From a80e7dffe1f24b5c6ab2de350e3a94fe23c6796f Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Mon, 19 Dec 2022 12:26:51 +0000 Subject: [PATCH 01/12] Add ALZ Custom RBAC Role Defs to ALZ Portal Accelerators (#1156) * add role defs * fixes 1 * fixes 2 * cleanup * convert to follow policy model * fixes * last one i think * helps if you build the bicep file * Add readme and cleanup * update whats new * updates from KR review --- .github/workflows/update-portal.yml | 3 + docs/wiki/Whats-new.md | 4 + eslzArm/eslzArm.json | 21 +++ .../roleDefinitions/README.md | 16 ++ .../customRoleDefinitions.json | 169 ++++++++++++++++++ .../roleDefinitions/Application-Owners.json | 28 +++ .../roleDefinitions/Network-Management.json | 26 +++ .../roleDefinitions/Security-Operations.json | 34 ++++ .../roleDefinitions/Subscription-Owner.json | 29 +++ src/templates/roles.bicep | 43 +++++ 10 files changed, 373 insertions(+) create mode 100644 eslzArm/managementGroupTemplates/roleDefinitions/README.md create mode 100644 eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json create mode 100644 src/resources/Microsoft.Authorization/roleDefinitions/Application-Owners.json create mode 100644 src/resources/Microsoft.Authorization/roleDefinitions/Network-Management.json create mode 100644 src/resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json create mode 100644 src/resources/Microsoft.Authorization/roleDefinitions/Subscription-Owner.json create mode 100644 src/templates/roles.bicep diff --git a/.github/workflows/update-portal.yml b/.github/workflows/update-portal.yml index c48bc82a3d..9ab0fe148f 100644 --- a/.github/workflows/update-portal.yml +++ b/.github/workflows/update-portal.yml @@ -57,6 +57,9 @@ jobs: - name: Update policies run: bicep build ./src/templates/policies.bicep --outfile ./eslzArm/managementGroupTemplates/policyDefinitions/policies.json + - name: Update roles + run: bicep build ./src/templates/roles.bicep --outfile ./eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json + - name: Check git status run: | echo "==> Check git status..." diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index b2a555f171..4718e824e3 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -51,6 +51,10 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: ### December 2022 +#### Tooling + +- Added ALZ Custom RBAC Role Definitions, as listed [here](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access-landing-zones#rbac-recommendations) to ALZ Portal Experience. Fixing [#1079](https://github.com/Azure/Enterprise-Scale/issues/1079) + #### Policy - Updated "**Deploy Diagnostic Settings to Azure Services**" initiative replacing deprecated policy for diagnostic settings on Storage Account diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index b871351ba7..1093e9d715 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -702,6 +702,7 @@ "deploymentUris": { "managementGroups": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json')]", "managementGroupsLite": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json')]", + "roleDefinitions": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/roleDefinitions/customRoleDefinitions.json')]", "policyDefinitions": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyDefinitions/policies.json')]", "vnetConnectivityHub": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/hubspoke-connectivity.json')]", "vwanConnectivityHub": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/vwan-connectivity.json')]", @@ -756,6 +757,7 @@ "corpPeeringDeploymentName": "[take(concat('alz-CorpPeering', variables('deploymentSuffix')), 60)]", "connectivitySubscriptionPlacement": "[take(concat('alz-ConnectivitySub', variables('deploymentSuffix')), 64)]", "identitySubscriptionPlacement": "[take(concat('alz-IdentitySub', variables('deploymentSuffix')), 64)]", + "roleDefsDeploymentName": "[take(concat('alz-RoleDefs', variables('deploymentSuffix')), 64)]", "policyDeploymentName": "[take(concat('alz-Policy', variables('deploymentSuffix')), 64)]", "azOpsRbacDeploymentName": "[take(concat('alz-AzOpsRbac', variables('deploymentSuffix')), 64)]", "azOpsRgDeploymentName": "[take(concat('alz-AzOpsRg', variables('deploymentSuffix')), 64)]", @@ -1041,6 +1043,25 @@ } } }, + { + // Deploying ALZ Custom RBAC Role Definitions + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[variables('deploymentNames').roleDefsDeploymentName]", + "location": "[deployment().location]", + "scope": "[concat('Microsoft.Management/managementGroups/', parameters('enterpriseScaleCompanyPrefix'))]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtGroupDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').roleDefinitions]" + } + } + }, /* The following deployments will deploy the required proactive and preventive Azure policies for ESLZ policy driven governance */ diff --git a/eslzArm/managementGroupTemplates/roleDefinitions/README.md b/eslzArm/managementGroupTemplates/roleDefinitions/README.md new file mode 100644 index 0000000000..ac039d2c54 --- /dev/null +++ b/eslzArm/managementGroupTemplates/roleDefinitions/README.md @@ -0,0 +1,16 @@ +# Information relating to `customRoleDefinitions.json` + +The `customRoleDefinitions.json` deployment template provides a unified deployment experience for creating all Role Definitions as recommended for the Azure landing zone reference implementation. + +This template is designed to work across the following clouds, ensuring the supported combination of roles are created in the customer environment: + +- AzureCloud (Public) +- AzureChinaCloud (Azure China / 21Vianet) +- AzureUSGovernment (US Government) + +> **IMPORTANT:** +> Please note that the `customRoleDefinitions.json` file located in this directory is programmatically generated and **must not** be manually edited. +> When making changes to policies, please refer to the [roles.bicep](../../../src/templates/roles.bicep) file. + + +*further guidance to follow* diff --git a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json new file mode 100644 index 0000000000..e8dec1d79e --- /dev/null +++ b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json @@ -0,0 +1,169 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.13.1.58284", + "templateHash": "12224779871540963425" + } + }, + "variables": { + "$fxv#0": { + "name": "c9a07a05-a1fc-53fe-a565-5eed25597c03", + "type": "Microsoft.Authorization/roleDefinitions", + "apiVersion": "2022-04-01", + "properties": { + "roleName": "Application-Owners", + "description": "Contributor role granted for application/operations team at resource group level", + "type": "customRole", + "permissions": [ + { + "actions": [ + "*" + ], + "notActions": [ + "Microsoft.Authorization/*/write", + "Microsoft.Network/publicIPAddresses/write", + "Microsoft.Network/virtualNetworks/write", + "Microsoft.KeyVault/locations/deletedVaults/purge/action" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "assignableScopes": [ + "/providers/Microsoft.Management/managementGroups/contoso" + ] + } + }, + "$fxv#1": { + "name": "dc726155-3983-5405-b446-9bb27b94e02c", + "type": "Microsoft.Authorization/roleDefinitions", + "apiVersion": "2022-04-01", + "properties": { + "roleName": "Network-Management", + "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others", + "type": "customRole", + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.Network/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "assignableScopes": [ + "/providers/Microsoft.Management/managementGroups/contoso" + ] + } + }, + "$fxv#2": { + "name": "d3584a79-4f0d-5980-aa3c-7a76ba783b76", + "type": "Microsoft.Authorization/roleDefinitions", + "apiVersion": "2022-04-01", + "properties": { + "roleName": "Security-Operations", + "description": "Security Administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy.", + "type": "customRole", + "permissions": [ + { + "actions": [ + "*/read", + "*/register/action", + "Microsoft.KeyVault/locations/deletedVaults/purge/action", + "Microsoft.PolicyInsights/*", + "Microsoft.Authorization/policyAssignments/*", + "Microsoft.Authorization/policyDefinitions/*", + "Microsoft.Authorization/policyExemptions/*", + "Microsoft.Authorization/policySetDefinitions/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Security/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "assignableScopes": [ + "/providers/Microsoft.Management/managementGroups/contoso" + ] + } + }, + "$fxv#3": { + "name": "402344ce-48c4-5ac1-9320-16726050f964", + "type": "Microsoft.Authorization/roleDefinitions", + "apiVersion": "2022-04-01", + "properties": { + "roleName": "Subscription-Owner", + "description": "Delegated role for subscription owner generated from subscription Owner role", + "type": "customRole", + "permissions": [ + { + "actions": [ + "*" + ], + "notActions": [ + "Microsoft.Authorization/*/write", + "Microsoft.Network/vpnGateways/*", + "Microsoft.Network/expressRouteCircuits/*", + "Microsoft.Network/routeTables/write", + "Microsoft.Network/vpnSites/*" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "assignableScopes": [ + "/providers/Microsoft.Management/managementGroups/contoso" + ] + } + }, + "cloudEnv": "[environment().name]", + "loadRoleDefinitions": { + "All": [ + "[variables('$fxv#0')]", + "[variables('$fxv#1')]", + "[variables('$fxv#2')]", + "[variables('$fxv#3')]" + ], + "AzureCloud": [], + "AzureChinaCloud": [], + "AzureUSGovernment": [] + }, + "roleDefinitionsByCloudType": { + "All": "[variables('loadRoleDefinitions').All]", + "AzureCloud": "[variables('loadRoleDefinitions').AzureCloud]", + "AzureChinaCloud": "[variables('loadRoleDefinitions').AzureChinaCloud]", + "AzureUSGovernment": "[variables('loadRoleDefinitions').AzureUSGovernment]" + }, + "roleDefinitions": "[concat(variables('roleDefinitionsByCloudType').All, variables('roleDefinitionsByCloudType')[variables('cloudEnv')])]" + }, + "resources": [ + { + "copy": { + "name": "RoleDefinitions", + "count": "[length(variables('roleDefinitions'))]" + }, + "type": "Microsoft.Authorization/roleDefinitions", + "apiVersion": "2022-04-01", + "name": "[guid(variables('roleDefinitions')[copyIndex()].properties.roleName, managementGroup().name)]", + "properties": { + "roleName": "[format('[{0}] {1}', managementGroup().name, variables('roleDefinitions')[copyIndex()].properties.roleName)]", + "description": "[variables('roleDefinitions')[copyIndex()].properties.description]", + "type": "[variables('roleDefinitions')[copyIndex()].properties.type]", + "permissions": "[variables('roleDefinitions')[copyIndex()].properties.permissions]", + "assignableScopes": [ + "[managementGroup().id]" + ] + } + } + ] +} \ No newline at end of file diff --git a/src/resources/Microsoft.Authorization/roleDefinitions/Application-Owners.json b/src/resources/Microsoft.Authorization/roleDefinitions/Application-Owners.json new file mode 100644 index 0000000000..ed16ac22ef --- /dev/null +++ b/src/resources/Microsoft.Authorization/roleDefinitions/Application-Owners.json @@ -0,0 +1,28 @@ +{ + "name": "c9a07a05-a1fc-53fe-a565-5eed25597c03", + "type": "Microsoft.Authorization/roleDefinitions", + "apiVersion": "2022-04-01", + "properties": { + "roleName": "Application-Owners", + "description": "Contributor role granted for application/operations team at resource group level", + "type": "customRole", + "permissions": [ + { + "actions": [ + "*" + ], + "notActions": [ + "Microsoft.Authorization/*/write", + "Microsoft.Network/publicIPAddresses/write", + "Microsoft.Network/virtualNetworks/write", + "Microsoft.KeyVault/locations/deletedVaults/purge/action" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "assignableScopes": [ + "/providers/Microsoft.Management/managementGroups/contoso" + ] + } +} \ No newline at end of file diff --git a/src/resources/Microsoft.Authorization/roleDefinitions/Network-Management.json b/src/resources/Microsoft.Authorization/roleDefinitions/Network-Management.json new file mode 100644 index 0000000000..bcd598b035 --- /dev/null +++ b/src/resources/Microsoft.Authorization/roleDefinitions/Network-Management.json @@ -0,0 +1,26 @@ +{ + "name": "dc726155-3983-5405-b446-9bb27b94e02c", + "type": "Microsoft.Authorization/roleDefinitions", + "apiVersion": "2022-04-01", + "properties": { + "roleName": "Network-Management", + "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others", + "type": "customRole", + "permissions": [ + { + "actions": [ + "*/read", + "Microsoft.Network/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "assignableScopes": [ + "/providers/Microsoft.Management/managementGroups/contoso" + ] + } +} \ No newline at end of file diff --git a/src/resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json b/src/resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json new file mode 100644 index 0000000000..0d2cea8e81 --- /dev/null +++ b/src/resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json @@ -0,0 +1,34 @@ +{ + "name": "d3584a79-4f0d-5980-aa3c-7a76ba783b76", + "type": "Microsoft.Authorization/roleDefinitions", + "apiVersion": "2022-04-01", + "properties": { + "roleName": "Security-Operations", + "description": "Security Administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy.", + "type": "customRole", + "permissions": [ + { + "actions": [ + "*/read", + "*/register/action", + "Microsoft.KeyVault/locations/deletedVaults/purge/action", + "Microsoft.PolicyInsights/*", + "Microsoft.Authorization/policyAssignments/*", + "Microsoft.Authorization/policyDefinitions/*", + "Microsoft.Authorization/policyExemptions/*", + "Microsoft.Authorization/policySetDefinitions/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Security/*", + "Microsoft.Support/*" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "assignableScopes": [ + "/providers/Microsoft.Management/managementGroups/contoso" + ] + } +} \ No newline at end of file diff --git a/src/resources/Microsoft.Authorization/roleDefinitions/Subscription-Owner.json b/src/resources/Microsoft.Authorization/roleDefinitions/Subscription-Owner.json new file mode 100644 index 0000000000..011caff0fd --- /dev/null +++ b/src/resources/Microsoft.Authorization/roleDefinitions/Subscription-Owner.json @@ -0,0 +1,29 @@ +{ + "name": "402344ce-48c4-5ac1-9320-16726050f964", + "type": "Microsoft.Authorization/roleDefinitions", + "apiVersion": "2022-04-01", + "properties": { + "roleName": "Subscription-Owner", + "description": "Delegated role for subscription owner generated from subscription Owner role", + "type": "customRole", + "permissions": [ + { + "actions": [ + "*" + ], + "notActions": [ + "Microsoft.Authorization/*/write", + "Microsoft.Network/vpnGateways/*", + "Microsoft.Network/expressRouteCircuits/*", + "Microsoft.Network/routeTables/write", + "Microsoft.Network/vpnSites/*" + ], + "dataActions": [], + "notDataActions": [] + } + ], + "assignableScopes": [ + "/providers/Microsoft.Management/managementGroups/contoso" + ] + } +} \ No newline at end of file diff --git a/src/templates/roles.bicep b/src/templates/roles.bicep new file mode 100644 index 0000000000..43949f4699 --- /dev/null +++ b/src/templates/roles.bicep @@ -0,0 +1,43 @@ +targetScope = 'managementGroup' + +// Extract the environment name to dynamically determine which policies to deploy. +var cloudEnv = environment().name + +// The following var contains lists of files containing Role Definition resources to load, grouped by compatibility with Cloud. +var loadRoleDefinitions = { + All: [ + loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Application-Owners.json') + loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Network-Management.json') + loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json') + loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Subscription-Owner.json') + ] + AzureCloud: [] + AzureChinaCloud: [] + AzureUSGovernment: [] +} + +// The following var is used to compile the required Role Definitions into a single object +var roleDefinitionsByCloudType = { + All: loadRoleDefinitions.All + AzureCloud: loadRoleDefinitions.AzureCloud + AzureChinaCloud: loadRoleDefinitions.AzureChinaCloud + AzureUSGovernment: loadRoleDefinitions.AzureUSGovernment +} + +// The following var is used to extract the Role Definitions into a single list for deployment +// This will contain all Role Definitions classified as available for All cloud environments, and those for the current cloud environment +var roleDefinitions = concat(roleDefinitionsByCloudType.All, roleDefinitionsByCloudType[cloudEnv]) + +// Create the Role Definitions as needed for the target cloud environment +resource RoleDefinitions 'Microsoft.Authorization/roleDefinitions@2022-04-01' = [for role in roleDefinitions: { + name: guid(role.properties.roleName, managementGroup().name) + properties: { + roleName: '[${managementGroup().name}] ${role.properties.roleName}' + description: role.properties.description + type: role.properties.type + permissions: role.properties.permissions + assignableScopes: [ + managementGroup().id + ] + } +}] From 3bb0a9443d3febc27c371ab89167c8eddea3ab6f Mon Sep 17 00:00:00 2001 From: Luis Alfonso Chaves Date: Mon, 19 Dec 2022 15:25:44 -0600 Subject: [PATCH 02/12] Removed Activity Log Solution in LAW (#1151) --- .../auxiliary/logAnalyticsSolutions.json | 28 - .../treyresearch/armTemplates/es-lite.json | 13 +- .../treyresearch/armTemplates/es-portal.json | 2431 ++++++++--------- .../armTemplates/portal-es-lite.json | 71 +- docs/wiki/ALZ-Deprecated-Services.md | 11 +- docs/wiki/Deploying-ALZ-BasicSetup.md | 1 - docs/wiki/Whats-new.md | 4 + eslzArm/eslz-portal.json | 23 +- eslzArm/eslzArm.json | 18 +- eslzArm/eslzArm.test.param.json | 5 +- eslzArm/fairfaxeslz-portal.json | 21 - .../logAnalyticsSolutions.json | 32 - 12 files changed, 1245 insertions(+), 1413 deletions(-) diff --git a/docs/reference/treyresearch/armTemplates/auxiliary/logAnalyticsSolutions.json b/docs/reference/treyresearch/armTemplates/auxiliary/logAnalyticsSolutions.json index 22fa5baa14..1566161abb 100644 --- a/docs/reference/treyresearch/armTemplates/auxiliary/logAnalyticsSolutions.json +++ b/docs/reference/treyresearch/armTemplates/auxiliary/logAnalyticsSolutions.json @@ -48,14 +48,6 @@ ], "defaultValue": "Yes" }, - "enableActivityLog": { - "type": "string", - "allowedValues": [ - "Yes", - "No" - ], - "defaultValue": "Yes" - }, "enableAntiMalware": { "type": "string", "allowedValues": [ @@ -108,10 +100,6 @@ "name": "[concat('Updates', '(', parameters('workspaceName'), ')')]", "marketplaceName": "Updates" }, - "azureActivity": { - "name": "[concat('AzureActivity', '(', parameters('workspaceName'), ')')]", - "marketplaceName": "AzureActivity" - }, "sqlAssessment": { "name": "[concat('SQLAssessment', '(', parameters('workspaceName'), ')')]", "marketplaceName": "SQLAssessment" @@ -180,22 +168,6 @@ "publisher": "Microsoft" } }, - { - "condition": "[equals(parameters('enableActivityLog'), 'Yes')]", - "apiVersion": "2015-11-01-preview", - "type": "Microsoft.OperationsManagement/solutions", - "name": "[variables('solutions').azureActivity.name]", - "location": "[parameters('workspaceRegion')]", - "properties": { - "workspaceResourceId": "[variables('laResourceId')]" - }, - "plan": { - "name": "[variables('solutions').azureActivity.name]", - "product": "[concat('OMSGallery/', variables('solutions').azureActivity.marketplaceName)]", - "promotionCode": "", - "publisher": "Microsoft" - } - }, { "condition": "[equals(parameters('enableChangeTracking'), 'Yes')]", "apiVersion": "2015-11-01-preview", diff --git a/docs/reference/treyresearch/armTemplates/es-lite.json b/docs/reference/treyresearch/armTemplates/es-lite.json index db561b3982..4a197ab0d9 100644 --- a/docs/reference/treyresearch/armTemplates/es-lite.json +++ b/docs/reference/treyresearch/armTemplates/es-lite.json @@ -170,14 +170,6 @@ ], "defaultValue": "Yes" }, - "enableActivityLog": { - "type": "string", - "allowedValues": [ - "Yes", - "No" - ], - "defaultValue": "Yes" - }, "enableAntiMalware": { "type": "string", "allowedValues": [ @@ -559,7 +551,7 @@ } }, { - "condition": "[and(not(empty(parameters('platformSubscriptionId'))), or(or(or(or(or(equals(parameters('enableSecuritySolution'), 'Yes'), equals(parameters('enableAgentHealth'), 'Yes')), equals(parameters('enableChangeTracking'), 'Yes')), equals(parameters('enableUpdateMgmt'), 'Yes'), equals(parameters('enableActivityLog'), 'Yes')), equals(parameters('enableAntiMalware'), 'Yes'), equals(parameters('enableVmInsights'), 'Yes')), equals(parameters('enableServiceMap'), 'Yes'), equals(parameters('enableSqlAssessment'), 'Yes')))]", + "condition": "[and(not(empty(parameters('platformSubscriptionId'))), or(or(or(or(equals(parameters('enableSecuritySolution'), 'Yes'), equals(parameters('enableAgentHealth'), 'Yes')), equals(parameters('enableChangeTracking'), 'Yes')), equals(parameters('enableUpdateMgmt'), 'Yes')), equals(parameters('enableAntiMalware'), 'Yes'), equals(parameters('enableVmInsights'), 'Yes')), equals(parameters('enableServiceMap'), 'Yes'), equals(parameters('enableSqlAssessment'), 'Yes'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2019-05-01", "subscriptionId": "[parameters('platformSubscriptionId')]", @@ -593,9 +585,6 @@ "enableUpdateMgmt": { "value": "[parameters('enableUpdateMgmt')]" }, - "enableActivityLog": { - "value": "[parameters('enableActivityLog')]" - }, "enableAntiMalware": { "value": "[parameters('enableAntiMalware')]" }, diff --git a/docs/reference/treyresearch/armTemplates/es-portal.json b/docs/reference/treyresearch/armTemplates/es-portal.json index c2305b1cc2..eb35638fa7 100644 --- a/docs/reference/treyresearch/armTemplates/es-portal.json +++ b/docs/reference/treyresearch/armTemplates/es-portal.json @@ -15,1277 +15,1256 @@ } ] }, - { - "name": "lzSettings", - "label": "Enterprise-Scale company prefix", - "subLabel": { - "preValidation": "Provide a company prefix for the management group structure that will be created.", - "postValidation": "Done" - }, - "bladeTitle": "Company prefix", - "elements": [ - { - "name": "infoBox0", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "icon": "Info", - "text": "Enterprise-Scale ARM deployment requires access at the tenant root (/) scope. Visit this link to ensure you have the appropriate RBAC permission to complete the deployment", - "uri": "https://docs.microsoft.com/azure/role-based-access-control/elevate-access-global-admin" - } + { + "name": "lzSettings", + "label": "Enterprise-Scale company prefix", + "subLabel": { + "preValidation": "Provide a company prefix for the management group structure that will be created.", + "postValidation": "Done" }, - { - "name": "textBlock0", - "type": "Microsoft.Common.TextBlock", - "visible": true, - "options": { - "text": "Enterprise-Scale will create the management group hierarchy under the Tenant Root Group with the prefix provided at this step.", - "link": { - "label": "Learn more", - "uri": "https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/management-group-and-subscription-organization" + "bladeTitle": "Company prefix", + "elements": [ + { + "name": "infoBox0", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "icon": "Info", + "text": "Enterprise-Scale ARM deployment requires access at the tenant root (/) scope. Visit this link to ensure you have the appropriate RBAC permission to complete the deployment", + "uri": "https://docs.microsoft.com/azure/role-based-access-control/elevate-access-global-admin" + } + }, + { + "name": "textBlock0", + "type": "Microsoft.Common.TextBlock", + "visible": true, + "options": { + "text": "Enterprise-Scale will create the management group hierarchy under the Tenant Root Group with the prefix provided at this step.", + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/management-group-and-subscription-organization" + } + } + }, + { + "name": "esMgmtGroup", + "type": "Microsoft.Common.TextBox", + "label": "Management Group prefix", + "toolTip": "Provide a prefix (max 10 characters, unique at tenant-scope) for the Management Group hierarchy and other resources created as part of Enterprise-scale.", + "defaultValue": "", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,10}$", + "validationMessage": "The prefix must be 1-10 characters." } } - }, - { - "name": "esMgmtGroup", - "type": "Microsoft.Common.TextBox", - "label": "Management Group prefix", - "toolTip": "Provide a prefix (max 10 characters, unique at tenant-scope) for the Management Group hierarchy and other resources created as part of Enterprise-scale.", - "defaultValue": "", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,10}$", - "validationMessage": "The prefix must be 1-10 characters." - } - } - ] - }, - { - "name": "esGoalState", - "label": "Platform configuration", - "subLabel": { - "preValidation": "Select 'Yes' if goal state should be enforced during deployment. Select 'No' if you want to do it post deployment using Azure Policy.", - "postValidation": "Done" + ] }, - "bladeTitle": "lzGs", - "elements": [ - { - "name": "infoBox1", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "icon": "Info", - "text": "To enable platform management, security and governance, you must allocate a platform Subscription. Please note, this Subscription will be moved to the platform Management Group, and ARM will deploy the requisite settings. We recommend using a new Subscription with no existing resources.", - "uri": "https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/Readme.md" - } + { + "name": "esGoalState", + "label": "Platform configuration", + "subLabel": { + "preValidation": "Select 'Yes' if goal state should be enforced during deployment. Select 'No' if you want to do it post deployment using Azure Policy.", + "postValidation": "Done" }, - { - "name": "esLogAnalytics", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Log Analytics workspace.", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continuous compliance.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + "bladeTitle": "lzGs", + "elements": [ + { + "name": "infoBox1", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "icon": "Info", + "text": "To enable platform management, security and governance, you must allocate a platform Subscription. Please note, this Subscription will be moved to the platform Management Group, and ARM will deploy the requisite settings. We recommend using a new Subscription with no existing resources.", + "uri": "https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/Readme.md" + } }, - "visible": true - }, - { - "name": "esLogRetention", - "type": "Microsoft.Common.Slider", - "min": 30, - "max": 730, - "label": "Log Analytics Data Retention (days)", - "subLabel": "Days", - "defaultValue": 30, - "showStepMarkers": false, - "toolTip": "Select retention days for Azure logs. Default is 30 days.", - "constraints": { - "required": false + { + "name": "esLogAnalytics", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Log Analytics workspace.", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continuous compliance.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "mgmtSubsApi", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "subscriptions?api-version=2020-01-01" - } - }, - { - "name": "esMgmtSub", - "type": "Microsoft.Common.DropDown", - "label": "Platform subscription (required)", - "toolTip": "", - "multiselect": false, - "selectAll": true, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]", - "constraints": { - "allowedValues": "[map(steps('esGoalState').mgmtSubsApi.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", - "required": true - } - }, - { - "name": "textBlock1", - "type": "Microsoft.Common.TextBlock", - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]", - "options": { - "text": "Select which Azure Monitor solutions you will enable for your Log Analytics workspace", - "link": { - "label": "Learn more", - "uri": "https://docs.microsoft.com/azure/azure-monitor/insights/solutions" + { + "name": "esLogRetention", + "type": "Microsoft.Common.Slider", + "min": 30, + "max": 730, + "label": "Log Analytics Data Retention (days)", + "subLabel": "Days", + "defaultValue": 30, + "showStepMarkers": false, + "toolTip": "Select retention days for Azure logs. Default is 30 days.", + "constraints": { + "required": false + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + }, + { + "name": "mgmtSubsApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "subscriptions?api-version=2020-01-01" } - } - }, - { - "name": "esAgentSolution", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Agent Health solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "esChangeTracking", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Change Tracking solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "esMgmtSub", + "type": "Microsoft.Common.DropDown", + "label": "Platform subscription (required)", + "toolTip": "", + "multiselect": false, + "selectAll": true, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]", + "constraints": { + "allowedValues": "[map(steps('esGoalState').mgmtSubsApi.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "required": true + } }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "esUpdateMgmt", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Update Management solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + { + "name": "textBlock1", + "type": "Microsoft.Common.TextBlock", + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]", + "options": { + "text": "Select which Azure Monitor solutions you will enable for your Log Analytics workspace", + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/azure-monitor/insights/solutions" } - ] + } }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "esActivityLog", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Activity Log solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "esAgentSolution", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Agent Health solution", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "esVmInsights", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy VM Insights solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "esChangeTracking", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Change Tracking solution", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "esAntiMalware", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Antimalware solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "esUpdateMgmt", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Update Management solution", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "esServiceMap", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Service Map solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "esVmInsights", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy VM Insights solution", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "esSqlAssessment", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy SQL Assessment solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "esAntiMalware", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Antimalware solution", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "textBlock0", - "type": "Microsoft.Common.TextBlock", - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]", - "options": { - "text": "Select which Azure Security solutions you will enable.", - "link": { - "label": "Learn more", - "uri": "https://docs.microsoft.com/azure/security/fundamentals/overview" - } - } - }, - { - "name": "esAsc", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Azure Security Center and enable security monitoring for your platform and resources", - "defaultValue": "Yes, Azure Defender On (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes, Azure Defender On (recommended)", - "value": "Standard" - }, - { - "label": "Yes, Azure Defender Off", - "value": "Free" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "esServiceMap", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Service Map solution", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "esAscEmail", - "type": "Microsoft.Common.TextBox", - "label": "Azure Security Center Email Contact", - "toolTip": "Email address to get email notifications from Azure Security Center", - "visible": "[or(equals(steps('esGoalState').esAsc,'Standard'),equals(steps('esGoalState').esAsc,'Free'))]", - "defaultValue": "", - "constraints": { - "required": "[equals(steps('esGoalState').esAsc,'Yes')]", - "regex": "^[\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4}$", - "validationMessage": "Please provide a valid email address" - } - }, - { - "name": "esSecuritySolution", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Azure Sentinel", - "defaultValue": "No", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "esSqlAssessment", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy SQL Assessment solution", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - } - ] - }, - { - "name": "esConnectivityGoalState", - "label": "Connectivity (Hub & Spoke)", - "subLabel": { - "preValidation": "Select 'Yes' if goal state should be enforced during deployment. Select 'No' if you want to do it post deployment using Azure Policy.", - "postValidation": "Done" - }, - "bladeTitle": "lzGs", - "elements": [ - { - "name": "infoBox1", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "icon": "Info", - "text": "Enterprise Scale allows you to enable hybrid connectivity with on premises using Hub & Spoke topology. Please note, all connectivity components required will be deployed to the Platform Subscription.", - "uri": "https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/Readme.md" - } - }, - { - "name": "esHub", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy virtual hub", - "defaultValue": "Yes", - "toolTip": "If 'Yes' is selected, ARM will deploy a virtual network for hub", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + { + "name": "textBlock0", + "type": "Microsoft.Common.TextBlock", + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]", + "options": { + "text": "Select which Azure Security solutions you will enable.", + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/security/fundamentals/overview" } - ] + } }, - "visible": true - }, - { - "name": "nwSubsApi", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "subscriptions?api-version=2020-01-01" - } - }, - { - "name": "esConnectivitySub", - "type": "Microsoft.Common.DropDown", - "label": "Platform subscription (required)", - "toolTip": "You did not provided a Platform Subscription yet. You must allocate one now. Please note, this Subscription will be moved to the platform Management Group, and ARM will deploy the first networking hub and requisite settings. We recommend using a new Subscription with no existing resources.", - "multiselect": false, - "selectAll": true, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "defaultValue": "[if(not(empty(steps('esGoalState').esMgmtSub)),steps('esGoalState').esMgmtSub,'')]", - "visible": "[and(equals(steps('esConnectivityGoalState').esHub,'Yes'),empty(steps('esGoalState').esMgmtSub))]", - "constraints": { - "allowedValues": "[map(steps('esConnectivityGoalState').nwSubsApi.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", - "required": "[and(equals(steps('esConnectivityGoalState').esHub,'Yes'),empty(steps('esGoalState').esMgmtSub))]" - } - }, - { - "name": "esAddressHub", - "type": "Microsoft.Common.TextBox", - "label": "Address space (required for virtual network hub)", - "toolTip": "Provide address prefix in CIDR notation (e.g 10.100.0.0/16)", - "defaultValue": "10.100.0.0/16", - "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]", - "constraints": { - "required": true, - "validationMessage": "The virtual hubs network's address space, specified as one address prefixes in CIDR notation (e.g. 192.168.1.0/24)" - } - }, - { - "name": "esLocationsApi", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "locations?api-version=2019-11-01" - } - }, - { - "name": "esNwLocation", - "type": "Microsoft.Common.DropDown", - "label": "Region for the first virtual network hub", - "filter": true, - "toolTip": "Select the target region for you connectivity deployment (requires you to provide a subscriptionId for connectivity)", - "constraints": { - "allowedValues": "[map(steps('esConnectivityGoalState').esLocationsApi.value, (item) => parse(concat('{\"label\":\"', item.displayName, '\",\"value\":\"', item.name, '\"}')))]", - "required": true + { + "name": "esAsc", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Azure Security Center and enable security monitoring for your platform and resources", + "defaultValue": "Yes, Azure Defender On (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes, Azure Defender On (recommended)", + "value": "Standard" + }, + { + "label": "Yes, Azure Defender Off", + "value": "Free" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, - "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]" - }, - { - "name": "esDdoS", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable DDoS Protection Standard", - "defaultValue": "No", - "visible": "[equals(steps('esConnectivityGoalState').esHub,'Yes')]", - "toolTip": "If 'Yes' is selected when also adding a connectivity subscription, DDoS Protection Standard will be enabled.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] - } - }, - { - "name": "textBlock0", - "type": "Microsoft.Common.TextBlock", - "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]", - "options": { - "text": "To know more about Azure DDos protection pricing.", - "link": { - "label": "Azure DDoS Pricing", - "uri": "https://azure.microsoft.com/en-us/pricing/details/ddos-protection/" + { + "name": "esAscEmail", + "type": "Microsoft.Common.TextBox", + "label": "Azure Security Center Email Contact", + "toolTip": "Email address to get email notifications from Azure Security Center", + "visible": "[or(equals(steps('esGoalState').esAsc,'Standard'),equals(steps('esGoalState').esAsc,'Free'))]", + "defaultValue": "", + "constraints": { + "required": "[equals(steps('esGoalState').esAsc,'Yes')]", + "regex": "^[\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4}$", + "validationMessage": "Please provide a valid email address" } + }, + { + "name": "esSecuritySolution", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Azure Sentinel", + "defaultValue": "No", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" } - }, - { - "name": "esVpnGw", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy VPN Gateway", - "defaultValue": "Yes", - "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]", - "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy VPN gateway", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] - } - }, - { - "name": "esVpnGwType", - "type": "Microsoft.Common.OptionsGroup", - "label": "Select VPN type", - "defaultValue": "Route Based (Recommended)", - "visible": "[equals(steps('esConnectivityGoalState').esVpnGw, 'Yes')]", - "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy VPN gateway. Select whether it should be policy or route based.", - "constraints": { - "allowedValues": [ - { - "label": "Route Based (Recommended)", - "value": "RouteBased" - }, - { - "label": "Policy Based", - "value": "PolicyBased" - } - ] - } - }, - { - "name": "esGwRegionalOrAz", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy zone redundant or regional VPN Gateway", - "defaultValue": "Zone redundant (recommended)", - "visible": "[and(equals(steps('esConnectivityGoalState').esVpnGw,'Yes'),or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", - "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Virtual Gateway to the selected region and availability zones.", - "constraints": { - "allowedValues": [ - { - "label": "Zone redundant (recommended)", - "value": "Zone" - }, - { - "label": "Regional", - "value": "Regional" - } - ] - } - }, - { - "name": "esGwNoAzSku", - "type": "Microsoft.Common.DropDown", - "label": "Select the VPN Gateway SKU", - "defaultValue": "", - "multiselect": false, - "selectAll": false, - "filter": false, - "multiLine": true, - "visible": "[and(equals(steps('esConnectivityGoalState').esVpnGw,'Yes'), not(or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast'))))]", - "toolTip": "Select the required SKU for the VPN gateway.", - "constraints": { - "allowedValues": [ - { - "label": "VpnGw2", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", - "value": "VpnGw2" - }, - { - "label": "VpnGw3", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", - "value": "VpnGw3" - }, - { - "label": "VpnGw4", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", - "value": "VpnGw4" - }, - { - "label": "VpnGw5", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", - "value": "VpnGw5" - } - ] - } - }, - { - "name": "esGwAzSku", - "type": "Microsoft.Common.DropDown", - "label": "Select the VPN Gateway SKU", - "defaultValue": "", - "multiselect": false, - "selectAll": false, - "filter": false, - "multiLine": true, - "visible": "[and(equals(steps('esConnectivityGoalState').esVpnGw,'Yes'), equals(steps('esConnectivityGoalState').esGwRegionalOrAz, 'Zone') ,or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", - "toolTip": "Select the required SKU for the VPN gateway.", - "constraints": { - "allowedValues": [ - { - "label": "VpnGw2AZ", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", - "value": "VpnGw2AZ" - }, - { - "label": "VpnGw3AZ", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", - "value": "VpnGw3AZ" - }, - { - "label": "VpnGw4AZ", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", - "value": "VpnGw4AZ" - }, - { - "label": "VpnGw5AZ", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", - "value": "VpnGw5AZ" - } - ] - } - }, - { - "name": "esGwRegionalSku", - "type": "Microsoft.Common.DropDown", - "label": "Select the VPN Gateway SKU", - "defaultValue": "", - "multiselect": false, - "selectAll": false, - "filter": false, - "multiLine": true, - "visible": "[and(equals(steps('esConnectivityGoalState').esVpnGw,'Yes'), equals(steps('esConnectivityGoalState').esGwRegionalOrAz, 'Regional') ,or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", - "toolTip": "Select the required SKU for the VPN gateway.", - "constraints": { - "allowedValues": [ - { - "label": "VpnGw2", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", - "value": "VpnGw2" - }, - { - "label": "VpnGw3", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", - "value": "VpnGw3" - }, - { - "label": "VpnGw4", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", - "value": "VpnGw4" - }, - { - "label": "VpnGw5", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", - "value": "VpnGw5" - } - ] - } - }, - { - "name": "esAddressVpnOrEr", - "type": "Microsoft.Common.TextBox", - "label": "Subnet for VPN/Express route", - "toolTip": "Provide address prefix in CIDR notation (e.g 10.100.1.0/24)", - "defaultValue": "10.100.1.0/24", - "visible": "[or(equals(steps('esConnectivityGoalState').esErGw, 'Yes'), equals(steps('esConnectivityGoalState').esVpnGw, 'Yes'))]", - "constraints": { - "required": true, - "validationMessage": "The subnet network's address space, specified as one address prefixes in CIDR notation (e.g. 192.168.1.0/24)" - } - }, - { - "name": "esErGw", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy ExpressRoute Gateway", - "defaultValue": "No", - "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]", - "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Express Route gateway", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] - } - }, - { - "name": "esErRegionalOrAz", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy zone redundant or regional ExpressRoute Gateway", - "defaultValue": "Zone redundant (recommended)", - "visible": "[and(equals(steps('esConnectivityGoalState').esErGw,'Yes'),or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", - "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Express Route Gateway to the selected region and availability zones.", - "constraints": { - "allowedValues": [ - { - "label": "Zone redundant (recommended)", - "value": "Zone" - }, - { - "label": "Regional", - "value": "Regional" - } - ] - } - }, - { - "name": "esErAzSku", - "type": "Microsoft.Common.DropDown", - "label": "Select the ExpressRoute Gateway SKU", - "defaultValue": "", - "multiselect": false, - "selectAll": false, - "filter": false, - "multiLine": true, - "visible": "[and(equals(steps('esConnectivityGoalState').esErGw,'Yes'), equals(steps('esConnectivityGoalState').esErRegionalOrAz, 'Zone'), or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", - "toolTip": "Select the required SKU for the Express Route gateway.", - "constraints": { - "allowedValues": [ - { - "label": "ErGw1AZ", - "description": "Megabits per second 1000, packets per second 100,000, connections per second 7000, max number of cicuit connections is 4", - "value": "ErGw1AZ" - }, - { - "label": "ErGw2AZ", - "description": "Megabits per second 2000, packets per second 250,000, connections per second 14000, max number of cicuit connections is 8", - "value": "ErGw2AZ" - }, - { - "label": "ErGw3AZ", - "description": "Megabits per second 10,000, packets per second 1,000,000, connections per second 28,000, max number of cicuit connections is 16", - "value": "ErGw3AZ" - } - ] - } - }, - { - "name": "esErRegionalSku", - "type": "Microsoft.Common.DropDown", - "label": "Select the ExpressRoute Gateway SKU", - "defaultValue": "", - "multiselect": false, - "selectAll": false, - "filter": false, - "multiLine": true, - "visible": "[and(equals(steps('esConnectivityGoalState').esErGw,'Yes'), equals(steps('esConnectivityGoalState').esErRegionalOrAz, 'Regional'), or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", - "toolTip": "Select the required SKU for the Express Route gateway.", - "constraints": { - "allowedValues": [ - { - "label": "Standard", - "description": "Megabits per second 1000, packets per second 100,000, connections per second 7000, max number of cicuit connections is 4", - "value": "Standard" - }, - { - "label": "HighPerformance", - "description": "Megabits per second 2000, packets per second 250,000, connections per second 14000, max number of cicuit connections is 8", - "value": "HighPerformance" - }, - { - "label": "UltraPerformance", - "description": "Megabits per second 10,000, packets per second 1,000,000, connections per second 28,000, max number of cicuit connections is 16", - "value": "UltraPerformance" - } - ] - } - }, - { - "name": "esErNoAzSku", - "type": "Microsoft.Common.DropDown", - "label": "Select the ExpressRoute Gateway SKU", - "defaultValue": "", - "multiselect": false, - "selectAll": false, - "filter": false, - "multiLine": true, - "visible": "[and(equals(steps('esConnectivityGoalState').esErGw,'Yes'), not(or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast'))))]", - "toolTip": "Select the required SKU for the Express Route gateway.", - "constraints": { - "allowedValues": [ - { - "label": "Standard", - "description": "Megabits per second 1000, packets per second 100,000, connections per second 7000, max number of cicuit connections is 4", - "value": "Standard" - }, - { - "label": "HighPerformance", - "description": "Megabits per second 2000, packets per second 250,000, connections per second 14000, max number of cicuit connections is 8", - "value": "HighPerformance" - }, - { - "label": "UltraPerformance", - "description": "Megabits per second 10,000, packets per second 1,000,000, connections per second 28,000, max number of cicuit connections is 16", - "value": "UltraPerformance" - } - ] - } - }, - { - "name": "esAzFw", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Azure Firewall", - "defaultValue": "No", - "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]", - "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Azure Firewall", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] - } - }, - { - "name": "esAzFwDns", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable Azure Firewall as a DNS proxy", - "defaultValue": "No", - "visible": "[equals(steps('esConnectivityGoalState').esAzFw,'Yes')]", - "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will enable Azure Firewall as a DNS Proxy.", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] - } - }, - { - "name": "esFwAz", - "type": "Microsoft.Common.DropDown", - "label": "Select Availability Zones for the Azure Firewall", - "defaultValue": "None", - "multiselect": true, - "selectAll": true, - "filter": true, - "visible": "[and(equals(steps('esConnectivityGoalState').esAzFw,'Yes'),or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", - "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Azure Firewall to the selected region and availability zones.", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "Zone 1", - "value": "1" - }, - { - "label": "Zone 2", - "value": "2" - }, - { - "label": "Zone 3", - "value": "3" - } - ] - } - }, - { - "name": "esAddressFw", - "type": "Microsoft.Common.TextBox", - "label": "Subnet for Azure Firewall", - "toolTip": "Provide address prefix in CIDR notation (e.g 10.100.0.0/24)", - "defaultValue": "10.100.0.0/24", - "visible": "[equals(steps('esConnectivityGoalState').esAzFw, 'Yes')]", - "constraints": { - "required": true, - "validationMessage": "The subnet network's address space, specified as one address prefixes in CIDR notation (e.g. 192.168.1.0/24)" - } - } - ] - }, - { - "name": "lzGoalState", - "label": "Landing zone configuration", - "subLabel": { - "preValidation": "", - "postValidation": "" + ] }, - "bladeTitle": "lzGs", - "elements": [ - { - "name": "infoBox1", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "icon": "Info", - "text": "You can optionally provide subscriptions for your first 'Online' and 'Corp' landing zones and assign recommended policies that will ensure workloads will be secure, monitored, and protected according to best practices.", - "uri": "https://github.com/Azure/Enterprise-Scale/blob/main/docs/Deploy/ES-schema.md" - } + { + "name": "esConnectivityGoalState", + "label": "Connectivity (Hub & Spoke)", + "subLabel": { + "preValidation": "Select 'Yes' if goal state should be enforced during deployment. Select 'No' if you want to do it post deployment using Azure Policy.", + "postValidation": "Done" }, - { - "name": "onlineText", - "type": "Microsoft.Common.TextBlock", - "visible": true, - "options": { - "text": "Select the subscriptions you want to use to host your Online landing zones.", - "link": { - "label": "Learn more", - "uri": "https://docs.microsoft.com/azure/azure-monitor/insights/solutions" + "bladeTitle": "lzGs", + "elements": [ + { + "name": "infoBox1", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "icon": "Info", + "text": "Enterprise Scale allows you to enable hybrid connectivity with on premises using Hub & Spoke topology. Please note, all connectivity components required will be deployed to the Platform Subscription.", + "uri": "https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/Readme.md" } - } - }, - { - "name": "lzOnlineSubsApi", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "subscriptions?api-version=2020-01-01" - } - }, - { - "name": "esOnlineLzSub", - "type": "Microsoft.Common.DropDown", - "label": "Online landing zone subscriptions (optional)", - "toolTip": "", - "multiselect": true, - "selectAll": true, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "visible": true, - "constraints": { - "allowedValues": "[map(steps('lzGoalState').lzOnlineSubsApi.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", - "required": false - } - }, - { - "name": "corpText", - "type": "Microsoft.Common.TextBlock", - "visible": true, - "options": { - "text": "Select the subscriptions you want to use to host your Corp landing zones.", - "link": { - "label": "Learn more", - "uri": "https://docs.microsoft.com/azure/azure-monitor/insights/solutions" + }, + { + "name": "esHub", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy virtual hub", + "defaultValue": "Yes", + "toolTip": "If 'Yes' is selected, ARM will deploy a virtual network for hub", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "nwSubsApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "subscriptions?api-version=2020-01-01" } - } - }, - { - "name": "lzCorpSubsApi", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "subscriptions?api-version=2020-01-01" - } - }, - { - "name": "esCorpLzSub", - "type": "Microsoft.Common.DropDown", - "label": "Corp landing zone subscriptions (optional)", - "toolTip": "", - "multiselect": true, - "selectAll": true, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "visible": true, - "constraints": { - "allowedValues": "[map(steps('lzGoalState').lzCorpSubsApi.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", - "required": false - } - }, - { - "name": "azMonText", - "type": "Microsoft.Common.TextBlock", - "visible": true, - "options": { - "text": "Select which of the the recommended policies you will assign to all your landing zones. That includes Online, Corp and additional Landing Zone's types you may add in the future.", - "link": { - "label": "Learn more", - "uri": "https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles#policy-driven-governance" + }, + { + "name": "esConnectivitySub", + "type": "Microsoft.Common.DropDown", + "label": "Platform subscription (required)", + "toolTip": "You did not provided a Platform Subscription yet. You must allocate one now. Please note, this Subscription will be moved to the platform Management Group, and ARM will deploy the first networking hub and requisite settings. We recommend using a new Subscription with no existing resources.", + "multiselect": false, + "selectAll": true, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "defaultValue": "[if(not(empty(steps('esGoalState').esMgmtSub)),steps('esGoalState').esMgmtSub,'')]", + "visible": "[and(equals(steps('esConnectivityGoalState').esHub,'Yes'),empty(steps('esGoalState').esMgmtSub))]", + "constraints": { + "allowedValues": "[map(steps('esConnectivityGoalState').nwSubsApi.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "required": "[and(equals(steps('esConnectivityGoalState').esHub,'Yes'),empty(steps('esGoalState').esMgmtSub))]" } - } - }, - { - "name": "esLzDdoS", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable DDoS Protection Standard", - "defaultValue": "No", - "visible": "[and(equals(steps('esConnectivityGoalState').esHub,'Yes'),equals(steps('esConnectivityGoalState').esDdoS,'Yes'))]", - "toolTip": "If 'Yes' is selected when also adding a connectivity subscription earlier, DDoS Protection Standard will be enabled.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] - } - }, - { - "name": "esLzPrivateLink", - "type": "Microsoft.Common.OptionsGroup", - "label": "Prevent usage of Public Endpoints for PaaS services in the corp connected landing zones", - "defaultValue": "Yes (recommended)", - "visible": true, - "toolTip": "If 'Yes' is selected then Azure Policy will prevent PaaS resources to use public endpoints.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + }, + { + "name": "esAddressHub", + "type": "Microsoft.Common.TextBox", + "label": "Address space (required for virtual network hub)", + "toolTip": "Provide address prefix in CIDR notation (e.g 10.100.0.0/16)", + "defaultValue": "10.100.0.0/16", + "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]", + "constraints": { + "required": true, + "validationMessage": "The virtual hubs network's address space, specified as one address prefixes in CIDR notation (e.g. 192.168.1.0/24)" + } + }, + { + "name": "esLocationsApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "locations?api-version=2019-11-01" + } + }, + { + "name": "esNwLocation", + "type": "Microsoft.Common.DropDown", + "label": "Region for the first virtual network hub", + "filter": true, + "toolTip": "Select the target region for you connectivity deployment (requires you to provide a subscriptionId for connectivity)", + "constraints": { + "allowedValues": "[map(steps('esConnectivityGoalState').esLocationsApi.value, (item) => parse(concat('{\"label\":\"', item.displayName, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]" + }, + { + "name": "esDdoS", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable DDoS Protection Standard", + "defaultValue": "No", + "visible": "[equals(steps('esConnectivityGoalState').esHub,'Yes')]", + "toolTip": "If 'Yes' is selected when also adding a connectivity subscription, DDoS Protection Standard will be enabled.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "textBlock0", + "type": "Microsoft.Common.TextBlock", + "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]", + "options": { + "text": "To know more about Azure DDos protection pricing.", + "link": { + "label": "Azure DDoS Pricing", + "uri": "https://azure.microsoft.com/en-us/pricing/details/ddos-protection/" } - ] + } + }, + { + "name": "esVpnGw", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy VPN Gateway", + "defaultValue": "Yes", + "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy VPN gateway", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "esVpnGwType", + "type": "Microsoft.Common.OptionsGroup", + "label": "Select VPN type", + "defaultValue": "Route Based (Recommended)", + "visible": "[equals(steps('esConnectivityGoalState').esVpnGw, 'Yes')]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy VPN gateway. Select whether it should be policy or route based.", + "constraints": { + "allowedValues": [ + { + "label": "Route Based (Recommended)", + "value": "RouteBased" + }, + { + "label": "Policy Based", + "value": "PolicyBased" + } + ] + } + }, + { + "name": "esGwRegionalOrAz", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy zone redundant or regional VPN Gateway", + "defaultValue": "Zone redundant (recommended)", + "visible": "[and(equals(steps('esConnectivityGoalState').esVpnGw,'Yes'),or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Virtual Gateway to the selected region and availability zones.", + "constraints": { + "allowedValues": [ + { + "label": "Zone redundant (recommended)", + "value": "Zone" + }, + { + "label": "Regional", + "value": "Regional" + } + ] + } + }, + { + "name": "esGwNoAzSku", + "type": "Microsoft.Common.DropDown", + "label": "Select the VPN Gateway SKU", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(equals(steps('esConnectivityGoalState').esVpnGw,'Yes'), not(or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast'))))]", + "toolTip": "Select the required SKU for the VPN gateway.", + "constraints": { + "allowedValues": [ + { + "label": "VpnGw2", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", + "value": "VpnGw2" + }, + { + "label": "VpnGw3", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", + "value": "VpnGw3" + }, + { + "label": "VpnGw4", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", + "value": "VpnGw4" + }, + { + "label": "VpnGw5", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", + "value": "VpnGw5" + } + ] + } + }, + { + "name": "esGwAzSku", + "type": "Microsoft.Common.DropDown", + "label": "Select the VPN Gateway SKU", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(equals(steps('esConnectivityGoalState').esVpnGw,'Yes'), equals(steps('esConnectivityGoalState').esGwRegionalOrAz, 'Zone') ,or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", + "toolTip": "Select the required SKU for the VPN gateway.", + "constraints": { + "allowedValues": [ + { + "label": "VpnGw2AZ", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", + "value": "VpnGw2AZ" + }, + { + "label": "VpnGw3AZ", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", + "value": "VpnGw3AZ" + }, + { + "label": "VpnGw4AZ", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", + "value": "VpnGw4AZ" + }, + { + "label": "VpnGw5AZ", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", + "value": "VpnGw5AZ" + } + ] + } + }, + { + "name": "esGwRegionalSku", + "type": "Microsoft.Common.DropDown", + "label": "Select the VPN Gateway SKU", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(equals(steps('esConnectivityGoalState').esVpnGw,'Yes'), equals(steps('esConnectivityGoalState').esGwRegionalOrAz, 'Regional') ,or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", + "toolTip": "Select the required SKU for the VPN gateway.", + "constraints": { + "allowedValues": [ + { + "label": "VpnGw2", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", + "value": "VpnGw2" + }, + { + "label": "VpnGw3", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", + "value": "VpnGw3" + }, + { + "label": "VpnGw4", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", + "value": "VpnGw4" + }, + { + "label": "VpnGw5", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", + "value": "VpnGw5" + } + ] + } + }, + { + "name": "esAddressVpnOrEr", + "type": "Microsoft.Common.TextBox", + "label": "Subnet for VPN/Express route", + "toolTip": "Provide address prefix in CIDR notation (e.g 10.100.1.0/24)", + "defaultValue": "10.100.1.0/24", + "visible": "[or(equals(steps('esConnectivityGoalState').esErGw, 'Yes'), equals(steps('esConnectivityGoalState').esVpnGw, 'Yes'))]", + "constraints": { + "required": true, + "validationMessage": "The subnet network's address space, specified as one address prefixes in CIDR notation (e.g. 192.168.1.0/24)" + } + }, + { + "name": "esErGw", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy ExpressRoute Gateway", + "defaultValue": "No", + "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Express Route gateway", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "esErRegionalOrAz", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy zone redundant or regional ExpressRoute Gateway", + "defaultValue": "Zone redundant (recommended)", + "visible": "[and(equals(steps('esConnectivityGoalState').esErGw,'Yes'),or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Express Route Gateway to the selected region and availability zones.", + "constraints": { + "allowedValues": [ + { + "label": "Zone redundant (recommended)", + "value": "Zone" + }, + { + "label": "Regional", + "value": "Regional" + } + ] + } + }, + { + "name": "esErAzSku", + "type": "Microsoft.Common.DropDown", + "label": "Select the ExpressRoute Gateway SKU", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(equals(steps('esConnectivityGoalState').esErGw,'Yes'), equals(steps('esConnectivityGoalState').esErRegionalOrAz, 'Zone'), or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", + "toolTip": "Select the required SKU for the Express Route gateway.", + "constraints": { + "allowedValues": [ + { + "label": "ErGw1AZ", + "description": "Megabits per second 1000, packets per second 100,000, connections per second 7000, max number of cicuit connections is 4", + "value": "ErGw1AZ" + }, + { + "label": "ErGw2AZ", + "description": "Megabits per second 2000, packets per second 250,000, connections per second 14000, max number of cicuit connections is 8", + "value": "ErGw2AZ" + }, + { + "label": "ErGw3AZ", + "description": "Megabits per second 10,000, packets per second 1,000,000, connections per second 28,000, max number of cicuit connections is 16", + "value": "ErGw3AZ" + } + ] + } + }, + { + "name": "esErRegionalSku", + "type": "Microsoft.Common.DropDown", + "label": "Select the ExpressRoute Gateway SKU", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(equals(steps('esConnectivityGoalState').esErGw,'Yes'), equals(steps('esConnectivityGoalState').esErRegionalOrAz, 'Regional'), or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", + "toolTip": "Select the required SKU for the Express Route gateway.", + "constraints": { + "allowedValues": [ + { + "label": "Standard", + "description": "Megabits per second 1000, packets per second 100,000, connections per second 7000, max number of cicuit connections is 4", + "value": "Standard" + }, + { + "label": "HighPerformance", + "description": "Megabits per second 2000, packets per second 250,000, connections per second 14000, max number of cicuit connections is 8", + "value": "HighPerformance" + }, + { + "label": "UltraPerformance", + "description": "Megabits per second 10,000, packets per second 1,000,000, connections per second 28,000, max number of cicuit connections is 16", + "value": "UltraPerformance" + } + ] + } + }, + { + "name": "esErNoAzSku", + "type": "Microsoft.Common.DropDown", + "label": "Select the ExpressRoute Gateway SKU", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(equals(steps('esConnectivityGoalState').esErGw,'Yes'), not(or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast'))))]", + "toolTip": "Select the required SKU for the Express Route gateway.", + "constraints": { + "allowedValues": [ + { + "label": "Standard", + "description": "Megabits per second 1000, packets per second 100,000, connections per second 7000, max number of cicuit connections is 4", + "value": "Standard" + }, + { + "label": "HighPerformance", + "description": "Megabits per second 2000, packets per second 250,000, connections per second 14000, max number of cicuit connections is 8", + "value": "HighPerformance" + }, + { + "label": "UltraPerformance", + "description": "Megabits per second 10,000, packets per second 1,000,000, connections per second 28,000, max number of cicuit connections is 16", + "value": "UltraPerformance" + } + ] + } + }, + { + "name": "esAzFw", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Azure Firewall", + "defaultValue": "No", + "visible": "[equals(steps('esConnectivityGoalState').esHub, 'Yes')]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Azure Firewall", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "esAzFwDns", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable Azure Firewall as a DNS proxy", + "defaultValue": "No", + "visible": "[equals(steps('esConnectivityGoalState').esAzFw,'Yes')]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will enable Azure Firewall as a DNS Proxy.", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "esFwAz", + "type": "Microsoft.Common.DropDown", + "label": "Select Availability Zones for the Azure Firewall", + "defaultValue": "None", + "multiselect": true, + "selectAll": true, + "filter": true, + "visible": "[and(equals(steps('esConnectivityGoalState').esAzFw,'Yes'),or(or(or(or(or(or(or(or(equals(steps('esConnectivityGoalState').esNwLocation,'canadacentral'),equals(steps('esConnectivityGoalState').esNwLocation,'centralus')),equals(steps('esConnectivityGoalState').esNwLocation,'eastus'),equals(steps('esConnectivityGoalState').esNwLocation,'eastus2')),equals(steps('esConnectivityGoalState').esNwLocation,'southcentralus'),equals(steps('esConnectivityGoalState').esNwLocation,'westus2')),equals(steps('esConnectivityGoalState').esNwLocation,'francecentral'),equals(steps('esConnectivityGoalState').esNwLocation,'germanywestcentral')),equals(steps('esConnectivityGoalState').esNwLocation,'northeurope'),equals(steps('esConnectivityGoalState').esNwLocation,'westeurope')),equals(steps('esConnectivityGoalState').esNwLocation,'uksouth'),equals(steps('esConnectivityGoalState').esNwLocation,'southafricanorth')),equals(steps('esConnectivityGoalState').esNwLocation,'japaneast'),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia')),equals(steps('esConnectivityGoalState').esNwLocation,'southeastasia'),equals(steps('esConnectivityGoalState').esNwLocation,'australiaeast')))]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Azure Firewall to the selected region and availability zones.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Zone 1", + "value": "1" + }, + { + "label": "Zone 2", + "value": "2" + }, + { + "label": "Zone 3", + "value": "3" + } + ] + } + }, + { + "name": "esAddressFw", + "type": "Microsoft.Common.TextBox", + "label": "Subnet for Azure Firewall", + "toolTip": "Provide address prefix in CIDR notation (e.g 10.100.0.0/24)", + "defaultValue": "10.100.0.0/24", + "visible": "[equals(steps('esConnectivityGoalState').esAzFw, 'Yes')]", + "constraints": { + "required": true, + "validationMessage": "The subnet network's address space, specified as one address prefixes in CIDR notation (e.g. 192.168.1.0/24)" + } } + ] + }, + { + "name": "lzGoalState", + "label": "Landing zone configuration", + "subLabel": { + "preValidation": "", + "postValidation": "" }, - { - "name": "esEncryptionInTransit", - "type": "Microsoft.Common.OptionsGroup", - "label": "Ensure encryption in transit is enabled for PaaS services", - "defaultValue": "Yes (recommended)", - "visible": true, - "toolTip": "If 'Yes' is selected then Azure Policy will ensure PaaS resources uses TLS and SSL.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] - } - }, - { - "name": "esVmMonitoring", - "type": "Microsoft.Common.OptionsGroup", - "label": "Ensure Azure VMs (Windows & Linux) are being monitored", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + "bladeTitle": "lzGs", + "elements": [ + { + "name": "infoBox1", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "icon": "Info", + "text": "You can optionally provide subscriptions for your first 'Online' and 'Corp' landing zones and assign recommended policies that will ensure workloads will be secure, monitored, and protected according to best practices.", + "uri": "https://github.com/Azure/Enterprise-Scale/blob/main/docs/Deploy/ES-schema.md" + } }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "esAzBackup", - "type": "Microsoft.Common.OptionsGroup", - "label": "Ensure Azure VMs (Windows & Linux) are enabled for Azure Backup", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Azure Policy will be assigned and enable Azure Backup on all VMs in the landing zones.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + { + "name": "onlineText", + "type": "Microsoft.Common.TextBlock", + "visible": true, + "options": { + "text": "Select the subscriptions you want to use to host your Online landing zones.", + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/azure-monitor/insights/solutions" } - ] + } }, - "visible": true - }, - { - "name": "esDenyRdp", - "type": "Microsoft.Common.OptionsGroup", - "label": "Prevent inbound RDP from internet", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Azure Policy will be assigned and prevent inbound RDP from internet", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "lzOnlineSubsApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "subscriptions?api-version=2020-01-01" + } }, - "visible": true - }, - { - "name": "esNsg", - "type": "Microsoft.Common.OptionsGroup", - "label": "Ensure subnets are associated with NSG", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Azure Policy will be assigned to ensure NSGs must be associated with subnets being created", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "esOnlineLzSub", + "type": "Microsoft.Common.DropDown", + "label": "Online landing zone subscriptions (optional)", + "toolTip": "", + "multiselect": true, + "selectAll": true, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "visible": true, + "constraints": { + "allowedValues": "[map(steps('lzGoalState').lzOnlineSubsApi.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "required": false + } }, - "visible": true - }, - { - "name": "esIpForwarding", - "type": "Microsoft.Common.OptionsGroup", - "label": "Prevent IP forwarding", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Azure Policy will be assigned and prevent IP forwarding", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + { + "name": "corpText", + "type": "Microsoft.Common.TextBlock", + "visible": true, + "options": { + "text": "Select the subscriptions you want to use to host your Corp landing zones.", + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/azure-monitor/insights/solutions" } - ] + } }, - "visible": true - }, - { - "name": "esSqlEncryption", - "type": "Microsoft.Common.OptionsGroup", - "label": "Ensure Azure SQL is enabled with transparent data encryption", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "lzCorpSubsApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "subscriptions?api-version=2020-01-01" + } }, - "visible": true - }, - { - "name": "esSqlAudit", - "type": "Microsoft.Common.OptionsGroup", - "label": "Ensure auditing is enabled on Azure SQL", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Azure Policy will be assigned to ensure auditing is enabled on Azure SQLs", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + { + "name": "esCorpLzSub", + "type": "Microsoft.Common.DropDown", + "label": "Corp landing zone subscriptions (optional)", + "toolTip": "", + "multiselect": true, + "selectAll": true, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "visible": true, + "constraints": { + "allowedValues": "[map(steps('lzGoalState').lzCorpSubsApi.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "required": false + } }, - "visible": true - }, - { - "name": "esHttpsStorage", - "type": "Microsoft.Common.OptionsGroup", - "label": "Ensure secure connections (HTTPS) to storage accounts", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Azure Policy will be assigned to ensure storage can only be accessed using HTTPS", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + { + "name": "azMonText", + "type": "Microsoft.Common.TextBlock", + "visible": true, + "options": { + "text": "Select which of the the recommended policies you will assign to all your landing zones. That includes Online, Corp and additional Landing Zone's types you may add in the future.", + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles#policy-driven-governance" } - ] + } + }, + { + "name": "esLzDdoS", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable DDoS Protection Standard", + "defaultValue": "No", + "visible": "[and(equals(steps('esConnectivityGoalState').esHub,'Yes'),equals(steps('esConnectivityGoalState').esDdoS,'Yes'))]", + "toolTip": "If 'Yes' is selected when also adding a connectivity subscription earlier, DDoS Protection Standard will be enabled.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "esLzPrivateLink", + "type": "Microsoft.Common.OptionsGroup", + "label": "Prevent usage of Public Endpoints for PaaS services in the corp connected landing zones", + "defaultValue": "Yes (recommended)", + "visible": true, + "toolTip": "If 'Yes' is selected then Azure Policy will prevent PaaS resources to use public endpoints.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "esEncryptionInTransit", + "type": "Microsoft.Common.OptionsGroup", + "label": "Ensure encryption in transit is enabled for PaaS services", + "defaultValue": "Yes (recommended)", + "visible": true, + "toolTip": "If 'Yes' is selected then Azure Policy will ensure PaaS resources uses TLS and SSL.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } }, - "visible": true - } - ] - } - ] - }, + { + "name": "esVmMonitoring", + "type": "Microsoft.Common.OptionsGroup", + "label": "Ensure Azure VMs (Windows & Linux) are being monitored", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + }, + { + "name": "esAzBackup", + "type": "Microsoft.Common.OptionsGroup", + "label": "Ensure Azure VMs (Windows & Linux) are enabled for Azure Backup", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected, Azure Policy will be assigned and enable Azure Backup on all VMs in the landing zones.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "esDenyRdp", + "type": "Microsoft.Common.OptionsGroup", + "label": "Prevent inbound RDP from internet", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected, Azure Policy will be assigned and prevent inbound RDP from internet", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "esNsg", + "type": "Microsoft.Common.OptionsGroup", + "label": "Ensure subnets are associated with NSG", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected, Azure Policy will be assigned to ensure NSGs must be associated with subnets being created", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "esIpForwarding", + "type": "Microsoft.Common.OptionsGroup", + "label": "Prevent IP forwarding", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected, Azure Policy will be assigned and prevent IP forwarding", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "esSqlEncryption", + "type": "Microsoft.Common.OptionsGroup", + "label": "Ensure Azure SQL is enabled with transparent data encryption", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "esSqlAudit", + "type": "Microsoft.Common.OptionsGroup", + "label": "Ensure auditing is enabled on Azure SQL", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected, Azure Policy will be assigned to ensure auditing is enabled on Azure SQLs", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "esHttpsStorage", + "type": "Microsoft.Common.OptionsGroup", + "label": "Ensure secure connections (HTTPS) to storage accounts", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected, Azure Policy will be assigned to ensure storage can only be accessed using HTTPS", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + } + ] + } + ] + }, "outputs": { "parameters": { - "enterpriseScaleCompanyPrefix": "[steps('lzSettings').esMgmtGroup]", - "platformSubscriptionId": "[if(not(empty(steps('esGoalState').esMgmtSub)), steps('esGoalState').esMgmtSub, if(not(empty(steps('esConnectivityGoalState').esConnectivitySub)), steps('esConnectivityGoalState').esConnectivitySub, ''))]", - "enableLogAnalytics": "[steps('esGoalState').esLogAnalytics]", - "retentionInDays": "[string(steps('esGoalState').esLogRetention)]", - "enableAgentHealth": "[steps('esGoalState').esAgentSolution]", - "enableChangeTracking": "[steps('esGoalState').esChangeTracking]", - "enableUpdateMgmt": "[steps('esGoalState').esUpdateMgmt]", - "enableActivityLog": "[steps('esGoalState').esActivityLog]", - "enableVmInsights": "[steps('esGoalState').esVmInsights]", - "enableAntiMalware": "[steps('esGoalState').esAntiMalware]", - "enableServiceMap": "[steps('esGoalState').esServiceMap]", - "enableSqlAssessment": "[steps('esGoalState').esSqlAssessment]", - "enableAsc": "[steps('esGoalState').esAsc]", - "emailContactAsc": "[steps('esGoalState').esAscEmail]", - "enableSecuritySolution": "[steps('esGoalState').esSecuritySolution]", - "location": "[steps('esConnectivityGoalState').esNwLocation]", - "vpnGwType": "[steps('esConnectivityGoalState').esVpnGwType]", - "subnetMaskForGw": "[steps('esConnectivityGoalState').esAddressVpnOrEr]", - "subnetMaskForAzFw": "[steps('esConnectivityGoalState').esAddressFw]", - "enableErGw": "[steps('esConnectivityGoalState').esErGw]", - "enableVpnGw": "[steps('esConnectivityGoalState').esVpnGw]", - "enableHub": "[steps('esConnectivityGoalState').esHub]", - "enableDdoS": "[steps('esConnectivityGoalState').esDdoS]", - "enableAzFw": "[steps('esConnectivityGoalState').esAzFw]", - "enableAzFwDnsProxy": "[steps('esConnectivityGoalState').esAzFwDns]", - "addressPrefix": "[steps('esConnectivityGoalState').esAddressHub]", - "enableLzDdoS": "[steps('lzGoalState').esLzDdoS]", - "denyPublicEndpoints": "[steps('lzGoalState').esLzPrivateLink]", - "enableEncryptionInTransit": "[steps('lzGoalState').esEncryptionInTransit]", - "onlineLzSubscriptionId": "[if(not(contains(steps('lzGoalState').esOnlineLzSub,if(not(empty(steps('esGoalState').esMgmtSub)), steps('esGoalState').esMgmtSub, if(not(empty(steps('esConnectivityGoalState').esConnectivitySub)), steps('esConnectivityGoalState').esConnectivitySub, '')))),steps('lzGoalState').esOnlineLzSub,'')]", - "corpLzSubscriptionId": "[if(not(contains(steps('lzGoalState').esCorpLzSub,if(not(empty(steps('esGoalState').esMgmtSub)), steps('esGoalState').esMgmtSub, if(not(empty(steps('esConnectivityGoalState').esConnectivitySub)), steps('esConnectivityGoalState').esConnectivitySub, '')))),steps('lzGoalState').esCorpLzSub,'')]", - "enableSqlAudit": "[steps('lzGoalState').esSqlAudit]", - "enableSqlEncryption": "[steps('lzGoalState').esSqlEncryption]", - "enableVmBackup": "[steps('lzGoalState').esAzBackup]", - "denyRdp": "[steps('lzGoalState').esDenyRdp]", - "enableStorageHttps": "[steps('lzGoalState').esHttpsStorage]", - "denyIpForwarding": "[steps('lzGoalState').esIpForwarding]", - "denySubnetWithoutNsg": "[steps('lzGoalState').esNsg]", - "enableVmMonitoring": "[steps('lzGoalState').esVmMonitoring]", - "vpnOrErZones": "[steps('esConnectivityGoalState').esGwRegionalOrAz]", - "firewallZones": "[steps('esConnectivityGoalState').esFwAz]", - "gwRegionalOrAz": "[steps('esConnectivityGoalState').esGwRegionalOrAz]", - "gwAzSku": "[steps('esConnectivityGoalState').esGwAzSku]", - "gwRegionalSku": "[if(empty(steps('esConnectivityGoalState').esGwRegionalSku), steps('esConnectivityGoalState').esGwNoAzSku, steps('esConnectivityGoalState').esGwRegionalSku)]", - "erRegionalOrAz": "[steps('esConnectivityGoalState').esErRegionalOrAz]", - "erAzSku": "[steps('esConnectivityGoalState').esErAzSku]", - "erRegionalSku": "[if(empty(steps('esConnectivityGoalState').esErRegionalSku), steps('esConnectivityGoalState').esErNoAzSku, steps('esConnectivityGoalState').esErRegionalSku)]", - "enableAksPolicy": "No", - "denyAksPrivileged": "No", - "denyAksPrivilegedEscalation": "No", - "denyHttpIngressForAks": "No", - "enableVmssMonitoring": "No", - "enableArcMonitoring": "No" + "enterpriseScaleCompanyPrefix": "[steps('lzSettings').esMgmtGroup]", + "platformSubscriptionId": "[if(not(empty(steps('esGoalState').esMgmtSub)), steps('esGoalState').esMgmtSub, if(not(empty(steps('esConnectivityGoalState').esConnectivitySub)), steps('esConnectivityGoalState').esConnectivitySub, ''))]", + "enableLogAnalytics": "[steps('esGoalState').esLogAnalytics]", + "retentionInDays": "[string(steps('esGoalState').esLogRetention)]", + "enableAgentHealth": "[steps('esGoalState').esAgentSolution]", + "enableChangeTracking": "[steps('esGoalState').esChangeTracking]", + "enableUpdateMgmt": "[steps('esGoalState').esUpdateMgmt]", + "enableVmInsights": "[steps('esGoalState').esVmInsights]", + "enableAntiMalware": "[steps('esGoalState').esAntiMalware]", + "enableServiceMap": "[steps('esGoalState').esServiceMap]", + "enableSqlAssessment": "[steps('esGoalState').esSqlAssessment]", + "enableAsc": "[steps('esGoalState').esAsc]", + "emailContactAsc": "[steps('esGoalState').esAscEmail]", + "enableSecuritySolution": "[steps('esGoalState').esSecuritySolution]", + "location": "[steps('esConnectivityGoalState').esNwLocation]", + "vpnGwType": "[steps('esConnectivityGoalState').esVpnGwType]", + "subnetMaskForGw": "[steps('esConnectivityGoalState').esAddressVpnOrEr]", + "subnetMaskForAzFw": "[steps('esConnectivityGoalState').esAddressFw]", + "enableErGw": "[steps('esConnectivityGoalState').esErGw]", + "enableVpnGw": "[steps('esConnectivityGoalState').esVpnGw]", + "enableHub": "[steps('esConnectivityGoalState').esHub]", + "enableDdoS": "[steps('esConnectivityGoalState').esDdoS]", + "enableAzFw": "[steps('esConnectivityGoalState').esAzFw]", + "enableAzFwDnsProxy": "[steps('esConnectivityGoalState').esAzFwDns]", + "addressPrefix": "[steps('esConnectivityGoalState').esAddressHub]", + "enableLzDdoS": "[steps('lzGoalState').esLzDdoS]", + "denyPublicEndpoints": "[steps('lzGoalState').esLzPrivateLink]", + "enableEncryptionInTransit": "[steps('lzGoalState').esEncryptionInTransit]", + "onlineLzSubscriptionId": "[if(not(contains(steps('lzGoalState').esOnlineLzSub,if(not(empty(steps('esGoalState').esMgmtSub)), steps('esGoalState').esMgmtSub, if(not(empty(steps('esConnectivityGoalState').esConnectivitySub)), steps('esConnectivityGoalState').esConnectivitySub, '')))),steps('lzGoalState').esOnlineLzSub,'')]", + "corpLzSubscriptionId": "[if(not(contains(steps('lzGoalState').esCorpLzSub,if(not(empty(steps('esGoalState').esMgmtSub)), steps('esGoalState').esMgmtSub, if(not(empty(steps('esConnectivityGoalState').esConnectivitySub)), steps('esConnectivityGoalState').esConnectivitySub, '')))),steps('lzGoalState').esCorpLzSub,'')]", + "enableSqlAudit": "[steps('lzGoalState').esSqlAudit]", + "enableSqlEncryption": "[steps('lzGoalState').esSqlEncryption]", + "enableVmBackup": "[steps('lzGoalState').esAzBackup]", + "denyRdp": "[steps('lzGoalState').esDenyRdp]", + "enableStorageHttps": "[steps('lzGoalState').esHttpsStorage]", + "denyIpForwarding": "[steps('lzGoalState').esIpForwarding]", + "denySubnetWithoutNsg": "[steps('lzGoalState').esNsg]", + "enableVmMonitoring": "[steps('lzGoalState').esVmMonitoring]", + "vpnOrErZones": "[steps('esConnectivityGoalState').esGwRegionalOrAz]", + "firewallZones": "[steps('esConnectivityGoalState').esFwAz]", + "gwRegionalOrAz": "[steps('esConnectivityGoalState').esGwRegionalOrAz]", + "gwAzSku": "[steps('esConnectivityGoalState').esGwAzSku]", + "gwRegionalSku": "[if(empty(steps('esConnectivityGoalState').esGwRegionalSku), steps('esConnectivityGoalState').esGwNoAzSku, steps('esConnectivityGoalState').esGwRegionalSku)]", + "erRegionalOrAz": "[steps('esConnectivityGoalState').esErRegionalOrAz]", + "erAzSku": "[steps('esConnectivityGoalState').esErAzSku]", + "erRegionalSku": "[if(empty(steps('esConnectivityGoalState').esErRegionalSku), steps('esConnectivityGoalState').esErNoAzSku, steps('esConnectivityGoalState').esErRegionalSku)]", + "enableAksPolicy": "No", + "denyAksPrivileged": "No", + "denyAksPrivilegedEscalation": "No", + "denyHttpIngressForAks": "No", + "enableVmssMonitoring": "No", + "enableArcMonitoring": "No" }, "kind": "Tenant", "location": "[steps('basics').resourceScope.location.name]" diff --git a/docs/reference/treyresearch/armTemplates/portal-es-lite.json b/docs/reference/treyresearch/armTemplates/portal-es-lite.json index d6eda54196..cc28b9e4a8 100644 --- a/docs/reference/treyresearch/armTemplates/portal-es-lite.json +++ b/docs/reference/treyresearch/armTemplates/portal-es-lite.json @@ -104,7 +104,7 @@ "required": false }, "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, + }, { "name": "mgmtSubsApi", "type": "Microsoft.Solutions.ArmApiControl", @@ -128,7 +128,7 @@ "allowedValues": "[map(steps('esGoalState').mgmtSubsApi.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", "required": true } - }, + }, { "name": "textBlock1", "type": "Microsoft.Common.TextBlock", @@ -159,8 +159,8 @@ } ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + }, { "name": "esChangeTracking", "type": "Microsoft.Common.OptionsGroup", @@ -179,7 +179,7 @@ } ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, { "name": "esUpdateMgmt", @@ -199,27 +199,7 @@ } ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, - { - "name": "esActivityLog", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Activity Log solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] - }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, { "name": "esVmInsights", @@ -239,7 +219,7 @@ } ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, { "name": "esAntiMalware", @@ -259,7 +239,7 @@ } ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, { "name": "esServiceMap", @@ -279,7 +259,7 @@ } ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, { "name": "esSqlAssessment", @@ -299,12 +279,12 @@ } ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, { "name": "textBlock0", "type": "Microsoft.Common.TextBlock", - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]", + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]", "options": { "text": "Select which Azure Security solutions you will enable.", "link": { @@ -312,7 +292,7 @@ "uri": "https://docs.microsoft.com/azure/security/fundamentals/overview" } } - }, + }, { "name": "esAsc", "type": "Microsoft.Common.OptionsGroup", @@ -335,7 +315,7 @@ } ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" }, { "name": "esAscEmail", @@ -349,7 +329,7 @@ "regex": "^[\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4}$", "validationMessage": "Please provide a valid email address" } - }, + }, { "name": "esSecuritySolution", "type": "Microsoft.Common.OptionsGroup", @@ -368,8 +348,8 @@ } ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - } + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + } ] }, { @@ -448,7 +428,7 @@ "validationMessage": "The virtual hubs network's address space, specified as one address prefixes in CIDR notation (e.g. 192.168.1.0/24)" } }, - { + { "name": "esLocationsApi", "type": "Microsoft.Solutions.ArmApiControl", "request": { @@ -894,7 +874,7 @@ } } ] - }, + }, { "name": "lzGoalState", "label": "Landing zone configuration", @@ -985,7 +965,7 @@ "allowedValues": "[map(steps('lzGoalState').lzCorpSubsApi.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", "required": false } - }, + }, { "name": "azMonText", "type": "Microsoft.Common.TextBlock", @@ -1057,7 +1037,7 @@ } ] } - }, + }, { "name": "esVmMonitoring", "type": "Microsoft.Common.OptionsGroup", @@ -1076,8 +1056,8 @@ } ] }, - "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" - }, + "visible": "[equals(steps('esGoalState').esLogAnalytics, 'Yes')]" + }, { "name": "esAzBackup", "type": "Microsoft.Common.OptionsGroup", @@ -1225,19 +1205,18 @@ "enterpriseScaleCompanyPrefix": "[steps('lzSettings').esMgmtGroup]", "platformSubscriptionId": "[if(not(empty(steps('esGoalState').esMgmtSub)), steps('esGoalState').esMgmtSub, if(not(empty(steps('esConnectivityGoalState').esConnectivitySub)), steps('esConnectivityGoalState').esConnectivitySub, ''))]", "enableLogAnalytics": "[steps('esGoalState').esLogAnalytics]", - "retentionInDays": "[string(steps('esGoalState').esLogRetention)]", + "retentionInDays": "[string(steps('esGoalState').esLogRetention)]", "enableAgentHealth": "[steps('esGoalState').esAgentSolution]", "enableChangeTracking": "[steps('esGoalState').esChangeTracking]", "enableUpdateMgmt": "[steps('esGoalState').esUpdateMgmt]", - "enableActivityLog": "[steps('esGoalState').esActivityLog]", "enableVmInsights": "[steps('esGoalState').esVmInsights]", "enableAntiMalware": "[steps('esGoalState').esAntiMalware]", "enableServiceMap": "[steps('esGoalState').esServiceMap]", "enableSqlAssessment": "[steps('esGoalState').esSqlAssessment]", "enableAsc": "[steps('esGoalState').esAsc]", - "emailContactAsc": "[steps('esGoalState').esAscEmail]", + "emailContactAsc": "[steps('esGoalState').esAscEmail]", "enableSecuritySolution": "[steps('esGoalState').esSecuritySolution]", - "location": "[steps('esConnectivityGoalState').esNwLocation]", + "location": "[steps('esConnectivityGoalState').esNwLocation]", "vpnGwType": "[steps('esConnectivityGoalState').esVpnGwType]", "subnetMaskForGw": "[steps('esConnectivityGoalState').esAddressVpnOrEr]", "subnetMaskForAzFw": "[steps('esConnectivityGoalState').esAddressFw]", diff --git a/docs/wiki/ALZ-Deprecated-Services.md b/docs/wiki/ALZ-Deprecated-Services.md index aa90f9cd7f..0dd8cf28b1 100644 --- a/docs/wiki/ALZ-Deprecated-Services.md +++ b/docs/wiki/ALZ-Deprecated-Services.md @@ -1,11 +1,8 @@ -# Azure Landing Zones Deprecated Policies +# Azure Landing Zones Deprecated Services ## In this section -- [Azure Landing Zones Deprecated Policies](#azure-landing-zones-deprecated-policies) - - [In this section](#in-this-section) - - [Overview](#overview) - - [Deprecated policies](#deprecated-policies) +- [Azure Landing Zones Deprecated Services](#azure-landing-zones-deprecated-services) ## Overview @@ -24,3 +21,7 @@ Over time, a deprecation process of there `ALZ / custom` policies will have to t | Deploy-Nsg-FlowLogs | [e920df7f-9a64-4066-9b58-52684c02a091](https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html?) | Custom policy replaced by built-in requires less administration overhead | | Deploy-Nsg-FlowLogs-to-LA | [e920df7f-9a64-4066-9b58-52684c02a091](https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html?) | Custom policy replaced by built-in requires less administration overhead | | Deny-PublicIP | [6c112d4e-5bc7-47ae-a041-ea2d9dccd749](https://www.azadvertizer.net/azpolicyadvertizer/6c112d4e-5bc7-47ae-a041-ea2d9dccd749.html?) | Custom policy replaced by built-in requires less administration overhead |½ + +## Deprecated services + +- Removed `ActivityLog` Solution as an option to be deployed into the Log Analytics Workspace. As this has been superseded by the Activity Log Insights Workbook, as documented [here.](https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log-insights) \ No newline at end of file diff --git a/docs/wiki/Deploying-ALZ-BasicSetup.md b/docs/wiki/Deploying-ALZ-BasicSetup.md index 512232ffc9..c5232ddf7b 100644 --- a/docs/wiki/Deploying-ALZ-BasicSetup.md +++ b/docs/wiki/Deploying-ALZ-BasicSetup.md @@ -89,7 +89,6 @@ See [Manage usage and costs with Azure Monitor Logs](https://docs.microsoft.com/ - [Agent Health](https://docs.microsoft.com/en-us/azure/azure-monitor/insights/solution-agenthealth) helps you understand which monitoring agents are unresponsive and submitting operational data. - [Change Tracking](https://docs.microsoft.com/en-us/azure/automation/change-tracking/overview) tracks changes in virtual machines hosted in Azure, on-premises, and other cloud environments to help you pinpoint operational and environmental issues. - [Update Management](https://docs.microsoft.com/en-us/azure/automation/update-management/overview) assesses the status of available updates and allows you manage the process of installing required updates for your machines leveraging Azure Automation. - - [Activity Log](https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log#activity-log-analytics-monitoring-solution) helps to assess administration and operational events related to your subscriptions. - [VM Insights](https://docs.microsoft.com/en-us/azure/azure-monitor/vm/vminsights-overview) monitors the performance and health of your virtual machines and virtual machine scale sets, including their running processes and dependencies on other resources. - [Service Map](https://docs.microsoft.com/en-us/azure/azure-monitor/vm/service-map) automatically discovers application components on Windows and Linux systems and maps the communication between services. - [SQL Assessment](https://docs.microsoft.com/en-us/azure/azure-monitor/insights/sql-assessment) provides a prioritized list of recommendations specific to your deployed server infrastructure. The recommendations are categorized across six focus areas which help you quickly understand the risk and take corrective action. diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 4718e824e3..a2e2567649 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -62,6 +62,10 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: Impacted assignment: Deploy-ASC-Monitoring - Updated "**Deploy Diagnostic Settings for Data Factory to Log Analytics workspace" to include new categories of: `SandboxPipelineRuns` & `SandboxActivityRuns` +#### Tooling + +- Removed `ActivityLog` Solution as an option to be deployed into the Log Analytics Workspace. As this has been superseded by the Activity Log Insights Workbook, as documented [here.](https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log-insights) + ### November 2022 #### Docs diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json index 33eb6b9443..eec04b9d2e 100644 --- a/eslzArm/eslz-portal.json +++ b/eslzArm/eslz-portal.json @@ -405,26 +405,6 @@ }, "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]" }, - { - "name": "enableActivityLog", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Activity Log solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continuous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] - }, - "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]" - }, { "name": "enableVmInsights", "type": "Microsoft.Common.OptionsGroup", @@ -2646,7 +2626,6 @@ "enableAgentHealth": "[steps('management').enableAgentHealth]", "enableChangeTracking": "[steps('management').enableChangeTracking]", "enableUpdateMgmt": "[steps('management').enableUpdateMgmt]", - "enableActivityLog": "[steps('management').enableActivityLog]", "enableVmInsights": "[steps('management').enableVmInsights]", "enableServiceMap": "[steps('management').enableServiceMap]", "enableSqlAssessment": "[steps('management').enableSqlAssessment]", @@ -2730,4 +2709,4 @@ "location": "[steps('basics').resourceScope.location.name]" } } -} +} \ No newline at end of file diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index 1093e9d715..2e7b20292c 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -72,14 +72,6 @@ ], "defaultValue": "Yes" }, - "enableActivityLog": { - "type": "string", - "allowedValues": [ - "Yes", - "No" - ], - "defaultValue": "Yes" - }, "enableVmInsights": { "type": "string", "allowedValues": [ @@ -1245,7 +1237,7 @@ }, { // Deploying Log Analytics solutions to Log Analytics workspace if condition is true - "condition": "[and(and(not(empty(parameters('managementSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes')), equals(parameters('enableLogAnalytics'), 'Yes'), or(or(or(or(or(or(or(equals(parameters('enableSecuritySolution'), 'Yes'), equals(parameters('enableAgentHealth'), 'Yes')), equals(parameters('enableChangeTracking'), 'Yes')), equals(parameters('enableUpdateMgmt'), 'Yes'), equals(parameters('enableActivityLog'), 'Yes')), equals(parameters('enableVmInsights'), 'Yes')), equals(parameters('enableServiceMap'), 'Yes'), equals(parameters('enableSqlAssessment'), 'Yes')), equals(parameters('enableSqlAdvancedThreatProtection'), 'Yes')), equals(parameters('enableSqlVulnerabilityAssessment'), 'Yes')))]", + "condition": "[and(and(not(empty(parameters('managementSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes')), equals(parameters('enableLogAnalytics'), 'Yes'), or(or(or(or(or(or(equals(parameters('enableSecuritySolution'), 'Yes'), equals(parameters('enableAgentHealth'), 'Yes')), equals(parameters('enableChangeTracking'), 'Yes')), equals(parameters('enableUpdateMgmt'), 'Yes'), equals(parameters('enableVmInsights'), 'Yes')), equals(parameters('enableServiceMap'), 'Yes'), equals(parameters('enableSqlAssessment'), 'Yes')), equals(parameters('enableSqlAdvancedThreatProtection'), 'Yes')), equals(parameters('enableSqlVulnerabilityAssessment'), 'Yes')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').monitoringSolutionsDeploymentName]", @@ -1283,9 +1275,6 @@ "enableUpdateMgmt": { "value": "[parameters('enableUpdateMgmt')]" }, - "enableActivityLog": { - "value": "[parameters('enableActivityLog')]" - }, "enableVmInsights": { "value": "[parameters('enableVmInsights')]" }, @@ -3161,7 +3150,7 @@ */ { // Deploying Log Analytics solutions to Log Analytics workspace if condition is true - "condition": "[and(and(not(empty(parameters('singlePlatformSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes')), equals(parameters('enableLogAnalytics'), 'Yes'), or(or(or(or(or(or(or(equals(parameters('enableSecuritySolution'), 'Yes'), equals(parameters('enableAgentHealth'), 'Yes')), equals(parameters('enableChangeTracking'), 'Yes')), equals(parameters('enableUpdateMgmt'), 'Yes'), equals(parameters('enableActivityLog'), 'Yes')), equals(parameters('enableVmInsights'), 'Yes')), equals(parameters('enableServiceMap'), 'Yes'), equals(parameters('enableSqlAssessment'), 'Yes')), equals(parameters('enableSqlAdvancedThreatProtection'), 'Yes')), equals(parameters('enableSqlVulnerabilityAssessment'), 'Yes')))]", + "condition": "[and(and(not(empty(parameters('singlePlatformSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes')), equals(parameters('enableLogAnalytics'), 'Yes'), or(or(or(or(or(or(equals(parameters('enableSecuritySolution'), 'Yes'), equals(parameters('enableAgentHealth'), 'Yes')), equals(parameters('enableChangeTracking'), 'Yes')), equals(parameters('enableUpdateMgmt'), 'Yes'), equals(parameters('enableVmInsights'), 'Yes')), equals(parameters('enableServiceMap'), 'Yes'), equals(parameters('enableSqlAssessment'), 'Yes')), equals(parameters('enableSqlAdvancedThreatProtection'), 'Yes')), equals(parameters('enableSqlVulnerabilityAssessment'), 'Yes')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2020-10-01", "name": "[variables('esLiteDeploymentNames').monitoringSolutionsLiteDeploymentName]", @@ -3199,9 +3188,6 @@ "enableUpdateMgmt": { "value": "[parameters('enableUpdateMgmt')]" }, - "enableActivityLog": { - "value": "[parameters('enableActivityLog')]" - }, "enableVmInsights": { "value": "[parameters('enableVmInsights')]" }, diff --git a/eslzArm/eslzArm.test.param.json b/eslzArm/eslzArm.test.param.json index 193c7aa3eb..8b0f4eff2e 100644 --- a/eslzArm/eslzArm.test.param.json +++ b/eslzArm/eslzArm.test.param.json @@ -23,9 +23,6 @@ "enableUpdateMgmt": { "value": "Yes" }, - "enableActivityLog": { - "value": "Yes" - }, "enableVmInsights": { "value": "Yes" }, @@ -243,4 +240,4 @@ "value": 30 } } -} +} \ No newline at end of file diff --git a/eslzArm/fairfaxeslz-portal.json b/eslzArm/fairfaxeslz-portal.json index d10becae6b..32b146ccdf 100644 --- a/eslzArm/fairfaxeslz-portal.json +++ b/eslzArm/fairfaxeslz-portal.json @@ -269,26 +269,6 @@ }, "visible": "[equals(steps('esGoalState').esLogAnalytics,'Yes')]" }, - { - "name": "esActivityLog", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy Activity Log solution", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected when also adding a subscription for management, ARM will deploy resources and enable them for continous compliance", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] - }, - "visible": "[equals(steps('esGoalState').esLogAnalytics,'Yes')]" - }, { "name": "esVmInsights", "type": "Microsoft.Common.OptionsGroup", @@ -2357,7 +2337,6 @@ "enableAgentHealth": "[steps('esGoalState').esAgentSolution]", "enableChangeTracking": "[steps('esGoalState').esChangeTracking]", "enableUpdateMgmt": "[steps('esGoalState').esUpdateMgmt]", - "enableActivityLog": "[steps('esGoalState').esActivityLog]", "enableVmInsights": "[steps('esGoalState').esVmInsights]", "enableServiceMap": "[steps('esGoalState').esServiceMap]", "enableSqlAssessment": "[steps('esGoalState').esSqlAssessment]", diff --git a/eslzArm/subscriptionTemplates/logAnalyticsSolutions.json b/eslzArm/subscriptionTemplates/logAnalyticsSolutions.json index ae199128e7..69d635cf2c 100644 --- a/eslzArm/subscriptionTemplates/logAnalyticsSolutions.json +++ b/eslzArm/subscriptionTemplates/logAnalyticsSolutions.json @@ -65,17 +65,6 @@ "description": "Select whether update mgmt solution should be enabled or not." } }, - "enableActivityLog": { - "type": "string", - "allowedValues": [ - "Yes", - "No" - ], - "defaultValue": "Yes", - "metadata": { - "description": "Select whether activity log solution should be enabled or not." - } - }, "enableVmInsights": { "type": "string", "allowedValues": [ @@ -151,10 +140,6 @@ "name": "[concat('Updates', '(', parameters('workspaceName'), ')')]", "marketplaceName": "Updates" }, - "azureActivity": { - "name": "[concat('AzureActivity', '(', parameters('workspaceName'), ')')]", - "marketplaceName": "AzureActivity" - }, "sqlAssessment": { "name": "[concat('SQLAssessment', '(', parameters('workspaceName'), ')')]", "marketplaceName": "SQLAssessment" @@ -212,23 +197,6 @@ "publisher": "Microsoft" } }, - { - // Conditionally deploy solution for activity log - "condition": "[equals(parameters('enableActivityLog'), 'Yes')]", - "apiVersion": "2015-11-01-preview", - "type": "Microsoft.OperationsManagement/solutions", - "name": "[variables('solutions').azureActivity.name]", - "location": "[parameters('workspaceRegion')]", - "properties": { - "workspaceResourceId": "[variables('laResourceId')]" - }, - "plan": { - "name": "[variables('solutions').azureActivity.name]", - "product": "[concat('OMSGallery/', variables('solutions').azureActivity.marketplaceName)]", - "promotionCode": "", - "publisher": "Microsoft" - } - }, { // Conditionally deploy solution for change tracking "condition": "[equals(parameters('enableChangeTracking'), 'Yes')]", From 0ed88dffcac671970c738ecf117f61188a9f0c8c Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Tue, 20 Dec 2022 11:50:51 +0000 Subject: [PATCH 03/12] Add is it maintained badges (#1158) * Add is it maintained badges * Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index cc5bf439d7..c252ac4fd6 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ # Enterprise-Scale - Reference Implementation +[![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/enterprise-scale.svg)](http://isitmaintained.com/project/azure/enterprise-scale "Average time to resolve an issue") +[![Percentage of issues still open](http://isitmaintained.com/badge/open/azure/enterprise-scale.svg)](http://isitmaintained.com/project/azure/enterprise-scale "Percentage of issues still open") + ## Navigation Menu * [What's New?](https://github.com/Azure/Enterprise-Scale/wiki/Whats-new) From fc93df704a1c3e7a3f69e1af24c74ca8403dc0cb Mon Sep 17 00:00:00 2001 From: Kevin Rowlandson Date: Wed, 28 Dec 2022 11:11:42 +0000 Subject: [PATCH 04/12] Update contributing guidance (#1095) Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JamJarchitect <53943045+JamJarchitect@users.noreply.github.com> Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> --- .github/workflows/wiki-sync.yml | 2 +- README.md | 34 +-- SECURITY.md | 22 +- SUPPORT.md | 2 +- docs/Deploy/deploy-policy-driven-routing.md | 9 +- docs/Deploy/es-schema.md | 2 +- docs/ESLZ-Policies.md | 4 +- docs/EnterpriseScale-Architecture.md | 54 +--- docs/EnterpriseScale-Contribution.md | 63 +--- docs/EnterpriseScale-Deploy-landing-zones.md | 43 +-- ...iseScale-Deploy-reference-implentations.md | 31 +- docs/EnterpriseScale-Deploy-workloads.md | 45 +-- docs/EnterpriseScale-Known-Issues.md | 27 +- docs/EnterpriseScale-Roadmap.md | 20 +- docs/EnterpriseScale-Setup-aad-permissions.md | 68 +---- docs/EnterpriseScale-Setup-azure.md | 75 +---- docs/reference/Readme.md | 2 +- docs/reference/adventureworks/README.md | 4 +- docs/reference/contoso/Readme.md | 2 +- docs/reference/treyresearch/README.md | 28 +- docs/reference/wingtip/README.md | 2 +- docs/wiki/ALZ-Architecture.md | 53 ++++ docs/wiki/ALZ-Contribution-Guide.md | 151 +++++++++ docs/wiki/ALZ-Deploy-landing-zones.md | 40 +++ .../ALZ-Deploy-reference-implementations.md | 30 ++ docs/wiki/ALZ-Deploy-workloads.md | 44 +++ docs/wiki/ALZ-Known-Issues.md | 26 ++ docs/wiki/ALZ-Policies.md | 62 ++++ docs/wiki/ALZ-Setup-aad-permissions.md | 67 ++++ docs/wiki/ALZ-Setup-azure.md | 74 +++++ docs/wiki/Create-Landingzones.md | 8 +- .../Deploying-Enterprise-Scale-BasicSetup.md | 3 +- ...eploying-Enterprise-Scale-CustomerUsage.md | 31 +- .../Deploying-Enterprise-Scale-Foundation.md | 2 +- .../Deploying-Enterprise-Scale-HubAndSpoke.md | 2 +- ...loying-Enterprise-Scale-Platform-DevOps.md | 289 +----------------- ...ploying-Enterprise-Scale-Pre-requisites.md | 5 +- docs/wiki/Deploying-Enterprise-Scale-VWAN.md | 4 +- docs/wiki/Deploying-Enterprise-Scale.md | 4 +- docs/wiki/FAQ.md | 2 +- docs/wiki/Home.md | 33 +- docs/wiki/How-Enterprise-Scale-Works.md | 4 +- docs/wiki/What-is-Enterprise-Scale.md | 2 +- docs/wiki/Whats-new.md | 69 +++-- docs/wiki/_Footer.md | 6 +- docs/wiki/_Sidebar.md | 71 +++-- docs/{ => wiki}/media/ES-process.png | Bin docs/{ => wiki}/media/ESLZ.gif | Bin ...e Scale - PolicyDefinitionAssignments.xlsx | Bin .../media/Enterprise-scale architecture.vsdx | Bin docs/{ => wiki}/media/HS.png | Bin docs/{ => wiki}/media/MvnetHS.png | Bin docs/{ => wiki}/media/MvnetHSPP.png | Bin .../media/North Star process visuals.pptx | Bin .../media/NorthStar Networking images.pptx | Bin .../media/aad-rolesandadministrators.png | Bin .../{ => wiki}/media/ado-add-build-policy.png | Bin docs/{ => wiki}/media/ado-complete-pr.png | Bin docs/{ => wiki}/media/ado-env-approval.png | Bin docs/{ => wiki}/media/ado-import-repo.png | Bin docs/{ => wiki}/media/ado-manage-repo.png | Bin .../media/ado-permissions-group.png | Bin docs/{ => wiki}/media/ado-pipeline-create.png | Bin .../media/ado-pipeline-variable.png | Bin .../media/ado-repo-buildservice.png | Bin docs/{ => wiki}/media/ado-repo-forcepush.png | Bin docs/{ => wiki}/media/ado-repo-policy.png | Bin docs/{ => wiki}/media/cmanged-nt.png | Bin docs/{ => wiki}/media/devops.png | Bin docs/{ => wiki}/media/directory-reader.png | Bin docs/{ => wiki}/media/e2e-armtemplate.png | Bin docs/{ => wiki}/media/ea.png | Bin docs/{ => wiki}/media/eg-net-top.png | Bin docs/{ => wiki}/media/enc-flows.png | Bin docs/{ => wiki}/media/es-hubspoke-nw.png | Bin docs/{ => wiki}/media/es-iab.png | Bin docs/wiki/media/example-def-in-init-2.png | Bin 0 -> 78864 bytes docs/wiki/media/example-def-in-init.png | Bin 0 -> 84278 bytes docs/{ => wiki}/media/global-transit.png | Bin docs/{ => wiki}/media/iam.png | Bin .../{ => wiki}/media/implementation-scope.png | Bin docs/{ => wiki}/media/lz-design.png | Bin .../media/mg-hierarchy-settings.png | Bin docs/{ => wiki}/media/mgmt-mon.png | Bin docs/{ => wiki}/media/net-con.png | Bin docs/{ => wiki}/media/net-con2.png | Bin docs/{ => wiki}/media/ns-arch.png | Bin docs/wiki/media/policies-bicep-example.png | Bin 0 -> 75305 bytes docs/wiki/media/policy-metadata-example.png | Bin 0 -> 60581 bytes docs/wiki/media/pr-example.png | Bin 0 -> 34136 bytes docs/{ => wiki}/media/sub-org.png | Bin examples/landing-zones/README.md | 2 +- examples/management-groups/README.md | 2 +- examples/policies/policy-definition/README.md | 2 +- 94 files changed, 731 insertions(+), 896 deletions(-) create mode 100644 docs/wiki/ALZ-Architecture.md create mode 100644 docs/wiki/ALZ-Contribution-Guide.md create mode 100644 docs/wiki/ALZ-Deploy-landing-zones.md create mode 100644 docs/wiki/ALZ-Deploy-reference-implementations.md create mode 100644 docs/wiki/ALZ-Deploy-workloads.md create mode 100644 docs/wiki/ALZ-Known-Issues.md create mode 100644 docs/wiki/ALZ-Setup-aad-permissions.md create mode 100644 docs/wiki/ALZ-Setup-azure.md rename docs/{ => wiki}/media/ES-process.png (100%) rename docs/{ => wiki}/media/ESLZ.gif (100%) rename docs/{ => wiki}/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx (100%) rename docs/{ => wiki}/media/Enterprise-scale architecture.vsdx (100%) rename docs/{ => wiki}/media/HS.png (100%) rename docs/{ => wiki}/media/MvnetHS.png (100%) rename docs/{ => wiki}/media/MvnetHSPP.png (100%) rename docs/{ => wiki}/media/North Star process visuals.pptx (100%) rename docs/{ => wiki}/media/NorthStar Networking images.pptx (100%) rename docs/{ => wiki}/media/aad-rolesandadministrators.png (100%) rename docs/{ => wiki}/media/ado-add-build-policy.png (100%) rename docs/{ => wiki}/media/ado-complete-pr.png (100%) rename docs/{ => wiki}/media/ado-env-approval.png (100%) rename docs/{ => wiki}/media/ado-import-repo.png (100%) rename docs/{ => wiki}/media/ado-manage-repo.png (100%) rename docs/{ => wiki}/media/ado-permissions-group.png (100%) rename docs/{ => wiki}/media/ado-pipeline-create.png (100%) rename docs/{ => wiki}/media/ado-pipeline-variable.png (100%) rename docs/{ => wiki}/media/ado-repo-buildservice.png (100%) rename docs/{ => wiki}/media/ado-repo-forcepush.png (100%) rename docs/{ => wiki}/media/ado-repo-policy.png (100%) rename docs/{ => wiki}/media/cmanged-nt.png (100%) rename docs/{ => wiki}/media/devops.png (100%) rename docs/{ => wiki}/media/directory-reader.png (100%) rename docs/{ => wiki}/media/e2e-armtemplate.png (100%) rename docs/{ => wiki}/media/ea.png (100%) rename docs/{ => wiki}/media/eg-net-top.png (100%) rename docs/{ => wiki}/media/enc-flows.png (100%) rename docs/{ => wiki}/media/es-hubspoke-nw.png (100%) rename docs/{ => wiki}/media/es-iab.png (100%) create mode 100644 docs/wiki/media/example-def-in-init-2.png create mode 100644 docs/wiki/media/example-def-in-init.png rename docs/{ => wiki}/media/global-transit.png (100%) rename docs/{ => wiki}/media/iam.png (100%) rename docs/{ => wiki}/media/implementation-scope.png (100%) rename docs/{ => wiki}/media/lz-design.png (100%) rename docs/{ => wiki}/media/mg-hierarchy-settings.png (100%) rename docs/{ => wiki}/media/mgmt-mon.png (100%) rename docs/{ => wiki}/media/net-con.png (100%) rename docs/{ => wiki}/media/net-con2.png (100%) rename docs/{ => wiki}/media/ns-arch.png (100%) create mode 100644 docs/wiki/media/policies-bicep-example.png create mode 100644 docs/wiki/media/policy-metadata-example.png create mode 100644 docs/wiki/media/pr-example.png rename docs/{ => wiki}/media/sub-org.png (100%) diff --git a/.github/workflows/wiki-sync.yml b/.github/workflows/wiki-sync.yml index 7da0dfd133..10231d32ae 100644 --- a/.github/workflows/wiki-sync.yml +++ b/.github/workflows/wiki-sync.yml @@ -61,5 +61,5 @@ jobs: echo "Pushing changes to origin..." git add . git commit -m "$github_commit_message [$GITHUB_ACTOR/${GITHUB_SHA::8}]" - git push --set-upstream https://$GITHUB_TOKEN@github.com/$wiki_target_repo.git master + git push --set-upstream "https://$GITHUB_TOKEN@github.com/$wiki_target_repo.git" master working-directory: ${{ env.wiki_target_repo }} diff --git a/README.md b/README.md index c252ac4fd6..a82783cdf0 100644 --- a/README.md +++ b/README.md @@ -3,29 +3,9 @@ [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/enterprise-scale.svg)](http://isitmaintained.com/project/azure/enterprise-scale "Average time to resolve an issue") [![Percentage of issues still open](http://isitmaintained.com/badge/open/azure/enterprise-scale.svg)](http://isitmaintained.com/project/azure/enterprise-scale "Percentage of issues still open") -## Navigation Menu - -* [What's New?](https://github.com/Azure/Enterprise-Scale/wiki/Whats-new) -* [Community Calls](https://github.com/Azure/Enterprise-Scale/wiki/Community-Calls) -* [Enterprise-Scale Landing Zones - User Guide](https://github.com/Azure/Enterprise-Scale/wiki#enterprise-scale-landing-zones-user-guide) -* [Enterprise-Scale Architecture](./docs/EnterpriseScale-Architecture.md) -* [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-Enterprise-Scale-CustomerUsage) -* [Configure Azure permission for ARM Template deployments](./docs/EnterpriseScale-Setup-azure.md) -* [Deploy Reference Implementation](./docs/EnterpriseScale-Deploy-reference-implentations.md) - * [Policies included in Azure landing zones reference implementations](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies) - * [Contoso Reference - Scope and Design](./docs/reference/contoso/Readme.md) - * [AdventureWorks Reference - Scope and Design](./docs/reference/adventureworks/README.md) - * [WingTip Reference - Scope and Design](./docs/reference/wingtip/README.md) - * [Trey Research Reference - Scope and Design](./docs/reference/treyresearch/README.md) -* [Create Landing Zones](./docs/EnterpriseScale-Deploy-landing-zones.md) -* [Deploy workloads into Landing Zones](./workloads) -* [Getting started with Infrastructure-as-Code](https://github.com/Azure/AzOps-Accelerator/wiki) -* [Azure Landing Zones Deprecated Services](./docs/wiki/ALZ-Deprecated-Services.md) -* [Known Issues](./docs/EnterpriseScale-Known-Issues.md) -* [How Do I Contribute?](./docs/EnterpriseScale-Contribution.md) -* [Frequently Asked Questions (FAQ)](https://github.com/Azure/Enterprise-Scale/wiki/FAQ) -* [Roadmap](./docs/EnterpriseScale-Roadmap.md) -* [Microsoft Support Policy](./SUPPORT.md) +## User documentation + +To find out more about the Azure landing zones reference implementation, please refer to the [documentation on our Wiki](https://github.com/Azure/Enterprise-Scale/wiki) --- @@ -35,7 +15,7 @@ The Enterprise-Scale architecture provides prescriptive guidance coupled with Az The Enterprise-Scale architecture is modular by design and allows organizations to start with foundational landing zones that support their application portfolios, and the architecture enables organizations to start as small as needed and scale alongside their business requirements regardless of scale point. -![hippo](./docs/media/ESLZ.gif) +![Animated image showing the modularity of Azure landing zones](./docs/wiki/media/ESLZ.gif) --- @@ -55,7 +35,7 @@ The Enterprise-Scale reference implementations in this repository are intended t | Be aligned with cloud provider’s platform roadmap | Yes | | UI Experience and simplified setup | Yes, Azure portal | | All critical services are present and properly configured according to recommend best practices for identity & access management, governance, security, network and logging | Yes, using a multi-subscription design, aligned with Azure platform roadmap | -| Automation capabilities (IaC/DevOps) | Yes: ARM, Policy, GitHub/Azure DevOps CICD pipeline option included | +| Automation capabilities (IaC/DevOps) | Yes: ARM, Policy, GitHub/Azure DevOps CI/CD pipeline option included | | Provides long-term self-sufficiency | Yes, enterprise-scale architecture -> 1:N landing zones. Approach & architecture prepare the customer for long-term self-sufficiency, the RIs are there to get you started | | Enables migration velocity across the organization | Yes, enterprise-scale architecture -> 1:N landing zones, Architecture includes designs for segmentation and separation of duty to empower teams to act within appropriate landing zones | | Achieves operational excellence | Yes. Enables autonomy for platform and application teams with a policy driven governance and management | @@ -66,7 +46,7 @@ To fully leverage this reference implementation in this repository, readers must It is also assumed that readers have a broad understanding of key Azure constructs and services in order to fully contextualize the prescriptive recommendations contained within Enterprise-Scale. ## Deploying Enterprise-Scale Architecture in your own environment @@ -87,7 +67,7 @@ The Enterprise-Scale architecture is modular by design and allows customers to s This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us -the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. +the rights to use your contribution. For details, visit [Contributor License Agreement (CLA)](https://cla.opensource.microsoft.com). When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions diff --git a/SECURITY.md b/SECURITY.md index f7b89984f0..f336c60304 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,7 @@ Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). -If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below. +If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below. ## Reporting Security Issues @@ -12,19 +12,19 @@ If you believe you have found a security vulnerability in any Microsoft-owned re Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report). -If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc). +If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/msrc/pgp-key-msrc). -You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). +You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: - * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) - * Full paths of source file(s) related to the manifestation of the issue - * The location of the affected source code (tag/branch/commit or direct URL) - * Any special configuration required to reproduce the issue - * Step-by-step instructions to reproduce the issue - * Proof-of-concept or exploit code (if possible) - * Impact of the issue, including how an attacker might exploit the issue +* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) +* Full paths of source file(s) related to the manifestation of the issue +* The location of the affected source code (tag/branch/commit or direct URL) +* Any special configuration required to reproduce the issue +* Step-by-step instructions to reproduce the issue +* Proof-of-concept or exploit code (if possible) +* Impact of the issue, including how an attacker might exploit the issue This information will help us triage your report more quickly. @@ -36,6 +36,6 @@ We prefer all communications to be in English. ## Policy -Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). +Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/msrc/cvd). \ No newline at end of file diff --git a/SUPPORT.md b/SUPPORT.md index b504dcfe35..c6f230772f 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -2,7 +2,7 @@ ## Microsoft Support Policy -If issues are encountered when deploying these reference implementations users will be able to engage Microsoft support via their usual channels. Please provide corelation IDs where possible when contacting support to be able to investigate issue effectively and in timely fashion. For instruction on how to get deployments and correlation ID, please follow this link [here](https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-history?tabs=azure-portal#get-deployments-and-correlation-id). +If issues are encountered when deploying these reference implementations users will be able to engage Microsoft support via their usual channels. Please provide corelation IDs where possible when contacting support to be able to investigate issue effectively and in timely fashion. For instruction on how to get deployments and correlation ID, please follow this link [here](https://docs.microsoft.com/azure/azure-resource-manager/templates/deployment-history?tabs=azure-portal#get-deployments-and-correlation-id). Following list of issues are within the scope of Microsoft support: diff --git a/docs/Deploy/deploy-policy-driven-routing.md b/docs/Deploy/deploy-policy-driven-routing.md index 0c4b72a35d..b2dcae97b2 100644 --- a/docs/Deploy/deploy-policy-driven-routing.md +++ b/docs/Deploy/deploy-policy-driven-routing.md @@ -1,4 +1,5 @@ # Policy-driven routing configuration in hub and spoke networks + The policy `Deploy a route table with specific user defined routes` allows applying a customer-defined routing configuration to in-scope VNets. For each in-scope VNet, the policy checks the existence of a route table containing a set of customer-defined UDRs; and deploys it if it does not exist. The route table is deployed to the same resource group as the VNet evaluated against the policy. The route table deployed by the policy must be manually associated to subnets. The main usage scenario for the policy is automated routing configuration in Enterprise-Scale hub and spoke topologies (the reference architecture for Enterprise Scale with hub and spoke is documented [here](https://github.com/Azure/Enterprise-Scale/tree/main/docs/reference/adventureworks)). By assigning the policy to landing zone subscriptions that contain the spoke VNet(s), it allows enforcing routing rules such as: @@ -12,9 +13,10 @@ The main usage scenario for the policy is automated routing configuration in Ent - Route all traffic from spoke VNet to shared services in the hub via the hub’s firewall cluster. The policy supports the parameters documented below. + - **effect**: A `String` that defines the effect of the policy. Allowed values are `DeployIfNotExist` (default) and `Disabled`. -- **requiredRoutes**: An `Array` of `String` objects. Each `String` object defines a User-Defined Route (UDR) in the custom route table deployed by the policy. The format is `"address-prefix;next-hop-type;next-hop-ip-address"`. The next-hop IP address must be provided on when the next hop type is "VirtualAppliance". Allowed values for the next hop type field are documented [here](https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#next-hop-types-across-azure-tools). This is an example of a *requiredRoutes* array that defines four UDRs: +- **requiredRoutes**: An `Array` of `String` objects. Each `String` object defines a User-Defined Route (UDR) in the custom route table deployed by the policy. The format is `"address-prefix;next-hop-type;next-hop-ip-address"`. The next-hop IP address must be provided on when the next hop type is "VirtualAppliance". Allowed values for the next hop type field are documented [here](https://docs.microsoft.com/azure/virtual-network/virtual-networks-udr-overview#next-hop-types-across-azure-tools). This is an example of a *requiredRoutes* array that defines four UDRs: ```json [ @@ -24,6 +26,7 @@ The policy supports the parameters documented below. "192.168.2.0/24;VnetLocal" ] ``` + - **vnetRegion**: A `String` that defines the region of the `Microsoft.Network/virtualNetworks` resources that are evaluated against the policy. Only VNets in the specified region are evaluated against the policy. This parameter enables multiple assignments to enforce different routing policies in different regions. -- **routeTableName**: A `String` that defines the name of the custom route table automatically deployed by the policy (when one that contains all the *requiredRoutes* is found). -- **disableBgpPropagation**: A `Boolean` that defines the value of the *disableBgpRoutePropagation* property of the deployed route table. The default value is `false`. \ No newline at end of file +- **routeTableName**: A `String` that defines the name of the custom route table automatically deployed by the policy (when one that contains all the *requiredRoutes* is found). +- **disableBgpPropagation**: A `Boolean` that defines the value of the *disableBgpRoutePropagation* property of the deployed route table. The default value is `false`. diff --git a/docs/Deploy/es-schema.md b/docs/Deploy/es-schema.md index 1ba447e53b..c3ec6e0a32 100644 --- a/docs/Deploy/es-schema.md +++ b/docs/Deploy/es-schema.md @@ -10,7 +10,7 @@ This article will help you to familiarize with the [Enterprise-Scale ARM templat ## ARM template objectives for Enterprise-Scale -Some of the key [design principles](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles) of Enterprise-Scale is to have a single control and management plane, be Azure native and aligned to the platform roadmap, and employ Azure Policy to enable policy driven governance and management. That means we rely on platform capabilities in order to compose and deploy the Enterprise-Scale architecture end-2-end. +Some of the key [design principles](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles) of Enterprise-Scale is to have a single control and management plane, be Azure native and aligned to the platform roadmap, and employ Azure Policy to enable policy driven governance and management. That means we rely on platform capabilities in order to compose and deploy the Enterprise-Scale architecture end-2-end. The objectives includes: diff --git a/docs/ESLZ-Policies.md b/docs/ESLZ-Policies.md index 40c8f4708a..5dfd4c1c21 100644 --- a/docs/ESLZ-Policies.md +++ b/docs/ESLZ-Policies.md @@ -1,3 +1,3 @@ -## This page has moved +# This page has moved to our Wiki -Please refer to [Policies included in Azure landing zones reference implementations](./wiki/ALZ-Policies.md) +Please refer to [Policies included in Azure Landing Zones reference implementations](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies) diff --git a/docs/EnterpriseScale-Architecture.md b/docs/EnterpriseScale-Architecture.md index 2f729f5afc..c1fa4a04ca 100644 --- a/docs/EnterpriseScale-Architecture.md +++ b/docs/EnterpriseScale-Architecture.md @@ -1,53 +1,3 @@ +# This page has moved to our Wiki -# Enterprise-Scale Architecture - -The principle challenges facing enterprise customers adopting Azure are 1) how to allow applications (legacy or modern) to seamlessly move at their own pace, and 2) how to provide secure and streamlined operations, management, and governance across the entire platform and all encompassed applications. To address these challenges, customers require a forward looking and Azure-native design approach, which in the context of this playbook is represented by the Enterprise-Scale architecture. - -## What is the Enterprise-Scale Architecture - -The Enterprise-Scale architecture represents the strategic design path and target technical state for the customer's Azure environment. It will continue to evolve in lockstep with the Azure platform and is ultimately defined by the various design decisions the customer organization must make to define their Azure journey. - -It is important to highlight that not all enterprises adopt Azure in the same way, and as a result the Enterprise-Scale architecture may vary between customers. Ultimately, the technical considerations and design recommendations presented within this playbook may yield different trade-offs based on the customer scenario. Some variation is therefore expected, but provided core recommendations are followed, the resultant target architecture will position the customer on a path to sustainable scale. - -## Landing Zones Definition - -Within the context of the Enterprise-Scale architecture, a "Landing Zone" is a logical construct capturing everything that must be true to enable application migrations and development at an Enterprise-Scale in Azure. It considers all platform Resources that are required to support the customer's application portfolio and does not differentiate between IaaS or PaaS. - -Every large enterprise software estate will encompass a myriad of application archetypes and each Landing Zone essentially represents the common elements, such as networking and IAM, that are shared across instances of these archetypes and must be in place to ensure that migrating applications have access to requisite components when deployed. Each Landing Zone must consequently be designed and deployed in accordance with the requirements of archetypes within the customer's application portfolio. - -The principle purpose of the "Landing Zones" is therefore to ensure that when an application lands on Azure, the required "plumbing" is already in place, providing greater agility and compliance with enterprise security and governance requirements. - ---- - -_Using an analogy, this is similar to how city utilities such as water, gas, and electricity are accessible before new houses are constructed. In this context, the network, IAM, policies, management, and monitoring are shared 'utility' services that must be readily available to help streamline the application migration process._ - ---- - -# Design Principles - -The Enterprise-Scale architecture is based on the [five design principles](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles). These principles serve as a compass for subsequent design decisions across critical technical domains. Readers and users of the reference implementation are strongly advised to familiarize themselves with these principles to better understand their impact and the trade-offs associated with non-adherence. - -* [Subscription democratization](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles?branch#subscription-democratization) -* [Policy-driven governance](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles#policy-driven-governance) -* [Single control and management plane](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles#single-control-and-management-plane) -* [Application-centric and archetype-neutral](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles?#application-centric-and-archetype-neutral) -* [Aligning Azure-native design and road maps](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles#align-azure-native-design-and-roadmaps) - -# Design Guidelines - -At the centre of the Enterprise-Scale architecture lies a critical design path, comprised of fundamental design topics with heavily interrelated and dependent design decisions. This repository provides design guidance across these architecturally significant technical domains to support the critical design decisions which must occur to define the Enterprise-Scale architecture. For each of the considered domains, readers should review the provided considerations and recommendations, using them to structure and drive designs within each area. - -## Critical Design Areas - -The [eight critical design areas](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas) are intended to support the translation of customer requirements to Azure constructs and capabilities, to address the mismatch between on-premises infrastructure and cloud-design which typically creates dissonance and friction with respect to the Enterprise-Scale definition and Azure adoption. - -The impact of decisions made within these critical areas will reverberate across the Enterprise-Scale architecture and influence other decisions. Readers and reference implementation users are strongly advised to familiarize themselves with these eight areas, to better understand the consequences of encompassed decisions, which may later produce trade-offs within related areas. - -* [Billing and Active Directory tenants](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-ad-tenant) -* [Identity and access management](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access) -* [Network topology and connectivity](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/network-topology-and-connectivity) -* [Resource organization](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org) -* [Security](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/security) -* [Management](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/management) -* [Governance](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance) -* [Platform automation and DevOps](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/platform-automation-devops) +Please refer to [Enterprise-Scale Architecture](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Architecture) diff --git a/docs/EnterpriseScale-Contribution.md b/docs/EnterpriseScale-Contribution.md index 390b04b363..e07a2fc531 100644 --- a/docs/EnterpriseScale-Contribution.md +++ b/docs/EnterpriseScale-Contribution.md @@ -1,62 +1,3 @@ +# This page has moved to our Wiki -## Contribution Guide - -### Enterprise-Scale Committee -The Enterprise-Scale Committee and its members (aka Committee Members) are the primary caretakers of the Enterprise-Scale and AzOps repos including language, design, and reference implementations. - -### Current Committee Members - -- Uday Pandya @uday31in -- Kristian Nese @krnese -- Victor Arzate @victorar -- Johan Dahlbom @daltondhcp -- Lyon Till @ljtill -- Niels Buit @nielsams -- Hansjoerg Scherer @hjscherer -- Callum Coffin @CalCof - -### Committee Member Responsibilities - -Committee Members are responsible for reviewing and approving RFCs proposing new features or design changes. - -The initial Enterprise Committee consists of Microsoft employees. It is expected that over time, community will grow and new community members will join Committee Members. Membership is heavily dependent on the level of contribution and expertise: individuals who contribute in meaningful ways to the project will be recognized accordingly. - -At any point in time, a Committee Member can nominate a strong community member to join the Committee. Nominations should be submitted in the form of RFCs detailing why that individual is qualified and how they will contribute. After the RFC has been discussed, a unanimous vote will be required for the new Committee Member to be confirmed. - -### Contribution scope for Enterprise-Scale - -The following is the scope of contributions to this repository: - -As the Azure platform evolves and new services and features are validated in production with customers, the design guidelines will be updated in the overall architecture context. - -With new Services, Resources, Resource properties and API versions, the implementation guide and reference implementation must be updated as appropriate. -Primarily, the code contribution would be centered on Azure Policy definitions and Azure Policy assignments for for Contoso Implementation. - -Submit a pull request for documentation updates using the following template 'placeholder'. - -#### How to submit Pull Request to upstream repo - -1. Create a new branch based on upstream/main by executing following command - - ```shell - git checkout -b feature upstream/main - ``` - -2. Checkout the file(s) from your working branch that you may want to include in PR - - ```shell - #substitute file name as appropriate. below example - git checkout feature: .\.docs\Deploy\Deploy-lz.md - ``` - -3. Push your Git branch to your origin - - ```shell - git push origin -u - ``` - -4. Create a pull request from upstream to your remote main - -### Code of Conduct - -We are working hard to build strong and productive collaboration with our passionate community. We heard you loud and clear. We are working on set of principles and guidelines with Do's and Don'ts. +Please refer to [Contribution Guide](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Contribution) diff --git a/docs/EnterpriseScale-Deploy-landing-zones.md b/docs/EnterpriseScale-Deploy-landing-zones.md index 9604569c4e..2ff347791e 100644 --- a/docs/EnterpriseScale-Deploy-landing-zones.md +++ b/docs/EnterpriseScale-Deploy-landing-zones.md @@ -1,42 +1,3 @@ -# Create Landing Zone(s) - -It is now time to turn the lights ON :bulb: - -At this point you have the necessary platform setup configured to support one or many Landing Zone(s) with the required definitions (Roles, Policies and PolicySet) and assignments (Roles and Policies). - -Provisioning Landing Zone(s) will mean either **creating a new subscription** or **moving an existing subscription** to the desired Management Group and the platform will do the rest. In large environments with 10s and 100s of Landing Zones, the platform team can also delegate Landing Zone(s) to the respective business units and/or application portfolio owners while being confident that security, compliance and monitoring requirements are being met. Furthermore, the platform team may also delegate the necessary access permissions such as: - -1) IAM roles to create new subscriptions -2) Place subscriptions in the appropriate Management Groups for business units and/or application portfolio owners to provide self-service access to create their own Landing Zone(s). - -## Create or move a Subscription under the Landing Zone Management Group - -Depending upon the reference implementation that's deployed, navigate to the appropriate Management Group under the "Landing Zones" Management Group and create or move an existing subscription. This can be done via the Azure Portal or PowerShell/CLI. - -Business units and/or application portfolio owners can use their preferred tool chain - ARM, PowerShell, Terraform, Portal, CLI etc. for subsequent resource deployments within their respective Landing Zone(s). - -### Create new subscriptions into the **Landing zones** > **Corp** or **Online** Management Group - -1. In the Azure portal, navigate to Subscriptions -2. Click 'Add', and complete the required steps in order to create a new subscription. -3. When the subscription has been created, go to Management Groups and move the subscription into the **Landing zones** > **Corp** or **Online** Management Group -4. Assign RBAC permissions for the application team/user(s) who will be deploying resources in to the newly created subscription - -### Move existing subscriptions into the **Landing zones** > **Corp** or **Online** Management Group - -1. In the Azure portal, navigate to Management Groups -2. Locate the subscription you want to move, and move it in to the **Landing zones** > **Corp** or **Online** Management Group -3. Assign RBAC permissions for the application team/user(s) who will be deploying resources in to the subscription - -## Create Enterprise-Scale Landing Zones using the Azure Portal - -The following deployment experiences can be leveraged to create multiple landing zones (subscriptions) and target individual Management Groups (e.g., 'online', 'corp' etc.). - -To use the ARM templates below to create new subscriptions, you must have Management Group Contributor or Owner permissions on the Management Group where you will invoke the deployment and also on the targeted Management Groups for the new subscriptions, as well as subscription write permissions on the billing account. - -| Agreement types | ARM Template | Description -|:-------------------------|:-------------|:--------------| -| Enterprise Agreement (EA) |[![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fdocs%2Freference%2Flzs%2FarmTemplates%2Feslz.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fdocs%2Freference%2Flzs%2FarmTemplates%2Fportal-eslz.json) | Create 'N' number of subscriptions into multiple Management Groups -| Enterprise Agreement (EA) |[![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fexamples%2Flanding-zones%2Fsubscription-with-rbac%2FsubscriptionWithRbac.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fexamples%2Flanding-zones%2Fsubscription-with-rbac%2Fportal-subscriptionWithRbac.json)| Create a subscription with RBAC for SPN - +# This page has moved to our Wiki +Please refer to [Create Landing Zone(s)](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Deploy-landing-zones) diff --git a/docs/EnterpriseScale-Deploy-reference-implentations.md b/docs/EnterpriseScale-Deploy-reference-implentations.md index 83999634d1..ec91f31889 100644 --- a/docs/EnterpriseScale-Deploy-reference-implentations.md +++ b/docs/EnterpriseScale-Deploy-reference-implentations.md @@ -1,30 +1,3 @@ -# Deploy Enterprise-Scale Reference implementation in your own environment +# This page has moved to our Wiki -This section will guide you through the process of deploying an Enterprise-Scale reference implementation in your own environment. - -## What is an Enterprise-Scale Reference Implementation? - -The Enterprise-Scale design principles and reference implementations can be adopted by all customers no matter what the size or history of their Azure estate. The following reference implementations target the most common customer scenarios for adopting Enterprise-Scale. - -## Deploy a Reference Implementation - -| Reference implementation | Description | ARM Template | Link | -|:-------------------------|:-------------|:-------------|------| -| Contoso | On-premises connectivity using Azure vWAN |[![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | [Detailed description](./reference/contoso/Readme.md) | -| AdventureWorks | On-premises connectivity with Hub & Spoke |[![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | [Detailed description](./reference/adventureworks/README.md) | -| WingTip | Azure without hybrid connectivity |[![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | [Detailed description](./reference/wingtip/README.md) | -| Trey Research | For small enterprises | [![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fdocs%2Freference%2Ftreyresearch%2FarmTemplates%2Fes-lite.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fdocs%2Freference%2Ftreyresearch%2FarmTemplates%2Fportal-es-lite.json) | [Detailed description](./reference/treyresearch/README.md) | - -> The Bicep version is now available in Public Preview here: [https://github.com/Azure/ALZ-Bicep](https://github.com/Azure/ALZ-Bicep) - -An Enterprise-Scale reference implementation is rooted in the principle that **Everything in Azure is a Resource**. All of the reference scenarios leverage native **Azure Resource Manager (ARM)** to describe and manage their resources as part of their target state architecture at-scale. - -Reference implementations enable security, monitoring, networking, and any other plumbing needed for landing zones (i.e. Subscriptions) autonomously through policy enforcement. Companies will deploy the Azure environment with ARM templates to create the necessary structure for management and networking to declare a desired goal state. All scenarios will apply the principle of "Policy Driven Governance" for landing zones by using Azure Policy. The benefits of a policy-driven approach are many but the most significant are: - -1. Platform can provide an orchestration capability to bring target resources (in this case a subscription) to a desired goal state. - -2. Continuous conformance to ensure all platform-level resources are compliant. Because the platform is aware of the goal state, the platform can assist with the monitoring and remediation of resources throughout their life-cycle. - -3. Platform enables autonomy regardless of the customer's scale point. - -To know and learn more about ARM templates used for above reference implementation, please follow [this](./Deploy/es-schema.md) article. +Please refer to [Deploy Enterprise-Scale Reference implementation in your own environment](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Deploy-reference-implementations) diff --git a/docs/EnterpriseScale-Deploy-workloads.md b/docs/EnterpriseScale-Deploy-workloads.md index a84a9ed5a1..38a0ab2b6d 100644 --- a/docs/EnterpriseScale-Deploy-workloads.md +++ b/docs/EnterpriseScale-Deploy-workloads.md @@ -1,44 +1,3 @@ -# Deploy workloads into the landing zones +# This page has moved to our Wiki -At this point you have the necessary platform setup and landing zones (subscriptions) created and placed into their respective management groups, being secure, governed, monitored, and enabled for autonomy and are ready for your application teams to do workload deployments, migrations, and net-new development to their landing zones. - -The following workloads outlined here provides best-practices, and curated deployment experiences for your application teams to successfully deploy them into their landing zones (online, corp). - -## AKS (Kubernetes) - -Deploy Kubernetes to Azure and integrate with ARM, Azure AD, Azure Policy, and Azure Monitor to ensure you have a production ready Kubernetes cluster in your landing zone -a -| Landing zone | ARM Template | Details | -|:-------------------------|:-------------|:-----------| -| Online |[![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fworkloads%2FAKS%2FarmTemplates%2Fonline-aks.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fworkloads%2FAKS%2FarmTemplates%2Fportal-online-aks.json) | [Detailed description](../workloads/AKS/README.md) -| Corp | Coming soon | Detailed description - - -### SAP (coming soon) - -Details coming soon - -| Landing zone | ARM Template | Details | -|:-------------------------|:-------------|:-----------| -| Online | Coming soon -| Corp | Coming soon - - -### Windows Virtual Desktop (coming soon) - -Details coming soon - -| Landing zone | ARM Template | Details | -|:-------------------------|:-------------|:-----------| -| Online | Coming soon -| Corp | Coming soon - - -### Data and Analytics (coming soon) - -Details coming soon - -| Landing zone | ARM Template | Details -|:-------------------------|:-------------|:-----------| -| Online | Coming soon -| Corp | Coming soon \ No newline at end of file +Please refer to [Deploy workloads into the landing zones](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Deploy-workloads) diff --git a/docs/EnterpriseScale-Known-Issues.md b/docs/EnterpriseScale-Known-Issues.md index 029dcb61cc..2f0eec16a0 100644 --- a/docs/EnterpriseScale-Known-Issues.md +++ b/docs/EnterpriseScale-Known-Issues.md @@ -1,26 +1,3 @@ -# Reference Implementation - Known Issues +# This page has moved to our Wiki -The list below summarizes the known issues currently being worked on by the Enterprise-Scale team. - -These have been discovered whilst running the reference implementation, and customers may come across them when implementing Enterprise-Scale to build and operationalize their Azure platform. - -Some of these issues may be resolved in future release, while others require input from specific Azure product teams. - -## Deploying the reference implementation fails due to 'Policy cannot be found (404)' - -### Area -ARM backend storage - -### Issue -When deploying to a region that is paired (e.g., EastUS, which is paired with WestUS), resources deployed in deployment 1 who's referenced in deployment 2 may fail due to replication latency in ARM backend storage. This will cause the overall deployment to fail - -### Status -While this is being fixed, it is recommended to re-run the deployment of the reference implementation with the same input parameter, and the deployment should succeed. - -## Unsupported number of Tenants in context: x TenantID(s) - -### Issue -We currently do not support Initialization across multiple Tenants.
Clear your AzContext and run `Connect-AzAccount` with the service principal that was created earlier. - -### Status -No fix as of yet. +Please refer to [Reference Implementation - Known Issues](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Known-Issues) diff --git a/docs/EnterpriseScale-Roadmap.md b/docs/EnterpriseScale-Roadmap.md index 86f2f442fa..a433fee94e 100644 --- a/docs/EnterpriseScale-Roadmap.md +++ b/docs/EnterpriseScale-Roadmap.md @@ -1,19 +1,3 @@ +# This page has moved to our Wiki -# Roadmap - -We intend to update the content within this repo in alignment with Azure Semester planning. - -| Milestone | Scope | Status | -|----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| Design Principles and Architecture Guidelines | Enterprise-Scale design principles and architecture guidelines for Azure. | Complete (January, 2020)| -| Automated build/test for code and deployment artifact for community contribution | Validate and test deployment artifact in test engineering Tenant to ensure quality and end to end deployment. | Complete (March, 2020) | -| Contoso Scope and Design | Prescriptive first-party reference implementation for the Enterprise-Scale architecture guidelines. Real-world example of applying Enterprise-Scale design principles to make contextualized decisions across all 8 design areas and define their target state. | Complete (March, 2020) | -| Contoso Reference Implementation | End to end reference implementation to supplement Architecture and Design recommendations. | Complete (April, 2020) | -| Publish Enterprise-Scale GitHub Action in Actions marketplace | This enables Resource discovery, deployments and operationalize IaC. | Complete (June, 2020) | -| Azure DevOps Support | Provide ability to operate AzOps within Azure DevOps with Azure Pipelines. | Complete (August, 2020) | -| Additional reference implementations | Prescriptive first-party reference implementation for the Enterprise-Scale architecture for different enterprise scenarios and size | Complete (October, 2020) | -| Data governance and analytics | Provide ability to deploy data landing zones and governance see [Enterprise Scale Analytics and AI](https://aka.ms/adopt/datamanagement.). | Planned (August 2021) | -| Workload Specific landing zones in Enterprise-Scale | AKS, WVD, SAP, HPC
(Seeking community Contribution) | Planned | -| Hybrid Management in Enterprise-Scale landing zones | Azure Arc | Planned | -| Support for N regions | ES Reference Implementations (Contoso, Adventure Works) | January, 2021 | -| Support for connecting N landing zones | ES Reference Implementations (Contoso, Adventure Works) | January, 2021 | +Please refer to [Roadmap](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Roadmap) diff --git a/docs/EnterpriseScale-Setup-aad-permissions.md b/docs/EnterpriseScale-Setup-aad-permissions.md index b63327d10c..d6f81da1a8 100644 --- a/docs/EnterpriseScale-Setup-aad-permissions.md +++ b/docs/EnterpriseScale-Setup-aad-permissions.md @@ -1,67 +1,3 @@ -# Configure Azure Active Directory permissions for Service Principal +# This page has moved to our Wiki -This article will guide you through the process to add your AzOps service principal to the Azure Active Directory [Directory Readers](https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles) role. - -> Note: The steps below requires you to use an identity that is local to the Azure AD, and **_not_** Guest user account due to known restrictions. - -The service principal used by the Enterprise-Scale reference implementation requires Azure AD directory reader permissions to be able to discover Azure role assignments. These permissions are used to enrich data around the role assignments with additional Azure AD context such as ObjectType and Azure AD Object DisplayName. - -## Add service principal to directory role via Azure Portal (Option 1) - -1.1 Sign in to the Azure portal or the Azure Active Directory admin center as a Global Administrator. If you are using Azure AD Privileged Identity Management, activate your Global Administrator role assignment. - -1.2 Open Azure Active Directory. - -1.3 Under _Manage_ > _Roles and administrators_, select _Directory readers_. -![alt](./media/aad-rolesandadministrators.png) - -1.4 Under _Manage_ > _Assignments_ > _Add assignments_, find for and select your AzOps service principal and finally add it to the directory role. - -![alt](./media/directory-reader.png) - -> Note: In case you are using Azure AD Privileged Identity management, ensure you add the service principal to the role with a permanent assignment. - -## Add service principal to directory role with Azure AD PowerShell (Option 2) - -Ensure that you have the [AzureAD PowerShell module installed on your machine](https://docs.microsoft.com/en-us/powershell/module/azuread/?view=azureadps-2.0) and that you have connected to Azure AD with the [Connect-AzureAD](https://docs.microsoft.com/en-us/powershell/module/azuread/connect-azuread?view=azureadps-2.0) cmdlet. - - -````powershell -#Param -- Default is AZOps -$ADServicePrincipal = "AZOps" - -#verify if AzureAD module is installed and running a minimum version, if not install with the latest version. -if ((Get-InstalledModule -Name "AzureAD" -MinimumVersion 2.0.2.130 ` -ErrorAction SilentlyContinue) -eq $null) { - - Write-Host "AzureAD Module does not exist" -ForegroundColor Yellow - Install-Module -Name AzureAD -Force - Import-Module -Name AzureAD - Connect-AzureAD #sign in to Azure from Powershell, this will redirect you to a webbrowser for authentication, if required - -} -else { - Write-Host "AzureAD Module exists with minimum version" -ForegroundColor Yellow - Import-Module -Name AzureAD - Connect-AzureAD #sign in to Azure from Powershell, this will redirect you to a webbrowser for authentication, if required -} - -#Verify Service Principal and if not pick a new one. -if (!(Get-AzureADServicePrincipal -Filter "DisplayName eq '$ADServicePrincipal'")) { - Write-Host "ServicePrincipal doesn't exist or is not AZOps" -ForegroundColor Red - break -} -else { - Write-Host "$ADServicePrincipal exist" -ForegroundColor Green - $ServicePrincipal = Get-AzureADServicePrincipal -Filter "DisplayName eq '$ADServicePrincipal'" - #Get Azure AD Directory Role - $DirectoryRole = Get-AzureADDirectoryRole -Filter "DisplayName eq 'Directory Readers'" - #Add service principal to Directory Role - Add-AzureADDirectoryRoleMember -ObjectId $DirectoryRole.ObjectId -RefObjectId $ServicePrincipal.ObjectId -} -```` - -Please note, it may take up to 15-30 minutes for permission to propagate in Azure AD. - -## Next steps - -Please proceed with [deploying reference implementation](./EnterpriseScale-Deploy-reference-implentations.md). +Please refer to [Configure Azure Active Directory permissions for Service Principal](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Setup-aad-permissions) diff --git a/docs/EnterpriseScale-Setup-azure.md b/docs/EnterpriseScale-Setup-azure.md index 68acad5734..060e36515c 100644 --- a/docs/EnterpriseScale-Setup-azure.md +++ b/docs/EnterpriseScale-Setup-azure.md @@ -1,74 +1,3 @@ -# Configure Azure permissions for ARM tenant deployments +# This page has moved to our Wiki -This article will guide you through the process of configuring permissions in your Azure environment to enable ARM tenant level deployments. - -> Note: The steps below require you to use an identity that is local to the Azure AD, and **_not_** Guest user account due to known restrictions. - -Enterprise-Scale reference implementation requires permission at tenant root scope "/" to be able to configure Management Group and create/move subscription. In order to grant permission at tenant root scope "/", users in "AAD Global Administrators" group can temporarily elevate access, to manage all Azure resources in the directory. - -Once the User Access Administrator (UAA) role is enabled, a UAA can grant **_other users and service principals_** within organization to deploy/manage Enterprise-Scale reference implementation by granting "Owner" permission at tenant root scope "/". - -Once permission is granted to other **users and service principals**, you can safely disable "User Access Administrator" permission for the "AAD Global Administrator" users. For more information please follow this article [elevated account permissions](https://docs.microsoft.com/azure/role-based-access-control/elevate-access-global-admin) - -## 1. Elevate Access to manage Azure resources in the directory - -1.1 Sign in to the Azure portal or the Azure Active Directory admin center as a Global Administrator. If you are using Azure AD Privileged Identity Management, activate your Global Administrator role assignment. - -1.2 Open Azure Active Directory. - -1.3 Under _Manage_, select _Properties_. -![alt](https://docs.microsoft.com/azure/role-based-access-control/media/elevate-access-global-admin/azure-active-directory-properties.png) - -1.4 Under _Access management for Azure resources_, set the toggle to Yes. - -![alt](https://docs.microsoft.com/azure/role-based-access-control/media/elevate-access-global-admin/aad-properties-global-admin-setting.png) - -## 2. Grant Access to User and/or Service principal at root scope "/" to deploy Enterprise-Scale reference implementation - -Please ensure you are logged in as a user with UAA role enabled in AAD tenant and logged in user is not a guest user. - -Bash - -````bash -#sign into AZ CLI, this will redirect you to a webbrowser for authentication, if required -az login - -#if you do not want to use a web browser you can use the following bash -read -sp "Azure password: " AZ_PASS && echo && az login -u -p $AZ_PASS - -#assign Owner role at Tenant root scope ("/") as a User Access Administrator to current user (gets object Id of the current user (az login)) -az role assignment create --scope '/' --role 'Owner' --assignee-object-id $(az ad signed-in-user show --query id --output tsv) --assignee-principal-type User - -#(optional) assign Owner role at Tenant root scope ("/") as a User Access Administrator to service principal (set spn_displayname to your service principal displayname) -spn_displayname='' -az role assignment create --scope '/' --role 'Owner' --assignee-object-id $(az ad sp list --display-name $spn_displayname --query '[].{objectId:objectId}' -o tsv) --assignee-principal-type ServicePrincipal -```` - -PowerShell - -````powershell -#sign in to Azure from Powershell, this will redirect you to a webbrowser for authentication, if required -Connect-AzAccount - -#get object Id of the current user (that is used above) -$user = Get-AzADUser -UserPrincipalName (Get-AzContext).Account - -#assign Owner role at Tenant root scope ("/") as a User Access Administrator to current user -New-AzRoleAssignment -Scope '/' -RoleDefinitionName 'Owner' -ObjectId $user.Id - -#(optional) assign Owner role at Tenant root scope ("/") as a User Access Administrator to service principal (set $spndisplayname to your service principal displayname) -$spndisplayname = "" -$spn = (Get-AzADServicePrincipal -DisplayName $spndisplayname).id -New-AzRoleAssignment -Scope '/' -RoleDefinitionName 'Owner' -ObjectId $spn -```` - -Please note, it may take up to 15-30 minutes for permission to propagate at tenant root scope. It is highly recommended that you log out and log back in. - -### Creating a scoped role assignment - -The Owner privileged root tenant scope *is required* in the deployment of the [Reference implementation](EnterpriseScale-Deploy-reference-implentations.md). However post deployment, and as your use of Enterprise Scale matures, you are able to limit the scope of the Service principal roleAssignments to a subsection of the Management Group hierarchy. -Eg. `"/providers/Microsoft.Management/managementGroups/YourMgGroup"`. - -## Next steps - -Please proceed with [deploying reference implementation](./EnterpriseScale-Deploy-reference-implentations.md). +Please refer to [Configure Azure permissions for ARM tenant deployments](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Setup-azure) diff --git a/docs/reference/Readme.md b/docs/reference/Readme.md index f1f253b5a5..80f20bd0e0 100644 --- a/docs/reference/Readme.md +++ b/docs/reference/Readme.md @@ -16,7 +16,7 @@ A policy will continuously check if a Virtual WAN VHub already exist in "Connect For all Azure Virtual WAN VHubs, Policies will ensure that Azure Firewall is deployed and linked to the existing global Azure Firewall Policy as well as the creation of a regional Firewall policy, if needed. -An Azure Policy will also deploy default NSGs and UDRs in Landing Zones and, while NSG will be linked to all subnets, UDR will only be linked to VNet injected PaaS services subnets. The Azure Policy will ensure that the right NSG and UDR rules are configured to allow control plane traffic for VNet injected services to continue to work but only for those Azure PaaS services that have been approved as per the [Service Enablement Framework](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/security-governance-and-compliance#whitelist-the-service-framework) described in this document. This is required as, when landing zone VNets get connected to Virtual WAN VHub, they will get the default route (0.0.0.0/0) configured to point to their regional Azure Firewall, hence UDR and NSG rules are required to protect and manage control plane traffic for VNet injected PaaS services (such as SQL MI). +An Azure Policy will also deploy default NSGs and UDRs in Landing Zones and, while NSG will be linked to all subnets, UDR will only be linked to VNet injected PaaS services subnets. The Azure Policy will ensure that the right NSG and UDR rules are configured to allow control plane traffic for VNet injected services to continue to work but only for those Azure PaaS services that have been approved as per the [Service Enablement Framework](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/security-governance-and-compliance#whitelist-the-service-framework) described in this document. This is required as, when landing zone VNets get connected to Virtual WAN VHub, they will get the default route (0.0.0.0/0) configured to point to their regional Azure Firewall, hence UDR and NSG rules are required to protect and manage control plane traffic for VNet injected PaaS services (such as SQL MI). For cross-premises connectivity, Policy will ensure that ExpressRoute and/or VPN gateways are deployed (as required by the regional VHub), and it will connect the VHub to on-premises using ExpressRoute (by taking the ExpressRoute Resource ID and authorization key as parameters). In case of VPN, Contoso can decide if they use their existing SD-WAN solution to automate the connectivity from branch offices into Azure via S2S VPN, or alternatively, Contoso can manually configure the CPE devices on the branch offices and then let Azure Policy to configure the VPN sites in Azure Virtual WAN. As Contoso is rolling out a SD-WAN solution to manage the connectivity of all their branches around the globe, their preference is to use the SD-WAN solution, which is a solution certified with Azure Virtual WAN, to connect all their branches to Azure. diff --git a/docs/reference/adventureworks/README.md b/docs/reference/adventureworks/README.md index 5155b0afce..2384161038 100644 --- a/docs/reference/adventureworks/README.md +++ b/docs/reference/adventureworks/README.md @@ -1,12 +1,12 @@ | ARM Template | Scale without refactoring | |:--------------|:--------------| -| [![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | Yes | +| [![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | Yes | # Deploy Enterprise-Scale with hub and spoke architecture The Enterprise-Scale architecture is modular by design and allow organizations to start with foundational landing zones that support their application portfolios and add hybrid connectivity with ExpressRoute or VPN when required. Alternatively, organizations can start with an Enterprise-Scale architecture based on the traditional hub and spoke network topology if customers require hybrid connectivity to on-premises locations from the beginning. -A hub and spoke network topology allows you to create a central Hub VNet that contains shared networking components (such as Azure Firewall, ExpressRoute and VPN Gateways) that can then be used by spoke VNets, connected to the Hub VNet via VNET Peering, to centralize connectivity in your environment. Gateway transit in VNet peering allows spokes to have connectivity to/from on-premises via ExpressRoute or VPN, and also, [transitive connectivity](https://azure.microsoft.com/en-us/blog/create-a-transit-vnet-using-vnet-peering/) across spokes can be implemented by deploying User Defined Routes (UDR) on the spokes and using Azure Firewall or an NVA in the hub as the transit resource. Hub and spoke network design considerations & recommendations can be found [here](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/traditional-azure-networking-topology). +A hub and spoke network topology allows you to create a central Hub VNet that contains shared networking components (such as Azure Firewall, ExpressRoute and VPN Gateways) that can then be used by spoke VNets, connected to the Hub VNet via VNET Peering, to centralize connectivity in your environment. Gateway transit in VNet peering allows spokes to have connectivity to/from on-premises via ExpressRoute or VPN, and also, [transitive connectivity](https://azure.microsoft.com/blog/create-a-transit-vnet-using-vnet-peering/) across spokes can be implemented by deploying User Defined Routes (UDR) on the spokes and using Azure Firewall or an NVA in the hub as the transit resource. Hub and spoke network design considerations & recommendations can be found [here](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/traditional-azure-networking-topology). ![Hub & Spoke Network Topology](./media/hub-and-spoke-topology.png) diff --git a/docs/reference/contoso/Readme.md b/docs/reference/contoso/Readme.md index e437f2f07a..87a2aeb971 100644 --- a/docs/reference/contoso/Readme.md +++ b/docs/reference/contoso/Readme.md @@ -1,7 +1,7 @@ | ARM Template | Scale without refactoring | |:--------------|:--------------| -|[![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | Yes | +|[![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | Yes | # Deploy Enterprise-Scale with Azure VWAN diff --git a/docs/reference/treyresearch/README.md b/docs/reference/treyresearch/README.md index 1a843a62f8..7e3b0a9129 100644 --- a/docs/reference/treyresearch/README.md +++ b/docs/reference/treyresearch/README.md @@ -1,6 +1,6 @@ | ARM Template | Scale without refactoring | |:--------------|:--------------| -| [![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | Yes | +| [![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | Yes | # Deploy Enterprise-scale for small enterprises @@ -22,15 +22,15 @@ If the business requirements change over time, the architecture allows for creat ## Pre-requisites -To deploy this ARM template, your user/service principal must have Owner permission at the Azure Active Directory Tenant root. See the following [instructions](https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin) on how to grant access before you proceed. +To deploy this ARM template, your user/service principal must have Owner permission at the Azure Active Directory Tenant root. See the following [instructions](https://docs.microsoft.com/azure/role-based-access-control/elevate-access-global-admin) on how to grant access before you proceed. ## Optional pre-requisites The deployment experience in Azure portal allows you to bring in an existing (preferably empty) subscription dedicated to host your Platform (Management, Connectivity and Identity) resources. It also allows you to bring existing subscriptions that can be used as the initial landing zones for your applications. -To learn how to create new subscriptions programmatically, please visit [Microsoft Docs](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/programmatically-create-subscription). +To learn how to create new subscriptions programmatically, please visit [Microsoft Docs](https://docs.microsoft.com/azure/cost-management-billing/manage/programmatically-create-subscription). -To learn how to create new subscriptions using the Azure portal, please visit [Microsoft Docs](https://azure.microsoft.com/en-us/blog/create-enterprise-subscription-experience-in-azure-portal-public-preview/). +To learn how to create new subscriptions using the Azure portal, please visit [Microsoft Docs](https://azure.microsoft.com/blog/create-enterprise-subscription-experience-in-azure-portal-public-preview/). ## How to deploy this reference implementation @@ -47,21 +47,21 @@ By default, all recommendations are enabled. You must explicitly disable them if - A scalable Management Group hierarchy aligned to core platform capabilities, allowing you to operationalize at scale using centrally managed Azure RBAC and Azure Policy where platform and workloads have clear separation. - An Azure subscription dedicated for management, connectivity, and identity. This subscription hosts core platform capabilities such as: - - A Log Analytics workspace and an Automation account. + - A Log Analytics workspace and an Automation account. - Azure Sentinel. - - A hub virtual network - - VPN Gateway (optional - deployment across Availability Zones) + - A hub virtual network + - VPN Gateway (optional - deployment across Availability Zones) - ExpressRoute Gateway (optional - deployment across Availability Zones) - - Azure Firewall (optional - deployment across Availability Zones) + - Azure Firewall (optional - deployment across Availability Zones) - Landing Zone Management Group for **corp** connected applications that require connectivity to on-premises, to other landing zones or to the internet via shared services provided in the hub virtual network. - This is where you will create your subscriptions that will host your corp-connected workloads. - Landing Zone Management Group for **online** applications that will be internet-facing, where a virtual network is optional and hybrid connectivity is not required. - This is where you will create your Subscriptions that will host your online workloads. - Azure Policies that will enable autonomy for the platform and the landing zones: - The following Azure Policies are applied at the root of the Enterprise Scale Management Group hierarchy enabling core platform capabilities at scale: - - Azure Security monitoring - - Azure Security Center (Azure Defender OFF (free) and Azure Defender ON) - - Diagnostics settings for Activity Logs, VMs, and PaaS resources sent to Log Analytics + - Azure Security monitoring + - Azure Security Center (Azure Defender OFF (free) and Azure Defender ON) + - Diagnostics settings for Activity Logs, VMs, and PaaS resources sent to Log Analytics - On the other hand, Azure Policies that will apply to all your landing zones. That includes Online, Corp and additional Landing Zone's types you may add in the future: - Enforce VM in-guest monitoring (Windows & Linux) - Enforce Backup for all virtual machines (Windows & Linux) by deploying a recovery services vault in the same location and resource group as the virtual machine @@ -73,17 +73,17 @@ By default, all recommendations are enabled. You must explicitly disable them if - Enforce auditing for Azure SQL - Enforce secure access (HTTPS) to storage accounts -![Trey Research](media/es-lite.png) +![Trey Research](./media/es-lite.png) ## Next steps -### From an application perspective: +### From an application perspective #### Configure security roles for your Azure resources Assign Azure RBAC permissions to the groups/users who should use the landing zones (subscriptions) so they can start deploying their workloads. -Azure role-based access control (Azure RBAC) is a system that provides fine-grained access management of Azure resources. Using Azure RBAC, you can segregate your team's duties and grant only the amount of access to users that they need to perform their jobs. See more about security roles at [Microsoft Docs](https://docs.microsoft.com/en-us/azure/role-based-access-control/). +Azure role-based access control (Azure RBAC) is a system that provides fine-grained access management of Azure resources. Using Azure RBAC, you can segregate your team's duties and grant only the amount of access to users that they need to perform their jobs. See more about security roles at [Microsoft Docs](https://docs.microsoft.com/azure/role-based-access-control/). #### Manage your Landing Zones diff --git a/docs/reference/wingtip/README.md b/docs/reference/wingtip/README.md index 0475ace53e..c38f9aa2a6 100644 --- a/docs/reference/wingtip/README.md +++ b/docs/reference/wingtip/README.md @@ -1,6 +1,6 @@ | ARM Template | Scale without refactoring | |:--------------|:--------------| -|[![Deploy To Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | Yes | +|[![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | Yes | # Deploy Enterprise-Scale foundation diff --git a/docs/wiki/ALZ-Architecture.md b/docs/wiki/ALZ-Architecture.md new file mode 100644 index 0000000000..53d0deabd4 --- /dev/null +++ b/docs/wiki/ALZ-Architecture.md @@ -0,0 +1,53 @@ + +# Enterprise-Scale Architecture + +The principle challenges facing enterprise customers adopting Azure are 1) how to allow applications (legacy or modern) to seamlessly move at their own pace, and 2) how to provide secure and streamlined operations, management, and governance across the entire platform and all encompassed applications. To address these challenges, customers require a forward looking and Azure-native design approach, which in the context of this playbook is represented by the Enterprise-Scale architecture. + +## What is the Enterprise-Scale Architecture + +The Enterprise-Scale architecture represents the strategic design path and target technical state for the customer's Azure environment. It will continue to evolve in lockstep with the Azure platform and is ultimately defined by the various design decisions the customer organization must make to define their Azure journey. + +It is important to highlight that not all enterprises adopt Azure in the same way, and as a result the Enterprise-Scale architecture may vary between customers. Ultimately, the technical considerations and design recommendations presented within this playbook may yield different trade-offs based on the customer scenario. Some variation is therefore expected, but provided core recommendations are followed, the resultant target architecture will position the customer on a path to sustainable scale. + +## Landing Zones Definition + +Within the context of the Enterprise-Scale architecture, a "Landing Zone" is a logical construct capturing everything that must be true to enable application migrations and development at an Enterprise-Scale in Azure. It considers all platform Resources that are required to support the customer's application portfolio and does not differentiate between IaaS or PaaS. + +Every large enterprise software estate will encompass a myriad of application archetypes and each Landing Zone essentially represents the common elements, such as networking and IAM, that are shared across instances of these archetypes and must be in place to ensure that migrating applications have access to requisite components when deployed. Each Landing Zone must consequently be designed and deployed in accordance with the requirements of archetypes within the customer's application portfolio. + +The principle purpose of the "Landing Zones" is therefore to ensure that when an application lands on Azure, the required "plumbing" is already in place, providing greater agility and compliance with enterprise security and governance requirements. + +--- + +_Using an analogy, this is similar to how city utilities such as water, gas, and electricity are accessible before new houses are constructed. In this context, the network, IAM, policies, management, and monitoring are shared 'utility' services that must be readily available to help streamline the application migration process._ + +--- + +# Design Principles + +The Enterprise-Scale architecture is based on the [five design principles](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles). These principles serve as a compass for subsequent design decisions across critical technical domains. Readers and users of the reference implementation are strongly advised to familiarize themselves with these principles to better understand their impact and the trade-offs associated with non-adherence. + +* [Subscription democratization](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles?branch#subscription-democratization) +* [Policy-driven governance](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles#policy-driven-governance) +* [Single control and management plane](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles#single-control-and-management-plane) +* [Application-centric service model](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles?#application-centric-service-model) +* [Align with Azure-native design and roadmaps](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles#align-with-azure-native-design-and-roadmaps) + +# Design Guidelines + +At the centre of the Enterprise-Scale architecture lies a critical design path, comprised of fundamental design topics with heavily interrelated and dependent design decisions. This repository provides design guidance across these architecturally significant technical domains to support the critical design decisions which must occur to define the Enterprise-Scale architecture. For each of the considered domains, readers should review the provided considerations and recommendations, using them to structure and drive designs within each area. + +## Critical Design Areas + +The [eight critical design areas](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-areas) are intended to support the translation of customer requirements to Azure constructs and capabilities, to address the mismatch between on-premises infrastructure and cloud-design which typically creates dissonance and friction with respect to the Enterprise-Scale definition and Azure adoption. + +The impact of decisions made within these critical areas will reverberate across the Enterprise-Scale architecture and influence other decisions. Readers and reference implementation users are strongly advised to familiarize themselves with these eight areas, to better understand the consequences of encompassed decisions, which may later produce trade-offs within related areas. + +* [Billing and Active Directory tenants](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-ad-tenant) +* [Identity and access management](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access) +* [Network topology and connectivity](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/network-topology-and-connectivity) +* [Resource organization](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org) +* [Security](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/security) +* [Management](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/management) +* [Governance](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance) +* [Platform automation and DevOps](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/platform-automation-devops) diff --git a/docs/wiki/ALZ-Contribution-Guide.md b/docs/wiki/ALZ-Contribution-Guide.md new file mode 100644 index 0000000000..7021e5795f --- /dev/null +++ b/docs/wiki/ALZ-Contribution-Guide.md @@ -0,0 +1,151 @@ +# Contributing to Azure landing zones (Enterprise-Scale) + +Firstly, thank you for taking the time to contribute! + +The Azure landing zone reference implementations are designed to help customers accelerate their cloud adoption journey. +By contributing, you can help our community get the best out of these reference implementations. + +We actively encourage community contributions as we realize the unique and diverse requirements of our customers can help drive a better outcome for everyone. + +## What are the reference implementations + +To meet the diverse needs of our community, we offer the following reference implementation options: + +- [ALZ ARM portal experience (this repository)](https://github.com/Azure/Enterprise-Scale) +- [ALZ Bicep modules](https://github.com/Azure/ALZ-Bicep) +- [ALZ Terraform module](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale) + +Whilst each reference implementation is uniquely characterized by its target community, they all aim to deliver against the Azure landing zone [conceptual architecture](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/#azure-landing-zone-conceptual-architecture), [design principles](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-principles) and [design areas](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-areas). + +The following is a set of general guidelines for contributing to any of these reference implementations. + +## How do we manage contributions + +Contributions to each Azure landing zone reference implementation option is moderated by a common committee of maintainers. +The committee is responsible for reviewing and approving all contributions, whether via [**GitHub Issues**](https://github.com/Azure/Enterprise-Scale/issues), [**Pull Requests**](https://github.com/Azure/Enterprise-Scale/pulls), or internally driven development. + +The committee is also responsible for reviewing and sponsoring new features or design changes to ensure they meet the needs of our broad community of consumers. + +The intent of this approach is to ensures that each reference implementation continues to deliver against the Azure landing zone [conceptual architecture](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/#azure-landing-zone-conceptual-architecture), [design principles](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-principles) and [design areas](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-areas). +This also helps us to drive towards consistency across the reference implementation options, where possible. + +The committee currently consists of Microsoft employees only. +It is expected that over time, community contributions will grow and new community members will join as committee members. +Membership is heavily dependent on the level of contribution and expertise: individuals who contribute in meaningful ways to the project will be recognized accordingly. + +At any point in time, a committee member can nominate a strong community member to join the committee. +Nominations should be submitted in the form of RFCs detailing why that individual is qualified and how they will contribute. +After the RFC has been discussed, a unanimous vote will be required for the new committee member to be confirmed. + +## How can I contribute? + +As an open source project, the reference implementation works best when it reflects the needs of our community of consumers. +As such, we welcome contributions however big or small. +All we ask is that you follow some simple guidelines, including participating according to our [**code of conduct**](https://github.com/Azure/Enterprise-Scale/blob/main/CODE_OF_CONDUCT.md). + +### Reporting bugs + +Like all software solutions, the Azure landing zone reference implementation isn't free from bugs. +Moreover, as the Azure platform evolves or our guidance changes there will likely be a need to make updates. + +If you believe you have found a bug, please use the following process: + +1. Check the [**FAQ**](./FAQ) and [**Known Issues**](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/ALZ-Known-Issues) for a list of common questions and issues. +1. Check existing [**GitHub Issues**](https://github.com/Azure/Enterprise-Scale/issues) to see whether the issue has already been reported. + 1. If the issue is **open**, add a comment rather than create a new one. + 1. If the issue is **closed**, check whether the proposed fix resolves your issue. +1. Report it via our [**GitHub Issues**](https://github.com/Azure/Enterprise-Scale/issues). +1. Select `New issue` and use the `Bug report 🐛` template +1. Ensure you fill out the template with as much information as possible, being sure to cover off what's needed for maintainers and the community to: + 1. Understand your issue :memo: + 1. Reproduce the behavior :computer: + 1. Provide evidence :mag_right: + 1. Optionally, let us know if you would like to contribute a fix via a [**Pull Request**](https://github.com/Azure/Enterprise-Scale/pulls) :wrench: + +### Feature requests + +We understand that our solutions are going to always be a work in progress, and that customers will need and want to request new features. +This is where you can really make a difference to how the solution is shaped for our community. + +If you have an idea you would like to be considered for inclusion, please use the following process: + +1. Familiarize yourself with our [conceptual architecture](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/#azure-landing-zone-conceptual-architecture), [design principles](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-principles) and [design areas](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-areas) to ensure the feature aligns with the Azure landing zone guidance. +1. Check existing [**GitHub Issues**](https://github.com/Azure/Enterprise-Scale/issues) to see whether the issue has already been reported. + 1. If the issue is **open**, add a comment rather than create a new one. + 1. If the issue is **closed**, check whether the proposed fix resolves your issue. +1. Report it via our [**GitHub Issues**](https://github.com/Azure/Enterprise-Scale/issues) +1. Select `New issue` and use the `Feature request 🚀` template +1. Ensure you fill out the template with as much information as possible, being sure to cover off what's needed for maintainers and the community to: + 1. Understand your feature and how it aligns to our [conceptual architecture](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/#azure-landing-zone-conceptual-architecture), [design principles](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-principles) and [design areas](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-areas) :memo: + 1. Optionally, let us know if you would like to contribute by adding your requested feature via a [**Pull Request**](https://github.com/Azure/Enterprise-Scale/pulls) :wrench: + +> **IMPORTANT:** If you are proposing a change to any of the Azure landing zone guidance, please include a business case explaining why you feel this will benefit our community. + +### Report a security vulnerability + +Please see our [**security policy**](https://github.com/Azure/Enterprise-Scale/security/policy) for more information. + +### Working with ALZ Custom policies + +Policies in the Azure Landing Zone reference implementations and repository are custom to Azure environments. They are definitions which are recommended when working with ALZ landing zones. The policies used in the reference implementations are mastered from the Enterprise-Scale repository. + +To work with policies, they are location in [src/resources/Microsoft.Authorization/*](https://github.com/Azure/Enterprise-Scale/blob/main/src/resources/Microsoft.Authorization). + +To create a new policy, it is worth taking the framework from an already existing policy. + +Inside of the JSON is a `metadata` section which is required for policy creation. + +![Policy Metadata](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/media/policy-metadata-example.png) + +| Metadata Value | Description | +|----------------------|------------------------------------------------------------| +| Version | Version of the policy definition | +| Category | The category which the policy definition will reside in | +| Source | The source repository for the policy definition | +| alzCloudEnvironments | The cloud environment for which the policy is designed for | + +The definition created then needs to be included in the [policies.bicep](https://github.com/Azure/Enterprise-Scale/blob/main/src/templates/policies.bicep) file inside of [src/templates/](https://github.com/Azure/Enterprise-Scale/blob/main/src/templates/) under the correct context. An additional line needs to be created under the respective variable in the file, depending on it being a policy definition or a policy set definition: + +![Policies bicep file example 1](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/media/policies-bicep-example.png) + +For a policy definition, additional code should be added inside of the `loadPolicyDefinitions` variable under the correct environment: + +`loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Name-Of-The-Policy.json')` + +For a policy set definition, additional code should be added inside of the `loadPolicySetDefinitions` variable under the correct environment: + +`loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security.json')` + +The policy definition files will be compiled into a `policies.json` file from the `policy.bicep` file which was amended. + +Once the policy work has been completed, a pull request has been submitted to the repository: + +![pr-example](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/media/pr-example.png) + +Policy versioning follows the same protocol as built-in policies. More information on that can be found in the [ALZ Policies document in the wiki](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/ALZ-Policies.md#versioning). + +For policy deprecation, the process is documented in the [Azure Landing Zones - Deprecating Policies](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/ALZ-Deprecated-Services.md) page. + +If a policy is part of an initiative, references to policies that are being deprecated should be removed. Policy initiatives are located in the [policySetDefinitions](https://github.com/Azure/Enterprise-Scale/blob/main/src/resources/Microsoft.Authorization/policySetDefinitions/) folder. To find out if a policy is part of an initiative it is recommended to look up the policy definition in [AzAdvertiser](http://azadvertizer.com/) and check for association with initiatives. When identified, go into the necessary initiative and remove references to the definition. Locate the policy definition in the parameters of the initiative and remove reference: + +![Example policy def in initiative](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/media/example-def-in-init.png) + +Also find it in the policyDefinitions and remove reference as well: + +![Example policy def in initiative 2](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/media/example-def-in-init-2.png) + +When working within the policy files, to read parameters which are set at the top level of the policy definition a double escape is needed for ARM. So instead of using `[parameters('someParameter')]` within the policy, you should use `[[parameters('someParameter')]` instead. + +> **Note:** When testing the policy manually in the portal or another deployment outside of the ALZ Accelerator (Portal), you will need to remove the double escaping, `[[`, and revert to normal ,`[`' + +When working with policies that are assigned by default, these are located under the [eslzArm/managementGroupTemplates/policyAssignments](https://github.com/Azure/Enterprise-Scale/blob/main/eslzArm/managementGroupTemplates/policyAssignments) folder. References to policy definitions are done through the assignments, so if any amendments are done to default assigned policies, they should be amended here too. A wiki to default assignments can be found [in the wiki](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/ALZ-Policies.md). + +Policies in `eslzArm.json` file will also need updating if wanting to assign a new policy that is located. The file for this amendment [in eslzArm/eslzArm.json](https://github.com/Azure/Enterprise-Scale/blob/main/eslzArm/eslzArm.json). + +### Forking the repository and submitting a Pull Request + +To start contributing to this guide is it worth reviewing the developer workflow for contribution [which is documented in GitHub](https://docs.github.com/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork). + +## Code of Conduct + +We are working hard to build strong and productive collaboration with our passionate community. We heard you loud and clear. Follow the [Code of Conduct](https://github.com/Azure/Enterprise-Scale/blob/main/CODE_OF_CONDUCT.md). diff --git a/docs/wiki/ALZ-Deploy-landing-zones.md b/docs/wiki/ALZ-Deploy-landing-zones.md new file mode 100644 index 0000000000..9e5fcb5a95 --- /dev/null +++ b/docs/wiki/ALZ-Deploy-landing-zones.md @@ -0,0 +1,40 @@ +# Create Landing Zone(s) + +It is now time to turn the lights ON :bulb: + +At this point you have the necessary platform setup configured to support one or many Landing Zone(s) with the required definitions (Roles, Policies and PolicySet) and assignments (Roles and Policies). + +Provisioning Landing Zone(s) will mean either **creating a new subscription** or **moving an existing subscription** to the desired Management Group and the platform will do the rest. In large environments with 10s and 100s of Landing Zones, the platform team can also delegate Landing Zone(s) to the respective business units and/or application portfolio owners while being confident that security, compliance and monitoring requirements are being met. Furthermore, the platform team may also delegate the necessary access permissions such as: + +1) IAM roles to create new subscriptions +2) Place subscriptions in the appropriate Management Groups for business units and/or application portfolio owners to provide self-service access to create their own Landing Zone(s). + +## Create or move a Subscription under the Landing Zone Management Group + +Depending upon the reference implementation that's deployed, navigate to the appropriate Management Group under the "Landing Zones" Management Group and create or move an existing subscription. This can be done via the Azure Portal or PowerShell/CLI. + +Business units and/or application portfolio owners can use their preferred tool chain - ARM, PowerShell, Terraform, Portal, CLI etc. for subsequent resource deployments within their respective Landing Zone(s). + +### Create new subscriptions into the **Landing zones** > **Corp** or **Online** Management Group + +1. In the Azure portal, navigate to Subscriptions +2. Click 'Add', and complete the required steps in order to create a new subscription. +3. When the subscription has been created, go to Management Groups and move the subscription into the **Landing zones** > **Corp** or **Online** Management Group +4. Assign RBAC permissions for the application team/user(s) who will be deploying resources in to the newly created subscription + +### Move existing subscriptions into the **Landing zones** > **Corp** or **Online** Management Group + +1. In the Azure portal, navigate to Management Groups +2. Locate the subscription you want to move, and move it in to the **Landing zones** > **Corp** or **Online** Management Group +3. Assign RBAC permissions for the application team/user(s) who will be deploying resources in to the subscription + +## Create Enterprise-Scale Landing Zones using the Azure Portal + +The following deployment experiences can be leveraged to create multiple landing zones (subscriptions) and target individual Management Groups (e.g., 'online', 'corp' etc.). + +To use the ARM templates below to create new subscriptions, you must have Management Group Contributor or Owner permissions on the Management Group where you will invoke the deployment and also on the targeted Management Groups for the new subscriptions, as well as subscription write permissions on the billing account. + +| Agreement types | ARM Template | Description +|:-------------------------|:-------------|:--------------| +| Enterprise Agreement (EA) |[![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fdocs%2Freference%2Flzs%2FarmTemplates%2Feslz.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fdocs%2Freference%2Flzs%2FarmTemplates%2Fportal-eslz.json) | Create 'N' number of subscriptions into multiple Management Groups +| Enterprise Agreement (EA) |[![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fexamples%2Flanding-zones%2Fsubscription-with-rbac%2FsubscriptionWithRbac.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fexamples%2Flanding-zones%2Fsubscription-with-rbac%2Fportal-subscriptionWithRbac.json)| Create a subscription with RBAC for SPN diff --git a/docs/wiki/ALZ-Deploy-reference-implementations.md b/docs/wiki/ALZ-Deploy-reference-implementations.md new file mode 100644 index 0000000000..b067fcf884 --- /dev/null +++ b/docs/wiki/ALZ-Deploy-reference-implementations.md @@ -0,0 +1,30 @@ +# Deploy Enterprise-Scale Reference implementation in your own environment + +This section will guide you through the process of deploying an Enterprise-Scale reference implementation in your own environment. + +## What is an Enterprise-Scale Reference Implementation? + +The Enterprise-Scale design principles and reference implementations can be adopted by all customers no matter what the size or history of their Azure estate. The following reference implementations target the most common customer scenarios for adopting Enterprise-Scale. + +## Deploy a Reference Implementation + +| Reference implementation | Description | ARM Template | Link | +|:-------------------------|:-------------|:-------------|------| +| Contoso | On-premises connectivity using Azure vWAN |[![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | [Detailed description](https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/contoso/Readme.md) | +| AdventureWorks | On-premises connectivity with Hub & Spoke |[![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | [Detailed description](https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/adventureworks/README.md) | +| WingTip | Azure without hybrid connectivity |[![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json) | [Detailed description](https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/wingtip/README.md) | +| Trey Research | For small enterprises | [![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fdocs%2Freference%2Ftreyresearch%2FarmTemplates%2Fes-lite.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fdocs%2Freference%2Ftreyresearch%2FarmTemplates%2Fportal-es-lite.json) | [Detailed description](https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/treyresearch/README.md) | + +> The Bicep version is now available in Public Preview here: [https://github.com/Azure/ALZ-Bicep](https://github.com/Azure/ALZ-Bicep) + +An Enterprise-Scale reference implementation is rooted in the principle that **Everything in Azure is a Resource**. All of the reference scenarios leverage native **Azure Resource Manager (ARM)** to describe and manage their resources as part of their target state architecture at-scale. + +Reference implementations enable security, monitoring, networking, and any other plumbing needed for landing zones (i.e. Subscriptions) autonomously through policy enforcement. Companies will deploy the Azure environment with ARM templates to create the necessary structure for management and networking to declare a desired goal state. All scenarios will apply the principle of "Policy Driven Governance" for landing zones by using Azure Policy. The benefits of a policy-driven approach are many but the most significant are: + +1. Platform can provide an orchestration capability to bring target resources (in this case a subscription) to a desired goal state. + +2. Continuous conformance to ensure all platform-level resources are compliant. Because the platform is aware of the goal state, the platform can assist with the monitoring and remediation of resources throughout their life-cycle. + +3. Platform enables autonomy regardless of the customer's scale point. + +To know and learn more about ARM templates used for above reference implementation, please follow [this](https://github.com/Azure/Enterprise-Scale/blob/main/docs/Deploy/es-schema.md) article. diff --git a/docs/wiki/ALZ-Deploy-workloads.md b/docs/wiki/ALZ-Deploy-workloads.md new file mode 100644 index 0000000000..715654b528 --- /dev/null +++ b/docs/wiki/ALZ-Deploy-workloads.md @@ -0,0 +1,44 @@ +# Deploy workloads into the landing zones + +At this point you have the necessary platform setup and landing zones (subscriptions) created and placed into their respective management groups, being secure, governed, monitored, and enabled for autonomy and are ready for your application teams to do workload deployments, migrations, and net-new development to their landing zones. + +The following workloads outlined here provides best-practices, and curated deployment experiences for your application teams to successfully deploy them into their landing zones (online, corp). + +## AKS (Kubernetes) + +Deploy Kubernetes to Azure and integrate with ARM, Azure AD, Azure Policy, and Azure Monitor to ensure you have a production ready Kubernetes cluster in your landing zone +a +| Landing zone | ARM Template | Details | +|:-------------------------|:-------------|:-----------| +| Online |[![Deploy To Azure](https://docs.microsoft.com/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fworkloads%2FAKS%2FarmTemplates%2Fonline-aks.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2Fworkloads%2FAKS%2FarmTemplates%2Fportal-online-aks.json) | [Detailed description](https://github.com/Azure/Enterprise-Scale/tree/main/workloads/AKS/README.md) +| Corp | Coming soon | Detailed description + + +### SAP (coming soon) + +Details coming soon + +| Landing zone | ARM Template | Details | +|:-------------------------|:-------------|:-----------| +| Online | Coming soon +| Corp | Coming soon + + +### Windows Virtual Desktop (coming soon) + +Details coming soon + +| Landing zone | ARM Template | Details | +|:-------------------------|:-------------|:-----------| +| Online | Coming soon +| Corp | Coming soon + + +### Data and Analytics (coming soon) + +Details coming soon + +| Landing zone | ARM Template | Details +|:-------------------------|:-------------|:-----------| +| Online | Coming soon +| Corp | Coming soon \ No newline at end of file diff --git a/docs/wiki/ALZ-Known-Issues.md b/docs/wiki/ALZ-Known-Issues.md new file mode 100644 index 0000000000..029dcb61cc --- /dev/null +++ b/docs/wiki/ALZ-Known-Issues.md @@ -0,0 +1,26 @@ +# Reference Implementation - Known Issues + +The list below summarizes the known issues currently being worked on by the Enterprise-Scale team. + +These have been discovered whilst running the reference implementation, and customers may come across them when implementing Enterprise-Scale to build and operationalize their Azure platform. + +Some of these issues may be resolved in future release, while others require input from specific Azure product teams. + +## Deploying the reference implementation fails due to 'Policy cannot be found (404)' + +### Area +ARM backend storage + +### Issue +When deploying to a region that is paired (e.g., EastUS, which is paired with WestUS), resources deployed in deployment 1 who's referenced in deployment 2 may fail due to replication latency in ARM backend storage. This will cause the overall deployment to fail + +### Status +While this is being fixed, it is recommended to re-run the deployment of the reference implementation with the same input parameter, and the deployment should succeed. + +## Unsupported number of Tenants in context: x TenantID(s) + +### Issue +We currently do not support Initialization across multiple Tenants.
