From 2bd433e1baf8ec8be74b6724677fac036117559b Mon Sep 17 00:00:00 2001 From: Patrick Kelley Date: Tue, 11 Apr 2017 01:53:49 +0000 Subject: [PATCH] Moving readme to markdown. various syntax fixes in docs --- README.md | 34 ++++++++++++++++++++++++ README.rst | 40 ----------------------------- docs/configuration.md | 23 ----------------- docs/contributing.md | 3 ++- docs/dev_setup_osx.md | 44 ++++++++++++++++++++++++-------- docs/dev_setup_ubuntu.md | 37 +++++++++++++++++++++------ docs/dev_setup_windows.md | 2 +- docs/images/Security_Monkey.png | Bin 0 -> 23862 bytes docs/misc.md | 18 ------------- 9 files changed, 100 insertions(+), 101 deletions(-) create mode 100644 README.md delete mode 100644 README.rst delete mode 100644 docs/configuration.md create mode 100644 docs/images/Security_Monkey.png diff --git a/README.md b/README.md new file mode 100644 index 000000000..99ce2c7d9 --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +![image](https://badge.waffle.io/Netflix/security_monkey.png?label=ready&title=Ready%20%0A%20:target:%20https://waffle.io/Netflix/security_monkey%0A%20:alt:%20'Stories%20in%20Ready') + +![image](https://badges.gitter.im/Join%20Chat.svg%0A%20:alt:%20Join%20the%20chat%20at%20https://gitter.im/Netflix/security_monkey%0A%20:target:%20https://gitter.im/Netflix/security_monkey?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) + +**develop branch**: + +![image](https://travis-ci.org/Netflix/security_monkey.svg?branch=develop%0A%20:target:%20https://travis-ci.org/Netflix/security_monkey) + +![image](https://coveralls.io/repos/github/Netflix/security_monkey/badge.svg?branch=develop%0A%20:target:%20https://coveralls.io/github/Netflix/security_monkey) + +**master branch**: + +![image](https://travis-ci.org/Netflix/security_monkey.svg?branch=master%0A%20:target:%20https://travis-ci.org/Netflix/security_monkey) + +![image](https://coveralls.io/repos/github/Netflix/security_monkey/badge.svg?branch=master%0A%20:target:%20https://coveralls.io/github/Netflix/security_monkey) + +Security Monkey +=============== + +![Security Monkey Logo 2017](docs/images/Security_Monkey.png "Security Monkey Logo 2017") + +Security Monkey monitors your [AWS and GCP accounts](https://medium.com/@Netflix_Techblog/netflix-security-monkey-on-google-cloud-platform-gcp-f221604c0cc7) for policy changes and alerts on insecure configurations. It provides a single UI to browse and search through all of your accounts, regions, and cloud services. + +Security Monkey can be extended with [custom account types](plugins.md), custom watchers, custom auditors, and [custom alerters](docs/misc.md#custom-alerters). + +It works on CPython 2.7. It is known to work on Ubuntu Linux and OS X. + +Project resources +----------------- + +- [Quickstart](docs/quickstart.md) +- [Source code](https://github.com/netflix/security_monkey) +- [Issue tracker](https://github.com/netflix/security_monkey/issues) + diff --git a/README.rst b/README.rst deleted file mode 100644 index 33a72ce09..000000000 --- a/README.rst +++ /dev/null @@ -1,40 +0,0 @@ -.. image:: https://badge.waffle.io/Netflix/security_monkey.png?label=ready&title=Ready - :target: https://waffle.io/Netflix/security_monkey - :alt: 'Stories in Ready' - -.. image:: https://badges.gitter.im/Join%20Chat.svg - :alt: Join the chat at https://gitter.im/Netflix/security_monkey - :target: https://gitter.im/Netflix/security_monkey?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge - -**develop branch**: - -.. image:: https://travis-ci.org/Netflix/security_monkey.svg?branch=develop - :target: https://travis-ci.org/Netflix/security_monkey - -.. image:: https://coveralls.io/repos/github/Netflix/security_monkey/badge.svg?branch=develop - :target: https://coveralls.io/github/Netflix/security_monkey - -**master branch**: - -.. image:: https://travis-ci.org/Netflix/security_monkey.svg?branch=master - :target: https://travis-ci.org/Netflix/security_monkey - -.. image:: https://coveralls.io/repos/github/Netflix/security_monkey/badge.svg?branch=master - :target: https://coveralls.io/github/Netflix/security_monkey - - -*************** -Security Monkey -*************** - -Security Monkey monitors policy changes and alerts on insecure configurations in an AWS account. While Security Monkey’s main purpose is security, it also proves a useful tool for tracking down potential problems as it is essentially a change tracking system. - -It works on CPython 2.7. It is known -to work on Ubuntu Linux and OS X. - -Project resources -================= - -- `Documentation `_ -- `Source code `_ -- `Issue tracker `_ diff --git a/docs/configuration.md b/docs/configuration.md deleted file mode 100644 index ccf5b7d8e..000000000 --- a/docs/configuration.md +++ /dev/null @@ -1,23 +0,0 @@ -Configuration -============= - -IAM Permissions ---------------- - -- For AWS, please see [AWS IAM instructions](iam_aws.md). -- For GCP, please see [GCP IAM instructions](iam_gcp.md). - -Database --------- - -Security Monkey needs a postgres database. Select one of the following: - -- [Postgres on AWS RDS](postgres_aws.md). -- [Postgres on GCP's Cloud SQL](postgres_gcp.md). - -Security Monkey Configuration ------------------------------ - -Most of Security Monkey's configuration is done via the Security Monkey Configuration file see: configuration [options](options.md) for a full list of options. - -The default config includes a few values that you will need to change before starting Security Monkey the first time. see: `security_monkey/env-config/config.py` diff --git a/docs/contributing.md b/docs/contributing.md index 9514784b4..ed42aaa9c 100644 --- a/docs/contributing.md +++ b/docs/contributing.md @@ -13,7 +13,8 @@ Development Setup Ubuntu Please review the [Ubuntu Development Setup Instructions](dev_setup_ubuntu.md) to set up your Ubuntu installation for Security Monkey Development. -Development Setup Windows ======================== +Development Setup Windows +------------------------- Please review the [Windows Development Setup Instructions](dev_setup_windows.md) to set up Windows for Security Monkey development. diff --git a/docs/dev_setup_osx.md b/docs/dev_setup_osx.md index 76f1ddfff..4779a4754 100644 --- a/docs/dev_setup_osx.md +++ b/docs/dev_setup_osx.md @@ -5,7 +5,7 @@ Please follow the instructions below for setting up the Security Monkey developm AWS Credentials =============== -You will need to have the proper IAM Role configuration in place. See [Configuration](configuration.md) for more details. Additionally, you will need to have IAM keys available within your environment variables. There are many ways to accomplish this. Please see Amazon's documentation for additional details: . +You will need to have the proper IAM Role configuration in place. See [IAM Role Setup on AWS](iam_aws.md) for more details. Additionally, you will need to have IAM keys available within your environment variables. There are many ways to accomplish this. Please see Amazon's documentation for additional details: . Additionally, see the boto documentation for more information: @@ -127,11 +127,17 @@ Pip will install all the dependencies into the current virtualenv. : # For OS X versions prior to El Capitan, run: python setup.py develop -Init the Security Monkey DB ========================== Run Alembic/FlaskMigrate to create all the database tables. : +Init the Security Monkey DB +=========================== + +Run Alembic/FlaskMigrate to create all the database tables. : python manage.py db upgrade -Install and configure NGINX ========================== NGINX will be used to serve static content for Security Monkey. Use `brew` to install. : +Install and configure NGINX +=========================== + +NGINX will be used to serve static content for Security Monkey. Use `brew` to install. : brew install nginx @@ -172,7 +178,7 @@ Next, you will create the `securitymonkey.conf` NGINX configuration file. Create proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } @@ -198,7 +204,10 @@ Create the `devlog/security_monkey.access.log` file. : NGINX can be started by running the `nginx` command in the Terminal. You will need to run `nginx` before moving on. This will also output any errors that are encountered when reading the configuration files. -Launch and Configure the WebStorm Editor ========================== We prefer the WebStorm IDE for developing with Dart: . Webstorm requires the JDK to be installed. If you don't already have Java and the JDK installed, please download it here: . +Launch and Configure the WebStorm Editor +======================================== + +We prefer the WebStorm IDE for developing with Dart: . Webstorm requires the JDK to be installed. If you don't already have Java and the JDK installed, please download it here: . In addition to WebStorm, you will also need to have the Dart SDK installed. Please download and install the Dart suite (SDK and Dartium) via Homebrew: @@ -215,7 +224,10 @@ The Dart plugin needs to be configured to utilize the Dart SDK. To configure the - As an example, for a