From 4f039609bdba62bdc4e48390f07d3c47afaca6a1 Mon Sep 17 00:00:00 2001 From: valtmanir Date: Thu, 8 Jan 2015 02:20:38 +0200 Subject: [PATCH] Added a simple Django-based administration web site and Cloudefigo's Web API. In addition. performed refactoring to make the code cleaner. --- .idea/.name | 2 +- .idea/{SecureCloudInit.iml => Cloudefigo.iml} | 0 .idea/modules.xml | 5 +- AWS/EC2.py | 119 ------------------ AWS/IAM.py | 48 ------- Chef/ConfigurationManagement.py | 12 +- CloudServices/Admin/CloudTrail.py | 67 ++++++++++ CloudServices/Admin/IdentityManagement.py | 38 ++++++ CloudServices/Admin/Instances.py | 82 ++++++++++++ .../Admin/RuntimeConfig}/CloudConfig.config | 5 +- .../RuntimeConfig}/IAMBasicPolicy.config | 0 CloudServices/Admin/Storage.py | 68 ++++++++++ {AWS => CloudServices/Admin}/__init__.py | 0 CloudServices/Common/AppConfigMgr.py | 40 ++++++ .../Common}/Exceptions.py | 3 +- CloudServices/Common/Init.config | 28 +++++ {Common => CloudServices/Common}/Logger.py | 1 + {Common => CloudServices/Common}/__init__.py | 0 .../IaaS}/EnvironmentVarialbes.py | 42 ++++++- CloudServices/IaaS/IdentityManagement.py | 33 +++++ CloudServices/IaaS/Instances.py | 71 +++++++++++ .../IaaS/RuntimeConfig}/BucketPolicy.config | 0 .../RuntimeConfig}/IAMStrictPolicy.config | 0 AWS/S3.py => CloudServices/IaaS/Storage.py | 46 ++++--- CloudServices/IaaS/__init__.py | 1 + CloudServices/Test.py | 6 + CloudServices/__init__.py | 1 + Cloudefigo/__init__.py | 0 Cloudefigo/settings.py | 87 +++++++++++++ Cloudefigo/urls.py | 11 ++ Cloudefigo/wsgi.py | 14 +++ Common/AppConfigMgr.py | 32 ----- Init.py | 12 +- Manage-cmd.py | 30 +++++ Manage.py | 34 ++--- Manager/__init__.py | 0 Manager/admin.py | 12 ++ Manager/migrations/0001_initial.py | 32 +++++ Manager/migrations/__init__.py | 0 Manager/models.py | 43 +++++++ Manager/tests.py | 3 + Manager/urls.py | 10 ++ Manager/views.py | 52 ++++++++ Prepare.py | 10 +- db.sqlite3 | Bin 0 -> 8744960 bytes templates/admin/base.html | 82 ++++++++++++ templates/admin/base_site.html | 9 ++ 47 files changed, 919 insertions(+), 272 deletions(-) rename .idea/{SecureCloudInit.iml => Cloudefigo.iml} (100%) delete mode 100644 AWS/EC2.py delete mode 100644 AWS/IAM.py create mode 100644 CloudServices/Admin/CloudTrail.py create mode 100644 CloudServices/Admin/IdentityManagement.py create mode 100644 CloudServices/Admin/Instances.py rename {AWS => CloudServices/Admin/RuntimeConfig}/CloudConfig.config (92%) rename {AWS => CloudServices/Admin/RuntimeConfig}/IAMBasicPolicy.config (100%) create mode 100644 CloudServices/Admin/Storage.py rename {AWS => CloudServices/Admin}/__init__.py (100%) create mode 100644 CloudServices/Common/AppConfigMgr.py rename {Common => CloudServices/Common}/Exceptions.py (88%) create mode 100644 CloudServices/Common/Init.config rename {Common => CloudServices/Common}/Logger.py (99%) rename {Common => CloudServices/Common}/__init__.py (100%) rename {AWS => CloudServices/IaaS}/EnvironmentVarialbes.py (66%) create mode 100644 CloudServices/IaaS/IdentityManagement.py create mode 100644 CloudServices/IaaS/Instances.py rename {AWS => CloudServices/IaaS/RuntimeConfig}/BucketPolicy.config (100%) rename {AWS => CloudServices/IaaS/RuntimeConfig}/IAMStrictPolicy.config (100%) rename AWS/S3.py => CloudServices/IaaS/Storage.py (60%) create mode 100644 CloudServices/IaaS/__init__.py create mode 100644 CloudServices/Test.py create mode 100644 CloudServices/__init__.py create mode 100644 Cloudefigo/__init__.py create mode 100644 Cloudefigo/settings.py create mode 100644 Cloudefigo/urls.py create mode 100644 Cloudefigo/wsgi.py delete mode 100644 Common/AppConfigMgr.py create mode 100644 Manage-cmd.py mode change 100644 => 100755 Manage.py create mode 100644 Manager/__init__.py create mode 100644 Manager/admin.py create mode 100644 Manager/migrations/0001_initial.py create mode 100644 Manager/migrations/__init__.py create mode 100644 Manager/models.py create mode 100644 Manager/tests.py create mode 100644 Manager/urls.py create mode 100644 Manager/views.py create mode 100644 db.sqlite3 create mode 100755 templates/admin/base.html create mode 100755 templates/admin/base_site.html diff --git a/.idea/.name b/.idea/.name index 7491e6b..30c8dea 100644 --- a/.idea/.name +++ b/.idea/.name @@ -1 +1 @@ -SecureCloudInit \ No newline at end of file +Cloudefigo \ No newline at end of file diff --git a/.idea/SecureCloudInit.iml b/.idea/Cloudefigo.iml similarity index 100% rename from .idea/SecureCloudInit.iml rename to .idea/Cloudefigo.iml diff --git a/.idea/modules.xml b/.idea/modules.xml index 23f98ed..34885a2 100644 --- a/.idea/modules.xml +++ b/.idea/modules.xml @@ -2,8 +2,7 @@ - + - - + \ No newline at end of file diff --git a/AWS/EC2.py b/AWS/EC2.py deleted file mode 100644 index 5115d49..0000000 --- a/AWS/EC2.py +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/python - -__author__ = 'nirv' - -import boto.ec2 -import time -from Common.AppConfigMgr import ConfigMgr -from Common.Exceptions import GenericException -from AWS.EnvironmentVarialbes import EnvronmentVarialbes -from Common.Logger import Logger -from AWS.IAM import IAM - - -class EC2: - - def __init__(self, is_executed_by_cloud_init = True, region = None): - self.__cfg = ConfigMgr() - if is_executed_by_cloud_init: - credentials = EnvronmentVarialbes.get_instance_credentials().split(" ") - self.__conn = boto.ec2.EC2Connection(aws_access_key_id=credentials[0], aws_secret_access_key=credentials[1], security_token=credentials[2]) - self.__conn.region = EnvronmentVarialbes.get_current_instance_region() - self.__current_instance_name = EnvronmentVarialbes.get_current_instance_name() - else: - self.__conn = boto.ec2.connect_to_region(region) - - - # - - def create_volume(self): - inst = self.__get_instance_object_by_instance_id(self.__current_instance_name) - vol = self.__conn.create_volume(1,self.__conn.region) - time.sleep(30) - curr_vol = self.__conn.get_all_volumes([vol.id])[0] - while curr_vol.status != 'available': - time.sleep(10) - Logger.logger("info", "pending to make volume available") - self.__conn.attach_volume (vol.id, inst.id, "/dev/sdf") - Logger.log("info", "The volume {} attached to this instance".format(vol.id)) - - def move_current_instance_to_production_group(self): - production_group_id = self.__cfg.getParameter("AWS", "ProductionSecurityGroupId") - instance = self.__get_instance_object_by_instance_id(self.__current_instance_name) - self.__conn.modify_instance_attribute(self.__current_instance_name, - "groupSet", [production_group_id]) - Logger.log("info", "This instance moved to the production subnet {}".format(production_group_id)) - - def post_validation_action(self): - iam = IAM(True) - current_role_name = EnvronmentVarialbes.get_current_instance_profile() - iam.strict_dynamic_role(current_role_name) - Logger.log("info", "Changed the IAM role to be more strict") - - # - - # - - def create_secure_instance(self, ami_id, instance_type, instance_name): - script_path = self.__cfg.getParameter("AWS", "CloudInitScriptPath") - production_security_group_id = self.__cfg.getParameter("AWS", "RemediationSecurityGroupId") - production_subnet_id = self.__cfg.getParameter("AWS", "ProductionSubnetId") - key_name = self.__cfg.getParameter("AWS", "EC2KeyName") - with open(script_path, "r") as script_file: - cloud_init_script = script_file.read() - iam_role = IAM(False) - instance_profile = iam_role.create_dynamic_role() - new_reservation = self.__try_create_instance(ami_id, key_name, instance_profile, instance_type, - production_subnet_id, production_security_group_id, - cloud_init_script) - instance = new_reservation.instances[0] - self.__conn.create_tags([instance.id], {"Name": instance_name}) - Logger.log("info", "An instance created with id {}".format(instance.id)) - - def get_all_running_instance_names(self): - instances_list = [] - instances = self.__conn.get_all_instances() - for instance in instances: - if instance.instances[0].state == "running": - instance_hostname = instance.instances[0].private_dns_name.split('.')[0] - instances_list.append(instance_hostname) - return instances_list - - # - - # TODO remove after testing of new method in EnvironmentVarialbes - def __get_current_instance_iam_role(self): - instance = self.__get_instance_object_by_instance_id(self.__current_instance_name) - iam_arn = instance.instance_profile['arn'] - iam_arn_list = iam_arn.split("/") - return iam_arn_list[len(iam_arn_list) - 1] - - def __get_instance_object_by_instance_id(self, instance_id): - reservations = self.__conn.get_all_instances(instance_ids=[instance_id]) - for instance in reservations[0].instances: - if instance.id == self.__current_instance_name: - return instance - return None - - def __try_create_instance(self, ami_id, key_name, profile_name, instance_type, subnet_id, - security_group_id, user_data): - try: - new_reservation = self.__conn.run_instances(ami_id, key_name=key_name, - instance_profile_name=profile_name, instance_type=instance_type, - subnet_id=subnet_id, security_group_ids=[security_group_id], - user_data=user_data) - return new_reservation - except: - Logger.log("warning", "Could not create instance first time. Waiting another few seconds before retrying") - time.sleep(30) - Logger.log("warning", "Retrying to create instance") - try: - new_reservation = self.__conn.run_instances(ami_id, key_name=key_name, - instance_profile_name=profile_name, - instance_type=instance_type, - subnet_id=subnet_id, security_group_ids=[security_group_id], - user_data=user_data) - return new_reservation - except Exception as ex: - message = "Cannot create new instance: {}".format(ex.message) - raise GenericException(message) diff --git a/AWS/IAM.py b/AWS/IAM.py deleted file mode 100644 index a78181e..0000000 --- a/AWS/IAM.py +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/python - -__author__ = 'nirv' - - -import boto -import uuid -from Common.AppConfigMgr import ConfigMgr -from AWS.EnvironmentVarialbes import EnvronmentVarialbes -from Common.Logger import Logger -from boto.iam import IAMConnection - - - -class IAM: - def __init__(self, is_initiated_by_cloud_init = True): - self.__cfg = ConfigMgr() - self.__iam_basic_policy_path = self.__cfg.getParameter("AWS", "IAMBasicPolicyPath") - self.__iam__strict_policy_path = self.__cfg.getParameter("AWS", "IAMStrictPolicyPath") - self.__prefix_name = self.__cfg.getParameter("AWS", "NamingPrefix") - if is_initiated_by_cloud_init: - credentials = EnvronmentVarialbes.get_instance_credentials().split(" ") - self.__conn = IAMConnection(aws_access_key_id=credentials[0], aws_secret_access_key=credentials[1], security_token=credentials[2]) - else: - self.__conn = boto.connect_iam() - self.__iam_policy_name = "cloud-sec-policy" - - # - - def create_dynamic_role(self): - random_id = uuid.uuid4().get_hex() - with open(self.__iam_basic_policy_path, "r") as policy_file: - iam_role_name = "{}-{}".format(self.__prefix_name, random_id) - iam_policy_document = policy_file.read().replace("BUCKETNAME", "{}*".format(self.__prefix_name)) - self.__conn.create_role(iam_role_name) - self.__conn.create_instance_profile(iam_role_name) - self.__conn.add_role_to_instance_profile(iam_role_name, iam_role_name) - self.__conn.put_role_policy(iam_role_name, self.__iam_policy_name, iam_policy_document) - Logger.log("info", "Created a dynamic role named {}".format(iam_role_name)) - return iam_role_name - - # - - def strict_dynamic_role(self, iam_role_name): - with open(self.__iam__strict_policy_path, "r") as policy_file: - bucket_unique_id = EnvronmentVarialbes.get_bucket_unique_id(self.__prefix_name) - iam_policy_document = policy_file.read().replace("BUCKETNAME", bucket_unique_id) - self.__conn.put_role_policy(iam_role_name, self.__iam_policy_name, iam_policy_document) \ No newline at end of file diff --git a/Chef/ConfigurationManagement.py b/Chef/ConfigurationManagement.py index 83fd362..9983af7 100644 --- a/Chef/ConfigurationManagement.py +++ b/Chef/ConfigurationManagement.py @@ -3,18 +3,18 @@ __author__ = 'nirv' from chef import Node, ChefAPI -from Common.AppConfigMgr import ConfigMgr -from Common.Logger import Logger -from Common.Exceptions import RemediationException +from CloudServices.Common.AppConfigMgr import ConfigMgr +from CloudServices.Common.Logger import Logger +from CloudServices.Common.Exceptions import RemediationException class ChefClient: def __init__(self): cfg = ConfigMgr() - url = cfg.getParameter("Chef","ServerURL") - key_path = cfg.getParameter("Chef","KeyFilePath") - client_name = cfg.getParameter("Chef","ValidationClientName") + url = cfg.get_parameter("Chef","ServerURL") + key_path = cfg.get_parameter("Chef","KeyFilePath") + client_name = cfg.get_parameter("Chef","ValidationClientName") self.__chef_client = ChefAPI(url,key_path,client_name) def verify_management(self): diff --git a/CloudServices/Admin/CloudTrail.py b/CloudServices/Admin/CloudTrail.py new file mode 100644 index 0000000..1c44322 --- /dev/null +++ b/CloudServices/Admin/CloudTrail.py @@ -0,0 +1,67 @@ +#!/usr/bin/python +from abc import ABCMeta, abstractmethod + +__author__ = 'nirv' + +from boto.cloudtrail import layer1 +from chef.utils import json +from CloudServices.Admin.Storage import S3StorageAdmin +from CloudServices.Common.AppConfigMgr import ConfigMgr + +class AbstractBaseAudit(): + __metaclass__ = ABCMeta + + @abstractmethod + def get_logs(self): + pass + + +class Audit(AbstractBaseAudit): + + def __init__(self): + self.__cfg = ConfigMgr() + self.__conn = layer1.CloudTrailConnection(); + self.__storage = S3StorageAdmin() + + def get_logs(self): + trails_list = self.__conn.describe_trails()["trailList"] + logs_list = [] + for trail in trails_list: + bucket_name = trail["S3BucketName"] + bucket_prefix = trail["S3KeyPrefix"] + file_contents_list = self.__storage.get_all_files(bucket_name, bucket_prefix) + for file_content in file_contents_list: + json_content = json.loads(file_content) + for event in json_content["Records"]: + log_entry = self.__get_log_entry_from_json(event) + logs_list.append(log_entry) + return logs_list + + def reset_files_extensions(self): + trails_list = self.__conn.describe_trails()["trailList"] + for trail in trails_list: + bucket_name = trail["S3BucketName"] + bucket_prefix = trail["S3KeyPrefix"] + self.__storage.reset_files_extension(bucket_name, bucket_prefix) + + @staticmethod + def __get_log_entry_from_json(event): + log_entry = {'timestamp': event["eventTime"]} + try: + log_entry['username'] = event["userIdentity"]["userName"] + except: + log_entry['username'] = "" + try: + log_entry['access_key'] = event["userIdentity"]["accessKeyId"] + except: + log_entry['access_key'] = "" + log_entry['event_name'] = event["eventName"] + log_entry['event_source'] = event["eventSource"] + log_entry['source_ip'] = event["sourceIPAddress"] + log_entry['user_agent'] = event["userAgent"] + log_entry['region'] = event["awsRegion"] + log_entry['request_parameters'] = json.dumps(event["requestParameters"]) + log_entry['response'] = json.dumps(event["responseElements"]) + return log_entry + + diff --git a/CloudServices/Admin/IdentityManagement.py b/CloudServices/Admin/IdentityManagement.py new file mode 100644 index 0000000..38e6e2d --- /dev/null +++ b/CloudServices/Admin/IdentityManagement.py @@ -0,0 +1,38 @@ +#!/usr/bin/python +from abc import abstractmethod, ABCMeta + +__author__ = 'nirv' + +import boto +import uuid +from CloudServices.Common.AppConfigMgr import ConfigMgr +from CloudServices.Common.Logger import Logger + + +class AbstractBaseIDMAdmin(): + __metaclass__ = ABCMeta + + @abstractmethod + def create_dynamic_role(self): + pass + + +class IAMAdmin(AbstractBaseIDMAdmin): + def __init__(self): + self.__cfg = ConfigMgr() + self.__iam_basic_policy_path = self.__cfg.get_parameter("Instances", "IAMBasicPolicyPath") + self.__prefix_name = self.__cfg.get_parameter("Instances", "NamingPrefix") + self.__iam_policy_name = "cloud-sec-policy" + self.__conn = boto.connect_iam() + + def create_dynamic_role(self): + random_id = uuid.uuid4().get_hex() + with open(self.__iam_basic_policy_path, "r") as policy_file: + iam_role_name = "{}-{}".format(self.__prefix_name, random_id) + iam_policy_document = policy_file.read().replace("BUCKETNAME", "{}*".format(self.__prefix_name)) + self.