Clear your AzContext and run `Connect-AzAccount` with the service principal that was created earlier. + +### Status +No fix as of yet. diff --git a/docs/wiki/ALZ-Policies.md b/docs/wiki/ALZ-Policies.md index fc28499774..f2cf5659b8 100644 --- a/docs/wiki/ALZ-Policies.md +++ b/docs/wiki/ALZ-Policies.md @@ -289,3 +289,65 @@ This management group is for subscriptions that will only be used for testing an | `Policy Definition Sets` | **0** | | `Policy Definitions` | **0** | + +### Versioning + +Each policy definition and initiative contains a version in its metadata section: +```json +"metadata": { + "version": "1.0.0", + "category": "{categoryName}", + "source": "https://github.com/Azure/Enterprise-Scale/", + "alzCloudEnvironments": [ + "AzureCloud", + "AzureChinaCloud", + "AzureUSGovernment" + ] +} +``` + +This version is incremented according to the following rules (subject to change): + - **Major Version** (**1**.0.0) + - Policy Definitions + - Rule logic changes + - ifNotExists existence condition changes + - Major changes to the effect of the policy (i.e. adding a new resource to a deployment) + - Policy Set Definitions + - Addition or removal of a policy definition from the policy set + - **Minor Version** (1.**0**.0) + - Policy Definitions + - Changes to effect details that don't meet the major version criteria + - Adding new parameter allowed values + - Adding new parameters (with default values) + - Other minor changes to existing parameters + - Policy Set Definitions + - Adding new parameter allowed values + - Adding new parameters (with default values) + - Other minor changes to existing parameters + - **Patch Version** (1.0.**0**) + - Policy Definitions + - String changes (displayName, description, etc…) + - Other metadata changes + - Policy Set Definitions + - String changes (displayName, description, etc…) + - Other metadata changes + - **Suffix** + - Append "-preview" to the version if the policy is in a preview state + - Example: 1.3.2-preview + - Append "-deprecated" to the version if the policy is in a deprecated state + - Example: 1.3.2-deprecated + +## Preview and deprecated policies + +This section aims to explain what it means when a built-in policy has a state of ‘preview’ or ‘deprecated’. + +Policies can be in preview because a property (alias) referenced in the policy definition is in preview, or the policy is newly introduced and would like additional customer feedback. A policy may get deprecated when the property (alias) becomes deprecated & not supported in the resource type's latest API version, or when there is manual migration needed by customers due to a breaking change in a resource type's latest API version. + +When a policy gets deprecated or gets out of preview, there is no impact on existing assignments. Existing assignments continue to work as-is. The policy is still evaluated & enforced like normal and continues to produce compliance results. + +Here are the changes that occur when a policy gets deprecated: +- Display name is appended with ‘[Deprecated]:’ prefix, so that customers have awareness to migrate or delete the policy. +- Description gets updated to provide additional information regarding the deprecation. +- The version number is updated with ‘-deprecated’ suffix. (see [Policy Versioning](#versioning) above) + +> **NOTE:** The `name` value must not change in the file through deprecation or preview. diff --git a/docs/wiki/ALZ-Setup-aad-permissions.md b/docs/wiki/ALZ-Setup-aad-permissions.md new file mode 100644 index 0000000000..9a1aeec70a --- /dev/null +++ b/docs/wiki/ALZ-Setup-aad-permissions.md @@ -0,0 +1,67 @@ +# Configure Azure Active Directory permissions for Service Principal + +This article will guide you through the process to add your AzOps service principal to the Azure Active Directory [Directory Readers](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) role. + +> Note: The steps below requires you to use an identity that is local to the Azure AD, and **_not_** Guest user account due to known restrictions. + +The service principal used by the Enterprise-Scale reference implementation requires Azure AD directory reader permissions to be able to discover Azure role assignments. These permissions are used to enrich data around the role assignments with additional Azure AD context such as ObjectType and Azure AD Object DisplayName. + +## Add service principal to directory role via Azure Portal (Option 1) + +1.1 Sign in to the Azure portal or the Azure Active Directory admin center as a Global Administrator. If you are using Azure AD Privileged Identity Management, activate your Global Administrator role assignment. + +1.2 Open Azure Active Directory. + +1.3 Under _Manage_ > _Roles and administrators_, select _Directory readers_. +![alt](./media/aad-rolesandadministrators.png) + +1.4 Under _Manage_ > _Assignments_ > _Add assignments_, find for and select your AzOps service principal and finally add it to the directory role. + +![alt](./media/directory-reader.png) + +> Note: In case you are using Azure AD Privileged Identity management, ensure you add the service principal to the role with a permanent assignment. + +## Add service principal to directory role with Azure AD PowerShell (Option 2) + +Ensure that you have the [AzureAD PowerShell module installed on your machine](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0) and that you have connected to Azure AD with the [Connect-AzureAD](https://docs.microsoft.com/powershell/module/azuread/connect-azuread?view=azureadps-2.0) cmdlet. + + +````powershell +#Param -- Default is AZOps +$ADServicePrincipal = "AZOps" + +#verify if AzureAD module is installed and running a minimum version, if not install with the latest version. +if ((Get-InstalledModule -Name "AzureAD" -MinimumVersion 2.0.2.130 ` -ErrorAction SilentlyContinue) -eq $null) { + + Write-Host "AzureAD Module does not exist" -ForegroundColor Yellow + Install-Module -Name AzureAD -Force + Import-Module -Name AzureAD + Connect-AzureAD #sign in to Azure from Powershell, this will redirect you to a webbrowser for authentication, if required + +} +else { + Write-Host "AzureAD Module exists with minimum version" -ForegroundColor Yellow + Import-Module -Name AzureAD + Connect-AzureAD #sign in to Azure from Powershell, this will redirect you to a webbrowser for authentication, if required +} + +#Verify Service Principal and if not pick a new one. +if (!(Get-AzureADServicePrincipal -Filter "DisplayName eq '$ADServicePrincipal'")) { + Write-Host "ServicePrincipal doesn't exist or is not AZOps" -ForegroundColor Red + break +} +else { + Write-Host "$ADServicePrincipal exist" -ForegroundColor Green + $ServicePrincipal = Get-AzureADServicePrincipal -Filter "DisplayName eq '$ADServicePrincipal'" + #Get Azure AD Directory Role + $DirectoryRole = Get-AzureADDirectoryRole -Filter "DisplayName eq 'Directory Readers'" + #Add service principal to Directory Role + Add-AzureADDirectoryRoleMember -ObjectId $DirectoryRole.ObjectId -RefObjectId $ServicePrincipal.ObjectId +} +```` + +Please note, it may take up to 15-30 minutes for permission to propagate in Azure AD. + +## Next steps + +Please proceed with [deploying reference implementation](./ALZ-Deploy-reference-implementations). diff --git a/docs/wiki/ALZ-Setup-azure.md b/docs/wiki/ALZ-Setup-azure.md new file mode 100644 index 0000000000..e60e14b696 --- /dev/null +++ b/docs/wiki/ALZ-Setup-azure.md @@ -0,0 +1,74 @@ +# Configure Azure permissions for ARM tenant deployments + +This article will guide you through the process of configuring permissions in your Azure environment to enable ARM tenant level deployments. + +> Note: The steps below require you to use an identity that is local to the Azure AD, and **_not_** Guest user account due to known restrictions. + +Enterprise-Scale reference implementation requires permission at tenant root scope "/" to be able to configure Management Group and create/move subscription. In order to grant permission at tenant root scope "/", users in "AAD Global Administrators" group can temporarily elevate access, to manage all Azure resources in the directory. + +Once the User Access Administrator (UAA) role is enabled, a UAA can grant **_other users and service principals_** within organization to deploy/manage Enterprise-Scale reference implementation by granting "Owner" permission at tenant root scope "/". + +Once permission is granted to other **users and service principals**, you can safely disable "User Access Administrator" permission for the "AAD Global Administrator" users. For more information please follow this article [elevated account permissions](https://docs.microsoft.com/azure/role-based-access-control/elevate-access-global-admin) + +## 1. Elevate Access to manage Azure resources in the directory + +1.1 Sign in to the Azure portal or the Azure Active Directory admin center as a Global Administrator. If you are using Azure AD Privileged Identity Management, activate your Global Administrator role assignment. + +1.2 Open Azure Active Directory. + +1.3 Under _Manage_, select _Properties_. +![alt](https://docs.microsoft.com/azure/role-based-access-control/media/elevate-access-global-admin/azure-active-directory-properties.png) + +1.4 Under _Access management for Azure resources_, set the toggle to Yes. + +![alt](https://docs.microsoft.com/azure/role-based-access-control/media/elevate-access-global-admin/aad-properties-global-admin-setting.png) + +## 2. Grant Access to User and/or Service principal at root scope "/" to deploy Enterprise-Scale reference implementation + +Please ensure you are logged in as a user with UAA role enabled in AAD tenant and logged in user is not a guest user. + +Bash + +````bash +#sign into AZ CLI, this will redirect you to a webbrowser for authentication, if required +az login + +#if you do not want to use a web browser you can use the following bash +read -sp "Azure password: " AZ_PASS && echo && az login -u -p $AZ_PASS + +#assign Owner role at Tenant root scope ("/") as a User Access Administrator to current user (gets object Id of the current user (az login)) +az role assignment create --scope '/' --role 'Owner' --assignee-object-id $(az ad signed-in-user show --query id --output tsv) --assignee-principal-type User + +#(optional) assign Owner role at Tenant root scope ("/") as a User Access Administrator to service principal (set spn_displayname to your service principal displayname) +spn_displayname='' +az role assignment create --scope '/' --role 'Owner' --assignee-object-id $(az ad sp list --display-name $spn_displayname --query '[].{objectId:objectId}' -o tsv) --assignee-principal-type ServicePrincipal +```` + +PowerShell + +````powershell +#sign in to Azure from Powershell, this will redirect you to a webbrowser for authentication, if required +Connect-AzAccount + +#get object Id of the current user (that is used above) +$user = Get-AzADUser -UserPrincipalName (Get-AzContext).Account + +#assign Owner role at Tenant root scope ("/") as a User Access Administrator to current user +New-AzRoleAssignment -Scope '/' -RoleDefinitionName 'Owner' -ObjectId $user.Id + +#(optional) assign Owner role at Tenant root scope ("/") as a User Access Administrator to service principal (set $spndisplayname to your service principal displayname) +$spndisplayname = "" +$spn = (Get-AzADServicePrincipal -DisplayName $spndisplayname).id +New-AzRoleAssignment -Scope '/' -RoleDefinitionName 'Owner' -ObjectId $spn +```` + +Please note, it may take up to 15-30 minutes for permission to propagate at tenant root scope. It is highly recommended that you log out and log back in. + +### Creating a scoped role assignment + +The Owner privileged root tenant scope *is required* in the deployment of the [Reference implementation](./ALZ-Deploy-reference-implementations). However post deployment, and as your use of Enterprise Scale matures, you are able to limit the scope of the Service principal roleAssignments to a subsection of the Management Group hierarchy. +Eg. `"/providers/Microsoft.Management/managementGroups/YourMgGroup"`. + +## Next steps + +Please proceed with [deploying reference implementation](./ALZ-Deploy-reference-implementations). diff --git a/docs/wiki/Create-Landingzones.md b/docs/wiki/Create-Landingzones.md index 5c802875af..67cbd79210 100644 --- a/docs/wiki/Create-Landingzones.md +++ b/docs/wiki/Create-Landingzones.md @@ -23,7 +23,7 @@ One of the benefits using this approach is the management of platform security a ## Pre-requisites -Before getting started with this first steps ensure that AzOps has been [setup and configured for the target environment](Deploying-Enterprise-Scale.md#validation-post-deployment-github). In this documentation the same Service Principal will be used to to assign the permission to create landing zones (subscription). +Before getting started with this first steps ensure that AzOps has been [setup and configured for the target environment](./Deploying-Enterprise-Scale#validation-post-deployment-github). In this documentation the same Service Principal will be used to to assign the permission to create landing zones (subscription). For the Service Principal permissions to create subscriptions, access to an *enrollment account* that has a billing id associated is required. @@ -35,7 +35,7 @@ Creating Azure subscriptions programmatically is allowed on specific types of Az This section describes how AzOps is used to create subscriptions (landing zones) under management groups using ARM templates. In the following steps the *Enrollment account subscription creator* role will be assigned to a SPN as illustrated in the following article: -![EA account / Service Principal](media/ea-account-spn.png) +![EA account / Service Principal](./media/ea-account-spn.png) **Login and fetch access token** Login with the *enrollment account* (e.g. with `Login-AzAccount`) and execute the following commands to fetch a valid access token for the account: @@ -140,11 +140,11 @@ PlatformOps will use AzOps CI/CD pipelines to create subscriptions (landing zone ## Create a new landing zone (subscriptions) -Creating a landing zone (subscription) is as simple as creating any other resource in Azure. The same sequence of steps will be needed as used for other platform resource deployments (e.g. [deploy a policyAssignments](./Deploying-Enterprise-Scale.md#create-new-policy-assignment-for-validation)). +Creating a landing zone (subscription) is as simple as creating any other resource in Azure. The same sequence of steps will be needed as used for other platform resource deployments (e.g. [deploy a policyAssignments](./Deploying-Enterprise-Scale#create-new-policy-assignment-for-validation)). To successfully deploy a subscription using AzOps the following steps will be required: -- 'Connect' AzOps to the Azure Environment, ensure that ['Pull' workflow runs successfully](./Deploying-Enterprise-Scale.md#validation-post-deployment-github) +- 'Connect' AzOps to the Azure Environment, ensure that ['Pull' workflow runs successfully](./Deploying-Enterprise-Scale#validation-post-deployment-github) - Enable the AzOps SPN for subscription creation as documented [here](#enable-service-principal-to-create-landing-zones) - Ensure that SPN has Owner permissions at the target management group the subscription will be deployed under diff --git a/docs/wiki/Deploying-Enterprise-Scale-BasicSetup.md b/docs/wiki/Deploying-Enterprise-Scale-BasicSetup.md index a60f10068b..55ea9c58c5 100644 --- a/docs/wiki/Deploying-Enterprise-Scale-BasicSetup.md +++ b/docs/wiki/Deploying-Enterprise-Scale-BasicSetup.md @@ -1,4 +1,3 @@ -## This page has moved +# This page has moved Please refer to [Azure landing zone portal accelerator deployment for Small Enterprises](./Deploying-ALZ-BasicSetup) - diff --git a/docs/wiki/Deploying-Enterprise-Scale-CustomerUsage.md b/docs/wiki/Deploying-Enterprise-Scale-CustomerUsage.md index fcf384289b..79a41b2509 100644 --- a/docs/wiki/Deploying-Enterprise-Scale-CustomerUsage.md +++ b/docs/wiki/Deploying-Enterprise-Scale-CustomerUsage.md @@ -1,30 +1,3 @@ -## Telemetry Tracking Using Customer Usage Attribution (PID) +# This page has moved -Microsoft can identify the deployments of the Azure Resource Manager templates with the deployed Azure resources. Microsoft can correlate these resources used to support the deployments. Microsoft collects this information to provide the best experiences with their products and to operate their business. The telemetry is collected through [customer usage attribution](https://docs.microsoft.com/azure/marketplace/azure-partner-customer-usage-attribution). The data is collected and governed by Microsoft's privacy policies, located at the [trust center](https://www.microsoft.com/trustcenter). - -To enable or disable the telemetry via the portal experience (recommended), use the radio toggle to specify your preference. - -Customer Usage Attribution Disabled: -![ESLZ ARM Template Telemetry Opt Out Toggle Control Disabled](./media/cua-portal-experience-disabled.jpg) -Customer Usage Attribution Enabled: -![ESLZ ARM Template Telemetry Opt Out Toggle Control Enabled](./media/cua-portal-experience-enabled.jpg) - - -Alternatively, to enable or disable this tracking via the ARM template experience, we have included a parameter called `telemetryOptOut` in order to opt out of telemetry tracking to the ESLZ ARM Template in this repo with a simple boolean flag. The default value `false` which **enables** the telemetry. If you would like to disable this tracking, then simply set this value to `true` and this module will not be included in deployments and **therefore disables** the telemetry tracking. - -In the `eslzARM.json` file, you will see the following: - -![ESLZ ARM Template parameter example](./media/cua-parameter.png) -![ESLZ ARM Template variable example](./media/cua-variable.png) -![ESLZ ARM Template resource example](./media/cua-resource.png) - - - -If you are happy with leaving telemetry tracking enabled, no changes are required. Please do not edit the module name or value of the variable `cuaID` in any module. - -## Module PID Value Mapping -The following are the unique ID's (also known as PIDs) used in each of the modules. - -| Module Name | PID | -| --------------------------- | ------------------------------------ | -| ALZ Accelerator/ESLZ ARM Deployment | 35c42e79-00b3-42eb-a9ac-e542953efb3c | +Please refer to [Telemetry Tracking Using Customer Usage Attribution (PID)](./Deploying-ALZ-CustomerUsage) diff --git a/docs/wiki/Deploying-Enterprise-Scale-Foundation.md b/docs/wiki/Deploying-Enterprise-Scale-Foundation.md index ee526ad8a7..7ae5d768d7 100644 --- a/docs/wiki/Deploying-Enterprise-Scale-Foundation.md +++ b/docs/wiki/Deploying-Enterprise-Scale-Foundation.md @@ -1,3 +1,3 @@ -## This page has moved +# This page has moved Please refer to [Azure landing zone portal accelerator deployment without hybrid connectivity](./Deploying-ALZ-Foundation) diff --git a/docs/wiki/Deploying-Enterprise-Scale-HubAndSpoke.md b/docs/wiki/Deploying-Enterprise-Scale-HubAndSpoke.md index 11cfcbf1bf..3c446d28dc 100644 --- a/docs/wiki/Deploying-Enterprise-Scale-HubAndSpoke.md +++ b/docs/wiki/Deploying-Enterprise-Scale-HubAndSpoke.md @@ -1,3 +1,3 @@ -## This page has moved +# This page has moved Please refer to [Deploy Azure landing zone portal accelerator deployment with hub and spoke network topology](./Deploying-ALZ-HubAndSpoke) diff --git a/docs/wiki/Deploying-Enterprise-Scale-Platform-DevOps.md b/docs/wiki/Deploying-Enterprise-Scale-Platform-DevOps.md index 688afb4690..2b223d19f0 100644 --- a/docs/wiki/Deploying-Enterprise-Scale-Platform-DevOps.md +++ b/docs/wiki/Deploying-Enterprise-Scale-Platform-DevOps.md @@ -1,288 +1,3 @@ -## Enterprise-Scale Platform DevOps and Automation +# This page has moved -### In this section: - -- [Enable deployment of Landing Zones with Infrastructure as Code using Github and Github Actions](#reference-implementation-deployment) -- [Validation post deployment (GitHub)](#validation-post-deployment-github) -- [Operating the Azure platform using AzOps (Infrastructure as Code with GitHub Actions)](#operating-the-azure-platform-using-azops-infrastructure-as-code-with-github-actions) - ---- - -### Enable deployment of Landing Zones with Infrastructure as Code using Github and Github Actions - -You can choose to bootstrap your CI/CD pipeline (GitHub with GitHub actions). Provide your GitHub user/org name, the preferred name of the GitHub repository that is to be created, as well as the PA token that the deployment will use to create a new repository and discover the Enterprise-Scale deployment ARM templates and merge them into your main branch. - -![Graphical user interface, text, application Description automatically generated](./media/clip_image015.png) - -1.1.1 To create a PA token, follow the instructions here: https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token - -1.1.2 Ensure the PA token has the following permissions: - -![Graphical user interface, text, application Description automatically generated](./media/github_developer_createPAT.png) - -> For Microsoft employees who are enrolled into the Azure GitHub organization, you must also authorize the PA token to this Org! - -![Graphical user interface, text, application, email Description automatically generated](./media/github_developer_enablesso.png) - -![Graphical user interface, text, application, email Description automatically generated](./media/github_developer_disablesso.png) - -1.2 Lastly, a Service Principal is required for Git to authenticate to – and be authorized to your Azure tenant. You can either use an existing Service Principal or create a new one. The Service Principal will be granted *Owner* permission on the top level Management Group that gets created. - -1.2.1 If using an existing Service Principal, ensure you have the *client secret* as this must be provided as the *Password* for the service principal and confirm it has the right level of permission. - -![Graphical user interface, text, application Description automatically generated](./media/clip_image020.jpg) - -1.2.2 If creating a new Service Principal, select "Create New" and click on Make selection” and the portal will open a new blade for app registration - -![img](./media/clip_image022.png) - - ![img](./media/clip_image024.png) - -Once the App has been registered, you must explicitly create a new secret. - - ![img](./media/clip_image026.png) - - ![img](./media/clip_image028.jpg) - -Make sure to note down the “Value” of the new client secret. - ![img](./media/clip_image030.jpg) - -The default API Permissions for this App are “User.Read”, as depicted below: - -![img](./media/clip_image032.jpg) - - After copying the secret, go to “Azure landing zone accelerator” (in the upper left) to return to the deployment. - - ![img](./media/clip_image034.png) - - At this point, paste the client secret value of the newly created client secret from a few step above into the Password field. - - ![Graphical user interface, application Description automatically generated](./media/clip_image035.png) - -### Validation post deployment (GitHub) - -Once Enterprise-Scale has deployed and you enabled the CI/CD bootstrap, you should validate in your GitHub account that: - -* A new repository has been created, with the name provided during setup. - -![Graphical user interface, text, application Description automatically generated](./media/clip_image040.png) - -* 4 Secrets are created into this GitHub repository. - -ARM_CLIENT_ID = Service Principal - -ARM_CLIENT_SECRET = Service Principal Client Secret created in the Tenant -ARM_SUBSCRIPTION_ID = The management subscription ID created in the Tenant -ARM_TENANT_ID = Tenant ID of the Azure Tenant that was used to create ESLZ - -![img](./media/clip_image042.jpg) - -* A Pull Request is either in progress or has completed and automatically merged into the main branch. - -![img](./media/clip_image044.png) - -* The Azure hierarchy that got created using ARM templates as part of the Enterprise-Scale setup, such as management groups, subscription organization as well as policy definitions, policy assignments and role assignments are hydrated and organized into Git: - -![Graphical user interface Description automatically generated with medium confidence](./media/clip_image046.jpg) - - -![Graphical user interface, application Description automatically generated](./media/clip_image048.jpg) - -* In each folder, you will find the ARM templates that were deployed at the scopes during the Enterprise-Scale setup. E.g., on the intermediate root group, you will find all policy definitions, and depending on the selection you made during the deployment, you will find resource templates in the platform subscriptions. Users can – whenever they are ready, start using these templates and bring their own templates to manage the platform using ARM templates and infrastructure as code. - -![Graphical user interface, application Description automatically generated](./media/clip_image050.jpg) - -## Operating the Azure platform using AzOps (Infrastructure as Code with GitHub Actions) - -When you have deployed Enterprise-Scale with GitHub integration, you will have a ready-to-go repository with integrated GitHub Actions containing all the ARM templates that were used during deployment, organized in the following way: - -* Management group tree structure represented as folders in Git - -* Subscriptions represented as folders in their respective management group folder in Git - -* Resource Groups represented as folders in their respective subscription folder in Git - -* Policy Definitions, Policy Set Definitions, Role Definitions, and Role Assignments as composite ARM resource templates partitioned at the folder representing the respective scope in Azure (management group, subscription) - -* Resources (e.g., virtual networks, Log Analytics workspace, Automation account etc.) represented as composite ARM resource templates into their respective resource group (folder) - -You can edit/update the existing ARM templates in your repository and GitHub actions will push (deploy) to the respective Azure scope. You can also author and bring your own ARM templates and deploy them to the respective Azure scope. - -The following section will demonstrate how one can operationalize the Enterprise-Scale platform using ARM templates, via the GitHub repository that got created using AzOps (GitHub Actions). - -### What is AzOps? - -AzOps is an opinionated CI/CD pipeline to operationalize the Azure *platform* and *landing zones* that enables organizations to focus on the ARM template development, and not having to deal with multiple deployment scripts targeting different Azure scopes. The organization and folder structure in Git is dynamically representing the Azure graph (management groups (parent, child relationships), and subscription organization), so the platform operators can easily determine at which *scope* they want to invoke the ARM template deployment by simply making a PR with the ARM template(s) and parameter files (optionally), and AzOps will invoke the deployment accordingly. - -Also, when there’s a new *scope* (management groups, subscriptions, and resource groups) being created, either explicitly via the pipeline – and also out of band (via Portal, CLI, PS etc.), AzOps will discover these and represent them correctly back into Git. - -### Create new Policy Assignment for validation - -Enterprise-Scale with its Policy Driven Governance principle relies heavily on Azure Policy to determine the goal state of the overall platform. As an example, this exercise will demonstrate how a developer can make a new policy assignment at the “Online” landing zone management group scope. - -1. In GitHub, navigate to your repository and click on the ‘azops’ folder. From here, navigate to your -online folder which represents the management group for all your online landing zones. - -![img](./media/clip_image052.jpg) - -2. Click on ‘Add file’, and ‘Create new file’. - -3. Name the file ‘locationAssignment.json’ - -4. Copy and paste the following ARM template json - -``` json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "policyAssignmentEnforcementMode": { - "type": "string", - "allowedValues": [ - "Default", - "DoNotEnforce" - ], - "defaultValue": "DoNotEnforce", - "metadata": { - "description": "Input will determine if the policyAssignment should be enforced or not." - } - }, - "policyDefinitionId": { - "type": "string", - "defaultValue": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c", - "metadata": { - "description": "Provide the policyDefinition resourceId" - } - }, - "policyAssignmentName": { - "type": "string", - "defaultValue": "AllowedLocations" - }, - "policyDescription": { - "type": "string", - "defaultValue": "Policy to ringfence Azure regions." - }, - "listOfAllowedLocations": { - "type": "array", - "defaultValue": [ - "westeurope", - "northeurope" - ] - } - }, - "variables": {}, - "resources": [ - { - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2019-09-01", - "name": "[parameters('policyAssignmentName')]", - "identity": { - "type": "SystemAssigned" - }, - "location": "[deployment().location]", - "properties": { - "description": "[parameters('policyDescription')]", - "displayName": "[parameters('policyDescription')]", - "policyDefinitionId": "[parameters('policyDefinitionId')]", - "enforcementMode": "[parameters('policyAssignmentEnforcementMode')]", - "parameters": { - "listOfAllowedLocations": { - "value": "[parameters('listOfAllowedLocations')]" - } - } - } - } - ] -} -``` - -5. Examine the file and note that we are using default values for the parameters. You could modify these, or you could also provide a locationAssignment.parameters.json file to provide the parameters. - -6. On the ‘Commit new file’ option, select ‘Create a new branch for this commit and start a pull request’, and give it a name. - -![Graphical user interface, text, application, email Description automatically generated](./media/ESLZ-location-assignment-policy.JPG) - -7. Click ‘Propose new file' and on the next page, click 'Create Pull Request." A new Pull Request is being created which will trigger the Push workflow. Go to Actions to monitor the process. - -![Graphical user interface, text, application, chat or text message Description automatically generated](./media/clip_image056.jpg) - -8. Once completed, the pull request should automatically merge. - -9. In Azure portal, you can navigate to the -online management group and verify that the deployment resource got created and deployed successfully. Each deployment invoked via AzOps will have an ‘AzOps’ prefix. - -![Graphical user interface, text, application, email Description automatically generated](./media/clip_image058.jpg) - -10. Navigate to ‘Policies’ on the -online management group and verify that there’s a new assignment called ‘Policy to ring-fence Azure regions’. - -![Graphical user interface, text, application, email Description automatically generated](./media/clip_image060.jpg) - -11. Click on ‘Edit assignment’ to verify that the Policy is not being enforced but will only scan for compliance and validate resources per the policy rule defined in the policy definition. - -![Text Description automatically generated with low confidence](./media/clip_image062.jpg) - -Once the policy compliance scan has completed, you will get a compliance result for the policy you assigned to validate the effect is working as intended, before going to the next step to update the enforcement mode. I.e., this policy will prevent resources being created outside of the allowed locations specified. - -You can now merge the pull request and delete the branch. - -### Update a Policy Assignment to enforce - -In this exercise, we will modify the existing policy assignment to ensure the policy effect will be enforced. - -1. Navigate the locationAssignment.json file you placed into the -online folder, representing the online landing zone. - -2. Click on ‘Edit this file’ ![img](./media/clip_image063.png) - -3. Change the parameter “policyAssignmentEnforcementMode” default value to be ‘Default’. - -![Graphical user interface, text, application, email Description automatically generated](./media/clip_image065.jpg) - -4. On the ‘Commit changes’ dialogue box, select ‘Create a new branch for this commit and start a pull request’, and provide a branch name. Click ‘Propose changes’ and create the pull request - -![Graphical user interface, text, application, email Description automatically generated](./media/ESLZ-Update-location-assignment-policy.JPG) - -This will now start the AzOps push workflow and deploy the template with the updated property so that the policy effect will be enforced (in this case, deny resource creation outside of the ringfenced Azure regions). - -Once the job has completed, you can revisit the policy in Azure portal and see that the policy enforcement is set to ‘Enabled’. - -![Graphical user interface, text, application, email Description automatically generated](./media/clip_image069.jpg) - -You can now merge the pull request and delete the branch. - -### Create new Role Assignment on a landing zone - -To grant a user, a group, or a service principal access to a landing zone (subscription), you can use the following ARM template where you provide the principalId (object id of the user, group, or service principal) as input to the parameter, and place the template into the subscription folder into your landing zone management group(s). - -Replace Provide-Principal-Id with Id of the principal. - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "principalId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Provide the objectId of the principal (user, group, SPN, managed identity etc.) that will be granted RBAC at scope." - } - }, - "roleDefinitionId": { - "type": "string", - "defaultValue": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "metadata": { - "description": "Provide the id of the built-in roleDefinition. Default is 'Contributor'." - } - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2017-09-01", - "name": "[guid(parameters('principalId'))]", - "properties": { - "principalId": "[parameters('principalId')]", - "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', parameters('roleDefinitionId'))]" - } - } - ] -} -``` +Please refer to [Azure landing zone portal deployment for Platform DevOps and Automation](./Deploying-ALZ-Platform-DevOps) diff --git a/docs/wiki/Deploying-Enterprise-Scale-Pre-requisites.md b/docs/wiki/Deploying-Enterprise-Scale-Pre-requisites.md index 6e79e51702..f927ee5c45 100644 --- a/docs/wiki/Deploying-Enterprise-Scale-Pre-requisites.md +++ b/docs/wiki/Deploying-Enterprise-Scale-Pre-requisites.md @@ -1,2 +1,3 @@ -## This page has moved -Please refer to [Azure landing zone portal accelerator Pre-requisites](./Deploying-ALZ-Pre-requisites) \ No newline at end of file +# This page has moved + +Please refer to [Azure landing zone portal accelerator Pre-requisites](./Deploying-ALZ-Pre-requisites) diff --git a/docs/wiki/Deploying-Enterprise-Scale-VWAN.md b/docs/wiki/Deploying-Enterprise-Scale-VWAN.md index bf8acf7a54..b7d5f89c70 100644 --- a/docs/wiki/Deploying-Enterprise-Scale-VWAN.md +++ b/docs/wiki/Deploying-Enterprise-Scale-VWAN.md @@ -1,3 +1,3 @@ -## This page has moved +# This page has moved -Please refer to [Azure landing zone portal accelerator deployment with Azure VWAN network topology](./Deploying-ALZ-VWAN) \ No newline at end of file +Please refer to [Azure landing zone portal accelerator deployment with Azure VWAN network topology](./Deploying-ALZ-VWAN) diff --git a/docs/wiki/Deploying-Enterprise-Scale.md b/docs/wiki/Deploying-Enterprise-Scale.md index 5660b62eef..6c0496689b 100644 --- a/docs/wiki/Deploying-Enterprise-Scale.md +++ b/docs/wiki/Deploying-Enterprise-Scale.md @@ -1,3 +1,3 @@ -## This page has moved +# This page has moved -Please refer to [Deploy Azure landing zone portal accelerator](./Deploying-ALZ) \ No newline at end of file +Please refer to [Deploy Azure landing zone portal accelerator](./Deploying-ALZ) diff --git a/docs/wiki/FAQ.md b/docs/wiki/FAQ.md index 2ad3247d48..9d2ab1fc17 100644 --- a/docs/wiki/FAQ.md +++ b/docs/wiki/FAQ.md @@ -37,7 +37,7 @@ We then work with the Azure Policy and associated engineering teams to continuou ## Where can I see the policy definitions used by the enterprise-scale landing zones reference implementation? -You can find a list of policy definitions here: [Policies included in enterprise-scale landing zones reference implementations](https://github.com/Azure/Enterprise-Scale/blob/main/docs/ESLZ-Policies.md) +You can find a list of policy definitions here: [Policies included in enterprise-scale landing zones reference implementations](./ALZ-Policies) We also add changes to our [What's New? wiki page](https://github.com/Azure/Enterprise-Scale/wiki/Whats-new). diff --git a/docs/wiki/Home.md b/docs/wiki/Home.md index 8202c2ac38..2f8c4ff2c4 100644 --- a/docs/wiki/Home.md +++ b/docs/wiki/Home.md @@ -1,32 +1,7 @@ -# Enterprise-Scale Landing Zones User Guide +# Azure landing zones User Guide -The Enterprise-Scale Landing Zones User Guide aims to provide comprehensive end-to-end documentation for the Enterprise-Scale deployment and configuration experience to accelerate both adoption and deployment. +> **NOTE:** _Enterprise-Scale is now Azure landing zones_ -## Navigation +This user guide aims to provide comprehensive end-to-end documentation for the Azure landing zone deployment and configuration experience to accelerate both adoption and deployment. -* [What's New?](https://github.com/Azure/Enterprise-Scale/wiki/Whats-new) -* [Community Calls](https://github.com/Azure/Enterprise-Scale/wiki/Community-Calls) -* [Azure Landing Zones Deprecated Policies](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Deprecated-Services) -* [What is Enterprise-Scale?](https://github.com/Azure/Enterprise-Scale/wiki/What-is-Enterprise-Scale) - * [What is Enterprise-Scale reference implementation?](https://github.com/Azure/Enterprise-Scale/wiki/What-is-Enterprise-Scale#what-is-enterprise-scale-reference-implementation) - * [Pricing](https://github.com/Azure/Enterprise-Scale/wiki/What-is-Enterprise-Scale#pricing) - * [What if I already have an existing Azure footprint](https://github.com/Azure/Enterprise-Scale/wiki/What-is-Enterprise-Scale#what-if-i-already-have-an-existing-azure-footprint) -* [How Enterprise-Scale Works](https://github.com/Azure/Enterprise-Scale/wiki/How-Enterprise-Scale-Works) - * [Enterprise-Scale design principles](https://github.com/Azure/Enterprise-Scale/wiki/How-Enterprise-Scale-Works#enterprise-scale-design-principles) - * [Separating platform and landing zones](https://github.com/Azure/Enterprise-Scale/wiki/How-Enterprise-Scale-Works#separating-platform-and-landing-zones) - * [Enterprise-Scale Management Group Structure](https://github.com/Azure/Enterprise-Scale/wiki/How-Enterprise-Scale-Works#enterprise-scale-management-group-structure) - * [What happens when you deploy Enterprise-Scale?](https://github.com/Azure/Enterprise-Scale/wiki/How-Enterprise-Scale-Works#what-happens-when-you-deploy-enterprise-scale) -* Deploying Azure landing zone portal accelerator (Enterprise-Scale) - * [Pre-requisites](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-Pre-requisites) - * [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-CustomerUsage) - * [Deploy without hybrid connectivity to on-premises](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-Foundation) - * [Deploy with a hub and spoke based network topology](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-HubAndSpoke) - * [Deploy with an Azure Virtual WAN based network topology](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-VWAN) - * [Deploy for Small Enterprises](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-BasicSetup) - * [Operating the Azure platform using AzOps (Infrastructure as Code with GitHub Actions)](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-Platform-DevOps#operating-the-azure-platform-using-azops-infrastructure-as-code-with-github-actions) -* [Create subscriptions / landing zones using AzOps](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones) - * [Create landing zones (subscription) using AzOps](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones#create-landing-zones-subscription-using-azops) - * [Pre-requisites](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones.md#pre-requisites) - * [Enable Service Principal to create landing zones](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones#enable-service-principal-to-create-landing-zones) - * [ARM template repository](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones#arm-template-repository) - * [Create a new landing zone (subscriptions)](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones#create-a-new-landing-zone-subscriptions) \ No newline at end of file +Please use the navigation links to browse our content... diff --git a/docs/wiki/How-Enterprise-Scale-Works.md b/docs/wiki/How-Enterprise-Scale-Works.md index e546db8b35..0e880302c5 100644 --- a/docs/wiki/How-Enterprise-Scale-Works.md +++ b/docs/wiki/How-Enterprise-Scale-Works.md @@ -13,7 +13,7 @@ - [Enterprise-Scale Management Group Structure](#enterprise-scale-management-group-structure) - [What happens when you deploy Enterprise-Scale?](#what-happens-when-you-deploy-enterprise-scale) ------- +------ This section describes at a high level how Enterprise-Scale reference implementation works. Your landing zones are the output of a multi-subscription environment for all your Azure services, where compliance, guardrails, security, networking, and identity is provided at scale by the platform. ## Enterprise-Scale design principles @@ -86,7 +86,7 @@ By default, all recommended settings and resources recommendations are enabled a - A scalable Management Group hierarchy aligned to core platform capabilities, allowing you to operationalize at scale using centrally managed Azure RBAC and Azure Policy where platform and workloads have clear separation. -- Azure Policies that will enable autonomy for the platform and the landing zones. The full list of policies leveraged by Enterprise-Scale, their intent, assignment scope, and life-cycle can be [viewed here](https://github.com/Azure/Enterprise-Scale/blob/main/docs/ESLZ-Policies.md). +- Azure Policies that will enable autonomy for the platform and the landing zones. The full list of policies leveraged by Enterprise-Scale, their intent, assignment scope, and life-cycle can be [viewed here](./ALZ-Policies). - An Azure subscription dedicated for **Management**, which enables core platform capabilities at scale using Azure Policy such as: - A Log Analytics workspace and an Automation account diff --git a/docs/wiki/What-is-Enterprise-Scale.md b/docs/wiki/What-is-Enterprise-Scale.md index 9e6fbba372..259ad3b4a8 100644 --- a/docs/wiki/What-is-Enterprise-Scale.md +++ b/docs/wiki/What-is-Enterprise-Scale.md @@ -59,4 +59,4 @@ Therefore it is important to complete the design process following the Enterpris Enterprise-Scale reference implementation will meet you where you are, and the design has catered for existing subscriptions and workloads in Azure. -See the following [article](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/transition) to learn more how you can transition into Enterprise-Scale. \ No newline at end of file +See the following [article](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/transition) to learn more how you can transition into Enterprise-Scale. \ No newline at end of file diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index a2e2567649..d140261e97 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -51,6 +51,25 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: ### December 2022 +#### Docs + +- Migrated the following pages to the [Enterprise-Scale Wiki](https://github.com/Azure/Enterprise-Scale/wiki/) + + | Original URL | New URL | + | --- | --- | + | [docs/ESLZ-Policies.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/ESLZ-Policies.md) | [wiki/ALZ-Policies](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies) | + | [docs/EnterpriseScale-Architecture.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Architecture.md) | [wiki/ALZ-Architecture](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Architecture) | + | [docs/EnterpriseScale-Contribution.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Contribution.md) | [wiki/ALZ-Contribution](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Contribution) | + | [docs/EnterpriseScale-Deploy-landing-zones.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Deploy-landing-zones.md) | [wiki/ALZ-Deploy-landing-zones](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Deploy-landing-zones) | + | [docs/EnterpriseScale-Deploy-reference-implentations.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Deploy-reference-implentations.md) | [wiki/ALZ-Deploy-reference-implementations](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Deploy-reference-implementations) | + | [docs/EnterpriseScale-Deploy-workloads.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Deploy-workloads.md) | [wiki/ALZ-Deploy-workloads](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Deploy-workloads) | + | [docs/EnterpriseScale-Known-Issues.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Known-Issues.md) | [wiki/ALZ-Known-Issues](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Known-Issues) | + | [docs/EnterpriseScale-Roadmap.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Roadmap.md) | [wiki/ALZ-Roadmap](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Roadmap) | + | [docs/EnterpriseScale-Setup-aad-permissions.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Setup-aad-permissions.md) | [wiki/ALZ-Setup-aad-permissions](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Setup-aad-permissions) | + | [docs/EnterpriseScale-Setup-azure.md](https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Setup-azure.md) | [wiki/ALZ-Setup-azure](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Setup-azure) | + +- Updated the guidance for contributing to the [Azure/Enterprise-Scale](https://github.com/Azure/Enterprise-Scale/) repository + #### Tooling - Added ALZ Custom RBAC Role Definitions, as listed [here](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access-landing-zones#rbac-recommendations) to ALZ Portal Experience. Fixing [#1079](https://github.com/Azure/Enterprise-Scale/issues/1079) @@ -108,11 +127,11 @@ Impacted assignment: Deploy-ASC-Monitoring - Added missing Zones for **"WebPubSub"** and **"azure-devices-provisioning"**, so Initiative Assignment works correctly - Minor correction related to **ASR Private DNS Zone variable**, so Initiative Assignment works correctly - Conversion of **"Azure Batch"** Private DNS Zone (from regional to global), to properly align with latest respective documentation and functionality -- Renamed Azure DDoS Standard Protection references to [Azure DDoS Network Protection](https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-sku-comparison#ddos-network-protection). +- Renamed Azure DDoS Standard Protection references to [Azure DDoS Network Protection](https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-sku-comparison#ddos-network-protection). - Incremented version for policy Deploy-DDoSProtection from "version":"1.0.0" to "version": "1.0.1" - Added `Configure Microsoft Defender for Azure Cosmos DB to be enabled` to the `Deploy Microsoft Defender for Cloud configuration` initiative and updated version to `3.1.0` - Fixing issue [issue #1081](https://github.com/Azure/Enterprise-Scale/issues/1081) - Added `AZFWFlowTrace` category for Azure Firewall in associated Diagnostic Policy -- Deprecated the following ALZ policies +- Deprecated the following ALZ policies - [Deploy-Nsg-FlowLogs](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Nsg-FlowLogs.html) - [Deploy-Nsg-FlowLogs-to-LA](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Nsg-FlowLogs-to-LA.html) - [Deny-PublicIp](https://www.azadvertizer.net/azpolicyadvertizer/Deny-PublicIP.html) @@ -134,7 +153,7 @@ Impacted assignment: Deploy-ASC-Monitoring - "**"Deploy-MDFC-Config"**" definition update - Updated policy definitions set Deploy-MDFC-Config, Deploy-MDFC-Config(US Gov), Deploy-MDFC-Config (China) - added new parameter `minimalSeverity`. - - added default value for multiple parameters. + - added default value for multiple parameters. ### Other @@ -183,13 +202,13 @@ Impacted assignment: Deploy-ASC-Monitoring #### Docs -- Updated the Enterprise-scale [Wiki](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/) to reflect the latest updates on Azure landing zone accelerator. - - - [Deploy Azure landing zone portal accelerator](./Deploying-ALZ) - - [Deployment guidance for Small Enterprises](./Deploying-ALZ-BasicSetup) - - [How to deploy without hybrid connectivity](./Deploying-ALZ-Foundation) - - [Deployment with hub and spoke network topology](./Deploying-ALZ-HubAndSpoke) - - [Deployment with Azure VWAN network topology](./Deploying-ALZ-VWAN) +- Updated the Enterprise-scale [Wiki](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/) to reflect the latest updates on Azure landing zone accelerator. + + - [Deploy Azure landing zone portal accelerator](./Deploying-ALZ) + - [Deployment guidance for Small Enterprises](./Deploying-ALZ-BasicSetup) + - [How to deploy without hybrid connectivity](./Deploying-ALZ-Foundation) + - [Deployment with hub and spoke network topology](./Deploying-ALZ-HubAndSpoke) + - [Deployment with Azure VWAN network topology](./Deploying-ALZ-VWAN) #### Tooling @@ -259,7 +278,7 @@ Impacted assignment: Deploy-ASC-Monitoring #### Docs -- Updated the [Policies included in Enterprise-Scale Landing Zones](https://github.com/Azure/Enterprise-Scale/blob/main/docs/ESLZ-Policies.md) page. +- Updated the [Policies included in Enterprise-Scale Landing Zones](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies) page. - Updated the ALZ Terraform module [Wiki](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/) with new examples and improved coverage of variable configuration. #### Tooling @@ -275,7 +294,7 @@ Impacted assignment: Deploy-ASC-Monitoring - Add 2 new categories for Host Pools Diagnostic Settings - `NetworkData` - `SessionHostManagement` -- Added AVD Scaling Plans Diagnostic Settings called `Deploy-Diagnostics-AVDScalingPlans` for Azure Public only - as not supported in Fairfax or Mooncake as per https://docs.microsoft.com/azure/virtual-desktop/autoscale-scaling-plan - Fixing issue [issue #962](https://github.com/Azure/Enterprise-Scale/issues/962) +- Added AVD Scaling Plans Diagnostic Settings called `Deploy-Diagnostics-AVDScalingPlans` for Azure Public only - as not supported in Fairfax or Mooncake as per - Fixing issue [issue #962](https://github.com/Azure/Enterprise-Scale/issues/962) - Added to `Deploy-Diagnostics-LogAnalytics` Policy Initiative - Added additional log categories to `Deploy-Diagnostics-Firewall` for Azure Firewall Diagnostic Settings Policy - Fixing issue [issue #985](https://github.com/Azure/Enterprise-Scale/issues/985) - Added additional log categories to `Deploy-Diagnostics-APIMgmt` for Azure API Management Diagnostic Settings Policy - Fixing issue [issue #986](https://github.com/Azure/Enterprise-Scale/issues/986) @@ -450,9 +469,8 @@ Impacted assignment: Deploy-ASC-Monitoring #### Docs - - Updates to [User Guide](https://github.com/Azure/Enterprise-Scale/wiki) to include instructions for deploying each of the reference implementations. -- Updated Deploying Enterprise Scale wiki page with updated workflow steps. (https://github.com/Azure/Enterprise-Scale/pull/827) +- Updated Deploying Enterprise Scale wiki page with updated workflow steps. () - Updated [implementation FAQ](https://github.com/Azure/Enterprise-Scale/wiki/FAQ) and moved to the Wiki - Added [architecture FAQ](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/faq) to the CAF docs @@ -484,14 +502,14 @@ Impacted assignment: Deploy-ASC-Monitoring #### Docs -- Added reference to Enterprise-Scale Analytics (https://github.com/Azure/Enterprise-Scale/pull/809) -- Added Do-It-Yourself instructions for deploying Enterprise-Scale in Azure China regions (https://github.com/Azure/Enterprise-Scale/pull/802) +- Added reference to Enterprise-Scale Analytics () +- Added Do-It-Yourself instructions for deploying Enterprise-Scale in Azure China regions () #### Tooling -- Added Option to select Azure Firewall SKU (https://github.com/Azure/Enterprise-Scale/pull/793) +- Added Option to select Azure Firewall SKU () - [AzOps release v1.5.0](https://github.com/Azure/AzOps/releases/tag/1.5.0) -- Enabled support for Enterprise-Scale landing zones deployments to Azure gov (https://github.com/Azure/Enterprise-Scale/pull/820) +- Enabled support for Enterprise-Scale landing zones deployments to Azure gov () ### Policy @@ -510,7 +528,7 @@ Impacted assignment: Deploy-ASC-Monitoring #### Docs -- Updated [Enterprise Agreement enrollment and Azure Active Directory tenants](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/enterprise-enrollment-and-azure-ad-tenants) CAF doc +- Updated [Enterprise Agreement enrollment and Azure Active Directory tenants](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/enterprise-enrollment-and-azure-ad-tenants) CAF doc - Added CSP, MCA & other billing offers - Added information on how an EA relates to Azure AD and ties in with RBAC - Lots of updates to the [Terraform Module for Cloud Adoption Framework Enterprise-scale wiki](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki) @@ -522,14 +540,15 @@ Impacted assignment: Deploy-ASC-Monitoring - [Do-It-Yourself deployment instructions for Enterprise-Scale using Azure PowerShell released](https://github.com/Azure/Enterprise-Scale/tree/main/eslzArm) - Update subscription filter in reference implementation UI experience. Subscriptions with state != "Enabled" will be excluded from the list of available subscriptions. - Removed old codebase for the different reference implementations, and converged to a single [ARM codebase](https://github.com/Azure/Enterprise-Scale/tree/main/eslzArm) -- Improved Network CIDR Range Validation within the Azure Portal experience (https://github.com/Azure/Enterprise-Scale/pull/767). +- Improved Network CIDR Range Validation within the Azure Portal experience (). #### Policy -- Some minor changes to parameters and variables, tidying up some code. +- Some minor changes to parameters and variables, tidying up some code. - See [PR #727](https://github.com/Azure/Enterprise-Scale/pull/727) - Updated policy Deploy-VNET-HubSpoke to address [#726](https://github.com/Azure/Enterprise-Scale/issues/726) and [#728](https://github.com/Azure/Enterprise-Scale/issues/728) - See [PR #772](https://github.com/Azure/Enterprise-Scale/pull/772) + #### Other - Published resources from the first Enterprise Scale Community Call - held on the 25th August 2021 @@ -561,7 +580,7 @@ Impacted assignment: Deploy-ASC-Monitoring - The composite ARM templates can be sequenced on their own, independently of each other (although strict sequencing is required to ensure the same outcome) - Guidance coming soon for this - Customers can deploy from private repository if they want to sequence at their own pace. -- ~~[AzOps release v1.3.0](https://github.com/Azure/AzOps/releases/tag/1.3.0)~~ +- ~~[AzOps release v1.3.0](https://github.com/Azure/AzOps/releases/tag/1.3.0)~~ - ~~[AzOps release v1.3.1](https://github.com/Azure/AzOps/releases/tag/1.3.1)~~ - [AzOps release v1.4.0](https://github.com/Azure/AzOps/releases/tag/1.4.0) @@ -569,8 +588,8 @@ Impacted assignment: Deploy-ASC-Monitoring - Various custom ESLZ Azure Policies have moved to Built-In Azure Policies, see below table for more detail: -> You may continue to use the ESLZ custom Azure Policy as it will still function as it does today. However, we recommend you move to assigning the new Built-In version of the Azure Policy. -> +> You may continue to use the ESLZ custom Azure Policy as it will still function as it does today. However, we recommend you move to assigning the new Built-In version of the Azure Policy. +> > **Please note** that moving to the new Built-In Policy Definition will require a new Policy Assignment and removing the previous Policy Assignment, which will mean compliance history for the Policy Assignment will be lost. However, if you have configured your Activity Logs and Security Center to export to a Log Analytics Workspace; Policy Assignment historic data will be stored here as per the retention duration configured. **Policy Definitions Updates** @@ -612,7 +631,7 @@ Impacted assignment: Deploy-ASC-Monitoring | Deny-PublicEndpoints | Public network access should be disabled for PAAS services | Network | Deny-PublicPaaSEndpoints | Public network access should be disabled for PaaS services | N/A | Moved to using Built-In policy definitions only (as above) | | ***New Policy*** | ***New Policy*** | N/A | Deploy-Private-DNS-Zones | Configure Azure PaaS services to use private DNS zones | Network | | -- Moved several of the diagnostics Policies to built-in, and updating the diagnostics Initiative +- Moved several of the diagnostics Policies to built-in, and updating the diagnostics Initiative - This means there's a new resource name as update of existing one is not be allowed due to removal of parameters - Added Policy Initiative for enforcing Private DNS Zone Association with Private Link (using built-in) - Added Policy Initiative for denying Public Endpoints (using built-in) diff --git a/docs/wiki/_Footer.md b/docs/wiki/_Footer.md index d86e0f6a56..0f6cc0ff04 100644 --- a/docs/wiki/_Footer.md +++ b/docs/wiki/_Footer.md @@ -1,4 +1,6 @@ -**This wiki is being actively developed** + +**This wiki is being actively developed** + If you discover any documentation bugs or would like to request new content, please raise them as an [issue](https://github.com/Azure/Enterprise-Scale/issues). -Contributions to this wiki are done through the main repo under [docs/wiki](https://github.com/Azure/Enterprise-Scale/tree/main/docs/wiki). \ No newline at end of file +Contributions to this wiki are done through the main repo under [docs/wiki](https://github.com/Azure/Enterprise-Scale/tree/main/docs/wiki). diff --git a/docs/wiki/_Sidebar.md b/docs/wiki/_Sidebar.md index f460ec354b..7be1e37c54 100644 --- a/docs/wiki/_Sidebar.md +++ b/docs/wiki/_Sidebar.md @@ -1,32 +1,43 @@ # Wiki content -* [What's New?](https://github.com/Azure/Enterprise-Scale/wiki/Whats-new) -* [Community Calls](https://github.com/Azure/Enterprise-Scale/wiki/Community-Calls) -* [Frequently Asked Questions (FAQ)](https://github.com/Azure/Enterprise-Scale/wiki/FAQ) -* [What is Enterprise-Scale](https://github.com/Azure/Enterprise-Scale/wiki/What-is-Enterprise-Scale) - * [What is Enterprise-Scale reference implementation?](https://github.com/Azure/Enterprise-Scale/wiki/What-is-Enterprise-Scale#what-is-enterprise-scale-reference-implementation) - * [Pricing](https://github.com/Azure/Enterprise-Scale/wiki/What-is-Enterprise-Scale#pricing) - * [What if I already have an existing Azure footprint](https://github.com/Azure/Enterprise-Scale/wiki/What-is-Enterprise-Scale#what-if-i-already-have-an-existing-azure-footprint) -* [How Enterprise-Scale Works](https://github.com/Azure/Enterprise-Scale/wiki/How-Enterprise-Scale-Works) - * [Enterprise-Scale design principles](https://github.com/Azure/Enterprise-Scale/wiki/How-Enterprise-Scale-Works#enterprise-scale-design-principles) - * [Separating platform and landing zones](https://github.com/Azure/Enterprise-Scale/wiki/How-Enterprise-Scale-Works#separating-platform-and-landing-zones) - * [Enterprise-Scale Management Group Structure](https://github.com/Azure/Enterprise-Scale/wiki/How-Enterprise-Scale-Works#enterprise-scale-management-group-structure) - * [What happens when you deploy Enterprise-Scale?](https://github.com/Azure/Enterprise-Scale/wiki/How-Enterprise-Scale-Works#what-happens-when-you-deploy-enterprise-scale) -* Deploying Azure landing zone accelerator (Enterprise-Scale) - * [Pre-requisites](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-Pre-requisites) - * [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-CustomerUsage) - * [Deploy without hybrid connectivity to on-premises](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-Foundation) - * [Deploy with a hub and spoke based network topology](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-HubAndSpoke) - * [Deploy with an Azure Virtual WAN based network topology](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-VWAN) - * [Deploy for Small Enterprises](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-ALZ-BasicSetup) - * [Operating the Azure platform using AzOps (Infrastructure as Code with GitHub Actions)](https://github.com/Azure/Enterprise-Scale/wiki/Deploying-Enterprise-Scale-Platform-DevOps#operating-the-azure-platform-using-azops-infrastructure-as-code-with-github-actions) -* [Create subscriptions / landing zones using AzOps](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones) - * [Create landing zones (subscription) using AzOps](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones#create-landing-zones-subscription-using-azops) - * [Pre-requisites](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones.md#pre-requisites) - * [Enable Service Principal to create landing zones](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones#enable-service-principal-to-create-landing-zones) - * [ARM template repository](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones#arm-template-repository) - * [Create a new landing zone (subscriptions)](https://github.com/Azure/Enterprise-Scale/wiki/Create-Landingzones#create-a-new-landing-zone-subscriptions) -* [Azure Landing Zones Deprecated Services](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Deprecated-Services) -* Azure Landing Zone (ALZ) Policies - * [Policies included in Azure landing zones reference implementations](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies) - * [Migrate Azure landing zones custom policies to Azure built-in policies](https://github.com/Azure/Enterprise-Scale/wiki/migrate-alz-policies-to-builtin) +* [What's New?](./Whats-new) +* [Community Calls](./Community-Calls) +* [Frequently Asked Questions (FAQ)](./FAQ) +* [Known issues](./ALZ-Known-Issues) +* [What is Enterprise-Scale](./What-is-Enterprise-Scale) + * [Architecture](./ALZ-Architecture) + * [Policies](./ALZ-Policies) + * [What is the reference implementation?](./What-is-Enterprise-Scale#what-is-enterprise-scale-reference-implementation) + * [Pricing](./What-is-Enterprise-Scale#pricing) + * [What if I already have an existing Azure footprint](./What-is-Enterprise-Scale#what-if-i-already-have-an-existing-azure-footprint) +* [How it Works](./How-Enterprise-Scale-Works) + * [Design principles](./How-Enterprise-Scale-Works#enterprise-scale-design-principles) + * [Separating platform and landing zones](./How-Enterprise-Scale-Works#separating-platform-and-landing-zones) + * [Management Group Structure](./How-Enterprise-Scale-Works#enterprise-scale-management-group-structure) + * [What happens when you deploy Enterprise-Scale?](./How-Enterprise-Scale-Works#what-happens-when-you-deploy-enterprise-scale) +* Deploying Enterprise-Scale + * [Pre-requisites](./Deploying-ALZ-Pre-requisites) + * [Configure AAD permissions](./ALZ-Setup-aad-permissions) + * [Configure Azure permissions](./ALZ-Setup-azure) + * [Deploy landing zones](./ALZ-Deploy-landing-zones) + * [Deploy reference implementations](./ALZ-Deploy-reference-implementations) + * [Telemetry Tracking Using Customer Usage Attribution (PID)](./Deploying-ALZ-CustomerUsage) + * [Deploy without hybrid connectivity to on-premises](./Deploying-ALZ-Foundation) + * [Deploy with a hub and spoke based network topology](./Deploying-ALZ-HubAndSpoke) + * [Deploy with an Azure Virtual WAN based network topology](./Deploying-ALZ-VWAN) + * [Deploy for Small Enterprises](./Deploying-ALZ-BasicSetup) + * [Operating the Azure platform using AzOps (Infrastructure as Code with GitHub Actions)](./Deploying-ALZ-Platform-DevOps#operating-the-azure-platform-using-azops-infrastructure-as-code-with-github-actions) + * [Deploy workloads](./ALZ-Deploy-workloads) +* [Create subscriptions / landing zones using AzOps](./Create-Landingzones) + * [Create landing zones (subscription) using AzOps](./Create-Landingzones#create-landing-zones-subscription-using-azops) + * [Pre-requisites](./Create-Landingzones#pre-requisites) + * [Enable Service Principal to create landing zones](./Create-Landingzones#enable-service-principal-to-create-landing-zones) + * [ARM template repository](./Create-Landingzones#arm-template-repository) + * [Create a new landing zone (subscriptions)](./Create-Landingzones#create-a-new-landing-zone-subscriptions) +* [Azure Landing Zones Deprecated Services](./ALZ-Deprecated-Services) +* [Contributing](./ALZ-Contribution-Guide) + * [Reporting Bugs](./ALZ-Contribution-Guide.md#reporting-bugs) + * [Feature Requests](./ALZ-Contribution-Guide.md#feature-requests) + * [Report a security vulnerability](./ALZ-Contribution-Guide.md#report-a-security-vulnerability) + * [How to submit a pull request to upstream repo](./ALZ-Contribution-Guide.md#how-to-submit-pull-request-to-upstream-repo) + * [ALZ Custom Policies](./ALZ-Contribution-Guide.md#working-with-alz-custom-policies) diff --git a/docs/media/ES-process.png b/docs/wiki/media/ES-process.png similarity index 100% rename from docs/media/ES-process.png rename to docs/wiki/media/ES-process.png diff --git a/docs/media/ESLZ.gif b/docs/wiki/media/ESLZ.gif similarity index 100% rename from docs/media/ESLZ.gif rename to docs/wiki/media/ESLZ.gif diff --git a/docs/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx b/docs/wiki/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx similarity index 100% rename from docs/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx rename to docs/wiki/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx diff --git a/docs/media/Enterprise-scale architecture.vsdx b/docs/wiki/media/Enterprise-scale architecture.vsdx similarity index 100% rename from docs/media/Enterprise-scale architecture.vsdx rename to docs/wiki/media/Enterprise-scale architecture.vsdx diff --git a/docs/media/HS.png b/docs/wiki/media/HS.png similarity index 100% rename from docs/media/HS.png rename to docs/wiki/media/HS.png diff --git a/docs/media/MvnetHS.png b/docs/wiki/media/MvnetHS.png similarity index 100% rename from docs/media/MvnetHS.png rename to docs/wiki/media/MvnetHS.png diff --git a/docs/media/MvnetHSPP.png b/docs/wiki/media/MvnetHSPP.png similarity index 100% rename from docs/media/MvnetHSPP.png rename to docs/wiki/media/MvnetHSPP.png diff --git a/docs/media/North Star process visuals.pptx b/docs/wiki/media/North Star process visuals.pptx similarity index 100% rename from docs/media/North Star process visuals.pptx rename to docs/wiki/media/North Star process visuals.pptx diff --git a/docs/media/NorthStar Networking images.pptx b/docs/wiki/media/NorthStar Networking images.pptx similarity index 100% rename from docs/media/NorthStar Networking images.pptx rename to docs/wiki/media/NorthStar Networking images.pptx diff --git a/docs/media/aad-rolesandadministrators.png b/docs/wiki/media/aad-rolesandadministrators.png similarity index 100% rename from docs/media/aad-rolesandadministrators.png rename to docs/wiki/media/aad-rolesandadministrators.png diff --git a/docs/media/ado-add-build-policy.png b/docs/wiki/media/ado-add-build-policy.png similarity index 100% rename from docs/media/ado-add-build-policy.png rename to docs/wiki/media/ado-add-build-policy.png diff --git a/docs/media/ado-complete-pr.png b/docs/wiki/media/ado-complete-pr.png similarity index 100% rename from docs/media/ado-complete-pr.png rename to docs/wiki/media/ado-complete-pr.png diff --git a/docs/media/ado-env-approval.png b/docs/wiki/media/ado-env-approval.png similarity index 100% rename from docs/media/ado-env-approval.png rename to docs/wiki/media/ado-env-approval.png diff --git a/docs/media/ado-import-repo.png b/docs/wiki/media/ado-import-repo.png similarity index 100% rename from docs/media/ado-import-repo.png rename to docs/wiki/media/ado-import-repo.png diff --git a/docs/media/ado-manage-repo.png b/docs/wiki/media/ado-manage-repo.png similarity index 100% rename from docs/media/ado-manage-repo.png rename to docs/wiki/media/ado-manage-repo.png diff --git a/docs/media/ado-permissions-group.png b/docs/wiki/media/ado-permissions-group.png similarity index 100% rename from docs/media/ado-permissions-group.png rename to docs/wiki/media/ado-permissions-group.png diff --git a/docs/media/ado-pipeline-create.png b/docs/wiki/media/ado-pipeline-create.png similarity index 100% rename from docs/media/ado-pipeline-create.png rename to docs/wiki/media/ado-pipeline-create.png diff --git a/docs/media/ado-pipeline-variable.png b/docs/wiki/media/ado-pipeline-variable.png similarity index 100% rename from docs/media/ado-pipeline-variable.png rename to docs/wiki/media/ado-pipeline-variable.png diff --git a/docs/media/ado-repo-buildservice.png b/docs/wiki/media/ado-repo-buildservice.png similarity index 100% rename from docs/media/ado-repo-buildservice.png rename to docs/wiki/media/ado-repo-buildservice.png diff --git a/docs/media/ado-repo-forcepush.png b/docs/wiki/media/ado-repo-forcepush.png similarity index 100% rename from docs/media/ado-repo-forcepush.png rename to docs/wiki/media/ado-repo-forcepush.png diff --git a/docs/media/ado-repo-policy.png b/docs/wiki/media/ado-repo-policy.png similarity index 100% rename from docs/media/ado-repo-policy.png rename to docs/wiki/media/ado-repo-policy.png diff --git a/docs/media/cmanged-nt.png b/docs/wiki/media/cmanged-nt.png similarity index 100% rename from docs/media/cmanged-nt.png rename to docs/wiki/media/cmanged-nt.png diff --git a/docs/media/devops.png b/docs/wiki/media/devops.png similarity index 100% rename from docs/media/devops.png rename to docs/wiki/media/devops.png diff --git a/docs/media/directory-reader.png b/docs/wiki/media/directory-reader.png similarity index 100% rename from docs/media/directory-reader.png rename to docs/wiki/media/directory-reader.png diff --git a/docs/media/e2e-armtemplate.png b/docs/wiki/media/e2e-armtemplate.png similarity index 100% rename from docs/media/e2e-armtemplate.png rename to docs/wiki/media/e2e-armtemplate.png diff --git a/docs/media/ea.png b/docs/wiki/media/ea.png similarity index 100% rename from docs/media/ea.png rename to docs/wiki/media/ea.png diff --git a/docs/media/eg-net-top.png b/docs/wiki/media/eg-net-top.png similarity index 100% rename from docs/media/eg-net-top.png rename to docs/wiki/media/eg-net-top.png diff --git a/docs/media/enc-flows.png b/docs/wiki/media/enc-flows.png similarity index 100% rename from docs/media/enc-flows.png rename to docs/wiki/media/enc-flows.png diff --git a/docs/media/es-hubspoke-nw.png b/docs/wiki/media/es-hubspoke-nw.png similarity index 100% rename from docs/media/es-hubspoke-nw.png rename to docs/wiki/media/es-hubspoke-nw.png diff --git a/docs/media/es-iab.png b/docs/wiki/media/es-iab.png similarity index 100% rename from docs/media/es-iab.png rename to docs/wiki/media/es-iab.png diff --git a/docs/wiki/media/example-def-in-init-2.png b/docs/wiki/media/example-def-in-init-2.png new file mode 100644 index 0000000000000000000000000000000000000000..495a349569117c1da55c74bf13f9ce4b9979c33a GIT binary patch literal 78864 zcma%j1yo$wwk;8Ydw}5X7Th7YyL-^WT?$Wdch}(V?!g^`ySuyFuXOjl?~R}4k6+^) z&aQp7u5D}0HH$!5X%RSROlUALFgP($L3uDRaAYvBH!+YOKrvzv%LZUzuzV&00My1vL( z5Cub*YEgd`P!ambiSH;_QBKZs2t!CY(5PBYWhMV*#(m56!rgAC?Iq=IG|>)l-16?* zyh)g7OlaY|2%;hM-uDj^y<{X4Vlv+t@ZU0&gO6ZarUhW2qQZa0Fn!TpUV0l)-C{{M zbq{#)q`~C!z(ofmhF(|H#$|-SCW0G4GE+kWf`(=pvvWXYXuY z8X16#)pJ-@xz~&R9S0)kIolguM655^#6w|_ zDyIb|Uid6s*1kU`!0!&(0vrgmyGCI`lxEG5c6!L&G8|0w&=lHrRs#$@a$0f4E7udD zpJp)JYWeXLXodnLd=lPPIDf|{c&n!rfOB4{*ZGk}ABIsCNq|L9EQHC!EU2T23~njVE|Tf z1ukwaWq|y~WL$)c#P-O?l1Lu|J%enqcYW^pf;6+A6JQpRO&iyr>sb~32kPNV5e{w8 zcl`q&_(w}43@O&*jC`M?uUCvtJ11mkBXRo4o!`%en?GHMDrqRq=%SjGdJctiO;4`5 zRr$GkT#w!pJaEnWJ(&m6binJ<%wil8I${?=*dKnJ{#K($mJI|taL1LD5?Ik!0xN%n zt>QiVr4=(pJBKlcwS?(xy5BwSjXN=Y-3l@a0N=y7vnPEdJl!)Vn9=>XG&eSf0k(G| z^nCAvLi1pW&r!0{0PYF4>TYUneLCwzd-)LzVsY)7_dd1C=%`hESA<980NZdzl@J8ORSdax@Bhqve%=RO@x2E8HB&R6)cyO~YPsXQ0FVhUa zd=d^!!yl4Nu%QBE8GE~m)rd60@tFs|DD4r{{nPm9vRKEYFTpv!y^+M2XqWu#8uGoO zT$CC^qO)rjyZ9qjZ(+H5F%r+tfhyUwzk6388(iMTwKcf^>KPk)deCTl{3_O|77%AS zM5nju)Z-EByZC4PStKqf^9~?Chc0G@kF4}89~(a##Em?{8cw9>B!N28(wep;p%F3w zIUbP}`36Y_Wg&2>>kV>Xwn!zBb2OnCwmeUPPjy=%m2?kL+TD;?3fZ*)he$ zij?w{D)S}w@_R|+3OS<&4wc|@(b!_!k${N!$hv5(ew9A%&C!o=L8#ry$RhpOLwUtn zlky{S#|q2jR8+~7uH+(AFflt6WeUq>ZhQ?AcUeKXK_$=&V_bLREh_RWd*H@L`7=(^i!losD-gbIPy)I z(|OX$b&7xjyUCq=m3%y<6Ir}pKTOz61Wh-MsmEqZY~(f)NyR4Q8D*pM)QTIVE{cs< z;j$9PRGDZk-dJ!RVV8&m=Nsm9PY+B|PRtigFX)`^ zpH|DYlii6M$wTrZN+7x=LJQBwv9aiKU5aeQ6_yLx+7d8xcRb-?|r z_sZfb>nd;0YMeK3g;m}xdq(uQZ#)u0WSRL3oH?8xtP!R;qcQWR&rA%kEFUpSS-H$+ z0onSSfEbhN`Q2=}GWy}!Ue&M7^S3c)c8x5lVxzfbS*#NeQm~TzlEkDMQuC5L$?Azc z$!LkkjP75B>GczG5=&Uj7!FujS?~ZngUvmUrQma3x{f}%s6$?2Hl?B)Z=mjdr{M6*spO#r#59A%> z;c^{vN?9C-N{5Np;MdI8TJRk3Yw$wwSMYQq$>GwtEqeBYyH;VPVRK;%I4A5T9KIZ= z?93c3jfOTlQk`y#x;8zXzeX*pZ2$pNgazE4jfpW zWNgapPre${XMU3Sgw6$t`;2SH9p>tGX@4j+7q}DJDXdd*fU!nJS#bO-vn&;UM#HL#F%sr864}jUOHW(Kj58tj-DF~8>Pbk zeCzd2{N4Op=64(KSl{!&GQf!=6hiGIIKri2xN-O(BBNCjW_w%oZC4h}J!KqcR0$+^ zDt72~viNXA*TJFtvxW)u`i5yRAA9%+`FzggK^CkeQW4?_s0>QNbf8Z9goCPu^hDf4 zVWcc6K~3W*et10VWbvNY?i&%6P|3LkLl&jb zjUj57r<{9jr?yzLh|a~kY^qJSlH3;c!ZgfjVK`r9e{!j`*MiZCv4!FOHtwtUs*;iD z_V&uL7Blu33eyWwrL(W69kE~^>0fyd&zHgtBh5^9$wd>cOf3f;5j^Pz){XQWoq@_dW4gzf`$PpYk0ZAv?8D!PYCpQg?6GU>L`2M24D`SDsq%Rv?z zGFo)nwwey7?$TIHDi{^VGR(R{OJ;Y6z5P0~+~Nk+WBFER8p9F;i=D<(2e^ab89JR8 zLxCQ@WYlNW2TC|fbd}bXz6GE~^h)mhuwU{Zi|0JytgWlr>2xFIVBxt%mj(Djnz_vE z@;TN<-9FAe=YXTz62;|`WFBk79AS`iUIcMzyZ1S(myVnMYs)=$OM3+JupYKENNBpw=uCp>kk}+E_!?Eqy zYA@>h&w^0q$>LJ8Q>b~^frY1&KTXE=S{e5Mjmf!8OPrj~hoRfM+qHJOJG3bX9G()D_WksgPPDo~Mt(0&!C7oa@q;`dcsdE!&qyZ?>1n7U|r7JpXviXzwiKHGiI+ z*_(FGr20{GC3l$Ry0mzV9)5xAxkur_?=Js5d24dTxC7{Q^>!)aNk47g@!jp-X^rA# zelB)1c{)GU@$js<4nH|@Ch=gtb?L`yVdY$DY_`A*zy#jX?kw%xJINk*i<7=TBn zs~JK*l2P*#4Fq9<)ttU?HzGVQ*@KmPa&md_xz_}O3Cg_*xB%Ntpzn0pEhgnu5r;ua zdsqA3LuyzI{3W+LA_kH+1y0pXvTvHYh9C?^q65 z6QH5FnxKgVNM@iqc$hvjas8G4k2n8Q*)>i^EFWM^nAU}XWS z)1K#l#_ONV|NG@X8M)|wcm02f;%_T9ue+P{Rnz?)%6*P|6CW11GpeJaS z{q-3D{Urz8zn`GHZCNk!TonxL3z(Q7pCa(hVJdink`Pv}P9tZIL}MhpNrZ5OG9N#O z5QcnCsFOoXyYOvG{2@v)_2{PELv>Oo4Xo#jeP(_!U{bJ`Lkz{LY_ywvjYFw#8c zC4~PT5$w&Ymo*IcBw76a|c=MCupm zwDFKgpq*{I+TNgHu1q|)?B_|LYf~uL!~cs|%Ywe?_;wMAgvqwL-EC^BV&5K=wS_p7 zNT(zmFEx>!c&pI_f)U`a(v!&WELswG2e%QtFJp1sD@DG)(hynkYzwvBmXz)dcd}Pv z(!9u(;T2WL#r}LR8G#>%t$(~o5#TuxKPotui7}^(hQZ^;d9_#7Q~Kl!gQej8f&FOw z%15u8bRvy=Cf{tP&Ui9^-$gm0yX7caXfK%+4?1p)T)k_NQe9ZPxB9VVHU=){9K3miWtCg0x7Mm$3D%Zt3vo}O6@d7o}TEF|- zzf2f>E=WNWg2WoN~g)o8fv<_L9dln0pbC`CU zeW^W;8*G0j0i!(=0#U>^`KD9FE>RO~>0|Xq!|WWkn`k)P zF2UwI=(#`q;OvsNU9Qc47_`Gx2;p+t+kAw_Z6?5JwZ_$`=?=w;PJs$6^a#f-%Kp)J zBN4|Gc~r#p)adyFH(z^%e0J6Do!4bPcP18yymzU`Ff#2>1;C>pzY7swW*FgL59d{8 z8E2O-kT)7gps%1fdVb2Q*7F@k@=uE-60se#GUe_MIB-`ki1JWaFyGXUUK z7uXxeAlGX2nKqbs3Px|QHlH(@uRCchr*5GcQ3)ZNJDnel=^s*1QrsAhr$a?0j}Wh% zt3S(Ro48=v8ch$vWF9ygM~+HGK13u{`u|dvhBs9uBa2r`$KFVT`M_Nm;WyOg;Hi6zutNmFBAlWjFN-% z)#My>@E6ejiL@Mmm#|-yyw+JHU#3m6Ndv>(V7D;x>2WWQvLmQGo6@Lpx|m%8+WPQt zW3i!B{--S&apku})|2;h@aZaS`oi1_$wP768dXFXA{m}94E)8#U-ev{?%xqWzO3ih zYb6l@sHls#2LV{o+U>Dbs4X%)7dEryB^^}dQf~4VpW~&Hd8~oB*>vvP16M^RuJ!x9 zW6W&8Z(0mi>Cd+thK_s3DJ7?xE1sT6CF%~-rL^gM><*?{Hro2MO|TR2b09g#`d+foKuyHuE}uNtOZEswD5S3shTT$Kj%CMhz`Y4#jm<`7_;Kz ze~TiOGF|jndjHzuiH!Zdk!Oj7L(5T?8H|iSiS+fVbr2qZFu z#%;CTZCg;JoQHA}L=KYkRVx-;cI=-DNHe?*kM14(p8AW)JV7GJkNUC_mBPQQtrWkj z$ChEF4VTA_v(lMp>v)x~(3tIWDf&#|_HKao~bI;mO)x;70uu0=Zgo3dAm&0f^7U{GoqOS^gdzz6VS*%(S;He0Fyrpk( zyOW3fIMyAvP)|8mzt69?HK4Z1qOqJd@V)L3jhaoYN287wbmUG(+B|p1$(xMN7O$wX zskJsI60Db#EmA5yM=Xe_bu|Jju+FCS0qq(Da#kXNi6cHdN^!ouhjYFCHdVfhye~{O zD8h5Rl*eZ+2t<)&;K?-yY3#^?~12I5ST>+1X;UkXgfV zsmV!94@QX@eR*6bcZi9C^xVvNI0@|@Q4Af~^EQLQ{oaIv=%uKP1&R+C-MmtBKt!ob zy~zf)%!12$e8UhfBR3Z95XN+wB^muGv-UBa&D6QvQ6cmfj`|{YW1kqfvZhtIL%dkroJ0Kd6u7 z)$iepJv^OnxUf~L1)lZ8Uucm)Bgsq;C)%YH>9u!wSJ30?((hFkr%{ZMz)HvLim25o zP}*DyTpsvHeDY!h{sW>T4!pdkwFOsKa(Cf9W{2CoSDrWW9gern`daTdt94_v0Cwz z57vs`2>N_nrXrH#~!S_zoC`+c+{1f|!=fz3vbCYqT#Ucu};jjKplF>UI3 zwm7Pe72(i&o#j$yo{WVEq&3;zcn(Ze>!qKKaHjM-n}4x7@Pn-R^=i$n47ad-OHI7%mfY}%^bOX! z3uq_2FXmr{ljcUU4yP?hpn|_pNG~_f4Q`%xpb%6DLM0!UV#gF+~B`_r2#@pMqxLd6Y=cu1%MXjwl5c3FJx)0RZm(Fy~yEGP0CP zA7HRDKcSTZ9(`uv(q)zq7U2XoR7FQr9EXFtWnt&S?VN^PIBqwENSHxx^UT@@{`G^? zkMt0K_SzFUz?wgk@w>&%vDxLcM)cOALlGy>yU5XVJLPaHgHax34)3ob1k?=dFlz+F zl)(%t9m!Q^HjT*jicccpX~B$yo^d~6UrxvBc zYFS+diiH^hR($*8(bop!PV8OeQ|%5`%JetURj0iX8(%$tJdQ#aB7r(_Sf4amp)Z#e7=j@(mLqYq ziDtSieqQZ=(hAb;k?ZHL%PS@aLSgph{ZZ_ld{xb3kghP1^quuXg zveP{Z*URr*Z_>p1CgezA3aN|tbje?{sto!fX!$j!!?}io z(t{#jQKvikMGXe0s!cp2%>qUbVMABVwOIFgR7y2L0}kaN(P37FI1!C`ql@}I;*+w$ z80{a25p_m|KM9pv-B5gfS&Kkh z9ri0b7aH>U`l7agHc{o2?E`G8FBHj8pe$8Q1?LMahLLB7P ztc_%5K@$&&Fl~50zK#u~cf&Whr$KZrr!+ahut&?K>lm*iA`1v0IPm=mw*B;cPnaE% zpWCZ!+Z-ETa=}&(FuJxc_JLIjtGljb%X^z1-}fCSAivzvLZVQSqN>rs#bWNE2^p_rUJC7l84+h^R7GW=9?8AgT<=8!M7MN>iZ4Wxm3YIRz6(| zb$D_EF+?HHnnL!v3{3o)W$x;|)3rzPNnFlt%xcRJ5D1@hG-iq^CT#VuDj)B54ovzY zN`xsqv{Kknj2ABsjCMxCeR6&{yVjKPuQ%B7ttW=l*MQIpE)MITwMz+%Kv+(vS_0`C zClJ(Um1&Id2T%d_-i-)x&8O>pi!rDQF*u=%Doq`vtNZ*^St*ch2h>zR_QeIde60v9 zIfDKuT0+JdTIEY*<)6lU5Fkd5!TXHEPOBt`ey*5Qb>Iu5MWNr*m3#PblRmzaZiT3< z$tktx);S%q;;EyieZ=r0aeLfE;}^T#=s*KUC28i&6COEgIQcF;xp&&!`68F_y4H+a zMV@Z(EK9^{tQU_i8gQX@p$fJ|QeYnhbv#G$Xlcl zuYy)4oqkL`xY&FrYwlV%rBRt3SpH*Bx3I}>N2y|I)-i77`@18_gZ3F7DVzYTFVG7al%1%-Ipe>RSDl9Xl$uzUg-`&8eJptXJ)Khlwe^x*}d_ z>Qy6xrdu%qEp$%%A8nOMHEm@A{r@Qr;anULv5K6z+^(c85mnjp_laq_8t|aNm zWE^$Mxtm)!3WA&bspiQge)0K;%xdYDuKJ4;c$!;2?kedElV?NaSm591g{-k(k@XR6 zP(J&#%{OL$5Km<}%H`QDf-U{?7ob=eNy*cAj>K;5UJ^54EC>~lO)}dbo!V>*yHRUH z2ChoJVRIh0tyr+G;0GJn?WldD?=X%XB_M{+masXmdzLceoW?~#?(wLaVLs*Tpj`wQ zdH<`%3}N?piOlxFJ&sz8%fo`hid}Demp>Czx5I#9w@Ao!il+3>Uf?6J5u2T{2bt^ofpF+mows>6mRUAS$w`=@D7*yjb?X5XaIF7Uj1mZN4k4Dg zKik+Dhc>_1mgs_Kp1ccSwY-d({vK(7`HA$8E%k3;@Cz{s7y*40SN&RNokBW~nPgTf zTLoH;nab?Hqtt(c`@dBVVNvrLONyuK1&=~ac9;^i2}0^^%z}l-t@zZ*svSypf77W- z`D7OG0_O|2NEhi(T(7lYli)Xy)8`FK1pbF^^N%m#d%g%5zuu(lb^`q?rGP;Kr9i%g znLgP!|FTm5wuUotLB0dIlSKWVe-YtdxIg|XGbo8RkpTFgddfdB0WR+!Nr`c}T@=R$ zqse6IWi=aYb7Y}1JxCeiISwaRQ|{}yQ3?7Vs1hlu}l>(2&QLN&+n>z&P?btMJ}rt$!# zm*%;m5kc-EEtvm@&q^Aqd77UvIDnee7IawH!{NVsbqfA}c#fJK`PYNd1;Gn@qGiy~ z0##T4Z00{Pt9WnAQX}eLMD0zNNy4%(3`YTz%{;X%4}gLnsISQ9d%omq4GOY|WQY*T zO8`aso)s^5#(1~(0NaRY$iN`B-JkZwKTDqGyC@xT?to&zv{fkI4K5-M7h39cAe(;@ zs?M*M4?H=>W99+)#Pe*ctglXmTYmg;m_RUU2sV?0>br9;` z{^jGVl4~YL-1F`FhygRUFGWwjYsoa<$jO0&tQ?4)6j+4>5yXhB1S&yv75degzKjxZ z$*;GD3?8ah)w|8(tv@jkT6;9iD8ikQc?U9(-#{Y0BD6P%r;$I+NQfD{hdK3R{ab5G zMs%(`gr)XDifg#pyQzNx+x}Lme&V0bLj}roTW)tuZS+Gqnq7o&xPz7(a6aHw-{H6L z_u3#hll@~EPB<eYz}MYG9{(Z!pSLlzwJ`6aZB+F;~Ca(@@ zKorPBE!^K5CibU2_|GtXb9ztM60y5v52c;l0`7PIYHj$xJ<$yR9Haksyjn}(k3$D? zRe@0b0jTZ%=-wkixj*fJ|Hk}u0-ZVT0RN;{YeY2st&1>(W1_rzoWEHC5d|(&aZF#G zJzru7Kx)YVm#O6IJAxY-XeBv0=0m-@;^q86XD<0gKE2$lvOY}(9gujlIJ_PywH6Dc zW^vSNQRkceL>qj3eAU)#{1~HABrrO10for^(ha!nRqOvP=nnL%YJiV01v6> z)03<13r}|tR(xhJtnPW?w!a4-J|!|+jU%%bcYQi?TVxnCv&k{47fO-JuLhdr!~KsI zR|Gjj&$(KSRX*sWX=7=hJ;`ZiWEW97wFYGgdh6FHbB3iHz(xyvt)sW7fk5Q)bLZ3r})`b^?Wk>9?Ct? zv`iP-4#D5)+`~e<@H?IGAiW^={s1|T^VeM6u5x6;u@HpXC-UCqYc+Wus*6SuhiM*w zLucpSEDuWAZ1|P@ve_HwF4S^m0r}86nc|wA6~@;(aU@OZp|IXge3< z)9Or2e?X(-5xd$Sj_sc*yZPMWaof4|+e-uT&bfBEDkEXw@p^DM92&c(<1m|kbU2!y znm4asc{n&(S?l&3J41c>)t$OPvHHl)j(|pgK3OW#?E@Cc!P=UCez``AH=ACH1Fcqd z7EP8HW3`?6anAM^7C3Y(3pL%*vRF~u!vMTQas3&&P#7zP(#T>=nYKVsGFydKVqZ+T z+5Jb3%NedFf?kQF5cweIR=IM>tx~nYvW|zS))wQL>i(EkYdO<4w^Xf_Qe(8 zySY-)LEi1LsrdoV>l(%e`uPUZe6@i?PhM z26K84?}N$Rh5I*tF=(67|G4Tc#H8OtFbATNm>B9*==c5r`IMoN_DX&+g*M_Mf8qi% z!eLgAS%4yU~R$;$Q zV5iQ?A%#L-!eLi3_Q8X%0tNW86+R)X!`Bn2G`JUjliYa7F5Tgy__AZe?^C!_sVO+3 z$qdA|z<3BAB&al=2R<5zN0X%w+NK%#35zznoPsU!xXU|UtzOfpU*7>3aFKikoyt(V zi#C#IVp!6LKYyFxue!!3rY!vDcy5*k9VqvwOhm~M#;JPOhx*+tjbGAzx?-tDk*%zx zV<}rz@G?vEPj6a~k=1_cQw!6ZubA?e(WqngJ2Va9*YP3*=#Y~_{^-f4<{18xgYL(6FL_TQ(?5kET%EZz=fB= z_;y>I3Zb$}#LX**%iZ1>5KgW#e3uf>b|xdg`EuI%mI>s_PG8^?T7f!!Scs#E5Bbn~ zXH?}zYX1G9pNu5*vQVi?+zdd}F7=*26YkgIH6F4Ck?q%mymgCtsG^3B%g?LuTFX_z zEKlbshDEYaphWQ^ZLw?}gzB-QZJDkrWxtLX^L8KG7Ixc9k}KhAuMev|u(~CpCbL+G z^a!+uoDVv~eFA#;Wj-&VUMOkUP1QG9E>jfW*cL8`I!yU??Z0cwP(4HWHHbb+aoXX` z@!2!%Oj5yMln+P6Dp&Pv-Pgq<0}1(R3kD=m3k8i@d(1r!IfXd+>n7Elm-9Rb+pOe zb_^}kt%0`D_D7VoHKoh`3zUUnpq1An$T1d5fyZIrCyEXVT?U}_$617Y+Hq=sx-SVe z7PxTc+8UIJw_9)612L@RtPiGx4RJ^B2I*LL=R87hj+&IOqdBfdJuFxWnWul7?Y&;$ zWWw3HzAn_R*P4veef2g?Qb&P|Fy5R_+LoIacJRUY#mu2Rxl){nXj(s{@E|vb*rj>m zD-HARWI3}3GKI)Oc0hE8rwCXiGZ25Quj)w(NnhC71U_cG8v<*Jod_WM7 zR(+PVlIK-T2{mSog>bTjz|%Mj*Wy4o`z+{+e-ic-{yVZ1qdGQJ#xmuRW%@svX!-s^OdUIX;HcUn_Ra6w?(elkV3mLu-aWnl4OSPx3b+dsO&y9o7JueYM9(l%7>NK7$ zhC-y}xiT||{~t~pQY;uXvb(IWfPN&K=QF*_=_&>)ZHga=L-gh4(N0}`_-xJ$L>@u` zU~K=`>`(Phm+~XBZ=y=Nr*=|by^kAhuGaqU!Gmn)RB4ukV4gKVdv!aj`XkgtGX6yoMEpH z7O3H4gns+)_Ad8Eaw*-2rJf&A3|>-fj?@wKc2K8(Zh^=uRI|&7XvQ-Xd|tEX>{I!X zp_K*|7IM=EeMDh_5A zK#q1G6;s*G(}NY_Xl(jBtD;gZPXA7e{d?eCVFZqPv6id0<==a0okVG*>2%yo zNsVpQ@9J1g=%bFYV=?qdt+aY}?&_WO)4bNAi5P<$c&a#3;dU3Im?_91(j8h24ih%< z^dJ*B>bYqr=xkAoXXm9s?Q&4U+I8?5@2s)%gVlq98CM$K1-UGKtQ#&CtMOMud;KKLiH-E)Ha=S?F*c0SYj95nAtT?RSRiGn z*iej#ng0t;Og#<7j?t|849M~d~0PonQ5JC+q>hO_I69c`C8X6vsNF+zUZ^a zv}Lo!vp<(wVCqddvqpUALMRJ6GVtte>Ri3Fc_%kb$+#YjMB8M;MIR$^Rb0`Ru}seA zrv5lvE;^pki{q)mOSaDuQGj9L0^6;Op`3wwEmsxz!>s5cm4WB<n~`LV7RJ@#NBkRp4B8tQn1=I93{E?7;jKveB1a`Gtev-dJ*rz7<5;Q}WN>q|0=u z2DcFb==%V%eY8M48f^j^uF;pK*yELEzCCEvicqDLrafAqS>z}DV(K#7&t+=IL>n62 zM?ELSRvsJRWjh$*R6w2(*spySxGcgtnP7-X9Qqr5 zn^nVRNyJI(!80DWm9JpUlKjae3V`a+{W@O9G3e;q^@xa~hDNR17sG*B9(WFzg7vEfu=HJb+2Iq!# z6sy7IneZ0Ttnw^4=N&U><@tGc)X#Q!|{gbG%llvq#*-@ z9iSh)bxV;eQ$HXGEnn{qW2-Ix_EzwG#JH)InfeLxVi)LkI?IR1nd}c7Sb@CKj?(s* zXVM9>!G3THl-*`Z;bqi7%lXSUd+X&OfaRcI<~vbE(uF68hJyIk`aLKz1PJ zOv;(tr8qN^$SG+Ydx_1qw!>@c=Xb1}3nCGR`x`m|ZwM7@N=m>Gn|S5Z`Jk_xub`?5AEpY~{}ZoqW~KO2gsoURyJcl`6=&rW@1t&s`Zl+F{)fi~x?{n-5jH zdxMN)3tRP=O(5Re(L%USRyMf2WNq!mUS3WYI_%59X1R4OgVi$E+18M&a2<%@g?iwb zU~^IyQ0Do93l2Vh)4(vOTW)-@#+AIfwpXwEOLey9UFvfANGY_{p2aChtCtJj*Z^}J zO%V>}-Lq7YAyK@y2Wwf%D{IX0{NT2K3fudhLP0KW+%U9cPV;*mtkY6uvL4Ku6gZmw zG%SXsMsKLR7|7p-hU(&BN>*t@fL3J0;;9m(n=AgZbc!~_;+d>dRO%yG+LLCDepNBt zwtOn5Sltbgn|rcSFCFaSM0DMHK+c5A>w7-qITO?EHFa29VxWGpSG7BeaM-4)i&S}c zIrouBx$nUCJJ1hedzjS2C>@)Fq}gG?(`EqHqew%mc4;-fqH95ty&lD`eyA&H-8kCa zl}+5c^uqw%5?ia$?$-*7XHRU0PqxY>d~hP+WRAv}5NNp`LnpTq*h(Xb`iN+PFUNDf z*Tc_Rs5MQs+T}5oF%$rCCo*Cl_tS5F26gUoT_cjJid#R+BGaLpDK=<~hH_J;_-prV z*GX*be`c#I8F=K?Xi!KkyMd^KF%f+x6d+}XNaFA%j$Iu>_}z<;z0FAEtQk$4YmcJ( zqX~i;1G|19`sPgx>N^Owt--PxTu%4|?PM2s_hOJz+@J+81EEpUIDfNozR&pn1|ZTl zy8=-P1pMJEbC1Oo%xlolSZh6pQk*T6`7`%xbvrc`OEo{3=yvjBLOjd5t?{euVW`CF zn>9p{ zjt8|-!r{v#2WKhj)qP~6a0W2UwG8?<G8K25UcYzekhSJY|idsbvYz@rd>fy?9iB zf2}gAy{KU^HzvWbjsq%7ZJE*C4s9RLA;sJwkkirh~}WC$!mg?bg?E!U!T5|h}nVba9;R9muAQ5QVR+m5StJgW(GunkA!M| zj?M2glf7XYL915o#g$5;{%E$9UpzP+tm#i9=ZsUx_}u#3=!J+ij3=*jA}(rhAheYq zKqGFqB~DA@(SYNT#%MIDpw#z!lgPu=6A{c2&xxN-_?z`PHT&{RS>0EBzLun%Kij}YCl`S-U zyW(gxf*j8Mho)Pc_A{4u$FjOHcQcd9oBZMIV!r>x~B>72w8>vV^FzyVIB9HD*GK3=ZOb!LJ>YSv(0`Y)?wd zedfu8_=*C4zy!{%loC^epxmc4C zFC&M27LKn`yJ}f_U@W|x+YxrC^}yDuO{i|(6m+!joHo~!DEWv#M;Ps`bPD2Pi~wqV zldBQqLe2zR_Jmzeq*8?M_E}a58B&%i19O=x-QO4wD;UOIA4qZL&8O&G@j9plg{ACB zi*7n}@M8vhQY+eOp@Lo$&8HC4fT{Hv1@psGtK(`{%l4=V>XTuapOtyhvYc_rZw*L6 zDddr$=`?UVd@!sk@C>K{{g;Jk6|JA!wN-6eYA)lgPEUp9A(}Gij*k*}Ls|xa#64-z z$#k-^$Qx40*rz)IQAL!mMRU!1tun_S`kgCd$^0E9R3rvfl}22qoYi#Drz_n?AH%8d zG>o|2Z@;OkZmvp;y4^iC0C_3QROiouE5+)m>tr$nI#kU(cXOAV9^cnV#RwOwpT~Pm z-4V*;;D+bzNQqgjmQ##|lSrE8>#WjmIaT`RX^#Kld*H7lBfbFdNScE#pml`OVGr&u zcG?kexgvP6XS~Hd?=K5}6EGgRc#6V3TW|GRB1a-A6t1zHL2nWHLb!Aji5wq&HgUOt zL~L@Ic!nNZ18x2WY=OSpA%YI@_~}^Nl)HctrJ`$*)1w6hsqS=cS0paC+v~3tBoi^q ztxxjo2x;N7xh4Y}$(YQ~F?U=Lso$$WUYvJ}ZR^j^51vH^&QJSAp~A~4?AvxccZ(bj z!s^S-8{W=~BmBlA2%A;dQ@1{Bo5jIjb^8rt1|xJ0PN#|p03l0_SHDyt91cco=KTgv zt7VkZ$}$p(W^SrwYDNXb*M9MFy6eVDgtp} zBg@M0+*{N~L9=4EaB4-kgzUEj`j0rStD zy#{DKm{z&C^uSiyJ4q4kjY1lNMNadenQ+R^GO~))6-8+_YG^c#sL<+Pmj&7aiz^7c z=8W^30jCk>Ap)uyN$0o1ZWy|op4W4j6PoPl&LD;@p{mEZE+=*P?o z`jO)$mH7|nD^?y-RMT!XX_0-NbdxJ#@$((_S9Lv;-|G`Ool18F@|9kmAcF{f`Bq`?EDo?&t5b zN)as&&%H}E;aeSVBPiTWUSte#o`%{hV#Nom@y-od?^OUOr7tE4aykL*!k!(4Blhsb z>1wxTQ|Aony^rMNefhme6|s}~O(v6&3b-q$cfg%mi&_bljbFV*=*VH_A&$O6KhjW} zk9#wOmotQ5q@1~0BMpNF9>=yM-os=}^r54f33IP$65TFenF-^j+ZCh*o>rP?+xd(# zY}%Y(q|7x(QiNOil$%U$**#oZFLtv#Xj+b@GltL)n@-4=VN%yBLZmM>_5&SVwnt2& zLtXfHC#$^hR+`Y8EgloTrbRQKUaU4;Xx?I|z6<|;k>Gn(EI>vmYX; z{Q%SCz|_<9RCgv^cVnr^Ivx(AJZ)`rBTcl@xIKjtXiEEttypifo^U4l{8-)~?g*S3 z#ksr=5%h4ket9IqW?(nhA=xiGi1mg@nkJ2R{`3iPsBD95-O~ZUhi7IyBD#64Rnh|b zZD0S5Q|o^F+(WDOhyQSN1M=VBK4Q1|s1WS81n~&KNT4HkCtBogYc~Tiig^|_c&l4) zmfvo8lLymJ|0;?fhWg+s`kPOkWYLI#Ku{qT9dX8i!XW8=f8ysWboJeJy0|l!P){N| z5`apy2o*S_TvJqK7%7@lXVKI(ncj%BoDj;ee#jYX?gSUww_Wfv7bb9{*PqQ$)_aZp z)J^r$9-Zq*!HSH@ZqpGIfZDjP8t-i%(FUeHx{P^)06sILXW5}Gd!(ptQdE0_3dMqg z@dj}aO6b)+z5n%zd9X~NqD4h1dZyi*72}|D%q)Dch^3wz(2hkQ2bD=}tJd3j1Ol-- zKcT?bgn7A?>4qhszGO-PYwxvO_ z7WEvP)BGR0&N?cNW^4CJfM6j6cXtmE+=9Ei2M8A29YTT)PH-LET?U6>gS&fhclX=* z&U?Od?p^Et*K4t6s_5$3y=(91_f&DYOEAAiR`g&Y$Dor-T*boK6}|x=3)@&^HO(eN zPt&UzC^6fvefV8CX#A6dkz{VQuifc6jZW9?_nOo@Hmv6p2}F?bL3zyZ2%pxU+tw{F zi4=6h20yGzkBk+I=j!M|;Jwq0d+^*?qsHMe-J@YgIMRTDuHB;g1|=+&zEUf9;^lZ+ zohr4wsn7LlOqfCu2i;8`Y@AzyP~U4)^U4w>wfE8ba!{n4SZhelq^ZFwI0MUD4+EVm ziWqIE^Yrd$F?YANP?0N#cy^~cBgj081ka^j9{0eKLpxIZD~ExVI2C>k!jb$~pqOvj zDZlpT6|Nn{*c>cuS{RmKZ@dE*GG#)NFI;+8DSsMQ+Fd4@4XJk5^|X*cGKFSYx;PEf z-29FECRY+tmpcm=U(;y+tr|g#c?IDNuBj?qSQyfMxDDsC+6CGyPk>x--6qxT#Mk)i z#f;#J%3s2p(wj#`H3{xo7mudv#XIi0#|w3HkG@;?_$`@Ly)u=;GV1qVKVJ( zhy|L0mR-NN2B;MMI%=U`kx1opL$d9xt<$FFzTL8JZfIL}8_PV0-mg(l;jgp5_FxdQ z^V+s4i~P}+p1MkKTX)P@c!7V{(hIRc<~xkVbGY5j5iwqD_8258C@CAhKk%PS4+P@; z3hG?ZK#RwA&CKmm54S^G;<7@TmaH{0i}gGIQD&bFltpYe!Ts-1{HK(Eqr4#y!BS#j5yMVd7=u8|bnUM$USG@WUzo z7aGfNDSG?Ax&)=Q#mDV*U97V|-ZBckzlTf-YrZ)obg$fqv}2!NsV_5UKfm4@-wGXc zb(eL%s%XP9XG@43k^Pz-YY0r(sjgyT0pfO!Jr<>D6UVf-*yhp9VrQx0_cE25_`x>f zf}9`{pM_||-qgpc=Bhnk2=Fq;^Dc0p^`b)YTxMh%YFw%D1 z);E;97#Z&=VQA}9Uet7I*>L&2L*2FBv?%dE8Ury-p!m{t2cjbz_moJ*hu*B(QD7f% z0|`*_CGVia71@fmz|*_Wn#MTwSb%s4Y>CY<^YJ+J{+da?D@gs9gQ8yqUX3ooTL^pR z2>67)Rk?<=YX|q-!{o5&uA<%gWvrN!Y_i<_^J8jK9j zaRI;>+-3;4E;Se6f81p*CY zR@hPT=LM&A_3p{sZa2`Z-CaC)XY`kKsFEqOnA>!X`}~ESw+6OdwPmDgGk#iVDp3YN z6se$R^I44Vb$_DYm94XYE3_ep&f00|N@w$x8L)l=7{{^^%jwaDE1IdF`YBo(7gr1~ ztM;vC#;r729(bX5grAJGX$xjie0a6soKx3#15$H$**tv{YURMY7luU;Z3h|k1PxC?=(e1j;O)_yt<&%5(ykr7+hu|IWf>- zIFMUW4!5VxRt~foX|Dea@1P?gvwBES;<)cLlN5ekjFP_sNZ}>7fkQi$;-yAYB5b2F z|3w3!0hnLITxNQ^5|i0&e3_E9in~L`Tik021~;2I5<6Y}d5v#a)>6bB6;E^>XR#=Z zP;V;lu@6m-?kk-`les7FDg4?TdCvb?J-Fie1Nyv&(n%|%#_bAn)%Yp(oNvpw*L5V% zAZVkB8waRG9EbNV3SOS=o48yqT~%jkdwKGO{3BBNeINp8G`WSOsVIG~wdsuJHRsFS zAQE4zg1V+l1OmE(U^hV@X-3#FRxBj@J&zgPrr-^*yR~pHsNIcY3U%We(O1&01~U{@ z^J{(F3D|PUt8TRQUl~VryX^ps|2gEB8(%hiGVg3RL^8sSh1vwm@M?)zt0V!NBVL21@@nxzxDq{lBnMX6+_;0KI zIeRs#fgO0(30>BWP;Bd&Ok|}<#<*@g|5}Ics0m&OZPxe0L#p(Aj8mcD<08V0uwA+`pIY7s0fDPII=Na6XrdXRKKNAjI3YPGULS zo8aX61)f~J9aoN@SpdjsPSW^fDP*w{)aUw9_?p)$ccS(tblH0cZ+16kbeQ!!$b$+D z^`#EI9$V6X|J~FwEycwWwvH48E2{p$r1P+l80#UlgQbMLNmr@JUn>o6r8F;5lIE6| zmS;7F{yJhgTv0YC8?ksl1QtbZs!jA50+%VqBD1pCW_PnifUnwk{Q7Qp%mbrwSu(;) z47nnSVrG)phlJw4>Uj{JL?+V;_z{4}vynkhiU!%-02e>6umL=|+5tz^4$b-`{83d{ zHip?cJ)W(V%p)Eb;SDH?Oz2lGW3Fd116nP)g0N8=_gbxJ=&k9Ay)Yue|44&E^u5q3%2-dI7!^d^&`j(umT2ywUH9XsU3nLu3NLsGtL5)FTP5FKg$pU>*9 zH31E`<>ukwjf;7Y7Kl4a5VgCfM7D1^4Ilj(MfpKQtcGX4bVHF2?XP#FeF6aD$OY&~7aC_j`p~ zYe?WSA5SUN{HDlh|MpPO+lX z#2kmh<|?|vbRq4U1mBWhg1Ohk6?;nSL99n51uqR>4whFo|Tg)nni=ydRj! zePj4xt_Yl9mvThUxJP7hT26_t1UVn1@~v6v0%ZG40Blu|!2q`F6XtOp_ZSF&@gaeqh**4rHeEm1$;iGYlX7Il^GpAu_ zyI-=`>pZI7z_c10m2%$9?a?tX;3XEC#7?>yK_)1OG=)V+aa zxFf%WKEI{TY83ARZ6^}%Jx*yxxjI!(aG<25zknozV3V7UD{RgL5f6*QR6e$u;S5sNGiq4sa6$qYqF|74B9d zgdxgoHq^S+cd;t#(!0azR#(&o`WAH$IzM`~&(8wQ2iCrku8B$*-wdnl`*T=}|pv z>AMois5H;3pxvU=lU|9A?jcCT`)D!*G><+g<^ZMUPZK=H^bI1JE z&!b?$4C5#TV?cMvab2><-VZSQ>+f*Ai{=Wcr_2x4U^3&%T@w`cR4%r2B9Pn6`F=)g z1-*mV%{3uD*;(I&xI}7X0Oqnu6~#%zH|rS&ua6ogb)mi^0b*uFUiuK7AJtgYVNpxW zhF~F|Z$~o?^`6kH;OIi+`!oW+ z=|#5atn&H{^zAqT9u7+<;bthN`hLJw`MKE;cJ0i^I%Oi0mhymZB2{YblD7=3DT{v8 zEqcvJq4P^ofCqwE;@?%mqM0c+9twmLmh^{{^hM!Dj**tKo~z8dO;v=Bmg_gC$s_Om zqk;Xv49Kg3khh~1oXKM9JBw_R86!^P1gkO+^$zE`Ph3a*Z+p_=v>_^L z{vM|g&6VtHbAXXZmYMP~Em zapZ;#8a`k?F1zV&T8$--?UqI3{;k~X96m`8iwn7amX}(M9I5C499SUwMyS zf~b7FWXGe04r>s)7HPB(lcw|YJmby>$ie6|bH%Ku6XMAuM|FJgI%O