typical Dart OS X installation (via `brew`), the Dart path will be at: `/usr/local/opt/dart/libexec`, and the Dartium path will be: `/usr/local/opt/dart/Chromium.app` -Toggle-On Security Monkey Development Mode ========================== Once the Dart plugin is configured, you will need to alter a line of Dart code so that Security Monkey can be loaded in your development environment. You will need to edit the `dart/lib/util/constants.dart` file: +Toggle-On Security Monkey Development Mode +========================================== + +Once the Dart plugin is configured, you will need to alter a line of Dart code so that Security Monkey can be loaded in your development environment. You will need to edit the `dart/lib/util/constants.dart` file: - Comment out the `API_HOST` variable under the `// Same Box` section, and uncomment the `API_HOST` variable under the `// LOCAL DEV` section. @@ -240,11 +252,17 @@ This will add a user account that can be used later to login to the web ui: The first argument is the email address of the new user. The second parameter is the role and must be one of [anonymous, View, Comment, Justify, Admin]. -Start the Security Monkey API ========================== This starts the REST API that the Angular application will communicate with. : +Start the Security Monkey API +============================== + +This starts the REST API that the Angular application will communicate with. : python manage.py runserver -Launch Dartium from within WebStorm ========================== From within the Security Monkey project in WebStorm, we will launch the UI (inside the Dartium app). +Launch Dartium from within WebStorm +=================================== + +From within the Security Monkey project in WebStorm, we will launch the UI (inside the Dartium app). To do this, within the Project Viewer/Explorer, right-click on the `dart/web/ui.html` file, and select "Open in Browser" \> Dartium. @@ -253,7 +271,10 @@ This will open the Dartium browser with the Security Monkey web UI. - **Note:** If you get a `502: Bad Gateway`, try refreshing the page a few times. - **Another Note:** If the page appears, and then quickly becomes a 404 -- this is normal. The site is attempting to redirect you to the login page. However, the path for the login page is going to be: `http://127.0.0.1:8080/login` instead of the WebStorm port. This is only present inside of the development environment -- not in production. -Register a user in Security Monkey ========================== If you didn't create a user on the command line (as instructed earlier), you can create one with the web ui: +Register a user in Security Monkey +================================== + +If you didn't create a user on the command line (as instructed earlier), you can create one with the web ui: Chromium/Dartium will launch and will try to redirect to the login page. Per the note above, it should result in a 404. This is due to the browser redirecting you to the WebStorm port, and not the NGINX hosted port. This is normal in the development environment. Thus, clear your browser address bar, and navigate to: `http://127.0.0.1:8080/login` (Note: do not use `localhost`, use the localhost IP.) @@ -269,7 +290,10 @@ Watch an AWS Account After you have registered a user, logged in, and re-opened Dartium from WebStorm, you should be at the main Security Monkey interface. Once here, click on Settings and on the *+* to add a new AWS account to sync. -Manually Run the Account Watchers ========================== Run the watchers to put some data in the database. : +Manually Run the Account Watchers +================================= + +Run the watchers to put some data in the database. : cd ~/security_monkey/ python manage.py run_change_reporter all diff --git a/docs/dev_setup_ubuntu.md b/docs/dev_setup_ubuntu.md index 15de2c0a7..c32d3e11d 100644 --- a/docs/dev_setup_ubuntu.md +++ b/docs/dev_setup_ubuntu.md @@ -5,7 +5,7 @@ Please follow the instructions below for setting up the Security Monkey developm AWS Credentials =============== -You will need to have the proper IAM Role configuration in place. See [Configuration](configuration.md) for more details. Additionally, you will need to have IAM keys available within your environment variables. There are many ways to accomplish this. Please see Amazon's documentation for additional details: . +You will need to have the proper IAM Role configuration in place. See [IAM Role Setup on AWS](iam_aws.md) for more details. Additionally, you will need to have