cr7@CgdcKI&2(@82jjZ$;XaIp&$jK{Gn#C> zrKSmCH7}FxcBdgLTxgp$?-p^ETVK}SVCHa)?N&}`5*}4t*I&+DwM0u-a44n>79!|% zk2(Rz+_^HX!TF3+DQF;kj$vkQplwYp2nw=84*5S2Www7K$|^4JoIUIz@@rvh#iVRv z33W$wAD@&C1BhrAy2tssfRJbz){gK_*FJb|w)>O!a4e z5hG^{J6k3dCN*W5pMl!k+1cKSmx;;H%8=28$i;=UU zp`(edGchaM&qf1jc7L`t_Ww45TpWx%oWv{~tc+~LZ0u}|+z|X&exmt54L|mOj~~as z!S5IKl6JPvOnD5JNJ!ABn3&m_sL3#h+F2Vj zN!UX4hlQ;fle&eih^>>w-{L=Wh?_VWIa=5|+c^@muyaC6RfgyuM<-`7b3;dBHddzB zhJQY@u(Ch^7(1Ig5wmb}G5<{Y?@|7l`7ibLHC_dgTP^^b&WD7>?T$ob!@OUA~~%;XQ|L72?V!}J&G5URxN ztnD0C>J95fBiQGg1+g(vuMoP;=4HGqbR>vjeGk1h`rG8QIub ze*%F*L_|b-frNvMjKfMoK*IWe`}foVKz#=D0&WZjiWC5i3I&4-_0$Cb0sv5O5Nv-U z{O1n}8U_{)9^o0{^B0f=wXXosP%tpiurP3Nu#mwBlsDu%02UPvjf6!69$m>0fz$zm z)h{;d8JTG1S4`!x6LPk9j{be~9o=GOMk?jHE`?EK>L>iXvPCtXkgm_Nw+8)g4M z7b=7Lpcztc4bK!SmSR2~c}KnQRZPM!V9Kb$%f`giyr$OEe{ z;-&(CA<0T?{5(_gOITkaT0ly8!~yu0>)~>FU21my-0tqMy~md#JNu5`C+Z2{U4K1x z>HdKKcxMOBL^LlR6^((lo)4pioEW&C%rJ`?Yd@}g0^k7>{{tw@05*Kqdb>{<+i$`K zGsz9k$(DS95*Uh5{}?oQm&0wGJ&0g~<(hNF$hxtmXQt+}!xxQ$s7BS}o&c7(Ev&2O zchjGhTacaX$<`#6uP`3qSuXNFB#&!)iF%lJZ-qG7y^4ITi~pUJZLF_@&%4|8?F{ph zwv>Y%X+KhcV^gX>UBDE_D90kvkpQ-0(1#YJm}l@B0}rEY!@O%X_vjAE7oWLTQkLdk z1i5D=+mD6d(nT*sKC;ij4yRup;lIF-7!00ALamA8%Jz%bc>)CTyX0Pf*9Do;gIg;mfCeFk)o=DxHdl>-N}Ul8Ecifl*GEU$orO*Ia`W+P6r(X+(*RE=2rDCfsK$K--iELEpzh-Z*RLYl*3vcF7GS^e+u-4baxa&Y z1HWnH>a4)lmnmA{n9BPhO~G&`$;yoZ1=(<&bgk(n>ujZuYvn_daIjMC5uIMt75ZwW z+U%I971@cCh^-PUtcvve(N27;h)}Gg$CrCOqdDn=wtwZg6kljD zvMJ?81j9VA^5DTgDLLQM6w-O^rSb$oR2`Lpt4K+#%!etyFta}Gt$6L4-SJ+)@VdUM z(p^C~>22cT5gM1;>6kAS6`|FLOGc>Y_Y4#-0g4D(E8fmeNSP=fi{_*Wp~z$MpoA7FjwA^OnUG4Byb} zelR0!b@bwnkUN(bw`3?!*D?rcUAq`rc+hj!+jmuW6@(%5@!apmFS}=GTvwF4zkf5m zQC*{z2)RPjg zRC23A{pTq!5nwkWqq)nuR`VOn_k8HU0{Qi>;{v(i*~C85^G-1J^Wo>~(dSTGBj6I@ zFs}amy`7w9?Ly!!rW-F&C477Kyk%k$t%!YItceaMs}$Ku1=kcs{2C}yGQzye-A?X< zz()W0n#euzqtTgQLIoJTOMQu`Zmb4~5_)*-LL3W zFZgm_bpt%RF*oMCmqYJKzXQ+nj zV^@T*57HnhlD;B(hln3THX-!kDig&ryCweHBj41#444zLCv@*>?lm$)-hvUS3xToU z3;}Sw${GJbTWX_d{*i=G6k8%Q$* za<9BsMDSRx2=zn>x5FD4msx35%BWuGt^D+|VI$yvzoY^?L#YZJ(<6^|)+s$MVVqTd z6vtXDOrE;oNnqAym3#fZ%u*{O+)Lf=y$Ait+@iG~!G*Y5MEs1h`R#MF0dN>TT&M zfNRIwE^l%2cmh1@i7B&a12(neMfi?(%`z8_ko$TIgtR(vK2lC`fI^5^#x5FRn}Xxo zR0bD&)_5+6i?(-__IRiBvhQh6w0G;{=Gn(XH&{|_^*;x^MzP6m8R<@0YAkiXo&VZ| zc{A}rY+F~CbhD$!UI@vDvWA_IuEz%m7I&@33rv{~U^i~H zvm7wt= zNa-KN@lQoV;9ddB0xt3BeA}llDp0SfWF~8(WP2r}4@H_A8@zD7*o&G)XFjS8YPyHt zbuRIYSu=PULbM=ebPjc}iz7~#3=FZq!wlJuIm{egN+URsbBVv^q_QS9uOaX|6%uD5 zR5Z&I0IHnzN(l^%@*%av!-_AJ$=z+z=!*N+Xl4s_KEiVx`F!Y0$lKcM{X8uzE*Up| ztnx7DqMGlY3H+su`Vn@8iKZmnXF@W%+nA=k6bd@mG!JZSm~h_;e_rq!#>9^G>lG4_ zS(RxqTf62UL{mWHNV-%V!e8tq+BM}Nrr{w#&fTtHhdP*4Pxj&mqlCH;qU%kR+mbd- zp7+02RIs-%^#Jl5LE)C$X}3%}dsFJZRS0`EQYtQn|BO(J?aX@=YCGCf5ussBPh?#P zXCHJDc`c+mVP^II^CdF9Ln?j9i_;A2Cjc+M8cNhXz6o~Na@UX-mfD?Ka)h-k&N&Pf z8NaK*4$RC>ag)iZrKeijy%C}l^y{2a)_@1gDFB9&#Q$+Y!s!V>RP_XCveXLSeiSfy z0yt0BK=mzOSE~z>w2wP0yo{15h1EBYJ$?&7if9yuB>-#Q)<=1%Wm_D3gI4-->Lu0a zIaF;m{iC68W8c=$@Mi$8_jF?@M=CkHa80`q{El@ltJmaWFzy+rn2s3QzN@H2V+1~I zswMKnUu|sp^1esGvRv=t#FMOF9m}u1PC7WH*c(QSa$_cjil!?+)Nu=iw7HyXx_$2_ zK(>UdKp`}p-SuU}!moXe?)H* zYE((*v9fG01r%EI`Gq{5T(evq>DsPL7mR=cFoxaAbE&AnYEC{XJ&IzpY(Al(QP}~| zw*kIB+Z85+lR#JmUCrN2)?xr%o&d{s+rnsL5*Prbe+cU7`*Yq~F$MY>c`elzuu~4 zz-vk$&x>ZF^j^@8pP}G8hn$Dfn6jj)L%KcU9`7UOzOyp!dOCL_*eo=A+!`gsg>u5H zFuy$-b8fspvdZiW!o4?L)yZ%@s0ervc2DM!JxkH38YhVlz=0C(H~`5Wm}jEkofx_I zer3_UcHn1XSQqHz$9^YYiR8=r<{4dwfXJbmv;GUK6E8NfZctCMJyUtPT6T;X>nW?M zr%Q!hc7)$|b3FEVFRq%giX3cx;t=+R9gW3A`LJ^uNTz1uZ zy=bg`h7$sdqRsstsPkx$gK}wniB?VTLVQ<5pWP-H(U3^!4HXzC|yw~ zdgJHXX|i;5cFFGuuomvk>S6INw5VYqZfT6xyrtCYtD8@B7lT^LYLE0p#f=c+IA^d| zA5b(#?P^~TN_Fg(?qQ=RMJQ)j^#&|d!}u-F)V_DYfLhZ+3A&iK3l^lC*dE`O8%+Kh z{OS`cN>Tz*s=AFu-ZItKulXFM*>`s=*{9F%=P%P)_H|n!+3Ja&&6Eq`Ui-*tOT}o8 zQ+Wi{1XwXMr9WK5=YqYrqxfxB#mw6<8Y-pJhzy1rw+tKtb)XTP&MQnItlHG-@heeS z1BOg=7Yu_ndU2WzT0|wkAD!=5Nr{cs(t#pxABz}1_8SURm8!$}NO8ybf?#gcvz3I2 z92kQ@Ts@5(R8^nvSkBMTb!=`}Rd9xkuFc+nGXnD4#?SHTkd0&$9l<)@MHu1=K;~gj zsMzQQ^@Tt5rI{+x z_c52>EtC83lvk{&^|S+nkt;$<3m~%j6Shh4 zh;2e8r5^~pr;JT8e84DQq~L~f-LCJM6aam{?|y%rIunHtEErX!d#`meoCo)DTvNM8 ze4=<$akD9-OI@%D?g`-EB46BmEx|9Ar!Tkll~l4Ej3zVR$GsoZH&dk~On?$%04AB> z&=qBRX+9?~QBKbg2&EgMBRe34P+;p(&ZJ*C*&>zq8Mlp~wmy{H0QsV+)FB|FwYi-r z_rYqRFcWDRMN`+Jjc}s0!t|`%pk8`2o@WqhL}1@Sp#1HG9zt7c8u-I|ft8JP5()g-8HAFzZ8F zMAkBb9IxN2R;SFUOysIqo<-6RG|sV|4?L<7WtF(kYn^;LskkR~V_xdVn;&sKg4LFU zB0k?hQPJy^0Jv|5-J=v+q__oP&2{X*+)J!vgr-C{=9!Q0&6yUmk=v)Tav>}e zY}YYcq}YC5ixOMAOj{#VmyVmBE&Bnd(rTa^jj7pWd;A1|uF%Q$*!2kMJWsa*Dl)8IB2V;>^q2*P}_i9k6mgvXlEZ&IlXPcmw=YAr8rE_4*_! z)MU)d#R9Wtx*mH5sw^^tI9aTc80gTuu32S%TQ=ioGFB!?R91G*Ts-7WO5^d2jE{Rk z`@B8L)0|REv=jb}&jXc@+cgL-9c$ z9_4eV1OdQ^fXty@z?#CdAMV*UyxOznMplR|J1vQdxD9u+2+@4+>UW^?li#J7#+w=9 z4rq0JD7tu_36ib<2SfUghV_5bI27i{z31TLZjnV?K{9$lVK*yZpkWA!jtfFKUCarvj@ zqTgkN*@7PErdobH0k*Rrojod_03#CjJ1`^K5P;!rB-dK>4_W zN|Ru{h`Hpg-Y0+n_F2wQ%-#OYD2z?}`W(}hgq)&wpZ^@QuE-qUWV$uzYz)K;@WvS7 z6uQ}IPb2#4#h*Q(@ftAk@QH%KOPOpqI^a+z3%yjnIkYTww(s+Q3WYP@KT|vt-$BHs z^d--Z@B94tKIU%y2~Z&w%XNPRynm#mz zHUy&O4{hI0c~qmofC9#1-=FCZ#E?Snwrfw2kpM_-NIU`fXHIkaA|5>|HkFlxku+l8 zs0kO0{WVmRegnl0sClb!8TkY_cvMySQf>v&D#1U;atL`01^1p}k1M$XG&Z31ao`og zX(nP}b|VvTd3knsPQER}{nBv{udFqG1P3mbAT?nGckRP)UHIvIXl`B2RJk$usC{$S zDU{Ix$>XKNM6}OI-el>;3#v(*Oz?0m#YK9`TxisKj1loLtHU0z3e2Q=X*;sMe9^VG zOnW2oh?5z{_$%fYtk578wHAqrg`F8ZliKtYrg9g=6bv!$P~<|L)DQ0&h`G#5k;%H$ zu~WL5B=hpxGJHO~2-4>Uvwsn-(-QF)!k6!|=`fI!?_@zYu}cmqAI* zWb%NxSx&~TET<9F{9+($ey6d&Ska1sDctTnIP5K-wuUYL;zHWySDee)+fn#d%m~4@ zhzbiVtTmdINi?&wu~URZ3~=;Ir&~2}vBja6wZuhbGob-GQ!=DkZnHz#hL^b%{+Q*r zaPzRUJx!IY8YtAcGd@%9sBba;i!ND}a**$Fb` z1kkVTo_Bg*j7EK@qkF~FOah%UPHtf9qW?NonZB~mwKTMM^p!yH9?PXPNT0Bw}u+5@dz%=Kl`L+5=l`(4C&K8bmDWs5qUo^_H^n} z0S`GUa-AL?qy?DGZV(WiSE`^rV(vxI~yeeaJcot;JCP`{-IEY*zz>|qco!?LHK;l8D zgz(nLPpR9(%7LyI`8%t0hPTpJx(k>*fV_li;v*D+KYoN;Dj6%8EWGSC&n2wmd*!lo z#UGsx?>SoV$K=qdXXAL`1tb7k+1Xso&*D`0eY8Jd)<<%Bqj(m(U|M~8tvuJ7LsmVw z9qHe&!x!BM89P5j`Ybocx zEHKpBqt0%855ipP&!w#34DB~ie=nUxdr*?zY)_+MrX(Rn0G91mmM{gNWu8Lq#>x>? z4j@KNbx_Etq@qqL!t4|x9~Lh}m^KE!@f0`4k6E40(w-pfUY^sNqjQ%%1aX_i-U~l0 zc`Cxq(Y9b;y1h|eIzmiEN{ANj1^VTMUru|Zd#5lPCj zTwWu;#qvSIOijLL)YU{H_ksq$znM7q&UpR$ZP`Pbzz$>uFQNB<1vqRq^730JNgQ*R z!Br6rrf4LTpPcTPyaZKa#IkU9IBnqnqiL?FD~0jI*tT8BN{x^NhS~>bb|ncBLkK?s zp2~AifZkl8Ba}_)fAcJiu8s{xKe|?b?4c9dnwnE*TldCRoMu1dIj?-NxO*GP)lV=~ zYkb;&<228c%f^WUKLo;#puZp;)wWFWO~)lO(8zo-Qco9c#il2p&IV?UJk&@0g764? zQSnd&e(@O8O7#SQM|c8+6{kd8Unx%<)6aLNh)eDv)LTe^Db)Oci`%%vG@&~!=uZGr zst|~kAhd(bG)-6XgEk1Yzb%_j0u>?-tB#tYC8Ba32G31lk@;S{OJ* zGzl?%PTH3Vz-KtUJ=4UhcRen27qw!`>Y!*7WjH@)V3+Ni)g&L;dbaUEH$zt#py;AUhVTu`QY+6v8AYRZ7(ihE2gzi*@jLSq+iQPSn0&EUxt0%_K|^!kJS=F@~;T+ z6?Y%iTZEGlJdNSG7Q84c+Gz@!&bn+y_S_qEgmw3-O%xOg6Z4+F!gP`tCmua7EM-`d z5~m*`51~K!uK6iLS%w|Tr)1&eglK-`l;d48y%oI)e%1pGR8++dmJi89%Ji;%=ci4W zt*BNBm6Q4)1}_eC(O8CsfUD|t+)E<=`j*c@E7F0URcH4*r?&XPu^67kXZO1cZwaji zU%$6|^em-eni_Ji!68b*q#N7`fj~^MnruI~>+Mq3Kjv7WNgpoC*O{>A)uTV;Xv=$*t z&QzVCbHtD{J8)^qJ_u89*sJqsx6B9EDb!Q$Cis8E;omr+Jq~v6KaYZc!50^7!g%~;1Nyr* zu*^~pNu_)?TLzn_vyki}Z<3cFEw(`=}h_jd~XxcTQD<6{}k{Jh(&a#wU8I{*o zdopjFpXNBx_P(p7ONbMA)$NKZf&>VC7tQP$s3?@6JaOJ$xv;P}WIuzg4r>?tkrBgL z5kW-aTQ?BT=n+-Bb-wcB@KU>%b1_9t{q(s=_6?Ce!`4IUOOpBF`}gY=o;xn`0xoh0 zH6BQo-wW(pD*q~68Z!AQZUT$) zEg~oyqZ7HiAOSCUd}DeYYyX~tnak!0VCH&kTifbn2kS#Oz7mZy%~UnaU#p0Xt2foU z(Os)PC|@X|RAcBcfsyyB!Le8e3BH#U0*XtrvcCPqdoim0V}0cy4T&&PG`Z>PtMigu zxRJ}PJjQa>z+jBJNTOk33n3kpZ}nz%lr(Jv{dW8rr#~bSZ)2B|^DV#@uBdaOn*JNr z_3G~&Wv<9m7_k_}Abnd%mzW83IdVH$OEhtr_T$FYNGM817|!E69#*o)>JtFX5*y2c zVp1JDh=P2>rl0V^YOEyOo2lz3F&EgPIKBh@GMB7jfrq$CC6mQ?`*&l>=aRBCktr$}T4(aTqC* zZRqeQyytthG|Jw$@m(r=x2af{8*>rH(KIi%k(+tC0nTb$t}h@9RnOF#+uEs<4e9Aq z)QnAGSCQQNVJ|CQ7ozoybDJVInjTIw^zpKc3 zVKekkWUMha7B#l_yLwBwFd@O5C{Z1Se3cV|H9Bv3_{?+SUb4%UX7^iU#k%^Qj^C^FzfF+^u^I2+Q1;D8XUddh)s8t-lJ;>AD@F?L~c>4#2Fw) zIM0)_a?i6c@@J22J1Yh#Ope)CGGHi4|1_olv|Hx?^mo$B&JQ#e_(vIe0H<>$2~GIz zIkF48yN$8S&fXa-(LF&YX$1DAZ(mhykT=hxg#LKU`6IFA=D*4ZQ27gn;2-(Rm4ttT`pv7~!f@69yW#wy zU4Cl@h(i4zC=8h+xGICrkGmxwmF#&cXcca@mJ=|?#}q#4WJzGCeuVX9^;D(YgL(om zK;1gYFrQIIlU=>hh|w{MnJxf8`7%>O18cuNJOM_>E*pf}Z}C#X0U?L>AkaCxcR9-O zV{m@9FUg$_aQOilXcce=nM^7w%zWlEgK+f(5R;l)d3*xwSX%xD@|!2W<>YtU`K=26 zC#c6v$ih*;DF+7zAbfAXQG@vcJ~5M)tVy&5krn5C^o0NbLya>bmuErr60r7pS(sj!$Ia8>~OKa)4Nw=@ zCpAMzNB4-Xt#AvsFLVt(H9kY&30X);LE}%o*3SEKbP_)ne}>j>=V?5g_ zq4os2rIT*M!m%OmCVb#tqTZpGf~ulDqnl``Nv1~_kMp? zV0k${*PA27u~4t@kcWFl@f=007w{Zb(++)p{>Sp-Vqp}69o{6MlgU4aOz7C`q|B_f zCVD|fV3H1Tm*fMSP>k&A1-p)yEeTs9b z`f?M8b8Aa`)ABa1rO&@nD3^WIxxgKH!&82WLs}p9&YwM+F=DL9A+mwF%=Io|wDkP|W{W6d4q)Y63lB7qs_=lV}o94=`o6qxu zv&-cyG2k+9(XDln6uxO?vq|ejc%ph*L4^?qU=Y@ev_MDlk|r*7opoAAI-%E7iMQY6 ziu{F(_+w2z$0USrQ%&cOmtwyjFDw1HJrGGFv}C&t=HckFpg+-*5G=$z&!`*zV06^Y z^~rwx<;@1ns1Liw%S*Xtb5m)Ph9C-1Q{)QP?aK?|IL_D{b>)5k0TeO;R=N?YNIAi# zrl6h#jC{92Ju+N1mQxI#-RMupTJ5N0BRMac(cY&A;gE zqpcwV-^t?(2~is;5C8{aYD6|$(w*PGN-$ku&UJykEQk19d_*mylAhF0s-|a@ek7yj zYX?8nisH-InADG&EW9Zo=ZZ6%G|301Fg;vI_-{KgY?h*tJLz;1#9XN@Krah>PUJV$ z*N>#}E3LW_9w895T$T$89e}v>AD2!ACoUl~?D|oUZxE8I1uA!!l5=M{j>@v~D^NbO zS|A-%Bi+wWA_Xi%TGDX;F+)x)+56D9GJzS=u{Q#R;Iymc`)USpx(2i|lzMN2;> z40W*wO}ea>hQjqFZJ-;u#n)KRX7m<#PMy3JT1A;~NcAwQxa*048**!@4R`UE`=o4o zS6S`byF+98Cz30+d<#e~leZci9^xM&%0QMkLUV1-^DW;!nyb9Z(r#^fXfM(}w1BZv zIHccNtdEW5YD$7U8la^G&Qj>Hd6BJ@dEdqe+)7fgz>&yw@EGtua#->;TbQ`#G=y!$ z92YlG_~g{SyZ!;SvM7$U{_bJ4B~6}255d3lf2<_%E@_neKkMRiZ%MO z{_xce5hx89A9?dRc){C}?rz6 zt7hW{ZP$h{GuzlCD9EB&V@NQy!AVLt9x)r)tCGlg#H}w_=$sja3>QlYb{>}nXXNRe zT-5Vz%DDvRJ{~-Y%{-u<7Pi2Yw*@ zT;1P0-uNJ{8xe!{!ql|saX0`D3O1F~VOhZP#qqV&{qjqY@k7S5QaW9dBxU%O@|FNpM7Z*g&4C|-i>5`nTOROubBW1o4hVARflHz}fGd=Ux--?I4HBQPs zRs4<0wf&+mVd0l@m)Q1Xyf&5wnD7*oizmPd`hB;$FRI-ue!_qowNN3*L8A_ZGmKAT zmf_Sz)PKoY&=X+&l<5lpR&@$vtlGwzn3src^iJ91h&d0}pplm450KN3{FhIF43Bn_M|LRM;%rz&OjQG@(dSwrBX&1epHG47 zQt8WQ$6OmiJ-*~DSs$d8)P^StP2h4cV&&Pm?c{G<2QeaQ9LcK!X`&yCyT)*gSSklelmeDxW&SCRv>`=W&3JCreAg+}qN%X# z1G35_drpz=T+Ix^!57}aOZ$Lr7arIQk=;Y}zq8Kc@ChJz<|B4*5em85CHc8@_>N}@ zQh-P}8)=`CTp@`@w6K7^<-g#P7@`eBK>~To5)HXR)39&CEnfVf0<%n|R|jWsFZcP7 z)IT98{DPvar7E{d1idfAVHS$+T%ZWt6H6>Tri37&c%_8ZjukQs) zRuO;A8UIkkmXYm&Q_Sm0pTE`F-wA>ukIgMq7FQRW(lEv|cC9-ZIPHd&A$zz|1=LSo z<^FTsJ$Kbos-LuVc@Yud;Kck4-$04LAPxhiH(rarct>fH^~+aSV^pQT@yYxz2oq3S zIMLsGGMeu)sBhjo?7p^=Gi%TesSnH7i^G5m`MdbV{3T+<G; zyf6m#QA{3##(Vqkni@p{7VV}&XA@5V!U6}4;PB4}y^o%t^&0O_kS*y7_pT8^q2@(x z-$C02k9<3TX;UgOV?lqwm*Vg5`L99S#h_);?9++6h#RHNf-7vu zzH6^P-^K_6Z}u{-MhjbN9@idKJ$`~Ogx3G_ZO&f^Ffj-qg2a_YTzjMpA%_%X#fZjx z3Xn+yjx7FaC|RhI@X$<~a=#$tlm2cCzqJ7EZ~gc0G(XM2&J(~Tp)G_1;g`Kh8Kc2f z#0-%nEQDUf=+hqx0^%${6`JvFX~ZnfH^gX(QL>4@L@GqN`xgJNEXupz<_e-u|I$Cd z4fXFX${$^}^wLt+T+{>0_Fs+c(~8*LB$PD&dP8=H4&;27Oh z8A<%j31m#53Ry%ABJvVCn-V(CQu?Du_p9%xg36SEa(|(4x1+S(2|3cK@_37h{R?!= zukIZ{?yuJv9)ANQ@yiV6{OVi^qy4uFP=sy!vskG=3sTkl)n(-W)wzWFf30|lKd{dB zrJv*if%l#OA!kL!`0dvhpw63dF|=^%eB$ivrY8S^Il0ftZ>f!N&5V5E97B3fzJH(Q z8tD2Y&aP7%8JAj{eGAYnBMC1GsU)YYWiL0osX z@iCQ20AajJzuU3Ns6Uo%vaBWfQH@rnt{J&|Zd+Tz(Q2(xiDiQ?cC@x7Kq${@$FruX z6rFwgQ9M>~yzz4Ar3@beUG0z-O&KX&FW);U(L@Z>BIU zI(j0d0BR**Vq=v?_&LAupAE!{;Vc{-Ko?$+pF@tx6|Sb!eL^!Qmw9K8OZZX@MbQ$+ zg^n&_KZ4qJHEwSKhMjh$#$z{j4szDVFEgyG#$x zLVd~*uYaWh4`)w+%oJ@sh*!cHvHKv3k=s6@WuaTdoI+=;U+yaNiY=$L1hN`iKS=?F zc@qVF-8e=--&{X?9UsW69JHU!4?F?LE=n!m(Wtn7u4ZK4rf`mK3eU^itMlys)Kv9J z26yF>*8ACk<)IZW4P9B7MS&@X8e;i|+>cRt=-zuv&$Eg2MOwSMjsi64aBnvxRoYlL z^&eiP)e@3ap^;&VkVTFl>1SkQd0G|+bZ{7Bq_{|ilMT3Z=~Ao0vA6>W%7arP8!E5% zXb~%HY_bzIj|`)^gN@DXp;17xaWqEh7>T%8(hKnFDjzzo;QzI|#(&355esh%5NhJ^ z7JledI96CEKuQU6UV$;sV9em) zLPpIc3&9OkN*!^)wfr#7Uy#> zPw8X12Oz#8Y3l3cObi`d*Xdy8Nnjcj70yeEKF2L4%nD#`E}wi@)O!Nt>RQ$-@tu;^ zdxr*0Ebo~=P79smPPU(rHu$tlpFRO<3(o~4!_PbzIq2S#x9Q5ML{kbiCu+iw0kigX zlY%eQr=6v3Hx;WkazA@wA;891E+vw3Pz==bnj4Y4)d|yt9G@f83b&MwGczhNSUKeR znnf-HMZMQSfcDZsJI$!DxO(p`XJ3rKW{V72=vcZi49g?xo_Fy-`mIvb($~`OGO2D1 zUgLNdlx^REI%({diMaC*oc&`pESY^wTlj2*6yoJVb8#3`cu(el8tPotUIBR$QJ|%W zo)x)or=tW#QA#WBPfq}aByBYf4Jk`6J{hM#!&c__kH!CA?7d}BoZGfG+5`v=!5xAm z5D4xr3GVLh(zts_aEBlvxN8&KCAhmgjXRA88ghHBv(Mh^?7eT@`_*@TeD~I=uC5xq zv-)j%zH^Q_9^e~qen^)eD zYuTuxTR-~(Y{5b%Db_qtLf)tScM4dPqraUXvvU|5P@m2%=pj{v1fCjp|9!n;F_;NU zJR!WU$ur#;lP822{#qo{9U?)-_THH~kG{Js8o-zZv5fQdB?lE2nLSGWgbsfF4InzJ zSEUS3*X?Um4n7+{^zzch@xDfaIxD$Rvk-QrD^?ZQHRMP+Eyw{`4F!9ReV!#-Ww$nY z0yr0#SSaT8fCPQe#ol}j!OU18kqMtOdgExUSLjFlR`W_vFH6IW`BB>|OZ~OvRA#@4 zT$31Ae~o3NKW8zTA`wc^AxZ&k<2&}`6Ov>fJ1jhDfWw8 z;{F9jhWG~D{ zAMY zLw;DfA7~L({S~!j2qefHkXcva7AgTgg`*P~8MPl!vLwWZNaE2loZy7(_dO~2A#bDH zO@y0G3JNoKySt1Vnwgy8>^B?DW-_$wzyfIPQawDk{BE$Kw3hT2@q?H!@W$bxp%Tw0 zuH$wV*!ewSquR z*$cQg)e9g1KKXAzOnvFiVB1=;C|xL)C&gCLCwAL|ZWPgc*MW9Egx^18=RCplipOkDvNE zvIp?vT(_7kza|2fS--ow>$<@45KkOiSR*o$tyl z?=h?uvU$0mCDhTB*(Pf*_+eY?vwV%r^@{c`?iZ?k0U5Y)Z}{aB8)4*mzc+6q$__L? zfk+TPYyIG$$MI=0b&hx4m|3q}^HS6Kt_5lDUdCe4sFglNNe=Kp3&s+JvEXV3h6^*) zU7Tfu?P5r}tS?V+%7)jS*ZMd4;j%LQkF9hd0ku3)ggqTZ)pbqHFsR_FlE+DPUWT#r zg!8XCA-nFDzWtxaB3M6dNmV0>@WEGj0QG3-(!jAsy)WY$8EkH7eyNwQfs-_2#tj#~t_2UK>7kI0i4mgutO~!7=e$lLos3&(BV#=R- z4=hU5q?U_n_K*OOPq=0~%5Dcx_?J0`XT5J~ZVo*i?yk|-i(5+_VCd*6-qH;aynyNK z;}*qSV6jw%&F%0p_xCql5jt^FLz}+=H>GfzlmzR?{B%**KvlGl9W&Rzh(@fayb3g9 znu*V!xx%(KaJ|YU?p=$IGFHTQ;l1HFTGXlJq~UpsDNQKN(}`;qjAm^>H$(Y8v`6zt<7eGzCfyz6v^urd z#0Z{8Qu`Xrf|M2aR+>}p*;p%mr9vrL4TRiPufvD)McAu1$+D*lW&~*}j_#hR=j#{q zs$1vY$9yFiqWiW>1)pLvyMr|!#C$}--BEY1hZLE(yt+1o=U~dWh{lT45vaT0rc!dB z+d<>yq+OpFv1L^su^UeV4QfnB${lA*uk?f^3CInhLKL__oO!N#)VxiDQjW3)QH|3x znbYYO5xfJEyW5FS_c4lL#-+N!Wxh&76Jq-kGPdpcAc2FniFbl)9hOtAj`DYX{M8ck z9ey&7C^M%EQg*=UvAx}Cqq9$|0eCB@`Xijq@>T{gEpiycQFRN-B| zvGrQve-Qhw(KMBlq*ougqWt<-^~aU3t^G>htbV3R;|Gs+DZrbSKATYk58AgAN^tk^UAja9y{^mCT6!r^MF8d}vup{sq zS4#N+R{kkU2HPMLy)xid(#;tv$w-dLR)A~Vz%~AYS+obp$f%}c`eqO+QPi~nC{Fcs z==A>TMzaw&4KrNO;3Y3>8;-|exfx-Zwd`HPH&Q1@a@mp_TazcX8CvhiRG4ERm_$HP zX)b!=f^av?oQ&t}QqXX-(2LzG|Ql{)&1j{Qs;g8F=HnpF@wXCVOA*D zvWuiV%snqk#@xio1Z*drYQ|>bx_h1 z*dt!XR0VO0KvW25{nqur7`m3 zflP!K3;`9r(am8Y53bi(v)RLS6;LCv2&R{vXh+L*#c#k5b8TSlUJ@^&6ItwMURq3F zEisW0htp?lp3qY&t&Yc6ah98K@fnS@+aTMj2tStcBM}VFOp5tMp_^8{Z!}kUX2!po z>0SnL`H59{WnsvjJP4(HCohvETRY+*C6IhR`ZNKyOIU!KlzYW(39T1f;1MK#co%$K zQJK7~l@@+O>wcQvSmC9o6G*y#gmb{%a+5skT-dk_3TDbhg&U4{;YjM*hZI>qBhH)M z8&%#1>=7Baw={WEDR1Udz9S2E!dwQNv=P3oWC=OR)+SiDi9nZpX}Lzx_tSKvZ-FcR znWw3?4FYVxenmC4jjMM$c%|}*F(X?aQ^?Nh=WoC=kP97NgGaeRiz#xAjt_FX z-m7n;D_phF#gXu|GO=+vF_gAfv$s_eJ9Cas-@3s*p~Ou_yyCiFs|KGnCjw!i@i z5zI^wGOQYlbw%~s?!UVTViep5PbkF{wYCyWuT;|^(UKRK%|t)U#c1^hP)*tc!LxOz zLheAx{o$HVR>Jx=pOR=O#eFsLJ3sk}Q3i1`y{kw)O-cXJ{7rDDd!Q*}pI6Ao9h46y z{BqVN$~p2#>g(H@$#1$hy}8BwYMVi3)2#^JPhcC?+y^hPTLAPn%b_4>!qK^S)Q|_h zEaMUj>9UfA&@1-1$Hn?e3SCua&FD?#NQWztLo};@obK=iD9Wehd}aS4B`H@=idbEH zctn8jyxHl+_Hu)tbM6?J5_v;gx5TbJPtHl2vP~^v=x~NI<~92%)b)KQ_L-pIEd-Pm zIYhp|XOoP-moE+c)cUcSAzn$8p6XmWPWmM1Ea!LsqI`=2%1D8c7=UbVx`2JGGB`~qQ-d!{GE z)k}m~8RqG7LX^D$G?2pBPLNHtjmNS*^AA0yu5Se%2sqLQd{2yOTm4}rUcTLxW~Jg( zO+4&Fb-a#WvoOV|gLoa`@5>bEdJ=7PHChahQ`0lnC8|XjScp9bB*+#l0!xP+A-Fy1 z?rSm83u?>KV;(dD+po#K3~iEmf}|AgZ7L2QIF1^enTjJ$tJb|ld!O-m-M6tfk~-#^k|KJd>Q_H0KOvCTE^z ziX??;F|XKh^gi7Te!wG`Yc!oOtYGST=ex!NJ5{jOFB-<6-h^3r)qABLT~O*~yRTwv zBleoXh|6S7g5u_J$PO7+fAdHc#=3O}@x_-K7+YHU?RT0AwzWaQW>0Qe0%CHuU+I8@ zKhz(upmV{!oz9GXu5Zas!d|0?g>lI!s#P&#FmmMvu~)7jT`uW)?f0k%T5aGK66ub^ zXOT}J%yk3JyKTC#!r8O;7EQ79E*Fc5Lk_KE=+!%kN|&ICfoGByh)CEpDGH9jvEG;F z#*I5Uke6@^>unyE8j zQSz8!=0>sdP}a&o$EiwW;eH2azT-8 z$K4M~k$#Mu#HW>B4$DPQFzf9ja9{;v zT-G~mWN8n$)L1Ng?dzIWdt{ePf%ioo_cZA#NMS!pnA>sO=ceDg&s{mN9BOSGVf~l# zra#J@2xgvzV1#{cYP2x6n~6tDkxb!#xdPya#X&Izx_^L*OOMjm2CiFq57pMXCVN~~>;tslK%dl6de?$R*5YC{;eC-Rlu#B~8?K{=8ij!~>2J2;%_ zg@l;WWQ)T%OJv>6ixmuP99dWxNzcm&yNwSY)@$?fae)rUw4xcO=p1podI40w0SQ(b zF!o8l&TDveKc<3Jm>J+-vVD42wI_>ofjOepCIO@28HX`C7`g@?yljF@tA0)QoPjhH z3;CO|eCWR(qxcQbinOc_m)imDD{pcOg{i6CdrGJ3&F9s^rLcO+Z>*^-KpC<=S1RNl z#T$0ZEIS=$k^4rT-8`wuPPy4sahf8|*I(@_(RcP;?~6p-R>kKkX5>%MU7WSvHtzTt zl46NF-6jTN^|pdips|7dK44pt#3kKV@9o2qUm1RhMR`tM@e|~`$gq0;E(1LtXw<5L z^6huC1uodYLOQ$k7HYWfM#^B(!Pa-B3{6AoDW@Wnd+)j6VEzfd*U{RFy^+=PY!C(1 zHSQi4PWu^S)&cqk=9cIj;ZO=Z3ULYeuZ>1T2X076xCOpy!!5lJ>(w<_PtPAr5FRNZ zKk95=ubj;Cy}ritlemy9tUB^hZxM&XWm#hBaMu@W*QQY7{kiFCBQ;7ErKbax+K~OQ zs`?lKiN@*E-fZ*EP%VR_Rx`umL=gth2u^Y-705&=mw@&MUG2Ieu)-0y0{|0c2ucqx zVgxaY;;aqyOLs_mnQbYf4LXy~a-;0capG9iq>HUTwNq)hh%GE6GOlgUBBs_%o*S)9 zs)qcOH`}OGPwiT#vQx0_-|lJ94LKc693rR{T4bubMh%Pi=L1+az_`inYQ3jIrX?z-v19zV<#ATvI8oc|Qupl%lMsTq9L`+{W zDxz+yAL%g~y=b#IvRj0F7IF@+4D@X-6#Q+Om^0y0;9e(&@DoT~ zL$%E~Kzrfh1jko|SiV82Pls@uk@9>!- zv9ySi*}EQP*t^D49ey&HuPlrBg1f5tew@RXBoJonttu2{9?959Zxau8-H_Xop1<5U zG<-K#m2*)a7G81lPX2IzIHA2Q>`mAxrWjp4;6E+Q2U|w01cufRoO+E22|hu-v0_j= z)bqY9syRWW66u5ud#=FPCQtUDqk-!+4 zE~p}42xL%~jq9b=x7=Ttd#HRguUm_v%ia8{j@>8GCst`+8ja^!sB^~eot?LP?#Rn} zch_6q3X3-%WS%yCtM0egqgV*MKFdM4v-7=*`iI#{UlJ@3DE57bE$e!c+FviXGbDud zkJ^gi-#Y`(K|h#yu~5f|YWHJd?_ZGp20R?nO#3N-s|XGrvYHEf3YKi%6iBCR%FjqU zPmm+Q!_=@mstSz4w=Z>>yS#MKhTpky`ixd4U51EI;v|28m^SG!GVvHp7tZ9i#?z~M zaGP)+aP~2}H0@jeIrw@23ExWm0#t3W8Hjt>Nbu9)ytvud?F#Q4v&m4b3u=pD)y+S* z-)%r69z3U~(r7JT?Og^~$$&2XJU$jB;U9?RTJ-az3w4X(p5K$K)5%Y?VtAD_J{HOVcpC-DQVf50URSKbN@$iFJ#(&6$7;96D6*Xwb2Ciq%0 zKRvV?q2+;$v3Q9koXpi2A}CcV1s=20s1MyxowL`So*(A>05oW`sEw7Ttda%1hZ^vN zL9w>Td6Yue4dhfBG@?$~?IXG1Q_K#>3}@ObD%aMJgekL_=#N#FpYrCd-&!^%yM9jO zL(p`{-xN|*!n#-8b$hfMd7_5H@6U8PuCbs=XiZ3XvUBWCCkG#;5;h7GPS?>3CXuOh zYsw4>$+&mHui(K=K=~mrD~s+amFI3eLxIeT!$;3%b*HascK2i2Llm=dxLO(Yn5@+6 zrvq!4*Th1Xcj|jlH{8?QgtvdG)nOqWmu@N8b(3Ufu<4BL3AH~clDZNgyvUT2-z&4p z!kbrJACXJ#dcac^tA9K9)-AzYrGN7?M$?neB+`en`&NS%h~GNJMSDnQZ%V@ZMzytO zb>bcRfojSfO~)SJZ)Z@OZQ`@anEDC19CXm14#=xO4{OIN&H zhnpJ`x0Rb)A}7xpBlS%%Sy5PUI*mzA`u86k<1Kar&-r$;uMSnbI^~+?{n$J$?CQq1bUu(-A&>f)f4pcHZ2fj6^NUg-oBqR6H;YE#Bt%X@d~an-GIuN4 z^(iksciIf$>Pi~xa+SVimO1}kiY`_s6c z$u^bn)!_s>_TY+Ekfio4d@1O2PZrZWvwNkH_ss&9DkLON+J9l}m zEsqhdn}Q_~yteN05ZSb&N`0&oTSiuWrvDbuVY@%zO=mszGUF+|p6+VI%a2Xup9T*X z@ZdD>1`OX$u1{a-&RnORI4~0sGz9O|kG@U{_NB<|lr64U_bLrw(^*-nj~lZ+b;L^? zq_J)uauSKFQnKxDx*!Z^zD8rDZ=-`Xv$GQfa_uiq?KbzjhzTLN!gTlvR3`6u^8QK| z@;1%{|3S=t{z`NvJRC_dIH0o-;Azx;Ela;f2Zcc=21*JL%ROfW{-k6nI>|E^G2`oG6jNlC~qj-+-VVD5I;`3=8MIB~bj-0aWBaL0vTI z#5P@DlB*`OO17d2b7v~z|1BQjZy1G&F{7Rq;kFVk1Mc;6t5qA^HvwTKmHhNCvc4DE zJP0)|)veGonT*Sde-aZeCRfn^w;ATC8I-X?$u9QVS?4C!m(s1^$VABdV!$p z?Mm?g!lPb*JEZ>E4>N5p{y!zabLa{~!$FQF&Jq?GI+A0$G)9(Mi-r`^DH1PUU zO*0r!v}~zA;?7BVI!s1 zkzy59h={BtabR}u*^^>OI@4EQcIG--%lfN8_<4PJ?u;J zUi_uQ@4tsPP;rrjWl5s;sd&-4zfFs9m9!Ba%)Xj7dOV7&p@UwhK0oFlju96;QU^}R z1fIA2ZSX9Jkkc~hBm$OnhNV_I4*qi(pg)za^taFD|6>^LAGbaGpW7Ne{(p87^70Z$ zHqgoHynkZMst4@_5iAsR-c0@mP|3JH*I?aEJO|qVedJ(U0qYVkRpj_JjMo!J)b=(u zcT)EqN>>Ru285J0J{)!ya(*s~vll(>pCGbd(0R8;X|D7Oh6213MN8+9x%~)BtHJPp z8*cwO3}Ch%qg%p#{^QpEQ~wwTH0N_>|Lvnv|2aPS;(u=Zx2gL7$5h;iqDg%G@RME= zIK1JO)qGtl0r;cSh{W?jk<4!ZW%li8Aiw`VUjVoh7fElusy?BYvvkLJAC0nan*k?^ z^*^fYfAsmkIn>$z?*)XB$Sz8nk&hRo+mlOm$N(_wLo@vfy`)zQ}vk%{9E z3(8^RbxpC>S22T2Kd*(q!cfW#^`}oA*~lro!{w|JsD z4^vRyJ7$o>X@ zmvPeO8_HUPFA9@=)*<={D|=j?aLT7=AC~dv@A{rr{Q{V4)a*a3n+BLr8u5DnSk3)&6*|#(O9Jq)%Nt zF4ix`@CJ8dmHYYdyQ@{z_YvGFb^p8OQALSL1GUq;g;L1}03185&vR(Xq@k!-EMcmz zN(jo?M09aM7){e)qc zn5CczGo7+(OIXq<6XcI2VR;zfMi4LMOqaH}I2H$np(#nGD{-4YX!x^txH3l`B{0PUL9JTDglpue$Ok zg3EoDW_p``et#r(&;4no>G;#^Cuz$u{4nPH66A(4XRP=J8aIvPNmyC1@ExHq1!jZ*pDAdF(Gst-Fui zKFau5nDj%a-&eCPkyfQGkyTw(C*lMVmMk5sgS<@gXYX+gM1!H0++Bk=fzFSnCM*jX70YolLy2|@;Z0L_1e&;KDSufakq<0^N*5~Du{`R-XNLP)srRB35)-ie@dAI(oCAVq z`cr>0PfEEJQHr)A;Jfnx&3(fSl(DjH#-58j8(7oWyp);cW^%g^;+V-PR1h8)_+Xt9 z&s2Sk9E~6nCdEdSdp1_1uJOV8w` z_g&tW8BX^+Cj?aV?6v|;OM90b&bOAuG5D-8HOpjWzhLJv4&?fG$lVHIzGJgiSzl-m}6aQa(HnE1uTz_i&%@T{hX!{zdh|tY^V(pP~ zIA~c4vz7aTDCCJvH#z0~4YK=wtK0;8w>IQW-M2SHn5aHh?NsT>sTM+4cFQqsKfYAQ zn6dK8JJ6D^-tFZz%(2|iJ8Xx^H&98yJko z6s}L~ui4BejRgq~nP}Q$W+Z4T)FFICX9MH5u+{m6A(;C(Nkd_DBfIrO>3j}Mr^Ovi z7Pe$RTCvN_$=K*p1w97~tD{cWsb(B4(*wB;m@JKJei-yt89T?>9-MKGpf%6ieHZX9 z6btdDK^J{UPZ7}b`bNS_BN-!D$B=`sbQULeD$(6f_~kS|m`TpQrq#d2omxiD4AaR; zNi9ps=b((J;xs2q2izFRXZbT>4q!DPpLN6a_P=Erl)ND=R!L-!hNEaxzagtmRaW1c z-Bkd11x87Xr8FE2FRJ1tlRbH#>a@J+o1D*o752UcqqRCQ5cRx+T4#tQ$rEV7IGj_F zE9r?j*YD+i9$I)C<?!0cGpl)H`9*Y!lOtq^Z*9V8 za{ko(prNrGE4zd}BIE3G(y#RNTz75;?Xo-rr~aB@{WoBQ62_LBTd4Rowexb|3Fb!I zs1@qKpNecx!`h9qE8RnX0~*YJ&HVF)Nkrf58_PO7{{1JNN)jTx`Up_vwQqBUn*a32 zF`R8ad*=b4^ubmg(dir+T`ntSwosZZ;d&v{6^YVA>?0h7_vv5ZqEn`-IM8q8vyjP4 z(U)Go5+g<`;rf=VZ=|m?zHsqNF_oRx%we^k6xI2=MrM+c~QKnie zJyKPXoh{KQs}#0pd|t@<{`*C8rFK@nN`5;cs8A`|-50Uj)=IEAt5n)r87Ky0cl1G{ zaBOZ>r6{eY&W1{LzzeOlQ(jBzDXieBVD&e^Qs>uh<2S*ORlNn?V=ck7w%-7e5hWgn zvHM>Q`@9o{g!r)>%Cp6K{q6NB=e91eLnz1nRnCw=eXFv201l zT`!_SqBqd{6TBR{q-dI~Rcg-k5I%KHINHva04td)@-8clBatul%&qavZ+P*!{(E?K zT!mkM+iF)j`>}luO0RB{DVQibbQ!Q>4L)HxD`3o^EPTgUj^W@f5?QJCs6WB^!tAw{ z`1THw!rLsL1Ym>K6b&F-Kbo5t0sBTPPBG|ia? zJOgDN?XaA`4XCiwZNaIj9=v;}A2Kd!^(i;&kP}?nM$}y%U6#?2r8FGAn;grOg6X1f?r&OS=-aHoJBQ8*iIYIaZLWSjblifJfyEqeL0N*>&*enUR?;oszx!gOiOc%K`u4W1e(Qw40$mkFdjYznIxHnj_&Hefhf?p_|Ydy?HDh+M{biRbQN)?H=)FiqSjVPgGE%k%KH zMdLY}JF|3vGIK}vXK%tjX#(t+*?dp~`e|8tf*(6E3sg}m!5jOOO(!o>#LjYOvnv6P zQ~K+<;HdJzR|*B%)~SS7A6_WYNU^_$8-crvdwknaclw-yFFNC+V}56TF$8fd3t+tWL( zGt;Dv`amOIhQ`;F-*d`YJRMP!I3bdfJPuB*O0qD=&pb&2T~f#VV>EiIB><~Gkq?~u zq+bGk`AeGu>w_qcin@EIDmkH4%Pa^#UBGMP#1Q05e@6%Kw@q#g-)g(?y$>bQGhLD4 z3mGS3hi}HpMU>9LXkmQYqtVpiFVvUER6iHrY$LeUOtcxYG8;|NF_(KgVsMsi6Xs@) zMB1;O_0pdnMvO?ze401$%^Am}A#)r_I9t~*NrFIdNQE8cR~jagF2EljuB{%8lr+s_ zq}R%;=Sj%sO8Nf)A-vv0h3csXIpTQ5s%wY<-tZL$CM^(Lrkb|P!w;sRi z6vq@YTgCKRi$nxx!3kpd0FJCHvayfNdLG0&9vN2~zmv(~u&R!p;JJ7m*=A-(ngcag z6z4dj+S%^V*wOo=y`xTK-Mal8;370FMr)~p+x~Ha zvMa%xO-OV(59xrE$k7@1V+`H1+vR!X>7|ifX%w;y_=E|Xta=~DG&)Odt60eop~#!b z58$9Tc{SGG<%~f7ATZ#Jmgj$~g}|~fT@B>{b3OcI<(R8of*WdjQH<|k%oD++B)95SewizjsM)4DXNG2Bxlewf@b4Y?T`tatbtZ%UT?V@kk2Ffj=jx7b3 z0bhHY8?T!D_;?JkHKLcx0jceI-^BNneeW@sj|!VYfN>rAE5fHnUUi zD#nKVBto6q$8dADFx5?SkT?9HxOAe!;?asCCZ>}=J>0COWkSV3IoGu*U8o&naYG8v z>x}4EJ&VD}MTh)19p!f3Ze=D7jm?Rxax{P%dtPRt+Jt-MmzDTLO`mdcQS#X+Vu^qv zF`Vmq$XRNzRsxvwF59U7D5s*hD(a4omZ1VtwV{k5>25JYX|L6Vv;)23#O5o8+#T^s z@sfHIMb;#p(EO2nU~?8LvlS+6UtRQayE$lkzHGxt4!?k7u@8UY8v_dmfa{F4H6^_1mn8zr`rz;10ZDL~~sNtC2clWQUT6bPkWr~YVDDej#G}~N-_enG!{S}6L9f~C7t;F) z6S{!eyga!yvL7<}ra>Hl%}t6gGZ;@L^@%(BA1C`!th5l&eJ2qk8AW8~E9xt$F%+j& zZoTtyFm_(#L_=3EYD8H>RSX{%U?xmWP1W*#0=0Z2zKM#uXt+ zP-TMj&z-<{g9pcikE`F6RDmUE$LLZGqt>5PVVY}$i>~dXSS48BG!x>0aUlHt*Lrc0 zrLumYmU<7#?_AUT&voaRmSvUN?z!!;dKIUy=}}d6`0yrm`D~BEC?kFgna-8f$gns1 zK^b-mp{=b*A*aiQC%!#6*?b4J*|QF2{Pv2`%+7&`?=TW}Mk1{M1yjDCD*uvQk^A)- z@L)Ax;GGxC!Y!jh123=?MD)j6s#w!A_%T)I%_aBkgKiEITfCh4cC2^t_g@qbLri&* zc5)#e-o0ITT}0i#0R-NMGk9l5tp@H?my?v6VX48c*SJYZUEmIe=N?;;Cw!DsfPMp$WKm)rC*6!yhzPXL=mI@2Bu4{l!M9E|AnrKrl9MHhwAO`cX}S(^R@Z z=G8T<*9p`bMz?|DiBLUwp+MGQ=xOidcJ?6)jU}jp_?X@Vm{_@Y zunqe+#+~^X%JaO&S>@_H|6Yv;RChc83~~b}3yZ2EJ!a3t02kY99bf;euay>64?~?O z{R4pVA7U;%j94SJDR5n6aP9#XZe?-$4QLBYD8FVElfaKmZ{IEYRB}X88JElyIeL=N zps6mZ&7O1wIG)^#A1h-_pAnQPJCdANx|ejwt#3l@_Gk(Z(IiF)a-D8mK7%2r^~H%A zy3nFit{)~5W;HGP+fD31dWSf}1V>=*1a?V)>Psv^+=R%sJ60+7?yLTq&NcB(wg=Qd zPENV+UNSfnB-qhsu&DpnL_oM9UDmm_nttPd`om z&>nbNY|h}3)Q+~#GLxWs`V*s(rf;+#;kt&@(Or6-4@Jp^@Vf)MXQw+4ut9;Fgs{4m zNWj^@Fo7J1N1@m@`c zT?}ahe@Vl4gj7Ltb!C0I#}&;z)*QVvp@4(>yf2-rz3)ON#rr)I$(}cL&wE>uFO8PM z$z278)YF^>EQW2<#&IW&F(rojmGkD-yL6+7+>j8HjhN)a3+onx`luzbqGc&-7=sFa zh&a!z*~`iibhYk_5fT~PQcWpkjjtDCiLK`cV*C}P3D zIud1ArN=z$s@~E7{@jYeXg&r9b#CBKFT4X-$nEP0MjhLrirM>cxaD?2njb@5r6urV z6?Jw|=l9ZF z#x$@ht;ukSvFr6+m1gKVnk!W((KdT?qC(`$TOsZ3(oNS>6>|RGK4;>ZMz+;zn}uP0 zStSpmoeLP(!$^*ZCFE_h4UUa6jhByAA`??YoRcw}!)Fho+XLIcdnvbqnKtBO%TH%n zoK4PmMQSLfpuli*Obj2Uj+nybw7uEGt9l+R2hR7L9f!QSkOJw|=0=1d`8oINpZzs>=D!F znqdXvSpLqHT-lptK0i75tS8aDjd0>np0s#}7wUa2V$1U&S~IcSxrHA{N4e1rd~()* zdi2tIewF#o-mmJkK5OQbN@SrT%ho%~Gq63oz27-@?u62$LA4@Yf-HhCnKTbDn7yX9 z=)`*qvU+~?B)*&fS#?2TE?7Q^({xN#$Ai@ZM;hz(D=buwNK=jqP7D?;2vW3>a&6>J zRC0{pRIBl&`mR4#)BYzNAB{Gj*+48c6{EWRMfvd>7qTz<4mVJ{nZ#w}EUj3gsUm>_ z3uUwnGrEOXz9K0TE3AZFUD0eS)gPzPSo9RRUYq{!(66{I&JvfUVjH!40|q!p>=LqT zKcRM>{RXsNu?ea<1k9D($H~jx%+P%~m>hCwDQAtzfRULo#-jPJ-o0oSInivjGOGR1 zu$jbq+5d*t`0QpAZcM_n;IQ!)va+_QyDCN@*t8p>qec-F`)(DBD@-BQml9oDe@)MD zDbvz8cxfpQ`^1F?;c^&Ls))A|t^IBPiWVgF8_)`MX(+$X`PM?LcI@e3l`uzy;rbeX zBZ^c)8&9{3V0G^m4N>$qB}*}xvm(JHT3E&hqHnV_Lv;=o#9c7>CS9Bl^Gm`{sz3b* z3rP`!XjUYryZv($F9~)ECV=^Ar^Sb5Ym@Rt?yikNE<+boKOnrFHOz)k`ej%kUyV&J6@_FAOAU znnL-MS&eJxP2ycJv7BsW0T2j50u1)Kr7*@}7FulE~(`+u?bmSK5pOWN=g zG$Ck^;3P}cL?sVzb4yqWM=kUb7p>g@A<(+ z({!({UR`UgT2*)5wIe%A8W&g~8QHT+2G@Smlq~hGZ+O2l6nz=dwW!WGd9zZehFB1< zhoEJti$ehi=M<`unA-T|33r}ec)#wk1wUKaj#U0dmKv9Qa0F)-D?z>YMsc^f*|DAH2 z32V!8t0hU&BcIa}$;#o=UMT-T$w~-iat?*UyUpU)TuYt`+>VaJYIw%`%i?xPZFx{h zNhzGRVz*m0_=tzwj-K?8;MQQvNU@wbywggO-YE2Ev2rcowXtX?o1bsy%R zZLCVj(Oh0FvhU1$`c}Ep#zy9B4|fxUrJ9*Xd7SxU@-M0*o5~p&o8Na>=&;s1x)3T) zLq@IMOT)vvEQ1N@v7I$xN&^J#%xo>u@g-&SsMNi%o{%S+Rb~Q-!`L3a-#y={=B!Cl(`qom~lHVo*#TDQuu51+^1P^jldQaRr3!pj_jX@e;t?e(e^YS%(pr~bO9?!|1M$lo_qNhkhL_- z_$Ft!egw38ub8w%-Kd;>l&t|)_2*FljeQQJQM0KKTVR>2` zE^9NEsw&8iCt=!ki7;h$u6W@Z^Ep@QhUS}cV~=|#&Kb7u!pDS?0^@2|wpI<9G&d8v z?1ZO@lT{t<#QLNZ1eo&pZipAf$E$Bgte~GJ)Ad+?-(X9$46Qv1?IbB?@8_Hp9i`EU zrIz3vS)g=|eCZ?2H}2%!neR5V-$F4yc^rYFZfjkBU`)y7mO~K4%^qmDOQY{?@vFW()E%5;JOOksNz5K)XV|$ z;qi)(FpRN}JWAS%H}?g9Y1m>r=lcn{Ev%j)QCuWe5yRSWE7(tfJ4wRy@=$|i(BCik z4TNtdc)hac9rSv$G)Hl4ugEC#G-*_)R8^G=?~Ncrx>Yf(O6@4!=Iwqm4FGG8EbI~G#nVwI~ZWPi2DY+X=qR4fV%69%uTUI5{f z)~fo{Dt+Oyux;`1bFg9TD*;P-Y*1{IGRJ#>IkK75sd&BehWvz0Wfl_uBIX2@D@hO0 zc`XFl!;kSobku>8Be);$bAp;mV^TOJS-iF8 zGrMjM*-RcMgl%_{T=ASs%Xv$$)q|y~@opaXY2=ODitv^=jUgfpH+Hf*(bFyiF~cg< zwLTeNiusi1FZA_NRcF(Xq1%;?FQv5Vnjmkys=?d=pAk3q*~3pzegTCk5TTmLnlN07 z2od+6ZcPZq?f11jF+xE2PEt$O1^>ZpguDt;%a9mA9M@xgbQOT7hy2kf{UWQbqPhuU z=2q`q{L-osKMzN0$;4-!?VMN2?^eJvPSvG4>U{JLPckw{tu_)GB=yFboq#&yh|VWx zRxERNsyfD0H%g48wDG-wt>aR3_zHA7M{yGmwWNQSO1q9}Y??o65f%E2HG-NBTPDfI z(Y-Tl_rzUMI^6+B32d8GbzIQN$J(mYw<9D~rQ&Gtf$2e_>0f%ESa-f+>wNeCodskSG?U|!QE*R?){4`O)c7y9W< zCO+B@6<0FR`^NgPon6Vwloh^OnutQiyC*nl$ncV77J3?o3A;lsCtf<0(IV^vn?1I> zb0U1zJ z556JG^p-*cr3ojK&uv&a-PF7GK96E@#Fsj0yvyYy(}&ZZ(gJ6o!7Xh z)Xc7x%nu%3J9aR%ivf&qf-*<3ak<;EGMb?*NN0Vv{p-aWu*BWpHoqt7RatFu;taRX zjm{_5&vw6spkL{}7L_i*6t;%)W{6fbv4FAb54aIjx>-|S9Ff^b(aALjGLm;EpZCaC24Rm zK=PRlKr(46_`@vhh-~ww%Ai2V9C|e3&0Qi9)GAs(vgUl+sQaXfAi@-D6rpsh zRENp;9Az;(vfgPmmbS<*DT;yOjD!V}j3QO9*+qa=S;{}bEt!ro^j0ylzex`@X4V9W z#y2_bY==uPAwOfb?VfqOvZH#0ckophu9^iO?GqbvJRj_N-|bP%ZAO)uUZZmk+H^OK zbnaMwIpZzX({>S)Y?E_XiDbX3TKOqN8LEid0d@kW0Sf5uRpsZ)sUJt$&0|O00+i(F z96LJowBIX5u))IfPJ@+cO2E2D?867ll{Fr(W6DS3zmQIGsUvDL;A=a4EqNnBE)n!( zDO{>b)bfc*rm{TEr*VIdTayRipbEWnugx*UV;wPY8tJRq052OYmCYCRozUkbS=e95Y_mxboZY z1^*rm^IySZ9xvM8QFk)WDra3)ONxFKYW^f0j-<1vRA+XoPlDkNRinU#wkc}}ex z!IZ9hT@3pEUgh2G%6nU3yLu<+nfm66Z|A9%R}5D-+|6vp^AL{Nl$t^If+6E;1MupC z+V(`GhS!V?7hHyOes?bh=Mgd9-`82PI?w^Oz904M2y`3kP?Uh?+I3r)zBG;f8 zDlar`1p_Hc%omWZAr! z$qRzYI|bPnRBT-v^iS2-0D{y$h4e>Z8g=G~_Pgy}^>}v!E@lfS|q;i+cHN-_~_a5AI7C)y|@DYUk^joj_yz&!d7SWnz{5YAz=T z;dP>Te9+3Wf|#A33@SfX7%v`13t`4$?=x89eIPopoP*;-IGsM#pxWr6<~W_@u+Rlu zfKR_>qi-?z$a(k=0{l>Su_&*e;j-VBRXyI~-(r~YNqWnRGwijjuc-ncmuBz6Z>T8m z`%7Ikb)tmmAvybLh!ZTK?S;-ptuylHtPsmdr8iTHbBqGmp;JinPD%J6A=fmBw|ZhE zqNj@hPMq>c zEzsNbNU`DqNvTcQ1kt7mR|#EF8b`+_)tsx3oD*Aivx=b5j9hh4A60NkABAyF>JTRD zA*zX?APEMHE|BX$GE7n zUpm0v3e#V{dmr@H8`!MkH8aKVwNH`|FzjoP#Uf#4B$yWxgWjAJg1e|4Lc%;xB z9=pZ3tY7MU#^92T>7{NP9xL?$se@$+<*|n%+|gMKMI+v%5fq4*+tG^{>d1D>y9|d4 zK}<}K6O`j@x)I7>Lmz?=RB6!&+tK1 zbc_Or1Bmeln4Ak*((HFkzhAu&Z%bX=zNqCs%YvuRo|@U_dq!`;d`VJWohTk=6hti^~}$`PQGQx5tYn$Q2O*c6OPTOn*qu0xh%EG%4*6?%#Pn78_?W{ zht`}57M>m=vPb^f`ZP+JxQNAsQ${!ewdT!If7gSFzPObLT0a8)zzks=o zPk|<~L^(VwfHBgK&yZDts_!8EG~zX*+mR>=O{`n6mOt-{p^_D4y2^YR7+r~_H^_NyM3M4YNm9S){ zC32>_&2ajxD-mRPgF_Ist(D5QR1WXJ4ehsdlP5*9b6>cJklVUf4fmGp`}x|$a+ELi z+Dw*Jpt|c&szoe2yF`!`mhj zgcD|XL#;AR_Q>Pc0xb<*&yr9bDI>X@ZW{y;DnYSl7V&$7Y)7vW=9p&I>F}^N##xgULF)W)YxDHSJSIj;`7n=7C5E_c->P)x7bnVp z67{fZ#ezIF<>nlc98UWRaSM+#Hg|7)8iC?IX@vz$XSSV~$qgnHzfEVL5WBC?+cMSR zIjkwn=c8bxh&8n<>h&`qo#X1ddC@mWVM^1vJIG3ePECVWg%lf@KtSVTs1 z`U!CRvmXO&a&Ppke2>GUKhAefax1=7MUM9X{2q7<8mb~JJ&Oxhwl%#XmHHOI-i%wx z3Euyd+GNC;S%Z~Q`aq1NO2~jW&8J;MjY}cOICcgNf3Kek20H>G+gi(W@*agp)cz(M z>+;Qa8UN|*+L7c0l^8qHG-0La@w%1LwaTb_6g2U??(}c&kSPDU#+ZqXIp~{=nk~?b z5`o#o#wZOP$p?--aF*!f*M)6a!Xj_d!Wj17*9=$I7q&G3cET&bU`Y^FNVXY;2^qG* zckqw4$iKXI948JsR%R|#gdO|57~2cWbGb@F!t$nNvh}$p>5=!OXV)>=1b>}2l*oGV zJEL44(M_Ly&8X@_+E#TMhQRqZl|I57&}rnw94vuW%e3qoJLro779QvIC6yV2mf&@Q zf*PE`3)dt50dkQt4c*;u(mO{iZCX0@24crfY5K<((39&kF6S(n`7^Vug{#zT4Y(F% zqhP(0F&l(s? z!tr#HgF!9}i7!Xbp3ZVf(7%^Zsmv#Z)Qyn6;(%Ixw7P{ys-1L!Q>%-eIw$GxIi!gzAaV5qARFsU1;u zD_tu(JM^aUVj1?8KanzyJkycYd| zR4nRQuZkkC&4I=HJNiqR_d*H(go;GpY9yHG%+~9nybH>ohYVPSG2>?vHVrz+!CCz} zPXd_keT(Y2~m{Cz;pKPa8`Wv^e zNC=#IxN_|#isLoXDTFKvp^HD6!}OV+*y_~Q0S>DNtTx02j@kXXlq6c#j6jeyNfIh^v_#)Ur$)EP^;xa#xi}t zxgX{?ZUU<^xdf=}x(4Byziu7eif5^qM3^!zq*vE`^~sQX`8lPh;0d31-ekKg2@s*3 zS+o++Cqu0aDPrZ&PFF^Y;ULMwE*4a)PSS98QWIC(Cv3qs5+kYb(T^I>qEZNgwFHn` zj7%zZ?L~qus>!F+`3u4QvVEzLw`F)A%3oY5A@Fmfd_f!{8LDi?Fuv|zol((6whT5AA~&M)+j?NcSfTVE1`mC zY;>0UrBlu@_8gp~%PL9G&`}7w&Zk+Y8<{u#IYIWN@%BkB$B$SF^^Y*!Ae%nO2d3?O#Gwn=K*kDDzid;%uq zi8eNldRjCaTJxYR*Bjl+VlWwQ=Z6F?rzcQd#R|wIgp#j40QR``qfP(#RhfJ!Qjf&j z+$nI9PNF5o=2%dSgG*;}OS5^{xg^-yad}JJ&lQ#24ludDhT`R%4zN*bLnFI}1ceb{8?)i2jb=0>af#~6t=EJm zIY?j5NR_fA7b_3)1)pkFbZlkx9MH4K?}x-l*OKJ&_0-%^OVMVTq!2aL9l_7i=7jKk zb_^g1jXY_1CucbqvgzoB3+FW1#BzA|@d8y{3yrLPFIg6csD~Y%wn`G7B)VO3+}*+; z$Lv}%xoSP=o-LvuUvgQVf#FOH;l50ibG{i|?`q+O13lv;lz`^svanp3 zK+@d#1*GUN?k1k|#yy%S0;Dyc`aQ)ptTw;08GRe~YwDiUdrjCyQrovjbtT0Upw&gp zc8%@H9G-Xk<~a$}Qs}g&5g)m7{G_4efsn>v)6B??$StWSjf9*;b*&l~53935iZLMx zb<;>5G)R&)dK7;MZoDM)mdC}$0tVNA)%H!xz1&Afp64!jPHsjlv=_nl60AVhZi%Bf z4wP&e7pcm2qc;`M89mjhobHrEv?C)j+;Y<#A;L~C(O>F{$jqg7WKL#zuqljZjo>L% zkL6k~>bjBGn7L1ZQ2AflvXfhPa7vRD$0;UEwolC17lBPY%m*#`*YyQY5HDbriN0P> z%-gEw#@npYKM@}Om_k~UqA%BiLPN)!_ywhD`mNUzJn@0%TvO&rrtNk3K;9K9Kq*i0 z3+Q{KOig7-nhipnMFBG0>K3Jk#rdt^bf);jRiV8*e4LrTx0CQ}s!Q)Fnl+;m^a~Hl zJAeU;eg!{Z7>3Y4D1Gh4I$Y~clKlAz6FPpXhs$8z8JJQRW06`B-LFb0=m~Uw9^EVb znZS$L$gn}YR@X##cgXxo&X^uiLD6& z$x6}pSD0}Vi^unThwxqXe_mU_XY}dbh5YWAk~;wYwmkg)3d7?;EWj=VaXh!Zf9N;7 zxG_%$!7guyAikS5*}D{?tF_dNuFPGlD=(tUM}N~A?_0i;hn|(8R<0K=nAp>YNrNHy z>d*VxBjMT)PSlT{Gn>@0lz6&1>i4#_(*@#`{zIPzAw)4YUfQxV)f_%>IxBa@luiz zVa;jw8D#bd#W0lMLCx5JzTF9*2F&slF@Q2B$ds%yv6@Dra%mp~%L+=-}1}=3(zMMinc=g6Z%(YYsfpgG8*7L8_`G3Qcw&0(!JK|_5bm-U9PTQwTGHZvHn8~YCgWqq#Oqcb)h zps|+e>)e~P6ZvB}4IIDx{S~=?>%TBV!U3LtA{WJ0lm{8 zKlFaMi#Rfv+GB#pZp&B}JvS!=$k|rF`Kv@=57%K7|GXCy>b&(tx!?n%1Bu@C9+Uy~ z0Mm#5pQInZ9ilSw{hp{+Ky-Y8a?^Q*+bjqp;0&QPqNs3=S}Qr2QJ_h?@fIMi**@cY zu6p@Na-?ZIOGDgxc0&}LC5Hk1or7$E2R{E=NvUuL`rQa!N#C=~|t(9~L1fd?mPlb%yH=~>USWwl!)~}1{8OJN#w6Vhz-ckEcFnhe& zKtZc&cuo~*Hl&Fe2)9k5oH-}`x)uLqkyK%yZedb>ytt%o=AZywGIqYdzx-=hkpKf? z!LvD=Dc2#Ayis?hjGf6~Gb2Y$BiW-*fkW>y^WS`hBYHnxqdi7EQEcEA6DJkRa=fDB z?=O(Fv>G9d!t=P8y48t|!Hm-&ES@#pB`3?gLMUGa!wvQMI+Sc-bZQ*_(L&?1h#uU9 ze8S)i%^lg$UJGYCfz-1D`ATLSPF!MZ*yMSxtqPk#%Utrh<_8bNU58I=#D)=^R zO)DtVUfft}+%EnDOkbiQ+;Hje{S>yt{xuus*j+2z73o@qx%@CUeM4`$#miQ~QTIp( z$E}gJSC30Y`|`X3y=A4n8iNvU+HvWUs{8HSgXl6Dzg3A}6);>l`bM81b0$sVg6EGRsMUwlA;hfXLi`?fr<^i8Me`x>OWvR=1Bn9x~1 zhASvHXHOf^=QM|;dGuB=+cXwkOLc(~;vLB(n!|(zC%N<$b2UXsY2;Qd!;H<#puB;W zL3XSB?a@^bXUrVj@&S{&!%n=!Ab6BD2&vW6BS+7BI})+L<)`(6xD<(^kL(m`-6vY{eaAgWZT- zsZgo~9%`MsrygeRM|ipacq2-?&YCOWrGk9_I7M-zPqg@(%roL#iZq{}e!?m_v57ql*l^w5Eqg2q<7+I=x!EdX7-o&miPn`U` zOY7ik0v6Oi$(&V3huEy+hX4uVyj5dL!On@TDX*f8UykgNN4|(2Q1g$6X8!aY-}0