lr@YPBMbS$Um&hiffVIdSQd>>8zl(@N7bYy$TmZuhxMJW zb*`7e(S1)0!t%orWti!K8-hrn&Z2NuNdx3{M&WrlAqI$;s?UWw4tis>t+?0oYFSWU ze?s~`PszOoSqylvi6r>#0r?d>S?Ae>vP%FAdGp@=x0pVZy~RHs3>@$o1<$-|ZTg6y z7Tdczz_90gn|yk`V>5D79*fZE_b{9v9*cE+F{=c?Z#WzgO#nQ=bpD=hxF+cGv*#ky>$gQL@C?>-D6{-`u`K%{3}UcnKP_;XXZIVvfWbI z%^mk5wDNc^?(hCVD2tOW)x5UlG9AEVqU3-H1;t)wkCgKVG!pBg&;Fp?S@oXx#MX*; z7s2j^jQXDVAk=gE#jUG}JlpO_A~mh1%Q*W`W2d;xiMb0VuPybCWOkI1cE_zY3%gu; z8Ng#CYo-ht|He~{M|XVk(*11RuJ8WtJa9-JP>XR5u;9%!rKC7?6%DH$UmrrHJ%*eGNW^y~U5N#>vK20gtI8xkOzHJ9A+wEkU zTn=LBYyd*K(;;kw;}EExPd^VO2k$=J;1ub~#L;q^4yVKgd{8*d(+k9);RW2I7WmLq zMl{+Us|itv^@Oq9Jg({#w<^1J%^ALZGz2^=+nzmRo8p~@0pq5ar%1$XpdE z%+@YTjXjnMNY|<~H^MpxB&ZrRlmk^D`Yr{PIU^9#p$()f^s3W8X!z`xjNw#ssxy7| z@#N;Pq`&byProZaVo~vwKzEk+z#Tl^>E6e>lq{hxmhH-^I^Nytx|5}~(yozQg}E@B z{83I6?nzg@L+Z+zGdhVzuw~s-XaTC6-MR0~lH1qwVB~=;<~`kyjTFU(^ItO(3V9$k zd8{YVMYOV)e9$pxh+J5!Jzl)#b-B;xn?HrF^@N!#N?V6da_R|H8>?+{4!Ly+$>?1pa2wx}+w4P5c~p%RPc-G-a8#WZ|IJwPfwLMBd%Lb>P9l zXyA!Q%eUn{C&)F!2uz;-B()P3#i`YPe`_<;D$vmB5kD;PQ?fEtIY2wIL=VawhIc81 zb^elj^T^D?P)hH*~Zdqks<*x_ET*RXnqjL9X9o|Dl$8%jUt zFpMpe%F^CMWjLEL{+X8IYJWNhkZ=){0hDcOD0UrBAUitR>wm!({`Qmr$Utc1q$wjs z_^FV;%FWow-vnP6EC{4_?J}6`X3nZjO>3y8v45cMW8^28kw3$otlHf6_bxQwON;2E>N{u>$|qNB|pgsl%hcwnx+&kwCn; z?9bl9F|;OK`wZoU#pkXhta@eUlYTlE0GG^oB9*(+cu}l{s`~XAfR6(*Gw$1OQRvnB zu7y1xZ`}$-;d@85wF*?Kj3KDH8Xe%)_zV0b-mCA+?j8b=Z}EoiUs=|arZ$l3Z3S}G ziqfK%%avp7FL#-$s1wJ5SJhFqcK5d#Mi!rQX}U(@QaC`;aUyQ$V~YK$)bz^B@LuhN z!sj6&p~9n8Ad;bC*razRS0SCyk9(nV?T0(_OH!NjTGLR%f%k)rcqrE3V;dmjLBn1# z_G!dH?+q^^TL}w0`yeN*m9DY~k(IZsv)YLsHT1A)^QbAf%_eUvlC!V_z=zKf_#A90 zd$ScJC`8|$|JZzOTkorpjI!v_gxSqJ4JkqPCxjP}IgR(zuHBT&%Rxlab3TR*is@iqDIig|B1W0%dT+NJQ{-OgZ^6V6Fm zwLOG(Czz}9u2xE^TPc}BEoBt^~naOw3~q63QZ}F80Vj*esxv$Fv#Dh&V|X6?I5d?D^nAf{T+M79y9GEV!CrnDMM z%uxq6#5NDQAOBopg{J>@LOtmmisy{N7iMfZSSv#n%I=ic8OvQzH+3v<5&1nelZhVd z!Jo(HnkU}cl(b#KUG@7=`U}gbRnR-?>zVQZxdWXK3CZiSf!GA6tSEDK!7)s$S z&u9b=4a}Ejbx9yO15a(yofX9vK4pc@2h;SmfIv@s@%q|8OE!$9|5xbC!%2Vfe6?wg zNpB>m-L0y{25IY`-u!R7zlwd7JaZH}va^E<1}WBnG8ng$HVJ@AAcf3?;f!7hJuJ!E ze~g*)r4dppkU~?`3dzg7J)^i5!c@#?A+0J)Vm4@D=>ByZC*Z{=+J?ax zisba~7KR7Yd6gVnfLns|zS=7)Iov@lQH}9QFvaE#+OcA58{1bY#(VkQQRc%1Pb{Bv z(jPxE`eteT(7FsoPQ5_QH^ZmC)Jr7D<DdqY0NBPSuID;0c8#{xPOd zkQQk#`-gZol?o595gNnwBI zhbifGtL#s9O26LW(Hi{9UE$ntxC`T}pR{u+89YCU%=kjH@3|Bm4EK}SFq_YOR4T#p zeETMePAFFQ2XY08fs-`5*?FbpFOl_ShD2#@ax&lNmSgn1I_(;-rI19pySu6+90AXF zo;gZJp>(i{c0cAO823r?B#nnGFL3N>C%h&Nv=Xsa%6hyyrTe+1fwYKGRwEQ^wuWV< z%hNi`=4C8PbX|7zjRZTp`3R<=^`e+J1=_#yR0Q+Cy#>4mb*Xnd#}w*rEz?P5cs$ng z=da`GV#!n@NPhk=d1tTiy&mP_+6Y4Wu=$5BDo|jDi5wo*faT2wGy-GhBz-H_aeGKQ z7?lLuFu#e5*S(eY3+KOfHE0n4J7@1p{sCPd24_VxkBZce{rRw_ZUR4MG;8Bx_rw2E znB-iqAqmZX8@xy0r{JoDHIWb0;#F$#i1<8?+?-g?>wK6LNu^@dg}r zH=ezP=KEkx*%M(T>GTX$1THxMD#L@UW z{5P4KgrN3#&8poatdD7}Pey$!EYnLd-! zV|*ct`H2os1PTd_qF`lZi`TsP{lB;P6)aH7LI9!N?R~NSXJZS1@*e^bch|qP8narA zALINAsuruw1|4pdU33Wi*I=Li4z_^N;r^e&UctV5)5P5e8W9syC#z2Ue+DA|JJ4Ct z7rFlo^#4HlA3FY0q+d{ByZ%X}{=F{$L0SDnq=1DL^QOne_|IJa`(^>xVjurbZ4Rcx z{=cX8e_fN31F#}48W;)s|2JAd3kTK`;rjDO!v8GLex7ZKdBf@tEG|U`Dpq?ZibUhMbtgDq&WAoHo^MTaNT-&LNOluR(Sc+#W{=IIW5U zrWE!AoAWh^f7PH!@2QKm*$GTXGlnd+{Y=H;1)q8bXI&N2kurIlA_w+cJ>xUo&y4Zq z0VAv!z;KV^Xv*_?H-_|g1`TR~3BjOREk{);a;(C}D+W=lBn}w^|`mU0X*> zjVCG_P$L$?y9slpF^nd!8^j(E#!r<3h0LInv*|=Z0bBk!xPpHfY}+r&0A_mng0faH zVL0Gi&#Uc$&4XF5qy~Z zoRS(Zz$gP+4H3xLpG1eaPbSn0{NG^p7g|;GsieXFD|g56&BU&wNisCErEz<#8_+yx zy8?tEhvs%8dH0CSmckzBex*z|@dz~ftp?;?_UacxXGP^K_qWfMo3kGULh<-q8_Et6 zSq#R&CtP{vQ8psx$s@~j=F|A!q>LQ5STHh#d}JKZsk0kE7|n+p&%*?ls{UN2$=K{> zsw3Yx^b?{ilB0SO&;F_dy1xC3hZV|3QI4dkwPL9rnnd&VH590`tFN;Z|Om0;@`4Dn1S571-HrW2|4ooXisud@Pa7b6vF5O>aTEJ*J5FBRV zaI=qf-)d^o3cndyLDfJZmP)*7+!=9Vo+!n_ z`Zlrj=?PHfP9%)CkFE6}M{x97F~xqkA8gLd6bK+*6x0o)EB}SA<5p(ZtpT5fhO-~a6{5j@ zyDO~)m%NA|Ec&5Lpjw0PR4d_m%_zL;t?G|X9d0vxzW7vSQXlBfV*p8{RkkkHy^$YC z;{mnUP16f)4O@A!^6j6hBUrax_Ww8n%wjWtz^P6?KOGUu_n4-z_%vCMMI{50qI}_> zoJ}_W_Uf$PQUl&qp#d8Q{dFa~H`o!TX8*v@Jj}Q~D%0?kfFUBuV|Pk?w@{fEta|PG()U7BuXThE5kDfi*op2La5<7zZ@*p8 zkN-F-)auJ5fb=fjk<#=Gc1N$`-H zedHc?7TPYiZ+1$z=n=w3wc==x2+ju;G=0S0k|`T54i}7O>rJmZa8Lz%D9cMtC2Oyu zntihQT);K=jN^nLE4$fl^>`x>=j)d?aY`imS#58BfPDF(<|VuK&N@h!Uf`3@Jy7zF zZn|%-nEF6yFz9w7um1KO+m;PJPuk48v%{y@_EKxs$rW5Vj)t32yh}Hh)GFz9t_kIG z{5oqxUWqV?zkrIC<9&_dG?yV6<^CuBa7j+Gao#e(d^q$d&R-A_#Gsi$wX%{%ukKyZ zjd_6k=u;6OhJ89Wa1PiJ115w-bj&LaXP;dYfubg_eP(OrW7xsTv8h-4b5k&{OLg)I zn13GRxOwXBbskH@(%oP~5|r|(e?!Ija`unU9(%1wHjB@_Ron5xnoBESEuS;@*Z%bf zpRR%LxwJGzE8q@4F)%G6@{h#Gj3q&EMNhjw?uDvc*CNT>qGs)V^5tNY|AV>w37*P~LAOC-HWp zEOWaCKs9Q8Oh!pUkhyI3(Bj8Jd5B$%>1vOIPb|9ZYfKMtb}CedxQ#A^;M_>!f&V?8 zD-2bOP%C$<9TAN+!1YKx!9!=h;>8lT?4{ofZ_<2~m5y9{uw}pt(w7XVUwB~c0=t1& z1!z0RyoPCAGFrMN6PEaW<(^k_-7m`Fo+nsKJI4t3^6J#rsF?~o`Wy^gx^%NpnJW>= zOnGk*aFAuNlUR-y6wU%UG(en3%aNKmJ>FR8tw)nbndI)THBaClb>6kOuk5{hKa^^N z5V%}_#6i@R1*=^?v^X({jNIKI{c9{){$TGU1M;$_CAWE#xyx#T?-P(e3LF){N39s` zS22O(6NZj#l-@q~1qSrq<-`ml{hMp46@A2^>9iZC6(+o6QX#vsbPiBaO?Gv&g9c5d;QH4 z&ko;??#cRjDhk2;2Zl=q417}$+62+GZmm};^0X3BbOaJ#_=sWW0 zHAY=Q?vHu7(h+Rqf-Z+2iO1FyiEJP#Ew;BMXOY3^|ONz-rXVjLmVLMqTBB zYTdqDle|T$WhAix#%l4j8c`6Z+sSh?URv(;tRc8$us^oI?bo&!o$2-YV2umGU_5~* zojQZ|zDmpO=j9o%6CyO_XVrXb2-MK}kWSY?K9y752+;||yI>uN0vKeRYf7dvy-d|o z_O=utbl+xp)Eu;PU_kTCE|>?axrS4W)=F~YnFl!|trtGmSJ`bLo#DLP^?uukQWUbR zBQmibgHbR0sO5Wnm(N7#(4EWwCUxi0_^NA-Xz^$H@1f&m=cbBpOBl{6QWVDFMrq!Q zmF4O?Wf$9GDP^mdPbC^tro)~)OzmeM+|NIks#ok9n!OEYLF*JH<$xNvbI3QTnJZ?5 zzhqj(5gV#DwZ%E((HJQl4UydJh<&+utk59>T z-Box-2!(9ptG*2t<_=u{8h}5bFbFeVri2Q;i5Y^I5ts5l3Eld%vdVv5Sw{M3+ei{L zRb2i)^3e)eb29}i@{FYPOq2Tj&;8?lM{|c+(S|;^+YGz!VLpn6K26(YwmE(Z++$u&orZmEdIJNTi$O zP%Bc2n=sW12e#dZ+EiB$ImztxmOkHslSnisT#}2t@AzTqic)RQD};jCQPj!Nc(F$_ zo`Pc!c3fsnr%V_41qh>kA2*@|YK^+cm=Hm(iF8gd9N*L?W@dWAZY=3Ko%hPKw}+3& z2hC=H*!9z1kHDo+v!da>F{qnd+;I$Ib2PN8vtuz|E$V!S5CYm0^SCgp>+y%dNgqnC z5jFDqEX@p6nJL9{7Mdyo)6d_K69LBD>Bsi)V&2*CFDij$7fs(z z)_tq;#svy;H;Y>uh9t z)@*La%s#awO+>Q1IXLGGxw8LILtPtVN%V9y9*r4fjB1Mbc$7A zqa-~Y#f1)iAK5}v5ZT@Sd@mbc)nBYSoWe1E3#wj{HU)iMxhRH_jSwbmpPb;hFAT@S zF@4WzG6=J=;;p`y zC^6M*psC!LB>SMjJd2JcUc4e%zw{E#+$9&jfpuGq+w99kq&cvZ<;G&SSAAb%98`LJ zx3Sb8TWh)fDV^|M$$qJCm~a6Sc+K=83m@-W+vc+Qig;&ZJ?@y!@Ts`rV~0mTS2EXS zzu0I>(L${V5!$jO+)1gFc*&|_FvRwKAqCpj8`NFT4zvM6xUms7we>Y#8J5%s{($o= z#kZbDQ(to*wpYVmEYbsR>7#sM-kK77=@F?i?Ua@aLYr(S+|wnOvS8x0>BL4eUL>0C zR*KdBL^fL+Ci|ch5RZ|8HlQD`JW zDcZ*S)6hXNmx!}J9o|4H4O3}YmX)&OI`aihN7k6@B3V)2)zIq87rrEK?31JCZ4y5P z@CvISPtb8|Y=64l4;Kn|N^04^MfIid)|narqc8M z=Z3}spH0GxwD(%J>g};fE>`jA&t)=>q`|}$;>FXXyZO%S^_v^O=2$sL+q70f*O!+Nb>v(yib0*Z*DKxbqFi4VcsQitwD926Oa*V|1 zM0(5!dGCj1MO$gFL*9&y{*~Q2SEIwdnm*i+>PXvIK=!{WZ9FPM}ZqY-iEpGhzP_Wz_J%@M^jTqV$K`S9rB?7qm!QGcS2uA)t+ z*sro*QA^C_zM4c$2Q_Fo5)%+P!l-HED!CzGrbBQcOgaiCN=$iNYE8X9t~_Na%NY&- z>0!BX35%GLEhF%ndE@uPyA$mp7`V9F_s*^<=wfD`bD}l{>^_D6vwn#Y*H1u2z}HQr zm`Soj#ChXrAG1Rgb@B4hCXF?I1k5WwKcxe2^`0w-b4Mo>@f(*TR!d=%)1SxTQZUCg@^1v6qy9 zNFYM$(Eg9lT>7QIw{F{f2!}lr3a=`6sJQjaw$pg7c#&;~^!t!`&rXTyb(Y)etJyTL z3A3Je4tXYJM@tNFTpc{5{!~ODNcuIkR){iTcvSIJI|V=Mi_{ZC-`?}L>&&j-Y`C)Z zdU6$V;80%K_m4#eUQF{^S3O6VEX7;Rb)VQBo^X^{3|6$$T6QcK55?|Rr}5vbF#N#} zg>}!o`@Xn)-5n^fDwy#R@J->;sxakVd9JgXN+~aP<(+jt?Y7&faqPL`s|wc<<-+Iv z5qs}*&wzm_4-!k$n`bkJbY3Yo(d+YGd9{f~NtSYmaCm2vVq!76Yx=p%b}sB))95O- zvOFw?)uVfX_hy$vfKw-{VHubPd^r+U!s)pZ;jz=p5P~C#va$xbH~} zG#8)HKp`Kk=jc73@9=n!D~((VT@GN0qto?{^jD4V-xS zh25F8#(pjJ8L=DCimk78nNPv-V0`Mg+J5~|Qn4Zr_HEMgqUkkdXgDnLd+Ej*1{|d@ z$M>5(9A_BR+$b+HbhWo*pu8kL3T}0tBQ*G&VX?ea-nfNl`>CH!CQ-fD)lL@V^~WZL zUDg64M8KhlVj5xN7#w%6-V9o%Ny0xHw5sSoj}1*Mnn8olkEso#rcxEI+wHI4`Q$rG zu2m!W@uFyten4oNB2&flIi>nkJ%C+@dLi zmfAWkE&_AGYqYt|R1$t^IYRm5v8)J%APVZ$DX%#WaHL;(rk;4H&OFPDFRc90{jV)o zow3mlg9a1gz1X-bJAxa$+JU#W|yQB9rInFzkY3z~doe4%=(S^KQ2W|uT& z&>~IWJ4$%$#rBp5NDU~V`D)4#;cL{SoJSr-8SYg&_1V7nWnf(;=Z2ATn4l@l`nM7I z*4^u0fMDW04}F`_ren@?N0EOTDXCRALS(&=y#sELC25w+-h_xV5NzR^H8rVRKTveRP@Z z4JYvt)$eInl$XyS7M2{{A@vBSK5@e5XA3JA&oI7Ax1-3zPWsA1gkXpA79)?-e5ZNa z6E71UXW#bD_N%*1*Lfu7F(+NCyJqXa!EU_}WNu##Py6(IsFmHgPX*;r*T_dfUz_`f zzkg=m@S4x^nx|CaF(@>3X$QX#Z`ApL0pl!5svBOXP{*+xq^vPm6OWcb;+{$T>Vbtv4a^i zYV^j!wCi*am66wcL(aG z`j%)u(P=+m2&@p7Vx+V7rD_}4p^S8H!E7-K>jeq*7#MoT>2 zA9OcG5|zaL=AsXz<%ALVo)w2DLm+%Cj6Y#1!i2FW4B4pfeA~@p`)8$cjWhzcO2Z3g zN5G5sTfbVQIXdWYHh=i&ej*i*9iqegVX?0H=i7IMJ<59EtPdbm0pI|YQxksCH(0#9 zjf#!0XkzACJe+_taN^!`+SzbQ^F;>$u-OiycLtp}r3Bl_otln^oC+)%HixHCs|HhP z{8YeXk{EgCDO<%@OP)bM#j|CtxWv>`F4yw>Ii9&A8&`d_(hs$_16_$n)_3QYdko%1 z-iKknYFXN{=_^z5FsQdX^g3#Ll%e_RCK&ff9?k|;8o^1n+~(S#{SQljUSkca|MK{{k;Rk$T+3Fo^^`zKFRIH&qW+qeu)_1 zwYxO!4<=FmmA4gNJB3IUUn{f93*TAdskw?0pz!t4+*U6=04Y0JjGP$`SF5J_c|B5o zG@J`SEbCtT`v@M#(Zt}|f-}9DVO(pm(Cea^1@ilBypP^W?@gutZ1^Zg`DQe1A8H^K z`yCTR??)i)X#eoI8n@Ylx0pXZ#Skz|x7RtFH(A2|EUDtAIgn1DV6Nf8PS=)_53|H_rUoR z+w($`h1iIu-%A~3yi>j^(29{m0~=o(@^3OkP@S_pXFjE?mqKAU$rl)734A2OG;{`V z>tjuR!v2in#C^y|bX(cr?@YFe!QSi-vW#`%+)?bcT&}bSLf($=qtLx(46TBb#xND5 zk+nfv_gTK%K{m@KpmXp6tx~?*uksxbvw@E}>r4xr=`G5|^;)ZCUlIg;CA4@&_)|VORkP0Pz2@xYweuCF?aOmct;;FY#TJJp{Vc;Bdk=b9e%>^ zN!n@zy_+LgE?}6q>$7jB)kxgKECrUd6#p!bIWA!;T58u2cMQRsc~3^7u7cy5w7r(k zrX~YWiSk)NVl2k7AhFzo#+M|Ur4)}U0j1=SUNQ254pTm@Q9_LZ?e9eI?u!TahantD zy>5ca+hCac-PA6$>n}HMdn?y0d^wFxcR-ou#Xb~DM@BM$pC!|)X?@{ufLFjcs51M)hiLdG@+cxL!B$1(+=gc zU{o+fyxo4y_z}mD5oB0vQ8D~-w^MN7Y@w)^#u8Nb?WwS9{4E9y3lS)dXTW?(w>D{L z<^FDj@1m@-%H+sXaC&^feI{PB>GF^J)Z(C6w$O(r!baZ>sLdrkxdBl`{W=!y7?ObxkMQl|9zvPv=EvRXj~I z+JAG#)r+e>HS?Z`w~!6}l5xF=543F|b=UKOUuvdX(wp_+-`#`|n4hO#zB_N8Fnd6{OnEl03@0sMhL^0S1ddGyvw zjdybVPI$cmuw2Ti^bGH8G*e|62u)C$EdQXkYQl5cRd;@2b!nFKdcxAh<&$HK9$ivg zslR$X@LiCgE_0poOtuZrcv_lCkI4^GNU?dwdN5lxdE&HikY0A*yccam1X>lESK8^i zKZ+JQxL1MIeN)WuB_66iwddJ2lLUMZ9lrutS^uv<8_Rg1MG*rhL0dL)+^e^)yiueAF6zI@ucu z-DveuIKr5J1vAqHJ)wNxh2g~8o|xZuU5)j%oFR=Dod^B0fDHn;0h*n-@5*iRpBa2^ zm8*Gtuq$)^Ju;Ydl4ySkFERQ&ProBJ0FBM>;BZ+lA$`t1FZC<~vAPdgZel{+F-&a4wOS=H3l3@gVNUMcC_G z`P8@fi;ards03f%YP(*R{K|~bB#GV#7IbXKBH26j>OJAZt?^sdVK{me1jENt3dV8# z&<$FPv)s@^$IlGjb4 z0T#xx-mbo#G0j2shm`dacU7Crn{jP8MXnHWY6FQV1G}(-%hx(aU~gma_cv&u-w78S zRdCw<&tcr;9Eqv;v$oLcq8!FJt;oB@^E?-30|dWS0+OS}2lP#$6uWI{2#_dP2W z@8NNh_x-7TNd>629VI`Ri=|c>5BR!1Q@V4}DIH29-3@}&qPs&Hq@)`} zx*MdsLAvXmxc52N^FI6U{(jDvIWM^8nsbbM+~bbl9i!KCc@K}~E|XN(C0F8+CVWg? zI{B+VrcLaA%PaZ~e(19R!FXykynFS+&~q}|UzQ_B$S>AaOUFDjz#X!)G=Q-*Z=)IR z*|dDlw!Qgmx?wi+fIB?Z({LSlF*>3^vlm<85WwU3hr~>y&`bH z%92rD0mms+L(zSrZwA~mrDw34fG?h@f))=Qc3Q#=wbACD~962`JH5f$Mj_ z5xgN13gRfjXh7~$7i6znppE+I%OG?S2$(sqSbo`zrnp|Y<2ZoTcqr{;)$R0B`(fGN z_|{>Iu`lRk-U*hBOcVV;JLj}KXF@>RY6OB6s@_B;9W*xxOigflra1U<|6(4fjI3n( z#T-r`5i@vu+(&M76xXC$>g$*(Hz6tz*CGM=rhgX4uX#ATWb@r-mGs=v;~4iG%)*H& z)#KX1vYSL8vV!8!Hx1M^6t&oG?h(JOO^ffv!dLSgL3BL=EN=)>YNyr`{liCJmS5E_ zHlBv3up*xCpO@-gJkHo~HV5%%osWWe2Gb>O;Y=+RJs(!EYBD`;otHPmp=7^G zv}M3H+lL=jxCO=Z1Yf{}?(zaTBkcHDtqeL8BwIapjH5um-oookqab4xN=~~#@tNqK zvG3aOe_Y--N)Z9GQKTTs=>$?DMRo_vdL^^ea8(dnAsjLP9Z zlKiDt5;*-`)+^%O#j}*~6V}i~^gTd~ihw7_E&Xq>*Xswq9JXl?QW}0gH}D}kvZ3y9 z0ks#uRHB|PB(mJTWG67;Uyox;U@kNE{{DF?9Rp_BO_4>61&h$LW!bSs4&IW#-Y$Ae zo3S2iIhHG|!sTUv!z^tH#uSGp7PVqd$fF{Y$hMfN{$!#(!>r0f$A0cZ1b z%0ZpV0RZzTpE2OZ&GRxtdpzZ&l?4< z+wT72YxwlcxM9HW8TPX57k%u;uhuv9W|o%ofnvs<8&i7bl5;PQmzh)HlU=eWc(5&^ zEL+_LMeBeCYrK3qvTW2}pCkgd@~tEEPTRngpzkurVq0%bsGyYF(cc<8{yr?^*$Q<^ zNVfKZ6au5Ub8huJE}Qn3_yoqZSUUfBgctS^JYpfd6h~}@%S6=pQfj1DqK{dj^Q;pK zA2FZshuGqPwWp5wA`=A%{|Rn2OQ}>Uw9%SPK@zo#MMnRAVPas+Nd6lZ?8k&@V>Ss{ z>V>>)zFl#JrFC-4zI>oa%)lz63zvR_JsA098zbdN#=gMdmGy>(MPt0*3; zW=@9tWGj`MyAyFfQK51K;qMtE6p_d&sT;N=ARO9X7H7aYoXsAgY^%Sx!!fs34fH`U z%hh%Q@%wAg6@nCmx#wWKsmI~^sH?qRXIlh(T72X`6gvE&|I!o$(|LjDnIXsy8%s!@ z{eXR!+swg0#of46Crvw;;-53pPiENo1d$V~2*n?2KpR``Fl9a=im#$Q;77@zJQDVr zKkVhDaqha0G?*zy1|J*tD==Bt98ZpR1CH*K4Au8G?rJ*+_cTk9%=$#xU4Pb|(rgM4 zlWZOD&W2*TE5d54h~D>A1l=G7iq4SuWxw*|7)Um526tG_%es4Ky%0g43D(w#oQ;iN z>1%^IvJlHu_O2Z{g5odP^bbr-a49Juc#1@<)aM{rMoi+X6CHplIn#a-p+zE(Ms(42 zQtvDqk|g$l-fgi!??2OaA;rJf7u)71y3wJ=ig1#|079D*ilMxoRv&*OpGI~8e7TSs zp@Y~=QHLeLoqCr75&?Uv@`%mxedpX=v)3p5xvegqBJqS%A_xEllpeC{WLM6fF1+ww zI8ieLD*lS>B(Y#R@Vwz&mC_KQ_b3dAiJ&9f0$n$;544MvzB>Ax9LLMOH9WpXwrfak z4G^LqqY_xcPQR0GoWBlPUG4$ZT+UzL;2Pz6r!qYcfWFL?hLY;f@1IeMWLAhrO%I6Z z6{;v{OEELtGcueb$Dq~UB&a=|UK@h2M+TNBY8^#=JyqrR5>8N-^fB2ojY`paQaXovFHU z94*12X%r@c@%)zAam>5zu3HW;g}8%kS|hM+xv4)|THb9ttsDzT+uX@lC$}mvg|#VK z81bCYKp=E_(4xKKkf%+r^l5C4w)L&Ww`j5ONiXM+}{Je{%?9%Y~ zwZkaRrZZIRgG~>-!Piw8OA&Cq1z&U$RAiyin*~LxqF=y~0yJ+AUzf8Unyuv18q#;S z-x$*s@{F4eYfF<)r(>Jsqsg1!NO>_tT}-c?^`EU7DkeeOjqsw_Z#NxZ%@xt`$ulAX zqP7#m_eqx%H<}4i$Ge=s{_>CLhS3=G-ZB4TwTe{h07*zDgUt3TCH@r6dkWZ>;P)wr zijXQ zn|hN=6({*}-;$AoB9UHBx<|+&9krXi9yitN!U2J6Z;5x@m->J55Mu2dAfCOOD!>pD z@JPKBQKSGkbysqap>|QaN_3Dp)v`Y|1?`)A8@BFz5NNWd8*6Ul^$ zJ^z)6(YQ;$DEczUYSKK4f;=T2%BZjrizY6R_*S!i`~vywH0xx|mcy&Z_$CrrWFV{4 z;$3kGdat5cQ^der9jt!OXkf+?GkP$&gj2s0sXZ&Xbzmd}{S;i@D$2Nb;OK(V^cX0R84zx?b*qr|a}$#5azH`a&YdKG$w8j>eQQsJBK|j`gnbzkt&J z=07!jOOe1Q=(%ygMSw!G_Hl5Eq@`|9GxoG%3;=maC%U&&MIbHWpBtvi42@kZf7AFt zS@~`+Zw}Y}(Ql3#Iu^Nm_T);Hn4#f(e(-6gQ9)4FllCsld+imnl6VvcKI@IPs3nb= z!C~UxAvoQkXQ<&$CysVC_8BofBAGa_fi?0S;vl9R5mJwR!|#hrj{Dlng^PXsdj)cpkS$aXoX?ujQ`zLWKcb>hLsn|!czzTU?X*c7N?rGBGKF@}>40wDw zAsw$R-?5@1v)udaI<%s!utdU32vTTCQ@v!7V{l^>$&~QnY;n{(>2m0R>wth{%A<3@ zjXTQ@*#mn+*(9KW>aU9_h-XV3I*e+$08+7;bx~xqP2TE#?rbsa@(i~KctIzp!`V~u z6Aov_sJf7*g8USQyk*8{0lS<1Bc`_@yzI8oCrrD)4-lQghUDxTIlS@+y7oYxJg~CB;s;cAxbmfUt$^x9+C%b{yJ!ccmH)|@P{nx7N@mTO4 z3yd;vfmQ3U-2mm7i9ue7SLV+6`wffEflGEBC{P5Wcn+u4J;u82(P|`)t|Op43g#Jb zDzQV8L<3_Q9&>jFLth&62{fDckD;`>W31W_QhLg5)VD1bHFZ(Wru%!rhz2b?KAcK9%@o*TN@(JXD*_VtBykol3`W+VF`k9fO@)^1;dt1 zAkjv_*wYN8znbszUn55OF_1pRJYR70Qu|oiymKSkH(k{15wCt^)BdJ@1&ttZ%q!PE zo`rC(6$B#@9jF$PBiMQV%+~7a`0gm8>;7uR zd9J-bVWrNn4>O%s9x3dZ5Vm5F`DY~i!{xy0_;$RmCQx8|y623^$BCT2QrFu|{x9!< zPvq(dM(kXA{8$<#IB{AT|ALDW8Mrup&~i|I?|dtCJ$mZ2fa`f_ohd7K%a&343K0U9 zqB*{-SA>Z`y$)3;<-?|d$e>Pp1a!57vw7jfr(bG^Hf5l=Ko#Q!FGbJcdYl7K#+*qG z4M4T5c8AqGrOZAWx*H^6h>!E~ZCSzxLUy$u-z&iZ$s*w1B~gZ-f+YzrzyxGZn@vim zMkcI*A-gr>p|5~IpXS1G@qaxzR<)tc=LjkLF$S#X26cpl3>cIB)W+>IL+2|g->(*4 zrRq8CpGS7OKCS4)SDuw+j<5B7RvE`I8#I zvVcoQlRSxEAIz^<0AakFCtKaghdoRpmttW@!~P09(umtT?a5+wul8h5MsbXXC@jl> zaf=3vcxg8r${MbsPjJ<6#{`0-8g&^WK+lMnpa^S?;v})^55+kx(UBir8|1HGkViW; zJ96&iX}1Gkw<}+K<`|S|R3EbLBHF|>=Wg4NhIT&PF_A2Hv+%5=yJdxmEFqx~rO7d} zIcJ4=vMj!X5(B|6bHG=+76|%q_k{MV(GPWsyk+C>9zK^FIie=IEL|k{hK}KvLy-y{%H82k;&W8qyG-e$x6Sj!5B`~nx z@yvgFF&Sb>k#hB;zYFrvzZitqRjJR{CC&*wTy_cuy13~QG#Smod8oaplE!j^k{=_% z^;5Zz6Bw>ubRq5fpCcJ7=`-ik2Y%Q4vczbi?092eIH%}#m zS?GM1(W%PWP_&umyM%Rmc@lg&&2!rIzW9k_yNb6yUo4v(^6BWhG#k!cs5Q?K9Y=XD zLP#70{npQoryFX>=AHG~XnIe#H47}~%i{3kY}b#6linfGwwR8+QA*|Npsg{zx;apy zZfTC2I$U-rcwcB6H(RM($QFf7`%B+-de3P-Ha((QI%?xgZoIV>y*}TZ#7VJG1v81Wf=b&V_O+j${_6PUK^AYWtVL00x`#QP`Z0Tf{sk9- zhwo8$u4*ZNzVXo2-l_Zffo||jO-mcL>{i zZ~Ao%2z@|YIU1Z}|2`@F8fIB=^+A3@h2YiLzg3lleMi@7kFSyM-@C z?yCy7J7=kfPxyx_{2DmLYCeg5iY)4S)0q;l&heFfz_T6-Vr{6_VAS6Rp{17;^{RVy5HL30^Q zLlmbMyUC7<8w69_S+(^HIvjF$g>!~9;bd{n`E0yb^CpfnX%%i~U;T8+8_6&t9wv{+ z9jk8|`M(<(&g&-F)mtnGt7>~x(J?qC=;u%PZY$T?z9y`+ssE(8+g=vJw|rll;Vi*b z>k=Inu*lNspRAB9wWC_+qlv*gw<}!VAoKG!5cyM^T>89gaM-N*8ZPzyQd_nCPWLNR zw>8iGOcy|q=o<$o&8j+C zZ%Uii`xP663Eh_eZ9$}PVMqZdk(JD<=ja=|E)_dzF>(y!i_*4h|!HIc3$KD!<6se2u)=l722oG`XTQ?B9P znPAW%zl}EmWDmo8C^O7X)j=dw=Zraau;(AKo>#mK)lF(oE zwJuIDo57MnG-zw|NI_>XIe6zRCeiyO_49Y@&1ZubKNDGYQkA7kj~IW?4C($9Op_bO zIy+-ld&Wk1L}u8RJoHYI!|=R7dBLBb*|8)ib(iEU!}s1vX@zLCin$l-;10)ATVVQl z-6{0v>KkwEDf9CN9oxPS0#%Z(3kA1&;;#9d4|AE9m!cZEi5dS-l%vde=$rlJA)e@y zTSJ;Esd&lL5%G6hNoI36MT=f7VKMdusXQ(VaV3IZK&p!%MJulW>^p}huv{={9?Z?1RG(xCVb3FJhfbhbo#_#PmpJ;u*qVEt}GC#pUQtXI@ zLoO59g4e@a#cNR2)X}Q;TetHNqwj{L3ad!hKSAFo z38v$m0f$PE@SQY))s*F(Nkqi&tr69?;$hN8%GWEwGk#Q1grg)B)*EJh#thyr_%jqe^G*P%2CDJ^)z1yNJl%`RvMR)0PS2_Le9z!ZwmA} zmbu&qk~Uvuq+NpKqnfA}ulNi(d4WW*9M3O~U`(6w(8clkGkZ<@h&4Ih_i<_Nwo&K& z&WDDg^2TKyuRS>&I8WZe+Bb~{ zCw!kV_+#KC$K^X_te$GoXQPx4ow!L6t*tLpNV!>lF!y~X-dNhVYp=UG zrG>LkfFu_I{Z;g1?%J8`)8z!Ch0_gs@U@)ejU{+)C37G(uBaNJ_|^tOMa7m(jQq`3 zjx{4)2bvJ9Gy6TYe68Ow_zUV>Ch0Sidz|!N-8^Bw2sf#6{F_0uNk{soKw_oC_y-{G zMV&RjWe5&C@vHVb9S^0c#J@|i=t#FU>3A&J| z8rkn=vhxofGf@yZ-)Ps%?lEj_<>+E3mbH1_j%^fw ze8vij;EQyi}S9Q(*V@yv`9G|5jF4^A=77 zF8uV1QJhW-yEP@MHZq`mNrUrK_Rk&7S&ARTk(avlb94b?g(A9j0lU%gQHx9QGZUbI`Q4nlFIc5GcpV+iDXJGTEB5H zh>Sxe7Te8}u4GF`wgbU_td22@Ixw?GX%z4e7l z;^;_oG=9qM`I4|lUH(d&XT3X91rl!ARSR-qxq=s}Bly2}v>O!8O01mYFnfQ!s7Zax zlk%9h)qk_*p$Mv|pVwBgIG(%Z@&U+Kvse79)1M&FjvZr+#kW|Qh)nAjqezZ_Dy>B52l&6c=@XCNP<#T#Z`_~ey ztsTFHSmBR<%=7eF>Q=3%U2o2*)zMs|j}y3^0po?SbcK%;5m|vIm1Muv>!n&dC7;I> zLVwOJhv+xInBRD9e5=m82q9NrKXr6S*7q5!yR(c;m{K+*DwYfN5Bt8}We_wl);8kO zfjD(R&!=XY#1tCm&I`q48L6(D426bdOGn&APl(%MWaSEajqmcxN9W}7?R40d<@n2h&Cdn3Vz%cG`0fy@Zv=-Z;ZdrIYkDsF|o zqaz--TMkq!`PuVUr28Kmlm4LvlRyBuL>z-5g*g#gG7k6$i7k~wt)9pl`^#&PmK-aN>X7@I8aqsbh>#rW^QqcRMs{l|5HtxDodE zJC_1cwyT}O8q6SH+wbk3JL7DIk{w2R&Q0)oV_K|;O7#+u=BAq`+R>zBgwu6j!oKm- zW|lUT2{2Ck5{eTlWwy=Mj2?NoZC@upR~Y;$YW@QDokiB)S8e>Wbs)EM#Bn?gal{X% z!p{h&1;22)DlKTdZ@bg@TYdsaNk>v5pYlzjzWDa9G+s#`YL$4K)TlK9-FgXSk^@XR z9!c)|gwhs_8lcBUiEKRmI9TZ&A6uw+j6ouotE_tLTI-pg)p;ZZwD-9W^m8RXWQznL zV*NVhX+@XnZB~QhTNK}CDEdpC_*CNF$v$tM;qrIAHbpO(@8`4|MXiZJrq=!;sZD|T zJ(B;s=`(E)2d-Y-dp6#1?OquvsS}-A4n0|%1|JN%iVp-ftWRlSlRlIVe2}oJXg(Zg}G-()vgBT}o%ECCDFl(+u z%0xnJbiLwRiDu3q$Yy{WqHKuVpLC3+m{=CT2T^C(eX0I{eqUMxQGClF;xm#S{JaS~hPu@KUNU8Rc z^*uq@8{s5OqvfA*%5}EKQHZ9`2?~lxBE&G3O1n8EkB`f%(hMRs?dAeSYMfV`uD~B8 z6|T5F9j?G6bXf54PX$S?Fh9U3V#Yr%>&9qCdbPe`2NEtTRrP?@cl@ckM;=qdVTfzoCbgd_~F<$OkqE)@CBUn-t&l|RGx zIh@ZAa@Z4yO-#AL-5Hkdwh)sL#NTIf9S>(zs|cv@D;V9$SM%?y$QY#-6u`iMSHyfu zAlJpDLeO>QG`>(ABm}9?(7R}Bco`*C*cDPfPNTeiSgvC8F`SBCkmL+A(0~tmHzS3r z`1~m_nCIIMy_nz;{-xR!1PB;^>pGeJfU15K%_-*_fn1u;XAk!!sj?`c!}86L;}vw-{Ma^?==N&^ZArUwvosaN<%qiE?(+81!B<2ve7)3QJB z0!R_|B)ik*f$f!} zN{Vv-8tT)3zLC7f!~iqBZjH}G_{$TIWQF&x^Z_Pfnv<9PNQcLn{qs$L8cZUhNA1HP z`rCut0>II7A)bFXipKyBKa>%4`DBR%CYbAVBEhQ5B9VLQsC`M8o z-n42QHp-&QFNpKdWMZ}!Aa|NGs<3YEx$?JJc}qR=ecM(zsj$ENY_)|$FOW&3*cC=t z<#Bg?rd(~VZecb2^{Gq(BWcJSxkNT{3hxd2W6?-S{SGy?Jc(xZw6@~**!3^`3VZla z4IVB1nZq!n)5GF$h4cO?h0fE&E$TD5kiRjSRy{yaT(QM$2WH9;io5~{7NywOYIyjR z1D|^>%X)tzr_98nt|9RL8@>3AU7o6O6PYI>%h^hQ-t{hwKJNm3kOS4OeN*L;rik?@5! z+QZswI-N2dZd8=Kcdas?(ltx9Dv*kz{Dn;gvL9!L=o5+YPi5^I-#?%m_S&Pq|Mp7M zVHf*^C&=yhoai-BqJFxW?q+(h5N&_DrT(bjsg)?$-xs@L&D$$EwiG`W1Ingy$<-_* z1z5K5GVCvS_-yn~OPp-%XZI(Ljiowmrj|u{%)ga*YD?SOTqS|aV5 zbcN|FR~UW#G<~e1(RBSJl&C4~{D5B+olnhIqY^qyW%~Luot!UCdERmO+j}IFfh4uw zq<3FBi&Toi%C(0MgIlZ)JJ_K}aM%nB;?IyuhHb9T+ycvuhfF%;fX+)3o!L~;EW94q zaCfI;6#MRnt;tkY3q_Td^MXmdZb)?6*X*LAhFLcU4AS8|iZLb4GbKpYi_Ou`!%-_e zZkU2XL$kE%n9Z8P-hFzN*>KPtSyH$0iC&DK49_iPq|R>BWUkg`PuXxIbEe8n^Y>aM zuoqLdBp3df2?UNG1sLw7n9#=Bz-#~z4#-j|?j5)Q3s@kSiz8VQ5Q1A{qSZN|M`nz%|MrUAMSL5C}8^5U4{-h1=Hf`|;d? zmyXvwiyk#^&bAafHi&zEt%jT*ES6rs4N6tc5JJ#scCTBPm6h5gPS4v%stFX)v-P2M z`HM*D@qJ|IC*1a1@}f_wMyPJicEt&S1e|kJe73jSKbU8JJD9Ox!L-c3Ad=@x#=<@J zOL+92XSn6kiX=6@KQru42+JB-^h#G;(}fe9%2%KQDsca*!AUxg3k&a=vicj&W2RKv6lNJP6Mzi>zO)7F zr*YRp&+c0NE^gEQgwUCTl7?fNf+k~omrL}~ByuUVQD4frA9)&8KK8eloNw67W7qku zbnL$AG+|_#uzdJoOE-el1z^g^7T())bzp5b3q*@9uZTmtD7)pjooA4ei85pV zySS*f6h1pq?xN>x&W^75vVsmJfLlL_rD2zz9a%ivna|7?IoWnBQNzqanM&g=9OXVx zUe`Nii7M;D%fXIxzF%?q#JWVP9SVrntv1Rz6yuUSp1*0orBR_rNpigkoLBF=n!$+2 zVw7#a4MJ%d%ab#EINct@x=#UO3yYpNI*%4b(c4AO2LCh{qa;V}oGFryi?gZ1afKz# zvm;fS$nvFH+XBTe?|KlUtnY8J0ffaEj7b#X4!<3!KWHvM;M4x|=u?7qFDtB_*sDlR zCOIzGbgX(5D8`s@v2742n#e!;a?WkH@y??XKg?-S`)hXv!i?A6FGTp!7}W0epw|Ir zJ;E3Tg{u6UcBeQt!V{6WrinnA&oQybDK>em+SH_6Uwqf_`yFLFzvovNegf`}TZ~e( zIP~Tcu{1ctj`!%|Y3Rg!S>2uO_kwB={qPf6Io&As^WWQRf)fv z9ubHbfDz-z-2(vuAkH`PsoLic_xN&t&(EfOmzplH<*zX`ZRLL$m+E-Q139-2JT+Mj z$c(UdgcllbCAxi{o}A&d7E4D%;YX0bv|QKUqnHVbDm2QoW5Lg|Oor01B=hvW_MMh~ z^x3zesw3AURv6tW-w4{GgWP3VoDU^;q37S;4=G$7J7%ID36p}NGl6&cLcrM)c5B^h zMfC&o#j`xum#d;P2g4bIY@;LCOn3x9rJqi%vo{4TvFIj!O4hu%<8V14%Kktc75AAL zUrNc)C;sO2mol-me`666lt;@ArS&BR4F!m_3UJ-X(jlqb50Xu83={BVfnq?x5yi>o zfr7z=jR(P1f8qKI;8%qlld6d?7JwmOO{CFg4*@IbU#&jiWp#5+4RNXoEb7w znATd(pX^*-pxSQ@n~D;hPp(_dUxQ!Mx$-7aCu02Xt^zw*Q(XA(_v$E!;xkT2>J5{T5eCH z?=xs~Epu?)EWRdj9Dg468`s~9S3BI$9R^4&&uI%_? zQ%3!9Fw6GPoV`s|`WAObT`s{w+!T{w={2onQl z*YTP}1m7G`5HdN0+!QulJ`EGmV*4_i^l`zxqCCo|f4e5gX)ba|Jb(n`D+HksecZnI zHD*)vJ2eXg$b^9pH;Y2)eI^)agmJ?aYQ-}$1iSNbUH(UB ztsY7$UWh;(4|M!o&%SNY&U6vVCIVKG-Ns%v5)p3BF3_oYVC(+o#mzVsZn%74d-hvk zfsBVd6|0svK72Fn@V4w9NDkkUG6m|C3-*y|f!O2z+_a$fMwX>%-OCV{@w&ax_3b-< z5Be`E5?KFiynE9iJsSA6rHRnS-ICi%`)wA!9Cj-{b*X%Bk)Iy*ehr&dRn|7uiU=(r-MNPoD2y%WebT>mlk=*q3VSHC>STy1J`ENhX zRu=<$yHARrN2&qMDi3aIQRJD1dwhzh#9s^=fVJ8mS*!gsVs98sq7MN9fF?HhJ_QTi%!jIf{c|8q;2cl_*Wu&wT5Cs5S>Qc z(ix_RYAgQS@N>(VQ=i=&CX-eEhg&lVv!518KvSd0Fb3H{XaAI=c7c61~8#lowHd>aq5^295uy9e$UC_Gh#Y zRD^Fi23U+h<~+GYNr&AqzxTUuZg&a;=wLhqPjvuub{Q@q-D^Q?xMs_!pKIwDr1j|; z^Wg4r6twSU0CaEE5Df@>$j;BXbI-dNd)7;)>WJM;7IWv*Yh5Ym=0DR;=n8k5_-MKR za_T^l1e9g_D%+b*+c{CD}Vmp2*al zgCA=Kn0YG z?u_PuJWdr*Rk!O%g;f-%N+JxTAjtyx9+w{-dJ~vZ9SZG$%vHmd6WRBgbvj}4eIcQt zO6)QhBh&k{7a&nl?ZVka?u+=DaEJSj4(+dIrGSpL_%-Y=8QW`72$v17>$;8O(Las- zmEhljAL=I08tyN&><}I#G_8!V04sU%ZuD73J2Frt;~cZoK37RL1(rQGqMO7^%l7+~ z;2i8Lv-eu+*7_$62P#T;>XWCk%x>o9MLSvUDxOaB4)LQ?b>p^_dF#6f&rEuIZR!J? z2LhBbwAd+)ZK7)aridV1C;e}3O6{W z4&Nn`OSw|3F*aCcO)>3df71W7Ua@@e?zB^mLA_%!rjXHa$eyrCts;0b*#sd_^lvLh z&-n;vEYsV7U{qR-uPBkTx#0BUL$ht9#7D1!VNq4Ytb4+SmbB?R4$;s5hU|Q12j=Oj zA5BXNO!q}ml<6DcrSxE&t>J<%_NS+qTn^{iV9Y*+xR>fHJDwN)N%+V-@W zTAM6cg>T9Q7)p}%{|r0)8x|wke{@{~Jt%?8XNmvztal$Au!n{B#DELDbmm{&zCTN- zg$)Q`Ts`*Zk+|RwAnm`g7@$9w$^`(I1*1U$xIB&C`ez3C7vvU?0PvFkuTbEEoFIbp zU!b#E+CNmVd!#|uRQ@DNEipyoU!%=l-`)Zwmx+Y3@l#nv^ z4<`MeNTK4>$0@_}Rt2{I8yYLI0MeQAl?&iAH!qJ?f!^IB`?|H(9|70UHIVK(?==w8 zHNCt3Qt9i-gp#b%EJ;2evYX3slUYR&4RYIc+1&lJ)L7<$1z z;b_OD>J>e#mUCk1B1mYB((H2)9bM_X&6j#84%^HDsgrgq?UebRcPnw+Rdh&b?EplA zLj^?M?dKiv?o^E1{85#2rSS;!05Y(ejzVZWf!5R8Ydz63ghS?quU$>mu)`kWD9(Rp z&?wc+C)?jVJEM}S-rY(HN!Nrc{RBu_jB!$Z});ik9B zx`NEgQB%e=t>&fF%d?$C?Z$H3Bz$LJqEpTvc9^*vS28TH-<~VkR&1+~ zP9%Lq8bn=HGKcsY7Oh^7az%3F=rSbnJK}1)dC>20y7)x|c)DrA{mq4Xq4EIH3R@2Ae*EEhE)+kD(ld&QY&j(o~jd#Y+ zUsEf2bD>GbVQ9+4G7CwE~Qm3H|;m35QL!+Jrosee0$NuNVP z_g~r9j|V!FW5USXsE9W!X!{@bENH_kBxAB`8Bu)3Y2X;f@{ z=4%dK?O5+!&u~2p!U`kcMx__MdQ7RfC@dW$-@+(TuVCc8J1quUDLlISFY!iA`L}Qh zSd6~B=5xP%lZp<(>aqpW~~F^Z@3&q~c&oVsS!7d z-R2-wYV>N+^;&Oi@TaK~i@NABFn~a1()kJih`9{@UiWPjh`XFWm?kQJO%vw+F7*fszJLNgoPzO#LJ$VE4TP5xG!uZ zYgZ|nB4^svZAB=7&m&G@s-zjG!Mfe=g{I)CG-ktW+#B$(^DvEhd_uk*# zP*GF&_Ere_J+E}Xvh7PviThZ}CzFglgavC~gI7QPOMrr&4A8wV%UG0xp#*k8-hwAeZMY0V;lV?{PYNDd+oAo$fds z0z&S4p}U)hoIBE|(?#ld#nCnZ{L5;$!A6(CVWFX4cn_@QazL;eJmmQgwYS<_-oy5K z#Cyd91)`99yJa4S!o=Z#b+hpd>?Xud{cHSxV_XdQMnJTWyud?$7zcwGfU{;e5MM+y z>5ECm(=X#P&E?6ZcYYbolPi6wTy1%<7P$oM{81kSx6`9_aw(1Jz=pG3bVZ=Gs>7b+ z{_n2N8nGsPA8?*W&2~I5Trlr$vvf*uhHQ88L>vp)_8p zhx;1_ZI82w7%C--3gl!!orpleLSW2|Ruu-N;>prqJLLaGl&1ij6=*Q{nH$hTPbQ9E z-rrr!OWGc|5%Srt>7N3^&12=*qCWzc$Fs3;)1p5k%3MqSJ5Y^{_lP)An$6cYMhO(P zsjCgOeo-BL!O%bc`+Z?r1!32QBZ+la*ty`gVkPta5Xcfg^$LDhmI{2d;`gG`xfk7j z`Bt6lyBjxMDw~Gtk-v{<{+;UT_6$LtPjPwsUlb<1H_fX*()zMe41z{b>oZezqh137 z1po>~RNEl4{Z;JML57u{k%#YWbrso`v^~pm6wsvsW;R76uNd5BKT;e#UbX5zzfCZSc%gNvk$$e51c- zb^H$V27&XUX6q|CW~r=`j3N%@)!*VKKMVtZJUo5!)%kn#NC{Z) zXFHDq=$pv2vjblVDg+_C-h2I2G)E1ShWdEswdmbmC>VSQ_Q?dxh{S+NNJvI=oMIN- z0`4|AZ_++S$&@FWSAW0Vtp6p=Ip)dI6XiCP5>4KU2lM~|kl6thK>lF|6pPlt#thR( zOnvDmGTJzU>C%S5upLUqbbM%cE0l{Evw-uI+^zDcIx87jpf zW-FapdC~sHk8N?16-L58>Ctr#2f0Jn{BY>mD#8i5NjYsB%{tS)?)6+Q=EYh&vXa8i z2(o6Jxv;rBPxGbmj&le&?d2!w?liGw@$|!TwW?;04=ERW@mx-FR!7Rr;DNJ)p8n4Z z$7}d<49InZ^fso>HTTaSqZTtE5v46UAB@iT-RzcrVkoiCD@#bmbmQwu>>$A&?hbfN zXU~l*4&rs{MW|KjLB||>{Vy13sou!$e7D;qrBYneXZekaJMfa2pV=$|SDNuEp!ryT zYHDB)f0maabe4xm%h&XOj^JMdA`$pZ!UP;01XH4ey5F7kjMkkP*y#nJ@iNre8cN+m z+F}CV83b30tyr}bM;4Y6nVj=kYDv}Ye0%;e405^$hrk!pZh|GeNyeI^;%JmZ+~5h)JM zuL3!!RpzGxJ>~j0@zQCD%(}5HB5I8WEIDuXhWgQ3E>{pur+)iHbBF8gtpvA3ZI4YQ zYXsSCR>#t+XR1-<2l94NrWes@*K1)_vffAETpYw-EP5@@TW^o%tS<);JLW0bWlymb z8%*m)=ZqrY^kr$c$PH+hS^NiWy5ZsAVSEfL1=x@ht-3K6kxM(fICNh7=F=Sq{a-AT zj))b;LvI}GP^T3OL)%xou+~!S_~L=Sd=ec&eg-{J;wg^k!o+g<`hc8T1oH6j8N2xP z+6is@=-x-A1eZ9SZlUy~a=S$ta;;wPwnUF)srJaQzmJO~)AXgq8cGC!h*zlS`|^3R zgo(hpH>uJSQ%_5IDNZ`WAyDb}hHPQ~lZF6E1vW5ApratD4m6y0tIGAzc| zdljhJN_l+{-R2ad>%-;MQY*EeduD|5T}NErxpSg+n=uV}tIXRBKc z`xHf|i9JH^2ZS^s;XKE|jprJ|Sg&Tz8cXH)IK}E6lDA7ryX3!rptp*w4Kwy7Iog{! zTRZywWz|*3{N?|(IUZS)IsJ)X=8%~yH6qOIoFHzu~{NW)x+L!u8hp~ z;)4oz;@UepACdWOAnxo4*B)JUTzL|&*I}DXl(jFo-8hh(ULO6skUg-HrAj#N>ZInE zgwmM28G-+sIEKZKKfC4o08HT^QPx}H^!=~}<=4!GURo}KN$#LsZJ0=R95*d%< zbya5G&rQYAnRPcDutnLfKd(LU5eI^|8}Nx0hQnVwEceCeqTdLvYz!pl0Q~lwbi7zo z)u=yVSvGH@yY_y5ZEAryLA&vA|3I;5Z@Qq4yE^oL@yrvryxK=Hzi|GB2s>vz!(0r- zzvvmwnH42|O|L}J62qV?aJ<&@G1wq~DwP{OQGa4;GzTlZ%6ge4lS|CQT+a!|ur~4kTM`O9 z@pgUzh{9LA6JJEq^Q4ZX=?}YxOAX9hL3L zJOfta!>ge~xUO)*=%!irzWaIZ^`&NB3X%R;ZYzI&OEirCSi?~jK90p8plVHj8NisVE!-h{f9&S9!b{+jo88pS@~Zw?a!ZyLXU#Y5CT0#5wrOZ z@dC_Snp7ZS>x3BuxrWc;_|Lh07RbeT+|qa`AP*k}g8!HSh5(5YGC;Y;5P$})Z~wPI zcwFlUDtKg&hfe1yGH6UcolpIrAL>DPd}!$u`E2z6;|~ca!v%}ozr7yfjw!Z_WHq@+ za8ijnqLaeu%a-FqPDp2w)2TaKwS0P#AVBgCUY3BLK1>3X4#Q&!5<>G@|D>3?Z6>u-OS zLU9{&C#Q=q)(}uP%oa1OWXdg`9tA4JNqCD*ZZ$9Q+4@6N^W_Cg8jmGe(iZqV?_K<) z6TY+ceB?PDzEZ6EGy*vpv+D#j76TGGQH)ldZO^>Z;yzJtwnVf6a6Exgy+kyHA^?v# zsk?@@pYSDIE^{*Kx)x&3srk`np}`|R*Mj*jw-Si1264qGJQSJiJ_ zb+&U=r4^qBO{p-J+5oV%;f^TxR7vESol(#4vxi=oe%C;qik;^HcA+x)ic30&qx7V7 zDtK14I7Ya^DY5+jQ1{+ZO>W(~xDD8dfP#W_l%~>D1f+wgbWl-{F1>`%36M|(+#u3H zIsxfOm0klPNQcl%AfXd_fDl6GzPR^y@A>xe{LUTYjPV=e{=-N@vffqZT5GO3pXXT~ z!Sr$B{J5ZM%-7P*y?%~|S*tv~hx~HeF^@F`YOyC~)Ls*x%mOH_920YR#6n(X zYk<3}$ahqZ#!V|Ig;;i%(@%FdtRlD9??Cq6G(PPVs97m{LwD%1o#$`Sg9D7}}3 zRmK?R1pN9r9Z^uW?GY?RM`21ZhRJ~6RTs^q$<8nwCS;wKn&PEgS*(A}0isiC5#wjx zsWek|Pce&^@h8FA4B1M#y+sn_;{w8??;DM-exU{AMTM<5-!2}BZ}%0`Ug*756J$R3 zyzBc2ziLSsK34feNQJxVQ}IF)oj`<pgv^1pWO~`e^<*{qvL+q?5x#G;|9+gPn@C_ z+`RTflVQz0N{bT=P&S{z707tKRT|vfFgVq@NK$$k`QBq$EHY~9S?xw0_Ono+j|G8o zdui`GqyJ2=ip(ehZy?`7rVs|Whov8QS9+%^ooe=3(uGK++`}0(1Qds49{LasO!k(J zPp9dPJZ}M>%g1p@l^uFMh$qE?*!=gNW6cFD)tcf`PY^p}Ii)Q^vfCZZnp zy^6u$hX`%zE&KxS4Qie@qEZ?5f((R#G7B~h^;F(x_mWwLPfW-G9of^+D?azOO;3h? zgnpXh-|?7JiTZGB}>$)vE>uu}sT$@DFVkSv=6#L8OhxUWiLWe|Q;U5o8BB~F< zJGS58H|0LNzMPOa^ak^odP_m(ztz8Kc-lg+-~SR!TRFwScs;eVc}!HigH5XTsq1B= zpaE|U1>I$x5j~jt=}pJp3Q@&dIgos+3cE(lN7t{2x`Xo?oUy zZXE03>sWVEMd<`heb43qFCguyUB=?q^4YN!FU_u~I$qI!2b444rT1Jc&?-zGMB&!B zb{n6Cv}d0cRU8s2_x8S3(!+l|;4`dJth9_$4>ilF3?8|hc;KP!%zP=RU%w{W+%_Ut z*b>}Rok2$3Ub)a^w)_3Wu8Cs9jzdj)c|*NTJSvL)fqN=cX36WCN(4YAJCS-+0y*Rg zm%33hqPyvxk$^!Md&w5oJmU!HI;bh@$qP;Oc~-j6Y26yERltWe^wE5j6!Nx}iPJ{y zTVj=PoWbb{$AmVYXhri{r}tD21QD{cLP51eyGF>K2NY4&kLEhNjwDca(xFD=&iOr@r96`S_S?4!rseS_bYz<2Ilo%R?lHd0rHh8&@7TpN%w>eUMxYtU^u6LiKm1*2#Bi4sAOI{^% zh(q@x>b!WEDaINMMG*~9O2Sm<6wf6-nPKi$7w=&ydY-jU`tzYi;nDt1-A9yG(RT!0*+7GI1U<@}nv%@vd$4{dZ?=fK;S*`zbXLb{~Y} zBvH(cOngs&d9LggmvSSQgl5#jQNGJ18sq;FTBWq*|QVK1c)%6-DN< zu<)IDd>Hr2daj*7Itv%XXQz39HB?|9rLl>tT%g^xThuQn?&t|yr)yrc^t zuwgyD_mZHG?Jwfx)IK@7H9DA}0Pl6CJAO3DSG-hS7hCL3K3-~8QgGx|Ki*h5^`>Oz z#;b)q&_z}Rz7C0A9qnMmmi*9HmqILubRuKOA^-T?Xb&1L5fmf2acC%b2% z;2`dUq(#Mm=^)BZFOJ`l)q~fb^-a;r(6>HDM~ockB0sZtDgThzloyz_W=Pj?6apR8 z8?tUJ4e_`l@NV&x`)F;jt^q=~iA)_-U9ZO{qHpnpu{ooz9;xhH6Ivg7I#HYN2olN> zUC_l0ckc!4JDcxUKgix4xRztkR^RK|-xghgk5&xdUGAJa!MP?30C&y6)mJM65%#LS zU)a2DIH7E*cBqP+Av?#?i`id#0^qNyk8_C0RF)&TcNbQL6)OX+3*~YU5qVoDU_DN^ zncJ_ve0HW31Y4ob0leK=SDe`Sl!BCp9reht#}z4`w2E$L*^JP5A)njWtAZ|APxwGn zbeYu1);VXoZHD2MR7`=k9LN#HE86)QZ2hCUYT`>A)w&sKWZ=|S6I$H{x!-EEyH%0l z6@#Y{h$NAOLj(BwReg?D@5{bTsK2&MK_6S=8CK6-pRazI}G;nFW)+MMWe8(#r7gGjD7CNMIKr9dT8Zm9+_4O8-ExiVGq0F}w zsMq46dWDhN=^yw`!6Abg>yJ7%T%;|eGl~(I>Iv{_e${gm^dal#B+T(x-B=AB(@*l5 z9!bOq*oT2_+i?4k!3^h7$WTzhPJArPGT$G&8uow(e$zZoS zAm7_q7Q+y}NG42^@iP6&*$GbeIsMs@?azU~olCy+15N&I^W8!+u7E!A?4xsDkuIwc zu;L7CgW=XiQoe|zedo?F7Np|tS`e7=c)LrP$MaBnUR+$$zhkD^J`Ud-JgF6x%D(kA zr&W2h$VaJAm&*)OU#YZP*p|^YT)$uQ(A}Yov#W96!nfQGe$$XduzoqabD(&t=T*Vm zccx2Qf6!FmlQz&A(w{_~<`rv}vp>r`q4T6FnIvnP_%`^Jg%f(}Jhj-s(WS*^bTq_9_|!L_-qm%?gT+BwAyM^GVP;R-`L-N3 zda&F5Nr$Pv)Mpa@e~9ihG(>vnmsw?X4xEJR%zXMY8HcFsaIM__DI8bFl3!o$QbE2M4_S%Q70M4$k7x6fdQsCHGSK zQ1?j~2E!BPW%MJhD6)0vT+4Moa5SR&1GLv~Q^r)g~EDL8BeQ#$!}vYbTP% zGP_hUFcYVpB8m_U1d$Cvs;^G2){83EuLb3pD-$((cI#!z5jAvP2Z53r_F|24v(pN! zf9xmFs#)@)Qc^0BUvGhP)A9xzFzDk(ii-AbJT0g9i?Y(16vhTC_WWCwZhgovS{KR4 zcJ3wXN93+jdlVGn9}}r9G&PPM2)*-yGjv(@&8GT9;n-}!m0z)^>r!qBj=1nn^>f~C zr#LkxKXIdrI+VhM6iT8;?!pe{CUFELeh;G%Zc0gW?5R%XR%wEBbH0Dg`@^d3GgvO$ z!JhoB(bpHfBy}aUD1?_R7dCm=gbmYTjYjvuHG4B{J-21BH#-bPW24x&_WConEow{_ z<9DP-rdIo@0Ow2jCDmETf}P_mx>GOy_rW;J4Tl*hGMJ5Xvqw7gaxAE?e`kCy@VdBX z9Tn;{0tY?$u|AO+$t*@A|3t-W`uod{B;rM({ca(`LPmH|Y4Cg?8=XopU2}IWzwYa3 zAaSYKo_@EK4x}B&cXA;g@How)TkaQe(CsG?#S;)_&vKS4- zi@U!21|e7sJr;BxdVBH~_DxgG_&v23^a2v1F#tKCZuL@l=9`F{t6o<<>&4-*a_Q*C z01)bX{YZl|tA|h-XcF~$V`&&k_n?>pj{3k@WDS-qL}#xnEp!^m?ojNedO>T=E23|% z^KrXxk_Itew+iJ&$BvkF85YV|^Osl~d0H$2D!sy{4TnE9 zKx3-QkcXcQwpWqdef>_9C=v)&Iyl{0{seOic)%zzKm*lPWT+rTELGRD7VB*X+rX>~ zmF?Z9DLWor8DIoKZDFGJk1Etp6CN0B>>Gdh`g0i_$07sSi>P-UNw9br3;9+rH=Cu- z-k7L>eyBkdi3#|ag2AzC`?Z;a}PH5PBTM&batO{|0&_Jc$SE5|*0@Th+;zI%lk7$-hk|An zL}L_V)ucr$p$*4|;8E9PwGbb|T{)Il7$wCf9crD%r}+$h^A}ZIyAMjk!#H=wh7&U63IvdFuMlB3KI4G zi9Z;XC*Elzw=lOjqK9ZI8ZWNTOOyhIn9RG20xo5Cd(V_e7xh(w&+kL)oPZirquN0s(s zPUzDdH_I}#ZUvN#IT&6&6M*a924w2SbQWD#M~=z&@jmZj4WP@~gysj za4OPCNN{-}pFNW~;4o_3+?~(ZaN=KO5$R5ioBkk3j-u1voc2tBj3({P)HMb7?1WW- zCLh+~e8C&4V~wUT*>M7Xk@Ind$)rcg+Ti}|!bV$V&pcSODIsgv?<(cmc*rtdZx&ex2B-2*PUjfpxvyzXkPewvp0+lg`jD%KUL|h2u=UPGk&{6- z9I#$)KD5O76p+6$quosJ5zTTwE*aWwDf~yQsl0M|-qJf!o@fzYw zWfC2UH^#~s4AQE)X7`c6yuMp5rEwer@w1WOUC|~~jdHETB>U|O@zjXWG#~riA2{te zVkR^HD_Niz^gh$f99O%14N{_kyV3r5P9dCCHqvl#f}^G`>nAYU?CbkTAXes7X!w_a|3+l!0b*q&YmOPKV*I3I6P zVZz|*9SE!x@&!(c(rPWvDJS3yI?IC)P}t$BPx~!h$k@L{V|7@$@B8ahYfEOE9Q>Lz z0kKGVd+r+NZo^jIbhDC!&9|DvBOpws6brM=d={~EJm(vbTtWrJm;!e_yf$~$!7|lEaHSa1W z@Abnrjtd$u`U3~7&VWA|-@*bL8&+0}n3%JnUC$Va__{j-5EGq6g!+L(kX4|Se~VR> zg4kafoB{dw3Q1mCc-8Q>kY6d4sOvs6f0A!wVCvXEdL5>}J4Z>lnPBPaAS_Wo{-kA# z^u+h@&c|pAsFfD=j@1(0tHNv5%W0$4l6E^vOnFpm(&Xb3!(Q$<&XCjo5VeETg^R3m zj2+ymq$&oklS>x;#xTkTacPg>Is-2Bx21^Mdv_YJhDRcLO~nq7R6jr6h)(X!P-pN^ z>{3W7_L+lohNJU(EaOH+;lWFDRXw#l5UOe6LDEe^a@;Uv^NziP4hJzv}~%^4T36S&AQ%POrqf=^R=nLmnV0#$(f^!ah&JP~;Js z{%y8-==iBDmqPry1$xxG$L?YHDX5K=c)AxXVWfchs{cHhF>aByapn{gcdu6}qRPsI z$^1NtKlfTjk6hVB?h3K@hdxJdF2~7q!P&wUk_bYwG8BGf6WkU~>r@9`<>Pg1UIiZS zR_QFXG8K|4=Az}m6Y);e;c({C=G!<(b7LBs>7<%z!EkRvEo*B5m5LKN(?vI4!-N~l>LzH z7NV_unH-1XLt_L5Wh@h?U({jaPUa+)fo;a_M{hWRx!JC-?E+7MNcgwadw+*~KiRBX zv4O*EOs_xrE6xQ!%N_p6`4y(!>4?hQOBPFl8wS%(fCqbDCO#5t`@Da!N-~hGX41yl z6)SZc;6szYC7wYH22^Ml=E6^}#Is4JA$T+roHRCV-NgC*S{Q|)2@!p0>xUd|VTe29 zr5=pRs@a|v`pL0!CJsq&M)0e3NkRCVnby%NjhW+ejkz{CHwK|8Yu{T1@C`P4h8V)y zL;Hv&Fj>CJ)mQddToF@8AV2ta2;&ZU9hEnj8+G5&DN z-PLBcL!p9p;$GbnhHQS3C>;bX+f}J28vbE8PU=8EiGH5w>9ma*d9hIz;EEQ(tU*!F zjn^eMM5KnGFx!!ZyEVl6^<3*fF;uX}<`wh6 z^pUM1Gmwbb<*X1L>kKW5rO>TZAINu<^lNcAUru_&xD&Wq{UgOp_fimww`NzpsF|Yc zL>R1d6!br9ov47k+P&KLqmsGDwMGvyVsNslDps8zEo$^jM}aSkc(0hBjS-`-fE7MrP* zkGQEGu>UIuo)dMJB+rjwO*4e94f3e8&%VjueN;h)tIej*80r9L_TgtK5EiE=E2 zscaMzF^YtP#rLcZ@ztDhoxsi!o`Fhu;v~;^c;&_--@bX~*ev zy529Ozdk$-Zhg2eiN6C^p%=+NSRY!*pRj)b|NQjeww=VKK6ToSwL{nMx5UB9oj|Jk zKFe(@_i2_LsV`EI(2JwM+7?~s$=QgA9-HZ=P+!jwy37r^KZnj4iLGEEBME${Yd1HA zH=8BH#S@F&q*xli5fJL`JC0F|F(Qh5&fY8@OQYmX`G3O06e4mlE3A@7eH+p`k4@fw zKNPMGQO^N(SIWYp54W1ym{cNe7A;neKt_-^Sx$s}5|*py-d>lRt(TkX{KmufVAVtB zRCAkQo{~m>SUmVT=Zdepggn%G_<2VHPxu&XV>5{-1~iMs_a;|k15=UKNSkcpycLKO zCG&d8GUCLSdm!THe)tP;P6ngba8rY5v+K9()_M?~0<6`jMn`_34)Y2%TVy3r3#CBw zzbq(3wmu~%8}Y+ki5smB9pjd|eCmwxJ`BG!vD^v7-DySaF<5m8-*-`z;^Ft}x&X#p zio=on0O@rm(UaEC)_q@$q6i2fz^@!jYkphS;{Y$TQn&|YZGsn$?W62C|!c; zvcT{58Oo1ECt?#sOxWx;A(gY>+$lZ73G@KiLjpWjXI@r!+!QWtCGN9Xlre`ANiCw! zLkk&ffH_`Hyi>9J=$cvy7Y9%EP^pJLb+$#(#jup)$)yaz{#{ffMp#giX$h4#D(h35 zGy=>?TE#=xBeqm?BC%S032dYxwR1$6`nDVXR3BYAoDKhwx%h5kWpI`Lt7+`C={Go; zM={KS0ak=sG^&=H$Qq;)KG`b>p1AhDC653_GVxEKJt@Ff8<1V7wU7p}y8TOw&R|j|$A7f?rkUBAD}_Kb`Ndc&>?IU>4tHme9MMKG7<}mB~SJ$Q9Dvks55z-f1muXDVmdZbv?b+!kP0OT4 ztqj-ccjqs#p|vD;m(kDpr~GPf7K1~Vc{@${?=Sq1{f^c0C7$q8iD^s~@4oeyuWh>4A3_OFR)Ao0mUrk(kG>l!v;yV|urwJ;63Kvk8}Tb1hE0hDOX z#3%ok|A6=fEAk!Ws^96LsjMdT)=k32>XCAdvBnkGZA?Tg_?&tbGM!M~+;oe2Xyh%1 zG)MvBn!FRJ2sgAaUq@xV5TNdxt)~Tg1`X_pK6Q*EAqz6{Ij*WxZR4P1^lOEE8C}dw z$1nyh28Ys~g9g5d_Hk>hb_e+vB#8Wk7aNKDlNBzTHGgs^2`bqT;xg{t9nPP`-|R2( z+O#HBok)~DFLWyUAnTB415&Qtt0)hQ8s&vojGQYaC`MzPV=2W1RABxydK;-m zJfzSF3$>w4b->>Ayb|oqI#Yy2q^_S3D2fpF8DF_pi?B5fn3T7gPPp~)@_s40bp}cI z&E4w!^YZ2Xy5r}T0|RjyrMd-j=~W80g;HxQBkHLuDJq%lFJ=7wrr1!Ras>Avl(1b*!`S#jEv zC+Iw4KepEOkQ)G1^q><44;{Zl(#dI(9_=?7n8r7qN$)uXU$288~MC8;b!PpWsyE8@9Gzjs-7cc zkpO$>$aqUp_3|>1L8s{4%wcnDXlD~45x!ay9$~XN?IJQ`_x|PCcVG2bZ~TlQXyyLUX6PPTYvO)K;en-xj|RgBuIkY z<1Au|6d8KATu|Csp4V#%Ma&kMsPl-1v5J?%nxUFy4i=|^v{W0Y1%W|EgSn|wAR>`N zTwWF^;{eXR`8n#4s{FL@22qzjkZ}*;EeAB#nOl;I9f<; zY*4O}cs_q##&WnX7usS~e#ifB^h4>A@6QamwwQTq5t8HVEcYg+BBLU1d*TndzA{n0(x~~Rx;poqY zc@yJhSecFThKn{MSJr%Mo(9#Yw-uQKDFWlxBvBb{Qfj-!q8yIea8S|y2wxRNp0*(O zL?z3W_|Ym{kJIUKg>7VYeWm>rrbK+4A|IbyHVJTx9mgRyU`~Dsy{!~~2y+@@6E(9) zl!*!6AYWT+o6vb5JLpPfJ7oc#97+ktU+1@|e7XChHcH=;mw4sikx3O^w zhd(O5i_WPki;2^=car!{KBm;y(nkN<8OAxXsy)A^oLxp`U!u^aabtaxec=89wT&mT^4cVMN2z0mIdBTzxL4`SY>&N5q++;hX@u(I z&*0!lu@)>N+jYZ!Z7%W|NjyaN4pDgsROeT~uZ)A7%UO<>o+q=bL5-%`T^7F#Vu&&7 zs}6*&;x6;`i!e(J0VlI3|f7MV+21ho4*r60wPlE6NX9X1UU|@1dE40 zv2{Xe<2*mzs^tr13B8g)D+ye`b%hsn@j?~RM6b003VewFfvDWKi+^2P>e&9X*R(O6 zW%R@95ZAnNuc{0}WL0FxYpn5E^m|aAR217-iPSs8O>9t69RQW-$0Q*dVLOJ8%VAY@ z8|E64{MwBJI>9^)z>HBY^}T6ft5>66YXptd5!&;**|WH0%f-mm`3tLR=5mH?)?RWU z7xXH9%IA&m@t?=0(l*Lk3wBR=I&V{`Zhj)8Vvf-^+&7TkH+%j)-MRO!$;j$3C~Rj# zN?QO?UZ4sb>17jM&{ELZ#>5#W-tjr9X`u zuR9;PO}W*2uq`{9(wrq9^z?oy?bs`kJ2LD z(!9S~V=}_K88@?*hig0$q}$&=_G4~a=*vfG2(;Ow$R=6U-+ zMMr3Az9Ox(zIOFoo*Eu`3c^S*&W=d{1=1ZfXxKwJphjZ&CMk`)6WNE@D%As9aG zN%+V$%K06P07U)GSI>nv#utU_Uh$>MiQE|le^>$QPsytn+B%<-`t+iXSMpC-4@#A0 zah6{82K`$exY_rP_8Q3Z6i-y29%RHIc>Lt2uO^YlXPuuu9Og~*z+j3mUM5jng1NZl z#F=dnr!Mg;9jy%@qe$0TNa_M-Roq7*u)OqicP#+v>$v^d?6x};ExNaxW-&>XT z&6`_B$TDcYGgSulMorA`sgeHm=V#t;`!8aG;1z&g@a<->{gn5MSOK&Efa#9LBV{x{ z(e<#*#ikqec<||H6;0mF*Tz9??$E`RnjaryUyK@+SyTb19L?>8u3K3u*tqQl3IHFX zlOgj_)o_3`2s0S+8s8J^j1u{L;&zGjiY|U-oP-CoXEn}}udOs1EOP^>G5OvDALm!Wm5w zD*y_qzop&+Z>@gOd=dM=SgafrNACCNdS?`uN=u344vrt zt~(+=^9^lUx1okhLF>AAUl!Jq7a!Sa;1HqsMP+a7@f%ecf64O+Q{b#;`(An?5~<`} z@Xgce>-Y3}A4v0#Bh_Tu%>AD-j{bSx;~`KHLA-eU#(2dw=m_A_9PS)*pL{ z&TzXoFR2HzzXXl4IGvm;>G_J59`<;I1~ds2D;OWY&3n|qO)9J<_g69);BSTf;%~|Q z#g55LJ11wtXi~;|1_&Yb9lWKeFXL9Z{I zzzbQ4+@)8ImE&{A%?cellmcqah+k!$^PRtB8@>WSa(}waM(OWsI_|eNVuK(%8U7H6 z(*{9QsX0gd`SG2#ukO9fLVxxAAIZ{ZO)M7ve}Vcl$N`|qK3@M%oT*>PnvJt|DE*Jw zLC=4&r+)W{_Upflf#ZMNQ}Kp!vojYD=izmX${U^}S?{)@UKQAqSUZ4t@9GgGQ!QnG zN02&y>F5kQ^hl+ceXH*TvE4}!j$&T-X<+2#;?+`nn9A^LCjIkIi{=@z%K}Og1dVSC zV~+Jd+-=YE5Hgd^QRs;@a?)e69@#qeOdb&?JaqHZ9AE0MX z>L03xwiu^EqGSSgqGuQGb>c7b97t09mXF3htpT(vl^z%i!QXztjOxs-8-0)=iLwQ8 z((xH88?qb#T2x(j(Xwp(A2LTSH$R6j6^&+W~X&pK$Y#B`v}6r}S2 zmM2z(3bl`Y7z0x5mGqcDYOPXk`0>muh2i%D^M{~p#7zwMd{hVx=SmY7CujSR@v-?3 zJ+1>VtjRgA($PQe8m)V}C0_e0QTq?Z^{abl1djU|mx6fInd6ELz2BZOwR@)l5^Cl) zNt|Mlq{qUK)kLL}+du!Ws?dAt^?Ao<;hJ*@{nUtVq7>c-*t23I+PYQ$o5wfq?!RdD z8Xji$3Oo&qdWap``R{w1hLh^BJo@NCX6o|mg$g!HO{RXVYv%7d`@IZc1U`mQ{eCU~ zclM+mKu#0ry;G{nA}xEy0+ju&ZMAR$y%)`&F{H@6i86g?f24T#&DTViHBr=mXW&mm zTTE^SmYzGuMRTSFa5fqBdYIbJ76U(!U9=XQM#5mrIf4xIuazp=XqbhzI>hk*0}THw#Uxz zAIL6pHVN&PZ*U$+s{Xbs*{^D!eI@z7<81!_uqywLsH+j?L$j{rTaTkD^R?r9K1k>0wE?)BtzV#fW9OG; zwjOju^2g10yivToc=v7v@8lgWiZ`LgpaQ@DM4kp(A=?Vzy+dXgS)^+<8j?31qJ)z~ z-8Dba=f;~!3;pZy|5l~P!@y=?TJP5u#&(VJ`sui|hPTmJn{C!?0%0D7()d~ZOzW@s z`9B)LK6e?Y zI=+jDS!ce<}HIIu-EoVu2xH zE+PZ|Tpj=0ul=`?l?|W+dZ&4zM9w74*0SAS`&g7p&y4opzVokMHRA*3`eXg@yTOMY zem-r9{AiEm!&i^(6CT^f{1^3g{8e9my5qwnRo%%^+vOjh)UxarCg#4q5%K+3x&N`L zvaNtdLP&GPW5?O}D=80mLoBc-rUsU?wY#f`sI}WDIXMY%4s945TD;7xrxG6~$=F0BhuVC#r zfvM(LO%+W?hdlhylGS?GtkxyZ2w1%iP%{n9&V^PpN6yB?^p}E=B|voeYed zxKvyV^cvO+W0kfIV~2$?53HR8&N)1?z3^{#{kIMJ?g5*9Yts;EkmY#zW+Yg&Da4WyKWdFuRv5f4GQlF`Y`t@ zTamJ6Aw4b~HH*5@HQ%qtSZ7{rjd~(pe_Zlg$pN551|^`f0r`$=d&c|by$ViCONQe$ z_6YK8u0nCI!5kI6wbFU~VFz~aU2sR~dX>2Nudhn=-%&nuyT$Qa+s`Zmtm+EAEa=v5 z($%r%?Hco<2;RJ^GtTPsil1)clDDIMSgboSE<~wq_nfK>-S8*BFDLMO60h*P8YNfa(5JxWTiH@C`VcF(aU!<$m9+9y>9n@=v3>E1E$vRFgzx6^w-7ieYS zPxvu-{F^!}f?!jIO@gC765T?I41T&iehmrw-5h%lOtJarzg>~e`I-T9A(|`wcfSKZ zyUOWA{U4|6|M{A1DKO|AG%x?LCjRT~A2c;&zny%t>^i`Jn+4tZcQg3k57D7XzQuYa zm|jpM2_Wg~{=dD0We41wczVt^;=&wVXjG6&D=A;T;en*}__Qw&Bz@rAM zAP&|MLkB9?_czK}mdCb4_xI*xdgdoCZH0-iOmQ&er#_-S?X0(&hj16lp+)(6q$m~+mrvNEkaS~ z?3uX$*fxx<@p-nY4i5#rohvI+YH&F|t9~e7Tlaa$TLE%%a;L4I=2F*j?S|;%C7tPE911+&XRxo$!a=N4g0zKEZ2f z*xNiU{*}+XcSjAh`^OEVW=rkRhGl{VP5?2M`zuSeSqCIR!mVt+J3%c`IDf_N-BbgI z`eB4hPq`fo+bjPNx^pk#fvNwQ6wS)0AcyFbzSuh$hW#Z{4p{~zm~0cLsFg+vc&G(l zMJ#WP3+f?3K7&Zt5@0eXYi_cDW6qf^?%u-6}8C7kA+0NuF8a%<<5 zlB4ae{fE{AGKTuwGw$PXhVN+$F7z`S{ zi#>_x+s+NZwN!EG&zx1pOZT&0W|U>h`9D1Wy!MIY2BJBTx{F#SdF@-KRe!ouGo|Py zHr+f`O^yd|-j3h-r}t`o8#vcqbXNY6d?q0^Zs`L^lqN))A#wGCiiVz!ehD%zR?gO_ z9ka)l6h6m<3q13T#@wUDKCc)>*6g3$sheyN(A)j^`s=F}^-pe6Zi}bS0cfVe!7f7S z)AbIPZ;H*|0jfm2hXh2D<4=mzYu}EVsZSqa(}ieh44vYvzvyIjVl57S(hEkqVG>q= zJTss>Ha_&YJ5?qpVS$o{>`L{pRNFObDQ+yF4g|x*=-!E7` zL6#XcCS|=Xk!%Xibi>sQ6rpoD@#`VIaKSirxIkI-qA(XR1>FZ+cny!JEr+{YK#D&E zjqtgN3oHCVqp2AO{-*sXnI4%D-;!U`as@kVX2>X`zO7#Sy$}wM*mY66r^RypP}n^(eBq=$W=of?Ln&^_2&!ed*7H_fHP9Ehd>bPw+_EfxO}HhaTIFud3|s=5Ws)XNR18yw0hW zH`M$gFO*5!!G=Bd^W__t#e@aJ+rJsBs1>RiGy(}SbxVHj)m(;pxpc<)uDHR^Rb7HW zE>3L2_ac3wPR4We@(?E9j9%qmyfH4s?pfhNEc@Dvtyqqzh+x#MDbyTC^YtF6NwQ*|Yh0Z@+--tQh zZu;;}3f3z!7|l}^*(Jbh*-B8T_iO3Tz{P@!r6z2(iTl(3G7=R#i%H81U2MW_w9K3W z`qe$;YYjr?-iL)*R*!S#GugMwkQN=o+S(2mUzhpe4iAz`%T$ZvD1}cvgE5(fi)J4k56_qgWu~Wc^!1e z1hOg@I6k&|p?Ri(W^s5RA5IA3p}E*Db5gA!P?K3ur>d|MiCv$d7AHP^S3FdLfnh>v zIibQg|5L=(*9vftGGac-i+QP5J_|OsP-zaF5;#ySaa$U)jylVu3h@HOvu0t+aRA=O znoepe{vmHBb}Z~2ec4eH8Av5nS~S7&_*ys+rJqxa@9RWohZPtix-L10+lAkKtjMQV z`Cc>sTk%&oz|2sTOSco8{IU+*YP%DvBMBP0n0@>N{!PvVzliOeZtCfF@^aB;<_cWane0Hdtz2myno!5MOJkDPdLkx)7e% zTnT1To%jgRv1z2?%&xpY@z2JxI|Ikr>={=tBHG%H=_47Hq$TUK-HnrQnGrGJ3x`QM z0I7q~$$IRD^-VFSKL=Z<*)`1;yUFH%P^fU3Z`U=brz?yo)ZXHh}i4k(e4`5 z7Ynf&*0TdG+nzhs9M8~CB#4HcuoNcsX!`^bdq_A0UmO0h8 z7fe8u((YlQN6S+wvd*^hfszJ?0020#^ZXVyl$3~YLm7PcQm0^lzU&LL6AgzRoc^<%@h7XtN<~p{AQA zl$0I;$T60dY4EtUJ(D*|OeHtv3z)Kg`Wr8+oXI8!Vz;`e@kC-Ux=flz(!5jZmjBcB z_-rUa&}_VvC3`n}WH#hAhvUkSEBDPI5mFAyxz>u$`9*o}K8>+&MJlYcV^fXn7hRX` zt4kld1h~sL16h45@zAY+V38}K<$}0U(>6mFR)38(U)>42A?HC%3c|l~&>bm-?J#hA zqY?e0zYbS^lSfgN!hH9iM{n5`z_ZT|1GN{TblsYK;rwe}^P-9Dj>L_yS6^gJn1Ufp zO~v+&Qf~~sJ<<~p&RC&Wxi8)!yK1LP+Pqz#l(#@=5D39G4nY0@v^}Edv=x`O~YXz{;=X z_%Jm_(&K`J%a)x+8$vF5eT=hO6%Zy>CF2(vD(ecQHsV%Gq7sRosB*gxuNpHyI6#4- z=R-wlCR}z%BQS|Ei~-g?4byULGb0K$#dSsLM+d700OyKBAuM>ewLqAND*t*0eWGOG zY}lK<)UVLyx>@OKMa-9y1qI#}Z{bxe$6h^BtVUaw7o*OHj?@md^}&cKrme2%QgeJ) zqOeAF#mx+~;d23ni1^52slI8y61FIhycrob6saAN23OOBH`v@xMyD_CTiBH(rj8PLfOKP>Loy zMI0)3o6ZzM8HILSnn><5*JXrMD7ChzMmA2uRPM%Nb1NzL9IRst5iuf#rX=TG=Quf9 z|NMUY>$~s!y*$tJec$(apWEm4v0jhH!{plEAFt2FovFfx+U<=cmBnRgNXiMw{TXRh zrB-?#Hlo~=b>O5<=_IF=i2XL=J2P5H5#07wzcmsn6Y3KX1u;p0^mo@~(Gc{ou z3Rxq!h6LRC0W4Ko{Q$h`FnObHcu`+8hZrrrUB+x z-$^}GMTj?kwm%-I*v-INusZq`lps@8iaBc}!>DEN_BA zUKVX1P+9r! z8AdX`PSJ+vK+f*2iJ3937@e;d^--QixF6$Tgdy8-w@=3<0{r`PUY=?={eb5=SJk^8 z_K>NsC1f!1yFQo~#-)AGFHxZL2ZP(jdDFS9rsf0`X|_dAJTr7m+9TB^I`S^v$G&4? zcf%McNE2C`_~T@A*up&TEkHbLq1aR!M%{Tc5s?TTiey zh&hV>#p8R4A4(Mv3O-#sTosKq?02NU;)FiNJL5B*e39gMahcGRGM$_l*H%im2{(rI zVKl}gox{7t28$p~&pOBtxF)kKjj(aO~;Bq(l@zsTwKL_(~uJ0)e6K)l8VDBiBDQNL^l6qi?+L)9t%X~zq_kU(H+9WH-6j6=OF1;&t| zMo4m26>C(vSrR^3vUX!}9kpQW z)O34Swi%V3+rcx6`1C@9k1GRcCR()YUY86iH7p)mU1>D|3WZD7k!7?E9Y<=JhM?>Nf)Xs|-o6*Ql z=QfLoxTwim4uCRuD`=q_S|#fBQMPh6P3!e(7p3YJfSfd$JZW!YAJYco$jDb!FzgJ@ z$4H;Nf__B&HBE_Aiv$^}`-WS|sWWHD508gWy=+0YbRkFxXBv^<&v0Icvi-EZ3^ zx5rXnv2}9PY#?M+8u2mvE*TJmvvqG?I9c2>^K4+}iMh8@TC%sh8EMYVVkaw9sqC`V zrMQ97E@sd1mNX+@OTA59A1Yq!_~I_6MOU3Npp>aj0k}GG6TeM|wp5~-IHDhi-Ud&| z!|dC}K-!5V8H;yA+9Sf`t`?{j^u3EYd41yozIP{YCW3tWz3J3X^VP9`u)QY?X`I!@1GjMx_0eCMFbD`9P&`N&aJ)Y^TkL-i zWcRM526@eeMbC#;|EQV>%b&AqB1l8CvvlYFE{0t6G=BCn{$U0@Ll{a=rI*uL1=!{F z+PZ?d&|C9rS)^$a<)w|IfwrmZgsK&47{+ zmV~x>XR9vA3mXqCvz4ZPyPloHegb^X_p-T<<(1%R)W@V1OPz9P9^4`G_)*2gQo71 zWS<~sMJoPzeP%=Gqb%3?7l}Ge4Yt{Yx+K|4LOFbng4l{)U@)3~zIfeJLZAN>rg%+O zZ%gp7G_>N!OUoDXpJnviNpQ;}3M*itR=qd~Bg>mLLw2)tE?!l;2Dv4s7-YO!=I9zT zq3-L+Ur4H;Xv1NF&wTZ^UCy96w>lc8()|f_2*48GtrM02AV}=keUzjhzA1JSdR%K7z5gP+_w~QZ&pr8|_LB8KG=|A{E2U6J)oUPoo3=O~_i>W2MfU zf?g=A!~QqfYbo*1wbwuHG|s@4Wl-}+YHqdAx~VO^R)&L#@>!0NYxd1SnRF_i&Idt!+=46mQRjH#wTsk@y1zTegb5IU?IW5`BFr?MH zb&|X?elWNA2M>5TByi-(&EgQ=VbseQF-4MA8@z++A^M*#@Xxr6>2QG9id{&GS4_-^ zy(KP_s^hy2Y+V%mIyObivoTfRh(DCtb!u+2&AlI2DU&RS@zL zNSdH`evC4~@jhC(5nD>4jZ{3Ly5wX(Pc=qw_}!1w9oG5dz~`F@iuk_uNhqx%DLc&J zQF{j)P{EDoZg)emidU+m_Kcvp<``(2e&AjZ*nkRo0;I^dZ*y_T30Vg^{H|Z`jfc*SU@}MolR~JbZzd$L_ROlFUi@(RiE2>6?A>+e z+PC6~G$tZ@wG0+ZZaR1Vof|rOC=fq%`_|!18@K&xhQA&r&AuN_Z#qsi@;LJAFeTW% z|9)(uQ3Q@@fEKC;^v752HYME)a5!QxV7Euz4q}|}lXOEm-~F^#K>%=rz2joZV8{66 zjI&~r*8zAuw=2x_Kl<(SaQ;-Sz${-05fRzBgL6e?U%zAfWB*li${Ni~S7BI*9 z$0+X|AY1K;tvhTfe>~ICceIj5nIdneDj`m<0PU-#!0rg*GHh42aJ)LKhH^hvx^_&I;O7_6xqi#gFKAxm`i;GmVEPsw z1r0~hEvQgM77AakOaDn&T@-_d*jc2ilA8VSEh+6llSU<-jgsK3=a&10r^8PB^Y`1) zWCye3)>mKW%_Ah@!i!%;kqu$@LElgIQBh1v%70}ce#ue^GlFlO9)yF5iS!BQ%d_6{ z(#xRQR%@o|JF{nR23%e*LTo5<_;nRMLJrvVE~wRbooG%XsO&h7)C8s&Lk*vVcdy~j zNNMB}H>7Cf;x`^yQh&U|>K=xoF0$oZcZ5=@5K7nUkPXBwenjDccY8?!^~EvB)85|R z4W&TP646QoMfwt_NMJYjS(epFBeqMDsQ0|_SBTPAV)?k?BBwA3I{_gu|3r$VtxZ-KV~$_I=}e#f`#q&iTRs z1y2y4d?*4={j|vZ8!>ygt$*eu%h>mxiiA1n1R;T^Q^}Z&@`^h1m@y!#;R9 z1R34@{N&xpuNFm#6ru=D+}=bS#$Jda`6Nz#+W8Rn1I5j&(v(pgOW^xk=XfULUgW*g zi{3!wVgEj4xVTXQ_g?JYK3Yfqpz}wgO(VMyY91+r$kg*1-@F!@Zbmnls*oyIA%2}G zdrw~3I3i4{NOY#5O+T^zjm|`0+m4qnz9NxV=6}Y00JpyG;Hc1D{RFB&FY@cXNug6u7czr@}I zwo-iUi$Zw4)sjbpY-D132aE$=GynTnTmk=zmOSOyg%*gM1?f7kEsV~9@fQ_|Z-v@cETPd_+R z0tbE|l_MY8VebY8-wTbFN14#9Cz$#_#a^wLo_0+tfTIcesokLGA}t>;BviFkXALmT z%e{vpd1t29JZb{my{<;@NbY&T0gsl!3_p`l0Q__P&b8U(Y4bL&X?Kzh1oNiu7I zu{1Y6hXb{DE&6l^LT9+QCgv_%X@v2HTJ`*5YkLZIVT52n!7i>{3EZXCn0CkqvOr-+ z*i)>(WIuo^GIM%gtmzB zXT2-__9ZKzkb)c6Bva-CLbxzh*50m4EeeBJV)nrpts}BlVERX<9FB202n_ev7cw}L zoigv;!+feLCFpUaySl;nr5JR5#g$s6sQfzz8dNiZp54Kmhy@#0wlIOKXPnp>A)}p% zt9Ylnt^~_r`hCr(UJrOaQtyeusJw41f4T~B8{lU7Dae68atd+6UMnH55kyN&k!YbV zt?9{-nxdJZC8BVkU8BmQF9a`jzd#Gl6|W|9izSuBSK=@7t4*&BbPRC}pAx>y%q=x8 z-7Lk(jVmQrp;e+)pD%M%+Dn;G&Kos$s)m`1#h2WUHj7G(ZivO}SO3MgIf{W8g4vUb zCf=VrR8X2Tr8J^=th`K3N0&?rFS7|ES|S=EnBrQper9|3{sRjF zI|fcU2d@R#EZ1n$EY7@kem7UKf_WI+r}3#}{wD6sp@}_Bax}jphhy?y7C}ZxhMZDc zc3y@*RV%qS6)X9e)$@}Wvr$rBav8e?%K--mJCPaxU`y{qIn3NQgJ^@Qne3kR*1UL= z>@A@|(4d)GlbU6TPzi3y{fvr*{z1`<>I{cv5IaIDeQG$nx|O1~`U1iN`~sbGVOnZh zhjotbJ@rrONX4IusyW<;s)xx}Fjs6>x=7qeYe=F z1SeeP-2U8{Tx{H}&h<{)-0GYw?}Q1^KbRgT1u$3W9O~RKrs`NXPw4bDGCEq>KkjcI zQ#zM89XN5g$lFyoo_zYuoc&Jv9X2l<;S-?)Uxd2{#PMS2ns@g$F|k!WVb;3B%&4sQ zyw93w;mB%#_-uK9X;1iC@@#H>a?fIY@T~0IbJJ|Q?_y!?I?lXn$oSZx4dMd9z9%~K z9z8c6Hcdn7c=_#>)T{ZIY_B$6aX|AUupmky7r)s@c1BFc@!4Mza4+KTixSCA6FdYnEB|L3d1W1Er>H3jf}^@nip7th|h3>d$0*YX7L1 zq-vh6w^T98Jvb631#0swMw8$d= zDzvMc=RB%K(hc!e>r}i=)sW#j&OpV8&DdV|)1{|89+&Q|x^o3?L$NiRr_wyT$2D6YXH} zxmC9n%tE@QJb3vWZ=+$K;Erd&*<*=jajuchRNbM@-RaWWcWLm;7_Ox3NqVq*`7t7R zLBT@5*(qbBt@`m(yYchID;ij90t6ngV~}0pRb|iG09h?ro|D8|D{dsd184okkN&d|^m(d;wA}CX{9LZZr&Ar~<9ltaduC0k`5%^ec%BZ!w|BSe z9Sn9Dzaw*d*Za@e?|-}Y-@xW$B5dvcq2fJvWUpIdaS*+t>n$*`J)`E*^C;D&8d(y4 zWV9f!chTy+4eGeO-~e+lu7v%V^P+p2If@7-NNaFw$XM!cyV$qxTpGRJUZPrL^2~h7 ze8}qTDi*MO0?+QvxMkC2mRu?x=D05{9%Dyd5PI*?cnNtbJx$%1U$X9)^|||kD)=)_ zTXy_+dv@Al1lXQRJ#ibCPTVNG*ls}mc&!{fD@`p{xIwtCH;g+=JJ)$c z5dOovUpL@$nzPBt(aE-`w$l4A7j{o+(4aoJ z^5@7zWjq_hL}zH4z&%jW3y=+j;6c@$KJzspKP@>zReJOAdVTb)3x*O=d=Yd3wVTA; z<+NK$$)hgy7B&47Wxo2a_ZN#m9Mnf;VM$5gscd9#Vq)#^*~W2P=5`bacw;M} z=>P?VMe+N7A*n=u3Y0%U~FS(!su#c`@0+{URQ45)yl-tfY{Z_ z(%OOBm5=nV6x_i3?_efU;=htOTJVu-$SM#E+t`~BvopSDd{4>`PfSeAYj14Itt2A$ z@9e-AAL(aDM_X%=n(^ zzsm-)^8OCxRxo!pvD6eXw*vYMsDu9l2RrXy>Hik*J+_VbfU4 zpR7;SE_XwZqf1Hm?;Yf-B~amBKnp_s(?vXvF7Y~xYP^EP`XA$=pvhmr@wuY>AGw23 zzK+F;V4*d zrFPFQFY~HR1_!FNYCnIpm@S{~y*xe5TwVQ?91#{ab&eV=@G|W2?y}FmL#L4iZk$2% z0gizi48J4Vsa~m26fY$_~@4nT+(l6%c=nLgX zc&!1OIPy{mIlB3nQu~7;6v49#0Vb`s|LZ55I`ok|WGL=ee;Z_1t2ctXlHa6}v-&*! z)BOdma?lqz6siVn#tP6AsX7ag8=(K*|54EEy1R1?C)~O}P$b;WjdL58X(dwG(+c?9 z%f}z@M+;4dJ*Em3QE3%PQ&lM~-M4SfcxsLMOqx8nf~;4(q}(n{bM3e6mFm8@71?hs zsx1@^JwG+e?To@IjeOrLl8iOPc=t}K*;zM_L7Q2o7t$TGy|Vk_c-naOKC+ak4q8h2FiftXFw5$rJC@bjXPz-7u<=dwh$L~>RiWsc;tgFDM+Zs@`>?qC zo`BmqI;}o`Vlib!Pl#+@C^k`W8lis=QaZ274_hqFm4$^2B>W#F2Odvuh`1cb1j0P= z3PSSZ*_ydYKY1KoABt5kf(TgGYONMb)^PcCf|&LDDLHKTvpjAo2RKKoWRmgi8~TqH zOLzf_1+3IK_G{kiXqBW^2^f$0uPm?Ey!#;9UV-5zoOLWY*v<2 z)yg5U=2+cYb+ikbPzYj*QeyNZ zL|F*`e=kYEHfAW>L6a3I?s;{XjL)lDtkNw&>lY9(F__5IgPOJ($8Htpnl*4KgdF-3 zkG;0QaZhPrUAf>mB=KI8WrRn-6*h=pCfPo2*{z@wMXCCr#(zyW8(Bc7CJxioZ%22wePVS)c)nRXroX6DQphXk!h)LUp z$QwTTLYdSV4Z`bz1gr0d7aNg-lPzw;{+SRV{5f2Pi+Y>qAlwhs5Lz!ydTPYv!6>drICU&L#iIk;?!83{XNRg;w2jPu77$Ua(iZ}CW8xpKhhAt zkgz_SHuJ3CS5y&?@1c<{cB{IymbOX48eonT>Ks49R#{w%{fApK^!>?#YD?w%Lj-d_ z*QbZ=3Ahhtv>&OxpJdjPlqq~uZI>In*LE_l2P`59F?%9%@>$BCgNnw`7nm=FMrZYB z(dzwi_X~{JM*3<1#)RcZ>wEbQZ>QcQY5ogU)vp%s=QfQR>IK2{^z^FTVbEmMD)HUZ z<9Wc(hGv8)9=Di+_eX}T7^MFs+EtN9eG)=m=x?;m%IJa23ECXZzcqfUw<40Vku63` zM8yBm^Jz#Uey?KtNF^B!l$}!S&5OUu!TxL+o-=BOtgc<}IAPZRqb+0Cd2shY%h8ykYaW==;x>VOQVzmu zfk?|gQR@1!qG>;+iddc$>bDmoy|pVYYu0rWA6=eyprQZZSAL(7&FbFpiw5hoSi-ZH zDX$hMyQR5tVUd~WZ?oB_TavibkC6S_ka+3PtCN@_HLHjry}DwyI&)>M-Z?mjJgJ%w zM#Gk4NlURcC63N>o*QD7oFR3}GfPc%v6WlOBE6SHQo9DsK78_`*kEGYosk1$HmpFf zHA=JB=y$I0A)^KM!;fKIlLf-HOVm=kn)Ri5whLAmAT0VD!I~GwjF6jqfy{|K*=8N^ z4Qun)2JG{#LGq>X)Y|TrtQt5vAcrPnvcWIQ`H_eD&pXjhE$Pr3F z+5XfN35XbpmfP@If#Dy`e!UmF>a$)K4=c3brwE*2Mg{3G=j-iO_3$?Z*T8Wl#c8BL1@}#jY2|~U*r3HcQ5cZHcWoYReR&XE=5U!0?!cCW`U>Zx%%$cbvb>gS>jAzE1R92 z7pw^(;*mNe5Zh-Mc$t{=mYZMLM345Ai_O}=Qcre*Emh&}i$ae)efCr)x# zn^?`a*j~iWs>v;xdk5X@{3Zh!cK9ddhm^^-u%NfC@;J{GMD_muj;jqKc z_RbCo*_$SU_fgWLCDfPBFMVf}%+LKsvAR8-j}C2Am1rc*otoF^vB;zmm~hddJ&Z^% zUU+UPGFzeOZuW#G;^OJnhgIWU#nE`j+O;M!U4Uo_7MOJzAo!fNzRRvgZQqw6d$N9~ zW-NMT+Xo>Q9T`L8&UJ@_#Eo>Gvkk z{A8Jt-JjTmDhP(v=7e3P(VlQvqjqMlM8dMqQEXSUaYBBc!w}i{q*XmmsX&gz%;9q1 z$ROyJ$ng3A-@^kG(zuggr|v~wJEoj#h`2A{7EfpM#?$BT+yO;VIF@r$LwA;$xs#G* zvRv2Y>{@LcZ13&0CPa+M#4pPht?oQ{bl|SvJJ)f(*41FVs0xS;sDQL$VO0G&hTF;B ztu};pF0(dr)JpT17NA_acDMFD*plVtFd#F9VDt;o7ed2|H$pcwYy|dXmh0x+t$L|& z+ULTmmZgYOY_YK$ag#xkBKxwjPL!0It6i1KwBobbEau;B?-h#(z2Pf)w&6U|Zw|7@ zqLva)Jan8s%KZDH_5vje8ck-mNW0-HZ%hvM2UoF{W~2TXtlx@4D8+p1J?-UwU4Lb4 z03G5xh49zN<>hZa)-RTnkV(~9>|i$=G-*L>7>s(uj3CqM&$!T7SRP*YWo?yvF+vvu zCbGMlRoR$T*Yrr3bR#k8c@TE98&@A>CoG=ea-4In&TP1a z)7$+LEhXscLShzDGRecuvjWN32npse#1AE(WOvtC%=%jFDT3g!(@C2fdi27}$`5tJ z5iM<&K$0fr>R9zR%WZeX`P=<6bdHMMI=gS+;YpE^WBI7D5e@26t=>|O3$V(*ZfMtR z3bo&CfFPOGk+6LHJG9a9;^iA!$l>ym=77$Kaj=Cv<;x@A7Cq}p6KCr5rD**<_J2 z4y_V-Xcz0o<yI6UTn41j`6nu+4I0}BDWB`4Ft<*s7%M4mK`6`qPj3N)jh zhe#mOQf`Sl(PSt#)0S+#xpIh9{DAd!K;!X9n)>cyqaZv2LcEj1&WIqNyISqSNZMPg zN5Nuc{0LuRkpDS4 ziz$NHs2~qd&mv%Api#C{m+CgFy*gN1``Fpp$wGib^Q6^)9)aH|3JCp~fX*B9d(CH6 z&Yzn4VaI&887uW0dg3Wl%%$qcmcH1gy9Bh!Y}mK&A12#cu`%g)4HWz4!T{)~NYF>J z`gVIb&9GMQfhCP$fipC#M17P_Z>m{)b72tt)=H0`rW5~tjyWtp%j2+svA*?%^GN7>-ByU|FE3janGD8Y-O~DIY~;%(PWH#Ts3x=| z(8T%zaG2FE>0cs%Ru6i(X+#-URw&oO$xaI?Tj?R-cFe@2lUczgA|fi*X|%8P>@k4> z`go;rb1L5jm&>xIf$X#3we3JOgVG|;coErY6K3LpPurghk&g6g9U5qRm`8G{*``wZ zJ&XO1C3_4p)Jlr)BGd1C+Me5x!tpgnc^8TtE&T|wSk=n7OTq`49$IpK68NVR@RTcb z1%%c$&WF@~Q4N_XH8&~&uRQ?b6SdX6qVs`##$sPvOLQ)6XM z6)8(FTXlR*I%2G03!pm}c=o`1JnJJVRv^Jn<2;kB)ulAeGMl`@fJ~1TZSg(TP{+Y< zhu(?5`k@}_yr=jlD&G+f*TOC|I#ncI&5sT z6$A*25~0``(Yi=DN`uGc$QO15lKRb8;K~EzEh&NixP_;O3vK&Am_D}#*-)%{mk3(| z@o##&MXGc}PKO!+jQU8V-p{a*>lN%;MjZ-za{@|15hlo~HMP4qhroSlQ}4V-vG>!S zaE8}iJn~n1iHhK;hXY+D1dQ+WkZXeKv z%w<#EH?;(J?NY_j(ErC8^|ix-1j6f%CFgc76UC%=d;Mp2D(>KE9ayEW*! z)!vNx*o!o=ePuIVOd0a_g&4<8j)) zl})#-mW3S7%`!H;$;AfoKh}nzbl_Sjn^hG^Cpx8!)jC;Ffp*fm-MbZ;07TzYl8~^8 z19ViL6A9FTgv<7&op-`7e$K-geWFWEFs0>>{%?JRhMGuSXklOl62%PY)JMoHD={#6l1ka5 zlP!}{tVRK?K=^ojb%@uEMd|jO%b($UHWs^9Hah6XBP>yA?&ZO#oyy`f@$d-jg7`Xt z%3O6`%@;GX>*Er~i*0m+$UfgMvm;Ck7lDmq%7sy|R!gAZtCMz;MzxA#nqGR6$j;B< zmLi5tIf01B=W=)#9pcV6U|B~Wx5xVvlk>|~c`vW)Eym0kiW=n-H3|kl@ryP?Qb?(u zXF@tZVu4h=edy(&U@E(ACV=G!=V;Otnaau=Xczw2EGOzpAM3hwWjNnTrA|FXD)fbI z*7i&QTccONE~KyBZ|2B&90s}&RDsP1U3ai+R!>AH^Lz4=x-CXa=X#a90{j`$k+H0& zQCk3v6mCJ6Yq&Xn&;2^xyg3@25Y4T&RXWxcrh%YlaJ(3Mem_ue(Hmx7SiKeBzVdKb zoOv8O`G8M-FYO@{>Q>yb0;@-4;d8`(wBoIcpVdS+!y)s4G$8xHlPQKMZ!wMN7Qye% z+$jFU*L#qIT+Z3#wD}8_+ns$s$fPR(vF9Xx_e4=3a(8{k60++80fdJL;(4hVp1VXHimJv9KO zuj^xF(DhOtRdXPWD@%AKiifuLr#h(t1-KOH}7yep3~5C*2;#pVTTjhXez5s6J@Uj^XM?v>JHQSDV27j+;S!O zh_|StJ^`2{mFGJqLVNE(%x+hP_K`E-W}#giPTR~IT@KA=e?&ZXIMm9b1ZUCilrdHp zH!0kUg1ucVKSFf{F`_@&{*5T{I2@msm)Fl9<~aRDswHacdCXEMRhRZznUvC30ytX) z49^dfiYDUjCa`*J79-OUr60_d!uF@>BwCa|Z4VipQ@?YmcCk_KDn}pTaoR6OVK%i> zIW{yO&-Oe05F2;{etlwUkV+@;q%ph7ED0>nq0FN$^B;)jV7*V!)49=}Yi~Sf2eRTln-}yed-|juFS4!Z&cjJ;SMlgJ zxk#C+ebImwfQXWZn-$9S2r}QeM8NSaUd76@4_s~cHAE0JlZo`reUUIUsCL{t>~0?H zjT9iixJ_g`6|GlNkp3#Z^C!j0FVF*L7&s>$o>%=5DLI<#I^<;3TGQk4PLSlm zSVPtBdz>c$6X@)`*I7@!gk7!VTcKaULviL|^w`VMwH}zL%{I05_gA{gbMu#g z={TB7ZgG49AC<{O3(rnOA^{QSydr@L0cx-%!)u=GVt+=Lc=Dmsp+wI!Vra*$s7Z%1 z!dvv}=)PfQG@VbKOZ#nB7E^8Y^|E&HR!I=}BPt-I_DHnt`=%dptXR%s_uuSIy3~2O zAwnMb?=3^=OB4+9MR`U(PZ%fD+f16)WqoffyxcqpK-{UdKi2oo5K@>NC>6cCycfUf zSv16T)nSWFHiU)hy~HD1*G+BmD(IdGS!+X#B% z`m}wQnf}UpA-iYb*UqT^=bnXn-HBd2fv3!bQB)GaFD5zSCmeBhLilzQ0{~kXQO|l8 zOyO!Z!`~|fIB&nPdytASIKW}AsF-j$<{jVel{xbFehxS6*zgY&|2%zr56&CZ*U}#n zA<{WJ?12yhO3C)h-2U~o^dr;DM?d`@ScG@P$HBEkRXKf9WndGl>;8h%;Vwb{H>~GMxa@9f zZ3iW$n|i$%0#wkK=@c_&aRYS8jh+J|rtZKoGG12m3ubKm!{OnUAO+c zUwy(p4vnULN|wBJ!AwFQ`jsW8^xI&`-6DPO=*`}1>Ihr&>r7G*YIu){r)^ISwlaX{ zw$+^7pn=4~_|dpPy{*5PyjqDgv%NAg+~C`8sqMQ)cu+v!b$M(5bV#s$`!aZYH=#y5 z2T<-P!qP_KhleAjL}$%>RekxDAa8A84}#noP=cw$2paZx?WAltvtO zZ|}|&DkAP3R9F-l)Rt8D8(S=?^du23DIMJmh}-?PeAOHhETIVn@P6sjdG)G27lYKRKYD7uz8w1U?kv9J<%VAt^gF=tGp@oKu5?%P zEdDr4_79|I{FF0cS*poI-v4@C_~D?va?c2)sqSX!>)UFDh^wLt=IJl4t}9{43WR~K zAN}dpr&p1ob9WIe+>gW)gC1bJ>-xt z!FK|LkxMrlJGn1QxxhPDEiy4QZm_Ako@bDc0z%-7`qQn+*5R*C?-S`}3|ZM^shlmU zvsmD+B|n^_QY~IF(S1CI@icNyOBZ-1Pi8Y$A~XN0rvJ415$^GPkbkczNPiyU)APO2 zAysl?gmxumtj5{u>-)AZi>);#gA@ku-HJZ$-mW}9<=C_@(KN#&JbbG*mMm$SE^j#y z!f~mucmEbH68Wx5+##@>4I^5wm3DlpC>(J;PH&f)1EI{uf}vdR)T)(y0n|C`zNA%? zAO1ncV%Zz8G}apWXQ+OZ*5}~&BdntvdZ5q|Ko(yg0j%T;!7hBsfq=0n*R7$+$s)?J z^Eha%=2IsPp!i-^^ISRh=p}Mezlh!dw6%@UrLkIb=0IF4c}`2dN; z%l)~kOG^qYz*a@xV6kJO`d$_PX5e)Z9vf}8N#pvQ^nehuZ?Q_ww@oKXVy?P_Sh3!f z(yJKLa5u({{Z~Sfq&{?iAgqGf#3+-mjDv^8kXQ7_vz5E`9`y4Rby}GxcaL>(>gr6o zZ*R`1?*&TKGwS9D7DUf3nu)kfhkPXJ>#`1KDj!i>eT+*wZ$b@#D4sq|U>?F4bzzp)p7ZSUS1PH54abQGR-h&NX~ z-gRZGJ*AgVAga&U5hY1;CfTjlF+douEtbbNW_p^NSf==z`3zH#$K04NF z@99dkcI@$O0Zchw{N}I_eG}3m+ne;8Z4=0gDGpD*&!teH_pcoiFM_5yw;-*pE|>Oek4JQw_1BXKQe|BwXgEv0nm*lUxQSK zksK``Kvyc7ZRgI=lamizVB>vK8?9;VW0-C)v#|6hJXZIVpSxcISHadcR-%|QkYfRU zALZ#L?9POft089c!S3V1UCe2zt#^ke2Z2OhV_q*`9=cQ3%qEtxP%Q4kr0M4`PV(9; z{V+T4%^Ohl)P5u(`X8Y8V(@SEQ>PU-xAozS5!r!>_shp2m!G>Zq|OD_gj3e9y!z`d zmCTm|Cf5st*@;>k%E54ahwIv{mNkK77n#>d-ArF2UYq9Woet}>8`b2P4a8AjUo_a@ z!Js%lmml{4YP?}oBNge@UEX{MnUu3lY%4}l(+n^FoW&tvhjZ3Hylu3mc2*nh6>((PGECc&GVbpm{5uq+d526vxn|^F5x>UYw-h_D#>;oHzBXhojlw zaN7agu3kZL_oq-G@$O}X|5(@O`>RK7cLT#Jad1vF>5F#P^D|`Ca{bp>22;{l%`5+1fsNL{v|4<6R~vv??hff^U*AJ>js`R8U#xd&70ea_D-9D zvqDF_>y7gOSfjI&Fe_eXQcwQ{{PqFCmgu2tw0ouuo6Mhq;x=d7sH8Oq(4cn+RK9#) z>v9o+uTaox@R$lZG1whD(jpXhJqF~Majz5({jAGQrqkk~c_iFRkFzAz;-Lr?A>2^s zJ1>m~<&R8|+Rs%iF@p&VJm|NBOzw!INEdZiKSwXruYausuC7uy94~T=Cik%m$N>%k z;!I-2T&GAJ+CaWjZrX&I^1BmXH*YDpdZ)vomNqFKkYnhezCRv8^45} z0D~T8hCLDqlj^nk<0aW%K`tit-lWD>6z)Q?aJO6pftqVNXQ#4^6PtFnsPg5;Huyv) zSjA{kWfi4m<$BA#Tno4O{%g-0TbFeYOhcovWL@DzIu2hC&y$klTpzu3o>3m%CY5u3 zFx%sAh=dztGz8RN8CVG*x>^Zr8(^(0#`AG;Z%t21Fb|%)y^;aAk^pjla<4jZ?6fs7 zGgWV8UN!>Yct0hMmAbf3J&5=~H^IGP;6k16LBtaTy%uz%CjtI%8KC zy<)BeR_F>9;DAsh5^PzV(!zalxW|K%P3Yz(%fZ`R{C(+Xjk~LQpwBDV2|!`1v+hx3 zG`Qgzuxe35359cCTF(q)cJTNYOisyh>^|eCbXB^ZI8_2=G!z0|{^u|U`*c{4K~4=T ze-Jz8{UUlCq)I#+oZQKn%>?`o`y_=|u^Fy3dKf1!ee|o%hCwU)p(pD-1wGPdB!=>8 z+diV`gar;e)GmiQfUVaXjYlK*^V-RZI=gnmF@7)s*7?@ue4P)A%|g92vQ=OC!m@c~$;b9mLn=QhwRtd}WoHNnaf({O6Bav|_J_G1mGX%{9D3fF zV}kCFeijG!PAA;EdGVL>!D_))kh)*#pc5Wq4PbaTc->@0xM4DsT~Fni%m-O6%?B^L zQ4Pe#x21q6Er)gW)rs1@pOaBOJx6JRPE78&x9zGX!|x!ssW<$?uR>iPT0AdR8E)N& zT6ptE)7|a?2v%|&1YlmTJE_Y3(m(pX4n7Iq;~8<7t2K{3<(%pE(5jNsMh8Wt%gE`z zPUf|FWTy|)`VcbK`*kcQOYl!ubYfH#*D^oCM^NPtlEY&K*Bfb?Yz&4J)gQ|83lWiA*XXwx4xUmi!d-w{H74VC%^)uGBaSdpn$TA*2dfi##8q8X z1v;Tg&V7cx09xq}6&DRyD+zZjjkpCoJxzy3$8RruCNMcqhE5?vg%xNAKhQvNtDVhr zN%H$sG(j#2dD4k2Ge+QpukCc}uEbUDwsu3}O^@4V%h4yHtzJj*RiRE;wwyXmQ~LZ3 zSNl{mEPB#j&fRv>joOjzvl09PXJ>~LSmiT*>1HG%;ruev$VACriV1X&G3Q&sxijHp z)XLRH=QDt1BTmB_^#b}21<5u1O-sGds71^6k4tj74xL@e^#*BrFAN$MRYLWRG;sj2 zWG-4^Ic7?LE`7tdxYcRYzgJ*aw0C|~P*iwt4BJoj$ zaB$s3KC>Tp*Oq90DpZ5nAPR)7_XibFZ(Jwyk=B#st8RS5qtPf{XbT~)Ae>0JLpX8x z;AF&nK8nEbk?qaop`Y`UK*$HSdUO9Hzpd5*Chwg(ZTm%AC8|?yIKDvS6|{i99o&Q% zM846~+3zt_k@MjOgU=9|`|x;MZofuVWkKbiQsrUt^)+F_J_M z(++nsRwT+#rm>R&0`Xso{rgD9u_%;Kq7Rb6t6G3Vgw7y( z>%Uxp)E=IO|V83_+pa2Y67X zm?{6FUGN(!@cC(%`TZYVA;^m&f$^8Gy2#qr7ACU9d+0x6|8UA6mjhacw$o%V^CwOJ zdH?hgAO{A`_#aLK0i_78lLLMWcI9}ch<`X4{Bev23vhPOApZD&oca0xq4K_wrrZ1b z$*0GAlkgNaix~S8LJSO%<>h6TcH6a|D(zmLJgwwQqpQcOQYO4na z(k6om@sp-&#z*sY^9-)8t_rrcl`=IQt4KaD1wdSX(ap_`!qz~%iN_seZ>qsYA1C93 zIU3@-_Z|C=zBVh_OWt8wq3+J(zHfKxxZMWTbCpimNGh%cG8au`cz+vvOiyoSWRnM? z$YAqi(t2B@zUK-1zrS@a`d0mXRfDCFY|5~1S(@aGzrYr}=UVtT52N4bjtF_^4&k$Q zj+YAJc&?$j2AZ6X3f(TyoW*2xL@Q#)fHSntTHvbqB^cV}Rjd7$sixg)$P*u~a`_L- z74uFO+UdgJr8XT+xU9bT598SXd#3*20NBNO239DNfHQm72^EyS*eV>mTq-o0!5b|| zTYn%yvFsLUA5SYAS+1K`0((8V-0vM^qToNFn&&`O==At}NcXcI6iE| zuTttI9Lh2x@r!^@jcSuJ83nXxO!EGJ9Z>Tj7Y4W|EzePHm&@Y@>-Kgjkq`EDz{F~& zwuwi_*DorqAib`j;S|gQ%ejgE7U@L7@pQgf;}-MD^*Fv}nw2p@a=El7>Ar}i=sCc= zqc~qnW8!hSUju=dbE+1{rJis0|F*D3J=(bqr=;f+4YtU~^V_YLzZdjOySamyzf&zu zO5LAf5M=w}T1-1XttvDcfQYv{o+DnpV%#627>GnbZ6Y8v2Y-R8mU zwt1P$6miSN8;jTHx$E_{y>wJ)Okl;EY=aF1$@hpaes@PRSIC?ypN%vB>(Va^*V{*Wdx;$qL^B^0!XoHTbn5;`3#iMwxJf zwU8EO>4#k6^%3g14GZmTH6mY|n=j+h0z__~!5EBg=-#!fYSmhE%{e!J{&;q# zYjoikKQ?^I`sC{Rs@T1w+{Op@s9aMgs^HB+wdgzcN4ijf#PFm2ggnmm7k>pHEg&}a z_H{;BD?o5rzSBr0InID%i@N~b5bH_r@}t-B6^pt8KKF&$&FNr*LLwj%`oU(=BKAaC z7>q^w0#H5mKsC?0*t{C-3i%ryG%*QsB-es=v%Zhf3f}GTXN&7AD$lY0e@Z3&Q>Glu zrr?+FFFpWF7n$cD`>RP5kwMww(HWkeFvZJlZTtg2$wOl7<-3$+wT-63Hd;3=I78D7 z8B{U#iiS^)j{L{ll|58wD*E=$N6}DD0%(%es*|Q(Lg@B9obG6cjmF}X?ikVGAJ5YF zg+q*HMX^UR&xH_;j4;a$f6Q8}JF6^JRu&D|`(CvS!xPHvRcUc%i$xE7fijVJ*M!}r zT*##A^lf)>FNdX>wT4Ap<8RTv5h+X@Y{ zd$F3)TyaNZSRGvmm&ZLOKhX4wReylWfrt@>@l{XH&N7+w2l|+7&=^k|Ff|27MG4(L zNyN}bo=v(ej-xpLqL9e}&IKCZ(}sgs!faFm>EE~?^4BK{Y2TJ<$ zx)%lU(%NoNA7mHwn^c#8iVmyBP(a;F#{Ag!2N8{qr;5eW`Qtg6CZcF#&7PGkTFb8o zWN8P$m(`s}{SKX)6-Q+NSmQ^C27s+<>_TBl-}3JRqNv@tR#V)(wpfc6hpxZXI7yUb zJgbrIO5)ICP*6L(bGjx;3Zspq2`|nM-VzM2G|9N>#Qb+W;%^fJ0!U;4F($D+6_3Y* z+E(`GUn2WSLDr!U`?JjPsp9*lD}<`VIU2QC0J%AtyY$!M!SW;HWI^;O_#85Z^c?^R zn2rXbVFjTl;3tI?3O_AE{zr?Y&$~-*K9VEJ^OA=*vieVYuG(cbWTO8^r6k<=k4Wi$ zJo^COXK#ZO&j#1Kx7S#!N-iPt>nkUy$qJHYPke zo+FCyX*<);DxFs$T735}8U~b2)1N{^{}WmLC*$#q1db|F^w?Y->L-p8{r;XLAjbW8 z1D&8|u`|{+lU_^Kz&p5+!?SS~lS+8|tGBF5@HMa$0EkC8o+*1OShM9vmZ0AU;GAy% z)@biO*H~MqFa`8}=IYO0oX}@X+Xg=!(3vfACkRaTs?TMjWk;wHPGTS4j_41KE0RxoRb_ z`x1a~yZ&zp@eh@^?Hous>r(R5MGbukE*$0a$7yFr$Fu43bwz*SCwalwf;aj_v%c6I zEp21j+ed*XN;TyZn7Y5d(h?e6cC8e;xCKaNYgb>zjhf=;Io~b)L$K%{+x=Wa@cvVa zwH9GHq|@H!+sE4I%u{t@=uF(KapwPe0qm-VYVYm-05fkuos2R?m$yCSD8{k0E#o@_ z=LJ;8{L@n>BCl;|5s2iynth~PGbfK&UpGS3nK_E3P#uJkicitSenkpOizHKk#qa+^+Sd0z~&0T`&OI z)xsB#ktBnT#rhqbAL;yLz=*B^`D6Om>e#J|>_bA)ntq+VVeuSHyoY0*e0||!67PFNZ zbe#dZl`AWl=%nt(#rPa_b6Yx=$=>|PH*rYN65bcfU}Qe{VVsCLcU=&|X|?8CW+Wff z7@O{Nw$*`i%@y7C*ZHSG1H`U1?Rtr5rut8#(KPT*F16_c(Pv^pePgJ_mlfH&h<~V_ zQx1&)e~nuHRP1uE-o}uKH)XPXT}7q!A!*;=0pVnX2onJ81fK*-pY6*>G^zoFCM~%8 zFtztdgq!ejwajvGsXOOY7Hgn(*P>ravaUxi@RLbRXdg}AYZFCDj*4FCXydd@pu(pY zvE^6TtNHk)J;6eW{A0eoyt8Gy-bUT}LU&ZI>oXK|`7KloA8@CQ#%$yJWaVwT+~t)$ zi)V%OZ%@{q9mIc(38PPiY7Z-ZA!EzfjW`|;8$rAwOAv0)rS~U=#4@Q`KHa8uGb)f~eQYO% zz`5v*T@F$xg6X`Z1Xr!1`b_iG?qc}6aFzp(v-!G|n9F_Iz1}VyW_B%~L6kYSG-Qn% zfe?WH9D8vXqijVC#p8920|HGt>THHEib|t>ag4}+;(C9Ah6cr-Nv$URze1uhe?Um| zDj9sXS9%L+JhJcK<+gYIbiRlERf?_z2pgFL=mfrEiu*U>uBQ8d{&|MSeRJC(^$Cjv zw2nCzAJ%Dc%288GTMEb*8&$sr3j5cCG2Xr_-MmqMsQLr#lAaAz?(+L z=O(lLut;(g8r~4?x(zD0{;WCN>>R7V^sT5RTa=@dpHWgWl{fk3;-IiPfzPAml|rMj z(Wn2EFg*RfVn+f5u3^Q-|B*{ltFWLXb6--C%cKl#{fGviO~{->0tk2eNL59{mvR7l z`xn0#^>|$LJ;`UXrDxmln~}vyoD(SP!vq^U@nc(cr4q1&lP_A_LcEU_K47tq8xBgx zgU)1o)avPYq?+j^O&7P%R>G9di^9}*ocGFK)Z?*%l$7Sn-x1iF4H@#z{>)C z26Des!vVEOFMG5~RF2wQ9%`*EvR=UX61doY!HPvVyty4~ZGHF@&25*HVZoa9duIaU z$n$i*D&;AULK{x$nOTpc=>((&emE+!_R2YuxNEk-Z>iKc5pLlAeJp=^!uAsBrt7Sb z{7^1DP%9HS&)jY{FeHSU{l!UO(|ePikDmzhd+>zx4n>gWwj;it-`i<+qR1ZnIhie| z0sv3vyZRN{RgNb*I@7z)|1Zk+4`O!Ag#qA~28E;aLrCaL)Q0DWjly{@moI=BRSqyv z22Ps>cTk-B!!@0DTYZg?*%xF4HG!3r;>4=!-c?)oTLm9>Cbnu*9}m-cm6J&pI-5-1U3MN1lj>V(d*ZB1dh>DcN>s2m_8c`5VJG2V>>L#GV7iqd%A3Zq{a_92q59M8l}L#A^o9mlHR| z2cM|dmD?i%{zi%U*FFIEXyj%%j?o7I7)ebelQ<#~(eNnO4M&pFtv3hy9SaqTzXMli z?;P})(I=L%H%&O`WwSXz^eOP|2_G`!+Rgbk#0Onrpd2uR`NV^*=nn>C+a4`3171eB zo1>}y(dzGSPXEU#sR@ft1w2=6Qf-Znj{X7-EoMgy@yK8MI{mt8qfL#ol1-j3t7nss zDBL!lN~)kLO7bq?Kc@SCc2tBd09=$;#stYj>Rm3WHb+1LOSAurNggsC2Cu0=PA)ET zr-~H^-#Z?!*bKzbsV6N+0yarKW)IQ!*B05oslHAGKO_<#cJ<47OaE15fc|^|+AHV% zHmkJfg5mHHYv}_HCcL?F)8Vq_;Y}==^W%;yA z^>PWpr(BDqv^!;#@hEzfHSJF?|K7O~Ux4K_Lwr;Ot~6idbcRw!8UH@c8ct*wPZwg( z7mw!o4Y22(A9%dCM)`yRR&Y9?!9Z!`o1_FJdo<$3qPlKIij?W4=4nXlV+qPFZ+n;9 zTZR<*nVf#&9$K+yD9$)HV2X|olE9Vj_fYdKH;u zG)*^_29k<+i_Q;soB$kDq1YwYp911$H5&iKSIrS31PNlUg5dl+bS(VYIudI|fXUB4 zPD2^n|1uhiJ(ipVjD~#uei6FQNM(w|^SI-_5Z0L~V>bf2!ck26*2Uk!X~ir6Z-dT^ z!5Z?#!RIQoc1O2xaUi-FP`;02bpt6$;2mp~%{FF81+kFvSR5mgUQ0dWR_kL6|50n} zLPqESr3y>PN9To@f!NXPij7GuRiSLfpuWCUe^bL=TOhsPo1!~~LVs_`Ws75SIYaYe z!Up@cC0xe3UAD_IDd>qaE&hF|T0Uin`?Os{@yz)SM@tnwS)YG>Z}Ws@D)Bg}-LjKl z5P35H*|)7HcPP$F=e;YVRd2cyI}}@O0vv!SC1R=y;^t~Eu^Ra#&HJ6$r2*hBEAMPt z6Sm4?*-rT=H+2`8F)wV&0BCjF9rJ@reA zD~5i8AH|aVFLn!&2De*espQ=!CnBxYY~hffOeMSku~A&LR^w-Xj#LQB^txYGAFFN; zqr9*N0MNAXwTuD=LLr5*GoYwYCPQgb2iTowg?rOT!S%vUzY~}?DHrQ?6VQ(kbUxtC zxViNF$k$KeQ$m(Kqsm;&IUC+8%kPdL?y<6iLxtb_oBz zZ!lh2PX|$Qb!cGVE79VV!FNyYZf~hF7NYoEE+n@A!BX&*C?QZ9c@I<>g>K4bn$Gt0 zQxkfqrECqGND~t?bVU}AFb3X6=&%cS^50(wO!vXJo513=OKKG-i?rFyF$YM3gYi;Mv{ zHvtMsiG#V~vGFaz(Q;jfJ^-YK zM89N=qDnI&uVhF`TApx31DR>$~1b{sSI#-brVM0$5={9 zLqOEWXpC%q`@6>+WPuGsrrMB;X6xZ@=@fw|5+`vX-Zy^_^mF*1fy$9XY1QX`a@n)Y z+LwRW{hi0CICmtw7Os(IrKfV#qUsB9p7dnpm%{Q0MQ{V?R5ae%@f2t6I zvq}hoD_5QR$z}WT1qcPpmB@58Zoxef1!P*8W4p6cLBSThkoB2Sy);Ia?dt*{$`0`c z_?dtAkkhx4<+~Z7>Nqks7cs-c0Sh_2eITkOD z#*Z*XXOJ2{&m~!A(Xl4(-Cubwzv+{20G$BMK{BRu3J4|lC2mh2fyZ4reJGCXwD{4O zVfQzPY-8vQJ=hC=kV6&fDV5_q2i8CB!zMNi_p1<~H-;L;>5+&*fVStLVx+s7?pn(8oG_}t zE$cX*8u%FC3=`lq?7YXK{P@|qZjDsa6*?H-#`gV>e~x-{18Oy(K{Q}@wlZ3%bI3}x zJ{!R2a-0ap%pv6moSW*sw(&W!>7mRPA^`D>cqzUU;02n_+XpSVIph!Vxz=&Z7se>| zOd`$iXfx=WHqE8{A$T9pRg1GVy1BgC97z_i)3&mkjKjj`jynOY65oNGs}$xZCgf&} zcQdosnNDZd2y8dog$GiriKKQai0A_Zm;YYp$bYC7wETdA{Qd;!s9P zJw_T^&}%*;mvble;asETTm8d;y~%hEK6$0{MG>XxIZh~dD)(iCc+8!gNd~sFNH{M) zAft)Z-||Ln3?EItMW>pweAW!Ebh(sw-YXWaz(3mBS(vqrk}?PkcRG`P!G8K)Z#)HT zv(kp@ydHX8vDEIfm|L(>U(e=df@Oc&* z3hrDgdD6ccc8liE6e=WhJ*!gIXuMFuv*VJ&_<)C%QqnN<*84XekYE%2!1@DveHV$U z9?=l~Jw_*eI6EO6NO4UC06n(5ztxTB?L(pN*>it9%Y=Nl^G+)AfJAHjBg_1(cI5VY z`1Hg;bdEZ|8Zd2;@EE{$QjuU0Fs|J23T`&5HmX!XHFOXiEmoE3o0#YdMwOF^KPAAV z`q^CovsJ)Y9n}4C4NWlIFb0mLc&`Iz1aI=+=`aiepaOpmvMN&%*9*#LG+>Pu4v|Lj z8UC=|m(+{+Q@O3qb|Qk@ z|A@iYdfVYYxU3T}%qql7p(LsOo>$XNULu$T3-gnRURM7-kkE?uO<%UOn>EyfI}Z$p zI6mCmP7{%pubj_F&jV>|!P2sCj70TRwr^g&H-^m{yYx#oy@6?&Ut@)|uJvxsR z>;VXFU7|IPu@Vn=1Z#C)dpP1*QHUQN(048lC^j~ueO_RX>>qQOG6!~3U6^-sdsgU6 zY=4$O;*#=sR>=9yJK9evFQRy>&0?YU+(N{E#c@y7C$u1D(EIa$ulM5E$;SIr|4m`3c|!wQ5+BFaG=cI?}+$qZ$BW=8CSt!9fvJz5i;?^JFmR z3D(sG0ktNKkLh1|^wU^spFo+OaUjOQBF_FDrh!+?pOWp+Y%j1b{L6~J!v!$c3s11p zdkOgTUPPS#ekFBu!1S}lAOctYvG4y;O#Uw}XQ>JlL#DK-zz1nX{8t9rO3hQvtd!vU z#`%AM6l(>5ZAG@Z1p3DWN8f$5!!O_c{)WxK9K;RaiJ^oZfh43s0M$kqV0hGOoX8(~ zJgVpF_8xu#=%#tPy-fCdJr1iqq1#5iVKi8s7rXLQbGH@WeP71DQu-IQEVa?$CSMbH{Vbl!`W`^9do<*u$cf=Zv4*lE+5&*~ zgC7nb^XKRA=G~v+ctf@)CT=gOJSKO)Wl4i5T!LB+kPM_Vd)X~;5G7-1Ia%>8@Bx0v zT*T4$wbkqpTZ7~si&_=88`*-Y9XvDRN{yL`TwBYj)QTpx!kVaRE#gGG#padnvoCXe zZqz4)xf;W~X?We@GszX)kF8?&Ewo=UKVZ6NhArNLv6+1EGao2kHT^b}+q!#}XE4g^ z-*hF8r`iw!P`4zmsTH#`&Ubrf%NR79(gq(7vXQVEzI+Fha!UIrapn&MsIQw2`R-m_ z|DssCO=T1D=q3NH##j>M`Ow@JeYA1Xj}0t|Ib}-s_}tSdpOOaeNs$2I}H( zC2E|w7XP^O_Vf%D8}hm0kbFu!sjwVQVEYa5?e{P>H{Jhn1>uXPjSs!Mznv?7zw8Gj z1i53G=t?gejpUGw$Ft&u-39fY7<#BhLS z-RCEiwyx0AEYaw*;o$WY?iFYA*}?OG+tuKC_v^?D=?9+*Y#M3!OZ-sT`7E{gM}Ci+ z6)*7W&qz^?Q8I@@3}c0?Hk#P{xn5A-Eak)_-_Hf9HUG6AZCP{jJMDgFf>{KgjvhWT zjr3T__X4d{(OT)`GKl$1{T{%6{1D{PKiHJ7bnkD!*Jz{Nm&yN5zM(8hCxA1gZ|{D~K6h{Ak>P7A!yekr&n1EjpQnZ5 z|J+OW8>53WnbT&Il7v6}TFJC#H-UrkX`sIlOVU-cI2M?A9k!=rxy@bR1$f86tx* z4aWf2CH-aqHOJ;^$#wKL>G9269Ofl_P_&?ae8$2ml*{ zkcz&=wUeVzvFn4Z2m4EA5VYD;C*{HIl(;#I&pL zuxE9*r(_QRi|+VbreWz>$An9Xs40cN@H-y~^S>5&`}TcapcoR>i(t=Cl0fe?ZxTLg zb$)*SEcTt|OAW&CB^M{??t_g%b0=A%Y5yV3_ruGB5AnS0zxs#zhw7skb!Fnk1QDG9 zmt{dA|E4WDWo*ca?B^nG4)w82c+jjkpU|^qM~N6r_{q%o({jHh%e!|8^T+oTsa1w= zF=H2#@H%0ghptbu7Lma|$l&zqLdy87HQ5SnU7PX8Srcr?_2`mw?V7;%6?1rJDD|qu z-AvDU_AeADBq3j1Po9#Cy$RJeOWd5u7k4O8oT$7R?r|T2zlO_|1pxgLK zOGVAhBYr}-b~o3GRTrJf{&ibnQ$OAccRIT3?8cclic8O&1?vW1LKhyvLQuim(wz*Y z*Y*ZS=CA{$uT*_y`lHHJ3U)d$qgeE*qbty$Fls(a-5RnD^!CI_OU)r{VGlxnW-Lx0 z^qqFmDBr5uSVwECB?X#c5%*sl%!97Fv+op7eWklEUWc1{WncyutBMb+)|$&7>g>f> zqhD+c#nX^HIGnO;3w|pbd*fP1DoS7AES1{A-5$kmHkT@2uXJ>Kk$g#|8A$>!&p|la z*hlPix{*PUvE3!@B2}PRTC&hRMK?_GAPt;uM#_Kqb`IrsgSnoHBdKS$lCgphTdwnC zy_&RRiVy162FE83Yi0Ut9ML&Sq3dMGnA_Vwg-r)b;OZ%ejkIp7sCFL$Vb#Q}j{Mse z3?7Wn`WL^b)&4-1ga=7r$By>yOKXys{d`70GDU?kS?LC-+S^{63Vs?+C>gJ}-OZB9 z11IT*5y%=HYJ6m<>O-bwxsh@&&ERWJ^t&CbSLgDR56w^Y_+ZDhvT3cIjUm0!vY8sA zA9o@@Z~3!4)P?nf$l_&ars$l1<9kq;>0H__TamMV_~gvN=`1q=6tx7Q)T`a1iR3(Z zTQatAd(`EF`|oc%t`F$TyGtn;+%;6K@~!vA$DQ3dR+-VQPDL2NY@`ZyW%xAO4I)Z4 zCMrTb^Bi}^g{tiKr~q(~E}9`#-t@gVMnonOSuc^<6uJJuZN8x2e#5WL>jt~t&oFdV z9v(kdjOzt<#zA7hmdc3L7!Y{&;>uiErDp%*!K_W#c&uqVX_}D|7-QX0P?UJ#D`r8fre4zk(@NlBX;3+2U6(#7=RY5#*%^l>_V7>Vv z^gTBDqIi^;%yUEX89_GP9)caenkmnqw=>!O zou9F!N^r|nQctC#>D+m*0U#Qd8T_$JA#Ba-sc+Bfr2&d{&boCakNKFJg zoG|w-F4NbTpV{BahiRO{EanAoW9f)b)-r6bQ3e>$mDJzsH6@*(3XT1DV*w)zatryNsiyr!mu+*feqsi&+l-)i{qs0cRjQ$hx+T}V5BeTW*Q;=A=Bwh)<46`sQ|51m2_UB zLX_ZySiqmqog&k|&sA2m3YXUHl7c(uUYMO;GovbFQH#%ID6+H4pw@#-9h$9{0#Md^eQx$xWX)L+ zi8@cfcSU<|%k&~hyFzI4niEHbHYk13z&#@ivZwjVE;P(8EF~(Qd16TzrK@0Y()*D# zlL$;F?WE~G$>3$1cb}4+B51WtkrL@ss1Vp<(&*};Pa~(W@Yn>)>D=Ljy*k_F^7f80 zRwgwot0N7@HcEX1^`|8bJd*S+(IG>5#`ex-;#i53%_p~5jHPEptRr%(n`s;gNktH= zIi&WLPJ%J}F!MQn^dMdYH&c4;BJH-pQQ@S_?Leh#R~4w;E9e+=t1-=JxfDvFhSJX$ znfOi`u6_)YW1l_RB9ogQIn47!O}BfDHTy(q*azG>qgXof4JnWONZ(J5?Wm9aba{P1 z;d~(}{xG9!&3e>VM!+vlI2Oqx48e2ys(M3Em&lHg}f`EseSvs%1pV{T9)fXYw zBBDP0OzZq5!z+TzM3&qCD--ph?rN`e7dmHB@48?Y@Wqn=h7pq{Y%25ph|PwW@UIWe zbnT26p3=+)`{V+N0K5RWK(uVsJV#kGex)R2e_$-GKk)LGRm4`~5wA4Rp^0+u4RfPy zE9UlXu;)j=a%($Vm+1*}3t4iX=SUk(tmP9HO+61nyw|L=Or9#`D*>LlF~|`3voOyj zX`#+4k;_(zc2D>CYCA){ar~#!&5}##uUIh{5I|SM)Nh?Y8%gFC&HuWn>~17aKw(~v z3?14V4~l{A6NgMX_PBD^b$0(?;EPrGI*v&xCbfNg$oP84{V!hQf|!Y2qm{c&Y4r{M znSFxY>MKF%MU?HBv9eZYqf&z4H20d{Bbhf_vP5V4(7iU@9}cR;-4o}q_gMqe zMp-sY->vz`8vl+x0A=&tDB~|izKJ`G&rud(=ro3o3Pp~cNl=$9s8BtkC)ai&T1SHd zVd{5CEtdVGM#Fq0BexrN@%s~Quf!4QV`;aN&27XZ%bTajV0OE*8_jz}^2#c+w2PxH z)%OLI05Z|x&GVmb$@FF&+e`{ zN5sAGGdSM%oYkrn=_Qnj*6(Kh#J=_k2Rls0d$ z-Hq|+x?nB;*?DVSR@pF_J!t)mvTa;0^xdZxHWqUzn7%ELq-=o7%&fOOq+Mmc@`M^1&@aBnCT@VWQ;;g41-~$>iTq|8imo? zI;1opE(s>-h2lp_owR@nYS~iQ?13m@SE*z=q_Q)_>9oT=jj=jRx^L#cA*D{ znvR7?mg$yB@7aR zGQ$V`SJ$RfPNF5&?by;?UNDyVeC`ERLm%+FmJbryH$Nrs`MAXAUtydM^1BO~NwH9j*mVc|XTI-Z_nTc`}wIwlyqrj^@&IFm3#7 z>uGf#nEnC}-m|dO^OMpDGrd>JD(liW&$n%$qHnMcT@9;3vSj4tuu#i288$~nSF2Ha zMGClmUw#Wak+5~5Q%Kb^GufN9?w^_uqGt{EG38(b6!{Wr1vQO`QI?koWizlK=_O&M z2$zyw7P05f$Bq4Uq5O7RoC|?GVqg>3hS1L&?BC(aI~iUMrwR<1Zdg zVGayE&uNvC^K4-KCkQPQq?bJK*rPJh-ZfpxQ&3L~UHSy8JFotp=ywr7a<=AG)L8P+ z2=Zmhu#k$Us&tM`XAns3ShJN}gWh95hj7xRR4(bKM08JtWPDcDu=c!!yFVmJ8W0Q?$t7sQpwNY?3Fn$(vMD^uDj$>xg+ICqxBH5^nPS?JnfDR`VWeS7u?Sa~14aa0>tN5g>s zZaD!&57gl^134Y1{oNtcpm?V9sGVp!?jOmUuP;&b?^k?qPv1FN&8FKtw;eV=+dhgl zze;4cNVR_4_{Et5{6@o9UePaCx}>*hvGu;e`Mkiil4IAqX5auY?R}hTb{#p}=qDY& zJiS|?RDfRj2KoA^$KQcm`q*EIjt1o&7^gCDAVF`WEtW-Yw3i#Bf8@!_--Nr@mb9x% zuE{5?+;cX1q@E&Ke0qGLpUrpI1*37Tocz(l6SFl!-f>aNH8lF#)21_3i@~|pn^Rwj zQTq~axn+{V5!y7HVn^zKQ^##p=XmNnj&4iel2M@7rPaX%iB+Y{{P$D`S?V>Y)vy<6<7X$Dc}THQ9K3GxMH=;_hqFEAM*>qFBHtjXgL{;hw=T$Oxu{yn zo88AV`)z*fKL%&>9$KzckXX?Sg>f>p@IEf2RPQ-!t0#3YS#o$7@t#yTZ2g2VR8kQI&2d8 z5I3NDoVk~?$~^Q%fV&1Z><3D|EWd4zHyJiiqQztzg95#=(N(9-3c|&v&)2JDZ|+lw z+hMS$yB%YWrrUxU94&{fjUB2^g`9j=A;=f%zPE#1;ANB~c3Vn*wU%$aPYK5R$fNy{ zo(G*X-|_+;8l-bYU@8#?$1tP`yL8bO5+_`M;yLZ8-A!k)8%s3&K^mn?9z)ur4RhTA zX%}<Oz zAd|LjDMcPmq-1DfzDk+FZx8Uhj8ncFMsYOPWu;)x#YmmjVHN!Th7hLDgM1Wx=*tL= zW1OEPa~+8Ko|#)`yy%>A8cqh5Yr3*vQis7x4@85~syVh%>^2@r%WqB!(AcyA<$#Ua z87n^q3{f-<@E{&14L7?eD13xY4-M~~Weya6hWyG@PmLLDvp+*Fp9=6@a>i@noxi~( zVtC5FoPr48Kz0^gimeS`%3LnFe`&#d3FNa{lg2DjtA9O?Y7|JPHjpe+V-Ctc{XJp$ zXc=zx49Y=A@xl7;C(f(!KUt>f^Z5ci|0M@}`r=5zEs28GvDwE(-t+SYD?QMce!G`aW_Aw(w)^M_?(d)I3s z(p;~8uSqhhIF?T2Og_UcTj(vO`1}N{3S!lek*Yew-7>oPw!#YjA-+!vj_+QE3?iJA zHPn&A@XII~3tIsCrOMHzf!iW))&`EP7XiXi5HY=N&nUuNDZTEJi|93MAIsnn+CfyS z@@0~t8Z3y1N>shb6EB5h_BwG7Yp5Cxs`b?z%d@6P6%tJT^`0OXdq@^(sA!Js5F?iL zCqFv8pxFEi4z!$o1?{_Yfdx$x86I|n)taDiqzB*mZ$wN6xo#0lyhSNH$qCv)zA#YV z3Bt0J>qS2ojDJ?%@8wDFOsc576wBS6jpjD~@CPp|*UFw#r@KsPR(X5C&8X#5sbQY( zo7|&Te*W+kwy$o;ye(x2@X(c6b#Bw=qSuP}M*?Po$_j4@RTCa)ocyf`hqUd&;%F4- zzKmyGzVoJ4vHfzq@gu_AUbPnbd?isJ!K=o6GM`!5)MxfXrVh7Ev$G$$c3DcyWPOX> z-o=4^6y+GmUklDNt#;`h!(v9pQf`w|vnuXOuP(oqZYrg-T_R}%Z(UPAICONq4&UUT z%l@^RpL;zXRuroXYIz1@nuW3@41e+xnMkKTVAoGdQm9VVnjg%brN6u#6RpfwEUmWQ z!>My7aQzr`Fhw`=egmM15oY)x>FTMMYBW-y}{iAjQj_H*|IG54zeX1n>~_{1uC191C>zc2gy%EQ<5+@B>Q!Ji`T zIB{@dW6)IFNi1)5869Z0d^2b6ush2(>0-;~8JEzU3O|sTsmPwYqmDhs6}Z%R^I#$q`?lQB9t^68FAI{jt=CBt=- z-bM@F&Rid}@i(J?PV`|6Y8F$)RD^kiz*BVk^Yz`GRU)iWe(Vr5>gA$ozp*omg9aaC z=UIc@eFE8GD5tfUIZdO}L4o8eRr<1X^wY`oi8WjalF^gxssk@}gCUo5J+7lsWu4C} zg-m18&;!XCxQsdUj=Kr}2(~`ra#px`d!;f^;U%-ofP`tM%g&y~rnOb_^Tf`C@O3^{ z8My=v`#O~BpFS|tK0OamI}8k#J#g}Z_g-Vp445$V3-zos zyR>`I#2T}}hWboQr{pO7w)9hB%7~bEyNzJ;^D8N+Cc}1(%ob$k^Eu7>- z2a`mhS;|c%Zhx_=Grk=?*^gMT^Z{AYgXe_p>BD+mI$paFYvDRJQ*gBTeKw{vD7gvS zaW7_MxOW{rnef%QKr=z9tf*z?d9?g9xxluP3Ovj(S|%x(dlcX! zw~Aki!GYehCB0HeZc;Ghn5Z%$jEbpx5;TwUCi*3#iXu9%@yfX9c& z_BIVkA-Cm9hxi;)9-OI4Fc{TOR;1pndn~jdN_hVnj*HOsiy8z_ddE9?ymGw1amZIH zw`EGf1jC2u0cM7g4`nUSwEDs_k-QL5=O{U1v8Z?naL3kUkS=h5=L?Ur=Nk;eF;!va z$yIE;>R;|$k@>hW>O8fglK^UrIfRz-0Y}uwYgo_Yva%7mDrdS*0s{qcGS3v5DbsSY zw_Din`3XEh_8mUp83gCJLP3xIxoC@!NWea3Ne( zx?Jz=Aiz00dV9Ma#l70S?T-Yh20_mD<=)^qKAbV^%*v<^{ygzq8kj@CPNrDzHlEBJ z;5#=kwA=71i4PEcR>rZ)rh8EUbwh7=*^pQ>LfhVWhf(FE-daw6y2Ud5OC;CK!l*R$ z`=Nv8px(R)A%N39E7$TplKZIrI;S(T5^=@G^cSKxx^4zB7p?mSrthK*n``*b97+A- z^$=ZEwuw@Pm`w>Mgb0Mwp`S-=uhaB#eKg7FVR&@l(opy{kKv<@7k*=X*8z8%SM<5X z;%05un06QYF+oPdaD6v<)?YwY4L_yg>^Q6NS;vvN2B@0CfL4BYFq_55q8dv)d`zBE zI4T`lEiO5@0Tq_nn@`NSf1tydJNdP9IbMLyo;!H|JuMtf2j$H<)os?A*19cB8g{Wl z$ctv>Nh~M;%UY>^#AvWyx_S=B|8CrQoayO44iI(BiC0^FwG zMek_ZVrAhoJKJ|Jz@7S5h>m*x@ZrU}c~1fjW%!8AE@aKG3US*bNwb4w1fSE8c71RiUSTl@m6m)h3d7~S zL+zk`t&RhMMFt{Xs4at27$%Jj52I2_`1{KkC8>3C2n*87XAoE;mcC44m^gmPm*e_u zjPy06pN})Y<^SlYx=Jn$NunsV?l{kuDBcXlQ#$cxWq2iPF$X0;VvS(j<5%eP*Fe#) zlR-jf!`>PQpsdgf@4dx@3A#J!RVYxMHc3ZV!B^OBTi^k{z*|*Rg|72@bFf$*9|wZV zx-0d$2h{@+@F{i?DypMKponJ(Ou&VVdGSZ^wcZ#@IDL{t?MTBymi zD8Dts6{rB^`hUFuDuC|L9EU;HQ2sryz(ZlYH-Lh|xy4r%V(~fDQNSqO^@A=KNcmUh z{28ur)H0;neiA5@LcALkuPQ3(;{3h#G9K@>%7Qyi1Rm}bQoY8-Uo;A@1x^y9curNvKa5E8V<-Pu2&+;z1<5Mp4#7K6INf{`;|QdS5r|jZwuh0BfJq+8 zP?fIQ>m0U%Q{OwUg%@=s$u9j6@~ss+&$WTClm$GPev2fB4RS3zBI)vCt?K5xr&MfX zJmJiJ2F5GI7;5{@;r8k>)_x@rEv|!yWk8F(9S(TBgW!P=bW)nIct-2`0p%NZp>@C- z7A+XV+@nq3`kxcwoUxZ?*_FZTSZhr*BPG2B8wb)Z`X0LcN~1Y5oI)TAP0$XQS_jFs zjVDOp_55JIVScYZh~GPOGAx3hAH4%|Z<|#VNV14PtW$3#cB;8L7!>a8Z%Zoa70-j) zM59n)wT@r0DrOCZIC*U-DcPJ>nQ~6^KMawzIV){JU}Hn0Azf{QG58fPNEW>}A+J@d zc!rGR8ZXF359V9C+KBu_a3Yjd`@`^a<=>Htn4UnKF82({$XRWmmd^9Fsb7umF6Kp4 znYQ4bxks)?TW`=l8Cc-U=dJ-= zdYKtMNK0$|9>ULne*O#$Nn7p*mXVJyMyDXOdp5omG`SMttNy$Z3GU9OW`>#7T zbd>_x*Cg)ecBqmGsoKFe9*}`8LNue*L?BpC`&xvthd1zv3O9Q$C_@Ic!5)00u54vp z4(@)d;_h0uF20Ih8kxGU28D(KgeK(Pjh*yMQ}#U3W?(VFo%3Jxp7yDDY@v19|I4g9 zPU>>u@h7JZr{eOucOBp~2>q|b74_=dQh~FTz<05Q^cNV{tsP`wgFpFt|4o}|9>Kk3ZN^=i z7K^_HiTsN?oarO7A7C0Kbk89;y6o;@OjU~#cl|`r98>g?ub9pqVhI|+%G_Z4+*0wU z91elI@PdLD*D$KQd>qpFyDPPmh)@bLl3Jq{q*>GF!j6NXB=_AC1x5v?vqWYdTKu!qN9o>TBZ?``}L<^s2BzN5v$OE&@39B>xO{ z=|DZ)uuy&l#QF58DKwEX5U!VPV~Z|ZlnF0C$-cdtQ=9>&|1E`r`9fEWBrowjji=ko zYLayJiT$bxu-PsdW?>zC2OB0K;YCrMOOOdR?+*UfhUhIfT2WaE7+94!>aqNMz*|0Q zz}0`&TESuZ=1?GlgR_4!U{){RXoxp#c^Aootl{^WU$IC5vD7iBuEPq807(E1k^RC5 z-CVp_VcL&^Nd#lo{?=`dJ`I>=$Bz0t~0bQBD$vvwhDY?B8&pSX<;J=rT&B^zVCqsr^M?x6W2Gx_8y^}Oc*EIbAKH; z51$`%sH2j9Z>>0)4F3!sHGlA6vt8Rp+z;(Z>CsZvdhmFu@;-xT3|1Z{sx;4(g&`xr z_7NwtzsuGzhA)&!MpI<4YBvq&-uzt|U9ECIfd_LRM&j5G<}--$9nrOwb@m3B#hHB{?^kQ1}gt_umVZ>aU|5`C7fo?;KBNR` zh)tBv=kSedUsUVGvS4WRUytz*eva;y+j_eSv7m;SqOhDU!S zcf|KajL|cQfi<1$)cBjP_B(qZC_B8>PD~}73#qD-^Peo#O76pGmsBUPtU(gD6zix; z{kYFzeI=ZF-@X%j?LdEJw;$+SkmZ-eQh0+{OM3=IlAUr9z*3qhTI>f=f$K~(bDiiP zp!5f*rpWG)IVC|YZ{FyS5WGj$VPD`J-pp(+aYTRv-y6-Zd8scxj4@(?ber^MkdIJ| zBeAkj)-xJk{69*~u7$yQsl>jUIW0mA;GI~iA@m()BK^AB0Pha-$k(*OsK?oS#&?>a z|D_mj?S>~3FFc{KS(21fh;L*y69r<@ z=DTQj)m*&&x+EvpfPksitsV|sh#Wwj^2ny+sW^+NnE-lZxAiro@uMiUy}Li^&1m&F zO^JJzlr0!fFIgg3<=@MEA4XA{+nL0MI#gmKdpK(q#8*82aU|Q}Nzd8y<@u6Al+|+n z!f~@Fy-ahy?iHa^|MbP}`Bz4v$#WDKNO>bs7*eo4eEvQjC^`C(AZ~rIoerwk?DQIp z3!u;^kpr+^o?VsbsL!#$FqN69n+JM2;U%>TvSURz-68nHc(WldX?_%5vSWd}U$!T| z?;{Tnx^V{jB?6awo;UGNeq(eRC;o$-8%VECj;^f@i9V^gdY<%s-km&9x-jKw+<^hJ z4wu4&&n@OBZTmgGQ>mcnQ>+e6&wFS<%M}}M3h$w=b9Qu28jo9LAVq+Sz(l*}rUiZn zs!zPT=X-;d^`D|xpHbegTdzj>e`rkC+ib8|z*nL1B56Zpd^V?K>=34xM{W|d<3IqX zXk8xSCG3@|YY?GLvJ=-=AMh*_%Gk)_Gw6vfTnzU0EF0An-R@E`(MkJFK-T#JY>c)u~? ztNr}P(#e@G@;U8+S>wxm9>HND00{w@)vw2~RjaexMKj+^2^%-v5(u(0Y9}PBm1V6N zLPL-6NkwobXV>0C36IE6@J|$zrC=WJ?wycJBI*REmmy!QIb23iEZ86}Xl?myaC`NkE?Z zvS!%5qdDlZkK-)}ya7WgWuiY7jv_t8y9vq^-N)TR_2q|hEW-P$M=U_;9MKB?)wwr- z-;9ukw7mew$V&`G@>9W5yii+-qtOYKABb6V99+HDInnn6=^#ho+Z`X*Osu#fitkO*94b_pWjg1vKCe z0?h4i-zzvhQdnaCm~o_uG>rJe^nW~U_L5c~M+^Omxc&=Pa5fqtJKc)jQykB**rpw7 z@$qqxf!tDDCrL7uXu5;odeDZAB)XK-BQ)xFgIuX>+D_X(%gj+#nSdqzBT|RC4SG~X z=Z|Uqf=L}yz#fc?^`|Y_S(RHq;N!+SVvR$IDSylQ0*mm3{6S2Z;=zWQyR(U5VP zIM#S&GUffW{AwAaW+{aetCKmt z8*Kti>APi9t3poz0(5*c5C~~f!H%-k+u_tN`u)2l@K2$H&nS0_z@BY3nG?KL&nI$y zvGgT=DM?XuOhC!eJ!-xbz^A{jDpwd2k?<&_O<3{0y8JyTfrgs&7`GB}iq`!3C3O^sl9VA76%GPmU`P z?dI;(WWY8;un;Gy60JBb-qL=#szeWoxBVHL3Q8dOOwr_R>l3s0$-Fg*m2bIst6xg) z@b=pwDskn2zcV8p>g2fPfvh-G-f{B#=z@q0`pu4)$K>&tZV^>Ors?(VHA$6dUnwUc z{jTTe=NU3?d>{)?IC9=myo2~og=o3?h?s4_qsyB2JDw~cLHTl5isa|{3yFw$97Acy z425}j5C8853`ot}-}C-D4P9|4>+j@?S5I5feb}HE^BLK!#p&|cnj_9s@hX{VfOnh6 zlXZBOj|Rj@4)=fzCF*qhsoyT0tT%-E%}iEOc4lDI)wSsi5o9+0D5M(sK?gM?g5-{u zJf7F;7+wh~#=Qk$FzcGZFinQGXf0qlU&j>{JV_2FWe?{g}X(&4o9 z=vS5s{X2~ODF6vxJQADcm%*fFJ(;Y_`a9G6yOk8RLdNuO>_q7^cDa&*u zg%R;c1DAUP`^ePk$i2*(qmoBYMEu9{{O~t6gm7U|{x7HP!U2j3H6m*4ORIoC1r0v+ zsk@OI0n7paS_&_>Xv_8ji<{Lq?DWzkwo||8Ajp~AKa#OKv;y-(wT@FaA}Bt&_{lq` z7u+KqC}_U(ervpX~Xza zT*@?-XI_h=MUzO1+W6_migJ`LJtR6Cr`Bqp*#a4*jpCVuP?tB=@#A=)#b4P0W@+pi z9_}u+`c%O2?9Bc}M}4MCZ`?93Wb~~eKH}Mk44{Feq6h6t)6j8L)*7h@%ZH%&1Hy$o zK!8?Nvqr5j?NmbM9*DHkMqSk<#=qg#;ec0ON-C6K;_|}=N)5_HKM_D*-|_whEv*{q zLf`ibnX01~s-JAaYoCIQ>Aty;_~k0Ef2f0Ev5pM~5-jN^uC;?v>Y$uZB1opRvCia@ zM2L)Hs@!Yu&2BZaUKN|MsBD&bP>PEOna-Qy_g#iMX?ex-bTg~KuZ z^c-&`O&_u5z47x24E$i@+KbHkn*)UP{->YhmBYI;`sYYiBg`qd9h~Vxd}6QVVpjJj zhEdcvZ<{}B^nWzh`-!qL{hHIiiE!X;z{1X;`59i)l`8DCOzyOcJik$&R)N^J73Ae4 z>J#`N{1@T0r)BiI6<=z$o0o5{v-B_^c&ce5z-uuseZgsrZP`0|3hmm}sGI-IN@02S z%Eg0?VlS}~=f{w!T+a$+PMSfhfps&7?Dp`pi1juO_EJgFHb8r*Z=OW40l5~%gk@DU zcx}_b}R3 zB8#ud5$S2=`)B~n7oZ^e{E*D1;+9jE&!!$oF`69BNyH>7zE*C2XW99U;U13(4)?(} zsWjncM`lx7b?GAAf{^W1z133P*KD!XM&eC?iR2rMNrEqfuOH;(M?reEQYM0X691IoT3_!Uu0^p5VUr2=Wics=|A`ruU+==v%NxMa}k zf0SDumNfXtR)ZY_#CCi8&}@vr8F_#)d*-1qdcIJD#)J4rm7n(iib}iyf-`rkMg{>60z*h8!nKaFcc44g#St= z6epR2FI;C%P3v>aaVNg0+dOqC?n9jXM3E6Y)%^P)7HFwNG_GoiA!H2^c9g2qtW8TG z;T$xjjq!drf$}!e5Pn)*=K$CvXbg6&EyLo4Pz$v?UeC4RqbG;_y@OdY- z!l((>mJd1YLVvhqu20^7)+H}I5hyd&YA05=0jA*wkmg@&-k5Lq@%gb>Tf}&n0ru#D z$2>(r*?ApK&k8lnS#BoZuPRdYw*!`Ow0u1{boeuBkLx!38C+HJQHTbY2+mGu%I{xQ_XW2J}I<5SXPU`B-j8;)Xur*if)1uEpd}T%5it_WM*lz8{GSijt>-$ds_?J%JI!6bmih;g z3A!pOX7)VGNNC%zLUSxW3Ap%Cd?Bf_b?1QtTg;N>#L-4Ryg!;@`ur)RO+FN#L^{P# zRK+^(|K{KRUteLHY_{&3WzL{AZ!xmojU${3$diP|Wd8!W3r675q`jX9?pkm1Cv4iS ze(zID8_!qxCO7dLOZS^ZoUpPg3x|7Vo``?^B7e?tPn zfXy@XIXVBIgZMu;{QntM{8D5 zK&1G#+G6e>d0&Ce<9v+G?{urQK_l13p}M@^o0`iqqti2pW(AG6FcSwjG}%M4KC zF|PQ$JShV`LsaT|!-=O>TRnDw7GQ}78zGdc-sesRYIIKvOe)2%01_XYf%tN>>s#`L z$|wq%$8BLS^TO(Gm~O4b*X

CsxdU4qH`MAnsK+vg-Q=8BM5#&+p}oMr8m*YObC zrZ?LATM0rSOz9_AxEZNHF4t}PEKT9+i@)Mgv1VIty8L6^dOyH_W?)hO)Ba&&O+w?g zQo_lBsej~du)}}vlt`)hzxP3zR99r&7Y1HiC?{J}p{*T#&SO(B~D-xZMk!HL^ zxk!wFPOkEO#qC16lp zcL>`6Y%1SN5%ezf(^!es5)!N%hlv3=e*$YcrR7`yrkSM%q6xDMas> z+A`J;uWW39F5^IRM$sGL1PBH0Q=u^6QKWHVJ4Rx&z@hvCSb2JN&wf5=H{1FF&qL~F z)rAs#JCK8?AUuf%->|}G!4JnQ=%UvyC)8_5!r+s~Qy2*HpW2mGr<8lA{nGrlb^dPv zJ4K`IaiMZ=K(yey#lKHg`ANDNjEqYf3(=aB7$^Ka--WEZ%8`#hfYxCbsa%fZ;2Yd~ zel=i`6N&ypYWr_7ejJ7XC3QZx3(h>*oABw?g!eQ1S96~<&3%8eLJ3m)_7L|EZamHT ztGqO&kOsb0zxw!#Q?}2}FC#{o_}luwdVVUn*$6UhDnAu*ZMEHq0Yg+Zv{a~uPo}c{ z=_3H0+FK~tS9W}rXuasKb9h^(8`Q%C<*NB4(D)mbX|)Tf^hx!D-1riY4YV}s#QbU< zuI@eDG-AVn%;OKLx(6yykucE^Et7`DJj2k#WJ#5(KJk9&$C)NHlp;U!sh8gqku4>C z!qJNg(n`HAjQ3RGf04s!|J`1sfp%8E1jh^K9#C3=PUIx-57JZS$RxG|_{|p@00Ij@ zyMb3{1HL!o{4rbl+49wt-LIExLNKZ1%iFd%2>1Tp?JP^JahLjmYVG$gGHGkKPQ1p! zaz89oX#4=g)85oSyRgPD$wH&OBT586Ceg2*Jdg}F3gOL759GV>0q)f|O3b5*}UDLa|88U$IpY%AH zZZD__ID;d8geR8(&si&rUdOs5&0O%`TevBGj>e~1RmwrL(B{>Q(%z8pB9j3vniul- zV!NQPvwr{4W~E7`F}zH32s|IpWm^98c5QGi5bbNHghRKu6au}x*0=jiPFjAkB07js z9KAyMVu4Qa;Y;Ueb@>Ty$2?L|C75GS6a-6H&FA7-=wdZ_u(O_{;W_f?wSz57#!hF{o zPe1*%$mb!^aTbfszEx7k`4YGsO}G5i1W z*T(P{poQg_PUXk@W8SlGxZYi00r=!}n)j?4lP@~sPDfEwu!Cj*u==`l#{QF~l6#E( zuADeqYeE3}E7u;0VVynA`saK;hwF*!lLF&ZyL7I-Zdez_f+bp9g;t~VR-gDFqK+p= z^9atBIDd&6WgaF;-0&?S({AqP(7#{rbem|B9LF!>5SS$G;+WKae4VRpiszSvpbDzxhR`w@`|R=!Y5a97vCJh! z4YAQ~wmw72l#DVRCRr|J?NF$6nsgl`x4i>^C5%!KCBdZF>g4ybsWO5jU+pJPlnS7u zOvz}EpK9TyHS9H| zIM;nN`;*0_`5>bwv`A{^uueLlf%K|DcXg-jL%cF-X94Jj-HJ!~27-cdQ!R#B6f7 zb7h45=_;+;SM-+a;DM#)i=kqQjarxGDRB7ia9Pqkej=k1(O_hv+Wy6J2u1afeA5c< z)gr$+q#;`1pewdJfo35fK`W+Ui=^|?Z7l$2u@9@4S|YbBK4cv5M9_f7pGRt7u1+>S zT?fXlEh(Z3yJecGnVwLi?5q7f&H>_hf$uH5ZY#=PN|3Lhw(7d>8ncg7%H2;d^bLP84+%)~18ag3EU-aoe6|?}LUx-w z&(Cu##-;@mq#v>rP$-q86C9~#!|G$mj_)KRQLzU3GRa%T4fjb@1+01M+ zJ3gU+wo&{;-T|_;gFo@t<#SWOsqKRg4?GwowOE_VR%Ve}GE-%!aX39_k=hp)an~2Q zG@adTAbo8S6%Ke-WR&*C#_#1WI-8dYCzRjtJJzUtIH=PTC1+G)Ey?pyo+kM*Z_8Mw z<<>Jvsl~ls%Q4*Mwf9~UyW%QVqvpp%%-b}?&cDtM>>JN-KAPDU6*PaPA8{ESBJqu>o{EnQWM(n zrtZsn11XXb^D8BgXd=JcpNr+C z<6euF{V$hp-u}K>;z}dXI##7v`H=q`{W%t_<8W54(@8(+!fJ8KA@dK1!0=IdBPTlk zv@CKv@Ktk>x9K7@R`mazx#NExm&XK*Tx{R!tzWrD^4rICAr?Y#>DWQNrKS4%_ySdK z1RT=39i20H1TY?-12!q;r+B0gbQlP=W0s@_@l)U9O_^q`y`J!|l>=D^N2jO1x;1F= zb_4gZ-DX3kEZc5dB$q6r`06V6tRC(p$o!s{#5R=lV_dYgp z>7l8+MrAv1(@vRp?*IHZq-C`VS)|~8tHoEL@{a!`fc-AzQJSlZNLRp|UH^?S(^JGn z#d2bg-GZcNPgzYWgCPcBdMLPH7rvN8r`}$VK4L-(#e%yQU*U%qJ zi-ps-^3eu&w0r`6i-S|9Sw&Vt=hEnuTC2wk3XKBfC`E{58G%!)SME)K>J#fHTbAj1 zhu?IrG=T==%0={i8yzUje{yB)P&Ju#xX9}vh!b-pXs+<9FRNCAyw^iHmoJj4h{Dw& z0a||FTXie=5-s&?PB;4xESk>hO)iJ9Qc%EOOyzZ6+jWVrs|S;mZU#IkO3{0hS9vH0}zG^(%Cvtp_1zn*U%06Ywd@64w~6gPK!HKB=2 z53~dRmzX3J_)O+w12gXfkX3%WthHVmAN7O|BePpTvm(Fo0IESP+`#c)A8AK3TGh(m z`FmU)-kHPp8OZ`G->>RTaXhO2)DUas?7_ym@kWz7aTJQCpykTsiIdodSycI`WYo&_IN)bocJ0KCNA5`|ce@7Y)cmv5PI28@`tQYI0!1MEe;IXf^=W2=(HuRBEd=nq0l>T(gT! zXMmCCLE7+t0`*)|`fPac>j4%5q7n7km-FTk zCP4O)SqQZLUMr?+A4?Z@74aTK`WYC?=J3>EFaa1fhD(np*ZAGwBLNx-=9KNE<9Tlr zCh_RG-5}dbj+-{nfGTF6s8~y-&hO(Vl=rRg?3l9pN1WmmmVvx3U4A-O!Eh+%riNe8 zt{*+BVihN{?pL1Z%j+*@?W4)1*+3Rqj1$>za#eKb=_uS-g&%rO-FOLY1loTMAa&pp z_!$*V724L@tR@5q%biiNYevnO-rl>pyL_-B5tb;|Gca%>oY+8HL{gov>d@jB(So75 z>3p~l+hNodg$qKpL25}ToD(Vk-gU?)$NCm9$3`=Hy$HLF`M9py31MlK4txJ5F2w|r?3B*Hp)6GW)oz;+suF2*+`R8T$l5DghmBxdUCY1qk3ltK;k zW;M(!ghx~o1huX@@)_>2!#4_gz|eI}&|@Cc*lcR0*8S&h$|UxD`cf4} zpQ+A~s^i@&`O-Vi43hD>qV~nGraTE5{v~QfFZB% z!7crI%pfa7f761Ue6wzJQTlPZy^Y+Hx2&qRFd|<;O_~7fN-^~NE{~X%Q4sCk(e`V3 zFdWgfM_YteZ$Qh0?r!;6-0|>)0s@VwhgtJwmO9!o(zk{P2%9c(#Z#0e${cHt6qJB6 zIm7%JP35+l03{octa-l#A;7YzUaNr|rQ(>28tA*H!A0C>E?t)$)$Ri#P0W3qxG=x{ zg14Y@SYlx){@T%{KAX@zf(CDh&tnAKK>s1BC$z!t?)Sbx!BAqPmJP^7wF`tQv`U6s zazZ6_6sy(PD|5K@&BZmk^`9U7uOnG5zO603yoaQ-J9r}HQ``%>uDs_o0ng@anPvu% zBpaq2bJD*d<+0u$yU_B5%h(?Df%%3MC>Lc@Xw`fcPgnIm<8goi3xYylK<2#8cB9)R zwT@bBm&A-QU7Si3<1Zk6hXykg)W)@O-}W zq;%m0I%UZxqMhsdctz~N4w!-~E#@fV??}nM5ch_^&`p`IdL|9-jqQ|cn_{_zmgx>% zUZ1psvEDr9J>t#Eyz87m(9SA%yMWaUi8Vbv)%Rci(*g4?6SN949HCH-C>m>5Z)d$t zKi|qp(9M?vgMpT=8{EFujb5U2CXN56m)GXiSoHQ_yyP~UMDfdGPZ))8cDlzx;^111 zX<`~d6vc7+bB#AkwECO!xaAtx>_sIORc!{BW`ZjIPr;`eO%2+(2W>yjK#AokX19Tn zeC|EeNx$zKLbjk~dh&^TEvM}qG_-YI48o8j_$caCHKCd)Q+JkT2tf$VL(#l z{vp$WgIDDMar4VXC^Ol;8Uxdog2mj>kY*!5@{!&_puoMP0gvriyIN`n zZ<)D}VA$&1`WLh%^g`I>4CFCLy-2q|dm{Ok_q#Z} z@hNK*9k;{bvgy?0%@b&it*UFd?gv_Wj_DpGwU~lbGP<@bBoWXpK?{SOjM~gR41OQS zx2T)%HrhU>bdq~vI!2kMBP~nXei9zKiC+5St&6x`aCoF zJzKQh%4+vPK)H6yey0E)M8>4k;r-8>Jc=x8fe9x{MzZ=J65y6u5#HX<{t+;MG~GyMQ{R;U)Qcy-!^0g(C@-A;W$oEI4Tl|_djh3o?{~6TlY&%$zQYR z{+?X^;GAI0-e&rm`I6=hoRe*bjAT-%ICKIKA&Qo1D7ws+sbiU5Uwe%D!uy&DNbie8 z-&U6$vfX|?F4jMw0Ib>|I|iB=OxRB=&tk!?w2w(UFMt7d=UOdIAvf*W8hR9pgJd$X z_GNePZTXT1u%R{T>{|HhF0YPydy+FkyU&lKo-Y8MGYH3I!y9khlVS68!Ey5XEY|Oe z`)+DCNnGRdL62~EewHOk|J})cMFyt5NQg;Hzb+rl9kh?F3e2Wkp%4UEDLHpfL1BYh zgU$1z0zf?kW{yx|SXRI~NXd$5y(#fbozxw1fKaN71O-WEDYJd*dd&Rr%CX*BKQcb3 zXKt1y{5Rsxzl?q%klE)vPGquTFrW0mIwxY`XK=Nbkm9+VW!d!`OnBcozYF8-5GG7k zXumTla#Kwj?0B0?8)r2B^$U*udSvRDpD9-B)wtff&(r`W}J;&HB=7DV(CmVl9cV6JeDH z>2LYD5z2eX?Skw zq^)~6=!8h!-jZ0Mv@k1MrR6EAJ#YKI+T&6c#X+OA+~t>($g=VL#$d{{E z=5su^X>9)Hr&O7c*=sHm!lfh%&+S-&ou`7*er}s@TCXT87IO!zs*cZGbR%(%2r_VLprGYfg$RqYo)Zg3LHg1{myRvgXclO;pC%c`c zY&rETka_tlKa=@eeWJoZiN?&}VA|LtUW)%UcEjpXk4~&>y`KGR<{Trn)vZK1i!*2n zCGzDA{HGTkV){=OLZ$I%D6QW5z!O(V_$6WXSxDWwyO>+AFe3OqONZZ-_#O>L91|ru zerM_PYMs$54RG6X+muBdT?20+4HLsNP+g-#TQQ6xi(6u{)@f#Jtwc)YTWRBWT#VbV#Dz=gv^N)h&|^mM`=7H_wn>6PwH<+dfgDP^1G~d5=A27!YCNSoAu!Ecs^O z2t%Zw?#t@a15cOTf-iO+RA#@SxI2Qna^Z(%x$1|5vFH(_$83Tt*PY$|HZsEtzW?X0 z?OpFD23qim;R>?FB=3#azarzjsZmpuB;V(_JVQ+E5cU&8axc9#kC|qwh=@yS7y@jz z%o(j)N{HIyRQ$-4UkmXup$J0xCZi^UxzS{I193MfG^11&eO~-_n}#Zw8W2r4i12L<()@Ohc#OLS#@dh3%9sr1{QNwo;pAwL5_kHBV!Jj-jPUBM5{QHbI#ZKqyT zZk>o%#--Tz@83xr(@qq~oR9rl-R_N<-^v9b(=T1h!3py0sDS&n1Gs9dwigYu_CoI?_y16O$B7$09cGQSu%??y zk5eF@h44{}WMM%kWg3J`aEbJ{s#^t40vhCR^*Abyc*3GXRz@Y6s7Uo;ZOs3SuNjyy zUxeLAiZ+@B5E)2ND4!aRZmus2 zpX!KS<0a9uJ|K)u9pG8PdC?0E+z|+5Wy0Zd;Y6!^cVE-rv2o^#4j6gv)Crkd<-=*s zV1;&n=O91j&I(bRO`$*4V!=Hy89Vkm2R2k}ke}YojGBY}t6{^wh{2#i*fFwj%E$g6 zICKuPV0|kLCaucvQpD;g59g9>cH1XQCzy25D_iG1ekhlhd!+A9oh-d_mg(X2AtHvR ziC<80`}3l4^CDfjFGYIH1Aqk!oGC^b5vN5)+Q>%W=7&05ADaR~u)YRBtD~GpkkxPP z{|eC3%P=(?u*GgkjBl%IM)w=f=W{x8 z{2aC)!pqgjd7*GrF+#iU8{!Vi-A?HGt?+cY8W3zpzBX@w9fs#A8n)dC$eCgLNqZ(- z{RV8rCy4 zpMj)aPXgKgQh5V6C*3+@ zn)R+RSQr6prk2=t`Znk6kenO>7t22oAzC+5;_2=4;IvrpSVfcj=YerFD`2L$8%Xy7 z3{3{38Y;0&K-M{pmGKFrSLCpri-H)+i^xCE+lLWWzecahO!tLxeWQh_`EFY-W3$3|z>>+%zgag|xP$D+zK0oSzsd>RLPQXKJ>7FEJWQLpa z_$&R{ALWbZ$XS$t{t9b<&5mcBAqcU9w$J97X4x*Lz4qxY2$-MRtr_a&#Bn_+E~5bV zCdNAOJv+gb|EFFVZtIrr6#)68)#lmV4PjA*u&SCbG-@|H4^xlidVH^gl>GFFb$+^6 z^8EcXk)CmlTC!BS#`B#yHb2`KgwJIl_79b4dhpN$^+ctn0$X+lxJM~bJaU_W9_tU4K-iG=Hd&!RXKNQrF zCzi82R&Y%Z8Sx`;*JiBgf8NS>*9?Y~Y(Jf-X-6iw&U5mUqz@5e?u8yi&O7irAn;Vo zwFGclg|>cwLsj04xZwVbNWD==3-v0SthF~}#g=Yj{)=_#U@T-W+sQ)tVJ>u*EkiJSx&NcrT)=Y&GZnw2w&kN7W!nsnRd-sb+y z9%qleJ>s1z{AM9k{kw&Z8k=6Xn*9RGJc^h)!bb2UYGMvOL@+f6WjrO(_c;A@II={C z^H~a-m(fScwm+~r z@+*%WBeL8A!XY=_ll04p|B1 z{>paB5=u40?ka7j2e{tGO;T&jAk)`+)$gLYLwI!iiJ{bWX{q7wSmN!pgNocJeRzKo zf{WWg$`I55Hxpk81=$n@wL7`YHqD!Fdp~hj)QUfRZ``11^P~7b9i@AVA9at|gW>xx zdsh%)DJn=^DirL2Vsw`B{hp%%IdE*rTpoiKn7*-WI$}-iXgS(~n135uLU>B2a^8&T zKZSLNvivKB$}eN8KzZrrCKhxMl16R= z#|Hwvl9&E0s!WdncBXU$t!J0I&Z@t=vb1;igw0)_jqN>mgu#-her|I>+`Hn4lIPF` z&(-AR_W4*v+VyAwu1Y_ODrJlO=|b5M0jWszd{f?J|HC`7(8y;h$VH{fH-Qqv*O%w5 zQHaoh>R>Kx`|oqMivoLtI}#6o(sDNJz!fn6F{zTN5VR!6l2k#- zE+@xpRNda7X~D_)(xvB+XxkhK2H|%?x$P)^lk!}L50X&D*A>A5k=IZ-Uc#R4H5A13 z^E0m2S|4Oe7?B(?koW!GdyEyhU!e(^AD(QNR1lFoZjtWav8k_AlY;uL!zj8ViHK!A z*6ynJ$HNl&bh0cmrq_)vbl~9P%O3G(+vTah=)4E{q$u%V9HBg`5|Dxg_cjo-P>J^8 zsJidwHGXt$r?xL1?sW61Dxc;0PIcl1bV!9+?+pK_4um7vvq5&Bf908Ff524JaBPPK zgDljm%^>Vt)2r_M!KgT5tE2lY=sLr~vH(C&p$L~}o|$E!6095v2Eg|ky=tSbVNk>5 zqSbViRk@Oj>kCb7^}y^6Gos9;AGzU)1F%ywtLV_+8KJf{X99}W2u}*q6Kw^q1R>NC zr3P%(q-+=(SJwg@SiNfKfcfa?VIuY@%CN!h(5q>|vPQ^lie*XsaAEqWbI;idhkv7b zbN^HWJFk7)vn*<3HolW!Sr(M43QwLU+_L@&ea)x&8DySX76>pE&lunNj+tmYI=HB0 z%!AxvdtWS#Kblfb{>f0aY<&@Xk6TeKp7yaqMx1n)JMzJ5?(_g8#qJiug^f<<)yyux zBv4TBujs4Jl)trt49mK0@j@kd>J7&kdIKi{ch(*6Lk8q9>g210RXvzBHY0}_`CQri zE>~QJx6#SDaFqeD{P>(M+cn5lAIMAQ1N|V)5>5X6X!Awrfb)%4fg5PkjW(bxO?k9YKjfup$>uz1DK!?RX*+ z50(?UBOWF+;DcUy#?}3lLdmP2!DU)ns<++KO|1Xq$JA$TV!9Jt|I(5zxs~w2D8jCM z2C^s!oVV2j-hLKjyod$i#4I8N&%Xmj8?XT=TXwj$J!wGBWeAS64W`sT&m*#g^RCQQ zEo?^S_QLBgRCJv7T!jZ$B=7^Utbo2BI0Y@JuEL{u8E9~*(w{)Ml-Pc4Xk~u*q^{N)Q~_89BJ>sKHHTj0jm3*n2Nn0p#l5{nxCQah$MWF zJU#djIN`;tJ0>PyIA3PavGq#Blur&;SGtp*#eHRsl{|O}JGNznS;tqDu6-ozi{RwnDP4DopQU)af%Nc1;)aeD#nO(NpT(bC0Bl z%Oc7_Ne%SHmJ$Ou=xE&O4}yCZF?M(x`pp`)ujIV##Wek|+rn;N#G&BpKI0wl*LOh= z|D_^{Pw7~3gmU+pJkGsEd_qi7oWcSFH5I%x8HXH=rjS*b1#w(`HlEQf^Z{rd%$rQ} z?bSoH2MzD)_CrAT)@ym6$}=BfhLv&(PAR(ZJ=+5Hph5nA4sKtHPNkfS*Q%}6o;(i- zN1Hjq&?~Ybz6yq*zaZO7uIR+&`&;~fzF;7k6!eY9VIEk{CMW$Uk|R=6!{z#$BO^$9 zb^kMM?tEkkvB0J3@6iJ0!)Z!saI<`0gav9Td*>ShS)hsO*X!dV)ZBje$NhaA2A99n zWODd|0sAEWyk`N8_S&U#PTenn^Z`JP8=8$lycl_hJlDKJ%}-Y^C(B&VVYSxU)H~z! z0G|WG_oq+{iCXkS$W*lHm{uNu;{RR`T`3#W|4z0Oe7x!P!qq}}m;Bz=yumEf=K*475u`@?#*iUl+klWadi{0bzA| zxxprkf~%cRzGp1fd40dX)b)(#*c(kt{+*N4$m{rbnNO6C++)^SSpr*OGc3YQF%R9* zb>&x<%-upTdDxi)ASOV~4QHlO1pA!%zN-!p_-PS7Q#vf#CB#WmlYv_r&}qpPF3&h* z&C7Yf(Co)fwC%ynez{^aD<-`@Vy!9}bKvhg!E7?D#Q(mUuk>y)%#+*wFY_CX`lh!G zT?a;OeUI>r_nUB)|DYak->IkB#LEPGwFLx|f~WtTd*sY5vm7jW#+0 zB40&QKv)748DsMIo&GQC-ZLtyrE3>8pb``VB1%@0WXU;6k}NrcN(Kp%X=qwdKqY4+ zG?@mPAfah83QEp7Ba&${O%s}MSG)InzAgJ5Xsk8|!HhQeB_s%BNqdge1{%{k=+ zdSZB^bmBejtA52y@)s$2&W|5O&&FJ`M-Z6}vj z0e+ufv7W+@TFU~sb*Y6|^?bE;#o+?IT$oSv_tpDG{r|ajS#^puYq7bg)fw?NawBY4 z)JsFNEAdLMHeBP5;0s8?@#$Q6Vc_v-@$0e9!NQ5%M>8R7^DcL31#VDQswb`wUu3|O zscJah0YZtsd{7g8`(Uips}TO5)Zl9O%bHdObn$*}myL}98F4qq=BQqvBzr2~IQDTi z6m0kPr9$eN_sl+zN`y7~bE_m*MuYYYlz>bsDEmpojgW3d?;}fncW>(EV2sTO1z+C_x7Or`hMFZj+XP=PT=vit z%m>`1(ykTlW=`c*2d*dXil4t>Yrlc;m6>-X^}_xA%nyf6Zz(IwY206C9?54n7V?gJ z(Iy`cWd47qbj{szYWrz`kO}x{;K6;$CL{ZPt(&N}F=!JZfwDpq;Y~H4EoTQLme>ij zu=Ze8hc?Kby!sm2!lL;;N&CvHFST~3lwy^lL9!o!OPd<|O-yf{UZ8}w?2xD@Q>l~I zDZMOVBuHFYh-EpqAv^+`G*xZvNlxdRrYsTVnk3l>&w)Xm)LV>pmfv1f^(JZO0oNbr z@#0Uax(seWZwGe4o5mx?5=mPY%8#k`Fkwy?taYw0O9y+q?%GIiac+%Mpk+?>AIpy| zIWfx?)Mt3jfZ0{HN-1diET1F$X?)FX`huDQyx)h7Tz^2XQtRR^n`oJ~RC>YEmu>mV zV1cBJGVRrR4U>DY75{}84v3U?d6I5%|M6zS!*4ZdlTQBLdWcP00|B28r^N)*)j8-(qV@Zy+^=>}Ab+ z0XI_zfZLl&7gY9>w-=Vmfo#?+W4Ry8>G35>6csUJ)m|IFZO{7rMXfWY0jt$V}I#fIM&x2hS6y^6F-(FKy-Z*3&W6Z~9uqcF^?Fi92ZyqVvjE zk*BXTDmCj!(nx@4BmtNgckk{RtZ)Srnp9p8{-&0o7n4mq6LEM#)?K!ewVocvcHiUc zd=0Vx7n*U0|J;R{sOHF4+oEn9@(PTdypp@{(h9uaG>l<98EM(>+TAe zdU{AO@rMHBE$N(>iT-{Ha9+cY%RAQ706(f$1N*aoO;Ojq6YaxLtYQl!xj=jGlj zRd?t$bMD4Gd`A{p5q$ZDLWCrVP8U$G9(R@U!ILnd!nqbslFm9JaSDCQg2%WN2rgd) z8;1R$hr6ifhdcT!gL$mwFPjLeY*`$qc?mL-bw1rT{At}1#`DUplW**v6X)hfNUQ!uNwiC0aDh#rdhMWojr^4aHVQe-O>NK^3)2<9_Vtq60NroC#i-_|A{ zb zvWeuJm3cU(Ys6fn{3;O}4O&|kit!YY-_dv^d*|gyJWypOh?eCN!CiWP&=%Jt@12ME zK7^mrD8#PFUQyQzdP3Jq7MxKkYO?e6GqRI7&&#epvdegCOpM1ntY+i1yJN#=7tDh_ zsUQ0+cJ_J97_z&!67*#Uvc^#)kT@W}zd;ZbSP@|7sCO5Hz2?j=?CU97YG>8o0=A)< ziII>?tmARE)9fj21yXDqvuzgs(W z@yEj@GOM7T3=^~K(zAmfNmkSb-1m(upL+0)3@CPdy4d;6)K|5|*|u~Oj$9|3y7ps_ zQVDahPq4cAWNpDS{QDL=bckBO*9R2nO>Z_{uwK_H{j1@ouRC&O+SQ-@kE_iKp<0QdVNyXS*h7>P{Fw4 zh7z;K;Nl0$L6Xieu(XMblmAg>-19>O|1=EtpERNo8AEol|$OQ?GVFSSMk%r)8(=!U(lGVaXHKvFX7?eqLqAm z!H?*YKa}VmX%C(lDJ7NI!{wFb*^xs^;Fsfi+dJEy&92s415YY94$-zyPt!vZ3jSdS zYmWbU9rxsQHYv5M%Gd4@frOoU-Krwqros3PS85Uz5x?p%tTShozd9t9c17>t+WYoJjZb1s!uZj}IPtk0EKq^P9l(7iq+yCpU*2VA6vI3C#1Y@!&ALaDq z!8`*Wb-kH!g1Fl$!-6a!o|x=l`NMM}%?CP?pBEFGBEIWLey}EVY&?pdvs+0%NV13%D|QhOu9{^tNL_$dNX$(HZR^Jwtpr#$smtIV--@I-f$*$z{!C`x`-GaS7%VR@yv=4 zB*&6X{pVECK39_jZo%Zfu1|wqZ_@m8t|ZeIfC&)_%({zqRY|z3GqVp0iyPB6?u)iJ zBR=O(=MwV*m|?IES6O2K%E|z(O@_cnD4i%CC9MaBgfnMED@*gp>09-K~XT zf&P2QZpdRcqMJJYf)QAei@D!!OS_*n6pIw+ds5&kpH+joC#WR6~lWs#M< zm~Cx+=@Q`w^z1eqpPbi#CSr4&DO+_#Ak^7E zH}$KMnm;w?W37khUVHl$OmGW*@U?=?GZ~NOP@bl*vauzK&-f)x7-l*)t)+$t@vo+S z)?APZziAmYc8 zd;3OCNvge=jyT&NlJ9l|+%`LT~WLJdVqSUp&es$|H)dTnaqCr;ZL}Bqshe62l zo6MKj&NqOU@ldjtM79=%{l;d?{OmE6ms1bN%5YlX5Yj#RUcdL( z7j~&>Eg5O&WqILJ-(A|}j~BKuDHPn00op2GR8(?_*J`E>je<(!FMV&;J-OZv1}MgtyQ#7joscmGzuAiS+aB`Y5%tZA)|+ zr2OCCrt~Ua>6k8VgFsI5SXU7aoMPhSPQ`tXZ=);Ue0lfh>HvD$cMI1wPGFr;3YW=7 z(W`PWN9RNjw(%(bl2M=&Y^+<^NDRmOsvseO)-e2s}RkE&e*NxC1;x^mFI@suY#EgeUgqn4182=8BWox#fdL z{pg}URM7V`?wL!KqJL~1pdU9QFG#6THYnqsxoAXvZgKbpJ)@OMC^_5_6>(qdow|JK zl8+FZ0T|f0ebq0C<<2j|i+H~zffI+gw~GFJJNUG>D1d&Jq_+#5A0IH?g19NV?8@=+ zUz3ObJrL;N>s)8m^8>pjNlT0q%!L%C^8y9NRf1d86#2;{K%YXtPHWbfAMZpu>?esT zI3K2ci+6B4H?!MPK*#-&ckkSJ1lK9-7h};Wc)ZB8AT2Fz(H!!iS{%rMrcr2s!0-O$ zJpiO&i3aYNS5qZCd3ovZcsDKqM$0xuDTZ!P}3{cZlp+|)VwXr4K*BhSZdK>4y5J)HK=FGMTvt! z@GetAJ4|83MMyo(hP!25J+BcJ=^xYowt)!PCtHDX;neJat9M8Y$U^g|4z$<5kd{Wv zte)|nL%^nA=F;WMbb`T~DhutQ(SW1oy~q>Z^6)H`BsQZueJ+m;>O50OVwK&AFOaQl zp@S1{h`s6ZvO9UI|I4iF$pBpPTp1k;~s9$c~ z;BfQ$YfC(mHY%)K_AD?in}M8IrFagTs4rih1m{?E#K~s{d|I`8*Y`_Fw)Hb>zMntv|4-}nU5y5UYG;zQBe$_aP zZCTx~xzr-4fN8bg0=gZ(nY5F8P0V96P@&?r^gLkYX%y%&5)iJwdf;`>d4ZfoKFlcU z_;8?Yx^7A=2|Nwanr>^lgAREupSlIPmyzs~B`f3U+tVfdKCIVy9wm!MDY@PRM!=|9N2il)|kDTI#8^ zrLTU^53!pkrFJ7ib(PNfS_&ZuFgNPVcCeMz)^DM;;+hbU2QTHxX9-C0>uI0<%B8aA zBVOh#t-O|OokE`|5f1~D&P}T7$4c?kgV;htvUqxhI|laCgt$~hGmx3Qq`|6Es|JBY zIrgQU9tmuy9W<)YP)!kNDBE>~O#`Ot+m^J?

*a6L6f494qta07_$_wcxPS?)31n zs@>O>e4xRL>FEOW#??|squnV=6q(+utEDIM9dSGb0m;S2-ttjQ4akVHYPAJmlU!8a z-248K6{HmbN>vm8+@XCY|M3#iP%@{y#50=}fRpLuV|VZ8jq z2+FwLN3&P}S0tH$Se(vlN0gC4Nt`2;oHUNtCJH1br=6eYU~8W~1P@=e(st7?%ZX!x zwzBnz#m}stS>GCozIT9G$gt`;iwpJ ziG-2&%cU!%7er6cJ=Gn}p(&4U2n`BLYv(Huo*?Z}1@AZznT=7prYUggD^ttcO*Zpg zV`U>*Ub~X4uS;n#mO;@-v;`x+AX-rR^$RzS%rD=ROCJkrr1yBn* zh1Q;6B&x;O3K~xB&q@FS#jM>l4O(qgtZRWdeg5Kw3)L^LiafUv+mX{Q{3%s0etqmn z@jg#|QEcnDZa@M)=+j;1S9l>c1-noQ$Ta>^zdp7^8_@Xd`rX0*)c9|3O55)!fy*pQ ziEN~?PCAG<7D$A&I{oe2H;r1)H^%Nqt2*J-MCeEDw%ewBAlM735vy$7BGFf&W9?Cf?zL2CZX1k#1gju&TMHoj)Hp04r`!;7W2mNOy2L+`;U0@(3+7hl(^? z#~1I3!6UhB-z&>Z{QPE@rIrdoKaSd6!amE8A((HEHPk3y4hQju3F`y^*;eNJ=^O{| zvhZcd+AGDC^NE|L%Ex!nSiZ=_Xur^@15u0Fwi~@`SzCI5zD`wbVgdoDJ4_=`d}dz2AFu{?VS9z-aGuBnMvcGgf1p`~Qz^g^_nC7&Ec_5cTu<@@DG&iwGBWbDsx2(7+1 zJUt|1m&W=CK>YT?%oZJ|=2Ox=P&M-52cbW*dpbO33WxSsYA2AzHRkOx{i`rSTd~J` z0x*8Q{Cth<`{(+7`!@ViGb{o;9uh&Pe6mlAtgOrd)lVQDgN&=3WzS&kn682buic!waTbb; zk_lXO%$*5WNgS}-EunJdI{~LX350ixrcAi(4ZaKs@S>~hnERbikDK;NHtTBy8|!x$ z*Gr1FhYcY$Q@a)Ru*UwZLmlKuF4vf_8p1Z()flDq52ATzx_2&Ujouyg|w7FZ1P z4e^X4iO7nANI66`kYudfe;p&|CK1bemN7BtO++ki??^mRe-h(nw7&tVLKrvrPT0aVmjsaf2(u6nq2ZSo zsi*5>p6la$Ck-Tf6ZLs#;Dj^7D%3jUdPR2t5gC6G=P;!C1GS;u8maE4G4=3PQ2tRv z=F-g{(*c4!e_*Ap3wZbY=FFblBbf??Jg1<0RNn_XI>nCfG*c{4sbOj5(4+Eik|oaK zxQrRACQk0phV$K#3BA-7&za)0(+1gDft@MLHa?)IpXZx0Rlzf!usRm&Uk)QcE6vK8|3$ye z7wfFdq=I#1#gDi2TL#2Fq_td^C+B@^&gOLds?xh8=-Q%IegM%vg{HUf0Jw|KoKa=G zXyi~m7IHfFR1L1tlOnSJWXkc!Ck%)sf=jU#U#odln2$8ydBG^I<81c>AytSvZ*>o6 z121nkijb{SQcmTere>Qc^6bR1$_L%YZM@FDtghKQsKrg{oQu^7rkr>OQxnfC7#ZId zEgsk1udwV=S5JMZ+hY+j-8ZG0Qf;feKc3N{6kidYukC^=MbeZ|p+hLE)I%bLkNT%- z;-fo1YX+80Rc^mWaP$MXWiL@|u`WkN4@IXglLup`2W4yzhOox3kl96JfE~Y217y(tr|nu_v?W zFVC|}pLHVJ)!1H$ACe7ytDf{A#xtyy>n0HC%ntIiLTmzZF_qE`z5%yCISSJ#GSV@l zN_*EVtXOng2(DAdrY06EjhukwB4P)zS`QUu49!z51U4lq7p%)U*< z=h>txM`hL+hbbeeNPU=`eO|GBUZmBcfu`j|(^gX2(o4@^(aZnbN(q3ykt1{cR415} z0+pp_YNHWMFp?ju3&|KizI)ig+0&=1mFYE@OATYMct^d5$fH-N?~mUc*|a%ag|E&! z$Oh;LxeyQSNe78ru_>NpaU{|CUA>;mxLLbfzHRY%WT`_tll)4CTrhgG0l3@YoNe-b zjMC5SrrFVcvHAOJ`}bsrnJ@?GjrS2wi1E(nilJNT>CsF47K&fW9mF(sy@^0TmN0f^ z&FY-4&zfz6__Ta?TE*L2d`%D+-mLVS70TvKlrtAeTr7riy==tG@ELT;@48-x4vWVv zm0V6(UZl3IX0W1s1%NHS>b(|x$UUuHUAEhNDrhW{J^rg#OeL zzCx4a{}j*x$4`{7(nkey$VZZI2A?bImV8)I~9IHyb5c)AX2lu%{u za(1fJ+0+=K&NqChH5T7>kQn2p;@FZW8{HL9Bt~Y&kENgsaiwwjHoLRXvI2%J=?3d3 zElqxzt@I*C?c)GGMm89uzc)>&ZXBY|zG!c1#nBU=#$Mnb|# z26zT1>`9vgwW-^4NSUQ_Uk|omF6{Qh* zlzQ)_gf$j3u=Ab7%vIZ*4m6niDewjiRXKsdH>k-`Nzw;}lI^-I zE+&etR$jjLH1tYJ5Imz~d55T(X{}?~S<5$pNPej&RWVySGq4#iXWaP}d=Uz}>taj`;|p0ENO?rjM>6E`%Jj0${)WSBj`A3+ zEg)bIxiMC+s^R2BMu6XHj*x}D!1HSMrYTmNEr09o+Fcw*CGJyMV!h7{PQ)X)b04C% zi8DkqyvLt~Tgj+p$+-U09P{&}2ap*NCu+Ax_dXHZ8N3I`F@6&V?~(A@o%U4jmyJ5c zWcs~j0LVUJU>+J9d5#07Tyj5`X`4^o7?4R^?rW%OPon76;S?627VS{bXCh8`%DZdQ zp;j(e_-)4rfDo|Iv!m4?p+oT%ox(%=ou8+pxXcK(V?;a}LyFx(@A5GyUf~z-Iiw?QY@Kzs?}JoVIzKc6r{~>A{Ib77j>X_ptl$uNLo%ICa>fZ?Bef*T=-_T;sL{Q}L98u_%KyR!Dv{K%q?D1KPEV1 zf{YYtc6~(mlQw^Oy}Z42-2z%Ds5ha*B>KZk0~t{O*mqg z7UaWxOvaIrM!hAbkK02yx|stuz3aoDXJ6gu)jc&qd*wA^Hm-H#G=0gEN%t<^g>6~tqw z9A#!UrlGV|truo9SBZ_x@a~`KX|p^VN1&1sj`toBf(BnTVZL@5C5(vf_wnM>1J;ynN$7#yB>b=nD)3QrW)g>~O$wbnct!fGX* zq<}cA?Nc>iNBO9{+p3E*`T3el>U4Rvp*|YxePaM0nb}hE&sF*MtrEb1#hu<6lt`@c zIO|BOF0`yDs3dj)Jl?{(DBlFOz_~!u67v#iZ4; zxuO+~NU(`<3Qzu~%oTnrk?x^^%}#Iif!V7!@-1pJDf(eO5+Kmzk6>_@B??I{hMDrP z+Z*{VIs;oBEYMe<<5{)H1~|Q8F5CHTyW*}9NZE9ldS>Gw*)Qh>MLQ~z=qo*GOuW2< z_lNF^jFip@*r7-H9{-aGmh>S5EZzkH&*fg(v9hIP=xV0iPA;>=X>GuR8D|Z<&0I-o zm32T@A4qQK2V4gruIx!SR4f!K94B69w;B;0PsroGCTJFNQ1!^7!*Y*YMu^H=Vs8~> z>)LaAlHTlEG6+gH!yZZPyL9JLX3A~n_Pto->tgm$7t*Qg0RkiJ4EY#TRa`U&b{-vx zXxTjmXaN(|JDugS%)oWLHe zx9%hR1Lyxfc(%+g{ujjZ7aRXG7;wXI8leB>2DylLtOvMD!cB>hf&b(c{%ZN)5#S>U zz6bs{|9ny69_{k>TzpgEzq~{jF4f}$ZlVlX(?3S_oB95V8yckvK>LcgDoIMdmA;w( zU%q{Ihj#gmCk>t$@e{3oE{MM*FauEkg0re)Be+{9n>P)&ZnAJM>+< zm*j6g+(WzMl`NOUCN()Z3y)=I@1EE0Vyx{@zR+aVnO5pVgPOl(&BkF~(G-Ki&fVM7 zM!m_OofkT7+B6C(=kxTK8|(K6DqoLrk0BjX#moPuw~Z^3B!C>c8s*k~SRt{N^PZMl zOTULlTjUSz%am6dDKg$OzVU!t2DG=D-6160LW_BhENIt#n0Rpu7H`KzB6uDyt31qE}d=F1C4|R z6Q7@vgG`)I4L@#5_002kS?vFk9UgEy^FWB2(0?6=+zJ>a2Dx`8(P@fQ421VPE?rdj z(~+T&Qj-xbKey~euj7X9$R&PFY=qM!rkHTa*}HU{#+RiB?Kx1$QQ_fp1H`YKOdGFC z9lw^{p*U;c_NY$GANuU$@_E6wDOG>?bCSf~}P? z$n=}Hk#BtDq?TX|8m_$emP4l@l3qD^w6F)rvm_CT8DYWJq0l7VqE;xw*?SSwK%YYfyEh{s8E7brXtnRGf020U zo0Nj2t!NH7A2=#o)yz#T;&Eim>*2<6-77f`RsZt*ZQc64wFVE!(LkF@^#rY~xG=YT z@KIazx=4GPhAdi>|H!v8#%6(h#SHQqi=XEE@EXGpvz4{3Qs?it^bf{@syCuZ(jDw| zds3rqQcU_Y11HHtQmm>Q95*C^>dY!yZ(*w)Ml(c zP!OkGemIw&>D{}m<=wrkq4%auVsBjip&!{PI;J7<%P#qDZadTyuo~_26C|NZH-iW3a1C8Fy3^}Jsf1d$wJhcJm2v845-eIybeUnAM z)I6#+!Qb3Lx7cLp2faenhohc}ie(5*$EVq%t@)-V*q$r=hbe@kquvEvRC`uG7sYF# zh?L$Gz$E~!3n?_zOojh~7q=0mLhMrn4tn&t*M~5}^~kgq+v79;;#A#zw@|2Ivo+IR z>NtRg(f%M@+!-m8{|@PnOnTz}N@RJvmKuA0kBh$kJ%PO9 zSH)mY-CIB8tF18EK5_aGW4B+*F;nj)E#7ld$pIH0vYgovSpGa%ooAvfH#<~?x}^qBn7M-$UJeeU@#E3v5< zVtX`*zfA)c=ld`ygzxo+3IWjn7D_R#+Lt6=Z_s!s1Iw3l#SN`%NYIM0KecASpNBUv zkKdtyaNgPbTn9A|!x`lH3kKA(?#Wd+$_qHguv)32@^zO^*@Ze{k%_>>9G1QyuJd%x zBQsQpPR}gZ{T#5)a~3gUipupM04bCDp3@Vwx4dzpsn`aVpzF^2y$5bV@}>E#4Sn*q z^-JW3nJgaNXPP;+{W{3~2`@>FEG5T1?Er=u;t0sKs(S_%kkUybP5HvZ%;D4R$w9Kx z#kvt)T@tkC>X-2I3$PQgp9B+{k!e=DgKgZqp&LgwEDfh|qH%P(l}wtNHG@yP9uVD) zF=6G`TlbFVi2GQWxO_6AYaey}aL3R-|4F8HO$B=t_!dT$&IM0~lJn)11ie z(2|?tbutr&n3F>tjpBpWE^5!%*D$zQjtI-lI?!KbRZSIVH*2ZBm!<<_*UF9Hb(|Kx zTKqNdpA-WQ8dO4n!}nUv!98?>-BxbP;m=-Xg=Aj+N+v8eSk3&fchePI981Aqc6zDW zhgj6y0rF()Sno>#bg{39w;S;#o7i^j0xb!30Gl3~1cZ<=2xRBU1#cJ5So zD`|w&jms^tw57!%I5#bX|AbyPwV0`p@pyGFkGQ~ygCucyz`h59$rc^@!FOr7d7&d? zctYJU?$wX%DM!C3MkSppYI56E}IBQr0%svPHv_MM$sOaL7sDxUOFpQ27d7 zpSbGgzDaFdaZN1$)xw8|rCVh;-I9)8ZrW*+11Nn7C|k6n^0ltme+&zX(>@rq-&X9g zt&@OzsEwf~WQy&f`>TlP@L1GvVKk6~UQeFScJLVx;cBz4`LFHDf$Jn1=p@hCiHCWY zT2Zlym!Vn9=?CD9kEYsPT+ZLeP?GLdxgqkH4az_s@joRtRiriSd%)b14kq>VMB-ki z``Rs@4lLH{e!*Z((-W4l+U&idLJ$9ah4$+Y3ORIpQequHRTW<`=L6kM9=@P46!m~f=pLv4brh=W$K~x54{3G!#0iC`bpC4=j`N0>XKbdtPW4E;f+j zAUxmy4jmBVEO&`(6fEq#P-Y(4xFDXSu2J8=XB2DXPh;BgiDE7Ar?A~EPYO0_fJ zMhDQ_NcmU$IKb}r7_jlac!KlnSV;* zG`e-mQrc3XiU_@Z#oAHZ#&kWqUGwQ>3C3{+N}PM)@B#f;0_XCB|F&V@~V zPr-qM6Cf}qAza|>ov-kgI@X?1CAtx@nxNv)poV83Plp<5|M=718MUenn0D{yz4D{x zA8U3OrjA#EcLVXdTnkBKik-C;q847a2Sh2thcP-sOClZCDX`ccs6E${VOE zCf5E~Dnmx2RG$dRkL|9vP+I8!I2YBa=M4i;t}BUDxbX+>^ET@SFufbp!_!Uo(8<$O zkD7qo?mfDtUP?B?ugmue@|~83RrGiE$Vz=i_Z{{YRToBP?(i|Nz5MmvGS)~Otaw#i z{n;jb4-$8iif!p8^_OvNsZcfzx({o1m+g=D$UdLM*+s5&?~-}nh;(>h+H>^CR0mwt z&px3zMkznT#QV=w5wMa+%25=itlzuq1AMEzIS}6 z+HntwRT>gMDVST63fI@)$R>{BuyPnX>3NE(+@Ugw1)1L9u4&y1CR>0vR-t_Z!i=*v z-Z~cYmwf^2q#aN1k=9|`JH487Gpt*4_|x>5?eY&ylgcW_SiZRP$pk`5~gK^v1* zbOH{Oy&kb_`rHcU%8uMfc(WD@fZCp~WOnYaKEW5h@j8#gU~Xq$av$HtFfbk($k)6*z=we$`g ztnpI@wtF_Ve<-RIKWc3vFM^6YV^y;{en{>q+IrGr?}(gx4qFd_0V6 zs49rbGc~I-qR&wY5bUi~1^GjVI{EA|#HKp)03>Lvk1Y1Tz36 zOvW9&uc@2UmXMf2dh=PIlkb}w!fb7!vSCA(sw*0(l^FX8lg7qI*Sgc~vjxaCNTx?e zxvv5_SU@>`T`FAc0{2awOfRhuSryQZ5rrK8fG)-pZ_n6I&VU8VtXG#)j_pF^mf7lY z{ko}I@qLuyAaELqr`9J3aE1UFh$GQO0>V!K%!WRAUhgu?~vw7>FIllW@x=ITgq0(hOD1g1DU-cv(Gq2KGWcPwO$^|I$%eti;eFtTJYohn~0V@>=lETMH~wCLdW7d84$N{KW5+@ zhjI{r1AcZNdZfaU@`|y{WxSN4TAxJs{gIY+s$mA4Et3E}#J=LZ6iF0Byc#KKSqIKi zQ3hr{O~DwpeUmQBwWDH@!EC_;;5aOR_=({vf!Cw7K%6Q9!~8E2k_NYLrwwX}KvyAj zO7(}0>o(3Y9IT&-$YMKXKRp|Br=kZKqsehG57kZLNC|8`vu%F-QjXkFE}svJo3}9p zYK$-is?^l8ZzL`bS@!cX8^OaSUao3xtVVCxqAI>0)Pmk(mxk6;AP&=#7)}o`!CKvv zJiUG*FJ|#R`wU-BaJEvsDu;1(R!;aa-O&6saW^jBTKd)P$bysFiqT8vR!gb?shrB?*TD-*Rfwac~P%A83zs#~b#YXBk5C1wzq!?_1boODgN@3A|@)kuzHl`E~kkRF^xDIgHl`!FzpJB?+MIM8p-Dn z)djz6EP#^wssb?RB+^5g!sU@Ekgg#j5wZdkC6+x;>A?@w|FSavw){o@ujKRpuQUe! zzql_x!qb@O>1A{Z4YD`$0hDv+)~&RT^z?LYv*zo@-AMw)K>a+Gcr#SXtef5Z0j4mD z8+?_yuTuZDar4sdbgi>2KpUvj=w>LmD5Q$0#q_)Z9034^yg)!ygL3aQ6LL}bp=vy} zO8q^oI#oMU?!z1DJI@=^%~_teRu?oJQ|SrFoIB`gO#o++U~LWnr~V4buYMZzP&)8g zu}K}8>MCF}f4sxsTBQ)pc<288W%nh+oD;^R9Ocs0s2pVm9A%|^g-9vqX#k)q6{CPi zW4Ksp<4h`qts@9r+|y_GBe1nv;tM9YCA{q?chMFqo0$io&dJs5F^FEG9kZ_mT} zEwXn_l`?#w39Fue6Efgxz#XC>Idye7Z*zb1tMJ7uf1X`_@)|hP7}0`ETbhwF?TB)` zCMX*E%rAc^``g!tQ5?DsE#jEKAg<*qZ)^qLnNSC)bFU#J8o1w0Bo!|E^t=e5ICie~ zE8ua^f-Hegw3aZNu{hK)R_9#+TjRA#pJy@c8~0#YGp^PnE;glO=CO<-EOvEY#e79& z@?^B^S}xU3$PcUBSL&T3XcGSubW7I$HpSh5)5pthfEY(H`Ev7pk}b3;`$?jE5M9%# zi91$;V3;#of9MC;*5Mh&Jn=cG_(~IJY3;ux0Clz`0cX42?K%GF90kCO(#eS0FKQrb zT}KHNfVH1N`3vWZHM$DBC%Q`tlPvaUh!z@WrJZ+o7!+a;-?T*tq?$-Gxy)uv6W>Ny z{x)OGx7@2d(YcdVU?r`Ymf*XwK0P|I<~IHBMY?&Gz1Va)#`ZVwn4$X&=qB4A3bn_? zK5{dOkWq*V6d5l2;SjKOT{ld84dZ% z92qM#VPB@~d)4`}nJm+?ZcLhAEoIF;84Q#DY1C%8qVFBMW>Wi%5oxobV>P3Y%2ZsQ zxCJMcUE9N?Esa4PSFdEQujeOkj_*p7&d z;+B>}+U4HX4nEzF+;%IRb=b3o8O(TCtb8qY6$|DHnoGa*Ct&_5j>Gc3zgU(Z0CgE% zSNdgVhW>WERa5@$E3t4iohs#Qew|uv0TJbC{f{@xJDP*@aFIwol~Z@3{%r7BQrfeI zYQ)R_9&Xqs>L`Kj$0v$l@sWs-L!$QV=$1X}6lptMCG1KW17sn;I{c8%x?B14^r3}9 zoG{|9IlnBPUqB+#YrdoO|*wg9X+l! zJIsB#pC>C_)r)VK-y9Ns2gRO<^pgELXKsF_`%O`;&ao^51&G2XD`ykMe_LuXk0afJ zaBi1{zuYeMvJA@)^fRM~9krfs|2EPldd%W7kA@2Ks3zLNyj)yg><;Io%;p$U0dCN1 zk8DcK`P2#_G&2=Ldh{UV-9kfC06i`a=UifRE4GE7xop%0j1aTRO=lSzSP}*lT>lFPt`Uwa~QzspIZ9$VH1LfR-dO@NZsoM z7p<75(@Gp_Y-)?87>HKpv?_Bh6$9+cY6VYoS$Lji7rE5J1N7wPjGvq4`PEFV@EcuI z>jKDcUB-YaHceh7Rzovq5OeBB5=HMt*s?3fw~X`c=01@R)mf?V%$_^+vA;jFd%eP`<$*DzIb2px4;}ARSIVC}if7iCuOidx8@~s}L>AoNemA{;9aNxt zzT3C9fNNzf7g2zv+*iI{|H8~3x zTb;y~SU@zMD9 ziBK=O0(T4M(`Q2a!JOeCb-JK}^|Ov|knXsF8uwKj<3;Pdg{JzEu>4}=i}kPh3*6}n zVqg}3YNeP<=kzNtZsTnMcB)n9?$E;WVkjta$lE(iShNZ*oG%rg=+Bq$Zh>^k%X{gS z>MO_My86fq3TiIw0yN%k;4#ln9{s(!CuQv@$DW>V6Yr=IY2^lb<1R`4>7i@Kc15TD zy5SafqDh4(KzEzqT7wV6++NTJgoi<+-#5pI@P)pfdY?*JH-s*H*&~|QBiBnpz|wWj zcvQ#H%P&Cp-$5Of?hXzFmx`$?R&y9EZp|010$cSgTWtV)WP4?I z4P#sPw#=Ya-+qmO?-f!8(p`cNj6J1CpU=XAM9Vi2s7EM9!I;Cp_iDFImuAvh@ z&LB*{kgGl*oHb{)WeolC2(q+-`9V^aF6Ge!iOYrt88 z@oK42erk97)pQGdrRR3%NT{Hb+UrWaX3%G${X!++Bs_|NWPW8zM|NJLaeVPXSW8!z zFDJ`SbvljytASK zm$2O8poKg=1(VMUiARfG9FEwWbX)AajCCaklYd1=IG-^cH2Epq>6*IVIrdu;4~M}8 zZyNUQ&P04`*2+`c8yG%267kwu2qRY8$mf^-6mo@7v6z(N(Hg2y9W3nAs+qlq|A;S9 z9?Up32~?qDX(+eO@~C0cV;NJ5r0F4W!A=WJ_ud6@0ko zu;?{c-C}s+aQ0JrnEfn_rnNm%dT)>gVHs&PYECVHEi@_J9x+AZr;8gtMVGUcv1iO+ z)Jna58BM6jj+fXzV{E;_guvlWZzKIb$RGEw5BWF(bFk?yI=5K&1ZNH>=k_k_@g)K2 zcP67BR!fBorvmYbJb<|j3J7sD(lza$5Ej7&G<q zfDW{XpEVTE=XFoHj!lFk=2}{7_m5T?5pimZjYY+7UYMz)7G8q2K7C!djWt6OVr%Wy zIy`~}ARR$xt$}Xb6(;P)I;LkDrWeZ`F+WNOKx^FRd8-Xw+&Rqw(7yJJsF27RRZ+>9iruCJt@O8_i5H~_oWGcs329OIzgR>&)>bt<@pDgI*+hQ8e zz=f!kq*sb=CT!Z6uA-B8 z;1^mIv9}9&>Wz>HzS5$bh&r0M|Rw!?)N8BW!nItCj!jZF^vcj|_!6~dWKS4DB4a`)Oz8FF+& z3!K@K`Z<`cy`r-9qbW zI527Qp*b2a6RPt1R0KGT%ZE9+QGnB%;JnjYMjkhNoYPmt{_^Y3Vt8%KLkQ`($(SEm zOt?kd4bOJ5Lv9}I5NuCVyjv()6GG40&W9(CXAO4)ZtmsSaT;(=6M0XC;Yd;2ui{fC zxZDj7I}JaTvfE~Ruew*^Mo=OaQ{gv8S7Y5(N;HTR9TNmqF{d@(*D0rS-c`AMSaOQM-;<2}BmriE>P5xv`?%8K5Ey3(zJW#&UO&k@ZUkHJ# zYXdGy7aomoI%Sa(Z8%0RRfohkHlt_6MI`KB44MxPb>9kh1WsQw(J!{7Xd_W~Euc~j z6Z3#oM2qu$46lBfEC@Vwwg#PYMjg4e8T=vuzs|bm<@$U{u->99t1V7N?IO=e>-O?J zvlGL7?J|Gv)gzQxg> z`sOY7b4%!!*JI;F`h5({E+i`Mox(roF`fr@ixhYbyKR{)mi? zK~V-2kRn|W5D<_OkfzcF1gRojx|Adk2ndRZfCy3qX;MP((g`R??;S!3N(;S(PQq_z zX1>>0=Ed^|Jn!Jz*Ohb5&OSS9uXW#_HS7_UsrvR!a2fS2T(3_Vbey^)EZ?`sOk?xp#4eZGtZ zu!sIQxBLT2#0B=dldwp@5GX^!{^QGk2apl#vSCS0C$ClhRLEp``sp|jTd(^bdiy0* z!B>@&6#~cd>RvL5o&EKbSYCjL*XwC@ViFfO_g&=(Zd2nl;5!!bK6JNB{3$vn1x{3e zBLoS%%OnoJhfqa`8|4SaTPtDy4E4|6$=O|RVon3%1>LO)v?qrT@o-T3r(6r^ky%jS zimYK$UMo-Was5|}@>`6pR2HUf>IXb^ffiN{rIDDIturZX_T^L;|I*JHQ?QZ+fsmP+ zEqFr1Wv-J^DN!0tsz}3cy5Zgc!*ZLawe2r!`X8VQ_4VZXb4*g)8dB@eS9;N&aA0)H zXI)VLC58o$$p_4qkJp{A|Hnol17?7@$zM+WV;RAt{W|o?2R!!SobeN` zU$?AVAHi61L(}J9hn^mhUdOJgN%j9&1dl* zZ5*`BC;ww^iKJjeX4Oyf=hQOTK9f1Xyz@!_7x(0l6bJZB{0{f~DYypzDv*p7240tc z7E*$t-B7UJ$yZtbNn(25&(YH)BO`MYzj5QfRr|XSZU4xu=Uwjm7}a_k)*LwIKKBp2 zVW+F`>d%%-1MW3F{-9_Yj>Mnt$)g`~IxRt~u9+>0_;vDWOp<<5eg8 z9NON_3C<5JDjBLB@~;d#-}c_OQ7I3|&==0HUX$~EvgNFQ-q2^Ya9wr#h;kM*49t3v z?`UiVT9~>3TeDKswV02NKc2^wWUmNXG*huX#r-1NzWpR>O^wvCKA5hykJ8td#ByZ)D%o(W<6FbYROcz| zOmEtIM{5!`}9lVSuMT`h4DH`sE^XHFRM*y2!G4p~-VLCQd8=q3l75^x6jSZOrUo z;RZvDBDQa@86)m_okm!-p9({%9d*y$^einqe>tt7(^?=yQ+}j~GE6%??{1-43_Ev5 z5PBpxj(6yuLzIk<#7I?HmEkC1DdUY&NQO`uzwzw+Bv9!6Sy7AKVZbk$tS26h<*sQ=Z(*N}eft)>um@Ib+AI=x6r5=|$mWEt8P5_!IqGj| z^2I?s2W}E62qupvJ2RMOwE^E?TW@F>ICV6d8WrbO#*cb;3~LU{xlJC9#Jq03k?b(r zPL;hHaaHzV)oZ%qmW9n7>;ZZ^(9x1aIuMya!kyhTXr`K)2C<&O*bHYm^ZnGXxP2^2 z5ZbnU!KOF05JM7^Bio|=k#QWkM5obqnXy!+6qr?fu4yVO%`(ITr~b68M*dsxcx8vXkwy?$}?h(X*)(M&|) zCH#5K+I*vmt7*!XVXcv_O8#d?&=Xs6;#G>d$P{274sC4?V}N?#y64y(Fcv^zN=|Ok z%VwQ(CM5}l$UHEr*m#*xncAsc@Caef7@^uI;;OPTX0tpF-J9)@Y}{A4QfZW??AVep zj*JM7O)h=%)q6aTmdSgm&~sHfiL4^5@Gn;%AP;44zut6Ttk)QA^ZwUhdh{$l%KF`R=r z`gX_}mDn3fYQM*RFoHMvlxu%;mLyQSf2srNeO*k$E*;AyYL zD?L);Mrc^C3R%1XDk>b|S+;I-j~W9zaz!e9btFqG$$)YbzrV95e{!aKA+pja1IDNn zBmIo@;VyUH#0{6~tkOF5D_r1m&E;))$)x@AdquYt>9_WL^(yYL{z0znW~XG()=-I* zz&e1r%=Bp-^$kqWn(H2Wwa+>*WRkxjb$_*X=OM@5QZWzc@MMzO97+NM88iVD~pZ=3CGSj+Q#Jil|^EXzN=~i!q!jPqAltHwE2E41|ICyn za4~N4lx>`3mSS5#BTfi8#s|lPoE^_CyTSGnVt0kBlfU7gh{;bP8{4BtxIRzm^ekWo zfBy0D`Hb|ydG%6eTf&D=pJs1A*)7i%wem}tY6@lW#iCh?>_>_k(e_WO)K!~B0yz8 zB}R97IzM!R0`9d1pNP(KLYoi#tw@>LCmVNV_Ti7L+$zE>`77nVZv{S;yBPbCnU1Yd z4%1|X%9y04JO#RcV_M%kASU4QgG2t(hBcI^H~p`IQAS{nQ8yXaGI2s25z;Da=@om5 zECnmv*IzsgXe82HbCT5vq7@F-Jf9cFVe4#0BbD)+=^%JH%o@%kJ2hl-&7RA4EfnpU z@2*kae(J2anx%O;s}^&=;H|_K`aJ0D7GJ;IH(~pE^0N2~T#Z1@rKF43bnS-YZaR;Y zV?z+<%?EC}TDd~#72r3#zbO9o4L(eemJi5_9x^e>aPk?-8w%cXUkQ0L4B!(HykhEQ zegWgm+mlpPX|#pdC6O%u3^L=ef;czcXnub%q> z*J3NgQ~Ii65O}GgrJa5cwN>brE0Cg-JkX8fR3B7Me`0O7Ihxu7z55nJ$Mq;r%Wf6>AC6 za&x0~pPy@&3uTO4ZLPcv6gaoC@ZO^mgDtX17jGa~uEfrEybt-59|8U2hj8Bg6gg`Q zh9*y(f3Phu$S&(-E%E?19Lf6t?~`SZZQp+{=7hso2`67=3|a)Dvl%DVvi9apg>fQ8auKG-oSz(`TlN1tQ3`J`k3Hr=cUpf$qw!w6)x^|N)w`~uxvE4?P3wwI+Dc|Ds=%sYe3 zLa0yvk~3x4i7FG%luG8U1VEms{X99@w>?|1JgT9;lhwXFN+6;~yPTJX1*Z=4N?iM$ z%oRe>;j~J?9%dtdk&i-X*eBk<2$tA>j}vsv7hb5`4K`w#9n#$|;5$%=yP zi=DuZQDE9jzF59oY+YW`;d#WEy<8S;7%*PrvASxpT9l?cnx$Dk{(5xd;C}Y<+J1?n zgRS*m!D`Mn#htTNC6eM9M_oe8D_Js^evo3gXOIWa^VK*wpRfGVAcE9(UWEV_(N^gE zNbxE`zGul&wW1IMd6r;1z&T%9=YQt~opyPpSl6JP6IS<~6{Pv#WrH z3Q%)7ZXyI0MmkuyQAhDdEYFzo&s|iq1ggZD`r5KOYMQ!tqrI{whFf!InXYH&V#`8) zYcOi}XytXtMd%cqB)N;qOETkS(}EUU8MG_MFpdw=w*D$U+l$MCD7n}xk*y0;pbRiO z*!TkzRjQIqb^MjTroOF1JREDB+~u{kAQ{fufL286%+ww+U100(Sx(R{>qRkUq?6CI z$J~~H^5pv69M>RR4>~%)x)=`?nqS?UPeEb@1PQg4@TOC z^085tZD-p)$bU#ixdQBzI)>t>SvN-V0!FgShN4pGw!%TBO^nogE8mQLp>!!oK_5Ehs`)6#C*b*aX z!_m}w!9Dyed-oFlQleTkro^XDqr@9|$J{s} zr!o5DS>+J=x6tt{9RUW4yI4cE1~0EIk)nra+E-_kSTRImRY-qM%uu0<{YePg^N0`h zQ5{_0PoU)0{TQtr>4MOe`FH@-yhOUS%tJAY0#O_∓6uzx+qOmS(_B&4xW3PTbDa zLKxR#RGxv?E9D%!3Pb?>RTl+%O+(H&ER6;xEpM22Si9+LGB+s&Hs<-)&29M@4!&l{ zy%^#x>7K~09^3AH$@2RofV%=XCYXI~D07fh@g|7etwxS38LJ~DBp>8`*l*oVYGV2= zQ!#9S3v_IEnZ9f8rNoms#9u=WdCTP#4O_Na+{}2AB_9xu_+Yl_iVM2P{3g+70yUa% z)mY2Fy`I!wQHFm6ubT^B@5(eu!E<#W zIi!T8m=08=95dINU4yuBn#el?d8|!k4q;?E*=;J?)~&gVLl%z${r0^{;^BTGPPj|E z=m*nVXx7vG;=ylb=r{mk%je%F688B-IrqFi92F0}pXqq70a!R9h&-bTn*pE0b)n(| zBw^b!B*CoV_WWWN)VG@N@Bl~+au2k29y>OkV$Yr!HBbnmT`tBDOa-krYu?}3GsZ?6 zMBj0kX$$Q;V3cSVtSTqyF3!JO?Hi?+YKvkl!VC!C`KSmDVPeZD?)2EU-&HJ<*~gh= zk9$M5;N}zAf;3$d3L{i6Tj?QeSuzf}4d!>WDX#m(aX1W@zvvpxPPs2SgwvecF3l8y z^;e|BZ0B;t?dzu#b3G+|aF5;z`nO|bD%hGA1@C{K%lnja6`XMN?(W_W9%g|cu60{W zyQD_1&u`pte6UB@i3cDY-^xzui6&9hlkSXq{^d+ z3gvT9aK5#)>qV9(=CXWsvB;qAH24?C5JoQtu zQEGN()zMF%%()Zyt`@&taURg2N5NNNUk*Q^Fxj3lZo2>X$ zH6Fu0R?+?nu*rhXE6k6NS5+x}_L~Rd?keQLh>&x#-L$%%o=>(~$gE}xqM!Eim?9aO zkiNsYD46U;6?n`Tv0!OG~$58-1g!s3P^3f+63{jl+ zw9|%aQX+s=n62flPp(E^ruJ1j$w8#^+;~+Npw-D3L>B_HUayf3yR@N0JCGi8a>+~`IagUDJvsxeIV94BN@8R@L=%TJ}etPO_ zXM>NGh^-bguMTAagB-bwo~Hm>*Vr7L#;mBes%2;)tFbxjYv!e?qCrhTxooGp+!Nq` z@S%={=1itTWAJQmxwC0@==y1RON?uVNMt(`ereou;*|gGg_?ND=qP~uF=+CjWj$cn zSYnPumQWR+fwy<;R#(~&7knNI*~Fgz9nv`0V!5BaOwvy5OMCL0aK)UNaK-*pCoU6V zl)kMjYWHT?j|7Jigt=o{JXB#l-yW-y`Out3o^G zUmd?m+`JI~!74t7F~#aFU4t!Sial*T@fMmoi*++xl}e!PIztS(Y<0=v^}riJRDod~ z_e@c#Iv0WvHf@6^7~-Q#hZ}`PS61ETD!Ymov@wnvdlNDVa}%yB6+2^HNaB2ct?R#` z#8WCuhfOQ&V_3^KAIHk<(u=O#bzdYRu83%-GZTH87|44ngM$ToGy8;-k3Clm>a|=Mb1E6O_a%cgy{5VAhDW$M4&|vS zKB%?D5^Y>B)6=tFxl*FcKfPD&zK){4&t2FXnE5swp%O%^5kdD`afgFd2xM?4Wi|7o z8g^)7CI-bLUJ)A1#ArEt)#XKnxW1}Mg{&mx%Dp6O(4I=j!zHUCs?$I9SkcRu`?EK% z<>WCaR60+=sTKOpbUeqD*p-XtXW*hL=C+qBP$Ay#$03Lu-kSMVr^=4Fk&&2Z+=DIE zS>~@r3evM{I5?T0y7gJSv4J`>9@RM5@ik7CJRXMoAHrCG6QQ0!Fmv)(G9}-jF#PBpT_*N)9l5aF! z-~K0|d$`M{cP!x%NLusrQ_6rCLE_nw}wE4JE1--KL4SBvhX zaLchRBZutlfO(X@xaiYAxw}*5MwN1)*eaVRmfyZSb_%P?moHfAopt;wBS}0)PRNW^g4->V8y%9ST)8rH0Zlf5EeuvpG-7igLkr5HzE8>xb z+VNzN9mGW0Y-jWkr|L#abKx9qoW#|u@&|1K5BNt}dm=x2qhSN-?J|8RAuT~h$RIkqlFjXhE#$IG%yS4{!ZXjQ#+%lsS1D&ZM@uQAh=kR% z=LG#bn?O^sxC%9x1fA%dL)byC&-CJDX<;ijQCXInHm;jX0m)2Rtp z{A2SDa)Tmvc~J)m%h|%hi$=w>4sGG=u0(|HC zWvuHg>BLs-#LCU`MQnO`g`l>Lai=!?yl2NjtvB*TF06JytN4wZh+xOr4eSX@L{H2E?#lMGNy2EvTzOK` zt-AX9acy%mGj`!(c7|5ILuU9!-?`Qo$7<@S>kXs@z6z8?rayelp?N%D_m3f--0WJK zi!CeXtgCokJ-T{S6JgH+l;+k~m4{vV#&Ydr#;V>&%mswGClx_zbJCb zqFDm_Re$?3LAt;!bIA~2c$K~w8lV6R+|n)nAxt_&1$xDLAK%++;5^k+34I6L`D-n!p)YtN|JbU?r-+=gKtE9L6sd5VN5y;*6Dm4H@?ERu0KMHr zPEV6VYd# z+gd7YUz}a|GT9O9AN#@D7o%lT`n0oN+l?4!)OH}d(4WmkS;v-Y`WBUDMHY!n+Zghe zHcN^lSmocaWxD#dFH|WcR_Ew|*Jt%6pw|DJ$o7+c3Vy-eDexqv^(mI5`o?hV63~Y1 zefA2Bzaesq;sf;@mVvAkktA$%?l!rp1j!#U-`ZUckB9TD%@#QnXJjb zkNCg8e9wUIF!MJiweM>rf0r73A6;PSrdD-&R`dOb{S%zfP_cAtACrpxK6w0R=rjAR zB(8T8Cy@V9(BomD!uuxl_xGPfR6j%`AonEcfASiUt~EfK5-8FY|6hU%>I_legtPgj zn~R9~0IVgG7>xx!VnzPy_uKMcH!M{R_GYFDc-z}wF7b(tb4?60NA5R|%IyRVS$x+mq3KWg98BpL6njdRRRG4vjPDDje&sz=1^bjF@b;}2$_qBC`gHj z5Gy#?nwVP|gMdheC#yqiD34%eYbC@9nt?(T25mxsegiEGng)|(2#Ah@fcZKgs8B~1 z30JK{t1qH1hQUMZB3f5V#eN1)N5?&bzqSYxLR!@`T{ zr!O5Iug@235OTO372Pi!&^!GgTglq-oJ1h`NgNp|3<-uB{wX+6FxRBt zzB6aE;$RI-fKZj$aqc*QsMH8&>-NZn;+4On@W8o)k$_k@g?T$TIJl#f2wEXpi=xQf z@}ziH6F!M_)VxMaYZCbiJ6?_+QD<)FJm}>3!EE;=Y|v100m!=fP6d#M*XVH zJb;*ez%Dp<4)XboGt8MpcVG%WN_E)^^>B#FE6>^75KFmNZ!65$r>N_Tbp1{`-1`!) zSFmushg!#4O9K3nul87)VW6>GL z_kzSnc6(C;?RvmK{gB9OivzUdU?Hr%@4c_&H_;(D1rcUJiI!>7@=(L;zmRkc1qfeJ zih9Ly@J{M2jzL4leR7YF);ti)Eou?t$3tcdW`g$#vUjBZ5r+-!{OUIxhx*pf1Fc3M z#euJ8{@HyPx_pU%&b$pL&b$|2&HhsgfgB1&Buq#YUz_N$xAV%*?LKe;*L3TP$nBHO zcQ;`(N?y`+awoJ4SyYU0-v|eSqo5a|2<^g;H28Hii?*GQRt}ZW(N?5t94<8M1DCcz(x4*-*^{yBx^c)}4XcZii(tM^+;RV~#e15ER3-|<-9#rbWoh7eDm zhp88mSKj52cdKx^J|qLWW!y7T7lI0Cr!$O2za~S`K-|_ZYUA&KSKt@8`GUSyxv5{RopV$Yb1RCyF=Ht79vYB?F9&m6;V>kmEp-w?kd1CM7 zdE}6BKw0z=4|fsP{jjgV{fRL|132R#DEg0Bwz#na&GoU;kfjB2HINql5cOG>pRo>BgFwUV^BGW`R~ z1eF*x!{xOS-DqAT~#&}%2Z^^iP+MA zeb< zGFgHeLY7AMM1~bxN@#CA;JFds=F{f2p|s)M#^Ee*JaZ3rUw@}|v~bEdJ$!F{UvOV? zY&$DZ0^m@xEL@Vj_%j<1EwRZah-igqh+u+e#bU;W!^p~vz>a}i&B1HAY+7ivXPRW* zxO!BmSi>~2JglMLvHFyB?bybiB{fxCQ@}CzDu*B|EK5$ICATWepYbDoC<80~g2h{3 zoXIGyD7}i^lKGT_gPq8ff2?EZtr~JAz#!hBZZUswr?V*8IDcPw%wx<{txe6ULbw92 z;&oBQQtz~EQFW2SDvTW=gEk|YUENwyOMMMt4Q`Fbr8FxetH-85=as6DDps*iQMG{k zO!X}N0rG+EK?jK&X&Xrl=^lweA|qD*OQ)gJ*pY2ab<9f48sR0EId?EOCKnrbr%SW* z0k=9Q07rxnoz>(bErh8?`%L?ZK1184eO7z;H@%a!!~4m>1%*q6^Qkk3>v#Jar%Qb^ zrhFV39Bf{gFCSkV`C>f1?woGNA9;_SQ&T(DQH!M?mj+)2 zV*}p>=YZfxU`CWiE{8oqc0tU>_2LdfLBpyiEey2&b5LKg@}75**C3M7uhM7O&mP1F z*Mf*0$`KO1++Hxo5k8Cp6Q z>9dPvSNjk9v7L)Stzns+477PP3JMjaBz~7w%;-yZpbCylNUP`Bho?+X9>kS2E>SCf zaMWCHTF2%U*tF1P0AzG0e6mjPSR1c4I9=YU9(Uq);qK#lgQe&PZmF6`9vqB6YQ}5w zG(a_=H$3iB?HBG5U|PU61Wo)F|2^lpCgzflrg*3_Rc2ZI5ZOP#a}(Dg<&OCL<4U4S z)sXI4Y*uwkSwZp2;74Dh$Q)ZSd`Zh>ZC0Jz&|F_`AHZaX($X-z)(5rk&DO|wSHC*jnXk?^8{3Sr(^1l6(|0%Z zxeit*@9ds%zPvZePz5=rci)yZe@6!FMu@%whMr+@7Z#!KMJbLbLIhHx- z0a2|hJ~SVT=P}`gSuO4@IU6Hgwcfd<0r#$O;Cm-G1(GCoJs80L+V zR)B0Y0w1L5>XWYx`D4Qgq}G>**GI^^DI7#p5j5-;E9OI!1Q0)45Y+= zn>bnWk!r{(5R2G47!$M8Gtx7X^1~4m6Z1O!G~ref75~Q_c*aL+=Hz6@&A{O5>Pqj* zLT~F}%D}|M#l^tL%)rb{2ehDbbhmLbaHF$vB>Pt-|E@>W*wM(r+|J3|)`s}6dJPP1 zot^kdN&jl-KgYkW)7Z`Yzb)A~{&QQv8)W#agn@~kk>Nje16_Il%H>utcQdxq6g9U7 z_8G7ZeiklH-oNetuaf_^_&=T+|Mg^NX8d2z|0((Zd#XAbJBZj?1DkZ>|L<`9weG?M@hBZ0Z-cNJg^oMe9=!@yrEVE8Kr zh6ol&4|)Iyh#-iRsE~>q=$Q_52L>B@js!F+1U_*oaR94;5QZ2=ku<81q6&&=-Hd4b zrl;*}VFbqUtRgpQ?p@5?W`-ZBWIMwruj$D7`Ng@eJ1=p6Y>VgdGi8P>1&dVFcNFtk z7&8b~Fg(y`KXE~_T-2}@m;tj8y3OWj`n10@rvE7q_cK{`lKA)8-_|HosM82qytc$T zy#ILrtN53}ocCXK{l{34S3;1*>bk?<>H2?~0v3nJJ^s7le;HpBfKJp7-a^d|&ix