__conn.create_role(iam_role_name) + self.__conn.create_instance_profile(iam_role_name) + self.__conn.add_role_to_instance_profile(iam_role_name, iam_role_name) + self.__conn.put_role_policy(iam_role_name, self.__iam_policy_name, iam_policy_document) + Logger.log("info", "Created a dynamic role named {}".format(iam_role_name)) + return iam_role_name diff --git a/CloudServices/Admin/Instances.py b/CloudServices/Admin/Instances.py new file mode 100644 index 0000000..9f07f91 --- /dev/null +++ b/CloudServices/Admin/Instances.py @@ -0,0 +1,82 @@ +#!/usr/bin/python + +__author__ = 'nirv' + +import time +from abc import abstractmethod, ABCMeta + +import boto.ec2 + +from CloudServices.Common.AppConfigMgr import ConfigMgr +from CloudServices.Common.Exceptions import GenericException +from CloudServices.Admin.IdentityManagement import IAMAdmin +from CloudServices.Common.Logger import Logger + + +class AbstractBaseInstanceAdmin(): + __metaclass__ = ABCMeta + + @abstractmethod + def create_secure_instance(self, image_id, instance_type, instance_name): + pass + + @abstractmethod + def get_all_running_instance_names(self): + pass + + +class EC2InstanceAdmin(AbstractBaseInstanceAdmin): + + def __init__(self, region = None): + self.__cfg = ConfigMgr() + self.__conn = boto.ec2.connect_to_region(region) + + def create_secure_instance(self, image_id, instance_type, instance_name): + script_path = self.__cfg.get_parameter("Instances", "CloudInitScriptPath") + production_security_group_id = self.__cfg.get_parameter("Instances", "RemediationSecurityGroupId") + production_subnet_id = self.__cfg.get_parameter("Instances", "ProductionSubnetId") + key_name = self.__cfg.get_parameter("Instances", "EC2KeyName") + with open(script_path, "r") as script_file: + cloud_init_script = script_file.read() + iam_role = IAMAdmin() + instance_profile = iam_role.create_dynamic_role() + new_reservation = self.__try_create_instance(image_id, key_name, instance_profile, instance_type, + production_subnet_id, production_security_group_id, + cloud_init_script) + instance = new_reservation.instances[0] + self.__conn.create_tags([instance.id], {"Name": instance_name}) + message = "An instance created with id {}".format(instance.id) + Logger.log("info", message) + return message + + def get_all_running_instance_names(self): + instances_list = [] + instances = self.__conn.get_all_instances() + for instance in instances: + if instance.instances[0].state == "running": + instance_hostname = instance.instances[0].private_dns_name.split('.')[0] + instances_list.append(instance_hostname) + return instances_list + + def __try_create_instance(self, ami_id, key_name, profile_name, instance_type, subnet_id, + security_group_id, user_data): + try: + new_reservation = self.__conn.run_instances(ami_id, key_name=key_name, + instance_profile_name=profile_name, instance_type=instance_type, + subnet_id=subnet_id, security_group_ids=[security_group_id], + user_data=user_data) + return new_reservation + except: + Logger.log("warning", "Could not create instance first time. Waiting another few seconds before retrying") + time.sleep(30) + Logger.log("warning", "Retrying to create instance") + try: + new_reservation = self.__conn.run_instances(ami_id, key_name=key_name, + instance_profile_name=profile_name, + instance_type=instance_type, + subnet_id=subnet_id, security_group_ids=[security_group_id], + user_data=user_data) + return new_reservation + except Exception as ex: + message = "Cannot create new instance: {}".format(ex.message) + raise GenericException(message) diff --git a/AWS/CloudConfig.config b/CloudServices/Admin/RuntimeConfig/CloudConfig.config similarity index 92% rename from AWS/CloudConfig.config rename to CloudServices/Admin/RuntimeConfig/CloudConfig.config index 38ca1ab..1f85950 100644 --- a/AWS/CloudConfig.config +++ b/CloudServices/Admin/RuntimeConfig/CloudConfig.config @@ -21,12 +21,13 @@ runcmd: - pip install StringGenerator - wget https://s3.amazonaws.com/config-cloudsec/CloudInit.tar.gz -O CloudInit.tar.gz - tar -zxvf CloudInit.tar.gz - - cd /SecureCloudInit + - cd /Cloudefigo - python Prepare.py generate - wget https://www.opscode.com/chef/install.sh -O install.sh - bash install.sh - mkdir /etc/chef - - wget https://s3.amazonaws.com/config-cloudsec/validation.pem -O /etc/chef/validation.pem + - wget https://s3.amazonaws.com/config-cloudsec/validation.pem -O validation.pem + - cp validation.pem /etc/chef/validation.pem - wget https://s3.amazonaws.com/config-cloudsec/client.rb -O /etc/chef/client.rb - chef-client -r encryption - python Init.py diff --git a/AWS/IAMBasicPolicy.config b/CloudServices/Admin/RuntimeConfig/IAMBasicPolicy.config similarity index 100% rename from AWS/IAMBasicPolicy.config rename to CloudServices/Admin/RuntimeConfig/IAMBasicPolicy.config diff --git a/CloudServices/Admin/Storage.py b/CloudServices/Admin/Storage.py new file mode 100644 index 0000000..3e81668 --- /dev/null +++ b/CloudServices/Admin/Storage.py @@ -0,0 +1,68 @@ +#!/usr/bin/python + +__author__ = 'nirv' + +import gzip +import os +from abc import abstractmethod, ABCMeta + +import boto.s3 +import boto.s3.bucket +from boto.s3.connection import S3Connection + +from CloudServices.Common.Logger import Logger + + +class AbstractBaseStorageAdmin(): + __metaclass__ = ABCMeta + + @abstractmethod + def get_all_files(self, storage_name, prefix): + pass + + @abstractmethod + def reset_files_extension(self, storage_name, prefix): + pass + + +class S3StorageAdmin(AbstractBaseStorageAdmin): + + def __init__(self, region = "us-east-1"): + self.__s3 = boto.s3.connect_to_region(region) + + def get_all_files(self, storage_name, prefix): + bucket = self.__s3.get_bucket(storage_name) + return self.__get_file_contents_list_from_bucket(bucket, prefix, storage_name) + + def reset_files_extension(self, storage_name, prefix): + bucket = self.__s3.get_bucket(storage_name) + for key in bucket.list(prefix=prefix): + if key.name.endswith('-done'): + new_key_name = key.name.replace('-done','') + bucket.copy_key(new_key_name=new_key_name, src_bucket_name=storage_name, src_key_name=key.name) + bucket.delete_key(key.name) + + @staticmethod + def __get_file_contents_list_from_bucket(bucket, prefix, bucket_name): + json_files_list = [] + for key in bucket.list(prefix=prefix): + if key.name.endswith('/') or key.name.endswith('-done'): + continue + try: + new_key_name = "{}-done".format(key.name) + bucket.copy_key(new_key_name=new_key_name, src_bucket_name=bucket_name, src_key_name=key.name) + bucket.delete_key(key.name) + new_key = bucket.get_key(new_key_name) + new_key.get_contents_to_filename(filename="tmp.json.gz") + f = gzip.open('tmp.json.gz', 'rb') + json_files_list.append(f.read()) + f.close() + except Exception as ex: + Logger.log("warning", "{} FAILED: {}".format(key.name, ex.message)) + return json_files_list + + def __del__(self): + try: + os.remove("tmp.json.gz") + except: + pass \ No newline at end of file diff --git a/AWS/__init__.py b/CloudServices/Admin/__init__.py similarity index 100% rename from AWS/__init__.py rename to CloudServices/Admin/__init__.py diff --git a/CloudServices/Common/AppConfigMgr.py b/CloudServices/Common/AppConfigMgr.py new file mode 100644 index 0000000..86a7e2b --- /dev/null +++ b/CloudServices/Common/AppConfigMgr.py @@ -0,0 +1,40 @@ +#!/usr/bin/python +import os + +from CloudServices.Common.Logger import Logger + +__author__ = 'nirv' + +import sys, os +from CloudServices.Common.Exceptions import GenericException + + +class ConfigMgr: + + def __init__(self,): + path = self.__get_path() + import xml.etree.ElementTree as ET + try: + self.cfg_tree = ET.parse(path) + except: + error_message = "Cannot find the configuration file {}".format(path) + Logger.log("error", error_message) + raise GenericException(error_message) + + return + + def get_parameter(self, scope, param): + if self.cfg_tree is not None: + try: + scopeNode = self.cfg_tree.find(scope) + return scopeNode.find(param).text + except: + error_message = "Cannot find the configuration for the scope {} and parameter {}".format(scope, param) + Logger.log("error", error_message) + raise GenericException(error_message) + return "" + + def __get_path(self): + config_file_name = "Init.config" + config_folder_name = os.path.dirname(sys.modules[ConfigMgr.__module__].__file__) + return config_folder_name + "/" + config_file_name diff --git a/Common/Exceptions.py b/CloudServices/Common/Exceptions.py similarity index 88% rename from Common/Exceptions.py rename to CloudServices/Common/Exceptions.py index 966c8a5..56ee8bd 100644 --- a/Common/Exceptions.py +++ b/CloudServices/Common/Exceptions.py @@ -2,7 +2,8 @@ # __author__ = 'nirv' -from Common.Logger import Logger +from CloudServices.Common.Logger import Logger + class RemediationException(Exception): diff --git a/CloudServices/Common/Init.config b/CloudServices/Common/Init.config new file mode 100644 index 0000000..853d459 --- /dev/null +++ b/CloudServices/Common/Init.config @@ -0,0 +1,28 @@ + + + + CloudServices/IaaS/RuntimeConfig/BucketPolicy.config + CloudServices/Admin/RuntimeConfig/IAMBasicPolicy.config + CloudServices/IaaS/RuntimeConfig/IAMStrictPolicy.config + CloudServices/Admin/RuntimeConfig/CloudConfig.config + cloudsec + sg-7befd21e + subnet-59e2f871 + sg-e6323583 + mykey + ebe6799346d8527955740c643faeb405a27ab195a29e5f20f326082fc5abdfb8 + + + validation.pem + cloudsecdemo-validator + https://api.opscode.com/organizations/cloudsecdemo + + + https + 54.173.5.2 + 8834 + cloudinit + yourpass + 1 + + \ No newline at end of file diff --git a/Common/Logger.py b/CloudServices/Common/Logger.py similarity index 99% rename from Common/Logger.py rename to CloudServices/Common/Logger.py index d2bb002..b66374f 100644 --- a/Common/Logger.py +++ b/CloudServices/Common/Logger.py @@ -4,6 +4,7 @@ import logging + class Logger: logger_initiated = False diff --git a/Common/__init__.py b/CloudServices/Common/__init__.py similarity index 100% rename from Common/__init__.py rename to CloudServices/Common/__init__.py diff --git a/AWS/EnvironmentVarialbes.py b/CloudServices/IaaS/EnvironmentVarialbes.py similarity index 66% rename from AWS/EnvironmentVarialbes.py rename to CloudServices/IaaS/EnvironmentVarialbes.py index f8754dc..e878566 100644 --- a/AWS/EnvironmentVarialbes.py +++ b/CloudServices/IaaS/EnvironmentVarialbes.py @@ -1,14 +1,44 @@ #!/usr/bin/python -from Common import Logger __author__ = 'nirv' import urllib2 import hashlib import json -from Common.Logger import Logger +from abc import ABCMeta, abstractmethod -class EnvronmentVarialbes: +from CloudServices.Common.Logger import Logger + + +class AbstractBaseEnvironmentVariables(): + __metaclass__ = ABCMeta + + @abstractmethod + def get_current_instance_region(self): + pass + + @abstractmethod + def get_current_instance_name(self): + pass + + @abstractmethod + def get_current_instance_mac(self): + pass + + @abstractmethod + def get_storage_unique_id(prefix): + pass + + @abstractmethod + def get_current_instance_profile(self): + pass + + @abstractmethod + def get_instance_credentials(self): + pass + + +class EnvironmentVariables(AbstractBaseEnvironmentVariables): @staticmethod def get_current_instance_region(): @@ -23,8 +53,8 @@ def get_current_instance_mac(): return urllib2.urlopen("http://169.254.169.254/latest/meta-data/mac").read() @staticmethod - def get_bucket_unique_id(prefix): - unique_string_hash = hashlib.sha1(EnvronmentVarialbes.get_current_instance_name()).hexdigest() + def get_storage_unique_id(prefix): + unique_string_hash = hashlib.sha1(EnvironmentVariables.get_current_instance_name()).hexdigest() uppercase_result = "{}-{}".format(prefix, unique_string_hash) return uppercase_result.lower() @@ -39,7 +69,7 @@ def get_current_instance_profile(): @staticmethod def get_instance_credentials(): try: - role_name = EnvronmentVarialbes.get_current_instance_profile(); + role_name = EnvironmentVariables.get_current_instance_profile(); creds_url = "http://169.254.169.254/latest/meta-data/iam/security-credentials/{}".format(role_name) response = urllib2.urlopen(creds_url).read() parsed_response = json.loads(response) diff --git a/CloudServices/IaaS/IdentityManagement.py b/CloudServices/IaaS/IdentityManagement.py new file mode 100644 index 0000000..f6a994f --- /dev/null +++ b/CloudServices/IaaS/IdentityManagement.py @@ -0,0 +1,33 @@ +#!/usr/bin/python +from abc import abstractmethod, ABCMeta + +__author__ = 'nirv' + +import boto +from CloudServices.Common.AppConfigMgr import ConfigMgr +from CloudServices.IaaS.EnvironmentVarialbes import EnvironmentVariables +from boto.iam import IAMConnection + + +class AbstractBaseIDM(): + __metaclass__ = ABCMeta + + @abstractmethod + def strict_dynamic_role(self): + pass + + +class IAM(AbstractBaseIDM): + def __init__(self): + self.__cfg = ConfigMgr() + self.__iam_strict_policy_path = self.__cfg.get_parameter("Instances", "IAMStrictPolicyPath") + self.__prefix_name = self.__cfg.get_parameter("Instances", "NamingPrefix") + credentials = EnvironmentVariables.get_instance_credentials().split(" ") + self.__conn = IAMConnection(aws_access_key_id=credentials[0], aws_secret_access_key=credentials[1], security_token=credentials[2]) + self.__iam_policy_name = "cloud-sec-policy" + + def strict_dynamic_role(self, iam_role_name): + with open(self.__iam_strict_policy_path, "r") as policy_file: + bucket_unique_id = EnvironmentVariables.get_storage_unique_id(self.__prefix_name) + iam_policy_document = policy_file.read().replace("BUCKETNAME", bucket_unique_id) + self.__conn.put_role_policy(iam_role_name, self.__iam_policy_name, iam_policy_document) \ No newline at end of file diff --git a/CloudServices/IaaS/Instances.py b/CloudServices/IaaS/Instances.py new file mode 100644 index 0000000..a196cb9 --- /dev/null +++ b/CloudServices/IaaS/Instances.py @@ -0,0 +1,71 @@ +#!/usr/bin/python + +__author__ = 'nirv' + +import time +from abc import abstractmethod, ABCMeta + +import boto.ec2 + +from CloudServices.Common.AppConfigMgr import ConfigMgr +from CloudServices.IaaS.EnvironmentVarialbes import EnvironmentVariables +from CloudServices.Common.Logger import Logger +from CloudServices.IaaS.IdentityManagement import IAM + + +class AbstractBaseInstance(): + __metaclass__ = ABCMeta + + @abstractmethod + def attach_new_storage_to_current_instance(self): + pass + + @abstractmethod + def move_current_instance_to_production_group(self): + pass + + @abstractmethod + def strict_current_instance_role_permissions(self): + pass + + +class EC2Instance(AbstractBaseInstance): + + def __init__(self): + self.__cfg = ConfigMgr() + credentials = EnvironmentVariables.get_instance_credentials().split(" ") + self.__conn = boto.ec2.EC2Connection(aws_access_key_id=credentials[0], aws_secret_access_key=credentials[1], security_token=credentials[2]) + self.__conn.region = EnvironmentVariables.get_current_instance_region() + self.__current_instance_name = EnvironmentVariables.get_current_instance_name() + + def attach_new_storage_to_current_instance(self): + inst = self.get_instance_object_by_instance_id(self.__current_instance_name) + vol = self.__conn.create_volume(1,self.__conn.region) + time.sleep(30) + curr_vol = self.__conn.get_all_volumes([vol.id])[0] + while curr_vol.status != 'available': + time.sleep(10) + Logger.logger("info", "pending to make volume available") + self.__conn.attach_volume (vol.id, inst.id, "/dev/sdf") + Logger.log("info", "The volume {} attached to this instance".format(vol.id)) + + def move_current_instance_to_production_group(self): + production_group_id = self.__cfg.get_parameter("Instances", "ProductionSecurityGroupId") + instance = self.get_instance_object_by_instance_id(self.__current_instance_name) + self.__conn.modify_instance_attribute(self.__current_instance_name, + "groupSet", [production_group_id]) + Logger.log("info", "This instance moved to the production subnet {}".format(production_group_id)) + + def strict_current_instance_role_permissions(self): + iam = IAM() + current_role_name = EnvironmentVariables.get_current_instance_profile() + iam.strict_dynamic_role(current_role_name) + Logger.log("info", "Changed the IAM role to be more strict") + + def get_instance_object_by_instance_id(self, instance_id): + reservations = self.__conn.get_all_instances(instance_ids=[instance_id]) + for instance in reservations[0].instances: + if instance.id == self.