CU1)JPgO&4GP^LWYF7jmo>z3n*2`Akzyb%Ne}egkP~ zyqw7l`$mEBg%nnFmLYa`oLr=`XnK(CJc{0T4ZrMU@aIX{mMOD%?rBDVCn=1oNR==d zQ4uKMSACKga6*2Rw0XGE@ZE^+7tr`XvBT82+R3WuEUleG2{VEQrZ2K^;WQxaT5=wb z0x_>jqIT8bDJew8r`X8}Z|74Q9^IKFg!>yd)z&HaN`=yqEm&e1!60t(YRxasvW(=U z8WHSGnl3gbkogVVvxcP(M1>?yUe8&|h)eD2)Dhh5B#>qA1z~Q4Fu`u8e8TkLTRq@* zXf@hapt0Du@5MIX?>=4uvL9;3Z=Am{#0vP6Jo12b)LEqzbFtK6jp+h%hr>GuFW~r8 zi5xqo9+_LCydR5WV8V=Ih|^@)p+aLMd}_hdYAvMTT+_dpmvInIJ-*L!M|^Rkd0|dz zN2xMHX$$9yh#VtJ;AuS|bXt~i{tWkwR<~nPam145fZusdGiZtfKg4ZK2`SB;b5waQ z*>F6|(ZJr0m7OG}C8Z-{`@p^f9GjQgg1f$cUV$NDLmFAmdf1~a-T1i&H`|Aej7+Q?&+G{IRo^r; zuo1of)^8w7^{zW=qxLGYa~DV^n8h84w6WaWi=9-Q?mXiD*(|=(n{9rtD`RAl<$W=mG?U5aw(2-!QY^mW z_;#3Lj}N{oaz`)RgePz*XY*zjXqiq{Pe{Q4K&r4^#%KD5Fsmid1iRF&7ZOM%pH`Gt zxWMEVd)}olQa)ALJJn$&dbphDKh5&vh8(X`k!lG;=jEzyB{;-aFreT2hvKWaAI{tD zN=2zpHlNwk8P9a6bDr&PCBP0F-_Gu41zE*?$aS>Y9#T*PJE?{($}|S4S-l!KZ6P+k za_GWOI-01`K5UA%BBjR@4|s+C)?ZhVX^)4hcPqg@7NXdv)?1f27`?gaD6o2rVcQRG zO?W<4lA~oxqFFm?mF=(nLS=Y0+;A=lb63qOoVH>Vo<+udpJYr+8Yyt*B^p=F46>_2 zww$eFv3v81m6nd0T(IZP*notkDr9gvV^G7FFGfs6Ac%VUT~8+yFgtzut0v*UECKFi z-QcuAr$$aX_Sa6yadU40`1Ar&JgcbpdqfU5dP9@QRCGHUNZQv=Y4Ty{X^OCzVdKO3 zVfDm{l^50C5GUUA%I{;ZQF7TSaO>8E9wfzbn!ghIykUfxWx%o2(6j z)o->*+y=!NjsK3J%4I1sHOCCWfrP;IQ#+laLmgJ>=nne!s06-03(`~H-jb_!EAjjM zUqJILE0efNAz*F^tNiV{w?4Es_@;*Mx%IqJ`nNUPO>8ZTbfcU@8=_v&qnGv&uKEUz zqW7%#6K3Q(WU{+a-wAjURX)w;n!QUAI1lFm99mqi6Q4PwmFHB6Ua_GWH+ed`uYF*j zpClY_#){EH4zbT7-^)hOZf56kxi!grS01LH!pJ?f@7a?$OIvI=WW-cCn(Q^sI0ajZxH)Uq$VE-tJi*PI>~Xuz`WLAe5Vu?eLCVL#FeW zi3PI27>O2G#cg7Ipx;qCD%<;$+lY*XL%+#FBch*Tw$2;lX8WxL>SnmNUMYp9CMS$MPwy z@T}r!0NW@@J1I7KKY!N23ooZ)Gp{#goF4HvZ-XYEC6Ay^ccuXnR1`H=Y02m{EoU72 z7scSxnkqo;BgcuIvq1sZtvalrKvKT*}2krxt<81MRcv{mvw@L?5yb; z43@9PNrj?j9G?>J>wMkeQe247oiSm}nHdlG5 z)x+B_O)cL6zQV~l0OnDv#SRLj%Ch+r^VLg;aBUr|$$zLc!NE zD=55Z`}jCM4s1Rdv3ynq&M(ey`Zcay0S6JKmke7aSY{J?)K?a=)PH8EcqTbIiN6w)?SVwXiGU!hdQCTYR#8EBX(!#-T%Ndp zSSOCr!QvRuxlw{`k(>JqNVUq~rZB8Njwo5aw4!okKSa8#jp?~l)SJCNwhFIeC=nf9^3B~>0@;9s`=<}Q zY(HfX{&Qlse@@7PK#{keKq0K}pnlq&6?2Z~I2RQJKEJWL+6Ex159aGXSmgg`Jp-Ps z2TM0f!#9Pems!E;!J_`{+@H5oti@?>hTFQ30DH(a>8_413 zsuR&6ni54m1w~#~t^cc;V~_`Dg3&Bs^>3yFAQY)f**eNMQu@jng?H79_pU@YfR*Bh zp@9;m5sdj;E$|)F-(p$z!!Z9*1gju)&R@*kkCZs1iR(sTr{9xq6Fy(Nb=&72(|!U% zTsVaJCWHdyrbJ&jt+}JRIlWq+z#^oAL4qmG)Wyyn9R!e1ETkjltgd%chZR24pKy+m zXuXIkKP&sJy_qG`u?;O-Kc>2}Af_O>anvgoBd1htt%BPqv z#o$T+M5InwH6=nUj%}~qivX{j$BraZD6w1RD=Duekv)d}W(!wmqCRE16ZcC{GZ z^sK4G5nNSl>!wD&t5=lKaKuu71K@6AYEVymTOwtw?$ zu`r4-;YWu82bO@oXM}xwBFDuzyXeI!QKc=OL+i7j;U70PRn7)3S3;s(=Jf*MRKh_B z%6wxl4&YG66tx218ofgz4ane-l?byYow0))6+hi}bbZGb74*9DYQ18d-d)g(J2nC-r<=C`ACRFBd?OJJn==~47{qq=?^Ul0v^btPFN^A1 zbaLs$J}YX5GI5&JeCaQ%y7E+3-{o;j`c9e>>0(uWPs*o?cL}XB4yGatZZ3{I!IJ2q zoR91ue|dot9UUoE-2iDg@f@V;UhC40CTdyDD=K-sFlS1L|6ymlx1TgBO6q3c=SqPd zabZTS8!W;z#=tR7{!)`a>zE67%WmC9W00~nG5(x0fqIZzq@XKmht1LHxj1dsE;g+_ znt~6`)8|LXt_d^#lqI)1dDIK)MXcM1frz#-vTaW1=XuH>*L&j5O0F;t`$giLcco5% zcKT*z>@vUEU$+m9XVojzRG)}WarfyN9Rdb#3wVdk_49R3(aP@L@k}2U)J2o5a1G3} zFIV3#@~%g!+wUY6Cb=$zZ2WQZE%f#3$T{@4JcI#|D@^OD0%At{!hBl zwbJ^IG7!3Zw|q5%J&I^@ zfsZo_TW)j{vs13NjJWP;|t9>UsH> zCZQOXw!`_nE6G274|1IpAdu7pgqwa`jdaV&#)#J1%z zUpv*#zuf5nYyASs53Q&1PFqGPRH8JWCB1+R|GaXksg zqBGm5GJQRpFTeFJa~SU$-^pgX2V$g@TJ4rj)nZz^kboa{uAKgYt_{wk^W?14 zLDSWJcM&K268z96(W%1LSC0nE0I=aeMF@U1YrcX&v1P7-kX`Cwbn4Yb^gR$P-yN2k z7EQH+F8hj=O}d^$--{Z9xk3e{(EM57pCf;)L0pRyPRp_|M@ixo1_RFt4# z1bKXh9Oo${+XY&D!jv# zL?Z#zl4X{c%N0(vM6EDjmsFHZG=v@ZPj-6|^<5%pg`d?wcG3lUlvGwM*Q7#C#OhTd z`ZuDvP_S*`DfUVo0(ItWGhaihc5{}l7;IK)7Ng3iz{eD!mhbWjUNdx1_7c?1Rkh4S za#1Ko@H?SxNiqdZXT(*Z=xrDl$w?i5G#)xLT)KypNX4%GiW7`)g8oFLVxbHK-LtU6r8pE|`-%=4=yPEV;B1~CezouJWXTmG?7c2^12URhlYB4T z25aCpt~bndDB^m|tZ@Q3Ks7ioa3>Q6T2_`V$xFoyrRqs$*8wD-xr}V-HpUUsfeaGK z5x&HkjyF{wYJeP0FM2F*PIg9B2yOo7Tn}K6S@`1bA+G<`-ycryc}M~7ND-oUQGXul zl2!o)UjQx@S-|2h@_h(}q$Q|n0%czwaDill*Ij&zeAiDh^X$?5g_NRD=L@>o^WyrF zQt6EaIyN?$A1Un>-VI;LoEzM4-4=YG-UI^6fch`O-x}X={{lLh;JX3nNJBxgH;h0a z+Ed;m-m8v}s{Y&s*zy&5T|5ji-a)?Gv+(;%zEysVroQHRq8K7Wt%LBM;=2^Dt6ieI zL$8kTia{W5qX#TvD3?R9^cD0MBI_d4aW|RAh0R8(_pY75%0zUOxd%u;2!Is6``$A@ z65s3nw_yM7vHzEKOg7kH5ExGCKaWJBKgUbjqSt z5SXk+uM5-U3ssaWf-dPu@p2W$=^UdmRPMAAFeo#B3_XR#pGNKQ&m$g`{bRbw`*luG zaQb=Ndi*iyy(xd4EO>v+2^#;=OCV_dm@UG8ObSY#e@rGKKhH%_aX)5@e+vdolWG6% zvHvG^EL+V0KJB((^QUoP!aK+gK=~q5Ewa2+LFP95*)>0khp>^x7|iUB$pD3X0UBYT zdT%sf5Byfh_t!%T{;pp@>jy*^;m0hVd0xM#$snRm3PrIB<0xXYqzp?~eG`s^7uJ+o zp?()+lNiYOAu^l*_lBX2feb!MvVeH5y`CHoe9T0Z&5 z_g@CE@e5sXV}p96677s{5^>hLiJrZkK9i}z-C$Wn41Kq!F(W$k-t%71oX8W_@l-Z+ z_NP~8>X#Jf>xG^75r?LeMTh-VCp++B(=;uB$x zu07LlIC&{NV{PK+0M_%t@1MXs|A3j{I~r98AskB)sRF6qH~=6U06r%{WLXVZW2u+h z1x+GVg#Z56zkB2VQa5;4)+AwUd@EDq1KP#0zvhk5$bZ%SZ&a!@OG1bmz2^ZE=j`Pf z|6mLPNeE#oO1vB4dBX*l>^VvNTvTM?h12=131XFy-psDtmxGP5%G%0ZH;2WIuASvi zp3f6TAvOL73tYi2SfcuPkz;FU08#A^+%rouYMvobjf>GHnjbmiUslfs?B#})YDCu8 z|4|^C9}6hRlZ3$Ev*_S+jk{EGt76#PP}?LgD>)RpWo_!$9Kw91$^kAWvmS+s$Sfw& z+%qwy&Kxx^;(>2to%t3^ku`TjSaZ`l<~p&?5M#w|EOldag{#0VtNBx5k~ZGo`biG( zj)xE481g0m;~9{kt(U!!R?*EvRT2tq3>lSU(?f>Fpe~Q{gJA(T=Kz2&y?d3}-&jV4 z!7Lc_gNEt(evZ}Ww^&9<-P=7!;b1f9$jBcQ#jqH1PC0jpah^;N?iFu>{~}88*P{xU z;VV3@1kjR9&HW?A6+ae1VCBo1D=Kbw zkra}I9HN~(`!tlFWzhd-$fydW{Qr-+7gMS0Jj0v$A0VRJF9U&U*{Hf9GD0BiOaQwL zN6`*c%7j%c2 z-B{S{Ck*iIK_reOo)fB}G~m0X2w?b|M&P_Fg&};*vx_H^FfuFKJWK;nMHRJ(MNGqV zM_F^pM_dNATtCejC3`-qmad1W&cO4Dg*Sp;wcThe-Jg2eB~q8j-U}gm&gZ?b$hkyV z{z|gaeswo%SK5>shq`YP+DL(#DXw1z67PsX9B!scCvAro+Lgf-j~I;JA-En4N1eD` zJaK&febErS1RBBRpYDJ9gW2jX*;G?DY@v#} zPPjzl=SGKe234QXaU>jkSD!v;3@(>t6J7}6l!hO~ZNFv1jj5Dfuq>C06Tl|3nY(cW z;~AC(Itk*Na0f`mJo~5!jeppg6s;Z?0CqrP_)cS06k3$Q-`D42>D-AQ6tuA8R#=s? zsBg%8d=4{kEYc@3_6vy0J<3*cU06)0kTCP`7f>6$&1wLRF2ss9^JNmDH{x3OSCo#% zmWKLesgDOmnHFYpRah6#in~@j9&5>Rp?4CF?=UA{M+E%`{5kOdUAA}19mwkYk>ZjN zLjf2=3GY?F_)QS1%EEd=mR$E0Ley*kPg-Fs#%kwRmpJRe8@Py2RcCn*zqI=aT^~QY8(nP3pwp2at zQ@!k%)##e0?Sen+7S}|U+VW6IP%DmC5$$z7QY#!r5|j8OuNf_T{5 z3YS^jcYgGKW$8mX>+2^h)7z7;=VqEC%_H(~xX2cm?(GyDq#g@p3)#F%Ajpls5GS#1 zyW^o2=PzxDZjJ8IJE6CAq((|SAXCkumxX@aa@v@jWpfj*>8|#~*UAIjkT+eu(iXTgY(h`aZry zgk*d2jU3u6F(V@<(RqwF$q^=NZo$;ngoI1pTy|q!#8Zf^D+r$S1_3DKskco?IegX| zNV{hlUrd6RfTQD_YL%x1iaem!1q!idcq35ZB^J7|H_XOIQCz^zZ9>lri*jXS`wlpks}MuO%A{{}O4!zqI-6zq zpHmd^hE|D7mULpFjWaD`_jxqY7vjNw2>Sp~^a5Q* z!JK}13_N43sGty;Nvzz1pZ{&?{Gw1EkWF!ne!sGj*KN1^t>Vy27yJ*_@TI%_SjGi2 z9;dD`Ax<_T%qA~-iiSU%yZLq%G6Q$WG)~yxah~@K9BdQUG}#f8*lH?LtMkNQKB$*G zcEm+eS8?0-)x7sTv%ggasaX}KyemaJXHc$3{>=7>N_H<})!fPg4V~@Uvqz`P5zv(7@o% zKyY_=cXxN!oXN8uTekOF`|L08d)5bj(=$C?)l*bg-+jyV=So9X`Q5-#1y;O#ntU3X zXG+;{y>BQlw?3>{9Opiqg3Mi&O9uIAsp@d|DibNnaJZND=e%(G6T!8=K4K{e!C@!5ir#RY)srASt(il=im$L^D$w|sSkNQ-57iI5FY_$SX{a8ecX z5RuI1y%$-PV?{;1Z(0hZdfDxQA;P=CfPVptWBLac=P#Rz-qC-WJHO4LzkP+`|9#2* zL$;2B8Pe&$UC;FA+NOVJ8~N{|nA!gz*2xnf!tJIqm3q33e(#eWpDkw&$YTibZ4Ba%q?NopNLH)atAiZM5G1ll51-S5JdA92I^ z_^mjtAc^v=%<9dU3!rdd%nm!+=gT;g$UH;%Mif!;oV5bJWv$v_Yl7@10CWFjE_-t_ zr1QfRy{tC2FPCQv$B{Vi`$~!v@#s6p>|p+lH?s@uowfcenQsS^{m3H)j5;;GpMX+w z7i1htocR}`@IH^*e;Vrvbn}B)IkFPT7D*G%oOQWDM&-?MM?+7nM)Xd_qu*TYiaFN- z9J}^6>V~FlxXW02s|k|LGo!u63UXmDm)e()rsZ;X)!aTrp~YI^FuV-uQ!z>|X)d;; z)rZ?vHm}05uug{{;^!7RxivFLyt|bSJmCOlA-W76BGb~ZbX5eef6TB{u1jX1I1(|GB0(}VU~u~hqE3h z)R<)3@wEM=JW=O028Gr+mC{~!hgbDUgjZ!zMzwKl&SJFk+$*NAm~-_B4)td2mS8Cu z&zwyRZba*6vg`71PV{>iD8iNCZrb$w(N%*rA;&w8I0q-?VWznc~-t2)8P2}`d zzs~JNijOYD5RJse3P=eyh})r$RbLYF_BI&hn%VC2e8mx!ixMPP((CZ1~pn5 z--t?D;q1#qb7uwbKFn@Le_*LU4Pcrkhar`&v`W{~*4NfM25EnDH~Ls6NAq4WQeJA$ z4uK7-!zD&BfuqzucaMauCPrSQzzQk5u|C5%U_m0my;`p_oud-Sk&77;L@wpQ`Fb{t z5b1T_s@Ekx*m4=x9QS;QFU%!MFM1m1bfK)1{6$!&1pe-=>hg{F#W4#vhg2=SoX^7# zz*)~a`F_im7uURff%zS&-{thwC348OTJZbYU`6>s^Y)V_kIHR7 zvTr6$?a8>am%2gnU_Sb>c#NInaR&uEyfausYg}d`I2xq7=%pLgX zy_Slrw;M%AK_KhQDvr>9mE6RFV3#gc9HDsP=bu?9mrn>5S=uri<3`Z>LGo1 zJGsc(e)l2DkRc^I?}faK+!n?m4LNKrH@!k58CMF1{_}3n%tbNMKt{Osyk^ef7rsV} zG8z82pKL>&29>5GKT(8QRpFvKsTVHnCD)$CbF!(Ns-dm9%(1XOjO~P)0}Sh z^eSO~4`^IniK*FNz#{cZs>eXOls?mcdnsPAs&V97yS?a|oXEzqep@^uU+b3^A1S4X zukL8f!FvoIobcaFJ+H*wzs=_bv(0@8<9L9^)_w%JA#Ji9!|POK=HQH2IrJPH;jC%K zUFI%U5K%~fUW>MKbHIXn*WoreplC7Il?W`+;mvqGZuP}VTT)}V%2@Epv;>zUUz~P;=;HdTLK3juZY$H_djzk?KMb&8Wz+V zZ#cOO+sZY`D+STjv(FMm_Pw(+#sL5PFT>kLSrTLqMdZ$e+-AfmO&u|i91u0w(nNj# zazR0+w5z94aS)*kNS~ipB`B1E-@W!B=V>SU>Oz@M8VrPz%bpM1fH zeZi81q--h)k-5`U~J|kQ@r=c;7GwEl%i4hbV zNCsx+Riv|3@0Smq)iqv+Rx8`srveo$&Y7_Eb4rRW%eyT-+3t+Z;lI)2l)R$fd0XrZ z)jfc%@V!K{fJZ*oGGiu$SE!Bu_$A|fVq!u$hWnX0RNu0NttC%@w^3eb^E|g2771WHQ=8jAU7j@b23)Rl z1%2s1jM+HMhb$_uEuBDWiW^J~u(pvDWUnFF!F4FgE+MKv0AE0-_*P%>F7h-yXNENc zpU$r?blj#jbq;fV!5_E%H7?~$zP!bjXm%0}?{FrW998^Bes4JKKNS6<|G=r_yu5;> z&*R=_BvL(m2F^1-?EcOB9q7iNqJHctzhG2QU_V;%hQo8SZ(CXw+!(c;&39YnST5m( zb9x}mGJlEg=I#@GH;i8*wy#ru10!j05>yHM-HCn*(Wz}=V&T-y~$fde4IK*%3eWOm}ZttGI>n3S=i(#~uPbSs7Fq+4bhYVstfH^7NS30Rm z&0B1BY}y)I!)x%19&!pyC{GC>7E`l|jg`SKvZWMiW3|q0$_6F<)(N(7WNnC2qlCVSBl8)5J zYzDu{c1bc=gD(iVM4r?yhIeq1K(!DMbZmo|tCg$Wl5?~Up^Dth*}z{+1?{nwhDkp2 z;)=VpsG%GYIxsz}VcEm$b$J?z9J5&NM{Z?#4#hA9q1`;}@k)>ch23CsrW$eA#H8btoB<8LD7dJ2&S!wp2tH8mp4x zp8DEKjG)&HXBBV1l7zIZrC{vw9K{#yZ|gLbfu`0r8PfdazIS{t1@IVcQCZ7-x^y~J zfnJQ$9~6OK6oZiIylt(^$0XEGGo z%i0}y(V=$N-j=3XOzXZHWH-B{2rW9DCsaZDl)>Lx8j*)p_c`7wr*VBA9{y;x*kob0 zKN6}tZABR-cH**s7=7s`d`T)RanqZzqSHP#u@qnUfMU+GTFvBfsK~J&h%Uug&F7@$ zU^mG4jW(-Xy2EGaKzQ!WCxjCA`8_T8)Itja&&vg|?eCGjP^ez$2vG~hFqhC7lMkFG zMLO+{6!9F>wlrcj6$zb`#kVy#HGg@(IScyIb-U zM$;uqLd3q)maE;d`Y>^PMz;9`LrD^;S0*Yo%0}-c#9@-%rV+ATc-HT=WnwGntQhI= z8+IwQr)n5QBJ=SCZCUK+vtgL#ES$lsHn=+c6FJ)2^Ampk_5^viLKoc@IUd4!vpUET zJW^luaB!R6VW@7RUI$)+?;%Dn=QVD$Pkp(`4P;Y+iVoQBsgw%kAsw%Vl+f}@x{%F|_HR5QY%-QI2Ps}$*WVeZ?H+(o7t6J0mKWV zbG_dyLfg|1r>ohO`SsPF1|r0s#uB6`8!6+ju38ff6*Y*~33~|bgAWfXkO`6N-Se;^ zm4@JGj9C)pNTIvaskHdEI+ZKjD!aBr?8R|C?j=$BEZBpfvJgho|pOGgt!SNDk; zd3T{Y5&-=i=Aj%k6kHh=-qUP0d>uIQ6{J)+Idi$rt5`-buQOS|MPxXD0GN8J!q+yl zBw3gtv^CpKz=sFvGF&~9Y9m`)oc?{=z${v{T^0NN@XV2M%Idm_1{Dw9M{wS}riMn= z=4x`$czr3p>7EesEyyx&lC9oKZ`7)|9dAnItJO#1p4NapIF(-(fdx@V@`ZWbwrq^G zDI=_J3aS*2Bwdk2Ds?%f3`GRed(+4aO-*b+0984By{~2z24}txv4*D+si$jd0ZldN zq1V>7`(bb6F>IWUdkdc5s7qIumsSSjY8)JWp2T00VQbh-0BIyAZ&l^Nc#kkR%DD?y zozl4kpUs`EKCB{svNHPR_9Ps-&3&w9RNZ(g-&kCf)cN>D%VFQr2K#H1J}>q_ME79y z0!$a2S+#e?hkA3#I-EmJ(3HrkUv129cc`36KJr|P_%S`U__%RdAMU~IcCl^h9U`ZY`NIreYV8#HiB(CE$+XR8 zgZ~*9ib;#VGti#MqqbCV58m5+W+NvEwSYRb1JiILn+T)cHFXvq#m z?hNYc)8E>0#w_gT6PL~i^R2>%`QAGD6MvHDx$5n7yvzM^@u+rNqNUxh9WP8&rlrFs zu0jlBRH9Xi9^lY#?l4{L+ecu*qy37A)*p|Xcn5~5ZA@3&((NgX{jhTbhox;q%IIR5tzlo+K-ucDwDU;iuI>8ux()BajxDK3NaA7nz_R;X~| zLN7vfZ5#RNzf%d(k+l2y{9l#~rBzE|L>tW5m4ZEBK~P%}_?TF1Ly7V1q2^nrP__L7iS_XgjlJ(Tr7g3?jIyiV9{@p2;IfKU%+qJepJ%>JHSbFBRZVYJ zaC^-L@{`Jd!yU`llSHeB4PnxBOdnIvPdOhi#edx${^@E-JR3WKZ*$Yyc=%r96L;t z)YhuJJt^BSJl5z6ERGwNS!Z5?ui0cs{$faY1H(318GrxS(FPxCJ4ni^p@!(r)BKoC z30M?`>9foV)w1_Fc1z17)$f>{2`|NAo~?AbKeeI;p6jY)Ad$}=B*6_cmp|(Xx>i1s zzKQkLWXnIRrb2$X@C|0WSR4)ANfyAST>$BP<6suKh3aAv;|ooDzrbI9OWAtWotYZD*LUQ z9VJK3BYNNxWZsEahVS?JNPZSW@8dXYyydsm;GxylnZ2Q$)|_z&C`@k>QAmurM)IZ3q{ykz(cB@XNEBM=8&cdQSxoPi z7Z33}4Fc=*tT|T!(<{GTU#EkQ9UpJ6?`s|`g%(80pUI8}DZE5R?LH~C>=Zm>c9D2$ zgTOX2UKc}dU{2*bNlm3DhS_s{)uA|R?s4wpv_0@DMw`2B+jwc{@1wV#*>4RKShesb zqnKuMZ-!G3L`&x5ZIlzC57mU|V#-hP0oO$H<|G{Q;R*_*IjQ?NrTAqRD7;Sj>a0|qjBUcG12-&u z&2v9hpxebTCKDfwz+70D2#+c7l(^2mIo_G0z3lSDK-PU_JQ`^gR2DdI(xca6`u#}G za%Pu+s3Fq<&u^^9@&7f5LpG(XIM0@J`!J#)(JI!SF#w=L|vM}DSf zOYB_B2DbZ5FC=})5kNZNs9-6?Fg+c{S-f+>i$D5Z(yNt|MPeJ$QM)BNi+7d7-N z+V#l1`?txRCa8V+aKp+{JDK=YBkG*_J5xNk{tn;Zk~qh6C&_s#MxW>1m&qS|%C9%; z7J5SsGfH0LV-{K}N7%(v_MPlA8^ZuPRa}htaM-*kwC#TId6+n{K)3cJ_(9-%_O~5% zba&!nzU)tePLf3MxcF;p5gfvZ zRXzJGM4OU|R7ClK!}NuQ>9;=sShl1W9*?5=5b+LzcAOXsg3p!qpYIr&vZ`Zj8tPM~ zwq|38<5Zwp0E{C%5#Trc{xS(K7qUp0lD8yE+t=Oy8aYs@_b}?0 zsd%OTJoT`!kz;C+%Ee)`G3;RkM`UOZmmgsP;_FsiqNxbh&ctpA!*dp;e#v^gU>Z7| z)C&m&t?A>6WhQji?U37v*ahCkytHj0MnkZ(*ox1dwP>OnU2pbge5HW;wv7f}u{r@> za>pH#>639=daGxBd3Ks|3z>{r;cJLhx9`O7{na7qqk5_ow%TS)CR~mqRvwb4x@1%z zogO05v)uc(DlUxDQiI#3^}c~>vv z{6aL=Fx<7>_~MlpKmDS1fC_78ZTKW%m(>*@7ql-rOjZxdjroe`4PR&bT=&LvA+t z{U0Mdu{$rmFK{wpl9%e{-h2{w0i&v|4XaGf(NrulT88NI;3loB));u}VBXi9NEpT8 z9ng61l&~qSdj!_Ph7G_A?W-CzBw5L8z`l5lGL#~((e%ZoNDgZhTCrbd-{N7Y(AsSF zdO0C6_mX+ZU!0=Q4^o+)X7I_APND;PtNq=nmf6mz44R+C_absQEWWfum>gWLJ4J+y zZhP3FUdYXfYDv{V`q3gTu}C6cE?>Nq4QN=)F{Bg9j0BE4JXgnNFZMOcb5T=3_Dt55 za|rI5^)|N(PJPoGo|z62T;FNX%+Vx8*;Dc?CVr#aQ^L^hTbfEM05tN-or@$!dDqEv zNmlq@u($tgd;gEOEywilc7TytwLbuw2>07R z0K#llf0ywpp|~UQhlcK7<;knO+~V&p#E{c3pm4?bYW*Ty@drS9y))PNj-bU;E&Awr zv{kHBSXC9e=&q{cqoO$h-?hdf8R2^ch>1-%z;@qz#JCoUulr&nX`SlP7@W+gU?508 z&CZE+OlGIPS-W$kRZp3b8uqGJNPV{2!Dxe>jiLQan4*>i7E^bA9o_wPbk8+3 z+lmoLsrmPsz7;kOean`!f89~Sk+u_B_Hmsdteq&-sW?DxY$(++Pxiy|RqexpRo4=r zThC3+v)La7=Ze|0h_q~peafS`F=F{+pL#|Qi;|S6BEQM3Te}WRH-F5LlI<`QYIDC!I!Mdf zB-z3&Ypi-z!&~xAu*H`&-2Ndy%lO5<@={mts|D)ULUSu_ZWGe2UbMmpH6_AFuH|Ym zwIDK;x_hPsA=|BD00Mal|GmnvU47A?-W<}qlaN3;wZjVJE_AzNkS z*f^z_fia7T4@G!!vT-jqv8-Y;v63i=-f;aVu}bGU_~_WGsdH1x9yNsfUgfIvI0~NY z;1mDeX3Bwik%f@F%3|%z0QggOY zZ7Ub^CDQt4NJ;#m%llY0zK7_%_wZBeB?7T@H#v{i#a4pflNVZ_r<%^G!!x=Laq&59 zMKzF9OcD4fcz~UO^ma0|qLuLNEy$_U>{)X(Rv-2i&%3C~appNZ7ciVn1s-Yn*RcwK z`Ya7iuc9jI>GpYFu;_GeVbbqoba#t%H?OK->RPF*oJ@AsOQCR5uE^j#A*$@ywzlR1 z+elxD<mQVzLehE|+NL|sS6_8_KbY(Y zCUoS)MQVRkG3CCr$OA`JvK_>~lMbc^53T&3zVurf(|`R64gN!IQ_B4ZfF8K~L#sxZr91y!8* zC&etw0Ie)PPji+yfjsM~ziL2vC*L`)G2nQJx0DP?vly4yxKi)qCkEWdJkQZ5Fa{`F)C*`7yPBpvv9U# zvD!?f>!(6o^{;(lzmpzcE7ivOUZpKY76>c-{J9<4f>8-O>%8#m4rg=}D>k9P4O(O} zej$GGPplXDkn=Vc}P=`L?*LjAt1lt>2JqgDCR0`3uu~F0qW=f*Ijt9?9hMe4*1|-RjL--rv6ftOh&VV-nbs^s+3xCW zLkdf=pm5ta5*}4{N)3#~%w9psg_IE4#f-1#C-Kp#Q!Z+c8q%W_kxwXndL<)cc9dN!;}W-~2pe4hI6@Focoz&72+G!3X1KUB zNv<{zD{nv=VjkZjXLl!`P~LDGft9g>){*)Y*;U>H-QX?s0fr0qlFWF0&jOzfETBzQ z7Tq=rCW!V$Ed-F5P zD*aXC=**PghKdxIdWoQk_&zRM$MR!A#pj#DZ!5&1@~k@SX2lP&bRvCsI&K68k~|KB zl}8`AZA}YO6qK5S_cjeUPQZ=deYhf%t8ncxq+pV-iv5EDCGNSidy1~OQ;|CD$+!06 z#P<8XQaGt5aPc!4<<;TSa2{VmVO#e&*0DbX19A?JvrX&%R{F=21aUZm0pVvcC8!U;tJjVjbdH~f}TGPGMHi_0}T0~VC{u-I6|eh?#l#XPTh*8Q0%bSCG7x7wCJU7#NR zy3~7He+k9D_7UHyR55_c_pysdMh-cFuDMaX&A4Z=Py#pD)_*L0|M7?tKik-Srv>az z7Cb@X!NqeU}!rh5z*JnsJi@ci?U5k?BPiuN+K z`Ukc@0H5{m4@R%JAj&UHk5?9*SndSCKHntW9-Oh~cEUza=rlMbOLHhKMIJf~eb3Q(>TL*J1x^p@Glh#Ovh=Vf~ zd<8kKNkTV*%L=fC6amD5?2IqbG-3>qkbKpDyX@$%e4X*3C{bh^zBTtK??EXv{{zJv zDj2Hl4}1{KDIAl48x(_a@wi(ITvkhhpc zo$!ZdS@7>bDLfa&XevWJ65nJ%mA|QDMf@g$guS736TE9^E?7aS$fb%wu-|}LsB6K= ziAX<8VTosxu#K9eQ&?)3wN_$Z@&{v5VE8Y@N_Enr{@1BtnG-J};;lY{K3#?-7m~J< zJz-7OxHl8e?GXl5b)2*z*b+Q+pS}muc21~Q*2VN3x~IhdA)RE|X+wbP5T;@$1%T24 zrL4&*pRG-;ydBeCkSk5sR(qVo^jb0%4ZlPy1r}Inan$ojS;ui4zpjq%ajsf`p06iy zQ#v%V%pw_5FE=$PG&{qa5E%lz&%_5@uv7if%cfvOc14V`nb8+1o9s?nf#HN?62v1q z;YxRi5JU%(RfBg{{N~Yf5t0kzn2Y}TApTwA32 z3=bMFqQ~yj>@Yu%+LkZS)#1($ye~m96?6O9*s_AFg*=#?t9QpoF?#P~C!N@1q|K9{?3kJLbzl{SpOaj&X(bVfG0~^la~6!gT#74L^w|K$yr_RV^sC`X#NW zaHkGCqTP@h8>55{Bmq?ak^ISB>UJ~{66LE%y`I#V<$O31ydKFkUOsPutZgD*bX&mN zLn=rN4DyTt8Urq?8vV8_ECx6X1G&E;0ZM*596uG(8ssC@-}iCIK^7c%P+kn2Od3u1`T`I8BGQFDu5T*9IPt7| z@$<|Ddm%(flpT$e^3xU<5OcV=oI*>aP^AByhvjHEm%V+-jOTGF*3+!cIE1||aOy+s zoBZTz{5{LL!3x-oR(wcs1xcXa26CbhOh^-)ol0wde`2|Zz^f(_j4uqPHZ7-w5y&?_ za`J@xmI{;#46x~mc)ZkIpDZUGwrY5E=<@jV&1r%>%Dt0j?-`mOPC}k;usq|IpIpQs zmKV}k9O>*%;;=fXs5aX&c|wn5EJK$KZt*c$%By@E|MK!O+Y?4My3bN=u}s_7zDCMl z3UO$YzcA|`G&Me(@TfnsjVV0t=Qo%&{JKpSSnRq*Ke#*m(OrdO34ffS7_KGB^~3WD z-p%Av>c!gP+ye-%=DdyRensg@8+f~l`*=cqWq1h`jf-j5(uvgQDwBIrCKB08)TwX2 zhe&LG;^Hh*U0v9lFxPAy*buy| zlw|YEef$^Wv{s<-bve5#hBM#1(2adYw=uAifj}m3)3!E;OtN-mg-A65ZbvKJ4@maa z+l0dS(24Nt5w8TXJYaaL5#az*e?N@(Q$|$cj~2hR%UzOIvOuJ9i>*yT`iZ%|2S=Qr z-aRClG==5PeZ$02KakvgwmciaeF-l4#ccY;IQ=P^`4_W0BA@>P-NHb4^-*AH*CbrZ zhddDjo$J=3yGAScxSc?CW15Lvy3o#9hCo(?73fYTZ?#bNT3@W9YIjS6Y zcsF;R1k^^QUu5jb~ineK>O=zOfa(j-f4qk|OgQmhzb*s%(cl!~dA zHOf?6*iNVx01BM|(Ky7;FK*r^=LTE-;Z>FuJrrCYW4ab&QMiFrb5#MS{ywMYWsP!= z(7sxFO*lmI7j;o;Lq)z8TTA9scO)vn-1-;3em{hiKc(<174jEStU)cf_9r=?lL^94 z*Az7QiF%DFD}fMQ#eBA^Hh)t47n&i|e&fg3pQu=YzGeu*5(hbHKK>^h-|i>*-!bM& z6@r`1yQlqyDXYO~`Jc}IGmQWJ1c|Jp?lpl~m{R{`KK|q(LgrowTyK&vd#~etniaxS zs^Eir<%{mBxb-LgIWI=l|KG1`FM7vvDj;h*7jOX^rSUgK4k1i6l5bXq1s0|qZx$f# z#WyXaeu2=cRS|YPQ=5jn)oNNF@;vyli>g{^lHje?4CJ?4uc)$N*o(o24V7_o4(KQa zO4AbrL!$zN?_ZC;Z%A6xCPT)Tpan-~@}F>l2@CT+9=@(kX%oeWce;QsuTUsoDoX0p zl(Aypf%=lWWvt`Jbr>}WP21p{6cFf$>@dj)HmVLMCuqaOH?U9XliJ-^n!oYin?o;O z)c#gK(Zrz{@Qmny5j+eN`T?wvvlq2@tzLzz76tBmRW^vst($iCrhO`!6x|is`16=? z5=57luehPF6JG%)cZt+14bkQ@q!90ISPrjW$iUazKIpqVs$+t5%5-PXHEq~xsn2aw z&E~o>u*=B?-;dyJBi!QEPB!ZNGx^(kE&BOhkzWORbcNt=34CHrm2U&j>>Qffn=mK5 zsV>zPfnK-8yKRVZ7SkVp63C6fLq*TrPb~`yl0ah3&Jw}1QQe9fMzR15}#c!;RM=-uhZIk5IEVBAwH}q zWT;2&e?{c0`x@|9&eeZ2krdt_EoS813(8n$)V$oB)oAm0s_VC^cYwk_6Ndj_imT;i ztiCV#6Z7=1xa3+HA%4OC1R>6D5zL4~`}jL6_RkRV$%3CGp#Ss;d3-GWd)oVdM)lvB zISQ{J)-(gTz`W#Br8VS0ny!uLqIz9O^i^lr>IDe3o&sDCE1i8=9`zC`|SP`@!zj9}^{#dG(%tLLW(pVH7V-G3ypS|ufE3H?MNo`sXg$-ixeRdUI37qE&*^?8 zU7zXbc=;|${!c6yTJBu`MVLWa@oXQT0{}%b)Ucfy^k1^U^5$HW%~s8oOd>G?HQ)`H zqY*reKRZDE_0Yc4dmGFVEukU?Th819Gm!*v#F}u3V~^%ghXf(sMM~tc?fqMp{gF5 z{DskKqGn!C6ZYG9`zFF~4O>4=XFx0%xTm=#y8ME|{qql{C8HqJXwEYJLS zL&z|E&a_IEq5cc6@F2iKNyqs$B^DJ*7zBnC43)$n+0@c8*%uQFQgOESv&c&rJ9%G~oi z#`tLGuU1yPr(M(B^4N?nkzAxRj;W>2-AB^}oBafgpRi~+vF_Zd74YdVP%t!o?+6R^pu6<*lq^V(K zluoU78*ugxwDDick5t;oobsRbSBc1T&vn0SZmVgO+XzuR7az&W+m!0*w3xw{E{s>Z z4WvM^)v+jQ1lJJ{eesOod^dSeyxvr)xxVA(J9DQRy!Ajuj(3E4BMj?lnN{5W<(J?@ z;cw6SjDqVYz`v**&F{*J&E=);LtN&?sUxa&zi<9OLJZ+5Z1;Bu*qSwyV^}!QG?iz+snT&SNAhA=YJi^v#&N!Za3$18{ z{Jl6x5vAo9U*k_*td**qn4zV7AbVMOQLyEe8z|6G@OvYu=t(gc*5K-RGamoFq^%#> z2^|tJ@EV>Mth{tBgX470Qk=ZnG|ED5@crWob1Rv_)mFXCA?#9bdi5MM&}0EIqBoWG zMVV0vsXPCjn#yO4NqQ|yIVP>(X_+{+ui{oPgE;H8u|!n>3Q&P<60EhwU5Mt*haZ4< zRY=3A$?-3ah%laiAGDj+qn&a{Mb(11op<*+az-S~@zhkR8MDeIXK%fTR-nd7E~hQ( zfLC!r?zxB_%@y-f2npg&N6NL`pDVxR-I&-s2pZ;wWMU5ne7(AU$y)Um4>o@fog070 z9HnEd;nV0~ek;(`B#$9GMlX9X_^X=geUD0v|8BVJ;D;NZ?T%^!_;}a+5Ex5mpxKk` zv%ag9o}$|Kl0eax;<9m(3CiFzetRYVBi;lQ61mFi7=nCQ%-;7J+r>bno|sm*&dIR2 zRM$1E=)N|WY;U!3v^5S`L_+7mmTrLkFk6Sk?%d(zf&hgp&KrmMT7v+?MAQetpiL6=Nm z(!6`&*JsikEAS%WX_H}8ZMm||W7cvjG53P9mZ(j7oSTuy``rt>!+I4c{UnT&WMkG= zTRwBTANb`QYGzqVd7F@Gi6Wtsqd=3m5AsGgVXHTe&J`(fL#LUbSro(aO%v&8+fX$7 zA$PTuVPCibo*bq*?xRZB35INq+v-?sk<-*~N9W^^j4*U$3wsxzagE8!gd>yc>ZIj9 zpZPvnfhCCnNj{>>VPa;X(EJ8-Posi)hN0|?1^Vm4k5f3=NgBQ!BOU`QQC;GrOT|^- zH7g0#X)A~B@s$v{STzn1r9Gn&YPCP!{xm2vxCGq`g0lENuCL{LfP>4dfYfbLCGqUu zE2`R~djV>gihay{?&bI9DeKQ8r1#>6)Vc|0C*I7{pu|I=0Xz@Qy!}$MxH&ebtLvn& zi20njRoNg|BY;<$Pe-{?ULhyXP;-{noLs^D+_Py#8Oxw_D$BM9`U2Lk?a!ZaA1k%4 z)Ti*uj{?gb-v+!JJ8bG>r0{jH7q^WyUO-oT*1DEjs3~Q%aww1b;p|uibiwkpwir$n z5o;ti)bfldW;)soMnQhknjQVc-c(-x6(K1j+08BJJ?ER@G&qR~2)dRj#JKbn*6lU; z(La@}`u=S-XP@pTd2Cf-d@2MgKDFvEY=vRu?M@?0Rrj~{{PQ3%UCLl;j_r+#TXR71 z_S8F#F&o2*rZbNqvCifcqWt7guRdYee$Ur%*pJ!Fyve_Q5aC{eL8MMWev|9~dfG4({<}*qkR1fJQ z2zv_30B2X$S=?ofX@_kjWH4KwlM+kb$|E#uEstM_8kOwvq|R}M^caNn&xV0C43oE$ zj~?k>@?o9qRHx&p> zWlcuOmY7nt`ZZeJoGd1$Q#j3~Zf(8e`L4Q~|F^u51U<>EQgH>E_~=kXZdej@Vjk67 z4+i%F^Z2Q|rQ&H;orF17SUnY|fdIR&$_l(*6fr~0Y87BQEuRY=i=+nJXHj1z!C+Y0 zjvoL_lZ2QHNd1}Ca%U5b4eGAjy;x2IXADF0tW#N)W-#4xZ#UPi?RcXFXD~Yh{IPoV zbXa9i`8cGMkUVaRm1MIQ?is~-RO_H-Nb4Z!mx@O8!}xCn3|IE$%3X;}Ltg>c4Y707&P9xEZA&=EH%N1>>E&r(Z~ zvL1@*-JAJ@0mN($IKJEKp^y4B4pl|{&G6_!|GBT*0>jb;= z>b-bX{-T!}24=vso9haOEohac>G^~MX_b!+$?C%~(~)cO@U{IAr%?%4+6RLe_0+Xc zO2QlE(Ti5j=#kRLm;19V(iRhaWu{VDiq0W zDBELgRu`vD58>RsDd$~G?Rn2=myH0II6mLj1&-wKhDo|+L<_Ch4(2_A4o;jm3*Zjp zS?^CARVz&&4xr{=+6M#n^D=^k{#-2kx7+_WK99dCp0&*A2@Ow=@<;mK^Q!dVlCECk zxVg$8e2!49Pbc@TI`m>ak31c_QnIfoTLT(hQ9?_Ux!AGYF|%^Yn_!Qn0;FukrD}7` z;f^#>8Q2M7H52rR8=p-hX|{cx2;rHwU4ge>HZf4<>C6?zTzZ4@d1gKv_Vilh^aiO~3>P{l#URNfT1$++OoH^8iB$($yMPaP^#2|Z z{&VnMjyugA^-*z}zKP7y?7W0g$5e!U>xS20CTrt3iRK_YHJxM&vtg;|C6&ys~&@ zWj^Q*Lg?F5jhYv8jSKUXvhCQ>kr5X_BZc% zOAVKNp`=7ZU04=f%Z{xuR4aJi<8F||H=nA}3{j#R8Rj`RY8vJDW;z?^I;@b!$tbny*~vBD*+oOeYC0H?DugW&mii9zki2R%gc^s z6I)S%=d34OaJEMftP!jl%lUHsRxJ{YxbtOgzbYxF#mOD3cr0-;`j3b3vuJy{iD_-rqYN) zYsKE3TYJ8T#2yuHM*rw>UlC1QCnNuMTA-Bl29b0sJ9yjv){e28pL^wzc0KS*%9oW< zek>(zjK5vD{;T)@i;EhMDg%?+_o0BLf2jMJd9{Cmmti3wnQEIlUx;In$Ne-xN zQDBf)sWRz=`H)S%wdF4D-46g1o4*^m<(-!9vKITA>(vXy;uzS3$WR}bi$XQrsk)R< z&Z>9xQ{&Vw8+xI1eHZ(5A?6+mj&51{`aAj`YY=WU=ag}upzGC73g_SpmR_6;E+xQk z;Y2R(+NR!`eE@tUm6CeEd-r08gP_qrpJBmCosM-*+Ax_~kUTu|2VhdlsL1>-c5<^a zWlWC!D@e7CTCo13DZ&o`SclZ_p&4#hkI_}5UQ;?+vb!ic;dyFj@>8WuTm1K(C$dp{ z8+WX_?0V6>UR#S(I-O{fchTGw6(P5ZtmBTv;^R`|Tg^=gqLxTU(ISXQJWgBX^n9kP zhtj9?hm~A|9jSKQFEW`f7T|$M*{5_*QcDnh5*>*r{|XO@@Yx2${C)x0$nGs|!BhH{ z2S3kigU@VUdwC_iQ|xl`5W#{UfLZ#wK4D8EtT9xIf_mxO&BVZ4aW0rnka zdb<9?MxL#8rMNjw4eDqOky14>6XzEZ-N}jwS^tNiefB-yJNKS*@BQ8w@7>K9jIQ+Rs;;iC zs_w2i=kGtFfzp2C=j9677Aw$P_-f}&mlm;n*#{pK9r=V_?#G8zx&l%|+)ByDWLg<`pL(>RHa6XF#Cem3z+ zB*pa3myl#)p>gxh#Jp6rMGdZWwH>M$6!g|uHlZ)mw!wO(hkSUNZ);?j$7YMVjf9?z z_+3X!3y9=CXzWs*qD>3jR2!>8ao7@ZfbD-K*Jl}ro-=CGmN(C6tIpw`m>M{n1>j?w zuFcY7jgn82`@e%I@Wvg`VWv%HeK?X67SxL}SPW$VezZOsDq>0oL^)ymrZ~S~+R0Yj zTzutuzO;)`Lr9Bj`Aaq-y)ky&8zhUGeA5J!*g&Q@dx?B#p8?7OWW1!_IH*p}x8Z(1 z^ll7p444}}x1Wf%K7%ndWCK0Psa?f@`mYQiy(wH=6v@9HneVV#{><3b$oLqg@gqH_ z;?gHM4yTv$3cAgvS=4Ri4Fxq@l7vh;$N14q31-?RGql+_VkWqOidiy@(o$@Mr%Lvc zN?k%_;057j^ZkjBvG1ixzCGdI^*!!Pq!|jR)Gno^-DA2*SC!2-H&<86Cs-^-9#)oQsZY^ivZ$&owR>tIst4rF&i1$X*nF2MqR zSLDOe(c&V&+W_C$Fu3gQx$$?97dGfjQeI{3OxcE|4qr1Av{Is+cs01u zr*bTP!M)!!f8pRDb$9_bOf)jIzAnOYvsO-qJSeJcnxj z?J?dELe{M!i3OLFFPTkdQCq)k~q~8h=|NN`d&#M$2DKS6TEUzec^r%p0nlp;R(AdYt&<@87ce4pkyTW!ZNl{A*{RYTOyfMpCJC!pxqVkz0Il z*`Oj^qA2a@L#&?7EwCSl?_lO~gY=_;R~$*PB9e{7C6NSlWOqp1EkP3xOFEN}9HmM< z#Wt3@CuNJsRlhQYGegB8|SF*;8ojf>$+PZIUlWmu&s0-Ahk$ zP9eqT<_1m_(A+wO2;a&L%eUWfxg<~Ys&DgJR@cT~N+P4}R@S&H6LXzvTKZFyRgFcs zLWB=4T;oQ?upN8zyWYz1$PR$a{(*}S%)hHH5f}82#3lX-TgdPsN@jM|AmV(pkYx@|~JiBKKa`BeWMh(2tEkK)&PHJc*>8 zbjqQv)fc@!txujVmv;!ZW3o+aEa&Ci5Bih>T_cTX<<|6liE;e%?x@5Y9W{>K21D{x zv?MT9N2ODqhx9$+k#Rdtx(81(?F-B)j(uycjMo2X@VE%YL@P-#7bTwF;(&1h-EQC9 z!qT3cR_mcJq$?_w1^F>tWTe7g)pm*5o>7D`q<<>p!9;NBXIMVC6jVGDvk$CrI~>`a z*?REJZaq$_U-T;APB!vqoZN2~yTpCI7MNEd#(%LsNhc%dx7Kpo@zBauOap5;6^d0y z=tnr*_nA4WOy^l1Y+?>oDb*fRs_fP%O}%p;z-zR5-QC9`Wh2F@%$zSqS{$Cgbu_Ok z9%d(Ae7YH-f!D0X&VIP9slZ{-yIV6QjeY$_wF?P1RKm;aVX4RE!D_WwII${UMX@aX`^2>4z-(8A!_pS2}kFv z>yi!Md81{Uxs^gX(a}>Lx}b>r>NFK>!}x?@cq3*>~^28mnIBDnS(;-dNZJFO!_Rp_k;wfeoPx ztc-i@w3ZyzMHflzY+i*kzY1GMV;5p#&IEo`w4zdZ+Yz4g9Ii?DfbY)KH3aEKl0coSn4CQ=fdGXdDM=1Xp zbM%u`s}zcatF#yU#$^w>Z(A#Zm5Pc4_O&!?Wz{Iq}84NJUl7{OsF``c()c!m}7CDdC{%l(l zK}XA}pm(SvMhoBW^N>B32NP;I>Ohs)`Fn`hzNkTAGHmC;&c%jeWPfAji-_e?u9n2y z^y@HYcqp*QL(3Gf?wcS<0%Iy+_XT7$mBuS8HxCxGT#+z;welrlR6UZx4B=sSZPy)Y zNtHwJ&_05ZlgRw+;WtB2hu%aq$G7HWrzj%q#zGrVAIfCJ3+j7AML5fUR z>Ng^-bF>gyE|IG)SjK`ky|0uM@E?ti9^fSAmz*PddAHZpNK$4#2}VCoh1fk}l6ymK zLtLIjuLK_kAxwD@)lMo%xZ~v~vdo92R^wN64z4Z1RxecV9`2;2dCkBsU|ShJZj{h9 z(fAVK%di%W0#|^pprfsH8F0tgqkcMHTdVvps2g@v1uscgG%GH z$3ZmAxv`QH%$R|uF&7Xx_z!6dH6Bw@m<2~ytim;;_INCqcr@pa-c@+sMF4yym{0`E z5kB+>VTR1?%&_w-WD4S8gP3{D)Z*YzHsafF&rFbE{Rd9mH=8 zfOHQ69CFk27>Vt@{0uL%r8lr;Ysc-ekf3mIY>#SLbjd(9Y$DZS0`qgP9 zCh-`jup8Jk5Y!jcc4NmwoTw!#I{w;6;4pP!xv8^Gth`jD6r z`SyuJy;16yz-&~X%05SsrN`F+X)EOA!g>4>w$}~bJZk9Sa-Wxffhd46?aS5Vetoww@gc?3m%6{-$7bo z6+qk`_Z0LVpgiqNpf^J#YF64(gr4U{(j}-7yt#!+^QM?e|J#Gy)M70=!cv4}jrXDD zx*{3Hv!$QP@)SYjdlch}U!z_fWoRVM3oF`FetGKRtr(I?cT@KXKbTb)A}eLL${PS1 zsgAxlsw^xVFJ9V;uMJcpt!iYooZ7rGuMhNO`o`-E;4q@(p_Ds!Y+&2n7bfIK6;?_3 zNixP9s?E+Vt*xWfJivN)seOA1Xvr2T$ex>Ow!FYSp}bG9ygq2TJp2wS5t+#Wyy|v= z$ouc0n{(4Zo*$RhF+^1I=ly4Hf6Jhhm$@_E;7-lH_U|;#&+GQ*3T!bv{;X(_=;CfH;?@rJOZv}*$irZL%r_(i zF^cVLiI5*ZD9bXfKMxJU?c6xFEGkaeqbjocObo+v`Wdp6e7^lF_W$Ik22-91DX6mRNYQT+Ig0Skcys(L0mn zkc#-;oPjV<%wm#8Xl#u~Ii+_|M~iQ+mD`JX=iHEBg2^DrdD44=#4#{l=o9r(?n_rlnj?YEB42ccCKWH=x6F&pfpo)#@MN`}LaVo^= z3i%=MtuDbOBv;;&m8rk3tO378DufBf9H(XRtnI?YJnMJ~7gj%J_Z@`lwE5PJW5PVf zRXw{_MVMQqvZvqHt8{H_o=+EBlVh&qahlR#?J}jQruc_@*9<=efLryi3Dsy6X zfwG29QMK~p4?3-TR-!9+$x3hGX6CA57E+BED8ejr=JoK$Vb*Jov{<4uH0DVj;91H= z930cmXNlNE!dr-#Az*HaLa6X~_byV%t2t8Qb5#4x5;MovjU+@~dAWPiE(d#UYx!Cm zfE|q|V_Aj=%-T%+-ahtmd4DXcx~=ArYCIX^@M7{}KY2t5t)SXv4aQsO%gP-!P36+_ zITfDRTp@d!NG3-YjkOL&3M@vEPSkhLQz781=TQFHH0^U@rTUYWg;Uh?0W-C&1owD! zU;&loh0+`GEK9!y<&+uZ;4o9o=i)(cNA}OIlDdhs6NGmGMPa=IF|y;V2fqJ=ljc8i z-u(0azmRv&0puNXr;ri~_2Ul}t!p0{DVOu~oyM0x4duFkg7#yz!U2C|vOD8jgP|;s zpXMBgD?pG5u!f+#{yhOAo1=9j{$(J!=t~s^Vh1CkObx5wL15?=lV#X_$?dmcShw=c zQ6P#BFbxry)tvz-4Bl0VX5NdILvP`~3i_*!fDZLnKPun-V~Esq1LiQm@g4^u1s`btnV`N$1!B<5DB#-T1Yk+B(T)B@EKCe&_KGu|jizI!uj`+tmLTg5+9WiOOiOJ*3pi3a0febJz0P zgWw9LyCH!|5$0uVKS}x-9_q4ETI^sLiH=trs-U`DaRH}UPn4O2uxWPtp8km*rxoMC z_8uiF(VITn)t&jtVxi9Di8-cnZsYFrqNQIrmy@D>rGv$9N4w86i6<-Ee_~O3e*?&zWXAjdeyw2E--^q-<>Ec<;iY7ca|N;uU?g5R z`M*VSQw~gcluYtWbS}Di7r*X|iQ>`N7+_}(qzwM}PelL1{&vh?o(^`;LJ?>ZP+#do zS#bh##747!i^@ZXVMdn~)e&N3&xi`g{j~0~|K3{qPf-oz|4nI%M@WyzK=w?aN@c1Q zY20ZihiM6N6J(a|kq4@C!$@7j?yvErw%<38T2Q|Wsb+~pP@f}CPeT>R$oROz`ROwK zCQLlWlTsru)Of*()}f{aE7v<*^3Qq!|2j1b7N;mk)q2V#PZ&1XZeOVz{;3Og27fgt z$*uQ6i<#@x6H3}0O_cXH$kh3drKx{v`*MRY!d}-HxPqSsT3%hrSL!8a?GMNw$6kai zCd6=8p|~#xQk+%ZKx^HKk5bu(`Ry_y*V4uk+KeL5?qO; z;$eVSJ9k3BhVpHGSFl?SYqFz7|16H_tGs zh8`I}2W4ZXE1jQZ_{jRqxY>Qbg}oKmXtYLW)GU2ODk6Bvki4hwZkl}vFm8@guf~%F zZ>a3M_j(N~8`U0ax#W_XOXadPZ0U9s?#ecYkoH%Hy~rd-&=Wv{ed7g)9i}539&Mc2>_lJzfSgF7bIu$zLhcxgS4!!nAv@Wei$bbl0oB5_WYu_0a0() z6|7yKUN0PO6ROLd-c0#a(6UQ9q)k7eDR*2%O;V?FxwpH=ZF=4=iR-5z*SqBOB<*JW ziB8Jvkic^KS6+lT+ek3U`uVaBzd#Q)CZWE%lP}CHNR(=$ z4%}_S_<>t)s9Ifc6YSH&DYO={A1!nMx;)f4Z`#;%!Nj_y;t0xFxC@5xtn{_bqGX0u zYPscJmM}fTdK}tD8p@%d%!+KkN`N{TM3faXRtli|*ziP5=f;?JHHn62XB(V3`zSd# z4P8-9OA3q~T&ntCGR|uVF(LJa!8bfaEIBFK+p`yj@EXrG*Gx_D__)6sH!PEI+CTVK z6JbQW8IWxQf}(3xd7}n0t3!C&`3PUiEj1-pbP9Y%M5)QUQCdsEDT|;o05`PJG`tbv zokfjfwZ}Tkt~r{FH!XeGALqBW@Ot~rX}EWUOQ57!dHxV8rfOk}wDuJOJKcFcbM)wY z0I_er?{hjpB7%k{3VM9RwyPSjvLLKU^^Sl@b8&#NG9Ov=nI2h2sMxkzGvO#{^Z2Ve zzuwVJGlNIqSg$VbN7{|eogutmCy$L;9F*nuYik^$U)R|9vFM5+xv_UpiQixg+o7Xp zRh?<3?wXG{wk3pYWEwCu`$ni3GWatv=_;;1MnBW)PyP z-k?3C_MM5lB$?PEHpy1S#0YVg@%VHz8NjKsTu6ReC#3q)I3sX;`9H#b|M_TwLjIXU0ol#WchGL`8HU9lNpwQ}s6WKN|FILJw9LYHP*)+8U@+%z zoN=+oKqy+=zw*rd{n`1S+D>J)oDY8oy%Mv9mZM${K|h+9yGVQoX`-H>$MWtH0#0h* zL0hjw(}zQ)qM3iOF7gciAW?!6%60v2b~V5iZdhZ_ScKroc=Yfw>n^xJRBB~hym&FO zxCywdDfR;uOrb>$Du}vmyHj~tjK+=JIz|Yi+hsJtQx6pe9$tIxIp^DXJH<#?=FRgn z?`epR;AdWm;RRs0#Sz8m!g@tWn|6*YSJVNa(+yNDJe*&`ztMsi)~sB|U@Awz|VA2itVVALRKj!UDN6qE#u$PPz5nI3s7-lg4A=Pe#_ zK=obkJ>thl0vCbEWw*arMMW%FQ(xgGfE;A=Y05?tJ-ro;s*D?^n|QHmo8iA@RlxvU zLxT{f$VLlRD&vwwu1+ur*6$hsIkSf9o!X;NMBR;C`&iu85$fj8N;p~#caR)edbM$6 zBt<-=@}5hma&x-M7_jkjrEw zCuwiVQ4MBsVBG>O9pm=HE%pIB1sJ8j387~FEAIgv1qLdZ?lmpik)mUp_(vM!zFF z-IsszsBy#hUg}a(KBn}=Z$saa1d0SQ7ODu0VPht(XA1M|pl||EXbb!dPpP?Q_rGB_ z$#0o{)kh)G|0hCQ<-<@N!QTLtVSgiO{&s~z-tm{jzvq(uorL*2r@GXZXU*dem?+P0 zR8Nf8zpD7+iP3!6-tcejBJ#J>Wc_NQjMo0!U=CAe0wE)TRqG})T@!7v;X0tIXs)w;)p|!ix_#OYZ>%W`hY&gj7BdNT zpw%jIxGs17h?&&*Lqb4v{rXV=k>U7Bn()quG%5bPVU0ohYr` zwX>ydmv84F+U;^WXgK#QoW>e8$DZHT?BO;r)Rx31Eh-O@MC{*JpPDEK8p$%&l9$$7 z!n;JU?eYzd5l_}7(qTgOE+O~v))>A%6&?1j#Cai)od*$>205R+QGRvg@4tV}kS~nSmjts=d(Q2)%hA@RjCQ51HEPN5Xq>iq220e8B-o*bKr6~KqN|g}+FrlLg?T+B zCvDE`z`)>D50*^t6PfTarnxYzsFeGCJMdfsGNKb8!A=RXzim}WD#h!*+*O$+^F4Ug zIF?y=RF#Bc+&j8hwJKVqU^SA)4xi%O$-UFmF)Fv0@WBTj^~} z78{ltd6E>`wC&Ymw1R`PuP52;QN@1|f>&ZS3f(52ubXe0HY&+6t~qXrzmP~w#y*)6 zZw%L~X%3HtuR&6U>Gj)_&Ksm66FwSP-%klP3hppl!~tWegxBF+;Odp|nF?lIMaqwy zeFvc|ZV#)^sf(eex>xwA5`X&0LMEebygQZvZ>n+CsXxxF&PjuGa$ea5>ku-ci~zT$ ze`4k0>PF=%J)SFbR{iaJK9K*Gp(5>@rm#eksmzVIl7;X7XC5(MOV8Tw8qjU0A;@PwFP`&tyLis z5dLWd$KA85`8staz;Hqbh$kl6d{}tt8F{#;DzApV3k*z59C@0-|c|doJq0RAi z+3R#;)pAI{+kgf0)pgl6i%es|@SvVUtzM-~)>GJn z&Bf18O*pc5fsm2Vo#jNu(bd|T1nm{tK!=u<2K8e|3yOw>NAvUg(UPjX%2w)0j+~U<4cCu*H6RQvl}!Xuto`buD~HW?2M&kW>;)&YF1*HP z>OEF;dhcQL*Zm?0{3W{&S*?Zz>@je{c^n{w0xSIDTz)(xT$OCH(4_|KCp-10FVLSelR&)%@ziHJ@_@@hC`cs;j0I2VW;0ht7TR=Z!r~&YZ5Cl9T{*=Dy;92hOV^XxNYPq{@ zxj*CW4EtNENd5r#zag_@jYq#nhy?mJi$jWtBG)rT?9#|`U29{23Jih&_kv3Q{$qkIWnKlffmK%81Dw(wIjNuyC5>hV36#p>W@Q zQp4QOaeZGjS1VYyEBLt+V75 zxB^hJjH+WW07}-w6$ipM2tAPpe(+}<{0L2lbBz-A7jax$-$4!$&WJW)G%6rRD|#1~ z(|xsaC*4tz5A&KubZoUJFZfHvYFVs9*X*_jw1cERk~QhnH3Q-OkDYGQo$e4`!nXK_ z^cla9wr5Ka@l|({d-4#^MoPNLWI~dqm8lPNpE$;ZILwE!l;lYp+ZN@*tN)hO%s)LL z{_>Uj;VbnIP69NR$?~Dr2P^?$x$~94R#v{TLO*i7Lxg4rbq^S@> znW@_^U~5(G^z3bk1a$ePY`RBaZObvfG2Eo?YK*TWHn^Z4mUF7BPg{)p*e_=JX`DPP zWM02?r>h#P0;5Pq6)}qH7;e|`b>6vN+$iUY5J_P7;5-lp6+ZD%oXSZX3+;~+Ysj|< zjNynV=BUbAl#l5m!&*Hpn4JCATvL-WJ0BIZoNmb|Bv4C&hUlJ*ptn6s9h*>H zMYU-9!gC=x;}KVtwbzi8sb8{*HGX17dZ4b}1a6rDI~>iAi2iRE5zr>76w%~{g*oB9 zFl)5>;PMJjzH?^jTT_II18Rf0r+y@n1CB6KD^B-RpC)J!s)GtT9CO5{HrBIlErz1< zt-V{eJE^QIYb`&B)-KR)Dsm|er8 zu)%PNtB)$USawHQUgCRp95|~eA)OmSC zKHoMqEGx#^;}|(IuD1gq)j9lyg}2%s6jWGb*2Z+PaGB)hXNQCJtOBV`_4Do*LXqIL(n#-cAXr!nrh=#boIAKxuhxT=jh9x~#;+a&R=1!R1bYt$Pe_Aeq-2hjm z>Pd5UUbMifZZ3}VXmmynCvRc8vW>z!STFx3G}_k%=Bx!8h{uqyv__c1XwoFKx2Rf|ig1Cm@sR)mN5f zKOXPN1WOtpFO+u9K6B(o{hC}rotr(&?M+*~#|&+ZE9cqixjJX9tKHEsvwb`78LF9z#=sSYs z>;qM));rS0@WB(qJ|DQI$06trP@1m7u0GPGYqmKBo9>mn$eh1+=IlgO( z7~PcI^k?E)llVbjGSGwcF=Y^ zFmyEC5BMR>JZ%$<#OXsL$>?F0<3sgVqQ6ib!f5vO#O@R zn(ZB-3_>7fak9sYTs^$`M~ot5l&^y`^|qV~6@c5K&^W$tW?{C!X;ZExuIqz9M)PsW zA2f_m{~u^o|Ji8$=k#9&?B5L7T7PfA2EO<}326ySu9m`cWbZC`)lvcj_$5`NlB*e* z-H0@`TK95j!`X5AX&)?acWu3Wsc^iop0E||6Z2!UCSDlN2M8QI z-W`8znHn&nonLY=~H_hf(DD)v&iDdA1m%}ASf-5nELPG|nMEsT;qS8>!C>~*!^-TVZ6 zQ+43{p3uk$D`;zY;vhcQhFy>v!I_?3(cL-C(E&g0Gjy}jn2(pUQ( zqF(6whf=bf*17*Z;NoB+pUr^!!_`i-WdXg1cl8uH6SgV+_dED74t^*Y74818Hygia z5%@|*aao<@29CTk$EEv*j7W*C?s;gZVsjG1dFi?t_O*Uz!-DHsZjY@sP1QlR9!6hm z%Hrr+7jCdik^@;YgQy{0py6m`%fs!P7ZF%{RmiCodsPbzPyJ|Eh8ab_P=(H99aU#q zlsd(}tqF9Z*}t5h72%?J_DnSEGlnM{YOOm_eS5(OF9-~Somch_ zXF?lT>@Nn4KLC#K;cyDTdq3|zX4SAs!Uq85VV*l@aYB>%tgCkI+vCRxValVBswPS| zj#H1B4G>Rf>o@PI9SWGPtHqn%)Aj_z09Q*}YXfvkXGh$pOj&E_!B5jxBf6llRJ59W zrb`csAr^v_lQta&9KF6O`w8^OaNWJpydf^6#gXPl`AeqH4p~{Vxh4$y-PL~ zitng$7OS)LpTp!;N?H|MA!HKf{WrE%PgFd;MVBC{i;(;P9#+0l@)vNG=*?qhi=le9`&?)pvH++!J!2f&*GFA@WdH4*lY zY^uj9!B&VMHaw?QVnhsryH{!gTazwk0xRg{4z8*hQAMQ@QVyl(J(y={Pi$_rC%72E zD`1R9*Nw52nwZIz-3`0bL|`qjsq$_~eCuohS% zbS{UoBi6UFft%-KAk#Iwsi!_-yFZK-^E%*SJ2d)5{4xr!WK-boP*Xz$JVWb6gEyhC zG(0)ay#CrKT-<1hJtvJ;&j)^w!WmPv`M9Nip@_~+l6}$c+pJ(cHZI3v|1L+z7%fa^ zGg`ITwfR=;-liJyG^k%P_*)a>o zbn!cgs$a}q&^zjV+c~T!TZo0Zpwy%t5YQy#TC6F=#JH#-Z6;exfS^E52BUy4#VsT= z^-`(f%DhASEX!pF0$~|HgJpB!3Eex;YAsWn(_)tT96&S!emeg~O~J*$s-8rkLZ zp%9km3Rgc&FmTV}jw*LvNdL2#z5a!$-bV@5UdHrJh4b!j_5&}V=%f2`9lEL&Mpjdz z`>zb0Ri5^*os+%xLg(VSbl{<$s1z$Xur$x8`MB}2?){)|Um@+D4UddSw!NY_H{~pi z;i{tMcaTX6y4Q)jW}Zqgs&?GOtl*#DE&kc`U+*Bl-a*W~iP8ccs}WcZrRGm4d$977 z5nVvMl_Gb?9{sZS8N8c8?z-{oxp|p=+OpTfZ~%-G_{s85Kb7R&ZJkVwyW4@jgZ7^R z&qVc8bPr?TmqIMHD7)IkJvdM=E z9U(aFXkie!03Nj|G}nPfG0mB$f1U8JCjA#XO-4w-4mk{RCqNykB#ZhUREHlQDwuM*HlU%e6!ed?@Va*@mPRCwNGK_4xP}1}M6%f3;=^2h|%i zV8Oe8DegN6iGl9!Zs0oXC^Lz>e9vS=H7*wFZg|&qB^%(exnbGw;fuSxAFC%7*#G-^ zf&m9u-Z$>RnKx0*8nEq@4F4!S{XmahHRwC2e6?g%gw54pdNd=WCfR~`9tIwlF(qw; z3n~Lb8CEY!oynZ~L_Cv}AB5V4?qsWp|Ed(6#n@KWYfg*fwUkygNkpqr zXlvwMkbf&&$ze(vIt2{mlOGKQL^qx;Y6Dkfvdq9!AS%bwJiw;vSN`>&px_@T+_^7Wel1zf%eH{@o6>B>q1^C-7kxY@#Jn|3_8f{drFpn77H4>e5%I{`akX z$QOV)X&LZEA-`n?q(;M_R~R(tenS7dy)Z9lepse_JTAXv?oIxX0R=qE6e?xlwG9EA zQwlKuFTsXY{4nP{1dLZ+awB}t+!6rQ(jQJ|NIV08wTbJ8&lQ4%5a_S+|KDvNA>jVX zM=)4YnhkcXTBhg2bmuJE|N5#`{!e_>3Oa0XifOv|vK5G?KU1)S!*I94UgQ(zm%l6I zL3>9oEtgTAvVq}F!c({O^y>4r7^Qj!*Qb__9T%jf_`t7wPaet%IUST)QzuvyzUfxu zH+kd7?P&Gp`niTmLGdGD&Wf?#($7VkavAkuQXB4JEBR-K_{iI957_5LY+wfA@N0+k zwAS`-W9)g`K6@Y?rS9!=mSAXRO>XU|Jq}HEvenukRxxX=#C#iO8oUWYnhmZ?i{DtG zpj0$KC}&4SaZ1^QJ}ay{SA87&VtbPq|M91JI_V29^nHT%SO+aU=W{s=OUYApB7Iu* zF>Vmvt0y!0k89s)p9%AzyW_kXzzQqP;iMHlIEn|J2&~ zkhi0CTl1Yod1pCAZ|P$mzgpngcXfK)atoMC(vbGeJk|(+=va-|Yox51Y<8BtrE>?> zDo)E!c=%kYdBk@n`=^?{(nrf8>#4hvl^YiVu7q8i((ZI5mogs7@>jB3%grxXj2PO8 z3l1o=ymmXRM|Nt8^%@Phw0bgkr4Bb}Y2d z_A8x;cjE1n#f~`Yv3J-`6?PZZa0fqlIoD8=QPryqC9JDWP*+bLphMU|;$y%04iY~P zLv{=7eUmlUR_^wIS_dM|A5P7a6-zldPx&8UugZ1!wTv(Bl66sL|x{&j|$A)aE zTc-3Q;#>==%?7e{t~>$m*;!4sJj@Z@z3%u2YF2rp)h6t5f?x<{_Ck6-ti>xa z@o}q6ap!CFnXgtGYlCq>kG}AB9m?*|THFcc+^5UwTwtY|1!6hEO(6!4+N;S)xF!V# zTF~rU4vzpfhB|}lG5xBs^%RMX@E3&NF!XocjA0$h_pM+}9z%3S0WFMIVisS;Tk7WD zR2m%;WZNv_uxlfw-dH-1ZJ8{Rx73f`DLP+J1oIkK3eti&Kas!+q}(5P#Z%_XrXE zd$8~5O32t(*OidAR>o5M#}9kBQS6&BKKEpccF5>DKX?Wk47Y_~B2ctW+JEC7 z0L@Vel=0D~+`Xx~!J#|pdHy8*%N;6)OJ0hRkHgYE<+1~( zI|Bqfnlr^=c1^F`oUfU+5EkjKuDOL~74wW^B=tb(8~w({mM6|^9c?=^ zeM9$>&7$#k&~iqOp?K0kKqcJ@_m$99;B3-U8CQR6K5hAce^`?y^@aZX3%J13#MGek zNnVsCx=AXh3Jp}Ag+`k9C;R%C5VpAxSH{@6A*|`vyXIn1mRC=mvaP^}H3 z%ikuAzO|B7uF3s08{FM~{Nb&daLPLS$tSa`HIoPAg|)*J z!6mT!?-z)YaEG3A8r+|z6wP%O%hTqCaO*eVZBADm5YLL_LCFM|MdcEBT)^wbp99UZ zdeK}IsD*qB_-S^-3R`Fh=4yk(msD41{rE}J-#=!(kf-)~``z>T{Y>ZTTj%nQ)yd8K zcMNzG7!4Gd7YPn8H3Ru_Qv~1`?u(+ALzZ1NP0SRmGzE{uS@GaFGaDC;O2xMh@Mo}D zVl5u4*Wk3hnC?7crt09)z20iidHCeD(ra4!{zD7-j+}x8m;rFSQ@}gJ<$+{w6^TNNuvmCaYPKTHav* z2H`DMmK19HGwoNQtlSA$T(2o#J4fGr-#erK9GUBfutbi=&9haw)|V^PTuKLyrQ7G& zYTi$A-8AT5%zurn0)6>Wsnye(x^C}boc+)v6>|5GfDE`7>$cC|ItSYb@R!Oq1ochg zyH$hlZSf{5r_XN?8G9(}{=tA^|I>hyx7W3EwgN_xi3ONW&OpyjosgM{mYs!=k%gI- zk(uxf3ll9HGa(~8JuL%+CLx`GJTMBC3F&!w=!6NG==g!Z6n^CA*RwORw4jrxQ$Iw$SrSYW3Oi?qhn)WVF#S-$Jhl% z|F0p>O#i1E{w!WaTGte)9Nq8L6*Jc{GN4m7(FaC811mifjGKfzbtz6^ibShbPXha*K=wQJMq4&0a1~iZ-ODsTkqoz zXKXi-b(()2>Xd3=WHgk_`h6@S`z#<+TEegYQ7T;~lKzV<=!ZW}^%xBe4JYBmMvcjA zbY*)i_c|3hpI4js9Pw8nO+G&DJ5@U-JsB^|XFXWWJFfyFcPA~2P;j~I^r1#?cZQ}! z?_qu(%a=KH8~u>Bg53~oaj=w$`=l%B=vobpg5}^n&!*6y4}4>MWJPo6c(uh~>(vbR zARo3(By@1I5$V-=Y+_>Ksb!rSWt)J3}| zN|g7=9ZH(G^h;c~VJq%h`ow8vJh7wwQiwL(Fp15Xl7XT}s&9aiQ45dVMT7F%c?QW` z6`xD=sF>xq1~uLKWT~-s-yWXXrGS>tANk@sN%>V4R0#r|ka@p&=WD89Xt>covrPI? z0tX4+FDm(Lq0-0aEvLED^~w55YOG?B+?Y&{NXN$qPq1&cWXmZxOm^tV$czNfa-JkN zc*qg8HwL4f<1izKU5zkGU^Q7+tdne9)jE|1HAjcu6xpEkJ({!Mt2ghWy=7H7m}zL) zjcp1<@Kc+dtW_=S?vOy~k^5Cs^jf2#6o^{I#q7D05dv@xGFXXe!zb5Cu>?RHNTueh z<~9daPLq)euymQ(FL+WZ7sr$+3<#07W>XbuRj>@TjW2cZ(lJ|1_DUTT>qaLuI2%DTb8VM2%KV&rd!?pTxixTP(c=3$AWP6YKy6< z&#B`}IR1L`?L8NpwA@zTzP&QijQSj>0NL2Q08_odblJLWvzX%ib*?=LDX|#>99B!H zz@uw^=x&BpnAW{QhT&a%&vjCXww#CUSK?WRJzZV``;|45)1p)!H>I2p28qm3w8|8Q zeJq^$Eo*D&VJGgCJT$61LlUu7;wOV(atWY z@_UTK3?6J8(Ibn)$;<$H&=dbQ`rWeUuT@_ZD?qB1bObehvwPhQ$M zA|N$1NOyORf^-QC9V5aJLku;<3^P23>%E`n`QiHqJm2s7x>!q=i#YFd_Svu4d%rD9 zi}H(=%E;#C=daks#FiXMGl;VJ1&|qj#iC5UL4+H*jhgvHMGZ_2e$KIAIJ5<6$@m&P z!A#h3mJg`M7E8`_N}Bd|Mgg|&q%1PHTym^IT$n%#+CB=VvR4rz1=;@UQUgbU=!&I& z1CQ*=MxP>|pca!#oW1V7yZn5}PtILKm>{!OnJ}T~2=e0r9c?oVwhG_&>0*o!+qFNL z=atEe7wHls!+EQ*J8;AMcOf=s@dNePodCwCp2F7e8-I16&>(|wuQs}`^6uE35_Mls zvxE4GraT1hvuO+uaoG(!vX1=5R;?mf|19YjLIS6AueNv8L3G!= z#sRHYWi{i$*Z{SygfEfmn|$#3&l2WJQ0Q+Z!S%V?$Wjgo_N&{!+bD`&AJTaE6N2k< zoiV%x>zQOSVRbKPS&86<$5vH5?MRepFLU&-tcxR|&|mMiQnBK3)B=gunM@x#9dNjX zjIL9j-MkO@Un zQvm7dqs+o)T~(XIq@>%lRJAZne%j(8LzCFKXDoIOvxsvK;S%0W%kmjOm>Zn@2OUXnyhz5*P;HirG{}*B&)a5>nx|bw5HaAjv ztYyG}^a2~67J!88PC2EkGJbsPdfPkshGbPlrR37a>Zq)>rDgoozgM~D_m$hIjYR@! z^J)(t;1AkGdOE3yh~w^O%z|A>gdH2>a3)sY2*L^UIP^_M1k zzP&ogea!Kl&z+z+#>y<=bA!QC^+mv@ZB(-jdg9BGUW4O1Qdgfz0*JnZ#KZz#b7c}0 zoz;9XvXeC^ud;z0V8HBf%hK!TNMv#Yd1!c;LD&u>1lg1O_@z8mPwZtPzzG5sLm$nB zK!hh_5Fegi$i4ai1kNo{Q}w*^)Csv$GDZ6H)sR0i_;u{797T-&$8h8vuKLJf6GDB* z?kZCmAYx@M7pbDg@~6J3wkHt^(6x26RK#OXQhc+qS{{_Uh9*Gt(6=TJ2~u_Z&a3sO z9!Ayou=}mDB^_w5gXM_5z-fTL6p!$pn?G^=h?-NDmX_<`qMNOSb?c(;{C=wAU#1%U zmmJ>=F#dD!U;ommv6Zt~VW}vZ@(iQrColFH1P*7$SF}>urY;suO{7jAt$*&H@wwHl z8!#s1)nV5jE^5UKaG(xD&-bFj@u=&SPCb@TCr5cCo!(YQhwa(QZ zEM;weI3H6mCbXYZD45#+?{EEJJCWVgU0`@HpKkdE!wFYA@3Xg|^F*oKuYVU%1<~Q= z08+huAV-jGhjN_7Ln~#H9AI54w1U>w)`^g^GP`|aL80}nd4S?