IAM keys available within your environment variables. There are many ways to accomplish this. Please see Amazon's documentation for additional details: . Additionally, see the boto documentation for more information: @@ -75,7 +75,10 @@ Create a PostgreSQL database for security monkey and add a role. Set the timezon select now(); \q -Init the Security Monkey DB ========================== Run Alembic/FlaskMigrate to create all the database tables. : +Init the Security Monkey DB +========================== + +Run Alembic/FlaskMigrate to create all the database tables. : python manage.py db upgrade @@ -138,7 +141,10 @@ Next, you will create the `securitymonkey.conf` NGINX configuration file. Create NGINX can be started by running the `sudo nginx` command in the console. You will need to run `sudo nginx` before moving on. This will also output any errors that are encountered when reading the configuration files. -Launch and Configure the WebStorm Editor: ========================== We prefer the WebStorm IDE for developing with Dart: . Webstorm requires the JDK to be installed. If you don't already have Java installed, then install it by running the commands: : +Launch and Configure the WebStorm Editor: +========================================= + +We prefer the WebStorm IDE for developing with Dart: . Webstorm requires the JDK to be installed. If you don't already have Java installed, then install it by running the commands: : sudo apt-get install default-jre default-jdk @@ -171,7 +177,10 @@ The Dart plugin needs to be configured to utilize the Dart SDK. To configure the - As an example, for a typical Dart Ubuntu installation (via `apt-get`), the Dart path will be at: `/usr/lib/dart`, and the Dartium path (following the instructions above) will be: `/opt/Dartium/chrome` -Toggle-On Security Monkey Development Mode ========================== Once the Dart plugin is configured, you will need to alter a line of Dart code so that Security Monkey can be loaded in your development environment. You will need to edit the `dart/lib/util/constants.dart` file: +Toggle-On Security Monkey Development Mode +========================================== + +Once the Dart plugin is configured, you will need to alter a line of Dart code so that Security Monkey can be loaded in your development environment. You will need to edit the `dart/lib/util/constants.dart` file: - Comment out the `API_HOST` variable under the `// Same Box` section, and uncomment the `API_HOST` variable under the `// LOCAL DEV` section. @@ -196,11 +205,17 @@ This will add a user account that can be used later to login to the web ui: The first argument is the email address of the new user. The second parameter is the role and must be one of [anonymous, View, Comment, Justify, Admin]. -Start the Security Monkey API ========================== This starts the REST API that the Angular application will communicate with. : +Start the Security Monkey API +============================= + +This starts the REST API that the Angular application will communicate with. : python manage.py runserver -Launch Dartium from within WebStorm ========================== From within the Security Monkey project in WebStorm, we will launch the UI (inside the Dartium app). +Launch Dartium from within WebStorm +=================================== + +From within the Security Monkey project in WebStorm, we will launch the UI (inside the Dartium app). To do this, within the Project Viewer/Explorer, right-click on the `dart/web/ui.html` file, and select "Open in Browser" \> Dartium. @@ -209,7 +224,10 @@ This will open the Dartium browser with the Security Monkey web UI. - **Note:** If you get a `502: Bad Gateway`, try refreshing the page a few times. - **Another Note:** If the page appears, and then quickly becomes a 404 -- this is normal. The site is attempting to redirect you to the login page. However, the path for the login page is going to be: `http://127.0.0.1:8080/login` instead of the WebStorm port. This is only present inside of the development environment -- not in production. -Register a user in Security Monkey ========================== Chromium/Dartium will launch and will try to redirect to the login page. Per the note above, it should result in a 404. This is due to the browser redirecting you to the WebStorm port, and not the NGINX hosted port. This is normal in the development environment. Thus, clear your browser address bar, and navigate to: `http://127.0.0.1:8080/login` (Note: do not use `localhost`, use the localhost IP.) +Register a user in Security Monkey +================================== + +Chromium/Dartium will launch and will try to redirect to the login page. Per the note above, it should result in a 404. This is due to the browser redirecting you to the WebStorm port, and not the NGINX hosted port. This is normal in the development environment. Thus, clear your browser address bar, and navigate to: `http://127.0.0.1:8080/login` (Note: do not use `localhost`, use the localhost IP.) Select the Register link (`http://127.0.0.1:8080/register`) to create an account. @@ -223,7 +241,10 @@ Watch an AWS Account After you have registered a user, logged in, and re-opened Dartium from WebStorm, you should be at the main Security Monkey interface. Once here, click on Settings and on the *+* to add a new AWS account to sync. -Manually Run the Account Watchers ========================== Run the watchers to put some data in the database. : +Manually Run the Account Watchers +================================= + +Run the watchers to put some data in the database. : cd ~/security_monkey/ python manage.py run_change_reporter all diff --git a/docs/dev_setup_windows.md b/docs/dev_setup_windows.md index 39c2b260a..b75fddbbb 100644 --- a/docs/dev_setup_windows.md +++ b/docs/dev_setup_windows.md @@ -13,7 +13,7 @@ I'm pretty happy with development on Windows. Docker seems much easier to work w AWS Credentials --------------- -You will need to have the proper IAM Role configuration in place. See [Configuration](configuration.md) for more details. Additionally, you will need to have IAM keys available within your environment variables. There are many ways to accomplish this. Please see Amazon's documentation for additional details: . +You will need to have the proper IAM Role configuration in place. See [IAM Role Setup on AWS](iam_aws.md) for more details. Additionally, you will need to have IAM keys available within your environment variables. There are many ways to accomplish this. Please see Amazon's documentation for additional details: . Additionally, see the boto documentation for more information: diff --git a/docs/images/Security_Monkey.png b/docs/images/Security_Monkey.png new file mode 100644 index 0000000000000000000000000000000000000000..e380501495f47b06f3a44bd928d75aaf0bbf918a GIT binary patch literal 23862 zcmb5WbyQT}7dJd~cL|abQbR~egM>6l$SE^UW(HaZc=+FK76Z{wh!KV$s(LiG2?Pwy6T2t-i0vDH!8PAPmKAbcQW_%!1_E8yn3 zO>si-evyy4hbTS z1JN)`3?Fb}yyRh*8xbMRHv7lZ9#IYq+g3X~Q|H~F&CJHG!Gr#>i@*&eNDw*Xf-3LP ztuPhYK>?|BF}}yfw5+6>a_Tt$zkw;i+RBpA@&e38BO<8KegvDSP)LD*irkf#b`kUT z$0-IIuaBcV20rHh#5b1`8v82_6V@uA=W_<#w6EGvGp`=H4dL~eNK$?tI74a5N^ zpCHUhFIwmUQ{&v}v(lj{4`h&lNe~iN2rcZ9W`A-Yffyu>6H^m2TcHmYiI}OL{&d1- zVgpSd28V5cp9geuX%=q8sSla(CUqk_J!5T!-*yMA8 zzQU_1@#Y;CQlGzw|AD270tj8ul)z&0HljZ&1!kgYTk}z!eadx--hgx-#HZ#|^7AS<5FNFW`iyh4zPh+0F$tWHy_Ty%#JjdEsH1XCB==`0Y$Lcx#38d5vO z04G8i7oRX7q#tXm5DKF^0viRPd&tX=gAqvJ#(=*J1dxB?ha4iOkf8u>XcPt=BFLS)%HRI6UmU=xW%6~G?9)c!>bOsZ%ZYY&=$xC=n+gHSLa~moHnF9zmipk zgz78qXhM(?vv)j~eCvCHHTv6=DT& zo?HH81sB|9n+VRxYyK{E&w_u;VaZxO)|yG?;J(H;mE_QTxuIC1g92uSi#e!vTm8U% zOih-Xkoz}=EnbA7NC=ru_FJtf|Ax!)vzQGG1+-&?SgVOnFnQ-aS#CWK942#Ax=9+0Mgr>2L=SuY#9_)L?$$NN zx^-G(j7EWg%;&rlb3#Je{&TJina`kK>DFd!qyP+|lg!jVsEH$_I)|=jvjd)gm2`U2 zUwQ=XEHpoPQe!^?D@?9^_ltDawAvgY1VdvtR{ut<9f{rX=?pxOJ;u3GcaLe_f06uUTF4+fTi% z=*s&pw_u+RQ`p!+$zsl@N36BLZ<_t-p+9?}Y{B$-x6)hR7Cstd30lveT8z)a&`Zk= zu3yJ(8_C7t7I)T21FqosNqSf8UeTqcg#qe~OOM-WH4%5Wu1{y+z;sFzjw(CpLwOJe z)$TP(SzvejWp?1AiRNqe31BSOsS4bXp)g zJJD-Lt5nj%7M3~3axPPY`x#sRJYOHS6kQ6FNe7>;+7Zrz_z;@S z%#U!ha7WVb|MwyU(-4*OWmwohhWtN`prUfYLcpz>-DF^q5UJ%yrdg)c0f;#yoo&D2 zgo^$f@ZlH&F1NqpQuQ#yLk*08qdojfh>7@0eTy@wT@I|#6B89!<#Im0K$<)u5W+t! zBW`%IADaIIl?z!{I39m7g&3a#9{J_eTa^RCu!LIXWDo<}h}KfHuJiDnUVWXxXgzp2 zp1@zU)_gg9KO%W|yHtexlCd+6hAK^ZJ|s~KBj{2)ri!1%4S13uazZKV2FK2cjp@PZ zq*qR%pUB=U7qQq7RqWvzsFKtT(fDlRtara7KHfDP6H|V5HjfNMMZJ3{&!XYjIwbC8 zA5t=cqSq)L0hgO8nzJMMR@X@}{uSW`l|^b*6-TG08}pq`kG&UY-h4+PFkDB4B9oi- z|2T|$u9WDH2~?#$AGnW3SW?$w5Z$B|B^Fq`oGI7-$f5DK+SmXpw|w(I6B8|hk`#Hz zaH05Ihj6wb>zRzn4T34x^=6Wvf5YB#TuOmI?H}{}p^s4h-V&Q*vZ;Xf19b;1{gu@D z&qqXMw`*Dg1UVQ-!P33lE+UQNk7WJOF$CpQX2d8Np6{)6)YapAZtM= zKPFFw8-eky9>NAJhIp3uw7fcQ)PCasIp(RP1(Z#{hQFa< z7Hv#aRpGNd2L*IG@qx#pv;E+7KJnp5ldB8^D0d`_$s%xfHEDNs9jvsI#o?6MFN?WB z0xVPtBj%G_ZztDu|G0DnJ`<(^Di>ma*>^@9k}6so>}K!Vn+G*pJV6!i4Z|B(E5C5S zavzJnhmK2IxCk=f$f1@6+y;CJxEa2;R%`D}H?x0)jVEqtS(b~Xih%b7kT+@HwG{?dG@=|3kf59bsuiqUt743l95>poO<7rJG-^pDJ6d}rzn3{a@sJTPYIa_ z{al&`VggTDJ|LgWp-*H%t`Ldg(AefViW3XpGv!3mKEJF_IjISPIVvZcjRM3K8oKPf*VD6Ds zB=?tP&xd#)Npx~>RE=a?=rvBf$oV-iFe&0b5 z%fw$CZ!WBQboP>0WY_Z}N%g)N=*~9D5V1;GDpR5Vf@OJJ+7|C{>p%3%SSl;ak|fFk zS?l`4Qky4@q?z$i|7(}Ew@107l2=s?gXpFPW9Blc<1MeZTZ>S=zljyul;wv%tFP%(%pC_@i~^7 zw|hS^bHcwUTXO=ViB|R6b!0Z1(C1Q#XFg;d4?FPUVJdA{_NILLkc@pwjOcMGCqCp6P0h4OAwy@RWP$F3)9Mx*}z+srB2- z;1OR(C2L~l+>O-GM1`|s5*0PYv;{Qn2w4REtUt62(qk&L_IGDi$>1>QU)baak!-tt zUX*V;bih7MUpQP7HUf)o>Q`VC_oNDy3MWt-oubQDNITj8oX@A$)*0s)Eh=o|s7k^4 z$a8RD+6rp4gvvcXTv#k`&4a+MLTtd><21viGq(#?HL?TMhGbpBGGZDDId1mL+I=lA z!lwCp!rrrj*^SiMif@FyIA{#C(PEk|6UUkE7Tq0ViH}I0DR#+QkMITdZ@71jgLmfG z3?M2>-w_j3eP216mh;nl!F}D!%#|oC5^Zk$C zKuw37T$X*FFLXlVl66|+Eb>iS^6&_4KF22n8Z4=B?u9HqzuNR(h_u7h?@=M(XhNx2 zb90|c!m`kz?ZPh%p>ob_L&s6g=y4V{1) zRvZPJF>LGc1=ZH9olcB;Ro1x%%V<+p33g*2*uJ%nGjid1b7@>d)*!)VBBWn`3?#8x zgHV^%TJFKA1cxHs)avW`Dpk8^%1L&pO(^Vih|yha=E3OR5WA1JasTh>I`w6$r1PW6 zpoFedbby>35`^S2bGt6nKeoyH8SfmmrJFj$g#>iyQ-4O~-_DrK66g+b`a52~D+O!y ziSaMK^p$+24FWR;XDdhDv~2y1LDs3UF&2>x_gZjY!Ej9(e!*TTdw6o^$MVpJDsi24 zJAU*6zbE9jSpP(g;Mw2I{$c0Btgydu*uHL+>2Z_kD-#n=SoBF>v5rX2|DndzvdJTC zt^fP{HO=LpY*;N#)1b{uavXs@M8&uthB` ze_|elWUj|n<+sW)`wrtAyIaZ(vG@)$G3!(5`QHzZH8>e7Oq%UhjZ*SEQf-4IOiExU zQE;YM1Q44Pq6se&a&Sx;l3STtJ-AuBim#rb5e(t9v=y^=LqBH^u;U1?Z3I|e(aXqsd4v@8o$8;ndnNw{#(%ta^_G3x zDMBWGZFAgbS;L{mF(F>Ad|lg1Gs-fXkM;Dp6E)qx`w#bTHxy|cOoce1TmPhoHR*;+ z_;Kpxja8LdgT|IzN2l8y>T$N$Uzwv?UqAe#njhoucgCZ}vaz(RM$w`I~;|Mz8O6R(C+{zhCBd$IZ-a83J8L6J{R; zfyDtLFGel>s-ldoA0SLx#Zvop${kN!s5reNmIzVR@;+l$+!pDI0Ob(+PlTp z87%-HFzIc`<_ZPI(em-@>igGA{BT&X5+pZC|0u+y*eeVxe|uLf@=ld20PO609bPIo zJ&W89;41SjdBof+I|lEJxstuzeg#0Qub6{yVdwbe!*AT()|*EuRj9=uGyWSFtuwQt zuC#TS@pR!t4IQeLHJpG6(g!)#H{nz7;RYE1 z4CAiVeH091&UjL~e?7euWU*rUu0s)3f1i|-^-6m8WAVTH-G*>3N1kNsQ_%7&_Wzxh zbi1hKR(XlKsjaE|#xtjWl(I(bY1kE-KlhXq0)vJ9)PIGIn~kb8xw@m8_gY%eY03Vs zF5Zk?&DL*4Ev-hLwyW%+1wJImb-n+gOT*Ff+bws;>e*pShvdl4k88hbCYm@S^P}p0 z)<&OBtUf_x2WJEdD8wdQhV#4s%6-uXf)4?6vLHAk=fP|G zQYJYoRQ%T=rG+`_@ofWHT`44zZ&zm7WJeIQ%iyv|p!b0Av!362=8d%?0xGoVw~{D8rIfAMTKgp)4V=L=tnpa(w^7_+qXk+`N0)8H6z8-F4_ z87aGAJPX zA(8_iK>gm_qt1+8CaTz$tXaaGAA25XAD`=@d`UW4g*+|e)e%ugsd`K)9RUiW8&Fk9 z?3tNFHf87TS|Xb-qhdBN{nn$~60Yc*y7LX+WWur_JVPx-L;%6JsjWV?O|Y zZvA)ZQP4umzAro`d^^Iv_Dh8X(hZ8J8u(K-qq9h+3Gw-V?7apgU%R0@QW!r5#x;Vd-N;zRpBd!6vWVt`Ay%5_osDai);V2(@<+5^xWc_Jl zD>LSwDO*QD5tN}yhv?}bki8Z$FyHdeGY6+5@ zFUZ5wgaaH4Uoe|6mOtchr#I&U6=fsOF~5*YAx)WXUUNVwd%}CcsOTHf*Xlli4_A1z6m_n@dVZE=J#j3o2=4^GGSbj?nU(wb}IYymzu-9m%d*iysW>I0k;ulrF!PzLZaG4K3wU3;@xH8e6=kUArAn4@=*4g@fd+$%n_I za&G3s%(s9$dD4DX0aLliAycmH>>H}?n4`!KVRE%v-3)GhvsfSx5|JPs3QvBt=`s_O z!?E7|B=Mb&Z!eYN)pb(T^hBy&nE#(Vte>A5X-=)O`5w@UE)IVb5j$<)$UfQ*A+k1J z>2WOb{kGc}=JXespMT&|`A(@c*k(EZie_*e2JY{N9^H~>6j~p%-%l@Tx6X zcLSsy0WC+oY15CpT_-bPI}h354y|WMQ0Bp2+hV(H{}3dyvo)O6>puiNeg(co%MvTUyCn8sE`Mu}d#aExr^>;fcI+=r zKy`K?oXqZdUDGdf8Ou9G@9*?%iH_WH=vtA|{%k;`j$5F)++^S_25=1RU($MVi%cw9 zK9R-=h`d6c9$8hx>3$N0GvyQNckCKNT=wPRdbS}3jly^%bam}< zCBANqTbi)p2&0Am5a& zFqI-1lw!w8(Sj><~pMl(vO?2h`0P!e23qPxQXm0)?!yj2cXT$#|)=_ZwLKzEjMd zef$sc;b&7c3^<;@`I3pC%Rh&9pP$CQdHEU~d;aSM_-Lm{_R&H7IDI~5E(X>oB>lQ? zU$eZtFQ0@HfE7-ggAvqxYdZymLm@+UKhIx4i}`2j^! z!iJ(hLfMgf43n&%mJmf!<-NJ#oD?d9Myqu%KO-yt&9e4Lh;Y)1~VjK zzPQ}XasZouk@b684j1{UHZFM79S4IXJRx#ux%h4Q)kUn9qRBvVZmYT+`hd;iN$*)< zr4IZ9j|0*hFg!PSGSVT{g7B&z`IVp7ri3C3@GN0<+K_-YN#m^d}Kg68^ z1XEZ8lJyf@XWO3sX<_U+G8{7j%#!e}4|RVM(7uyx=_P`1rw6oAUa6X8M1CC9y8Bx8 zSxb=)Xkr0X`0;$%C?yk1Nz)5WXImE^wb=5cl4__VNfq#H6+(QDdd!ZZ~W|c zCxoUYOqcpA%_+eI`ykAy63M?#*DFUW6e|)Rjya{(nq$FHUe_XZ1$xD;Ogoi$@1CgH%r=MCJk00rCaEuJ?$r22`6wlBf0>ns1?&5@x0Ml%mixBj zHT`B=KCK}7TK4oiHZwTKn76u`w;nI7T|p_^Ds<4Ps(bkkYtqs~Egu99`N&hQ1kiYv zEvDh-B~`)*eB49j^*9zGIivV6a*p0HPf%XWW7(463Ll?4_7P9~qw`~{3s}6$Xk@Eu znsHdTk#Gm<)aN})qUPg9Di)2I&8OWw@HCND9WtbuNu|pl&DqKGmP}0?1P69mzHS_a zjp8YN3X)}g{%uy=wSFc`-b?UxX^i?yR%gGtdU`qO++QAzk3UxNr@tJr;v#GEgtBH# zEW|^{`eUA1UXWt6EO7!Q%fL701k4TH|| zh90tUjCUmIHg5EGW!BpE`|Fr>rs|Dji{=-DOk*v)ta)|e%ZWm$D?QQXyY(VP;;3~%MF&mR9#Ni8KG5Gygxc|UP@}O<*dBj zNi;t#JYdU53M550Gn@pjnqaD1CNO)co7vg~bQY>erhC$IpzP zSAN7+s%!JcFX=JLyPcq@N$x9VoZ`Lp%=O)$DuJJ`s8&YkkqX|9QD58a?k-f;c`C#q zj)b+zYLZ!MQbn)Gb^E4Mm^Y>`v$Cn9-VHsYG33nt8na)1DG;I*7#~(zxMLJ>taIts zxsFucGW2;ygxc_=qomf3ZHa^HP4l4A!&yXULHe$6y{g9F?ZN|@OOo@(qn3|?j3&pM zo!ub1SfuF@k=YsQexkyfQFOO0eGYEX6iuF|9p7Dd=LaU* z;&bw_v{FnAj_gC)V%+V(;-y&4>=V@H&L*BMiI9tWNS!EEe*BlsxpNAp(qY88DX^Jw ze5T26_W;4+26wY=MubtbRTiDla4Y8FtpaHq;$S7stUpvKgq7RvPMb6PUCe${^N=ph zb@0m1!?A>u?ym_ake%2Cf*~;4&uq4^uZ#2=6r}QgoX!ow4nCO zw9Qu$Hs5=uTSeteDWJy6cz!eu0{I#^m1F7R6_emodEPw!Kp&OD za~~KoT0_DKaM(l)h+sb}tQ2u_6f^P2IWUu~hDa68h%yDrH3lpVC+quiOsOzg-iZ(}oEZcms!$eXD!zf1qFxQ^ zTj$5NF}Z&~B97)D_yk7cBn@1)cw(?k zbQ&A&#@iR__y?4AW33J!IWWg?*Hw9N=5lC4NqRs!HW&IGm)+@}K^dcIoQ=T>@ty|U}Q zus@3X3#~LSCt#G=IJD^UjG~(p*dipLOV5?VO@QuJ3DXsWdGQtxn90r}Gmaub-?@xI zvJ^-^IsiFHI`%7Y@FOI>SGj-xi+ES5$PE$y@(0&T7elwXVPE4ba#S_EfB$g^idFe! z-baV9^RZz4emAuTM8!W43d^Ew#y9xz(poQ; z5B2I!+2bh@M1izI#6gvLafCQGrL@PWPts?|L8Iv_v(j{astAH_3fwroSs5>RercXW zT3FdIXi&2G*9ADm#|TyFVjHHpwnDR1B8j#7oXb0&h7hhWS=~mA1fXad!boq`#+X_1Mg2^ZVfJ^)!X|)@vOMJRfyyG z21olA^0@KvjvDDG@u;qEoQSrFUm>N9GbY8DLa}ZHb1GsL!sP$m>`76VXD)qT`Ct?? zady*INtrsg=f4pWRN?L{Vc+-|gXtYsc`^oILWnkvL!8~(s3&0W%fBjEYitAZQs75H ztU9A>>V+4x%-(CuJY(dLgWJW3{}zCZWx%JHVe=u4*9dnhv1-jBsUjur$X%cGGZHWv zLX{aR#c$cnZvjcE3yEGH))8YV)oc#c`?vY4}Mu zEi3DnYn8t^2yuD_VUhc3Qa}6ZD|Cjr&L4PC#cx&m7$Jvd!nzF>htNF^=0$1NC13}q zFAzMpbC}t)Y(HyP0wOOaZ-Q+ko{n*yQ93ZI!|)H$zaA!(8sg@SCDc(}>G zL3d`w<%i*~Dg<$S_{O~ZnVAgty!J)komNdX?qwFd{L-qcfM|0HXVHdcmClx*Wk2#)$Ki|%@77llF7Wm z{q^5_QG!cY@0jrKj|j!U%{z6Ow$))laCuYgIhhx-|E-%<@W1W}OdHfZ`cjqNuNP>D zMaL4>vBdluCr0H*)^fg6>_tXUc+)kdJw^s4dMR~na(^Fi*>iurbf0kP1U;@La=dNL zbq>!D`AyT!4QY5+6bv!s*Onme*b0{9O22Gj@{47<&A3Z@jv#Uh~^FmSy*ZM5!w;t#x)_=CBy2UMt8cV3?<73k(R?kk1*K&eMQwZ zB??16{LwPQfr9{z5=;ZFPV(i@xExxBe_!ljgAN7MWw&1QXXXeESMWHTVi~}z--Z0! zKNX@5i=)JFt(i}VhzdeIqGeo*3%`{h`nToUkqjPEk<>w&7A8Rc;>Sw{8@mEfMQdrAk^38h+tsCe=yxqI2HOO7-=BQbKx2rhcvq#SV&MQhPwdWSk@0gsE~(Ws?232oD{ZU-~lRsG*uF-R6b zzo$w0T?le zYnPfS>I1bN=s1QZxq-aOe_Tq| z<`H!EK-3Wy2FmiNv~^eHAyE0+@<=pY%Ki%XL%&nb{Y^?kgglP0HNXh$)##p&thR;hJ0^2 zY(_6hON}B1h7?j#m&2A%4FCEM1@UnV+Smg6{=o7n{n10JiJ$3$y3aF+W8!m>^^b^s zYw9|ae0j$L&Nx(FXup^d0ZD>oB<9=6#}@zDddSLeQ1qaZnn_N0PmX)E_qg9BZJE>a`>Ow@V1?I&lnC=)QAZF^812{)v?ThZ9mW zZyq~{Csw#yyF8}4V|%l9Y-Gx?n>vmGbO9$Y>%Wd!-*q`R1GT)E*PMH@U2W|nS}x=0 zOW7iMOZA*T|g1$j%C351ir)y7q6lXE#Xk3L`;>H81kZZAvVBi_weWsDwNb+ z&39<50bvEeIs?*_l#sCvQjY$FX)`g|n2Cx}i#Q$vRPTb%eE=LnulQaagdrSWZ&6{0QoH;y|I!vptd(O;;C2XWA-^1P{Z{*evZfXYK(NA7~S9Dp+Es8fRCGXFaC3G33a4H;WnU+>0j z2TS`vZJY!d)R1xX9Tm0I2oS=ccMzwj6WpyMS8%H%vKsjY>>(}p@00dVaa$E{&JiX< z=rEHUdX_i%t@QcupL)3w>=B%CbiKawo*j%CmjARPJOXmJeg5`}+F7UFH2-v^-jfa< zak2`EzG7^2k4TWY0LxzX)MI!DC27d>_GV|uhOKN%ULEJTU5nMcV31dSbI~&A zcljA?{moQj1ZZgZ&QQI(+ECT$jNf+V^W&lRQ_QI1kCG{7f8L9{TvZ?ApGyg8PpUYj zXA=P#_Bd6?Rwz|P9X~VPQ!|MB)eYX9AK7*ucRi#W}U zors@!Vv-_xZDrfav@H#u9|A4U$KOm|0=!jDb`GDm1Lv$0L9S-5w~i)Zt%hHIt}a>I zrp_Gw28rPJs<-LZwqi8}e#CU;`Z!Ao_JSGt(dEZp;FwOZMT4T;1;>Q%=4pIwzz=?r z;MSa0yhzY7e^S>jH1%cT3#lRqjUF|4=0TZk%_OLa6&3O5@CP@I>FltObi(!qYiHu! zsCor1Tz0RTglKAI$2gT&Emh0Q2i+U)#V3O8<6rqV_xDWKHMZ()2oDa{8l4BLf+-J_ z@0MTQl~`(}P?OaFU#L9R>$aozv`$i3$mEZz!6It_EO~^VmCX>Zk-Y6GpGm^MMi3lD zEmu5=5ixkR+Mv51+xDw$zJ>(;FZ_jn1F<1u+nE9|;2~#0$t>nB-c7FO^<%x5I|n!P z58I?Da;PP}Dq2?&_J8FzWBe0N%7JU=9cM#o_@i=(GS~(Rm$CK_;p5W9qm;6J)67Pr zz8H<4PV~Sj%_ynxBU6FFg+0mcnn1sngc|vp)~@{>d; zktj|X_EnIgWD>dg`!fqjEe7-dn5}(oLNvML|rNLF_4AJl!A*A2_vinrfrUPbg7-%tGY zYqes|yGI;0`jZUhyBGi_c+Dc*DGPSGeofihf`&T)GuUOIW`#drGfH{F?6NGGl_pkOC zO%JAX9ba24e-<+UAiRiZwM&<|fk?WmF$%ls>U(l~c8Iei5`-Xl$`%0d zbc-v1(r0P}+U-AxN^_yyOvgc$>lb?h8qqjo%XMIV4!*t4l470m z4dn)kBDKrzHQgJKDY`t02qTH^lzkpZTh=nXaHTZK0I`TX>`8)ch zIb^Ljlw-IC%ZF7p4JEG3!+-mi4J2^*>oksUc^;v(dq9;<^g6SU!l$=zlPx83-afS% zWi5YvvMJxqw5_(J(7n-@&qCY@U&VuBrw zjD^&iR8V%HOG(Sew{l4Y2Ob#$Z)Y3-daf2Yq20VCrK^$&d(B)eOK& zA11#Cfft-nH%7w3R;3r&)M@0&yS}hrnl079e)1?GkQp}9#piaGwgV#8A>iRoVd|QJ z@yzs@?+skQ!$9EHP$oYfq~c*#a+%I}v@@Tkere#(KOf!J4%t*G$$=-FAWJ2&<;sdo zgIhMpu;(KAl+<`I7Kgz>{<@H0{X!f-1fn>mr>Lcf#i-XVQV4(od) zNP9HsXyMxa140PUf8dvl8kjta8gpcqJ++AOi~18eEfsuJ@c?z z1?)&LJ2#5hx;vqrSQyfl_ASTyj1XlV{(Pq2ymu}Me?1F80D>?JnWZ`5m=9{>V05 zTV7U2h;UwBXTHiFMb@B9E{_K3^+Wc(Co`DEPV+$Jd?XEq(2|Wc)~Pz7)F{ccRAoi+ zeq-GT##N}upMyiQU|ab;qAJ(3X&F<$xun_MGokhCg>R%4{vdDr^QJc@r{2nww`$qq z!7OPVh|tsI(uhGWP@Xu8QXrpYK;oc-`s@9PA9m~hZu)hfLLEF4IUy%WpNquNsJd=~ zy+QA8*^9+?!@J>%!6xa)olQsB!9Z2G)CbS2h$AReY`Dbh_pY?{O`z5dh<-do9hGli z3JCB{+mDANMw7SQyk~q5FJBB(P4qg^e>i!OOq?;lkS74EgL<00QG7IVJdkHUdOCDr z7{70ec)BIFQT{_(gJw40%f4TcTEifW7|(ya0Ws?_b~;hfcO$IPzBJTZ+(KEFX#?+QlA)q7CZLj}Bd#ZHM(Ptw4#d??n5>w47px#NA?WZz3zno?BzG8)JXpGEDd4WpGoP`s*8M>=Q03k&ja1-I`+-XnHy=!!HCDU-J?1tWb! zX7t5$UNRCbSR-8!izH)Pw`V%GmO1#kI02UqJNfQzA@bJU!;YnD>jS6g%=MsQFvqMA zHfZYuzR5Y?*KXEuT`kl;DJ3^@yg$lo$-{gn7N=o2{*~=&M3n z)~G1(uN*=!*=!sQlgp#2A4%Mxd?vIiIcu+6e}Dq1h*tGF7flW#2$-O)F)d{5_jko> z3Je1ewZ8}=zc^HAp}CaR7O$QRvQPAZLLk>?G=kFhiav)c(R0lFfpJmaB&RfMiF}&! zd5|GjQLG~<(h(78Z<9t*e;EhkB!9kk=uN}J5qQdfNJbE~Cp}U%-xu`aoZcpsD~oZM z_eTefgu(EwpaQ6mMGyppj5BzBI*E&~7)rHI`Zt?@Su-zY2A?^!VXP4%i@F5`44reU5g0j7}(g~LVZD&3@+1)*MoZCn#Rckja8L#T58AlHm z`if;Iw9?@1$Sfa?bP-V)Odhfz6n%%G#d@>9+`+(N6OhMj=c*^qEF#ab|82Oc(0YWX zl{^eBJ^L&uRN7u?ej-W$W#+*L>=5@l@t(=m>k`jQGVicIAG?stL}N{B7o+b1;5=@K z4KC5kV1YN%(h1Yqx#(^D3bN9+m*tzb>$L&@$>ECdWV`sh%k*c;<2z*aOEEC@&xh+O zDgwo0Md8jVxqoHf>YC$pSX<#iFj4*bc2tdVVfs|++mMU-j^Hoveiv%%$di$O-Tr_q zt78Dp0dgp}_7q=$K-<-3xsgp(qp&=B+M~@Y>s45|=(sl3cddcL0H&$a*!>?L`E|Su zeW<5*Wa1m6;E^nmnkWdjv7*1pFN%cNZm4a}j&qpieMhsb&Ok78R<>|5-2 z`rBq#mQUi;8P{y>T|iVsSmnHocg&!?`hNF_6-TiRgaK814Ry?ZzZ=NkMBhS{S7{mg zsl=#}cgS35$PXsNYMtI*a#>L^sE^_(wZ_cpaD5A_548X4OBxb&d2qno(m&SVxT}lJ zasz_R)8&Q(x(W$JJIziSQPUlInH@d{+Oa2*hn}L6C4NmkNHC>vmH$)4l?OugM(t6` z$i57+EBj8ehiqBGl!ze_!(c2~LSrA1Jz``x5y{RNOZGK|Y>g$%Alb^G?9zAj`~LX8 z`TO3v?{dz0-}5}rIVuy_9XIO|-0m>n=`{-*RnCZ6Wue3~*vR%}h#@;}@Z}_NFnzc| zr4p#nla=qU7gP#!WDiY*CW)XB61uiUv~CcfsuNMxFBPUsWVZLh z&nqb9ssMLpgF~oO(a8W~=SDwTE+cKr2?FsS1j>|w`%9C*Npzsce73un?;jxz?#WyG zv-mZ^=mUWu5!WV_KIG0OEmw&*Gmg771Bq_%)2k%t!Km6Z**aU26Z&MXzLa zXg1$z;u_fCa3aG}i^{R-u-0k9tu*)&-MYCk)rjA)%lC~^_d2om;=w@^kwkmszvhZa)8W zKsBB*bs8e@=kQFB8^Cb}244Cd4Rl%oe*YKE`(K3c|Dk#R0g2%cT6X`?d3tnw7Z*`- z2*E{&d)Rr}G<+K+pzx4`I zOTC#gStyk~qc+_xg!oe~wPx1e{aSF&AZsf4ZWh-JbnMO2%3y9AIl}DPY6Kov#_zHERy?xHdc-YVuELD@w-HZ^yzrRa5+& z*A4^g`c+7N54+CC1S@`hGN@t5`Q?ODI8}Ppoe8&9C}DUX2>!t3(40o?!&MqJuF9CC zyrQ8=S9`C&6Tyr~4O)#XMQejB7_T4_QAY$Iw!|W)pHW#RQuNj|%M4T$1+3+xKA+jI zH9Oew^E*MtF++ff0S6pI>ZvTnaT@0EyX_b`^%N+Tpf(S(^MlXCCJC-L=kLPFv@z*L zZ4&050O=3SrLOA#WIAAQsL+%gRhDaOa5PR?sW`Mm5je#kIT*eY-aL--zHT9SBU z7FP?hK6H1nT|YqRH)JXF);YwxM!j8ZQ>;12!+#iiwQ&XGt>l+y_AzpeQ?RTJZVe@-+(4nf~gbiGYs$d6Txir6r?&A6K zh%yZeWnfw)qmfu;N-BT-nb+Y45Qlih&|(j(&(X{}>VV)Nyg+YchqUsZqgF9HK>k5> z@O{cS7djIQ<$|}U?4j&0b<$^CEK04atj$6A=lZ(tPG^0XOOZ@m%ml=9yG}w|^ipHhb@=}IBHn-E1`>=UfcQzg>@WnqG5kvV zKyuiS+g%W4+!O{h%~@asdb=z@Gc4}kzowZSlD~J2)%>EnM;Jly##&Bmy?2kxO|w0W zPdiX4+;ivbgEgYrU4^`7UwMy^Oq=+O#aMgk6PKY)WT{T(vBx3 z6HBwG!wa5`?HZq+GMTja_D8v*DWx(-ANMNS7&j5)GtUD^*4qz31Lm(+bC``(G#mEOpI_-Ksb)k@{yM$cm`b+b@#HU}L*CRV)$_;?!cKJ7hmNgO!_nz-f z7OUif-P&t4H*S6qC=(;V&*<57KVE9s`vB-_2MaEEyXJ>maW&!Ilgevw;7ym7H`Fb@ zGpn>utvT88rGoIeeP>iJ9%bnJ%K}sE8bg!xlAXs>+f@rVCV+7BOvXcq0QY#G(ps1V zCp7{PsRWSy#ftA7I|SgL7_p~D1DrSnV9!66|+0@VEBIVL^ zpCx+&%j^?)w#*H6kxJZfU3X1I)4Ci0XD#1eNe1_N63ulTXvx3{6#Hhs>cYyIW(hea zvx?5B-8`oB|#xUDXt{39l*>eg+s0ImiH`+s{?{sc*tI$Hi`+A4D>uAZ*E zW~+Qo*kO{55h{I$3gndo&7Fw>{wfXw)6cAI&G4un_v8Ht2!ne*^Zu zSydcH)A6vRw!umBiKDyN{%2$o9dIPw*Nr*3`mvdB0#HoJcnrIXopMH0S`okhXniNL z_OUDDERg-1vbTQKVi?sYEBtW8b@ou~?0b|znUGouZRNo%z~4r?n=%Bi4^qvaW+_Cx zgei1(4x4;YZFCe@bCLLch9#cu2q~*on+5PbXGholXYi{2zEbp$H~u-JDS81=CUdE= zzQ`N@CZx@A(>THT@LR+rIyE;=EJ`}6++ge$%|p)rLJ#hm`Rt?nOeRkl^VZ*grS=%T zbPFpRJ-5uB z2!k|;xZBCJjNR;YjDP-9AEa0;SvpUiZRJm1ZvZ2P_i7$^wkSzT4w%AwprH4lrHsv- zYJ(c$Z^GB2F8np$ExYZ3Ac4q&(|!Sz zRgGSrEh`TC0^Gj#yZT=E`z1^jF)PpCZ$0IIW5n9m;RtL@n_9+i7a-*~FuFIZ@E3E~ zTo6kQ6UZ)YyHhbwvrwGGB&GVOV_Wz;`sicvB;aElz&m*iwvuXF9PYSv8km33PIqN- z?dEMR%D8I^JTRM_tVv2;N>6}mxz{x~P*JAicQmNI3wuZBqX>F7cb`|1RuQNkxEWu_ zf@4sJo(IC4fk2^`;YgMbC+Jx;P%^9b$&PI@sId*WB4aN@3n36(EPRxrw%eQpj-0K;Rbi&ZUQumfN{XA}4wwYApaeunO$exId(vx8$2Q{cW7KsU`+YftZ_WBX^**ZA4+y@D*k5g86lumVU zetB9z4UA260qu&`q8prt0dhSn640*zy3S`Ye+-JWBq>Egiy4?}!;cbJ2?}tlVCk&5 z1}(@YBGStf!4PTr*16>t2wvmoB^4Db7WMY7Hp@2w31deMKo?FaWd^jwdaH>X>KVU1 z6_H9V2-Ev;1%Vx-XH-%J!8hW?qN=-(0d%+UGSugjBvGdg6$E9*11eY!p% z!(-D|S$b3=Na8g z3Gb(}bM1L~yqFr}Ec-`gA9re@e;F|6)typMgZmk#v2K-9MbVY{W zfi9x+Ja)I=AdH>1dt%J~gKhTf7r)uZWsL;>bu>Qh_~h|UMzcSUnR{w2 zNB8+i*mEpk%jHG>i9>@O!74ORlt%&2gveP&(-HI#LWnh_OS>!1YnNuJVYe&7>+trc zfYk#vE7ub;^}Nv$UCOhONOIkx5`~u8VDDU)C@Vd3C`4)%h8(&+PdQ#+beSiQ3C3ug zX8Y!4Ggv|LVZ(3(_0fB;)Tu}gymSJ?FWuvqdWz-~wo8d*rw#eoaymABL}zmD!mE!| z1LdHpd0)3}yd|qm754!fd)i6|jbB_^w;c@SPMK!IlqxWqBY#K(JS4pjm$^M3O zIKl5hwUtNPc$BpGh`PCylWISWFGlj!L*>yUk(LUGv6YRNZ%BEFwFC&HO~WYB`3%!Lo?@=!sM6{D9Zj}ufwRUM?WtAf zj_>e*7-8X7)4q^{E@yY|+vYTA+1biWmWr_Wif5~R9K8hIW=11iFcm0@&5s1Sp&`iG z^tC__>;F+X?_^kc^l46{7RNIfPwO!zP5}?8ggN zM_0kv3(0DbTaF&G83QQ)mGdqU6_pNAgk&^1J$N4SY;qbUeLT?W=n~3gk4V|o=ymBI z)NeoOVQsV*TB}1pw&M!LHJHJsTae8kcYFj&H$R!W`sRPyT(*fK{1P3rHF*^$yLXzu zEq9u=46m_~VY1!gB;FJ4bN!Qow0y~r>!1gWXJ}_HYeniqkja;eV<7jVHvbGELu_xCkyP^Q}jhia{u@CBa<$IS@aN^raIe@s&Nzyd!XjTBZuKZ`wI(&lvy0$UdMt(b%o55GhxDX4Mhyu;cc7B=p}{M|L&+8P3?fNhHpKcs8;R6b zrBrEd+TBS>8AE`O)27iEas$Jd3i29FlDE3P@)slu;n_@k{L`10#n{fvGQ2_CGrLn< zfuq6DAI#Ub_Qpgh=x+%e@Bb1`b=!2OcopN!VK3k43NI6^=o2@aiQ5rJRXa2EYmZ@E z!Sy8;^wCcjopL~6sVFuMr(P@Y`ho@0Jl;q7HYw!lJR#267qGMT5~>UeUYq`dhy@R= zHGY0vC2G7W%XmOwv}VSihe8X)f9>XDN>J1(qfmDXzT?7t7`h{tYj|; zH$p_JA9Q|&)dWK&_zdHziR$VUh9e6ICYXIL#L-*FgwaiBtN5Rr)*R|()q zsGCD0%jg{E)ycF5cdGkpn(hqOwv@}V7X?NaK{ai4e^@4taP|w2uB?GY zC}ZlrCTQWVrC7+)p{uqn6~bekea(P?;d)3!#Gzw`%H{KbO^f4EYA_PY6YPcmlHkg|tJ2%)3 z3$?P;FUl+{s`QUfXz(%G*xQ@E%%|N8!em^qL{C6oy{zcob_Je$9dN3LNQ}{*o8Mm; zo!nG9JbO8n)ci<4&ncUd;MZVhiSrJ)ikI$b?U6msJjt1m0ld$3j*uG4WcazkTWqb} zurZnndp&OmYY{L6sq8JR3ZbdoPYoq#ynmwSeYCH7a%C-J?rChtP7|JehG^X4WD--5 zn#|l4i}+1R+$%LPdK#+b-TFcEp