__current_instance_name: + return instance + return None + diff --git a/AWS/BucketPolicy.config b/CloudServices/IaaS/RuntimeConfig/BucketPolicy.config similarity index 100% rename from AWS/BucketPolicy.config rename to CloudServices/IaaS/RuntimeConfig/BucketPolicy.config diff --git a/AWS/IAMStrictPolicy.config b/CloudServices/IaaS/RuntimeConfig/IAMStrictPolicy.config similarity index 100% rename from AWS/IAMStrictPolicy.config rename to CloudServices/IaaS/RuntimeConfig/IAMStrictPolicy.config diff --git a/AWS/S3.py b/CloudServices/IaaS/Storage.py similarity index 60% rename from AWS/S3.py rename to CloudServices/IaaS/Storage.py index 9470596..641674d 100644 --- a/AWS/S3.py +++ b/CloudServices/IaaS/Storage.py @@ -2,25 +2,40 @@ __author__ = 'nirv' -import boto import hashlib -from Common.AppConfigMgr import ConfigMgr -from AWS.EnvironmentVarialbes import EnvronmentVarialbes -from Common.Logger import Logger +from abc import ABCMeta, abstractmethod + from boto.s3.connection import S3Connection -class S3: +from CloudServices.Common.AppConfigMgr import ConfigMgr +from CloudServices.IaaS.EnvironmentVarialbes import EnvironmentVariables +from CloudServices.Common.Logger import Logger + + +class AbstractBaseStorage(): + __metaclass__ = ABCMeta + + @abstractmethod + def generate_and_store_encryption_key(self): + pass + + @abstractmethod + def get_encryption_key(self): + pass + + +class S3Storage(AbstractBaseStorage): + def __init__(self): self.__cfg = ConfigMgr() - self.__bucket_name = self.__cfg.getParameter("AWS", "NamingPrefix") - self.__bucket_unique_id = EnvronmentVarialbes.get_bucket_unique_id(self.__bucket_name) - self.__bucket_policy_path = self.__cfg.getParameter("AWS", "BucketPolicyPath") - self.__current_instance_name = EnvronmentVarialbes.get_current_instance_name() - credentials = EnvronmentVarialbes.get_instance_credentials().split(" ") + self.__bucket_name = self.__cfg.get_parameter("Instances", "NamingPrefix") + self.__bucket_unique_id = EnvironmentVariables.get_storage_unique_id(self.__bucket_name) + self.__bucket_policy_path = self.__cfg.get_parameter("Instances", "BucketPolicyPath") + self.__current_instance_name = EnvironmentVariables.get_current_instance_name() + credentials = EnvironmentVariables.get_instance_credentials().split(" ") self.__s3 = S3Connection(aws_access_key_id=credentials[0], aws_secret_access_key=credentials[1], security_token=credentials[2]) - - def set_encryption_key(self): + def generate_and_store_encryption_key(self): bucket = self.__s3.create_bucket(self.__bucket_unique_id) bucket.set_policy(self.__get_bucket_policy) from boto.s3.key import Key @@ -40,7 +55,7 @@ def get_encryption_key(self): return response def __get_referer_unique_id(self): - unique_string = "{}{}".format(EnvronmentVarialbes.get_current_instance_mac(), self.__current_instance_name) + unique_string = "{}{}".format(EnvironmentVariables.get_current_instance_mac(), self.__current_instance_name) uppercase_result = hashlib.sha512(unique_string).hexdigest() return uppercase_result.lower() @@ -48,12 +63,11 @@ def __generate_encryption_key(self): from strgen import StringGenerator as SG return SG("[\l\d]{100}&[\p]").render() - @property def __get_bucket_policy(self): referer_name = self.__get_referer_unique_id() - bucket_name = EnvronmentVarialbes.get_bucket_unique_id(self.__bucket_name) - canonical_user = self.__cfg.getParameter("AWS", "CanonicalUserId") + bucket_name = EnvironmentVariables.get_storage_unique_id(self.__bucket_name) + canonical_user = self.__cfg.get_parameter("Instances", "CanonicalUserId") with open(self.__bucket_policy_path, "r") as policy_file: bucket_policy = policy_file.read().replace('\n', '').replace('\t', '').replace('BUCKETNAME', bucket_name).replace('REFERERNAME', referer_name).replace("CANONICALUSER",canonical_user) diff --git a/CloudServices/IaaS/__init__.py b/CloudServices/IaaS/__init__.py new file mode 100644 index 0000000..1546b97 --- /dev/null +++ b/CloudServices/IaaS/__init__.py @@ -0,0 +1 @@ +__author__ = 'nirv' diff --git a/CloudServices/Test.py b/CloudServices/Test.py new file mode 100644 index 0000000..4990e79 --- /dev/null +++ b/CloudServices/Test.py @@ -0,0 +1,6 @@ +__author__ = 'nirv' + +from CloudServices.Admin.CloudTrail import Audit + +audit = Audit() +print audit.get_logs() \ No newline at end of file diff --git a/CloudServices/__init__.py b/CloudServices/__init__.py new file mode 100644 index 0000000..1546b97 --- /dev/null +++ b/CloudServices/__init__.py @@ -0,0 +1 @@ +__author__ = 'nirv' diff --git a/Cloudefigo/__init__.py b/Cloudefigo/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Cloudefigo/settings.py b/Cloudefigo/settings.py new file mode 100644 index 0000000..61af5af --- /dev/null +++ b/Cloudefigo/settings.py @@ -0,0 +1,87 @@ +""" +Django settings for Cloudefigo project. + +For more information on this file, see +https://docs.djangoproject.com/en/1.7/topics/settings/ + +For the full list of settings and their values, see +https://docs.djangoproject.com/en/1.7/ref/settings/ +""" + +# Build paths inside the project like this: os.path.join(BASE_DIR, ...) +import os +BASE_DIR = os.path.dirname(os.path.dirname(__file__)) +TEMPLATE_DIRS = [os.path.join(BASE_DIR, 'templates')] + + + +# Quick-start development settings - unsuitable for production +# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ + +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = 'd-xs_cqkqbhi)k)lo_v^ksxd8zl2v*pxtcgp*%5hr^l#fann$9' + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = True + +TEMPLATE_DEBUG = True + +ALLOWED_HOSTS = [] + + +# Application definition + +INSTALLED_APPS = ( + 'Manager', + 'django.contrib.admin', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.messages', + 'django.contrib.staticfiles', + +) + +MIDDLEWARE_CLASSES = ( + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', +) + +ROOT_URLCONF = 'Cloudefigo.urls' + +WSGI_APPLICATION = 'Cloudefigo.wsgi.application' + + +# Database +# https://docs.djangoproject.com/en/1.7/ref/settings/#databases + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.sqlite3', + 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), + } +} + +# Internationalization +# https://docs.djangoproject.com/en/1.7/topics/i18n/ + +LANGUAGE_CODE = 'en-us' + +TIME_ZONE = 'UTC' + +USE_I18N = True + +USE_L10N = True + +USE_TZ = True + + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/1.7/howto/static-files/ + +STATIC_URL = '/static/' \ No newline at end of file diff --git a/Cloudefigo/urls.py b/Cloudefigo/urls.py new file mode 100644 index 0000000..bd8ccad --- /dev/null +++ b/Cloudefigo/urls.py @@ -0,0 +1,11 @@ +from django.conf.urls import patterns, include, url +from django.contrib import admin + +urlpatterns = patterns('', + # Examples: + # url(r'^$', 'Cloudefigo.views.home', name='home'), + # url(r'^blog/', include('blog.urls')), + + url(r'^admin/', include(admin.site.urls)), + url(r'^manager/', include('Manager.urls')), +) diff --git a/Cloudefigo/wsgi.py b/Cloudefigo/wsgi.py new file mode 100644 index 0000000..736a382 --- /dev/null +++ b/Cloudefigo/wsgi.py @@ -0,0 +1,14 @@ +""" +WSGI config for Cloudefigo project. + +It exposes the WSGI callable as a module-level variable named ``application``. + +For more information on this file, see +https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/ +""" + +import os +os.environ.setdefault("DJANGO_SETTINGS_MODULE", "Cloudefigo.settings") + +from django.core.wsgi import get_wsgi_application +application = get_wsgi_application() diff --git a/Common/AppConfigMgr.py b/Common/AppConfigMgr.py deleted file mode 100644 index 76475d4..0000000 --- a/Common/AppConfigMgr.py +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/python -from Common.Logger import Logger -import os - -__author__ = 'nirv' - -from Common.Exceptions import GenericException - -# This class handles the configuration management for this program. -# The configurations taken from a standard XML file -class ConfigMgr: - - config_file_name = "Init.config" - - def __init__(self,): - import xml.etree.ElementTree as ET - try: - self.cfgTree = ET.parse(ConfigMgr.config_file_name) - except: - path = os.getcwd() - raise GenericException("Cannot find the configuration file {} in path {}".format(self.config_file_name, path)) - - return - - def getParameter(self, scope, param): - if self.cfgTree is not None: - try: - scopeNode = self.cfgTree.find(scope) - return scopeNode.find(param).text - except: - raise GenericException("Cannot find the configuration for the scope {} and parameter {}".format(scope, param)) - return "" \ No newline at end of file diff --git a/Init.py b/Init.py index f454e5e..47c187a 100644 --- a/Init.py +++ b/Init.py @@ -4,11 +4,11 @@ from Chef.ConfigurationManagement import ChefClient from NessusScanner.VulnerabilityAssessment import Scanner -from Common.Exceptions import RemediationException,GenericException -from AWS.EC2 import EC2 -from Common.Logger import Logger +from CloudServices.Common.Exceptions import RemediationException,GenericException +from CloudServices.IaaS.Instances import EC2Instance +from CloudServices.Common.Logger import Logger -ec2 = EC2() +ec2 = EC2Instance() try: chef_client = ChefClient() @@ -18,10 +18,10 @@ nessus.run_scan() ec2.move_current_instance_to_production_group() - ec2.post_validation_action() + ec2.strict_current_instance_role_permissions() except RemediationException as re: - ec2.post_validation_action() + ## ec2.strict_current_instance_role_permissions() ## Depends on the business, it can be added. exit() except GenericException as ge: diff --git a/Manage-cmd.py b/Manage-cmd.py new file mode 100644 index 0000000..41cee02 --- /dev/null +++ b/Manage-cmd.py @@ -0,0 +1,30 @@ +#!/usr/bin/python + +__author__ = 'nirv' + +from Chef.ConfigurationManagement import ChefClient +from AWS.EC2 import EC2 + +def get_menu(): + return ("\n----- Secure Cloud Management Console -----\n" + "1. Launch secure instance\n" + "2. Locate not managed instances\n" + "3. Exit\n" + "Your choise: ") + +ec2 = EC2(False, "us-east-1") +chef = ChefClient() + +while True: + response = raw_input(get_menu()) + if response == '1': + ec2.create_secure_instance("ami-c65be9ae","t1.micro","Secure Instance") # ami-c65be9ae is Ubuntu 14 + elif response == '2': + ec2_instances = ec2.get_all_running_instance_names() + chef_nodes = chef.get_all_nodes() + print "Not managed nodes list: " + for ec2_instance in ec2_instances: + if ec2_instance not in chef_nodes: + print ec2_instance + else: + exit() \ No newline at end of file diff --git a/Manage.py b/Manage.py old mode 100644 new mode 100755 index 41cee02..59b0ef8 --- a/Manage.py +++ b/Manage.py @@ -1,30 +1,10 @@ -#!/usr/bin/python +#!/usr/bin/env python +import os +import sys -__author__ = 'nirv' +if __name__ == "__main__": + os.environ.setdefault("DJANGO_SETTINGS_MODULE", "Cloudefigo.settings") -from Chef.ConfigurationManagement import ChefClient -from AWS.EC2 import EC2 + from django.core.management import execute_from_command_line -def get_menu(): - return ("\n----- Secure Cloud Management Console -----\n" - "1. Launch secure instance\n" - "2. Locate not managed instances\n" - "3. Exit\n" - "Your choise: ") - -ec2 = EC2(False, "us-east-1") -chef = ChefClient() - -while True: - response = raw_input(get_menu()) - if response == '1': - ec2.create_secure_instance("ami-c65be9ae","t1.micro","Secure Instance") # ami-c65be9ae is Ubuntu 14 - elif response == '2': - ec2_instances = ec2.get_all_running_instance_names() - chef_nodes = chef.get_all_nodes() - print "Not managed nodes list: " - for ec2_instance in ec2_instances: - if ec2_instance not in chef_nodes: - print ec2_instance - else: - exit() \ No newline at end of file + execute_from_command_line(sys.argv) diff --git a/Manager/__init__.py b/Manager/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Manager/admin.py b/Manager/admin.py new file mode 100644 index 0000000..2205e4c --- /dev/null +++ b/Manager/admin.py @@ -0,0 +1,12 @@ +from django.contrib import admin +from Manager.models import Event + + +class EventAdmin(admin.ModelAdmin): + list_display = ('timestamp', 'username', 'access_key', 'event_name', 'event_source', 'source_ip', 'user_agent', + 'region', 'request_parameters', 'response') + search_fields = ['username', 'access_key', 'event_name', 'event_source', 'source_ip', 'user_agent', + 'region', 'request_parameters', 'response'] + + +admin.site.register(Event, EventAdmin) \ No newline at end of file diff --git a/Manager/migrations/0001_initial.py b/Manager/migrations/0001_initial.py new file mode 100644 index 0000000..01a5609 --- /dev/null +++ b/Manager/migrations/0001_initial.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import models, migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ] + + operations = [ + migrations.CreateModel( + name='Event', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('timestamp', models.CharField(max_length=20)), + ('username', models.CharField(max_length=200)), + ('access_key', models.CharField(max_length=50)), + ('event_name', models.CharField(max_length=50)), + ('event_source', models.CharField(max_length=50)), + ('source_ip', models.CharField(max_length=15)), + ('user_agent', models.CharField(max_length=70)), + ('region', models.CharField(max_length=15)), + ('request_parameters', models.CharField(max_length=800)), + ('response', models.CharField(max_length=800)), + ], + options={ + }, + bases=(models.Model,), + ), + ] diff --git a/Manager/migrations/__init__.py b/Manager/migrations/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Manager/models.py b/Manager/models.py new file mode 100644 index 0000000..0077040 --- /dev/null +++ b/Manager/models.py @@ -0,0 +1,43 @@ +from django.db import models +import json + + +class Event(models.Model): + timestamp = models.CharField(max_length=20) + username = models.CharField(max_length=200) + access_key = models.CharField(max_length=50) + event_name = models.CharField(max_length=50) + event_source = models.CharField(max_length=50) + source_ip = models.CharField(max_length=15) + user_agent = models.CharField(max_length=70) + region = models.CharField(max_length=15) + request_parameters = models.CharField(max_length=800) + response = models.CharField(max_length=800) + + def set_by_key_value_list(self, key_value_list = None): + if key_value_list is not None: + self.timestamp = key_value_list['timestamp'] + self.username = key_value_list['username'] + self.access_key = key_value_list['access_key'] + self.event_name = key_value_list['event_name'] + self.event_source = key_value_list['event_source'] + self.source_ip = key_value_list['source_ip'] + self.user_agent = key_value_list['user_agent'] + self.region = key_value_list['region'] + self.request_parameters = key_value_list['request_parameters'] + self.response = key_value_list['response'] + + def __unicode__(self): + return json.dumps(self.get_key_value_list()) + + + def get_key_value_list(self): + key_value_list = {'timestamp': self.timestamp, 'username': self.username, 'access_key': self.access_key, + 'event_name': self.event_name, 'event_source': self.event_source, 'source_ip': self.source_ip, + 'user_agent': self.user_agent, 'region': self.region, + 'request_parameters': self.request_parameters, 'response': self.response} + return key_value_list + + + + diff --git a/Manager/tests.py b/Manager/tests.py new file mode 100644 index 0000000..7ce503c --- /dev/null +++ b/Manager/tests.py @@ -0,0 +1,3 @@ +from django.test import TestCase + +# Create your tests here. diff --git a/Manager/urls.py b/Manager/urls.py new file mode 100644 index 0000000..b820e28 --- /dev/null +++ b/Manager/urls.py @@ -0,0 +1,10 @@ +from django.conf.urls import patterns, url +from Manager import views + +urlpatterns = patterns('', + url(r'^$',views.index , name='index'), + url(r'^events/sync/$', views.sync_events, name='sync'), + url(r'^events/sync/reset$', views.reset_sync_events, name='sync'), + url(r'^events/all/$', views.all_events, name='all'), + url(r'^instances/launch$', views.launch_instance, name='all'), +) \ No newline at end of file diff --git a/Manager/views.py b/Manager/views.py new file mode 100644 index 0000000..87eefc8 --- /dev/null +++ b/Manager/views.py @@ -0,0 +1,52 @@ +import json +from django.http import HttpResponse +from Manager.models import Event +from CloudServices.Admin.Instances import EC2InstanceAdmin +from CloudServices.Admin.CloudTrail import Audit +from Chef.ConfigurationManagement import ChefClient + + +def index(request): + return HttpResponse('{"Status": "Management API is Alive!"