{?I};ZC#3_g1hW7b zAIn3Yy+}=Wnes1&-|77lq}I!i@cY}C9nUq!j z;XP%A6`sg9Osp?mU0sDc>_ca7WV9Vpz-`Ruou;Sj9fBpUU5iT6s`4}`G##y46@)#u z`?JbhhV_1!;mErjRogQty7>5bXzkG>5YgPLfc(_xlq5-9HT)$Lp8QHV1i!+Ztx`p| zu(0r6mg|wqNU5!Yt7#7^^?il4EeMuJ@X&OPF(v}v4*au#POastN6%&O%PF~a1|6^i zNBA#~=aKHCXAyN$Jtz~9Gbr1t9j8q7awvtP3-v1;<>m89LTj@XDhv(aELz9sGTNUM z$P=bjYXK?jzkK$e<$fDV+Wd>VK|M_!KTEnG-$_mGCVng!D~212jVE>H>*bJ3kVSCv zQC;&Upjc?~H~=PntDRA&ahqba9u^1K4TM`SAtok^_cnv)&!fLxUavH?);N+Z9V;mH z>ix3jxZeU=&BZB@Lk_zw?)dQU8~U@`6H6b?hj4LLDw5(MjMs#`;xL~&JH52hVD6H0 z5Bdy{y`7I}XUpAvU**9FkumwBuqU_m-&A&lQ)$sqP>OqZ6M|ZC+5M%dd;g}!thKeZ z?~2iR!l@8?+%r=OV$`zhi+c!%l2n8Q$SeM)-1>2jDWRwcFK zgeS*4w-<`A$cCTXW6M6E&isgbMQQpwv@)8Sh3Y#X05e+v(OKmbxZmBIhy46mXR(3G z(tGK>Y?6pC&)vIQn-S($DQ=1=_&!x2ks9p->lQZE%&#y?z{JTxa}l#7my5lD1*qJL zN3g9f4eO2RCePmsE4f;B^#Kz-hP_8#+uxo`_I351r(mfPy;MxaSyrw|4c~MyMg}&zBK0--bFtN2yz3=^VjkMDb0k^1{7HwehFgQf_c|Cqgo@sQ95iqr6CK;4^M;c# zZw+O`jr{?$NgAA*kYjwY`6B1pQkuOVZY>mma;kb z)Elda*T=8re0=+&=eSy8(mffG2cZkV?#Ao8Gt}lDMP0kwFL6G-&O^KzND>~7OO)&l z_R`S_$y2D*m&(evQ)wZq(#91Y$gR z_=Y_G6ftjTPRMMte}kjHTX6qOa@O^%{dT1!zoiXv(W*b^_e*l0k7XW2O`=)#QKiMo z0xn1Cz@z(ZU<81F<|kgugBcb?eC<*1Fy%#cCLe{2gzk?AePs}XL3^b zitJHnB60po;RpRHmmS0(IqjqW@p}_-9}e*o@R_%=om!vr+(i%I!%$zo#JPbJ>3eK2 zR%k?9VVQ`rqr}5pT`fmt!x>|(K+5HadU6=4g}4^$FId z3ubWPg;wWd^4TisWHI-49l^XF5=sGl!rx=)QDOtP_aK9CL4bm?@|LFo*#t=TEVx90VJn*I@KKVO zyNrVxKxb%C9Tsa%d2VPYBBpA6@CmqttvQaQk%cO-?7js46KV72u4PsP zGYtiYP8l?nY-&)m-r3iOH*W7JXa0%A)Df8s@S3r<=$~xTL)d&;lgy_*#g<_K9)=F>$WXQ-cG}C$eY#` zZ@ITNdhCpHS4o{kGGTGmwQ6yB5RrjnfPR;(*^Y*c@*fYqX?FbVpGg+`ZHq0j#s%ab z0i(lzjH6Cn+tq~uJWl`d+O#8NZ=Xq z%=qeuB_Eq-Rv)OOh;fhW!T%N$&-0=N9C3DO<`FKnXeMB~*}ns=1a#1|Id-2sBrxQv zq*$8iR{vdCeBi3LoM+yd|8q&aA@dti}X8@!9(6B6C-HKFK+Ny&?Nk zG*zI`QEV#W(75P<{(cXmb_WTmdIcJ1(wqLb>%w^){QSexr+Y#?>z4NfAhtOnNmW0| zE%IF`lx9!TYXjpoz7i9pkXR*V7?nD<+Vn~T?wB}diyff7$Qf$yUM}Y~=;XmMwqw>& z=`B@tzbA`{iIQF8ds|ACh*g0;En1m8EA3F;^ODya^;-B!@D$rkhitOgv0->;f|ICk#bLZc2!3J`nd?UbDgBl_PYXpdkT0*(1}oJ#q18<0@&KDj)=`yTg7_19L+HFGkG+i@?0JnFH#feWKZzEt z(mW)%Ibn%U>in{x`Tan9^%>NJ%-+~p>|=19lTk7lEkaw2cMfjvfXaf5AAhxc=u_;B zD!~kPsg&I+1jSMX@H#+SYjJzbq$XKVy~(P3oBsz)P~3cRZ7;e0d~ER@%LO#=q$lF8 zkcQj|+zTn_&Msf8f`-!j9{rHp83zi$0<}byU}M7kD3c5<2l}Ue(b)IpH2Hob*58IO zoaknMyNPQn2x$muy3T-lWU9O~G_i_a#AkYrrDM0vqE0gk_y@&{tdQKh*9Z!yR(Q0+ zF>BisPRG#0MB&E<)m;lPQ&ug1^?OqK5B?vXXkXAI8}KqHzOL>XJ9siP%2_%?oFQ zsHqy6E*fD6hONfYsF*Vl-Ibose3NQ1d7*dVAr}j7zqJoWGD|?~G95W<43$37ie}Tw zYVxnB2s%izF;olj=4t;1JZ(o;?|f9YVoZ~P7At3sY)SLnRSHADR7`hF!Mos4`=6PC zPdj_CtFsjY)80GW6;#C&G%>NRdj7X8#96AoKq~0dTx*%nZH0=tgjAKEpHgY`1tqc2QEz@ zSx{UHx7+o~fNl#-tf{meldF>Dek-6NWZ!ecMS_S92~|>#Z)SR$KDtC@`TYLEU+h!k z5gE#{e}QYC06e`ek;FZyr)1^&&$c643wIxOHiRc`Mq}i{(T=`X(PzV7ogZ^8lle*j z_2g!tQ(uJZeDBegq6_M=ln$N5bK6D58v|csstvx!Wi-?C*k|n=*iuEUDIjS2%z^sfo0B7UEnV+zh z)25PKP7AuX>c-0(4ZmgQ3ZJ2>N7|-RUCI!~IakHue zM=YhoH3uEoo{aYT^LgKWoZVS`!%$5Wa!jXKh2%ZPW(5}1sEeEoi`qMI>3e!p^u-D+ zhRdWYE-K1=`6BlMZ6#M8=6S=n@P7^;RY_N&**6T2TQ5|E!Q^+~#{IToz`E+}3OBu0 zLWB(LgenP9JFrvU4Zb7d`e?c)es|Lp@DP}nA!*fV)(xQso%)g!g{VHT9gjQoyf3%|3j`we_~T6C>ylX@gKX_ zrvP_^6%IU1@5MFem2)fc>>4=*Y(Do#i^8=7G50hH&w*>928}-Y8uW6Rx!S10!|3&h zCG0ugV76h&2Rde#nSGhZC=EXTi)t_th-g7Jv2l;zJA{9tmANH_W(3S4ilJWU>2dcGL0l`%gpIX`PIGB@2wUZdevh2z)Wd7Bbjv? zW|`A|^Cie+#m)~>^B{?RrN}(u?^jtdC%&P5)@j_f&ODnkBJ{bCQ=TfZdU37pY7nct zK^+FVZPu|%_yCnNC<6IhURk+JBqlwp?ab_q@I&9+H54p@jM4E&J)2NbNha$Iy^=<8 z2+D`iw95GH^yHgl2?I7XxJ?5)5}4*);KDDpUHIA=z_`gH3zhhtm7SF*fg*G4uIbgw zJHE8z7M+_V5hwR-uT*7QVA>g4J!S|>y{U00WrNr7asZQ+5#pMA8WRSVsWES0 zPqg^)5AixS$R}d%2c3@vS@hJcg;7ntonNA!j-dE3oIM`*kjy$IdQ&;@xcX$>7kk;l z+OpET1d#6>fb|X4O!f)Q5O!>KJN(2oRw%MlNeyL4+5U2!ThK6of1BI<)T!5vXXHs) z+1dGXu%J3mG?Hm5T0?$a2^Zw{eoysdQsVk_Q->Ju`jMgXXR4C#gUXDU@(o~m23<0r zzv4JmwhF8n(zCjLt*Dcoe;&$*s zNL7K9=Q;!AKbB3zccU?1i6?Nk6>~;U$*eg&+U^)QY-poKKg(N~z4JChMnkqk?m=_s zN1VLtd(=gIg$t{e22ynj4(sTBH;&Fb)Yg0HFxu6!$`zaW;7LT^Kv-ZdGe(-$R>%1? zZuYHX?V)P1AnIYA5Q;jM!kU`|1GU`N#!B9tbB#ov*8$O<4WB)@*>wzp7Fq#a0oIRQ z#c)ohp|k(vRW+U3F9WF5oIdBKJmT`JEMAtozM-atd!r313J5+w!gmJ@qM$2;ad?#_ zKMT~bq5BWJsWUp1pLiU-PhR_So1w~K#7`xxo}`-&D&>`LKvzbL;+IQ6yII9aP4O01pPOMSw40&+wJa0JlZ;k~15z6Gd z1&iC3)N$>{sFAhIVPhnD%n6aBl4^@gz%0l@x*N#*X68}c^6OXJSA`!R{Z>$v=g?>_ z{~Wn43*S`JBfR#UkXAW<1gsy``?l6AFuu`7ErXggM|=KEGQfA87%l@Q%M@uK5b?|h|d4{j0L+P6Dqv4aw~?-=wXH|+OnfLkEj z@QUjTDpl5K?k%FkX1vm}fcNQ>5Kxj?$=R-_D;9P)xm`$Ux$wmHu$_Dft*mx_;i0KW zT17XvPE?Ml)f;BDGhj_gU>^q(6LN{mgA}mGz$5)h_Kle+oIv z(84r6kBN36kBJNMbQeM`1JH|IJHAPv!EK`{ zEC!2EiZI9}k*XsXO49j)QzCW#StIA4Sd2RpgP>lgd$hM1wp4cKiPB-xbIYJm0`2{T zkXz^W{=l~zdjK=)NT91#ynX&J(s^P4K5%~gjNWnMl_R&(I%AT0&k$~|M>S&GJBw@= zCcJ)Ymiz3nvsAuAa6c4+xOgo}(;jcgHde0ZQ0Y&k&P}iGUAbO(bXKz(4{_S`qWrR! z*KO``UBaL6dHREVbnzqGZh@NXpqT2FzMQlB;ikf}in|*77u9J8Hzj$_Vfqh(|VLss&BPvLR;X7)VItODq9=q);9-P(}fF>hs=9nm&) zN~Xb|SdBf+;Z$W6c&Wj)qlA5kf`8Fd6SEnSu`cQ{Sd`qCWz$ujN=0hnyY@Ay7K+CA zx(0Huhg2%W4lPLB3CY4#Gl&;7Ec`IU-6BwEpMJj}TT~-F{M2i?l+by5;4Yizhj(wK z<+}-1PWKN*u2#wY?s2z_lGidW4fncfxs2Q4m3it&0}i>(BFH3aYQLc5Nr%f{B}NK5 zsSm1rHA%duneAt`8i^2G&gP^k5X{8oKx zw!LBT*t#;~ckN+`yDL*B4!?!CvsLdtIV?%#PZlyqOs0uBsU%DAkN@12A9ECcK~25v zDS*dWT{^scGbYw^#78MCy&=^Q8DK=xGTMH%Asb8%3ctPX_0@g#_|SYm+LqsM(P3fv zG4y)Ro#Qu>@G_1XHd3YI-jI_sf}OXjOC!g? z_-G`SMaF>1Nr z1yl0ZTu!12&u7X>jEP^&^9x*K5+MWtY8=J13jJMz*t`F zCoO1_82(r$AD%>9qGd~W_Sc1`s)zK(?EN(Pb@|KAtKCO+QB$H)tE>I9HcFvl>{TsE zu(5aa`D*z;nn@SeQf24}MDJD^;)B8Hj~Q{nWSC*IiThlf#=359t)0<)cjT(_x_q%z zP0<2@N}7q#^Nu;}!)*zeW{gVRC#|L&n?Xn)1k_y+GRHJSM?FTbx2d%!G6i<;)X1&R zPA4@6#xVgBote(O>V#`15x8*}9bHN`BSn+b_i{SKA@mEm=c3*-ZTV=KY(i zUSH8dY{7;v;5CjjlVz^4g|RwqV~I79Ltl8?*8FOGJ?&qB!xI*NeY|y@jpT%RESr;_ zO>(CsNoz_iN`;19Oc1v&#!xB4MZ>N?wF^ybHuZi-;n8)3JjJ~Gw$k8$l&-q=0!|KT zG1%oll8OHBgtFCRXvKz>d5)~cMb`Qmk=ZYKd*je*Gf5(@9{tmYPL+;1JKEJRXpC$z zKSty$OptKv0dm<|M@;G!rpbJzU>y_RCK)q_I+5j3S%lTdUW4qf%Xc&(s_YgDh>h8% z0{X~_rGW0oWIuk7qaUT#ITtA_DZ{g+A+06;Q8wK_)CAIyADYpnw8|g(;5C8A8%`rCDnXNkQdO zPOLhH!=KNlv&ydd0?&0?USo9z>;-%7sL9~ZWp+>9u=IQ~Hq3nXUY)iQZ@;A>L3YG? z?@uFi1IaKmO-DQ|_(7C##D_CM;9^DGRC_J_MEprwR%~k9Drh)hO38gZ&N`oS%5!6q z@!sx|@yNVe1>bP3`>c*k7+HRO+8$2BwHteVE|4xDp0vSBwIj_Y4|Tc16Gr>>sDFe_OS z{Rd|IjT#D0E8y=nJ@+7a8eRn5?XF!Y^@*CX6rX=kHuqI%yxjI z{b0Vs@^_-|_)I<3(G zF4~ge>o9fk8s*=F;UmL1m!^#Rh|ep%xq?0knVvp-+sIVcrGbK#C{#%}D%WM6t?MHf z(FK!j5)kFo{aC;P>3gpD)Kd$K_$Yy;=d?zU5KM}Fz4M&e%JzUl0)Z;g!rHolHAHrq z*EzoS(%%G%J<^50#8;wXI0soEFq+`sH~-oBC`TKDJZVe}8=1|p>~mDU+*94*+l247 z>4rF45_bmdD4I#d)+G|^D!VbPkbT$Y6xuyS5WguFgTdql8p-v$>EGvETf~L;y!QQx zqOjhXMsL@{Pcc}LV_e6iCwjkb?#lr3FY#NvHm%tv3+R{vR;&s}T1GsqyTDU>RA~g! zD)B}6_0QA|B`#b=*o>=NMY?V%e(B+}x|LY%@HFh&nfK(kG$*0UeoiYmB>LgJ(B46r zdB=$MB7=-y?eB)thP}rVTrlL z9cc%Zgo+Qj)4NaRn8b@RKNK4_afBFOzq3nQ_~GsO1kC|Qy$8xEP_)#nuKSrCDxPuH zjNp*iF^d|3`i|TG6T&h#J1)_~V5{#ECNzu>`@Zj*-6Ck*=ItGyRl{WK)F17XdtJPS z14(xASHDhaE`7WSxgeoN+~8}c37mwfjqy{0U9a`Sd`dY}D_4OimwQn*6xK?_O_F>& zO$xv#V?`Qy;YK;hvLkZf z!wdMEo*zoDf0~rygr6uvn9}&uJFj*U;_3T0`;3GMxTWFGZ5x5KY`_^0Y~q#-KPDpWzuvmzjn!U z^BQddNb!-}-pW=EbR9baVU6dK4aOJ&2>*`Uki?QVi;W;!RmB5EDd=`ZLEgTY8$x3@tCWovQmI1 z?4eryTfe%!a~)xfI`dwM8CfTkpELcHle4Jjy0#>BSKh?xT+X}TAg0}y<&EFZ*IFni z9pyC1A1)Qd52`tU#5ZvB;fv*g|Cnu-5-}_+)O$fe?GhKi;W_ZbY9E>V%8uw^r>h!d z%S{4E*1G(z5+*b&k(i3K{<9HH=%rM4SqwqlPII}};c^TRIHEy8w{c9TIbJ)~IUEv| z``;164au`b_yxt8D+G`uCFkA-Cu|JjZjDEj=<2+vIIlUbz&)t*i`=(AT&hV? zu*e;S`nY<5<5S~b?_r|Oc^~&~=XiolEebS|K8tM4ds;p|KFz61zJ{Dj&r245wzj$j z(@epJ;mNU{rxo5YADZA(czW8EkXZcb7x3?&9y))On^i^muzv!n`SUG21^^Xdk2yDJ z-)Yx}V&qE4_6c`Yi{ak&bjlM#IJ(%{+FEjI4(9CL4<SpopZHh~82h8-4+&f=u{r0%|6fd++( zo<{*`$fU23+f12Zd2cy%@)EKPd~|(|rfwEZ>Idj$8js|Ssro}#%9#Gqo+a&Jp1rTr z&Fg$71zj*$E%x4^(8PGof57JPCDO<5l0kW-PKuQV9DEam7&WsQ71{)GiT}WJ%L@Eh8#ozb-LVFA}pE3{v zf%;V#Bbjhc%S)s#+M?hewt$k{cIm6f2VB?*H?8X;e!#BMb|+un0rG8QyiUQm0K=RQ zcYEk*0dtLdHSBlpVYfP)|ji&P_ zq^Qrz%^8oTBdm@zpnsaOh#}quUy)4>E!7fd66Q>Pu$83)9Vup`vx!HMajTeLck7-m zU^H4Bul0ijQUU zfUhk~i+Xtb&Ur#Qbs+HXEyXiFxuYmVlu@}`oxWbWVq5q{|Gl1)L?HH>+$O^P345{W zqfLgS_hi_;l2a@){(0KQ_0d)vvX@nhj(ui@O+yrv%(v{{+^hEjinYX$TaBh=(jCI) zG_hD4$5K55&{idQOFfxzl0{);VoDRB8p@+fyqby|scD^(@YCHt-UZ}-Nm%i3TD{=( zy&3%~E$6nmo2W>Yqxfu8k5sWn-G_yQm{t%)kG3%NX-`0=eoJs444n{{`n2VY-_2|;HQUHB>N?@V)j@suEk#%)tWc~}&9=1RlTPnUG{>rP<@}Q8%sVPH(TdO$I z{Ngvj7|&i*pYFB*QYHgQpF?(Frj$3%;940T8iKWabf{w#^)Rf0IvXzZDO|D6rUs-< zRZ6YBVZm|%zgVPsHpM!HlMCkvrbD#m9@Lz89E!>tiW&I^mHrVmA|s;$3q)4&a7nl+ zZH1PWz{F-T)}>x=MF6IuPMTi}(Y&Cr^9pjJdEXkvJ#NhSR5Vqc=%B<%>&;p-Aa{3P zawcTB`39Fd?C?|Y(?RT;zqP3bum*jEJK&SCR_$?aHJ&!tGx#fJAhtq zWzmArVYU@%8NhSm4%uuhg}W|wYvnJ-sqfu>6@-3e`TIFU^SzM-oq&|XwKXEuZJ$WH zM|m@eVZl+%c3sF%?+qL$w`vV89Lzaq;*Q9)U2%26(b4Zeiveq`y7Lo~fJ-BYWX?8B(&h^u-BGt}D>xw5_#n6RYLG!30p*Ev1SA~l8eAG1r! zj0*k)gLbX)O@BLU{uIl8Ow2ki|?k_8=o{}j6W7iu$4Gt7+2Pm(H-AC z*UL{jmf+N45DiG5GGr2|V>w+79sXX}RW8>c+z=NEQL3;SC^|G_OqMYDo}NlcpH9~O z8+Mt>8!hgq{d%g#so-}EFUk<<-=SQkmAJ=9x)IG(pfSL`%D-zZ;;8HxZp-c}2>+zd zp`&03cHQp=u;tX^y(s=BXxt+OoDEKSZ}<^3qw>8of@S*?{M`<_X$}PjUcmJ;A-8V= z2BpaqM8&L?Z^+6YKdrKmGa(_Tr|gDFz3y$<;I*X=Y@=SJ;L8gO&`5?@|AV(IvKm=D zT`{XdUmt?AOpi@TNr{9xyKW<*a+GJbgzaQ>%TxKS`@46F#BLJk96P5#E(vE8ZFZm9 zdl~%WP^S)l+?><~Mt+WDH*c^jdVi{R`@X{xgn7^qDJ(Ui)%{&kB1iku9p|fUU$CE6 zZ*uFLG2{dNs}Scq(w8@{rc5GD#`Bq46Jtoyx*XMwZyq>Jcc7NDZx6(6tIccMo$OK-U-9eOQ_}6r}Dd+3x{7?K+ zlU!odFH^D}a?O0npba;1J~ktgd>TA)DTaya`&XDnuul%RSr(RpS(tWJcEXYy`ja6z zA!=CRxm^3PV$#frj$@JOu!7MiX(j-Qr^E)eON_?q>^${^NZX0#XS{vYUEYDG#<F^UWZ-1AA5 zCc$XYf1XpU{b26o>t7%L?dnF@9?)5xt|E30n)q+dy#|n+7o&pV+#MO;3V)jTLG%SY zJatXf6IJ+B+!ybS^8Rif$PC(-KnqbxE&P}aHi_aU`^uB(`od$|kp$Uf*@g2b-!jv% zpG)EWy#_6gZTwZ%LjBLA&QZ;Ys{?p`lh3~0&s^I&`H_SgMf%-|rI4GvmVTvdvZ(>g zO=Aru19dT5shd-a7Kh4~b1!7XHd{|NS8rkf)#Q;`n? zBWFO&lkAt-@YHp24fxgsJo7`*h=l2)4quS#CrVw0S$ZQ^ezz&GU!>MUfRQt)3YC8j zWD_0PXlaMRezfY9XG73cvW%jxBb# zx7K9hlUB1{=_4?IM!Kl}Krul**G6t;4=1Bd=|k?17e%Z5954h(f1fblJ`&=NO{7zn z6FJCry%E##WETvSa~;#*R*o()IqZSK0i8@Ky3_`GU;}!8VQl~hT_3o6>Cb%m=6&62 zzrZV3Kw;u!B=AT8KVAm3U7kwE=fuA;W#F5wsiib?4VyrTOENh0!0g8|ICJeHwH~Hy z-7=U~bZ{8w3;6M+scKxQCNiD1$75sCfAX^)Kw3s2Kh4(mJ}w%SYlcXd*5-oMv65IW zgTYAM{4KCQv;q6A9q%M6WX}VWk$#M8f`lJ40a#CU{gXKAS;WsjL;EUkv$^$GYfV5q zium^*avEB1Gd&nH#I&cbB=`N2Ykageu?h-G#)rdD{_k}=ORIu5_St!wm_Q_% zz!{)d&LHCRd3FI5F#`0fg8o}d0%-6PONOM`hKz=}KwR!%zJ8*KW;YQ@IGdG~rFZXE zPk`YH;^1KGdL$?R*2au)Iv9ArN+9lwx@<>#tFy}MI427217EE-8Z@$&-mi6I@8i?O zpjP@|hHoZrbY7gF)H`9~dtV~p_riY2O}L=P(M9Gfx1QSnNGe%!P@aY1 zX2olE0VbmxoRG%7+1g;}s(c-kwSp-bcrKE>TiX+bohJA1h>j)d_|Hl67lg!e4KpVr zo$pd_H<~XMgD~D*g*c;P&2@^56A=h2^bv4q#*Q1GM|RE0d?vuaRI#4km8F<@Izmr> zKjB z_C`fcV)!kA_so5%Jv7zgK`x+IzCBu&*vfc>jK52FWZ*&$FnW4-)eHWO;ZqHV6gTsA zpC>LqJpw^x#=ouF;CL3d3w*qU$97@HVAg9R&VHB|S)~ZYJ&Apefqn!nfna?e)7^@P z+WRTx+rSG1Q*hPcL)t))0l|!PUq#e`H&Z0;u}sFMwaWYu8~_9U#h{L0$p$KB38L^f zvzr?;4JVUAl=$rQ5-{IU%G}Al3%a5%5MO>CV7;+A2LII-5BFmEnWc++Wcw-J7+Ph}4XT3rmxm*t?MLYJfJ-ssfnQ1;+ot8PdVtVp4Cm7G+xeBC z)ssJBXUUod`6uh8oIAe} z=k3K|lJLd^2BvmvZibry@kZ^BD}kUIw1osjhq`}{D(IAbUKCzh^?p1M z*%niv6B5f&aveEw$X%84?>!4|THrR|)KRItXl#+?XCapqA3yO`O(Xdmx7hMLtAN}1hf-qR*w-!aE)^8h+kYNQXkFB2 zZ4Tr^03o4t!rzI{fOWSGc+SqVy`SjrRPEqCXHcx=HG(bM-0ou+O>qa+&-JMwD$=2_ z-JYTAz*z|X8y4zxS~tt*H~#?56-?0SRbl(>!EY)C zl~9e^+Nz}z*2@;aZ+UZ>hC7RF#8S3rFyq@iT%nWfL$w|_JU_Eb zrb}9OKw0_tF?Z~dBw42j;`bKqwxiFkGT&ITt< z=P}D8ifkOo0jU890g%q_4C0wrIfb^frZ& z<97Cq9KX%EQ#H$}#-JDECuZIAKEzRj8jf5}qmu;uygT40^;o6b;bs2#i3fd5sy>T# zEhjLG`!Q?k0ZKs#fq)nAtdoBgWz(3i0ib0wReQ2#+fP_MeOW1GSO{?5HSlvKNCPN3)t_L3#TmEfdzBF z*>}I#k`3{Aqc_{0uIBvBeNhm6`YWS{ z!b~oZ^&edt0B7&O@2-j!g(+l=8N|7sMgvb~;*4~!hbmK9G$4~>j|mpk4*?KLKQlCD3!H4O_KKSZACGA<<&d);DRQTf|-vR4muiQ6ThT5J<2@*0< ztZi$nM#W}YzBT{D0jwfx?A<>TKLVldqjGo^S)1xHFEa`ZKtW3VwK;b zSHWx$DBt5WWQFyyGiMS&K*T4vql1sS$>pR%gQ}HZh^TK1&Y%ZHFnp-mpRMN93<#{g z=o9|hwDXSIYz@k;UvA%95pAC6=`|5PDzPH+{?8DiSEGfcrB-pu@~wRh@C+lDdZo47 zEhNw%rt979z=}>F4OsRa8{c+lxis1LnO|=Gb>9VZ4t z8T72)mZl-S7AClNg#*k!OTq&~V)q{2R>REcSNeDKgVi2aT(O@aP$BLZs5c0U(?3*B z;OkSg$B`WFW|?M}059nAfVzi=2R?y!^#^E9^-z>q{$~R6bw?M_IU}M0flCDji};`A z<>l>RspHxH9egzTo%fEv9LL0XCuxNM&t$?n-{EI&9$~kpuj`Guyhe7Ps%Y7{==%L- zOmY^W_lYZDj>IB>UTBv#Tx>~idEj>QfEoanzFmmZ_^kqsJ^1MNm)b0s%Rd5=i{OTWVGb?SyiENLqGBFe>lo7bhct3{0tu`wlH-a4G1T6sHz{*#uhKp+a+9y5HZvb)ISO&ar5~5fI@o@&l3kqfTLA#t{q4LDB zo-A}e+l2dhHE_@^h;gsy0cle|-Afgo{j{cBgT86DMX}LlYY1SnI{7rhv{g1x{PI7m zIRI|~D4Tu(2V@tVbih;i3#Q&>7XTW77E~)jOAx@^nW=a0@r?p(EMf3t&NdBb<@o6n0q_u)Xatv%o)Vq$3zKx0p`;WqHEF<@1z@#^z@^2-_^k@C z+BkO1wGXn0zy6hi=jizzTOiLXmI_Q7Jo=6vii=BjkW#vJY$mp8yuSc4aWP>q2sCZw zrlf`O7&k_P4nZq|vQfi|icX=SWq>9i8K434_CAXN4Ue%tcbh_t3NZhRYJ$lYhl}6u zw`7C*LdE^5QkN)JB~p-5?>V3@DsXIz-u*p4Q@PGc(AlFuTGkt!RLJRDPi}_JPJa+swnTF31AheVUirhsY6pg}KZvfa{B@-`c^)F{kNA zQ70O-N2id>IKPoKyV87#CwUQcA%V7=gw#>Hp9etf^pPwqEE>@{sqxu%HB1DJj-Mvv z7i}l)mDB-Vhutx!Qz@%6^K`R<{M~+Ri2KCb8s}@k0S!h7JRWdm3MRj(b7%!GT+vDZ zN=rFeVkds-vO)7tNPlw390(pe$p2#Rt)imrzc5e>6hTptE&=Hh=@yYr=?;l}hSqQgRb=UG218>uiuu2a5V`r;4WS z52K8zB_Wdl(BhadrexwX>r$;R-_Eog95NRBtgJ!|4um$_H+>e7X~+aGwcLmAFrU5r zil35Y|6W}5$=HJj!Eqx4qPfzsjBQc}dT^m^F+U}on5YNJ(!+tT1lDglmU)ME+iG-* zmxgP|Ghf$CrEqar4KJQJ4VEG;9rWJzHP{5DxDeArG%EIH%YU}8c+a)zmDN|#1Vvt3 z&Q}D4CJ;MuTg^(i${=-XyykQ*v!VQ_ZEFu0AOo{UHskH#2AjoPJH&1t9g(v0UMagv zJ0Hd0OGvLz31ileH$M^CvE)b{^i6Nxu9jva#^Xh`9GIP6wMIHr_;7t|JU>P zZ+=v&n#3VtTi>_f2{4>yts55?b=VtkfqQ1@;1ND-TnIm|$ zgi0xVUghDUF*)~o=8_y-2I|T12e#iqZ0%}3NPk6rS^=^+ED;EmF}k)JmOwMTc@yM$ zvnI`Rv(V5;yUFsLy=t{$uig2!hKZC<_x}w;O8n%30oX+NN^>>Qb-fZ`OssuZWDCq8 z{!%~XWVPMD4%o&mYBnEBaUlt-*kGzAS8B#{MEXYxPof=pB6fjV9Q>mW4mpb6uxqP( zk)`gJ*lzb<4kStekSxKf8Q{C{+mO}V==ahseJxNjYjOnaT#UgUAI-pO4r-v48SckUF%{p*kK+=*8f6%~z;$e7ig zV);i)Hv z)GehROia*Zs{0c7e;H_Yxfo|p&Hxh*t6N97mzS3&3;6$gx!+^!@dO(?wK9`1B!jg2 z^BXY>V91NYW%2vdwiX#MffBqa^p8hVt6*1#rv&JVZoL#E(k4})%5h<^`W;oL2 zV3Y$?rCYeKM{|H&45JkRi`GVepzVCCiH&MDx62-C1yrsa9UXP&SQ>kNWi8iiveNfi zb0=yKeu$*FC673>P2QZ6|3`4-S{ku?8bEwL@cTEXsU~Wik;WgmwsPys>fH2g2h-8tN>vKXjuD4E=!-N6h6 zR4fl711Iyya(lHuur^y{_TxByS=H)6zKaZi2 zo`+|;8&-KJSs?~lw8gxsv)(JvQ`6K;N=m9d+8o^DZ!HN&UApXc#zIX>ti}G-N}>Ot zQ@^M5hr?(7{6_^VqM#qR2SRpjlABa6vy5sjjXGC;Dw#lOif$s?4aGXyvcnH=IGn>%6vB zG_JV%CrnMqosibc;kv76VuI7_?A@`fDW3rF?~mHtpp}&)AGxin_ih~@(n3(tM~5dd7WkOS{PA~6>GUl+PG?`O#aB4aNWCl!dDD> zWq5ryc5@`3PdW0t{bNyg81ZBKYTe<-!Z+xi9u0A?AiW~;>ZS+sii&o-3&#x>!U-+a zdS34!;uRl-Db9AwHmpY)lYbQmyY0^3?0emg2vO^f=b(CjH~>@7DY-V%yx_T;Q#^fk zEmp+;#M66zr}NiKy$w+QDf9rsd`6{v>b*8xKMOK1O9pasjBD9g;%G!W68T-=`9nIC z@VO7h6L$bvZss#rJFQ^8GhHRyyC*OeF`Qr{@XFtI$!E@0v&A=uJV>%(}$@$nN%@t>bK2{aK~%M#uN6;S z(#wW|uk(D8O5AYKA(@GfkH0_PHvQ2nS8D5TGS}{Y)Opr^4(Czgd8Ig=G&4i@B$cy4 z(-j0+O9rGE#KHn@0F?cxYwS|bU>)wZ7&qyBUW+xNxFn~DTgz{@S@}*q|J3xdzJt-O zR9oEy?!MxrBu%aw?tQwFu+O5BvlLgj2QIftgV)0crsf(?$b{cbAFJ>2Z%aVbiuN6l zLwYtvAg=D5wbh&DBm~lL9fK)2D)3EQ7K>o*=K)iX5)VviY~r9@Lr1?x;r;@Q+c(`s zXF}+SUW4fB@HNtd>-16#vAeSZqk?sFp4k>XC72MlE6KI26P$ed+60D3AwPAARyGNK zWf7=-yH>PhapKNxK9*xv0bpJ&<_?#2G5RY|rI6SaNRuz@W049@oUZ=! zP?RXmSA7>*v=2nw>EU>nVyGf!DCG8Yj26LpY;`%$kL;19`AbZe?&^qZM^%!%WNsf* zXJ@(5l4O~oG@*(o>vcPa<+Il6GVAN>7MX=MljWAZvV-_>pLH3pJ#wVPMrse?N8lfP0xeeQ~vU;A;lum|z$H%cus$l6^{E16hVvzij} z+--!Z7O9ii#O8b|V~@!nP9h^m6>d#h?W>n+pC|yeh+?9ejjglMvrnYe@542xisugd zC$0Kp>#GYu523}%oB|6Hz>KGp)+`7OC8d!gHF`B^$JdIPd?l?pY_zoMu!@CoFmKkp z^RJ1<>A)Hd&dG(w$2n@PINop&0N?`TVAeBfo}V*0zDCfIsBxTc&C2SP`#f1rym<)M zhvPdUBe?yXu6FrMF2M{?opJO2;*&|6az*H8%fP=*9diNiN~g*)yndn$iCt^u;*U5! zIjI{bl^vK=%S4=MBp%GSX-p@bfGMYnvYk^83ajvBK=YMnxz6ZAKl{5_**x6(WB_8% zTj`F(@~tV$OcQbuhY&F?9n2d&tjFq!8o<^7Sk~+K>>pH21deZ2OT<5MguBQi?1>^&?jM>4O^$qW!a>2EIc1rs|nq;gO0;Ztqd<2{9j;d2O!b>Xw1; z>F<1=(*q+P!6Q25HT;wnGZ9Qak8>64O1!Fl+Lls8^hwdhN)jzXV;Zz-t7|32rClSl zVZbX1nYRmV(W{o>{)}!hgmu{B2Gqk)errR8#R1d`K~f3Yru&@ne_*zgs_JftuudeU2bTv##HDK0x%CsL+sV=Z@* zU?V1WKoq-Mk+KOU@4LGv?AC0o!_wTi#9~d`o9h(5q5vL_i&LGg2u}sMh~%d3Rz=AM zO;mSw%-VWBhr|k9FDLR1N2|+*&d`CI3DLEtM1c6GU`03Z zk>7hwLx3bUK7H@wmZBxE`$aE;s77RWc8=F7&`S&=pVFY5IB?W3lYugL^5LYghP%c6 z-{8}a7u&aXGFMB`+?Yv4e-RUD6rv+tJ#u>K9ZvfA<_RWYktsQcZ%noQWr*5#r$eAy z4}-GG_=F&Etn`>x6XgZ0aagY0jk*D-HSC~w5D?%hYuH%>QRISH97E+gj@cr6MRGDS zZ|V!SBJK8cTAiD8{xi3xYLH~nM64`)ud~(1j_>=V-RkU->3hGeRYxX9WG%D0@)gV& zvc<;6rbt2nYd21;)f1CwUF~uIODOdEEZ9dur0;<0Y!4=fzpe!eC8Z8I; zjkST$3sj zcvoJx6cj|po%}3Z###U+uKb^tQts}7Y_&LPk`lMIwT0LA42>9o5DW|Azd=4#(x4IX z%1>|QVijK0^zO_pvJ36KRzZjMg9=6iLwZlC_bj2|RJYa!OlH2db z;O>R!;@a`IJw0@d>;JhuCVlx(j2obTe71Y~3!L2+9|`QxkS90m8yi5EOpoNeM1A1I zNVAb!v0@lmXq9)=Y-9?8d7V?DF7QAJ4-J~X1FIomMTc|WNZUcU{8hg*{~j3dDv%&^ z@i5;KvWW(wi-GbfiP~F=4F^mb6e2K_3Teg2 zYbXunyME1JN0{YoQ0-(x!J8};*FkWp%gYrpj~ojU@+v9$H{tW^?^@cp4+S*kf)_&7 z*gS89+-9r7m-+w*Q89rgFP9oflF0SkhiaukLo9EG+Tk`CVs_6`RUIXzsFaj?;Ne}K zrR4tYFa9ignKOW-C@dlNYKZ#{FhW2;0A<60Tr#&FiAhYr_QqdOReo%-?zXXeSz5|G zo4}b9ZeV63D?^DWSU7Jep3;UI#S$;Y`i!<~R!ndD?AnFxMQJo(3#(7}kIq02?T>5B zw(meea4)igB7GBxKP7~pfr#Se9hNOJ_t&TQ&5q(*Pt^Vb3RXZE!{l;Mhcc%pY}yt9 z6v6lT|8tK0AXSRv4Ri~g0#q?f4Gt%=oIfZlt^*qybRX}H2BJdb$BNNJSVtvRR6#$| zgh}~yWzm_ap)^=k5EyW4)VK_e(xjz_<%!huVRU(CHBiV?(Xm|oBF;@bTd?$F4C@9% z&s;VlMsfhoIQY~0k@-)Ny>x11)REH^k;mXvDH<5M||tA zDC=p!7HJ?X?>*mpq-YGtEnzykp78$=UuzTLi&8S|eAzsrbEaydD`5WP1@Q)v8ExHR znV;A#&760;`W6iklY4sp-Gl9!d~}qQquND{7Z(=eX4@Iewqw5=4*WXY_5-ztOC|*yEEnudOtOiyr%@Wp%41-n z%6raLX=(R-uaF&v6`H_oHP>DP%K)c(gH1Or-KN=tsY_yO*mba83?dT-~mN!vLP4JSz1Cy2SeB5mr zn6Nypiq^lm=|6b%|Nr~{?j6wAZt-3HJ?jLJuKv`M&m0LEGO3L`9#hdT_Bs!{bZ@zi zZg^h3FIa2RyglZyNXPFkhbFCj6pEh&^ym622XNxmwvU#5qx(D@J))gicbmrJ*9cyi zw$s}im&l}$RAjE}Iy;Byw!cC%XjY!G5yc1z^Auz@T>Ca^Y@8{`vQxhm5D>(ae%L*z z19%%RwJvUrH}T7`Q@YzzdV)N%mNU7GtA*w4pPMY2xvaM;3$czg43s3?wpR#_zvD0Q zE@FN-4nP1F&S5GL2UO$>@DD(5FyMy}mfI?>UWTI9#U8umYbm(Y5W#3|>y7m3H#9Z5 zjhr>LAW6>%>yna1PSrtc>S)NT>0lxJBA(a zUX?C7bxc1pzDsX<_*ij2W&N1OVpfr9pqYhU^gg;zS=v_g=hgmZ7EeHAD8cFhp;K)e z+Q#@Xl_^=qe$Vk{+W40XV&=%ra^k~K)~hA%y-Bt8lZ@K0_B0F_+2{LAlBXa}e9tlN zZ|3tu0!>cEHeXos+E_6@TV~?y0d@gBk3mdK&9RMH0tqLLnUr-z`YAbrJCDGG~H&TX&1?#^bXm#+&@xNA9%;rs{olvo8D1 zz6p@{<+CO#&x9BpkYRz>I&c3)(vIJQ(88Rj@fY%_7O&O+TFZW$YrtX)TPE3M#g5wS zaIit7$(TYziwD#DaHP-J90VXLSa#(4N=EHO1cydUj6Ks@J@HlOw{Ofl8+Z13%=W*4 zs)VyNe=F=H+zJ%^v+>!m6Sb%#r9W(!{iz>D*iIjVbEWFiOaXe=KZ>F#`}-t_cT^-;-C9#fABioPzK|M^u5MW&9KOq^%7)f*wO z)#ix0o~{kK8q0H^dP1Mw!OpRX40pSG$Ba*Mt3s|&$?Z31P)ti1j z9p}Ul_YnRH;wK^j{D5QlRD)4(z1KJPT)+*CZHzP zZ?HiJzroa#yE4Nd81$d6A(Ne~H<`ixNY9cSuFLkv=g6_ybfY5w7`ZcA(bMW77t!Be zwWFtIDfr%&#HA#|Wb>h<;H|Ssnx~34ebe>Pdo~T`rxAW>ff)^9_go* zjS|p2$L( zV!yUln;+*qA%O~!ndV4IcZs3jTsIH#LHQ54$-Vwie*bx`Nt3$QOnUr=;x|z;UZ(9X*+mhvGPq%3F3w*QZ4JJ80kD+MoY$1qKpn+F^8;` zUXwbpr#f&VHs7zV-=ReviGPU*MA05V^4D%VJPl%KixeNs`8MS_^%!*JC9BBOpd{YY zDb(T$>4r!x)gu{A22M7IV>5-uS*vc(v>xZ@=kqm-Us6&|%Sp=eNtXXkPF63VkD;LB zo+55Kj?JH`z?1yxeCFNJ#Dv(K55_+ZWfz!RdoOCm1FfDug9wBQ)@V()h0^GCHmO*b z4FZ7v)TQRThLDP93W5h28fU)Aj5e0MUcIcuk=E`yJIh4+_>|Y-df{|ubTle%oWjgX zzt#PSlXb|t{`wc#B4Gv%%-3+3|@eBo^Ks9>vx84Y#+W;ZARIFX1l4y%dE8phCGoh_@slHHW zW;eZ0@prY!tgcUm=_;*)2cq{<)OVCx{cK-XmMIr)=RrHa)qo{>xgGjyTG6CmR z3p2q_i=(Pm9SNjPE5jW`Wt&~skwz61p~%diKl6wjHJQ=rnFCR-`U8kGVjB2_4<wPNuoyx zcZwn&UaXiRU7q{_PiT14dfUVi!@znDWO^ zP?VmiaXf{!wkBe8G~-+$IhR&`bDzM>DwR(Drhc*gy zo^{IGb2h=p(yBm1V(Xi&Y{vD;4-TsuM=6rE)g=p~(&}tzyC+LV+R`fIn)y>Zy;4e9 zJG~-GDM9MZei3eXBEG`nZE63^^yb!WSlCw8E_{!UO&}>JTg2tCcrRG+&-kFDBaIf8 zJAW-^c!5a5>WJIIz$Nb&>WuTHC?%Wg0kUY!Q07Z-m$cHd+uGKfi8{&MyFl`O$cq+gxI|^$@qi!{=5Fz9HXw3;R@{D*G9)`r@ac z2Yw!yzMMmE*}<-c^?qhIR{WB`)$o{=zVW3B4%kl9JOOAqYCk9N`AhfAE3oR;avn5n z^zC&6s@F&RvhRRM8c=p&`aa;DdYmkd6F(!({(R5QAZW5%WyO8rb zzt^IIVucI**$Upj*hea>{pfvrsq=KB7R~`;Ddkd_^2l6)%a3oPPZvnGZG9Ef1cg8% zt~@;8ztoEyK>4rDaf>W%2kq=Hj2PXeo^$h6Oy+(26eP}91JVr+Jajsw{N7(donNNn z&}Q8CM^?pfI&{l9HM9GdkAP(uY$b0NC_q*T)#Q3hdRiW4zGP5G5nCirz>KvqGG5nCu$L}8S+D6T zenVdArzHhF%eu`S-lxG1J!N3KZ7hOapXjf z8Jk6n?o1u#0`jjL0)!B&Nt#;2CVsA-8;g zq8)P@uC8~gSh>H8?S}_-<)_3;eYw^^xfYhDA3bv!oAk2@hOIkTm^KMr6EJZYyJ{0! zwSKMx0vZn=5fx}i{eIn$f@^Gp`&l5?ITFs`)>w_Vs^2?!0Ya)yX~7;gd-qYu#&u^^ zOAN~fWOXt>l@Xgo9t4dl-A_VKH6CXQ7#oF0XOLBMRM5Q_COGpRyhK2d zuy-8|JreUC-$jIBU+zN13*&O1-0;Cl@OD^pb(qwAyw?T^eT;2I`Yhfo9MkEYndh16 z8eE;+v&vML4u+7rY`kC1qp^G;n~HLgni*5E0I{uJ-1&Vm^Vl8MFTuy7gM* z?1SevE z8@|pL(3ix-utd5hAh~FMu5K+s{cES4ny5K!rF{E(1wi#ntlGv*7jt8;UjzhGVxbo=!eSJw`(p1#1Mb}8!xsB7@lO35v#2o5gtuuS1AU%+&4$!ES#abdGnNOb)pA zu(do2vhaZMhJQXlQ~V&qDf4pJ{Z8X>|K2A?!$KDA`sb#`{RpB?>)uJdgwl^G2XaCK z8bU>1p(=rGk|&pOBn;!>?_?qn3)IJFE>#M~CXplZQk*RfCBfKi`2 zuUXGR@RRTvF|q3@%th)jXxi3N?W#n7C%yd!z5Q5XlDzGz{KDfD9CC<$TY~ns_CYHF z9$uLs6CK^dL@PhlgBuB;3F=pG2!#5UQ@?~RyMirvWu_#8T3FmLyBZZLsXpen8YKnB zxFySj^yl)?UC%7NJ~M6gNvw-;M`%?NRb>_ zLQ7ZQ4`miB?qro|2i(8x+Tw%<*wC0mzC1l>)2Fh_U6x-=#QJsmCo4;lK%7N5x*7h? zvw^FM^BTMT<>V(h{v)fNV}A(6^LbB;BSV%Y|GwHs*@KRWEo7-1n&uI6c$ww#2 zwcN5f4y%x-PxwhLoE?=Ee4iKD$Zv>u9vy}qF6X$u>WpqAYxfc49aevk$&qU}#V0~> zalhfM^3YUbulKw$N&E~X^3i@XKYqyb$G9Oc9-k@Rzu$A9Q2pvAS}n`beB%WTPNd%$ zh31Dn_zD{W`zr)#7o6$#3eAj^PLScP*cUe=Z%KE9+7A_|+N^F3_yckQ4@PVaju|jrAKtItHPHMgN-eL{5?N`RD zKY0auJIXSUkt4qpB2ThICFq{OYm=+6hT`dNJ&w)aVg$Q8`)yeqP9q1eRX1`U_|8{{ zZ%g3l5tj_g`1%T8xJ7|Yq5&<-*z@;-Hv+UQm*wAK|~T{QaPk ze;%ck`m}gdOaHZku?)jaoy9GhJHGJKJhbvV>GWGN9memv4@;XwSXK3un)jA82kUzhoXBSc>=w8J?dD}T^J6JpeK-hfS2 z_g)W!edhYlgaU5i9L@$paK%4At8}bmRku~{f<~sbA}hKE; zY{B52l18`NyKB!L2NmCo#oc?73$33MS5k!RrkM3l-+C^h_d9)i!TXyd#Wc2X*qWCN&UQC8UL(E1_=?ZkYPJB zC)%c5j$6rVAIDOB;}0BEuliJHBq!DhFc>DLl<7TF0B5CtjIy+h+~HQOe{ zCAZ!n0kTfxPe*$CBovmk`xv#bP6gUKgIzmzZF^hlr>eFE>ex7lFRIX%&zOEKS+e=_ zDEimmwDl`3C)=`+lG9&Pn+NMdHoGP;aNfpQPIk2^m=qn&_ol^IDa6p;$1ki^Q$Bpz z#>uRShleJd*4#csa;mHGPE;*p=A)=;v+1AQuWH78t!v5~@yE~K*a#_C~iwQJf+%SltmTPsjBQ3-_R^ zh|Keg@hlE*f9G*}7zM`y6@e>mO-fVfj>5)fr0<*V01G z6c9R*E$zVCxf7JH{5c2R@{cb_cNCa10fYJ~Bv(E>m^I$BK-^$SOe1Abh zFP51?p&;Ba)1AS7Uo}(ASxzn-cF@V%n4c^i-7ol)ODzW(5)$Hh1`qPmsoN{mU1Vfu zf8MGgxYIj|gL?;bToi4oD%A3Xt4J~AiBKdeRq$g9KBY*Mc+3^!n5erzV}$qZ2xg13 zevrMG;~=~)Y$g;(i!j-=Eyf;awfgN^REJvIrx|@k>1cKH!D_M*PRF>(BP5jGe+!EJ zwR+`eCn>lOym<^??{Ci(g>EOtef!p%;5vRymth>1CE^Yz*u`pIft zNnxZtI6rQDwq82EmzW;g%dPiJ5yr?Qw5DwSG@`4Jn?_F2i@iIH{1|xoHm^eo3y;Fw zuzP9EkB01|z8gOIYW19NYYk=NUg`L;)C11OH_mqlopi>F{fib09mS^=Eukr4wO3!q zmR==_v|M~O{G4B?N>VRM%0bK({Dss)_E~%vtuIOySkUJ z^EGFm#Uh+9pb?=JFKyK6GWJ8Y_Fa&22d<2eD2B&jxT@oCDvb~Y=Z_$`@qHiR#!-I~ zHk$8>N-UMKvSRnL&{6gx(i0gKP+8owAD zFn1J#30TZl8aM89K7`$oYczdH7-|3f9iD^3(H0jF%c0|B*7f=!3jNus;3Xr&s37pA zyhYib+IFcaRL{Jzx|%;-*ce~mW`eLT(#~y*(!hHX&*$!z#&S1^gx{CE3U3-hs6Bf-OU~+}Er|-YI!rIwM_lx$; zn-FeV8agos(Xpo`H3DA=1jYG64%QeT{_U)S%=#m8x4Q63HvMK@uRHEnoY}kYeu%?_ z0g{?;^c?iu(_*ixYNVeMI3 zk~@A%j7c=XhOHDveoB6BtU?8a2dp@<8Z^ns8ZbiNH=PIk#Ow&GtNLJ{C+}{#;#j90 zmIr-f0Yb+>b*8%VT&_&zz_?pt6e)N3ymJZ#z+DQ3`J&Kp$GGvy83W7|1akEvef3cDe3mjMz5!`p~8Ak zL-X&Hpr0~i8-4C?{IQV-b=f2*`DWJ(m()VqnUXdk5m)cv729inBrhT{=w`Ks_)=IV_=qk3AalA^EjqNn|Da_Dz;bfiEvuILBkMb$5boA z%&ia-8d1j%g8_JM}Xs|zeQ-bZg97VBz<8i7Dqo2-;Hdl`td%uduZEst_5QkdRuhm<5i=kFs zTiet4cejse#y3*dy%~~E;~NHte*V5egSsR8nukvm;WsuA*v0Y+_54ho7xlo2U^?0jw+B+Gx8~9-2*CD)e^fQGU zbk!JOu>3#gxQxV+L|5<9arn8a#dr$0|dmsI|;Mon<2nHTJ`f8wyjc5IU=jOU%S92gYgt zJat99q_8_Y&#=K}REmc8;^M0b8=3V}EgBLMf$uj5QP#=L((r>5Ja%_MwB;@6uS@36 zO6a4Z2SE@EOa^zQKu@#1wtdpANi*Ztv#y_R4~#n3O8Ljs9@XVzNYM7O-}tFqsfath zjzX=yQRHw^vl?We6pMcyFQ_vbjMU0;qiyHm_%obh&Rk6K@*gV{PGccld%JuO6UGPS zCAhead|Cy^s?5Do*%u$s;tim^oI6~mp;K0qRZlVN+H%koAYyLbLH@M1De##f+{{e{ zng#H5Db%ATzEO4shqsqZ**X9^Gx*Sd$p`S&UaCc-k+w-UQR2Ins0{TD1_^J&^a~k? zBO7erF$<*DKpvcYu8_T7zLNRq&LmmK>KHM)5|Xf&IhwW^)K-8$BrGA z=hLCjvWUYzk@uhQv_U5Y0=tvy_6})mgF{1mSpIrz0jq^Td3UU`s@1dwCwfD-H|`3y02@pMw$>llYK_8Hs6Ny zad9&whTzE94y6toUl62L^O+j4G`NXGxfwfuRH=1ftWK;iC^4_(ADjn-PR+h_4MpW<+g==w>-@n?PBo{jCkFP&bnk&baEE< z*BmQ4NX??gbFm7pzYLU$dYb4KR#CQ%h(wt}W4;vd&=I@8$PDVC_ZOh2zP411uGt>Q z9;%6RT9c1SH*lup^%^~zu(kTQqW9yJNfAq}yRhw(_EqeFpxUEI1k(fhPZn@RX?6XT zqK8`44Rnk-7?B^aJmSmM=sPPq7TB8fW5-O%%>exo0n6Ukx7<-|`Wx>(>Z!*1nE2F% zOGP;Dg*>%H=a9|DsSRtgWQ>ggEd%BYX1Y<(i>{H^ZMbauj*rbbqeB?w)~#t9;)FXZ z&R)cz&L|M$`*^?(^@xK_(b%bPK*|b0Fa1qln|TYB!uLh3#yfFpaK#GFLLMe(-<UkaBWJq8UIkQ z7bKA;ZLnR+)*(qvR(^a~?eG}5=Z6cg{6oj%B$OF*cghQh>ObPSiWNzIzZRPI;_NLz zY?cO9Ve}Dkd{n!NZAsLP{VF8|Q4Hti{C%yJS9Bw|_h43U9~!w*eMhONxc$AwT<`EO zn9YX30*)N=+FD3;Bl>fR#VjkpIEX{bs#DatU5AX_kBpZTUKK1L) zeRDoXp4hbXhJwH%WxVNEv)d}2wVMgb*ckHtJGPn8foM#)x~=7Q z?&oz5J^LmWbl<#r1@4i(y}!vi#q~OWRZ;O5{>fNovX1$v45XiDo%_jbN>(c@zA|m7 z#4Rx@?AhrqA2B?DG|HTlUd%a+1_!mO=Z zDV%4HEg&H<3sJ#N2|Q$elIF9?{S>!5>1O`IC!m3_ZoeiOcXbu_uuI=3U1d{FJ&BR= z8-i{+?Or7gqCS7Uh7 z)YHb(rItY`Q*j!A`pl$Qklcq;%hvb+F;Jla2ZWU71z>$T7W}ypfAR*F&L~uA%N9Yq zul>Nc(N!$44ggN~*IcrTGCkI6lW9*f6gI8l)gG@k8Uo*c=9B7}^VQ<<+5Z9h&4`-{8H7321q&UOB(1aR$noa-e zf<48+f*f<&cv8w`-1nkls!AL-ufJO?q5Or3&xy#CS8=mle;EgcljgwQOvs$)f06p@ zd$6S;I8V~%tRClyG!fWT5CSM+Z5?Zx`R5Fqm>W$@yWX2d_pbg`^3w1^qsM@xy4=!{a>TtYi>$DV~JAW5zk|+VxD2ZvBMtQ5#ZYzsXYT} zf`CHQ0v>x;fqUlxO`Bv^awmc&p_}^~=&}T2^A`g{3vnMhMQmrg*UYIBP)Uv}ptbM` zaY=wx<{$bGgGT>2o=B>#cwYvEH3wJ9ChmTk<2Z~}a`iE+S2c+W*xBNzNE`evo7#|C z#I#kL(or@8>^dBuBzHZ5b6kG=ttCYJ)R}v7NII9qS03G43$&k^s{1a%vMZ4+9+x6c`zq&IAiPgrO*trv`$8!ILb>O3}k`#3|i zmNxfxwR{j0?#$ zu&U)N_({o1$wFima+_VMB=@Acj9qm-_!s+H5t1L?VQrKO4YA63D@PR)Du0hhS)&bo zOYYBu%VJ#i8e()y>OX4yR$mY{T$pPWxhQOMij{OkK6#UWJ_{Ujz zMg>TsJPZxzR|`}q@yQe?w?ErbqE-BKTtE&9#e8S^WDHjvD#i@m6*f-8O?I;R@!W5zc=S+eAN2?U@+|$#U+u(tYwuh?XEY0kwX`(LQ*T2Ac;Kju)X+z*=8I;DzvYn z%z7W$!%Lm;XUSuhH{g@0X|_ThU0#N;lloTD_&2gGW(>vLs%Su_=LI~@+hMgRc^&2X zs((qWO>)&+1~TMHm>QMFPOT1Hm{%XyU%Ek(QWa~1K*Zztf$hWKdZ`IteWx#eVDrdo z_c@98D^goGP&a#R7{3zV&5d~U1ha>+a1j~)n{;@LLM39p(P5_tEp%D->jTISNSl*E zqznXMECUJ%J2we#BL{~WZAdI%U*$1G&mWI(pq3K$Mi*jzz5i;Zk&9306<5jfDMt3z zpdRM*jrbVO*cinV84u%k^uI)va5B;&t6p|Y4k}6UfZWaAan$B|voPw>2gFQ}g9l;Y zD#x!MBxMLQ9(KRO58mVoW;w6x?o!VBHgMeRf7%Ge$Debf{#nKxY(3YGYhwpEHCWq- zXr5^yqHHnBC>t8roP`o7-0p1KmLjjkE( zs7cJ=e#pG(|A0#WPwc%H3QX}~=Elr7vw5Y&gjXd_>-_E}oi*)F;#1wfFf4wgzLvxA zhOsrH2NdT*>&(*WI{o9MH~ewZI+U^+al~<@vfXe0XeW%X6^eLHzv$7DiuD)@-t0GD zbzHa8zna5QVm@!`kTiIfu%TkCBM7RA?w$wO{pS|nm2^&L^w04XMWe$-rCd(O<%L-vPCH=vw105 z`MYN;J!g4Oe|+FM6|pWQlYc0e#EVvupQ0mPFLbkXXY zYq^kY`L)of7w6Fbu(b|u%xlxGVg#KJTQDsKJH43@4lZuhwbfJ+Hg}HDOJ3dw##juA z?Qy{A!5_@x5qtG0=w)fE?1y~&)>W*J1mzXB*V-3fUJ5$=o z5e#xyy}Ivt>LRfMpR>z4(_kTXsUWD(l{SwV7qR4C3P-vMbv7;I@Y?q8IeJO~4ivq- zmK50NTPyE6UDC3U+tgSCRY<-&PN4^UxSUY;yrcBdgoBrdmDlbJZw0H0WOUf0`Ts?LtbDwiji&Db0^vR@dXqV05@u-#g8{3ABv-+JY4OM`X4t9I=s zliPaD-e^4Ubna8cZO4JR`tde7*ToDbm4_S`D@ux+@Zm z#=j7hVvEH55DsHhEu}v1`;HT^t9}(*X}RocO&(A-YN_5*&OhC6#W~&7OF8>CXq}x= zk)EZb^75MAlRqBeHi7p@jA*?eF1hEkeUz}?i@ai|EW>Pf1`gUhDEwhsP5e?S5vA(w zF=j~n(rR4YEf?+krXT6^)Jch`H%^$h+ZPtb0TAMp^`VkK>r?@!1(O8fnstX^^C0-M zk>6aLKkpF5usmgZEsPDJEan=VXk8uB^D;!6%$wt33?jRZbKB;5<_f#3&0HwkkWq~5 z&cAB-G?Z0R|YhvIm9tC#B5r>k13Fk6?-=)uDpMqqf&A^CdXOE~<3E!66jCY0) zDRm1Fx~$;8WBb_)$o%GWTKBSS-&YD`th*~ECDm0}F|wo{IDyD_*cKhXay__|ufw#x z>+_02433TCoUBTh0e$wCPQO)^D%0_QT(6CQcW?`saW3$24L)W&SB;8>NuRCp$-DDPqSj>Kc?F#aD4Ukr}!dygajRWoT7SQ*>=V&~|+Bv-T(sd~=Vm~K@(xOIQw;I+&ir{V-pvgjhJAEt2 zgElt0UkD!I+rS`IhNH^nji5fQf7e^RvF$I5EHYDcD71yZ*RY_iw(#(>JObKPL@#nl z^WS;)g60Ccefc+1YZhZOsUlCX(kgqlUdVA^Cm(yuQr~>G3sqTEvP^9jx%5`5zx~O4 z7-uEt!g_@0{yIX(N5fB^kPBV=eJ`zEz3;h>>)2v0X2&e3hjdW5`26fM)5xHTL-{$h zq@e_Oi+#Ae?Vd_ONn*X$Y-ul0FPc^V5BA>rE9$NbA66-mRFH0@JC%}dq)So+>FyqB z2`LEy>28s30cntCq(PdYVTh4|@9}=_=ULzP{S)5xvREvB80Isav(G-)zV@~EX5nWj zSQv1j`pOV^H;O%g-E@2$vq34HG9p9WSKUaQA_GFF49G?zLr;asKL-e~Z>L7@IzMuR1V}~l*c7aK7#mkubqKz6 z|J4xMo<>;u~b+?5SES7|7~yD;Xn38AK#wt2VThqc?7?*`2Zz!s9J zRD?6=x>f$V7|bhqT09l}d7)7CC4b3_E#gtIrULJ*spf~N(`z; z`*|9k(QCCUZGetA&Rpj;U3h5JYoKr)l%SGud+P(D(4T*g;A*0d{jQ&5f#O``=2&C( zV@4y0h%gs&O^_9@FsQ2)AV8L|YstVW9Il)42ZY|M=aeEYi4XV{_yPG{$^_8#P81Ci z*>H5vG1TuB9JzK`yWK-icX1#N=Jd)iW27@x5&As&l(^$YB4RcPWIS40Q{PWQS@la%gK%Eguk5|>$kYs8$R2H(_GQ+?)f!##W;PWqTFW8J3~I2RMs}zHyOtISK?{3f3fqxTJ#q@{XpVnT6t8%|E6lshwdLlx7YR2RW`T zR48RCu1XYxX@~hlx2t5LMMh$g=lG4gE)81G=^KYF5ZMz&x;d;L&oSPoMiB6YmG(_@ zI}lxGUy4Yxp#V!^z_ytu+3UEP@{9yvEp0} zrI#2S4Ddezchxfeo};D9@qACMoQtf+c1;~c`Ycye?zK(_Kl@c`bdkF_>X&z4EDB!L zZrzj=hs;q%-$>9`K|4aCX=B3GwY6nx_v$c>Dp4Y)U5!BAy#10KGtRWp?2{MW4V`W) zf1yheXs1}x68QEl-C^RtIr>`Ve~kGlA)!h-ukmLq=N4-5z!*sRY>~)@7wWbsqRB{a zGt$)SsF2uZo@PwM^N`3Ag%cM&M+|CNJ0U7#md@uCbiwXKR!mj5)yWzFv_l;GTt+ZF z6*OG+ls4Wj5zWfFaD{1OS6wqN)Gc*f^-%r}3wCo%NU^ePX|eBznn99 z0Yo+EnD+(#5Es`5G&EU0Xt~(QOws-A1pypFhARFO>TGVe3nS~&nxFoyy6su*ovkpE zC*VjbwsA3k0rEN4I1Swikf^MrbgjVn=ei*-5N|bK6`MvEfKBTKmZ{TM8r3th4Qs3P zoJp!ezh(aXrp#&`PW*8(0oh{pT9 zvk!f4_qKm=+}|ZU{r>*SeIZm#@s2{Ld&`uR_>pezM}<7i;|r6q97%U?ucm5e!8+1i zyc*k?0g$GtOqFBPN!RO-@VsH!YOr3mb1%c;R9Np~6_V+`o2QIoDWzY!q%1@JCuTv>)Ir__d=% zrB_xJ*|}N1WyDSFcTOiIh-b8M`XoOaNJconat3Ew)&j2ZC{Z3p({lzvH zDv9yhFPF_#iG98A%AGD+USiJGq{a6^bMY&1E2I}jbvbsw4``_C6DA}=1i8s?rb@Ik7+#O; zaX89uwixp)f1a)g&PZs!#j6b_I2#@LRWGv9eO$A8X{;mKqkR+*5w2Jai|<{YObZ)|Kb^Qz5UZlJJGJtcJ!3^P-#N9Akg$llbgk{D$Fy1(uN`#oL6-A4bC7)}@o8tOjRr z7L19f@A+~2^zPOLJm9ig#Z4b!P7-eRISNl1f_)aj z$jX{7Mca8hy8zgqbl!lz5ur15Y$~}Rzn8YRHrAi#j(PrhcWy?r-8k^~W~?s(LpMU5 z32aTL1oz$Ea&27U|6U{H&s2NV=dJK0SM{H#o#2`?sgMa-wt;RpJ=_pNAlJf0P-Y4F zIgY(Vf{g8Qo$N4ej~uei_W(?FP(g?NeZv3ady5o(`w%3eR5l%wsd5*UlL?qq$23`w zSU>*vb$x`Jhhi>e?@QY%C+U;?N?m{d*nO?EXx zfk;t}`S9TjNE<5LC+6~Fc2aS4JOr#ihhc{+5Ki~V#Wn|Qb2{Q-KkDx81b8jA_8C9P z?#)ixN()ZLsx9zx+-_elC;YfJ9}@nIHTGjvgCB@n@7#nb4~dAV_|V<>lf-Gd*cOY^ zxfbd@9`au=;>c{h_|;*q=kxCSvqcH-;Hcw^;hN`H7{60Z8^NsCrZ)+$=CUOcpIzmD znU+1w7CbYm0gc&QR@59P_oqNmxK4jbeVzdTZ^0|W27{Jf&=cT92I$z67XSdkCNH0< zFsxM#5Pd(nNKJg(a3rCw?kp)8bWPs-qp!P}n%}+!sGO9A+@nV=wKm69dj z6_W5XF6%mAzKqho;?H4(CGG_;`cYxq3*Y^#awpyV8-DxAHvhApB(CnUVtbwy$_&l(?MVipnr&0%tD&h`{!T-{sFc~Se-4d{IN)AZr{4Bs7>^Aei+DQd#zNw!Pg zPN1ZHafa*MyGGk9ce@*(R}_a@8TrZl2T`{Hn)1??$@?!Y&vZAxmHWWyl(ew zXSfs;Vkm5@y@`-nFfF423wd)daMN(cE`R1#HqY?Yo095d1?yRYPl+nabc})*o6z#r zNCHMxjl-y@SdEstZtZ5Bz?`}p`c)|R~*S4uIX%DUgNi{wbb zzEV$7wb&h-I=^iYPvPcQln(!xE;@4wGHFfa6oulsT?*UsV>hAmVar|PYt0^iaGxEW z`(rOFH#@Iyak#=d5H0;ceO(qfpMoMRu3m8Lw9D0-B-H2BKQ)-8PlrNs39;is9;6UrCb)wlW<+dMKvf5gX+yAFmJicU*# zKixR+D}Jt^b4XpMOp|mw)c$}6eZl3dv|Cs5DTM>1G}wQB<6W;Z57VZF+!h7J!#?u8v`Tz_D}`M=iTK4m13U-LD-k1GeV zI1o#`lP`3gNgpy%0!r8P*KysG|1Ljk#^St3-GL_%ZEo z+X7NZN};`#0H`KRwTd^v9M{2A)790->KZTdYp3?(mkwLkxq!VI>VOSu-J)Z# ziF`kLepLc`7aqX7JY=i8^bsLL>V94QiZ7vBdMSEaLfW`1o_FT6NW@oe0P z3r*^vpNvKfjMDsgS@Rn)Z24#$POPi!(tJxM==fxVqaG$u=Z1Wo%4J&h$D6*z5)o1R zc0~2QD>0($u$#SKH68sStuj8;6hEo}c2wJZR;mel2AM{Q)AXIQpuE~6k@V+ zx`SdQ6by}y!dsU&5q1l?ZbN!?)-!^6Fg#I%dLm=by=j|HyDF1*gKy_O1q#_OToUVG z8s>e)DrPd>Ew}Ni%y-Z#@|gaPLpU~`lKh4p>FgFq>1Lhj=;PH>t~>I z)7Tdw*z+#<)@TN^Pp$lXm`ABev+L%sll8#zp7?hbq60EU9LgOgO1*!siKE*((X}ro zHLeV9CfyD}c_=Zbz9_eyF=Wg4B-q65VqYklIL$Cs36y9gPz_i_H9%EAzSrG(gUGmkD(Z&Q+4S`6HbrU=)<>!-VJy5Loyoe-IV2Y z%807@kDrXgF~sgZc1imj@SSSjPT11ReZ*;Hd<#ab3fMyXCAUVZmi*?u_6*8YgnZdg zMI5_jD)j^RPvn}SQ*a!wee9}VBH6U7vc?@ch`38L1f6n|+V}>&2vR_O$fN)$Cd=Xb zyI)qbl`E_5w_|)(0C0XtU`U`AE|uOU4!ko@{WJu}$ave;EsK+FkBIw?H~y}Wy6VN7 z)i-q#Za!p6yK%;?C#X?WuiGrrz$oN0rH4ab-@zIfl#*XPqgSeTT$pG(@F+pgndSW! z{={)MPvG5XeJc#KwT~Z&7}Ck>|4l~NeS?ODf68Bsf;KEBGFpTB>%zG@8{gX#=f9BEGmGH15^n5SZzi}8hJlKe7c!NyO z_GI@o#(ouZYuIp;A9?e_*hqJJH{SK;qY;Um6+cQ#FO4Y5EY|%@Fw>YwY^DyaU+#T4 z`X~XNhMgLklQAope^=PLGvpVQym9_jTfTlWt#LW4AV9&EI zaNK5uzNnzRD*XjL@vz>_`_tk*3AJjIa;k#adJAKT1{$$=KF?ijX1UoaLp3}j!~w6< zspaS`F|sAFCvMr4se>5P7BB%WuLBo zXGVW&H#!fO%%YGP7cwI|h@}*1z4WhFMKW2Z(EF0|x12b&R|?qA(2`X8?i_32kU!7e z!uVJS1}mXYkcmQxzKOj{i%9PA6p|h5Hs%bQD8mC;eL=>0Z)mWe-sKfcC{XO=peE}hEni?NbD3F3{bI~Y%kVYG-cAr2UQ z$SW(!F)o#3d}T}|OYG5|3Sqa+sDCvYT7Ou-72aT1E=0+1LDKm^Hq;=C`-D=@{c*z( zjtE;W)1*L;T#TTF5_8#c7O$50=fh{66FCX%oodhRcD=Ba&8?x5MKh9@eFBiXZO{Rd zQc1=cIYEP)Ip>UXkcrwX-%i!SFD8`JV)qIky3&7#&|boq5sOOpc0SQtL4{DFziT<^ z&lZ%lIGG*XJ5dN@RSz_Jp2!@I|I+!GMk$iZv-vid=_x&XpZk|;FrQ!rgUmX_{RmvL zJJ=AN%fo<}2_+n?K@5ZWk+_$FO}8{DJhRqQF)nw}VW#L@CY*(znACDf+ST%94=D!b zJ-*w{z7(`aQMV&CkMeCVqcx9NuRJ%B|FkuRe*L?TQp*oym_s=EnEi4eLBL&dgYYvk zp+fg1>rix}t;3OfHP)$DB}MAHf;$>yn0ajzJEp(ia@8G%75`o%3-u~wa!KftvoyZtkwWBm0D&ZRKL!DfBHTW$s-bY70Iiw50u0cx}@o-F+)jHZ-O5RGwJ8czE#Hx%*1-IqVqGB z7d79cOuPD^9ZN3Fi!1qSb3^<=IIma5##duiMR}<>EwwTa9)~^^2eKB>!)IoSeIq%A z21Q0flDLq2eP*#vLY$U%S1c#~4mLFwEY51*IvPG7r%cXozKy^#6quF8m^iTg?*C>d z^k)u-u=xGAOpm@4ti%;LTl0~dCp~j443Gcw*kj`BtLL2cqw__K>=k~M&AA8jKNfwm z|7;S@HkQ4v(TOd-9`*J8v$Vi_-1=?>gPksyS@Qk~cL#--XUtFMBVbNB7epz2SFO_9 zh7&J`MKveJx&p6H-?{R5?9NiI6E9h>A=ZPokT!fbRY8t&?QtBG4@vjfInB8}HCt|h z*U_VcFh^8jt^bAv+Yc-q5ia91M~$vauf&5o|{8Yqc}b(1m^5c9SQ8jAE^f7^)O>u9842)Xe-5u zEth~+&f^Uj*c350d20dzMNh@{a$S?T3-bJF3@~tg-3Fn`8rCEkP5y1ar}OSRb95e0 z4o4QOEfyIUV-l?Rzz!6-sdmXsOvCL3o#rf0lP-zbjiy_V>@1WS6T@|e;2FeRCNdva zX~;?C!F{-kjeDE7QM@0<;UBX~asRsxONpHWGTj&w&s0b5yB31Hq3`qo2?{2+p$|ZFw_tfjd#pMga`p18(^(ovv$ zhi|3tnfTq?g$v4ZXazanAqOHb3Wa0wW`id9C+4iR_!ohUs-Px`l^g2|CIt=yUc(Q` ztM&|| z2i1UBm~#Fp6@1s~%vz3(GTy$brQwsFK`=JHHnHm? zwn>;CIB{%*IyKIz|8cPiv1B)b5b2m3yMt?Fd+q9kDU0m686DuE6nj|(oS#@?MK-Bd zb$-pe$0&%U$?x<~zknc$AE90I1TSwyBNsDMlai=T(UxhTG`pQzgBZu~mZ!{NRq?+}9~fYItp@HS;{#)`;+uN{=a;F`os%Y_PPY$Q-Yg+-JgYj*`{U>tp4A~m?@-4W zHTAd?+@3V{lZf<2&%wQp$7!kD+xTqXkWQ!pHIm&$nFs z1l3+aP@z~q@sVtps+5r*_0>Yd!Ff3%bHHieTnMjugH>_kvCyVbd54lbX>e{!(}U#W zoqM@t+^7_(PwM1nh=zxUrF~q_ zH~-;MT0s&_J?woEK1B zb#4bnTuo!hxgdSU?13fLa+^dno4i>auP$-X(@(6m8q+D${1oU> z`RUbM%Ls{-(Ca@t6z2TRJ5`+{=k)s3ZT3U04s3){sw3@}yT*{f-8y{w5_e&r(+w8* zTi2JL7_${rSM?yq9ltSzkM^`A-y$c>jkQE_OeQ5_P<+2#c#7}W5zfFP?gRr{eCTYR z+rTj%V({v7$F6r0Rf+#1F0s=@QU8O!-E8c6Gp@vB5*u{W60Y&kgoNt~v%x|lV}N}} zQ_x@|bzc{I1vH^OL?p}Kj2Z^&j-BCS!*o2jL=>w9yauncA&(iLp5K;^IDus+XfY+9 zF(t%&A2T(;6b%Y212DjM*}x=?2N-pD)`u|C)U7Ry7{^Xp?C$$$$xWNrHq;v$L@V|ljwQI3~c6rPs8PitQyP0rYaYhhd!%sZ2nBANX=>#pk*!tS3fAq?(v zTFf~b>g6HmZ}sabjfrtgZcqL(-+B+~ML5ReuDi0K`7OKQZF_@|PPGnK!VO{h%qJZvHD^xRU;&?B?$P4{*J5|%T8VKrEwzr_^x8|E z^27B;q9gKTo%D4ifIVeto!*1cMzpQquplf(eoH7dhmY!2|6Oi%c2`&}Yf&9l8xjLI z(GE>hLjVE5Q-+6As`fm|DYia4lK>sb3f|BLxRc<$};-O87Zx4 zgzD>RtfogH%8{K~e0yXnN35r8dR5~_>2hiUT4M{ztWe%4J#z1~SJOa=;sX)$ym=AU z=?s5}0=5*^ZTfYb5-(d9W*#F=+e(!<2`|PGNXy6=hA|4>Tz$H>QLU)zbV>>IGOY8R zy*agAp&@_vINVprZHrw%$XasQ)h$u@UcHq&o5zy+(CoV+?v`8LsW@-kNZrrtnER-} z8($YrNyRwt2*rf#B_mDzP?&N{%&k?u^F|VSBP@IPGC#bp5_k7Gs{V6vP;6?tyQJpV zO6_S7H4N{clq1i^5v(>)Vljqb>S*{>NY0(cO%9+b{&M;*vB7__f0di8`i0U#R)R)? zxcjj)kG2Ff+cX~uu+Su|?oj>nn0u?82?1W$avD`E-8BXt(p3KIfJaP~xZS^IhcW-n zQ}TK5Zg;M#VttC9C7?cT=2gzSW0c*_%;D)C*2*Qk4nm#Bzd3}k*L&^1;{V6&OdQ7X zu%OwpKtM+MF*ooLCYfMw)d`WY64caL<6e1`sxBCk*6KA`G-~)_@hymbA#%@A3qDpw zhqK;!&j{LO%+I&r9U{nu{Rzc#y;h)YV-els6|#0ppUeE>b*hZdh9Bc;9tJQHDrP~} z3T0fYD%kuP#_)Bm;(5zpcx~bia^33-wBCKth+0dL!PRU7joqb~F+b6nx?U@{ZE~WC zo7;ZQmc&_R9thGS4f_DZo#9=gCr)*d+Azh5n(Vc zrM0O`C2ak8z8l+0TQg5&a=G^Cn8~f{iJtpMvT=5lD)BlB1Nv3tvp)x3!@GT}YhpNX zUaLcY#Gum|mi#rLazgBfq{?9xGk4^>9BN5M^$|tu$Up~P!1HwPAf}3@RAXr5`JF7j zXNJk;2BlPA1=T58KiI1VAzas>;DK;+7WFv1adW$J9*f!83lLD&5O|O3U()H#hY2H* z&n?T*VA^1!!r`t28u<@+vDl&CD(yg8r6D|sD-T@ymF@_0sH5;)i$niTYbv@saxO9f zOc9?tpv;CyijC=hofY>vT=YTcAbsB^z(|ZCv#!7Bid9*+zGf6RPceR zW<=_LcCm4sjmh9nm?U~uS1S7tayBNPelm>P$vXd+XCWk>c@V?W$yH4L++p@#6Z@VY zK8uufhb{9x9)({{?5piyZdu<Ht3Wh&^v?EhwM^l5`|HaW z)2~p91GzJoVa8|5d?f7&CZVnOKM*4*#sP4u$_64G2?sfHs>Mx2kDG#pk5$U#m+jw| zsYP>3l17j#MKKfalT9#0_R~=;f*9M%!PDEe<#L@@)=@(m_9M0n9+5h!=JD}Qe!}Ze z`T@an_9E=oGiT8nlK{k-Vp%CumVH@!uW%`oT2|heSk+FoD9n3Hp1ORy-kf?;kqIY3 zqA6uYqhjTKkh|;5UVY&6L}WAs=lX3)(oM(R^(g>jWm1Pf}K)E#l6Om7V2Oo|+r84s;IkvvVerS; zZM_f2pkr^WIw}m6jVA9sj@aTwIXOvJ^h~*jQ7LxPK|n^_U$uo#oI01D%P2{h@^`YW<`gos!w`T`AyW9glxO% zH`SDXUc4za>jI97ve)`2`o~vbLiH?_`~7ET@eCwensjKBN70dbL3Nxu9%C#=aM41+ zghl4rcsq)9MirGbyZ#|Kam}$$J(f)fXZaVN)>~|mnDvi!6LIsreCvqy`jowN(+^sj z1=6Hf;l4pN&aKdW@l~%sYUEB%Cq-4n+>KR9gmO?*bi_mpoP0;=prIK%Ec4P0X)|TR zA@@QXSL7S>3+&O>CeH&h0R>!6RKG7(V}o-rUvJR+WX`#t^`?(7n1k z@H%>kD`7W&>*<8a$pdqE8Jqn=@>D#*{m>_5_q7!WKz30nBSQ+GB~G;E8s#o?TlZR=E1fe`Fw-uWpz}GrFDGMNc zF5ZxnKfuNZj(Xs(ik4aU%%Wy60D;3}V7{n-O+Oo$DbuA8q^EwvBRoRzKJDv2_=|Er zhu98kS^^wZOJ(Qc?4gNob1E$<;Sy&Oj4O%xP0!R<8r(`YGZ>=P7tVTs5rmlR8&X%y z=G^1>uL%uO02AUEy?Ml8k=#0a(;;%*E|Xp?g*m5^U!1;_GMQW^iQ`7OXlKL|OpytT zBQF+ybll)5S}Pm{8&gCtC>(BESos?+66}v+_5Ud|DL1)teH7XS?@viGqb$!yjr~RS z=HtC+md-*QRaX|A*TQ=g;%BQ*7)mL$G%`ID8IBBw*RNs%)SmT7(T#>5uMbpv5w53D zY>cD-aDH6%NA=8A}{=g(Q&|8k-E`@?C3mTu2BM@ID@?>I6c25?-CkS@WhM znbL1t#X>Hvw_k3qjBTY6j&lbJrd8ZOEwSNG3ZP#^eWDzX#;+k_8b%PAHslA!2?kLY zCZq2pidRR+<*$nCN!I4K9|}&ddq=7lb1pp@`tm&L=iZ~zR~F0v8indDwD2@ecb!2B zq$BdL`}Szw9U$BiKUutBPgH&@GZ;%9I60_jz+l`8UzJdEmr(zXtwC&v1_`T&9RU{0 zh%r!}9mICcu@i7BjtHz-II*lrTI6qpvX)sN3<20+zva5=qlY^PH>rjN`w}ESI0pMh z5VP{WyqyQQ{gqj;c!hFU^|eC}ADB{hRD~n%SYXHQc@d%#q(CUcoP3n?cCEc~v#`$Lt^{R|=X-Y)pj;q3!cUR_X z@OBG6g{NWeztJ{^_|sFhI#0YksCl!N2dLPt#}@J--cJ=^ngVzqG8%7GI#bH^1>RMm z$hp-!BW2nB`JXH^;2iWHi6qUzt$q;^q`Z)=4Qh7^O#g%qT`6GEQZ%W-%k>-6BUlT$ zCf^HlS9YsjyN(buJs4){h0Fg~i1Q9=e%?n9_`Yz(lGhN8P(BvFx(squfx+j?#Ya