&^r9TxZo@@C@`M~P#-|sbJ@Vn@=jrA6 zWU%de_c(Zar?O~zv~mWyt99+<&I*Pqw&ikm8BY+1Wt%3!gJfLGajl7+TI27cYVLy)3`iDahXeJK>FC^y`?o7!m;6Kvk;$r z*7M34WlSL0sT1lxbL$EI-V)fWu)hv zTHuqP?4TCed?E%Dl*H$-!-KVr-<5v@K~ikcMp%YM&5e^o}UlB$dTnNxYXPH`+ZtOG@p^6 zAfo-&Ob?h{ZekoQm$Cu?61SB zYojI*Cax1uqQ9=ILDs0%7b?2@GR@YajuU8d<)No zoe+h&62Hn1>E5J&?cco{{gnRmcpWLBl%W{C_genJWBmLEHoQxuoDyAP(tkRF=JR+j zN*!0Apd#aWP&21es%w)ju@w8NymGi{m!+3_T?J!(um9_=vGn!F(zT6R4>;w+YzJF| z@xvu%nfyp%ajT}-%=4xYOp?tD*f~#ED0QcH@{dly*GUT>%DYFqp1vI6DQD$RY_tyN3J#O->AGhZZNP$emlTXPAR+!QF$|1g&;;D;t*Jw z(;qdjHkG0&{o0AnPSzK$hl15&Jr1n4mCmA1LYGZLZ~C(0NAbq|>x(xd{KQ4;_&2kT z+g;TFYNjX?k~+hu)X+a{#rVG zWL+GKRm@NuQt$eE9VGMa+A=H7DfcUAs@`lDIUHnD3NN}E2y1!D(50dUVD*#EG_3hk zqeIdzI1nYKrBT_+zg&Elg6j=0@Q|f0v2QV$oEFad)Xh{?q<3>+0L4FCfBd$_eg7D) zak@E!^5 z^yA?n;H~?9(nK813^^*(kIdM7>QbHGu3U(=^WLX2FEn+#dT)6bN;Nf07im5fpOqx= z>R68yC&;kTpyB^#CVXUceT_U3#QRtc;_y=%=?I}tGn#UiGMv-#) z1a7`u+fe8)<5!}FJ8z<;bP>Kt}aE^k+oIevKdot#@7Kv({;2JE)x zJ%BgDu0jO`(>XZ^J&8N;W=eGJB9Cew{DuSFAKdG*c(rXb{uB@Jxz+<)ax!O8XpX9* zMs+coo;bNIg&)dMPN627p)60itSs;Wywu=@SB^k$-0Wr-A`66lUCVq55Gv$P_;$T*<(>}dU z7dgfl%UEenQngIQATd~xQnG@cWMXZyDaFww8!9*D0VhoA@rOjI@5Ut=H;6rc+L*zI z^;bGk9ekuRsoSL=r-OpwSfh>dD(!mC0rYqj+*ZA9UuBap*M@9_Vl7ycd-S0S0L}Dy zu^uY*2vAT^%lX!V;Kh$g=!6v8Gr|B`oIF}8^ilsCzk|wbAw497#&T6+pIkWNkJaR)B*xxw3 zcMxp21!&?w4N~p4EJQAOgsdSege>s*q@FOjysWFe50{_muIG}fc4~>q5IT&f26n%Z z=&uK~DfN>yX&W~b9zsbNgja})=GxsLln~iHcRcXjL6^n`kJpyTPN&+k7sbjfZP!D1 zH{&SgP<*}wW@=-*U`OdfaGI3JE(leAuQE{K)vMfTRVBcbeDHltM*gYElxu$o&7yue zK|vtO|H)aKzGuX~+cM2fDC4n;gPc(# zx&ke6{J4JBQn+vUE|v3FzC7S$NDy{6s6+F1?j(!GEI2OB?@H)%-TZffF{@^3c#IZVBC=TOso|`3vx*^hn_(Ua!wqD2()+SKa^3j zsA#J>YT2l{{G^MCf39>j4qOS9H?EfWq=ZTxQ3{nZ`2gfZ2O>X7wW$cST$a~cg`RYl z3g<0XS+nuuFf*FuhSMEBNnz<(Dr!hC_U!Seb1@jVGN7Lebg3IcWznD%Uc_~2DdsWU zN{XY%qLDihGX_sn^7$N;s&I!4x(m!u#1qrf*7oQN=Y*0oO6`z08Uw^vx=e~O3_2h9 zpi z=@dVt7aw8$i_ezgi~E98LG;Yy5Np;2C1waK&O17Uj9jUPf5bk`KIOXKPXVQJ1wObJVQ88?y#s_;0wU?a`+++_Cm}q#0}{vRWM@o-;L&RDU`yJsz{OSw(8vd~rPwk4`aHIk{<69gN`l^!T210ksYUik~fq*~q z=!&;tyIf-B{D>--rFM)neKi}4dhe55F?4WcO3so~QZ)lKxwmdZ&9F6@vOObFmnDp{%b_BY~bA)E7&Wg)AaE`j}%oz8p<0Y!kL0%Apxyn>z*Z*m#- zb|BUHBb9?-4&8%JT=Uu><9In8Ke0^VgVhtiJGk+Wq=d0mGzb!dE);Q-9OF!el(AD< zdPbX704@HF0h$s45e~)Mp^x7nR7-|(yA$4;a7aJ-nP|ym7UQf)w{kk$062Kx^ErS0 zoaD*g%5F%zYKC9@mfN`m2is2YD`_+7&$gWVYP7hdHjt~;E}fyKgyU7FJz{{J8~&B9#pOeP5`d#JZ$DPQK83t=cRao50hpg#F!} z!NQo^p$FVMTK~k`tfd2GI#S;+Ty#f`dk!4uNg^dYN+n8uMiVtw^AQ{}zB?uqWMb<6 z-0GVk!v+M7>(m)>?Gh>Q1kxnUBj^z~7vB`y=Rrwi+3<9g8w>V=%(cInwFVD3axKc+B@Gn^RO7x?L+bNeDqjW)6oZyRs9x|9q}5op(Vyqc!x6 zFeEbimcq-@;%q3DdLti)t|HIZTdy`unt@jg7T~FQhyKKPhHpaG>o(trW>>_nc1idt zPr3R|_^e;zKMa~QL7Ti?FS>hdj8H#Hv@0-rVR8oFlAU)4{v|_EoED^N2&2LycqgPT z2ND;@)}5)cxM=eIDAgtC8Ok_@MjU+~hVnbZyWi;m+d>%mnT8-Lfy(O-WC{V< z;&&*hEZ#K9P1OK;FazQ38*VvX$&=BAG4bWzhAvo1on+YwO}73k>=GvYYfgp|N{SK5 z#I`|l8&W&jY_X+f(mGOv18pBhG?zP}mI&s|WTzo|q;=H}MjWpAHs%KOc$PVTW)}2; z1loDbLK|xm0u~qEX~6_T3F4Xp8-Y!65u5bViFOUH@-OODC`{;DcP-bkbOHgkRut+BOkVvMRe7)yBAYS@?myd1 zwt&v$wG=Z$>aW+j1>T`(&6M9EbXUQg2k`C~>W9q7p6&*7Av9g)bpc-zm^7Ow94wC( zI6k3CIj>kJa6?3q^7f(u$S-D%RE^z#3QVU{tanT&JtHQ3(vWpERPoL6LaVC@!M^Re7h2Dy90pR|5?j!{)E? zIN58y6jB;Fc6@a=T<(Ff6Q!E*B-xC)89j0z>8GybJ~DK0AhmCfP!zC&O+Q}4ty`1m z5hQ%lWSFu^U@t+B2Aq(GV`dTlMwP388+L&k*M)L+)NEzY4}cXv0qdovJsC|DaC%Bh z!xiz}J?E?3?Dflk&z)0y$1x7Gytg0*=;N<+>Q7$@iy2F#? z;c*OoP`|@*=aC0Kb_}AyJKx?LwZPu^~OM1u+QFgcfh_uDEaX2>luNitKcqFQhv}?D$b>ds0WS^G49na;=4V>d{2J_qIWx3KA)agghkn zRW@o|dxuORS!aPvqQ?xBNOJdyOkc5qEBhCJ_iYf7th()f^S-!d6}ikw^L&nP*7n|h z&xkYYqp}rv1p-QQE2&%u3g}!-^+)APMY*rR;8lT_i}SWah4-*cMn=E*&dAy}Rq94O z?er(Ja;Z1Nyie{y&53sTOFi%bhE^U=)3SCIh8z8GGkl#7&))!K-Gt<{c^`-!GHSGy z3+!&2ASmr_6T)N0TsCGH#F&1Z7ytDDb9q+)Ix76Gr)-#PFsDZ3bUGqw2;Tz?We*6c z^i7-xU?c>!h-DcGWsr!%O*!2|R*_pTAx=H@OSx!I!GJxh5ddC1I7S?a9K(WWf{GIk zr7))uD-Gj<0Y*VdPua{rQD~!;-a;@>2G?^}=6NTHoyY+K?XvB)b-;XWEBm4CQh~`A z+K*23jV1fZtWH`mz4jjRlu#aeR=A|Td~Ns$f7%FS^NGmHd0_nOjj($iwFqxT0n|M6 zcE4$b8p6*GxiF`3i86hBztaFp3|Aowo<2T}90=X<^ zTG9|>vVr^ZAe{YRtwJfjk~k(K)DA8NXG_Fc?JZcax!iIh;;iNZyo`b|fRz`9I+{5x zZ>w&PGFv{#9I`W5W1YJ;eA8v{95N20bN-N;0C|o)fXsKUl=8GT|FW+%=#}AZ87B0W zNnjWFCxuL#L@YPtIu+#7yEnBTeK2rtjIeWaop{)%-;Nt!TC(Kh_ly;(L0hZ>i+4bt zIo<;RWdYGHvCA%3`2sJ$7%b*l9+|E0ezUV?F@q}qoVgQ{ShD7$KM9Zl7~P{c;sYSY*wqw#E$Iu;b>FhZ}CfXf=d#{V{}DhMm|_vzfR_bysb@ zXh_N|A2P&7cF?|UmwFVs0Z6$nY1X8=+*d~5rTMjtsD45&l{wGZOL)mYoa!znqC z4P+FQ+BV3)W1I4kZSmad?eUkW$ zAh?> zC(^Uo1hwP7>vRU<1q*+62`qr$P@q(UygV(Nu)NE+nRZL^Zo~++ZWqcn2v^s$0*F!n z{`P6zt)H1*6?bPs_8*`R+YYgH5)B*?vQ1?oZFNJPC4I3!)*vh7Ht9v>xZIK!X!rCO zG#qI~LwgMEQr{bjCKt~~^|?+k<$UkawrcT4zMj`|yIRBSA5yP$Gj5x&__YcrUXy=} zhlxS_i`C)-<%G4lXuQv>DuxRnhJS!|!45%p(#5`&tzbWiv2Exax6mZm3a*rPlNiVR zhw(t5hF@8pxve#yYBp%hVJ#-6Gr{~l_gyI65CIGwE0%f3&iyJr*{uzM&8t1RqC&st z5Av`3=#JKON{B+^!7GO^Zg5imt$4;@a-Y`u0CJ1rBmG))5-149Vru`ow+?M@d&utw z3z}U8F~2Pbbn$Guw6kkO>)WOpc9*fpW#_>T*F9h zS?DmaiCs~b1jDQJj#a51#}c-mo##loa8|dCjwsFA8e>NT_d_j98P=)>+q9 z@as(~;uU<+W$+quD@yAJvg;09mO$WkfL;??PMD|hnjPaa2Aa;vlL(7@OT&pjP52M> zQ|aJt4{2_)FFPz7Q6DiL&QEz<;aRZsAprD5&-(tz!}5f}?}tCvEEUGEnrz#3A3ZfwcWJED zOg%$BU4|;C=G|09{Lw4G|DLEmq!}Dpn32lc4_tOIx1W0w*k-ko)&)K_*P$Sd){>y; z%@WE=58_@W7Rl@19k}RjQ*v!HwydG28XF0td)^1d?tIK6E3`EtOC8I5RnUyWjgYGC zv`P}3W9Y#up-J8ksO1e{Dv3&t+eiqv3yy|)e%b*J9i1H{rNWnZJPX1RSHaOoNM@F1 zhM5>CW#brsX^N9uOX~Ip8Tk9ZTFwd1Wh!+3h*#A_&~5A1|In`Op{cjE1fnYuh9$ z2r#Y@x>)dG1i}f2jWR~5AuhCa0R@8HBHDho~*z&e3-SL|iT1p4&+x?p= z+riTQMbq?uv1Kx_@;j#=Yhnp?E>XFBZ2#iTTg{@xr9p^>{WON~H0K+SP&(n|F#dBx zU-*y0Ww{C_S1R03U88%df_fP657C{zZ!+ix0#QVvHinR|#mNmU`J`x~YVRURGYXse zzZiB;R=A)-$oXWD*wPO&6jzuqBZD_5q6xV6Y0B5UV}#$B1g=H1T>lsgdI|qUrOViy zG%q9}ifIWY$PN*&8xp`#rr|xiH4qKluBuZM0P%bx>OcOb+3SKpdyd*^TRi`a2#{u> zDP7LM2GrwCl}7-Y^cx2zW7hA#k$Gz%$~3|n;rw!2`G2_jG|c)hAn!h3wBpdQ_#aw+ zK@8;BF3@bv)#d+#+gm8Wei^j0t;wbStL48Dy+02O5RPvMMORgn|Cg=zRQ*NfZ6;ji ziWdKi%(syKx;Iw^qtkMW|Kfc+OVV82X03(|r?P*B;4e)7|MGIV!C z-jK+tq(V8?XIjLb_X3+>py_?yzE;Y#&WMsyH#Zp-1;voFcDvtuv2($~ns3W(v(xuq zoz!#m{U;WKXWOaoP63h-)Epz=)#y4BO3 z)8l{<(>e~oJo*=v)oZ!Kh^dlb&xP%dLc02>wBjq*%2V|7BqtzEH%*q`H#@IZRbl?L zoIkzoji<`C#!IEw%Wuf16GASQB8so;XK#RUw_0tNzw3-WddiV_R~pY|qLedl=$WEJ z6X>BD*W#0*NCpDo`FiO?N%D%htFRs#y+e32M{=frnEw~$_TRmqZEo3c^ON-OGtEC- z%b%3?GqiGfs2=~}^9Tt4;qw6sS<4nFuMrmAn?0%>`u@`FJ~2qy>qN9^Ilhw;H`9eF zj_>Oig+#$!<07V$Ir%^kk;eeA^3YQ6T;y0Vn+aKN9un1LT#`xRG(eM%r-k%ZI*6=2 zjY&Q{A>_b9crSU(od6=ye~1fbakuj)1-JV}D*`yI>?>29^-RlytIB-8@E<1hMAO2X z4wrZ8{b$ZZ+4qWwiBj>h)#6Oj*W2MDqq1jLy%ACMhc%&Zi2%YC1k%h^z0b@Nr3u|Q z0B!<(S_9+0$DLFJ>Sw+2s8CT39nlQIln$rN)Y61OVLJPQcVpuc#cqpFI1dEzU>8sz zFmAWqmSet?pt0REyP5F~_<|bJ5h9J71MBA*sY4l&8qQ8Uh^pw|$QP}%k_U=fi z7q4(NSAW#_$~BEHxav4q;YaJR3QH3lxax?NUA7H7YnS)|rUQur1 z&G5q)4rxAVwhvuO-g;8D#_n%NPh38o^am(oo`QD$(LIkBC?JjFJ06x4POpDN_BFo# zLGqBP6kQ9$EYtcy4E4bMUOu+<#Lv8*F=IU+*B_jC*scEY)hhXE01H6#J-LwfxFJLv zi38O=FAd1_%;XR85$ZEqImpJ7jCadct~{7eFT1iOAssLxESPE)jszyUyRGpY;?O80 zF&4a>cP3$+Z~+mF5<=7+Kz+br&-L_UXfOa5egudf6za)Gb`8GSPLT#r)HdNRgbgu# z`IcS{xuMp+DIai`>sDa;wLGp;s1Hl-CHFK#$reJZW;tcn2^_TYga6_=#wl&nhRJvW zh329Qb?3nypUW1;`OA`$nwe$}9qNp_qcHSrv#A9ieW0Hv_}oECSNd#lSJsM_kCy#{ zsjYan%{61FXS?^eZ@<0n(;en-8-z?Q-5xW(w%e0Ts25od-X!NgTlyxr(Vle4Gr~P^ zCtV{ouGI=&x=_hX=g?_wA)dTQeQH&QXgKL#Z<`EnrBrD1GT8k`1fUTta2sGJAMcivW^U{;QIJ z;6KU$7JW#FnYT(z6bn_|g>w>q9i@+~QR0f9q$j72e!(i^V7{=P|j*x@`jw&{v zMW|X}$O2bX$=?)u6-fY8Nuk(Qw;w=qjB2!=f4Q#@JJjjE9|NQ;5qoszN0(WjhXiy# zh}x|q*colL1Z^D$n~j-$M&69U84rRM&I5rMOrcsL`)5t=)X4@QAJdmMIRWtD+>MOK zj|SRtz_r^l5_Bo^wNwX#^!(Ue|jO0le7vM+j)-Qjtc9 zaD)l?yfy6WeApgcV;+0>kY{hX^x(oEL@*fRVvENNxm;}48&V#=tjU#KNYlM?cky{~ z&a zgy>jOHN>UduB*2l!$VX8sP5>SYBpJNpVA_+s&XXOkZs~a*nrA_geTq4D)v(D*7XsZ(|%g`D60--EEs$<#!3v4 zK56dx1={}2eHNp<<(mKR&ntGd{FaL~?>;=nvhBk=ume8ecdb^go{E`lP70!4%j7qK zC-({E4Qcf`s0Q|{NX2sH9-gENe8e)sX~2TtLD$EA&v&!Q6I=_FwMR*rh+Yh@`GN#v z9}UrM{Qj15wAk44j0K*ws1-t^bYB|Z8XJAX>HfoVFY+2G3M=AfT~ z0sE#GmpC$v#XUQ9j?rB{GfdY4T09wV2j@e&DZGY}I3BUI=j!P7s}Dnl#UEQ!h*^Sc zyjYrXZNJt;5z$9^uqc6l3Zg*H-4wl9vdB2nstE}a2%RZZfG6i{Y=AqejUk`mw{1aP zXr>XBUgo@DGs_5fp>frvPOfGg*e~RYjmF7C=+G#keU4?9UYWf?*<7$KfK1HOIq3mz zF}=>#K&7{6YUY%93@X*bSh*I&-t3sZ(Gl+6HP)&Yf>iK}vG({$k!YP%J9UW7$tl_aQ!1j+c?tlOV@`Rfv*Xb3rJl}w&Wr;n$C42a!w-jgq2I{$eF>IjZJWQ@K$QJ0 zG_Z2lH|*a6>BB-$TdZskSU5u{qF;6a&vWE|9e}^d`s~?Tw^$he(9Kq8uA+0QpJtNb z)d~6H&dBl=s{&2qt{xR+_SUc!jrLP@%{P(8E-28M3b-4t!B!?qTNrWD%*)vOKx{S_ zCj!B>HO32#qQL1(MomD@i_ogCA@T%@EIWCD$vaLXp_aNZ z^{`r3+8+AXj=WUJ5xCWa*YczE36B>&|Y_ zbby!0H|u7T;7!BLsV~VsYG`D#>x^LF-pZD(MU4T7*;jNzOXv_3I39y>eMVM2BjE2r z+lc4~$m3+hjU#Ies_~aSnXfQ0QsydU(N3`gIWnmXO6Oe*h_rq*U1L_bIdKV6N51)8 z0FJkr2OuKG_lt*yWJ!W`riUw$>#1bJ|0rTwy3VY%pW-gqjQWa$`^0jN4RHKM;%(H& z8$u>;ROfnT$yI!iTT5=~Nu2 zM&A~J7IEhg^LGK!dJ5|hpT?}fw?g}aXXL&bpa82>bJGo*CO1x!wVYu%^w{g!(&Rq8 z3T(+dOg#A-#r5dSr+POST|u@(Jo^tIe4xA!W=&r~E+Wm=yu$b@EOW0w*-QnIr@CEp}$Ua)N?Jz0V1-JLge3pQ8eorGQ`1BCx-0wr5 z!d^Snc4P?B#IzeAjI3A;>Qx|R*gi%@v-)=TtSs)5TBH5Ysld>3H_Uk?`d)I+INR$= zNQb5s>mVzhW671@6_5D1^p|A8#zt4cw<%@~$>usTVN=!1u-6iz+vB_(*@z`|WNiH>x#8`s?GINn9TGw$ zoMHM8&lwIoaR$IM{GpZ7)d;)LiZt6dGyD*~`OBHHzg|-?Bk_t7B(OXAe<%+uhcLgB zjNIQ|a(6Y|4Yv?CN4>vYfdeLgWzm4I@2-LZh(^P>x7u0JM@Q~6fna}SEtCuNBble` z0DauvuUo_EX&}YY&$FbCF3M@*wr& zd-{*p*!amb$bRcYF7Jy%)JYl^0(FG&A5V5SqMt@qOugLk%R5Yc0lhH6j2fiflJuFC zqccD$L_wuK{dggLvx>=tmxBDLk6KnJPBN z@y#14`CUwJe|n^_HToW`INI{gE7)zt>;)MQqBaxqFDWZy8DALG9TtP_o_C3}7YK|6 zTY28vl_??|d+oZalf%P1qxXviab89nHI*)7R9q;dV8Y;mS~lDt>J(A23SrM@vq*Ns zAbrV%AGbXqpJrUSnSVHz^}`qVQ*9q2%2EbVUlf=TDDET`y301AcocoOjfeHm)!R4yT?u^^2cqDSD845|ry3xK9`{_!4{_M2QTwp{HJk&Is!OaaIoe`s0;mvk6S%ILSiHq5F`2sY08X z;!oSccE%U|zRIKGl0%S3(9 z70=_D2NO?K(%#5fyeJ9~&hm{3x!0WGZ83Vh)Pl1(ak+L|kQ74_?P9Pk8FO!YnxS$C z(!wnVV!un^-a#0a%C^`cj{Jo}Vc|AiB33!rt@?eHkq?8xE|zSYYULWwkA@&&qme0zp&s z1h*@J2HRxV0as}G#cB|ifU-><^w@x@@5(n#M^0YI0%_HD6-FoPAsC&aj)-dD4)gK^ zRwWNKp9n#*6$LwaZ(5|5_;_3X!4>tUi9iJaxP@Eb6+8Te$aw#9F&fz@^uqe`m&k_r zEqqDLN-t6-qA5LGlU!?T?sNt8+09%-P{wjyp76b4H)w^u`BMCO2pe->U~VJ~8M8(b z1$qnYAoR{H?95@VgjqAi0oTmM6Cn=4mJ3euG=m)`U`&{DGBcaIx!nG2GjA%=5wGeG zOaG#onYB4z0J5)7YI5^1ZW@a+=C6#7wUkYUgUQU5%$Owrb^qLXBIvBsB0Zv-sFPCE z9`fS^Hh_%4AC-RpjcPIKu|TP*)MxMjbfoMsq>8Y0>FBOJ*--HRqw1WaEBD&JU3+Ry zZQJH_YTIt7wr$())V8O#ZQHirGY@|6_xUqf>tto`WbK^X_w~6#0vm#t<89&Q2($z_ z2s1(DQWJ{RnV_bJ2tlCo9I|Ua<5?Y^&vco;zdJnuCX|QIZrnY;G7*R@5vI2cY{801 zleI~QQ(j=1gbv@>zYWfW?baQI;Mr8C6~K=IN26!vCukwkH*$`1PuY|WC&@$(ewYjG z28C#y&BNHDpL3~spSJZq}4(hN}7~s(5^F- zc^WI${6Ia5qCR+*;&gU!-?fx0-xJ8(P5qcJPqpO&l7WT_Qi`y1qG^_(o^PedWZU_X zf}39l;J8a!Vs2M)-{At-FfGz5TN$gKUOY>v%hjlPh)xDoMmXTju2T#_;{g}1O4fic zpl1b2pLSf7DHAGkOb;i26C-L*nySIsWgKbNE;FLC-^JOwY?c>wwF5C?zm^pUH@Ag| z!mlpXc_@z`r~aT)(K1Utu55_GV3MGmAbVX2mzzA%*GXC2dRV`ia8ZA64U6(Lt zaxIdI>N(C$aT_>97QsR+Xqq6sZ*yesIsUg^HtHoO0Id+Me!WO3vZd0m`9oz5#N72# z)_HBlT*MI|L&*|%M3U&K=R&KYZCl$ostdyJlKnX_s53FO|4fT$zti;oW`{4i6-km7ARgkF#r5MDH&Y zyruEA6D=}je&p8~nLw*w$GZ7d>x1}C)%&QVlkY7E59#xa1hP&veW{p{-6-2{hb;1{ zC9fp~r>MOQq&T+)eJWpTQzXw6nJJMy6n6QXl)pk0k=k2MMf8kCx^Lz`+>WW$kTiR8 z=?oss(E1ZH%I4V3Os;%eF!wRp7j|KR^VY!l+3|e@dcQaYQX=OtATL+JVb`*-2=T%{5rz~;x3kDn!)aCCh z(hJ%FlVx&eP|s5ru=wfrf@6ZrR(wbgJ?m(*bLR{mQZpI;PC5Lb3-*-Cus9;apYcCJ@ z4EgFnja4D>$%}+o(QBEsY|9YnnHU7p-|`gy*uM9Upn%fU4EU6Xtys01RHhmf>>1UL zUl=x}J7>hK*-|AKCL{Xw=>I|;{8sF|8#Xz~HE!j0-doxZC0Ei!q%2_sA7B$p`eG*B zECpR)uzq<+%soGl>jtuSTl(__tbX;7Lk!lGJ*4tx=CXil&!>&e_Cv3*YU;;W`2kN0QMC6Mv@HVrC za8X7MBqm^p1s1RqDDL6SpZgJir>fexeCj8LP0f`pfW_TX8i>a5*7K^|=-i_R4uPUV zZbsiOu4KHd=S^RwsZbxf+-|NPr2NfA;{IFqeG8q;xG4wtuIIQ^s&YDy+HWZyv+ZG! zMxSm3%~j`uY&38(BxKCcwHb286>g-0(nv^5heY6;>n(AK^F$MdF5BDv+8%3z!#|7! zz?xzS@)%@ri4H0g44t)lQmhDNuKtWo@vHW$J3M)0-50*zeLuyv-&C=1%88vgbRSy2 z-+}e$_qvtMvg%n3m6ZI%Drv{5@mD05C~iv~<1~Gc0>v-k>V`qyVk04?u>$gTj->LD z#RT0zZmMmOW+*EEDXg#4yC0fG5SbH4;v^;Tk;>5Ik2Q!1H@Fg(N+|R)gVD{i&0WJ~ z8doc*M(-fcVfA~Ga~WP_tGhX94jR*eXQG{eCpth~DGg^_d^u>lB{k+8io>46TXb(8 zWP9Qyf9uW@l-k>guIYOKL5cqY^DCy0>G2iEWw3H$EE~xcRjJAtW_`D83E0VfP0p)i zFnwxUG<80x@~_D=@I}u7&_w$q$4~9e<^dS@8Sk>u&Xzm4WGWdFK7y`g>0q}-RbjQBx6fY@!cWS8i&RM8@Vavr?#)Q>Z#3UPxtVa`c?7aWG#jah|!#x>Si zwLpP{b`3{}r*fj8{YE*SEu$g;Wicojg-=<|&MHmsCREx2z#0yZle_GWE&;&9H~xo9 zeGZVmH$`58YSvwWZVbD5O^W5198X1QKGW0lqYJ{YOx5{hjiS_@=O_qa@qA0 zC~*7f#Kk*Gk0LD`Rw7vdRktLx<4!@X5M`|tA-x`=Uh4I$oWk2$1%j;%yi-^2M!2If zckbtw7%Z0qX0ytgInVswLJ@dWEvWbKSzU{rpcQ%ZAiepj%vIR|M{gc}fq2@YO$Dx; zOF<3tAG@;xQOu&gd}}N_n$G-g%@~OFE`EzY_&t2fX3_JaG5_i3FGFSamH#dU~yY z{!IX9lIOD972fds9VC>gi&deyt-meLW7=NzF}Vz`ZOh9D0M|(7)JdazSS@H;Xj2?W zv6fn;aBL6i!_r{du2smtX#(;R(~wqwZEm?)5ON-uTa$sdOa)p zG5dXB(j4+B9(ppfe{`~rqh;!x)~|JLL80WTaM1pOe6|rw0)X8|1U~VVvUJM*chvtre9~=>lJgscPt)Y@{p_ww_{GN)wn03 zCuWECEt+}9A{B9S5|HDET`a6Y+;nmb+1d}xM*swCD+q)N~dP0)eWn=ACCe-=KEt~@m2cu(7yIZ8y6NdB{wUU$`TIC zcC)t65Ti6Ey|O>JbE&Bgd-Pzffzm=gyuZ3t`L8`~F_L}lY!gY5XJAMz+((@m1klT` zARmsv0alv+1)H?F0EXP2HCoCC?WY>WZbh-U{s$?P{uvdND2oNeVQWtWK$)pgS`PhT zl>Qx}XSd~ft`K_Z#&0}%MNRK9YjMKfF1)o~<|Wu3&z@_r9Kf)!Xp9R>^_|AJWHxhX zQOK(GFP&;m*hCKzwRK=_MX-nSf()AL$F%>noAnzFwg1HQusw2!`$GziF`5Cr1h6+< zu+>&>xlZnM>n764>166$^Kq;51u$8bwRT}sCZ)ql`gR{rT>R;^W02q5ICsfJA?S@cJwn@u@$9{3Tno_)bo4MA_3 z`EnW%^9jj~{27@N_VM*eKs+IEe)8vL2pAv2=!?`hQ}3UD{B`$PGA|00M17(DgkI=y zV&qkE=pr3BNeVfIMn|{-A9SkXNC(|ePXM@%%r288yw$tmlRkq^J|HKSHrdGqEGa53u>9mxiW@bqk42Q9# z165-!hxHHs!$lkZOqR}}~ zDVB(3B}_2gnH2}n(>WA`7ID{Lmzkyu{)!MtBZO9;LaRx)8qb|Bf+C4AdupN#<{BMPiLH zZ4?7QGtO(n+NKf<_X-R+X^fQoLH6DT%%S=MTpEoOz(u<({!3?U!~gh8qvY?b8kr;5b{>QKY*urXR5!E^>{_nZ`6)SWT12~d9 zs8sl>f9@p!Y{6-25m(*)k7QvR34oWlfk{Cw{dda$Dj^U7TfwwdNJ}sO!DjyLiMS30 z42=h*DB%AF@GpA=V5<*(DfI09e`F1=B7mXc0nhdPgF2ap>SqOjR4z~-}OV2FX;ixoz0_X*fdu$5h}CY zHhGZ#Q>Qb9@*0BIQMbr7WE{|P|25Vb<#;|t?09f$tllZq8X*VZ9Rjr%*Q|8Z0P=uU zCnN4c*^D?HkI#vkn;kHs-WptPhrsU$mBe!u8t;Zw@lVP!{KpR06?_ezW5}E>Pvy-1 z1_lQHgLW{!G7I+oOH5(`5|w{%OfGP8R!;!RG7ad|JHl1-_6ct%Ro~6r@W()qF#U(x z0KU9g0hSW?TU{|mT2ncbLDMah`VX4&q;y^&9zT=oZpbqbrn24j$w`kj-5-WL2k61N zWKE>q6`KtLaD!l83$ugAgTO5UxI;9U4q?6FE1B$3C-)h6*VlJ(#uKf)_W0sR)q}b+ zml7+3q-2cdzfFP8srq3G+H%Jt7oE~WQuoZD4#yYdtdF-HL4q(JpHZ zv7E;$8f}xNucW$ysj}zI^`*1Uvw3eR#qZ4&$$3hW%(<6h?k_$A%EhspHpOnhKz}wm zQLQ%HvqxbL+t0{9KpC(e6@7#FqygKR65FzvLvUa z;l^ZhO8vmzPnl#L^ZL=KYoiCh`@&8Z>B60ubn`E9!@%ft7$EQ~qCM1{ENJ4SCXqJB zdx)y_78KU~7dKk4P&J}b3zE`89xI`_=t!I0^s-4U9kRM_GSpB*aZ^Ag#e`%m!=SWeYa)4%C*3w0YlWRo>SA*^^z?G=D$;BtC}hO{*&OfUZ+E^xH+UQ$kcty-4RLtCs|3+GQ(c(}9~*|t`pQszp^Z){hQ z|Bqh8x_)Md$X5U$jW~X54S){l{(Wgd9BZ&n=669)jYnK{1V)`3uSrIes}3BzZTzPteFr z|LJHFp9a&0=)UaxE3Y_y3Rf!L7gubF#A@zQ(~JEV`(kP{d(lE$>SgWp<|B5u^eOTZ z=&Rp=$kLDD?|4yI{Yj3&F86}DU}ioa;aoli3+T${!Bj?wX9oN5`el#Z7yy}Ud;G1h z*na(5U&e@8fmof(=O8Ny0MFStdGB*#*fZhaI=a^S^uDX7wK`HJ688!%DF^>q*Lse;A$R-&xP63N7cj#h%r3rLz? zUk&!(7x3@X#@+jJLBX_fxYO$#aai9jB~PM~uvE;b^errsriWHqOlh;)ZKLY|atWPL z#lTymXzi?W{XRGTuPILC$RerTA90=P{cyNFfDo$qSNzMEgm^S(m&HD@4qn#dH3yX$3u!ioAbu%wT^JM3w2p&WRhG@XdY7v)b4G<+&0trk2aAJa|N zP78nTc@tv>&H(sP{8nNsgXW`6fp$oE;MWAgWk)8^@yH!$fTH@ab z*&lDRrTl5~V!v)Cj3yAv$wzmiMTcexhqg zw@*901k5*;kygT_d%6?QTB+Ms)@}@7*WqXLmlG!i?k`Bqvy{QEC+aFp% z$0}(Uaz5i@-H;9rR5!f*cOrr#_>Oo>>3WgL|H1)N9-7E^%kQNshYBwl;5uVGOWw6QoWI85)9f&bhs$rjcKRq-Th_*yWI!A97@EvwF!o&GJx7^fMYn+nCZ zO6kIT;eZ`VidYnDt2ylz$8o@sf|mTj`ppZd9)x!UAP-2!4=@(lS$?}CR1#uH_x`s4RERUnIsJrU2MQNG!3`k(!cptQ6$jTW99r3a|Y1Jvt7knGmQO!IY~}qy~=% z=l1pd|72HYO(0=cCA1=xZYhntSIbvVK|08(%2I^0<0vRvgR1`!a2H#Wl5_E01tkOU zka~J7bKUf!NU5A;mOoVy#|yFD|HJG73&xp#^yFX$T zTc#EUm&%v1c`4VX?Eu=$m|=m>2Ai9QM(6jo%lwJ%_F4?QQNi=c!Bpoa-ZB>L!)khf z!q_!MId=M{wH;6&#%T+rw&^j?8d4K;$RfT?Yc2%y-&TWnB-yNBPATPlXq$9sRzhwv z=tHI$;(St>OSxI8V#L7nHoebvADUYkl}yj*c7X*NO;y%cB?Eo#IU<|ju~CtW?u#$m zg(f|g!*L#PzFxuUt&dU}`a<@uz^!GD_x_Y{E zI?N6zjTlCU{8Q%n;~V(DGzSgd+2J+?gl%K4$yHSU?5O* zq~7$kHH&SW4F58{H4N~hvgJWwsF6re7vS3P%3L5}I2HD-9Z2wS=$#Q;f%`DCG>Dz* z3wj3Cu_oh)3ZP`3HU!p+&O<0a$9Qt?NEgJTl`-oDsMsPg))#^ZyaUweDIZlWy~VJt zK)gtc&_0^54fQyzdQXC0!Mr8E>a{>k#!_>42@|{x8$fj=6Es8Ecknrd z{Ph*aJ9~<`I9P#C1scYmO0zPHqtMFAts+Lx&;^hj?dmDih5d*x>&BmKc><8U@jJb) zuLaA-BLvZ#%RZjf{gG$B+GOW!rT4`(dX=k%{yh~ts6poj7@+NfI5B;YYiPT+J=q@7 zmjz}1f<_ir$G;4I?i?x4Me)=E5VR9VVe@E~9v&&BL(Wf?YcJvNCCC-QS>0CgI(C*>R zr(W8QxGE>)R+#qf{vZJr|4g-3+Opt9{fdh3IFT{zf0Z0H zw&m;RPhPSn_FXIPnzSs?Z0j`=0)tfeGCX(&hu?B%t+pRHprD@lCddkEx(pqZ$DY8t z`XUC=)-T+db_niS(;aLmhv1&N6h8q5k+cr4>6sw>Ps2_9-gSSz0q^6kID+FS7-dpo z?Y!B&lnRY(E6C>Omr{N?db+ja7h&bhbpJwrL{WcnZMnFjBW84CItCy+}bl zO4ENen>CilB+ih&-BSz@sPH*@GMAo|j%RXarfg*vr!fkAH#dw@XW$`NiSg(pK07)v zROLp8V4xQI@Kc@OQ?C5e=X}S6)QCSfZYEq?2S2PSmICLKlm-iBX8(Lw%`D18*u(5O zQ-#SO=i`}}nyS3&WmJrW0Gf}|s!SFovW3lahMlj4Ny8A92mid731O0`dtquKI- z4RpW1-|;n4rpe8n01F_eqki=rtssP34f&YKsTh{bP#ZuPio(KeDqQnAlMY z0L?2mevBTydgh_e?ft7DsbQXCO=WkbgZ#uCTSq)pv!^XYyEKIp$AUO0}&1eMlc4$+|A{Bsrb4uRaou4RAXg)$XMI}lF6(cnDmxa zW^(!T?=TvmkMBcZ;bKo-2**bzdc=UNgD40T^!;E279v87bd3dta0Vp>Xfhf6dv1+= z=#y_G>w}oD71yw5*#=SV#sf!EJ_6KR z?D+!?JuAZv0;k5a= zDUR*68P|*bNR!w{%rr~P`10HtbpA>;3Axlu3?~*VHi}AIq+LBOg{?LmKN>p*$$)!{ zG0pb0RO8IQlvUCnhZ#NlxvG_3zZN;NMP?_`V|hS;+faTE;1sdP=~3&Agg~FBD)m~F z;3{T{)7$JNjg+SO1#xFasw8)$pOt&z$@a5W&JZ1>}WvMVA8>hva0kcX_*iD|dmF;hTHB9Y8kp9YQ>@7OOLx-HWHLBwMFKUfee{k1K>Q%E3Wpd zNfDl60M3MAeIX?{z(O2WzCJtSd+^qR_kgvGET%)Z1|o?wo)|;%t=C5L8^y2P0sw|v zGf5aJVB(@R2)JeGt#&aO$MMav!RGp)i?fG|Yd8>M9xCK4kBQOI(6^EzR8rb3Wt8QQ zh$yBpkdMArcOQY-;ATH3K z)d20@c?4hg^$jCRV89sit32(tDV#o6VxR^ED!z91rhvo*oBj(xM`QY80^?`EwzNP@7&TVT0q*ywr{EexC zj4$wDM3&cAwZa-|oEtS!u;vd{`jxVs(WuvKB%dF{dG`elLp`KS*~`O`*JiOU+hj`k zy$Uf1L^hENJ+-(v4SPuFA%{n=4ZD&d6=5+?18F=)gp|Gls-NaL2xvL1Le6F`?)T!N~QSuM+x77*$s1Uv?ZHWF==`x%@mb+4@`;kpHT_4@6k zVq@z@EV;ezzjf#^JZ?LCE_oKjtb9)$E7>H|4ULyxdj`bBGU}Zfg1{sM*Lc_0(O;{CS#z!u8;nH@0uF`HlP#AOju{Mk^Pr* zEU@2x))8L+rDDPc@?!^ljgKNF>z0i=24c-!c&3Jz8GxV)lSDi6pX!WM&nu=#Gn|%E zNxg!H-y&SXS~qC|)0{w+yg=`vKl9$Ak1_jYBeil7lqQ6 zD9}B^3wAI?At+()ze7_|YMivnuOK1Vy2UafY&1a^)f=#}=R*MtGG>N6`aWm?4RfiN z3M+wMCv9_mmJWqu2@-^6SzNB(DdBK{a(ZmFI)BO-5HT%XyDG1fOy3!E=M=2fPuAqr zWhbc#Vz8IJp`)rC+)V_UuGvoL)_TqH*=`UGAwYHLsG0XK)d-j@l9=S+MW zV8K(P9&b4=Q-!gT)892d4cR;t^~O2rF&bpmTs~CrQ~@+}*Q~2V$Xu@GZX2ETLS0!h z>FMxiV9Vb|%L>yF)v@K%kVG{#AC&D}3;jT8o|Se#flX$lFt=Uf>!?wNc2 zn;a;-5XMW)E1||Dv!Ucv)YdrTxHuxp3o`vB_?4d!wvsegYdoU-TC*;(vD>#xsZPsB zKlE%T0_}p|K6Eqvor zr^wjo?>`a!ot>HdsuX29zPM)2K_eGo3Z=@k+QKJ zgMx`dWwza^5DC;c+Nj@`ipoiuOifZ8c8dO6Po*fAj8*pz@lE8_9SAn$vKIyo3CJVI zO82*$_ZYj?Z>=WF^AIcL)I#?ZgCmJvH29z!up0)%FJow(0KSqD~mhNzv zoUy?7$+jy)zj?TUpzKEssz8JKjXJu0n7JzaI06X7l*N~Sq4{#Cz?7R~3457l2H@iR z0UljAcQ9a9V<>;rdy*mLx62ptf9*blC;!f)F}bryB4i#?jsbx#ik+~sAm{y|F0gaY z+kk{$8_-sB+c=6NII|fxZ>V@!k-mef^y*i-#}*hDgXR~;g53?}^^G_?sUH*BMn*Lg z;~<45qcfjh^Fb1iW(NNpYSvT+-xykyCs|L<>Gg2Jo4T2n{Z^ioE;EPfLLMXPJf?Vw zO@1%}Es~`eJIpw(!b!M)K8(B!EV%&-q0!~P zgpw?{iex$H*IMwgMF=YGf$ec}L|X($sa`*e`ByG;+VSXfO(iMOGA%H~c^*OIxCsT0 z6jae{n;OTB{I+>Eyp@AAV1Nt-6(xu#GSE>bkmWN03TUAs^v`+87gU=^3kanW3?M}= zunP_NI*iWMXw0K!Bq$Ax!9;J=Gh;aU8Ss~|VQ|wY4Rz?B7Bx|zO=4KCF(xEq>2!cU zNo^ics_km=+(_NWVjqN*y^|*_GlC1iYpNk=l*fYUuh+11cv*0mS(l>7d*royZJb$* zjV$ShC50o9(QKx2@Kq)$Fgc_(V%2skhvdlZvcnhQOJ%7UFytEq8mE`7qd>tl-Uqc@ zaE>;PeUF*nVe4_OK&ws4p3|#lvaA_Zp3-fQs0RoaAezjCA25j`{q#U;&V1`i3z!~M zGzUG6g6GOsEiy`8Lhhp3gw}Gk{o+u9G-UVv>|}9PX}UZng|);<-{6n%Ei+=@kh3)( ztr9;%=a~3~ai5eZF)>~7LI}kbmGOL2xV8v-tLQ{_Y@AezTH&p| z%elod6@6i$mdo7IkH8&PJv+&3qNu~K?)+D`YPkbz;iVWVPFtsb(<-x)MEGO zzlXjD9namk3A*44H2<2uL9Hsb zK>q7g*}G>qt$H7}G5ZvEemG$W9{}71dIQ56-SPfDk0IYm&2PJDPXbn@*uz`h$$~d7 zutP46;`4165i~Q@DhBKAXt3$TEEk}|?Z>Y#WQ^fHpPCYjZuA#txcm}%J>;>I1w`Yr zBI7o%6m&KT{1o52N?9`_uog@`b1-aEY-b=|J`Tn1p22|Uw@c4)h@Kd-&-Groi; z)O4r8N%?8hHBO`KiIJ={Y2$%{P;k1Dn+8Qa|zjferU;YhuP_Fq~!AJ_gZB5UD#;4r~zq-qfcdKdg1Aq`*y$~r9p z^HPUtUSB9UpsYoZ3oyRBOumN#~uK! zO+5Oa^I&o^G%ei4>kAd&S+*e*m~z}Oh0^Dx-ux6(D;+9$1jfwY zpbrm%xa@V}0`{G|x$W0372=|)++J|)F5Hbs(#9PaKwkm8fw4}Ab#B4jfm|A+w?}y! z;vJqPU%3<^w0F_&$YGSFn)+z5O}5y}4#4g~4z@FaQ>jI7c=8fOd+*dzQS=q*44#TA zaU-2>M?P+#ivP(~yRuB&Fq;6&^mw!;_G#B2!19g^=w-0um*AeY+ZvP}afraP{;~$EbzbFi- zUoKn*l0w)2d}{^ZghBmle^Jz1O8bYUB^Sx|FE_MqSSb8Ids`^~3S^49tC$!53FvI& z0mzuvA&LJ_O8q5tY!&}HXr%qLP5(Q;4q@#mTfm;WSR(bO~Xt2A)F({7eK z@3k%ZyI(F~LMFiEdl&fSdnY8Nt3*^IRP)aejA3nKrr^U4V+vC1hfdrVi%(V+e^|TA zqf8ykG8V@?rx23`)2UjECsKrUwa-{So*qkjOc!{-J@cDMy1)p|&Pvu`w0{#`JV<^QvvzNZN-QE$rqcl+Gz0>)Oj zSb7g~E0!As^<35^|91Nri_twAKPC)+PON*g?BP+7j~Upd65zUI4Raz&+`O*XaC4>3LmrfRBBdL z$2Hl@rNo2|k{g+YLZrbb4_@qIVfNT?3X!sJdlo2WtkHvR;$}*DQ=tVo^)h&r;uDw$ zyF&a`2DaNPG8xg<2SUPCUWFsCmr7f*W+LZ`cCb%_j)4qrQNhM$idFUD4hq~10JtcT z0ltD({gM(7W{bT{;hG@UO?L#=C%T9=GLpQRkVg8rz-yb|TiPCh73DpgC&Zd`nF19F z>yXsrIl}s*#3h0W6-rjPStKpNC$Yc_l*RIen*Bhu$Qju>CW=;IB=@&m=~9S)tu_I@#1|J(<2#{5Y7(w7#9fQMP828Vo!O@)(oY09 z@_GQ@LPL{nRwuuVGe&6o=|^z7_ygvh>dY?)3Y|npoY_(bDZ={M&;Yh!p8IQ9YL!Jw z;y{8d+&Y-cDXN?HFa3t|o%V1XNn){~0M4$R$#N;1N@59rg!Gi60Npe?{9;@8qd@PA zEr*2E8lE9&KgsOGNP?%WG4d=)KcD(bVRwYrXx)NdDfcYRe)uWlQ zL55rCrfQO{jVBl_zHb_vVhol#cW@dMxCAs{&KDgrHVZ8jbI(nhOjNP55evN_NuV2B^F5jYjv4B2ttc|_(-=lo{uvCHTF_!4<9Cu;gpm}7F8 z>qDoNM{d9Vvo+f@79O8Vb}ae4_@E0f*JuP~CPB6^AI1jodBhPE&171oAvsL8V^w{7 znHrn=ST)?dvnNxcoLD{WiLbI)m4XJkaJlVnm5M}bXmP3W6_ow=*I2>Gt%2l?;qEZPvl+!KNfbLVebN&eyG~*|@s1OyNY{4jS z5d4fFvn3%&asGxpRExoKnR2>F#NkyQO-y0o0JVi02+K~0^t}@s=K05d`$mpUmq(UF%9!<$H25uCV&o=i&nkBB9{bDD_KDCyowPLMu#573 z{sw05xd+P^N(fCme?Jy%T)^J~5p(l2fZ+RhD3DZxCmA{B3^SG-r@KMBYGuj3SBV&) z>P4Qwk_jumS4fDxvW|rB?k7Q?rKLX8O$*gqq!YrzhX6L9W_-Z_FCaO8?c+SzD%u0R z4HVwR_fYuV+N+>EU8tfMR6A%Wh{cAySovjorL}ELwZ#8zyf+oCHJCPbB_Sl}pjLPRA)NxTq@axp@+$Z43!s=Hx_KMLpSyzYNGO*mqwc3`0N?=n*k~7B7QOfm4?)P z{M+ku?t?x$t+`)Sza;L}o#5}rgC_{vT2mNFVPMzvKlKfs3q`x*^gLb$rcS=DJe9xg z@?SaTGk?dyV9w2`^6=aA@ZiqU`BKw(ysTV&*l2&0-+P@~uxl@uEmV}Llo(Q`mgWCw z$T^(&6oKYy<*@LE1bokuw>&$W5j;a}k59wUHALH1--@eL$9T2F0bld6X|^%zbglsF z;@+I{2nEUVl_kniYq_TI6?w`4GB{JZJhJvWrNQ;&hlj5Fv!s@{U`Sbx)DO!_sM!Q>d+GV7g}i{&|oh8dY>W%T4R5Qii+N3k@brrnX0W;NgO#2URl`pEaqD660! zlRhbNZ($yhMK9hk84ap<*-Yr_UnG=D`FJnEe~c2t?$S&25*XlG&&5mPy9CrxNp*kg z?Omg1_f#(bek?Deg1v&pZXn=lgMnSG95n5lOWe((@E43fdy!9Uzg16q;`a{f?&GL;{MPv2TSMY6P8I>_jgEvP?+ zK9^a&>_7NKUn=&B-NYdz5RotNm}0T;P|@|Mu`69+Z*aks;Hm^s4aHA?DDIu&frg+e zuHN36cYejE>PGG_jkb?bTNlPEi{m{0rU+t*1FMf+p8GyLY%o?qqTWR|Wnt$(al$L% z(ZklfrlE~;p|~pX=*AA7(LgB9>k_qWq4}xn)6&l|QoV^Jxx)44vsi0npK=$IkP?Yc zPV_8P%x+A-m*8r3Lg%fsrFusA!CNG!pC3VdO6qX^ut;xqvWtOI=I%5^r&K;E4!uBG zdcA%G%JQp77tO=OoiEGIyn?i~fXx;cEZPwy8f>kz!<#FAl4Rhw%U6-(l$WR&I7&3# zXmDgp>gDl>?&D5_O-@dB&Q}_;(vZ?5yKMQ>$J>Xac*4r4JDGvyPPsNwRR&~{Uc#P+ z6V*&bG57Q@QydE&vJ;=Z*NyoyC-<*V5~5|PYG$m&uSI#K=Vt24o0G2TfRs%szi7}3 zi}(@kSB{|Pm{zE)(EeTm8wHoK*PX1I^Z|MBaB(R#78F#}EyJ`!Go+ob*lkBT#c|>y+=b4Ce#T8y2fAC>T*_G9GZ92)b)1y+5 z(JbA$!vY@=$AT@w^mou=RBt?!YBMM;=ry;{d89tO_|4RopM@3ya4_@u^SghgO};=# zr-|JIoxc1nnX~E(&`>P1VF)LZo%vW{56anY;+-CcqEcgJ3G(!Z zUs=0g89Jm39*Ipj4{5!3Rj_QeTyL-StZY0Tnf2bJt)}-X%_K7Devfh418#IFK#vn>)TH{LsKKAGg?NibF=SJamkxFusj;r8RLikz%PWp%{~p zf__6mexK*PpmUmG*Tbte<<>lSs6}II4S(Oji#8L$Fdk4}_D|Uo4SI*oRG4P^4z0p-SpXVz!c` z3PV)!Qgf>0ZWA&^PQHH%!;dA+)vRLvcCR(n z`$c=h$NpbumDT6nXVDhiwAPw3{VN!n!shG&3l^}yn2$&w&UT8rTpU*xYq?)0R5N~! z4a&|JN+gvlB%r6vy*6IWP2z5qIW(SS3l-!a6p2D zumBJFUsN9GDmG((Ra%?O)Kwu(LM}CA%i>qR#ig^A|Cs8UU3m=l>Ll=Ld4)V+AV6od zGl*^2nbS6>Qodbt-VkoBQd4Z9T>f6u*E5^cEH)EKqK&#jH;E7qCekr9DJ`+uPV@^KQZSHWowSam2RyO%HNpK3T%j4QYmKWXqxr$usGW=?B>&yVIt% zy9f@XdscZB2Klm*9|wI;a#mEM!_HY7RHP~A4P2LmbUB)Gx%4LFo)40dP|XPl(~R8r zwgBJiDH@n8^d^ey6iaX2CLD=nIGy#&D{D0(@Hpb0!9_j?-h{7cJDkYY#@`w2m+0}V zvGF2sV|4H;28^`g1GNdI+DPKJa4Q8$15&^JrM(4)5yCzL*TF*t4%(zV`;n5S=av<5#EQ5RsnJd{)ji8!7;T_FP$EB3K zy<5Ls&A+dwQSn=wYo5**>W_c$Ki!+MnC!PNx;LhR?4amg9{u|6Bt`IGl3sX#cjfF4Sc=ozos#C| zlIZT6x>=>){fsc>m$J;tYFF=<>btwITs7=j2Q0KOnC2tXaUAE5tYI(k>J#G*n_o2K zm$HKiy1WY>j;nv33+3_-r+Z)u^D^|N)kAP{78Mc7CxG-atdGql(f#*+sJGPd@7*aF z^Ic3rK$shMy`28;^UXW=XLsH?UBo*==r=g1W>+J-4{?&;>b0Yjh`5dZ2NN%;<;t{T zmf!9R*VnDwtxm-5eqObpXTX1dEDlfNrn2omLVy*+-7h}1wc>YLUb{OgfQL;8JXCMh zE1>G$59w~s-3!$~{4(tl|LrXM$ zL+et^Ur%b^tpzM&(t#*;;_#rS;piAm0xKR-e=G5lfSPBSSOSudS1PF z5gP8a1n;R;ss-s%Zq3KzzkWK{B0IGg@LNC88LRcEX5SF^i0-ff_hDed)8Y7mp`ciu z@~#Uk>FQTDXwr8iIG_~uoS#Q*btTtANF(1}lg-RYcK||NOx-DS|d~@pm`t|k7 zqg++OU#8#vuBXLK8L`OaNV!%bl5Fa#Vu2qd3qs*4zM3&$7PH4gtY_4IFt~OvSnO z-_>T7>sQn|UH&*1(Nu;(XX_zL(jkvZpGj0QZP!j8bsew+?@m*l)pb(h1RaKIhUS61 z9cS#ebk=zZc@BJO9BpQn9Qi_66Q1QjbG^ssQ^2rvXp5NPOT`O?sIHg{<^C+Dtvnv=zMoc6|* zgcDu-91r-WuA9WrS2_x)=`vRGatEd$Dy6cSvcvP5>57PM`4U8qzTwj#qjJgk4a~-N z0($QnWQc%} z8+~+_Fo%^eua+_C3Wv!u3$DYMrsW`BDyEM9ey_OFd7fzgCvZV8FLG`FsbF~Ms^T#F9^%Y0-n)MOBi*wUL_ft_W=c9tR!zs9Rq(JqJ>NAtD z1kUZL*V+eUL$0cC%XG%j96Gs>4>}WH_YTe}-GZ^gu7KAk*^#0&lW-n?znbxvc|b{$ zC!ivMQH$IxP`MPVbgN(Hwn3qez(^OSSHl3q4iZe9vQmr~l|#!cbJ@B8t#`{OoDmO@a4yu_m5h} zg+4dqp@on(7J$$)~DSGipa`)%3nE1ypLy(PY_E5corFs%k4u-jc#*Os#~xa8~pXRzB=(< z;vVbG%k3lxur@By>8eQyDCLH`ro&$Yg%oO!lL=1ANQfC*@2Y~9Pqx1d6Vfin8;~Ib z5z$SMC>(k{_F(Cc&Mft$?GH9ggilOi5YADd(k{=Z+)h7ORX>lHQmJBofHXu803^q1 zN8jD>+80xk;~v`NkkyOj6O>Sf1^PJ>6CFpOyQ~`TWu0we>G{biUv!J2@qVf_5gO8c zpE000+~H98$$C4krmbv?4g>^!C?PDMd^1*0h@p&)D5FzbR?kL{@5bnnG!S6)UKL-@8vT9&Hb=F3`6`*QEt)y&lEeU>AT36A;+U(&L(EyrQM+O8 zKYn~Vo?o$2bu8UHWt8J`n-+#CRmENc$}F1EPVc5ltr~Sru*4HtaQSJ+jbS^}oE6n$ zxEp+^PyuWB>4Ovf7{nOB&k0RJx}2Tboh%BcQ8t|C5jl*#+~BY@_cM=LMI5Oiavqzz zu?WTXpjnL+y15%PLt#r`a)ONMp_;on8+&x^!iwi=Xw*lX7%U?)cvr4%WsHomGe05R z+!^$f^T2&Z;-S@%$H_LZHG#>%9;WfqoP*^^pJ#&2sNktHtfeef_JHG9s9RVkf~<`1 zZl;gJNsj-Mk36{*x@p0No!DzEow{k<-&^73oHNr%47fx>y)F4yBvSj#+!P0Xx1`O% zF3B+=``rx(_LkxB;}8ReYJFF7&-nCDbE~TQizh6Oq?aoQyF5HIP7m+@C(@RTBuF4=V&_* z+FUPRsu2!Qd|fk^Go+x6+7*jw?~N80riRAXtTzhBeq?giv9~8r9<&DW;XV0`Vp@Z1 zf#@scze)q%m9>R0)u?9_C~XpdE2Zr{qcI+PAwSib#5d41wwJuVRScLeJ6<#AxBSR8 z4iLy6u6hoEF0ouan4SJ`bEZZ^Sbdsigu;OVi$}2HQreesV!16iub-i$0IE9Qm=eNHK;nqC%aXqCbH!*Jk9lM zWC8xg+Ko9u4ZHco2T;-JHR7F3J5&NYDCFh3icq|?J>r$}F=Drs=_@tJvaOH zrMequJK?)up%T9U_Cv-81;bICq_JK1J&E7CwS?`_$96Bij1jZ#fFSS#f&IA%K*0!> znSj3N;OK(Y_k09C{$S}h`I&ETZv>@1rCZ*4gb)3%azJ1R5WrB)0Rp&Q{yl;tF+lOx;=-LAq5h{Dpc51VpuS`v8Z>ZVB%ps^egOhN{^xq~VmW`; zj0N&T0r;179>rhH13KZSMDo?61}`;3`MbGU2_S#kES4FJzsn_p0LG^18%`$h?^*qs zSQcPxvl6J*et!@5|F*H-I=u{raWUqcTZMaz73C@mj3(>j{Ajh-Qf+Tl&XIuT|5)l@ zE$2hAV^|@|T+b$!cp@)wH9F6r7L1Ez4gmi>7GHjMXh5MpL86+LQ0Ftce0@|Hv!Pc3 z)_C}Fs%hvE;}RETGx)!!1K8RC4m=vH>~X1Qokg*3~>F*IUXt9|{dFgft)V1G9%LO|JfaF4DqN#;`yVbeJ# zql7;JDf`#M1eEhrBm#^rp)Pa9g#NviOIR#vDu0riO1>Ks*iq`3S+L>1^DxfjpY^w1 z;R0?ioB9s({XBhTJ{uP?nvX3)cF)st6CC(2cl(!f@_@x-Sk1n-@C6?EUF*8PpZl_= zkJC*Q9Tq3HM8^UDJwhb$C_uaC?@j{7`fDvc;xZA=R;T%^to3C!RaO=*&@@(MUNoif ze|aeo2qY8j9Y+3RmZ5h9lD;3)RbpHM)IC=9a-1ofaiOxL`Ve;@GWA~PP z76?TAcRB=mNaB*U$6UD5U$W(Ns+|MK|LF*n$l@Bc`j+L2FGkZefBz8puSfKOmLFVI zmqL+E^tT~@g83DKtsT_B9QU6-mR)zD6-GoqiK)lI7s7v;5Tyzvv%NrKg9T&ff=K{qPE9v!+!J;3{)wtI|~W(`KkO-Ww1k z|L;7E6MPN(9;VUgW!%P06*z135u&~(%9$=r)%_v_{o85;vECrj;A_sC!IGKqRJd6p zBdWiO%aiI>JYM(^8lnC!SO8V57J1OB_>pKu}tj931TfJg?2 ze#ZVxFaL>if0hOs;8qb3qRKx)6Y8IsEAYkZKVkGwoPz<}QuGZe|HrKVzhSQ5K0rV~ zpP%%pPN;v;Kb`4-ccP16@;R0gP>6@Z5Q$TT=7#1I5D@z3mlA~1l7>5`I7&!_2Req# zh6XwoIJOYvQh4<|Prd$Pa=EknFL5Dv~LQ~k{m~#K@2>`or#QzVr=s)9}`a@>KZA+lT{Xdv1 zz#zT;P!j#O@c%!^|HqbWI0iMujLD7oe3t>orxpzQ!EK02^}+eQ%QO)?hW2v9Veh_ADq={&e6y4Db>6Z2VQJ| zJQt3)_8ZUp?H0H@)9aivyXnl6Dz^?^6u&TXEAFcY$w)4M%4E8lnCr-oCGDsw-&PdO zBMWQh!0Yt5H_XfNWF49@Xd^bZQ{#+vZiE)r+18ZY``~r1ZGf9i{hc z5pOXHxUN0?K`e)t`Tm2kquNbJnNL?-B7p$NlKnZzL(WXr;`!U;ueDhojoCex);{%P zm+M)+JIAb%J&(1o8%MM=0ydO!_>l}DfGm4wE_6{+|VmK;F6bcBN zK=XOy&MChx894iPoLtQ=frE~Lf98FUDmlDCQwtdGc$8B6DDclQP1v{4>4NQgSDbWJ z6V=IGL-gzU?Bd5th$oR1d@Pd0v_$XJ`Pb}EvZ()%HkC=|sg(hQQu0^X>=zL8H7PR& zKVJ?jQwMl+?>kf>1D~q4@Dr(wPk1vy11gK z&!Tg9BuTN+lH!24`*n^|-L!qrdslOVA#L6T3oMra8(-uw$_E;yO z{2b1uA_aZTClA2bB3Uzp?NclT%H!j$*ss3#E3hE}Lv>)sUvlFTTQJ z4wfGUgfYOZCR5z0ky98(>l5zmEc()7=@T=L<@i3#I`(Lf5w@hJqB$*QeEM}+WS6x1 zMS$f5g=Ug-Yq5|t!|=cm>TCFcn_oPMq$FiRNueA77)9eQ{*iZZT!bIE_SkQ-4EQ2g zkp5eATI)&Y1M5QB@-(YD?l4P%y_Bfr@oK+~0S5%oPKsqb{&#c?3vV%vtcy~(5 zlLpVwkf_4pKe}s~Fm~)RF`5lok#>xtDoTqpQ=_?MwRKW%)#5(iA|=@<3NN;K?~~nW1YwOL z1pK~(OPXb?%9nJT%E4-G-fR+X^w-oy|!>BVELgg(DVL5oyF@C zjyHN$I&EGd`&c4tiyk23W1A@7`t=aIdb(oyylM-zWg$LCx2K*S_=eDmwsB zc-y>-8W{gH*+CHsBq}HuSdbP`yC>Q4!hZ`Ki0ScJV*1%LwuY+ z?l(Rz)0Jhop1-iJ*uwCtrt1Fut_VQtvUORlwD>*bEKB{7$SPXH{NRzpcCLxrTFW_< z8@H|cQCFVGXg$$l8IE@&hqae0`@}YL5gThH`-p^&rnMd`UVx|`x7IykFLVxRhS~@Z z1*>(m=YJKo=T4F1If9?q@Wz}3Iut9-U^rIq*4mr_Mu>lp1{)ZWP>|*)Yz{tF(_T#K=wX4z%{QwKdW%?u`uT zFm2;@g~8*Hg&N2SSC5UBff1|sDB=%7#BIrOi!H1RS4xFkxQzs&q#P{@zWzx-`$&>o zLOcTo%d2l!P4faEwGkaPDG71dR}8U9<`{;^%fIi771k0C>PvTi>9zj=hliZ1ktka}rY z$a1b9e$ky#K0k=53U%T9dqi$Ta2SGCtqnA)anb{$)^tIJG&w_RpV>mR@tyuud2(NG zFOXIvyxH#w-5>b_B;2A$8Q{c;;KqU+@_5soP7O!n0)DDZQ2TV zEVAZtv3Ixt99ED!o!m!*VjueNg{xkc;^ws{A?~cm&&?QHIA)@+q<88EBMSuCTML)d zvgC;2hxD)#>=5jF-1XOJ#5p#otFu3!1ERJLF!lH#M3z+*y+SzeC$X^28TJ-vY z+wOuG*y{@#%Pvyhxhm9M(<$j*xZn!X;i|9!I$rf6`85^C*BwiYP!S23*ciW$hEXS0 zbLmB~d#ZFh7yozzQ{~!yhH^~Z++p(xpQ`cW4g`9c=0=73NvvTv&dq)d@Gi!D5`eUE zmny@!i;W9LN}H4jBq#wO^z1u+*mRl4$L~dB6f9%x-|bnz;iX-TmqL2fu<$dOWq%2O zf3LkYMDLEMmyyf39Kpcr6s|-O+z@S~YNwRH{*#Noi+(&DIEsrewGG0SWtZUQ`8Ch_ zPP9WYSgQ#IU*5egU4Xj~wqJEWFxer9gsKjiE)(;pQhx^=z!x$a+pEV~Eh$}Z@>8}3 z1{!~EYsW0y{oUdVC}|`rj1j%?sdG*7f}jCNKjgc^VN!Imd2R7f_$CbEukjOTLr{i{ zT-JA&nGMQ|IvA7I$?tq2U*X=wKZXmHn&m|#V;Kl#w0JjD*K;Go!GVrm-2zHq2Op}@ znp$uH>Re8)BEzR@j~+rV;Kd%#pQKi?V0pO4s{)Ro`WuBzeR|s2lkfhCtK}CJua|cK zbYG~U5$~zeq~1fGQrcl0`QUFRkrRf|iO)~d@mL}6c)EqD^Nw4H$qZYnm58{wOt(>j3UQk2~u^P4!^RI|}75;U9W|TLH%!L5fp$ufP~&#z7avsKY3pC8;iUaL_MF?dcFPDkMH{FqqP+{vVTDxn&S>UqD>82saR2H?xIln{JvYX7y>mIIMIABwYC(C7gswZy1Xr(_MbMoDa{J*7fc! zmY=Qr>Zfk>#Y;!L>uoFm{|RsLQWy0%UODKn%tXpj#Z!!}1ZgDx+2hFed3nm#D~iLq7`+|L$-2A3>230!rd&{=qTA zzH;t8mWki6i0ACBV2LZIOQ3&dr!n1vLEvC116h$Jt)M2ynOugx9Y}PUEG^;Ap}NzG zYFz7Q91pH!B$Ua2uy|ni1U3E?7c;hs0z#nIg&=5>VVKE~Fm_B$%jh=9r@_9_M^VJV z$0B<>^!6QsXvt9O0I=gp1`m*&3HxO885f3lmoQm|LP7-Iu6bCs#LXW&ki)xFumKbI zU2{g8+YG`2)Ye3PI`W+YnCU54XBVbSb>O$eid+Fb_-8oLXZLa8Q+D-AIb1%si>XvvD=jsV{~V&^8sI9|I3VE=T{) zUlp;|9dhZ9>8-9E0uZ*sR{ib|Q!Hf_QnqjBi5WgFY8d(C7HhaH?tU}IiA5a1y>+3k zn>-^M-e-QFu{lYRFQ3eI5`;Ju-5S@+ARN%DUsXtI;eB-&v-6ZzP@Z!A>mKceG&tkA z=rQpZ6K)_YGuc7yi7mrPCSM_oY@w{@ANi@9`Z`hfBSQi_e&t{RoqgyblP@;2^o9Ud zn*<0F5sHRs#Q5v8kIMCrh&a4d6y~y7DY!xD_Y#+HI|4t<$?A+vpM+p=C{fmInRFOr zsIoYGR)5M_(N^esU#fQrae@TrU(VBY>n3oGey%T_cSAa%H1v}m9qB3*g>lT#nwqGC{2r1 z&ISaEc1WFoMrxsu_#^t#Z~Q={9m8Tv2>g!|?=K7mVmF~OSUl8i;t^5I^hjP=+g9E^_y05@Y zm>8G9UO*rbbrGVWj5mBeH$ksL8*yJ6>{5+?P;Cl+pJal=VWb05i%h5!+1>*ja_zj7 zY5XUBxJPatx6|}@Y0*5*xH*0ZWM(f%??{W$hW<*w4oGDil zi0^g!4UHdnja=K2K~ClmFl{*VDM*=Hn9xULy}|f+xbm>$!Puy(z#hrC6FNp(vi=#) z%m>c5<=>2Es^SDnB^=roy0N88B-N9~ zSk4_=*nJxI;>Y#LaaD#M`WTo~wvJm?57UqX=aa^7-#afs@`Y?=jA43P^{*k037hj( zj=y+oA+LhF4G#ChmEkXqz&c<7?CS+MS5T>TF4&q}EHJzwQ1U&}&Z9^2VPx%ug5lrI zsEYu3_Z3D0LU!A_I$Y`bz& zjZz5s)2tEAJ;LaxI%z2#7LDUBqWJP`|2h&jigoU;2hjOZ>#cyo__@P}+re5tQ2)`dwaq=R_F!Z%P359E)53FF}{ABR}H$^8zk1U*zaC$TVKwjgx}7U;kR|TCo|09K`XxWJ~YkDZ^xx=F}sPPIZD% z3e>MEX+QChlekvvv z1TYHDTwJQ|kL=)U?Uw6gCKV(^KS6M${-u4_d3cY_lRvWbXs2te|a2vXE_h9S=R8RcUf(_w`Euem| z282jwAGK5SdxTMfNBpB5k$}!ffrB@V4G?3;_=$|&G@p*Lk|l4wUjuI$QONSn^jt;< zj`Le5>fu3tY05hCSi~#HS`P(QGY0dMZhx6g>6xrK-+8hYaE={#3Y{3?PZePJGzlK2 zE-;lPPu${;UHO7sYHkpNpEcxZ1R1j3IHBrU=^EOqsv3#2Wn;fh~UwunwE%IL51k*KCBdjQB?jdR{25j1G_yxa5jokga^u!(t@)-zN)g)Oy3QlB1B8Do_j(F>T_=?lT34 zBSo$bI_Ilc#U1>}p`-)Ky?q^5V{9y<>3kZl6|5u*>#lyg1IsOhf=KhtLr)JM*wfB; zW6JXB_0ETV)q0QhNNSdvV8;aN133X?mj%#>QgowX*TBR$ zFQaq!-ye;ztq>7o-**VdmIb_-_v7#Z9P}6DrfralN%##;pgUDBTM;XNtfh9$+O-rv zJ6cz;p9Rky+bgnH7xkhux6Uy&i+81V8dmAvx!1W^HDI8|*)y?Je_`B$59tu*JGxGe zH$x1=h`WO@-deClgAl?4qG2Pejvcqjk&S_P0MemMfLx9O(+r-$kk~VC zbQ>}H{YTLfSr0a$9f)fL^2Nm<>()hYiNY>h#AwxF#ZcVk0+(81$>eT3z4mKSyk4wT z&4%J>L`A6lg?RjPI!4K>vwh6YTGrSco4p)eg1Zv%2^|UNY{kGU&vDe@*1q0wLngZ) z?l(eZuR4e(x0;G=yedpMd)9UpGD2LIdj2%~a?ZzsOvHm?^K*gLgmzhaB`Y~rFQc>`;nBVp1&AVw^rUgA~ z;yQFou}zV$TSIBi8VdFDQDISy0zyUIogXT6hf!$ zH{+u^kj@qNK?X1lVS$m+;aU%F-~1+~ephz0cvHnzQ|t4M!{8nXB`txZ?lNsBC!}b(yKKmg#cqHrt+(M>ogFu2bZ&7(C99RcH;|gV_ElXjg^O zG9hCJF7!DFCGo}kfLG4c{5UBosqW=j6d9WtqBMz^@OLr%k={%S{d_Z%FL8~8Zs4fF z;1Cxzld){5#%Nn5s2h@Aa^A!{8L~tdIurNuymeQS7s^fS_d*aCGt41HU|%9NhhLeLUOezamvI-JU7^rH`?K=Z20@5YV)r=CXP1le zHb9Yku^eCCMt{R)j5*RCwXfa>&Hd4%__mf3$Kmpli>TsVZJ|fm7y-!H{|@z~;>nuv z4l}C6B{q}$Pd>br78#04KVbQ)e7RrJW6DcFEuTv8cVk@$qC20@#@n0r)~XnDu9x7NG|5 zKz7uz_%_5E`swaQy{&kqY`{l!%N%9@Qy3`+z(k_uX#ua3%!T4-K0Y#63NG|sxd#Mx z*T3oUOswyE6`d@<6~`l_runaY{rVrZpl@~4wqO0&MS#|F0jcGol~Bj;<&G_ZC_b4W z#mxT}C~`ppAQ3tOzG|td{GI3b(?SIx3^vlwi>0dm&i(h|1_F=+7rDcWD*xb4`Mvn3 zrxufrW5s`{7}-G*0&ovprFBj!|Bx$cWd*HvTRhWSnVkW& z+>Uos12-4yGyhHMw|H(if>$DAb-04P+nag#nhu#(OwV!Tz}v-KA{b)Amqes|!wqamunrPp$Hnw;HVcU~&Wa-G5myqTk7#(z)!4caay zP>AHVa3FGlQtfuNsQk2mX7H*<{rTkZMB;ejHxOq}aT1V!0 z*q*jNb#jTE9L5A2YgPivJLPF@U>za%@sNY7=9V!6{eT@wFIcJxl*yY{(R=dS zYgm7v)2rt)$>ih>lpsRD9vtSpZhNw{-Fx!2a2<=)(cjLj!1~ON?4Qh}*s}CgRp=hB zr8gQmNNXA9(*PLkB;zS4i=?yTc_}|dmYqh%95$*mV1t2~J!YHVGmd7YIm}c;zT?bo z+1mkDoGf33M=i!nMAJ+ zfIsi~o7Wnne9M>1{0^mc)D<|Q%+;+=-Q0TG?1Zf^@pS1O?E7vce56R9Ka562_F>e* z&7u$KvkOd551D4AGfuoUH$5t@wR!+?Bi7)1hqsDJtLyF*i@8Rmot|5cb>c(zt3eF` z@=tSs`mu7?xFu5&01J@cDfm)D>5K%Gq0i-f0M)hrWUjHwS>q++M8)Q)1JIR-(qdAS z#KCaZk}A7wUvkne@#UMqH}J&4v3amnGA~&!2hPhJO&~F)e;z!!Eh3kEZQG#at0jFh z7yzkn2khd|uEU6Vw_T6sz1@p66f{U`-dX3}J6Fru&v}|7HqoeOoDD=yk}<;kx^zD^ znb^By014qEHjAIz{iC-x3*&)RC^^eJ9>=3hiL{0fvE$ohMD%D4g&wH~PHm$E9bwp* z`o&eL{IsGhu^K*~_as#D73#_nenI`dUq0TgPp1bGDfD+r4=PYyL~~CA*#bFW6t_uv z*w`VXL%R9sJ~q|GZLk_+;>l%@5vANbFet5pt2U0vSoDu6MjdHSx_{j}qZC3GrK2U6 z3f4nFYq1=^+t`YCAzO7BXi3h=fYrXdwl1yB>YIcVCGsdmw!WH#t{qy>`{&IYds=Gb zp?kFe{^Ta1amClNt8Y``KuqAJGqhfuHPv2hobjKnhg5T-BDgnp^bsCaN9q-SJde$x zmo1qFOm1FZe3NoE6iTm=T+*dePsXr$lGv#$91-oKSU!~>=9;z{0O^`50}=3P7K~de zTO$XxY5Qt0<2MwNfg7Mz{o}f`SD(>J?1NjlC}WTUN3aLNoy~?)S#-+!#iA8kFpv9E zEUjqn_F1xZQHASy33|2BrD}OoQ|2=~>`|aDe&k^VbtPLdA!hmY9((E7rH-`O^Hp)x z#p)aS*fU&SXDm0}Rw^wKckyZ4dscBmgQP7h^gqg`VR@tOpJ@ z^Om_V7xkkC$$UzeN9E(<%3Dq{lOk+8#F41X(66&4l*wkfD_u65hpy#wHk8&cWR_2G zKSJ4A`R6y7eE`RA=by~+AXd*FB!{}cy{*PM_5dzDDNG{c-6P$bM|QGR_zIf{c4`Z4 zZcE!s3_6o{njks|!$IJ}d4NRKp#mWD-=H>aT7_pjd$N@xHG1j$!UqPA9|oj*o7rRm zv;C?FO@%yk+f&K8(rt_OVq@u2m2W8D`*}#;POrjwoy9})+U2%gd){k8S++Nr4qrq6 zJ!0QW;Vx@wWyMZNGmgZ{+yV*k>tG&qzcHU)T_@ zk;k78QmF)lDy|3jzLzN@Unfx2uhfwppATv>WFX}($gc#SqV?sI>9v44Op5`~3Kf=P z2=ufl|CZ%;TU1i%)Yu=~sZzguV%s?t0PIN__}$4K*QN727pKSBiDj8LOm7Gg2)e}@ zk;c*iOBtfVwm-$!cSJTI94e^4Ioj}@@C^9~9u`_AJx6}+S_t+L-Fv62`J5`*jh0+|s;+ZRc7WRn7 zV5hgxSj>wTU$O`s6pgZ9)pa+|Nt?8#a>>N7c8Emjb?qzDW~S^oWko8BvSJJPBI3Ff zWqgrxSJdMSY>48aJtIn2)D|w%qVFgiUkN6|CE!@Q0`i{!L+Pba@TuKN_PKA$GW$fe zJ)JGJN#J{=Y8J?5p5vC0*@o{&H3ZA!Jw2qC;O*k1V!(2@n5H6J@$Z3b724YYBA6|# zZj~fgPvwou%|4@vce3E;mYc^D2(p7TcSgfO$eMW!&az3k4MB39pH$~kQV=BS-UlDi zbzp`tGQf>!RDc*k2269fz?mIW*$sH0(b1h zrtB{y!ARpDBtgDaQmfv8_KTppiC-o!+0$;o89)!kO8PB$8MECwHPfUz9gbWguJPje zu&3v^fp-Be81{MJZ4WyAeGRQGew+JxooO#N2kh)oXzeJZee##$iNEzXBu>-qk(`9fH%PKW)e4h`$D6=(HocD zVfe31k6LLi3>*C78hx#XNeF^H14dbN_n?kf^StS#saE2mlP`>BT+P*i%F$JxjHBeT zj!N{f@#u}Dk1lBvSUwDPhCq<|zVuq9M5IU+JAk7GHYi)9O6`*}^qQ!8rhhZ;vXS^G zp^AdqmIkv?iCPc|w_>5>QZ8|j3Rm-foqT<|5yuv zBuv*3NDdFtdnJh|KtmY};-&c)l$1F*Hutuce>LFU8^c{VVbI93Zvx~C>;N{|1b(U* zzga?yZYkZCAIBpyPQq-V1=lfN7+*^Do0!w<0#hwe^%I=~_fu=4wBRS|{d?ZE@>&6> zo)wTN9@>OF*}ufGfg2V9dH!MT5r_U{FYG9H=43si-&2nAo>Rs_cTv!{SkZ62E};e9 z(`--hqO8?nDuwc*6&tV@2~VmsH7bhto->c(`)+YJrqtq}P+@DsJf}w~w6I0MMVvVV zyxl#36C~p>kNWH(<}CZ|8|1cHaAVp$jcs=Xy1Y2a*M*eR0Jv_!riRx+Rlidf;es*O zP%bMQpQY=5XbLi2V!6FbVFMNYKx>xPW;tm((JLM?m#^M{jF?qx$SYBENR(p<9lk9I zISC#wp%e4l=Gj&Fb_iyo41?wDcP#j)LA~umK9dOk867 zZBARFIkDQ$)w&%hu^)ibV&o4%E>z0bhXiL3qc|=^&jdFCZR~@ovNpILjy#p}c+2w% zGx_5z)LG#B<(;9F^N)Mw*KGh&tt}kYCfDvpx#v^_+xrL2*pAF?q%*${LjrsCK#SEl zQA5L)ZC(h)98mWRN!^BVBD%HrL4S^@vs$(8HO~@3&D{w5k?e9?w}cw*!ctT&FHIfWwY8q^A!B@rm!{tTYArlEX`Qn29a^0oaq;>w!v+UNq?2 zQ2qdUvo`2DSBxcqVlF#of$fy1$bnzm*;gdRl+(_jCaw;N+C4l58X*Z>?DG;F z_>8bLoWYi_9zGlG%b_uy>vxb0=9wkaZOo>}sO=@eJ<}pESBOIbI`t;(IZ+FjK!LJ>acb{|Y2-tn_<$d{~=`pJMreMUhNT(wgB!ldsRC^%u7;_S->fmD4K znga>`BsLDbFWlV+AyxU%=INj&*FqCL9TKn4kSFHH^jqpbyfIq!`D9Vidj}> zVpuXzr#|7cVA)Kbi`^m0os}j92C|$qYKBPFLZ(Z-P5(H~wAJ(J(yf{#uy5*ksvq2k zz!7>KEUMSr5WwJ%7AZV-y@Xv&zRfO?J+sm)wcXZ-!-k_z^A)ba$qqp*Ejs zB}4xYMG1XtjVdGBvhm>yRXHcP@M7;RIZG4yfxetkB5Csm-yb}Q-*VY4urr)4*lR5^ zktZDxR5qHzs{Rje@AzKHx2|o+Haa#twrzE+j@_|s+qP}n?4V=Yww-78Z?CoXUhg09 zejUe=nw42KYt$I`d7Za+aioy;A+5tt*UJlDT7*4$Wo-tn zx(kAPFo(>FjHQG>BSuSPs*~uS9hJ^M-l{z#ELno!1QDEkV`E!YI0VB88*6+`A#G8I z7_xW`0eBoZ|NMMx2?X<&;Mey`enGR>843?!4|;;C?#*T!a>H8~1wsm9Ad4B*QvRT` zMh!zj4FOz|nibK$WMvP1TJNB%8^}>tw02x7;P1gK@;75%(*& zYP7a})*X!Cv%lKHGKQJqS1}a}yGIFc*Hb;WgNXx|j!y-g+>;!H)ZEVw7IowqNyd2o zb@ptZ6k9N{*2K2~Oy*6*@x{Dg6%7c|l5Cu2{b}!lxeC>A;5ZswckkD%gBf5g0!-@0 z(#26?lV@22KS4}i^&NunaWdF$;^?u~9K}#!3{;pP@AX7rrC;o*Qj}!=`jC|i0=16r z6|Rx-^(q=1^C$rrzb*HH+4-(l#_ZugWf*FG^S~jh;-X4w9i~f`-I-`cGtp85$oGi^ zTHS63&mW87>c$d-d24-{6A}z~`pYBdXR~n%oMn8?T@8NijE|sl;`x_nJA`J?^=68t z>tThTO)rD2c~*|8>fiUm)z9q$C)oe7uE81mDoB?p5aKk5gqScMCXS>{tFmsk9Vop` z`qB4IA(Op2agX_6`OisMgJ4xOs9m_>qf(7Q{|OKW86lb??eId~I#reYQNHbJAcnSc zvNoqlztLDh9=A&w^59!D;bZZxb!`jJQnU)T#A z#4nPdCI*~QTVe*f0J}(cU6yF}vh~FcMsbM|JGy3oF}$rz>Pg=8Nr)zXWD&^G*B~Mn zY|LO)Tin}aBDqDj&dEfy9Dm@qTR@e+tG$v_=J~Z}hoRd~?{k}q!FFHk7LNJWcZ37= zVKH^>I)}lW({GrL{>s7#Mi5;4@{ft7r^x$wac#EuSQX;FRCKv{>3|csO>W+h$eSMl0?V#k_4r7Q@ zl&&48Onn7?Wju4`Jjp6u^FHjhNoi4YA=17Zh*=vr4STF7wnNB{c`!wi!!ySp26Vop)|;VeyQs*w=_m50rU_ADJQKHE&q&5noL-;zs5aoJQy;&S>6FGa!Y== zYBAfCIHW0mNF0lEBR3c2`9!tbBJUI5=`?~93&Z&%DaoA~zC5Ht0YXgz5?yjRC9K;Qz6=B5 zgj^wBL72U+oYmde@CG(GL^#q~_DvTGYJ>c_?d2I1<+BIWag@W$Zo68$wss>8SV%|p zH!c#XS+{hV3EX<^{V5{8BGXg@%CYsMxzvpoS%M>pju6A zN*do;KaK*sS5_l`cn=ZAj_^U@1W}*1AAZH#QE7pC-(_KST8mGevHpeORQ)j)fw(^}9Yn1Jlep1l=hWe9z4kN*e zUwuVD460Hdc7!?>9mhfl1{NmapO5M9Ivn0R`(eP}mUnv=2G5(d98~3)XYK0M4*`*Z zA02;2tT>WJ8Kpyew`*Bo_JWnTZ$y6m!aD>Aop$E6!6=nASi zGFrRb#o?VAO!N5Jz04PQ`v0_Yz%2~o>C@thvXb@AOkOK7A4Mej&JDwc#jM&#BNFFb z`u9Dx|6|@fQ*})$)65*wuZSBb(JzlN<_jSF)*K!+gOlHLb5nB}oe*~x*c~^79ort% zO1~R?n!3Y0t%x_D*m2xPuC>D!k1hV&EGMiqb}a@L3&_#hS1*|nia=74pM^c3g9^GI z842?@P%cOA+;;ZN3GwJlMTLgtgFs;vI-Xo^B;LAmKTPU}-bcAchh8m60CWXvW6B0; zIg=$r55^L0*-w#k?WWrP@?dVVR|q+GEewi7=1dSfJ`?f@svr0?3gq}Kwnl!d{M#Y4 zR@{nH;UEc6&~Sqn#|f$DSx~de!=RCzW4^A>SEOXlQp~Bk9B#MEdhCo2o0ze_w1uOk zu&5AYZWh0=w$vGl(;-!O`Y<&mtvD}iv*l5@odtS!NJy_gD&V3Q;>fcUw^l6oj2{j8za z)Yr)|=N1a`80huw2W63lrzGOJ$aB4AFg5$&4B;U5&P67W^4^bO_3*Fp)Uz6XFB4X# zv{7cVDIDQiLgw3Sul1jRMRH~zY9rx~^wE^dARLmO3)yM`E)5tiCoX@1ojLIJ;r+~& zTely24;O}JlpvCF-zkmH1Z3<<7NB3trP||_F62zn# zzjBtN2M~+yU0|uUyY_eTt2G1gE>nILW8HN(2x)W*6oS|-$v;rA(kQC?LA(2*!Kk2> z5LvTuhewVF@VADd`dUYR^`(PS7v~UU&xO0EBr3?WCxKoM%`mb7InJs@=T`^cQ>9;( z*Y|q^-ThjvwdCgMv6qrV{W4*^vsDhUWb*L*0QV_T6rmB=jraxVdo&aMRaa5~7|#%- zqzZRZLNJ<%90fIDAnRVya7^MtMtX4yPoAvqgNs(gN^p+*69cZFe!KF? zL6aCR)H89kJ1qFyO@fWo&erMNn1sl~)2;Wzs)`wMjZVXWSJE7`$wL@7UY-C#`l2(@ z!9;vWf!KZ-w%E1?r52*GX!%T(d0p5WLxnTVFZ7|QKV!XOO}$UBG~T5x-yA=$HO&Nn zA?z)hYet2*cg}W}GCKDnx@jY`)0JNAFFuR@SUb^f!WHMZ4`6XAdBCxNTqGc?1hd)X zGL%JB!_&Z8AzVM~3wf6%gZgL62$c67v<_9U#6N=z`RakQW>DRH7{AR87#cY&0Z)bCPjOnjoIShY0$dgFet7`)9Z(SW1-I5oH(b84-oJrO+#J9PMH z<{gVvq|HfU^&hZ{MYTwq4xTAn`+)_BibXP25K+q=89WOXoBqa@-I^${V0L=}MiN!K zyV$83#^&P@`Bm>L@E?xX=iU7pw$%jHfGwgREXn@DIVmmS;z#hp7(*|ULVa4!Zkss1W47WE*>qOhRu%N$lv*PG%;j(PEX#0#X z{=lSH@dtNaDbZz)9Q$168+?#K9hy;1h_qNh`fcrr2)I+4e#n1& z7^8oO=-X|bS2}=Ny78MxUQyS3%$V7*w+nA;&?y?W$G7JiKFhGHGL1|PNeyPt+~%;c zYn9Kg4Xv50Dc-`35p@)2>`pO9aR7^4=*M@7*)0T3LOytBeB7QqLIEE`qDy2)t;Pa1 zT=P=&=())p@av&eD~#vp+U9kx_k;j+VsY?cSEORaNCxto$=EV(+SAJ)jyQA4L?s(+ ztJl{<$!0Zl9v2IBHO}@H_Mcy5En$C}`EnW% z^9kvV!Wp?T&hc^DKs*s}LGn%a1V|3#zGrbTa}Noi{gFM+q_ZLwi2#_+pmR-TguGg2 zP3UbqSss@N#ZafO{T4-ZasPADVfGuyq;7*0;)UD!gaV^3fj<}a2K~{gOf@6ISZ$fi zl7DrDwol|~8Z8p7flA3JFUaYb=f47d8{&&Z|3MvWVF?)kI2dUpr;%jc8B_OxRu^Ht zSxYV)PIE#vjDodBpP)OZFVdRSat=6eHkpe&-CD6{OA~W5FcG;|&AfQx(aw83R`BM8 zV_gt=bYiU2$RkKI93bBPFTKOIvk;Kx9vL>Tu_fx{dF{M{&x3Qh2c;7l=B?>C( zQIHD@qW^J402<|x0N|24s8odN|D{L(y>OcU$|fvHs_*_wU$Ko0U{2h?WFY?sO!+tX zvIc-dXq%CjUjB39e`%2Gzr90vK#BwYb54IpL#_V$F4jWN-v3L3;rf?Q!3Un}`_J|H zi<1np0ZuN$YS791|F9^gU_8Wt?;*zbWc$BH4RHP{H`sQ$`2P>0!UBT-xBG{9ucPgM zjn+j0PR;=5hMT9SE<$`75XgeemA_e`x_6xX1-ic1F#w32pX?U-9G8t`=atx_gB5lPOA)<0q>?Z2P&(nO=Jj`J&VP z`z-P0lja5?O}ON7?h#b;cu;rb7?Aj=_Z+%S&Rs`5g6*hmS?jC?paG3X%d%sskAm(G zEA0KlA*i8H1J1kWjOJXG*)k1cWie$Uerg;axl{kbO7^!mdp0GcVhIJOIb?yS%QRx% zH6YBCo8S-JIC_+96$h4RKA^kqjj%=lf-@d4o!53kfY8BJfLOQ(TW;#$JN`DH1y64x zT3LqDw>qys_{s-C=JP&cE*dR&>~cf0$t;}k)(neEnWo^MZ(FeOz(3+Spf^&evd%0g zb)FMUKG>4jt~BK=oU2LSA@mt)w9c(SguUg$m8<6>oO_uuWFsVxs5X*zFI`pWD%?X> z$yLqV>^d9|_^F=V*szM69_a2LrCGZ~Vw!3J$>Ds5ugs(u-dJ+OWe15$bgj|jrK*UN zIlhI$@$={&#pcKr^sQE}uAL4+yb-pN8)*YfsU{ZCvzUC09LgfDpnGrbKd?aCRnf*~ zYo9-q1sS$B_^^_1a_p9Gjq-x`DJaeTTx_e>1779oHhsd;U_6J?W|5*y zX71PV^+`ZB3`ntw{n<v@#zLKG7uQEQ!AzNQg!!F$ zGH0lJf+B4!W_+Q5e#;d9=)jIjfYNF=F|2MaC zLX)434~F4Y>>T%EiRYe*LMDUzz_Ve(VBRNx%GBKihY*Yjr*WG2G`7VW7)ye(_jtiV zuZ282Lc#B)zB|`yuIb)$Uji(zW~Q6&jJuA#jSvFZ-BLIy8Pj|PxEAoZ9RhW%aR<;A z+%7E2mFn`0#Z;sJzpe?!tX`^0&6b58`VtM^&BVTqO678wY6+aj%A$WEyKR5OLLz`b z0M3X!fWV7 zn;QQZt4}mS=DN6wZl$2r<{5S)CZH&r4=BzW1PXT^-F1tk&GCvr%AOa+-9bo~t=W8h z<|=jDRcjtM6U z^s7~T^yfUCSyU}vKX+Mn&%*9ys*gY!K)3F$iXwvFoSC5Bu!L-TU{E?Z0J-{^)17TtoE>EH|)C zK%#GV%hdMbHw8ZIcQ!z(lEx<}nV#cNwc+fH3Aa1$S?25gspW=OMxBewRH5Z^%P4Tf zg~w*&+?T`O?cs+uA73vo9bU4Hrg@^r(+vM^J*D8?<0`ozY9~Bs=gJQHO18m{?fBwl z8^HX57f4F2v!K7`_h-1J-f}!&{rei=f7R<8a1H(XMfZLJ)9^RPIoRgC*KUhw2Id#ZIM&tDeM7 z^)&sUVwC3QMHsJ4+Bdf8mx!b99*3FtLft5d^cEARTJSiNZ$Um&33@EXC{q#le~3+v zp{hR(gYM~-O8pb}Q|~&w_tGT{f&Du8Uyth)`dg%sWl42qcXZTvj2)Oa;F+ZEf*};8^o-6O(YT|t+%?g zax1GYVMui}Mex|qb$$S{+$D2Ia*Eh>AFuMS;zqn#waB^%VUk&kml~oOPn9K=LM?@+ z*%-%RmU76_d^+@x2u_s?*hc^#G5!P~97DUkWV;Kt1RxOuAAdhg|1dVdL`?K4uGbgw{ZuXcA-U>dnF6=f zGHFYt!eH_y!`1o>YWYa8MY5`R&pT7h4z{?$#3y#Vmv-qf%>*9E>v-y`+(DWBb%1%Y z5q+TOAI35L@%uqur>E8Qi?hN;3PROVQ>sBtE=ixOb1MObqMcK0J%_8SijJ&%PK7%; ztlm0a@%O(-mryB~EN$wIwSoN1*v)|&&p4^uj={yL;SGzww1@~l72Vz|y6QVr(~pT0 z*AK79E9PW(R?MeNM?c}J5)Hma>h3zje8lXxBlG~* z5k);e*D^-prLXl^F3jMZ0m-?r`aD_ji_Da5PY8Cj_JB@JyXhaN{(Mg`4&=pxP=U} zpy-DaKkb!O*G1Sf6|eRYV;MKxKsI3CyA%*)1z=%T-p?ARgnihSc25uXNVn1(hmd^N zOn(e$KyW%Y69I5z&<}~L$vIV-+;1cXm?L-tG2>vl)G94Lv@Zw){^Tlaqfh^120DT~ zKFe(oG8$deK2-Entmb2NEl6A8+~2~?%>xCipDj>o*#uxOIM;bq08>O|L)InQ>aPpm z4d8>fr(4leuI{Kj@nQ&pOdG!QGdC2~Ia_zg06#BJq``A*8XCr*-pdW;#`VX?pr>C* zy_EuT^#&Cf2P1k|3LK9wo|H-7Wc<^56In34%ofXg5laDl{=Bm?309GDlMR%nm};O^ zky<)>l8*H~i|~nu-m;FxNBqQq6s_RG8CU{i@d+GfDq#%(bKx);aAJBQddQ$sI#xOT zctJuqJ%tv%0VqPotq3ciBoI&1p-&OyJ$gl=tw7--O|b8WOhK4O0xyoo{M#IbYk0Kd z+`ZU12q|wZIrbd}Qib4s>j@DU6wLsu)_E5VjFZ5yRQQH@27;t2XfJDdd6><*8|^p#!iDxoYk>=uY2)Dy6j+<`xkxYACtQZ`GfAlW2`aotUODKX31-wBedgyAb1 z;X?h}N&#^MVRkNg3S!C&A-5&kChV2i;`i5r^U4ShC^35fMZ<~p(pNZw2hR-E%V*JV zF-{J)XrQec@)0iFicRqZV=nLdWV)Tgakz@GmG9)AOc1j1uS*}B39K|D4ekJo8KM_A zt(dOq*))mJ4ojRa1LeFy(w%8BE=z^53@=BoV4jV#>M6ghHlcJ(;Ybx#?Am>ht+c(JMhdc$y417f{qYgvpJquc+1s&Do2m_!A(gDK*#lK<> z!a~2;_?H~S{E+#MAN!Z9?-2jS-k*G+QXWKv|LZM+{OEcL7JjhXE_M z`aLfLG~qqEOm6QJz>6Wx{+Xa4QL~ArS}SwP4juqaU;I&9UA0t`%qWTRM_UUM5h>EDqp9MD1MwK;nnZ6LKA#mOodJ89XEpg*! zaE58>&|A;?58TCxD0GW(Q9AquJ%M0WEJHvy%*^R4YZwz#HpA9EkI!%G z_Di!GnAs$}`^y~#eN<(FZAJbxY>@C}&;W)jfv^$sRx;%kn9J2Xr;#hTiSaCCOkfug zkPKxBQMLvk;j^$4HoGEWoT-VH262T{*CEW8U907-My(9lhZr3+X@fI30E{ms)ef(A zJaB_N=@aE!C2PAXTPka2eyq~DfgXG4p53!vhY&8^vcuNRhO#h2sAUyA?~ilJ_fF^H zI0|RzVYVDIi9d1VsUebMJR@5$-8K@SD*g+#bC-eGix(b%hSBnf*T9|XkU7Ag0+wFb z4&Y1ZLU>Rv{&7^bb#rCLU3_qhL~*GT``Og@_JeFmXDna=`sWJ>8EackJT1U+)>}J8$-Tkt*|r2jspaFMi#BYEwUSOpI5g%e2c8x_fetxo%3h9(udz^ z5NMVBqS3|>vc5BispQ-XbB8X(t!Q56)ogW<_jcX2s*3UE%@xF}A7FZSl{l()5kGFa z8wsb0ub7Ai6n}5-jl2bdRiWP=Tc8%pP(KO%s|TRqgUaDxrzFf#fDOhxsRk$sa(bRA z;rWSz?g6EyV75M=I+eqtnop$2);NUMZq%T;CuJ|0KB#faSb`@tJ(6bq%=#xg{ym#P zy4u)pm`*SU+}q8N&Va(u{kTd0?2Oo|!Og)@Ni<$4HEFf?r%fZZ@!-RqymzT_PMdxG zuHgq&b66A$Kq0XKnZ-n2hj(bfaBVoS#e=}~NO`u+>E*?49r|PIOKD0HFUl3*7aX1h zmTR#>L1L7FR6&GHlwI3&ntxlA#-IMur0N^vf^5P zfrK&;?3aTxTT#zPZC(&i5s;(M&Y%l`IOxWM5rO}*i3OFE4M;uGE_5MdqXhQ`0kreG>>abuHRq&@1q9qhMg5YIaq(A;tq2 zDZ8(l#)9Hy^E=Zf%3i;=mo%7bThjqMRl&O{Ck>0t;X`>K8$W?7wF}S3&@PZ^hyNRn z376et>yC|TuNaQqdY;2uTES~7w2;@uaSL7#wi(y}m{}?6DS#9PjaRAj^=Ctc%Wkba z2Bm5UW-ujq6!)nornfRc=f`C?v1DN5RN#0J!C`{Xfm@uv-F_3n*2@e~U>V_!+@K6e zn~{I(SlCsQXn=!bh!*wNdmm`^|IRkIzAy*xljO$|q6Ci+Se?AWP1Un^*Xax6f;+d~ zJIS-8x4GSh`)o+#Ae?I0)>Y|>u+U2VFVY4uO$rU37t1h3Qe6N@PQs;|PB5cj7&t5l zoq2Ni*0E!-YY>762kBhu!cu?l)eQ(e<8^gaYHx|q zWnJ9g*s&-Oz>gzfP+#Ecsc0p)o{V$oN(PLwy!mT&E@iLD-QIo|_Z3X$(bSx&@BZ4GPi z@;$mLQiYF1b^;~>Y~`fL7bc=QtAkYD9M(Kyp%1W1n)vXMxK_uSYw@x59OhgHgs!)vMV?*n(5z7uc=|4*iGk&I)02uU83z_mt z*kypW&Ku!gDfwX)H<#y%4X?!ZVuU4$f@z8B4hv8>5kD>Hb3Z1@Gko%HVK1y+&gr|ZWSCDZZ&=0!@% z^+hCeSEnb(C^@bu)YvJ#biSJY?uQ^vD#-u_3^}=4RHN}BYt}&63xaerFHE80g#ifl z{u|YqjL_zzezh(ER9liZgS&m7o2<9-`Nt{2d_nB~`W@9Nf-F_i?gP}!=ay`m&J92e)T!R3>kzL!)gfvBDBfh8dS|R+HU&#r}zBuOVe_> zQ?K@DX0d*8^@sXHQ}pdQ+8%epTX1A&MNyP!R}DhW=W9?5XnUCfsMx)jGnHHNZ`3}+?)AJ2OeHwB!&;hQISlU84C zXoQ>JL!MvMhT!)4CWE{GjS_?6R3OU}9_!^&0DnoFMX?7vmnl& z=`$2)!Fa7%peB#KlB_+SomU?BfZ(KJ+~z3+2yPs30DNqMP_ud%&SK97KNe+7W^9~{ z5Anj2ZBp!VKXc;CjJUr3k>flNMi2&Mxp0k|Q=l> zB_ucknJ;%*GXS+R%wf8u@NTjoU=9h)NRDV|6h*c)t0TmoqNVU*-1X?I^q6}_O;87{ z1x>K|A@Vm5uiZf)Ob*{}8-tx#Hd1KFWCpPOpHxP;}8y40Xbrp+9|GszkaI>9*{fP>ZQJhg?FSHs`m>GE6d{&Vw)OE|4h=2nP8L za9Dxc;ck}u>Qt)j@|hKpz)ZB_8uXcDG^ViC{U8NHR2li6iZ4rg8b)j&+q-C&<$Z;- z3`Amw-Dw4{{%gkCQl2Cj@IbZ{`x%P}S3gns_;bM*?6rA)(%C(4I!_GKvP{h1zbu3h zQPoVS+vG!w4m7f{^<3v+o)f-i>Y0zekzhmFz@TO0`=lW=gJvOS3dhd0jXOI@bW)!m zXEjA|l#|G`U6;&bYGo^+J@e6@AebX|>KzB~S}?G(1n@V(lT1n4g7S#|&l&gI+=*l_ zb3XI5&eQiYj#9Y#*4`!42#MqEvID2LNth33E;GOeJ*pl%Wks@ykdc*$u^6V6)q>j4 zP7(w{?Y2_b8)T{|v%c@1+ zI^G_J>O*;h-&4)n>~8Y`;?TL>#`4_1q`b6->M5X)6?GWhn!Vyt%=MVj9y1AxrDUk* zXUb%Seo(msh*+OYr>n?MhTocTOKf#gB+Bf^MtPRbsHi14Vea-Cr%J5ZjG8tTJGGdi zoC`te03$1#=B?eW3z$>wbHBodSLOE%uPa;jS$$hvCHja=%jS})x^Jh^7SD&hw zwN`LehzsTkM-y;J%pi036s#q#-jjB1EY$Lz5h(lM9sjTy`+mB<63(<`H~|fb7M8!1 ztMR>mk;TDOc+tAqO`o6go#%5M`u7sx;^4j1syPlg{tHzy0Mr026HAY+Nd^Z-HFxk( zup^0{C7t!GOr~F=0<^3Cy|UaG?jg$#!PygRR;|i@f*PrjR_@vaToYf!uSUbCFl-M) zJv_KR^-qmT@C2?JFAQm_5L-)C);*drFyJkHTFi40;k18jiOK;?)Pq7X=0{qKbFz~B z31o5f8j={FDj4~!B@oFyYox0xilIa&r?#C=qHewAYxJk(0=-+Uh)*qvL=LA{A{pk5 zy1(GUNe25{)r(Q%A^r^BN#X2;o8s;1s}R0Et6G zzAFcDyJZB$98`fuexD$K@6WHs6j6r8rimkr62^UJcL7@{hqnp?mL&5WtOW!V0wnpd z2jP&%LPlY!1v5#4*_aZ{%L4m?X<-@jZn7LCMmm2KhkpzmoDGvswKDR#rpLf2kQrj$ z*9L)?MUBZ5W-o+ijMrpG9GVCL3>{%}HBrsMMj~W7l=?t+tL-Xjpq0c#tjsn<6({AI zyuH95QE!B|eT9Cs_;-vDdfsmFqG`R9Bm{aD%?@w@`#yyTEzr$|RiRb)nGhaH`T;7{ z?w|Q8=>Xq?pC4d(s1?Kt8YOj54Dvi8PB3}0PI?J z2Y)NR70mrvAggDq;1YRtDuni_`pY=|Z2PdKJt2@0yw%sYD!s%_hoR)pkq5}yaz5a( zRQiF}A&hy}3pP-m{YJB@s3P3&3dSyRLUb>bBS6r*UOxG;Y+Oft4g5ReL;ELSn#i~? zf4t_t(Nf86a349j=P1I5*=em|F5@ufOCOXP`Yqfw3szFGm*_}N9U;B0@T3}|#u3V6 zg-5ZMgA_hpPNu{lszm~fL2ns0AgC`mPSJMP@$);rzMVD-oIvU`zVd@RRi-R&{R~<= z_Yg0x44=w@EC=BSz<+{z8GO*WV_l>U{bXDAlxXu?Y83M%UGBBp{i3{4O7$%0w){fh ziHoHYIuCa$kb^LK#0<#ru1UMR31!!ods~~V#M_sfBq&fBVuZKAS?W4dhtdl%nA{VE zQx?xgrK({oEBVw4(79MbJ{dhAjx{Emj&l~8YgxH8Ygr>fdMG(?n+na=z%b10~AG&Nx2 z(ht(qv0Z~j#o^m|YhcnS+ic74OzJz4s*zs}ynDJ;uDON%HswjCTl%1Ul`EFb^SKQH zMSc&fPMC3pZ0y7HGK{+rwN(YzDunekjbP(KMIV*GVRa9@P6i`{v&Th-bXnxJ_ksy- ze?s_~N*m?2uJ7Y5W?zXe<8SvxG0T1w=HaiuacLBJud^g|3jv+E`(>4dtTj=}xA)fR z+YuzHz zv@ffp-6*ETGzBKzg>dzRqDtf?5vp{sfN>ZD0Vm0Cr@&r``zJ8CO0BHUs8WB_h#XEx z@3~#h{E8jRjw3ZU1vN#bN9CQ@Is90ul4+1t0(D3QAAr#q$NFu6L7G%0VFoHkBH<^z z9qk^691W7Ks)A9=GYnGoX`q3g`KIv}kx^FP_Tv?rFcHK6`=pwu03_Y|0$`j!i^~!Q z3K#Ei>8Fyz!uWMw@hf%p@nHYfy^k{xUm>*2Aow3b;{mzw@E|1!4oIX_thx(IdZt5Q z5Wh@JUUd%rS>*u|gjWJO?i$^)uuPim;lOToyAxBhzHw_;1I4}t{irQ-R6Vz7oBfs7 zHX~c=LoIFjX!NB(bfk~|Xj_H5zg!i%`swcAWjQC2-M1&6X2jZFu~$mwY6*{)eMs*V zy*t7`OWSGV@oxi>v(PS~{=iKI@~eY%wA@cN!%f6?;ayoRIUXe%U1j!lsiIIkLRA!} zK_1AA!9S5P!vU<++M`Nzz~caKG3?NT%_+JZX2~D5XCm3sJ^V_M41}5^cGbL?z4GQ1 z(HwA4gnzs?ZxRz^m$QQJ$SA6(oNb0c!=_JPgF>J#J6u^ny(g}2yVc4>c*&~Q<~-Yq z2QTK;(Ypo_mK8yf=_aIGHbHK{PfQUTVm*wAcTQ(d?bDFFoAI`#uqqP`N@|hp)$2+( z{m*_k)t+%<$%gE@F`)&zu9YwVUM8ikJr1oDyg%rSqXX<8v&;})w50Nt>l>X&!mKh5 z0hQ`X>lDLB7b50SlW6<)Z$xp2OfDC#>TSD}Y)zDWYcBW0TBA;eP@_)z2AT?YpKNW7 zW2BKu+@b=Z`e3GQ9^yG5sjC4jkHdzl%Gp38^bs^D3+6Er z2&IPoVJd`<9g;py7lSuxri3~_Y0D?xYKu}iI(qVnGe7~yhWG9R5!?z#VrbAg;dxSa z6tr_bRduECc2JjBo{T|2}*v!9JJyWOjByXt7{ zTTUEK(8lY+{E!81A`{RjgB;L@BhqWIPKc}2!+D7Yz#jmKejO8rL0&)|BFc`I5X!Of zIV|MXawHDM9f-3RKow7NRDioHtIqyZw!2J}IUdGI1MuzNQlej@T^^pC-Es>O{QYA8 z0g*r_p&Kl4A1cdb3GVa8rc|0>%QyZDa4`kLMS>cug*Ikyr)sX9-E_#YqbwA555{Qq zIHvN&pNd~Yr!W&)r2j9_g#`ox1Rw<>DfFI!GW|Dh^bcEu`j@Sts6CVUuMcVc+qCAg zZuWoKr+?TQ=)Y_Y>atVue;s`NFJttieiHj%qq|^#*&66`E~WpXXfFSAjfP9`TyCr4K3{tU zSM3xfBlTpFK0ym)?X&=YPevIQYSmj9ij}6dJz2YIIr+x#Op;z+K5kMSj&PJrZb|lf ze$k~I8ssC6?J-E;)(@Ex4VJH+2E-tT57gS_A*Sv94;!Ci}#Ja(jvUz*! z^nF8j`_kSR3i*R}I?2x(zJVP}O8vszMn0k){?*+YDU?59-iSv;`9lMEP&4^N!WKVC z?OIjqgPF-6P0ezk07Q`uL6XlCfBUnIjP60<2!f1Yn}d09)XntN@4qw@YPO_!Q@#jw zNrqNfwdZ<5HNOhiKc{V@=#P@g|6>U@rGT2iku^Ns_Q+g{t2*H(L)TL>K7rm)wf#m< zw*7M*XTO7*)kAbYt#f5Oal0k~*i8Gh$=~z45_szxCuyr|bUeGKj=OHzOm;O!l_ds? z^*Z=Koaut2)a@KYUoJjbyB%*au4Md7ROJg;!q4<--naBrS0%AdPw2@Ul&lA)xL#)U zH!{2#5eCT~9OLT^C;E-wiCLbzUs0BF(@`OJnBEE=$jhW>55Q#W4Mc?2=?HYQU@6;t;6p-1=6ENyKXwp1SYJy5oDNKk zMeP*8WT?fv6MywsS8rmc;ODfc=VzxY*YH zDAY^QlubrqhfEc^mFo0_A;X$e9ex~v-l4u``ZXo%38DFZ=GJo*PyoeqQl(u<^ zb?7_D4{n`eH|c7H?saH0W&RMWHxAmO$#-XAz_SX0)}4aE5;(H-3W5x8L)8*iF5&n3 z?*};TPlHlWsXRA8Kb4?l<9oxfi!L;$oOsP#b|!wY6ipdol!@51UNm8X*_1=z2DRm$ zE(S;%{kx*p47vv$<9+z=it$$&SnZihI<67bLbKn%cdc&E+#+U@+5_@qh1V$ndxyK- zjqPC8NT#zpOn-FUqhNUBLW3WrF3H0Y3Xq|2fYspEGO@T%W{WHmA7)sTYvswuWxl!z zxvu3r3UzmW;TO^%maz3}w|QnQR`Us+E#emKjeHj09nsB@{G5}I9=R&%pW>59BXC^Q zeKmWedwtqfapzh3NTm1zb-e!#u2FYRSoQvZL?#!Pddr{YN7a*-p;#zku#Xj%B9F-? z;~cg)RT2o<3>`Ma*d9j*`w~bu%}Qiex1oW;CAS=&G)qh5C24z!_HyavYt3`dvEka7 z`}|dC=v4cWY&vHUH%y*)mylh3L`U^d7~eu^ST;~>9R|T*`TJxQT}q*+)`-XRsjx_T z!w32|e_xnaqUpGzl&dY|Oi_f;)rmr0PEt-a2IYa2)NYc#wCybr*?PzKTwHd1dYSIV zMXy<0%=pYe4|c_V67Heq9jx1pFGB4po!DxAZCNQ-qv!E2#oeznhE3N-UsF(v6Ff&y zR4aAD0^gPEA`gki7gedn1ML&%hl@kUiy@Z@QQHUZz8rB;U3KRMMCd~VF5}om1rVR0 zL$DIWaqj_WinLYfb26RecGIOCpM+35sB23 zM+JAT-uPH}a@V=a*v!t#PTLr*R{of|dwuA5J^dm1a?5ws>Uc=qL^ z8;ct`|Ae_b6PYDLCS4|DYN+n3te>FEeS3%&d|QO|WpOb{meW0-4pUu(wcWxZm}@y{ zt6nFa`PZ)C&+CU@fgvq(Cxo>6d#V$RNqntDVS(VP{6G4FTvoi&pktelW3d+a*V}}O z18Hk_8DZ$s44jK*butn3*fBicO*9Rai;!hT{1Oeyp*8ByR+`}oOIG60+T0Y9c7OLu zb6mrCl-CE^XpT){hkPG+>6c6?@2rpR`u_U1roxr*W4kE`&Cw1@5C>E4K0QsjF6CiM zDEsTe7%km}I^K+I^A09F%d1MeTBCos2&9J3T8?*Q5~rG{=wd9h_X9uOjTQY`dgJ@_ zs%VXedYtQ>I{BWH1K00EK8ClzJNQi6Oc3#m-=!rlg%#fS#;YYOISm9y-FNB7dqGNc zzl7RUuU30bG7;+CAa+3OOy|Fs$EaWBp}D@ylrNzv?XmLAT}y2cUw_7nes|sJaKiP<87Mrb8YuR++VbGn0{tHq2~?st;l6d zZ@4!%o~1$mSk8^od~1GKa5FeMbW|T7Zv4o|ss!kGy68;-eOk|rRmVBAp!EYN)Mq5l z@t7R{oMtq5WBuvsZ%e>T)b^*_UW$ZRU1XsZl}-{v{!v0^X>9kv z(3l7({DHb_|4{WDnY#QX0yd%b#}sCi~uH9nM?Y(V$vG z_R{Pl_}S#scx%_Q)xZ>{XTr3(?8dHY_xCO;70SKV)wePRPlyFV)%oy4H>AjLr8x7v zK;085_A;@Lp0vn+8~QkU^XE@ghiUfGUqQET=juNSuVUu2#3Tn{rOOl^oQ(r zX9KsZzaDSlAT-M|{N<&{3jZcA^e6D`OXb&6@PgDCHhxYk#d&xdg_N|*+<98`=NyZ} zgk9Eg;H36k;@G(@iy)^h&@cI>RbKr)mou_d=p_-q_)aXDRe#|;>^ zx5H84rHmq*iKp7@0Fw6#h0)O@C9S)C0I_n9sa9pf!d11l0@uqkr<4Z-Q?qLuYgVFi zs0)j}uy@0^x9M|=$s&^I^)0&KPk!~DEZGz9)GRgBFc~OK(@*uaOKPrbYbx$bI1i{| zF)HsuSEV+U4tJY9SP_&jP)v+b^T=l=kyoX`z`UsX)srvy|-ff7zOqS+qQ60 zuIc5bLIeTlWFZd{CHk=MX}nL_S*7Xy%34N)39220RH-J$M_@>8g?##NkJk+3iax5w zB-7Q`^OjVjiM44Lse_bwfIqv@hv|OyEk}q^bL}=b*MRXhxLE7wrnOSYW(p0_wv(f zi2_-Hg~8&SS&dHq3SU5GAgw*92LnN$h6&W3qT@(gIE%qjnH4)f_TC1BV&xM9S_PU+ zn$M%lr^KmpT8i;0|CWz9=$px-!sbyvu;Y!u;^#uHKm!Ck&VKk7q}er4^Z^ku)IKn< zTp;{j>*d%%qvMVE{QkDs{UpRAC3Pw8MknXhOe!+93Pd!Xr$oV6fSIBaMYm|e)z1Q{ zkGl@!>Y^Y0kLv_)3Xsil;~_>u%i$sK!`>_HUO!G#O`(+Jx&F*1yK+J+UIOeeuZdW5p;#qxFtt%^EgsB0R5s z0eXDksMHBs^WBa`Ik-l2za*$tRp6vrj~3l#8RF37?wQ$qU)?tIll(TlT$#bnn(lsC z$u}x18@L~0C}GX8>S5`mmaP=wkS$8^0V1bw*v-j#kin(z%FXUxt777R$v^tXtpDS^w1Qys@0^+ee#@Q0q5bIqhkXMUfz<%)G!c zL2J5I7_J1kMgNTA&7l54*#A@|HJd7wL6C06+rqd}X?Y%RzO*je+L-ulLfVtX)v{Up z4dH%mkIS9rLWkxXg}b#|Br$S6eGgSh5xoP1^j$GuI(Jp5cV8ZF=h)c6lw#)Bc&wr9 zxfB^0{K-QS{py0;$wG*;FfvYTPx|KB^VECb5G|jCw%KMXVBs- z`bR=0;^fIEX;;gouA|V1N#k))cXg;3v7P%K40cj;iRJn$_K@V*+QByhGIsQY~HpgKuZ(;8F z|l1UkLfzUxL@CeqZ_p~nP~;sZNxn53%7_kWB(`20`$|BT{i^n^q*r6pZF}H#``7W zGQ=;*1qkt@eiNcJpLS&DH+Kw=m(7LY)9K_e-$w#m8-txQW%tBmX-QICtoQmvP(qi= zxC9-XMU!l&orzTR{abe}qYJIGY3!*;FnKC4`m5K^oAagbcfw>0vOwTC!2-sN9K42l%}(Jc9BQEL{fDaP6CpRd>6A^jFzucsMi-a6dl=S>r@0?2a1dr)gR*F0J# zBII~0s+%o-J@=B)k+DT&cpKKM`ZEg54W%88b@tt<2+Z*IP}HfJjlj?UIu3}{Qq;L1 zzqVdccXnOj*tknqA5Kdy+f(Szjf zKY6ponD1&2xyfdwWK61?QLn6->d1!IeP2f#ShSC$hCF9dG3XzygSc`>9>K*Zs`roHc=S~eA zSS8K8;hC!x=kXUGk~o>;^=YaqyY*UC!oc z*M{4T@=S$?*oSH(35+A=Ebhd{W=Qg7$TNEO!*=m|j`^5IG_f3^C>)aJURu9smZBR% z?psh?{p5;^=t3CfZB0i6J`euwuP3$;yl_f;)0mgqK6gyb>6umwVJ!yoWa!pPI;Yv; z+rhQB&eqw80x|TiQ%IQ*-JF29AWd!{c_I}#(R13)&VZy?ZTNS3Z>e2ku-diR#@uUA zHx1PX2g^L2CgZ6De zMHxb283}RAQR$dfrI$dg@oO(5*!k)r^zBO>K!2P(dCP*T4Pu)VWHq*a=83u(&seuh zhL?T0y{)8Z{5hOCS6JCYLRD>Fb;75G{m)92<~g>XgPQWAL)NqAB}t^+J@1+wHEnR& zm4bG7d!&dGIR{DzZ9?o!^bB1RQR$qC5H6a@tYh(J?t9HZisz3jG`V{Lk>b_@4W>*3 z^zB#&dEjl)Po_Am1n@!~LwgMu-RX~b;9w7TD~3*=M%qaIXr_}#eH%1bQZSAR&43~j zD)o^(^k!W|C&$QTfR%TKX0CLymX@DZK~&ncKVY#+6AXI21-Fg!-<#KLPssz8MnckN zuM8I;jF*s-uhFyjjgmc#Z$G+xU$onBEk&pfTbIFSAhk! z!mTYicf8aXkkOtkO?^{EZg6PiOF?w|%3_WXBP^Ws$=H@K@g=?V7>lvN7Mo9|>~@*E zN~ln<2}bO91{h zze!kqQf|})X-kjDmSoUEwC9e=+xqa%7bNZE zn-okDM$1d38KUT)x7#;?T2WQT${htin~%T+SyhMjpL>vrtZk7*+Xx>k)6HVY%i@lx z0MB}QJG1VI7Y-Ex*vG#&ghroxdAq`%iO|sl=spl)xMG*`SHBD)B$P>>KOEs9LqKR_ zxTdF0$;IAcxo|J6HOB{UzdM2(b)Os>`?(_UW}=Bb^5=BhDMhd4(P4I|b$qb*8I4Kd zU7itky9)P5&lW_zKQ6t`5?$MFpqf(dxS{q)@l9}0WjeQNCB%zfa54rF5?Zq*{E}pr zDLnC1&u2a7!5ddI-&WhlEY6ssz}xKpP#Ruf-LGGaO0TChyGyFc@4pU&Xy^RiJ#<@&&0(h3r%NtZZROA(u29_B53}d)=ILJn8x62Jmy@*#ms6AeEu1zk)W= zHjSCq^*Xpupv`hx+tT`sJfZV>MqE^W;~DvzPLnIqeAI!_x6U(d$Y~cbDnT;{pgBF? zhH@2|gCZ~xGf05p>VIUokBYVn&A!h`(W!+7SeSkqh8?B!com|;;tVpW1c#H>R(^O2 zAij(&e80VuSjqXj~fv%U^THGTd7dBVMV=EB5nE!6L^_3qfj#{I;;Na z?D+yOG!%4+y&LVy{KB|+WWV(NJ+GyDIPp?{t61A+|5tGqt9q1VCyEOj1K_W3CjU@? zxDHu`FZJoC;rrTMsqAY1G#%?I(o`&S3Pw|*1LpJvJ~%$WReMCFvCv{+G|nuy;ZBr$R|5UNO?7me<_ zcy`AvcViP}=;@~1h8`%~)mA)g`4nmF-^6+}7A}*7N({HQ@8qzP$Mi_qya6`&AtunO2fPUc|@N*`e_Ka z)IZggrdCj>RrxGlK*t9besDzdXD&B**o-!1Fy(VuNCC`-o5AW^6E}(a!mRcFhL;qH zC1RI)nn`@Tjqb~%lu)B7?67f9rB?Zi;_Fmr-e?Y27~6QlzSjU5RH5B05M0fpN%}5Y zds~q#`o^^yaUir`ODmvpQKV8n@}^C^fs#SRMS&9Ow#Yg->y&M$rKwQmq-;$DAcKEK z9hY&tE!ViS9^M4DXEV%_Etq5r;KbbGjEIq?r!thVxkD&=V7O4UxF2ARUN_(Vt`$Ev z5V~O=V!`swM7!5rl1213Lt6?mAv}fl@Wc4|+EQ;v9Bi6=Rt>NNye)?SDiP#qf8a1_ ztI{6nkKMVIAMlWhHwb?4VRQUS3(n1UUgh2_*VT_x{W6e!$@~P3%*VjOMi~EUS^Yyd zh+R9An#Z9SxLK(2dEkm~dbJjt1HnD>2)ed!n}ISa(6{=)gCY#iKKVT z6x6{}!~7cs(_bpU!NxMeUhGiL@qpEI^qJ&`iczBxcbd0@a#|_N3|LE!vY$NvB2$^=EeE$G^hoRrK4AzvN>cU((o)S z5@yO1#x9wfKk%v^af@&GhWWP-Tw@Y;Z*qQ531}0VFy!}o=y&*f?pM@=N1j4w4o!hj zwlX-Z^6g{!xflfTcDE?g#Pvx}H=(Xm4Z+A(_bojEoC=58V_(@k!ZloCx-+q=iPd8e ze~;uivq>!H3Y&TT|9u=wMPVSc$C z7?U}Ktbej$JJd@{hfk?0*G=?6%Ox9DHPzOtg+W=vAOKx3+i~XG@&?(E_k)=|QuNN;=&k!KUZTPPDsZxdfJJz=g^uBsbm0ejq zmg#p^2hSJc_f>;=9YKp6P>Y+PQn~{V$nJE{;1x8bp|X{jPEdXSlH>5Ms&&JC088}+ zh+6BrD;BLhW3)Xe?fqE9iw-C_GfsG*s^g-7tAIk{sti5<8!FVAK^Q7G{HY1&iagwz z*c*^-eqOd$zw(E4NB4RA4|^{{5Z2(0z^x~Yrr*Bem7Xk`iJ+gP`C^nOgFYT1%xBMk%+%KT-IVY@-lhY4)x^Xd?dl!#%TvHPx`F2EDD?C-H{dO2e+ZC<(_9dubi`9qa%`TByyYy}D6 zpiQh&lz@TI;|EQanlQ4xi`m?j9SR7k0d>xR9R-xmo63pTZOcr% z;wde97Q%cKi{l!!(OY(}*Kn{`>F2*0k<4AWr+=T{{l>o%7Fmd?+;-VJQsK-3+`2)U z(%-)baQJ=3!@0wg3$-_L*e&e&)@S3wxz58s@=f$=6G%gDR_WSrigisdx5pbo$_3Bn z6d-Vsq)H||I9nGrwh>q-&~eV}6qYPVgSX=kN*qEKOS{HxUK9lYXhPrT+`G(jk280j zY-$&_F;{92SGNXgyn?c^wVCr5>1A&5Q;)K9t{%K#tPAR9>ik@jZ763W^ExOOl*>&= zhlKz>%xWn&JFbtA%?J9eIiHp$pN)=`VMcqv^y$L!_ZYH}`+K6c6RV5W$d2DP^}xWZ zMhiU^AkeYx5KufTrPDm^y`@|mk?H+|KycQhCw%hor1uFTn4`z_&R5MV;*(n$kGp~Z z4$&cOb?Ag7zrTL{H68?*W1tp6`_fp}1L^3fHPqSIj=w-w$F`%h2plIHjQ{|<9*%*b z*ng}alNc8Th09pY<-IuB=nJRZ)%Og;^7#Kj{0kU+mV%&99pk|CH=(~M7+V~>%A!0x zM)Pmu|6g5y8W1Hv#|?-X=`2pu26{~gog!50$N$L^%1fLHt@pSn$8wTf5T$r3iS{vI z9o~GGAkNmmCX}bMF0I?0BzUqH9X3Pzy}Vs?Dlnp*b8~B(vEJ1~x-3Ax{92W}wwQ}Y zNX2~}i86*0rw0NMkAX4FhNYyN*HkZ#7gyQ%HHrw5`X30T)SPr$s5-M~Jg43Ma;Aq% z@E;==p5Icb154In3NUeJy%VmX)_AW4I^R~e_H~|6kf}`+dWnQPW{HOP(U}dMoLPc6 z4V>u0j&RmLF&Jy94svXRqTmeH1Nsnj?L*f*-IFJH_E^Cm=7nYmk#k+9bE@Hx*=>8Q z=?MgCjaMmbT~G0L7j(9EpB&XTW${7Jy?SN=&6yEpcx9zOc0Gghzfpr#6~LAXcWTKN5h$?$ahhSQ+~l|Ha3FQI-Zsb zRH~{?*d|$qlT_)jl#6=?zUke?atK=4$E?VCP)#+AaKI)kIMJ)qWXQ#A<(8`L@;|Zm zgo0i+>w9&uKxQ77?=1_>;ZorQ|CPwc8S-~P{yrAL9Fv@|XZsa=h|gb7Ej^L0q6+A{ z!{=;r(h*G9Qb6Xrq1H|JkA(Hr_-X0C$NvMP512C`IymDj>*a<@{{cTf$Us*mivAj4 zW$4<_W0~W@eKK4q2~9aD9Bh6q`}5c0j-7*c=Ec0bw0k@yn<6LR-wQoaHxFOK`U3f` zD3nt9`|FCijKfv5cDfpL3@!g9`71QUv8~QQJ0_)>J@>ex$a*EUxK(g;QU}F#CFj*S z;xCWNJdS_8N|Xmu(&k5+P{ER?7*wybW@~s#EV?)l)sijsf1ID8LrH}F#MIZJ)vap& zoC8O(fi-vT-db(?E*n*I?gUqLv*Rix&P+n*UtY%=BYZ3;^xZ>ICw-#`qR0vT&ph18 z#yxd)fR&nYirT*lrA|?1if}20NSU4buWV5o=_xV)3tRO+&QfPNwnVK`3_i(9jcqqr XL5bmx7K6h>D#}M!+fb_# zI(x0zW8Kp|-PKj~JXI5}ASaFphX)4+28JjpA*uuh23ZaU2L1`=4d{yUlFK+47=nF#OPAUIPwwfeyE4ZeyVqqlJb7cBoNHi&|?HPnPIq?m`M7#7B9NXOAujo z?KXg^d$Si`20UILB5W`UxOEj>B96D~-C(OpI`N#uV7ZAL>0bb!4K@6~;Jkr3BcqW^ z-jJe^OWJs1PH)1&>KO&2F0tcWcLGzX63*1^lnuozeL~@ZbB7=Wvv3OYc5rZTM=27t zLbMh|k-ow$5!lUtk!5k#Na&U%?mKTDh*0t)kxv{=J@YNx@J;?|H5i91t)a@?L(24% ztGjJ!YzQ&I5Hsu{s01}0#ZvfDs54&2#KM5&>p=uc6d5vK=2D=eFiw3F)yP;$htB+%t(QTK$ zZ!^DI93@hO;%xHvCgLde!e>%_aq3gxV^kB0yHB+#qd1npS9q5sfN>x4-sweODDr4< zKQc_>IH6}Bc3(fO6MxwGlhLM;eFQa+ltFCzd2L`p8%+(5ObDxpJ7NR`Nk z_Sn0j;Sa*&m2oCC>t9TRpA)WEOi#Nf6=vfJ2dUkm=3=d$E+ka7Rc8z^%`1IJVtJ>3 zt$Edkc=}wA-;+M@&W1c$g)?*^88FP^9+J5bl)ZI2#F+N0H>ApUb93hVQc+22%T(i5 zlO3~4{2Y>5&YIvJ!xqyXqqpgO_qg}dl~sQ$!ZZwe5BJWA@{#Ox&x&-$0Ap!xVh$H< z??&wT-UFTC!G?spVx<|{7i`tr!p`n=)|K%R1MKbM+O@!aMy+Y5d?+&*c8tTjbqKCd zX#mvi7ll9`S!5h=7JbB>4TMEM>{Cd85)9D*&NwK_?p>BuZtOsFeXJB@DM4Hfq-j4y zeU{lbF8=MSB*kz0fw*==I&aj0vUbRonM9`$mw~RUECD1GK@mSt_WI$A^GIO-jBNYBpMz5xV38A2 z{Ei#XBwL0RAzFkgXKz=f4u#=Ea_+$oS|?;{-B{a7mxD4(jQ0Bd7l>fJC z33^=V?w(nKatylu(rT@8RQ{a<4XWu-@1Af@#G;LBJLu5WGfwQRh;d-@D*ow5H^Sv8 zz5doypGSOusrMwasJyUNU2ekM26#C^3UaeToWh)MZ1|{}Q>+&M!AE-z>+-Pb{ZU zp;e+)pRaII+DrSXTrh6zTmwCqKp?ptZx)vv-VpN_n};OQ>1;E-#`mq5@9ZBsW6Tq-01gX_D4eWm%y_ zMY@!jEj3O4qf|v=idsDJ3VBSQHY9G|QW1FUn0h z5c5(eG*}s}!L50Y2r9%Qi%kl8r-y#gPR^H26;4%ElpN(|Wb=J&6@CbEDMBhVD(Rjc zoYpLKRM`14R)iWtoXm8!)xfI{x)8e(HwB+5w;ViH>aRqTzbE&pFb-?$d z|H}F*@2Y6e_NPG63Wt(q{*1)&z|Z)%;>&D;h*pS(2&Q;eET7nL-m@|zuw&p>a`0Nt zn&lg9nkAao&F|(bRxypv_G{?3&EF=TIkvE8NRAg)<#9|t$RfxH%TQ2i%g)R2r)#D5 zrDLTYvv})&U@}T6NUdPEWIo{FU?(=?A8zY=tc0EmFo-w!Hl5qM-d>PolDj25>@jSn z)}m%rCR~PB_AsqtsdrE^tvbzN6~>N`PM;plu5PWUt-gS;0JlKrQk;>V(P@+S@qxOF zI##huQ8kbIQ1vkN8v2^;`XdrI(i)N&(iIXwJUv#9sNK+Mc-JC4{L;=TPUCF*p}98mlS%!pFRrLg_L2RjfmKx95EvO!7fpG~DK$J>@Km3b zdvPU9iqs0P9W@v07qNK-mMwGvE9u`qzp#$-Sewk(I-Ojq?zQ7~;BMi1LwwN>Tvaud z*xnww(TvyRseMz6UVF1ey_LU7fN23&8#LPdp?T7ALChr=O>swMyu`BbIr}i$)sW#%?5FCgvV!8NfmTW$LndXfv>-~WF1GhvBr;5v3YH0yoMgj@4jPmVO7w3w365h8GSQ2Yg<3o3-B$W zQDi_(cA~%3YH~;Ikf<)UK1=C6!1krvO46luq^AQs)C9F|{;ZPwUisi`XFmV4!Ng{m zoq>uGoAG;nmuqij5*{7Ax=R&aW2p_BxAWe9qh(=vv&OMfhdYBwg|YQc%c(Qs!RQP? z@5Mxg?6~~+`7jadLh$F zes=jBf1`1q@SbPL#cPRXaju!pRNb-O)A`CKaB0}$2cD$tNoKfb;^ zN6nM|cjK1}NSe1cga|ydPGR=N*VVmiL*#Yj1S zj+_k_O@n6<=<`%xGV;ID^K-eCp8o1IpV;eQ*)wZNFJxWf;dwrc-rn7Aa5UIq{EE!& z+YmhGupe*}yn)RJAZqVvQt_QTa`;$gc@V$y(O2N-_OzO7?~_!wYHV5bkfh;GO-P{g?ynE)}qP zo}Jm7cF(2DF1u1Z%=27YJjRZ_AoAU#@e%e`dj555e#Nq5*6$hUQN^Ei+O`wC+q={8 zS%B@i+{^sw{8Z1!xBfczm(-*!LAWRWqq9JK2D+@*oI)(v* z0>=Y`1|5NeHhysYzmGqFQ-eYNz77Ef7HSR#^=BD5(Ejxo2ijii{IQ4p90K+hbcP1n z+_EA5Dh*kl4f)qG_$SakFd=0TNlDON*~r1f#K!THt<$M`mpteKteu3WBN!OgyVng| zQitI5{&iJ13JsCe72?+_WgRv>MlIVv&tAoz?$UZqa z*>M8^uCA_(t}KkU4rTx*E-o&>du9MLGXtmugQL5RlYtw9jU)LV5Bcjkq9%?;4(4`F z=C(E@ug^6wv~_mkBO`ll=wjwg>(2kIsp@FrAYy9`YSM}S zpXvIu*?-^svm!6x_09h^5`PTy@2jA3=7-}2{5@ya_{PQ6wW779 z<)wb6Yg%>YxJRQEUQA4=^H@|A3UlLWXT-7Z0gf^DE%q0dEab&z7PEDq6Yn!m7Dr0| z80avOwZ3Tlw#Hz1?3i!5mJ_B?9|_n*p~ApWNgzc1U{Jux1Yb|W3ZT&9^rLUbKz}Ky zntxsXr;L@XA5_d02r43BEd0Mcy_yLet(?~HGpIQhf1cIGXFhCVr0aSz}9`?We0=3cE2PIKm3MK_ALcvT5v4-OIa?GH!*ox~lP8`?> z4j{R`f-he2hEn3#EKzMbdAE0lRjPSEimhyoxA%3Q6MWipP)-7S7f$c3eHdQ)%tnlqbUSr!B zy{6JPVq~&eQcW8(@{2MQ7iOe_?VUkK1Bqlioc2noag zJ-_Shufu;#46BA27bO#c^$~)fze<0$`ux4o2Zp@G6s~9+U_>sjdBre3DJcG1Z2WIUK>`)gD*HOE{oi1|`;UamzluTAg1v0DZqq50mp5eR1QVpT5iY{`)7govkS*vj zZAw|J#l~?`CIp_BkSBg}aXwS^J!rkR_WfH`B!wosKD(J}t;xdBe&r_n4NP0Y2Tr$B zA)=F&?+A$u=}Xz_(Ri4C2)GF1=oRLZY5`MAON7g9?%fY5Btj6Mrb;m>V!+Re2@Ku= zEl$IJ{AWoBLVuHzE7&~AxI1W*+fer zlUzmPi*3^%xniVwDt_Zx-@69l#hWSWKL| zfX8mZ3DdA#s7um!c5s03_4S>b>FgAgNM_97jjbH`b`=Tq24=N+pp{RErSAW0T04Cc zKnn)*MwJd2afC&q6m;{Ww>LPv%etm<%^g+^ZkpTqTzLPNHcYWTyfLo z5)7utvl9?$?9Pc>@0rbi;^OdJm-_!w_7o?W}Yc`&2bsIYb%&(yYi zeni)`R`?-KqdNg<|IIK}%<*xy)zy3;p1fYBwn5f13v%wXF-$GMc`i(D)$^G8r1uj2 zW{$;(liPMto}2355>EmV02&-2vafk+0hp~Acz8peUnnHeIt5TcS_({W?)eKWI%Ux2 zU_zv^4@LlH(aUnjQgRU&4*(KSh3%DiHCHR7^GU6&0Z%T|Yv2QE8L-J-wP~qLJ;y5I z6oTJOMttlNFn+HUu;HXvJ4=P5BFpDeG6^hvSbp z>GQ2A^5~UXY}n~Ti$d(!Xy>psW?9`2S~8*vt`WC+yaBn+!JjU+?&|3|EQ}lzgKh7Cpz-g zl15|HiK>f&R3n`O0Hxi)x^Yd&U0oqIt@D=P$jQ}p%iR0^FjOp(*I*#d;k~1&b>?+H zaZ!pJA8^C<_%gW79kD3N=l&A&@Mx(?qgzo7BVb$D7^h5uALMPs|QJyjmvCn1Hl3ZKSALHSKU(WSRM-4p+T7(>o1&{B)4r zSslHgT6MSMX@f`bGp11%nJF12^&Nz>Xq9&Pmth5INidM!a)Vhf)fY1pr&DL&R;TVM zDYG<~ZJG!!LL~GEt9m+IY=&~|`4v`_1BPL#V~U5x{*U?Wahwbz16*r>( zp&YfGnBU8kycl^67)a8&S9`MJyRNF+a*2RM)Hb|fV30Q_;V4X$#eGE|MO2YxfrrP9 zrj-BwlHc?37P45^8?mvTLW6vPvg&X_z!KV0WnQI$c<#1Ly^4gMUIuG8o;);aftk5X z8`AC2_oLdLP97;MAuISHvuV6J2I+qV)8bX@3(-`h#=kNYN^F307lvP!KjWSCh7NpW;W+);&LJ;YYSxkRLRC9l|;B`5)Z`Pes0xx)f zwBRbx$}caGKuM$B$i0{kBL~l@@`*{FgG!^qTzM{xEr6}mnsy7os@C)!CBcmblYGl&U)S)f2_zO}mNZa)>^GZIpa@Stv zBHpRy)si`BfKe+DH^j)IE``S$0W+VZ z+)yRrazK8*+rf(s4T|zhq`9(mU#MRg%n;PX+v~M*Z-;2;|e;FzBwuj4_?i3 z0mFIY?;g;daq;1IcjK$yaZd}pT!qsu75e z2&_Cy>d?$6>sG6sHSf*j2qVRWMFg0}J0{)vxqXD+D)i;3mK{}_C-|Ib6zHqke81S8 z0Bc~A!wbySZn$Lz^xaqZB?hq3TGQgY-7zQHr;R2w*jOWtrg72KBCa=BOlJR-$Q;QM z$O=EiZo{x)U@;xRk@zAb5J5OtN@n6?JPI+}>IMf8d8qyXM~I95kK;kIj7|b9T}KU* z4^ZW@b{A#QVk8F%knXZ-Of{&WJP3ViV2DDuFW0b0A>yu^oXk7?`OY!krDwcNkLcdwl%L7%NqWamE%e+`uch)0xR>wYF# zoeNW@VgJs}jdyD-YI~#vo{$GCnY=g2O_)-(VQxxSl>K5JW)ZXRQ>js2 z3z6S}i^UPVlyc>m#eg2k z&mS5NjOG6$jq(rmkle;FHYB#;Myji|KPqnl4kTnqJc-@u3c_ya{lSw(@YX9J4am z#%(r$F_@Xa^>2V6==BZ+9eOijEd!i?WCy-?t$a%i?(A4LTxB;~-TmHi+g(Afm5}2Y z>hY|f=F>t0b@|7IUw)$ct8e**n;i<0g}5`bsaCF!BG0Z0cSmQGUY)fIrNhCQtlU5{ z)F^1WLV%_NZV0k~6$z_ilU$}wMn$bm&-`Shun{oA1fb&vF`90h1c5zyz9rqy3-f}2 zNn75dJo_yVn$>!LU}IfRWgf$Mb-B*4XRd!I$v>L|t6ZZG%Q~Wg+>;fnTu4Yr-^>hq z&VtO^_huhDW#v0GV8-K+o?7|4d;UT8e^u_;AD$9lCCFb&&Yy>xDOqmChHA8de)W$? z#A8_Fcp5W$>&r^%*p0$s!XF=XyKBu(vhCJn;;7`cSk%5GRA+T`fR|f+u(MN8XD_wZ zI*#5VV3@C4Oy3>9yXA+XY%GO1fq--~YKG$x39-6XXz-`QC{-Z8=MiN14<78%{H-in zZs|2tS4q*yP)Pl?GtKl5qV!g`x_N#!*uSi-_N(!2a*6#9aP*g12dx#z;Ll-#6tKIq zk9$8F{ZSt8F@vDmLu9xJNvyXIqyGjl?5_Z3An0$<3bL)g5v;z^Ylpzz z0ZSp!QvcJ{-zQcwuh2F7|9j~AAMF4-nN4|heg*4M%C+iBAfW#rx^5WtTB5ifCHDWU z65-SVf57pt5rKh_zls$_(B_-$$=iHih(5oQeq%jf7r%GLcfL2NuF-PIyz2yZb+8lo zcsJRPM?od`)sM&Z`1G08dLH9v(ag>0_&D-dCg1QRok}rSFdXL3w(*x>Gx>g^04P|r z9%^YeYuXdnyYsCayS1*iSgCFI^G*N#sj~i0D#M_dWDiK}7fqyCKESyp&0;naXX}R* zWctQfLhz~z{I%l}^waA-^a1Sxyv+(7MB3{;WXaD(VOW{*){cXp-~A|42P`KyJMMJ( zfkV12E-c_jVAAz%FfuY$TQ4+x+5@Oc{Y#ZwzAADdIry_;vGlMmwOk?S>6a*2Sha=4 zp<;f|6J6fWi(xF_VDmjOvS=0U4L*XiPdbU5wMScr5uMfE(v(%koo_jKg<5%FK8fgp#>$fRJ`b0`p{|Q}DRF$>3^Dc|!4rFj;GQC3dl0mL6wGxGL zd2`<_bJxDBK5_ZU>^%L=E?T*KrEbW(tI`YhqnaH*?u}=^Uz#;tQ?dtZLw)tUOU)*h zcJ|s<4SLfQS__o0YL=grasQq#5_XhV2Y~UsQd5mFF$&1Mz_W>d%q!y z-50Q2pa9~jo~va3t!aKlyspE|-|H}(x*W5dN}fLmLRrclpim!710xuSUjR9XG65`w?&cQ)H^t?u{df~(IpxW9CK@34s~ zcX77iZz{GhnqHNv@Uh1li?MwC>vQ6^{UbKkHFRGz54dvCKHtnxlx;kd5iPJMe2T<= zJ*ZFfkyo9O!|jq9$LFB}ZgV6xWU76<2T5!RM0uFpM`DvI6peYDo_ml^Mv)WqM;YqI zqvKL_e}0#oijF_YPUg^Z`RESgv|9}if>V}CR1w~XdbOq@0mQ?`!|b680L`CZg)&^- zye}P0)V8)+Z{#u$VcgI2*(4f+^_OZ);OngBl%{zseo;?{(wr}%qmo}f^O$c0yeU)Xi0@6bo-Rv9rd6#m^OhPEk7%?y+sb{<>O?_2kr><|HulvW z>Qf*o#U?s-H4d_Tb*|CY`IfpLi1uO)2C*~9Q>9xW$pDeN22LQ*fcNQFNsK~s4PWer zK!HAHIG^Vih_|72)vhNDgGIJ0#QM)(?O|vxNAvZ8&Ii+H$_2^#1%9aY^M>syu>&+vYc40bSiuXS4;-!wpGXLmH|4(GEOtc0=Pac*v z97aw~4sY7uj7w+X51-&5Sajj@%|WpmUJ$X87Af|1-}BmvDwUB;PA+m5V|M08wE?)D zt1IT9mB#@e`;;o6^bIoO+sUGtMDh|&?*{4QC7DmUJJ+r!*DSbVJqV;4Oql>Z?gm16 zcz!;dai;7~y)b&wM()yHMws@&fUo zHZNBPfEqcO+si%lmu|NR44O@%9K8-N1Lax)L*^BA4n?v_MdQrD=iWs9-s^JjYf-&k zrWR;AoAeES3mDtVlW(YZHv(aBwkVqa=xI`xOfH56y=}d2RECS$vlk49Y zLRH%gc}z4IO*`;PV=8R-;=*Azkt!L9ap0wdwoK%Cs0aW_TmMTMoOqG^dPNS7m|{zg zqxR|2_qP%3_Woa_)w-rTme%GQMi)&VCppghAuOvv{zJtPT@v{}4!mE*Z^A_B_cEqc z2(m;&In4|&&|EZ~uSiLHT&SV1K*vB6rcYy1Ev}?X2|M=U}-VAgk;?oUWkQ zwL3m+B+2!Cw2vrqI@(9@eOXd49?nB4ehN&8+I-|cPv>&n?9J2y zMg$NBdv5eW8_ZOmSPF{~#}fO3O_d$Ya1-&($Mh1qeNn1TLqDXxR=hN7vd_cDpiPYL zx4uFaH-v#DGPpZJ@a+=_G>!Gi3K(-;S@oTQ=hcQYzxVKtn@ z0Oy5Ldi$8;_Um7O}m@4Hzu9P4KwRynG znvI7lRa{wW+v{m85@XHO#x(iR4K<2Hvga+Dm;Mt$BY{w)cvT*Pzm-R+AZiXQw_I0A z6^=r6u3ayK5v|%|XwlKa4Br0Cc>l(&Jk3un5Z_FQIw-?}dI_e}Xrr4zK&l}gTM3gu zHS>P3G12cp%lGAp;&9n}vL|0W_H(tqkau(DbkC}G03I;HQZ|8N!gHFCt(5Gd#&W*D zKQ<7!yc|8VzpaLSe*@^=kOH=NHkRpx(%p*$sK(v;MA-m6y!+K=e`*VS&SLTfhiUSL zKUXVxL&$ORS=o0Y^1a9Ps8&ApC6~jt=T3Q)`9xvT#{$EDL6&OV*SS;pXYN2$kWi`0 zWOK&pKHaqG`mY5)znnLgDoNKH{pu#`XAjRwsO*LBQ35a<>w!nMWcYTnba0kB$SpP* zjr1LcV&uDv%|W~z*ox#D-w0wTHo};vL$C1OE_yZ?OFnV0RA{FUA6ZLO<0VAgF5&_2 zlelt~LQV@$m$}>t)aoDkmBEG)c|CENH>X~30w?FqFaQJM9|ig8LKBFFY1G<3W%y8tSVEYxBDM+>UiAP^^Cz01Yo3iN#P} z93Js6yer7}Izt-ff2=MzRmxDLr7i7>Y$myJLY8f6K&bZ8>KBf_9JBFuE8?GYymKqx zIUdNq0%wD=HtMt%)2DQ*3-o&xSFGl??Zg!DSX-|(6{sTL?ajWrh(Ex z23xxWe1s}Jjf;kivgib23~0R zg}lkMSF%i@LlXbP(PZNco7ScAR%GBo&{65!w+USc;y{P_p{*~-sQWu8w zitQDqgn2C{3gIwHWfU~lzc4iw6~pX;-vR@{-*^T^@Gg?GnT<6+Vl*}g0Xm1Q&58KE zhHnfqSo$I5GWPY=etb}?=J&uDX@js0@_F*nx3qyDW-zt0cpotoj((*ZKH+)l2Yz3l zpZmQ}yguOSc!|U6mpeEh#?sTC&-QrH#m}uTYl8pW+$*_LKGLUWXv=*Iz>* z8-mD#z+#q}eBH#3Ia90!H`FdV@n)uVoj;%YJh5x$CybRb^g+9)Q2Fy+4G(oOi?IZ- zF#|RH?z{jJIhK+4WB!^wC{#6a7JtVUF2xgtOr#TYRH3C!8B6GiKq-5F?Duw|$#Exo zq~FKQ&B=tkt;84)RxO-tG3;~*zY=x$(EFCvn6C7ulisQVHC9i+HzY&k9ym3MFUs~t zd~v<-pb~O%@3T-}BRa!8>kM+eIS~<&LZuFu`Es2(h#NBs8w`{e|oasyx2rOKZi zN3aDta%|DzaD@*cHP-pr9&9kY8C>IIG=5dKdX=}``KAau4}p8{UUPS-`l{jdtRRe9 zeN4I?MZN2Zw-;Qc5=x}U1QQy!?NHLN9L3nQ=-$&|=TyW7&2Z3s#i|tVpP>?s) zl)Nip%iSv6YIhOK>*gf9nrHVLHs1}ci1AE9M9nViUT2Wr+9KN1K(j>uy*9lrcq%-1 zI7I?z`KCFMp}|IC15B$@muq?iULGL{dG^IqOvwICk^MVVp(}KaHWo)_-SWu>m85XN3KVa)n$OSDT;1Ir zXs9?hwH!hhe{fcU{CgD&KE5Vs^ghk}DS@vU9)i3Sr&kB+4P!in>6j=ZRX*Jzh<*@X zApSkE>8}$T^l$PC1sT@O-QB;omgW07nOH=1{jzQxwPLQDL;z#z-O*(9?a-aJL?tE*sa7Qf=?R|T_~F_e1Ez3;>j^QM0bCB%|IcWiiSohXJvwDpOrrJ%TOc z`r;z6)@=OzIT4^o1c%KyvN1HHo5|~*?QymLt#JGo>R%fUSl?b0~HbXpi`MeU;(TMPU(Qi50_6^APM_kpHRt*+YaO~FeJtu)h zMO2Bjszd91clTTHvw>IBrybU5xL26RB zZSen%AWS*Ls{boPiewrTpekMe@+XJZ!cN9-+LAYyZy?QZM$uvROvw^2N}}YZJe1*NNt$uKV1Y|u*a)sM~ScW z%|co_yj;BI5MRIYB)Ae5fdVIo5O+T1;N0w`kNelMO>H)8yiImU&yfLFKlhVR9v^8o zsWrLPqEjYeEOorzDQ5i5XXU&LFV*+|bOjduKp9XgheCJPT-{!Sw0l|9WG72U zIFwEX?{B#x72{T>lAoOxiM@y;F%YI+E`NtV#|wWWmlc5R!{PQ336oan*a1_NMUkKX z<}4(b?P@F}ZB!fLomO2>7@1gb+)3B zL|C}#a>$dw<<2LTqSfm&auh5yh*Uy&f5+kJI7)4o+kxqUhhxVb)h$Ln)So%bhE-Hl?GaAsf3|CGk%%jy9e`&|LjwT#@VA-BF;$(Iw)5qhc!1Fnx%${XOnvBF;H7qnP zbCD^|4C#EhL6A|fs@HA|j@6=NskG98=XrCrCCT>T5duWwD4AZkU9IJ<^&8}kHdq=G z2z8-X(N*Uk$1au*`H?Dk9-g2kz8`(%x*M(z4AOu~KbWS*9kGRn5O7DgPw=?GcxNis zEsgNyQeij|?5+!28C<3fHG z)B+2nKbkNREDfhRG78wv)x5V9KsO%G#LMLKd<&1|1_7sqz~fRENABm=@fu<9eTMxo z=fX=|;3gKYQLbT{$@qMA{Bhp6ZgR?*$7oxi(`?%Yko?Re2PMJ_&jYc zo{y+Mk4K$uA~(0GA1IU#ERxqVI9ngCsrvMZUSlG`{_dO(Ogx0?@lx5RSdD?B%?lS! zI$770D5cx&zC@WY$HBytNc~y4<~8+l6$TKY6SX069E}fd2O=vq8p=tX4z@>9^QCXF zt02TPmKOJE%QntH;g)P?%XX^WjsAs;XZ;T{V7 zXm3&*Viy~Izvi?mr|lB>0(`2DaYyL;aj*(Ipu1T26{S2kw+j*PB7P$I*+(bafE(^B zY3A~qJO?Qtt(8>c0SqYm=2xc8eri6Lvixb@ihA-J{D(XY{_2X-Le8yiXMNw6!&&%L zIL^|_Nuw?1Sr(5J`dIH?^X^zi_s)9jba!qK+~c~brSeX!0Lf6# zz-I8LzbH(U6`1OhNPF69WJkj1UgI!;HC!PnDJl0OJUl$Qta}D2(zI2(Ck8QUq zu6sX~HA}@~`PvY!BV}E`?2#!|Eqi2U0am;MpY?rIG9eYe=jD-?5pNRX8(?a(^J#go zpW$N7oT{qB45p)vb|nC>-*>2Vrqts04xGFFb2s}XRkDAR7;9Ruj)dU{>e z#8~ebecO-oQ*V*Hb3Co_<)|!!_cn5SVXV-kIcV>&Y@PFPLD~aYS6j0u&3DFxt1TtT z9+=E$C{yM0rO(q%iuHKj$fdsQp1+H?I%_I+0cB*Fjo3x9r}*>sINIs2bE03n9clE7 zUoTTb@GB3e|JvD#n}ql6o_TcCBi1Z>D9*{n5%76_)Z|acQGatbg7^I`oi+7enuw$W zrL*3}p0)@3thm?t!oaV2Kh%Lq7Mv&Ei@jq{22J`{nA`as4Yqzz^(>&kM+?l-o9hoQ(TLv7}hV|bf$`xJ#xmMZrL_13i*nDSM6391!#=ADy@ zf@$zlzwLF&syAyEEkxB(~(bG>sNZZwpu)<0KFeiDjeJVbtdaa+E} zjSSTVBrJERZf2;r) zW&YjXMBb6cqLA?!Nco)(#AD9RFQmP>`yvPWVxTKSZweF#ygspI7%h|+cuOu$w6+sV zjLe$K%z&7O;(oP{S*=K>DH21#Wz5?k%6@Z*u-w{kK~tRfL@f1IxCnd1KM=kD%m%5$ zErV-<$q9@7X#r2Is6{|1UG?6)f5>uPzy<+?d;DhT3R?|39Hi{VA^SWr1Rcj>*vwha%A z5H485c+xVE!3KxMh65l-O%!01cURszoHXSk5Y6q<%Z#M@Q{_mM^Ls@xFHqX+yuIHn zrCQ{50<(*z<>u;A_*u{3noWTxv?E6SVJhTzfJihPVI)|;*ZHf|nvK4(Q?Buf#}+qr z5ATuT>3j`p!_`dH1A$#1I`j6ht;)|!m1uo2`93R(uh<{NHFrlfWKjg9ioc1a+q5DJ zR@Q7yr6mylO+0nJhT6_>exq7YjLA;ct`153=)Kn+bBJvPnvK70D(H&{vzSPiGZrVZ zpk)hCYA*>ifEyc>S8K^DKw%7(FJrzN1kI92#+r+&R`6bwN`Ci|x-E{y46j(51HiF2 zYmZ&7>rGf=ED1fHh0IJ-h>;`(j99p*kYo;Ch{aPyEtDxSP`WsV)Jw6Cn zV)R7X9;|QbIlUS-Yvz;k$E(kN@_0G~Hz0ws-0}&`8M8$ft>InYrG>*o=x%@9dM=a# zTA25o-B@`P@vm8zk>f`gQd~NN-IU^k7?3LS!;kE_slwl(e{Di=HK&NZ72Rst3(hUr z{*h3_g5K6gloYH#s#(K&Icv*ZV_Cxg4Pf&vD_tZ~Y`A%DzJXzNJ3bI4wdEHmCpw{G zAWRBloI00@HKW3{x<{V=Q6zSV6HV6tZxT;I{x#`NO)E^CVP3_bOeY~2o-fCCg7#h0#a%DY zu4zRn=v$eY>mwJ_;%x8GxQSMN9%dKmsh|)X$>UYwN8>P8;A80g?iLAPB ztX01t17fuI$~7G`tRoYUY?copo8F;-;!43cdE$^Ga;2=x3PBKyHz7n}c){4I8)O2yrfo1b0G4;^3iz@o*^SXE6=|Ld&o8|1OM5=$H zs3e9Ueu3Pyr}0*>wksIEthymuQU{|P6zd7*cAjaw))g}q%^=IenhM2i<9*hf7#Lv(VK^#_Y>Zv?Di^lv#J6KdmV2G z8|}#U!^-u&M;n4uwR0${FvT?l+PvY9$=_Z$9!5G;R0J2g*MMTH3kNbo$r%gk`z&Dl zF)w;c_2>Yz2`NwZW7nGg>2x5*~Sz0ao;D8;z0>V6)3uE#F^>k=8F$HZ~`H& zM{h#ZGJAgUmrpy%H_O$GHH9lQpO7S2B+B`G)oyr$-FTAsO}N@H=eYy1Mq;GeLp{2<{f#0|bJ*ySoMmfsMOuoZt?@ z-GaM21h?Ss?#{;PmG}GJbN;8RFZ-se`ii19ti5EeDbM(gG2_3VTIi}~Ai6RDkDBF${$_R|q}ZR}Dy zZ>y^i=0^W;D4%u}!>K7={qL+gewD|c8joHayA?lf1dL#1tdZN4a_GJ&OhL(E> zq^eqOc}N1Uz4BQoak^ye%1#G+{HDYyi3;jeBg|>@#yF#iw7yPjG3#g3vF%h6j{d@z zuHMO8mY;OWEoGxUGQ`!4CV?K)p*}h%pHPQATZoqFHSkbgSmb~5eA@UzhTC2@458_n=~_$A3wr*=y|`^n69Ye{CB|iofq^G*Hn92%KOaqfM8r&TA9GN* z(Y1J6lubM&Xu>x>qk}g7>}m7y-61}`b2Eh zTU%uu)s-h@_Gt*ZoK`K;{UbeURCzR`4xQ1*C?!0jUTHucfa7xTB6+J_m4oJDOGyy? zL(-DiNKdl{ofmS!u`t$$+jDSVv$0OHfny&*R<#dWwsqmYRcPo~()_N_3|-e|q#ZH1SIK6BW9 z1ff|afRrx?@fLO}znsTgw*I^~w*BO?e6t@5hrL18CPM7>zSTR5p$7`iY4mAruD_HW!gu1StyA3@0^_{ zS~8|JE8kU_rvngo@dJLk_z?I@M1wtxwFZ|{<6)MOB4~uu`XdazH6O;q1G}!KHD?{p zobW91W6R)Yt$f3isxx@Y<3(biIQ=nItZK@=ms?QCG_3Q7P1jatM_15Eq5IhgZH-#a z)-RHv$l6AUeSn5IKWj8-oaZQiBSs`|RsN?YbHVDHGb#yu;_MT2)3BOPdCLns6Y<7< z^KH33$<*ekwy?YaHQ&Ek09UZX3_pd?_{xH_G3aIb2Jj$a>?n}248N5gIJ~EG9}d@a z(|PW_lw9vXQK?v5%$|dGv&4}g47S2SM!)!XV)*PErdMjuO38#fjSUT7bR=HEk0oR2 zJUsv|o}?y5^z^JlX7P;BzX|N=+mgbOJ}ASLd#XJ3|K@pB^4= zp{NVPza0tMMLB(ZWK&r4iyxGd+T8Bm=&!XwOR3~xmYk7gE6@` zi1hQcsPR4FiYMd=ueBMBbRGoNa=ftcJVM!kfbLw+&7@rm4=9Y}B`x4bjz=ZMbi>3z zntx*sNPqqVz`y$!yI~FS=>%-j3mjb3O=|xvzPqOpRy+w^L~?d~H2s#0eLUxVTH z0J*1Qo#n!@=MrJrBlg@9br=5Jnc?#3E6(mS7x>}&n4M^ZdArLWE}A}ZmCb3no%N9K z-<6dJFz-ZmOXB-S*(z8FD-^|m8Zz%l3ISOq9GTkj(OVxFn==+m1x_USpj0ZBhWbS2 zM-p4vZ2CxVPbvLnlMc0F@=p+!JG@CkahS*GPnQ~)Ws_NZZzB{V{#`JCefyVTviAG$ zf|(RU{GSQx_z_vVS@EPDy8E5gOfkGHPrZwQU@ zKR7|L$zbh{#acu@U=<_dWj6~ipJ77yde4`75l%V_{VG@gG z;CJvF#91JW!J%KONQIhxC|~8@$;7`WnIrsnapV5q37+5oL!<@E-(w<9|NnpS-+t!* z?fW5$37F?9!H>@JyvFoh zp_sy91=!sS_v{1&1UNlz8KN|PDZWL-qBD7Ois4Z|#;Daf^>*sjCu|G7*der=<7|D13@aj2LG`H zbockeg<>-f6=lu;MXM-G%*^1ry1JeS*WhV?zyEvv=l$Wx1RS=U85tRh#j3Q#2Cc3v z*QYC~{VU7MS>CTN@7}DndA?-}#o0Eu(y)Q)=e|L{oJm`ExCdNF)+ux<1(FC+s5Wce z{VrXlvdRFCP?NIz!p2d!{H?1jH;A-JPy2hDefr@MqSr0v-<8@4{p~3#;096F<6!;q z67&-2bfV`LW2Es6q-$EDVWYa;pz{X>3RO>=&pRyyg1n8#t>@><_!{v3Q<}pmZ)0Sw zIGab*ad+8Kd$xZ>ppZ)#!k+0%<(}sExHArT4DN~z8*Zii>p^joM^k}nh$Qq=x%zey zp1H>m;Mim@lei^RrdvlZzmE@W_qOf)_da>pnb{UYFfgtEz*J*Tcn8f~=B&ZB z`4-8eQ0Wc)Qz`MDrr>MFa5U(+94C0v9nopRf8w-^x3vGqsgUJ1tA=f`$$$y;qiio=st6C=X2 z+5Mcn>Mnh9lM)`@`!sL8;#fOSX!i7C(6i0(dzfL51VUqY$IboukDe9ATNq61n|}l9 z+@jAgJRQF2PDxmAifS+?%Z=Z6C26Zle6F0nSwfX*hmeYKKOYn27HmBqc&k;e@;k$* zH#j3eUa)^DAuU$SscRa+b$GqJ2bf1w1LksVV8)Wh`j`?cK7rfhwoO`UwdB|E=O6a9 zCektjrbN_eDHvOrsl7JDg$}p{OZ<9OHT6K7m8|R=+Z#}>0ID!h{oiDF7l3M`aEj#u zV={goy|)lBn_`~M{8iD@IUr8`*2TI9(AiwA5*|?e0Gpb)CL6*mJX)`o{{XMYF#hZh ziA3J*y1t*xwbde34EB&|gu6m902|6 zB_^VeUBwiZTrXV5HYK76<^0-%|jd&Ix1oKGe#*OwfF-jpbN9?vkM2$pMF4$jacO-A%qia zKGEgBirPmN4%jz)50?TQl=E*KQa+oTWC*=W7p4FE4r@19GiG9NP-<3d)qanWHB<33 zZ4QR%a4jduoQZtBCz_{@C3iBJ3Ny7P?3&_C|H3V@w_CUqv8}XLej$8n zc0ne=Et26n;E<_C@w63CHZ|^c)t|8kY?m+m9NoJBY%vHz0At{0w=upiw_5wSWMa^5 zsbtz(Byv)N^YoN#(pv3Cj^|B+iD{!Lb}PI9kG=P~LD_sIaXeElbnB74U4gksV}*jb z8N>6IM!(RvBDaOBSO6Q1v%xaP^LdpIJZU+8-u4Ip5#O$Abo_zW=!wF#6ue4dS`WyIj_XzjNjE}Z+f$P5>IF62Y$S3}O z{C;sN;`QpRB~opvU)J7~HpnI)D`xo|TxavRtacWupx#%=0sL~{-~5{V|#OmwCl5vw$4I9 z5w2(UU;Cd~GgH4hdFkot>G|#`!78jS^mMTry(A%Wq`oD4cS?z+Tc^R}StcJc$-?46 zsaTlMpt_Y@f$zq2oyLpTQ?u>1>8nkyTdVF|#?zc^7hzPS)6wwd9eph%@=PU&$wsrM z@OXVdXvNN(Cd`*e=jvyJG`s(2Du7-34sSxQ4y9~12=xV(#OHBuO!(_={7Abao`3y& zL@%B$c1q3}ED7&(oUiYTYD@x41H%MgNI*Y$CPToGg}N;rxi_=`XOy%_&h{}lO{ZD$ z^3eO?qsdT(fe4`xiy)j9FnFwYIBx+JYwIvZY_|;;Xj{6uxRS*CMWNOT*m*~aC$T3! z4`Mc;nD0C~u{E4Xx_@CD=bnBz6C^4nyC(9NzVRqjkoHJ>H#B!t`KUfwS0>vp85x`Z zUYsbr5XRf^x!L0Z=4gvcGWH|vHiH_z^k*B>Sr&Bpx`%;T0W*{1Y8+;xKPVZlXRB|U znGHyT9B82>zV?AMGu;ffp1r+#Qu(08$XxD2qYIU>;vOuMeZn(!+qw(o$x8tK=B{oN z2=CmY_0+#O3p_(!#q!kKWzz7~YpIc%t9;S;@{E@XiZl`<>B0EMg=UO8(X~? zJx0@h)N-9{1l^{)rASeVBgDAf{!5#%Uvs-cVb4u;{Lo7*`*!q@f;&?x&}+uNe<4!i z#v0S+&D~(xlhH%LI=Hwes0w775qryJZB+ov!0tKbOfIwI@uLKGQ@eu%TD_~f3m;aP=%@XH~4M40cIFW9F-;(Zh^-#pFC8tgOdS<0J z0y^c_3Z-Xmml&$ZVFNbo^yZd{E;?;x9x+A(<4tv_Yf3-q!Neww$eO+UU0brlTUe0-BWiQMVH~ zrSTffQZUMV)Q|J&qhhJLrlELbNDT~<=uXXm`gn#^e+2ruQ+S1$ZVT^q^-Ej-fanaZ z{7f5olcx3hY6pUDV74Dm$J`QyvO}Ld?K?hJb9A@r>E|uKC24b5x!WMep%+&vNv!!#tHwr>~<`5$i4*hDHhWzD8)md~JFli0oO z+Tf6-xldn3VUsvUuX~t;{G?h(THS843_3_;hbjO)q9F_qP)|*sb$WT14+RJl`hdc& z91Kn9&RF`&MsL`M{G#yjG%bQ3?`f&WSotR25{KHjPt`93qlAU5==HqEQ3pYt znwq+A$l!DDZ)egxnMC=FCAzOjU5l=Lx|};480S4Yc;`LEN9Eqg?Iy>MPMB#1^^)e_ zSR%(z&cm?Z<;PKn!M2;Ob4A;BOXHy2JFg$xzK`l)SEbv zT^Q#pQ1vx2kuA63U+iCA+y$$A3YK%2A64iE6HLYT7sFVW#()hL0aTzffPjds;b2tY#<&>#tSS z*`dAc)Q=WNP?6kPCwQ-q3DDIP4LSA6eWrzY)YtNsb#3D*mdl_fSD2_6|7NyzY<_8z z#;=4g@91UkMZlm`rjp=_6gYn3ImLN_{iADomy7IGr6k|>a!LChMIi;=47)j*9%?2i z>W78D1a9!dU)LzoaAMND@v|G9`tDbKlTA>|>j98M5X!rwbW#&!`WuHGbNa5G>{QKF zpnAPcA_i0Glk*tmVdSv`>Egvdg5}wuf}O?7Wxgy*5z!L}Eb@lrQ(eiX+u#~YK zu1>rCX9!!{7Usmy{H@)L^e&G%=Tk@Pf&8Q6{)TO;f>}iM3;u{RESdmF6oIj_OGJ$E zMt?Rr@+7Q=zbF!QhX4}mppb7BX#dU2R+bc%%=ao+SWM93h%R;(e42{Ccdi>#H=_CxbtNh)@!lJD_-ZGcK?HhqKt|U~*Xb>1)$a!U^)wqH^VIQCuR@H$t`EiFHg` z^ctl<{hrs;a}78oy;u=j17#&g&UT0^&0K6Y7Rd|nyApyEk=-8Czd}EmN+X;5qcQlK zvHB@T09Lj8&PQQ+tJA!&U?O5uUsAr!)3JZKS zP?td{>G$8?M(S@e&*7dU zuI{}LPUa$G4&}e*LOtX-fnf_%%9hGyE-VaD0!e9M@IU}W9V7Mew8kOU{N?1z&-g!zQwb* z6bdCcOY`-UgJ|U;J#}`C?g4UEKUcXy&#c77D1>w^#h9h{3-D@yv-|BFS*TA1&hqZt z3LO6`whuRZkd3Kb!VPPF!#u)Qls&y$TPR5Wl?uhMc8mdpifpTPdWJ55n|b<7OCdL8Ur&d?%4 zUu-|M>A>-Hm9}@wY>x|KSE8&Q9oH=9o1R9!%J4?S+brvkH6MJiJZ{*|OVd9oeT5z` z{7!<6k9akYD&6hC+b+SQ`U~cc%Xg_g_kWzcZGxm zx7@d8p@aH|Gj>3zd&E8GzNqu7kz#tOkuC2!c8Gue)BjBw7Y>vGT?)Ns6Bw8IiQ@_m zmf=S*kj0QGR_}T1DnWi%==mzN=W~}5IihYj`lD&Jieiu@~TOUjXtv4zr3^P>WO_MmxOtWB`RLIsjX4l?~^H(zvQ${eoIr^ z>p?lzegLqKhK$8cD8Vu2p4LGIExl&%@s=3%nlasPj|bxtcsOa`WWsNJ?1)(G%V%^= zKuZzKM^bf-@^%Ws!orSsIM~=!v3D^iT|-kB-9GHyiaUw&XQdc0jw(SobiR&6OBPz@=d!x!DwIhOYFfkv;J12Od7(f z`4}M5iyLzN{=d|r^T^wzS~eV|$73U{9k#3UShxxl1C7navkaCFlri0wq}_{gd#zbr zfif_PsK+rJzLvo4#Xzk9@+oq4cin9E+N||v(|VtQ@k@ISotNk75&2QijRP7iL`kHP zZx&dz<&&Ofu75vp{WihtPj?$hMEh9Nu0lYRxjrrY-I@WPJP|$L{=h0+vrZ4F{KRyos^qWZ|<(S(85;RS{XDc8a zW?wnV{*s%7x5;wI992zT&w-_Lv7H>Wm>~g4=%q3HvA#vhm78$Bc8XrnTdB=WSx;Yy z;{0ardJgGzI3v2@1T-&1B=F9mB|VcBw?0T}ss9GheVb#4M6e+_SI#1Q)EyaPdnLX> zV)ZA2rs$ikM8qv0E5vtIa+TGzg?%eCCxnxk5S)&Ae7KAJFLZu41Jkc~8YMlgbI5bz%WTvDg-})l9^fPh;L45~RGspVE3vZR}0|4u_&fPr#(LMsg zylq~izeQ;^FSvxsaFqZTje|gFFa&+O;7LhxnqXm1FkXci2%`WAgjwDn(>@X@>E4S} zUN{8##g7Vq(h0omC-AJOQWM-$$RQabVH}yMP_HC@1QnNJWD0C`-eT{4C0gnQp)jw5 zq^=d7{$OQ*Eyrbih{9vCbqUyWdQ}(hCcmlLpvgZn>S~^O<^#FKf5V;cF8Y_FS$ACe zF?Sbjo%P@S4fC_x@~Z^QT^Mm&{UmQNJb0h?C!85hNv$loDCbvJu<$t;NRR3<@i@=l zG&bqM=;{#Qa)!&f$r}z%ldk+lPFF4eBBx|bAp+Qgo@mcoQ7XJ;APuv-$Fm=-YuGV> z{j7?;c5M!OZy=@zduFi|g^D8?817s7w{EkQiIi}bSyoaD!v1~t^6BM$_M`eRG ztB5Semz!~paUUz!ADcH-(^wja39g;&ebYQGaCe`t_dcIy2(Wr2ZPr{xmKkG_p*dW~ zv$mO18+6MP_BIoyLCsusUceV(h1d^)&%2lQ)VYWnr+%(bp_JHK?1_3jKM=^M_=%;u zh7W=@N6QBJUglKW`=*!MYMtqR0kA2AFX&C77ag>`PTFQt81;rDTbeWWjL*^ixA;FD z)_=^A<;m1AeyeKN61`F=awnmg0-gGw*WvWQ%uV-YlAwr9I~GdZLXE8y`uCO;QF0Nw zV}(-ny4A6T&pa;{#x>LDIzIsO!NV>*7B ze6Sq;z8$j@ZmLmW3FHE(u+YE#pWBYAqAqjP)JYH0zUTMx@6XpDU8)$ME`OFuyT-5h z2O%m+THr5vDqn`8kO5D9&))ih00jRSO7zglxA%~yZ#`z;}L5wUD;GuK%epg z0~ycUKq-ue$Y^<+)Yl2^Nh5(&H+${4spVmRW;U(eeKMk+)6CuC)LkllKV+Vl@QD0_ zyF*U#TWSP-Axx@A8BK){SDTJ1_J7(nc@1g_d#2bdzsCz4WVq;X=;a4aKZJItp4XBJ zF|$5O#W>md#ohQrxx7^B2yNWvzulcNJI3`PzdYLT`0T7HW&guTLJKubxtuNl_I7qI;h1 zujB;so}Zwy6v^5?=+_k^IK*DB_y#b-mRxYF#YK9_{L*pZGsx9$cI0SuEGnU7^LKO{ zi3jYF{5+0X2Nc9_?LMq%?qSAUTBIx*pPOi+===OpG=puvvW*7&u^vplCwVWl1(bQ+dqguI=ZmtMFQ7r?w zi3fE#p2*J2tzjN`>OZ579kLkcH-|j%C-Bul{9!;k(MTQTgXO{ZgC;Q#%+h^R!e09F zd+e^e8;2n)Y{G{tmkg`cTiy67$KQ{EXU6+NJgtVO`gA8Vh_iqxOXd}7=kKoqc-n$KmlyoQ7iVq}5xyu9eiT=>-o}PPee&CBSo& z-t~MSQ9Vgeo6Y(`Pe{=zf^XCirDc}?P>@UfdZ2N_(J9~W1surwsA3-^j-k#R8}8gD zNxHd(9Buo{$+g)v4^_zJ8QQu-iXiQRRl3`4ffM2Vl3_Q3F9PU99d-XAobzYF;_si7 zo}c7`lBWCRG(44CFuuUS5Pu8{ehmi7BasE;-kb^M|i?Y0jA1*%epX>Dxav}j& zO%0^K!R19}?@fhta(@TTz%ME;RHutum`7Hp5yv(+5Zoa~jR@8vCPZ0^R<<$bj>Q#WT@fEKzpoDq+3J)t5H z)NY<`dWlBHt+Uu^lb5+SmD{TR%LF3J-_!KP&`R3B6PHtkofrN)T0=8x?^ zldX{H%Y%4Ep4R#NQ+XI;?WjG7^eA#=UK`)9ee(_t>H8NMjH$@wr+Wj(FPTZ7OXpDVsoGW- z;;*!G5p(@LQN;;Jgyt%{IbaS0gz8-VCqJ@0UurWG+q4xiNfez5mY$elT_%NIh2LoZ zj_vS(WFou4NY(mZf{Ujt=1$EdQlE`_uv4pR%y>vRoQ}K-rdkJ1FL!k0noQ7VaSYNd z4p(Z;qYlh!i8L|aHMJj=uaksM9EMZsHN`5aM;lCb0H9YP5$A_B33&#qzSu9c0Wrnhi^#)kW{&w#bB_APC@wG7WKh zB;j7>-Aw)i3`UQXbb~S%#NiI78EF**;MGqR40PIdh3P}gG$;+Y*&-;PFm0n^sxQ?w zI*bt2Y?^&_e+`pcCHAirS2FK$Fy4+jOPSY2j)4teQH~O5Msx`a!p&zVJ{q_j@?alJODLRp|?8S&`nXNff#%Z za`sbCCVy9;toM_k>NAnAzYD$?1QOOr2+99DbgFmQ-?D7^6Bm%&2I;U;lvYLZ zMQiu{R%k|zcsIuOI_%47is6H>wv^O*`H_gKrVitbbDho-{X@X7dB{}~%1IOccv<2P zxXpEIcuv=*xyw>Xv4YsjMGORskYEEGC*D<9Pp^4#_X3X%e`$2eQhf|L2BE0{Q9Wpv zU?;-H;Vn+Q0QSiinu)5tnZ56Je=55vG7LI-lFrN<#9>+yZSgZ=yaFbyPBQfljGh{Y z4S6r_gja4I#!I4HUmQq2O7Y=@<62xA2`HcAH{9M`c)W-ev&DSQ|5n;=H{~5Ny`!cM zUxGtd-l!VguUdP+eUgL<07sK1-|=-933-$F*=oOy$`g&}IleqaL^f{}|CkcwjUjp4 zE|oB&8@Iayx|z`^Oub%h+dHtYTorJ(Yz`xuPM7Tt6}Qb;-jh$K0)pWZUpAFM)^!Rq zW*PTFkf7HO|^qzETfH89CR-l^kt{KhXHABnBHn$f)yvCb#uL+=d61g2x#Nux%%Bp-k_fh{62#6EcGWSTXlj9wf7cm4G|3VUbKYTev%TP&EjYV4#Nh%l1YJE`XxRq-yNv~; z{GEgBrE8#TpKnV>Rseg9i_%Bq@s%~w{?^~`Ff@}&4edih5TeCWdCTt)`YY*Jd`Gv4 z;*xM>2+w&tVaTYijyttAXo5nx+nF~$_IdS_^WhuSC2pI`^xq4rymR{c zWGIYmM|e)$V^78lT8Xp5HGWEy7tK#v3Uva-sU1`En1}=xZ^luXU_nb3agK|^b!7=5 zCBUw+6r_Y=Az_5mm1)=Y{ALHKhloeEjuKvtU5zVbGwDqtv#9=3{G)_YZn!(rlqnrQ z&?9#3-1CD^wOCaF1FlCNzQu*)qb79*+nx=0xkQ89Vy?Vkwc+)c|7>N6r5K5rsl|TB z*%b3YMuNnyoyVDwLK8;(ob{t=LlE!2&HW{;`OP6w^LVg`W_v4Ry0_QHAEDS6dbQ%b zLp^JYB_OB=i$U`bVWB%Uo_L}y%3+{F?qb6QFHxf{t=99$@!H%VRHX`f3y+i`h`nBq zxc~8xA)m|9kR#ibzPO2Vsg4Yvg$7&ix<0u^ws5Wa#YYS{e@Rqto^p&Cf zQ66@>WEufzlC&;oGbov)IsR8xYO$5Yck}>~TZAkx%9zJW$mQzugYVB|<4oo78*1El zzG`O7^j($v@WYWpewkRZ`S{Xj1{v1tqvb~r8f()h_RFz0eX-g+g{a2t%`gqr(kUZq zXu4~pG?#*vdBv(n*Hud^epZy4W{Tc4scZ&b%F6taADI)sqt+g_)Ksk}0;gr6HRB1mdzI43j5q)tnlZ$E**4NB( zgo-_FB$W=`4m%wX?j>MPxY&C&>b1(D);G)4PJg{B%)j(YUygteW6&FH{1tc2J0A9r4)@*Z>4q=JG}7Z!o#pnvUA-b?W;!VNmt0ktz4GJ5WZw7Lrb$-dEB76ovaJ!)UUavZ7U`1fXomI-(i8mq~ z$&2A$?v0a}Sq(B5OgsMq%|zdrFbf3Sod>-t21ro7O7_xg+#JIY$IA3a{R&@7`6ic)6d58M1UFc0wwZmFsJ@bjAi3iFk)bJ~OU5PozLs{svRxxAG9TlRYE;eRP3nQ88NXbn9rN`@B zBpZZG7?ImiZ-!j1X91;?DEn~eFGhOYMufDqmDXKyq93?Q6quEjUF43J`JG}=Ix@(K zt#=wTc9`1IPLBl!?z;VF%ru90D!(6p_iMoo2zvRFEM9AVg6nXX)ckmrjRt<_1#vg? zbCN}w=zF`@gMAv&_p*o34}-L67h$miA!T>Hh2`e+a28FjH0ojwh+^_keiuSY*5Gw+ zH_tan(d(QDMd-Un38|%ML=;-TFn^Q` zf_>DlqOMIJ*zowA`I}FNelhVkCV`1P6HJgSdXy%jY8a1Xy;7T2&9`E9A>gX{XH3Ot_8kNY}v@H z{62}X*OT27`VvZYu2TasDbrxdJj}Qe56=6;2&SXSjDZ>FRh(;5p95oZ$ zA3*?#cIQ`2X1)KV+XU4vI#Z5$>6MROO5wZoOEN}RwaGq4aOcnNWWJ76nO(ki-I#i8 zkF9rwGtc0%hBj{VIK8@MA+K9CD8zg)mW);=&-ss8ywYrZ(f5hvAtwbdL}e!B^jPQ3 z4~7WzBYQpJ{QP+wPq$$Y1LN5SxC`Ug8HO9gK&IOB+d8u=D)z^Aou*aAt$ItXA+;=0 zGpV85&T_r!=h&eKSS#;Rm?GV>t~`=ecR910D=hpx;%(oe=VR$mSd6D6Ro9*4KW^P- z)Us!p$8YCINd7z~>ivteifUXTEwF{^v94~9_4Sjrog;-!{OXy5HoXyAN zs#ZGU-JCM+d64*gx7MjiaW2&oxt|8BT|Y^;=gpUtiEjSkpx9VaugD>EyWAiA)=IFP z=Q%nqp!`}8;iM8nWruMflUEIRMU;fIC1igBNju8Gt{WqEtj+^G|+k|!X=*1Pw8?v`K^KAPAn(p_;E z3YE%W@Dmh|Y-51RJ~LlTp|eg9UK5V}fcy4~5wfl#DLz`vlfr0MC)6iAw zII-Laes9R5!>jt824_Rwu>$KWqm7#5p067(;qyg+`*Ljw$@J}_4EVRSDFjk3v zrbB%?a=JT_bVV*?ra{IHlb9l!EzV_=r3@GvdNGIyMiBvH7q$NkXn1cB2S38YL-nI^ zYQcl(nCFKnCnIhRSCIYM#!h{!Fp6YPWKkTbt{N=S zv_OZc=7a)X`u9Hn$7%Zsj=&T0R~itIbCa9NTTzhjBIfy!k^&b5+nNloZ=8eoMk z37o|L{bLwkioXYclLcI%4~5qM`M>}CCdvBu>fg})f9wF8;_K&VIsN*J68(`}C9d~_ zY(=UeQ)w~w6#wfHk^S?C=Cwj9PnVnG#3S(Ym1s4}3H87?Gw-sqMS>=Q9c*aL#?l-i zD=w*bCdaLiRYCwuPs}Zzk{=eY=y+isirI3M@DwK|OH@mTF8QVJnwM9PZ!MbKgAuNZ?N{4 z9guoe^;t91;AK-eBGk*Y^Lf^Q1YtT=8poAHMjdg$g+F-#>=coY#MDSSmA>xlZ?4*0 zeuWn-FHiI{u{gtfGs8C-1@|EOKaET9r-UHTmdK(L;Ey(Y!-_0sit({L&m({!eA0LU zZ?DBRj|P5uXbeeUCyW}B(aa8((!O*a9#M)YBiPO0H%3Pj#vIR2SMO3-O(V+54B81D zC&YRWULHYz^jy@k*~WQ$rk_T?(C_yV1SK1iI3?FJYL`c}K2fSIa{%j<6AB6NTxMSHK2^iRb%|LiGHE24PEw*wjwIRl0=FlwV zbo#(PA4)GW6l*wFpd1caTQa(!8KH#M)^l&!!GoUtH&G#jQJF@?XLc*?3Gm`>qw`74 zL2=1Y^43TtwE1eP&C9Qr$yPVhV&$FEkw0Y&OK@bR6U=RlMp)hWM9hO^|9LZ_oj!c% z#$VS)GD7xsEJmA6wIP-_?tjTvupUX`iAOxXH_A2Y4oGkuq@?`idckXCPH0z*F&n33 zKQbp?pA7vLIA(?ahuM8xDU|`RQ%GYQp!bCEs*t!J4-a+p#Atz#BV)Q%zbm_ohudQ zM6KS9*dtHc-SN^K@{@V3cvgEi2cJFEJXgYWxBwFKXt)1I37^Y8nZNaNs9Lq!L|=YV z=a;fbKK@(r%+^_WVIqggyqV7~r)w#mxy0Ln0Sh4Hk}`BcdZWM;_V+4Sw6S3+pShxJ z-(wvv)O=9{3Ij8ooI&^;j`*&Nbw^p+%x$`vJy;s?*@#$(hhWHBwW-dHw()OcJ&V)j z1ByvOBcAnK5c2Tw6HiI9vQ7juVG~HjG zAtf{Oj}kX77(0U)+9eU~84mJq$G+7^tD+J$Ym)T*(k$0C+jr=_`ORLUl*_r|V!)oy zpD`TYg_21w;e31tEp$RWM|^*xSTeiNj&A#1D4e9j@8!v%P`#!9_e9ekw(3@)pINfW zFBrfEmiUuN&!TxgO9-0XOFCsMd=afXMQK2~?Z2ZKHP7FHMOTQdlq?!3H%C_zSmPds z(MS&LPc*31S@e2dk&9z}3cX~+;=CoSuDDrw{ zO~bt6!0v7~pVEJTbo76}+_#4Rk-`6XOx1idD;-G@Pph=aNA$(n(xGnmmREv1Tx_Q7 zF*#DFa$Trce1Z&yP_wA6G=;V*80p#Lha_{^Tw2FzQ5R`$FTOS1#6{n8OtvEkSThpUnNz z_0Hf}nqh8iba4VYUfgvfg2wAo8X_xSelpw0>}49v|DNBG-M%3Dr35*eqX-`{y4V^M9-;8qftUPBi-XJxQ+>n z)5w4=IFTRA!Y->?y)hNW50;VO7Q|qr|JLG zL)cdToilV|jYtPz?P=#r@8{NO)qIn#{xV658BxhP0h9a&kNd2(TYIs=@jzY9urcT6 zXi23=`Tp*cE*i3+I_F_~F+ zfGNN?YLcP$*ZU4IINTRMvI4M3HWKw04P*!>uqo1_9f5tI6j}^@H>d*e*tF4SBkU`s zL`nm&lzSd-;0}u`IUp~OB`T|}T$ssPIh20OKbE8`n8&6*J<+Hvu)|GLlq z{6;^?+*B}HHmKR<%m~U?EI6T3-$l=jFWU#OvG zEu*UJ-nL&s5CH)x5s;9SmhO^n=`QKcMTdZjG?LQ2=Y8!R^Z1>|oR`9g!GPd#52a;OT0X^BUs{^Aw4OJ4z~RBUsINE^ zIzWCCm}8R)g13{Qnos4QDxh;1dN2DCc)Sqi8G?&4lnmBfHMl;@%{ORg1+o0BTlNgQ$ipu+^F!@ksIROg= zMS>Vbk-d?Z5xvlkEm9p(!_D#OQ8-)Z!%!py*|rDWF!uT+RXE_`zR&prKSF*f(LwXM z-qlJ7lXHv>Wu4tpizQ1|SU3{C4WuMRcc7fJ7Qq>U{!P7?zGDy)Y(!h}L;zPov^-ACMIGZ6Md!}9x z23C-!O?KJS@Hhj8Gc|*LO9@Xiz{0nYE$vpj_`%6qPP>vFeq^txh`8opWhfpr5FOMg zI$K43JVs?I#`CyWiVBTadT=_MIoxNC+lhm#PvGuCRJq1t{D%b+1~>vqj6+uI{6LVm zk0#1&ET*rJ91V$FoSu1Gx|xf9A$+=pzxm!0{=59~JPFrNS7pwjlbm=kPuG)@*u-VY zxdu=gW5nug_4PJO+gXHQO@c=RF@M}t%|3$i(&@I99D&PQ3?t13=i#c>`$eO%TI(6J zu68+2G}fc(e85|%iw+{6hHSN5cWrTr?Z_>(MR)WwDX<>ZweF=)gvu?b7I>|3*?I0| z46~Y*u!=b-=z=Cml}q_k<-n`Fd3fu*&KE-|Ywq(!Gmle9rakx{ZVX=Y+H`zcFf=(D zSlNUy7m7%PzhFL^j=%xR)sq|vX;EbWhpno*MGDWstv3(6LnGYuI-@Ga%$NKlAGnY) z)1!-rH9zu!SNK>x=wGqR++w0&Vbf4ZYXFDOBt0T~k6~=>u!k;-F3f|4CXBpG*&*YGF;1aT442HyZa>R<-%VA+ORIPZ3)~$%;ar*>G&O^Lp9Xx41lj z`-T92l{F!}PtjaDVGbhrSyLyeAs|ZeMq>f{ksjJK_Uja01=N0ctiEZ1pYKm}tiN52 zN}P1`kqP$sugw4!j8Z)(Ikt#Z+XWvM2R>qnFfH)v*#ZCB93JCD?yy(1M1GJ{l~Ki7 zNuzjz+hTc83&gwY@*QOnUxrHaRkuzj@*IjGzu{XMkw3~yh!jDTlIwjWFI_$Y(tC2t zXL)sR__25Df~_qca=b!Nl`LuxK*h-;zWS)4;=cfD(~!>+7YUUHr^x_&c^kGe-!^|l zu_b$%Cv6WT$mYPgE970XVy<6#K*iroBg1P{S#7EZfOk5e?Mz0Y(+6va@0(*4lb z_4V0pnp$_K-@ZDu8geJb)bv(i^XR(rq`LrX4=@8vcGWr1#i(u@@>m?qU+0?+Vj0eq zw0M+plzf1WYETcht0A9hIo<3OvPyn2C?;sOg80^bRT4ulHvH)K`ZV?J7+Q<lfo&rFagDjK zDq+jy6YXmiUCoL$pvZ40^c{@#rR+^q&%V!5=bI%L4J||ql}tZMtx*+!O@gzntosvd z$L%o&z;Eb#*Vv0)`T;m%Obp!e5%r!KI>S4kD~UB_zG(sp^j1T5k$KEbQb;56ZU?=F z_IzvfCGyMT=_o$!>KWbC2<$IqD?Fm8Bwnu}2B=as>gJ;>Rw>=ZF19inoHn!AYE@Q{ zG}#3gvIxz*1t){v_4jbC4l#DoNCyI0`mX z+`0$=Z3uUc%k@UaaA$%&c|T@0So$Xoh-QzIrONy{ z&_0rzIlNm}M#yxb>q7op=%KeZwYuq{6bn1@98scmUYE!H+Ri-je*N(?mD+)^4iXe( zhGC{#s5YSOV{-oc8=QqAn|Voz7x&88*rz`NPoQ7;yR4Dv=!x)XaacmXn>2#16L?&1 z1d3kBXxLb_(AQVxWP)}+Jn<}_fQ~ERneVpcl_}@;S2MHO_FJJ^Fl#4HJ{mC&ixbnLuxX^&ctDJI4rq?XdC-p#_mr6r1;eV42B|ga@7+ zY$luh3Fl(pJXrMkw;O*01937^@p$<3q~GxAM^Y!1oNZzGD+KsnlBChcbdvbda2ms5 z&-|ZjIzkK!rCfH{W>Q{^Gk?avnrpi3`Mf^86_b`hos>7HW`DjX#hEzXdhcJxaRt>j z_*nt`rsq9W+&XYYMJz)JL1iTx<%6fFJEb+kq)h!~UIJ$vS-?w1pJPAN^HX(8V#D8& z6d3&g0xGhP6qv{r!iVb70jF99W2$5u!Xt&7HaB%~1Pw%=?VR`lpmh6FDl^nv{jrsJ zIxPt07lcbjdHmQA%^p`-m{@t#^ua5yN&{W|Xp$mMXQZbL@)6=1Hkr8l4+%w|+gjDx zN@@ilqX@C_s%2U%W4Cp@OR>SA;qv7@>QBk&H&7J3QXk=$7`6|L!@mR*_mQD=U* zK$`it;PN4@2h+4h+TnN8NVbC?0I!}7Z>R#Nd+i*0!!XDM#}JpUUAXka8ulNWC;tQ{ zmX?$M?HIMW4+x`bmDPeHN23H`WwSt-$sujLu>WL9e-k(hXZ!%Pk~?J$-e2;aKG_tb zc-g#K5jop-P7P_bU0@X1%KWmN%D?&5BmDq%>~qVCS)q7`Dq1ZPZZEr)%Z@T!hTDEM zK9yXtewBja;oKc#264~>N5goL1r9?o;tT9`j!}g!!{asQv|PyuQ4Qgq*DrsZS1zQd z%W*W|luEzex%k=P4qlq~Ee(3Q21UV_(-;NsTj2_rTxyAkeMKg_vc1+6SCA#; zpP_BfbDFPn#uNYg+;1ZG;Z+zjI=lPn9C|NV(f*vTRSES0?}bko&TA>SrSck2>iIc+ z-;@$>xQDX%m>98z&==R~&E0JCv6Tw7Vub?zu z{?xzGA1`vA5OJ%sYJb(@9hk3G9RaO(cwq;irYYxi->c;qN<{6GDEaIDs zjkQ_KI2(%dqWQ>31TJH!arsrv?sBAax1W-}5J zCc=${#b>_M((DlqWvPCJYiJ1^Q3%t8%ndRBw~`)CNJ&#@UeC?2fXuIw2$5EeUiN40 zOzk1l=}~tp?NWNXS6Vnhb?Bn|rdcAlQ*-`s&5Mwp-BOY_(kzx^w=P`~t%;r(`|DPcZvvmc;NLMey4a+9F>jpF_kWRA5(jGGA7c~=k>GTzwhZAjsvh=W()alH z%w=d+N(bjH34KJ}tN`qxQK7W`-zq~*w1!4%_9+nr^W$|ngd_mtSwJu!-l}mk;`ZCI zSNqp7*h26ICb()E!U(Az1?bJ!2i3`YKRqqUyj|uY%Jm#$M$1t$(j!go=Yg^CENu-p7r{;6Df>{qNM3CF1A);v;x}W#;idKy|=5b1J zd3yHG9iK*F&7c;^%~iqW5{l(;=01y`!ybptcm%#BpSwRqj|q%uHc@#SKnc}?Fq^tk z<+<)^0S+zpb+gc_<$I(Tg*&F&#cC(JACsA@kl>O}qhIQUV=m?DMG$prI`Djq#DcB} zlG0S7ut5j${l|ubuZ(l_e$%^XA^_>Zm81g*k5p5$#&$uWKh7oxU?3x6c(}P_V&9Oz z#`2HvWwrvD`xMExefPs{GeC5+Wcx-Qym?dWb;%K?u-+#IF9of!6BM#PcevV~iCH_f z?n^j1ZM*FNDeg3Cp=eZFD(Xrse~V%!gSSj!WzejMwfDAXkcl5sn5ht>j~Wv_#Xf&k zLn*V7Rbg@xSPzl1K#Jf*|JLAh%lK`&(<$3}2EL%xomB)9wTP5dHXA$q{7XC|7w3hy zZG5cvpMuD;iVzHl7yg%O2&pXsI_<|0rTBvB;xRbyH0(Z9zu9uQ&YpIie3Hy|Bp-G1 zs#v4^TWF2j(aQa7Uj0Vvr$kiY2k=kdKR_UT0QXo3`19xEY~eBwdaMCb4Qx>n#J~Uk z&rAHA#2>U<`aNs6ghR&u=jH#tQ<3VuLG^=RgX;GmkpJ7eUSSKBX+01t(-H!-=YM|L zd!ZO)QVoXpWEu>lhVZ|Bz@JYf?L&B4^h^k|=vm}zzkh!p?7yFyz&}<)O$RQ?-q%6E zvxH_U&60?LQ_h$U;>3{9UqqH0btfLfBcezG6@zF8+{7#7WG)w#6@^ZjPXh_Jox+!@ zg7R@_tiEWp%rLg-R`!-vZ+t=iT|> zPB`H9Y4E8YBB95`F=!_e1CM;81fDm}dO1CN32~3pyQBaHYGT~U< zEMX>B;%!1IAKSYa9Z%1&vf~LYd*gcn_goD)Rz7d)U`WwE8oSnED&!^pzg^*%hXu6t zvMA8j(x0TNL_0Ra2zz$Yz;5IgxBV}Ay>%T9Z{7^i6JOScdKQ2(A2;lAJymJ--af1_ z+qYCcgQPATFVHc4<@0BMj7|L?U9}ncz<&~+5xA6CWHVm^XLa+vvcqfUF~?!o^OmEn zcIV04d&8H&X%|eHQGnEt7qsQ z+#T`a%enNkFGjw1G&9E=(NtN~(j{*`2H5Vc9j#(r4?d@v1WskGzei|Kyl{3Fq&xnP z8yY1ChO0pkFkEAvM4LZWOF1YQ*E@-$XQ<_yQR}L5{}!6p5yjP;xEcI8OZi%vT3)os z36*IGlz`LN80Tpj&a;2_s$n7#^!x`x`^(HHU4aoKp&^ za(G~+@$L2cL@)MG!bTW93-8 zmgq3L2X{;QNyn}qXF|$9v4`Ry{%xV<8&aTw+~j}tg;a@wDu&_t3SuZ;xpW}jdY42} z?{!WoD|x|ORz!^Z>t%N|qIdCh6@kw_rW8J~tn>wYM`K7cbTU7Qw0kfMiCFpgcj zl(?`MokW8A*sOK*FiX7eYYl^}VqhnoiR40~n3%P>C8w2PBuzA z-cD{OL{+prha^0M{MA_-%#ZKh1|Y}}sg+s2&t*#Dc!oQjL8JbIZ0zUiFokRRZa~4^ zeD(OzBcx0W&O7UDoMH#px3_U0PfY9wcfduH3Y9O82v;X}0|RO7oErGMkHwYNl-E@yw>a`74c9Vkzev2i|V z=Q>X(iZ|kDfRX5=8b3|`;}lJ+1>ny~(mB$})&jX-gk&pN@e{URK@N0}ZG*@To@QIG zN)XvO8_uj->sMVAwpET)R}ItaV6IWhg&W*fZ(g%hYcH?*q0C@`4x^2RoK$Rih-T$7 z{MqXdQ|Fi@{v)tBi2$L$9rssTP^WBHc83$O@&gZuRRo^=v&_-PnD9QiU}OCfu0 z$!C3Xu#rOdQ;2Bi)+xpk`vwujCO!lxGAoUjRk)dz%BRTh1-D7G5;J|IRY$G}0UJz) zPtxhEC*V=oT%B(4@O+A0l6MAIF48ve5C3TP%-$T#3H{lyv4Jwyb0lCol-fZ!{%u(B z%MsCR(#bWFHyLyFA^Rmc(pf(*WS#SpkU)Uq{LJ}`Ozs^I&>BXNA(qvwHW#j|@;1So z*+bouJ4fpL8x_*$G3a#p{!qJ3BKOvb>Q52DKHjDWCyV={+{Di6stQ$~P^Q*eJf*%% zvHsf-aR0=px3GCZV?I{tWx<-Gb`DVy&g?w|*_>|2J1(T0YlPXWwJsiaSlydhAMPB3 zH8BWhUnlxkFBjKJMJxJ&k}@C;!@ig4jk3FUU~cc7+NJd|D|oVrVhGJBNem6+&de$6 z$m6yhiz$`*+e#{)vbhcG2s3hxM%?-_Y{+1j0(xW2?(G!m+hInnACuIoWjl#KO4H2W zT?L&MxTHCey+d`lW3|$VPSDvyXp|!c z(ue+_)(9zxm1B}4!*~O04rtsrPJtxPYJlyz(yc&%KN!-mpGBiVh;iSC@Y3-*+*ySg zoGBY!(yf9~6feISukgYSjJfOlV>7;(d9oqgIek@kB746;;Jl)jdOg0_0O|=k^l45~ zF~@8G4byfsoqZW zZN@{aq56GmAg!Mgv9@gP2v*ODQU0V=?}Z9r`H>snKjX%jrEZFd>Sv^$9{Kv!_*5tA zAe$z`_^k%W+bBERGZwu>bpgRb$>BO1+mFL}wzyT74RN=>uvW6GNb`0faD9QMhM@dn zW5aJ*#ZWvKm2FvR8;O8$*#0J8`BazrHP<21o`!%%h0r<>3*F*)T+r zfrOQVA@^p-W+_^wou>i1YC2fH)M(8kcq>DWyBlL6_jqdjEf*{g{FU#We1HuZ;g_%> z^FC-Pzzy7QWlw^3jGbuhPyeyTfj<>jyE>Ye*A=Zm?daOHy{)B`V{W#oVlm-c;(Kby zzMEu9qw%<%lkBNcn7pt>gF{r}KnVr=t#_@znx8F#AZ}_yySgQx6 za<~CnhX~x?v{P~t7PupjV8IGe_F2S@P8UC}26?{l#|nLS(DW;2~Q@ zdguGe^YvLY>PPuxr?S1!9r56%MzaO2ZQb&sZ89x?)!gA7HZ5|V`0tcF)!fc|ORgT8 z8&95yBKfTKmn+rn>}OD^ZAzRSM!N>%zOLb^*2sM>Ax#}l6kBq6^0h#Fj-TAMX^e7U zZ!Ube-%jLF;xTXzk5pong`8g2ZHwxw(q0Ly#*mg5j7xkAT@%-cg}(hHXe-(6$u}04 z-|f~4yGhu^Hl@n|mrNi~wpDZr3t?=KnUwipGZ3nt*C>-c3f4qMt$JaV5 z73kRAGXGu1&4npm!YFTrm9%b`)Dfw>s+Lb)w=|t(DzWg+2ySP z{k_3|NfmM75DF0)fh*g0=KEoojJ5a1Cr$Ye(^r0v%kT24c{-t4+IDQ;q?$_yspXH( z4o;V(6RWoU5#pyVv*xEft{>LtTR4%wRlDcX6z3Zou_9(@_vo9+Ju{Ms+)mWdHS%DGke>)5KbFNUK5x1#Sz}b2FLGLF zG)x)5pBSEyNR;0_?78<#pFJVUaqj36zu93kx^F4#?+S}kRCvT!#thowzHU8Zbs-qB z46R(8z>Nq?xit=%dR*iRD$Rnm3b?y9g;qVbSyAP~t_0G8Hbl;+y};z4%3^T0Y8%Kf zf=hl(dOGoMX$2anqEP$|lJ<8`0R_NE_p4=$Cu0uz9WGjd0$rEHLt(Esfj^cO#l=D! zAE`h-6!dT_j|oXIrKp2+s!12Pi=!~D%rtfJX?@uf)ySLaey&iugh zpNss$CLqt#FK^om^ag>oH=#|`c22UJ6tt?%;1Ic zLC!OLf|16AI)Wsge|M_KuULCPO&C~VD+qG&v&h58d6X+o;#!2q^kYV^j{8i{cT^oU zM|UZ@Re$)^74cTE?Jc#oR#{H=Rq6pQWgJ?Z3-ceiQU4*}C9z-=mjk#cWJ&G)u-umY zkk)ofTRB`yzg62U38`$L;vm(c{e=OU(lF$J4cr`n9CY3z$n(IJGd7-lRi|Rj8I@q6?vOojD z;rwc#|N4plXPC_Yd|TPZU%z*D_U_G8%3-Yc$HxN>+N2x5he*bI)8$n9=|XTo8K9u| zgzgeS{sk}XQSJ(*$i@IBFR#zq=K=g_$VBHvJ~cP$vtV;G?dQCP$v4%W@oV)0;>Yo& z=5zF&d-5rKG~E~^aiN-(R9v5Q3s;RtKM#M~K~*augDmQi7xA&<(O<2wUOH{c*H_4L z(>QCZ+U4E(23($O#sfxPcM!QmcntZFXB4xMxWz=?7j^kZf3=`!G;DRHf~~GBvX9VT zykgL1&EzEnB$mtwe-kZFtWWi@8j8)Gu2q)hqFvdGC2&crOF>q~Imv_B63X*uzl@=D0$$oIQ z6BUL3c9p|vFe#}zGSRL%DTZ;#JxS2@&QSCUrfNHi@HagAHiN$^DS?kVlvWn6DZIO6 z7rE4KVawXhd)EU~TbuLH`6Fq(^V24-v&QC37>%K=GG}mYT^uAl`K4jIl7U_4>Rn-k zo0BH}adPNHJjO$-tEkSMIBiDz0*A7A3XrStK0w@qSKu ze8e+1J?a@YnO82xZoX#ZMR$YZB^oR=xMg6b?I6m(s!l#GTw~DeD-@_QYP3#f?dMJV zspH8FKoNffXk_HSQKA=?EDL@9LuaP4kTCk@#7fZ##KP3|qor+9(PDr}$;(nss< z7})Caf12cViSx?o|C}vl)MQzC1&!jjg7nnm6rlUGJD+$I0TbVH}C`;c})m5%nUyi_ztF)za5#ayJ{u}$~ppnJ34 zZO-XKmv)CYh`W=VvGGt=aDUef>-yJ9TV@4WBB+=6jexN>rI?0D`QU=-2?G`C^!3s`IomT5@H4KiUotgmgSs5CJD*c?ABRigH zId#Q~ndUQUc)DWMO>iVSkuhZ?JlW|U?sZNrTFQaj3k+0WkVv#yHC z6hH5(z~5!%n?Ti&s@ds!hk~2)8JpB{Syxq~gWwC-$3O8ln+<65PFV5*W2=scg&vO^ z@t6#nKCALHz2X#@m0e`=PQh1PAok842!I>5+Irfk^M$|a)t(NbeLu~3K%b{Ntr>Vk z&GI&8V(ZicV1{+KQ+sEr^EVnoT-RaF!Q1}{#0FKAfb;j~2DP5Aq1}3)s;551sGhW_ zIX~N>#@iggRat+;JN7NysKUcmYH|Y0>0%-{jE-kMFZcg}kx82k zu46ADg#@pCezZTqq=BlQZz>w%p$bBA`XrlRa&ogYFxy+hy4i0Mj;9{&OH@!&On*I+ zz;`3Iq8PWp;c*%wQQI_6E=Sp|3hCL& z7wiEqZG2rxN)%wMUPQ+Wp7q&~fP0zu303g^yVu(?+#)kiIo+(nP(~)L0XJpc;j;~Q zCrTGD11pLJrOn=a)_@By=mmL&*NU4{J)rQ!PQNu6agUDzV^4IU{d}I0U`s06)-U=# zPWl+2>=pJGuREmrp+;@&oa!S*@ljU?`4akqq2^=fxw2V-DG_+_T-IIBhYLLYfMomr zT-Wy&3g$UoB31O)wS4g>ap8)G#boDSG1+k}fxvxlnt43nVEZehE>CG~$B^FFL>A*7 z1D_@o{jNhwPtXaYRQwMzMP{Dc4%aZ%ZqQuHb_U+H7DciubH;d(F6PA+WHl#}m47lV zik4tr;KpCIf8sBe>k{oQJDv+tN*^okB6o8;B;Iy+q9Hd{X=8J&N$A~^B>_bTx5J3s z`2Us2Ri+#e&}t+pTnIaBl~JXL-)=tyH5cpi*e#Jzz=tXJFhRyWIsBp4CH2RRK~Xdk z=w`uIIc4Po_s)5;UOy~YGr>kwK`5S_^{Yyl=QkDXwhmF@HGnjST8di9@p#`34e2&B zAL`WW2;AwTofLrxoT3%6{kx(jT!+Kbix=mf3Cf=Ho%4XS({kjcAUL!d)$|#@0TL0! zvC6sfQd(xT9$?vf>+>ud$v?AQh*S&KxD>F)RT}w@i_&Q|b#|r)_0+{i$;P(m0oIr} z61{6dWsrJ2XIT2+_#^`KI*r?Va9WXSa={fo9^4Tx>s|u)PdR$`6wsmvOk|i_rwO# zimhZ@@A`Xr))>1lv6II+p`FY}YOQ+JvErUs@fYI9*`DHY_~-n5<24-mf}^6&DV5;( z6%KAI^?+Qk!oj?vDaMx3j!2rT(jxzY&*m**aKasJjinhv1vmGt6`&AJzLTR3YErcC z)KX&nO}y`HU`yQ!Y^kF$u3)wOcv_70l_TGZp`U;Ld#LEc3+HC4r=zOI>>=ftZG%HWaOsz%MscX}h?zI@f; zRGiV}!)_*x+g+7gj=QEuOiIj_Njx?SRtL}#65gg|WljzYs(Vjr(pl>(VB`P=Lc-zV z)`dUiiaelP@r2da+x*TNad$>fIg8r&ybrZvWp0_KDr5CA?!iIj1p9Y|L0v3MAGOUI z|4HZ$Rn?uk*g1?pLP{W>?_*l-h3#G(xD8V+Ls-oEGhqPGyXwv)JcxcD8>Ww7I8nU_H{AQeyT908&8R4HE|9Zjy*{s29J(ouk8vig=qqSHr zlCrgVLpQ=K8~UEsXNlhJqXm|QR-xJj;x65;E5%kXdkR-PH)S4CoA|*l6>FtUGU_ZBS35lI^e&`Z30LEXG7WStXt!P06CHFl$ln? z6;Q6(5Rrc4SLX7aG5T(jE_;E6OR_R zQpNNDuX%vTk;4I@FMSwnB8LYcAAoOD1DxA(D%V8=D}HNYW2D@7Y1<@$wXBrpU*d^5 zJWSor(=j8k*Ab>r? z@ma-JR#uvJIjp8+kJpe9z8$0V{uQ}?k_ay_#@%C+o4Hq^n@h4fCrjBjzQs(5Y{7@g z)Jd1zK6~chKPfl3oLRe+>S7yL9zgV)8Wf8Yd0EXB5P_uWcycu&(S<~{g?qr*BjUVC zU=tnxxmqcrOv~L^<>mFyAD=nyzENh0dz>XI&~sx31QeXxEv!_7;19o3JM&AJBUSTO zonVye&SNYgPHy*ZAf7aNbdx_1-#_ZUyXxl;b9*s!V_2H@eKF@y z&%2j!n1t?K#}&cimO$y<&pU5nsFeHpX~J&vb}KG5f&E)w50=7viAAWh^(Gm&XPssC z>qE14VZF^a^1b*dUn$ng(L8@ij6u>wqvFwWuqti|at@T$7rOVtuE1=g z2>bNzvwHh6WRd@;-MV?L8H>+3_ZMoLc)Y1H{8iE7!->{soFiynw3^ONxKUrk zZLhY~6sM*u+Xm%u2V8sJ=1Ho(yx%;~-PoMyjn*4)CggN;xf(UPj~fKbr{(K=-T#~| z1b%z;gzI7Mft?3r!lA)`_Wn@hl2k)?>~AV1$$;<`>qYPW3#G1@<)@_i%M-1x#@V2d zgQvH1a~F{JwpTXcnuI&El+F_{Vk(PKaCT^wk4umz6)paJYCDNwPfEE8j9{hDQ+zUx zwBsS1UA1?d**P%9U~53bQ247%{<>3jn0>oJOQNTDj9DKE1?yrTgC{1Lraka{KlY&W zK4>brZC$op+<59$M`Dx*kZ%^uoxdXIq#@+2sL<;uMoqygIveusVv)%GmQPW zwE?hV?jID3OPWK#7K6etD+$;;L<+-RB>^mUD?QG2-1UHi5-@noGO@B)?&x_mM8DxazrT%6mUMMVo{AeX-|8MM>v04~4aH$gQwd}T)?ZEwtn~?6n!`%eTPjZo9UX>*KIr@M`rh^2c^|JP>5878 zLY-`Z62)cPa_!`@cC?-c#}?7p)e5_nObUjF%*G49$HR9Vi3&T7xg-cJK21TIg1cw= z!!3&v57*<*mzdAJLr#e2p|jeyAeHcNPIX|{#mhi+B9>cRS`|sP5*-?R7UR#-_s)Ne zQEk3Su;uv@=9bcZPqm{s*K8X5Vy0FBX0u7CFuPZOwKesMb_6EW@l1NjG)sGS5t1AF zc;L%WmQv{6t*;$nM=|INn4zY@M;!=~5u;l#ysIl{#wGr0GRDxbRFoz z%!ge*c61;4&~7??nP~Jh=r^6IbO|#aN>FBOJ>w~4rrumo#<&PKk)f0+>0dkE4Ng&g zTAKY@qsBTRhF){bipT51-hC@0u*vB^2of_eWWH}Dm%z~dKTa?q1o+!4X!KO^!_lUY zXAHCeMT-*fzIq&o^VgN;XAiu|p30E&@ziSy99ZNpBO3wszvA?m>#IPLZA4?f2yx-Ta&u5z4D`RL?rNIhmj27eIFat5ne_0BkSqTzk-qHZ3 zC#3&0J;9{F9WE>j9)K;b|1;MFNcR69aqa)>w*^?O>gu=>_&sa3foJp_D>b<}L<`z4 zzYhiW`mdqlydqUCRAYDd$$8=z-5t>%lqErFG*u);&;}IXZ zLAIO%j%$*@ex=VaBMJe#m302E^F0bIzDkeAdgP$omMa5i{SF!&b^wN=-_@uNAbo{)^H6 zl%M>~XlKlvW{G*6dy>1myFJ(cR)Q`LVctJJ?cY#Prp#xt&addsBA7F3s&(MYJOr_+ zTJHy941mCjPfIkW=8sZR79)d;=K>dQhYvx~FbhL-OC?6ezz<&a;Tcn)iudM*#wj=Kv>QabPZ0LOhI zS8kFA!M%5bNyg*zGk}qY7&x4LXW~bTDxDkg%kSVHV--Wo>r-CMN%#E8|8}_4I6DBq`$LxfNP}Wfv)-b&ci|*zPtC-Mg_( ze9_JWENU=E?Sf-Y<>j1TFe(t;b|7TcD}ga`B8k zrgKqZSmzzCO8b}L!t2R5oPeIXPa2MG{2iih2w_|y<~K-3Yv%#7^&zc+VKIo>;<2$d z{`dwmYbLtP3WZfF9a*^iz5-BpFCSuP;)0kc?HyFhIf&*iALzEqGY;wtz1x|Hm_Bdc zpA+Se;e8k12dnYLY&PXc_g7CI#;{q8KhmWGI%++E!A`*4Wi&Y52b)(hwV5s!ySY0w zUWaVByF_k`M|C|zkXQXtNeVUigN~CE;)$0?X=#%Jm!BITHQos*eVE#<_gG$SNi!}e z$$zWJ*i7a7bp|kORG8e^RTy0=0SAASRdUpRSaY>5rB`Mgn9@%tk-59uRp`~_>*8be zX596;o#D$pO<>_Z6xO5xEj^5S>0~-Cy9>qNIbm`*^meqLQ_~c5YB-S}VCGPdQ@s8Z z#o_I7Z$e>vT`H&Fd#8a(htJreQSzC_gl`?NRd(4~9#h{5P?fL3E4Kheq<2?3f<_J2$^6RU z+*VT1`uUNv@~uP%-{XTL=N}lQt(H@-@tU9<^*{W&e3W}#MeysJ%$Z9=Y1)ZV{w{)C zu)Z&a`!x%q0DlgOCE%(Q%`H{i{+T&{Vb1E_dI~ZXg%#OZFdp%hW{B)LirK%<81dj& zhnsioJ58s>H70nUr?i`!EuISr*g5^aUu#->zGg~2t!RGbJt2udUh|RWpv*1jNxo+- zrdx)~z9~bD&PNo_&en*#KI|2}AKS8uW(^0wy_N2&y_iM%d{^m5?