From ca5dba0b52da31264f3472aab3b8dbf8d382a783 Mon Sep 17 00:00:00 2001 From: Sonja Edmonds Date: Mon, 16 Sep 2024 14:33:01 -0400 Subject: [PATCH 1/4] Updating NSG configs --- docs/security.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/security.md b/docs/security.md index b7b3804d..39ac0422 100644 --- a/docs/security.md +++ b/docs/security.md @@ -105,6 +105,12 @@ Application rules allow or deny outbound traffic. You can use an application rul - **Azure Government** ![alt text](image-26.png) +### NSG Security Rules + +For the MLZ NSG's, the same rules that were added to the Azure Firewall as post-configuration settings should be added as security rules as part of the defense in depth, layered defensive best practices. When adding these rules to the NSG's, make note that NSG's do not support FQDN's as a rule processing type. Instead of using FQDN rules, the NSG should be configured to allow all traffic for each specified port in the Destination filter. Each NSG rule should be configured to have a source CIDR range, source port number, and the destination filter configured to 'Any'. This allows all of the required FQDN's to pass through the Azure Firewall as the first layer of defense, followed by the NSG's as the second layer of defense. + + + ***References links:*** - [Azure Firewall Policy rule sets](https://learn.microsoft.com/en-us/azure/firewall/policy-rule-sets) From 624c0525c62eb9e8f61d656b593abadd78539444 Mon Sep 17 00:00:00 2001 From: Sonja Edmonds Date: Mon, 16 Sep 2024 14:34:47 -0400 Subject: [PATCH 2/4] Adding pics for NSG --- docs/security.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/security.md b/docs/security.md index 39ac0422..2e9f97d2 100644 --- a/docs/security.md +++ b/docs/security.md @@ -109,7 +109,10 @@ Application rules allow or deny outbound traffic. You can use an application rul For the MLZ NSG's, the same rules that were added to the Azure Firewall as post-configuration settings should be added as security rules as part of the defense in depth, layered defensive best practices. When adding these rules to the NSG's, make note that NSG's do not support FQDN's as a rule processing type. Instead of using FQDN rules, the NSG should be configured to allow all traffic for each specified port in the Destination filter. Each NSG rule should be configured to have a source CIDR range, source port number, and the destination filter configured to 'Any'. This allows all of the required FQDN's to pass through the Azure Firewall as the first layer of defense, followed by the NSG's as the second layer of defense. - +- **Azure Commercial** +![alt text](image-30.png) +- **Azure Government** + ![alt text](image-31.png) ***References links:*** From 5016360f2af0d3f216d3660c9dd00a710ec504c4 Mon Sep 17 00:00:00 2001 From: Sonja Edmonds Date: Mon, 16 Sep 2024 14:44:20 -0400 Subject: [PATCH 3/4] Adding NSG configurations to new branch --- docs/image-30.png | Bin 0 -> 41387 bytes docs/image-31.png | Bin 0 -> 34866 bytes docs/security.md | 1 + 3 files changed, 1 insertion(+) create mode 100644 docs/image-30.png create mode 100644 docs/image-31.png diff --git a/docs/image-30.png b/docs/image-30.png new file mode 100644 index 0000000000000000000000000000000000000000..307829c2674acd878c108442d2a1f86e4d6d6f58 GIT binary patch literal 41387 zcmce-cT`hf*Y6uqQBhPxK&c{4s?vK=Y7&Zs-lY?e-n)(71EF^kNw`91GD#vSMUamKlKkCBnR_Dh~6Y6UOCXoc}D!Y;to-M1t{;QClC|YY+tIq1OO`IZl9T7C#G+?s2I2d0C(H| zey(&n7h3@Ud2&F7m)bt2>$8CY+RIs&m)?<}YcE+MM6JIF8$cg?i=2m4){$<5-+g-r zw<`;m1$y3o>g~lmQ6{=yh>l+e0VwRD6FTN55uz_%Kk*G$7<&~(1yX?sZ5us$sQTnO z*)`^+!_G`W_myr{0r_ug0u}g0{(AyB?l%2tlq=ohcz2T=?()jYN=@SX{nsIP=P2~? zKM4Rpf(vH(pH%o`R-(!OKJE*u#9sL)@x&&c{^~yox!xz@f1UEL<6Y`Yw>$qN0Q?`9 z9{nd_LE6RNwiR?JDZMu+Z*OP!g67IQCdcdVRtA*-b`^H5fKT$LfZUb>hN}{>bw@IZ z^zQoAHZhDrN9JXwErzn^1Pvq4H&;B2Yp4L}@^n{nTk_9I?%&&|bnsnt_@ zbGNqzZo?4xX7Eh$d)e$f>*;$L+@#`F3*s2%fq2^-3@aJA4p)F(_;)PCi4Us9#>VEi z)5Reid=U`ySWqd&)UPCHCo$*u9$|O|1u*Pz(!f^WWkskr__VzYQEsA-wr}5byzauh zjrzlfKL(;mW9ciJVTSGXjW&Rn z8N!a%{%^q~c1-Vf^9UH=N#FeVgh2?`Y~VLzOrQ28-iQ2r`>9UmWZ+72R>5gA`xO5d zw^IFK0SG)>L@A`HFGN$KN^>BNv1Dcxe;`%F+d4qO-pMoHulW_ctMfuqS#;y@_wi{F zsyMBEJa0CqxUtbt*enB_@A3`3YGUf!TADDsr`IfFx@nZ7RZ_W{#>L4wBsd^dQ0p+h zI^|HIV{DvB&7+^|9JHH}F6L^Hc-8-84@z`}yJ_riJ~1fEySqP0pc?(cQ_pi_*3T7kMnDFwenuKIDag_V12@^E3h_nb zmGlkLjjJx%#{+6rLSCx@zB0x<-ml6cv$+QAbiG8J{9L`{Ovj5?r zIzuYn=eqS@VWQ zb_}I%6@HoaxTM?k7u>t+k!ARtxucPcyrpx?keTV5_392(EuA|WVd!;1*G(5#fE%_c z7AocmcUIYMhr^bJ+H16t16-QhmL;IpV{u2Ik^2X^~tN(2{uGKSIy2TRTC_z(XxeUK&#E+gj zm{smDR$+IcCA4C0kz@?kdGcAUN&TSF!814DayMNvYOjebYwHoUj~*#8z{gx07bEqcTYa|1{-1+OUBSRv?ry8>F`VV>5YTMr7dH2F;*SqlcC^umgNs zhrvljp&HMw`&c;GXrV#FqE-k&iR;~TFj(~ zYu3HO$YKpdC#_4i(#m+1AFeQNeji-U$#A4$I1H*A(24cjvVC^w_U`wF5ywF1tgyXL zFw*)iq`sv`+e)|Vrl(A0)9Xnnkk}{>ht?9lYo$ z&EK4Xx^zb=#b$G>8So8&o!B<`#u9g<0v%Q5;bg%(mdlP{-A&1inxHOy&$&OJzPC;^ zGA;o4?sM4JTF-Is6gMf66P`0n7SH$>7Q4)=rPo>2jOkgJ`9+V%2Wb- zg3_OIDpH!xBXIMvp5=F*P^WH0n7R17TD9GYNrM!pJ8NhybU&bymeihlVPqNntLf`Q zl(eg&n~BHUf^7P8;%m4=-(E}`wz^e*X9w>?qNcC8FtW{+apW){+9NS;!KbI)zLol> z_`cZi0X0Kvk9kCg$Rc@GgKgzlaD$=7ojuf_yp^IK02gzxs%p~G=p60*?kd}&u*fAP zQVMH`WCIJ=fh)5E{)o^2sEWh?#@a@W9xH=uFWMeZsk;!?J}wMszA}{7i)vKY9+HfL zyMNT{(2y>Ay2h^FSJ$_CQGhhuUtsqQf+PE_L%Mx~EK~g(m_ZqeGkkv9pO4(s0&Huk zrBk0ecTxInZVY^iM~jC+WYkfTj>Vw{$v3 z5RA|nluES^VmR>7THU0y`Lq#zP)5ZiL#)GFEX4%9rhVmSHUhM&wB0m?tP$qmwUon0yu|H1fzNPmonPYEe^>qu)4d~Q2LU%K> zW`wl!Pz}%txQx2F`g+ie(srhzh7Koukk_<~Gw+BC0tpIgB}oM|ZuZ3QT{fc<5SP5# zrUu?IeK{5DbPtwk#Y{Bj#!YH_^lB#QLjnCCyC-SWiT%jMyk36=dgL;}%wbBd>(uML zR4t#{(IH;g>rJHbWA8N#n+7Ua9+ONX?%;4Er`2OKxww5ZD-cf$i~yEn1hz)34%^&$A0@)Dk%*L_YDTG@AWkZ5=| z!Ry9W`0SKsSopJfb#fU?)?JS~*xg8{!)5dv)yS>6uEj&N(FPsY$^1{@#ij!&?xMh&4_D-rnHxOQfHk^BL=%SWT zA9XIgT|!U3o|fO67Wab}+B23Fy9`LzE8j=A;C`x-ud@Qr;me!lESJ@-<8Xty?IvrP z5}w_6j!UkgKq)@6w84CejWWgZ(Jzd?R@ zeNbr~h)O9ROOC5|m>juSWiM$&8AF0+lUDT)X;X}0&8MYK$&g+AbH`{Al7=rKPz{pI z4MjMLn{~ex2<;axcfG#9;`H>xTK*102HXDl7di%R6*eW2^L0fwoYKS^i`rEl>nc0plvfe(ZdJU3*Ve}?KjqcElkdE1H* zoVTH~D>)|_)W*+w_hfNG*F@mTeok%)2$nFCam6C_Ybj63n3qmLFi27|GhvLQR_6DK zZDR5qP2D@g5kq?>vDPb7uT3gfc==L7&lJ25lSih#O%ueNDqVBh`25FA&Y99H_L-bh z@Oo*e=f3KcG|Hk7;Zno_o4``Wk|9wao6{|&P&6Hu8vWCJB+m7O+Fvva0ELDvJXWQ09DIT`KqQCM$KxGhQg&u3lf{piT1nTkq-A)BoLzx`FV z`X&PT(OP+vdS@Kd_~z{U5B0?6$MyXAI5Nc)g+L&3_pd1A86{^2NPugtmtVSDkBppT zdv4AcpiUKbsl#Z+sY9+9bgP$+R!zFsx|+2h{6>@bG+z=Ha!tt-ZjS3po$n1#)jFh@ z25c*KbaVj6ehgPycA_+LWE%0={=F#xF|cvlcl$RS71WnKl!kRk&|H~M$PNbeV1Z9GRj;EH)sGr)}MZP;_iqq=6$yC#;>tKH>|wO^mW zSJ_6lPUS*&Wd`&5VIVx0w=bsIQ`rNkk@8{FR76}k0+OXSM+#gm?ax}%SxiH}+AZ`e z_HVe$TOZ{Z<#mU@#JoCEIt*EQD(vc$Ty+*l=zh#uVih7)+n1$r70||%`+G&#q?Paq^tSCqd7Nu14z(uTZz3zCb?T`EAIV9}uFeEw96S&V|crx*byv3m~ z(m|42=9^<3DN$6A>9L_t&Gd@je1E9s|2ERi?2v2u>#^S{;U)I8jUqE+FGoT{{IMBY zD7ZOv&a4=`*>j7lfEFU?7`pZqsp~KJa&sD6(d%!6YDfgzy3u?*xFUA%z;Ex&5-Wmy zW76Vu+!5>m?%M6%8xPzp?Jb(u`5M;m#w_4f zg2cS2Sr4OH%D2n{1*C1A8qa#mA|fh8vH_c;d*8{Yv)1fJBet7jHp9_L&R-G1Jj ztIX)zZhT$tPC*P{&~zy1%FVEYD{}tIlB6E=2?05hN^a{D<~q*jWh-YE2_UU(Jp!(d zAUv7bdcNV@_$!jT_XXfcSVRO>Q=|Qnlw5%33c&H&JFlpN+j3$x_W)CpQ~bG$c7)Rz zW|$?i8Y1j!ZHoz29nTEz(G0#EwD=G2dXg*uKls@@m4LSY24esQsxJQj{IdPd|F_ib zzaJFca8>w}uJ6fzt_)Ii5KV>s51OZ%Tl(}rxBoJ`|0MqZd(HoiKc0eO&(F3y_d8`T zzTQzr5LxEH*-pw-gKGii8S55|AEZH7@NISl_QH#XOOjV-65PB3+b#FdMg0X6BgSvg z(}mwSS%g0a6E8sEbC))1Mg|V$o=)_W#dzg7?akG?DXdF48BVM_Kts}tCS+g1rZ)!wB~g1NuIg4 z?9eZkf?2@~Nh&K^!@2wh=YnGD0=1DW$}#)-qh%EWVMHX>U^GlE!&{HQ@k;j9{_|Ks ze?&OUvg(0V>q$M$-oze(m;Hx&j?9Ke^tnx!^XU0bPoK_Ho0L)RDH%O+(IPJC4JGod zs#l}r-y_LuxdL6INo^2ZEtmHT0_Oi49ARDl1&-z|+wLHXkX+s$FR!b0AJ;ZBh1EKC zJtW^?($_WLEYKp3fqW%C&^(kz>TTZB$o;c8=P|VdnbrpJV%CL(xZA>xOMTdZB=Z!j zn(oJQI?sahfCYO9lSTpO{~NRs_cnQm`7g51wzkbzbo35a+V5-^}Qh zCC3O__KCT^;$Zb$b2<+W|Jfkw+Rmkzws6|(gx|__D%e?HgnJc`%B)1ZZT-g|a=qbV z;_N_T&wz6ukgez})VQ7TM3UGAx!Lw>`}$&ns+a0PDk?AZ#IG_^@nDT9=MBmf?-l+q z+WC|%2-@{EI}J(pOe~k zeExyA+6~Rxb_<6E2W2I+8D^zmCE1F6Sp9xGd5526?Xh22dlPYP|1n9QUvJYn*i8I6 zbJGF`9DDv4-A|W2 zctleVMClA!QfliohG?VJ8m1w8UvA1QpW+nG%d}$z@7VY$->r-RcvzL)GyKGwE_3hGg3|8{q#I zAe@Qx-L7XcEj!8SgKR}~`yV(t(CsEkwg&`$Uh=0#`}A3;J)*C0ycAcI4^w@uS?ip3 zxIyA;f4UZNOccnr`LIr@GU!z#?`1W}bhLYSnhLd%R^WTPh?~0&xztNY7m-MZMb8Q! zY)61L-+pKFTrG8qm>n^I@evB!+Z8<5c#!AMl+SC`vdOX6vg&={T#d8D*>K)md)0UW zo+%?A8rL_7qr6x0yP%^R``wuH)umB!bJZqohOF77C~LQ{OJjC(MU#C>#S5i$lYA#p zD*|RxJaQ%cA1}U(eZIPs%6k5${pMdcrpq{@L;{cUSWEKqzUDkS?Ssvul;apzdJMm^ zrDVM(ctlk8c8(4wkPKIM3%_ zWc7MSCxN9Cd-ZRZV~oVxkdEl_5?xa&|L)PgEadyX4f$1`vWnu7Uz*{>SkQba{TBN-_V%wM+|@RT zJ`w)p^tkl`9duCLx%c%3({Ec@e^tpI?^RK75E@;9oiaWzm2{g(xH*Z3k7rM#Y^!jR zKq_mhmuwFYH}^qVFgQ*NQse`~MOeNURu>XA)2HOaz}PlWcYAk{hQ5cSWh15iEnCTw zTDUPsu9T$AY(4_Dbfr@wNY+CtNK%&%`Al35SEr$Ej!j@SVI};?`*LPg6yP3MYietK zeiY<++MrJd*0b|Pf-QqRqA(DZ+0Z42Z4DFDkDS~O0^E<5UA_OUM(H}2+KPl;!^*pG zl+Ncba{?N)Da*O_77%6%;sW>ovD(AKHj_RPA-Q#y=jLupFbg_JWzgr;=wHKbRINw1d8e$)@vl!ZtBQI@t7<#A zOpSO3ns50z)h3CtgRin-NaG-eMSX^Q=y4rW4q%w}#atBE)Q|xTToB|DRpXz)u9}Yi zB~XC^<56#rdN8o){ubYcN!|yxjKEIIF=K;K+5#LV5n+Pl;^o#QcyWulBq@1LmwqrS zjX#_gZoER8Y%eR7S~dU1n}raY|O|_Sg)Jeh=J-t?FnsDqKf~jT)Hp z`g_%ZWXnb=*t$H`ymv?c@gATI91FzF9?lfxT%MWLF4c#etcbQk`DAQy>}q;D-P^Ph zejmuZk#_56mt#WQuEUqx!iFM??7n6>`RmLq@ahIb(Y_<+vY_Tx=a7GO%m!{mBcKJ! z_EUA{>0$yz1fO*9I~e^F>oG5~nZ~7oV@Vg8Fz#7ES$STrkx})g5?j8S=H{9yQcBFs zSyuXo-bJN%Y%-P~Eb5yA{q=i`d$*21-GFER?8bZ#<(2`@K*fxkBlk#+f9MbC0{z;Q zBPEOd|CbnWP4bT(d9o}etrC%g&5Mw|2m!@SZC`XV;vtTXWhZg;h3!9Sge!WUEX!oG z>GY5Gj<*ak9rAtLn=#rIuABCg4j#B~Jtv~Dn4icqi z0gHOwk-0T&|2Q(7!Ih}rV{Go*sds?olUi8St_P=T?A-e2ehqgSqj>0q>#uM4)x+$Yn?xKOxjS zzV0I88QdFP;~Zut!1DDMUn1?LlhU-3vShMcsrXLhh`zJZ0MpdN+(jrs>bm2{14@RW zp?U;q#bfE#qw*`^SBN?!lg`YPolyMP@t4oX8az4SR}XT|8c1yEoQ3QdZ)Rhq7_ zL?h*$1pPLRdk7B(%Qu>o>}UR+v88yWfy9xCU}W|CznSaR1IaUbe;<4H-QwJQAV>ya zAS2pr{DO8F932=aCt=7NXkcG{1%Us`b}yX*Am&aJ$Ik+Ir_wHKuSE26|0ANRpoyMp zJ$hhS*BZz(I?Vr1|7Ey=X2~IJXawci>IExPrkE6lnKh|gLPo&1Md!+7&ss(MMkR%a z#lv^Ah;{T~h9-1t+UDB7OYVLQd^%@zVE#N=H>IVxmGLZ5U4&k*fOfy$((L!*?3Uej znC1Srsp-A(t4tZsH{yva8XBGiU|vcD;-W#F-r(R@w(M zmFJ~&h{!;?UPT7=y{^jHkZvscwW%Q1Jd`LS$~y0)Xh*qmV?z9wzn+kn{8|=WLKz%9U_Vq&tJ- z`)wD~@rUYUrpYbrXH_dxEPrhi)6;bd*3CdAr!Raanlz5iU>r<1p>@}MWJ)y$N9`HV z^qx86SG1VQyr4J=# z;6gTc|BSEKcdJP3o-TiWTQ`5LGG^E+KT=A-h4Oh2!4%rUNf4Y<5 z*QoasLSav?T9}q6Sb2Znu=1!B|@vC}_%G@s<)FWv%@s_{=lY453O>XeWvO8}GhH*F>)k70~ zPY?6OXm+$aw!r4;mr#wslcoBe{xUTDkM}NmY`-R5aUV5B-sfpp6T zX?)(vi&d50$ulL4z7j!`AV8m8{N8Be&k3mVtKMVxMNUG`{(HRbwhI z)2+LN1X{DFotrP7070-7R`IKj+`CHiH_->X_!3Xk$E-T*yXVFxEHTaeKF3EvUk8Tz zbwHHfKrIGQv&?3P02-LqX)2h$G{JT_nrhzo1Oi_)ZM@w~^+B`6+%;yxR3U^UXaFxk<0r7b%^}Epae;?` zbj<_B9#QSf68uff={cHqwAi~|b|X#{rCF;id(W`GBxa}7qeoi5n|@O_q(}^P8uxP8 z6^Z1U&N1GF+xL1d#e;0Gr#Ri=n|#y~o@fae96NAMppCuJxjtk;{?#0aTgbv`TAte_ zB>^YTS@mQ&F#_Flx;6wEWw$}KMc#1tN)qeT{(}dhqj!ajo%(hhL9#4zx`hiox z7|8(Z{crGSV?*4ImwOEE)5Io65qe97Sw73?Yw#T6?1OfdD*I;BneD6xW96F2!tA9YwQ{^Upi%#2Zc($ z@a2#K?#|f*1HaYq_dN@o^w!Gox*jfFP60XoHnjRqADE6CAM1(L?`qHrTn6)%)ioA#YV<1ISeOm*3T| zrvVmOw#Y5X$E&A>pn2mWWd9Dr>sS$OWk0yzM0H#E7o}Y1Zb#l1R)ZAd5k;*V6(ffb z#=XvR!UeBdgJT*ibTlVty#M(J4WWymUvh)H>>{Nw+r4M=^BZ3aK5&uMwKrL*4tf|b zQ$@jHvhAR7OwzJ?iml@ttiS*W7#sO%w5j){(GasZ>Ca{{<`Sps$F=Oti6dRnMp&QD zXoYeWm`T}-Cgt2{^C-*=+XY61>2a;Qry>!UcsxMtoU>f4;d)8#{oTSW!ru#gy zPms!juX?BIs;^mUhTo+?_mq0lBT3Psq%aO&-e}bxlP5Z2-7m`NSfzid)WDNf;-2~V zQpPSW&5W&zexy_kq*00cl#!Afv!rwKAg`)hq(7P+>Mhsp9x%4lU0Bg$^aQgp-_?S} zA26*TdjdPB&At!mGbT_UFnhmeRX*<8tD4v_Fp?P88|yS+94c{1uTXg1kijkPb(~8A zHFS5k0mxmG^7?ju7n+aQc@g0Y5UVJ~=x23RWQM?|Eo;r&5YV!9A))7HZnkMdFZhxp z$AH=9*o}L$il?`(l_U}WDkj`}69+1hd+$~RJqYO5-I-o&=;v2PlKh@f7hfp@0_ltC zOjzLVYY%4K&hVe}}CcwQ4Ir_CL? z(xYF}CEGQR_e-W1{Xe-`v})6sZ(S|IJum|*HtEp9D30y&aU0mS5&apbf@M6M(o_0<8Sl3 z#i#|fuCmdd^V=Hqvd$Yry{c+|%l)YoNKr;$0zU_tX))aTv3&^i>YUgAWwOX!q<_Eg zp#{O%OuQr9@3k2Z6>pN%?zaF9Ks%3K6~ZK;mfT5l;X+2#>xyx1DFwUW`1PCt{2X)1 zlfh75!(r%;#ssGAn8WTb&n|Wjkvj`mR)cE%y4)Rp{MK#p4??4^CRT9CTD(?&8f`!p zrM))SyV$iIzVVab@`?JF&S&P4zaAEawO*Q~r|IN7Jl7chTHs&fGfZ6WRzOWJVKy>) z=lVKdauH-ll`KgyvjIZX*>qp$x4Cq*MfxZ(utYXV<}pbF&M_4s=WQ&(Xz%M%wmRFfqs`8ZtY;y8VnZ+UjDcLR7pbL3 z$lrt*H{@Bu4l3Z^mPWtrXp_bvXzPZ&DQuG4ZX+9&KuzCovIDzfKj}ASofRi=2_UwK zt;@Ne!hs-70<2c~G;{FSWk1md1qCV@uuLb72w_&{$7xF%m3O;RnnjT{{u%7w`_mY) zzBB7fMh)kwlor~?Mk;lbI_9xDZjj+?(`jUfr;&;sj1DB;O&&iGUv|GGVsR{nj~{jL z3(5XzUQQGOeEzhSM-Fi0jNB=^a0}Pu%Hl>2B#yN*Wj5@TL(_ZHt6%Swl1n)!SYB>m z5}xXaX}D>423%;*H$(dq_~d%4x-&^*)Xg|`mXux97Nt`7SFTqMKrg)7uBv8AW2CUo-a>Dw{y zDAmbyjrqQpe&ARTDc$9E?;wUfu}B{|Itp4FZXD8cjHgc&V9H`!*3iilPH$^M$Yqac zcCYdR`Ic2Zdjz4OtwVf)zI9xNX`@#MWrRT|JJN!*@h{|7y)YgfqR4Xdsd_DCWW|M* zQigdI}DKkhd^VrH&mozhqxM`Qo zLD!nfw;2jvcjfOP3M0O}wwdGBX`ZY(`x)|Mv|@RHvdsR}UDUmF>Sf%%1AOlvdCcx& zD;iaVZdv))q=_>DP|HZ{ihNW$x3MCzKr8*6?(D5 zld3~q*_COwVr;&kzb3w;gi~5pcT0vQ34}H2EO5pb#lbaJv)Jl&OTMsRstw1}Yk_X6 zE$-SiFARL!0_5?beoD}DN%8lgUM|?Nf#NX*f4eMdbU>Z&AfWxj6o{}i-)r|}{05RG zIPs!R!~Shy*ui@>h+x#mB&U15$IDjzRMhG#F<4F8eoY&2%8eAL$9^Kr0nwcP zDoO7takBMCLQmEVR|<@1OCO9tE};Xby$){nME$xpu`;^=zAu43KQ^#tW^!dEYmp3a zHxJeaU(mn#r_V(9VW9%cyNMOrg^bpM?jZ-s z^SdP$KEu1W0d~5miu|@3;W2l~G^@UWe+j&`Q}JC*;4zkByGq#y2{IVFS@8`BsXLeH ztE}Va?e&f2?h%zuXkjqO3SA#E>kqVtUbb|=Y!pPz43ejxIhqjY9?O3qziCFo-@`Eb zyT4bN%@+YZUYI5UFbwxyx>Q{76LbYj=ZPy{zQr-(LQSH26@%JN`(Makp+a7{3{-B={>JE;t~8$Y#5FPqpwLe%bz&pEt&8!I22xSd>g;o-DhX#3pZam ztAf4iXO&k0;`;rOQk|K)ijQ$zi_+CpnJ>UtLzK*YmB@(|)nrp3SvCvW8Tf}DBBCdY zzLVQB=LWU;q*iR8v;#l=Hvc6<&;aCKZpL2bUMhPb1GQ26v-7$OsdETI&+i3h-&U;p z5LbIV+27uaZeudq)!z@)^6N+~Sci{%+1jHxUSW+2%?hun&tuLDX5#0lJ)RpZr}*j) zuvWjf83?qv^R860gc;A(tj{Ij=O{UT`&0t(Vu>dSvQwsT`l73aulLM&EVJ0Rt@ObV zBQ#JDFTtDkTV->at)!)@u3CLZf4WkVJj7u*efrWuW{Y0+7 zL%~;Uk@9S{8J?9($<7aH=XswTM4$H?o6Hb!xf6u%q>d;u*@fPpGL)XXvNH~$S4r{c z=BKhA88~7zj>?(4s2)zUga1ehjisu;z8u39-JWXI!Y-CAF6nWX%kVEqQ?oU=`mXL^ z*%}tRI&6)L5ahXS2cl;+*$wV}1^`0N?r<^>MAw;h>Vm^&Z1!dvmR^=9A5kg+HojmT z5Z^^4u0YG8I#nVRZ63<`ds$R_{AscgI?y(BPp^IYe!TQZ8TskD%|p9OY@?d}gq6~? z@d9g!h5b>xcf5nTifc-$CSXIq1557bIehi67m0Ovw^)O+Py^rlS)yBq;TbZp-$=(jy6!dp!Ma zd4$^@XBU62yadFo;IQrz!nAH!swAv-+r)eMa_A3MFrA5i>^(6P7bkrpGs55Os;rZD zyJL4rL^om?DzRB~teu0JS$#_rL?xQ4%?uqn)lAZ66(@Z{svwL1XYa|+Z!4*S!oS)d z0orf=ugTv3;r^C)?n}jgchHE5(jI0|008f9%eS!$k^sbR{DTT}H_C*s0{T&stR@zu z)0o}S*Z?C4?D4h1^2~|@mLv~gOW%`sUR$s1Z6#1!;KtrNBn)3dCW7vWUIh#;wEy1^ z&;QL*B>g48j*>$rc~vQ0^XE+CjyH}?G)>dv+KphYz!qFI>DmdxV^3Ugs;+#}RtaES zd{>&A!OTwSW5=Ze>ay&yBV7%RTxb23AF#9U*%XQ6Gl@o)C`3W4P{CKe$IO8(-=phz zu?_%>Ys6Bs9f*iSe4H07_=53V-a_`*r~Z8oV>~u!HagpATQ>2*#cVW5!|U@6JZ_t& z?>A;>U$NwrN02PHVA4Be#OFtJer;oaLgRo?fn2AXPr1h)KM_)z^psfuD&JQ{0{EVF z(jiPP*#a-JN8a%L7YzI|xg8@!ECmMYf1yStp#NMvR^|yqSu&PKc>LeI5Re&B5gSlg zFMAx4ZF0__X6%*57_{;99IW}AcgCmw;?L!rklxndUrhLBda{R<0zx>fDJP>};AJ`gN~!HKewlP;o;>#B7Q=fmn}U zim{axPDF$J=SBX7_J~=%Q=tmli=R8)6|`xH7_gVY-CiRtv6v@y*9@Z!bbITaSGC2J zG#+i#4F3MiA2^JhW3x=kPG0pF+Vule5_-sSghU%{39Qk{bczj8^mn(&lNrS9Ba#Bc zlANT;7#!6IGjdXau=LEFB?;4%mhbvEbK7p(-;NHeHsQ>C*xWnGm)i5Hmh-PsF6Cu2 z7o{RPyuxkfe{IndmCj|^7hcJK(ahCMq=|obHU;=H2L}+hS$!{dsjtNOKG1P1{kyy( ztWP%tBUdG(j|yE$$+(Rm7ZehbHHhNk(lOO6Q4F+kunWI>{fP*JBs0U*$|+`TA5w7| z75Go65qjH-HVDJ7|bBu%EoS#s#J= z%<`u(DS)$H;4{5kXM(u&ACsK_Fhr~WW{9n|{o}l=EaYr2N!y!Uvb-}HT+*dmi|^!o zzSr5ru296d7?}Qc__yka6^1$gydnw5fY+^i-Ptaa6Sd+_Qd#H%`MvcJAcQAEY(*gp z9==VwZY*Km!vN0+L&$fwj`&XpL(8eBLNVQIi^=}WD6f4{sb5R_gi>v_5exWpkBq3& z_K9myb0l?)ND2_?APvgkpY=B9ITOTnm zvGISCWoLaD-yIWsm(3b>SH)(o=oO@De;3t-^Re{xPtaqD(H210s(RdM?4)XZ)p+|;I&t9SF|M5&wu$jpk>Bkr)@~3PWPUaxvf;%y<5r|{*y@tK#K`Ewc#x`na^Ra# z8=MfJ{$xcPbIPZu zGcPMfQRZi?pT-Iw?m{-m) z+ev%YJ&wLAX`&#M>z-8UHrrRzuAA!V@FXCM^BpPg*!-Q%KX4iz-h>mrKhnJkujd%v zTL-3uVN-i*Q;hBf$5o^kTHo)h`q+Q&ijBiCu~|dBWV=Q+K;?I4(QgSmKLhs-r;T_y z2Pmp#>(A4TEw5z@QtxHQ4%B&I_EeDCEkiWkL8N%Rpc#|4+mM6|vfonm*FD}67}tr) zXg}strnL$rFrqeMtm=cz*Me69Mc}B1K8{n3gDispkGKBbk@Ic%^m0iS5f- z7qK-R&KvP`4H1elmcP1TI9*buoRBHf`)g9%f%9Fj=S6i+RwQ^mlR0WD{7YdaFAuMm z>K9Yw03@=X-@VS>)wq<;moDLh#HQ@z%6h3CIzzuX_OJrc7iZ00K@|Ij!l229%WM}5tMkdcj^LWa-EBinw9Jt1A)Dx!StF&=Ga~;z0#NpTqI{Sn`A<1mB zUf><}9HYCW5}>meAF9tr+&?EcoSxCA%R28@1p@iKVy%f3AgKsuYojp}p45wUU9p1V z1J#}zhdt_27*+9w6&iMy&TMB3`m6YkVdGjg{Md9rbqC_woE^v>WHaK+n)loq7)M>@yj5#B&dKNe!+?-7E zjmnwO{WPAVOVd#ggIz^8&hquS>qWCNN*DGx1($y6EJ($%ycAa199rIam|+t1Y8y47 z#dr8Epi{i_iCPwgN;sxUiPKT9c1xyj(_SYg8<|!zikd3RrEsuam16HCZpg481`#4D zVXGn;nhp;HfLXl_%TeCFDpoTk?-de@1mdrOt0^JEID78nhq@@CPW5cI;|FqH2H#-< z(53szuQ?(bC3UBZLj$D_?$UiD_t`n0Z|<9c6WgRR+mk|=zFCHa79v7bz#z(0Nq z4-EUyf2@xSQBX&UKPdBPN?M;7qwn;;+jVoUGx;Gyys0Z=z}gWh+d=fAsGtsN0Bn|&(i}bsX^n;0AmL}8*g84bB$!ez3=g`S9rsz>$se12h^f5& zlf*jaMH+@r>=^DJhWH>yw}NSFtPEl=r8}mW_aTn4MZoJ`r{XgythaTpTn$%TISXV~ zjxPjVSHfudW0x{ZV78_|joC+vwE+y{%O>Ufm&TROALowR9(Hi5-wVEM6%s@%jGJZ` zepEiR+b*oMuW{~`@F3#c$7B;GJQ~QQw1>~4#9Wcu39_OeS{HRt#c$JD+}Jq4Uav~M zt01KbcErdY=y7%dPklg_C_cPa(Bm%5k`n~xy;rW&(xji=ZH3(PY6r9@J)cXY)yUAy zX_Uq)KjSz6ds5u(^8{ff;!7))-*hDi?QY&y-%~&%HErhtv7h3OF9@;MjCMxfDrEbZY z^wesYc_I)Dv(oddWaCIUd&P|u${HpC3;Tz+*o z6+#6Zh}FMZtWl670}RLrzswULOCEVTk3m z&O}`F&Zi+4cFfz+SbVudwC@1@IwC#TN;gK^e4}6*qy%TWsm^G9w-O|1qtdp1 zElpUW&unUlFXQ(k;qjRug{Qkp-0$^R%GAmCM0j}lu9l}%kX#POorsYnC&|1|U=kSs2@}j2B5)Y&u})jxDOCye;Uz-*O<&Bl-2L?j z;TH)6FN{xtwgq^7$Yv$r9Y6wmWqj5$wC0zF?D!UXKAx5La?#^_|4Ziz7YwmhekR*^ zhWqlP`i-tZJG*;OntMoyWf}el9gq$#*=10u`Cl;B!+Es5T20s(w6fba;|94Lk6qH>2PJKW|N3qUa~3ix7k17lYh*uaNKU#Q z6szEMk3i9cMFeziC3KISs{_(@ZD*K$XCMhWPOR>YH7f6|<#&;av2;qrfZfvXytHwS zKZbzH4&iU2!OHLgHI-I*)T6n*Ek1w{_o&|Y$$8&Sb#{YYcX&S>hd&AG5735Swe4bz z_sbKcN_3SO9fC%}SLAE|h3TUIjp=~hSq~qbFV7Su9}tInsFKGn+#2%{j4i>53WQ#x zyN|tQku2Fbl$92D0&3Ujxi?P@_?_x>5$3-i2dqywKR+m-|10rC)(x%rcIf83Ly29_ z3q486*=-I4RcofD~n;SvHF zl$EMJ8lRY$sEKC<)Pztn0dKU@JVccw9bED~dx-FtHTzJSXDV^jimQAPV`t1!GN8?g z6F8_+5|xH&?do|yUv25kp7Dyls&+A^#!?xmeyz_#+Y zsg9Mj%G{C|drh8{)#VTu6U@>CX!SM8)9O;wGu6t0nnZiO9v(>*P^(OiU8K9wsJJyN z4+bGfWm3GubRG;%iH01_5LbP$2>(CKy>(pF-?#5Sh}ejNMXQuF2uMi?3JgdybSTmd zLr7Z)NJ)2hOG~T7NDMJ_cgK(e3^BhwpE&39y^nM52HQ)jy${%1{K+M^mTPm9+H0sN^@oxXLbFJ@JUCxwDco7GGI%KrEk>*enuNw*{ zMj&6jCf?*xp1UB_zTqg2*JFu*^pVJ7+3Yi#TS9L%h{KCy`P1LMpVvgZaJVL3j^|rr z32h~ssv~X|vqC^Ebe372nnf8n_+ zH%Rq{%tq%9nLjtT!?hn;w+#VRgZer{vm38pNe*RwoFUhF|CJ%Q!1aq(lR@OhxlSNquIp<;Ng4f<~V`=3^2K-UPR|5$TZs* zVTVJdbn?FyW1!+q+INsW_D?E!IRdocU$6h2+BScG2B;DLc{%dGgpiQYmvh`a=TZur zow(_!yN|3S4QCF|l}vk7(y^x|5{x!RjmCWEU@!joyT|0AI;awn5a8^CrhIo#9CXGA ze3ouy`k>RSESO&gpe&9C-Br)*{x)3#@gEh`CyH;8BpIrf0G;(&=Q@sj#A99uY)W~f zFL}M4?tWxHb6em!GtTR$vO<_oDeWHUC4k zUoL*{!`<7f^&0=S7E;>n^~8PH`q(RuRXebo0ZR5@^n7+M5Y_(yuFMD1+Z@_}grcm2 zpt+KhUnW~IPI=|fX2sSZP8o9PcfF)+70rlcXXeiiI4d#}azC<*xSVXUNo%3nPG#${ zY5W@wxn%kxSA1h6xZts$JWLL0r^!Sayfz?DvMl2nRQ>20s~E3kdi9U!yE_Pe7Jlo% zD=w6*iA>522w6}{#dFvS7IXDUC#Hcm`hS}H@xD}xC4ZH<3AG) zw#2gH!)OxEG8UKjMz~nb8r}Aw@>4M~U_6O_k{mDU0MS@gv*y&#+VrD^(kZ&mW7b~> zei6IhV}DU2P^9Ml!9The8-xyAS9Y?t8?I6{B5oiao5l0ZcrT@X8e7^ete&IlxWWX5 z@nq~Ac!orrOrO{6+4)oF_52}?xK&32jhVDbmh7g_`=!`0N0s&l$(?_b-ZgUm1Dom6 zwQUAU_q%34_V^`Ag^mLfroaR9Qu+MEtF_}dde1auR~}?tx$5+?&N2;`AYK3%BvzOR zf;?LNZF)24UO>R{=TciNzusWAFa1i-Hs}5%#vm@=r}A~t4)*(kes!MSDRGFvAL>T3 z3eAP96N?Yc?HU%ZU4M$iE9|H)ra2Z$oAYEHbFfLWUA$3C!LXrs^X;S(r=C|Nx>pGu z0Mcd$tVjy_C|vnaGEnP?yFzq$uE?LM!6+xZfv68d$o@9E9_oCZ+u(Nn{ImB5-V89e zc@M8;6Qk>w*OxkJP`}*?yLlLb8acN-GBRQ@+_j1hBep0>?InSv+qU{KmpRJo|KMeB zH)+^mFdan&*(6!>(MxMbEvWL|FsA31H6UgRn_SGsscJ@5Oi>9d!Hq9Icdmrhs+7jl z1K&jf^R|2e>C??e}ilky>*1Cam~0^a7XK; zmP5AN{K}y*D?$16^b*Ry_+0nKrafQdx#TL7uCljWU1UP~4@m`` zeF>l{VZ2OjbWPa)WIaSd) zqvFHl+;9~#DxNtHjl?51Z9A2`$8R8pA6$ZX`{@b|m@;FprZ3mMN$!}}U3cH4n31cw z>s!qQ7&uD8yw?owAKJ-ZWnQ6SQ=3>jd;ouuBgKX~6AM>OlOx7l|s0%)_W z3pvlMwyPw;4zD zxns8mX=@mopN_zJ*9-i@Y12rg#v^d2Pbxd7o?cpHK{u@;^Ya1{&nq|CbuM z`6AuS*-J~eb~(t&c&Rm9TL2v*DIqoFFs|-f(4vef1_Fw(^oOtai-1^ES|Ek>(-VbY zSJ>O38w>kd1!=w#i8~PSA7|_;P21BkBH9HH1lXWLb*e%Z1++mAq0SY*)@j~9{>+}Y z9r&6AEr6!sp9Y%E%6N?G#cb3Zp*PQ(!duFgq|00 zlnvTPP!vqwlPQ|7;CjsN@?LG`QPX#uuX}!Uz3SQzMbf4hC{OTet@*$c-j21e8C|ogT>L2Msl4 z+l9@O)5Oe4_epe?0R6q6smgR#|8wXd z>(S55Vz76uR<5vfZP(g+nPXJ(zD(wP30Z6IYpJj5vP4%RgynV2kr&Mv8byLF?cjLP z)kZ`*uZHZb_{1_rZh}tqa?~0kZ}){B-x20vi@~_OaO0!F_6_+ZMoR(D_G^NN7i5V@ z)jrPC=y52Pj4UwSD*hs};K14Gk^sMk>L-8yDTdWD0_6-l-i+QTQXg2>ii_1Q%$vAE zQR196${|>ZFHj|^#?6P?30RSp;|3O>qZ&e$0T%HWi$tW$< zV&GjRP8zd zGyfFDwMdnublnj8gle4>cFk}_9Q*HLkn%!;w@q4bVP6KGkPLF1xLOd^*@JNg{AmTA~0dDVk3 zL0Z0mVDd>4)CMd7k!1Ke@R1^Q>SURl z;1LT^oJWgPCC;Bm8UN_2CT9!n7nzH^ZT*>#*ejlXSKr?>bY%&TM2+1fyrJ6gR?*_A zwUp;7=8z^eVVHB^g#hnRn=1L!FpFWSsTZJH5J$u+1@i_4UCgb7PMIp{v;mphp^2?dijK=_D-gWO0I>S*9YM@g5+$>W&o2Fe8e&Ot9~r+$wQ{bREx*&eXL&DD<%QR+ z%SKDpf!uiY73cp|TxJmtb`3kqGRgazj8=5pV^^b0QP;fF^{_iuu=25NT)^G zR7v@Rxx$)>qR1T$ef!0vIqsKLZS_%koGMM$^KWYuQ`}bu=tM=BOPjkp-90le#&;qI zo(Y7w=1lqDI>DvFeo>*teasHE?z-+$@he=(7F?{7*=O(pKf51klE3h$g?xLN_+Ww9 zQs_&Xoy~G%GUSE=Z=#C|_PmtW@Ke@-3|}XD*(F&b&tKhtP_Ze|so7TH9>zbR*x;Ki zWtI{Kj2RDHR2)J*^=@sGTT**FJ9+J3z*Z(K3TIz)<~IEXejAE%(m12l^D=)muf>(m zW*9Em*jfGSSIHoJJ}4uoJ#n6`@6n%Y_kBfL*5rO+Ih#V2_tFlg6-9iO;UIMuHczrm zl2}ID;NM42+%<$HABZy}DeRlQB*%Gf*^Gk0^C*d&*bkQ#F&*Zn%jtB5$Ks%0c_m*g zws%Xm>f+*w!{enZSD8TmKn~B+qq5A7j~%=PX zZn+H5{DSIg3D01RiIe}_f$Cg59g+inuMOwROVn+CAS1U#_?Z{#8ayR!4(&4{_gJjs zZ0ikpTpXfi6irsL*e%mW(wRJ?fA^0r0eg;%=p2V~{uLLQ+fDIF1`zQw?Pak3fpn$6 z)NCrLd=3M(Qac$y&sP0%CgakQHo#;^`{4Qc_8p|6k*#!?0~3*yx8Ol;=IOy5xwxAX z9>!Xm(_yxGdqIH@eqQ**`95YL*v8RxF}-1Dw{NGZiU=Z<6_1^XZYSEP-6?IltGO1)L%7o$_7l#iV=XgwoeUU^oT_iJZ%Nsu)lfDt}%qxsg zI70?rpvwKK02RVi0L1)Fy8{RlGX{coSeiPIj2V0uDGRN?0hN7%w!~X?lL>7oR*`zt3`AZoDLq$ zXBu2~*Vs?cE1?4#NMHu-k}y}up)3VERZ_*)OKz_XEGi4cH~Ly*T1>758yQm%V8}~TS$tKvmZW9rm0Bs8wF#6G0+8Y~0`6Rt zix{0+nt+;0t=3&Rn8 z6MEz!RrLGoGU8KA%kPr1kkB{c#|Zp;$mkGV)Kb9@)XVpOmxQZexN;>>X$R?#a({#W z<$j09YfR4pN~3%r=!^k7xc{c3Te{xH-Tb9eAvlp4pbvUsZ;FP0;(x9968N3Y zmxK?m6{9ppO*NWcASn0w-jP{Ui!?**9CRRmS38ZUKwSWe-DqcCL5p-w`^=RV(>px@ z_%onyH}j2RjB*08-jb}npvkS}cV99ar>rk@*LPfxy$M;io28(ngaXhh+%U;OeUb`# z=g#bGW1s>&J`s;Boq0@eX_88^EL$v=uCkKI~ME;>~H;$}Y6TD$LyJIJbb^OXXK zk|-U++0Y!bVM{BwA5r$#=ijMoRiA2|o=n)9JBzIJvCD6p8X7JmzRUpoSK#D?r@Oztvf(UHvS`d+~fQbw;`Dom-93} zUCxUc5gVFOqC+Lu#MetlKab18|M=2!vHuM66<j9V8t zCOwa&Voe0uxUb7#uQ`Ul$!crn?tB5LFTyO##B!8W8f)2fjToson094K2oL{yZd|+~ zZYAU_Ayke$fDf%@>K`1_Y!4k89uLZ7f7HKOuY5J5fx$#=XVb3P66D!Rh&dEC63InV zc0>gjiPX?7Dv_TsT>^-zDbSXXZtF?3o5BPy9#5#civEevun@o~V`kKJ#G3{+KjK*4FiJp3GYwhEB;35(7AZ{@TKT$ItpcBd;-Wc`9{u_*=}%ev7P=gW)K?N2T=Jxof(!$Y`f^IU?85zZ^)Kb9}xmIGy(C+cD?gZif#@7&Od+o*%1hLjQBUG^os z?9bilEF;`omc>nJhAy?~G2i|d))v7tVc%e6vzwvD(3VJ{xv3Dza?Ue}5TyTxH_#8O zt%<}7GXmX}`WP#;h>f{0%#!U#?te+JcA)g*jow5JS}F|&llS()aP~R7**mY%Q^H|Gm$CQ1cvfp zRIPuCF4Ma-GgQ-Qi+oAEn)9YbBIppLSb5k#vRm2- z3#c($osPunw|_hv=9_5Dyj;Z|PG5-K-5ou8vE|=7rAT$jZL;|@Y$uRr;kZ@=?_;j7DSvpP?zY`NbM1!hmiZ_r#cy*=YDd#mupJeX@)tz&35e96w{tVhnJW5?0ivv#2%WbT5U(j;W){s zUQIKX^)gsbG)Fvca6Ew=A|z^gJ{MPdPE&cw`l6Ss|@~j|S_hGzZF5988Il z2!9Zzs3BkSlW4Zr`YK1(``a_2vhXBA8S_#fq2dC0Ig1Rr@#C)k+1ZLTgzq9mjF&fOqW zkjWdfk}8D$rgwTg7sWZrP1oyg{53+uP>QY!E1!!#H#K(?D(o9$3Hko@mO`mbDX&ZT zl3}h{>U``_`Op)9UD+`~7n02mzE>``*fZ8@8-{p2f=x@^;ZK6-D*cr^d3OQiPX4GV zIcu0Vm(NZ$8*BWx)X9hpqJ++)V~ODV@{v~p9kM}|tDx$~Vz@+*EK!fW-sFNdt{beP z%Ryo5`+*Rhxc~(`c5C@kQn!R#4ex+8= z0GOLp<&U>Sqsiuvc0x|V!3ZnqMc za*tPpnMs~B4MO*Is?TrA5iGsV5)nqGJctED-yt&0ANMlJFj8HEwNP8`g6+w;ri+>BuT3;I`(ZUXwYTotEXQP=T4r*&R`?;S zhxpGG+$Q`D(Om`wGE6v5t}I;$A?-+{&lFs2h1`(*g)AmZyQM6*J~={E`>RR}Vi?V; zg#yJfzM?8rv}vV(grS(YcA6Hoav4Pm=#+&tSeD7WCW~b%zT-^%wIPLu(c;%u>p&)9 z0i1V<>Hj)q(R4@#vZK$)%xq$1{p1#waDs0i_ZXYJS4cGDrWoe_6|9?pXl#oj(h#HbZ<`~Flmg8JZcvJo}4G@s(@G$Y$%YeN7LIrDWnqDC0 zscba&SaHbp@Z)7-7NAivtah}I1GR>-8YUU3zqbV@(P|V#a!`ZFr2OtaTFwbK6j&KM zE}T*BgzT*9+n>tZ6yr&U2z~I>kO}hj5KE3I^@W0c2lqHjq~#;L0%t4$RgHQsC@Y}@ z{{(Gl?sr4{25FFCh>3D|h=^<_Z51Z{;oFMo1D-)B+>yefR1vxEJwrb=Zv1+zkqglb zyt+8rx0@b{dS^xb3tc}XQs{&Zzd0I0?K-h%oL7234^J^12r*~3v&62N(Z-b%4j%9n zE3(RV8SrY#x=n!)?IIop)_=443X10N-}T}9BiO&!a=vrp21pCC&i9$uT*yb|Hpchz zzz4Wi@*H{G2tWmea&{0cjkasO4ECw<9|tK+DRT~t2t#?}KFU37kh^C1EN5PmvTW&1 z5i;LTMi(Hp;p7Q zg^D0D@Liu=c;n+=>8Q8P;F{MeLS?u7hL$S=n!(Bk?UVhof7=-KDX-cFZ$24 zJ%9f{H3DC5V4_wwdB92?IVGmiv{LM(<&oy57n)jb>6?SD&{~ueV*5waQV+N46mzMVYT_VY^ucX;J4th?xLWd6S0kMlx zS{%F}FHd$3A(rF5*)@2$O_B$G4O25PC^k(x%G|6L9>cwL{dtly)Nn9aduH7IbXRU* zXy`aPw%8k8@A6T<)@e;0SK1a%3)9on>v4cUZj7zNBMR}AZ6Wtr%9-#tArux=s~;r5 z%?Qm_NbV6HOG5RMg)Y2aKM9T{3yZv4I_Ko%6vxLpl&m2%1p*oCi5gh9$U#Ap#}0FS zMVgFU^jWrwiV8gxU)>$lUEiBs7j(0H5jv@@oFUDmc-hU`-oC`^bk%lm@XJF6%yKG2 z5# z;eIZK?^hz7aIwhh>MF16PWppl$*w5y{1=?myzmXD&|O*PO5J~lV-K7l5O!4WREmyH z2*EU;(2Rbhkf`vS8EwA${z&j$@alB02z!)DL9w<+SzdvcME9(wum<@WaW9fQEA$PIikbnn{O*pH6u!`vGa zwL>LDkd1+(I)dA@w8dwq$CmpRis9kNygU}C71Rq6cg(df$^MlB{`UxV^ zEo(#Ya~Cy18-P1}=f!21;fx+>av}Udo-RVrqfKagRP-evAb$MbXst^zD7>B(5pj!w zp5E-|hiJZ6;)g0PmS(dyU>bUv6^%M?KBtpfBg7z~a!@F~S~o7MtgxX$f2`8F?}tu< z`_FPF4Fk^#QS5TMdIeEA(~pr7kzY68R2{^opfjK595?KSiD9-kt3dUqwUm8{kq<{bek#gT_%`W{vvLV1O)}>1wTyW?<^4Q#s@ZB8=!=P z!@(l#FBsn1xD1Yj5XQs}Jux;G?yuG0^v<5S`m?GbGVe=!J6ve?y!bpRDQQGh+-L?* z3D1aEs!Yu)3j-sg`3Plkd;lcD6qt@DlJetU_e3TzA!5p)eBIBYmb16%6izv30Vz)M zn9~W+^2BuuwWF2RI^oYQA?+0q3v~@wVA~xHci;_A)R+-6FCwV&^Yc}s<>o5p`HQhG zsPSbm3ikWFy)+L##i(9`NSLo&P=j|?UrA(m);THVBo#|wI%mNYmoWAu9E+T|R3=F2 zaLgD}pGYElC|=x%(f(b^fU(qZ^Jc0YiYaUQa7vE!{1zQs-<-g|wSLN`-#Ce*NyQ8t zkte$@MhiJ7IMdwy%pUKJM$3?GK41SxBH9BwKEF!+migeE*pM)~E**@;%!~|P@=%-L zw;-X=Oc7G9o)bUPrA&i?FCl4;$DeX?Djtj{vWFnj5j62dt9dLUqO3#SlQ!xZT;01! z%MVeTNP0$0&*8S9c1`)W5&DLshAstyknVPv6D-mT+f8y@Y@Tp@IO&eQu;Dur`hx>u zB9?Fvx87alaa79KVTDF5Qyu68714byKLG;$%xY5*>&ZH)!Cdq<1SA_)sBeB!T2uTzT@qz zzV|5~ZVlNj;EW0w~K^iR8zNB!fDvU*?@__fc~2$b_)8 zyQbZ}eTulpX~SxxXs-#Y?AFy$zm%Y8iyXFR4tM6ojXH*kU51E#Ny znHjsE-`JZTo_$_#Xg~-0vs(-|J{7e&v9_*n6J}3%_;9!({q^+Tb};;F%KRHicx{&&d1pO-4GSO zkdUF@p_||MOA(V|9P>UIs?i*J@f*)#V`4JoIP3eb9q+HNJeGuvhRWEA`xr*wxaW=& z@Mfc70)nPXGwb$JF7=_2CVuajz5A`V@6`JvP(n;5RRJhkPap`J>m&syE z4pYjtgR>_~32!*-c{Moe_h`>1UxE&im6b((d);)pmfUs{*d->_79JIGPAG+V2gu7JYCwhKO9!uU4&$>ewev!<}Q$d3xL!BImQasbZ z+NItZKN1@F&}kAbs7iR@+LnRpFx~LFW!hq3y|?c0;{!~^=XzUb>34Sg_3PbUCx`ab zV0HjApJO|94Oh`uq?e2pCbj~(=@U*vdS^qQYKHnNEH!Xc`w9avn6~zzj>yrxYI)gm zPiJq=qRZomN;5^^>_qT6=FGZ!Q;JDp%d~AB~!wTtp!S1YL z@q(J3ULsh5Nh8EVLPAI^INdOg=D-O6ZcMmKH_e3C@vAlq?*zI*qr|<;%*f_v{v7Hp=}%S>=?9C zCrqN$R!NvudKiq`JS)U?5w1-y+;PL%sO4+hu(2UC*dQoUqF>MZcI%Zj7y#ag`Xmwe zJmAVyT)fV^a!9pG6S}h8n~vQtzH8~xrTDPHhH$iOM(o~<810C|^(AQ+h0`spWpQjk z6UEubn=JZ`4bWdAqnPJmy7g{HV<_w#!tr?HBMdlP4JSKt-ld6{^Jen%Qrut3uAN^U=&zT}=|bak{M-wWG!S^E_ddfw3ybM$*q>})%M zVa!0E%K-HH$<&cO$-$3nSL5=Zg1(c|SzR5F8`5_#Bz50Y8VRNra$e8D zPpeU~6e9DX>)etoxwIyH4mTV+(`TM={!zw04%JiRSZ|!ye3$QO^|N7cn?~{#dPhx z{XxDr?yP3Fi&l0p=L5oY0b6z!_JN`j*vLn$tQ}$!&AMkjO}K(l!iy(#9IYYU+tKG_ zpwQmKgyh31Z*ZA7zO`*QO7a}2C^1T@1a73}P^ZcU_QE(5C$f=5)WXnGv)xL`u$HkJ zt|+?Q=&LF#`^Cb-V$WGwIb5n<5SXjgzNOD!>)E>Rl##u!M>}7<0M)LtDFg;556ls4 zxQ=t~xnmOfjCC^PK)%RXx2C#!Rw;F=94%z&OIcY^xaWt36S1){;L9>|bQweuid&@u zTRpgL8D)TTvyTtjvD;t0t@h9g_{EmEvr`p63lgWnjQ!9rV3GQ6PqN%ZB6o^r&X>>6 zDF|H6vX_z)J9Rp+0d_(Ogg0su5+8Jn^xZ&!8$S+~g$i8|4i6c4v!`Kr1Q}i^iXPqK zFTY8)z8m_-mobdRTPk*jYGR1D%!V(!Ea@(oqLTK&Jn{F3vT!hCrq0viy+mCVDm8^5 z%=t^jAdp{mY7vWl4eF%?s-GQcSx@MJ+`d{q1`or!YC#wXHgeO_(puc>Tqcj2QtCou zDZ}Ql?G25TARgn0Zq2tGDk`)gp_2`68(jt-3o3b_itJ5km;t--3A%3A_jPnU+FHS5 z*#jrT6nx%p#$tmw=Pm1NTc!bYwXlv{^qtk}r6iI+h7A9s%Px2$JzVnUfnqRefzYIe z0bKq!=p*pel6ae}MllWIl+zAh+^bKMu1nNGw76FR-nV{@GC`dUvpX9#j ziVv`>(Cad<43-;qyM$|&Hm$(YMpgsgOI&1(+h3k%ewJ+Cu{b3?Kz3Vzk|yzKW}BeT zMwhVnvY6?2Fcd)!aI#Cx5~W_Pv$az(9b|(H@3@&5j5*e?m-1MUkQS);0{47?r~5=@ ze}Dfh9*GfjO%|O(4QLol7t7NF&8>IcJ{T$xx|!yKF<>%m`{Nyf_P6N;#se2)&+I#O zbxOc!0)q@z$2bvpg`T5#Jhr!3_#?i4O(D9ffBlP?kgII`yg#0PNh0wwi5ooYS5xfx z5d`;D{zNStyvek~c`lVAnT^Rgd_ba<;!-JP)cLrHTA>;6JHTS%0Gn7%sx8AW8#Hc* z$;cMS4Q^m3!Rv0`n)|h$Pw2)}g8H)C*#htqBP4f}XJ4`5LvF@@7RitLS7P?h`t|?K zXFlC@*;}6a|I3+Ee^=JWw-x@CGA97Gx+>i@R?6a#c}K@f76PXg907`I#jKAboHuUl z*FWj-fck=*%s<}`K0!G4eGO)PvJT^+${4zh%b4-Ry#VC}OhDe*KaixO5~$#jAi7=j zxaoo3UQkyJT9|VMOG5|>$X@|6qrb1_C{F28Phk&^wNXeEO~rS5I@2n6kE~i-2?&tE zOicj*PX`b8z^_mh;J_t;02@CuadTi&f7Cw);Vm{=WVe$OW?+CeFljieKbRzTE8M{U zsJ$kBY*fVx3_IW574V1sDu%y6-PC3RG59mF#aLH#^xaM|Q|rXtd-2xxIhY#3u7jGd zRueURdEMJPAC8_OUhT|F!!%sH6fXeRn%7c&({(E3sutY(GUWM3%z1I0YNgR|vun$m;#-aocGLQ-fjyzoBsmht_?PLib!s@%95<^kIS3<&s>VP{ijdPER zipw*$t+OfmaJAD16$LTF;oZyIqhz#Qh3^MhSy{vB2WSLt*nc30(3`t|qHDE5^E{i9 zb5%O!U#2BuKEel#7Jt3xuwEDpVz<#yI$UQnY20F>f_ z0yba;Wx_rK;|+jZItVgBh>Ry$c#kqH12_uC#>PjAG;6D?d-LInW+#VKz_H$VhQ6BO ziDy8-^}+u13mvUD?RMSZ`v$NX6yOz!A` zn->omxH|0951wu6&u0to5vaP*)ft6s1QDVQzIjoophZK-r8O{dOmh4w!y2;3&bFB> z)Y3s-*)YDy(DecDo8>l-HY$StXSj~(Q|-Yz-a301n06 z;BqHzW#Bp4HMdGHTw5LvZzL!I)8Q`?r&aI1|HYy?O6y#Y*7aVth1VgX719}_#ZJLW z>>$7q^|Vm}u1lk5DS*;^Ik)`E##6LpdpvAwZ^`KECxO`|{D{V4O2^PU%FYG_vtVtk`6AeA)Wi%>O{GU34c{|SF#|~9&{}%nmX!F`P3#6 zc4Z2&jwFFq5$|OJ|IgB)VH?n^y{fBSI7I4b1TZi1UXCimYp)>Ga$xJ?0Ow(!{r2?j z5AU4Dj*Soo=X!+^{!`hoy_sw|H5lbd)yeRX?}wy#ZHshm(oLFp*ASR`waL${VCx?8)2UB>288+~d3)NZ%0;)38#$`?f z7Vv-hq^B?NNB~5MS7m>62yKrw+9rEHUj;!SLz@_BC3thKvu7Ug?9X~tx=>8`kluC) zKhpunq2S+qpJD`sw>z)*0Kl;iu19>2OB|TG0aT{XnMxU8?Y(Qojf1nM#br_`6EJlS zm{?imb{B6S8m!e$cWk3A0kHNqE32MB&>Y8#o_y;c{=$3Qa@VnYVg$P)CRU(hThC|K zyk(l~x$1pdfbcGwot^#4e*#!OoUy&)T%F{^J|_z2~4 z;o2pk3yTd60`9>a^?NEfZac45K%*WlXLv1jJr1Hg5LY@fP=$|0Wegd(%LDvbc(HY& z7%;vMLS}Vf|K?fd2gyi6o3`F`>HS``7%J^W!2al(?IYkg8R)m31QyqyeRkd$%}kdL ziL)h?qqlCmNb8XT`g{oIeURufsSH>qfD`y_0^G8)&%N#I_nrS9XwFQpjuXxRVHpB^ z=r(42z;SO`nfj@nxUH6|cFa;pYFDVF`AUtfy6K8eqkBHCju(9E6y5l^&G+5G#je8m zS}*PjM|RR8&!~#T=(D-0Q&pc6?7$Q-XYPj~&w!CRO-{x9c%K4y-*vk#FqBtd};Oo>YrH%!k`)Yil=KUw?-woN-KHOI!PLZNGZ;m||a1 zF>i|BcP&g|8{1n2&L9q`$*D1s`z_e2!2cvB^?qo%@(iy_2(nIE2aLim?Xoa6bu8}8 z{a}4N*)|c+I36oJUJoY{4u}R5B2y06=lvMJ(PYx?Rnq1|4;cm~sNB7q2G^#^8?*$N z2fky2>b(=hqC!JcGcxD_syd?V1{7its~^{k&LGSbV@Vz`d z(&vZXtDsLeXiN#MS_~=;47>*REGk;M^?`u{*CD2SGEUpkNp;I{92_q@-S|pQMn*~7 zA`d4JGbRtBHP8E4AS~x)sv7G8kI3id=J;&J3GtEh z(G$Nk_G&g?Ah!f#~@oPNXcU~v~3(waMphGyoDVdWclEv~s`cDGDj5)-(O zdcqPRvsq$nw6{CeEdp>YN<|e9Gg3h7=XG%#ZoGVvKm|{_HcV`plN1rgi#fA@t$1Pu z_VV_7v)Y8j1_5;BgZl>nhX53bt`ceG+aAGxmSz#LGj*{sgr*B>!#1g;n6dg zLQ_SJcx2*@)q}t-?Y^ktgv;AtUD@9p$cHg$Kt`GHFoyw!$pDMDZT-GjoRE`te%EQ& z9+hC&8jBV~U;^4wIDA)qsk$Pr+UqhyoaN2z#UdZjMjyO1@XtKL+0bLMgb}v{Tbvrn z-e=W~zXDE0xTO`IAYxOd#(wn+g0g!08t1*IaEC*;u{qdA(7~R&UmCy}!4Z=ueJ`oS zTm{TTbPnW-A4_@_nx{XkMmU4uIj^!(%Kcyy2D<1Jw=v;ur?ya!*jCiO8c(b-adKms zv|yrr`CidVr?yvli{qlnE&Jv>D|`B>QbZXHW*a1Arq6%Am7CQxBO1k~Gw7dlzCa#y z`*N#T+Tf!a)jpHlz%J(W2e;!ssa_eedWJl05(zO?eA33K#cniJOm6a9(6syPoyUP| z5_;Do8Ju=t)*5*Ac2FgW<_Q<535GcL{@ux0C{pv___V#do0iKizu9+iVj}b8#DnPE zdjcLzdav^lTr5tWH4VnkE10UgSWlcni!<}ET^W}lQO3Cy6@2FE3uXd|@@V&|SSkPDpQKz}Mjzj% z(f|HHq!I5P6&VTr=;#os>Gky1K~h+h@yd)ZEvhw0Y^bYQWvMNk$({Bg1L>Pu7qK_( zEQ5m+Vy`Z&yi)PB75MPeoQ0K@a%-e8Pj{o9_YD?{?Vp%nAl@C765`^DQNwjrT4yKf zb~3&RVz};-d((D@O5FK=66AM;;~exUjfP~?6L$TR4Q}F9vuoD#j#!w^6I)dItRcLc zK`xq6j|b(PUu!L*hHJ5;_qals&#Z){H|LF{0>>TSqUT3|<(bd=4 z`OUdyzu*F!kyO3SUTY_~3#Et_Ra}R=OgHUtftbr?C_Uflf~gyNm;lWXmXT{}kO3tV z(|29ui@F!tbuXT*QQzG<`8tF8LUcrDKkx?%!5)@e-YeB zbUPMg<>VH2kIDh9%iynl2gvSS9(akyZD|EYWz6s?%n*OBNIKhl}r`GCkK?ab+0#5pEGr! z58{)lH)CPIt($8lW)?2`IbEKiUFCl8gn3kS4>bb@6@5#yqmRS`;LpZt7Bue)GCZi~ z;aGppu8%06oy~})1YNoR8q?;0upHwl>n|;MW@_nX8Y-2(A?X}8;of-8fb z>Nd95&bC8O1f}|HoT>_a*BZYEWpIYI7mUEeF!#%>b%2YAdbiCn?KpeV<%*C=^jeXT zJvI=;vDBaJbXZth^BF%UF!GhlipoD6$L-M!_IYb(XX8AIAEGyRk{&O97EQV}$2a&# zf09nkaN=f2b{4R=FP-naw+Y&ndyy0a=AMUWGVle!eo0n~Kj|y5N0C*oX<(3?m%qs+ zw?xl?RJ!8Z#KOtR-_c*cWUF7PJ0T)sV(#&xC5Vv157J8F@~Z`T`HKSk`cDDwHh;>1 zVx0^uwlFWZnsX(o%%mH-8nd{x#Cj(nR!e2_d1HLIuI1=%fwPru570M-M_tlTFAB3B z17A^dm=^HTBcR2QC05Y!6{fYhWr$riuaHHa40Ga>h8@A}mMh zk7Gfncg4F@Pd>H#F}_q-HL2jf5TjBz7#HV`bgw(b&{~w`m&?6qAvPz`&gwWl;^*gQ zimcggc!EAqzkfpsJoX}-Y8_7V^3g3+9G^@4!FPuR_BdhFO+V2_EABzf**jN!G7_jv zl+S5>d3)}@D$1X!u&~g=++0~sF2Eel(O?t$F!XoMXxK`5Xua{>p+X&2s3a!e!~av` zuC{tn9Yb!OQq9KT&(XoAeS>i+)Lke8)%E;RhYHuC+a1x&{QMfC$%081A6sZ5v{p4Fv9813kuR>~W6kOwY9~#BtD+k&*gXi8gPeXF6Q_ zSKr;0u-t{oCMib4e!DkT4*SIkEhON&XS&HdJ3ANHobTl(oSmJi9TxzKV?+!FzD}(^ ztNM6Y>FbM-m4`{7T2fz7Z6Nbi(s%2Q-{NnH0xC7a<3i~W5z*_3or;YsiUt`}3vU(W{6$*tcpiC| z0gk5*_|ZG7JO0nrG-~x3cueC+Ga+0Q%>V$})s(Qw@$ns4pfaF@m1*Ez(*I7bAX*HEs}4|H|k5)|D3`)%Tb_y3VRSMcm#F82>=SSqDpi}v?IKl}TGkXKLJ zSI}ste|}p0A7^$N5&uI4_uqdr-rnAg2lxN&W?Dm36VWTr`*y$7pGhZrWJ?M;$(r6i z&$~Sv5TSvAEkt@w9DlVB`1c3;Az&hg`M!>GA9okLjTZ{vR=-=1n zQg9O6N;#`uaz)QXI558KiAXL|-i+qlPomHmhW{Hgd_`4C>po83%J{h6+OMP-87HsC({X@^lBKZ#gxU16pP$uBBW@5MO7 zt+ljb)nP?Z^dpspe3qLiU?-4AU=%y>p*?pNIc=c)stP^E>bI`(D12r45hkWE> zb7Q#uq`p!BO|1JCD;vY_`%BIEt{pK~GT=_RmQID6)-+y27%N6f1Gf|rHA(K-G*DT; zRG)^jsA6pY5ku)~3usfgA}wfo)lF-NXcXC$w$u^QtTn$K9-62CH#E|Ryjs?_aZCi2 zuB|Djw&T2F*jFv99n1^g`0w+h$PDH5^z__YTiEg0$<8W1dhM3NE`>VLZSS}*8Mea{ z6LdScCc>;#>_rY)^!D*#Y}fdjJhjvqi%vA=GAaiE@?{tcDGY^X;A%B3w zzs0lBW)+9dQ;3UGA^2s1S20yxEJ;9H#(kAItr?C;mISUx@=RU1YRvprtp9W{o-i3< z^E;{}TRpWyFwT-5z`HSECW2XsG`n!KKPAupmtQg>qoPlWR zcGsTLOo|&QDB1;~D3jLHXM{-pob&8_;rpA5Fj;B1lFwFrokkrYPdibH$X_pmKck{A zFoZ%Ofv>^s;mqwwd07sw2H?Cjq19g3bYyHyn|%U{Kp=RoE*JdW^}Z9qehlTh>5Y7_ z&_h5=)~~Z~ym)Bp=3?Y3yh?ok>FvwlkdQ$@?mbObhaS$gx8JcjarEsD-*|U?lPCY{ z3~CsNC1DxX5lqMcc+FBy&h>K6K}9H@$crsqzrQtH>zSTI^0sYjQ~TMuHFy7}uMw-< zqXP`BH8bRNZ4YPM($OU>N&k@>KaA};l)1uMyYro1qbK-L+*14g)>1iNXE12HwN>0K zX}(pAjN24?uT2bTn@P-5;g}UabK-JF2ZfPcU3LM=)}HN1~{#3+91aefiAof!rQaQNPNeOzr0*H1Rm~cch@K@Btz+Te962npvFM5>!Do$A1-#eQx@iy{UI0k zBFA6~$u3OnZ))j4lfN!={nmu+go2my4!758KTho*eX3y9{)vSe%Z?wgFx3<4I=fd-9|D{8H3Rp!ZnR z&vX#W!ULb+?Oh23cji^lqJhcP|%!@Tz3yrR#xn=i6P(}#Sk z+TRwOeikdz()Xyr0fx6XxjIU3asU9O<&zeW-u?pmF>5Ln1Y9e`<81_11ElW=P|1^N zdqgB!aJVN0q;Hk?q!gcaS-Y|8=sh6Rw#q*+k70P21|z#HfHQE6Lnkh!16av?MG3_Y zqn1|wnadqpp<#uJKf+F;<-*-wJii^ciqh{lhC7t;TZH zH-Z9vXQQYRM&p#d_OV;h9zW6h`cBP^Pqq}EMZ-`@Z@f$DgE+MhjtPENy2dj8)+YGb z=v27Slo=u5)JF)Qndn+Q2WxBVnI*MpSnAE)Z;ID6W%^iGS2Q8_Q|;*|3u_hrd4G!T zOm{C6y4B9+;UryWyK78Xjk#%>_mXcRAx8f6&K2UC5v1l68aBE($;st!zF_7b2u0tx zCht4dz8|rE?i$ygMp|z`U@X}2xRlF`A*t~DeverdoyO_FwR7RY17f9scd|}l{77_sUBDN$#VkT0N<%!Pjc251`Z_0tfIW&GlRL$Wv`YZgK?fDc#5@uz6oe}eXB?}9IS~FMm$eRzf?Wa-NGk$? zX=-ZvEL}f!25v_H7UM#-YPFK!&R}&#dD|epkr-gV2eq@K*CKzwqWhrLip&}pIl{Rq z^WBiYU^E)d3`CR$9!3Ho4P3zB<-%{Ui63)-v=K=#{^tkBM&q;G=VL$p@I6;t#}k^C zv+*15NWMi8r+}1JGQ>DOifuJ4y8Xm1t*Ifiv$uD6b(VaxK3akl*Ux{@a3EUj{>1u-KpHU);c>tjufyophh$4u5nEH9d>N zWnGm58E~R`blDcD>W5*&vDd!%*tEiwJ z49J7YR6+4BF7kmdEia${Jplqavv=v*Igmle$6(X7xBczZll}?_iGgkdHhpAdr0A}i z1kfGkQ_F6qhE+){QvTO}w*nBXQLu!{sbU>f#Rut8M*e*A-IuYKfL z>f!N?Iko3{V4ysb7dwu!InZ?IWEd3tV9d_ zx18p3>xrFWEfn$T6Tj!>&ysgl;eR=Kav&Nsd+eJz&eW~>k&)24>Q|bjY&M%u`UYYd z1io@{aBvu?E}u7dx-jtzmpKA3+;)!!EZiHuuODCt9MRJd$}0+LZ`YF3NbkTC2o-4d(dnUF@8*ZHi29`+LNFd7Fas zPAHX6dj71cy+%(aczH_5o+y2fW|N@Di4s;$4>gZ?LSmtX&3l|Ys)qwSH=`!`kokdS z;2vJTdTz3?rIw#770K6RhjB4%A;i%0Po+aGrduo)cfL#mF23hiK3I+4!az_=wy87h zPJ^|;yGHR7ccK>~0EDEdr+>4wHL<7-wNbV^M}@DK_$Y0>=cTFSA81nAmE!sf9|ui_ zeom>jtDtK_sAW{6(doW#g;2H#DedaXd IXWtwD0%72sT>t<8 literal 0 HcmV?d00001 diff --git a/docs/image-31.png b/docs/image-31.png new file mode 100644 index 0000000000000000000000000000000000000000..7284296adb545f92741cbfa7ede28b2e617e491f GIT binary patch literal 34866 zcmd421ymf*zVACT$l&fS!8JI+$>4zmNMJ&6f(Lhp5W*lqf;++8T_*(BAi*uTy99s3 zzURO9K6cMJ_uci@>$Rw%svElG+rO&%^mjsDsVQJ%P+$N60Bj{ihz0F^+xu+XIQ;zg z+3Vb@OG{Eh-+hG6ZW!0o+7?51w%8lu-sf^PhlOAn1*YJz1q`2qc|-dzBTr3+uLf~Z z$qb{WPLC6V`7=gD%{Q=ohrNeyPDKyLvkMCg(INjhh=`_ODF4VpCOolP2=V`Zpx`4N z{?l2RPPo|L&*7`%xrD%Pg2sk=bkj6S(y{!pZp!YjwKV8FuJC1Vhq- z_anD|03*)`<8iR^5jg25#926t;Z<@|j%Op=&l6KMy3jtwFPrTH|u!WNCb3dNCb) zU@snJcKRN6i~hxR7T=vSvutnvyIa)NPwEC$+v56#S}Jg7kSy68t=`?IB~2$z`3MiR zBuW+gGF2JTkw35At-dTeaf=c%5;}=sL&2e%t|9lxc(apW%_7eI%KX{UEj5h4hrvd( z6uSOgtgZ`CWA3&63EuqSR+-4B3U^Z591g9b;@`0QTrQ>18SBEz@fNJ|2}($Icg;N= zhPaEGZqYggCFSvQAnwZj&7p#_GKRj_zF^DU#a!>m2q|gT`ar^O$Hq?MEWAy4lR^2% zQq{Dii(g+|-S2NbruSVd6AP@ZzaLsUS>fy}tdmzx2-itv0bGp5_R+*iUM09X@{iH# zhu%#MNnh0Yu+G*2!@3PvxQVN#?+f0k`@R$|k?(Hc-Sa!95BFv*$L2SdSbc8uMXFHk zmJrNdTRlfuxfSC`B#~6WW=)G|aDEX_XR}`$3F9H(3Vd<_c;PWu$t9HCI;XOUvUr1q zP!e)h49RlPnK~TEaWTnWZMnG`q|Ll6W&eM!d02C?`iOz%HkJiY-*{N^hGU>X46YYkMR|HR<6m8& z>goZt)>AwEuqJWZ_WTBK5;@W8r$XxK!~#Z=CpheB53RidJq#|#j^dK?$}E+p4xBVg zsF~iP-N`1=O>I|KH6Q#Sz>`t6*7J9FwF?Zi`x6FBWB{v6&aUw0oTbGEv5g-(m;lmO zji&S(>q|#-2cBp=d+2);ik&7v7t6Xk5&M}>!K6IWV?+3`1`i@L@lz3b_VeM^USEN? z$=E#lwI`#pok{r?W;Olo<&JY_v)v=1hoi!_6u+ux>PNuRFjAZHeHG-Ahe>Pm z+$a_$DU6f%UIO6`5J$K{=8j+k^9{e(lpOV zXf&-oi4`n_<~I-w0zKfI2lLiqVyny zuX5i5>fs2h7~Umz5G+8ir`x^bv0o13>V>gCU%dTb@h-deX8^h1d_aqWs{IFVEJoUe zu$=k!j%#lWZtt_2Sta(juCz2u_(6j<;Ny|BBwn3OlkQ}`q4*XPu_un>_v!JR&A5^6 zz9fW``!b^}Vo~I$FW*a~M%>06tlMP#qH|FZ?O%NP<5T{nQI|VFSSrFzY9<(a{L2A~ zkKqlYRpZ8W>;3G3qTPN?QrmH3B#CkVt((1(22M%FUf?+!A@>AQZ3<1`di{-&w-q>4 zawf2LoO@;AO6muuAE~5101@E0ZPp+;^3&0GTPD3?uP{ZuSsHaek}^wtb}{FIHk;Fi zE{=RE?9wi^n05b3?eTDqSEZa4eVi}BI$MoHSQf)=WMq(7u#OsW#giis49eIC-_~Xi zcvYT_))rikP!ahYqlCss%1)E>9Di%>bc>pB&%`>nwvKtpyjjjg?@LbQkaYH?+JUQ&dk30On*T>!tx z+&?kQi!~~j#RqS^>J!v(TMP;oB2$Gi0%&s$Ydo){F~-c2e`>e00^pT5dQ=Um9|uYE z8J;nKx}z~G-e1=iEHvp6?wz*!8aziX+ux>Pqn;MVF<~JKhz!j+e|aEh)QC^$OTkjM z^SfzxK7me1P_S^s>wG5&h=f{D9@115&^KbJJzLg zw?hU$Ryv&#oWTisa=oNks7g-j10-ks0)z3=pVwpZo}BnXr5xN;!!_?Q*-*DVmICk_ z>Tvzjr8PiifrP{bDMs<}Vd+(X!XH%A z_nUXpCz{ZwU7uiRh`L>2nPHW5UFgmJK7}7arS)|FSa2>}uyFFx%1`b!Ked|oZt;Rh zsy{gMFO~|fR4yT!RDcGV7bjM!(M~{tjCZRncFk%qjyY?*?zOlG3enlu z(G|msk{|T0XY2_IYXHF4OTN#fPcaw|5{SpIaY;V0H6W0%25Q(v_&coqsOSXYFr|Di z)r^jQ-vJLmT-E^zN438w!QArVVnDq>`AIq@FHhG&XDb3<`ki9VU=oUsxEb#P0r<7( z@{tJ3WhWvGC7aAeKU_ived%zdk-OCtKdtV23+lgX=D?kt9fe-^be+60(~N%FHSPTl z>*x|1DkVqfIr};s)v(;^p8ep$mM4wWJ%NX|VZWz3`qGc21bW3gZ|QZtqC?Aa8)s?? zA3BDOPbkbA5`FY(o4V}2m8KvV+3#A^$h?S=jm4@q{7}+Br0(Xz#raT8z^0&OG>R(5 zy|cp&ue2uSqfzdje(Gkpr_59B=(%H%oV8wgpYAgs)WfdsN?uX=BA)w>e;{GZz>!B5 zBI$l35jXdG#eRs+5%Po~E(SOQw=Q>?B2>RQo>cp#tlBOJuPa_}xAP`r>XJT-v<>u4 zZ>6r&pz~~a%dgG^QdfsJR@28zrx!4i5kz0?NZva2Smj)BbzojfeZGzHUsWXchjb<_ zgvmo70Fkij^I7aatG25VV}2`C1ks6foE>ev>KwnaiZFN=@wVHkgYuVy&MjfLXO>Xk z93^zZ%r=Q2*31R^g|+#&AKfyNuvHxSx7y+`)8aBR_gxwX{=F*US#XKqyo zvffxQaSFpQ-ASoQ!BnE*d_$z~yvBeKa{NNQ3MN}J@IWNhw0Z-nm)oAg%3jjXTdoj` zOcWl@mjU~6a=pd&qz2QqcqSQ~ACLR6dzX$;Fi3>_a$(v(vW!4ce+DIEXZjZ+FULEX zLKN5bFP)(RE1n>xV1YoRTET(xX>O+GU8DkMBAX`9{G@iRJhnvfR8n>%-x^9(~(#lP{|a!1KvAZx_T1xT6Wq z8^&xINWgX1cU;YIn8ym=dkZ6OUkLA?)e*rd=@|QBZj>%42siW~D{IA(?(?N8kl>(Q zV~BbtffAvoQh6ZFz-jXFRJ*vWth;{6mxCm`t&PUO=R6Mjf@lm?%^jbkJC@!rMU3o~ zCKqrGNNG)3I7skMsIov1Mr+8!q;+_|=7x&UKxGmwwlTj|*IY zbR><$#L3Btqxkh!b}~~)6Ki>Ues=UT2~foOOU4_2q}p27we|)KFhd@LOZef^f^~T- ziO2~qRl&0`Os+(fHOx8M=s|15xLnn7)M-BWm@sPil7RQ#ehxps`CZ@wuX7+ii6nn| z9H0(QH|?D_RkwOz;d}b6IyZfQXIH)Fn9rk z@hC&{DPu=~%SdTQK#|S_%}jW%=nei;8+MHjVB(6=XX?Wej!)T>5x1tr%fh0Ay&;NU z>7@jc2-0SeW+MFn@3(sk9EiGKcFzw>5&C0I}j`YDX%V~_vlozU}s0iNcIXIKz&WgHRvVaDF+%Jv@&h?!B3 zYC2+nb0zAl@z?8CL?}m038pWoUNvCLo%=sEWf+vetX%06rz$84%08ohZ|5MeM3QnN zVXI(c^BB?WN-6UgHq*KqN{vxCrP?S>XsbK^tYuXE#y{2~Zi5)^G2;G!rUlo~E(MUT z&8=Qg^P{u9!4Z*H>w+3oN8OT%xpKB$wjOTxm$lz}riwbD_C(TZ5A5vhywcM8eCYRZ z(_|VVyHs0odw~)@q1$AV`Zc5m8C;dW@FkYzg2C~g%5gaIbGB?xGJT zxsp`6KXHUZ@8TKg>#g$(f_$lf=-)xmuijv@8haAFIa+mlfhkvsSxbH&lT}8_ql1pQ zSB;)R-S;Bo)%B^*-;3Zq{`Yh-he;3>?a<1T-7*A9ciJ z+Z*+GhpYNxfxl)PNv#Tc3&h*%d?Ejh(wpck{56kD?(K*oVpaszTGM~^^%mxgyeF|9 z7=)f(koNjbJkh?kRQNr$+Hv6gKd8<$q;EF&+*vXxRq+r)}_Al=lb0de4H z2}yUqy1YE*=?_9@Tcb!{zI60)t8XquC0$B57)=;vNK# z`!nA^KWIb42-Kr0@9+`(Zn~Y&qh%Q)A|g6TNqyZP?lQPg#rZec)&nYvlkukn@aJVh<6eFMr`iawZ9a{%YE;gp>>(hML06|6fF09*TWQq=n3LJE(!@RflG3*T*!pZls1w?IjPFr zhB3PRj!>mQjjkVP%Oen~JkhHAN6g;y6Lhu`wFHPdjIR>Xo1zjY{Y8m0cap*pr@_o0 zanUoEL!db=fr{87{2cE8K%f!=(|Lj2VmDVuEIKn||152V5BQV}OL3$Zo}(0lz)To| zHfSvdAbU;&PhS)EpPIV<1!9P8pz!94Ic-ijL&LW;)>;xLCjnbq0uf= zkmH{tqxU%@J?ZVftXlZ$1(wg3@BReClLE(_exT9q^sEp-7Vr>~SRh3tdYDLu-@D*q zD1?ZNbDX+e*^cwGcht^c|382JXpO|PWR?B)P7~Y00Sp^w{{HHU{+AebhA({5g0=6j zHFMfYLll;FLe4H3j{6P#LVXN2L&EfbO(4ixw3I5KZGkf$^hUq`FWD4$i5_r%$MkC? z^vHOi%3UJKJXo;=NH27av)gUak*N*>+`PeQ4JV+9cJ@NTVvdxC;2Y~Q+kDI9a zqVRFGrBrtNv);K2tunkRZONX`Uwl!Y7N}B*0gIumr&`)*nS0N-D_seW{;(SX88AX? zwAbtED0z{f9QDn&H#ygXUI9IV`;~jo;VlDql<)PoxOt#x;*vdj3XpxqQ+>MOfkWdw zGd#|h+oWL>0Ta^Tfi=@E8K(uq)ai`@B+Bq{?0JtF(%u1g%2?7%)k_cW4`Bt_Y!3!L zwLpd)_nWq1YuCJ+b_3F2LEJl9+ja*Ex)E)!b87ruIPp*3I_BjDG-NxSwMTnvzUPt>sNJ7X;B z6@XspUn^f?X`l?3a-p$@dOSfAmAR%06POb`#7={s?rk585MwV3UR_=MzTYKMPO36U zI=QShVvNejyyB)sW?v{)_p(6dD}iSz83!FU35afi0ZOa2f{+RIP%Yp^kn{}5$72=* zFW>*TwS)YDt-*%=K9(6}8Ky$rZhbdnq<0mJ>vAD)wxBD@rVg@e+X0&ZPr+ zI7K!&RV1+6>f=I^lfT^Tz8B`F1SFGE>426ma>VK1eE_UAAd;(3;)tF`@|V*spmJ}K zZRc7qqRJYMt=6!T(z^G1fbp&a~xP^0it8&AAqz$FJDS>VbvxeUP4X;~Xk1a$2LaoD1`QW0_7jSs)p zHrK~wGo%VWtDdgiex5$fffDUfJ2bOa04N=B!QoO>Y z587^M^y5s_?{puaf1dUX3A91bRmx#M1J+2Bw8!f(1=(ZUL3B45j&9lI{dL%7^(Ceu*qTSnTAN<4s`nZY{o zuA7t%zh`Mz28zC$U1n8&m97R5EAs}xp2haPyE*%25l3Wkba5jK+3&@f zHa^qNQY3^6peRQ@lQ%GnK>6V6^HyaGwA2cWVU9XvJ-gKf7?uMDXJKvVyqMYp$j`QH z!zaP}n5F(~I#5_aVBv$G32;DYeIKkbl@aw&5@ z*Zajs%dn-@0DKN0KuOA-$j$pfCRO}~c+!UtN!8+{DLvT4qj%9Pz!VFB2wWQEB|$4u z)hs>NAD}FyKQNfAF~Sv9w9N)n47K0r|0k6!Qp_71=$d~e6G<;F9cj~Ql(>pMp+$Py zUiwp7;pw!xZXKi?`6hz|pkn+~2n~ajr5bh=6Y{XOc!8eu&TU9_bG1Nq)lgqLivpUV z!9^@6EU$S=m7;7Zf}n~nsivxFrez4BVxZEqg*`Xm;U*5y6{k#2;BxNwtX#QEo zq2PMt6F=IxTu0w)3HT@QdD@yBmy+h%s!v>d;DwjBP0fZ}0b7FObFY+d8}&G2Zkf8> zwlnKY!JPOmXw77tc+*-<;69pQa~%o>D?c2bw0sMCIF3hmYVVq9qkkNdi8hEldFh0h z7F6dj_SEP@(51;o)zpxscZqM8(B5lXm>t~^V#ekonXIoyais;GPxMg)?AeToGScOz zuo1;4t=;=sy>P%4577>>80W%QpF2O~SM+JSqJ8UCJ?J--5|E68Jf@n%-D5X2BM;HBa2i3@dR3gU(h~y~WgU3SC?xH>b%k_hYhzJ8 zfD*q}Dm!5~rk<|3-mqn1z%hVT2c>iW>ulSzQRz0Fp)4xGZm;&noVQrv!k}5D%LrMv zBriH2o&C*M;N8|UCfKvkY`hA~vU_EUL#DW|@vh5-_0F_`9rA7%Y)meM__YhF_>2>q z<`ilS#k}N*4?0mH>Q=AMMmD3)sUnOKIJ;BhPMJS-P(OIR7#gP$?!k!VQBVV1-qgH7 zOGvfUNTk$c22IKmz3I0!eQ|uUtISraiWj7{>@x`B{J4R6Ye8HUOIdVX%$Swggq%64 z5c;LN8ZI4pW+Bcosocg9TZa#m$Q=v$^o-+10+0`CZY)&z*@9XS8@Ss28=xGJ6?5`o zPw{dWytTqDmc_4^+#xB9X(}7;mf*#l zT$R8@E^>c{Ecm?dDpJ!_{%(ZH)xpz(W_yas=R7L|?1yZ`o#(F|=j-8lYnBN#D446s zt$jt0lx2=4#<2+rK-D`C?bL+?udqn$uVWiw9xWG0stN<=3L8|HNqd0jt^T zsu)q1=ku>U%akdcd_&9{U(=N z8+KJi$V0WlgbNit)UUySQ#QKd37@QJjP2U5lc<0M|XdLJ#My!g#r;H7+C{*FPVS}N(Vu|0AP*|5j! zx;;rqFIs2_&&r<#vnypH9V2(L=On#E44D0-=w?axiltR}6id1xj~up8(^7eBX_qyyt>Dbx1qxJ>McEZu)#bRKh2>^?@(aJE zj{khSkW5x3N?v#7s5jPiU z*|a$;$2cw5q0y;yLsU~ViZNevrQ5k_uVoGk-)W&8n&UgQczqi>zDM@ocjR`CZue1A zM%52P?q-`Sytp0K8bqofg^_}msJVP#8(xDbCxqUIPEH!X7b9$HBzcCf~E-YvC>`!z&pYAY_2@ZG|J zksqEej9gl4X1NCX-!J zwK8r>V<(OaC*2D5nI+WB?w1x;R#qT?+PfZ`KQ~hMY?Jkhymc}V>g5x*48v0=Ozf6+l0{EV{5SlpM<{ArWQO(zm4&VPOGLkJ}wQ5rIz$2Bi}x)+$^UJ zeFGt~N=9!XRL4Z%n+c!Cq}F*H-fY4W72w+N^>ct5M&1QZ3-}oT!5Y+4_HUlyKJHFL zbl!zGh2@X7kI>B%Jq6V-{qY|;2ke5z^5h;dQm82NP zI>CFSMx^@)Xbc_`t_6XkMcYRlV$}opTBO>(R}E{)wIF!pNHSRnm{mY&w4BC@046Lu zZI6i#nL92w>LOd>?9-z~2E@Nmk8<7_dh-`iKF2yn~FY;2?0 z@@R$53X!V#YtqxWx8EcGJVmXHE%0hYD8d;Hc@g|~B!!K1D8s)-Wj_Q!oOjt-L>m4q zz3j8>X$bcV$%R0;x)CGe_Qt9F5tk8PeS?mnD;Q@Zgs5yUY?xdRe@ju8SWZ@Bj{o|0y$xEK8v*B>8s{ZZ#3_;b5 zdC8*EqXU#;n8O~$J{x7VLEvw4HFip=8IZmLf@m}5CDUhZ@czP5pMt;U-;XRbV^*W3L#grM;2D>?@4m_e+kgdT3%D(>)9j&yqn*0q7=2n z{-t>JOGgA#BfWQIIgxx2Rc_~cgmVCY#Dl7SZ3BEP)BiJ&CUU@uuieW2sD5A}7kF)z z=^COKY3+$rM(96I&#n4bUoLbxn4=?@oPEs&W~K6`#Xe~-yP~Dj(L$v!#tO;dxjT*W zv!_RGq)8i4T7%H?XN~hzVIrqQYt)2AAq9H6pjXujzN1L6Bqj+@?AXvEH;{G>2Xgc( z9v)A7{e_1@QX=LDJWOK2(g*SH(+OD;@XqJPmQ&H&ht2znHh;uio8;-v_36|Qk$s2|9=zEz46_l`nQbEWr!!O zp!mua*Io{NRXx$Jlgx(t!%J;v~jX!249&^Wl#!oiAhNi9=&;+-H-|`+h)|;Hlx_Nw;T|O2) zKp-31q)U)PapxESTpa{-Xm4*mshSNCfdx7kr|{r@;8hd0-!wI##;{vjCL$ zjnv~_8sxv~kG<>18oQL^GT{JoR-S}G;TkxvWuGP0gA}JGxI$4%PG0CR?0Cx+18!t9 zKLoUi+W-wGNP&RxOUqdie3UeTUVa`TYY^?=Fclc;Dl7%ns=dhLalubu2)EVFchtMj6D%nt?T@>!m{BS5{+OHoNe<;YjabnN^J~= zU9(yR5C=nUK4DPO>g>$otRs_4IN!VZxjyK;VdmgV|JmKP-dNzrKe~5q1y(st!)X5b zk*FV7x->4`G-`V8W+YH)tORbj_7ZF}f?UEb&~A#ZQotu|ZTAs+U*1x_-~pFZjv1ow z`E$wBw#4}I3!*?K3QOkZWq1&y(tVS&T%}Nr<;>gsAAz?R=qM$W-T)s7fmeaAd+)O4 z;WU^ztaC4cgUV_0qulVX2M0(wxky6An}b&+WS8c8-x>)N2Gr3Lxejb{q0=7-Z9q?%HUrO4Nq;wce3f2pjcpW#ll-F+s^rr*h%$)VWUikd-~S!zA+{4xqk|#Ot`IGeE4^dSCjE{a z^ND5M_Q>Zi0D(hupO?@~Dt~dra0#6Pa|VDu(IY<5NPVly0Sk@`*61s<@XpJene%>s znO;_KNxgE0*QEuW3R;=@zQahm9~S{xK33ucV0BFfe_gE4PAO`BX2Z zpSX_}D0wYGR}r!!BPf6i40y?xtrS4DeeDaxfbr>TE(boZ$W3yJuEHgiAl{SkGH8@5)=ZFar`e>n?l3?l(k(g zR}1hL|L<8F&+)Vng0%@m{f;wh5C0LcrFlJ)IamIkPKSnfrUIOJl-b7EQovLQ^KP}H z^Xn;-P0tPdaP{@<1KsoVUnXaWK{5^c+aPhHVj|bY9gurP{@~}r#;`+b*aNNB!tNn$oB44NTMCcnM!1etEbp;sdBRlr)v zRW#~emdI80jhb9K%)m)mqa>w+hx~4$OL&ZX9873|0KZo6K{9Y+Gv(o!s7>rr5b+=x zUhkJ1c2kQs*l&wFN~MFeS4A^+L#Tr0j8X*DzhFN3QV%!dI%}96pmYki*Gpof*$7n@ zF@%INsr6@`jJi&9u_;p8sT;g=nbDdp8$ezJ0*K?1d8U9~D2Aap8&fin&}5$6l)TWg zW|S>TdWo`Txe^rabdZ`4Q~Wja@Uxdq#08w^EgvQ+|5LOU*!rKKwN%N@uzx{ob^kzX zU9Tm46T3hGb&_h+`CIghnzP8Vmu;ng#6B}9&>N2Hjzug=f4*3I-f*jXJv2dtr=EX8 z!HH*qc&W+-mxt{0{QUmG?z?+)!aCyV!GO&%)%v&)eDpSX6Xy7W?C@^mtJzcDMKlYR z1u=}=_Xh!IK{XlKh*xY?VZzYd;oLL71sM^Z!q}P`q?fI^H)KRYO`3{qg(i(bX6`V9j{vI@Y; zXTCb?n3MM>odm^5XzkZSj9eRJo0|rvIN~Of44>56B9RQaw5uiW z&Ro*%C zkOI{ZiorP@@xi(#b&}b=No|>0KF5^jvrhzHKd{6{>I+yo%hkRL&Ef=Kw0#AnMjJJPp?eeHPZH;xmfw9u21iAn6v9!?Bo|VH%i(2fX8b&*4Md!X~;dtuC912oLJf@ntd$k(`MPDHZ-I)kh`>E2L9Eb zTcfc!*62RCXA}GJz%0i1#&X+Vu%}g5KVrkIxI^_#3Zs6~D(eLJIOJLE`~^mAvE-V< zciEAYl4~NiR9 zqWWeio+#3{lIXSF26Hh2gtfmTd@jWDBVNC(?}~dptiFrY@Jg9O~W%*zQbj!&1>$WfHK zDXVwrfH|Kv*~@w!rM{Cd3UT|dy?o6%Hh|NZoz|ckz3*A{2R_50&VEweztjB^|!S!z$}73}uygYcwZfsDIv{Jl|8V6w8A zfioQXC{?jkds>;9L2Ox6aUCD@ucD_|?>0!G^H-Cr-N5(-{f}Ff@L94;N3F1CKfEo~ zH^fSqfUsY8qTMvezq4Jrru zmY0OE!k|BH-!~BGYC`ZYFox6gH!$}30`31E7@OdG1X@myoQtB#a=G<6Vt@V}Z|!ej zEM5IS0AmHF|EL)6(c=9hNJDd6Zk2m1rnAhicK^%q!@!Vr5b}TS1}o@ktTs>Xlx5gK zrRat+LDp2-&jDFoV-dgfZR(a3jM4FHwY+LI{jTqD{ly+>SU&%(mD|{%9Ka31Yq*?g zED~8sT*G}wkp5Icl_3+x63NNQh)VvWdKd%<1oKbXf9qr`G=ri2IZ%MF`yo7CT&EKE zsWlnQ%Mfs6+>$-b)~Ep|Qkb?b;MbI$8djyd#s29J z-0=jpgIDM9#*DDsw8%{n$OJ02H_1x~L_7Crvy(YWQCLKR65_3D?h4S+G+rJ{%lL|6?@Sly6$M%&xp_q zz;VC1C4CRQ;R-#%5U4tcA_NPviAutJKMBj7_+`3?*;z`U0*pm+xNM@`v9n@~DqRXQleh2GvV?s~-3nJ#wlXx+8g?5oSO#MVSp0+XP za85f!zM1hjvh%$%<4{N{r9#2vIR10z5yd?IEXwV{1YWG6H&Z;?OED$b?wnP&F(&~h zX5yV%!>KZGReI1bLMjT2%SFEXva5JB#=`!s)GDtJ(p^M2XBs*cZ@c>lPH=icH% zv(kr#_uXkzF7w6?k|1I(;$RR&naE`e5IvQxl*eh>1fU>T)Cr?fS^p!M>R*4vQe1!h zlp#PB&Dj}SIF@1QJjvf-RP&d3AGAcb#<^^dZ_O=+^hbZF>fU5sY*_P(@karzjSS}w z8;e>>T2@B-_xA`xQLo2+I>3=}`nU4A8=&HQTwnN9LNHnkfIoBkc*dPkM2voM6ZQx0Ym8**nWku znru+!Y|g$t=|9D$4EUqFO`nde8auEm?1{<|deJa7UiPj=AtS={hy2~(EjH!Cw!y?c z=Hb2wG96IyCE%nrr`~~TtmRTZ^A8^0L%P5guUZU_d{SkbQMP$#V#vv!`$Apph&rQ0 zIr0&t?B>)QqtM#h2mEUB-J)8H8RZ0u07whqI>afsuT(Fp<&>p?12qY-a1+FL0qhF7 z{S1RW%NY6o;YwIgkKeFW@kXo&0Z(H5YZk{;Oe;!$4($EOLD2v#J<&Qt)#}ym1W1p$ z1Be}u+VCrSKy3XNnt*DJeDxa4ikxQf(byO;<(Jcjw^sN~b=gndknHsW6sjmV`a$oTQ&ZDxRZ)JtK54g*FSRe94F zaAQ^Z4TY%sYCW5qIAVYDlN>vdwE#=IaYG#zXQacPlc;C;1YsM>{L9pF>Fr0OPmPNx z7%-Ugks4lc#e=lDJ*C`Jr9i1pp}F^6*r+AS(v7Io_?RUP#M2HxTVLF>!B-e1l-KnE z;{iWT{ilorSOmrg_?-eKJTw-5Z%fCU*-tp2xo4qHmrh8biGRzf#$Rm50thTUm-K({ zaC16uDNct=l7j;d{{h@P$Lf#daB07^Mu%hn$Q|+juF;r?!z?QEkQ57V!-uC^4b{aS z(rI{7V=vcwz%PE!mNwS^-W7W#j;M*>H08Ya=|sfdSc&VL`(=sfxbkI)!fdg>sDdPY z9}vTPFq|dp!t`sPKElw#ghEl%j&N)OAHn2<7@I0!oQPFshs-BQl%!(j+?4AZruQZ4 zi)87x?4PGjK>t<{uQlT}Gn`YGOA|4&;ZsC^4FAP77Q%?|9Zfv6SNfZ#n0r3?fK=j0 z+hF)jEY~u(}!dwrFXl#@!k6|#NFAjYw=IPz2G#9vtKUPh&f zXe!|+vpAH@45o>$);6nLu9Mr3#F!hYx6Vc;xuv?>0>K{pL-{IUu#an@-s7+BcG`hf zk+9sagmd3SKMB30e8v3??M1^I3<`yWW^-HZ?&||Qxk%Sd>6cA!bo7%@+8DJmXzv8w zm^s$=P)Jm#QcED9u-F>jj+;4x972-yT7shp%94zv@*-f>+Ojwx#|likmf3RA8uQsJ zT_6Mju`E26GST;t;Ct_f>TKUkTBI)>N?#;1XZRMC-{t-!Do#oRUpdapUhdJnACS5F zK=(sMO&ehbyD*zgv&r@9UR*tTq4FHEKk{4j0drK=pZX+RG`erV5y%1VE<@%M;2+iY zMw{+d>iJYjycmft-?14VFfR-F=VdpM&`+GHZSR?fUkQ3w7#9Le_iyrX5}vvBTQlts?QH`VW5y~h#^FTN6Pr1t=EVtV zC*FtBIqWjW6m%RK`~{gxV8VxV+c>k3jORDhuq+>47is$5Ckwr!lz&567?B8+RUbpb zV5O}ehyvOldee$B4J)`K?;8FZ`R`3(SCF>KA~{j!@JnAOrD`%VJLH;}1L`0RzDw!h ztlEEtu}uEI#8?QU^kZx@N`vhwv^pbo|2K&iJ25<+!VQD8_xsN6a}8eoq?rYcIN4;X z$f@guCV2bx{fT)f&C0#_Y>hBStN`a><9G#hAeTr)nb&(>fBU^sN}e2|w^=ikTKNEu zKYb!4^~M3C!U1(!GDHW z!T$+4cd5@KH7{C~1GTO6s{$4Y)!#PqWHj1@{YwWq4}g^kc?@ggyHoEoq!tsjxfK?C?K_v3XN^^6u=01IA01g)T+ znY0isRXzHowY=atKp*Rd$}|=Ux@)5)j$b>|$B@~luyz}Y zDdO|mQ`aG+_AAF1>GOQ!Lc7su=}E5xBJL>j4wG_8Qxz4mV3lp-n(qgks=Q~~q(!M#DHNwiXRG_-{DQ>Uy#Dr}HQ-h|peK$n-V4~$uhJ9p zOxKRipzYx!g>(ZcTo)AtlT|K>4Sk8d7pHQUdj`E5BL8x^eX1(vYGqre!;ONLvVRz- zVwu}=$L#h0JCgOEKo#VrJG6#d+;h{nWklk3VfuFg(*~irk`sz-8YDyGo9{;kQ9fj! z3!`$)BE83s?yngkCKLvhvv~}x?}NrvRSZ<3o>}*wAifjB5*t(S9d2vW=5%#;oOvUk zPbmbtLO(c1%>L9TRih`H^A-54Diuc3QTX`z-|^2Gt9&TdIG74d}=~D)W-( z%+0g}sW~4(udp`*Xzmcq0Hd={F|$yM6T5A<4)~i8QDQY5_kdJ{ZOlgZ|Frhq@l^lq z{|BLDWGgcwBqL?dqC{4by_1pby(Lj*Aw@P>Ss~j&Mv=%YdyA939piVsKkL3f_jlco z-}n3eL+9k2xA$vZuj~1|p4asv{35xQC5)Rhg-Y0W%zuG$rFLOV=n$VSzC@j}Zc9y9t&h1-ZF#*E>fY$dSFsP< z)@Cg^3N5#9V)nRG=Fp))D>(T|+AqzS<|x|maaS_xy5eyKB`peTsC>&v>Un3~;G@y_ zCrI}O1%>Qg*=I-eZ`<~^Pd}D7J1Ni`#d+626JZS^>%BH*x%zJPn2+4X!F)RzQbSuI zW%w>Nj|OjfF$^>@yg~4zYxew#Z=dzC+k*Z!b^+@jKppfb^>w{h(Pd#&=0_0pgfarA z?l@2#2i=8f>;h1vD?rH=?4^j825e6!4~PDG(-#tHXOQu0W#Z!}h2%&{zXP>*tZ8cJ zkAdPQEMVIekp;yy!VgOf$haWM3D5BUNkTk?8ek-Mx0^>%fp8}O!!kxC22l->I_2OmJ ze`{AisFfCt+T`Ol&*Ti^`-WGTqW|1(jS02+!xsq?$Y`Tm~sNM!Z*uc${lS#(~08uTY)0sr=j z{r}KVRn;1iC}oT0?mVL=tmz5$pW>TG{%@U3ty+x}&aN%B>5Ol%nOe=6=&@Ui&f$)) z37c}2HH~lkGx;>#P8-jzHR72U**9QM6M`vF!uQ@iIA87#H%NQD$HJ|Z-8 zv9OcJc;)C>rra?U?IGzKrn4_yBkIt{2=XbFKw2~wj?2q@N-2k(AP(1OviWw}hw8~= zxr9$M8QJ#b$E%KLAV(3m<&L0S@4-gWxtFK@>^XcGn15>j|Dcm<(|z@Kos@y>@=ckh zyTvh_8v-De`e~ATI;{Y-QiBmW_p@t3Jw@(f^3U9r-nN;?-}4zcA^q`R@)-?Kc+0(- zF#1%U2!FLl=WZuXFq%^fY^$8Xt9a{{dFKyekixhMy2Yf6s&WP&cg5Vg7*TJUWj?Ym zQvBJR-b6%~Sh&BLrQpX$5n0zqIlnAF8H+xo0!oXLwl-IwRh%3@<3xRVLi6pEHl@>l z_K6E0BAcAxb7NgzPfp($!Uf`n1eIOweg@JTS>XSs5LRpID}_T}9tCtCRn(xPjFe%T z>f?=yx5DFMI3kRb-G4oW0nlJ9c`W!h9-vR#Z>5%se-K8<%BnN9ke2B3#LEd5atnx|PKDOKFl{yst9XE9fo%jm4E8X2 zqaAqlUdord5tsBt`&HggI$YsLs#-b8J!=cQV7{H~MVe<38`H<(cO?cquI<-ho9I)AC|}m*n`rAwn_{ z)r(HKdq-3!Qa2iuLsDYJsnYXlpv>_7hSo|d9>eKQDn=*ahX|4lPb+)K8KkGl# z*es~{IDF&o7_XQur$?zVeXp;y^&e@klQF!G9c>evtecmLjC@G$a+&l#Wl$0%tzHrD zIT$Mp{TLs7NLD^3LK0PS`o~M3i7+=z4Sr&v16IFX6N5gj(#+kgwCpehQBn|LRGI%dZ(?hXUS=RJ={(De3~ne73Xm- zwBYp{>~XiMaJ|YTvE>RVtPz!YE2PFpxUfTigUb7mpk#d(<*vz8>Wicr)-v9Y0B@(3 z%<}2sv67RVOUlfjv)7C{ULZ-qlJ0-VUtPAHDzHksp{(Hiviwf*c zP>;;IKSn#FAkOc(v~G5L-K4fOK2*@lK@UW1Y7Dm%$YvcI#nUWpCu(;WJ!L0Ntas~j zm~}q+Te^C~(=~j7Ard~=I&D_`(L$7E_jH_974DlN>o_9)1?T!2VFkfHwgCCS5uEF+ zxW8)yB4Mu#qu zmxXsW{JLIG#3Fgum+>UevrUSXXu|JE5@7f?&P&G>HJfGB3nUNlcR3Pigx049?0--q zk#5$AUSurNk+k?~(Oe;oc}5oC-GSx)M@6bEh1`xqPK~uigJuikZCvEV1Zgg5>+TN zBEH4FHp59UFzTnMs&})i&p0tHP9!N!i~4>6RU(vT*KM@d%3)4Pz zO)U~1d{Mm8T5YcNPHbe1ZgKadk&ZeC4Y_)h{&Tzd1?2-_nMLyAJC3H}mxH@#LXH`R zZX`Q$oQk+6L*sw1_)#`Jq;2w=cOG_0=8;6H+=*%bezCe{I*L6l#er&}P~_&BW%I3^ zyLKHs-$!pR1UFvaey3;t;R3k}aq!$epWI0t*H418avXf^`0p6#swqBoeUUR-J!?#V zp5#qrKC11q)eIHT7Ij;%a6R~ot_lW@C2ObfFw#N!rlD?8ZPmmuWY*;QCCe_XcO1DB zjU{5w029c6u%*R66~Uli;mlOYtQwHF`lfSJE~0U^i$E8)p$*QAJ z!i$a>Zi^9|S)$L2xPb4fy8Y(hTJMO6tKzP1yW!>-6RerIMz5zAPN|=w(#`zgw$O26 zP64eaYHI%_xYU^|dz>?df*<>!Q;y2}dgrc@Vc@UPN2{*TOKFe}U9NP7MayEUO)F1l zI$-_%>Zl#B6%F20xW8++k5UBtU}q|6zgPPO)m~YVSISgX|E&t9leEZHQj(A;-@N`q zYws6M2d8&3yN=Vx?9r-vLH3_ta|BgFNWl1_oO4Z#vq}SccN%#b3GHy)i6yIGlNG%QTSG)bS zl=FCYZ6$Z$lAH`%lnMU(+UW=Ke`S4X&vUfOQQe#A*3@nbKM{*)8fr?VnsGTUM49z< zdb6jIo}0cM$Kh{9bWiAPm+b}G?z&?sma%U*uD$9oELEyn%{vpa9s7Xkswcg;anJtO z@_R1}T@s`;4Z8K~YdQqKtM;n@-YMu+oDocqOKY+BHeIiQ2ni;YcGWy~JBDb|lUsC2 zkHtb>{Xft2`Zjz6N<-b68G8N@|JFwou~Gm&ybOQYGk8qZ5`Q#U{-aQPo z(#leFXP&>TrE|^nB`vy}&z5E^rgQA_Zpa%W2b`=(#mEc1#djSu$+Hjd@Q_5kaBMkp zhzZ#*RyvPu%baLqE76Z%G)tJ`rGJ1=6#tr9RW4tnRLRfmYLI|Dk)g+Q=I`k@uYzA@ zYc%180+aX|&w9RiFG29ka?f0X>#yEnn=*;|Qd@|7tR#JHHoI?^PUS3|urZ{nMEFj0 zX=cswvalYtZSEk0KzMMv8gtY61vSL(SpB=nR`WMhA6Hf;ydzb*c4(_i{NoL=UKLg< zO|i~hFYHB2O9<6T<3NdB@erhd$rYUX$ipe2{R8GBDvaJax*?V{QrETXDL4I^xZ7hN z%{}~|iFO&35`BumS(`znm}SKb z7?fI;Q}NJZVjUf@@_GKPj@4HutVH>`hWqw!Lh@Y8Jq#!~FLGx|guPid8& z4lX^T%x0SYW_ZU@y!02rZ6e7bySH!BZl12;)nzBKf2tMhPJPH~KjH`Ac>3e-sQ~+9 z{F?oc^TTsSFC_JeT=7CKf-l|X*jEhyNPW^`C}OJh|Kt^bxmLE^Q7`VI2}mp`2~vmv z!Jn4-P-q+nI9M(}{X~sXnXV&`6$#?+e+t+(wz5Sj1_Lst5r--x;Jns<8{})^?o%dr z8wYuc!KSR6<=@mA%k+dXJXl|K`@bQ}R z-+;_9u9eZr1{(y=Jj_BeLlTfQAPk^C&J9FTvI$>tC9cu%I&piv7NHN)gsQId{8J5} zw0^Vysc=tK_0r2RP~~I7_Lu&^BE86C{04H=x0~tnC;%Lb|8!XT^_rtNDx@mfx;TZN zj+N$=3wdIn;g9z=tC44BylCV;Ne@hIE&v3Frt&AcgE7R~5;X6+>I`FnTm| zxbMLp^2yXxoU#2pisD&!m<@kj*+Xi0%b7+@a*Y?upKV^G2z&S!A|_WKxHI`Z;yqjo#Z_K&GtAom)Roi%x6`+OfU6( z1JB}_HRa}!+Wm8Bru@4;1-M7pT?VwQ8!B7Oi4J)U-#(S6dk@o3R>a{}*1E3NZ56OR zIca(;A^w?_hK7LMs6G^>k~vI^S%bH$!%m%zGmbc@H!A06I}$>XPk3#y6%8#eZ0SNl zf&2k#Qb#Sexb~oT?|7Kn70O&NgjHj}q)FOj$r;2sO6ln9^W4Rc?U`?yY<_J}5NT09 zRP64+5oy<(^Ihe@OguBf_+X9wvcA{_8m~V4d7gJhb?4w!EcP2@fbjA1wnQ-At=ZfX z|6VG}Tv_?Rn4hk9?{&$2lb%^`o544cV+Tt*kAs35W*pC+KTls`k%j!?OM)Y^E#5w_X{qS_-zw^g)xV^6F|_R+?oYY{c|IBdtrwu@`Ck>hUPX??<8>w~E{) z?G`x)jQk`=eX$oKJFoYS6eUsweSk>{6=9Z>Ox(wBT-rZ~>b*2IsTb(=-KWBZC0q@Qy?-b% zaaqFDYQzTR5cWV1$PqJz<#OMEVS~oHL@6oIMVPflVji8$%*@O#EWCE-4pskjK}$>c z@?_;)(x!+Z=aBlSo(CExutb>%Wvr{X?`~+a7lRi|XU0moLB4Dt0S-zfS&GE{HF@EP zszXblQZz4=LMqVKR!i}G9`#jm1-~k_4Zm4tLDL z7+lT^J^b2wuss$DRUJ>FBnZkCmB=Ovs+YPA0ziz@;HpS9c#DH_0fT`-%X|s*fI-}s zfg}3nVjkB+H{~VkcSdNY_1TW*7woE2T4+y-%wSTJ-S=_5zKh661PDH4*8U~viHYVu zT$etgBo8Ds+g>s-ja96cG++5T?`%5JXoQg(ut@fyQIpp9DDakY5Gr&%O7>dP(XVk= z&(|OzDH~!ZBKV;3L4)X_=GRM`9@>RCbejkBKT~s(FYj9sFZr=WcyDt_mD#Damtj15 z^rZ*svwEIt8G4+C=W2c1vFnambW^*1`w?{Gt6LmkcQac&tRJZ2pw65*GydYd7sokb z+7I778JXNc#0A{7PX7siV5O`f)O{f!eWvgJd=V0d+=&p;|BD`(I;jYrHlyTU`>j!*dMI$;gmX zw!p8{xMbRNoJX$?_ZtVL;n7F>R}#Ax3m?k7A8Oqz9}=+nsRoZ(Fi;HVPfOri{ zkXBGYn(T9Uy1&36c;IM-z-DH~`n=k3^2&-mgOonE?W3x*i=Uq~7}po2UQ^fgR4D%< zxjme2=$H`2&#<|o0z0}#%8@&HkY*AI&wpM(fI6bsJ9QGR|#PaFm!Fp z^itSl*nz zziXHIG1AbyRpD41C}d`_8=7}+>{E*bO9B=f+9>0W=9iO~KcQz+OG;LQC)2nxVZA`> zXEa>lFh$NZ%B-oWY1q>#62VO9e|LcVxnH73R8Ik(=qtZpI}Qf*6HstJ`13v7X(h4; zs)>zIVZO*LSktX?;*+}DhwKrrp@K`4DR18rp!b_Q1s+;+J349QS=lKnWy=O=|q z_SAs{KypiWPnu`jd{B;8wzx|G*s@MdmxA=!j>}uFA<}c*?)M%W|+15_0_4ca!E{ zKdcrGU*F;&rWd|&0F`^Fr)E0z-fQ*n;m7>u>G1j&G5;Dg@ zoh{dnUygQ7W}z?MTMzc$;W65Ju_V$(G3i<+IywLo9t@LG;%g=W_o5|~q-7UN@4!H6 zYO3tTlQCP^lVr=w-+;zY5kkz_$kAr^wcy^bwbCXgCh#o8V9QcVH%^(F+LBrm28O_{ zRrMk}n-jT1X=(42lu5(viyjHYInWVgCjF_{Le6%5=a#v;=g(93JG`|=MrjGRF!yV@ z8>g|HyO`kZ#i4-*V?83y*#mi>sr&l+cBZ3QU06@3dl`$Hi)VIGn}=v5C!_6&>=u&) z*J-Vh9IUH_5B6A&n9=f!yMFWi0Yyo7^|0S2r}RMnQp&6pWhmfmM2yjrupk$HBpD+}w(iuegm0 zT$_r@T;!(pI2opi<8`(a+Y)3R2XDvOdUI!a|0oqj8}O$0xISYcUX%TLzyt%5Sk|Sx zx#?1+@>+!R=16omX)Kjoo7wC;9h|YqhI^M%(oi{N3-z1k>N&5!5s4baZqb!kIn{}2Xi+Ih>;Lk)x-^7M zs1dsN>6C=Tlu6B6TRRhm;?Jp8v78BsA`Y5U9i7bAJ~o%^Ok<=c6*{u2JcBBd(k>qS zgdW+^b0`+O+0AZ2p*Gl=A{(ftrx*Alke%+bWt6A9mArgV=jWvSzKMWs*jh8PEK-V! zPW8NfYdYUOw>n+uo4@oOs>k-S7~Q;if`-qR$i(D!ku9vsPaOu~;OG^bTx06)5gfd8 zL#{5UP1bfgTU;G>&9^mHDr0p%%!G014gd7iL&O& zv3GE)-Ij?g`yY2#4i|sST~dWXxuc~O8hTrpZFF7cIT&7{1ZB6^IeY|xI1>krr$$v3 z9pvO1nxQ+(I3KR}s7m)`3fqvtqN$2`N-s2xvv%y+-kxWfq?V@UM1mhgdE z4}(!NG9vsG=rrhscO|RRx1xJ{xah1Z$(J8j=FcCTcEB#euG9eAuVD6##V3m~i!oO< z(i~XR3PJ~B6LX~_q`k#XGHWSpUp^&oKpQDHC09&mX(l~*?~=*q7Z$zREAL*DnKd2@ z75kofYb}gUf)1V+R!_*&%F|sLUPLd!l3p8a7#_ZY_^9+kH91Ulr85aNU(~L=zV*Fm zLK*Q>;kQ-Mk^TMT&)rfTqXb{yf^yEjcJXZSu&;&CNod!`*ulasi#B`VGg3qUg_$KS%pLsa&7UbAcP7u_Gl+54pPXZiZx=BWwO8 zta&*@KgqrA<*_s@*W=II9J+PC*d?HLi+!cOg5ntxJrB{h%F2inW44y@*`I?mYvY8G zpAREzA=+>_LltapJ+hfz}x#l`S(eBVym5M3y82}2V%^K#66+U5xTgwnEmL`Ac^aGUSkvqOj~tsrerA0ME`<6ObuW^T=1msR915TB-FyKCUmTklo5$ZxyvTiR;V zBXi~QeEnWNl^y~Y4H`&u7T3vrDhijnu)J(ihg(|I0 z=gAW#015+TA(xuYE_reN5y7rr-{88VmE4rsq6GC?=liN@pAc8#Jdq8Af~|jDX|~rO zLj7lC5a8aBOWWUzi`@NZH29y!q5t}}`YE6V{tOJt$x+EkE-ZW%{@(_m{}(wNziUZE zRFki|Y~Iwjt~tj`8D&`OW%4PC-k9#P_Pf8j0me?~uW`7%w~09qpM3I!z6)WZ3z%?29()u1R`R-vLrTmP+t9^MAP+|OrpweR&u(^&3>DtB$$ zU6LonVdQxQVl|cAe|0Q*neJvK(f;zB(>}onPRha;6Xdm;Pr=o9*3a|xr0c=6XX?Cm zGYfw-G&B_Pg^;yVr)4Y+C_DFF3^L-bdg&;7(JAxcC2zxO;y9m`Z}oF(Jla zctykabwgx~gO&BY?=Hm|-bCuqTI&jD8fYO!XzfDV!B40cOG`^@)=GL|)Dz42hoORP z*81R!PDzoKlN17dmVLK*8XFtO9V?@vqr-oc^dP?gG9VHG5Gq+cc8t@~T?n}OFm!lr zohyV>Ezu`RFS=S+`1pYOBL~NBia{K?8Fe56cxk$ENldHtc@eu(o@SE#yH z@5msRx|X_Yni@~{JS5tZ?OWo5tUfpuExt4~?0LBN?GTQt`jT`I(mMYBm5VWqwlk$9 zUg9mfY}jmI`%A5B2ofH3|7bQx-5yu_*y<|L8Ss5pd`+y2q>I_E`|(i)?OOIXQV(nfI~OrnbzB+D zK;iax)nhBZx(9ok*WBGJY?Di|c?RW`Xa}d|ypiO&Brh5OTh<0z&c;V`bfOC?0OJ5H z4^N37?o34r01JWaq1$7A(g^Q>k})++D^QMm$<%1zHj-J58y@l~a4{zP!AjpUHCACz z>iGvU+|I+XGdGYBc8gZMz_3Gjgot` z&|357X=tc+hM#;W%sLnztz*u5GkJfi#jVyhw2I7Vk;?Zg9)v!64|Cs`FRT|C;_)wF zd%j)Mkha?Cp&LHB&ak_r;cY#Z^76sJ`rAt1QeohdkX;Q~5kS4H_75$mWMmuzzKH+z zt!zmb#fR9kvTnIfuwH<05N{ToT9eTHfr$V&7&Jc8U#+hM%xWUub;hD&;0DiMym<8H zjSYOZP}UjtdDQrC<0uF~VBo}wkE=f{l5;T1N&AAE+QmCLV=N{+_F?qGhU;A3*g5H= zfJ`N$dSt}{a$f<@sOa8jL8MQC8p~;AG}>QeM%@_%@{UG&liucg6k%3esW!M3{`o^6 zo+W4jc>w^3iX-|2EI?$Wp7A=_@QnJ*J#?T3R**O%L=D2Rzea17^0#S*9V+#~cELty zwOMiz76}Y`V9)#p_5j>GHda%9#CQNt*1K)BbRahws{~!b$-{HU;)qXYjo8r7$Dp3k z%xL+-QsRg zfR|IpYMuBP3_Mh+KS2X2GjB88x_2X2vHrUrb2okF(JSa&WydjEM}P8;jf2wVGB9P_ z+;vx#mBXtZUM%M0!0#P7Xl#6hTR4YPw^tj5eM(Jj1S)RiAyqcTfj)`l_%X{^W3!yg0V0Mm(=^k#8 zp>DTC^gZOebcrHro6u2==Tj>hO#XDfA{3olX*b$u08f)u*zHQo(T0?aZ{&QBMK)Fh z7H-uh6*!h;l9w5y25#QE)!T<9T7t(PkpfWN)Y>YHJs>`P>DbMi>3xf#-nGmqK$sIb z&97exU7=RJ__Ya^K(Ci4Ao0G$uK3?zc<i z9QH&h>@PusBVGZ4Zy32tLEV16D*UI9dawwO3ee4BOx2qY^=ftHR+$lzw2uIaPQdhW zRpcLBLJr1icVYYL()q9M?i?(3Y-@X%zR#T0)Hj?DwquITzIAntZ)4}j&}dt~Z0w1Q z#62;xabqEM?7{#>cXKystxv?jk0ISQK48@W-MI5uzQVndY5Bm1oL9fw$f3YMwHF-R zmm+6}jQLaQWOY?{9~KWS@{=+?6EJJZEOu;oB6fmLsK&PFYDUi8CV7^3vFG(e&!lMKb_aYFSu+RfVc`Tq)B>LD zxR1A6w^ay?QTxl<$LEvxsf9kzmzE0pl?FaudCskrnmD7OuOG%J{%&EWA~bm~yh4N} z*lbC|5R>5sYCl<%_ z8B*4o|6)6KY8?YYbc26eS{Y*)$I2q}cA8tSFJ&s@84up1X){}@*_|{MGd)^`11FD@ zEk{B;Y zt{aWt*~dNKrGLa*2E4AI+9_jVau#v3yE8kd zJ{ukAjuiV~w{i%-0fWe6xE~`nq}djJe&n3l$0riNmRv^STRlGrMcETWw`zsK&@ZxG zMeugRiaM7hdLNK5v_|F$R>f}Oon49s{~l8R^)?Sm`++0>2qc== zcuEI(Ztc6$Oh2=H;Cq1QTBw4h;I|&FbtT5C@c1{1?QhH=h6dN~_%iLRLl6#m8RHO_ z`oJj#v>SvGfTZ{_^>`R=RTTy?xF;kYRh}2&^C1m^wWC?Bw3$cQwHBQP=wEjNpVaO7 z5{Qzt!kgZFEiJ9AIvOq?0juktwVq#ca&sGnkHolnm&(U5k!wFnw-32^IAzej2fF(( zWaJ9s4@n72o(`)1M_T1wPwWL?T5hB{q-hhE7BfG*^cwL=tlzlze+d>ac_g1$nzK(T zPs~INj|DVUQ`0c9rKw^=_ircjq7=~*A&>QJssB(ybV1PaO4zkv&*6$s;3~w%`9+@h z+k60i?W3t3hcAh+I0hU;U#b^7z8c8 zHUjflWb;F5XNHeC@bkU3AIp+Hd!;v|)g@l$e>TWhNrIf&{V#3XY;}At(j8?QtNT=j zU-4oVWt^B4uo$xEODMrFZ+?eN8xB~lPS;( zL;}3KPpp*Uq{e3TA)#6d_7_NNY_}~>uWM+=;!u>OLnM9Wr{Ane_eG_Zz)$KwVeghn znmB})ubkT{B=(X$Mp%E6E{3_y&1+;ANIg{wk83i=?ap)KBR=hjM;w?T9{U%6T`~llVgp$fy{9m7j^f#h}>R%30 zQU`s;TMm?cl2p*bLUcv1`%QfgmRis4#;CKx_57AaP{!o1tM_4cz_#O%$?(pBB^+3- z3ZEn)A=#NViVeBa3dK?Xag97Vp^^*^twx9ingxzZV#wDd&{8v9uPHJ8JXTeCeGVfqy+U$(JKBqM6-JHFa(XdZO9oLw9 zlui3IgN3yaTJZNP?QXTD^fNoZ13g4GQK9C0Z0vBayuwnN8@NHSiz|k(xgs(MAawxp zoy_VvfkG4lW!^yG{=t`a^ou5{fC_;YA=@D)Zd^Xpx4ouyL(U-dcOe8U{;D~HK0p-+ zwr?^`qxk{17_s9b4}y3+@*Gw1eKl`FFU);S9~hV28ExmAj6a;H+DjTBt=~5EC9h>A zm};wB&-M`2(kh&BtXu(|#=>Mh!U9)RXzO3ja8VpbjGMTtHUdZy8UxT#K!dRw#^P&y z5F!x(sIyQbXr>#p;% zoN0Ndkv*qD_EK6Gu%T3*UzZ2dzdAEZY}5X9!`OTCJ>V*sKi}+Jc!KQX_FW!%v|g~; z%9NGA#QMR0fn?R9Wl->T>-(7ty&@|ZKX*K^$R-dsclZ_sp$j*Nr$A)ohNtHf-jo7+ z2I+`w&U9_!ot(VfT!;($fjR<(qM)GYrKE>a@zX{YOw-SvZB4e&qa&X^V_S&5*pM+& zjzokJ#~%&^RDy63Fz$4e9NP9kLR3}#LDy*mVdd5rcWEbsQK1C3j~bEa^Zas){)odf z&T?A)rp`4E)w(X35saD!DnOzIgoKBpB)!G@QZ*%u4c?U13C)D<1JUie# zE+kwG?1uisqq_HRI8Rd$oh0H1@eDv7&2V#ST3XEeY!t#2E?zoY0zL`^U$gD(C&GnC zS44Z9K_S4etROp82yP*3jnS(!pU6P@(KOzWo$I&*0?C*2*@17`XRgXOlMlO%`S^Pe zTXM0BK!9d^T|50JM1R2(c4kMF%}`Yaci9+!Y92=BX$dE={5xmFt-NC8i%11K!d zMK0grA9Ret&>ipn)mDU@LHI!IGMd>AeL#a^fsj2disz!_>){Y4pLQ_$aiCT(2XeLzG4v#6lp>*@8GY z-jC`vwY1XHCNCh3G;h~RDN3nl`;Nn>)d72dI>gD4Cn&`BG1%cy0Z9wfeE{$@@~q&6 zzY=w#aa|t0SfE11Up;~-R6gFjG(Y&ZA0i-u5FkY+jbp=yz}aSFTp`{ z!BD6V6$2T_$Z(F0$Om@g)cI!|uSijGodXlof_!Q7-RAl|(hSORyy<)MnH9IQlD#>h z$Jh(>bajb7{ZK}+aB~xplRp>n*@NOXen*GMvj95_!YJd2aCyzxYm3nr1enZa3MC^5 zp_2&xA5VPj<7*x`aU2CS5!1xPLG4%9zJ3oS=_wIk2Gl+rWQHl-mbHbr9V?(N5L2B6 zw>pARn#sOP@4=_2vj`ZLIkb5`U{q+ERaZxfp!L$69CvF6j+U^~>7#UM}ysHhj4;ho8)*C>zb-ypn@`Z!=alkX6_I_moa!!KD=AR?W!68cpQ z%AoFHA(P-jmnfbl$0z&S?5Zj_Eh4jBHRpd=VKU$I^IP8eg5JLL8-+;~6MnwINqBph zmy`o19}7`?%%@&^1+edrkaY{hr?FwoR_9G4K_egrwMu`M1p|o+vH8cr81y|O;K?9r z%0`1{xL~cCcw5z2pO+SSadaFxllQy^iT?b7h=NowKA2Wc`~XbZdAgNTBIjyG4@*~T*YfI|ep z4zx;!!P*aU7dJ!?h)4K2aC^z&cbn(d%O)Z>nkT17fjl0EozXZ!C+|D>~L)w|IFhBjvV~fs|DV8aNPY` zR8rD68z9bZc`;AxJI2Q$vL4zLg#Q2O*jOG6gB%P>CS+v@2#~|(G=F=-l8_!yNG=W~ z7zVh5^UxYQbghk0f|%DB;1aw1ouv?#qh#eEYpDUXtO%|Plg%11nLkm0N*N2UKS zy}>V~lUVC(y-07l<8?wsYExX_DvCqR(8_+IY0{!=B{EQ?OyybXMtJRMyq5Er59yi8 zgL7 z^B&EK7NHQ%%fK)57}XJH1`ms_KluYdxJ?!wo5Flm5^hrX1Ka>D$fLJK;k(=3+UsBT zqRo758rbK$wYBBG24OILh*8W++6%v7kL=i}`mkV&+#yDgA1p~iq3aL%uk)9E#-Qx#3orl08var5hR5~rvd}-$)!fZg7q;dWtQ(~uLKWK?%nN87@Ozl z_<jWBDA z;j#&oI~#&{8vtIx4_Gxcl{*^-?+-QwMjmHhLAP#(c7I#m8nO@fX6t)EKq`YCvik`C zM_x9&op{C>(aM5ZMs*c{MBSoB{J)8@cB^;ihs+!N=1NyluuDz>LMcWt`7?P|B1V{+ zy*kM0oBz1V664_{f`43taCpS;&NA{djb-o1%RZ#sKk^zY3a*>-Dslx^jUW9#`GYQo literal 0 HcmV?d00001 diff --git a/docs/security.md b/docs/security.md index 2e9f97d2..5ae93dce 100644 --- a/docs/security.md +++ b/docs/security.md @@ -111,6 +111,7 @@ For the MLZ NSG's, the same rules that were added to the Azure Firewall as post- - **Azure Commercial** ![alt text](image-30.png) + - **Azure Government** ![alt text](image-31.png) From 8b64bfac83d08173a0c59180c3c816ff76be0955 Mon Sep 17 00:00:00 2001 From: Jason Masten Date: Mon, 16 Sep 2024 15:02:36 -0400 Subject: [PATCH 4/4] Disabled linter length for new paragraph --- docs/security.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/security.md b/docs/security.md index 5ae93dce..82aca09b 100644 --- a/docs/security.md +++ b/docs/security.md @@ -107,7 +107,9 @@ Application rules allow or deny outbound traffic. You can use an application rul ### NSG Security Rules -For the MLZ NSG's, the same rules that were added to the Azure Firewall as post-configuration settings should be added as security rules as part of the defense in depth, layered defensive best practices. When adding these rules to the NSG's, make note that NSG's do not support FQDN's as a rule processing type. Instead of using FQDN rules, the NSG should be configured to allow all traffic for each specified port in the Destination filter. Each NSG rule should be configured to have a source CIDR range, source port number, and the destination filter configured to 'Any'. This allows all of the required FQDN's to pass through the Azure Firewall as the first layer of defense, followed by the NSG's as the second layer of defense. + +For the MLZ NSG's, the same rules that were added to the Azure Firewall as post-configuration settings should be added as security rules as part of the defense in depth, layered defensive best practices. When adding these rules to the NSG's, make note that NSG's do not support FQDN's as a rule processing type. Instead of using FQDN rules, the NSG should be configured to allow all traffic for each specified port in the Destination filter. Each NSG rule should be configured to have a source CIDR range, source port number, and the destination filter configured to 'Any'. This allows all of the required FQDN's to pass through the Azure Firewall as the first layer of defense, followed by the NSG's as the second layer of defense. + - **Azure Commercial** ![alt text](image-30.png)