AtNd`8Ru@(evyoy-PNvv3T0gr})Vpr7>jUef?+tLdk2(0 zusDh0&mu=>fWpr=i^f%Wc61@lVrsUH5CJgWPapw3X>Eh$Xk8=T1~3onuL%H(k=hiN zgJ#!LaOy)%34Pu%M!~pVg^}jN@Ltm}eP21`I5GO83bG_f=UMxhpVm)6rby;QlwfW2 z3_hjJ|Sf}&eq!Jm$yY@aQW7hXYMD9Bqki>p0m_ksUaRm!~?1f0WBrDH|xBR zefvFTgV*D)A=eCB^RHh#v`;=uH_d7)5jY8@!*i zfIZ`%$HH9o8;OO~7iWjxu$X}_jB=(DLg;=LiBhU_g_G$hi70NX(Am7X-5wL?2~1!! zA+KWkpGELByiF#Hw2%o9mNr~pyS9BN>yC7J)l6qC3l2C4g;<4z{4j7x`|e}Xl1sOD z|AarkZU=?E-s?5_ayxns72?qp*_;=^7mfJkw)`3yku#PktK`5Txug@`F7+AQE z8VTQy$X&9OKIpH)vBiWTYRk!@^QKr+IIE1BrDjrJLaD9#zm8(4#b5$Ncu%I9Ef8XJ zmIYTqxNA6F_dEUrGwZ$qm^o{Kt-*jZZo<^Im8$!Pi0idn>qN17og{e<&aF~1iHCm>^V)FzZ)~Czj(c{(xufYl5ygYMf zq;Y3p<^>VE?r+J?tM=yRX7^Uphi{45i$FGS&kLt~(YEF@M(PK}O`OWWg$ByIN`rh= zsmAN*b-s&}ewKnoF0D341oS$p8Fpi`_#Dz8%HakIHZEXRT`Is zs@X6+B{Z8hPPZ&j%-}%R1{*`vkRHm{1rqg7;}!Wq!cbSSq?&K@9$H0RgiMO~T`Xqw z$ocm29$Yo-3^Rc9s{HJ-J14W*$YK&stf4&7a(i!(ln~7xBkTMDZIKDV1iZf{dHPi} zon?QVdX;$as2j6tt_e8%^xL+Pn(yjAUTjx(f(F+=5odX${|Rf2zE+7d1q0mI3r{WT zjsZb50r`zEOFwsH$AH4Ze^Fnk2Xap5FY0^27y{*{IOB}ibweI3UWJYX}zX7wols9Hc*Is*RK z98h5s2$Zmp5~^>-QHnb@WeQ#?lRS^F?^{KRoWfX$dm<v_*slWcNXBQn;a0|=hnoYV8gAHUP}=Ex z;EO{r7#CwQ_IVDzo%-hUFA9G-oX-T&u(*%zZm3V6u_tu?wfdJ!6@_cQ8~_!L=fADc zFYHU>vueMj5^_ztn3m4a?mRCX12!aS zD#Ot`2FHMZu8Mfc4fGb8^JAH<^m4v3P--Xl7ycWco4&0_=nChe<*nsL)d!tlqsV;! zC21*{`fVbS>cOz~A2u>uI!3@{R2^8fUU1q88La|(aDS3cF~;R_Q_X?_

HC~@BzH)~;d zJPGfg;>O0ZZ7WbCo=JhU{Y_0eR3@XjBZGoMmJ669Y$iJL)H)YfBc7|%&YNx8HdeTb zq7D`f&sG>8X<!`{8gOtx_&_cn zqv6%EhS?Z6`=}>(+o)AFM;?#l#Z_q$$BRcTXn=JyK{om+KTE{&X?yq6GvMTpa;wq^ z9+B1ys#5jM^IZ`ljHM=*5Oc?-U>{&wbc|0ub?KS|KUFY^a|}D}OWW?=)H=*JSNH+4 z7*5{Xl$(d?Bi?b`pZ-1za6t;Kny-XtZV?NDWVR>5)g$5_d;AAn=!Oel?@|RBx{M*Q zI&0>O#U~|Fn|l=~_RFVy?}`=Atc=GLcM&1T4!7;2D!tCzK77Pe98IJN5il_#RmQ^@ zy?wN1`s!gYqmJ3~XL0r@pHX$M5f?=Vdi(OsU(pKUia>3mx=J6z#shgmMj)_?5(L#S zRoF3t5L$Dt)h;9~ne(m0y_hGbTG%PITwn3^n@CmW9vV-5%zwm`A^Pdz5h9xI%b*0! z{b>7^4&3#RFHE-*qUtjLf}VOzZm4QoRp$qTsO-N6*cka!fsz0b1AAZxr4|;c{w_6B z4l4i-3a}!+R+EGdsZ77#;*=bJMl&9g8z$AeyrUz6z;TZ3@R#6L33eiLhhC|f6r9e` zY;(5i5g8Yx&@Rj0YsubSqNHVZaBFL8k{>Gb2H4|2Oo#?KKmIJ-N>9L3w!i!fH-(>9 zXTYB&mYb@&mRs(f@d0J}7jlh&PCmJ!LX$oxq5bLVY~3Yk-L zl#Z6*J>1~R!+V?C2scMrABX;>V&nd8TJNK_72Gr0o^(rf*9GOnrToNLmXU)2P7Ir@;Toy#~26hk~sH?LkB^SZ|zX z_up5W^UPHGjmfyCFOr8u-1=>@Vp}oe6Me-e2G{)zxfU+x<4;iusRcYp*z?(|j{%@K z%KS0LE=EEa1+D1-Wq|YACSDa2kS=|**p1j_sv{!oRwI9IW_|T`Ewx~RA<=~Kz(R^^ zSDl7KN#H~H$Xf0pU02K3ER8n-jF-q~_f zD0e~jHv$e@408d=ed#}*ZU;Yh5YbhIf7wn-+mGJHngBC#wOxHv)*uyie^Eho7(ULU zjR!gZhdx#i#LEY)wE5iWky%&Qjbz^(cLb-!uLzCae^METwO{xEv;@ z9-a45PV`S%y%!3?p4$JJ0F-mG=TN~gl~tk`(ux~ zQ_<(cga8sGggzLW%=$v{(#aFKriUFChz7%6=G*!=%uI2U%KcQtzRVSs0CxS(k8p0bv)cNdz)7j&Oe~@}1PC6#DtBbR>xB#gdYF$CVhu)xw$t7KdqX?SiPN7`4Z-_~bdP%q-xNy| z!`bdg{>eeq%nSi^nv>|_jD2)JY^~fWh0L`d_Yp;z8N;I3@ek3Xen$?`wJ#xje@{|m zUFs{qsk)9%Aw0D}Giawrkd|d!C}LmmAY%f3DgulTQuh zsYAi)JaAo~1Cz26C?Q@uH^F9Bo*bMS&F2g6Zc3xG<_ZnH4zREPVOmdFruFnHUta>Xhsetyu)hX=TWAp8y?6emO!DBg1>8J< zLXbQhr)rX_M;DO4QX{#1$rnEf-+qQdEHM_;U78|sEnnWwXA|W)9PSR7osHBX^p9Cv z9!<=JAkio-BII{LkvSnpzT6Oiu^|Mh^T7F!Ex87jxuC7(_R@nSTes?qsSf2A+_=7w zciYWgtVL0|o^RcevQW(tkW_tt&gOc61ip1W@DvMGadlGZ< zY1Ah&29yIFsi$;o`@Ym6Iat4}#nX|Pb?hBT>R#&il`^zMyDCN^H{nBn4a$zoY}5Io z>2{hOH9^l3s5HMcVetV>_UVglSgvFyyK(U?0h?Z>=jrnv- z>U3sVuLA^}luukU(|DW|(SCvM(2~FdrT!~Fg7T9v_hCZv2W8#C8=@QY7ea+w<}Dqx z_{{3Rff(g2kkmQMduW3O*0Pe%Y);PqWBy8D(p{1nzEK& zhc^MpaB4gXQ4(h!y?sLOwQVp+73f6Hg&n@E@dp`6d+4DMx6*LX4e)1u*x1~p6!OJx zM@KBztoPT_7GY=y6rjH{ZY7()SN4P`)Rd@#IwKMLoc@vN8_zFA1^2>gKb3ig?yoI2 z8-mU;M}v{epS2zd^N~!^rd@1oTpehW(7SBTa}K{|j>yN4Zu`cVfprGdzTh^Np6o6w z4gB%TaJ{?b0!x=Xrrj1h=M{(m+=0%OhlpIznG4^WH+-$fMR>ru@ncCt?>j9k3ATK_ zoEn=;_t|c<=fCHD4e>)q2weJNX&#cA!)6z-IE_TIuw)b8tyJ&KS7OA@*v;B-tyUic zaq6J+JgOwVwv5TrsKNoU?dj>M$?g)~3>2hB9X{iJv4nuV+56g4?lcq0zWV? zELgRO=3y{+6j>=!YBYgf-X{*~cf=E64L}LgA)ii4ZkcUH$w=5)C1PcN#V&Am}oJj&-F{oWVZLQA4^PHN(DN zJ9QeGjN1^RN;ZZ4_di?fkvIBdRMPKuAks^6+g_r1Zf`rE84){)r*~sx{&+BzX0iUp zZ?jDA5AOFGr|Ghh7__27>YsHfSPck6+8;O&;S4Z?+V15Tu{IG)xKTc zjyM;0J=d2Mv%ToguCrhAT)shjOb{=|#aiHxm}>*V{x}Hi;5}5?2Yqckw})AWLj1Ol zWdI&lqusMrlk-7i5!2xq8vc@PDe`=rO$|1g~Jb9Ge+c0g`I^{GCOT1Ruf z`d0HbdaFSp2J-xESp8bCaWTa^{DkbKmA@BjRi_(YscrN;uo>NYMA5Y4{nfn zEwH;=7i#{{4>kkg#7|AKd@h8N#>ADA9=X;eSxMv^YD%_W-qs}%6HjX5B=Rg%G3IOKwx{j;f1W-geVNAhJO#s&Z$3}?lRf)B-E(rXzU#B? zh&YN6^V{GswB&GR>zNRCJrB>L!CYQEZ+3*Mq9l_L`tM3Y9!w7A{RdMqC04=lICZcq zQP6Ne%=FbtK8-o#FQevrgn&0Xum@fqEKu{{kosvPJWIkcS>3$ePU9=Fqqw3!bHY<) zZqyG-Eu)-UNANX9k@RNb6aPjKu!DS-zr;jZCbKRV-qq}3_;Vv6HJWA5rRa`{c zWO+F{c;Ad>)_n22+s<99gH>Ize;Bg7ePVzQRxU|Gn7dPTnon{7-Sc1>MFZvI+m&0C zT|YwKmfTLYtkb{{IkmCR*BU=iEly=+6Tb?2ccn0CpFDsLhTzX~=#m)PfZK1RlJ4)y zg*DxxVgbbcv0>-N!hFc3;cK*!8=^MXj8G9=U`u5`L6mcY%)TrZ{RMvx=o0WrM1Sc2 z_miYb?0+_80vov~W}$Lrp+EGL=XZVA)GG~89wYaSDK4x~=V8phPk2?57rlcR4*UU6 zb^InT_8}E?yjSlio2~HMois(u{L&rzIh0h|2m+k%L%MA&G>~?|kkvWT8O#zTO3|g| z{_nE=Mrb{Tnzjs5!D-}f5inP{0X)7Gi0yB{UVyie3jgoh$gG`1Zh`Z76-}Oxm2C&D zz5{GB-!UCl4$2o{4+JPlsS!OGNvpj>9zi%9v2{e6PS1Czs)!3`;KZyx%p*zAh;J{B zC8i(Svc7rn;eDm*=IQ2emEmOWB|1y?dy5xwO(*+vZe|3EG{fHY*Xbk&>e09!@V%K2 zTsk!+WPI@)fp7P85z-CJ78h5M1Rx`Y6{w8VQJR4QNONM z^`AtiYoJ~MDETk{%v7BjY*4eo!o7F!?kt5#R8*43#~pMZG%OZu+M_CYDr!1<=icF>P_?KxOFf z3Q9)YPg6}HJrFQEXS~qxk~dCUCYvJ=vI`L3?4jjm0AZhu@EPEbR!we{?|M%_w13sd zI3^m+XHaR`ADg-4*I@v#6-Y%#{vYz*!l??bYag~y5D<|@LRz{}8tIVk7Lb;dt|JZ7 zjdXWNH%NDPOLzBybNDv*^WM+z{e6GIH}g4;Gdd%1_TFo)YhCMFYf%)ZFuV^!t+;!X8K@j5y9UCql;B7yB{z^1b{PDHe$qRhGSvz32 z*!mcmxaA||_L?sEESjaC)_?;6%>v0+`VDh>DkU0=8OoZtb6RqsI-AAjU)5TLg+t-| zn@cQ|Xue2f?@e~!s>|K2T}AB2%uwX(#1vi7>7jIb?OpixWgS!ibKlE1NRBa&u)g-Z z9ZTLEpcmG4+AoEQH)jLC%GRhrWh`dt^smqcx1Gnz6~6=L%7u=QBccM|NFKG`o|#$Aa5{hdS60W35Wy`zhY?=Ll5ay^XF=jFto7x-hL=+Ilg=|)k0f9P(6CslBUA;j7%7Vd<*0` zg5DhsIuL`NOG0kcBiohJV*+lEyO<@|M+zWjcCz^UMHP9u(ivG951O-Vz&tYY&~fo9 zB{ELuP`S!T`|Gn81y2oH6RP%_R5etas>5o(8b}7>i>%kb3G*W4a#I58(Dx@M{=BXi z%-82%&O`87Q^Yb}^znE(2$G@Kqcy!E?9&>0Jbq+`OY5O_b4uHkpPQzf79|+Ev9WQ} zM1f7u3@U&VCU3G8=q9`YOG$;=UKR@ghZLvTQh7-0{c9B`QECXc_Ow)R3@K&0h;f+I zm*;ek+hp=9oU}XSxkWQIUmqG>2T`#R@CBAd%INp_=|_!Nm`qm9-&Z(dA1V{*65lHx zYWk9PN?Oa> z<=>kY$a8Gp8Vw>Dl+lLxVdWLRNgmX#oyp%D{;hNnCoABU)a`l|Im(?liPM$qf+2-XGL!UG z%A^D+xwRYZ)EmJhQXVD8j!HaM)Kq`dm+f7q-U@~ILMBC?&(iMXRa|bCL1s>r$YtTD zrzP&UVvNJ6PI+X(pzC~!r2z)hz_Hk?$V3~;pTxBWoj(fJ;anKF*b*Hy8?)-Z*rMc0 zWRVT{DTY@qD6m3&ZuN`A)#)L)>P-E>%z}MIP>jOGo=qSsxo(=A*fH8ZF{mp&I&DNndRQ~z> zs#QfdW^}IY4ed<5k&_xV54n=bz7F;0M2f$vEW773!9&ue2PeiNXT`k}dF&Oc8Z=8{_N2g!n z&<3_Hwuwlc%z~X!0YjDFeC1YlRYMUqqN8>89Q6D)z$R6VpE4;(WKT{kql}7khU0xR z0`~ctvg{B>QD?ORVuwF7CsA%k2W1KN z_@9$_3}Ibrd4?!OuV)&SHEA?UwIHF9IK&X;J2~#J*LjPsmtESm0jl*E`_jV(){;`V zayv>Dykw+1*znhru+t4G=sP%Ku}Tn;K+|~;et-hZ0GhhZCGx>v$<%gTd>1iTxMQ7w zoTX9hnM>Yw9kN`C?iPJOMB8>5#&*fu=~UP$k~q^@{N=v-uT$l1mGlgXdWRzfJ-=-9 zDbA#vU-B~J{NLyVeJDRCcr_Erzatg)7mv`5c;hB_H)8tFE@o7vU>2C{v876T8_V>O8%-&hq8iV!rZ`l|W?iNe$#Se-&zeCLCy!e#ave-oX z#QE1zO-1|A(Tf}-bek%kpdlhW!Fpj>#q4m_GrGp~`;8R|_MoPjS-0kN>RWc?^b14v ztl~L8=@gcWn&n)Ch1p(dyGz5Aw4b8%HKxm>aT^puf$2W-LwRJ8vd|*Rh;!2DuO=6B zPAK=HsJLtfn*>_tKQz{qd$!`yK{M(FimH2EHU*tPnl;6b)4z^2)B;uhIRs z`ec}%8g&~!K%}UcVzyCgw3o1=mwg;AmtN+Y&14b#BSAj5+sLl3soI}nfGPMw4Hu`L zX3+LIZnhnAj?o`k^r`;)i(Q=EpvqZCgrKfY?GYYEXabnzQyYv}iM+Sk&$5Gh_0eoP zy@JtPr|jDI6&Yg!*<F#L|+hyJmqywNm>NjM}jFm?xX6XnV3U;lg!}+qLr0&w7!blJ9SO}h~yuI4o#x^K<2mleI$GZ zYNgZUGWeSs&r9%KH-euPKB4RFP_m$i)L-m#Z=QPj5*O|ge)rlr9mo`!y6#lR8|QD^ z!wF$j`|tB~Z&bF9i7=P)OuvWB(~zuSOSiG@2h#nnn@(jkx62=WI?|m=T*|*1iFM za%Sj_xXys|ywXZE?l^_idcmjn-0ge;0s0;c-;{cbj>)J#G(?o;dUYVi0mxr-wIS_> zrbO!}8+7*rxhmZ9PhZ>)_>VE+ewpH84=D&^Um7qcBZYb3eU&n&>c+)`7Kl|1cA0 zOc#q8Tqq8+HKprw-B=NkYF5)d4<>4RLhKwrkMu2Dt?X#w%MZBH#zsbCY;V8b z%~kD@YN3#(4P02QNYu}Bvq(Zz!}eEx0SEzqjQdpo*JP`ZzsSdqcH{C*)uNnS)bgU) zI`bM42f4W{f^|dbKIMCfI{5i`&7Fch3gHRA#rK_4te14^)fp?V?!oQ|oVUr&hfwdN zw{vgW4y^Z7G7!(FB$cdT`4^NgV^+JKosRrCZ{+4!U+*11ms0VinWU>;QdUWM`QT|Z z{yun`k)y^k*F2^T9{dMqV;mw4bO1W@^KXoByIknL<-C4fQe(sL8pLN0rI zVstJRjpC6Ucd@~3s=ixQ z=a=!Q24Muen-gs19B&Aa!minuJ<`?H_Ra6rt&EUfJA&zwj|cBCkWsQ_KHL1_F)Wx3 z8q}z^nQ+B_@Ez~}S`gi95D9r2QL$fV6L)V=QVJucvb&-OG8egjDB-_-a|82dA9$>G;5nCMmM=`yizg4LR+@cuMj84@Cr3Wke82MJ5#>9s#gNTg#< z6@d9C*+mXK%X`C5%-NAE#^JdOVp~d^odE)@7y>^ca|vy~;P#hGGOot1;HuP}Xk-pI zyrvJ%9~@$lk&yu%1>6j?4W!S}0f=F93vx(DD^}^3Y3mrF2JoW-8#Y{zdX6Icnbdl7 z-$b{XU#?*@j?zp8Ugnql476ANY923_ev#;JM579$+JLeyWbT}-QQ4_h_jTy&v_F1_ zzC_k0Z}pZ5CdkAVC4&$YM|ZZvbGf7un38l%YcQ4gUg_ssj2_yjEFTwbG&Jxns*BVw zO2yQjX~0IG>JonyUNj^mv5-X}U+OJ+-6v+E+5+F|;RF|Rtps+g16w~X)Mmc%e`m%} zOVJ=^<3)Q<3bRBpLmv%WgCZ@loxH6VFDjRitQV7?wwjorvjA%qa*V$*u$O;1jppB0 zJSBPcvMMUxDN)d)NWPnn0hdEYn#`Q6HR3p6&|a@mWLWcyP57@rZTeyOOaYd^2yGBe zkg(vWxDf)3_5ckEdSYwl2Xs7*X%lrvmiC$?$bdNl z*X4O{RQqBrd|zrm=6YZE*W3GrF*;wX<>u@vnG_)6+XOdVh8Dk~J?EFFkXNQC*g^U0v=x0gLZ4LhA&7Z4UV zk$*2Yk&o-K@_F3y<_9}n@3{;7n{w=c*_(vpW6-_dyN}0QBfRt%w$$`B;UY`@jFysV zCMgHmo`mCb`|-h_R-wmKOz%};xogmI0xJ5b8Ub`3In78}W(1KG`+U8rq`FX-`5yo( zFx#ABwog0m52TcEf(q};lLg81g^R5ZJJOgmogql;F^}<*4%NOzqsvuB$K(p$xLWSH zm`t99hg(m~@G8aI5?xTF8BHK`gaU~|DdGC35AANR)WUpG(W0INVKbtJruaA2dl>8o z$Qx)@p?Wukl+h4j^F!W^Ln^bFCkP1naMM4I)tHJUeKoQ^{5&WMz*= z@(X(ylM$KhI^NGr8oAbJsO?u0z9HemM&{)!-))v~`_$Cpv|1FdVWs+}v@~> z7fug1`+)lLn2MzY2J?^u2p=3VxBv4+lrzq=-gxo*oVBBOW|RLvR-9Al4P+6>x|28W~c*Fhq9X(D@7=5<@gEz2zd_E|cgRt7VRbVRkKv9~X;{_8DmxB}t!Sj`&l{nGJSGC4L3 z?^AzfGS1PWR1VI(Va|5&?By z&N&JIU&e}_0m-l-!=29`%(}l%r*4@|;csjw_3?X!TXpc~sIR*?GJddOh_?e$&xZUe$JRvy==djb<&&OXPHu3d^_@y9)r+31x&HwOsFmBj4_$|g zHM(~iE9oiSSMKVGM2Llv)d*7qzI+aM&qN3n3hn?mgi;FTmXyGZc^SA9T{H7c*{(W2 z+-TGwzvXpkYeWcADbWdH;c;6x$t_uQ-}Dx~ts;voRwvB&&g5~S7eTAj zlL5^z5#T}HruIe3;*~1ArNJHP?+}}{{>OEmcnvtI23(wpt(y z*7`9R`80+^r$1O4pPJ7PhMkZ<>roGl8MK!j6FJuYFa6gyEF$2suD338g$4iI=N&MQYnv9ErYG}%GM-cPE_w+Do|BJX3NIe7*~DR0X^_!@1JA$k$!vJ*|KaE z5ON+MKq83k8W2br%SPn=w-zpU`ZW;i{hjx0^D3ZoGHbqZyf@4?4yY;NS95=ig@{P4 z?Mak*hQE+U$UJv&-(Tv-_>&x{EH}av*xL>5WDIq_T^m(9hu*{BoV9Xf2{?n~!o?>v z>)J|{oqpkd>*0H)iqnTi!)iUO7OV_YcVlMDjR-&02%efnU0)Z10&W(EzM40X2Z4hZ zbfOEr*`BJX$z0<20tFcaKoTCnk7`(D$WdEB1Jr`d?Qm1ZdP4_ zkeai1#ESO@>b(sG-O5i^>-L7v07BdZm%$FN%VsoJ4_PU}r;`-W6rypv7k%f|dUF0_!BY&@J2rIc95b+r$hHXgo+6Ed4Zi5umNab~{2 zp)kFUjW6`GDQldLs`ANW*YRy6bMBOkJ~2GVx2%r%_-v=O-T#W1CtQq}a~(>nTURj4 z3YIKf{rdR0V@R8vzH)AQ$cmW*{pnpxTz7x~a9`OaV1WSgdH&c2&0858evegh)Zv4x z>c``yf1zhnlIOJGrT=RhCIT)?gcv5%6R65X3b32+nk8s0$o*pJcaz_=ksn-@F$?+m zi_weR2VC&rYXNES8Q48ZcHiy5huM)rU9Rs7-|o#$Sd(;yxkJSLhAi&6tXct$%BAoL zBEz*k4|&vS>5ws7Wj<~C#`ceed|auTL@LX|9HFz)1L8@M17mBqUZjyngRP z`IhHjZ4{XcE6|~lSM^}B9+7jAXFX7~(%k&7bzMW`BK=r(M#y&_4_Yowy~&tznmpw*>9KwZ zJg}FZK2*doHJ;kaCtj$8Ked-;@%-GbtT@(Vo;TWU_GNl=5qnD>q06`BmKXcN((laW z$VQm_xU`%IH{5?k7cNBrIa=m(w?Fd{Mb@P0w(?}B#Xdfo=Rg0oKM&br;g-lf+2RlK zd6*w4!~JzAhZ_uz*LyL}`Ld#hlX#8K=>N|Zdx3sNl5{)}+~_0$NT}$l|1;@gVI>u> z7Z3c*F8epZ8WhKulZDFHKerZ(haIXEJ1w&hR?~!mwuRQ3d?;qGjAd z2#Q38C1Ia*3k4{Wza&&cS~RqIMMz?#)t)vPfB0Y#%XMxCd$d{P#$FW(P&cRuEe}oDrBikL17R8oFzp==UG!uNK--C?3IWt}- zl9t}xj{CISu(NH!&i6AqIvP;!oP@#KQp&}^d~Jz3r*sB2tHv9zcP9%04?ChgxYQ`< zW4*GLkg6`9s1JDyV}MR6tfbeUN#(-R@Af!Mcy?-*r{NVIf6~%7Xqvx2VKW;`x$I3Sj-SpR zl}k8|)}tCfIKLO!#=Dh{3WN&vf`6g}47cf>POV1ifdvvP3I@Tn?$`T$-Gd;%Xd)K3 ziE2V_!*PvLkIo3^5hE}_cj@ZLGZ6`CZ^|kdp9v8kq=khKZ)8lsRX-|{TJHKqg|v-W z2%c=&I-?RwX^~dbB^amOaJBDy!YIR0X-Yp5=-FKKm{9TpOu7X`!~-*%X=}1Jr%vU2 z(`XF_NDzvLi_Z-Fj$UQZN~-xH-_Jo9Zm33Xr0Jgp1@sf<=ALDGxnN z_2vA@ti#<&^R{CFd4cD0>HzTqweT~T0`-(xo%(U19G~Aa&amxhk<(++BAb8@--4Of zs07=n8H=cuhzu!uzrUPvU1-OF?fM;2`&)XHxUBrX_$e z7ODiO?QE7$K~8-K4@5sS(EP8i@@~Wxhe1c<^6KZ%3a<~&leTP1HHxRg*mu*^^Ni*f+KY|jY& ztV*7X7-$;_!9RXHELILE7!&=#O+oz4AziRU?{Wv}a*_R?r+C9#^~QG(Ed<%t&?fMg z_P?BC$`S6Go+BM4laP4`-iOxu85`;3OV1;1Y3G9f`)&G~Y6IdS8DVOa`f85ofqHDU zfr0&vif~{2=|?*YqD@fuvrW{2=j}2CQ;hq1P|X(9=@66EN-%68xVzS3) z0UoI;gSa|O-W#wjBz2#T*pCUcvdw~EeiU;4F_<{RByKfUgmsXAu~Bow+!xQuo$y&$ z%m8(xfSH^MjP+bOjxZP~c=P0@`<(wm_j{(pfS;{+%W>rl=gJ4Fi6VsmVW8#TRR(;9 zd@?$BwR=Gzc^!jaD!2qwM>gurpohiO2t=SJR*utydwzk1USV7H%SQ-H&CN$YYfrNA zWD^DZ+s{SP>9nF1n<|qIrv=GTCAd?@zX-6;rFj>WeK8qEMC% zIhoM*2+n2oX*;hwY*~7nef-P}9f|1?wQ|XuCfwscbThd4XOCi^f0oPb4qBF$Y|~sd z=GL83_XpmklO8~_cf4c(z^^=jT01&xjbqBhwa7|&%@M% zFx*8QO7XB2b}QWm5N(NwdE5d#>P*B<>#)O5^T&;{a&mT4rvv2nH;eUY(ACM3+g&@f zYfWOgk@I_yrc;xo2QL*X#m7CoPYYE-Qj)A;=3={~+-C`TZYaqI{3>)}FCQ7-5=t zrSgM~BK6D7PoXIoTjksiN6<5F)fCHz!T~!u0L=Vg?{N>3uc`bKA1`@hPZ2u?SBp}> zMzlZs1yb#dsPYz684ZoOh|KPij_yRl`z>W*Galzta)!ev&k;UYE)5{s^>`s{>w{(| zza+EZ-K0l`k?~G%HDDl);O}iK{vAyG@ct(la%fiMf-HB6%hvmr()@6#J_a!pfzW5L z>D@%uE30IFV*ltZ6N(4Q|I-jzWC#h0jt_!8C_o4KnVJ|cL5?3CrEn7)Z(5HS&|`i2 z5zDP7ymKyMn2p0Ghirqx00+wy>;jA?Bk=$Xe9jpDw$Y?|wTrSJ0&gIO@jX48_YnMLYz}tIT$guy`d_ii(_a&LsQ$JD@7loWGWFYmlDq_IPK=p>lX^&ljDl?rPq zZ5b!H>t^!%y~h|=ZhX`t1?YN^aM6%jd6I(2;)QWxtacF?SkoCe462OoFi~m$P+WGS zyAJSrSJR^U_@`<;gj|0-IZO3#F!-PK3BB6u*wea3Mw=O(Qk`;2-$~p6HB8JM^7-(G zHlz-di~G-&N8x?Dm{)E&-*7>TJ?-c!qTkd(+rHKF{=2xphyOWbKRsI1 zkCtc#)jB|;fw$^OgJ?97YB34wJC?zVJVpyX4tm;ss?ajv^neP$SZsJ6^7o4jfo0n| z>3UwiPD@@z%r1naLjlU*ZwJ)AjMd?Dtv}<9@f7*~ZC&o2(?)`r!!)8bHC}!|!mWg1)Ucex_Mn zT8oSmq3&F*_bQvj1bu@I38|*}=FpXVa>K{rzdyr*xQpoXE@9kOECv-8diudAt4-|b z7|9B{-&vJo54FZ{)fT?VP z8d=)FHXH`DAUY>I+*5ooOqNgYdi1Ri<}Mgp2E(>B1x{!8&A-r&axkIVHdI^Mgere01##}7c4Ez)zgVq4Y zbh^E?5YIpDk*SEa0H5x^7V6ap4Jl&_)~<80_~WnJtI{DjZP7fk*j)7j$1*+yoUr-uy7G`7h0^EE(e9ckjPp#0hImd6jka zJ0#|q0RzwqnNJ4 zEf;q;K@u%6ood1NKE$dfRT{92=erxaifwTWx~4c&8@Hq+(edG9Sd=m;`r1!I6Dn?B z5;B>*PY&?h+iOHHpT4Iyn#31^WRBMo1U^2O1s<O4e z^x7`z_@Wl`ne&N0x#ec?&=Up4aaMFAW|uuujgp_Q-rdv^p}Rwh+@cYp1_h#RcC>Kn*-CYN&KNh_t4lqvp85MchyAmqwYps!+fhIVc!27Sgp`4|z z7zsW>^+I91!R-J~WVA~K`jFWG#&is_0A!N#m~7vlPA_JW4?4mZAp%aU=LW;Ypw+X> zUBCSG7$v`iPBIvexC}W?)9RFSF8~TcThM^&-W3(4C>dLv2O%=pqUeXK#Ai9KtWvCG zL@<7}hPQPZ5of8&At#jT{nf4Z`s84(H{o_VVd_H1&ORx~p>Vid^PV@$=Sf60Cm4h1 zkuK#V+ukeFuUbSN<^!hzIl~*ql*(U%=KEq)wT_H+4uDQv1)e`dXLtR{&B2u^v<9Eu zA|)as0uTieyGOAMs+=d6gcWG;DjvTi)`UW*URxYSZH|Ge@y-1lK?9XyX4(}|>4ZJ1 z&s-t>Ik;&~faS2dMwuH0&sw*|!$M8Pk4~#HdT9}}K?E}WdnZ38z1baUGPmXVD}1x$ z=a_BL`Qw8HnJSBZwuSPcCcqh<&wwc8mwk13h;nj>U|yJMYX*frkMGJ#EmG8n zE=wX#mj%EQ1f);-NzdV70v1UobEe`-_vM6a3?ASookaLcy}K&PRY&G7{GUza-zzRX z5n-a~b^>8w%9Pb8_PwH~PCljv8LVAhhf$~TwMTjeNj4euT(io^0*H8kbZ?_qb-Ul{ z%wSvE(V`w68Kv0qt;9>@r~g&JpGSDa-|1crXX4TttP(=?2?MK-ZE&nUp**Pln4N%(6Epq;1hjLNFBWqsns{bz2UHpl_eGZqIwE7yk5;*s z0=}G1r<|_n`$y^YES70;-}m7j@=xX80ske63a_wiA3@J-rd5l!48h|s^T^D(&IA?> z3Jss&ppZ?@<2lL4BdX#C)@oAgZcsmx_`&lxF&tGX`!#Ns9RCO9bWU2;Z7{)p2b;V_ zqC#cdc%Y3n0`|f$y5!x0G#;g)AuB_o{s=eA&qI|W1zw|#-HNTDqs1D?UB@zje-UjF z)jyt)nM|j%HpRp{X+oywF1GSeE)Mpt1EZp=fUvdqEgb6?ukCrfJ^m)Wny@adRuQ=p z1|~iqvh!=2LZE16Zjs^40MR7e0PmpZ_qmT!&mlX4ynKmb!n>b>Bg=1I$yQQx7pDKS zlI+3f+ahDT!WKV^_awG3EoxUdByS$>Z#&N#^b$*&VvEl?!l;Ek(Ru5BXFPv3#Uo3E zf>Lq<`rn?iIf8D)zqi)afuK=3jvY;sXct;RiLcy0w}Xu1mvmYTsI2#m^5dHcB4z+B zgd;F_r81Al?#b37gfkAxsHm>4`L2oIe`+s-wB&i7AD?2;vZDvyuu8?k=>0XV(m~IC zJJuBE9mr8mY2P!~D;H={aPk0yj39(XC;qFc8yx#6lx!vK%xAWot=Ddjx!nI{@(Dk#N<+&-idjHAN-z&oLufp}a=A`1&je|KMn1=D zMc+b5uyC5=jPT}Z9h_jJ|1Fen3)I8goQVhMl3(iw=#=TWO;tSsT<@yh0Gu0-`V zFy(xWaqB@s&M!8-DW2$=T?$`7`U6#EVPyqUnn;=}pi;Y3H1QL(1Erjd>?$BgZ}}CT z2H68EbICdK7&+H61a?1|73gBU9nB?Pw3w;=1y2M7r>LXj(QM)UJBFSgaC&iMXUqtX zS?~0zsRh1CeXn4=8l|!_U4@Ol% z)wR803dkgGPQhlF5aC%K_st^s4JatNQ?hPgYC#h9Yp#Pm@J@`W^~OB4+gyJNAjsP& z=C-xuF3-Lp0Um%st7sj_m{HIA|La|)n7_jefecR=9c5~OLqk?V;-pD8oWg(J4n{3T z;t(Af$5s-c?)w@g18is$)WPRM_MRzYb**$dT{lI?9l0?6=+tqwW0`nKD3Yc&VE*w3 zMVqVej3bO*2O2kQ!V>=(K*#+Cct@5nY=MY%0cb()q!4poZ1+5EA%Cvxk+{4cJh#3c z4Z`PIJ;+TxUZTne9hPn|^JPl7v*>I5y(DZ9PJ91aJOGZhr?K>#y1`;7G$r@`o!K%S z#dU(Jg><^$r<*=ycl9VEcGiVw`l*lA@h4YLHGj5(U0gdVfKQ(Y9glIoy`<+{zrc_~ z0t3V{-JHQlQA#p0Z_-^L$GHvAY4MOQ95TERFVd(`Sr)()?vzgcnM30EjK$1fj`iPt zf^L2Bb#Tk&UcR34U4P9G(=<+|+VxpF4sA%Ed`Gu#_G@P${)7rPfZ*;H^CZ6C@qTxx ztd*Ky#iG#=B>JM!00$m$luiQ3rCXm??cHYu5>5krKDd;?Zd~F%tqTI%NPAggO#&~g z?fJ*s68;s&LESvH^F{=0e@tX>aOYBzNM*n6wn`Q;Nju(EY83yFu#FZJn#c$Of-o(Y z2SL~{aQy?hiNWMAg;VONUNkg;i-^n&Ab;`9{cq{p&=;?WY}e+&M%Tyg1)9T4erRe9zy;8nl<*6n?|j%+ z4BDP=ca_bOo9`~*5oUrv>> z*nHOVT^xka1>sNr@4f^}+&}QzsLxG}dcYhYH)5Hff~cwm_C_(EyNw@IcL@}M9EVZb zkdOq9D?ECU=+@Vh&3m#*AJWxVX)r3xLcr0vxVV7)(EVuoCwzH&d9rBy%XWY~SX#_6 zzdZnyQOD1|{x&&L2#H%;&mVW_5FqjO%M+Of=zD*+)}wv@7l@|3_NQF>dr#0y_+j~M zZ~@Sh*Q_r2juqcH)K*h5Zv@D`keCZ~3R6}nh~hsw{~Ro52@d*={j`$1tT&y}Jh3@c zyZ(WnbdvFB*S9Dd;lY2Ba%|48%eev-iX|}xf>(=4jv}3Q${0cOzk1BQc%CW3cEEs| z0v?oQX3L-;A0%M-5XP9#YzCe*s!4==epDchVw2<{avgHg*q>=U|% zHC>5jyfHs#zFZ0+3=uV;%li`46{)6wg!)$BD($_>>t`Oic*)E44OcElw&?6f)3Z@e zD_FU|JL05%=O5k=y%j^RY88U0Ob#W7jrr<`LVoS6=H8<^;!#>Ae{`1gpjToOm);Hf zS^u}ssan428T=*)XBYj;_+IWE9*iA=1LJjvPG}bbK36S@z)?x%M!Lj}2>abfpoqE} z)phCOh8Ybfm*TWeXqKgwgFg9b#-(XK>GQ1(i!c43&bNxVtr)t!UzF|kBsakBy`$7| zV7-%$AKu_)xiD10Z#5@QmJ_^@>s^O+#!)x*SdC27F=5%pd|GeMqna~8!fRVgI~T*gMN0hOv+KaoKN3-ccXD7)uy{fvVPng zAH7a~Qmc+@L7VUq_;uY^8w9s2%1Xtn%vM>jcE6soW6W$BusfN)Ox_Jj(Fn1F4$PLI zrM4*+W*$OaYwj9dkNE7Ljn{{G1jAk2ONp;}S4(0%iiQ)_A;t6d3NgF`2D7!MK?jfd zp&iShDL!{FeiCSscvre(%B+h`JtJk=_Ksi#B;!9Tm#kSpKH+FF=Lp~47!iAQz%Pzt zqQZ_Z!K!<(IX<>a`YOxHE2(XK>9!(N2OH# zcI`(im}AW9C(;kOZx^D?to27zrge;>;ve2VI&5-P_A)Qb>@_~(H|a^LLtekOojw5C ztYO3pgY(=??X8#Z^X^N-hZdJ)I5~K&4zE>4-I{WsCwhD82;hu)=7&)0PdXR2PVAgw^rWWl{lADa`C*q% zX#H+(%UfbcnJvxyujFEsT}-7)AMKf+=k`)B-fgL{i)>jKO!KS0@*1P`G&Wxh8lgLLzN{t5eW$em(V?J$PS)f zCYSs!L}fj7Z{cPMo{3-W6j+w9rr8<$VOj~6DqIfif#!_&2{?#9IIY^}agmVAX3o6^on$5pnlDfN{i9pO_`$14Ml?AFOc#Eops_G28&b_c&-aZS4 zCsci-rSSCqIj`e#QT=S5hn00NFz=!pjG>5t!Yhp$B6Bt?^BlWLgZlqk`2fj_ ze_lvp!!{!f*1>7;<4cBWJbUvG-o?FbMpo^t7D!GJNYQu6;+uo{A#fh!r6&p=Aoaa? zkc@s7J2p6vvqW4?s5D7VO8T}yq06d_0p5xEv{hbTcAv5W8hav;m}t2(SY?2;s=EQc zL_fblJ6gTiYpS$77=?ONu6g5upLo!Z1jB*_>a~mIx7lC}oD{KGA2%R4NHf-+@d!E+ z*yS2C$K=b2$mCS@9?Uy}b~y^H^-brK)oh00`fb^g=7pzIDz-H}yqUYWI21PEtoFSw ziP?m)>NQijC^r*alE!Nt!q&Ej+b!Oy%2~SRr+&MN6unq_6vxQufl{J8Jk2(6G@9y? z=(%936Z&Zp&5%~9s+ciuUi*B@TujvLQ;61Mgj8PF9Bka(k-EgH1aD0W*6B*k;iE~N zHDYRTf{)x5d4wTbLt^=p%*%;L+=MCvYsWPy0TKg(U+sii3O1 z1@9eA^s@bbEm{y-V z6wb5oyuxU>s)<1|b;L1j(rUJTuv(0^>AZTUGrbQuhKXBLE#eZlbv+dRSGYyH{r1et zOSLz$u$nI+aJPe=?Tvob)6x>9Ym3>J>?^aEl#bSgUpEtC8FbYhu;?_#>i6W`?!xuR z@IP4Wzy=>q{E_Z6v{7B?ZOwWe3la7n;hgTSR;|-cn6kNx&-oOs@Lj##ul$&+(bP2t zVGRup5XZQlgB6*T`EB5AT}lteBj6$Mj;7nINglj$%4G{2#+w5GGN#D8y$e+h&TDKr zv&W6@NK;Qz7hOGwm^Gx=M#HL|&;A?*j2b9!NKTsd-30%v4^K)W_`1YSVQLm9V$%v;GBa8kFZcM{NgyPG~BpWfhzU9z};O>nib z!V%zlEq9NON(4Ovjo~0Mhzt*ZH!TB3YV|q&nQdV)b(3$%}7}nz5>=YFEm5Y7HXZpgU!<3{wPsrQ+X1|j-#oigui<1Rqvs7 zEO6Nuj*$4~C7RIEop!OXi6tHW^Qu<{rxT79#7|FgPJYXAKU|}m4UZTEY-hy-9lh-R zV}VnQ-#67YZ!lq;dxD^l?3P{C+_ifeW8zM5V{2h?c(pCdE20}BGgl+fKWg?CHM`+P5)NFs$BcBUChR+StW#p&e!u#19Ilt+ zalyuVFA6a=HHEec?P1HMZEx~hv@s8po&QmHl$XbuC?c6JHoKUcia{u6fJQYz54>{d zt-k1u?~PHQBzYxTg~PN>pussHIMNwJ%?Drq|+D@HCHVhO-rOF-m~j$56pSm|1Q1 z7d1aC%xUhE3SL&YpFRiY^@A~VYg;ygF$>@o7LTULRBp$;2T}MuluraQ zR4+F%zh=0H!S$zF@YhRaC4~7&q6$*zcw}TG5x<8%9jC*c4}0%T9$>F8P<9M>Sg{JH zuFY?U>^_Xj)pwV!ub59u)#+Gw#4uYFnTLhP$D3C-QBhJdAZlur=(F=af+f$jjHZ?! zEk6aD=-EAHz$L76gh%~7ymP``5#!uG1ZJ8=JsvVHJ;|BG?s^D7UC~7a8#GE645!!0 z2Uesj9TvVMkHg?{J;4VnHazvRTrN}Obu6v1I$J-Q$nFM|`rUlo*8JaA@0swW^e*G| z4XZ|gzsEWjGpLA^3gx>OThLM|p;E(6i=RNz>LRN)U5DJZguC>b-Xz8a66$uy_D1TMFQMVg+Vtk_KfVFquv$a{XdWK zB8Ar#+kR!W&yZuB2NhiDtikcg>{r@S*-d zy1-BBLBLdNES}mbbDtxhYhmw1`1Z1R0`zfP84(2bCf%NIrcpsiEN>@ewoTl~a% z>`3$4U@~E!2>Ib_{0(9Q%@h}tVAxe)&ZJK&KcwW!#p5&Xaq#xh_cR^)nKYY?zIy^;}O=XUm8G^{CPA_L8vaHu){TjcslTFReRz-pCCf*mS#JSR}H|p_>x;DN@ME$x(3Glu9PR zD1vfVx_`dv|Cj#wQK|(h#=zx&Mb^bxNuL85i*glGR1Tjz^gIf6*jrk&x`2dUw`?re zPbv;pf^WH4%^TG9;6}i&uMP8#hxNA4d!~xFt`2vFMYMYWl$f}oROK5+TFIS&jJ#$) zO>#!=;C0(JENr+s+~^_9!+%A{K}!1~;2Q?8l3x{D>n*dqumAaSKlaZ@w~qkk0ZW8c z?XdxiB=KS^A{72Lk=L;~t~f^~HD41Q=3YEONP9o{KR5K~E7kDma_03lh^GZFqjHC? z*E7#LaA5#gv$L~bWJ*UWD%b@}oL^y)L7)EfUBs_&VNGr~1%UrHI|?6Wq+k_=lpicy z42vax1DIpRXZy%p$On~@kuY7(FPy^~*DryFs?SwFeA-SqB(liN*? zEdic)aK|)rz!qbN)UbU3{GV_3XlzmVA)2JaUgV!v6V{VcQMrB;9H`oR7%+#eq%t{- zCHGq=GiPOw^m8#-nyf=nTm4Njci7G`58w@@Wac$W54&|PXd;_oy@uBVb|l*EZ&ii? z5a1L52j{RkpgB`u@!}%Tc9UMN&{Al}{HPf=)kmx9|Nl_;mSIt@QQNS4yVY%?Qqm#{ z(hAb0AfTjl4k+E-1B{K5Dgx39(lK&qyGr+(M-$LEb`+Udo{r`^FANm7_ zxv%?L*IMU!uDG)PN)+{z^GA@^#g5VC1OD(JCwE6*fi!BI-{NfPk% z8$5~5``_>H{`=&`Xzt${AMc$kHxTD4IkpG04RzF~gc8$VsSlOu`2493DR2-FKO8p@Pm>V4j^zAN<0CmgARDLw(hnD@p zV9iD{3l<>sb4Qoya3+ZS3!g}hHzz;0m3ps_m3em~HX(H#FiB0@SZSa%Ktiemu&K9vOFcn2?IJR z4%(}haH$BO8{ArT^v{#Omc81vG*F55v^p@kGp*^wEY*lspW6=2?i@=pj-ow!jm#dK z8>T4$)EwiT<>5NRqf323g`2W=i)o3URU2OTDmvp!2NQfhGJ4$3jzsP|% zS$*2&q7sWv?VHLZIQM@Y3v6CP8I(w8wkC*SG|N4op)VSW?Gnes5{1i6rfmk+sr|)H ztC6z&BXEtKrX@nZ{oNO~5=j#oryQT$xWA@3PYBs`NtdkCXe4~@@Nm(z0Cxa8nC_ba zmDBn8&WyD6b#)mxlow)M5@vagda}E3GkAY@w|+s?e#jgK}aZl?P^MF0AFq0whE`pvFF6L=w|A+ zCG@ya6G5Po@&d_9Aj4dj|c-%3ou-XRy-j@>)7P}{SyrHC*56V z1N34Wn>05Va{#loeC98OIW#dba}6oxL)$BVb&r1kes?RO`glm}JlxNcm=(3xB;Z5A zDW}~xg?!(O_^E#$P807gNrvYZ zY0nL2(;dl4q63yDNO1Lt)|_DtC^*ZerT>BRiMUet zhyENT?qxo;&P@&_WjnG^s3u%ZukNdhfBieye3`v}?IE0zlI3^O16sAM7jxS#B};8R zPD}7RL`|NG=uynU?OyAi&o3%jcz5l~GYj1YRw`D%KGWU0oj)Hv2Eaa{o0(H%b9-lv zJc2?mk(E){D?LU&ErHFQil`jB7G&cNB@Br4WDGcnk{m!xT3UIMDT{vcI!Vb|_aQYj zQmmk?9I)>x~k7Y<^bD`i~W0j^%u#@}5vU%Pa2?NctXj z^mtZ=bN$8!$b7{f_2bO7ny+W)cyHcZgNXAeC<hlXCTmTc{22gxES_&Hlq<))CSe_jDWYU zQ|Ii)G8Uog1BIwidRYXt2-4slD_hS%@;4T%@SPqxih*Z#^%PXs(CFRbYa_V&M(@)R ziyg4{7N;KNh5p$Y_k%!{2g1-dV7Qx-``*B2rAmBw6?Um+m zwK~H}2b{xTupZAg)Qw9LTsu0mbkLgrY6Jf9Z1FX$rcKtTNtSAeYQl6HgNwJhR3CAd zPwIcY+xz#uleO0YFMRvn)Qw*nVT%P%TfwJIia6!J)FuPMsn@(Qh-iu8_ivoxOL@?F zIm#SyoEHWP_k8$}k>&@;X>hvHbzk#vft6 zV%Q}K9{J_l#J_KCIie~MVO5~y;)WD%e_43-QQxW@*6-Rz{7 zN8K^!h^hZ&v`1F;1`0jLz>0>7R=5t|sf8?WLNaEP%$OjAT=qryLmlbXw+itmFJNAg zwGAa5olc3gmQH=E z2NlKJD`%%`eO|lR)_bB5x>_0nGssz>yX%ko=@Fy zBZK?y|5ER)afC+2DD={3q32+*v75fIzq#c?gQA%G|s1ep8Uc zjKxGtuBHloLhvR^KM4wZ|ct^6&IU<$#d5&R)eNSFtze2px$F zAL^bqgD&U+#3DI~r%deMUkmzzZH}E&J>z}Qg)zBfzA}dTcuGTE{pDFuI^;6!yWY<; zh7Np|wMA?wxD}yUw$Bso_iO_s3#^OZyKQ%l?QW-s)3gL7gAx+m#@YTec;*Zf9sMdrrreM@-FbG$=cKo*ELh-z9_xXlo9gP4z@3K7Uy z515GBD#LIhs%ho(m_exnlc?_|*ksAdlT9>qumFPHC9vNAZE0q5m7$JI4_fJTcbdYv z+EF!b0GAeMy5vhB3JqxsgD%*t25({Qb;BQd;1W*C=|PUT*j(Cy`L=G&5kSRoXfr)0 z;!Csjk(>R_L|Tc(%Co;f<&np#4we8-RGP&~&lp#fJz z`WFVxEkdID5Uef|2`!K^XkC7En4ANNNlJlR_EX7~Yt8hMCK%D<*-k=(`?9(+v4 zohnza!J!!jB;^9ZXunV2L+d?aD_*KW{{ee+z*%k4T@6u6PzPGhAX#Y>Fmet#%#uU!rW!!COa zK=p&)*na5<{v^XH+?ex&Y$Yg&^d0itAYeGGy&Ee)UjF@=#`gyno0i19CU$lRK4H+H zdM;(5u|1k;H0siCZgXUO@%Er(G`aS-)}z63JAj4{7;H($S8!`CqS<+lVHZ}|GEOJAF8E_v0lsXh#A!Gpq=*iGd4$Tn1cFnv#TZCh+ z(BbfDw^u)9yskWa=QknH4I<}OJM-!k?db53rV#tfaVw^Hx!y2UI$~osS!qj4`Z~)t z_6QWII2vGla0H0#l88IM%;YipOG5RYPXHbUx~sgny8djR&n6idRLt(Fmg+cNLHBGae zzM%&TN3J&)WTq?)%-VZvenI;IQMdkAz~1jYTJ&Jh`g^`%&Jj*SW*bNysR#@YBGm)B z;6;nZzKliYylFnvU^O}p@sr`*R-l4T9B%795y}HH$3*QT5mOE3P^3@(rSyK zP$c!H;xU-MeBT%lzG01tIcVRAm024`K#2X{T{mYJj|d)=Yvm-wf%$;>S^kJ&(Q)cu zRfC+)n{R*#gsewn=E#1%m3`0bu>SLgS))VOGhCd&JDP!LI*keDC|s`~fZ;0X6L zvLIwFe7_%KNva*K_H+ceqPb%c|0NQ{I;f5vh(JHgPftIcS|Umk1q;d_{L_Or^{5eQ}e`--5=+1Y`u_kjw1S66+eI+TMzFMC2b?4v7`Yp)^b9 zz%_x)?K~d{fiD0Z1k##yWr8evWiOM)s=oXw+;Wy(FX-0)uWdNsg^IH^u2jSfdM!uF zEKO`TF0(hCWm2i6Dt8qGK6Rd0+%CrVn!Z3Hzvq+xv#i=ed#yBoQ!QrZp9f6Ej8MbQ zL4U(4z4$)lp@BGS@lcbyDn}thNxrnV+uulLLch@s+wh*Ap0*L63x8CagHUI3Hdxge zTE3;}7P82YH^wOsJnkQp@|d-S;{E~<*Y9&AyQoVZX9T1>>9Y0ykZ zV)9_buq!>WdkRH!Z`-GCJm~I2-8~yT);~$UGQ%-K1TK{peF|}ls zqdIMmkDeei@Vx(tb27vp7!LLjD0+qsH~_?}6otYjncis7wxeo42u@P>PC>4H<+#UQ z=pxbN{Ib3TiZtxJDFm;5vTt#(rg%Z{%=HJFxKwI_;FXb%-B-MPzz!h}FKnRTiQ z<((zH-()eFrwHYPVxD7u{o^q(aqn_Mvee26r)z`}rA76Noe$rOc-noVHfc^c&E>C3vFT&$2r* zC%Hkz3Y%|RyAq>wG8d7g>Ae+PXs2$Ky~Iq|AZdO^m3_&@UT57!pi&mD#=6EG0-Gg$s7b)mk zpvt8$!&bF@a+{B^F|YYqOkuQ2{E0RxkaXBC6A?_yKPuyS$kFq^@&0lwJC1YzOGEhF zv4yvHVg9xIslf(kM;^Odm-}!9p_ymGwX2&?&1H4vqsg5+YB5he->*FH+_m%AZkrT0soAYc z2=iVoi;W+MA2IOvma_2dd(Up5rs=QIR;W7uc);~rpW|?qrSWDyIU6schRe31lrn`F`N_Em}c3et&hZ@0s>u9t`62 zkRjcTbuNtyBPsZ>2O7q1ZO`lMnD^*f@`O(0&Z%xKv|OESj;u?~B-b`th&%Z zPY(_CxLk#H=(qB(hw03huEa!S&6)qGlnbWktxz*I9YGywEn7P7Iil3i<`njm-s5_L!Qz8?>sz1`zzcasZ?QCeA z$N(5&j~KDYb~2P!?2dN*NJY+~%Xr5H8YdC*KTpbd^=kT)I(muJMVGmI!NWbwA7e{K zLpl@BQ~KTRi()s(M>O!9rs94*igN1ep;@;N{0o5$OeX(>o!=jicqw4hXVO-6>|9_> zaYRha%rwq)x9IrtQ(47a!)hwzPm{T-UFBHRnO0xATTN|Eos9REj2#v_vsPxfhZrS& zxFAPRt?jm(8fO_h@#2}gx6a#{cw~Z+0JP4MQ~F&djS|5iwikvlN&|s8gC3i<1NATF zRNtHbZ&`9-_GD( zRCJZ;wP5Gx{r*0otNWAsmjnAqVby)3!Cc!ZeSwk*g@!6PyuP6Q^1By7i(U9#m zd#geJmJ)`bsFwz3Yz-(Vc_}+f$8L8U_4+LYe)U`&XxJTZ+zlt1_w-j)iQA9u@9$gl zKUJa=TH9!EYpHtO5-R8C&r1BqZeF2;yzGKSZkxMo~u;^Do?xe`8E4e4}3 zw&gJ8-}}WMD>|a^+O{)sRaC-nbYB*}%4Vo17i%@Y{wh10tJ^fC%IiWu%4yn0Kx=P? zWUm@8$s#xqMEWPIwFDGV`>q}PT?KMhRpb_-xPKvc4h=6{d4E6PEE5f5J}?MZJU-8Q zqr_sY^qr#^MM}0jrL*2>4ROQoahp7f$1sprX|ydN2uGYeB4DTHyCAqAQzS|O935ghXqGD-oB`Q9iyZ+!Z^ViYlaupYxdKnidCnsst&-tvm4S|dqtD1q$ z8^ALD7M6}2v4ov;fiz-LoCtEX=qoUyX~VByNY4&t@_#$GBTjlYHZg`KWw3>wEA@*d zM&&-r)f*jarr&;T^pPVZ>mu9a!?y^(2E_PyVRN5`wvk=~swkeYox$3Fe*d=zeDK_{ zrFI+XOZJYheZNzOcXp7e4F8>@k0~LfswzLDDzEvn zYGkrhdFer#b;MAzR935?&+y$XSItcQWWWsb{Lkb=;>WQ`?(k&h)$%DekYE$^_)jl? z94Sa3pAL{D!o`IQMQj9(VMd~IBIOm&9c7VrS;ff31YB!#GXapnmST=x=^bqRAL?~P zA8M4}pN%aMwo=_pD-$AA(s(MiE$-z?PqW;_4BD3X%{mNZSEXUQ)7pz-{}U`erX*oj zI5Z=fnvp)&u3jCqT`}9-ULM)&=_!J+-_Tm4uo(q^)+b(sx6CY5`9{aQeakFWDMVO2 z-=Vy0|8v4T)ZiSApma%`B)_hKBdE;bt!+)t{+G04alMP!wo;w%YA!CLB4Z@t-Zls! zJoNX5H7EKm3hBPC_+0HX?Ip_jYkR+7!U9SDB=b$!!Kv9koT#3?U^hM##MFQ=R^@oL zk+j@lRlP6{dr`O0VY-x-fp0q54imGy%|g@S(;GSKS=WOixv0-VpGt(WX(%H+tsTou@|m3@G8LThwl4ZNEKa|b@Fak>(0#h{&vVO z)XhR&c`&0;J{<5Q(^}S6^P>%raeDuZ{-(>4rD;7#o=u3|9l?FO^sPN6vZ?Qwm&zDy zpKUS*>@)9J(9w!5E}c%rThK#E1j4j398y}^Ugi|Yb-ew14Szv|ys5lV zq$6io{qc>6{osklM0LX?Xi5}m+*H@-hBBPXDjErnlq>pvduOXW54Mvgyu;Q5as8Cm zOV=G5tJOLuJT3}FEE(jaqRR#Vel0O58b0qRe}t&mUf;}Q9t^_7S8SdaxYi6eG9La> zXnJw^E0enQTEf3IYSt3vOHFk?)1v|&J5=c4qxCV)g~M788spjpsX&DGUiMwu z?LR%}9l=3pX=yn<*VpZp3JQFc?Y#p#!J&zipLqW=Fp89FAM=&wDj#CS9aAY&US7w< zps3tS0r4?0tdklD00dw;VzL1Eppl{?6!4m;$FhT{^v!iYwY`vrih?S%}7y7WKa9bg!hSAHx>M0y3LJVoNil{Y@^p)>1KsiqMK99b6AeIL?W>U6m{4 zq;c9Uw!&cxLgucMR6g7iFqx)RGdqgx9D}=Kr!G~vtxQkx=W#eoAbI+t@u_B;I(3zO zUznv{8-H@dJmJ(q!^3?CB7%WyNS2NF%PNHa$?VC83ILeVGgRaqE6nR$H|RFUwYVs> z-rcJI{?HC#QVLQN&&X%@e2&s}vw!_nMDe2EetGQ9?jmbw4eG!MS6HEnaOQFj$VQar zZ-*V_@Y1F{YE*S=_!gn1wUrX{boi=68Vrb$mu1qWs!1|vm*i;cZ9S)a@80`o6jI+e z^_W3PevR=&?X`_ag94G%CY|WdJ+vQPaSMOwUfvVxT(j<`%>R?d z`zeU@e3A_nE^wB1kA^AaRtO1H`>CojK66fz&(d>`@P3&f)$(v>!Ki1@SgK!Oi1*p$ z(=uRk-TWZ_W|*TMJ(77GwV({pU}Qq6mdZFQHu6-Q*F{91O3>2MLCe=8upolU{?T}LEZ;g-|n&*09)8;{m+>4`XeGeaP|=NujSr3d_R z6(RL9;;Q%GIv!+cr9E-@Np_-hEQHS4B@u#8UtdeUa*U{qQ3?!hvMoK{o?y#vlyOx^ zNT=_|nFQ`_en0J3^OTne8@#En!%vkh)#cRBIXY?<{UH8*;>=;dw&vAvae&+ar(csg z1qUHk2=&(4R=rE6+`Xs&Wac`=fw#!yyEm&dNM3I)S3Z}|?&{0pWNE|pDvxs-zYKA54iItz%CN ztA034_v?+^&WMo^`mrA0uybEyta`7dFlizyog((`Q6a`QFw7=z7(TIGK6W&TMRKD2MU+Pf&F4nx0FN%Flx0o0j*g2E4{pp8HddcbHwj2i%cC^*PvgOWxMR zlbj##>+9-Xw=9kTGUk{Q0=%ImP5xc+7T-7_SK1s&hFeI&q|Y7Y+opr#Q!T5$^mabd zlY8vqR+n1m7*shZ(KX7K6ZMNcTml4Rm6!7lK7JbXp(I+5jin!Y*HS!A=z&&dfVXn( zBkTUvxAk+pJ_mp>)b4w)Nej*mh`|qOUZ#@e{E^AI*Ng4)sd;FGUMu9^KiqevWK7b; zeb4m>pV4C9;?okBk})uKyII2R-#Lqw>vV$lHzn=$r*0593Ga_t8_#WDX1+7yB_gr{ z5wn;A!}g$B`i7X8L8$l0OXY%@fsHWB*`1^&B_#@+rUZ>sF|K34h}VA8bA0@f_nfg@ zNO2TObR1|KyZ=JTXNF?H3_t|xGaTOikX3Y}@O}!+$BJ`0LainKlD8(F>g=EuPkfBN z_s^uJ5N^1stnCs}`Fd!jtcc%CTy-el6)KcgNZDUzyw1pM1g7(AVC`>9N5#g)d1_Vp zWqM&16uWt|^fzbsi*!uFt;VM&F0|!Q6HfxX4v+nNk4!tF9%_PdVv(wj*0uu`)z)ff zXLt>>C7w^t@xs{~P&5yNpsu-5nXPRL!vgAbwkpaG;zYTJ01hDHP^Xf^THT;cB%lA+BpVj>KtR} z$y3qY5YusD?)Csm@W~e28G7%#EYZQf&WVBq4bF3xX8nHAj}GC;oa!*LpsS(u(`029 z&?TFK6u@d^w3*AI`59V6q5My!RY)Gq+TTt_|9%O}>j0eyA^YOhnPZg)mCnCSdlnnE z!*!xFvDLzM&-%XhmZ+HNrYB^UBl3Mql%fSSkpDJxj1JFL)F_Qy~cP zwC&V6;=5_h-|H~!Lv&;Y z{q3RpdPmf`*{zodf!M_kNWPoX1)l@q+k%QJ{z)8)6vSgMe$d?7wA>W|*fV0ons^QC zlz)lw70(6gq+cRWF~x3dD2)`mxJfUdP}o%wSA10r|L%0>SVv;dQA`wWOFfI*){?lj z#E=g4fuo32S5`EHO{cZ4LvnpTIO)}1vs>|nUkiS$UJQt5S}d#&chrBco!!2AXRu-i zVgGC4uoxIu$WB)Tdb33#R5vy>HBr@yo>n2)ZBpx3&D{qeFtL%rZ&^1BTi??M8WhAQ z5#wrqB7k$p7M+X6VI&_zfqN?cR~k|$?r69?L8ujVv&V;#76h$0YAj}_b^ty6xGKZ4 zJ1RYkKD0d01Ft!pw6C9&-lPU`Puu}imU2b9ujBV$i2Ww0*V$vajdQ0AvQ(axKRT@nH;e`DT&~d%)FDxx z9rh}NoU3fib`G~5)uUjNonWkCigab$({M>TV$(Jzg56*Z%3cbe%GAw5KGB-4QA;fe z2ED_(PVsts8n;nmV%KZalTU$`v~y%Nvam=MuY_nf=mVy?b<3@*Rvv)i`=g|-{*y?C zkRAbw>4_B1P`WJZNWKeNhObCd&+0)6QsQj`4QNDQkynzG5O`lXZ3qF9qoFJ>wA@*Y z9M`iJCF?sz#v~DW`sQAb{Zu5w@8W>>_Y|6gXzmpDHeV=sg-%kpb6Lrcdwqxn)osUZ zX3N=4>s8-v-INcDUS?*W|KuyEQ5pJjd~)c)CdbOW`AUa&7Gz!a7W2tnxX+B3-P`rY z0HA*XXHL>>8UM_IY?4joE!-kw5kJrT)Uv(!1NWT?=}oq{ecXGcNbzbL@q5?5zGG_n zrjvfVeQoG(sFPqefJCdI!HV?e;c$;hbjGXGhjQ=(M+%DC^HNzJ8h|7Q>Mjv8_6qF- z+VI*ulJu^c!}=4=Eogwh-!0XaxXZ63UZFmCpdGpY`yd)OLBb7$#=TFfQir;1@vYDa zrA-|(-7aZrs=AR1?u}f4@7Ub2jxA+nWpbSP+-HMvt(y4ub?laao0%C%5ys`Hk&A3F z4eG)cM4Q;XQc5PE>OJn%$VleQ9XjOCB!|VXwKrXkFh*obc&}?#HWkmQ>K1T)Q(wO( z1wyosQJM1Ik>d3HK5$V7h_w=jet2(usdHqv6xF_mO*7^lQ*0E zbrkw1OT*pefl`}RQDPW!ftMeQ7M&GA$#uTsY5ZX4srn(X>xa12uvK9r6IC2@N z4|H28Dk%Z-X9YU8^&k(RgJRTH`?1RNM5vFsx19I?Ax}nv)GBjZNJtJP-5f;il8~1B z$~0#vZ@#`&xO;C3DqR=Y9I*K<(5O*Y-Y`;8&1-|X^eh_`!#EA;eX=3uLMUP3jVaT6Da>9r) z-vzGk0x5vEHz+(l-fy?L_r%GQOp?CWtCNKgR?MX%fizV&Zf$1RN=zE9JyTm z77u$01(S#hU)iWzzy0Nr9hcqR-Q;?eOMG_Up=v>yshKK5YIB|~83VC-pUCo`pcwr)vHl$Y%1$%QX-axU72{f@Us9&>_Z1`O_OJROzr!+Rjy#QKfdd~eJL z0x!jc1pT+}_t*X3|M!0U`o>0~t4j_3y23*k>m%W_HNsH7ZAOu&$ToyxJAOw}62K5+q+96s zu}WS!&cI6^F6-gwKLuEiQH5#k2`$&_@2qWRUI2ODHjIJ^*e$Ui_2wDV;vBjGgTI6e ztaLY!McuzohQT}ie$S*<&CPAlE@Aq=ZBTlrg#zp?Y!n9Xb$|uMQP8GOnsfymeUaUW zKY)&I%NLtV47$l45?iLN(WM_hejK+Y>obHrDd<0k-tGS^QbiVZG+_VpkXf-lIeB;_ zSI}y@rgBNNusK18=IUq2kAN;0g^>mA-JR?Q6$M4MQDqIJAO*1KvcA3!@`OT{;nX8dFpdTSb`Yx%;KP^u-o}({rNN&mCU=UqCxf6Xrr~Ozna&N?C7}g z5r(LXjRj+GxxaJ>@3k1BqZ~<^5(lar6_l$v6!uOV+g%jx4=F}_tHJ}?F zjw%3Wk3>lN?&Mh-yTQ9?LHaZqL0pEBm$R@e#KkQDe2}z(!*Zx`Adz%p{smUuMdb%U z5a1=_87i;TsoX6GG1<+qLOe-v+o-@)bMsJPYRUl(GhgUTzQF*i7vAthl;TAlrE^Vd z(v0vXOiGhpai$JU)x#YNTcRi27TIl83UkVk5U(pxj8~s_JV;ja#zsGW!s@DzXc!$sKzCw+4f;Ze#P_M6=!43 zh|7)DsYe@sz@TI+=oN^HYYWt}o$3QMQ7QJqXL}|}zb`h0T3Pd)l2}L-jA|BLYq?^! zXB-xP!~P>Ba1uN5f%9KPYpX4FrWV{I^Ak|9=j!pWIM6wk+)vI8cDvc6_p3sLOGQBJ z1OO1%t@AskexZaaMJT>ka!(AiEeRw8slsjVNn9{V&~ETbEH{Gj6Njs-D+mRVTaxZ{ zaM8912jNS>D&>d|{_V` ziK2&!O7+XusXov&$cVd9@s(Ff?M5UYuHF!_Rg}Bmr|NoORPE1w;xgXaM-)7Li_t`x zv5P1NJ-N(96x8Mo9IDf>_eEyj!#P7qUxPoM9~l2u*OJO&y*!3*&+rsj5dM&qn$C2{ zUni({?T|TL!eZFm!s@y97j!Z><1@*&VWW_m!OO`)Ws6?i$81OFM{|&~l9o=26X3}G z`9DISF+CyeLb6#D$7r#k*E!l>XY0%Ty(Iizv7PB|Te80?=Ga)Eo!^bM1+r zGx*K?g0ykaucXMeG1EF!aWgGhY~7d+(5UrnUad=O7>ec^&ufP}>d?_U?3xrln|P{QzaT zTfB0z6tzPzj0AvnnY~Jj<&TaJXK|nm8W>`4Q2xNR=!qLm7E`!4Cthy7h>x##{TjQOc9@#(B zYHW5!{i*a!V{`r_8(rnAcu!#NFGau$o16O(VjY{ko9A`I!ox$Vzt_FpDC5w|`84X_ zd38p|`(vZTo*VA49-t9sW`E*9h%r!x?iSl6w{%lPPsB)WfI&5+`8n2)@ZoH)dhppS z{S(osCn=FC>hfb}H2+9?U4FOM=Zd)b9p^xn^?q=_LZVCW?kS?