=8)kO6H$ZNj8Oi zFlMV8i{x=l7}M6O`O>K8N%x)XXgs?6J}%#`nGqmg;pQ69`uMe)+%yau`qRodD3TSWBiREN40WYOlB8x~;$u zw8Jf=K%PR4t^YXfQwf<|S_IX-^@9|w;v$h~`D)wKZAq#4mjUYQEv|a)+o2w=OIV`rAZPG4$v?7D(UH~Bvpx0DDnZdNFfafE(2za1k=IGesec~T}J>Fy(U@|5{BrDKw z5-&3oNE{2W4`#id9HSPFby}Uo(9|ui1NgZv3W>72>FP@AWm}u;s`dm&yAhs>#CVC>?K5cC6W+O92%x$WB_OxW4@uTOD$YdI! z9ydilnm<*Fv)Mw&>3w6pZbh+IaUpNK7dtJdTn^Y%R=?a%iE>UkrZg0hh>%gLm+g4g zI@qS$K`C|;7eshndZfE6wF`tr^6y85#`#nRwog=qlYXoWRQxA>J3eB|n#}oB}=hno$@8*u4`>uJJD;gH(*EvP(@T(1<0Oro4 zK9O8szz=1ybwhhDsod)@$zI{HgF&433(@;5u`?eYRybrepKw3CPQ;MDg3B`xYePb- zt&ptdUE4|OYs}5OU()mSUJiJ()#{mv;Q6)ZH#uN@4kUFU5@EmkJ9_AJ#%L%;T&|(@ zU4!#|kt^TcO-3=X@1-m{<|MThlK#G$E0c ztxN^tDW`)cx%FtmaRk4)ivFjwtMzf;sHVENV}JO^%o+n9Ys;QG*x`9DIh-VuAb0`N zvd$V7m)_XpZhD!&{Cw%U|-7DO3jSi+wnJUQC$ep+Z3ecsg@f7 z?|mrDq2sa#QMxwp`$B zo~ohKbJ-zhE37|>Jl+Gi&4|?#T5i2sx7$ljY{(6#McQq($Gi@0i&Lugk-orLB*d*_ z4<9VsuP%Q#MJK3iYPzJS$7`l#DSD!Z+fR^0qUXu}u31mncLU%+<%^g?i|n5k&Rby= zC~e8NyK8hK5z#i22#%aHq1F6OatzfC%(xi#igllWF=k7Lj&`t!&-3B6mKSSrrO4pLK zHAyGpOE6hbpYQa+qKVx6Ms&46NBefr1U203(ob~s_YF@nUINXb> zhaR)8*=&c=FH;B4Ol0`6y{YFtuN&5l^y-t2TKj$XXZD{35<&H<(t36EkPEZ^z(%;o z6ygss3Ogl``CxUC9%Hk4lx^)C|N4fKa=LSS>}ZGqvu-K!9!-IXmMgf*_G-AxDBFdn zxxyz+7?WSTB$tkWc&e+T6-(DQQR7%abCNxINN~${Kw*;z(->@6Kz({?VkPVC$X9fL zcxJ0%=dYRHt(lwj2|NO7Se>nn>eLT=ZJKf2&@k?J>wR(P+qauyY`T;RZaAs&HWbdj z8D?`1E;%^oS^0q^s~z^Fc)W0d4e;8UCKh=Fg8B*tL3EBeN2Ue2%DI{n@2>li7UZH? z!ic{#koc_G*&de!vX6OezBbBjJ2V7v9*^7%kVoDVIS5dEO;=?qo!L>XKU`?$zvl4^ zCuUja?~msgUWbugt6CCPlM>EKz0y0SD?f3nI;B=iIJv=rK5F$lchPD7Q9BOtY{5+y@7X*-Nuy|R_5A6e`wz^4b(Lvhx449AQ0$v4b;)mjd<5&@OcQByYL|4jWrafG_k*QW4@4u(168s&KXo z7k%_;(H*GZ?&#v=faLnF;`?z*%>ny40b2V`YdDIUE>qEpDrBLd*B67fO2yv764)(- z-8o%-g5>Dff8#%iyTMa@mJe*DdFp5b-9j07dz9xF-GIkro|+~&9UZPImI7|z_kU=A znM+C-zLMMx=EVlz~MQCR)rF}ki1<&_U&hEnvS}r$7WaTfI!KFi(=a*&~X)< z{75dq{>8kSkL`U#oW<-v1_ko6nlUB~5JP?mjog6pwg(Qoc_hj!->aI{lP;M&__tY1 zyILyuNMU%Z9FK~d7n)tFu|IE#kAHl`Nvp(v^gwYY`Egr@=a8k5dRak_a=9yb4X-G} zXspHzr>MoerR3?Urx;-UzfVx{DG>Qy9Cu?hq+SrZ35B9gbq&p0xDu6EMHqmj>_7bR z%IRPNsxcC_J5L%eTEutnXH6;h_&O8=*l~o!SMH;oLf{T2mGSW$Y$SUbRV&$fn1uLH z*p5stW8&=2#zs%Gm0Vb%WY%)b=ACon^RPFCijg+a;vZC*b9xWiPioU<_d%D{W~2>; z@`9@Ew$aJZ;A2}^gMOm0HP8DtLvX?Y<@HPeRQ4{FvoYybNaR{ZvMijpIljbK%gJ2Z zwLkqhLXhU%8O_a6m+(H0$F}X|xuzIa-JMyEa&aNBxnOQmlSsF{U~YEnjMGf|zQ#az zbFcAg`xZ1%Muvzf1DvG_Ag8xTfADv!Fu(+a@d2~kZ)3R1n)#TG{4ZPhL z{Zo7_KO8UL_~>A?Su3R+2?@jmJ&R2pEg-F+UFe`&vGygFagAw&CvbRx0>Pfh>aT)_ z8^&GJ>%fw8yOVz77-wlBlrcU;dC2+2{jAG_1z_ZQR|IQ|Bk<^IVnoui<2Fz~PM2g! zRwlQS9(iZk1kKj5jlzPVUi!Kf1^x8&`7!n(tI8I&BJ^%bZG>C;oKMjlXYR#ADD~4} z-@3dww{(Dlq#9w3@_J&F#!s0@9V=1|uepSFFu?eskWoEV9&T0Ar|aC;C-#$0-Zj|n zZE@yk>Z6=Hj^xPJ=?AcV-5j1&v2j2>*NxIsA?Z6T&g%k;-tL)?@5fU09tWIhp;4ZI zCku4XV^nm80g)gKbG2Gw?)HK5nekpVYPkP>W~@|XC}2@1}Q!TC_7dWF<Ntr#IPWL{AdJPw8i*fI{vF<%-rp=A_ zwB#ml?vYs$HNlXM`Z5wnOgE3}<&p1w_8;+R%e`4+I4lv)jSblcc=QhkP9MB}JM8s_ z^i7h3eT{J|zaI>SB+rE$(+>_P-;!HJtCMTvrn>2K2}8Gscltn}s!~O=5xzZ@jKg~w z-#tg>ZjAcavehp4giXnam?EXQrO;)rm(oy)r{_VAWDsAtgzjaB84AknB_D{MDU(*q%gQ^=R+Wi_T$M=ZVxPG5 zYo=coFA1%v>dGU~LY244aHQQs%?7cnCD!Lm92+@FQ3^z~`CH1?fr@7XAn?zkTvsvz z%(=h4v@;6rwq;+$lz`Fbl+?YBA7xflA|+kPR%HY>o&VL z^y<;)FgHjp3D|WlQG4S!?Hyb)6C)AID}P8aDN8cRd_?zcHSdMqMcC#0Hl>vUXC5!3 zz>xuBh!_?9o()+PE{T9@qx7;j+GfNV-#a0qK8f87KZm+F3{S;BDUlCicf40ecnd`~85#oRpUMruL0jXLV@UyYgpOr2q`*Mg2M+ z*P;9jsE61PD-h>dH+~wQH1x5SEYOl!Dsl<>^2_252skx_S_wHTEJ_Lf|J@>pv@p8< zd2#s&vSJ9W5Fg`gy^8iZ(@~aSvj=l@lQ4SOBv8q9gQSqn#~wXD86%N7HFOBcylt_X zuBaxIox@;)=~yvwMGc`z^jHL)7yl)s2z({}BOV@qJ?Q^-8B8)5HJ%9J#-@+(3Ef6+ z|BRUvpY0*v{#vrT1bY`%xs%Lnj3D)fhOAU~sD20*9J(h{xci1tg6e>)g&1AperIA~ ze$uL#QtA}ohr(hm)f;}D#)|LV`8uc2Om%g{ku<}twQJ|q_Zk$%HN(hpD=VK^7DaZx zXi)Y>+}bQ`?lP#0(?$|0?2+6m#@`l7<`RRG~2QR|*Q+<3gb{#MzP0c4wBQ^QWP zSYbDrDZUbCu$-?+{x_a6c3B=B4=kaPH$;}mtb(2EK#hPKfU=ABaHV+Q*MwHYZDL<4 zjvRSc7oPrnWS3C1PGbdlD!E+=!JX*R2<(fB-gKt1FvOyb{2e@5*LNpt**9@g;KymV zr6$h)8tn5M2~<6C%gOdt7JX`+NtO1c%(7!*NfpSVD*fLE1BB*Y#nV`Ua5J}E1rb~Z z(+lRgET#i>*QUlYHb3Y*QR>Qr;bPqstP5ln|F zRs4#2ZOa-p&jy#+%7$F}CWe>zKirceOASBGRrnB2x!-twN>)p2VkY)(w2tekGv9xc zX!8P|BoZxI;J4vr5_Uo^S+di=|DZ;Hf1~HeZ_YLmq@^=B+Y)aT-wY$^C}T&X-I=BN zVotZ*_;9<_h7H5r3#`7nH>pdg{qKdwJ5a#|EYRxcsTbu>ES9g^5yyRMCnV?;ypb-Ad>b3j z9<*e>tZUFT(>goWu3i_Xd~Gwp>AN=kLFgf(WB*{DEQstAl|cF{rpMzx@u-t^PxKnV zZAa`O`c-c72ctL#jArLsE-26q+fo#~85nK6{?KwjBJ3*(C_lfm9r&n*Y67^>v$uNk zB^8ZwUZbz(RX?R+4``L^{^Xd1z`NIATPuS7PS`&7vAF>V5Fba|ROy#tOZuh-8Vdo( zPmf*M*&Ylj@-gep^UkHHhONk;p`^peQm0$f3JKqdLxHJ$mK8P6CW~3kWASq1Hwz`_ zF@Y51w5=`CX^pl`!nY(GtM)Vt;fAm98-}MegHMj|0J)iuNd1pRkaG$hKB{H9 S<~se$zzcrR+O%lD2ku|3`(dd7 literal 0 HcmV?d00001 diff --git a/docs/wiki/media/pr-example.png b/docs/wiki/media/pr-example.png new file mode 100644 index 0000000000000000000000000000000000000000..476ecc8b239d02b3455f68e444c42731df563c54 GIT binary patch literal 34136 zcmb5VWmsHGvj&Poa1HM6?(VKZgUdj0w+!y??gV#BaCavGg1fuB-pStkJNrBL{JD2M zPfzz+-PN_K>g}qQS>Y;5(n#=l@L*tINU|~#YG7cndZ4lx91Q698m^E93=C1!Qe0d` zR$QD!#mU~>(gpwqCKH~l1*`pOH(q zb>xxo)%pxZ;#!iJ{3LD?b+t5HCkSM8qpjMt^!92Z^WM9_Yj5ZMuJ^3RsdQ(HvkpkV zCCeC@r08A!^DQS!F*q5(u_h=t%;*oG@H0EMy~Gt9OI7Rfw?f9d^vW zpDf;e8Sw;sh_JyZ;J4Hbh`3?5`oK1l_2PMm!M-JNXQnVGm}vW_;K0CLlF=%qZp+as zC2zm7Wj5n{?4JOmDRbc2asgAX5z8^?Rt&`}e?{eo_kS7dk9PVAE<9=vK9j!^R>QBImjzw|BM_D#*Q8Hq!Y*VbU`CuN=H?Q371 z97Rer!3uj0DnpA$wHA93?M_@2k5Xf!AiZ<~&iZ8z1@J=hq4HnxfE%OYix5zZ$G~Y_ zlvxIlaP>O`=gmMrp74aZk{a|+Aw+2`*r4qX(s<>&TAF@!n64i|A=~HXYB>ho13&Aa!*=!Ky@Zx$f6lEfK2n8-_ ziV!%6JvcHibn)-8k~56J}nn)hH*9*axBE z&tg;6aRAz_6!YM>#JhF#i@q6^g?Pdd8c(RjSew^t84X>Hd1EZgYTxl#fw|dDuZ9qy z&)w7$>9fE>$g52_V=uBX;{xspnHxa`tjh`JoZk-<>Ov0>SHYC3YEpaFdXM_Nm<{5$ zkeo`6M9&z`n2s339q-4N!)bR8qumJeFz7?vM;EFWvWr6-(s^Ud)x}?nxL}9(l5bC6 zF&LliNcgJOTcCZxHoUDI94;2znQkz_U{^NpgrBk-%)6CC*}$-4oG7;-cthoxp&n9H z0{InDaKPD(koLC`SNyOqApJ=&B?5Tjps4x|*f;pF11*g{rlH7*;A$h!`5_sxFTl9@ zcWjW9!VdM|IuPl>X!R&Mpj77&T|nFfx^J)tkWd6g{6rP($Eg!JLA40-e<1Of;Xx0i zAf=VzBa@&QW-tR+3#pXgBGHYv+5vOIPD!Jdw6mlDdyDG#v94=JVO!vo|g za3DsDQ|BKZsDDRgluG?}{FBZF<#T9`D02b#FQpr3K0j~;+?gH)7GRWrU9AiQu6$qr z0zoAv{ZM)B=Sno8{bOzFxlr%^a2}+R?K=nP(2YwT?A(Z{p41Ke3w;m5wJ5`(whNyZ ze1AC>k_9w@4>r9XVtmGU`9Ug53!*$?Jh1m_D4T@wGP9(g(N;GN6v)icEzna@xzX>@ zlrfgWSNp-y!waSB$vqRvWC_%S%7VV6nPRyB} zp{y@gRh&~KROq8pRK{0Yui;tltU<4StX@;rsZL&@Q_A|AssgJ#xq?uw?b}?5l4g^- zMVa&LeyLU|vBtRy@y|R<9!m+Uoi7Z(7OEUox6`R)XVlnL5=(R{TNJM=&AE{Z(tl}l zFxi6J@}Ck^Nk^6fiU#IJXX$2^Dt;ILuBj?J{g$04sNW{`9OPDlTx?p_H#ah;Q|zp= zpE6m37DApz{y_dQwv^D(wja0}-|ExqwW_x2-OBAMeE91Y;Pcv$H*P7x#n9Z%tEtO)22eK z0fKhj`L0*nGbmrSrYjcnOQnBR*9&?#AWQjKBhWmF=mWXI#n$QdXzz^5t-|%#mD^p}vBu@x z=nLyN9C;jU0XU*JB4@!Epx2Gd_4vKO!DDJ_hgQnGU5$ll)!@~T9r5z1?a{>L+R^Hv z_`U4q;?~Te_14&B)s^>-#oo~M^5%V#W#72jnQ`Zh`wjLp@ulz7mDz-OHgY#a0Hhq` z5(FpYHY7Kc5F#6r97_3zBNR8J99%EHAXM~^^<;&Cw!?e%6^pO=XZa1{nSJWLCVgB% zg78g9*rD7p;zPkPx}0Y|L6Si%--OU5>dCbvg~IA1GVoj(GH?j7^wC}^25HST733Kh z-Q-Tr7Tg`*9LKiK26Ttyw=&UZ(W$7^soRwiW%SY)cztdj7PpzH52-&S;3de8d>G+R zfTe;`(q_-M_;%c%5Z*+kqnIIdxMlV_vY4o>pqkm6?nDzDmylM^zl%Vf@M!>722i3| zeCMpQ@?!;CKzPl{fO$Q$E8(4Eg5MUf)ZlV{qjA`Q+ljl2>kW}&6u6;bF0;2ceyBGoeEye#SV4PA9#eX7j5_%5=qpZ_YZUDgxn@$-dr zr-ljRqvW*4#wQik3**nd-^FJ*ixEniCTp|nJO*ca^Lp3Kx7b_QGtJY-GlVOwxt#Cj zc!#rQc@>=}_C8LXreh1(&wGu&R6cfL^M0&i_}WI|C~8_~eA&KrW*FdGMytw*mg>TA z^SRj*ty8A9)b=uM;27JNemB{G&Y6Lp`MEx*ZD+bhsjK?g)xmOUx)ESE#>Gg@gw53T zqt|_)IvI~1LCdWMuc_RQ)7$m%sL8sxvPJt$t<#ecP-SMj-+JMSbUZQ7Z1@fk9}LOF zdc%6AL!!gh>RcaQ_OMM{FJ77m$sFVIT_Rg>0$N|pwbG51U)lECLNDjoC@-vC;cqt` z5kB#cx_PbAt}M3Dn`=4$0J`4V1+I=+{lt@1JkJRSR-Yj)EUQ=>wz=j`cGkZdb(y_i zL(;<95hC(0xP&>D-qj9lj*@>TFLISxjcR>+ih7z1DGa$Q$d}H<>%fa8aOP>eZXUUe zz*wSA$u7)d5aRVHznJZ|{B_vLerVB}SZD&`eH_28?<+jLH>c@7@G94*5nB;`YPzg!aNXgy_qF@>ntOqp zX+5fW(TDzR?ldNxFuTdKDR*_G^ZLlHXLag+ZcY^+_s3oA`MD>h59hr1 zxX#LFtLq<^x(iLufxLl%WHD*v&sg0?k~7m_9vv89R_I_H9zq2Qak=ki(DAuC0Js-w z24V8i2z;;~7w>|tC~vDSV70#d0zRVNKf=KzRKdfp!4A?``&K!fVQl;q9Pa_s0;@N1&#*>4Jv_y zk`Orl|CFV`X}}==dJX{w7HSCw^-mimQ2ytN1EoJSf9H@1Az-keJ9JR;$bu|2a!_ zZ5M4t1wK=ITP9;OdlLYYhpoe(e!v7g_&`NlfQvDShpmmBGoObb*BG@Z_@v&`hSyZI0Kx-?QKCUU4;HM*FVJnUHK28 z0P`Qo|4S2ptNE{|AUzAg3o!qW&4l2o*fdQ*W+bqbP*w-!Advlak%E3{KH)Q z1M|Z;5`GqPbigFb$+9Qp3$)*^-|G&wF7w{!06PzT?sbpvpF4q*i_a$w_wS&TaknJd zX!C55s;UNs2`(vurt<$elfm^TvvN?xW$zIE|3USq|40$Dz~j5q<%vB;-SI}-<#FNn z7gM*Bh5R@=hzLKjJUE&^nbF;nHFLvx=X1t4$;gbYfrxbPyG80DRaGI1A=2LvGhqJh z4{pfwP>oxpU;C8SKE7}c9=kwG55ey2Vg;%=B#$iCB(YO!hdVX)> zTg2DWznT5bQy2mkli5x#g(00hL~B?4g>|kXJzPY|hd(|1=b7f=LM=Xm;D76hWEFMT zvQyKu%LUl?nfNd5!81Ydg1DGDtbVsld_28h7u<}|DM8EkjCBrj9 zEH~P*>(WBN9K_xp3lfYHc-8V=bVGJrtD_{L$YQZh82&^R*-5LqdBtgn?94_oxNUeo z^?(K(_{SjOKAHT``Bz~oMrgx~>8O4*=UPT>!J2=m!~eSo3HN^KPndZmeC~`}9l05k z=W~0xUvkOc%p5fSmn^9M`h%4v!#Fk`j2h)hv^w7;jPCNFcEtnYejVdRiXeOQ<3=iL z_PN*$-*8u+e)=Dr_(Q~sAYc6$ea3oN%R~ALKO`Nf!#%w4NC*Ijaqx< zOy!6I7p7fz32*;WgG+Wxb&+t9AE!oDfBzgCU0qf^_en^CU)@*?EZ)@VXnDkC<^Qq_ zh!Rn{{=;%-Ezec!&#U}ldB_`~n>xD@k@g^5sc(JVP=^IGr*8!SAl_>I3k`GQiRk~OqJv|(uD4rNHXoa-g2A6Ab{Zy?jZ_h$ zpq0oV?L!NDIyK{AkQxe6@asvy76qyD3~7n$KdMyUr)j$TfK;s#W>=I<14pe#<}WtOs6K`DU;YSAY~#G^olAI{ zZvHj$BPU=i1!>eAsbMq}s<+@nFsgqoh@*G`o814KBOgTB1qdgAul7IxHffvzTp^ou z3#alI2mR~Ud-I_f!o7<=WcKINrd(i6&c6oqBa35$7;irLF>kOpOdbQ*Zukh=aOB93 zBSXCdfzspuf>J@61nV!HoFn~XQV>qm_h_2-K*FtiJy%Wmst>?pDlK$q{4d#L2*D%h zY&3nZt2*jTg5mw4X^7F`qNy;|pn5^ZLynC>N`DLa;r;JGk2{1b?EM3hLl8(x{sR(_ z?dAlMdN||RW*JrfH-iu`go$vEC>GBILFpMRe+6-oE(BA|K!xMqOGN)-k0uH(X!o#p zk3I^=D)S%ZJHh&wI>+MaIq!RaDf_QC0P|;wl1~%(K$I^VAtFVVw;qhA$6jx0UGQ%Z z$@@u)no@(5S@RRT6zLzV4s$|%n-sKinE0Xf4fn=Wwf>f&2+1 z8r;}S@IsQktb2eLTg^dsoGx8Xi=d~JMZuR4lNo8kc-yNVY2Crf|kQC{yV6}?ZZiA17|lf z_G{#b4???R2>Hi{a=lCC7QPK1c`;@1#yrlIfS@7YqvoJIF_ z@9TrIr?lRne}oItF}6Q`f4diMa9MP6{^<{!F`BH*{JmYwzz6&Ai_L(0Tq+Lc-MP{- zvAEIL9OGUeiZGWnp~f$Qr*mI=h6oXVDWjQUMe~sa?s3|ZESngCt6_-Mk5yi8qyR&a{O{CI=v;V zo`~PBr-aRKkL<^>D>T#XyIxb)fI7|u-rPg#d`o%6JKU>t_s9(!!3!SuSCI(gT?l1c zT!`D~RLV-7Q%c!w8Me!f>Eg(|{fKQq2c?fyfL$;M)4>?_SS6qF6b`S2)ncV=d8fSD z04)gvZ|p-Wn*sbWdc-gDsder_uH*7Stql3&xlO7gdvqumWIU5j-G;$E zJXWt#TK#gD1b%pnE4&v)|usgHftRpNR}ER&V<@P8a=}&b`mqix#=dFU*}R!Ubl912xR7`fazhwx$NgtIERZ zjG0YAy(KSbyAwV~HhAzA0h6h(PscTyO&5>*hH(a)#1SiwQM@53Z?`qR!M!5v z0Al}I0sRH9#hUn(I7>Kn;d8Hs^gXaSa`Vs6y^Yj_H!6$i-1U9;K?B1RCEi1lg%{b< z*}&<+jaIkQ*uCmE$dk+p&z{HP-5-qb>$(j6j6~k&IM?gS!av|iY(-?!yvzP`lO=IEwt9_EjHl5{vx;XTARur!cLx`l@2Rw4d<}S>eUbu^{5D*WII-Zk zZJVvkcPPQ`eY6c-{8q#G*{1dW084xQY_&D*xW+oYhJO3&`qxa)!=hAMLUzRwEVy=M zu|K|nDEAw=;V5Q-oEg~k%OEnhE1P}iZDSQ6bB;TWDVx8@GupZ2tLLSDA!y1{x(5w& zbqW|=@cY7cA02)v7LCuzc6;wSUetV3a=xGMM9GkwOXwCd=Gqly~EZK?^I z+YG(m3oDM#w)y4op}!j{vX6JOS$ryao4&f93lQ!Se0Lq1Bs3>ZXo(?Pq(_qloVD+p zFJraaF0Fpitn^_1Woxj65v$BqlH(NNPIL=~oF|}_%u^~Mh5G|HF<>;+IQah5{f@mR z(Qz#{MsN>@{p$^!v&7?-&&XHCP_&J6iu6RK1utGbK}IG>RHL=RT7113QIzB_YYVlG zicGwIj-4($6uRWorfUdk3(Y{V9xiC#0r>A@)S6& z{7?|~yq;)M2#sL{%7cSlcYD_rr0znTC?xxIE&4}VO$E{}JiWee9~lkZFk{(s zyq5gztDW|6&1ocW;wB3YY4)=;c|X3Edt92BKdSkX;}&>K{FukB+>>4d*tgqdGhFv= zM9A=v1#;%70yqB0NGp;c`^Whw!d5rwZ8q{{*6%EFd0yv1r+Jy=C7dTmEvinTc}i!GYrmmr(I-jIPBo$8gi+a zyCosZEvQdbM~iEo21KPjoFQ(11?em=_jD8W5m|-rl{exf++C3YMj&rHqKNpi=JA)} zZ-H%#UBxi-t2p&0@LIDQt@x=cJfn;QrhKEk#z@t=jW(?NS-{R1J5R`_Y>5ZlR zIbDTxHdxrsgmR1AA4BCC-Qyq7;RAa(MXzVL4s$liCvI?+m!5ha0#sJ0Rr>?H?-z%> zZg1z!XAhpoVTrxI%qR=La$GO$NKZF1rmNNc;y~Ap&Yvv;;fDMaZf_>Ga zU++!8km}xpa9enPveJ@xH@9Mhdi4DPe87@9SIu!PUlw6_)X#$5QQ!CVmOGGzBa~3n zE%s+!nZSI_i7y;+lHvC+s-MbT$^=LETbsKU=FcoXKZX>&K8LK#Q!rHf-1c8P5{96g zN7UGRR+Xu43+QqVj#g1ma;wom1V!+^T=ZcyPMx=Ozn0|sa8b$;nW4T7F~>fSvv{rm zdvluF&tR@WlMh|yRkhinjpz@tW0EzU1PjW)qFGlf0P ze#~C9Soa=}mnP_u^yqq!ny-2ezf)aM08*yppMO{Ay$`~-|1vY#{{AMnd{-p@aruR< zkVUiIWY=1I>+Tz|qv2AkYlX%Zk=ShyQ4Eu#F7U4Nx9%pN#T|QbudfNc9wpP20S;uH z73R9$qBsiYKm=Ce$Qo;EEP`GNaf;7l?V|wj$Ycc$ukYn-peg!Z1LiycafU?L%O>C< zv~}@yywsjR^xTseT|H4X$vwAHp-`CHJ*TC@kb%Mbx*{`OsOfHPyD^x#)6DL4X5PSl zA+HmcqxPN1^8wc8YWr2%i(nXo~IZ7!=C%u3cwS-#fhS{^MR{Q z%bm^(ZglBkUurDUsEc)$`Cu94t6lxEk15Px=P2?H z%Z&4`Chu3_cV0FJhRX_s)KhNr*UKT|6yhKU?+t%gr#XoC%*=JkOk{m$%-oRMXi^u5B{8zhi3 z^mikcyWmqrtbRC4OEc`f4|)8sDfoIvDh+4g<-5Tw_j4s#Cghqvw+Ta(rY;a!V0e3` znMkzD_|ex>cq!ll@P(4>1S)#o=XS>$gDCBw%7IX!9r`W?met@+;-$|!O)HM6;3bJt?6aRHJJ!XiW1%O3T`$%7D`W+iIV=ZrD9 zzEGdrWM3KM11c6SQV0|?6ydABeDB-Q=c|b*{atobrG#!= zCla`INMDRQh}XVRTpTUYrrVYQz17Mx!4#PJV1&K+m|Yg2;J9#gpqByL8^nF(=i4I7 zx%Oahi4OVWrBero-q!_hH#)Wi!)z8R5m=b?sOJJhA>>65mJu&ljP(PP;oGaW`O~Hq z3-lidmL61{@(1zV6(RX6ae*r9pLg;i?_t007GdATJ+g*ySgrKmDek0myT{ZBL0Xbr zv>(%w;og87yPDPU-wKnXrj#IL#*R&l7~T+i8A^U>?`Q6Iw@sHq{I`{&)>L5*?R` zLM7DXA+w6GjkTBRiDBswymk-!`LdJyu$F}j`mp|GP^{}xa}M%Qc$&)$fWm0K3zbe4 z>yK?Z=nPr=_Vw1vdWt7&ubjmTaa4vYcdNzcE6w+FklUL`I7UhR-7w_inw0)>vFXwU ze61!G9`!srv>2}iN-ZqsFYjViM@?uMO6~)jm0sGspWUuGFB3M%UtPMgm`l$q4PK*n zDdm#FP=Mq2EnUXXLBu&DH?wCA4#-02eC{`%d(eTk?&l~KT`BkZC%H0QE6tb6TamGF zvz}u>_)*8%7HV6h>L1qgY|3h-_-peR%n&dW<`Wqz2bt{N>tpqRv5EFa1cn)M_AIBX z5x4hbwIaFEu{)g6Flq|{z}ou;B>jy8jF-bh^XBG(bd8#J*** zuPhw0G2EuzpQVC%aL<8AhTh&JaP37Dk^_#^r;sFP)R{GY&BYm8cT$!*=ga3GR+c$F zR>hw89jni&1QPJWps7(Bg0+Fsb;~=;hmKkY(%{|4apb407;i=;flDZ7%T>P4h;Vhs z?5+)HcHm?~<3o;MYdVH9PfvU24idh3TJGT+GV#|YUTu$(0C11p-}B?tL9|2OL;SpN z&8CXUbQk?|gz5z>2-cw@ zl-gH)#vVPn(+*i%C0Et+BWctNGHb29qttxx>+6w6zz)l*6E_O}fXV^fn`uUkeMmxfhs@mV5YRa4z&-;9HBtLBa0R#H(wfAo zI}akDp-qvAdLaFgYSmXHU7{z+^-gbvt~bak(bQZN0+^e&u`FjL&Q8psJP+&!9{@+b<=bL*OR zGti1RSEutuF%#O`X2Z|NoHBU8`gdzphnwlMTk*Cc>i~3WLk3Pa=`3;HY+TT5%m$@b z?}wqWu{)llw)KKMKZHP-bzAev4BJn2UCe{VsTWmB*<7n^*J&u#&F#i|DHEAZX|%C| z<|$}IIGO22U{)$!ot87L$u$X3g9bqW(?IU^P?ho5vsP0Sz<1(;vHJ~oB;2ocHJs>mqYwK( zIdrtxz4Knl%)A^Ge`kBg>D+lO<}?1T-~qf z?rS>6DP6ZIRTxK3=LhkKf&M3~iG!5G^a&(d`oEih5wQ_C#5E@#qejQg}PkFGra8`(`v8NUiwpmWV)%&$xD~8Ng zLNUxXA8+c=P^`EE*q&6TluzNnC|ehCMEUBo)?ncAqW-9&b-7S$>`lKc*8=i=s3}v~ z%uA~t7~W&&OMLCGdukO!aW7?xsP9fYRS&yx$<) zERAZhTD;nI6gZcq&i=C0XlZMuugzXT@%ka~@0~oBDa1@zuhA>+bq->$hxnmLQKCwh zn_oLWe^LDOH2rYMrseaH|436oyy?l3lOL<+G$L8J9OEt!*Zy(u3qvy)GxQJvsz(GD z$9^F8(@n#aj4~gi(m7H#b)$J-02) z%Q%;Yk9k5=-LQhKL%~}?>l-_#4c;lrw2BgC@7@(*p8)Ww?jT+`XOCw$+wB`c<00K7 zNM8JFewX3|l%6#AOUWNqZ_M#_$X^8yzJF}5jjI6ovNDq;5aSa9Oz5s@&l0a+0`~Va zsEd^f9zAlj3}=7P9-`SD{agbgGJEv|Q$`v#C}m|mT+!EL7<|WphSG;6laXnC%CHvH zKLDP00&HP@t_R1{fl{tXyX`E#)%ps_gq@*deZZl&RrwL0{vbEgV=<#sKFhIA_S;L^ zJ>;c#-8BS#qRgLWl9YrD+(COV~5%wK>K$s<@S`>XS{COmeDjmu( zQcyx>lB-I0X2Y;wJ|ch~(ZyLNAM)r|RRusIZzsf&A}nN8u)jJ+g0H1CtdkuOqKOhWCf*(7OP$CQ$VyQ|Qz&uoL{qTb}rOdaNdFb~UuVsu^As zXG}BgGAi(i=5Q`0QTO{g!~0nTe0LA&p;3Zes6aodoktB_q`XR z2jaX-dU)67I&Xpk!lEd%`=CDyHQBo?_36b@h#YYGqz#sB=~Ql;FL(*RG|+L*NBScv z$h_p!sMEfUr#9cqm(R19*aX7C-{$nI%PT*ZIwugMZe&p+{k(cqA-U_=X7U{2ALQXb z4X1U?iJ21Op66@zNcTe48zSSSR?2ed+D9ed?>I7ZFsDXulJSb2n)2p4T<|-GSy#sF zZJIfHN&)g%NYc_D@L!Kj3r)6+@6=LTx*_JEh_jb|R7r9_ zpQAkE4~2wH;?#EBmbRFA8HVW{jK)jf${wwgD}Y5 z{SF&Oy`CC1uO@ZDW=<$$;~+bVU}qrIb$!?A_!5w`Yc#tqcbclxW(-lkqo&**!k!x5`l(wgj+nUwN(Qi2#6FZ9_)9zVR4sr!+l z;OiA!+)r@N>)(o0@%kqUt#m5&CAV@N6 zwqHjm3dA8**Pn$yaIcVq_Ai;v6=&@OAK1oWH_9IM^Au7yO8Eg-eU6i;ytJ?_Q+>Qg zu4|8+9p`33Pz zaqt@iRT+7R7l-efbC$&RiTQNP;72#nbDnsYT#_zNNU5Ks?kLx1t|%%@V}`1aL`k&E zTSAcgX`iT9geQd}XIjohP+<2xk$I;MU+6ut^&+RK&3xr0l_y+1T&^%bZ@38O4!-6% z^j^aJ0yM|A3Vg+U<=pE#{=AA>+9m=0dEKEyUk^(Qcb}roImrdpA!0Iq=5L>mi$(*j zM5#Pv%i+;O14hmO2RYmQ_S#zOHXfHSO1T+ij2mM;u@wD4mm0xe?b}IYDrtOozuKAMHHF zi4|M^1-I8qqap!JeOAJ=I?Jf#B+=40g3cmGG@s=S04)^s(X=3aNvsiclu7k`bY8!8sCQkqiplkGF211(x522ldI zmq*lVu+BS_5wC2NQ6a^_2O*$h0dQI@BHeI^ct78nD!^814t!t&$l)NJBCTt#N5L8b zlI!tlR#2Z15OR&mrJ@P!&U=I{7rH%BQxaIkg%k!;6SerozH}+V{7ToM7mSCg@$o2Q zZMhedg@*pv8(_jIctq>yid0Q#ceI0R3A{Z}B3eq#=n6~!8r)v$;WT9SwsTYVGHlZU ztcjz5RS9rhU^0UihbdTi^2=EO7R!c-fn17$+K+kG%mdC?-@ zhrL)3jjqxRv%uN_NB39UU&r+ylL(%MV6>Q!D}uX;F;{(kuhBed8}cCzFU$mPXBW6* zp-O0RRK?gx3o!}KcB59_q^K6po%)Z}#vIGwIz&Q&XI31Bw=Xj8Lhx(>V zMjG6I+<6*$WAbW5VXD#UiLx2cIK zb@f;>iVDMgJ{C-6Wq^b3?MXvb=uRYahk`2l$BmC|(;6|9J`i|UvI8WOtZt3A&Vd?C zeSM#GR*ngUjHu4bhK|+>XGaTPUTBBkp`TqGuL^pFTSPW+D|tm-kvEEzR|{2oh#eq#24deLfM{l}Gg6l@f&?CRyx)JAKH zW{BOBb7J&#pVJZ2PGvaO>+^IY-o})On&trSlE>HG(VdH?zIJIRs6!QbFbsY|hVDNV9cT=w-}1qq}v*27t*NN9aG^+wxyV#OGgHw?tT`hiKxN@xDXrEHlvft2jCjal7=_vkPP6IYs}idI&wg)k{tB)8dG6w5Qyd_$T#R|3rt-D&1o%{J0Z($ z4>w_{mkgsmOy{Gm&){m5FL9Ku3_vfgmBMHxVT5#byFXtJ<)+zpJx}s6YzyHq@|)3K zvNAc)oX}j=kF?QQujuL@3`kri2 z4Pk~dk9B`Y%`h^~3j z;#WwmlY65{BS9%cc_Y^d^^=h>z?cMNxt-Jv;qhP?{ieT$k7G5KfUE&a2$9PYAFOm- z^K|>YW5c%Q1SL`E-`&^46BOp5c26E1=OZAY?d_nxIAdzb-bGcRnkb{@`BiQW>hR~XXlyWCV&q{*d(wb7DUvEu zdMrHunp_~Mi?MbzB6SIh@YArs-2+BWJHyyugB}qqJ=!K_DC!AUf<_8B_VqK_H0(9} zBF!~z4)v`Hk2L?Kg3So{Tj;Hd%=Q7clYo1{y1rUd&OFyjphm;)C}E6v8!GHC4v~Y@ zpYH)Ldq@ka8&GgUVA=uQ=lTvlHfXQ}B*qmZ$m@^-unFw+7&~qYQY_WoXj$ZT{#|{& z+*D2HBFbUI2Ho(k0Pm2tefK1x&H44-gECdEC}xLlGck&2go9VRf^(!--ReWfEec?0nj77s zqm06(!tTKZ_3ZV{e!NG)gp&-T7dnLzNRzvCPXbGiTosI{>W~c4bxhg#<(CP&>l5O$jR(>^31u*a zhe=dPN218?SSokZCmP0sfWct)BLVK^(J1JUU~EjtS2P3Vw87AVn1 ziyG}PSU6a1ecJo7t#Ar{7%ez!6k!h9$v`~UK8m2Y0g|0`uG>o<@w!U0Z&Gj>(d@Q*;nX@>*aeY_2s;MqwTIMd<4I9(evJuMj{@!>5#$CLS$<7z$ z4KZz`pm`%PVXM`~4(|M}mo11XXJtIDfLaOO1lGU}Vc^~;M~H76DuHOZ&nGrMUMn3c z{V~lJrJ>Xo3C(hW^iamg11BkwKx4ChA##$H(2M0o@B7Buxc6EzqJ?L)CHTD$0SIel z6f7Rt`c7r;Bi<#sURQ=Q-*#`g2)Ehs{nqkTY~)jze$4k=H1rT+n-M46lPI#aPH#jA z4Qw-wisNX0Tyr26tEvCx%2V_^|M!G34HhU;;zp^QvxqsT2^h1$WlH1e^{{U|14MBE zGJz0#>Nxx&3pF>%^9DbL925fBB0sF%-~bm%*xeATIw#Qy3dU2@AdMuTevk-#K*msD zF%yd)XpScEL5W79v~`;0m5q^CkrL!M1h+qP2+lDU5A6?*_B_~>wjHKY2Mf`L%O&9{ zQ!G%i$-{`@XJYzJgjxJRq~j4EVJ!@f1Za*BJ*i@RWN*os!}{jni(1tCP_o>FFJre#b_aVkn%W*dFl}RVsL-0+&C)sP} zoKRMfkP9hQulPBkEBTUm%!=!PJMEJ2)RQ^EV%#~M3Om%6d`XHo|917x)=z}!ya7(h zSS-WPm1u%F>z4$pJpzBl-n<0$6q?*|KI4W+qGjI8Ilj8#Dyl-HKVKg#I4C@fo=7FQ zLu=1$|I@D#SY|(?uY(-njT@1K;O{l=go{|e+UmAP(Wb?)gBF)bh13(a2N9Zdf!SWq zj|zO(q`iGF3>KtiDz5t_u+)mR$Wrx0s*ft}$T?RBeU9|QyGPhG8mi2o#hqCoeF^CF zjyyW@VXh8c9=-8kQ$}VQHB_KPquQk5X#}7Llavc*2q%Wq=4NXOBb+sMwtm^m=W=hbwkjiDjsw5#1zwZa9u@kG*x$GFq5U8-y;VUUJ%873yVH|X+- z^b++--^rDVX&wrhk?=u9lyKhb*Ax|f?^TU=l1GjZbiIFH_j#Te-D)4TaF&+Amn?WLp4#fQQtDJi!3U)AQX<6d5@cnI1R3{$?q} z_Qx4<6yYu2vel(FY}|&}&BCCr1n!aI2Ca?!u8)}P!F+9Dq=wH*};&a@|kLpMH8>NsPK|6q*Eg}OrNW$K9 z3yp@`V4_E~>HC14J9p4YsyGLpfdlz|Xi08{(q!AvlFe1?>@PCaqt-eASXK}PAoLtO zrTrA`#zt+;k70h}ieB(FP;Y_aIcC-(&p=znxhJ^J6J!6p#$&mUT`t$*S(oms)kvG@ zWI+3%*{v$(Q@ZOyGn3~{>67)Mp@H}AKr>?@YR&`UXAiIdXHpy1k=RlDcuxs4;d zKov(XJr$*Z@kOfJ@e?2fn%Lt=C`(qTUjhwe)Xcg!D%k`r64D zO`QTZp);lA$uG_l0%K8O38$cC^D&g52s9V4-~;6nfg{}__v16{TQK4)Lm0Adh}G33 zL$^If%lW3`EdJgmpH+C+Q$0|0Skg*~6A@n_0m8ivY_feMh6qo|IIS4zSvZexAzFHe zo;CIE*d-$)v`-D&?7D5P{cF=K2=Z&2h& zaiVnMK;LoM)%bWa2T52`>^xIegIu}ORF$KDlM{9Xx<`M@GoCZ=L-f;`v5WtVC3&R~D=th%re(MjDL?t6DsP0klGPSHDkM6cW4xMR- z9}u+DK`Xg5O~1t&%fQE{p|CLf1we6>;RJ2P+&}JFh_+}xZ?)cGni36m)?$WSDi7IH z+dKzc6}A216dnqBmWutRAp+Yk>b{=lxHhU5l(UceW%1Eqn}|e-;@pSI)BIY_&C<`M z;OXKtR)B3$*O58dDeLT>{?TThWc0C!6>4v-JF*KQ5TpvPn&(Wyz={*t z?V;%KPd~SL7o>m8Gd3+r%X$7x-hJ6Itu9f&ioplg?C*Riq8!7hzQVrmEqxuU>C)L3 zbsODfD|i{@6}=J~8HL|Ur&vF_T2bqC1V9O(R4DNx5^0hIZ>|@baM(yd3CQD_*cGV6 zYt3}_k$`+fDK8i6v7x$UXwB4tRx(%FOyWqJDmh! z+Q|XQEbf#^^@S{@ljCRP_E07LDtOuvcF%oFeU>n)>dt%FPUl9O7HZHV;Ne3idQXzH zIs8678Y6#76~|8kXk*O72PNtxlw2B!2|Fnf{WPg4MnpZg&UhF15XtP(q`;t=)n#>>WhiBu3i#&xNaw@bW)INC+?Hqmk0LY_siLnme-9B^JRIoSFHBxUy? zZKuE5IcNzqe{uGp+ZzTPcu8Bg^cg>w;awdB#P@wxha!hNbJ(miVB#ioa>fc(Px|dAo=F z@I<|G<6sQ^edg~38QSw^g&#h)UM7KifM~d_`mQ!<>wOc6Xkl8jTe0NcXa>fY!}9L} z8#nczuYQ#%N@lEPyY>`k+oQyd_cU%#nhMGVmB&B7MJ%+<^U52}tEgu^*iaG9%w4X_ z1DqoxIGhNs(h4}g4`ZJZV}>Z5d^4>Gi&hcNKp1a;|@Tv5cXE~hj4aK$ep-s2kO?c82uoN6w!4L>G5ddG@>&UgtfIbBWF;uO*dsQY9UC&5jSN#(8$Vl344m;qqp^zHLco{c=09lG zSETQ@nhh6cS+81NBY}asFeK7waeEsCUC3N<+SVMx{6RfLHYhy{a>=XAqwOKhZUo2# zGz0QiBatwN?oLdk-VaVl^@-u>m}Wsm_3kev)j0MmFeTJx87c2xe^lsc*{rXQu%=1X~^4Gt#>D6QgmlXM7#O?_mY&RC6zUjrQG}7TN5M7!-^m zAU>=lX+e!?KwvhZS`gfsP2&C0a50fVkr!Y0(#jfsv#?MOyxdZ0of719*6{+1uzKWO z4&oM-8akD#(-f^5DQM?hI)@IYI=dsW1Z8}@1uw2r)D^m+oxThe!z&VhS{7qzfF0yi zN*DI)OR%=yJXakO79Oi%)ryT|h#`E@w}tC+4vsraHl~}rAua?fu%rj;-}9|@Cr)FO zf)b;6!^lX^pFROuna%IegVAY+VFvqk;JDK}2LPX`-$ut<%69{bmev>!XT*SUta2gn z6#5xVHCW#iPCdZM{LBAI4NV~zUOMyvLWE{#k(6Lp!!Ok138^f3dSlu59$$OSx~oMT zWu#>W{sfV=p~=uI78^4WH8EV$T9_rYk0{B1*TT|Qu6G?zb?iP(WHCecSVz0{0`pkv zMWVgCw2t*M+pS-{v4aC6HrX= zY9*tvYoBt)_D@Ezol?8Frf|3;j&K@#Gq1u+mxo}n3>JRei>H?TaqwLf9o+q3K~;vz z?6*1lNbj(T>(ep~;cPi|cVo)E08+@llmL`)+SSTy#5NzaEl}vYaNrY-EnziD^QxN zkZv_Ds8r@?E~UK#)DMFQ?UYfr<@Whd~Z?K7EnEpV#zO5dor`1WcM8Q zdwIyRN~oi7@d?qLx?W1l*) z?yHSKrn^u(ccnL-*P7M4$uNl6n-hIl=0TO8)8SSkJeUnTh7tNOuOgJmC1Y6HLN}Dg zFYqqRlky53tE&9F;5P(l4x1*!-=K^KhKZll(+}_db#ZVdU?oLMr`>LES%rD;Y@@=g z`uYXfxR|lt=~?19iGn~x?fN{iokB=`QgBJhMaC$*?(ugslB1b#}$;SVR(Rv;|Z zsu8A0UM1cx@EZzIvSD6W9*TjBJGaN1V;4I^l*{3{XYZ73VLY}%?r*T_gAk-2&|z3S z!%l=#i7(@b`_z6>Moth=p$-kv8WEAlD$$AJ4ysl-jQ5IN$HJ;_%bK<&1c!)?uh%#h zXBmIj7(t=LPij~z_yS6NOr`j#{}Wa{FimV;S{kR`Em08@IQr6AtVLP-xI|6Q?5FA* zi^gmovs}RIi^yoB;pe&B0!z9NGd{f(&AT;111 zJ3kDXf$zuP;#VBMQ7c7ldjY5Wu)En7&W5gusd$kp`+-N25`UyJ?@NrK(4i2(VWb9e zUs|yFJhRM$7cNOdB3y){lRLz7(RR?2*72JROU4WoR5GUQ_OuHI{L3B<53TKDPvWeA zk$7rYVQ|kKNf2?7H_0A4*N^k*I{or!i?q3tRA=>Y&bG{stoOb!%ganOLl*9H8*00) zg~TqkY36rhS~%1G^@DGyy5rO1BNrwXd9vm@n*Ag^iyzo@#}Uc&)6`qC((5btXvw03 zNQ>%&Y!Ql|bwo5a#&nyOh8@sj**`y=YmHoraWqglEM82*<@zg|ESVe&H7>s=pw1Oz z1y^~P@?KIo9DUZ#$p`uZwEXD>5c8Y+n@3T#GRu)$1iw4FZ8{nqw%zKH^b9G{WOiq80%L%Wy}M5N3ET~K6~UAGBnPmh5TB4qrpR#WSE`HF$R z?Yx15FelN#0~XA*>~fjb_t@Zl-S(U%bl<1t(~}Nv8*cj{@jv{Hcx`U@Lykx z%?30eAULG|yvMQb+ZNSN*lYRV9BE~lNy(JLP?_L3_^_$GSXeyvNs`g(iS!~BlbhE`yZ2BQoZxB0&hLPxqH;lg32OL+-mpmSZf$1pMwJ*2@i(p3Udl zm!n+xqkX4sTiQ3bu_2FX4m%3DkN6o?e@fx-R#!PwdIG_zvg2Rm`Kq$M&V2^3P1=?A;zonP$+r z`<8OMczC1r=&_jcQ#=D1hZIyFa8C9V<xO~h;De7wF zmN%z@2H{xrW~mTPdP*SG2nY~taV_TevgK(D2= zy4yuZ&uA#3lfC5#7hjj0R+1~5D-SN`eYY&l$Ig(Oi&Ry5xlVtW3<}h%eN(_+Kc3kx z;8Vu)e04F_+FnGcTF$*HS*Vb?zq}QY+aHzM9rDTozT9T{leCC)Ddb%t)>JTh%8AeE z86>*p-PS7QGro7ZMNEhH|lUi-MWp&xeGdRxPB>wGX!pS~6VhnhNL zHJb_)|BSS>e@R?u0Y^BZdRd(3aM?Wiw>|p2-1nF0+_!x)`w4Y$I`^w-v3jjgCe2~v z@$?mttA+W-uijBj0?#AWW?emlHxEBzyX9B#54bIJ2>DpNbHFYSNNITnoo@edA|I1Pebu>=b!Iyxg2Z0c{&zHl>a@Ie`LSpv6yy!D7y6v zBRabJZUKK2)ra~{;4A|=o0gqOA>$@*bTRw6wZJ%J>l#T#Z-S5SMq-QQDevurXSt_? zKsu|X|DfpFkF@QU^Z8ukqvR`~g4HlH8T6zrDac(YW9qmWMy(~Vov6N-I;t(Q7MdQ= zVBLPXlPww|-~V{BXAOIqpB9yBybJFo*yy-Z=T#|}@@YkSlQ)`!QP)wI@bdAreHurz zqeQcowdAP0{iSbtrlzrVwq{Uww{w;M`26v-ob}fA_ikQqy=O00Qd%4(P&=YEz$f8} ze&MeN21ng1=F8mN4Hjl*^L${}Gqx^OJ4W#Ex=!UNnD){=vfq3BnBroyG;jRkc(t$W zI7z8`OnVoBZ6?@Xzxgl<#GQ4JBVzBCzOJQBZczp1AFQ-i^BfA23XmL0z-E}t&inFs zY@cNpY4JGjI-2eLoVj_J0BTKvnrEY_i`F4~Sk`giTL@K2@x*7{-HV2xrqO;9y%?cP z(y``swy?{3?DG%Wz2*{WaiUoD8l1{E8;f9Cx7DynUW}59eoAy+1 zD5A=p44)Tpfz{pwPV)PgEPB^aw>qY_WrMcI7mv#|rZ)EW=NtSrR`JkrV*W3IgBc&| zTRF{+a(C10xE8l)G5XW^Xg%o|4Rjs???@*qNCPs!gnJ>sy`1+ke>[UT`%3Yn#G z1I^Obq%_Me7R=K!`H6(4LMaYIS>EyWPSf(a*W2ojfcFC3IzwS7)?tAoip+(8Fu1_N z^AK1J*0w)=ic7EMxn>-lpq3-|q`gh}I~po;N1f+%hwI5+#&TZ-EI|ACr!PY4(-$Z2 zIgc~>J>*BV`Y-jR)=Wn6W=1UwGt3Y$#zVjsvq#w0ivp%tT%cRngHBQ#m6YKm8R&U%7l%Up#hY+Dt!Gk2>48rKU}(}?xikc zO}R=Db6N8O{QR||0eu*NSYbPL{AWo{EPbH+HF>7@5Jm!p?n-R`a}W{5grrEIUX z9{gAU6rZXI;>p^DI+(0p>i5ro$xYQ=bft?D9Qhn?T42>xQ7jZG>$^10-Q=<>pku-g2q zqsa`XM({|*2DuH7?3%8%OibiBrp>C`d4AGpXe_BGY}{&Frwu7l^d;<$$Mo8APX4oZ0a*V zOb>$vM{*0reMW;e?umV#!tO)2qoQZa>o57&x=&>tGj9`+P4UXNjyNS7mtx52@pP02 zEk9AE=rlS6&0rJHg(_!9pAONNRS@&MGY~R>1ou>s?rz5`x?BtnzQb-sDpS}@2smD< zPfHmebqM@|#CmO8Vg=L;8}PcmecOZ`uRJ&mzrjd9+xVGXjI{yQ3&;vnMrAVI28Lqj ze&ao$b{QFtC9ls);cwDPhKpf7>b=UKUpZ9}0$D}26D<)75+|}8i8KS*EaWs6X;w?j z8*k^GwRSo#Ix1Qa!g#zrBt_p8LrMw-q5wbpWjy) zy?DYx$JahqYmhq+*aH`yWn-qj*3UFF#{Bpou|UZ04QKNRev$3FIVo86GQ?N!n}t1C z1Uwu)AvSY9E5?>}&-ibyAZJVu> zvm~`H$8b@sm?)6C%}xr5x9$3#hBqhA@dRHSKBCanFS|4wTj-tjd47sYu$7BL@8dAD z01<>udKo=Iv#yVc#dXMqjUH{GB9*bTo26D_sa}z@KT2=qHnzn}`C-VAm?bwt6mf^J zzEs+iX5%?_PGM3F%@y~DteDtgW5zh=`HOJicWsXo8?O6rj-PzYsq^g#e}QEA>ib2bZLv@=(O8U};L}+EE~ilfeO_X@|2XG&<0@xo8!ASvl6tkCN8{X-(SSNC=<3 zoGF14`2B%v#l*Jx_`OH^`*sJ)RLp@Y7|?JAF5&SAT^6wFoDIX9`7JE=PZ%c4 zL)3Qow9y%^Cygcy2wvJM-!6?oy7F7Q)odc3(A%^)TmsKWY{Re7)RJXVEy^0EM(IMh zw>&(!e(NAaNr(cQ_LnaQt8Uf&L856+>qtXv;#=AQI68*hJEzbnGt322c&tthVCNG) z59u+*Q%21L8acbx{5D)Znr-L~uzAchOnQ*eIi60yMYb?j^p9M2+sZ1;IpL}GR4E?G zHraZN51Gv#<3tWLD+c$UxLu?)*}rwF(uEQG94Q|rgt4ZWc(8S^Bj`@SCsivb;SNTN zyg&XX@rfoJy9Fq5VHC#WcI%$Rr!W;r;VOky*LEAqYW28HwNw;1=05J8G^6|dEQCu6 z*DAd=C(G1olr{I$G$K?1r@Xzg1If)KMt&|woNc<=LkdXJ&>hJo!6`J%`v#5s)Qviq zLVl%PW%AZR?lHP0gEG1rLq9F{&-pT2n{?uLRwi=AfO#nGxwc`uvmmi4^p3~22Vm@4Uv45+n2WT~Li*YMZD-h+yR#D`&9wShRlV9gYMFmZjlw1G=$S9=+*N!;NT60Xa_7^l*n!UNkVh64$$;ULI%M=NEjKPZy-S+pFJy8K8-Vt zv^)6YUduZgnlfeNvSG`h!^>>p#ogXMrTr`;Zz!@AzF~BasBzf~;lp;%6O$nF{EgWi9iGG%O<0#o$9H&FSg)OVd4aF&c5OFvGC~xCBPFVC%a#wgwBHs7}Ob z_IeFYh#5KMv!V`tffrZdX|h@3JlqHcqtesQdtmLDOJ4j@+3^E))ygoYWN|Qk1dT(g zym+12-+?}13;nVIU&=H2M;6Qp)hndT2`S6~fxK5i=ompKRaO|OZ0b8g+tHLPll=jWdeOR(8e0P|)@V;aiL1fH8}FyU#*>}(6s)c^VXMy&A9E1Y=A>sx=lhq?sSCyL)qZW zdyQBmV?_RK)fnkg5podim^3*PtO-SYo&_vK=?px@jI?wK5Vo1nB_J0 zc$6l9{t8;-9O^>l7i?ne6OGBaoF#j2qxQyI$>^n1izDvgDAGnKV;HGjWFwGx;D-cM zb5c*H(3fs#aDi=Wj4krT$jI;Ud2K+KdjYLH#(pw*E>)WeSUIEWa6NUMP1PPkMLEVr z{-{dmv(G#vF&4EPR~Q|L*teUo^j%hH$?|&9$5%y##U4171J(6E`3~TyGBvZ0&_sdp zQRFA44Q=JsE{5kG_q+37iN(~wd-QaVBD(*Ad zkd>IGFzm%*G=hi3aCH8t_E?+A0*zy#)a#y8P~Lk6lLM((tvqAW-5&7eURrJsaR#^# zx9*jk7#_!4u6Vy<;D8~nJ|9Ieq3f|cU9@9Pc&-nYV>`xiU`Bn89i#$vk89Wd9iDdd z)Yf#G{LR9Zd1h7r9TX9&X*Ice4pN!$-n5iEO>5k6 z*@zkSZ^|%u;vb{t_@Zv42x&eR!5m|FKcumj$PniBpj>x}P)7=Cd}wp}?V%9(aT!Yb z*#zyG!&+hj!!I0TeCB1<#c-|iNHzsmbzF`4tB?N}zvk>Z0w0>u1_46A+fH~`1X~K& zKGFbUmfrAS94sE(&y@MPqp2Ln?{1j5JdXosjXW3D!yNy!w_tnjBlcyLKO4QvaU)!|)(vEoQ9O@fs%LDvlLGFO12`@jV@A_5#@EVTjt|grA0|xGpx6|_0ZexPCZ&*FJ+AJ@IX9W+(ULRqe zJETMPtJ;nz$>VxAYQ|Y@Lr9Dk4b(QaY>}sk0K6wNv;TP@HhPG6A3qI$ew_TSGksYM z5ruu?>X-_Puago@X8`hXmqur1$9^>Zs`f$P2I9quvNvBK+W3?-bmlg*R;K#_EydX> zmH2M|*nx6_hkhZ-_Tb7GIM5_vJq4Z`HZlpn?O}*61T6}gLj9vuE_$EuM?B67(gkLH z`ApVPT70;;?697FvJuIMZ#L<6*w^KX2t};F1lO;8v2b-z1An>Vw{#OFBP+Nal?oAc z#11H?N`V7(fC{;7$rZG^_Y!l++n|o@-}b2VF(eKC6(YV^Ud$j8)}BFjJENySN2Fb2 zD$a&Yz5&m-{ne5*Js&Z;T)X@r3=6WQM7YHYV!J~$Q9aV(GXA~Y(B`qeZAI%_#|%7% zH24*B`4vy+-iGLPbpLeoE?!iUxy7G74+M|;lqkX5*u^q%dk{4S)jtljw_Ee>PPSSI z4c-HSDG9uQw&7Gd@HgNqR`4WH)3aWz87!eF{Io$FAp69Cj4h ze4g5t7<6g|@Iqn~@Cfn=0zJMLhlZ4U&T7^y+SCJ~JSa)E00!3ejkW@zmp7b*YH`pT zule>kFdTM^6zsvf!&YriMgi3#n5_L6H7Zf$jDK{)(@^p5aYE@ECB+)TA;(BNlB)pp z8dl$PNqi>mQ$7R;pAkBgIrLN5E;eFPQ65RFxTS~=i`<@2Tzr-k93_1iM+$|I3ne-r}lxo+d7G{Du8T0|$g^wPd zIQ4yRF1t_@a@lXnJf+XB-=&M^Yi+{5du(hd?-ILi_NXmBaorczKtv?_6ZEDEf) z)H#9(iZhNhDcuqxF4tn6qAR=geo5I^Q@6lafvImWC(OSy$UWJSU+P=OHU;kW*a=q?Pyay+#17T#t{vH z%OuXm1gBAMCr(BS=+uubF9~d?ziA}Yesiut?<}a&7Le;${r-auhtfFZDFcFI&&~s7 zce#GstX-3sf&WB%w`C>F_!4uIp68(W?tW~pnqBQ~0IJAofrT5zyM0LR1i^PCto^v= zYV6I@#FhR|Vau>rJlwmE6wUwI#gvKLAJ)HD*_60^N10DWkl>i@?cUca)#8ZLj7S68 z5o*EtaLP1)oo#`D-I1c^OP3_)Otr@w7@I)$Kh>%>E3Hm`bIaqz6!jcgAA(BEnWR=4 zy#38U$Din0aq755Vaeu_?2E#ONY3DbWaS1xIt#wK>M+z*O&f%Y^Uq9M_s97z9m zgA}P*+Gc{w210qD)ax6AC5S&Hu-L>Jwr#(NJm8$`=#jESMHfDa--lsVMgTTkfwHG?eskA(B_FkM$VsG zi@D4V(?gR565}ia1-)Ydj&6#^?-K5yJ2`+0p&kRg9(Yb;4uS5C2DZZR?VOPU7MaOB zU!SfKBniqpv9d**Vs1>263c-SOBf}?K=q&ZANRJT*Y88XdLe6 zNgx{M;~!lpRCTvCRGj!ElY}x%g&bhW#iu~BZbZpR18f)<-9O%T>b`>}#pRWEcN=uN zaGM~ndB;Y{PE^(pIE(a(JpB!oS?$wd+iCE}V<;|V#N*`1?SZ`~FV+Jz$akS}(jRar zyxPhzKF-od&%IVb%BMwyLkAZV@V4&@)pkhdH}$~_=lcjRs!FYZTWpCR0&ZI#=s2uy zF1h7?6rvbkC&lm3;peP1uIcdQNYvV76_v`JG@nz6`+5~q#p>db%a}iRXpBEzH)d^c zezq>W4X&Uav1*t$M%iWV079rHZDI?|9nqwwYV2QDe&#z1Y_bdQQfz>5QqK(nfHIg|5*E@3cTr_BL~Q0F*fyy;1xm&e=RfW7jEBS)_K%DHaNW zk_#9;!6_zQ2++}v+-gXKoUCN+OzQki{VdzJWP(F%+ueM;u>=9!4pHiw%snEVW7+q4 z1kgeFrvV3v*rYncF=$M*G_Qh5IRxUH84aG?dWNg!;bx#-9lyso=4jA7SZA%_{3F|! z5segznaZVm)gcFOMa%)V}sK1Y2o(b zAqgckmCypL&;&3q-Q7z-@=QE%^9H7$mRxQ(naKvRg3>J(;}!EA%uMos=#WM#9o$7N zQvl~Bj}u4h?tt63GW0&A_1hbJQhTE$tZ~FVv%0R__FX(2??yeYO&$Aiu`-q_7f0Wc zpPQ~Wit&VfPSeugj&fR()xkw#Ii+1cqo<=UKph@2}4L0 zABp5^)lx;Y)*6`{Xp>Yy_m(0zWrHs>aX~68V}MC2-QLMl${`MIs9U{63gib=AWWfF zP9kl|i!aWlh-NfhHnr=vZ+)o4^cAhdmVO~o2DTmQ0Z%-6)F9S;<*C*#tlOP*ScXc$ z;$PB(KOCjnPXcD5PLTG#OI^aA9Iv)6{c67d_L&!m7PXjVR8M!^e)qIq3p%@wg-2oe zL?vH?ILeKDo8g93Hh`a}c=y{b7H~CCMXu)3rVfxHER4EK>4anwD)Ydh0xh#ERRqJ> zg|Fu3jjF7|{Rm9m(4ES?33yvC%o44H_c9rbK|z&;ufBfo72)gW&_9Jfw^lTTzI{W^ z_l`8C`R$v>bRMQ4S{%lvGZ9Dit&gRC5UXrTWs0dFzJ&KfcR)*7YXXOopD}@Fnbj2kI-K?t2tJL+t$i>R*;s_2QlX1WAxHI>ff}C(9^ugCN%;n}Z zP-u*rbeMOVcfALjy%B3H_-!vk=W_kdfwCnc!RPoEs@NXhTfCoI8f1(eqEA-3L`ZVv z-0;WJB=!0?`M=_^Fj!yOFvBo&dSB1XMb%@jg0YNtvtybzFV12NX|OX@OKL8vyRg6} zcWCRrXR&%tSNkl*o__W4m~zh#eA{jn;QW4$L5<80r5T&c4f zDH;C(ugL&N($Lo`S%Z0@>oWOvIbI}12Y2|YF;wk@T4~BN z0#*1x(+2|HEXp$Ylwc*LxQYIX5M&SWOMbWe%|}y882x^`mQ%gmuX{N00tuN)U5#%~ zf53nT4V^jIPFRuqEa%ke6K!ODVYP5sYcnIzFXwU-Nn_{d@^?6YUlm*>Bqmf8eLum~3qF!?1AO+GRb&{yd&4cJ!MB z7R}M_^cQTJuoULPWsQ22Af580pQwf?sS0u}SK)9>elM{7I4Gh5$>}5&Us7mS@8d2F zbvnPe^o5oOWCvHnls~K={+E)qZxAWB#|saa_?oszM^eMf*O>A>G60*Z%b%501(JaC z8_=au@LRK~{Yv0wHZdM%l?rR}LNHbDKAtnU&Ga*~$!n>`& zwlebDDP*AWQkB*0B6HRg)p!rN)++4~pna7n z_3{ID#TKo|cfr@L^a^`qKBxG;ujv&YI#jQ)8?Uk0Ehq#Q;2@Z!kYh=-)?iU!8w-p# zZA_?F+3>g%hmH?I#OB$7bPU{2fbKr}qV+Z$UbID#VXAYX!EE%PDDy4f$EnO&lDywQ zbX7Bbj|DSMcMvy{&=+sQ6U0_paZV=2h|B4jR~j)__dyQ~LgpjP**t5zWF<6_v6lDW zr?y4t`s0z$7F?gm(@g@%%1@vh}T}-=uq>g$|Ra zz_6li@&OaTx6Y15|9L%cjLGSpTULx$O27GnI^7dm0ghLvyaQJDW9Fmhjbs1qZN&A9 z(K$9Vi2&Cjn9X&SuW)=oHPX$ch4tN3f1I&$*^&iOK}>397qr=n>Woe)0QkPV=bdU6Z+VqFCX*dzj#Ldk(lPy5b@3GBz)!$Yxb zhr-SqY^8!`)7qgtSO24<*;2nb$pK}Y?<t5`_na}uy!z2j&qFo@(|A}R;UK9 z8C92!`k7;Z?QCS23l~cimo;i?tPt!+Fv-xe@0EHem>VSQaE@@7LZ>=bK!a2JNxUth z*NXH2-)Y>|oRQDtP*Iy!rb|g1xiLsc>$+3eWJ%*VM&nuH>7aPqVBe)KV3k<84b4;r z?=lA46MvU_9ikP3`C4?!f^+X)Q!P`>=^d4)PpMWN`)v)PzTCEJi#X4E7zwJBBu3zp zjf{IEzFkwV0K%!{Mew8>fl0E!7EiM}T~up&>}H0d@$c;Qqrpe_?oQ&%l05Um@rnml z9pgf3u>L`z)vq76w@u$}?FnpFJG=t7!~=(&4+Xl4^6OVUyYYm9O$ekpVX2tKLO${v zwnhKzf%?Kdn)b4EoEO~W+m%3Z9fIFTlZXm}tu65ss{$K^?Y&cz~+bC0@5SzY> zidoot%9iL$;?;Lz&27%;lcPqigJ=>@5$8xH4JXrd3<3`qV%?si)lXwgk;-C)`Y9k! zvEdJ>Gc_m@{iicfGgmxrpDeq3NTT)q$u4f!To)!fdLxoTEpbE}2dd4-iHt~YHDM$s zjl@66!+U2DEAqCFJ1bW3djxKl67xFEA1&9$Gmpx8%%*QQkD)!dqHU>HiAn3))EMVEhcukg8IP~>*C?Ka>D5;q zaa;i{W$t!m5@^sbnaPQUu~gqptJGR^{paqRC0PAN3LX|2aoI? zIME!~brc zaO+1y>!_gipMVWq<&|(89i&b|a+Ht~yHC*#{%iSO*}^5vp@AHC2Mlj7LTAP&eI~Fc z>=3X~%;$4wIDj@M7icg>s9%$)w+EyV);3x8_DVRZJ24#bzmg~0g~x3O({jGi+-MHf z9lnx})ny62^?(V7kBGMaVKEt>bJ1qoLs}!cks&B(@*{FbR9XKQkPP(78We#^)tg+8 zw8z=7Dz-5%JfCZId+L+i#m*>Hw43CA_WI*+ETg%k1tN2E!v0u8xG3_hi2T$TTi{=RWlbh8WSCJo7&MGN2t``BeLr2-0k+?)l68nu^-&2<`{)@~!__w!L7F zdGJ+&qlUmxJXiEi{j;}6%qQWPLJ~ovS_J%8AaEF+6Pb9q&=e^fY!7)sMiUoBH^~~e zw2sgU1JBAy_S@jdk028ry3Gyy_oB@7kU;x|hQxsI(}(W!O?a=ldA-A$>7j=>OF#TN z2meWU=oIt^U#Y-z*m;lhriLi*jj`y5jgNyrZZV5aetWI_HBH@rCEeFAv)3m@iV6n1 zhJL7F?tcg)i5+O7mLVqiTz9?n{uf4UXN5Vvo9-$vnaa!a=X z@o~v}%h_B{Uwse_3H_+wY4tYH4@^;7^)=sfyyU^`c293UN6bsA&! zV(d(2@xyw_jYN$=xX=TsZ(=jKeeP7sGup-gx6+3tGO&CtGS`L6QJ(XcWVs?~kX0aYE)@s) zFu&S$r{+nbMG&T+lPH8T>6bMnE{4GNx$cU@j)XysDKFLXx$5e}+V6j$Fx7|nx5{=I z2423~Y=h(h!AhYkS?Rw<(>StQdA{)MxyQIcyNSBE(U)sA@_o^$>k;I)O8NmiSMuy# z)7tDuXUX1bx-46kt_#Wdo`_KX7{_2 zEXD@y>~93o2CoE575ZJEuQxWpM^jQCx-vo`dK$KVbWSUktjy_6Xh*q|sAymOIa3T| zu-?ms#Zk&>#;IQHjT2X}j~2k25JOi`FYJzLTL%p%G3|NyOdL&jt#kAWgaGLpxgQ|h zzsFI^!ZOJ@(!Kc|>igH>=2Y^fjt{)O|kp}Nh^RPo@(&0TC)X`Hc6(vggC$h zf#Ilu731FjL&)*pLgI+@b+3s1o z=CqN2nDTG%3>tyoUr7isF5~$(5C>rAko-$F-w5bc)4o}F5BbapZ~|;Tmj8=M_HV3{ z-`}zGD%TMGH}=g^gyiq|*gMNo{&7F}f8EcYPy3SQ4bZ9Y@BK0!%V%}}!}Y?1l=v&g zgh|Ei{{|HaX`#dO-U12swyRaWK+5*7bd{!>K6iyf{HdpZUju;V(C-eJj+SnVS3(** z8y(R95a!6(-M93^eb?-$7d9pJzz!=eSlbi^soHIG_dJ!zS5i zMKrViaLLr345SYhbbxcei|5t{>kXPa01sP%V@B z&pQF2E-Xkh9RzGTlRu_JCHIafnMf|zOFsPFvr8Ny5g~ruGqTmc#{Ms4+X6b^u?Kiy z3jh!7@2mQi1PSpuCN%E?nF(+x1kCL=Yqpmb8irg>?q&bt3;luS38Srhp~+-;R?#Yb z7wREPKn;Wcx_XyHwtl-L?E*luq;CEvEY3udgy;_>%jCZySyk`foR27r{ zW|Z0h+3YVbF{TzxYM6jh``z?90uxyvW}nQQ*W=AX%NM6aw1dijuh{SKVj>WH(8=Ed zt`O@gwJfHeMg&xLF?C%q0?Iv9Q`-wfk6EUaP z!+U@!s-%|#(iAP+^6AUE&k+2lFkch@i*oh%2SoLoxL~z(V^b@?r~BifSquek$Ry9$ z3(_`&DKTkZp`7*%3SWvZ7*5uq2+^yb|C??HD3ob5Db&AcHIIx3gTG|2I0V0|Z<9{$&ub1Zt@Mirfym;Y8Mz=~K8f=I8bsN%rJ)pXn&vvJrN+DT+M;Mft( z>B{Ab$Mh5P{3wm^b((*Cb`+F^IZ^6Ss}Tr4?6q*9Xf{_3h3Zks z0e$k)M2LjEEyJXPRtq2aXu(md|KvK77^4l){P}2+;H-y#A=={J`dy{xzQNate`{b9 z@y`+cQ*-^5t^b06{^N%*8ek!y{bG;)fBe5dUp$>!{Qu>q|J!rX&>%S)V4)R&{p)|b z Date: Wed, 28 Dec 2022 12:00:28 +0000 Subject: [PATCH 05/12] Patch/issue1162 - duplicate of PR 1163 (#1165) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * blinQ: Fix issue 1162, add parameter minimalSeverity to template definition in deployment definition for policy definition Deploy-ASC-SecurityContacts * Remove double brakets ]] * Update policy version * Update What's New * Update PR template to reference contribution guidance * Auto-update Portal experience [krowlandson/fc93df70] Co-authored-by: Hein Tonny Køien Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> --- .github/PULL_REQUEST_TEMPLATE.md | 1 + docs/wiki/Whats-new.md | 1 + .../policyDefinitions/policies.json | 4 ++-- .../Deploy-ASC-SecurityContacts.json | 11 ++++++++++- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index ca01ef32b4..995c609667 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -37,5 +37,6 @@ The below URLs can be updated where the placeholders are, look for `{YOUR GITHUB - [ ] Associated it with relevant [issues](https://github.com/Azure/Enterprise-Scale/issues), for tracking and closure. - [ ] Ensured my code/branch is up-to-date with the latest changes in the `main` [branch](https://github.com/Azure/Enterprise-Scale/tree/main) - [ ] Performed testing and provided evidence. +- [ ] Ensured [contribution guidance](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Contribution-Guide) is followed. - [ ] Updated relevant and associated documentation. - [ ] Updated the ["What's New?"](https://github.com/Azure/Enterprise-Scale/wiki/Whats-new) wiki page (located: `/docs/wiki/whats-new.md`) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index d140261e97..de4e5b49a3 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -80,6 +80,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Removed all exclusions (parameters) from the Microsoft Cloud Security Benchmark (currently Azure Security Benchmark) initiative assignment to standardize across reference architectures and align with best practice. Impacted assignment: Deploy-ASC-Monitoring - Updated "**Deploy Diagnostic Settings for Data Factory to Log Analytics workspace" to include new categories of: `SandboxPipelineRuns` & `SandboxActivityRuns` +- Add missing `minimalSeverity` parameter to `Deploy-ASC-SecurityContacts` Policy Definition #### Tooling diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json index 04f51f5f59..8fa28d2acb 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "10588324334232217896" + "templateHash": "14671775947006134177" } }, "parameters": { @@ -87,7 +87,7 @@ "$fxv#21": "{\n \"name\": \"Deny-VNET-Peer-Cross-Sub\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deny vNet peering cross subscription.\",\n \"description\": \"This policy denies the creation of vNet Peerings outside of the same subscriptions under the assigned scope.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"\n },\n {\n \"field\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\n \"notcontains\": \"[[subscription().id]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#22": "{\n \"name\": \"Deny-VNET-Peering-To-Non-Approved-VNETs\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deny vNet peering to non-approved vNets\",\n \"description\": \"This policy denies the creation of vNet Peerings to non-approved vNets under the assigned scope.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"allowedVnets\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"Allowed vNets to peer with\",\n \"description\": \"Array of allowed vNets that can be peered with. Must be entered using their resource ID. Example: /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}\"\n },\n \"defaultValue\": []\n }\n },\n \"policyRule\": {\n \"if\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\n \"in\": \"[[parameters('allowedVnets')]\"\n }\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks\"\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*].remoteVirtualNetwork.id\",\n \"in\": \"[[parameters('allowedVnets')]\"\n }\n },\n {\n \"not\": {\n \"field\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*].remoteVirtualNetwork.id\",\n \"exists\": false\n }\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#23": "{\n \"name\": \"Deny-VNet-Peering\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deny vNet peering \",\n \"description\": \"This policy denies the creation of vNet Peerings under the assigned scope.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Deny\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", - "$fxv#24": "{\n \"name\": \"Deploy-ASC-SecurityContacts\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Microsoft Defender for Cloud Security Contacts\",\n \"description\": \"Deploy Microsoft Defender for Cloud Security Contacts\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Security Center\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Security contacts email address\",\n \"description\": \"Provide email address for Azure Security Center contact details\"\n }\n },\n \"effect\": {\n \"type\": \"string\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"string\",\n \"defaultValue\": \"High\",\n \"allowedValues\": [\n \"High\",\n \"Medium\",\n \"Low\"\n ],\n \"metadata\": {\n \"displayName\": \"Minimal severity\",\n \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Security/securityContacts\",\n \"deploymentScope\": \"subscription\",\n \"existenceScope\": \"subscription\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Security/securityContacts/email\",\n \"contains\": \"[[parameters('emailSecurityContact')]\"\n },\n {\n \"field\": \"Microsoft.Security/securityContacts/alertNotifications.minimalSeverity\",\n \"contains\": \"[[parameters('minimalSeverity')]\"\n },\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Security/securityContacts\"\n },\n {\n \"field\": \"Microsoft.Security/securityContacts/alertNotifications\",\n \"equals\": \"On\"\n },\n {\n \"field\": \"Microsoft.Security/securityContacts/alertsToAdmins\",\n \"equals\": \"On\"\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"value\": \"[[parameters('emailSecurityContact')]\"\n }\n },\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"Security contacts email address\"\n }\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Security/securityContacts\",\n \"name\": \"default\",\n \"apiVersion\": \"2020-01-01-preview\",\n \"properties\": {\n \"emails\": \"[[parameters('emailSecurityContact')]\",\n \"notificationsByRole\": {\n \"state\": \"On\",\n \"roles\": [\n \"Owner\"\n ]\n },\n \"alertNotifications\": {\n \"state\": \"On\",\n \"minimalSeverity\": \"[[parameters('minimalSeverity')]\"\n }\n }\n }\n ],\n \"outputs\": {}\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#24": "{\n \"name\": \"Deploy-ASC-SecurityContacts\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Microsoft Defender for Cloud Security Contacts\",\n \"description\": \"Deploy Microsoft Defender for Cloud Security Contacts\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Security Center\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"displayName\": \"Security contacts email address\",\n \"description\": \"Provide email address for Azure Security Center contact details\"\n }\n },\n \"effect\": {\n \"type\": \"string\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"string\",\n \"defaultValue\": \"High\",\n \"allowedValues\": [\n \"High\",\n \"Medium\",\n \"Low\"\n ],\n \"metadata\": {\n \"displayName\": \"Minimal severity\",\n \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Security/securityContacts\",\n \"deploymentScope\": \"subscription\",\n \"existenceScope\": \"subscription\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Security/securityContacts/email\",\n \"contains\": \"[[parameters('emailSecurityContact')]\"\n },\n {\n \"field\": \"Microsoft.Security/securityContacts/alertNotifications.minimalSeverity\",\n \"contains\": \"[[parameters('minimalSeverity')]\"\n },\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Security/securityContacts\"\n },\n {\n \"field\": \"Microsoft.Security/securityContacts/alertNotifications\",\n \"equals\": \"On\"\n },\n {\n \"field\": \"Microsoft.Security/securityContacts/alertsToAdmins\",\n \"equals\": \"On\"\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"value\": \"[[parameters('emailSecurityContact')]\"\n },\n \"minimalSeverity\": {\n \"value\": \"[[parameters('minimalSeverity')]\"\n }\n },\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"emailSecurityContact\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"Security contacts email address\"\n }\n },\n \"minimalSeverity\": {\n \"type\": \"string\",\n \"metadata\": {\n \"description\": \"Minimal severity level reported\"\n }\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Security/securityContacts\",\n \"name\": \"default\",\n \"apiVersion\": \"2020-01-01-preview\",\n \"properties\": {\n \"emails\": \"[[parameters('emailSecurityContact')]\",\n \"notificationsByRole\": {\n \"state\": \"On\",\n \"roles\": [\n \"Owner\"\n ]\n },\n \"alertNotifications\": {\n \"state\": \"On\",\n \"minimalSeverity\": \"[[parameters('minimalSeverity')]\"\n }\n }\n }\n ],\n \"outputs\": {}\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#25": "{\n \"name\": \"Deploy-Custom-Route-Table\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy a route table with specific user defined routes\",\n \"description\": \"Deploys a route table with specific user defined routes when one does not exist. The route table deployed by the policy must be manually associated to subnet(s)\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"requiredRoutes\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"requiredRoutes\",\n \"description\": \"Routes that must exist in compliant route tables deployed by this policy\"\n }\n },\n \"vnetRegion\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"vnetRegion\",\n \"description\": \"Only VNets in this region will be evaluated against this policy\"\n }\n },\n \"routeTableName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"routeTableName\",\n \"description\": \"Name of the route table automatically deployed by this policy\"\n }\n },\n \"disableBgpPropagation\": {\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"DisableBgpPropagation\",\n \"description\": \"Disable BGP Propagation\"\n },\n \"defaultValue\": false\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks\"\n },\n {\n \"field\": \"location\",\n \"equals\": \"[[parameters('vnetRegion')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/routeTables\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"name\",\n \"equals\": \"[[parameters('routeTableName')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Network/routeTables/routes[*]\",\n \"where\": {\n \"value\": \"[[concat(current('Microsoft.Network/routeTables/routes[*].addressPrefix'), ';', current('Microsoft.Network/routeTables/routes[*].nextHopType'), if(equals(toLower(current('Microsoft.Network/routeTables/routes[*].nextHopType')),'virtualappliance'), concat(';', current('Microsoft.Network/routeTables/routes[*].nextHopIpAddress')), ''))]\",\n \"in\": \"[[parameters('requiredRoutes')]\"\n }\n },\n \"equals\": \"[[length(parameters('requiredRoutes'))]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/subscriptions/e867a45d-e513-44ac-931e-4741cef80b24/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"routeTableName\": {\n \"type\": \"string\"\n },\n \"vnetRegion\": {\n \"type\": \"string\"\n },\n \"requiredRoutes\": {\n \"type\": \"array\"\n },\n \"disableBgpPropagation\": {\n \"type\": \"bool\"\n }\n },\n \"variables\": {\n \"copyLoop\": [\n {\n \"name\": \"routes\",\n \"count\": \"[[[length(parameters('requiredRoutes'))]\",\n \"input\": {\n \"name\": \"[[[concat('route-',copyIndex('routes'))]\",\n \"properties\": {\n \"addressPrefix\": \"[[[split(parameters('requiredRoutes')[copyIndex('routes')], ';')[0]]\",\n \"nextHopType\": \"[[[split(parameters('requiredRoutes')[copyIndex('routes')], ';')[1]]\",\n \"nextHopIpAddress\": \"[[[if(equals(toLower(split(parameters('requiredRoutes')[copyIndex('routes')], ';')[1]),'virtualappliance'),split(parameters('requiredRoutes')[copyIndex('routes')], ';')[2], null())]\"\n }\n }\n }\n ]\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"routeTableDepl\",\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"routeTableName\": {\n \"type\": \"string\"\n },\n \"vnetRegion\": {\n \"type\": \"string\"\n },\n \"requiredRoutes\": {\n \"type\": \"array\"\n },\n \"disableBgpPropagation\": {\n \"type\": \"bool\"\n }\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/routeTables\",\n \"apiVersion\": \"2021-02-01\",\n \"name\": \"[[[parameters('routeTableName')]\",\n \"location\": \"[[[parameters('vnetRegion')]\",\n \"properties\": {\n \"disableBgpRoutePropagation\": \"[[[parameters('disableBgpPropagation')]\",\n \"copy\": \"[[variables('copyLoop')]\"\n }\n }\n ]\n },\n \"parameters\": {\n \"routeTableName\": {\n \"value\": \"[[parameters('routeTableName')]\"\n },\n \"vnetRegion\": {\n \"value\": \"[[parameters('vnetRegion')]\"\n },\n \"requiredRoutes\": {\n \"value\": \"[[parameters('requiredRoutes')]\"\n },\n \"disableBgpPropagation\": {\n \"value\": \"[[parameters('disableBgpPropagation')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"routeTableName\": {\n \"value\": \"[[parameters('routeTableName')]\"\n },\n \"vnetRegion\": {\n \"value\": \"[[parameters('vnetRegion')]\"\n },\n \"requiredRoutes\": {\n \"value\": \"[[parameters('requiredRoutes')]\"\n },\n \"disableBgpPropagation\": {\n \"value\": \"[[parameters('disableBgpPropagation')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#26": "{\n \"name\": \"Deploy-DDoSProtection\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy an Azure DDoS Network Protection\",\n \"description\": \"Deploys an Azure DDoS Network Protection\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Network\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"ddosName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"ddosName\",\n \"description\": \"DDoSVnet\"\n }\n },\n \"ddosRegion\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"ddosRegion\",\n \"description\": \"DDoSVnet location\",\n \"strongType\": \"location\"\n }\n },\n \"rgName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"rgName\",\n \"description\": \"Provide name for resource group.\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Network/ddosProtectionPlans\",\n \"deploymentScope\": \"subscription\",\n \"existenceScope\": \"resourceGroup\",\n \"resourceGroupName\": \"[[parameters('rgName')]\",\n \"name\": \"[[parameters('ddosName')]\",\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n ],\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"Incremental\",\n \"parameters\": {\n \"rgName\": {\n \"value\": \"[[parameters('rgName')]\"\n },\n \"ddosname\": {\n \"value\": \"[[parameters('ddosname')]\"\n },\n \"ddosregion\": {\n \"value\": \"[[parameters('ddosRegion')]\"\n }\n },\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"rgName\": {\n \"type\": \"String\"\n },\n \"ddosname\": {\n \"type\": \"String\"\n },\n \"ddosRegion\": {\n \"type\": \"String\"\n }\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2018-05-01\",\n \"name\": \"[[parameters('rgName')]\",\n \"location\": \"[[deployment().location]\",\n \"properties\": {}\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2018-05-01\",\n \"name\": \"ddosprotection\",\n \"resourceGroup\": \"[[parameters('rgName')]\",\n \"dependsOn\": [\n \"[[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/ddosProtectionPlans\",\n \"apiVersion\": \"2019-12-01\",\n \"name\": \"[[parameters('ddosName')]\",\n \"location\": \"[[parameters('ddosRegion')]\",\n \"properties\": {}\n }\n ],\n \"outputs\": {}\n }\n }\n }\n ],\n \"outputs\": {}\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#27": "{\n \"name\": \"Deploy-Diagnostics-AA\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Automation/automationAccounts\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"[[parameters('profileName')]\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Automation/automationAccounts/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"timeGrain\": null,\n \"enabled\": \"[[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ],\n \"logs\": [\n {\n \"category\": \"JobLogs\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"JobStreams\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"DscNodeStatus\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"AuditEvent\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[[parameters('metricsEnabled')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts.json index e478d4e294..b8241b9948 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts.json @@ -9,7 +9,7 @@ "displayName": "Deploy Microsoft Defender for Cloud Security Contacts", "description": "Deploy Microsoft Defender for Cloud Security Contacts", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Security Center", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -101,6 +101,9 @@ "parameters": { "emailSecurityContact": { "value": "[[parameters('emailSecurityContact')]" + }, + "minimalSeverity": { + "value": "[[parameters('minimalSeverity')]" } }, "template": { @@ -112,6 +115,12 @@ "metadata": { "description": "Security contacts email address" } + }, + "minimalSeverity": { + "type": "string", + "metadata": { + "description": "Minimal severity level reported" + } } }, "variables": {}, From a4de71690dbffba52c4ed6f2991afc5e68edf3ff Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Tue, 3 Jan 2023 14:22:31 +0000 Subject: [PATCH 06/12] Update Version Fixing #1166 (#1168) --- docs/wiki/ALZ-Policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/wiki/ALZ-Policies.md b/docs/wiki/ALZ-Policies.md index f2cf5659b8..428357f81b 100644 --- a/docs/wiki/ALZ-Policies.md +++ b/docs/wiki/ALZ-Policies.md @@ -64,7 +64,7 @@ The table below provides the specific **Custom** and **Built-in** **policy defin | Assignment Name | Definition Name | Policy Type | Description | Effect(s) | Version | | -------------------------------------------------------------------------- | -------------------------------------------------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- | ------- | | **Deploy Microsoft Defender for Cloud configuration** | **Deploy Microsoft Defender for Cloud configuration** | `Policy Definition Set`, **Custom** | Configures all the MDFC settings, such as Microsoft Defender for Cloud per individual service, security contacts, and export from MDFC to Log Analytics workspace | DeployIfNotExists | 3.0.0 | -| **Deploy-Resource-Diag** | **Deploy Diagnostic Settings to Azure Services** | `Policy Definition Set`, **Custom** | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. | DeployIfNotExists | 1.0.0 | +| **Deploy-Resource-Diag** | **Deploy Diagnostic Settings to Azure Services** | `Policy Definition Set`, **Custom** | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. | DeployIfNotExists | 2.0.0 | | **Enable Monitoring in Azure Security Center** | **Azure Security Benchmark** | `Policy Definition Set`, **Built-in** | The Microsoft Cloud Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft Cloud Security Benchmark v1, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. | Audit, AuditIfNotExists, Disabled | 49.0.0 | | **Enable Azure Monitor for VMs** | **Enable Azure Monitor for VMs** | `Policy Definition Set`, **Built-in** | Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter | DeployIfNotExists, AuditIfNotExists | 2.0.0 | | **Enable Azure Monitor for Virtual Machine Scale Sets** | **Enable Azure Monitor for Virtual Machine Scale Sets** | `Policy Definition Set`, **Built-in** | Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | DeployIfNotExists, AuditIfNotExists | 1.0.1 | From 1816c81e22ef5d17277ba800d8eca24cc307de95 Mon Sep 17 00:00:00 2001 From: JamJarchitect <53943045+JamJarchitect@users.noreply.github.com> Date: Wed, 4 Jan 2023 10:06:03 +0000 Subject: [PATCH 07/12] Issue #672 - Fix SQL Vulnerability Assessment Policy (#1167) * Added RBAC role to write to blob * added storage account contributor rbac for keys * added to whats new * Auto-update Portal experience [JamJarchitect/36543943] * updated patch version of policy and whats new * Auto-update Portal experience [JamJarchitect/a4de7169] Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> --- docs/wiki/Whats-new.md | 9 ++++++++- .../policyDefinitions/policies.json | 4 ++-- .../Deploy-Sql-vulnerabilityAssessments.json | 9 +++++---- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index de4e5b49a3..6250537c05 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -2,7 +2,7 @@ - [In this Section](#in-this-section) - [Updates](#updates) - + - [January 2023](#january-2023) - [December 2022](#december-2022) - [November 2022](#november-2022) - [October 2022](#october-2022) @@ -49,6 +49,13 @@ This article will be updated as and when changes are made to the above and anyth Here's what's changed in Enterprise Scale/Azure Landing Zones: +### January 2023 + +#### Policy + +- Updated `Deploy-SQLVulnerabilityAssessments.json` policy to use Storage Account Contributor for storing the logs. +- Updated the same policy parameter description for email recipients explaining string type and how to format input. + ### December 2022 #### Docs diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json index 8fa28d2acb..9a4d7a0a54 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "14671775947006134177" + "templateHash": "17200151245285049244" } }, "parameters": { @@ -156,7 +156,7 @@ "$fxv#84": "{\n \"name\": \"Deploy-SQL-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"SQL servers deploys a specific min TLS version requirement.\",\n \"description\": \"Deploys a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect SQL servers\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version SQL servers\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for SQL server\",\n \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers\"\n },\n {\n \"field\": \"Microsoft.Sql/servers/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/minimalTlsVersion\",\n \"equals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Sql/servers\",\n \"apiVersion\": \"2019-06-01-preview\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('minimalTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#85": "{\n \"name\": \"Deploy-Sql-SecurityAlertPolicies\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"emailAddresses\":{\n \"type\":\"Array\",\n \"defaultValue\":[\n \"admin@contoso.com\",\n \"admin@fabrikam.com\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers/databases\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers/databases/securityAlertPolicies\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/databases/securityAlertPolicies/state\",\n \"equals\": \"Enabled\"\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"location\": {\n \"type\": \"String\"\n },\n \"sqlServerName\": {\n \"type\": \"String\"\n },\n \"sqlServerDataBaseName\": {\n \"type\": \"String\"\n },\n \"emailAddresses\": {\n \"type\": \"Array\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"name\": \"[[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\n \"type\": \"Microsoft.Sql/servers/databases/securityAlertPolicies\",\n \"apiVersion\": \"2018-06-01-preview\",\n \"properties\": {\n \"state\": \"Enabled\",\n \"disabledAlerts\": [\n \"\"\n ],\n \"emailAddresses\": \"[[parameters('emailAddresses')]\",\n \"emailAccountAdmins\": true,\n \"storageEndpoint\": null,\n \"storageAccountAccessKey\": \"\",\n \"retentionDays\": 0\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"sqlServerName\": {\n \"value\": \"[[first(split(field('fullname'),'/'))]\"\n },\n \"sqlServerDataBaseName\": {\n \"value\": \"[[field('name')]\"\n },\n \"emailAddresses\":{\n \"value\": \"[[parameters('emailAddresses')]\"\n }\n }\n }\n },\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\n ]\n }\n }\n }\n }\n}\n", "$fxv#86": "{\n \"name\": \"Deploy-Sql-Tde\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy SQL Database Transparent Data Encryption\",\n \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"excludedDatabases\": {\n \"type\": \"Array\",\n \"metadata\":{\n \"displayName\": \"Excluded Databases\",\n \"description\": \"Array of databases that are excluded from this policy\"\n },\n \"defaultValue\": [\n \"master\",\n \"model\",\n \"tempdb\",\n \"msdb\",\n \"resource\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers/databases\"\n },\n {\n \"field\": \"name\",\n \"notIn\": \"[[parameters('excludedDatabases')]\"\n\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\n \"equals\": \"Enabled\"\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"location\": {\n \"type\": \"String\"\n },\n \"sqlServerName\": {\n \"type\": \"String\"\n },\n \"sqlServerDataBaseName\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"name\": \"[[concat( parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/current')]\",\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\n \"apiVersion\": \"2014-04-01\",\n \"properties\": {\n \"status\": \"Enabled\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"sqlServerName\": {\n \"value\": \"[[first(split(field('fullname'),'/'))]\"\n },\n \"sqlServerDataBaseName\": {\n \"value\": \"[[field('name')]\"\n }\n }\n }\n },\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\n ]\n }\n }\n }\n }\n}", - "$fxv#87": "{\n \"name\": \"Deploy-Sql-vulnerabilityAssessments\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific storage account in the parameters\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"vulnerabilityAssessmentsEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"description\": \"The email address to send alerts\",\n \"displayName\": \"The email address to send alerts\"\n }\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"type\": \"String\",\n \"metadata\": {\n \"description\": \"The storage account ID to store assessments\",\n \"displayName\": \"The storage account ID to store assessments\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers/databases\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails\",\n \"equals\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n },\n {\n \"field\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled\",\n \"equals\": true\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"location\": {\n \"type\": \"String\"\n },\n \"sqlServerName\": {\n \"type\": \"String\"\n },\n \"sqlServerDataBaseName\": {\n \"type\": \"String\"\n },\n \"vulnerabilityAssessmentsEmail\": {\n \"type\": \"String\"\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"name\": \"[[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\n \"type\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments\",\n \"apiVersion\": \"2017-03-01-preview\",\n \"properties\": {\n \"storageContainerPath\": \"[[concat('https://', last( split(parameters('vulnerabilityAssessmentsStorageID') , '/') ) , '.blob.core.windows.net/vulneraabilitylogs')]\",\n \"storageAccountAccessKey\": \"[[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]\",\n \"recurringScans\": {\n \"isEnabled\": true,\n \"emailSubscriptionAdmins\": false,\n \"emails\": [\n \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n ]\n }\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"sqlServerName\": {\n \"value\": \"[[first(split(field('fullname'),'/'))]\"\n },\n \"sqlServerDataBaseName\": {\n \"value\": \"[[field('name')]\"\n },\n \"vulnerabilityAssessmentsEmail\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n }\n }\n }\n },\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\n \"/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\"\n ]\n }\n }\n }\n }\n}\n", + "$fxv#87": "{\n \"name\": \"Deploy-Sql-vulnerabilityAssessments\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific storage account in the parameters\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"vulnerabilityAssessmentsEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"description\": \"The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'\",\n \"displayName\": \"The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'\"\n }\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"type\": \"String\",\n \"metadata\": {\n \"description\": \"The storage account ID to store assessments\",\n \"displayName\": \"The storage account ID to store assessments\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/servers/databases\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails\",\n \"equals\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n },\n {\n \"field\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled\",\n \"equals\": true\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"location\": {\n \"type\": \"String\"\n },\n \"sqlServerName\": {\n \"type\": \"String\"\n },\n \"sqlServerDataBaseName\": {\n \"type\": \"String\"\n },\n \"vulnerabilityAssessmentsEmail\": {\n \"type\": \"String\"\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"name\": \"[[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\n \"type\": \"Microsoft.Sql/servers/databases/vulnerabilityAssessments\",\n \"apiVersion\": \"2017-03-01-preview\",\n \"properties\": {\n \"storageContainerPath\": \"[[concat('https://', last( split(parameters('vulnerabilityAssessmentsStorageID') , '/') ) , '.blob.core.windows.net/vulneraabilitylogs')]\",\n \"storageAccountAccessKey\": \"[[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]\",\n \"recurringScans\": {\n \"isEnabled\": true,\n \"emailSubscriptionAdmins\": false,\n \"emails\": [\n \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n ]\n }\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"sqlServerName\": {\n \"value\": \"[[first(split(field('fullname'),'/'))]\"\n },\n \"sqlServerDataBaseName\": {\n \"value\": \"[[field('name')]\"\n },\n \"vulnerabilityAssessmentsEmail\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n },\n \"vulnerabilityAssessmentsStorageID\": {\n \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n }\n }\n }\n },\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\n \"/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\n ]\n }\n }\n }\n }\n}\n", "$fxv#88": "{\n \"name\": \"Deploy-SqlMi-minTLS\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"SQL managed instances deploy a specific min TLS version requirement.\",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect SQL servers\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version SQL servers\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"1.2\",\n \"allowedValues\": [\n \"1.2\",\n \"1.1\",\n \"1.0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version for SQL server\",\n \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Sql/managedInstances\"\n },\n {\n \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Sql/managedInstances\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n \"equals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Sql/managedInstances\",\n \"apiVersion\": \"2020-02-02-preview\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimalTlsVersion\": {\n \"value\": \"[[parameters('minimalTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#89": "{\n \"name\": \"Deploy-Storage-sslEnforcement\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS \",\n \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Storage\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect Azure Storage\",\n \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure STorage\"\n }\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_1\",\n \"TLS1_0\"\n ],\n \"metadata\": {\n \"displayName\": \"Select TLS version for Azure Storage server\",\n \"description\": \"Select version minimum TLS version Azure STorage to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n \"notEquals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n \"notEquals\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Storage/storageAccounts\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n \"equals\": \"[[parameters('minimumTlsVersion')]\"\n }\n ]\n },\n \"name\": \"current\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"minimumTlsVersion\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Storage/storageAccounts\",\n \"apiVersion\": \"2019-06-01\",\n \"name\": \"[[concat(parameters('resourceName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"properties\": {\n \"supportsHttpsTrafficOnly\": true,\n \"minimumTlsVersion\": \"[[parameters('minimumTlsVersion')]\"\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"minimumTlsVersion\": {\n \"value\": \"[[parameters('minimumTlsVersion')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#9": "{\n \"name\": \"Deny-MySql-http\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"MySQL database servers enforce SSL connections.\",\n \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"SQL\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureChinaCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"Deny\",\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"minimalTlsVersion\": {\n \"type\": \"String\",\n \"defaultValue\": \"TLS1_2\",\n \"allowedValues\": [\n \"TLS1_2\",\n \"TLS1_0\",\n \"TLS1_1\",\n \"TLSEnforcementDisabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Select version minimum TLS for MySQL server\",\n \"description\": \"Select version minimum TLS version Azure Database for MySQL server to enforce\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DBforMySQL/servers\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n \"exists\": \"false\"\n },\n {\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\n \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments.json index b10a34b80d..861f44cd0c 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments.json @@ -9,7 +9,7 @@ "displayName": "Deploy SQL Database vulnerability Assessments", "description": "Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific storage account in the parameters", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -22,8 +22,8 @@ "vulnerabilityAssessmentsEmail": { "type": "String", "metadata": { - "description": "The email address to send alerts", - "displayName": "The email address to send alerts" + "description": "The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'", + "displayName": "The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'" } }, "vulnerabilityAssessmentsStorageID": { @@ -132,7 +132,8 @@ }, "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3", - "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa" + "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa", + "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab" ] } } From 94e4a3b79cf278c39286f0a7a4ede7ee652df13c Mon Sep 17 00:00:00 2001 From: Robert Lightner <49571483+DaFitRobsta@users.noreply.github.com> Date: Thu, 19 Jan 2023 07:22:30 -0700 Subject: [PATCH 08/12] Low level document for updating ALZ custom policies (#1154) * feat: 1st draft of updating alz custom policies * Auto-update Portal experience [DaFitRobsta/18993f93] * fix: Grammatical suggestions * fix: updated wiki based on Jan's feedback. Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> --- docs/wiki/_Sidebar.md | 4 + ....1.update-alz-custom-policy-def-search.png | Bin 0 -> 43507 bytes .../1.2.update-alz-custom-policy-def-name.png | Bin 0 -> 48971 bytes ...1.update-alz-custom-policy-assignments.png | Bin 0 -> 52747 bytes ...e-alz-custom-policy-delete-assignments.png | Bin 0 -> 35878 bytes .../2.3.update-alz-custom-policy-search.png | Bin 0 -> 42991 bytes .../2.4.update-alz-custom-policy-search.png | Bin 0 -> 54617 bytes .../media/AzGovViz-ALZ-Policy-outDated.png | Bin 0 -> 86188 bytes .../update-alz-custom-policies-to-latest.md | 280 ++++++++++++++++++ 9 files changed, 284 insertions(+) create mode 100644 docs/wiki/media/1.1.update-alz-custom-policy-def-search.png create mode 100644 docs/wiki/media/1.2.update-alz-custom-policy-def-name.png create mode 100644 docs/wiki/media/2.1.update-alz-custom-policy-assignments.png create mode 100644 docs/wiki/media/2.2.update-alz-custom-policy-delete-assignments.png create mode 100644 docs/wiki/media/2.3.update-alz-custom-policy-search.png create mode 100644 docs/wiki/media/2.4.update-alz-custom-policy-search.png create mode 100644 docs/wiki/media/AzGovViz-ALZ-Policy-outDated.png create mode 100644 docs/wiki/update-alz-custom-policies-to-latest.md diff --git a/docs/wiki/_Sidebar.md b/docs/wiki/_Sidebar.md index 7be1e37c54..7ba347e5d4 100644 --- a/docs/wiki/_Sidebar.md +++ b/docs/wiki/_Sidebar.md @@ -35,6 +35,10 @@ * [ARM template repository](./Create-Landingzones#arm-template-repository) * [Create a new landing zone (subscriptions)](./Create-Landingzones#create-a-new-landing-zone-subscriptions) * [Azure Landing Zones Deprecated Services](./ALZ-Deprecated-Services) +* Azure Landing Zone (ALZ) Policies + * [Policies included in Azure landing zones reference implementations](./ALZ-Policies) + * [Migrate Azure landing zones custom policies to Azure built-in policies](./migrate-alz-policies-to-builtin) + * [Updating Azure landing zones custom policies to latest](./update-alz-custom-policies-to-latest) * [Contributing](./ALZ-Contribution-Guide) * [Reporting Bugs](./ALZ-Contribution-Guide.md#reporting-bugs) * [Feature Requests](./ALZ-Contribution-Guide.md#feature-requests) diff --git a/docs/wiki/media/1.1.update-alz-custom-policy-def-search.png b/docs/wiki/media/1.1.update-alz-custom-policy-def-search.png new file mode 100644 index 0000000000000000000000000000000000000000..722fcafa27df45b139a761166f94375ef8d5e10b GIT binary patch literal 43507 zcmce-cT`hb^e!4i;0PiXih_WJj({RXK$=LG-Xt{XCG_4w5mBlF0qMOHLJu7jrAj9W zB=i;_1f+Mko1^F6@y2-n+%bOd?J)v7d#~)Z_MG3EYtC=Z^+{b-o|2rN90USUDk{9x z1c69=Kp>)ue@KBV!lpG=z`rZb3i@s!(6t{IA0jCCH3r}!nY*HjEZNf4t8@Ync7Bn) z0fFv;6kkefd#A2V`uL9`o6k3eADBKRSGE7=MvuCqV#S9?mz&r=vc9eS^o46o=n3hk z1Pmz47Y6&9RSgdE{Uqh*(2Ke~0gL8LxvqYHllH;=NSa%Gtkm=`1Rg3pmZIJ|Hc$A) z5+@$l-G)E(Uigx<;o6_HA@npuWO`slLr+hS9T?Qb5p2@%9ZmV?90aOnmNx!-{@eVr z57D3VwwN0WB!4eU%6+E$dwO#Ff41=w^xlTQTc~b}lY>CO;<0X@u%360Qih1Siz@mw z|D`z7Y1bicrN(c|k|3*c-rKsf$8OCsUOTYUdZKKCGTyO@`#WC47iBvh#0?P+PEI;w zUM)FUGOgoF9<7X{2IsE@UVhUvD(ZP^f=5X*e_`RN8z0PfrJb<1*%tl#TD(rVkn)t1 zQ_i00W&`<{vl5xb%O)Oq>1j_Cn1jGrMIPcm4TJL!tJyaaYv=@zf0|doUixD#AbF{RUuY)LZ}P2kMG%s_4`CGhQRG6 zdryX9;&$dJ7^sDf39CbRb+E_O;n+|WVxelAr*?&))^7vIqxmT3{wlMxY!2b6!-7sj z(3;e#&xRt7KYEwe;rUQL`T~`}F*7_^Uw~A)Eoj79Gt&Z2dy}u5YkIpK%S|nMn&8k-|YzfxmqL z%}qa>8lwr@r%on|hWljM#2&QEVZb)ustIvj}t#hTqS+#AU#vN=L#z-8X5{>bkM<&qTiwop}J{kKx_S( zRV+p{&Y`3`^)J|qTT%bWNX1$Dg3+e$Dq4*zQgs)T;5z;%so%+VUGnSx3am{PKWc1G-F5fQXk*{v#e*J@?GN=zHnp@94G5N;mzI}ra5$bET!TL4FGO5O zti}E}J$z+EE96qj^o|OQTk+vlBKkobISsQU`}Q|G)@brIb+Nxw?SK!S2eJ9|P<$hbJ~J8qs5k^5Qr}&9 z83AC{t!^&M$L5yfeesjWVKsiB3KC(4oy~%p2Ci*$Ty;idqwWCfhibc1I+L-?y3Kh5 zXm*z1J9vZU#+2kM#M$9Tx50Ybhw$MNN&4(FB0T|y$i3=ywGN{azZ^1!N|LvJ3Jtb4 zCNZ3hf2C^3WSa;wR#hwSSTKsz)+!p^oCU+?A|0_HDKW@Qy z=}UgCd#n>ee&M;W>s3%-$h*YhL^tK>BziL&SR{U+#-*((eo@df|g0b=NH0IaPXCsZf zKC+vxvIBjaj~_~X_|h&Y>Yr>@pgLO3AVV`)^_05|y0~w9r0AJ+$tkrsx3NrDUrn*n z4*$?=S&t;^XvJ;3VWT5B8o4z~KPh%jCCYUC{_JQ}yT+5M#!LK<5;B{4tL`~HRfQJq zr1A6kvCA`9N#xKd&(UCtzIFSWYSD5p!4^da{fhIWHn$(ofO6!ntrPfXo1&Q?4fPM- zB=|ejr_(1D$|r~y|G2?O(ICp`qt)8W8^8X0iQ>;6#TZL+JH+HMU zaW+NR{e^h4>mjL+d0-Y@Msof)T#2^sUQ%>o^6tqh4;So9k1O-=_bk4Z-Fj2wBGES% zm1lKN$GI)N>ai-mE~fM9)`TY!zsA+L@RU^veG-|K9(>#nv*+I$}kp46}s@11v@@EBAM@k z#}$dx4C!TJDu5xaY}4o26PDb?RdcFwz|N#G^WV0#pI&}4QR ziJy+AQtTzmCQj8`)>AnPil*fDmd~-tDP`UH{)(Ez4W~UHZOYq1?VvPYYnB%KxT@p3 zzz>Tuq#t&wjD(!mysoH$bL{R-cRx_{f(@Tb&=<%VEOv1p4V6w8X%GKk_gq=wd<&cW zC+(5c6G;VB7hPb%yEH$`v~lmp{P=0N>XU(SjJ~}N?2^UDk7)7zb3;X8B;QIyA4^eN ze5Oqt%TL?x1RbTT36HoRK$DHmC%!o}?Af(%oM+;uE4skuaLCyJlzJpn2WrLhwLzPN za~y+sY#2pG=+&@`H=n7ufboItdk3&K;$BGktz8u6ZW6;?nNMB?D|@fabIiLo8{$v| zy$*y@wZ|kq%m)(IqpJ9}ea_?flxp=GXGh2JbcInykQPZ0pH@w7@XX_%Dn9D1uWxq- zJO2@Q;`P?BUA zlCS{v+0)S{g0!at0k&WRF!oJ@PTt0XjnkIdPq`nqt5LCwGK%oUlHWL&aEEfmo-;?? zA{I{LP2oeXHi+<=SU8>?x_*>h-boNi=I2+}{QLponZhgxk?x4&y5kmhGw8W4GS8`}2@+As z)TMWLzOeEoC0VTODt(%eTC+~sccg)ZMqPexlujWFXDN;J2pC$XJks2XDAaw+ALtal z&TxYxjccTzU=Uwp6M=f=`-1QJ6XbSqPytVmlH!oTTP=@cqit$GfA|!pT81I8-XIUj zhmY~PGr3w>T4zu+Zb|-6w3ZpT=@O*JlCullzt*h8)N#0IrHP-mV zoo>!}M=?E6tf@R{k!WM^9tk-j1WjiBCL+@GNUF7vEGiXN(l%(2qdH-Gg-!pc*C)EO)k|Rf%JMcwRUJAalhoKQPc-lptp?*r% z*xcYoYsehv@O2@nyb@QTrcTYmm{i_)Ey3>9VI1n*-add2B}>(FvaJu^OH~v>G-Vyj zDZRbnwlnfice25Sv>{_Z1Wv0}ikSCSiy~e7`g=xtZg(>Is!LApim4dygd3lprX&Z9 z+`W@xD5-r5Ct3KZk^{0!t1kd{Taqm72=EXunQ|Nkq^xj*%I-AWhulj;`W~mPS_z}mCYZvE}l?aS%sgx+ZRK`Qq)v32|> z!m5!|al(6NVgi)~x#mt>+*sNf$~smpzS87^F;h~KYyW7^e0J^&d}J^%VHr_|bnF{0 z$s;()?e0k~7g0IHL~)M$ZnnnZ@#I2WOJ%QECv8%gpSjdpVg1UJDZ(d-z48uy@pUYr zc2kiROiqjYQFdvbJMm>xS-2n*w#fquaRU7eG&emivTCVn?59YXu%s^sQSn{~pky_B^`f z+i_>6hT)0)_Ihltut(c&otRFUrefB^s9hrC#fb67ipAV)SG-x8ltV$K}Hj;tXFi6y^twmgNpir>M+?5U3Xh8}LW zr%?5iM(UV_!%&!sG|`z#MJ0+~T#32gK853Hi96Hcc*q^JZ9Y3F!Sd7%Sbv_~la^Ck zxgz(TQ&;ow?52n6nxMAJm-M3*ddtZ8Tz;sYhmvd*qev!WC+j41%pJZOT#@Xn7p%RV zPcD9<{@CT04OOR1@Q0|o+(o*J?8SI?Dh3$mY3`PX+G^05aT$gpZS#R>W?7kA!r$OT zJ`h^=4SVU`ynx@V8RBhe50wb%F@MjXHl2dZ=MRcpiQ3-3xHzjnk)&vq#dwV~%YCr* z=5CmdPK_`9GH|MzC+K8nJ!JNCg8H5jhsGI0t(2R0kG6r6g-HpImTgw9MizM`q5xwD zF+T;_Ow-7S?Knc1|#c$?qMs?lQKk5X- z4KDlio_V~8wK!SIEGrRMqVwG>vZY`1o~lAzB5qVO3(>tpTkwM+uRx*{>Z4b|??_() zvM&DcY%);U?_FOSyq3enN-^t}yl{^XgG4~O8L1z*m)FKySV?&3i5`MK#@%`$Md$}F zDqvrrb!WekMc zYlM=V-*Eo4huD|fM(RyONba2vk!N%g1cC!E|v{R#X&oWu3aQ{YA}#Y zn}X__1!Qg@$)Vb>!TDgp$rMDBJv>+4D8Pdqi5@VBeaPGw~8Oxiq zNy!?uocotIm~oTn?)E!7(Zkf2yoM)xak`gFcURqte=a7S6+-EYY*H5UqQRdW!u^M; zX*_o4_RP?Tj2va3K2&=$N($ zStlx!53Y&L8C-qiHyP?mFx+z!-_5c(8P7=;&kfXlGiDR2%r#b{hg6|;{&f3B0hUbJ zx34su!5+chSf zww_I959EuzHjGy%8xw(3F5pT(IxvqCPH@h5`CatIt=c9WwqZ#?nXJA&@6q^nqoi0( zr{w6XEc}d3ma5sRH_YzUasACO0ln80I+M^W&Qq2mU6Oo#rBkP>N1eqE9y$p{_l^@W zzfD7+sl?^T;+cVxUDc@EKsN!wjxfb*yracU2Q)m&$$4RJy%vBy(an8d&-c_KIkw=k z0#@Y+*~?n&c>8(l8=cwJMGSb{66Tnve#e}3C0HrC#ub`ws+7uH03r+y|AbiB-bS{l zm%-G&R?m6|o8hL1W}o*U^ZayH?|(J)+pEq6g$B0cW`q97!abW;4XwU=NJlR+=lgSV z$0%kSer>Iw=*p9x^J7VE;D%930Xj!Y#edCG-1WY!ngd*ST&%ZdCT%e)fxq8hj(eSI zohco&qS-?JxI9YoP;cWy%%p9*Il0Wk0VwEM!k3k|keIct=+tgDN;E{8KAkpM( zGTn3OqFd>Sn|>n#E-y3tnWsy5HeOr6t_*fnBYpF4Y3hw8EG^4RzDhJ*@cub%rkz== zQyWm_$yB7<#*?J9wMg|xP@rXZ0Q1;JFSx3He(%mxyS-Z})K4c%1^JwGv+`b|=oN`0 z>F?Yr81Lp(id;@@swB!;vOP`krfI4Gi#P#J-bWbLdZxT0JT1QPhm+rH+XZdb$pbO~ z)GVRgwn|^aLYo$}llD0wxx6V6EJMSd+zFbZ?jfs%cg{aI?8icjng6o2Z68v ze(QH?H@*DW4OQ*NDid#w<G7vFWg;&qjQA-B}*w#jhExd8q!Rj=A| zfE#=qol7M5)88qbmVGjZ^PyNln8VChk)E%{C4J0msFD&d1@idK{AZJ1=i*A~3!F38 z{=9n-DyOWhte=6zDZnqK<3rdo5OGZA)2;JCS$@8Zw)Z^EPdGjq)hE0Fh3xci6pgN3xabr1G1`AcIvJrxYAnMpmH_A3Gi<(9(1{Rf z`{NIS+JbH@?E2MIHhp;*!Lpl@Gk)ui_TO7|sRt}w2A1NmZCtCJ>)GM9Nl}k)1BJmt zm|clZK(S%yK;FvRHCIKV@Bjgo$fCc&rlE0z|4hx7haU=0yeov7YGs~$c}No&GURaf zHs~&j>}N*Te^)ztGG8pFH*3!i%t+3er9WSr25z|7mXnDrXg6YzE z_EOB|RG_|uXz3@!ONCg^buL{aqqKasA2z@5T}tR%nN-t^qP~8&V4Q+^v`Nu4`xf7y z$2cGUOG@LS-XU6=Rm|IE+zG)geY{>X%walpt=h5Fw?s5^TE&{i7bPVM zwl4ko63qPYujdT{1^y}#@!6+l*4PM6PXjLX`O@#mU7MMK}($qNRCofs&R!bWC-raMkjdkOtZ0On1 zQOSSVi9x%x^s=n{{0|_$LDi5KFP2IESf^m2m7Vk^&@-44(Gh|DD)B!^G=!mjcxA;)3)x zEtN*^tgN`4mA`GKuGq@x8S~DLFu3rH>;B+Iz6a(P7Sg38=)(dE^eD&S}J z&xrv4=|W%47@%sCwj^{=k=L93&L3ZVcp?QkHV@53UAMSR1WPR0g;qAJaoP)bPtdX} zYQkL>UOp{s)~bKUqsspmmz(dq1e&^6O5LcI&{+qrpO4+3dmbSwwtYr0$}$2UX1aKH0_%ij zv)m`>$-Q?_I{1EyL9f6Ffu;2;V6Hgbeu3(8i#mQogag1n!WqjPN^V+y&YgJ)d!%Gv z|6Qqy_LX?4k8A|ZRKjjU+oJQMKL4}AJ!rPNVWpKI)14H$Uqf_ z=JEW?lcE)2{(N@Tl7OH$7|w0K}OjpG^ZfoL4>>f+lUBRDAurnW7A8!6Sr> ztOy}T&CuM>{Z70yiDwBZ+=~66ji&?8VPQpV1{J<9MwQ!Pt>$Pv$QZjSYNm4L z$7tJ~=Wp+=Y3QOFF^6g4yX8~|-fsb7x~6XM#?>C|R77PsK4hk^eqxUd7(95X%AJz< z$h~}3dY*c5Sn+{fhkGK(=}Wq@vKAPeJUq;VW=kZBi8x#Mnx0?HnvyF1HsUNkzf;(; z5{64%2dgHhyAkRt&+Cs|&t7hky7NVYHXNQ>H;{M}6B7qaR3#C=wgs?!10*5M*PGOgHHHbKhzYRnOFQW@*(LYRhFuRd zVmiB&!(d>E((PdyLKlmw@hz3a5Cq5Yk37d6)7+0e5}7HYPqmsR+RxzAwHNbmpzjNL zf?egj=L+dD%E3>>QIF5KY`I8TC-ZKeXpg5pd{zj7T&e$+AFce!ygP23k4ekw#G@y& zRkfXzl;fb7TW}%Sxc?9y;Eg$aCRz;_4`{!ahtploBQ|j_bli`>T#J8)ZSfMBqHi%q z2izfeiZurqEMibbzmKPdBx;}6S;SBx@U=LIy#Zt4vx1MGB^-?T9^}Sc(@urRN0CNl zP#09@q$A`bj@w-xjU~E?d4d~ZT!u?NJd8I0RW|)(m!A6gEnsJTmOf@14DGa6kMHO% z?Gz`~~b>o>-fXBs#$cEzzCD$ zyDMaduiZwVz8oXtEdlskZ3IZFB>@KIj{ruYQ5##SCCaIm%NHGbH?JjeW+H|^iGHz2 z;Fn=u06sSFHCD)W0^gs_$a@U=lu+Eq2e>JJY60wQ%XGqDmj)Q{)06;SA!fR;)B51O z1&#f*QL9nJcJ+N$=~=s@+cxjbyK{^z1(WHX4$e0<$<#h?!k%wLVt0!Erm~2W+@D(Jb0_XT=|7T5r0l2;Hffs({u0fZ(*znT9P1&~cQ} zVU>xXpS?(LBTEcrL}mW^;18Z?yeF=pWSO2;+$okVy2>G`mOzzgZknGp)MCun>4Kc7 zwJQ&xNLW2oZHNZmBolJLV$>ciAr4rhKybtSQ_Bt$TxuY&GFsY~e&(EQutFu|URN=x z1>X-+(gG(>Y;Ud$_m;jq6&-F_&g6(u7VxsDSa@l$d;L}Sb<7>|I8kD3~^$+d&_ITcFQS7OqQ|DKkDlg4NU%?B3mN zylnYEv-%|)p{%-96(H@+qYr1p)xMyrD+Bsgj?ATFV{4|q;P}0p*gAN1^h0xn7Ii4~ zI$m^|AD`Lv+1nEa=T>cs+N%|}SW4BRJrR4h)l_PkFbZzz+P>*65 zMvI&SX>`XCDSMLq%d#nJYGzLfA}Q_AivGgo#J=GyejXqD3gzIDMeiyTrv%s}5B}FC zrddc{5x<9anw@#sr~GL&dhREA%;(%^JoSw=*mF$@p%<2seNLS|m?ofdL3<*4s_7>U zPM`saU*Hhr>O6avc3cBC?7GsmKx<-EM0D+UaeF#J!fWZ$M z_fp!Iqf-CT6SNx5P=+e1qTA`8<+D^ekc%@}WeE3uQ==>SM(tZUi$<%lmD;%T_tMUh zU+cY?ka8LZX7s!ha({}le$s86W|4;cii66B>Fc3}d_Y1xf@q`BVd>Q=kFZ`)Zyypc z@T*y2OnbdkO;b>~rPjlmUuTbO(_q5+yM{jbQb<~iebLs^?X3cWfbll@KuPjQC|WBi^ef7pd6dVq zu9Vzqx3>RL_nojSrb73(X$YwgI zxtaL9Ap6#cppomwI6m8Ke%`m~xkibeyhw&5`c*y6;?+gc^OuJ_&^h+o+m`U8tztoOU0en^KNQ2F z2;gV1{4G)Jf~T;?=!`@-y&-cdR?|*-{W6dVMvXDPdF30?iI6g^6LibZLeox81v zWTtTpGs&w?bh(5dWq$J)+n=hZ;lgMQdEamR{A8Yb4&47q1+$R#DzmWxz^kIBheypN zV&dIF87lmw*VLvfu5{8Mn4L6zG3_YRFKMNKh<4%UI=Csz3q&dO#wqW^1%R^rAMi{19ymfqW z@+Augrk{VLXBnb8-IDEq$&`z_v z(+()F1$7jB)C`Amv-$>qpj<<4eWxU0=Ni$rnkHi$X9nB_mVJj64V(ivfK7KQBUBt( zD;P2P;Fh4fV)F1==ac&{KlKJW^d^;X^qC|Sb|&U>_C4|Y%mbAfCEl)KC%EJ_TN<$2 zy?Wa0PNsr}CwAwhUT5V^nX2$4Hu`mA8JgSHCWXNLzV}Rn8=*jvk8!kwf_?B#IlFV! z7RuQHR&{goxg0vW#q! z(*g14!kP?gJ}-?fJb_*ARjghHWQU*jOE#<0;6hGD`Rwor*z9MY&|zGSB21Ga6Qx@}c9ER+XvjW>4=ruFp{dR|L^ zQs}Yu>Dy_HEmSU#{)|g6EyYfP(lN z)`NtcOKBOF5#0SNun?rL&~$P9GLdg>nr$bb{NVmUOL3o==UarbV)8cD;(3J1v6N*y zQT5=RldacM2;?G>@d4D@`s#4@>kuGzS)D@ncx29{ve>#SFw4H*89F1GwlfL8h_y3s zc^tMuK!e6-G-Fj!2`!~n{-hs(rhE9EdrlW5M0R#|RRjqy1v?klDBMKSMEEa_ z6qq|QA~?Z6>vx35!;ACt^Q$6Ad3{cgc1L(_wczjt;PUfIBJlmgV7;64kb_8mGhli7!2>%^*-#w$hg99BrdDrx}$C=Lm zcSZaMeAgI1Ww@w}Ga5ii)4)VwhlGzurcoP<9(r&0L(E8n0h}otvB6 z*7&(K=aDikN9t2rI!r!&oOQUy2mv8AzsMH>?Q`^ z$GB~kCPW>5$R{yDj;m~P0kImJQw+LR=M(=y!;|2|3oKk5%TuD_Mj=Q$E&W2MHH0RKE3ebpEl8-Bt8$@Z3Ulf@vS110b%Sl~^hb0dC8{2d{=x{!dgM~y<*Gf4!lVpxL zj&C)k*}mB;LNyKfG)w}$r`BpOQ$%ao#{-#w2m_W7%?fD;SCv-wq%swink60rbs-7> zqr>s=Z-Q1Sv3}Sxsc?}Wm(MNArKu0+(W`c2^doTFFM{1hXqvyz8MjpZTC5Z()~cPU zHcy|ghury#t3gs@s;%_%)pwq!B}z2~swI1)wlqv7!(M))tK;`p(4;FhTXsn?8K~c9 z&0rH7mvo^Y9gwDi>Z=#t?O4_%^xpuIasx@G4)gO=i0kOR2b7I*0wp$pUtn_lZzPh~ zR^nQ%#YW)9z#|*)E{ZJaS3eZf-;DAlHvq!CFgC}E#ClaF72#g`=f<~mT3dDtsTmCN z+xKt@`>yc<_nUU%{~Ms*;$6qEl1uJxZ6wIRy?Q&zDz2tZz2bkCb7XafGt`v3W#B^- zPS>>iLL(fwy?^{>BNd~7K0)nuJ?1s82)l;$8v@t(H43<-N^|w2_$^nNm33Amo1*_6)1#h zZ0Z0N^A`2v3mXO;!Kh6o)u|8bcO=xO30N6AUX<-lCd552HzC-r!Gv&slJCiGMp+QcQctI&Qp(#tKtFR3gz0Gl;@HwUgY5Iim=IwG_fz} z^=KsS>lbb4$KSZYwT%HHg3?dvh;h#Fe$TY)?B;p#&+hA!Y(SNvVKr_q-|0q+m8S7w zGaz*x2mb?tXXIYA~2_ay+->Ty_n{CYK z*W7}X%=8GAXW=M%Q^VtpeQYUnq5ErS@mQ9S4z<{X^$I(0{peV>M`b3wtOm!lzW<^&>D-s**lm)0|*fR-`oFvc?58xL;A$EVFna2QbR0uGi8J`mQmbSTUuJ0Ud*!; zu$ayIJi)4(Ktb--i$A~leFskF!>F42EK93EmGjY~Qto2nLB;=;5_cyf+69uCjQ{gJ zP2x8_2qcB(9Kx)O2$&xUz{G9*n)crGLehTqjz<1+5FLM&1mgrazG`WtP*Ofz;}aZ9 z1WLT;yLHJX!DMFvhGEm{sXA)gJn3J=d{wf$op~%)YBm*={L1&SJBwT}1o`*tWn`4pcE`JFdm+5j zfNqf&YbnTG0q9+m+}&-@D(RhloYGe9O73@oK?D!+AlDP{=VtA=kh=o}aX0L5OSfO2 z-@t3GNj<$*HWV2)J;6JJmiOlrT+E-ZE#M6AWIL-kVH_ua^Dd2o0a(7oa>R*BEvU2I0NVd*8V9T~wdoK^V zm^L_#xK3^!DPwdOzb^TVMViw-`*$}r;U zVfF@2bHdE&R%){|#?d*CaJ%1kg|s>y3dqpa&MLpv2fhhLY08aZ{3~hD_Xn_-mql5@ z$G@NObU6+(2-{SySCM(EEm`_Lb9$cU7QLc!cSHwk;rgq0B0sk26=M5Wb9x7^jMFIv zw)U!O>X*GUuM7SeuU=nZpyQFhyPu@H50#rF`gt0fvR^!LUj;od3;0by@}sSlkdiNi#-K7%k1y03pF!sAi&1$`n^*L2=bxQyyY~xvy-Ku!HFwT-sHD_9G4d5D8O&pZ#HR|r9I&@L@;|tTFEkT& zKy~DOYVh!noSK;5YIk&b8^1~H$k4f%_j6!CB_oD}H{&hcvOdiD@We2vOa&$7$CY^G zN^ASkO>uv}?}?-2+9ePs0&vqLh1KH{G4HCQd@pI!tOoE5zrgY2m?oz_Ru?_cgSn^h zhECQhV2oZfSJ%7w1PtV6b~j+}ICBj#=nucc-Zdd30(k z-@pAtPB=y+KL>Wg|BTK2%Tt<{V|Dt&UvgBg)}pA7MKacJo-pnb^L&OldnTm2 za>>1vh2@2(br8&BA` z`JrpWDS@v(;40Oa04tb!=-@Yf86*&Ok1tqR>GdiF`18uaR(^hKuu!V8hjwSj)!o}O zP(xx>sNH1OEC>U$OEC@%NLW{ex~m%r&w0h!i+}x|`ZhC8)R#q0#u5KMTmDpv!uYU6 ziG`*~Lb;+yg>RMiVDC`qo28R>>iWS9EA|*xaBtc5DAACKE$ttV=2H0U4_<-gbN4KY6O+iySNL2R1n5QGJcM{M!bMBq^h=8yAm;_DJ zMXtoVO=RcAP&-~aTZ60GzYff~UT46~DYxGVc`$Ar3K6kzzN+HSg>pubDH^1BX|l&K zyEQ`c0VSrBSJ*CnWx9O>pAN6Okm00=-jjLrou&5mkozrb{sWE;E%zJGi-kR@iU!_N z8mfYU*ZXn!+NX3d&ud+gW}Vl*>2n%k!h^HGE~R#}g#=_Qt7Z&3a~P!(U~x;fdM5Fe zOOB#45#vV_y3(T3TjO~YBlxgaXg|6@Sebsz=ICoAorUXZwwHBjb&p0F?3MiQpD65X zXY!LttuzoO-}ER>-`8ryD)Ei=*Y#dw7OftEKId2T^RCLa1-A>k-K=ao+DCSlzRLFK zi;g-tzFxHwuL=a8!b%8bt)}9&{G@U}R$uGBb?kRkH;Y4Om5s4U^^&qZLUw$E2(<6s zWvWsTQ6{s?q^)n(n{p|Ds7`g@Uc_~}4_YLpOMp!}zsmZuJ(S~XtiCUwq?9hvCy^)U zg?-QIIc5eJ?gsdL3ej&#o`68dIsdE5MrHT=2L_%r%=drouoSzjlE7)eyZFOKde4Hd z`5q{kW%s|>*xiJN2B^Y#k?1xR-T@l~QtW_UbrmU$-c=ih1?NM7b?}`_3ZBe;OXI@v zo4m3D_!=Pp!Ud-RyRN&wvzK6V2``G$ifdOEA4Uj7fPl!h?)~R7ATDmB`?GkLQ##9( zU-|tjy#VW@=MzG$KAj4z}UDi7*^>KtS+1BNm&eLIld}ZFc?L#N-E;GYLf2OZx6@ zAZ1#U2G!i;HmCmGkC#ZCLFz-LKY-6Ee#%d}8~1}w1LUwjAQPtD6qM1QE{@0NgP3*+ zSiKuxhK^7lZ$vHmJOp-Wm;~w+bWWA5>`5E#_`PrOo;}Whf2AroB z+wr>F)q_?^cJW0flM@BlAg0c|pAhM(ryg|fGbgqI_?|#|_dG(TM8JA!EY*g_E;2yJ zD@&Dl)FdOFQ1TP;-n--uh}Y%k@%~DGU&3~w9@lyGxe^zof{Bsb2$7grmH7#ozQ*6!_|GV@7E@#hlaS(W0)mLJd6kVd6ivtcIqtS7|H$oJPOmh%5i$QeL6 zLf{PZI=V?CD#PX_@weCTwIBzty*2%oH`xXZ)Hh$KA=sSHE=}QJkn4YCp_blwF^(*N z=3L&XBpTZRI8J~bNxToIY|`~#uXdl!UTtY9JhfI`MaWAIbDIR_m*li?BNZDs(nRPp zfqeXi6c4SXtSlF1*C{lQ2Cr|a8l$aSp{&ULpynQW)!*^LVQ+ZUhOHBK&}=dsTCvhM zFuwT*6m6^>5OE(bouK>(6BBjdUA6ajWsm10R>xZrKt6qRd_;V-v6CkJpOujo@;_w4 zzj?~{=Gi(+G>w)z2dq=aw0{w1-!vSDIG6x7w;=V38=Z#^*^j4bntc^LG?A^oEBzbB zBmMM`dXgJtZXwoy3I)7-$W6M2y%rC`N(!%Ao;esOZ%|-ZlH(FRC2>%Q(YCAAexsy* zu^r1o89lQ`V|Y=iu~T!di@e(O1@mE4HY*ze)re;| z_kGv1?soZ8Q0Z@)FJSXuBRxr^#~8{*j@@Q^0yo&6ua{-J4%h|bs2+2%OYDp0&F9rc z63?24^9Zw1n1}lNcgsx5yz8@Zyn6maW}#SYrIrsy&jNzaap|RL_N-Grn<3pD8xgSw zASScvYEU+tt;64y?pG%T9>zHQDHj4|8f+@5O*NKXK|0AesT&4`7^qEQ-<9dDw%u2{ zcDMLx#{SxCiK!dyDa#d*jT&$&%(7=xJUYDvNH0C91yUYZ1Jg(u=?-fej+9-BoUC;g#c z-b7FsA6cDt&G`wT;~C;D?cu7w(_TP512DC`GF-eGPLg$*r)~G^WZNuzxW#?Qc2{$x zn~!Y#XFQ7kIjrUCM=BJL1nnSpCj^7EVZdHs#*&3W)5M9!*&YrI{HlID4OFl7)i+I* zXz*$+7^ot#@&h40NVm%?SVk8(65*E6%7##f#y5&eVD#h3_uK|CGnDM2Y3s?}Uvv~-ggb{5EHk_3f~;#A~dUQ^@49*_9= zps#!|*5_XYD>y22@E3G^Ks5Ws7AN1=+jj|6s-r!+2_tNjc%p{4Ws*Sw2WP7=H-=@+ zS~na0x5uMPt?fq%1ktz+i6<9y1Iol>Vk)sQ&TPNYjq<6U?ewo&+F|DmR>W#D#MW8Q zEiu5@_8n{_`8W__t;jS@cCpopYkvz?zmja2kiVp@{Zcul238CF|2j%HQyAVWtz3Y^@Kphi)y3nQ^z1<9~n{iF#??s zeyEa-&f{|KK8>ZaTgs8(uk6x7B)_9ewOFIH+EnH}!<_$W0TO^R1o|dVd8rapwK*WU z=FLl7=l}Q!^49dptJU_mreV&kK-Gp;cea)R#mR83oQ7Ru;jUsUQXFc2G>){d1A+_QX9O~ zugD7zn*4ojqI=DtqGM2%<7eh(++6jnIO0aQ`@!ejwdV-)?50O1inqRBa7-jvFX5wf z8=ryQ=;fpBOUsT;Obfd|{L8_ggxz!5o$4-sa`_l>d(4#87Yfvw=K$r{1gcbF6XQ?X?vq3n&yBqO`sQt1UE>(W9gL zxzxKe=6OFgTe>%Wc}4vS%&2v?38+mIe)2ne4G~*omD#!HaJ}uE8fPn`^p2m6Mfjk6 zN~jE{J3sJGdcR4@uRS7g8m`D(N*5=(!cW(D)q8bo5ncH`@ERRJ%Z}!8sYh!v;%W>; zDDhrEZG!34pf zd6SwUJX+8$oKikfbxk%h2Ae@?fsZ#sCxU*Bq<6lGO=7t<1;@`lcfo&#tsw7Q1VAZ}x=t~RFykc~%=pgk0 z0s9V<@J4C$6&~Nmjb7>#RTBov&CL1h;%T9{fcJ2z$sh^Tkw?t1irvwAy^CgJbW=^#c8KS5Qow-jADcE>9>`^ujB&j8BE2 zkjl!5{H;<{!h_?F)+UVPc;)J*E@!?g?q&q01)jq?>4(R=+8f&g4qBr5o60&m31wSX z%}oaqbf0~A_yeLlZm6G6pCHC}jm>gOWE?g`C+SkQpz-B$r<-I7blpqU*!-vcF|-d= zHTF>QNm8=Gn<47Xh7C?>{Yfc8joKK{;-Ra!6 z<{n+=b_>tiADrp~Lx-s%#}I*233ZQL-42Cm;I%q{s- zXb09K@w^wDY|ika+ApTq(@7VTKeR_0VSOeC=^dSW%=k3Zttb%wS|9xr8}uWfLTCGX zeIiU;DQMssPi*TJM006a9GpZjR-M$bIa3}s>|ACrk>sc9(b5?=%(JP~U7wm4zdG0w z6p=+XtYq0ZEkJ7t>Gi0!WT05^d-*Qr)O%NHym8!N{jBF5U7pB?FV{MJd(ZCaVfk&t zn#>~f~`!Zn_`)wtM;XKqtZ+xy9qkFH-CL%B*^o;nlp zf7N+CqfwrLLeuEbCD-Ro8AMFR@5iQ5d`a7W7vXClKSMt={@5V*$@mfS_V|G5_y*;O z;Bz@w$yOt*wpEN3`J8eTqqQ032KqU<|>zn&&{&(~tf7JsfC00f^AcyA@Z& z%H%fw14qBNSexG;0RvwU58m;(Vz6@iY|YdwQgtAj726_J(=kwoP+$N)178H!R0NbNy|+L@4M-p$BE5$adZY#jA+!)kNH~vQdB4AP?mB0! zd;h$9tt=AqWIy|vJ$q*M%x7jl>&x5QjF$Awinzjopi@@Aa-qF5Ul6liEGMMteJ02; zT*z|GzV5AM2|b`(1Zg8^gKG$}5!94+TFK>@7h8Isc0ERJ(rVu))J|33`Q_uUw7-TC zztcY;$psg0*LaAiJE8P-8cS+0TvY6!o;EKx+3kC|p8MCqC17Yd zjOoBVbG!3vBQy12B@$1H@lEoJzZqnWfahZ8?X3S7A=xl42FWL zGCZi%wO`|Je+cfeiMJR$X*_A(mpa?959aUR;vCYkhe#=l(t>v8Hu_HgaO1lzBPD@C7LISK+c z53=vyQ9BPsJFwNV7YJ_oby!4BOx?irJ-}=m#Zy_Q)ud$uVV?`WO%qQR9ZqzhrY~i| zt^jPV_;#Ro^XX7t2<@#~ZmYG_INg*P^EZwKQ*#qO>3Q{KxS-Z9zYM;%cuMFOirRM6?h)(Q;ajjhf5_nuN) z&a#rmb4_D0asITestnTSwW!GFDUl%=@9KT4Xi0~D4g#;ac20XS*0j|M2*w*MG%hTn zl7)h@ph6GWh(%{tS-M~+!xq&0z`t}G4I$51GxfWxEe?LxnKc%e#Rj_?G=a>#Hy%KH zF7a?yGGlk7-c4;TxPhFa+l1FK747gy_IuAmt^C~U3a}DdYSGtqomMEP&t3?tIMDD2 zG;#klPg-Jdss`BJn_0=@SprS1n_B`aDD+_Zk<2RcpQZ!K3u3yGkTKc{u?CPF$y)Tu z=~>N|wSXSNmYRLPmWQndx{&|UZaNu93+Zz-U7yN@=0{@~;jLgNPbp6YH?2Ary5bMl zXBm>L3yw2XBfID%fb(x*o|*%42kL{9!I|wUAS;u_qreHz&#}Wwi&G7Q)6apk{PGcUU?ZgLN(@uIjtgz=-(D0 z154&(3umcO?|GHaIaaDdG@T09)zGth_+|F>9mW)q$p$Yv*TQP_E!^zl>B}m%p?8KC zG51)!y`4Uk3I&+B-LMdPeyt7Mcsy1T za;E<4Q>||8f%u;<%~{5?UF(KQr&Y}2rOnhCcc+<_RVH(2WB7_$o4YAZ{FWRFt{?Tz zP@FVhzA1Q8N!k&WFMHnlkjIYOvC+mZFh=P2;*fRoW1hTu_td#-SyEUENX;R)^^ti9 z*>Q31WRzB#L*VWDCx-L$616wgY&bFGwa#!Ee`UX55;B|$QrqjP!y;AUbE_WZC0cV# zUVz{vzSHjsD}OCb201{tdQ-tHPm<1oK`amBMFFlfJyUZBcJ~#3@!eOJYMd(u`*%w= zQxHGakZt)-jf_6NFfEy!dR>MKDa(9YnNT*!o+_|51GTuGITi>NJvaawDcifR>It6I5vX>ZS%WkWgiQcl4Gb3$f?%*RF ze7z(?L+KkoAKB4Xl~6NHFFPyB*U1|_ku519=DH!1NeFSZZG&H|(r~M^ti>gxQ*jqX z4@Mq>2S>Wg%C?Ssy?YgJtwzmtn$=NGfy=df3ET?k@C8(o@aLuQt#%A+mbPR5dHRg3 zUhOy}Zg_uke%Wlf6UglwSTw{h97_qy}V`uAqhu+`= z!sRW0yNn*-9s^$Si-b34g$J6VuMgTKSXaO%7MI zopo@0_G;02=d)cR7eZzQny#ipqFt|DAOzjJ96G@6wZEUTQ^n;xgw^r#GJ2J`GCDkb zIm11N0r~E>TC|rJ>v2l^>k||8g&NqPZ7nqi#*LNVx6OLTP0NEEM)zqHD(^G?5V7#S zuz2-!)2jq5f-4hEJj9s?hirL08Djk9q2BLFT0Vr(O{cR@5MqD`OsH(&QQ^B^F70Xm zVy!MT{~HizcyRK6(g!d857z4Oz5fEU{{4 z@~)+M|3Jr)w=X&Dn6|K4a(ZT*`k98?J;cU@l%=6>|39uXjuqZ-mO)bP6Bp{$1AM5W z>S*+4QUr*6)Y&Ve)0#RnVzGVV68jcD6ZGAx$rz_4$f4l%dN<=y^mQH~cnzvZWU%Mw z^@L$xmyCbMpa6`awzyawOZ{tWSGp{9o0xxSlQ5jeb2vD012tk6{}pD~hXG`lZ^oQ? zvRNu1?>g6eq9^43bP!tg%;Zf&VQR__jg5Sh=*tyS)W)JTJe85;G$o>!Ml|MfH6YEZ zwpw2tsZ3uJGC&W%w1bW1LLcsuS2e4PhM{|#1(G30*_jOQ&&?*ov(;T6&bV1YETY_^ zhWD4`yhmo)D6O-9PmAt7`u$>VD6Q|?Ti@Y$fMC@^+-Y)&v1h*Dz!_I;+Q;CAVCCVx z)4AC%n*YW&(EmMT*JU+QtC$eDZteE0K`1Gi(wCh55G zGb4e~c(Ur`&_wCMi43QGJ(!Sy2RPS1#bK)8j=4E}a^40~!+)pxM@=cz1>O@)76YVd z51oF-Nh4Y`=4k5rR9_^+XP?GREiDjO7gIdRJ2>1*S|r@3k>02dTkaGrhA8c)$G>p< zvIK%lvKN5gXG$BJm1~V|Chrn>K`Fs?PL4=DTOWw!t7qP^p3@0+(a9lNT@9Xpx0j$9_A((){TEw zyD2Z+)PV4`|AR5gQh3MTF_}l~OLK2r&$y>+-JqB2sYA2G9+qe3KDj@P=4iW)N0_UDkubgv!IkRlKvx5ek5E?2fAG;K?lVW~deC*!yR|c&&}>{z zC&eABD+R2FYXZzgj5FomekU>6sju)U%?>5X99e_=>B7xsDY+Gi^#+K*;%!pH&A77a zz4I!Cmt98xz9H~CsSRk~Z@PGHh2TV)S~?+geblM*J7(m1F)e`h9A(y5o@|TB-!L(< z&QZxX3cN5De12+GVmnW?#e6)n)}%Y#$q+OMEC$P~T(2T!HN&#i;K07j@T3K{SzO$b zUuE2t#awV46ll%Jc!S092(tC6=ImrzL!rX)T3Uftod1M44b*a~maHQsfpFHg8rsW; zuId-%eLC6e+mL+Um?J5LJ6Rm$`-PP!8ql7>x~T!p+D0j7;^R$bH9*gP3C(#%+WM?3 z8Jdn4HxmSS^)b8UtGTZTldM<4q?*=lU0j>mRofsxwrsL zeltrfN^gkm_>ta7zXB-UV-gY)>eI5aM`ivtBL2_g{6YVPaAR*ADUOSxtPhiAJt?31 zWXRXOiS8KzJD<>ugSd#me+B(OzBkC(`AqkvghsamE9>BpN7!`A3{iGEFs;xk>EHoQ zB}`%TTvh_RPTKnN-9J>h8Cw1nvq38+8rC)`J_jlXHOi4tje8hlN~7pTz!Bvbus{A@ zP&kOmm32SJ(+=6!`c8_zL4P_T2ih6I@%{J``49$8%me23X^*aYFbMr*AP1G* ze}u;jh4U|La|Z<<Zhn<#RUFi1oSwWnBUK9|y1t509%)AmQBDsVD8gxcLP}ZXkiS^LLJ>%rn9;!19_&hf9N>TQ=B5{33X-}mOat1GOt$WurQTqpZ{oE z?7D)***uv*anR?5b9*x@DVdn6BsYzRHJ<0Ec3g;2B)gIC9&F^xW%EdPg#LxpcGuvpcX zlNn{{F(RbBG^OQ%X64_*(HqjA8dYy}{fhAcl(V>CahHfWwCCDn{3-oW13@v&6)#H( ziDr}oSVPJ53Nb;$GpKM#C)Skq^379QV6#!cT5shLbKXO_Kltl#86>Rc`WLS{9FmuW z7cqVF^a#270CQpMrd#z2)9QX%#_AARBMRkIZ61o*BzK;gY(ObM{9b#S#$@QiW*mZC zzf}HhZP5AHd;oKeVb=ghGh(2lixX`Jn*;b~DoW{DL z4;}+G*u(CD=x_cuwL@=+Rvu2XzD9pA4)6(EDif6-0QbrpQl7L1bo@gi;?g{_DX5oR zp#7KF2=~LlNO9{G_8TrNFOTkLY1I+9rGd6nsx!bEL7+r-9VQE+ZA+~zZpzd4BVl?s z{X8&Ds-U&G5NMYrG$HZ#_7Z22hWH`s;I{E}o>q7%v)*)HCO08|*{|t|sY+^ap6;(k ztC|=|jx50?peecF5BcFAtS$m#$SiL$!!m%3h= zU`UqYTN^KLRcp%-W(S%74D&%bpsFM!!fwyDxv_gMe0TUQ*0A2f2eXXGH9jTu{?*;n zYOD4Hu9?|MD~T$YFc<6}vRN9A zy=`Fl$GqrGL-Wor+U%99(8D4@(#V%G5_t=P&i$h!Zl1mc0YJBYvRhve;|xRzDY8Cg ztyv>bS{()7d(B-;i8>*>rF$>tSv7PgyII4^Xnr#!Dp9`Ls@*IJT>ZFLOfkAClcaji zXiFJSim9B+swp;=H1W4OU1sS3C#@)9cK;va ze6?V(t>KFDOm}p`qO&ETNuWbe627W}^I0yBtM}U`O4jXtcw|tS1NFM5^YIbzsn_tUx4tEwG`ChoZXo1j z-KLos-d}&=4?O8Lf?x^rw}X^a>Pq2!uUR0Dm3AC#r*8ZgK}jg;+$UgWnhs;p6Bi90cG1qS1iu2nGF{Ui{r;hxmyv^3fZ z>%aPgSFbTLQjC?!&>>8VujtS@k$KchvoZUVsiB$CZM$y}|MXhdKJ;00qH%qOGq`Bz z0Lnl5Xj=meLDSXGd8b;tV$POma8c5Ce!ZL|Ngs#vaJE*3tTx~z85njJ7zfUu4}M1U z9sfPMZ3iz_#kf^#QStD@`W5|P|2=$G4N2U?qtQ8XrS5E6LNpxn#uvSlsCIL4?h}=u zB*5Spmy1WBV~M(egDi8fGj|(cFo(Z@J?M}1k`}%xt3rjeJZobt{P*kAeoGqh5H_3> zGs<=D8~A~!6zHRWBkLZAs;?Jn>zuMgREtKs@;Qa@yA;ll<;29`;23baGG(nr57gy> z+69{rk_U|2ee%0qsCNKH8Zy=_AtJPVpP#c2WWMdw9SJgV*g8F5&6?5jD5?zHa!Rw? zgLckIq9C~h4MB>)OqV7y!6vze`7D-YVR8b94Wr4xwp-0LO&|*=cE!wXYO%j+Cm9}V zq~pHSNv+?ehgdpY3tvTYp1@9i<1{bJK775srg(Rc&CrhzWZm2EORPa{%5D1f+jLZk zmigP^EtQo}eGiG-J#}l@Bw1eT_O9(~^_lp_XtyYg%w*4|BGSsgwhyz*xh>I``$;w? zF7wt*JG3ibxA<5XNOxBu`s!EiL{@F8y16# zy5e#2f9B_87Pc}PWvls3YFR5fG6HVeaPCV-(P4BOtk&_LRRYNzk@5onbM zoL0wXM&GAa=mlS;_sQMy2YAR;2-AU49N2|%IZ{Ux(5RZ!xUoilD6NpzhJsqK+Yib~ z#M&CR%IRURaXBgQ^o~30;ANaBmFz3%R0)R~6+wd3y&;4ifFdsD_36QA&_-+MpnWI` z<5$It`t<~l5Jv@;%<}rR2aObjWD$TRxAci+=LfeF+LOz%-q@|xDWy6fQqV--P`Edv zRGQj5Ri8Uk16gO;c~fw5yu&Krmt+pcBF9SjY&JY%s2H8l zw5|AkGiqDjAysZBX{PiCW-CFyNAh}*eHx9|91fmgH-x(@E~&suUEiyLODFMQd9cf=y+Cdp7%IJSEHcg3|0=z0-4pud>!Bcw1w2vMQIr2?fS^^;`Gm zd=ofE?5UAPVMcuUy8JoxrK)^~rqg{QhfQ_XP=LCCQ?K+#QJ~0-mYEG@%_ZRi5IU&^shDTlR)G$_O2mp*^;qS#MWj_7w`?Z6!&qTo1jul|?cLgi&6pTXy z<`q2Otol{Ni{vs{48dYUg7nz4y_FWQ_Lbg3N)X2iZw3l&wip^2L5V-`mW$u6EXwT> zC$e~OXd`1ev@dP=qqupTgB%ttP+W)qkW09R$!R#LA0ugvmF_=eb3e9q#PvV=Hg6(I z!hbG5*jGX<^$F?e$4$!8k2gev-(D?DZcDX`2#6G?)`oM;OWXA(&cG^H=kml?($8?l z8D1fNm9VQEzp8Pi zCl>6TZqqO_y=xlY?||OxG!3`gwGz2~O3?outo9lBLX|7GToYHEo?6{;;={i-XtLj; zJ=0XRfI8%Dr3)jyj3`T#U7Jwp@a{xQ@51=@*LHr8&&SMaX4H#MxWNQ_u(cn`+>OJU z$i_)6ROzhZlk3lq6f1Cwb!Tjm@pIQpi6v0CELbO{T0i$)S;a5AaQ$jXI=F7F^N`bx zJU<@-_dm>o!KuDpG2KF>T$bBNc+q6(Bo#1TyUe}Ie?$}74M@u+G zsCZYV&)3XEHg4Tmb6^QqxA)9vomnkYtBJyH5y@Zuwk+wEN@&KC{eVUiDKpZ6?W{&G zE6gY4YDO30`A-j0aBq8zk=_LolDN%Xe%E-zqXhr8CrCR*aV`KQw_5A!FKU%(*5h5fD$5Z4ro#9$nmILNye9lRVG!N(YVx-{PO(gImh6nhKUlI&2Fb=OiMMEaC zbbQCnyvNJzi`2a0tEAjwxV%`tfg@Xi+s@$;dG>a%@YX5NFO+nF=v{r7jOF}%USsPO zS)Y6rL@qD&#*&OvzAy2rdSCd)d9KJGch|4(o9!pD^Dkx1Na*Ol7+bof0FW^D@SFNa zduqKC(M1?#8fNZRgS}(ujP}e>fH_y&{-z4y1h~myH$$~I&wnS&`Rzm@QWJE^F8{2kqY$6X9i zCu}v}cXwXY_&dHuuZg;ESkou-?`qP!ZKh}`D>kIj_zIiD>N|DBD~(szKa2O=*jQP{ zhus<*%ZR28{q4ut1df6iqq=-;H>V4n_epuVkDsMpU_deeiD{?nOT;Khlp^x*Ea&uL z*i6SX^oG(h9I8ZQ37Gu#Rh-@&G{P$4%Q*S6Cw5Z&yo4EIU~qCIZ&+84U|sX1*gbYm zyvqX4*vd-vU=g+FkqfU6kOqv&gkbD0dl#H@5qhu3sn)|gQMGm4HN}`C;vPpLVl2Oy z-Dx}r4fP;td2_!CqjUvl%%wE-)b^J+;$cf`-X7JDh^MZk)sWb&oYH)&#zfyu&72T^ zKbv~%$_5oY)5;bJR=y@EzZDFS%r0>}#8XfIqGM6RG|=ygqn<}v#1dc%X?^#k zogs17bb$rl*Hn`1Mb2Ax@U@lNDibw{HWv$%&9S2{Y^%hjcUcGR`Sx|zS5vMOWw>QH z`0u35Pv3H_wC}F^G~%cpdfyiiCu-9!_wH(WW?1k~;~k<0BuDYhC4;f%LMd}Lcj_vl zJ(_$@nTklX_ynE9d1+OEkl`0b>x8=W?@aOtO}RyOlk;iAn1RMEZ_b3vKkICli?6Tw zk4|h4c?xfY9@G|_g(&=$kT@*GIm~-9wCeW(9Pg$VF<&nO8$H7&_Xn{ClI^2^(`u^) zNxCZ!6O?opJ?r<(DflgrnZKBCG2xcWkdRX!Cam8yJ_!F@sJiU_N*#+uOGzBspnf2S zU(BU!Uaxn;RTLCmmcgWm*2tjMoGH6o)BnLa))udoX1rT-CXSm~tYo*iS!3pwOn}5s zb-gKC0LTa47In=XD6xpGtgKOia9*>9T?Hgd@fTg`~F&d#fmMS7_ z8MmIEvoKOKzpyqt)J=ya&pQoGwcD7p7&$X2kAl zRyh>zEl-0uCS>|Da0}|D@E0X^b@2V?5sP>jpOzvvZgWX#Jp}dqMydPlCC%7a2OKCi zWrb(-Z+c%~rhdS+N;`Q6K67#5fz8CVhn08<*PlV={g3*$0c|%EfF_S$1~zJ_a+mVi zsW?Iq+5N`1r2OH~%!idM?KebKI!nO*nG2%Kk1NM>7;m4NJbo@@Yb<4pwWt)K0qS#V z`fZp54=X6*h5Cs(nTJ7sBT3HYZm*g$yEmT;OqMK+yOnI{G0J4x1NI08=XG5QLb4Vk zHCXqKKpGV%T?SW;e4?+yD+>i*ke&$l*I z_rNLGTf{502KX@Sh3?r&o?AoEEzYd#Y!ZROcIsE&CIpp{@Avx{Z#dP2O;V*s=4y z5WC8+iwpyd_kffbAJ6U_{BQopfgs0b0A}}1XK<@OgL!83I4AKO=G3E{^l)#r%h7)U zJIjf`h9npqjdMfN^8mr=Y;6hyHm_x6=QBTZlaO;vt76is#tu7R+GS=3(e`Kb8kQ@M zf6D%6*X7%*cCF_XI4kNu+h^RtPl9-9ecb$4pwq0|zlRa}Nao+_7LQ{7&Cy}F`R2d% zQ$tVxPnFYuOsEQeuuZ|0Ui^sHoIWN{7d1>MsLkiH7;zo{<6>b5h38GbY0%1SxWjg$ zVLEpNyjJq>$x{qj%oBVaR8k>2`)dBOm|k3-*z~ZFQ-;^3&ZOOco$H1O&Cj(?kjCNp zvnxUBT6(pa!e3tURk!~ec*xQ`d-xX9SY%LJb_jJ~JFs0eukg*=iy$n#oeK}%&yW@-;m1%Y7hBSVgv%EYB_ z0kfk?js;cZGLQm*^oV6OE(xfxF^$$(y8YYjw< z22LC}!N4cZYt4UUI}DAB(L4;WkPWs#{(=q=#C~HaJ|gVO=9x?W0Q0yFLAq_M`3VGF z08jxnyQL+nz4j&uwspm^0Ckm^by+V>9|nLijihJ=H(t<2plaJ9$jStR zg^chztB<6ovIUtvvda!lz_SUVbAF!WQSUOVXlJ|rZ>fh})?KDD^;r78+RC0%{yHlE zSgT%H{02b~AfQ1Om_)PXPbuB8z~scg={37Qvw-+8f=^%i2^w8jNXd5=(&*9sizW1k z0R|rakh6Ttoqk}T1+j(~xCLq&CxuIW7wnX@duz~WUv+mpH+_3CCA>hBk#Uy^8g@os zDhrPvg{8unj`DV7^UIn1Q+@gq8u2h!b$tFZ=+W0oYFdLj5WT4p0f5;_A3xeP_H8_= z{tq(R2W#(+=#N)u)kzb)@~MWHJ0WSP{PIog-)bd6J@y5l2T4BK@xz2PSI+dKSjFBT zaEuv$Q1A{NVX0NW1f3+6sq3PC)cigL@pqFp53A)PDve(JbyVdy^xhda02%V9JunG7 zYz7^D2ra+$--^utFCZ2F=g8du1%L7X^Na63deiV5fRUA)Kl(X;tlSrtAu?Uq_BsD| z`QP7-AX55ph9)wT2SlV4kj2?{93f@}YK4k9%%s`QB<^7Ptl5>anSA61;a`Bo58z~8obJJV>$nzD?$p4Z6#Mp|cCYi_#D!#!YB z^@8=}klZ;bnC^ICcv#@sg!r$ye>><{ws@TbK8Pbs^uhpy!yW#@$9?MT?23a(HB~_w z(TBIIl1eCff}KcM7y$D#Q2+23`~Ef)2`!8nK0gw9DL!7m$nY#L|9GSIWMEA-EMG=L zSjJso(%|@+7xqNrbW6NPW!oow#7##Y)7-6iWDvMMB|T3QpXi zS8;MiQX$8jSoUmf4MTF>x2L)P;1_D53ZtsApIz<36zhRX2UwIrvS_1EgVEyXQw0(w zmD2LB7dbhs)p=0u?nWE~;#p{t}+@^;6 zM#=1u7pRoRYGG2yT_ItG3(1Nv5V|2Y7XS~`I3w0=AGE@ zm6KMi&{auP4n&0A$UeokMBFyo6#i->#`eCZH**xQL0`QU14HddWA>a2@2UYV!=c7F z^ykcL_C&%=*HM-o1H&!W@Qem(b#{@N6QkSe^cHLv;wAujnx5EHrw=a&<$6uf9aK7`t9X!=v5Nb#Gz&-$ltk|aCtIvp0mS9sZ*Tz8s|q#8qY?f{d&5`2Kt zQmnzoUa~whxC^OZ&xnP#p*@1f?yLZqkwI-(fOlbOJKkXbhera((6_9lmk52TQVleF z+z+bGKY#x+$vK-94AXCMFWD{g*Y1ufTs6+^=><%iA^%<*5{Xch3VsG-OtA>!>=d7Za; ztWl%^NcZI%`$S2pS@Y9jgsPLOles0YlpHvA;UnAm)XN)#;sn1w_l)NE+p}v|{0Xo7 z3KhCo9?snSIkWNAC=pc#Af*fp=}7wLROpzeoUHK!V>?52Z9w@{A>gAn>Q2#w9Q3XI zEkd_Q)35@0DmNvCUE%OxTO2?wq`#XFSlyE{u;EiEQsLMwp7knMk6-x^fe{F3!v~O2 z)XR|7ECK5v-9;w$6zr(YG?F>SvFmoY1Gt(S*0(ftUqP015nNQ;5b;qqZ zSHkYahr4{{8E70A+;DT%5_+~;PcF?f&4IHWwJu4=f1}>)i+JL*Tf@|_JMwU%>LBfE zP5iMeEhy>d6oS2SPBK|;B}TwHWIx{(xx(A~Ra7~cvZL$l45c67lr&>qn`k~|-c1Kv znxvJX!rPT+09~nN0rf3Bd}_@}e=Je2v9t9?-K_Qn+$vDEYG3;-HZztx`LMTi*->4? zI7B7j6*bDo8iQ