}', content_type="application/json") + + +def sync_events(request): + audit = Audit() + logs_list = audit.get_logs() + for log_entry in logs_list: + log = Event() + log.set_by_key_value_list(log_entry) + log.save() + return HttpResponse('{"Status": "Done"}', content_type="application/json") + + +def reset_sync_events(request): + audit = Audit() + audit.reset_files_extensions() + return HttpResponse('{"Status": "Done"}', content_type="application/json") + + +def all_events(request): + all_events_in_db = Event.objects.order_by('-timestamp') + events_json_list = [] + for event in all_events_in_db: + events_json_list.append(event.get_key_value_list()) + json_element = {'logs': events_json_list} + return HttpResponse(json.dumps(json_element), content_type="application/json") + +def launch_instance(request): + launcher = EC2InstanceAdmin(region = "us-east-1") + status = launcher.create_secure_instance("ami-c65be9ae","t1.micro","Secure Instance") # ami-c65be9ae is Ubuntu 14 + return HttpResponse('{"Status": "OK"}', content_type="application/json") + + +def get_unmanaged_servers(request): + launcher = EC2InstanceAdmin(region = "us-east-1") + iaas_instance_names = launcher.get_all_running_instance_names() + chef_nodes = ChefClient.get_all_nodes() + unmanaged_nodes = [] + for ec2_instance in iaas_instance_names: + if ec2_instance not in chef_nodes: + unmanaged_nodes.append(ec2_instance) + response_key_value = {"Unmanaged" : unmanaged_nodes} + return HttpResponse(json.dumps(response_key_value), content_type="application/json") diff --git a/Prepare.py b/Prepare.py index 9ed3603..be060d7 100644 --- a/Prepare.py +++ b/Prepare.py @@ -2,16 +2,16 @@ __author__ = 'nirv' -from AWS.S3 import S3 -from AWS.EC2 import EC2 -from Common.Logger import Logger +from CloudServices.IaaS.Storage import S3Storage +from CloudServices.IaaS.Instances import EC2Instance +from CloudServices.Common.Logger import Logger import sys try: - ec2 = EC2() + ec2 = EC2Instance() ec2.create_volume() - bucket = S3() + bucket = S3Storage() if len(sys.argv) > 1: bucket.set_encryption_key() diff --git a/db.sqlite3 b/db.sqlite3 new file mode 100644 index 0000000000000000000000000000000000000000..8b0814a57df96755e97ac93d2f215de44615721a GIT binary patch literal 8744960 zcmeEP3tXGk`A#5LAW5&HwiQZSEmj~GLIAI{rIudk1$v=gFeCxeLPC>3Z&ro2BxvIbE zE;;8p?|IMrzUS7kY>_+QDs1)oI_-f%i)@TcE|*|UR%>xTUb{=w{~@5^7|sMDqK=uSd{#}qQaR)(Hu0pokhjHXXbO+ ztxcC*SEbEpvOCL@zdm1TcKKIH$S$RhWc2D&)cF^d$a@Ro^4aF|c6a%kjjk$7mA$+* znmg{oDM|7a_gGv`xT}ON`Wt2Hs)<|%rif>NFH?L5CZ^5+|5(xtL%S#!C`)@o`oIcUX2KOdKvm*~aFL(xn`FOqL}cs&7^C(s<&)a9bm z(^oS_onKQU->wVTTRL1(DWUZneb}G;%9wDD8f#`Rs!i9-(PRqU$U~dUS6IKKv9Nx{ zqD6&Em)9+>S>9B*u(qkNW<}$Yx_Z2FaczC$IfX^MoFzWBymnsg^4j`2wGDzVC50r- z5>G}mPf9A``RD`Dx2&kITehMWFXi)*@Z#d)hOw&rwi>yNR-=D?2fBi0(B-9nli!kQ z+7v2wY~KXEI=`euzU`8@ilI^^s1ELLeX>g6E{6-0NW$e36H$4xcEYY zD!-v5J=a{Zn*|JWpBT2Cou|$(D3JG0i{&*^O?gR}92A9JcE5jv*9YqVBl=A?YxJA&JjrOl-rAa&NnEiz0`4BonohrY!Abo8|t6A4qnWN6Hs*-Qdjn*$GKhfsRwVs4eb3|%B;if@} z0r!?cwTBF=u}Dr(V^KnAS5VwLMx)N3I#u4gE{;0dHt3U@WE2gGmRM=4OqAT>zEYJs zf7UGd_VLjyMYB!w75!5olDX*B4CK%%$RYTP?@SZ5tFVi5uC;sGyv@Rg!dW7nmBZ_F z#nNFi#(Z0(BND!V)SK|(;^ID)LY;51$hTQ2VIp5D@{ux@IFUOtKweyVitJro%^mg@ zmq4S$-_i+El3$K65`7c6;GQWi*5}G*InGa}IwD2HZHk4ts{H1vWVc3zzd0&Q{&3Hd zpdNDdb7cyPR+WG8R0%KS^cH=IRv(lp&R47Qm(5D~U^EZmEJQz0!_`yNDpmPSmSnGp zlv`j1nnXTSEzMGqcGpCuC~VXCUF*AD9)~OL&+HiKiMu$H2=zI5vbeWNuFfwjllR$$ zlG*8Q^VtK$?+oW6`axFAdy5jT4@xE>E72azY>n;0VjE!mRXp0^PUxq=`RRHcQl51B?O20AqkLz!+c*oJb6ql}g#988wUT9y`W# zj7FoW+3j%$-1ZK$(PS+#no5k8LQ{D){#lHrMw`uIvsx5N*_0VIeit|5octl9vD#`a zHQCB-<(0;4r7V9&josPl_N0BH!fG+u%CeNQiFg77Fliq!RhVs7n_MZIF{36NVIyN? z{&Wu-D=cP{QD=BYrZQY5Gu&tRgW)y9bB0^-2m4_RFa{U{i~+^~V}LQh7+?%A1{ed3 z0mcAhAcG7{P-U0M!_xz3c!12O%hoBg3*>b22AL$6l`qe>@HYvk(9lT};}qFvWraf+ z&8{BIknOoYtvn*o0|7u+{%6!1B?O20AqkLz!+c*Fa{U{i~+{L=whH~ zqEc2OpE1YoDa2HK7uGma??}!4!MRFB6C(Fug_Ea^zlZySyJzxvrR*$u0eO$z=?uRF zzj0U39H*3-eem^}2L)Y>t{MXUT4`TFReGciZNs->idONvN9A>4W2rf?4MH~n)a<_3iC41a&* z&hWSMcNSq%K$(^{0rK6E+sHTb_YnVIZ8%?M_^sgu!{dhi2A^RC{$xLl0mcAhfHA-r zU<@z@7z2y}#sFi0F~AsL4Dbw`g0MpVqh@$Fo9f&{xu0< zfP(xf0{0*55P1JT2W3$kHpvW|3?CU@HoR&0hT(wWdcJ_{f5re~fHA-rU<@z@7z2y} z#sFi0F~AsL3@`?U#K2g^qxZD=uan2 z=oJ(5>0jLRhVhDtQ|X`4NI=$DMg9~mU1%Wm|0n7%lNtUD-~T&?qlUePYYbh6%M1$) z=NgI)`3AZE_xc~{zo9>@zeT@I--TP*4`YBaz!+c*Fa{U{i~+^~V}LQh7+?%A24Wc) zr;yK($E>)R$bA%^s7?pVCm0m+0=b$@N~eF1pP-Nz%j4EhjN?8GKNohA$BtFVr^!|1 z$?zv*PF2WFa*;(42JS-md4WHzpQw<}k}JtO1fS~Yn}zEb^0-gJFChMQu3jOZB3F51B?O20At_; zW`NB9Xa4^QT*0hpi~+^~V}LQh7+?%A1{ed30mcAhfHA-r00U(IKj!~4QD6)(1{ed3 z0mcAhfHA-rU<@z@7z2y}#=wcq02}{5vFn$WjxoR(U<@z@7z2y}#sFi0F~AsL3@`>5 z1B3xG{-33PQD#_)g#9oE7z2y}#sFi0F~AsL3@`>51B?O20ApYjGjN-%_pILBEFJ!< z(M;6obXu*Yt7V1gKV41jYbkfHA-rU<@z@ z7z2y}#sFi0F~AsL45VRzt^ZF$5WCD6U<@z@7z2y}#sFi0F~AsL3@`>51B`(afB`oC ze*#n@D*|JHF~AsL3@`>51B?O20AqkLz!+c*Fb2{vz{da65X3Gs1{ed30mcAhfHA-r zU<@z@7z2y}#sFjB1Ym&p{}T=UGQ(%s0q|qPhlckJ?-<@Ryk_{J;YGvqhGz_4F&s4< zF&r}7ZP;trZP51B?O20AqkLz!+c*Fa{U{gJM9LEtjh&(sTk% z$CFewj;3R2I)R}3)!|G26ymRZICV}LQh7+?%A z1{ed30mcAhfHA-rU51IHBu%>O^Gs*7coF~AsL3@`>51B?O20AqkLz!+c*Fa{U{gJM93 zr?L%eWQL#Ne7`k=dIfukF~AsL3@`>51B?O20AqkLz!+c*Fa{U{Cou!(WouIc>T)@EtzayI9DEq76FZ{9OHt^OqRYux8(x^;y=H@=xWpFnt=!by^|-X^A}dhduyT@;BptO z(m26QxI7^-GYR)ZWIvjvgnPsUDStedJzJ{m#Z*(mYsX8;9{-9o+2dYLMLcVqI{*Ax z^4{WT&Z3kxLpimYT1*aFanaAmCFUi1G4fC}6VZ!=9EaBvaCrjFflXa5Dm{HQW7PRI zHS+DcfW4)|6_pZNztM;N$*+tF=cut}_M+N!%^U?UbR!RKE?;5&lE%XN6^j-XE?r)? zxMq1%;lkRc!kQJ0OX}+J%Eh(yjpq~=@p6{<)biSSwaaVk=hQX`zLXS_kc%gynI|Qc z@O<=v=v!9Q*DYI7iSWwVm;9!E(tr*NVSs(Z(1)cI4V%6r#E`KB6!K1qMm zh_FmAWPspG0l|e_iHj{-RsO|OQ*@?G8D-PgeUgR#l;JARr$?T68Mfj=ofM? zq$zjX*?H>xf&zK}v}iq$o|9&g{E{caHu-!|1b5l}{taFqbUoiyn9P+iTCcWgp z+uR##h3tT0i#x_z*qQK(5R<{pdll)HHLNk)`4p*n$El|$3 z*glVUON$EQGl?s9N5I{KE;0TR=>eP9!VVGd4ox~$er-X@nkNi|E1UeP`=YE8foVXq zB&|`ATcfQZ>N6#pK?$~GTzibPB>vk`rIAKeT&z>CmW@ReK;zOpp#31{!kia!FVFpN z-qyU&br0%Ss^3yys%lYBQoc_E1re8={lXYv44iNbY+G5N&Ohrcc|T`UEw+2?@OGPB zJ#f5Z{+Jru7sgy0RDVdk9Rx2sg}#%Z!xHV$%<+DL1HO>Id7W!hv{#L@gK0_Px;xQZ z{N8S#L*S~#-NapPb_=p=itY8Nwgr2hKr}P9*b@0%ZE#DYm*d{xBkmnK=PtVsK3l-$ z^G9#3j4Qg&duHK6i>Le@SsNBO^9*5uY&pjRnvRimN6GhD(Ph*4H~4 zBEh|*H&8yhM;N~70hlj*1nRgMt2@rdK)0QB8XW@Ymkay+NG}!N;hYxkaKhs-@t4DT zF46Z*7y=MD+a$6851B?O2 z!12$3GFvWJWYaWDkuBFMIRF1+nc*|TzYHHA{{>_vU<@z@7z2y}#sFi0F~AsL3@`>5 z1B?O20AqkKpvczBvq_SbovqdC4BKScxj&QX>vDglGw7Buju-=s0mcAhfHA-rU<@z@ z7z2!f;X|MDcD>|_MmaC$?y|TiwIk2g<%T~X6-G()* z7PK#JTv5Jc?&9*rYnx2a zHFN6x3He-w_pP0Wo!7Yi*i5!UQ&qLOvf6AZt*EN3s;um@sVH-%iWbYJo=rA?kIB>C z?b_^V>E682XZEZQbUQrdts59~g=SN=$yjYPmzLYAjMl0?TNWpC)}BsZrKP>Sa@_`R zd8?zsv|(eV#oT7IZRiZNTRRzZMCOcD)#c@-Mw_X!vI@#&Yp*hGV{K}z*;qffZc|g^ zypA=ED>g1(TVt)ixXIGgxy-zHRjs9|5slW|w6T73jj4X~3geo_+3ihhyKJq?&OcvN z;43RlCR2`KH|GD(ml@_8zG~>iAMA%Qz!+c*Fa{U{i~+^~V}LQh7+?%A1{ed3fusyf z&t5D~7c^3lo6^PP6o$8CGd2WFYrD#wmE}Dh6%~$-4OOjX=VokRyw29Fa{U{i~+^~V}LQh7+?%A1{ed30mcAhfH9DU0mC6#fnW?iI(4F=!eX|n&d9Ej z3oggaNm0aIjy_E%UWhy`oLxYo0B6L$9G6Yyr4GQ4j1vEe1d3x;P6PZ^FG9x*&%IAGXkxYe-B5Hj=`t~B%*x(sU#PQ&Gf)rRGU zMTU8XiwxCH+sj3LLM(0{J~ME|k=L;d^ucl2-SU(^3k|DyhR{WCaO z@TmTX{*eA|{a*cU{Z4(q{u=#eeL(Ngx9eNDy{CIy_lE9O-7C89>Ymd*t$R}UnC`Idpl-izkM1Vjb-L}k zt8^Q6K3#{dRd128T$@_cWM|r=` zdpGZ`yw~%7ocB`R3wh7xJ(YJX?~%L*@($$f%eysiS6(QuFYn5{p1iKSwRz6G%kx&} zEzet&H!ts^yz0F2ywbdxc}01X^G?Ydlb4gH$o)L`liZJUKg@kU_nq7~b6?B-VeX5$ z&*wgq`<2|Ixkqvj<=&mUH+OgL&fNaoYjQW|268>Q?YS+vm*%d_U7EWfcW&+lxs|!* z+;eiz%q`44J$FK`K39{QmGfE7KXd+)^FhvgIdA8@k@ITKD>>iIc`oPaoF{W0%Q>8L zFlT?xo}8On)bwkv(QMWPG#*X6rbTn9W~FASW`Sm| z<^oNn#;iFbKQzs9#mTqW-S>IrY=(C)JOs z533KV_pA4)Z&F{U-mbn%y;1E`cc@#{SE$#h8`bsd`Rdu~^VAh;qxx+1boCkPQ`O_t zd1{qfruvWS@2ZbfzgNAhdQ0`X>c^^=R4=HWRXwFTrg}v6fa-v1pXyfCE>%d?r@B(r zqv}$vRXJ6ct5&O)s}`x|sV-7gtIAcSs+p=H)nwHvsxhh@l|uQs@)PC9$`6(AE8kJR zseDcOL*BQ zEp%;KDwAau99xa_jAQjkryQG$bn>xkq?3-7B0c@sG^D2;I~D1v$Mi_^k13Fz^28>j z6QA%Ro$!Pc>G&tsARYGvdFR+CYLSk4;#{PLC(KCoPn?BR_rzqRc~6W*n)`$bY0lBD zNVP}(NHs^>k*bf9_o$AN{3wskMyfb!Lz;bb7SgPvXCRdy9fwqQR4J3m|M&Ptq@O>& z4(Wd%zZ~gjk1s>|>EpBo=Z6jJ$LA6tR+FOMxm`sc?kLi*8TR-}J=>};eTK1SZ~$H$;UFPcm!<7fBr}X($^m$Ir-Tm+!5A1*`s(!Y*m2UwvpX(yu&3%JSuhNbNlNkP+#Z z9y$~0v42z$&D-K0r!z%L7DCc0WK$ zbn^oxNN;*zD$*MtAhomW0X5Pa?%#rR=lubs*WXXxbKU*TNUyzrInvPmwMc{alQ;C= zPu{TOe)5Lx_Y+pP-B0AC?|vdDy@!a*Uvr3*zn3+;)&K(|VAU$aRp^j`JXSkKMuNUu0J4r%j2Qp=a$dnMA#?j@3c>AmDVm)zTgbj`g>kT%^r2kGj2E0M0cmy~Gb zy`+{`+)G+e3Zx4Uke0aM z0AaZ9z<8wd4``5He1O#TynDKl*4{(vXzo3vj^^A$VA@w!u^EXg8f8V&e%_+Zpwbr5-0B`+)mn` zkM#8Yc}P#&FGG6joj#=bcM?ucxs$ZPiFcBmOt`Za>G(TI?TovVlx6Ilq%33ZBy1S& zBy8yS5jJ%Dyh!u*kv!z?BNCglk4Tz!AK_E8k9@m&ACXnnJ|e5ieMHg}`-r4v-$CAx zbw?Lc`5lB$*&UD&+5hf9&B{K%<07R0y#qBX`|J)#i0solije;2j)_SBeFth*_Q~EW zk^XBh@*w-?UOUo%>|KHM?|UJovcK&`9%LWyMIK~--8%#6U-nKy`scl1QufhaNU7{k zw?iw+KD-^$CHv#;S0Mf1_C}g~k^bN9kaOAlx6efSyW7bd-n)Ga(%;^W zQpn!jgHp(Tvu8chclNX){q-I&DSLYl+KcR0doD)$)*h0RU+ys>eRB`V$uIVx-O1kA zL*DcAJxZjn--bGs{p>c>i0rl7T9N+rwo8z{dK>Cg_LJKnU9unF2I-Rh=r+i??1#5O zK4m|+jg;k;+sGSUzLmV;rCU3Ye*e}hkiK{;BwY5rTOm=h@7{Vg((l|#?tkGH$f4}p zxA>7he+$X;w{E!<>2tS`Jb&{RlILe{IUngaZZRW$=9aUNe*KooNT0ri5-es+a9`^yzTJK&^)pSZziR9;AWDm`)@uM>7kpANbkEDawR)> zGvrEk@6F^r2W}?sx#wmivb%3WE0f)I(>kR4Zz8$6^Clu2`))!jlihI>soA|ZS&`m; zQ!&y#H%&o$+f9U@TW=!ox#dP88@q2rE0f)PBP3jQ(~W3lvKwzC^116qXdc-OH}U8GKXccGQZ zuGvLOboDMG8&~ZjIoZ04Na>X~koRo4VLj5#H?$$$bOVw0jW>`IZMcE(+;hW4NV{(! z`3c-WWYvEIsW0CRq`ubQKuXlLlSqhnCn=FHPYqRk+#3= zI%sv-((9m0WlOFjZ>YbP)Xw5-Nm&+MOUknFTEfPHYss^9*OENUzqSnN#n+NN%)6Gb zT6-;#leyQDmOCS~0qOJ*DaBbKA|W$FgpJ}5dBfQuXg}Gk&`hM~gvhs-gvKK+4UuQd zf;~u$K_aE5;H5~-!KFwoK~ksXK_czeAZc+GLDEibK~f8qK{?W@{s7YIeo~L;_FsbZ zy#B>V&+o56dO<&_!3+CKkY3bJzPF~I@P;<5%If`UHx~b&)q7(etmSFHLak*L5zCYO zWPgI>Okf&7a)BpgXVR|l53(NzEJP!C2|##T29TO>02%>O zlcX+I0i?|}0c!xl7Gayn3egRu)~*2T0FeO)-~?PiD?m7I2S`1w1&B8206GC8IbNU( zAadvfh+LD}0nIW}!$d+h0;Js#dD{Y932X(f0mR<*a7qdK_CQN3tR_W z59|bP0CoX40yhCS1G|A+fLnpvfIYzNz+T`EU>|TNuphV!xEr_!H~`!W90cwI4gvQA z4*(AWhk=KHBf!JJBfz7;W5DCUQQ!&S81NvT0Qe#BBjCrtPk>i}p8~G|KLcI|eh$0= z`~r9r_$BZb@GIbL;Mc%Az;A$ef!_k}0lx#@2mTNEJ@5zM1K^LqhrpkJkAOb|e*yjq zd<^^z_&e|q;Ge+1fKPyb1OEX&1wI4*3w#dzk610legU$8Y(N1h0TrMIG=LV!0dj#n zKnLgn126^{3ycHC0~3IWz$rjJa4K*ba5^vvm<&t-&HxI4LSQOT1WW^_12cd#fwO>_ zKrwJOFbg;bC;>`=GQbF!05f0#$^k1-0oZ^_pbDr4&IQf`&Ic|4E(9(DYJl0m9AGX` z3(Ny92Id2Gzye?)un1TT)B{U^rNA;^InV$!0xN)(z$#!h&;+ajE&(nDE(0zHnt>|- zJJ13+04LxAT7fp89dH9{fptI!&dum`vu*bCeN z>;vuu_5*hTcLVnT2Y`ElgTQ^jA>e-C0pLO4Fz^s?1b7&D1b7s940s$k3OoTE1HJ@2 z349s&3h-6nDd20s)4C25ftP@nfmeVZ z06zqN1pFBI3GgcLQ{Xk=XTa;g&w)39UjT0czXaX_eg(V@{2F)%_zmd^@&CKPZ-MuK z-vRFf{|EdY_yh0(@JHZ7;7`Cuz@LG?0DlEO2L1;89ry?EPvBp`C&0gf{{Wu?p8@{` zJ_r7X@0I~_0Ka5q0}4P1r~oyf0kl94kPGAiIzSH?fHA;WU>q(o_bOIj03v>bN z0UzK80zfy=18e{`0-J!%z!u<2U@LGHa5ZoZ&;Y~E_5ybR`+z%v{lHzo-M~G-0pMQXAaEaW2)G}30C*5M z3_JuJ0Uib(0UiY&10DyC0#5+PfG+`00$&Ec0(=#C3iulEH1Kuc8Q>ehv%oij=YVek z&ja5EUI4xWd>8m0@FMVi;3eQ?;1%Epzz=~R0Y3(Q0=x?R6nG8z8SpyrbKni&7r>jq zFM+p!Ujc6ezXsj`egnJ<{1$i*_#N;*@PEMXfj0x=Py&oDW<8TnJnQ)Bv-AIlx??7MKTI z49o}WfCa!pU=gqws0Wq+OMzv;a-acd1XchmfmOh2pb1z5TmoDQTn1bYGy_)vcAy1t z08YRKv;u8FJKzS^0_%VdpcC)_UZ4wD5BLB-5CFP?9$*8o5!eK52DSiK0$YKrfUALP zfL@>v*amC|b^!fA5C{R+0@nf813Q5mfL*|iz)ir-z;56c;8x%^U=MIRuot)k*azGR z><8`w?gs7w4gmK82Z8$_lhg43A>e-C0pLO4Fz^s?1b7&D1b7s940s$k3OoTE1HJ@2 z349s&3h-6nDd20s)4C25ftP@nfmeVZ z06zqN1pFBI3GgcLQ{Xk=XTa;g&w)39UjT0czXaX_eg(V@{2F)%_zmzb@LS+L;CI0L z!2bci2mSzj0Q?d75cm`D5%6c=FTh`ckAc4de+T{n{1f;W@Cop5;6K2pz-PdJfzN^e z!5xREwCH5k)2wA>v&ss3)e|wnqP)atE-_jgP34$fQC)6b<8b)bS&cOf zbv1QMmaQ-^u&r3O(6*>{N%^w5F2BR)ZgJH(ojAE0M@G9G=2Cm7eY4kN-{3EGcstD| zbE&D^Qfe|)0oK|%<~cau+uPxqZFj75d7Rz;5|`Z{C^2m*!r_x%hn<{9S?Bcgb&JaG z>Tc<9JL?6;{6nSn4c)K!^-&QX^fF(Sl3t7qIl6s5oIu|YAP2Fd$rm}i zPV!4dIWBr|syxYyA9QrNJ#8c>MO{8ukK5brPk6*sA$Y{s?eWkjQfGcdasYyQr|oE_ zB0Q^X*0h3U@gi)iHdUn%2fi_`^mcUPnAUVnv1V06VYn>{8ey!MqToIBZM+~;RolCE z$K_OM%%F0c(9~?z##Ca<=d;n?mNt{A^hHcog_6Vz1XPl@8u?GTnM|&q4 zbSac=pxZC0cDSc#YemgmMjCmHY{pb66%bc5XiSGq=*z}q>6=qOA4&UGbg?LGFgZqGW8cY~*-$K~^* zBP?9x_H=J7GnZDBnkq{y<&~x7r6%;F*yhV*DQ)d=xdIzqp27uqw0XWa(9q=#%xqj- z++0y!GTR+!ZgBbVqUM#0%gp7aR#Qof(IRN-yq4!Rc~tnR*q82DL&e@oN;^~{V(IBTj1Ml;>&=K-Sn$P zn4uRqVX}9+OYAm_xuP5*N=#+iN1eT+krq8kk8Z_ok13lI=bLd2DsyEQ_OraDH41uk z;{R(gJgon$R4-b~&VsG6qbe-JmJ(xmqtOfx zyV_bIsK^Dg7p%4}uW49Qw{%`b`O1is%~fQQZpmbU zm9+02!28^tU3ND#AI<5&EZA0)4Q5{@=SUOnu)QJF7Lls4qhG3EyP9Cda>lFK#KbC% zxQ>umxu{rGMmn8sr-fRnSk0o!D&j{DPFW@PI>)b`8u>o1HNJAt=3VL9yloWqB&^Lx zVoRgBE9sjYa#BO{LfYo}V8}q5Jn!Tt4~C4|#vkuEwp1ae?WjU;OS)R*|GOAj7XAIK!;dRTf)=y>~ zA6}=31x5I4d?+cZZ>U!g<1>YW0aHR(M0E7nNWfYs}A7Un*hGe`5j`VqB4WmaCHIGFuj_Jvu!@;5P4_#DInN`O+J3@`#FzzkS`a=;3Z znF2PT5~u>IfpdZLfb)S1fD3_(fEr*nFb9|h6p4b<6g7~f?!*Uz@R8&N` z_;+(msI1o(+Cam|=a!u{t$+`sapGgGHd?B!(v_q{;Sn#1y*uEor4D=D5`+cmbPldC z(WtA%)>7$gDK~N5Z|}5FPc-YX)(Mw&DU#38KcuXu$!2w^J3L?lhBw71I+{(3Fi=1A zAdfh`34+pT-?-f6@9qeYu?G|4$Vr4}YA8T+55F%u^em8%0pvc7l9rfpF$u2@`DrH6 zn@lUXI+0>)xdiWr*MWn|Ca;8etxf{JVid>L12>Rd9rC5jy(Egiu-w;&)>G|*C?-aC z3Pi}4u0a~a2LxmMgTaW2&_+$(TKR$f`cPMz5=jv!PO*%R5={?zsf59ii;fiv8?lrE zr5`JlP*15x3M)b$p;gFFI}=(n!f9v8lx6a1XE8Y(P2un%PIBvO3UyNEW^nd2Klf&! z%!$su8MUOvC{tk@=Og_CpXnpCxFZ8@t)UJ|ZZSu0td+zK)JPG_B!i8|2fd_2iy6$# zz|f|(%3f|aTa3{t^XZ{=lxY%WPU5snH|o-KGK7UqkXTijn*oV2=h_VY!-@3*%i>$LN7FZU}U14sTTN9a* z>?4y8939?nXMp@#nrbZrYAQT`I&KoD39~ey z6Q$5g(iB=~qn$7{U4POQx=*%av7pcvkv5&GrZ08{8c7@G`pnVZrlYf#=DJ$#2-k&U zpX+xl5^!+R=(UBZ3XM6R!cfx*)5I5?jD@Z{=?V?KHeXQa1ih9)^&U*?I}G+dy<%g80$ig!K}b#Ccg{$iW~!Pf%!bBx`qEPn4+9Ms2H$ z(Un5Vc!Bx?MjS+@30@i*aWIIFIGiL(QCLH~!jwMX0Nr^B)17o%AR&>ws59Lux&cPq zZV8F&PL_w(FsWivMHVv;eg$LvFf)4OCe|a1sj1P>Be#cE)5;+u*O&t!HgYWtRwOf* zcsFJEN3JtI5n#lIuKQ|2+{PKkP@^bYHXSUc7pdIkM?Ood+9DdR&2vvGd#p z`=&I0pZMerckDaroPym!V!X5PQlIuvqfkcd@maT28-s(($4*3slwjIS%-o(NQX+98vbcB*bxLqWXgL*^@DjU(GFW2EkW5@8mSHqa zFB>XzXN0&(Lxj1pktjFU?NSv{E>sc8h~sr}8r?87;xcaC__=LPQ>&uhS)rv=hgygZ zy)0f4Nz|dsz1SJAk?hfuh9dFy;fp+;R&&k^Er~RRgo&%DQA_M5uqSej4oxq@H>;;i zif#kKF)5{OuxM#F-J6#4=mxiWWkNWnZ+2*L#6WVF%d030g#A@7{o24}I8H z^kVeWU4!c2@lf;)0)dM8JYC;U{QogH#?D~YZ_&M_E6KYm*Q)(c^G%go`I6$s?CDuM zh$Ly&VQWMfVy~e!D>^+%dL!a&n&EFknGMdx=xL#k$%feDXOjxq z;U*qLceqLP>54-a(Lf~j=RqtgA?AytV5IolOFQfi7dcr$iZwQ>B2ry3IZxA%)rKyN zDA$DPLbM4EC_^Lg%H-u33s{J#yKd6goGxMG$kYL{d*+n9S;4OQ@P=kB&4Z1ZO1r(IXz5 zf&X7cyPPEcKhAy=b~(vLNE?LSdm05G9^l7AnezYpWV$1{jXC|=pKE7o)~jDt7pOKX zt=Vs6Te5DIe}EId`!ePKC%y+dpfY8nlB5IbU4ac=-?|zHj$(^HOfP1Ru{f6)st!M% zE?|Q3aa&Ys6UN6S#y`J+@$ud>LlrdRaIL0^joL{HWk~F@#98KhTD})f7Gj>((D~)R^O~p3C*_nln#l4FmhJPtk5|_&+f>1Dhooh zQrpxqoz*C}sS)Ztn|2Q=LY>lwZ;!XmfrUD`)3?aseM4FI5kKw>sVYtm&2Gab!&qf8cC&AyJa#21kb*gYJ#qbuJGvmzQ+*tm?q&-ImHKtF_W%HJ6if zzxk+f9bV?fdNOB2dw0Nz&DLkT+U-4Vua7*68M{xag!Q;@Yf1lQe7G&<+f3F}Uq>s2 zr;`uD3u_Z)nd9yDkR|&jya*?>2>)E?+QetGa})j`d5k-aTexLCt~%X*vVNte%NpV`^Mi59&Fyb>I#&>4fi);GeDnNz5 z%jI#>^&H3z{cyRH75m!`|^ zgFc{FNDZwcD^NQ)zU}MWB~_*>r^DV#MMYc*kXJ`0)Zja}6a}EOJdRD|`<>wpW^qp% zB_pivhH$~R@Z})Y;0dc1zLeyF@CYOw7;MFCB*E|wluklRz!M#`dK=wTO+~b3Id@i- z-REeBN^=CdeU!b8l@-kuRGqd%4f%T9eok+0gyzM&d|q#W(}_HpMAOAw;2TgG6jqtv z34KTo0O`vQO{0;!5;_4ZVeYO(n_{7B(^8!AJ**vKhOG&-OhFyR#3#ZV%TEmzQKMaa zoKRvQewYV1xb^?j$^L(L=Dm^Y&uP$_HDgtOQQ4F?WZUE)$!lcO`%Vi@rFBfK`mqJe z;^${etYa?lbUamYY^9<#g!@_--P0yq%f+F>Xrw)1J(R>+#t6|+Ru?5^H1a-PM!A8@ z+E4*?0m6%(W6u?(1D7$ASCV;>b$sWSdalKgt^W)L5c#f8tiR^3CG^dl85_$kB@)5d zGboWMLi{WkOFH;&f2q?IAm>Ar&~A^kB6~+S-@gg1&&a9YZf^1#W6)^3e_dzQ*WmLz|*w4Nayw72hQU%eaKnpKQGD3z!9k zZDc3WzKk5&9)BP(rvQa>IMXS>nn1wkZoxYJVOE5uic(Xl$z-;anoXsx9WGY@hFjqR z7^2Pdy@7@M9YI^Yw9|WD2MuLR0e-cX2A*5Yt;yOa~r9vT0)>WlT06A)oCu(2T4|)!gP`{1*}0h1tv{kM%<~vLqnfLgH7aeqUKD(pov8LV1x!u zV0&q!nN6_0%Bv+UR2nhc3r374l@TMclRi<67z75?e8(!bb+JTKTA~jk-iC(g3}BX} ziYiq$%QCD_`O%>-V3uY4G7V@8WlC*fk+SK+h-nLM{C}rR|1aIKyd${>bM|R>Ypzol zs!mmoQE0Md@_)&8X2kiI@DfZYS5Ubwreia`o$>ycRHL^Ovxw4kZbP$pGdz_f*1Uyv z6%!RDF;3S;bi0_i*5R5hoOMEH--%g+DW>Id?u9axO|>AI#X7d2ES_m&>?Rh;1~G=) zd>&SwIU*FHtOyYXF(NFfCiBj9`5hPlJkI=xSb5`lkf-KBQY>}21tPQ24sjl2X?PHh z8+?HcBZG5eM0p5aorVV~2d*6d^3WQ*iuOt2tsWB0e^a$Z3K0WwyoS~{Wwwb7%-s{l z7E-PZ5SO^EsU7hs|ktkfMN2 z1Rge};o;}{;J3inV?rYJ|QM}iffL1SfLJrZ%A#FVTuxFI4;;{MNQ zP_o1C{}BIQCp#k3zpr~K&z5tawo5Zv^_lX0#oO6G%X&qA43|d9PoE;#6R9#$Pwgb> z7f%UxQy$2Q8$;r5`KD^Cl>T6ZR@`K;;ip}2)29puA`&9rs7He@Km3gvMEFw^VHqV( z?C{Mk3`aGBz6cSbI%8B2G5kKoxZrvL5Amz?jB$I`CNmk*Zwfb>T-Tnibmw|Z4t7yi zxU~TB(|x3}GNL188CD*t=ld)Tda0#}MIPvBdQ0M>#8L?&%M+IRu*iMB8_V>4n}&0( zL}r^3KNp28ish$5!JrJU@8*KPSflRs2rgnRk}tro%EjvRa;w>BDYu!+IgL~n^ay0m zJxEH!<3o|v!Z3=>rS?wyX0OM-!C&g|cE)UaJhWz+VVU!Ado4%uo^HqGZDWF+kzpas z^r;ynXLZ9qER*PXKC){o!1FREnkAjR;N#Ci#byTx(vjXB5Zb??wQud`Dnm);FGm*3#_9?