|? zm`bdD-``lAKL>CJ(odNZ0*7AdC++y-6-PSO=Z|?puCd3Ry}FQd-kpaph-6rKlU9&u zG#Uv&C>2q!8h7Qyp|8>s@#=Rnz4qIp$7Jg7{88%^*K9k6y@V-=B0RuyMUXt&L(bC9 z=h&O)`Dd4KRWPm~a-wvj3EiH65|1T3&w+hUsXewDs6 zOd|EW7Y;>Eyn@e8qfsohoamkj3mPq3TXO=hscEjQ9qD_@-C}i#S3Eumllx?GoWkc| zXI7fB!qPwL1^NvViQg~Z(5da&+g@pJF#2$T;);fV9$5Xpgr!c>qM;cTvE0dY7_znT z8I$}M4+}jqlc8=@$|`;EYFjBtYZG1ZK(u+103>}m$oHH*kks0n{BrPK<87!Z>)q$+ zuad5-{Tm|b>7>EI9&uj!8v9wE@&($qPfzaBID9_Ctof49jLVeX<@i`cubqd=~J zyYpy+u*&TfsW-#N&-s*?NpSzHk9A;gnS7d0-04<*)X26${k{7_veETD%2B60@thRKK%!W(rjC zbmQDpb=H>;rB|-nqt~A(^q<{aR!L}D@#RCzqv=tXHmJF{_827aJK;^HsuUE#jQsda z3+(65y}8)cj3>{+J+B^mCE-e+(QeKxX?*NKoNfVU&6i6T+a_F6>^7X|IzH{tlm>BV z8#)J|x;*rX@kfA(V z?kCQxadp!QyhH{m|EfEa7B`vA(E;%FG?Ug$50tXf)6-RmoP{d(C)ZkdF`rx6uV3G> z9;;zO5!lz%H*6h)!%m0Li1Bp)P(4Ra;c8K{eMdnjO|0UD*LK48%gN!Y=$|_iimnO{ z%MU__M7&w+^1oyMHMQ^^+74Dws`S8}!x&jvA1Gc^v~ygWP~>fBEU&2yHz&obrg9P^ zCdpXh>gCnLx3BHS*X;Q#ay{&`?Vqx1J)B4I#$>h)aWsL^Z7oHliRsGeH0DbcZOi&8 zQKY9C-5Vy-L5up-R8*1lUNV*E8bTQq#qdPELe~uoR;e89!Rxe%^gA$AhGD&<7K59u zgyyYF_r=xvU?7a&9zL!71y1Vwh&AW5ChzX~k)q+M9iD}swE>f)b0a>(h~^b1xl#@M zgf8@9KvDXH7$z38CmE_RaBH{dVx^Zav9&bi^N6ov+6OA0ov`x%Sx!6`mPszLCak_O zd%(5p+(6ZC<<5+w2}{K4Ho3!%B1a)RC9$iKX0->lY<9bc$0bhjG!+l+Ewg?cv`A8& z`!-*$J6)85NrJoXReNQmk&DKTY@T&1<#qW@NUR)h^}Y?*oUwateTefUwumxzTk->C zu;>D)Qr93Gu!YS zYdC3Oh$R$lA7b;>Sz!OgWmaF6xW|ZBH#bWnQ}yNsuXc_R zzl5h;LmR?$KTuAYeD8-`azk(kBElte%=N%HRVls(TqG-oKLu-yY#3C7X+dp@j0KkM zqdOj!Tr?6w>$|+rp;a|i2-9$l{gksVId+uktruTIj(?IbP_fs(Xe-%tEZ=OpES{eu z^qQn<)E0(mg0nJNexnxG@H0v?vkT0}Wy2!ZXhW-P{aPZopXvT{!88w#C=3xW&zzW;_{kz?PWui~+=pcP?5%G%QnB@@L@7D9Cbf6lK%HqqK^K;Mcczxe z$U80AzUk3cB-{s?;_r5Jf~lz4BDaPxrZBOW@4I+vZn33|ZZ!-eXi&3CDHxaiM-&tk zS4SyShF+dyisqa8^5of1RS6NcJ`Pjp$HZ?A)0mg*!Bak#!th0sY7C1-QxTCGrVVZJ zO$g}LW!PWJi*e7r$CK7$>(t9RX(Z)yORD>M5UH@NCEoLz4g&7S?3!HO!=i}FsmxNi zAtAS&M!4Lal~?ninUyz~(RF9_r#eqfS($LYUXyicnMCrCNcTkl)WP!I;Z*y*f+&)Ikd`?4cgItxnjJYI`v~B8uPpy;1}b^)vUypr4wj*nq>{FRFQdP*P z&l@YL>@$zJJEB`-F`O;&hnkS#10Vz?_CutBF5bhXtXUU#i~8=YR%{vb?k;VB*UJc& z0l}g4AkTDu)|ktn#sn5>Nhq)4;~2xm^#w<-)Jb>K;EH0KV0?F~QVYZ0f-P9C#G{GN zWV1iGCsPuVE5(A~tXyy~gDrw~empUf`nV!`R1_rKMR3Y1ms0@vRX21z;nQ#2`R6?k@ht2^1ZGmY} zdkcrp{dip%wkuv@r781Ge95#Xnt!i0tm~X1z=~emno|d)uhhSE!nnTrkl2`87#{6i z4htQ~^4hPQVDy>DuoU&2H%cQ#y#9Oq&8K!sO3IYr>MH-_4oZ>)ugxrJ&^sJ=Glci1ZWSSo@of&P-MPqg6r zD?Ci>vF@Jf0A!I8Wo+M;#YTnUxw;(ZS;~ z?fvT}u^tR?P$Zlu?y|QWn&xeNIzc-_z+hHC$LYD>0`${uS-_%h56DXhI60-_9&5}D zR3la4V|>>fWRe=v6!y$H!gz&0MQH)E;F!yDrgiNKU@Iu>Sf@7KIy0^QayZ z>_2&9cbn zR%Lp}Vc^oL?SttRM-0FDguy|@;;7M~-}lNA#HsAB6r%Dsu@e=2-1;Rabtp-GJDnsj z0>!F#aBIxkPLi{g&{)^}z#|rm)&xMo8%>CEzXGeQ}mZ5~S8Nho`6761Iyl#jX%Wd*;2J+YbFeH9qx%GVkq_}Yt;IgV8#xXB<` zCx9q`{BVZMv>F|HiexMC3^J!rV6GO>D?|NQc+S8C%*=0jG9(w4hR4pAa1|6 z26V||ZpWU20Z7-t`xj(WJ;6_0Bmbsc=VAzK;GNL?z4s)(UJ+^@f?IRZuywh&bt%5= z;DE#^#r9$U#!tU$l6JEL>rd)A=WU|3BC7oy-GxbXwPelI7X~rUdh|hWby9xFudyW8 zM?P8xm}@mI?^zwd#Zs&dwbuW>%zfk3N6pQ_LAy#)P(r#p#~?&Xx;L_n4~H*&5NCd|_geRTueI;hj71y>z-`2d(L z{dC(F{P6O0Rh0I3%0BKa!`!`_lBfeYpVKlJ%Y=d{!+F&C#VDJ}ZC*&2`N{Qf*6laB(bm7gz8y&MyE!cRk>( zP&+nv35TPX00{#!y7!7kU$pyO!@7f-VWZl}7oJY@KU8V92KSG_r6IYEs6SvF=Gq4P z14tC>_v>b%>vw|hCgQe?RBJj0fq{O4=riCw**1xeiX{9_T>H9q765w0PwUBU>;}4# zEbhF3ZuvEMpQQ2GMl|dy-R)65Pd*%)ZX^AbsGE6olCDJ1(W!RlK|IG=QEI&@dKU|R z!+?E*mygGnl;Sx4rqQFuTrJIjt(#zBs^wF|MRoZrUR_^*8f0VbdD)4TYH+at*|(8T z)m(qKT#aSaYEJ>|kmhqPGrH-ryB1_QEPfEKN2)Fiz63t;23rs?o7LXb8UTZL>aJPA z(zfTlJZ{;&xrU^Qyga&5oapp(@Vq35wM%|!)Om7_RD)IR$vKO;-J?;!sqi;}(Ox$Q zN^Vwf-|Rpqp_IQ`0_0Mo>2No{>>-cox^vgQsw@O-qA>AQUm?+vO8aYf#_s?v(|!i* zN->4+nP@iwzQP5=KHv!1KAWtfqN4peRjVtB)o0_Cmd;(aB0#Zu`6ac%Wx(aH=&mgJ zKT*%)h8yZxROPlkX#g^A#*FXWb!=MVc<*9+yrE)vyz064cG$jSXF}N$hr-43&o}Jm ztKMW(Hy07-Q_Y3tiK^lqrkNfpGVfM{`~uMD+pn^cW=$t)6%`c<^134}Wo6|i&8DZ| z0GD5m-pwlbSUy$fJoYj7fq{>u;z90m%grXOXwWn!hyZlEI;Jw&egki0Hl16L-w-@M z`ne9d@iJ#~ALbgsi!YA1Srbdaut9FCv53}aUKaYMqj--i2M{@;n%<|$F>0~uoC7>) z*1l!6KlOz=UCie^kvw>gzwU_OXyd{nbRbEXb{l0gduiZvcoIY+I81YMO|QQJCXNXX z%pMmDi(x!iIMOfV01Tn55^?@Jc|`MC5fASPsesTbI0CYFy1&%bWNY8d?dDtMX3$j@ zJh0=sGu%|V2O-sba;Oh!Rj}mkq-#2=aow!ugIyS$KpUI9fwZD$*O0Z$L#6`8zrKKj z{6%D6zfu=Du-4~sGIVtZoV9)SdE0(_y4bfP3JM2-w(a(ZTG$GsW{!R@u$Cp_X%;xr zEY`dL?zWb!FK#ZnKLpSry(&urYvcce5FtQZi1(>J3fsq>Oqt9(sd=!Sqo_o9^={5D z7&ecqBz!p37%^6)m%cs&*rCsRp32g0XUg4*Ai>hKSiM z+O4q(j;()tli`;AT{lOKhVm?PEK8bmG!n?o`T@%wEjA!9;$oSgQA`p-2E?mYpGotq zW!2TVA)Npm)kfM(Hm;0o8HGe}d|*HWwf6|Jn6K)W0!$m@w&VZ((s$sB&b4^xb;jzm zRbvI~QSuie_LZvzRqn@)wELHO@M~uDz5k5}DG`l&y+2B54Z@C3*#rFl-CD81jQ6Y_ z*m1#+N-SMlFYjT9Yi&T`%LM`eL^)+U$L}OI>w$6MeQf%w-K@C93t;oh{hh1u&lMH8 z170)T9dMCEXP4`baA|${%s#oY^=&5n2>eNzFW;b&VUf+dZPu%CvpXcCoH%nyCyEjpAx7iSa zVY`s2G(rQY(qhewxYz8(1EYV5jGg!KR#AchGf3$GRTeYv9~=<$#LG!?`?+O5kBHP%V@Z!j5V|Q^tD$R|0Wj)yL@XE^_$rEhL0iJ|)JWN^{b{ zOWfx;h%9y2`fmlh+j6RUyCl>b4FC{OL$piYM}y@=#J4^H)G5)eamQxX|L+`t`Y4(; zW=MA3JD-t3BIHrZbOsPZ$XS7ANpK_(YoAl%(kh5#K|7Q@7_op=bw8mI@6E$jhJo;G zuF;9LZDfDlz;xCJPzsfidf5Tkk0#klb5cuBp0gCxpLCG*)b0SW5kO*EtSx}4&sa!r z{(t99k}ta&1+;O5rbO@BRld2&I^r#x$~lJZQ9_xS{s{;dw376HPhI}38w9*N=D`_< zj1WZvP-vgYv!J1-gl>@M#PidRmCk%h$$Xf4t} zHgNOv^P@=92Oq!FsHE7icv10z7F*@-$-Ixw?*Rh>mz$(P-k>mb49)f}v+*qag90(s zNeFs0R@5<*3%b0f8veT+vL9>0CmjsafKv>_9D@A&I|ZmR3gNV}5HOQAloiWPS z2MXU7-MYd34s0MhLJLtK7m=?;$!dT!2m8z8e%`bAzX=1Qi7yke|HxAz0_#*h$4o#1 z-pA(j>E$RSz~8-Z3Ow6GS*Qh`;3C4>1$JN9-cNc0cv66X5jpK_qsEN<&LlQ& zdX7F~^Z|JVFa$tmXYwpV0N@G)I^a##axODo^qu84Dq^0P0vMa4=~;^Yc{1EVMJNrZ z_LT*f-rbc6dmD@3n{Hl&z6H?DMhYbg3Lj5IV0#FtdRsl)<%|>y0=d@9B;|GkgNT#i~FB3FUzPcC@Cb|_@7Hi zNObMrkX~ySuy9%U89**<?-~%sOuLBdi9Q9?<`z+I$aifdk4G&`Sk%dDHA^f^r!}K4_SUhtK~IqnrxTP`hp*M zngMhbXthcV|Gwr={Qnag{q8mzfAzk@Uhha`dUyZr9>{FZD+&VU0pgEyQ%YXFAm)E6$dGUA7y3vX%8a7(2_*>L?*bHv@3D}w}k}-eJ-q#KuHLi^j*vwt7wM7{KAzQ44U)Kwy z3GMJ?!QJQ=8!jCs?LUDHSPC7Tv|zUB2CD@C^5nxXg@(7wNNZiF4PNHI>oDNMLH>hn z-5T3#5JRJv{(HqzazIPrYL2^zhl@T{bl;uDHM&K*cf^?(n9Yo)PJ6CjcF^Nczgz*` zcL99xZTNpTne_Q{OKr6M4C6~tL7TSE0U95CbLQ#ROs+j&(={suy8{SMd!Tke<@Dd({^J%Z=2C-(mc( zbiXltedgk*Z}+?R#Li-joVe0rA}8h&q`P@QeZ@*u6;U9ID=(D87CiO_7rGw(x2{X^ zne@59+1ROueuQyu;3`NpTA_58=blIE%Z3~cBsF5LD<@5w3j~d&l zw3HwJsW7GF;^}fiRvs$t-GH;uQ{M=O>(eX!Z9+FW8LIVn!T)phj)>PzHfC#QeYE0e z8DQiJ(MvjZrS3Rt+StGEao)$m8OaFASn2bqIqC&}0Qz`PFR#vbZp>?dgr(~B@88|* z$o~)j@PWy*(|jP*WfWaHASqwG^p0g<3!G7&cL~Fe);L zr{5;S23^L$sn1u_4vzv67$y$$}BEKus z=bnQ|)$PvyU!K9Q+8yV|pFX}iHJS7WVUk7`0#J)Was@hwggpZQqLpSG=wGJJ7h(u% z8u-%yTe2zF(K zT89VsBaX>Rfs_{&ogH)Kwl#eg@qnxu2$OU7N9!_;u5SS|IYGITzc^-XBoLDbc(Xjy z<>PZNm>%1-2hWierhNvKdwK)M!*CY&+2`T*+kdFH1786Q7KW&UUoZVyJ_S8q_DBc4 zMYDxvO|a3xlgRFk)<3^6z53kaWEDf4075HR1O3PU_QOI_0CPcCxu;K}ibJVO9G)r? zq$I<};Imim`eyx7&e2QY>=wb&5^dviMI*u!FQFL#DVHk~cYU8OjW`|R{4(hXuc|F} z4IKkTy^NrXmDN6JHfC$iNes z@QCz1%}_Awhdafu;k}7a>Sce-a%Bf8gyZ+g)s8mQY4G_aJ+ z(VbEH1rHnf++|I^pzrYh& zx~N`TOspv=Zsw7n1%xj83qbD42Z8oJ*CzlQ%PEE^ofwQD1K%!#%5ON?iS=}4yVAvR ztiIj)US!$VlTrAr;@xOD2&jXoIsE~d=w&*?r@(3us#ltIuE@O2NemEGyBF}ex|6hK z_mwdB-MXcn<9{AJ#B-02S=TPWAM3J+VPwB?U=>(Zw-2(uVfxRdMo{L%OCC6 z#hO^i)HCT^vSrhK!a3U6nPy#owQ8^M_kRA3P-iViI=8}aO91Eg_>`1FuH1A}>5|UR z+n>Ud*%E!OGQS(Cs^Z)@x8lq3 z)!Cm2LQ`{?C%>v)IQbg3{Vr$BIG?Ka&6N?d9z`d)MjccArCa~L&428Nn#{?hK2ccv z>6G|N1Ri~3T9&BA@Y9!1BcRh4;^$wHu-RI>7cx9hH0738SfmG!RJteM>0iWbP%UPe z3u*&}ZBwkXsVl=JfN5ct)FG9+keQ+PkF)yFz~~|{ff(vfxmaP8?a3Q z$BXx`YwYJ#CJDJr`I3!*i@Dcbf22~wALXZ4>(8dZ;j&o0{C`hk{Qb69bB+Qdr!;d1 zv9N*13GR!_^j_;^=Uu$lQ2~t)d6}7uJo26J+NRGi9$*v6TyxnBi;aDl@xt8L&MU*s z8R)GIt(6a8fMIxo2K?5?0y9-1k`EC^VFIYoEn=Ywsl#r0y zvHOVi@frO)P3i#=R>BHNiPhV87t?zaO1S_M5DonJ#j{+Y;7@x!*7zV&W|6k+#%{Tshz~^}I z=P2>koX=Dk>3NXfs_R#9AX9~b2pk^EvEJUQJCwDaa=&l2?Xo$PJa@c~;1w1&K)LM? zuUu;88>qvs9$&;ZIP-rkKt2G!JNI)6Kr-6W=sio(sd&p8ju}{GU42rZ~}pvHMt>_DdSW1q1(7uNuM2 zB2$TY?KSfB#p^_r&(vX>n<{Vphntnrw$qKk6U?B#ScFyEW#&Ar8u}NT{Cn9Sl>)&$ zlJY2E;OThLt@Q09Q6xhFg=zUD5Q5~h~tCistX2z&VO`Ds?#Hax|IvieMTr?H+ zn{>TA2HyB-x&Jl)|NXpo7>c=vzA_IE$QRasAq?ZgTrD}=Y^U?)z-#);tBt+ z2loH}{(t)kd=$mp*fl7b%UMgk{xvY?szZW8*ROxARj(lqY?3A+IQpEXhOKr$XGex% zKi4emi9A}Q?m5RK1}1A?lWXkO+(Uf=z)+CB6k+$B%K*cN)?js!2)IswKuXYZp66Jj z>?33{c3GYlRbkOJa7OaXh?eP61(>1+Jt0FaZ&X}{hdiOP!2Qne`Kx2r^zN)oXF5$o zV?+dY`A>oLcPdDlv-b{cm@-HDO>Q&d*H9_mCn2{@@BJeZ&bf^~mJ3!O5N75Pxhz3{ zzSi0ex)xxoZOh)vm@@7U94|DtZrCC`Q&Ng>9kSyWLa_yq^b6ye+sBBoL`AECr8}zf zmvgUF731{`2rB%Epr{@JL z?r(ikNt@1{RIo_c1>j2*cOFmPHB~g+E8`{nJfta8BOe-v=RXbq(xP)GIOZR{z%Qu@VhZd{&KO z^$FRQ+oHFe3ASbrtsNYsb#;?aAJZfxqo!co$YTAf(R#*zzW!vCxhEA=rm1j3SkFwu zz1?K+i`(cjrfIuepqn{J8O;uSXIF293m|TN2~4w%_e4cQS&mhMLjE-byUpV04z3sGTO8C(s&W_pEQ<`Sc&Z|dkCG~FmkMN-?Q5oll9AsIiF)1mkM?D<+N?>Y+ zrQKQAh`I5nKL4(f!XOT(UXKN~)piU6?65S7c3I|2%i#8pojDFK2u_B*p8TTipB8t7 zbZPFRtBf3)&Xl}tzmk?w=AaKcRinusZ5#D{>`*ck0PS_h6*YYXqP7iN6Rqp+cKrUx z2x(UVjOWa6`WnF#1Tz`WNJ!FK!Tn*L%l9QWFv;v=t@cOJ{+*PY~(xXD`}w4L&sl6c^gG!xVE9b;a}Z84Y3jvfrT0-?`XXRU2K3VQ^NtcmizC zE3mj^@6CUF1ME|K48&Elj%y4NLQzZ9T=FD-_6sG%M(Emj$f&;H_-Nb>n*U6CxbXcA-Kd)E|e z?>3n?_8k!&W!I)B>JYS~fwIz4p$&X;1sf_EsJ7B2fH;x~_`}FjJNl)7zc}Jd?+~EvIUC8YQ$wk09%8zMK zzDw!l)$4A$gd6P-VV{r@<2Bd+@E-P!dSxhK=3V(b&AYlP^x3LNj!u6HGo_|nwMh2 z@VTDd%I2Qc)E_Td1_#|Hx?1PoF|yxH=O~K%U{J&E(Btf!EMq@%&BGMK9Q3=^owC^4BsHs$B|(S-q$EW3E$?#ARDxu8d5p5eM1v%Jz;#kgSp#?{qDKak$>LSo=< zcM}*IgKMuaJNW{WF?RI#MA%#ItgF7(*VLw3kJUZxoQswF)vna&YggK4V2sbc@#B5s zwVzGUE~R$XpWTjMW(a+Yk%@0*qVs}$3~pK0bfAsRJ4Q7=-nx82wxsbpZf6=V==mCv{Coq@NqHuuV3WgsNuYhjF{NxNZ;)tA8<&S4SNv~Tn5@5 z*wt4Mo65OmYa>azyB49{Wyc&03`rVEH%LALtRT=??;Gnt&1U=8gKKI?-@ux*D9_+LX?~j-3r@4)$P6+~c+@U-i){%4=?}O2n`^ zZ~6!6tyLJ@I%3XEheX2-N!grn3X$~Z(K&J%p4B$6H9WJ7pu0UY`eB+A=a|B^Ej)pN zlaf#TaoD5HdL9OWUk=uXf@>Fj1UOa$o|o_o^Sei^zGRvS_(Rs>N3)xOw7bxpra2Fm z3}o-u0gk2L6SMXshZicE4+g;rJjAj6Yo&m0?ph@}qkMtn!Nd9YSQ?_P*5GLQg55-< zC%zppKLXo`t^Rs*Gf<%mclM1BIN(X%Dy0F_3?UxPL&tg+ez@1W^zcP0>-oqc)aKKo zJst&S8>3cHkw(oGLBM4#n{@#~uUB`1S3$8=U-x_txtT3^CXmn{FTL5gj z?3wsjqf_xyOZz6T6^~2XdUUR0flU;5IFD5DmwEH67Ks+!0ymPbw}>FdXh}j5v&r7y zeY$0$F$JJB&YP&9EUIKsL$?S*)9x@R5O|+#JP+d|zEz{?t*gZGM#TB4P`&L`^C7T8 zyBSZ>DFi0WkHo!cI7#xS)}pIlPAWUu5q%+SM?vPS0w!%g*7E$rhIlVqZWLS|-g`#? z%*$!^TUym0@xK1mT0D2cpi+O^+%JHEd#zXRhhAA9v;pM6Z$##N!uLXaCTcx5w*~LG z-s3bQmi`Bn>Ei91w>1GR;?Ev}EGWsTR?zBGUH7KK!7*%zRsYc`WX1wmM$zz|*FDE{ zXJme4PrP0Jyg;B_N#U98Thqx|-;2LYS8`&@$Q`Dr-$zH5H>X{1b8ii&J-rcH znZRex#N%N0rlX_dL9fAU?h55096Xk)EO3Nprrx)M?%}uL{-3Y9ox45zGXbhs3kIX& zUh-$W0?^oEq#0Ms;Cu=U|K(tR7E3M0{s}1w_}$}}ij&=II>|0#cB?H=zpRWC?jn4oS8xf&~;*RUg$#X zX6p^s3PRUWBy8Hf6t1`}+WBi~M{F!}L;*8a**lVH<*8d^MPqvi##Z~PR>@FuL3R1e zyRHv(%oMULu4^qGJ;#+w_PP&MsPUJtdz|9_B}U7_wcX}iV+6uulV(C6wH9~XJrsr{ z)$rq3m=x>J7go*KME+xohvnRkVXI8Q`c;Xg;qY6AVpL=1;Kp^u8cXRwa&^`S9u?tJ~e~w(b-=DH!Heryk7`h6ohQc~fi)HP_8E$| zXibPY^GxM5ONwg!@kJf%Dv#)oo1JW%fGMJVouUmy_ax=@-)@UBmXjqae~O0QnIkt}tq7-Ftg5 z4ty^ zJ))mZ4*8JQ)_et7btxj}*lNUZYi zq@0%{u`p5hfSZjV^(Cv}zl{*Do?a4Sr!tA4tef5_Q%mhvUE!#dQKyic84A_8wRL>j zrA7gxN+U$o{AsdSBdC|*QANv~vP$yGs&w?vZ3t{lq91Ixcn}4MJ2#HpckQy??>cTY zZfhSDWi{I9PN`PUQ;qfmV;_EX1`qyGK@+lDF|8GK+3_LEbVTLP*cjiXRd?yBqxWHf z^{AIg;|o*UmM#7DgMd+$4d8t9ou~8<2rz1PiX}a#jreR)!xUAe6tvrEPf@CcB6z-g zIgmkqiM+;qv{A|7gr4vxi)gkf-Rm+3Y^ZLxb*RB`9d^}bMhzjtpLDhTGtglaIRHQ# zOn~!qUr0CxWUY57qYPQH^+yWvLE>`i=R6i8MVH1PB3tKT>2Y|!u7kF*s)v;>mKLCg z1nCJ-+RKPH-cg`4~gjWcje5DV)Wm+jAL(R@ft}d)QJ|) zUeaC<^UB?lURX^+02t1dGSrI378VbTFvj&VUMlA>-LA(pcF27eCXf!K4*67(kPiZx zYnP}RG{b<-pQG#gNC^5j;hg*?FDbv*bX2<5pb04>wgv>KC>z5?4|*Q`(b$=(fdKC| zJX=SE%FpS04A@{i5F^fbsSHNBQgJ79j~|yL;5d^RiG4$ZlpnN2tlXqVKp952o1dLYs?xQ8N&%xz5*J_h zeL65|yPVG;4vBy3m7f%u@J5_RBK9C9JG}YM{g4$1b&tAwQ8`=Gj@#B_V_J1XTR|64 z`z2gKls+@j{^?-)I1y&6Mu7!bu2Hn@s`E8ae`Gw>qRg=m&drYpGJWl8qAHF0TLIOGf=VC zOF*y}Nvrv|WfsJZhS;FhFWc~qOuhU(_%KO=3$Affn)h&PtZ+lYDPtZXPw%*{@@9#-P zxTMl)Kx*vf7Ornx)A8EC;NFS;rVH$B4M^t8k*(jISZ7_a4sCg5HU~%zAx63U%%l%@ z_9Q-wi{+t5d+`)DG9c@;gp;JoRXRFW?2HY*VIYK@Y$NG-SOrm$NUp|)$lWVn<*(XI zyle9h5Jpy$-kPJ40h1G zX>Rww%7gd4yz17#hlxo})2Wws#&dnv4h`-xL8O1*R4;BrZT^X+k6`xQW77_;n_P|- zZ5a@gaPD1|UNm#IEs-nUXEnT@sV)0 z1p~#3vt%CzfA#1kQ$6d_AY)85B_}GC&eB~Lf3~VcrN!6>#c02K7)ovVhF?`p2$(U_ zh~=vn#mUCKa*Q_$OXq8+YvPJkCiyNm@|ryT`*pWg{V-sHPf8M~hs2;J@?L1&mbWS_wQ9337-Kvhl`}0)MSxi+yV^Wz~>72%FRogdkL8Yk~Mx z$)Q(P)|K!|#gmSFnq(-&AVIAq1dnyQQ$ILk(mXr)X|NZ|(Er*OIFY;OzN}I?joA$p zQ0o&i;>6)pC#ljpWCUrF3oUg%T(;*?qSN#7<6lG68Wh7t1C2=8%6pWR5|$*6c@oD;2Uja6`K<;tQv^sKZNv=lGrb2P*~5 z=m#OI^rRdydh=Fd8SI2!uz_<=7n0C07~H%h1=7WJ3I8JgIenAq?VKyM4A>SGL{jk%2M(5kF=edQ3dG9m9_-|JMcoLguQnB7uRKauofV_rhHjpU|=k8e?&X9Ij&8ui8##h7Ie}V{BM8wziP%Uw-!gzP^tA zfO1{d-S~%5omJ5&(=1^~j`H>hjzxQdKg|xcvZ*W0+ z2>HU8 zeb%a zd|4f55vkkiXZ!_N;kX{6ZmtSB>Tb$%@dr_nuMRQ3`^PpRb7*^_VIVdc8F8V#{|Bf9 z%4@2(%!n;5U~y}hr!e^+4i%E0Qa_D4-(MCCiD$vB5Cn!ByAn;w z&TNV&6F&xHC-Tnq{5Y&fc9xq0wOA2Gr*8|+IXe=M(^4z1_&Y@OGtNVNi?Sj^yidJAvNZx`Zv)#ywA(GYr^*6dOq5GV>86C!$_eV!E_ z0=JE{F>%4N0->~rI7OoGc0fqOMcGgAG?7`=AKMhK3MEsCPP&fbAH3w?ttD2+&VDAVYRN8k>1cR}aS_W^ z|Bs>#Ld(wx-*J#sVqMk8L958>T^l|{@4Y_3a)9!39{@h0(7d-TRs9ZyfWIOb_jn7TD~=y#0vuRuLb{<;pz zUu!ZRn*CYS9JE?n$atZAHXP>lS@Z)NV4&lUy}Mpn(3LPRv$F8*9O%AaKqp@2*B$na z`bUm6X$?Y}=#?cprqltP$XxbFrMyA6A>;aP^M%K~8W0%cix-yUYQ?vwMEJU6zq)L4 zmek|e{(5MuGC59}m^Ed>s#n&XC%9OFse$_xH${=w8_{HL53SQ9@}mYZHMuK5#OLjA zpd-aF$^mljy6;59)#0|^WoB(izcJB}PU-xh%!;sd{n+yDNWE(Ql|^`~+yjktl^2Hk z2GzzIEb;mp5J@FK;AE&cRepj=U+K26Q86&FZja&;Xi;TpoUi6AqkIoO9%pDB2ev1h zif)n>3NmfgrdYT{OCS=-T=;lkSIq;*-OKY0k%A`E8t7+R*&CU}_1v21=R{<7%gDL= z_X}{QoP9N)xEpk#Ektroey{6et6!F65C+{HHVW~3nSYfg(t}h*CK@_)r7{c4q927M z;kfpSBgpz*RSL@9T^xTr3zvbM(Iyh{lg|6oNZ5r$ zxNyOFoT#(u_0%EtGWg}6+;DGER^xodbn#TDqaiHNt)rcfJ+49%tv4ft2aK|ThpUbx z`vheE=@cP{PYl~1S$EK*WK-l>;3jDpJkZvSiA8}m2@Pdw$ETW^@~kxPmy;6D9Og*N zyDHSG2>PXyzN%p~9-Ez;dw5H^y5LG${||x|7X)=D(_$|i8XvBw!ZhwNhklIbjPh-7 z&|vu))Oi(kp|aBajoV6}>F5ni3v9okaCT}h_LHe^>8yHnAWMun3Dt`LGOEm6xw%#} z`>*J3@k1Ir4z7T;5@ub4Xc@8TqBWKQb;z0EW4W~oefwS_>Pl}vPgb@^elUd)0Bb?} zhec~FKF10}Y15Z1x$3vsdg-2sSPKkEi;&^pq+P@_q=EwH{JRxT8@ve12oma*H{X=v zBKYIn@~=WK39J}rsy;s{@o=HrVRW2eAVw~(@K}UzFGe?cQhS^oJZC+*sS+UyfTDM- zK%A8O7J5#ZC+nP#+l3J4^>LzDA-@&pj}e?l+Zq;jlIK=(;~*RzgT z3r5;>R+!Mh(^HW}A=_>7k}XWR!XMtpvQpM-z6hfc38jg>H{1Y(Do7NW;=;R(&sPUZ z9K4S09jY6O*Ovc)ibyx`sXE7cFbwwq1b+N)Ly;oej33y797GJ7+k=pEAL7^t|P?Yk!+VT<4iEF&3cCX zsIPwjuv4;F`jNb5>?U4hc%doS5E&l$7HTG>g4QYd0DP;=qQNXsqW16e7)CZ)Xu>8} zvl@NqR=1HKNg`1|Z^*|s&Xp>9Q1!!?XdPRTPvO`G?GdgKCQ%@n!lrBz+vcY^db4_; zExX<%&}_Y@r~%_vEDRe^|A7)V9Y1k)-m>DL@zC~ctEQ3434F_ahePRW18RCD5y=XX zdcWZlw;7h-Wf4>Xw5_y5DQyqbvtP_sQs9TuuNebkRPRxTnPk#%YHDw2 z8J$ybY>H`G7G+k&AX|it_)uQBsCPPo162@VoDUK6qiBVeoQ*fS3fAaH$;U{Yu>(iO zlx?87j?_bEzo3mOm(5$Z{t=O6zCO>?EFkqVv)4xRn$xeS$Lqh?A5E-s*34(AP(gK! zg!Zx60~ufgem10xD~I~KY_FLm|L(8Sx}D<( zpZF5DBJskP{ zhw}lI^YQe(B0B5v2AR0;m_k6xYb-qHoQ#<7p2lvu)8wR3sF}_0x0vlI!k7-^Y0IT| zJzJ6jFGY&MOys_N9=^OE^ug6JePsqDFUa> zSZ|ra%u8$FUWw5}duA9#6|)U9cgFJ5Zz9Y;@?nLOb!#LAx2=2-cK1|6nV;Mwtl=j1bUmp41cjYEr$BETGa|k6`vxUUv<|0>5|Q462AIiC zrQQY^sju2n!RIDl$CmF^6gtxkE2=7%zsFso!0idv^9>u;1Klt3oMiWH`U;hD0 znnC0AeQ+B-<-8?#GZ(b-R4Z<%45iRA=Xs2U2BdgP2@2>8o?euinwlqOW4RrWko6Pe zW6HQ~vot?M@-R=g5htEh>GTqR-+iJyt(Na~f4R|k*x66ue7FdM2E>hW^e;V8Vt4y2 zWXVE=jy00*RTiI3LqeVgTG(@giJd;BFC-Kri>^=Psni>g&^(sy4xoFyAPgp%mYib* zvxjCpj->lGu!`}he&DzBBRv+X;jH@Wv4@n1IUuP_=+|+oU_e5%Xek!U*m_wJ>7Ki9 zAHA>f$-aZGih3RAr=d&p5~cm=P=Z_(Sp$kh+D&dGX0L)D19Y&g_NsC?q(=`XTITri z13qZGv+@ZkxT1<;A}8`trK9oCLFJO{-!qn~IM^dAlBPV!5L5aEbIuN2jS!OuP zJ0+62f@s6yv=*t9(mn%1RMv|ekcf_`AX;b@;b(+V*3Z^SBRl~qh(gjsyR8S|cH`># z#Ct+`)W*unhAF9xPB78kBT%o9tiSiju-T`|bt?QaCFU{htAX9gyP8$z)NOz&xlhlkj^n zSr783xZc`NGlH1luE^X5d0KzM%V|49+xNk`{=I?=i?xcMy!<{#C&;QlWFLtM$5ebJ zZqkpwlpc^kb-i|EX&pDVk)k4bj{}gq8*(5W)l{kAYd{RfOedxxhgB-XZN9a#2&13B z_;`qkPQ{X+aPbqcgzx5*Y6A0@OqFI0f#t#5O&diWDY?!s}?h`w?b!J6yN7H8?gDgOir-I5t1y=(ivG5Yd#dj|nnB*ibPoeDnN5!)or zNK3VLXh8nxI6eU)y}64;-P64TEfnoe>e1z%n=GmXzHMH`FTCt*=)b7yvUGt>T)rbq z;oLZSBe!kfXUjP_bb`8j-HEgINTJso)SAo+sEVgvkA-mrs6zS|!c*ZReG33N-j4o1 zmx6g@r2d39Up7A_!uGt*81b@*76&G3Nj@T_4soJh1hM94BlC;*#ph~^b`i_Ld%d)b zngtsJqB^*$pc6Hg!xoe}w^~CdoGW<+Z(x<)M#YVEV2++?ayJsS)-V1vVeKj{tIl63 z!S|=V$99l-s-4#R@Y}O7x3N4mFr;>(9$W7;^LzUFT~T2K86pw1!3c8f4!)1(*%mCj z?#>t#N2DhRG7h9EfN={(4?>5B`7Zh&ZWd6yX|8xbg5TUMC3K|bIn)^TbvrM)pUBSP z=~t6YmO$S@MCc=*3~qH*&iOJ4#N1~}or0%#LQD1lhKhy3OIFQ@bx+B@h`FHR*Til0 zP&Hd`cif+L&A{x$ziXoV z5}v=~+Tpwz#0eJ1dY$KHb+NeYZKEM+XI>GP0Gv*#kOV4aV#>mlK9zy4!0v|Gn6KM% zXH`frR-%FU69Zy%-EXbQXN93>51*FA=_b2mW3&^q7F^Z)&GpdHh}r2^8^^N!`NkE4 z?E|Zh)qC#p|Kt`*AWdQuT{ZeZM;{@C-;+Z$AY47G7PYQXb&uXJM0n&#w)l_+l>4>P z9QT=GKkG^?-C6q5DB$xTv6Uah_CX(0z zcI@Od>wuXPXh5nXT87Vm0I=DJbC=+(f^ZS_H&RC>{b|( z+FEG#QEw_G|25!~xzC7XT&LZ&CIvHFx?dJ3T*}5Eid2ABYNC{_h3-0IRfmA^h@?q5 z1=@S{Arpt{${_v%C|B0Jake2yw;_YjhcIXqNRUR=&|vWK0;^2D0oR*kgF^g~wlrp} zev#K)>XCQ8^yMoFKdb(16p7M`&)b07JGuoQ9yIq>S@W*;8%YZ@2p?gid$T?&J}@Uq z)pF6V9V!?8fNa*T*0GfIKgbp=yQ5Wyr~LF;JcHfD!!89B!Q~|h5k4^qewI6OCUHIn zevB~+yE=s}wwScKn20zk6&k?c>vz{gQC)jT`&Kb}OI_NNtXZ`6YSYg!KOY9CkK!df zj1=wfM0blBWs+H`5(-__0Xui5XA$N_;3ZRt zvuf^rAGPI5gnHxbSu@SS{?esg#y(pe>|L$4oB9=4U&G(%m&&y4S#+eD;e;8qzwsU< zK>dlay&>_e3|K=rkW&=_zFm%Dq9y8l{*B)d&^kK(OCU_^YJo+tC?0wcT~jO_y*Zpe zILJ0z`eT~H{9;Rz<>hd+0y)P9sh?RE>6g_RpAXN1^|~XrdV!mw#2sKNX+HZCG{2Bf za$C+$TF4v%wT|vuf?;vdaQOP@`;&a@^xPL*0R*%Ia{k6*KzSJ8vQ&H{V$BQ+^9OY! z-6J~G939F3>7aP{_ugb|&gMDo4L*~yOVap6pbi-Z1%U&7rPKb0vV}nKIf_OGx}AOJ zA;&>YQzL-c5xm10_yl$q931Qu;y?7f7lf<$!v8Q%q@6E~hE_52iwtJj z1~0Gz&7;sBBa0wB*_rPiBkYDvpY^PFi^3$Z03UO@!a&SvVJ1=0ZrV)Zc#h{;$`y(0 z`HNFFPW**AP7|qGi!CLfRGX+B5)ol;`RSXUrCs*9_cNlNV}K6k)rvspu{ufrMldpB zxKqvuIQbcOTj%n1Sm0?|C0Ffnx6yb$6mgtn>Cu%s5v3GU5*eI}5ipi|GIeGRpC?js zBEEDIWsoz{vO37B=_h`i!kfPvt7X3oyICb9cBOm4R-1M%pASP+GFo_{$dU_Ion$N4 zpn{--?RXr~P4g*CI7|C|Lk=xyyq{)DnybO?f?!umBVxEv{zu_xu^e7QEbUI2OHNRa zI?8?Xm;~p!_PasDCsf2yKdw$4!~Fp~YfH-q_04Z`%ZZ>Vok3}oTNTaE#Y5Tl6(A%0 z>BwzjKu0l{-vh>_XGW&3PA-$XqKu2J%!bM1P5CEY7c2Mfmm?$6Ktp>$oFqsYAz7aU zT#%VQP{v_>xMTEMJKneB+3#xuCZ|azQO+^qb=wt0K($ojiAWb}cU&J8_jRl3u@k<} zYW%({*D{31d5!hSWRp7>Q6K~d=L;xH*xmlF)fH1M5u*^O;I_MGS-ASwl|RR4+S#D- zDIlOggD&I!!gYGn1y*^c1)1>G30h<39PMe3XsS8(4O>p(jEbZqeDnHs6kU{a9Mzky z+fi?+S>D{0xy|rnxzgW&CsJp8`8Gzw&$@`I;eJ8${;d@L_t*#MKX_I0TWK2`8-D$F zU0-kVcnE$k8Xr0N)Je{RSUxZ^;3hOOTQXkruP{8QWoBdP|G~P7*67g@G0uVzPc)n4 zmiR&g$dA?>H9WFoGz-qw{0cy=gOfEPQojZ?pf?1I19f)U+zQ+@I2JUO0S!aVdw7FGZg_#c= z+Rw}S7PP#I>#I<@kF93S=J)jN#5o%KoQS$u9I`W7viXUwz<#5fTrG&Td$T&|6%Us0 zqcwgDR=mF4`5i{zqbB#5;9|m1qqhgo&v8{5G7olWG*H_=GAQLaYq8L&0=|;))M4%8 zqptD#nTBJ}pyk-UG);x?uWK70e>37Vy@Z@Z6bMmIc&^{{L zEpWKG4B?cHy{ipDB|_8g`=2gVcFyc#n1~4KBGWG5_YGB|VM=fT%Znx>V=_{u-mBFb z`HA|M*XPokL?p};{#QbQlaf|c`CO)HAkX<8&eR+FUTj)SX)$Uh#yOFkM^{G|XT9XI zqrnW8i#LHT>NePY35}0io9delJ^=q5sL&*-08QKd18vA=SZ$HmD3qyq3sLC3(4alP z_mJTW2b_tzr~9R;a9DD+`U!c0moxV!*HBZ#`q*y zbK~k5f#0^0gS+h*IN2u`q*zp~)5D`0=XZh58Z}_E`^i|&VWf=`^4exS; zbBhkE=QREc$iOShsZEyU(nu4x?ODnTH36C^?wO45O~~at-3yP6jkP&qtJveT*l+0FP+t^fP6a883ZP`OFd$ zgy|0I&&BGi+2HIgtw6n9isvUG?w4Kfl>9Q_pwU3OePzZ0(WjOFzA+x$KQ3r!AGD9* z#sp%2^>s^$jmqzMCbc0a$BlSGxI|`W0?Y16Wr|U;h-!)Meb4^%h%%djo>H&A8f0!4 zT>&pX4GlG+y>iU^wsl7@D+jQ)kGBQE`0nrMd|lb$+gqbe@#oLF=M;lNm>TSeY6aQl$);khr`v}#q?ZU@6babZ2B*F_x5v%S-6%; zlCSiDp$FpV;1czK1R(_QDZ?8e&)&sk)!V$?fB&jL8&JK04X4|MdgI8eQ!<`v{ab!qxZM!W z|B}1sR-)+Eko;PzzwBTr%iAK(FyuR-JlF-c-Nyt^7fXi{RTq6f#zjuyQ$aZ=PYOe= zQkxLwSk=EO?2kMwG}c731K+aEh5N%5iPBVbg2 zS%d{S5P#B)M4;dbcTQy};%3$D#@ocY&!LsCUYN^)^gb4bJcy|Kh-d@C)T~*i9vWZ znD#=$4J>sCnee>4LZ))3+UHwTFVxW@qvT`+Tg>S9AIe)& z%YDruF4eAH8!pwn@a*~)0s%`+J>3e)vLxvh^-ryAA*ytiF0%IxZx)`#o@+kb9CA+; zi(M!@bv&EBESVD<6ypuW0Z$MuIIrHcT?!Z4cfLqkeLekP5AQqMB0jPU>b5hR4PDU8 z4LNZ#Vbwn|O!A2~2ODP)sJl(fE3e&Qs~tkPbR}MVC_0)5iKLX2CigDRshj%NA;px4 z4vxL-oJ4qMHs#{K$=e-9R%PbwYoM$48y zLK}2HBY{8taML#)TR1+NKd-%?J%L4(2Fx9zTrSk%AFH`Mruh9&?^If0?Oefa+a>2( zxEQFp%Mv^byu@k~_)$v0lP26UsRd@_HLyMBqb%gaFiIh(mQ)D6rZqhtjeg_(d{h8x zWpb=!MpkL^68q`1`J#-CBpfq4p)Lgp_jiDfxQJX6A(-T53IFBYrZ_%_cJpt{``hb=KR)^AUvMZ>pS9U*wb2 zUuO*K-!l7FMLpu&`PSDb13MpAj!^RZv`+B+VsF>4yXYwmWHkuutKUE2dhuEItvmv` z!7;Kv#Nxqc>*VOf*4fd;vkmxG;d5{8hMgk?%zV32jt5BO3NN~2-Q}{{Ai|+wsZw_P zhE_CVkTZ5S-HJ71#H*{GIdMjYxR2=#=X=Prt0AX#lUFk?{br`7fBxw61M`vmM2WHx zGt!<;a-7Wv7fD%m@Q&>y&Nr^1UDCm?M-!HA<>UrO!!n+b?ZUF$g)=AF zudqncH;ckA&ZH*Ve=WrS9F;Z7E3d4mFhzniH0Qiex)rfXLi>`g>npYBbB^CV#`bz< zj~wv=@}N(i<67Q%{pnugzyXys8BrPz<#@xs4Cth;xrUdAc%L_&YveA23h$!wqFB_i z5V^{N>+TdYeGtw=C~C~{fsdq8?Os!BGVdE|ES&3Bja!N@3_%Gf9inSPE=`GRjx9bm zHamA(>?azG0O9p{_E&TUT+c9HxA@pFEn3KPr_Pru5)xjxkoNuFeW(M`EzOl*@L*aO zU@#mLGS57MmyTsvld^oZDsvG#|=boF+8Je?HNu1$+@^(;>DZo`9;Q z6fEba!X>$09WM11ah~kTRbGfsJEMw_VE6)oj7YXbHD7{ps|WZLQ{XYMG^|`VM$LwE zM>6>AntYd~#p!V)gZ}4${|-VDbfIL@v;%@DuE_mAW%@6XD4 z94w^w2{%hXH#bS4*N1_S8Tnsc=iruEhc~r0lq+ZwqWXSK68!i5O29!C8`P>cgzbAM zdtP5SAUpa@w;uY4o}?zm#i2Btq&Z#2lYey_3jF%@ER&DVatKi^(XOFgs{X5+MmoH~ zkrwVnn=?2cn#3nYD*U#638i0VlMTQOT6)N7>;>45#yDbLWjUWO`>lc#c73IkgvUv@ zjq({uo~hZ7$m%}WPH(g7z5WU*;JEQ^3VOwSQ*hJGes%1T)4ojjm=@cNNnI5)x=8K; z*aqL<)pZ!l`|rVjz6ZmMQeP{thQ=)g--sCj#dGM zC_Kzr1TpHz?{H(oZ_iK8M^N`~!?Y$aYMp&Xbv-4tx<1ee{PTpP9^fbx^4O|!FxP=4 zzSQG3oAn|Q@Jx1?I(?Q&dl=_bV>QFU!ZLRWzg1Q6(Yp4#1)~1M8f^c{0UDo@Zld3D zk(wc4(UJGw)zx+GfnDJxvwFUO>Ez#yK0VOHKUuQuRobYk9y(v{6z@PQc*5s+QfHjq z-8G#E8#z1vg$=Mb*5LS3b%Q`$u+h_6pPhBD`+g<&y!3 zBkCIubxigL=MM?#&9ZQ$6i^%x(KJ;hX4uHq%8VaGVxmI!v@C4XosR+_r=lYzZ`cR&HRpMv`7Vju&dj?F9$`c?b^*e{ zACGxGx}AA8x9yroXqqIUiG2+yH8r*G@vNo8XUiob9dbJ7`+Of}-xfP9F44k!{yPzR ziPHq7YU$GgjofsHm14bGjlb5L6+}lepuslu9oUqkA*%v=%ErvB&@@}>SzLdv_O7Xx z6InS0ei(&ZH)^XqdJr(Qe*AXVFnY(kuA z(ST)4i!a0XB%nO-0=8)QE48DpX!^K93PJA}NY}q&b*Gh)b?^H*HWJ}|Q67@O;S_c~ zSMX8h(rYMQ;Z*&U?01wI)7Fp4vPYR?@_6Le?Gpi}zSS|5nUYXoIu@++d&(WGD3{yX z1@(2ROsBFT#q1AQSU`S}e?@8bVW=RbbPQl;x_y<#V-sh$J0WgAu-<_AicCWmZmVAR z(|M3n#V{C%&-d~|TZ}IoBy(9kQ8^w1Gk|d6b@=9Z(*)#vU!!E`V0SIF7F_3d(kiVt-pRRv|BTugOyU=HG~;O z8%kEjeRL*&HNUvmiAe!{3a&d*8D=LYwa0y@oA+z9w72!^K#oxK}CWgvwSM|I*ALCU0F^4#QXZ-x!J zFLqJ+-EFSfM`mEK+=-9Jv9H!Tlh3Z2oLAZo-e{JDgSdhLRkrTehgfpYaV4|wW!2g zxns>UYcD{bbS}1&2XrS95(Q>mF_5&h^fDek@&D0bxGz@Op4*NVegzOta%$>f=>%5K z`$lWq_3#EWtI*o5o_V0>@vz*tNk;nKT@|ZLDge>3T7Nc{E>>->uod=(6l^qDHBG_% zCKq*)*I4>sJCaob3id&7eGTl`kNWpA@34`dvV;RhQZPQaJfOFuTg9u?*WIl)KV1jL zED+0JP@sbpv`VKNTZ4HHu-~g@_RkrG5O}Q`%DBveC-iLrib+kxU0q#6c8_K&&*^zM zd3Y2xU$m`G^7r7%v6`ZwFvB-c)*Pn&F_8L9sAi&Y-G&v&?0{+Mo ziZeli@T!#U0ti=5wsa_IX^v*8#`)oLr_~Db3jcfDD`uMDSf==hAEvr5MW3tAo#w)H zm&$RG`MF7E{BEKh+?#-A$4bNQ38TaHAGwiHAvd)Gb*MtlQ&vMdnq{$OrlYnnD!m$8 zG2;{d<&@}uU)$@??q@qX0A6#Z-dpJ!$sv8prjwKFx;-@Gg&GZq%;xH zxo^R!2zX@6nKH{`5Tk(7a59gDZRBIKu`IBFoJ8wKLV`}-2Sy&tj$Q#@3iN-UhWg1# zuAqEu;f~J?9NZg4kY2TC=qg!%vPf=fS~WQ+xW&dK+ayB*QRChXt{|0+Q$TK4x5ASY zlm|9IlcFUr(rt0cj91Ezqu-7Yq3~9o)0a#;;8AAhWs|IMn8K#T9N`Yo;)7f;N47}8E+2U(<78uuB z`cKb^Rc&qe#tK1$k?RRCnmOkStIS+n#~0tgs@D`HMMWph8}P3Z{cktB=b4t4o3_J< zv?L`txx?mV)yR;4(=1tIHMPBC{Gf}d*jS?X#{X&E|2ICVP)9|VDy4|N3!s5fuxwP- zo%FeFzeI9bKq-reZhf03zg9%px-6nW+612u^^0>R*A|MkWY4bSlw&wRl1k4t~; zWPoRV+1A>w&|2C4(|Y1iMD7Meb!gUKLldhah~f&hS+tpP;y}QJL&Z}AHuoK3enU@* zyB84|ncj~_8Wk0t!bSpY8gXwuRLq&NYNFCj%%udEOfci;@K2EF=RH0KMx34=!m_cV zJz3);lZG!A_e8!{ib|B{l}^nyFt%!xSc0Lxl|_0l3f`}5cl0GWVib($RXR_7_qGU| ztmh7*6!X8ePDRp@kFJOtDi;ddVeZeoH zu&w;b4?)^fV7j8G{KB5CEq0DMM5HiVrs z+w`pd$@DhRw%7-op3gex0XM@i!F$d>oA> znC)9uq~}c(^7rI&7TxnEHz#LmfE-oNeLeB>5*rpH%IE)A{ zr^0_TtD@0ix{Eidr;FuVwn66W0i2u5#aT+0lu^5ZrwfV+V52Cupwy!I4jwVH#vb5W zRf_BG?q*Uia(?NL0x(Uiv^&6h-|}_ID%8DB`~!&beH*5Pdg4lP)}>Rpq?vAm=0FK4 z1=24>V5Z0Wv!UjDo!Sc~lE{4NT~E*TQti`fWbb0BLYp^kJs>hKFa&gmW@5PzB6o(Z z`h`>#U$b>^?KhsqWxXB?3v5c9#!qIg3Vt%p*jEfJ2W!l{d2&@xYh0RZB(!vf9zK}H zmYx^$qLP@9H!=;0(fC;Eebgu7C+RR1FFA=@l1MJs!82qP?B}~DwjFzAIP=8@`=P`VGEW-=1Yt_UpO9Q((RTPy`72vJ)5kUeH2f(imwfZ5{SNQKh3YUoLq3?D%F` z5_O&u-gQPQy$^8xz!&6;P(35I z;JOhLI&r%}eVM?HkLUyRN3*_4Q04=bQ5SLHbbbBsX4INc_1b(mrBhTqfd?tmO#Jh3 zbictg5eeuX0Rp@J?|?7b`0%42FBi~>>IdfmMdCX(H9&f~Cd@Hh1M}KXbqHx2gecjT zSc)t7@`R>}`gpD@b$@vnMro$@vNFo7tIomHT>=_TDRQ)p{fO1k!lWgGc8k5e-GEfo zs;Jw}+}vD6lTsh#abVo_gq?i3Z7m#>*(O7126p&8q}?AOUM%gRI^a!Y@5^iPqM(&ePnk88+C6ON>WlrvfY+dTp#&_jm={TKXEZ2P-Y;W$OH*G@Rm$YpcS}Hl;-o_^G^u9sd|Ql z;qIvEfy-+;xYV?)Yi2%jnT0`we?p5i{Kh4Q?RkNJQ z0CVVM6x#JNI_=2>SYiigcyLL$N24b~4eD*AiUo0Rke-jmRsa!4u+PM@q19GMf)hv! z9-UsBiSD28+~%ye6{zEN69hhqda3HW(;i=hU=-KvMq5R7EZdItDfS zfxHwR5u`=_-#E%xjzVmqu<=P9v)0nbin5#EEob|#k-b}|Y&tdiV*>q>P`nY#Ml0D< z)`k*|hOkm%*5?Lu0d{;;Jmz2xCr2~yBCFeF!8@3PIy`A*b-zuAN0G|jA?xcU& ztrT&Tsm6NzmsJ1X_jO;1!zxdBX14D4%oxY zR2ZiM6~+Gj=S@3+fUW>8qYmHx1K`Zd%~8_0c|vE$4_WFxI3Os;7Pg+=Yq~Op<_zb z2`R_Cy3(j&(aXy5OD8S#5$Fb(>c`>6*n$QSgYvvzAV`XHWng+CKrvcyTgScmIFnv^ zZ2%JZq_|2S?AcNSi`i#jN{*c0v~CAYrvMmSN@$5VD_%KUK~Q(i(eAekjn7^Z?1}z(?WOj`_b_OF4PfyHYwGqJQ2>|8EwUQ-eebwdaaG^9DbxXM9r~+lF>{$G)B!-P`U#%a_wn}=^ukYGxrh>DNX5Zkf?`APY{CK1-cQ#lQqI&nTMUp^6-=+AJszuD?8t}5;Yi&Cr`u@G zSVu*~$madU+Z*6`SILKXigK|5G;+Ij?xCAWCXTxpVM-$HQeJd6xcJa>!_RzIO<%d?UZcs& z$_j(Q2b?3BAl^rR1|b0Usc)Qrr%^Dx0%F}xi^?@wK1~sK+BRUF-!jKM%}2>8SQUeI z6WOL(5Z?mVAg?UWl&zfGukubY6x3Ub)Rq-ui@Dz~M1XkZ?^mz(f>M`f(uo!b`o~kB z9eLu@KXi#fvtw^JJ0j*#$y<6RXu7th;rB;uAnFLyA zVqPh9&|Xy#nr4~4q3x2BZ7~uY(~xx40wLW?ql$s-@Jj3RRJM5E?B$Z-O|W9C-eGmm zaor!QLGJ97!tFM{X0FRt)Vs z^*=x4b=x?rHV zXIS>(8xEy~OGB`v&24oL@wPl|WFBjlFtMIBf{^L=4g5~` z?0Cl;g*6Tiv4?fVnckSnw6Co5baFo@GHG3c4z5x?n5tm$a81niSF-tHFE$Zan`@?- zIIhM0w)h1@NTa|jcL0LPypu20_mc@Fg}KbQZbr!pi9?baAs7UIc(dT;!&*_n@y>o( z51;22WQl_g9(l*C#(j636|{2UPKrG~7}MRp(!sO_#f^ECX~YXA1vxg$(?q-Z?QzM_ z7&GV(i~?jzd0ZX(8Vp5yv#&c9Sg5K__;Ty&0; z+z0uHw+f()l0ny1-Fq_ZGN%;bG%{)$C2*U)X%%jBD8q|;wuafb07Ak3QK|G8#P~UK zXZsRE;*FpVlLWt?!)&Uf>FP%b72s9U+UE?n{93{6jDWC_uec%e5q&4YQR-13u*%Gl z=OKB&mmFb|Uh=JYrm0Y7tAC+LzzM0FRMo8R-SLDLkNt%Hi@r1{^S)J(JC;MfrF({S zn1IgqvMDY-7+B836XP)1!Rvu0!A3NB6j`8jz5v*>a;&wQ7>YiBQ)%`(g=g%f_b12lZ~!0j?Jv;J&XW&pQpaJl?!uYfWCTUY3_ct->+|b`nI|9A zzB=e%9f@$KUL!_9ygW@*-?N4+R?gQoNY3Sr#Ij84(j2AuRblY1u*2Xqn>qTn67qB? z5_h?@cJEe{L3_?Xeoi=zEKdgC^M~#HjBkjBfL+Qn!>16CP>+$YVL)ww>5) zdXD6=v`5J2D$ecgKd(6lpkXFCTE(o!LVDh|ewxZ>3z?x7wW%52$^^9X#G@6hse0yw z;m;b&W)Bm6Rb-W#nRqId3d&@-y|Z@0&E7bXE^<$bQjFb9okS5(*>Z*ACbvLoML z8g-gT#k6Rnc~b4Xk%;7#h^a-)1Aknxao6M^2?jK+5|k>$bM6Tco##%0*Y z-gxTFTmVc zeH>5Q$$+^R-|px`+RR2ua!pe$S;7}grs-mGQRnJDuR-PV)$dt>a_e)-o}NN|!OSCD zLq}A=3aG%IR=VV}&MB6zW3iuT)fy4@80QP6E5sKcq2~v~P;eG~VUF!w&D?UPP;z2oPU=O(*(VOjG#C^g%csBUyO=giITSp7rq|qG>o5{$ z^`IwS;ED+GOlpw62fAeF}EBM~HX7F04Ns zxPs_eqngfQ7F2*%y}4O7N)T%2yRse!zQ7I-gcJ>G56{MabW0cOX%KQ&wwnC|!LLe>F3@i=s64Dukh=vpe0ds`%W9+y}P>mG982 zFHEUsy)G~t^NJ?NGUi$BD!sLaYzAQ(!GK-5=SWXNCY)koKNmFU9&2Rbqpk~M%Nt zlGwEt$-eUp_ao7hagfziKRZQlZ_i(^7a{BqkYTXe9OSwB=>J0Q^~w*JeR;`^;+MBr zdo_N~5L`&!+%C(K)TSt1h1#am@JAr%U9=7cM8=2bHhq148o|ytKf^7f6h}S)bWauZ zbRXMCXSgFS(ke>t-v9Xt zu3WIY%_a8V?(e`4Gerl4g*$Bq-nuEfxo9Z5RR_04$SNviqFwu-p{GB~_+aaZL-hE2 z()IvqD&GC+Qoc>Qw)}de=0`DXDf3*tjN&7*7d;`Ke0y^Z;fr@Rv56Rs&h0uk5N#1# z?nEqS-a=liwHtlp$S%<@qhamj($POJ=|4`pRMFc`H@Yx9E{V%A;!kW7W7U2`zne6~ zem&;9oYQya*MRHCuZ%hBBY>+9-MGj785a?*$G;sCf>YmU9J_T!Uf+~x&z&^wHS|7b zktpy5Q&ZAnT9o6ootTCQQP{&LvL9$3;v<3vp1Kl4gk3rn-r*$GeB_!)TYi`i7QhUb zf&uuIXotsd=%H6BC2IHm18CG%Q<6RGn{B^zgb@qIO%!eA@v=YN;QKlH*A-T(jqe}e z`-8d{&3&PQm0Tt8yP0t7HXW4-*a^cOUPch}E%Z(& zaX9{P1L_r53km8+hTy8-*z;e;Mi+J2pMRM$O6^d*neRmI6%{Pep&8FEYTaOf4NGXY zLNvL#7C#9W-^-MUPjHP}JT7&wGosF3E;zFel8HlmzO6DPvcc+$b*6K-9`%#g+Wg?i z(JM@RB3n;cF!S5aAL~PJfvwFb0L!Ylc3#^N@O%*nAC??)9E=E~6tcbH zk)D`eW6|4<&&oE)hKS{>cCu)JUg}KlxUrEi?OvnTkxYjj)u*8>dj@G>a5Q# zdV0J}v=;YZ?Q!-ZbxFA!fe%%9`{_Cz+C69F6jcjRMn5#@`~UOJ|Gq1=8%R6&W(REp z!K|L;zowhYGVnMcv)C%`;FWGguPP($d(9$1X+9XS2nqmsx=pT!YOBu`F7?upGfmPw z83~yDN5pTLw8{&X#WCN18XW!bZhRJ2GB(DXyX_8C1PKOJ&g7m_j$;uJ*d-P zHvD2B4QpI{T0?tA;kz4eZ%R*&5FGmOg~`>4B;mP}%k>{dD|ub?1KpaPoiKauK+BP2 zsL)?9u!KL?v_7>KvQ_`Ur=_hsIC$vPZR6k(qO18rHrw`#g_GN_MpY-0voe>Q&J0i# ziSEZC7gmq%N^~K+*veIPqrEj-245r}LHtDqYuOG@H-<97-VMhuS&Co5zJ_~Ve|#;L zYd+SrmFf|xl5mW12M1Ckz|NMu{Fku|CO5IW)pGB0rlHmG6Lnh|;}6pRz3dOq@$ov% zQvJ*C;Omcn{j#A_9xhYmu`Tm8xSqC*5NJMk>v)k_6eqzjYtwAGlh)t4Q{rm5OwsdQ zF?OG|B2Y)3D4D>RVn|k3o3kF~R2}(80uI&C8vZc`*J+yGXUXxe@-JMFwAwB9G`|nq zm%p5pi19rnW`4Ybz`nhFmtd7gns0eg{3H{2kI&W+$INIr`cODkOHM+w#48eK5fdM} z!|yVm)C5bcU;*x?as(B4?eek9s1E`M@5%aE z;4=P+enx`M&?-G3ikut%({@^Gw#~cmGMqdAJFnV^FR*Q340AF{IFM@X{?{E9EoZ^R zHbcR`V}+Z}MwM|lb1X(BV&Mj#B#kM(nscZlOT@wkjdgIX?ry0t3{v>EMRxhW${E$= zA%v(<&?_b+sy9~A(k2pqcU|s)<}^9Xgw<}dQToZU6d7O*{l@5p9>=~fOcet#J{+3p=#H|@FG2#JJ?1jl=&@o^lblo8DnoOfA?gBzY-o| zE}?k2({gG-jRx$yw@9nWS8etU&kn>}KcevW+0Oc7zPN{fqo_?O0NMH0xQI}5UFo}> zGQ85gp!ElADV49JX%?41=y5bQ#1F%PLTDIdE z$YbFHUz~sS83jpwddRxn%Hff%nf|ZCZt9B?nx~>oZ!H;Rg+WzYpPiTJg z@c+C(@6?6YlH{VS;QGjm;l2K!*e25EW$ZJNv*ArPgQp><32&GvKPzn36(Gr$B5B3{ z3ffGbI7J$dmwr!&x;^S*%=-O*vWF_BGsc3FLc!_7qb&5~eMYP?IbZBQ7@wevCa_OXJs8Y0 zxU<5h9uwu@U-G6Nb)fQCMZgKVQPcPE3iqBH(t*e!OWfqp?4guiwK^s9Tq_BzC2>5}b+ zfP4_>2@<)euSHikBEV-}ilgfYrMPpKo-}9^zveKCX6~_w|w2B+BvSk`x)}h+n3} zT?|rFOtNW3tOY&1E+(xhn<4aY2``9=5|2b88@HaW_kR8oxbYZLiDFM2(Ex#qQ%}g( z&Ty)Cd1z1iIOy*XJwDo08(inISwV0yq)^7x{_bqIZ#zF;ndlu~W?4BX*@d0$-k32M z2klP&Qn;xzqLCKBQ|_hb+4A=WZyxa>EU*+8og0L}?~h_E(}PUNJ(fv76p1_zTVoG= zJ-Xx2CNvF3GXj+9dQSrdvwmkKvf6Ktv(z`b=O4kHNbp8;Y=`PoG8bM%I4Kd-ZHF&^ zIF$D9Sn3I_TO1YvOCT_DSOH;jMil!*nof_f!_v#SGL^{3Veh2RsrWI{*ZBuG zl1};!8hBzc$#`uk9UVolT#%&UoT|YDc&(>0Xte$wdboYv)j(KoTz1LudOTnyFf?Wo z+s4Kc*l!ov5^WMuTg!`)=lC8DyVOP>n@F+m?gP^$^Yifsj-h9E>&{7oe)5v|ezK-) z5&uRuIqrWXE(}Vf60D1j zlX3aia*DO`fCXi)VufgnSZ!LAb7iUNjmA$22>>=EdIyB+L(Q{Ce(S1)8~X5c*}@y; z^jN21%`AqAHmdKr59;kEZO}U>QomN+Y#5OIpcU_4L+F5lbze^P2Sx3%{7*KN!=Z(a(z|!xUDZFIJ@EQ`TGNHn0BTz?w?MS5Q+YA%$yu$B9C7$oxjX{H)P zTE^0ZxBCr?#ANst1BV1Z4b7JaKH3!ZwI5Bd7ZZ6a-o=7Ztg&^KYVyW`7K{H;br zxb>;!qS5T_G)iiMzW)V0hB`m*M7(ZOtra)v%r7GdC#S1YYzT{kjD4Vw!$q}54xFe2 zZcNO18Ezb%l8MgP=lW*S#Z}uyv|VC7aZr~Ra@!TB$EOmo@)!q%TC%nH0>4lNnx%?j z0uL^2#*e1pA6aIqYN7lKb{`97CoA2kQr_H6C(&jV*RV(V{6d{va@!*lVwLX0{PGCT zE`D{!RxH>hqFdQ1gdKSH0+d_3c}c|kLS>GlB_8A@fgPUQ@4fU_Pfl>AQ%HI8rzj&G zxB|rkl_35v2%F$t2@j#~gKA&ea|H?z$RMQ^St!uZOI3c6A+2<}NQ$=YdTJmWjbs~1 z;)L1oU4Abo&@SuD^0K!*IKFY6oxDo1?|JJ%N1=Kl&syPOSC7`&me8j)VK5|-Mi=&A z1Mx+-9inld0`HuC?Y*ce;D}`Qby`Cm>ll{0e8UpGOf9d=F5t_x<=#NT|g2?io z7RRU+Tq*h+bpP*SvuJ?FG9(a0g6=MCn&J@ny@~%%tCYeZH{c>8gmxH zQ|VpdC*O)c6IXpWRGXAxfA2sw8v*mVa6~%nw_R9YE_eZpmN-N1$jNkS<{ZOo{*Ny} z)`dT&^Y2U5iFkBvHND`#qMl1DF8Oe?xixA|VhM<0Cde^>8q_O~P; zG)dAU;2yqHgGp}54p&ttqo5B0r^f=Lt$dkI0%ZfQsGk2Me)2I`s=NRY1eAYQGTxx# zci&)x?eRkwTffH^g55sBxyRGW4cp=LINlL3l^eD|5NRBLBc#8a0D+sz7K3=KRdq9& znB{qDQ$&YCJWHT{_A$CBt9ioDzrjCM-!hCbaAJimWj>A|-B8Nz*1)=SMs6Nkt|7RX zQ)tfj=5o&>VDF=5R;&V&p6-`=E_d{W2ghaHwFM9hka!1S^&ULs#gs?gnt2tTyY=%o z{4QW;C0Gf%EW8DHShk+ul!*Pl`}60R+vd2_;jrnfN6+}j58r2PDPSB^LqFO;b$1;_ z`QZks1g_gxvNEv_OO)`AhaWrj#fyH7QvZ zS;Y@7WrI5|?nkxr&>yfemj=9R)!)X7^zc(+%^W_xFk{-D^r;b4)&rqy31Ow=>uOIN z5^gj)B3K-)BjF$Kk)|hQZU>3&tlzg=$1HMDcK$@`|xJ}diU zTY3JVS0B3g8VK^FD}~_K7u)IYv0A7l@LS(^rfQQYGBW0}OmyUbc~i{C^?boP3BOY2 zZ6arEe`W}Y=u;NM?^u@(EiXn{W-8<8ECx?|Pi~{v!-(OQ;y=Ts8u*XjydY)`qdz2tV$dHd*tMu?VwArnnnvi@*ZQ zu5|GkrBB;z{X~t9}Yx zrr8b=x{ZvOWI}!dPK`|X8(RBY^VV^H9Avhjl-EikAG(DUzD(k^Q+!7iY5=X9Ev6Z` zLdjI&B4#MlwcbhdS(>nSyEFQ+ovRxA+w&hOCQI7Sgab38_jHI5c*XMc0K&X~+#*DK z<{-oXdUq?rs@*Y0s^{)*d%5QFs5pjVQv&8)NQqdbjIa+PrY(08KjdEFcu}=j&(Cer z4X$tM!b{Jy+Z^6qouZ}EiW8`*DS;umsiC{td9s*67_~w91qYu+!}q#45E7BfT3pR3 z#ott%feOx4ZRatm%F%XTSNYQTIyxgCIj#9ZD&C?uZ}qvsB}?hc-&&B@{uTDzaR)Kg z#eMmGVgu;nUkQ^Bf1hy1;LG+~j#$7O)*G1#zViZTO~c0%SxheCd7ha!{h&n5M-;pc z^X$rZFjd0(LD9^%M`1y-hpfW&s2$ZLrR=P#4|A-_%{Rt`KKfOoiPd6@^d=Kj<-Tpw zD2Yxxg1DjdHqm=FTYW}26(`#n?FzdvE1)j2pNK;)$~4BvGxWgt)#};q%-PB31{9^R z`=_UB{P{24_`F0N3K3w0sEGs$mT!z3=X!zsRkTFxfrb^Pmz09#JqKh{JUyhi9`_0= zV7iz=YwM+!^o@<1QXM1EBHjFxQo2%P^+MrC`i@g#JPCrs9nQaUY?}gAMfDGp4dW06 zg5kXC{L>_+2jAxw%oOALA7|dd@01xQbpu)K{k_>=lGp_A9lU;F64w1VdSPQiT1F}A z{lOu2e+Ejul4a&$IqXj1&N|?QDYe94J5`S>W*H){NXpZuGP%yMoQ?5dFVh{{=$=W- zqywP`o*F}iBU%Oamu4S`yEKj7EO-HL7=afYKFzgs?!Yc$)&KPCn{5zMyuxZ-F_KfSe|ZTwP>ohB1bb>qNdY8Yt?N*svS)W|Gg9h5af0 z@?q;XFYUZ|r2f3DpWIEr?a$9`^uhtO68AsK^7Mw(7A>zZTMGluG4cJVF)+=M9g3h9 z@~3<^em4x$9j-94R!o@8Cmuxg;W%AZy{l+>zb|pn^F~5S{=%`$)aU(g(Byx=@25;@ za~PGqLq$t&pDf~*RPa#X3EJl%AKe&g3_t3ZcN~zIei3GJ$^$>gyl z-gA#u++C**1o6dhv&KaHXuy=#88DkF3Qt6rpg3Ux9PS$!J)ZtTZhHr%%}K)iS|#m!#H^_ZB|puSf~*WBwIscbb$%KqVRS!Cvn%f_FiidY5%)Q-Tm zEgm@g^ z0l-!YGDdF}y)zKO#7=p9BPM1utoReE6|S6Ab3iHmmcXC?d5M@f0or2rPnmsRi1WVL zyuTI!D2&`8be}#+FlabOWl5(1h;!U}(j72#^+ajuH#>qSqQf{eK8`CU`3acaBft}V ze`S~$(w!i3-q71G>+JysthTDR142p0s-%*DTTqD0A1r@2VQ22$;M1uT{;V9+k3dUS zWtn|)z<>a}#sB}$|GWWz08qGXoJhsnim(|pM=_HA;IV)oM4He6%=bqpk{$Y-k`JUW z-#lh-aPX-_XU}@hy58mZoO#46L7c^aBQjr?CFuPHM0w>-7`Q-BIVcnD*I_DQXMVT` z7hOw*`roCObwm9r=RQpVp~S4ZQJ*X@6Z|0MjHYIW-^KeLk#63er6mMJ27z$*hn>W8 zUS{$Sy0s8!$~Om@;e^L^f~R8b%kXZLuQBC0tfk58JRg3c9oP7xl8Y8&?YDDw-1TYI zrr|KypZskYdb8~3zTWo(tw$|fUrv#N)5df$D~ij!KP=H5q-U}rCh&7HglG58ulb>` z))U2A1M`g@g!CZsVt0ezi}@6;YSO_1DQBWxJrTRPCd^$jW&LJTMX!XC9zekO=0V0Zn))4Cv2_%EN;-$A)t^H`I;xm_Np{9vNQ zV1gc%;l(C@*)b!)g}NSDrYXtFX^vwNGMH@GzjK-kHu2@nzakHJb6k<8TUJf(r9F@? zwDb)OCpVjzPvEk+@1fs#d9@GAtiiqdtlPH}VnMcq@cK1qt*B$F!bNQz<_ym47jb%t z41WhIh*ncMNI($8Nqc_@(X%A%dCfo5u%9{XxXxm~-k;Lj{h(?jUR{x>f|@OV8{bil zhNUt`JVw2dyFt->0I8Jr!vM8rm*=nloW_%YsnnnK6HGp8@6rri zkVH&sOJJl{mFjTg(4^ogAV)DvIy=K2NEYF9zF@$481n%7P!GJcmJ-+vsnuw{@~P`S z9NF8iFfMWXYyUO9XwMa%m%v{214|<-cJ0uT@wPXh4&{I6(FDYJW2k|u;>7h#ANde3 z2TM3M13NaS9%XMcTP3hXqy75Q1<3(y*+JFsT;;R}+R43A0KN*^9>4{mkABd$@;?U2 zgcEiB&W=>a{o=q#S~@^f@%n*-DUot*(c%#R3;NSiQy0zpzqwtH8wwx2{|(qm<;3(G zxdp6@SDt#DS#uaPxQcA4HGt9zh`sD-c}~GtVi=6<2|@gY&uO9_se0*McZv-m-{b3b z2-E=P+crV_Al77%ZEqeH-k5LU=ZKuEb2tX^8{FwJ4Tu&o{xA04vMa6z=n_qECj|Ed z5AN;+NP-4;cP9jQhv4q6!QI{6-QC@3Xt;+w@2r`*_b=RUy%x}?>GImUsy2aw(Z%zt zmnBlfSkjY-!C%clX;V{WQ}0v2J+LOIXuRDd2?fPAA>#o&14#dvA9BpGd>va(P*MZd z{-i8_O-+Gj`Bd&;a+v@Fmm?{aP*H#RF+=>vM%!C6&}a(Bss~%7cLb3@-9SfS4?R0! z=SFr^5>+xoFrLJ&IW^Zs)|`%wL1;>A(lIJ1vAiEzOPPvchEd8#P^_tfV|1D>aIH9q z7R_LMLkNa%RfiP~&;2;9Wf!