  • L;hSl-Yr&2(&;ImPVW;M)HCA>usaYbTnVTZv06yNrVqdnQP; z``wu`RBv#j+pjGElnpQD!H~VMso!*nsL~i!)dHB82Dey0G{W zN={V!?q~Cfg!VZd*xH$LVRA@xim15rVM&amM%yzU0A?q1TdhQ~hQ+1iH>&WYP(W~G zM#qipyq_0Swq7FG&&ye{j1bP&6!mQaWwlQkUR`u_fx>XDJy(6Z*ngI#)M7*G?R&n? z8p(*517&q;z(eM4sKpvrEiL9IzY`1-)-hHe*EwNhuQ99PYwbIQ4t#<>_(!k_yC!=| z{i$^!1HCqRLk%+tiHGWd#Vrdj3*^CF*j7q%8lmMTq$#CBxWq)&H0hB;+T?!P@C@oVpM0<>Cs2M)wNeu=?4!{)!k!-g}RC8 z_H@FBFXJG)FL{(RLIJ;U?8#rBgVgR;*K+K#3OG4edHA78G;dlrd#3a-3DvEL-Yi(0fK2Gt8WhVP_;WZ5FR7F1E>w+Nl5yZ-iTRlOX7| z_NpzH|AZc=Xdot>cPxM-PjmDJ&9FuP4XMr)LM z(l7imrcU)(EC0nSW!6}3^ZfLblnG=%GsA;xD$GcgOQ$5Ew*89g$KbEs$t%+%O@kNI zFJ+8FeYxs&dAU{$>5IzATz<-K@Gkv>=tsSR2tU{*2*yY#`HoYE+m6P*5siL|7{7bf z4%9Vw%1*xCl$h8AuQMhN9~|C&w!fK3=+JJ za3q?^E3jGHGQD1vqgx6e!-g8Zsm@$@Sm-C>E;Aicoc)5h+i*uST>?I~{XM zo6bSrRZv2+DUb|jAoHpceM+_lsIp#b1v|jhLU$?#WgDc;BYhql^@IXQXKg{}j^Kd3 zBsmGliw`9jSe&|YTYlH|OZi0^_W8h`>pUc1KU{)$%02be&#&Uoy^wmtMYrPC^|}lP zKXQI4&~-ML9z3N!GEw;>C;qTOli&C;zW}c#n@!$o*OEg6WtIgp2DJm~a-~^)L_TqL zi9c?60)|tqBmWb*OY4}uWg3^@VOah2gqwlc$LgkaF=9f1svt5VujmFc&$qfEu5!`l zd$51Xy@9;tnF@_$_cB*$(*mJ-3(p-!gou=pVWVL|oAr{@=z9|tvZT}ZpMesDGm)dl z>v7dO99Bi2_g@#1Hkj>`15(AGzYL$_DTW|<&wVuX>c5k$rwWSC3wLAB_sqRKEvTUv zpA$fp6`rNsm8@3y=jUdyS*<-x-2PkmVhh(y-0YWr$&QPMOBYJKcy-a zqS}x5Reddyn2nyyOF2V;Chcsp3YBRY8u>t9=H}S4d*`Yan_U^{B`+-oEkluhf#2I3 zUq(z9?Zqulct40`uP&*4v?*2CW%$N*sFbRIWm3+p;x?}!=t=GZjU$#FrnD~)IdO;Ak+$4hqV(N9t){AEAMzz=0 z!%7o_ovU@k#IT>OG|E|K9$od4L@=$vk-D`}{uUy{ise4R^T5*cvzxk#uhC#}p!qeX zMMa$c$OhC89jGHc9Vz8=9rR{Vf|HuOP}AS$-KV{D($_6XrRythdh_Aeql6q)C;%Qg zad^H0MrmQr4vue5vJP1xW9lAsGccS^YU}!2Na=c+DZf2`!7Ufech(Opg(ZO+R}Rac zD6dKRFlVlKs#g@$EC?DMDn2qpU~}BA+i(1f1yF6BAdZ}qLKK)J^APT@8^;=;yrQBzE0MtydW}^H z#n!N$HIsy%_C6-5_HF14qCFwIWhelb9GnKg*F42ot-T+F-v;*Qj29 zW#uzBhTfIry|Ox?KzbjYu)8)CL1K2^S(O2jl#A^NkeX+B#Tw|WU%Eh&LLqZ-A-~Q0 zrVgWfPc_(*vWtw*A{;^K?9t{3NUx_^h`eDFyIrCe0!_RRI;>(02vGyR!xRUoBtz{+ zaEG5Sk0|5t@vAj-!-O_lk>z|7!Y~~e?ZzsAJ?#Jc`os;+9{Tg!>rFS7#PpaWweGsA*v-C_@shakg)RYlVn;0d*|S%Y0htE>G~^m=YCDEOB^ zp^wtJLs_3_Xsj;ZefKb4&tATOVn6lfjn~_pJ$0=!7r$?U5=h{L!)<>AjSeG$upoII7s>E}< zCKj`o!MAa(BCO6nQbmX?|^Y|89n3;Nxhc%uAwd0joNN)s7+AuKiyNi@q9YnJ@2WWiTv$D^xG+ zS|8Fn3v*s`($m=0Q&^jSsP_6*hPR@wGFp6g7GdVwqHi`gC@8gf)fj|Lb5Ak#1P1R< z8A|gqzaS`JRh6hv&{n5|R}xz)t|(OBoVUjpv#zIZ-+GfCMmSa$93`f%ixB|NoiMBA zRfhPDRvE8@H6lYy<6H&eBm}H3Wtc$an4WyOEVgVoW_P@swe5|DZrY+Cw z>=-I5SK%$a?MmSvqnH5z=%4nh^g`lIBBMgz;QL#~QuS7YC6hcK9{ihBP^}lCgDEGs z#Oyd(TBFU5$*| zXWw3)r2O+Br8)24-)0Z=QcQ#Oi!RaHm3Bc-4i;UB>9VABXC;_1w&dk-u9|PHT|G2r znNNvr;Eh61cBL90^i>kIzE(KE-1ktt!fB$Z_IXp|w)^t#FY?*PDUl*| z;(05a)C0#SLx1iiJsD=FZKXq{(~DQ5gWzM`BD$?qu9Ysqki28GG8Y>tMgTxJBy8Sp z2L<*|{ndYx^BbzB-wxb!A~f-g_rRZWv%g%f?yj&a9xP`CJoYxGygzA4b2H`-e*7i} znOVr9BztX6fmXjhv-io>lKint(X#=U68oZOEC@&C5@`bXccM65M{D?Ng~+l^aE?;I zU5M8_pFrSn1>r1ZEMx8}$F_w1KHqLN81=zA)f*LjhKcNT-6@Ixs7Xioh7t?HCdLd0%YU3%5h~>?Ods>c3j4 zmH(=#dKnC!*sGDG$rxVo9eb01q7Vi1X0a*(aarVQaTJ2GV&Z)iNgutMz>}?)=s8o1 znSKQPdK4&L>ZhdE&jPGEU{PJ?%EXDE znaeT026ssPyM%*<|CFBxhA6w!44QrAp9um(4hV)<1avN4_gtheo8_P1H#npwW3{F& zsLwMz1>V2zZ2EjR;y~V|H&ds2ou8i=qP#&aY%<6YsBTG)0B}$?&L6leONMXBc`p}n zTNWtxH68hVzBiTkcXEuN>Y<1Bx(7PFedOQsl!NqTDL2G(%2ewI#}ZzQScawCs~G_A z!_;_a9f9?s!n6uF*w7V@j+x%|{u1IcQw&z)@z>G}0Ny8_A3yBdqlwiN^A1-sbsgPD zy8azdZ@UUaS=neR6_{+$q*1KkZxL!czyI~I`)M|I+`$dsj}OU~D^RDT=CR7Z6OwmP zh+vXEfwEqP2pyK8s8La?joS)z(YAy7X#KBK6yr&Gjufjpo37~r}L!r8l`&B^vH5k-kzc zpS1>}G=H$1Ky}{nzo{MoP71j^f6OUP$~u9g1mS~|rOkutcXHo~OwQ0KWZB`JX5_2R z_wO)=z}cd$)_AU7V{8yPLiS1BzhY3-mN7)>UgE0iA<0^42n7G}4tF?=DN~{i8S76o zGw_%H3M)E}{xc}QH+ej9b>(GBMSW-wUL1S#8PkpzSgo1JAk$f3M7T*!~rP5KuQl5c7IQb0Im_;D0 z^I4co#2U9JS0Vkkm%M!c695V=e3S)K?M@Av#e&SPd|gt!r3ipa?;Fi{R*^EhlZxle ztuZ2sG^HUl69ngNhmfboAT@ z>-f}>X$u}T_JH@p>Y4!QpG185qN|Qx8<&aAOCA?n_^RalCO_P(ayC&?<)p{zbYyj) z6T58kae5zKV9n1qbGd6|EOA3^^`lT^{8piT!H-3bF6VwD2)OYK_m%jjyoxPbjt}zo zGONxeMOQA}^)6manGsAY(_i#&d)Iu-P)dHdzS%B)Uv}iPi#2aQ)?Y2~pXkYjYt-B_ zbV#3-b6r6~Wi64|0RKVvUqzP(Tb~Sz?zc$Sp&(BKWP0EAPfY8tP^bc$x+I$UsmR9R z(mcC%XGr?H_uFzZ%Ch6H%sra&qGD$K6O+u~PWg~NZmO*57aUZ%o@3AWc>qkWco&~L zBS5gQhwu&fJZ|Sn(1^8|7@r@}?mWGG!?ILt6tWP&Q>U;xGkZS?ru)BoyYhc1yZ5h+ zCt03IvR6W>D2(jtDI!JoWiVu4#uf%+5Km;^O?I*~jC~n1BV=Eb8HSK7gUP;3_V4X^ z>ht;j1)uYJ-M`H1K4-4`oO8X;x!%{guA>w$y2VKo^9mPI?F$Z<3`iU55kw8gUo5?vCu#s`Jbn`z*x(@pJqKO;e^LyBay$X)CM4;R@%m}9wZ37%?6t6ro@;t(S(Jm1>_?V3UA4}YTvwb>f5P>Nyy z$O>KPk+okv(23JAJW2tO>C5Qo`!QKX!XOeRNIDrTH{I1n3yxwQUZYGat`;cMB3>?Q z>D&H#H#39Ld`S(1Gv1fqzQHnB5j|R|Vp67wv*~w+5XY#UlBKH?gLypQlep84dDSc;lwF2Lr-3a(oAfL)Br~?)rYWEeM454#~jG)M8d_#y~ZUirTogGg$ zo9gkI(sJjx(&XX)Nt#z#kuCxnfr;iKzxt}sR&UeZ*hHdE#aLxV!;aOpcVk8-#^7`B zjOgyjLuEhAthkkCSjOX{!PUFaV8_!BjkY|OycRi2`!jo6PSp_W^DIm~s9uDLFQ{VQ zkm3~F-r(ItqDOI~4boUF&=ZXQ@g zBQkMc_mT`mM%S}e?hOqdm|01iC`4x1?BG&Oi6i6=ou8k2@#}C`#b{<=Z>&*0tvE@z z5G8lGn~A%WvP1UYi8FPXwfh+jD;TVNY*qHun#NK^h$~p2F8P*$tXcsl>P_&|v0)J$ zUvKf<`hu4Cq^MIoj`amBFsYgHF?i1(v`XhDPRp$Jd~UoSQqUo3>X|PRZLp{Cbg3Rn zOMkt##Jsj2uFQX#m+)-$hbwZq!txUAR+{|cD%L51{@#?VZiY>QwF_CLUwX;;9q5N* zR!~iAE&j3+)GDJpEbj$lMG#_Vo0jUFAxRX`Lf(FV3itAMlE|>ZGB@;P6sGq`sfu^R zn6MxG_)TNy^6gC~2Mt^Qsh8QXq`e@H^84MiC}4^oQmp^pXLbCdD1=P|8`)iuh+Im@ z7%@O0$Z16^J-e*p?_l0f;AvGl^9eu5Ft6kGl59&dqfJsC&DVr)sHa zKS+q9qnICT!Z>3xPV`(Ukx97AJrO-hrkLv)9j{H?GQ! znl43$Hvls1Lr3=OLA&8$XNj_f}B>3Y5M!nb5y9oxy%qRbBQ z^9##nW_{B7gj$9!4w-2ty0dzy)Evf(t+RP9j6|1!{!S^0U=mkz)yq`m(`uWR0PtCx zTFFl-cz1KJ^!|ooCTpCs6OwyuIqD8yOir0u%n;C)dR6p%Glz{)+d(@ z?54}-JKakRZZ-?JrD>g-w5g)@+M`7>O~G_<>L~BY&3F1SJoE?qhs-tEUS-R2x(jM= zuBB5s^SA|BFe0xwLDAuJ1=AVobW>6A$=Ra9huTu6k52JyMHJ&l?>B=UCFh^p5OPzH{gFw2s{nA6-o=vA5aU zaWbI#7UJ02q^BLc0etGST(xTVc4$N5_b>P(8@AbsfDM>&5Ws>da{*O^kx}&Cr=Kb4!bME+6NcL$Ahd-aHOR8oz`b-_VZ` z8a>BT$dIIWPs}Cg)Y#Am_T{R}BDH7jEiU*@vg6Wj%%SxR*TMteXtks`)WZS$4SrckJ z%FyBOZ@WCa*0R;vdx^JhUH^Dx*Q}UB=Hfw(nKcWuNw>CUbE(UCY>$jhv8BrsL>zsR zh)&ZnreYv1RQ_w%s{ebh$g#W&AmUYv_nyF>v5-*#wG=A}GX5e+!IpLYnC+^ddr%cw zNmn7Y>Cp{k7*XHKcBvSb*rD#O_gDR)ELc}jiU=ZE|LI)2B+tL}C1wvBt)pdko<){i zY*gpIRarf5N1M#zHEQ+~^G=|BCxzMcLg?#B)TkJQz*v_+a8=_XMpCnC41RRT{|u07 zQk(=K`R$a4UGE4>G+ilQ4wr+XctF8@w;Slh+Z*Ru@jKstRDCd@yqk%G>2QU;?%Ua@ zu5dFjoJR-=jw7GCt_WO?Z$w504}epj>>vP)bf)ke$K+nzzC^Z%H9yu(MN=>J5}j22 z+7x+bwjH!P7}CopTH~bnSV;a!a9Dz+0zCgyUfoiZt$(V9mCb%NY~T`|`aCdLi_#`M zF~$d*v@}IEfaZ(xeik~T+vR^vNL8#`Tql`%)ZUlGwY~P@G2|0ME~`XeuV|sK%adC} zgc3CJBVr7j)Wo`vUiu#ACY@XVX0mYZ21oKorLm*U06j`tb#2s;dNfBemL|hCYS(*@ z`Z310i6I1ZJh!2H2scxS+6_g@ykjxU9A@K9;XB}8o~v-EPngGFst~1#Qxx#xr58q>-E#r4kq=EOB`21M^^$jkP^gl zmBTh_$1TXkyY|P=Ef@dVMpqHp`pz@sqP0cLm#$YX(()AweSlP`iQM>{A3RKsX8J4Y zwv^>WlJw%sWCtCxXmqjjy^S<_#qz$JtM_2vvu6JGfV2Kd#oq50zX2hBJc^N`)NoK! zwB04GA;a#zp?ND?rib;b z8cGl$$|b7i@f`vAmLlN2x)e8cr|(;@Bt)@#f<0c5S9;0KrsL+t_;0&^+AB7|T~)*~ z<+W$M5Rp1$;u{@H0)y{|O?H0qk2Ewz(?ej7p*P)}V0jP5>f(yKR~MDo5^EQX%bo03 zuR*t;)Uh;=vXL2?|c#JXLf&GM4?c7%=CIP z$^2Zy{i9tz-Ki{rmr`E(1%b`)@~U(dy)>RaK0Lo*`_(ApGJx_1d`83f`#psWFxTvl z8JHF?ikoc8VkJhcTyXfNWi!iu!*vH|h}@G$ zM<~buut43;cp&R8Cxnm#u;>^QV#Kl8>>rDuSETu3By%GczAl?Ir|!ulutti1wX3_A z0gm@KOUV;l-ROQT>@d|9q(gJ{#fhnjKy`|J!W;BZ^6H4Pmx@y{eQ8Io4GQjbNQS~1 zL2R#{xBDnVb;IOWAwr@bS4S#Wk5Gdd2zN*8n zJRS=IY+s4X;`inTov80B1INj|nz%0;8PGLm;<$5B`A!N@f2+2ptME|#v5Ih(Y z4-?$(%1OvJi?N%x$9Q;H0@=>`9ifAT&t9FYOna@nj0IwJBk2V-+)bVbm~-E5qb z36t>*EprNVD9bt!*rs5tqz=61KoKFQY5B_P%qM))!#r?GX;Y0zb>F`6wlVUB8B>Ss zjjP!XzEK!r-ymEQn(BePZ6WtZxzy7F`Bu!OIyq%5T(x?XDpn=;H#ucTid@)4JhHJK z27T)$7<||_WlC%au6erITS?cxUEY;iN)4*I;lj)dgLgx;^p8QMC|nt9&F1jPpE(*q zaS1v06MA~fclY6}6XE<(t~hw?jTdVqaa|@|(1Y>(dQUItv5PeE0mWtZRgY&;qjY<9 zhRLl(HkzxC)>m+vtLIi%o3$A4&+0F_L?7~uFrhK9Pbs9lbooA2Yi0?iHtFd4?CrOTY~$agz2&`b&@X=PA+4HP zLvXa;HXNZKAvWzhwHGgkplDn<`sYRv;HCIPz@cy$5?#IMAo^TtYUM(v8q1sCUW)g* zcA_I|ipOo}%){|Pci8Vg5F4rnZW1Z;F{IPSp{BlKWYZ^Jo-k)8tQqll<%b(XT4m;P zO`P1sk@SXJQ1L;%oG{FF#AuaTnQHB{!4zs``_{6a(QZoE_9M*#CN%6hOg|u((O-4` z-=mZdh2;U+(6k}jO@1Uk`i&!`^QHWoqm(aCJ(R|NIDKxIG;zDD_9&iaNSG>Z@A9v3 zxmsgAAm4+=RGFUxO$4B_0LQ7RpyLBD0{Bha8C$2_F)=r`+kTnnc$9rTA23MUj7+sq za{%MPb1$EE%)ZyI&1iD=f`$XVsB^jvJXNCQ-KEP;m@-f4NQZci;IAQc`}g>{i5q(iNc!W=M<~B*&$Bqx%6Z2 zdm6;-Hnm**06%Y@UcEscJ9;VHm5Z@(+csRX$%KvmG`MW7ordPTp6ZiFI+;G-u(tWsDjMC5QFRFd?IEx>D-*+&!+g`|gJ8N;vTYNCVG>D$7RV z;+KD&R1J8Zu;a$ah1V=>kQVpYb8A|OP#DIhIYLEtS#j%xbK16`ERBBC7!lJ!x9G$4 zXrGc^27?n0q&QAfFniq!eIG#*@u2<)6N&!wm33S2Gd|yJe0UhEWjb~UW7c)9@nMAb z%xgQFXnol^Z41>%qw&;Mj+S3)nPDF-5MQ^EcwCs@v=@9dP6;30(w}<&DnMTgFn6jo zY<#dwwFhZMV78f4j$H{(_nrxJD{}fhG|F0j7o|~JcONim`3Z!#ybDR33Bb*Q|C9`n z-M}nk3Nl`P`&(HT)iwOth^Ml=T;KX0XCjeDlalJ8g=kRJBvDo2(oI|E#n^ThYHNta;@L#KZJ<7D-T4K4UpVo=;MK1&vcDq( z?gOrY2l3|s_0WV}lgoC`?3d72N(}zhOn}g-|9DtC&BXH?e*;!P*MEa7IR2Xv)AGL& z88QDaeJ1Vy`sMQEMbqX%+`w$pAuA)pp$?Vr=uuT=({-E4x|+4!XYvooiSB6L-<@m! zPv5i*TiMba$s@>u)$n!1Kj<{>gg^ zG!Rf=Y7~g&XQm~1SmogLem)TP!oT{udr&v9FmmW$lBlN6vhX_?MpZ@a#pD!&LPI~@!GkmJe~_OI&lIRg3NUgAtHFNS*vvhv1!pGheLqKksCSey_=k6wLH}F@5Lzx4qL)kP*IA2~!VYo8S6&aP3U#m{Zro z$;r#_7D5K%@_bd21fY~^kza9i-$;oYC+n*JOT8rdM^dIhGP}x3>!qVs#ay#xk!87B zrH*LMITl~Vuc8D32MPZh{{gObh7jU5emakxQfB`mT7N>G7rIklgU$W2BXdbA=|(h| zJb7vC7;jg{jd0yA1G@MN)h$PJ9Cw?Mtis?;_Wui1j%TD#EEN z%>&+Y>g$0pVgT`o?62Tz4LyM_Ff#G6uCw#!_2|}JOkQ(VHR-8ILvg^3jvl4#sow*5 za}MOaxrr}Lh55|>WS)9{6S#!z!Rl6LGIjaJh=kt@(~;Eutw(dxi8T+#dA&S+!4*+p zn>!|`0FLhTF!pdg0Xb*8&*3}g--he@%-R3&yCkA#w??&Ubhm~^3P0Q7N^X(s{S_e= zFci}TUORwowUzRz#VPY4iW+kupBRBYV6XE-y&cfcM=|61R`g>VRp^$$cazb8Q)q%q z7&bUDqYDc=od?-6dHJ~~w8pZJH|fSUgwQ4s&bkz0fvCd3u`*RVX~HNEzh9pvSEa=} z+n2gooO@^2IrH<^w6}Zn`o{`R0VDqV5y0G7Xplzd=AQxFQQO@LxSG~d+!#9AN1zK> zKG`mArJo*%9c=wN3|9fmgR2FLkDMe<3}pL~RfnWlFa8F{?`Dg?eXT0q4YaC0HD-;N zGRK4)Y;utME51kLHd~aVCPKG>kWj_t9KqE$gOs~_<%kM}QDOmZxp6i|r^Y6;R-af{ z130}XsoUm|3eA;|)w>3$kQ{-JIOSqd;zqbux#N?Y&l`J7al-maU4Br7c>&l75Q%G| zexeLA@pBb(yvCf8c*r(KMt~uR>AO|czp>w}a_I6bqmNVnZ66Qd0r@}0=>LK^nt`3;aKTlbnG7 literal 0 HcmV?d00001 diff --git a/docs/wiki/media/1.2.update-alz-custom-policy-def-name.png b/docs/wiki/media/1.2.update-alz-custom-policy-def-name.png new file mode 100644 index 0000000000000000000000000000000000000000..aa26f451b8012a738e1fe927e5389a1fdd017644 GIT binary patch literal 48971 zcmce-byVA1yFZ8&s34^+Zf&u)xVsc6QYe7}1&VtquE8m#SaJ6NMN*2pyK8^|!JVWK zNPyt_qvzcBo^$7qJ8RaOnY~t$m1OI8KmL54Ff~;LqWjeMv9Pd+loaLOV`1UbU}0g) z+{M5B<#)1e=IzHlM@3y1EG**gKQHV=HsaeJSOl(0@7@r=35m$W?qAJf8De2Q#Zr=c zt?7}mv*_)rd31%o0TYO6%~gBg1jS5nb-`R7ZN^A*XTOts*N(rp5;{229r}>;4r%xE zPftU?*4}?}C-1c#(+}xzT%)IF_rpS!@ZL9k!+Yn~$E!)0yj?s|@Xqcdd7IQR$i^~m zV3-NpM`C*LV|=Rb*-nep1)sMhx@9@5h|{pygY;i5misC?it|h8KTUt>iS5IGdc=ml zn0fmApGK-){#x#z_WXx&;6GzS<>Wf>{~1df7W$RwpP|nmk>b((GgOZ0`F+8Eja8I; zVq3p<8ALP`wclA0#ToL?e?A)ebR~Gcm8+CoC#TQa22NWc7gj?ypewRPd1;vffhMn-x158GYovlAoisHY|5v%-e@+(ntF3ELMLN|^5ih|U6 zG&j68c$xDGV2>R^e85#tAwwwaaoDf8VJc5q6#d2Dcq5*uFEm}dORVZ~>KI1?bH--S zn*aXjPAh6lb~%_{ylRq-X@8TU0XW;1y1ta`mj#UJ-wyuo6ZZ=Z35iBdWJ(SESX+-i zyTnMz*XPlT$NLiLjb1ap+WhQLr}BF!)nu=|v?^z0Z&OO7zpgy^NlLx=n=qX4MLyt+wsNowfA< zryS~q{pLKbLR@cNF>npL928&NSPr`Gkmw&RYkTKEJ(!nTY#mC?x=a_&vK~JBZaq~i z2v%sbp=v>*eQ@9hmxJS6(~3cxs#$mR;BqYmaOICI%MR5x&0kHpexW1v80rgExhbAr*He7PSul{YVlye*pw-XOHl-N5tS5 z#66rZO}I@8>=enz0@syoJ-9>H?W{`=M7Q(AXHPHdu3F)Jn5cb9C-@<(+ybVJ+FCTD zPZ<*9+cCQIkPQX?PG=F1p<6ZBvGO#7;ei0CfFhTRm2!s0y8YpD|NV6f|GdrjR2K-L zD+$bXt<>0wnE1`6)Qg)5zD-tzR?EZkQuTZMSYx~Md3#*6M)z63s9^BJWZ{=S9u|Rs210@&Nq=Ved`Z^1QeADfIek-q!uazMLLljzdJ;zn#2b%G zbYC^9h?p|Vd-lwLzXZ{v&6s4KE7R&!KIz6T6>3oHd{M7E83Q2qCU< z0z|+1I|}4B1qiI*+ytyEd(@t$Xb(RBqS}mMUYHo);r9ev=6>}*+V z;1t4^IY4+d9e_s5{~r^hbW%FI#A(&|$`*Do=mSPrb%bd$)MI5egm+ zdyWgUB3$C}Uo`(nRqbCt3)DZW*KsZ&69Eig%=}mS6w03EI_%AUy^y53x+hLA&Gv_> z6A}W(w^UFUbfB992XVMSLHq0hpLlysuLf>O#!0+0tTweU;<_m~8RD0$WU^Z(ecc&s z(RaG9TXy(vvC)yMb@TU&Iwqs8Bm=9N71h^A6oSP!G>7O%GVLo|wlgb*G!l*eMN`P= z&x`-uYJ*G-I-bZU>t0oWg%PE--52AnP?;%4#@J<$gnR~YFw3vvH38>w-D;-kghPwK z_bn%{z2WyBCQB6hHOL3+B{9&GJ1KQW>=XtJCs)J}3NaC3_JpY8mD-(ykCJ;n?na#F zceq+1-)3*xdCIn2A#xo3Cfmmh!&|@z28fs?eVvW36#61dfA|_#n?tM@7p|8Zauu^| z{_TKi_@v?>NPDsVR*Dl{6$bx?5&a|Y*`Qh!T!zgv2jNGiMgO`EI&fx|ZGH8^S$uI6r%aJgWye6(m1(XRcl90DhN*uo z5_K3!ET}ISbrn$by-g6xWeeiEhoGkQzr%nI42-5$5 z)%gFma6{w&JO-`cjVew{fZPh4m>p2`Ka7nDr(^8L0cluSM_5ZZm2)+6Ca3sdb!XEo zo-Y9}aVb+OBetVBRrQ3mJ2j|ozw)MShR}#L@+ar_<|0#KB)2c@&zD&oefNCvtls3dLgC`oW&Q>-qu#UEg>h`&qyGWl?mC&<2+ zSXkggRzrkEmT)r~W~XU8U;Mi{aL|CJ!a+iM%8B3zKF`zgSZPP>tF_d~v%)|?I$M>b z!21?c+Q;FvlISapj6y;_=-^D&#l2gO zw`>h4#r^S{mlG2r(8Ys<3q4zA$ zx!%AYe7j>S;l{?rMYUATcp}5-R%4-Q&tawkBRF#dIn<4i>1KUihU@Z;8E;9YYEwuk znhw{6ZB38{g*`iiyS^yF+7^C~{PqpY4Yfe}Dyr%Fo}|ImjhIZynJ7mN$vxO?s8Q8- zQDf*5?(kb>)=v+7TEA8rz>y}Yc{TM?)K1gWE5#)_pZmNFw=+U_!OAIOgVa8B$qnQX zFgHJ_DCe^Rk(QVtqqP^Q4TEa4=?MdZPIGrLY|*fK_L<+GdxX-sMhTI+~~GCh-_rPehnLf;{oSD;^d5`Ex;OAY@9I zCfjfM6@AOa-Lv!$rpPS;qZ5^bc{&ngx+Ea^VvosacO%~x6NOwLNcZ!@n`X7z zC5`aD;)w9PE-Wg^c1EfW0;XkU ziH^UH(>gt=FtMB}-*>uA96-hqDOjK-AFduiy>3ubQ!ad8tDc>yvsF0hETJW@Gc z%+fVWt*H+sdAr2ypD>kDkn^<%3R9ndwq?X59;s<(WQ9+?HelG44nssT7Y$VSeFR?B zHoVqZ7i}bzMw{~*V0X1BIP!~RNxZ(JY*nRQad=nYU4hu^NVey(f}tCfU*skf`e@Js z&49BGW2#YP;br--k3bu()ZHX2UIz1Hh(r3s}Qb!^+Z?so4>W4V_?k^JV zHmto}G%1uhIK?omS2Cj^iDVjXOq(zNHXNAN!A;6lLuM<`_pmaul8TF3@V#Na`h&mq zAE#`KSR+ByWXQ=1 zAXOnk`6L_qp;)T%hrLo_Ia8eIa4`Xq)?~)P#i^Ts(m*Xyr(jbopGJ{Atae+ECar8r&_ND*sY~V z74|9L_v`&cZ}6FjRVED)6QbQG9U`kN?4`;GO)qrk~S$> z6bC4Sb5z63?(ZxPENF@vqFtIn@Z(DezyuuM)WB$`*nurlT~UuQGm^F_=wXhE?dqv8 z$-Hi+R8LWcY`w#r&xhn`H3nNLP*HEIDe+_dqo)?!z^JTFKD4F=iE!PBvGE`lieKXe z_7ka{kJp4d@O`&;LfjTuL%0%?t~vC5OGn~-BUJ$W0uqbP_@STT6vkc*r1Sf zteS(;$#d$rEp_Ai4uz0W*Ioazj(Ii;C-6yyGo2XvwN1El`gCUY(aTOVpAIFhaUXg* ziS8D<(ybzGehC(P4%&5ieG*dSnv9(u^%2I~Y{N~Fq3NKv38g0*rX0yVE4n;(i@9>T z9lA=G>z4<~nWQo%=L!>AG;95p^JC6o4MMzUg4^yG*T4Av`NFL!PD!xl_T{cy58b*epUb=G65){B`_PM{t1A`WvLeLD$79j#pL(ObQ^nzn+5y~~-ZGT^bHi64Gj5l$^jdXF8mP5h_YXa{`( z&HV)=HjedTthZV?NnPBZ|M3S+p|b$(Iy?MZvIgvj2ndgusrgq%OhM)MPQ6*b-aI{Y zHk~I#rQL473odEr_`b!H^s)2p-Z%PkbSdZ!yJ^ITJrb+v`&u6@rAUFqa3={6A>s87 z9-QIfgFht@lFq_5Bx;RZ)y~0rIcZa~vJL1kiv$#A=P`B0q+dM<*XrX(X~M1C-n65F z*mr!v2b$_`pE8B|U_4Hz9-#dtd6yPQ1jCk=(7aJml#{H$5Sn2ym+kFOQESjHYAad& z7}1XWRA=VX7}0Y=Vqw}LnspqCA^zoFyq>x*n_6D5)v%@xn1#si{Z6}|>&Jf?Uv{&2 z`HDlS5T)+ru~bh)e)}#e z1jf(#GSi-l_k*lAYdnNuxfz_Rg(kA8I_02)^=pJBUfYRe-!Ntd;ln>4y9t%A-lOCE zV}(t?RVNxda=1L{9@{I^Qkahqoal)`paql}iU@(4Lw%=eiO zt;rIbO=m}3^o%tRq$M`b_&mBU$*h%XcxH!d=zsUQUMYyp-jRMZs~aY#1@c# zM4y}MbMlCD?oH3K^*N6(ZfEc>LoIy=+tXJ*USmIH8Ekb2s*!C((zer&juX%pT>yzd z)u^)`L$k9@WyTODx#$L1;7CxjN0uq|q?;GYu5NMm)SYJj`0v-m?DKvKuszzy2-%u6CnkuRC&Bsl=DwB>1 zq}E0q#|A1M7KQ8!MRV6i%M1E$02vyz@8_Q`kTSh__#_g&Ib}98CpOlCHYGkpTs?_u zXl)`3>{(eT{{!sC_Gal1g0A-R-}4QeFJSkPhL+ z+TK91>m0(k<4bSZL>}k$3Yd=Db~5yADA69->xvRAlloPsUClk(Cl6OCdphf8n9w|= z4|}>nL{_{62Qm)fg*J$UTng1ySuH<10Y=(1|Lkp1o}Fa+wAIIZSFbcx5>ub~EB-qD zh(~NBohQyYB!2AW0jBs?d7*}ckn#wo$_M(p?S{2vT>Fz#FDAEAu(#mQMmJ45%+kdX z?JUC6D{c^%cK_Ea6ziDivTP$#CwR*5%zETR^;Rr`xqeh)|Bf4YP&VQo-2kmGi?JGZ z856Zr?uz}RB=9TI-fj_Yv*)&N5(TxCZJgiv z{j=OhVOw`xD<4X2SR1B%zSJpUn^VemdWakaV?OW8^d3eF5iF{hM!-_=BlFz{KdR`C zDQfM%Uk{=9P-(>W{N|czt*QGVl$jhEGthhuhgyb&22Q8`UY{EAyFP*6~RkZ zp0O43Loq?kRnENDEoKsZN3+ijTbF%UvRy^e^`#nbe9}Z=i@>_brzOb^W}>>GyP2bT zsa=tmM@f{Xjoo84RaSkvtyawxQ0Cqiz}Ld%n(xWO#N;;iq%?*D`w3-DiIW!;af@Y} z1~}x8=s8U!^E|8RQ{1(-mra)Ieexvb ztch*rFsI?B@%CwLdV^k>o(UR^>_%+a?$DSuwe6<%3OL#&Q<{F%sQc&^0jzADJcY#7 ze5*M#Q`)vD=4-vtISAM0EpYkb_RT9I9Xfk+syBS~L{^1jy`_<^EQKzZeB%Dn=25e2 z@nXy1NiUn_*|5_+927};%i(=9dqVzxXKusS--7RdR!wt&F%89ZfEy#hXq1Wdg5Y=HH&B!@B;B%Ust1?K=c)n$?gS5h`Dw4aVY*0vy$#T$ zsinal6h0t;*a}R+-B$Zu<2WArU2L*WqB9@3%^=bPDn_?9DB4s$03dxw{=Z!Ojlhek zs?9cSdJ&bw_njGKY|47{fD-p>(9NGD7tNlP7(Z~3uy)BZ<7s&`Fqr->iAuk4{`|f} z#vMgdRAtbN{zdmAz+Aj?%Jk#xsI@rU-E-HjEhyM?BUW5B>sTCK;l7J3Hn{Mrg8ng6 z`^jFu3gk6pm?;ZB&i|rvHLrw*&{Pg z%zJW&QsV1x(lZ&FNnYy3rxL1bb@%vsS3r}NFUr)+Ephf4kYu3r_sCITeJ-Cz^!%8POLsHU|6!po zZjE4tc@#g?k3T_U(_Xpd{fnb&PgFIL##ORWkQ63Tq`BOSqm1A}FHUwvg>AKV`GdV< zi*`eV)qS?+3D4?hWfki91;mz<)ozv_pFU868o?{B$)6X7o7ClYR1Y=4@Hg#!@BJu; z=-t|p+4krQcthqu=(AS377#L8v=(K@IRbaI?YgW5V~7r2B;L6-kAiXMAJK$w-p2d- zZcTDevZCZs6PaTV6m3=i6~EbT!$T0q)}{#BC#!X@m5MRGniCstSF(O9Hlh_KhQSp_ zww7~0C#~5AsNj-EeuF!w*gH(h_XYlg1(5EfBjIIXr2n+h6n*ljB9;V??cdgo81}@WT`^YOEz8`K-=sv z9ofo)D@HV01O2R|&Oh~$Qe&6TF6N1eSc3(@z?bh3)=iR_srrtk2|ER0~AO*ulf^VZsrC%sa`J#x!%baO2@wm#z&&$fp> z2YoaLPqQw&5l%1hOlBP-h4+?NVFbE<;D_|3CuVt% zD3cU+qb%6ZQ#0rA8Q=9CxSAhsK)tbBlb0yp^{Qe` z#u{R2upEBmx3v*VN9&Blvd<$|b9{+3UtKGE7BZCZEfO^PrU$867E^x5%e;Ih#;0iI z_ggjVAn#LUZ_RTuigq_&#THMsz1p1x>qZ$USgF&#&8$DI;alaevxKZN@aGXilpZe6 zRWGmI2YR!#i_y@^6u+)i@hhcD4Fe=$8)xuh6h4#_VMvqEbi^FmDd}L*H2s_)QO^LO zNd++{TuFVZF>P0peZ1QJ)J)bb--eA?V}1WfT+)|HOR_`gK}CyMMTTqbn*AOnuY6>X z0nO@f)mMN>3l**vA3Wy#Uf#Zic&fy7o(y8h3PkCqD9DR6Uoc*` z$xQwJYY>FZ?5zn=WR1I_*UYGLrkTIMcenDqtCjv;LrzfD5>mYMWB1R5 zHyx}*0(jO5hdZvB`>Ft!@Yr@-k@i=p_fDq`4jBvJ7j;X zNxKFO^gcVn(R<)xbk2UoU?w|2ZkQ>Ok;jP@DST48wm&YLdTRNuN%9p#k}3~V#K-=! zBt%MIW$ZgKN&EEXjpV|iYs$KA!sl3Ox`Bbzzuc+x65U<=%T!-HP!dW7hNC28-kH(0 zEjuh6SyKtV@MzCg7EOgOR=DZ0{cOQH(qc$|nGjc=FW_5Qti?I0R?*XZQH{}=h-cK( zZ~85gk%gWc(Zd6Q!?&aDH}XS5oQ+=Vh6k<$_t@AbNNjq~YB+^TyivXlp(lgbt{0j# z>9}%FJ%-}39UC8dXY0q8xRrhriKYy|SH2l&R%_0bVAw@K124{uM-G#+EDz0;Mz}Q; zJwey5VEgb-(&znh`Km&mgTo!M2cp0K`1Zz1ZHX+j48o1JV7Y(g8In`! z$8{7h2xvHkXAUP`VMx8$;?eXQt&Ebj$u{NFt_RA)0l&Xqj%+Wxjz`{Hi>|z)6DSS2 zTHl(h31X-+@Loe%iWyMk1;W^fG!b&=9#?9Igiq|QQ{0z1XdxRW>XhP>MzVNCS-|{5 zD%B`|uWwjUKINms1L8@#n7+6!u^kg1I$!6W4>|q1*lYC(qS|UUl7&U6*+kMtz77ENyaq{WWwi~~9Pv?EenpbDm zxtCd+Hw?1y!x9n;(4Ld=8qCl25$kmuZvC;(5KwS8!+xaXU9?lN)!30`)V{V+!$ESs zi>zj!>Hhua8Jz2iTcm@kxJ+@N4R1}eYwb!ZO^+;G1}zN>L11lq8jZ`d;Od;x&H2L9 zVYWo2HqyK|^&C+n%DQ&=2_+=+b4>lzYTtH+GEJ4J1=6*Zk1+!u%CO(ojhMK3(tNvU z?vuZl7A|?&Na-X-t&$G%w$nk4DL*`xjIK9$@S}FZ-cZOQuFb8?A!hKX&MhbPZ6WE! zQWq(K-}b9r_$hYS@W(w$U7_B`>(uqDI3-4{FzIpmSIm$R%2;AWGzZJH27_uA(SCDe zwW>E>s7(<-&3_w58b)beaI?6q`xjG97Qvq8I!bg28yb_`iwVpGib5e>}r;M z)DrGt?58yL<+BRfwUUCO!fM%G@X1UBub^htIoN@Kw&#~41UtbD+h{AF4+kuD7d|4lg6t6{oIv~fKk+PA#5cy5!pPeKVrUBI^p;$cQY4w0 z23tLE<5U|34tdVX&&G$-=$3`1GNZi>obHXXNPTUArB3GIPM5?7&Cu9wK!$jhf37Rq zmR&caRKZ3GjAA@Wf!q^6VUFf#(p(L& z70W=&70XVhiY4HSJgwO9aqwy$i@v)$ky1_-~d!0)N zbsJc-0DU`ZP$Mg8w4}w@aqua?y)ftBA!_s_17) z8`W|VPBemPfL~NElf;oxh8JYtXJX6B1z|e=SEXmeJ|&H3SaHm^h@=Op7hle9wiquZ zrB~PwZT7iK6*vZ%no0xQ$tqEfF3eGg;Phck{ekbGsvuwCACd|czfXGA?P!y3+?54T zt3iK3l({kvVO$!nYV|*)OA!|58d~3$YyuM%LpEQ&kL?%2sMT0vbFsGlk{K0dZCv_!<6MyFY5a6BNn=7V!MZ@UtB1h)|jy~Oi4B8<* zx59E3oKJjqSUV_Hsza00>0UsXlO$nHZ<}L}(rp|CafsYB+s>Gx+aCX1Uw8|r)Fya~ z7hZ)>^Qn(I#~e*&{j${P5T;)y?MxvmiRDgWt&Ct6Od7Qs1i&;rC$@AEn1p9iLcQO^d6peI$+$w3_52;L}e->1UfEe3Xei34O`-d6T{oY~^LC5ZS8f z^h|5=N))BJq`@QEUJt&O_g%M9Bwl>G;xeJ*H|w6PQNHd;QWa63vjlWcL2M8g3o7Qm z%*iaETH}z7q8yr4$9*^NQuB79UoT5+(@hFE3K{zahcr({3F*D^@AQelJZry)%?|y% z=L!b0MLX3$lJ|~s+PV}6z52yHqzzbHjbsNM=288w;Wrkv=g$c{-Ax57!_7 zGT|vkCMa%muj>~s=$W{Z=Mz0|$d7R1spDPqTesLPb&l9hQ|(<*J6_ZlCibk^zj!-y zIOxMdOw%c+9irtxBjs-=sDzE4cKGAQOg(`J%~1j~KfAtfs*7NRx9JLbfs^j9`h5RU zjx??RlLZn#5eHytskHokMaP9A7LI$lW&&TiLd{ix*=88K z42pWjx57h+5l8Z73_wRPM;l%&mXI8eGF*fwY`?0?=gmFU(9fCf;J0gck4wm;S?UVB zs7;YyRMr9-cWGXV5FJ*>qM+Fdepj=iA_ziaUOGtomqt*l4y*G5E7teW>gXJ9z)G(GHK5D$!J8G1h5*} zLY#pZLFS)(ZAT@mW!(Jm_WBzx@{`@zvzmNb5Lb@D2*L-QCb%wkd0v~vxe*o{*3G|l z8r>s^wun;A3cSj*ic$5q#slE%yUtC{x_SetqL*5J4OsDXC2<4IL+N7f#p^a5lntje zf#!lge}CZo(!P>TN#$ab%^dGMXNoy2UhD17%Mozt%K|@7}5g~l5nqJ%z_6E?u%Cy(T^rqT(0s0 zICe5ruMY@bW>tm`vbY4Z1xHvdo1udA4d=9?*SjpluU9KsG;|eOhQBK`2Y$HeR<8~X zdlNu_Qw`_b_e^795r{7yWlj*3UWAK8%n`~{m#vOalqs`3@IRvjGw8l?lVzMjvzxAo zwIYZ8T$Dbg&#mM+W5PA;b9u@rR3+jq?*ouL-|Ivg|MJgFw`{}$># zu5aJ@+mk)RnlXnXr2ihv@bSgagatd7-CQr0PB6Rq$KaFRZ;q00G-m#eg8k0)zGp31 zTvpPFt=Y;85;MZ?UoDAEwNtbAADLWUcrKZl`s7-Yq{-kx0qDCO&4}1&dVxBILQFWG z|JBbsgTRE<;rmjVhC5>w5ofx1>D2A}ON8<*h^70L4=kZo#=4ZtXO{Qt445?;1Z38z z82JJdcrG#Q&w$KQH$M0PJD2tW-Xtk?xc6p8Z45!cPrs~`!nn6=Ha{hZ^YY`jud28H zL_#pHz5_%ZADZiDDwav<6={gqG6xA)y1bN}y_K4TNjJYG%-Vm;hg4jDmFD|6;CJ2e zWgVvm{!u&wss4ziYAs*Xaa{S&0!ZUxBxW=SIRZt0x5RVnWZ*u7)YM}HaJkgyU(BEWf|AzDO3ibQI?k} z20zXTPyCi1!dI9b8r1O>e^DW(&6A@_o`rOts$IrbhGkZHX|pYfkhPWU?28%HvT9Z6 z%?83UZft&P!2Fq@$wOT}?E_@obCyNQ;&8^`Lv^!7i@FG!$1+~IV?BqeOl}+I2iguM zkkXox`?sKKZ+06Yj%OFdMHlv-NV@3#bB9~(&|`Cu>b^P0Y)3G&hC z5o;g<0(Mh|4nG&EYoybO8L%I=#`8hod8CS7M#5&c6sxQde zg7Hi-#|O22>`%Ea-Qwsz1~5r}69aGvslqv2)CMM(KvDfEOM(4^dS7?_>#D!$*g{%w z3j>_{8%0QqnxayU*d3lZ*xjVm(W@RJRjOk497!3Po4zSA5}b`BEB0OiZZl)eEN3B) zogaAmelD;&=lsB1ywo@Ndu6CiYM`ZzV=-Rw^7TCPLfxT%1X0_*q}8*6I;YWA0f_;d zr{-+?1|!KO61}kr=<|w8pCZqQmT3y8SZu^XP_tHL(B;EkrF+^kZ-ZgAdGTpa>Q9zj z6gc>mM#c%1-{K3FHG-TJL``}KMEl|#%~;If944{@euCojuLJNkkn;{~shHk4r`)Nk zt6Pt|-cz{hPkPRJ-l{H$?d-OXH{`k52m1G#RTPPyE zPHC(zK5^q2$UiW$=<)246{RRE53(jG&kf&EOcC`#y2yt&y#|7#}Klj5N!6l9wr zkFcbHoCM+ZB$S~x#wa=EqTfK$Ou`Jl>1d;UV-4dyxgKVjj}vv~J#!#8Mt*tS_~uXS zKm}W#*=0;9fSP3QeeV-NfiKK;p#V$2 z_2c$L#G@ASzd%6^gc$^DU&_Rc7as(C{lr!6OAvb9`)Q+p=_In6KmtQKUY0uqJ>LE$ zdv+=C)wmUQlcW1C!fT^uN&wW%T7TkgZt;f}9IH5npI_h{ zmpeSPnytoW#T+39r+jjCOY9Z7LyUj9=@YB;cu5o2>p}}lFUb)OZUe66OXZo;yGQjRfETW@H7)-s^QZk$k zyI3X71tP>f^Vf!+KN^F!3%5tbetb#mf5(q(tvVVffFLeB<|~o<+Ja!9*n?N%4z8-K zH@9h^MpMzH8>Pi4H`}=i&VIyg^2j478BJnm{E-xE`!+B15ik9#?-Fx-LtBO&vHr{F z&QxkmaAZbiUr4%;36}9~Hh~#>ZoosK`1i`=V>GwG9t%Qz%kfLfha}^{h3QXhL&<@^ z@+jlv;XHO;#D$AumD1|&2CvKzn-4K2WLi_V01;Ly_Ql6at=4x$;%)PeqPAvu2QB(U zZJ$+9znal?`!W}Q1aIQeaiEo(OCj)dG=Ef~?M2N?+VJD20mkL1ZjsCEoXF~6l69c< zEM53x&|iLuV!HQ}ew<@0)+@=T-pgWtJ@S=b;kUST+aa>Q{{Q=}Kk*%|++V)&-{1dK zS^aPD?Eg!7*Q0#nE-Lp8L~JtRT(3Q2Xh&~D>}kj~A8mTB0l*uwK18Bfq0zo&HtFo(Jo%TP~m={ zcgCv9U4YQPPrb?U9UyqeC7AB)L3tAniO{=z$G1=`O5)NHvzu(00^)Wb-p;64&6h!i zL4mVbRtSYsR@ULI-F?XZf`L=3&3x+@JiSPfbyV#tW-CWvqeKu&b5y>+uoj!4o8FhU zjNLZGh%P96vgF%~N%(r!{nc*IZ`xKO@B~U@Rm){eq~VDw2t-wK_E*L8mORwUJWJKB z4J>u@C=nut@!AqDwe`+O8D{;B^ZaYu`kZqtGmiaHnH}P=uDkp@441S)hIHr$wL(OX zJZR0|UHjp4ak>(aW38cTtKdK@N>6QC$C#@&jR#qbczk=(w1Fd# z17gC0a>rLGStYZeP8W^)sox#4yZUs++(EhJ+@pl%wB~uh^1MDpkX{6UI-k$YP_Ifb zT0kYgoV%xG3D0JI0XvybZ@0WYM#jZxmL!sY@Y&zw|L5H~HPrNW%#1;xT$#IDbJnVh zt;*4T_PhnVz$=1#qE8NUu4tPF;Ez9Hg*I82TeZqwh5l4`vr>2NPW3RTe2?d!ziF`F*jmCE%#Wt%J`v}s6w5PjT4kR8?J z{i~tGDUUGfL5a#g+j*WGQ%m(!6vt|N^dSYqN?`~+W5tytHUT7x3Dr(z3lw_S<63|s z>=x4KY)be3A@d(ny#4GPzjYg$diEK2if2&`dN(T{#0XXIiE_SPco%4bq;|hUsV{1w zMtk937kFhv$ighG#%Q5-pP+8XQOeWNvS|@>=d};5Rjt>x1A|ld)!tK^X|HK7%O;5x z4XS_duSk&osc2MeIQYPG3Fn|T&0&#$O2SW8T0;I{p&BwU1nDBC#Fa}gjKwEpu|J|t z`9LYG!(;qPgJh%PDI|ptWl!_c2X(#E&_r>|Vh{<>!RpT65z%9eK^^RSgb#O*)CUs~ z<(pjXEpzmOAiZL>e^q4aiDrz1^(S)mE~x_>fbr@ zpZ*2E|NF;=!)hn${7)kNX}9dGdH?x;I^V+cl}9a-gqL}au}!!eACf6Z2yGt3L6Wr>85)XdZYGFk?!+pdw^i|6UDm%PoKS$ zsBVZ_g87DrD_=B<6#_=Dmgx-G!=!KOZOWxi8S!YDp8uKPM+(pKu1gI=F$yD0z^GglN-+bUks8Qrfm7;6PlHQeont{mCp#Mqnj~r z$?X_SXBCq8l%K?|bp2RzImh@n$!X8cZouxY#_*h9QmS=@U3u+o{SA9A^~$ZT*03~| zqJaM(<}zFPz8%BjW}n{CehaA1FhNwsL@NsnY2cS%I`R!Qe~U)<3MWmmv_y;Bappi*JT8TzrIm*^X`h&l8>6OGDu^?)x#9KM4 ztJ=JR)P?X%e+n9gOxV|qNd`A(xC>slaGhRdT@OI(fSb3M*PJqyX>fyfxJB*%$_<~k z*A)7%JAUq>BsuHoorQM1-~v>#Mu;_J&RaTK1tiuHkFvZRKI)75H~`M=%xK80#~~si z+QFf;2HK;csqy~T6m5-ClGQ=9hP~|}u#4uzEBG_ZBL|aKl%S!+Czl(&7E>%_ag(Q; zW_2L#RI>rr8FNUv8$o%Hhkjg&+n(CkfdO%!P|P$~>zAeHTh1Oybbh>1<-|hP_(l^% z4-)3vt413y^V45_W8s6MlRatHD8F9#!@3SIab^|fbnmf>d!0xuD!g{x%PVK#!bEb! zxVnz4)xir5d12ioSU`o?DP|koKj#$b2ImaJWG+(p`MNi&1Jxb;N5O7JF6U)8rso_t z@xZ>Tv8&l#-`1`_uM{HiihNuU$uhv!~d~bP$Vv8Gb0jSqcO3dVvcZ^R4dbOWv&86x)1( z@f_!ke?qU*MEJkWFL$fk|2!b`;>AH;_kj|@M&{T4h3Jr$V?b45U~_Z;)F#XGxDZlt ztkl7u(37ZkS$-mllT{UP3d(iE9-MX+xh)iPw0eD8M7g&Vj5Uv1W-0zDh+3j=4SieY zMg2k|=A>amBSarDv1);hT;6Hop;&t6m61!zkUPhVG$NqTXC2hMS8%wBIBGxgdE_uNW3_Te3QG?Lx*1~qkfeqFba zF4zRq&17-;#INn8mEmiZsNG>@C#e_6hp7x_ z;C1ZKp4x+l4x7|KA%E&URm&S+sRUm1B(>kg35Rp!Xwn}B){zqwX};ysm8QLL=a)?* zDd<2Poy%tbkoPY(i!9If-smiD&cEv|&5`U#JQi);Ex0H#&np45=kegZ(z(QEccsfh zQaD+K&pYICy=17JUjV-`PeJ?d?1@gJd{euN1Dgf_d=te!jT7?4{w*&D@_amEqybfk zPkWn8BjVizcv~ZrL})v%=S?r_wuA|Bu61<~na3|@ zob~$zMuhFLp?h+^$FKH+&nzSOkJOYzlK@UR(^(GJ zrk3T&3B&2Mq$R^WF1SIiawzl?d@fyWZu_x0y?8g64b0c3l)eUVll@!1GR<+OV*hBl z+J<5-e@qO36uh9DX{tFR=I$TOj|mi?^VNMlxGK#$sW@z)r_H)>i|ammR&pR0-$W&m zF|(`#IA#JUyxIAQa{%=Lzh!&jh-e2iau7(0ksft~%(IWFCD81tV(K0|_0IrbFj`xZ z&aSfGIFg3z_6MSfQ<*GVQq5ZJ8~x+$hjJ!JFGElJIh=uq-Nd7|t2+4b!CCYc_xB#b zfs=uhW8v1_Az=oYc-8AF!#=A8nThZ2LN~5`4bd;Ho;_HkLo3b5_uy2_Sf0}(voDeF zPV@#8T^xTXvHCnfeCi*%*X=zY-#<(=7F^vgp4@!=?8;>T91*=}vA1oz>&HfAeVc%) zb{0rZtCyqa2Q+nhGp!ag?p34LudN3?!9iiuF4SnTcmdia5hH9K^k!R5-q%Z(pc z$0Gt0dq^26O4*1DzJ7fyZ^q^g1bWljk~+t#XftVv){YF z?+<7`SgTg8s#$Z6Imf8NkL1=hsMN*MlVe}j$lTtdH?QHpp)UO}5?rA-9N1FBJOT%~ zj8lwH=qcEEl!oEApOV4AU+)Ozf7c}h6NwY4F2@)&HiW1^ImhBS|Ck@fhH@3-`8qn5 zza17&*acMdHFFz*eyO}w84%_6b9aP=&pV2DM{v*_>am+;s=Qg}-&;#43^eWZ+EI!3 z*6#0a_mGA}7M0Dd+~!lFa8t4jNC>(M)AlwwXmT4pjFw@W!bWBXBg_4Hnw?2>L2gTZ zLWrDsaZHIB6f8N;$5UsqG%tD|HGgIepW{U*!T*k)M-TR^%YN@CPm-&9d<4&U@gTsX zFl}18jZlM>Rt;hb`7>I!FF#%nvgGn+gg^L&)q;6LJh7`j_4&T;PwMcSM<{fL_gI*) z_5^D$@rvwj`f!(MVORZfGa>9@a`O@Y*{#R6g~7==Vla)`Z;-|x%a-c=B22IUIx9OZ z_BOwQ4H6iDEa3F)Qu(i)RGuj*vzGQ=M%7@=5AdUhR6gV8=;}Wqi{Hk&8QvK8t_YDE zA#wn=>Yi#;JI9qZRFq;$y;0RrYqv_eJ8hYj>ex1rcGG`~a zDYuOJRadFSz@pHR2obu~fr5fXbO>z5XbtBq z2v-|o-NSHC_IF!{Dfd`$?m9+cFclsSr?F-FqH@7Mhc!q{ zzloR3n;cN0J4oC@(W;9aM?`4j>qxPPv1qnWFiv4XMNuu;` z`C`+GjI-*C-NXx0!lprzC!|J_dm?c9wEaxb z13$Vj)okCsyWKO{=$yDT^+T@xdR)SZ(wp%7SK-86%*i)P(^t(uaw54LtPp=jUtHWw zwZh3oRSvfYOm&J1lg8HXR62H1zW$ttWTF%}-N%NQytcHKUBBF`h#i`3&DbAt&9-@O z?J*!EyorvE*b5CK=>N@YdojB?Ep*#6>zX1lSgiNynUS$QiAg$QfZ)q#$$9cB>3%3| zQwk=8V{biz*x3_e%(yZ zE^u?A``I^%PEcecp!khWeGJP_y>o{hi*jOOY9Qk{Wg^ae3d_%(O!xy27MS*$5{$`3 zfa6^0Jf=?kxMajbs^hGIX<5(wgUzEpLj}J*!WMfq?slJF(e*Uf#xo_cb179JPiNfg z^jN&T>1At%qHYblTgdgzQYiN$YyJkOAe$ctrNH*7&s=NWbpq3pDuxevcz1le-; z!b(*33p(?DV4Irod`$(W z=ZAk-&m?LRhGY+Oq<-jSSP<^6>^umu&Vj~{5!P%=s-a4S%BRbaBfr-lA!^P1C8etstM>^$o~mZJmIoIrKwidceLc~#)J#q zmYp)L;*}j;v~B$7{3e?rO6kbTu?SU-ms`&Umw$axK33CW zX=KH`#-yo^hOS8>2)4mrsW|;&Q2)JklyLIM!O2;BPqKJ>64xE@Yw7Rwy2!rZ+mK(? z>rqg5-Vr(GhOsNu<&M&M?qw0aGm%{25|3ER4ZPcGK}m+~8ck@+EzfS_2TN2DOc&0- z8yLNP2?DXd!>rP+;qHNprci){!!uzipC}f8zM5Jo3f0lxHu@)(9~BJkp#3M`1wKb3 zUlrOR{j02KWNu)9_^%6?o`XRD{>aW&I%e?+| zcdSnc#=mZ^r1GspU2}!rYBT@%SMe=f;Cf3+_;*FAKqQqkFIvdI8d!3K1pljugY*Bk zcV=e)I*cU!jh;cr>&4_N;$*TLp>G^_%%d8C`LTqN&VhLU8!yF&^{TR!g*sb^=xU8dI8ff>Bwc;)N9@o<+X^t6?I4s$@r5mE`$!BSqGzN}oHsflR|`KE7#p`55Auo77u?hmCM;f;HOtmZqhIG(l1ToU8A<*4ScF-yX7VnpjWr)R#&gnfU?}WB10-`ztNDt0C0T=4KMlg%*;8Ao#nDoTG#*;$o`Et3`90(w1A- zl5S(}nU@Xz8gd)c%-1;yU)lPHMq(%(5+`JykRjO7sf$X3BwOk0*}fha}WC1kLRo8#QPp5|9^ub23;I11}!Zu1-IO`6ErW+ zkf%8xnlE_lR$uTmz)?Nyuu4LIbumuq0gE8olgAdb=i%b^-Oy0_7Z^*rgw~_V&gfMd z4%nU9?~%Rje^jJXGK>r;O3^t=_aXff6N)milTJhc{S_lVTu4hGempeF3U z`j&9=pGUri?>Zvhdwjv(9?DVX&*k5MfD`TH;TZ@Sw*<(z|07N>sC7tueMK zUEVq$^c}?MOxoSAVDhmDOCP~|kDmq{1cIQ@@xWP(EL4G`R}W-7^GmgeDHfQi=d+Ii z@@I!VfefDHjOfd0q4KbK9kaHBI8P$r=M3c5=(ns{%E$IKm;alfOR#jLGT)16uO687 zC4Zn{)c+jn$@j@o(-bXONBQ}`eceYjF3!?py>kw3=68`_W|v!&|K+wT&4NFV>}-Dc zJYHBol=4CROE%z9@j&PQ56miV`V~P zI53hYJu?+v*S%GPJDT~shF+1jLi3HYesuif92+ESdo7zZ@h-)ls-i7OSvuSY2IROz2BR<&BMvN{a_LR~X=v zijaYx-zE-G{2i2gmFZ*J+uIR9Afv(fgoKW}I|1PB8MuIcDZ^iw)$%}+q%br7V+zzJ zCCF82D+h}WweqSDO-tJ2nO5Lzzmq>R25G6Oa4idS`AjXYm&F&B_K-K)f8EsY|M$p# zk&dL&GVtEouYpbxgCNgYija;&_zXG-$a%P(nzUcNdPN>11GLh5;s`t}T4!&zw3;_b z_@B`To#9eXs?c+AP`*r$SYd+Lw)dZ-%N7Lt+E&3`@vN!u56hqy;gpvJ2 zLXYC-&!2#BFgQK^wRtTurlR<@ZsMme4h~ZjGvwM0W=24ORrdx$-{Sc5$7Ac@b2_MO zCw9Vfa;54-klgDj0HYuDUpoMpoHcfyTm|o+7iTJK6ID`D@;Tp~&dAI}dh_NDEhFO> z1H|u; z-EO^Z#+ISL5}gP{HDU1?6?_3F3&9cgfqO!-t)9%lhC%?#WB|y-nD#S*%@_Ko-rr*}nF$wXks*5I?}?}330qz&ba=Ii`qFOK@YWxxXJ zh2-)>FYzP6+ZgwRz_fFsR0mUBeAH7{M+0?KMN?~}nMZ3jy>b$W2E zMs{#jo84^6+05^C_e9{rB)x_Tq~#J!&2K@aGll?6*q3N1^xX%_FL z1g6;!>qYMpBTqO@!d8p*g3q7p@eO$E63FL#9l9lLZM%YC_LYgsTVV$xze&zW`sHE< zHb9AXpW*SXwuNoGgF7QZ;D7vu+NnzuFryP27P`QsMo~$thxq|ssmL%SU>cwlM~Rh{ zF(0>BE#PRmm_F#AsN>3=Wfk1K2fa2z$E36-|2_z3lCD^^=~c_9poJn}OZ3MNTZYEZ znqIR+X<+`nc8VD6xY@2lObzw6BZe>@;`1HS8TA$B%hBL8ci8c*#~n+=*eyU?G1kK0 z6WM0LlG7Aa0{)3*O%w=Q-|3sf;dy*C1}2m8rW@es3aPc(y7o+ehX3S znY2jgKiaGfJMMD|!LIxb)gn_Qb^syW9rVxgdEVI@Nd`bJuDE?hztklXbrU%L&Ag8N!>zx7Nz@ z)f9 zkWUDH_c}m1rhs~H5pT77HxKM8yMKd2Ov#HBmUnv=R`W<=k>6i|O4A?=$BQ9<*AUoZ z>Iv3~FP-hdyS>FsE_k6oA91M4;(5x6sr2l4!IboFmq)#;>zuhPvcPeV^VT|`gu}BQ>K!88NM60Q?-PWLBMSK)g4yeDksdW9iq3U zPU29T`$)gI+LPxlrZxNlT?!>Z!H}^hZeN6nZ#2H^eSq9?rS?YSAy0O3YIg~z2C?+N=yT9C!B-#Epb7@8K#+p`W0`Cnpcs^ zg+URIQ!d+vC6Xp#Gz6XpN8AhM`l^q*X1JWS0l16=VA`91OmXPK#TQ)-&?Gq(eMz~;ObZx zr97g3poT%;pU;#gBIq*SIcXojL)j_XBEY1^wCqhyfs>9N83Od4B`d zi{|Pr3RVONA(;eh`TNL^U!*75GCY+(*(drW(2I6#a%y}HeW1^LYpR%*0*1b+Mz(rc zC!(fwDz0DN*mu=}I$p(*Nb0Xz-4t1!U&(?U%8IYeZR+5unzU_l-zIOnSK>Cr)T|A5 zeAw=&^oa7{H!1L?DihODGg&CU;XYpy)#X%ASsE5hBJ7gh`|O$1pv^c`(D88oVGFu5 zeJ)hy)Gq}1nZ;3t?JHHEyxp?2PNr-hQvv3zN&DP7?)YYpZ_KdQzeiL#e5F^^Nr)CO zTd+jl3KC1L7uymyOc{qvx|b2kO@|x{RX`kxI^v*kgh};j`*G`nIU|>^Y_`-=(R#pG z1-tWu7mL=-({}SlffQ^LtF=jMlQ_C6gkc8=%-WNWa&r7H#Vm2Gb&|$j`kJdd5DB)q z*o7hFT;y$MI_J_aUMqC`vD%}^)?mdNj(rv8-*FudBZ|5ljSgiHG)i3k67h{M%kl=6 zbC_n3L4u(N(BR3PZ$o$#uR8Zc9pM@gk_jXDfi z0fKq!HeHpP+D<~43&ClEFGU|AXDh#|ORx-YKJdS0>GVB$-(bKimB~<`T9~6z92Q7q2F)s=8_V&wu*54D7m0~ zS(ksyXjls$e3@}?!c~uq%*x98{o9#sZgwJSDzn>LIz}oS(+G|G?o}8ezlwj5Yv+p+ zhAkmvJ6eM6z@nrXbKc-bX#f>SX=H~aZLDslmGKI_WMWmgnP^q6{knkXhCKDhNr8dS;C zKyB5p>ctn>!=%;=ShPbUmcgYjU*hyjCRhvT4a$x1?Ct^(6sL z6{$mBA=qQ(rmXNoGGTWfaaBU1lY7oI5ng?v8b?VSNzQJ!li&q~(l_ga^10*=L6qK2 z`kkJ@+QlX&KaL-BwkD7bCsiFNQFY6j!8e?m9IuSIFYl&Sw3^{2l;eIkVA4xwAhwS8 zRkw=~yq&L<&`pTlZx#JI(Af=}B1&FU2s&8eE$i2REG+i==>pV-O>eCYUgWk>SrA@K z4_*_7$fXax7LVO3lDeD{U3blaJU9O4Mrc0mW4rzfpFyxX`YaoN=TdH%^tJja_cO&N zy3hiXw=VOal^pw>Z@g%{9;z#TEuAI(F=G5j3jkM-{2NCC@Xv_cP2{Uvo>}VJCHzRL zjYn&)rD%xq$X>D(b{OcXbz`rCs|nrYF^$%vb_({l*-_vc=fVoe;^G_yk^F5!bsNd{ zbKH%T`{)rDCu`?oE#Q6$jTf`@D=|P@T(ltgqMa#+QeaU|EIW$I=cq!wPw`h*fOy<+ zZuBuD96#9sJl-O*x2v#fK&!GY;w+Bj(NV#5{E?>A6s3;NvGLcn!a(3yYz0wngiqr<1&%VnAKH8nLRLr@JO&f7`B0X*mLO0u@h(-ah!j?rj-6 z@_ZK3gvyCI&V4lkoC>SwTwWrZ1v$s`%kB^pqzU;3h2_nc;;@1&e0w@7g{ zw{V_9X$*yQ8!oy#bd1SE#BF>jBv9}Em=2BN%jg)r$_|1n(^9<$8$Eva+KO*>F-x_+ zra%e&gm0S9*9A;$2y1}kxpxVeE5qb%j)u&yc6*_qvh{_dR?{tAZI=AV4*m2U5 zJ=}>6#cxO4QIL+AL|tl3u45t)X7Nc#Zg!2 zSJh!b@~X_S1z;s`pMGc=+>XyucaXCes)DPXayq?g*g+8vrt_0b?mgAzZ>W2k9PRu^ zW~S3b4C6MM-_~4XVHNZBAL7@xIrfc&lZF;ka?s3LHUo_(R8PSX;@9NyLhQ&jkLa1^7<#|@!E*@|)-Q+_Ih}M+HwYK4 zmxYvYFM}9!pxSGIb%Dg7_{QhZZ(Q*3Cf^S7EupA-h1`0Z%ESSKVdYQE%IErPA#}Tt zUzo;$y4J?CA!qglu#K61j39y%8hCUA6BR;~8qT!O*KQ`Jf|z1Ni1RCMs{DZmTMm^; z91in#&VseP9%6Imk%JZf0aK~QA0B)CnXp8M8k^?AdJ9%<$f_5R!Y4H`Y!JK8-*$G_ z%pNJ6nR^{djZa~`NN_uZ!m$o`A|=X)OG$aN@nZ z0MAs8M`$(yh+Z&iy5bjhm#Uu0jHUfa!TS}C<+F8bS2_mr*0MjMcymtFe2+B_$v(iH3U`?IUnAEA(V``<7@l=Xc(y(T+@ zpJkRmZ*-M6h)QR*9p)YBI-0&MbOVc}l+YXfWIm>qb_|#MPd2tI)%e4gckd;FU(qY zj#)e9i7iWC4^PpHR@$+W5o7V&2938TaE=G)Xnnw6^4G2EKmG^}!{--012Xp~VC1io zmpdIYZRzlAk;V8EBIQM}0CPbZtAe_gKd}}>2C+@fdM1S~_zcsaPoEacwQs&$1BHqH zo29Oal9Q|J20L@U<)rdNhIJ(_i^;L{^4p%WrDuKhNvmu5EVFwx{S+}DdJL)ker^Av z8Ocb%5+{9-qIT4Pn)2#MGXLr5%p9(3Jj_rQwinEde7V8V4#rru;wkPG|FgH~_)(>f z81PA-ZrfwUXM20x;F9KkU0?aAhmiUSWq-Y&$S%!kK7cpkpOG_7@{H69*JAkOKB45wk}-zGiLfS+AfE z5K!GmN#=s693q zvn}Ne)c4X@Jw9)(EO&yF=TdPs`-0SpX#(VI`#it4-0LNlJ4ZZKrj>zWLB*J2>Q`NX z66d{Hax@_dc@b_Vw`O8vsWncxE9`~p+L~W(SPp5|l1TdzsxBJx>asVI7s29(y-~=! zOS*zjwEamq5gfWWqPbLpC*kL|(ndys0Jee^ohRRmS#K5GVHvGFtw+xX0L3A^mJG%F zgg+rYJ#639M2TD5U>-_&w<_a4-NbtF7A?Q6R-JI=v}_jaTo$j$U4Cpk1uQm20o9ly zE=|rA34!Q?CNGygOo#O2D+no`Hzx_1^VUn41KD{^D*Z2uS2#7Gzw=___0==bp_dfj zcfs@ApY%;+ePT0Y#hpvb(!A)7?x##O<4$haA>JJ){(&92W7Ko8HHX>ZL=e_c+@_dq zicgxD!ZFk;$p#Z8C5$S5*2fy3b7S{K%w=-~XujtuQjY&8_tOg?S`lJT;;%{Qw;F!( zdIIXD{JGS>99H_H;tHa^PfPe)ckXy_XhKmK0K0Kf?zszxHBn>DbI~opNFX?ip&8kw zG0wcCyBti<_srV2nnkII6aDyYWZn-Hj%G*ajA1O=GHM z1UOj?+3fLmzBYEb!qySU^9SswmAFyDOrYt8^ChX~F{j4556I40E6uX4sJ z6ciSQNIQ76N0DCjCiEeI^=LaA8-T&%_ox7fD5fc)9K-jDEr3o1d(p&xoV8RS65HC{ zHwx=qJNcn{H**G8U+;BMeRfn>NBilDbWe<6ZnSvc6@bv&yx<@5=&9Gw(ikg>h!C-m zNAJQ*hpJOq!9@ab5^L9}uM@8T3#Ph#o23tbQ#A2lXq~Y7W{@tZ|jilQ(42qxy z()Wm@gUuLK{KFnseQLic!Kj&(xU_`;qq=vIKEA%s1_lRL79F8oN&Jphw-@GjHl_s^ z35R67KSDq}tIf9u9ex-f1tler=$_&Jg^R2lG(%S>8b(o1sT=R*&1i&$Xf~9 zO_!@iR0apoJ{B&iGSDvHeyF^gFde#*0w7&M+{J~fC_I(4zGVm3JAg}(N2dITm*KPU z%e_7v7WBV8Y|-Hfj#NJ)SGO>MP3`S50$gp1skr<7PMi0f_#Jp+=1yNKD$yO?UV|!i@5-m)%z-ZU?pu*r3<(C?fD{ z#Wx_hehReNd4PyATF;FV3wl&>i!E{7^|iCxt_Bofo_;u(bv=R}Cr-&9@;ZlCZS0!>1_dbSlkQHJ@SIyH zJP!X;@HeW$zX;e1h`|S&0A7#waWA<+yM*A05uv4R1sd9p-=_|a`2r9<-CAY>iXad` zWHnzl9j;`M-5U-0k!Y!^whG^m3qKJbz+Lrz$PJPxWyh^E%jDhtwVD_Oxw)u-SyW@- z|0COYuMe-!g?|>1nEUJwuop%~#$QW~z;@5{^{<5iDk+0-l{|M%+9ky{OSK0kYZEiN zlLev!QJM`77#=O2e=so7(9j4$AnzVnnVAtQH+L=uvT_KfiRQ#3$dxgm1-Ap1_#aj@ zI)cyeiFtdP0e;7W<)WIU_F<0;j>gL+*I&08!eVJX-uhuEZ=XG*y>MDScWTW`qf7Y+ zhfnpqBGRW$=>_opnY36$kN4^igu8@xF}K#;E_ZDffLNndD*nXH^`u4k6X|(BJ(sBL z&_PS&3Q;`|SD4oOdxF`^=v8wC!4s0c&!m6Q#Qa!0PW=vWDTXiCOcm}C*POwPq*y;E zkXg@(wMTzFan(g~Cc;Psyd-e9k|+(y>Hi(B?t?LPN5?R!;w|4XG=%R`k*aC$o#PO~ zBdKy1&(Q=(U(tJNi|ks%6d#^e2(7HS8S8~QE2gmVC6m=kVYyT8+$g<*Q=ZI^bij&s+Y%@1gZPUBq$ifg5u!OMz4gPh^I?;Z zMrHoxH>)Eh_kU81R)&U#O!^BqtQB~T2oP$Q}0H@>o#_wNR!01pD% zlaQd+Pm?gWdU|O^MaB9ucoCpi+f20F+#@myXk8}q;PbE$UEn$fc{e(dJ4TO9U?lW| zqvmo`hb%YFUF|JS{-7*JPaoAlo^jx@81Fg z!L#Iq2xk}as++*Q@FAE5K2V$|5MZwXGP{H;H1~MWP7Wgal%C+=)KTOA>g<~bd_^?v zGji$3QoRmjz|WgBkxsl=s!}z|tQv&GmO7Ex6a!8yebST*GbTFlb7Ikk8Mgn&kB=po zDO3+S`zuF7{D-ZZr|@t~PB09!nNrbRF8EAW8)6XN1TVqFV~{N;u;_L5^xy$1o2=_^k5vBUazm*MhEKTTB20|;e+8QdN;$fHROj1#&t2Z+-I0>-)vL?r_c4^qd&r7AFj%-xU$;hUO& zY_Pg;37-Y~1=;RY(Ks=9sz@UTqpGt{OWn8;8CX3=bu+R~=6j>59y#2!0iJ38#OS*S zmy0#y#Z>uG(YOX=57^ia-TKi zye8zw?mdmg{fkU4#!4$+@Jj@nh|;7(#uVrep+M>L5G{?fCgD#Jkhxz5r#cXYN^zff zH2y`W2P&FL&A&M0S5s@gjXrP(A}jbD3-(UjAy4`*%C{C__zllNmFueZJQ@2-nlNU1 zdiAMpzwHV|3IA*_SuBb<^v03n7eY%!T{+ymB|Jh$NXZ!DR$Vw>RsRD zV76G=otDYlUE<2dgQmkPut!yY74-+LrHpU;{9E@`O|7FU*2@MABn0HwA&4{MTrciY z%pudaBRkCF*rW83bWFFHE}rH{RnP~pvh2=$4Mx~X=Z+KUKw|eM>0bAvKk;4Q;;Cu8 zTaG0t)P3#nc)@a$yleOjU3>e;rq^i!m;mfYbFd^Jqj-`_5D=I~i9;KmaU-c#Ry-fc zjy63nzV3wygr1z(xE*y#$) z-zdnM56Ypt=lxGFuGKQZ)$s_}$Op^app!q$0~fZ{!&X)p9b zGXWBuZ?L{Cb6<`f+9}@Os2F6c8z9vjrUHN@a=zd)Mg~gRr-|VRygwFyry@^1f{Tt= z@A_5{x#NheqM39Y!%9S+HTY9~77_7VYRrtCk4<@zN@j2xjGI5_edvn0M)w$;ZS~6V z210```%S{*AbV(*u-w)`##d-Qoz@F5VUOxkwY;4r8~5t~gU+9x z8{K}88?wh2-S*JyBLx*2QmfB@$a;8&UM)K&^XA_--)>np{5-8526ri*cQ^@?dOD-= zHIRPCg5!Ry-nA-cUkdBd$?H~0LDk>BZAKpKv|2_Jxs4DIR1rR7y;;SYXJI*Nh0&?T zA~>Y;1VkiRgFE%iT=!mi9I7sqGe&|jG6@uS zion4JzM7yS1y#5x(~NvNzr8Audemt&nbZ}=?eLPfU!mmgS-vM91$DALK08xi`&4DR z?(Sl?P|oicxI})@MC&o0yC7d6iy-*9BNv2bP;O6ywZ|jwg>n1;8zPsD!pdHzv2d4a> zeL`rHQ|yt^x*zP|)#LpG!O|i*C_cF@{sXwX8n(WD`z3Eht#7bN&wgP6Ge=25L3d|; znT{5SJUCR+?Y+IM7E6tRKtS~lr+VJtxm$CzZ`tyLvT1mw-}7SgDof|)4V>RnH$DdD z>f`4fFphEv_Uavaos*hTyesz=_Rhge_7Uqdsn-E!24P;4e^lGzMdV9geqNcp*`SGV zePH6H-S{hUqmiV>q(~LIGo)sFrhE1g0fk}Wb`3dOGC^Tl<>z2Sb%sU_I$UI}8@!P# z9~?P+sxTa4l!UyX$2b`>r!96bK|HKYH!nm)v$I)lVN>)>`S z%5D91DZ@`4O{Nax?I9`VH&(}8)DxaVh{HZ8xwE0uVJY1$zqMbz1I`S=gL_zSxhUW8 zLh-m8qkf|udKrL1Y9=-KDDZRK^0$uCJGUY-rZbbmsJA+)f|fbK@6$d2O3NO^ zuuTKVE3zJn)*Ii9=UC(ugMgH&^tRV=z@DqUS_LKS4$7YCy1h9N!j-`6Eb#r&^Y-l< z?Gv^WNH>R9RFaMJ&Z=ojPmg9?&Vb&0&SwU4GUp2LBFG{%p$9g)p~}h)$@N?v$dG9Z79GU9b$e`bg~bdn|)DuEaG+}bQNTzvGx4LXU?mz95nxne4k-f~vE^9^59K|{wxu-h_t6Zkt7Y$*Lp_)T)}b)N z(c^@6OmFrI`dq>`_9@euz*Tf^yd z>^RCGN&qI+hTn0?6d>Cw!<8sgiAmRz2r*M<87*M0nXe{9sdMbkbNAbq zpYLG+=)A6s{OJ|i!L5#3J#=vmmEfFG%l3!dei!POTcblEU2L44Qkpe=R&rfmi^QdQ zN?N?{>&on)mMd|O0w z2wf6|ais}M={wmh==WK(E%5-HzbSuqaZXKCBOiiKf`Y9%yStVwI!sBHmm86`s91b( zxl|}IP}D91lYfuB>njDAcN$&-g}@s6V()-syu9NbYL5x0x@Fm+GJ+E)Js2xzzwP=4 zj~5zsaXe9E7%!>X({7u&PGme{J7yD1I~h`fiG_d0VJ# zCYvxWu;T_AxE<5sY%AwD;ZBf(r)*p@&M|Xc_oeQzH@f*--Q#yy#f*zad`eLDEk$?7 z3a>#UW~Dh_CRwyW0;!0KBPxXC{bq^fi)#}usQW47T$Mm`r2KRW761MV6yId@ib(@1TA^-;L)f}mGPnAO)?_oi9l=-4P3Bk09B}2*aUZUQj|GC}xz~sHcX5Jm z%^T(SLyhZ;S6Pm79M09!(bwsAP3O{z(RqB%I#%MpSclqQCLEzpl^71Wf>LY`c8b|2 zS7zcU(?~6AE+zfkYa;VbmJYJOIlKg&OYKonQAbV!R~f>00>Jixl-Awz-yWu1i61uz zyvpaXrZc~u8f*`Yn~%jCpGKCI?8VJB9~-Rm+-7aU`hIM4e4KyS%wm&{%)B}sd&n7n zC(K<8_SBv$d610EB=dv?b5cu>g|&=Q??YKEEI+tt-wIF*ws^KMH$F9W;rSNrEg6;; zIHt6#c5C$;y2b;eU)8EbGh>yK5JS_(Rffh`f69H~*@^6FPTIXXJFdSjpZFO6P-OAgox%mqICHsyrGhEv4RXVFi^fwXyFLduuxb8T z<=MW67LRlS(w&AXL2)e(|XbBzY5pU6K>J9-HUmqJXUEWS@4->cByQa)`4OULPnm*%B zs@`8TmzqpeXb3?I{;68BK%f2G@4!N^QY>nY-lnMgO%B=fS3Fj!vuv z?*ffjp?%N6)V5(3zPNh$5)}Q?e|wh3bE;?Xz>Qznn?oq>!|j1x5sSwoNs49ceBTi| zPj}aWi=)dB;UQbX+4((VjEpppG>)%b~|*!x)z5 zmH0N0^Za$u;NTz?Dst{WS^()hrM}mdY}?KhWGU1eU0ni=Um_0irwIBn#|<;9@5LTG zZh|MMeJD5fW!KT!z@N0Wb>zbP!G6QaU-9kv)tx&An@en%Q%2`3_YXva>@+XY9R~_{ zfkUXS72Qe4^3ZjI!)!gqkI+9~&PT`QZrA^c8xuC%8#6dPwsy&eY%cBtG_XLj!L{Oj z5wA|JUtYiKypT70+<4)1zm-MEu%$u#ANyp+Pmqgi&E31ox<*}k6k;JmA$${v-!Ly- zTyeI+7PWlrev>{UKV8qe5O0I}m^2G9^q%a--2GGAl6aUNM7jPDeRJRy%3?Lg8Wz*Z z!R!R@R=-zWbG2Eh*Zy%Yv(}iFj-Sn1(KyTd61A=#S-~H&M2pP=U$sQfqrt__5CJ@<7X+AIOGdmOO6Fw+DHk(bP0FS%HDiwX`4jq1T~j zH@hY8Yb+Kcf$AA7JkF73SP=B3c~FLD<(N<(l_GO!rSvZ*{#Wz!)|zL{3Da!msyq)e z;5M4^#V~g)q40yBjZAB-8+ll1!V2AApJBVvB0&pOv>M;OlG@|6+f8Tp!7hGX+|)(o zM`m5~1s>5xbPEbJcG|$VDqyp~B&Jco`D* z+6Wc0vMNC^&aDf5@RJEj5IDlQZmaI_0gs+w?Yp?5@LfvSmO`3Lfv=hpBo5Ir>2AAtz*%8b)FtLp=2gVa zPVR^z2$bHdHvA`LHC%+;O-!ZyE^jsV+)~W_S|n?S@lC1yhG-Quw0`Tk4o#PYJ}E+? zSfRdh(XQ9E;X^ULrNVA6DZ6=$!`JOI8t{WJOJ~NjUZo-4RCe-#ok?JZ1$I3)@+4su z#_~z9=!jG2etIpWwVIy*Wvl|9YuvOwNT~;vDcJQfrTFfRa@MmrFmn2?L6~D7*o+i! zRY)vGYj2;jb$H)TK;Ebr)49gw?5UN+Q((8bqvz~_R)p3xUNN#lWOl1rKJS=gDtLR( z(=)t!{jGti;XIgK>yUdm9uP3SFqT^#ljb~F8;Q97pU#8e^bF8=s7F69d^TE$Ihh~L zP;7Wz7*zvh9AMl0Ti`*3Kc#w7JK3M?qVNN?f4aCI9s!~oj`2=rLGGTO>-g0~N5_H3Z%p6o zkEFqPF7(0Z+|MnE7|c>czZ(!+)@b{kc+q+4zuR2g_`~jR5NBAXXI+#zT+n#fJxmnl zi!Y~y#`C0oX<{zdtmg|$BU^7Tt8lelx^G(b)A|ck0OHk$o?zpzbPjt6^*Uoqu(-o( zsqz6^)UT~g)19}i7W45tMxCzQ;z{E6Nh1k5e=g(uD(mX2!_zd4&J*D^bKdI*vuyWA zWMQP8oxTf}_p_V0QHyxXJA=Wqp2w(`Lw3+NU2j;Eh2(M}yFGS2@Rbj(c*iPn9QX24 z(!m~0vO5{R+ZnsimAiEUS9GuJ$P3F2t}UM)sUW}98YcNk9=Tv8YR`ppX0SheS1(36 zvrO-%+pfM%bi2LKK|FL(>BTbuFHT1(_^Ezu;F34EkrFcd(-oeb;ATY@jMXgbH%wN| z(r9$+5LU}(|3+}BX{<=vqjfUFbt3I`HlUbGc+2%Lc*EkhKIhFqZij-4cK;*`X;QEh zPV|1S4hvkJ5K3!zfJ)D|`_K(lccujfM_KH0NY8dn)&l#}C{<#??blkACw12IP3|r) zGc@`+@CnVsT)C&kl+k1MWtE# z5PXk@H7Y^=PumVSJBGxjR%s9y}6b2k9)}3!Iy>L-vzf4j)#^-Qn~e* z3c})~au~fQjqpJ8{3g9yuY(NJ4z6Ye-WN1Ou+1)or&lef=W7h0AfsI`F6C@-djxh>k9^6Mra|v1+lC9 zdakwVUbG7CxXZ4LU;-=pLM(jZ3C0CRG`s+@EKjq#%Fn>WF$0dC^5{ided%i*)76Rv z&cx{MJTrhjgON=2EBTE!MdNnUF`i`6)~rCHT|d7!9dPhOKfj!M*_TytK)5rF1`h8R zrfI)0g$w%Q$%`FYi#mqzuif`MWcml# z2787UGv(N%b=Y=m)o1o8Y;fDiNSUYLG55DIf6+?ri)Fs=O?NY=90ehV?rx4)eafzg z9^@FXOEPq|WHg6Xm|K-5?5UY6j9^4$7Fte^=-w^Kig(zkZahzCS`Y}DDG>EZhGWHS zH7?)k`-YA#lAMvY&sbmY4L8vpkkxHKJf2Wp%Lt}@mMGi4Np@Yjp7y3&k4ZsY?vf0S z6@Jl2B7QolQz^v$t+!?%IThY`6yc&ei{~dC$$2*C!kdUT>Io7BPo5LHnnGQC z^b~}yTF@ZT@`IMwwKP+Y`A!+ICn+x_quu6OlvtrA=L7RzsGin&+f~3_9Whi?x%@SR-sVu9VcJrL&WhfQ^hq; zs8tEvu6h^F&3)#qVyT!PzkJ36Y#V588Fv|ctHlFncBzxp$s`1vhqTI?&s>Mj{(cBJ zsovTKVmZB-9dzOn$D#=@S(0j^(6ZJQsL);ce~NqSsJ5E+U6?8rq_m|t6e|wJHPGVj z?(R~&1Zzu?LUC(w3mV+LltOU#AT1OPQi22s@@@J&eb4**R?>p~`CGM~-MQ?q(+|&i8G>WqgRpY>V2&*XhJ&&BhMG?QC0m_^W%d z@Zf?Y?|l;C9c7=|Yo^-MWSc%tC<}`~X!fwgT=EUrvPHU!EO8%mwFx5~V7i`f({c?A~nPrZ1{BlK=4`?fuYV)o7^ zeG;@Ea5k*z{3$8wOMBif2`A3}S|mv)>8}xNsdMZLjv9u1-i(WFB)4Oc5V8-@#?ng+ zqF^f(No?Kjn||>mw2~-@_{s8WlcJ3k({KgrUSuzHS9t7+B$-&m760WTuiHl<{aGHW6(hed6=rFzpIHI1!d42Y`O?HwQtle{Pi+)K|%!LAs_51Vr z!)cy^*>gPR1+}$rjyWt|d5%a~NIaTE?=K+ibz@=JGN4*7 zs(OSF{30YbNV~n|eUVx=p$9N@+q=Z{K=KYbLc@vx*U6Sa zD40Ej6HZC{&2{)K+pn<4aH85By5BhqWP=flE~g?5zPI#$vd9dY68n0VuAmT=zG%Jn z+NS`AY4o95HX=9Zn$6h*M@$QdXP*@M$E!OodP zq~E2cT_PZ8Zca--c7X+k)Su;$Z=)6(@^e(LjC3zyUTni_Et@9*?`J-G7o;5@N0J%r zHEc>WOb;v$Oppt77V_GsA^s*uhDwi|(ke8dR8u+d7wxydN*OB+ zb(;9u5o>%S%g{E{U8i11zVZ3HpTru!b^1Zb+LAT+8I$Xq3q?-A^y98P8CC9j@%@}= ztKd2;jUDIi`P2y}>B9zsKVI>qxN;3Ex)I|2Skrf{!hye(X!PKv>;(Ghs~XXgb*Fq^ zs7Hhe@sQGx@Fsp~s)xcrwAF4G9aa3BHMbbDCdwl(gqMyCZNH&)yl)b&`L7fsK?g_~ zn^EJ)t|0CAZ=6PtA^owv*-;;LVF1yP6-@| z_kM;CY!(#rlnCfSuR?(?i}X+{J1Lz7BoI!>DPC>Iif+FNGy3uM`S~2EnIh6GG~0uD z>*o^D-6()V2pOmMKMA?O!8afHDayGWY-s11jYl!}wjkg$-c3yKDeHU&|G_2TmfAk_ z+AI1#v2S(~tq1MpH@(7PAN*}tHRqi*v8!KC?99A!X=CbZVx@L(co)oH8cETdKjLp@ z*V@}tDsV;{dkDV{q2MVvnEc~lPZJRIKT-x|6XkM!9GOOpQhuU7`Gu9zbv}9>u7qoJ zN_X<>-OJEUb;}vF@B1A@kP5Q^>3r;*&PjDgzNb1v8STn1@Ze!!d zYa)P*%sXvLsd0B)-Ky4d z$uaW@1>#ZDHSRu)E3U2xBnj%bTme?v<1GREoKAsd&HVnV-9Ar>A)4Jt=yr1~eB}l! zSirU)OXLL6o^JelGdSzm@ljyGrGb%i?ZDPmcc6j)5N|ZyF|xs?Yn1AfnSyt6=k2i? zp8JQlv40F#xqY1in7YGQ6lEbQdYy|L7>Il_dHh;3~X#R^ej7*g2N_S+#UK{2Q z!-9~o19`M|gv+c?Va~?(bv&fT_8-b#AP2M`i1YR=5*3pOSC=jk!Zl%;e$WpEN66M| zb5S|A?)Y*B7UE!A`wcys)n!A6XiYYsr8jJsnE2n&dhNqyTXK{lc5s^}7GAsRh5Nuf z2%zYEpp$#M*NT1vAVAl|vbUI>`hAv6OxiK#n*Iln-Kfw@fnwLxi{<5I`qk9~F`HYl z4^fsbE9ke$=V(~~Y&|@_pWk!3X@@9$3O{VLYGh0KWO=}c z1@buvtm5`d7kxj9%$7$8HrSq)qEH=k4cfZwMorLx{>r5KbelStq9=NKAasZ;9`?TQ zN(&AM6zY1_9hrpt^a{mswJg9Br{Qw9c`xY}Ag17{*4!uP8EV-17zm+fiL%ScCZpX9 zzM<=^z(I$9y^&AC zV&jyEuZ^tz=4MxR=grGDbsI1}P#R#zXVYL)c4V%yX&1NoE;g2aZs!vf;7uwb`y~A# zcMIO6i`tw82)3w%sQrQ9=!n;>@A)^yAtv&KtwwFaiSjqz0dgZdh$dK$G5KsvkcS!=?{r*3H@Tnrly;)*LtnoiYoK_)~ z?@gJWNR|WI6aTFLd+um;2=8?9qGw&szwp3h-ii06`7_M;#a% zT5d%zjwiXyRNNo~QL^o2M4Su%E5^Y{8?F9mAKa?{UXrb)@X0U$a@+me@HK7|l)YQu zN9=PYu4Cr`f}G!f&f=JmzFVuR4yZ)L#Xa6pVv>vVxbs9V4p0Hne%bw}-EMC%yklql zvtQo=@D;tQ=6=US+zsWO`Y&bSC|$((g&Avid`SnMprKrUtZN(_QS!ci;YPZ|$hL zp66|Jw_o|bx4k$!Vq{`^ZDvLdRE9~co!H0DF@|Ny-;Ec8LA79 zrfEY?sHd1{u*rV2RJ+ zw{PM*^f|yIFRhng4-p@fu#h0H92dP^-{tB_eoveI>e)eOQSt|T(N1*RV1%P>PsvV5 z_!*$Dky!Yc`A{d7^ve2ToiqyrA@=%Jqw{{h0roiL0N}86?EdK4`pg3KnNq!FL)>D3 z3k~p%t~qH%n({g^mDN|XHmiZ>^%^I`OXrX9{M(*U8J5Y8ho4>{ny-HF4Pk~>sMNS9 zYPA@2=%@*Vn%-#z=C$VB?z!jnTB}snPFy4LQN7Xxxm{X-sbL?KxYrITL~}p9Y$s0; z5T4;=KFoc|OJp>6@Crr@eOy%JSjA~YkQdA6x~54}kaA=8wp~HSrXnbQ>vHB!#q%4N zj~L~v7RyPZf){Ku{VN_0Zy)%fPerfX8jT_YnRk#EO~xnh8utwtJhw8ZY|$L^(!p1i z`dw1^Ncc2tGzIF&h=uj_7UR)lwJoWfiA+yx3F=+H3NuH^QRZlIB=l=-;V-VGK`Nx$ zkHp$FM=Xg$$yc;U3Hz#oF+7raUkQ6RIrn_Yls@mzOlGs08No3U+MwO8!R`ujGThsi zON*?-vh|#|mcg&y>)9o`rCGpa-mi>K)T@pg7s1cxpWN$dyNJPas!nb)l(EMWj&EZ0eI%MsyBkAZ;NW4U6B+_-w82u8sVN^~W#}d2Swc~X z!TK~-_25vO8?ZrgN~D{ejc%O17K!5oWaCDn+}K*y(07N)(R%7D*!#vIr=e%WUg#9W zff3n?5F_t_g;0*aXV9ESr2&~Vj48z0xIF97&pux=e`ly=+ViI)qRCTkaL$eWg-L|F zc5&_iZ?)e#$+Y>D;xi;pxZnrnZdhD)+A0jw(ow<3w(D>M>z(h%+FQV2ly`MLd^Hgr zaF`2Ynth0}z(-~;PoC{(p4`9qnD2Som3(+SMLTz@uyz^P21_>fGl-@tn%KB3-;6a% zBn4gYDk+SGQchO~*63}*^Zp#dgYGR#m+@jp`4BxkM#F12w`GoWI6!5YeL8CxlW{7l z3p~B$h+W4w8I8z1VUoMb$}kDk4}=s4!a0q6`UF<++b>}O$g7KDQKGAyHXfSZ z1MIVsWXefEXVUCc1n!N6h4mJ{x(uH5Kq$|ecb^pJm54oXc5*w)+VoCBOQhO%K#Me$gjJc;a>ZLSZbP7K?E zcQ?nH63TnjyP0jPiz!VQ=C!Y|r~=mVz2;*Fj;&Yki?tHP>LXj6`WBl}3c=!9))kxhkxS37HmcX;SUQ3>&pQZk3Hvv>or_q+p9B z(G`HD9D46f4waZiO5^91kGHjv7iD(ilQ~F8Hjkr0M$X-Bz=?G@3Z=pRN?2GGpJ6Wi z&}UH!rIRuG_rPi$A)!=beOg^$U<*dSG}`{c!s;y5B|xTRnhalDV+pKLQiuIZ4+Nd* zquOw3GlorZ1nNQKx>Z1>VgSnQ>F6Dt=NjC0l23^|sS;JA*&K|?xQs6mnmYaj#h`lL zo=_8(GEZ$ymedNV#8L$u>>Wz4C|_)DiO?_Vz_dy%i!5rxbxPwF>-9^n_SF3C3$-uG zz4dP1&^nV|8s2hmYq*3j?TiO<59PE6o`+}D`iZ)&P9H(R-*B<8esowEB~u?6wkIIV7G_O5HQQ;X z7f>L2IcJ|@@YBW&)eCLkvjbUi^`bHE=P7h{4)I$Wo(&>y4wj1=v+E+=>`UX2_daN^ z%iBP!}UvbV9UdvazgDmYpzayIo2WWi0t^7_gHS_mJqUh@=~gHrs$%8qIe)y z*{;ofoiA@lC|PJwWmE44A-0Egx&jAUZY>rIgx1}hgYH3(7q*2b) zIB3HZulY-}oYV_|g)rUHxF+cdd3qQ}#0UFUa@K9(n^^Cx_^S_MAMoX|GSB=TVJ0j! zgocJkXtCOru5%_Hoxkc`HlIx#S(4G&s?4utW>>b?QiF(|`XXxTW&}Jg7{rRoYoj-* z!lz4Wt{lQk1I1MWzt5lUo2X6pIxw@d8;6&Fh7^ky@E5PKqehBpe5Nm^&(S}!wV0XJ z&lVN%?Gh_rcTt^^_?Sc^F9C42>E_Q zKws>)+2Ib@0}VV!{!7rt?veA6VT3$;^O=cU589*HQWNx^(yAN2fEw_vlOor!Pd4Ir z-)mmX{pyLl+dQQ#mvY1^G@XKb(Bl*J@vzRwp`PQ%2{3@oA#z_m&yp$tH{r(bQw#E? zbar)8%q{Qs%q_({z!^xe`C*XKI`v_D6}9;CZf80fS?xIad9=}vR%iFE2$vd?dm9^w ztX%GZd+zDNXw|^W8tEa59U;4Xl|D~cwbiTC6bCJmn%hhd82QUL?{~GXGN(4SF27@U za^~AL(gw3QoV}2<*Hmh2+F3=d&3bwz_p67}xirQx$7`~|FDeZ0V_|*KDL#nRH{7ig zrj>&5KG&94*Gr^iJF8kezjWCkXe~lYMQ?fcYuiJ^YjO%@rC4;BTMZ@kAfkqcb(N*S z7o%c28u7KxzEg9Lb&Xjf!Ve=)612+(s!8E}G=zjq?t513k_~Q9?Ie-x-SJSZ+RK$V zQV;M%np1NXa5ZgWv|(Jhwr$riY&;Z(KJ7$mUPj(fDm5&s%AqOMjn%WTTouW@0hqgo z0)eG$V^BxP#~j-GcJ^yuo1T)C@T)(7xE#sUmrsU?tRXIoJW0fph7SfEb$@Yc+^3hH zUP~ja7$JEO+~Xhh@hovnI#IqN!6S?3(-%&kG)h$Fu1m{UH_O>wff-)r` z6O6puOcm9~VwUwf3gx;&>EX-mq*z!DGEe78^eV;U1U(Jn4$YkWzm?UEGHGq4{IVMh z)v!tcuk?v{*~@D{uO?^O&3!T!D&J7Ot&v`gdhLHu-Ja&VgVT>ga$wROsDYk2`YfG0 zOuPv~r}G=fKu&#u%bvj-0veW+xrZ0WUHzvq)~_X;v7=JKn>IvrpWxq@;&Un_Fw%SB@e8zQqW&M(yZrh2BN7V zEQf5&%2BfGz7t}ez9v4@sLW3GdU)B!{=oL<@4=U+?adH%JLPeL9d{~i$I3`vB7Cnj zz9r`3LM@4za@v(sJYx0r#tFT+aFHcyr^S~JSc_{#vHT^J+=Rp3ihUWlsVk)0q^cqt z9Hy~iwCU>WWdk>R4l;cSy73*>BfUVg%Q_`Ohi;2V8mKybm&=;LE%VA%>j=-rngi+P zxpfGknE^7!S&>l?l-)qita9gOH+Gc`L!k}>Mtvu2v!~2(x;Gy;6*{y|E2v#xVb{54 zpAJf#P2PSuD1eQH^^PuC<~TNthSuw}>I3#^=1TI)EXA{xP_5ZCBxE?}djaUucqeTZ zO)Tap5}2IO&nZ$k{h6>earx&uV{|-cWoDb*4egba6LGR;TOU=iM3Q`{Ftv6DDFBl`kd**8mODyWH#*P zdrJ4fc=5)?cg&^J*{%G96|kIijzvt;iclMiW#ups& zx#Qf7lOtAz8d=JwBCsvve+kc&`FjqA8*Wd9cnDe~i8tM{YNP~)GIgU;=AcNSCr1u6 zI*prQ#~_Z{^)yaurfnT7frC*p@{tXgC+z@$X*wvpVI03KRI~A|&@-54KWK@x?-43i zOMR*d^<^}=8YQo0yLR7S?Dol*CpP7CqkV$RYQYkMhocTUnF)T-c)dQMa3y1s zh29*G0VWUAURXnI;pF@~KXYsOjClt#);YghJNO^=JLkN|Rp7vgD)K0Y;U=jb71vlP zslk9|QGKH_(650>)N_4|@y4C7bYzSL`WCru%+qGl=@-L6es`{yWfsLIvGx9_#x;%y zz`;KjJ+O(w?mA1@pVa{EkI;R7+WLKV%;+na5cm}x^zqC9@f5@|Ep`Q6q{((54Li2BW`qA{(-#p{Jj=O*Js*gSZ zZr494>-lZ6zxn^qH(+fC9(!XdA;dUk%iM@v%d0CXp9{G9eCD;IPtb}e{pzH^Jl5jj z|Iuf7Y8vM6-@7VEa@}I)B*5D}k8a<5kaq><2_$-+eL3|G+`a3EjEU3Cn}znRg}I5j z!9Bk3=%-+#9%n{LH?OkvrlEUIc68PqNycp>s(*U{_5Oj!g}HNj^QOjy{lgLLhW0Lx z@BX?icW+~1{Wfi??g*)*ymJ#YwiqK$eNgURD$P!}yJ6?rT)e6kYCOdGJ9GQt<~E8S zurjPYCa>A0sKP+|pRyhG7^RfI5+9X|#)EKErWEIF2@)j!($?6B@q@YkBq^@2(6_gl%P7vvppe38yI1#t{Vpj(r=oS~;%dUUziE5; z?pa;&dnGbHh4gjx_wVzJn^|jjdqn5%z52)&bisG(WiuT9`)<%$6Hc7FMXra1`3)EG zu0uCfdywsIN;)~hfLeRia_Ft+k#p69Ne8xaaZn>ZmB^OPCn<{cf-%nV@_zQ2f(F+W z^8R9wQCvu~*>P1UUDmvcu=ih!VsaJ#R*sI%;yW(mDeu8fo`fF zHiA%$Q0+GSMR6Ql3F{A+4myv)4K=r0*i;C#gtHqRr;x6zQl5} zu^(w-`6BXtt0R(UD=oHFSpJ|ypw0cnIeD_*e&Dyq<@tRez@e82Kj@2A6 z9U@8{NPtb@LLHKGHW^<*I)%QPu)))Yk0rKX?nUEGy<$wgFA`5`Y|{I`oSLR@ip*!T z?MA`$Ngt2h9mNM~tc&N(KJx?B<1b>4Gq+9(`v*o8dTP%lbl(E>z%Vtpt@uT7MhXZ+ z%?YT$&^KEdh|7y9yzt>v+7vvXQkAB~)*pSU?lqIlTAewfSkiTI8fp)>P2 z55cmjpvHAc9Qa`9MZ))wA=8t6F9^TfntXe!7lJ21$LpG_A4PFTi`mXAm0?99F84S1 z+M&G%*eK|+s^tKCdVN1p-_duc0m~r~I77l)L|H9@o}LHUmA?&n=yfWDzq%XxgOW4v zt+@IbBv5_d44LbbJM=3x9YitOOBQJ#V4&u)Y+Z6by7KX4+M&xc=s5MA&JOUBXvW?AZK+fX)sneDAyo+C~r?|u=X#P6I z6ZE1Qxm<{Z2r=7NPk*e)i2PIMs)k&Z_5JiP-4Yg)3{))UoPS6Vm+j`r7`a1d**js8tNhI zWUr7e>&zRR;^tusn@5R^%yvswuxZ_Cn%If2woW*_m|$Rp}0)yFNLv*4Bhla7*m>zj{O zR*0!m?)?Goc79^*68?n6Jx3B%2lrCuaj|IoTH|f)(?)&IG6krLP!>1RaBfViZ1h>d zv5DjGR%RZC;Gfa9E8GC!?KdGJb?rx=+=zs6z_=@)dj41>0wC-+D?7L4fWrMrOx`ae z$Bek9ax+fH=mu^6@d^oS-@1^A!P0+9Pd>8!_rP}_=0|zt`^}3@oJt84M71qA8yd&y zR^wFz9a3pDq$&2^Pm-GQQjE4W;o%nW6KhmHG_nHx*FTBUW3QJ-{@)K+rl&1vz%%{# z<2x&<|6O;mBq=A(B@ly9Q2URMsGAk-zir{&eBX`*sJ184ng8#-vF6)la{=$_pY(s# z_xxLk|6|VW|K1H)H7cl!WUCbtcL$a%Jlk`Z_QDzYS{qUpTM0&q&fAOS>j7UbE@eAV zIn!q?kmWKrm_p3uG%$K|VzI!(@+7^BciZ?S#i(e#f=u_rQpS8*1@+;Jp0fp;bLUiA z`FwfLM$K8m=7^oNiz{Fu^l#ZJ(vrNbJ2`l^qN6iMlA{5Q&N7oJ;dSAf1O7l6IDE;- z^o~mrx|-r_OE?<2ajJ6!J>!*M^ix>+boFYFm2u|xE({fK5~$pc`7Q?yja-6Eq*l6i zU3q3ZHF!8_Er8|_b!*kX*?)Hr1*U9W^{8D2fe;dXH zLPPHw9V zmsaB;gOdu6X7q%Hk}60;7NHC`+ZLeo=T9ryIOWNZP}Qv(_5_Maig;#2>j>4nR5nLJG5>4-u;Oy=$^ zhoGcMQ_{`kwkDP9AY{}LbJfqw9_(IbMeka zw?qh)QwFKR@1K+}LD_H5B#yo7@^$5pc}uET%=69q{3ETCqajy&mH`Y?OWy|^gr@iG zk1s~a(ZawMpS9E(o^G!CT%aS}QC1%t-o@d)WXKmoB zmeJY4yQ#xKWwxL7dH5n_Vr^rkDsp2{&KEn0M29EXD9y8ExX1BNhNHytkG0dMNo{AL za1X1g$2feT%Wow@O%idUrMWuBlS_B4@wwZD19X8mDcPJY!ZSxr(x^sET7SzGwM%6B z?3!ygrSM;F1M<5qSyu;r4^gF*W3ggy^_G}Uwpb0f?aN8|NO!!Q9VdRTPIK*~MitU- zjF50I3~g-AHP#QuY&%RP^#g2Z=6ct!IAgjv-Wz!zx-TPkP$4#X#8unvPZNZYhQ%%V z4op;ily4X56`IMn{6vL8BeO=gishjAD0~RU3FR5R`Pl?@7n_H4C#jq+p0rn%pC=3C z;BL~{dlJ(URW&c1cn#RMr1CR@)}eWZcwM}%(E~J}(vdy46}qwWJi?)XZ3-V&9R+;E zh6Y(|I`9PgwBH3-<@E$CN$84@$Oy80sXpDtcZ8d zBzHN{XKP=yXxJI!Gb_40v3qrCCr5O&CN{*b-C`X%CBiD#rGIeAtAAj@tw86w$^j<4 zg5CnR6)B6M2~x@1&uXG5VWZ9EZLp3#Yx#iR-p3AmxmH#FHOjcSNa$W`kqgK4^BTxy z!HYyxL5?XpB-syR4- z`H4?_>w@VZ3BLd>%+DuZm7iLyC2{7>gF%}ko~d?{bH7?^UrJgEx64LfJ8nSwiqiG0 zCyQwzN!DZwHIk2NfqL^6t>Cg#3^N~5MU)(NTIt81p(TQAoYkL9(_b9JE&Z4Ll{Q1^ zaY?H=waE~o`lyb>OLVFJ$j!$JFRnW(uHDQ+YU_%jV%xIgO_01{YclOK^yh(S+4xiXWU&X)hIkwxXTOZL@EjZ zqf1gpGB$KCJ;`?=OYaj21j4RoqxwqvsnxMwdKR%{F2R;bd(cce$epGf(Y*Aq^*;j^ z9F?zjmVCc;|BUzg&mVN2CaQr>Xlt^LR<6+`+l&ox4k8sJo$k%$U^y<|lLzaFg-J~a z^Eq?`Lp2OpnacRPBikMMe2_@Z^TAG`8F#g%(}KL^^2~|#Oe)QN2EXFQ$olQ%`9p^$ zE=RfS1of)dsV%LfPW7!ckX3KC808T7RzQ&;Ki}4NS*JqH zZ#VVWGDU=w!-0%!ANgd`p-4CBy{ddP#O{pOh{Wp`B-<4Tmrxsf9rNX`OS^Ol zjajvIX(eZJ*TP=#(%*;GZ{uUb=U1YWxrAUT(yhxxWHkkujD8vfgsO^aiNe$8$b_;( zP2S371}^6hgHS8sgY)x7W@2Yr{( z`o9olSOf4jrPAhwYrOMMdUIuN{kL>j|L=hD6;%fGJj8rhG3fd%IVokyGI7%n{|~iM B5Xt}m literal 0 HcmV?d00001 diff --git a/docs/wiki/media/2.1.update-alz-custom-policy-assignments.png b/docs/wiki/media/2.1.update-alz-custom-policy-assignments.png new file mode 100644 index 0000000000000000000000000000000000000000..b0a6758099c57e9b71e26f2b67930ca39d9fabf4 GIT binary patch literal 52747 zcmb@tWmKF`@HIF%!3pk`1b26Lx1a;T-QC?Sgaixju0evspuyeU-Q9NhCI8*`%kF!2 z&-OVShM}jspYE<(Rrl6JC@DxHBj6(d003lZDKQlQ0Gbj2fS87d1;5j!5swc3_0C>O z%LxEL>3;ix_(6+80DcqBSz2BkZU+e&0MEh4Bj+T8iF?U-9UpUQ! zHOIRtg~}j1)iAF8@gu~?!=)3<;{nsK=or#Y`P}$95#{>GitqXAIRwP4E~9#=gjM(g zrRtQ(AX3!qOjE zGareQZfHK$;l1v1B-t0XkQaO`T9Xrh9QYu zl##i2v?k?7O;H>RE(XRpwNzbhxj=h1Z-zvmn)~|h4jdL0wTIw*67V;H!*443e$(e^ z@0$oqScYu;_FP&ylb!Dz6|k-w&bl9`8+{Ke21d_DG;TFs7DU~jE0ND0muIC?*rDH% z1rY-Ch^faGiBKDF15bl)Q;@fai=R-YXHQ7S7F(laW?eKhN{5pB=0k{&mkxQ z&m2A^d)GJE_KESxW4F`{{>rs4KFKHEuO6oIwT}2_ z0x@$rpiUw%d7~YJcw_T0&corziO+@pWZR*iueYPK4H1!uIq@NoLtc#5f0+;PRMT&U zT7^3W^>VL-yLW@edsuSu?qyZ|8|q2BFt}Q|;r(uSgWW(j2}CoxRhWwE&j^$ly^F>k z;JJ)55}+wluAMeaFNg?k6&=V2!faUa4STtQ&w^DT~2v+n5bAvt(KlCB0)9Ixc8 zFyd?ksSbAT6~@>&64@8$1#ImCAn1YiS%&#?)KFDMd}nGg^pq!=@5_PEF!|g zi+G*Btw96i#Nk!qwVBGp^wbs=vKn|VHYL9FK2G21$1qdUsZ>K?;AoJYZ#uTn!cgE} zo-eQp7j1;>@b5$1>doCFlC&_LL*x-!9(227{vn;-9~S2G9WMIq3ny9H#`=g?`rkr3 z;0pirNVv0JARYiHQ84E7iMu8~kMWw*KZ6mXWtblXg1#ccU2c8d6`2#U{0#0tAXKL6-)3!Q9Uux=pyQw=R zBLTgiXu%N}flLlvuxW`aI;nA{`>a?5SCe_|oS7W;Y-~7mSV>sHvj_?le)}rRx0x%1 z!7*4hsHKS%nHn!I;0JIoCnX`Egf`fiSnk&@(N=gHva0hN&3=`Totv&Aam>xD=hWUH zOJTKx!w-YRU^D2Iv*`^TR6 z1nR5VD!6Z$4WN&w^i+>!0Ol z)g1W?hr`dle$@9{cF?NsT*LiA0#^_Vp;N8H|AodBb}*170R6!!Y5Y=>^&*C-Pj-8k z!y+Rezg_-fbl{ftan{6aTDRSZ33eFim1N!Tzzzbf3AG7~6%NlcK?%*kDd>o!JRR`ax|ZkB-tTCnlYXNY&c1DM;{ah?a>u?Q^lY*t%` zkxZ<726FAC_4b+}FkfyurtzuACh+>>B<w=p!Ibl#_z}qNl9VRm9M0P)@W%Blv(bQw9r=6UtE82MmL}B7E^icnR=LHX;gT0nQSxA0ZL|3G&4WCC> za~4Hdw1HM5(#1492kh(63a6i$<+dlZz!R!bBY`M(muW)d)X`WBXy~?x66lU9fRxVv zQDf7NrWGa6X8s#kzOzA2*he%Q{e*4QxMi5wR-bz zzydeebc+!PeT24q&xI5wPe*_iW}GPtn@8GQ!jR4!^<@j{77zO4IRUDsvtClBs=~=x!ZG5fSSW|zDm&u?s@r#LJ^Jb^lXG`+G*7PI zS!tug!}~|*5EO>aUeUoI#Qu=FzKX;8^k^y9a8V2h7(5sDKk5=L`2B^q2K!mYkCM(F z+c1h&IZXHrl`9sMKl~LRi#0R&J%q#mipByz-R?8@XY-nCA|w8UqX1y1H9Oo_ zbL@+sLj8xd^DY?pslN5MM@Xpo^v8Xjg4B!|ccd@_a;9D9UZWITcjeVOxLzZzKu4nd zTM#ypqevKmCz z9G}}xxsh4(FJl@6MIvd}hw2*kcURn>g@PD_9Khh!a<}R-cjaW)v-<*CB;xg3H(Ks; zqyJ{|Av^^M|Jw3_bEW38=_xI+LtJVKhESdeZeuu#=)pl6Hbk<&<|_@@i=daNpj0DL zprb3}*yk`)UiDHQ1+E5TZo%1gvR!urqnI3$o??p6tf0vY7{$)Vd9teChe4UHFR#fE zzC_(|J|QPj3?JG!2a4BV!%?5Eh2G`P&y87SOfq3mbIsrez{AI6Y=B;_5!j1Y z*{#R%GLe2FC2`ug+97SZOPUPd+e-fTM{ymp{&KA>tUs9f%ktdmZ24$P8t<$-5nJK7HPQeBi{P>rtidbIC-K zMt>m^^dZyZ^TZ#7^!b{p9Mav;3uTD0JjVhJCLsrctRGzDWydge#)c4CecCd_~NIA+Rcp>;XenXu*b4i7UTr$*$jf|z*sEB zIvs#h)ni+SIE2FRKWC<7J8;4Oa>2RsaQQ%b2M18!(C>{4GF8({Lul7e)$FcN%M1Ci zscI?*4t`wT6(T7}E%SbAOOHd%P*Y&$Mrhro>t+xLo}7ee-$(bSTx*cMBT!^u8Sh6s zB|KnYJ5*9fy3)$5=V7S+GNlK9zE93^8Sp*{FyP>$aK*%6prqW%AcF9k1rqZE8Xq5)*4LjsLc%xJM zuwe760Sb%&_;QOL7d$1E%O_i$NFv>dz@k)p_(F_ckfbN!Mln4guaG1Hvd3wM@mW29 z{ZTNc@8udmYR@eouN65pVJa3pYmp`xd_r2BKYUjCfL1-3beLo??jI}iC5NVskg`F_ zuaN3bHew>(uv-b`f|R1Gr@;o)T!THdH%SXBI1>D_J7AT3?u+I6(gnx*Q{L5O%xpSEo<`ah$Ue(yR}d?Pcl<+ z$*m^M`lCLHl$`BG)106DaSx_{|H6@B$#}y)G8ShC4$^=Q4P$+ZD>(OT90$ZvpKfe8 zxH&?ruTx;!M_tJ-Sp{31N0&nI;uK8i*mYNfEyn>I6#Rtw z1YL4&$oITXNido9o3!V`K~QZFS?9xQga4#oJpat+ORruEIU_p6+*OWc)UekY#4spd zlZM`Vq}MiggN>jwpQ^YV#I(~OAD&+=JAue0o2q`+Q|d&L;h9ra)?l|3J19UkrMRw7 z(_@6SH^w|BTwejV#>PQYUuW$zoF)hh69$oaERx-Vn8lSCHq+4@$fJfecyho=3^Fi! zY)WuBFKTmzLr+QiO2R2p=CS?mOVdApw{+Ij7= z2Y3N)Zfb@(eDXSOa1t#=FLHix_D{}&n5U3>V57msY=a?DgV~>u6;*L1V>WKKeyBv_ z6_#NJhNHUDiOnc)UPA6Lz{zD-cZ!iM8w;9>EPyBCOiGsuLLXxTS%NZ9! zP_cc&MKCT?8B2ZYOUu=!R=aATkg3|e5vglK*IY_Ta4bW>NZw7i4D4;hT%&eqS0>S! z!OgUXkB~Jp*nnO?og->SYnE*~EPv)d@EA6QfgTB5-4O4H-Tovn#yo3RNBvUK=1Rb; zsCVi<3zH(eUaQ1T29M!#+Fv97-nG-Ni%w1s!oN5i$fnMGdbf{wzOg~`!Iw{}o{xaA z^3z-`vHyAarA}l7##Zs;1kjyz7j@JkIYKQD28@H}nl}zCdR`Kr8^{JESV+3%1osK? zYS5}xNb)0*lZy~75g#*Zm;4mDujuuX@BDKfLv^znn(rFd?QGJxvz06H+s}7=D?@Id zl)1>@86nYPp$v48C%8~xL+m;WzaA5i4cxKmwy9AQSfGE>lj|LzN9QO*1gCA^oGcn% z;_(r{poI03&OY@C#*vPh=$8I5kL@iK@7k~b-S5Vrl7#qJ5a_nlS_@oUTsZ4VdF`BY zc!j{39r?&19Z(wlRTzBR@`5&HxG2az3Jx(m-`cbvrBhaJg0qIXYebT*%vJ~?^SfiP zNBZe|lK;4L=w~Ce#^eSRZQZz_Z}H8_PEeGvCoY3qteWQTx^=?=$Kry+NF@hWZcLlc zG-|Im>nMJx-~cv0pC_H$;ChnFv!vJi>E4j#8wMc|t%jO%rNW8iyrY17h2x}cypHue8+~eZ8h@S+UCOWqamxCNQPj;Lw2b zmd0Y>rd9D;V7igz&w5CHBt4w7Yeu=gVtFM)++rj&NZ7uDkGXe0PEo@Q`>;7lUoR-5 zpF9^)sOU`bw)P(Gt_e9z(=xEDQP$XZ{yQRg(3}zbl|q+)tb%e}#~SosegT~u6U-_6 zZCgr63jcb^j?aFc2gx229EL`NEKBwLpg8yPCwFhM2Znve71aLq z^(FIsw+pcm`AbGF;=j!j`^@@{TRG0BxLtJr>;0Y4h(yc7&}K4|1$Kr`J^G@CKg>R3;{s2J%>A|U49MUWqmg4VicGYv+yNUuV~-LHJNKb#iob%|6i z&bb|7+Ctr3w1S`KMbf+Yu{&vwgCCQ1WwJe}l=6IC2a(y#lgc!hQEWm|BoWH^lH{rH z^sKZ{^n5Xnz`^p8ZYVi3qS9npvTcQZb&Vf@d#CpPrIGG^9Lllo$N#xSo4C-Fw)(A+ zo^oPmxz9*~%T`RVvCvAZ(LWREo?qL#>w``1&Q6@>?pFOklC+dLJFOb$&3^s6Bb^zS zwN>X|(0y;CDSJbQgfl~f?ql zhO}b8+}~lfK4g)|!Ev@^hKua=9^cK*OFFQVxSt#=;qDuY{JS{I{_Fn9t;D@gtK9}_ zswjy)&#;REFE|S6T*3TSdR;j#uYtFh((V>%XQbotzS#g2Qr5!{2kqs;>of9m6gpEK z9ffG#uVlt2PnhhS5LqznuS+4L3@ILH`~H2*v}MG8kI$b73DLsLg3{JI^Z!k1j4DC= z5#b8&_I$PR*BIo~P|YTEK(B*mHxus<)*?`Z}vg2 zuI*Cexb1#eWyYWGMQXoZ98oh0gK3tbn+AOe(D8(P^5xIVJC~cxv$VM7w$OhUg>a~3 zO)RO=2jhBIP<-Z;bG=sCqF*+3~s{Z#m=#H2c*b4Gp>FtQ5k zAXLFG9sUpttUEh2FHbwyCb&#r0G`(eFd7;LY!M{BcM!9c`jYLw&trv(BulMcI29EY z_AV{~QBkygX{7&<1pF7GuC6XmUGzH0XRO(c@oIk(j)7qeh6)yyI9R~vAxnc%_9LD(iEIV92>fmB9L0*@B&b3=@ zYxH?U(bmyfuRUqEr(AcraxvL~j#s79IgGr{k7a=Q&w7-1uTQ2CMPX5dRv(v{v)bVv zR!&g>|4p|6dA09Ea?<|l3lRAn0$waDWm9^SHQia9I0S$cIi$Rld45gwqvk1gAiJ_w zV=@ucXaxf}Ykq4kB+AN>f>v=vpkEe~_P?(D>|6Z=m!4i;m7YPsMxQDIjf&-tw3N6* zfkoN0SqoN58P}tr!AlZ~=7I5#`-U#_nrk}@dPrUzou<@JH%fiHatEjDBw_Wh3+3s0>f_!7`BrRbmY&>xorV44I510B7 zj8C}ndlvEUq(89G+!|(}k{WX(fgp8zPww?Nv|ljG%xypj1oZL@#YM=pfe_TZMxCPd zbew;mhr790wGa~UVl*TQ@E3eJkHh6sf|t2EUc?d4BnobB=EcXyKhGt(4hahjyEIYw zepD2=+B|A-4K10}ttBU{Yx)7YBd7pCH}Crl9^CmE|Nc*wUS>_ z_3Z~=T)cc=#k-c`Xtd*Nm61dAgz{2U18ugOseM6U{pb28@b25oN~U<@Mc&hEwMl%E zweaj?1^&GeP26s7Zda$PB+rkxlBX-J4mU>{xXgyoPtVUxhTZVdxXfMmff%aTf5+>?$4x2ou$gjX<^TOHueo|Y*6RFEvR(ad-k>lqH54GJT-^% z0DlnFO(3d1sSS~yje?eBwEVNd&qIMo;Ee1>Mj?iNBt#yIKiGvf_#^A*EaK%1?Vw>q z9(i$TG@5yF5%xhD^Da?Y#J42*-W?|9ud~2(`+%{FjiD#bDa zD=R#`q{Ox*kOFwyjrgjGNviym=1i&o`XSc8k&l#J?0PDeT9XXr&iw8d%ANo#KQ}5& zc(*f2`8Sz)4B75Zo)~(aS22|91RltZK&2vr?<)M2Oy;|`^IT}O#y}CsHV>$ffzN6s zib$>+rrG3EbCW#32Fra_!aTkHqS-YY81Di8It{iUt3A@C(-k;3us=b)It_dDyzK?U z8{j)076Yg4l6ewiUVS~bQE&9g!vt^q1tX*3R1rWD2W0W1+@)tHjN!5vlS8e321^oz z)O?maQ5okm2qtO3jbG8ri+5phaeQVbwAt-+<7BzH(PdC9$5Svl)Y*~Bq+8{U=_u_VI99wb5zI{HOEqcrpy*ro_@OH5#DG?CtUkk3a zz~h8I*7)i07({PAJQw-WH<~-E>O}PVGXK)}G)J|>TZQ+z4O~y!pjc-Y}x@~IwW3}$Qw#K@{tZjwnSEHwf&XieMnxAJfk}2^P zM6_=2W}1Jyy1!x_u;Y6j@LVi&!6nu15?tQtXe$S8#v}@ToxBlm^)~Qfjoz? znTC8dlH5{)42CPJqlvJO?_7#eX>eh&=~R+pwjG2d@~cqj-vSll9`>~?pKLauy4mNM zpNdHDdwa<{G9aYAN=L=FNj`T88W!csI-V-c&KJj&WChJ7yD6=8&!k>x6Pa_M$`1UJQ5R_@>!@D3d5 zl(vpgBhS^6WB0d2dkDBbAW&{``!Qnt6gXwrsP3D(xqXmSKfNDMKRG1`D4 zzYrviVh^Ql{**z5)R|phXQ2J+G4k@WtfIC+)@)6{jH9jnik``UO34pNgNfjz0j!NeK76xVEXBG|Si^T}fo8HFV7_3K(QZ z-*|kfrV=9Wa?Xs;|0;_|pu(-T%*m#DFFUzjT`v~TQ27$=?VFoPJuJjmQzdNeuH9nI zx;;}-`@YQWE!@*{NvApCqg6c_oIx;&Pm*823BD!@z0>_7UsUaqm^A24)BgDu3M2

    {22>^jf`YU%iKI=Of^Y2~%Q)FS|3D}Gd>!tHxASND-0H*nqaCg+VbV?9 znM+52hO+gQb}!N}k7|-m+sMMKl*Fv;G?qA!GEpy6%h9HADKT{M&s1IGRl3jZgb&|Z+$r`5WV|NG;uVOsy}Z0;|@ z`-{pa8)^aMjBtukfe=4>hP|32{6a*9D{H;IP1L0dcGg4@3%ZJ#mVivmx^+sO$+3C{ z(RNUpg5+}(DH5F}NHKC@t+j?wL)}R2S2;nbr-Se5kNC#xY_3*n0)0km$@V1DAEe*<_8a7c9OizqD_m__t=e9N`4)4C~`WoVQgfH6}Ad*9-irndGhT6!vDm zITT&-Q{-)9m32?s?*~89E3~i>tlD7}PG@x5w?rC7Jz^<{nA=d0TcR3fRS$rDh2RrX zs2@WC^bE&_1v8PO)R}c730FA&{6OtaLXf?mXKG`sLROJ^s;z*@Z-}YgjjeAE?s=cv zkCe0`7enMPt}WGoMJbH8^MYlVNj|WkU4Z*#R>e_=@RUG3vX5X=L8WLu9lX8Ofbi9` zuKVlJBL&*UJxAl~da}}uDuFT`ty}*LD_7|q8B?ouc2tZ~MgUBx3qqPue8j^EA5Iw~ zw6^wQhz5Gqrz!FAFI3@9ojYN{`#7ut>_36dIL9VdKs3S6g6%!Urvl7#%l~C2q%?>) zI@1=rV7$i&j2s%=cub0iFllm`*S^2v_+>1+OcBi6ME^qzUJ@U{WpJf*NTokU+}{uD zecot6Tdq}Jiu|@BvTz5d9sD4@%v+G#Hu4s}(DH0t`HSFg}R|+WNQ&0jg_JMc6#UpaiUs3CB#1HclmNyRQz{>C^^~YxT1rye5&EQ z-9R&P>1vx3Wcm9=`|Dv1<^j@4N1_n{*LN>9hXDzZfLoq4B8F!HqV5i;%8gQ0|KC>c zK&xK+6)jg@b}yV-FU@$$RVvK)U0^^Y@=-e8j1egBU$8q_P3&gxwGXwSgMvFTe1 zI}uH|;^xSdL)KxdW-#`UuO`B5Dm^B%*ps(oqt5dXXsqHS@_#T4tKd7iIQ;CviEr`j zs0UNepfr8WGxfPWGCc4{W1TTao1fO4M#Xm-PAE61ftW}e8++ZuSg+}GgA;AtOHZxV zOd_$>kDJDwVL?UDVkLd^Z+18(8{ZhGVJ*CGN8DL7k&t}epvb(ljnB6A6t{k23^ziQ z#^r=5_&h|^>?g1QW-?f8De|M>wXnriv1}>eee!02_Sh|c{Ni`7cPaLg+_q7YcB&5K zOAQB5kk6SuP$&5w=JAra#+SE#bnh$j)y-k-H!u0VY=6F!VvUQFY+n=ew);AeygqEIdx{LW3uGe}Z zZc4*UNRCU#&&lqDSEXogPY(MEiR!Wd7~byd_XVpZZF!kg&Hi|IH5Vt-;C{H8S+D3M z@6TyqOBfc|l57&o6l_X}Xg}8-z9PYX1E>u${z(W}Hauw9RU_rYDT46l!Le3=LD;@r zl(B%_aGLy@WwqpKu<}3`TuA(xBk`8xqL0{I*{Y2)Z{3xUUcU} z?O!TEU4!nUprApQ+(s7Enh)-E`BBB_tfFN={w?wf0uG$0;&PyXaz{7GTDB&KC^r{_;I}c}zPYtlkA=e2D^*r-l1tse==x6E3#eSB4}v z7w>#4_5A*!IFVGfMbyc`mKd@dAPy#23J5-?yP~biQtC9v@Y}yzB>_CdGWndJ+ZVk+ zif~oa=63#3tDbM9$(-j!P{b*laa;Fqxm7i>c^D%>J0>tp-=CTH}NqZzA z1zjI}mxh1#Cdg`@G+3l`>~FSqZ-lV2Zah+mxByAT3?yhoxT(h!9O%?MNy*K!K-N*n|oXQSd>f0`v|LG*)||5yu_phl93utQY{MuGYX5w z{^Des6sM4D>)1JSsQkO9;s!NsQ3|_IEj6KLk_SWNU9K}ctBNSHlQ46^Yf3GqJ~Q44 zlrN*+>C3f8_55XI#>JZ0S7=fYWZSYsGc?0!tbPneCocvYFFGNqOQd%TmP2?}aFeRg zJKOtPA{?0~y{F7F zEW0zM4zCXn+G_TfV0`}$5f8qHT3M-=sXC03al9rqBWgf2Vz22eLhBe18A&@)&tHrv3M5@1mNViWh+a))(RM9rN=m{-$gGzOJddb zsI$a{svC75QKln_-_}sFMYQV-WeAA|iBb7X;BG+kInK%1peeb5M3=U7?8<`}tp=+# z3U#yhjON$qSI;!Ra(@-n9B{fm12%yfS; zZ+w5zQq=zRHoPAdaTj+fF1syg4V{wEj)+J}?O0@-r%}+S_rfZ7oPz$b3>=OupZZ`{ zV3mV9#!Rr2=K1dHMBvQzWX)$&&`5D3#}U7kZIltaY_VN9zkgz znlxAmUj8~b5*gt-e@AA>edu&PV1#WNH?zBuaOM(eRfhPJPnlZ&mKegVO!U|&1I=)R z_FSr*g`jupI_0BQ&qs;IZNb(-BU ztxVdrRwb0ZxUTLFn%_OYYvlN~+!}RL-wfugc@wc(64Dr*M6i?h1{C)iff&JUo2_GT z9*v)MQD)&1L_FBVkIz+)Xw@*uR@ zy4AayQ;v_O%Iefb3ENzI9S1+PtUgdbY6Qh-of=cBqP-YwfeY{9$4^llNc1VsjrySg zFFBZ5CtzXfM6$!Gq zb{ch8Tqv@*uv=k`bvafFhJX-hmh58^B++NQlfnZxMud!r5B+ej2`XFiOIkPQqFLj& zYRm7B6l92!(lL-?JqAzzaO}_td)wj{=u80W>PNto5g!Apw1Eg`%z%Lfl~SCY0hU4Q z45s!Yu0*z1gfAhyQ?NvP>i5rf3_%6fHt;i2^OQ3)De81umDJ&b&>I?boiEjP=6t`! zaia|6zq5sx)Va(|^E5Kfd3aI%Q3Df1VCfJ#xD1xr-{g&eAHDaAiEcME;Uu7+;S=~J zfJ2#-eDIQOI9}HccBvj{tFxIxAZ{z-prVIi41z44l}RS|5uUU<_cA&g*xC24UR#!C z6>!~CPam62d|s!4?B6jDO`@y>PtjpF!>Od)4tX!am4HG=I%!gMEKVX#_psrcWP641 zo9z9)&Pvd~c-(w$?Du4rv}-2rvI?<1$K2}oPx{lny^9zICHN}J4KK8phORHbr{ylh z-xiV|YS^thx~4spsWct%n|E-Zg;M6_!EOtpV`S5Qp1SogcKP(?>j{zQ(^w&!8154~ zKqS!KR~j5Sp46G&yo{c}pv62WX*{D4roo(EGw-l6_Ez>P))#Dgf2SQeT#*BHpco4w z-Cvt5=`kZ+XM30rEF)%;b&;k#BrGwd>6=*;^kPOYrG{S0c02OxBc1-RZ$fX9e*jr; z$x@n&V>-PTu|mx;zvJ3sL@#XjP{ILXk>_1t#Gi2ko$sb3#2>b%`}mZj=5b$skCE6* zb)y7-VU7&*5;^!-5KD*pE(7`YV`WYy4L;w84Rs`47J?p-KGyDHXuw#e($5Q=(h1P# z4Rq=WTP53bul$52)88R4CHLzY{Yg0e##ggEy$9V3CW227!fZ&hcB-n2P#Zk+9*gGEj%)X$;$*`#bxCYLeJQT^aAHIxDN4ngmC4v+vBXqBZ_)9JTs)8^DN zVPV!yE~}_=dg{?18qnOsg=v84KMH6wqt{L&-RE!4(%Nxw&|?6c^FGMHboMWb(Irt4 zot`Q2C5#Dqw3YHe87AX{q zbky(Vju8){L68k%n!Zaq4SEKVCZ&VlL%aUa;mQN4_@mjC;~U-M_;wnKuSjiM?@M~^ zx`gL}CRR01LqJ)0;*56WA92I5^(8fEL%On5ewUv&;zt{@RdCkcoKQN19$uKY*4O@t z=DCI0_u4L>Olg8G>6Tz;r3!FIN}pP1^%w{1lRlkN$t`)J^+eJ^JI&MX9Lg<7<{kbF z&}ry=_76$H04ErJm+EOh{;-)5gtouaRi@LaA1QIP0%oSL8{m;6aFFY}K570OXZ>JE z6za#K;IVjSYQo^gcI~629uowso z#tIet4RLVqw5i}Ae)4D9PR|B6rimO_^V{)c40=8TWA#2*f%@h*jl5DMP`>vxYlPJm ziI%2g&!a#VSRDp|sdYy5h#%6hXilqF&#i0Q8VT zG+e$<-#wFIkF?OOTuJ2)cucIqz~b#W|NCS>aPzjcu}+xFj8C{00RrXN8C=J*TQCKJ zG50AI-?4MRyDVOPMpiCij&a{Qt=rc{66?;_hsKTOO!>Wu+hgU56KVVyEq9LJP9_v` zB1PW8Rt~@R+HMHDzj=~o(?)DiBfM0@vvJsGgF{dp7&2e+o7Tx6(bi&~zw*Y=T&GC$ z^1y8Tuzo-Bwyc&6g8;nl#4Z`(q(AwtQk#@U(-`FlOyo^Gz8u~^QXP73&&~jxsz$asbhgw^3 zU+e?yQM^o6A^hj@{_fJ&QD=k`*Ha2_&Wg!QaL))~w-**Mcr@AQP+YnGJ4(HXS879o z(fNEaIKv3Q_1Szs!X9ZC{WC@bGJvA*HDc4`�^CJV0XfTMZqo(XV#63f)$6IWE;m z3U|zL!(Q0GhZNsU%}UwgdxNy#_vxv9{gedsasSi7tXyD{QIrd6V<7EpfKyog=CSC- zEkC9U=Us$Wa(p$aByn*g833Ay~oHP7iK4nYf_|fl~^CIJ_8&eWzD}&TIpUZ78%WzCOgtdzc zgEa#;rr3!Xh6ZK5u}lY+56+N@VKa)ANV7gM8`ZF?46*&B{6H1xE(> zFE7k3ZYvY*=UceH7LIdTbGx#Bn4xSOizYFHml^Cp!RHr= zN72^3a?}oJqI8UwxGJ+dtFL$reX$@)9punp8qFl*f}%FQ{9grAV$1sfcN+7T+f&zv z|Fe8`s`Y=VEZufCQux}9cv*AH(}ebK?_K+b-u+z&xg(XS0#{09yK87CSNh=aVk`p$ zdc2Ljzy90*HpeZqyMKWoVc!T>D8C)MzYXty*0W7?T z(qW;{h3)AX8v72Vdr{x-bT8*C{ry|TQ*^GZ0j~;0oeSe9-X^-d&Hq%uMXUXfnk1>= zc{%mOb;JLud^D0tT`B+7fzX{PN@^V*5Z5ujl@iPcIhiW3rFZz9K)b#!O@i4-51C0U zExND$~j`B@4PN3VAxdwcRnrd3BqviVUl*s)OzVo#LT_E_vwCCmtC zI96&hnpie{&!B(xwP+2#4J8x6(ZsOSeECbgrG!SbEFBCXI89C{e{u<7{`Mn#i5Td- zt3#t`PX3i33ShL#$XHu#%UAL&*C41_byQQ=wYz;-v5LBVZ7~NUY^6gmVrS{+0cZ6s zs+wF=oiTs^Oj8G}`gse^GBl*{u+~~zEdPq--(01ysPv;l08{cthhJ)Y<~z!x$U>=zvh@;E zfg=kvHDkS*Sy@-4;3^$(X;ptAPy*HvJxlX5dDm0vSJIzty4rTY8Ht~oCyv1`;u`Ro zxJTHxsA4ATIh{8Qou03n&<6*lxYEUBHNDR7W(FI=$^?cPb(GLJkswxE460iF!Bs3i zg%KM+7iIuT^&HSv-+Fu+SrFF&-y(0o=FH{>6?-x&s*)UWLRd`J3gIA&8GtavrnlSFGw@%NuA)g7;o?kGi*?eJPX@ggWF_Ald-AUmsWZMy= zozZbnP??Uf7l`7RBc5n0rKz6!pIU${fz=cp#(}LWHq0ZzqZZ(QHOMFEBRF6(9UJk? z=;_=nTF$u@yxvn$5nrAkK9ok1Fh_}_X@jyQH& zg1}{rb6JQr{ohSV1vru4HCgB-H|SxjK>)4eoXQT?}HBMwa+)0kycDx7Nj53r6H)Ej=I03Xl9Rs7X`ZTW zE^l$?L#H@+L|)H;t#mj7el&Vk5m7Iu%Xr$C64jq(#4Qng>Ay5)#vFWm!xb~9nze53 zyvk?d<|Ku{_yR%~2$R`Jw6b``tBB5%95$a@*y(gFaGI=~T&9TJVEW-P9##AgK3UiD z{@HI<`ZiEW{?1Q6%x>g_@}x0&kZWG^wav!E;pqsNFocV~W^E-__Qkb0p7l`?r(5k2xq>2tx?nEATw3X*~|XbPROM^hkvnWmx< zf?y6E34ngkev~DL^`_HgBq9-n#)o!zE4}O29>GfEnhbBSM?}eQ*2Za>yYl(m#b2=laI^O`CEnEE{}$`~{h zl3*kmOcN=Fs53CvVOFcrn)bstnW$K70o7!dL{S9&I|oBUHM}j1&f2LtIw1zL$c#gS zwv#TB#qf0uLIxLUhMo0FrmgV8gfji@8rH$2fI!$yPc9L#DMQ$mvfaA;Cf)rww80){fkgzNKF7gCyxrO9Q&@hs(Ddyp zk4Ub%n-JY*df}D@N+ueu`tfG*T@Pedhnsk92iG9+WMDRd9Ort3{Bpamt2@*l2H_>%W#77|oTvF;0u5VzS zhE2hqSK#qr4}P=_<6^$0K$tXX*w?8tDYAKx6kDEOF3!@!*V;bbMJ z;P?FgG^IFi5;UA(k)E~Kia!+?M%z%@2a-pqvLO{eL+o+X_D0L)WE))7{E$0KdxV+l zB%fzlJbrlVzPncyQ!_yUm;2>gG6|pCRv`s!&)h2>^6mHcY=7+u-SYeTM$ZMje=FpWj5_TA6Rd^nn$IH(_;cPfm>jW86|@WC z-=gWqW#KL6Q6ssfGQclYyZxwmbTZXH?EPLJe()LZMjGASoBYZ7=F@w$1l<;fFgzz0 zGqdSb1c@IP`(e+|mSN|f=A|I2vE$v2CL6hcsoD&&du(6Za@;Hk9i81w~rr6s=KOrKnOJe4ed(p;}6`YSbLW^ zp%d}!8@HSI!K!+`GJs8GT5+na`lTm(W1!Vw(6coCu|x;;&>bGfoXxv81|Z%-S1wq* zc04sd9}aA`QdM2Oh;1Ikj9GZgi^~YO4z_&UQ=#&}pbA8=5?C80_kL|*F7E*U_G z_>MB%o-(|R_2)&3{?fq(K3tH;75T3tKa(m1E(Dy^(2IqZUk?oV@qiO<4E_(tKCZF- zf9&_qgWLZLmEL8{x1KaL{+i4xG8Ol_f$qb@Pv4GgOLxEbNoMJ_(gMc0?c+Pc{_9WI zm4HEZh1dSGF-Xhb+LmZ5A^Sco+$o%$IMVW8oal=OAj{?Zgk8MW6yY7*Q}N{K+JB*G z1qp=(`E2L2s@lM1KsA!P$HH9;Bx}G8M*%n|%3tKQk9PeM96E}+$=(1HePXj8^tR)V z=Ivb(?9HKENKr(R9vM%RCEn(ciubjF0vfW8@pHXkc48{E@T{D+mCv*6wOowkh6W~! zM%Dx(phk;|WM<9LnE+x}Z4a!8ffk=+9rLr&yjD0b=5wRN5lU+B&NR zI3TO(gFTe&c*b3FoAr;4r;k6O%(sNcaxsQGJ2$kt18m@?$dY^xU*Q4m^Tf#0F!nqk z>%QssaQP*3egYV-cd%&m)Rn8Ako?-#(z{dn>$f^XN!T>7X6vsh%&0BWp}d;*UI~Rf zl}I%YQtKZ9n@JBmOO^-bcy}&~4_wy#-SI3njrUWefDtlz?n^|c^6kiAi&y!G~`F2`oJh>(s02ozz6+oB^%y{=`+>fec-!xoESR21 zFD@25_UTc4#=V3j?7brffab>!34Nu~K#(-sIvEqo+t|{nO~)ILAGl>xlV7=z__3eQ zb(j_izuZHDzC;Gs6!Q&SjN#v!H5&V$7XJ`%1$;MntNH4>pBa|&r{EHLZ`y=R{e#}@ z%ay-m;%(ZKh+P`iQI4GGeM+$gID8lxS~IM_Fwm3o`yHWkUcQap*H=&Yo=xLTJK=Oi zQHYNOTo5wjd7nMFKPiFqs89L~-+o8r%tXubJW6Nfh#*-jiN{r|avw&p-hB{2R)1^e zi)b>@V_T!`uiYu&Ukohx4h;ca06LX<-+tA3X4*^9D#pVlz(UAZ-I2bABxQXt$oX~SMa#W#6D9Pph}t;`r1;be|zoz`O`t8aNeF9)eFS6@A8A%>iUDk zXQz7^uQjym(i7=!Pv4I|nilV8<5>Iy|6Gg=mso##3dt3TpD7)_;8b>P!G`Awzk@rB z0dnt9QqT-NugTV3QAj_IM7$C|!TVp5VxvGH3mH3P-YInc3``Ybl8Gq-BZ2*lk6KwH z9qjo0qrjsNF_vd{ks$o`z21|Kk68l!gtWqyx&Ud4L%f`XgG%1Xvp?D>;yV5!`F`qY z#;8ThFhf~Xzp-h9$RW5hwyc?-e1Yo;ZD4ZROrp2uPq`joEv9OXasf|Md|^AuB3Q!% z%JG%98Nmwy>h;w~Ij3m=CiYIEaj9%e?|oN^9~W~`KafwWnDzTZFV!=6TI?kB$(*HO z`3+lE6$b#R^SrlRS5j#1M%!qZ>+e!pC%?dIgh$T-67*>=iSu@D)X%;ep!jU6$NKxJ z^-i|A z<0imP{x8CHr7(t#RH=QA)*8VDZ)+i_0ub*4Rq zGlaUl=X4T7);*j^WX3*(L!jsCJH0a(=@iWN$1qul=w?DvyAl?;5Hk`2s*2}8Ya}L{ zv0+U)ZY3_Wh)!972)zRP0}~pM~@O7`NV6>IgP*Ly2tmn z)@Jt0*Ekr&M^Z`FSN5zXS$wWW}cnKHfdxl({=d zbma2Nj_UyY5OZ;`A{byTD_=+pM0cPV!CJ)(~gSoW1cCw+;TH zMm{>ygS&3ZzwjBKd73Jm43AMIKFg9R3;Gk_o_9;Ja6jz}*KZdXj7PTFL1RX+@!UDR zarM@|A1-a|^`B#*@o`EIAFhgyl&$Bx?ANM8394odA%beGDd6?Xh(yDE8RH5Wbl%OA z!Cv&4h|u7{8)s2=@Uymrr#sGOymkHDTeazXE$^*_NIb?|&aVS+7J{ZhqM1LY9IM zPE8n++(mrIjvCDhS>@+e6_dF|@u$nf{Ckv@3$0LgMa6Em5eFAnSR!)l>8| zb*Zln&qW~^d1ZS%nQ$jD#l_L+E1irO4$d157yx($2k{ls#Y$%FsAt;0G+@Fvr*vpv zO=AM7wQKE=DU+y}QK3Xr1#14dokaLS2-9H(t@TrFi}CUs1E1e=@>vHK*k@wE8D=}2 z^o9LJA2QuxA`&R+M;?fN}AZ1hE(S?JhB6iX_ByIf=5(K_6rEh6^`af?o|G5wWU5H~|#s`x_cO&lDJ z`~5-}KZ|eSeEIrT3l|5+7uS>$*d-DN=W}l+@G6exS|!J~GRDfAIA1cp4&wdu7V|fv zzyE1d#%?+Z9A9$oDSZCS7i(eI%jsWQQqusqXm}nWB7i|mQqEkvn(h2K)?}Ub?tOqI z{Be=zH`GM&DiFLrGf`Bv2W^#bY$j0)`qV%^yMVv6CCOBAnuJ+h6c=g<%VoS=qrOH{ z#C&@WBQ6o=7{)zM09si*6as0*XWAE?k1-Bgf$x)4dG~iXxjA~2Z{nV z1n#9zIVjKz23Fg5>^O?}Bu}QkHK2&jOr>O2#~1;=%>wULRq1ZMx!xaqh1;4reb2!7 zzMonl;=@*$U{%X=vLWhm#YR%U4w9z)<2&k@o1)wd62gSj#0{Arcw|cBaL93RHVWF~ z1^0#xLfd}7zs5ZN}pO@Bf}aKzE<2G)VhriPTi?MmTKKC#iRmL&3y*0 zTH*qkv7P5r#0ST|hLtFVAxWpyJ!{~rT5B^A_2~H?Qxv#*%D-4Cj1?|slCW9YSSkLv zpzu@86ZkA{%K=Htg2O744lexsn2e`P_$;llBdvVTcD50b>moJ9#?Q9TjjhDn1fSUqhAvZ< zgeqGe9llt1_<=TAaMIjDVYE2A(b<*y>3}{H>xCB0HL(a$u1>Wf#lZ^G8 zz|ElMUW4g-n9ww)sh@~6hXFn2YHgc7CIcn1GS|uo!%37)`@g$ME>q|sE7dH{I%{Z3 z_uUZ&(Gv#U&Q;aopc+Nc-SS zp}G-`I^NdJ|432NyBs0h!=_b)FKYbk@cgCp=^hF+OGung0}5GhoZi7m6&4Jtk8R(+ z24@X{1fI!SMz|ZO#^th%9Z_0fhlFSN2p*A$!St*@2gfGX4g0_6>i@p`@aAoD9^4aa3Ar&NMEHJ0&^Trso_b>D%(@+BF?2-VuzoBoRrMzZ5 z$1B*zT$lK*qvMxP&sQ}C-zgTui=v#=F(9UdLgL~5The1drp#AhY(l+GLZ6*4KD>9R zAa7a|le}=Tj5t|VMb9)}Z2(Q5(N1d`ILx8663^?-2{%%TOE=rnOz-sXpZeD2a_a~N zijYt(;!_D+a&bua&5Uhmi>m?R#~D$)YhJ4vs7W3AN`2-jtVKPMUH|fV{EADYpkR3$ z54*8)RfjX%;&@c7sufHcc5@sORb%dEpvkubqbh6MP>HQ+UMIN?kI?!7k&WuFTHnnH z&4B8ieIa`oztH>4G$siep_J4*{CtI5b$i-p^BjARhS8ew&?1uAGl)Rr^;ODb5IAQ8 z@5Z+`Yc)M|7RPhksUjeV@22o)eMA-)kB?6ibZ@QGbnMu`v*nfwca>==6rC_YR{6ri z`JurQnn!xR{bf2d1nq6VNMzJ-aRo$ZjaFcAIYsIn1Lop;!SflZwfaB2aVlCClgX*d zCf8ztP91#u%IH6{{*BYCJ*05(DEk(MLCxplx5>DFn-=Aq%Ci%8yL4{$nL*1%z3_9# z)t<+QAop26ygHD}BZ!(cg9WQDszrr_tQe&^bGMm`Z5HDb}7amz-QCK-wg^lWQd znAQSBaWc5uh#BNuHohtf?(~M76^eP6$}jsCr!|cwk}U|RwR-BW9|E&?JF8x*;ri;2 zOGOnJV$z^{ic`P}n|348RO3j0)ggK!|n5hl^6k6c`R$rIs=z61u4 zoqppE4o<0sFWc*v@|VZ=VlS^a92paVkpAkz-tP&jszT%a_f5i%r0RB_d);XWMGpxZ-H{aq{X{>Boke!#&@0BsuwtBD3_yx;&Mti z-_zbfy;p=Tq9ExDc5=c_SytQi)VpY`3T9|n* zxQBH%{W-9;B=Q)PS~-)-t<6|DxH;EdAzBF~7>s`Yg;ia#Rs2Sa3XtNeM%F}0WYPmcck=hj~W= zF3f3iba-woBAqp0{O)Ue$C1Uf%PqAjAkf^6F4KnJXp5D6F65m6drl%4c-PiQWTAgD z1PujNwTOwvM(~p%(qHa+U(yPgx%(jj%7DWJXZL4uCt<%3(C6n&NB~DJe44uP7bFI- z^$Xo4t6=!jR_BY|w_G>1H|6geIB_(u|2c(C!ro{^s0hw{;I=}IeQ%*q%Km2j%Eecb z!<7IM=ep^wG=d+wPhJs_<&IQOs$*_rPbw7xRudNKVR7W?)wWunV9|L11T&m|xDqGe zGQS1Um9Uz6INqUWep%*xM|V!#WD9%UukIIs8Ax76%ez&1Fl1gZ-+D@>Cb@Wv=%Riv z4fpW3C;$_2!lXxs!(&hga993R!*^8)>aB@k06zkA9H;G*Krc6ALm?K(Kz1L>S2xgV zd_Ta|AF0G0M*5Boc{uv+9V`i_9Z|>FP64k84{$e>3UHup^`uEP`Em)qmQLRW?znr20r+=i zsTpWt=K^Fs?{iSuI+`)`HJEoVX7{HPMwXD(emKls^ z8IuH4#?zixYu`zF%**L8H7x*xl20Z~C1H@ME=mA}u~s!69^4gTKtO#%ft!i*IiJD= za2O9am-u*t{H{*j#~3`8y)I=vM9(0iTo}nLRU<_DVS6e92Fg8xhBxXcvNaCfGn;5C zH~`P*P#{jD(@F>@n@kBw(cbHd9*zinp^I8V3++0^nh!v)YgS@l5OF4N>9Rn02_v^{ z^y7RtX(&~ll6cFyq;V^*{;n-zhyBuRTCe-cs-=|Ld@hH=(|wT78e=Ufl{Z6AM$)sV z9sj3*SS6(_4`wNAoVOOSSLyH%YOGk6kUy^U*zZ@UF5_kI#=o>>1uZGp##>O*P<^F5e$J{zfv{(l)&wWM1Xe&V+_2N`DGpiY28{b1mL?nggye ztpYG>L36gX#V>$3F25EIUA6$Qf8=9p-gdZp%@f-Ds?(zdslzpKXc^A4QPoWUHRy6L zxxWVp|L-jzn@A*@^f~!RW1WfVhVMMQw=o>lAipDI*8=js6gXV2mvmd`7Vh5cu2FQ> zUw5fn3$+bRTf%!jcj`Sv0V@Sxk40;}5F2UCleC`Kg-r=q&8&!@PQ_i!5}Nz1P+8fWLnYSx~B08){1&rWBuWILG5zr%NXQbvL$_=bi}#E@>np)KR&mY%&;b`n_ga|7=$~-` z-yElI|G`W}_?Ea=c7>;%26K6k*vP@pw$p=kdho_l({QZ}`RMp%=v0&G4Q|>FsSU~0 z{o1wtzZ}?R_4$5`urqTzr@X~9z^-ZDPr1eO$Z6#qhpVALv?|%g^l5`%zI4yTWZRg2 zAW#XQD|i!2>79V&sjV}=tkYFdC)0Y`vlAsr_BQ@!zw>?-9XK&mk5QK1^v<+Nl>B0p zf{e@zDsKWCW7~f4z2;#|(IOJ|`9pmN=luX~j@^bYvS+i#w#?RU0`xdT$iU|}58kS< z)S<_$g*PUR%0$KQnnS+fDpdcF2QPP#U!ELR3cDsfcA3;E4yWjP7To|n2Qqmb89gGJ+Ysp z@Jl3GSFH#t4jORWdLUZA_+a_E>{>E{F`)??_Kll=nhV&tvg1vHRlFF>205 zRbL?EY|1hCYAR0GGQ#>YlJ91Y2#jhb&<^=np`hSB@- z2Xm+CDf(;@qytU0=#Up(swErwV-1hc$3tW^a6E%uYtS^0cI3-~?r(D})nzGL>j~bK zWEVTLPP)+=u7!>}oQjS5#thP?xi(MI#T0?b@ZS2Vl{UgHGI|zgd;w zlTFcc{{7ZleD?-~IA5p27GH5}9`VDFqe->J=BqRsWdI8+)%5i07fRUPb0mup)H8Gu zz&1=k3aDG8&jCrxOX)8PIi$uS6X0n3A)zIO0|M>DZP#XIzLS=gj@zdAHG}Y4H5xfe zzrf(QV5dE4=HN6DfTl<|^yvV-3VY~Y_NLqeyf*IxCm=V9xbm>4eNKJjq(E?+`+p^d zVXyo0*67n+#&D5pxlURU@m8P*Mr<)MBshApq#`q61_aJ_?z;OAC=q?{Mf9HbIS@49aCOU6=#1O&zbsDzSN#{ zYonLEOn9#ayqydl!mpT*WnMVj8)o1{tQyoIZQ}L7eK+k}(Z#NL*zadmaxm`t7kCu? zuD1=d((UY1LN=)vzB z(|v^;&YxfU&wzlv5htnLJ2 z_O*xY!~r`QzLWt3BY~SohFILQU#ow#7|wcK94xien?(9(Qd=YO=W)2g^7^N*>WTt- z&ivSr5Xz#56c(!PIBe&|>ip4#BD3J)F%uPJv)(`y1!9WMe~SK7Tv;oOerZCx&At;;rKkh}O;vETwIwWeRn#!NPo)8txp^%tbYt2~Lx z5=z}|$RD0+$2p+>7&Uj}>wLlA%$L$mu-u^oXfvpq_2-Uyhr%3#5woJKPSjxB+m00t z`u9BJh?xewzoMqW!!H$I(0jEn_cQb15=B+#j8;Pm%~oWN7;oObeKR42G%J)Q{qzMk z`4`lSXYu-^3g$o2J^4nG`qp<8QbF{W_eRxR&j^27nrK3jm89tu^MdUy3)P>qeCkTO zOyggBhD<EJOaISK3fk$BN}M%Tl}HN6A59O7YBAB2Fs)~do} z*}q~&k#iO>aYox^9(wsHevh0x;15*~2(E^_{eh1ZGhOb@jhXP>YmMy zJB$RxJ#z7Kb}*~z4nD(TmrF8bIq<&q)LrNcAngkF&QR$-ZzQ9?r%%#&i(l%i63r4{ zt)yL8Idem!BMDg!;izZ7Dq5S9{;eQ4G#_NAT0@% zR+}f{6oS#O$r2B{KM5TSR!T}&TTo%(v{!Vy2mC+`SH?0udN!e~ecT6~=aPUBFjh`v z<}oT%f6XIz@n1zRvlEdAok#A@3F}`sJakcVaa_zZn}Zhiv8EGt;>&#P1#;`}6lYNT zPosal0Ldn$Xuc@G9DuRkz3xnRd}?ZqljF7bS(R<;C4bQw57R_5SZ;A~vEk}$@#QX2_`)zGOvwu5o;P*YE{^i9X|@Ei7k2#*gEno1{Qlc(3-@G|<2bfSiU ze0BhZ73U53f0t8V45YM;n8?j<Yeyud z8qCHOgQx0Xpx}ek_VcYh&G(v``{Hs_{=49# z|BmzjlUX%`7jEBGR|$F+K%lZQV^!q&_hnMLyQcP;9!S}SHL2nBlv;zDr-L4?bf{V29rlVU$js7jz zG7f;!TO11~Maf>*t68BpR6V8g!a-#!G$a?;k617T7KGSH9Kv8E`g-?Om?L}QS*K3S zg?1&=P0|-qQ*Q80fP;Iw02%P@R60=7Y16v7#`ev>v0<&#d5GJ-`TujCbZRZCW(Ue$ zx~ohtJF&$wGfacw{jiT}{uQws^N=)Gfm7=F-8&JiQqw{k^R>`~`q|@R9q?}v{&|om zX0{3i(8SVL4mF~RjS;WU(UUFiB17rY&~Vn>1Q&!I;$RSQitW(n4N{YKJn0678l~KL zfd?AJV)2(Lrj+FG3ad-G+r8skFaMiVX%uXZT+@qSHjZMH{n>0B%aE*{{=cfZkklyz zaGQP*$=VAmJ(_0W)f-XIj=ZNkL%*PitLxjC}-1(Cu1j3 z-cm{7NT3Ey@1ghGoRzDiv^ZR$8VuA(c-3YjK8^wC7q~ZoHmmxXJf4KlM-D34lZ|Z0a?_ zx@?DE!n(@KTbAnJmE0HyjK7nDdT@vL42F&MQykRa9w>De5EfLkhE15bqL z%e5;zL@DDD-?VK-gZX=3u%$$kda_11fFu8w;0*A-J#AT#P+Rlp$MJ|R6o(j9F#mE; z$Hl}jTe`lBfAJn6TttNKcappMpDPJ6a_vM;^&fjVC30h3rbQS>pL1&GxMGgQ=wAX= z%ni$Qg;_PFq{3d?;~fKNH=BKHo|S}gc?|zqe=;2)^y9o~B?U0bCVz>eLck`ldP~TU z62s@ueEQ5>Y6HIfn=GH){U=#={a3Q=RAU$!$B{VkBkdDyZMQIWgHNJ;1OtWSSDBhw zhc@CY-wnDteSSBoO%lmcFUu9XigXF$>JnE&0~9q#BpYL!->G0dgML z?|iu@SgrDnFZXLhM-*sC&qKk9N0i7UGkvJqvgyF*KMC@Wf0g|5`muAKd37V_?72~G zwzZ|?HKz=7)7sQV36Rym8mK294sWkd!&Ng^MThn6lS~dwl!`Yb)_!B%BCe^34%xQl zEnhAkuA3@Ai#P!l0K$EJ-medq?%|WY*15j8V9WV5#`Pl9{gz0e2s({_e}HSgt;ijGXnpM?t5`{yaH|-eS_6Q>{BCXjlA~uL5!wSZ)K| z<`L;LyhjEpnH2roKlZ@Rmw}xb!@~+#MhH->iFgA@0flW{1_C3x!Oh6|blRn2!dwX} zRP)7(V6VX`)i$VZxb>yT>xJ_fXPF?oAUDVJaGU-a!_OOAPyQV;(vLAN|90M+Z{&Wz z@ZUe$-eC7`#~zx&g8$*h|0Dlzaj$={u*fIA{Cft@`=^QjeC+?rRPxVz|2J=qi&lG3 zKnH18m&dhDKDwy%f$al-E^X~m?lw=5l6x-3O))jLG>>)rEYkop`}09LS1_y12CP{( zt<-q=%uAbv8`mAd5dpV_5w=`oW-9aM&}aB0>=u)SvD(#EIqbT1oNdimSoH;^XJp?| zr>R#=Gf7o)aABiIcV3XD_sihyjTw+i>sS)QfpMBn6J`p4LTaOqr zQ!zEo0d|*fEcQept@SECxRNI4O#5C6B`@5)s9P|Gr@yxZ$lsLOEk3VQECxMg_3@h329~?nvdQY z`9zv^zW-2GV)L!c+mxK!Yfmq+eUaBFe^~TcJ#>kCAQjx*j6iCk`bU_+xfkYzUe_L7 zL;V`Dt`_AQ1>Y34z9_0o$x7sEoQE}2)j=Hh@V#GJ%578+-!bUb--~$$P0FnM!`y(* z$g8>zMKxoq>cJ zHa5kubG;m@QZc)ky3yuRU`RGCEm1C|j*)5Xm{-&VB_&7Nn2rM|#=2xeg8NNDo~v-GOqRPmu2?(QNWqds}O#65wzzkr7|kG$y^YaO2UsJ^mJ&z6^P{fa zG_x?*??Uj!M=s2-@-gui%5{Td0eI{&>;O`jTwZaqr>uHOJNU>8hO# zhV}aS&(eK8*}~|FuQ0-mX3V^bu5Jq5W`xg)FRE_&p&mxSXBmR<$0t$!^h-OMQE@7X z&l+B4ZEa0VLXt;0Tg&QhTM=Ai2LsNS_+#O>bn}%s!NF&_bOjX^W6e83M2vUsd9lfd zAY05`I}r9eVOY5D0WO$Hj6)AK^4__jLaji+gG=K>Y;)hK4=ph<<;p&fNB#OcWhEK8 zc+4EhrmVQ3dNQnwi1zPO*;|q#w*240JYZj#i)f6b88UN%)2Bqw49rMM}P=0qo?H@z2VdJTl4yVZ1N)daUg1z#Ofp24qZ%2&_4k zE>+0AzZn%SjJnq#!p=TSNq~osKVI8%^eR>CGLmj{sE~yoDzC1onLuZ38%iG`vSf=s z*;^*}9MJS$ra;)+r6(lh2LxQlnB3+NJ6$1?9`nN^n%luHn!1KVvDXexeoIB7WomkEDu17uNqlzxvH%n56n->CgjkkZo@{5H)DjqOi&(symqE*_T%lFhUDgTuptVa2R^C2B8rzRTGNk)FLQ zM832^{&MEiq}{qS?}^<0ZEB0H&_r$RiJvWnO&ib}UoyerwTl$?9@8{&U~xLwWgbH- zu7db@%)B(Hsm?#SHtIcia9yB7Yq#V0_8QiDrKT20$jY@yh2avfSTRfmi4_6)gUM-A zS$a!3^RY#}T~IIDr*)|L!sb9LjM7uK?J5lzI{o=ZjXkiui(RXbxIvymS`-lTAy-zW zV#g|7UETRLH8s#4Z1J#dVdQ+_!wFpGJ0he1C&_18;>XN6wj~FUq@Gcsamp=Jy)P9; zeXHfmjr&=*JJS}YrOGPFZNon`9ehI+wI;7wWOw&ILsO`7edAEazdUvzA4 zJ$N$~ehnWOzHQamDgjlsQbTh)HXXH}(hACk1NvmuM~~hHz`%2`&~|lMSX?|o2s!Cw zN0V_G`K?`cisx?)S(P1l4<%JM0P~BE?CbZLESDq^_lo=X)jjVp4G!q&=%@ipy|2#+ zzH_3`ve}<$?_g^1aqLfd?FNvNz^9^%_x=9Z@L%pJ`ltg7dPY<8;}gq^(;|ToD(n zuCA-sx79K^Jn=I$MNZ7t8b9IKWG^5;ss$|kYYIeRDy zTfTvmf=O;J_K;Xet#JSg6l}drn|!pb;ggYf04U6A4g4Z9c!Za_2lOs}F8TZGeKR8$ z{-qBh#!{L{s5YamS|dI!taRdxm*cTZmQCA$PSv2gxh7#qj2_%jr7w*5iugW6JbeMGDWzmlH4> z{^TnZx+Sl1=~7C%v=Jp#qPfRo`bw{G^7It7+B$oYvb411jG7bdLhz|Y@mh|hvdq;f z0dV3*JR<{x)%=_Z#?k4K;qkVhkjs9|6CzY3owwZ-8=w)6)jO@zktI^OpPu%6ZReex z7}JVwt|i+|KY|eGy0YpQ;*QwwAE}57J-wD|qAlZ>ds?l?(2O6YSzbw5V~!I^4jk zbL+2khjUl(e-zRFHB9*h1ZZO|^uWP+J5um3vHL%5?w-Qm>;Eq@vo_)kiPgkJ7P}fF z#Dkefvp(kx|5%#pWOyy!+k`F+iu*s9I?m^mlx5Wx!QXGT z{Nf1Z_kS=CO5ov68mOL_I1cdWV`~3Cxk_ScU)T@xMqy5E?Y0p` zcEc{RtVuVi^_}YDx=S_c4=zhFB=j70g3sYp)>&iBoxI2rM2Cy&B z9_&YS+BId&+BT;C^B_RmWGT?;f4IchN9odqPBD;ki@H)yRjoqxV)wvZX*KsSj}wd3 zxPrG7M&ra9RUc>N$^-`U$15xfRzGGvIi9jKt_!UQ3!Gxz+i(QdeBSpCQc?4R?L5~x zk1kNqNKx`y?=%r8L2a|y+pNC41=5WA2cl+2a(~0cs7X)Xh;Rx#wobQ-Ab(Y>YGPF$ ztm?_zFL;-y+E6z&uCEb3Pqw*U7rHkIU`k0$X|;xdx7PLkfts(d6HRNe#Hp!<2mQlh z`=yI`8BI^^l60^(oESS-ZdnCB>p3&QpCBoCQ{OMYuNy2S`h&IkIDnD$g?G@JpJ(mU z^mr5-VUV(s2Ml(s(mh2R9p_mSmR2yKe^`@aR2e*U9uE9bD9KkKv8vyr;dU{!jue#MjyvkE8->c z5XUoittWCTdwgHGT?*9bgsXNUl~_Eo!f>!|H=Iq)EbXVOc%OI$`l+Z#rM?CYRn*JA zBd>btYEY)V>%)b}bfk>CG?qq%hBHhT(dk6!JbdB?z}1=8;Rt{z>nvCbzE zQ1NRo`*;_e_$7>8)#ef5m6V|YMJ_1951G9Dj%g3uSU|-_qD)D@MvG-dPXNh&jwias zPmsh5Xq!EmM)!u_nRhNhFe)r1ifMKAH1W+CQzz5>QsR$_93v-=nQ&#Jvxl!xD5b*O zClQg$HieGy4ORIUeO_uuZa!%cOz!XHmh+Z84FmVYh2L+u%zSpv*O9J?@-E-cFDXFU z>Rt-C>fvgKCy%7J05#Ftx@c^COjSo`mIU6+=6M`r4NcpZop&AY4uim|Yig`E$KO$(b3Ug>&GEt+q)vnSttS;I4V+s2z| zu6l~2`37h${vu^O&(vw++?KAcHEFW?`&Gi|Wh)1<&EF?l#hFwQJ5`P7snM+JhTM{p zAw&Jg{X&j}RCa7{8TDm-IV7z;Few}4q8o9mRvi&6C zN9dD?=vUV|1Fk9KClsxPw~D&&g316ktR)-21qUM>I0pKLCby^KH&lA=vYy0GwnESBdSP>#0Q9(b}cGiyL`zU zAY>FH-dJ(vS9gI5V_<&@(RfTVINEYeZT&!FJml=+-Ko`>a%92zezpya7DQJ7Y384h z9jN-3UJD}QwN>>;>6m4}2x0jMrf7ULNIARf_`1=-(`k`rHK|O(u5sQs~)Vo%9FrvuNUV{X$!c zuD9hI?Jk>CfHigYSy56((Q4F8MK6Nq^J285v5CHkt2-jV z;f~e^fXt-cvkE}Y04)3Mm}@Z$X8(VsFd(#y0!!gYJpDStGqq^$_helCTxSy@LOEQX zLZAV58dvyS+;z~}hlE{scQ)6qb?B0}*1C4K+SxL<#&&wCdTuVT7U98q5{OOt3x&M- z--rf+p?6Y9ejXht&=-rAn0Bq7S=a%*S-kjCO55c2i!oE^Y#zV~3PrW^Kr&$cs)z|V zrvFq-dMHf!f)~0%b#$(3)9|sZf0j*j(S~+mh4#S=C#ykCiOcZij!K6$5B%--INC6o zKS6GOZ0=8)&UVURbV#3>95Cjr=k**%Bj|>~=gY(iZo4StxqX=) zF$sF4laNDcXH>`=se>2`-46Kn|A zWxlIszm#K|wQB#duT^N=6n;rD+`Gs*Kd#aJCztG6#UT6UDhtdxlIrM9=}Jn@gov@_ zK%~s({0B@!oQiAC@UCu0&-!XT&x1@eHb=42ZXMY!GvYjw#5EJr0ztA6Rj(1g%|1uP zns+b1`;{lDPSAX8SWL6E5sct5D zFM5k8`?7@OG8@VuhC?17R~ribvMSzEaCOG}G&dgj6|WIqIyR;(A>loaKEuiqX~~PF zCvE^cN5+~iK(V5dx_V)bmKLg>7=Zn@VNF;C6up1ti)#P_cvu6*xN^E`B~oe*xxBPA zN6#pL@Tvq{0It$w0P&ibpGVb-6N=USX_i-=5NMtUzyI^V<7AN@RnG<4?WEr7G^Q@B zudknlK$|f7U~xu;l>G8qx3!b+39pr~LPFGI`+|S?@q5gfgr%iE8Vd+Gc?k*^{E$ZD zi$7ppYfA{eMwp(AHspo;ac4!ClRl@Eq#I(AFyhD1>1*QUa-J|N<&b%|q1@lujj=Ca z)_tx{Unu9EKejg;XD7K5kYbvrZN`;bUEOrKBET{o770XSV;;@Vb2tzBF%jNC}{6AB` zn9t?V1Dc20q#q#!;n3^m^7mo#vsJ4!>}P(k9wgO@~M8WHj1 z@qNxTLLDsxo#%?2gk?4jO==m31C>88Fw_EtEZpyCfqn4HlTDpsZJ)o|_aF#EyUHH} z)utmPaV>p^-jq_KOC)S7QaTwBHHPmgpD>H=3EO>mL(6Bb5~MGt-UVyWM?z7jY36dv~8s znh&k$DRnhe=0AU#)zy~IG@pI?{km#``r#ebqvW3LrytOf7?%g+RL*OI1>cV*->&Dv zCk0+)L8qbL@f$?bq>TqRfDdmV!8x|Av7f$26`uu_w_K9-ixK3 z-G$4?KL+peCtdp<(^c~AG(t|Dx}6Z~RdR2y(e)=c*;Td0IvsP`23q~6!kHkDIHQ;) zfHk(6HQB7ybT!`>nFFmKc_Nb{+1-4pz$xdvoO{hM0spu!v23aw^m2srvX+WI;9B^N zFCBE*<37AW=-1OUkey&{`@tJrhOg(~aQl`}>y)>o=*E(e0rNyIA;{xlmcnX)Ots_p z0U^|}D9DRCe^gCacpuA+$Ptx5(hVLLtV|}pmc_V$guGsYG1AvX-JhA13R$Nd#DO4x z6gns{*Y^v(tz8gAN<2=^n%2-2R?b{Iu17}WBe%pnJ==KGw|8O$7hWy^n*~t@6hxf@ zwr?uFuf4=;XMzuFX6p`vgdnv6zhbAJ)18Fq@cMY=mx>OG+*>)W)gFBQ37tVr>Q~?Y zdaLGEgk#BH_qyMK)o_0~$D2po5o${O$q^yGkvT2nqy}1c)1-CoP@FPaLAx{s-?k1G zzj9-#GtCa#z9LL^UX*7+L7maA2eaw%0?z>fhErmCa>32h2jKyANlT12^8Np(>Y{HN(RjF zu&@emZ$Gb}0E^^i8JcjGu^Sp1{z`}V$QJ6qKFeqI!3AXbT8|3TF%Di&iM{M=+5p|p zgrIhPeIPGzF`kCW?qoDf9#foS(BLVkAowN&GQq31|9nJs|2rapD&zh93DVaewr*jP z_oWdEG~Ws|<-Y2Z>b{tdX2iArv-Q-&?uMX9%dq#$+-Dul>rpL;Pn2I!|5hb|`OzW# zd*X4;2&CCTKmR%(>3;`n{NLvc|8?@w8XkatX7w1eS^UbRudyCSdNeIbtorTSulaS5 z%l`V#FK(bd33$jjINX?b>V#AeDWm3c&_kTGTRd;2EaRPlKeJkTo=j_M>8?98irApl zD(SB)q-Ojo;V^4vHE+$Z;8KI1?ekpXbDfZVnE7*K+Rpby+s7ZW3-dzy^`SmlV5LkI zxngc~yb_v$b}~{?$EMXa`_ji6ByIlzH259%KH7+e<{vKJz6(qmuN?q^`iZ0OElHUO zl}CF?TJ4TipPuoZ?lLdBlD0vGY&jQ8iCV5=C2BwO)H}Z$>lU2GS)NmTsMd=KZs3(h zHZUFP=T)k&etuEmkP3YMN6#(;i4Q?1J>TrG!*096ezw-49G@5;KeN~IcQ;71n~ST1 zgYmmkynC+5FkGDMJ-d3hjfQ{X&uo*~+-MbQtkRM0Rlf(E`0HeTY#?vny!y*|yv5m- zp7munxVUsGWg*O$S)*fGi4(U?U+a6$PYJjSJ-EAMfx2vnVj}PL=i?c9k}$ZWj#c$k zx~6R@zqChoos&Vrp=OrjA~|%P@tZl4b+6#~+}sjQKgE}mBhj;XP@MhsAMof5i@Qlq zYBA))Oxc<+E#wsYA+B`<+vHX_hdwbf{vgT%|S&${4UD>>Jq}ARcd}gjwRYbiv zEX|?oe12@yhNp8Tn_g0oZawE%)Am+h%;!`HSNa9BfDUvQ@sG7{eKK`hKZ>4*ozo>k zq7u(|;S+hh^F8aeHaz6%;){3(k7-mJc-6gj`6=mSz3tcU+@C5AZg-%}i6aDJU+nTo z-jFFND8yp~o{JZmj(uO6d}r}N+(_{4NI?%Y2`uwx7!RZnp!NEL|IXI>xID?@Nw&@M zqp*?UD6eC})#!Hpwn)W?e#%Ggr9{7~In-6^AJ`&%l>T8YNlq(&?srkWp+aoi(HY`O zW@hDuYs-z7>1*42zrL%bYOA&H(TaEZD!O&-o9Cpv&+>u$&>b8i{CvtG^mCD<`B6kN z-JM$7ZNKl?OlfGw&aR6*_h6}gD4Y*_|FT*{DcpzV4Vux~+lsG5GCPs~#3HCPfPpby zC8_FVEL+v@in$Y8!E$uMckZWdcIM`!Ky$ZCC#0zC-^moOY?l+fR_~7?c~>@}c{>1n z!ZxA^*FGQLx*f>SUI(8^P+p71qtIU)aLIpy;GmDqq`kl+!2VNuNT*8x+$d31e zs$9aF$~*JTpQmp0E2wRk(2{w*+x8jW!*Nf(E4&|DT%~lIzPc!eJ}|EvTZDnv)L z5sL}9C6WGd^21+ z)@Bc~JXg#Xj3=4Igqwoo13ZKuO83le4q=wLu4h#nshO4h{~@8JGYP z7&6>_AK%hgm){pL*L=Zi=m6jJbQDuTXTKM}ouJN(ua(aac1{Vi3GFrt=nv2J&#gcg zoi!)#S%QZ>c24*9U!zWfBZLH5yOdN#-15Z{?U|x$wz{tgN+G9 z2ZBNGr>{*fdYb3E%X;T6p1Nyi3N8)_YXpaj00LkD5%xnKc1ZKDkF0&lPg*U3s7~V} z$L~_wovYp%Iov>i4MjN z+DQ9#CPW8fS$U^f^bVa%BJ5j-H9oeh?zv1&v>CR&cpB0kx(wm>1VCOE7&|1&EZM-8uH!N{6i*a z8pKwGqAW8m4FqCktS4?_mUg7Fy)h?u|@Lg~JWZb-|a;ExQ5l`=nbBF@NfpA{hR_6m~-R(cE^- zMOz%XzLt*s$`D^3(tHC8KNBh!j8qr!1k?WL1mljVHGG+XbZe*mJS}*;O?dQU_l>)Z zZcE!8m8s*ajfM}~-+4^=_oz_9D0SUB7YeGio!t+TLb$Z&+Mm+BaY3oduUk=yeI&Qu zZeZ!>+99XqHhTBwp_fHJ=N88$CUiFkb-{9X4*cnAW4*nx{OC;>MkHKae*@KO)qV_2 zUU(8l$r-wvsP9(%IQ6l^ZG7iv;(Wn}euQPa&NzDWI4xtcN9~#$On3y2fYxqLxBr0q zk0${MteH778HoUD0mI1jt3jJLA>U>r=}8(rms)aHprWh~BeBoP+k;U7`$Mlk@Fint z7FAd@@kyFT7dmvf( zVIc%KuE(!x(c5^mg1czHw&r_F_^jCJ!%<~yrL-r>ma-^`waXQmWUhcBMj3Yx&BFA) z2;yuC5?5}6g4y91EXm$Ploi&%>xTMJUW<70o#(gLtJv&22G4)dJogzAOs|SpRpFw zkBiclIk`HWLwP@MS`SmP?Hm7LFv+W^BNm<8JEo}x78G)|Ax#KM9K-Km_Tv1aj1 z2c{0z^@Y&~!N++p|CMb!K|x?TiW&cm9Ar1q%qJd-VB>eF!G63m-V<*GY0pQfM_XqZ zWm>~k-+^9qeS33Y|0wWeo^Fg=I~97E?Vq%{@0-pe2u|`j;v@9enC#IaK-phcl9u^S zjW_F_-~S*}cgZE@$)XlDxfVdhZ!V=a84S(h(68z!(ciy#^%^qB{JgW7XX?agll{iq zSZ+Oq$?_aJPL2G=^m^UIl(V&OgYc1npMTENpB4LXVR<2Q*} zOuf0hY`=s9s*su**5ws*tEXP_z4$%!^v6L&b6D_@-WR-b7@o!l!`r%uF4g5By?hFe z&zl{y;HNJf_Xq>b90HNauAfp>hE!@1DBcNf+fl?GD{u-KWeuIH39H%-_txljvJtoD zP&Qh+nBt$Lolv#~k&JJ9FeE-B=kDxL*S3#t`5^}X#3nh>4{+;r!l{905!2@m%W~-2 zr|Df^BRkGH`km?3{el3-Xiyu;hSqhW`gP#;?rwWf z@ZDkU;^pBYM*A#<1STK_*9jmfhp<|T<|bg%@5Iy|Jq@p%f)@i!61>%X+1;97B>!Bs zli6gHGV|mp@w*5M(0br<3Oh`G^C%Dd)!P$?*OjP`cSkwp88j>9W|iEY@7lY341%>& zpI9(}|ARGhsXwBb_C-P`$z;8(CGm~_$Q|xhC&e{C<(LJt_s|@ywo+t4UD@qGublV zcU+B?KKQ)n`cVMONAya48ehht-*2R@kLuges~wM_AC6lGOneYjHqGa~Bt9C|a6il4 zA$%SAe)--HN(vEnV!d7q^6pa#+QkK1(br)5$bvM_aqYP3&tOlkCVL1=gZM={;SNj zH^Su%?*c@grf{5kkOqpd#~&?3bfJ)sZNPbrwx`Xwn>xtHB%?38;27qBu+P3*;!p4i z)SjKt$eTQ~*Q1Ha$;SO~dwuhs=PjRugM;B9JAFTVp7q#;QTphaA6{mmYLd5?r_9#e zPGJ+Vssh!(66@cDC zIwW9?OW9S&XGk2~2j16n#iH1!*zLDxj<2%B%aO!uop3+-nh9s$v0h)#`)Vm?);ANf zinJ!7Z7AH@3&DEFPp&%dKEe(OuoeHU7C?}pRc=SQjdcR>27TTXTw|Jv9TQyWU_Fy$ zdK$Xn@vzg(`-1XrxNgOFB~9P`Tz!8UCDqi4-nTapFg*M%`i+#A7aic30kN?XrKFGJ z`|{$8$#XFps$mW?ZUh#*su8IawG^Qi)!6hJet`EAzyK(wTxCxLsj&bl*klLaG@AT2 z{Y7KFyNCRPAlMt}O;|Efsh2eLI`PvalAgu22-btBu3%DvS5-O*^*P{=V*^HRqi}6I zJ0{#80VHAEpYDo+RQDZy6+Gm>jOZ-<3>Z?`x3wp;9=^kQ-}EW>wu5UP_;jG#VDYjH z31pS*qbO`|&)DAvx%@HVVnGTt!^(Tmk;PcYRK2OfWcRL97lctj&gP#VF^PDP<%a#+ z*?)eT+y89+`(Dt7WpKb>*Yt0nd`vj`fBypoDo%}>>pym)h-v+o8n-w$GF^U93Z$LM z{L3*|LR0Uy`aasPs?1){{;eON{bPm}TA%;r;Quds`oBKSq)|RD)b40LPFDoHGh{MH zng|n-@;bbydBeULT@)}JWMi2u{3rK$n3$qAW+>tO0MN5^ovv(qX9S}@>Pj|qniXsf zI>9ipYVuj{ge&I8FFVH3p*0k<7joSMZdjCJY3oZf+}c@9%WYx9%Qx+UnS|LvLnf@C z_so<8g3H_RbNE$M%D4)rf|{y?qM}E}|L8@B0Lz`OO={dSk-@b|uFP*0Lt+Q>XUyQ6 z4`6Mpxr%mC!~euWHhw+^+nOKPo%8-C(<*|Ks~)O^BKMxoPi1T-miE;6qobn_rBZDp z{hA2+rRSC61grqfd>l-EfooPb(j6ubc^p+w;hNEDReDTWWAocBVUqCFa_c_Dh2Wfb zdIv%q6o5`~NkHO4z^$$O1*jGcP?0jlL9lurGcz3z@|>cK`-!?SQ1|voaiYNCt(f_h z1;^wSsp6qkrIDh5I6oHm;A4DFfZDrM_OeK6b+%v^5p60pmN;; zboqAEZZbNLE3`8cd%6h?G4ep8z_0v!H^74r^>oNOIPi+f+}r-;^=0XD&XOMGLy3S( z3NJ$V6PSilJA%$xQ}q|{D_o3>Fw%Ca@YX1KDH?-7*}jOV1=te%?FlRKU1>ZDC9z{* zUgStQv?)eZ5-KsOF}c~8yVjnf*vT9dBx*a3y+Ok5^_I{TUd{oB>Q7FhfpfOI;v2Sx ze0jT>F!}4jpkS$7H`{rbQrhFO4NiO)_R`rAlqtnM37GkLtSuCO9oK;awo+(_Qhw#bewogNnY|Pz= ze~_mvPJbThmeZgjgzuZWiU;LLOi5$Id9pWUoqDK;N1_E`+K}N{K+a&A3m4JAZ`vG& zN;XHMvaKnrCQSa0(19UvUL|v*Cg%&8@>Ml4NS_vTg`5tJfh_pXxi~d^jyd)CR;yhn zevO&R$Kk9veP)`eM|nNJ)k0C@BmlrV5qf@6NdACBsNl{e1}o6PBj$1&v%`LmO$qg9}dR=Zc;yTrrF4moqVW)y-r zi*a``;Jdzp;^$J?FtO9}y(6qZQg%jfu}kRs*ZRk?vt~!5#G?y@*NPx-=e;&5ug#I) z(-8wc(+~UEfvrgK=Pzg;cH1#_Txz*)lG~emeqZwt?8a|yz11pSjIu{9>XAFirkxyf z`!+)lxeagDV4jorkAL@D;ct&F!kuP*vnLmx0K_16PuBc#vk;Yd-EppE*Jg<)n)~_|zz~ z3fdYyfLncS5!IRMNabZ87&3^)UpWF^udQ;wC&QjknPFoS7>v-JN6^J6{UCr`O+7(y z5Pop|A@!_oW?af1BDKh*)$!KLcd7wGnac=I!{OW>>SV`{~n^KZOz&vJB z)-RVoOTSHI?L%FynzENmL>q`|T;ik%wPN#X(UrWdlN3a&G=Zz(zc%P@Rp_(bI&0Qh z8IkFzrtfoCiek%Z>EKq4zf+CXDIVA9NNfm{HZGf6<^;vW{9%l# zAv!wF*25pCR{0vXvoF;GOU5#G))wMxZh8{=~+1vgCTwTy3MjP(o!VdyuqthB zy3AO0s$SdNe#vrA;n<#ui}+P2WrJ+>h&8cA_8A{@0?!O@s|EGe)A5gfU1^-9D^KG$ zUqgAX&29QpAwV~~toZUBN^Pt=sM36`0JL-{k&W-?WMY>rS7&6ACcEm>JSs;9QL~u` ziu(;T%llk&Ig)pxiKrX^0DL+ZeB2VN^?+ilu17CK?p=Upbxmz0ATL_2JJ~XL2PR>C zt2C+TmZ(IsUV1`g`hlZ?HBJKc>_XIdj&9gmd&MtgS*O?Jip-{~sQH@{?I6_>aU{3^ zX<6>QRXYJjk!Iw!=GUE`&ucW5PX=G|j>Cyh`LTdvvySaLUXXqY zQ*5pr6TfhY=sLSHDV4tuc!W4m*(j;OFojZy2B43$ETn;G19RfGP^HMS?T{`lJGXP};8?Xmx^nEOHxI<+klNoU-wWb;I5#4Q5_7)q@Yr;bF!u9C<487zeQ*?3vy%9p)eqRY#wOr#j(5+-Z8gE%W6;bx$DPiQ?W4%lBvsKEQk(|Xw zAr-$Z&VBvGFIqr!beIj2W%nX5w^OZzP;rb#ne)YBL$3uY{xx#UjclmSp>Vsx48gh! zBI|%UCSIS+mit$*B#RR{ZzKPua;apXHK*oibo4B{It>Al5J_klET(Ex$gdF#}8o6Y1d&ryS^<~R2gVIIemf~E3e#-Tk*u}iLYh8mtrkQOG!qu%we*nK>xA<-aEiAW_%+Qu|us8 z)8A1dA8agz$`ZmRBoF6; z@q<4M7`y;WVCyN_%3BopJ?rU;b$27kuBy6_*0NypQww(xrfB+hEBUpOmt-t5naBwC zZXg0;om0Q>6K=|y8H%cAqb+h`kdYGe$64dDCUj1Yc*19|2fVxP(qYv;kO|`T3`e!_ z1PT)4XRFU8#ZL0zodxEF=|@x)0U*+~^7-Tv`E~pU_&dUq22QGHe5Fjb7YVrHwGOTK z*AzPm2>jF^vIhdT*e8BP$YgzBaPqroIh;1e1bwul_68I!RS#n>{UmBOW=W)P8FBj~ z&CjhhnB{{Fzcdzsxrq1e)9=jyr=8wce)>-NP9_tv{h$r@Pyw@oXPll@JcLe-F3Eko zCYI^#ZWO#!scew5v8N9@XY-i05dKuh(+QNpWn}Uq^+n5$GE^=YlN11%{KMjF?MExv zkN9cDenw}U1s`uG_w5t)LgE^laJUjB+8p;xyu2EelCTbxehVQ}A3*jH+9g;N`qI0kg?9|XZz-&&D^6|+Zhnb1;bxnm`o zXwmWZzD|33G7`KwhMSbL<=_$4nl&vYYR}TsB;3d2ys|aiCuJ&%fmSujzS6tZz=LI* z#XPw@nym;AHeF_V>EnUKqse8f(Z#xpDRcu-fMExWFR`iSHt3OOk<9Z3OfUUZ0=nyq zc80B+k1)BX7WW3poecHZxsS5gt^|wMzZ$kjCmsoR41-h!!j>_R`vby%+oZ?tIT!>T zZI(Y^b4Npv-avqnEs;jW-$4EfKQIY63P=fAo;k&cA>djnK@SvGDeWX%oRqIQMX-3F zQF^1;%Cj~&(sCG^v%_ZburusLp_I3~gai!_;#ag+%p-5(zwsUfMwOP8TUN>BNaJKT z32pxvnI~zus-Tv6#19!;fp%Zt_FG0@X7tExy3_X!hE z78LvaU|-Rk4Q{n!y1sd|-P}O&B4z10>suhdTdJLi^16b$YXdP|rET@KyL)$D^um zYRq3f5%DSny(0hQ5)F|*w69cU7P?&y+fAC(044x%IPOfku_<7%h!}YQ!Ulamu*95{ z-CD-`P2$eYD0sZpztaBc@gB**I)I$Y%BBFkfbpfmTb}ueC(=%EINI+EgQRXKqv47O zYBnu(?`R!(8evEcg9GpnShX6Cu=1jR-1^K9bC#eT370vXCTyn_#Z;=FxAFX}{l6+a z35T#H;rTHyH3_(xXE8^YMystaV3b2V>Y?GP@wbYcpq{6Ymn*-KlfterV(Gr|Vw)(* zJ#FqU7Tv=by&GAeBb>=rF|*=Rp;EjHs1Swaj9I9x=!HCk?G!!H)h}j%bpgP{r`^h- zBsI0G&R3U8AV7wS2V&rYT4+6vRTsdh$`wKTT@zD$9o4cnXz#s8?HR_)-Nz8B1H#sm zZpuMtt>}~&OzO>@^-`H~*~U^pTLe$V;Q6pNlrC0(Z{Pc;FO2QGt23Lq2Sm%^gi{`x zNJ~Et;oK2E{mbFip`Og;=j*byLlox}il6!_;1fM4l(2B$j=|z1lhfoRy)#Q{LQFs97p5O&eBQA#kMmUOMQ92d53dtM1>x)wWL*1Ko z7YQ-7CWJxv?(UaCqS(w#TTKnxF!r`--Tbe7MtEx!uO_4AaTh*X5fe06Wie9SMJmXqg|w7z??h|=?TR`*MQ6a&bNtNQGc zi=T+sA)DsS;`yyDrVWV`!r}SpJr9-4Ch)Xg(bV<3+c0&0}S+qe19uebBdA-!?GD{LKwT@|U9+GVAu-(>o$kGS*MC7T>6!V3Ub)u`-(Hy1}R# zv+%mq7Ae|t#z2iqd&6KQzBO&bf`d(4EK6(K*A^f&%BU;pf>4^D5Vm}lm2m3%k{bw; zAqL{anf=^{(w*rx`2O)up-YM|T_#EsM)@(GmB7MAHtwa}w4n#0%ybuW?lA%0hVSt% zeqk+O|1-EXhEbo~mtpoDm)Yk8|mo?Go5x#4~38u-v(LEu{wJJJQ!tT{H4 z2K$gBM|MHh9%cUG@J}3UUS`jl)>$l{j)TDJ6T0B3OS>9BgRC?ZdGldrMVu%w-+ogh z4~T$%8C0TmEH}r254bQ!0Q)<-6*?l+L0<0#CZ1$wv| zdb%GI>I9m--@R?zj@hxod})vfzC`ttK!VZJfJXkkwnn_)BLbX!AIb*0___pDK1Q`L zC9q%OBuJ&%-n@a#ks=C>hRo$kQNnZ~fHizzBrGPZ29<4}ui~0I*X20bA4U&>tNNRV zyM2xu;?zxAX&XMW@k6S|+*7KSQW2-67}b+;kH{Cr_C_lxRZJJNi}WZSym?Dgn8RX6 za)1XhPte)BpE{K^oPivy*PqH}ZxBJZhdSP#ra^u=?SDyrI1v=QvoMr(6L{s9P$8%1 znN*vLo5)dO`V`3HVN_0zy3bdW1sW1VRaT#$@vGHDv-0U^`O)_VRaUhgMgS+oX>c2 z>T%}{#efpa!O5#pJ{WoU9XrQP4KEK|%RG4%SE)r_zO_}NMRv-G`kw5Ir4`CLo?cKP z9A$BTsLkk$M-3BG{}e;2QU>K#v3xsd;#)Uj4jL$kf$8*9BgW2dAyk)-WF^1-^sd$; z(0Z*K1Skp{XdqjPI}kSp9D3eN3hRD;_NcrN1(&+)2o~(z*7yY^4E9ZiT#00D=a`&* zV5vWk@Mg@L7I+L7n;iay=1ZJ=5H#*YeyE>Tru|#&)nCJ$uKFiscN7%&hrm}T!NHJ~ zy{)uI0J=1WmC3JYg6*r$xTjD0t;ur zQe*|GA`p%&=gPugVzdQq(Pz`y+#Dc*u&mkn6b^YH_YaGrh*2lIgGYVJX3=zA9eY2T zs%EB2KIs+*1RL{8wm#_f)fUnt{nS61?PGs3uU#-r36>@jV|FN!h=Cz}#u$qSqZ13s z)Y>PV6>}xjqNT`5vJ9H@p;RfY*eEB8Z?6T{)T0xd>7@en8AXh3wb2M5@*fe-qi(0Y zh+2TeHYuel0IT+w^)Cb)X~(m46Rwo3`DxY&_RPP85BexurLiuX ze_{8+SO_7)lNwu~@!}l!5p$>?0hm6g_@D7K>bOU*{A6!cCkM=o_}p{7r+Ij1G$Jz+ z4FZsD7JQ;5-qR_F`8$1_s|pm~xqLUiPu_VI|Igr7xrw~v2JMoC{SB(0H>ve}x3>DO z@WR@PH1UO*+^+FuK4xQQ!Ok~^x5%@L`^Rd6ouk{e9Fjuk_}Pn;OJ)59!q1-gNVc_K zoRjuTKPNOM(#?Zx-|f5~p!Jjv-`IVN2I45P1y{6F~XF8Vs%xCsUwa1*#uxu?Je zdu{S7z+5JWRzVc?l3D_lE(Jypis@4h7ZFI_2OT#4Wu@j4K~hzER>>sBc^O{2pxA)w z2SUhHm-Rd! zkF)Ix>EVEuCVh`hlr{wcScMN53B<_=()J=k0SN#o;F$X*I$1c`DCDCDl4B05JvCU& zy${V`V2DQF#DrCx^X2HXK|ymX4_R&jU9CI_40q*i{66jpsl_XN!zfW|Q`QZ2I13fz z^iZ3ljc~CLkIqj3DY)*_h{2tqIL-kVR=lM~R^yJvChe6oSs|8Ea^s4Ql<8>ctIo2- z=X@MP%V@A_(w`-2nUp08$6vvz8cU0CnGgO+JxL?RPBpn|T&f_WKKFR>qDDu6l6`^R zg`l2_xFckPgDSv6rY*8(I`NHcWPmmyf7w^TCg`@16x6S(B^AFab`|?JB`wgN#i^m< z@&8LLFv;2(+FGR2v1lKZ8y13R;R^$(u%9`~@KVi+jN7bI9Wipbwr@M#1ba1A z{Cxr~Q^IRcNKHs@-eUEL&7-MM46^e632`BsX_Bx0n1I5OUpk{Gbng*a$Vp3{GWp99 zSseb4o?M&(@9&?)B0jMfX&z=J`^EgZMSpB~jONjT)-S}2CYN;$EK|#x@dTwoX}RIW zHy7td#6ai@fE=Y*^`*+z5)#jh?Zxr`LtGHVRm^#63j^|jRMj_YHk>$-4)YVWrc7L} zT&&dyma#PSB8aZ9%aq*KDGgjugMY(*pz+2d`{0*5nu+_A9Iryk$(}vQ_0$kIbE;kQ z8PT^xltBGY|8#SpI)fybR6rsvb0fuoe>6<1DD-vC?;b|$Kj)jv$%KFj9Zw%W>H51u zff^wY5^6ggUgB|}%^%J^naG86CWs+sRYh0ktl`NSb19 z!_-^Zf$|A__h=IK=}@i8RNCl0Vr`T1a)T9z{f95no}bt+94Thr$BjC{8p!@(LOS1-MFCy4`w5q@HMt?wIQE9XbjqgmG`mB*&lHR(dy|RyRQ@7Y1 zV-)RW(U0ZKl2$z}%bNy;tV%m78kbmjjyY|VH(S0$5iZ1#yi2mrFJ#eZD5|knUBy~1 z#N#}311OV5UfOfq1|(o2jUU7x_G{d3N;aHT;?yG;gN8t|;W1sf3h%~F=mqO;=G{9f zJ)Q-nE)oj7iU5t=*i_bFJ3Mkk2Lm3b8(0!1a-6yTegh)h^BVZxP*e&HQmcqqyLj0} zm1Q7$MhXxsurjO&a_++s)ny6Pj2)uT)OJ)u zFd40t$n$nQ__`E~bPIm6W?>?p1-nB!TUEpoaro_o(AkpcXiXz#{WBRD{bL`(ac#sG zn-fqnqaj&e8CX2+{hw*B-;}->F;UkrmIJTB6_N(r_n%*qZk~f}j?96l24pLGH-g`WQcO*Fw^78n7Rs$tt zfZM@g_$C`zSR_vuy?!5enaydWafyNdwFLrHJpGeCB%VSYmr13BO7dh0#OuJ*-D`ka zHAZI{! z;3;njCOn2A1GPbQFPh%HV5VIKU>%E1Y2wpRQC%?vp{ftOKEt*?D^KZC@KMi7l^w|R zzm43Ie-&3GRh5QjuTnN<$0Eb5!Oq1&EJm=X$|#pzjQsPEBD^0|a1+$J(#u#rT#k`( zTc;XF%MBJ!OmXllGm2KCoP01UZ;I^O;veQ?W$qn2#Ug2>{OO93AOQuN+y{_Ee%`|v z)-V_1;4vBhQA5*IsHsHxHz8ndbwE9GGy-$B-v-=jt+ogy@|Ai6_m?Ut?_Gk75`#b+O2mV zq2SfpTD95Z47frSTb@4cW_+u{0LcQcLU`V2>!-ezOH=dL=qu(PTH-#Cgu+spOU=y@ z8@lFV?zy$g3%h4ah1lshoF2{?a=?H|#Rjt*?0*j;mQvxPLYKwvV;}o%R^+zZ)h(Zi zgOICqhuPxe8g6PXv`YN@mCm5D{j=8{J~Xx>Xp98*?KXNVXSZ^|6MLJoYJ zPW5k6;C0>vIyAkrY~u_TfjGy)e#_o>g^j`eJ1c? z*i5bHxXh;f^MZREak0=U4PZji4`W&9c>a_*gM*YSzZR?OfKz_G$uX;<9@d=Huw5g45o~h<+(yoRS1hW6J!j4o&@c&0sULcEMzxF@o4;3l zGDRV)O$}6rHg$9VDpc1Ca!m4k7+?!<)<;lE=<4NBW5HryR|MrG0(fczb~fsGCLadhH%YlRb*YECU}cq{pg z39QZfiNSF-gg|DTnf4L+<=#^;s8EO=bLEyZEi90!5@8iO*&xq0;su022Ei94xuN2Yy;a1d8Lg4xOn$JI^gNSi%@=`pztp7!^|86nfOr2yizu;{FOAUEcj?iJzy)CYuY)2UH8jbD!PPI#Q|n3E}0ll82if;X639d3d4R_rHM1) z1S(L{1;%LKS*2xq8~G2Sj{wKAa`rhHs+g67`*ztiIWdhEQ@FSkzFpgHXGyGxUF*h@ z4N&aYX3PlR7iMBXw$$lX-M$RaNilKewBLV9JUP>QWoTc^ud{n%*t)$>9okxwMS$c6 zYT=L_*9tJaw&lB}dJ%Yb08O{T8%&G%okY@~Qn-cl(M`k2<1-o^+(lh1J}oo+Ee#$7 z(ZK~4>&OBxMF}Ue@gFK7W?zH-Q;1FE_d#W)p$LfoTC3~O5(}<>@-N&K=os>Uu(mhp a19?#b$d;SE3H&=t`J1@BSfz+Tz<&eXiU~#l literal 0 HcmV?d00001 diff --git a/docs/wiki/media/2.2.update-alz-custom-policy-delete-assignments.png b/docs/wiki/media/2.2.update-alz-custom-policy-delete-assignments.png new file mode 100644 index 0000000000000000000000000000000000000000..12056133e9138eb29d46151bcd6e907961ed54d9 GIT binary patch literal 35878 zcmeFYXH-*N)Gmq@6#)h5AifGBARxViiu5L35}G145D*Bx*nR1O^xiu}dIu4ykzPUz zp@otVN+9%*v(fW?-??L)`|F-_&yRaE2C&$BXRo#9nrqEDpZUz-=Q^s?*I2JnP*6~- zt3A`Fptx8|L2)ks%4Oh+GGny}@aL+lnyEVl1Yqj6$P4~8!mat+=URDl#b zebdff9k0F`4>I?(aev|D(0oG>Hf^cwpj85@{#>F#b(K-AO7P>acI?m1FYMQpuVdZ{ zFvO0hp*h_JMOS{OXsWsOe?;zVcP~bX+AYhX6GhRRzx|hwN&R1~9x>kn1_*rSo(6qe zyZ*OL(X8xB^|x8}zpn*T$rGipa%HVpg&|hvDh6IC3J#n-hka9@KlWu}7Dq)^eXN@w5v zVfA%;E-prHBFb^_Vq%xeRdwGL5-n^@cW>=md;e%lqhjt$P0x-#(N-x{^n-@Sm`IN2 zL{ZA>z0aDWUk%RQ@OD~wnenZ{iZiKML3&+F+$3W3(u)7DH!W2ChyMl!Oh35vA-a~h zMX`M2?CD1@>h9LrK&f}b^J$BY2aj10ni;t&%Hn<3UO%MVJ})572U-g~O}9A|mE{Q3 zMEAb$-i&&#Tj@vz8J%$tS=$|Q3$Q_#E8_A~H&^p5!)tzNjAyxYpe;)nI8>`QC(@54 z-R1j=1Rg%udrwLW^hLzhH&dVW>#FRESP#t}7-0&kfSWvtdaM~9qO+|cX1C`ED-$&7 z=gk>PuaFP2{Xne!os7)w_wnhm`z?Sh;wUys<5xc?j=WXSB1`h{=ch89rlTIpZ8{BH zaF&1QGKs$LRL+2V@2-$_*umteta>f8a|6T2_wf5k;y(Cp3s1b-tT9YwPxfpOKk#Nu zGe;^zmq2g&I-0M99PB0_vqOqhs&l>Xg`IY|NK3&ueJw5711zQxu|dn$N5ok#gXH?6 zC#kXxVXZ_M0iEKTF(NulooRXYy2nKo5_RIQhj0-=V*~7?oU`QTJ7gSwlzts*WMGuY zs8wn>vOFXm{+P9aTcdGxZ1k(T)bj3$GmV##vyZ&X`Rj%wp*q6;X)uin<_;n-)6;?%~{j^Fh5 zg+pO94&@GUG@I>7H7%N{^_|-8#9omuLF;9ov1T)6(Rj#i#HZeGxS z8hrVJo2_4U-Gq!uIg+iur!N`Ai=V_vy{-4Lz?e9^DIdZM4idg66|ri)D`AgCzd}0l zs(2N{>Sx?yS2U%+X&ABhs6Lnzc9>IQ{cu>j9*X(xW-BDd!DdsW=FF>|XhDbKlm}O< z=O#t7Dda(`^AcS-b2r@Y^{_RCi7r4bv7p4{0a!%O%)Ley3(RMC_b96T;C4+@n20 z?FNg$H<_Z|TP-$yjfFZ>b>ehZ-O0!z2R1|r>Z==~8mm_*^D@4a&POFD>hNZ^QHp=r zjeF1Ojo0f(kBI*c7wiV z*U2O?&NGMJ$q_l6I0OwAZNg)>IAdb631ig5eLa`I*T#X*Ci9q#n1Tk|DlsK$SQW4k=}5tjBI;v%rgifbq_)$>Y}n9Z+p z4$FhQXutiKZuf6Fq>vdaRraak2w@u)riP1!zXW)C><=+|_~LWgddXraSu67)odGn# z@X*lm;Je(sU@@Vv<-2&bvU|RLQq$CwDCqRFMr?m*pwW7`r_H+NY{h)9B{6R~ekq5& z&L1!*)fI~c4US~N=2%QzasPB4i|&!(ZK%A_nCmr{(2~(94l0{gk2J>h)#39%7ca7x ziNy?lxBjf#?Vxnf=a|__JxiAi4OsJlh&DVFmmg-oDtHNWTc=(*Je9^p zDaS}JqoX)ClhNo*?`EFcI112VRV2l?sr_f%<6<#pyWqXT zv}OV#duaX#*bBnyg8;Vpa2^jBBU$Z@NHpa0X&z_P4R}5JU6dG}MP*3xz^1adZtp%Z zVldCpYwy?c3y`jC1~u_`q^!gj{?s=fj>;b{QZeG;xS^oOq4s3uc7V z){6HStR?Un6+fZ!O^@*x9GfoZC?vD?K_K*(G+?YE0A(#RF~9jo z1FzhxgIxn0lcag)NSy~|BcI16XZyRD?E@UX4550tvz>{uUZ-&zj~piwo4tL`rb0nc zm!P2g{+1D!f^RK;|q zJXQza+Fbd2Pl~}q^N)Zj-a>B9od0w2|3j@gk;dKbl44k2NingTt&<$t6y;xNT?%W+ zgMNtMRuhf&pm_Zwiki?5$~I5zrv$`PG5nuWe4a;$Zn(#`R0_((&ksmGMDC0&iX`5n z;FZp!hFKzu@Z*I@6gdl8FV}GkgfsN9>gSE~xyMNf)e2~yY`$&v_BHmz@AZc!qhr_z zm3znJZQ%9g{oNjyhds}(avVKv4<%T<)|wh?c+w@N(=L)MO2M00F!h-`>5bljdjYpG zt7H$oAOc@IbI$e0ArtU*)814R9nUSug7Q%0Vy|t2U`eEdQtFV+T9T;=Vw!d1<1Kuz z2QXP!-<18z=d+30;sx;_Hj+Y(U-V(4eG-KZN(x2z>1MwFn|{ibORmq%0(W=BtF##u zOPsE1KE*ZIjnrmV4g*5+qT3?HIzvrAyoN!0i%ZwTgCFw|&ss+5*qbZ9~R`a(OX@t78pm}9^@=v#be?$T@X&zqD4br2v&m?}{ zP5gvScI-Mt1nt z_g)bUFAmfTr@HU>^L-bwNohX^Pt;Wt&vXlH7xJ((GZ)sWZQ81H5jONe|Eu}Bs~c&-$m2X3a$7~63O2ISF_rOrAB01 zFPMobNh(9Dyw;eA`grsgm+UVN3o*emTa2Z(Z(CygCZ8>)Klf=?(7(-trJ|>?4+@bi zr)T^f>EXjJx#sJD4*c?DDfMHoe>m?d?9jxJ-~Bn(SN_JvQ=g${0WW__a7d+SOsU)u z64_+K`)+)Ww*T5+cw43;;QVg*#TE3&u2m_NzO($7B<&YlvGy$9+2#WsF&|i>wz0n8 z4PZ$hP1L*mF8%suObC03eQxrl;n2}cM5&!-6S=3yy=NU1#_Et7IHYD?(`+suy{@tu zJY%mJUE^RhHU_duoBw<}SWo4x!ic+7vS9KpK7(nK0=MyNh5(stbNL;^(*IFE+%K=&3Itcr=EYlAu{Bq=& zPLbcecf!vtrxIB`URV(betq=u(w+mSAMSC8H8$7e&)DngCF&R?%8uTQjh7DA+!Ga3 zx>h~>on=PC^C*fW^XO%cvz4X@+J0ZH!Gd<{^Zg7m`(y@BdcB3Dk*2Sb>DFb#?2eu~ zwYk-Vz0KqT#Ayp{bjt~UQ2^EyA3eJLo5)w@nKnkZg*Z?+SF+IGO4DV(M4d16FxcNB z@eT@4>Fo`i(QkL_;NS%|NXeo($7Ei7`zBXw(=(*AWF)3slMNI(sTJ=@LSA#|{k4jz z^jVLP9AE9XD>K=~L=S~`LuYPN1T1u4_9-@AtvFUXw}jC2K#5X`N|mJ!!Cc22N0`Ab za>Yg!G&v~0cCk0T=U^qy$aC&q4}0ow_X2~8IXS_(hV8LW*gA&8w5DsIq3OJ@Uj&xl zPZ*J|c)}*N0ocN?ACEy$^HTOh+%v47a5*KM68P)myb&vl4aPl7mMP7eRk-TRo3|OmH*UBroOMWPx3tO7uCE}QFJ~7 zAufmh(`NO^KFxJ?FjEV|ZGG4L{wm>u)gAW9JDZLUX}nU(@_#I5^I{7$m}1VY@f7k& zurbQm1o$q+Akz#IFz7SbaPfv^+15vwXItb(63;w^w{7o$$Nzj>1sb^jn%W=LSD=5~ z2#O!o%d zDDza`&E|cPRE8hp^($$`C-3i)Pzl0s&;eN0t|Phc44$)zO1os}z{dWjUf{da_yQUk zhO-V@jtR#yZVT+YbN4pGCKZY7BWNY!w7Q8Kdcf|CZQ**%T z*EF9a-f1?(=`|;!*HpkK0@ZHoGuU9^!3JUza+I%7#A9)+l%7ZR*sqdJ3u_U7vBE~Yyg}_;D6q7*a1Qgl|FeEP{6($L+P%KJ?63J zm8#Kaz3&dmO8_KcRu;3o;b83i@?FR^$mof0rK7>a{g&8E{fBGn@*Gx!tKW9Uf28IGK{NKj~nHG7stvlCdU8hIlmZkXta=mB4zKgvn&6gel{?+LCX-y$_sZh zmXpqpdD+QuKHd}UePi1T-|XRzt~E-PH7-68#ek}&p*fb+P%E^72dn#6smJl+G)}LWSX=%;&2xs(iL%I6N~61JA?g|t%k<<{3@pk5hnXWy`jEv zeISUwvYF0B3?V6KtxWOkP35Xbe!+IrxR`Pc#0f5_*UBz42d_0G)s>YOW?Kg#5-?#+ z;>GoOcd9(k?AP_-IpZ)TzcD?dyo3Hr0P1I`9_jfB+OxP1itZ#vE1Q4Bgc?H-19(p!YKT!`wQNI`qo)&J=MiakTeqT|Zp_ z(+a|o6Xn*FQeW28JZIe$I=M_E4*SnwM<>ov>Z;KKU)@xR^?$W_R1NatUz}ffXEM#@ z65A*KSj%D~YTSDoFIn6;=B5yjWa}|m@KuRsHEOQ^?PEHP|1RV%U1?IhGo(>C@xt~= zOP@rCxgXbYc(nQPFN;RQRa~Y_#l&<`KL?fbo^uvn$3Kh<4q3Y^(_YSk&zd_xOP8W(WO857*Q0!$GET9>hRd*s7_VJZ=guO*yoOjnnI>6?z&c* z>I2~52x0X&Ym0hJ5(K=bWOIDmU{1PKBXlgUR6etUPTKgwRD)iU1g`=!TYUVC+nA5$ zdM$rYCaSeaRWIH)jDCFq2Bf&+?MQCI=Vynac z`j^A=$0WWzv!qu#)72ifRlKC@E{!rLnVKZwY)U6rdPF`8oIq@*<8P7;&=WA}~0UN#%re&AWdJ*JU^~?fRro+f8l2jYd z510UvvB>q|^Xf&8YIp&4nw?8~{I@bRxW#~t>DhPG2v*V++PPbJaqrkbjn=jDZ4J~Z zUS`T@)QYrRzTuV(l?rB-?DLsV?n-N}h{-TS_yh&>qOp_wLEHAZzKyABv)VAwPL8g= z{klk(^o6O${AX#&TzJU_7HOFD@5E+MYGwElth0A$^68r=5wT@y@R&L5*?-?m2Z|U9=`8IJ*EKP~i4h3+v#mYW0!k2)l)eon7FO zh3xK5;yZGjAgqigXisK^yCzNj!I0-}+3#FW{F@M@LOx%Q@G#GGfIVEMGlr#Iao4o- z9L3`r))WC?_f@~PF3fGzb<49oI<(odUj3!<$g)32pCP#w=U`mv?5jc*ij9?MPhO5M z%(4!?9r|!(#9C+Zoz;yi1-r9I@uijvM~SmzGYl^F-LG0Vs!oDfufR-$!=BLl;2hMG zE+E)YEb$5stT_ig+#zCh!1mjZe|~83%29mY&n;LiKm%PhezwW|Kt`?7Env?twQXYm z)|zN434q=1$AUU9xIJa+IAx%5trz(oyVMlB%PblRM>d;{)s)gG*-Xn_Huq9mlA>8@ zuPlEO>AY)SX7Jrpzc8c^hjSQDy4)yD+l$t_JMiz8Ke(D#KZ>i+j!xsH>`x!<^540E z_?xD8Nsx4d*v@KgcrEyxxZ*2(1dwIAT-!G3h8whid5Adzs2yS{MAe$oQatU2N&}Oj zc!9fTL=L;a3(Nee#7lhF20&){)Nd|mu1F8WgUgI?Hb-U8LXq+Oax~9|`Yt(M>r0k| z8-+r84Go!fa)3K;~bTKhr5+~RZU%^G8E{smu8(>{vRR0<>#6aK(@j58T7F>BEvF_L)Lhpb?a4L z3j4#r($P^4mn0v!skK%d-y#Ruf+ zj!;uojoN=Ek1OC9SHPwjHH9o!TzAEa_bdv_gf3t{q?ntJS%zGr8m-SRMk7bgAYMV< zrqkVNmHXsShKXb%@lV+&6cAa?cYOZ>}v<`YDVt85j15c)!JRgu0esLm5*qx2qQMJ07fcDjK0W_WPWy3%Ix!1@hqzIO@2;8GsdEoc_KVlCiYSO=XLD=l5bMSM!r6)I6?E6;~ z%EHN;x{3WjI~2ki634^I#jkH64x^cq_H3B4%ZRy|r~ z{M$4Oo%=uCg8X+>`|p4ry9~PhkuD&M|9y;s|J84XsjPpbC7+m(h&i{eUlxtx{5zRD z+)AIX2fNf0k>B*U;1~ZA5h%W*-Um^4Qr5n2%MjzDpZpv9QVc)(C|vvZYjdy8=pbjG zIne*9mfiJV8Z;!`$BpBgBd2)zqeXB~G*`fSbfn|bN3-x`X^ndd$)YzV{|@uV9Z@dk z>zDiJbxzmX70lZ-_q}@eXVO0IESXEHm;~e(=pz5F>DxBA)J43Y{qSow%*pZ!m=H!WxVyWCD+u#&2w{!`J`zXmtY{KR2F9 zzRHCUIhcf~7JCd`)NX84<7`~Yj^;wU`+2Meo#!q2CnK)$zC9t*vr`LQXyjEoGBj($ zriSR})E+EKjjl2%E=$ReYftPSx>M!;>At1(lW(H>WnPYBvHVq{gdoO~&M!!Zmt49Z zv>yw2*|aJ2f3**YF1%jyuWbHpb46V$q-^@PZvkks4k1!gMWfUXRm>4;q zja!*CGXV~-+ErkrWyE8;Kr%2;oM@%|k#e7Hb3Gu=7;1Xm<05wg5AC4~$YJ+XVV=!xqk-QGOfBn9qap({3jFblF6c5$;)F#n%(%{VS)yQ4>Dc9bDhA9i>k~hg0r;sh!n!n0#SbVpb9mUNw52A_GZN zi$j(_$x3yesx1&{yda1#KPL?=NJ`lecO9{-_Vo3k9Dd_&K-WI)QN$*vnEM(-)Ed0@ zfT)PuyKg3uIRi1mn-=+{Hr!;l$p2)b^Qb}G+yU=b?zGvQqy1)4eBWkeB@{2xI_Mk|FZL=pm?WxDVpPlW4oK6{Ok}YI1691dE0KI zCGJR}s;cR`bjwe~$B~LnL3)taYp{uZzBFyzi3|rgPfmHypu$1;Pa(t^H ze(rO*A>-LM&4J2;4awbqpw!ti#UjnfSVsF|oD=!9Tf%aj+i`R|xam@+D9MC{6?BUdg>NNW=j4(8P!z{DMOH5tYP}U{AUHFyG$O)JoKa-=! zJ$`4X-?O#lMGSrVXQlo6>^u_QI|W=L+Tn|MgT{|)o;vWcK*`hGMaOjH(@feoL}P#C zlA2`a6TPxjgt~vdXW4~?Vco?UsAaz{se#KA%_Z~s9u79~xvolIx+~8x^1h5$zCI=J zn@8%@@6E<#iaU@?*8Z+1Lis2Ak532Q?}rD;d7}@yKFA`QSpcu2Z9g)-s$`|Z&m#D@ z^{L+-vK?-s@s|;EqrmZG_jQO`%7mpySFmr7kkv$y}e^2d`&&;1${39ohF@ zCrvyDZQFz7TJ+5(GG@Y~FK8L|j7&p1iLiRvcA*VF?;xaj<6#pVK?v}c-}51Bx*i7{ zX2PaRTlu|PrAb@p4|y}s93hG>xQ*-!VeoFLcKI3(=b{T7B!QeN%-N@Nb6lsuc7SiTE5o%_Z8 zy*gNdpZ;O1LWNE>_l~)>S0oX z_sCuB7xub*EJwlpn06mdF2&kU`=6?HbdB$GU>_mla2^qDTx;Y_-dK5eu3(@T!;zf-o}ixjG!NE!&4((@$_IZQt?!Tj1&^6{dwV+rG&7F zp9D!qcXs&xr4MmFufR?ng2@frMFHK}HUph<2H0)Q&{NcC->W7*M)lT>>#IMr9ELUV zGDUBvEC~e-!`T6?RBFDO$F~CL*vl)mb$^$0BCRV5r#pwxhf2C5;XLM*aj@0c0GCh0 zR}?u!LD}n-_<+N>y-%Pb<{e|))k93A4>q96{acKVSCm=geMP<0*BLXlRl1?DNQb7V zZA(-3Dc#S~w4XXJvM7ME4R5l9Vt(p+r+jO^o3#8%c|>fo)kM{1y;#jRTI>X5Gyn`v zmR^X7yz7>4;hS|AYL?(J-0ERizUI~REW7MGmyJ4)XZnQ37FczJ6<)mjv87VJmde)55a zz_rcx+pQLdefoXZ6iLn5>V(ZPJ@YI*6S1|L7|IaZ?#)POK9{+ad)czw5Tj3$ob=1Y zM?!3+RCHtXI_n6uw>g7!%X!Bj^(bSZ^68sC?{7~sNfW$fs@5;#zP-su--(Vy9|}zS z&;PDZvQBHuyskdH1e`WN2e(ukJu$vwlQAvU0k*U0i<;sql7Spmh}Rl0-Mhhvcld4Q zUQ4G`EAXBZ7kp({mXUr_^$U!r$9lo0?@YKX9E>1q zk~4e4Z#P@9Fb!--MaF70+gM86Qt*;J?OYD{dNRYSkAN4d^D>Kf1=EKGA zk`xq^xUf?-55OyFcAu-GaS|;HDN0K#tQ=6(gYU0u5TYbp7r$IIAQ z0e%~^1F~xL$(P@z5Lva&_2U|dXTfwkKh4hTd-(*(Q~uEEy~$Ml4GYqgs0m^*P%^t1 z)6$Fg#VD|tE8M;!;P8!*k6#A_r+J=aGUDgs6 z=*SEI@Tg0RUXCU&q%JqHTTJr0@Zi2Vzmx-B-naolW{`b@hC zYhskf_>OLa?o_+)uirk#MbD-+o}=hCCJnnmW`66%4Sez99GORT?anj_$Q)VnYW1O zZe6QGPZrqBTMHqxdvr_Q2+Fp@#|Q!t1MiTudy)C-wTYeAq#FXm3o*|`^5QNmH{5wC z|8k(^q(_R8b1(9OK%kV{m7m2kV#iowb?+(O6M(2T zI9f~h3y*`>c7%T#_d;^R6F`34ie6mD+Rj{cjMCMl)DzI1$@=NFhNYN(6cG1k20GM> zFH}nRHbTSv2k=o`rLA33;6TSIo?S%&zv?y0)EWc^2paAwOe6Ax+r!&1E<3uR{uZZS zEx)-WWY}byF3VNPPd#k5PudgMDV7<%X73-Y3O|r<=-TLcX$DfEN~q)USX{w}7l_nr@D`c%V8$rwM0=phNUWYJ|FiIm6u!c5z944bTJ zx{v1dm>7Ri;F{%Ox_?m0AYTGQPEi_}-m;qSV%BQ#_x%|7MMi1n?TZEBI z%B{nM`3e&C>y{yAMN7qPt-%uh_|I|R5@|wyoudAnVLJCDCeAl^7;ah)8+dsvxOO=k zSAu!*hL2K*h@w!#y;#QtR&m`lFtLNE^X0WnaBh4(tz219>mRd_#`O%7&BUHYLT|v9DHxGR)&WiUAXL!HTt3m3ys6o=ZD6 z^zQe}8LY!oJj%<8)2Hlkmydp)1%jH~8~Dyd7TIcSuY~y+?y;FATippe5Z>)$(W34b zZeV5Hb)6ouf3VoZ7N&w=NDHHc$oO_#)z;(?D6PXhDxxesKTo$LY9DQ|99;9%n%UNEyLOVV=Bk*A zR*o8haa#Xy1)TTmf~2Yc;NPw4{*UedQ`p0Q_4}r+^dF_qYHeDtFa3@C)szPB*AXS{ z)Rj(c)$UgS7~k0^$Eh2AeFz|>smcBaeUQ%jKS>4uMKAdOTmK{3;{Oe4oKg8Mhx~z$ z0ZzZCPAfbgM2$^}N5XMEws>%@{wv5}U7IcpYf+Y^svCqB+Ne1rjv!u|?05YxZ8th;BSX zee}5H2M&is|7A-wnZc;Yx#ad;V zs4ZG*?1G9+i#_S4MXNI^#RBD^A`g&t9PT7&&jt#KvdtZUEq65DI?UTw>h zS^f7>UIHV5?p-UWTO z1V_1mRI>=yCXpY4$8jqWZ5H@@nodBq+{fElxn(Vh|BbwrEPODs)u(8E95Pd;_wwRZYnsXvD^37J=h&qZCEm~;UvAp?ky;j_){6cw+3o2`` z6uhu3{bu3WrZGhhxB8)mdPMJvGQxFswD(rLC^kyX^jh`xzRE%-LY}couUpE-WdWnY zyd^%v{6t)<6Fgae!Weu1wKTeyFMHin(!LODXvZq}&t{&C!{YcabH+yS*lU^oSa2EP zWN`a7Z~i%F)C2A0rAN1vvV5(6*(bYw%O0|h9`gb=eJmsT7DpeSi^T`NhdW$llp)PV znK;qK#)*N>rXJk8S8z!;QnY0CaQ$foYJBv+@8vhHn$a3dEH6{t3iG+zE+rR2v@%I| zh&7tcQ+W|Z6>2y7eA|-#R?E!W9%m*Jm>k=8CHlVO?k3zJ2b*De)dQAaP#fiy85lW6 zTl(QUG2I*jk=A!y(GNRW-*elsn6%~W6(U<%O?BR{L+f{<0&bC$oQ@Ras2iO+TfR$h%YzIH-$hM(xsCWe8?Z}GnbUZU2yQ!%K_BDY74P2 z7dLcd^#RH0_}(HTE74Ef>x;wnvJ*Z5;{)elAJA5Ts;1rNJX#cE7 zxsv7EJ8WNis~mib8JD`6%2#Y1O8Z9IQznb6J;S0}vwofz7%CNBoZ5{7lKmnse!VU? zufbftH{k^W!3KIFHX)wttD~nRKr;M^bj@lrfa5S#o^8NwP^RU6;a%V@Rs?)1?