-& zlpArM$%x@jDYK_W!e`1XIca?+&i`K^)9=?^nRjV!P0kF>JL)Z}%azl!|CRMK`Hiv# zQr-W)nxH#XTuLg*BNvy-EY+EbOU(|pM@UTAqYII}s%ookjlycTVeyP$8*T1n4Qu>{71BxMHmn%_WkDIHFve~m@lTOmEBcCqt&}0LbF-u~bdsE# zRS|U2Mj75UBYxeIRLv%F&fsY3T!%PQvG25?Gh&krwIM<^95+6Wq&8>|IwE3~unt&y zBV_A<3%3w8C%O(8R!K{wLls#hDz)wM3u%VGH^{72l95HCa4qbSW^72<07@!{Tz@*O z%{a5V(0-A?}kw{Qo@p)iV8^x)piVxuy zToE^HY}}G)>FScVCH z3Rz)<9wmN-k#W?lFdAlVV!9I|O&MQcWDBm2^xbf7V`C=LTkD9#OfuYBhZ;1Q9b6T0 zS%(k<<`v!WyQ~@JFEc*tl;FxpZ;`lxhE!e1lQ^usMP?hj)Xrj3a0MlZcxQ$J!R!}H zquEkz#pyj#rofJ<_mNqmQcr%F5^NOjO9w>H3EY?F2OB6s34xCR5p+TZK4u4(C(+;o z;-*2k*T%4FpbTqpi)^3F!|Gy{i+}r}~o0AzgYkOEO!6fBYPvm z{{INQuD3ckhnk-B{Ew@n%abBDos{4<-@eks-o%YhH-AW;U~wQ$)LriKcXtHH#+4@S zsLohj%c<7Z;A|?|iQ|+J)hem)KAxAnk!~l`TxboYbU{6Syc+ zy09-yP9_I0qUH%VhEp3a<`NIo;Ils>rGPl~$u8O#JG%0wYfS;H# zu7NlYJvhJ6-s0|X2R5zodWLsz(aiFbdW@?*ctNBGg$36vB0o}g%;4o`_=6l7Hsi#j z9N}Z!dC}r0-3UEo{#v5gCEdV%YViCNu@D3qGUiB#cSo_^OcIlRa`3!Jdl?%$Cd{=L zNoMJYjtOU2BvLn+$-#3Y{KOn>7wMLztRv;y%L%7%w=WM?Q-zXvEN+A#DRv9zFAu*u z$*iu8X<U{&qoc#?u#^2!>YRKpO04>> z?v@U>qpnN%Sxn>MZ1cV=f;J&@F%tj=&>gY)|Eb6S^JHhq^zY5*K!YU1uh=te6vPN8)9iLPj$w^%S`wr5gzRt^ zI2#$imn4ktY+D($8f4bftR`+gc6Q$iv(Z#uVzl62c#JUR@J^%4*NH=^0xsU9N)xFW z+W1>$%>~|v;I*KTIsTfMf3Y=se$;>-h2q7mEFaG5BJIzG0MwQuhu2Adv6yj@w^ID= z-GPAH(^ld{^reXEYoDvf?d|p_JZGv9Jm>57c<@-!RuWt3J0)07E#-tASNM9B)ai}H z?7+;{YWh`?Q-T)COu{0K0Wq_Z8<0664_FVHBTm*>;rZb_L6U}*c#SY3PF9Bdo8--( z#w=$9P1GL7;Vsh&YNH1qa{QzXC3Ls~E>3(>@2DVd2PaqR38(+{+JZ)!QOr1+Rv=hx z6UnIbi4_v7Q9RG~?tr(}Lypg>TSD|6QEJJ{LFXN;36@cVhdUsrcU8Q>BQdl(+}o~a zSn$#sI{Yz{C2psrP3PPt(TFU%g>clpuRT~w*(IlHu)rfZRFez{4Nu^4TCgPA2or_~ z24uJosS&1baPTnBN$Fvr!AXflbBc|57!W5MG#WX&)$J{DQ3c4^?dQPu{n~B5fIA*w)=FP(axqs+; zVfDmx@Zm7qykK!UCZ%Xz#w7Z%nd$nl(KP&#VX=&nEnzexbx*^_KgiU|Xp}6m51SG^ zi}qpM2!e$hM zD1m8`SBb-pdz+0ixpDcB-4pIk%M;Coi*(7epPqs)RWs`#iY5f0z_%;#) zV55|5pk#KpnJr}!!pX$R}nm2D6?Ygw551? zBeEDYvn&sFE$GbPY1BeV*aDU}gC#|GMsQn>%+fcIT{(K|gQrri=uF_=f^f{=Tw*pg z8sXqpRhP%CqOi@MKgY7Ld~Vb76%9-4mc=f|mf|poJBTq|Jn?b47>I=6NWu&_xV`y_ zZf~SOw(8jFZ%GO?{BAFT3#ZV0#;m7|O`Xz_~$7h-FNn}cl+ zPK;MM;u>i7}|5ng7EXl_$a)v!+tm!O{!Fn(@0jTFLZI+&qx@ z)8gO+-WQ!#&^s-@aoVb_F{cg>jbm{ciLLwi!Va`Rw%~Xw^D)zxA~I7|ZHnp9l9Y$D zktI5g;-wn+^d&UcaWv~OOC|(aH^wY$O_}u!>PfNY8lyYIQH{3X*r+6Jc2;-9_IPq25@t@uP z5|`Z{C^6Z?GqN0_Wr^ zP1T6^?lB}KcoSTY2*sL9GbwI{jCfj?Gdm!vT6Z zL$ks&+Yp3ZHrYXfAGF};$q#BNJ+V7!3+a*4ZH~lRnGE+k=@-is2Q`$M*gZ=JO3erc zM>5RNfTAPQgKDZIVusKKTuJi32H48Pby`Y!M|Y@7*&V{Ok|OYubna-<0x_y_w3=Dd zg373w#V;3#2+@EdY(sK-d*}i;F4&LX1(Rjy`kcu@g`i6j$)`n%2=P6l#GH;MVd8zw z#NiOa4-AIvlm>$&PmHH$P<9QU!NJ7qT7y|sL&WWWCJ;ku)ywujBMfjNV()a9B^Jnf}+hJ96h}-_V|}=~g$Y9#yH7^RqvY-y-{#MA!d|x(!1Da;gZD4hfi~*p^&h zlEIh*r@jU=B!F4uGAjIJfv{k&1%dDnAPga;NJCR=8Mb)Rc9I;k@#~c&$J!*Xgz`&Y z0Tr`iNn}na_o`B-D}bd^{&3a@y0(hO;|DKReQWx!reYPhqE#SPl5{Ft(JHp0wYR$e zD%#(Q2i!3}CVi|xN|O~gyJOl82_=X*=rJM`4lhjW-b z|CK4TIRLj|7_-?orGE?Ul493u2pXDM%IJ$k<7;TjJF{U9F_SM=CTYN>wZJg~U$ykdq z1BYs^&F=4sG+<0w;g?55q)O_P72#2QY5e%1$yJ8^0OU0TX9!N|@8-QjtdHO)p%0YA zl_%_GOPv3Irc8Gv&z}2q&J=C4=8$@=a)P2MdyL#Kds%iSaqQ7y2U2v{7`~KZ&~PlK zk-;H!*wg#{G?U`tZ&(#ljM$L~fA{-n%O=wd#72V=W0jIqNpudaNoUqNOxso1M|`nr z!YqTn+Wz&layZ*Pvb-;%F(5_*2`s0P_R&;5@y5HbGv}`*2Ah-3z3;X4chS};K6y^! zgi%h$hvcgbeDWL&I&T_-F2lC}XcB|8t+a=BhP**HSo0{k!NnVLnUCo4ZyrFN1$!F} z)u5~B_Xsr$zd}NwStRwMC*KMQsFKbUss!C-%)<7R;eruXB?t?4(5#Dx1qU>_NQw(C z(Rz{?7Tk7P|GG4milokvSt`S@N)W-&wb53QFaSQFpu><_1=k-Wi`l}Ua#IN(e7ngl5ca596=sHbkevi}c zqkC7qN#LTF1-xTnBf4w4VD?Fa4=e=_+uC1nWjqVIJzx;x3Y znk-f3stR+Jv7)Nd6qgxTCG9D#k^#+{k)lkFW2=Pk=`(Lbge3x%lm5I8;Xa1x?VSO< zIdfJC-TzO1kIYc2@7LAj?aP^~^=WMC-O7Jt-;=cl7ue4i$pB2Bwy2WlcTg7UPU#~h zLsIes_oDi0`dg{Kire2MlKCoWQKJ)U1Y&^uyFlr?(kT4_#EO{GKPflGO$c(qu6I(Y zN)~|}knwmNg}BnjHtb(~1QM}!2UYpW2FH!5%;nf6?rEw<++vO)Dam@2K3jhal^_x( z#pqN*Fhk<#)QAK#GCVLf#Qh$6>-+8ekQA0lC+uMWe@J?tE=8jcrj~`V-=y9Pznecg zsVmZSQUeGRNGTHYOsJ2_)eIkr<$a#P`4P$elL5SM2m{~=+lC^((Hu2>MdBL+h`|rZ z^i3}RbRj}b|K(KplbN{^HQ`BZ=JrnSzl_#(vY}f^ectd7-9mR?no4&g6n&iOZsPyz zW&33Muj_jAY&rkcKB?KQUax9Y?olku&d)kqz8V+5kROE3FQGCazT{P6H_11vL0Lll zsOKP7us~AQq>_{Yjekn%5{JE)?{)V#(Gt=6NZdjPC6cnxLgE%W5{oljd)f3=^skQC zx7g)Z%)XUkhL4DSo7q_!Lo{y@_F0v#Ka|28-*BbK{%A4>#gCL9VAuz`Z)FPICvn)2 zr*NcoU*Bo{E2yR*;f1k7oOG8a^Fyop410!>Jm)F>jl3Ea?ARQMio#qRNb?w0dNQk6 z#Cp?M#<<-O&ggH55HvQjrL~ZtQ8NK6!}24Qq1yiC!p><%%uZ{jYExx(Cill0S`!;y z84|`Rc=n{vQA01kOh{yGFHeb#J##K@Y?=?YorJyoy#A#T<`Dl&5J6kDq-D1fyQraw z;4rt+Aq63Spre?4VRH1Y!GU?xdfbji!$Noi@)@qgJ?vj5-W+}Cq% z(9YH5;Pk&M6|=McD}M?XhVuub2#X`KpD>C*YfzFF84=mfuofA*o3$vV@JkFZoYcY( zUv*&`5(i{Ros=2`M%02xBNpqxFfUEYrraaah%;-A4z&%}_SXrSOE97&GRL>!8eVOW<}TT;13+@$;A-svZ^ow3j5_jdcD2f_)v6#iP0&``kMCbm(R zJ$$%RJATNtf9zIDPDiM>W3E1#`?95|+2;y$`#kuR9ICSwYaQmKl-~+z8(T6((Aqzn z5*c>wFN=?Gnyal+2HG2hdk7py+5lM{z}^Q!NpJIcySq3s_qUa_mRFk05ecT>@%%P>imdjsD(npE3U5Mj_DaFxRZIrT+1kdEj zDUKEW7evHSEPNrcO`n8r&y@c2BLlV3vxm8XTF%ClvMUTPeaBJv%r{lxyfCr$Y3n~P zB3feM?FwmArba}xGOX!_8XB|ppPQ08iJipBNZq{tY9VzA(FloBHzMsa!%`RDFo)Q` z=J!`o1t)ec2Naw|T44KxJeOm3eqVWOG?!5BgbN9 zm3&6#!lRQk3srr>xTHi?fAV#bH!SEk8D!SetmMQ8L&3F^c9{k?479x4!;9W=)Irh^ zxX5@;%FuYH*W(U&ePn~DYMjCA^4MECaP)3|EI-5zXW<>d#ga1*zK|zvlYaw6e@p9QD-?)`KI-KW% zkCF%t6=Y_;d369a90i8?otQ8(P;PJWOPt~%X*Qeib+?$}bs8{~Ys z0;bYVx5MWR^R%QZ;O+zm(F)(f9h1%lW33e?tFhc{wN}|G$rC9hjL-R8d%)ge_tV3f zQ;Hr2CtbcCS})w!`ARJIDwok}DyIcc5i{=cd7a&kz#OmBMeCZ#DNlPs961GvxFp88 zB$3ClQj6@}9!Gnf$LZRL3N;EcA;x!R*^6tqh_46e+W4?UIEx4;^wZ@y{+f#ZmZHx8 zXYWnG+`6*!K-9h$MeW>F6se7pP=&ovrG>2GS`;ZRMNyR0YW4&0stO_sfUuA(vMEiW zM5ciP%3Irs~Z^Z#u>NcIQC59OgwgCJD$!so!I`qw%eJ-9(U&4 zd*6MyZ^eDUdk|2C^5?HbtPkg%d(MCUvx(U(?8SnMJ(L!cF=?z@6vW6rgx+~Gp2_8f zMEnlEKlJCMg$$f#{0zE9H^fX*Ob~$!H{$MaSP-UzB0h!sM;LvyyxI}I^X{P>n4Dx3 zCzxa6l8{g2&?nb05$yd&Kowp7-9ysvK=&bua@EYQL~lrnxm&5sjfG@R%q$5}c^4@> z1tvpt6yV_mzQ62@I&AYi9`qGLCb|L!DGG^j{8hKZq3a>6xhpVqFLN`VC06e?*iCqO zCY8z&Q$dA^?3CgOdV;Ff3}xF3y$?K?jUnD_N}Uq+&IWj5<@PFS&|{VR9!$w{*gc^q z2cD#l({iwxZ_yLP+=EF|bPXEODH4d$Rl{(^bc9Iq|1bmK8)N_7=*CEV=(~d-421jl z^!`=Pk9Ge*SG%$R+}FLa>wz095!p0ZII1!$o@w(+DcS$KVMTq7l=Qjl6w6{dmAjaMfZ|LX;*iXm`Apr$8t?3869C2~ zqawl$jI1OKOb#O8_*9a465f%?QQ#8r1%e)L*b@i`!=%;t$p=mb(@OfL#@~Xcr51y0n38ZnA1BSr@hGv62 zyA_QvJhMeQ}_jRwMk3toIa`& zWi2A|7`SFUgfaBs5Vm7Pg;e9Z_(inyazrTpf5`QTYu7vDUmE*&V=s>08~M@Ue=syZ zcz@t``hTKtrMI{HTV1~jFL3Y=>X@I#cTaba1OMGyWV1I~yQ|^Ksn?;Q-UJqpUZ}^fV#J2Fk!~q91yo1RdVcP~ zQ>^uTuTBrlIoh$6Vmys_6gZH@clZgEO38|eC8?h(yCP)7*jtdkV?B5_DWtP2puGwY zHUHp%Y~wTqll%%uQ4Y%X&Ro87oQwIDA%*pE*!ER_ThE!3%~7ZZ^7T7_)>Y1A#} zs1)tR(sIfWUpQ4TeTT6A{DXaXhUBwTFCCsZDR%&Sf>)sZ7ltEw+2qK=g-dVw&Q8B| z>5b`gCocppoxnu{#N25pLZ8<+=?#F*_Rhfn2lZ#Q5<^2GBKU9jwCJ7oi+(>^tEK9j zU7vZd7hmct=u)deX!TOrAXIy)*=Qynk#>X`kNW1iYMwne)n9_K=hA~cSSP2@#cx#6 zdG+eqyrj|98yioq>sA;t)^1TgADB=u7+hRFO^KtdtIk;XINqLCGb5n9=kQVbc>xPH zbp6(YC$XfDOuaP4k`ZX_J%)QswFY-9u`Dki#cCE^5AiN?q5Q`N^^3cI?~)kvFBcE z#V!0A%?%~SiyByrAlD}!JSNTLg^R7S6!J0m@E9rTzZ<$-PTpYs)d!E#D?U8&vFt46 zEB1077g~Q*pBvD-R=xG3%3DArKJ(xa6Sn}3nQTO3r1MuX?a_3%0P8Crrn-GttJ|Sj zkBz#m?}3#f)yMuM{)hShd&Z8BJ~r~f@E3>v_0Z7ZI|Ez&KigO8`AYXUyPxYi_i5|^ zfb+JSYOl_D17?~nb1}O6O+9Z{A3Q{n0QjeBPl{}$`TP^_firVa>SL#HHqsXmY!-LN zrlS!tyfke*B?182E_xED7}zcSFit~V3wB#D*p`6ss}IJhBI%exPBX%-Ncv|{eLoOL z;5369(FbE#t%Ar)-k(w1aezI3W`VBJNg#HxanG-?Dy&*jq)B|IdMgor7TF*)RY!8H z?7Q*fD87!T+_d`I0DuxGJK5g*j;cWfKw}(7y!c=g-)0Pk3K}#NoDK5d=7!)!%{$!u zEqNMg0U#bR1H_yrX_2K~8xk74xp5MA{q%!j#)DK_U91^e<1~f^6Wd^i=K9MIhOpH= zimXVv! zKMN)OQQxGnD!{66;Z}Asnp(ATp$X{wkQxG5W-*YE`3rAh?2E!~DMm^{SnbfAK*t zz5xcV2)IL@SeGDAK4a^33q(#qLi>NE0&Tjmx3{a7Y)?)`HuC)-rQ6OF%6bKij~TO%0AB@&9*SyWSrEn`7S^{fp6sk>c=sLq9V3X9FYs zyZS!c`?c+hFu*Gv$mZ+NBIf%w?G7`kQPBa z8`1k8n;9$4%)qB)tm-}bI=LD0QF3V9YC$(n0TF&cj{?9+bs>Rbz^iS|Y@f{&G{oJUp9LSEUQSXL7*+WO+h*df=LI!ME>!9v>u?HXg6uU&9v)2>kHGn))b05XO_f zyJ}YTtHLPySE*1$Bi@?)6h*?c@Z$a3_&gazk(QitLtsPk3-pds^P@@N>r_UYYi@Xa?(TpgtAc=Dapad00jE55nv0`T$r;C>#fry=&|%GR|Y_OJd&cCeX3SQ8aWK)m|H!6vYXZSj?IGS$xI%MPZiGA>8VuZvm|rg@KdFR4-oR zWGoSA4PLytlR@$SF4xbw#{bpmKO22~6VkE2>Av3WmyeMmVnjJE>cWK5F zjC=D(BN5DHT_>HzFh5qdQWfN50%#gqs%SqJD624G<>c$es#3y@w=cRB67O0!`$@?O{exqoS zt5$((Pfhe@=F{{robqSk`1X_j`!U>K=f%0Lqo2G@N8L*G6#&@SEyU`4H60r&I&#sh zFQz|;W(=y)I?Cs$pJj7j&^Se(=3%_$w?cdkwP_jXcSE|Qm=PI3BVQ>xfO(L3KrG5t z!^7ze%$7~%vzj-B*~yY#{s_po==inMRwHjUM^5QpgpbvPl7TCJZi(!wOLsOyI%E|;-Y zeipkKX_avcwZc&8`vJwhMMhQA(`%(u`S2G$u6j30xiP;-QAuF*dk8JmkatsuDOJ(q zFlG7+q@D)GDd;<491;+(74eACW!9#%IkeW4%>HEY3u~s%9R%7+ zkg?<3<(^5VI?A{x)Ix~aK!v$%a8PiHoXp1FFWkmzg(h$9o{$?G z+2RNW^7t3gN@w;5*^4_le~@0Okm5&DfKwcn{e&LCfg8g52_uAm6<2CI>L+#}zyZo~ z$TX^fyAxu@rl1&MTbVAQ4Qp;2CLiy9a$-xEK4y> zLllX1>I`u0fNZbSxK>KO@!MNR?UlXANr95syG`A5^Kq@l6>jV;_RBZNz?txyD@Sim zvn^E%+#P^keNy$DF7&c=?0I|%CsI+M5>~To+A$peyZ)VP?8iroBTo(e!@>B#!M^YI z{y@*0-GlIOTmKbaDDK5~OF1o?i4m10L8<_V78%qUTi3Etkd+~Mh56zhYJgJxc*G>5Y~Ndji#jgis?%RklOhg z&BDIo(=tlhCC^4+@ThV$wmlcx7)r9&lA4yV0*iSNTL)tn)3oM=Qoh?PHlk(Yak^QC z&S}#x9RejIyHXJp*HtnuAzC~QZKGt6q9f~4^$J=oyPz7LvN5SN+xvV9C`MBlI9()* zRuN$bAv+zS#F$7Qmn}D3M7pSW?#7y)SR8+ zje%_k9iFBion^prY6i9BXT`)4V)G!Xv(T$vI8}UEmN5WkoeVcuxJP5=b_!_J0Wm99 z`kXc!gC(pu@=`U$f#ORtInzmD!F~pJwFCvXg6=84h*hoi>HjAChfg7JRwF^ET|0tr z4&u)AYuET}ExQQQQDb1Q!G%k0e1Ru)o4kO9h?2CO^n|#Y1;_N>UAY0Slcl9wM_E@x zq*CoR(WK@I`-{)Zo@JL_afEU$j{)sZU3625BkVn$#@-k?mO`lboQz?>cIl9QTy?ii z3Eb=zOoN;s3i3x?zu_AH!Lhre?~Z(F`1c0CFtE~puJ7TVeD{;^L|gp|H2~9q1@kr;C4uIrxqnyHTCF)-9mMf)51oU{(iv{Gy5c`cfa~p4nYZqY>Zw=*a zCHdSC*Qll#6re2^J=hsYRHR;u6Ho9#b;tP@Cwl=!6FZzx{6FUULD%^2kNx84osq!s z!-HQN$n>A=d$D({`;WVR3Z82IU*U=38R=vkf#9=xGW?z^Fm*2&nDw(WFcuarT)lQ8 zaPsPjQx`9s_sfI#3{M7Ld+YN~dcDEP8E<DJtttEJ=|n+V%+YthQ?HFTREkE18;byiU*C)K)E<4WoHO z;DO?+jC^#aO0-_#gw67yMonACh$<&Y{Qs_N{P)JbKAIny8v5shKRS@;ztA_-^R4cm z@A_M=ck2!R;e5X(o$qH+q*}F-e(x0z#9A||vB>XU4xOH#J9p;Vi4&*KF33@Q4J#S; zPtHtFdOfh@Z@RH~%VxRTVT2Y6ce2Bd?p{1zfK=HC<2oY~obrjZwRohY6DK48& zq`9YZI@CUARoubk@?~|JG=x{M1!EUbtSEznzS0V z9xuKjOHmmbP&Z-eI5$Cxwx8)}A|Dgy5(%mas1VYs7@sPh#YQoR{Yhiawh1zH_{{5t z2u~FkWVgX?3A1Jr<$I*r6x+%NHLIB3Yv46V{D0at{tw2kjlMQ=cAe_`OO{a@&d z_xzjg@9$c2o#u-FVPsGQ3;HOIQTJehZijyv6=@LFBAnVo>#DV zm{65aA)H}+tx&aPg<~mFJy!gjvQ$?)d`6_Ug4b)R%7w( zjp~Yf1*}9Cm1hdF)EvIA_*oMR3B@N|Oy0J&ko$}8WAOyB#xhvO(xE5BL7N?Uh1w#m z(nB)4i=V;rc^1ouDT%Y>V6Ud5+Ss>MkMqrRv__rif#Q2uC{x(2R#Vm1*m3G9oRp01 z@dFpSgB;AevM*HzTI5)DaxnSyLac_CJzjhVYndBsnfmDQT5iL_FZ+(4%}Q3g?(2!- zH7psFol>y9)F^q_Zd)VNznG6C#hjC;&t8a@#n)RyX)YGu#wYJJtTgNHIuY1nI+eSa ziATjV@oX-YS<^(IEvr3oY1r%)KwFHg(wS5&AI*_s+H@|SN-|G^QOo46#8(me@&=2*Y`?c(s;H*}8B;ee1|H?DY|ulK%g1y2gKgY<={=@E;Ft4E$;T_w}9Y zJ<@|DJB`{G^IX?Gf?@>E&w*jq3d?C+jsixHBm}PNls5sakV3c zMBzd)AsZ3M^J)z9%&e!yjEKFeVUt}B&4fLH8KPOe#T&9_?Vf1S17u#ShHT zb`a1u4-2};mRC9ni)aY>4 zb^MOl>xax0o|jx@Szde#Ntvs#8h2|~%(;t8*iWG()vk$notpoqn7ftA+*nBF#LSWq z6`i!u_KF;$Y{iw=WIjGu6tQL!evKKwYmHztE-A4OKev=QwlaPp4fqZg<$cHd?XbUz|fHl&w9hkMsXvD+>9e>uY+jxL}rR>Sa5_7F7zopED;<# zx5G$qM&-ZuSu%UYrhqamBB6O_wm8InCza$&Kj*VZJyQ#oIO1l?y-a zJazRHZ(+fqoNAAvURgyooV1K*Gc9pk2u{&VY4fqVoj5fDyCT-d|w4`K{7tBdIy## zcalA_SqH80`>YZ!XHuxn1}`aEc6)_z*cY4j8KaECQZa=kEhPcelxPqlFxE#Ko_194 z*+vppo4sHNlOWM8BV=3F#kE**XTMam+=yE(45 zt9`Dv@R^cJwy0ebsysY|+MhlhXk$S{l?_C&vgVs z54x*t*1*!`Vh(8lUytU}SeVAinqMy2peKtT$u_8KLRo%I1t^$hxOQVUA_lF-H{PMs?|8MoJ_Wpd&m%9J3>sR1ONB;_QrAOtvsOeF|3^&(F zXxd%0IY74MHWv1k9>Fe4Z~g+m47Y1{@w%_{Foqt`jdge;s^V>VVe|1kv|z1@87{A` zkDa5+kD#tqjlkqsXt#V**{!d#t5xhPFeE{xMl9ocHu1t{F}$Pim!Urp{icuW#ub z$ziR(P#UjBo@xZod*FEyyuM;^L+U3=WB8csb6Yj7*!X{~rLGkesX<={@1MzGYSvTvOjk1Jt8&6JZmX*(DLIzI_D{gN6s803wVhVjWJ z1!l_00hmbOA~V~r(#VKc*;^W7@QiXu7&dePwsy=2&omRH+Uo$>Q~NGdfhuj?WNA=7 zbwEEV8v#H(KtHnGgGSUhUuj)SkWP(O@*OJ;uy9J*06-LqXF58yQ#&>OAM1M6HU2$g zr$)y{-WvYVp+6mbFz{aAAN5}7InaF(p6dJ=NTBdg>1i3bb+N;);k1Isi1q$Q3k z&)k#sh0;MR6C9MWQ`D(UxLE#0mLD|75BlI6-eUv7I9Zy&Kjt)$v|SS)YIy_R`tXaQ zn29HstAV2VZ)%C#4S5{RW!K91Z9G|eiUsV-Id0e_dwEQ9TL&{NXrzS+LM|snS60Pj zZW0hCRJw4b(#X3&ad6p(HfPR$6DcJzs~Aa?4&Zx(QtJRPKCV-pozJb?nAhS-t+P_3 z_sfQSXW{wMer!F^&{xHN5=$AL<_&$d7wlS^`MO-%CnGt?0q788mLg8ak(}*er`|Yl zXP7ZxX>a>c;ZXOor^@HmTld0ix%43gk13IwqynWUt1@2J+F33Pga-^ju}uT%hB%s0 zQ2mHn-n$SiJ%Nv*l-$>Zpy64rR2*Lj+Dc?(qmk&z(&Mt=z<%j5W<0QmMxy5Eura~e zZn|t`%vMW}$ruG%GIcOYkj;=7ks!P$y?&tWg&s{b%Ez&#(&U0)P4(Bpai>iH>OU^3`+M?8MHyZ7!P9?RkoNJ07kF;~bn z{>`z|qdz=yarnUC*9Nxw-|O@D{MYU;cYOp;>HHN=lqO|;H>d(?6@9lC)x@P_s!as( z{*oI*M3S~YsrD2QFj)~}GcvpmnGbE{6fSaqzw|QJGpR#c*$0F2A9Q8@Of*1pmUShWnhAGk&n@YeU&uT^#)O8$O= zLZb9M)~E&4L*ZoU zSu8T++6hY~UOP4t1jgr?_F;S=?{OI4cBxQFFYm#|twyyCoxBHLyku|QV^8Uj>{PoZ zn7ybpCCOD+abhK!zJM1Nn4ig(uw}98#nK`ZeK1S<|DSP<{rKq3k(r?{4SqZ@-XH0k z>fP)~cAxHgMkn~+aSs(HO0!sjP_IspUZpW-8ki{*c1nlr1ZGw$n-7;}Oufm>7 zM3yS->py6A3dveU|DICV#1uh9_$| zMvc~R8HzyDq}O_5Pst|-6}u-2Iza_jRfO|Fh0RF;g@E)T@m8p&nkjkl%|W10hu!2= z-9@%g(J54DBTE98XhUJ8r{s~{XlL>+SK0x_h)rRcp&6|DW5l?aC1MTQtwO4%Ng(Bq zoiSoC|16#pSF@yFj7Y_#C=~bqclEf&|2oY7`^TeC4*$f^*5Iju=lc74|L>mv)cw!9 z{t-O6z5k$(_zVW9?bAoRyL1|(Cd4-O=!HsLS#h3FsWlK2S7^4cbc%tJIyHh^G~f1v z?$R)U;nGPg9#l%vHKFcBG>&|wO#(~mtEDZuJbm9!Ivd?XR zEO0cY(}%vlG>-*D3S%|1%Q)*|n^E5BY`L4!aXL|&!`M_R9B$?MS7!ypf-hPtsI6_o zojeLiD;eqirDNuLW@(_6c{tfv8L_isG}5!B(os3+HW;8{rC`$WD9COpHLp!%Z|QXm ziUBSh){ zw=R>u0j+Vwg}-9y6@1X8O0N&qmC>BT5S&NzHd1T#^6)WnNysO1TpgvTr%Y-l#S?Z= z{6E~)i}L@chktkIe;)jifqVTz?`Zemfd_ZUAMos#v9h6X+JI;0@hSxWI_Y$GBG0~D zx+J^&PHQNdO$5}QBdwvITq<3}q9$9u?$4-=E@wMRlj1;o{gDEVvnXEf2*+VzhhVly zFc+RIUBEzxcygWmKUZat^BG2GP0?cvUI-L(MH+u z^g2qx@Ux}!SURZBrbp9fgBVL5j;=|4Hg*BhzSjsP#@)dgAt3ntp6WKD>!q_;(o)-lj+yuPIMy>RCWUl% zC6#Me5RHsIEcAtSzSPje1KAY;mOj0etv<@)i#$Az7FlJ*1YOFQm83vF13L@I|1Zes zOh5n6H4eH-=&aeH%FPZulhlP(E+Um0`Tr5uUDx=3J9=jLUk$xI@E`hrsqfjIpXvT$ z*Z&0%JNXA&w%(T&y0c|Vs@S0620JUXj+OC(!Nf3WK+WFLXIhutg=GfsVLW5VjdB$_ zZCh?MS$Y?r8xm0!demV$CotZ2VFPRU#WuR)ZGo|dPnE7=Ye5QeHKXIWCs;J0JIls6+Dda)s`NHiUj)v(CJIA32E)sM zbK{8>(x@jf>YEf+g*&OFa4S0*O|7yEMCz{?vr#%U_0Ga@1uLVc%=Ar|;}iK;&}Q<< zWOYU-VRmknu6D2ugf)t4RM{xsgvGi-B%X-p*6P4EQB!PF$dulajdjDY(n(|8WCFWE zL}@N{$Q@i^6ka!Xz(ch(DLQSk=sUqF-F3j)-I~E^;d*INc3e>IqiNmeWHy_@Dmkc8 z8d8ZBB4(S^{E>!mLLZ^aDxv)UK-W>%cxh~Pbawd9hCbi@}3et>LP_k-Ev6i;{$EY^4@@6Tz%N5)cL01l$>(BVZ|21n;buHVSnFIWjb6-x3$)q>eXKm;G>TpkNu;7TPKY<-QSrQxPScBH znw4Vs$v1^n{O&3E=TtT(c+s212%^XC9*T(xF(+O~UJ)~^@gxrGrJn^aBK~ACeh0nZ z>yaP1vX;i5h@zL6kbwpCAOrMS=vq`?7eU{aOp)tEUx_9=!9!FSG@xL08Ls4bDxb`u zZ-tkx3b)yR-VoR5cdV|#KhPJ%jngUcY%HEdH*78)SN=@(xuU--=bc=QM>8o&P-sZa zDhL7HaQv2gcS%lys7o;94SE8;U~pzSjNW0YVf4!9(&iB}%=CJ;z#bgY}nQ%e)!ONnMO`#Kf_t2`C%|eO} z{`(Mp8N4bAf@B{;^1K<(EZpO33 z_QAks^k62H$`N}(g^8?{;t6_;sx}SHi-Sltg2BVn1U%%Yv<{7(B&v33$1@@bsOE6J zR;u%-BlPslD1Auzm75F2Xi!}~Q90~dEq3anD?j$-U*!{um zYJm+ZG`%VSBg~|JLd-@p@rbxUCqbLCVXY*5YQ*$}PoFaozJfcG%5$blpTlw_4TXB+ zT?0JBjB54>v;?78ZAoA~KRikV2LIun@d-2D$P(sB;PmT>Y)|PrrmD$!8Fi5a8i>m$ zFR@yr-Jk6JPR~E<{z-VM^Jj|$3Uj3ov3?_}01DX^2r z{SHD$P&;InifPRG*j&M*zx`Vs(@@`pu$$6yki5!crLPd z1hXTSjom6G@j)bQ4uw9JvqQ29&3gFTeH=fA4id{Ol%a7|gWe`$nwwkysI-c;^vG+^ zuBRsatmHkg5IZ=ltP(wb`Yqp?;Kgev-wnNa!Z&wX%w5Sq>X67hnn>kiIrQ&I!(=q{ zm%`4?Y$_qXd=PTg?riLa`vdriQ{G9~!*lRlJej{e<(q_EK4G`NF@qNf!d9QK%z0J) z_X(*z4;!%cR4Kto;4!rX0<%E{hpCbP4L-0KvaKxv)W?bbAAa%;v!7h!rnl)&{$S_* zLd|76`Gx^hK{K2S?b7+DyN zLE#h+h4}3w7D^vc_|75=`kV!7X}KiIp^`yX)e1$|W*E&{q|}(GN&o*5l>h%=bYSSG z2OsOd)%SYuME6415nICE?eZao{iVCu@{zNx7y)G=z-s@aZ4jAnTrS;_)AK-Yj1(?0 z*$fg^DcDW@YzC?SY9CgED$I+buoWB!nLI)d}t_`5_l`!(&G2?u;( zKYY333ZWHaP4@S@ClvmkAjnPU0k+)k(o=vaZ`<{)PQ2L(_orr6^*DZB{qsy922h#Xv|&t@#-; zC-08E;J)_F`Sjaepba>W?~UFVaOvJC7^HVEhfdGWojY^w#EH{q7cNngOiqsD$hg_Z zhv;@^N(&UtFqL)c6EFINP}nmQz+^3+w|2dhV;z~I(%OO}>r`4Jc&uA#4FN>9MgYNM zQ@3pZ0o70$*6B2smf22Dhat=A$p1sRE4X!B#7fM7g0e#K|A_0JYdkvo|Bn3I;a?ca z4_@i}uf6}FC)xEKc-Yy$LT0nSbITb!Z4(GIZ`CT?+U%1Ngu2j1!rnZVs7VN-*$~gk z(*_FPTSMV}{G#vJxU3s0pmT0-4TXPVvj=-#Qdy=K&F~c75Pfe`p(9wLWBxz6wAszr z0%hB#&=Mglcf=3MV#Q_|)m;2`!wu z_KyYFAhnJ>;oj26SkX|?+wO^zS`v|~qLL_DGe)S}tZT$RRXP4@SdU}+y`_(^baZm{ z1m~vI znPqI!d`~2Oa&sI@nuIUw6IxhlTFA1EGHjao#oB>BwmF6cDM2i~jwc?rYg<7qTDe1` z9a=GoM6Cb}QYwC8bCglWLSrt=agf?{1l1T@Yt$QQP0cf#Bls5SHLj9Ct3&G6k+?Ft zIa2%i(&jL0TsrZaG~fX2h}yQW>P(-rP>sEJbEpO`W2c9z>pGS0a2v2JDqMDQbC5C6 z9kh_huhOmvR_|)V|IFq<4KvEcS2<4;*vnEWoIWctn_@F_GfL|Jf5J6>e{6WFWEG=_wI!Ogu`wo+0?ua=ufwmYttyRdI_kDO=F=@Hm{DcfWAVbkukiD%k6ph8#Mzx15%&83wZ*4v< zA0YjDH4DJdaSCKRp+l%wdrUqU`l9bp8#Y=kiQ33)KH8DG{bjL6)<}~2t<6U|W(J(I zqI1NiAhf3FAFd&K3udNc;o&B-!?$bI{||Rvca6V4c62m6{Od!}fp7Jn?ES0mufl_! zzeXicIJx<(tl7{N-^nG`$qquH@-wm^cTH#ul|y{f6A3%G-An|*(49hMrSDQl7S-}d zsm~eea1Udp>eS&fXv=zr2q=z2^5JYaes=tD+RXmcAp!)LrP=dTtMpo zXIfF z>3f5WtCiNJX4GWaYjuo66x8?zT)`xxnOd#@A+mT+1y^Cl63lXk@rLG~YvJ?at7##gkv>s70maNvYPo`An{F9f!c1DdVs@S> z0*hiapMkyCr_o|ZCsW1to;bMD>SfajGEi)zczhwoJfjGUCA74E^JUp?>GbPzp34Pk z^HwwLmhA`~)HfLwwbi$zV|ViBc14qWH($gjuro8#ULa`%Hq7j!wtKH< z^9a^m!+?+r4YqwinAvYx6=QYfx_PQEt{lK@WM8=HN-(?`MTEBK&Nj%uRnU2kK00!8V3k@4v6ubbC3#)EVeyBlCVA$;9%I241j92kZkXvTJ2eNR?i}_+(uxHGRkxu1AB|;b6U~{bBYR_C#m_9n?YI4 zAqv#QBb-dv_KN~rA|46I_ofq%*w>0>mkILYyVDuI)8O!(eVaa+OV;Vi49#*4F={54 zY;*k00vSzdLZNrlE7O&`Cv@spxWwZyU1_sKbUYP`|3_WFhUWi0GV=qiF4Eu^g!ACTN%dv{oJ|~b z4YFk4=1D_?%P;k9YjBTkp1@kEI}DDWOQOkN$E(Ec&7bR+W?CEu2X#NkWec}!;^Y*& zVUwts`6Q--D3&cGp}dFTt1VO24CHSc8+os(2+JX$XosMNUU&A^k z)fqKr{+x6oZD#q*Qv)z-IxZunUPq zDheCtQ^|!Gg^h@DOy?tscyuAnKBiDnDZ{a6^OAg8fkjtlIEdr|98P2#k_?}IiUT$& zT*MAuZ!Z$Dq+#xR(+u}+vu+#5j2J`S+Pr{Ow^LBWbp6}Jk=2N9Zg0LRiyo{-W6-MI zz`MeXI^gMR@RPST&&#rJ7+*Oq`|Sj>z#gAt0Ac_Ca zyT*TL?9Gwf@JmA@1OK%DD}99?ch~p1&RdMC3&%F!H@zXyhQkvSF0#$0?Zf22l{VfZ z3$09_VNJ4LV9np|&_2Se4URwkxEclvyoc`%i5yjf1+0=DZDww2-XIcncZLvJ9YT0u z^IaSq5Drqg(u1FZYz7#xnWj-^tqoS-74~nwBMWHPghoJ|PNf+FvNvktmCuRIYuG9o z!$~iX*KL0Rv78DOo;HtcRJ0Fz_O=|QtEW@&8+R(kHsno>Wrlgvlbcs%J=1iDSQn6! z*u-H=)tI7fT-|(Ymn*m@=p|XFp2AzoLN4g5^qLX$SH#R}JSpTvs%twylu+(P)sv>C zxb6a^v;dW7#AFWPEfLc!(Nqlmhu;TJQrxxxn~PYE zQe>|jDXakL+`qya?i|>l7GD8pr=#mtEsu8T(-L=*Yxy@8BQye_!A2-fP`o zhle|VmL*VF+FYrnyF39rwe20_Ay0VW_tgoAS+IX6FS7MPR5+j^P8W;@-Ppy1 z5EWM;MsKsJxM{_8n>)5baPvBLY!XeYS8L4Eoz{$6V|#smgQdoWcQ!wZ1&1b!0`I6v z0C18jZQR(c2L0p!-vI55 zSs77wicaZ7cR5&WY{j#AdkJ(bXRv=DQ-OD6$MTYQ+Uxa&rw{3LEFata5UZw91rsMQ z-Bw(Y)u#C1X1bPNfj6Q zMv{G-t8#4G85N)jO|NezSikUIow4a+Qb=c4QaL9roW1duxq)MK3|l_Pgu@z_1Wm_g zR|Hs@^Hx@A60?#NXpBop?B&fHSi}gvKxEePX@6(c9a zY%~*(h|Od$Z5Fn94^eP4&K`CRxxxvgcN_>r@&Bmn8lC_5(NOomU-o~}ccFKx`{%oE z!xMG>LH_S!tgrs5BZaPs_a);SaC<#hydJ26nGGn0@x66=`sDG@)iY<#o;`8u+$E~7 zZ;H8FsmzVJXhLg#1EEQ;cY4z6^G|yH-m4dnA5SH-sRYzW2)DBCZ0v^n1JIeNeDX#T z?40{17&Pd1KX@*l%-^2!O~SjwZa*k#VA2a8gg<3+DItov+hX$IS$OO9GpXESI+c6j z%K0PLLjm`EJa>Ij%)kd-zj}Vk7nlrs-4TyJpLL5uHs|)jCN%kSYp%jNy7`f$ut+{~ zrI0M3=~=&Gw7!9WXyn%x;;~Y?;`anXQNimsDH2L=-oqj!Dpu&JQ^zi+@;UJeLi=qY zMA#cAU9Pc?u|A%nY$2OXMdNtl!{n+EPjYSKLp4WuA0HIAVZML==I3oV*4t3zl6<_I zcd<@Bi_M-qpGrQ~oObVOI@%V>crzW<3tiGtDQ-ze-7`L6#v56}JfVKd9|o4*!9wc{ zT(WnuTMcfuXLAjoWxb7U{Jp;pr&XK`jfhFRy?GmJA1XNMqz7zH57g{Gza^jihG$Y} zEoRt1IRgmMGwGcMc;=B;OAtqy%aH4~1sOzj7OUl%c`o7JZ%)#H0Ng4liBpizb zyn0EQ>}Fn8%7zVslS*lGgstF>9MH-dvw7I?4Zk+cowF zqa(xrV(7;P&kP*w`=j1p@A4E|gAZH4LbFxIju0O-)6Lx~~=pnDWG<0mg) z^q-kqxNvFV;@O2a<|r{?OcW_;iB|GDjn?7Jmxr+EW{BwM>|Lv(TV%&1Xw75m$`7u! z@%avgYvn;KMJYn0C3CVAr)L8^#E&lQR?4m=D6yJO#cCZ>HXi|+&FvK;F)`rxDcFg< zBjQv$@o&m}w`yiYl*}>XHG6^M1LPD%bkQ6YHyW3d%X+YuY;ri2}m( zhZ-gNtGpLFa5Zflyxbj+aWSswr7UHJ+KRCvPLzAFB2HgIz=bZXlHEpNmJ7F>O9`=g zAt5BAkPZ`V?L7}x`zl_eYm{`pyH7Qvx35K(A+0K6l%5=~!7qlw&E@{zGrI_I7V zd3+IZ2^$adt3qFzJt6&u*@L)@^4`5q_LW`uP`L43J^D#ddsEFavE-&!6E^K|Z{gW#bG3g0>e?%~rFm(fN&~a1sfEyv-Um=={-xSf?QGd*$G=XSbiLf2F2T56STOB5e*kyhiC?P@1zKd2$rQijxTe? zR8>LG6);OeMMuhyVHv%G)khOdbE;3R{aHv0ilwMGzzcY@>*J4Xpjq@EWQ zxU4JXQAWoeTR*K0+ZB0A)j1_GX4~l)Vmi^FN5#>=v3hl;6_pd0-ocBQC>SO*j+RHT z))Bu;=Pt=dciYxyYItfAK%w}*uWQyd{tIJsJ^!Tp9{gwLk4plDqvidwCpD7gLG+cR zE`dNFTB8ubH41+8v>612Va~@>`D6~h&WkQlxXu0(V#zm!Rg~yDw7LfWz@LVC?#Xuv zt8uqa^hTnd0F0Qxvod4xEc#V*={TJf4b&g~iOjWJSxb|T^-gA2fha*J4Y!1nPY#A4 z;}P%$gEP}%^rg$dP^TI13zZwt4JGXmMVFUxF9pKBz;tZ7)-MLiI+l;-j>8~kRPv7R zj3K{`;lL71h$5He^?E&?=|FH=Ay@Jo1K-i_G>{TJr6*KpZamzdb3#6e0Dnxp4L{an zb_Y~qW~(r<_^Bo^xhniP`T5ypcVs#o^G9R2E(ShKrS5WGLQ)YZ4ulusM=wJY8`hG$ zhgQXG7W50*pPBahf*ya^<6#dc`SD&~ARO>}LS8SrhcPiB=EMt0 zrD2t{v3fOCxsk`*{*X5u1u3J?pswHonma;XsW7!j@0g$k{w1aE;3mHv&#jy!Wg81= z#eJ^fe@yJU`Vfl>ngj&<-d%LiSA`5plS{u<{U)U9s*_Kg5%&wlNEW5PSD~nb)u;qE zo(8u{$V69QiET8O&*0M=_lI$=l!|y!J@X&kU)m8#Z5xtzCY8z&ygl{P1M0_<^UEmfFp> z$c|Fg*1HAtIdTgaFhr!UlR(Aw|6O}sW4}E5)sg9;Zwy`>81DO(-tX_Z*F6gl@8G|} z{_^vfDLRT%%XDck!xVWGv8hp`0Mp5ZFh(sMYo!tewKJ#KpD>h1%g@y~e10>-*9qPe zh27<6v5LJkbp(oL>ELBX#klhEi?|}bmSWYJ7`3%*mN*5fMquJ~EK;s@utR=uYt(wi9vlMqxOok!~g=u5aE)75EoA5RV(TyL5_hB%s!zjogS>8AX zkeD_HtduI_j0^d`9ib5r*6V`!BTFP0%h*M**m zsdcZ`D2CpRMzc49p1H+^xwER6XfAL#`qttVvLU_mEg^sS!`hUO!i!!jOiv zmM_PSEpm002mg9_m^_q?0yVT`#v^*(WL;X@KZ-?D5AC`Ko?3P8S?@)YZ2(ftt zk)7s{9$7sPO`p>oXTw~{C$E-YmSHx?aA8BI)~a?dt-~gCXHega`OMU(d1uhZP>mildyZh?sq%~1X9jUnt}z;*?HF23_@ToE zK!N)aETK+;J4sXSE5Cr{LE21oqE)UO+llIMhIYWJ%q$7Y6oGwG>JJtV%KwjcLHz#< zV|Pd283_)%2LI#0&-9<^{jHuK=)MV0bpBKlC>$#vm92OONkMHGHSzpNs<5a0Iz5z- zuh8^(RZ_#b$rlo8F< zx0AbIv+ndzBbPx__v~YOj`q3o8LV9fY2@&%U!h$Fk?u}NBj?Jev67*J5N5*+#Uwto zmy|6CF*t~AUPQ?HTpEwEF+v?XW@;>&OO{Vzxf2RrTb&%{o1wTvxB(P{#QDpUb=jEF z@=0tH43a>c0tbqqmLaVZRNBkJfW&A}YY?yaDbJ_a3h_)W{M<^dW-xDsIz$5){cw2^iv|VIUD_r* zDBCb|kTj`IRHv3?S|YL_s#8NMPn9oYsTkBGg2E_hd{b7Ty@9boeNGbl7X)?d9n=j+QSnBHYlVI>NIavoW9a?6tKBHHkDmxI~UDFM}ezIu=6y zAQHw=*vruRNx>Jri*_{WC(9RV03GE-Ap@qi19YT;V~V0AHft{foulP9nM2db4^nNm zlwv(!LxeuFCdzGLcUUu1hX|+3=VTG;=e7b05gGu5otWGDZ21i=I;lEIvsHHI5ZSB_ zQs-ntrhwG{A9aoY+SvWk`Qh&leQWU72EN>XtuNg3&F(k5jyfLxxAzwmM#>QyN&{!8 zStr3+X6#&|#a7a=W}anZcUi#a^#}xryC(`qRY?Nx%&f9e*TB>*puyd>0>s8bX8`+l zmai)k^Ll3$&mwo{(8P7b@uS{wDXe5)EkhbI4ZE5YPz;(tI9R+bM)Nr|_gOIo7=H~V zbtPW=Qu%ZErl0}=@IUT4Z^~jimAjaMiTY>au*^KOR-+H9vD@PbPx|DdsfO2eQ>Tq) z`!d12G=-jE6ufztc@n0vWO8)uaKIOa@&7P+-aq3d<&FEx*YUyEpAO2K4YOKM+)6@a zYX;C{Qz|&)0zC^-{b$?pBKAzvJ5qihYnj1%Q%){&hpacXStFr+l{(CR(=;-DO99x(93By&8B(Lt({nf zdP52mSO7wwv&0a*Bg@c$+*O3P2DBEn^tE7LOXLNpm~0Z^eEC`pXUSC|yaT8nrTUcNMo=)f;<&Ax5j#ZLp-MeoBwz z|6g;Be|_xj(S5^T8Ty-pcLuKY{bBF_(lg)nvFkO{@VxMPIf*4sCamf4t3e*~>9kj| z(|D4Efuy6X;K>t2_T<0a)hsh!%cY1BNo)pbomIwoYSTKPv)jId#ksT&djsHG97*eJ z43!i37LxjvLQoxEb7sXm)y;Zooof9Gx_vS|f|yU%xXBrxN6I&3nA@XQp%CE7lD4fu z(i|m;0!o%YV02Wk0-p>1cXZTTN11sDPnF|X5e+3W1$H^ zmV&LLZL3DpLAWf+*mU>A`hZpgl{2Ufk~z)ETicw^X|yR*D92>k={Ia}S+`EZhFQbL zv2s)vvOas)A{)r;3_$Iro=E@y!>;k48~fqW)sc~*%3yHd@xCAKeZKpLyB;=;{2E}Kn7<4u?wFQ-Sn{>i0;DCS^0@xim;60VV_`ha&zk%)8ncF5kwt0fp7DNJ=NH<_hJS5wh5Myp!?@ zCS$&nrJX1gKoN1go~~iOxH?(BCEpD=6q*H7oZM#s|u}-d7=CZzzk`0r<|p7MLzGaTJNT3xqRML zC+9ZU>FmI1G1_MBF)VuBXm($b* zK^UUrf_#cuMFv$B+pt+k@^GMMP*BcA<6$w zq5A(jqZfuB47~)^|L(qrdj6vOm%D!2HKhvj3m;Ybu+(8j254pB3H1>M4`nu+-02w^ z_MThn*Y&D==yQsMzn3n90dNV(vc{Z@69Uw43t7=kg7Yljw2X%;z1S`QJptJ3yh`l> zn%3yYLN>H&6`V1jw!$wcX3B|IP^CMObtV^a&v=CyZ)9od5XlgDD?O~|R@(w36dq&Q zex92}qu|epfZ#tA$#Kv`1+EESzS z!<-e@+q8&ywc^6(jD*E?vp`kzQ>#d^PWa}S{V`G=_8d}%0v*FRKO?6{0zqxj$5i0R z-Rh8_ToX4O7r4!Sm$CQ`O5AE~(c9&Z@Xa8DR@YB!T`$)vDOCXD&=Iirju?O^A@o3DK2RF`1ie#G0^`kIY9x zha2o0M+|7KZbb4XktIzHb{9Qg{ycV{=#2DCXm;9$X9IlYtcrlyxg%mHnWfQxBhw`z zjq~NZSm#lF585WGV@`Nvb+!G-K33I1udAq4Ws%vZSodfEXuah-vOs~q(}@B+JdG%h z3e-k83zCyG%ut@Sg+}uKcU|LO8vFd{@bFI!9UAQI|7u^Z_wnxUblp`&|DAu@DS<++ z@(|Wn(y!RyMBQ38vSo|>Sml-d9YbABCF!c2B4`(^w@AofSL) z4tsqRIQ?W)q>PqPz4*J8ajcq$NrLZ!mge)DnNmXY;i#hx2qs!lMf_0Q?e_#ico;VL znV6W(#gjq~%3hAgW10CxDtZIqTF)f@zbOyGPkIbh%o7MlLXn^zweP8nVFg5$&$}n$ zYRAtxBtyzB<8We0fO}d))QwpHn-x(?Hp>@pT0)cGNJNbyAS_nggP!#6hV~vXKMwV+RyM4oFjQ2{{x}aJe)SiU`peSm07fRt8zg zYD)Y#Ihd+oYdNHrkZjY{oGFLcUm1{bz%K1lQqEk%_U(ZBT%{jtBv~Q3u3i()+XA)y znkW!#&#nj=G4@tg%uq1TTH`!Cj_hbwOhA$p^RBu}FG&9XcU8VA>E!&H)|Dtl$NVV8z&;B9lIWlHTNKN?q4`(#8mBrAJr z01vLY*it+^7fsX>QcD02DFTMeHI9ARGfcTLi}+d>M9)>8#1i)c0RbR-Oo!evo7-|e z6^k#eT}?;laygjG59K-SfT2NfI++HrePR+77oA9E&!nGoAhUEM!#}K%^<~E>e@;+5rk+I3`$;Or1Cfwi{3YOP z_D1n0+G2yHx5}ivQF(+4A2splIU?Ntj$-R z!E!g|@VJ%}QdrW2E;)OBuPse-g>#j|Sc)W0(SyoWW$2?)mn@fMFIRlbnb-KSpm#Q?7?x?EU>!ep2$R5! zA6vqH49YjDAKO#$V(lapih8{n(oO{?HIVdTJ_0wn79wpWfKG~+YGj=+RXkV^4R&1e zp53PIxO4`;H@4$4;PnNAp&5dlMk-TSuob*lNe`nsrK6QetYcEu z%#fBt_wU52nZt&iOQZg;Ue1k^cW_*LZyF{Ag(S z%R?Ux{3nS1kM#UrccyEaH}v0euPaPfj$teywWcU{qj+aM!P%ffj||Xwb9STH8zZta z|Jl;+bUu=ZM;FrUV@h*QP~}SHC>EWRlDw`sf>?Au9!`Ri>)RwHiK>jj-BG5U3X!Fg z=yMiW_|uiwWi^E%smeqK$T~0^R18KmP*W;vXZ<9YK06y&sknGV>GdwnM129w8pB=C zQQM8ZmDjK+r3waR{0*WE&H5DR-$0aYJ{geJM@nz1MoQ)JAXCnnQjjP#C}3c}iBvWa zy@&sH3$bYrOg!*b$&sfjuVS}OMk<`tu_-*}nCdxiUqfRwi9`CXH4i8a0@atVVEr|y zzC;WOmnlH$7H92%z3xhJmRY5u>ia2HUl#UPW@WY2b^!CTR@=60Y~#_&jEog_Yv*4E z1FC7q21a+0?c{S-d2K$_aIuZ_AnNHm#02#XXka?mAE|`pC`ucB^Xe@}6xEo8wbzo= z45kWCR;IC75Gk=+LrQ?Q`gxFTQ%DJ$^|U4{vGGVHBp+p{{#TE(ZNZ~#ulBU&Nha}s zk8AuNk6wrB|34r6qk*Zu|Fic;daidr)77&h;`+jY${UOm*1?Wkp?q_(qrJLGLnVFa z2xP}ud~}V;4z7rOCz2iE%7QF9%?@3N8mDJ{3NqFJz%)m6Hv5D|iK0`LGqUVphpvXa zfQXx`wje3ZJgmWHw-VH#2htwyqHwBm+EkLkS*`<2O`Nj`+8NVkk0dw3l~Y)fXc!!z znCU1xehkjDA2_vlqtWb*pl5DzVeYKzJd-}EMHbYzkyb84fou9r7?6M_3nhenGP>fv z6~7~7Vs0;JXmk%O2AB1Wmi1@+>FP=a6)|KNg!4yMvf`@(?@nqR$wHC|5RnJ#sTFcv$r`klqXpm_UWMbf7tbluJMi0mq!i{-5;3j`=5Fb_jGmrdw8(* z{~&gM%gmKQjg(>?p@Dg!hI$*ivICVXW&(mb1uHSsHWbiPl|?KdLT)Ix0pJX|kEg7f zYEV17dV{)G$b4VM#?~nF4bdY{a+Ub-b`nrc_bpWSGg!lZ8c2bB8DPu6qH))@MmF0T=M=j2&i2I0&w*Z3Dl|I5hVA08V_4J`HV>;3mVzt#QgT^sO3 z<9|@(CNLrBaWw_VNv3YwA~(p+eGcotlwQ}#b8>N{+aUxsgXgu$tU`a~y6mZUPw07S zo}ns^n-ZJz>Kp_-FLB0 znQ)0bhKYm_ok-W-NEhzTJEnIB0=&-M`P7)+Q3-WZJHOC&?>&mFf-e5{tHJH&iR6G*&8C@$E6{5ay&qsiLZ$fCf5@U5-Ioy~K);t-Z zMYasQonjfdRtrt3EXu%z;3RH_+H67aMPh-d$<&4KnXN>3xq^FwB=@%Y{P*^#3hseD zHVa8E=aUo$w3CFfoOD=zQ~9l?lJQ(Bg9=N~{z6(AI(raXA7pB%`B{J$#!c09zvrH zQR@IiV96MC9UQs`Kk6Pn>}3 zi6-J=GIu3)L&UudnaqjkTVDUnwAVKs4g>=;c+m`%wqDQzzxsG8pG1`uUiiFK;WqnE z=%%IDyt)SeK$m1P9~7R2g-~dTJ{Ga_fE!?W~5-D&c!DNqYBkxH+EY}|7(_>FLf z?vfGTp~DL52&%kibjO@XKM?je`jz!dXyxVL5@853{AccKG8MXh`P9Fd~R znjqE#A3jOb;PAm^;YTlvLKgS*+&u)lQ?oE11PLlFCS%Arz^kGlPWB=6&YR?DLiZ3l z{Pbt7++0O((6=$@ZRrHeeL?yKpLh3A4s2X9x`sYGCN2s2L=L@MxCy1}LL{Du=hog$ zCGl71vu?P`oZB14*G!j4-M1KMLUiDyPNq5jw26mEY?Ugw0mXd8l z$b;>fkcqB<#f;|i8GL!S!=dXTteq=h<1#nnSz?QCgMERo$fQy^I9p)lsGyJ`g(u)l z>Ydy;R@J$Mi*pNezBiAbIk|ZJ?JIBiuPt0Sjs;}L!B$)rJ*rh>kH!{nOjIHmC`sLN zed=yGaNcGKxoz7mSG8fLO>sW1rZ^w!It*HBimL)IT>szoj%)n)$G$k49XT@e&B0s! zKhw9r=cnMo&R_i!fMTf+vF;mnK3S@oMs_OSP5`zhS3wY+x<3hfr!NahnB|AzFZ0%DJeFBVqZfK6@&8Rx zf(FMK`1SZ+XHu*3myiZSB|TAXy;pbX-vcwYDjzMVEzwYDFh{|R)}ck!id*RH&9gZX z2N!GMY#DQCRUyBxIe=0v*nA}+%Np{=I+VPn0Y}@!WvH1E%F-A~@l@pomZDLWCTDE~ zb-d0htG$UQ8ZA>1vD!$VBTP%2XEoq~$_Gq6u+F?KOT%d9a=A=AlFy0lWV%(IXVnTa zys_?dB`&L)Ug4d^u4ZRd&1Snu^~p9}TQSo$i;~=ax`yKak**`Iu^$`#!pQva^Mk)T z@b&)nzUw{T>Hcf*aOaOopzv>^7|7WbHmBNolhR??_pthme<> ztyJ!^7)2A-!st|<3R&u1w+TjZq~r&%_njKD=Bo1S$hzvb4YBuAl{MM_?4HnI9gCo` zIsV5XkFG_C80<_}Zp&Z?q7$744X&!zo!FpppmIxAu3cK?vREeB9OZH*GBMDtQ6``9&Pc{49Q{Nkk5x@?-5RNQ;&IP!Y{zwL^OYRyPBrujXFV!avTXug ztkNq7Dp_+|W@*;%_OoS>Pt0I7Gs-7&LJ3k5+IC7-JF(E2q^MKRM6#^JJHmf!^NBeB z?>gZc|GBY`MxG!1U;A(O`Fei2`)_o;2@i7q75caO@!3V8@y>3$KDE_n3OFo|*4@E? zohgiV1-@1)o3^G|yHlS>Iv%t8Iu!Lv}0cKu8$hjxp< zaOM0FDD-mA$8*;gq0URpT)%pL$`_andfgF^U#?QSTP<`ujfQSB-(go8TR6k1?Z(d`z56Bq)qRX-a44lliS~S=f5%Gzhz_v|%gbn8yhE#lPxjyG8|(Qcc&PK&kwCo?C@gR7We=xLf2Wsc@BI#m zK3KzU)I)1nVt#sSj|@~g-D1_HWO2hLJ3~>%x1N->Rkzi(H z@75Do*hZt^ISG6M3)=}^*G$q1EwEPd($?en?!1QUuh!k_Ij)=qSg7dfVg?3Rorz~* zHsPA1O}h5-denZPky}jtl{6xb8QjD?32{>@<^%xea z(c}u4hh>(t>P)U^(&UQjd@Swciul%}vX6lBFHL14=Q^t<`Utzp0X-LC6n3!4h8`%| ztizFf>EC)p&gbb@7Mq}Gr|6h0ge^(Us|Gzf;ouMBaygqQa?|ms7g76Wo?{O>1?`$3DX>N1y;76#*#E%k>lHeO$d$< z6@~EDL0M~o71B&7;3O)VQ>1CLk!W;>a=XQ;$AviJ zg`kRJAC|RI6$PiPJ5>}cV%_mo6sZ1xu*lv!V%>nI633#9n!rvr!wncw z;zm+Dxb-4dG~`UXCe(GbUeBygQLp{h>FJZlLs!q7IeYfRsdJYo*L^h&i=~oDSS^Fb zg4cj1S1%ri7iUum*i8s4p4{2k4fh8yu3##kypaStzzqWm(0K8K=iBW2`5sxmUB@R}a4Mdth zD9UYQDXRV=Le;v*3rlZCPf42qr)NB2e;BXuqcoC^5ScBZGw>GzaWI=g=|g&(CRM4J z;F1s!eEyKs@6x*4LZz0nXR(ZVcz8wY&^MwQnPIl2eoh<{@6eyA_f#N|$!72a1Cggo}ZIuBM}HAsJ}()-n9>s5G<__NC4Egc)yS2{zXn z7Os1@f-*$z(WWSQ$phXLW&ON?7Z?OGBGKnW|#A{(6E)kQe#DL`Wbk2if>?O4} ztcWX-an!7b#)5DqTX@;?~nMG3OBOnyNiA&C@J0)CYcxw{tF3A>ZYsEOl!wbYt z9`{KJoOvO7Lrli3=5bmHkA1l1mSxv9Q5e!953URt4g1>yl2P)>FvY3|I_R75bYRhq ztpn0WG)_}5n4n`eGx=mPo?K>)EsFm~yPj~3f6v&_k>4Et>7k>82M31x{z>oO?zzAdf~|2Y@; z;#}PAT;kj-0K9me?>PWS9scfr{r#6S4Ik{xSN5rmS#0Id_+!gRHBs(`wPvy_rZt@Y z0wOYjpqvK^@;bNPAQCA%vthp8zcGW6LN$e!kyo~IKsm#;k8q^-q#R5Fj6_L zsBI8m$rAt}-j8p*fYq-?w(KOIzMe>4oeswu0-tiB7LKbO9+287=C3H_k48|{(=b*= zU#)l!pa#Slvf+*AC5NE0k&}`v6YX7dZseT8GO1NQH3^YZKGi9_9N(A}qdkazmC+t$ zqHw->s#O)G-A=f-x-lWzQxrX`R3E4~0L$$u(;)gDno}YF_qzr^Kd{*E>-|d4Pj_#1 z9qjl*`@e2mZav%L-ywXn@3ms?JQVnQw?F z5e`|)V*K)O$?lEgSe&3b3LZhFN>7KLl~sDC&VZ^&zq0X)BvX*}R}YJLoDdHd*3<9; z#!b^u06r#$Bq+pFgd~*2faM_x+o_y;7?Xg5U634X%ZP$=pqzwiTFznb#!&(uMf^bt zj~(#`!znT9@Z*h*d91Ew{=Isi4{a-)b@2yNZvixk7=2YUR8|o%LmP8g`~*h+NLBc2 z*7ev!z_4ZHtI6ex6T$84Z*CkBB@j6bg#=PM4C^G2t*5vLA~?Ts7$aQnvQTW52~GKE zwu_4-piwkkThW7Y8;U4=G|`RmS{a=GyMEO*_@#mO_21X~r#(O0eYxwQj?c7*+h$w- z9zLk=SJt!fIyOdVqi)N{J5|QWgt0%(^GWE9Xt>$wu;Sp_lzcg(I=*p{v`_U{p|;9C zkscAOR;9zfHqLVY#%n}8rkLpPR&9vT;DeelKakc#yo%+mT#rz!hcH>9ZjyS0+4T_7 zjSCWrYIhTaru=3K{WhS;-0|7AY$kta6JNqEA1lEUTGLrBb$ zEU(1G76JO$#uD~9$fmZbE{mZXlCx!53|nN0BWtC;Wyj;$Sj19?(gaAvsuy=c^NQC` zQK_MA#@_x^97CR@)}gqEH_l?g5-_V?cSQ>sZDv&$kX2_?8iky@`!>#CaYA!iyGOFs zr3eqD2X6Gy2hyU6jXm`+nBv&;O(Y+WuM=;jHLuQPPJ+*C40U|);5j!qq?wi zY^t%V8$5;&`Wx$@vwKfLv-IE((j13ynX&VV|ll+^_z|CZpb`FNpWS#1H?D1)>nJGz0&y}5CTR5?WvkaD|76NrzR0y6N7kdD2H5q8os zezm+?K@2?VARU8cuy5eUqqVP|vPDhEmTh3G*|rE6x*%bB0G{B^q(&or8ixE*^rPI- zgj?L;h$drDtG)Q})qis;&80Ibs?nRva1=g*r^K~?uZiCmU0s9Nv-}(J3M=7=WeZB$ z2jPQqVJ;DKbCHk-`~|TL_V~sJNV}?Fk}31I#AXxM09Tx?VfjS-sm44m%`zui0=2e`jjheA=21zB6+aW_aVsrT zT08CF#?yr4K-6wLHAT1D;6NCcI~@;FSrx_9gDh{vB@Kl_dUbm-Ev2#;=hjjyiF8Ay zFfyS+iJt7vM^a(&2e7g0V2Y1jE)PJaRyc6u=Th=pB2#4`#Dqwg0@}B+inB$5C{#4X zP`YW$n_`&qgfu<#LTM7B^vWmN+?V>#|tf0cNoxxon_2emJVn|AzehiC0 zr5PUI!O`(mELH+%rP^mfGi&BV$K?)!r#9Y}7-p31a3x?=9o^pnrLk zTjg#h;&7SMXgIMNfNjg((5Tl33!nVn+B^W`@OBNZ%U+D$rTm5hJJ>T=~?mz0v zbw1J2*7m8^C*gy-du0f6yZC1gDONPrAdt5 zg~S~FFSp0H9P$MsIO-P^bA96$5v^uBl#qL6D-Sf5j5TYtN^WR#gZ0Jt));O$%B0*p z7;v{2FZLI9`^$*YvgdeXowBk6A%@151|U+>M8S;k zm$^(Vy)Ac~o!z*Op+@a#Ku%RRF;bILX4=zgQ+vi@$)-(h@5VJrrCXFMdMGd1Y1R?> z*^P{@keM8xZ9Hy08dn=7GCPqqyphI2CRDf;?ckItT{8qlDDqSbUG{FI^wp5Eh06L( zSq%M#EONofXe`PKZ6vW8mP>`z<0*&(rkUuY9Z#vv%(IQ|YMoM<+jxhBPO$)hvbn^m zvI_nGf8rW^q5qqGtGy??ztZ)I&f)g2wOwj`$@M37m;9SKQ1-1{7bzr)MLCp-lRZQM zTm4elAX%MHohTq<*$mY9s*8WBWxoBnPHf@T*Ry*krl^R4=3UR8&UIiJEZ^-_8*^f9 zso6paBt=V1lWHVQxH5~W5qZq!+A;2eT;AEGWUQ!26H)gYaZ3>*JWzvz8nXweL62xM zx{R*nTwg;h{K3;_PaQrtyL4&x)ZrtG2L<9UoojQ%SN$q3;#P)jaDL1B;v34flCG;d zG(>ilhU4Ceq2YS21w$ufWe!(e-5Oq-+!~nOeK{8n2hfbju8|{3tLqPt1NXXh0()#O z+k&u=1Xuc(gQ3X?7w|#_@OZttX! zVD{{h>7^r=&YwDd?!=Kxr;nUHv9P$faO$KW&UatlxQ!7#gvsh7*;Sv%8*qC9Zm(wv zZHh3c#LgypxED>t)6(`e#w4}2n%_ED9*ls1Y7OpVMAz*>u*Jv2$@R4~%s@;X5NSru zUs4Hah5m?xUXKU;68O!@^ip&cMQdLFWXS8A2>IYM4}6C6JHhS*$Gt&Mz!wZoh9>Zj z>BNDzh5UccHTcnizP?ZQKGXfVt`|DK*}mHLbjv4QbF}Gp_GIpU1KkSJ#4DmK*kk(H zCOl@tZ3Erv%k9R9B61Lxjkv2_>Eu+~o^rsh+(&XUH>hi) zC(KzC$3|z@asz~ouK!LnmfMG9!i)%I3Wgc;&T<-=R0AqQoX+)Q%pF2iG4x$qW^d4i zb~D$9aeoYF_Su%P?Zo<)_n@)O=EW8>wN=~VXKL)K(94(RuBc5oiK{6i1D=(4GPq_d}M7s z*MmXUicTntS?8N{CacDRjX`vh&UHI>-3nGrA9tMpw><0`Ob(px`>Ec~bf4|=bo^ZV z_qW|{4Z+(x^_AV98`7(5k52_@5*2&v+H9R4sqW~?bh)jZ$?eDLs+A8@0<^>P;r+RN zdQwK24%;hbYYSg|%9 zWDAWf@g&nnMl6a!WqvsK2o_19X;ZNun^Gi2yVpp-N8?a{Ag)zJ*}Uvw2t3n!i@Ar1 zFj}$N0H{(EMd0Qm`Gm5Mv-nG10@f^sNep~P?jfvrXtlvE#Q-%T;Aut>EoUGsG-1yFTd} z{KtVW^`Gc_U(YwX|83VtI(yqU+uW`9!3X!~l}+akkycL8IPJu@v1odI8=a^6d{Fk$ z+%wpI3H23)bD@lH8$7K*p{-!*<*Wyndzvs^iq&zn32F10F4FAOx;ZYLd&<##E0|z| z3g3F}NsPNz`NNdOZN9vXWU97db`8KE$vuJ1E?N(zlHE|6-Fvtmify2zwjC;zdz>`B zikS#XjCSHo#7yoWhOS1oe$l?I5^Ti@vfNA(!XsdN-!x$_LHjy&c zX?!+O$p0g*!Mo7^ztMZJ`~U9xt3=qq3+j39Kyb?EqiFlx ziJp5n7r=6ghL(0K2I>GgDy~eV6Yc5QWjqZa)}4e-yQtgiy*wHA1w7@Mx`~`$5-!-7 zRUH=6LS&C{F@~nrH7d{Me3Hx9JyPv506MC6d^=qRV*pM0jG>&D(8bxRi5yzA?CsWI zj2D>%E1QDSIS*Dvjo$3Q_>@<+eO#kUwZX|lk_%(hlVHHvj^xI$U<$Kh)jbIacG)%O z8nBB_!rGD`V}TT%gV>_2(Ubro$f)EcV2P@Vmk837kL~diY~$iuoy1DcjiD2!eD74> zWQZIr%~1csDs232DA|(Ln~`8CMqKzCKrE!W)PRFc=iaC1zPyx4q2s<{uwx$PS)>Km z2E@gB?pZydH;20;^i|;N_cIFl{|~wbe|zAqzW>$xM?G(L{Z;1|I~LjxwRN?8!}WtK z^8XrsM|LJRjb%fFxd!J$MIDH-O~XkCo4M=Z+{;pcxNAfaAc6;{+0Gz>Xsr`x8~o75 zhr_v-Fhc6wK5cF%nEr+nGDV=H*88wO_kJn+-8G`fekpT1d$V7*vZSB&i&%joaPJtBpdraS3E~c9$x_*@5gXp8t0};Trsl z0lxoG@1ON7L-+row*T1rlPzz<+xP`Z_;C!cb`nliClvF?hRcuGB;m8US0ofwu69C} zz)YFO1{4_^T{bWd<&F`de)WoBLPO)@K|gpB=7fO;u$xJ+s=ZVokadtg7N7!S1^OGv8qSyG0t_T*TMBiCA6Xx4MH zjtQ`AF2bNYZf|Y|Ck&`7ara2|*bZ0#DlSk6hpqLhjHOnt#h}(IWj&$(f73Pi^?{fB zzS{efJ(Jx-onPxHv>$65Z22wM%^GU=20xme%e^WY6d-L>OfyxU;+SSY@`3@9rkW(I z6>_%W#kS%KowAMyw5&FtA|>XL5@MC{k4fMCY!{uxb!VPD=btjcioM8n!W>B+Y$%nuTaA>?sy9_GH>JjV6wS`v2F^{=bj)-{1Q^J^Qwfk_m)lL~a6oQ$hcfm*)CB@yXj@0+~Pda4Zwyr(-ekZ$K9TZ^H)q zJ%RBs=k=o@HFX=99m*{eS|)D|2du}Zd^BUf_IBSghMTNnCfO{sIzO=|Eukp!C z=TD6J0;55%d)eccX1}2MvubZR=_|y~M2AZX8(f1VeoRx{lYSJ0)W+)GaPBQa_T}v; z!h@w*Z6fMuQ+OEZNr;@p`bndET z7IvxTVop4|ts6-U)-ny}-j=LFHHVL*q5#b-Z!0H#2Oe?0$4KmdE+zQ6M%xuX! z7_n$l&Gw3-*-*LCwy0U{62e683JIkONl4YNvm+bthH{rB1G%eeN3?kohCxd?td!oaE; z$!#LAvVr7gE4#*zs5Z7wKdQz3|1HN{gMT)#)t~M=*YlsdH@o(9e7pU}+x|`Khv5U~ zMTr2c7``dFFvSuIurh%uFHN9oj|*cf!?l*V_T|>G2NSL?Q4~?3fq>pVH=_T#mWX9m z%X}sLx4U8^@mAoD+zkwm8d(W~1(SC)yl~@_mD$)!Q#-Z~H4o=E*V&wOspzyi`W0*H;5eAqY2t#UULaqfC*G@Musj6-v0 zXjJI$^d6b@%_ich1l(f5g|G7Q$a4qad+t=^s{3s?=vXFxH4Y0<+|c8hiYDR*jz{B} z8)Lpv_$3o=KV#P{QaPqtKDBwpp=*x~NEo?s7$zII2V>_j~5)7wf zR0uV4VoEl%i%k;dSAtbKrYkGKvNQQMjIQd|O?o~_v|TpjA*>CT+62pGE|yXojiopC%OONPs#uZ<@#!*qVrgW?R+_Y9`dbGtCHZtF87~i*-F|N=_bygCp;4)7 z1u4B_5Ev#K440KMqvjz5ES(*s@-{AQ2?MW)iSVJ^hx8+|`fLTVV3p2Sa}ECdzzco9+B?_N*Y)2zf4Jj&+TU$^pyhkv zgYCQ^b=i%drXqFm1(!U*DSu!pKvpalmM)BkW?xwdTsS&^N8)UA&&j(QzQ5 zf?!|$leMu}Y?X;knJ%5bPtpmQK`Nu@o$}M5sHGG23!l|0VbIpOlHY}KSIl8axXWk_ zP3cv?@R%j+R+=J|P~*#Q#PkupQR9Wj@;nh0A_VdG7P^L<#HgiYx3>l@62Xl;na8b3J?rbQKo^1WEj1cdG= zdeAB5%%0?lEkw2EPMLg<6spwRF=MT4S?Mz^$eRpemGyi#2HxqNz6bL^>-jDRe9PAQ z8;k|c<~uR?+P$DuRF{oW0b|RBs+F))UfUC-}RcNY?`V1m!lAeie{ zm}Hrq{ejX-elG@Ji`0Sp)yU}_t#n#rxeiO%8M_G??pBaG0sll~(&H0&W?ZHl&OeGZ zUIzLl z$PVWpRwY3yu+wmAqC;0Esx0jQ+YCP{HUo=-2$Cr`4MK@MoqxzcGEF$CMgm9%h6Vn~ zpa43Pe-PuYRWkEV1a?;RNK`*iQ&o*tF*4k7`J z`CcLa|4G;2Rha+(553>f6YGAdYk$YjwtukgV#`0fezKDP*U5in=kh^GDr5t_WoI)% z7sxb2s7E>&F-;Z+!vefN7+&`BWnUv>x64lD^?U#$Ssve4=-2pEkR~K-WVVzH)wiKJ82H)coj9<0HkGiW$PF@Zse@$m!~nc-q+6GIZB ze=e1dhGX#FGJY=_zarnwRKFa}8r-S07`=%K?tYI)C>I~fk70;}&8^%v#qe|tHbSrR z@$`H$ky*1gP-82MYqFDzp_N8${n7j=2204|YU_(>B#;yutJV@TlXqi_rd0qpS>o8C z1@KV*InpnvxKye_(N1)!Z{**Hp+hVdBo>Nr7|cDnD^4rjw1LH9Yr+)TDVzE<@~8A9 z*4^FtX9<9_)78!b2E*&51=B)+Nj$}j1K(EYPOq==2f=e(F)%z*S@(V4UG$DZ<#=#3qi(mn_&p+z(j$V%OeEJ3-KX42>Rxce* zq!-r`>1UQs9J(|faL+{3mlpXXY~H?f{=}FsFdFo_mpy)I+~JmL5C2Mj63b~hmA+IJ zXw%wBQI(q{l};x!YKvn@i>j^vIL?+?;TNe6s7GI{%N3``W(P5{I{?7tF#RBYnyPRX)W(PPfu; zk!+N;*4VKnap0`Aclf@ylwXjPc=w2cw?Lkmh61yVw_xlr94!{uJ;dTgSJ${GbnsMY zJi&yiF@Hu{3{5ddr6|N{is8lEp3Da!clYM!F_Ps@OGOl7%FQ;Cfiu+2dSHO&^K+7% z%kG9NCwY@oewqy2iMHWV?EDc)&}ElmR}vR`S7fcA+wFzwLDGlvhb1_s6>29Y51vXq#(&()C#>{jZDv$Y%2A9Fs4vX^Zq1x$R;b zw{sY5nH|b6=>#Kw%A814wI&Qk=JShscAb{j5fR$Sc6}s&7RwsqxmBtFz%$Zhcum2O zp;j&#DO9dGW%6enJ7|d=)MDexz+cRt#=vVdp!h>mKAIa@EUz)MrM?ZBAw~@-bNN$} z5mh5GO}ZItjVN1)8OO#m`I8t)tzLSN(}|1WaO!H%GrhPlt(6;#?#PDNm^GX%u8xi7 zPe>>N*;w610oqP=IgO1d+LB>d(?_vCf1C(0XRFv86hP6q{ia<{0+qv8urLZ?k)m=4 zF}R;*KV(zHMNa*nS>+J-|F=w`{Qo16|Nm3hr#cU{f2-}^w|*GjbY40LWasmjq;N%} z7Dc0xqIZc^; zMS--3rePiU33932f`MyB6ZsF2Dyt}6P?8HfvUHKjzmBmh&&D|Qwp#}ok+1rzU!n2y zA_iWo@e|aVCN#D!@?)#fhU9}lkU6t%az0EzMKFW#-)=?YCtQW_n&d20#(gOB345Id zbFZuGEmrccN>K^$Q7ZXA72795)Fdp5HR=CQ{(>Zp%61nBU8n{xMW~xEbb2^a>w8^;pC7o|_xrus91RS>Zxs1C< z@=*-qJT5wC6JtJ)H{kXJ+)`hbS1-n%&ZJioNmz{~!*L;g1uA0=g=Tc^G@o3Jrc%*F zJOxtf0TN2sik)^aB~7#BsF5q!?rpgmn|XT`=V8cXv@5i((|#!x<@W03%%AkCPC zh)@$+r1^XpE272(z1iH)av5T|y&)=I$fPp$Cw`{nvbB~G!0_5KhEi*Ijj}&UpbD)8 z(q@*BtAhn4b9qh@bdCNdnhhnQDQKkUBg(R9EXfMK_!+&NL+SM`2}!5)nyz8qRjB_D zxCToD%YA*lt=*-rn;i$+KHvIK3;Jkhy&yQw7zD?9S>Rzl6;4K%`Nj{9VK_7`ITDrO zP;+dfwT6l@$zoV!+a`&~h8gFmt}juZt-% zBK%Zx=4gIR&%PmA!A#QJcuHrZeS@GUVG#7tWF?Is^gyFcTr%{#l*^fDr+aKO^fsr^ zj-B7uhPCWiew82qqg8g^Pr26cB%i*XNM2ot1HpJ1ZcDM&;IkDi*vBY4yCJK5B_EUQ zKQJY4RAV+i<)yLzi)3xEkpP3UnkZ_LWQta$Op7u^Nq(Q}HP_&84Scl!#oqte6X^O@ z=chZmU;^NC@b>m!?=2Qwjy2W3kKM7R+q0&RS0Z({*FouI zHvd5>AW&;_qU;3|ODD~e5MJhDDYc#ETD9oe{4HG=LsMRwku@9RD#pTYF0j&o5z4GL zC1as>4}?=@ji*ObX)c{fQC(;yQ0j0KCX-#bSMuxl>6GtrTdhhSsL7*MxbD(gOU~8> z$_zOY-ECb9MtT5zFPT7La;s5yz&{b0^!S8vB|J|zpTB{j)@a=Ts690HL^R9RqRrTp zh-GU=CGCm)brQVu|xTPhwJ}w4gSyeT-#!+ zAO5pxU)kA02bL49m5~tS)71AxbG1{W$o++Og3zp9)j~^XHtnjG>_nkW&m5uV2^ulm ziRNf4TxiAEJvsK$OC#U?=*CFZAO`R|uX9->G zi=Pk|k8nxYF{puEl=ctcXup`D{o-}nFTPFt#dX>*-lYBF3hftTv|qeN`^6;f7vr>F zT&DdZR%#<*MJkGQo92rN+JE{A?H8}oelbn^#T&{m;u4l#)&&|lo5;k`gqjzWZC~C!p)KRyTVtJ z?g^hKba|5VJ^k6NSh-AX)*+fJbM76@d)y{@WWvMn0yQU!fVlFI>W`HH}R7b|In3d*t@B_ z?(#Xp{3^r}@cV8ZOhc#<53i%&9pNu?nHW|)gV2C{$|$!%N4q7S5uqP12L$3@fPSF5 zwoi0+sp$axL<~RGr6>+Aq=0AA<3axfmkh5!AQFb5PK->{KQWGwS^*!LycSIfu?}39 zir!2n5@{hK5n)1pTK0jcI2CV>?mNzQ7NEU7_-Ii3u2`A~-SVC%#ypFhA;jZpLjV7# zT!UX9c&qO>dOy;$uj?zF-`VkU+y83$RMQdx4fTh;w^Z1LQzEVYW6IqqLTR$`I18E3 zlI*l-jf5cE=|2WrO{8!FDuT0y|5jN5HB%Ur*f6yL=+IO!;4Fz2>3!tuWTIFeBcCe_ zNMw)3P#=ve(Pk~Yp2^X1xG+2j9oYWKBeT9)Sj~`#@iSZ)NQ2082Y|$Iry^I~Z-aXu z%fzq7ff#VZjp1mA!-3<`c;?2KZxnvPgxk-y;3NiPB1EM4iJvK=MPZ?X8j`bxen}qH zYWybGS2mudQ*ZjN&Nf7}wFRt7K!R$kOj&u%sJ0CP$y&eFmeN`> zWR(pSdPu3QE`I`NPPNC#9?qOC%r#a&@9r&hW9YPo{vkf38Q>7&LnUiozy3$&L`df& zMuzn;s(G`}g`bWPy=QA%n`?s!u`=aUeMXkvRXJSf#Cg8@dK#GMF%{xAl5&Uvm_fLJ z^Z!-gB2);gWph9FX#)PNvF0h`gz=G%8wn z1f#4q;7`fpT2ZEQ4Djm`+RK`Tv%^u7S_=zu5O!&!2R^(fPL>UuggC zwl`Xzhqrg|D?3zpf@pI;Ql03U3}vU&Y1j>zN%MTzH!ABsu3v&xI|0DcU&DpRC4f|J z5Tev;G1j*SAjXV<0YVdngHkvJWQigYrOYhti9{JgQ)5{p`)J`YEL}ob<4l$Mp(#$9 z;+q{_1At?=9ZeQKA(9EYH!`c@vW#-qL8x#*5-gPzhZY^%1dAa)waV2>VFW{0z8hUp z)ir6hY@pWImK*J4)@~MtG1gA;OWvF%6)0;fel2Uv%ZoQ$6oyDiufE}e)<`Up%cv~R zL>XENIID>*T3Y=yj}-P}KZMqFsxBO&s&~9%)0$3u7Y?ly_K^~%u%#xi+i`4Zxl|;N z0dN`(`_%SIwp499B_-BEK-6$Z%Mc-p6rw2=q9msaSng;9RCKz4QU2fGGU6Kivw>gg z|L(qhJzwpPc6D@otNlmY-fDdbKG@l>?EZpB%5is%C}!O$tKH2z>poN%Bk)m>Bqr+x z_HY2KM|f)jU&hOE5yhTOG^N z_J`UCBWo#B>%}#T;-12DSX&=M+ZFD-Q+>`aQ6s=yaFq`CIC{T6iO>={S<_FSB zf?Ee+P&JWB!b)S6^$Ox=O6|fku4(Ry$`4)RM5-JQ%A;XlDBGPx(~GDop}aNnt-|}T zbd?upzE(vxp+3PN#VCwDO-*bCOBPrudYaH1%DyEs{>nf=#lxe<%vJb%#}^%f3xrmhS6cKz#t7nrX!!PU+#AaNL;vOkHjeV7{Td?|OQCb-m9ezWJuUJ(Q9ikRBHBxv=2O`Ap zQS~s0iy$nmOfruug{a#IqM^c*I{ArNh?*}y5$gZH2K)a8{;>aJebJsj?7q--sN)aX zueAPN%dhS1RIb++Eg;v%`#WtfU z?5(xO;Hb9l3H+$F?!v+do(#<;KV1h4+*b;dQb?*cOAA$3nsUDA&TXJU*ghn67Q~u) zhO>nUjP;ASVs*z|oy}4A{(GV zfvZ{Hp@L7!dUq?UmZ7Nt&GmWqRxKHOE0UZ-Ymh~MB`9NO!7F7=yGO>9_Ayv5SrbcI zR7F&9{ogf(`u~5ZFWVdH{&!s;?!46zX#3sPPq%y+KG1w+=L_?ax&q5wt*!w--QE#< z)RnPxi8?9T_?q=~PSV$1Bh^*(fY+RFXg-!IJ6t#-0i-%=K(*pV6g7JQvPk5VZUFZg ztP~DoZPaROHra{cB-q-mcyN!%tc0~%eJwZ@q>1GgcX)lRvoNFQgejvG)qVt)GgXZB zSj7ovXA0AjK&f@N0J$(p(|=&AK-FER_DbPp5=BKfvdR3xF@ZWJaK7*o##*S(DuO@1 z$tfCZ(^OnW!Lbn}t3&uFgEuqGwTSwtV$w}-|&D3aW+?G2D zwv34!8Jx00|NjeE<4`w>TK_+##tCxLaJEf`2$^k(gsRX&;`IN^TXh6fgp>jPTe$^X z$p0r%|9`1}sP}*OF({#%PAV;{g6%8|ku>@7lPkddtB^=Ky^k0-du3>QOP{YhBh z$EDKIa17pC#_z%1Eu)q#Z~%B2#?@9_ zI3;PenvD!h`ORQ$t!CG?jhri-G(ggn)b3m)VI9*6jHE`N6w-g1JG+HAvXO8!3?aEX z=#z>Tj!V`VVu5N7Bj7VvRIwq>XC4r!4LVt4o`(vr;Ar6`oKh*uE`YU%f^`!kSbM4p z)>vtcqC&cGjIIbX2a?@c|aFiBlB zpHx7Q_y%eCt4V3-?eIH6VhZj^&EWe+4I2rC&=TGHs@}IrGMa{*9Xy>6=sq2gUm8-p z8QpRngz$5P*L9sYG~d!Z9mjctnZBrJrYSR35y<8<)7kaHYgp8TnvmjhDRc3;4Y?xQ z*Y4lwdZOcBwvDxX$@QE({fE3GiV@c;9Z-5aC+`r~Q{ild zQC67c3M=^Ol*gy4Z|0*de%rIeifx@+76~erSdqzfjTiGl7uFRFvPKsctT|}Fp3)E`_NeAG`msV9SKOj zrHdqGo+W0sJGlHmT(~5eKIPo7S&_7-g20^qO6lw;NBMtGtKT*7WBon7zu&`k{buKr z?SI@Bhqs)UgMby^|6;(Xuy5q+v~W=X_yJ5>vIY z8k6mv)_PHkj6R$FB#;0nFqGQFFV&`DCjqu10fwg&*L^ya37+$Gtav)vmBOm7$)|ie zj>!-3{$P07i|_CNwpGSOmv20rD8xvUuZT>%Q$d=3b$cQc#wNeUo{YQu3Rfj7vU?<} zX!)d^Lbbz+Fh))$NhEJCRyBm~O|<%S6mqG1()0P=QsHgIuFL7DAn5;99ShYGhOUk|NT3SUo2+S}vn*#cOjs|SAhCJCKlb%(<*!*y{{H$}iX zS6J6Y66R#gTx(!0$G}zyqvEweDhss5&y-`OcxAaP;F3c38xoSh)+p2&!cUr!M|;$n zad1<+K3|uxQ(H4Z8M=!prnOQC*fHF2B1#$?q6!r#UxZc!7-7KUgo04zt_a? zi>|J5(Pa6g%Bv`3e;-cHbk>l8;-&Qzk5a6fTJci4ibpxd;V7P?cp-lnk0B$2j_dy| zx6%Ip<-YwrU+Ml_SEggQ^>^Sc=Vdhl*}2UQ-N4OcIoR63&6+raP2l$4;%2*K9#yuZ zqTvUcp=;aBBU>V!NCGEZn z*+E4c*+X`)HC4589YdQfdWpi0&(O2;n=VPV)Y_gXd2un7vNon*Or$YpgJufvVkoud z0!)TyJG4+UTlkQKA_%0S+(pUkiUMf^ip-@_ZKb8jdKXNd-o`L$O`cL(J|`4$LXoQc zzt{Ce*WlK`!+rm@_fq$-cirlEqV2=25qPs2=WUoK)MC)6D%fU$Kd*VCEK}6rEeKfr136x*iM`E zvL0Oj{ALe+IvV!`qD!J_o{pIOSsR)$_HB&Wi0EdwWG*0&R?H4k1_>gRHkb?Mc&g>m z)(j7>Z+2m@g>2i|teQGFb>Q_%GYVJRW>rpO4R*N~aAmVol618#ij-7`jgrpRva35r zO9UO)|6QA?{{LL>H@d&8bG+lBwjXHq!dv&~1dmz6aXB`5?hq%~lWFLCJz@j+F3{ z7ZY*bT4Ti42a))qvzIem!9xQhvIonhRxyHd*OQQR*$|1c#m3N1JB)}ZFS25bQ5W!g zOPdc!Vzqn38FF2%3cDS-+Ll~pXE*OBV-}SXG}T^!W{X)&mY}oio4Y0TtT`HKKC4f< zO!rOjnFnclD>ErK4>wG^z4{>uxZL{)@Rhcaa%j_WxiXi8I$wd>IJi?gTv7ht+wyN* zgJ0->v-j_Mmb#zr{L_xj_6x1wgg2d6T_BL1**qw@FW|#e+!s}e!$$YTHr`g}!_0cG z=;mV*ifY7#$x?(3{;PqBi_qo)40d@Lu%g46vbMPsJDle>M@Z;Ywlh$TvWVK=NTfrQ z?M{LD&0z^i(0B!sCaFqmkz}syDZKWV&3sk%(B=>(#Gc1jrE}GU7;y45W!%#-F3h7n zTJy<7X3cUu8SWWalbu{7!_?Q%K}*7ZEO%Pnh?LXJLa5$IC>auC_0W>AvbhgG9j(g; zDH}#a`)WfRU`I4%Np%qjy}cM~t#uK=6VuqNDYi%rR^=0YUh53ID)&DQ`c6a|u*XKL0w(n{Ez80=7Qs2fuL^ibfK2lT_nGiIy z(1cDqF%wE}K8v9%$5Br8n^pB&*#Dv2*&|hV4@q8IZJ7ckQ{qs~4%JMIn!&b{XGlw^ zNXIF~%5mD+j?JfWHvS~e#>c9&amx0TCGJWi1wOK1y4)!`xA~NTNKrXgN2H*<_@u7Q zH^o`llc_PJcVx0fT5V^64ys|}#+_}=IL&Q7p{t-kwsOx5&-CKLw9)00jbyK) zOv!9e(8qNZl(H$_3Cc+I-tnu5Q2yWNx`O8apXu-H{iU9Fx=(d=bbP5T)$&z%o7D@t z#>cVrBGOf@_)6(sL`Q9pgYk}!dPluppMTWn9ladm`ScAwe&87N`CK}hNH4A>($6fN zICN<|;GT)5FD>%PYkcz3`4eNlz-Z9xUiSE<-X2&w8MkeC2_`6l7;LQx3d*{dU@ELN zxpot-bx?o+OCHd*Zz^C)dJ0^wkw-%ENfa_BPPjf8xk1S0%u$Pl3m$+ z&H!t_-vnvoV2y@d)qB-&|G(=Ku0d|#p}rsJb#*UyJ<|T`ZRc8k7T&yPFW4COvSg1` z?%{#Os{s=NV2?dwt#2vZzo{NYK#So^SVgp23@Ia4J5qeMxEM0^b&%nM0eio$0W;a2 z>$)n+$k}mK zuJZ%&d=$LWA%)d6X+fo^_tLbCp9 zBpsA1X-YKqSpT{v>7W=Hl0;Z-om(B5f5t#ILaHLv|Nk25|NZ~7?{mF;&*AQaonPo! zYy11wkGTH&o)G}d|6vfrS9HaYl6JSl&+R}lgpBzZemq+AD&=+)(cn56vv$S|YkU?k z*3NEQ*Ca&#^#QpOeDy)K)@Ethdi zyt|P9f6_JheFJCvyLB^gi~7^uGpk8#?r zZs;r#g6zcRISh8$KdbC0@X$I0G|bdhvc9-w{u?f~x(hL^p( zPNC|p&Eq7JuT`rpB@eI|=hjjyiF6~$q(WyC*W-LroSQ;QoLb?MeB@lJ@-ErmA;_)dDP3w>yjRtHZO_|7&vM3c+(`hceg4REerqWzGlcKsGg=xDZbc?@% zpN>|yxT&XOLnL7HBXY9L?e3%f0O_f!yTyZ^DKE_sf)hPK^z^zOk^va~a*(8oo`yCr z>UnCD1bXx3?BEMt)Aa?EQ--!>g^n)}Z|l0uMPqyf&p$kOpmHm@+9O!#kiC^+F64-u0?AXcyHiWO!4=ZKXIcJa~g)Qj3ctS&fW#it>u zRqfi8>wbh!gNaDFaq58>FC;!{^@E)*R(Sp&mi-TYVPLKA(Vkn~yE=cjg# z0ICFt**AeOiRy)6kZ|sJ!ej*-HmzQ)(3FSfvUR~HXK^)L-PGLXTNp*HZWWVms*$n=w%sa1 z{r^j@fgkJtNZ*USE!{th_W!j;U0*Vr=-%t^LknI~a;IvGCMY$_4tL5p^fNTpbc}zVX8_b^F&&YA8+j6K7r>#kHrFL1NDf-9;xni5I7^=P_R@)LQ z@Fod8Z-T;q8s66NCSrw!X&)D~iNx{a(Fp))y6i-{XXgfhF#ESEAqm7;_3R(5pzlc1 zac(mvVW)Bd0m5$FL^tdXmcpUUt2$LO1f-d+uO@6(TH1UYi<-uKB(0hX{>X+f#|fXM zy9MjHTS=JzPq+rZK9K4^)YskfE8Pb=f2L!#y`}Ywt_1U(9-{Tzk{GK+>y*TeZDQ<1 z>tg&?&r+NXZGMn+#MMCzu&Pu;7xn}(Y-Os}{RJzVw=i@X1%9)x*B;lxa5_?*khY}a zmz~|bDPgTqq^3zK#jM31tm|%91oWh=OE78_sm&yRHo(YMLUXprmp>1fa(P6CQ%U@50%uIVJ80ZJBGw9L(yfP$!Hj6}^$if%2}!PXS8 zExBf|Y^E`ihhQ5fxUbc!N*Hy-waQ)Lt%Z@T+mcySG{UZ!Y3Fb7;Y^xaj`1_=;+Q&o zFN*(CmG*u7fiR21t%92SCnA#`pK!MW-fA(tnUb_xc^xe^(&Ysa_GmR@=0p@;^^4?C z{@?AI!S(-MPxoJSZnTG5{v6(*e%;+$>@bQD=o_UPR-Ws$fBU_~Vmp31I&Ew;X4^Kx zg{|e5nH;r8bj?|-reaqGRCI?Ni*0&hh1%HYmEMK~%n_?b;PKvDDz-{urP3rs>#*&# zRxIfe$6N`MnmB7?IFp^7E4E;{(#Vs|cHK5olp@A|;_fKY3yPm9V?(X`q9LAeNgAqF zz@bc(ZPQQ-Qy3CSab(YlC$`mY1yi!`N{O1vh2NA?wP0(a##XenbrEH<&_4SiN$*rV zV*oDvrfD^?P45_Iv5sf7#xvsje@o0Y_}c?l`u@51^F3F)e!ugx9hckwsr9?yZRf=h zf$UK6K0PBxS){ht$gxeF^o?A0rML?lIgMI0ZB{8F)NpyFjfK5zv^XeXt#-i%;!wJI3R%ylz;WqAIfWeCK^R;5Ny`LO*oc`@YAuFC@(3<@yt&B4Hf(K?dOi) zJzMO*hopPVR%><#rk3|emYtt1SB~$Pe;-qKI|LiR=JyrICniY z8cwWwJ(Hv325G3FbEUoheJv)2Dqnu~{dHY7xLrr4urPEobq43az4oURnRNffJh zeITdgv{5mV*o(z3jP;X3&A<8#i*_$g`whJ zy_5l1Q!_5ko(3Rm09Dp_aEH`T@lhRskYA#qmBpB}2?3fZK0-!G)u}tmsmzGb&Wtso zN$g>aqDE#)D`!q-YQ?TI;9VagWxP5QFzaucM8>U|0U9bk=onl~255Ms`Qjca_yJ;C z5&W1WrmYQr7?(MtY_FnQDL$a5*R)nw^zM#c>s(ehU%X#WY!TKpjkY4zJ6mjbV<^#p z1XzGN9*|(H{_R5443_Uv_M@plKZlc32@=xMT( zm@q7=g^G{si79Q5^iCAh`QkwdI+c_KY50!ew8^e$F`ZFndRqPE*--H@2}%`X34N{} z8i%qIrEsozfP_vZaW=(NTAP7bLvk~!*3K1243MOnZnG__VYv1}R9R+74(lRmvax^X z$|MZl3}Ga726<^JHMR`^uvKtbW=y&mXYdASf@^q+c{_u=LjM25uEApeKlFXH=bPQh zu4g(v*S^tqsO7V+AGRf3H~L4i9Yr5bF@@flvFddh-YLJAqIcHv))@;0zT6hDUi1Bu@r0{%cC` zsj~RRIJcHsNu;gyWVZ8?sTB_HPd=A|UQ!h^l!5orOmB*hT`qG;sWJ}bZ3y@(1P^0>XH7@^_TC&`d`a@n? zom`<5pJw5OJt+ZO{s&GhG6-;d}vetuP^@QjE2g8RiSsnOyyMyg;Y z3UpL~*RJ0R`Tqge;C~zVz5e69Ki-q<`iIV+==iSo2U~u{b-?8URe4cQRghhxr=6@- z6}C}NBd7|Hf-m5wqeBYPbUHLEBOursw_wReBYYYNf|MImhKMyoE74T4Rq5i6Xu{3M z(Kb>cvU={ot%Le>qY0B)*Vieei_eov?AXxJ08Gie7`ciaAe73K{DMUS7d?}T1zHi zNmi=Dqzn6P-Y6c%kEVQMkfQg5(zGlz*Ns6W*7z!+sumNP+l0#1{h{J45j?2`2d0Yq zO}GVPs5oN)keQN969SYjPLtl>p-fp(rpp>NML~0+0`fA(U8e#)TJE{-1LVeqms( zzrFXrc7MF{TOB{uex+@+<=0&~6X`FTuVzP!XNfrD3acEXf%qCl+M$(dltb5O@r-1t z)EdWVbA$5c85=AWV`|(^QxzW7q4Xa_~hSO#TikfE?hQVA`b z_q6d7a=GL9@o438rXG(Cj*P8YHGD))F1Nj0Zm9SQ5mPG2JxZw(9d;9PS1ZM1Snsrw zU6TkkoaWgXLCzExNUW>Z3DbISQ5tQ)nym|0$J%TI+g$M|Mp5G`71~;>h@!ROBwIHT zWx661*Z*BdT!Vks|B+r#_iuGQ)!EkmyKT?5d<@>CeZhS!AJ7(Rv>lj7V=oF*qqY3Pt=v2JwT!?8a#nhTMWk7$& zMd|S<`aA0D@vyZxhJk4v^0IO$h&Ic=}b)dXs8)`vSPN+r^c)pE@XKX$H$>F zhqAjy)Sy=D9!DB);>+*P*5UEvp_H+kqL@OwPC z0RwdZf}{KDO|5k>FuGDakDrce{z7k=#c0rmn3}BtP>-oCDb@i;a}Hyz%F)ncEd(hI zhqR$9bU2!AaWwBO6_+HjQn}uqHledktn8*|9l6?;T)~y=ixT&@dqgo60n8RnN@ed< z1Y_CK9g7g^|KIN#{Ki0g-`9HI?s=l?>z$wKc(tvirO*ZkYDZ>l)_=|vIb9Sf%Nsi!#c1&@2}MPt zqIrvGgDf&uX7yms5}GD^sCWs7e9z-XMNS#iP!;4($G9+$dV(6RBDW?xxft(1lZS9~6C!0idReZeIU7ERqeV=9QEZyGK^?$Eqh4z ziHS~KIY$1*?c2Z%Z>K5^j|1waNsuq3%;+Sy4u%sE^dI8^_)zRkO98%XxQqvHt|j?v z(L^St_z~|o@gvDhJdS_jHXJYeaPbYS4Q~8^U)iQMyuz=a=AuyC2>TkPmT{F|*Oz^i z|M$22Ak_Z{e!2fn-=*FMyZ^ZB=Q}^y@mzaf>o?&8=XEa;$j%p2Wbpf>Qgo?$0_?F) z%>8AGW#9BrF)2}jyGG<~fY`L#0-_AJzlug$X~Xf})uG}$`T&^{HG2SJ zoh}FxrvcDPaZQR~A)Au#Xs*i$mNh)#SSG?x$6}%upiwnz0@$HqLQfbWaivN6#d9{H zFb);t4nTVM$cKunlIv8=$zW}z%7N_Rjo2z`t+dfxF-AhCh&oKtMvW9Pi#}2uC8EuN zAoq}$8-&d*!^NwTmhM&yI_l7;S`@}b+mfuQ)4RI4_hCL2PDYn`d(@OMG_~sK za50LdODHm2P$mad7EW}MjjW~`ORb>(ze4Dry#8;(2iUq5k+qOj9bO~^uz|w)ziYxZ z@MHb|vM z%-pFH7tV(cFNFfrqSk7QUSNFGJ2^TL9Q6hQM`nGqusbXf<7c?=RX!eh?f`c^J^|`ZQ9et+gPxkA49+q%(W@pjF{_sMb8Xxoqf6ZK`djF7%H+o#uQef5+X(w zZtAOMH|rHD^>T_9m#w9zBgI>i3*AlHF_HN|Zebnpq`A2=;(aSNOPv79< z2aZ8ba_MLyjn+IpvvlInrSX7!CYrvqh}H=wFP%Rz<_nAlz3yd?U%Gs{QbAXzNnk)C zja3oJkYYfBzV;wA@!B9njAIp<%_Cih*dyTdscx%J73Kf;yT0ri{QiOW`on!kd!Oy; z?fPQZqn)viuXa4$o@@KZwo9$Q*7`upE%;L1zwR8`+TD*jd4da1K0fkNB__c6kS{Rh zk(GE)E(LwZ{YQNlg8tcA{~3{#I1;}WO(x=~?@1hFUFJE|;1atkZ~P!rqv;Ea2g)pk zOsla2In2lSG+ZNB?zO?x%bh)2_f-!2pz^SOS%pjEu+wX6u==XJTwR#D-R5CY4H*4D z0C894TnZ5VQ$E?ug~qw;0&(BgAU^CYdg2NYeN#cb!yb>O(&gEn7{8c^Wzdd#FplA? zH9mL=%RO5I6)Y9UqZCLBp7EZoe%*8F!X_$;CFknXITxkuS#YjHTfLQYDRd%Gb$QG^ z)`>k^J(a^Mgw9u$u4^3D5)iv9=TZTYO6cq|EQhwbbPh`iqD_a*zP#00PSh~lOeAWi zn7~DHkByRCAl+SUOcvV|15R4|`kn0lt&Vb*hAKBaFD@c&lMPuBubaGi8E&K3R8%F1Sn2WDXdKyRbs03$d zs}(~NI)em<*e_#Ba7^x(saGjd*)EfPaH|CaC|;ERKkAxx?OGiC^uRw29Pj^`{{4N4-md`9lldb={wWsAB*MEW^5nhnRK3j>Cs)J2`kS<%aAlTfqbx7x2 zUj4+-(hTPropbr7{4^AWC3ropbFO=rdF|PHO8Z>CdnsQ}>YOWd&*baS))SR;DUz&7 zx^vl-w}A0@ymHuTr4TwwWw1}^hAM|u2py${SOVhy%DEIEj?*cFT_7IX z+NX0^N*`k1VfX4BHdt?t<F2|Dj?oF z$MTTQxhO%j#P&Q`IhW$$QiiH_J={ZEdvp#<88z5<*avhEOBG7kci8*259{~Vm5!tQ z{}Ibrbpj6RjU_`F6`Z{J_0=LBcRo z!M55Y`6)f7C8|GNIajsn0}E1D0=j4G<;r0dAX2Kn1t9L(dP(P8ew(GEawqB?lRw0S^GK+Y=axTRar<6qdK%A-^Rso`a%5%^9h$buN zQh?~4^2x4@*Jwkq55$SeVHF@!I&BMV;-Rfj9 z1&EZj0Q*1;R1T{E(L={zSOTKIaxMjklxD^*5D#tnbPh`iqJ4+;>KvA`^kUy(JvxVl zPB`fHSEs|V2EZpS z9aj5_MAea>wXi!HIf&X7(T#s)WXW&h_hIPb;5GOv9}0MvmnVD&(MnMGKfLp9_tqJy zZLdwy^cesTLEaCd1@~fR8U6^Xpk_H`mcl1B5W@SmPD`M)C_w==rIA5vL1Cz$RG55V z>l9YZCk4e^-KJumUkh6$CJYe)bp1B~72-sR&W>=S5&klliKVIhDBAT&`cKGNUeO6_DSK8d$qkNG z&ZWo=C`%l6WvP3%7Al8Tj9m}+(AKQZVe6|61m*t&u1~oJ|8C$f z`ajo~?!Dao_g%l?T7DZoy2r2V$ktmp&_Sd@TYZxTEHgDTtihvO!fh{_ zv0xx@F&s`^4SJ>*7p8YuEEwNfCMfn9acM!P|M`F zR4NgU;%yS6t6Vg`t)MXb=$3HZ3Wy`*a&M>rPLs=73^>yajt1{?YO;6h14Q1oU2vK% zGby7py7f9%)-i!*AujvF6MwW6G2PnKx?qQE-IqGLbx|ayK-m;aKxq+M;;vX?*O;oA zY%EgEekJ)-A_JFNsqn%T&Ns338X;rZo^9GE?R}QyRB2tvnBk^RH7vy+a>L@IH1Eb_ z9}U+oUA;xn?7dsBVxuRpr_~eANJeQ~aKn?QWg|DSbpZ>|1LqW+Z^PRL+O z$LQ91EJ?r3V*od*Soc(XNxGQ;U=*~DF5$weZe*O(*vLAclZ8M&v$kw zx&}L2+JCxjy5%eIL0!IJ+e!>SLm|U>ZJQn(8VTmXwO!}dEzy1JLLa=MM>@P%3lS>X zv8}7vxd>dqwmS$c&c4{%MVjgjexh3UZAumI|6Su^un>NsF?9U z2ykaXMf;mEnj{5S!@oTT7wF19n)Gp#-sQ_-RI}6QIO^FFZpeYq9D-4`(42;>vC17X zwV?owXe%|qcw_5|BwB4FcNAS7l>IYb&)2$tqU)8;-R<9K`+DoIw!~b|2m}CZ7#40WQoU;o8dfId z{e}w~7yd1hB%prQ-FzE{Pi+Zz7QF~e9Nhlomia4;VUVQaG%hgdMUcfLmR(0;P?39wv|9A zFzywCrhQx2v7vkkAl+THlo%uGqq&CC&ZWeRV|e|o#BE!`%|oc}QoVXN1VxuAAC15n z)&}cIRb@58G6nw3mTIs@)t!>`Qexkol8j}<)TNT+Tf#*{r~)s)j~OcP^kC6d z;A;~c#xT`diGOP=h2xSka`LE+9yvR<6*ERou5)0uty)){ePSz#?LBg#EhATC9&~() zwvfCKPxDEb*s_xS2Z$L?$SO0-DndzqB5l|}%p9HNnMvdc=c{aXpF=1$F82y-9bic4m%Z6vH>_GpA_ zHUs&>Dxb92?6Fkou>8nGVj%Z90!(9DtE3WEUxNegfvP*iFy5_;rY;!(q#lZ9jiwn6 z*Z*5)U4#E>Ak+VP-?P2_-GAHl2b~)o>+ONoUx5#tmk|Ql>!l7Xb;wxl8p(FZw39x| zYW$mn)P#`CPu({Yah|HBT)IJ#D^D9jOsRG!QL@yIp%-r5sS*0dp`#2{zedy}`lwHr z+A!*f3xpI=Ze~p+I(Bh^jI$k(69$cpyGz2YNCGt@ue)OmgXGMP78iKlXrDlB88+K{ z+A3kARx`qMsYOq+5Mf15wQHdwwr0asp6QI0YRy=(qHz}2jqfeNNFQ8+i#XBhi`wWV z%T7*|t(cL<4_z@Q28}|D`0&=d7#+2X+UU`tS#DBKszc~AhOD&CYC70f_g=E4TUgtdtf+oZqDu1F`>=2*(C`$JnF#DJk|?RHmnmeEHE zHe74R*oqt9Yd5@g3nPPWMBH6Q%0n?!$uakO$E;znX$7|LeC7iVPMR$!&u?5X2mJKC6)jkCb*{ z!9AX10og!iexg8LaVA2hiR7O1+X@+&z+=t`;H6EYNbh$T&oo z$qEC*nB-O?(bQEomhn=l2S1Z?-;I146xUw@G-};+eK#myNUd;5K5{O_Cq>mKpB`|d zNwgk0#m6qAXMuho&aI_Z5^2#;2zKG+Qn!Kgk!>5*vYd+~b8e+|VC#I~qznlE{iQB! zTZKsfjM8#Y*;XOkw4B&x3!uz=ASqJ`IkU-9Czdg%mS$_(Qnwh>YTnojD#nb@9UC^K%!D%$z?tEnZ)~l;onZR5+H%MAGO#N4ZrF3i#ah z)Mz-dO0N8vzObl%%YqkLAcF^vN8_0rW4_VxQSXG?Ut44n2)dU&6HJMNe4_$^35Sj5PncE*_4%cVV%xl*H}0W6xbo^5nAXdKgV92SjQ`%4dCdDCD7 zC?T|o5nu}-mBo6ibUztPCiD_#RO>&s{9i6kJG-a)B%3O|4?o2BjXh0v#|PaW?~(^@()PpD9SbvXDv*Hnwh|kr`k6MRU6JOgVHw z7D1|H6S674QC7nu7=#XWi$1GT_S0Cu$FKm4rR?ousLXZh7`}3GS*%b&IYB1S<$j6r z(oHjqZw zbvu9><|+CUjQ6_Kua2AD>~eQkX$I@+A+U$A@lc!&H;b9Z6eL5SY;NhehvVUol%}OD zc9*ow!0Z#zT5DCekA!Nk)#=j9SX^Jk;ws&{VHzBxdpGJ9C9&#I%f%ak34aLw&mRyb zLWfH)VR;imBC&!aLh7evfki4)S;1k5C1XNB1XCQSMZI-$E=547z4U&J(34o|6g(wm z-<#?#Vus*YXd%mu7&l5UV(oKsb=#x6>~QG?EQ1L9TDeW@yWAKns$3~G2+oH~&trt# z7$I>Dt64jyIm*RQQyHUUyrpiYG=&wn#&XpnIoZ=lh91t!VC=ANBR%c<|&N`A++QTOa&*Vf<7VzKQ=$^TRL_;v^aNk`pERW zG_bBa2s05J^#whnlfF@}H&k0o5ZebR^HQWv*fS?^rF0Twk5YM{HpLsS!8{4rPfi6$ z&C$YMBb8@}I%D@IgB^wN3SP6uRhtu$P;mS*ACOjUW`{~Aq?Bow)bvIm?I8zYG?CU^ zuEh{+wjxfOF@35}(Z5zF3QdPO}cHDzg4lTwD@ zvK2o$xI%J1UOGmK8WAvvqDG~R+5tn|qETbO0M2^Ban@GVA@z$jFw}PxYp-Ic&y@BW zcjMHr@Lq#OMBH*T7EP}!hx)FR<~3p&JZc(%X;adFXk`H!u}uA@@^S-bK`i6(PJ}0e z;}exwW?yMeT@nSPDT`*tlE@HrwoXO2EezI#9+4yw3S{D%P%-I8MaBA%M7E&F1W_%Q zFsb>0U>%6KLE-{o+wsEE5jY~rQ|83O&|90Qs^j`0Iz5AigKkfL9 z_8)3{z4bxYx9!OP?fy3)5qlj=f?{@7aHFBA0NKs60~4{C(nV~(l+5q85Yng|FpM%7 zlLKr96{btCNhr$a+)bfqz@IZjk*zaeL!S?qUd6hqs9>4G&@O6_u^h_$DI%$^;VmfQ zK!cFVK2*AZ5keKLUD7p660JmO%`_`mbt_-S1+4MXd8~kfohPdTri5n)Ci&B)bGoK$ za*B!`5!*YgcK~cn7aRNkNNEWxrm*=)T=;EPF|`JZ>Q*nQj8>|&hy_f!6-rP|Qzai| zQMoa|QOl6XymA{?9vRHt-zc5Muq%6UwgG#iX|+r+Ex_JjfMZ|j3^oTE zE5vFGQ=Tckg%LsvQ+ACI3sX!XWVA4)ejzclFC|sFD6qO)?nJ7@{y3Cgt2xgTa`Y5v>9vi*clsk&pyZr>>D?E5eL{ zyjecW79jEE7L$A`kx7PmHCYrt)9_wt?n-&` zgtQ*lxLAfqJQ=sP=1%d+Ykcw`&>AqEf!;jHtzzeQ`_{orNj{xP#^K#`GQ;1_wU$!5 zT){_!LIcfrw&f?4@avJ2XEX7I#@mI0iA5C{bqUASL_C^KB%|>wfZnZxe4Ja3@razf z%*9eXVv)kJC|q~4l(@DFP3A$*L{y&z_-#=T-N@ofCLMvo z-3-6NU5h4?=tooO#2WfCznnU?mX5AQZ&v;#c)PlZ7yU>k<>t9m+U;FNKe!xAgs&dv zuSLWB36Kf#(9yJX$6N$|h(!Z_dJO*OSSrGK%l|6;##;v?e2h=?r{YU|ay1&~($Rz{ zIPfo&r=Z|u@LjJ*dIxpf34a0?k8nxoe7*e!0!RG2)np!i`)nc;M++Ui@YPlB2Khfh zip68Dt|O5~zipMf!V426pGrbm-A00m_;w<7>)85h5XgHa`znNPV zCHizS0mLBsYi=Fnu+pIa-xPN}H5KJnr>27A-k>Mo3kD}c6I0^f=Ux+jY7EflV~I6% z1CDz-0)HYPaZA{6BpjUlar7_iN~MUv^x9f18Wx^~_%p(gu{QSsJJSc0DnXz6Hd=2B76${{p1rAeiso}BSbZx2YjUV_^31m9_(>06A!N} z#3TF-I0X_i5oWbV#~i>al~1KXU*R00e1UAkiSWB;LHDqB+&Tysq^CeQ(f8K)cm$~) zd@Bq{l5e4(ycSKSGh8fs6F(yHFIwZ0UDN1FI@O-^tmdM;2!Y-3`Y9$lFFTf~#T9c4 z#_=|;|F_(A4gTW5_x0cEd#mT~yFb`9)A{L+K-=H6ehfZvUREQJZU01v4vR^flv*8! zvW?``s$Q2q(N5+y^7U^Jj-&shptYN>%L*AcM(f{ZKGB9D7Rb;$yQ*0`fS8806Cs{X zr<2j;Oq%DzzEN(KyP1eXgfbdVtky4Q{QtA}CSYz|*O?%yQ2RzvvP2e(WKku_5@n%? zrGQ#wNh~g+iXz3OC~BojDBu+d5d}b4$fC-$nxO2o6Wi&uTZNVLCEboQNvD%eJDy}F znZ!xQNxG9v(#fQgZ?f1<>`7;m&eC?)c9J>w-uGVJhqv7a+y@p=4_`h<1ZsJ8?zw0A z&wtKIgj1O-$t>||8TgkcFe6MahlE*dccs5bvf^jYpE>s8(F;pQ&m23xI6-RMiH%NL zQLooZaZ0%|L=Uo)q-ZOYVdu34y;M!jR4Xc0Us38B;T}2yy#qlWDv^uFZ|&ab7(%(? z!KWU5Xk1#)F6Zftu-$w-oLi z$KL-a7P~mzXX{rSI747fEjjFZA7X5DY>#$HhjIP1SCj!6!MT-0vdaN-Jo>MS{ZED(sh3R{dZ(L zrkbyX706Nvy1gr>Iyy%B{~tsB|5t~6{lC-yOz$uEyx8?)?(gVa?Rd=Y)VFnhetv%A z9us9_it;3DwJnt`zh`3yHfW^H^0+#0Vq&9{@_P&Bo}_L;GEew#Pbdg_!n!*c4db3Cscu0>J@mbi+jlC7Zw=del&irtw`Q>#ab|x*t$&EoQb`($p#YPL4GAgJa6EYEi^Mt10Qg&Vo6zen% zm>Mtyru-~$sy)Eed*?U$u{sd8+s9^WZ{ZYM^B1{=_6IDW5q51<(Xx}oym^R?oQw)t z*esCoU<3x#$JAiPk{*eMfh^_|Q0kP>8||NL!5FW=qX6l`_~%;qd9l?LfCu7FY}B@g zHu_{E16h{_+{u)6Z9}+o&qgm5->ITsaEk09OZ!E?nT;MNX3#QJ4T8bOv|N<`4|FV} z{C{}p?Sa4QztK0^Q||h0_x}!WIxh|qcyDoIkL-qbj;r0UrF-8LH|z^d`e03>KQQU{ zO|HZRAqymz11CWdm!3;z(P+NME}T9HY#7gxSaxX=Cchi^ZC%!^nCT`5CGX&a@!WB zrP0!tay#i1Jh3PeqiLF`IwzFWAxcYrZR379ENB=bvp+20tLUatL4!fB@z86K{RbS` z+qJ{en0*3NuKNrSGe%6x9>fgv;$BBD?9vMp@H(@x6U*KqgP{oRwM{tDR#Qmo|7)(1 z$k3MtU+DjfzF+J8;hyKaA9sJXv)Hl5A^mlJgr)@Ydp91D)3=@DM{BY95L>agsp%W% zOoi5K^*WH_8xLc1AdXyBH95mBUzS#ViEm+RiI;C|RLc&d!%*onk_1qFa3ljzgjHgk zd3@s`GeOd;X!XeIjv)7KOyCAd(5OA;{YTBC{ z57L^ZoRSRbBBO**o{Aa*TIkBE#G|M_(-#{pri*6r(8U)|V`FDZg`fFtsfI`9Z=h1qeOV-3XxrSD_CxDL2p zArOo#lhIBxsFT^)ho!5R#6Vcb0-6yg(W(YeOTKil$DQ~DY{0#=*cWS+8uoOt1dEQ? z$s`xKe5aSP(Rpi8o`845lnoL0o-+ihk z?*Dgv)HQN@=qrPjf%U%M?R~oIzjd8*|9kfbI{peiu=NE*Q6H@uDx#=kFJsvob=XT| z3^qTu;gy4=9cu7_ajjufgCxHB4DF6o*aJY+hYTR<(A*SDgk%py4bL`d@NCm;@xN`) z<}rLWCMRsqvjG|Q32bTf$gq||gtjZU5hw1DVS&X<%_*x5Z8rOL#3C*Po*$C^msT4J z+(#B$(VWnxskE*w5Zl}y+jyKl9aUPu2(q{1=`_}dqQ@yUx;(190HB(KR1~7(Lj#t@ zvZY7DvRaT4t&iqohRFQJV_1E~vz{Edwd%0~oFR3iyw!fc6|wqMJe4NW$9M#fYqQvaWa`F|thgTFX%u>U~s z7kUcar@M}Iex+mH*5toEemDdfA9jKaMc6E1>J2Kc9)@8p$ar((NqjtFPpoRFAjE(y zT~|#hO4?~z7<*!A;pSk3Z*8ektj$W3eF&Acdt(j8q>ve`QaY1DEJbZCm>JXxXcKwB znZf0aX{={rX0W8zvw#&&kNq(dU-VWxGeBDfKz*LI7cr)r+-zgJy3xu&}BMBxgK?wDS!n5hUq~Un?z4*_8AcY zIsmstfE&t90fUkbC>4vJv8SX1Bia147u3MVn8t}o0AhQ1L8*mPa&?j$)WOGa{_pzF z!2ciKKja$t{r-Q|x2tEZ`_-;{I#=QC7J32FcS5#+&`{?fea+}1vE-!Sh@N$h$gch> zK1G>lH;&6k1pH7Zg++517>3}fA~Hx}j~S=17D~fym%>6iaTMzrV#)&Oud>!#hxyg) zP_;qWl#dy>v2lbl15QnbZ%?Kkv@JGyJi9TEg)d^(TD@;9xttW(+R7v6d^>8xRyw|r zKC^({?B6(yZSeFtG($v%Ofz;Qol1tIN5XN~V&O>q zg-6|dZmH%27^~v_g(&rjqS1z!GvNO}CA)e^%vAh;MihbQSPMx{Aq(1&$-v>(;QtSH zyyqJE%JAog`Uc+W`={R9J?q`!uDzX~g}0qo6C?mcxbxTsldWtTL^vjtO>*}wXodAX zJ1%!+H_pihq+x=PtpHto-Lg1X=#(yapKB} zkMh{5(8jBV;Q=Gau>Hb=+XpsYk&Ru$Gz9wrt`@@=xdgvJ6?qw-kwX<(Z4M2Awp8Z1 z$=;2Z^p@}@UCitAM5zW}qnkID7kV5Tc8BJ#sg?eSufHS+rKVd(!q*Z1|_FZDd? z{4ojy4eSiW!9faO! zZJT7As&vum1EdGRh2vy0?snb!43|DCUwX)sH8_0UAai?Zd%5SkPvQdtSws#lHBvBE z_@`Y{u>6&cWvso3#tThN8uJpEw6}RgCe8_JGY2MQHo~%{fbc*gkhj2QvDH%8m{Za| zn^PQbT(yB}*_*Q1ooX4!YMEZpEE0%zZ!BTcOEx~J{34_2CE-@9YP)LI50MRk>u+G4 zB(Z3NJ$??jUbCD*&mhpY$26NG`TuvhM*g?q9~#;@km&m_y%)N_;C`dy4_x1MSJMCd z>5aFs(hxHItw(AZd5n99rGafNh?Jq7!Ds;%Aq1g+ZEkvo=9_Rfn~p8#vciQMDFMxA zJ9_^3{DtF77tfq}@$~Vfv&YY$URYdQIP-#ttgUUNes%O`%OuLJff*5)3UEo4DjOZn=G0el-%P%1BZkoi zot8PqvA8Wvq7+e=XE(0McEp)d)xe--od0*e0`-5`{}<{1>Avso?dbkW*M|E#yy?6g z3DheA7=N~oO_lBhZ!ZhsiMWv#1ab5oEv7q-ZM-8_>@+qoLhmz+lbxrs9otEhe1jo6 z2~cq+^UrSFaO^von{O#%P){M;x3Pv5O=n>|V|_xZe6~=9LYgTe^(rGdDgY@lUmV-G zF2}n%9RLoNQqK-rz2PE85wBW*$2P8+7|JcjE^nftgc4hhGL%k8%;qWr(V;|s3g9~gRi;Jf=*djGs9(|yo=9^P_ZTU7$LM+;r}ViD4js>b2>&iS_p z8<%e^q=?_?IC3l1I2H@;9j@SLkZi-dHJCr=_xh$h-k`@jeZdFx6-e%lGK!;VA)FP6 z(Gw#6NxNnXb2fJb@Q^qu85oxm4X2|MkafKS?VO0GlFN7mn4RqLEu(icWDxO$&+DDI zxjq5kkj&Yh?({285zM1LJOzjiqpDlFaJEuRCo2^w+oFrpwCe8V1Yg1|Z=1HGf7|Oj?=#aw#CnVz> zlIcYSVmO>BxM9wl0lgn8?7(%Kr=aDsV?0vR#Q`T2RLtFcDe%h0QwyQMiG|bWkItVvCS)Se z8#X_h^@nGD%PSc0 zhxA+#Ac=AIU||?*9T8{kuzi1E&Zj_L+C`c=we9?9VF-&OfVJxt4dr6FgcnnZ7P@~* zwE#W2CO^J(7sBZI_4OH0EL9w-5ieWxQ>YfM~f{pli4UkWQh#mCiOq)8Xtq*6DeMxGe1uVN+E%Bv*hMqj#_ zS3xh4*iLkNPhk(1xX2@@owSH>6c!pfiGfX|-B*+`Vru`7-%At9;#4KgVG4r@dt?h zm=WSDXjT9sAYKWlh3Jc!&F{ePisQj*(d>IMcrtwsZE~nxrpv0Fr;_35k#HQXx=X`@ z09!K_iNkx#_&p$H+QvrZEB6$vV_hT!(}34Y(Cm8)JF$dNvg00C;r;#^R;~^hxtLo{ z2w4*q+!~o>20yB#CfXGZOAQm&D&4p)X&2G0&W+V_dxWcRnae$V|=?upL(;3KXt zDBVAXZ2@7iXqN8TQ%?I+8op|&sJhVZh*Px9Ct?^ZJc=)hgW4n9_15mf2le;&Aj8Un zO53!*XRPoDJ}Oe+y`*-mOa+z~gzWWX`s#cnZkt`>7}kOL6`xigFcawjV}*yYcytSx zOlf1=7BG{Ahp;Us+LL$JsXk2rTsf*wy?ARllSxKm(3z45<1`IIxWRQA}gf9ezy>vD5iX5QVsbz39zQrI`GINxCJ@20OfQrL%uCf0v6gy!?o+)xvO zk^RY1Q|dob!>5GcNnnZ|2Xd^i*CYm1Xr7J`+cgFx{Qvh|BfmHNBSV)5m->IQuiW#k z?(gb)r1Ssn_iZU1e75b@t1echN2q&qam# zcwEvJG!z2m(U5OT7Eto}jfomk&O=z#PRh9z$ENKsOk&@qL$CMES&Dv5taW1!jCmV{!RQy{ZT*15(jiVZa%QF zh%o=ZGdcM+q#QoXMTky8?vLb=Jx9|+Ma-?!zH_UmlZMwM` zTDHdvPdj&XbJV+r8G}6KDJM^%-6kix3@>u}hfPk02^?_>moh5P$oTel!d?V~y zkWB}DfOgFpZ1?oqH5m!DO(37~Y}aIApJ}-&9_^arg=s8teZ0qlr*ZHeMl>ZNO>~al% z|IjC4|KHE|rh3kG{ki)`J5R!!+xL|}R9L`ThP*#$nMSi06SJDJ*=tLnM&Woo8NvM4 zg(zKlNadE}vB*M-eorGy&94-m!y+TmDj+IhjghjLO*<`pX$iZ&XR&C_F2B4upJC zzn%h8l7J~r$FKsD7+yWaiLo7<0221c@O;S~3b&ydAmS;6&J<_kDbA`G z$)W*sF*W%&0p@D5LXq|BsL(kHoC>sIhNW$%k)`db!^uBVID##rPVWTcP}*(KJ26_A zr(B0>TrH!Z+7pj_Z?SM#b{sp$H5~^FgQAI!gJ&S)cn;ERh$ckDR#VXY2ivbmV__}0 zPy1DZ`imp9lW~vAIN|!g>-$_IKQX*8_?rX%zCZ0<=>A;SMfY^am*DNK^2+ZiT%b&Y z#sm?jbo|(rNa{?gRcIX1&8O7^*+ia8qOgcWuPbq_YuY+zz9BHw_CO<$J1d4lASxgKModP;_1C3|ncvG+SYO>E#8R^Ec~2X@Ti` zR(AfdGOw{go%Uyqd<&AMzP~}HFBeA&M|8&Ih#WF@-Algta6yg~Ucg7B-%!iMot0|( z_TMAU;HkAfCY`!JDEetf(X$YUuhYh!6D5s{Ey||~r|=Px>Q%m9qZGs9ekDb31-zAL>`J@nho!+5^1gm1IhJE2M$nbBYS zm{S}D1NKkEbZEZ>?}}Jmqr4u_wl|EmjcF5J6TA^ep|Ut5QQP(uE>Yr9;fbJZv-D^k zoy*v+c;Z;$bt81kJ2y2&OGjsBPTQhe-ok5GJSXrpD=nfEOLPt3)>%PFLmau;tY;E_ z)Xx*+8S{aaQa!lY2oac~`l{g+RUb?7%AP5z@NBObJ{wc*+@5EHZ2M*G7WFyb4y;r+ zti*@&y{GV!Y%O=F*ZNsv^faXwz&8)kuQ8%h05mUN#0re4DLcpWTGSMlt52MXiG6G= zJ>!hFnZwrEY&de|u5wdu-z>bi!xbD2qNp2kXd!>v@AXZ2yg`q5`hqVwhXykkjambJ zg};Fuj-4|Z_^Pag`=}>(BS#nuSQw$`wMSjEz?;R!zj3RUKVqt z5W~8qS1M!_(L&QE9&!#|xReU>PZX|TJwwdb9pkF0;WKkS1>~uNBUod;HWmZ&y{A@( zhtC%-%UY*Z(O}fNMY=LzYsk!3T=1xkS2Xhb3o9nZEyw^~wX<>CTM)2>&{~w8<40?& z!;D(i)REYn%^S@adNr94Bz`5Ci}7Y5N(UAybeK^<&c3>J#39M(?5m4l9Yna+PW3i6 zMiG<5v*n053TObyh$MANExfO=j3tCp^PTEdF^tX=P-a^_0OyMd*s>%A5Q|by=Pq~inVBs3R!laEw2{*D|;U>b3oaJn3n()3tjh6=@T@ zCQ6V{Q!0I&#id)9Afee>A&c*-SgY<dN zHW>DMC&;ZCE4(e6l^r!`43-WPNZRZ$iervLUko)Ev#*fC;?bGI$p{okR@c^Cn6KJM z#@1}^*6uE&+YCZ_xl}x10QU;SAM?OW0F=e<(-m6us^MWAdI86h zNro_8?7(`7LSWUrPhzZ@kk)7vV55v+t3lu_nTDB8MW8nVzmb9w)S`07PZD z#fUFlTMB2lf6d?vb2fih1zLcL@JNhVMhhRoq9K92vb%y^G)>6*dK*o79_eIQuM~I!F!9v0ofa>CWNz_9Fhw(Vg+wY^g^qrGFv*5%t#a=8(LSt}hUK5htqT|ducw>4KMM><0^8bO3RoBRu zhQD{{&A~l=|FQRt?k{$I+>PFJUVJ5Rd$c%4>$paw$`pwaTiQaYlBsWQe$jo?j7xrQ zt++=HpBgT@+aEshHRk3gL?!Cntx!Hx9HqUeMiGk1i*COn6abXFWs{-}PH=++BL8 zg{?6gXT^eN@y>q(Z(4o5cfRAZ?l$IT3stX3ESN{01yL*4CnCux=2-gSLn#Z-T*+m# zu4u95eKhX?r+$>MvOMA3B&2^LL_9Ez(a)u4nzZi=4vTD&LKOa*45vtB3p#4<$bNl7-Wwo~A2$KQGQ}Azd%ehs5eXx*chGxT>?SHdR-DEjj_hyHAck7t z+chPe=WO9gBB(_k!`67L7^3nW<)S-MEms5pIzw*fsn#dkXOw_|IAXQ5!Bvk|4;6#> z(u$au25puJs%Z*smanI3kTna`tSMt^7Ryc=d#G9YwPHZq4Wf{{O}H^^7v72$95 zLy%0-@3=u5#BKs0Oc#B!A=4U=%UA+wiXr3d0UNYrB>%tV8u{{YWbjW1zOVn|eG@%D z)}8KJbdPrYgzJ{==|8moJ|~|Y)C)G9khSErDQCB(oKXJN;t4D{vLKXNjb=@9cHB>~yX8G#0yRN_9PAZ#B)m%d+2Bd`gZ*>D@w`hLx%E zDRzdnB1A4(See2nCp!otNBRG->la)jUm5<~(690QZlU}|GW{lO zFAuaJnGkn2txdA9T^B4UIp5E6r=cLXF{E1q_8hPyL&1=8eG zSoThu%$JF5LLu8-d>$JGBKF3NLJN5xCUX!fp2RAtV(N$%lM(*fhQ+A8#RaTYWKGp3 zLvGX6Fx3f~2>|fT5TzhcKmQ+cO}Iwx46hHpI`D`6@xIQUME5!OKXks;F#{jC^7j_Q zSc0U-xi+=-`RA0=K6ENA7gLcIx|G*a5y>Cx#DSB=Hz~b})x^xKQh7nhUQed4E+n!- zdIiE~TSWwkBS&gsqUO;TqQ(-ty`#8?&OoBPoFXnxUEA)OH7csDMdlwDU(gV-2yw)h4tMKJ2aOg5a(UWl!t)9_6Ne1Yj1?`$v_ zAPZIVqs2>d7^BW@SPjEsZW%6^-R6L2T9d&~Ovypd?rY35#aFSU zoy3xFVre|$3iA0^9IFX!DCphWPS4jKYb>YFFBLE1n=8T|o8wM5VGpMGwB4v@$UCVwIy4FY8)}dY$2X;xpc<)OM<1y4 znFQlZ2O~nn>ko?0422Wq7_GZ#=aKk7))xF$Xjuo$PW z3Dr1bNrw8E@KzOHgDp>RFRmKgi`hA4(`!@j#lGTOV$Adi6h=2^Py3`JWqP(ISw5cV zfn?q!(}z5qhE0QRv6!s%icUXk5^9pt^OR77TAx2$ykcl_XXd<$9Z5QRFX@);CYNt? z$%nTvU%V{KP{|dO?x)vEWMaDvw<1*xuJDS<6=o9RHoU^Yq9997*(yuakMRmOLvnm? zZ-cfEJbu*B;|CO3q>kmYClY?W7{O;ss$#d4DQ*Zdow;D!SH)E5E1mdgwN|kpvto&B zZ*dt%RH**HbG(-R%vz3VTlzEM|No3@5-Xu6TrKtPp zm_^g#?^czclyWpu`-SrFwAVKinjx&seZ_Y~L>Ivto9h6?*^t_t11wW(F;gGOY0an$)TEIcw@z^>;x1cxh0J?56QQz z@)~=A`CKH#$F^Q^Z&l;8u{e# zb3^}baJv5=`+lW&xo3aZ*WA_4mt0@9oR4p{Z^)-heOOaSP))5S6O*#g+!RaQ!~Uq6 zZ;jbBK%$*c9po<)&fR>e*U-qp99qSQTpe&>dmFi9r5@SHX%S%<@qS5&b{aXp(3WJ! zq)4(c8?m-dEWQ*Qvpa?kRQ3ndOdgswvM>W@+A(M~D865zF`r+iFi< zK3M9IEu&UN8A#eJHGn2rMvfghjT**u323vy(V!Dma$OW>JR$(H`gaYodd6_bo;v>F z;zwyKuVS<^qJG=jQ>KbHu?!!?!0D~G5Ba^mDUUbkkyABgt9eb*a5OE1vx4S0^Q~&I zrCH@#fv)tKPBNbjUlyA!X{RYKZn}OQbrVDV0QC&N5Qc8mo0o3hT%TA<3)x&c0q1HPM`K8kRv_GO|4ND%J zsX(}>+wief6+w}%Tjs;4dqHrAh$scACzn*xj+H(@i&%x6F}nO_B$a#-5za~F_0oM< zjzMg!v~Z;WOXx&!rDlNi9HS?Nw$kQDs=hS{E*Xab`OBqyvFOF_5v`1hh0rIduNn&=6 zspuqWrJXPdXOv0OE3GI-`pkmP?Je!VI!7#PV>Fl+yW7eusKbQ`mPTYn(@NT*qQL^n zH6v-~Yxx>Y+V3w7W5v=T5y6hqX?h=YO?n~igKj?(5x~4dv_n-TuNGrM+b`FL0y;lJ41tjCoMFEDtGvt*Th}!?QISuhQIsUH39rUH&X}!neX7{>zl)OP!3V+KYm7N;74@$^AR$9Eg1 z<3X0g z`G0Q>eskbP|1*7`?R~xb8(nX@_jcaz`Wq?xZ?pfO-&2}2j?9^gx6O>q`C4b=$lP7> zVCm=rhT8+`Ib3?e(7rHMKbvM>wqSyCdq?R*ScU{^$Ws&FB}NZZc-YEVgI4fku|1jV zz;~haIIY%~YT+NKgR#&j7HM|8ok0j+wT36PKWFA zCMnY`iE4Ea3z{V7>Lx|Ne^>-9*^kzdG2b{3V)@4mV)^O0080a(J+XYK^r(EqTCGKl zeW=Z-#dD738!g6PFMSY8P9Ohwa^qM$mc7BhIWt{)1dHBjUf|liU{ZBSmmW5eI#bT! zG$P|QSn`N*V;l$o@`sE8a!U|_oi3Pff>-N;bpUdd|M$6ku908p{rjG8bgy-Fc9uGB zz#Dq6{IOC<_IMgi$!J}W70|^_iSi8`Yb8pDhSF!2SdKv%f!H~Iye0^@D#rP2HXU2e zWd+slHGTj(=Kw-qX1I1Ll%}wr=@hA%1*E+$ke^ieDw#5kXiAYfT?!caC7*XL$a10W z_e(ZPn!d}N>JuhC4A)D3EOnjm*P7IAN3L5-^d=#JyW}%KH(4d$>O{6rEtI@FPzy5w zc|S4sX`i~?(um1+K9^V!*CMx$6UP{iM&G0%wzD|_4DyBb2_X?)jtf!v@0D;oBcRAC z5|0Uq?1ki20d-bRyp(!jHS7z_&dy9vP0#p!-XLnmlpP+-6N^EoYIN~RE*k|F(h=cG z_*yKPM&AkxR8#1SYXN%n85Q%wS1iYqk*mjqYp{3qbU2lQ`DE}l>$D|{;tz52Cw%uI z_~)TaH0(n^URXwqv-OFn5Ert-nZyMly&6k|(W+B;AGL90Cp8* zuzBF?ggQooyOJ{R)q(jK2L z5S^J0`0*buT|f<$7MIu_O-2QL*0k7FajJn3;Ug`XGpRh#;!cHgiO7|OL{wOV1NEB7 zo3He0E-ol+7Hh7k5umy7IQZT3LO6p}A2wFO7;xbAAq`Ini72{P@Kq5IBmEZo&TFxB zHW!Y^-ofW1sZT1LhTDukLElLBH4}k{uf{yHzS(Fbyn=N_`wF8UEq9*5?_8hAg2_ol za4UCISPAFiS@e@lOay)2C_q4uzb^e9=o}KLE1dc((Kpmi5RrO^;Uh2^s;dBR$MN|} z`;cXu=k=mr5l%<00KGK=E$8@Gt<8j%LR0ABuYeIrUyEgk)msC*32&y8Nm#m!%!njR zWTzA#NH=KHnxVdS7-VvY&Pr9wumEaj31XXs!*XoJZ4ib<`TszNAMyX^2mfy1Qs3YA z{y#lST?3u}4&HQL8WI3f*I_4e$F_t&aouF9;47tPu;@|93e}d{(aNltfX$&hXPiU< z3DDu4WWS|BA)Z(i*-AVDL?a%MM}x#X^zuk#J`v#Z-nr7#lwN;qwoXKE&ROLYAPH{ zi$4(u>tY@tpomOHWZsrJ9n#nrvSrnFyA?jRZtOW)SLE}K5S6=@cHJvip5eo-OjC-;@75@D6Cc3P;s=yQt3&on&JrQ+SULh zAeJ_Ir!@cxIHNUd==Sc?92T)yXs#XQ!0NBb?Qb2BNuh089y^@Ph9g&20WzAjV3^5w zp?nnC`bI7DvC^!p{@QiCV34H=P(mPD#w^#`2l{}d&s6vb5x3%CMKf}}G~;-<+Q2{x zZW{D(CN-49rD-gBoh{;EUM#8bVrzvL9QpsBagA&YpC6hU_^JNq`gZh`y5Dqvyz_F$ zr0X*p39#L70p0JEKHbk3U_^3k+1(K=Jx?3WT9^rG91Ekf888#yShhi!DL+;^NwFPj zJE2)`>U1cjA6xoXh*p6Co`&EH8GHpQ9`M75lJCkubuJ6hmIsySaHSxX25dT+%c#E3 z7oxr|ol7KekcOf(0H&WavluL4*7ma)>Cy=-I31FzHRPb3atF!=)&UxrAgsaCvxe%* zh#G81bv^E=EB}Ik3C5K!9do44U+N|Vsy(Hnaxkaf;>&88n;Fb;4u&ZctcvAenBozv zlX_VxqY0HFx$T&h=2uGdv<#Q(tVOkz3`J5_T`{jNe1+%#bsTYx{P=Kb=*__|4ScSD zx$kK2L)~BQ`g!-~I@jSN=Vd4Xi11&*x+->gDlh>kB1{G6d@OZ@?H4jVT6!6~5slg6 z7UZ@qW{dAFy@W-jF%sK?s9L{@ib_pTXjZR>FI~j)(U|OPK|XCc+4)7}OSI~=QZOr+t$Y)#T17oFgj*2BB;;>noz=u=}DrRR5 zDrQhSU{Nr824ny;a$uaNnFUq}4^SB9P*9Pj_fzSnved#1Vy?sqz0cYWP3^=*|8^O=%>l?Bz3 zc8)7qs8Cv+^3Mf~s;koG7yEf=oJ*?;z7nk{QjL?YO4m_LGU4a!DMcw0rYQQ0QfKl@ zHE3(=Tvb}SYMgkq6v5IV@P{I77Nx@i8xfsshI!{3G?OfTlR7@*i_Qd>BT$}15zXz< z(lUKx70gj29SE9PhJLl-jcq!0bUHZW4NV8gUB?;CSSc*u>z(7OdmWhbG3`2P;=Sf< zSB)=rSLsbG9@3?xSd?SI*|czz5@E*P9xpB7JB&a}@Vbk15r^DiAIlJKa))hCdpWDf z-EzIOmsi=?h&MVj74dGi=jdzNVXgg-zN z2*7BpAfp7;9raQY{H|7e5il)Y#Uj>XT38UVgpt_pV))9L8~=aMb=WohZ-+iLFw=jh z@6n#`=)TAOjn11LZ@}B8FBqhsk_}`H7l;HqTP_yldkV((ajcY-rK1rkGvW?y>ps$@ zgq-E=(8OgdM2M|}3n=^tZ4f!ZGA10~(b6hbN`2sgg^^C2cIyKVo9QjiZLgQ&a?;YU zO179sv0E>V$-K}le3iBa%4m|HwCsx6PS#)xKtAcxTlCp<*XHst^_M-DZ>O`NK&(0d zbmJQVb={awT~~~)SY&QXT^FXsT%qiwa$1ataPLBapSe&3S)_ib zjyD(OQ2sX&L4Q6PI;i`tLL!pBk%FaT@a59tEB#-u3ST5(5Pm-XT>`!EXLcqC|2H#@ z=zH`NzIVRdLER{IkwDhh~9&G8t zw;{Leqp~^F%5WI#+ZUZ>DDo~N#`pr3cHMMDe^;O}z>Gg4n`;L%wjZjugc+0i|4+L{ zJ~n)1XuSVF_bvAPZud&piO&Dh@v7^m?^XiL{CjWhD(^64$OTwPXtprq@|p4ot@j#~ zNoVN5jXG*2#()-JC&RMX8+Nh|jF|DjX56gDXCn2n@(_;u&MmgVX&TC6b08-ph zIl$7oE{xe0!IABZYn$xk8@wsT^nlyr<=wK8(!nuVy3?A3-nUpvp=YJ&SdMsKgKm}E zd&;}yi=lHw4n3J8T zxEjc@M53@=^v%8)VlssBIh z8i@=)J9Kd1m=^%xj@^6JPqPnda}24JHU1w zFtc6kN93eyax$RjpDmpZK*Hnl=`?J+>^z;;f`m<&4#&&;DYNASMs){9i_?_!S5e9+&|L$#hy=gKizfEJ=F25@WB>( z<;Tlje9O?j2lx2W=1{-D1z08OpPCCQvgcQxKQ;B@sf(`$7hVd!`20C}i(e{nG?_>U zk!&oPFjl9FXOF^{W|DE?i36~_#*>L&^}Geq_@P|lY67-bc&@?18~7;)PQ?(6mqovhU5TX5r0i5Kj)IGBKCFpm?JRq+a1eIo9;b}BBpjcj z)kf#?E#{UJLe?&g^1=O^^!faONxyG$B`yfrH6d}}B;44g=aSjQR5JV6h0_O@LQ|e2 zvFy^KkcRuabn)~d|I}pA=UMg!+zGC2<2q?34GnqWFxq43w4{Mh+QJ#s4Le} z5iROtDk4%cQW1|ZJ>^?op7BqBeOjM@Z`k~3)*qhrEwA8oSI2mH%O8@Z>DD%03Wz~R z$1bL9lO|6EV-P2U%ubdcmu2Q?V51s1Sw4uRd5GNS-a79y+qUxhqYI9gIvkHDBQQH8 znOKNsC~KF>EyrV#g%tgsR=^>YAHxzOKJ(VwbxQ07A$vWUzB(U?w}2r84<hW`&M(a`_l6mwVkQ7JgN_3rp9b;|i- zDsch^0cQY|i2uMrewn*XN5$AMlI2}C}5&f%7 zd0r&{|E6o?^TVGTni}|-{_}mo-jVKV*C*WJ&PCTZw@~`e?NRctl|PI%5~6l6rMFh= zwx#yOnOu$NW|XOd3}{7>Toin{Cl+P$Q0PlH<9*6g4V0h6o{A(z&(}(qF^#@xUlh+V zd@>NP=(is(&tYjig+t2AwbEb&triklAq{bdoz5FzD~^(hDW6zBQWE8~qdY6&3vek_ z_yVJxY{VD1UP~r)AyJ;8V(YxSPTe`5%w>fO;pMo=CZsKqkEG>?)z=s;!xheCl93or zWF}X`u>_L|Qw7-%m8a#)>K>2ODe$AYOg6bHq;0;eJi&;F@{y(ZS_h~ZEr+m}P}1k# zs<{Yf6kZW*8)PH-tL30{Yf*IZZkS^N2Q*vI>lC-N1l&0N z+Y%-+mdL=Q*odGD&1l(2>6}j|GQF=Mo7tSeAw&66JuT;edLp{Ssq@=lG?$ z8WO)Q_|sqZV}naF7F9^i7#!IZQggK><`MNm*@x9nOy9Oz(Zwcd(3cuyv{_i$%)#oY zxuE=i*i~?i{KfFCp)-U2f&2UZw)aat7rLi`0WjL}*YMHZctMK3K%cQHMGwtQvD9K) zUE}FP=b569m!HG-#9>mbt6&i^9~~;6z#>B9lsd+rsSPWFb3O&%O}`e&#^>4+k%hvp zY!)AJ{b8W|tmJ|~9$U=?@x?C8eb8w6IF<%vKoI0#s?`oghir2M#MKkABHJ`QhEnfew|AO5PIDQ0irUnT}T25=Kgqh-*2>w2(>W(h)%e z$lffcj+T!|7Z^mQ;(9S&;5OxYjh5#n;WS{~Y`(u-tsBej6|LK7`LHA$EzMyJ4BAw4 zCdV)-}J45pSq-*34hrc-VJ%j&jz~A?0y`SoNrF*`s zuk*V)-g70nrvLe!<%?MSs5ZPqokdK~1r$u3bH`3DOoyI(`AG1&mtI}mWa^mJh8v^l z@a<6qRWvE5^p{_hgaRf&m0E@7ye#4JMKht)8NG4!v*yCclrLa=D3ZCTwF!i1J~QWM zQW1yDrCcDV*99)Rp>OeiGeSmV>+I=_u=vxEMSCtgOyVOC5%>Xk#09Lt{876 zQwLAVp-b*$`2|@?wK`7ja%sjcB$!r7&|FUSxBR~HX*nO+siwU#DkSNRZt1}{m{LPF z8wy#psZR7GW93s=K&s6`mcqe#YKi)*uv^#8OUv0z(jQV8e2RF)fUQRI|F>KtKQa9B z&<6*5`u|(sf9id;=h5zd_n&qCX2*}a-r|-2=TDX+W`2XQqH273>r8W7%x{dAmnEgv zg6J7BgLXp=MW1nhIgEwl(Lg;wRtf4x20%Ic8wt2#y z@@ppMjfGEXvohW_^R~DADwYmGzf~YEqw=tUxLYY=UJI z2=NuvU;;sF=1Mp%L|@Eoeg}S6l!6r966j;T{1O&1f<9n3WxZgobZc7;J&PqG@my4x zkH@9I0FCTk3Bv>x5G3QxCjI|^?HXAfK0ovzK4kYSoaQ+ z8kDNY2OJp1o@N~m%))B;vaK*SUlxq9TR=u$ScCFZ7PYA#p<#>|{yR0?2mXMRVZy61 zk1*q%nVOyP;Z8-|v9PZk$GSIt4i)-;M-7(%1;xXeY%CIo_m=T{ zKvA3wuZG`ACSX43WF)ydJv-@}4o$-UhNicYTTX$tEXLkJoREOmOC0D!<*QggXf%aJ zw>x9)pzXWez2&#?g+-h-EhYnV0l}VeF`Uayn^k$*87L~Ao1H;8W>a2mtXj86$}!5w z2CnD}V<3cl>93Z~KU z02v$$$*@gn>$}RAr7#6tg(^&8)K-=-Wh?mvrXe(*@(LCW!qs++$JAbQN>M%4iB`l& z8ILhq3B&9HA>wZh$0=f(@{^n5zPrkTu`V$cpX{G@Z*zP{M$aiS_S-wkQQ9la*Qrd~ z+$*HRtI=5IDi^mv^8c)B@eM%% zmAaKU;GGKw7?`0@Oft42TLMSi45yI4)(DmIhsy8B;iX3NCK3lr<