^p00D;Qqm0qJJ7btF>uP~8BNwSqo zJs&EeT%+=}3BcAC zd}~6F0oWtT0yLtUOK_y=IpAF02FX959rOzr_BdAr=u9?S>5-O$F#rXYjyW2OaUdgYMGuQ&dajLVi|=my|~QC(@)(dmX{3+n`=gM z#-kKr4+_a-xne63Y9B*HeP4*Kd>nQ?468(-hyE?Xvv|HJkj0}`{#+*Tv+tVUR_tF{ za=OzZFh4-q>6Z}q0YK8~Ewwsf%+##e6{m^Nr0S43TJaQ$%#;mi%hkJL3hRkf0O~0N z@Q?E3ucYD(04`CQ@-$QO3kgJ#d|$}4-SB=Nw2@;(x19cbdT%pQ)=u;HF900rpe68F zd#|~}s<5-KHd_nSmI3_<$7Z^c9{t+H0w1Iob;_!cf>3sXM^ zPAZlPxH{H{nneIP+e88E2FUJrC$E_x6vH%t(hK9(U(S#QnD14WkMW>c*C&UifdQk0 z3$eLIsKto#TY#L0_tTo?YIVMvFJ&Xo7>%Cocg|rhF~-stzE@B#Z;yl2SGrGk|F)nO zWSe`P?fj9cEebisqwhHX<7exMk_p?w(VQ<^btduQ*myU;eJ8&H-p2`gbKK{s%^oNH zfQ*$d^yMfOfq$vy_~2pDytAt}*I+5aNAwSIeb_*FnE?B{Rd(l{TP0vOx$Jm1g0Jww z!_CLM;qH>@h8M<)rrj2?Q_x!bLZ6)L+O^GgpH#8~#OZ(sF9iGX%fVvR34ra`dUu$z$k3qH~GC~$}myb8f zX?j6I2y#H7>AU<`XaI{!I5*P*tu2#rd3q8Vk^{-j%c>|xIv7s+jX|_sP%+`JZ11HI zBn+~xMVWGWz6hzkE6+sP!NSXxO5OL7Vi+X zA&`mlWvNJ3R$4?_G*4uX36Ti)hC91gs8w%&SJJvaTzqb3m?1SjLp}Y-X))8)D!AO= zoAODiy<{q25cfpjGb$fdRn)d+Xgsq`qTTA1y?lY4}~h#p)Wr&Y%VF#ss)`{&F6 z(1BxW2=jR}@r)GJ3?%X|;6iZx4e%A0eUK1kI*^LZluxkw-KT$@a~2?m<2t5~E27^Y zay)Jw%vu4(@A$&2mOza(Yv5t{X=$MWK4z7^Q)Pow35JG!_Woh^;X4XfxjgZsq(n2q z?!=3E776);#%VoUp&LUSK?x2k4uP-P9Z@ZXB0tdUWU-DeBl<899)Va_7MTYW2DZbD zJ6XMuro20S+*nC{%{UmUmTcmVyr6B ztS9OlGtO|_)HNKeG8kT6!0YlZ77N8|_UP_&UVnWsoyPk8aqjYr&vjP9#~$1%z4N(T zc-JhaKU}@hg>D30juyCCEIgFx-l5sTnndsSL$z5e2goP>eG##t^3Xiv9lp@OML-qe&0Ip900G;AmH}(EkNXVy2w;m{1f}` z@nkON9zc}PDLs*U1LEw4TfUl@TWBbhE24%$!P{V#II*H~3%ojO2&pXI^n|B1P02j? zR(BQ)>-`4Tf=}$^u<_YUnH*N2aJ~Sk6&tCl>4_2cNm@*l+$(E z{RGe3<^>getBN?kp{!9|U~vPar`wH~k$!h=LxA^Q90ALZ<-1L_Q8^MrWaImx)7FeabK{IGJ zm8`8~`n$g8i=yARMrX7i%+}3_COjK>XjUDri`A_kYV>^NSG_DT*q-aDT`I)8t~y`)_zmB|74Ux8#=xbHO1 zKnH+#Ti&-blMfd{~<B9kct*vXOdO;buRpm{O=|T)&)aNoDSWe zJO}gk7TYB&?ESTrY7A7H5aJ+p+iWJIf%P7OkV4aW*HS6UV| z=0&q5JXT!>2MUFXg~yzW0D&3AO&mn7$CwPX3gF6VUFL~V4yfZ9tZ+0AC<~2`oEI=k z#zuj@<*=_4|3?hoTQ{$=b^uYV*wRInga!K{#+|NW!>j;IOyHc`+#T|_Y#4-TH)48C>C8p7zX9AHQzck zm&qCfpt+A+PH|HnQ}=h5(tRcwVBm0O8m>0lQAR@il2EU(sob@Cww-%%UqtgQ01nXl z)84p2|G99k@pk;R2QS)&r*4#asg^6-BUo*q1Gw_6eQCPkaF|vQ3LIZOV4j|xVr?E^ zF~AKSC=WLYx5w$vaj4P-@|jew|3tu&=Tvx7gH-<>i!QMal=Fa}usoRmp=fS{ECOE; zGx2zOztdX;hC#ZD4y>qG@r)H2Zb8KH-TB`AepwYfm>K5m4c&%k=XLdtXV|he>j)%5 zKD|DyT=Gj22{G!U#d_uR$gLweoBc^cu)+Od!E_>KKU(^P3XmvDY=7M!z3mi#I0V`$ zicctVAz|_ov=Hxn6Fi21B#bRUM7B&oZ2g%4Xq|F#;EVVQp982)6ij@Fb=&nCPz#*E zBN=Su^hZqk*?g=z>j{pD$FFi)0fvjWA2WOMK}2*Jct8d!yp2Jq-!CQW+3Ixpv7A%M z*9k}2W9A2n5>hg9xHpGuMCFSxT41#3tI+Z%rZ^t!_rv}`P(L;T4nb9G`~q;fvSPqq zubiu+#ssffT}c7=vwNN*V7;d2JhzcW`jB3!P6G3vPo~as1jo_JciNUY`47!fdE=2e z1Ej*=RpySxke>-E!_8+czxgf!Md2f$QUXgJlcR;+e}oZI!BS<&!d&zNZONkc=&kpoUx~jZO*Xt_(#Rzy zko5lGO6J0-pt;FrFxPGf=J4->tEHJ%{2gypKoSvb6`tQ7aEJ!BwliH&yF3 zU#wa-Pwd*xd@wVS;uuLsxq#zdua@!T7BR=vZB{iJ48Tk&l$*s1k9#x09}^OXN{sy` zMqgMJpZL1b%CT2*@6tfoV5M-O_6<6mivyscv0N^9@5g2X20GHc>F>l4w9v@`ju}UW z_%uRe$z!iO6<;sfm5=y5FOZHbYCu7Txr%JPcu75b3*^Z~ zHDYO?@Zi66LPMVo73PWU?f9erBp4AxK;5?M#@6&jsoD~FGZi{Z9dI__quA?WmzwuY z0udqnKG%6T{w@_0DE0nt#jzSDLpIm|ZVQT*eoONkdA6nYwkzXR+Ex8AhY6J=pn2XuFf?!svYRHqe4IK3TKVtYcQ^7-1@)ZC-?{ z@@pi8$7-AJ*<98%w%e3WE+W2Zx{-A*0KX?&`A83q4KC23{ZFf4`4W)3Zf)b^Tf=8`TcMFk7Wt-@iq5wNP4L*&o>TvVqeR_>{Z+f zn(q?JFr?g+c&iozo-Ib9b9a8mAntO}sqs-cKuYcy6q8c>N(Yx^3npjKHm(1pAU8cl ze$@SN0`ZKjJ`rU^mKgPKr<3CmDF8&w-ih<>o zid`C|pLlE?do$KXe(8^prRE-{rqTR6`Opz%0`@+B2)&dHighFz!Q$8`;= z-(cFs0(*Q`hZb3Tus49DOnCy`q*(G@ph5EwOGg$bISR~fd|3%MV>=$xuK1=eg^%4I zweIl>eCZXob_|n8P8R;Xr*(H+0OjILwep8Of6^g9hD%Ke%Mt><3EYHlkl%F%RO%aZ zI*%wfzu7SUSZ`5O=f_2@96YyO@f*C;zLnY0v~Nqgq)Q9VySn|Cs1XrBTHgT_k@z^y zk(P6hOsFH?L7ii>m+PiqHyUUFejG5H>EeYf)>O!8mJVaR)9DL~fxszV)?&5A2UIpx zpCo$DO-O(!)3SA->3K(v3B^#dv3QbD&dWmO7FM^pq2ZZ8ubIyRjAlEy&ZY4s_0a z2??uL$Mq+#@tz#Sz__DY8Sd;0`9k#m(M7tl_TzbL*{7QF#QeDJ^PK@H^PZN5mx~w| zz-u`-{!tus6lb0;WqOk~um;WME8EQwfQlSa##}F`^%?Sf^C{6J;N>Bo21u)195^D7 zU$;Rl^ieQon{fhv4<*_ODUXPv^?=RZtZ;n0g?fztkC*}TuxoLf z9v?S~mCE1>k?H$eMxdalk-jkNS&tzc-wA<%14T63 z^t0=S)%b>+9^f8pOK53JJ8FHQBtUQ6U(rEA{t$LN-tZOA=~}g4TYpAoBAd|%6_1%f zuF&jusaGPd-+U`+?P%u}5HZ-*V4nDw$?NPHDCGZb#^LQgr#ub;764`D_^4gU5n!Ev zM1vtE+?IF~u7>H+jwcVWZXXWXAou}K>aEMEoSLcOc_Kemf@MoaHJ{Os1oRG)3_Dh< z?D0{Pe@5_wVZ`X7gidkyH;-n2a}Tad;saDbIbr`dJU7>3oZDjOAaeZR0B>F!V6n6q zKaID)Y$48DFAO}bG!m);#Ayvdla`o#$z8&^hlfv|Sq!kK&9>e0nMB(KEHgO5YJr%G zU#%oO;BLM&p~^&*5WrW%tZHqK?DQ>`7^>g4+`oxT>#FXxL#Sz}{MZ^maFY#cNHwKExQ{*L2ucOwz(ttl7p~z`}!=eg_8zo z*l>PKOp9LRC=AQv!~+P%Q~8?Wf0BD)@hn$i!e-gLbjL;T1Dp8nTBMm*Z;ey0X^;OI zTdVSr3P*$c6Z<*ejzeKtJ5WyO0MAosYm4^9^zHNAme>SIxM?mjIe;H$d6C!PU@2?9 z23E)d1?EHu&vTz%uoLnBeBB*JV7~QVTi0Wn?uMVJ=GTF_@dHT!AYqH}^~Q3UyzR%{ zV@Rx_b@tz`G*JC@brr|i;-|t?*s5|R$Pcwdb_00e+$~^XOMnMh_oYkL02UTxJ$qCu zGIWNjHPP^L#9=m6q(5U}_fBjEmCpMOFarQG9BwxZBb#`i}3HwYfJRw`gu7P*XSQyi*vl zl`3v-3c|tq8f_5uDaeaNmGJ|16d7E!uNRp&ZX8m~H6s_JWcs0_Rfem%SySS&d8bMME>f1borKqE1%KB0 zvacU>7lL@XCS&85qds;M8+_n^wR3Wbq^2ez#pB~KVcNrZmg1IHyu~cF`YFu{o4WUT zmcTil)&A%jm;l5O&u$eY?D@`Wyr)0*tdXI@8?BvjNdEw}<5Rl(Zgaviyo9dqWOUx} z6EcpQc)zQ2g5{=Xn}MN9izr{s=8hbvoc#1fj1el>biSoG;HBpLn>ROg-aM?4k>MtV z_T(O!fr%0T{lKt!O}g#hH!t3B@!wzvTTKHC*ReN?{ZFhp3i&wG(X#|R4SR`{e*Mug z#>I8X5qa{hAs|0hnSBbhvhwz@99X+$sFez?Z73YX5c! z*Dp=BWU#cb&wl=mCtj%GA_4*%UAPy4WmgL{6Ori&+@bgaQNiv{W9K=eH&!R=Ht%h2 z#)rpY#bNY?{$Q{=U}Oo@iDX=ZX&3MeoVL2ii7b4Qw8{kb5%f8oK5e!Uj!-r_jMDli9pk3&LPNP)Ac9_dxan6sHvBO1tsUT*0}Fl zKX?r9gF?R6A6g%bhg{4G-__&K5D|hPN*%czf)z!6gj3j4}J}1o* z)~hb>wzWA?=oy79(|2r>I>0!iv#n zbCJtxB`YQO3jt4mBi)bgWcLWD`22w!OTlKzF#EF_c30YD#z6nJb8Omc_J{T=W{WSW%M%%loA_10Ot8s!S${(ZVX5wwa8jV2guy`*PiJ2P*5Dh-aePm!`|J zBqD2Z$UW8Wyi0TwXiIC;a-yXlKYm;&J35*!Tzx-SN{CDARq6|LcLJ7#VV=q#$TaWK zvELN9izCeZ{L;#QvAC}t%FcocM}rIKgNlg9oHkjL6mUmD%dZ@(s(m%{Zo^61@8vlT zbNTFRWf1;}q7A`@PKHV7Z#sW57s?Hkqy$Wr0#&H~zMSgHRVu7H-W>f~n9swsD;7VEntgole%;TXLY8fA zjOy#@eH^QIjILFeaapo|XN=DAccsA;vCOwR(LZq=)xs;7SSmoEqZ`>3k@wF8v0X8- z>lN-|Y9+AuPcUuq_?%oKVOu7?RK=75$?6L)Uh{jS#J>-8;qM~SyZqb%(^HX^h4bvT zrKZ49bhVK)x#v)Lm(VWBJi+b9@VC>m6TvjBB01%5ur`bXdE>PAbvu1OQ@?}MF-j-IVK=;sWKC`>hn0krVZe9b6ucVp7tx49GFfwLp}mFECO^p|P+GWYLLtJF_H;@zL8=9q5D1vvyo zFnV=DKkzH*9*n~|57}%}%JgnlS4)!L;(#FOx*qN_%B?gtRw6B@wol=_H&OlITWcy{ zb>17SVfU%#OkTl}ExW|Yywcm9+PYXi0lSd*ecyi)e2(LD3{(T3WC@%m*Dp+DWV!y+ z0Fh$U9+eu4Yl=dZ8oK}GMmL2X%sxLYBOf7$i$Tq3S+X7a0~(-cWko+!bV_%+IdTU9 z43sdM4;tC<*lm|k>S$p5{YxO79UKh}&Ew9j8!#m3?fbBqQPzYKiX{P^FPZWM-^P>w zH_j+(MbAS8S#(TH$P`3H?cW$86Tv zEP;)e!(o_Bg=t)uIKOsPlLM26OAt^TJ+XlM~& zh4wPb`1O=s2(awiQ5>Nw;Dr?=xPpz3@=%)hd}KY(#1n=J#zi||cL#zqqCiQc`w0wk zY3F2+;DO9PB|&O8>@~{g1MRTHXQ97@_~H@pIGpKanE&$@cj&5(W^5iPboZC-d{2}8 z@=EU2FijLARES16Wg?en!6yGjWB<^IECC$=jD6q=)zEpSRe!k!)}CWCsLoxNwsEqI z{`xG!9OTQ@=~f9#k;Q0;-$A-Fdq;GtAeK9FR)T=pDET!^C zp|jktAz*iVH9z<{{fP*|HJyB{%I~Ga-`H6q{nc1`VtG`(zLIRp1!0@)roh&hbR9n= zqdU##jF88nrKyRV=?m^rC?fa9yV2hyZehi!&c;w4C|8>@z5Mkf34$4g!;legTK-Ab zF&40IN2u-nV7z|h~sE0l|YKnvsf^>R};u$X!u;t>X$P~|MBC; zBv(Xx-{?$fV1do$*}%OGKaw5CO27-i{e?V&QuI&uN+#rULE0Hi_iz2lqC!E;i{VO7 zgTqM0X$#t0wjyS7q2<-%hx>~Snx0_7y-=rp&0uIpP{+YP!JMzz9H&JD<9gp*F|ZuA zu7K@_>vcsuZ6s4J;XS>K5m2MnE3SeI(uYS!Z!aDEcJ_9eb_sY-R)LN>1{Rh#4eV&( zLam3zf!zxLHWV(dLHlrl2mlM#S@F2*E`_63Y)v z#JldxRN3rs?k&KmicFx>ekm}Cf5=KJ!yw~Fj#@*IcJBUx?7G~_8!UCgQn*_8yLHkJ zz|$IZE;(+LwYA6Rq8B2}msf61xr@Un@q1X9SyY>hhM62+gf|091ClU{j%mu_J)zeS zaD+{g7GO1Sa2I_HH{a7oi$s~dsilRdx5;;icp~dNUExSWqIf_n-v^=)clzseLDC8i zvv9lIB$hmPiG~16YtdLcEL5L5EGuL8!M~CHZ9jsh8#=SIx8`5K6xsnv>y!ChW*HXS z^Rt~_d&WCat5RVJbXhCPLBq(lm&nJKNitCTor>S?AV(B*+gxm(vmmOPyhSawwM#w& zspoql8hVT>Vq(dMZ+pr^8?Cv9!|hn0AmRW=^_RV z^ESAgd7FRCm%Q%L>KIc3MjciEOsoU+Y}L3EkNB904A8-}wU?p5kMnv`{Z&wyoBDQ& zU`=DqXq&vVr6pbdueigt8r%#Ok8GP$L#snV!gE6=GuImJQje;M46)JLe%W{hDCyz_ zZAB>{xb+c!vH1wHTZR=zUMGA^uh?1DB%-FL4@a>-iAQ`~wiF||DWG(t6uv9Q|H=x} z|EM@ zFv4mN3VQ}5EuMrlUOVR?_N{bwuZ<3m2U;6u2|$UNc|f4P)T!TdJoKFFURu$a%w%n^ z-s|ciWojW1Lv*-4~V-^rZox$R#kmTHs0efX~p-xSR0O4(;6apc3du zbSeLt&=wViPW_N7pRa}$(^uNXi3B!X$*2L~xrgvD0_rZec8(%8?q*eCE_ebP&$wwHd-l^XJZejlzrahV4 zJztLl7kSg92Jyh=Wwn}P9nHRF{{>iG1S;_JHZg`8N8VL4)eWRTU+}5;l8A(^Oj}KS9Dn@R^Bf8 zd3nBJPxbz5w|l?8E;EY}rTq8^2HEZp#L7166DnsC=g!k? zn$CT2k-1riZ$KR+-M0obFG8yL^eFgxXGRKk7MkI#+P|L(!W?Y(Mv{QZpH4+L&wEWd zxsT{iq)rH38fOj*)V$hvVt&QG*SqDq#GeUCF}%hRM`6@buRVzR=Kw&z&@F~nK zjQBddIh$z)`^PGuemn(ON5o+H~8ZM&c=9f;` zINSWHiE7&$=jB6>b4Na%`YWJ?1U&8QbhI{%6j<624#zKI=<{K3fBEK+vnI5sD_qC5 zG=8y}4DgI7NruxSh{6#qREE<*NzA^QZtoF=!( z%iAW=cik*gQh;_rO0yjBU?`!lP#!U9?Q4^V>wK;<$-MRhJfsURhp&#i+Q3zn#g$pI z|K5lG6V(m&PsS7uBFkm_2VKuZWW#?y;B@?3UannXGg)hCwN-zl1MAkNyS=wpM*1JM z*;bdyX`$H~74OKVU#yD`01g|$Wv(xe<;p-=n-Cwrwle!xdcl!wbp#1KRWktWfV-V( z&-T+hX@-^s`;n(@&R_Y#ct)@PTNm^vm1}6MnY9n zP=BfX%AA>1_JgT*z~JK~cYjI$sN8P$Lo=+WcFV4)X>8ELzVmR#$E4p3ck1``%H_ggr8@a=cweUEf(R1vgO>8>-fiyN@C1w%?uUNpPh8 z7DqMA*;TV#rk2xjp3ZYcon2RN)+F2nmzR~^-;aC^A^Am(@pG*Grab-2(* z^HfBB3d~10IVD>-k#+OKg!96>T0wI3aeocr{M%%88Zj%_E;JQ$vc-MR*@)kCJH!?< zc!Ic`=(ImikGwj>++deD3GXB+bh$4d*c2I@ z=uK6@SSUWNFpgMRb+ezF4g+1|Z zR4^Ee7+h%DvXhPSv>Id&%D-^Eo(;h7OC6LiK8;)tx=r;lY!BT}WQg)nn;$Wp5hl(! zP9I?CK6cXldYo7fn%!D%91FG6T4Klo#%7&>=WaAOILUn%O)IgHKmk7U{6BA}6^Tpa zY;1NMN2=~;F`pWpT&*Y<(;=wb3^`E#8J0Ar>5L?FUb@l*nd_L*s=@1ueNtbps4qO z*~4UqJ;6syp!gQdG&KPs79jy42~ss!+0Uxzg^ugpUNzUltk7kvDUAr=##yHHlI-NJ z>a(-4{<)pH>RFsmsfDSIfvq*!XQB9|Rz3kAl!{z{%#8M8>HJ%ikx+(_bD}qch+=~T`~)u0IXj-=)ZdM>7%MY*{9@#) z2%MiB`Oz?Uz9!v~p~1vzx^v{Fw1D!E-mSE^%JBtU?+z*8?Royfh|K>buKl~h#PM)y zM@Wm7_v#9P2Q=1UPZ%_+^!N6amQn5dKkb$l)QP~PF=FTfrI7(6JQYgY)p^-a^|z5O z*ki;BK{cUnrRWxgtbpw~Os}BKE7|VeCw$zWwgtr-bM&Zuq*Rc1M_sMtE|XrhfkS7n zoP^V>&)LQVD&oYJ)E%K5tw3FTbx>R<=Q{bgVW`2yYI-p5d{pdp7_uu~S~0I8w$4LU|Tm~09JzfQlT48a||-gO!19h_N7S>2ld9ZJy; z!Aq@cU7VSEGqvI1B%1#cRZ@DtesCc{1qGSFHE|e3$;(Z*J)I_6HSMzu?eSwj*p&8g z+Veg*P^^+9U*SMiox9`F^+)v04m`eh(tU!F&;cBJx9nec_|MT~YEZUfcxaC(9} zeV97owjuP?J7eS&{BM%vdiX@@F~wt8lQ^F={-%!T*56pbF^Dyc3Ju#?zkb5Zz#gbx zZaJAIpE`vkng6ixm^Q2g+&)!Qv{&A+`KnV3nom8MBaK#1qDCHqzgnlBN7l_aocv_F zun02bf26m``at0DBSu7%TV$lb5_(88BwAhg*jZZ;9FZG}a`Feq@922m-sA9?yl1!D6zx6JOpz_z-vCkUfHNP<67^@h34;q_eq+ zt@c)bes7qF$;k%mCoO8)S9c_h^y8mJD7WaTQDf-Se)e7|petCJ5HChnShFNW1xUV7 z@bfVWZ2FgmzAl7N%u*>|d2dRR82kn!=sNb^5QtQsO;qg%+TrXG2TY$plIAn@Fcx{! z1DqH|VXNEM8yTJ5R$x_U9YuXw>86Jl<4SQVEu7KeBCX!Ym(pHQ&-iUeYf3m4anYL3 zIA?~%aNx$$q9z&}P7*2)CsIU0+W^EqVjp-d#4etQ3feV)T$yV`kpOEcrno4dsLzm7D?KGl zyAxO^O0YY7tBbhdoEXKWXWuc>T&VmEq#p%VbbiOeQVYv>ukJjP%%odi9WYZg=R8f% z`f>~dr)b(26p`AyGQ2{D7~a3L4rwLW(Z_c4){$zfJmaBwF3N67A60%|e7maXT~+_*a&pp-OkR$($N-BB_ZN{Es5q$_3&P;=Jic>GcsUvZB<|W`tyxLwPFN}EIlND zO;|vhBMf(RLtFm_QV-FmA6nW@pg&pPN19NYA%fo5$reY}!c*YloZ3`pa+Qu^H_MC- z07~hVmJis}3~qhXk!bXZnl;_ndnTVM`_#z0mnMjY6?{aQ>PWOgdUOjFgRFL$I_%B; zQprtUF?T{&ql-T)fXid7b`TBa1i^BI&u-Xz^wn*^ch;P-Gq}#(ku;EK`1==A=(3GD%oJLkBen_}`6?~2X}gV?Gcw5j$Rar397mh{Gul zZ}ZOflg`s{>mZ85L!2Q5qW;nIybjdOb)pby&xXnk5v!L1^cwXTG2>$gFUA@LY0?|m z>^3{MBXajGp@huuUGV+o3=PaP$7_t#i`k!}tl;pf;#OdDw^^@cC28CB|0dX;s5SFblzjL)!t)3C4eNRnwoT#@TjEXbYQLTX&yb+}+A13>2- zi7cXb4)XP3we)+UgB`LE#y%8oNsoVa*p|)a@JD3H6xOa9(-pUiF1Zz`TlWt>@ZZ3` zLYH>G^7Hd`YpGy??27L!o-m&*X0x<8T9{R=@E;hBOd=45e*6B*y)hFv(F~jX;%Ay& z(T8*&L|8_yL?Q;w5~JYztw9t7<7TYNuNI1$&5<%omR9Vqv-nw>Q+ua%>G4wUHrAbt zFlQNy1sjC$6A>Ot-N%A2ie(&Oq^7N|tLSz+<(dX+(umTjD~wOPzRwN1`8osC*O6>7 z6#xE-AF*76J?YOhdO&n5L#x{Yu{6FViq;Gnl#^x~MK=I# z9G2nro?oZF5&7&?u{&Ds3SVmc9X4kBQFHE3jwu?}G|1!#ayk_c)l;@}D1Dyz-TD@) z^t3qBOF?Wuqi792+Td3WCR>H5V;S}S#1i@=%vbvokJ#_cY^J~KtYG0pBz9SaJ%8?< z{NN`tPelKvQjUnas$Z&+^;vyU(_CTpyRr_IxZjM=ky2LS-(GYXn!=a$dPr0V7vU#! zTGtHI13a>&v{LcwFTxP>$FZzxsh^q3Zgvi-=QFwvg#C_m{kBFX+%eNEKM;O9K;82( znG1T+Z6j;aGa*ImqzY#9yp|}22i)a>YL?lXw?wJ*d&yK>WBbhMJYEH{6dCxkQsnMz z&v)0#hpkFl`2gHYzvHxgvi&Pe7G@D|3XF$lioL(_=$KyB1Vbc3!_l5VvSPKp8hOfUZw_ocz3IY} z#Jeu|94y_XYC#=qgY_YG^H9czsI@&yK)LCN?}o!FZR4!t#n}AbA@x@cNCc-Iw}KYu z)2X%kcfSoX?m>|r zKHI)_zlG|$#7DNQm-yjAx-Dw_L0Ls7S@II3c^>3(r`GvVL8vA&h&Fsl*`mQE zRfau&jyX-Mg*GCQUL*44bHC*mU z8$ek)dI@;ZI4tU)SjQBJF>vhv=!mL95necO7T#;QF~T|c-a>5=hNeIS9fmu!`cH^q zZlz3P>`!_12mxm!rTiuXRYO864X06_?{_y5Xj3wKT7x7p78zdy(aleF2w*Ve4p?;$ z)DxZ8;K&P_a%Fs(#}_f(^6&WAa4gh5owG3i9O$w=!0Wb+y!K%e_SE`~WO#e5by;?o zU5g$(XYh?%y&lppeF%WF{Y(`QhkR&=GZH6lUMNi9%>1e_*J`yCyB(l|^uBUNqe-^k z9n>K0KSd6KfGp>$cXsuy9>1vchD%y>`uBWYjlrEmUf?8h6Vh%Z0x6-GM}WubCqXBu zpGFO#y~3(YFQ?Su0d7nIbUo8E>@`?2gOgZrg zI(X-}l*sXbD~Ts^$z`>|1^h{P#+#fpb_4%eA|@{%=0t-7)V7C49Z#li zI}=0S0Zv`@N&93f%?ifr=FGIm!8;OBu=loVXT_R(Om3T;X6q$B%WBepM#*$@zk~GG zc$DHZr^Y+Ih~->Ng>A~yzFaDgAXnNh-C!kMF}w;*O*&AwJiOh>g-!tR#MFXgexFI$E;rN4x_{mp$t0&E}Wf3^D>VtId&HsY}ViLnQNiaMOU3a z59qYv3-AR8ceO!a>mJ)Ui;Ixn?2GoxDmjK@H|%e8QyZYb3Mle?EFFye=aKp1rh(4; zomgW}D!409=*DdKD60@yx#cwPqKLeV`RNbZdl>9^pYvc`++~?`duDmfIb$3yQKIoUynEC1{z ztOf`Gr<>!hAD^79pg{t^_e9Kd!5KYG0$v~f<#T-+p}gruRXUxTjXC+vxM|05yVJ4&birpW9lBMGwxD|^I%5a?;OwX$L( zk?p6*GtT*s6x9Zn+*NGRbf;d|aeS^oT$9i?SbeqSUhtbok=f$tTwy>3d#{F|1*C`- z4CGHctqaY*px1Gd4~;0%@v6K}`aGobCo4VAx0&(*IK-1zOeEsjy=zBSWPWT*D(sY8 z#oX1bZ=2#f*hx8MAI_$aIu04*%Ok5&S9qpF-)?4|f*h2)qwL$rW8!?KKh4r{*r2Px z9F!&{=pu;=N~vQzfToRP9shPv(8&eiNfe!{^z(vX(TpPgi?ovpMSR7nl0RlgfOF3F z#5y_)^98kS7$07`rfsJsv9|WY2PQb0KdM?3u1%iBfzs~KgplS)ED}1%EWkgs`XS9=!mYRHR%pHSa zoYpZJ$FBPi9nL40y0upSFbFQ8>cE#f@*l`QD>x<$sw8>5b={vq5OpEMJoLn|oHou@ z-X=fekR-K{#KPS_2W%Cy31sNHIu4%6(bQU&A5p#IyXqI=PywyUdkFo zBj5BB1l;o2hfmkgQK?YRLiNYLj|IsdMC83V{MzyR_`(V>GgqMw@-fZ{tAwj9GhT9a z)6`=8Us?_l0s3IrT<+vz6W*sA1^THhfmXFfWN>3#=|$OX(UHW#I3wvYgIm1+_l|}4 zr(GfPB@P{UFq znHIq!z_!Htag>fV_{6n^JzJpEBH+&EN&lJEMShaacK&4N_j3U4_BF7(eJbGPn0h!mmHuom~5r!GAlGYMdQaJ+r{Zw6hLm35E5{Zg>FPJ;{5I z-oP{B;Iu0{s_MC6v_*M@X>d^25!FKuGWtvyLXw9)x57wm(xlD93vcDw6#&t2bCuYE zN3a(+AnchW$~I}###2#a_;)ij$p0lXuUecyNmR88w9|4Vau`?D%}hMLKCw=kg+N1r zC#39UsI}>!ZvkN8Z)Q}~(xmm-j`N|E8pvAu$L0p#WflC2LIEGn4$X>8M*b&0SGpUP2aE0{}bx~L_9zwM$$;*aFE5~U_5IwPZl+oBz7G~ zp5unCzo9rlRowGnh|!pq-k8XM9;3BJ+vnmoGF>reo{8H+DxiA*z-&R$?*++{m8iv*_CS* zkU7;A>q+u&Kv6hx9QXKn;9ENxMeY0fR{gNW5Vmt_pnzLnM9li&)}6xz2a*40-+kUgKw>rlu0 z=gqf~5Q0K}i%i7)ClKI|_JJN{J2@ApC~P=X*=y8oQb3td_UfVwQw9m84PcD{*}Y#* z==q$BL_EjB=>1(7iPEs(1XsbjpUjEJ4@Oq8L}qGkoSjq#T+xzwdBWYsg0{Eoi@-u<-~k;t0LQFRtxx< z9ZV(LIy}Nkiz+i3X<0GcQNoN+UN_ydaRs}d6_>oE6OGP~T!o#EY#6W^L&ma!rRr@2 znE3Z-U^(k^9GXiC5^Q4le<2CqiKLzQ!-wA9)@?()pTFx+JPj9JA&T9vU6t@L(IZ~# ztbH#08kWd^FdvtXD|d#$)n~*SO^K0YWpu>K;yostxhE#|F7V)QqG6@r~B ztH=Ve|Fdwqpb+-p4(%GbnKeo!P85PI#TrkaGOK-Iue z6z01GV6X+7yBb0n}iGVUYIeH&RR9#&o_8=k)XCwZ&$1vVqOdZ3o0 zbCQKfXp+5`-K+$6V`*fqCr%lWr+n^MvfE5A2DA~eajT%gWUcOYm^~aN)OOcgtEum= zI@(_8UQD)(Jf<<>KH^DmCkvU9)BRFW)8DNB%W$cJCh@T+LA`?_-eV;>{9NQb@L;nZ zpT1qmDun#~)x!zgrxuNF9W}YZU;V;2zL{Z^vD}m~8Eg@5FrF1ok&78l#=U?hcHfz4 zPEORW^IYVqO9ner`mRwiL_6Xc5fIbEjxmdf+I}9MCb;)Ms86w7B1qkKB1{&*Y$&e4 zPzgTc;j5!QNMF+!DD76d+MD6Y%8bzSu(`!S0x*Eb9T%%22 ztR~UuI2Zjxz=g}@bN_h`^Cw2Z-UvKy4Sf3#|8swe(D;JRiFllG9>cw&J51O2vO7O# znAZ)5@L*^Pa!o80XzQjx!LDrLxzncslv>Q)iYJ4d1#=1aK8l#W;$b1Or%-p}_u{X2 zmi3L&6{paStS2c^WerfW6#=%lJrU50p}xiO*&%cW;WdVASiG46jxoQeGsF@#xa~aI z9nb#Hi{wPkdRNoIxx?_#z{GZO z>(rAqHZ$K(2CBb4e#sxW_~6%^N}HPlZKkDL87axudK;KMG;Ot{6o&UHagm{>b`iN4 ztainA^P?;Yks1|Rn$xEkiH0HCrm<{C2kc(C7rvXb-F)xeI~!m-sXw-spH!mdp>f~N zU8K-pv$xQtk)~a$*`C1Wj4?whd6FDIK0UTC?i|T{XL;tPr4s8~wYs`=EK$hUzlL*W zMD@!Y&C^Dx{OxkEb1JPy5C|ILdXN~#h;eLqxa# zWJSNFFmsHR3o?q8DW7C^BK=0_rfVsSw8n)pY8wSv)_G=-c$CjjarW_u=vu~ zz~2pxRN2&(tA?oWoTm)|8|F%j%X?pZ-LLB6{|=R2xGzeW#gGeEA6nfSsasiAM0Dxb zP>D?cVH{Q~R$+JQSS9))Pqxt*3p#hC)ZYH9{3qhU%j_9#z^yC8|CH< zn+bJJOzNPQbew-3`%Gm3;{a}R+~{xS;$VHSwt4XY*Yiqi?@LC-u6(TFUS_7{YjRcg zuOzn@g?0VW0%SSaR?eUBliSEo8gUAe!nw(W-P7Z6RMwqjH^`t7nfJVq!SqL3TLIjx zFHZMOZA)4ivah{>qMzVTTYiiRGOet%aXz=3v+=J-u~@PRVa2 zymQ4|5XpL)L5g)bzshB^1ZGHda5H`nDmD)zkDNVLhkCIU5Jq$HpyxfPV8#O1I4@ay??>q2>|~m4eVqhFX8m`2!f@J``5Kv zWBri7Z*#5H{=3(oHh`ypAsg&r=DopnpKKDr%Pt?=iyMMUOxoUc$2-(?W^CO?s%k!X z!LratyuiWP>NGb~xrF@~`2$lXZcJ-?SatVHeTB`NSlHC3R)&t{PrUmWzGeuEpKJWz z-OnF2b&n=Knz#u%pV|<*vY>tI2F3qv=a=+36C~L2n__L*x8SVuB1w2uMNy#>eTNA@ zRsFfGsak>kaOOCBTi6}SQEZlW4QA&op&iME*cn>VZ_f{3Z1xRow{>;(gyjAfWV_1y z`Cf0U~70h2Eh5KUN4f z#SzH?pg~mvu3DtAot|KdUSGs)Ed}>k8AW6dggIWJa?9;==Ljvzxh2{6N~@_uLcJ4} zZMy@WCwiMb%xc=QTg`tqEwEF8vSIg@aPiz+{=1N9SleaV)&kk(x!C>JSCSadCtfi> z4?L3v&Q1i=P@xCo_WT}si^tCU;VpdeO!*@U|D+ow=hG_Z_9u1=Rjob#jOg*zbz}X| zIm3Bh2}@iw#oSRV-qHkrHtQ2ih~<933y#D|-CpF_Rs|zDFHYChN5D*>m=5bf2n^S z?{?f|D27QyXiBUPEwSCFVS|B(zLgw|O|R@G?s1Tpy9KgG_8YuoaU%+SkoV~=7x&X! zp)*B1&1m)t8R=xt?&3dRyzsq*yYKn8ajTbZA#HV(A6Dp#dd9`U-xSMT3)Ww)^j7S!!&>ElD{qK*_l&l(Z_dl_h*rm z&BvLZ1`xgbe5g;&Q(#a-V5EjY^p}~~iZ3eJjLt(KMCiCDo8DIBh;d(ShJ=l6v#)KS zi)u>ao{2?99OgU?g3bFvS0lCQasuobFfN8}-5Sl(LV#dnSt~3qL(`W@ZhJ;-zU$J4 zflTq)``$A@=lgQHo6bu*(yOEF#=(y4=5 zic8!t93lyna>{JLBt1T6FEH~!a7$g{hTHt8--E0)@figiucb4l=@+y;K>0E7LrwGL z(2v?kn8!JJT87!uFsrZ!JqU3~R7f`9BclST%qRXVL-RCKkA+5Jl=SNOS3t$8?VZ1V z=B!y_S>sivKn8X6z<8R7caR_@0b32yIY_QahK%r}Tc&||d1d!t5W!z3>FwOm2X*+; zxUYG5oX5c9k}12`PgFS0u}pqwq>qua1;P3yRo$c$ds2&yNkDCMz2A6CVx%c$XZO}6 zaMRtl{#5;**zdQ8Pqv_RS`$**|JtmHA?l4MEolTbu{RIsIHq&*YwQx8a7m*$_d95U z_~xT22_=R@8oTm<*G2u7NvAgD`$)P|BdtLg0nO&^X%T!f?_r^_8Ao(-M&{Q>zbf~& zGkKnd+cVvyOhE`R&*HZytSkdMHr{I&Vbd)dP0s6QT$%1S5%U5lD9jRN_uFtB)F{)9 z9nC@dNUxWXskFHVf?k*sPvzy!^0_Uqpjko4jRjjj^@M`C|-R{q85nD;B^Ky z2bGE|g%AS76BLw;Q+RScMeLY_>U(Z13YO$y<2oaI>09r`qI9O!lZl3!?M%E+^YNBN zi;XdaC`OXNaD(rBvlcQ8juSBH&u~ysM7NfC4p_h$l}L}~i!jkRy^%QMenY?~dqes@ zG)QdMBK!x)f{u}%a7rRiA@bKKhb%8ywL^dGRsXtXvqeE+W$S$_86d7I{(ldu{s^9Y zku)5dUe4dqhv&^$o26rLJ6sC8ZwM&PmYIA};3(!OSWms+#CjJ#R<9T>62K;i^2&VU z8xU;J`nUQ>jEgxXmr+oDkb*h3&I~eGW5XVWHCg^{zA>FVz3XQlfBCd2-AM4meeOq+ zVz`o$7d!J^oL+cf>ey78&#!qkyGtFrij($i`v*T5fYIG&d~JF0zg!mO-`6Ye%`-p= zE?k-}=FN+L-h`Cy+Cm?pWMSXlwaWkfXUrQC=Ia{@-2cAxf8PFoF#}a{4i1O=P1%M} zG+wKPvUZWdW;eWVVxIoW$`uXM;63fz$#1$bfG&*Z{#E$58QUcz`j-kVNyHSS;!bbg zhbb?LBXg9(lnv3aX-M0=tkqpy^dLZoc!Nf(zR$l$bG}x>karCaf(nPz{H}hgNodO_ zruZ1|1iLhY1={1dAN-la{_vkgaf9#b?}lwBfle^sausP=Z^u?Z^4RAfQh<-G)#*6) zatfWTqNmIMvQwo}vpgG4NEg174n_KI9U8L9Ff1uzVq^NBpTARvAXfM40eQj;=LFsw zR~Mi~LoujUs?fn99>56TrCL$;u6BqyC+D$N3mHPp)jDrD*$<%x1C}UQ={TRCraU;M1PlBg`HN(2ajyMceC* z#+{6V(-rgho~KhAY&u&YUEN#{!}BFrnn9)L_58&RF5;^q(ldpWgv9#;a5Fhz_ie+< zWGUBSLakLFcM<_VpH{K<_0DN1n8ltwvhVwRwMQBnfxBH zxjOsI|QzU?A7SUMMFXcQJb-`3nem^iXrJZ{PBTs7xTd4c%8 z49I$19ExymM3XPq-Mp?Xln&ibqw-Umot<^3RbHjgwHZrzEM!V zt5FgW8io!^Ff%hB86}(*45yWIoG46E0B1Ov&d~nclr>Vzb_$rMTEDO%3O24`set1K_)mrwLs<1_RTHo!KgPA* ze))CW${n(9_xn=fX)wsB1SA)Kue~ViQXc|I^eR^Hads8}^!&;>xPi0kU%mjq{^$N# z+@s5u3{V2kQ}6A{>cMPSDd>l3s~Uw zP;z>@ef;TY?iarsJm6l!*8O#W++HR`JTo)1a;Vh<8EO#KxpHJS%`G$;W^Ylk zHuAeF1p1R>V_CP#)SwxRL5OEfvC>53Bes zT^4`lUel_nsmXOS#N&WqB+J<~rYoQ;v*}6hrG& zmbg(!UV_45!?$f0J*nj6b2kgb{Ic__s}B4QQ)4e2_!-S4!vO|}8z$wyKFb_#FgftdN2H4pu%H~UgUkGk3KFb-ys-$gv-k?hQ+^mA_Be0E z5Q&CIJ5_ucmC|HcDc;eu*$ zC!~|yX5Y)7w^cJ;?3$WY4i)NB#rgd3=`T!si<5>Ipl4ofY-F&0w=m z$rNVwqpqK|seit~6w?ZvkM`k{t@V_B94#KOl4FI>#rD$oc+1$2Z5X+JS_y$bu&}U# zKFP7k6Ls#N+e)}6p753$0@Az-MeK&Nk><+UUAG%=e<2Bhb zAJ8eTMMwUL3m+riMBVT?%(=`*rCSewzW*$duv1+<9set(F>|!s(}9hdxyY~~o8rCo z>@JbFLqjIGFR&3TFOML!3$K?+7cCFJ;REaf5h>_>T)UNHJ6T*A9Y05dNELN&7F7($ zG_tTLU~G1$uh7&Iqg|QKY47~BPU3g9lcbUje@W3@6z2A&F zgI0FubC|;M0RO>y+TW=Sq3=chLE~%Pj2l5V+o6^bc7pkMiB{@MA^>gQ6K>8`IoFDM z{u59z>ZRvp@5E&@w7&ZsxQ=d}Gf*M+s_q=*=cNK#{edT?5m9Yf#<%Omp25UT%@|d9-*ZPdj$?T^mM?tjH#4o-{t!Dw%9?*(ecB z`Wq>9d7WWpWiQPUiJ$EOzY+I8E~Mi*t!`NJXK3b}4uK@CH$~H!|8v=ETn;~s47vFT z2!u~yG$b^Hk|d{zVVE)-wk#JNXPJy0Zrg>H4Fhb_HYdwEQd^G%T@A5Nq0k~gp2fP2(o2w8hfBOBAZGj&;dHzxsgSLNp9Sr zJ`8|^F`J2s!euge!=2mDDuUAK3LQB~uGPtr<-nkTaK_jH_|zI%F3MsTOTbT|Ah}3B zkm#n&vv=~}_xS5t6&RYG!y4cV<-<~cfeal0GJx-RP+V$A%cg7c{FHxN=O=1B8!h1; zqtoDa-CxR8odO7#s0pd8S+MhYKJlTk7eQP)dm{>s>$oZ}z~$l>HrpzKt``P_4Qbdc zIgDyy~o zfRHq;d#1Dr(0SFxUQi2KwPF4l4oar=NMkZ#+Z#nio<0jdW-Wc+yUB*bkh`Ul`J$>S zRdzWd`&4n)`cVq#1-cW3{kYsIhf%Yg=FelIm?^0M2hE;03JSZ2VmFeEZyk`wTL^xF z+Vx+6VM(9!zUKF98D$CU%=UJ`t z;w(86AO`yTZI-iL6Kwce1#-e<4HlG?1UFJWBzysKEGr+U*LGkt8f$)1mK_+n)@-vh z$|N`cF5o0Y)V3q9ST+QkQhe;inWdt+fiRihU3vk$4-!oyU^MjJaT~t9+-qE^$NG~W z;Pz^2G2PwJ%YAz;hXPvXo}ykKb%wuzjeExw@xxJDTRXM>AOTxeie^Unly~D}d*`py z;bbz_E%;&sOjz;MqtS5=`MWMSIJk>-(uP82zF_!PBjfyEN;gdgG~Dy?d-etwIjc_2 zrd{@q9&~4(>TzPAv<*VshH#T`+}zAyD1BvT_Nu#W& zmm9UpIDi1NJ%{ut>06kY{jBBYp)GZW0TFMe?L(4d$wbT9$Bvr|TF&9hCdH%3 z6!)6i+5|n|NbiWW#gK7h5h#1Q63IKeZl!;FAd)gl2RM8KaId;EH-@0jm6%K!#JiaDL0y(Nk8`C#d@Jtv6>$(_`CjYeATRJl`9V!uVsO zwlVVvAd)9@;L9CH^J0mD;rOIofD8yL@|cCj?(+Fu&cppRA1Rnp?(y515+VkMhaIQe za@B}fiUGYp%b|>$qj6BAWI(;9EN$>DaKqvUNbGqF)h6 zO*E(<(J@}6jLSK1@Otl_0RnbFp-CY_=Kd^twWJtG)lwVmNM?UY1!U+jfY5mVwxDfLziASjS* zx=#W3G6pbLZN2c|k{Xj5Hz`{}#%!X`LCimf_NDzqUN?}u?}G1vQPyiRvaywZ*gE8( zfA@WNLWkCOO1IV_X#7SLNrE7X)llbMqu7hH63Au$>xrsE=d`-Jd~SdXM5nDAWSg;QOOWqG$UxbTl!o}LQMRb z)M_FxWISsbU!{R=`e>^F#l*VW7?{yE6tL7n(mJM>$$v*R24(&VW`Yl-wpK zM=`mQogKg!13)Z&%jf^1^eYCp-@lDtx93j2xZ~{yG~uGuJ!$+Gr;^Se|LfbTi~+PF z&(Y5QG4%d~QiL5qFsDm2jE9;`Cn=VvN&o%SM;Y9(HNf>^KllLBstz}PVWVq3j&p?7 zp38wik`6^KD4srP0wnD>x3+GehyQ*F<(EN|%XfgL-+wUqh0f4w2s@5!6bzWA`0tvw zKt3bjI6J4XP^mP3F7du?2Z&N-Md&_ zH4T_1{_h&8+&nzFxgfilI&+|{6Of!s_-)!bIAp-sQ2!gm|ITkDo!xt$X^a8WSpQ9z z+<){61to#-KYoLfrT*7hP&5_(b7ho|3czXUf4`*40!V56`zPz)po{V<|1T1u6vh94 zT{J=DOvk_=Ez|fn{M}V1-rP!GoG+f@drK_^|K)Pi0~r|=r0#>3b#?Xe&0uyc!xmO# zyHvpR#zxK7j~KqxdYSzNCKWSJ&4>HaKhO>f^C412Z@8vcZw-@xowk+iUizl$5o42U z4vQC_hA8k8$88W3ljkG?9jFva*fHF19)P7SPNhuM)JDVOESZL}sh<*$?IgXHxY(X< zg;)I;joSjf^IqGuFNCDQ+_Z{A&+8ORoYr?-Nt2rW1V()yK_W5|zcbPSg}wTG>VDP> z#Ne#SK?vjSMEU{RHUaEkB zG2bfj9n>1yN2eSoC|C-C#Hm0OWirGq+X6#y<@9XnVg=1+$8e|e^9sTV-}W0fiFdqs zv*FDk1{b0^bZdGjTdbd%t=u`WTeFJjw#xmYp0pGs;JCczMrj$wu5t1rf5CJ18QYYD z8h5G0X5ya-DN#;`jvP#9%R*F;JTI99hRttuS5AVKSGMlrEPh1`6WM=g8KtDLG+%D^ z(|N)6`a}F=ydGBk9Ve4rvc*(-FgRzn8|GiEo4<8N(QoFNmGhqI-DNE8Qg>hIn3hEd z$FZj&D~)78n;fvs>Q{7d8#c0az1Qr@@EQY&yw%SdNHqiMZ>y_5Qe7P1>!QSNqLX>q z+>T2U_UO9=?tcHq*eyHs3o~r?Q8Mya+@z)kt=~C3&KKnDgJWJJqN-L!R1WULgIn(mtFU$z ze}?U;ALAoV#eky}rv5L^fPJkD5{#YjewA&Nyzud@RbVexQi`*(TFlYXOMnW(olj6Jgro+X%pfg z_dCiI?Smzyxd7h!wb*sy2{}G*#lqc>UhmH^;CHfCWPeP$J<7NiRGht)VVk;va**I< zODwP14k!Ys7~ulY66@hWddBO>hk~n;`ri59-ax+?-)XC=3Z4&h^4Xc+o!mz}MV!it zSQTMKrJqGOdcTDYRkdEH@H!w-7iY&jp!w7 zK(&$7zr#V!LiHD|v`l7-X+GQM0XJ!n;0NyF__hPcq-a>RtC-qGV2e}rQ z?^i{;jM0(aB-5%t6#c!(3XA(UD-CE@;LVz%z*ETRN_NomGc@LYKqAeLv=V@~%UGP{ z*OtUTk~!@wx|h!}siPir_Oc{j(g@qc*3yOEwT$A{K$1Sh%lO~1k8GP5buV`1(He_l zC0`2;Tqw*~$JiQGJQ>sv*WU=jLm3xBSlTzt;Nymrar;W=8}q4Cxv4grtfemm0@&}JefpxiKeG&i)Qq%kv} zFE*RaaigD%3(qO4@pvClJ!1ugu7p8jn0cWwt19Da)rW~I^F=-x8JQGU$0R^~mKUOn zjhtN~ZoBm%Wb-*XiWz0cZ(HUqG}brW`*Qf5b2YWHYAXyO={Z!kAn44#x0Ca$btJP- zZj6O(&;d}x?Fo_%*B9xIl!}ye+hI~US=7a+VP(pO0r6*IxT6*vm?i<);{8bPQ|!{W zTxmhd*#>Grt#xP%<}*$A^)+}*~+UqEleG8 z>i*dR?r!UZLx#eadf(LsU#e$5&+TH8xi@PdS(R2in|bhhIOxZt&}br&#r1<+(_WBO-^fa2u~b6o`cL z)@njc-U^|U`FOZFueh9-auQbWr`J}c$SQY5%;IZg6heQFZ^ff_ugE0VxKI0=N1Rx^ zIj)@B@1Lt&Y|OuHdfsv5qGi_@+lyFyIi)Y9U4Zo8-p0t+7FdISu9Z7h;&Mi`aI`*Q z3tJwXzbp!~auy}fp9URW~!ViNXKd?mj_N(zC`T~7ZXc&;!WjzfOmn+CW>+SI}h zU%bC(k@Sk`^yh~O!xJhG9(9*=_uj51=$^8Z1ki|+@_ksMGjHc;MT3CouOTWbzFtWc zcMV$IpW-Y-9X`*PpS(l46o2T$0WM=Ig*pkz@@CDoKS5KO0dE&^Z%%iZ+a{34okBga zdFR5HW_TUltno_KOtWDLJ4YOC-@8rh_v0m?=hs{A9IM98@%S436!s&j0GB9pSeTea z=&e4~^VNei@oaL84U-fK1ZC0^diISkZYTERb)9U#58%*cRUl30nZI%~Z;ze4Undtb zaxM8C8NC8T4z*7waaPkyQj!HjF)FOmDx{e#=F@I)5xdp1>zjLF3(frlXt-;~odkG! z)<7oq`}Kz5>7fXei%W!nhv3xwuDgxa!(#dK?6=R?7@p1Gc}W4BNI5U7S6+em9iN{B z6D?5&Iz7xItv_DE06qWW6pQlO^B@&ZTeYW0&l@x|VVSR(vB!v{}H&vezUf%P=NE1sqFmbn@74E#eQ1-B- zN;!fJs0DEK1wP1?gMzafY;GBPPRT&S#x0+6+g7HvlGRAK2?vkqTz27adqw4$<@>=n zneqiRMx}ecq{XnGsgsf=C?ZctgMKbOlAtq_N?TQ|x$bCLqkq3%P2+wh{(L)bHa1~z z=TjJtg9K?1w~Dtr^#>-hU8W7f6n)^R!zDXmitgg6j2J%ZG?iktXH&!_Jb*(VDzx3| zgweA6c7-@HnRoos2mQGf2SW*`PtLvJ8Qo;ehefQEdd!$H)FbtY({)4#T4?r-`s~){ z*(Z1W?eiwC@Kc&I53g8sUPAd{&h68^9((9^;u@2COiViOQAqmRFbA1mV_$RTz zhgs8?5)sCeW8^*>E?gg*UbpFZ6e?D|FmdCEqcbkbE^d$zZ-2BRQ{8Xd{N zTco!{Ux-{%WkGQ@X^&g;ig?1CiK1ZSUSC=3Xbvn3z~945VHZ0zmLFZIRR zw&S)$WX)XAHF&_Ky?~LYrle#~hOdVS!6Qwmb+9}~QKb}%)B_~a#kZg)w6biKyuZ3> z`Zq3Q)@3`J)jCorIE4In1?GUUR{}cBcm3bAYmZ)3my}y}~39-}E97I!9X$=Llj^_O9&X@%EZ)v(4Nq ze5oD~BTyQmNuAGR`mE=tl`bJuvBa%CSu9rzn`SSFU0;q2zGS@NC#ky&SM3dDJOcNs zq~i#bm2B$D?T%3sStG*m|NNi){x+^Jkw@K|*wfS_`(=#cT>q5Oh zcXZ}0w54%5j$$^O|M-l7RvO(=mDcLyJ=k;5f^CqVvGQVi4V#89++Pxv?4=$C$Zz}t z(~DsL0$eL132YC^dK<`Yz**KG4>(fzoeZ~5fwks4W?e1=K>>nbbHD8`Yu z>pKbXireFDl_Fd?-gg_MHf9Lp;5TTisYFJTO{aE&Qi}%an~vNQtj{7H30AqCz4MsS z>dx{l%YMI#B_8Wh-J5=tQp#3Stu-$dIBAmv?AOm$IKWvSG(^cmPJnqh=UEl1#D(kj zR;SqM!F>eusDh|)=&-oV!UEf|Wg`2@V<-oHa6EI7{M{LW!u}?QCqA73g-4{R ziA~Y^b}Bs+vG0^EXGAdc8Cy%#RvPw^VvQ+M41ufof^5I2 zJoH(LLtxyF0!ybdmT)6m6Db6jCU>u}V3Rb5-pQcVXpi+9^?A}8j+j?$U`Om67ApG+ ziMxqak+_T3i=9!%k?Pu^385e652=)1h`vNb&dp1^j|F~IM1Eg6Ci37jWHZ+72!DZG zWyJv9-#2c31mg+kgZT>Y@PFU%b9`J_0(j_o_umJvSJN3SuF6P7=9&qXJ` zT+_iHrkzCfy#aE1t>Jn1z-M_Ax{&EbsBtgj#0`V{fU@paa+!x>DW5QuZnAdP&rj=*=oaUH@cEya&@=}-Km{V64ct?i)R-3 zAT<*?Cvsc;dtw%=!n0h}VtXZjSA{gHGz3}{Xi@=_?&Wnq*Kwm#w#mzAzz6roTH%+E zI+am$4^24rNgypoHinG(M?qIIBh9K031*&87fGPdNYef2yJT>BgTW=63cEaOf}CM~ z+sLwgSp;k0id!jqOnu}(sJQ(J14$T1_4EjP$8=h=RP}So*BGlPG6MC0Bl2%XLHhaJ z?kvSHX_w}Qw8*eXOD4;aqHy#wU)UG37zCt6k3CPJ(R(kdd5A6M?I$k(x&7~{9tO=m zQl~N)ZFD_u20MoDD1%ieXrDkm@SZ2{cbo%82^y|oSvK5h-RK*aO?fbH`mQe?Y~V@^#j6M$p(M#*l(fy!${}`iD@H zCu|5zR>{Y9$oXtXBjEMk$NeISj}{!)71tZ6)baUpcv#kg^#?5Q zS?D<7JJ>AEn-F^=)CZ?nDaTnB4B2zJD zO-djC$MF2>Z;Iq3;Aun(o}vCLgAwGI@#$VbWZLa3j2!kN&K*@ieg{~=L;Il?3U830 z&#D{Uvze~>9YX*cPy4Q#vj-N0$>MJdf;sqN*mM(Me5J^aycs`2Jy~y5A_iuP@2xMbX{nm+o7VV*H8; znpg%}p$S?hv0;>e0;NLdHiWhVox(GWc?0A}_(&%*@2>n$UY-&*zn6q{y+G?pJP~s{ z&gd_RC+ju*2jH-z)1_@U4<=ICa=bF}nA%2uEu;L32;kO<@Bc1emUz>0z$waM?K4^wDmew$0r zvt5*K&04omjcgEf`7M}y(#*$9*i#7t9AJcfSHPjdT6I7C)a}7|?Mtn$Ajc&{>UfVO zXarwSu&rwEA;mV|)T(>h0P!&P+%AF1!+Dc)U#bb?U@ccu)g4}lNrmHMzi&dWhdHW2 zA*h1Y8Nw$tMdFeLYg!sS-FcqzCTHu(7hmt^BK6%EPmDgQrcX8dOy6p|zdg+9(&Hle z=yo1giH3-MLhRgmi{N-f#cN|qcda+RE)!KV$Ynq;UaVs%d3UxN9JUp%O{_2V>eHjbmvEfIIu#B{*X$O z*T|h{8ow|w4E9Ym0Fqd#72V;TFV(9YIO;&F4#pMq7)!T%@z-X^j+nnppmt+<53q_O zu*pl66B=Zhck!eo48N!j+&n(5N)l5U>{(dQGE|iOlyxjcBVnDFd3M8C`&FaBAoRYc zFXTN5$e_98a@&9Vn^K-Uz5H$%%(o!V&0Lp>U1`^GJ^0}=G>x|i)?+zry$i7&1dab> z45y${wAQT`kt15F9E+-X-|uPsEi3+HpBGUvOy}g!)w0j+HC%&s=lti-euM8|HUf$TBuB~PsGqxXDnihQTVcH zmHO!vg1Lk2HO9y^B7`(EAC3J42aa>;&p>LBUoy2RY8u#eU|g5;GkvA6FR(<2x^qfS41vZFK*`l+UvRj!jLQ{Zp(!=f zigw`Vy)coJ<=LK_o4?9>Zn@PM>P~jfnRhqkFt-9035e#z3-s&GsChvlZOgm*nUP9D zqmx1Ba^5AdV?KtcfU-^IE3Qi%!Zn^F*W%SVgVX1J<)_l=*j~@vAe;JclLpSo;;354 zD(9;BHoBe3{v@sMcJc6z)4^Yd_-SwOCP!9{zm$*(gF5@@&dI!M-@VZa3hh<7(9{Ne zJBfA-h$KWTI|L zxBY1B)(zDC@E0*yA#xKt3d)jMX^P=y9S8B}8(JhSA0*SA*$QEuj=-ti7CPIFnsl>wdY++)ZPYll$O(p@44Aqky}|U zKBgxLQMpf}GTWNWHYhC^Yr~Mj@^_iW=ak|Ob7NYR_*)bfBis)TygIzy0`9IYBety> zF%C#mBwD{!(h6li8}*iXwch$e-k+slZ*o6=ko}<4FR6T~$S7^a;f{3#0s=-~ z!|$6ESzvg3D4eYxFcoFX{09s`pQF~A!NoAuzrn*=mT0qp(Y!A(13Bl>O0Wy!`Kh;y zXM`4cX9GWCaGGh6C<0qu85u#FZQ<=%w#`)kEdNtcB}Mqs9)Z?#`cW#-%OVNvLy$3F zF1Xjm-@X1zgq56tRBH%&2n9a?a=}Y}p%Kd)en9=w58|u@L1NfHdY`4FPAo^u1)N-H zob*n-(F3T1ZUfkN!gz$6>S4e9rH_s>xq1MTayqi*veNp%FPe9aQL4E4{a?4m-V1S# z3KDaNNeyiP`I zm;;WHUsRMU32k&aU~Dx7LjDxqb6}0uu^5Dzet$;?R~k5i?i+$+b!f#8!J3m)rQ$9R z!}@6Oqo(joh6ChSOd4lrX%S$;v`s}J^EysRiRnp0teFN(~3|wonA0x`pzy996s+bP~X(?3VDJ6Lc~YPr$#-(a*MFW}P_M z4;c_uQjY9xl1;(TT?$iPJ)R73vxk3%zldj z!J!?yE)&LYT~uGQ=n-0ANM!Ph2hoQ~r3aJ#>xemXD@ht=R|OB1GZCp!D^x@8m6OWr zd+#NPBfkro4-VDFd4=D!9BFCUW1 zFaq#PKgeBqoj=)@c}`*1w!iofC!?V~M_WYi_gi<%lTdKOt-&sadBT^}9Ow*opxh9p zQpcPZr;Xw6Z{vuDvHmV8TJku1N~Aw0COzTX#~J~f{3F%*cl$5Mn-qH0u$eG-qXQ3p z*RNPo2)4d^ky=@ME9s}lV&oiTOqSF1^{eq?&$*4sw8<=Cp`(A;sXk-Kw-1`mOZ1sO zGjF5}ja>C6?=CslZzaFs@))VKc~}A1Q*K;WBjS@lomMf-N+w36GcN9tmTOrN>rwHPW#vhs&!X399c6w@Goi!3XoW7kwJ1AOL{V228=P5Qp+Sb4-qT zLgqQ+%8d`K)t-CTbpSPQA%pLKsWmgt246>95I<(iJeT2%(PTtzRbUkRxg}HIPc7jn zQ^6SZfM7&eG;`yf$H=y-0OC_xVm_Ndi;Yb|Z%G_Rbh>B|4>GKQA&{1*xV&4(nJcQn-HRmyG|5uMBG1OsR!u}SB}|0}7| zo-pnS<;==z6mtw}2H`y#Y$q$4Fs6zsoi?1HcLAW~FF04Iy?m?GA1fk>G$(CRLAHxI z9gOZMT^d%y@sW=Qr-w~f-O-+MpBZBU@p7w+9*yK^wvqj;=fXfv79CrqVwNR_n45Lb z`8n(Euo~T`_FTrMoNV4=7}_}w@s|HYF07fyaA0q`PL6O@VbIcmxS+@kqjfthzw~_4 zjk^@Q^Ckgpyu%y9=V&>I{k^XM^j7%p<`T{_sMb-tSC?B>FdIdGj5K~#e-J3L-rKz`L$*Y8-vZNFOxPtYnUjyO)B z-ZDc);+B^?rp<)csR7@+m?;ap-<}SNb&Nh+YJ6M?%q18%I<9!RYba!?otqt z?(XhJDd~{zUNlIDh;(;1(jC&>ARq{fjzuh3i~ab%zwhjCe`D-3&fn(`9pG@y=UMaa z>%Q(esf`rJj^dMlbeyhtsy;dGF@NbGWGhc%zLTGNKEcdfSkz?<;#kM*m$_*CMm;hZ z_C>{O=K>mWlI-qWqae&)ZP0%2EE~+70*%(e`@t!+C$|8gG5{_K99erpQNE9lK>sA~ zRtzU&8s@HSFOAroY08Bk5B!r^XH(7R|DQU-uaK&Qh{Naf{!o${OG^Is2<)E|5}*)` zrQ~CvTL|At2tfy`-sxDj2Vl1E4y-bpveOy+(^GdyeWa9YI1HssREyJb+`P^5EQnJ1 zlsgaZFu%Fag}%8l@vVA&T4eu*?AIP~=5Jk!eHfLIF3o3SbB){CL~up1<*dK}gOjGe zVc6=LCo+bk@xX5dMX&1to3EgmOYVK|*lTi1X@J1;dhE^i@Z3LZV-G_vQ3gdgnLX@arxgMoYmlvyfqv)b|jJCEF-3{>))kk z*lKdte>iRI(obLudUlqss&V;t7LE0)zXID}fEM&BoOS!#NxSE7!(B1b3-41B?TGmH zO@yuQp$U;+p#@=%U$oW=rmOcNU&{GxVUdt~^p%Hk9j^-OfLRkW`%c=>Eq05Y-&S!K z!o3K%d@>bll_!{mEO=i@ue+Uz3zsn63arV-<>cqcsAiUBw;Ume%azp;)U>a&^WqmD z0`a<9Kk{Z<@_#FnWDzavzse*Stf}x8DxD+rGpaIJl&e)FS=i?huPU5YYbXW)xDIXb zg8GVou;gBGA)hrEg=~2j56Y~e6P3R7=d4-=MM}7D6~}Zun~}M=5?CDU7j`l;qpl!D&8{kL*$~v;p@YP>~;EHS^A+Sf;c)QzA7NPPT`uN)y-< zwAB~=oSlFwQc||dw;QY67q(yZv%DY7vcPu8;Av2w3s+FktzNCwc3rRAL&7{Hq(|bn z1}nnwOfIVgZvkj}`26|S7u>a-K#Q9!(c}PX+Icd30AY-)_n%#Y$u@QbWL+AG#G3() z7)W3SJIFb$?O_>ck!^A_IBqr9vtBq)JtxxnRZC44UK4OVaJcuGrz{v^*>E9E=gvxA zCNTOgMm`Y0G(AuG178uuQTEwm$dBnd?x>^I#Rw4N_jCFC4%S)jdf?Xa^^#MvOgH8y ziHxe6x%ojSsJ4`ee=)NqqHp&E1+@Z-A71H15r<1Z-r5ZwiZ;lNgiTW=N>x`ex$+MT~8rw$GPPJj3y-*BB88 zopv*bAwDA(aK&y^Li&)}(iTjx@@--AxU5M{^B)N0!&gGiP@ zhnEjm0Os8WMKZY29!6dVPv%JQg{6>Y$hztRStfK zIK&j(>^NfnH$}es6^7yiAjE%IjCxDeU9U?hliJrW%e{4l;JK&N*u%Bo&MBu^oZcvm zEzYe|SXLYS6Mg@+gq8_ex(GJeQPV#HpMF!PF@#;=285AK3y7zUNh+ypIqwedyvc;7s}^yHd&F3g+80U%LDLct<*#i9JL9VupH zn=Sxaibq*q-dBrRR19yE z0$LSC5C^!gi3NU1Um1B@N+a<%o|krD{M=;ZhJrqRTMz> zW&Jn%k|R>aDddmj?$96qt_eEG6Gv+`A<0`daKdz zXo`kbJFzZHBBy+*{MtPVzJc5~tW913$Vv3ywqhb-|IE-K$yJ#mZT>Ak)LwT=YW z`BLN|Ym{l;UN}%ih~E29g?jK(9VHTqlT*fVb>yPXMd?;<*v-B=6)u$xS|EPq9}$2Z zfh_t`9Tdv5R1xyh0#%iXQJojWKCsqOwdQ#e@~205^+>H3mZ8TsT=Z?uinY~iFa3;@ z8;H1MKP!_OoiJo#a^g4;{o@0T8(lUC6i%yn-Z{)z(`AAo`aka*d})55ykuQ%t)j6O zMX(+@cb@Ztz5};@8dd0k?N!hT;8Ft(&ZS-;3+pr1C1k$+u)Onb)a2Ti1Z+Z$NpJo) zL*pOa#LW3{veAhg&#>j%;~CV=4}3;6J@@R~FJ8)p(r8uXU0mzo`XCb+!&}2rPP>7t zryAYMq%VG@6RWD$b?Ui$A14+OFHJ=VAf66Pr3fgxe$)5TZtLi6YY20Zx2T>!URD^V zrh1D+w9vVoKA`&KZ9PpEDX3mqpMYci=P-=8bLGXzwOQ4I#3PKeTs|+2yGgdc>oR?! zUbuKD{1doW!TYK~%F1t!sBa%{QomB*3KkJB8gN;OTZT{~wHQ%CR+df<`D5;fV%Ed! z!aP+%fU00hw&>jCL>Q7=7wR#egKP9p22Umvg46t$P4U-*tQ5g_`hgVk0HEArMZ!uW5e?3YY(LFnQ^h7C_o7A^uLAQN9&$$*0?gaHuqHgUd1epG8uLL0OVEYTH6UkmK<(L zISiDd-adz5%&+Tg#=`5qco^eU%%=m07wbjMt$;8-)H(t~ zk%KTQkN50AK`lTpJhdi0IJ;*hTQ!@XQlDLu_Q*aJf?)kj6)EdrGX$DzKM-;nOzX_h zaR_9}{MY~P}5s| zVk3eBtRze|Z_L{>U8gx6tpD@YyqyXmh)Ph+)B8Z!OKH1f@Q5ds)u7pOyfDo#V7D1Z zzZ(@XSV^K(6j&1n#Rb#$<}w==Zmi(zSj>W!2X8|Tg&u+L_EL?lC8vNCv%!!cNGyT8 z2kUs#`0qo()i{2?9_x~=>J4Rr#BfmlpSK$~Hn=g|T$TsOe#V_;+ZV}pg!G^FTHPRz zvm9H@bT182_S%_d;`r(faf03&adWG_|IX=u6I@IB84WSm0qO1y;B%N54EcR_#sOB{ zWR6jX>B&C0f0$C#X53>2*a9pG80tSef%8{3e_tMPj@6a;C0N%&^PL` z^?_e5G!U}7g1xeZ)S3Y}7Q>7Y{0bi#VPFJ+mfTvZ;Fi)ezlKZ zKcI+-TT;#E{MY~ZyG6m(ku8q;#$C3P0x4FW9exX;msa|r!Kc{&5!`=mrW=2U_tnjP zbT!w?lyB~1sdV#8hJ$?^u%x*_dj2VCG^|3r4N6O@`cq3?9jER?f>T@)xo!CTb}VnUEqtyL8i1j z`bbm>*d84axQv@jnBtCj9WC15BZ!lFoYnlyG4jiW%IR!&eLfR+iBAoX=)y=SgeU!;hx?1-J3d+V zjC`f%Jm36|^Tzy$BPNH3lo#IZh$N%kr=&nD`|EQQ?J*YT{`*4N307vs_S!nyz9@ZB zMzhyPAC>3c;{1@V??<*CuE)Bt(cA&}f3RIvU zN)C7U)N01jHP5NVO1sxXW0LsMr7C$HH+r}12;cZvmwOc4VEGnegGo7zo3VqS=&xM> zu(Z<$6iD4r!w^?1sFbBGF~wk1%XQK>6bBqmDMuKtn~{-19&fc}G+ zyAa!df#+;l*l)ct%NNVMS?%Nw2Z-2WBWZ>3Yk`CYYF9rLjzM*IU|RC%SLf9ChFTWV zn6{UI=)~iLOS$`vLtl?AM~}}eFY{SVW`Z7fDM9e79MDz9)+3?W;}YB5(&U}v^Sc(7 z;H`ncS__mUeSu31{r#tEssleyX@QdijR#Oum^{70ic`-M$_v-D&=koxC>2-gy@lO~ zhLqaGO25sj><$kKy9|}22niVWcJ;kTsyae8Ksx6+0=vdZJ)I!v96;P^c@nhu={*tj zY*5)*A)hjK)6OXmm4%1gr>~eK0K|JMk!rm1Cexvjh&m z?S8t52T3i*SC<#V9XZ-mCl2VRvT4VIH2jxv*bhch>@Ug0wLe`}B{AuljBQxZs& z?;n(c6@8USAeTcnaTj_0-7_ussDM#k;a-m^qe-IJj?ncmEZB&zYmYY%Zg5Pg4!T30 z+^y?=f}K50fgXqR%E6UaUOMwY+ot_Z@F^;ge&D`#+<)(qMyZJV!vFwvfNl@k0G<^E zB^_jGdiuPj8+HQxv41zj`W`~aD51o897~%U$M9acyHwmoQ8wFTjEuhN+tGh}!?1if z*Rio)ko9+(&!G$6n0+1*<2{AHN&dcK7-M>)BArEw2A24Ij^)l)w^!gT{H*(N4`6;( zYI+mMHg~=jzm;k!ga_R3r2<5V{0*{_J??Y5dFH7(y>dqi$Kor3b@UI!Mlnn|!l0Se zRgxR#LoQi>AgioAVRB}>1{UVYAdaF8Y0c&l@x49G8jPN<7Ox7q%3GaOqe@f*m2zCa znP)Dw`ONrg4-ayCH6<#^dBNLtTl_u*{bZw|frwKQmN#fZF=4#@#?w4RnN9Z-u2}z8 z2d0&|QjAslJf+dajlFfoVOSVG=I6IG5ret%k)es4b&MbK;KAuG(Cb6cT|ecqm#8F| z)h?4rHj`qQb60G+{^h?Cbsazcs6w0N5fc^5eketUNyr2#Nt9Oru8{-8iDCjAsbHc3 zrvkQ0Ur(6JE>-C#V-Xom9z1XhcIvr1q&gxHPd}eSC7U1(uF3VXs!A;_{R~JVBeE@t9xK`Z-GE#mMC_VY8i|-9-m-T%*vOBgUz8%nJ^SWD? zW;#C$myQ3IOnwc()%`CXFeo@Zw_PwBf|4l9`FSj7l|t9F!c~1SCCKB+L?Lj0lzcHt z$8i5KxFq+BB&V(ByBnL`?JO`7@J-TxQ?@QCD)QnB4==`VomxM;t*jrq63 zM7mrpA?Q!JFuyKASZUA_HfhJOC21vxd!7nEdPsP1hZI>HeUZ*9xc$X$any`xZ(g>IIa8h;&XKMjMux*-;JdCRQVo#wTSYawWn^V~ z={dC%5(-h&wxL`6$dw9g%3)#+o3F&*p8F4vJ^%QQs8@Hy2Yd!_>eOC?v*$eo8E{MXH;J}Yb#l`yoFR-8|$4?l?^7%xI*WfCEk8(Q(C5g3^4LXa()M6upgh--DJwG%6 zp0F67`3~Hkcl|eEGHSOO9{Xi*U=nMUz_93stcC2u;h|w7TW}rW1Z1A>JM$mT1|#Bg z3ccT_CU~afakVb6AM=2cykoxOPRK+Qz-j*GYkm4itchp~kCs5$MJ|p(!iQn_I z>jGv{KJy-q58303Uy2jve*R1PVa(`ac)CpOexy@!5zT{}O8;LK8cF`5%i%QCA0fjXXhbK~w)*i5>63%Dy5rA}VJ%CUwwTQK-=;=PVuBVt0V zF1`V^&1}uPo46?0zZ8B!QS+;~jjknZ0Oex0#A*37L-zg#8ZK+>fp{4{PicAsuzN4y z*41Wrtv1#Cj`2A{ML7h_#zzl5K-qDCfLP@gzOdliN>N`@kJj6DmXZ^|S-QV0e|FS* zYQ1jsLe~4O$K|-ULAcl4ZC$Ca00Mg@N!VzAR}PpNWU;WF>j@#|xB;sF>Z7yu&iI7& zTPR>?YrZ`Zr#yvlk5hiJDRCw*N`wyoH7JmCw*n7c>>y0^4d^A?;sB}(=ZWKbHMZcI z1fZ;STmFk|NRx1JP}Z=Oz%kqd6=zphp|IZ{Hlw=%YQMchUoT}m62m9}-tKFrYJYBi zQp3DZtbUPo0GPz4FLMl_Fj!!$gAWDt&u_Zf~SA#+q7_2VBKl`F2?f{_R%oiQw z5R%a{ZeAJUICz4jyi@=Ta0LGj4^h@h7#OdLf<%8p^tmC;mP>ESJ^aeFWS`eQnb|!