^vhb z3C_3~?0M+?&F6RN1c6=%;G!k5p2U@Vyuw{NhI*=m4u=$$3zR)w9P?&da(@7yG?dJ( zDXq~2whv;-p)KOFkCr(j(wiORorsBpj2+1wwxbBPHR@4YNA^9}+Psy*%x|+y|*1cQLT;n!&O)mr=gL*-kraQxgIA`2+f_p5wR2 zeH~69gaSq>PPTuiYO&4q zJYpWJJ~Cdb^?bbb!-S8w9`9v9v!G8ezczZ*!<-Bm*}VnIu4n!;Jf^nNz*|6(>U9@C zkEd_UK_Al3KMu-(o)_u4!XFL08Eg1=D(cV3g5>*f1(76 zJ2(I5%-O$p|L=IU|4Z+dii)J3K_ODh)x|ogF_R3BZY1K)L0!~ikZdsMS@pTK{^~V zUQ=dHXr)gIe5dLX68_*nxB%8&;RZdhTE`8K$o^jY`{(L@e(AzM4&qMNzHpA9a3;la z`-b##1?eW{*_`WQ3JiW=z)9~fybmM?T|q2ojFH6tj~!nqi3l4n#~vZiwb$<_`&q$d zn+h-T9pZDoE`yyxNBAJ49q7uff!0@=(LUb$Ll(Wq0Br)3R4>`Ob>M zFbke^kDtnuOUY)2*{Th?8UR~R;R-Z$-J*;Q3LR}5wEMF>Ylw%ii&y(}5F`1YO56C!9C#U6^f4$RFn`Crc&5f0M=`R;_ zq7{JWH-Rj;u2~^NLHoPDhqF-;WZU|dZTJc`KrsPBJ%Z1qlAs4Pvf&oYm4~vj|O!-{Vfe3X(FJv7SD?s zgADWG;qrK(iP$P-=nVV4H}}+1c?xh`>XXP&We< z{WYfPh+i&#CCxgFL^mo)hGp{+7h$wFCeD9lME9Q8ZmH2w{P$u_Kk}CkdgOg@K-K$i z3Z*`S1^I-|6{21iAeH?5hg8s1_%Nr$YC6yT`l}pAKIQ=dQqRZAP=4!KdR^6P^@Dx* zLAL4)z5$=_t22oW*?cjx!TF<2^)9j;6wGQo7)Sw9NLNiiZNsAFc~8+T3bmyZ{*A#% zq{~obu>w4DZz!3^Q__dnt)QO0?AYdXSL87f7 zO`^F@c$Zv4r>!OO{A7Y3!9WvFayy1xrL3g<+A-^3VEsY(eP6B-+W4^Gw=Lyc&D7ZJ z1^8*GG3ixkASvBld^-jmVqdYz8$kXNsBX6gLAMzBtPo#LolQ0KA=`5Wm|beT)D=&+ z0l`ncTv!CX!pe*zzmry4S@bBEI!EJ@NpNSHo8YWNAIiar}35P4!)wNpzCgI zHYz^4H&07jblA3u;8`mX3eqK;`Nxf-IQaqgfK)&oP<1o08F>=qpyQu@kG!!r7__)s zubVr_vvx0tN4GqOM%@KJ*0xBev`Yb{AFL5jSVSY>R(TZ_SIu*z?YdDMzYay>8$wXE z?C9&Ak_FvjINI-MS}`!=-X=-8Qib;0%3}XJeln-R;4qqfaDiX&-j7Rn9MJ|1D;A4K zx!&`w1t-z7Jj7%Apm8QaX~mc3uWM{qUXl)~Yl(dW<}=5!fIMCoK4f#}SC$vT7UnCF zBZbOYC>L{XrbKg@=Y;BC*G~-y^d2oG$C0-RZRviz-BE44r`sfEm=<|FHnaslT22ws z76eLxU%tCPkdo~p2sP|#*|oU6J(Ko!kCS{S*GKo{5Dq#@zHo%+G)U(BamVXt{?R8D zuV)O%wGD{#?A*-2nV^ogAuhBBzJR_RB?ARNXImW+_X%n>FpPvY>TJhZ~2N-w#eW^!0R@rfRIhf8umpC!$A4 zp&GC?)#!Zkkf>tTj$)dBXXt>efqNI5-agab?J>obNHup&0JP)5_)Qe&1w?<2v)|4l z#9&ie45d!wd=vs}W)J6tK%0triD@q{Bm-l78@N<4H?Dpd_#!(O9OlK6MjWH8&XDSH z9ZC!J7@}CZ{&<;#HsSq9W7@DHs#c|uJ5@0-udLZNL_-iU)YINL)>8PS4}4yx@Y@tA zR2J4AwYhf4AR4PrYfITRdtCWB)h~~0ZASF;{;-k#Cg-f;C&P2sFH?eBN`o99%|^WN zM;5|V*GqqzEyjkOD*9(wZ<1~1M1h?%7&${fbF@`gLt2s;lVHBklMchQuG;Nrc+;~| zfVKAnETdH|!Q012cLOb4s@`i#Of4TWIsCNFBy8L7@fi@BYEBBO2wk;}GkY`J`EGGzta z#_z6O3E-{($D+hs7lkHG9$@+;%iYRN)PsRRExYTF_hd9JPc59R_^~JDlGt}gz0Yfx zza80(gpymE{USrLP5T|>Crfu3=wzcpM-$#mciw-^=dJbLD*F6ob$!iwF{W58>*&4s zP<8Q&Mz3E2P+{%8gt~BH>0n{$drt-BUo7Z^Jj>C(7z}FDDHt=rsZE&KMhD-NdT?WD zzYA1pTPp6gB$A!JkL$o)0{$bGRHqSt%UPyvR-Wi+C_wRTq3LNV0io0sgOjK)l95#z zClf)I8g0R=ZvUj);Tq02DfE(Ka2(9P%JRsaaK#h;K+?QrdGT87knAI=5I?TFckf=i zPTz9cd+ks+W9_u*78$KeoH#L+eCxWJCbrP(f5l08A|9E(SKmH0b{u;EzWYjQ>-~c| zRMoXeAwr5hv%;pr!$$R!#T^j4!@dhsDvHVV6uc6#_y!Ug#CA6eF<`~UmmV-GJTT5* zoWa%+)Jv+zv!|WHTeGm_K;C9!Vo>X^5rEWqQjecm#V7px@4pWyE^c*~1||g6vMLU> ze!PdKs5`PP5gVVwV`QHBrG6B@ITB4mTi0Sf9waj+6_YH}|2^MDl$LDtp7;p5yNvnG z7_?%bA8en~y>eyj)g-@A#E~4>(tiZ!7GwP1x_j%OxSp=@bMPR65H!F5fdtnC*AU!; z1a}GU?ht}|2of|n!3TGTK@!|yaF@Z|_VRt+=Y6+o_xH!UTkr1Ho~la~Gxy%P-F^D> z>CZXc_pqI^^(ue5heQmJq?qY$IARR(%CGx-zakwJduB*+X z^(Y%KmYQ?x4Uy_4OM4mfb-tGS@CY4NG}vgK%~0oYA@;+UJlGp^J`zyD!9~fnsA9Jx zvCjqbSnx%`Z)=VSi5_jmy!R@M` zK|lNFB=f^rzYoareQ6QvtT>bTc*z9y(NArkpX;=*;5>%6p59;0zJEpSS}2C!&LP~{ z6(e!=@Nm&Ja~y{biglm&(Qs~=as0bkhYRQ_l|HhX{h)Ffk<2$-Y^{4&YmzSpm>~Nu z#0AoG8rO3~o2ET`Wnt23ujJyr^@4=e?o+X%8e0(-!`sW^B&eSgoL6|DF)B(@1Zxj%Tq3|VpflP9?)t|Y~|W>E5c@A3$OpS5D*ZCH|HX+-x(Aw z%~L;hFdBq}ME8>%ZUEBsbyIu7@&sAG{{@GMb_oo zet_{t-N){o3BJ9uyjYtAhY04Qx*X02|INf~quq64KYU4&Zim*|!;6{uT}o_?b_-1f zvO&vjGP;(mwAay7#0I7W7P~G z+O-+7+ZBrZt5_!K!wTB2I7#}cH=Z0y=dXMDUf{&(walbiEn=HH1eBCub(I<8}{BZ!aE=4eS;UODGc>=C={j+ zp+hmd274&}_PGSYAztOAae=S19q^*73+jw#aRpt|ccA^11ofxXU_zJ=5n=Az)z1Dd z9%b#YmdyEav>J^I8TNN9uYdW%2W`(XDTw37o*oAmH_i`{uKw+~UdUzL?WHrMy8G7Q zkZfzZYpbMlPdk91jlQRU(RW732Z#UZShovLiCV~(*JuiLvH=Q{?W|$JVYF+P(Y-m` z7+@ziqy43G@!jNY*-*FLqC58G5Q(plk=-=PSw@q+#m3twrKQR?#Qd{7^=v%1^rOe* z@TWE}ei`AyuDJIwP-j+yFZL!gLp!y{&d58Wxb2gdrCpV!oL9$Ne(kq;hgrKL=!QSO z{6L-Fv+dQr6b{eKx4`v5*W^d?LE_5^cjAi?D_LC@$7}-bs`-`uHf!hDN zKuiq3nt0)#k~|gWSI;uxzs|?SMPWv*`}YNO=Ir(2|Gq*bqJ#P0S72!Uf8{4W0-74! z+w|h!Pbt>b5%>SQLjLcY%HQ?p4Bw4J^f zO$a_9M=A2huuWg^#o5e%WBj)jE;}=z&el?ecgS56rO_av&n;(H+WWX*O9I^FyVKUt z$}yAzx|Qh{t*-Br5Je8?!*%YXDgl>pdva}$Z+nm80>U(9oiSn>e63+#NMppOjM;2H^o!kv8X@eV&`4@7B{ z?6WT0=JAAO`=TYHNNu*WgKNT0Gk||Qo}GJx>u&h5P?X#M zVeQZ`>VfNzytIU6H2GmBA_$MG;LX}^K`sl}+|sUtq|7^Irws9preR~-0Sr~GZ$0_U z{mD()_+C+~7w>(8bT58L$iB^xk?!4u-5!5^x>Lh*92@SeCfLIzvxagdg-zgvqidJR zl7c5;#+)y4t%%(%B+F5pkZS^oZTG2~Q)7M)N4v|Jex5nsW6I5cvlb1Nb*NO=vHl%@ zUw6tSaHcK!)7neTz;-~kaN$ybd_byq0ZY)8Y)>Nf{_qT~!Z6eNhjyLxoTTLt#y*eH z>CO$aW+ifr;6-w_gV#aLwEc2Bg7?{|Wca1;!}V6=8DK->mjCEi)LnjIy4~;@k&lr$ zJDb%wGiPzW*l78p`k=<@gX6ueTXl3}z%AG2rFJD0?}!Q4c@SVwoGr+!@N+8?HSI_0 zbfdjLEwo8GsH>5=6QX5uD%pGWq>JX5G0_rdlcS-ne26QcPUG%2W_}3I2BEm$XssE_ z=He-h0`|=a98xZs1OcJjy5zVHdyT;2qq}$9R$7B-RDCv|)z1idk}KY`kQ6WSehcQK zCJ);aef)(!?|UsUH?H3SbqP6Iu_FR)rPq0n)guN`^ei9ia$a5e35Pxm`ySrq-z=@M z&iRRm_wZ|YtQlJS!Y|nd3ELib)cfvZmU8ZXQgocn<rTo)Bub*qiv>4#ZUi4pRL&4CHrDM!2U znsnAOlKpTT!}=!Dggse@T#EK(^!<@NCEilv$E_;StD{W3njC85wXNB%pgZn>N12#L;&nW)-L+Pk??_QNgOsI+?wNtn}ePEY+VssGg%bW(QrS zaqJ$CB-*YwD+dZs!h0KMLm(?eJ%#tZkefJg!uGHi3Wa)0Ahh6)Jm~R;d=9h>^t#gz z>~oHb?U_Qi_~lEp!Oz>=(Ive@?f$U=se4Wp`}w}jk70tmqrphGyY}~$ayk?Y&8xLA zWBnKwrvTiA%6%xsh3RT*P#7pX?qW?YIr1|PJxlAzG|DehU6{|am@%U`A-t3h%x$z0 zpIS^JnqblQTeu5*`1tP(AGN>eJgze=cm<-4I#f9vj@_nR3LlCvH8JA?|HoCafq52# z%Td7*hq|5=WijK+HzjhpSrn(_?)VntIdSgVsJ@ZD)tXItK6&@6O1biwlI}V*j)aK$ zo_N-J7kK1?1S=~bDx()ZE*zbrx|#VNgBY<~f+Q)V@Q)HC_LT>+h8-nx3;eXWqe?3y zxuz>nP~-4mTRJS{YvyopZ|l-xszbRDI82?EikcB=+eUO=69m0n`}=-JBVSR{$eo8n zxD``47~O^D5cj^gtkF_q5HQf&7(``VYrSqqsica_L8f&p*!QP1R)^Nx-UHYRVgh z*Yd%~fpC*>a4~Ia%SYIOWnjH1885+VO^)9h!~vtNaGO?8ok~6ae2bopko$Wo>J##x z>ST+hg8domO}uSMFxUDU&*6dw-c-BzZ@!Go|Gul>Ez4HnQ>ZQ6=y^N$k8Ay;+tM%~km6_0h7%Rx9e zIm^MRxa29Jk$#+1Yd^UrTCW)K9~}9eT@*jKi6ZEgF?_f@RxZ)3C1KsRJUW3@%IlW~ z5VrSEaT(}Qfqp$cUUOxBU0VI}5tDMYLD5iSUEuH1wqO(F`JwPN$o22yw`o01|L$T% z1E+AkIJF(dzcpGQ+!>7~^oTO@S>+6Vw;>zVrSW%wFV^VzO|j_}j-4m=!4Bgm%}1whMLQ6}!Yu>Rm7>A>_?89`wr(94PkJ60ZFqBbN61>~1CJMGmJ zS$BbwxvCj)oreNq97SaclAE1okkj{gW$d3{uLbytXIn#>Tw{C$8yBMdv{sM#yhk#k ztF>SDNS|io`nXUL=H})2DKbBd;Uo{}ee|&szQGOKF79DvN@Uo-f}zjc+~VT;Jg3sJ z;Xezx8eO#~^RObl$k>%|vjTIqT`kgq`>aiN@sw_RWeWvtMK8Hw=KN~mEt$8Kwme4J z2pkV6v~9=SS6{l+A3-n31EkKf4#tIlEgn`z*!Fc+THGFQ`l+qv=8?jdsyj?dNaCP> zrzR&?AW(8APnhll7vRR|z7}HbAu%S9Gqc{VO;)m7h!*}3ky<_-dg_qgzUj9VOkE1w zw&gU0O45M%OjxE@*BMz??$@}S{l-Q`c7V#zdS)jUEE;pN2RrS~TAb zGA+c#1%>F@in^Du?nzMJFVg<9@6qZ`ccpKx3c!*@&o82@YY*fCXI>@quU8dNo$kp z`WxdMfLSXuQP)Qzn~N?uskE0I0=%^yRe_TmSEf`HL!q*R^0m0+rM2Igi^2S7tgFt2 zM?Qz1_pW!WKFEuH?=am=)(w4bb+7d2GyR8f=RayaSf|l7lDgfUz1nYcC3tXCqRB>} zWFaDrQd~{(DTeT@aV;FTzn}4YAmNE=xr}`B0R_Gd54N{FvUOC`p;;6uY1qy`)%81~ zcN~B$1`*4`ywumC&AJS))_F~?Zl4FU{A`KCL`N4Up>>m-tXTMH^ITs?Cvix8RqDZE_D zeL;QqFdaA4K2=|VBP(dX3?k)!>ZR8IjF!O4m26X9_;heeoZ&NTnCo za83wyZE0*4Ah`1+|M5BQD6x?i)xZDwpPFiNIy3`IQ~6{3!dM$`ygltYo~y7^(-{4b z{dcX1bx=}%)n?Wus@M-vX=xqyF2f-evg(=BE_mPmpYz?0q{JD1dtBfP@rW4emZ!;8 z=mNWqbgzn+HFe8pYXuK*E3q$FcSF@Jq%I)L+;xf%du|s5xuv$)Khg$Ug|^x&&?nc7$3M_iJ};G zE`^Fo8j`K1FWLb`Am{j^C?f8S^Dz>MrS?^DV6cUhjjcK}k$zkETH_mtLm^wF8G=Nt zvoGzh5_`VH?xH11onopUEBGSmGjIBGR4c52D+lTY$<4G^8u4$MziY7}i9Xo&0%co4 zbe(^klJET#P`Bo?=q74`$@NxFL|hFEL@8v&7hHMA{O5>MRUcGYU?8>dSfR<>$BkuF zlMQ>Zi+&cpmN3+DC&i&ww8W~N@gB+Q`&}C=pOw}za@qHx0_U_m=0f?zq%QrTX@&lV z5|3Gxv;lU)36}xZzX#7O!jH08VvuLeCNwe%HeJ7|2Js1Tvla}KV0_w<>hjzdNZi9m zt~{8H)&-4$qynfuJTo~+4vX0U*BOJ(B*=WUXv>-q-E7&V{qS&6Vw_7#=fW3wK0I?Z zUHL5t7#0W03-Gq1S&fGM!<~m*RFt@?>JOvYX??%vpewjr8$Y>tJo0{DX`n;pNTSn^%?5P~`RD&hNlpum5^S08mHu#Nctw@x5*HxAI-FhN!_<@9jU) zIyZi6GX=}SOm+mpvw_LOkN7cZxfaClb4PwJ2bpjaMP$7HPc&PWJF9zd@KdOzm|u#$vt5dC_H7|rXTcYip?aq!Ce@n zF`R=K=dOW4iJ~GHpXBmRxo8-*r?2ODOmjR!LYH{NS;+hlOr>wi#MEA$MbX%X;b#W-dx%YfmT0 z@fg&f?G5O=G1c{7tayG45ftxN67teqHqzaAcg-H!y?bbSF>Wp<@y>lXsMuk?G5tNCyN0chIZV- zymFHs$RJWz)sSo^FZY7iLPGf4XE{|Yd0gni${|A;G-C@a%qng&q%yiCwEF4-8Bsx{ zbasgck_6r=w$Ql68O?Eq7PuOVLg@*%Uhk3LBrxikq>ECSG4Vykashv`83u{i8qFF%W03Xt-|t zy3)`%i|q!|H$#>8$P2D3Y2`am65_8`_eC=*x0PF>r=P#Srl_K)gLx#mUr2& z65Bi_!hWtYr|8tQ+Ipme)AWf2uJ6mzyo5)1tW`KHi}mh1?JtPRg|CY6FHF&lW@Zbx zsFF2Z_3G`Ujk@SL3Z=*Qh`7RwQ}}8tF{-K0nX6q>8Fz-ok$vr&xBEioDxar9+-Ga( zj!(1|L%E9ot=A%J2As3rE>L&xqYYkcrr@jVZOPK{>!XpyrrTzvgr3jZ7rSVsopf4z zC~sz_U1ZEu^>A)4T59&5=bcnOo9;YrW%)r$HVwN!e-YD?4?FkmHm+-f7YVuF3LMQ4 zHu1VDX1cBCXrF0#SvFDC8_idNo6a;f*#5|;2+{XchWIG>9cn7b%x7iGiP-QN2%5pdj6r$#?FybD5aT%Zv8afh z-mD#^ZYWJKMsdjd;OvIhthM)N)kDnk_idV-k}CC4&E1k6@i-R5S6vGxqT?VLN1Z&r z#wiOD=SZW`kgPts#}j`4YkAz&!U(BfH)&MM>=eXM69pzfSD2_0ne1c|PvI;>q>O!IPIq3$q z+gZCeq^p=^@NM2aokUmtQbA*hXi%IvM-2uV4zX?M93KJ z@0>6+zYzU`Iv1A*JeyS(gGUs*{O;KbobUH#dMFfggPIszJxd#5LP z_1XxYDmn4LED{Chlwfoz8OEZ#4pFfSZV_JLosSz?ua8MnK?6^# z>JL3aW_6C$f>eI4#EMp zir5c$2Yz?%e~oEKUXk82;JBN?RWx;O%Fm?=|Ae~65fK65l5c56Pfbb%&+~lgMx8;@ zU41yzN89ILCWhp5%j{&NXupe7^CPjTbjfqVuLHfZ_>xwOWjsNO8%2f3#md@KIqzaL zvP37lLMY+F8{_?%S1m_}m4&FmshdlraXQGAdyNpas^75l8~Vu59WAK6*9c-_$}R{Bfoc zJGt9T-U<1`cPiB#H$xut$1yNJ`Za{euokg%`<*GT3Z_6FT>it)#l_zfl%i-3s^7}z zA%-~)pXP#JfYO-u7P<|jqb>2%tUa1p$ULS*lJi`0en6R6PQ4~lCD}*9Tg(-2Rg(xH z4jQFRp&0RvflL{UEhSDF9Is3-mIEzQpUWfBNnaF@^9~gI`bY;DXa4Rt9D7-?79Q2b zH5uB~ykDHV@$}L4x%cy~UkSS@ha@SepR(PMZC9&Sb&%7$DG@!>Bof?P6doK^&_)*m z^TN*rpHFRrw_JG6N9w#fMJwLZBfeFGu=IZ=nsfKk-T&I4Lf8!4-ZGs@YH}fjYBH2( zdSUW?0Gp*Wua;BmS$ZMn#^(X65+>-;ZWLZIilQpgHJ|%praQQ<|10tD*|;*5b0bmk z^pcq#+=IfSjP#*)V*uB4NJOFC$LsLmRN~^sey(y;Xv3km*HHR<%%zHT;TliM?MO0N zH2&?HLBZ>&v^z_q{Qr6o=z`(bmbr$Mue^(_Te>A8g6ZyV$2W!Ug zeU)z=Gb2vP?r?T`>t2|a(Yhz0wF^YGBEGCSQI%%?a-*$~G%p>()p2?&uYK08 zt(~xCIwiNUU0wfkWDZHg(&2s2uaZJvLHLhoUQE*6Jp(w1&5S@uuU=oHx1ba^Dv-~* z&!JkFx*T2Tw=nrzxq(!1dkDZBW@L! z%(}AJDYMnt?LwGvVe`$tZRGspxjikoA{L0H8#5zK(G9HRdz>f=m{;W-fpc&Eeb-FITfGD2C+-`Oq`nQ~zcBptb2 zFo@EiU7?X5|M{5Xs*IUWC!u%cl+F^yust#RJFUr%=ln<+j@}-Zl1EG*k00<-g@U9c zaHh0OWz3wF9ke1#*{>^j`ty`iZIQL>H@CmzM~`dH%SvIFqmdhC5@S(a)Y80=z^eq3 z&FhTIgssLEN$o|z=IL}R2RfSQDkZQ&*KW7|+Rwi$Si|>d%lxJ^K|n+L$LM~7Ce+Vu zVDEyhEX4L5c5jnZ&;>+D3dmKgow5BhSIy|ZnJD*5Bj!0ZyJx#2sODS)5hjA+1)eQ`Qg67*IEfkk6~Bq1HyeXX<4A zb5R$ENoTnwkdIcDcPpvsJG*!soq@S+zgWs@D}hRi-6ff~tJbh`n9S{=Q{^w1S@)2S zmO$tAIh_=WiM`dJqOF*(vOsp{M_eE~=olBi<-u+wus`Z;NoeXd0KH`QeF4dnLEt$Ah7wraou}O zg6T3edH?PueYoBQtsa!t#L3ztU6ta9T6{FbYY{DDFId>7L6F%wm_g&+Y~0vxm~bX{ zm-%2?^th!+gQYFE;$=MBp$;np+vun*_jxweqF!BypCF)vze=j0=SXN1=N*5y0xoN3 zu4kYn@=eO!8>_g2cPY>GM7Xx57Sitf3bi)oyZam(G}NtoMK4^0142BiemE;m8ywI> zeJ_{b7DLRJ91(S^2b$3w9p~<Tpu#Kqmm1LM$aj9U%=0WJzv@53}h1q zT?;re))-(6V43CJCvMZ`bWd!VbqGEUE^_+x&H~pTq_o3D#j{YZQD5InX$(X0-+1wb zW}(O)l!sZQ0}x6o_A3_PD;=GC_Nk;$D!4Prj-FH~u3Xx;15Ao>dFLjN@K1Zk7$NlB zQ3etwB5}fNm~9l3&dj=z5H{Q>$-@x!2HOnc7Gzdn2TR;u30r(l(4p}dy3#k|1h03A7}r(LF}fYFJEsB#<8 z(4LR$#7sFz2XY224MYoKp`9Ckh_7(gI3HQNK2zF%vkuj3hr65pl1XJlU<+y_`3)@#Q}+g30J!-`m~39I?iz_;ePtUw;l&AG=~KC^5}WMxs66rDA0v`Fip z9r9%V%8$bEg4}06h`s#DW(DHw{V_BfGnb}CT?J$@&jl| zdRU@iduBKuSt9VM(r|TWMQ(aNjg%hk<4VsO-eP;_;)rPy_3Iip*tq;y?SX~+ON*2j zU^OlVw|u5})CTR;SVlk5ocm|%dqBtjl#w&$D?g)CBK{@q#-$*qeV~`7#2F%1<<1z* z*P`y~y5@N7Xv~sUIE;cD^?J)ysRQPNxgmJy{OF~D<3ByBFBZULVh%_%CS;{bjp;UP z?@r#$_5MJ%q{XE%;w>;mN(bi6Btb zOH&X)Df(a$2yI}dra}>CFpzmi&R2s?@xDS_ET=bkfWQdD4Hrope*w{GeQIb;KRa*l ztNz}f(6H`6?kn!OJ(=lG402LT4V}s~61&3Z7pL2940CxEz&r6`hli;ZkEt&w6eCI3 z_9WimncE!ISDPYyrT!;fiiH&c_dgS=s7Rs*xtQbrLB_xz7Qg>Cgy(dqb{iRoan1o~ z`CpPv`HmOxi)#t~iD(#UKjk3)BP617|3&}*r!u){qTLWc23yCh$KvXliigbgh74c2 z#UdSn(8Rxlju=_YzBq3WG4bBMX!`Q!@VQ}^S*eECo-=Cwf1YzS_R7kiKvJWxb3`iUQT2El1^)|% z*I-C14AulZDo;e78mO_KnBf`TgTxy?jI|esXTAXLzxc)Og~71u^}>kE9`cusj6+V; z(y7U^;p*ls`SgaU4?I0}bSOpbjjFzC>-J^~LdQ-DQt0QYysMHO;sKJ=?;d6~luK-( zlNWp>q#+oAkEs@PHXYtORnCY57zM`CB}oY>^SH_c4E%~8VQgD}+Ed-$1I@kT0is|4RY+_ z{ZQUY_~bW=_U4fljMu0*wuV4|gH@;PgaKBwimsDaADtu4W0qy?oiTAq7W>5Xjcfg= z{PL)u??FyASk#7;SRnsF&_Vx%BxL@(6y5(Kb-VJ*|3!+vg1r6@Ie+_vsi|%$q{rDz zk^^3MVUbNB0KtH6fStemH#?`OctoMVVb@URK?2Wa6ep}Thi{PxK6@2{t1c9;dkS3S z{N|E+1>=?B$fvol*RfzfL!K8UP%tUR!821u*w3can+D zd#Tt!ykj~?Mauq~^fOH^VTuW`^eU$dND`CU6Raut+k-uCvd5=PcmQph-H>{|a{d>( zZt7aXxKv=|9Fl5Goo$dK0`Ed8e+s;2c(0l9gC@3(TefJxPUuWZ`WT$o7Nqd8p>V$FF_HY}@*EK?H5Hn^y7g&`USr~0F;yZ_N1Q`|8uB$!NpWBOJME#i& zC%tETtKKA^c~-~Qpq+3(rWx!5wD5ClRw*E-G;qz2fDiTmHXJ_|Z>h>B5^sEFg5?zd zgzows(i@RL=C(x23Hv$h`_%m@x1biEH*#-2`6wur0rYw71W-cgHrwPyZI-$e!nZw_ zkh3fe%UBm|ETUK={V&O1@A9jRwmt`P-mu|+4g>$%#r$ybxij?Tq!3QFN>oFb2SR@)$&oKrVw@KM-z<6Q)lQ+T zCy&HneUTYp2~~;11ir2OG7OHGV0>-*n`+kAmxg+&$045v2m)-=_;2Ui0^}4LDEp2|N$It_!g`Fh9SYCX| zp4CZ~4g6&iVb@*b4n=#$;%bo*R$If10t-$cfjW_)`8c>kU<8Lo()s-S1M7Vn?A$cB(0+Ra1Rf@fd zeJyBVD+G!^;5OAAW)8;GFzCf&WJb$KO?>68XS+7k0^*8jHLcKdg3kYAyrt zRKIex^JO{G1^9(T)L+e@I5qG#q1y?VEd^}lN#(DSD?B{t6Jcd|fe#Xz z7;B6b3Y%ELCNR$hsMeiZ!Bgf zeyiv{2pRXfNZl=7f&;V0{)z_61*E=Qf)|u4J@#SwZoqO+(!`@)AF1j&Tt^ z;!V>hiJAK2Tzcd4R}Ah@_6s2fDrRqLXZa(Fd;kqHbc2GvVYhnc4!jM2E)F0qj`X`m z;2As+N%+BFDmQ512tcwcC_*$Y_N9L92=GnLS7%6~bjGdNkkgBM&{FkmAU>bMryImh zf}-RS0`Y7k7&_hf{BRBGE51-u{OQR-zC!7Er7wpDjm2gefWm!r@a520wS;E@@oxq! z$siHI@Gcb?amLEz?aG8G>lPk}twVI4Qb+x^h1zA)SQLz)xJT)_M@0s9oxI?ezaQ9u zOI-#r5CEeflp7P>F zcf`qr&+u5Ea-68A?J=6xIUWGv9Ad}y=2aT7K^N@jvfQ*`~n3jF3J-{hb+x^hBA5?FvzDCdRukMY5EUv z&J%svItNkOBD|~kFOYsz2g@7OQdPx=H{Oz$=&DC@ia!RE+SV&+CDt4%G+*4fJ{=~^ z%_fRY@uv}$-!XZlIw2pB4+hDM17iJWI{ z0D$zv(KR}-(5=55&0WGAoQN-uRr8k1I>k+}X zol|cD)}`T+%MDD2b>`0RL*fNs;=ISMh5FNqsg!MklY1Coxhewk-Jb;~gTr-17mduQ z4eQf$E-+#Qq3PR|DN&rQaWueOA203zff*)!fK)_KYXC7G)yq_Ydbp$kY|SOb|D8p5 z%Dp6*?c6?1dc6C3Z2@>OQ$^EF33VUNZ1*KOoVVSJ)FerZGBV|upYzY)gU?!nEe|*l zZI?2C+8~v|9Nx<8K&+=tQ(VW;n&w3xYaMVb=fV48WP5a_!|46ug7L=~?00w{3ztZ_c31?NSd^v2sSQ`9TiGTk{X--iIlTH|=FjT0yeJ9!&ay zq!>r!gJ>?U{*35NZ)-7prXQEJcZQ^63)-&W0;O{7=%(fW;N3ML)*oe7J5jtFsd#_# zxiEYQ ZBqNc`u^=ij)HuBYUl+o`Wh%EJ-=lm=6Gz<$n=T_OB?C1PL<+qZ7AysIQ z-@U;nMIw)qHoyD%s%&Rzeggrvu}Hh>*Dp5*))+K_dFsO+3o zSxww-iq<&7-e?{*lNH=F!I@dOMS&5oY?@1fqZs8hE$xI+-G`(M#P+~TFs%7GF-E@cZ4dF1bcPnXC5)Tp80&X1)iHoen?6{PSnVt zCWA7ZEg|}kSCVlqFX;P8UKhT3C^dg-f4oomF=9F6KKsT#u{KNPwHm9#W;jtaf0=)N zfRK|)7y+-e0$J_>t7OMr$t=8WHu+|sp^;+mpRzg1QVr==b>X^K3hyYDwa(DVPgu{Z z?DGsg@$K@o`N1=|r=;ZRjO@phjd9PC9w2k-%Mz_>2g@*2LaamnDSI~3bJkprUGUm< z_z}zg|H!!u*p*{3`j)2>GZ#Vux-AwIL&jS^xGSsi_f7_Fi7psmGI? z!1fWTgeoukdAoIjOLpm&(u#_ij$BZYBQguVq9^`A89Yt`?mU$iAFZ;jaoNX*QWWjv z)D-(glkJu1Sp3_bQ5p%mj__l3)z(nBETXbnBTJyk2Ut#0cE`uj^t-DypN=n` zf^;BVLd-dL0;xqJx|=bSq}LyzVETI%jK<+(s_>m*3-!oD>nx1Tfyu5s69ACPHXGHL!@ z+A$cx**QL#mbC1Qk zYB&}dQ-W>?5Tu-uly3NKcF`!*Rw2&g+C!UgdQCq%{ON!bRrY(3679=$Y7}{0ii3HL zcx1zj?0+$7{fLh5Y2@FCwLjsLhDCo|N+lmY_jUglD7SPZHXu=r{sAcvZ`f~#Qc_=& zC8{BrvPew3H?al-PC8)M29#?|F5|{)PF?Ku;Jk`9v0sU2s?fNc9 z)E!)grUBdbWaa7x=MJUF{$%*ev(&;yIQ*N}`xVY9fkc_+UA-ULoa7W=R)J~iY9+JE zlGA`8BVgl31JpJgzFfP*4_q4P$>wuCPCi2BpOqvE4d1nqN3Z=1j^0;$L#$;mr5I2< z@cE}T2$=R{4UbCn59~ECtLYlUOt26_FHdGgbEE?oO0@~fw=-;&ohzPVF{bC1PHHRL zYDDFnWhcfUEkIlJ_p` z3Vb|yQK>MThYqs8Hp<7AHvpus@d`HY32Kghpu#YDEegn*Zs_yO8lzd90#Co3KV@w` zVKsFMZjkP{3+_8y9B2Am=U64FEpvd(K!wO{lU9>}ZjS_(k6?C*#rRd+)QhwV( zF_ufFTY_~%1AshWqNv$;=_1 Wqc(eY9I!14NLpM$tn8z~*Z&PvQ#eBa literal 0 HcmV?d00001 diff --git a/docs/wiki/media/2.3.update-alz-custom-policy-search.png b/docs/wiki/media/2.3.update-alz-custom-policy-search.png new file mode 100644 index 0000000000000000000000000000000000000000..2193a3199ea9524fd33b7575a616ecf4c0543946 GIT binary patch literal 42991 zcmd422T+qu^f!tPUJIZiARwS9(naYV6zS4?38-{JKstn~C@2ajRXPX(DIv6k8nDoN z4+H{A3lKtt1Q0^G53j!8ow;-G%zy68H}maGCeM>RyU*^PvuDrwo!`DO(9@tl$9|56 zhK62C^Pv$9&6!FXniEO?&;q}lckx64UuU0bTKdq?Fti?jP9zI4Z~#Bj`D*E^(JftI zVBrwK6+~R8p}9_@_3*w)VCEVwIK*TTP1+DuJ5g!q{_Et`j5m|=leUAmI7&{pIkaZ+ zwuG_l6Np1#+^;l;Qc8!X!Zl4nCV(6Wu>~%rYpgWl2}& zUh(tBM8wL5m!);3clA0XJW4nlGJ{|h6(ekxIggh)!zEjS#z}00SS(f$=-t2N+o1Gb z!^!{deyd(Q?)P!Ii2CR0sXv!A-&pRu|GiY1;CW5|_xc~})0HRwUO#zzUFz@Ub@xlH z$1`(WUW&Y!xMA<&X!auEGE-90M}&4y<`P7CWZ~XfZT3W1vSg^)ea7TnB7qHM#ZVfu z5t^2B@}no+qx}mN;-^r8fue)P98xW5|!$=pTI38jlYIH0D&0) z_UKvvuj~FaeCfWwad4~V$ED*3+lJ`hbGVrEuD_6dALX3{J@7&$Y%*rs8PuSUJ}w37 z^c+vqo*Cs_lP!znhL3#BBGiN|1THEW7RcH+u$uVG8loNe+g}5lBqQ=tJtnNF#c(?LRr9!eA!JB+;nm;5|{?bgP*Rr zmcS(2aQBdScR8NjC-BLwXYolmf=Ae+jJIpHO!}p}2hv;JG5DG)x73u`9mO$`J@`33 zf93a(wW<8?33DDb)+Z+t97f)mhL67U@ceq^!{$pVQqZ@KOg9MBDQlY_l$K@n-(2v& z6n+h&ex=)+Ba1#T8gJRxX`-b+=k+4~IjhTW*oPRC0;7Bloqz&xdsdHxV(CN4gmfv7 z;X>|MbM@D97jrQRAvvgM!iZ^?{W4CKvzHf!(g}j4LzL zu+MdMbrC&dqod2_q6bC;3RIgfiw~qK>>)%tIqwC8++Npg!xpLYL(6KoZ8)e%KZn6| zZ2xTrtT!VoytWCR9;w*UB@VLbNAz+{bf8KcAfB-OKkuNqcxN3=irxcWR9sltP7;%p zlw5xtpz$DGZ$TcTL9qVbPcUQ4;i4L~AY^inf)4x+rXaPinl(_-|A6j}ZUt1w` zi{#Ha!Vifo=%7J^k+WLt1)UQFzY$KKBzgNXp2*%j$Q5VT)fhJ|BkZRG!OUf(icTVf zhw%93mgi@zi;>UUg6EfFn%tVaxkZiIQ+p(~vM-CDr}XK&P|0j=n6JBEs?!yy%$z9_ zdmV_?@L6%e-?)oLm$ZAj2RCEPO{%}&xXCvKuJ}G8W*cnw*34rld(X)ycDYhJhy0nV zAs-Ts8clJ5E{Tm5h>XqfG-4UgHJApyDSs|9f^@L^kjCAJgJ!4CfQk~B2@AjEqSgZX zjJK19h;cVCR6Xk&yH{^K!CT@zl+FG~H@O@1G1uUuY-Gx^qWx6(Vfn#chBQSFlBlO+ z^sqpk??_Wwr2Fv~tv?c>q}SESD3aHFj%Biv=9~k@+?-_LN!S%pUmmFr%_C-_?FB0a$)qU$4&fWt@09S;m%*)xbVk++4FdA0H#b0*ABxEB!+BOjk9 z%pl0u!iJD`+;&BZy5A*li>R`>+WUR&@GM>15J=ziiMH`1zL?nP{+O9JTH5;z(rW7O z_^98YePN^OOxmXf6Udw9aPwvq7dJ1JlTEu>@Il{}XQ^;_%%&7|;tkiGalb_IqjTy5^;~f_xy*FeHfL$Xx9E1Zpk1FfwMPB(EbRtpr;X@E6fc;W1uX*|^fhUv9QY9b=b$ zlFc=+@+f@H4IZ-31QQ8S1rPINjbs~)>{0!uj2lgMOP_LP?pLT&LE$xGIoCwG@?P|L z5-QY%$X$HBGno4_P5#YX7M_|z0bs3-eC^npUIh?*jPX!&;NVHxy4^LBkIK+y+ipw- zsD#sJ9)}*$Ck0uJkgWOaO)I5vopUhV|2?XU9 z1lWyldW%QEOP5wKr8x#mTT*Ja?8Tj>Yu%xhCh?7%E+ossG1F$Li<#d`bB0!-WKw4h zY>zanfJMQVhqS3fZ=w8cnaXb6J4ve-^vq0=TNYA$Ys2IA30Lyo$%huOuZVYyt(7cm z5GdVyw*{buDORT@5+wL->vx>^ALwEme9Svh9vK^D=SFxG3)N_JNk zTh6tyCt8<|u8=MP6*@WEx7`Fk+|-C$o(cBxUFf{DQtgR* z*QT*P*KvLOhYv-xGPUlgEhIS5#VBS}cx1HoG%xRMe%IariQPj-?EE`ZjhSDcvp+(j z_TDKrX0EXEBzbwF=CF(CID_^p=DBs2!3<`>q8D$eE;9GmTs%eW4(;WV`F-sJFdbPs zYtxG#j0)WFEaIOPd&@@`?wIiv=&hK%y%jsm?|d3r@0Pl)8KZNQtxoOc&3=}puH&X; z!TE{8dWoHkXx_7oA8)Y{(Tet?JkyjKoq1ks>i1~4?*z0>!+}5aQvpk~vkKO=mtJ~T zhKq+H>b1n6xNm4YwNTne5$WT|8T*DQ@x$81B+LwB+0z~W?oF?PX>aAHK=^*5{;e}SDJ$=xab zGE*^MWAf?A!@Eza+jL6C`En$6Y<1Mtp#if}^m5J>w^jnlURwQ*>ND^T?y3BGec76o z4Pgk>EvfxccJZ`q0Jw(q6x!SQ;pSH9+~s)JouJse1Tfp5A!VkO$yUJ1VN5HD*HIf7 zMqVwHr`>okN9@3o~0%vus{dWm_`+(}28iLCr*VLFTsBhPFOA z=V!gNq~{b&Q0r2c{nTP6m!E1>yUpdti$A46gOPp&-LFet+zK_+vyatvElc_mFPI({ zTJVaH54Oo??N%aMK(5WJ*eNT9k_8NdmXxEO8%M>j z7ypP$9Q1`}!8)9GoKlvQ?ov*wX^Od(jFknppeyO~t&CnqMGL;!y`Ev@6O)uqE?_V} zNZsTLQ43}{(tKMUqI$mlrORJ8UgcuQnF`o;q#`X-=X!GHM3G)7tUHU&1m#+!9{X;z zx7S)yoNN}$&Q@HdD{op)j?l~6E0Hc4&Z`@;$L*F&ALN)j)bxl>m+2BPvUFxOuKOR$ zX&p4cYxMogiuV(?69pnI;^2hz4|#^5GOf-UlhU=rXk>$JOcUYB zqV1HF(B|q;l~&0lQb#d4M$UcuuI=`d1ph;`7P7SelWNsCWleS`%x{hdpy&75llLpc z2Z9r4WG|)*&;JpO%H91l6`-=`Yw79f3_XO6f3*e)MXMI+g~Qm={A0CVkNo(Gcl-6j zNAmU!J#jIjoZp@h+?MpLh;7BVOFWsdifq7J;-smr$((mbDTayZGXXBU2bNZKBbl7C zLD^2WgxZ2QY02R1c9~#1Oj+mf=o#LUke04#vxED|BF!2D5VBR5*q8b2*`&`UYQtZA zVY8P?)|)`j8Z0H5dnjMBEUhTfx77f{V;kbogcrj&@%y|hI5i+hV)ZQTqINtViRuo| zMvNiRrYn!z_;2eal$aiPyf3|Q4Z$Wp$IChDqYSl5*0m+;n}fGr6q$rQipjWFIu+EL zQGzO2)uevakC)CEQ3uI21^*YN$^8V};HvMoq?!+lG=5rxem+#w7zU48XV!t@&9kAWatN<5$}{ zh$raQ34@)D$OSf4<=xTH;)hMy0#^$58hiX{-%l&o>R%pUMnuKhkEbsj2n)b zqT!LcMX=H(fkx5rAAhvzi)Dx8YkLiw=WB5kZN0UxkpuKyVrZuci$xaCq2IA>R?Ua> zrX0FJ%Mubs`Q_J2<((H?mL6t2xF_t;+86Jpx=R$au7BjnOy?kxhIXb?!}@|YcanYz zrFv}=yWiOsC2u7-7%yebhYF9X>Pf8pI@?3Y`@qgDZ)ShnNst^q$t*4LrQ!RUUNz4P5pE(z7I3fQaYZ!`90=!c5xbK zIdk49pR}9mW{;pH+RT(h8ZHdrrH@U5Jc_DvKF}2RSmsv^eik(wQY*I8BHR&7XNug- zEw~@^4sFXOzQi98h2XyOXC@*J?Nz`);XfyMl!KA-Sq8(FPUZe??GMSa;rw4YH|6+T}EqiD=*L z4}al?2yyFpx=PX4S4-Z>x36?Y>w2$EAR*87d+GoF7eQCa`vUWKsv~}cDeuO#@kxfw^nzjB}F2^$sZ)w+CG10p6Usb#>yB$^_PS=aqcmn`(}ZlMyq6 zd!u7}UfubRHTBB@w`mjzlh+EvVb**x0h{yt8C?DnH{_c z->mPA?D|k*_e&oezEBWW@$;D|<`}n;3Epy(`*13jZ>w5bY24W^Ohl_HlwhMMy&^_W z9+?8VaovO^DZHR$kEvvja5j{0RpEdt$;wY!`WXrmdHIHK_V>ft=4Bg5dXU=mOeHthF81kvujS{kG_Frr;53A9OP|ervkm5;n}U1~tn8=jPK8oL{6J z3*R>NG|eZoj}t00S!+rWgcG?Kwl+)c?tq$uEK{C*XH-G5rKOc6M{gAa^R3(b0{8Bp zVP2X&!+hU8FLKX(iLY)}=oThyyU`P@BcXV2VnFyb;Y_T3S56r+d?ZI%38vx6Rz6-- zK0e}_S~7POTHY&39|}U+eyhBsdEjiff(eda!34y5>y!JViNsx!Z6Ur?iTH|YLBL-s z*@SK?9FO9qEn=%R3>X3OV8$ih7K4eu`iajIZNb=#op^#^l`O;9AMG~8HQ3tu#K(jy zGcRB;j0s-NVK4J^g9!QE2v-^o|y84FIBC^t42<2=omE~{vdN?9ZNJ1kti?b{dteNy3!wad5uB4xda^Cww z2g~iA#lG0Z^`P3;Oa!2o=1b{OceV;8W2z8G(x;JEku|;a7|G$h`$u9)|Lj5Ep;f{ldcV|y_v{@BeOuEb@WqAYSAsp;rM50Yc-C92_XEAoRJ6zk zRcX-3^YDC%2ai`0{p^;VIagB-OKas{rX`#k=zH z-gbdjlIVWIi`5=M;sY|`139eH7PmeJK;9JcEtL-21+7EIkr{Srv(0+RyJyoIK3Pc$ z6#@&yF4;EzC9pDp>Z(H3HUt!;5q=0Po^-{L9@blR+y~Ma$q*0au6ae7TFWPso;S1^ z2MHZ72;}0-Z@Poz+(4S`f*7u) z-VjFGM_W&AKT3O&&8naj+_SNC5C+e2Oweec!#4{`VX_XFPZ8rqxcevUzt1-jsn@0~ zNfOzkTQ{S8p=g4}g(3M^zQzi*3?t)t$5HAGH)j}Ex&7Dr%#KQ?wPrD4GE^AE0?6

    HOyWhv@QGN|7DWHO)Vyhj-qZ+SruM<=l3g4R7$aAPpt{TeL#BXFtt6@n#bO z`FhGeLp42Pu404=Q9BJ%t>tZAKRzW01VjT#k+N#^?gjlbV0``!Sk1^u=_A)ZD9nSw|-w?o9t zgz6-lDJee;vZBseOq4W1{CDu5nRkhstysY11Q<44ab8c{M&IW2wopRYh#23myrC;R zJW~}EW89FkHZ@z`;o+v;;3mikp(4NKZAvs6EgoHUiMH=5%4$FB7+>FsZ<2QFQoW|Ub< z#EV!e)_5&#Jl7tX!m-o<&JMfrqjK>M>79bqHNj5bPTM6p&uFDAZPK&P4zC>a@9jLo zD>3#|zPAVOSc-li)SatAG;MqKi6y^WR$u_6PI+mo#V6+8se-#KZldfH@`-PawXuj> ze)3baEo2nfm99O8Xf-?tU}gcgih3s{k~s!KCQLIZ4IU%&UHxi+inQvOeXhK3G#aS* zYaS)m?1OtotWJ^(c^Wlsi7ee-!GYHeD;qN#dq;Wc6MW(8UJ%h$dF`eJKS{0xhZQ!4 zT(C`$YiJO#Q}i9lr3#o=9_nZMPGYs_leS^QcX-C3OOdJE#a6R!;)+4!+y zT_0m&uYNiOT8<6P-6$wO56yyi>rAii%L8#svYaxhKa6YKKJUOeD?OpS3F3FI2?4Do z9y{E)F`@fw$Htw2?w}kLJZU(5#YjPyiVjwaTGznW&mV6VVUa8|?MHPM^NWuz84Z5! zIG-h;rW6J`?_;}Tv2Er2e%D~q-pb-97lYCFg9T0n-#WwZ8mAMVP|wBIJ#@QJ(ylT< zU0>+hJ6P)b_XAv~D=Q=Hw%gY&$E>o`au@r}UElW3)Tmd+E99fDw)tIre{Yq3c2~=u zSk=S!@`EbFr0KGF=Vipl2(Oa^d+EvL#zm3mk011)$HY{%LD4AFo}YX!4%KY|u0lUM zZfEGa<@n~=&qVIG0g=22AW3rHbr}31Z@YrdU4;oiK3%DmhWKKK0cT)7uVk{+WDPVD_AaT`tf1$!7@h`raGLA6i*x&HdBqvwI`nsx;y2Hn6|{St zc9Hd_>UQqVSeg$P9SzNww33d<2|9Ltz@bycN)XP0l%Kxly2f36N<+_WBIwkXP4vxr zs?=ded}-z5SBDcnE~B*Z~q5Qyj;&u(#YCkTJE>G-Cc*# zZX;#Ys7r{Clc8pL6;41lujB(9Og9~U5+-^;=JmlrrT&B?)9&v!@2z_4r)w@YLl!R;9tn`J15(57&Dt z6Gisa#)_~}OxfQ}av>23x%Sq`-6TNzYna$Q!eU!)%vS zc$EcjvXmorHE*Rm3tb|zQ)+1Q$$JN|BuYNL+bn<@j#(Yn@k&F~DpPvOO-^zvv8f|r z&dqt<-K!Bj!5>}Bt?E^I)vZ0If5e}NgQ-~MG+0sNGEFu`36j8EPal<)jj)=9l_i98 zvr$H#9Lkzhd@)#G<8d5FPC-uyy&^2WdvS__-JnIZ>L%CUl z>dhip^vwp31xHb5)ki_l)uO5-ahuu$O8NR2$FgI&3hI{H!-s)QQH+(7R>rq=2PC+W zDKA1K&^YKuw@8nFe@%}^20}r^G%sfiA`7#6ddtOaPE5;adK%UpE95nxFM|C%T_&Kd z?W=osw5MDsv%ZD(*5{Dqv<{3Q(xoM3p>_-*f+1PmeED@oqaipG&ta`sEXA*5%*2!l^BWY$ zP$xF`hSqu&rFx(HfldSwl-A1ed?2SnbnxQ)!yQom{&uI5f0Y^_4vVdvP?)ZGbe18ftgNlA8;!ptsObxMezhkSYKZRXxSX8$ z!q#uc@j#zp2~#adW?IlZtD9~1agR_L@#}b*HgJAfufbl{9Vj#Q&nf(+a+fP)OZ5Os zx~C|iWE5b_{IfY#aWK%RCAh_MfaEr;sP&x^!a6c{yg@8C0m28h{KyF|aiMX3v#vZo zOXr5BTUO<#^w^(xQi?e>v2325-Go*}!P%aB#*Vj%c=eYOqIMzF0w3$R+ z;Q`vBX(;QU^FJL?zH0Ye2k@>7U4mkF|M_j11wUy#Gmp% zAqK&Hj(JD@?%{{z9BRX{*nqO!L0f}Dp|<^aX1mh+J#iM$8#foevgiZ z8vpkO@#%)HWYMhOn~x5@b2(Z6!V@wD^@d=+l(wfm47quJqlU@UgS6>WXp?1+nEuU;N9(Qjq~9-&kC% z6}~r;bA_21_VMG@oSro$*Ci3zNkMqA>uB~s^XLGg;o(Xa{Zq^z#z!4rt59v3iOwlSF5zj6sWKIBp1J{W)O#FeWkdhn>!MkW9W`So^($G1)0}|IvzvP#f-MDR( zC0&tduWhy<_e^-Y$NXQaLXdx>mO>acxZUlpbOC=Ww{X zHi1zZJn~^aM)qj>$9ed(&kFtJCU&l>x3S4)^9GJ^-Qwa6!P#+^>ryD$0+U8}u^KUO zbB#;O_WBe8?dUHnCi2`7lB}wRZS-t87d|IAAUSYDBdB4G2!+a5bNZWr;LZ_zdHKGQW)r|P>ZbQJS}pW!k4p3;nQVT{2?UC z!2XFYUb{u^PG8g9gTBLUHMyZpKm0k=BSI|$d@+d^Vu79 zBYI7clHC3f*p_3h66bH8<09B7t5v}qbSfDpyZbQOeH$bB*Zy|u2YhPfAl~O=4~@BaihL1Ay z5=^6>x|eVEVz#e5nE2a~i)HUAt*A-&hW*W+t<;u%HTi(`q&}w+7T;J~J9#rC$kAGKee_DkW;e`T z8Qt*Tnk4?4g`jtQ&Zn0-C{Jq2pYMn#4Cbk_D}~gx$8nY#=BvN*7N>z~+S}XPng6Zz z?0nG0sm1S%%A=L`9ap%yXPMegE#LSrO>$8WD*T#0H~c?xYs9l*;&V=*DpWr?W!kIp zHqNUtrOEXWz0enjapOnZC9d0*M$tIZ8UvWX^2yJEA5XwJ4$Q0 zT`AoXx=ap3IC}=V^{3LogbVIqXC+x~pqPmZ_o*r4g>W7vtPk>Wyidw=eBQw6 z*AzX8NP{lc)>-EtW!NEDCmmsLva>$p#GV|)@2wuzhrzi%2564RDd+i*nZ#u{-QRGijhJBk}B$Mk29d7e3Pl)JqelU;HxLS@FL zOiSMr^HQUB+0^`QLl`_INy^2B#r(;2cdw%hG%}}von!E*^%mI1cdEzBazt2MF&Nt3 z8>l7fpjHeTxTiy6G9Ty;*eIUX=@ietf#=% zgN<;`nIf%HPs2lSS4o3Cyu6~9x}0r#rkN5z_P2*ow+CPZDCLgu@tm^EF6Ayd3> z4M>rOMn=c-*9?o7SBMGwSxhBZPd@Vdr4&#ev#6dA9euA{OM!yO`VWPL;2ausk+x2@ z$6&9cwL(04*|poJ*#i)hk9qiy%%5)3O4x62N3Jk0e?)CxjZK5?dzo65YD^P*edMzV z=@7S+Pi8G;oc99Us=|s|tb-#)gswQ3M(hk6PUUxO-E~T#vM)`Jhakatzh1wuK8OD} z_5TpircuFvVB%0Yx|~(!fG(?lTN=_UacaVJ-gdYY0U0VqF!N6;q7CT9ZANPO?Os81 zM-w;$H1bM3B=G14_Z0T*W;?=a7A$23!NV+r3DxRqB;5?SbJ3_vJNwu3k{P%6rRY^d z^WaBjV+!J_OLZD3m$r98%;NLB=v6)%(^@E;!sINUQvp&V_A_^N2NQYw-rZ}lX>mKt z-zbqZgZLC>Y4uaVu4(VH$-)Qy;KrC4ZT}q68fYao>qgMtAeCUfNE7Et_G=W2e~tN4+P`w=gLPkqtpp%u{gKVYk{mZtzaHnam-+eJbvzNw?JNU%*GTXO6{=cbqL7jyu~0`6>~P&+}Mky6*7l)5!v^ z*TcB@8f1o-^vqmKCQXO0>WUTd<6Su1+@B(`*!L`(dos-n#az_LlD~I zB+X!yFAvQg%q!k~s5Jg#yqI3Y?CwAI-*1em@lp?85D(hq<+Kg`Ov8LmG@NovC}5;? zH%)ED_&q-xy@J6(h)}E6l_#xz$sq zy9!Sp3J7Y;U2*7|_h?d6^E4G86*>^Zz>T-3f4@GmvKUa!!}6&F$V7e(Lxhd{o=A|m zq0&I3+(D7?OWHZq2K_XB{+S;W-=pNl0;~*?@%25|25Zw2qbm7>v(Hc)K}W)8n%V;k zNgtj%{l3%q)06&woaInG;WiD;9l#t@!1G)|TH>UDP}$@o(TSN60>|h@pI5V@bC45A z)y>Z6^Vcb>7&juIwZuzWo`M&=9p!>^)vRr$ZHk4&R1GM)mg$yeCAfqV|LIQ-NB7(Z zzJ%qFm@>CKw8vi-VbU>EF5KiePvJuuvLW*C2Iu-d9jO6|d0cG2u_JmW^J|pxemHG(zo7(g3lAqnY zlG&Tcn|tz%Tf0gpZV6b9IB6n!8)wB+AqQ4K6n;1Ofps<%dob>Qq;^K85YV&j-c;)r zGcYc)EPdsIzXGJ|IdT7z@a}C=frR%@ViBqP!#?#YtTR_dFU3S(P zv7!qOD3Ffq78n^vV4=DGa`_FgP1XzOm`{f{-c}^0KjyrzXc>fHcIo2WaUFK^SqC;0 z%@{XnMW=Qh=+`|p{|8l+UShfl#;j1N&SBfEUO#dD7gCodYd$L*&$8HpYP;O4Yc^A5 z34NRm%j&S;3SxM}kIM>rds{KI(LbqgIEGbGhij*kWl^*lO&nUi<2f5F@5E*(eY^CD zAF$&EB`@zNjB-#5FEriO;gx!Y2etKwGNaVGKv94Minvot^RD=RAzrGtd&c>(Ppm#bVy87O6t>f~Ib>-ooDu4 z*?0GPX!zQXnP~|cnotiMwTQwkuebab@qn7YzKdrV9N@b!hBNnq{2QHS20T&dYX zM;y}=?$*MClZv8)vY+K$T2uz|4^AGK>m%)GAP-nt51Wu`q)a)$<7O-A>A%23yQtmq*5WL9KD?4+_4l)O!@xE+o=cR zs7xcGNM8z^19{$-y63B{c4&F|832(VmuIN+mU17m`f`>D;WeMPxJBF!Ixzh$E#qIv zbfw5eaA;6S1TEw5sB-Rm1z?WPB14p3$ExGJKNETl(cmAcya(zGc^2E|+h(+FJf^tWJM| zJP#zjCGEVoM$3;UBxG`%x%k*QKU@%Flq zcPdg01|TD7)J;HKcpX=NZa=s4&4|iTMIPc%^!Or@hM8lH_8yj` zN*T|S%P)a|vw3a$M#J$(VD718+;3;eY=s-erboWblVs>fa9?+w;HO}Ydlz)p!Hq!f z**p(86j)=E>6YROz}N9(!xywp1V5wu4y3lc`R0E8^O?@pQ*Xsc{718jw)H|5LtFRS z5NJIt>yBM$i0=;}H!c*NV zrLerhwMz+;sD&=_9uso~(&c`KuN9o_{0#^&79z$L^Y#yFj4C|@fO;ke*{nG<=k*Je zFe>po0j!UN(17N=L>Ty(ZS_rdy6f`~>MMr{#l8RxzP&_wCMn!Rs-(GY0SFo*`Se$i zcGF#>H>?cit+IIS1QaH82yHuY46%59uFAJt0r)(m<^!%H=)&!BHiLkcGDb=UjP2QM zqi1o=ms!zRfP|64U)XC(g4rro%CkrZBzrYli7bd#RxqkYZpyd-|E3BEUpqy<3-^8a~?^oG7iP79fy1LJ#oq@A($A_@Cp2a@M zBTb18a`g8e8`Jel8eg@}$cbimXp1GAc|Z{#3N+~hTTDB_C7lK&YIgTg&l!TdA2trV zr4+ZKIit1BOz0|~MvU?xqb^K3_-tJU0JG_ir-u_pYr`=i+|>5M(b2$UgxmQUwl>}@ zL5}5|RTJ~XJBK5a+D3~J+P2G{*p*?&!<^-|2tEND$o3RN~~B=_&Y0`0abWQUk$ zmx6+m=Fy=8-Zri**i{l^`raQBu%RS=g+>m2&(~-dKO`0zR-+*MbrjTR9a-L>Y&j45lgQi=5+xuk*k& z#9pgY>9g`Y1x(e{mAZeE!QI{)ZvnQLnv_WGItTt$EARqdDWA!L*3-=V8JQC@=Ue%2 z_YYG`0kPFx<#vq_K81uTeElJb?!BW?i11O%UCfMZZou~$zgrWWt~IRpa)Rce`!&u2 zknLjE)~zn}NueScPb)ORIo1B_I2YDgC9rrJW$G&6kB=Ya1$Cz_PolPan)}jGJ$6*2 ztKJGgKqR{tWtSjBlBe|n-Mkd~^uu;apK<0e(qT4i=VoIH*41%5ge`@yIK`zIpIWxL z>s|1XEY+J#;?oXs=ab|GNhUM&q{>BiOt47`X&1ao;WI76i{Mp;mJ|dAf@T-cqEjv0 zz5wYbGdpOzKH~XZbDA~a+@i6K&F|UHS0xAOk%{tC(c*k>z;}JgS9Q&IUxb)O?eDD` z+%H^wb0^+US5j!zVHQug_VZ{a!rymEwi@esm-uZ*@g@P(7)f8872knP7PnswlwYy8Hd%?YfV>w9B{43|!3daF=W zpDL;U^4MANV_f(Mm$c>U9OdajDWHsRS)=o0tf@MWtOYM|^LZim0BYjYD#)bZLHvH& z3@a;nfwXZ5TCDGJ>G_;xvWksavO6@?La7VOZ}tqslpxBzJ@?_68%BhSxb{?X#X z2)8*2O*u~mpn6`7lU8KA{b+e008(E+^*V^FqUiT>)Ep>v!kxK4cITk^HjCw|V=C_8 zp6|1q>&HBtfOlW+G*Y`(8D=!hu~36q&W2qauS?iW09}Ws`AooFytSn=m{Drdy?nkm zsHvd)0DCtR^NC^oEe(ZRk*ihd*+PL>c|&fI^hki4j!DJ0oi=6_ZZ9QT{JLwML70Y` zzKB>j(Q~KMT6c=+g4P@3nx=Mrx$DY3Y+>Qkn=tIWR!lK)nA=_^I)NT~-I5Z{y4pfU zm=V6;^lOY-#*@p92m_zCnBrRo7}}+x-Gmh#uxA1yowUXlbt;HW`S6MT5U=$>wSjF; zaAKcbt{h4nf3k6H-KLd6wp(N+8EgJP3jB4Ete71rluFk5)yf0W^!rE^dV7x+`a|SJaPG*Ut!HG z14;e>bTfoyk%V2wq54!DvTh7yBasZU4(25}guq`rlTo~{Qqruxhl5UTG}zKYxj`<3 zuVDep+X1P1Wa#YkxDR)-=No*Q0mhW{00F4z?%$_XsZ)-Lsq~e3Hp4oW^0~EwcJ2g) z4^N@c0t98;NXD|`lD*P6#}YuYTbaD@@)G&HFKXNZ>g-S?V%#OA>hm;Id0eVP);r)n zC5%~nNu^Tl{{91!vuwUazi9W@ms!KeR?K_|GedwUt+_zfI`J$;K1xui6qdfLy&0pI zY~m2${ly8N3dYpujuXxs0&`mwi1Zv|7Yiv=T5TGgB%4%q-{?xqm{T z(llWgbLwB;L}o-`VQSBRHY;y#ZjJ(+;lpJl!rR-`Av61phs-pDu5F<%`@0ki3_(S< zwlORe5tXq&c9ehO9~#T8v7mtsx2Y7ud-rtl zslt`13$X4RFqU2PZD_6G_s`p2Q;?ZiOyA6LT!J7UVA`lkH*!@-`Cy1*9f<+Azdj7& zyms?O&}^3MtX_=}@J5gFo`*OQuviW>jWE?VW#&|a zwk62Oj*(5k4HXLb-1;jdW=3u~zk?=~c~{}ysh2kZ*tTB*aDA&aA(1dSIxW|u$i%IU zZ>JYsi>m{)a-TnipA=@zfJ=@Cr7<|uo#H;##{w}ae-f%NlDte!}I0yQwAPsr2D7PQ~uOS z@S$?>4mY={-~Ywjdj~buwe6$W3nD5A3IZxkx^(FxO7B%d2}%Ol0T1&nsbdl;K z5ACfqv>tsJGDGxGo!6!RD9_@Txlq{2elLSGNu5UBz`#eI#5886&eh;i5wk|ww#<*5 zk;0 zcN$IE;5No|$XO`avOe+oR!xmQo@)*lC=9dJfZ9$;mg}>-AD;V>Vy5Z&;Ssz@%Fe5v z=lr1a$5AvIUG4se|9%--t*PMEmJfJoYa zBb!GHaMhGcj#$329GlFz+Djc=iCkCXvRXGsFIT>_l=5v%<#`TW{=8ID%B@3w4<}9A z-x4Jv|4LzPv(4pIF$+&z-1Y^n?^a?{l^utq--FVA1CXhzk?+t)K9sb6q{bsRKZd(O zx6(2j+NB?i6>?;(T^#HH5!-?28;O-zT(5MJfeCD@VnD9+J$D#&<%LY-(btxg?PqH8$ zD8ssI3Vl(+=$~Eti*pjC=O9lcpoEdUbnmaU4h^M^A?H2zaIES1mIG!Pkj< zosVDuGQ4I)`MnSTU{{Vm{Bl*gap9uZuaiq4ux+JuO7nC4+{q? zGCN~S_ zh**8h^*~(iQuu)B-sG$~pD=$VRfqyQw-vV*EA}Vu0`Zc*_7**g#&6%EZfJ9Id)rKx~zVwZ`NotC=r@)$GwRkI**VUu<2E$);S}p?UUF!4*zT znfeCdRyeEpE?yjH<*Es__3TgS;Oet-^20|Hfy7Sj={jw!H~!YcK%^zwoGT!4dib3= zc#JRCAw(T^sasBU_$aP75t%){^C6_>Ah~HR7OVAn~OpYK2LXkdB<`S^#VN*k}7R!{b`Yk6^p{;>IYharYYg_17heQ8ZL-Yo=JFc zRJcdifauF$UCM$!6n`emqk)pLjf$jZ2W1g`?+U@jMZ)HJ<#qD*COE12T zUk_j4*dZbbF4p7sdaJ~jIPWs}rNy;-$gXjgujun(K;s#_PmB=Xdz#)a`~W>RJPzfLHADp3@>P z6_x8yZ<$Puimz*;Ts!G&7*dO34qtJbUj!k;goWID{{-b89{5wX6{B-F^d6+wlY7ah zJ9_C&arYsF!z3?DV)qBiT|qK+JCYEfEE zHyB7e63jGnTvOR)N^{Rm$8#iP9h^sBbEZ*$)MXg~`7>I}hW`91pR+~d*GB=WSz%E_ zgrYI2)}a_|ln9-1=`F0+Ea5OlZQ4T0G`mC0;G5;4T%Bv`Z#qBI-AXa;k%H_v1lzyvX8RP@b)QE|T=&-+{KhhDjKArGJk*hr{vZ>xBQ@>Y#tNhFijTfvvQDH zEmhRb{dFZ?WSC~nmu#nONoT%ON|lZ69HA{7c&WKi^FbddrDp2Zi@0!OI1Y}fYT*S> zI?$q20zlpP=So$04THH{&Ue#$Yd9Fl2wp~hfGX`pwao9F>5=71S*82>8(WK`#&ueVaXT;QMwhei~R&LuhRg&xR$EC1^{ zAaCF7?d?f>e!wnZdPLn98@P=cR$UU;C5m-RB+Ul|QZ?8~V!yAmG%n9+q#(wrRvaoilFhO)L`*A%or3=|ijBW5lW(uUuS+saFn8MF}=v@muCG9nQx3$MCj)~b8H_M1HeD?Q2HK0j~WQ$PSxM9BtB8h#W)@rLJHDIa%#Ui0&wu%!hajjpeZWY(B&{_dZ5KlolVV z7{?a|IP3(AOBN16R;?$NYRS%N0*;oD`AU5Fn;K8A_DP!{JNjlHow$57`hL~B8giLm zNpcNJN#Wwx`RR68Dcb&kQiEMUh1Twe_7h#x6uHg{3xe5!N{!$C?(-PWJ0)zM;wN&U*vFXdk_)9&P3KxU zE z$28@1czO_9pGse>i;|m_gL9edble0A(`ymh`j@~=Cl~TzT+e-jMWJqU;S%EYZp!b9 z?;;sAj^-lr3%+*W{;t|2+$AyRpwd^TEJBeg5wo{?n~RQ19(w;Z>Ao zV8J1yToz^8qpe{1_nk_89RgnUu-`~K`ZZS$DqR+#D-kdLU7r`*PSxgtQ!u>`dv*I( zHe-NYn3tp87RfmD!fNHMds3tq{0~29KbF>WzkqvM8`5zCEv;{Zwmf$Nia9 z9@DY$SePX}OQNzlJ70F7<2QjWvnX~6)<19Mb5_)^hi)(DUF#NyZAW;H>S_2LVhl*I zr~3gk_?ii{;mj~^2~u#juYb5<)idWtzs@vcmtshy;f2YxB&tqAtZF2ajBEhYal`di zC?+5=*w@o<`k8kdjXQU*wzqS}A$0x`kWiC%E<(Wkk8}b_#*WpN)8pGSb-K4_8f0-& zO16U+u%iJAY;lUw@2Hl#zbIIg+xb?1Y=%U|rfBA-#2Xpk zJKUy;g(|e?^D#wt4LM^p8(Mobr^mOQ`kI|m-^FmcWJrAfGtXv3TRW@SDb&rzZ7k!n zSRwGL{*8CkHcewXQ^lHQ+8c3}qQLMpic6E5B|)qvEF>&%pe}qsKeNays)$IWdp3My z2A2?TKU_3&EttVB{j@>zdT>K_DKG$(@w}y`sMs_UJGM_DQo%#hw$lCE|f~ z+Ha>O(l{&s`1zHcF6bybRwHNbiW+_rz7v&gENqnLBXh*=U{~SLz*v^5^e>|Cr+!x# z3MOJFUxCA&Ho6C^%v3W_J+p(G_c& zzUWo#`kKl-z$&%)`nNtC4#eoGASivRpLfZ#{5bJZ_)gAHna-j$DA_RGXyXEB_d8o! z@5(D{T~LF07=S#R-95I&8XnXeUz`Qqv4TzvRZhd?maAYu9)Ceb!}x6y!`QX_ZLzcP z&k13Ld{oSxHxQ#x;guYU^?Oa)N}p!?O|&nlHI0Q3URfzADA#v7Sj)+THz1 zS`dnzg6{OMBX`P$;vYbY3}Tz*>p7Uoo^sT;O`g2V9EHS~-j=X8eQvK?c<>)AEu^~MT@ zd2Br^i{GocV5o!%u{@@%bEPHmEB*v*+WprLehf=4O*zkyguw{hd$bt6=S0-kE^Jq%We(TVhc^ zG0Π!eFJVb$Z}*jywiJpx&mV{R~QYJ_CWt3u|wFR597sb)%#u)v}X&O!wv1P5*m z`5U47Iq^;pbhs4+JbI@Poc+k~Pt0{U>wg`Nm*Fk(rU?8_-hszFMzD_!I#g^n(JSn`d(()ZY3$OoRJl+NXjj-s^mBYgiK{sN$g4W@35`^< zH$7>*ORFUmC#3w+1iRkhVnu}>Fy6ja(Fc%1z3oCQ#qf!~rfcZ~ZcXNE>4hBwysR_! z<-jdMGkD4EiDD?d3wS|T7;^z*?{PKW*75^!Q6s{;QfaI%($dIr`bCL-5-r+vO~f#) z8n&cMO=Vq;eM;#=2$}Pm^^u?_gyzg{a)(XEd)O9!&9mP<5(rqT<>Q*Mnmt^zPxkgE z)bbF~%uv|onB*n5ncG&x8_KOvb|`&Q2`d4LoH`eu!?u>cLFho7)=!cOa7vMoaLECa zQXx(KJa@ZV&}jQk{ABLN>yxF+=T;Z*9geWSTH>;~2SM}>SKz3a5mNau<|~yYX0b8m z#O=FNQo1@w`}aW-R5)Fk_Vy?7sAf^2S1hd^Q5xj8;x&|{i~iA z#z^&<87*a1dc9IA>M0pe*NMZ&YgpGxAoeWos<|IVoehERGv2fTcirjpS;>fti0Uw7 z7-_oPs4^^I5#N446k{5RLJ6P<=9SN!3+?O4ZE6=U9WZ}=-VXW-W2U9uHJc*#ei)NW zR4OvpQh47Zj?bzd^E8OnE|bS|s3fIT>+m~j~OSbU~_Av9=jD`;fKj2I^G_oL|X(tDA?XH9IJLHthROtre+fyn9o<5D6`7Ld&i5`h^T}& zh%a$%H0#2Hj0v$NUK^HY;k!lUVQU-bth>SKnOKL)n|fbT%}5`2*7h&H4AE>1RWfuf zG8`hN>~$aJ)XqjcCF^EZD7yqP^gj=83Qwl)uQNfgk~V~=+PSSaN9hFj_qd3m8|fH) zmq0R?K;Mw7oHD;2mn>-y|F+|kQP*RqOT|lOtt7eorn8gbK&vsbSU39KK2QVA=xS`saB74&~Tc=^Q`rS8aZ;TvA zQJ3vOAMAVI!EG6DH10e^yVOcLNV2dlx5GOtd;?9>t>?lhY;~hdC2Th(tUq>Dk#Tz} z(TE7PRyBqx47D2j_eEtEn6hzWEm6C0Htrp}#<)A5tX_Yutd4gs+TyC|bM{uINnAd8 z^XQ>ZcuA^@RC269w{Gq!%T!fiX+~3dwU&)>t)%#(;TSYgV!u|OJg@yo9-AW^Z7Z>2 ziTdP8Ubh#wE!3wo>MT>8lOwXCxmzI+=4|vm=ca7LQ@oIYG1=l?gsTFQX&6yuelh~> zLZ0qX4xYL#=%Z;)P397&XBzuMy}JnuUfO>8Y-9K3-(9qY(NzaJxWIjzx}Ve%tkUvQ z`LxX)j~eI!(@PTWH_tjw%+|0DKf1q0Fg4WrZGAWHGt^d56uVA+*^0!IU!ce0<9mcy z69pF;Z6yjt9mc)Vy*Qv5So*8cUytMQIXIuRuV2!4W|kzk=7}fnr&sUicVG_}t9@0| zmR>&(=EC5fQKbPZm)>aW#(0K>Y!Zy?#$H=9rKM9$v0C*uzq;tqa#6(=|Vvje1V&T%w2``1R`=TlKp~&YwcjUz|9?-d>v%Y3lfR29)Sjjve+@nS5fm8B_ zf-a10A@c0$3h8gphEI=66yw+3r&yE}hkMD$*$X{%OnS(lawvpU)T5ZPn)QdHvwsPM z6dc_zP~6?Rw++leP#%SMlgqyI=DHlTB7!m{cHiWQWOw(~w0sJ~F4%P*$otR_gpVqN zrGwP@AF3QOTUYV;FVIAw;hafZ=*Id-XYGz4Y zKWIQNr(jl2)?YWwXbBR%P{yKz5|2nSS~FRN{4zplY1asc<=a?&Re*i_?->CDd-{h< zM^gieBXf1@q7_5?jK^vC%N^M`QVHYj@foICGXA$i9G-;fZk90Rm{2k*>yP?T`U*s@ zZj8zJB6QgiWlunsN@y>r4RH{wh3?r%Gw4@f&6T_K+;X0FTUUF)6=h@{Bh!cMZpvL);@tMpcPE$x#;e>GY!X)uywzN8*+ z=#_K@G>~KPCPfE-<%3UhyH1MJsCkLs^0pu%7I z#xYIVoEA?*%QfR-KQ$B!Z=T+p@{lvz;iEHwb||PV$%mAxUID8Mh~%kM zOHqNi47rp!QT*LU1=8@um^H-G=lBZ1s0&VfJgazvRDgZ-kGus(oztrd)k$WYbYI^v zC=iU<7@66ugM=7>twh_Ssu;sXPhOyhsLaTQ`pL%9-VZsrsL&)@J*jLf>htWk9^TRI zlJ{0`T^*K1pd<~{@*=hPce^3j1_LdDMcqqg^IC=4tMdH1{KJ~rrUXwwZFWtXOsRs0 zu5CI&!6K|HDep~v(J>oFvN3WFA5FZZAO6m3*Ms&;?k732A^(?nK2zC4+U_6yM~vMS zI2i%Xo}~5Oiq|}iv3*|8xYXcPd^1Aq?T4>jPbrr?daEt0T++Jm0=1WgqvEU%(;g|R z7;-4oadF9*Qnpb)IV{*W{*>bUuCQE-EawP26UBA)AVZS^4T1)GjpZ5eSBMNi2ihXl z=tj0J18YVk^zrraUO#=f1*eC3y+BDFO#Q>(jK<0$w(jN5SDgly0p9Y$6UpxJl%2kr z+A+>P_^>2;OAp;xAyMsRTP+?DkbX3h(Wu?ywR1eleH^k;l>SfWpVQRIk{HV|NjW2{ z8g82LuJjG7*pU<*JN3j?HGBwm6GIlQ)vJ+V$OiE5^(UAMi)2Pux0YQeC*7t>&Lg*~ za;tT6$;Nnl<+_4{wod}w*q7W@fp}91b{T$0 zK#R-wp}m7ik<@gaD#O=!V6d9t+~r9g;5!0+qRqqg%1Gh5d6Kj zZCd{mBB_tB+46*kXms2SDv~26mkIx9#fIWw4)rdU9>4V$=9K?Y$61qn6E6APc>vb;Q$gcz5uo<4$Yvf zdGt?|7Y%~{4ZokiyPGz?hvd6ER<63D%d3Ca2awZZy;oXH_RwbI2sN@%HS)ZY|BL6-j!}Su+XV_tpcBOhQ~iC7aN1NYj|5+)@;Pa~?Es{TUyUgWHp7lcw(qoQIC$aVx7xD z^JJkj zjZ%n}+!kcB-`N2@^Z4>>Nr{ak;+g-G`68vgahah08qPC7N;>eq8wGZyLp>SCz9%>s!m!Ewep{r;JLxo zb*INsklBwbQr$X4bYo79uz|22SC?q^XYJj0k)bhWNRQFnY%^>7+_iwPA1#BAmrq(+ zT8h-v|5WJF!)3tyTlG;n)7L}J8Y!LSZfUtOP>A_B<#JYu0C&PoKJEF|CqV2$*6+Zq z##(=UE!SN(I{68N$9AKjAYw=SLi!z=mctBcqE z7f9>BxDfvhq5Xe~&;9?j@asbl-2fY*&+fv9X5@I3ZR&Zs8NqG*;~xL%-;Byjf}b1R z6~6wuLXJ`c7dl{qH<}94RTJP1!6tDXQ*cH{+vAP>!lJ#uV?=UMf75?l5L-#yZxn#! zD_n7FLPV?R?+=qhGFA)+gMal6de%dh5nwB;!o@#kNpdwe<5H>Z^$@dK&ms$nB+g;5 zZ{AEZp06ALIX-9^d4cM0P-`Z@4-UncV%aQzJ#5cg?B@O4xpW-MKa8n|j>9I(yx*j2 z6mBCDlf3sI;v0sBckSNu+c|VS$UYcRMtIw$FoN*{wisY41MDv=1x-KPcnz3MAu05} zeK`?sMu}A?-YJ1(^w|gXmh4OD2+tUXKV2|L1<(Z~;WN!T?9rYdFQ4vsgq<}#>PZj3 zT(vSqTHzvH#uS~qxQgl@J!6Ts*F79t(>&VP?FflB6D>6wDB`MIBw$RF8oZmo(oYqo zidEqbohvbEA}SpFb=d|@;3c1!5}8lJ99$g+9k19WBovxYH~NyKPErWPpscm3bLIQR zUfLY{vR1!Buoe7g$U2XV3eWmKA~Pg|kAGZytG7Cc^`*<-qPVOWtcjYsU~UIBfYKUi zXnK5n4E?0El4%TkeE0tS^@O{EuJ0`Xm2v9>CT66fAb3QcPkVFBhiywkV$USy@o|#C ziDkK9se7ecOwGk)$D>S^oR>#k&-Bj-R{qMcIe{&?Yf-9zGL8a!l(|9W*Ie#FidL22 zP}M;St?1+?K+xddi_6XR=^YW!W>vR&zW3zA#-9l`otoR(fviGOQ~2T_r*x;2>>B}v z+psPHM%DgWjg?`&0(kARq0rZO@iD@!;!TI*bh1=&ZuqB6@|EoI@%R1uQ!Rg6Yz38G z4g!vE!QLS29S8c;ZQ|5^tY`ymb-Yns*ikz9%BZNE=y?=ckeoV0LRMqM*WF`?l7#c; z<>WWbIJgzu6qaLCjC%77*;x!oyEOhI=L%FiW3)p2vyo;t9k`9{5u0ixjM4t=ml-`3 zYivwGzHF4W-&=Dl=;_V-c|8>idL=7bj z=|UCzXxoY$7S(;Cm5C{ba4|NO#w*^;4kqn+1voR{6dzt%^T&&j*cS#!+Zj0GlLKw? zkv$YDGN0HBishSU+%$s|vso=C;g}X>iOmw1-TqAlMQ5Xf;;o~t!K-UVg3_iwQ5;#3 zhFSDp#%GCJYJ9qRHofE5l1y<~`XbGHTj!Cv!6R+vJT|{n7@k-zJ_$3}3=iaI`MX%D z2>EsdTm6|}x^DAb&YWmh)GS1gmStP)`K+*`Y-6H7a z)~dl~UDR>s`=3+d{DfZJ!iGq~Y|Qne3V2QBtltqfAkNFtmThpVVyX_% zwd+BX5!kL4FmA#%r(mmEk#>E*zp_M(JX}f6E=z`dFW=?ovnp=?apM~)gsAC*;oEeg z-Y-8Xy5nNaqbX^pr*qDWa{Rk?^6)o4C`6{X!pCSc32X^^0Gn^LNWXk{y?%q8mGu)T zK!)&{DB0=vWkjkDx110QibsP%ZyUeK>PRgF6pn(-56Wps+7Vv{_K zuGL0API)+i`IWt9hY3Cu$xHbU>4StrhBoamHmdsc#fADxcl`!2D50n$j5aSc^u`_@ zt#<9&HB60j7L)b%d>2_9Kx!;H0zRgH1?0O|FiF5ucVuzO?LKtl$4OO1X>i_v@=7)- zqtY;=eIA1|{`P5jr@TT^_L=xowr}3Ybv)2q@8(b!8Cd^@x+L-Wm4g1RQbGF~F1lZ7 zoyJSyO}W&%h#|Elx#hli7Pf+G3O7=#l|C&BmZ@`W?B6Uc!G4d>+dv)kM1^|yrR)_b zle*!$UMgI7jAzXin{vka+e1DyV5IX3<)Un^mkTnx)SuGx>*97So~+Q|CgBoZOT8ir zkv?PMtaE4K1(*?CX0o(?j|Vb$fnE2m}OlQBJTJk6SsgckXv{h6S!4u_H* zxx4PX&Gt{}qw3A8{Frp?&@I+k0(JlsgxEJ=zt8`>4$U%}iSJmvusn!b zF1q>OBPBa9hN=+Dxj?lhfsiGHh$-dT&tO1TA;8gCxf3>2{)#`@UQ z3x_pB{f(au9#}v=!=^5`Ff!hq5Y~)@d9fL4dN^X2f(2>j>dwreNy90KMpuH@Y27wG zt)*Bs{V)|eldT}+!P4`SDLDO7j$`V24Wv}4?v3#oB6d+acmRUCWcZu@NwH@aM7%aD zf>Hm1=(<(~`v$m|H2a>l$$Fm8RpTw|iT%BiQQ-N+8py;rkU0KaV$M)X!@=mForuVc5$Yyz>=?+nA zG@G4;VGeG2V&RVfrGCG`TfDkzeM)0+*NL$Zy$hDwE@Ap=3-MOf3(PrF+PPe6B}2yX z%$!g)8&nB+*pZ$lBO1GC)yqTvaMRU!DW^wb5(-S{l$jUrS}1vN>w z6jSjo*=>EiNI#c6hTk^4D#Zq5oTl1DNMPZaDan@;wp|Lh_wq4BR9UJHD`LZx59`vG z^K7NQ;8+j6Op!toj_c-R;od$P8d`dIE~TJpZ?BL2u|1{epO0l#Q4TnoL-`%@dpQ<7bO^r+e@5uvM;rd}ZHxCbNWNU@W6{wLbOnJf8X5?QP&((gc ze4wF4y&N>l@`?~P+~&zIP~p(b$=qKmexa);HPgSEpcE9b0>3gxIf2fel}bhgH5OK8 zWov7~s~owtMr3++Cu838?Fm{R44};8vNNLvY#}L+p>j`Frb}tKafW>&Y~n8>8(W$8 z)Jr6%2}-v1Av$t(tOXJ}1u2Le)INnkgQLlDd-94u7kj?y;K`_3w>LEVv159+KDpQB ziIb59Qo({)$odYyCldM5Z zKetYk?x370bz~Z5&X*G!RnEd}J65I;yhaNjzcMT+DO+~p**rrWPUzQ-xRIr-nR1Ft zhjGmwi@`hqS=Pej2WppIegv#2Yk041^GSf*G(2eW8GN3O&dSLM=+^YfjqMAHCa%mj zlQN2>5l(j^i)Mo~4}TB~;<6iaFokA`a>9}(8kS<=nW4OZcl&ZR%vV$?ZfK(0M?_!W zVaLY&s*~?+uv-i`*i$qj@7(#M>X?y74+lyYs=0Tu;VA1Q5tir&e+`s zcAdi}v!vTgd~S|0N4v2$Hr$FjfzyXCg6TXgTXhQeZCgV;F+Q8w{V-?E(d$mt6__f> zLxA1~HaR}dH3PCvO<(EEU#5Bp4adroiRyOOhY7O`T*vIJjjJ-WJcEt)(mgaQrYwhTcL;u4<4Gos#FXAHHxc19O zFIrU*9F;>tXX3_l&FO_)fJP!OL;h|FOJcfHm(ncvj4(9+6Vb5=ESlgD9HkBKzJ54< z+R;2LreBikHIu_tz4#cenb*xc>=ci;sir4u+7Z^(E3WSld`_3SwI7D|J!#N}+OXiT z&=BqD15)N{WXADk&~HD1f;Pl)KS6aaOknshBDITs!1{bwLB)IPl{pz7Zn8sL;@g-z zpJaQ2S=7j!r6VrZTE(+cZLU8}0>2Zl>$?Le&e_;hH5PM$6JjjrpR}Jeju!W++%ZK- zxklfNVTjeV1AD8bYgA@SM#7kMg!pIA(Kyv>s~hLiOf);yU;O+P0q&Y{?bC~bXp8V$ z*eEr#?rBbwo3GS^Cq69YZ%KXy-2D4%LD0w8kQIpQN2QIy#SLmL?UY@MM9KWfx3Eis zH1z|@-kQm$yQHa;#~ghyyMVHtjgeeA5FuJxeict}i`MU&Ig712fy--bY@oj%r$ylt zwV@M-s}?F@_R5omYjnmfdu;}XNnTn`AtOT(N@$y`wXZRd{pXF}T;n-mJ+42G_ialJ zB7T8J#}rmr6a+=}7}*THn<0W$`GE!U*qxBwIrAm#_k1yhq}QB(;=9~P8a!b zzSu;jtnM$AmZ^}_ln0Cgg4M-0)O6o%AkEk~HMKJZPH|h(p3Zike!Fdec>OWu^R=D| z50Atu>Sy3>kHyeE-fy2bjZv04m{V3TkDpy{s-kMp;1Jos6UUOwmElo#9>YvBW-cCg zYil?kA0LhKzMw1>35iihJO7yN`ZOKp8)fLUuhKGAc z77TlvaSHq&+nOAJ(;FNO{Z&t`!>S(K%by=wfB(|dpt!05j9A$Rqxo%>ax&*)?{MLY z&2n}n3(i1qC2~jedd&3q3b11CNrkO+@!aFG&>jw(79x#LfwqVN!S?5rMJ+n}F%i9@ zc|VVAjkx#D{@Go4P*!yNz7jQz6&DoxOozI6s9Dt@lgxKK(_dg8F9F?U0K1c)tn?HP0KBRyE+1miZ3^Fcrz)ylDV{( zE|>_a6$Ok;X;zrkO1Gacr(It2V{gb#>U#7d&fAmW|JOU_Be<>gC-+!}eHp zF8wqU`NC)A-Ae|Teb-1M4_bceF=cX8PLZ_=K45By;A#+jFO_p=+fF}F5?)H*SYRrL zgnR!WuiSo#cl~plS1u-SzyNXB%G?C53rQ{2cbsl`F>p$-Z~S)Ps-XFD z=6#)`218=g(gtvhZHMGjW7;w>dd?J#KJb`x{lU3_#p5a-fd{`^G^ONTR&nNrf{&x>#bYAbx zsQt-`blf{sg;Hm>mV>_lVQmPK&K=mfEZq(@krZibmH0!1ub1bX2Zy}ZjswLvk{UdGvbs>lGUlu zw^^AhzwG+-302{`XwawgG@{1kX~clu$gmQ;&c8`?ZEMjLkiBS{X|eqFS6=`L(w~8U zQ(#_n>8$;mVEH>r=>6!A8ukApJMn*s$QKoUi0p)J_-42W3WjmJ@3?0{T(q^HmI111 z|6GuBK)&Dps&nj}PaT4FhNok&sFx4_0}^}@Vo;qg*=We4U{wReBmUgucQaq*!}u`$ zgIsI!n_6q=B`lvovL+XUON4Ahtz3^%kuMLAwKrmp*3uRNB$Dn&TRg=5xs@b|yXa^m z4{wmviDZbkUH(oxm21@Cp`gR6%5k*Vv@(=ck8QXhCpE-X-6r(t69pzFvRF^jE#1a= zSB^{m24?_JD94&d!F6gTfk)ttg=cXz9!<~Xb`X*?*KEAbp6%$X5C4maJV%a=9B8R` zv=OukL)TJI=0m?atY)E_8}c@$ckSCdysHD?9m})vV^(EdrxRo4qSnse-{TT|hz76! zgy%?}8(cqfdc4t~2dAH%icNVY?_51yG~XtDeZ!}6+OveOQ-s;-M}IpXwc{8|t7M;u zS?4luIo+^Q{7hEG$#tFiJloxbyX-pfIB4&{`0E0d`vh0L{E@g{TVdsbUY>9+ds|1R zo+zlDOlVD>sT%O(KwRf|Q7A8mHmIzH7dX!N+EQ?bg}H|T`Jdja`<8K~)RxC63VufB zFsw{;RA0+c`q8hb=`YKqV>NJ=_Qf?n!ZPQTul8)eRKaG>#kE9hvdgTT2U**>?N2N~ z#n;^>*&K;g9NWT5J4JX4=DQrwTFZMP(xh&SE3*bgtqGLHDmqdT%;AnHh}F5_*y>^3 zz*m}8SPx8l_jIxe#|(tcH-L-8xL|=_N$?jl)=RSckK!JQkxFvYc&Xqnp4ya{WtL?O zWR8_a=-4X`el}2Du9eGVkc>rS@?eNCUdUF3*Yh&|zox|=L z^GHFTkg2A8jmB9iAUyR;_UX#T!CzxEq2A>!ZLN1l51sJ~Y(m3-6z=syW3O*aPYrwuPj%Mff6lu$+?VAoiGHHDnJ*ls4ew(C|lsq~xzf}tkAf$YOl*gMND6z_NWr;g^@iIJ(A* z!rB#*%ARWmWwSKQm%5I7`6L@kGDK*ceLAl%4D{rw2I=aYU43KQoxh`&t9xH{K9}~f zpxcQ0D?_xFsT`SoC5c-{@7_vvr;rcit$%O(fQ_fZX8H9{SMPN_-P+LiMr9f$Po%G@ zT$kmq_}j(fml|2C3V&WM;n?l&h3*E=xkQz@oenKr`g{$viGrB-R^04*q)=yGx82a- zS9<6$Hb24?X8bOKvszhi8nn;*;tth`hJMe6^G)kJPNz8_$whsAyY#oY3pQN;f%yGe z3eJ4$nsS1?Pn>H5Z#MA$Tp)iyd|5qt2aB>hSKeQlecku?4U$8DGU?Tw(96MOmw|-tjMnA5Lo#!+ zF!25)QGz&g{GR*`r7{DkNq2rs$v$nvz@XVC-aC0krUxB-Vvmrt+whl1Sys|CZ`&fQ z%im1!SWkDCP}Xj9^g*i;+b@4|TN@{jeF|SgAi&lQImJP?`UCI3AkNZ9ZBDvFyb2q8 zh89u=b3>sg7ljooy?Z6P$30rM_N{o%;^O7m^=Elu0S9&0AcARYFMBZWQ40h@USV0~ zQ1Nla{r3$%T4VW6_60|kFRl$m3M?eeyvWr?Ox4OptMq%v#|uc+e!K*{;r<`v;z<$g zPk^C&Zd>CqL{qT_%$`iR6$d@G?PLjB{X$h+AA`a?N%!<5LTegmZvdg*`S4(HyE2e& z(*wEgSExfYaYrJZ$qCx7wDBAdH;lFCo1U&6E7UkdLy`|^3xtFPZx5Kd#cnU{57x+z zdD-Iiy2Eau-CTt69|vp%Ph-7uuxO%cP1S&-jegRGj8f{hc(}pN>wRSDn{`*h@2*Lj z96tN~L>+gnChqzTQZeKfF1LjxojP8?ap5kr7kvm&kWW28Ug=HF`cdjKxA5R*w~zhh zh@&Y1SI`bt33cFT1;~fR<41uJLRAdZ3zir4E$Hjj+m4>NJyTsKc}tnKhj|@Ua4Bfr zCERh6GbH<-f~G&!>PZ%r{FvX~;%T=FS#XTJB53s>%F}z!E{BU}L5X!xC#Gm{nYo>h z=P2v?ntf2IevfdPdP__)w$h5uAe7#xOYmMoacEdAs7LZu`9-fjIk|VW#j1KME0px~ z)5QzGQo!%aZ^xofIMIod@YV5bpGm55OGxvq$tzgGo*8j9(qSYL`|9p6i%f zjhAP%^zf!jpzx|#%HhZCVvY&l6ACp4>342Tngh_>1~X>v;d{gXG~n#KhQf!*OJA zFh4L*c8_q{Q8k^6a9r6qbtv@ND+DtmcmS?Mc8n6(2hn;q$)Nz+$%_5`w|(d>dNR;h zx4VGWvJ;dE!w&06h`(WDzQsxW)~WmUJEzE?RPHC@j%h6NUL_~m#Pg)-%x2sxNIb21 zeaK)WX)YFPINelSxshoPS~42_aa#D}Va}Px(P^P`5iR|s_(2sc`Gb*O#qt-ux@Va> z7T4ZyzT+SWF~;9_%0KZ@l6CkYZm?*x>=yQY-&}`G3F(FOKdyCrft=Tg^%XI|`CVNS z>^L3Wizw{hW^6G*$L1s3o7W4B!QZ5AV=9PG-VhL7cEYEVV8CPO zRa)q9!}rQ~&;Re*wxt{rWt@N<&zWet!6X{SQ z96@2Jm=N1MnfU7QV+pjrXpc0Rt5cKu{NH=}V?}wU+giARx(2NH}LOT2x$D z6$<9inl$T3;`8tp9emZawp7O`i0LkaaT}FrYyMu`OX?W){bogW8QMe-T~Z^+0v!8= zA3SqzMn_~D{5?*QxeWs+T3CiI1KE&= z98ouK?*tuBJGd9s7@#C)Rn3OV=32XnHy04xo*w(KIHXiBe=T1#ydgl}sD#vcV8=>o zUuF(i{@Z~F7lMHEB8ilnRcWXd%F!%8#h|Jv5frlTp zF%s*Z=3@6ZXCT#?xufzbl3yfq3-J{?ZhiU#28IF4pJ@PLgb*v&Ef)7P+?xQ}V zD;bX`3AXJ|_r9m!SiXEk2(~m|X(D~2hhP1+Xv32u8@;LF{7E0l>x@<4i7bWCPPVEl zGaxe47|&7d_yQx8exxuK&?ewy*AK0b>J#9o!U;MRF6@%Eodnx~c<(+OzQ7KODBQ4u z%waoQ^bZ1$I%ExMRGT!)U}l+uVspcq_eWP;lq(icoY>o!^k1z`Et=p* z8099-YFs;uNyqfFmz+d#%As#z75*0vNM4)vAn&FcK&oisEHFmG|F5A>J-z}15)t=k z1P_{AyZli~dQ}N)KNUKBGvB2+(SgMud}=qC54QS1D7`c%mb=ncJIh0|+Ey5;S0>bW zcyyF(JVXZttKLgk(?P4QINZ+lx~8}K-B<0el>mC3nH{9yS_EWRyPpbdd%rpq8hpZlRW8gzEX;11hgbcORLi;iIz$|;VwYU*yNB%9Uq!6Ii;A=f zI|;`pVcEt;3Dpbybg#tg!Ss$mWz~&Z8O{9!{-|+5XxGiiYS71JcgS?FBO+OuFeT)H z`g|yd4$YG()>4kPwetLpt*O^8u*(^E%A+IxK7&=6unEBEa*0ShhYf(vhiSqCgI{^P z&Qm6DTcr{zLERA_wCkdgE^%v7zi0(4Boy0rvbY9VddflxA_3gDl+79En9SF$dUy#e zC62HH@c6Zxf;&4%X~ua!rw>NHz(s_higDoQbXl+L)w;RtFLR2_MAlvC`meSdC)k}y zuccM!DxBxmA@blIj+p|eoQ-SLU?3$NyAg_|Mt7-WEFeM{r&@)rudOXn9raxK#d7&^ z&u^ASv(rDk!T?6{k~PM<>m(g9Nz2=CT)iTpSR*y;8{RHRCX=MPYMkA< zMR%nh;gqDy<9uNI6%b@Emt+-Xz^vHjHet#0D`l3m^fo<%tGqHMO=+woT%fpU7P7Gx z)?}hbeej?>k2wo|w6R!SN8wLQ_?5a~7p}Z=5-s@qxoN42#VX<$dHxV@QB9In$Yq$2 z?|ZS(nuvo-u?YM!_Gpf<+LLoTHexRzHM?JJu>1~C^Dn;|G+^v#N zbm&_dof;mgxLjM{FZJ<;g-PR;&IIuLSeBpj^uoOEhyrVgL~J|g+&PeIw){F^5I)KtVDR& zR6rn5*57fiqbML{*~5ca*nBi`lG{B^iA!upX82*Vkj8=TKE z*xmkI=EF#51;*gwj2n*hrq!3N@x3&hDJc}2)iD5m0JCro6Hj1MT6^29>E9A&Es$ue z`Qe{fo3ZIg)@&oi9c!H7QkA@o&bmvrmczA4g=#4R-VUeKguw~$UtiPX=f)rk3lI(z zBR}*@pv0Vo)X|x*8a|jiYLQ%(iBg#!{lMoR+KFrg!byp#g}(7!L~&^`ndeV^8hfRJ zt<@RrBKw#XX}+<@E^%fdhbs~w#uZ5+9P(-^j0Yh*%~8IU!enWF#0*emxtzS+C(NO*bw zAbj&%j^`>}>^IUrqCnRQOV-75IAv5ZjtZj!BrFS5NqrUHZxdrP=GYX&d!O@{d;}aC zl&+42Iv3pYD0LmqK2pB3AfIOtFdX*!2QdHF+7^pN!i7gs;~oJ?x?oq61eeRI5jx3n z8-KC&GBdAQFc!RsQhi5o+EYp{DNse&H+x;iF)I>SYd(pNqg)K#1R6R8@YnO&Dz|x9 zEzo+^GkKCifCN(tvB?MLnqBNBQlXtM=%{?=yGlYFJp_Gi_F(lbXYD{&*BgbkNoaG{ zNJQeBt9J`Tx~+;-ZEEu)k1#*|f=@Ok?2gvI@``p_$!)(K`(rr#_PECIx1IUtebhl7KOrR;xDAS6Y>o>O|z;!1KI6iYxR<7N$8TSyv$`RWvPiToJTinleMCEuQJ{8Pv3G#XPtT~zWmr=lpe|rX zfwEkx&KYZxyPLF@Z6S0JeXn?1V?|GsCL5{M5yABya?v(WXsBHXGWG5sar24KCvo`& zp#3aQj!pcK^1h$)6i0EEd4Wc(sg;Cdakwz|bAOmKy^HGO{2!~#qT6o<<{xGlyYl32 zD|smVJb?xzRYA#akpszN1?=~Q^~qVPqYq^2mV!jt!qFoKB;x1k+Cg3gAbG&y&i=eOHf}lv{atjv~qSwy(j^&=}B!fOMqPM(^SXve&Mrc3v9ozCpCT2;ZU`- z7Ytud6Y@%7rI&VFz&aY91SDk(uUCX<(xNZmLu>|ID_9?j?st&@Zt>lHL+Tm>jTLiM zQ>HZ(n#ls!aYZfg-6hn>B%Txh`XpV&G;cU{P-4uXbjLA)7gD3$HcnjZ&feDx_hCXT zD@LLmMB--lWx#@?m6$$oA{P=$(mKJIEp=}& zx$fA`MRD$m3v>6;4Edm>S=&-B47$bW&fqckb0TfV#u4r?-|XsWsS7AH8Qp*^v^pQ4 zkL5<|pS0_BarWJx+cR~LzfC)ZEzRo@5ifJQg#G>nmE0*~1R1P_O!AR&y$sD?)5UC%BgDKPot-PgHp!Lp|#KJ4;3< z=G?NjgSEzEev_YdV7j@Ys^NBTyv6Q4fW^0}L{PWPX|ra|MhH|->t*6!_SG)l>2mWS=uCg>U{fDXsGs%AACWPcz#`avO5Y>*L8nW9^n$*R0ow*IH3A3}F! zmuQ}JzT|Z)eU9vx?qi2xdc<42dZwz(IjShR5JGiVJ3f*AHj{?D3r+d$XRFh)`=$$S*%GLEQ;NZ4V+=+T$jB zC>*B-{lU4j*eN#gB%Y}F3^>xjGCRyfEt;-9oi8fffs+2YPr5C3_=+Krfv3?>cT?3l z`(61JSrO>a@ov4N(%0;ixDAW`CmRnX`q{>p(&=(%_<9*-B;j;Q+&dCfRQDT1PG_iY zt@=UK>0%U-<}A)!u<5l(VLIn+-DYC=C;8*2^>Ic$6JLC`VV_Fh643qTFehQaZF*=_ zC(ZI`rnTvCGk^DenT^XTXEWq(Py=q9$I+@%O{;2iMs@B zO^Fld`_4cLo{wauUN@BpST@8~Ne8cQ#Q$(-F`}@knAXoA25tV+GZhuzyAu=_-C!CTlEn#M9c$db?*Pu&IPP!&;Jf>#p4!tOsQm z!fC6l7ekD3B}5ch6Hml{uaO2Tl1F@zKcLpABDvCj7?1QRzU{PWTj*S~kKFB=Lw~7J z{c!XTe-4H58)jHzmI5*Bx>FMr^s0Ax1om|XWL#?{d|7x@!cl))%Iy6x+)X3g#Tyjv z9lj*N_Fi!mz-rZ8GO5}(71&f?x-{DGd{cFVGN zlpk-vh+DWBVsb$exh8hSOUe;p?YlI3?%*CZlsNRZ{V+|K!7YQAs+?@-H`x%XYXAb9 zdmS|9jdQiHj=(w;fMoc18Vw{vx|4_nX7RQ+2BEbpRF>dcVn9sRNY5?6F+3>XqZdY3 zZ33Zbaaw`qv}p&(ZneRNC8psG;ql$wyv6!Xw~!;_E7#67O#A9&8$Gfao$oe2{^A|S zEEhVm(QXG+GUkq~f#7F}p+Zww(_=VM^RX2G(siecM2EI8cIfvjuJ*SWn>#m9`KiDe zL!jPtyzr|myd+qop}S8dC8cdX2V)_wdec0Xk>#4^)099QqmB=Ye9Mc z!w(q$od%($&~GAi_J)0BgV8h)%ib!so|Jc;2aMM8-8o^!odgVxUdByNV1v>Iy@t6M zzF^+kx43@g7NlXYpTYI{AJ9~K+t54WPwuG(EsSIS5^?JIZ*YRqJT6Y^DBvH=_Va_) zbj=dZfPk!I8nmlMLpZDNHNFDR9Byxi;|6h@B+5C>nM`z zwy`=Se!K|XUx>6pfe%M_3R%CvM+QsHfNZ56#JLKNCXugKIGF@R?Nbh)Msk~H5QdkZ zXlE)3TJbs!O@``mtT}!-%N0e9i!LC>A~4SR2CBgxi;F6yheJWFy6&~Q-6_rZGC03) zz6%!}Hu2N1TUlev5>*u#E*XBYVH2;KV$-UNRn{33TU9P~IA$50LgQPjddHfZ^^;7L|kplF(5>h=o5$kbWlwKp!`(SAVBPnQ>k zprWD$=&1i~y2up~q_R4bCT5iw*Js0Qy=^&avmP7R=dbl2fu*AA>Y{8T3VAPF6R}qO z^Ti>kY4{1#llrqnw>PP8?<}KEbvHoXrTz^5Nu{oK{Vd6t_^+D4fPd8l?*4C0VC{d^ z1Qz^P*4^p9P__Jj)u~MRZ^7aJpUw;T8(Q?tX#B}<1G5^oqTBh7^Ftt0rns+MinrzgWmYLHc%o z2vhN*T;rt@0%+cw*0JV1>9y)dQU=I47ON$i+EerK`-V91d>h9$8e1!aSx~o(w~{0X z{`srZISP;LI|i_FrBKO8cAsq3sH4+6qwgBA_D}HW>^L8ryEH$=f4#Uz=MF(+hn5(O z)(x*b_;dA7=LakL%Y%Ac^DxURt%Wf(mCcb;OS(pq&&Gm&fQtOmRMJ-qc>`Rv{_$Oz zzpu(rSCd-_5LIi}GV*h}@7I8ptbAg2S?&@INp#--Cmk8L|^5p~Tu`T#R`I^dO< zf@r=nS>!?5H5OmD=e*Cu)IRg)b7jFrHbVm}$o=&O6!NtHwEJfIim#Pr*7@bx$uCyT zDNJ#`azoNG>&OL95C9P<%i_T zU2Im* zTk0-Yv8?1VM*~m<#GFAD)Hl|)P zW(Lj(Jmzf-!%Xhw1D392#OZt4-2S5zwhZqB`N%|!+5GU^<`kZIX!FR-x{egsp1-^DIT=lI9k0HA9{D^%T2WX$hQdT z-y!if5yD!lE1b&PIL|sBV6%D2)dV1_ZM1N)&m(mF^ACXzJJi$HTN`b1rYSlDV))o| zU0_`Ph-yXH=j>3@jWTg}fJUp%s5!oe;;%9JR})0>u`6%3TZXNQx1mNCcWNs5W;f1M zf=xb5B}bg~s&$hLs>Lr-JZGSUqUEKEo}wwONn$x`?^RCf2Snt5Jw7Hz=It$5bd614 z{f8p1p+@nB%Z4J*J7*nHsD;15^C`a&s@>5D4{>^&6YgWq6^YhzV2T`~NU`fW#du;B zPf9F8&)!MYE|2Kzm7s}dN;Be}Cda={vX=|b@P>Z+L)~xw^i7rM-j7&4JD?h*1nhqf i{trz5|GHmUI-wSm7XFau_qqP`sdY3A)yp5*KKma}FYKlO literal 0 HcmV?d00001 diff --git a/docs/wiki/media/2.4.update-alz-custom-policy-search.png b/docs/wiki/media/2.4.update-alz-custom-policy-search.png new file mode 100644 index 0000000000000000000000000000000000000000..701177256d37914aededf234d758c2c752e3458a GIT binary patch literal 54617 zcmd43XH-*N_b-YCuz_8qTPOkoN|g?xAicNHr3FHf-a$Y`QHu25Lk~e9gceW{BfTd; z2t^1bp$UW@xSRL!dGEO&?uT>6|HIj1gzT)n*V=2%HS2HA%?E8wWx5MY7pSPH=u}=j z)1{)K&ZnX}Ep?6tXkpV^J^;SXzj|TfNkv8f6?vd2C`9L5zcRPqsbh}Z&&c`K8CpR#o0RaN8B5I)$~Mk+!VW~6^*^s zYexAX8TQNUy=IYXn!eh&oL~Dtidy=sIffwfo#_RyMUxVBPaXyAc34c4v6 zS>FdG%Ct9gS}Lr|d*Ta+Y2944rAjYPPE33MT|zF*u?8x^b{KnmWejDCjt!kG^a&5} z>d#L#O*|$)7bIW$dt)WPMbCR#&ph475IL-zYOh*+qj#g`nzT>TJ7(87TOI@Ji;J$Z zK88sAutJl=?ZlSj+QGV~Iv{<{sokiqA0u*DrlUx?je+n;I;$$snz`tCa^d(rt-=;K5%d$=oxi@MO z-CCYec58cR8rS%%YR)pgu}Go0idM#|e!csRILq1L_p9ltCc18{VBFE;cN1XC9S2I|QubGY zvU()yTFW@O^N2-;P1w{ZEtyqi1>W zcxn~%&Hj}DLU2g0tV>X<>wf#!jEAvn#3Gz4G53dp42O!2ua^N*6T7r2oZ>bA6srDq z%CYxKXkgK+-??nOGJ#_}RVyFf(G;}qZdYGYJA(RLjOhRt3%cR?G34<&7cj8qDSV~T zAmwP=?m8{G0_t#$qr(yJ-xgSQ49mKSgJ)Ru9Vo?fu4jdAuve zAb*$$nqlhbPOB!iG%$rY>I3Z5&3;&fp5sMjB;E`4J;2)wgr4u-CueA0>mgL_?_+Xd>-8ea!Oq|G(M-K3g18;*ZUJn9%d0@V6cRiAwK5&K zQXW7O#M)7EusrwfRd*)hrxe;5ciP$w9+7{}Zkb-QO>FE-4n!;?;uJ?Fpg5 zIx-;{ZaHEtmg1DYIr&(Op$12)+L4V|0*sj+2=|kf1AG+pL=%Z?|D#^{QsTJf!!6Ne`caSoinn1R_(z$ zukU;e`$>1fXfD?e#smIBFWI3{iSIKkuht(^vjX*o}#FidPUK*$Wog?H`n^74T91|iOU||msl!NX(c-+j`BHbFd7*pMslmrQO>jg z>q5(+x@rn?zkSoxYh%>`5wdc_f1h5|N9ON@Mk+Vty;ysb%C}}+KoV{lVn=o@$%3K! zc@}iJhRh=NQBQqQ(D3aDyXIrw%LYDVBl(?P`s)IVb02hBDNY43tK%g}!S9?fA05+W zOB}@COMcq&w@Rf(3^3In+Uv*wTCb`ftnU|7r& zv5EeWqW@>f6@?%gz&daRNx~sT`R$=P#F8S~f*#tPa(&&!V5P`AwH%Bh{ws1K4IQRc z>&$!klVivEA0_t2H#(J8u;6x4@V}JE-gt7we0R)Y|EOsVRXvb%$f3?E70_U;bl^(# z|JZs+fG_4A4W|NaOMlX9c`e5- zGIaX6rRQff%JHEF75D4d>)f)~si{!Q6ajOmjf<5=i~8+&w_vjdEo$Z9){Z&>kw3A?>Wjj-#4mXb zoeqB=0Orq5{lh1-vnF|) ze(bldu;!p7^+yj`S%7srzX>r~QHnA19(L*RJNgSTkI`X9-sbCnq5g788OFG%Q zG%D!$4~gYYgl5SEH8F5aQ+#R68p} zTxXvIcam{i#CR_koSWfusJE%sq0;6{r{$dQmo%bG^TJc@B;)M$SHc94JUrjUjAz08 zGO6~Z4CW9S2LijB{?D>#p^+!=KE-w$e&0Pp#N5S^VoZWwlwLikT}`?f;EB}%C?dJP zW3)9lmVP`sJ-*iJ(t5OXhLz_bmQ!V8)9AQ_o19T=Orvx5KRY5{bDoZFgs(Nwpik!D zlf@ps93fQTq5wwwvpGBq#EDO3y1wfMqo+Mz2W(f%R&*O-Dk4R!Coj0{{kkQeSg6J; zI8n^snv+M%egyOA^UJ&FpdPR{L%Y@WmKo97&-5m_u=7GvXtTyaPy8xd(c&G_mN{1% zuamf^mqVp0rwYZ6Wkgp2Tpo5tqy$x{^)WN@M(qlgLCh)CUyCm4gMo9mmG?nFPPN5t z`1xbI_!X%4MaHsG_b*W`L)SdWO+zIo=d9xTG?%-A%^r65&&F~A?oU29-z0f5hB zxI@=s8qb?}@I3)^sMEkvY6GswP7^oyIf*aaXdACTQ5<|pn$9|d&5uwu`#PeM%clPN zaLtTze(r}_l(i83^L^4zW0*bNl~8f><7SKaebP+i0iRGBZwhM{6eXwiYM;G#J5(Y-bzNTy-JV4DDXN!`g z`_btPoO`jEFa{;n`K=&ANIG1$&4Kjx$GbW5Jf!C$_sz`>S`hoJTh?}dr+Cjm#KoNl zJF!cWlB*_U-=>hzcGR$Cyb90SvR>&v-zt=W-=v@I0sfJZmWz;@LadYHe$ev+sqW@P zxVM&EsgWEgPeSdx8GU>jio+ytNC@F+pDLqvIC%6tUBsrK8#06-d?AdGyDt}$5X&Bp z)6S@@>}in_n?24U&B19FDwj-$30xK?|Z*G2#uhL+(8_Z@S8L%9XJv`THiv~ z(c)bQdGy{2(!TKBPb~xeKo$1Z(xkEEJGHBsFmVj3q&|#hZ|b+;u~c+ALRwF7l&HF9 zndj|aDK?!p=nV&(e<6Gc?G~c+<;)wo@s+f`%r>iZPy)@U6Z*XA&* zXiqM_q$8LkYZOjtx4`Ms1=g;{9&nJc!pG+K&+)6Uwu$)vNr-ZFW91k!@bDQv4f8qo zR81GHP$Rk*qIST33~&3CP^{0}v4*zRQ~;}NwEDiPNhUmT|NSQ0@172~W@eR^DQf>R z2>5sl{6n?ZbsdjyuLzvuM?AaJI7Hr8`PH)>`ptK1OVd9l{AT)7w%kA*LINTt29XQwk)+`x)8*x?ylc%gt-$0t zJZens9HItI;v%@fwU?jBl@98bDaK!#4Yltex;oz6>l92JE{@$dKJY9%Oyoc-&<69% z%ecAA6x#%rZcis#*!F1CKRS!un+^YVg^S0MTg&K$X!6z$JWa`E;LpBhd|}N^2Tqfe zrOgrx<0?yGhV)v(TR#_*+qnv}MPSU9^2n68uuc(IkKsu!&jag_>v$H=2cUmnXP{x$s?vrbk|(dh%S%oXeU zd&u$4fyY_<^QJ1geeC$cyq#@5t>cX521e|-uU?<&p@C&MSUy)F-bA-lGc)eS@0WRS z%??Anmk1RAe2VmGXj}*(s!7)@%CszYCF`5jf`p7%71V58~$D%Gd5~3L;z+R2T%!F>_A}Xx>Ja=@rux zhf5=XQzws1os$cV8eD-LF}H4tKCf{eD>w)(W*oZ3L#i?%SSFPp>LnQVe!zA$J*=Ui zdoYPj_&WXLqM{zm9mp-OZ)JWOsVR9AT3!4&UfHq=&e)}q6;VTv+qJKbbA%F&cuFbY zXtr5c?YL6CeqMOy%>d$zAOBH_+0jlfc4Hw@Qqa@4;x~|YELorr zSJZqRLAxbwYMplLm0Dks%U?bPzm}^!ioo5ejpn~iL63w2WEo^BZrL-;yNh&OMEN#k zPW8acmE<112$bD_23)A~Cn+`E$gOWL_a=@>fIN5OJLM)z+K0rP+@qm~YgurD;B6Ai zr%H=pwvj=j?tOwMvt4Ckw*+5eV$FBQ&#CL<<O?T-HU;X5DCVZOJErAmi+aEx+dY$+40` zozTz6_z2PNem#a3+5BdTy@9^!so7*l1Vd+HCS^-QMwHtm1i58&92h>LR;-_h)Kcye zRPpUKe5!Wz;-6UgH6+Hx>ihm^_&|J$(=%V<@Hf6Lk&M*{QNG~vcdnY)P7U@4Q)ZP> zsw(D`oBh63Y}uJ5JO!6FeriXC?DS!AW0!d#Js0cbR}zXBQ^ZIs zCE`h6Tq8DQ@dfmbYRR(j{wdv~l>U#;T5}phvC-x$KHVoat+i~baJx4D zQOc>k_;*yW|4JEffEus=ZFpVxk?DT|vHu@|{r|5Sq?AN5ot`aFMnD#PvZQ<~CHBwM z@|ZXIj8NK?iK|Bx(?-63=qLZNRQw7GxQi0>G}Cnj-}Ik5Et8X$LMMCw&40XxfKX70 z-YhBQD@@=*)4-j1*S~0{*(R~)Jq?xRn9df8!|~ZV9sk7jT9FuPs-8T2xQ%9C`K@iw zfTOJ@OXAXlP-^mGe@h(?(M;r^Wts;p*amf@#r&#e&BP3LL{7zO`GVi`x2z4Oj}x$S92j z9wLvM2f$qZ9K%KESdS89UnH*K!8Gqef6O=0-qug$mEr|DcbmF$8zj7+TYk;$r~$*v4MysLR2x z;!ZG*^(~pr?*VMH#va@uZ4CPhSO(G1XIdw@jOUM$4;GGti|fgp{CI@@_b)mr0HRL* z873Ss`9vj;P8o>z6zM8o z2h^6lpbW*;1U1IZJ61@2yw{>RmOVvI9SoHjHpQPAf76QEj8Xc;!XqaqXP~bSMsKg| zFV(yA<6*b#G3mR1Kqk|VcyTc#hMGrMl;qZYOq#zK)Wwq3CiX*ij?SxGGnel3SYO4D~vk}lS|b; zrnx9A!c+O;Jnhg8d>lFb8{*Z&=)lc-`b3NV4>c*|xnMcn`5(CDO{KF_xmUl5KX46J zDX0eZ0MK0(@07J_s=b|^Q^5NaNz0scbTWhaMYNJevQ4g0#OfevvH_JHv;Wzmiw_I2 zaf3NHCg|Rq=f%0lN9H_7Or9vc+~^I}I|0fAJ4{!DBDw^3?uWbetFdQRG=;@$fYx(p zZ~n>flDP&>tL26y#Hf{V2ho`cA8q$a#oJzfDrj1#@43K*cm)StL{oj{d?LgXTtoZq z7lvo}%EX|#Jo7+u>`5|b2}X6>FUz3?+Ayr)*GBCl#e@o^w6fA0h;Ab(qm#AE%UFMk*QLRH z9Khd2T{8r_`wQRO5*i_WEj{_5P0s|#4i8|{0aUWwYQ*ok5(gjh=gJ5m8tI9ygXw;_ z#t~fQYAYZ;$(Q~t`_F9S7Wql(=B{#sOQOcewAreuX0P(#8up8IJKWr3?FW`9H-HzS zGLag*#(C%KOlKj@NX>&T!}L1<81K%fpX;JpjaaF&=m~ZmD7tslgK(&!%M*5YRXndOa`V*s*-6S(%ocY8SA7F+h6_Vt{c!NH6y2yzx1^ za%))Gt7&_Y{0!~GrtfwT&rZ@hX130m+)UWX49Cl>HKs@Oivj+F>ruykANjCIn1|E# z?WK>Gm%e^elzjE7=2OG0OvyLLhIUXLx!Rs@lu7^Bqy;P0BR6ps;p>nov7Cg8^9@R< z;Qs26GNDY>$kd_Pq&GH8R{z!l6xt#7Z)EwraO=CIx7ghyIX&-l7;eBg*p=*)^3z#Q z7xpzwFB*JIh{mWZ(aN{4Aj zV+JE4o$Pv*Vp(9}W_sk1p2s{=KTE(3ax_je#vYC-dzsg0$gd>UBA%+5FJ>O^WDRW% znut2=Nj8KTitevVoc-ei#-(seK&68VUZvX z>U^Ny!8>AEJXr~N1)~dc9==E#Isi*@YQAS=lJlmw4s%7E*ZYggXNWLIjY*A#rl+4M zJvxINP~!npnSWN`fpyjE{;fC?_C4+_=Z`mCi3vrEI`KD(OopUkS0|EVqpheT=f!_Z z!*H)Bv%KrCnhZpC34mXtNdUY55F^bFfC3&3?T3hOQC>;ka%#m6+*jsv4E#)-H0lXl zJ&72z*H!QA0}3DIKK+R;cDXVP9$J(`CKU-U@F7r(fvByoJ+5aii_%fN8{c(;T<=5G z1q(r4o4SVms?!!D?kcnmBhji554NG&!C#1j{Jg^!zgB zjq1Hp@Trj^k4esBzee?ox@%Au${;PMMu#8F91DkF$wcLTYyi1$Tk+18D(NusMjyTiwz~*=f zBxmM)fb|{U?~=OFa476TA+YY_tO-2mf$;vR46lp2%NHXYmc%!c) z+=#?#J%Pw;4Nfwfl09KcqIZJ^r^|Wi_agLcyq1}AR;Q6}z|XPL><^1jI@r8%8H=zLNKe!@+w}Xhb$i;_gOF8< zEC(F(_(JskCcYA7WfhM`KE8Y{hv!?R^mknOsuGt+vu_V?(a#k^pw_i74LKn_FR)lP z6-{i$_!`t!Y@zGXVD3+f^k8x+qUb<1ED)p;?&%Xukm^(JQkw_NKo*;k^zj?Y0r zpSa^cwb-v0%v>)TQPe7JT2${v;2NKdC~9V3m75Lv0ta}R%Fxz2RcB_^9+R_d!>eM0w#cbm5xHTkxbpK zzUKLmG!bm1wSzks^z35j{Yakx;9oHC3667e(}PqyBrFnnnD%#WLz@m zWw*^rgazPCa~eA^*@<);#3%EN^bp_uQ0EtoggpImK}C15+b;cPx^)hFR-H-BZ#19K zcQI(CGxBE@=6g0n)Y|51#zC28PHE{ztZVUJ3Tql0J!H0T1-ZY=1DSfyLY&8&7%x73RhW?8hM|5 zqsFf$9NU}ZKX0#Qk{u_~6U7c!S*qI!sr{sCX#0kMj_Oa#KuiXp9&^|eUD_c}pVcD} z0YbJAHdE1%U8g4WJG&}lQ*FFEyVwX22OtvT0!j5pYxhsN3K#U5l?)4tCzSz3GcIX^ zyHZP+KAeyGkXo+tt_L*rW~X32kbg|JD+u`yZ~q5+F~FWyV-VCIY^FvO(efXq_=fk( zGcT;NgbUJ^Y{DkyUZp7o6ua^~ti;%yg6TC;qtjX5xK^FSdwjZ2KPI=m=FSe;Q9Dug z*^ESZpn3JuVBFTw{ITxWKgJH(K+q&Z}8_< z&F6ZqzboG`mM9`=D9o)ZTBHaH+H@+{`+`dUegr@M{K;rwR3&7I{^acB7_SRBGjM`Oq}bW@3^3&O>{VB& z1HWCCT>rU&ioa}fkY(pGd+D*il-fdX79{3~%0(4hY3_Zz{+S>DFS_*{0RUlTPD`49 zyHSk`IQ?(c8dbUhv#M{TY~~z0FA4lJN^TP51Tz~M%%bWK>g?VImd|IL?D zP3xWgUuvE1{H^}`pK6Y#f5ve0W@&Bha7OUS#-1Ft3RrQkw|d2zj(yoOlKvZo9HmBZ z3nodgl7Q{yC35e-_f>}c2P2a)aol09h1llpyFh(CHNpQCkI|t z^@xsDQlH&GpIGUdH8=GI1wWwAz54%MuiuULlSsFm7&aN+(9lpiX0Zyx?aflX;@ZF+ zSL(B87o%gs_R&k50eig}-bSa$se&xEizvl?q}J7DlLBU@_a|Xs{Y~B~t#d;a73vz7 z9gT&lCjPC{eLX*~6TKJ}b)opq)`3Gve;HhW7*+TqLu%=rCKj@U95iQzc7%y9jWoIG zq-@i%&^|t?wCYYz@_s>b30pXkt&2tjzZF$kN2=!kAubgaOz})X`yc}YA6d?Bs(f*4 zhgUXO(}cT4ucMu>u^?htbMTw+0-|D_nGi$?J_8cvvCD4o+4g)9juB*oEh89(x=sqn zR6E>LEmQMU{xAyR#^0Y5lhxn5{~J-%Z=Lqu7N!z=(x7XhVptf=`fCK*R7wRh3biwJbtbRpw6)+8mYS69bH8s}i5t4Z6>d9Q@f=ioS@s?6cM#y~?1A_~T zgRehw=X_u5>?2gHfFmgk9(s-58 zzk1Lm9UZnP*s}W+iTBCiaP-p_q`OSC%h~Bu8w_XDJ=Pp7!CNkx5pLSiwP*ypEiRhO z7JQ0IOR+xx2>Y<_vyH9~xat~*3e9t6H6C1#P%4tg-WEjmc--Z6r{}qRL)A7%*S30R zmVNSxGtPVd9*@_&Jxt5%Y6tz7N;zGjPwH_`)rD+Lv-uptF;{ET|8yt6ihk|W+z*>`A%(s;F%yh$7Ed=jZZ!`byU z6p%8qN4QKq=J!?4G|?kqR-o?*n)$k=p?sonCd9k81oeKhz0rs}gAYYt={ zdpeCFhE?A%*@Omn4(or5P+!gIDAj(m>UTlni$WMqPwMw3`*QqD}Hq{P@dMUk$=Ofv1@~4Q!t= zxb^GROzD4K*;~JXItbEN+dlVNS+&-^_Y%rrPTG6-5T?pBZ+$V%Q>4cB<@G*)HMtnH ze+wRiV$GExI4-5?uhh!1=gsY8W8);TGiFpEGqvDQfyvxrdv@%P0636?d4WZG(NcX? z`9mWkDy5~vS4Sk@=_*8}B|k)eO} z+}~pV=g`eM+~)-J$Ti8BQDs&JA*1+KviW8`ocyGY-5%vD!<~_ zVn|zA-q*&+)a3dme(Iy{WGY=F-umd>*Bj4QG!PbN%7jJBg-Z?a+xd~T!jLjU{>#HO zkv<#?o|8PYL&;;Jma3+;it$a5rxq(KKUlHd6*z>`-m?StqhwjQVSMtiC#wfa>-Bs> zG4!LVh+Vtkf{h?JKfa<*4cMgl#=Z(+=Y{Bxp4NNMs4?E^QueMiS_T_&(k}g*+ne3~ zQoSTlZ)xcTvz;Oz8o3Jh{qh#??jKxI*Rf@it#VCr>{+sxBZ|l6+A{k@jTR7O&+hFo z2g=aL)y-2R4K2Ch%)m>7|gy`CtbIKRB1Ro$v7NO-OQ`1(_Cthp$uD&{P}eIB`M^;rTai9;U?v)?QWnif>t7m0n?CGhn^q>C5W$TlQ2l*Q2T! z-0m6j;^xRgPuzi0y<2gNO(TbAgb#g=aTY79h>l7E3`?5?w!r{WwzjUQ-~UX5rA5)7 zUhWF5)Ye-#4xfz-A;)0V^K^T&+UI%qv-%2}r zAuNZdk3fB2J1lI_{jw>W$J9A!aB6X(wa)m#3_V@zn*R>!RWrRmB!^1Fnr^X?vgO%K zwupa+btj=RYy#dB%g;<1A+d|{R=F#*FBxPmM(HLdgWdi-lPQxX@N`sqGWDp9qS`JhafO7D5>5PWE1n z@?ekjq3=cR%6=1dGfsRbIBvDqOy}`9bmv-hPosJHB+hBi8IO8qBUe!%BaZe`Dbm;f zeQ4vR(&0d_1xrh$4}K+S*onfLti>4tl#&hBhz( zDL0AsnFHCps6iGg5TIN$Nx}>ZJbjXn^4>jn^!seH(kSiH{m}if`FIAoNaV-e!0|7J z_*G6-K>T#tIJ#h4mBjAT>laA5wqbRqE0NC~cYB9#RkXSCYS6XPF1@gt_-J0Tl&GFpvx9t*a%rg_xbjz)Ou=|>tQgs_%IZ$q5rlnLe zX6freekKVGT%tMnnwLCCCB+~y{HE?G?xtvky;?8s;zUL%UErB=Nc9P88k8;aXPS2*0@VI1f#jFI2vqa=+a`TV_VSVO43%0^r zpkAgZf{RGrLzg43N*i<}95_WNvKu+&4rQ!o z@5$WW4Z>Kf+|J1QOfUrLa$Q6R4v$lm3Kq3%e`blgM8!mU3i{^i9 z*;8<{wbY(-VI}WQYfd^dQN1>Fn=NJ_hx%j>?WCX%+Lq~9$Cp~)`HmF$Zj7D0ib_>4 z=`VW4+&DxBtr^U%*jE|9Yr`nt7Hnu-(iTa-c(}L8kH7g9Dq!9Sw(=|7fA?lMec>Ze zJscd`pnB}E&|t{^e*Ta;2wn-%)_Zkyx&^&=(F_&jeRLYj6nkc1%D{m5tG$L87;J)#TQAN=3C1YR4~Sx$^|#0NGme)S=k%nR(T(s)$)*U z2$vz&czBKY@s5{g?FxTp>+7`qsmect7Ja5LzO=l!JPKaPtpH zZ*-7C#k2sdH|T>>xesJ*(w3#++up_9YvAME;Y@vir(9O$K{1COa$tdC6Cm^{HwA}Aivv^;`L-W zfh=soV0l|F0P?Z^0)qSVs75`b{M(PTFrirQ#XANn#jD62h~HYWYq8YW%ee1>It=EOajYn?N?g46@WM6Hj1(7ly8y)iRsoj|0d3 zr7(mEJ9`FuaQtjFV&A66*$32n*K~Y5MHEOFe>#VSFQEB6CdEpv-f|6tdflZ)x-s7T z@Pd-hYyZx8_nk81KvS!fUB{cc*dj|p zwPJKYQ*ZhjfUV{5jR_T<)HMj0yo+#Dm8m!R_Gi{Wr03QzP2Fc6^+K025V8YS=1oN| zs^cx{wDd(|IFPWA-jJe`voaU-S$ERQPXhb;tn!v?{X2^w%I9v}$Fh_z6~nn^TSjFl z&-ge)f*9$m0^}Dywc;1zTL8{NweY7;1yt$;q`Av&a@`|3;J~WrQuSFV_l*}d(i7x= zc9Uuv!e;kO&O`6D?wNhZMY*uae>R0(|Y&3M*Uy`4N!mYveaR3Ei23 zRbF^m2K~s)&Rb4ByFk7eWt(gQ!2nsbT4IH};>&dVx0orQcmc$RZc5Eu1(&6$@QAK5 zd31#o>ojBL?7_Nk9L`YYxv-Bzp64yBP`Mb)_Dvan@?>@~F!wzQ=q^mOeZHJ&6tEtrYp1LFrj1tp+XapH#xu2`PbRuqX~Wr%ep$sWKj+U3 z|LqMIm+?&F1j}kgnV8kozQ3<#?_EdP12=Sj@!|U~M9{x4M_udQ^BAIW=m#5ij+CNh zG3gcG?Ct^O80*hYl-~k!-nvQ7JdrlyAhpZmtA?z>8a=~%lp0(=e ziZsP4T$%K|n04?JF5w^KI2?9-_dICLT8d8BQ%at%|8N0LsG0f`(`G+g?#V1)@Fe&a zl1oB#)!8)}qPzmJagANhE+^mzA@rT?0U+^bhN3-h_0e^mTi3lL5tMsJq%{YKf%&R?Z6=*;Yy zD}HrZ1(9ASxqGj=$x469tNOZTnW2ip^1E%P>xpTJUpjMBQ(c4_p2TKE+HywEL zF4lz$(gz-f+S<7b*}*^2G8^xbe`^EYI<+~e0{WS{+#LdSx9N)e?5aql-{vZ6J zUeXnR+fHA7dxH4wAjmFJ=P`B6H~s`6LqcHHOIAC{3q3+zcOv*brO;lcP+N_}UScvmdXgu^yC`iQeqhfk6+oLQ%z{J#|`bOFo5 znmsF0NE<#AZG5QsRG67FdXlzy#TbL^7IxHV&hR1KJ{)zoltjiB`MvxJm%d;>7H+K7 zy=x#$t~lT9btFk&Z@xn{#57?d)!-42VKc( z6;QR3^w?z7IS}p|ac~ty6UuO3f{r9%Mx+Ukp%f-N&P+MlEI9}y+qXB^=fR8}&PTIa znS|L%bJUDQPS}}LJ-zOHP@KI+UAdFjMEY31BnppKLv-)676bY>Fej^%W8|Qb)Z%j# zy1gnRTejbOyvwXplA>Lgr^aXCF}i5$lHzi%euL_M+9@$d3Xd*zgqO}W)iX}zgnJ6l z&xV_o;VxL4UlZXA4_7NKk7u{$68Ro0fQ>TOa7w?9uyX7$Jg@uwZmZn9&%A7ct;Z}m zNZKzh&GR6;YbUUGuX`s*b4yI1Thws9JQs0buo9@vHMN<|J&1$i2&%&FNXbKCc&aSR|FL|cr9a{U_R`cth zy|Te|wvIuw49zUXELT0BnKHM3@EAw>2N=^Naig@mqSSlHF{ZFZnS69l|3ec^tEIQ& zwcoW%y>Wh;G(SJ}fb8ngJxs}^Z+SVCMFdzRghjd@UaUXmwV>}?yZ_kQ$lGeto2p}` zY%*_xC2}EhzS@v*MFhJ5sXWvYc~S;*^m{1CE*td2Gg{|i%B7pmviSxLt6S2M--~ui z4VGy3vi&X`DDKu@V;vVV6(cx~%-nB5Tk=Eo{9B}+$038tMYz|CU>-4<5|hP`3kQ|I z&$(TyVF}dCCYos;*BkV{_Ei~%@g*et<(z%2FWGU;cBlDpR7O3W)ZltyGC7YFfvFyI zK0yqh)7kq+7|R83@QgW|A3v=`5#a}KaoPJb67GSP>np+Wr5+()%sjwjGcM_N7b}oq z=oK-bzDveiwB(50=NDt#yROo=37F1xI;1Aa5Lu}Z(>62y{)Nj$atSxlge;yNaP^4g zF3)tPH@M3=?P@lS*a;1mLV^yzdGM2Q}R&lMuVqu(vU8@1FhF| zR7lnx6)6$q_*MV$D$>=KN@ig(TIpcM{kb|R?_5NM;>*?hYkK{k$FrvE+$-n(D%~fv z^p#b!ZaAU}*zbSA)xW|Tf5Dj=NXlUOtvi_=kKaiftR>b6X~o27;?Lf(cA^J@YN~$qXLsrslgJ=J?uWxgxk|kjFHH=;dZ^lpq*pWM6@PfG zd=$a_J9p!@u-HMDxo*DQsXdMeW;5S2Y*j~-dwcUUeUDrOza)Rl3kMQ=f?{U_L==6R z^c%kgDnL33@%9>856(16(KaohGaHJ?c2KJL{1$b)mJI4hmIj1}A@{gve`&RM7#VNz zQYCn#D22rVjER3b70AcZ@MX~J?TpEhP!}RBc;C5$Nxs*7MXHZkf_{w1^gEELZD;VM zxTSV~o1ty6!p5bZ>V_fiXCZr!wIVn&L{kw>jgnTzJLg~e*Q!y-nedcdIAKM&8QVQz zvF>tnf~G#g%)WqelQ6s5ST*jEGqd#U<@va=?=YB5s55I4 zElR#uc~9vHrWmgcIe?QVPAT3;-_3x>)ZvBVCP?RdY zca`3ygc6#HfOJHP^xm74Pyz{$(lm4kgceXS1PBmm2?Rp!@p<%p|N3U`ow@h!85nZN z*=LuvSN*MZcD)kAtInhM+>#powD%k=+C-1eUslFRI9?TO9bettFooKbs-|AdRIfR} zWqhH2;T)|))KG$6W(eQ6X4n4UF(x?3m(S>jQf5yS4hgnC@RbSmdFpn>H6~Me0 z?r8oG)sXTWpD&!>6*v(*X7|hZIMU>`AOCE8bj1%5-@;j2fp_c~_IS09VNo`Ok@uBAMzu**c5zL?IYV>fXRpP$ zrBC5qLr1l>H`iYBzm?0u-5v-~G4(<=)4OD#l!&WM#x0)&zP_)P@!_`5y1^=LZBTru zk5OMe8Gj=i>>S1K@UUU5eXcJ0H+v%OIgmfaKMdXf9u2{!+4|StG!e(wm%L;NDGyds z8+edgZv2iD%TN{m2}FlE;ihGMm(9rO{=9(Fb7qj{+(Xb>J1m@HJP2W0Wq)Q89l|$J zllIO|-Sr&jWusOR9QO^u51!7NP=St|6gck>*?Vn?S&p?2)ufH{l=SH*l2%6V6L3Gi zIGji5ycL{ z4y}qtBWi8pSobDgc8SsC^()#k$e|HdsqemNjm#(6lMQ#&>*(FE_&XE&VzP-nJKIZ< zQ!E7@WoR0iXxEN$)@ue-7FbRFHlw0b6GfNgLs{Xq?}t}DHB zrEbqb{0ih#>*3dz?Y+;^*_N%+or2se(m+glQ_| zmvL_v8_^|a6t>|hBaB{IVi&i<8!w9+U0;nJV~=*9!cJyX3cK5l7DU15=(mQ;76i%( z4{!E?9~ybrM7P#>Pwgf9mm{8F_2-zhvJw+vWij6Ir&H^o_+0g1HZWBa!QUe-dD_bM zOlQs**`V85tpD`rv)OqbRvI~LNZ|!vG%|AnnL%e_5$x~aJe5B5ljT%Ok139zH5rWI)Y-TX(W~Nrw9OTuzH|_aMXIyD9 z_}!_5RKPStfLJ3tUO76Q!=^T}`?jE4uG5x2gonR5=SI~0!3*s)7&}CErEJ@^Qu;vIj-WcU(X3wnz?sR2?e; zKKuyX6!S5~kJ3e_Gh^|@XPJ3~ZQ%neOwi+|Wv42ihz?QO))Nc9fe#=rC?gY9%t2MV z#I+}4s4|fY&RjmGJ#z=VK6AI$#?BOWOf8Pu$vlC-eUbQrx{=KJ)yO3G>IOu%#4|c4 zn8W9~ucT=;kJ8W;t7~)awSq`J^ER->_vZMFa;pKaQ)Bg4isD*0nMN{~9G$14Vql@u z76IAMJ!l@z=F$z#8eDHS3SfL{OOBbJl=~@*Q$v)UpODtcuWi)0k_H{7pww?wb`^2( z)WS@h-GbR1sG6I*?7q0{ENJA^wG~kaw7I$2&!3ydFNaa-=wnmdrO7^OppGw2Y-Rm9 zjee~~gOwo_yO~U=KRTe^2DkSUsG0`2MHAFwqC?#X`eEAX)2-IMnSv4)H-4$MGF8&M z#^u?BcTchuNci=W-GHxbI6mtrje5cC1dzgcT~2g{3zBENk$9vJi!R=vON}RAv~pJe z?YkP?xNqDdx@|W^BOG{ee-w<$s2t3x{mh^n?oxI1&i~0fFn7Vm>EzQTzny6-s#d+3 zS(d9|&1sSkmG5_ku&+QmUHIo+KytU5S3$PqeFN*83bQ&iU)2EA$V-2p13vifSKQaH zfneaT6meTWC1MJXoYCc=>z`cyp=@uxJ#ad~+w)t0m{nx?t=GNwzoXk(lq<%>;KBd$ zCyx~1d)csG)z0AKdl~|C(Y#wWFdK^a*M#@G3VC#D#XuCkYe3oRX553;hr^rVPQKae zXH-I!X4tU$PyfV|UAMuZ@@oH>Ud*Akm-m1x=xSmhnOs7g7LB4+M!3FuC7 zO>8vOn~|oO@#NS)XUeK+|A1yjcanjl_+Lvl`d=uG#^e8i(){1K4E9#w$yEro2@VUF zUjInx*RAIDQtr6+uZIxmeAKsRl85|rb%*S`6XZbGY1ZCQjB(O9d7RLWXhz4Z1N-@@-lgx({k=oeHcvaAO8x8m!*XZ-sEtG6!N`7W=k z_8s;4pv=)jw#Z>g*tVR-HB;=|2I}*(Oyu_QPT5GZf`DYKF+y=sVm?==n~vN_oicU8DDop2->*sT%0+>JRjFDR@dy1!U(p1F%Y}F-e-$W1wYDnQ>Ym5 zqNu~Wwj)J3CM!mWCI?ZWK&`2skZ~qsSz{MpfHS(BHpCwI+F$dSDC}1ATlvLQJI=0c z?q$(8!(FcV`!n2%H%$kLdWgrV9lf%1iC#95SJ;^?Gk5&e`Pmy;IeF~TY;v)7!f5!N z1Wx?}wtXVOIWl;-C&wH^v)R%|K>Sin;+C5XtF{%+X)T6xEH)`~F)Ff>lRx zXERg0=8gFn2(OLrf^k zd_yw@eJ_H)u!V5p^fp7vOXHP&LMZs!q3?fIuURMO)ylQdu;Wg`4qs-#nppON0byie zlEs#@C^d%KFSEWgwfi=mcOsti4LyTVIh**}tiTI5x_2UpV}pAKuu$t-LR0OX&u>?w z=%m`pT_hbOqTX=T`y@6B*4o-TtHVp)g1Y~BHwzA9#H6B2eA7LLLsb(DJTNqqozq%i zF9sCf;!&B`bo-8o9G4@feuD3v)?oqD&{S`QSFZUG!!i%`!(C2kHY1i=wHAd3&P}5k ztUs|u@ptTKt0dSyhj}%XuzFMHYEJ$eZTP+HkPmIXkHR@qy_N>Kjtj!j)-2+iIGm-$ z7|(3s=UbJ22BTWXYXkE^ANpleEm=OipMgHBwGU_(zXVrtKm^G`UmP=Fm+u$pJj;Tn z=M9xv)y-Bc1>XQ{8bRFY&VrAfND6$4nHG-vo8=411D=5-g~V4V@6H-MC%b9cDZkcM-Hx+-J))I+d%Ln?|jZ`5s->Tmq9oG z9t4bbeR}#dCc|w|Vm9z6PiVMVc;#aQvByW$gKjPtSI2M%whTV#w^|e1GJ*H3MuBaQ zh{K|P^J1-NeylNtf~i`54qaM5$rOIqn9FZBC$(UWi+nH`mG7(2y*~t9U>PHHDVHdd zvC`0BtL<<8=Q0gQ4FA5JcMY4`0}(Yv@2O%dGrhyUTa3YLIyz35#L5fOv>VbMQHH@M4vn?tAm$w($sgJ~K(eN<9-FT3h7tsa zQK^6wyMA}@#;*B2+){2vfSIyf0xo(YFyk+#Ic_pu-FJ5uPJ zjcnrR1sBh-%pNE0r6t z0&7j^{bK(hQb&h+L(IQpDPogqT~sq&g-%U^OlSS)!*aJ~JEMQ@^LW9y?O|Hvz8r8e zKoyPVXI3|NnSEvM8|(dGq%$2JF~Wunth8{uYR5|-h0tk4#qZvCGBB>GIgmff_vLuk zPk*VCP9;iTs9Yctkv5k6Or8Fd?H|HdmboHfk&^<66g^yWfXQvJv4-zVzr5K@B1jBv zDvW1@9vCcsL}cu_fD708s?+3ao?s_91l2QY9;`i$IaACt)GzQg)m-eWe9Z!#5&<9@ zkLyJlj9lLRiPf=b#vFw0h;(klvdlv6i7V!R&%lb!^W_os10+`SAbY@QzxZ`>-lz$1 zk5>(1K5o7N!6WW5+e(Gq=zPU(-Ne_5P6$OhJmo6pySlC4KYm&c%8Y z&r*p&1WzxGBH(8ZQQ#P+w0wE8>50C?Cc{}vE0dc=9Pw@qc=Z zsNOwWlXEnm6puU%2XF4SdUD+AfBn62WW=CLs6LsOgYp>u`(Nx@clWG5y+{a|XWoTt z#a%#7PFET5a8EKu&m1%L4RF@IJA<9I^ftAcSPu(nD>Hr*PH}I3X02h@YyDNgNu|Ba zL8%6_p@iEU2#!BE4r)!(ifbf{`_g~EExu>hl!eo$sx;5AVY=SF{J5m>pOycxyhX#n>EFabHamPYQ>$LjZ)uu;B;Z}S|ry9 zoHMSf80v9tY?x)^g=kDGe0?(|05b-jQ>3AhGqe%|Fr?MMmg+}`$Ty$P?%UWnPe2Jn6Gdwg7C93w+x`w6TwHZ)Y#n&HEQn`uW#$M63ZueXseJh3 zgX>^1tyJG(A^BNCNOxUm(yU6f_1mbc6-8xD7n!U-_qzkr7I}XygXNCMCkH8$`O+iS z4rw&|uJ)YS)<=ICb=K$TAFRRnfyk0o(ZgFFvlqRg<{A@cX1g#+jOf>-SYhxW%9mNx zwcN1KdT!5oQHpk&sWJikoL~ zDZ`iN6~P!gHky}tF`Q#Gmx;%pt}sQ10&_-M`b5-m-qU+Oz(Ka2q$Tg~^LuNv2|KyI zW0e^{#oBgLD%DLt!8$wQHOOTm9TK)rGkTjI3n9Xb3gjGDHeI|=KL9A_rOC}p^f#ZC zC+0KkyXWVZwyTvpZ;lE4?woK)4eCXCh0k09&sLmeS;_l^Z@x3m^B&kT#~@)e`CJ3R zd%U3EkVny#^{&{+{(}iJ=i;uy>&}iJb;%A|vHKsI0$@1K05Q9brEcicjAq|=^3cb{ z4%fJo;%QTRspkk^+}$p`|EBh`HXoDpR?*bk^i6+8?M|oG2%PJ_A8F|r+s^e&3LsYw z$TCI_PPM6pK{_GfyTJ!ofT_Ov|Xwe*i2 zXr74S@EPozUH~TPPm-f-V!%kos$#^()$iWNeKJ-CEg;P#6{_7xAvRXzo7u%3*TH=vk)@uG+{I2A zi1xH@o_IZxW2O{suG8sZvg>jAnf2?rnQz#BSL&^n9S=8Z&2#jNe>`{mN2kH{s9FdCX4Dga-~{wV@~ zU>-2DJF_}+3bDBLrC#OrXzjh_u{2Gg@cWW4X7%b^0yF(u*jhxR%pa}Z_wDYE#ch$gtwFbj=5O8^k|oM<7oULe?O!bl(yBf< zwv`73l2iX{1ZHEko!gdSNlhXRc6e~ix z;ffa}!!icA^dQ}Q%vYV`aZycj!PQQ1M%VV`-XI>mN>`CdL>9|KNa|+T5d+EYlhkHo zW!bp+Amw^>@U#gQrBH)orNdYwj3w$DT$X)lDRaF)0++Wm3pkKoMsLqFUm#{RH=fS`qSN0bRaAoth9KawD-?QO|GOn50Ak(|L z31=2OJTuH~Si-L0g!hJm7oV$)xce7vA5{(g*{Qrx;@*l8M?b@!LJgL{GAjT4kC&SPwEifi!Pw9 zrrUj@cH4#EIl01F3qz#}H#~MdCW++wC?D;nJQn1|)N8erxZ+&h5{g#G?70dpn@?b2 zMNzt~E1dFIhH{Vlm^86+JgO}uw zxu9wSN;EWE+`k#+LI$Ia)boNh>+sRIGdh)}d{1-KA2<`5x0>7<_M#T>AVa~AibY;% z&>4e0wz6^0W-TdEDI{u>RfY6KO5v4@Vc9zC74~1jBfEQ^teK#BjKnI)Fu|w%#FxtU z?$9ev@b-=}^*Ff9jLHSSk!ek1Q>_F-Hfz_k50A@@<=oA@w(YXnw59A}4&{;dv0pV2 z4l^lzPeitByoB3f{7?Qd6QA6-sdJ#vVL(!7@xh7UJHc(Ljvc|)nS@@O2)EF~{?QNa z)TC41F#x3=&CS&1G~|iXOZ#oqnY{`MuP;8@26!Hb+V*{by>n;-R{qbmXA9{zkEfPa zTvfV+x_AoE25p2I)XS(A_`>_Qm+j zYcaKWeQaxKHU8Cbja(c@IQ;agfAE7ENal;(l2xkv@zZ3nZ>%m|k+3PBqsM~9_8aC3 zy7CTHz>5tcF-l`=7Wa?6C+eh28qOe=Bt*W^LLViqs!x0nUxc$V86q^3TSwyxOd3x}it%+j+v9xrn9+U1cGbg>3h9?$nrzvH{8(LI5^o;b_J zjeMVFdf@EX^hN@8--{x}O+#bTS#wGGa~-Fm z9#`mS4I@L_4oG({s~jN^8UimmwDHzJxm-y%EXZUdj25k>Z6zr6)UktVF!WJ_pZqbo zJjN_-s6c3C-}6PlWi$iahd1|Z?2}Ncou6VOw4XYKHaEk z_#ukzGA#&|@;`vksWDgAK~;qkfvuGM;M&>u)&M~azc&v(W7(~s&(xvjSk$Kg(L3Y> z(=M`DEe*%9XMC9J5%QrBl3~J+>yl)(p!Ww?YAfx4a{=>z@dg}ZIxdx0VC0l9CVXNn z@v6i}t}TmVr?m<)2L7h2O!FvY+#EIrEO3EVk(%VoHx55b&x9NsVr+NIVO=XMN>%!c zLZV}ZEVq=7ITbuY=rHiRE4`5s^a3{>qP0fSgM;bWSl^3evRRKO_-puM>HJ;BR3{`9 zzC2YyL%2K`#?8Dl@;ExBcs*V%fL&Vo`hPTa_@upGLNqM8gj!+5g`cUcBZEdtaSJcn zgM)%wA`AcNoavCM+xdCmMl&hnGbpU0Fy~7MgJa)@2{@Ue@U((0;GlQvp z>Czi#NJ~{-r*SyR$vY}8d2AIJuSZ&O-|qF)<-9ba5e2ak$3hI3JEU#bG5`gIY(0A2 zjuWgzcHhWk-jvs1^|kx9)RMrAeN`ztD~R;YuXsBr|E93{Q`!k|WkZpbeE+OUM7FFJ z#^v$nvL5FSKrm|sSywGE-#-dSUwHZsIlXU_t8|COG&IfxZBZ%pTc0W7#7D)u37#4U zLP3X>FSje;saM3ON1^F9HHCAZ>w2Xur3}-F^6CB+R6EZ>dIhnbtF^gFB5jIMoxcAF zl`BgyTlHI6TrC|g#W*v%W{cD{xOpFFy6C^jfqJ;3mvG}n9om>Hw>@4$6D}wO^v#I& zep^sXw}Zjv^RtRM=H}lZQF&;-^P)1}$)Fy+EG$`YKFG*`y+5V2KcKVU+%0M3+x)Kn zW5mCkZ*$qjOKvsm63uAwD3De38F5@|L=P9SRtwh`)0o}*RnMn^p6)7KM2z1=$ErLl zXMflR)nG(o&Mf7oAP*+AD)O!Qq^~#f4`G zH!RreXw^OhSzCTIW;V?T_St1knTI!)8@n6#CIA|ay(nAVJA&rI0=FHnfK#P(S9r#D zQ*`jM{f%pVAJ}}MPsd(t%&%+~W?Z|A0vNR6ft0_8C@DN3;6O8TCcwFb)X^XW9hq2i z{(Y2#Tb-t*+F8RBeux8FRuyq*qAc@F`*`reGfSzaZwv{8#6(OY{Fd)JYnOAL>ZXrZ zxg>#fkLdMiAw%&1c>}fMuKsHChP>6qM$A$?7n_L4>x{$bWS0O&^q0q*2gAZ2BUh!| z0Re_Zl2Q+58`_W6QiV3Rar}rf_3VL!kBeVf3%;0FVZG=~!-#Skz0Qo>;LiZBSXlAlHut$*LVss2X1r3~@7+O2jx%TDfxIx+j(Uj=Vk(%Ky)&p4qKrc5Ti5%Wg~CV($S+8=Tx$U3E`u=M!%TkU#dr9R(2}y^v`$rwo z_)K84ys8}ZUZeRo%8d8qH9?KBLBd!~uRy%}w~ycOb^Ev()=<AAAd18KB$b+KtO@ zUMUdmb2M!?cU@i1Yp!1?P?HZPTXhWKSs0Hr2~-kSXnsBGz0r(1p6N;It`vrd(%xuU z*TIH<*L%Za11Wj6CUi7lvq%03-h=(wo4?WBu?ss7SZ7 z!p8QNtnO>BQjEuKmEMB#1OIiUKW`Vd&BX6e;F@lf6YoPkqt!mJd&qMwpre({C zJwBZ89}gyJ=G*>ccw`GT(H!!!)BlWnEA7KR&ZCnlalygUOvsMRbR$K+!U}MGr@h*_ zZXkB!Q4VyG$~u8wRaE8KYzT&G|kqZ#e`CMDc^6b7AvV|>}I%+ zXi-$5z74|T96l9hbr2Q$v>>0B*V zVFQP>=iC3;R5|s}0PS|im5dx#n@)+9rg}l`^iTRea-tVXACTzz;;o)0KTi!VWpSOj z!1E&Oxs#Pvqi()PZT5R_A_2v|GA6plvj?j%bz=Fmo-D~WKul_j zlyJ192xT`bv7sI{qRMSA$NdRW(X0pn8%sG9`QP()UZY0sZ$V<3^O{Evk$(nC!~638 zr`X&7mvO!SFZ-4gxb!a^0f_s!x5{!>LkzU02>QMqL;n-YZ69+#>?hcRiVd5*?e+JLmnLtOE@3*Y=fY=nc~q~hf8&J&OO(sugV$s>hQ8yZUFNl#6~aJd!b$#li%2n>N8;_J_oF2U>+s0g(kM z;l=T#nG{HIm6`cYfO?hjYRMA^Y{u7&LhwX9DnJN;UI2_a+VZ1eu+EdIkz?Pc!EV=KQes)=lDn#uNa+ zia2URtij^O0lsB<+o5hqYl7t-Tz+}LL1C^>Peba{E? zXsK-1a1`}`T%qfQcQWi>$Uvb{@;KgXkBV?Tg5qDS5w99MsEFj;FKwt2C+&tyw9X69 zmcq{s%^nYIxDpdcnTqnbgPk4?DJV=`Me?WI*P3eR;Nb_IyyUa=N3PYlHQ&jb^eOgP z$2ns|LqqTS|7rux8tck_35N2D$kCM?x>ANGdq)Gwq4rTmO=`oA8hw{$>|KL<88Z1@ zq1dlD@IP`%17v~6P{>X}Wtl|7HRn5|WqfIt6ePs0HcRKj>|qmhc08xhvP)ias;6NO zVZ-B@JXot+d8GV4Ya#4wM)uzT<>>MA(?uY7UOjsu(*v>7lB)5e1-?2IpSgPip^cnb z-tb`)W;~HFG?ra_TL>+;O@C#V!Xz-;;ZxK{EqLM>|BxQ$3q7t~Avn~1MeldUWG%54 zn3qyHzn8v=(VQ$vDVJJB1{lft)_B_dDpP&;Kd7;kGE*&}Ik6Nqaa4aOvkW8h4J~fP z-=<$*AOCwOM=q-+uH^OaO&l6o7+05F(XOhtsODo!(v%HC@|^oqM2co(^EKTg#_KOk z>Pin-^JPp7uTdZ7Cj_czr|arzIb~d~<=s)2krk{h2M}6T^K%{%1zC!lwD+lQF}KWE7o+mFiyh|Ld{IBP#t&N*2uoPYnN6PDGQ zhi2p-HVT5{d}-@1qIut)=GftB1Ro|1_obkKZc!0e+Iql1<~zE05RwhoW3 zODs?4I2vnoMwyecm#cbV)qx$yIeF!ugCrzZ#8**UGP}!P4O0w?p9EI zw`}#yT?kyFhZASrPAnk+k~y-tNV6hGX3$&v$7n_s>$28)0j`%)j%r0$txJuxOOCfU z07C2iRF#ea_UK=swVM;bVxoaCIxCcqj;)*lP#Tr*4s@OCTS=7;R;J!%%O;vtmeq6c zRmPLcSb_c#M+hh12Cm^X?)-Z8mb> z#uu){HrSqQj|Cl09rn`7H}?c9#DAHh%w>J%>Sn5w$ac#^F@n%#<}%tSL)z!{ssVH8 zPy@p>xx2=dr^uB_C5jYKJ|6Ab36}r5vs)b6K+M~jiq0?!TO7)h3(RjZn^2UL4F&Vz z%Z>`jY~}%TVceo0Tjc%Bsg=ycCl1V(ke#XDNF8^P$}PnQ@@i~CEN)2W5ot3Qjq(Y@ z&BNi1u`bcYI=f=d@oF|LqZevC%2c?W=a+Tl8#I=9_R-6OXC+4+k?fCMRhTBqG>@xBYLVh~IraDve3FWCx&$InEr)$jn zP7z5i=8f8Sod6sCIAwm7p zwJjuHTJhuU%(L3o#irI$5Nrb*xN7-42nziQx4!nTro$T6!RuztTc>e(vOGy?j&+cu zZ4x>0cBw|%|R)S0xFebDL{T<+tl z1&+E#!HIfg1;BLxwU0BrG#W#iybq-mKgfcR>`S9I&U3BW%#4!I3dNPHKBT(E1}#R+ zPg(vt*~%Q|dRN=Y30Cm)+ORhJjx0WoVDH4u@U0QndtOcc$2eC?@j+BgE6#fZf2w>p zHyltH!Xos?wbsuk7Dugp1?&?myM5I7S6E9y?YQlvB=>lYd%`c!;y`jkg z6yn=)bna=V_)PBmKJ9C&Q7#j-#fSm*{nQ9w^wyMBio+x=-;-rr)P^`Uf}2BqYtLfL zi;M&4)9#IqR&X&RMKySCyG^yxl@fKw3M{uJHODKL4Gr?ImJ$g(mGxx$bFJ1XP*G1n zb`aLLK!O;U8ky*vzn%|lj zKNzMPdp03hy~*c!Mi*`!U&!hqQ)0{YB7j#Gp%%PGhn1ogU@$wmpogq} z-KM2viie^MvAxaf8w-K!edRX^FkPN+^UyM*nDaN9Qcdw}3P|^gtx3dxI(j-gG(z%e z0c!pz6Xm=%l*BtXidW(Hn5|FH&2T&XWGA;bc27!RcqpYA{9s-Xcc*%Mhm^(uYTQ0# zHL|^i4m*zJcL>_9nhI>>Lqqs_-wA z6|&ikA1|ukfCl?X4i(Z0zkPx1a7-&TG`*2O0hQh;11&4}D$OkE`D82e~*rd?@@X}p2B$DCmvF({Dr0)Lu@(EPo}h*_3BBaitbZr1TYA0vMJ8 zyS@AZhl@F^O(6{}@jKy|Bh3cS@bwS3L6qie4y#}_9}thMg_e8{*dzimF52Ikk4m?dm0H=LutM;~jZD zcTeKa9QgEHdr1;!AoQVOz5C)VaP>y{#o7%bYe`Oa)LLb2$4^$X@>7cl?WEJYbc)qY zINrTja)T_zp*7=bpLh`Bv!3@S{J@(?2dMF)TD zciW*Q^CrOFd>GMzjRXY;I4_NdB-p~#T8b_Yk!b}oaeYri4Gl`jGT?%SuN?Q!eM=5~ zUX|!!RaZ{Ta+TAs77;?@mDf&dzg=Ql_(F$W2!R_lsU~^V8c&=z3=VHGvCNY2!v{ob z!fX;P4Z!Y8b{5+ffTf5+LOY*`Qp~lv)Ys-rL;Xyar#LPI0(Af=sYMp>pi!fV%tVWf z{TJG|7VTDE37og+vW*Aw`{1MszpzZAwDi}bp&daC>rvCARG1O9GreY}*v_dWEL=i4 zv|FTv8HPr1mRNdm*4lMhREy9?A@7Oaz3=QPG?Ct#joKw@K|(N`E*&$!^$Q9m~s`O6Ev!HYyX&70w*9Rv})wVK> zFC@5OTx3I8>p(;?)f_1!;CkW&8{_K)2cSyO>`<& z>VUP&3UEj`4+)CsKY;O;emPc;Ot)50(^W{X-@uWbN9jqfmF!u&@5kgmIyQI)(2rN- z|6JwbqtYMz>j&i8c|36$Pmj4m1Oo*~*9TYzq<(N?&+K`&Bn;?bUK5;q zX`Rx1F!q#?Ui*N5?)4TvcH>0lM1$rK0kQG=O;Ev44gmxIk_Y!dmZ!P^!;J4WH;ui$ ztbDflj+w$Sff0OOHmSOua5EvRRdq*A1GIq{k+y5HX4y+ZMp7OizsvX20_$83~a%0;!-8T8Pc6dGX$DN(KV+)}Lr z)LZw&!6J`Y$zosel7Q@ufKRSd#C&_Vm}@R1U5X3Gzu7>!g~riZ^I{)1p0f0K8#bBQ zg{>PcOi1O?gbTr;Cat=@NSlVCiQ+Db)uqGlCm$v{)2Jtt?iI)^1V+5S33x^%t=?PR zhjk+q=Zva1_}qT3DVZx#J<$+D^ML6vmKq7|s$h?H&1yrb)m7qGk$D@)4{tk@t8PmU z0j{pZo2%W{v-|aPlQ||8ohGz}BUSC*T}YGEuk2gNo*uZH%_s>{cVs*#kVY5 zHt4akrcKHFJhy==2(%8m2_O%%|5D}z02QrKiqXZ0>MtS+x%oR`G3u}PU2gVqE>K?Y zzotB*`u{jfkwV-E@T+QTi`B<~CJ)61r`n2!AWBGurA$DF`nTQew9yV%9J}mRvPebf@I-}yzIBW!9$F=E z<><{CpPFnX@SW&pV5jJXlLA^!$8NonW@cWSS)>hf3*V=@KJX9m4WvfS2nH(I8edf9 z|2Y2(8z`o9j6I1N`c0c1!-R0%<4SAXf1b&gn<7?60(IyTqHkpX2Dn<1+mT*2W0|klmk6~m zbP;yD)AdgF_M(*y?3WI4~c-R5cy>Bl9Xqn>R*NN*GzB=X)}XsHOqUt<>2n5eVTEy$J*j!W0o zF&O`Oi`gsG>QkRCmkrb;YjuWHsV~1<9r;TCMV6zN$apGVf$u@=#U^I1kG;SE$&*{O z%^}sTjAzE{kANz!qxB0KJ4C_>m&vAuOC3fReYK>X#{_iUCjU*BwASy?F}cpLwWX1# zgy~kyiKHb)H}rXp z&w!&&#U+J%MIr-GbxMqIg@EA~yvq&zbHxef@FF~P zZlQw`Y}#&89S}cWGLz!3>Dt>9`TaY`tK5~H{lJvVVeCkROBNg)=g0;wr`&e@FJFS@ zWnHy)sVu^SQ0u*@HHmE)VxgE%WQO+}WE7 zbugH2M@s-X?)}Cr=cvP_f8V}tH{zQu2rRH6?fPouccj74~{qn1z6 z{DZcY2cuWmEao?NO`V_z8zjjiTTj0De}l|cmtUXpc{9GE6VmOp1YJy5hH1ZNKB?S> znwoMYQQ_s`VHB`hz`rqAQGtF_oRIG`m+r+NH*jafAu6pMnmB{jL|Lm z6Tb|lb73;uMVtZMZcb9>|5tJE9o1C#wTohT6$>I_qlpTLf`El0-3ACqZ&ITmy+pc{ z1S?2adT*gf3B5>-f`HV}Lkp1}5<;Ye&^arj@9#U`xnrDr|G4AJ*fID=}gq^s4YID@QR{{o8!Ygc!oxIW?tzj14VQ|!`6#fk^Bjfk^GVw7?#3ny|m zOsMH*cSJ~)o+P5&Bv+XLXEX)p(dm;^BHp&+z($^MyKlRcX`K-l_i*I4_3C1a9AAP< zJ9NK2gykPYVM8>Z^Vo^x44OqW!>%wMrh8!hb+hGtEhIv)Mk{wRQ2S0cbkl_#HVY%~ ze7EfW%&RR`?W%VJ-eY=3%?6j0dav+n$Fx%mDQeV-4eUkq$OprD!9#r)vD+1f+o@*7 z{X-^Hl7+hbHzD275|r07zYT{dc*!MY%|rr0s#$u6%qCnCEJj9c&8yV%WasBE)Nj03 zj(49bkvpq@J*?j*veERW!ozCp!bb%KWn3=e5Ice|Kr|E1#4VDq|wK3J{cnPN@6Evs6gRkVd*v1t>ldmF^`-kgFv8g1A!5C^=_WIzjW(k#@)-SP#0Z0;NylC9stKd%Qc7g@p(!{$YUR&X3=Cy~6rl@6Kz4Gm;k`nS^ zVJlw9u~_5~*EWV7QmZ?{!=o71BkV;y+YyzX2p*jM8=sf8TJU>6XnsNe$uQyR!Mo=w zdY4mmWbys;()x=08Y9u%{^RL}Z)ud? z+8UHs+oS!GA^}G>V0diP!CU?Mo-WctP$GAX6H>($ppd>1Iy~}gSf64tb@bXt(x}up z#8ERsm1P!HARnlvRE57c^`5P}I+5Q%r#~0ZALzt=Mo;m;1UL4%M(0`g2D1h~2LZBW zclI4cULHybp)Ztm!})W%NdqJg)4Tgj3!We-P`7WVZkbTKRCB6o%N9ivjp(zz>ysPh zW0VUu=3ty^KfdzGv#^J__y0i6@bkU#IRqq6EFU%#)XxX*MK-K{z3ooI8@s+d^LM`6t>yooUO@Taf5JlP6 z<#TqX+J;>PKJSWM0rfi0y{;S1X0oi0dsDp-Jdm>^c*diGio;ZpU)yiwOBOI}cIHxT z%Vb~_L0d;$3B%_43eFw%UCeQhbaf{ zqLB%&Rdy}C0KixKDXJ|viBzgwjg#X2r&9G>Qgjrz0)EcKfkSd=X)&&5m(`j8ry7%4 zB2nH5vNUc>nkmNuom%Nt?(aP0@jd4g)gThA5wf;{(j_`e?K)Gu;H;Dfw-y9Yn=1fD zu1jQXef3hkx8R;kjT(bfO`I`xCV|n1>JD$NexsV$&8+_#BL~*b4&rN@M#RiKCaGs8 zVdc8u6XXKi^7%E~`;^(SC9h^V*G+B}@j6{wKDM(Qw9&7SQMR4CM4nfdcPn(_q^m+E zW(>oP<9bdRj+GWM8-!DXve9IiTW^_(zZRdI#e}DZbj(@C1RgP6dLgkpdZz1k{ zGO>DUAJ69ku%t`rcA{^t;}%xadWri!-r``c2hmMg5c7Upk`2$dvlEK4-L2aW8}-~I zopScLN=Z9HGsjLsNmUi~Ox5^?ui6R}#KQRtu=ff5mO?4hkAmmPx{GkGA9>+T3dFuV ztHd}{okb;_dJ~e@T^Zf6ln3e0HEDQzh`uatZrgJ!TfbXEgkLGv&sOT5La~lGq)L09 zIe%Wtw7*o>+kQ8nEpOQMOPwQq9eTRgJziUv$e_Hx(>6*+QtZ%<*^i7CPQ&<7s=7^t zJI)HJnaI+`J`C^FLJU_szhaI!d9kQpQb+f z=@?A3)!GTNLK4Ud=%6#S6 zthDQkTH>4F929ZPilka5ywYs7tZdi-pUh~1k4G9d7UTQOm^>FUFJdE=8Wr&yf2Arp~#EX6bd|{!@@~mnPqET9@i|o?8^6R8xMwooeOd9TGI5lG4%23 zRzk*+CTH_S4`@!mYBDt~OQ#^Vj#Elh!d;|_cX(;T8Ul-qx`Nz#%OskhZk;VW-HZ%k zb(2E0-*o45Zcn6T6vEkB!B-Ey(D+WZpFFG$JHsi&A?uj-o}^Uf87XX@i9Y=7PbL5# zjOzQfBYI1PCHO*e*P@c^ z7bF(%#J*FvDxQ5OMeNeQ#~rkH0?~%as_lGL6Fhh{><}-mFXzZHV9qWq2Rzxv?OhE17S<{zVx4&gQT)?VES zT*;`O`!xP--gzC8EThrNsEHn6wo(pf3+~C&(TH7fsbbplynpL`KTWR9wh`T* zj_ClX)k7A4vIfeRu8sza!b}vDLb`gFwqMkzSpd?H z3zt)C)5?Fa6qGR5kM3C_@^|*Mr#m@FSN6D1Ezn#z^N$J_Rr@N{V2)vvTwZe>i{zP5 z%+~g7Tjo0xn{8s|d#}sF0!Aet7xW<%gPM_y1U9LH{uEB#b))coZ;>)+f0cFWMoj_s z?&A!~V!Yx!$*EWJHQmr^c#WXh<%U$c5(;`)pS`!G2yEN{kDMtgcS0s087 zP{_DRsO5Yj{O)H*ZF2CVU_1J@aIO^>p=h^-@bpL0?ghJE8q2c_uzcT5$g**k#Hx?_ zB(FKYnL@VZ>7Skb1}w>>-Trm;AkTWq{m{SwOQmDYE;AbM>FVo`ix>*oms`3(XJRBH zE2=8*RuxPzAGpxWIZzaJ3zUHu>duVKZT~{w4jZEX6h3jl*L_9h*OBnIlJJR#liS?a zZmMtvokSIDSN9Dtk+9JtAQE<{G$P%+d8uo?(#S!2qgR2_o4gf$Wp{Q;m&E4S-=A3c zh?nl5BR<0LfJ32T&h0kEwbpf`Z^Tp7BCA(#b`fbBDnD(nvlfjozZi9Ws}o);VkG80 zui42UZGag^V~6|Oa`tK7eR}FnWioF>1UJP-(CYZq5&sa8GAL)@A@8}RgWWCCrPYLl zS+K=zY&f&%ta_y6N?c2ev7V)50~?A=j{ zf6vBZQUTUa;*;qwQF|r44k9sGxhiwIR*c=n_PeVt*|nT+7cxqKb!E&t6e|_;EmwIm z;HEWqLenSI(zD1X#trl;UGauJrB^maUWVO8KYxEIQOn7&AUvJRl~DUbGQ50!BgcN{ zrOnRHvMZ)mL!!J?zP61OV+PfArat_THP9noN=TB{FPIQQf?2dq?~=xhb0@-kUa5~& z@8|WM=bRGhZO(k`F```?VBYU6u%lII(p*=1_0kWbM7nLVold8G^oeYf<`ag(PQEHf z{D?K78SlP@$>_x=g&LbvhWlmfmv>Ar2=!5K?^1t!^*2{Y7xh^H1uSh#!7|4@^$pfH ztfAI%!XC)8`GWn6J*`;pidJiiH+n9RD&p8vB+ynCK962_PvcCHj=no}OL2@JokyLXM(a1?J z(hc2FUP#4e%RqXmQ7*r{^6PJnr;|Ut^yrjMfqZMTElukakt^H%D`)enKMkkf!0}XoBL!VtPI&U z@$MGMT4{JONKFOLY)~?wRgTcv)XDE>og{y<4iGX1>>y0!+K+TUt0Y5)X>mHELFs!Z z8Gfb_y16tb>!Neo%n+cu(Vh0swQ*WnWWg(&(2WS*H`T(b@$LfknH8n8&dE2?&0?&6VXipWJ6b5d^eyZ#6h6XAuC)=4ifP&xx z7@rG9eYaC#%_vv9h1cSexLu*m6(!aAPM2=$yP84X#G5)9bDjn58Rw-#31gm3%QbB{ z#a=B$khGeWib;bEs)w0x#W&4b7Jk=2L?w32>8^E21wMNX$KPz_WB(@VoLhK{7ITTt zm#KXmV)^4S))G-*?}8rg8j9 zx>D|&-}1j7^kSo)xIX)nMQ7yXK?OqPH3yX^9=f%`1&=pj(j#eEUez@`ho)GNEZ2kP zm@_C^He16jEM(bYPhbiskS^D5*RJ2N)Qg?XCHf{TcJDxVsHDx8(VlFxn6{h*6B*)G zXIqZWB+_8VvBb||&^=1nS>u7MH%gwo8|jj(+Yw-Mo>E&a-*7Hbr*q9}H;gejKU7Xl z&Dwj^x)v=GVNQQ%!I&yPHgj}I$8!H4~PcE#*IB#+FU8Z|Oad zCOpqQWS18{5k!jj3AIUbOtkIW)PCni&1c+zyFKdppdIK2*pQZe#6zQOsfja104D!rl#BwPmyj%)wISbYJEYkebJxyJ&!c#L&|S3vjKPX{heJ;$e?Z!S3k?p^9Q z>|oclFcscymAIJnJYt&u@=e3{h9%o)Gdjl7CWgL=s`kz!t&uOiui0#kk$8VlZv3|4 zi#`>l$?0bmbPz}6@iT79HkB)MUDNAh%$Fi2f0;Wje>(B%*bBhI3OFn;Kw4ce_}54q z_lEMfRof7)kzu4opUq5~Cy#JW{@k>%l@JJ-lwb4W2|%LeeQI* zzr*PVsRxYssPn#>Db9T`-cH# zIPC=JK2=L}l1}YN+P$}jTwe&i4srhZb>Gl+2RQ`={>zu|>*nf!<7{AK9+Umn2~nX- zV1uBa`|Yk~V_uDOXfuO!+afCa*}F^k`&`7&Ud$7W^jdu$98gy(@;Csf3sqO4;t`{o z!7+;Tu+;O-M_wBJsJ#m|BYWoFc&2E$kn}W{TA9vbesn`YSi_WyeUDV#yxzjXiIw51 zuKofV&_Bf`b1d!}pl_3vNl79~)-RQEf89GyM`vt&ds>|?>K0nytIvKC~52kUtZ=O zJv!rCN-EA!7O}GmaB{Y^S|r1>Mn_qkBoaFodVAKd8&(OYyS=cc&lYap_14aqgd{^9 zt3Tmt?{lHN8vk+sv*O(=)SEYzN*~m^R#-qiMDT<2YeF;cP{`p{G$8 zJy-}S$HJ9eeCDty4ezNc4-;g zs4;$it&JZ{e1c;HjOx!t*vQS!burXBbb6-q7m-si$&DdxHmlJVZcuXq=20#kZ(r7G zKExVjoZfnZ^k;Hb7ku8WdV}Xm&U}ISOmQ(PDjQ;&Ht*(zAO&A^LytK{&W~nLS8K8+ zCXh;MYI=%_{@k&YNYq+AGauU}cg-FO++I9URhrTl?s-)f;c^DfPms26?V56=3Fid89MGLmltuS0tVbrFV z*X7Fq6+K#?g^o$JJSWhD%+BT;s#K1RHQO4HWIwS@h(`6zi#xL>7K~FU#K`FAENQPc z*WRDsHn3#)Nc|ZFucO(*3R*G}bA7?EVfPG-*mkBZH#vcs*idXWE|Qyp6O`wwUENWK*Rfck)|=P}(J@v7uT+6) z5eJaRtS^6q`fQGPu8k{jd+dL)S%#r)eWsHkHRe6ZfE9jO$fDld)WiqwiHC=0rg(nd z-(olD7O!g7a+sjCQ}+6RjvoJ&EAmWCOkh3uVgqFHlk4CJd%klbQ{~=@0&n6*uU~TP zy%k1iRe9q6IeR|7$9;oE@ukR@uW#KNNmcwa>;oTxI;eijPAlqy`WE+uL2GMjrmd{3q>vgL8%5ZL z9frSX#EUuzb3#0(Bc1NZ*y^OPgKqos<;%wkYUIh}pVT{of~uA|xo>^Po5~s*dkH=4 zJPK;IJ0Yk!M0gVKFGRR1nD`!rPSz$tlstI0&?$b#lURM6Ee<*D zC#}pMZ65Cm@$DEID6~^;*r^+NY*en&R>HQ5lWBfpQ7Wx40;9%j^%V+MKZ?vb{&Ifu z#iuJL>~j+Bfn^l#CY8gB^d+9GA$(zRR(~cPVdHNWSEi>wH1`oWCgC~MH5+HUGSH*~ z3>TDIib3m4&CEosx`O$xUDH6voaf;&F32qixve0^%Zp<#tT}A);%nh_#mSLtJ7&SG}{bOVU@HgjSx356FV3C ztcbU8yR!7h%S#11s$uC9;;q9n2E?FqYj3)P*%$^b>H=1l?(M3aID1wR{c=E7)-4=9 z&TMMCEK07DC0r8F9q1B=ht3M#PQ%;BdErEZ;r%1gay>%cZwVc;m~xFISK?B7bn;cr zj8l;%hez| VQFo2i2=>{-)Nh9YRayZI-KNVPpvc6;L|oq6 zQK6#ba_C6r?f(9N;9wo_!42Z>w$4pyuR}<jWRrpS&ep&+<7n4mDTN|hI%9k6% zz+f4J&2pd=&ts5=m?^x2kvB;~fBYYDqx7_nNnr`CFnQaR!O${$Kc>kmd^a_6q*!lk zKQ;AXkb0ROt9XPTc!ev$i4rREld!Y5_U^IIGm54ZJ1rMqgqgd zg+)x*)4Oo#!|bEBfYKo&UbUEok%}TAtGbH5M-!jBJ65Vu8;n~|6k@FZ%#OTw-ZjEZ zDAZm!JEfqRGZ_h z|50NJ)9)FSo3?oMr}XA~Q;|m^1-`Dj*)YY;pH>Rp}S8c&Yz!Bl56a(xtEs}Bp1S0Cbg*$H-cvCvJmV_ zYX3)bk)5GUu&1i5cmMEeh@hxEAMry7d&CChE;Qcs(9}LY_tNr=?l@G1(Q=uJv!8{n z$HcHN5XAnt?3Pjxa(vn6xY2aR1DB~e++BB1oQte@Go zy1Z<)v@_{e&#iRQ|Fpk&!R^x>n^NsN%~|=bUMY|NjQ&@h1sxgUp7O(jQm
    &(Ir zS!@+)90~lcfereywdUMP*Vi<+xr*d;Yl9N}2VZP-T6D0v8H8Tuwdt#%>~+2>vI48_9aS`$ z18M)j$H8~{!1B&#k>6Wb(wf-iuMe~_P^u8H3d`?a)bkz1mrw5Yl}_0Tel{B~0X^c- zi%+4X@6C(t;$UHl1q>fJ+NL#Ouv!9vplxi7?9EcM?Mk`FF{+$0$$sa>T|HyhNK;eO z(@ad4;ybS7_VWccUIvHa4EgDORwfSf5`qt-_WRN7cl?6KJVpZTHxrU=mj}-Yqo!5< zoq&5W{o;l!H0YSSY<;GaetGdxS%)V#Za|0wJ>G!+&q@xjZY(Aqyg5i-xIW13ez4d0+}}^1JmgR@ zay-FUF#5Xtm~}pv1LcLX6LjeEUK1)tRL*1Nn0}XQfJ$I`RD+)5uK4G#@+_{4?+nLyF9&LO@G3diW{l8zkaibnTJZz9C z=`#k!is8J?4wV?g(qs^i{h1yePMWP;p6w`R2VsbAZlpoC@yWk!?F#XJs~6ptQB@_; zKhU>kucf8MAJ}+%|KQqOt2fcyYuQT6UL}~2mUfzj#oD(Y?^(6V&%W2g_=}*Mu6JlK zpL~cJ=+DW|HxZ1^ee3D&C=$Wvn4Ky5)1Yr4r@UMh1U_)CtnRWKm;cOswX)nnq_O$s zGL_TI$;)5m<5OZ{`ZU&a+8CN9Gr1-G+8fFHk%~^OMWkcjbs4k&z15RfKp^E%$rkJ# z5){;B-rY@LI+Jlh+Vd*Nk>2&!XE-r62UCStsf8yM>AW^w2K`-2(?^ zK7YPS`4FJ#;!?`;aKx@$kmVs8vnZ=;p)rNRG0N|9@Qu}8^L}0q{P00L^n!FBLV=N% ziru=UsT;3i%ECMvwp)~31NQ^Mq=2BH`5vw`V(qN9 zp<(Wa5A@E@OH*?bZ@=OC@Mmp@`s+9B$_xaGpCFSIkJ^h4)yNtPM2NJ8e=!n7uj?a= z4XOvkFAF12q@iTo)kAz724*2BWZXu*<` zuakk(RDQjjnh97(vaDKBQPDHWkVex_-spB(vJ2$7Uu)*j+ks0g_%g`kN&WRO zu|Se#K=se)#YTci)}wKg&^yaY!tFj&a6e41_~_nBD%vOa9;P#5yY=Qh45r@)0qx|V zyq^DC+k)_NdqAB1gt?_9zqq*m zWOFEHlZ+B-x&1~0ylrV|@tldZY&UPhy&kDCS}V3dC)qFTw%-Pmi0h*%;mKRt;3KV_ zolyRj>|16OZKdACK82?rJ4(b{ChDr=wWN6`7YJH9!#kouH7`Ih3SVF>lB;S*u@%5vwE}NA4}Fz?Gz@B zRH(6uIrIrsjHb!%dc?Q#k6{+D)n!nejP&An=HTJuqnWej-4@j#r*Y`&%hoCdf5E<- z3^pjY8Q3Hq4zKGaCZ!OAPJ;VAe1^jVc^Mh490q=QL42pOGSay69%HRR zzO+}Z?7P}MLw}V_#rZ(M{a}866Kip(;ID($v{Dx$xf`3B2!vcOBAGX2lf-<^y{t0< z8Pz*?d^odrt}h;1mt9S+8%Zd=K^*gPZ4;Qmxk+oY+`G%CEz+Yp+jSka&Km zK2&DoGw5tRC#PaK$|-|;F3QlM8-=5qnOj(h>T4n_(N>L(#vD$v6BGHm=%jAa3wgYt z!Erziplaq!N@57dQh$xW7eyw4JDT0Ik(QS(o$Vwkp+g8qntZKC@@ z%JN1fB*v@o*9UpB04Awc$ZDPzQFYnFLpxp=hKcSPjmUc_fT`yNt@=rYl8ze&Bz<93 z)|diUuQn0c+l4+O!qmD(C8Os-Q#%NG=6SGx_G(4cFWCwSB-QMXT)}q*lPD&02bTp=%nie zFB}^Zwz+zZ*D~&`pm%xqqnX>5ojEy#V<kLNiHoqZVWayb3BMY`4`onH@_+i4AC2;bz|>u*8*YIjs_ z#HETD*93-Z5BvxXV8fsV)Rvs=dW%{|cTd>L*NAHy%gGh7Z2)wTe#@Mq%3kL$#N3k8 zgJ2CC{1|D5*qIyQ^#ih#z!(ZXkPdK(GeEKA3MEk4ix`&2+gxSC*39@zG#{PP0 z4i%~nkfJC4X3cZcya5r&7RIp?Nvp^zgR0`{Ws+`v2F zP6SbQcQ;oGUxvUnVhgN~WfDOSsZqqu!^ic&bKT#KRk5b>M*^Kjqw`82NYkn`r14Fs z6oLotqC9)Y!Y&~U&Ru0Qm)N_*SIXat&D&f6(z69892(APWa5o~ySl@1q+@J&s#f9F!1*WrZd2kGJxrm&t7$Kc7 zZ&-Hab;U2^T1jqmlC=xn03%yX{XdQvXZ2dH5;!4sf-PyUS9dkRvenNP+%~fT*5$QY zM>Otr0lq2dLp#Z>4IF?#uB$U~b#(;+*uY$GRzI~Gccc=zvEkW2FhH0eD#?*?mhXht zb$1Opx7)7@8l?=j3F$pXCk2Fr=stg*ZYLTKf`%uZ1&H&Qw9Ind*&575d;w~J7Hat~lMZ5G6jSwAf0rhLF7 zrpQt>huxF4JDMIUWBmC~(2`#{ae`94AzN$ycUKQOtCLPA?Z0dl?_+&AM8{Aw!#j@u zJJ%v5(AxDRwx3%Sk}J)D{kta=zP<`}@=u;=WLH=AIT%-0=2m@lQfhjew3;MT#rZdY zyV$Z&QY2q4XrljiG6$*k^f6T~$~I=gs`H-&rZi zAloq#jP}SEjaT{f=@STEh2L7`_7C$E?34QU!fsP+d~66f0%QXm9QMAw@+|@RtalGP zRb!nhSqaZa>_p|{S=ZbRl_=|6rvqTst5*g4q0 z!1PYfOCfc0#g(KaB!-1PEaYHPtN#s*lwwX!pj*m~Uh=|q3A z!<3`WBN}16cJu$+cj~{MXR?1+(DeMhyfOakr+Vyb=o|yr%M*D_!TJ7wpN5qsO-|Wo ze=tupzT<0+ZpmX)F(zI*)UBTmC5#=``96U1mQ8pO8W31fUPb=m@^9*dKbWAJ1z#;` zUNO;+t(+g|)85{|2=R%EmJh*ZJK~``#z0Uwm*it2w6!5OL|SztO#<~JB2iica4a9W zv0h}@B@)JH7qDzQr8^Wi60e}l-v*?Ff0!H6qS59bFI@vQ^H(U!^O$bquRI@m{$zZ2 z&lLi};IA^_?ePg$1+*4}a+hpyqkMpm;s9wsj#E~(ElQAKSQn@mB}fq0t|M-$B0YQO~y5&vN7XX2#NYfiY zPe)zX&vBe=CJxC3mOgLM1XiH0ttwI<_}2jO+&Sn3jn2MoI0BZanl*ql%*xBV zUZU%=`rV)P*7HZXBkp(D`L1~w>g(&z6#H?)AHwo0<-w#0YBg}k4bW(A8YR5PlIJy+ zo0*zM0Qq8Y@W~L#jYj5&=w7hb*$tYsR7ZZ}wBc!UI^?S2ffU`<8qQu^YBjDhis!38q<>d*g z;_S&F%K)1u0Y;z1ycEJFYqC7kfhs%!c?CF8AOhVEa=Rm=1zZ$-Tv$;0UzSRu2(%9? zF|Ug>tmtGvvo*s8#rLYo+PfOMRU2=gVlH#QN;nSza|dLUfFh98#I5XS19a+H%>Q46k?{Y@+D#j2>?iy(flTz}%bko+_EaFexy;PRUa@`1$P$(Y z_xIn}S#yMkZ?RnP@h%6lNxRu7$h<6qt^UK&el<#tm*le24=T6G_W?KbzTkRyQ!q5P zS?z-wy~NyQK>?cMU%;#Gd2l+8mJdGw=>`q}y96RpM^7({K(I-aff>9##6b9IvY%rX zRJd0Wa&k{IGa~@f57~+C`C8y^6>s?*Zuszrsi3?28}Ua~h-zo7?+?U-%GX?EaBT+xgRqG;*CMQ3NrA9F6{IXJ76 z-Tw&zZh_Q1d3*jQ&`@V8wg3P`#ENHPL&czDTgQe`DNplHO)v|?nu6R28f~<*l@@D4 z?MJz*u@{!$4}8<{6tOX3&cmy)jUbk|{6O~$#!P>Ex=Zo<%6v8rl>is6n55C}!8ntX zo<8;F?PPwMTCxmKJ4kqki*!Kd|NVNU+Uih2Q$r;T^s|A03s?=H%YJMazfo}wG!qD_ zVNyI-f}GBP##s$^opv@(0ZoTb-vFQ-x4HGAUV0B#X=;1>G=SzvkP$j89JdGhSwW4a zm4huiZm_&EjOC9v@?}ub0Dn#t_iBQ|3f=xdJ5Aw+P0^n@2c<~*eRW0yx1}EdA^{_s zXssr*&TWMYhP~y$Rd7sJZPSuUpxnbTIsb9y5;wtM0Yiyz(^kKYO_`?Y_4M|Z{Xt0F z_9~dDFE4r;==E)Z=ZMJQcp7+Kk-Z@o2AGb+KorK=**5r!xvu@f(Xcoezy{F1vVf>> z42D}{qakH1iK<=f9KAYEVHbLWwFEN%Z%EWri{sQ(zxO1_?m)HBK6O^~W=DZh{`q8y5jGnc6o5z$f2D$!5@ zKCMq%68WqGk{cu17Zx%%RMK7c2ozRyw<7LUga!uEAQ~y7s`ub8Sh$!16QWrua9HUo zn|`NE^^(OA0Mt?D^7M(3kr_P7Qe~;h-f1Z5+S{NP-yFTiSwY# zx&NR&&D5n=@rbysuLp`pNHaf75sx1_F6sia?S>}1<2;)4ju;!&=x{FJ3Z|ywpz1cZA3q)*ppAPVc04-8iH%hY~4{z(mapap#;(zW8rg% zft4Ew@Nt{Z&CTbE6gc~Vsbzx!9w%ew8*+x7R*EqriWW5Jv(o(bN9~Itje$A`uPcv# z5tXl!j6Qs=+dNuxc5!i$&)ZxPp~x_fo&eYUH%&_6`oCy2ZO1A=D90fQe++yt8K0jL zF8<=@tNbbgU*q@hG)5id0l%w`%d^9 zKiL)CtN%$~@c*9&d*$%;Uq1ua2(1RaC}3Ds+DHNs1g#c_799gf{^NiI7W6{fBV_nxO2!Uh{u>F5~MV|m6etHJ8be~{b(L|$iOXhv94b+H^yP^S<6SN;PhK0L=S0 zGU}?^q$N54UH5#90OrB^x+fu%Qq&3I0BFwl|=*cUJ%arq(f-@gE=X z6u5#oQs!@%Z$19;!83MQAtChf&wh+3V^A4E_%)7F3w>%_xSS!gQUZ;%&JuTYbPNF4 z-@gecjtyf!5QI~L{53%8fFN>dlvGLor=3salG6{gMb{`UK|F(+(rS zehelTl!gN01JsL^0+-SEt@fZq=j#K9UHWzOuKmk3?fQ68nb|C1vyNN0&Di`055KdK zm{R}nknvgk57pLG{(E%S9^ITyp2~mt^I@6)V|<1*_Zg;C9r}kSJySGUvs#e)){@Zz zC)1zE#q09)WctHW7N7Ck&+YRK`EGsX+$r=0ycCCIC#Rp(7ey1HYsJz&NwZ?ive6Yj z8>%_|Hhhsv;0QYnIcN4~A@+<@d;0p-$i1-OZuYyqP(+Dm&koi3F8vmQUuhoM^A!oa#!g+v5k=kCF+1iW}Pz)o($hdsG2apRiy=8CTP82iok%rED-3F2{7Z+l^09ON3 z!L;-<{qD}65;wn?%AMelN%-`sd)h?l+JcEI)k)}e*!hm%bTg(%9`PwF$@{XFR&!W8 zr-I`Pr{eR*MR2UuKmnV;1x&vePD@QjBd9wjHny__ZP%IWWzw?YiWn+_dAZr)l4O&l zVi_1meZD!Kl^ok7@49uDqceP7~h`d#uKG zSPQd)gZ4jhrzt&;wba8Ua4fz?gI&_SF6M1`cx;?R6j_#PWMOH!j33NoPe{0K@_;Hr zN%9$YtO}I|-)Y=F%*%_~@;RxvXD46s`)$gkQ1*rdiYMq(@Uw0c+ZYJNmm+-zL>qA7ES}c8QX%UX^VBf`(oe3*0Nw{)>YPZ@5Q02hA4wiUcE-PS|1z)Hs zcZZscREy#2$aS>OmN-swoy*H$b5Ki6>dfx#6?dL_yt6u&rC4`fpx73p>;WGsPmqvK z6!Tdvsaf10f({UW@$^=FQ`6G$SS{_p6=R;nn#uAJ61yy13gxkxSmU))yEWIqC`3Qb zCMFa1z>m?ALg@FP;=LL_gyt`-H#c1n7{FA|ED)u^#THF!mpeyhlp$PuHgCi`Y>A%P zL`%DW3&94nakl*W_2LA_hIwcCh==F$%!D|&bbyuAty^&-wwRfz-Gs-8?jMVjyNUk( z{-$Hg?sdxrEJj6_eRh_2uPEx~8^tzX@YxC&7?2)YTYKp^a!hFJqPzDtQ8A2}SLSNx zCvNKKa>uA+Gl#XXOyzvh;lqamT?cH+w%RJ{B2im7NWPV^F?N|+CpI}b8Jj4r^^O|J zuQ&7l99%uGz->0sS~Ol+f-&&+-kRe1%+Ya7(lRnh#zM6b$y+N~(OVb4Ro6LUWJAP+ zBMeBL6SJwQsd?wwAD0ZZ|N8Z-2UGF$DZDe6*IHOCqWCSMtSduj3K*DFDPrU+O039jXVv~7~efy!c=Bwn}LQj zKJi~TAHco-lhNnu47-{NM_aPY)(zW%JQbvF8y3s~Ifmg?_5QdzR8l#c1QqmPz)toP zDHG+MwMlN(iQM`n7NoS2L=+$RMh8x2TX@%T>PHO)X#y)axqas3pTS%7LVg8|zfV-$ zu04Ebz%Vu@<`Fpk_wV0p7`fS5SXy?rH^IQMGQpPcR-3@Z0R|`*dr|pWE?nsJJ-mPh zBQ+aC9I7C91o{pwc+Y~Nin3B41MZyGf{le*>X@m#3pitbGz1Lo)zefcwrV=8x+2=< z`Ez0S0)t3}X3>t#ll2Sh)ZK}@As1j3cXo|&Ux;rQMbgr z%I7F##$d09zsw1o9psA)pl3K{G+*^)w5$g*@P^i&pYrNRcu};oo10s#-u|{+F99Ql zJ@<1Kzp#;~%{NCTqwOoOQE1s+DbUom(NQCbMAey@nJBMV^*EcdIHim*@N;Kp=lJpC z=_r)XSXt5Oy)nCGESB#ok;o1C{^j-S*W4{YG7a17w7L)7wW06X?onCs^7y*Cx(VXf zuU~77yOodh?0xlmS2eMO4Y9egAvnl@WlR0XI^VMPUgai?oR43S-RrQQtb{{f#*+CX zmB0<<^yhGNkAC!Ye@NZAnJM-N(&6{==0sav**Mn`~qN-72eJGmIKRY=sD&t z2T_bU`@8F(zHT&KY206Wz9aZ~5fjI;$&&8hjQ%ek7k4Rl6y#+!T}OxMIC;1JYVF{p zpxoY=yKpYB`MPMaWRO; literal 0 HcmV?d00001 diff --git a/docs/wiki/media/AzGovViz-ALZ-Policy-outDated.png b/docs/wiki/media/AzGovViz-ALZ-Policy-outDated.png new file mode 100644 index 0000000000000000000000000000000000000000..404a4d643b0d948b1a2324df65c480ba3a1d5d7f GIT binary patch literal 86188 zcmcG#1yCGa)UY{(;2PXDxCRJ5xCJM;LkRA{9fG?Z@;PK!A007bl36YNg05mlK0I>%P4L*VsR1*r`!P!Wt z+W`Q`-M?NC@pQ=e;Da#sA7n&fwh<9AsA!W~ZIS>062J!$K_%zZ!(|U=#o08bdnW7c z;q5#Yz2I+ixgWxDC%GN{Qe+84WXm>2-YM+)oh6YjH4gbLuu|Fe$Jtz@x_WP1+rR?r zV<#)AE?Lrrzs*3RXRqyD-EKorS;?9y(OKEPgEy@RHR#8o+wKwg^vUjJ&P~eP`iQ|2 zZjt5miB~RNV`65-yu4)wO`EChecr=BsU`{8?+wrRW*8Ul8Tj63?~lXTZWu7sLBBVX zPFwGw`9x++6UNxtHpvdnHJrWY*_a_lH(EoBe;{WUE z*rj%Lx$Ibh-w$Ei{(tujE7zgb-4gMq#kSeIHP1OZ$;!v;$fNTK$X2;&qQR zJwL{5Ha)ZyksHc!@(xsFB+UMhI5m4Eiu~uqY$YNLPA3Z#S*AxUNg_>_pZy`@e_cmD zmp&iSEc#`^^9&0bf?nFB^N))qtfg}KQvj8iXo`B1F|FJXc6Ty}peGDKJ$rc2?E{5d5d2c#m-rlMYzx(wE zmx}dQyyYzryjO&qf{g(TJ7|1|^@w_WMDE)>YR6A7Y;fflSP;H#w=ir-eBLljZA{C; z16|avj+i4Y*K(cacX-Lu1X447bU?=!<}VqX?RN0P?@#p8-DQ63JG*Hb=UC7d ze)ya=U?Sv*S{t%nH&*2xpuINY#=9VQ^zi11=-8kj7loV0=l!`;x(m*(Gh}+`0GAia z%}Le!jMA?;>zdBYqWiZ@9@ih}wQAtmnFRQ*VQx?Rh??nIpKr#1 zYa5Z9Zns!O-47;3F2Yy$%eoR>^u8sj|0dIOorB#~j57;qh}Rs&y$aaMBE zRdz^TX@Y4%lW4m|W=}7;QoX1zPQGt`oynK)6Y@~`QKzGV`2b>Qx)tjfqT@mH>lW@s zmyRxe95gi+pGwgPjPHTz#qQFHXC#I0W-IP*3$?$&UqqE7=E!c%S8z7q+t!|%hxrr@ zW#`M3i&UOBCO6?kGzGjvqfbTA3bwi1I;evYmYi;LB*pk*+WEap1>$DIb9qAr^!$K# z_8_b0a!vF2yzyZB(ikjB{^q|;VLfaQAZqgh8*azlE1BC7Oy{z=75-!EiPUQH++nqI z&D?rzsfQ}sY0)?|zACcYkrRuioChgV=XpBN_CB!yV87n!F>fQS#1i~lglHy1Lc9z^ zt^(Cwez@2+Tl?-qik+m|yilvtLAqnJ>XAmahyuK$*%T73_isk}_wXKj@H@@IZEen8 z1yleK;@$QSF;qV8{*v%un#uDr1@EnLfYToa<<>PZXc!11-6cxLviLi~T?0 zy;&yDx7TfOpc@aapGA6JCq89t&B7-#Un_z6jw0ipN&Cl;D;-x;qt{jqu-1du9pKxJ z)x6`mebIkwTg0jO-SXR%Pj<(1MD_g82_^FpTfwr3zn?Y!dL1D8ib1#62k!T68#&%} zPrh}u%*19jqN3vd!+Jyv7|Sp*AdP_rX~+}r3>;aE7}i$)2(tD!NfRDhGo>O_f2M_F z&%ct%Fsj@iBl|yvW2+$;YAa-~fJpxHh%3`S6u-;JlJ6#;`V@|@Z7d7gJ~jRZ z4+MF0R@XIqM7B`x@w=ghJ@TQa?ASIai)1&EY1je5{4P8-e)?yEK=XF z1O9#x8H*@EW{?|72#V)&NP^b`wpN=f)SY?AnaMbZk}o;{JhBj~)&@8_;yYn2;>M7S zE6=Z8t%A)?dm5JrkNYrv-#934R}JJIxjfGYrQYRFM6S*}p}wpihn%_nDc|(`-iMyi zKt_GhV>9}PkH|)EhuL_`tTAw$PY3I*X~*o&SO6prKiOhc)gytWF!B~>U3R-o&Xv0d z?M){jCY2 zugv47G26N$cVs%8o@<$IN8)v#Q7pVZaj|U6bdW=>_KdzQjDNbwP4hea%-h`sX4xyV%&iW~_hOSl!UGV@!=yKU=}~iVXF7 z@_5{#Vtr@riKpUu&{Q;ydCv%H$?!lqvF7ql{NawdcY#gv)IV%P?}ZU*CEeB5cGFt( zX?@Dgq}$79qj*Uv<#*&XY3^=;@t=ts$04Oq>uh2_3P-s~UU;x_L?!0n% zLfUlRL3tqo`nofw9tl!Z96(f8?TQbqZ{QgXd)8sRCxtV_I90J_IRJ9XrQWW+Vd~D8 z_^Ukw{JcJ^&p*lyo|&F;pYXkcnmK<`L65k8dO`ccXn^ajH((Dd(cr|ED;Vi$ z^V|(&6M&er92^5WaBI!xp~`tRekOfhY@Wwyz`WBUJ*S+P@=3D8*4wrR>~>*G`4Fcc zcN)t>(>(6Jz&cMwLuU@IX{qG$7d@rN+}7HZx#A4BJyK%5AUc;BF@*hiVo$i2*CAN_ z!$ula!(PAORinxQDolGmx^qwwrnJ?+_Ifz|g25n#q_e-kU^++UvY<4SYUT*#-~8d) z-O%P0VB&O_;~6dV`Pl6?!`cBfu*H}9TtNKk#h28tpar$qa1PwKoLWJN8t1_S84X+)zu*RMeS5KT- z9Aj5rL(nC>9TmG)S{pTjSlj^^KQMvrCW*ToKogb}t~zHZXVqTr7zK31Jw^6(t&@5^ zH=dpVIfn4Z7SUBs?~JF7oZY+UF6XyE>{XWyv~4P>j6CdTn&-9B7wp8BNsW@`(y8C7 zd85Fl*jT>ALTK}0^JUo-@zRmhbcTSw-x(GmVaeF}u$S27-PmmCs?p|p;R{-8DhobO z>*sKu@s0H*h&Yce>h$}o(KD(+^fa8`g3fLl^{^8nOMs%0QrQTr3&Kr5e_y9zAy9;@MU$-0{wQ8?oL%+aYwAp@A`4#z@=qo`|x^-PKSQO76 zvwww5=k?y(bz(0RuN(dsG`by1?mz1UCn{U0UrB@dRg3oS!976Hc*yT$gUEf4&T;8R zU`8$NPqiKEZLkYK0LU{|yYxzpU3?+{^#lXdiH)wvg|YFuORb` zjq0_7?-EHoNuxc_(HB>q zrKgKCk-IN%SB>yK?Q#C_WW|8c zQSYFdH}HDiAf^?CH>3014|CP6&*ULP;TBr_4Nh$Fe`=Jmf+NgSbFakWm|WuIz;7>= zs<>TgZyx`YD$69Qvs(U+wUopiv!|WQ{(3Y3Q}`5#B!5IcyUG70ZBU{=9qDCHhlI|D zj;qRl8bya`rR0i?LXb{}8_%uMMGp%vBN2uWu$JRFk_=I{<|=2s z<&Ap+H$vcrxct=#2Nj#ge};!nlLd(}DfS@5lus`p=Zd?%{Mu&vmPa^ExP8F>a}Ep@ z56qdo&6Y6Jk}?FnGbJuioY4Rl)-gSxJZ9Iw$qbOeM9|YC2-y9Za-!wk@-ZpIlhD|_ z$<_#fYV2<=JZaCU5q3HGbZ%R%kIiiqs38lw6~wzU&WzH zkAjO*N{>@k?VqNnZ7ax5RAi~bJ9qi}rP;XM^9xp5UtsAFy5$wl2YgA7S~9VZi;5+% z)3aW#94|}4T7?ATcZ334_C2!PB}lVlDzjf$Mi7SrT6p2o-fbB$xpEtmx3EAJHp0Jf zkQS&vr3%f;2u6Zh`tR$ep!w+(M|$;Z$<3*Y*K=GSj&|YXsv1Cq+Gpwu~jm z&=mrTo{&~;7_EEiGC_GTSUJ+q)j5^ef%LlVq4jUetLlT-RbBIdMA@r^U=@yEM^zB} zjTD7O{M4~{mcQqzYayTVMTe1OsE~m&i)HHS6;%5-#5PJ%*n4+c&%=kdA@3!yTn@#p zG_kbc>+XN=G7f#=PXkgzgLsf~`KwX;abBA-wd>Z)e=7xkWgTuuk8hAj;4xpOOYCg@ z!oD=@i$kkL?O^0q-kFhB#N!NtVZM|FP>=RZo&&re(sX!pCmZk_mkwG!QkBfoA+ae1 zK;uQA0O)F{`Xqg>Bno}+_C-l>yXxUd)azB7CoO4ZIv|km8lMyFewt3VP|=K@N;9U9 zykfRNHipT4L|f$nS4!3M2xq8(HRz=R?2Wwv`YU7Zv?4K695XJ8BVqXli~)eJ+nLZ@ z*9a+}?jAvJJTHm{?BW1X>Khd-L0acFDnjr=yaO_%K3d9J_jMIKS`)Cr=B_*2A&j|teP55Qp@v$NMp=5#EzEEyK#M*@SN()|I7IxYRfR0Ety;o>XMK(5F^PB1ZgPS{F z3{Sb43L>C?zFz`)C4+Y?wgpv~0pjXOpOolJpMK0b+H(nbga*6o4tq3fm5!I+nqid5ouk=?xU_IH7*|ep4N^-my6r66}v< z;ckOL#TVvz4euDK-IG}VP2GbK>92p zrcI-N-1&SyK=B1;TZnhF-kXEGdreNAP3GC0W}hQi z*DFPR_1yVq;FB+)Y<+)#qJoL&r|n&>mo5C^Sg>;+e>rsY36-HO2V;`NS8gP7PQ}Ft*7cqFah~pIZgd))85b|oiE;8Hg|C8_ zB)G-#K14@Pd6fOWxU9pu8i_9wJS$VFcCZ3fj_7-b7_r7-QIU|oySU%NEezL4!2ycx zrtro9moqT7Aofhe<2xpnSfO z2R@@>*00CPf3eKsi{*rGKXl6H-d>}39M9(c5?^y}u+r}$&j*6DM$g(HbJP-Xcl`gW z*^g1-h%*6<`U?^aF>WdeqiC+slBCQ`rlY(QY+2P5D z$nj^4bNB>3JU?SYUWqJS&z#xi`M#G4C5()guqv1#f0ty~)^_SDqGZA+fkEuk*@K__ z!2fb=tc;K_FVylx^UQ~MwDg_50j+7T>%%vf_WS;j6B61%m(RsE8AMo}^I8!n?d_ewW{_Mb$zs58tG6p*5DZZE5*Maf4#2 zW22YmQGTGYo39a!xR!5Bcvp~p)LShs4ik}D&?<~m zCqbi7x!`UZRDJ472V8=D0CgUPd zX=p^|)h2>>ct17an;yTH+~KcwJbarjJt*npu*M===eM8tk_I~pFVKB%o_(xwXea*+ zLOl#m+>milVjonRN>?87!gb(p`_8x4bzt(*>MqCA;@JlJ{C&!2Dhip7cKO^>8S>p{ z=hxp^sl+Fx|CJ(JI%NlZ2-}kMDv95;q(xs;+Tm6?d22c-)ks-eMKzgx3a?%l;>Y<%lw^X3K zYX57V8?jBG>q?J{D-JFHh^#k7w#k$degeeu>U;NZ;LPUfi94qIQFDNuy-(bT`;>_@ z)I1*^#(KbPZBKWv8V9=BnBw4=`T|cCO;np>e|XiY?SQ%Gsvp*u3!cTjQqyC+H3;#BFLh7Li9<+>4lLmY%Od@k?ccl!kL|Dgy1t;yMtIS6ck|@D-VR9T97B1C zbW^ySp?EEp?UiN~+eWl#*);y<(G4>Bal?ji)M~C+Q-)wJgj*Bsu1IoP7@)V{%9P& zobY+aWigm^nqSJ1vgO zHIslc?P*8g>^N^BP$>CbTW?a9OB;%1xPY>$;Ay?Xd)cWvSXQ*BE9VAVU{M`zUJ0fH z#Zlq8iBXP*l)|?3WYS#;a$dG}%NrX@@0QOnV-;{corq?p>@8nPD&R$s8>TQGweION zT?n=DLedxgx66+EX3>K|>2b}d#$Ftz{E4H*JR6FSR?Y<_w7~Nlo}yTJEs&6156c}- zX(2+s^7A735G}HfDwk|BLyHTOpPgTMA!^m!uUdsxPtC*_P*tfd6IDEzNl;(foDSFSk>0co*@l*>>M>rJ7tf|>7 zwd~mEVpBqft^8irj_Qp%Ym~p^ZML?qU3n2ZxzL>w|I2YuBI=;d-2SVaqzAE+LAt=p z0hPInj|(^;p8ZCQtYzjt>bq4DiM49qq&~w z^37rzxND|jM|Id=>DcH;u;o`!SIThelFF8gn!}g2rvvwU6I?Oa;dTG*1$f;(?feE> zv@^rnxsbWiN~}2aew5!6vyYXuD)LAB_w4WnqHRAMUGD;UwX~quo zA853UkH#%9KF#wL02o}_E2RAvL2&0GwJ$yOY)i`$V@z&*rv%73z4ov=FIhf)zu8IY zw_K6C^Ge6i$dNeNk*H@OEw2JMt#dMLA?B(tlH5Mf^(ufZbYYzr(W#3ubCU!w9+e<{ znYyeG(@3SfH<-85z!*k$4bx?tUOp+&FR^Eq#{dxt{mRu zMUFTR35IK%X(*@giceh(;r=CCnRrfWI%JfJ>!t;vm_aytMDm5rgARN`Fe*0f4J6Y* zvBAI%mKk^2g#6_`GqQy*i0c*DgAai?&2>!>`$_$72;(Z81PQaQqbj=4A?btD_RO{G zYETu94gvcub!)%eGUfD3#m2xc-^17p#pYri;arLRlWOY=&))=+|D6<&UuC$b1Fvsqsae(+PB=MfP8kRTyLpKkx0os>>3eZ;`h z;C6tTd>Hd#(+;U?IVx0gxk}fY#nMGx8;d6 zMmGA6#Jb(bfdx8uiaUzVyByzrZ@WJj3gl^OU`|g`@d^j#YmaXZ%dW}W)GEcflBeca zmZO`iN*zgN7HC(~l0nv?VY}}~qxiB<`VTOQSEPlkY|}W%m<5Jdjuz{*m9XNNw*r+| zOG2UB;Kmw=<8eHtrXjNzs`C8~ChnG59SAFjiGKQ&$WSLN8s#+V#RVozAAn$=Q~dwV zE4#-DbC?)iKLFCAcau``pLP9+fn0=l18X7^)b5r~g*K6|0Pd>R$vofN@O6&d>ZCb0 z`FV;GK_X{#;~N3ShTWK}8bF*+xhOIZPMOVuyNI<3pElSlH@vXfL((u8W|6d$aT~$* zq*?{J<&R5QR?r2uPD_R?SweG~kn@QsU3&YOyVaj?yY}pE`|`oQYS@RUv;yi~j8{+m z*!!u&G>D~_K|{esX#+R#QEf>Rcj0`XiXvB(p5=o|J#arYdG1G8kYZ>K89uH6)@10VQ_6bb{LQI71@(pYYNC; zZf7KrA7}+XjCLn{&Pt>oJIBs!o+YO)BjHkujiZ$TNjjYu9-|y4ZWee%&7{QNRl!@G zur6xoFH_^1gNCPd<6zp=k=K!cNjgp|OL{U~<084RE}O7g3EW{sH6WO{goa@ zt@U+|fivw#6?!3=@64QMD-x$Kna1?rOpkMC5dE$|w~b?nfb`|LFf2P(;6_@@w;MFP z(8z2~NfX3&xD+F}K!!B5NRSR`2F|! zdThAYi!joROR9dz!^(XO(qPRBsM%yToZw2xs_GDF-BSRX(`cnE&Z5<2g!M%yWqEcb z;O@|GsByb)jd8oBY^kp}6b?-wvx$-)3WD6A=1h&cjBLm9$DG>;l=;M6o@p1jGqW^R z!12lqL7pt2WzToi++MqqA*Ks;4_U}8UA)_|>vOA!>rZe@F!km&`CJh~&q+NQSoc$F zlV?_sA#Qf8MOWM?K;KMy8o$le2H0$Q;LBujxm<#?z+3&v3?;lUL(#nr?(8LD+ag|t zHAp`(%=6|`YebP1-jx5le&N4orrA82LNL@8bTOyz0Y2s&XY1w@BvAPQD6)F{_PjB; zQXi)Y%YD)vNz92Bu21A0nxSrJ#(t8F+U@?lXCGYWrT6Ei;lo2bLuG8X>zmyYQfX{p z#{JnXQ`HlNb*3%%LwH;xBwSs5d^?f*ATH{yK3kd;_-fpUbCkq@KB`%%9SU zBPw$U+v~7~xoY$krGu(H{o_S-v6DA6_C7zmNWoW>iv?p8)=9I+Y{9WUj7{jmv=_(?Pb=_T zM`&_k-<7x}fIOi$7^8boiX-fNr&Q|AtY~cyeKoan7*I}{@P#gRBjD0S zNr29t0L0QFB?%l3b|4Oar{Mi)$#_)@bSPxowP*Xp*c?37-_Y<`TulN;V1Mb$XQRII z`>`35=C5E7Sm)2Z#iJ32iE+-lLflyHZLVt*&;WiK>4;bAIRUquXLnborzollR{R*_ zm(~TAG@*Jbnwq4-hHTk6jN7}pjGO%{0a5*-RRk*FPEcCGvz2oX?n(MKEFBa^bVggU z7K|V8BlkYXhvFf>$+R{)9b0rx!kFR#t!n zX<+liO-FI{Cu!P@2c;BN;sv^;*gaQtJc%fk<3n`z?9~Ev%8{^2(+e`V+CbcjV9+FQ zQ>9D!z1mYF&WUxW+EYS6CvflOIH@5*3KPD}w4e&q(9oE9FLM^^i~mo>>GY!;S)K%r zOBA8PIQWv*=E%=99W-*Ibj$$OT*NrIq8&;gWp5dBA z-Pem>@xo<-t$gNyC8hO-96%gvW^uVtpkWK?alr|Hf0Q+M>7qSX*hF(V7j)nX_WUyf zKUKJNO0$CkWE>VgH6|ySu zIx0$nK=DF1S(ch1_<2S`Zb(hTL*7b$j^rcmaCBauf@+#`)DFg(?7%YzA837lwRA{z zBxql$1>QwC3&gS@7ESA1AHOmBr&n=sJM>mskz%ZL^7h?}+oIX4MDQ+_QeRtod>|L6 zR#}Te&z>o}Uo;m2^BJ#t4^j|Td|8oVNc&q_bPi?UY z_jcgL$-`N<4+O7mCh;}#P4;=I6l~aAZre&YFn-WkPR=a80gDEj?GD}k?n4fy13Lw= zhJvw_P?~XbSv5W(WyE2j?APUl*KSu3lY4uGvMlsc5VO#8Kc>i0HNOTQlU3F@Z6ECW zT^!1;S&O}XcD49{yJHRh)r;C5KRl8K)5K3F+Ze>Jyj+O*pBHz|Hjca^_JRC@ZlhO= zd>sF97#YuC;!IfguPyv7Uk8pAZo6;9eezjnE6&D5-I+^nM89v$GrnN2C}ck`)eG07 z$Y=`n?qwVtzd59iOlDGWc9auxi5!1IRgdN-6n^v5=WJQ$O4Ak#0Wb}3#%Erg4ZuPHkMj1)E4V4 zzKoc(FnknWH>xQ-o}OWu=Rr*?JolT>++t{Eg^7}6(U-EvTc1*BgHuNm5;qJ+UwLxf z%E#=b)k06H?;p^OJgO7Q)K^npEgAy`@28+6TXeolivZ6Bh|M4Xq4JkSsh*>PoFphU zcL9~XNtDEduA@g>u-5%8>;j_qe@&yRX!q?0y9(Owj31>gT*CDDR4ndKZi`R&BD1X@ zGt}BzuvT?$0Qn#mzQ=jFvFCn2s?>kHo>Cq>2?`k15kA6v8m0fvYJ0ngARiC!ehPA6 zLowrXYJEF&NH6fr-o8lgparA#;2p5b3NB0#K&4zv_B9Za1(J6w9ur}{Ne5 zS&yr<27%H6M@5K+0rmU$0~ce%y|Be{N_)|5C-X?ZA^^;VB)+GlVuGJfWrW#Y`sKMM zzT^<|NlqNYQ8f~I`EwsO%x%?-0YgN#4EjCA+5(LAuwY#Axz5R*NUQZ#OJRm@WAl$9 z;m6%AFJ|HcVbkwc$^|kGtM?8v{U>7=*cl)eC3Zk9g{0jN`_0fMGI@I zMvQv&lgH~!c!amhy2bKk!+|bfq=Hb(u&}cN#$pYHMYhR2!F|a-^fg`BTlZq4bDSAn zZP?#iAlD0vqgSx^BkL@db==BKjoAzZYVkyGQeC&0G+Jf?eoh2*#CoCB9A)Z0r4(qK zncU(lgC{RMHq<4S*Bd{q)4E{+L!(_GOd~L_PBxY~o{@IS0lLnQnzuzz0KU$}VdH;W z@SV#2kmc>KB1i!3EKb}-@cHE8o~tq3=(S#{Az_>Ied>Ie?bOX48RDFZ#O^v&Gi9=n zV}W&I?K9-|)O!KArlN~F;CT>K-|BW}aI9p(0CH+OU8f}C-%z4D0Ohl#P~{w4%@0&d z{|V!8FlD2y9tI9);ZCRf3iMnEiH{&#SlRBn&wz7Or?kbWYib{YgD1EP6^uI~uq#pG zkzDW4_jGc`w7_gs0G?^80)d(`w@E=Onr7&VBWED@Qv3)lCVm8$TqQgl+$W_V#R%utMptDTTd1;HGE=LKT?mfs7{bO zNJ`zjwpjTXDX=0nF=Y3yT&cTi>g#!nzy3{T%4&9@i?w{6eR`?N+NJ`VwVla18Kmgw zR(6%na-~(*jNFG(+zFDh>=@ie6J&<0N!ixg;xSRuSEe3vC?!A}9fiH)vnhX-7$abCUty zmU|^{mQ|^J zo_n}v2hEh$j;{j07Uz-8rlbn#%d6WS@s7|L9-qSzJaw#QUVBZgskXfkOvX+HM!288 zsSo<6m3j9#{{IQ>z)LU4amA&r-jsc3-!)5OA20|B%XBbOHtIi|i9Vh{GeWfDA6}%4 zC98CV=+L|sN91Q+|xG;pbKz2Y_yvOmjAWv}ju?9?2z~v5t z;~bZQGVQ8vI^>pqdCq7f^gl!e>I;=w=$JZFX&Gz=660xGI67w#w(n>aKy-v{57#Ar zjAsI%daD;P1wky$>YZB3&@uh$qpJ>V=|aC<81GaKkgSZi&muNAt8*59xw#RrY@qkXUDW}AB(?^T&9{sS^4{(;Vv<4ilpn0|72 zM{S|W`M?a?LUI|^zNYXXu}3{5wZc4?v`uYylVdSG2VjVl^`KgcIAjM~98H$0I4IIm zm%EeQaAs**+tZ&TaONuDvOF1aE_B6;ILK;FqobrUCsNE&C!OUH@8O7)QKX~$vtZuK z=ltc+&+;c=q~#3#@#CG)8hilR62iZUcK(0EJ}P1<3_7IKSS1L(Ed3YMvt=E2lt5*A z#$m~}1@+~F{w4OYbjT&ReJoc=I65XtphH~}B=$4EFD4mdH*pa(R2KOh?98ly%*5wk zz+edi*EC+(S;Hb}1cztws$M>+V5x~sN_DT<{M}Tg`g5=@ znUkN045N&#vrwV)QEP2C8(j5+7r?+PQysW|c zU1|h#6R(*IvF{^CnK@qcJ};nfAge~9X>m4t&ql@Wvr*w{kV-m|=|Uv+FQ{FHSmC? zTx^6Z;L6uO5sb5wcQ8DN<0@_OU5K~l#qgLbId!Ah+ozAFBC4C+9J^ZiSuxV{1yi+& z8=50OJmb&Q;%st(7YSO$#o27*jkTk>r>`*dv}JgZ8#IuhlRsr?f5;?XXN~B#aD(aA zRTcLAK&^27k$K+&8;m)+a{b3^1i>Wcu3Tkm{<;Ip;)D#vL=>ZTIN>_rf8Y*$#4)qM z0<%+=8COZU1w*^|Ngso{0S^jfqh>0hYlJ*oL~q7=XHdU%`1Uu zAk;!@Sj4_iCMd7M25%|;4a%G*d*T=#ldWG+22sebHDO^&=f%K(zn5Tayt@MbO65U^Oiw`+n5g@c5{&Z zgu^W&D;4Z2JY6vy-y8J{dnnzJ1$xtjjR}4O!wz4Z<6=yifmIje&+lhIY6fMLsfj{( zn{RHkcMDhjj7Wj|KrG4uoGlN(3g-LjPKdl%JG)?