+ zubh4v4|=2x&H_N8Xf^gYK7dz1jG{QlP$J{7*oUG0>w8&~fvkWsF+RT8>=&ig>NPbG zfxua`8aee9TUoG?+9IP>bws#wviyf4JPECN%E_mxttXKqp=>o!Fqt?ogaXi%6OWFv zTyz$xX1_-K(r<$1m@i4NxB(xd{a zl*bRCixA399(sFl@Zar*l z#t7#VFrq-VPfMm_Meu=*6CiEmGduas2x9-aNQFo5UM`UO(Hi}{Bm;OoV9d3+Oui=5 z6U$QEoCq!dqqtUgt${is^IJ!-Md!O#>I|%Q< z!i=aE@p+twJW6s83%r*HaRKuHmCC?i$1*ZY_jZSMv*l+VhrdK{RUa%dA)2N` zbhpll;+S?SiCqbLO*Vhr{wko4?HXSjF zo`sDqIgJIst@veIZO{!l_%a97%Pxo?3gN%7H9KmZ4sDlI2a>4*dbjS2EUJxPz1evL znkRnYlAqipbvXpE_+JrnwKRUmJ6;O=w1uJ3Z$!_pANU8KtWu;Lj>swT$2o{;53ld> z>~d(fMjZW_AxaeQ$!1?KhcjNa4Sgxfzr6cLfS*n#mo4DitKEnHnfHoQ^u7)Eulm3D z7`T*GX&q(9#8J_3yT5Od?BI<1zSiLaqswWuv?R0VXpF#&=O3@U86REQWZ$X>CJw4C zY7K5{9^y+Ky$1fwXt)Xl&q=u)W=3m$XmA#UX?<)KArC67OvlB!luYtM7oKjvZtXC` z+AJh~>h5GZs@{>C1${E|DgKj};{zYP=J$_#DBFS-#rUtAk*@RfSq^^^>&G(1H%)v- z+Y`uU`iiP9&5$5Nj4B}%M@~X8X?lnzt%>e5*0*0?+j6tARlDU)ahGNUZ8=zn1)rGs zLfdjcMgX;?40@yfS#adF!N+>rkliHj%I?f{1iX)j6q1GFL$RsG?k}Qy%zC2?kcHi! z#Br<4aqojL)IjzpSp%d7ZizQ9!+f>+HL;WRKwf-0S)BnepFJo-huh`2^u=p8?&{sJ z)SX|Y5wbFJ1;ObYWqG9&VmGS-Z37j#_+LUp>u8O37*ti~jkmK0XvP^_3HYzqt_b_J z5F;_Obk#u^%nGa<6Paf!<)06eKB`WufsE*tAxnscC?YoT7ma8IxyAcBLa2sdxV)LG z;!b&O;?}t~i(wmv8SHRHH2EsqOEk8EDAdv6QmOl=0Pb47Jj#>8zt&FX#Lpy0ekO&KUMmFq8ikEFV6g2P&B~g3=t_+FSho zs%_AIXt~*Z{Qk9L2D>9e=6hlH(`3{$`(u|!g7roqc2kE?Q>=_Fatqr=mv*D%(XMk* zjxE|ru*wUqEQtp87aq^^Gr=JS9cWm1Snph>!y{zbye2)jSQC&4Xnh8zkEmIPI?*Nx zgnG$+v8P8%RCBhwIM1CZJr#F;1a$|-!~Ax}zt#=ghjov#gk|p8xTeY}%JSf2v6mn* zGbUHJ162dLHE*=KgzJVDlF4bd35Pjcpc)#@nU{!kz6{R#;DUrIz#{kj4f05z}R8h(Z)b= z6|3g<>s^`KZB6zy#LS#W4MNAyAO%*1#^xS5V^H0JC^!c%#ci)GM2Z zEWrpLe&ZkKCTj$IDUo(gr01H;(nAEuD6Ppdc-M%+5GxUzatezEBK~Y06FkHo_rqjM z%XUzG3t#VL6Wz<6M{No|1HdW5A=sch$?&pnF2g&jb#p+6aI?V#1dwe~PoAN~N#E<} zpnr6T9jF-nxzS8!36cZM(6fIisNTmZt&S0ely}YY8Vk&M7s27mBj@Ov{3JHfE|*xT z*vXi;ZxikUhyEji{T zi>raA6rM~ z3J~BXE|$=C(fnN}Q_QA3Xl?ve7qaAPGn8!l zlu79x4g8#XH7@)+YawP0SE2aFBK0MiyuuUH_m>xo3u z*t#-#x1o8zoPh&^x%%(k_ ze96*Ta$uxI%NFruC^D1#kA`@hNk~r{X{|1=Ehc(#?|h^~-t6>^$PkwPS3^L0jS3JZ zo^>NDoO$E3{x%S6r2AL@(O}PoQuCor38<#9KKdStY)YW?SYGHf`mK2{Fzci zUpqgK#K(Z}Iy{Q%qyFPo0PXeBrD=hQ*O8yK|GRxQz3`It|DENJP zJLfuQ^eMqg;1HsH16&%jT)TY+dV1)78U_XbG3{z|#83yBq0?pI;BYlv#l*0B?tdlV^J(^7G8V?y>$z^KWJ{kEUS+~VeS10B z4??&&`qSf|C+LAAXzareu(~1>yNz}4>3e~LPs{20s}<#+&$zk3Wuk0mbV}KC>#Nn& zM>>^bvZ{;zHrks6*JZT81a&Lm6<$!Sz;{(qk?&8|T3St!mzY2Kd~kM0#(2k<-2NkB z^7rq3{ZVr7hWb=RY^ERL<8Q{0-ZE)z1oFeBSi?C;+~_>H+tgDHLTNWh4g=@6%u{Lh z2fo6=^DBy2;4_B}f1wu&8k(x(lGHBf$4iOzYnu5bEoYaI4B*7#kIj~I9fK7m@LD1R z#gB0a^oNsFrQHz#+hoZ>gqL9N_qKhfD)g|h>qHKwe5C?Q^Nj4W+0mX+MHXEx9M$OX zyGI-HIvj2IaUX`RTZvp2Xc?83W%Gfx4;O;mJs1(`8;~buUXG4-o4$k_eRnr@rZqt4wr3`&lszzf3eLz;ZC;_z=HuDndbXF`;n7K= zc~!#$jtzg~hm{6!i|yZlvAa#sGVP7Cx`OWFaV+d~OwhL3x|`B)yXm(8UeUq6=% z@36)95GSfYq+rP&_#Tj>^qt1x*g`du+x?cor4oONs}Ud&)X)9d;CEB{Rc1wmBq>HB z&#HSYezIt0$Gvx!t66630rBHy_5v^IFlmGuH>0%|NRT<8c%eI_NK9Lo2bxR1*iF(-BT+LD;q8Na%XRno(vp@2$N z-s#AWEAk0(1RJjnT5r1&*3iHbE)!&qTmthr6B8Oui`!?Hk0^--e08c>;-vUCPCkmMZ8N#-IGBy#(A?PnX;Z1&J= zzHiSh6YbA7Zu2R?=Yhy-bMqgNCLk3~Xl2CNo9GHw(O5F6x`L+)QFsfB1@)u5ys!41 z4$DTjSl!lNG_zP=T1mXq<&j~A3{NxKfoo{^e-94!Z25QhxV+Sm8y4|izP3IorW94C zd!28lu97XkjN>uIh7lgfm1I=C9P+V1o!Iv0uz2ch+xf@NU!|g||HuqvpW?P@rq_?z zTMS1?!o>9AB+r131wu_91oOt$mW$wijTjSYjo@_O-J}&>f|_-w^OLDo@#eg=d@yKjc-1|UyG%CB><6y^98(PW#PvH{n;m+#oSWLuo?_z9n`u$X?OSH zeCdb`93B(orgFb`G`p)Y*mTL1;#9h0`sLGs5|{P%v|oK*iX7=yd=P7xR${%PiBi~C zj6QOZ1sW5?MkCEgqc$sqrDrU*Vnr8?(R*^B%O8F1j=!@WDc+cyhoM{S4 z2B#k=WE;ZWe@M=kM6BHYW0~|Ou7w&4A%)KCcW2*fHadJkqZh`L#+9u|9LAnc+v%8V z>&=-bS3si;b?WNvLtM!Rt605%pomn5NSAGc-RdNw^@oPq{Nv%Lz{y zKLclnZ68^z=JijUo|z^{b}I>;cT)vvR5)6%1NSsG@>XTm z?QAV7iv%393zUgw>&RPqQx_+#B(GnsUB9baTdFG%g6X2RA>fS_+ly{XiA4y;CgR0p zn-F00+kQ&3z`JWJ`u2pOw3a+=SfhkRzjD?4jefS$2m{dbYZL&swN50MHd z+UPPlT1bLw^Et6wc=EX~PjG~{*jJ)T2#`?_|n;gg6JzzvFcMR<6K0ge}mU)>WJ zH9Qz%%FbI-S#j@K8ot_y2nbN_)(n&-{FS1d{ECfjyW5p?wR1VfOMNFRWnC=CE>4C~^_<*@2mfdpw96Q?zf~6cRXf#V>*{I7ejDN7N2>wpG$>dwnS1S8r z)O3ZF+{my0SRVGHP6zHE4oNv>PfB|3X-?g0UFtm=ZEGWTv@+3V9eMgvDx`}C51l@3 z*3=NjSxnTY&K%3I zXIHcvR4QS|OTEpKKv@(<37;Auo@F3yNzexlw5A}wSGLfgDNjC9oG9xC66d%l9y+2N z*yr@0US4ohBFdwYmF*h;$pak!xq*r}jPC9~Y1;3jLL7*Fpcpb-8d==8B(>LO)lMvt zMHRS|U*`+}j(yu zz-e!k9#0ZBPpMx~C<#+XIvLtu&Nf~@`{92ZFl^t|t)QQaYm-)o*74tMORE4{QEa!E zJEuq30e&e9^VaBYmPmv;R3KhZgitu3@IVL??5uk-4vCJ{hUQZzApcu>h63v!^<|g3 zB#TDarVKkis=}1h8s6=_n86hCuNKOO)5Ls?K>}m9><2yg-9wdISV$-+#6NZwHIYA+ zmbJ5PilN&D0GVfs=cR&$HouS|%tjAU(kgf?-hCuJ5vKM17)7|#|N9^|g$T!`{!f8Y z9@%q+ZRN0AN-h&3G&bW6!HyU00mA1etgMLY3&&!=jYTV*_#{y3m{3`W z;Q1mV@a+J#)!%sN_{j-H*uNGghN+Oga!*9-%WBw}sG^|k8BP!;)4S!=*yO2jCL8Pn z_;V!}Lz{%>;IrdFG&_-w&$k8Z!b6LUM(D4fOJamPoG^<7i+`!oI}j~78OXp9*Y5+F z2z={$Kg-V$QhDhUZpDU}mw4?mNHMP=Jfx=Cg)I;Z-LskbPpEu1OJ#>IBO4~Tj^hJX zttksm_$OF~kpC=%?%WG{lwMj|B|zsCsT_G*jK7&cG1lTbk=08e*dw=BfIlPJ@EqQJ zajFQE#6c=d!tN}98iYpAh{0xBJ~eW!3tpZBCy3Q?3q3vhv7K)UkKsd#Ew$Oz)&Zu1O!LYgvf;s*C2xh#2^D@QRHzSYi#-+W4rj z2TbZu?~NKYdu%3gpOz)u{*9Q$zpE+PcLefxR+Z86k7_Aguh1_Zi^i77yMvAT>^Q!~ zK>LLc7azO@aGa1pC{F??w$C`$oC4M7Hy)%qegjs01X#6QSkC6+j5M~J>K5Q0x8Ek< z3Q3Y0y1Jl~)dS2Cw(92zt3w!I?DvvtggQbGNJuvPu6YtZB}h`R5A{+*hVi~^zX{1c zk$g$@LamkX<6P5#-7Q`Gl4~e!s;HfUHx!5wYQ9 zq9}a1j&s3?f-kL$tJ%M1@VEY5>AUs$PEL08X}kN4;)3VVLB~(G+j42~RdqbksdQA+ z!`5!jG}mMfTWTMlhaTk+NrlgfiO<3D!B7QF(;vPuRoWc{zn>M~gsVn0ZWt3J(W`RsAb|19~H19OY{yfOS{fP)9; zW9$7;mEZ)ky&Jy27*kio+nP_qgHfNEt4^#~v?^Cxfy31)pY}R-)8MOrIqb)+@vWorbfxBS#A-1Ac`Swa#tBpGyvGcISj1-sgA2z`hDb+4xF;8G zM@@uBV)u!q{8a0C^quMK`*8^rVBX!{&Y`Tbe6y_}5|41?M?cpd>UVw!eKS@VCdQI% z)d`iMqOM~wP0vXdyJOj!#)2g43n4Iet>BMMe4)Jw(bI6}nbl42BNcmRdE&P~v9IhA z(nyR#^eE^IeLQK8-d3k#%e5U@L2jw*Y*2ipR`vGDhi8lU#{H?fD-M`Of?$)JEiU#` z0z}dNtGIksK_r7Wnk4gNznxv=WibE4)rhogzpjRAGnQ_ywaL zKJ%1j#k+NqX$2|VIF`&)ak$C1;bd-i%p)Fpf)@tu&Vv8t#a8<0->Au+PVId4N5xWGouv=t zR56Nqc-Btx9tkW08j8}YSB+@_Mz0E3PGfD%8F)e~_YL*e;&b#y> zHz8?+?p?Nw<{d!Xy1Y5jXA>!U*?Ww7#Q;BvYb#FQ>xJf{G@j~#raMjHB23=~-E;KP z45cHqFe7%S>yl6DfOM=uP-+X%E36mac=lW4K>@c8zXKBIe`94654RIV7a=SK`%J*yonNR9dxx7EG@HIyd zP*+42b#Bi};&N?1SIw{>td@~N&PYZF7(ZdyrcjubGSq~qV0S_-v{?DTQx(t@#@WDs0u$fg zz%;dJ%V?B5mj|~y<0Oy&8=Djs=Nh_k^E)hJpbbs0M~dNob$<&wz<$ps`q-UUg$}Gt zYrC@rT8gUrok7~}Cji7{iS|ttP8hGS1Qr(pju?IdiUO^lQYJpDo!tW+&40mKs+iZ{ zc!H0Aeh_@1uD3Mb#U#1GXq?W5y(KbB#`?}3m&Iq+l`*QKYK0~2kCd)pFkn3>8bcxE zb2(TWfiLSL4Q~3%RU%PmFzoPoeVw}LcV|}|*GWRM6)OO+hN3~;`o02UoxZ8XTPz?q zuH*3)$2#dkysgT0!k<Z203Plb%si_QQR!%@0b~WS{CfBjQGD@0&+oV_>YNzeQEm zadyMsF3F`lcXt>l*aQI@7cL#2t?RkiS?)&of7~~|9*UBk1uFYRmD9WizkE0V`^g&R znUty`573A?+)}a(Qt^2C@!Jq&&S2QrAnbpEHkgIaW$czrMQ5`TRp@)-9olP`9d&Ne)rEKq0L-;ezo28OfEGFj!IIR#G&Cs#jI3jH~c`mGh7Y18)09 zvZCiGckzflJe`BmjUf@J{Ixp8%0${w6ngavXbGR3`XdNXehruZ zT}t(=!RRcxtL*{%h>}a>@aWc@C#G5Bx@U@*#Pw}|jhUC%?@d^QJ-K0dXoE)JAMLH_ z<<(6Fhg`N^pu6^Ky3B_n6RS4puh&h++xhv8vtuw1#^xjeo1~cP&Gn6Vi{z_QwNkrtb1H~gPPes# zO$gR8_|&8WugpZ0Xsc=Fx^&?jT@mRkJ^piAnu&1|3}&>V{$IhfIU>H*Z6%KiMJb;K z&x$oW#h%+E6OO*&B?$hTS`55!l<*_iLSJ0mOpALx7SmN!A3QDRb0=5|Kr!ai-lc&$ zu;Mc5m2+vB!mEU;zJpSAk#!B*a*VO?c+M;&z)dq2UV9#&|7K1`v92~BtI`#*r=sw# z**3YFSmTbJs4AbQIHWxP4MkQ4c&|qX;C9_IP0^;XRm#008)!YYU%RA{6^YA~g0~ zoaWMVhy^Jk`{lq!n6FrS-{~p}B^^+92BX1VND@Wy0Cfa=C`W!*UZRB4LF$BTBo5kU zmw)>^dhA=Q>+72^!z^I+OJNuS64RjdTAT8!XdaLm|itI)UXVtE3dQ_aqGB=RNG|90^@~SJH(s7%?y&YT6^>w*uc6V zIhf3y+N*m(GrSF9VP^Xi%FTbDKXL&Q*t$o=M6+-(cXe~IFtPvVM@LgzOf+_Gb}BZi ze|{7aVwJJ6bF*+^m9aB%vyiedb2PVLRkCofa$5zhUgMc~D!E)9^^$8AZbU91UYWg`OBNFK z_j>eb>GTg>fRF^-kRy;tz4^>8c8RisL*e0ndyk0a&)eN`QTvoKb&`W!KyRLw*(G?` z9`BF*CmnyE@>AV+buXQ_&MS(tJnK9avMKA6;se5ayPT8Z(pLl}I9(hwXaGXWgad_Bs0pDg*?m#nZ*nKu&kbck!`74Y%WQ{}$! z9it7$TfwL~a9qOUYmE^(gx8-t#N3cN9oeeTBDfgGsAEJ|wZy{x&eryt&Pb6A>^Be!}lqS7+ZIa zu|Gf6CLk^0-_-j*JRFeu2BMAqO4$&r@Ef#_t#{AHY&K+u>*+qcTH5FF5aS_26-!TS zVh)Y<*g^RKBW^fV-c47Z)jdM7wa%8m8444KP?|}ILjb>PEYN}xHv-@NqmoECF=?^S z#lTxV@fRfI52?9>TY=5axYMJ_kEEy6Dr5f_MdkQ!imK)9WWlPZYHDj?=Ekb&ZtC{; zcX@jgD+^X#8*@NkIr-UGCjWO zVgiu_CVNCW%|d#FA11RYg@yuc`1gEUy<(E6d@kvVuZ*_uxK&@7y$L3IEfwjF!7d%S ze%5f>e(dfu`GeOpDpVwg^8M|`!*S;nMfO#fZw_un3XTK{b?E=6zanXYTkp`@P(u?W zlob>dWJ!TAI9kGJ)Eyw~dvgq2jYUaG2?9OM&(HgnN8&NE6?mMi0(Y(IPGd62!S8ml z-&X@nbpkg@w4~+bWfKw_T3WydJwBXuQ}VkE92AiOH(;95=HQ`n2f*+DXh^4VSorz- zPi68aQ{pG~4ed{4Sgb#d(PA-6V26f>|Fh0p#cz7Y)2+_Ck`Y)ooW6>Q_4V~iCrrB4 zQrkreDSiDkN6gt;*W#C5x2V~Iz&*YKyWg1g&26)UeVfHTY7^zseAr^t_~Ej*zw({a zYVu&FK+x?#tx)dOax?)mnw7l8jX@%nGtjL&TmR8uV+-IFYF;f48|zGuA;ZpRorF@- z(%MxYAFJE5HmP;Vuk3w}4ZI`O68v4Dfb*e~`Y!@rO)S>r24*w7i`+Jik zAe0|&hqD#BHA)p%28k3xUV*>fvaqmla&pG|`i{kt^6u>JowX@4o(ODo)VzG}kOP zLn|S%!D@=e%Tp*T^M^4u{%C9-2zqT}XJ_Z)!XdK~OOll~>#!7w@n%Kppb~&e&Xw>0VXSY({=6+=BIXITe z`t&CUWE)+sRhD!J=MM*lmj!5OXy*66V_VA%M&UOR+b)ztrbM5JGB)bWWD8YtM942J zZ%;SgUVUdbb1T#Hhdtb~8n!i>-~CQj{YsQCKas(EdvTHYhKqt=Shx(hhp_M2m+wqI zH^)HBO4*+0y@|X4aAR&=LQNMGO};=T_GiOwqb~KL!(6d)o#~(!lBlRC9^`ym((ryY zZyk7Krw`;ey-$I0cYtcPka+g-@v%vNxXr`kQBAkb*l^LqAO^cVNKP)YPPpwdi_*uQ z8c>+kSJ$_DmE>j2b``?H`bPxbX|6m0DU#>?dpySaWrMX;Ik9QXY8QEeV z-J`f{W(y~?1d$OD#lH6S^_lmXCH1uT%rk12qAA5^Daq=5ee zJ@SQ)+fucm#kYLq#wq1gyixJ9GDXX&Y-arJ;x@NK4)c)&0_KmAYPs@Wi=W4IB~g)| zdBzrFkqb0xSLm3MaarTE;mw93tTo$5=cjYo(8vRO>arW4TVoWv$fzxzs_?+B=zcPz zY?B&pgzs|sTV5;ZgRs*tvGGwfe8xzBKr)jtxyhQVoh0nhZwL|`WaCYkQ{Sm0ESYw7 zmPCb?AvD#|E6~USD9cvYhO;^r9)p0uN1dIf&r1WQs)+(_2Tt34FD-gM9xYap*600k z|F|tPAO8Adivx4K^vMSd8V2jQ$p1y$TL5Lbetn~gAR!<~2uL@Gl+r2izypGGBPbx< z-3Zd1lF}e4oq|Y-s30vRB`pooaTfc(&v$0t@0>aBd^6`eGkct^z{4Haz1FYRbtl_o zge*Nb{+4+Eo!31gIV9`S4a$C4!guJ-_I`+-Vjs-TK4&A>D>>M+KjpC;l~S4c=-n%{ zGxKRi{HJ*rdK1ltUadu9T~fLxecR(L7BR=E2K$L>=YZP|`dLGgJP9wqCJeYVut~q- z3iPdYTz;DP$a0h|<@WNAOxNE&Ww^P#Lq&^g{Us8dn{M-kTBoqX0j=fVKR;a=BbD?kCBGiaESnq_z1@oVg8!0y^g#LcR{;W8{f_d(8WtY!# zR6b7W?R#P=cH-WTIZqBPou9?(QFy3_*ela>=sDMV0qTwfSe8CzwLM`{R+`v^ms`OxHoL#$$9u$Eq#{6_3qPd&LcaqaOVCN{S3k6QCm`>=d{ed!+otFe?Y9;Y+lZFC%o;g5}e3q zN3PIO=!8~mOv1ubhLbZcuyo$vk1LTZ$7*!l%HVpqi6NVub09Y~_x!*O zlC2|SRLm%4%Mtk99nIGZFQJH(b;zrA-!pkjv8Rxl9eKXtr{CW3EF&6g{6!xV!XHD+ zs$2IUm5_kIsM7j6=?(JV9f-azGF~e)Hq(VKu}J^B8=v8ltI_iXO;_IL$hd@a-$*RD zS|4h3Qj={Vx--i|z7OOQq>}XF=q&Z$T?$5=M>iQyUaxLZNaKa>EeIvS!^7k0)2Q@f z&q5@#oP|_^b-6kX4b2;0TMzzz^6sLH`-64Xlg8E>rCMCv+z!7#N4|Ud*5mAm%Y*Tf z(7ZqEG4ZKr_Q-)qZC9OhfqwDM8(IP1R*kz?&FwIZw((K^vtlkD9(C@?$#4GHKG(vG zNB&u;f3;$b4}A6qWXxXkG6gASu)t+vjr++|#D74ykfO#OgH}l!S*ZeD3#z|4$ucAHn$f zWM0(MQ+t=hqdb=v&ExjaVB}p@5w$$O8|XS#<>f05#od0(r^rY$o~kk2S_O_q``74 zW447_66#t)*Zr`CwezN?=!La^kK+9(Go7gGrk;_BQ&jW2lNZc!lWv8`U1rU#MwZV} z6i{Ps5wlf{UG#;T9~Xo@vYi$td6K}Ktsg$f?R8|A$7?&SC&Yjy7YlElq)%hV`{2G; zz<<_6#A-`_HLBO-0ML>{^!8XR7XLVNE?xjj_!1N7& z);?4eD5ObCNui>n8_j0176?tkU5LA(#MS|M>a4vHD&mTX%R%Dmr_-sQ)fG}7kqWzU zj%xm08+lNtwD{A&cVv;{(_3qSgQ_w8YN-W(Pe2&9136vaQyxa%-|q^)JOA0}S#UtW z7j!hOZ!4dD&QG+lPmxic9IUKz#qZ%Anb5$4aVaLMUOsW}CAyRC$?!v0Xp;RG2i}LS zgWZSZH}&QlMA&iuJrU{1z2zTwNoAtjs5&UxR=a-Kww}9uO<;L*+t759Kv<35?r8gk zdkm(ZpP%JusoyWP*wVTfsne0XgI;O$nTy}{5ojd^VO>kCHP(|Fr^T%~*N9l|-@mol zax!(NiI$K#zV(vLKVHf;Ul1mrA zdcvNOQ$)=jV&a0-cL$y1HQmSAhoh^ldsl$Kb#sbEk@kAr=`YtAZLx%*%l2!G&1Vc) zLvAw|1@5Qm%vRTRZn5BBfOGpFZ>@G zJX;+1{E;E@1khY$5PC%-@ z!rB6!gjJy)5OZb(;E?$A==79Bt77)o{ZH`LWPsG`wXDp{E9>LcTMe=SF|Mze|3i|F z=7Omh<&*nAxNgCxC9-L&5N4V5rutr<9|~Ej=;`S_f1aiGt4x=#hLw@==EWd9aPWO- zu>mbop?B;ur?ulTXtr)D=S|dF-iwF#q%u8C*8*^p{3Vs{Qt$8`~4iNF)>$gl4sWR0P1+jYkUHiK-K=+Jh`(&x_t!}mi+D4!I z^XJr?_kY~PlW2~L4b5$V4?ob8p$G?;%>?B>4$<BMwvEdn#?WTKo376<9o%Gl&$2Zx4WS!mZ;jRV4$vZSp6NOUQ{3BcQ$&!gQKua?o+yn@XBi&Hs>TUu~K zU6=bP5*-I}5S%9`C)3UDs%*|{!+wBdS(>=#fsQIg*2|8%f1nTUTFnCZ0`8iUd%i;%#h4|fH2ZK&Pi!Q-Rx zUhjCWBe>~16kx<45W9utbOA>x2B&doWlS!p+DD-dd0}sbTm^@A9hduLVY&%76v3hb z3np^Qgv5BQ`W)6`)&MBy`eV? zi;n(j@@Ke+AR-3sI3+!uO`W>mv0!m~l>Rc7PNp-5(7YoE=kpmT3$QFD*HU>bJ88+# zrhCJ20%C-LEzj0}nOCQbZ7$;XKG~1F`8k@3V>7-*6V+P~%DO)mr2h_QR&dq~y|^^n5KOT=W&R@*rAOgG6$xl^|$JEo_7oSmjmbH-9={? znx8>^V-+tX!#5T)*G5WCkB+9AoWHrvo&5cSP``Pb(&|J7FDx=D>ht248|Bhzd4#ep z4n;2kQ6f)3cv$apl7P;^K;|41j2EXELQ9kGzWoODlZ*4i8N25TmKxe!fH{VrVbH{N zI2nI{TF$$=J=Xz!-u-01X!DLcyl?OV#H!#H#-5Anu7iQEP~wO2NzzMz{5x+>X{&s2 z*(fFu$wxk48!oblCL0IhN9(fjEk>yhL?p9YvWkiv8l@yv*}CcL;u0Zu?a%H`$|bVa z+RaJ8>#y$d+3fG_N%EeB^IO7M_LDZ~Iy{ize0Bk{Pg{MgYdm1Hm*uiCAy5@hPfp|n zzT94hc7Z&j4c~~Sdn_Lznyius?-D}0uJio)b9in$+S_O2LcOm@?%ACaSjP_@JtB;> z9W71yg1<04<^~m7{2fy3i&iT@Fft*RbpQ|rA5km2VI@PwWT4Icgc6))oJtiJh+QZ_ z(J@XZ054(LnqD*0pU{9$b5lZcw@7)82EBS(mlr_BV?kn&7J%kr{q0E-d*r>~+?59F zfS7i94Gj%L!+CH>RaI1)FEU=3m@EzC%KV<6Uw@m$67lX5ka1;YB`)F3sL}iYxU-rD|B{1Agm0~ey0?}FT(By54BWME%DGQPCxgAhya;!-V)M@{FD(Zi` zxBsik##~~6=BNX=6yzJMCiqvro-bd<;K3U%QU&%(OhR(?7aGYRHvQ(KsYXY%UyqW^ z$11YB3|B#Ed(0PrH;)Uqu1qCAtP2}}>(3P^hY|s0Tj?a;|Vg~Kfi(u zlox{D)rs2sD11in&YKmG5uvQtS;Kp-*o8=k-UV>aO2KfZ&o7UvF6*%3&n&(Fm8`NtkTM3t%Q z+?sAFiHNC!tChg2F1L{a4bQndilWI9mR(5R>d-qn-z&k;R7y%JmKL#{`9QZWd33DF z*)mTWfmp@jvey08a343Pj}?r|sFt zo-HyMJ@N3}--?@obw4~lKR=HZ5ELZ46!X|G)bqSJb2sYS-nOIvyE-JJ4d`ACN+yXi zhSN>|(L!Z9mKSaQXcLx+$q`gyl$S+nMRx)$zbA766z)$fYH(N#d(U-1X#P2ZG{-8_ z`+#(zQn%j5LABOmMCC0W85!2MFR^saKS5kmvly?lP8;=^@5F2@Km5ZV7t{WEF#pL* z7J-yY05OOQ=&0X*2s*FLE+??4I*rdxhS1eqb?k+ur8=_#lsE9q|7vuUS=6gB!;kp* z@grnr)uizWzMzobHY*^Z5_YSw`6bv>>Ztq)R!z(>Fo$O}f(UWnm@;QqqzXtAL4Xt9fa zq8#r)EQGin=AI<>IRNUpz*E9SMRStP$aBxs91HgSO#aZ}TMEy2UrxYhrnojeR zgN^X~0JASWXZZN|UqC7HJjU!UFdN9JcwTE!4af#ldL^+6Xf64ht=7wFttDt{5qSVW z?uUnjYV;Gv#>OHgj&*X)&^p(kOg2f>gwf;1WoA+(^o~VTz5GVY!^kM@LtD`C0}3VL zW%48QJ8bB<C7(t0WsWQrIc^A5bPQl&3A?tJdG0RBqiZ845$h@Ds)4i`sjU+ zJCLY2vahq=Pt@uWbsEAhQ_TcFzM_KD=!TS+(h)4UM0-$DIHM>K%w zlhl*Hp#mpnhIEOZtk7xoWr&pYnyBT$Qd=IsnRp2=M?KO8NP@)kfhJ8VhK^10+}o2p z%SH)x4d9Ja!3|6r+z@z!d!id$1L23JAOx_C09H-J$B$v3jwN{HE-BvNvXMG`hm!K5 z%-bo<*u(Dj(vQsY$lW@dUtyUcSkB`Sfygh~@19biTfgd{OL25`EYT&6PU`j79b1@idyb8WBDbxsSFbJ^++ z1Gg^$SI%9AysFU^k0Cq8K$N+5^J~z%>4i*WMefGFwW{kF|5hCX#kXUyRQsXn#B=XI zsvt|@T;9gSWKqruIFWlg9Vh6rp4{N8B*65IK7e1^MN{0$s`RxLpUu?v-d;7yG)2`% zZ^t`dZ!SOPEvPtfb~ol5Gvn*3r1gUuLEQoJKQ}jbmUH365m{qp43zT@l_n?ip|{p_ z&?qD>fZ|E`W&0JXF+c&6$1t#Anpm5Ln_!{?Eo-DyeCQgrPY*rW^A13dP zt%^z+ucL(1{-}#KH4O{|tqGHlkJ8Gc}^e*F(TY&FWY-dRTKu`|LPb)}N7^Rwm_IKxSZYCxs2K<`GA1ZS4 z&)_qQ(%o6_kUTVr=yH(@Dg65AwK)yOrc&*2Nb%|Z>OM)W}e4^NO zoTOuC@AfQCJpY;^0kjEDk6eICO|4kXd~>StbF0s_{KVgg-XR;QSt5s{P|hFHCfLgDtZA#>exQ*{~K8HUmRn? zoBylcFb$f#mDM^Y4wOvjomUt*nq0teUnPo4%%(C{F)V-#wj6dW%8^guhQ0%PaP&ln zAzv8nE%kD5lJ8vdKY7DeIhJkz`!gt3gC+-WXkWg3nKGgIUN5x$Nh0fCs3gWMUGZU} z$mv7THb*8QAzjm{s+ZyNWq`PektHF^Ktw#@$^*=i$@}d>lY<1VlxAwwmo5N+YZE#K z0D(u?vLB%W6cj!pu6eE4&6(CrkcMD|LwSaC_*x_Q zgJ=~h9ESe<{5#w>?Rh)KO5vj!UF;=3Z+7PlS4@v4{3e?~_(uYS`7G}vKc^&%C9 zp>s!hlEsMC5Ks$}j1sd+iSBC*n-r>-jKVrGvT^}57YnYfQ)k)=d5^HkcamqU8V0~Z z;9MV&iXJZzFa(*Y!0Pe#@}kF#4DRY-hcE-y?b~;`H22rX;R|UKR$A?GP5^9;Xbimn z62)Ca34M&tbBF#S*Z=AXJoXH>7SYL1zq9*J<^RpQL4v}cJ7$= zbkbr);ax9iXKZyM+W^VnN}+T6Um|%o$T6_6+N)Rr;I3ALNhHUoceJJw2GmOGP>undnj)yi?i8O3nJ<|7LQRl3%1K$Hm8c>KoDivn>#z+ zvzaO%c`_HTT_Q|Gr~#H(w-%v|>U;y-Jl0$? zxg)Wrv))vmczU&WC1`C8i0bl{!T;fQ8hSlOi7levx&O-b#%Fs7YuLq5%aBCDqa@&- z?LlQ;7YT_TToO)kYpgcw{`XGHKPEUm8Rmz2MfeDdARBN6KPUF@@N=rf^7`QSVq#-I zvVNCG#`NI7da_QXo1a?>k*5b6uPLri0GX1v3|xee(X(G$NG z%7%lETsFK@20dt8>#3VtLswnvKYr$aEM$kRX%QonDf~E2#73et1Th_qy-Scb@va_TB~v<+PYE_djuK_(q^jBlP_^4~cg@e8cUVe!QWfAzR%8YNJ<1UJYLw zwV*sjE=G_G+>zbR`PJ~R!6NDJbu!l(&^a_H#j0MojG z5Y-(`m20}I7<&_k%(!xkK*xGURo6<_bWH@d?TOoiIDm5O6p06`O51!RxweP~eM$?J z_kQeq7v{JI*((oq_wV08dsra{It-?56AzR8Rp@IpqT1&y*7S>|FiLf^zffCh9|}|h z@m*`CJ>TxQO*~nU*%H*l^j$0N>pT&{Vb!OM{i^vWB3Q+nX=OB`iOiwY5KsQO-;`cd zR1`O~=bZ<|UfU{oq96(6D#_8>gO}N00Yd-lDG=(a{`lAZ|JgM4%$$SVRRPZHLw{@$ zk9{TLe{9M>Yog$}U;Rb^?Cl*Ll?|X$EZ6;WhVBU^hf{>mK6upg&~6cHS@|w^)_AER zQu%BtBN*fol*$q2SN4X=l}Ye60Nh(hb;T*%4T1QNs-e~|tVF&$t!KMWo(TZxk8=P5 zRDKBU`z4cmX9)ghjqDj?P4q6-T<{x5PSK!c75wX#vJRrZ3J!bpq8&ASBhY#yU9Zv* zE#v3z*&xdxJREFw)`~-t_f-+l)YPFny?{(nA1JVi6xPW+mKw_Uz$PEmS5XSvU+5ta zcoFcW@F!uVaJF!PP|I#=e01~=aMcs=5B;A@p%A~N6<87B*CC#?neGfFsI^5FEoLVE(Ong}=dQr3bAwU8V8$1@`Lkj0(`|BL1qkcsPeYP&@wn)4=)omYu0? zR0~MJZ1|0{lpwq4)|hcQF3JDK^4^&bM77cS3GEmj14)vo+6bF~KbBnUbOM_#g@w#T zO%97+0jhz@V)pILgGC-qWWc7ny6uM52d7r?b>hj>Gid8P?DkWXNkRV}vtLK>?QgH; zF|e`qfNQN6gc(DNpD1UnwdEB&I-rU+V$;g^ng5T)`8Vueixa=(qPM*GI3iSK0US@mLm!B!+?|0W*01YyLdjI*e$Di`7g;4O!GdJ-}DIP`8IX78p*V9{bFf#YfNG&QEH;$A{nL zVErvbLZ_14^YyC^IEf(C05*nL%=S(<6$FmhxVd*hIk!o2KRdDyk8Cga$Ak!aE8xhO zS!^~|LGyJBSh{H9CC$#-$bHhNfB@8&Ug$nl+6U9rcKYRveol|NFzHy z!}#NFj^~)m1q*W#l)}lqT`@O#qMi>%Qqy!-5ys!YUuWA67Y+b^n`O!ra>d2ngI<)% zYkl&VRmH|;6G{XD0f7kHG7yV@lcij%(6!;Xy+GX$RzJJTsZMVjiSNE89ud^jpa0}; zz~1NK{e7qUC+sz03lB`bC;NRkg`nB3CYmk2f-tFzG;r(@j5mfm{sgMVhCEb?4WZ@b z)nJr#aH#rui;wlrlD?PM83YsL5A_KFnS%Z`^}&@RH7PZ9jhe~p6z~M?wy?|kSc~W3 z`b$Y?*y8N72yN@$#*gaS4CXsnin6k8BB0QWyLU;Ggow69CJWZ+g9ndZ+u7L(Qq*M6 z6L!6ZS9Kz8+tfeOzc|i*y3SLT!5p`jINj=Npv%IN{+#HWak7Y~OGXO#8WHKgKDhER zzR1cakNCiCL4?^f03ZUcQ5aaR?|?ge?$`mq4?0ghcv2I;{(k!O36gJr9Dt(%Wy^rO zqB0&v$g&IX86YbGnZgo0nMG4+>7bFQy`_d)AT)z@qtlPCX#^Xuj8)S4Kpyhfm?jWM z^Z&#)ht;7J02ZzqI^^eYF>!EenegHMl`7{3eGT=yfVHPU)Z-K}RpJEZ z5twkQ0{6jgp`cLcF73av&c4)~ZPd?@f55Z3uL2<@fL~B%CL0}1zaId4BzmB;f4Tnl z(157>@bdB&+nACSzOqys`0D(z&uB(z{ClinVQ576mD}#D z`%~C>`LeP27|eK53Pks8PQTpBf3_p+`$f{k#I>)luX!mwW&B>=&mz@jpnH0hwZTC_ zgACvakqbD`KSFm15UZ}L8eW67;71ec#KBPx3IZfg$SA6S^}wb1spbt#YIpJ5?^P5O z6uBgJYeX!$w(bWP>#0br4qfoAyW9E9nO)z#1h zz+sls=xI(n^N6w6OJu@scJPVXm5|La-~D)PJv$C`;-O_+Qf^f32AX$MaL*w#m*?g- zfL8+v^QI11D8rVk*Wq>wSdCSH>F&HfhQDl&kF5JPhbw4>3E{3`jW=i`nA$TJ zEOa#K-?37N`3Nu0zs+&QA$x?eh40&!#-~WwBhq#jl7z5*2eqEjbWl%&eqUSh=-@?#F_J{M{iO z5WZr7hwi;>Fo#r>l7s|GepV4pG;$Rxgoz1bQbbso1noY#Ptnr#7bI$nZ~@aln)H%Y zY5#8Tf^t1}J_bJ7Zf7u);meBm$kF>-O`gf}a6M z*fI6tWm72FP&H9m zF#0J)JdDjAP9X?ahKu5->Gd-VIj78S`pvv_K% ze?Gajt~tE_7M6EH#7ao_{jE^aMQ5#AZF#w^lT(ck&plX`*U@IJlEpAIts8>P-Xn?2 zytndb%OIcKu|xY%Oa~tKzl@|dbnPjRiOKKD@EIe$)HG@6=x%VMB`HSsnVIAAcCRFJ zzr<=(OhqT>vq}Hh1dpEQ*iY+6KX83V`h`1(pR&Yt$qmFSkWE#nw246TJ2{xNUG)ZT z9sZgwiAa_T6(7W>!y{WlM@Td44;QQCV+kgjqzMTN1Mu`bc;t)veqwvL29~UD3A>j- zK9Yb@ew*`rF!Id+Ufgz0%CR3imMo;?7FL3=n?-M*>IkA&TzML+AS@>NJ#yE2we`Fz z1zExedebbS&Jgdqz!t^&McP)ac2UAfMeciAPirc2hyeCCS52*7+|#&zI4N1bg7uS` zm9-dfrIR(3>ETbtP-l_YI5<3f)6Hw-u9pvV{v^=iPzVlBISAgn*&4{eRZfU`N9O(> zo`_sFMGYi5>{Gz5RDLEIgnc~9^`7NU8DUYlFxlR&Wb92`@{okbuWxFXtJ#@e?Omy> z(>yA7gOi_M%OE)k1)C_eu4z9;$e6$2YP1issbo$W85uCmknmLZA>5OPe4>0|#=msl z5t;+bS$gxkkNK5M-4Wp^5oSLl{{|6!B+=!;-kz%Mt)gs642TnJ*sLV*_v;m~?-p)5 zy{Qk|2kp}H%yr|*B8W&iNGkG2mC`aYLzy-G_;`3(9E}hK^JrZQLw9BENL&L-A;tVf z1VV;%H>#?uSNAbYOy#l_79gLMOf}RSNvmBy%7U2q;94H+eft@abs~7xo@0E14@3i1 z!vgHaI()va!1w~#Q za{ZYd0ImHHN%unjf2e*2SN#<}Otlb+3J+Go!t`INSD`IJ2Dv z;c>a8$lKM`HBzcgFkS958UCgm;>e{LU4|ExM!T;f^vP$@Vq41uOpd2Nrbw7p?&`%t z^5|(=1gHzOT184L&kJ6)ayhT5_5M@`H`ghHm?P>PiM*YYO)Jz;5`%;zKuwT5d9lW) zOwVcb8CySBy8CJvGQT94W-g+QvUYNh*&ywBjVem_dbHHV;ON`b{)!k(Pk z=b(g99%RKut8oPx1xH!<1zfe*2-n)N{FvcHnV0lohwLp9DtKQcmsJKx&~+ zDOW>GbR1$&&S{@m?A7v7PzL!ASqPIh)0e0Ckp+XLrEF?nm!}c2Q&BIR=k>mhx2uJX9u7I1z4x8tzw3L$;l*ge0nm_FB5~$Ij2AQ-LNNG zGLs9=E9AR<>sId55rAjPxzcT0v;zLJ5ObS1jKNqKqL0R@ zfarqE7R(;N01pGs3;t^)s~}Pf!F10{0WzWeh~ZaI0-)nBm}Yuw6sxh^KIINysvd1t zrnW(=4QsDu@&Cd^Mf?zxO@Kkg5YKNSYn&RG&(Mmy&s_#KHS~SF(hfk zFvc5QZ1`CRyAw}~?p1J3fCPxs`|86Tcw&fyoGR`oeru_Nbq+z3 zRNW`f%_Qp^jiY92Tk6qUp(wsnXFK@$8%g=uRVN$3;Ky;2Z zzg^u=BO}nDz_NMkTT94Jl}5_|);j`$LnYb_Q6xYzx3ICTel`7tggFQo2jG!NaLHD* z!xh&0{uJb)_gLzyTg2^AQ8fJgpTs~8Lna1 zHcOG9b}{QW^QQp)ENyPu0FuGOk}O+93}_la-jX`Prb{LV33ur#kR$C60ZF>B{p{Jk zFjSB`np;|4OoIIB;9fHHPEj$LGyCaV!G0=*QGj@$3W4u>CAu$F5!WvoDdkZJxm2t_ zXP1nqgQf_anf5+-H=sPqi zJ^c(kjX!rqea?>HO2Y~Fo3@Ee0y%@=)|`I$oP0(ecB$b6J2*qv3 z;J(q((mt{@OJr3)f!x&J#gTVcDRA(m+>3D3<=+ba1>~ubifcp~s2r|Sl$7)nYEq*- z@GNF;C@`ttAd`g9HnWy_Pz{-yT85UE7U0A0>rvw+?Ck6+FL%dHGtI+ZU<0-|Jw7h# z+P*n(5mcKi3spZ#Y=`iqz|nXQY=j#(ZX91U7=xKvObW-xZi1THw;ja#w8gB~8!qFB zDTF@Spfc}AYI71=BThgxa~DrhbSHz9>JOEI>ty*eigUQ3u{o<_!-o)*xeD>LG6gjY zCKWw<35lbV33x@vKHPssh18X5h=pfWV$GA{;XOYh%mNpEn;kpT5NIu6(jfx?H3{Tt zn;;^R>;~}^-{9m63pgeDNa1#O&3pR*C;YMeu%R0dv{#--ZV)*ayaK(aup!{s1da#D8@VyhPnzZLQbpI0)EGtg`n#ucC6pMh!_6X+gAad ztuai|WOI^yOXIcnpTzz<`!u8n|1v1E1 z{p6L@(aj@{&g;0JK&92bW*<5c&S}0IfqjXka6OZJ2ZP=C66fOeoNAV&VI4%ySw7$O ziUvhMMXB8=D zUprDd#S1z)TFwVIT{jvllJ+{{_agNe4f8Ch_yfB!V1!saK|2L`Wg#AKs<5|wJ=&%$BxZ$Cp z<1L=9W@gN~M3j^^7dd;OIc3O|u;FGr;_xJZgpOMh%z2-OR~7)2=diiet+itq__ujp zUU)wZo@p;{04s0J|Mp~1RCnlF01uddBdmW*{hN+Gfy6(Jj*MJ%I@(UaupW?)#X#cw zsjzpdUJ|YphKLAIWHV@HOX~+wr{~3COv#7Ag~$SUXF-n=3u4L5mz6^(<~f9gW+2|s zJ#1iq6mnrlcRFIRk&I7Wof@|kCMBW-b1J#v7vfi}Ma}kQRg`fdlD*k%gfr6UN*k2x zUSBO7*iD4H%zMVGL5ncu&a3*0q7dmFN1@c-bdj8NoWgq%Dd0OSGE|1 zTF-nQuP8bvwaE%j)d(Bo9#W=1TbsdVxDfwk+x1x~eH9o^sJ!5UTv8Sl?iu09acs$} zz?)?S{ctf^G2#6+)z5%RSHg2=!R{xe%1-I0GV5mdjY`Pndo1aCN#Q^|r87oJ)sN)+ zcTVKx+|yH-zNl-7?O(q zodaRU4HftG604c$4-PvX11C-YTGgnkE?XwbMV#HaJQE`5dkc)aHVpl5=f}1eke+1si?b;MXTIv!+ZZrna$`ua_wtkV=pfg zQBUn%>%rdsC*!Plqr4U}V3B}|{Ci2^>C-v~%q@ad8LR<7xU8T4MDiZ0<~20%%dvo+ zJC`0cAcuxW>EH*$ScZV90cdKDTyuP6sLwuIMZ5Y;YSQ=a(D33p1Z|A;_E2oOJp1qB z<3DbM3czd2;Jp#mXPSCHPL)?EANjt;OgXPzg!wQX3eBr1cYjt2<3V5G(>bGWpvHJbK#qtboDw654hiddZ zu^?IBUVOu0pr4tRks%5q5AOUmY{?TS^85@C3R=*1C_(}Xs<44wITj|ui4m-92$UJG zJ)C;GsFJGLU@D)ic91|%Bqw6FK zi zS&eG&x};Z6B%Ojx8n$x~u~^D**#%M+UlLYtH9rE+61>5cF(`@ct*d1_^_S#4*N}K; z`hqk)GC%REg#Bin!kNMPTP zt7)@#7Av;HaX#wJn>L^jC9><(e3_g~>vhaSW`XDp`WXa}s6KOK4!3)|?YIE&1ZWDF zj#8RoDQjV20XB*_us!}jX}oi+=!7jV4`G*w6oyjCVh#&m$Y;W3hqP<7_pEWZqOQ9g zaVFk&CQ1Fzb=N~wjsHO7G3(DtW+_FkjP&1^>DnHww;IoBY`w=C*L$IU_fTB~6j1fs zj;X?dy`%{4v-ZFVh3dvnhiYx8FFr;M*O(7Mvh@!~z(wKdsS>@+?f0Y^&_dbd$advo zpI6T%@wf@4KBVFG%xtSJ>~c5@>m0xPAWUr~%(&Y3bJX=o$Uyequ6;2rWvg9f9BOjO z$IDv>WM!@XDrt2K6O-#~YEp!#$3*O&Fl@h}Z;`e9_wcY=%If@|tEi==6^KPNO#E3s z^4ni@A3U@Ys);NuKvP^C3rElHNy|aXTVSnC?Bmh=tzJ(7?~_N(JiTM3y7iktkN(cw z>QI#sf452k5ApJiHNb~eq__f;5y2aS`Qf=g_U7VCGE>wbRwVN<-D4mJxtWE;4)TRS z5Gs?XC}l_I*{vy9sF{M!SQ!tehtbb($ibL^-4YjFnwLtfrnm(dLbqmK`*d|R8|4Ph zwHdzonHj^kdXQ;xgTsZn>xYPW7u&42PiD5eAVg9##;!$oY_b#a9=_Eu%h)~e*?h6l1p}|jf+cE!Yu+N3z z#{{U4r4o;}B(p0BSsp$l7z*xc4+?t(GstrLySp9`^14VqZli|P%107}D+RdzTwGia9}YDyK%@dgLp)-@UVP@z zSgssB07J0XO2(J3WxI8xIBg|TRN{(bt-fO4RjaWOv89KVr-xfq{C3yMh3M!y^2UJ1 zT+`d-qd4g4P>TEduYwHlJOw_vn#|$l9UV~OUT?9Wy@^6u1_{mt zm1egcu=_0J86bjw222K~C;a8!u&P7Yn(#&|5Uqq=7!ZJstu01KqQN<0)_hN{NkLBT z1>*woPk`?|e=z>a*OAmr2krm_w|jd1xq-+9*a=j1dOU1L%BAz!W-Kwn7jxK#^UF~r zhG8DnM;xWs8Dclhn})boL#(CsG)xvv@h@`zir!Sejg7q!=f-n|olUe9DuK7=)I)XRYt z33~2hZ?#(`ZYP+emjTt$LfcsefnNZYU}$exQ=vuVIQPxb1oNDcZ#P#v)@CV{tr4taE7Cw$Z!6dYW_(>^d?3bE*`$dlhE z$YzdYY$ecUOSUU&0sC6Bi4l{N|e)R>Bk`0L0U+9BN&W|`g*kT=3nt&=`yZl}9ZYQKaZ>Pg(8=vT|f!!zSRBb#4Z} z&y0_YO^g3j#_pZqJ@_ISYE^+r5l)V@u@~kiW+jd`x49`8&ZzAj==+Cb1u#vmvp>qM z4h!J==7{HoTxs;c)Vn3`XoW4N!~Qe&`_;XbB>WV+4*W3Z&E@Vl4i<{TJVMmG1piOH zIg4o00~++-wTE}Nbw)-sedv-km;=4B<=IoyV5gXfDtNTyS*CQspT%)~@*pB4sH*>v z-ySskgb*D{F`v>#v8kKqN>z(_$W$84to+m{^sy(y82-H<<-dAQvmj1R{*?1*aW`{=Rw_4E59{cuyipR6qsE|b;G_q4HWGLUuFq$@?jgS~prai;zez0@N z!ijLGi=K<+p>P8&BVh#OeAbBPnOoN~@tjj^dx+=}`msQ$b61T*5_pUtDU_XzMy;VX zU2zLPB%(ps^Ce9E6%cj?dEBB&Jjph$uJ~Ed_#^A_Yv%BuYXS-PVaQ{SQV&*I(JOFk zmIjxj$aumWpqiAlO0~Wo0+#Nvq&aXBD*4?lK=o1%WzK=Rv_Cb19Gl3wuu!E(L2?SHsrpKrK zlLJ+-4-M^fuP#;~EjYv~S5*n;Uhq%(bQSuJzmt$aQQZVpu1xEjr-(-xHFO^tH2!I) zY|^*t^ltb|8eE$NNSKl^w6-7i z;3Cqs4ef}CF14ClfqzmLPDPRhTFA&u-;IRR<2sEgg)=MYIe{of!;=oKYQqN;nN_f<$bN8*dpH3^ zsFZSU_432ejNAg^nF;s@3Hhvdz7e93_e!VTRF55NC+`tM7(Tw359eSb%WeOS(ra^$ z>f^J`#jGMNee754EUB(Mu9g~c6r9-{=@wD<$L0-!U$YQ-?NbHb(eL{7J0L+K(`A{~|8|5>Zy_Gm{7ocrwb-1pNWtWrT zKD^Xz?Y*v?Z#lqr;{Dx!!AOZdjhhCB4R2g_VGI(&P$8Bp0@W#*J1#zcCzbQJ@8K_3 zP&<_l;dL?(cwgR>sVC*JAe@((a)*hAqxfIdXG&MpxsC~93^!7qs?E<7rbdTCVjv5` z8IaJ5ijMAnewF`zXIVG*UF^4EFsitJ7ORuQop=<6H!P|*r;|KFt9!3Dn;XRu=KlVg zA>=+to{h~*0rW!msF|6;GRBH-gjNjXe6|>ZQ0zS){9ptRb}k@g^E)S=3fAPWvbT%U)U=t)nl>6 zP*_cD9pyW(dXE=^k!f?cozhXx3|~M^Vo( z4;YmN5I17q>z~I>I?rL=&K;&@-x14F!bJwC3xxD>CB<8s08^AF{kUFvGZf;jk<~Y1 zxx5TjaI>4EAPn^X1_XqwD_TDnL?i_TX%qpam2Qv_ zP)Y%%TR=Lc8kM7nGCm-~L#JTvdCHP1Wq&deY4{MK)AFF?*Y z-*Y}^?|ohS+SdmR3Oc;}zyM4JhSvwurGT)SsrRf;tF^~ZO-u7EwS~BRR-}My4rq2qP>dT4;Z07F4&l|yaF{4@_mq)iwsI9BIkz;6#`tk(kBf;LrGEta$(+DrZ;M2vo0(RvC%E0feOL98sHCfdKR<00O0)scS1c_ zHyxim=`lp7!(Cr>yb42dBixY!gk+&Q3yDfvM&_CM=diH3uh$+zHw@u1;qmBIf} zyC1lloI?8&UaQ3nR>gieA=K`smdJ&hKnG?+C$ie+@8)L6az{Us2rhQ}Cweu-bfBCF z8j%p5o4nhgXn`(E8W#l#k|1=BQ$=d^+wmSofY6TtA=sO705g%cwV8V1^J6g3neT;b zQY%h)Av&DU@X-$NF1&c~1RU2#Zh9dWmQ5|Vqk@*uojJq^L=cPT-vJu<`S|pux+p70 z5#B`+VQn&aRgx_UPdGKq6`-5+&$n>bX{n>Ee+R;b+Na-?R;@ol?fd<))HFT1W8Zm z=!YtbDnMqlhzzF0^878N*bMc`S5*&?%|G;nNqcGCXSuKI>n_Zfp~PZvdoCx(!}9{y zN7GB>9Oly-M7+rED~bphY>Nhdw1Y+0y_Lmu1aqV7SS+vW$kc!gP7$7CeAO43knojg z9gG$5?qls4nVLRSdjF*NBbd-+p8=Al_a!s|GVEjrVcw`({J;i$WQ?Tme?msJEfT>M z!qbdOJB%X4^uW5Qec->6{u_*r-q-;W_noAxOK5_q9;5(+36u(3s=P}8Q3;ibf%|wA zC3ZJQApc{%3PC_E#p1uaVH}vRAs{3~EzU558TVE*120Nd zx9_~LFa?UQCkeXJqsoiDj&5pg)%a=*;fDOu(!M{nG&wn0oF7;2)iVfx9QB9} zH@$fRx5XX0k_Y4F+>Lo{_q=Q~dR-7KL3cd#76Or-N+Tl)0()sN8cqem(+-IUFyADD zEe)q}Xq>D!Pix~a_HQbj)9n=SPXLPv675saokIzr|1*}YUPD!t#P@yfQPBg^0!47~ zg2BcvF*VH52%yYBVjKD1+i1HAMa0Pptlw@cKx+#Pn`E|xthQGw4AJZfa#0tN4>?3q zuLBC8gf{W0HJG*-6hq_(jl$qU%J?d^3GnV7G3Y%L6%CHI=KMZ*y`6xUTr-$`%XElQ znOevuhaDJLeJ+!MrdKZ{e0+Rfa+=DEZ9I6DU;Bnzvpzsevu8SI>{BRI}S&CLO}gJ1BKG6J_|pIGHMf@-}qv>9wjkr_dMY zG{F)q^y~r7DZ-;>Pl)6ZVkGSLm*dk@95P;3V4s*tGd=+2vBZ&om4Po zmdiY<2t5+#N1yjW+Y>N_0Q7F5Mn!Nviggpv%82n~JW{mlWR~H&&XPnozTBAhvwdo6 zYFh7c?qrr^o~QMlTYz4lR6F%=+5InRGz<;By>g!Bcnp#%OrVHr@NRs?Ss{aq;KjgPS*smvyzL_C4a;8 z3RPKfBA3ENN%?{M3=id}`+xtn4I%PL6V8R)`9Gn8_)i?kJwfk}fVMkWFt)Jo)e>SU^AklBd>~ABI<`(N`d`8rcALsFvur z!#~EFcyaw{m<@HZw&u0H4-n!I6OqSSfuR-f%0e-~%gp>2CWP&dY11X)wb3*;0(?2+ zey9b{z{|_4BZ}#HwIXnWFmfzVDjo!IUiL?4c6yVNBz@3!4c zOwnYaG<&aKfd1p&&+Y${(!z?I>Z86FefUfI1?@;1Me28avV;_%7}@+{0f=|G{}IxU`i4Ol9e!Qc(g~*dwTXBFs+zszB<>SY04|7 zI3Rq1TH-5=&}o!}iU~**Xd)1EEp)|x1MUH=!&oDq(o3U0QG?pV3}mWpNhvDA=X-+? z|GsvlJ%<&No($3#h=lHtPdjQn&Z`kN7&i#<@+HK@gZS1_Ctk9sa)Su*(p8@1#~eU)_a1%g1m2i?a1YwJRy>~pOKFKTx1D`%M2_@45Zh~-~X5H0LPK#dzVS)6}H?+gh&DT49^tw)fdgXJ9 zthqz!;LlHv8d4So{$|)c8*+c`c8KKVPXRR9Oa@Bl*>`UI6zro8LHJ$k@A&Bfb3k2HM7wP7(nW$fL0U|4 zMr4n%{ltegabJWiDgPlrsSv`;2w=@PXs%%ouc>!J?b6Ke_6tkM zLpMR@rfj-ps=Ja>?XP-Ird=%~JzYoGE6w-b_}mu~a^aP>`Isj1LXtLyVBUkow*sPE7h?p?nC+9=DXp|L8v@>+Im8h_%jQF>2TmKnj z%hS^)#r*q0=FzMv{QxlP+&Vvyvag)aZn!A6b|!tCKOAqQzJR-czc?I za&Nzii%7Wk@z2F#ys0?x!Xe6)VvBS8V?Zx;UmL^@!_uI+`yc@{3SKx!YMt)oki^NP zA^Fk)Y>V=>B*ko`fHK;cpONtoXn#!E3WHD#S@S8xvR~H=RoNojP0ogfY34}S*>Qeq zFfCFXn_X!T84&6UMMpyu4aXE#Z7bc12o_+LyDTp3?}eITFi!6gn5J}gR(MSKnR1fYgabp`1vbYv6k*tJLk zpgD#llr=Bhg-0^|mZtp?RjhUk%qMYJze*AHg^udY=p}I909c+GR4OKJlR*ws#jGzX zv5nIhs348Kh$yH`0B6cUoSVm3k3VcB2MhF&1js&k2NKk9ly%v=2}O4bzoe=1SAeGp z=f$V7r`&9Ck+iHP1Jp9YQWY+!hJnbey08>vRRR=2Q>I>ixTlvsHl{jElE2kY5`eUc zA#~r`|NXSP4)tDa@Wq^Wz?6>;Kc;ffg0!FqV8xBbuW8t-9~r2?a>Wa|5xQ^z(p#?! zyV(R*pGuIU2iXBi?@%OhAY(_N|J>+TbZL6R6%N_*6`rd5s8V7sCc=7cQ0_grD!zFA z6YUf7+}xb#gP^IsJV9exK5PUUNU2Er|qys$doAuq2y(`$R_aK@3fk#Miu3@CxG%#%0(~qu?kM5^TIrgy^wx{?s1f5 zW-L2igA_YDe}1DwA$L>TOI)h^+*Qeb(E0_L_pQgTfKOl|dm%6A`ChrNo%bVYk2nt4 z^#R=5&!g|S3)9DU$OvcFIJvG>&!e=WS;mlEG*09IUz52|>sxGgl8A4Ob*uUwKE9aE zIOjlM*gF`+5sjgexW)LstCWN)u7!Ie{Z$AmRX&(D4l1<5b5nZFHVe!ebQ{78iIG88 zNxkc+nome|pNv-c8{ka6XMM`vXg6PQOdzqLk*PO2Y2~21*P+-%)R(-kABAyS>rpLu zF6!Lhf#W$UoWr`;BJuA0wRxkE5RB~SP2>XcSDH9i50A}D+1se7zVG{5v?h2&y!~Xn z8-5QyOey<&n6ig<8wVpJc9c@RhkNxkj7O|)F$_WO03=xxKrRdhGKg`Tt>2R1t&BUk zbHOnHbs>X=Y&?5HDHO(E@)jPqM@PHqP={iZve1%gApJgpiYt2)4=kjgOsazATcz&` zCMshLZex}<_wXOibL1Ao>bU)(THKR}j@v0e6hnu-%g84sQp}zzq8!VYo11>?e zn_i;dp$Y{}ZPDAy7o;X2%HAU|Psq6#YbHj%P9=h=8w3q*@I2fCMi2Wm^G0PWt8HVB zB~a~i>({TXgk;WOuv7E7XAicZK;@tS>Y`t9nEp$MJrcMd-aSRkIuo-nYrp5q9;F=& z3lnf*e+zln?gj%=L@ZdHB-C!d4?}uecUD%|?PvidFfK(LCb%Z#Si{=m?%W0iMs`HD zFxZbQAlYyTn(eM=G8HJ9N&o7o>i8+xc=14}5^b?z7vZ@SM;owOE75fE)CCLxl{s44 z7T$HhnE#(&WmrFN4>3dx1>D1rpM{QK{>7GWYu6Zb&h;*(#b=?L0l*9~ZSUZ~b-BdB z`T-`lCo8OykM8uN6)C(pf?A7}PC0toJzE)xjTj9B&345}ho?zY2UP}VCNU2^POKeh zWq$_-H55Ni`wIvT^a<(sJZST88rI#ZTb9wQ9l^wrZ!pV_?mjQ?5!K&Yj{uZPVuE{F-@nIs1WvD6O|X+tTm#URm_l_=u974c1w2B4TBndW}_fH+x|M&lM3C#5dKpO#cKf6)}Vd_ zobBI;UlII*=23_8O@?WX)t!_6q0Hx$= zN9LCR*7jiJab%6^<=@s#xuu`rN@gq~m&m`E?q>KV9bp;|dZrW6M>*>=&Z;6DQe7e*`Aw~n{sCv_VNN#>4 zzH`S^T@2g>J*Uq0!0itk?Fgv$O$En=dY`UF$uIZT0y-pvy8NIQ0GpVF%&cyGiUh}Y z>CSUN=>|`6IIhQpxgl}jHS!!uNrT8LYZ36{*F0jdditPp@OR1;jM3>9Z%f@1bg=^( z5#xBfAg|o~-CUY_WgxeK&>bp1QYyxC0OH``QVssMaEQdwpwA6H6NOfwL*y^AnBea7 zzi+qy5q<;4ew)Cbr6wN)Ehu06s(iy;96zQM3Z&Fm`_F_)G3Q0cJfJp)mzCFZ9jc_5 zw>4%8|ME&dG$0<)vk1GZ%wDeX>95_zz(FTs#P&d&}E_!y%>#0o6S{1`7rt z97qtuWzWK4P9mEH%mHqPoE&blV0nUV6$Zj6!|r-o<|w?4#!k}0`2+heQ{Z9!rU3Sa zbz>JYE^AW*l{_oE}6 zkPsT($M5vu*@m_rfhxH>hOMzww(&dU7w~|y3#&}ls z0sv8kDbMU{s4t=mfy&cH_q_>8BXL|*F$ zw9*ANK#Y^*s2@jTdP=SW!P4p`x=ajnaOZ7xtlTBg7YjG}(hO9@X!a{_WqshW{2GeN z`ubkF+?X;0E&*KrKsT|4uROaQ5(XmvkDgDQb#5sKDFWyvI09A8eH20h+3S_ae&RCm zOV0qicu4>=yT|XU-71MRho48lAdj-B+Ygn2a+VP6{WVJtCtH&h`7!C2)4(C`vZ zpJL#v0+iMyFO_-&sRa?YWQ;J}Wr@10K!=?Ri9E)Z^F#82YHrYi=Cwa6 zra*|{dLafJLsC+DkI;vy=wTlM0MbP_GQFa3Hhy8>cy|c~`}PBCKYlz>oQA0uJR0ej zx_jeamWPJnE~e-MSkrkrR#bHRU#!wb0E6lkCA)QDyUg2<`PuW?3!_&uhTrkBNNhE?u z?jt|>Nr_CB6&hK7S{8sd-$@~9BRXM>xj_`SI10Mz9r&RR`^dpXBnEV8>EnUm}TP;PKe(bR!a?yslNSKTVrZx3g8eW~)ZYfJ)raZYdUwxO8hkLkF-^0}Wm z^mSh0n*9(#z9$kfr}aJm+WPalYoU;C$NYaPwugX?M$O4zpa-`xTq8pJ9)ifPCG%M_ zDdvez9Faq_B%D2 z^_%!`-`8W=EG36kMaoCll1XqnchijO$Lac=08$!ES3ddVzHOHmP|2qmH(momi)4nh7L;e4Z7`X{-2%lw9Arl~az7PSv@U@Dz&G_HvzV8~M z@}vs+Pg3ez7-77x2J_W2wn7|u$j*Z|wAk<nc8 zpjc#v6~I~w9+hPRw4@=k1sLtXt>m~pecA+7_6vsoq3c^lr{ zFG*!p@<<^SpBr=#Z_j~{7q9!mRBU`Uj`%bY!GdjIk1xJAdh+W|M6=?l}A07?M&8 zgHj?_4rYzm$ThIg$F8T5n^!k!-9EvcAs^6=a)f9#C2+|arn8qy1} zr2!a-+voisb!?he*P;WkGpLXoNXK=*#5y`fhlek~TKUEzE^-cy>|qJJ)<)c^tjAQ~ zz>eMo44kYJfj$EiLnWKv-bJukUg7T+1pdZ?D628p%j4TbA^w0e_{*K9uqgFq;A#q1 zZ?8jIAG*_qSBA5TSgVE^FfbV;u|Fk?6niQ_4H_)M0xuNq-e&IZq;VYOIV zzMwM&ad9bqj7Hfiq?cKfmoG!lJ|+jDP->6tIgQkjG(LhN*L#s1+|%bc@}MRjoYFGR zY^xN-S*5&QTt8QW{uNBbf7$#-w(1v5fSf}5_Z*BUv?UShz*T3Qu=ed0eT;jQhZCOS zunPkd-!On^F89C^*w&P*Bb+91*pVg^-aMywaY-B?5vz0)+krK?U_iPvT|j~uwFaoo zJ}Hx7rT^sKf&D=9b^3Q?4evxDY0EI0{`;x69&(*GlqU!y?Ddrs$VjeJ-4<+!<$U44 z`UO%y0zqOFbMB;E?+Cif!<=`EK1MU-k+^6ZQeIe#A*k1Mtvk0t8Ty$tW^r^BY@06ho@&oW-s+)RJl;LHOj!5?V)rwv) z4*PIB0BaiMYp_Ytb?$dJ`c+g==rM=HZrK*qBX*=DXp84z(OgHg)<)IhB|@$(hA`ip z`GE|>7jb_j#y$U9+@O22w=xs1vl&(2;yXvx^zu^r-6L`23~%wKtV)!pG=3zlxjjQe zimdg#4j+Dk|H=`7OYYad_!W^(Ka1+_=wra}v&ay36$6!^=Y^)5bfy%8NPIv;z@kmaAYWvT8}(%_6L7aPapD?_u94YP_7!Ow&q4yN^{@$iM|1x^q6dQ^ zSfh>S-2h^2Oj9(LUuz^-u7afm?r%MsM+y7p;GG3a=3dU)C#2Y?>uv{c*~LRVyaGrM zPNJD7k-z#cj+I;74H{arsk{j_z3(WPZ9n*H;OzSdl@&Fcgai6&mV<<^-X~)1`i(1G z*5ng@X&EE#L$UsflUSOIa7S3d_6vzSw&fN-K}LI45%yChxtawVZT>lW;%Ai{`Q|*M zHUPh*H+--cDDzpx92~Lqvrz~F0TdG_zT?pKi-a><9}qAZ#Fh=zW=t(HybAp z=l>)7e6#WLaPV^d?>72Q445HOxNN-))Ceit5-6u8_^d1)PED{ez|64mG>ltA@|ARk zaSHW@e1Dx;J=W)}Qh!bI(-VPut5Ke1o~1amzp+(@1-3ITp4yu#g@0ph6Zv)%`8tiF zI4(~q{^xH#_n+K0{C{-Ao0kOV+ozWv=NI+D?)x*F!k6>$?w;uf$ViC)jXezt7{g~{ z&{MiN>Ml1Zp&LJ>fT6dOxvSqIZHbt7nix-d9QS(GA20M$x|v_n|MQ#5Que|FGhXjGdI%^~<`FS3jf=^G__^$POQ-s6XF~m)mG1 z{pa5z>ls~4Z? z>Ic&7CXcB`TFSpmKb^UlaB%wPr80TJXn8)diAY8>croNx79)(UVZn3am+y_pv^_` zpA+f*M4Wjf?Z(wFak0v$lpd6jD_wo}PPORjl-d7v%Kz_gtbMWPc|fo5NskNL)x-JH zr2Ef9CiFh|Ws6l^M(*KQOJ4S{w7Ot&N_48jLSyFOWxZ@KOH9ed(>bdVEX=DvYo@qb z3_;5W8R+PTWRC95Bc_8T))V_$Ew?;RXO}Kjh5uO?UwGdjj<504ZKDcxxX`>H^N*jI zy70)xVnA!Ky=Sh+erZW)$v3SEA>^<8z=MA z5GJdQJj<10OBT=K`DMy_y!nw_UE%ZLh;!O!V+DgHm`ryMPE8LB$MNWl#&20%93-l! z+*;x1@729J6z{!%4|QZb+W*_zRCD-uH(RIZ`PNZSGKJ^cufMYS@Rfb13OY+L=aby% zG=BRqPS{?b&epDrT~OQ2C33#?7;!~ER^K6B&>hkrCTY>xI48y*WtVA?r<5{WfP>>oE8A8Q+bU9Qe)YMe5N~p7&9lwHvezRu z)fpsFA2#pCGJT5S;^G>|Bm1?pu~GJ2+ROEhAerfUO9@xO#FU%#7lpyrW;8?EmXfPS z8Tk|u93m@LYI%+QDnDzO+VNL!w3?fIEH!UfhB>rD9(_ zQMr|-cSD6EuO>UP>8AIjh?+_;4>?^_2lh61^tO;mI!6{V(L***7XQY(t|jv**E!Bq z;}2ug8sSDlwf~#-&&;mW#R8yXa5g^hDay791R}Y3BKzYw{5n@IK5S)G!)Q ztW7mJrM>RRd^tH1i-S1*%LiAF%|n#OsNrFv)+OApV`?npal>G(0^1m}u`T-_aCQfY zMD&H;GTXyAmb!h@!=OjS^#&1IEByy16vQJdey74QW#^ZNf9Eck|m)t+=7GzTY}rCW(IF|VbKp+y_uC%G7hTZ`># zYplQc^JZL@;KF0`UPw%tUSV}938UKnDr>54KC`UretR5?+{RF8w~VFB%eO9US`YRt zFTb{*)#k*%@IvF_4r@F`3?26J`md$~Q{C~v&>{2g^CvEX#~jl(hDKe>zM79w^m z(%Cr&pqBsUuFzt$W;M(V{Cj?H;6-)Ljyg&*9jyrfhO} zEHPtXnXNT{ZK+~?X~Vu?r^1{CCo#h;FWRbn|J?KYi1dn`McGbw-Q?$es#(P6M9Sj$ zcSYH0pC3nz9@Al2j_-Z@73)}1GG{U_yENz?WUab{T529;(flXT@OVtu%GI*%`0aco zF%iGYu|~P948>^Ky}x&2svKa6(`qc;zj}&WP5(SZE$=&t&1N;nJMx$MKbbU=Z&7Jh zw4AjYLQps!5wNAt3*IaW5Vak}obyl{N(-3IkQG}zW6wIJ?g3o`GNoMlYKK_Yc{F=ZCB;{d1eo9`FX1r1v$}~ zExt;|i1-D55z_Z$6g-o17>P-bDdnVjr>RhDe=G$J0S zbD(xexm+N{>ZEz7T-?TUoHg^iLMDjt4hSPcL86w}ZT*>g`A{-Ni0xdd`RQmf>t@by z;mGz%IRys?8^x~z4};wXLW#sY@+!~Bc87@p?*a-Tw;4$-nrVmOgem98%!p5bU}$3qv#)tj3$7A&*XdC0rgW zTkOjsj~mKr^!F>Pj#*rCy(YUPt3KaV)xB~4VUL_em=lwl;#>I|p^R&ptGMR$!ZLA( zO@LJQ-p#rV(u!roMIb#vl$@`Gt{-j6%uG6*OT8XU6-oAvzr;USUSIb78uFCiLiP!= zI`{Txc*|DajQeO&kd0Uo>8CYng=}1GNg6KE-SFgK`AVwJ^~VU0Z2Y9wS%CenDmUWT z@5~W(D19%RCXZEN-7Q4)ZT3RFoEv(zxoVL~YyUm44D(?=NXAp zaFzU4c?_Q{S58jao|SNGEa@%sbGe@tURZv4)a}KvzFAWo|7h8CF@C@DkbxmcZV7QN zq%6LF%Z=vnp{nvvpwYO<;gcvopH24I%w;*r5?-g}%%90qt?jZuO4}UmnL7R3G^{5a zIC=Y-fXdv*wC9;tvBJ)YX9rM8CACxYwA=RhD0NQ%s-XyR@vr^@>El&+EV(-%rcsv& zE<|ry$%2^qdG2z0?o^x0;rvsxll+Sda)e)Rstegpl=eT@b~69fDP~kF=+PYKh;>+a z`O9Ve>WE*`{|h$!7dZO=H3Yo4xiVI5HaMXnbb4gGPV?Ta!5ZD*c;YU1eZ{B?+eaJ} z6iP;Po~)&s@`b>A!s;wi#i@?b7X!VwR=Ap6q%O!4gtkln37M4^<8{$V3G{!oo%@6r z3kcD<77rFr^C=D=RPFsPK}AKih;t~?#%rS^bHo+D<(xs8e{98Ap&j%4$u@S|T>gwn zGQ0DT#xvR^P8+}UNY8xYyR!Jfn(mX`Q8H4lvtgdr?(PYq^SsMnsE^mQJ$JP}#d($- z#O%)!pzGmCYD!Ex6}MDy?@Q78MspG;c+MHc%c|ngF8F&cGAU!P@Kx?`DYXhdZg!FS zNSGDUOqsN;_s@qbT2SXU*~(yrcJ7X5XW#jr&wP^SEpq|u7E&Y0u@3@gFQ&QIUZ3B8 z^;_`w%{A_UB!lM1@q+kW&K3c*BqN?a`|ckmQ+A^4WGMng1m^!K=CO6!%ghD&_ahq4 z<|!_>{=;F9&627P)&=WFzq)vTtvyP8j$?J+ zb5bYv_oef5{{PMO;&!5W(((R1M(=c}zI}STKK~*yZZ5ZqqDooHF)dG^=Z!jPmgoi+4lJ;KgzqrC%+-8Miaoke2wi|Ns&8a0f!ntSM#_km7=dM7}cGCntF;iky&$6B?ZYR-0 zy<`ji`=>(oU5`0hdoSM}WE!)iT)OU#<}F($Zg*(%otLxBc&2Vur1Qje7Gr6|%w9h# zvS$6GZvFDWVDPt~p_FEt5Z`qgBa`!VX*4O8ZhsUJ(PGE_IWnFN(bQtYY3_FC)}8Cu zJa?LdDMp#c*ew2#FRAbws#O!5TjU^naf!Jd*_iLox0ou*O3labM71eB3EkUiEZeQ1m^oGm&iHKTyxLVZaQd8rU^A91{Smg3vn^i} z-t^~94{DK#%1Tz-{8Bpksp;4~?XYuu&8A_s<$;ivD~}LziMC#C~F`Sie1PlxQK}ak*(W zxY1U==}j=EX}2HAX%N@NXLqS{&~jpLX>VEV@;NTaqH?Y|WuCddG=XC|uTv$Gh?c`( zYzimIHVh?bp>Ya842vKi8wdWXs{IB=YekoX$I)h;7KLDa7iy1960Ci#iT%(hCJua~ z(nTbtd_}F-_6(A}B$V6z`U6t?o^M~q4j8;h8Zhh3X8GnEnQZLE^jy|MYHhq#qVqn7 zbCR`qPP}FI<~YHrM)}L-B)gSE?oCxN05`(zVR64m4;#ErPRV!IAU%bHj@RCxDsQ=_ zylI!N%8K((@oq|6gQla!z8B-2F<0XSUfz(pO7HJ?xP;4A*@;oUUKH%M?(V5_o1J%; z-A%AxQd?TKkw3Ln*%=jC}l6aD;) z9D@Qeg^QiMQh|&6-87WfLYz?k*6dq$OQ5M6&ZUQO*v(bmE?g$L#>XH2B>2m+I;n)o zt&lwug7O7Ddg@)IZTi8ZhJ8@ZQ-9M z5nZk`dUM{AXPu`c>Q&9?%xFFAdMcWZsYzSiR=}#W_-T>)(rvxsaB^yT9Gg3Pq76G& zIH7jcZ;gllTfTCY-?9o8$Ky!!Uxz#6SfBUU3*2nT4oGZP;~LAI)`|XnRmhu;HA*rW z=#1U%;D}J*Qw^e=Pp&l!Ub)p#EEHv(A}*_F;oG6*;Jck07C%@-_^q<}+ZDG5!JJj1 z^I$(|#^9w<&yP-K293E6vo1cEbMD&Sl~D>;S38c&UGgbZOpy*n9sFr?PYrGfP9V?DNu^}M#KD3SXZ$>eI^*e+4%_LfjD5QBiGkSl zg}%xD*@C^EBx|_-%bKm%hWJzbdkzLGf85ab-3M+@e_T>2IknBIlvAhZBwCw{*mhps zl~sE_p7wB5If57 zd!lCgFS?#F-Kl6NE0*LKNKqn=5I2n_yOZ_W*u!Z3`dzsrAI|7^)JEg!NSSBVPkWT| zHwP5?TX*{(g!&jn$lvr_;2R8D3D8yFzreZhR1VAg(bDW|5$_m&X`HquAeeBBE>e=K zlwW>){Oqzum7SBeA;F}dQ6sc~6~sT=)UO2{&Cc)MB}$hw%<`?-9r;c(e#R5^eDif^ zT>`yem~Q==l(_3>`__ zQPQH>@BG|rD_8S1FCprojqROsJ)&f%sFzn*v=?c~c>G28+GOTLHR@yg6zmIPnb)y= zCc7Pu!r|2n0U2zsca}^|78F*W+sfg%y_#?sR6Bk9*4A|6Y@Szn%+_B+{^&Cs!YBl}tL{<{kR` zp<_I`C`^-e|2osM*c7=fbF^$drF-`XU+7@}^Rf;uLmAadt8;5D`i+gLPwK|BX?~v^ zKTD)B`G$$h9mrBRM)KC2Oe$`W6*9lx?kAUP^K2@M6`+wOer=a?U_CIv&%v2k=pmQe zSv%E@D$gJ_QxLNDtBVw~M6LYg?TE59{pN)pCxe3RDw`ebbz!}|EzD~;5kVHzyC1#_ z*Lln_55`I#<{y$~7+DJu-{};mB6}={Oe8LQH^YxlJ{MR2ainB6M6L@gu@>pt zl~IdXc#X=LCJuiETA_WtxVZH!4t14zeYnnGeL&8>swwx?dCN%zdE!Y`Dx1;HX|=Qm zO@1;%{@yS4@JPJe_&}X;L`9V=KK`5~T4n`5OWrK1N7EJJrhQ1N=vCwph+?#{v*k!uCkhL6Y>NvN@jvn@WUcT9KKj? z`@Fl~V~Kb$9464{VJ02Q5e}b<)J+dQZ?bT{bxZKrZi<-y=}=m^S#yr-HM-@ApGC6Q`r&d7%G+OKd~q9L7Bi03%h$9f%CvA) zl49>k&vl6P=-mza{MP-1HA**Rm+?~{Vu3D1_9?Nux!6u>+S+u~wT+~eIi<7+<7GfP zW0Lf|-FvKscU-UiK3XiQD*kpHBAy*Jee?OZeuH?HDU%2LaN{0RVp@JxlEdqK$+|ni zFLo-N7kldYa#$+Vas0->VTh*HjAS#T<2d1}a%$vyK?I73Cu|H8R)9^Dq3zNC$R5fX z^PXY}c~_d%#R`_0!sksbYh^+zk7?(^Q*4&rJd~HUV9LnoAhOt2E>QBOaLJsNlPcDV zzSiw67v5DhX;+tY8(*JyVO-cny}ao5M3Hd?Gv?nO0cW!_fl&-K=hPX6xO!ESZ>&+D z#CaW(d>+0Cv*Pys=)Jp=>}a{Vj2^PxHCTUg`j{Xr2wgMl_jaPNmV=a9K2=ZF=Y@rS zSA2OX8FY)#o(g&2hgmx{#kyNm2GS4Gyt;__p;%49WIkDLHgt-x;iO_`?GflG!D1JX ztuQz8Zqcg(C|3DEDV zc@cjI9#jh1CnqW@-O!lM(v9U`x_21~foQ9MRY`HN`((PYtt-c@Wt&YTmm5&-1i9GOfF50o%zBK7rQt}T zh0X=*=%O4a&esJ~#cS2&2B*4h+>O_4fl>m`nXi}?BP82W^D?s`CP`r%%>}=%#|rWi z?4uo|1-<vq_c z6yFnG+s_Ej|IQyB-&0|lv6j>vK@nBEXJb*z@%;CiZlidY8~WPtawb~P3;Ge3$&BL= zXP0obm_6}t_a4iM64LG^ApNqfDWYxb=cEh*3d+61TDLXG<>JFJYuykuCe}o0(HD2oJYmXazovYncbSR zlc?s=3qmMQh1)r-qA;f(AM}?c9kO@fPVLu7Jn78j@o&CexnvXIJ{EEFvVcz!HJRHX zn7PZ1{*|*;%UThWcIkF+(FN6jFH6RJslm6A_1zD#Muw$JLm$iuzr{3tTlimJ#F546 zzt0{ovc%%{Z#+zTNU**4<&$ zxE}&Jqk{<0f9=-@Jl75{G2ye{CGO^n3C zdnwvmc2e*@$TI;eF{H&n@EZT&AZL#em7wbwynD4fUmR`@=M6>noBTLJF#?cc(vH4I zW==#~{VMs*vQ&1%Q}Q3KEkB+2lF5(sM$(eK4I&hJc2zR1?CWUy%e3V38OAdWPII?Z zYX9K=ENQRgG*jeB>T8Jk5G$;8=xbD|xspLLI?L4ZZo#H0@M(*o%kR~gv&_3|k4KmA z-a9eH$I!}buHN!e&?k&J@;a;$b1~2kk`K+_Tjzec?h%U4kfv5XOZ7g|3Q-6il2yc` z6AM~RK2NaEw+rrB6k&`nzW$At(Jud^``Elxn3ioD(WZWEhK%i0D7*j0z~MdQa;LCX zVZ74Z&$0l$Cb}Kl#JQAXahft8aAjTS=fyPNPolYVMfP&MgIIm96DLNEc5Nt^$M)>Z zy!Y8kMEhb#)aKgBlzy zfBmnAPl9_JO}LEZV`sJ^+3xs`*B+nc@N@m+?+Ut!9tOLodqxT*+Ag;H({TKXE!<={ zSs1%HY_+GUL3cjsZ{{U4c--Uau2%j#mf7jNL8~CV(q#s z@^zniq9P`1nwOfe?KNSO-KBOxm3W181C7U?--YUzowFDZbVKmU&2B0E+&?JZ`z3^m zG5mXx{o*!$mWq}7%#`c}lk4hY(xEmLXO^s&O4o1PUc4(g#t!KdlP`N@k9Mw)FZDz! zK3TRgA@80@Ozjv|{H)DryYwK@I90O!h*hWE_BgVf^II&}^ItzGX&8^z-Ht>Ygw=b- z;jw&IA?LLHGg|P9XM!rsN>0)g8Jv@D8I|hmuMy-j-X3XRNZi@Gp6GFo~9(C)0tUEIf43uIE?NX zhZj%sSb3US)~2~jrOIweJ-POl!FaIwsrDliDF4`vs9w;p{t2isJNP>5!p9T;=#^-h z6JM~Wi{q*lp8j;J-Cx7(B}GgPwm>m~=bZm0lhLk;B?Ywv0b!@0%*pMaMg>X(Z>8{a zH;Ho6jqJGMT>{c34OB`krrXg;iO?9G|3JH_%*4%1;Zn4kd62N`G|cvZI$AQ5?yO!M zE5ai6As@bMnfh|VqwC&u6z&(@*0!TeW6n5Eh715mU{Wn~nc731r zhCdCC!M;n4Yg|Q|6GfK?EW77aq_u6U{FY7Y?5y;f&XSXTIe))Q{OF=s zD(S~)?MbHe-KO{<;V%}Nmdw+c>0WWE^90RY_wghpj^=8!wt}4Chn(0LzhBN(X((#t zg*QBhyEvBFJFb?s5&7MW)$Tw3Le#HNMb)@#FNagN1x4^A%FT0huA-03Z)%nBBJ&g8 zY|ip=q1`*1MRW%R5f z>^{z(^^Zw3?c0+PuSAx)r@Er;lE}71Ltn2hyHfYWTBZ40AN;vxGihA=>~>7@6bO)pt6;FFQ|uHaqLJ=jYvecEz-(lygqvWR!hT|f%W zFiDurm7uR=_4|)h(!wq#c56H(%1DDe?F>T^mxo!D0W+RvpDg(&Cd1YDZ`3fx{}%pl z%aq2UlY4)0`~-j8vfQSH_m5O6VrlX#`Cpoar>NIxwg{Juo@ji5d-5j8d6&TuJ6SPWRIV@Ex2zh|05Z@hQeWZ5iq@9=7 zTDkO7@tF#tS)QcgbL^0}Hx0}z`~xJjh|7rDvV@%csvMfxtLXaL`yA+rz4??OIO2x! zNF8TezXO?>N~ntyT-mYv@>-3O?Hxi%1?)cVOjwzOS4q3A^E*@KEyb} znWbt`mQ!;)A=Iw%PTWrTTFXnIkW zP8E_uknfayx(c)b5t;#`B>|t0cBkm;U8C7o%%N?f`ZcRRUcl20iZ*u_lR_uEaE_St)#59ixi>l{A7g2l`{&mGtGzv8)n&_zx>)z8V4?PCw63N;G1 zPw)8%v$+bvQyoJVKSfYGHI*Fjr!W^aFv%q;a5<)b%bEg|&dASOcn;;(aK!bqqUCgt z%U186^H2t9-Ieqtw`rdF5bB^>pFCQDIcaW1)N>2uTN{qa@*aUZAmPc0uW4pZz=#f9 zy)PJ6h8_p8P-tKL`ZpbFN^mZJ7NcpUybw9=r ztre#fa=`Pae!&Fk5c2J#z9@&zIKy^mk{SP3NQ{~8)Ib<>1BZ@u?B_yZnx3Og7{*9_ zi}4x)#1w0B0s}S2zn5c^Qoqkt1j0%u zl?#K=SJfvlgXKG#j`KWG(|CM7BO9b3Z^r#J2Qr*{wP=FP&cH=-%AwL(VocR6oNBU?!ib!TbbnLpu!vrTV%(KqfStixAAdmN zWPwxCxol+}-C+(GjvHCn)xVCz2XZpq0_X*X@qMjlovTXOVdIaH@De2+$8=wwOQ(lz zE_KVIZ+U&It+pCt6lXAZoCfX!Y>FVay6FTf)|Chf&bH!F(?C^n=ss}Z11|4R1#cSkIvjQ3!<(}6@ zxAQ}TIoEj6O^*lUsPTG|)Sx$Rnu&CU`yD>f^sL%k)z@rSzIGj!*Ik|eH914MYfgl$ zHEviPLMmJW?!6r64g}_&{A_O>2}+D{W8C6(|E71YS!(RuVd?BDlBQ}k_LHIB8&SlQ z`+fVh-2B|DIR~<^QY&_$`!qJ^mo~()4QBfGFRglQS18xO}Q=}!hbh8PL)6PMRKKqb@EHW79%t%y{8f zK&<=WG>$5~f1BhuLV^#3-HhQr0xQ#w{W03KCUi*EgZueqAEZEday2TXA7m`}gZ}=N z{Snn`>@Hf0J!pC}h_=trJ*##q5Ut$fwubP_?#Db1UG$dNIh-yt*wL?xHP3Mw<@_5W zxELl&0-(M*yUv!g*+p!vW-sl8FQV$wsfP+pBN_dF+abv$g*)89_F|Tbs%mF@DMXnQ zH}AA$Rk)7fufv7>1Jv?}0Rk(wBt>6Xp$o*G$>vls`FAoHbm#Oc)d zF?Ey+Zls8<=LlugZ!dz!iF~!#%Z+rG)NTTa(_#8sV1Jh_5F_K!U%^4rZ1sq^*MYsQ zzHYg925l-;B0sU6BApWNZ$u#!KGZNf)np>#fDq9o{S0$kLPJO3d;t=s0692(3X-ne_>-732c`ftOorY|y{%Dg9-?PhS zEmf$HyYuq;d^y8KNUdLd(=$=B&x_t}le!)|48m77FT3KEh;$m5*-HB!ZZ&}es;Fh{^uX-#5FctN z=R8pt)beEbk$ngfZDzKtE8GQfRL@dgWOv@BpSu(~>TlDtH1_^>-R|e46iPF(s-mtY ztX${kA)?HTtH#9DH1UNj^wET{h2I^r=41WO_QS-Ep4DRvcK#7ErV(CE$Kf$H_HZ89zMtE2bzZFwcmbd5Yart;+r>HUJ%Qy zIqTJq=Rup5xmB`?(wr%n$c|2XL@h!n$A@^SwoypaZ}Kw`M(0aM68gJxNolAqZF z_FNa~fkvxQ>MO-BXm<}M`iM+x+1_yYtC+iDB7y?nxNhS~ef!ach4MMU_x>jKK|v0S z23`D0rG{*vM`#~S{D|Q;#}0=ag>TBXlPF#@v0P`-C${J2()!*mRY_L7P{PyN*4(U9 zvdPi;yPdq9LLrMvT0=o{j{TijU*ybnwWC#}Q(bk>xvjc!neMFrkS?+sE#5+_KD1SN z;jgf77yHvlYHog6noOKvs{ggEV@)m8;0~!uP3EFr%YJ>oQQxRm1R@+IM-bwD{fA zG@5jHXQ3@PYab8c*7aX|x1bp*!(Z{t%0tbiM{Xw5MU+nS`!eNuZe)7x?=AIZeLRdD zIvE^Z^NanEHgkrwidoeBwo^`$wxCU0Hddu({{)T6{;vaC@9N_fM%mefBc-!HU-4nJ zXEDt`MbPC1|Lpb?XYzW%JdZ5YpmKZP;uk7J*OtA~f4!IA@rrtWMN_gdy+<#IOg!6l zmcu$P`yK4GT`?J69+pju&TSQ>hJjDjM_Bvr$&PtLjg%lqp(9=u3(WRRhUs?w%i&Hn zk%iyGCrrMYIfY%yU2*h`*#%skN2x=-IXhW*FL&sgH<)$3h36_3uOEBk-;tJ2XS19g z%Qqt}{Ax(Pav;XIY&w5|g;gozsI5|! zrq}L=$|swQi+v^=is5{|(f4CxWox(fg$bJ2PpNDkM%u}Kxbb%nHLNX}?!b1*s7A;W zT-^1xR_@wX%3p%`CM0AMWPKLWgEuodmKFM5Q-zB`kjr9XbKaAf9Y?YVj19rGd7_|< zL5-Z&IJca8*UP(Dtk@O`vZ4Ru`l2h0_6Fq)^_wjtikPfs_RbWZt#hy))TkGDxqQu= zQ0sUZ91NBEUoJN+3e+(sc&w^o!1^lpZJWnDHx2(3{4#_ik5YUJsm|~&iY`;Hw)AAT zL^CfmsK(o*nI)Kd_S&Yem=PyXk$BRz&eVP(NM47}T!$&nalflxr8z-y%JA|RCYEf~ z|MVt+_&`QxO!41w030SPEb{-}Z}836%aH%x3OF_w4BLN4_3tYsGPgGAaKR%oe_zOo zZDX!kZYWUr_l3dG_k4|^_cxTmLy6!kT}(HR zE+5sRt?^BJNGs_ISXHK?e^|&A7<;-fCs)1tdn}X3j*(CMBnyR2b{0#;isw0d{8_B@ znEY;W0>unOb-dPUI70%J3>s$|%EsEqdi>pM+>RuR%xotcoLW)FB+KxBgEeZ=N3cST z9WrIt(gQvzRnSa?3=vJcqs<)dt7kP>E|BNsUPKQs*MBPp8=_b?u9Vf0I)vA+du&ij z?*-%;Fsc_i{rH3;GZJJ>zZ|5$D`8=yyL&{p5g^j5{BMj4RXeELyN78Z^tz}5BH1OG zxSYl+eJL@ao44DOLxNSF?mVWYQidxJPrO_nI>y~5I^H+k$ob)=&3~TNXxD5Yi@H!{ z)?!98j=WhLqywxM9&^lLvs&j}-cgNLaeLC`L$=+^dg}bWYGEEi7jkVL5t0~5h5}`$ zQPSnk*MV(q4_a8A5BWDJ%U|g4Jo@$TgSWSb^kmdCyxJAHd?3v%?`7#Pp{_W2XH!~^p0v8C%Mo(n602b z=%L`ryd8y6qyLhAzK`J3a2?yq_diJ$db5Wzw4*2+ThIW;Kg{3ffhmUZpZ64WQe?JZ z?dRQK7;j}0q}7;|M>Z9O2IYNVeDXTx&stte%g~dfO&rl;ybc++N{Qbb@Lu;aw_NMd z{sN|)hV!xWl7xE$9Ez1h_Xb68hI^4GFx#3^N~Pw{vc=eZbOp4c-4cv(KinZQcD;p< z=zqV02lB|s=T~*BY1NJ$%yYHdUtpKSQ;zF1?o-rJsf`wUv!zE@o6Y;<=RU~tKUt?Z znhJ!1CiB^&p5w0%^{@S(8T1p>nhs`jDhv4Ad(D-;THcB6&9@)TyQ)2N7)MlB)-t6u zTpeu9nbGADMs8|E_Fv2TQv6`=VAAGv94?;`T8n!vy5*yv^6p4~9J-c)VjIdgFKDN!66UDpx)kJ5=p<`UM2+gr`;-pLss4 z#T9oLL$^6MYd`d>HAta-*ywwSm!xrSy%B;saFId-hvpla6@LDtQX`yD^I>4pf9RvN z*1pdknq6=#;~3RoUb#NWJQsABG$F2vdZ+cgUTZb2;=avwv+PDIqR+P*7cTk8W{ij~ zGSkCg&0$o^guW5=zFH-AUAgY;ME7;10az8E!^90$*G)Gt%wjm6E2eIWgm8ixnZ;nbvvxTovhE z*!HP)#5!jm)lyGff>gH@t!g)wD2bMv)^I$WFSb0!7PTmPsjKwF0R|n6AL&1ZF6`P);o_=71#I_EYodS&~zH##l(kr!png97ZZJSB&%$MpIu2K+6 zjQG(`Y3 zfR?f;|A^9YR(pARJ_nUz#!FZbK?~cy9&$;SM+DkhkFS-IXbLvg1&o{D+aIGaV}s#I z)ydE5)HOoFG{95WtQ)f8uQ}bkl$T=}-=D(}!t&dUuXnnfI_3a*B{$0L_qL?-Ys5#k z67m;R&?X|vICMRJxQ4{3C?)&|7xd)S`02esSH|Ix03RbBl}$p=XFx6vQ060PK6FL8asql z+;6B#6ODwYH70pW#8rsDoc&6xQ!Jkua( zv4v=-W>Xpg*zvW+XCVZFZ z!7Zs_ycSOIt=KDiH94C-UUyhS%V)st+GvJ9bO3CpenVO2;&DDR|7D@ePqs)0II~Ul zcHz{P09fEUctmr@8-EZRyj9ISkQJa5#dS_3cYKGYmq|^smm`?Rmw-J!#J?xdFs7;N zi3o58`-k19e)c&vakH_qxFnhaH;|t3m1O2?wwDbMplEPD?}bl%He~)A1#Uso)XKo{C=U`)4mDG_M(C$sp4` z@>{Q@wLN(*m|fF2R%(G>r%X98P_O9VdEZU-kTR`NOi_~DL4~6I*WlM|>a`h}uc4&Q zD!y;NWV?0eyWc2C^ox4xKy>0aT+uywU91e&j!Vw3@U{jUH4d+I((;(F>}T&vuRDJs z=XV?MJu1H3kR24F4ok0+SdU_d#IQ4sZtgui>y}Iz^jk!aqgNk`vF)!zdz`)K(4Hia z()MAN1?O;x%lu&JHu=)?!}Yx?Q(itzpG{VZniu*otS-fvRU;p!FZL-?&qgYw?LoL? zZka&n6BF2H>irs?7mm1FeVv3hxG0lVvZBfSkmvq#c#j4VEGNjI+49+VO1^wL<>gzZ zcKU7}$iZqxW`rrUm0qvmrJkfVi!_ZK>dRq<@+DPLVbGC*imzF?-XVxd8kA%x>!Y`A zCLB#v(7)?u?~9bc>&!YsqnzrkXW{Y>XVx=3J?d?jHlwopoND+xTvu!oOjR}F6&8o( z4FYHi2dJ1-yKy}}VllD(lez)?oxcVut$)NZYUem94keEY?)aH@>P?2bg+==tX=&+H z9!BmUsRLKh)4YQs8y72`C>G{HwB~dmqSzX}PfhE8vgMhQ%j8FY43-yYJN6hnK_xWmY;K7 zh8?GQ_OvNz&4*9lSu`{U(fAa~jJLM1+OOa^tM>aO*e;;{=Gd(|Vd= zi%&jSq*Q{AK-qzCnyY!#DTB^5Fb=2n!f&m~f@tNH$lMjH!$(!Qpc+zvOAVrk(lp=w zxhr!vrgc)` zb)eXsop74zI=1{yZHKC#6Vj7Y6BLH_FWv!~_AsUbLU6!;Fk#qy@e~&~IRGbU;8y^f zuH2kh@*RsIoa=M>{uh04848#HLVNPenV>tl@0G#!S-8!$KJ%*NxtH)Phe3=!Y^mV~ zkl|}j&PXKA0_|GZD7}mJ+H%(n1hz|Kd_=~z_&kfW@@vi11@b0W_*xuix~JLkrMq49 ziiD0ez)|Mo=XHJ>am63dlPl`4wn?Cab65@2Bb*7LtScpuhQ$ax>iYtO*Q^DeA1=lA z@q*;=_drIW$_{mE<#*Vwy$Njdl8W`(sXJlpVUkj=YL_f+jzyqda}3$%3@{YpFay+oW~@eroEWW8?Z5`|ig z@w}M|YS))YTn28uf(=G)Z{pYa#IbCg zp#!ltsNz14Qj?t^*dFnOocJ>+n31VA@dy6`M4;=>q>)Vd&d?15d2)WoY2(T=&+#B^ z1P>uwU(@)-P!IO?IjZfrnO}dgfb6tFHsQo$Ce-kx01sighhaDN==oBS^dXB7o>Z{>Avk4;9%iBa79X)uGDB

3C1ViX+d3q8O({DBk#4JbXU|~{j-!<0a?%Z6Kpz0-wX!9c_1lQ@g~&r zFv%W>-70Dpn)CF;u)$EJk{NAlJ@Mm(ze?W0RmnBnkEwV)c@&`#JzOD9e?8pn@tjkv zJ6_fX0}uaSjQ%#=WR)6X1yn5<<;vfwNhR_-y(ux}PM8|1TcPMf-RPuNJWekFgg)AWRBeNfL?%PPwG&?gWi(iG=dhON!c zbl!pe$nWB5C~L`9=Qa62Z~w@Oo!thKuGKF9(E;9+>F}CeHC?qv?l?qmZaGlQA-bH9 zKG4PMEr>@cU+fEwR}Ca48vNu}$UoU_j#{%c*gO&3=yYzn8gQTRyCNbLXmt7xY!vlg zebZW8zlE~rWn-gKZbOB&1w}23yTj0?kkoh}?GN z$o7tzHPx((nhw&sH@qOPUq|0y>J+jRAF z^vVo1&+c!hrp?~Pr{;65b~(~up9%U^rf(umsnXKUrif_@c^`;4)r(?ULeG4Tdfen|3h0&b- zq*SM_Gbv&Wd#&U{_AeGD(p96TkLylj6l&A2np{>B!wE0qw~^-}g?Q)9xkaZ*J>s25 zN&5j#ISbn^o){}m8=*;6j7r_Oe{S3{h&lZ=QZ9nHt?q^HPXHnRcMUrw|CGxT;T&ez z_L=m>XydH!u-}0UzmiOA{&s~jSdFLysim-NH=bPUr2p84*2Nz}Q%us+Z`GoJxZPN$ zO|)>(Q>_ukvluJ+$;#YP@+voVPB)Z*?0+@E;rx(cSdJyk^?NJt%t8iQlsyaShorJ>?<>Zm)ZFX_hMMkJkFj2*#1c? z`&?I5ncipoVzwBIrrR!N)eC6sM^^R=BOXs784B6dG$%HslQ`K+vA^WJ^2{` zH#?fd|A73BJO#0Yg7nw7c+Anq75CYklq)r4FO$2@pQ?%i|^wCNckGQKgZ;GH;S|U5;qvib$tBiy)ozNHg7}(U(BL z)Gvu&rh{i$ISbzeZ|&`hBUydET!PN5xa%$2ZzSBr^JAZ9tx&!5+v&s2cE6k<5^uX5%im79fawpN6OJ zTsmyCLNkiD`%sr}I?|5?GCX$=Mx;S#jf3DmJf)p#-SMJ;dU=ptX5;~J>Qpi@`&c$u zmaiq2F>==|LKqrB#rj@~{6;Zkw(|18GGsLk&NueTq9s8XQAaiYk_kNTy}){TImyqI zeT--MQ=J}% zgJ~c<_G60uP|bum6!TI-trCnia|}OOmhF!%_}$!=Ia~%vex#SLr#nE(Wj&o54F;DT z>z&M$)hA+M8`ik7C-9i)inSuyBDKOl4Wr%oubk;up1R~b{S`34zbxph`Riss@8wu4 ztD~KYT}HR+A{}TkLV|)3aCO*)-lvD|n?BGq#kSkFF1n~1X-i&(Hj)msDa)=L3Fs+pYdz)(kwDCoP zwj675-_~?tjLs%wzDuryx7X!xDEMQMLB{?njmK_JSw{H zs#j;ZoO>wGJM&BYn&3DB>hZMMbai9dtm!-7|2~?c-u%}CA>q?40q7q-VYpqCTELt0 z?spY(NP3*tCY_1KuckeYc*TLbPV^7*Z~|wAEBJG!50dP941ww;vT%-2YW7rC6SZ~f1hla`l8|8)YWfy-JsjS#AF#qREt6h`(RY3v} z9mbu<4Y?a5d&@50V`KaHtFD{|%!g}%x?M@ESmL>HG^W+khxkKMH(QYd!$Yob6ahlmVSE^p_wkpb@w^tJq}^`0rQcTHe34tdsq+_Hc-&Kg#)+FRuu z>x{7EYVG8QLF~;coxMSu#Y9w&fQ^Cb(W6EQ7>6XP)_~H<>KQO#2aojXGCht9;mUnE zH8B+#;{QouuFH}J9M+PdnM@+Pcc*Ol5jkIv?FW;^{JVqe1?rUy{G&1CZl&2+rS=# z-AK7|8y7_Lx@Q_@fo)>i-Da~DX;$`jR;hY__@=@gzUC5tqrZ?2W}xHwD;s;hF8L+%s)wYHl7;zZ1pP2JP- zS(*>H+`OV8#60|tJK@i0eZD>!kHIgHU{<-x z=Dwu+?>yM*TzyhVeVOmEy6|aDPanF#(;}8iJ9YIe2vwBfV#DipEkgv)pOsIwQgbX& zm?tBr&Ff_L2o|gc)g_>@-s@91$#(J`cIJXvPs*j8zHdwPL!i~H1O!VdDRtQy=?7yK zz%ENA^=o_NoL{59atIpioQo%Pkw{`w&LBW(t~VJdpV>t%*BKAkbM*w-@p|v}AVq-@ zg9a`b`$bCD@SxfTJ)Bc0N1Dd~pGD>z51%Xh+9|GD^d{@iXd1BpB4?CSAeQ0|^O3J! z5Lxv=E6Y;NQS%1+y1lYW;4Frai9RMn52_|Ka{O|*TJ;N;?oqtd6$y>r$H=KA3MLQp zl5p%-V^+mFIUK*SIhyJ9F%0^1Ls~~ZH#Ryc)|(GC-U#MmTAg2^q?{Ta0$P9M`Y3eI zSi}!H63&a?&ay&%s~Y|g=*>?SP1LC@b@(=#G+ICC7C^n$-sXHH^di>pe zH!|-F?4Qb;=VEoW9dE9?Dojc_bn5!9K)|XqlqrEqS;a%ArA@g$nrpL{hZFEZ=+6#_ z0!2a=J0NB^3JHs$vLr`u_GU*Aw=$K?sWo`AWBnvQ7D(UEpwGp7?~y5GLYA^>3h5ph^jR5Z zku+~1E>hmowb1Un__W_Tr0;IMT7EDnN~H!@L&nN<4Dmj$aR5nVorDG_8@p!SQFjJs zra~(Tc_4GhhAFPaeHA8!kl^8_uh|y7rLp%^RTT8LQ+>o{Dv!RlaL7QT;tkjDxxQ_^ z=HF>8JPE0UEzL`0i_iy-ysNxuavZn`k&;666dI`B)EfwjBMf*@0b(-kPvWxGh6dKJ z*YCx_g+6$^vHtza3?syJoWWoJQd^y+2(e@V&ob33%zL3i7nka)m&gXJ7RqH+%p8r9 zpqUtdcW&XC+s$liJuY>&cNxE#_U*sQ7WmC<*sajj{P z57MV*Qj5`v)#Opdn+cf zQ!Z!PvUh7R@2}GGeaYQBhs^iEaV$@`>9d$h>PZ{;+le8@10^#59mAYEjW?LL;^?6n z64UW4x!YFH_vfkg#$yYC)GQ5~ZC?H30Z=MD7qVX&Y(Cq3&ra?^mef>r)8=4|G!eyk zs!6>1>&R^75jFH8x!JcAkDo0KROf7c)*w{Z(R&{+N@wZTpcNrcsY~GMl{E*LaH~=M zea>;|s|dEQuZLXg>WB5AwpETnQ$u-*$N6-E3#rcTt5_CaLzTrMur!; zmYn_ceX)-pbJJN7)Dp6|sum5owtFY_VQL>E`=UQw&Lnz2JY@tYt-U{1z9yQElyZb} zjW*??;J9sImE2I~OpNe~d5ch$i+&yzDeRLhhH>Ed>GP~u)(WAV249{>-m8YynJ750 z8h^K>Efa0ZNtBh{2uAnWcB_4RjEGO|lxHH5$d^yef|@TtA}uptu+*u5D7wkCkSMt+ zFZ%&(=R_fycBO|B!r83Fy&c=vB-i&UhA@D}5(?7zuSYRQX~j%CFj6$=q|cfJf0^>u9bCbi&cJeN#|CMdkY-gtEk(QfGF z4N58R3?%V-q+3%42!YbiSBR`#OZKx7yaF+{<`CLEv@%F7n~#fkbo;32RLf1<2VwF+ zy@=Z5($BVIb(Cz$`|Jf@hoiWOVk(8)7pFNZYZ9lnh9XJ}#a`OOUM#fvk%N6KwUo;0 z0zK47GPCP197yb1)r1FtTAMW94)rMNpdMse-OU$ML9I{bwc{m^w4l@#2QZukK37FQ zK}9mUM=7$4d}GhuLee4e6r&XO=rg{7ys!nYSBv|PGwNDl}CotlFwZ!^olw`f%(ug`mmPeIpt1V+=h5V9^r-r5t{Od zuE!|cf@_LfVwt+Yq*&qBOcY}`n?+Yb(xnlJ0pCs5W1)_u92>w&! z7jUG2h>HFE<+5|8M8>lxwK}(|?43VlPh%vO-wp+5eZT5xa&b*RSp8YSvf}%H-KI=rw>ErKT3MddRP) zz6_610#Na4SU{x#V{f{wS*&tuoo+13A93T@LEA_=Pjm$-S*EY195V|};ds8jV>eA} z>Fsv#5W%KbOyqwWGmJJU#eSarrzawvM}dgv7<6PX!D_yHNMmA^pPYk4vwylzj&G?5 zsG~0XbbU>CyRHRGMDC@aH_#{1-y?{*Zt72;^iBPPDb@a8)Fbi#jZTpNo4Y(&7Cry; zuW_YUS=z=Lv?J`!m>-#h{cUYY%!;0z0BsTTd8OAU2e*XEh>iaCxcp?H8pi+6f1fk+ z_Xqy{Z%Tb>8wE`T9|VTY-{0S{$y2dKk4*Fz8803iT<@erS$E?9YoLjZ?w3+=^f>6j z@O>A>{;yN!5oKC=n(~rAEb=<8nsrO)?_Y5p%iJ<^$$CZg;d9dFX<(Ns#csHEiOGA1y?$#}~4*(WGDjEnH4Je_X z0I{O=`s%zU>~VWq^aPI?!3sDBUN52bV!!9+QvpLKE{jGrH(YlCFnA^sf4XECXPD+# z!@Q4@;x!2L@r73AaTHVN^rr3Qk)iHY2L_j^U%*MMpA7*#98b>)%FbssQ8wQit?RxN z2WVEmmI49-YGj|Zziv!hfRamgM80kWU|eAx2*C>AR^`d3Z~=_HAi(`(xA)RN#2^~U z+5o)5t%{!t2pQz(+jk#u*iO3vpsMoLZta{800_+BDDuyrjSpwZ;EC$0*8Cyf>MDZy zN`X_}{3-xT8Nef~{Ku*+hFt*)yOY@03BC)yckzN7Thip}3T^M-0~Bn~DHa_?#AYh> z^_lGS8zJxjH{)>DRFy>x_~8CEZ@NnoM6%D8StE%#E}Zt2n{fAoTbRLswWkJ%U&(Cv z8-Q^&)os#c&udif2mr2iK8Jv*a@WSqBkG_t96w9)7-hc}aazW1ReW2!MXU3{1W>FzoG2mK?YeK86?2HCkj28? zxX)FQ(9&9DusX1!wD@&8>sG!#3h^8E;MJb+!aV1whP+_tIU;wG!DZWdK+tF|06+d;-n6Ru0E-ac@4^GCpRTIoxnRzC#S zjndbG%NMu-@>M#IWA2FPHA-U-RuKSy;BW$P4fHfLU!IPwQ1K9{QRyl|zRKq2=SxLG z`crvSV!&ERcGiBd!<+OrSQy`nNSuOJhlx@DmlY}99X(YAKiqdrI6NVM1nZ=)1k%zX zo}q^|+!}9FHFjjlK?>BVlp?6cX-$Q;BwQM_!<@3Bp!<9P zUh*@52@wL@PIz7(-?!yx(h7jUSmx<~eBvC}UGS()aTJv{1q_qoYkH`(ma2*-&;1Je z6;^$~UeBiCxQ=5E8yXS+ z1dnLs*c71ptxgn!Sq?#y;;9VaG3k!CsINo^kezzKxdLb?P8bb!JNa$swALMUfG(_T zxj6sykVwk?qZ(8>KQ;rPr)eKjF0>Utq`W&W$65gFRd=^Y(I@shz}n^OH#gX_8UG9} zzJK7Z#C8@J0Pv(vGa(~5GcuNuj_zZ!%ac~6eNO(XfW^2|zmgtHB89^N2ttQ(m1EMd zPY$o^0_%2j82g+W?jJ;?9@paV)U1e<-lqnudPKg)ZZ6#-EycEh7P?8L($ezONq$M? zH=uCU08SS`nwfbQ+`^%fJ84CuO@ReczE>ozE&^PRm2^+I<7J9nix%4%ra=OvJH;VH zC0Mo%bGuN}??^_WBOG59fJn_h0mcS>y-v3!+r@i;Te_$=Y6}!;?Y?#EQ6D0Px_ZL` zVB_lqz^?p>1Voo!q>OAUb5`(SiJT~7NxrF(N+6&~Y8I+V*G3O^0jNs$*66I(q`Sqd zG|^y5Vs8#eQ11Cuwbi)uxE}TOmneJmM-a{Hgj7flV9$k^Mlqjr++{y~KTfI}oW)KF z9dx+is3R;!msWc>nfw+ruE;kxkq@5{WM9JpSsU1wUi2c3k_JFek9xKP9)qZ?06E!t zB!Cs#T~T~^Ka?GUHqaYAW!uoL@cQq z;G2pHG$lGq@a$`UlwtfZtOfu3mk+X>GLo_1deg5{)QfCkO}boXJm zR&2NtJT~+O1cg=sG|>?NTC)5E1U}7xwaMzD&!75dYHU)TKlK47L(4ntr*~h03YREY zts|Af?tq<#9UspBQ#h95)dS=5Fk!$v0^mcMP9s0KcJ&il=x$l?ZkLj@S{LK^2lj|g zn5lon=PGcEHy*};5In-z=z`sD_|6Y-p=EO3E-A{&`nx?26y%8@7SgwT{u4^%Gg)O( z81UydLWG~hv=R_Jjo1UCq1Z10Gh6qeynf{Bfyt%%UE14f9|2{vqrJTkCPZAb2biAh zY;38jOMP$1_cbyRndsp!S???vB9D0&7?4fz(NVcrjEH3uHSBb+ zeT1--Ya4;`aGdM*G_vl436Jf>)FbRyc$>4$;DL$9q!hR`Q;)M!#_L|JmKv{ImLR-nteefgb=qxfuIBppoF}>+R#MsXW+QjAF%T zfYm7=#e2C*nd!qkSFcL@_;as`D8o{n-O29!vXyqGfjz(nF5d#2A!ubFP(VKcF-ku5 z%^)EwC8hYCZw_3{CJZz*A1@j1#v7$aYhS-VWh0DMqI@Y)$GfdlVPqO>`faQ_JRb*D zZQURJ?3)71h{|)lI6Cz^q+vZIPqJ0MlLg>gOWnd|z#E~A3Z|WwMN^)8Qw%xKdzO7q zsnK#AzE!r}7Je=#PJ{fxl?0@+(rYyXif8M+*ow|<)*?KzT&2&1UfMFIK;j~0e79Q| zC-w#?E>XMX`wcw*A z0Jijf&Q%kVT>?$ir)65vCr<6y65dDH*;!2Lg|Qy@^FB&vHE0}6u{e$IQw{I-8$9z} zj)Hsz&d6cR!RVw5O1@NlwbbvrttQi3>hc{>6qisIU<++BSqbZviTFQ=zcNyy+IPOy z%1Hi0smcq&h_k=bu)$PWK>jWG1$p1@mS`@?EYN*jkq|LXK1v6~15su4mXkkW@#SdG zD@@s2KfaIvw7c@dC@lc9b6}yRMG)SPkLrCkW}q9!J)X>I<$vkGV!k5+W_+eSySbW>tCrdBU=kiSYrMGQ%==;;hoZQ@+{pk2?Kj*ijgs$93 zs{ABg^8hZ>MDV)0@M84VR_z>a<@Y7Ep||nY`4RD&st?jHeNN3-+%25x4eWm`5ULzFAPH#Bl%dCP|?DsF+|z@ zC9wOsF1|7&aNT{k3mD&!L`EBWzT)41M#TRvRQbAiAxr*Lwrn~dXd4&p#}8WNnh)rZ z(@{6hD2@ibCgD@Bl)~z@tic=Ho!9a>^RhpTZ<)#pV;S5*m8J&6K z&Q7vZ3{b8Mn9Cp-a<~MGY^^gVt41f>-|CO`aIQS#02cs$8tyaX1q!uo7|d^!w#HWm zYC-*y@ybD*(dC$@VqBZKQr=0_h6G{v+H5qyNIR62G<5b8cG%lM2z?C7nkASt!FQ6)IIV&8mW24S9 z>5T0E{&RQ)oO_Z(>@*u8{-CAxa?38>JV&TD#yZ}%NZr7u9{MR7yP;|?t+8y%lhpoO zf~jMoMm7iSVjhpNi%ShpsCLKdZ^c(~i7X<1w8!@?>p%M^gwXJw;)N9f--jMDLJP)8 zGe}w2%u~WuVCxoLoKHbq+-?z~7lRARl%45zg$f?)J$@h{9#;a=asn1(ggtxrh^ET| zfX6NdFA**Ic_V>NPlhkjhp7E0}Ge78oApH+PZ@>$H7*1k)3?yPC{Pt0}%P8!uke-;Y_W*HOO-uYZUOEblv$IqU14mez>G^IOMql5rkC3?yx#yHR zYRQ378atk9Dsu&VPOHCl0~qpFG2coVktxL8<#On_y?6D@eF<}Uq(IeS4~tx4wKJ^M z^dPMfZ2C%@0=JElT8i)%^mZP~mme34mn3ALl&2Y<7vzvxHn+BQ$ATb2_NDie(Bwwr z6=}K6-fyLpI>74PA;mzunfCr@`S?)|i=m&YKc0i*w1K}#uxR`AC275BQKnO&;uQYi zdoX3n?^N2Ph(N(^Hn_)_3)lfMgP+t1iHS>Vj)%NuJxXGLx*@LLB}E#K!_L20cU6c% z@jn7OAf9+gq4A@&QZV0TZwl=7{TWh%JknmS`D81h$2=oecV+;ZHj@UKImF>r_Zd?~%}_3usi)s0`t_flT980kj)-~zH2Yas5zSR}pX;_UHIhM~=#dH) zVAR)yzfXz=$WjCnBz}0O^$42)$xr9C^3)8ko467aFY3GUmarvvo7fgAE1~{Pfuj#5 zZ@X3n(A$idXD*l_ojyO+Q;KhhlMsf#M&Mo+1@c~_90GSYP|GG1E(Z*l0;B_E0A~D zHYtcO*-RyRD9Wes;BEiKXe8|IUV?RtBOV{ZtUiactG_?~R$!Vyn(7^Qrl%6SI$H$R zx3D0y#Vy{mAvn~FhQK{Aa9$Ot<}G#ye#gQsmE)@HePlcXLP2a<;%%X;6BC~IvtHfU zOQc2evDD|Q~>6&t~Obqlp@eS%CXkU76gLY%{$7EXCmd6twA_Ee*Xtp3nw6< zbeBBq&`eS2va0QhoCSMC>)r2)EY*M~FBtO1@_=z?wmg#3{jVMPev6%1@s00QlN>p% zRz+is!L(;!08i)zkh`_Id4{|9d{FD^$a;+B90+`i<{sif<6Bb;5J&9q@AsB} zacj$Mh*x;3EXZbr5wOhWihh2xe_AM0&gBaFe)LW)kdfzOn=LS|)*=>{m$fIYE3Th2 zIqxq@^Zfa{mYTS{Zux8d*+y1&dhzwpy>7gkhM9`qg`Tn4OmYnFr*PS@Jv_MaE-wQZ zvP^Y#2{(O3pQoxgw&S*#|b1Ozf0h>+8E;2)YcXKyX0K z_8VY|XZTZcPJj=n2Nuj9q5{y!1A^yr&!5RbfwM!vf8H(<_}P|wPxJj~Vcci;MW`gp zkI?qWxtEbCoK{qMy{hu)uX!md9(61N6z<6HfQ2s?pT5lT^n6#YU%3HI6WjykYYzJY zptHKQ+Om@Y8JZ_@Q!$-iYX<%Ma$k!1EY~BvguI&fgJf!kro(+yA^{{wzvRX!08^); zq%26y#00U|Shh5dKet2hG*F56Avs*C5=RC;r;z&K?fWzTl;=sj^)~zcyBP9l4@q%J zM1RhT`l+g_8f6wa*8$U}8uLBI&rDiMN@@!$F5JkI0y?+mx=y56sN*2PW)eMbBwUONvU7N}*hqje!T z_phPrwZCq1+EzVlu|po%;&82uv*j$>;By;@rOUB9|M~@huHY@9##*@OEx+Rzec}6E z@WjyhZ*;si^+tJ8gk8(()n8J$t-$i_Ns@ys+uoH@M8nTuWql>jZGh{Nl;5YY3P4+( zV$`qua>);;qm)E&zBijm%(VLlAixQOTxiN$uZg8Tq`Cfc`=r(SGCe7&kN^i>iZWK6baT=Gyhj&cFlGlECV%dXMGU8e zv^B=V!A$|XvJ2f-6|a~0On(~a$&}~9%&Ic8=E(uRy0@FHn61 zh)IB1jJ1>$=r){U!4W%N;m^zei+5CzH((W;s}L`TP5-n|UrD0N^=jQDC4PaJ2Z8sOaG5DNl8!&6LVo>Eig2x-)N(e*p0U+R}4Gj*b zzTmMwC-SJN{KyR`5LtxDQWYxRP(sJ|08&XLcF<#>aXmdMUPVh2um|sP2Km1iDw7SC z-#mQ5{!QI+x?oy1FL?R3-d-z)R`-^`X!_kx-ILwIti*=aAR1`EJ8up8w~2w^alqYecEAdNA`^TU&c5BrC41&e$!IQGdnb<~&H` zFu|;h%gn?Kr~CPW@!V)9|K-b<pK?MYu zFj#nJjC57Ao&hJDxA?-__=ytr=H}+B#()Mok5?dyAc`ks)vYk=K^4IX!8yA=S^qfm z)1P{qRU{l+HX~VAp^dvT7p2m6KuErF`KdXjBDj2Zap6h)L$c?fsL)x z%W?O+Dw2l!n?>G~^z?KvV65h3Z?!XGl;Q;#@8vPPvcFdN3tr_NjicLU0bLu$n9FLi z)xrrFQd+fLZWWcQ`y9CEc@e_$hJ#w0RdfuG8;2ib`Pb5N5ni(xF|Hbc!??@o*%@14 zj%`fdnmTBWQejw!;)ys?b|im~L$NY_A8#bASR zm~4+`gbT5Oul4^zU=xtClLX&H9CG6i-npHS@$*eQV@yVdQF8IC=kNaSuctikA)sXd zB8JcQb1j&%K$TSr3XO{5_%Ve8-g{fe{(Awr0l~D3!6II|Uo&5+r>6%{0+nDP0?3P| zDki1pe&tSM{_{`$Mrzf7rU;FF%E%R>@(UXe|8=l|l9WLbm{MpzB!5gW! zgOB&hld&Dw!T;TV4Olxz$5X(y$$?|ze!3AK9}mD2rzp<`DrkChop-+PDE z<=dH6u=xPqwCVGzlmsRKFhbhLbGqQYsJsoKzEr3w_xr*i6F^f7*fuUF%h@Cr9l7mH%U( z_#+n}g}#1;-;Q4PeG(0z=KS#*K26k%Tu`1iitgTVTp?X04M5A4rl&b zjpkbi?KvSp=nV}I11{Jt{#3)O!66Nw+G5nWUc_y6^lAD-rS9lfman_r_)J&bA3|)+ zWEn!U;aXcy-nl5%_JG(>5$77_g?tn9SpzEar^Y_gt7F-)kX1Iv?|s%oT7Z5W||UG=N(_TCqTgO^4HQ&8WVyUwr|niO}m z>-I0XZ7>ucyvreit*d@W6p&*+rUMi3g|ToAy?zLDgB zQeaMKyVUHCYjJ;l@`$^RtHiHn*y<(7$5-R~^q6Rgrcx!yu)bx{A5DF+H=QQt?J-WD zTQ3SHJWvY?a|oqRJ>Xdc1qFi{cf!SC(jK>g=PWB(`q`S;_%u zvI+<;dE!J?Jxx^0;bgANGJceNbzc+2t`8zGSGROpKhY^|8ay_r^?PeLXtxfa@K(ze){DJI1 zjWPD&Bom+F-U3i&=Mci9qLMhb5}3w=Vn<$bj`u88h!|MKjtCOxVKdrAwX0S^W0H~> zmQPI6`-DCPp@0vro|VL^XZE`O<7^oi%5pwuFJA6L*B@<6>C%knio(DW;jx|J3d9TB zYSaXjb~6^T-^^S`8=gqp;0w5w&vh*9TR!h1`gBPB=&9sEc$K}>;y^nOp2$N01Ut_H zy8SmA*b2v}+FP!cSk_l|Cuhp3Y^I9*VL-jVNW#5RuX10zm^Dd4vUIQgL!0Krtw625 zK;f@5;BtTMfbs-L?(YA5QUm7{G4ICsF#wq^^qtZ|@#gF7ISgu9N5K@h*Y5u!hQ5Wd zUM~%wsrDYAC4h83B!u%_S=L=X@uw~}V~#S~TIIuRXlTHpBlRn$60OY-uMH>U81(Qb zH1X01prfNp2|QS8F&G7Z{iLgsq13<@iW2`TygGS_0ebZ+SweJ(rWhE-T_}gLATN&E zo?78`E8a`W?6SXlz9wPRpeK@xdN@y)Xulx2CPZps7yB~Sxld!pphMYwdYbU<@bqi| zZK!s$^Z4;(2g+iMn{M)1(EBJ?XW=sx40}=#wX+A>^?$% z=1A0Gw@S-~!>}>d`*Ts9ox>xgvt1!>giLpQr_{lqIkK zP^)g5=s&EVluuyM%&flL#;_Ds-qF(1QUw`5K)i8us~Vp`1He#U1lTtL z{{Mj(X6yv4nnqxUuKZB8^nt1kh&sAoo@`sOhY{^H_=8(&VQI->SpWI%@*s&F>T-wa z<^hknx&N5+FI$LBuZot2M%sOYg?V5rH=pIt@c0tIip-8#ta`nf@FO8-S5wVvH5Uj* zzpcu%3lwj_QSR_&U5>^0q6i1ruugfKE(`J4oJkCTJscW@`294uu=qjuc<)5b_QW7N zBz)BTvI4fy%y|;@k^XoE-J{2{&ua@kc2E6}QJHU?mt&u*Jts`W^`9mcbFs0N&L0U( z=hOzfmw9H$Z+%6}Z}^E@oa+SJ%hIbq^%f3IsoZn`kjwSv4O_QPSIoy~5z!ij_TRq) zx7tI~BHy`t_OyxADPVbdE}Lt$)n)QzGkA`aHQye2KP_jfy~X*5Y2v-&=JVT(sW*SW z^CuE(+g%f4YS=Cy_ASJyVLO=fmnH#)tb zry~w}e)1Lq{V~m|kxWt2izh7K>n<>Ok)ulbS8D&(1=kqRSmL3|t^jbOd-PfHM;h*E zbl!b6lMOxF01F%`uN76D`qWRov(oa`D&?rM3eHsLy(z`Vmi0*CVOVsB5Om^Kg%n^l z1><561||AH8Gw%$0cGTIY6nQ&!c31nKtm-meLV?;#jE2y7rX+U7O+07xqbjd-~;3? z5RWl?fhq5qR?2RH1SUjwKb=JR@-85+9vuGg`(!^W09T_IXvf}}ZU>|hAUI090<;22 zDqZ6zP&RWmIrWPtpa6~IT4(TTR6GmO@wJT$ltF133@DpG5l!9gSnc?EVM@e&RF`i zYH<`EYrNbagl?+p&&fpp@G^FDj8#HF3Z@>|F zf+lof=mkV|i2|qkN|lMW?2~~~(Z+Kfn;Z}XC3I831Dn3yY`ti(AAgiMi%0VT{QKdD z8^Hfi;69Uhc6J+LcbUPelr37cBZIF0u&b)8DZP#*H(BVhNkr*PWOu|XTrO0; z^|(u`x-zM%{u8}vne+v`%9!I`eYFYacEws(=6 zLkKuOPuq{;qwwy3XGA+Znz@lG!d7zf?#h1=My^z{_hAs|R9kj$JLQHYzunj-ooex! z72RE`d$%KX6caU@=31;Zpt|fSb*a=IBfO;hXz)t{bCcNoXPa(pzr46{xro=2D3z=^ z(v!XqxwQZC(P&6B8>Mfq7P6Qfz^qRz)?sk`8~_{)VF^Z|*~b zVNnzUGY2eTEQWL@S)Xn;Rug6{o1mbc01s6pL^c!V-{?dP zeJ~IHR_(mqvrLS{#eb9Dwc27tleq7-HdxO=LEypWPA^c+un|-+0_)_>c9u@kFU|bH ztjBYPe2(Ed&XsBP~X49G#p@pGq0QuGN_v6W&hnuolj-;YO{%PswIP_X6Rx6O992 z>R*ETBdF6lI3rp|Uh$gBbZLd>&W8(v*f!iQ_N5lX$<#QrzYGd7JwAEc>HoH8H*RJu zCm`jw-LWo7upg*}4B(>pWiE_F7`j*)hl~RGOs0Mar}wS1m5{dd`S@p`j)=DvU|DQ( ztt+*MgOhnE7%*_^R`9XdlcO9Lpmwlv=M zt#2B)6`;y{+|0~ytRjUXV0=T{GI0$}@ho`1a(|%i{eM?Kq}8$y&6xQ)u**7CluO{@;Nrk@o$Q)YyAMsXP`Rw9)9JK6MT4k$?mP5`{H zZlZf}TJ9C94ly?$aOm1usQIWPxCHcE&(JCv?L8QCod8?98GrNX7YQ0rGkq1i2Y^Gb zH#P3Gy!0Cse$etYh>40ZKBQzoo+Xk*JU|xlX&P-Ci~-NAUpJ1=(VV$0H__c^vUMEp zd~}NB8MCu4JQ3eVopLlFJETMLJIF{*E*iC4sK+UmtunvoM%N^2rX@J9a_kJ9Flh1k z5`sw{uO|HK#arrqCJj zvXj01qxVkY(UE9_K)DX2BOoLUDM8Mt@_F#^4sU13^3s&M7g+Yv8sP|-um!jmnS8=z zdGQu^$2&D8C0tTOL}LpJdS#j>23#7zP>u!Wki62yvk_%uQ&CnY%3tq`O1ecEVgu)) z1m!rG2>u9i)d0*bhhbZgG)y(Fv!N3Cqb6>f~K@|uwH zB$AWYOOE)Wb+$G&`o@goVcL!o_ABmHkTj)Q%OziKW}sD5d>TmfW!5{pZ4G#%qyOEA zp#<`<^fGba@yv6Xbf%B`-GEqI`a>NdE(R&%b$C9mpjqV!G-I%h)=4ET>Op(J_0cwv zmXrkA03WbAQ*~3{q|b*EYT3GSUK27kD^Mi+fcITUt<(tUIB8W7U2=U4-v-WEk+xJ` ztNH8|7oNX=mh9|Qa83hfHJ%`HkLhEwrn)-JBJ~R)R_%v)5;RbpEgPCgZO7S+8s9FF z&K7Gi2+Y3jnbNH4xcxN#0|66YdrOWwaJv0wTcRi3FN3u>PuaG0JFyc;cLxatJdQh% z8~{KU7F-_J5iJ?ypcFBB%S2qmWhhtAIy<7z?>E7@A0NgHWYc`bFo*&<$S66cK0lG^ zv-Ut=-((`jR6x}r1_GZ?4H9zGza7?lQzmIBB`y@(7{|bAT3HdjTBx>P7L&$H#x9ag zRHKyx+P=(EX7J70-_W|CSYp=_Kbi!b7pLGu94~MG#KpzY1yyW}=mc_W)9`(ldx&2Y zPOJ#GV;zFJzR?*#)>Wyz15Iah>Ug#5VqGj%?mrcmD%mSsCds@NPo}P!V6qL#{gbyO zA>W87kbrt_rC4SYQ+n)BD+-nfOhu=ak0IVG)=o{mEf(47HDX_JT+VSP5%RuLeN0Vg zo5{H~ev5wQ==q;#s>s#Zg-T+|UI=t*uGnq+-OiUG~V-hVm=9`lYJ@Ru%!@+}do3 zOzfu{e-!leHlvB=gF>E|zLM7~Nis8DmI?WVNs?%;3aoT)IoX>Eg=*DgPQDnH16vn| z9skbQo^rQic?f@AB&G6LN85@;pOgXR$E~EhcZr&7JQFrP^V>gkIm6y1h7DEh?3@$` zQp*X$GX)jicP_;H=*!=ybp2R#g^)OPop*P4PgTo7ecE#M*g6iVB3kx55^dtvXyvW0 zGSr44`ie`TsYCwutnPsS5TKM1n^Xuiv@7*D0dE$F_AFLei^j?g>hzm=D`aZFa<;LD zt5^90q(v9;Spx)p)&R{U0$xGU*_<5kG|M-kMdd#LP`$tB4vGPM#rb$@Ru+e+RL*<0 zmmhlb-Rf8@kyt4km75yx4x4~>5GZ^`Qoa{M&K5x-VHG!jr8RLNLG{;Y#?NSykvS?R zaaUu=AJ`r~A#=1y0vY7FHM+5Z31?NR#R?F*VBV(!eL7ff{*(<0t|(T8zG38LOo8e) zI$K|fLjLaGkqU(?Rk_=cgUu^e*Tu8FSj`8tSxWBBX;^{q^A@;|hTk{xM&!Ff9{D(w zmuXFW_gOzj*9xlvd+uhr@l%+>%`yi^;%=k`EsRXuVnS3_3!{$D7uD;G$QUV<`zz~J zOF}ZyFOqO=F)P1YI;B7Oq*Uovjg{ZNRCKxV8Dh&F9=IN;`t99)ySw4u6lDmT$70_e<`V86yzWyYG4&l`OmgM8&(v z>?guLB)M?|F(U-vi_(vC=sllUecI?OQ-G+8L0&K|8LQHIB=f zG5tIS7_@JV@J{c6qI}B`5MjdDRZjb40Uc8@b!x$qN}@Op8f&Bi!5&~=U>z&L;TIHy zjsgyRN*ZF$eO@NW0@cWxT(@qXMuv4=)$x8goV4mu-^W?Y@d;BAf1vPrt zmt&0=3aNfG*6Mw?p+z#4NFAnt;+^_CYKHK8c0r228!W4ejsXZ7^WKu<{>-3_wh5YClc)i}hl4@HkT@~3eA}^vKyrG^ z%Z$2_`?IMp%S=4w+dnqzP3WDLmS$&=vSER6Z~d@XJeWgUo0KNWR#8!L!X{pTxn@Z| z>+l<_ETS{tswBeX>`ER$vO3D!9_LmI?3+)5;kA~?1Lt%r+)m7fbeY>vH-|RYspQzt zgiW2?7UALr?!j2>pzthNpj`tNq+v@_SayS2^v&Z1r!l@yb8m0H!PvK4B%%Vr-F$^W z>=90|Br2S`Sgs!+g>!lDN1~lS6xDs49X? z=~Gepe3m&mB5eYc`hO`TZe&CM@3X#NkSTWg_k(|Qq3}@kVVc~k0vHxz*oV~1-|A$G zvr_)zASx^PWl&f40|Rr(B#1?)jFy1`OxOb0u|E_t?@m!zpsfCWHR*G!eomL(SQ)Z( zP>~u;LF9v@XuhHGXfP+dpUe;=ZfAo3cB@iHCdMXrdS+sKN}@w1D|T;6REWI>cT!II zYZfa^!J3bKkv;KLZSAvpk?hxEQC2VUOW8Tefvr>{xey^?Q9?aO0zD4T9&2OiiALyA4 ztkH;S%p;KyO$50=ueAGFH_}8m>^uvLea#8|aOsqGv`pgvp%3l4grU5oSKwU42p~b* zpNT4k`2m!Ly6hTUA+u}};~wO~F3#VOyK}#p9#Eh+1Leh{U~_i!``uU-<9i`r)XKA% zgoK13YBeKDA+xRF6yvLnFbK;h5yFNVy{ZmgK=UUytZTRKOCz%z$ z1jyMOuNfP(xj=rTfBNGVfHO!qiRZ=iO*jozw0;eLAHuQ(aS_iGdowhV`&rx9n{@z1{f zuwk1*FM$fpe?%Aoom_|)d%}u)(iqPWtPdBQiTcCnB*pNPby%3f1Vu15Y|2p-qGYWS zdd7b=!&7j!yKcYU1FW?~K=zM1XCQD;y+Kb3!J-Uyr|SE{!Op!~31DSRS8JfHU8G9L z%8KfodWh?C{M-;ykBv4^kjdc~!c8XZVryph>g!p9)Akf5@@>*&#lYuw!5|w;us;Yj zuk-^Pi7re8XPZs|lx^<+I(LOkOVr>7Z>5)Kih2q`WEf&ovCpsn^hJ;|$nRfXy!gg$ zYQ_xps&n?0D+aoCt${5X(V~_r&kT=?uQX;>#Plb(R^Fy(;l{juh)Iv40kcR2~3jx1e#3VlBcfVL02c%RhmFx$J~Cluy1}+|7Z{utv&mi0@0g={!fKmp9%0+5D)s ze=8)}hPaRVeiewY=~hs2aH!2ll9EZA`XzEE-lZ}@;_uZiN8#&BnCI^nFIqg7uZ*Wl z%lEWfhFGQXz6~;FE2B_hexstoz<7n}hZ;siLIVF*CfZ%o!b$>u?%g+TTI^s2bSDKO zX(aeq2|sKqT6C1Nn|I3ycf#qrht)?TBQ3{I__CXs)ngR1OP;@+E{)Ti6&{+@-QyyD zOFB^e0g&*4X65&2BRY9mSwV=J@(ftE2nlaKIe|fD_~UhWc(`Em5@h}0W|Y)eSJF`z zRjP3i+}j`lHqG@-lVijM2n}>4r4AS`EuPZvr>B1+B}Na>^A9N;)=nPQA)7BzqkA^; z{Qeg0C3e<{o;3awuXtCaS^F0tXSjo6J17-D&+n|giRfBAJ=-4J=A>)n)NCkZVa&HN z%H2@ruerwtKHDodqlD9c!p5EYIZ_CLA<{uhg$*3#aAp}#z`*+IM&Vns?VwiS=?JbNS0!Cav-^9 z*6uk0Hx3_T*NO4M7fJ(uh;}U+$EZ z(01Jduh+LU_hLV(qsaiXDind7Q~CE_zYP?Kd|{4K?cjy}{ip;w%0m_gY;@sfp6BRv zU-wO|75p;&()=ID>#zD_q-Yb5D_?$PxjzDmCzgKx$;0=cQsiTs?m_F~2<-5-b6Uff zJNELib97}!*3(MY;Qg7W(3{yxv-38i_f@d&lGaB@6o2b+c;h05A;vqpA2$fPH0)fI z8{34Oe|mfF;*@=myEijL%ZnE3>E*lJ*lyErC1zx79GIqHj8kbkdilNAC3EDU6{FJC z3Uyd%1-OGvUyI45ugE>k-)!dQWVZc@*)4249E9X%0SoGCPf9mH8N7onyF0jCGM8%Z z7)atdOpMb{oet*sd|qBvckjJMLInc&-CGj z{Y?ktrA6+|8xseI%Gd0Z*+@c`U9j6^nn4wDi90)114cg0ijyCnC_I7YDv`}`y%*!M z<%8Ih(OHR$S%Qy*GQUG-Ks61V`+W?2U4+l>1l{2xxXjhgPpZ>B(qHB0ATL#=fK~cq zisI0#q6_B`TjXJ-V*Oc0!8jE*ab>_3?#uvGT`_#iyXkhFo*0}jgdWIx9W1T?TAoGL z|8oOv7L`UI>*aM6cjZ}~;jGI1*b)mB-X>lPMESILrciTMMc zrLPVYuLs?pJj2@s?3YagPo8|54{bYMbjkiv=3fifz8V#)7Dg2PCl%9bRJK@eWWG}% z?iM9hx1jE_-cfG<_V8))$Rs4H&GbuT+Wb_gE8)?)yoEg%#dYbTI8WyUB-ed#HKFQ- zt;tlWPLzP!ZW7Aw4RAN>U9Hy`B)*vpdh!Q5Y|0mYO%l)Zoz;_DAu-oO|AZ_%752sOfEnA!O@-b$QUq3YHZa{#kgn!f5`IgbXv z5W{Zg$xew*`RG3#FbP@Rn0J3VnuLQ?eOhi^9M!l7%Pf?# zpgNrT1+`g~wU2U!O>UfiohAfg(n!U3$Kl*0YPIb}kep&oFsncY) zJnh`>m{>6`g8VygR)va}QZ8*P)N5_IdHExw&tMt^cHnev#FdO1Dp_~5Kw4RxY|k-Q zYQm%V!M*xq{`Kb}#d)lZ*5P2%2Q@6QyDwFXByI0gZQqu5Rva{ZJ}SO{r7@A)pd%jf zz(8#1>-#77G4F>#{6?IY zo&6qgs6VH{UNKuSo(r(#dpxMQR~1Y`{Et_{I>`|paVnE+Fu5>bA71syc6S0~He?f! zZ0UyKewo;N!sWs`)asWTw^*s>u@tIh5zHk84A5UT zXgPq+)Q1YAO~SJJ0~g&R+lim-xOi3lMd+k8P$klYC6;T6YQ2b{5KYCyZHaPN1FD|Q zW0h21Xq`Q!Wgx0lN0IE0++4sQzApwsUUxh>#vinTfPrV%DnR!n6kw6H5sE4}la;6< zr=;Zgk&h?vX>O|V%SU&tr&QnA>_0oaN)^lse8BEakN~*oN&wS{43)k_=(i zgdk^~!RDo&MkAalkH&!KCpKP%pIhIz5f*GQUKZm}d^8D30)3!w4CAhM`1oK!@ z=x0E^{%D40+FRp%7d0!eKAzi~Fve?L71?JPsy83emC~yCe4_GF;6X((TwB?Og2p`! zU%IET>MS)KC$T-T2q3Oh~Y84OulTRUGJ@Y-2usIDI>foprr zN2F638y)BUf-P1R;SLb$BBT2KJW<4%53~%0;y%9tzYWPfu~T|hHGns&tVGdTDMhpb z0jM|29~!BaEFgw9V0h{V%=Gy$GGgKzplAti!jx6t*|kwBmSST{v&BTdlcE+6NKPig zlrZYDi=JJ$YL!T_edSYyIzUmZS6xuA2|$Cv1OSxvK_-Evyk=ZcYwz74eVQphZAxD4 z%d91ZVYmH!&e3UPKR8IB^3vz#p6-J@A5vDniL-$M-4>47W>==O`x>2sqlwbB^YZ)b z2$M2Fv%2wtgt#aBmpqh{DgN<)-b}iLjS1PIy=Gd~ZIC2A*L$eDnsrG{Fx#E*1+%J0 z>DR}HqgDsV6_lI+8xp5-=JUtvgJkLw>iU@Or#9%tyv9ckFL}rE->JuNsE?LPNd8qU>8BmBUjElQ>3vDxUQ|~s6@n0;N`L! zy%14wcIMSnvwP4W6LC|wH`59Z;wrPK0*q|JV3BxAWP!zF{Vtf5AYHJE2<6$?&-A%e zsi^{bqw7)YhdxXvH%&Ks<>YL8oC)nEuQL@J`H>S_D&|?BXw$_p>%U9^0U-od3{L?- zy;fbwCrV2Sw&!XCQj3r(TC0)>)x~>2{1Q&fzGHaU$d5&(C%vLE?(5(2roVRf*exk6 zWy(jbdHaJtO}~_D?bo&COjzN}_r0Ch!h8ytRGM(x~#3`FjthikTu* zQ#I=}`Jt}`V?~>w(aYM*&7Tq5@da;s{$XYs#CTZDSBCeUmEAb=D9m6(;VP{y6_;Dx zrcF4KELeikrNh$kd=z~NN5N|kTX&D$nHS4mCUv8V3iop=K0d60_Vgs;Da%@j&g3Te zY8s0Vy2_(dws`zYNRy9ZxZ!>>lZSNTtZ0=iJ;=D;k!H6)Nc+z509`w13N763A=SaZ z^X?om*WFwEw6pM!|JFGO(gCpUB^YnH!#tv?5gvgX&cVSUPgMVqlv_eJ`xxk>@r-@u zsZ#XQQFlqXEeP|as)24X?Zbx;b@t1nGha#a;-B}7_@}%)+B%O`@+5X6B}K(&0N<-u z=@qGmn;^k7r#1=Q+qWC*qWCp%A%z|@b>GI;4Hfy6-n^l47XyH5yWO*Rdj@%!o zFd6uE9Om!tLmH{0qFLVk%towPcp^Py{LkbfzNiE{1U&|y+E#GxAQx$6Rbq?r69|eD zJF%{UJ^s_h!oD|MYPoy%($9}Zm4utp6SchyUKwQQAR}`^+i6r)RWW^!l11Ddt+x?G zn34O`LAzx$}b%Q>*oU8a)Vn}s!dVS3 zaqK^U2m=EPOHb+sY54Ll@wG2m)?bPD*5f~VDonc~$vsz`=YSF)OaXBj10Y$d;{cig z^Oc+vWE4?Rf!`8E1(?ZyU@3<{Xy-oyNVaj9iwvfp2D2PgC<`E=U3OcK0Q?s+z*KN> z{`MeJAb?c~Mnb}G0FgrSJOux8Z~9HT52i#m_&c~M6F&vZjILgb!%)z_%gfYjIRDIS&AkXrBLqJx9^Xf=sHD8Syom^SPT*|g zo!;;~YSEb^MzLot<>E!)<8{Js{b^7a`R`fm{QSd4M$!ZtLTUj9_xlX@@;!_@JW7yU zNEw_&^e)hZxZdwh7AD!z`gL#;VgHYx&<;WK21=oZ2(XpNZ5dcwGBkI9Pl1d2pHJcE z1VmpO8ymnNV6dd3re+U*6@UbRp)Ee{^EX-n0apM_fU`Xq^JdL(IJ#4?lnC)ffH@zc z%p5+l6eT=dvaM+cFqr`3J%~60qCSPcfv~i%;Z;&%s9#4M8bWrMVc^L$@rn%+*bMlu z6}Pvyfx#|VGYgyx#X{|{9_MhUcUFW`;Eq4T#Ia5J4G_Rfm5_8PyrzVEe!k(*l=*qUmjfzRz|I2VP`*V)fkdGP5Lsfs z*tm&(4JZV_Zt&(z(wt|Pehmu`2YfHEnlQ!2dhUUO02GZTfX^=MuKd8MJYg^!PqloZ_bU+_;GSwCnoDMS=LC1qqBU=L?O zWgOqeaCl1GzW*Ft4y3bM_Xf4Lp%D@J8^GCwSG5=QR^83x7`QdTA&f>*%Lqud22bv* z<|lfCV@p)<0=VUNU<_q^BOggt*<8xG`&kv_cgeHKs-+xh>co})?{gr~pu3HY4O8RHi6yoLo-%)3 zW0+%{e??$#B0zoLmKj2G!6HloOsBcjw4rt&tK?Y@N4?uox8%VhATZ1A*uq$lm-qX* zQ3s)}L3K>LrybEXJi~G-e}i8EN(JFv5G02HZo*98b99#`^Dy-V z$}hu)SlW=Tu@s&@%VMTF-s-wf^E2vUmYMDrU{=^VMnp;B`$&NQb#}nBIjyOmoB`r2=P(BI$c)8&_f@^lY! zB|EV-eI~~H+`)AQ51+d2S}}OiQ19X`LY@`UCjKDtt3pI{@Gw8jKro*2(0n?}dQyf3T9=cxHM0>Pn3yE^8$IP;>RW|ybh6)5Y2R!u=%wIv^ta!y z1Y)6o(FM|rYB?J!btS@e7wlS@s{Y3vW>gXmWGw}HMZ2D1g^8u#)>;GZBPx9wm; zxXnoj{s$Q2&@5izIDK`Bpi-7&&r$JlC8I((%8e4kHlWeD2b@t3PZqX_|-;VE9= zqh-Btc(hjS#5FIbLfHqognhy#L?pAEnLI!(eKb`Zhy0S5SaD+12Fp70*_&eGYF>rl zR1htra(%HjRc<1VGm%}?l@go=fq|MBA1{*|*Y{Bcq#NoMmGkna zT5=6h>?vUyMYzGne69<%ISevn+Tdv{aPVaq&}(+%ics}>0CP#T<=ED0>LZAvOQuF4=mG1)MD{qC zErDw78!Z5wJB!0%C&vmwZR$(OBZdHp8E>`K(v?4e0anN+l8e<}fI1t}42&~<>lrGT zyVx2j!jGWQU862?>xh~E1UZe)Nd;^n3OiUz=0IlSWZj`i?PXt zoU@yF&-Iq@6$rHSaLIP2O9=`6EwTW+aMt<4xPf*Fdrurk$wFHJC&C(#MmTyudN=(u zs201@vq1ZwU?X9(E+Y&lwQhgb_TC7YD^q5^+*@qA0-T}}4^53QMgkKP6M$e&^e%yy zF03THfS z6zANFQKosIr(+^#=;E(IM3*$?Vyf+FZkQJ|;g0I%@ajk4^7VQ~^WL(zDkLZy)dTxx zD%qf>WJU|{W#vS(x?asNRJWYxwni$+xIZZl*TC z?kgnI`TA!N(0A}hIdU`~2MFS8c3sOx3=>jj^_W%R1F!zpXQjMEEt*++${()5p!gUWJph|95+qpT>|6ZxE?Q0j)Hk##v8 z4J&T!ndZmae-uY(Y9T=*-;h& z6z}7WPhPGcfZ==N?OTE9-XRBe08scEDFA%ox1PYCW+#HQ<8!b!^=|+^(JW;R>@$Mx zz_VcQqdoy~nlEInWN9jxLJAb|Y5@TZ6i0{nDY1<`g>Q9RpTiQF+s?s`Q}-yuF-MIN z0;fyQFr%!LYTJ>;M62=AN28QiPA?J>6`ZQc`;%+4!mCpXF7n8W<>FCimgj*wn%vK#e(0P81dMB=Izv6 z?rQ5v`qqo9wx>n1LRx>##{JL9nfuYaP{UnjR29Td!aa3NqosC}r(2zTw9=I4FvWYO2n(SuwoE0~q$ei4NlL|v4REo@l7Fg(ya%?V3pW9keoO5p4p}gd zR5v%d9O$bGfjmIN;gONe@I=ZA-o=lNK2r*}zRwY%irA@y8RaAtW$&tGX&e33R>| z2|J6P^t_vZp#Aq*$l&@Ays2f!K<=HM*qf_cVtK<9LXva@)I*boLef|X@zOy!W4