=)?U>WNZ?Ts?lvLAz~O!0mWTBD zYDHO(q=xp#BxBF&eUq*E1e)VmGJkIL_o`EH_%i&Fl3mIIKWD}NLL0MSTG!`m@N<+i z1{{7W3yUS|3r_DbZKiXCX&zkh2gS*L2=@9ReUGGZ;{p>ROjS?kWb%?sW*VWEIzw*I zavRFZ5F%hgQuyTA<8=Qq;lq|)hMDla@PM@ln9%Z!u|uLf6OXpD120D|lkAwyj|qk_ zZ!*8NVZDHg(OCwh{;B2QV&)*=-;x%XKwQ&D>p+!xM4Y^c0XffV<7ok>XimP4sy4l058#+XaI+@t;~plz_!85AO5 za@95(vZ6?MnxYK9FAu^U7<$hoYV6G>C;l!qoMzq6=4U z6830B@>0jC2GB~(mR(4gnwFTN^kk17bc!7XG#m7T(|3`3w9$ch`jL(|i!u>LC-$KP zgMjA@@|2M&M<7!FyepCNioD6UIwAdl>RJr9?j3WfufUm+K?$}yh7g{U@bpq=tLbL~ z&=<)(r1n|=EjRbA<#l(_v|iMW3vucbgP50}4h$?=&#(@P3-oFhIbqPsZ)$m^^uNWq zn~Jp>P5b)yC|i^FJ2W zYzx7MNEvy5$j%D+ae;-BR|=dSFb-@Hq{}kL;`q_8@Sm~pfww&!K_ za;jiN<6I}ltAzP^;|v*QtaU=~&Pn`F!e8+DA5-{yK{uPDJN#k%_k;XBRqFXHKL5rp z`QLydjH4uC^#2}ExVp)`jX?`A$nLxu6WJ?FxMmIJ${p3VI^PaO+qNWt={yDyPJiHx zGi8RAij$|@-+j+N^0*G`xphbQO4WPw?#4hJG^=nrjron=l5A4)A8SJ20`+7$pihz$ zaQNhRoO?qVq5uqoW#N}o9I>L z^83+!Nv)7Od0SvjW2yU*)6msmc;mgc}a6) zSwtm|51c ze%fLY17CTksVG9^z6E_@sJT*R^fQ~nkqg;3JomH1ghAhNlHB{7F*fBSc6IB{1y0{O zEt3=OB7XyAOFffJnLD}W)?47!UC#;49cdnaWgE@kO3bDDziQw>yuuO13(+AASj4_R zX=iU&Pz*?|V3l|&sHwLF;`wiII8Muq%y*DA`1T*+2Q-ml$Gf1v&uIW#WCD1J(FJs$ zbV^}^l}FA>Zj0R}6M>dlrBmSB|BI+o@d0CFz{{>K;*~SxGY43o9UQ2*4PQ|atavo~ z$`D?qj3Ek4v%4U7`e<{Ktd0^HC)-!Zm*bl+R3@>u^#`>P1vbNs*Vh6B==S}%C;qS6 zH!_!_!DP^jr-+wn@9}{O;#}wB)1tH~3s&4Cbjz``%@CH^RLR!U%>ZzRo0Z+wH6$~o!Z-;{xOQP)<}z-njM z@Yqvb_DCIsjHju$*@ceZNLDOI5pJr`!Y^{B`U5^Av|91X$aJ4tC-S^y7<8iv=1uQm zKx4ziX>Mn*cZ|GtSNkLmtsytcJL7&w@4kf-Y9>vOLT4@`{?mnOq0FUImu3u{=A1gXTLM-op0?NsyyEsVcp*Wh{e@k2jbw(V zSoC~AUbza=l4!5~7n%twrvBUdDC7SZFB?$H6Nn z{zUm1SU}_*b(vKC*sX02ifrz!p;1d1jz}>JPDR5J5u9fx>p8 z*ymg7o?C7R`aj+m>-1uoy}iG>e65AAR4jpv0oi9~!dF;L6ni1~<$~8lh@}kb-%dJK#5`Imx2lX0tRBShBoK} zvxVt2GH_GZLKDJWv40ouaMp$YawtOlgAaDsfDG|Mqu)-WrMQh)E4N%=^yo~NA3(4GP3|?d};(j5!&Z-jRCp?SC9Db10 zadGU@`MOrJ^Di$^07gt$r5>V9)FRYUR3`F=Qf71tLwz9Z?(m`U;*ekW`yuXmWGZH< zb~pW3e~CZcEid^DK8V25O&GEVTxtv#1tHE!YMp);=R;f=BINW@{mMF)^TS0_ne|=ys z3u0uGD~fmdJN3ls8;4XqyhFOC4xLzCb9V8UqW1#4Ba2gTfw9Ej2JNBCTS+_CcxI zIZrTxarjV=@C%batKQ*krSORxiS7EY>WS4x=}`RiEcAW%i%Q2B zjV1p@WSndREZG)t>jyH^lSb6$S31|Ew}xHQob!{PaUKDBwyj@_&~}4< zl)I*;(jwgoA|TxisUlq> z(j_?{-3$zjNJ~q{5YmEl*U;S!LpKaPbpGS_y|3TT0v6nL=iYPA+2`!NpZ%QYsv@NV z*?Em;9%l^>nb(HJz8fnfsH*izJu7*8_#e(n2W9Sw+aJ=(j^C+EEnk|PO(ejWf`4p- z#WFrM`mE9bvv_9W%@^gw^?O`BR&nK9uPdH~!m95+1-`nuPB4hc<-U$41797n#@5k>oei*-**~@8#l=$$ zx?=Lta2S&l8o7clye!+Vsij(XHCP5lkV+9d+N{uzwA?r9LMRf-RalKksxhnJ%Gb}$ zl>`exdlC2!c8SpDK6AnJDX;(FJ7)F*sb%yX&N9K|q&WoQ#Um~QlMVyOplREn47YZ5 zI?AZtG*mL@jA5ew&6mf^!m3}Y$q8@r9SCp!+QrnIJZJV(<57W#k-7`**O;l!_#n0b zfuX{N_+c&Zr@CTyLC-1C+}R&5U1|l@VXH8~MgcMK`gi(<6gUq9ZebtI)-&I_r%tpB z$`s^w7{1ka)ei5NUaHGfmVIxt7?z|=DYUViC?0C!;6u|&NToU(IBfYxfFVio4`!zu z@qiK6Z%QJY_cZx4kf`#f0oD98P z0)cZwsxRYI2VUivYikt81C_d76*`HqRRn6Ar&ag=q2MIj_nYty6Z;00Z<-ONIlP=z zp0T~a#cW(*XGLd@1`1}rr)cNf!3{4Dr>detmG<_0*~yK6Ni}|>CtdkmXxmj%;g~Zp zhG!Uu29Wh-SMauZdT*#Jt`5yI-w9J@D!fWTQAFG8-*GJnaPpua1mcec7kTEHCeb%5 zc8Nslv`Qdu5}hsAeI=OE6rC&%=VlW}{LvQ-^=nf-GUL8Bcg%IBuW!k7mo}zbJyAL7 zN1-a_J)f&Z+?`G8ElUDC^Ix;LmQR_^)L;E~4dz1;6yErZgD%c|)gCbW5|i2Q(hMv; z{z~tOeGJ?JFMfWN+PwmP`#poM>TNck+GHFH{^yFH%5JWXe)i(1X)Bm#;)n?3CueZb zSHWH<4pkyZZ_B=c2HdQ;R;UZ&KsSEpsjbIX#ABxWy&m01eiona@(VMIKsPBnaD90J{`DVp zKU$E>%=6vDg^Wt- z8&<4AD&8mkW4!{d4U*NyS$&NM;`wAC3&#A z$P4`X0OJvs+E0x)QvQ)&^FI9~w&;7Fm#wjl{^_+&V~{)zv%M;ardI25M}Z!T`p#FM zae7U3^pGcyi9dY634Sgo`{WshPh<-6uJjxLOk=?^k{w^%1Pz*;RdhBA?&)~`CIO|% zC<{^ulgu@|y*pQ%PxX)7PW^6m_avi84KMX$CEE`gZhE31VGk~du!$B$rAfW0n@9J% zb%oA#j9&XgYeegEoMkzW3^!h%2m@HY(!kr4s&0wh(bKIM%(%ePl)YhyDAcz@lC(mma^{iTUn`ND-a2{edDOV|1ubShs z4xqCR)b3+m=6>GlV0N-Ky|2aLah-JV8NSLh1nYMt<3wH|)t<6ducfw4pS4RXWP&&` zfTA`m#rSM=7M)ST-@1|K+WM@q=e7)ee+~{QO;f%#ItcPn2rR8g&FtSfA1u%Y?VrYN zCvc_Z&!%={DE4U)rtJK3IuxVyzQ@QV6wwET94Qk(rc61$RdipAij;q)lFVUBlE-($ z$f1J^cmmT2#V5<3HsV^{Eec14hzBaukvPqk5s_Xlgb!#fi5ZW}$EcF5*9!zFy#RU% zT34)fXyu8P6e)IlmJ+Nrl4>z!-xDi%Y4;NLOLg#$s?_oQcSTwoFD0Qpyi`8a$p!nwVVCUEEao_`{C%_D`lT+QLTdB{e1(&UxowbBy#hDUSH=FYUlzUZ%H~bm4!B*=LB@Y$9-Hhe#ei940`G6Yg z&Ouv@L0Ji3t7BP{GEe|_nW;^`^sT@NtdeRbaZJvtAMaozCgq%8Yx6x;UuP17Hs$Mo zw4R=+Gi;|vVnj(mci%>bq3f#H8<|+%2n^W=4xW1-$WMM5|JqF;KXnvaXtVWR);C}6 z7Pv4pn};(dNT1K(zIz#<__g$b$9;g}KNZsV6S6t(e|J$45=PO9Ac$4)8f2^f`)vRD zeM8J&#FF|e!s#%NtYnODWMViUg%(D2W?c!%L{Mf5={sNvQRAi1{sSQbSi(#mcP#s| z>3-}V1}fCHt24z*tWJ!-|BNJ1{&MSp>-^{TckcEtiNVoQKFgDq{##)^P5xj2alu3~-P5spf`NJ_7npcGfD1kEWo zSN*gJ-XcFU6U3po#e?supD&I&cU#H zdE4Vs(NSa9nl^JKikABcWwKXemf~rp3uw}_x#fUesP*kYU&Id?1wh`|DK0<>is+Fv zG}%Kk$QIc>@Hv;pm8nLyKvaxJ0^tDpM?fe9ecnUAT|0Gk7k+__OiLP=RJ-LN{qLwn z@%}UtVQvW2`r+m`711u9-SG2A;9~LfhKQe{Zs?Ymv4!lvOl?Nwg(DD8Gan9EFw?Zj zBlT9#>AjQ{(45+Mj)m>Fx#Dz=Jxp2}FsSxaf#*6qOvO~uJVV1zVpseX`}N){H?1#p zGg}W||8%+*z$3rzVK$nX3sdZar4>EE&E{m#ezsoAHsqBA01CN;O>9s^4eic0*bD%$^WzQz>Rk=wrnm}_gisNS9P+FvCQQf|>v`TVkECom2bTb^HtK31MQuB|orxarB zrRUx3a5>?>mx!AiZL`Wu=KakGzC1lIyx`cq7`|pVj646?)mUPqX}T&6+J`FcH1Mq8 z92c#+@vslO*9Cwqr^?yfJU+Mk9Fbg6uCg9#8S?4EZmPj9bUZo?!&t_hQFfO)61xgs z2$vUzM7pp;y81}1y*QtS0I!}|mxhtg4It@h&Ed&>#dp$#7qEc+<}A?!-tHd}B_kM< z&Xi_VTo)v#q5OWK&iRPE*nU+-s*0$e#*o?x@wyk_@i*O5vnFK6BcX@Irvq2hXtq~8T2mYH+2}I4#+}jFncp0p&uzwm&l}<6T$vnJ`hgb5P_SEjlU=VYqD7~1uwJWDZgU2W)gQ=gRzA_@e-8_!Uldy>ba;#?*Z^|y6$aO4n2~r8jCkxUkMPIvSq5nnR_`=IRfC`oQ=y8 z49-Q&xHk7y{rE-s?sbL*{DY%M00d;vdX-%}H_0@6B4D${ZJ(EY#1}7z?xn5!smDYz z%w8kZlQO6M>KBB^M1yj(cpyz>ktr3Q?@i$+i!+gn>>~rbHMPcn!R9gpMdf= zlGz~r!H@Srk^KGT-pdl`q>r1limVK*h)|pKZk@BqGQYd>*gTz!)3g*wM=fF-vcj9{ z(sE4Zi6p~qKVZ8RBro7h0{Wj&KIY6Q`Lw|5YFwB^5#`=r7-qqQp4Oct_I}T%drW15 z)a2S+sNaV4#IAAu@KF^JZ|!9y=nU0=B583I#iZ&}+_sC4w|C9FB+t&Pmg4vBMA3WKgT)IEOsI8*sa`2*%Yxo} z|5OpF1g)E1;WzN`&5Ox!+rY<+!irRQHy4^tN^%g?d;bwQS>EpTpYhm#1qvVig*ry2%~km ztV%&>HV8~WP#J3N#kZZz0eR=%J5OkFYB9&QAy$H~*eg=&0~lAI=K?*T#`x-}apSV_ zi#lJ+C`MnX&-mhzCd~~zyrEedSr8+1@SD;c2XgR)U%MyC zf#Qx?OWI9(Jo_Dc8Wu0Azvnkt+=-AGC=ML9z)aIF&zC2LP(pTC4SW!a`iOcgeY$HQktRz&9Or+QE!i+i*T+)X z1SL-J$jOr-+YZRN(`efwVEOE0MN^D}RpSF<8c|x_lmT90u6*P?_r?yLypGNZ;s@Lf z2Qaj#wK3&(#@oWhi|X)U(@9Lq>D=R=kWbP(v1_=!{JEyv9eK?bc$q{mUxu^XNlPH| z2r@G`$zcxjRr-wPCPj>P`3yBfSL+}eq)xf>=%ek30oguz1z#}L)gtAUKX`E_vtQbQ z0kRAqk*6ClK=shC(iaYI^EzDeBrXSNvM)Gm_vXgv?LnUIE@FnnUy{h3`^H%f# zD^oIFn|Y?V*H17OjmDXgQG1MCmZyDsiU;>=yI+@XyLCnSg`P!4{Wa`nk{ir9+OW{- zaXZH$qmu#F^dNyOmm=MHDP@(309v$CKI=dM#cTi2px#}oGpRc)aV!2f2v*;Q@| z`?*Y7ejMi|`+-k?(;R834PW}CtDV*&jsCTwzfEZl9*&o}Butbb&g~GuGnNM22Fug5 zgq`awD)CcLURj4Gs2D1sIfwCFJHmfjL92MfXz?5<%qFOQ=T=^)VIcqtaO;RqSCCsFuiAni& zG}-f~-)F_-(k2z9kOy71?d*${QB4%vE{eZLWOd_BCZ#)lRAofSM|ldvY-$yIodfkY z?f8CsQmRz6%ogL_rWs=Seo4b;q-VFJIQd=bQxKlIMbv*iYQ%O5X`Ba$orK(sI}1-u z%YBelH4q%7rxf=bSv63QgcGT48&O;iyMRM0<=D1+l@V>!^svLQ*P`<;jHg`YC!8fF zUp83(6vTcct(^>UrLhBx(Rz-YKKouJ6~PVKnr|sCL2h=S7zxTgLjZZs_RYt%$eG#u^P@$<8wiL#_{*;~Ul$zPp4H9oY~ zx(f!#o9%Z7h3Cv_O{HtWfl|<%gkOkjzKWF0Ml|ERq4K0Zsp4nFZa%5f1+m9Dr`XPe zYZG_<6SK?KP~&0Ycg%W9=Y|`%Y&139vby7SCCBLtlNvgFP}Y?$IA*B=b0{) zZAL51rc*!t&}|)QqtZH?=Cx+S_HKwAEmOxM{BLR;Bx^FBPD5;|Kc|NgLnl7y1>qNF zDUoqi{_OT6mN0dkzn?dk;CqU37blpKiPgj-wvJQQT9H8={>1-y4nd)1@0Lzjv=Ja( zkl(_h+nR%iW!J#*I%rZ>Q_TR;3TxhzCnq)u^I^8k$oooC$%io&>=I>-80T5W>+0~g zriytxF!8jpr2r9hX{}q^d2?KE*M1_iWSIO?=;!mSx0M0gVf234_24P#K8@Wv@!QtE z9NY6sNS0iMW#dhkiCe;n@!@V5Tem(@rm80%ax@iR`=p7(igNs-a6;=&GBJ)$<4!eq z{Fip)LD<(T@$#rJxD-0mF-JLbQ6G{xM)bs1I3l@gBY{SVDIK5T$IiVtUj0xAPVfjs z;~vP5ykj2o?69z|Zdz<5#gAZbNX20}R*8*4x%yg)xcu21>DngSM^IxlGAZajE6T%b zT|G>8OB@4anV)SHfaPi?j{(=DtNW<#cEjP zQ**HOjA6fsi3n=N4ZM+YGckOBsfBc>Y@?v7O(v>L~3XLSO_c5rMMPQ8CIi10 zvy;YEgjavV+h_*lGD3DIUGKYV;09|#oOr*k9ZOejbnV{vRKm?kOZah!VjzLxIcqJu z-OC7=I(2_vYZTYgW(o-{?POWM*=UUB3<9>njyw>M$UUf9@7Jx3y1xob+&GQUIbLnk ztoXJLdVJhhBjRgj7|*9W+W7M6eis`>yj3b)eNkp?6o0tZxn6r|!aA+CK+`Fw_P!PU zN>IOv)kl%GDrkr57;V|2BaF&yhG~rgd+uHe-Fo%e$J^^EPM|W)F%43?p!7yJ8t`?P z=SdGIA$)`!=PIE1q2o&E2&30d)7J)=T3em8%+Wj23z^5+Ib#6M=@wLAnrn6k`8pT5 zT@|N9fwhbX81E(z<})8&^C)sNiGqCtR62(fldS1T+fYDzT@*}gyFDn9$-+&gD%5zd zDbMB8+ib!>#TRW@`tTROnw?e58`RivK${#{qUCmClZ)I4P?5{qom@1AkX|<%T#Cz5 zkQp8W^A7Wdv&x288u89kH*@V z@lB#=sR1sMbTrqqj|^BsN=39GkcnNtYL_CGEgMqZTs2pfYQtrmI5&pG`ft@5=D4h6 zm+EGbJ4W+n=MHaO_}MY$JEoa#y5h#f+;~vZj0Kv=k6JUK4Ox_SF03dsvW`JcYceaK zt}!)ef>>Irt?vTcrCP=K@atFFV0s&*C5BsEmd51F%>}-GKoTM13!}_e|R{XQiOghaP@70P-S_{MGc2&j# z#XBcoES9FBf>BsUy5_sS=N|%>hw=#B(nEjKkfJabwqo7x6A70c({AbxzR+#&Pz)=R zwU3|ii2L|}=TiE7vllB~+q+>KC+}>_cyVgDOP<$p<3&s8M>tiR%|H732VgVO#xyny z?Z`Jl2pfxgVQNp=TL^qGeXg(=Hyg2>%!7eF$U9E6*>xXOw-DA zL`6yvarh%O@89WxW_<75g=Q=_ws;UH@`)kcJ%YV3guBzS19CdyoAVEbl^}lT$2^p4 z^!GFS-M5x8jk5ViNU-6e<``>DCxo#7E-)OTxZ1Dj}iGTjpIRmnWbh zxLuh>Fd`(py?Tk5=ts#5uNNVo%V$bv!o>BH2PT_Yei7V%(qR%NiS6FjM5Uq;NX0N3 zbD0ncqg#pi($i#P{E^UC`TAQ96UAGusX4CyU|E+hw*O#qgf8ZrvyXF7-0`EU(BdCb z@4X9u{R%g66AI<585j(vGiUObWk9(MpVhh}W7UC7(8@{_pQN|_&pz|C6ZIlYK|8d&g5gNBLAKZPRM6sy2 zj2d#Ak$ZRveql(CureXEEG)z^^*w5;+h4}=Sw)>d*){jMy!QF-?OEG!h^kaEzcc+m z3FiCvk9NeqwQeF+_4Sq1Cmh0QL`WTX4>Qnw@UbBbsbO?FCaFO;pDqsl3k!($r%O$y zcU^b!1Gy)nRStOn!Qu#`qFq{Ph{e+gz~Y&2hY;CyzrL?_u}TgC477s>%oY8O%i&=x zs_)-ZmNs{D6$}2%{JC@C@JpWq%wgAU5kj}XjQ#gYotX<_n5ZiiSI?45sZz|oRaJLM z+1YvBU~nME^r5g<8#(P;$b#9sxIXiCV{!B%2G&>ZyHPH7=(bv1fSO;QPg>c59Pg|s zppW2W1}){R2*d79kpT%8{b`XscgBf{3HQbcX-u2YDAK>X9Y4CA8u+#@%98C_ndG(w zx2?CXJFYs{+6z%nTc1rEQfbD0+);YLxX+b+jRSbfu#k0uBYV`YJaxBDbkSBZsHp3J zBT=BzsqAyx$8`AY+{sP3Z|vz6x2Q7NOFqVo39fy8?%kLG+nB}cD9oaiL8oZU(VLh~ z*GIi^$0w%;Bgo3!n!;F@#amO+YnG`LJHUAe8F{IAvOfc7)$Uv$EXQELP&^1%*mKnC zM9)PmP4CDcR5-+OFE75WHDX0p6o0Or-%|cvw3?cx;SkKP!ButivI8g7y>VV{N_8q( z!faVCn=5X}z2M;B()07R>ncTM+z3k$;~-vm&8wGumLBh>E^}Rf6&3v%6_fW`7WaN5 z4n|Fgall{AV8<`xo_N?#1a|!+V(e@5+B-T{9X;(mMTMx9t|tdiR02QU^=UAYCrypoEs_cvCGn4-(CL^d2&o*(&9$ssnL z(B=|7OaAe+oO*}T=uj^Xw`zZ;8KHeIiSR6D+T&~2)HLL1NK@vt$u*RoZYp&{PAM58 z>v#8C(2i*BnfziQYFA>VQ18h%f)ag8nzK&VONu(U-q2g^d(){U_%<=&HKFL>-5m1F z`YP)|Oxf|BLgHm{L@f*=zxy6S7l<~*Vg<&mx%gh6c+zVgjz_DA(|5-yDAuRMP%UUd z(@}A$jS=CUlx#3N`0SonyUuUw-o-DZ9y-hO-O0DjX=NxC@+J4zuhma965+RbG_Arf zZZ`9r-u*kl*2V$(EU7oGBD8uOf*jSDDte+0M_BD0T|{Y-PuDkpUJPe8tQ2)_Xtx?R z8OrI^TZ#^^NPADPUG&K*wvht6Na)yck>{r#cOEkM3=r`snC&#>9K@a?0tjvUj5x?J zqXyK3cG2l{M!g{qytv4aI6i85yh2oUtT9P0nU8~ zh+0TA>N)~^D5F5R@$vKg{jr9^^c~-OgYyf_^%`pYOlo|N)uT5;<{q%BwNo<%ikH^w z>{fGzLwF*zx0;8?F2tfoLbqd?{zQ~AEq$AZ7nr)27a856lb>8G)Uqd8e3&mH0x*lN9j3B0*FNN8Gh+t9X3gq-naDc{jpHiWnNjQBiy zBgzqow(=|}3zq>zF#ym&9n=RtD*)X_1~iA-;EJ&x-KxeC@)$q3{yEw zCTT&OtTIOVM@(I5aFxOT+;K{1vGB9H zAcW$?_ee7^o4dc0sm7}7zT{%xxf~p7@7jO!UENoQ%Iq%QT=Zr^Q&cpM-_K1p z;c+nXOL8c!Xs+jCU=1SkA>o!iE)do0dFd4tW2g`rWSu0}m_ zU_KpUvC!;pChm$E1a%7;>$zEf9#9Bx-7=W*0gIT6OPxo8_1>Oc7?#^3-+Cu52p59! z118HE*)37sr1QP6kV-(jg(U8}cWCcXAiT!ye0|h$OMdDFm(_S6J;NGHS= z)$m(K@{qCHA*}=Ex+&kdA8Cwp{#Y>>+= z{_tkI*gZMW_TrmFaS_+TLlnF1u!%o4`CjuR4SaZ-mM3h`Q)<$6c-hd&r}EcPIqFP! zK9*9V#>d1DBnoWv8QX5%cBHt+yXLnNPP*1nT#vV<5-MJEW4~+N$~tS8NwLDr#q*5e zN>L^oYz(=$4(%}o*4hhmGI+kDWfhE(NvYnO@dk@oy+VVd4%1BU;#2#qDpR}G*Y33s zKFzs1<3Ubi+=1ff%jUy(4e^%|E8RlW_#y&fg5;2sMGR70x5HMamYUn;IZvhfW>EZ%D{YnAy_El${}{d|M(eS*# zRmqub=Uv-WB32sdOFhsaAkNFY_U5MSjVRsK*plLuzr-R`&L^FR0{l1a-^4q8GkSkRJ)O{xv&vbX1&9#KE}}%1+qhWN=IS~59#zv= zheJx!&j*|bZ|f5myEnH`{kqWxtw$Rgh#_nosB}ybqQT#FMGZW|8kE%Omipg_i7>xf zZS*bSf;+H$rgUa+ng)Lr==S)&>PB>cW203=yP_IiG6NsYR~I0wlEq4OTJzf2r5%Wl zr7D@RDHIh=3Urm|yvod223Om1)6FHfNo|}-!MrHoW$IvH*uhv=ZO7e<2>r21#b}!3 z0orHb11NV?AxHdVIaT>SM)8BTRC$ zZc>hZ??ObRFanPK|--GR}leZL-&cWh3DA^1{zl?XF#&XWW{vb3hrg> z(f*!SDJSUphg2V{);3E|0sXrpJVty>0g;SLTQ>nOo3o@o4#dMdfIT;CKe9Qy8b+&Q zxKX^8+>x;ySG3{_QGCJLH#bN*0GS~zr$v3fx<17OEy>LmVX@_su2UHBHA; zn>cHnTv?)8&@`)0sv{8xgTZepyoSU@cv7nXYZpk>y6*(mZQWm}7zu2gx=X`W_Ec^+ z8~Y>Kco*-<&0@>~A9L*43q;?SCj9teaXyVFTGigkPV=m$qHPttKLkw2-<#f+hDTn& zN2?SH55JvTTO`gd6+l%H6SNu}EkaxiWZXzK=_Adk^?j9lOt;XLOHT|$=`7g8RO}Q9xxBN3~>|?pjwjX@?b7yCEMp*Gn|P1 z?Ar#G%D&YZROTvvnC^Gu=J@qhXFMbZ9Q8_{(a#s=4_br&TXu*Ol+XWoZk-Oq4o4yg_SYsnDXnzU8as}E#b_~tV-%(H|1AwSuifvb0l<;%;qIb&^q&>M7&#(W>w&9i;< zz$%26YrjL{2AVw-@udD*qX|vjn>R1 zXGjA_B!=;NuAdp_`?&i1*`{*MALSJU5S@nTu7Ii+uD1^hxr=#s7(ZxIvi~olmgf68 zv ztr*u;>%Dq)nS$*iUKI((@t4Y<>BB!<6XNJ}rmT>gW9Pvn)@F;Bo%}&l6%mD1HWe zeFz!PkRzQG39m%dxbRf-LU(Y zUC)&IL;+^kox1SFo(dbUZ$?@E{B=5oLqf9wEG_0V@)aq=4YlRUG}Xfv@~m8#~|~2Xn^7U9XiEb@wgRf!7i#^O|Vb( zm{VMW-b3t4gyUF~3-}>M`WS`(QSc?A-$@@ZUHN4}R_?{SR#zPv&VVTYCT)!r@0FE^ z`o;*_vSLFqv9t^l(dV?_%*o?~qUOIN`lX(dV-1JULYa7TofdUkYks7>tu1`A&Gn=h z2x*jxk`QxO-k^6pW*D1u0h@I<#)}F1W~=Vx3jASt*cendJHi& z>1xJ5`o&pMO!@3mSkb3u?(&@nyRH2VlDk=etfEUuXg9ieTEvgZ>_*H5DI5+R-p`D@fQ^z+0)P6}tPjxkZIQ3!j5M~3REpzR#Q3yW@5fJz0 zQXkzAyn)Tb9xBTu=^{fm!;f$%k7?PBX6S^EHybi;rmkR4aYJ1M*xd{Gl zM(ifgMFBuM{0^!v)Zx?m)TID`*4`7q0{x(}aRc;1NaX0qHAPtjKahrxMjmZzz|X5I zad@~Vk}}Jot*@&#BP04qZM}T?)Fa<{8em?&nqReAgiWJ2Nx$&c_-Azcd$OY=juZ|u ze5Iq8|3;G^2_}4C%6(717tm2cgungIv7q=_!DD3@|A=}1XJloScIMw2L1*716oR@V zpgB%|*<651WsmPnR07rlR3QgxokzX$;dI6A%l0dd^$xXqHF~xtMXvQ2RzWvH?tr^n zhu3Iu*Jng}cnPV|tH{gd&CFkQ-*0^GKOa6|+qG=JWG|FgMTKK@4Ho}Z@CyZexi>B}gYX8NPM)8AAy5yt4HtAa zeotAxvq~*aYGxWUCb#0Y$h{4f7XbOz+x5$>*M$Q)K)Er1M}>8Dvlod69LWQu?$s1H z#_%w=MB#t7AEJy%IXD`{O+0r~7J>@tbNnhOa7YOAM1e>?oY9s`oDr)EWFr+8gaW!e z4+IR=e$CzlAI$QV7Lwhml?R?W;g9WCm0OnGDQMh?_%t!hj%8&;pAwx<^gg3~=`(fx z5_(*6Za3S;e!Xf%;Cb&RT75$9Ij0&9B^he;N z1Ya~5G#J=fZ2FA_qoP{ct*l|$|JP6Jej?0;nM}L*n9A`XLMqe?J71_>F_m+Pil?X? zIm}HAB>8p#=j=J_3z^i77kFn~z6IFeE*y)q(=@rTd%Ip887qJPmFzU697wIGsZtVvji#BPNNf}| zVGrJO%XD(H3dl;T$NxRw>zP&~d3JdYd8ec0p>VOrxlSyDC0wbZhW}esv3?OHFHUlu z(6mKPr|YUe`x|g>_)KNWFsr;BhD_$c*c3^S*kwz)u6A?R8WpVYHM-Ab?9ZS;on&Y- zDP~JhvvSzpG2y-tUi|!Wlcol-tCgABunSoE*}DB?*TH?|aGcsYlSE6hYm-;_b-zu0 zn@`_1J<7yToueF&6F3&!NEnLo_eF-6++ikks+;wtNC{|DsH_tuOPZ2N2}O7qWQ6R7c8{f`VIXT}-kt z;k0m{_r%DFx>wFy;FuLCt#B%pD16;{wK)vFSL!zs#rn!`(9GF>fb7N)gj3Wl?@xNa zF>vGMe5?Lil_ZXPNi0E#9@^vM9f3{C!Nf+}y#6pyOiPA?pr&;UjU%2)B()pSR-?C{ zHx-D=P+y|3sG5U@-OIulximn&;?ZGihe4`=H+3$;c|I4IVAdYrw)@qke%^g$#lC)C zXg9psA?)YhcaQ-9f6!BjMxw7nt8M1htB$q#$DfvwAT&dIL1zYo@(V}NU^#Hw<4C{a z8OTzBUk>JER7^s5R904yWh%b)w;BbWt)A+_tE!~J6VlGR2m$2TYrF1RIZfv!>?Sjk zy^D$UPS7s<(q8q_cU>OYS>0wh=cgauQjEzOAWOkrOlUY|nmvQnG5WrAx(BlBMm1H2DtSI!sad&Gt_X3|uQ&P~ z`dm`0|;ITGFctF2>P?M;aT|OFP#h6h^LgZGgVs8SO-3ihDOt&}TEE zR9HPfSpc={N?b;#q3*(EoaT=q<44yNH^C!Ohww|x8kf%^-f8ZSS40W7^A&~sqI39^ zD!pl3>uV}qi+k#MftDGPoX@e zeQSg&r|52&x(PvFIMwLp%3I1dg+sC~t3w=w?Mz`1Y{~<{EE@=#=XFOrKbD>Pd{_8h zuybt_T0V6b?={ytn(**LS?b~BWXyzIoB7_Gb=xa~tp{}8fq}1H3UDVkM!Z~ckbD=N z^O9DseYNPPP!q49gd=H5#J~{ktNqTt+FG0sr~+^~EPG&$!}*C^m&3|@aO8AMdn6#I zDSJA4a3G?Bx9zp5&7DKQ%?;a%7)sM=jrnMmV{=2J1bK=FE~)sYJXM*w(l&JQ(jE%x zhjw2oCH;7s76gyB$XZl9U=sNl>eN?N?tbRB+r9f{N@MZ3MNPc!W^>)yW?jXTB$bsN z6k)uH2n3vk44UR%4_(F)r2e8`M>VYp#|K=9nD$|BP+nbTS)p&{%#je0#6O@3U({+!X~T)*;5*ULDkd)2{k2Boluhw4Yc8K;y+ zbjgNAs4LStV~?XG)nTS+BH?~hR55n>OKn91iQ1Cd9bHT-p?30t2EQ*Wys+ZIYfHEH z7E(OTFapU2CVDZMRU(JcnD$p#FCb_iK*YJ2t4SB{r`OGp=^S7W_LAaIEKbdmGA|K~ zRFWhNw|1{hv-4TwJ10r%E_erWib`i>GG&|js3B*3T|@Q6r%5*l6tcbK-GZajOl`S@!@z(LA`=O&N3!oz=>z10NIdpHtX9L?Cge09&s zC}AbtF0+_+04ztc1yn|~Nxp{8?tY#+6Y_TTInB~%gAkP+G<=N_%CoO^FiM0ku6C|J zR?(xTji8Fp1k7LOQaE@ur40;f;37zY*3~N6YRPsNcWLBEiU~eCJ5b&Z99lvi-d@|70{9E94ll{TYhQ-)?pmU- zNc#Sq;3@5bG>n#xczB&yU5l$CNWdW@IwMG7hO;?(xpHfLvF|AgH;L7!{5?xril{$0 zYVSym=-YD~E7R905mkVh_r(uvd#h2?LPQNADiLSWg!xK zl58`&)Mh)&8Rd26Yzb~ZMt@t5jd$D(k#Q$`4oFou`DkA&Iz4Z$Un92UNbd5u^XyEX z17xnEC9iiDi{<%!iKpJ+kdU$W;$j3 z2{uFq{p*lz*TXR5@%J^EWD@U?kb(5|Qt_BqMHw?A%hUtAe)G!h9#0mnf791`V(Qe2 zy?Lz-o9hZm+iRI;7iwBg)@*9Kyf!dRbYiO2H?ktBnHNft_N{>LbuO1sK$5#suA6{8 zYf5oiG|q*GOSZrn^)^akk^{S?u=8JNQv&s~LGV52)siCaVSy-9rkZ)%l<=Iait-}C z<<4!cVy9XM;Q>VJn8Iro8(4O$C}*urNF+Zl{jsh36^UKLhI#XelVmSI2bHzHyhP)a znR5`Lu{D`TNB)edIx?p&?c=aA1>z4)w-`#?#F=ZR4OD6}1~TTPw5{8w#M!ep6|N04 zvR@`9hNt0KbO0eD-BAzo`3l(W(jbFBeghr$F2;jAnI~Or$Ga3>I`c#kbM^je);1+{@8>7mJN+#`<)~dB!q<}&W@oVYq2z3qxnr%s z=CgXOl~O5{zyXb(yGE4SX(pdMYkmosgtmr5wDIm{CiE8bj2bI(CFkdO$ZwYlOS|5g zi{6Jib1_QN(-{`aCDq^2Y<^f6F_FW>3c*%v^%~A;!{7H~%8$198q#LJdy@swN)#wP zTo-`UtP|Uw8MCslXJg7szSFt)hkBDq=TCiwHe6TBd(6$plB$|t2fOI^ULN5l==S8g zip>AUe7Dm>TZofFQo1kSz8z?eyTVBvb!>&tS{Ldo0qEEdfK}F>9o15x8fZYJXmfVLj2fZwq!dUZBQa| z@}%=mZg6>$$*`%v#(3YT?{mA@K$ax^C3wobd}L+iWs==OU#{6kQ(3V#3~*ITasZL^ zPX6RQ!mlAT$ur%Rd++9Vq98m;4w>&QVgy!}s+Ix`Pn=Ovy1_ef_8N}DqGH76TC!68 zmnVyzg2lTTKMgVFb-TJf^W#bL*%=}#t=oRWPvkQ zHmfLS&STdm7{K|%<#n{ml#H$n;WRO#V_Wiid zBxV)S*0~l{lFHm5&Vel^b(Y~;p5)z&Ter>O)%?8%uG04DrhL5ZWc=~%*{?Ckn*AL1 zh9wm>d8eyWrxK2vhS6g8^Z767eq;i%e$+g@2+^YCLv>k-ti>1_ft43YT4wQzEoyM> z1G*;;s#LbM!r<>r<+KtaxG&W%X3qIwLi|7blMTmXHdJCuOARr3zTO^O_08h0ZekJJ zK6)}w*Waexw6KGqL4&HS2Z(E7-{`HLz527wLCzP5`*b#GzDC|>pxqt1gR6hF zo9XEtuV%0b_*$hHl+l1@4|}M*rSwi8L|uOmVbqqW22sF{`ju7+hS zp$OqTUFJ_FuCNlPlY96V3?RJRwv7Kkb8*eY>jRDz@fB-qT1xI42RQUv&$QMjKf9PA z`04cMd7|yDSRv#Kj(;x01*#iwi@UZ)RG|NB4}IljPiT6iTKWmA0pyFsHJS+ZNrFA4 z48vbpmnv*&(k?Fd+I4HA95PBNAgzo=~9JRl`Rwg#Z&0%C7dO$2#L+=@8uSg)3V%TzCO}Wd7XY+K|PBW z!v@@+{p8JCgER1TbV9}Pd7(|+ZrHMEm;rGevSor;x#1)<3uXlFFU(pHrI_|kkiw+R z5^1iJk%jGKG)Fz;BthzRk;$dSw$#PjrK`UeQW^C|B;#6ontxolO>)K_QvCG4b~rxs zKA|CgkO+e|vui(~bFv_&`|*Q37tU1^%=Y28*yRh%8J?&+!>~zd4ihgqjE<<#BV*gd?8JI@WbB^o z1!+~MFwr#xw(|Zzx(KQ(s3n5&zu#!4t@uwoKwndPv)!NDjX4eT(NESnZ0(0yJl6Ur#XX3w;arR5CUgk~)iP;YY)Qo;rQOnZGohxjpag9XzxrOEHTTIdo7SDpJ~sGoOMh;uu{n+3?)%5@ zGaJNbhX<>2$2`klDT-Zqb9uV3GXyLVRmqxr*GIcgkvd2NRc2%T-{3N>$iOhr-}GM2 z*QDzTa%@fd6MqC$C)duikj%PrN4TuEhO_Tbo1doyf|%?8W-%of=Z!PRAG!T8!NjzO zr9lgwNod-DIb`?o|8e$~VR0=>*eI3|Tmr!%!Ciy9Lm&`Bkf6asa2_TJ~a_t(Aac_z<;D)3QhQa?@=ISbZo2A;`cP*tRJ z%td3M6BeNXYtw7O#{`kmq3emyT|Phel;S*VVh!?6eDfYb+~JyMB4`gt2qF!L2z15jrX;1~ixu!40;|sx z#FsTGTiGgPEg`DT%*+{`B@d*gdh-HNnTLt>`ICwG3(`Up%v5AeSHXd!SpH5g4%UvC zB+Cl`FJm7z>7(?5H}sB*Ehd$neRi;{l>?2fBY=&u(ac3FD@;pwDdo^9>`I;MzO>1O z5W7t`(%!n>p8W~s@k4`Zjg%#ZNBGJ^HCT-z(U%M+B}-^E=%Ukn zuZU!r183E~6?kTT?Ny>)Ql+s3&MILpTCx0_*aj*mFJiZ|2u}-m8@Wloa68PG(>go| z8zbyrlYlj2+8rKeNxaAFdyqDl%affv{Wqe+Z=2C(?B73!v=d^qBM#28_lc&fJ|EH= z2@oe~pxbJHIn+<-j1QkM5}-RzU}rFrDznvf=}s?nOuMWP?XW>?c9sM^Ist7UoMU2% zOc_qA)Ee{+7SG1lq+z^d%WF=ahR;c?Ug<$k;7l{;=#(?=n~@5z1tx7GN3j|uzcDFsxNKrJhm9D8Gu zH592zKfq0;vXL2OegFDw@60|tWxL_j*gqxw^21u#vO>ct$@Bdzav>H54wiVeM1I-KB&pzz=aUGG)^;GK6a3^8+Z=OJ(mi~p7LzOABpTQi& zYyHLKD8No}F#Jss!;-TK3mE0|v{)RuwOygdtE0qmSiAH>?ebdGx%5#`V;r;v3FJgH zvbvbC*sO0bMM4wTdLp;|;4~;XUG+7!^Ops=;US{U^E3UNWk+Q|#g#lT0*TY5k64$Y zE(m!%Y67d2>=snXn@qa{;$@e8X$^M5TQb;~8qk!_Rfy<@k_`KsrX*)&-Dhm)*21&z z__RxMc-n-BJ;VP6PSL8{vZB7L3y1X%(`t3UpHJroN{q;ZyYANZIfSm9jR}v!lxRF1 zZDAQ#o_Nm%2v|2F5Q~%J@r2Bt95{hyY{&L%ml$^!%wuJLM-9E_6H4sB{@tFjPUv(@ z{icVm0G=4)W}q$G><}Xkup9O3M3{EU)EpXu7Q|$%D?ffabTxJz;zJb_k#Hj*0o{P~ z&UmL<7XsARE13Fa+?FjB?tEG>*2>1%&&GJ9fX%8K2BA1(G{GH%FMXskNc5y`&-~k6 znyFQ`_1AuoH|fWYWY?qiyVbB0lAGD}BC_wP7=zm9V$Szo^X33Dvgv@DI@IGyf}{_*Ad#H59f}mr?7e_0M^(L3eL!6@Fsg z-2;Y2{$H(i#naA@N0=c+M_9kB zTpi|W%sm+=sDMA`b1ep)Nm{G}_wU5Y8`B4VOKvq+)3bH%UgU9KD7$7wGpL_9PhT|H|qK7yA8| z09dCUuAOy(no^CLuBEs8?RhMotQzvvS}AmkKG+efJ}vDV=lh>;rz57J8N(k;ml}10 z?~rA$4nkcY+BEbxs@wf;whx=-(>eUUmy~eDe**dtEh9PC! z{^CygRs$TJE8Y0veqY87DlRDZnRtR!ImHCluhltL|~A+7zdwBGNHbN zf{fMq??`O}Bc@o(&zs-{A7PLimjkVV>gs->BOzz6V|ci&bPzf4((5#NlF2&y#EYlA znm2bOuu^~-vhtYO>K++c)O7Xu_>LANCiW8vpSm=I_;-jHA2t8$RTRP~Jd|@%gqmKq zcN8ob-?h#0v2iNn1R3rxKKxc^pYe0?d56wV8DoRHL2U8n`WXhoyASL?#Sj{Yjv|G* zW*ro0r{()#J5*T7p1Rd$rU$LlX62)lYryglwNyh+FWg@aN3dqnjP+`UXL=$=-E&{t zgFQ01JY`tUJVWIM*K|NgNJ!YnmTeHU$(9k*DAHrnk)t^e9i1(CPb&m3qOl0*;&}KO z6h`icfXM&2UtK~joRS$q{(g6RY@b3nCDxxJc4EW5MC69yCHPkVZmTPkb91cHaitDVps069A*}8Oy1W@>VLvJnLFo;sed)?+L%4P#lBkxhk($g zyuik*;?kJl8Gm5lb>&sUY@6(5P5`lQ6z9BLTj`PKMWbBx+sXuIJiQj1LGEe#dU_*h zY%RaeMny+cZQ5ps^3HUXlrR+%Sxs(EH_}AGOQQb37I~B3xF1eo9F?*PWqzUk*YY4* z>oXAlxADlI^CTA9H$nszzCXFtd(F=OWcAEB507Muj-GA|er|GP;OFNbuAXpnIUDA6 zeYn|jUGXQNXJfl+7&=^RCUXjqo3HvVVhJWw56IYx$DS~N-n;=KD2?EXQhTbqU^F3w}XLRIj@en4ufnP-MK zloM4S9I?KA6q}|u;a|VCF|Y*ux6-xCiceO4jDpa4-7bJ-QPrqoG(M8elN>5!= zowhFifRjK(pfy5pDtS1PVY2Q=;nLi7b}%8v6&rcaJ%-B`rTyA`GlTshg_@(t( z+wCrs^ZrbGhOqk#@b}&bvNK5(i^Rml-gz6yaPv{yp!-p4@5W%Qv`=b#7DJ2B1G}`D zuHWH^c<7zku=4rVS(@tuAf{BxWe*;|b?-yP77&U8u|?{|Dy~jFuXXzHYyQ^}H$!wI zI6*c^tEEh@!Ga9oua1uwHwF`3k6Nz)0tMs>JE-p;9JF|lxLyWUm+UV#Ckne?Rv7hS zK6S6&L@AAL%}w8vX1yqIC{S|T#gn$&El=ve!OX1CwalFBc3^1TA;%W` zrE4eDCX}fl_W6<&0l}-gOrggx(fMIOuG((EMYn}J*?T3GUZA$u{Qf36ae3cDasR<{ z(^$`*p%=&b{)V(uZ(&50J7IdlK5^!3+#_O0w__ifYUhsyH6%qOVRZ`>y~Qn|(se0n zW4OPrBGov;$h3i*zD+tCtdwpEHs~p-P@0_Rh_E#42hIq5lx8;IPWUXD`Om?WFvl&)Ser5BXHey$gptEW% z=}40;bIZ+=ZuX%IEYihKTu;mx!f#fhNq~OV)RiqA+ThrK;h}jjo~IymHpGQNFUdh9 z8oXxP!`}-V?VN%gU*gqipJ^Jp8#b=EPKC~%2}t1!Z~gdD;d%gtWNPTS`YVgx$5~95 z-TXkRh3yuX&r}#7Qg|H0>x1uWA)!>`2t*9qG03tXRdt`FcUYdf`zZUPr)hMvHjXmj z^TE!6P8|eQJ$L4ov*j^u;<6OYkmRvcW_TrSazGV@bz=0DT~Z}$>q1yoOL@wJ&|0W` zi|z4iWGwP^|4fASkLS`akE&ihUfMkNRQ!U%f35%D~~J!w{0C;xnKm`8X^BrCiL zso*K`72T5fLpjANR(e9zl`cb`;MVWfo(J^Gp`{Dt{CjOshXr$a!A1!EP+;Yi3_rrN zXq9_!$`Ce}S;cmXlF_t|E+i}rPJ)oxPC&VE#Kf+a!fr2E3krVj!#rGX92_6--}X3{ zR{o--)H5+LIVljm?}v8(90RQM$U>vT&GlO3y)GVaw{`(Xv~j>9x%`0dE(f0B%YEe^ zb3K|aB~9WC&f*z4vXUoL_(S?a1-HSE;+>jRrG1j=`dIb7xZ0A+zS4ltAL1H4UiQOs zvlMD_+`$Eu?{(-a7Q?Y@=?kV#SZY$=Uf>&+zCy&-Hct!i^G3y z4;Cw4JbuTc^!y3yF;#5$GPRw5IAAClCA5Hn@Qj4h2n-3{%6yr|=BKX<;P6&7zqXFd z)+ei*XWk;BxcllxENY*EtNf?*eVt&Yj#hh3j?*+g(T= zS#;;x?b5s?y+)*JmN;oJ zYi@n{(1ELG5%Wdvps1**!Q+P0VyeWvawp>#A()nlDfE3R&rLHuC5yKwdWb`dke3M4 z5WG^PlM{~ge9NB`rxIAt(#}-DT%8{3{8{BQC9TsW*~63rp|u=v3CXWVSCmx(*7e@{ zw>O91Cff~He6n6=ARi)N!X?J^PMqbHdNfj|dx1PMN5C*N>A_6u4?;5ziM` zSN9pJPk>NntP37>O(u)l45gCIdbM^>oPb#Gzd|`kI`U{o@rB2yjjy$Y&j;qZ<|hEV%X#V80okX{jyF2E8td? zfm=uy=~LWo-B^{drT#MqFU}!{Z~0m5+QbF)h7>SFCIT_95gb)S1tRwcvuCp8sS>B@ zPA*)Ol!WH#b=HgT0JyX@l70rVYZ>V8Un#9$%C4xW*g&HDdVEcP zbsm86O8U>W4D_qtCp9${P0c=So7Tx} z^EvBqO83F9M}$3Z&;V0|x}LmRB5MnW4Uw?dHB~->XlT%Kgy7+8dip+y|I@Z&C$Y4c z9|#5R=T%GepPf;pk7f*FJAqJJypkwY)$<*?rK7OrscpfQoYARR)pTG2>MmSYW#*UF zkx`l8q-igXFfRkK^5~M83x+&19*(MGjW9*gajCpWN;l4yOOWr;BBa`<2bWp zK6_{BjuoOAz~U7i%$D+8*3*vi(zKwjy+4XGJj`^PVFWxQA6orS-m=s6=zSP;qi6 zgV-U;vRo+Nu_#X?E0k7r^m=>MoC*$avf2cRZiMBt#AE* zht24qXhWyPF*uy)aX66bWe_oc%o`sc)TgQ-xzs6UcvNp#re=qwI;ZIUi*)j|zM8)H zA^n!nY=uO6)|svlXeQML%6!(ir%|$;NGcBj2PZ9RhuceDSHUxawxOB!`|U2ADYgaa zu?@}_dx}>_v(BqdQTqWw#xvLEQmp#@w^yN!j^7BFydc3d`jK6pgn~x4`wYs|?w-Cy z*Nf9LPAy3ai6MPpJIu30*%(fN5j#oMgzC`vFq%Uze>$n$L+jQH^$gcdqTBNwziz`5 zVA7PeEk{PSj% z#|8mwx+kZ{>TSpdg9Z8h$0orgXo%n_x7L!Q1~92(K}S+e$Vk}OztayQc^2C|@NscF z0F0Z=Zs4mwsPZzjTLLgJE}O|_4HxR7bfyI6;*@kl2K^m;F%AK)rNu@Bn(r@^;Oyvf zf=VnFx7=8ho;mCreMp)>zMN4yO)d~x(0_}+_1gU*^rfrSNrk`>#C(*iZ6~HC!4DZL zW^)43@crHb*XXYVmYTZkD1@G4q z9_|e$8NaSzB?5yO^frFe{Zr08`(_ET!d2W2fc{z3TVR}LVBx@q5q~@=f6Q$0WrcCe zL5D~QMWNpL7;tbaZ8d!M@uCr9Ubn@T(cpG}wRUxDnx-jetU4F^$g zfJ<_d@`X06mVhv&SC*r@<^7)Ob!_X&*X`dw;KCQa;ti^*Gi5*xn3X@1)EBZi`{3{S z$}AeU`hWk@CQ8j$D5=ddX&|n9Ei=a%`qR6n@!R6MnOPwQ^a+o23=Io)s z*nv)zp?1%im#}pXN*8ONk-QiwJX*Wlur@@X85ot?<_4qZRIj!=l=YXF&nYI`BwpSc zj!}BSeL^6hqC$Bm_lubL9T0$-PnVHRGchvU95Sk@sT)c55K{CjH!IZh+hOTZ-=xEEc5nwhpOlpFp+AN6cMm)>jYiSX71 zd`z~H`nKAnLwHrtHdOg1(L!gCkks9OtG&`nfQI$WQ5SCc*-@q|;hrKz2tDOTKftob z<50A1Z9J6nA~M6Gr$(|ZeR@A! z_7bendA>d72P|D2FV`0paNgfOT6Kw!i|c{_j7u>lYws> zZc?`K1@3rS4%u|HWrs!(w)=r^LMQHQ+M0(%Bf%1`($W`QNrWyd&#rfw8k{jCBvb2u zKaojZ`NoOi-6DL>`HAh7(o!k2Sm0|(2}#LD0949GkgfnB>=`I};R&(HlDmFCYJ)|9 zpq`1@+4(yt)1OW=F4a z$%GS2m+Q6O>5}4@Q{6dd?4@XoIMj$zc_*!jQ;aB;DEt!^BErkReU%~B%b zIlrV;%*xKro_t2H^>N^hIXN(st;dX%;1=u$S%#9i0zU}*Gf|G0_%?&KmbNmea*bp= ztlMVIm%gLC+=fCRYfg%aiWfsl>0!%Vtyer6DoEAo2OzV zdsN5zyVgAV)c|?a@g=wr;_VG5>)mnj2rz^~cu)M~UzfR0iFz>=wu+jXbh#bXolZ8% zM4?9Y3v_hH7WF6zsoWcSvAeOVmXwru(iA3!oZ2(LLi2eQYLwy& zP=~{k@c(fg>Mrt&k8F0g*KBHSWFMRc!5s+nmr0=tz=jF4duAyUypD8qfDo9^@tL1 zgiKjy{(a%SA`jmI-s+=}+9%ulTc-k(fpUFb-!Y@$n&9 zsKu`}Fafd|7uqGudJ+0{^oL|1aW(Ukz5~}sECZZ_dtD@R1oh&{gw;Y{`)N37X?`Dg zAEal`e0*Q(JwrnJbd^z&H&j%m&d;LibuWPb1HY%Gh>L+l)5Oi?zU|n!LyFi-l$01hIrDSC2{gw-nf>$wAiye z_&ngS#su$Tr9nrOve$fkNy}eeU}F9<|!xk335>j)llm5JIb+<(IlUJTO6I+awh95j<+-8s+%SuYtZ!h+Anw`VP z$3Lzr4tgB7BR};37gs_~?uBl%a~{xA#1i}^oHWoEA0MBHrB_zrz(8eZcZ>lW9fx-8 zQ#@WHKdIH*w{cNX*iVo8?j*NKJjJ(71A!ZiwGZ@=&uJI0e$kmEM>f)WJ73E`CI;8n z*O#7&$su)mD#AagMz;vf#>47@%ewdoCQ~q~Ce@X7TX9iQ;KInpwzWH1tkY=kZv(l1 zb-8cH%w;-6DB!pa9J-7I*np=`fZGCe(sM##W}wxlkvXrjeQ))LSWR7h%G?!JiPYeH zKrAjUZav?yk)VA&4ZhcytG7{hacQ8E8&gNXDXwLtLXm{F=@&h9C z-zleS1u-%2X;GUq8zd)B3V3*UAQoDT0tRwj=J#a`R>%`@`tJp;4TI~xAsdpDEBFQ7 zcuL!teh_o(KzB~N0`UVDSgK2{y$Q**MP>iUu!gbQX6Us+x>jw=$L7qSKUwX5#?$ZN zcTgN=S6tG&PWM0E^4Poqev_MwSEBIcaAbE{9x_N<3wa!P${A4xtn!+&yWVs3?k!F5 zR68r?QYid^gW^}RF{Q38yzdBlBjxlp`#ufY9wxuT7op|Im^w|vJvO36RSOH2TjbWq z3X$BQrXKQ#n#87C!RGCe`Mn|rAm`%>K)64aV{yj#gj)LR8!MV&BUft&d}>eTSYdd;x0GOs8bzWn$(^}^_#40|UZBvn;3xgb>) zW9Fk&YxE)KV)Dq@lVlG=pe`Bbf{C%MBR5SYM~4Nl!Uk>^lJqhmKgoKW z7S8j*d>g52Fqf+t{N6pL-pgoEOSB~37U=lyR`7F1YeKGd{?5Is@FgZ|U9B=;hWPTl z>{G129dUk?I{4D-nCM*Lc09^$3k-;B^Fz7W-$MA70oVP5)LBZj>z8#c8|t&%RH|`^ zUt`@%ExQM^{2lrI>+nY0`F6p(gndh>s%#jUV8Rjj5$18)PiHO44#V1uRTf!+K_5kc zz@~IU8;F<9n^F5_XHx?WJ>_ve3`OkZ)0Nf=H^vgq+` z*WrirYwHJsBlrcu8hmZQGC3&El6A-#bY*6{y)BPXAnx#wpb5W&6~;mLzNl4-h#RuQ z@S6I*2Xe*$ZL<$U^qoD%g4}@@xBlaF>!LDou zMKHU(f2In$RD`@!#$k;qZsa6~h9T_o;B%vW-aOXOMPRM{#yh~E=oeT4+h)~RfyO5i zN#Z2u<>=y1E>pv-5nbtTsS8He?xeKpeT49=^eTA^A63puQ~&eO8Rwf3^PZo}ysh>) zbRDEQZ8dF_G8mrU#t1CBHcgP{huZ|$A(z<-(Z#N52n`D;nMPPFXB)U(ou90vLJnW= zm`(a5x1Gq73hIVg*sQjluo`J3&36$0vYGxB{`*kl>;k+vf1i7@z4R{S;~7Sb=jq$- z^9vUHHV0M|!Qq!~4!y41^TVDM>FpTI3HQi6?w6LmSm?j80Q{CK9`;&NU*Eb4bs{+} z>hLYY4)gEQB(e#*SiP^AbE$s>5+t_%TK%lid%e%RtZH=4F-}Lb?3l+h_tg?aVce{O zw)0ZqgWxf4z*hoe^FN-me&}s8C#guP^Z3}Ffn&7J^y%NBNt1hB`C5y|uvVGOFwcU>FD*jTCrh7x&8@i1S>^MA^ke znE}h^wl}yu*6YFnNuqvQ=hnJlQi9649bV98t+S<>t#x|pSOveqwl=m zO{hIQ&<`A!zuqIW92wyuKEcY1jhe^H<9@rxZJSdA<6gReyd`@wFJJTVls$<=F~;eV zk=u|)j$SXCd>QPU3DmJ4noSfQmUn0hlH?y5+kVaoQXBtE3n_9f7RX|I-2JA&hJyyd{U`a z1~(Ki3_#yc|J!#Xi#j~zXrrl^MXGcphv{G2pLohcksR{=umsmaU_-8rV}tz}8C^C7 z!(Z$re66%%1_|*n%pQGaA6Wp4cJcJJSz&qQB*hLlnADnim0ZDmQ(LaJyh%?k67GI% zw(4vPYw#cF;%84`>~yIZRm{1j30FP9z9VI^70#wM8r>S>;uaOq-m|8DvTggA+LrvO zV8gN%F`sQqsn0SorB|q)Cq~UhAx)`*UFB!hH_1ipXYInL9`2C+wzmCaunkA>W z+XwnnTg$q2ATa85PZFx#9Ov4!;{@HAHC6^`4;*ODMP}~ZhL_F)U70!Dy1#{-%>8F_ z5-V`!xqKtBZo4sM)oa;4G6VvJ#=YrsRW-E@y9@w!NWRas)6P3`-pdnEc)~}=J^6dQ zIOZ&lBj$o0{Jh*YSRo`j5U=|eC@3of@k|e_AwhDn0Lz`-(z3871R%hG6p^*MchG|= z1t;L}a`6j;J%d`U!jh8QmX%>oU?o@WH-Evw zah}zWc6e0xu3{ixj1Qv^!1HC54U`#TB zxBYe6i280Ci$T*5<28;pG;QB(y|YWDTh65l0UPVYd)lb~*Hn(K1LB#aVvTZKLc;9^ z@^hLQhnx>bjOM6K^|<=nd}2R>0G>&1KHCBEG+P$r%JdbRTVxYWqVFv zDkbH4|9=mUcnT|{O$)@Uo}k9lm8-tC$-I_f12r5A@PtE8ZVFNneF4(jE=C;EKKXV) zLL!=K;@P%VDorvojbs9p<4lSFi|q>&$CZl^UwuL1NMLF9Lp)Pol}rNaKIZuTjR5Dc zw=%HuJWj8qE&Je~E1Qf-R`iY)8@x~@!0-cI{*uhO7Uw%|RbkeC)#>BPbTi&rr?1O_ z_0*+8Nf)P1kwi~V^OCJ3XSAFI7OKr_4|&gh>)r5gM- zGp=1^sNI((AwclGEf8=!uziE6PB_znQD?R*=`|3>aFi!3;gow_(yY`k4Pyt`UcJ{p zPO#EPZfo*S;$NGoH^4c=^g_wYJf0Gw;%mR24QraLVdh{?5kR7n!$m~i;@(uj#)*C< z@sAv$c?`d0YG0pbG5m_E_5pi2p@G6|y3+B$vJ7yrnTl+;uwV_*vp-u1UxHN1az+LN zppIx^kt@g^9X?j!nj!$6;E4OD_9}OnexuoNi$UK@dq6lnP^@x`dzZNiaV1fd%NJwK ztlIJy%Op^BFtqor9$mAi3Vt)&s~6jQP`?_Ba8j=OB~En0|HSz`RB4#eBdXSo3~5Iq z^T-Q}FXrp70yNE$=x#lFwa?Vmk(myU>oUxl(W_6Yi6$RRsh(>4c}esBIcdh6DgvxB zz=Eh~q=cR^APj}YjMl;P>!0afmo5m;Byk(>vXic9!;FCe4PQl0#3J<51061J-@~yV zMrgN`)JLxA|H2|q*(DE}xg^pLc=S%{Q4|L@gJ218`*+lEU_8veg`tGCmP8zI9{upW zS<~hA%dzf+7k!)w!U%bpq|346?xcHdx9xO5(KUSnOX$k4mUs`8?~h;b1{2ii^lwj> zg*L6Kk1Vi2Y@7+m*QZPqgn09q$MTsfGW?h$MjHXr3!G*|fD$?6+CP0+-P%1q9t=sA zj%2ndk_614S1#P&WnFS4RW_ZJvgHADTdi96qiGn-oCRNs3+D-EKjg&T+6ow|k2 zmKH9XEt8*^6<)wi|67IlG{637>SCEWq`Pu2*zN$cj?ekp^IxSs`Bme-Yoh-6f0Rvn7 z^X zzVx~tg%UtG{2J+0XVa{-w?OREI3JFgIWOP19S!|}qaS$;3#^-&es9=oGtTgrLzNE? z$OR&=R@Pv-kXa5-Ya@s@kk;b*SB_omZmt(eSbw1fj-~#qSJw1j=H28x2j1pOJ)Y#A zV!|w5eEVHW2by~z;-{?@m{fgimmy|Q#ub7PfAKCWPi3ff#xu` zU_ui&`n=_gkRLc;W#i6VNe0^P@=I>(ZQ|~anpnbptJV(3FP}oux2!G=ni`@>}Q?m&I4%?`We>u9{FjAKgBjH-|c+trdE!k6~jGyXu7 zOzkBEey9F{=8eP3^KWt}e7A7r=)002CM=#7GdchSVAfCkGEa`3KCtPO&%xk4LStZd zaSEVXTK6U^>w0Q0L96GnFL5nlN}Ly2LDV~D^3->o-Ir+ zX39h`@8i3wizs$C@pH%2qg-uVi|TZ`i}Z~5myTG2m&!DP&6_@@fVMqh8ednzvOSQ3 z?>m1$%GT8H{;y?B!%F{{>n9&*?)*O=%QVq|37-5G-v75*$?y;R3fK?I|JNN*|1ofY z5s<4!I|af2<#M0?+1*5?tJ2#%>Me6gn=iYfQY5t_I7n#(@YqM*UGcw3T}s|KCj9sZ zR^SM*Yq5X(Z*DSYr?HQHc=<;r2~?>clbu&U&{aVdPuwM}TJs zz#Py90Op=p(E^i^bU|4Fv#+eIJkf@Dcv4@!yapI6ZxN&Ffq{3ul`U=;i~y^tbav3o zNlEGZ`}YT5KR*DHYv&wAynW_b-jxclu}w~UGSg+cB-PBN2@!rz*mNblwA8E3>cX@B z*{!9t)F*jm(n)lKzRy0}^vDu&@9qNEq6^I`y+`bY@%J zKs4bgdkuW`>F!mYu*?52o2w_9b=KdR1YK<64rQU!$fBc^W z$-u(ZP!sW1AOd1a0X<8Gr`&#o7Ypzm7u@Y5geO1!-%D;jr$;va?ccQkaMEZWs@&fM zr=k`=w!RL<6;14aM4e4)h?W2oNJ^!sydil>5aZPTa3sY;egR7UmM_q3jmk??Wm|7o zGxw*mIjUO%#(yC33XKeUR+s<1-2>GRnoofa|-^4*0gj1FP(+fwAp6J35Y`~ zm&mimJZ25_IF>KpWi7C>g*%xYylctyPV&#ET_9IseyBG0=fV!LHpR%K4eKj=ZS3Uy zSa^imdFR3)Z-@$8Y!DqLJrZ+U`i41128hs7tTv7A(fvt5O_s#m1>o1(ik++6r5@T)lN zn1pvVWt+dX2sFo=t86uI{&@jCD5KI$-lU8=w`kUUd_I*tVj%jEI3f>I~D#u(6k~(a>K|gGSck5;bh^-T1}DUr9*#qF|y@ zQd1*^(nP@_kQ#l63zYu&=~EZP5eqc8nb$&ay`kS+xebv$VT&k)R`Pn1C_ady9~kT1 za_K$XP`D0C&dS`o5xoR2bDoUDCyctsQ(aC|dCB+82rkFg%gs8Wffd7lyyU)#Xx&k` z_Q(yi;uVXp4H+0<1Y*IFi&OgnW?gzl#%!Qs`MbYv!Iyisem?6r?0;q45DdrrTrLf) zFB`Zi4%JwVD{W7SXpKc8$~DYbZf<9c<}*j9GkUnslOHX`1mgxhbwh>KFRmA!^?JS^ z#dm^55JCqtO1>SgEv7+xb4cVpM3)ZgrwqY}7k`%Fq%YvjzoTx+d@0L{1XSo$#_hJ$ zFyzhVA7&nMD~3#Yl+Wd9v{q+^*$gW+%6pEcUDd^Wu?^`RD@DuFT38N#wRT>b4f9w& zJt8O66bl0nXjEw=qmi3co(o8vB-m+R&$RyBl=0U_9bNh}zfu~Z@p7OIwSum7EPjr| zUaTX>H2*}`r|Cq(um-BU`igor<#zBVdQ72?eNJfS>+?!&n>G1JjJ-`6z8nL~OY3Pd znX_OLIECpJ*)&mK9CDBI&CH!zd$gS94rz+%M$mv;MjFH?onUvWfq}BN;g}rEKrD|6 z>u)|5JAjmnFswt;4O70@+<{P(W|9$WWVwRUEVM&NM(5QN> z3`GkfpHXk`T{!74Stn*FH6N6o0eQ%&Wj!Sm6MX#mc%Y~Gh6LB^oGaV&oSnT;QwK5&< z;ReU=waOHEP%h;&1#P_5SgeTS?#ZLE%9^yI(>?gnMbK@9!nZkJk3;3!@H--D8BT1si24=$fQ!+~0X}fA+LcTKkf^Dz|7b#6)c& zP8l2=Ox=_#KtJ31n@6}(%~A5CNSV_dQORL0t}M6iYGdkRbGv8P377Yyi(`&90r{1Y z)pRTh*EpYWuR8&IfsxfNqiGyf@hz8Dlr#zrYkB(M7ih#*6`X8+b%4urx5i)GHl2;d z#&1v7>Z&K_ouzaA_lANV6*qq+8?J2tIzv09Zk9A548M6x#}Vz{tQ=kYE3fQ$#*-)I z+77u-*m6l0P*F=d*C@M{waSMoE2cqpS!SgZeLmJ(LhxzeQ-!=+Wzu+0o7ok!T*fI5dW@6lH;5Zxa zF*v^d%BB59vl)Ic?vAX5R6T9W4trWIznw+iiW|th>linYuZ$8!KF>6Zl>Gz&&k*C79SfvxK6WeyC%E`~^)B z=@||wsiK@5`qEd2B)uPa*oITz-R@|H>Zn?;oc9VzKWpP%Nb2eD6P`c zow_={x_F~Ev^~(GQr|dQT-4zPdh03hNqLWZS%mS7m&?S86|b$mgh=^pK;B5u!c=G& zZyw4-SNyZ&E=mpzc6wCcpzQlw83)_3s z^EgFy{@Tf;a?#;J_i*yQ`K_e+7$FvmHGBOE@RdZ))nz+(Zqm^(@r}q(!*pK}>vX=v zmc4*3i90>8t;^zpu? z{KB?58P=5=O*4T&!5e27vnAwevB&IseiBl;0@HLz_Ox<8mTuie)7G7=IxNI^|0*kp zJZ{J*?S2vit*$`rK)HfkvlZXeI3_t+elsMaB-s-73vl-|bQxiaMoWyQwS9;hyfnrv zN!>fiL_M&J3s3&>H$;2JL;D8q#C(bO5o{?Zk{Qbf{ljHcN&IJTtA%*5<0~G+b~GdB z4_g+B8|y~t{oYPR#Wc+ATzs3ra(Pv3dBoy(orV`F`m^Jz{w0@7Rxh1kdVRF~9juz2 z4l9`4_}c~_Iw1Uw9Ue;YtAA~6`2cu z{asgur4MsTtX%y=L+f^FqwmR^IVl#u?&*EgHgyncj2$Krolm~-YO&HIF40?DwdN!q ziQEzd7hjxRb;<)4g`HIN|Kckh3G0k}N(~_*scyuPtqF zF(P;e#1&gQvQw#*6uAVI9>{9WQbuQ(U;62=bR5Ye+*$Zpb?<@taSUBstB_?K(&~T5 zf;cPKukfM0-9^ClDC(j|z(#cVgEggfpQloL{L@@3QPInM*9IDxIM=FeKXVs$gHxXy zJV)YVsSj;cqd9Cmq%zIeLe3;wavezl8(-g|3HAz3X@ltbdF7XGV zbLF(72yFXaw+mxOAyI3$yhSaO>->Oaooz>9>CUWZZ?InYVp~A`mO3XfsdC6I;4pO) z@56}p#q-?ROKvX$Ro-;lcL&BmeMyz(3k;MuLdPJ_F>s=QCFr6AgGC(^^4cJuqVv)R+qI zBbd~@hgPtoyXrN7W`6S99ldy(#k52BRasg~pLchttHGk7o?IxM;60ch|4%5&p4YHZ z>&i+^cgyi0ydw%D4R{SrbKG)}wJp%s>>*KAZ*Y5K6ew`$dja640NhuvWWIi-|8E>< zS@{J8wa2hBsf`Ly{FhTLpM%!k6yTS&K0}@Tx;ObvhfY|@F|)USAx#Fozhq#@_~dxR z+KOD{qRrFkRioejbZ>>J)gXz(k6XRL2CScL4>kH`GG{KP&&?5EyGqk0k49uwPn(>$ z=>ImjHssWxCMjI!5;lHe-UX{bEFQ(SY2H%wa(WdU+^AF@zNgQ&adq72J_jBu*0zF` z-z*i@IaiScu>8h8xU{W`em87q!wFXa)n9?t1!BUwV)yy-moIOOdtxn=l@|b|N34r= zuW_5b=f{SYJFpy#A!|DHT%%`Z-gsa@WsgiQ8xMZ835$O#Whxb*Mv;Ok4W1KpQefW{I`uC1^QLTGI9<=5KrmkP*wugckMtbLhsj`gUCN#A1 zh$KqXl?T*N2)^t8)y|Rjuy7{0=bBnT;j_o{+HHU_?cGEvGDm?@eM4+z&~tO zSpQ+EB}M&!<2ZMQ7zn)DzTV+wpT7J1s|@;);+EG*zFWJa!O9cb_{8g&NIJ6dtHCAP zq7oiCF{rMiyb4S&2pd3-&u`cz&}{DIQS*IyQ0ku zzRdsh5yauLG6*p=f?nd-)!s5dU7=?z5()cjbPWscvdPa(+o} z*e>6GmCy3->r`j{(DqQCcC@>CZUo+f8WyUyKEHanMw!w0U<7xXbCtgLo3)c-Sx;No zYrqb};5^EKEp{xmRG`A$w{`x|=&R_rQphT4J2c`v#8)-bUDS;5BB@a}c+cz22;OoV z=(imEGre#)>DTS;;@`gm`^J(hH3z+ztGAGaIpfq=5GXY}uY3;-Bmx`cLym28aF!mL z_A^^rx8PUZ0&&Ql3G9ODZYq8*@QB7?hx$jcCt4*vl#$K$2R=4=XI@;^DQW~1+-G#R zr@9DP;Y6BclxGkSOJ&h~XP*a-to9l@mYZ)`@+2Z7G)^UW7eo`a{9(RjRCKvKA@kS> zCPH;YbGcOBsJYpiM*i5*85H!wfwbKDU=D|zTnQk83=DoCX^X5vz&8{^x7#_?G⋙ zFx)RT%CqmL4i8FpY6m3O45)=Y8p@75w3UBaqz3G`l{rAJwGL(Pa<#DxepsVLck`KG)*^wbPn`;ql^wYL!>a_=g?xMcAjCaN{@e;E6!u(+CSTU>)A zxLa^faCd@haCdiif;$9vcXxLU?hvGLcee&^^Y6XS+4s9Ix854MYgN^nQZ>e$vpVBZ z&WzZh4o+cgP_R~#S2|ao9$ZNxDywl(2-=Kg>|VV>_pdPS$qpQd9QFBI2fo)>TA$4@ z%Vr13U5uBGJDYiyRO6mR%th;|jbTIdXa@}ETrz<6xAj);J*Vr=9rUZIS)H4aXAAe7 zVUr5I;Jg}gvU{qgagSwZ8~6TwF*boZyqRMgjg-77`--1LJl5pli{%EVcZSa$^I*xp zk0m8fzyW!5q;k2w8;Ic|QrZ?U%^9mN`O6LuF4fV?A=j8VkXnw%4`Bq%aWib)QtQPw zTi+HGJHSS)31plE8LjH6l4lD`qa zY>d3elSR3}yR@sS_V%Suyn=eiR$0;6c-f)UlL5yHd5Nt$>hm1WLc#-7otbZ;So0!% zqNZ(*T{*yWaUkl{ik_?FJ^zl|-a*iPlO2x*x7YV?u-_SdVIr#Pr1phV^L()xqI^g-b*Hle?g2UyDTU$1@?e2^MAe_`S1N z?)`Irgkzgye8^vuSKnt?mpAn2cWW5_*9-U#4pY=jGNIbQz?ocO&(&wqj>kFH4s+c< z*Tlly4F?oup>VaRxcao>B2-B`)!)5WPGnym?ae)H%C^?FM(;R&imZu%0+>GX0D5~- zjgI7w5hL7M(#>;D{lFqa*gRIUjvwX)%p=oVnVI86$}T+DZrw8?dl4lhw3NKhPCc)p zERU1i9yVK4xecY4t)?R4X$Q%P<`ggceK zy*JR*y87j7yh%4oUH1c`dc|ZI<<8&ZjqI!GEhx-Y9r1S#q{Z{%fvoGryOuPkbF2%s zrpF1^Ti}#5*QyX{)@pudgVOwC*V@>rD+1lq^Sw+9v29qd+=UP!qbHjEj#$EUvL(heT-Pf+i7%MQ3O^-QU)7|#}#dymp?h76aDAE3R?xYt?< zEtU}uQt#x&c;zGmpQB$^fX2C~K*0Qt*8%U3nb3oFii5Lu?e3|Kvj?#Gy>@FXUh;qj z=%GQNK=o>+Ax@@G`W+6~jI-}x2B(@KcSE+9FrW)%Ycpg4$%G9@oT!96+2ELuWA@r@+_gR_iD?44d2Y7Pyszfm>5V)j@x|GZ9NY_lbtL5G{ zESpQWntW-!^LdnyFX%)bzf)oVusK#PF?jWsf;ZdK&Z8FCRSSa~T18Zfd6adoihY|u zVGW#F-DV8w&RxRsB;LWZDC=GuoBbE`q~cn%(G;YdEGD_+F^+FmRSB!6mlOBcmvR1w zuPU%}X1(!hoq=NwAVrM-n3N$*gr;`MZ1_DhdDVGeFzZpDGgq(|7378jPm=idrlc6Z zy~v@pOju{Rz7lHoo)$7*P1V8Td?pmqlc)Opc}wJy+V|}b;rUvP|2q3>(|bHwpm-pf zAgB}nz~wQ}*EaLJx6Z;gs*P=(l|Jj^r-K4{>5>qB(PKgc&=vIrYX5`Kx#N$oC?7sO zFC{JR*?U$!Pej;vDuMkAH;z(fq)zwn_^V=R;Cl?TCtiAa^`|6ErY9L&^%jf*+7a!a zbuO|7*+y9hvHNhV|Jl+)w)2AwWB5}JpfegsFv|(7XlxyrQnPBSr`GqK1m|$edG_Z_ zKNA5+g_8|puesj#lR#*H@ICF&%ceUkbg@H;$m1`QqAR0E& zbEy_vm+wj??YRHKstn|}RYhSZ)+`6>F!wv$0y&;Pu;s&6V1|Jn9g)L&HG4T(hJ-C# zWA_)6pYXlX)?`{U?qhA&PcW@ZvrPW_^pIy~yM)tVcIjqYxrjw`Oc`pm++-m49Y!1P zIyWTlO|arKF*>|`g0%?s3;%I4-KxvOT%D#g$?1A@J5q^E|8?x`g74~f{O{y_Mi#4U zSi@f0S{vJv^21`~o5N+w`Jc{7mvfgDv4&XCRumV)P2>Uhb;^e7iQZplT)4&j z=%JR+^_j4WmG(VmHG8V;D0bezGVgsK!g80onn#vh(>=SKtF1sYd{5;8>)M?cRGNxL zgg&jjc_e89ui!0=x$ei_+Ua9$N%n(!T zBqzpuA89@guZhqh*!Un>%boxWg$-#8tNsfPgpjka1lH7`_Vo+HBO+GHUhH10@=gk2 zZ;4*iv6&%MUjPv=Qr~ps+GCdZd8FLjs7M4s@p}xbPq)4*b_{3mLu>o){L$Tc>`zj0 zM|TS`Pn$$d*1=GpvC*Z~+_1M)866mEU|s(dVGV4l z(;8rdI`#EsWO;BHK9{7V@{Y(z8)52+#96J|1v8o~q>2<*DeAP3G~&+iWVMDzg;9U4 zVk;ULA1`s1|2^4{72hkQ_ysKr9&&aB+a`U9F>9{eF>FICnZlE7LFs&#wdri?tF<7) z{RCx9xh@;`PU*z)nOg*x7>eY6&r8;vV2cfz`ykD4-3jM$Mlav?WG4*L*)k`B-tCDR zySf=@T(8od^^@scjMQlNt4Ve-2aSOCK5#N@89Ax~e+n+AjBv7xU}yLo*h(Y)@X>X2B`436rn4 z^d}L-IWJ>J;p1h&*kvm)bC2g5gr+9MS-G`00nc3Hp6}-h__ef)5)w7>Z-T{m`<1gO z7K*J||K56*27WU)4vpn^4bMcF=-+`;x`2UTk_^i3p#8c0nq**D(Roo*GF=N=r zlTzR8EG!%)_86=8=I+LRCHyY%5UclbC;R<5A5Gc!DXiDzbG_8%<|ueseSyHQS<&JW zD6{ZE5>WPk%}pl5^~k9QY{G`KSP!b4q#NQr&1U9B2lZ8Wey1clpRa|D=@EUN4cJ`s zTwRt$Jrx-}S1Af0{2q@5_e+s1jJcSAUSjvH_Mz(aRNHe2?@nytp&nDpQgy+n`rzs8 zzntI`-|X{xSXTq;~A(TzB)r1$@f60DL*HZmID^x6_i}=bk7C+V>6W z+}E9Vw8Id>2b4>>_wN6m0IoNQw(NCi>Q=W+Ujb+&a!!B4%PNUYXW)OrDv^aOl9395 z#wpRdNp{;Eyn9?g@d@``YeHuPURPhvuG~?9(pMR?rB|}qtZ`@O3MFdiX1k(ny-!$l zJoowaV;<04P65zX7Nb|lXSZ|OoK)|B(nmN+oAmi(*vA(BL@YcW*;n|~;ir$TUQG{S zT8W^Qbp{m(;Vh$HzfiCa!R|^_58A)^KKJZ#av5$CWtE?g!#q2H&^Y-f(-xyqgva>=`KmS|4WKAUCcJO6|AGIou9yHZOc* zHiSDaPM0r@xCuQf2Affyx5Y2z=LGS!TV-6mPnSE#qFs{j>&-kcINRqb>0j#+H*H7Q z;$Q4fsnXKC9^4<|vSD=Z^+fP>aAM~YXuI8UWR^>)GdQ}N@nH{O7;1hvxvts6@&PaVb0&ocq6h}Zs=@KlPJ^#65Tb3Y zA+k`M;i_-k>Ve)oza5~xMU=#O=K60u$F91p%T$dho0KOmwmsHDuR3{M&>7!%AykTg z=#*=%!X8Y7K2(W_z5|HzS24Y|R7v4%v-fg~b>Mg+(LX=6xxcIx$RaW?24r_5SOJ*B zvIyXZtf(lzOZY}n3Uaa=WE2yuP&W>8BNy!syo7`4nVG@iyyv3+b@kfO##|@KvLif` z0S{i!smb66(m0eADegh#M3%lD%K<*=Lp9T0OW%a?G{AlyoLE-C$M*uir&fj&M?7d? z|4%GHZfe?-Hq<4c$S&$`v(mp?=nlQz^;-1}1IG6)oGU>I_4$D>BGVnCB7>Mz_%-C6 zu(dqC*a5=N{{jSmlG zUZCUYdi`OiofS$IG-8JYS4s#kX4s=w1Iv!xh}6G!2a=>YA3L;h%ckq~&B z2)uiT>{M7GAWiF=Y|ME)=uQgOlq|&t#SNKRgg>Lo{fX3$4-Ne)jS{a}rn8~Ud#)UN zD$MiwGju@z`&WJ)Lq{=Tp15#(CQ-->T8Qm$1OIcC&qr`#bqUhd{{$|g|R)epZ z^nQ}+a0NxhDdNyl{U>xnv8OS2&g{(?OSY~1o zvb+NP;ot;GAmjVKq!*jdxlDpBZ#ai_W+>J9asX(qp+XKmww!GG?9uq@#PrzQ;rTXT zIQHuw0sExi9Iw1PuKC}fb+_5Z-^Uu=uIyl*Py4`Y=vRs;8q8(o8%S(n{A)EREumOTM4?xlk(?)d8#Yh=Rp zd|RF$D}^3eeHBs_-vS3VGW1)B)=>{?Swin^G`EIR1nGF7iq6^RI!OAvg^BwJ@&JSJOV{C%- zb;DTL+jG0oqKg470CUZ+e-@yw$3*-kVyK@>`)OjVP>k6k<8UZ|jsZ4ll<=4h zQ!J6qdUkt(n_2wc*`|G5hbFP{t|Lef9AY)-DDPlD30bu>N+x*hMf?~fzxH8!h=|Ca zXbkj^6-*1_AB@xG`}N?PcX4J1-Tgv;*>@9TnABm^i$XM9;dthT!Kk-`V(PA1tG9>P zW9xfBVEK?6g?H8RO=Mn(Tjx=b8^G@hEv~t$U;Sm#w0`FSODx|f^yBUPF~r~5-u!pD6T<95<;y`S9jy9`aiEmPbR?Xpj@aQKpr2e>SZjjKSa%I#8} zyfNm69Ru8aXxU8SdwBG)UZeT4vkuM1&BQU_P8k~7!}*~MRQNbChO2SIg*NB>)WbpA z;+Jzl`7M_r_&f$ISfVz_Cgxq)0U7)qC_81r>LY)k8AhsCbm_#~AMa82w-GSSmOwFQ zA|e!B0jW4(1Aywku4FsGu-UCE@~&0KHNKT@Yu~bOJG|eXz%H1ey;d<{>RLOh`i_ zf}t?>bFbDicz|R$EjF$foTDm4kFeWT^6ESQ<6|7?d7pTIKVaUrYI+|tHoPj`Q{OJV z)gI5V&s2o!4V!t^;)j-FpHwG1!>$)wL9bFI+!rp$I`pZkh=?ahy1*y5~)Nc$m`{EkCl~3a-`n?2mK`!OZ#<|bp8^Rvr4-7MO zJ!EZ9WWVf`}gfmS`iU@ z$D8|BX~g)9E!MYvsSMBeuWz+4hQN~)*ze!Y#ccFHmq}r5XQ8)YBslhSOkwZng~I?; zp}>TNg-0Gyf=0S_@GidnvuL2#M@lLQz0rk+nEVEf$q@Ar4a&ro;DCkxh@|~@8^rgN z2mMt+i(btaYIVC4?L%@v4c#$5Er4{v*vLrF%8CxqE+~TT`d@CS#}bt6)4+sriJQLD zdKGgJlIQ<`K~2gAJ2;Wf4l0m@9haFl3Q8Cnxe*Y7Dhm0-@Uz;sjL?;4vyq(CKqCdg zEo$Ow?Q!@>?m1A_1OI{Y>R)#BL&`vn3ST#7XABQ!j%ULK@7&4PKhbtwskzUCL=Ae4|L)tbt>ii?n;i+~2sE)~7vwQ;VD4uA$YiOWQRaGU-@lz-O%2A$P_= zaHrJmB7}&n(oPNc^Yc2vg<-_QeOT!4Ft+nt^v^DznAF3vLnwVBaeRRP{vTD)ttsTs zptkN8|1sv3H|__}hZL972yE+EA@cn~d+LV>O}ZkCv2UF%**DaE>)#Q^PO@Pmlh=6j zYdX9a-b3Eb5P`|vou7s`yw6`;4{5zP86iWmWkcu6$Q6!9D59E;e2!7AFb1Q zFRik+laH12&w13o0Jj7@+!oI3n=S{A%>s%G5f&fM3Zn5U7q%grks1k6EFwrdQsY!O zw%_!K)@oZ_(saAktg=TkGKL=ELs_0ejt&MI!l66h1wnY=?2n_ip?5*zuG=RJa)u*~ zBf}PvE|;#_W0dN`14pnymPNsmb{ zI9mB;`*+2-NON?q>10I@B9e)X(cZ`*H>9{zA@{7VQ&e=5V{cPqPh-ItpB8^hyJfX= zlU~j8ce_F^Qhu|)J#h4TFS{7XYzdmFwPnKfwpziy!+M3UxU{p@b%71BP`l8^>cfgrTk_^$j$lya)CBCJ(Xb0{6Y*uyWk^3Hlp-HuA{*fE#<_tuqf zThK`=Ch$t)zJTdVB1u+7bX18g(E!-y9M=dP)r_m_>^!JiLlHUhq96 z>%{R+-tx9KFU6CaEd0TkTwlI5DjW1?ybbPChInDz?Vp7N!E8qu;d%(jBNb8BVI+WZ-fPHRz7hz$# zl!ETYS$%cUa9;b8x26tmLlH(*>Vey-Q3_Twad=)S2tWX)CYG>JK{++E=GyvxKOPM7xehHAmBm`cZ8U$SUbn>FQ?1+Dymk*~ z$Ftz&EvdFuyb+8C%7!Hlc&#-&1W9O}uAcGVax69d4InH=lkqozss+Wlm#j_#zqr*wxS|1@#2;xJ)sH#;N; zj2SJ~kUvtk#QW=yL+x5s{!hvz)BKPn9`aR2v7Xu;@yNsk%QRlHr?t7KN_L_e7*UfEHD+&tfG-EOeXVx5 z7B|9`%dw%t?9}hBot0Lm=#_>ry1zX=I6SKGI?P2hIqkQrFNPqW>g{j&rvyZGM%pvx z^LSu`5ThOza|Fzvj&X$cwle&*_t&kFa~p$Td1?Lo_S*dRmDw{Uqe@1vn~MhYyc@n? zI0!bkPmnaYEoH~Z&Ue6^ezpj7lx|B*%&@-CBASB#(O9BBCSOY3;<)pupVLY)(8ig4 zHzMm?UYWvg4YOzyi$;%yJE)>p4JOmJSf6Q`?x(uD>{ zH{p`=7C4-9(gw2RoQGSi*azo9Ga0uFH!)T50>kcF(b39vd z$?kCWC-&`Y>4og8raZvFZ1CSjLd);$Q&4>qx-=oI^UWzG6JAy+@4ts#AsJwn=ObmI z-T7&UKY4{@fxNO}Uf6d>Btt=8amK;U#25{I?}pjcWr`HTBTR!E6YPc&IvP>$b~O@O zR+GPn*wX;4ERBH2KbzQfNx5Grx_#H5PW+dTwPbu(-X0M8Te`0mHn3;w&;g4*!Y_`6 zaxdN#Bxx1IJ3Qgct()&DE#qY>U{w9Ayk0WTuF5`{p4w;BxhcMoEne-wZ5Sr*1Z#+% zpL#22T|`q5H9t!mV!c`9Ks)>?n5^`Jm&~=3$04hmIAR{|7e)!V%THMi1v}?x8qbzD z4Dq%yWouJWi%S_RLurCxdQU+TPbqv&U&dS-j3qML4oc()b~41{v}W}Br4tzN#p9bV zeJLzXF8qt%2;GiNb2%YPs?*M13EG~A6|(u!)R>U&4yy1}sRFmxSe*`}R`F;cEs&27 zid({mmUyX3+F-58VUChfHb%p=TG4%;J5t?x%mO>mF%uCGmL|V&WEPHCTK<~*OU4uU zgPszIl1_$I)}4pRw~GI>2J{`)Acu&^ShReOKck}HV1=7vl}xb+6$`(b5YFtESUhRj zl&`r0r*h2*(m-B}tnDreUmSLKQ9Vs#Tc9yl5j-a*PvcI*gkHE%`?{eic@yor+-%Ja}Lgc?EP zF((zxLK9(CKY~z}qJnEoYeq)F~4?oLRshvZ5peRw70k z(atGLl1kQRn;x&MFJZp{P~#T^ZtUde=F5x+x#1n%zwU^^x`f-iG0tI!4pW|HT$Meme>*rXZ|7Igevi8!ag>>|~|-X(T&vNWyACbb>{wsvts zL&>1s+vOYP;K3RsTJbB-(K`A;T=N&9E#gJ^i<7rXonsJ$1{ox_6{A3v91L-z$wgAT zr|Z&EK1&?M+l{Fas`tIt4^ts&Tkn*YHPTb!FNqRfBI0et($VHqiD_u9|$} zLloqzlm9|CT(07pi_WQ&lqjZTY6>LVC-)pR+eQC~3(;z~nHeFzUHH7HwV`ac8DF~g z%=dS>#-{sQLO5P!^&QUr3L90l3ohKqeUmjqr&m*OOJEDb42#;DjIetIc zg;jXv!5n>&tVSv<9;$^c(9Zy*QBT;$m0G=j-xS}ORxUx04spWGqd7FaEd5ilhVr~j zMvDdQgGU>vbY46u$Xp75?HzJ#donK62{rICRpi4gu@cu`E*VhunsWaX`O3{Tln@RB zhS(Kg61mf|jAwA_X!S@;AS_qT+q!lzG}CIA)(jq8ISzrXY!yhq!*=Gl!ii#`*PE5& zA^W4^hQ1_)U;B*nYGKLEl%?#ov#6m&`Zqlv&l6PJ8v<8nBpMt@DV_n&shh{75XshJX#E&i2r4rKZIe$b``hBU}ubIS|{ z_vmWzJaH@;wFD?d)pR7$ek!IGqiW-z3xp8qX7-7-Pu{o#hvUO^%5B$qLA6ysh8iH$ zp;)s<-u0@RDYz7rZ$O?fZQr_fcWcgF`G;sHrWjBgE_DWT| z@&)Cc#C0}8O7Oqow^#!un&lv$`tC6RSvYUO$>9O0S-r)i^$z^mb-!{9)-K0ht@nvbo!wx^O`~uS; z_k`oEmwt1N)!8O|iT4oyMo+haVoZkvl2--A0f4Mu6~Uh#)cty;4baaV=`P8lFh39a zLV}87lEG1m=sY2H+#gvk^X3ckO<8ARJMBaCENF3-#n9xYiB+nK6Gma?5agJF?K97c zQG)ul7f&;)RLer+#be+VAp@=BUDUk)QJ9tb*LiR$E|$IOFFlm4_O4!Hqh=i_}9 z0^KQb6E&N=iq`tKYcTr)uR%wmNZeDUb7Su%b4f4xbjjfhu z80hP14)7c933<~fDrPD=WNa)sn#n}M1WU}jNAy6D1!Ac@?Wq0rB?LZ-38Xr3MbAu! z*!&|~Sze3mv*9W-pLX~$m4h>8u@LUCKQ$JzUrH2Dd-g}|giK8OVT`HV=X#p5Ki^k> zcXLD0Zz)!aTEU*cQ`M}sB5wfQG&+00oz^~Ms+L1M<=dp3G2e+%UT0tk84Cq48u*?KUO&8*Y2BGC zpMr|#P&mYL2KD!Kr-w|{d+AA*E7o1O-FGx_ee`WmQiTB_kTYz}8ZR*EhJ-JG5;40D z!kbK+ES~b;`BtV%I`5AoKc;hRCM2B6rQyS z%iz6d`&gv;Xt#-HB>V0%e{WkBVZ$q{g0aG9Ew-W9$ojl_<8K*joxT@FmS`iLO@;Dv zHo*U;;^MIkUYK20d(K-pO+~J0LfDLt)od;b9ls(yw z?XDeHdo%4AqEUxi1Z{M)z_;7J>4`4T_H|m_zT~vjFR^g;HFiKv z*wDYOc1|!LR=Z%B1DsTc?*TkH9j$l<^Ehfwe5OlAs6amc37PRv|y_3TIhvi#t?@ zQ}QWocvBl@&#+Ij@5i_+_=d->{jxDe9M~A~+Tyj<~1|5|!rPFDi zT5om0iOX@A51*BI*uWf5X$R~%pFyqozV+j%U4}64!mUofMQuMZBeL~7GYSbhfoCyZ|5oZ>wp)- z6ZMkY3JZudCAY8v+y>t90^Z*SPk;lwgyGa!xaF|543o8@bW@zZu25jfJae($AzYNh z*7j@3Of5CG*5GU&iX?Fe+3l6^-Y*Y1Y&zV;DAv>UoI2dGo4a8p50^kx1sVfFK_gOt zebu+qWmLosnIC8ho^C!M96OH!a3vp^c`UXu>U>4p4H@fjknv?UA+@Z(Q3+QChH`s} zmUt_wp-;b-_`t4^=Rnk|x!lF@JI)I6-k){g#hF0i6h4uNh(x$Ml!CxjxMSg2nJ~Kj zGBetB%}?^n%pFiogHTd3^0C)&iyd6g!d=edK$g8=H%XS$G!c=n`XHi0@$R|k*uEG- zM-y~ATTrRr(lY*3lrIlII#Ne9+$F)b`RMHjKl7iKx7+&~9~%0pbrrux4d0AlrjvOVLEM>k&HgVfsU&8_fAy$@;gYjYt|Er2u>0RX9j{yq z$P#5;o;J}D-2%b)gQV~7o+>TVX7)Lal`}6oJJevsPSqG7z@F-)hNX{%%Od4Ju>ctB z`J{PJJ^wY#>#?R*SZGW3N8~#wFuPnl-b**0OSjg7G;UtOMU)DwM0;-sv}l8;nPVTHld&s?hFe13cn6oixfM86|^ERh7z?H~V3xAfAM ziN+{-Q{R=1#D$ow`1OkF-{y>fz}hf~`87+05cid%@HIX(1)(;20QX0&ihs4RKgVXm z>AeoCCMZ0|wDTT3C3mlE7QEZd)^EC43w=9R+K8XY8UL540*OpsiXkX~?|<7M{(sFB z#Omz-_pn4nn3LHa7Y0N)bUWOd*k@ny3Z+Y%Sk%1f)O zWB-4ARQ-FQH*e|x%7~Z^yMuQ&`skN< zxBqLT=+V`-+hZrqUdhG9JCieGk7M24{tR1Z1pJet>wU{-I(aWDK(_UWU>0tT;62sV zx!9&mG~4u}^(>f|-kB6z*V`NdbGc^Xdrf2&M%>xi>CNy5AG0XJ2G45Mii@+E0GBsV z<-9M^A8Zu!8ic0?q(L?(yKPFu59q-|LGIbv*}(2;U*Mo7B~z_)xGs%qz&TF=`DQ@!kAFz1`(7$X zXKo5Wm6!?8MbQ+UUM>PYAe2-})({9KlJ)|) zbu`cz>`M*keUpLcaz2-fxO5F8s#qIECaVjMaoZR+KdR=Y9brnoMi*)8h+o%Dl}A2@8YQDzh5S2xO37^^fm+ zlhvxp_qMSx9oX*VnQ6ziWD|YSN&2?RN#LUOrD`yO=wc6&K}KDXX(6a1>E}L?11sFa zD>?q5u0ia5WZvEpxj^-0dd65^cHreaO~zmA1ipI%+q+zjQ`8xwiavitAs!a{FI2Lp z5UesC-+`KYCgAkTG@`=Z>AWYir8VJsB)?0x&zU=NP1wG zOk_Y^pHnl zjl2j%SXQjaAbR!AsZ>|JCplf@Zu)ko6a2UFhW8CzA0y3E^TyLGcIv8LE#7yw7(@SR zk&Aj}_BEIVWi?HQd;j1k5Lxq^0-aHn&G3K-!6?wH=wTW2bh%*dA+-e102#v7)^G%{ z!&(7UE-I5*yKSjlQ24R?(oKu|3IWoH1 zZA(m})kgijdpGE|Aa&yiBVfExH2f66gD-DLUhk#a|CQnX?4HOYL$kvfg0k7Vw<;i? zZ)2&c=LU=MFoeTGpxVwieTdK8XZ!K2bM|DLzNdOoFWSq;%TU=mqx3DQ??^B?tZwut z$9FwKUmT+D%V378`zUbF8F?=lScXH7G9%S|S%&G^ftI$7_BVA(JKSDCAUfWMnYeOc zy#{(w7=X@S!#egH6uIds-?ZicII|~XI2JKsuII406|>idC?gx`;P{XYiHJKr!BYkA zK3{LEmdlA?%1{rp!IgQbRKJaMG5{oCW09>e_$cp}<~}W8r(k&kGaEf!2*bM^0pO@Q4&;-3bV_ne zY7(Bl097@@>s#mpXG|93^a4MU@xokf{(G>UOqW1EBTQV;6PkxqM!P@#)11P?t2`~+ z*X?PU(RWYHgtJe%gJvaMt;HdoCmOMuGb*wfz*G#xE?<XWf6(PNIys`>$ zI*qLHorbbKi_-b9XK9POl(hat71PixRSZ^t?+sAbt9BS~n7LIt*Y@Zyb$`WE9PFSj zp27f7EdmcxoM<&?eFdzoHxNrPS=&Fk$n>sLwQ>1Do(NT>->AooFBCSRw%dV~_^8M> zc+4<06Sx$zd9v3?EqUC_-!bSldugpU>4kY|ftXWUR^FND<5Poq8LdA5Vn2dTG?;#f z4;#X1R;_H2BG-ouBAx;lJFRawK?73>Hh64z@sH8Xds!192xktjiWXk3?eoeO^X1O* zDRzZzLLW;lDF-(nylgsenJ48D>*#>ercKx@uMsuhtKi0>>`jtJXUxYw)D7ZcMw*)J zr^yvU1!Lmz6Mk~8?l?=-J1g3vkU1z#o_o1;Tyh{~Wr)}I(Q7D~$q zZZI@%V_Eq()ua$vXB{&ArrFA*(Gk;m6)rvEO38o^svwdN%YD<*!trm$DgW?UZRF+7 z9(x|pZ9JT$7qQ>2StHWg?QOsxkG(;BKB@&OAOIlfQBoW~;J#I6#2v_j!$KyWV#54% zFHL2xKmpWl?-@qvznSmiQfd>E`>SBmCf9lRWqSxxUeg1Y_vFU_%l20npas%>TY+T> zCl=PJnW?Riq?zE5JG!Am?>n=7>d#6r`Cv;AH3m1lMBM|>wPBJ}`x{^k8w}l-O98!R z>0ovkDK707!}VZRKWXTVh$iA`7@q6>5B8sY#7}2FBQZ9Q8RIyEYw#9ZXwVZp;N%wi zGVOher+vT^9XqG@8B>Ua4m}XkSL8Fn{yx&MXAt5vrH~ss%o#)4nwN|1noIXi;o^?? zej&8Jv1_nx>%e@)UT?3*RDv)Tu+fdE#zDaS{BER`iyHn`J$>hG?wPCt zX6aL!oxP37a@rL=2-?bc{*5G7In?BgqfG9To9aYFj1(J@(pMMhE)LV0-!!l}yu(=Y2G1_SM{* zmCN#fPEh$^S3U3rxZ8s7DhJ!9k)L`cl%()W*pz9&ZuQHRs*PQ6PUR%t6A`Y0py=9h zZ4cXCsw~|5Uwp2@2?XB3#6axJNKmYU)CqeBjsSC+s%aWbf0~N55co{)F(+VeY8$Cl zs2{ij?FjtMv&-uY2g!G!gVk|jR8^(4WKDb1Bzex;1kLTSKuqoE+=$Br-`zewe0qH~ zmikDsMTn+BfI7Gc2IEtxxhq5aGau5_t1H#DJ9`U?s>#ZD1#=$;-1^ddSGiVl0@2EN zdF$pmQjm+$i(QXTE=)wi*6Z9*TZ?ADeWYqA0uYY0Q1U@6WmsZXV~x1`=?Tf`}!C0PSc)AmInCRK;-iTvx7O{XGm?#&CsRZCe`<^zA=0 zx}MpiPcl>`kb!Q~VLooM*bxi+Q;!U0jr*Y}*H`WL22soDOzofUi-Co#B3GDN8RE=~ zwuy*u>(_SDM3Q6tX~_M#Nj{VhDI;z06{^8DZJ;~maF_XtRP-uZ^46p4yxx#*tS8^U zJOZ%g50aLya&O;8c#dvHPfV*uU%>t!4oRlAL4*2%HYw%>DVMm*Z5_PFHm1~W^cAGd zTIAWjn9BsuTAJWHoHJumPB;7o`q9fHqXk~$EGB;Ht!kGBzLSPqxEj%;APyD>laIc#qmpYjrQ66z{x571Bz2(6QI99b839s6h>OrP>pT)&Xv_w-a_ z;-N2N=3AxDmUUxkGhPU&lga=OrY^xIc@imI<1x^FQu}|WCuaNLkSIZBYZlUQ-_XT2 zkL7vQC8thW(yOj~hVQc#B1-@!(!Xm*hAO2<)syN-QGu$j381Mx+v?p>vuJ;O?^ciwf>L(iBa(6#wy zf4zrlmUMo&i_n1bl=|=x3CzO$uRz#M<7}VGmBfQy&v1OO$ycb3fx&kJ6~T>bE&dtlg{C<6ZYXr+x*eyWH23-{zTrj$fFv!assZ%8Tzfq>|e}73WxVmFS-Fw4jbI8{6Y2rQ<;%6A^`3T;UnLnJ6^;*BCuvPCi&auh%SoPH=qoAJlFVik<<@Yu<1+3y=Ub|k5hS)X zg^V;}S>{~SF(75L)JUXw$-{BoEpa|Vi0}_@XI9X(GvE*VnOU4?XUYT3v8eD0!>)Ts&=<}7Ahgp%N^n+Ong}Wtr-#c+Fl3xU_q2^W zDwyY7Ol-w9<0_xe5#3a5y-^YCX6~1&@zkT*( z(3OzzH zsY=_p8a_w%h?}=ROgXbq4PETC-VwQEMz>968edlp=c>OBG6RT5? z{i%+At~g%>UYXf7M5(}#FukF$_@Ni=dI|58BVMX^evpNIV_?DmZj+lD>d{=RFVQ`F zCs~%NWsoKi*4P8m#;+ZWz^HM{%P55JlH+zFL09F2N#DP} z#L%&$8sa&s^-Ai}(J^4U91J)^IwTrBN-`Jq(WjC>F=U8wCis^VIc?O^rmB*+~}Vo`>nwA#6upqg}HoC z)ob8RH3)KzeLzGQ7U4`*y)eO(dO!QCf^DrML3f!qiR@poGydPxR9rfT69~~A@F^Mu zPS=}ZdX%06eGoBiMa{#Eb2dQ?}@MK#T0_3YVejxoM5O{o=r1=7Iu*HSB2P6l?yOw%dU@`z9kCU$KY$fPUIkEF_>|%n5#)xMkGn)A zh=Mx-J=W$aQ_C;d%P%XXJ?_Tl>DNB!3z-)0MzP%~+h~-)_vzMbe$VXns#TF*O)RrD zoW1F75=i{1U7EH7YtHyrH%&!mBxIhR8|56fERc7TR(~mwSX+NC)H52twvn)U{ob-a zw*@S)UV6aOsnvjGxh1@IfOeZ|CYRE|z;*SdLISWfV_ld!vk__GnvPU%JOW9lVjuQv zF>VNT-s4^5e8xgvUMp}$8xbr{QGi`_GMkWJJmu3y*XmvxuDai$*C3o}vfFfRzidJL z60?ISgtuun4Teq2-uG+PY`zV)4R`x~a~B9VB*nGVeB2X3c8-W_8Ntf4-h7Ac(b`4d zEu{P1StFqNq)P7%TXTYQ##FBi3?8BZ<;;sSFwic?>t`KrEfaH zRvl8uh39?TMpI5x^v2Q_kiW=&JHTvp3Z{#x#eaBa^x}!SblgSpK7%I!QoLHctBI?Q zOa1t=vTUSC-Fo+slZ{zCX%c`tlbp+$G6T9pI*phkTDRf%xW%hOyuBQj`~WwHiAxF+ z^~q*Lrc$SBkP&(I-LB}=_F9XR4a8jKcsxNf)%^Y^#O>09%!k^j6vG+waTi|$@=$c) z-}a&ksEWr1670+q{Q>N=Ucw%rNjLIv2Iihi-@G=@&yr?&4mrp^OP;D;^qC%NO?VcK z8^ywb&HG~YbQnY2|1|CK9vVRy^!sJhV+vkoTl$2qEcM_Uk1ZI16O?#WoT_#-V({Co zal8GOTjNnlF(4`JfxY0^<$9klbfHZ(XbCI>uvwFVrNOk{ZW#N5H{ZBheg?2`t)-`$ zzVlCgdAne`)>rYmN0!O&j1Ur~qvj#?yh#QEMRQgkPIPWL=(1kXYnX6+YFJp>#0jW! z31ZdjM^v$SWN^Or394IJgsVdUZMJHhwH6L{4h zVd|l%P57jX2rO}3v26g?#>>Vge>{LCUY=`ZKt3OJQ-V?sE%n%Q-K3)^rJZcwpdu7l0PRYpk~+`koaJM=SGssU{sF6Cwc?;RH~ zrPFj}kyI9Cr)%q^;A3H%XLsm#ZNRKJJ;hYm%P`@FwscamvLF-8K|+>0)63^imF?Q! zJmoxVkjiz83kcu+(o%^}zYaJ5He*cO6)K!w!dz$5j>> z(9qrs?4reQ1MiIx?y5i*3$QBfzJDHJetx>h&f9`6DYI~e|jN9+B*bXztub< zw#wZ7mCWEewugzO+FTqYbLToj%kz%;b%^z;b~VJtu8K19a`5(_{4``zV1FJ>XLw^~ z-{zsISBN_V*mW)fB{MU#Us#wl7g#k5pnQ00Q?$>wLTZIi$2iM)maB+e=Nee^9^+7K z-}$~L6bYv~_|r3jpc21ta&Z~yR3J1`j%k^Y@Nz8I(@r3bi#`EJ|AFvApdR606r^xZDz;ADy_6*!swc-Cz4 ztVN!kt6%3Ecw}VmD}n&0=`S|uZ$svv?pbZnvvUkOY!OeO{6)I@N)w$NeN_FAwWw&A#xaI|rW2Z)#>wv|2pkby#6Jc(nhOFa z=$hTyRj+Vk{49Ua&IcXkAKp^W#SK?Sn*r0G{tZr6I=rC+xAT@(cwfLXTf~c!2*tRaNVHk^R7T4e*2UcHj9) zoMaCTu2u4Oo64d%002NgqmL#`60lyL8`%Hkfe1#YbpFi)k;QN-e#Py32d6u9Lf~;U zJ^6-k8i?};AKgU)`(dxo_3PzKzm8iL-MA`fVcx=ry*USg#(b8#2R|#h_utcVkH*lD zG<+_K5dTi#X-#piO*%=uZLuR2oGo~kfZQgC(WSaf(?mPNi177l^y7}rN2>prF8~yj zCA(r3mAr}p*e^V{+=Sy1W_-kp^S@6P7vqy4;~pb{8k2@J%ZA(OX=wb@%asSGz84vW zgpa`BUFDvZ zaw4$CH~VO}^H=8Yc}{0d`r^1K=H(EiCi6ZC1}C`CPCggctdg>2(HnpX#lOqfFCl1t zq8$}k!_!V;G3$r_xA^o5bP~!{h@FgN_kA zL9SLFiXiP{0xp3<*kjQtbHB_h-N71=q^yZend)>Z^qT{`7}ze)hxSHR)MU*czM~2* zX8&?x{C~w$198sy%ka-CZ``!g0%Wm2T+rW553ut`SX7Zh4@WB%l+DiW2zU25ay>y_ zt4ub9d+Dr+zx3EShGTQ6Uhj)kMA z!ziZL)Uu7HPX5L0*zk_JCoWc5`#?X!tgLF(sYU@?xdhnABQ^>@@8}STRia8PRU&zt zcI=JOiQlwahrMbGVnMxK=+VECTr;~fY%A+wDp|>BTEtJW z+DvQ~XywKTD4sFM!7L4^SmZ!jj3K9-y{;tPSjpAJ|nK=}Ldnr$Ylm0CNl)XY&g z@WU15bt0D!#(2=QLK?9}f3O%~%g2Y#BP$bL;H6-_|F%5c`_o}%U6y=tI1Izbi<4+5 zD>CoZ4Tk1YWOXMWdxx7!+pG;p9#YPzT_%J;Hdfg;atEr_6J3`kgsA@ZwpKUUl3;I+yTaBYgN2S|34g$1X1G0 z`I5n>Pm)2B(i=JxlOXNo9kYNvF@F7|sBTjYuxTrVr^9w@02X63pcTpW1p>NSe%c!; zZ+>l*sK*zT(YXK>}Cn%rh7J$}NK0F$obb z*z<5$B6%xcwF&QG(r>A5x@UJVTptT3xGppe3e%KM>pFNjfpbJwNpgTi-HJDCnXqds;E zLe_cNDw@cGqe})5v-wC`OcA?N{FbYN6Ql%icG#OMW$h1JM?{z^D*+AY0oNlTHalV! z+VFy2t1^80Y$Cew5mL}WUrgZuG;6yaNc3*gDujO-jiqC%N^bgZ z97a|CUpNdG*&1h$ds$RTm#}!3RmA*Quo5MtV{R7=(?SJcV5qB{b_-MM+ z=PFr!u?+B?Tbaw(NmLEu2L*$qTtz@CD&g)~^Ge=Ek1M`_`h)(y{h~SA$&UKpd`tq^ zzxbH+(gSeRq8<`n96xWJMI)Ao>4FW0e1kj)OP72sf;otUXc`x1ehwOxEqj>;30JPh zSvJVv1SfuzxpikF zSs*^qhwW{!DE*6^9Dl7f#8E;{S_MR97ED8QF%~Xug;`@BU6xO;XWCUKR0k)_%#Y^o zaFl{OiQSJ`>bipDjp5@E=M8Ow6Q0=~XP=?uqKLb(=N_p;B*mqgv*`2NbkXFR^(ZY) zRSk2Ix@dDIxUrZrF=mtQM?Zce=cu76!7}VLDXNoxt>484GlfNpZZ~`-I%@!kCRssK zirYOt?25dbtZjffXn1yX^gcfm7~D8*4#z)2oMDK;`RWz*-Qj>r2Mml=vE>|_XB>K| zw7XBl>E(Au61VmJGJ#&+&CQp6+O&dGQLxiHrv!|o3jMWCG4A%%9x^rIpUoVDPkHph z(JttT|7KnkH|`|3e7kQUwjYhbIO5$Af^_yPDkTn7QowBffxH|f?)GL^$>jhe3ydpez>^_0Hw1Y!{~3G;u0bt1hK%!3q%aMlnSrUiTdpD z5K!|D?`XGgFbaqUJ}W0riEiTM?P(YYg!}@FK}H0yy=+^;CO&0%A5fBo4V;PBBRoWb zA^Ba)<0}vM#_WVqPFv;mqJp~xp@$Iuz(IM+)H8O<@U0-EHyg5SkkrOsb_3!F>1Mlf ztdZI&j)g9>{TYhH1@O?f%I;qrz|VJl`3IB*xAW`0baLl7IPwDH zNQO<2E6mUYg-aYL<{m_5o4>%2^sbTOo>%W4!`g##(nKsxsNh({-{(#;aipbQ_p-IK zN<69)R+xj39@^a&;SubbC|@3H0^$AJgAUs;<(K1WxiJqc7(>g_CRO~6MO={#rcS1X zI;y;a8cl;cHwrep>IliWlM|kT66a}q81HJW=EjP#PMM)*edj~juD92(4w+KMM7DU% z1;nFO6q$h*Obj59|38Bvo74Y~!H`S{J3i1~KEVLips!Q?kJky!;NjX8Gtc>^pwDFX zCw1A|Wq-K@bj-5ZeVY25ntJH8;FukI5_&oMTDrbbyI%WD)Kr&8D&%z1PjxFBkVJ96 zKuteel(meG-RJQ(k->)*G^UzXSymt$#1)Hw@S%1b*)`U~;A)chSz*Nb6yomyBEJGz zCAE1VS6#>qe!&Ii_6CnoJ$5RM z51af`rjkJpa6x$M%V!#-kTOXkV^%)Oelcp=b!_Kqs%1lkNzoUqUCb=YEA0Hrbv~rJ z=F|~~Y`i*on#E$!SmRUuEg{0+xxQz0r9s$?+eQsJc3Wil2s!n{n4Y#hp!MnHTt-7wmRU!o)(KfdkpycFa@)~lCh^FZW?Xbi7yy74ZpVNYjwGOT{HZ=yP$`V;D)aft z=)>%#a85*Cg|y}yV8M@ga)uF%f!im3_DfMF4P0pu9UI|^~qGi83E>v=9mIY0w5)M6|<2K?$E33 zq$Y&X=)6{;pwcFk`OHGr<1gK#KkLGcd6i`)b^py(fM!VK-r(YdVDE+NfD)X{jmm(F zX-l8*Inq1!i&pSpI~D+dFNB5e>EKx5%wN50xgR++n;wW?ZIbECL`U4!G?B?|xFLg5Dp&6wZ!S>MNV(j^eA-8D9TauaP2V9EkyXo-y-DbVo!eBoe zAaeI`)cNGOdXM@?qR1i`wHA|FotK7%*><>ISTe#RAdt5Uf&)qW1z&!+Dw`BL zusHZYniJ`0W5P^lh027K2d!UWdrDMFEViwqA_LozF$-U3)lHAGQc_0?Xu{#nvP3Ke z5B}MLPCfoUcYE;v%0%R=@okG3-H^=nH|KKxTVd(ReV@Hv(cc+t-HH$OAh{E|Z9i%XozyG5-={?H-z&89Bb<}uhW!JZVQ|Ku4G!m%ZDbd=98qr1j z`MS2cGT30Z>H_v!6CvArut^tbN|W=p)?pGmEb#*owxZTyWI(kcB))X|T2X~u3^>6$ zdlwsut;i2?OXgWH;eL+$=p583V^ovD>}5kn$(+cDY1u)fVodelZo%U`)AeGx04 zu}>Bn1y7^ymM>0SJ=-yEUcmglJe!mDqVAqg-K=o_(38ouS~t7=IzIziKKnnk{8eS2 zklJXXE{DS7QYw2!Xf(tUpMp#*?ypdHo7=^)Qy%0t;I1QeWzC-G9`#O85;0#+713f* z{%mC;bn3Llj`rDUzRbx41LJPUC&mVl^kW(SJTe-O&8iax`C;S5;d2?Sj?41J zxz|l(ujHb2WI|P1#?T_KKYavkYNQ*s%FYH?3&w`$ZN^#B%=CX!s|{{Iae zklCMw^>TTr=&87?S}KNoc1Ok`D$jxK4|uXY92>M-XBGBJE=;nITrwrQENE?81^=74 zA-gP;^^o6)?>|~$#8jL~vTf4n+qksZvQ>O`ZoIn02vMXH23wNR6SX3I+_(j_zJwW|KvBy8|5MVpxVVt@blsABIQlZTzS@Hh z+9wzpg115OaijefU1xpwJl@Mq^)4U6E`M*fU<({7N_zDqYU1M{WT-s0X2(j8F`*y7 zd7bx&^+!o)2+5tcRTLNaxQoZ}El>OlA^7J4RJ3xofu;~OxQR=v*FgzTH1h{^C8tb@ zN<%lY-0!IfkWUS1payVh`bE&uQoL0MNH~H+au)qcP=5HuQz>|An5*lGO^+1*SHzpI z^lD!}AOLsrD|vj(E==#Ix71Mut2ID(i?5r#<)qKjhV)$QP3^%d3YZjIZ=fK0^lk(} z`!R@aWrrIXBa+UXW+yjl zBu#7RQ^20f6Cr9Af`|MAq$Dic#0^;(XR37TH_+^zwY1MFf3rdZZ*?4 zC$Kx!jSobN3-?8&_SB-<%L}-*Ao#$;hI;!7tlZSmLbS?zA=Xtk);gkj&Dr<){( z%GnDx>nKklT`SsJ`$?+#<6b3FnuZO8^-vBHQ@wgo1TN8qM)YHAmi`e`mv`qOHy zrn+vvjm>O)Jp(-%=ovbHwfOW)(D4VT%+AephBNKzGW|FG4MIc zT4wY{W7z{<^6UWo-AyBzQ;yG-1>^l~*os&3+uGry_g^W$^DU6(x`(>ed}Aa(JcD3o zzD+d2W8F9C*B^Ovaa8~}DxPvWBajaaG#KA|=BEiZfSJHDIaQDMXjuD9v!@a!BJV|K3j)9Rxq$2AEohv$d?0M^*DUtjO2B| zA{yZUYn_o2*Pns$6gko^-NaU71^O&oIRM*@Zm-F3L9{*K)?yZFhVgl-7 zR<{WLzRxEg%h)Kbf)IB;Zqjx_Yrah$DU>{Hoq6EBaY$6r3unwA3l?T4X|l%IfXkX5 z?Y8ADEizVPZ~Z=JV5uoOaZstDoong}UC9smItvCSPxCRk64Gd_r2*xpah16~k+rPX zt7Y42o>c-HH9`AOZC-Upk%tU}aQvU4OIe7Xq+{uJcVq7S< zr+6w+-?{IcJ4aw&7t{A~$C5g@Hfl`9aGIyo-=O>VeFCtb@cT^)Mrw0JYRIF*&)RWP{dzrhG#ow4SuzqS`YPc&DU zVO3XSy79oa8SLQ!e!#!k?tXLq%n|>@otU(b|LGKGh5Kvq)x(tgupy?pn=Sti!R?OF z9H809;0zm@b=h+bA(&~jh` zJjCK_L0v;egrpXdYT@m5sHvcRGnUa#->9Bt&mOS{*e}6WSg%gC8-~VuiV0y-()wm% z9nBGSH}DJAw^*&hI22nVUl8zE+q-N|*`V2)>0qMYijW=GQTV*!$CFr#wJh%Hgk|M8 zU=9K?uLmlSFB?pkmzi4U#tYOy6=1UyiY_bIstesBGF`|dI60UcDely`)9y-R2o?8t z2F~mvZfaWH;xbuS@bf0%LJ!Pr@o$xRASg*gY=55XC_?POpUmmhF4&Mq0r!XfWyVI`G|t$?X1=#J%pQ zm2RLq?1Fx?ViJUCY>vB7-sia^Di3`0xg%bv^s!)&pal!!eg^y<3+)}JoEb6^#!81#gt1+M(1`Ri3t|BU~u`9-~~JG3t_ zf^CYSZJ?dpj*!|519vw}^v&B_)@K5`EdbI1Nu#ync?$&scZ!ByJuTnq- z^tM_;g0;yTn`1{Sn6EHHm5QdKr2o6j zgyQTu*;txnxmoC@Kp&5dVV%mo5Aip>CHRLgTBJT!aqB(eie*1A1Is~Bd`+H<-}%`?wz#GdiTo3 zhqU@rm4r#(o^`KRMZ6R)9^4fWekq4=irA(R&m-c-bE}&}WDi2{I~fK~8Sm~fiVBI4a}oEB?^+zY4h#cA*> z{U|+zCZ}89@KoX6)(SIX68#ZbsXb`?ji z&^;nVv#Xg=gG$n*#tdJy^|<`R8fEGB zdA_S6FuuzXqE7G1G14SYcb_srHo|#$R#fsG8t#bPftHB$v*(TWoJe& zg>*-on`jSI5JikxDItJxW;c?(%i2JvJQ~RL*J}V@25SQ`VF9#aL4rVpw$EPe5Jr2i z_>Fn(p!1p+4q_1M{qd8Ky`s)wbiy5@V7{lWmiJ?73ksO7^4;D6aq4R8FW)}9_1jMx z^qj793LNX0I2D$f&3bi8ZeazQ!!LoCab3dtWsl7bGy@K~4WQ6C>7&C_a15J?4V{g)&Lp0{cT^1}71lnWquES^{hx z7|LfPtb0HyR-~NQOU^jSW1=;}`~ZDEz)CvriF*;#P_>ztq&L+BUJ$ca4$e!>SHXuD zi%A?vECr+}(cW}eeIL)+c=Jf;6X>=r?}DeL1*QQ1sU8*{?iYD)=!5yDAmx?Y=xJ2Z zigABhiG9E{F`0~I0GGpKAnJh%5w58GfHY@8j|;1ijZE`HAjZ&;wO010I#)%#`PMvY zQFXK7@mh@D-rARHv5@#V*NWDHr24wKh9n_z|3{MIM*UD^I3rp0LsbJ^8!rEfDcQC; zN9L#;+%yi9hl29yj@irw{>t8*5B9}E^9+$-$}r0T!h<3lx$YlOe_6Sk3!peSiBTze zPls4a6Rjbup|R!haHYH-Uex><>mgs~Ly4ERCGnmb z!1nE2^)Si$72&FC^e;PqMbfa0u85zE2LnTy{wOA_(ob<}uQW8Fxk^cA)Lmk@c9C6Fs)v@3zU`100$Y754>K3Eeq~1)qx@QGN29=;pzP2+px9 z?lN!&uwkf~M&AOY;U^TIqPxV&InxS~Ng9rZ)ydZ^6;_!mKJ3LO%}S*5!h!3(c!Ttg zX5o}IvV5yo{`H7P{dAHiHPs)JDu)We?!UTJwD^^m5}vq|k~E47mgN}*i%akPmR!f# zI?JYN6~CSVb6!i_p>`csutUA2iqiNJn~h(A9!YJ!DjS%qF(ie8nA$N?bzNw{8j2yQ zo!&t~k2ace#*tK{LN4z-BsLZS`%=@ueL9B=V(bYo8`quaoPDwv2R`9BMh3?XNcPAZ;Sp^4Tiy~vAU=8wD6;GO1%7*_%s}1 zyVqzmm_2ZWhodCCl`~NTS!FrAF4lxEniB{H1PAwW|^sN~Ct^Kn)YXdb8qMy5#S8kU<4{YK= zA$1m)A4P!@D{6)c!SQ;$Q<5YReLAw=9adPiCU*vn(4kSx-bi*yP5~MCK=ZTaNG7$^ z-gkq8+&g_|oV4bME4t_bmdH_zHZ7z8scq;a;MI?EOa4C38}HM;E~^14lSq#F zrO8Kz)8bzRUP=pqf~rr-aUWAWawJ@nZCT~gfgQ~SR%u9NOI}e1QL{$K*sWGXrlWy{ z%k`+aPGx-R527W4cnt(?A$Os&g~|BB=w=bpmRf|Aq`}x~YAXA9X=!BG?rV0u9) zpWLk-Dq`;&cH@vE<96>G8=xVMXn}U=<#!rn^3)_eQWsfVzRFEBfE}KrRpVi2(8)g# zE-+d4B&szWY1f{sG0_1%$4`E%@IA%@3f?%(G2K}hzS7Fhh&9JAeiM6(Y%KHi649$d zRj#PSUDVrgW28MIF{)Ge19qm3-Xf!OK2xHOob!S2p$AyBkGodF65Gfj?)hE)}kLpqkbEaSAi_#|VgBP0Kg1;m+|y!)%zQUi?f!c|1x(&fdA-f7GmmQ*apO+P1S*H<+!ofMHi~ zuS8pKNeI5+zCH3THh*fIVs9j(Oc&ang8G~XFfGqQJNVoCF+6tpbCCyax96xLWiHqO z4!aPR#LSV(oGn(}li}1nb-rQTfO)ad?3KKbINKWPG_E0MW-6D}r2&OtC|!Jt+Y*JC zJ2Km3*Mr-#*h2RuW)@M1Ak%^*nxQ_B7(7uC~<-aax2(d{xHVba&c5&qx(6PWN*ys~_O@!lg@2 z9PXLmC(<9~if#(L73-LmOL9C9d76Lzq)uVOI6*8T`4#R#5;NIgL}4vV zfYq;Kg#$~%X&a3;P1SpcA&Zg`_iDRqmk&9toQQTOZg8{9mxzjp@LzYeSp@2 zRv<#RIp>8EvD#EElxEb<+_`XM?pbco5XYq$Yy2&EgoxbLBZsMPl@6WRAm;SxN605u z4OF9&F*iabO73z-oj$7rU?c5?QIm9a<}ps-fm2e`sM1;mjIlV{{cbZ#8CQ>ONMKS| z9~~hUTxBziAi%J1nn~G~1ZQ45Z-NE3mGPV^!Wc{1X*#YmL37iBb9>cqz`G>6%-3PqMsk&1hQhYwpYxmu<*DnKw!&B@tcw$*A#=i`0BK8;BO~g~x2Aoq)M4Do}+aBKcSwbxmgK0<4C2sg#!-NN6p;#5@DPAarJ1tt#gbtqc@Fg2uIhZA|hLGVhKf-nmJEx6J1Q$N^p zAqd-(HM6(fG}7x;>=$?;hJ*a0bb~^*wP%~^^E745 zwFT@<4$|k~wnad%1KU={4FcqFs zBFa;NC;|DSRTsR2GfSKgRcJ7!iD&P_m&Q^TqguR0-_TGsV&KWJ+_3g&mS#g}Hmi() zEcAAQ>ZjBBjBB=A%>;9~jygkk1+ft0A*+=|mhk-aVjHXtC>Hx%=GI#D25B)d&>)}x zqPCgO_W{56j=KHLC&YRfXt5Qm%fJ;CZc-i5bo#Sl|36EgZvR>OWbt20pZ=jO(_#G< zFgGP9(pHn@$vY?`{V6>@h@JTV5!W^@wc(r;>>7SUX2JJ|#S+`TijjP9JlOs5i3a|_ z70l1~QT^}}DJfPcIe!XGd(trYP)Z{Em3bfFKPbhddZ>tPL;fkjOZ?2ib9|4Shyt`c z#l-X@8h;9=W7LN*G#S8roEVJ1%Qrw2hkPRwF{1e)@GnIm$@qppJ493xt)Bmn!%&1) zd{@8#*bcdp$RB`>8c>f;FjkLx`&bWwB^0pqnIIEH!K9F2c0EQ#H`qVR7$;vV>m?=A z`;#G1oy({L7=jcTExgQPa%R<~$LQ<*UNLBQrXn=}A$aH*1R2K#mP8_Jm2mdQ@;Y?LcUZ402hj?S;$1VI8-$xS9X_Az%+HUKBq35BG76 z(j!i?-`c&NZd+W;3V2;k38(!+-?R}ow9dMFs~_1_!tgbUiM8QW!0-*;CUcA@3(O$4 zRlEVi4j$L-OuJMXT-ErYhgfSeolr6zDSIiKuI1q7iTvPBB)kctT>= zb<^9*7}_z#&I{6ATDKgUll&JvEUI^wbolCVy8AxaD>XFGbZ)t83K>mn3Q=?tE;{ zGObQlq#e2DlfS|;ys!lC?tINQq-$|)@Lm5hpDuV^TY7)h`Kf2s=RW({=8#9gbKl$3 zV*=li)ADRdUX+FkTmIw&6D}sG~YpDF;-YXixsd%hHeahKstTu@@c&%L(}o9)1+A|2VQ2q*A@30H?N0ltl+4_FUL+-E2}x@+DFL>_5pIgwG( z`0M3pfX8r-JB^u#XH@{+6b-`eWDLmBJB+sSs(GS_I?iA zH7bEKJ9dJmcAT)YmcTrnc$xO>>n+{~98DyZfrGw4`hID;y7!s|s+``!#_wU3rZw(( zWA7EEm{{3FY5>lIj#_QWu;$t;m`Aj3_fT}n)8ghY2!DyB^ywW5=|n8VH0MBt=fgq* z^a$@)!KCT~X;RON?fYcl6CrrgpE6N4_th1R5<|;&m-U7p=N%EUVj2yR;p>5xxlx_5nN?VTwujk%0c(&r;M0~)Ez_}P+ z;-x#~2Tsodcw6zyF43UhMA@ysO;+ex&mCxvrgCCqr_ysI;4N9nAVb@wGN}(^CUnR8 zUtR?Rb_7?%+tNnE^Kvxhug+-gL!~ymOz3R=F8vYvFSpo9doDQ6?JrIv8jN?t;OEv7 zClq%|sNJ0~?$L`r-|g&(%BdVWbDvvpfx>(jfD>rZ$=xNfTxIwoDvV2qac$rq2MrotJV;!(CCFb|tQ|sn8sgJMUt@*$Q z8p0>cD4kU9UdPuR2cheFZey<&)fndeOcaEfTQgDb^M=Lgcw&9-?p*1PR6rHHHv;^O a%U3=792J+oqe3v?>*EJGu?i7=|NjMj Note: If you are already managing Azure Policies through Infrastructure as Code (IaC), you may not want to be updating your Azure Policies outside of your pipeline. This article assumes a manual approach to updating Azure landing zone (ALZ) policies. + +> Important: To carry out the instructions below, the operator will require Resource Policy Contributor permissions at the root of the ALZ management group hierarchy. + +## Detect updates to policy + +1. To determine if there has been updates to ALZ your first reference should be [What's New](https://github.com/Azure/Enterprise-Scale/wiki/Whats-new). Any updates to policies or other ALZ related artifacts will be reflected here upon release. An example of what that will look like can be seen [here](https://github.com/Azure/Enterprise-Scale/wiki/Whats-new#policy). + +2. Alternatively, [Azure Governance Visualizer](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting) can be run in your environment and reveal information about the current state of policies and policy assignments. Part of the output of Azure Governance Visualizer is Azure Landing Zones (ALZ) Policy Version Checker which will allows you to see all **outDated** ALZ policies in your environment (see figure 1). +![AzGovViz-ALZ-Policy-Checker](media/AzGovViz-ALZ-Policy-outDated.png) +*Figure 1: Azure Governance Visualizer filtering on outDated ALZ policies* + +> Note that Azure Governance Visualizer requires permissions in your tenant as described [here](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting#permissions-overview) + +## Updating scenarios + +These are the following scenarios for ALZ custom policies being updated to latest versions of the custom ALZ policies, listed in increasing order of complexity: + +1. One or more ALZ custom policies, whether assigned or not at one or more scopes in your Azure estate, is superseded by a newer version of that same ALZ custom policy. The process for managing this is described in [Updating one or more ALZ custom policy to newer ALZ custom policies](#updating-one-or-more-alz-custom-policies-to-newer-alz-custom-policy). + +2. One or more ALZ custom policies, assigned at one or more scopes in your Azure estate, is superseded by a newer version of the same ALZ custom policy with **updated parameters**. The process for managing this is described in [Updating one or more ALZ custom policies to a newer ALZ custom policy with updated parameters](#updating-one-or-more-alz-custom-policies-to-newer-alz-custom-policy-with-updated-parameters) + +3. One or more ALZ custom policies, assigned via ALZ custom policy initiative, are superseded by a newer version of the same ALZ custom policy(s) with **updated parameters**. The process for managing this is described in [Updating ALZ custom policies in ALZ custom policy initiative to newer ALZ custom policies](#updating-alz-custom-policies-in-alz-custom-policy-initiative-to-newer-alz-custom-policies) + +### Updating one or more ALZ custom policies to newer ALZ custom policy + +For this scenario we will use the ALZ custom policy *Deploy Diagnostic Settings for WVD Host Pools to Log Analytics workspace*. + +Considering no parameters have changed, this is a simple exercise that consists of replacing the policy definition content with the latest policy definition. While it is possible to update the policy definition via the portal GUI, there are some properties than can't be updated, like version. To minimize errors and include all updated policy definition properties, we will be updating this policy via a PowerShell script. + +Before we begin, we need to identify the policy definition name and location to be used in our PowerShell script below. + +- Go to [Azure Portal](https://portal.azure.com) +- Open Policy +- Go to Definitions and in Search, find the ALZ custom policy. + + ![alz-custom-policy-def-search](media/1.1.update-alz-custom-policy-def-search.png) + +- Click on the hyperlink for the policy definition +- Capture the policy definition name and scope from `Definition ID` and `Definition location`. In this example, the `Definition ID` is `/providers/Microsoft.Management/managementGroups/MTB/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools` with a policy definition name of **Deploy-Diagnostics-WVDHostPools** and a scope of **MTB**. The policy definition name is the set of characters following the last `/`. Both the policy definition name and scope will be used in the PowerShell script below. + + ![alz-custom-policy-def-name](media/1.2.update-alz-custom-policy-def-name.png) + +- To update to the latest version of the definition, we will use the policy definition templates available in https://github.com/Azure/Enterprise-Scale/tree/main/src/resources/Microsoft.Authorization/policyDefinitions as described in the following. + +- Go to https://portal.azure.com +- Start an Azure Cloud Shell with PowerShell engine +- Execute the following PowerShell script ([disclaimer](https://github.com/Azure/Enterprise-Scale/blob/main/SUPPORT.md)) for each ALZ custom policy definition: + - Before executing the following PowerShell script, update the first two variables: + - `$policyDefinitionName` + - `$policyDefinitionLocation` + + ```posh + $policyDefinitionName = "Deploy-Diagnostics-WVDHostPools" # <-- Replace with policy definition name found earlier + $policyDefinitionLocation = "MTB" # <-- Replace with Definition location found earlier + $policyDefinitionPath = "./$($policyDefinitionName).json" + Invoke-WebRequest -Uri "https://raw.githubusercontent.com/Azure/Enterprise-Scale/main/src/resources/Microsoft.Authorization/policyDefinitions/$($policyDefinitionName).json" -OutFile $policyDefinitionPath + $policyDef = Get-Content $policyDefinitionPath | ConvertFrom-Json -Depth 100 + $policyName = $policyDef.name + $displayName = $policyDef.properties.displayName + $description = $policyDef.properties.description + $mode = $policyDef.properties.mode + $metadata = $policyDef.properties.metadata | ConvertTo-Json -Depth 100 + $parameters = $policyDef.properties.parameters | ConvertTo-Json -Depth 100 + $policyRule = $policyDef.properties.policyRule | ConvertTo-Json -Depth 100 + $policyRule = $policyRule.Replace('[[', '[') + Set-AzPolicyDefinition -Name $policyName -DisplayName $displayname -Description $description -Policy $policyRule -Mode $mode -Metadata $metadata -Parameter $parameters -ManagementGroupName $policyDefinitionLocation + ``` + +> Note that if you decide on another approach from the script above, there are a number of double brackets ('[[') in the file. These need to be replaced with single brackets before the policy set definition is valid syntax. + +### Updating one or more ALZ custom policies to newer ALZ custom policy with updated parameters + +For this scenario, we will use the ALZ custom policy *Deploy Diagnostic Settings for WVD Host Pools to Log Analytics workspace*. Even though this policy doesn't have any updated parameters, we will walk through the steps as though it does. + +- Go to [Azure Portal](https://portal.azure.com) +- Open Policy +- Go to Definitions and in Search, find the ALZ custom policy. + + ![alz-custom-policy-def-search](media/1.1.update-alz-custom-policy-def-search.png) + +- Click on the hyperlink for the policy definition + +- To determine if the policy is assigned at any scope in the ALZ management group structure start by getting the policy definition ID + - Capture the policy definition name and scope from `Definition ID` and `Definition location`. In this example, the `Definition ID` is `/providers/Microsoft.Management/managementGroups/MTB/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools` with a policy definition name of **Deploy-Diagnostics-WVDHostPools** and a scope of **MTB**. The policy definition name is the set of characters following the last `/`. Both the policy definition name and scope will be used in the PowerShell script below. + + ![alz-custom-policy-def-name](media/1.2.update-alz-custom-policy-def-name.png) + +- Since there is no easy way to get the various scopes a policy is assigned to, go to Azure Resource Graph Explorer +- Ensure that scope for the query is Directory and then execute the following kusto query: + + ```kusto + PolicyResources | + where kind =~ 'policyassignments' and tostring(properties.policyDefinitionId) =~ '/providers/Microsoft.Management/managementGroups/MTB/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools' + | extend + assignmentScope = tostring(properties.scope), + assignmmentNotScopes = tostring(properties.notScopes), + assignmmentParameters = tostring(properties.parameters) + | project assignmentScope, + assignmmentNotScopes, + assignmmentParameters + ``` + +- The above command will give a result similar to what is shown below + + ![alz-custom-policy-assignments](media/2.1.update-alz-custom-policy-assignments.png) + +- Record the assignment scopes so you can recreate the assignments later +- As can be seen this particular policy is assigned with only a single DINE effect parameter at the following levels in the management group structure: + - MTB/MTB-landingzones + - MTB/MTB-sandboxes + +> Note that if more complex parameters are assigned to a policy which is to be updated, those should be noted down. In that respect the possibility to download the query results as CSV could be leveraged. + +- Switch from Azure Resource Graph Explorer back to the Policy Assignments view +- Change the scope to include the scopes determined in the previous step and search for the relevant policy + + ![alz-delete-policy-assignments](media/2.2.update-alz-custom-policy-delete-assignments.png) + +- For each assignment, click the ellipsis and select Delete Assignment. +- Once all policy assignments are deleted, go to the Definitions pane, search for the definition. Once found click the ellipsis and choose Delete Policy Definition + + ![alz-custom-policy-def-search](media/2.3.update-alz-custom-policy-search.png) + +> Important: Record the **Definition location** of the Policy Definition as it will be used in (`$policyDefinitionLocation`) the script below. + +- To update to the latest version of the definition, we will use the policy definition templates available in https://github.com/Azure/Enterprise-Scale/tree/main/src/resources/Microsoft.Authorization/policyDefinitions as described in the following. + +- Go to https://portal.azure.com +- Start an Azure Cloud Shell with PowerShell engine +- Execute the following PowerShell script ([disclaimer](https://github.com/Azure/Enterprise-Scale/blob/main/SUPPORT.md)) for each ALZ custom policy definition: + - Before executing the following PowerShell script, update the first two variables: + - `$policyDefinitionName` + - `$policyDefinitionLocation` + + ```posh + $policyDefinitionName = "Deploy-Diagnostics-WVDHostPools" # <-- Replace with policy definition name found earlier + $policyDefinitionLocation = "MTB" # <-- Replace with Definition location found earlier + $policyDefinitionPath = "./$($policyDefinitionName).json" + Invoke-WebRequest -Uri "https://raw.githubusercontent.com/Azure/Enterprise-Scale/main/src/resources/Microsoft.Authorization/policyDefinitions/$($policyDefinitionName).json" -OutFile $policyDefinitionPath + $policyDef = Get-Content $policyDefinitionPath | ConvertFrom-Json -Depth 100 + $policyName = $policyDef.name + $displayName = $policyDef.properties.displayName + $description = $policyDef.properties.description + $mode = $policyDef.properties.mode + $metadata = $policyDef.properties.metadata | ConvertTo-Json -Depth 100 + $parameters = $policyDef.properties.parameters | ConvertTo-Json -Depth 100 + $policyRule = $policyDef.properties.policyRule | ConvertTo-Json -Depth 100 + $policyRule = $policyRule.Replace('[[', '[') + New-AzPolicyDefinition -Name $policyName -DisplayName $displayname -Description $description -Policy $policyRule -Mode $mode -Metadata $metadata -Parameter $parameters -ManagementGroupName $policyDefinitionLocation + ``` + +> Note that if you decide on another approach from the script above, there are a number of double brackets ('[[') in the file. These need to be replaced with single brackets before the policy set definition is valid syntax. + +- To assign *Deploy Diagnostic Settings for AVD Host Pools to Log Analytics workspace* policy, search for that policy definition. Once found click the ellipsis and choose Assign + + ![alz-custom-policy-def-search](media/2.4.update-alz-custom-policy-search.png) + +> Note how the display name changed from WVD to AVD. + +- Set relevant parameters which were captured earlier. + +### Updating ALZ custom policies in ALZ custom policy initiative to newer ALZ custom policies + +For this scenario we will use the ALZ custom initiative _Deploy Diagnostic Settings to Azure Services_ which is leveraging quite a large number of ALZ custom policies to apply diagnostics settings for various resources. As the initiative is updated at [source](https://github.com/Azure/Enterprise-Scale/tree/main/src/resources/Microsoft.Authorization/policySetDefinitions), the easiest way to achieve the migration in a manual way is to pull the newest version of the initiative from there. + +- Go to https://portal.azure.com +- Open Policy +- Go to Definitions and in Search find the ALZ custom policy initiative. + + ![alz-custom-initiative-def-search](media/alz-update-initiative-with-builtin-01.png) + +- Click on the hyperlink for the initiative definition +- To determine where the initiative is assigned at any scope in the ALZ management group structure start by getting the initiative **Definition ID**. Record the initiative name (/providers/Microsoft.Management/managementGroups/**Contoso**/providers/Microsoft.Authorization/policySetDefinitions/***Deploy-Diagnostics-LogAnalytics***) and location as it will be used in the PowerShell script below. + + ![alz-custom-initiative-def-name](media/alz-update-initiative-with-builtin-02.png) + +- Since there is no easy way to get the various scopes an initiative is assigned to, go to Azure Resource Graph Explorer +- Ensure that scope for the query is Directory and then execute the following kusto query: + + ```kusto + PolicyResources | + where kind =~ 'policyassignments' and tostring(properties.policyDefinitionId) =~ '/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics' + | extend + assignmentScope = tostring(properties.scope), + assignmmentNotScopes = tostring(properties.notScopes), + assignmmentParameters = tostring(properties.parameters) + | project assignmentScope, + assignmmentNotScopes, + assignmmentParameters + ``` + +- The above command will give a result similar to what is shown below + + ![alz-custom-initiative-assignments](media/alz-update-initiative-with-builtin-03.png) + +- Record the assignment scopes so you can recreate the assignments later +- As can be seen this particular initiative is assigned with only a single parameter at the following levels in the management group structure + - Contoso/ + +> Note that the provided example has a simple parameter set. Even though this initiative has over 60 parameters, the other parameters are utilizing the **Default value**. If more complex parameters are assigned to a policy which is to be migrated those should be noted down. In that respect the possibility to download the query results as CSV could be leveraged. + +- Switch from Azure Resource Graph Explorer back to the Policy view +- Change the scope to include the scope described above, and search for the relevant initiative + + ![alz-delete-initiative-assignments](media/alz-update-initiative-with-builtin-04.png) + +- For each assignment, click the ellipsis and select Delete Assignment +- Once all initiative assignments are deleted, go to the Definitions pane, search for the initiative definition + +> Note: It is highly recommended you update all the ALZ custom policies to the latest version before continuing. The script below has a variable, `$updateCustomALZPolicies`, to update all of the ALZ custom policy definitions if set to `$true`. + +- Once found click the ellipsis and choose Delete Policy Initiative Definition + + ![alz-custom-initiative-def-search](media/alz-update-initiative-with-builtin-01.png) + +> Important: Record the **Definition location** of the Policy Initiative Definition as it will be used in (`$policySetDefinitionLocation`) the script below. + +- To create the new version of the initiative, while this is possible to do in the portal through the portal GUI, with the number of policies to be included it would be a huge task. Instead, we suggest the use of the templates available in https://github.com/Azure/Enterprise-Scale/tree/main/src/resources/Microsoft.Authorization/policySetDefinitions to create the new policy initiative definition and update the custom ALZ policy definitions as described in the following. + +- Go to https://portal.azure.com +- Start an Azure Cloud Shell with PowerShell engine +- Before executing the following PowerShell script ([disclaimer](https://github.com/Azure/Enterprise-Scale/blob/main/SUPPORT.md)), update the first three variables: + - `$updateCustomALZPolicies` + - `$policySetDefinitionName` + - `$policySetDefinitionLocation` + + ```posh + $updateCustomALZPolicies = $true # <-- $false = don't update the policy definitions + $policySetDefinitionName = "Deploy-Diagnostics-LogAnalytics" # <-- Replace with policy definition name found earlier + $policySetDefinitionLocation = "Contoso" # <-- Replace with Definition location found earlier + $policySetDefinitionPath = "./$($policySetDefinitionName).json" + Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/Enterprise-Scale/main/src/resources/Microsoft.Authorization/policySetDefinitions/$($policySetDefinitionName).json -OutFile $policySetDefinitionPath + $policySetDef = Get-Content $policySetDefinitionPath | ConvertFrom-Json -Depth 100 + + # Update all ALZ custom policy definitions first + if ($updateCustomALZPolicies) { + foreach ($policyDefId in $policySetDef.properties.policyDefinitions.policyDefinitionId) { + if ($policyDefId -match '(\/\w+\/\w+\.\w+\/\w+\/)(\w+)(\/.+)') { + $policyDefinitionName = $policyDefId.substring($policyDefId.lastindexof('/') + 1) + $policyDefinitionPath = "./$($policyDefinitionName).json" + Invoke-WebRequest -Uri "https://raw.githubusercontent.com/Azure/Enterprise-Scale/main/src/resources/Microsoft.Authorization/policyDefinitions/$($policyDefinitionName).json" -OutFile $policyDefinitionPath + $policyDef = Get-Content $policyDefinitionPath | ConvertFrom-Json -Depth 100 + $policyName = $policyDef.name + $displayName = $policyDef.properties.displayName + $description = $policyDef.properties.description + $mode = $policyDef.properties.mode + $metadata = $policyDef.properties.metadata | ConvertTo-Json -Depth 100 + $parameters = $policyDef.properties.parameters | ConvertTo-Json -Depth 100 + $policyRule = $policyDef.properties.policyRule | ConvertTo-Json -Depth 100 + $policyRule = $policyRule.Replace('[[', '[') + New-AzPolicyDefinition -Name $policyName -DisplayName $displayname -Description $description -Policy $policyRule -Mode $mode -Metadata $metadata -Parameter $parameters -ManagementGroupName $policyDefinitionLocation + } + } + } + # End of updating all ALZ custom policy definitions + + $policyName = $policySetDef.name + $displayName = $policySetDef.properties.displayName + $description = $policySetDef.properties.description + $metadata = $policySetDef.properties.metadata | ConvertTo-Json -Depth 100 + $parameters = $policySetDef.properties.parameters | ConvertTo-Json -Depth 100 + $policyDefinitions = ConvertTo-Json -InputObject @($policySetDef.properties.policyDefinitions) -Depth 100 + $policyDefinitions = $policyDefinitions.Replace('[[', '[') + $policyDefinitions = $policyDefinitions -replace '(\/\w+\/\w+\.\w+\/\w+\/)(\w+)(\/.+)', "`${1}$policyDefinitionLocation`${3}" + New-AzPolicySetDefinition -Name $policyName -DisplayName $displayname -Description $description -PolicyDefinition $policyDefinitions -Metadata $metadata -Parameter $parameters -ManagementGroupName $policyDefinitionLocation + ``` + +> Note that if you decide on another approach from the script above, there are a number of double square brackets ('[[') in the file. These need to be replaced with single square brackets before the policy set definition is valid syntax. + +- After running the above script go to the Definitions pane, and search for the initiative definition. Note that the initiative may take a while to show in the portal + + ![alz-custom-initiative-def-search](media/alz-update-initiative-with-builtin-01.png) + +- When the initiative materializes, click the ellipsis and choose Assign +- Set relevant parameters for the initiative, then assign the policy to the scopes previously determined From 2ee2aca6823b259bd424c8ee9a2ea3d1e3312a54 Mon Sep 17 00:00:00 2001 From: JamJarchitect <53943045+JamJarchitect@users.noreply.github.com> Date: Thu, 19 Jan 2023 17:12:53 +0000 Subject: [PATCH 09/12] ALZ Contribution Guide - Policy Naming Convention (#1176) * policy naming convention * added note * More comments --- docs/wiki/ALZ-Contribution-Guide.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/wiki/ALZ-Contribution-Guide.md b/docs/wiki/ALZ-Contribution-Guide.md index 7021e5795f..b0069d5a9d 100644 --- a/docs/wiki/ALZ-Contribution-Guide.md +++ b/docs/wiki/ALZ-Contribution-Guide.md @@ -93,6 +93,30 @@ To work with policies, they are location in [src/resources/Microsoft.Authorizati To create a new policy, it is worth taking the framework from an already existing policy. +In ALZ Custom there is a way to name the custom policies that are used. They are prefixed with one of the following: `Append`, `Audit`, `Deny` or `Deploy` + +#### **Append** + +When contributing a custom policy based on appending resources at scale, the correct prefix would be `Append` - such as `Append-AppService-httpsonly.json`. + +#### **Audit** + +Auditing resources at scale via policy is achievable using the correct effect inside the definition. This policy contribution should be prefixed with `Audit` - in example, `Audit-MachineLearning-PrivateEndpointId.json`. + +#### **Deny** + +Deny policies are used to prevent the creation/action of and on Azure resources. Policies being created and contributed should be prefixed with 'Deny' - in example `Deny-Databricks-Sku.json`. + +#### **Deploy** + +Deploy follows the DeployIfNotExists (DINE) methodology. Policy contribution should be named prefixed with `Deploy` - in example `Deploy-Custom-Route-Table.json`. + +The naming convetion should be formatted in the following manner: `{prefix}-{resourceType}-{targetSetting}.json`. In an example: `Deny-SqlMi-minTLS.json`. + +When creating the naming convention for the definition, it must company with the [Naming rule and restrictions for Azure resources | Microsoft Authorization](https://learn.microsoft.com/azure/azure-resource-manager/management/resource-name-rules#microsoftauthorization) standard. + +Once the `Name` in the file name and `Name` in the policy definition have been set, it is worth noting that they should not be changed as it can impact initiatives and assignments. + Inside of the JSON is a `metadata` section which is required for policy creation. ![Policy Metadata](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/media/policy-metadata-example.png) From 4276fc853c7de82088f2a24c27ed81f318b4674c Mon Sep 17 00:00:00 2001 From: Robert Lightner <49571483+DaFitRobsta@users.noreply.github.com> Date: Thu, 19 Jan 2023 23:45:43 -0700 Subject: [PATCH 10/12] fix: Wiki Az Policy Titles (#1177) --- .../wiki/Migrate-ALZ-Policies-to-Built\342\200\220in.md" | 0 ...s-to-latest.md => Update-ALZ-Custom-Policies-to-Latest.md} | 0 docs/wiki/_Sidebar.md | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename docs/wiki/migrate-alz-policies-to-builtin.md => "docs/wiki/Migrate-ALZ-Policies-to-Built\342\200\220in.md" (100%) rename docs/wiki/{update-alz-custom-policies-to-latest.md => Update-ALZ-Custom-Policies-to-Latest.md} (100%) diff --git a/docs/wiki/migrate-alz-policies-to-builtin.md "b/docs/wiki/Migrate-ALZ-Policies-to-Built\342\200\220in.md" similarity index 100% rename from docs/wiki/migrate-alz-policies-to-builtin.md rename to "docs/wiki/Migrate-ALZ-Policies-to-Built\342\200\220in.md" diff --git a/docs/wiki/update-alz-custom-policies-to-latest.md b/docs/wiki/Update-ALZ-Custom-Policies-to-Latest.md similarity index 100% rename from docs/wiki/update-alz-custom-policies-to-latest.md rename to docs/wiki/Update-ALZ-Custom-Policies-to-Latest.md diff --git a/docs/wiki/_Sidebar.md b/docs/wiki/_Sidebar.md index 7ba347e5d4..bf5517dc68 100644 --- a/docs/wiki/_Sidebar.md +++ b/docs/wiki/_Sidebar.md @@ -37,8 +37,8 @@ * [Azure Landing Zones Deprecated Services](./ALZ-Deprecated-Services) * Azure Landing Zone (ALZ) Policies * [Policies included in Azure landing zones reference implementations](./ALZ-Policies) - * [Migrate Azure landing zones custom policies to Azure built-in policies](./migrate-alz-policies-to-builtin) - * [Updating Azure landing zones custom policies to latest](./update-alz-custom-policies-to-latest) + * [Migrate Azure landing zones custom policies to Azure built-in policies](./Migrate-ALZ-Policies-to-Built%E2%80%90in) + * [Updating Azure landing zones custom policies to latest](./Update-ALZ-Custom-Policies-to-Latest) * [Contributing](./ALZ-Contribution-Guide) * [Reporting Bugs](./ALZ-Contribution-Guide.md#reporting-bugs) * [Feature Requests](./ALZ-Contribution-Guide.md#feature-requests) From cc34a01382daf2c06f866dfc9258850881f07737 Mon Sep 17 00:00:00 2001 From: JamJarchitect <53943045+JamJarchitect@users.noreply.github.com> Date: Fri, 20 Jan 2023 15:05:27 +0000 Subject: [PATCH 11/12] removed md extensions (#1180) --- docs/wiki/_Sidebar.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/wiki/_Sidebar.md b/docs/wiki/_Sidebar.md index bf5517dc68..55683ad6ea 100644 --- a/docs/wiki/_Sidebar.md +++ b/docs/wiki/_Sidebar.md @@ -40,8 +40,8 @@ * [Migrate Azure landing zones custom policies to Azure built-in policies](./Migrate-ALZ-Policies-to-Built%E2%80%90in) * [Updating Azure landing zones custom policies to latest](./Update-ALZ-Custom-Policies-to-Latest) * [Contributing](./ALZ-Contribution-Guide) - * [Reporting Bugs](./ALZ-Contribution-Guide.md#reporting-bugs) - * [Feature Requests](./ALZ-Contribution-Guide.md#feature-requests) - * [Report a security vulnerability](./ALZ-Contribution-Guide.md#report-a-security-vulnerability) - * [How to submit a pull request to upstream repo](./ALZ-Contribution-Guide.md#how-to-submit-pull-request-to-upstream-repo) - * [ALZ Custom Policies](./ALZ-Contribution-Guide.md#working-with-alz-custom-policies) + * [Reporting Bugs](./ALZ-Contribution-Guide#reporting-bugs) + * [Feature Requests](./ALZ-Contribution-Guide#feature-requests) + * [Report a security vulnerability](./ALZ-Contribution-Guide#report-a-security-vulnerability) + * [How to submit a pull request to upstream repo](./ALZ-Contribution-Guide#how-to-submit-pull-request-to-upstream-repo) + * [ALZ Custom Policies](./ALZ-Contribution-Guide#working-with-alz-custom-policies) From 02f03db3ac5fa8e8865f93eaf911cbe4be917440 Mon Sep 17 00:00:00 2001 From: Anthony Watherston Date: Tue, 24 Jan 2023 21:25:25 +1100 Subject: [PATCH 12/12] Update Deny-MachineLearning-PublicAccessWhenBehindVnet.json (#1183) * Update Deny-MachineLearning-PublicAccessWhenBehindVnet.json Fix very small type * Auto-update Portal experience [anwather/cc34a013] * Update Whats-new.md * Update Deny-MachineLearning-PublicAccessWhenBehindVnet.json * Auto-update Portal experience [anwather/cc34a013] Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> --- docs/wiki/Whats-new.md | 1 + .../managementGroupTemplates/policyDefinitions/policies.json | 4 ++-- .../Deny-MachineLearning-PublicAccessWhenBehindVnet.json | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 6250537c05..b9bc07d62d 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -55,6 +55,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Updated `Deploy-SQLVulnerabilityAssessments.json` policy to use Storage Account Contributor for storing the logs. - Updated the same policy parameter description for email recipients explaining string type and how to format input. +- Fix typo in Deny-MachineLearning-PublicAccessWhenBehindVnet.json. ### December 2022 diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json index 9a4d7a0a54..dcc5802efb 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "17200151245285049244" + "templateHash": "2880619846496960745" } }, "parameters": { @@ -40,7 +40,7 @@ "$fxv#100": "{\n \"name\": \"Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deny public access of Azure Machine Learning clusters via SSH\",\n \"description\": \"Deny public access of Azure Machine Learning clusters via SSH.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Machine Learning\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"defaultValue\": \"Deny\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n },\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n \"equals\": \"AmlCompute\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n \"exists\": false\n },\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n \"notEquals\": \"Disabled\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#101": "{\n \"name\": \"Deny-MachineLearning-ComputeCluster-Scale\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Enforce scale settings for Azure Machine Learning compute clusters\",\n \"description\": \"Enforce scale settings for Azure Machine Learning compute clusters.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Budget\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"defaultValue\": \"Deny\"\n },\n \"maxNodeCount\": {\n \"type\": \"Integer\",\n \"metadata\": {\n \"displayName\": \"Maximum Node Count\",\n \"description\": \"Specifies the maximum node count of AML Clusters\"\n },\n \"defaultValue\": 10\n },\n \"minNodeCount\": {\n \"type\": \"Integer\",\n \"metadata\": {\n \"displayName\": \"Minimum Node Count\",\n \"description\": \"Specifies the minimum node count of AML Clusters\"\n },\n \"defaultValue\": 0\n },\n \"maxNodeIdleTimeInSecondsBeforeScaleDown\": {\n \"type\": \"Integer\",\n \"metadata\": {\n \"displayName\": \"Maximum Node Idle Time in Seconds Before Scaledown\",\n \"description\": \"Specifies the maximum node idle time in seconds before scaledown\"\n },\n \"defaultValue\": 900\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n },\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n \"equals\": \"AmlCompute\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\n \"greater\": \"[[parameters('maxNodeCount')]\"\n },\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\n \"greater\": \"[[parameters('minNodeCount')]\"\n },\n {\n \"value\": \"[[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\",\n \"greater\": \"[[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#102": "{\n \"name\": \"Deny-MachineLearning-HbiWorkspace\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Enforces high business impact Azure Machine Learning Workspaces\",\n \"description\": \"Enforces high business impact Azure Machine Learning workspaces.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Machine Learning\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"defaultValue\": \"Deny\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n \"exists\": false\n },\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n \"notEquals\": true\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", - "$fxv#103": "{\n \"name\": \"Deny-MachineLearning-PublicAccessWhenBehindVnet\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deny public acces behind vnet to Azure Machine Learning workspace\",\n \"description\": \"Deny public access behind vnet to Azure Machine Learning workspaces.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Machine Learning\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"defaultValue\": \"Deny\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n \"exists\": false\n },\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n \"notEquals\": false\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", + "$fxv#103": "{\n \"name\": \"Deny-MachineLearning-PublicAccessWhenBehindVnet\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deny public access behind vnet to Azure Machine Learning workspace\",\n \"description\": \"Deny public access behind vnet to Azure Machine Learning workspaces.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Machine Learning\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"defaultValue\": \"Deny\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n \"exists\": false\n },\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n \"notEquals\": false\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#104": "{\n \"name\": \"Deny-MachineLearning-PublicNetworkAccess\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Azure Machine Learning should have disabled public network access\",\n \"description\": \"Denies public network access for Azure Machine Learning workspaces.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Machine Learning\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Disabled\",\n \"Deny\"\n ],\n \"defaultValue\": \"Deny\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n },\n {\n \"field\": \"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\n \"notEquals\": \"Disabled\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\"\n }\n }\n }\n}\n", "$fxv#105": "{\n \"name\": \"Deploy-Budget\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n \"description\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Budget\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\",\n \"AzureUSGovernment\"\n ]\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"budgetName\": {\n \"type\": \"String\",\n \"defaultValue\": \"budget-set-by-policy\",\n \"metadata\": {\n \"description\": \"The name for the budget to be created\"\n }\n },\n \"amount\": {\n \"type\": \"String\",\n \"defaultValue\": \"1000\",\n \"metadata\": {\n \"description\": \"The total amount of cost or usage to track with the budget\"\n }\n },\n \"timeGrain\": {\n \"type\": \"String\",\n \"defaultValue\": \"Monthly\",\n \"allowedValues\": [\n \"Monthly\",\n \"Quarterly\",\n \"Annually\",\n \"BillingMonth\",\n \"BillingQuarter\",\n \"BillingAnnual\"\n ],\n \"metadata\": {\n \"description\": \"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"\n }\n },\n \"firstThreshold\": {\n \"type\": \"String\",\n \"defaultValue\": \"90\",\n \"metadata\": {\n \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n }\n },\n \"secondThreshold\": {\n \"type\": \"String\",\n \"defaultValue\": \"100\",\n \"metadata\": {\n \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n }\n },\n \"contactRoles\": {\n \"type\": \"Array\",\n \"defaultValue\": [\n \"Owner\",\n \"Contributor\"\n ],\n \"metadata\": {\n \"description\": \"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"\n }\n },\n \"contactEmails\": {\n \"type\": \"Array\",\n \"defaultValue\": [],\n \"metadata\": {\n \"description\": \"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"\n }\n },\n \"contactGroups\": {\n \"type\": \"Array\",\n \"defaultValue\": [],\n \"metadata\": {\n \"description\": \"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Consumption/budgets\",\n \"deploymentScope\": \"subscription\",\n \"existenceScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Consumption/budgets/amount\",\n \"equals\": \"[[parameters('amount')]\"\n },\n {\n \"field\": \"Microsoft.Consumption/budgets/timeGrain\",\n \"equals\": \"[[parameters('timeGrain')]\"\n },\n {\n \"field\": \"Microsoft.Consumption/budgets/category\",\n \"equals\": \"Cost\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"Incremental\",\n \"parameters\": {\n \"budgetName\": {\n \"value\": \"[[parameters('budgetName')]\"\n },\n \"amount\": {\n \"value\": \"[[parameters('amount')]\"\n },\n \"timeGrain\": {\n \"value\": \"[[parameters('timeGrain')]\"\n },\n \"firstThreshold\": {\n \"value\": \"[[parameters('firstThreshold')]\"\n },\n \"secondThreshold\": {\n \"value\": \"[[parameters('secondThreshold')]\"\n },\n \"contactEmails\": {\n \"value\": \"[[parameters('contactEmails')]\"\n },\n \"contactRoles\": {\n \"value\": \"[[parameters('contactRoles')]\"\n },\n \"contactGroups\": {\n \"value\": \"[[parameters('contactGroups')]\"\n }\n },\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"budgetName\": {\n \"type\": \"String\"\n },\n \"amount\": {\n \"type\": \"String\"\n },\n \"timeGrain\": {\n \"type\": \"String\"\n },\n \"firstThreshold\": {\n \"type\": \"String\"\n },\n \"secondThreshold\": {\n \"type\": \"String\"\n },\n \"contactEmails\": {\n \"type\": \"Array\"\n },\n \"contactRoles\": {\n \"type\": \"Array\"\n },\n \"contactGroups\": {\n \"type\": \"Array\"\n },\n \"startDate\": {\n \"type\": \"String\",\n \"defaultValue\": \"[[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\"\n }\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Consumption/budgets\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"[[parameters('budgetName')]\",\n \"properties\": {\n \"timePeriod\": {\n \"startDate\": \"[[parameters('startDate')]\"\n },\n \"timeGrain\": \"[[parameters('timeGrain')]\",\n \"amount\": \"[[parameters('amount')]\",\n \"category\": \"Cost\",\n \"notifications\": {\n \"NotificationForExceededBudget1\": {\n \"enabled\": true,\n \"operator\": \"GreaterThan\",\n \"threshold\": \"[[parameters('firstThreshold')]\",\n \"contactEmails\": \"[[parameters('contactEmails')]\",\n \"contactRoles\": \"[[parameters('contactRoles')]\",\n \"contactGroups\": \"[[parameters('contactGroups')]\"\n },\n \"NotificationForExceededBudget2\": {\n \"enabled\": true,\n \"operator\": \"GreaterThan\",\n \"threshold\": \"[[parameters('secondThreshold')]\",\n \"contactEmails\": \"[[parameters('contactEmails')]\",\n \"contactRoles\": \"[[parameters('contactRoles')]\",\n \"contactGroups\": \"[[parameters('contactGroups')]\"\n }\n }\n }\n }\n ]\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#106": "{\n \"name\": \"Deploy-Diagnostics-AVDScalingPlans\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ]\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"[[parameters('profileName')]\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Autoscale\",\n \"enabled\": \"[[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet.json index ca4b2bd07b..18d6428dc4 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet.json +++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet.json @@ -6,10 +6,10 @@ "properties": { "policyType": "Custom", "mode": "Indexed", - "displayName": "Deny public acces behind vnet to Azure Machine Learning workspace", + "displayName": "Deny public access behind vnet to Azure Machine Learning workspace", "description": "Deny public access behind vnet to Azure Machine Learning workspaces.", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "Machine Learning", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [