From c60ae3652a25d74b1d30b5584654c0e733c48822 Mon Sep 17 00:00:00 2001
From: Vannick Trinquier <vannick@google.com>
Date: Tue, 21 Oct 2025 17:34:25 +0700
Subject: [PATCH] Adding hardened datasets for preventive and detective
 Compliance Controls (#3410)

* Adding hardened datasets for preventive and detective Compliance Controls in stage 0 and stage 1 VPC-SC

* Move observability to factory file

* Update documentation

* Update local variable for use

* Update observability factory to use other module

* Add raw diagram file for hardened datasets

* Retrofit change

* Rename log_buckets context variable to be consistent across modules

* Update stage 0 documentation to mention hardened dataset

* Update customer ids list

* Update documentation, path to schema add ID to access level

* Comment organization policy gcp.resourceLocation by default

* Prevent duplicate key error by merging principal roles

* Adding ngfw roles files in hardened datasets

* Update script to validate files differences to support folder and datasets

* Format duplicate-diff python script

* Remove .config.yaml from duplicates

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
---
 fast/stages/0-org-setup/README.md             |  49 ++--
 .../classic/organization/.config.yaml         |   4 +-
 .../0-org-setup/datasets/hardened/README.md   | 269 ++++++++++++++++++
 .../hardened/assets/diagram.excalidraw.gz     | Bin 0 -> 2810 bytes
 .../datasets/hardened/assets/diagram.png      | Bin 0 -> 266836 bytes
 .../datasets/hardened/defaults.yaml           |  92 ++++++
 .../hardened/organization/.config.yaml        | 123 ++++++++
 ...contextmanagerDisableBridgePerimeters.yaml |  26 ++
 ...drunDisableEnvironmentVariablePattern.yaml |  27 ++
 ...cloudrunJobRequireBinaryAuthorization.yaml |  25 ++
 ...drunServiceRequireBinaryAuthorization.yaml |  25 ++
 ...oudsqlDisablePublicAuthorizedNetworks.yaml |  27 ++
 ...tom.cloudsqlEnforcePasswordComplexity.yaml |  26 ++
 ...custom.cloudsqlRequireAutomatedBackup.yaml |  25 ++
 ...tom.cloudsqlRequireMySQLDatabaseFlags.yaml |  30 ++
 ...om.cloudsqlRequirePointInTimeRecovery.yaml |  27 ++
 ...uirePostgreSQLDatabaseAdditionalFlags.yaml |  31 ++
 ...loudsqlRequirePostgreSQLDatabaseFlags.yaml |  36 +++
 .../custom.cloudsqlRequireRootPassword.yaml   |  25 ++
 ...cloudsqlRequireSQLServerDatabaseFlags.yaml |  35 +++
 .../custom.cloudsqlRequireSSLConnection.yaml  |  27 ++
 .../custom.dnsAllowedSigningAlgorithms.yaml   |  27 ++
 .../custom.dnsRequireManageZoneDNSSEC.yaml    |  27 ++
 .../custom.dnsRequirePolicyLogging.yaml       |  25 ++
 ...stom.firewallEnforcePolicyRuleLogging.yaml |  25 ++
 .../custom.firewallEnforceRuleLogging.yaml    |  33 +++
 .../custom.firewallRestrictOpenWorldRule.yaml |  25 ++
 .../custom.firewallRestrictRdpPolicyRule.yaml |  36 +++
 .../custom.firewallRestrictRdpRule.yaml       |  26 ++
 .../custom.firewallRestrictSshPolicyRule.yaml |  36 +++
 .../custom.firewallRestrictSshRule.yaml       |  26 ++
 .../custom.gkeAllowedNodePoolImages.yaml      |  25 ++
 .../custom.gkeAllowedReleaseChannels.yaml     |  25 ++
 .../custom.gkeDisableAlphaCluster.yaml        |  26 ++
 .../custom.gkeDisableKubernetesDashboard.yaml |  25 ++
 .../custom.gkeDisableLegacyAbac.yaml          |  25 ++
 ...tom.gkeDisableLegacyMetadataEndpoints.yaml |  26 ++
 .../custom.gkeRequireCOSImage.yaml            |  26 ++
 .../custom.gkeRequireDataplaneV2.yaml         |  25 ++
 .../custom.gkeRequireGKEMetadataServer.yaml   |  25 ++
 .../custom.gkeRequireIntegrityMonitoring.yaml |  25 ++
 .../custom.gkeRequireIntraNodeVisibility.yaml |  25 ++
 ...om.gkeRequireMasterAuthorizedNetworks.yaml |  26 ++
 .../custom.gkeRequireMonitoring.yaml          |  25 ++
 .../custom.gkeRequireNodePoolAutoRepair.yaml  |  25 ++
 .../custom.gkeRequireNodePoolAutoUpgrade.yaml |  25 ++
 ...stom.gkeRequireNodePoolCMEKEncryption.yaml |  25 ++
 .../custom.gkeRequireNodePoolSandbox.yaml     |  26 ++
 .../custom.gkeRequirePrivateEndpoint.yaml     |  26 ++
 .../custom.gkeRequireRegionalClusters.yaml    |  25 ++
 .../custom.gkeRequireSecureBoot.yaml          |  25 ++
 .../custom.gkeRequireVPCNativeCluster.yaml    |  25 ++
 .../custom.iamAllowedMembers.yaml             |  29 ++
 .../custom.iamDisablePublicBindings.yaml      |  25 ++
 .../custom.iamDisableRedisAdminRoles.yaml     |  34 +++
 .../custom.networkDisableTargetHTTPProxy.yaml |  25 ++
 .../custom.networkDisableWeakSSLPolicy.yaml   |  39 +++
 .../custom.networkRequireCustomModeVpc.yaml   |  24 ++
 ...tworkRequireSubnetPrivateGoogleAccess.yaml |  25 ++
 ...storageRequireBucketObjectVersionning.yaml |  25 ++
 .../network_firewall_policies_admin.yaml      |  24 ++
 .../custom-roles/ngfw_enterprise_admin.yaml   |  49 ++++
 .../custom-roles/ngfw_enterprise_viewer.yaml  |  35 +++
 .../organization_admin_viewer.yaml            |  34 +++
 .../custom-roles/organization_iam_admin.yaml  |  22 ++
 .../custom-roles/project_iam_viewer.yaml      |  24 ++
 .../service_project_network_admin.yaml        |  33 +++
 .../custom-roles/storage_viewer.yaml          |  33 +++
 .../organization/custom-roles/tag_viewer.yaml |  26 ++
 .../observability/auditConfigChanges.yaml     |  76 +++++
 .../observability/customRoleChanges.yaml      |  78 +++++
 .../observability/projectOwnershipChange.yaml |  82 ++++++
 .../org-policies/accesscontextmanager.yaml    |  24 ++
 .../organization/org-policies/appengine.yaml  |  24 ++
 .../organization/org-policies/bigquery.yaml   |  32 +++
 .../organization/org-policies/cloudbuild.yaml |  35 +++
 .../organization/org-policies/compute.yaml    | 132 +++++++++
 .../organization/org-policies/dns.yaml        |  32 +++
 .../org-policies/essentialcontacts.yaml       |  36 +++
 .../organization/org-policies/firewall.yaml   |  32 +++
 .../organization/org-policies/gcp.yaml        |  29 ++
 .../organization/org-policies/gke.yaml        | 112 ++++++++
 .../organization/org-policies/iam.yaml        |  68 +++++
 .../organization/org-policies/network.yaml    |  50 ++++
 .../organization/org-policies/serverless.yaml |  56 ++++
 .../organization/org-policies/sql.yaml        |  64 +++++
 .../organization/org-policies/storage.yaml    |  38 +++
 .../organization/org-policies/vertexai.yaml   |  38 +++
 ...RequireIngressInternalAndLoadBalancer.yaml |  25 ++
 .../cloudfunctionsV1RequireVPCConnector.yaml  |  23 ++
 .../cloudrunRequireBinaryAuthorization.yaml   |  26 ++
 ...RequireIngressInternalAndLoadBalancer.yaml |  25 ++
 .../cloudsqlRequirePointInTimeRecovery.yaml   |  24 ++
 .../computeDisableNestedVirtualization.yaml   |  23 ++
 .../gkeDisableClientCertificateAuth.yaml      |  24 ++
 .../gkeRequireDataplaneV2.yaml                |  24 ++
 .../gkeRequireRegionalCluster.yaml            |  23 ++
 .../hardened/organization/tags/context.yaml   |  23 ++
 .../organization/tags/environment.yaml        |  43 +++
 .../organization/tags/org-policies.yaml       |  25 ++
 .../hardened/projects/core/billing-0.yaml     |  29 ++
 .../hardened/projects/core/iac-0.yaml         | 179 ++++++++++++
 .../hardened/projects/core/log-0.yaml         |  35 +++
 fast/stages/0-org-setup/organization.tf       |   1 +
 fast/stages/1-vpcsc/README.md                 |  16 +-
 .../classic}/access-levels/geo.yaml           |   3 +-
 .../ingress-policies/fast-org-log-sinks.yaml  |   2 +-
 .../classic}/perimeters/default.yaml          |   2 +-
 .../classic}/restricted-services.yaml         |   0
 .../datasets/hardened/access-levels/geo.yaml  |  23 ++
 .../ingress-policies/fast-org-log-sinks.yaml  |  26 ++
 .../datasets/hardened/perimeters/default.yaml |  25 ++
 .../hardened/restricted-services.yaml         |  87 ++++++
 fast/stages/1-vpcsc/variables.tf              |  10 +-
 .../3-data-platform-dev/data-domains.tf       |  14 +-
 fast/stages/3-data-platform-dev/main.tf       |   7 +-
 fast/stages/CLEANUP.md                        |   8 +
 .../organization/scc-sha-custom-modules.tf    |   6 +
 modules/project-factory/README.md             |  10 +-
 modules/project-factory/projects.tf           |   5 +
 modules/project-factory/variables.tf          |   1 +
 modules/project/README.md                     |   2 +-
 modules/project/logging-metrics.tf            |   2 +-
 modules/project/variables.tf                  |   2 +-
 tools/duplicate-diff.py                       |  85 +++++-
 125 files changed, 4120 insertions(+), 58 deletions(-)
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/README.md
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/assets/diagram.excalidraw.gz
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/assets/diagram.png
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/defaults.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/.config.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.accesscontextmanagerDisableBridgePerimeters.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunDisableEnvironmentVariablePattern.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobRequireBinaryAuthorization.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceRequireBinaryAuthorization.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlDisablePublicAuthorizedNetworks.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlEnforcePasswordComplexity.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireAutomatedBackup.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireMySQLDatabaseFlags.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePointInTimeRecovery.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseFlags.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireRootPassword.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSQLServerDatabaseFlags.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSSLConnection.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsAllowedSigningAlgorithms.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequireManageZoneDNSSEC.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequirePolicyLogging.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforcePolicyRuleLogging.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforceRuleLogging.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictOpenWorldRule.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpPolicyRule.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpRule.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshPolicyRule.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshRule.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedNodePoolImages.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedReleaseChannels.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableAlphaCluster.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableKubernetesDashboard.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyAbac.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyMetadataEndpoints.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireCOSImage.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireDataplaneV2.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireGKEMetadataServer.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntegrityMonitoring.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntraNodeVisibility.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMasterAuthorizedNetworks.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMonitoring.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoRepair.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoUpgrade.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolCMEKEncryption.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolSandbox.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequirePrivateEndpoint.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireRegionalClusters.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireSecureBoot.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireVPCNativeCluster.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamAllowedMembers.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisablePublicBindings.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableRedisAdminRoles.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableTargetHTTPProxy.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableWeakSSLPolicy.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireCustomModeVpc.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireSubnetPrivateGoogleAccess.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.storageRequireBucketObjectVersionning.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/network_firewall_policies_admin.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/ngfw_enterprise_admin.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/ngfw_enterprise_viewer.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/organization_admin_viewer.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/organization_iam_admin.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/project_iam_viewer.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/service_project_network_admin.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/storage_viewer.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/tag_viewer.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/observability/auditConfigChanges.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/observability/customRoleChanges.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/observability/projectOwnershipChange.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/accesscontextmanager.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/appengine.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/bigquery.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/cloudbuild.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/compute.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/dns.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/essentialcontacts.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/firewall.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/gcp.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/gke.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/iam.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/network.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/serverless.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/sql.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/storage.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/org-policies/vertexai.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireIngressInternalAndLoadBalancer.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireVPCConnector.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireBinaryAuthorization.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireIngressInternalAndLoadBalancer.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequirePointInTimeRecovery.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/computeDisableNestedVirtualization.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeDisableClientCertificateAuth.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireDataplaneV2.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireRegionalCluster.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/tags/context.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/tags/environment.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/organization/tags/org-policies.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/projects/core/billing-0.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/projects/core/iac-0.yaml
 create mode 100644 fast/stages/0-org-setup/datasets/hardened/projects/core/log-0.yaml
 rename fast/stages/1-vpcsc/{data => datasets/classic}/access-levels/geo.yaml (90%)
 rename fast/stages/1-vpcsc/{data => datasets/classic}/ingress-policies/fast-org-log-sinks.yaml (90%)
 rename fast/stages/1-vpcsc/{data => datasets/classic}/perimeters/default.yaml (91%)
 rename fast/stages/1-vpcsc/{data => datasets/classic}/restricted-services.yaml (100%)
 create mode 100644 fast/stages/1-vpcsc/datasets/hardened/access-levels/geo.yaml
 create mode 100644 fast/stages/1-vpcsc/datasets/hardened/ingress-policies/fast-org-log-sinks.yaml
 create mode 100644 fast/stages/1-vpcsc/datasets/hardened/perimeters/default.yaml
 create mode 100644 fast/stages/1-vpcsc/datasets/hardened/restricted-services.yaml

diff --git a/fast/stages/0-org-setup/README.md b/fast/stages/0-org-setup/README.md
index ef0b6cc21..13607dc66 100644
--- a/fast/stages/0-org-setup/README.md
+++ b/fast/stages/0-org-setup/README.md
@@ -13,6 +13,7 @@
   - [Provider setup and final apply cycle](#provider-setup-and-final-apply-cycle)
 - [Default factory datasets](#default-factory-datasets)
   - ["Classic FAST" dataset](#classic-fast-dataset)
+  - ["Hardened" dataset](#hardened-dataset)
   - ["Minimal" dataset (TBD)](#minimal-dataset-tbd)
   - ["Tenants" dataset (TBD)](#tenants-dataset-tbd)
 - [Detailed configuration](#detailed-configuration)
@@ -77,12 +78,12 @@ If this configuration matches requirements, no changes are necessary at this sta
 # create a file named 0-org-setup.auto.tfvars containing the following
 # and replace paths by pointing them to the desired data folder
 factories_config = {
-  billing_accounts = "data/billing-accounts"
-  cicd             = "data/cicd.yaml"
-  defaults         = "data/defaults.yaml"
-  folders          = "data/folders"
-  organization     = "data/organization"
-  projects         = "data/projects"
+  billing_accounts = "datasets/classic/billing-accounts"
+  cicd             = "datasets/classic/cicd.yaml"
+  defaults         = "datasets/classic/defaults.yaml"
+  folders          = "datasets/classic/folders"
+  organization     = "datasets/classic/organization"
+  projects         = "datasets/classic/projects"
 }
 ```
 
@@ -253,6 +254,12 @@ The organizational layout mirrors the consolidated FAST one, where shared infras
   <img src="diagram-classic-fast.png" alt="Classic FAST organization-level diagram.">
 </p>
 
+### "Hardened" dataset
+
+This dataset implements a hardened design focusing on strict security and compliance requirements. It expands on the "Classic FAST" layout by incorporating more advanced and granular preventive and detective controls from the start.
+
+This dataset provides a stronger and centrally-managed security baseline, ensuring that projects and resources deployed adhere to stricter security and compliance from inception. It includes both **preventive controls** (organization policies and custom constraints) and **detective controls** (monitoring alerts and Security Command Center custom module detectors). For more details on the content of this hardened dataset and the various controls provisioned, refer to the [hardened dataset documentation](./datasets/hardened/README.md).
+
 ### "Minimal" dataset (TBD)
 
 This dataset is meant as a minimalistic starting point for organizations where a security baseline and a project factory are all that's needed, at least initially. The design can then organically grow to support more functionality, converging to the Classic or other types of layouts.
@@ -293,28 +300,28 @@ The resources created by this stage are controlled by several factories, which p
 
 The default paths point to the dataset in the `data` folder which deploys a FAST-compliant configuration. These are the available factories in this stage, with file-level factories based on a single YAML file, and folder-level factories based on sets of YAML files contained within a filesystem folder:
 
-- **defaults** (`data/defaults.yaml`) \
+- **defaults** (`datasets/classic/defaults.yaml`) \
   file-level factory to define stage defaults (organization id, locations, prefix, etc.) and static context mappings
-- **billing_accounts** (`data/billing-accounts`) \
+- **billing_accounts** (`datasets/classic/billing-accounts`) \
   folder-level factory where each YAML file defines billing-account level IAM for one billing account; only used for externally managed accounts
-- **organization** (`data/organization/.config.yaml`) \
+- **organization** (`datasets/classic/organization/.config.yaml`) \
   file-level factory to define organization IAM and log sinks
-  - **custom roles** (`data/organization/custom-roles`) \
+  - **custom roles** (`datasets/classic/organization/custom-roles`) \
     folder-level factory to define organization-level custom roles
-  - **org policies** (`data/organization/org-policies`) \
+  - **org policies** (`datasets/classic/organization/org-policies`) \
     folder-level factory to define organization-level org policies
-  - **tags** (`data/organization/tags`) \
+  - **tags** (`datasets/classic/organization/tags`) \
     folder-level factory to define organization-level resource management tags
-- **folders** (`data/folders`) \
+- **folders** (`datasets/classic/folders`) \
   folder-level factory to define the resource management hierarchy and individual folder attributes (IAM, org policies, tag bindings, etc.); also supports defining folder-level IaC resources
-- **projects** (`data/projects`) \
+- **projects** (`datasets/classic/projects`) \
   folder-level factory to define projects and their attributes (projejct factory)
-- **cicd** (`data/cicd.yaml`) \
+- **cicd** (`datasets/classic/cicd.yaml`) \
   file-level factory to define CI/CD configurations for this and subsequent stages
 
 ### Defaults configuration
 
-The prerequisite configuration for this stage is done via a `defaults.yaml` file, which implements part or all of the [relevant JSON schema](./schemas/defaults.schema.json). The location of the file defaults to `data/defaults.yaml` but can be easily changed via the `factories_config.defaults` variable.
+The prerequisite configuration for this stage is done via a `defaults.yaml` file, which implements part or all of the [relevant JSON schema](./schemas/defaults.schema.json). The location of the file defaults to `datasets/classic/defaults.yaml` but can be easily changed via the `factories_config.defaults` variable.
 
 This is a commented example of a defaults file, showing a minimal working configuration. Refer to the YAML schema for all available options.
 
@@ -422,7 +429,7 @@ Principal expansion leverages the `$iam_principals:` context, which is populated
 
 ```yaml
 # example principal-level context interpolation
-# file: data/organization/.config.yaml
+# file: datasets/classic/organization/.config.yaml
 iam_by_principals:
   # statically defined principal (via defaults.yaml)
   $iam_principals:gcp-organization-admins:
@@ -445,7 +452,7 @@ Log sinks can refer to project-level destination via different contexts.
 
 ```yaml
 # example log sinks showing different destination contexts
-# file: data/organization/.config.yaml
+# file: datasets/classic/organization/.config.yaml
 logging:
   storage_location: $locations:default
   sinks:
@@ -475,7 +482,7 @@ Context-based expansion is not limited to the organization's `.config.yaml` file
 
 ```yaml
 # example usage of context interpolation in tag values IAM
-# file: data/organization/tags/environment.yaml
+# file: datasets/classic/organization/tags/environment.yaml
 description: "Organization-level environments."
 values:
   development:
@@ -515,7 +522,7 @@ The folder hierarchy is managed via a filesystem tree of YAML configuration file
 The default dataset implements a classic FAST layout, with top-level folders for stage 2 and stage 3, and can be easily tweaked by adding or removing any needed folder.
 
 ```bash
-data/folders
+datasets/classic/folders
 ├── networking
 │   ├── .config.yaml
 │   ├── dev
@@ -542,7 +549,7 @@ As with the factories described above, context replacements can be used in folde
 As with other examples before, the main use case is to infer IAM principals from either the static or internally defined context. One additional context which is often useful here is tag values, which allows defining a scope for organization-level conditional IAM bindings or org policies.
 
 ```yaml
-# file: data/folders/teams/.config.yaml
+# file: datasets/classic/folders/teams/.config.yaml
 name: Teams
 iam_by_principals:
   $iam_principals:service_accounts/iac-0/iac-pf-rw:
diff --git a/fast/stages/0-org-setup/datasets/classic/organization/.config.yaml b/fast/stages/0-org-setup/datasets/classic/organization/.config.yaml
index d1bb3e90a..1677e3eee 100644
--- a/fast/stages/0-org-setup/datasets/classic/organization/.config.yaml
+++ b/fast/stages/0-org-setup/datasets/classic/organization/.config.yaml
@@ -14,7 +14,7 @@
 
 # TODO: data access logs
 
-# yaml-language-server: $schema=../../schemas/organization.schema.json
+# yaml-language-server: $schema=../../../schemas/organization.schema.json
 
 id: $defaults:organization/id
 contacts:
@@ -119,4 +119,4 @@ logging:
 # these are internally merged with IAM by principal
 iam:
   # reset default role on new organizations
-  roles/billing.creator: []
+  roles/billing.creator: []
\ No newline at end of file
diff --git a/fast/stages/0-org-setup/datasets/hardened/README.md b/fast/stages/0-org-setup/datasets/hardened/README.md
new file mode 100644
index 000000000..9d29d6bb1
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/README.md
@@ -0,0 +1,269 @@
+# Hardened Dataset for FAST Organization Setup
+
+This hardened dataset contains a set of compliance controls that can be applied to your Google Cloud environment. 
+It includes preventive controls (custom constraints and organization policies) and detective controls (Security Command Center custom module detectors and observability alerts).
+
+## Prerequisites
+
+This dataset configuration configures a set of compliance and security controls based on recommendations gathered from various customer engagements.
+
+The **preventive controls** are based on a recommended list of organization policies and custom organization policies. Many of these help enforce CIS Benchmarks and PCI-DSS requirements and are broadly applicable.
+
+The **detective controls** are based on the following:
+  - Security Health Analytics (SHA) and Custom SHA modules: These require **a Security Command Center (SCC) Premium or Enterprise subscription.**
+  - Log-based metrics and Monitoring Alerts: These can be used by any organization.
+
+## High level architecture
+
+The dataset contains the configurations for various controls, which are consumed by the Terraform modules using the factory configuration.
+
+|                                     	| Organization Policies 	|    Custom Constraint    	|  Monitoring Alerts 	|                    SCC SHA                   	|        SCC Custom SHA       	|
+|:-----------------------------------:	|:---------------------:	|:-----------------------:	|:------------------:	|:--------------------------------------------:	|:---------------------------:	|
+|           **Type of controls**          	|       Preventive      	|        Preventive       	|      Detective     	|                   Detective                  	|          Detective          	|
+|            **Factory folder**           	|   data/org-policies   	| data/custom-constraints 	| data/observability 	| Already included as part of SCC Subscription 	| data/scc-custom-sha-modules 	|
+| **Requires SCC Premium or Enterprise ?** 	|           NO          	|            NO           	|         NO         	|                      YES                     	|             YES             	|
+
+The diagram below shows the relationships between the components:
+
+![image](assets/diagram.png)
+
+## Usage
+
+To use this `hardened` dataset, create a `0-org-setup.auto.tfvars` file in the `fast/stages/0-org-setup` directory and override the `factories_config` variable as shown below:
+
+```tfvars
+factories_config = {
+  organization     = "datasets/hardened/organization"
+}
+```
+
+For organizations not using **SCC Premium or Enterprise**, the following error will appear:
+```
+╷
+│ Error: Error creating OrganizationSecurityHealthAnalyticsCustomModule: googleapi: Error 403: Security Command Center Management API has not been used in project 111111111111 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/securitycentermanagement.googleapis.com/overview?project=111111111111 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
+```
+
+In that case, the controls placed in the `organization/scc-sha-custom-modules` folder need to be removed to ensure they are provisionned.
+
+## Controls
+
+### Preventive Controls
+
+#### Organization Policies
+| Policy | Description | Compliance Mapping |
+|---|---|---|
+| `ainotebooks.disableFileDownloads` | Prevent file downloads on new Vertex AI Workbench instances. |  |
+| `ainotebooks.disableRootAccess` | Prevent root access on new Vertex AI Workbench user-managed notebooks and instances. |  |
+| `ainotebooks.restrictPublicIp` | Restrict public IP access on new Vertex AI Workbench notebooks and instances. |  |
+| `ainotebooks.restrictVpcNetworks` | Restrict VPC networks on new Vertex AI Workbench instances. |  |
+| `appengine.disableCodeDownload` | Prevent the download of source code from App Engine. |  |
+| `bigquery.disableBQOmniAWS` | Prevent the creation of BigQuery Omni tables for AWS. |  |
+| `bigquery.disableBQOmniAzure` | Prevent the creation of BigQuery Omni tables for Azure. |  |
+| `cloudbuild.allowedIntegrations` | Restrict Cloud Build integrations to an approved list. |  |
+| `cloudbuild.allowedWorkerPools` | Restrict Cloud Build jobs to an authorized list of worker pools. |  |
+| `cloudbuild.disableCreateDefaultServiceAccount` | Prevent Default Service Account for Cloud Build to be created |  |
+| `cloudfunctions.allowedVpcConnectorEgressSettings` | Ensure Cloud Functions Gen1 only allows internal and load balancer traffic. |  |
+| `cloudfunctions.requireVPCConnector` | Ensure Cloud Functions Gen1 are configured with a VPC connector. |  |
+| `compute.disableGuestAttributesAccess` | Prevent the use of Guest Attributes for Compute Engine instance metadata. |  |
+| `compute.disableInternetNetworkEndpointGroup` | Prevent configuration of internet network endpoint groups. |  |
+| `compute.disableNestedVirtualization` | Prevent the creation of Compute Engine instances with nested virtualization enabled. |  |
+| `compute.disableSerialPortAccess` | Prevent the enablement of serial port access for VM instances. | **CIS Controls 8.0**: 4.8<br>**PCI-DSS 4.0**: 1.2.1, 1.4.1<br>**NIST 800-53 R5**: CM-6, CM-7<br>**ISO-2700-1 v2022**: A.8.9<br>**SOC2 v2017**: CC6.6.1, CC6.6.3, CC6.6.4 |
+| `compute.disableVpcExternalIpv6` | Prevent configuration of subnets with external IPv6 ranges. |  |
+| `compute.managed.blockPreviewFeatures` | Ensures that preview feature updates are blocked unless explicitly allowed |  |
+| `compute.requireOsLogin` | Enforce the use of OS Login for all Compute Engine instances. | **CIS Controls 8.0**: 5.6, 6.7<br>**PCI-DSS 4.0**: 1.2.5,<br>2.2.4<br>6.4.1<br>**NIST 800-53 R5**: AC-2<br>**ISO-2700-1 v2022**: A.5.15<br>**SOC2 v2017**: CC6.1.4, CC6.1.6, CC6.1.8, CC6.1.9 |
+| `compute.requireShieldedVm` | Enforce the use of Shielded VM for all Compute Engine instances. |  |
+| `compute.requireSslPolicy` | Prevent the use of weak cipher suites and TLS versions on HTTPS and SSL Proxy load balancers. | **NIST 800-53 R4**: SC-7<br>**ISO-2700-1 v2013**: A.14.1.3 |
+| `compute.restrictDedicatedInterconnectUsage` | Restrict the use of Dedicated Interconnect. |  |
+| `compute.restrictLoadBalancerCreationForTypes` | Restrict the creation of load balancers based on type. |  |
+| `compute.restrictPartnerInterconnectUsage` | Restrict the use of Partner Interconnect. |  |
+| `compute.restrictProtocolForwardingCreationForTypes` | Restrict the creation of forwarding rules based on type. |  |
+| `compute.restrictVpcPeering` | Restrict the use of VPC peering. |  |
+| `compute.setNewProjectDefaultToZonalDNSOnly` | Ensure project created use Zonal DNS instead of global. |  |
+| `compute.skipDefaultNetworkCreation` | Prevent the automatic creation of the default VPC network in new projects. | **CIS Controls 8.0**: 4.2<br>**NIST 800-53 R5**: AC-18, CM-2, CM-6, CM-7, CM-9<br>**NIST Cybersecurity Framework 1.0**: PR-IP-1<br>**ISO-2700-1 v2022**: A.8.9<br>**SOC2 v2017**: CC5.2.2<br>**Cloud Controls Matrix 4**: ISV-04 |
+| `compute.trustedImageProjects` | Restrict the use of VM images to an authorized list of projects. |  |
+| `compute.vmExternalIpAccess` | Prevent Compute Engine instances from having public IP addresses. | **CIS Controls 8.0**: 3.3<br>**PCI-DSS 4.0**: 1.3.1<br>**NIST 800-53 R4**: CA-3, SC-7<br>**NIST 800-53 R5**: AC-3, AC-5, AC-6, MP-2<br>**NIST Cybersecurity Framework 1.0**: PR-AC-4<br>**ISO-2700-1 v2022**: A.5.10, A.5.15, A.8.3, A.8.4<br>**SOC2 v2017**: CC5.2.3, CC6.1.3, CC6.1.7<br>**HIPAA**: 164.308(a)(3)(i), 164.308(a)(3)(ii), 164.312(a)(1)<br>**Cloud Controls Matrix 4**: DSP-17 |
+| `container.managed.disableABAC` | Require that Attribute-Based Access Control is disabled |  |
+| `container.managed.disableLegacyClientCertificateIssuance` | Prevent the use of legacy authentication methods for GKE API servers. | **CIS for GKE 1.5**: 2.1.1<br>5.8.1<br>**PCI-DSS 4.0**: 4.1 |
+| `container.managed.enableCloudLogging` | Enforce that GKE clusters logging is enabled | **CIS for GKE 1.5**: 5.7.1<br>**PCI-DSS 4.0**: 10.2 |
+| `container.managed.enableNetworkPolicy` | Enforce that GKE clusters are configured with Network Policy enabled | **CIS for GKE 1.5**: 5.6.7<br>**PCI-DSS 4.0**: 1.2,1.1,1.4<br>**ISO-2700-1 v2013**: A.13.1.1 |
+| `container.managed.enablePrivateNodes` | Enforce that GKE clusters are created as private clusters with private nodes | **CIS for GKE 1.5**: 5.6.5<br>**PCI-DSS 4.0**: 1.3.1 |
+| `container.managed.enableShieldedNodes` | Enforce that GKE nodes is configured with shielded GKE nodes | **CIS for GKE 1.5**: 5.5.5 |
+| `container.managed.enableWorkloadIdentityFederation` | Enforce that GKE clusters are enabled with Workload Identity  | **CIS for GKE 1.5**: 5.2.2<br>**PCI-DSS 4.0**: 7.2.2 |
+| `essentialcontacts.allowedContactDomains` | Restrict essential contact domains to an authorized list. |  |
+| `gcp.restrictTLSCipherSuites` | Prevent the use of weak cipher suites and TLS versions on HTTPS and SSL Proxy load balancers. | **NIST 800-53 R4**: SC-7<br>**ISO-2700-1 v2013**: A.14.1.3 |
+| `gcp.restrictTLSVersion` | Prevent the use of weak cipher suites and TLS versions on HTTPS and SSL Proxy load balancers. | **NIST 800-53 R4**: SC-7<br>**ISO-2700-1 v2013**: A.14.1.3 |
+| `iam.allowedPolicyMemberDomains` | Restrict domain sharing to authorized domains. | **NIST 800-53 R4**: AC-3<br>**ISO-2700-1 v2013**: A.9.2.3 |
+| `iam.automaticIamGrantsForDefaultServiceAccounts` | Prevent the automatic granting of IAM roles to default service accounts. | **PCI-DSS 4.0**: 2.2.2<br>2.3.1 |
+| `iam.disableAuditLoggingExemption` | Prevent the use of audit logging exemptions. Detect also if audit logging are has been disabled. |  |
+| `iam.disableServiceAccountKeyCreation` | Enforce the use of only GCP-managed service account keys. |  |
+| `iam.disableServiceAccountKeyUpload` | Prevent the uploading of service account keys. |  |
+| `iam.managed.disableServiceAccountApiKeyCreation` | Prevent the creation of service account API key bindings. |  |
+| `iam.serviceAccountKeyExposureResponse` | Enforce Google to disable the service keys if a service account linked key is detected to be exposed publicly. |  |
+| `iam.workloadIdentityPoolAwsAccounts` | Prevent creation of workload identity pools using AWS accounts, except if expliicitely allowed. |  |
+| `iam.workloadIdentityPoolProviders` | Prevent creation of any workload identity pools except if expliicitely allowed. |  |
+| `run.allowedBinaryAuthorizationPolicies` | Restrict Cloud Run services and jobs to an authorized list of Binary Authorization policies. |  |
+| `run.allowedIngress` | Ensure Cloud Run services only allow internal and load balancer traffic. |  |
+| `run.allowedVPCEgress` | Ensure all traffic from Cloud Run services and jobs is routed through a VPC connector. |  |
+| `run.managed.requireInvokerIam` | Enforce an IAM invoker check for Cloud Run services. |  |
+| `sql.restrictAuthorizedNetworks` | Prevent the ability to add Authorized Networks for unproxied database access to Cloud SQL instances. |  |
+| `sql.restrictPublicIp` | Ensure That Cloud SQL Database Instances Do Not Have Public IPs | **CIS Controls 8.0**: 3.3, 4.6<br>**PCI-DSS 4.0**: 1.3.1<br>**NIST 800-53 R5**: AC-3, AC-5, AC-6, MA-4, MP-2<br>**NIST Cybersecurity Framework 1.0**: PR-AC-4<br>**ISO-2700-1 v2022**: A.5.10, A.5.15, A.8.3, A.8.4<br>**SOC2 v2017**: CC5.2.2, CC5.2.3, CC6.1.3, CC6.1.7<br>**HIPAA**: 164.308(a)(3)(i), 164.308(a)(3)(ii), 164.312(a)(1)<br>**Cloud Controls Matrix 4**: DSP-17 |
+| `storage.publicAccessPrevention` | Prevent anonymous or public access to Cloud Storage buckets. | **CIS Controls 8.0**: 3.3<br>**PCI-DSS 4.0**: 1.3.1<br>**NIST 800-53 R4**: AC-2<br>**NIST 800-53 R5**: AC-3, AC-5, AC-6, MP-2<br>**NIST Cybersecurity Framework 1.0**: PR-AC-4<br>**ISO-2700-1 v2013**: A.14.1.3, A.8.2.3<br>**ISO-2700-1 v2022**: A.5.10, A.5.15, A.8.3, A.8.4<br>**SOC2 v2017**: CC5.2.3, CC6.1.3, CC6.1.7<br>**HIPAA**: 164.308(a)(3)(i), 164.308(a)(3)(ii), 164.312(a)(1)<br>**Cloud Controls Matrix 4**: DSP-17 |
+| `storage.restrictAuthTypes` | Restrict authentication types for Cloud Storage. |  |
+| `storage.secureHttpTransport` | Restrict unencrypted HTTP access to Cloud Storage. |  |
+| `storage.uniformBucketLevelAccess` | Enforce the enablement of uniform bucket-level access to Cloud Storage buckets. | **CIS Controls 8.0**: 3.3<br>**PCI-DSS 4.0**: 1.3.1<br>**NIST 800-53 R5**: AC-3, AC-5, AC-6, MP-2<br>**NIST Cybersecurity Framework 1.0**: PR-AC-4<br>**ISO-2700-1 v2022**: A.5.10, A.5.15, A.8.3, A.8.4<br>**SOC2 v2017**: CC5.2.3, CC6.1.3, CC6.1.7<br>**HIPAA**: 164.308(a)(3)(i), 164.308(a)(3)(ii), 164.312(a)(1)<br>**Cloud Controls Matrix 4**: DSP-17 |
+
+**Note:** For organizations with strict requirements to ensure all resources are created and stored within specific geographic regions (e.g., for data sovereignty or regulatory compliance), the `gcp.resourceLocations` Organization Policy present in file [gcp.yaml](organization/org-policies/gcp.yaml)  can be enabled.
+
+#### Custom Constraints
+| Constraint | Description | Compliance Mapping |
+|---|---|---|
+| `accesscontextmanagerDisableBridgePerimeters` | Ensure no perimeter bridges are used. Instead, use ingress and egress rules. |  |
+| `cloudrunDisableEnvironmentVariablePattern` | Prevent secrets from being stored in Cloud Run environment variables. |  |
+| `cloudsqlDisablePublicAuthorizedNetworks` | Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses | **CIS Controls 8.0**: 3.3<br>**PCI-DSS 4.0**: 1.3.1<br>**NIST 800-53 R4**: CA-3, SC-7<br>**NIST 800-53 R5**: AC-3, AC-5, AC-6, MP-2<br>**NIST Cybersecurity Framework 1.0**: PR-AC-4<br>**ISO-2700-1 v2013**: A.13.1.3, A.14.1.3, A.8.2.3<br>**ISO-2700-1 v2022**: A.5.10, A.5.15, A.8.3, A.8.4<br>**SOC2 v2017**: CC5.2.3, CC6.1.3, CC6.1.7<br>**HIPAA**: 164.308(a)(3)(i), 164.308(a)(3)(ii), 164.312(a)(1)<br>**Cloud Controls Matrix 4**: DSP-17 |
+| `cloudsqlEnforcePasswordComplexity` | Enforce password complexity for Cloud SQL instance users. |  |
+| `cloudsqlRequireAutomatedBackup` | Ensure That Cloud SQL Database Instances Are Configured With Automated Backups | **CIS Controls 8.0**: 11.2<br>**NIST 800-53 R4**: CP-9<br>**NIST 800-53 R5**: CP-10, CP-9<br>**NIST Cybersecurity Framework 1.0**: PR-IP-4<br>**ISO-2700-1 v2013**: A.12.3.1<br>**ISO-2700-1 v2022**: A.8.13<br>**HIPAA**: 164.308(a)(7)(ii) |
+| `cloudsqlRequireMySQLDatabaseFlags` | Ensure ‘Skip_show_database’ Database Flag for Cloud SQL MySQL Instance Is Set to ‘On’ | **CIS Controls 8.0**: 3.3<br>**PCI-DSS 4.0**: 1.3.1<br>**NIST 800-53 R5**: AC-3, AC-5, AC-6, MP-2<br>**NIST Cybersecurity Framework 1.0**: PR-AC-4<br>**ISO-2700-1 v2022**: A.5.10, A.5.15, A.8.3, A.8.4<br>**SOC2 v2017**: CC5.2.3, CC6.1.3, CC6.1.7<br>**HIPAA**: 164.308(a)(3)(i), 164.308(a)(3)(ii), 164.312(a)(1)<br>**Cloud Controls Matrix 4**: DSP-17 |
+| `cloudsqlRequirePointInTimeRecovery` | Enforce point-in-time recovery for all Cloud SQL backup configurations. |  |
+| `cloudsqlRequirePostgreSQLDatabaseFlags` | Ensure That the ‘Log_connections’ Database Flag for Cloud SQL PostgreSQL Instance Is Set to ‘On’ | **CIS Controls 8.0**: 8.5<br>**PCI-DSS 4.0**: 10.2.1, 10.2.1.2, 10.2.1.5, 9.4.5<br>**NIST 800-53 R5**: AU-12, AU-3, AU-7<br>**NIST Cybersecurity Framework 1.0**: DE-AE-3, DE-CM-1<br>**ISO-2700-1 v2022**: A.5.28, A.8.15<br>**SOC2 v2017**: CC5.2.3, CC7.2.1, CC7.2.2, CC7.2.3<br>**Cloud Controls Matrix 4**: DSP-17 |
+| `cloudsqlRequireRootPassword` | Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges | **NIST 800-53 R4**: AC-3<br>**ISO-2700-1 v2013**: A.8.2.3, A.9.4.2<br>**ISO-2700-1 v2022**: A.8.5 |
+| `cloudsqlRequireSQLServerDatabaseFlags` | Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off' | **CIS Controls 8.0**: 2.7<br>**PCI-DSS 4.0**: 1.2.5, 2.2.4, 6.4.3<br>**NIST 800-53 R5**: CM-7, SI-7<br>**NIST Cybersecurity Framework 1.0**: PR-IP-1, PR-PT-3<br>**SOC2 v2017**: CC5.2.1, CC5.2.2, CC5.2.3, CC5.2.4 |
+| `cloudsqlRequireSSLConnection` | Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL | **NIST 800-53 R4**: SC-7<br>**ISO-2700-1 v2013**: A.13.2.1, A.14.1.3, A.8.2.3 |
+| `dnsAllowedSigningAlgorithms` | Prevent the use of the RSASHA1 algorithm for the Key-Signing Key in Cloud DNS DNSSEC. | **PCI-DSS 4.0**: 1.1.1, 1.2.1, 1.2.6, 1.2.7, 1.4.2, 1.5.1, 2.1.1, 2.2.1<br>**NIST 800-53 R4**: 4.2<br>**NIST 800-53 R5**: AC-18, CM-2, CM-6, CM-7, CM-9<br>**NIST Cybersecurity Framework 1.0**: PR-IP-1<br>**ISO-2700-1 v2022**: A.8.9<br>**SOC2 v2017**: CC5.2.2<br>**Cloud Controls Matrix 4**: IVS-04 |
+| `dnsRequireManageZoneDNSSEC` | Enforce the enablement of DNSSEC for all Cloud DNS zones. | **CIS Controls 8.0**: 4.2<br>**PCI-DSS 4.0**: 1.1.1, 1.2.1, 1.2.6, 1.2.7, 1.4.2, 1.5.1, 2.1.1, 2.2.1<br>**NIST 800-53 R5**: AC-18, CM-2, CM-6, CM-7, CM-9<br>**NIST Cybersecurity Framework 1.0**: PR-IP-1<br>**ISO-2700-1 v2013**: A.8.2.3<br>**ISO-2700-1 v2022**: A.8.9<br>**SOC2 v2017**: CC5.2.2<br>**Cloud Controls Matrix 4**: ISV-04 |
+| `dnsRequirePolicyLogging` | Enforce the enablement of Cloud DNS logging for all VPC networks. | **PCI-DSS 4.0**: 10.4.1, 10.4.1.1, 10.4.2, 10.4.3<br>**NIST 800-53 R5**: AU-6, AU-7<br>**NIST Cybersecurity Framework 1.0**: DE-AE-2, PR-PT-1, RS-AN-1<br>**ISO-2700-1 v2022**: A.5.25<br>**SOC2 v2017**: CC4.1.1, CC4.1.2, CC4.1.3, CC4.1.4, CC4.1.5, CC4.1.6, CC4.1.7, CC4.1.8, CC7.3.1, CC7.3.2, CC7.3.3, CC7.3.4, CC7.3.5<br>**HIPAA**: 164.308(a)(1)(ii), 164.312(b)<br>**Cloud Controls Matrix 4**: LOG-05 |
+| `firewallRestrictOpenWorldRule` | Prevent the creation of VPC firewall rules with a source or destination of `0.0.0.0/0`. |  |
+| `firewallRestrictRdpPolicyRule` | Prevent RDP access from the internet via firewall policies. | **CIS Controls 8.0**: 4.4, 4.5<br>**PCI-DSS 4.0**: 1.2.1, 1.4.1<br>**NIST 800-53 R4**: SC-7<br>**NIST 800-53 R5**: CA-9, SC-7<br>**ISO-2700-1 v2013**: A.13.1.1<br>**SOC2 v2017**: CC6.6.1, CC6.6.4 |
+| `firewallRestrictSshPolicyRule` | Prevent SSH access from the internet via firewall policies. | **CIS Controls 8.0**: 4.4, 4.5<br>**PCI-DSS 4.0**: 1.2.1, 1.4.1<br>**NIST 800-53 R4**: SC-7<br>**NIST 800-53 R5**: CA-9, SC-7<br>**ISO-2700-1 v2013**: A.13.1.1<br>**SOC2 v2017**: CC6.6.1, CC6.6.4 |
+| `gkeAllowedNodePoolImages` | Enforce that GKE nodes are using authorized node images | **CIS for GKE 1.5**: 5.5.1<br>**PCI-DSS 4.0**: 2.2.6, 5.2, 6.2.1 |
+| `gkeAllowedReleaseChannels` | Enfore that GKE cluster are using authorized release channels | **CIS for GKE 1.5**: 5.5.4 |
+| `gkeDisableAlphaCluster` | Prevent the use of alpha features for GKE clusters in production workloads. | **CIS for GKE 1.5**: 5.10.2 |
+| `gkeDisableKubernetesDashboard` | Prevent the enablement of the GKE Web UI dashboard. | **CIS for GKE 1.5**: 5.10.1<br>**PCI-DSS 4.0**: 6.4 |
+| `gkeDisableLegacyAbac` | Enforce that GKE clusters is configured with no legacy ABAC enabled | **CIS for GKE 1.5**: 5.8.3<br>**PCI-DSS 4.0**: 4.1 |
+| `gkeDisableLegacyMetadataEndpoints` | Enforce that GKE clusters are created with legacy metadata endpoints disabled  | **CIS for GKE 1.5**: 5.4.1 |
+| `gkeRequireCOSImage` | Enforce the nodes pool are using Container-Optimized OS for running containers  | **PCI-DSS 4.0**: 2.2.6 |
+| `gkeRequireDataplaneV2` | Enforce that the GKE clusters is configured to use dataplane v2 |  |
+| `gkeRequireGKEMetadataServer` | Enforce that GKE clusters are configured with GKE metadata server enabled | **CIS for GKE 1.5**: 5.4.2 |
+| `gkeRequireIntegrityMonitoring` | Enforce that GKE nodes are configured with integrity monitoring enabled | **CIS for GKE 1.5**: 5.5.6 |
+| `gkeRequireMonitoring` | Enforce that GKE clusters monitoring is enabled | **CIS for GKE 1.5**: 5.7.1<br>**PCI-DSS 4.0**: 10.2 |
+| `gkeRequireNodePoolAutoRepair` | Enforce that GKE clusters are configured with node auto-repair enabled | **CIS for GKE 1.5**: 5.5.2<br>**PCI-DSS 4.0**: 2.2.6 |
+| `gkeRequireNodePoolAutoUpgrade` | Enforce that GKE clusters are configured with node auto-upgrade enabled  | **CIS for GKE 1.5**: 5.5.3<br>**PCI-DSS 4.0**: 2.2.6 |
+| `gkeRequireRegionalClusters` | Enforce the creation of regional GKE clusters |  |
+| `gkeRequireSecureBoot` | Enforce that GKE nodes are configured with secure boot enabled | **CIS for GKE 1.5**: 5.5.7 |
+| `gkeRequireVPCNativeCluster` | Enforce that GKE clusters are created with VPC-native  | **CIS for GKE 1.5**: 5.6.2<br>**PCI-DSS 4.0**: 1.4.3 |
+| `iamDisablePublicBindings` | Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | **CIS Controls 8.0**: 3.3<br>**PCI-DSS 4.0**: 1.3.1<br>**NIST 800-53 R4**: AC-2<br>**NIST 800-53 R5**: AC-3, AC-5, AC-6, MP-2<br>**NIST Cybersecurity Framework 1.0**: PR-AC-4<br>**ISO-2700-1 v2013**: A.14.1.3, A.8.2.3<br>**ISO-2700-1 v2022**: A.5.10, A.5.15, A.8.3, A.8.4<br>**SOC2 v2017**: CC5.2.3, CC6.1.3, CC6.1.7<br>**HIPAA**: 164.308(a)(3)(i), 164.308(a)(3)(ii), 164.312(a)(1)<br>**Cloud Controls Matrix 4**: DSP-17 |
+| `networkDisableTargetHTTPProxy` | Prevent the use of weak SSL policies on HTTPS and SSL Proxy load balancers. |  |
+| `networkDisableWeakSSLPolicy` | Prevent the use of weak SSL policies on HTTPS and SSL Proxy load balancers. |  |
+| `networkRequireCustomModeVpc` | Ensure That the Default Network Does Not Exist in a Project | **CIS for GKE 1.5**: 3.1<br>**CIS Controls 8.0**: 4.2<br>**PCI-DSS 4.0**: 1.1.1, 1.2.1, 1.2.6, 1.2.7, 1.4.2, 1.5.1, 2.1.1, 2.2.1<br>**NIST 800-53 R5**: AC-18, CM-2, CM-6, CM-7, CM-9<br>**NIST Cybersecurity Framework 1.0**: PR-IP-1<br>**ISO-2700-1 v2022**: A.8.9<br>**SOC2 v2017**: CC5.2.2<br>**Cloud Controls Matrix 4**: ISV-04 |
+| `networkRequireSubnetPrivateGoogleAccess` | Enforce Private Google Access for all VPC network subnets. |  |
+
+
+### Detective Controls
+
+#### SCC Built-in Modules Detectors
+SCC SHA Detectors are available only for organization have subscribed to SCC Premium or Enterprise. Refer to https://cloud.google.com/security-command-center/docs/service-tiers for more information.
+
+
+Complete list of built-in SCC SHA detectors is available here https://cloud.google.com/security-command-center/docs/concepts-vulnerabilities-findings.
+
+
+#### SCC Custom Modules Detectors
+SCC Custom SHA Detectors are available only for organization have subscribed to SCC Premium or Enterprise. Refer to https://cloud.google.com/security-command-center/docs/service-tiers for more information.
+
+
+| Module | Description | Compliance Mapping |
+|---|---|---|
+| `cloudfunctionsV1RequireIngressInternalAndLoadBalancer` | Ensure Cloud Functions Gen1 only allows internal and load balancer traffic. |  |
+| `cloudfunctionsV1RequireVPCConnector` | Ensure Cloud Functions Gen1 are configured with a VPC connector. |  |
+| `cloudrunRequireBinaryAuthorization` | Restrict Cloud Run services and jobs to an authorized list of Binary Authorization policies. |  |
+| `cloudrunRequireEgressAllTraffic` | Ensure all traffic from Cloud Run services and jobs is routed through a VPC connector. |  |
+| `cloudrunRequireIngressInternalAndLoadBalancer` | Ensure Cloud Run services only allow internal and load balancer traffic. |  |
+| `cloudsqlRequirePointInTimeRecovery` | Enforce point-in-time recovery for all Cloud SQL backup configurations. |  |
+| `computeDisableNestedVirtualization` | Prevent the creation of Compute Engine instances with nested virtualization enabled. |  |
+| `gkeDisableClientCertificateAuth` | Prevent the use of legacy authentication methods for GKE API servers. | **CIS for GKE 1.5**: 2.1.1<br>5.8.1<br>**PCI-DSS 4.0**: 4.1 |
+| `gkeRequireDataplaneV2` | Enforce that the GKE clusters is configured to use dataplane v2 |  |
+| `gkeRequireRegionalCluster` | Enforce the creation of regional GKE clusters |  |
+
+
+#### Observability
+| Alert | Description | Compliance Mapping |
+|---|---|---|
+| `auditConfigChanges` | Ensure log metric filters and alerts exist for audit configuration changes. | **PCI-DSS 4.0**: 10.2.1, 10.2.1.1, 10.2.1.2, 10.2.1.3, 10.2.1.4, 10.2.1.5, 10.2.1.6, 10.2.1.7, 10.2.2, 5.3.4, 6.4.1, 6.4.2 |
+| `customRoleChanges` | Ensure log metric filters and alerts exist for custom role changes. | **PCI-DSS 4.0**: 10.2.1, 10.2.1.1, 10.2.1.2, 10.2.1.3, 10.2.1.4, 10.2.1.5, 10.2.1.6, 10.2.1.7, 10.2.2, 5.3.4, 6.4.1, 6.4.2 |
+| `projectOwnershipChange` | Ensure log metric filters and alerts exist for project ownership changes. | **PCI-DSS 4.0**: 10.2.1, 10.2.1.1, 10.2.1.2, 10.2.1.3, 10.2.1.4, 10.2.1.5, 10.2.1.6, 10.2.1.7, 10.2.2, 5.3.4, 6.4.1, 6.4.2 |
+
+## Troubleshooting
+
+### Custom Organization Policy Concurrency Issue
+
+The following error below might appears when you are trying to create multiple custom organization policies concurrently. 
+As per October 2025, a bug exits providing misleading error message `Error 409: Requested entity already exists`. 
+
+```
+│ Error: Error creating Policy: googleapi: Error 409: Requested entity already exists
+│ 
+│   with module.organization-iam[0].google_org_policy_policy.default["custom.gkeRequireVPCNativeCluster"],
+│   on ../../../modules/organization/organization-policies.tf line 105, in resource "google_org_policy_policy" "default":
+│  105: resource "google_org_policy_policy" "default" {
+```
+
+As per now, the workaround is to force terraform do not use concurrent requests. To fix this, you can run `terraform apply` with parallelism set to 1 the first time the custom organization policies are provisionned.
+
+```bash
+terraform apply -parallelism=1
+```
+
+
+### Custom Constraint Deletion
+
+If you delete a custom constraint, any policies that have been created using that constraint continue to exist, but are ignored. You can't create another custom constraint with the same name than a previously deleted custom constraint.
+
+See https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#delete_custom_constraint for more information.
+
+As per October 2025, a feature request is still opened to fix that behavior https://issuetracker.google.com/issues/434909712.
+Meanwhile, we recommend to not remove any custom constraint created except if this is certain that the constraint will never be used anymore. 
+
+If you need to cleanup Fabric FAST Stage 0, and want to avoid issues during next reprovisionning, it is recommended to remove from Terraform state custom constraints to avoid any future issue later.
+
+Retrieve the custom constraint part of Terraform state
+```bash
+$ terraform state list | grep google_org_policy_custom_constraint
+module.organization[0].google_org_policy_custom_constraint.constraint["custom.accesscontextmanagerDisableBridgePerimeters"]
+module.organization[0].google_org_policy_custom_constraint.constraint["custom.cloudrunDisableEnvironmentVariablePattern"]
+module.organization[0].google_org_policy_custom_constraint.constraint["custom.cloudrunJobRequireBinaryAuthorization"]
+module.organization[0].google_org_policy_custom_constraint.constraint["custom.cloudrunServiceRequireBinaryAuthorization"]
+...
+```
+
+Remove the constraints from the state. You can do that for every constraints. Do not execute this part if permanent removal is needed.
+```bash
+for x in $(terraform state list | grep google_org_policy_custom_constraint); do
+  terraform state rm "$x";
+done
+```
+
+### Security Command Center Management API not enabled
+
+For organizations not using **SCC Premium or Enterprise**, the kind of error error appear when `securitycentermanagement.googleapis.com` has not been enabled.
+```
+│ Error: Error creating OrganizationSecurityHealthAnalyticsCustomModule: googleapi: Error 403: Security Command Center Management API has not been used in project 111111111111 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/securitycentermanagement.googleapis.com/overview?project=111111111111 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
+```
+
+In the case you do not want to use SCC detectors and do not have an SCC Premium or Enterprise subscription,  **the controls placed in the `organization/scc-sha-custom-modules` folder need to be removed to ensure they are not provisioned.**
+
+In the case you want to use SCC detectors and have an SCC Premium or Enterprise subscription, **ensure that the API `securitycentermanagement.googleapis.com`** has been enabled successfully. 
+
+
+### Security Command Center Premium or Enterprise not enabled
+
+If you get this kind of error, it means that Security Command Center Premium or Enterprise is not enabled on your organization.
+
+```bash
+Error: Error creating OrganizationSecurityHealthAnalyticsCustomModule: googleapi: Error 404: Parent resource "organizations/1234567890/locations/global" not found.
+│ 
+│   with module.organization[0].google_scc_management_organization_security_health_analytics_custom_module.scc_organization_custom_module["cloudfunctionsV1RequireIngressInternalAndLoadBalancer"],
+│   on ../../../modules/organization/scc-sha-custom-modules.tf line 49, in resource "google_scc_management_organization_security_health_analytics_custom_module" "scc_organization_custom_module":
+│   49: resource "google_scc_management_organization_security_health_analytics_custom_module" "scc_organization_custom_module" {
+```
+
+In the case you want to use SCC detectors and have an SCC Premium or Enterprise subscription, **ensure that the Security Command Center Premium or Enterprise`** has been enabled successfully enabled on the organization. 
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/assets/diagram.excalidraw.gz b/fast/stages/0-org-setup/datasets/hardened/assets/diagram.excalidraw.gz
new file mode 100644
index 0000000000000000000000000000000000000000..48a1f25bbb772eb8b8ccf6d7ab2db98b1fdd7315
GIT binary patch
literal 2810
zcmV<W3I+8aiwFqiyX|NI17vAoXL4a}E@gOQVQgt+a$$D>?Oa<|;z$>LpI^apUWat*
zo|-qn3wQ-lQNR9{D<lCTA&I$wIII8rR1hIR0zsua-P6*m7uF@I%id?7I#uOAe-sLP
z!PqtS{x0kp&zfqPx~Goz{)*CvhUc4(EwbR`ci#y;ZBnuq1g`)0moKWX>H}lo*iz_=
z!qPL8M@C!H9M6@yj?=Xa@qO_6G{Z6mh8_5#{{O`9g~C6R|6}hDjOSodc9J@OJK%IV
z_1v*1En!$e2r)j(H~oF_qQKBaW=FMrW1gc=`uN(42YLRYj%iuVU~IkiOx1d!XUuc`
zz;pUW%hZEj)Rd+4Sv}toBR8+*IbpYF8@|6#$8lB748~EKEYDI^yE}QtJmp#ZRs<YN
zj8hrPL}m(rWR@L0ph#i~uWhL~mg7Zj`BR?!%v;k|wSHGL$<}9O0#CJlSM|hL%*&0Y
zy(EB23LuOVg)11b`I~x%+3f|Q2#&qon2a`nD3%z#&aLT_+5UfgSZsYdEOuyF^A<)K
z2Qh@q>x8bZzRo9LRK`FSQ!dN%H(93LUw)kBX#E5TbR0WqnlI5{Bf5}!s18hPyf9f4
zG>Va`I0M%*Re`rcRrPekHuOS8RPh|k-&-hMvdnIT*F8=2!tfTL9GHSzvjPKC*R2@H
zH1Ryuv<<JOFL%Z9%&uvx*40+c5rbk>-{uNPF|4#z--vRfF@TfAZ+|7z(KEE*6`Kj1
zL|k4@ed8nqm|(yd%1p|uVuOH3@<2&nz8|1-Mekk(xhE)OOO%AMI`5$5pMa=pyR%A1
z2onexvx#p61PTCDRusGi3*TmaKJRFn@-3a5vpVzIX=Xe&%Pp<%+#Gmzt$5q3m5QSd
zrQv9AR_@#M+a~7IILJ3Je=WY#<OXw)25ru`z_kKdW@smOIvLta5dCq$CP<<bP{JXW
z8HAKB;v7&UAxPNlLq7uhwMqmOC|-pSP_P0pCTNui5K5GQ*at2X12Y*=fT6qvFFvMD
z+h8<Foq!?%82@Ays|&BI+UAQI2+$Vl0vVcV>`0|HS?y)v+R(I2iUsHg6pP~J)HhmF
zF=Y@zkX^BkA8Hp3`dBwB=qMb@SUoe!X|&FdVzF3}ohp{_*d-;&ZRA9vaMg9pxpG~$
z9vwJV@!_y^(PA%s^+63E@~B)&D#QU2-Z>+Plgt=T?sdMUiz-|aU}AuBpzyd}%#@3O
zn0D<@xfqck600YqAf|Ac!c{i>madp|RYE^-2GLqZOofn{U{|`e!FI1KxYo35_o4+-
zeNiAYi~&b@USboYn@2+z@JFNUG~|;Dr97-_#oVv6$a3W4qoUPO#UtS_yUa3LeM>2|
zi!aSPw=~4It83+P9>t3CRA>{i_5d;j*`b}>>s*T!VY0*_10)KU$bc-bvKU@ehaGAa
zLK47)a+w3hX`<(biG<|%XT^*A4{24iQYn-}(+Y~F{nc((OND)bO)YS|U5VBP)4eQO
znHrcaNXS2+UNQe`Ig$b)B2Z!3BPma$F<_nYLs@?rXh*%qG3Pga-o=Z5_KGW2ykgJ&
ziNz}zT%2}_%pYFEuyK9gwA|K19>t5GbiWKz%mngLcJWH?b*{yW3(3I0#p`Dkuj!)Z
z`)Jn&%blcMo7%T?>B5LCr_Mtu49h@JJiB&XH=ctwysSC*N5$r2gZbfcc$;_aTG?{m
znRbx`?TWYWClN2}CA6KB0Q8#W8$Wm|!)k5l=1{ySO+8Nm2uDmPSaxV9cRJVF1rU{Z
z6q-{oAOtdm7jX_4lqdp(DO@Nyjlu1+wF^Qjj5vz^(Zz6OT)JRNV}54kl1aQ*S*7dD
zw1ryO-GXWf4e|?-vDXWZErh~yx`lxec&4^18QWmQmt`!qt%)uD3_(ldJ7cMl76!2_
zLkPEsA&y%$7(Q3ZXQf-?wA?v#$Y}qklQQ<9!&B)eH7Jspuq!g=g3&m}l)0|q6<t#>
zBMb?vlgQw?ez`}(%MlrK`Uu-srM})V+t0JbQ7(y|nb^gG)AkK-sJ2Z@OzM}fc9dN#
zsG)8K702$F-AYf)t>H^!bzr?^YZEu|(y@%BT-S3Rg^zbJ5)}4(ru$lEp@<|&U+u4U
zip8*uPO!#a1df|#EY=?3%1vjpZC@b#em5G?)CiD}04@vEZ*h3@ph!x^$C~qu4_;bV
z-P))|LH>8$mu(OFpz*;PH991t8_gqw#A83p#s|s}a|QE_*2nMmTPNZ0*l!*9ZVMgP
z`*$bqdh7EYeeYVc7*?LVYi)2+^$ux?`d3aK14jx>_q`P%#Fzn)-T6-Lb<PPPyl;$<
zEPPop?3~9A)4kFIFIb|_WC(yv0tj&-(_Abhh4a5k7~zq_1;VVvP?;i>U8ZCQg!!>@
z4P}Y*<gRaV>}*Hg_XgX)?zGvqg7=ZI5mD0UO|SwH&MtP3y+#A$U{vxg_qaB)O;+dq
zymPw<m(&jI$kPT%`yD^>WZ7DBQb2GVgu74{h*J-L;pp5lk4MHgfv*khm&^Noe9uP1
zmwvn1td5TJ4?a;uLXqJ@3a2;<@O&REa$z{d_yR~Fl$o4#NO={RL<S6SLbpNY2lQb}
z2qx=8Rz0YD#!$4%92y_KD)Zh&*4idy(*fmu9v)8JIY7~gL&&$-IA|Uo;;?ahP~oHc
zU9-}toV}PR_dHy=8MCW!3*iy~!muG3CvW@#<=xSi`_r@PK4bM(t)`ahPfw@Mr|r``
zyKh@XTfA=3ou0v;#~(CJ^dsV!C^t}TwQG0_0R+``4O_5mF|5!wyHBCvjTeIz&cF?W
z#e&^_K7uc~?0Yto#MZ}R(pR0SxAh1o7$}Hkj{u)k`1O_A>Dv3)vi#=3z&zLUAB9oA
zQwW&IND^8b-JgO$=82bQKM(`Hgx6Q64NZS2SGxDUd}mhOJO5X)O0N;lqBcKj{be!u
zDJ9W#-}KeCWt2Tr?;3T(GY0~^UQ+B-(kv&`z0jUkIk1PO=h)F$+^C)zCDqkHRJPYu
zK6cud##3l|Mp+mZZ(It4p0F~nYt1|uxL<x4KP7IR?!Uq1)Y;8uiYb6#i<`~xsOOyf
z9T(nS-JYM-A5mGkI>@`NRKAn@MgWmG;FK|jlK;xU2i&*nK(TD&5!`7l?fPNl`{mKC
zx+6nL7^bmR-|h{iuW7|8%l)2O95{Mt#hjT5#X6y_MO5-{z?5e-yX%Rb)}j@cFc>9U
zKXp{StXk1u6Ik?i-bgyFc`&J1vaBml?Q~3SUD++(G9`9tsG3$}H42VxjSC|)=oOlk
z%9pxu)h1sKeuNeMZ;$bA-BFTiVug97vVw@5-5)*g>Gy_fhsAd9;-sX~qcXATdAG4-
z`C$0YmdHRtINGhil!#?OLToC!?au*4Q7{Vd=-|S8ZSLbqyIQsRjo%nIy4SFD!p^EM
zJF~emQCJ+W@3Fa9iguu>03@IU0kTkNjS0@9$=V6U@%kXx`puBo?T!_i%TQ(lm)U7v
zvL6n~ZIj;UwZKt|&y_HIYUZ8hfPL<ENZJwF-`gR};6or)V~`ktC<>b$dro6msogz!
zJSd;m4y(psT(YgaV-Lwd;#fcmVhjY;zSqv2LM6z#BBTUU7~Oo&gv?)gJLL5O!;jnz
zS=WNCHbefH3i+Puy3Ih0>dZih`7-slp_x8oZ)h5$a*`dJ{6wz7gx3*+jESxJ_Q$t>
M0WE8w^^{Nm0JdOyaR2}S

literal 0
HcmV?d00001

diff --git a/fast/stages/0-org-setup/datasets/hardened/assets/diagram.png b/fast/stages/0-org-setup/datasets/hardened/assets/diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..24e8aa35133c7cb4c3a2774bb90b1b775c950ff7
GIT binary patch
literal 266836
zcma$&cRbYp{}B}`MHv|tXOvCZqmYr6l#v;sGLB@NEhCqek&$tQ(lD~a#U&&2lD)Uf
z9%rxny^e@J-_Q5^`^V$ly<g+G_ZxmgRsI<18PWp>4jfZdkiB`}z>%T@2M9-x90K2{
zKg(M^aNxuNMcJ#joCqemN#dY(-Kg1K?W{LH<Qhs@l(a4?4OOW)JkU_Q!>-hxb!vtB
zb(lYI-m|dWu!(WXbe}m$`wNz=TY0Gkt;f(fyAgNXl2C~Vu0UX_wkrnbnh+&`iJM+Y
zo3=AUCb%17YG)I1DV~I+?63CziRbQHKXu~@0rB2Hudu{%uL%d`jDm-77xq0qsELAe
z?E41ncLhTxEQ8;`OO=wh{Y~T4JFNQ7j(*Z8!M$5=eZRf`@0;+-5i2{;CJEKw-P*X8
zk-+8l&gz|&UiH*AetU1uTZmuOy;Rw7fmf4=KILz)NFNt_3f%f@8>3rCq9^!M^S@S{
z{?8EaJpm6SeiM2XLe`?dw?+NhJD1tQm6s}o4fo&Av;SBjtiJ(%k3I$#)gF3W^ydmR
zy@d4!`_T-pCu)eIy||4})C>u@ooilR>TmjZQ+~=JG%@H4m1k7cGIX<d?)RmxSl5f&
z`WZDr8O?8cePKF01>x?zc&s#G8zve_0$t5Na2rJeJjIww)8PU3(?u<AJyr1x_3&d_
zWDhoBDH-iLA~0HjNucBS<`B09P?ECIQnzEqrdw%=2BYiDS9L+rr%9fK-`I?5{sQ>m
zY2J3zS2rW++z5jec3`71C3Ng{bG)3Wp(b&;-1hX$({18-pIGkf-PC+hJX=B6NKCDF
zgCS)6tm=P4iP3X`OYNr5ji|Kt0CJAd-P!ou^+@$AUOFc~Sz}0R`6>f(1tafM62`jV
zq5}IE_=;BysWw<VMr^j8!M4yE^c%<9s8c#&V>`$4>X^!DU0OLWsf|&!Q8L42>DAc~
zkGQw0@uGne_HvCp$QkJlXvqczBDwz<Lp&dcIUfa~UEO7^k90V<pNTVnu6D&s4`s5&
z{<hpkSvA5Q2jYr<^J5@20Y>B}A-8I9&gYFFAC#u9)eHBza740Iez)LcZmR)v!*KM}
z;5rtqwl-A+6`lVf(+H5XI3MD%Zla8?{2CI6^1!Y2YMQHw&&rOs9o&J^XoN6wmxn8!
zdRB1{4oZqCZQa6w5YOLU=P8^vS1>NQ^Idl61<@s0uT1WlHj|Jy>yr>IJ==0^#LrJ5
zC6@;3gunH?XL#&`%0^3ezI=+4e4y@xXUN)@p1FI)<W&-pvcu@R&e40PXhaEgZ*Ify
z^_3(dAQW3C)Z2FkaBGrY-(n|p`f};obV*5T0h=4~+|ar7Fy68r6|WeQAp}XR$L5N;
zX4g1rZJ6haz1!orqX_^~b95?Q=gtl<0Wj`(@wb<kSKVRtHqm|sWd555ZRYD<n{UUM
zTUwnae@Wq1)H>Xjx*OMemWt;C4A+g>Y0WHjS7P<4w2i#lMXAL0FwxeXUwIS9b<j`&
z&OO>I{xto!u#pBPqZ;JT#@7oE28K>NQeL=h)sbT`Xm6WEEiaGI^VnDzRWe+?DT-Ui
zia94ZcG=2be^7Ditn;tev}}wEC!OZ1*fbu<rmB5yKk+NM1k-BZVzouhp{npk!A{F?
z1^1X^$ud2|5f?P>SglTnQ~4g=D@?q`gbvBzDuM0<;renoiAO#=zoPs}*8yWHyG(y^
zymQz0^iK*U&d{FKmi)JuTlEAcKYcqsYI1f>dvy}(A(l8uOBsLp@Mx_5%OebPXm4`K
z=z0-MT$#I>Mj_y@#yb{iFM=f&+vdH<UC-%1s$voN$ZwX>`?yiXt)k}woY;+3kjSfK
zeVE7X&V_Kp)l)PBD5qtYO~9V{O$p9p?;o!WN9EU7&UsaFo2*QUIQ-_uU-t>vb}UPh
z9O_<_x*Z3-|F#Ikv-Jg5M54ZtOU32283*K4U;LO1^;qj1ZPA6QEcJSLtd1MvUZxk0
zeQ3E?FFKyul6hEw2rq<#$*^0SQOn5F=4+GrYLyI*dKW28UY2i|M;z&L=(Kv!ZW^U>
zcJ;^84;%W9-ObbAxr>(v$_QOftzr>4`lk%J9<$}t7L?ry?yIB0FEKY%M+(Q&#~Zs8
zzO<W)Z%ClS^$&PVWLCBXt#IL%%4!TZ=lG<~vTbSN9VPx-zPv*5ypmi#sRp=GK@l&4
zMolDLuGqQ<@83jTPXUNgu9VBFD8X$^$3)UWiRXM3M<fBCWPi*9GF9ZvQO{RNui<89
zGM<*7KCnsSM#vWb_$CL;7XqF}X7*l<L@dUbC%{&@q%?WvBI(4dXEA6P%nFHUl@Md@
zzudE#5LLyE7RM^fi#y}>fCVG-Y*&sb7O=D59n|7Jy9B;c1QfXYB)2_^$%x@Mg`yb<
zU0>b{y4-S~YX)PYZ5CrX*EkkUJpJvsSgPn^<x#KAo{5{q3_d>30HIvvOhe>?uEeDB
zx0P{Au3dh}D&TYQ!O{vtuW$on4AJYkv5$ruWBiwrF@v+yu$YOtr&8<ZCFZ^}kFJhq
zr~yFCM91DGeaL??JIxh#87+ldFN=NVcgj7QZoIZP`>tFz?Dws971${nV#04?MB(~=
zt*tFPTER=5YX<GHDUg<3FX~32?>^&wHrX8ECb%)o<DuB9XQy(<<}0yFoe6GZNe#E!
zTH;(@u~wDypwanctx&IP8dm7bs7l(PaGPnA{!f-DJ&Kemc{oar&Z@}*0x0F-5+B7j
zZ0;Iq;5?e8ARi~S`YXw8By)KnU<pneeg4Lh(4&TH)bZ-CrtVW212|X6c#zMhil&PV
z9<s&RNITbA7=-t%)H}Wnai33m0N8U&Ks)SP^*;((xb+=8tH6eEeUu@ZH0x9LlO_u4
zKti&#Bhp(c=gQL~!pDHlqW}W$=hGm!Lq)I53n<LvY9Yb(DaR5eh;gmhG_pClXJg8-
zmDN<wq209E-edkq1e7}3u3p52`;v!s;pp2@j1&%b2MBbmxxgmvck?8(2*wh5W)bY%
zF;dRAORc!U5UHN=IlA8E3Ik01Bk4I^k*Iv+Fqi3fta2Y-g*vp@3CC4&$8Rph4b@Cd
zP352^*S3sQTEWOmcu96Aw8V{k>YRHE3-nmxsz0^9kr%NXQcdiSe{;jg;YizWKg|0i
zkQm-Ok-L7JTnLIY#3%pRjL1{uYePV-QHg1o8smpxMJFBimEn(r%eFwuD_^g@MG2tA
z8`s;hXbZ!&js))sj9ILe=9dc?B(`43Wg=5PSG$JpP!<zourvWx;~Jf2@qJbPMquH(
z4QKgWtg0g}xK(V92$dA5)uN7iiDtK!Y%U0p9_?38!AW4kWk057UGIQl;v4ge7t-bj
z&*Fsj?VE3VQviE-x-ms^;r-*Xlk&+74sCaD*vl8%tmq)UiramYYb-Lp2r_uA&prT-
zks6)lr>nXBa#=qV(BC$Hlg;Qmk>#!jbmJB9oL@$t-)8fQPo6SbSG>GPT^BwYPTrpX
z&K#nAcICUgbNO7jieNiLN`<v(en4RbV_BW=En5Zf&0&R{tr&IbT{BqiC-;b!T+9q9
zf5Z311K5~GyzVUPbjK6@7I)Kehewd(-9QzME|uWi7T^?AHitVal(-CwgG^rgQjO)m
z#~Wh%jWnp6#kf;4x%+H@;Vp!v&cpX_esUPhKASIW{lc9Fl<#OZV#5-s-|U}uXbB-D
znGZ@`+7@ZKhq^`rc#5^Vm8b@w;7*bVRXQ6P8Eu=-i0rvEDahAjt>)>X8`CQnQsVgE
znI9Tga~+@@{go7=id*u)X>F(!_WRLMOitu9s=n91d8P#CS~2Z5?P7Sx7|wE2OG_))
zW7?%xm!(6`ZJ}9anJ5qX%v_+PW2*N;ME|4)a8j;amJE9je5TwoUH9V>^FJN~ovuX(
zE$a_gjd0We>Q7V&)xI~LK{?@dwRo=^MzWYFE^XTc#T-CfH2x|gJ?*|!)L1J?ocZ+-
zo$TyG^nkrRZ}?fr#pgtsoz_LS17<myvW`@V1k7Z=q~QynI&2>!L~NPctodM}SxXIR
zKU~ziVSVQQO>&a64ehlQki@S09S9(UqriYUF9>>iasRq$9l({Rkl{MaK?x_H296sg
zRLu!!3JorPatC*E$z`Jj`m9f4wgY8jk~2E5e5nnDC-ZyV;l97V=83e;4V!<_p0RE{
zgjiewdv+8ee_rRv4VItl6YE`3T^(YRim4aJ);<P2sHI3y>wRrATvhb_bz_%Gv7S(c
zOR)EYACw&0foEjiLGQulWYXkALP@a{=DVC<vN3sEy8cjI$%Xa$x}4CLggnErATzl!
zk--&z$#$$GG+4xM6GuD^92ewQ(_XhFmGw2RvQu4$imVETBS(S2YB3Q^;QgOFu;CYt
zH3o}WF@iGEG)w-)Y-$N{Orb#=FSHC|6lnVE%+GGlJf%e6C_02&L3_Lf=0tpUI&7gu
zm&YonLGJckmDgd$=qVu04$aQx2;fr~VC)fmg_C)mKffM68yBf-U2y5a&*X=$>pe>!
zqT{<jDA6ACl!2#@XvZ$>_=Yrx31x64IYE4vo_^eQ;^e&sgT>NYa{$CpEgZ2+hLLS4
z(^*`utB**?po5EKcup;U4J7Q`a>lSuAfii8R(xZ=krIPc^ea0eng5)vH^&0{$u^96
z8Chu(BGCf9EqP7mQO!$>^cYp)exI=*rob-^_ivHGkzS@|iaaX=5NOM<{BHyXu6<sI
ze;T+<-sXx-|5Qo}7kY{WoUX+AonMgZ_Tjc$g-bmyjp;>GFBjX*5%V+O$d^7i{J47f
z4Y}JdnNiP!%M70n@8klGD<F?~y3`C<XGoV<smn9mcAFb((oo|{Prlgx1nu+bey#4|
z)l=+*5b@C3IX@xfc?P>$zVhaT#YHP_PpoE~`1^NiU(X+z;T)=)kD9nCNjdG@S~T~;
zEjY8!(Fl0z85A%lGBT)Pf4j-uxa8-OFU%<VBwYvTdZQKJM_7MZXpv1Mf%9#d$QL2K
zlz~#~{p4Cu@4I(#y|_)sk9si^(og82q4!U}6FFC427C&ISnI+EFMKqp`qL=a>znIb
z-XXMB8LKgYYNhLdY2Q<vaWXlCV2u@r@ptFstwRZ~x>vT5F9=3%CSd6&OK_Xb=04Vd
z&kRl><A>s>UCm##Rg|2S1YubUUWRVdZYFR7=dPJgYB`nBBZF6JsmqQeH&5%!*zL5z
zxmVpHC6tJjT5}4IrOp@dWq{xKNPUO)GD+i!v#_Dii#pKEaw?^wi7cgoUKZS12`-i!
zIa4~8Expc#sgqnkCbcpYzNXT{fncCGFv=`AW`eSdV(ThjD3mZAAE?+d%R5~6>k<J*
zz#W7_v{FkQF}q<U7Xel8fDch52<gOBJEvAAzDX=~g>!$I|0&B<RxdW)mB%@(jWQop
zp|m0s<oWbY{s}SE#mFn0_RJ3{&L7#)%f39W=VuM4qZCQwu!cn$C7Y}8a<l`K<lJ2!
zwOjM~-(eNB=C>4iTq%;e`=aIbbb;?PIKwgtqdTNX!Z|f3cwmaUij?zV)@P-x6VUj6
z%F7W93T(&+eIPzi>IKol2O&3E1}YVRI<&CWq~gqjC~awqnqaZ1wu_xpo@<J0lj)QQ
zL907VD<(kxhjV&^3hXl0xGn`yD`tI<?Q5?>V@)Ij!VnobKd-Mm$S~>oh3dSm5V#D4
z+<@iQY|+<FEvH4NNJUcG+E~@82b+?|ha`s%p646!KD%z@JOF3=FtgBVh;RxxUcv^U
z&-6rh8ZB>_T}5DmpA73>cM3l`>p+LdWh(GfQ_tm~v>jpCkhNq-Xm!wkzyvxd+(G%3
zNOTENL_2*uq<9oK>rtcW=!#yV&HDKQULt}`Nm+p;V1}+y>qiu?)Il|&?#`W^JuTOl
z`?y%vzXZd|63_x5Ot2s2g2I#rmL`Gz`PlPWI`Qa|m(cZ4BI@CGtRUZ_ce@i=Esw`a
z4S`nwv;_Pv@>qau4Dg&JxeA8Da;uz8lhzrSGtFMy)>Om?<ux_UuuUCtLRZ2N2|C==
z__T_p@SKix&+@ktflUyyK_mmprX?4;_p*>t7pbr<@C#lI;-l%$x??^&zj|#FYcE$z
z*?(#`i>;ea<8BxLW<5$Fu;1#azP|p+sa&bqGRlv>ic~W$`qA#Ci9EP#tMiQpVqxsd
zJj*)bfn*S(8BNL_voJQpPrT?(UZ<kc%t}UG7G+rmN%^Z;hu}mf2e}A1Z&bi0bW%B~
zJ2aks{IV1nRO~G8Qm^efA#%Oh+-*R(7aK`C5pB+h4$*n{2I0l2JlArdCvFy45H4uq
zVs!qUGG9PKDC^yZ%L6M3=0m`;*T^*UK~2xW--uSZfBIhkrB1r}?n(>%qVUGyr5GQE
zFygmQKQK%__xxroIH~z{RLUt_*;+zE{GM3Y&AEyWw@sgWCn<sxIZezm#p<yV2($j6
z)BOpC93e1Ch0TkD_86(vhLBYsogp)V_;Ra??*en>JnorVB4Nzz@;^@v4mhT2d5yA(
z9|R`c%D#e5<b(I9l;)iWZ${<a93h{d``j=%f5B@g4R~6~$R-RIt;_=QXTuE%^XRZ2
zrS$jnt;GiXnLqek**rAd3L94|GQYqh)Hay8xD<EqwQKNf>SC05d2GtN?C(qgkc9I+
z2g+fVfE@7N65;7-N*VRHUEz8!DitmbO;eN{>~aJY@BKE{sE^e5%NMW$y0n=tZBB3?
zx`b?HnW?_SQNiha44ZK#8dvecz5rv7<4)=VQG7Ue$@<(_oe1)EfKU}@;jhF8AaN7&
zw);<_b^avpc9PJO(Bw7<?=qb+^!eM~O|}e5QcT*@x5$+V`TCp`qS+)&z9aW);t_;g
ze@Qi)tuH$Ixp;UKX7a*1HP&^`R~YJVr2gC&*5e=@Scp{j8f?>UVpI3A>q$p>NT6+t
zH^#I|s?{`HpCxPYinW8R17+0#op;Uw%KA)d#lkx7kC?`=k%T>6SF^r1YZ)^1w<Hj6
zs=1A6xb+-IJz=kskXma;{{%5tq*Kw=TTGdrqP9KOxC)`-OnbQRO^SOhKnyigr##Dh
z#OpiBoH%3{nQ48|{-03FkBG4~876TEOr`5Hcz)baCfaSv4vrQIy@8VEujK3)F&&$j
z8_#~Uo+7pJUdz76=bP>+CuTC}MWzS+_8BhvckaLTrGTpVmvW?kHn#dngXV#sjh5G0
zM4t9hBaXLk(SeswtsBhf@K7YNw^|RvnD4Tb)Uz2XL<}@4aav<V(!e7r&It;Z1KD@g
zH)ku)W=K9gjhS5RQmd%Xj*1!``=I6k;=i?@&f{rO)M*qa2MSo=qj7fiitAGt-|F7?
zubm8%HeNf|7tg)OfQTn{JGi*B!88<##${;FT6myqWKSo^^h`7wGSNWwE`+CDmyvu*
z%|~%-!0FtY6wntJ)B=-_<BI!xWpZk!DLgO=-wXPlkbN+ZDyfPvVU7uME0}%H(^LGo
zRp0S8^ya`cG443?1(s_57T|h`=z{>}<cGzT*a#Y#({Y>L`CSn>gO~2_olWW)9J@}Y
zOl^Bl(U%D<{%{pLZ#6!PJ}mUT|H3O&+X<Tp5TT;9DU1lj&q7xUeAYXZMABVc2m)L<
zDWLh?4i7*wDfJ~wMWQg`n(_HK?3gt6Fj+71YZ9z&908nw_o5g|4o(V9wsLZchi%Vn
z?5hdQ?0GljV`}*%^d^@x24MjtgPT8|O5Q3TIE?59##w$Krz70;2E!$fh>E%!2oGcK
z6<-kZW8uEt{&%HsqJTM##d}O;x;LD%iJ%|+`6qPrFjfro`JD<UsxxL4U*O}L(}@`-
z!6I+%>j~WCCBi}$yB!Tn(}IYNC@w1y_7^+Y+q3js%C2N|$*CR+$V)TAdO~O<H-3s+
zZhY&sbYE>mXjYv(c`p!Ib*{c$Kyy*%OQ@3uccFl}o|C2%x1!&Bmqk|P=pW|7Ik#C0
zKN$sIfFk=TWyN(l^}?INg*>l$Al?<OjKsQpQ8bP*ja0-t8a=WZgZKz@6ojAl1MOcU
zFhyEkBUSEelTl9C3gB33auo~6h3P3gy4bsUb7@^LRsrH4O8<?I4*LCEs3#^8+vZ=+
zw>IZ^h<PCM*di>*S!N+_b|rppnslV=u(BfSfMXQ@R(t{H<2$sto?uind&Bxo=Y5=u
zL2!u2;TcC(q4TuQ^Is3~g;mU9=Y(;!YA`D^jA<eX;ySbX8-0n2+TMGcc?|YV>bd24
zU5{#HONV27=HHg#?D5#jk{&n>&4vrH+6Dz-*H^yd+@y^eOpRj!mMJ`@6+Z>gxVTR*
z6VakspyeOd#IA`5fs%(kf$pD#&ekUy27Kuxc<smgBpZX@$q!yq;_Ce1Pe;Tez72&R
zH+6Bn;|1~OXT)&&gx{jTOpHr5l$I`3u_5BLJyVnmGS5{@o6?40AEi%j2DtV-=L4a^
zhYn!9V-=9+&%Y+U<nig9b}<X9VHrLl@$${;CP*J(bDkh|-q`;Xe<iW{fH7~gV6K{D
z4awpifK>E#E3V@dd4jeX8dh}jw+oY3i0-!&f{4q;ZG2hkso}Pj$dH+t$VRI|1Z?7<
zNPQn)Z7O}3n36kJFsw#}zH-xtQdI%@#?M7<fP~~Aviy~DPPDMC@h#dc3FzDN@X<Gd
z--WS-t`%?BWlte~4loYJM-A)rO<scq-aFC56k0hq_?hSAU;$e{dwu8Rg>Otwn?)!m
zCjknQ+mK_Nz$=9hQS?Y=gZT6oT+`G=Ji|0l=w3ugthhjz21Vs^H;b(qJ{A?vfVmm3
ztfWe2G_(Lq2Fa9-ohXQ+nS);jtg*UWDV3n`Yq0pPazWd2EFV1-at3IhalKN1iIOFV
z)oh#%BOO#8K3FJ0B7YJcF2~f;n~<L|)C!xzVjU{ii_ULKghrjW^_|6dOk>9(88hOu
zE+=h!R>N>&&t+eJ)?AvVq&T(`tITf@QL}`k4G_99D-=;;wUT>RJnz9jGJC&Vz0@zu
zfSh*oqz&&*0t_`nHlygbZpVrYGMXEzl4+U6XK+4pZF0C#`M3~Us45usaZ%gCWyyP3
z0aGYCvr``Nuhev>81>l1c-)lKqPnxvq#9vvD;aEpE|pR|Yg^BlJy+6)tAo0Kd(#q$
zi&~zf5~0?A+@J}g64GU>^OiX-lDuM9A(ayEaL0MAvsaRtcjFhx_fIY?MveBD(aDcd
zoEQ+b3mJ4pyXyED;&W0ntg)6iCkN%5I4~}4cb~p-fJ*gIUJ~lEky(gg?=hgTDo+r)
z(8MzFoaU>s5XnJELIi6Q4&>}&KcA&1A9ldRJJ#Q{n?3aOzE2rP&jbYqf?J<?DwVp?
z)BtBopec8rgvqED`y&ipm;0Y$8*k;G>-l)a;buqpt5QsG7E_u`7($`xKJnYLGeX{K
zVJcE-4)$;sy}tG#tk(JzK1{nkaI1PV#QZtYd(Mb~f*KQg4Tp1R4%4S&BFv#dW!xS2
zm}i58PP~A#>M`5G)eLRBvg?+sI)%;Rj@6w6{z&iVhRr3UE3;-gN>>q7D6%i+jJ&j1
zbpEChvwrJzwYyEoz$Hm@Y7Fr5B9p7cHS>ZVxPK`boa=QIN34s5<Y&xlWqka|F<X#@
zJX)n;n}AzO?sgi9g%+1hpN2nLDG^ILwzz(5xKUkfGDqVg<<RG;w>we#cE*PH7GWMJ
zD+2%JUR3*QYs4;dSW+4FbDSlFYW9~9O;2ZEfUSI`$I?c5MR<(Fm{TAGo@F8V?wOJK
zspnavJ#5h_@^d)ngh!zelrdA4K-ruXs0^g3(4Win#=VrR9trqZ=EQu+MUd)Ndz5a%
zg!G((6Sj(KlVgLu1e4&xD(OfGK(w&0IvmjsigGtM<qjBUZh#s>;5P%8p0{&(`Crmb
zGk^6X?mSY)=2OZwfKMUPA9n`Hz{;f$-@c5UzHe6=D-dlGTa$gt0EDp}Ef^gL!80^%
zykie+6c{tR0r3o!?x{KKy1-SZ1mI-kDvILkM;#!wf&GwXLY1lb;XZMe_Z%$;b$526
zn^bj>?`|#tYaWCyAF85&-E}`3BDwlYylFfdEqcw9h>*f)Ag=d?!mDT6-Hfpy4aLTl
z^_}SpH+l?v-2|!c?PkfdATp?Nt>MsGhTEjY1)LjOMMbBp)3@W5_MISI7gkMFT=>X4
zDCkWIW-=^#`4R)P23{~2%VrdMgt~QXk&G+n21l*==R0ie1d2Ds&DVq2GFiDpuh3LZ
z9L5&OuDCMyXX!t>ZV)`UzT}HthaSPQRcLNbvP44HCkLj<pe6n7Lyi|q>SsaqI;LlR
zL`VzD$aFp+I`(&E6wd?9Oh#<mR6m*oDwyB=EgE;3z=%jLi!-2@&ieD+4DO{4i;OW!
zeu&q6A#VWNWY43Uf-XR6QpDlj$pKl)?)6W4*d%A+;!UEgC%yBvKK=UKbW<sJfWAv?
zBU^l!kgc_C*|ip*y*R#Rnc=?hQ8$yn-S=MnXYJw(=LSH^PMcoS?h8mkeZXdklf7;B
z9jLr|m?5H?cpZ6!tW=)fR+jN0LnTtzYlI+R=<LQX`B-^@&GTQ`Jt)bc!+j4|MxHmS
zNyX2+66(1X#&aqB#8<Y*P9ML%jkUhh$ymkO-Q5k(FGfz7@_ghH`1rLIIdb{^x@%Ph
z9W+jxrWiPs6mV|H=M#hN_r8ixhpW9D!Zg9{sv{91180^3&_uRf)`OGerp9EZH5hWO
zfrIUHg%I23=7Plzi^eqolR=bI0MQcD6W2)gU`4`bCX1Zu*rGD5!T?$3BW4(!e_i5Y
zM%@_pStYO(8gG?HFN^m`H*@?D@3&$CiPhVMpyCm0E`j5P_5?QCMN%w@sa<-uoH{j2
z$KioyhH)bVpw<0QUB*FSwbDTir?L*Km1!;gvrRRK!##1=0zvWYI7VD-!mzrcQ}fWx
z5TPztkkTE${dn|Elyy7?C)r={K>ruUv+Qz@Yk5hhLRgK5R?-=S|KM~hJ{^0c;CFS_
zs~uvLze9YW6!3-gRJx8Qcy2+>khT>Pk{<QG0#e2c7wE&J=SCD+jT)W{spPDsl95g0
z6RR&p?H?NC+Kb;U^=aWd+zTo*t8TFbh||WQ%OIC3TCS^Gq~;|{Aer<{dr*84@^$7y
z$a0y2&Il-1XFSVl(`IN|*9Hj!jTJMv5_bV)_H7WmLGe`<wNmzQtwhyL!zs!DH2Vvv
z%ekxP3~g9e{A7>zj7fiK1NE4wi&rnyw_^<#!=u02S_bC2CJ~Y)*^|{aRfX$=1kg?C
z3x-atHo$_gtX5Ylx|-3URSo>mkuy{WsgNs2Dao24B{OoN_@W3r|Kamx6y~`?S=IRQ
zCB7;y<gwT3h;=Rry=k8J0Y1ljE?yN8q+njwcWEu^c`=tyR-UaC)28i@IY#|PcV$h>
zAY|2kZ5=kaRKO|2MCmqSOA)Hz0MZFockWV%CHBr`>p_S^E#;(7!=+qXp55~XsZ#D)
zIGa0eS;B2xx3}XV&vCy2Sdi_t*zCEuVS}8d<-w3_3#)bOe!H>vDS5{9Gb6Dee0%Y&
zrNRvwf3)GMR%_deOMPr$^@BmprL}C3TFrSjm!ChS6GR9zK3pPTuNb>BZIlof$rky8
z(Zjoq{2ue`3p|w@Up80Au{RJVJ;D{e+6l3r6$VB?KMGaK1&^Ym!vkDKX@rgB)tQuU
zr$9PbXTz$W^1*r<8zY^h>p%!bz!)FPc&S7BZtSE^wsLb`1Z1Fn#^@s1Mcxh~`jFqj
zG3yonBTy6e-U(Fc87OmK2|vE#5S!QQzE;*LwVd&_sIc$@ItbZ+4649Mg|9-x@4aw^
zAaLs#Y-5=;>jLNkDV6<sh^!qX&eV)wTY(a;suE|WtZ2UvrE~N7hJJ==C;1F*cWHi7
z5`GwGu*X(`#lqiC5*o_305Yc@@3<H8ZK_K*TtK&tEdO^M^Y|Bwy&kw6fC8<B0r{9F
z><6tc7rEcy<0t#Lvk@c|nf{xR`AC-GfVXX_nH6W?YA&w$dLq=hG4`h#=pI47zgRWg
z=S`m8GheEW4d}`S6@BK=TUU|XD}F*y8}b4J>yH`5&K!>igM?U9wQJdElk8u^P_ZOV
z+@C!Tx~&~RYh^ziKid=cQ}h9&k!&I{!n+?U%1Ih>D@;iw5A+LUizKdk%&n=wfAR|r
zi7xqL;*(jZW<gOEduvfXj2tS~pDo!056T~(S-UczR`ymUmg;G9@#EAdR_;Sk_JO5G
zMU#0-5WCrSri$`XF|q;m`0__#w+agje^TjMp6q|97U#`>^_&#jNz3xnTFS0({Z_Jn
z7_7dTzya>#vQk2P6*mXfRvW>>TeNtWNqL>CUqxx1OL%P}+vUaie#_w(TB_^ymLO%E
zW`TVDZaucWP?+qn$?&uY++yXDV)REPr$psV$5`xU&$Dp0q8pKFL75>z`6p)cIqR|L
z@fRd65c6vVF_VTX)mp3+vvZGf>NYS|w~^Q2LTS$@?0>y}%DNd}rRy|@3GdAS(V8GM
zadpX(v9C8~MWhm<Kbyz9eq3be`K@~I<S2am6kIKEW5QfY>CH);HSMont5v($Zo<Wk
z{q7F1cW<s>Sc)P9=Jj@x$v0l59U!67GJu&5s4#I>M-mrQBzA*VfS5VoQuazZj%p$H
zPp>MTI7Hk<OV5DPb%a7kpA|X8@zakAY1`s=sydrWk0}_0t@AT^+nSqivvduaI$=r3
z;IKfGo-tHH5b?vs;nH)8hssO_gXnVPONpU5{!SC*;xj1W)J4}rDWdl`jR-RJnymaN
z6{ROk0*F1r2taQ|{t+z~OC1`v**B#3q-IQK!-Nu_-@7V(oaB^Fs4UY_Xlq|_gS&fB
zS-fZpyNt0MeRc^*R8Sx==R*Clu7g2j5XR6PSz}TX(JrmH@t*YOVhzXP{E$W)@uGYX
zg{QWjs8$mirq&s%N7txzyN+ofK2R{s@qd1vQ<nXra;4kkyj0J`rz+Oi<fLHHi##`3
zDrQ#b!y=qMDy^)~<wY2rUKKfi^+HK)ii#8KvgJwW+wU2(diua+hbQw5xKeR?6xD!g
z=tfzWB4fX^r8vS?ylvx#c!tbMTxj5PwAWgtu7|=Yh}Zjdx{7JW)+E)HmWw?$l&yY`
zq^LkeVo7SG)((xq4j{X*6Y8u3>n`lUx@)6{hq3Zcm`GS%gDntli;568Wu7~e3dj$~
zUrJT?vba;n_7mVVSc_)FpWDz>sY0UCK%N|~7B=fB0gW!no!4T$rOw6^Rq}#$0D0A~
zSfPHsTB|sWRpn*GSoQ2Q9PPfCefuXFZpwdkf>|fX1jN((V`;fG&x0DTf`FG~Wps2m
zgEM%|)0bEBvh+_<=-78^YI8Fb;XqamcV|jl|I@Px%bY3*vJE19cwgobq!tUyR5${s
zAvu@1T>Hc{a48(Ies6U#zk~sVBKR6le!UJ&pin~2le&XF1Ja#!-`sKMW1b3GJ^vI=
z%}IG=jOt_*D9$0T50q4gprSyR5J3!|T*pZ9HGL{MMTH|#{@57W3g7dHBhQu{OV+xD
zQ@icdq~>3f=cbpZ$SXWQPjInT7lbp<mrIuw4xBsbdGBP;JyeRGDu@rp>JCEIKe0=F
zxt=?i5Jgts?0a(aYL;pbi^B@cUC%x2gDV|L6)z-z$bKvs=2Fg;-xbExz*7B5+ko|!
zZBXy+o)fdrw2)64TOy^%(~M#dQrLFrjh#+t(i1m7zZnE|HOX+=bbM0o;0_Xk2L9;h
zDhc8u<j0nm7cxBDUN&Rw*%1O$Ea+cXSg&NAfFFkG^sI;V*38vOz}j^rMnw8(Y12H=
zF)r(ySo#-eTS;7cdU~1p3{ypKlrZ<wuzAaJXFjOZ-Y(G+4}ifoH)n<Tj6=Vl#?VyE
zURgxy_zFcIOSX(SANo`%dIPj3D4H5mnMNAA!yM9rAo(p-^WJlfa$5TKx0zsmB?aP8
zNXzU6;XK6Vd<wkeo2#g$^TI=+==`=@r`KQa)hJ2VQD5;+^q@Y7pJq3Sggth6#;EWB
z;%i@{5RmgLqQGu_^yQ<_oGUv-bpdveG++{VIa&i;oFI$cs2iQhT;(O?@@Yotr)*C}
z;LQt}eU*vya6-<CW)|w1Jh;Mu(X52WI9b4V*B&qQq0F{6>(EE|t|zJGujC)nV`N+<
z-;pZgzIH;EdFFXQwW}kUvf?_^VK|BFO*7}*mSEWv6nB|W#uoII3BLM0RNq8cVULKR
z_d%0`1qI^yfOD~Wq|mh)TK0-)!vGTsB5mPeJHC@9=+7Y1ODHq<|I7x;<1QcQq)f3v
zLIFQ`=%D#<3ybsuGkiT&!vlKHKWhRO{`Kxt22D2yxL|=iQqkWcb9V6z#k~aBNX(Ii
zB24%tWR;Il$I)TkyPzMk?09^5oJ`okN_#qzbK*+2L256`Y$sOq&!0?2vgxr^lnPWq
zkf)z&7tE$UKXIdime~LncQ0cdSz<zkS#h(_@^h(|7DwBxRFI6FsOjyJHm(9LN=!BJ
zDmmy+8U=jMaNDeKmg-#Uaw<i@V)iQX_<~&?@bOtGK6j}2^qvgko6A=iHdVaj?{jX`
zdbrhZ&?#qA0@FSigDLoqi_8~zb(Dl&kEi##G^gMuw=cA8Y*Adxl>g?6CRajdVc|yk
z@;Wt6bqIQ-q;s-*PROgIah<`;dc8Y?qo&tRl8vgB*9CNm4CZuT#r;%HM{jzU6s)^d
z1gvDu!mjr8$v*0sH*OBjPrH41b63CY>7hUg;~RJ4y6&gE-(s~ZUp&=`S4ltpsAKa}
zxL+_;I8H%k>H2nPGzFmwdGqNCy3`8tYToKKTdA=CSqTIpzPUU&3aXu{lD=h61OrOR
zrPgg0bcm_uvB_Qu9Rlui?POy=4+Z#ua1|36P?vO#N(VA)xZr5Npi=n2z<MLQhPwzt
zwYpsP1D_9iR!J~8>;$@GRcqIPM`mu^@I3$JrxQ4!dsss6OP7)kR|nbhYf+ts4Jvo1
zguIh^L~b<)J1==mmQ#?zdU@!O;#uL)AGT<TrDV1QC#G4E_YR6D)e-r1H>UC3M94bN
zd=uWcpX)tl(Z+UhOZjYGUS(`yiq#NE7{hVlKF=|jksjyUxvu$E##Sfywrqc~2R|Xl
zbvyCOx=i5OlT&Va+?U8_*ht{!zUW^!tkZH^u0v@0nmPF)xF3Qe5Se2T*ga5qc(BmP
z&F5Ff)T3QScj|uZ+P7&6g!bKjmtc`qoJW<mI9tI}*^eMW1(`KtqFRgs4QXZ52T52t
zow2TAj}G72$pz#e67W12rs0&g+(lOD`qE#PW9r~iysuM2rGv^{4`8)fC~~xUF^<oO
zVvyn`P{_y+$r9`e-3uoUV#GmXf`lPLilLr`bVn9R$BK2DZy<Y!w}_nbPvq7&1|8$j
zKToio^vXAnfLd2`eM*)riCv!>YW2fL_trGbFU1wiIey?)^tKqT=rwg;TA@Q>epZjK
zh?JZK8d{l<l*AI>hMrir-T_=Zb+_se5Ax7k(KrLlu$e<`FH2bCa`y<d4YUcz37avW
zH0#KD0LMHfs!vbf#JOEFMArGDOJ^OQU{co|$#M1lly(qfb@xwnRjEjI%TEiOTdovu
zBr$!_p6o$9%MTnbt3$`mUJxH7qKG-SnD&Q~r;zt2nr;qZe@d!(MF>7WyP$cJ%6DbH
z{z~kxv9aqA$_P03!L+l(PMrh+bG8Z7HNuGZI-s$I5_*?C{N|kV3SYp2YvD+8xaxJ#
zplR#=zLn1kUsj$vU8AO522p$>OF%(VSZG$vduD+zaT*GmCz?C;wC{yjcz0*tP<5Fc
zD<9xhybNKU&3htHFP!8ocC6~eO04zr<KrfYX~24nrCs5?V#nAiLoN~FBtuA|3|V|W
zk4i8PA-*qp`PviN2y?Z8BWtg_3JVX7)TQ_(_JYFprQ>T8AX=fI>QbBHz>aFXLmWVp
z!ZndzPask3)rlg|Gfe$HM9Kc-kI~t=Ks&Pa%t`+wfy*F(Yf8D~cFt<1fP=y+k&{GW
zSl8vV9N{r2A5)cQ@5#L7*iYRKowuQ3iF(Bnz{Oq}^$ezU+(bIqADgt3>x3{qKk|Kg
z8ShcahN-WRd~om{b`0&U^QF4;PCxV{96eQn@s5WKGJNkfaxYO3Wg7L7TwW`iK1yN+
ziF=M}X}*mss!KsAR4~Ir3bPAsLtrB-bd?p+PMe1txe-DG;hvE1GjYw$EChaK*Lyh2
z6MDT0AHf3iBSICv^&Z>&^3o8i?Pbf+SN2!`Pen3thD_%2>WZ&+X78}YkN1R}#g1cL
za>fSBvn|p1-b{Eh2~|8SmIS)gS9d8T?$LE7I9mm1eE`MFcx}&M?PAO^ao2i3H&F6c
zJlD@91G9vLz{H5F$mgrH+d`ItlD%*ny*R5_UYP*`T@O`cogWcmv-;@#9X4_EgYh4S
zZ!YAq^(2;depfK)x8i|B+ZP@qd4lZs70TQI{e=q1Yh!FuD~bzpygm27u~jVxc7v{L
z?Jw$9PZ=B(Acl3d<>P<S9=|_<24oYMA1Iv+7h&4|fNhX<po$h|D#;Lma1p;mh*Wu+
zPu`SUL8q!JvCvf3X{4!R`l67@%^32+wV%vTfwOOpmZ9h6kCY!r4&j@Z%5<%kFV!4z
z5c^Oxz$NaQ=Z{`L`uNp&dXe>l+_@gq*A$~eYgB=otF!}{)RJ_h;B_J=x>|PHYJYO?
zeC63lI?1&%^B4toJ?NJO3IwsPWoEgYtGL6vy*>$PpgO_RG*F|y0(=ran{fKX9m2dq
z{UAe*-Od<m{smgXy2iW0zaBx(XW>if`Cs*1CUfCJ1vBpxt@7G|PkiY@d8`J=Z)J>W
zh`F-D^ULW$zO<R{u0k?wRDxVZrAKox<;v=vu!u5qcSg_@I@U7@23VSPg_b88z^Zs{
zAF1U&Z%SxfpT?~yy+;7~ullbWjE$Y?MC%ydW!{Hx)WnHTYTKTZTnON(B#ePD#cxk)
ztJmiPaW$?qUd<qIj3C7OYZ?g1M?w4ZL(r7q9)Yjh&x5u=?v1&q66M46Hdi_x)o@WF
z6t8dgMpI}z_4|HwaRi-Vtddstb(dR{m3Y47tRjKuKlh@Hj?D>Mt)N<sv4rGKD(yss
zG;D;b8aw~oFe<~>XKf$tX|ts{Mu^W~x*Qt>?Q#?LQ}A63148^gvvI|%p8^>4&-bjf
zyuOlY%lzJ0?uJo%!N_%dURYNGpOH>8A>WBNyzZX*^v^0z^ffQO=M($^0y!WNx7%=O
zMTGCoY<U5?+{L;<HapF3dmFhssGYvpt%-~6v5T#lG8tx&*!v;e@oaY+6wN6okdx`O
zXu|hZXV|HoqB%`?TzVG=J3H)7N*%opnCq&oj`r>&Mma~0mJ17Z*?cpoqX$*xFZB|;
z^JlwowR0Fv?_B*#JfO7w#ox_cG)08LAS6F@9yIQ8BrArq<~|e$gE$XBGw}{YySu1g
z?EAFy4>+Hu6<^^T@0=bwO`}Fwe|zgnUd~?lF4r_NyllM$RRCQK<1Wrf11}R)?)EEg
zf6dE??<XU7EGQ9iR@s4y21EEUz3^cnNYed$kP;t>ALOu2@1Nh&2clpMZ~tH(01b@c
z1t!tHoZt_(&ePa!y*~AhI-2*cG`@XwR9Alt7I^VT1EH$w&M|-7z^zHND;O|@_7k?$
zM7w8u-j9SWe^1d|*)x(Cr~`V~D<;zH`hFvrcaCszzhb}x8qd>r^p7@^E5b|L#&Hoz
zAZ<pRM}*~e;+GwYpZeuWV7`BwKzz5nTvd<_P5gzv)IEgQ24mk`AvkgSI)SOE2?Yn*
zcG`};#fR<RYL64F?df6PK6)FpS}Jgs8Cg;MZj&Eaf?7UpGx8hC-2-;V{%#lv;{{e#
zzw^%s9?fS@mOoJczVg0{@)F_4o(K|Eese<{VII(-e;u+Pc>rU5_(fgSVWjN5g+%m0
ze?R{p2OwYJHJqD5g)?e)H;1ru&h8NBKF+|CpiLDBoCE*gLz5K=p3Hy1{LM$dxq^2J
zkB6lY&jUN#gFy8vN@Oo8w?N!;YDECJ+~BaP*l%@w>K!HTUnRqTFp;P-xZ3fe*Q)a1
z)--1bbpI*$e@~8rMwe4SCtCIh$x9RwO=#@{7Z1g*qWL4UfbQ?8Xu`l?lZ4FSok^!Z
zkjXF^?KdiT(6*+CyfV)LeW(3dDOi2)Ida*aCiwRCeGL3Zppp~-RO*if=y$c`4;{jK
zxxb$O>!!>+;H2-dok@63Ksiy{Z2r06?@xaXHi1zg6>!kqq};mzd8wYm|D8>D*gg9q
zzBWU8+{4XfS9$CJ@&|^!hvUz+@yF{pCWY9)C`5Cdpz~h@5P;E#UlbShX3xz)Qwf;;
z*pIq>sJM~__$Zh2(C;-ysieZze?R`0YT+%$vup2CZ#xH&@RK%g_uhUB?th@}6b&_A
z^#^oLKtLPYwf}aZKeBv<jiiaK=<&~^@d5vk*CsNWKRSD#G(CO=0Ag^`h!5Ml=pVKo
ze}!GWf@;H$=1%m8$^RK}%<<gVqtv&_xkvu+V{P~n$`~~C;1)$_HVA|9!_51s{I__Z
z?&EU?Ib9@`udlF?3bXzF{9mZvJ{ENZe^P1RW6b}O@I4B%e*%Bf;^)qfd-1@|Yd{?L
zyBBf~*>>i?{qXIQcZYNFO}9G|cj%&#$ew?<f7okmWX=N?zro(&_xqru2v4s6sW1=W
z7oGdW`2o;7kd>e^@ekd9fBIX8gZr$K0(0A1_PveDW`57@w^h%6rZYdN4_+X!{l0)5
zNJI@^O&$fW2v8a%{u`i*m!5<F!cgo+Spn#Mx7)$i9~^;Ce}s7uKh$Y!_c8w64(5Mo
zp?(i|?z#28T}1J^MYSlY9<Q2j7_k#s?zo?S4*3T!(crl@ut)f58fxO?C#}C>`p>-d
z3qSM2J{4lMS7C2~w~xDbaJIFHFe_fOQ07-%-EWeTv{0e{DkMgi@Dutkr~FL*D6wA<
z0?dD<w2>hGr2}+7CU0(ulGiL(-^3nuw#}5ga{HSqVAejXW~RL(3*ehqm_X@&G9R8?
zI(R%pl2{piCbl&EpK`l{prg%zfoLx(cK(5B`%Xr`h%NV7tu4B3lMHnZuP`Ce<$ED9
zx^zVN(0?Hr$R<{CFL2B4tO1jbeeZVu*}d;RRPfg0&%uy;HsbwH;2~iD)mH5CGp{6`
zv}c#vbuRu;MSb4k*d6orpB*FoaQpi&@jFIimskF1)ZP8@8{s*9LKgUkqO<9u`&FKi
zCQ<5N{ykXnTlBs7I00d4iebm~cL6rKM?A6X_3!GaJ)(j7MGXi$-^(n&?F^&tQ`@-i
z5xf7SEI@%AA8EZSIDK3eSVuL~UVnZY75_mvc1N9gSdRUX(%+x<5oQlIQI;=XS8->P
z^jQBz%Ze1w?0<C-k$CqtBO`4uXQNO=oNxBw84ubYt@+Pc*?x*o`u~OF@O$yn05Tm)
zGS$I9=heX6r||!P>;^!d(y?dfi7T=^P5xWx^GD?bntRQLP4Fj7XWIR}zzBInc*m*T
zCGfT`y8>Qr@bnM2;XnOyB4FDe_3Xid*DRi_%LT3Vw{{um)v1|373H11_VCY@N_<Rb
zo8LsTt=V|T3G;U8w+p}@G;dvz<|E#{X%@qLKD~FccMsd`)Arjqr5VOAnxnfU=!aqd
ziyQVhC;LeJxER$I4H(E|P*UXjep-4pT<rV&Z`2CBhz|w#c9r7gGT2k#Z#}lhj*)_J
z55#m&3*CNeeK0R-Gqne%ZEWnfyGAs49VDk0yT!{ifu5%S56A$H!3$stUvshZA_?<$
zeXxJS_HT`gA~X?fH$@5Ly!waM0x|aCf7u4O?p560r?Zj!7V)kT(|hgv22b-{qTR=H
zI33NmKfs%)qxkkp;}(_nDhZltJaw1YP%B%H1(Fk(Z<mR-p8WmiZ#H7XuL-A{ymb1;
zD+AQ7|FFw{yBFFc7@T;;I_`eF+0t^$dD!9UEmqjW*niFi*L*w#?AYk{&avdbIL4sR
z^YXt@EYK7jRWa9XH}MA#;7uT&ZvW~7fV)(90(_hFv5Lt4W>=bS!r*^PsO;P^kP*+W
z=r1-9aMG0&65+G^c^xnK|4es$1}8DAT0h-$yZ^yLpNZtuvTAJVemMLCW~2EdyQ$4R
z*v6lV;>G*pwJ5>;O)E!bQT+cndRID(?&A&Z8TmayHw`0!?!P&m+ayQ5!Y?`%<-2`7
z8ZN@%|Lqt4$=4Z8kP1Kge_)QCHytmvpnUvbzk`Rz{?6;Fb~Wgh+68!s4y)ppB>oHH
z|MG?`(m-ZB|1{J&eAu&So@z#U-`03!|6$u7Fd!0-d%!z}ey{mo=`}pXO*DZw&F3;s
zkN0Q(Kj}3f1YQmJF3S5QGQrUQXL=2PQj)9@4L-+qlwl|O+2uG=(59>MFDgPV3b1O@
zxV!L~z0~=2iU6~(YherIT^(VDPx)l~cB}62s@E(>U+vC6yExqEdGN*o^c_t}x7xl4
zuML6H|E4evA)u4rfd*C(i3k&0>h5m6qgwuuXIC?^gROz*V12ppy68TjXzU5Y+0<0S
z4;SEv_ebAYgY@-USf`SZ)BCA|?}geh=Xj*X7%dN9av`4h<L2!>>G&N$&8y)$SNGmS
zF8d1P*ip!NFaConRHL9ysjt5QJ!r+jlMng_-ntnMP}y-UeRK1`Hx04Yjaad-o;{xO
znOa<z$8@kA)HQJ;<6{p!;#a-95AoMWYfU`;RxkKBD%pv}@y<yH-XTz}*y|gcs2S-6
zN0&QNjqCJHkBvS2GU`J_kv^=;aKl59vKRDkYgk5so|Q8nCd;V}mA@4nYZmUzrDUBl
z7e9Nqq2BV<Y}Bfr>>6LN*A#4X+?|K1#jWcN95hCi%%y$&_;Eolk$rsMtG?uvQNi1a
znq~=aBG%-u9N6ZZ3U5!lTi{i4r_RAysCsn*F>$_Y+VgA=&IOxDWfOUZSZ6wN6!>Q4
zv|76~4@@)6bgEQmO-@y+I2QlF+|&=0o*dAt5vtA{&UC1>A09Jqf>L8TYV*D}F(|jk
zEYP(cZXCH%b3BLM<Q<1DwS`usQ^9OtX0D3?*2y3k6PM<?$lS6qsH6+mSx?AppxUsj
zZE0@CzNHPT_b=Kt3fXF?->+N4i}t?6<ttTG^tRPCxpfXqc-h>|jK3GDV14&|LR!iD
zc!!3ZTddSJ?$~(r(tEjfeuY#{CAR^4Q#RFK8#w1&4y`<$ywjMb42y6l(DWC5Kbuo2
zZhS?vW%$hSJ20H7o@W_OGhFj1A!xR4Cl_EEI6m1ibf>t%Oeb>DA2Te>ct3E}G}imQ
znv`WzOuMF5uy(sg5#PzP{sP1Iv(qg_<W@5R)Jp;>J6*jCbnj9aMe3xff9dz{6>?u1
zaO7Il*O!30KDa%%#jr+?j|h|QmFOF<z7aX&c+wdJMN*PbN~b?1?D`m}U#HF$_{vg)
z4)pM$QbO^{gABHui%W_}Kik}?re1syl4Z}A{$iG&&yzoB>V2-&Bd%Tr%|4`M_~u$5
zHu1rz73D~>lSL9eo9RX&-!+};N~%mGPeoI@dpr38t%eR_5le%Ku+l<|XQ~GeA~{V&
zt)4Hz1?Q}I?Gg<n-B;NnL*RB5FQWozSm`U}M1pHpCo5#zT?1B44JXH<Hf|vJh8Nai
zHHudGSlyTMy0KwporcQ{kQHBxb@$asYDibb6Hk+WhL@Qac%#9<t%!{LzN9?Ec@&{2
zoLkusLM=$uCX&&q-DX~sQ4TBcH)MHZDLi<Ls_8W+oPfSku&vCq&Y~kZEerP*!g0ex
zGwk%Cn+RAQoyLPF8ttqYa5uY*k7~Fa^+>D7YKn&^E|Evwp<Afo%l)X<o>k|-C;GkS
zr&*E6i;YIs1@mFa1~UVxj@nAuvq6F+x0^7|mg-W_a0{!ECP77xj1Us5iO&li&6tt_
zD;}Zl71x2KTp)fO8WsPHFy-Ps58gCV#vA^(P=xoMpvB1b$R``sL^5bFd$^wQNvSCR
zYs=z%o{xmOXQd~ZHp|{%6jqodO&{=tbU((BJ<y~$m{{kkJP#U>HCZ{D>fmigl@UwL
zdG4|KDZFpHd@==|B30_)t>y2~3vKL`wg!3K(F$Y2Mk%lhJspYelC0dvE0XCcHyY(6
zS?fD<t8$Szn#L<*0x4N~P3TTbA=c_VrFYfi8o{<L3%98`R63e71o{Q!#jG|qHN(hC
z^5-Y_ClLb~2;}ieICfqtysts#SjD$%A(C`ZfS`ngt`vY#C1b-JsRL$UfrF1uCfxJ7
z*kF19dIv7J1|gUaKOl|BY;FdE;?7%jd^ql%A$3xQj-uu(_wG)OUp#8BP!ZZ^Qv$}M
z4wpwCx>;haDx9mNa7GyyC?q(dBlNZq4QcSum&$oj*%@;JU85ed38sImZPPe)&86L{
zN8X;S83*W)k6W>$r{fF83U&s;vtUw9%yO~o33HKApaywTl@)pG=$|gF3XpNwb=u@Y
z@y7O-neZvRXnNIC*x*}WJPBo(uOyNMjBvifaAkd}hjl-3VGMX=Uqx}7u=bFEq~R%3
z?CSj0tZ!E+uDmmBHKR>ZsgA5VUiMjY(J*QP6<z&E-Q!#psr>>xG!;c-93Y4-R`7gB
zM`_yG%u{(Q>X!5d@@xev`m-Y}?vY-NNgQQHfGyWF;*n{fUBxX&M9o^+`US+&wbXdU
z9-)P?)#(iP9yJ505DkQdK!Ez&be#W-h4GOxiK?1h3#|WH!<PoR%eZ7G0m|X7ZA0)&
zmH>l)2i~r~@u#E#njE)-4*YKism?XLnF`{zCtJHz&E%S3`IS%-GyFtiRs*J?wD>m4
z!Rlt7vcow!kCi7<d>ysnEKDuw?g>N<P@InR@r|F>MS@tq+omy?17jxgu`AKPo(dl7
zU^P8_v!p?SWmvVz;<1|58vH#HmuFIV|IUCxqo$?(+sQGl4RiECE1*zR%W5$1^#fN|
z+Ahcky3qnvon<OwY`>t`R8_;j#4q=yaMeEZ!^8mu!)l^yj}*qTMD&4&!|hTsMV@B3
z6mUTPQ#RmtC5FNBTjU-=yyA7!Q<gf9-yn+SN){pX0KCjc8<k>Rd<0!84h18Ses(GB
zN->)h2c2IO-9J<A!eaKrOf9hn*?id@yoylj^1_AQbR54I^T_3Fz6MrS)0>J#s|5`9
zNqW}Qvkq1xrZG~(K&J+hPzIYM@laR|#7Qi~xELU|s4FinblyOcEk_ZVzG*aK*kZ0~
z8py}zz8VljQ)zE{n8IXTyvVfu18xMX+?hEmUN`3U;UhZEY^0VZnqwI6qk!g!N7ADv
zi1w6@wST(!+gaEyyf2skX>zYqiBh8IOXI$ky5_20&}PV$$|E7qLEvjQ7D<MMkUc+e
z)mWzIP!%B{eokmqlDmE?pjs&E>wskI1?o(sdmu-MdU1n9E;?2<(K1J|z<+pQG{6ED
zXxG6>sW3LyT7ExU|0eO<oU^+6Zt4AcLT`U2tmcT=mImUMB516J?4Uxd0})(ni9zCW
z1%-U->8U{QkIo|NG*gu?6}-c639Kx?S6V4ttwmU5s^<mTrZu?Mk0od*V~fvhh^x7+
zX24v?7CI%wU{Znb%*6+GtLp{za-}tIbtmE(zu>BeI`vQ3?l1jSWO{1gY3`?BRDpXb
zEPJdYaE}a-9*sviS;K`2Klu_=kv22A*0I6ZDaocH29egx?Osk1!=E2!v+8(Rz(nd{
zx^nt~vQhqxQp0mJ_VDbGNA%gZs|XMNLOhB<k2kWq4f9ps$W!(_SCNaf)aUF-Rr+v_
zfJx2am8Jg8qmv^WKX~{mA}ZmwT+nbDD~gaH_cNE_jCz=a5i5$MApVwg`eAHV6BiJC
z9?Bd3wrTVpv?l9ibMC?^l2-MplBRUs8XtWw0#=f&gcU^$N}db}+T^RNu?@<yUy50~
zCG<8+as%MMD79oXWl1%hRpokUS>(FZUhm=;OW#gI%TavQ`73PqU7&JLJ(Ga0J5KFS
zJe%8c=i|!@0SiG>7vAfYnP+~{D`R`_b$v4I$Xq#Wtd(mb%Ic><QqkrlN8p8ydvWuK
z%6Cdg{hOq%HDw2k8(1p?!`&DM<BG?^PJfP!dV>R?)ydJBk6{Lf;zXJk5KH<mir!79
zAjVeN{M_8tXv9oJjZ$b4{)sAr)vXKVUx3k_tZvXUKonQgSlvLlN#g#Gt}lT~0{i|i
zr=}X))KW{*N^{9Av=mIS%`LagOwFxiNG;8fG;z&o(?lu7r9>##)YRN}Z9y0@CAV<5
zB*ZmC6ce}qqnT!!@9+H2;dnes29NvRyZ3WH_wxZ!HsM|xW$PMSo;LZe7gwD8+2_=<
z7PTa)!faW#0Soi?i2)m>=loOb8Kxr3*Yz~kkZ4=p`uHlgrxxMsHQb`%O~CvU7r*Yk
zDE8B`TmhwQ4hkv+1#xz3X@BJ*$2c3mN^aDVYzE6N-n125$k9^@il3V#30op+y(v7f
z5Vqyc$(nr`n^6<uzj$g+-!JwrB5~)fbe>w$lfWk-4PLG=6N{>c#pb)Dpo)!L;Jr^<
z^gIf>=7w7D%oKIab!kxbn=@jKd4s$}V*6tqI#euus8+407{Yj)BV~0JVXOUR6I4Ja
zEA^%!7HeawrRSRch>X)IoxV(|^ZrOW$7<P_2meI!gUEp6CFuZluGVto)CoJ;bPGbu
zgl*zg6nOs)3_{fJI<bEV<+$eFn)~ZM`1`s89TOqsS-;Bi;QxerUbNWsbz#3G)$y2b
zr^3;f-LC3<5Ay0h>Ki?Y7O8$-pjxYhYBSo(%^&coqpKk%%UZ^(SX^<8PSdZ>&9o-$
zV}dxZ(EQa!BGwI;qorcVJE!1Zs!D@xh+AV51Jco)0<|VxcCzWgeO3lK0uM4HRT`Py
zqTiZqdZP*1nHe&u2z}AbL8&B>F{yqrBida`Ycu@Dm-*84vr4|{8pgZ6gu2E$q>l_T
zg;@ldTf*qe^iJQsiaV8B?bj(E>xH$hOsp`g(xPG)^v@TK)OnDZoZ4$ErA~>g`Ci?c
zy(2o_B04{`p#QxTQ#Icc0bFXiZuMuNGonr9Ra)5N$yXvl3dWTEVU%Q}`bsOJv=b%D
z#;~=D`eBsxWK^|R!Pt?Hb#(7!#H&ZzXyDOSwHBxMIYtPuDTK^bgqix0P12=i3w}g}
z1j3wG{E7<0*hQexET*KgUrqu#{u$ajF)Y?hqv-Fly>=S6!qZ9DV7+7E>L9j*;e%3K
zt)4#unir45#bGm0vFLibj!FtXikk!-@342(aK|-xmw?<J>=VZeHi;{|Q+w!Qg%gH&
zjI({BgNtD@fw75~omvg{)LgT4sCvnT+lq0UG<V(xSLXLp<ex9nXV=QuUep)%;z(c0
zF+br=7dL|;Z7bQ3fS7{|3T}ryiimfy;7ovZ97GZhSiLz(KoybJ;l`rBITz^A%k$*?
zRZOc!4dbLE(J|`o5EFfTTX=e)stMsh&uv!s?g87YL!>uzAr_@Q+S!A?2cCtG>{!NF
zRTaw(qf-2#^v=c!cU)A)=D5@DFT|RsqS`d(m8nf|A1(fKb6gB;u{scBU)YpR(T-wo
z7dJu+t=E>!@M;N6{|)SzzG&&i>Tk!~E3X#{_(O}2pH2rX6S&pIQ-WvS3&i)XH5rgE
za!h1io;7a5Q2+V>5XA#ZkN;VUh)3ctzoUo|TLGgb^B3P-+rL$r*RH>8`KtFf+}5>{
z6dq-bWV6{CWeJH$?criIXu1BUXEq0(%v%2T%-LmGOEOAB3}3(DELm%Lj*O2F*r3Jm
zjL(QGMljup+Ht!_ESD3~x1t_<bRM8mle;<GYH5_|17+Hf_WZ7>{j(?G^d#hd?EdNd
zS_BU_>aLTrtXh{UKa1rA^>_oYfVL~fI|Wa}25(ZjnT;F7)32qsV4mQ~^?d``TCN@@
zFI)_9`x=yp9c}~Ps=!I?T;t$s7}u*j@oz$Z=x2@&VCn&=U?7<D=XYS^AD*GH#Z!wL
zmoAakhs5d4tj9=xXr^qWQ;+eAW4=U$W<?5S6PTHDy=w7WMpN<&yk*nB99zWK&j@g!
zdITk9zV@dJgv@K{!KddEiPaf*luh>N&=Y-kJd0_+1Bz_{E(fRkgpW!yRjB@Gg4G#s
zw?<eEdlL#L@?Kc?RQr{t(8lsy9ETUAm7D7{k=UWmXOP8OIZ*H<s3QrD4}vf78_PVU
zf=6rzl?40ty|7+-<E1j*zSXG~o81tmOf#+t9d|n%V_w&r33(05T6LrlZrN1zce5sF
zJ>>Dv`2a2mpi;)m>VCI`V$q-_SP<=g`v(^A_Y*f)tclvHAoDqTRP9B{OS0yNl9yJF
z)OaQFGvx({O}~Jc1WB&hf|G$~Jj{uZY0%m;vm!6cu52}~EeJ1Qqg3pvqh!jRS_le!
zhCP}3t{<|mrNiaol<0nQnCV4+oG0?wrX5E%ZI2m&Jr4eIDy8dVisAm&?p?M$)+MIH
z7Z59vMT`lIt9>j-!8eINnpfc6^DC;aG0nGtnb6EaIg%LqlBgm&&8TL<q3G)2X)lD_
zxcKyAk7-@0BTrUPj_&@;@2v)PIkOB0cx+5PthM=U0nVo2OHbWGt5iGC)K(FyNgyp=
zefp=e`}>4EbU|42)gQg|AFX;ovGb1}J?vERQZ7ov8Gq`JY5~P`?{jmJk6RRMk{Sh`
z+LHVn^F?o)SR}puGC`gy$>s&RIMTbid`r!|_wMt^@^OXb2c?@k7SOIymF`M=qz7LC
zMX!|sSEY<RtuiGIGHJ?2_o=vp$}+4p=Ogo5IEwvOSr-V=q7+yxj06Tpy$KVKCvfW?
z?kXDODOsg@#<L=*qYb-Pf32epxh=O>6{t<|ap6=4FtxY~6|(Tb6QQJVggvE`HPlfH
zSuU+nTIkO?36Ad+qV~O7HP(xi@N{@qHRtzyvv|*}cyZU<g>U~i&DOi{swqZG7%@Ft
z(6E1Rk>8Xbwgal`!Fvwg45<%Q?>#k!OFoh{-<UWSm|)%6`}IMxz5QYL@t$tac!gWF
zEtQg+Af@)yVPZyd_1(|{S|IH5)g5MQN}H4Ef|xO0hLtyg4U<#CT<I)r3Yn?*Af!B6
zI_^|z)>CUa9CLZK3`C3B9+<6CFKjBUo?P`ToO*j_Fug+;!wEa(GVJXv8r<6Bc{{X|
zQ)^NGQ4ihQLX(4%_RuNDM3!efQgGP{`=S6+WPHgwba;{{D0QU5lwA2nwb=u^=5yO>
z<^1QP1n){F^A2Z1rbgJ(9xg-vsGMeL0U}%BREz1Kk8Q3|yQ7R!`Z?eBDE%KDlE3Fl
z4h4hAd2H~7{~bH{4g(9RMf11T3!Ls~N-e3#n28lVWW3R9+Bzr7<0(q^BM%WWTb`Q}
zrOkFhY!eZ%*cb;${F?2{COE+?xuWR^eWXdU)VxaH7(T9@RV(KX(lbyP-t7pg3%%=y
z%k~{oI53-f)Q5oby1l}KLB*Ao<z$MkSeP>&rKv#+XmA=uT6ZxL^RC~l^W$!|J8L&B
zbhxF;IJ5wRrw3aQ*Gc!r6vK3@v(NcfKXy!+Z6VGC<XF44$%ejcyNsP4r;DeDIFjoR
z{kfRt48par=xjl)96`Pn;j8PupdSUzu7x149JZv_M<x0AS;?@MeGk(dTglQ$^~LO%
z+VIw&Z<|qvwMst@<+nlt;LDlbAMo+!bFchBWF1pER(zsrBg6eDduBZ^k{z{C?Zdpn
z_SvwKb<tlHj=l31Bk7n)M%8=b0g%V+RyG$o)^piqmCzEu#<QYrKzHqJzfzahlGEpv
z5px|NU769zF|P{IFEy%)c$ZpS`nrCS>@cXo&aHoNO3EGOGN~+w9<hQ`cR+hR(jkjl
zt&kayKX}EP=bq!u!eSPg1%<Vi)W$j%sr`ICdrB-jy!V}DByTbiHP(PLazhoH!oym<
zDhdz<*xCX$=m>!k&zJV-xk=&a<aHYv_>MPmPS?PgjWYs5dW=3b#igKf__sILew;F`
z>xczEoytEG#twyu{B7a!s&Yr=SS-i3>X5bj8tH{Uuxe>ZQR@J1r=a#OY0j)t895tY
z@mP+T&?2?CODSqSO8gYA%zjxk+s=1-bY}|b+!?B8JeL#NrdXuh4Ckp#0dzN64$8Ml
zLY7wty5O*95xz-&s8x#TpRXPo_&+yKGjdIW$uPT_F{;+bo((J!^}H!#N`*tCBzoqD
z6p!5a5xjCA&^_z$L>yJPHH#*_UtA5ncDV0_j3HNVHAKJ7F};WRjwC@fT_{GNEt=7Z
zDDLN;OIFU&`OwfMY-oX4p^PDO2Ks*W7*byX>oWe=CH0d!;g9v%7%{kdbztwo3+Ez!
zCf)-!huR_Z7(Cb#zdl%!&s)!P@Xo%tODW<ht}9`}OeFcfd6#jD!s(Yrq3#gvdjNEV
zB~(%o<<!}A_w-%u%b^B67ca9%lYWnQ+!BRIwtl?k1hI&{d@2Qt(;{RR>RaJJsW0fq
z>s!GE42c7gHj4CnavX`0iq~fpb>c40)JK{ewQ11L-YkRu;z9sOvA<6us!9nqpVRQV
z|8Q6DX!f-w%2=M=OYAMXo}1dlw8Ev`bC}f`Vvx6(#}cumZQEk4L90v$ndWD8dzazV
z=c)G9V;~7!_{>;0_uLRW^E=4Vq;K6a`cI-J?DBvf)~|*@2kTeg%Ru%0-;7rJ(%Lxr
zamhZ%$--!c8g+k&wL2BZfE2A^l#Z&3|DtT-<Qy%HiY(#mUhGyjDLy5uMExUtmumc$
zaeABe5z>C>o#NSDK4&#X;_)SFCVS{{XU-<wdIbZwS7`4=i^&OrQme5c80{~f>dg?I
z0%TnQf!&N5F9Pp}z0~YLK#`L&r>leCXdCx*kKSh`Z=-pOG5T=QOkPZ&i<`mxOQnSe
zS_{}t{I?OA*3_Um|4*d|--1h4{tS7at{8IFh|k$rj{}<KtCVKxRxEB21X~>aGx@o-
zjAHH6k3Y_gA2-i2LlM`r$0Eu>9#@*l{VwnF1M$QCx>l0bY&0uvUw_CNE;+#~ru3@6
ziC?#U&M_IUlaBC@D#~_=?NK%_HUSs3F`SPj7Ng#rsPV&TTOWR=F1SRlFbky{;}E6?
z|Kyz9LofOZ{t%VnhuLoOIn=5Tjc^#;=HHVxaOjzHk0F#Qi*ny=quc7GsZ+pSmQbQ1
z=t&%Bq`Ygap?jtZdi+!hL?X`|@#%uTJjAxZFuvGwgv`Y2fSQl%zQoPhCum}*FeJIv
z!7i=wI(;oF(?@$zZn0$md$KS7%_otEhbAn8!&zY@zQW8=@GM-y<>B>zDtr(D5lIIx
z8vGRs76IH{|AfT%R^*|qbq?#?fC76iv;@}rCeUANd4t&w$OxKVw2`d&qU6v}{Gs=}
ztj*&uA59)FKGvD-Tx#Zb!fqtZD~c7#nesCj_j_l&I@uhk_6-vg<A*CLaDF`cx>EY2
zYohcVk0L@%W@N911;t6x7bq|u%nEDRrV(7OY(7vNPTj$ZHNa%cV%*8TXm!w8dRO*B
zjzhSVt}*`@dTKfHk@xY(AS+<iZlSwhp!OzQ^*C#9NImJ~?H>xwI+UT$d3V1E18U}B
zTs(Fp^hkB~dB#DMd%D~gH`iG3e@nBYN(!Un)#CA>40-wPTd2DQ^n7n*ej7xB^={&9
zdBN&)*1w&?i>B+m0fFtW4I`~9O#f4yrcQlN{{_EEe=mWhTSU~}Fx6jakLX)fk=D--
zMt_aDaw&}J@!+|MqvThffPzG#Nm}Sugl6**`gS}3FacO5)A)xWn~pZF(khB5R={01
z(1}~Wy9LfRgT`Ezb7m}NIRpH@slS=qVf;AxnA-Gx#B&BoU62m(XA!RwSj5oTMkq+K
zt54yIy`7QPd-z31o?v1qaRDgzf(7Xrhe0W{1ux9AqBISH{Igk1wb|w#Y_V3&ClLxN
zgR<B9JT478&|MXda_i5oRa<`V){VA!Q7~Q2HNo<+ZZRVzRLp5&Om)nNf%_zCl?_v|
z?g_D={0)^$!`BA?Q|k$1>0jfm|1fQn!P2yHM5i|2mtNFw{UeyMKkQMbAK1a<Gtayo
z$vS4YB4HdfaT-2y0n})tWQDD*$aL@ekJdwk=J@r>GVGb(*V6rBba*h|@uy*wv}*{(
zalXRN9kNoE=}m;B1811V={3`RZptRua?jfi2$O;~LuM6~Bu!JOKBGgmBF0>uOjo0M
z<03#&n9`})e0_^Vochewn6XXL0F3G9=o=5Q4W1PiL!iAl?t4iYw1Cm4KrPd!!nwto
z!!cR@h%hRFY<n*TS_JSDwW5B4^zzrq>oNH*LliGv-}sr**9g3X>a-k2lXkkQSc3z#
zjs<zkMZzW+<mY2nxVxy&LD%GVC0g<)#Nb%OBe6fFddD6a&1!v$XcSOqDfdENgHFH^
zaOyO8UN{K)mfCS5qj>(PD(KVjiV2tGjosIpZAUp4bZiao_36aL3!K48BOxDki&fiV
z3{|2h$aX&a@{W2EuG4$bjqm1>bkru>WuQ`$twMu&X;0txt9+@+>U<XRuA!|oFIe7`
z&^)30#0n+yYv>srO_QPiqjY0KyDHJ_IkSyd4limp8};}(v$c)kg50aOp-_gj6o-Jv
z#P&RAAn?qDObF)Sbhyh<DXk=~!m;s5gVH28``surMYi{)=k*F@xW$u?XfD)Dn>sk`
ze^=x$5WZZ<l<AviwEcv_zvqe+MY<|VzI3n_KLL=W9=}Ve($QZZ-C8RR<zxL$Krs3C
zB9z&6xAY~W)&qPs$J}ipd4JDdyiM%Ngu6eB0U$DbdwQD-`LiwmE!^j2;Y5Rm&cMBc
zIW8_CDkl3ZlxZ+t5k_6-iyPP|<1g_r%zo@`hx$(pEP<8m;Nn*5n0VE~`eGA{kf+U-
z<*-Nd+DbK=&o-!;IF2}$A9wUl)8~9^gwJ(HBI!q3dm@W8n{~1nn}Q2Ujyz$hEyf1I
z!<I}FoBHx6qNQ0X%}{c&CB5B^TznH@-Tgnk(2F;IgB=7*bJ0S`)K<I}fBWAquymbB
ztT$}E!>vN6QyyXs7T%r}FJ09?`oeBLP`IU>q}koEO?1XtUKTS<L>3fzq<hz_`&B@f
zTH59D*!v9gGR4zyT6I{ARXcfGk7B-!8s*ZN36ViH!=RwbmQSQb*;KSf`gxZgAA$fJ
zg?g`fq$T(b+Pky`I@e=+Pk<hZ1ikKc50#l3lH8CNl;=)2t!MbkCWf<aQiU?Xj<GuK
zTNjS>HXb5Lw5m9@YHt>Mc?13f3*cQ9Ywly|`E<5;J!NIb7|#>NJKP{8U2{f;fg{KR
zRBcC(H~PGyvx()P2lOMc6_!1?Eo)7F5c|@FW<qT@bRmBatfVS@bQYdB`?g<PTYpUq
z0Pn(uDIysK#;tKjBk0i5NYI?Gq(YgjTIXaX$FxbZ&Zug*=%%7-zbWxGquSGXlVm;}
z@!U2M+~Fsz6wY05HSQtljC?BXjZ8qM6^^^}HZ*N%ahWrg8uv3iEl>aW=37oP)F0+S
z_61nAiZ75LkcMea&G^mI;4-M5q);P$>gmUkY*Z9`s!TPB)~wSkuqh}05_<O%L1jw5
zb(sZ|Q!QA4Gra)luS89r5oS{i8UsGBuxhXmV8Wr}S|4gP=ASHl?dPEBe2Ry@2O)F7
z69ejFFCb2O=kFu;%*7X?u&|$Y(B<1g^3vJ?4M30$5rqZ+{i{*8y^^mS4+)p$wSnY2
zuPD$Tz3UHXHLvi+6lI1ablgvtx!;up&a@en_*!AtL_Ab@7b(k4p&{&<bvxXhRr@l+
z;Mv97#%*Fl2e)y+X?Xxp8r%#vZR8n0KYj5TImE(QA?FVR8O(#~1xOUyKoA?+8H1ry
zsDWl{p0z}_SurYu#O0OWmVq>$&W_R&dyCgA663&p(;FNRvh+)F%uIDqNC#3td9%;8
zT#UE*B%KoSTtWsNi$1tWXQ)V^KtU=fkdg48DJI(1PeyZ;!WETIrgYmXl^b*WB^aD0
zxD1pOUF=)%y#`2C`}kv>e&DqCtU>5}Dk)>X-sJGJp<CjsJjrn1{So`zUgFo!hlr7k
zZb*LONyj`KJ*)Atq`UP<FUmR?(y@W*zK^7n12PX(x_&Ud1RqnZaOf144$Z3eQ<y$w
zAb2(e!yBOE_RheCIY!grwhgGU`@+5s%xn{CHD*8bS%KWRga^a8kC=q{yc@~UTQ+io
zV7A!v7bKa_CD6T>oj;wmzgJ9nyN)xe>fRY6jhg7)OEqX(R5V`DGOp?;X-(1n)C(DK
z)UK;Nzw&-xBH*=%%$U>wWg01FW&um-2JzB0XIZP(jCCPOGqy2%VA+;o<e4I!E2O5}
zrMn#hL|%&n!io-P61>U&{~sS-nlBvMoumYO#~glqxxMqEO{)6%qwX_Fciszg>I@M{
zj^hi46f?)#N#W9a4HOIySTIq0{C(QPU1J5MC&iCZ;7ZV^FF*$VMA;;~6DjX_ClnWj
zr1m@?In0_;jT!S##{=neeUROJBI=mF__NP*$MTt2Ziz>9ao{07jI$dwz-A_+(C-lB
zZ5(g3I$a!z+>DFnmaCq0!$tVnkR4o;%DW?ljm3^@sIpJ}#Pc%Ht#rTsqoh3rjUNgu
z3pjJ|Y?t1>YwrUEYuYz2JeRV7)9M&L#GX1U)$yTmWGz(C#1hM!sBz4+Pa)cp(1cKQ
z%;IYVy)&jPL@_O7m+xWn(9Ha&k)v*=5=!sPcK#nFEb8N19d^eeo(TurpDXzMhah~<
zVlM(kc%mK$IaYkK>f&HYBtl*#!?9GLwrw#=;__01o?5qw`zCa6`sU~*XCwnI;{yl~
zgq%2$;@>yX#XaQa;7V(sY4kj`SQ7~agrOo2BuPQ?6i%nP+NNOksT$K=A5tQw*>{nI
zHMEKSyy->SmhoXR4good!(SyRQK7*)1wd);YQoU3+HsbZlE|l10Vri!Af0<(!e8Yr
zwK9?e?PZhB7*dVkblWd+<{D-~*Ek6%9X*`}K}9C{h_iOj_0RweyM=n}v9fhAPN}uZ
z*o7ZBf*u!FrJduS40UH49B}op1`?khk<!S>m7HcQ{5;)8mu_=Uoz6jjfr2<hrW1Yr
zH*NWk;n;ieuYc{#h~vM#`{s6QgJaw9kE#p^ZVDM~V1!*^!{_Lkcd6@dO1AM7)(C+>
zD7~a{zkZVh1QT;gq@W1h`X;PL(QKVRw^mc~tBSp%`Flm54!Pj+NHmdVw)rVJGBsqS
zWDKX>YJne^OE2v@@02O@9~!Hh4)wjT_;y3a9)w_Hmy=WJE`Qbum)gnu#RSo4&)aZx
z{_IEM3|c)Fj<1H4v>D@@^@-&=;}qw<glC7?-JGcpF=VZN<`O(Az-&#^1WzBm0$g!2
zfvJe0&r-y;%(~dXEWzwnOnQE|a!Q36QF;#ES^+LSgb#t`VWD3EB(re_zR|4bPO&-V
zWYNViy+|Epr&yrn5qttS1J!6nT8Odqki%7)eF|0!#cK1FkZ{M?fS*9H-k;|@0h#^x
zq#&vE?@NfZeP#1KdAgB&4Aj{B;d{xFq7y_;^eDyQ6{A@^9pa?+MuL@W!1a^|pC>V9
zeR%I=yc)W#l=4UTpgj_x^=*ow1ksgQ02DEm=R34lQ~9gCw2oagpTvNEH0{QlO-dO+
ziw5cfWNOA{N*YL#ZXw*+bh%~aIw0WM<z)6;!XJJ)z2yqAN5(D^AR=&a7irrsHj4gd
zlKdufOv2F+&LnS(l=v;c47gVJ>A{TwU;b$+*D#M<)st9yQMMf4n?mPG_<kk+&igzF
zU6~oQ(GWjE3SYtIX3=Crl|#Q8FfwZ8G|uql<Fhh>;ifL|6+qv4f=un@lsGy+_3n{E
zwk*T5y`?el?i~&G2GDoDjIE2|l*Q>_f!ASjmsYFvOg+p)AB%%>7atnVmzof<peqd6
zPXa(FKvMo*=)g@P=l|2#{Kr#uB~a`-=|{xA>XvveN!2ADH4<5)y_bq`JETP2uWz=-
zCecCdm5HPHUf5-F#qpjcB9h*D!2C>Ny{SfIJ!od+=?1;m@$XSKSw-QlmbyscyXAbt
z6sP!^{vCUC$=2K}eZW7f<HJ$8)cU1_U)r^r)odHffwjmi@VP;x27JPViXTZ^HJyAa
z0_C@Dqlw8^?Hi`#7U=>pcVk?rHzCI1@eVQ68<acOOr>B|K+((=3Oj{P%1>l&TV`n2
zeStE)YIdJYe05eTx)`MVyic-FEBZ?tLrtkB4QHqEu8Ity*IX(PFB_Zfu(ozv<S&d#
zOax?Zn65u8q#Jvs_>`NGhl-A}=W;;n$Ul@z1ef9&or;h8!w_0oBpcjw-0HB(^NEe5
z;x<K8cO<7liQ=gXt}$*1>oE$U(Dd2oY~tc6x3*uQ<5bX=0JseroU+na*7p4jPY8={
zKm^2119dqxJ~i_vv=eD{>n=J@nSR$_F-|j?2AT!m#Imo|tPiBeZ?s8_!Ss3@odP{B
zw^vHWF1_lDSL_Qc4qrl)+O|gN@K!3my}8-WTCI*v>jJ1MqJ-DuHMOO}>i(Wu`)YQg
zQ#&xpy5Pc!(G)cZKIIQFOg4<#^vLr#vD@-y?ZcTcVW*aAjH`a9LT##5IXM8V2)KY!
z=&fM){#XC~l0FiP{Tzh--BliCsQrjkSiWAY95}g=&RE<GK)Uez+-Kh&DUYlRczwS^
zXjFCsxGH7j*WcKil<NbOy3F$O%P$B<O$?s^HEHXN>8a(2+0kF@vu@V&QoVrpX(4@S
z_IYYY$k>;0SlFo=l$!xERTrv3zbHq=4n!I)UytF{s?o5-fM#h9#e6XUP5)5VR4ILQ
zPS{M&y;GnsiELR+GoW(--cHnk$4+G(CF9>d>goHx<KV)%7>K<P@5t+$`u!&!x3r9i
zS|U^Zg#^Rn*xA#h5OLA33PGnFC3|xurr7AX?c?IgGlI@c7jXmn-B8J|=?3(oN7Bba
zV|&t8b64){TGf>17O(p34nG}U$FDhOE~McAwJ6^UNY=?b-l&IA80NlgkmrTz+kN(2
zU}B{$v={7xvh>-1<ajM^GkCb-&p>^5`ZPSc*wh&x0=2fgCr3assF0WYjH}w?(H*)h
zlr`MFlT8e*x6!ycyxZS1Mfdjgddh>EEM)k~MLl4+)j>n>p(n<G(SwB&aqin}QL9tq
zx8uQB7k6(;4+r^_tR=}l@5YZP9ZieQ63R*1kvXK5&<Fh9L9I`FzDEoVg0Z*&i~~D_
zhPb;oxFzuyUnhJw9~5er=jl)Rt<qO^soqOIdk>=z!_z4__vM3!aj6`5YZRbvO)9yA
zN?X`qs@9>y05g(kdrw{NYWhfv5iX&~R!5K)2Dd7Z@E})Ud8wKiQ4%8-`YgcvA1VGH
z6_Hnme(Np;yW@S7i1td-2P<MK<|k<8;#ZLm(sxDt&DN;Bi9fYHdTQY%;Ce5F`@26&
z)q<E18-wDu&t&WXiK-kM)~eh4iCFH?t=SA!6xZ8t1*ey=L3wS<x9&+P)O(oL)ptsx
z^5Y*jy7Hs#IBmZE?MugdS}FuqLMPM|4;7c7vCOV8<}Y7NnZ$DE-qGde4B$sv5v1Mp
zfgE`9!WT9zYpKNG(eq;msPw=?ie~AP(U=0?T58D{Fws73qf6d4^%AP#{QNDvZ;a!d
zq|-NZt5k3&MLg8z-nW1h^+ch8FGcAIY-p*&&B7`4_fNB5S3~#i3Hw++mNK+-xtHTa
z%Xk|eXp>M|(x2k?)S=8s25YE9UiB6%&*3xJgG=rpQm|FP&@}$cR6x6#QYM)+7bvir
zmut_IT7rcF?PLoc!!SH;1%i3^nBRkHna$J;RjCtn6&8$3a8^PC%VgSD7N^MpgILa$
z@b{0BGOY^?J=~oMuhR}2e412hchMyg%X>dX&T{>$bNSyQ!d-@U`g}(BX8Mvs^>dny
zi3Xu1_<Rl7qUUm)&ZY^>(3le5Mv)W|X&Vb=voauPKIj0u7hYHjk2BNoto(=Y|J%FE
zYis@{W`Y^s_q>KR_)nW)H~y~qq*c}~3NNk8_%)(j_I|x0z$X?~HONb;7~^+vb`Qp?
zR!A;2Q=zEDGl5V(6|O0<9RPz5)`<xA$vRQsnv2;jQf?v80l#G<XR8f+Zk(y+MUZrh
zD3y7lEph~(FYSqPuF7@5S?Kd2%j84*LZ`lFcjPC995UelxooEvwlrUr-SK+EBnj9m
z*9k2~6{vm>H(CF{0*un=NWA_-QtiCb7)8R`Lbo4r0Lrh`6kK}e*1!Di@Yq1KU1;6#
z&O%di?^o2=xcOEK=V(N??TU2;BGpRI^F%K=1UA{3!N}j<)5ps5_*QO13j<?c$ty=L
zCC%IJ^j@jtead`dXe)SoBq<wMrq!R8UHE|L%Qhs=y*`Nb_)^6wKpa11xC5v21sML7
z3NDaM$qTQRy!xzbHR_O6*!HvL>Iq@Ing-h!r}aO51pd6?y?%>tJ7!if7xfm?QaZl7
zpclVi61BGAz0(fQQ)8oZWmK2t=A)0ccj)?_4;4ga5P@;+K{)60Tc)L3-?bBZOQYJJ
z`!5NmYr=`H^VQ5upo*>cJv*&DiFm{x<nhMtq&E<Sg2%bS)<~{-?fwV_e1~q4wGY5|
z7CP2&1CZ)0LZ($GhsfE7M}w9tQQ1UD?RkFN7AcsP;D+QahgM&|P*}ua8~i=$9MQJ_
zBkV7{`a7f#R5ZXLz7qU-BftqtMPWj@BVi&gt+Q70L!WxNu!dBBXM68z(ILh$M*x}Z
zwf^vQv)NiKTv(8xCHZDLe@bkxlx2_NF*=fhbXQs58`hTCRhygbeR4U2#1jKYJ~*TY
z-9GJ#4<sB218SEF;s%jJ-1m28`_rW|!}Y(~TXpQa4~hFQAn+agrY&m@Oq2sI2n}zA
zE?xDdeUHYPXmaL#VV~l?XpGv-pxaFx#C+93F}8d>sc?Meb{L{+#d+*Dxm$ku>-+o;
zBpyK+NeO>F`+?0gjc!0!-T1tXZzlBQQ@P+nps|tDWO-<oP(pnS+~ucJLcYp(&3!}9
zZnL&{R7puWivR{;=aUZgcuW^&3w^J?n<VK0`{<4uW{-h7{~juLg3D5kk<UFj!gvjG
z9@3x=*992d8l-lN$G}p&i_N~9ncvrShUZtF!f%lBt)FO|{nObg+xKvQxtw$O-NPIr
z<~&(txVKO<?76+juk%$l2d=-12QR0(6li>%3m&EsztL{=Y*Ni=N=h~9y3%(grBJaP
zmFSrDWL4v6h?<M;!pmGseOX}deq+|U@N@(0()5k4grsx+-;T$<v){ISGhs)(A>Mgn
zEPQYWS}?MU-4nH7t1<lPG>DFQ1-u07LMNvlEgbW)N3xUEhp_|tt!P~I&{66R&|^xE
z8NH7wH|F(#TH`w%0k>=IhJR@Xe{m142#G95D$;nr4&#1`r{tY$C7b0P6?*r9Mqqv9
z-~$k=JMsoy-wYpRZuEOcY7CGZX%;A~fA~tAt!(Zh7*2*oiNqXS>uxL}!c?XqeB+C8
zbr$<Q4@)g#`%DO#kkIS(z})V=MOkXlN_<`1wvA^K4Nz`CyRH;SkNI6VK(4)3bf80G
zo3le|VI3bp<y95dPCkNrvkQ0)A_C|DXBh&k&asbjgUJDl?E){BzrE*y`?ckczIQ7c
zH0usc4Rxhh0Z*=>(#8)%=D1~f@|6sr3|)C8UN>#&D`(YoNdI@g-Vssq3wNQ_#$35L
z^{!ljZ^|Ki{}{Qvf^y>^zM*v{m^#z1^Igv0m}$hRsqf{ngc7bHh*1iLbUN9)sI7L)
zWje@S@TUnPPSWv8U#XzR-rU-7VcUcAeftZ8e4cz8taH*(c=V!nCU-1~CU;t5sLD#1
zZ|26FO6go`@F0c3rs@~Jw4|Ri*cLNVhs1redp&|*FX`}fK|7NXc9EKm-}vy=>y&WV
z3h<M7A~fK+0bKf&dIOnp^I`?%%zA#=*sJtH^NFz8qhm^jde0Be=T9$ZR0sSy&o>p0
z&Lx~X`H{fln{t-Nw{PvxsF`dJ%6q5EsjfSc4M0zm^abLf^Q4*)uQ}^EwIgJ1$WpiN
z6W&1y)5{c2{y25p$j&)d72DMW=SQg`Q{ecRK#0kLF^1S*1H(@c@}q5Z=#|rIYdwIa
z&W|GL@9$DI5A|O51e2gO^0EJcOWIp*);|;yfEFE(DM1z7x`F<22<iEW&2PGCX-7F~
z<uo|T^tY#Bj~$LV3h2$CnK>IIFFL0p3?c_yjdjQvJm`SV!;tN~$3W#SkFvdYaXQ_j
zXrjzUr}ya6*SC3}MSpuyzOrJM0;H(dWRIoh`4AK}3_Nz`iL}TyEDcGu3$7MEL^Mpv
z+WDDk6Y7hn9mhn22cB3hcKNo05;G}`mok*G%<t1o4O(Kh$Aqth>Me3MoK>4DpDzS+
z9AA=0o-CrqSQ9rgZLQ#$4|qVUpZ{F^*jJ=Ckd1`N_}+E|iBX3Q&5h{FADP~Mn(1~E
zRmP$1?}!hU4I7=VqYB=-Ey?fU4yd<pt6z>9x6~~y;^>AwJl{9@;l`|PQs$MiP;7;7
z7Vxw`Sm)Dd*Is6y>QvWtSCl-6zBd3u(mC{W)Tu|(@+kM3`PV94pMd>*u7M#)_B*ah
zesc=yJL^Ks5=y0at<3UP&JL_v>IR1Tx8hTGdt~X>quj49!8FT;vpawWI)yzhI}kuK
z1Xk!p;2menEq&bJH5F4{c%m?6dgO|nVJ^pGY#3hUd4W8%fv)?6@w);W7<n;%;|6Yx
z0)g_tV=8N8S_*i+v`(LNOae8wDfWwYu)9Pw+E}0N*9wTgLfS~mmk?6w|0J-0NC&2(
zfbx~M5L456-S@X|_V+Mi*<QR@64rMIezyJ$1K>bPMGn@g6o+J`sC{&5njW*q9c?g-
zZap%tTOBO!Fatx4sk;3MZm4`9>F)>H(z59qoJpj`Y$H5a*dMWsy8(-xvNSJr+%q$R
z2lh4dz}8o}xt|<397W-TgS%Mwjo0uMvQ>kijh4#_Ut-C1tuVqZ^FND<%r2L2!er&x
zk}NBRmX4nAO2>!5Tk8J&H43iPDohV@xG}zVOxKFh;jt%%gLZpX8H*LBs)gLw<H<#G
zAzxod>875G7{LQo#e?eexkIIbXy{>0yH#TFm#Q%urvV=N<!zyr(B3Jb)^ECQ{ycLe
z(9yd6&oth0m0mb-9tZutCAFzqwpP9_<Ds<QO6JWhCsMyos4w$wo*x%E!%jMPzd^t@
zi#oN>Di*<>9(#b9|NOGdhu2uB2;3^aIlUfPs}ZePeuk%<3DlCSdnJH*p{7+$=%p&5
z6@BFcE?;u1>{6ev6Yn!|YTM1ia|fPXw{YRBs`VrY*+*MDI;C760}<|(@nkunF!6qy
zsN&}QO37!l;lOXbizFv3o!D^s^Vjqx7E0upQMAw)=_zW7aj?Sb^%%|{iwvj}NLx;V
z&jbMAto_CVFpi!Kn(sfyE7qpBm<eHk@43nMFQcYwmHtv=0R}vvF;-juua3oLi&tks
z#Z$NjSTZ&WludDsD-NJPM!rf+66J|`$T>NZ151w=ubJA8yo4}Rq8hue*`y390llm>
zd>h^2GBYUPlF&15#pq6%xj!2m&nt8dz2`A~Tf@>9%iifFbXaIsE3weycOxZME4~${
zWRp{`L+*F+K|SlM;y9O&x8p2bRGZ``dkikL3ys;WI@Wv0lCC8$mCXwCz4G2Gd8HI_
z-_sQXGuh+4G~FScI?j{<S-zTmPqlqHyg@zF!`Dpc8GGgMZo9|8{O_oG**kg{w`gef
z#sdn`jW|Dlkct<AHwND(cjqfS13+fX^=hC>E5Qmve=*9#Ac`oj^<;eGV-bPPv;71T
zMMB&-R&V_IjrUEOg}uu8&)@Q!-Bz@?=TlPW^$twcH3zpN@%?Uf`|ej{UtjjU=}OjE
zo!hDs9xS?y@mW9(Q3`@eEGeWFj*;Eu0w;J-Z)UMC2%%|I1AM<cgMdG`gA0e2TeymK
zckW#7$Y*3U3<g>D&Y4eSgIFl4w)b`NnV6k6na=Xu?=?cOwKB_I9ciTSUh>YX+M!39
z*805EB<~^Fl2iqs^kh&Iq^4>Zbo^8(X?-j3X+fu3o{(a8yE~(TosrRjfEtBqL2{2$
z{r?Gxi_X8n{uPFe*eBFtGnMxFPR_Vkxz78$kmALV-%g3FDe({^ok|M1M7lfYS41`n
zk?eA`@UV8FbNNzn>tXm9(4lh%?r_*;0MF@+^KztOdq%(0E2L%6l8en5(gg{;edWxp
zc^N`qt+!W>0yWl-ig{-xpT(-V4xzCo_`$YJa5*2UL*6E5iMATR>ySOzT)$Z!rNe+c
z44h${a;3L+9p`O8rZp6XEGN$vV}lXRnAe5d%#TjKJSnvA$z`lP5^c9Sxm-5YE|cV{
z+oHSrhu!d>vVC<1`IW;D@^w=m-YV|j9h^NdZ=fx7fbQzMVEV4-%6<9v>6In-u3x!K
z4PN6oObuHi8bKz9*(6MIKg|V+TS_`yjG#D#htHv$ulWE9&-rmM%+J|VbWHC$BcTJ>
zF(sN7!)Hu9vV{d-s9$t`Ua`Vjb>MKGv-rx|o`rg$&{=z}XHR=}1^oFz4DgxDp8MdW
zxy;rK&k^_8s8zshsOL;+nXG>8yul-DT8A$z-)x7{AaB{FZN@TosOj*@BVBMqp%vdO
z1rwdEtF~xn)q!wZJaNJE6Ekz5+(kV!eEx1neNABk$U=$_7NKZ`Zpr0+-bJ%ZJOf|N
zeG8mFu8vsi<Mp=*z0vGqb=i=xH+vE`A#-<MTlq+unfyxhn||_aTy7Zh83iwlPJ*^#
zC6&ocB`ZTLF8B?Yb9#OfP9-F<^iVw<v^&(kph!#}tE6et|99to-G6(95wC@fcWL$J
zgNK6F0r!c&^Or*!>l~a5&2L<q0n|ymYqzWNKHo9jy!S&%H^O(0zh(TTn5Gmzs$@GO
zEv(cW4lW_640@ciyj=-;OCXkQAn;gn_DI)QtZmWa7vV$I27vvlSBLd<{9w_zvE7Mv
zO%Q;z2Izf#^-ITiic3<xfUSN3lZIG+QAMrs)Kf2_h}+F<WaWTV1sBED*Jb`T_7PcF
z7-x*&J!WJ8J86ad#R$!;`C5)a%UP9tP+Hi97dm)8noS60ScJ4cuYSLDT)YY72t-L&
zzm$VemU)V%>w$o;<&Q_$H^!~&N%fUodO0;UM}4X~qP$wGM!wATkn!Nc>*}*wnPny&
zh%+!nJd>RR{o!_yT+WpWJ$A-RxLJhn_UC;=D*?S;HQTb?R=mkKzOHq%bX#(_K4E$8
zBhOmlv}OILt}bb7L7RP^o-<h=8y$W>;0G4qCm6XIEFSfSyx<p8(ExeL6nHf(^I3-<
z{eEN4r?9XW7Fcn&{hrJ<hdTAkAj7rB`L9kx5&{PNnX~k}t|_FzrDwB@#e%}|I$rAZ
zi?~0w>ht-f9Ue(9NVH~6gX}9ehYzM$THknFaj+RL^r)R|cl#1rua#r<#IQ13A>k{r
z(IMqit^ps+WYS9*EEH~$;ZG9f6FgJ_OG=j{N9PjR3=Bb4!eLZYX|Q$&s#}6Jh?xXT
z!e1m`KK&6KKiZ_fb#A=jP;B0^dCR|G4G<1Z-f<C~8d37Tm89;@b~oUty)4Ow(A3_Q
zbh~~~irPyDFm-^L$j9UuUI4pNc5V#xD`)D1B>5f+z3&y-X&N+t=y158FV3q&z5db4
zEHLP7SeYvv*FFmD8N7nrS6tdThASgGeBOt@<8iW=l=s|te>~rMOWRf_0z27<!>}|3
zcYC-Vux#%b=_5bVfX{;?C`t2e=E1SM&`U-Al=-X;UmBDKFbsn+VAF0cv=t4Sy*qEW
zN#@bluUWcvD$6s(l#crQ&W~dCxdpR#E!`4ak6fxbe5uFI3Hd^}5A&7fdRD4$v=+u*
zA!U|QcVEpgk;N(uERCAvGImTYmuY6u<ihp2S@FJm!u;J?Thxm}{ToU;0%}%ZJ}V2;
zS%uT}UQfbT7CQJfatQ&;gNAv~naBGPE;l|+ON}0(7KSfRL@^+#LDVB-C&~RK%u3h!
zk+P17q`}hN+YC+re2r~m2TXQRf%1CF$`Z#gn>uT~9I}!gosnO@8m2c=y4X=<82<9g
zDtLl9@T_*ZaFNT%%tsVoPq=<(`OYSZb`!*0%xp}0wjJ*s8Cbyc^(S*?Gu4BZcKtF>
z2z5y_ukk3xVYUHs%4{<U+J=zfVBtb^xWtA8ZNwNKr6AvCSX|t<aCgXHoUfrP-{t`r
z8&T^rDiPo6j{KCz{FTxCr6Dr~s7_wKterpSImwnHK-eIp3sdhPEBY0MtH`;o?slip
z$vb;<3?Godo^yDHr6*;IUJeyF&sxLdPCPfM5#uDUTO+yXg~!l~8O_`C%n$E%O=J_f
z^JcdyUn)iX5g_Fn_-VGQFzg8Tyac^O4BURy-5fFGq;v3a+tE##tM7Vv0n%2=M*&cw
zD1N~+#m|4!wu%+?OkfOT;KSoG&-=<g+dS27Tz{#!k;<zWG<{oUzB0XYY|1y(QFSdU
z7CvGcUOUm^m4iBOHPnrrqh#Z|zl7Y#Jj{GEkzMv-(OGZqTcI5qWaZfzC+7oQj!=Q+
zPTuK5&sO_Me)tuSwi_M4Onc6q#Kj1tQdgsersBe!RFBI~X4az5rfosk?wsFt|D;tY
zmcGpWofMKA$=KHd+5uflQJ0Jsi`up!-yC+I1c#IDwKsLyE`ZMDh4;t|QB)by{(yac
z)<-P*j>5Q>BAApzx$J%#LO@#ARS#vK@7cl`d0A#-cym~UryxoC!Dsv@>%4sY)n8Id
zO}|UYiTv|1MZ`*7{{u+W47X$Wr!6kNPHha6975`-<zg)S)<iFWraZZF7E(7ZfxKi`
zD2MV&VmU;DBE(EVZ+mo%0K%C|cl%BkUPbL1>F8kK6xR2G<3>E)lCM2+-_PN*&-Qc;
zG~Zh+9m2V}#AZykJ1N$d^n$zOVl6CTlT7K!8UjZeIr%28+S~c95Z>AC-%}!%P6qTv
zXL+nV9xOAz${OGXsx(uV5l6)bho8);94%USA<P@RBGyYj^}J%?n+~};Xvli;n}=cK
zrQ>ds>0!tq!-eh~<Atae&SAQk@UBwhO{1rlUu*}X7!P#)-Q~}>Tzvzvo7uwkOaiGA
zzZA~0RHf{aKyrd`(bYI@Ia>k>^bN9PzcWkcRBm>p8f@|*-2ADLck%hUe^k_{Lj7+R
z$MvY~Un_fhEdz9xBB1iGQVz`gzFx8!`Bklz_Qz3lE3YxYeF|WYFaDGomKiYEv;$0)
zoFRj0MzxPL?4*i0F;q6aWr;Xpz#B{TJkzN8<b$f2k~?Y@7j+d|GuzS+*hAyu(Qu;y
z<(jtfRWoaYxpNmnq7HPZN(EVx!CYw|MyXf6l@x=-$v6Gs0QjLSzZX;P>`=v?KZ>DY
zv0m}q&rsr+A(&aFAPa~kM$6U3C>cWIA%S~A>G2e?^vy+nFDSb_dbXkI9ByQr2Gjj&
zr$XuVnBX@K$jy}9Eu19jDdS*@m$s(8ebNje8h%D|<a98RX6zU%d})b57XsOtz6!cJ
zpWpwW0~#B@a{cMt7=?kcDZMX=di(xkZXVI5@Jb|%wB~iU!#NLz4*CRR)kz|H3Y5U*
zfNgL}<d|%>cfzZevpC&X+vTDAG)+P!M|dk{Yc6u@4;t1@=k^;JkWUWp=6Dl6#q5R9
zz+mo$(5>0lhAjexUr)jLogPH&DkV9*XB#`pq=t~Lfq77@S^v$wmuv2nwa2h7P_Qtz
z>U5wSf*tlbXX)#Bd2YN`PbKWoeb3wGr7@zcOv6}cYcu#mSYow5G!Es7zslAr5%kB0
zkZj2HV3hqG5(3(fvhxS<wsLR3a)?!D5xp6{t;lEr;eaFu@B<s=sdFIOsCTZ)MhC*(
zdLtd+S+xisV|cH7x<)Wb?#o)Xyv}<r>y%89QE2Z2>0rS&>sBSpCzMv<LW0vY;D6*#
z51n5hv||6MNH2(HP%Og#X(Ry1K)<|bReWO5r~aXwD3^dNGH6ZL7oAWL{mgxCT_cu_
z@CUp~opFvR4=~|e6M4nq?xl}3`4XxUTa-`g$8CmrAc+dM4q3JKC^G@ui<X?`+{1jN
zG>{s$m=X`lEd*h!r}x9Hh{?_yY+tLavC`MQ&Gw5+8>Swvv1yHfzSlw1uR}sjLWdz7
z^vJ0JFsU`t#0m7o3+HB1u;^CM({}_>kJAFeOC^(r^hC^41nal(R+W?_Bw}_C5(fnn
zm2&hBV?bIhp6r={F<b|wm_5pF)F|k$;~gdg$-P~f`b_t?(fnckArnVI6b$wFDnik{
z8=3`JWbnI6oNMV0ub%y!yL?COfJPmTE2M={eV@MlyYVFK$Up5^H*C30Em>PvatNG2
z(YjYDe;kE^fmfp&!wVw%b3LZ(F3L@vjpcdbkvhX*R<I<{I+PDc%WH2nu2g3v*IJI-
zBJgNguJkr&uQxa$u_7DUbnMyKnFUEGl{9Y@lFiUa_~5)~n?D>pS#4DPjhLRxv$J<8
z>!ocIuwcHor2&JkSFQQ_pvItfHdgtp4*_YVpupy3lXH*pOepf_bxHakUc~h#WEL(V
z%2Z`ozpZ-WXRvPiqC^^Lg3!1z98k<HNiK8~Trt|2`W9ADf}a6w>bnxiPYb`h*=yjT
zigX*2PNlINj?4qYf8_xz2JLhxapH>#o37)<{IOksY*nx!KRN)eg14}U(D@Rd{x5qM
zG+ch$++69PmVHUMT#ftnL`TE`TebKR;TT+pUJQ6_B?;UaqL#N9{_X+{Pq_uOGd4l6
z?!Q2L|6Gg}fDhgu6%~K(p_1sCSnLRt4wdCAs2)<J8{seoMMkU64KwYw?YlgPk6f$X
zU#&Xl)2!JL@<2gegrM{(A^`3Y?eGm_<;Er|J4p$fHvLKkCD26Un+&C_86D5032(7%
zHC7a+z-DWFKLXG(i#xNu2Mtl4>E20!xQW%C#hNpH{KE~?DK#0zdVkz{m3!}Fbf?kH
zW1+dvrbWs#dr{9!cW$)#Ge;7;cF19Ep1hK-;_tgs^$zS~QMQYbuemAwR`qa?w0fUQ
zwb@RQoZJJw$J=7Ws}4SuKD%9sl7Bue`dIZ@(!oMTKc|QDm?6NIaS)3>`BmYThDWI1
zVmMQ)do(fm3#;TZ=niwFLAC>}%zv<6PdX|y;ZnO)@7H|HOlR1b3nms3oS9?KY(h77
z1!yL=QpRH%0*}m2cP|vDbj%%fdwz~Xmr`A>v^HnS7y2+Ev=e*R{qN)BzU`*l_H7rz
z#~+id(QlndEI9e|lRmnL1*-aUey=jS5&zXCdmyCRAx%@QJH<hB;B)=)$Rv!_t0cFv
zrEf{8U4m9?D^XbWdC?7Yw|cuhoNUdhk$5>df%`9WSGneM6l+(f4--dS7joE;Meg*f
zFJwh(HD$H=(?s};8+?gtxI)_&K2^9}_I7%?u7R1;;bzoUD0{F_mRS1o)U~pO9p)T5
zk!4FOSDKn|(?3@qAJAOj21W-5$dJ!vLzw=4S5EzzQ-+du4z=x=b`Len+6x2r)(pRp
z@>?e-Thznr?c{V>FOUfLJ<RgM3qfkB{)V)mV$@8xR#>?U#)6iq{nXBY6=w?>D1sSt
zn8>k#!r{*A1ABNXZz*MkNH`kpTwhwZcy4e;;_dwOD$S&(X#2*9pC9+l_om)Gw($;l
zyt=LUuu)^1U?!vLpJ&ic?oGXSY-6pNh+-Q@p|*)%_43ua6`})EYT!fK-3uG{a;~gh
z(|~{$##ZJyt$CVF=hW&Me8^b2@@%aer&`mpmgr(1e#L#EWM*e`MUa2&<>t{K^{Ixh
zi>uN1SC@U4G`9^cf4RBMa2{hwV|za{XWN;(Zr$l?5#(o~8DBG8eYs(gu2R4FfbC&p
z#6*`rZ-guIN8&xg#V(KBunblUuVXBp+KL>-E)0hF)xUop<X3>Zm+8|L#|YJ(i2Otw
z3VTeNyqQXdBy?aED_qg&cb*}6BnLHbkEIs%Jb3F&Nj?nAIr1zuBy2_0Lo^{boYVZ0
z%ypkbkhQrD-!KiF$-+%`B=3L2>*FU0)B7Ow{&{SR5XRu0yoa*FDE;_k)9>DY|L*I9
zb=RmO>&7h7`uI`H7uFn7`mk_8`qipb_?Mo-V}4eK+>juvB1wg0B3W?7y<zdsn<WmO
zPw!#6qLEpNK8)kG;a8R%#+D!@^t^j4ExiVJn<9Tw0|w*lPcoE?mb&uDD77TPsgU37
z$#3k{>iw)zh_N7-;|jy76$9+Zh{BveY*1*~c=c>;NY_EPF!z|8rEjqF%^$EMm9%#0
z@V*BXZcmomyWaTot=;B&Cz`U8dg)F9n8nG9cK)MmkE<`Pynl@Bi?g#`^8*XeLhx%`
zFEG0vvy$d}lEdyzVAAJ97}mclecz!Uxe|YF{6AY&T|AI)IqjsDd=@MVW8>%Wf7f#F
zI#-KV6an#6cGRTAh~j%+#KOSI)d{JPZ>{SgrDHc|mRqg2YG)%wMZFgeam#H>KHhT8
zB3HeCRRvzUaR=w!*pl<}V-p5ZnMJaU`_xhCRDQ!sV+p#Q$ij=d?T$}zMe>+OaXE_w
zIkH{hfITA2MWXPY4|Bmaja#+wnYIBtm6Si6ng{J?<~f8dHRDGd3a?n!&9@dV)x?%K
zaLls@`Uh)xg@s?Av0TbLm)P6gj?8{`p2u99n~Y@ps#5FoL&{OZQ#Vu3qcbNwK8RI}
zyMzFC(wObFqV0j28-IWJPn7)pO(FT!NvFvffk`s%=O2Ub@o~4J&@s%6>d;>29e(W%
zy!hLVB1ayDwbw7k|1yLS(;Te&!bu)n&ArEJ_Xri7o`8cT<G$X1_luI1YxH`s-^eA1
zd>Z&?305rTk;NPSlS#hnS4PWHJ@PP;P?!>4nwFZ0u~2tHfH?8#DsPyXsMd>hTxbnM
zxTv~C-w0Z^(|2Q{VlN5wsHKZtfuAqhMHjMqY!`0Ug%o`ev?$$NHB*H9O3t5QpK0JP
z6q8C?^AFE0%tI>M>HJ|;H=hN^9p`8}8<>k<Rp)=&H9wus1xd$@B}II3VAs?_OU)qv
z?j+%2e9c`a_*}Vuo#eh*qkS_e4i$%9f38DPnTf7&i+3I4-H7!0rj@Y%(6MoA%h-aP
zfeAeZrLPr1UbfY2VC200bRG5;X!hCc&*$eQ>KzWtgpW*gr~TU3?mf{Rwkv#b8Pc-<
z*XppY@r6+w*$3~hR(^Hq<pgn|>1uOl5&LS*15G)O<3d2{y`dLIWaizh!d$k);F!l`
zg0CP^qW~Aa(Dqrqp`hlbeRSGr$p-jmtq;THbjPqdtA%KfR)0$?z4V)khv8j*1tDHb
zBfP+wg#}IG^4#9~EA*YB|2cMr2kf!ElHcDvc+bV%Y`aa0h@URHk1Z0Wcjq4*TjnWZ
z{FX-IhYa3D`Nxl9Y}PnP$|MsDAxoqF-sHB0xlJL}fqhyM-@yFkNC-oP++DzRTxci9
zfLBejsJ**e^4K}+op}tB{hs4&4>x^7DBBzpd#x{q%nB=5iq1op9h3_<u5cM!*5kgl
zs_)6GHMk%4jZYkgj=>w>``Fi~%8?U%yK-w|!KWP`i+43ovL=TtCPR+ehxvOqS8Ezt
zRBMtGtZc32LUNOO+Z`6>hysp%Q7f0lfb=CgK0jyi|0sJCsHU#%f4oxqs*kn~R47(K
zt3scMsDK!Rq^+|8sin-2v`|4nL<kTdQ>krLMk^wSkkkPp28hTcLlUe&L?DqdB14n_
zfkX%)gv`nR1gk~c-}}D*T3uZ?n47!LK707=>D&|8=10$SJLkGJM@+e>+0`PfS%*Vu
zC~fXd0eQB<@Go^Zy&-vPeC>*F2miDu&o-<&1YZyk`igsc)z!Hkv!E_RF>ygd<*m2@
zKcBCe-P92>$tO!vxQFg*Q>kFVr`6Jb(<?HRCjWNTjK{m;j{OT}^v;PP?~;b0+p=lz
zH9A2-$g!WEbiJ_SZ*{$c<ewO`MX%%Cr>31EWk#COA~Mp$wh4asc2#_;>#zwW6c@2N
zn~*V6ZRlBwpXb3-^l)kOntNuUGUL>ARAKj=J#!NkHOBW@HxQ;iF~kucA=g?8CilBX
z$NER7v8b8n5j2ih0B0%(Se2{-f^5t~noj6@zDL--eYF*_^JJjafX{*>*8Ae)h9j%r
zRE^W_>r(?+iKCwbFXOcIhmT(~%X?qr=)Gm~-k%dmFC2fMI~0p@eIJ+4qRNCLCrUVX
z-}!D^bwbgQhJ4obMXJa$iptA}+8`#J059rVG8qlM9-RDO6Q?J4Q~06B{wR6Cgcuns
zA$h1mNSXZhRD)j-<)d^lhm7;WV}eJzQTN<;d)tT|N$Tk@v0*_I)h>PI3G_ft_g#)i
zJ$h37F$_}IIeNPkH9vMWP7q)L>u{(l<a{#vduycsft-3_W!=AGgLBSK-wTQ?_p|xp
zxwp0&E8Saz91kF{)^Z>Nvji`G1>?ZzS|lz7-F`wa!P#-6V@Fr;!ruSeaMhYOnW8rt
z#8nT2a%6%(Lhrn0$-=kqEzMoai6(7#d=96yqE#i>diSeF?|6yTqu<#Lk7Oc9QKX(6
z_C5mg)`sQv;+&n@CetaXqxhqcg5uVr!Jf#HW`n>AuBqp4leVa+W51$WJY8l?nI|$7
z?FqmV3JLB<PD)$haN4huSpT97oBG<Zrkas3O0#vL?8ySeYeEN>hH}O#_8-Rf#%OMv
z6wT4MpBaBr9rK78)pt$ILqfvFq8PED``VrFGpRwWX4jN0u}C}_+OVTmH@d}`O|2dg
z<U3bI`SXvM?sc^EPdrI+S9HopO4wbY^jSM1^gz-Jx0Q#6U&FP<7ecEUeCGDlz+sV)
z)Oq$L#CrwwHqC&RIo;RB;|`sObU(xBgQ{uxN0wdn+vpbF4f{U{bo7N;NfjwIQ}n{#
zn{<gIX;35F7)v+td}4c}A4Dj5(ecRgmffcQj}>NT=xNMP$QGp8DgGm_Lh$9(G;gh4
zU+t~yF<x6?QfYV9ZM!&eMc<LE9H{Bh$N5*QF4KmGt-_ygI<U29zJC14CtE_L?zSD!
ztOwO2Q<9qFV{CY-r_LlbHn2gNwA$9B2B4AyJdTi5NmBhWX?DHMTRYoJw?PhcDQ*Wc
ztHuD(Ls5Mux-@!&=u&S^vT>eG({=0GEugpf*sY6f>MJjV_%wObzmpd{ba@*l`ikAd
z#e7@w#A@aOyL}nTcp7)?$Kf#4$|W5m@9^t8G44#u`Tm|}+M#-2fyjgqvg&*mr|+wG
z{k{BTg_F2KU!Sj&Y?e;=vBMagn1J$m-?7HyL=@fL#rLKMlU2SZg6aXO2k(|2Vn_RO
z+R&@H4&_+sDMs2Z1tfIIulpgg-rG-Dmn?}LewChZkDR?jc=+=lzBDRRw;ka`gjEMc
z_GYp1VKI9`;xb6V2f8tlVXKd#16r8)Ouo=3$}?ijise#1Vl}MTiASZG)T?1Sf^P6y
z_@$`oHxy%qK~%;UJO7l3Mu(L^dm`%c%#OacJ;F^F0>B-j+{S#MJoLPhnsdL~{`j0M
zg`9U6LDosKP=$;`du;wCSJ<wtBVn^^gjoLd5AaDMqxC0Z=H4^R=)Vnz6j1yGJwfj!
zIo9!5`(5e=S&(WjZo<U6o#<87B%$J8*d<Xt^0f7~jN)t&FifM&nxv`VXTpHqu6iD{
zsB40D`APpC(kwOKo*oogkC&V$C?`W%Ch_NxlR;xE*awGq`b|kH7+trKA3VyW2K##@
zWqPyAQDYG#*iiM0QI*sd%FwOb<EUxk1t{c~q!>o!B8T&A-HJo4i?{vYAz)t3pYK1~
zwqQI?ExVcYCqo(%4YY#2)Sy2G4Ss}ve=24u=&aUs<B1V3<LQxt;MxAWSF-we-jHUM
zaKjLM?NGdcZQ_8Phu?eXOY_F%`QYZ|U2U0}PA0$j?E4xB!+Cyp2ZT8m!LZlH?17G{
zYb8kINm_<a$d}FSRtPA+t%*Z-nomD33b<+SKwph4FMQ4?v9Bm!RE=P$NgRI9Xh?QN
zP<;sL`ypO^6ekL*5yG-Pwi=6ur;^zB$;wJD>N58TuWhusfA=~x(y1>n%Ofqa`3b2!
zV^YZ%`9Nv&*jRkEhpv~Qc3ci8L0$aS4{ZO0B9E8eBrWEO{yO2FA&b$By@xBRSdkz%
z?E3zdpy>V7ryKNEq`d50tMsavv-5<^?Vh(Y4B|Q=JDgCrOkF0vnup(7Ibq}=KVMUz
zcN_BWj-5fJaXTVKsB6EXN|cq<%RA!S8h-gV?%4Z`uDYnPI}QkcFYUZy&#odx&aMgU
zc<w|Xs)U}PXu8uimBY}clWYq*x0NF4a!+?i&)umt+~RERi!2LD0=}ikLDgQ1*HAK0
zc2Nv>R>jo;%ui5U0jgjkM$jy+iOcAeIyiuky!(dF_&rvC9XV8oZJJYJC##QRd#DMT
zhmM+wprUQVLAz1|^D}>Gys_y*(c*aJb#yZfNp_?^87s)#{-Hi}Ui6>y5d+I6x3mZ?
z>t_WTALI8$(6JvS$I)s4;k%2AjYCV8sqz}pMBht~9W*|dI!&oF!6TvT#HeFun%@T;
z`DMwRIkIXi^aA6>C`YTvo%J9yC1{pc#v0p>pkHRa2Xg1Wg$6x}%JzUl(?|&lFYz4l
zT`P5+Nbixx4{FVYJ`ITaviJFQApurigppMDf|FwhDdKOPOYNNABPe0|El|LQB*n2`
zGx1~Pwr3;9D%lh0+`(b80Fs$H95KL~Y~hLy@9^Y82@Z3AtnF@_<MI@@kGC=DPBAPW
zXjvTcRxGM6o~;f4O@3E3(q=XAw!|!?7?=mwuRGhgcY{8sFm~i-=38GfPS(Gem|Uvs
zzgpthf9f0Ja=T^R%rMIrk*c3vU|BP>PTujsOCE4w{vUtIr)1zPN$2rKHX$}*+>#{(
z5SvSoyZt}8&#vvydhY|8RXN2kR!pPsUzH?)C}!eVctuX1ssAk(UR#udCC&@#+LJ4u
z^B5w5cQcDAfnx0Tm0SmLS$DYWNPU@iV%>N`i=>;PEeN$|4tYoNL)NX);o*-Taq;QN
zBwl~_5!+G$<TAN>_EN2vB=1(#2iP9tP;TyMIr7&y5sB*K4;_i@Eygij*U5fB-r7V8
z=GV8@q%gTvTA6N$aaum^$mrjD*WzvHl3DPDa`{47kkF<N0c_rd|CM=Jv2=-H(1ttk
z-?fQZQ8=OhS%@zoZ=X(S%8t!jrXqGWHMDA>&sppr_Hc<gr<OGKj0&H2STQi$j{%Hb
zoS-^xuNulJV)blY|GT#hO^E7SMU|N$Q#bWk^Q@y_-ih@sREt#d`Q9wv&N|I7dH+f~
z;_~^Nxh;GI)`Fa`teJB9kWwc8ttKKP!nGHcZY!iGkzAh!-*}Y^$m7jY6Y`YZBrXCT
zlvFxvGqmGW^$=TewctHp)?_jRzt)afeVm*>)gK+eKiP&XsQtY~aTPAot<iNv!pZ{I
zNxrwUbwehN>XvI+4E(Lo!P?j8S8rIVj33HhtJ_!4I#vKT<@mtC_fK_vCRust+XcmI
zJl`0;v%#`cHR{wc@?+WI?}BKSqIHsrC-;BA$O`u`x{?~sYii~D1`EaNtv^o0ZGGo)
zRzo1C9*WVVcvqx>3=^b?vN@{2BVv4v$-uslbZ0U8Ix&8V*_!o5%<f0B{o*l4UO90M
zQiBepnhdo6VumG?c0BLIbXg1Yd}JP({Jk|(NnwE;<9Q0Pj)bFE$CX->q6PPBck<;O
z2<ZdvWh!pK)0s9hhH8hqHj|zZG-}(m;u}0~{D{<piTwol40|u7KoJjpX@-ICU7h^F
zt~a5}v+Siml($(wKYAK)XW+97POqK1$Rb(aIdN9R&HIgN*?E+*42w@gWC=2Cw%mE=
z8oaMt(I3xsnWFDs=YlBpbWgPzH#m0{uKT8?P@HtDT+p4HR8lAC=6_{qv}Wtc&k16+
z@ClScy#0}z`@pm{f;G(yWqZTzhy>2swupR?Zn7JO(8{ps-HM$?LE}{%D+U5tkTN;Y
zMW!ZvP*+AyEbtZ!Qaukg1gl(!S#hi3yijXIKF&WLiS508?`aB}JLgk-M1-Gns%DP{
z23m<*{InJXb+mTb#>OD9sCvVg&)!`60&v@=w<I}VC*6Ziz6t8eE;c$c6diot&hyj1
zTeeM6?d#4<r_o(>kOw)eE|Z|jA}IN4*Jo6dcS=TVN^&72n^=X}G+UqP<tnUx>v@`5
z14bgAS@8oVHq`Ea4-;G<HaU9kKmO96&*$S@1*wyH!F5^;LM)fQx4y7+q}hv<jdJj!
zm1&jjY5baz?_FneCId-!2r4#-iVZ6fhEJYHSR#g}`2oG8IuuG>IqfYS`<zzk!kz7g
zH=i%|n-4AF6|;k($Ms><HDqX#f+u(abDKvhsM?74al12UA1CjA1G2wzFafaSw3*F%
zK{(o&67h!P0Yb51W^S_kLASph<kVMmOCcr6?Fpy6^t?3hTM$a2%J;feGCn8!7}<;)
zY7q^;n0L$i4Spm+J~@NWZK$w%di!#MQD72PeZqy@pxmjQwx*&A#VezZ9mwQ6Vpcgq
zB*xSX$?>`F>lsvn_+*Kalp1p)D=VQk3EnGQYmKBqC9C6hKYrnsj!Yj)#4CFUimtTt
zQDN9#5|0dF)=}3|<h?HUy|L2GWT(Iin5M2smtqU!AFZ$jd49o@+AeE)hGM&uSK&*}
zY#Y8EJTO~>EKz&rB)Sx2{+XqI#fgQCwZ<@JK})9fAz;1h^~H|(=SH68>CHnb;Wn+=
z#=f&ZtfE;yJ4)`S9*$F0(m(&PW$PEYVoM=8WXaF_Hw4xB=5EKq#YkNcde7tWCOT1R
zV6eo*yd>NcORee}z2J>RsaXX~-SnjGqlSm@d_R|JWkC929jg3nf;y?RYt%N2gQt$k
zL2jBBKeW4`e&5ynW)`$}Jk-^Nye6T{o?o|3)U#Gdh&l#uPW3!X2%DE4ukRY{ZvM7G
z>rJ0!B}50w?NlT6NDhU7f6}{yw38p8BAyw?a%=)_B$h=k1i*{Z&eY^DzWH;tjTlz|
zU59z8q-(E0z3RYv-iH9W1sJN2n|fu9);XRZw(31vG35lyl3U6OtZ#s`Z=Mb@ptCPX
zW`4~wr&%wotWbJhJKNn|5_Rn7W|N#Ic78UeT2@H+GdZxEc?zJ+Ppuhc;?;zl)}dxA
zljA;y*L1|a4G8aGL7u$!^Sv4xqCgne1b2%J7Ue5!Q~_#Z@7dN);iZs)IJ^g{gkXew
zk>iGBDr4#V*ap7~zht4B*|}@$-EC96kLH(R{-7tgI$0@-5X`c2$<QcjP?*yf$G*c5
z{4uepW|7cscoDY9I6PA>1G*qZ^3t~J|BBeRp8v{0++Q{0y&fz-WYy3<TvXq_1|GEE
zz2e+=?jzKZun{-yz|Op1*0_XDT6ff%!GU-4v)Ov*^FKcOX_}%<Lxy3!oZM_u*Wb2%
zy4E<Io02uSI)cz^HFQ1Ady;FA0iE|?iL|441iiJ>sgr4Bv#fH7Ew4s^>U*Af6ofUA
z44u5Q$kt1M#&>&@$WMU6Z09Ma1G5kSHB7{<WhXF4!rPFVt8lz*yXk02EIuo+SDY`^
z_MUd9b%mMKZf93W{#-Wt!1`a_#-Pu_^(LS<;L!)8QsYA{i=h?Ttq~c&<FK}h3WokN
zwOI_@_G3twE4hx(ky(PmtNArge$R+>yLa_Rk=UM}q&~viYZ}E!3(;LnaOwEvy%Bzp
z(bMoH_j`KABECN;GBVEdbMV5eF{B}O?cHqK$oW>CzCKpO;?yD{3dPsZjINXQWt?J2
z_2VK{=P77l<FR0Jaqs}ndyPdB-*=66?os_fH`yre5p_hrdYllX&#|bsN>%4=FDezz
zFA}BM!lX%{9AjnVGu=n1ey3>e>HuEe;gqzqi2nK6A}cR(WhPA9cORAi%eIG2=G&5E
zUpdLw4sao2d$P1a9hAe|^~c<&Zvw5ETg!4cIr?ftb#oRjawA*ZcGRljQ7m%eevPF%
z!hjgEYPgyyskn750y|M{o05ZCO+dnFUd`<H3{l6D5p#2{x+{A{!tpFg^S`qzIFM!n
z--^r-bOw*bmZ`eDg0Ca*KHjgn(p@e`kSmXu4j{+?jKk<tI@vPJDSIP3#BtY)9SQk1
zM5k_37qcw+u(ewQrVH}x`CqJtGFjg108~p&l7moD0#xCwg;3la){-+URHID@i3jKa
zGTEtIZH&TScq7;X(AqgS0{|1!84F$`hT8JatXQ$^CV54|O+BXk4RNn>-5dN68868i
z(}#W7sR-mAtk9q9lsiK`tQa}nr7wb|!cMR_h7GuoAbhxq-`p>jYA>-vIgCfLd1p8B
z#|^{RF97<dQ%4w*lgIw8+bNA$vY(BSv}P_xl`}iSj{T8}x#*!CHl8}3J2NGo^}Y2n
zw`79cjr{eze6=pS+VA6^P*hJyeTeIm(h+GFu31v`bs?&Vnv^H@q%c#PZ}N=~>d~h$
z?Xr7!cZx-+dNd|;AU;q%+7v3tm~<fp$5-5APY6C{gc=1BH4a5UI-X1}#*Pav!r93n
zZ1;ktc=o+9@D68jxURsz9Hz60!K9tx@a|;4nV?y<g}Q*C`R*%PO5Z5ft-9N0*PW@n
zV7iB0a@4V8$#IO>WF<fj;kSJJ<4)F7^U3dhpbxBE9Hrjkq&%aKPPrTTj3Z-fRq%fg
zVMnMWb-QFuyq8PC9LR`1R^1#L>^lYuk#dmKI^F)>dPlMnZTj?KFY{YhFL8yH)aLet
z*d9_Z!m}g{?8Xf0R9elgAGVo)a}=iq7~W1hewh^EN1FxaGPVWHP2rH`M31$|f!PW+
z$BSB+gA`@4d)84l_9;%WI+}Odv-kCuf6{Tik_;yiwbxS_?LDX;-msXR#t+|F1gyW*
z1MByr&ARrzMAOn$4<Ek#XM|O9-tL-b%|F+H%EMH6`(do{j0dm2%k>%O2U>uMQNxi2
zr`f?`={iF3*tEe4qxDIe6j2`5k^J5!zEPlDz~F2tWp<BF;4>ys*IMnS8a}c#sVl*8
zf-f>$-BlG@AT1Ba#5rkUw)}vGAlEh_7E>UfM@XZV90G%w4n?7<1SpTmHn>RpWebf(
z6jkiNUG@lc>7NH-2hAH2SU+u*0g!_<>;*0#>qVb+k}a4!CFLlb=nP5N6>%-K^pz1^
zkpNrz!=*P221tYH+Xoulo)&{l`;1xgi@y*?BY*vOvuZM!R1Etn@ZNc;ZknSjexMT&
z=8=0ek^}Z3L3H@DoRB3yYIfr1$)Y1X%wep}JGqc3cO%c~ZGx{Uwp+hGTb)vKYivKA
zBBv4MEGK&@W}VpN>k^Z?7dx(qV_1IdT#!_?i<y@T!dj>%r(cW(^dfCyS7rj`kYeDu
zFPgc&4ReztSIiiK$?-}#AA78=V~S>H`un%=3V5n#h~}yXOG<O(^-kuQ%fdARr1sOZ
zFcn!h(JHXDNwn0gwv1lzAiGyS)V+a=ULvT*PuBxH9rccYa?|zXUwW|st5TQg&17fl
z`S`3CdR{sw&W=7KL1w*?6D5{HTi=t7HLA&9<0lP1Nd3wy^}VfMT%dp*9pV_I6hp@A
zYu>rRl<>F?Ov-*UY<jC=XP(AWJ^WP;OF)-j$+ESi$jgS9KlFAZSjRPD_TkCNRjf~j
z&;=MBCBLPz&eD<OtRj=Qo##AQoAt{!3d4La4_RcTa=`<4gZWi^6ejT}zjs`FeHCSY
zi1v2s{u8=0x>h7iEuu?wu!LRB%?Q`^=5Ouv%a0uR`i)qW-YRyKyNxe)n&8?Il%kVt
zlFFYn->knlf8}suND#4K*G?pAKWh(Vf^GNMsy)))qn4%+#^AcnZiUl9e}&dUdj=Lg
z&LoL8i?LpiX0+ykPJ8eyLB~}Xu}!5uPab%!;rgi`ob8lr-`7neciVjT`;MnXs^qxs
zr;MBmj?SK6umdOLWr|K<ZCi`Ev>j8;aGb4HreWyP?c$S0Fs-@rcBc{DeXb()eg0g>
zi5PdTizP#3q4|`YAPcyHVd6ZQ)s=YIR9GzAO_5Zz70l5%5bifiWKkNbuH}9-(wPTI
z`%AK4!{^42k{>Sk%}08MWUsXR@(m$q2s3EaeP&=nyOW2l2{f~q=W0co+6N4ow^lt#
z{d#xE5zUgpSGfTDfowM<)H<Ezs?O0YWZu>Ngvm^z$-9H(-dg(Vwh*<gRxN_uVU3A&
z$V{|7pKOs{I#=w;D%Rc5F}cv~spfUGv|YG$6-2hS?Sw7Q8tqtK5;2cFaFw2M#aY&G
zMNmZLC%7Y-?b0ojh;Kk^QF<<~?yQ$A0~H6W^}d23i120nhu1IbBvUT)Fij0!_8n<k
zP7;Oj&EB^ohlZ`m^4Gytz!89*w{2d{cr6ZRLEcKwuSW3l=NVbQZU(6|Wtos>0>kFm
z!6qv%X)rpL;`$opksELxvxx3Q?}5K4q+{?VPEB-lLf{8@zD`>+-7%JzJr$Vc#I3QN
zEybuVVz@WPNvHC3u^+n-I^X-{wYzHkbn}JLH>7pD9@@Qg@qwP8d;c;p+xzCexEm03
zFs;?u-mh{vz8h=*G}Xi}KKsk2zpQgS!)*o%E)r%FV9bJJuNVB<6ktCx039w0<ulZG
zM<3R2yzuA^Dqe*e-tNzg&OXS_-2UM21#Cdz?zJB!zxwJM_n+1n?)*b<bw^<xNw6~1
z0kbzi$c8%y*T2fIzouxx_DDe!$xFCfmIBOkK<`-lcYiJInRMl$qSsrs_(EuPVI}BP
z`t!#cgExW2XNqqZ@?U-leRzG<+bDX0Pi3Sp4t(+^Z8JaWgNk?QyTfb@%}tYI-@=nG
z*ZXpT3z^QvWUNS#>GjDCd1mxwYVWOY+`}7~El!~SMX`S279W7JcjES(&(hyuie4I}
zD<7Wwix00#S>P|P7Z7z-@6IAeicQ~G&e^@6y!~Sf57nm<7J?@IuRi-wUj}kC+!gkk
zNzmoVP5<|e3xpuj^-o^I*r%5=kcPOh<qcVQB_MkH`@!GZAnu*hZ}ZRpabKSOg%XtI
z-eMT|_}_SzaAjpkd0X4#l&Du*|C*y;EOlOMFu7?_wD_89`mph5K%<d??~A)XuKLfL
z-+8vf_>k!TSV00wFC!|f)NcMY#j?~d4*V~&lCWH_;+WIF*)_eqSG8>PEf@T95siN-
z!|SatJF90GyQ=-rSI^>%57A#geeuPc%J7;ajW;#|t+2(lu6ng4Z>;kFCDKci^}h%8
z0?eBAp#~^{%D=fu=r7khyq25SlrEOd<@tbW=NY3*^Nau4{QczEx9q|{Dc9LA^`*I%
zxI?CYl6$(;aA(<DG`#%yw}m(Q>#bnaYIMqi4_x{1t*q)xk$5E!Z?FRZ#GmwXz3g_Y
zLa}Vq&NqeRzupLbhXa51VTQi^zJBoL-xvmn&DpSm``?z(;G{PNalf{{wN*1A%Qj*D
zLDqqVcx^eqdKLusDrU#+-HR;Z-i;UVi<$rW`n3W1bM@QxlD+97?<I9iptNu9_McS$
zgH|?Tj_NZ}14l{8j7-CwZ$qq?H~wvl{*?79eU$d#`BQ3i%bN!5)u!+M`AvxO%GB%E
z%{A5wCoy2+1G~4ksn78GUtD;t3STUJZU4$r^%}*Iwx4*-5^#YqO&(qLwxH`*@W#6J
z6++-=X73hG{>hdEwBa|9w`tJ-@ZV)@=7OHnd+AP-HsGIktUN@0Oa5Md{AaV7@Q&Wk
zED88ocxuCqfAr075V~mLdPzyxy|Ep{#3-At!+(>d#;TPM6Be`L_4S{UGSjE0+y5Z(
zr+=jP?LRIyD+wM8-tjlLMLjDCi3aEYCkbn`)~9*B4RdE+^123?o!7K2zIa=r7gQ)m
z@8Q~ZH(MK;TPDZ8)m-&YX6MfhT_DZQz`ORz*vX$E|4ir+1GAUKsKsms*DrPQyZt~b
zyuQ8uHVSX#ZN9+z?{-t<ptk~4Tf)B<RS!kR$!QM%w}^?})!%DT7Sr+y-^f-zTwGxM
zOS=E2lZ~tO+_J9AH9G=UA>4f7Ra5hu*69BsnppiNivugrL(zi215cp0uXS(nuIaCV
zk~lxrd-NN$*f8h6t?}8E@uB9$`||qw&lNbw>g~W|>etFQRf74&dYAuh1;EqIm+Bd|
z-t@D`*SIIZDmiV--^lnUZH~&(`-;Hf;y*hn(!S6-{!cgR)n(>@9ua(cKkw#-nZ#wA
zw*AjHE^G(&t7p-Ga1g`&vvZ4HaR_*uH$dUbk1w~6^92x3#Jf#5|0dgxhu7Esclq3K
z8UlD$oA2qo_<QCi$+5=&@VpI+O#yh?y}jVc)9cT_qV2DO_*<m>-IO&j^fIQQ&6_1I
zZ6Fx#9C<AXi!c5r*9-a?;G(Blc~m{Jq-Ep(KUM>;jx+lnY_zSn6YuX>)@S9pf6U0f
zTDP?xe|g7$X_vp4$`uJNh8H*gUxdu;)>~ch9^Xl)S6>B#E{BHR_@!5Tdwb!|C-i#p
zyDdC#K`;Is>v%2ZuP^>lG0hG1da=}dgG+#2avJbeFR{;G|8IP!YQ?Kuz&|;<SNj|F
zTjL(T7qcb@7lr};E|Q{iUp)FRS~?8X)1hkj*zqO_&u~^3#Q%q#d6vEq;QYGl{9-{x
zT>e76`19+Pz2!lu`YZt=`@4}pzr4_${Xa2YZ|wA)W!nr_*MJ+&9$N46wi|dUlZ&IV
zzc_2i(r-E>Q@H!l=dX!deDM~cfAMrd<Te9_`39YTW&i*B*BPH>H%0$#0S(**{i18l
zaEky!qiXN^ji9jjO3ePcSgfH9ruutn_u9>Vcy(_hG&%qOMpJr^`DQ<2gS$cN|L&?2
ze%3#DC8DxYy{LchwQ%b%7Ng`vYz8a^l_gHqld<O++g}YtEo{u|yBoF{wEh>PmN27#
z_I>1a`?t6~GqddGLNe!XO#4eooj=yA=htQXl#9L;vFXB&|3y}Yck0!mt<mF^+gNe#
zf4NOBMSr!`SbXwl4+(R6d%|})hxaThx-O#WFOmUY8ulBA!ttXvAMGf7DU!o`^~?Bt
zo01oP7k@(8S3{4JKLsVL!L{7bAsJm`1t+d0IwwNvZMiD!bZb@)Pd?f@rln>Hak36U
zz|fg0Tmby*I(_B(Q$vB~PSV+ik4k45rBlKQ#kJ9d0+L1Me>hi1VWI~$;<Um8OB>*Z
zO1pU{;uuj>KE=ooGr}{NbJIwfvS0Lgxl~O-Y!t^uG2o(<G^xh&YgvOz=jJm;@E>s8
z@hdu8a*ZCrjYURXlr=2pipa1Vj1YrqX-?v0#CR=!c63(soa9{FE;}w@xO1)G+k~Rl
ztQwxoi8+6_7BP;m?cv}amMMJOo_zHzY1t1yP|xVy|3@jU(aO{fk~11`s3~+3dV*Yf
z!3C$Bo0&7nlI`f1(Pgv;suTJbwl0_TZ|2lty<}~~afIZ|cMJ<~?n;bb?EX+pc_*+k
zWjQ~h_tH#>&WaZWU)ZXgZ&07qO3M@tUO0OD{0`hU`YjF{wGI*5-f%gJ=c6N$Gw!*l
zO1WAl8!p9k;-sUk3cH!X9eXx_AjA2>urr0YaelP5!Zvt{gPPwN`KapdBk6^jmWI2g
zG#<A_vAUc2JFT52*@n|(%-@y<E|=9{CR(#3{D-yP9VGdRgr$aqZPU@<ClqW1tDN0U
zzL%X?1f@=jk55H5u(@98FR2kE(Zk#THNOICtaP1(IrX;;(;<I2F(39WdtHUGLFTzH
zT<oU9zz=1e!4%*px2xC26?dSY6-J9vxucSuOwq;8LfNB2{4`9q5i>j5&+dg21McsU
zee;fZ!FBlq5sNX}pwlUq%`Nv(x$c5(pL@?-f2QPef|x_#DXwSw8H!a5vF)($3NcgL
zuA9hcArw;WA>`@Y*6yj}l}B+Hyh>jHRS%Igv(HJ&XF1#a+AC%Uy1nX>x_d}Z5igD)
z!(z(je3?7I!LS%-Z>Nmz0DkfLQWeXEDe#Guku9)bx8~1~kcS4TdPNa#epV|pvY;GG
zvYnHi2__wr6x@{&C-Fg75(Z9LPcgI+x`7JzUadM8SL8Sk)7{rieK#;wgIDP)dgkZM
zt!tFkLp>pZ0|Q7!sl6CehZ>q|;;619A_-#CKGGFy9Nd3027VQv)SWq1=|WSd)I>N^
zTb-vtd+>ngx;54o{<7<A=)kGzA@C@|q=M~%wXPP7Ji9V;64Y*99IeA{`)rj_GRi=I
zgx+#4qbkYkWMaa&vp<1{)aER=M8B|89<;zG$R{2wC&A9x&-1m9Eu6aLx(=kKm(SP;
z39(O{Lf?=DtE^#9^~vs-hsc)9-e}s<jDdJQYVzJtueNo{@JY14Fq=}%jNG%MG<bj)
z?`=I)JrF%GJ$Dl?D~Inng~k<JjUSv=o)67YmZ>uaLK9OX`2kNG%wxfis>!7zW5L$k
zuEDmG!{F$bxlE`t!F==^a_(*uQU9#(+~{HY@66BUcQ5M+J%B@e@(X5AbIO0*>@*h*
z&fEWOZ$o5Fc6@6^nPdDQ6k`Pmp~%*zL%5OQNgmwlt59Fg{Jb~b+D%QI4sdi4YvjDl
z<rdth-DDs(qsz7T$I$VA=dupaj*VvtJ8{<ZYKoJ+7qohsqbG~pJy_3GQV3E78}gFV
ziF!_7<ihTpb1^rV9@rUJFB;+>&*(pBQ3hU)Qiq#+9th*Zlrv@8&a-U$sz(ABFJ?6n
z62kbDi$6&iI~dGD`-fp5-gFo5DXQ9Qjm~8q_0;fQ3!FU7bJ7BrfX9-+ooF2Ri3ek%
zxNLG%uZTIX|HK#VXCAk}-Rl!#BgfPe4^Uh{A*|)raK*eYuDZW2isan7hlBbQXwN-_
zUU_Jo`Si^8_cu#Y8<0NOguFvL?(_C$d(B5_XF%y{{wU#DiPck>W2J7!Ld$y)HT3if
zZ|Xils3Js}5io)my0J}je%Tcf*hd_^S)?av7jLW}FTqQ3Qqf<Aog4}&L5=j*z@{YQ
zmqN2WG)H3uhck|1$MQK>s&DIdLKN=)V<o@r!XJu7-p!0+w6BOz0kdQ=zcA-r_G{z)
z&@A@n^K<iUN7>MdJAXu56r;NYxLw@9VH`!)j=)mCM>a%K_p2NUr~5;1I#HCBM2`>Y
z9u(O%agJ}Lym>i(^0Xu!mN-8){Rmy?i5;WZa6R3%W5I3g%T!rxzlAEh-U!Jz_=sLP
z86keZ)OP-JpyMMjt^8^z5<0Qc7#G(~fs$Jol|fN^6!q?Nr^>n+N+aZSSMo00kX7ZC
zEYXqr(c$L%asudmHOHDKg`9NTdAFh{1~hGMSi=69ec>)i`|N%4{{IloNLEA@6+e0O
z{Q)a*qGbLGSf7KHu9d1&J~v{h+u})|ri)O|<C#0I(kne#0~acE{DVFUR=z+o<t6UU
z(Qbh>v-1Vim@Xgb<~}@UZ7O3EIl(gI=@z{5mYsv*$%{#tYT`yJwIZLQv?D7$Jp9!?
zin5s5sTOv0W=>XI`f{!(YtrhnZZkb*)<&{6k%--uNOumk=ewMN=H&8xmO6iHpg}#*
z2oWKchU;W>mv<#*eqluGzThd)$jFMLJVB(!4_5ExG@V0+sS890{1xs~nd<o{64WZ4
z(O$u#&s#HM;!lm$cQxI8<n2$V<ag(gKA{go*i)Z!cdH71Jaw_$_SxrCSGl`onu!Mk
z=b8SIld6s=;#hV!doU(@^0!IKRfH5$H7%^W7hj#l5bhJTpru42J)^(<KiXApTZL8W
z9661*W2XH{5~E^Tbx{?)JlXL;BTWH3$lf99G*T4L<^wfm3+Rs|8#)mUs3AeWfc@Fj
zJz4=8H2K2jdqZhfN+1m9j|bI>1IO~|>LxetB=f9j?gr>bJ2_?zcNBNSw+iv|-asgh
z@)(bfBClXBCUSSmD6*3^R`8vscY{pzDY|HVijs-b3?G)^@9CY>@<gb!=0_&>$Go+E
zZcp0}xUq82O&Z%f{8o{o^M=W1eg7@~88nxPWAgUBSYsikC|RXg?={?0F;3HT!PR`h
z8VfpTKZ6v}<Y0o=J@_uNh_3NXg;sewyJ4xD<Edm%mZx*%*nn{67$M{Q_}~_NVMjt%
zwnHtSUTQH9pp*sv@!oAFAlclQv(oZFS`TVk(#p^NC5s|6WSknd8(ya=h~?H(nNLll
zFvrx(@v-uBGNVaTJJpQxkutjG*o+cTQT9$GwP|*OUKZEUT$jnX!t;D&3mY$^iJYdI
z*+fK$t3W3AgkvXY?5+^F5`9WZKLU@Te?DwC;;RTIj1#c8*!$VPA%Zr{Kv$jCsn&`y
znV}>1BH!2Tzs9~e^1SU~?VaQnudG8D<TvhIUbT(s(Qk*I_T`Z5@Ko&_MLwM4vkS-H
z4d!H-T}@9}3CbQXvAvkmV28Kmr}3E~4Sp4@BgWSJG&0;xZAzbAJ<U!Z|4upGOifzF
zjVnJn{%u5|)Tg%TsXJ2HGnx<X^#HyE@Y$TY>qd^^<j(&H%t}H#D_S3cQH6xh4F_|e
zj&r=wEix)QjV7~VoFZDY4Xual?#~mi%~q_A!kFvMJlLYW7kQSe;_IAc{AyG7_nw48
z>C=%d{JB7B6I$6h3Y@bgVr$mf^HqVpeqk<N0n#4a*bjl$T$;Qr^*BYIZHdlAN}JBo
zQ$*$Jp6UYnT=CS{$6QIuaal9wfU`BQ?BC;c?`)rcwp8B#05iniFw8gk@LrTd9$NLB
zC9<|n8jlVh-dL?EcrHIa(!3MA?sEz!TFbwpbg8x<Ft@c5t|6&LFo^P#s~KIR(_+D6
zFS@mxjrRD+m0+0-YI!{=tQsHxea6el$tU_SGMMp`=y!s}PxyzDqsuC&A7-6Hb+wFU
zpm1Hkwou_8T{+k9f9W%D*aBIapTXakkx!Ua5k$>d=W6a_L)E3&?M1!^HJ&;(S+pgz
zSpo(DNn(uav|KZD@DH|D*)g2kBXEANtE=aa>Q}jdll6$F1%5Tg73j(VW$wdc)hV2;
zh`T8OTuF&dy0Z*T=5lLpc6ACln~LEq$5_fHKp(jHz9td|vM3<mk?<>wj=PM5?qJvc
zmS8nylV5`VO3^=$&g9W#<tWfcBKF0Z=R<?zO;Ctcgf-nG)Sqr~RI=%t9r+k>P6K;v
zAQjpB9ES1R(J3qx13~w6$IVWGGf>6hj2EFjX@p+(Et(dyF1S-y$O+5t_VI>j_U9`N
znoy&O-++-Qkx{a?usXC+GShk1g7_<p@$KAZnMmP55X7={@}GWlV<<0{6B1jI>bb&F
z%k^NBN@9Tc9ubzynnhABv!AEmA0RoccDyjK(w3U5<$H*9=G64aH5#;8MqDdWuz(K>
z8uL+<+0$v-EmkC6JlYkD*$T^>>XBC6W^{!B-${>QIgME#^bMoPi^YWsTn9Ur*m~Dn
ziM<_i_rqk)zDCW&a4hMrQuDy2L8gt3@=nCh^X*~>``AugPb^2Cu#G&98ox-KACWqt
zy5ur#ZxOIVewnMi0pQ39pPg$+3bMl&dTPvU`TTThz6&Cfb2B0wv^=ol0viaoZ$)6I
zQ%S)Wd0ldI&;l2#-oii9&39yo)6bA<ocFd%Hid3A9NwI)Ecjyiu&^D9;v#0v$Cw1D
zBhyASuV6I_zKPr^J@q|!MsY<788<9{)XxL29udv==FSQD0xhcpV_FP)A{rf5JPCXe
z^WmAcPY|#r)_KRJdl4D~(UY5PFjWQN*~#+vBHcd%3s`2ww9J{;w#`G$Jj8*<a8cgj
zwGf78E+-#<D)xOadmaAS#3fYds=G2<{wcLBmd-eI!z$}{YcNX>+UiU*!^mWFMvifo
zCtQHG)Hl5IdL5qcVeaE`dD2aIPtXjj@Zuas=z8`Kbt^V32c$W>8_++Ie87<e+_;5)
zgoRJx4oK0NYcZl=eqB`W<QfZLc`D^avQb<UL0L8umP1#K@9tf}xXl~f>{6gaVu|g<
z`Ieh31djh`E)1M%Qkz5)Nh?!GdBOSP><<O(9i4JEakwe;k{>Oj&VB%2aKs<Tgm`Fs
zTmYT^j(F=1b~dVf#l3g~&Cy8YJ4qj<Degt0wQc*6A1g1`(|hKA8ISf?wI0LIUjaS!
z*G=;BSvkeQ48mc=)Aqy2Ffg1@If)5#W_UI<*k)CzQjQ0D>@Cgy^?lw0z1eiN3WX@*
zts`5yz5S>*%V7i46stZ5Xj0x&gtIPNG@P4+45yAvQu4u9QVa5U0xsS+%teF~55YeY
z<DBgYV`ISFliaqF;J2EF9hS(hsiL*o=jMI>jLb0Rl)B=lmMG}E!>cjuB-v0Z84Yt7
zor82^l6v{ytg8(z<;6qYp;)p-NA1z1F5MP7^HG(fB_E8oo$B?FWoN~?wIkrHIApm8
z3Om?GI3Ai2MzxZ9%UU;!1wxAKut!88gd>@~@zS@3@7acgp%X9X@*jbTq6Q-a>7L}o
z%!UEBZdo7iG8#hzZ<~?090+DkJ!cHiPyj;r6MBA=l~Lxkz6aJCa1MZMUD;F${l0ka
zmu<B6@SmD*o<F?NIB~3g7R4IvsUZyqUW!SHG7gh9b4Js!FFsb?&taQzCnk?uF_rr+
zCe-Fs`H`@5NlejMU>1*X#sZ|VDU2y(+0MLWHT~VE)Yq-V*=#TOf#EEkr#olzVnXo6
z;PH<|_z4ZgHk30z;`SL!HF|tR!6KeWIxan$#+V&B+fc_XNCjCPXRHBzh2#axcB23y
zVl!l}IQO21UU*h-eH*@CBA+L&W+*A<Wcj$&`;psLWTQkw0~k~4<*Cgg_bRC9v->n+
zj||G$Yu14mwTi=C0newp*k@?@6;>MIHOY<Ak?1_mJ~$XO9SH+Ukq9fOgu`UE=e>3A
ztbqjA(Jf%WNpuRnM;tRx97XI9kDX;7VE1CwSC+zGxUByg8D7uDW%OKd8*M*)Q&CvN
z<5g?F@*rw|xfKl2csQc|I8i7TiGyTXqiG@>^st&!y@8Zrz4K6krh6Qi7;y!emH<gw
z#{^b159N`AULEyK4&h3Iz7@<{Je0{ss6j-w_1p;KQLP|Mxn{XPfB;Fo@+%%wIjyZV
z{3offQ)tNdb!+%I2o9R)<qIWUNTFF9U>JmZRB4YWlHD9V@R4TSomu11C3|HzJi&n(
zc<Gh(bk%uS7*g@*dnjdg8;+pB{^Vhk7~&kc8V1|bEc1y5{+4Q?r_{<g4`nApsOOB~
z!L!@Tt1F<m@R3lsI>b4>L*DD~n}>R{%eoqg>hNG&6G>oOhN2Fk=C$d}+A@e2VKqD$
z`)D**JS<XZZY({nDqEURQ@>m#GE9ml49u(gaM(c>sX3dpn>{Efh#su2AZ={s58=UU
zz?}xQ7JUVp(%8muy8jVjosSmG{(~2!^~U9igZk6Z1u{If{wA4MU7#uXy=+H6Vig-b
zzfV{m(@9sPM~&J>B(Ky*fB)7;f2(uE9n1e%o^-q2V(tVghJEv>o3iJJ_VAbkC9MUJ
z+I=LWPe=3P<gI(GYPN*-jx*g|G=B^+DtGe6M!CFRq?=)JRf^+pn+{${Pyq>{5%Yz{
z$G{O1@;iGVQC2me-O-#%4lLS}AJULdyPS^+jwz@Yg}Y+J&9xkEDl*WDPOGMem3gp>
z>4ZP-+d4Q*-gneH`#Z}L5N-+E*-@f+1yRB-$IXoKb(`{J$+-&R%(Qq~AX<jUkd9II
zZ<g3y2i>#vqOt*K?^b`QU`V=COhJ>>IrFi**Ro8q%91W-LQ#UaaJ3xGQqM!-i2n>%
zS&*W`YgsN)(jEtwvLwI2?ws@dJtE_$n>mL?7!HC_P@M09a%I@D21uJn=TW54M|Lf8
z=2y?2F1=UdmaF<;N9#8{$$Q^Talrc(t1E18;#zC-dW<WS*P{h7?ryAN@t#wv)NrL~
zE+s)RK_Mn>g;jx0ai2e>+fEd{CzN?mJ$D1bk#>1ic|Ap7*<sFVXjB6+V?dcV=M+9u
zHRTlPaOE2HXwrxkf36VjR+?R8VY%G6t&SSp=Rl8n>W&-34EE)RyeNdYPyl*-evOF4
zHGTCga@A>(V(>eCLd%+#R0dk*^BQhr@FE1#?c!l~5y^pQ7gyH;ABG&Z>TB``J35;C
zbPKVCq4xp22k1U>B6~X&fJ;5PcIKKRpFTo|=Zue{!8+LqalLtvFqRY`hs=SYd@SFg
zIKQGVy8cr}U6HLZTP8tR(JK1M`B|-Cjs)4<c9jcTk#u5SJBQ+`&!VRrqA~|AqgC%)
zI5WO<e(;f{m9nSdefhlX1OP+Dfq7Zn=z+57p;G}_%kTwO^uoBn64YuDKOEL3zfwe8
z!hZ=}bM>Xs;5t9i9dC<x=v;`AWx}-U^pN`|>EVr8pO1|1OL;QQJlhGR*f71-#5ff#
z7<6x%v4yF^r^XuW5yXCBcnl@HLpf4Eo)Gm}IF*dx%Eu=1cpe&C&60X{di5-CyVRwq
z8}2SfxgNEw;b^m4Dve>(Flj8AGa%pdbP5;r$Ky{PZNX<0mwDi8w|&!32jh7RI|It$
zBOM8S{5`FEsu&*fnLyf}Itz<xnb{bsO>y_p0N1W^C_i|~zmT=Sl+62yw(%cLr-~p7
z>Ij@SI9beLdSsMAir}S5G4ztkJ@gupq_?V`hgN0e2s7yC9E+}?Jdq+wJ|%%J$t#O_
zRFh)M#k+as$rB5D5O@>Y+;3TX@=xKs^OC@^5c`-!J8*hTz^6-O)!aC2t9P)Z@OO>U
z;4!o#XAl>2t`AqoJpwz$M^>hocH?l0gh7_(h`(DnD}l+Jawf*-ed4b+9b|Rb!qO{b
zP5gU99mP8Hw#<+{K;@+{jhDEE@u*dHF#&IfVDYNWyXR=O!<xrtGqg&*)v-L(WBmX)
zGA%Q*UY@ENzTty=>b@?=S9foy^Z{HALMHfw^MotPid`LwD_Qg|=bHBG?^^Bx$3Uev
z3M%$S%7j=>B0~Aczkn~0#mRUN1ZKBG574{vZ7B_72gy^QHQp2;=x*=j9v-QpE%XR1
zAgD5@LKp-#GFaJj+lt?I<f<N5UvE&w;J?Qfnb*{dTkJ(=J#le!ju^jYNdYG|+k@_j
zRm?}+?P?;0S4BHPPoZJPTj(+nKHb#MF;U2BZSsK^k;dCwMf{XHT@p?<g}v;uT;n^s
zF(i(FhC$mUll&WXqA}|Zu)qHJ*ry1VCvJxwaTiXy-JwceHd5ab3J$NsK<c-7E!x{j
z%-}Trs;DjTaKnxc)%Tvrb()UX+j@|sS1>@7JU_e&y{8m!I{(4$41EEoF<4(M&YVi2
zoxuyw(v*)WCa(D<ma-EL(SMvJtQ!cOgFq^~+(vyaiKobXUHfkdS{E>iu$Pmi0WJ6D
z)V`jz650<jX%;$S_YPd)luhFVJt;5C-!{v`8T_eyS<UM1NitgNVG6qfkfwyXWg^T0
zq#}Hg>YlZ!+<JG1@0n4y#9^kdtX_o-07JLWzF&1Kw365_=u(ABiBlpAs9IGal0#{P
z_{6B5&~FLsl94b8&ZlZzb%~0i*;W;eKdGmxI=#f!0GsK(yRv|cEeY?py-{mk00scM
zbD{TCIZw8DgF^@ihjkc8pfRMbw58J2wv3~54zAlY>{CywQx2*Ih4df=x?{(XLpkz5
z1s9jz3KJis@;mTb4a<^$#5^@k(%3cS5L)^eU(D@)9zEc0WGpb+hy11wO7Ox<+Tf7P
z0flKPwt3DeBXgjZ<Wr^0d9I$Qwj+v4sFxG;gEl!W)R+{}2lGkaM0hd)05ye^aE~Co
zu-RBW?rdPT)`Ez^0}-4@2aaZtC9;a^z1WQhK#Iyspz0>Q#WZSH5jEd~w}(nowlHP`
zrJ_`orzU$BYFc{peK9dmcPu0HiU~$$IDGaa0Uo83ijxq7IUYi`kp-Vm!;_}Xwh(Ha
zO^I!Yh}Cd^8^ld2v9~|R4~$OYrM%qMumNdy%h_Sgk*h9Ky=3ah*ksX12TEeg=fP<~
zz_`6c@1bghJLe|9l1jaTvLzB^s{yK_u8DG`W#os~%3kD%0qgXWc?|PHFh&yxRnF|4
zy+*9*{!(jYIJ|uc!?b-BMpmk-oCYTvfWy}6;p}>in$#wAE)Q;IgT-Qg&bI8+juN<-
z3xq5A^P$d~4fFxk6KN@YU|45vOb6$mOi_@^u4^Vq$5%qO+)pgdeU%H)mr0m<Y(3nu
z8uP8EH*BK!heM>wJim3aWybF^;Et0$8n@5#PW$&x;$v7(5W@Xp%b0nsaN?-tPd(mL
z*{IweQZ2XTjlFOwW(c_Z`r3;xCn&(#hoLN5LRQs~w;CuT7&H+$nHeK#arO3O`E+Xc
zaNIWx&UQ<t9X_X3ZVe&GLK)c8BGr=2R{eo&2?>VI<Px+OTZd(fi$QLoryTVHOgO71
z&e$?$NOQ&c7$f6pp$GiMw-MsRnAUo#fZ9^m)gyEnQcVZWjY@7Zy)|XU<tnJQA9nie
zB!YER>CFv2MukhvD!M>$jVH^+{pIL_5a*&#+Wj!DMO*<t)zh69(EA^noo{ohLy^8-
z(>gtg5?5yFmL*$*v7;vbK~l+F;d&wR9blr^CcpQXrb?T`);;LdtVLhd(!aLv?-lC(
z+wsCU?(JR&EjUWX)kam}4f4Y7L9GzYmQaqgsjldNVqR&_OoR6$)LY0teZf{9iYIA~
zMG$v9z$l^4+~QA-Bgs}|cgy*EF8&i;lIdn60X{>)vK<bi#e*zM0+`x$B|)ME<?2tk
z#ogfW?n`|@cr3GM0oYJDm>qRz-{EqcyIIX&J##aj>A#;;Q0FMZ{Ob{!%ZO=6!w(W^
zuxUy+iiHmBO*+=FmKo`<mEJl^Y`a~tMtH;n>?rN@U>_Kv3%cT5B0#5a6Kxs3iIS}r
z<(?0=2gfDglw~o*;Wz-xpJ#~Vwl8|0ri#i1<~8fwZ)B89NSbbP{B2m0AI|bz0i@Zz
zBYKji^K=H;#dUP4x9;|kS{r@+f-bS!Q2oJk+H`0NA|j4^*^AxbTqe)y1R$yU79ztF
z8<to@c&8I3*;Xt(_L&z&b_=~ip9dDtP1ZkB?BY&A&tTv!W$b<!F5JqJH{_m`sW0a~
zgUmRegN^Dy)f;M?+(dg<U-tg!cUaLy=pgo?)MDN%YlEems~%T7m+jz^ueweeCu7}4
zz=1U<sy(ijgK4!S5pFgZBc`-gnc0%p(yW*QAy;orNC7b?kHIbWq>HwYQ7%M_NaeI!
zt{YNJiFSuEv5}Zkkb&KOW$-FcwXzfvel?qXQse~TO2BNfizTf(pf^i3ygW&}Z->hQ
zs$MEj%Uf4UB(N*dM_hzhW%O7sK2W9=mu>9`I-|(&AInCyJo>Vxl=uRK_u-|`jrl?m
z6vDqZI?5659v@(O<V~&PHp7-}(q?d%6E>+?U#%VisdP7F+zHz?R^ZI9M45g5xRf^#
zENb%=V;@b|yQ61^cNXMDI5@a;2ye2~im#SWSD4#cfaCOJb7pMs(mI*i`H<bU6QCgF
zZ8dYs?p}_N-gn-1?uq)F$D<jxmvBoSvc+m}rY#Py@B#C~LZfD|siU#<G^oUjm14u?
z#rrno2PHKid^z%44#HGUz2tb%6k84w%U1iz)cnekFj8kI%O#zV$;r}Mc_`akqcS|8
zNtvd=4`-ZbG5Edw9(hMTb|M#K4F{+DsD3!LJ=68WqKv6j!OY620bZE$Ca8AivpP@K
z)4RM}I=%7%PG~~+MXL|uRW)#AyNrLu+$h=c%kQKrreHXBImwa%E%<h%JCjl~$&ms`
zWRo&el0cA#MrM1nc=6`ewnOv##n>K!Xdf82=U?2#EVR<nGJ@&)WG=u5@lZZ=>_5K(
zD=)dc3)SVFCohxS=*UOqV;`Yc!>T;g-t?GxUvLucP)@~&;u08_3mN9c%j}w~^6*K5
zVDF;^y`g_Z?_vMPLU#oP2S868)O#C49Twt4P@p~#b@7X#D9_+HZW7d;Jwg_J2G!gP
zA|pA#E2{ckNNAM;nRtJBg?8JPNIG)D+6~K5bcV2KLgved`(tZl+93kKSC~t~Dti;2
zsJyU0ekkA^dOAw`fH2V$QGIivIPZ8+Z{XJsP#!uH9^2ij{jPCe+F?@O2RqJpWj5cL
zJQ%EYyMt9thU&ikt#vhDY4{;5k-RIox%l`1ZXMMm`<8=M`W8C8teEPR?m_PgDF6!E
z?X7{vCo0@wAV~m@63$S>>qpL6nY)+}h~z(9PxTSZx~y|9w(b~Cv8o^`(DgHcE`vMO
z^df)Xs1<Wgdd7S~6HYJf3B81DxlK6=z2QZAkEl^(<aA>$Pis6xN1kGtopK=i4LoZv
z_o|b8Oh_-MP()V=*iIl7NSqgdDja)9sXbJ{25E^vkiJ%?3G$muv7&Ch=tppKJTztu
z=3(NM9MNqZpR@OI>EvWQDpdS6!?YmO&dOcl`;6(OOyiU3e)GOAp_IesAhwywU3xE5
za}oevDU|W?+*rl39DvtzewMVIC<hgE4JX%*$Y{ORg%c+X_8BM4ULxVZDMv{cv*2b(
zl^s4D0Gaq*od=9z5uN#z@`2En$HK>RKWAy~rikc41tL8zZlc<2J-8H@#vQ`U>6`^M
zk-P+2yk*8%Zq+;}DeQ1{A21^fZezfkWceA=UX)W2x<h;$>IQ8gmw?k*07hu2>^9Yr
z+zlaAD0ow)i@QDxR}z8kx!zmxqP7SG$ZjirG};{^H(6om@58Aq(U1^GNd-%HFOtm8
zPWmWJ;^MXkNMj(yXY1S#!o+eLf9d}EQB)D<Hny+>u(yloB@K12>X}j=;oZQ?tUIcO
z>LSZf29Z^fEuuY@tDnE*Z=%MQ<~}=Hs_NX~!9Zr}MSv}xSVOvEY_*Hogf3(!;62-*
z6m&gl0F;uSxve-&NUY&#yd1`HLhanvzKT)xus*@U?TDF$ok~Tk5*#lfdnd~)wOa*X
zykoFbc|Gy60vrb{qQHdTsta98^}8;l3a!&Kl|xkffilU}ynIcP6Wfa}3+E}tQ&pn2
zVlAa%00hP=R}J3fHZ&a)qCV+OQ!XdCn6ehmEq_+7pRQ)c6b^q$lI}mI`(9)(?$ov#
zFfDQ6p!AZ`S_g$(kHcFoAx{S=IGdIu@wk{<vtH|>PquW)pUx*REo10ICOwaPc7E?!
zb+n>D96oejcR%wZM)^YsPnPtQ0yF&%KyJ!1Ye=YbN1Pz|da2T$1+lE!mY$Q<;YT5Q
z;q5s;v~+K)buX(>9VG4yo>ENM519UcbiH>}lUvt4`q~c1a^xsS5v3d(s3-_1o#a>%
zX(CdjBnl$ZdriTPQq_pmkfVSR5F*lBBGLqeC=db!2tAMxLTDlVZhXJ*j(dM&{QhJx
z2JB})&)R#gIp<nyYK{k$uJi4+2TvFFdA`;>%FJTaKv_xkwF09~qxr5{Q7qID+#NM_
zp`6$4>I~+vx+YZ1BX5QGor!9v*ZTB1u(~5~P7&kuanIhkwyQetDU1iK8wuPmZQ<T6
zAT+UDCRo`=#uUQLTGUjds*~ME2;qlAOO^+uW<F5o6wrT{Vaf_q?BPt-)vuboQ8D6c
zfX5@DRM&V;ZltvaO(o_)2<V8EoN`}S6@%VqDqSQ8p$@tTM&ut7k7420<20pl484$W
zlH^iOKM<b%O8(&&*cpH}CtUBMaSHFKfmFMEj<@zdxEbz3VD|K%fMxqLm$eMl`odcd
zU<AWBUGbz#bB~%W7h_9F&GG)(|M4h#H8-i>-%W|rY~*0i9gfh<<}4fe(}G`OM8ggz
zi(2mCib7Wys1{Duuy`CBKsd}mWxeN|fEA4})-7Hah-s#}tM7kbn|o0kgRYVlikbZ(
zKj{bOSI{SANZ{DM88i>#<B3K}Du=1?f?9jo;-;5);Lk#QI~C=C>Wp|NaMO4WsLa-~
zIBL%cHM*S`q8v0nFz1!m1~L-NbH{3gm6KLjaROvwDiqz);|N+>cgvA%=e)I7>{$lc
zLJf3y8gDCoBzZsha8vtO3vbC;AU9t!uqB#!0x`gfQSb&e=s;S|6G=8)o=e;vDOjGp
ziRQsb0ZNEzp;1rmTNU#!;PFthhJXmFqe0jH6NkA?!9~1_P-o4V;{by+Z3wX0WLgGG
zkA4B^SqBo@{j4Z{m)6hlkP%|5r--Q&*cWt?Gl%P20`Hm=ui`glt|NaPy0oxPWP|K>
zz5YCT>_mNza?Fxm%+klt&#NFo*D>a(-9K|jD{+!;taMwt|DinVj4SANenYBk3iV>#
z*1}me7);9pIrY)8CVMSBvAFA~oXt2ORVYkUo7sO$#bI6bTS>F(BafX4jh=g~Ibn+6
z*R8p5wf$0sfZajC)8-s5^Lr#(kQL2e)%xkefWhk=`@)DId7I!bxVm~;U^OQ^Nz|7i
z-bvDVGMYb{n*FN>o6K5_*YV9G&Kp-0R=~KXm8LI7)lgQp7w5TTete>Sm~JYnJB-)J
zk9ZPswO(DZ2Q<>cP-{yW;Ju+JOq1uS4p?RDkm6QWn0Hd4eX=It5$YpNRt!ZBK$Hwy
zi{=r4Y%Ns=>V}cr;0ZkWUE587Tc~&+I?KUI;>s}3G<nW3XkH3QE&^PG1CrWQ?EMo!
zBa1q*GC9CI$($qZiROs*)iX|ZhPU+81gtDmV^%Z`!oJC?sO{k6Of5z)@jhw(2NmTA
z-)5-m0+$TD;h*o7^zv0I$&!l(B*FP|;bJDY41A>K!N4?ujw<L2a&A3<QS?~n<d^EL
zTbEO&U4lLnh$UT`Qmk`xyhoP~=!!AzIAT|)`M6dCeb&mL2Io$!aHZB})uZ{Abcz<7
zYoeA2xSW=dp$a3pN66-NlgN_cPe+0+(H7XkI5H)oTEZYmvlsK+DFhu5Bb9IJ>aCjh
zds3T?sApT57M4~FL%hYaL%R`}&C?u}`A)QKO{__wxO#K~dqxagXc^0MH6z0`@j#%3
zbXnmOLOY5w%RN*6o)bii(g;u+h!z#R(K@alVqc^T-!J`KzYZ7aG2_ui%zWzD;Q(F^
z7pR>pktMC{tgVTik?t8;Q|iMITUt4XyQsye?Ml@}>?XVk`RK;~pRJ#Cq`YgJMXvMU
z+4Nq;)RB-M|HsyI3DO!{zIfu|LFtm}?~Y$UXZRjQz6o6{3Dt}y3QW3Mh2a9FN+6Lo
zKQsyyF0qIIVTlyohsF2SB@q+YTu?`?QmVGaTm)J@QMRkOG&`0f9wZq2x0kr-ud2vq
zk7zwh!R~%pWC207b9(YGoWV`c;K%gfuN-iKhYlavK{q&8n(6>Y9ctm0u8}1MxtMTg
zQ~0pMDMrnEDrM4%!Xcii=d~T=>fk4U-9+3SZN*)N)t05;LR_gBvo8Tqal%$V3h0%%
zc-wG-aRdg005$fq6-&I7QVRFX$Ob20cCyw=<Y0U1dtBRN>71Fkm<u`(X3MPiv;NX}
zXf*XSndyG^j>7+P0Z276FCk(`baG*SOf7sxbiixYdtt@uZR*b{HYdIN1ZWBUue}m&
zv7Aj*XGam@N$qbX2@ZJP5j4jnVpbTsI_n5#i=#3^z_5%FMs!%QF9pnzb|1Hfqb_%9
zwY8Dp(E1)&F9xEX9W!uZ#K1jc#etZ&qGeY!V#^P+#HIk7usR*G3Q&afgqq3(gAo<t
zf-zYIpsfG*-i>#q&4UFz!8-zRE@W=|yyWOx{Te_1fG1SkAiEPlGvT|;>FwO?3!?8G
z9AFZWc+_Np%uJNc2}0Os#@uY?!GPvjx7X5wFp)Om4z6v$Od6~Ga%-SPo>l@tRf;Cv
zyR-%;U26Qu9hKJFM%EZv&a64ZwuLHL&M7HYsXU9HW%NI8uTz^b!A%qdkbE^)tNc9W
zI`<fbwCl726J1_4*+@RhvkMb$)HV`!){)vfrjB1H{>VsKnUe2}8|Z)wYOAVStH?vK
zAX-Q&l}n649WDCt`5us-Kn@E`KEe(B%p;IP5NG{a#hebBPpW;1C`}ot(+LFed~J6D
zb-lrgz!jh0gV;^3fj5&QG9no@>l7mg%>&i|xcFn*k6K*SBFp_mJx{ZbVL@H{>4&HT
z1j1fY!IWZ-mT=gf+ZB)dwfot<x9jnXtPDeSSN5y}vEIt7VmKxRW4$sN6_Q1VUVB#W
zwQ;_cuVLgLRmt-lC~Xsj%+=iDX>;D%iSja{haI3Jmx{3=9?SElnk3L57$J2du!sFE
ze6@qvr)Mnc5Yj%5Xs5xi`WxAVFEv<D`VjIw+WcSQ5pC}6Lj~3?KLi((CJY9`Gsl<7
z=bxQDH(r%M61UIx9~rNtz1zW<)zM7ke2>Z)<&SoJ%{~B^8IH)~-kh4OEwC;eY5r^{
z%Evc1O?sC+Qv|0V6JEf@5mkp4IQ4yx_eix-`+E{J>&Gp>wha(aQy=_zd7W9~jIcgA
zx_`@jWD5)QctM&Mq9@(F0rl%co$%4l&E6X21}ZW*Z|*mzq4|p+GnzPL!y*!1kuVaJ
zEzXlPswfE%gSE+o2=d2A=VS06DDGI#Wj^G+L4;Xdgo6sEsy>ntjZ0dgvwqZBmz2U)
z8FTbCESLqaNqNJS<YQ@McD8$pEe=6_4s)mA$@{V>>X_2iTFoMAxC?j6v~lE33e3Q>
z4mPZY>;UeeA`zm?gp^{H>7I)5cdn;t`t@Z{vo(u{$swua3wPX-)9(u-DN@lpG8Ztc
zm{-HN`3|z=$t^6@pDbdTUnF)>N>FfZ<;o?^uGvCOxC3{JMtX6obMs`r=GP*SeXMx3
z^a|_#fZh<r2QN~j1rk_SaiOLuRS_4gA=&<OfCa;eRMm*fu=w{Qy$Q|%ww%`S`S{cv
z;ej5JHhPbyCf!aNYzSA)Zn-LF#L_nfS7A3IIVnBF_LqG7mijKAg7O;1FAju5TQORe
zb$;ZAWYBi<)V&G$?GLDC|DvUV0X3R8r|_MOc46R1AqeJ=p<HqOBn&(PMD4E9S;U9}
z%Qy$20S%~A7NniPvp-q`jH*&eD@o#2^2p0Qo+`DD<$egIR<O%!)_`xqLV9Y6?fK+-
z)<uHW3`VnynbLL><mr7rM#XE3IbgKJRYF$bT57eG4lJ>lO}RN+W)RMwsi4$~yYCi7
zvHAOBcuOJ9Xz4$yt2JAD$vcR=u;d!go0PXJjE<6se@IZi^7<XIYW>&khZH2ygw|z=
z2LIfi+v?X*i$adf2RQ|06N`Ir!V57oFL)Z-$=|xYf3IV#*Q1z_Hmp8{tK20?4@k!w
zHn(Q|{nl>I`)iXyjoF8J=Nhxhj9WU-$NM*TerzPQcC<yD9mDs<k5im1C)2W=fb0V7
zDX5}x(8T9+0UhO~+AYxMcic<>W3W_5sucn(m=WUKQ+w&RsNzXmAExRCQoZAgCY;?)
zlcJW;f*7Nc0fHQTzh^Sg5<qva`U;eRpE?e8*FwDrp1fFkiVk{I8Ls!HG5&KMP&LEX
z@{Djcc;0tSWW~bI5CS_oo2?^2n!cG2X)$OWQ5!)e32RO3mP|A)=SGY?TFAUCr!ugL
zmFyds{N{+hh+>~4;Fuj}r1b)N(4G^*EzEwe3X?6&t|QkLlhG%wu(J*|e!K`Q5;!%1
zwZt`X_J(v-r$Cqwok;ZhOx+HzUlphWcmQkV9+#NMe3@@sD`NgISdJ_a%$4&$BEf(_
zKNy0$*p&s5V<}87^`8_!{m0VYYB%vt9!35>aS~(+v++IrJYEpu{SrsjRJw7fWGSTw
zqEkX4>1%dAw&774MX#!aUBqZVG>_s?I8M0<TtE!<2u_a{!1)CYu|?xvz94AF+j|ZC
z$*T8j?}8T-F*FaucN@hRc!I$q2$(=o&JU)Rku_cmRl?_YMwTFm^|-}StbwNzBsl!N
zAcqW^rrY9y*lc16O@K~R?#Ckt40SjyU!{^gr`f&mvQlJW{}cE%*FQMOF9Up!Nk4}j
zC0naTAqcx6IS7fp00cQsPh^}59K~TxM)ZkwClB^ptiRC&L+8WZB9dHlKHc3bcoDmT
zWo5Vn{IF)Ax{^$blAh5GiG#14Ia?B)#*JQt%?Zp7$USCSK*3k9Gop`>6)~%X%tDop
zJcz0*yg42_*StjWp#c95KwySR&7@;*=qHG7;6^2^4M5pdSU7^4LPg(1OONdyARga1
zZ$vgF;Y@I41#PXs7Tv=LaS^OTrR~${p6Y0<5!?c=+E=X*Q)30l<Jr=IsPJwGs?z9g
za5TItvS!IuKE{$0KB2Sjw*^{KYm$yoUc!zMUV{o3p8rZsE~tUjL{_}5enKL+7-w&>
zIo+a!Z1M2>R=FB8IhumCUV67$KX`_AqX{o0u$`60yo!|_4sRh7dv$kJ=#8nFrf2D7
zPb1gw|Mb^)jntm?>V-4f?d5>+7i=Rlv@^|~8!G2t4>U1dOYA%&GOu=Z9Dzc+dCD$1
zT7l1Yk|l|5^$G*R0i5?(x%U{0f3*<C>bJMn0kb0BTm7;Eo!qELUkk`S8yfu{TIKsT
z{vVDCO`9y8#Rg~QbWwt0)FN@;$<N~ICw1ZoYm)4oC|(rV9$Ml3vjEq<Oqt*tP=%ou
zznVXira~jH#jKKekUc*pc)|0{WM1`JJ;cHNI*Ap=2F=LcSo<|&z00@Q<efs)tgzf)
z$l<$)<LjrOIz2mCHq#_uhoA+$%n57i7WONZ+7%68oXVouQ|z$G9I*;%8D0U{UQ@GM
zob9y~c@#KxEsa6;kVMl#p*I+X=x56r{mWnMl^-|B<}f=Ph=rO*K`-HIPl9d8NxWb<
zwW6SrB;=1T0R#kBUAjrpEK0_3fD2(gvx}GSP%JH=BY*{L0?3!jWJ0LW0vm<B*Hxkn
z?7&Gh{vB67urb5HhgnzE{uAW|kR!Tl#j$nVPhG~!SHK-}MkgtBRtV|%l}L1}pNSPO
zr_KY(<{2ir)}{pT5Fj;f2<d79R*NvXwLyZY{bqX<98}um@fhb1kw<?;N!WaqiP1c-
zVvS#1&@ZuijUfPbL!Bt>zAGJXLiB+h2Mf{pPOgTvYPr^}!!#hk3hLD|i1r3p78hZ_
z8+X8A5vX|zr)C5gL!;UAg;ccfNi{!<AK7KJt%KREL??_KJnHU93PG{Q8kjm2E0=su
zLcxJE;7M|fR;hJYwI+l7kej|A8s&MCEi1)K^Lt9DrhlhHj*c>(tk)rU@+xiTt;v<B
zX-JvtFm9QDvZ{66p<$$t+pn6spx&qczA%!S&jJMc8xy~K;WfC46d09A<<#>O$Av*t
zE~t?OR@7YK%6mFH`noAf=)t7HXKmLnSD^02t`DeD7VL@sN1Q%-dY2vMc#>t+M^)rZ
z$it><Rs!}BH>{39d4`MjR!7LVW3#;&v)ZUKpjbmNJ3uTY)IV3;dbdj<;G+omzm}{2
z^JIEx`D`CZKJpqro&^R3;P5_ck8wn<(3iUHQ5ptxZEVem1J&%0YQL4n=^(Gv7J39W
z8f!aZE#109=us?HBGI%IV)*^pg1UNnb_C5GyvLsTH)7tye}3ct*t*R4oIM+DZJ5nD
zKk=3vp@_wb0_fXUc8(c=S`#giJx)ukv-p~`I_&PupNr>ZPq3;ix+tEHm(Hq!p7&I(
z9=sn2@A+Zy)pc3IIZ-B{rl1m7o4tQHa4}G*q;z!|xNDfvIO=nin7X?oz&~HBF;Wug
z%ow;6)4i9PUaU#&Mc<q%a(B*P-NEJ0DyQ?(LW09xPuBBh(hT&%xDnBU<<ih#rimSd
zmX6uG9muDng>W%*>5T(?`R8=%>oNd7h-KOE{|Mgo9C4ckgs={s@x(u3Mn|)#b)*I>
zp{Kq|Me>is{-IQm*9*1c5yVn7B^^G~t`*|8Z~_Raah!6>lqW5$e1+M;>h|(oH4sm_
z**Y+)u-0>Jt(70W!M-~olWC0PRBLN>)vgsMJCYy>hN7jwscScoKtLEq<O)}v3L^*W
zBD{i^4FPk|^;~wif_gLYxh$OL54sAwqxS>=LpNxqBLxQKe!3Z0=rAJ=f=gktK}6%!
zk;5#pLNHvVvX=aUXG+k-N75AF#I6*jN>2k}$PKQmGewgGGlkVSPN)6!#RsgMLE-73
z6e9l|yxCeJTEkH#D~<ox-3~&8V}bHrP8Tb(d{)x6#Z5eAic52Ga9kd^CK>OE?TDf5
zVP3sViMVQUpew5km_{`=77B|=&cm7OqNR%o{SQh{5N**vK>Bgl(<OuVW0e2V;u}Gx
ziSDvYq{EQZdP4E+aMBa4Y8*QPMCD@kyfJ75S`QbNE58x17fMHd`c)we%ZQ+-$(Av{
zK7KCF_&umjZ!9F^G00XX>7AR+aS7V#?rufa89yfT$c|1t$|hW~f$q6wVDN|$U-IKp
zpd>pag~JtDxeK0XZbtyOvu1l+ETP1jK41iufH_RS^ub2w&4!)brRy^>ByK7^8y2=K
zsp~5`+<7F8-7Dl4u^uF6*H}3>b6oKXnwoG_XApQrc7-h9(Lmr3`+vzL^S_Ix10>To
zgUDyzW{0$nc!*u+k+Tq4#fXqDqr8y~NmzoraO5Qq)e;J{$q0vL2g2ffJvobIP)L-h
zXIB*D5ZBf_lvXf8zgH&L{~{CU9bOj0)>($pY=iM9VgJho;7mYoY|YLU78==`0qp7=
zi2F&{Uk)vm)VDp$y<r)V&Jd55Tzk)U&z2>;HC)Uyobp7xS(1Soen+Gx3ySMe@1L^2
zo6!o-B3@zoLcaNkJWa~Cn5-<lm2R^t0><sj8^cssVmx%MVL%>5JYwQcOK(XAMklW+
zIQ&pMU^jc@hnC{)CF1QDONdCUoGtP74OTa3vie7qrxl<WBJ5(xz;&7+ofLME=9WWr
z?8UsSGdo>F>Hs;roWsSf<0Ok(^iYKduJ{rUV-2$~r!s<!aR20%jE{g^&|UaFt@lJs
z$;YG)xSs?JDe8>ePj7oYJ(S>3=z~D3V|6*Z&Q6xGqr3`%8!)^^Ripr=DS(fXzegUz
zq!lB9t7yvEiJT9SlS3qKe#N|aO9CX9bHKSJ!XEk*%GuUB3}oA*tzA6NFD7hPEu2F}
z7VtwL?WZQxiBQcm<+Z9n0lv8cra%rBSON0Q1<(~%t>8NXzznBzMlu|r$?&p>kF4KM
zGWJcufD%m@v^<Gc-4#Kp4O()@nVYQbu~m_Sax3=uAolkFEi$l6Yr@^agcyoiX90lI
z5>R%K%b+-A{e4vYf8R%;imH6hz+xeewkVW2RHA40?|f~IywZBGo6d^)ABb5jUX?pz
zsH5Wh()i68j;f($*StD<<@?eec)fkypsO6m<^QsF=Q<gF1gSo&WkB52mhUhDn%q|m
zr~V(SPpt*3--pS*i{gsZ`&Q4quUznVsD!(hrwg!3i2)oeI9S)MDHp-z1?!>IRGbmZ
zM`4s(B6N2J8|`xc>S6Ub?Xk93cUVdA0zom!^1LO9a^!Egfx0~eqhHu|6r;;rt}Bep
zFgC%vuOR9STh6Er*>jOoX`r;?jGURM1Jp8Q*@G-QE1D8Bl{*01ZlmeS+aLC7ONy6V
zn+uCHof!&rv`Yr7m!E=*gm^4RVZEZ+T+u9GsK9_yEU&Rwu{Oe9Y@HaeZowLs`=D7@
zCmY&>i{bpi`O2RogqG;E8c#RY9d?Lf2)_wKiNYoX*=0YOl-w4y0<STQcB((jPsO2#
zBekwMgqEwB90*sm?i8AsgsXb4(9Z%Ruc1ibxl85lN7q!$$b@-Ms#dSbKM~(a3GeM0
zrW0z}@MO3vLqYTMPMRHj`Ev>maS>ZUL)9i>Lh7Ho+k-KhDScuuV1%_G5Z(x@g;A0w
zqgHU_1La0jLzo)9o)<CT$o&UUf^LvRq?0tYy@<xkdE?(%F4Plm2q7NcMZ|kpc(%QW
z8Q;##V`Om)4Mi)Yb_3y!7(urq7)avX896v-ds1pAx})tAj|mZ^_&Y~Y^4CT-VF5Pn
z_Y7_I@K&&;*1~7Y+F(1mrPM{X$V&vW&G5JY_-CW{)=+LKvBVl$f*dezCGm3mK+tY?
zjl=2pxhutEvziL2DDX{sl3$5GrvQd41{@3HYB(EEKDC}B)tA@E0J(M5;zK78MJTK+
zKNA_GumojKzGmWchL~ChT_ai;OPQ?@BY(0$vp$<8u^Ppztv6{-4ND|00`759&c|qC
z)>e+=+DJ+WAIko<?=T`D+Qp5sB#6DitO@Z<RKf%9TPo50GT1LLaI|TuB)}Z(JTMTz
zK>;#x#v^!;gKqg?MG4F1vZGh1?tCp`#qd>@1XQ=H7E>L3(Bc2P_k>6Hg>j&{!e=&*
z5rkOXISUHiKt;AZSo>63YnK)o8`1aO2q(*{^?XZ;h3RI;thnRAjVn$qPRa(#yA*k|
zxxLk%SO&R_cJuQz21fUwaX45QS-=7ALQQ&5t&ljW*Lp&&zBN@fS?e@pc@PBPI`NqZ
zKI2ut*+Lf3TPHfG;S~9L&>mQwRKPNxsC6?GuQ5@1MgTMN68~utF05CkHIgoKK3;&%
zQI1^3jh?Q)y}QsyWU*%9x+JoE)!SsI#EV3$MmD9YBof%mXU8aN__c-M%(7W-^b}|_
zYzIc@F+s`HHk;TOz|!Km9MMYZyfYV-1yn%Gij{s_tcqmj)**idX+tVbs$*t{Z-o+i
zM3Z;$0!w*L%}V5cIBLLNHji2oQr12TAci_II2G24ETEdN#kXE`0k#}+b@$p22VORq
z2ZCI;CCkR%=RNkH4w;Xd-%sih&aEm@!%DKHJ=NB9dXhD#*gBd2iLY>O!pA5?Fc+CZ
zKF0Z$ZY$<1;Jc8f`&k8eN}9bmRhNz`j4Z#41Cy)pYtE9CR9#`N0*2*)My7EiT(Rik
zwI9A6CroF<=8P?^v7kEU^L}UW19D|>VpbhKC^CM_<rpLe!Q3G|4s41^H;UniWtC43
zO;E+XU%f`ii=A3O-8d!>WMscQM3W|N<Scd6f{Kh+FX7U~Pva;XX2*GkSJ)5=^>)Ub
zSsX@>%i{vZ9U!=oR83`y6YAh870fyvv7VIAwzz{S0VFWGp@2XD1=S`ntJd$;pY4o0
z`PmMl0&9K^PM?S&jWjPY8rPl|ol4BNu7s<OpsDIfG31U2kjd7$69u2)s&K*ug41gH
zgu!J)@R9R&(r-Reai(<Ja&XB`!OKK&0Xp3~WIX`F6C)kAu3G}LzmmYvndJg|UY-GX
z+X${*vh~T$FqsE6c!9|bF;p6!h!X;!J<4(68$tYOSkDjhti?h{TCu@24QH287jiyv
z+9jE)&f2d6RC2$*T^%tk;QDcQ0(m6KXbR|06O@cFFc%X1?`Ro2SVo;m_Fao&TR!);
ztpgse2RTFg+-?)CWVGJFfZo=XVi$n)3iBmJV}UE@OnJKF<x=+lz6QTOcYett%H|Xr
zA&Q2DCD9Dj!qWDC2R2oh+6EpLDTalTqxC|;iX)kBd?N=5z`~#=NytbDH1v;1A9Wg9
zJ1z1R>X3o35LK!7K5ev@zo)jC3+#e<26vI|R|ykXzsX-{^7Jn>=@J(^@GZ+i%ivuP
zWY>8A#b;(8jDP_l^mO`l%#ra92NwmD)xwXat}N9@L{!7Z*Y#_*Vy)+G5q)}N@2zmB
zwP$k}1DLh_IZFw;LcBqQngjqVQHz^JgvdWC4rhXG2{n4|C_w;vn`wA^u$5qKfUrJO
zZs|W@U)0U&H&|(oKu-ZWS`pk>W$izGQgqW7;QX*eGJxmY#C2*<aigj_d|Ib~G~xYM
zb{MB1no22&u;%x7gI7VE;78+%$FVF9t{!klK}b(jSRI*BOOA|I;v#(#lG3wEV=_Wg
zTX=)x_S}`If2r-}&WSw;lCZ69l06aO3&IhczQ~pjny{k%n=I>;5dkTw^T>e&JOPRG
zie+rK;jcI)DUcwS_vg@71@%xs!VnSVF2b&WDYXDsIgr54jHy9I(3IDHzq@SN0H5KH
z*TnoZUCIlidVf-Vwnj~ThGaZ`si^`|maPYfCiYetep96+d3ZSjzK328{NyW!-YMY9
z%p@XKKvF_1gW;J3P%IIyYxXznq+IL0Le@oK#}XCtVDY$#!S*(gsxA$Vxd5+RZ_S<S
zuVVOJL2WE#dUj3nU<-t`kZMa<z1h4PX&B;f*J0u+@z!$U*?IOsr-bbeUBy`7<1DOz
zfQhX1AR|(Euwi8!)izn088b}|G!f#VR_B3{7xv&j9XgaLRvxO=Os27GeT+9<U4r`K
zhG|P_vN^Q`&r@Usb#30{5m0ap96-^-_*$2MIcHK>pA<<f<bC}}*eNxi5Qb>@?+Gwo
z=W3qX!}b@tmssFh&V)q?*T6kVF3xn!@LRcIaFyT=@do#%NeZ;n0KMv`1Z;%s1qBt0
zr;3;h7<z?wKZDwO#XS^Ek|L@YkynvemPF(tL|cC|5GzuFn_D$oN*7@1$B%>3?4r#>
z@TF|Ke|^@yP5lV}B<K3WJ7sutLBcu5lR3bA#c=OiJh|-oe%!AXRADJ%^ogZJ!;wcz
zpj^tobx;!bFL;3LyHe%?2W2=C&nX95Z6aeml9HcjRE2h_ha)WbZsfJsKc|*MlBJHh
z{~bX*dhpkP2xQnuPylI#CSCiX=3wEUrZ}6icNQUcM)i@mcJsx!2}tz~ZiPtz-~Qv$
z_s3YLvj&$yXOY&P<(fF06Cb##@8Z0(1n`ru^V`lsETmvz>*r?S8?iRACwW@bYpH*`
zd!-(dm@jNo3rLPQDWUms6S)g}3bTuVS`N~J0Lvsw*gIevF3+2|(Ta4`$_J8agdHw`
z^OKuRzY1(;pG5a#&x4~x?tz2FQUT6p<ha<?p>+f!9xjbm3#CJL5J&JjXd+`R-vpX$
z#UVC(f&o?F%84irF7U9ZCxej;cy77@C4-C4iibFG%LWP|Jf?-~DTAwEJ+DA9v=+tl
z#?+((?!am-WPr5=1A?+A6}Z_4Jb}APN0m0KhMt}@5;rZDV;P^o;2+FtLuxg&asVUO
z@_eZdhZRzZTs1#HEFast*6pu5zuhE5bH!Hy<oS5b8%hx&#W6N>k?1y7d~3aC=u}4e
zU1JsQQU{~^uCcV(POMB~+JXU^E!Le{K%Hd_u4!lCLgX1PP44evq8z8@;NJj^Hr%#(
z0z{M{y?z9n8HM23!L579CF_VosnD)9?>T%5OBBHQZLO0Nw!B9Z{-s2BhI$_wh(ve;
zC?ah?37wclO=Ty5L~vkS9!&1@L`^U;$Ajlf<mf(8EucaS0;adyZCp|gm0DT;QR5js
z@@RfyVs!wKpEOJmEBvWxoy-C31lP_75WZ_lm1J*+I?p2NTVQ!oBQ=j>C&Kmcpr*4B
zOvoaaFO?FVK+VjosdF=~>?aF=CP}`bW_w{*kdX?Wo5dVLhYt`GSIsL=WtOjL1(i?v
z#C*obM_~Czch%t_`y^}C`?OpHZa#D=gbrlWilre?OLpp4bAlzj<S!oMeP6;^E8e#{
z+!hqu0o|;+cOwD&g_(`ZcsD=ASL`0{Xl0j1TvS3N7tK$h=@Ibi_JY0y912vd;V8wC
z<m-eB45JBa^aQGn2g-hqkEDUB8;MD!Yblgfcy?kc3teU>GCNQYR6X7wxPqm3bxgoK
z2JKH)bYs&DD*~KbR|h^eCvyu=L4_C-S5Y0_o_I#GIQZr#nDEjS*2x9K6Y1_#MrWgc
zO>I;D)z)~%VMb|{hf$H#m+};q{$DPDscI@{O2Z&9>Y)<4|8~{s$ybpWjgUjJU6rlf
zYh7(e2NUr5^;ua5Fh<C!`3dc69pG$=fM$TXWrB+@N?7ZkH%HDYsd<S7Myg;nYc;b$
z1p}3_9P-hgfww9t%)WPa>s^xfKx$4ByA;DY#VE#=(Vp9^oX~`q+gqr`l%Hl3&#V`q
zdWW(hP|2{v958nHOD&xjL3=@$%ePh(rci@9tN}K;dTC_)$Z?1#6B`<Bofwh2CQ16M
zqpr5M0E~VHtmaAi=Uox0k>%DKa1wxP(9w~DKh{<w2a%@1M9wf>IOh%~N#nV6B3>!g
zu1MJ$kxu@Q9znqi3bpbn{H4ZCc;<8avuo7y`RK$}dlV3B3nR6_)uuc<=jHt|8cPhe
zg9UkvBm7#y7HjGB!El`RWKO}GlGR9)HZKt>tFX>3u~hin!G|Ej0O7cAYp*;?Y<>=|
zs9eb|`{98e&=V^O7eB|e#Xr*2M7^a=@D25RhUMv~W&-g~tigINBzCClp9q&c(SWYI
zAN0_DX9ex4eXZZDKl&x(OF-|1<{p5U1e%`edcbOpR|1e~T#vt$;?vTTCFf4>3t}7H
zEdxZn$d`X(K58zj1c0vkVx+m8gMCJHo<feW*rzLngAy;ePtihN+jFNpci4vbw^%_T
zltS@mJ0-?imuKwVk6o$HBP^q>!7Wqdvfl0B>Me=g^L5!(EqWI(ZvqWB3=il-xsZ2s
z){mf?$wDU)uwfLsc_IBAxZ)@qMpY3V%IvUF1(XaB<;lvDv&zDCdLKf;5zq7?<ketc
z|5>e~ronY2BKUY}eo{x(a@IRc0sx@_V!tp(yd)KkNreuQ_N7b6GkrcC`H(JGO(+eb
zOB4@2r^>0CWJ6F>Zatj8q#dM_lXsHX7SO>UXBXk#4!p0O58w`s7-}%tQljI;oN@0c
z6y*gD7}w215hheXPLjhrO<0j5@$)vkVn)Th>mYKvnHLf7GFN3%XjgKESW&;%vd*we
z3xG+!jya={DApcae-s4-p^>zX$_Ze6rvRMNcdfYIE0IpnH}H?_6C>5d<iT+(2w~0N
z;X*(~%F^qIy6u$KYEe5?OZsc!Toa1pvLRUaVw}2Bb7l5gmFasGR}1QYYbkiZbALhx
z2Mjy_!`)b~Z@5PIzKPXw@mnSB>mK$`dyINl`ZAw9fRKyC#m`8kL$8m<9m_j*>d=jQ
zmqMLiUwvzN{197s_xbL@D_3jp9el30&96H;<=u@tmL46uUmbORQz==>LXg=*)f{J(
z6fS<pp*8ZqfA@hgveK8*d3Df;yAV$Du*L13$DfD)J_mXW)b4sz9L)Z0y9@IpBvZq8
z&=J+Vu!mV{An!KgoVj*8q}6SWqWjX}f%(W_t_A&hO7jKi!mH(mui@SJT>VGxtraWe
zL9eKpvG{N=(I->dbL><>0MifmSL>T?x^2#=<zu#{S4|e7-mK-Q^A<mC%@#R+8J$kZ
z9#fV)DzGKHx#2_UK951mjH~+}oY_bV*j#0mUOT6_WiN~|xCyFxqcBa_qy1f}cYp=j
zbs3soPre_^+j<(THDsHhEZ%Ul1!Le-QE%)%LHNA+;v?m%m7IO~esUhZUppr{I!pMG
zI<I6ow;Gw(tum6m<ih$i_7NNGzHIBp7wwNZVB}*PmS3q~Q;`5g9<7g9`0yy_Yucw0
z8Hb(7_7i3<eyPD%#%{XK?KyMVgqmox{AZQDyv5P{F89m0wY4<;?}J?95PFlU<36=y
zX`B9ANXnUwM&6rW?cFkQZ1F%^xXla6?8bk`Ur!v%G_T(l|Jp1bXGR>AV4JOxx8W#^
z=h&{2efqjLuh}bFDNebLK25zNXPoqIsMDzZ%5Dd(+P@2ky?QmjM?QO-tg%t%foYbn
zXw=4YWvtl-7{v-@lO?f&{xW0V>n%GCy$@t*hvok6sOTYlmvH}O!DE3_U-aPXWr%G+
zb$_$od8Lh)y`%bblHbUvO+NL|KVcSj+j#T@S#bS(#nzJvrOY1t#S?+xUA2#f&prG}
zJsn=AleC!R)qEb_f8}W6mx`qSxTlotg~_{Y8mnrFQ1l=lZ1;3|<gB4Pag0;-bdxen
z{#NfzajwsQcEHX2F2QLRlrw`~Q=$99`eZ!<eP20jIII#paV&s7)?~9R6+#|C#M{J2
z_%i0+p63KX%cjz?dvhN(1KT~bLSMP?Mi6IO%@vRGj?dO#z*R&wXUQX<gkXb589$J(
znkeB>=exEW7sl5=Y&qs~K)uRduQk{D74yqS2>W@?H#)vZDY7ErT=G$0L5t0eQT=n8
z;HA(EHzr(a3DVcw8#>%%Guc|TSe<kaqcqW<kOQ6G%iOh)%YR^47(h76{PQ&OXn9Js
zpKO$<$p$6`PX&G5P+|t#l7Re{m{W&}l{2+@K>bK@$gIH5^k{Z$vMp|Icr|$Q1zJ)3
zGe&>Ek&j%~=l5%u$B$K8n{ku`Wq+9LLHe<(l~mTQtCSfeNoI1!bAw)2if0~z-QF_R
zWPrqt;$L0<JMo|W57?(R&fZRCvy}#R(i-2(bbiiszU7+{c>0l{dd<0<%;SNLmU6YT
zZef_JTY<gGQOg6T6%`b}Y;Zr^8Ei+dP(cj_tfY8`akp3riy-^L4mt>xgTqR9DjhL{
zYZY$S^J?6o!LH=W<Z$d&b{x2EBqt=R+JD;mo2={H<M4)(qK&b2%?&>ei={OCP|SFM
zcvN0ltd{&Eyye0^1oOP2|GA*2DuRvXM}MvK@J1J5SrZI@>-)=atNV{mTkGJDsc0CV
zYP@ar4}IkDm$6q){=1(-mUalfKbZNue+Oz$t}K<=Xl}S~LlWB<y?bZDm#xBLM}6yp
zP7+g15O~U3YjA&;u=ff3u{=`_%7z*~!{t0eycVcF$vMyGEN_LbJ+*c&_j|2y*r`Qh
z-*M#iJqt(tcPH~km_J)TVSC->iUoKJ;fL){YL37cZs3f$IoLPx{`cf}5T|T@lcil1
zUO-jl=kDr%dFabKSogSlRiqhibnuCP?T35v{~1$2-KaluDpd9MOwKL&zcHuv%NiEH
zj5<jJ7vwZ<JfunfjsId9XZEdGR`et0oZz7Kik@QRzar5RIc<@?KiBoPFuzO?IDTv~
zbNk-dSl2@9^a>i}L4%#mfjFP^XqGwMvm*z_pZxh#JL;nQJHf5K-#jjAb(nvCZbCB+
z-9>Sbn$;}4c*q<-)?RA%z;Zk`sbYJ=XTd?)y{1-FKl>BbLG8bL<o-?X|951NLVPM1
zP4HSf5wzTTD8}CYO)Mo<Ggs4VbA`?3S1l(T6)&M-+lEiW*k`w=a(!A2-OnaT_BDEM
z(unG?{Q9F+HUwJ_8$VWS8Dk1f`YbMlpsOTB8h#tp?3AOL&ujR7M#XNwY}8hGWLE9=
zLc<bYLHnYvHTHy=-?oxm$S#t8`#co#=cfhKb$YH3m5>^>G<|MQdko&XKbO7WCI4_k
zdy`p5+{>?OcE_J(Hsy%zHIo)sfA%%lf!wby_)MNgoBWD>D~~cPcT(Q9<D5)F@8YpX
zv08~a$H<5szasU-#smZ3fs)_%nhq=-3$st_sPa#dO=Vr_2&~>YeoPuBlN$Zs2cbT!
z5C8u?$gAmdfrGimi*Yxhqh)QYu3Cd;u%l+st&e1t1sigTz$0iyzJ+k(bLJ!yn>K8x
ztBL+K-)8z`kv=P@YljOz*#8es-|J>cZpGfFW{v0*3m;98OX$b!$Ff%Nw!<^8p6Zso
zeB5fYIjdcIa^rEM^(crrz8<eJ#}|y^oOSi?6%H@o3VHTN(#!O-!K6L1G7kduY>&kr
zxH+Tdzfsk<>us_t3#TmzKm2=wrSa(wajjtCYq*<SR_|c0_~2!QVs@?D*yTTsnUZ45
zjtjD=!8py~ZyR&0Iwl)NpGdr7_Cc%qONqu64#y9c>msw{h+C4#*TCQF^`d>%4!c#h
z2ja0OaB(kQTw!5iJoo`(tZO3ex%I^h>Yi%+(4-~go?MpTPnrLQZwz#!uUjCyXEy>H
z%nr5;!O{#iC?k!iHh1T@MvW=v*W~u4GM#tqlvJzSto?4%SIIa!#QSnV%2cD@ezX}S
zNKQoh1rHsOmdO#f5x+T$ANqEyt*=?7=W|{#^zeNf&+1$I)tDcTtl$J-jp1`5YXwE(
zwtaq|_4jdPj~g%MI#sv`RG9Kjm*`BVY{3_0lxM>AfGw!@_B>yqDK@UpEB&v8-io(>
zpDfF4YTV1waapua;zz;e5x!hfs`X9qxhMbrcsmM=HU0K3*Y#pT&bI*X!RD5S%Qx?p
z)hsK|aZaM$bduf~%lsL<(wS4(FxqWJ(-eLB=A~5?^g3cpeg~>*(#}zokW=Rp*&D0N
z-Lop^|80}4xRyh7E~xE1-M)6HT%_Ml=jjKh^^_PdfASGp8zdc)LTr-nzkC-Dz23eT
zpKwjZbU@I)DJMzWF!%LK{kX+?>+Fd^@7ArlzD7Tvn0m7tE}Z-=ImlgWdGu!H>z6O^
zL%D{&G+weclBFrH<1TwL>5z&iOI8s@i)at}>u5_`g^IGEPjBCDQyU08p+0c#oi+5Q
z+4}wa>_0Ivr;9&%v>HyFO!~}d3#@CboJiAlH<_H>SD`=jLw=v251OUlPSp4a(Jcyy
zoWVR51Xe%2p`whQ%et?upHIO{!8hjrDn@jTurXOgFEKMZC2O(_-*@Ip+(-mYarkpy
zS!g$<)230);)Q};VS7vBfw%lk$AexgsmZ3v&vk3iVhV~hMb}iHRJQHvD{^MAAJ)3f
z$LKea$8XKNJb%Qxz@y{n`?u(GF3Uy5Q~9!U%{Ht1@<z4^UZ<F+8*lW##5$kw*>6+b
zksX=8hh5n%o5gEf{PMzjb;QVI?)=}^2c~yj*&h#lnyrVCMkJf*j6b3hJd7%T1Xksa
zoqa@X9&NH&&GKNo^$6Bcl49|StSnT@VT3y!mfSL`{)8*jX(}sPwiC+kWj<=Q3D5da
z`f&J@wAUFvW2@RMyD?T<KWfkEanGRBp;yLUs!@W!U6OK|R8WOJeg(3p1^Wg!nbKFW
z+#Sk;n=hPKto>e%T>XXSyf%0L?#tPAMYh(L!}$^Z15$hYe8^YJW2cV{9eMkG`Wmsb
zdUok?=h@+JHm+5D@|ouj{+4PfzkI>J>Uk^#*^#5j?6K0tE|&NB?f5FY!VeF9cKh(;
z!xDq#2*J%4mdhoD4=vr?gxfCH`^oJ?9kS|!8gn|3M#>sh6t(cz<yL;zT2zsHP7mIp
zZM&>swD9TDHmd@U#lU+k`g0O92mdauVwVfuJ^n%C(eS<2i+{+MuyeEii=yG1zp|EN
zf|IY-NWvta&iPOL@xQ)+@N|3{<JG6Y`SZA_mf&<mn$fAJmhZf@g8n0T6R*ME973s<
zHXMH}$QJ6!9?`a@@n7g3UFo6g?e<kI--@D1bHg9<!)p*PSFB?`G#0PM>pt*FuVYlL
zzPN6G;PtFr+O{;o=Y4fQbY1lO<P}?PtU=U*8a~DUvFG%nw=FyI<mi`AQw7DV$%ZMp
zhRwb5E~1xC7Eyi0Zf|0h^*N^Bj=t{&XlRu5*M_~DZz6Zd3mo^|DIsedx_)<z61=@z
zCe}y(=$`E>0Cryft4_Z?epg7~Ud^_``#&Y0unQkm*2?IMUw+^dfA=_&&$-q6ME9pP
z6JH(+`#?gAqi<IDru!nN_K+TUu=n<M<wC}wNs?zNZ^pb2d<<YxQk%VUt}0$Sk2@)=
z;ZZ0{`nTe`4DQC!NjFT*3whHn675so&IUEFZ=1IJJv_?&0vbq*r^ltyV_(0voKi$;
zWq(tbH#vRE7QZj3LSNA9oDh87XsqR@3P;KKboVutA);E~Up+j9gz%S71-AeaS)*V6
zThSrGr+9<WZ`_9dBX*D}{dS|id<WFj1FfgqYev5E4~TPF4|SjDmiTG4&o~!X$R$LB
zBYuY9RDN|NnsrJ+*Ej9sfiuUr|H%wC+qL|B*Lj8GA8?~<4{{!&uV+5%k(eqT^yqk#
zLLf<;e%q;d%+;kf!$j~w5xq8cz3iS%b-B%9{yd){K4-vEp?N!q#}2r3OpaYs&HJbu
z2Lhbqdh5htS~=#pSP%t|dmC$Y?||aY3bS4Mb!ub6tfnoE;F7#GNqJw+b8w;j5!G*A
zU~7SDXjI8>e(lLVaW`t_!4f2PNM9fexqW{p{`2s~zZK(MV#geFOA>6ZPuV8r#6<Yh
z%RJ(dbJJf^;pm%hG+eJPU8Jd0U?A%dpRHDCym&=%O02l;P1BZ%=u4x2f8X@Ivrl!O
zn^x6~T6r7Gfsl=ec_2eykN8Q3GfPD|tRIzgWmmecpVRoc1N!}kFPZvX>oeBh2*3pK
z*x_3XGx8q3FCSvO(~YzA<L)?jvio~^X}Z_!ZKQF90W{^Q>v-elA8O%FRy}7nu802I
z@9UvI_dBPX)O*>=|7oW3m}-`8V&|WW?Vce|693e_^2P2)W#+B8#y|94Z5wpiw!+1h
z?Mi*zP%e1QHR<*<^m4w^U{(&D+_i8d!7#pYQ)%XfrpK0FKH;{MWBw>TBK{;^D<N_(
z;GWe}V)5+j5D(G4f#6RUZn9qc_&t0={PJlldG%CTtlwiEpVLGiyd=BfFh%zjRqJU?
z`-v?<jl4||zdu$QZ21v~UPN0SzIJW%T)Av4E2~;_D;^e995h{=Tix1KGV}L$+cB37
zPc@l#3o6V<TD;hhZIW`6EwexqMESnM<f>H2X-H0iOVLLTzI?nl)-&vQ4q?gIV>9YH
zEhh4oy-GF*Q6A?O6xsXoL=v$+`I^jA&Jm533hO{h>iDhp(uxa+z(1EUEnC9|trq(<
zJT8_P*FD}uG8;PL8hPcq>viGSPxSZ`<&Bp!@RmB$TaDuzY>HcUo}?xtq{n`R`|b^U
z`Ht8AkXM;iiGQ}&ldI`vtCb{?j2{hWyB(HH93v3jPM#Uuaz&J*;uiE5{|SuwXXI_8
zJ*}!yd#WajEZdirikl~nwY!Esee{9ImfIKoyW$=}N^E6VA;F3CobyfiF~){Ye6jS<
z^7C8E1%1I`^xCtWZ><+l4-UQ_!?<m?$*PNEq-_ar{+ZKN@jyFh|5@+XE(mt{=Vm|s
z`)@blZahH`a5ra9LMLx0YwaJr0DbO5lQG@me{U0wQ|xlwGE+B2*(7?>|F<7%Q{9(C
z{b&s@0<#{BS%<Y9UTauiBtYv3nVrdJ%y8(Nb$|PRYlNKu80OOExwS@R_ZLCf$F_vX
zZb!VbcwzrWS%O~k!X<!RRTB6QS^q@k0&LJl?<4u)DXr6Q^xw#ur@o2TBs#A4yUTj@
zet78;Ire1nI)5>ZoI=_3+qXX%tOgD#b(Kx)NYopd!J#)c3^vJ&vzXJ_*(QkgMp@`d
zJT^STf<Ir|6#g#$mdrWa>s7rvDVo$^G%&D%HCSF~ESxJ1rukL2Y58k##C^`e{k5EJ
ze(zvMsZUul`^1}jc$QkChqiq+mOgz~p1-@aq!@mVl<#w)b*dvI==8F7f!)$lAv1P$
z^lt#RtTx*oDDcsmyMFmqBzSkiw^K)hFri}y&BDysvGS%i{`BqLcG>LYslkc@T;N=z
z^?w1+l1I1Wo$p7-)^22R6-?WxCqpocKhC8s&3PVQ-<>BuM|x#)idF?_+8%L3=;l4w
zS2KJjb1_!0_MUQ@?5ZwMsjWs>kkG*~mHvxYn&W~O|IqtAwv+qB@;a^StiS&OWXGxQ
zoGUMf3>0^|h@3U{g;iKK9hqZ%eX@N@K_0JM>M6tr)Gv3Nf8ZlF)jX3K+Ah#&3mJ70
zJJJ`%k0H>d`Zc{TAL@B^UmUEix^MHF>8I!Lz;-7Yt8~Nbn*l~c9p8Cb$;0;pBr5O}
z#`J62{ro>V>~_=!{@Hv|79mh>v@sj+ejhm0;Ghw;r}<+{k@^1|IlkmyXoJk@3h&d^
zHJMX=qbqAXbj7{V_s-o!<K)WN)Lin|<|^;xGg~j<3~LoO?G-%T1SI8`C%T>{(uaZ$
z=#E|Pk~ZD_)?B%ALHVGn*@2uvW&LN&Sii;0;Nl_!<XiDVxrMTY@J<l3w|M-uSMAEC
z_nB@Za7x?<0Z#jndv#yx_>6jTonYe<yS>CzVGO0JS|Iz>buh)0>epl=zxd@mtb1S1
zse=xvN6t3$@Y@xTPW-MbhZi^(|5jI5r<TBK!>#_^ZJcEr3aJR$X1w+m5_0Jr?*pm3
zRh8Jd>By*A+6vhvt=B5h_bI#S?(W~Hf`^{s7p4mUf)}$78=t-&-=jLOFgp0#X{1lO
z;prI7(>(3K&9(j4fQ4%%J6ExNZD)0Fp$7j5ygzrRa@6(qX8{ghP2v#SB%^=#=eb6O
zhRoaSeI!G7OE@}rbH`2>AB=Y7w@vCFG<>1rMpa3f7$n<2ETcJGPuhKm%V`9=0VG9V
zl9V6lx09||;v6sDxqVGu7|JDUocSEN&y>G{sWRIqc&mbJwVBkze<VCyo;XI6;>zVR
z3kb&X>&fQxClT?FcF8jBdf!hSzbpPCQ)&F^6jb!jp-VfV#t|XkmxiWuDKgvT`)!V(
z0iaf2tEl77m5TL54hbr_+J<LJku!&0H|pMg1g?k+$*&C;b1Ot(j)FN3f|{&sc$9y2
z=%a^?Q`o_`0peqq=h_Yj&LH+7ib{385cg!2A1e7cXmxuPI$*w$OYia>Z9cIrz{71J
z3pRo5Lx!H)r|L1+t=c^HlX?Ud7<yy$Riz7flq1px;a{$n9!AgZD><9FzfgUs17r8^
zXsubiaw=JSXd&9cg0LrY?O?g!*4oaM2F&R~^2#F>gynV8d?6v18bUVPQpq3q_uM80
z?K{t6;;!OD$SKZ>_9Qgw9t=_|Mdye2SO&NG5ZYWLhL3_w<ApJQ67%_9a~v{c+|VHg
zQQ~&J(EgMcwHRCGN3$P6a7?1+8)fTHq2975{peom8;iyGy6|a>zw@2S3tYk|c8d#B
zsU4n{neDY*4*bO_RAw6f;B9#&3cfCEuxtqNGI;vU$>U)|cNZTO2fV4h-J^Ou=-a^`
zb+>#l@qauSU{Nt^i7whRw{fqvcbmTK*Y1CW&pr_bi@G!|uW9vjd$?EXlw17O_=fEz
zr?5thfz$7mANcrP|E+TM*x@adW}A`K9@T)JArd&aKw`t#J6CugQ|b55I)~ElBm3(x
zx7)m?=;3!X@e;E^ypL?4DARIwZ&&)lhf?=+?V&(r`|n)=W?(Zf$FTZ}7Be#4lL5Rr
zr;I&)PXFJpS=6@|WV~P{hvr41&yid=gYs}cubJt_t{%L3tf?{=_cBsjo+_{FXQZa@
zY$t1cEd#omhSLn&2_J>fzc!Qf=3)0R=5;F9_pmW<a50jo{A+I?y2NnmyGz_nr2`_g
z9?oAuyUEs<?j?8rNkzOivD`ula7BEH{kx=a8(G{V$Svqe#}@(qt(xy#B4=K`Gmit=
zZ4~OJa#Tlh&M__3G5rSreof!8p20`*ZVUS=-^j>h^^V^HWWz?Qt2?gjYJRo0j@<vt
zV;XFfmNaV6LOw*yRg@^4m+c?@+iruWPP2dR+0KlUV;g>poH;T}OWdbF18DoT62UEW
zPoC3itbXXOzz*B*%+lLENAOsFRS%=>+4ub)rnc!0-0Ilk^4kvSo9)vDN6O4_mkl#(
z#x~1<ls!kIX`pwL18Ojtb40mhJNJi%hl;G6(P_amSyBEUf#3*17RTTTRZ}(ueI(O2
z>o0R(pFd-K8!A`7_#Vh_mC2v7vHIHZRm;1&>Av>H)H8rB1{X8^_nEN$FzNR_-^0Qs
zw;|JlN|)uan+YQib*!I+oZr2dnZsgu=~=s(Z^^2*@5sGnj|(sKC+cnq$z{gsQl7Gn
z(4(=sXH{=QFTl<T`kP2oJ!sZ}o#*FH%I>JGkXC!h8-aw+rG44b?^v;ie(waGNWRtE
za3S`!_IYVz#aA<Lb)3>k>R|KUjc-DeuYQ)H4_b6T$=N-)1z%KQ`T9A2CH0QH#l%II
zk|+OKd%Is$p!dn{)4gJAcKFj_)BBf9Y6A;Vx8L?@T>Y9UoyB*5h>5v<&@t)&;5J~#
z9ju77D9<ON+Yd;kk<ZTqzVNNC%e@`)r!jjCe_DI1MOIxg6JDtMJ2UWt^j6cR0|4U}
z5uoK>x-vg5#Plpq-N{R%%^lfv+1u~oF7gl3vnz@otz=M9j#0H-q${Hu{C>ZdtTdi5
z`l$Z_#^C{=%d;<e3pOYJ1y1U!TqoGP;BzMJ-;)9{FKT)0u}kxfRPBw)s|THua=s<+
zYPTN+S)|i%+b^+tHCE!@N{1up8`=o0KK@_dJ%_dj9a`NoYj|}&#_dj6{wMUY!Vj)f
zjT5My1k(lmIMLIhiVZu8nFXEtal75~R=hGU-*UcmU+Y;>;Ev!wPV2JuceWZv&opjd
zX-IDj{iv?Db^FTC#2gXzKUL*;-69A(DaY5<uV=b5bE?aT^Ex<;d8L*&vII3~J@`r<
z7I|)ZnR%2K&QeW=2tM2(z?3kHD+^=SdBwGNeiBISDGspXzJYH}-R!1@;S7P^{JCw|
zh~QdsJ{vGB?WsTt7OtjrSVIOJ{vV#s!=LK7{r{Dagi4{zA|tzU5YDM2Nt_Upy~*D5
zP)4%HF*`=GviIJ5@6F*jHgO!sI2?}i`*h#m`}Ys@IFFCs@Aq}RUeDKcIZ2pZoS%ZB
z^Su^`p8OG>P~a~9`%?@E>P;6N@d<YneVaESZe~RC5<te&$NK%QMP#yQsp`@JSo8Q&
z>yw$_Wh;<%)a^&_UhLzEKo@hAWKMYEv^|MQbz3K+>k*al>`@SUgQ^d=)Zfx$qIV6G
z=wT1L2R4s*pDd$&U)<Jz=l<dUv;YCZY9Mgkg|6ZBTB~7{vI1|Uw(2`aWDArIqqx}q
zqgH`bj`y93AEh=QeAdu*h?N;~C$-!>R1i#fLYRs)%KX>J@;t<v8%K-Uc5_avJP_ZQ
zaR>!VhmI=S7j@esc?{FRbq=wx1?=nCcX5w<JvLH!q$dN1Qx=dq15n2OXZdGVQ?YO4
zLJ7m^{F+6v@a?I%f?)bb<)6h~Ru}P)v(a)oN(>(d4G&gYO~(f|pX0h&^r{4$J${)F
zOCQ{{`TcMwr|b3EDbi`U_pYYSWp#|pfe7?wW(&*d9Hah;t7?^BQ6;my3LC2Lk!w7q
za=rC=eDle}67M~N^C0lVwtuHt`{Pd=qoy-(G9NDa#^x8bR{v^lWX8@6|Gxsx`7Iyk
zA*$=nfYSi-+V=n*s|3%hH%h@J@+qCX?d32^e?{qD?aMjVHow@7V*i~#m>h?V(*19K
zoKbA9d=el_CFQHv=MD}0{Ri*V?_Zv_Ei$-rL$Aj2igF|18y(JuQ4zmZ7HWv1#*Js}
z+l#J)_S581HVnV5VC}*d?V)wgz2YA3ze4Rpo*YEViW+?6p3Q`6q=5o=1>Uj)?gpv~
zGQqQdC#d*hNu|o>ioYUruNC|CFZ9fMn>_m?fB|cIWFv~pgR(uiXb@h#b-u#CI_eXO
zCTr^C%^3Ewb66YGlz1GXE%YC~0_aEpwF`1<={ZfY(`U*d9m9=xMNU#~tz@z&+#R0E
zX$X=_;4q^pX?RD+AADf=BakrQWhk}JJQQs(!&M2|AHE!dWs`&0_>Raz4$0q0<!ZKa
zpK`(G6jQG6z7OGP;DQmL1tZ<!rgNFFD;c!9xDdt(?wZYZ9y%y2!|v>j7OY*a<*j;}
z^sDB!#5~<?b&KXn!5+5r5wjQ>_iL^Nx}9woSn&LX7h9Uw0Nm<FuwBj>@Z|cnR|EdB
zCGqR1Mu7L@d9ABs>*u@IO8#h$T;T|v{!AI!*<Ns8%;a!$^unCs(+jg`$MakAZ}W3f
zV;-yLU1J)WZpMY^tb>3Z5J5mAcd8_Exa;>&`mjB44hT}`JVq@GyT^ccKPCtErxFPY
zM9hMm_;pbV<vig1jv3?<Vk&(xBHPjiHl(8>wg4Ur$!1#Dw0gl69u{_^c{IqTUrzj=
z5Y4*8F)@3hQgv}OpM2nZCOBPnd|9ZpJ>tKr_|c49h0SVf<$IsN`I?39BTma`glB(e
zQB~mct6?7<yaD<1O0&@fXP-JE7R@oCogPu<*lUdVSbFcN*@xIl#f0^<_55&Au1Ojg
zS{~4yTi(jDFn4G<0J`#;)E~d5CZ0a>&<qn>CNFQ`l{V0p|GM8-Ga;IL+`7Vh_ESA<
z|Gu8A!Di6PT^1RuY7T)296<%8qj@~{I_-&{4bacv{s!%y6aE%w)z_yLIN(KTGwnZ_
z%vD%AYV9wp7TBYuojT+B)K-5_6^ibqt+%1$rn*^qh>o<rH&`S_ruY3w(^Cb}36P5!
zcITu`kkNds03VUfYXGuFP78HUhpyU4^JWyg#NNW>bR10U`)2VngRHR!VCl&mI;7o<
z$%3@WTa34VBcQP(&09nQFk3~1cFn{pl1G%*O4nt@E^@|`J6^`!5pmBGbRM47hEKqX
z8pc){4p~9(ySxv=Z*~s~>HT%2r8h$0sen&@I!e#oLq;dfvDOzypW5?__?tEza&7l_
z!EN~>BBS0PIh5P=2Xq3xX1D2tcCY_!Y1{8`r|pKatl7{5??g}c!rayFgihXZ<-e3S
zgkJsg{pTNF(bCddykp!SY3d}Xa+yuuW8;01zx{xJ`mjzw>U9YZsV?faW!_@;qrv3X
zBl}s?gx+LHClMYpHt!Gdg8D*kC|I@c90O=&la8pI^1RpWU|k_2BO(UR4Lx?6>51lS
z6gpU95tl#n^Flv8kTXwNbBvJ+()T%C!+9qNu`#cL*$H7@=}L#=$K9<yi>0DT5Z@+y
zY;;}Zg7@%c=G5iMp;>ZfQ)|_1;tY3jn{?D2sQZb2nMrUMlV}@6(5$e2xI=|&g%<ot
zqN3a_S2f0588ffh6?TtPe>jC7p}X)in$u~|c&42Pq)<2mZk1gc)mx-rQ(cFRJ>mOj
z$i|iE&%A!6$0Fx(!7b2}D$$;<R8v9c0LaPvvgl&(Ru!Ssk7L&|fmX4kQJzC)r>wDA
zmgIPL(t@8YQ$J1p_^Nz{s}!MS-S%~!<~B&_6<ac3@MaS@{be7`m^k$jREf{2f>f85
z8NV^wUinrYZR}xSuTaR|R~KvnI|U_$bGdH@HMRUHuRDa(WQ@>B=+w7<{2+x6Ae`WK
z9T8e589OMbrbZFr*Zb5vX{+$Lfbfw7Tm`NE%r(HV%wxx0(^)RAGx(CwaGglkowBEP
z)9a)G`hZdTP)Q$-9f3@fHT>u2&-grSVKFauveEkSwEKg3v2PK~eL!X+m&*YzGD$)$
zW)y&Z+9cy$Me(D`Qu1wCL&w2Sob<t%LyusnpugSGWcCpmPcmI=tfE(3@ouJ`oW~TM
z%YBFqzbPb*(LS;*V(zQ<2gEC#{>>H5`TOy?YVV0(A1on<)fsP4c^vu%oDTS<?x_I{
z?{h1-qXixNTUFM?a2e5WiqeHCB}(=;y|vjAo7w!TmMIa2sD0LLV@}|Ir<Cf|Pv^4M
z2si_UmbA%!3=Myc^keT#?H6YI2cbrtUmHpcgDxnlYw>;j#V2W=HK*$ca$;uS=fmAs
zoOJ?^Ki_Cy3QjzY=lCa^ZZ3D?wlWnQha@*n>;nCbIaMH^27;J{^!(H9R$em$G8|q|
z5z7V9VARIG-6C~09>*97ec$fhZV%1iMRhUNO&DsP8r~baUfuil`IwD_-sw*HSPNAs
zN@-!)M<?qY=88DWdACZeT{%7bHI^eeHs7inRrcstxgQGe&+4=ak@u6gbN`oU31jX`
zS!-<-&vjH6Uu~tT4f&Q2W-?BQ%@O&-T508B;Be>VAS0yT|0~_t&29>p?I3B`+I^K9
zGWM!Qzd$X3UvJ#zI9hFbi1m;9kLncmf@Lj@R01?U4y?Y<eb6(a@3kHUBLZ^4)1ljs
z&5G}Ce?;jq_f-<GOEa#&eX&4$`*N)xes{gP=g96D4kbADu=)V4DsisTu@$(I(m4I@
z$VVp=kWMB<sI@h+X4LL`mv(iZOoqHya@rX0U(icFd#J@&CY6@&h=0|09}E7gbD>ci
zgq*$Ar%#@|U9BF5;B&X3DbFWSjJ3Y{Wu%L;emTZd$s6q2IZ6jkA&#vdvcn)_PlqIA
zDJtxQQ=rnLcG8ZC6w3R{ook&!x+Z@0D1rV{NeTPawFLcmJ1=~^l0RjCO>y%vr3X;N
zRHZZ+o$zT_75M%HirxlJN=a5Dqgq8|*RghINHENihDe8k5&~p)v|AG@xB6SnFR$@T
zej8=Gn%Wg|qU~#lSbBI;C0!yB;{Coie~A*YE$`5m-ZYhEdH<Wp71FpP%UVjiIwS(O
z90uLq`Ly~O5M75K{oh%so-Q-eq23Oa)UaumFbnfOn$&Fiqccg`?`B_1GEa>z%TiQa
zU7tyDN_|ngk?M6F>haPt7}5MTT64ZCZqJ9nH_Sq-H+;&WTW*^o5(JOTXxP7`xUDv9
zRh0fN)pMIK7w`v$55`Jfk>A!TG57}cP=OUWTn+OGXaf3@?(t$wqR7j~nngQw6scaA
z+6#pU=+VyB3WS4S(fz)r1P|TL;=*vRc9nH>q+OjtgsanYSKl=7g0HAyuGI=~9TQvc
zEr$qiKRfQrde3TVWA!OpS@a}Uy(NiSU2{K5o^(VE@Yj3k<aL|z>{^{h8(4*Ln?F7i
zs{5ZR3jk5r{#A&xY^b>1KT6igVIm07+%phZ0MHNXx4sE6+j5e@u=Xn(#fQ5Tp{O6Z
z8Y%_F&G~5^84F9+ginwP`18L(PY`d=*>s8Fl+xBQpNU*IXpKB#(PNspIiZr06oU>m
zN$jn;NU%*O$aI)r`?0vI0h*hm?#FcDPdv}>B{g#xn*A)ZN=N{(tN_|AglATrmd_y@
zFe?r>)d1vYX|9wKxcz9dMLCMEK!WrCbyQ1`+uvC0m<JRTrXkbCoqXe?*q>8gu_<09
zy$wdSzS+acKtBRa%qaweND;nkT3(xIb_9cF(GgifZ6rvGWuS|U4Wu9_Oy&Piv%JLv
z{8T{4Z(VW_xl(l3H?6leZJZsjy7W8XPh1OVIuB+LqR^!lO%|EHOoLU0_A;XibxDJ_
zFLidsSpp>Jy>Qn&5Bb6xr=s(Oi<yy5x$-5l%{}>FqpNK=xUmB3yLC+M>MFWNHv1)o
zeU%`OVr-V@zqU|5q(z@q$Lv<LoXqR9tWaMARL!73r@V6Vrnotnc&HX=vRl7LI8Sx?
zdmV{DzS?fUqlVphuR?C_{^n+)PCQ9heq{Obw$Rb$fzo@Rz&a&gtOlRFaDRUS$XJ4*
zT@iP!+x&q~M&-{el=s`XwnE<cRm!`UpxkQMEB4FXLeM6@%D+XYb5uMLWoK9E0EFU?
zX1%v;+LI%JKkQyRrDgTyv#VXq-%QYBS-7?!_P!wH?0UStB1=Dkj27$C@QYbKTEK4R
z!y>Qh>zQ9V8z8>icFGH&Q2{i>LN<}Fk7qZQ{9%36uEDu$zZG>Y=mb_vTkJ$rueZSO
z>TS-bFihwAhoB_5jXh#-opT!M{;+XmF2zP)Kl%&jn#<a4f=uS0mF@*&$dSk0FE4yI
zDQ^ma1k(0j>kCpa!bAd|{MMQ0vF6^2B%W?a@4kir&kJe(nuyS@bnY=z5JS%U6xRIM
zd+pernlA3?z_p7cABn|L^Ob>ZfAp|XtSqUoeD_-rX-uB=(aOS`Z81sacwq8(^gB$G
z>wbQ52wRkY=%D#@(Ib8qETA$#++3VQp)R$gi!;*%m5e_z`)3$_Y4u+({V7z5^L8@X
zyVeVJmDoX&Q^?(ZH{uxga)4hIV_1`wM}n?v`e)B@rU%{5yW43U8m%@3Yz`f_+QyAs
z`E@=$NBPuOE1?i#R@_<aKA(J?@ifJodM%d2YMMF^%H8G%AIy^O=5(ar8@mnEVL7h5
z=a<t|ihR$LS%WA%mVv@tFs?7|fYNGdOheTg{?OpC*C+(;^D#S&Wo<ENubHH0c8n2>
z16BvK&q<Qb57zJ~Uwn||Jv#ea02px*Zc#{o3+2|=AfK*pe^u(fTHiIM+|FPs(}3q!
z>#LLu@|X!^=E*H8mpSchmMJg)dz&D)E_dllFznMW$F{bY4%Em)SgO%SM00|Ucslq1
zaU?bZqu6oiebmO%juPWZw)ex<;?>3VO_5HKkPi7XiW-mb!+0so&2>ZEwTr#x6QkON
zLI1kbRM!7#0b*8DS8<dwslBJnZ#L{7Z;smzBF@^`2hegza}yDQLL&h4&b#7b<8l@~
zC}-GT@882;!3QX(1f=Py>Kpv!hQ^Z>)hkEX&Z<_~E^I@B#@v=$z30o#p;|HqUmGMH
zGg<bGTA-T_?2>JRyU3?((rb4t*D>l9=_`SZeXJNKTu+rv=WwrSKfzrLf_;(eeJ~h<
z#u&~3Ne2>RI5Q7&`q%}Zovnl*9J9d=M;$+%9Y2|4x%N9{h9{-oI;jDJ;UTzvnmXJX
zo9xX~&u>tYKzl*SCHP$5-V&K->tv!^y(QuB5sNG;RTZ+dpuZtCRc$nt(8*-{uWgS4
zgv*wQo8Jyg`XjJH#88_G1oPYt5O{}zYOP~1ed{38rZVLAoPpD*ZT7E78^BUvew_}O
z2mPkw<UlVSMA-D(Sg9Q><w_1uj+%dFRTjYPU{FED{8*tWM&xA4Fbt?mo9>j`TsbIp
zbNFs2cSe`SG|Fy8C&Y9#Q_5@-yX$q8abW%#!ogtEn4Q)`)m~K)9<(z5<**fCJvB5v
zI<$-fWl*V^P4)QLrpJt4GuLeVRDiKQ<^u=J{~;!TpMT8!ZSZMR?{p3JXLj;4{3f#S
zAmBcs9?v^jeL&fis3_Q_ljT%M;82GhMcUq`V`-{XsO1oHN?ZFqj0}#r{)vfxPN8u!
z>xMX$EQ;VqiE?aB%t2d1&>SaZnoWC=h~dftmcE(v0+9F4ZOo$zs?_V?5gu|*=>7P+
zvXHGs`Nr*-9GR+tS585q>>H;8WI;`lH)zlEz`1i@nVaM%I47dNpnCbU2@KR89WzFU
zDWYFQ4}<w6JmR<@6QjjZ)Tscu!YXq`;G&fGhlPHN^L~`wQy*L}&*w+QzNc9O$&zY|
z?knLsVPQfXWhZm_CJG+&f_>jXTIax4Ei~@pY%gP((HQ`*gVZy>sGp*P*iEp2UUpbD
zzuKMVgJXfED`{sd#{pC89#}8!D-9Bh8&vB|O?vFY@Arbwb~vTE&vmOUU`r?ar?hkD
z6UAu_#D3wnRw^rigcka>9OSu6=fM?GHh=G!Z}o0wF+#mhztJRkr^!;S$#vN(Z{EcE
z>~zC%C0x7@i*7ePSRVvybnM~VY2i}HD?WiT_}Dhv(Thvfm%Spbv^A@1d%1Uh(lCpl
z*G6RN?t&g{K!_Cu+bI1-`#oI+{NjhxwGu<epiq4m#(Y?D-8=WZ7oiM-nUSF=W!utZ
zpQtvuwlX8g#<}wwt?FO2-vgMh7^2WzhMOuuC}7j)C`37xXDpUi<&`q{)TDO#XgYAv
zeD1fjYJk_+-=d4>)rR&PlbZb!;%qJICE>b)#>V6Ef}dlb+d5qeV+xXve8l3cRp(jR
zAnH{G;d*8{#$`v%tigUW%wK^XNr5%Nr}~ewG0ebgCbSinjp!p-BV(hvZb$>~z$qsd
zA03$>JS=a<GAH_eR$thbw$y~R9X)fk8WFUaVQ!=Pol#HNzSO*Sfd5Bl0oc25lY74<
z7ueMko<k;}TlbO8-brvRT{eg?sJ?DS+wYKe-Z!W|vBmOAs`Q(V=T_DjI!e}&PHcNP
zTi1Iz_~Qm!)2|jNjg0$*ifX%!s;Wl15;)t8_DV*oYs^C_XyS{9p~&R(qp*7yU#X#4
z`@g&_Ki5}%bj06Dh?`kZ45}Sez%Vw~oIOnJS_$Gwjbcvq)noHLvoY90Wd^hCfg(K~
zUTPs6{Z%j#7bmd-)wfUTdhnO51({tAH(w(s*K!1aB+tkhhL*QOSsXbk%jVr>2=UsP
zxL+^9sVm6u{Kxs~e>jS3z1Zs@wZoUB)iI51GOONhq%I-X6TS#LcCP_n+mbzVmbJ!&
zcDc4sDph;8Snh83<O9;!D0klvqX&`u2BHMzdoQ7Z`z%IZ#tGlp<yA1;;5DEXweG(r
z@}^xh2-cO+$#>?lsh>RWc8Za*#N+zglF!E!g{ge)fJfkpINr2w*at#7FDDg9Pr|0M
z=#CXcD%cB@bChu<h+#mLl^bPuEp?LM&?zz{46`f(mXV!!viMS<=z~<Jc)|8CY`LPh
zPgcp~f>cR&`fDH0t%if41JGz18hjw^d?0eLz~I){9;Enuj40UoE#58F;|&9*jz5Yq
zwI(hu?$LsFRje!Kskhv;?_*lM@;7YT^P2Y|hf%S7YHw(tZ*q{FOKU9E_UIypWFY(1
z9b(hh@M2g1KkTQT*5jXMgE=2VU(_}i)=-Y+gd$N7>1rgs*6Lgwf7D0Xi>#}Q)A?Qy
z@s97RZ7(j-L5TSJ`r;8DFMURQ<V8K#ungV%GX)_0kZ04O$3i65vM!8pGr7vLggrl!
z19$uob^l*AzQ|cJe!SRH0h?F3s-re@Qi9;O{>f!STWZ-x5xVx=<uZGcmVW``By>5D
zV6Spr+~S-<t7I#XJs(<cX<j2q7BM&ialdV5^P7?mh*aFr*8rBEi%vq@{>WC)BC6iA
zh0)}UG*6W}WD`2B0hHBf&ii*-XD@bQmRHX{7C!tayqONYeD+iLPcfR}iRTQ5x-QN@
z;Uae&v`pp|_NeoZ{0NUa!rmsS;kwS6R#-zNwJ_0M{-f$Yy;=UN)ui6I4ru_cK*<Ea
zd<m(dB+=q1`4PO6zI|jX^bcJZ(sYB?nj@XPMkDQs&qz@56=g8MMN`-2+09@5F3e0%
zu-tIi;jpL1(O0oI0VU(kZsRrDS1Ct9zSxqKShQ+R6`wKvd-5>ww+u4cH+jDav4wVh
z*YJ0k=|w6HU0U1lTezIG1U4FI>{zqFOQlUZn7M$Zmv^97`p~1_pi+6s)o+$5j;*g?
zp|h@!w){qmMi^_tSwXFDfqzDa(=fT^pKzY>&$wbZy}3)x<e__K!e7Xnzv0Vd-bV#9
zvux<mnr1asj>n-Emj*%x`DQXn%&M>JfviafI*1x{qTw}MW%DTFVYA`U<ae4jaVmcG
zJgz~6c!F6Z`0-ulXHnm2fPzY7#$^BS+pEA#&0@U^^GDe3>_u2{(_?R0HSt@suZ><3
z{OQ10gaym5q}lpv(wmi8ThT<jawm~Cp<hKhwPWmM_b~3>`Ko6TbXO6Fy~`B}XPc6?
zPJ6A|c1Nh84hXZS+oA`L`YA)=WnZnD53a?kf!0OV06%YQh0^;{X~hHhy+8h$;1{La
zgMX*-rN3$Lbr%Gtnm~s;9-h?D3O<%@M;CvJwzDHsJmzC>v^*PMxX+nVUp=|q{PAdp
ze7~q|`*QUD%9>PldXLvwm5Y@}i_NB<JqiY_ezY^x7o~mk9Af@{r$X)ccK`ZNN}%10
zYS2ydt0Zf)GA2F4G}!qtcbpUTI_S+I-QsV#(9Ak!wOw5ScNQrqbxl_#u)efPN|(8m
zI`R&hxFT|c`bb~^e{!fMIcmcVAs&u@JiD-VpeA}F;uBe1MqWPgZo4|`-1DF*)s8A{
z3B<F^YyNT}WBI7(OMMR~bs9`V$c4G>td54l+wtumjl$1uZ+7eJ_h>t*DStfIxBuq5
zhp{(qNDZZFaKJDAJ!^*lh4ZX8+{{U~#;kKYm`Q61F-eE2L}dKn`qy4SAGSzT7)R|h
z%X<_*xWDXy@vPFZUstbx@cm-Sa-3`R(U!lc{DYY?oF-v&nP-B$Tlr6O&isdlgE-Ce
zVP))7*Z||eU?KASN<v!3N)Ak7<a<+PsFJrO<cN=~c@U9+95zsX!H#gH?d!b3SnvaZ
zUvk8L=egzVdO*XRH;}d@9L~xQsM3unq;8$3SQO*>>qATNtslZoSP4W$>;_=(S@Sww
ziVkt%d=vFH__+&iK<#TFQs(C~+p&NS>OFpk&!t9zq~LZ_+alu7k#BUp`C!sh`6lAA
zHk#_PHqs1x!%d&1@k`wF%9goF5n$h=FNSpHvlJOQk_ao2wN0e}Xuc8wb_cLX7n6PH
zJKwjmY>88Ri~<wYiIvfr)C>ScB{eG7k~B_w$8PH${x$2L#{Z@zLbkG>iKf^e0K>at
zWw$*@ZOEbI{*599Kwq9I(j}%drh+^g&X|n{GZj?5_Zlrz&)31EnDms)DrjtLYe_fD
zko46ztP*^`6T|N&rp%*7^*K5b&(e8kxX7mG)WTwGVc*W?gU+=uPOC$<w3WzKjNRq!
zcgfymI+Hn(n=CyWCuGO-P|w=tQVA>_z@k*81R_!52In+y@~SMyx$)u*Ol=#xnhP6$
z8N4uj(4#%!0X$2~>ZMb^M~WuLJF`#5h`N)&3LpO=XT11pcsD!GU(<kkajrqF6Te?g
zz5cVVkAYy@m%ZYeIk)^!!PPyWaE0_z{P$Wv@8&G=cN6w{WJbC7dhVPge#>Bm6M1M6
zBc?T{k)N1z8N0)ssPWiVTx-VpUi4`<nz5#@ys0Gyl+z+8tiY~ZLzOK(_8~1i^Je>-
z9>Ca9+8ICeh%p(reQ(GPQ+<6(emV-~qhq}ab`=|nZ55;gB0HRP-76U4N8Qd%`n}v`
zEH?cp4|<QP-#Q}v#^T0^xaZ6xb;#;nfZU;58N$WXoV>j+-Zu&U@a8sbFi~FpzXsgK
zttA3Yu_Z<YjU<aKnvo2AQj@aLG6JoW2f}}&rpn4c;V~llY5Bmj`bnr}En2>%(5@3}
z2f&$HVUj8v(Cv@X8e*hI=`bEbUWO|*Ze@N2!_%iGb26iz>?i^CS1G>e$)Jm{W#XB$
zLrL{>vg0P%K+&XKnJ?w@HSI&Ut1rDm+!I&8^GZ~x6URX!f^f}N+S3vtK8=}xeB%2u
z>g+u#9e_j5Q*7cu*>5qj+!Yzj0R%r*u`2@GrS3m0*jsw$1DgzCXIB&ue~aK&#f?)N
zvjq>;asVZ+nfDz9af_PaZ5H6M1L>j5y>7NE)`zRTxJAC4o<K7v4B9+(pHg>GSp8ju
z<T?|YIh+?c^(Pt&zh#~VtHRP?K8t<naqnIjsVa1K37uQMXmoC;DZ9uo4j3%wNp*h(
zTs4na@+2n&$08o9b=e6C>NR|t`E`K0zBj3OLQ$_4SH0-jFFaTFl>n6M{r(wm6t>2)
zhz}6dwvFmS)Ty6j(>{e&iC%7x?}{KlS}$5)1til+z!mfXB*ome)(B7$D&_!sda_t@
zFmy4xEUA8BAXop=KeO739T5l9MS7_A+IEJX`QHmoX>>79j^?3YMoPcG!L~P}0;&&h
z54T0vNBng&txgYKNZT0X?5)my4%Ff@L;YIjDUZDKo9eX>&19?319o!AEVSF3erGWK
zGjhODkmT~SqWX7eue~_k2x(RK2I;-&F1x1v3s~4saYowe0@u*JFmh&25KT!?Dc}lq
z`qIaFd*FS{T(%w#*M!GMDE;hlC^z%)ns^}Xu{rQ`IJTfbKyuNBsR6)9+n~=?j2<<E
z|EC3Xr*q8Rw_A9ugiLGzq*s%^SU%hlvi9P|qzNO$U7c3q#r4|6&F{|=g_7aZuF?9(
zy*#SupH?Q=8izZ9G&36uW;>HK_pdQmde6t>Bl`9um}|qoF)q}2KiP;rULqpDf2*W=
zBQ=>b^=%)_VSiIZbuCK1W%k9RG@u3a1+tprQbPOP4Q9m;MBFnKR^mJ+=T7PgGbT+X
zbtjjAno5miKSBf0hipOoiQ28|)%E~`4_9dNz`jIdd7Lg$o+S3WZ@&%F)Qc|MNDaLw
ztTX(NJ58oU_VY>N{V9>&zwpwOXQvQrDZ<2qIf^-B0DB+Jd4gekeR@eeZJ+DPIw~EL
zTHi7FlEu$tC8qtWaS&a?4L9Gw{^|=i&s{M{j?o5yx)R~^f24*M)GWqRgIM2;lFn~m
zh_6fUXMGqVvfp5PsLWo*_Hh=V<D3zqvVd-}p4QX_pIk>e!>vyURwQQ%P=d!hS(vyy
z!=i`zN7L<zT(EA;!BvUtl}K(Z&|g@m99%6eUhulC3>?P+*dpW?5HVUEHp=<969rJC
zSCK}CVi6DX&Nps6G01!ni4Sm9$pNG}4et+jM||yqZ_@}slW<Od%K$mMA52$N>g#2z
zzjL9nWY4nu(t^j5IFw>~ezLDx?P!`*?wmUSbc;iEtGDycq5Xm|jAR<LuIbLWWP|Q_
zc3JNrBqZaHk3g3gKvJaEvf2XBP?MqFT5pK7sOhFn_1e%~0RL9FWmWBmptSK=rH5Yg
zg|tcy&7y<jy(3JAR_z{L6j@5y|4P$l2lSz-n&!}gCcFCbU@-JaW&{}#uVer1y|B(F
zSI9PRUO=-X#>v;Jb=u3AT)a6g?kRqFU8MdD2_79>@m@T7hsi?JCt&d$5Nh@Q!O`=I
zn400)qR05=<GZNqz&>|Y^AIhzm7)*jX5?Ma+LIR*VK#Rw&orB26HH`ni26$7KL23V
z664nfIjk8;mi#1u6i8~NfZGJw($3P{cDJ9?7;Ls=Sl%Q-LAPW{C)bI{Cp$_>M+zF4
z*4q-+S7wz&=33uGpbq(drPzNgx#igUr~0C_mtwkS=>sLwk6>vW1V(&1RNDpc{e9|4
z;DNZ&%IICGc#j2<d5y``+F0J^tD635_iWpi1<s(OxNx@QY6dO)sychvzl>63++clh
zsGZ$(2RqyI^v0XU$PxTs{`j~H;u$r{Ai!UVV0+Zs{shR_*r*TS;39|r5w8r+LM}}|
zKKR*~oy4CQDM%3+KmRw`@pchmBA;u&<s7-PuCNyEM~Y*Y7ziA&jMpCVrbzQK(kH(`
zItG)yfmx{SsTjU55c15k^QZ{+qB#1(cmwr0oAw*yF%?Ta7DzwB=fJJ$?^#_ZKoZCj
zrJ1udWX1$r)y<tT4PfO$>jQQ7B@O-3^5c2<V-lRBY0y^SQ);oZa2Q{B<u>>Jrqs&A
z0@-e(*c7dFVhDe>>2_-g<?u0mvS&Y_HnD>^y)tID$2CtRW4JA^y7pY#{Jp3zcu_h#
z?KUHVk_Vj%IZ*d_=d=E@j(&(c`EkpH_$Gc%2g4w(6}5heJdW9kjc4)XJ2P*ezimcI
z>n-`7GMB$5T0}xyD}_E<?@g5rf8(ONY*7>83;Gu&#I2%hUnosn*o|!GMm2|*LZheZ
z!0D`Uq|7RXc|stH2P&i9L|S9Kx66>1!bcj1WKP!x+R{F-=lv!h<gZkBpltZEyt5~I
zELV+(qxK@v_#7R(5(!x(DYaBDG~3%`-4^2eO{`$DVFH<jVS5g1oi^UBGBotI`=Z<F
z)}A`OAcHZ$HH-Cy>o=syukM7pq2lCG-t>1Z0Tr8Nogrz9kw__k%nbG(uNT*PKp}{H
z=sx;eE^A`B(~%f0-#4b7zdAdvd=T0O<m!|Z<4=4-PP_fE>bB+4<W2^(B$g$HN_Opv
zw^Ox&jv~9vyJe=hP59%WhU?UO*7vdW>@1Ig*De$(>F~SwSk%#Y>pV~0G$K@iDMR=^
z=uleE{TcCQwL%{~m3xKPB+%DDwkoiv8wbQ4dZ=BJh~bqlj#_5fu~Nq~NPi8f4HmQD
zD(ij99NNN9D%sNKB?T@BGHbH~Uavb^EvRKs?(R|41hnKxa)nx^iK<^*OS^V34j?hx
z&P-*K_WKR_9T1(;k{jDivy@%m>wI=J3KHL+Z1GGu1xn=Gh4V8ZvO;9LAi0h`oYvO@
z5*>5@>(E{@hC2lR(e2_uq%-)-!z4g(`^li<m=3a)Is>xz9+^wNYm~|W*qWNxQR$~N
zxv})F^2=nV(J5}sjo|FdOUBM3lnnHD-qCT7tUxwbV)T89>T{aKn6%W+a~NSOhx*{w
z@g_a9uN5AJa`NEAZ{^@x$mmXT;H+z)`;rBx{h`9DYa6z-{@8Mt3aa#1^K$p<funMH
zBee_~%5cZjXXx^40yTS7dytLOHpB@LZ*A)+yrCzvbOx-D(ra?Xr+G@^rJa3rnvm60
zLTmfQ%^2T^Ej$GcZ^(toHS$Hb^WDFg-PqHe7arN6oI$pFUb|ujeB0hEAF7M)6l#qp
z)N1a343u!(>knkS&fLMGN<7L+F!@%WCfi0rC>PIY+nq|NO${?1rj*|7x+=3goX7>$
zehYV>`H^8wvi~?z3d~2lW!32<I_<iBvqZx27+J$1WN=L)cRNOYxyK<KoahL!keNdN
z+OCgRncTu8U&A(COhkc{tg$4OChX*~f^<pYc=npqiz^ZA7Zj2wOa8=fTU(LfZ6${q
z`_!{D1Mf(-vH{q4a-H4vNp8%+6UthMbDCIW9nsaJ(cW;B%w2lc;ppq-HmF~lyhOlY
z>z8$GIrwZ~7>&g?cETc7eo0CP{Iyry7`iC8V4_d4d-CMT>a2NMpwOU>w%zu4H+vc7
z3sQA2+|<85XhgW=UEuZTx9oVguWZLFPwmz4S__&r3FOoaHJZ0*KjA7$*=%Wv9!Lo^
zl^(Kuu5P&U2-B>8ZVv6v+^w+F$DdBzHJuFRiRqb;XS+q48<zM)?nL2H3k_zkK%Ykm
zS2_)9oGi_dK3nv<;CO!|>GT?j(zcHVNY11VMFhy^eE1csdR>L^Fv>+UZCerWyHOU5
z0BGQSyQ`+uNl-fAq*Fx?VKBue&DATU)0MQ=PA&T1JNuvEaOXdU!=Wuv(Z=*?KsZl*
z>t&6R>|U|EeJ9<HxSkITP0BTyadx!}5|%&X&R;V%TdG(7-Z=1M2kFLmk8(>qwnups
z<VgD}S)ma&v5k!e;|k)@&h5S1#!q*6fIwIM=FG(h+nDj350KUL<~hNdcqXYiVaICg
zS=E!2LHqGPzg+#shq!>9R7#LJe|FWHIqpv06{roba#ElzsjwxmpDQeFExH>7zS*}4
z|2M^B`J_rT3;IBq3WzOT_JZ?3kExf2YXiNUx9TgmYQ5rqKaS*@B|m_P8Pna6^N!B`
zM})T=-@9Dovi@*g%;o`;liZKMX-V&z%;V3L#zI8?fAEY#lLh=*d^vg1QJS`Ljl2V-
z^xz)D68yVOTl3oE;bTe}Ywjby+!U-VOr!%>Y6*+HFZRxs{Ya<+DVx)@q-VisGx^DK
zRz3KbY9PLnCdBF<ty9IE8X)rZZO&9J5=S?l{8|falSv4dakqbqhUa1LbsqQ6sYi64
zfVfY{${Au-|4MN*{b*iSkZm@2>mGSELn%H|#{RX#oJlv63s#yT?5X{>IuN60pLZ+q
ztLYG*2>Ms4vhrOKz&)5VV<7cthvDEGDe@0p7S<<9yV?FuJ;&b!6`p9E8QZGFh4Wq0
zhn<TCLq4^tsq+3aGCmdPXyo0I6PBi}UwBEWkU#KVfBnT(X4^YLVDweX^ATASr>u*a
zQpb@+uYQ07I~{!an0CQUfA8N#9@iOqXJ5`b2L0<A-@gb2S{tpY<3KK#w8~K2{2coN
zt(|a5U)Lp08VzDOWsZ=&SB-QGHP|={rtj>!3c(6?eP>5G7p!?7?xFO7x}H-Y2I7EU
z_|WL=Ox<Nt01h3O+O2?pE$x}(+_*`;zr-hYv^@#uFK)OkhSnyW6?}T2=;Y)1+tDn$
z`zY|(z?`vqv}d_$xp}uT!7MPx-o;|>qed;c0~>r1kS`(^=Ke(6|5~q_w}tyFOUj+6
zGgf0$o^b={&ECWE=Sv3HgZ3pma6s0jzgv>X0|Im=c+`}m=-wVk6z{yk7p4+K%Q_JY
z6}Cr^JEeJ#kz(l)h;!?n3)}IfDQ&w!R%!vl-}ID)kh^fJvm^LirIq4vs!U^ekWk~t
zA2gIXmjLo6l9ZdSyTE-Jl9I0P{0l=*&u>I!W~^|J&tt!n%ZKc%(qB{%&4KATi+#)G
zHWd8QQ{;MASu#Epw}h~Z&$b;$8&#tRs`Wict&@x%)=_>y)>NDg2!(XA2_YKoKY|-D
z&zn68*PbbHmJ~j0abKx>F~QA*P<>D}X`{29SfztwkWUjm*CYU`F~FL7RU~N4UUXD!
zdj1LEE0H<Q@Y}jRUp7Y^*UraVigu@zj%Ur;dwY6rV)JY-YAsIeE!yal-!+n&cK(7c
zcl+!InwXhgN8}H@JgYx5je|ns+T_``=*0dJEIvg!Db@wYn1%WInqC_-jK}Gk>i7aw
z^1KI1dDoS>oTbJ8QraD=c`63^=)>W@n4krj7=L~P@9|VJ7?4WJFI3O#37}+)TC`RE
z-884bLj}F&p6LNFMyI-N3cV{4@QekP27trzwTKEahmewA_tk!i(i&E)%hOCyl}w}V
zio8d*v+-$JQ5!#R2Z?OlB^)di)n6x){n2l3+Jks7`}S4ovoKs;Q83MS1VJTZdx&%_
zy5LAG{1N|LH6`u>*3~e=wrItH%LJxvv@w<JL5?bVag!7-AsOcX&S49-P`Xn=@Xb9)
zx}Eh0M#o^gAFcB~TsFNCESI}jjc<(le6<mFlA;{3WQ4viz<`S#!yP`YyujDuK8izq
zn_UZiUl{|uH}M?Q0qbh)n-nA*X<BZB&oBU9q+07}igt3#)hINf!%M~vN6jG3krJm%
zn;DPBhtQa(hL6M{j1C7}PEVaAbc(dRgB;3C-H#Fk;cg4azT_@oH!-c`Yl+vjkqBzH
z#zR#;G??0P=9cXw09`4vzDaFgJXx`)Gwqy}O81^7XYAP$U*t{OZ79cT5mLWQn)I@|
zop^Zl0Yh-brgh*_(_`60$JFng8w*K|Uj2fYy*oQ1JWkD)K2us3c3<Z(cK%hiLw1vS
zaV$FNe$PCyFG+{Jcp#}Q6A59vD?D9)lIq!Y53Ju$TxbWDsVbOF=CO?*abNG~8?qZn
zT5@GmY%A%mDVIKs0#Xw%IdMNWD1yja;X8gjm3$Gnxqu+u>^F>)|I-4-{s(Ply#5Dm
zW;CdgRHbH@44!5T>G=u_`HivwuU41YyGH$lx9V<A8)Ut@7_vcG+w|jcO^UY%G4;Qe
z$%|}VJz5&SmRgEEEdS1LO41A)OdnyqF`qr`qqjz9wxelco@X-P<^&62&!?W@vMMux
zHvof0f<TtzZ^yZh=;utFt|1t@xk~{;o<Oh9`WT<4s{Luztkw0`nTSibjP5GFu$kK1
zhODU+m|ZesLjPXU;93nXH)G)JC9A2bi0a(i)YvB;s)7eJ_xsq-MTCc|J1wOoq$f+O
zETxVf_kAm7;sdY%>RXeMU=55@C~bU@Fe)wYuFC%Hx%oPm{BGa#efiex@VkVmRGvCU
z`(?%{QSO}?r;nGZJ(hB<{jX(m1Ad(UHQ;de5!>IaCy9$P58XA;IU5K@yU;2(HcqKG
zn*~4gf&Zwj^R8^qB92a)ERgN4%2iYK_+6@-F~KN|O`qO6>r*Giw!$$g1F+*JGANJ(
zF#x7T0Bmb5JuzDnFOwgsw7v|?IRFBBI_t`~zHYObA#Om|F^5VEq=R>V7vAUJ8C9P5
zm6(xF@H~>$b5P~~LU#i;_Xn6b)b%@Q+=QS>ALu1SEl^(@n3|q4_pY|Mdky^H2J5+D
zLPN;h<dY_EU&rMFRMZ!(wH9xfJS8HtLjItFUf|Ah-<gqvvo(TOjSjjy!i~{>-t~u)
zv(h2Epk~|e!Azykot4Hiox@<Nqkn;rVmXe8hg6JryIpr5<4sIYi>hqqr*ayS8;k<&
z4VHh;+u^CxU96@KBWd+N)`KR?ruDo|pY_A0%u5}sw7*hVjQsj0?b$|kfmrTF+LJ|*
zj!l3b2zD_Y^C*z)Ch*{c=<YpSSZLc#&Qe^vQC(6e#NVI(kXbPno7=SM$F;jLiuUGD
zw(BM(#;x(O#4c&0J3|>0aP-`7wKmL=xHZ*3A0Frr_tO<&c&ZJ1;U+)Dtk!*tE}su<
zr19*lj<jvHB?lT`FbJq-{ve&ESV1AW;AD_e-(F*N<Sod9QT%p(BkSDOQ;ccSymVN`
zTOT)Hc^?s{Y?6jlkm}598;9fBe?HE|{*HIj6;gAN{$9oF69tYZhbf)bs(q^p)NXsq
z53M}`So_{$F8q*5QZ<{!HPM%@CTCB~wLluz#eBg`aI2+xPit<!nFXNWIQaaZN*fn$
zE+9q_I$#jz*rXIH<UpAr^R#ER=Qqoc;ab1q=zTHou%i0S-`=9z)5U4izly^Gf7`;*
z0J5JT2_Q{Gq!|T*!umG7RcdOBxPjy|N7?r8PppouYk__20X+Q`cH?i>Wr)rgG#|`!
z<W@5YvrCsKq2j!<Y-!FMH7uEV!Y%hKb#;s06r{;}5E~>mMC%bwkDzLB3oC70kjS9j
z0)SV?3rzjl%>F7zNpTb5@$k1h*8VFz5f6Pw<V3Od-`H*l0bx5c&NuU~CI8EeVe#Ga
zP?@z2TB$|n8*}@|XNOyD-<ua!+aMCTYk58v0C_PawrTW~WnO{s?`SllwkHo3HvU2M
z?)L!eZe_1o|3vZ`MteZ&JQ-<g>$J~go}r$v;iK2oHVCf>zOdgr1(H;&jrc|Q6ejgk
zmyL+y-keSKLT2u~MdP61;jPy0L2&?(U10G_Lr~T>i|##5C>`zfR<SuSvj8ue#1#1w
zD!oy#tih+l*C@p#uU=u41mf^n`^l23_)&Rcmz|9`X;`;b^`w?6)$zL!YKVOcL*=qS
zAwtR4s&9wV)2liDY$%(QGgWfzd;)lt#A46&B(Tq2evMe!l(3T}vRPz}Lu$A>hV`U*
zKag=%#Eq`MuMg++gt>XCBjjTszBsCW<4aPShtY+=uF-&Do2zZc(K2V`A+TzvvDfBB
zyZ#2IJVZqUm@!~fc*@1bvV1+V;reqRBbe)-<NAZW?my>r%_$PcyRqE*UBI=Fy~f~q
zHZSKU=PIBaVWF?TI&`1BnE*4L+6z1d@74rmtc*LVLn`h8@dX{{(%wp}IU%yH)_RjO
zvWI*!kLo~>vOOt5BGLWZ+1Uz!6f*=IbI9rY>Jn;(t68kqqnyL<i#bB(&FhYy(f+dE
zq$4@pQOMG3e7%9~AC}QPwm%@U;PI3`iS2teE402}A-O5QA3@kpX^aA}0n;|yHWa~#
zi{pObvH>DZr<#dGY}@^qAx@U~jbBnQ`s#JxwbP9=p3i<OzO`rd<n^6Ml-!=MHaE{A
z9Oho1bf&%g-C<?bpWUY=YamUmKc^!G|0@C!bXlTDe{zAb3`tC?x=DszWPRR~6>+ct
zg`B2wvWggdEzm9RVlPWuzKH*$k?z+_x4%X)2ZP`R@U=;@h`ok`2;a|)uJ>!3aI?v0
z6sF$v{J6&zX|A)5EOHl3znMH&f&2JXN~MBiFr_%~ev*%Wg3DXbC00^hn7jT{Er3a3
zKt9Cys_PsZb6l0>S@0!hKI<Wi(3xuw*lj&aw#I8$_b!-Cys4J~`aV|53-Unjn3rY&
z@;i1QZ7Xu1;BqH5GoO!B)@QlWri=H!Z+F|z{T@(YY`uaS9J-I56ifzQxQ*$%`2O)1
z2hz1Cr&6#lx9u(I6Bpj9BG7MQs>TT~Nu%beafT`7%^nWLXE!^7B&^S+?TX&R>?(NE
zT+7gzrV?MqyU1ATK^lGKHhyG`y12~PUSLiN&vHr4rDIRLEzYuAJHW0OS2GPRzOla-
zIH$=fNJ^<{t0ewh1Ai?$m8f%r-jjA0v27GdwN4&AfDO!k3g`&Z8T;0*A16rkRLG%5
z5UMn!a=&$GSAB?s&Loe!T0JT?dvB5SjEd~PA8D88iq5bvo~;u(h&0w7KJV5s-nhDc
zU&7{iR@eO;L>)R@6F4sSG`n|?dFm{1zF)XmCnC?w&zWfNol5p?Gq<UdD#ABq9IH6r
zD$C|Xw_9<*cOFIkeK3kT+oz^k#J8Dn6nkaflDOpW8fY^HRw;I=fO~~a`dVzW@RnKV
z9UH3Y+Y493NmS1^Mm0>W8%Z8axn9^mCVZibAaL6`n75(4-l|*BdjnJ4JSSQ?p?PcF
z+8{W5FvD!RPA*<po;Cp(J#h`HZvkj|&P)fTT;Y6`fieLX7Rh|gl6IoO6GF|AP_bhG
z4WmDbq#-aY_BZ%>y)-AaTlHks@5P>JwY1g}<}|Ip2JNmkR^y+zcU%=}Qc!P^eLtV;
zvt-1%!w-a|gWy2tNdn>=o79X&TAN-6e~V$_TJAQ$9FSpucxh;8PQqjIRbN6-7@O<q
zpx~YMm0q4D=yPVN!DIyu_dAkFK+Z^0**>(2<t=){IkEV8P2hA_Hw&jJ5|&f0T_D}H
zMp-{tGAJ2|y_nh`m1{fxSn%oACm-hLA9t$TPR;5Zt<24?2SI`49G6mr%+vv*R?fL8
zdZ=r?B$>xWX9bjflEekI7Y1TyT2U@hs8y+n!BT<m<vkH3A^^-rUaa$R>-!vpmn2=o
zZ#TiR^0iGCqYlQOn*uXU9G;r>?Ag9No2H;SM>*wd6yhT9+NqUgHhjqV?wctY#Q7<z
z^NmhELvV>Z)b~g6RCLbm<UnnP?9;PDD?B*D$=7#5%HrmvYPqFanyaJFu=lwGni*$`
z^t%A)Bx+ytiZ7FWkjeGBYSghb%rMzNvp@3$yx3W)p<MrV*cnmR?Y6_4P^0ut!n-#;
z#0%xdukoG&h6@HhfXWXQc0604Xx(;RegIEpLE1Bg#RZrfNln?`u2#;~fq6g^39BAR
zmC^RZV|I;Q<}7o1>9n+JqD&+Dfu!Q|AZHA4nb0heA-@*_y7*+s9f#tF<~1}s2SGRX
zp}kj`RzXT0_um7gi|?zyW63<`syX{y(D#))%~bOZwRY{LLh;`8Rh9J#PqIDo`fWQy
zdMS%&?%lihrw@pq^t0No)I~A3UlRK=!4WMWKJ<f~e1R)HxnfIp2VSJ&T&cV2c1K~p
zc17-MX|IG_#gPu<>Mm12xBKM2vdoo#Ikl00BQ0>0?IW^|F8RPF8-4|L@WqkmOUBF9
zb+KrmqU2eNcb$GlNvf46Zh{VdB#F*iYwIJz*~)i8LP-gunvfY;WrqWj6Nc?L{7hgV
zA$R7483UsH`>|+8{092ZPN{vmv!m5ZyZYLAp6J%JiCj2xcYWO`kb2|zE`;S*$!_MJ
z!<}9>Tg=K+89Ya&A|dIl0pf`>0W@bnELW9N1bB`V%dFp*5qWK2Vk1h{1X+!`9z-o)
zbGk1ep5X7~{ylAQ#xf_xq*~P2WON*=7<xSW*Tec|GiH5Flon+=!HZn0s#IX1Zn{*P
z)`aWhe^R1AA5zN#ocF_T;0HyUBscrrq&1_2=;#NOZ0^6XZhkdh@bIUU<{+d?!bf|&
zUa^T@i9$4ZM1EZjXOP|^xVmoom;FYn(acDhQLG2l8nN_XBJiR`R^ZT|4VX&?Ic_bq
z`_H^ljawu8rrn7Vz>X8ND5ln|zz!Hcw6Wp3p2EG-)jMK2es116xzgRA$EX*Tgn5b{
z83w}@g=#w>-$H@jWQ!i^<gpqpZ&IK=KL=QeSQ8-7LFj=T#aC$y)#apm<{dgD@c}+S
znye}9MsR%P!iM9zAv1kAy-zZblizt9$>Rd(-|r~W+)}+sCo5&6gTd7C!i-aMeMf&2
z&N83SE|pW@iT-qbA%H|<Uhf>ejY*}9ASEDS08h2G38p^4cfABs4Ns9WCN*bLMkfJO
z7r{Y1>~6`2E=|}%n<WFcmE>C04U<%71!GI!q|Q*&rN6~zO^)oJPnSc>oF^aG;(Itv
zNiz6>lxlt3vDaph{eakpohN+id9n6PrD36*uGsEzizWx(11#75o!j&QK){;K<F1k2
zhKdCF;Os<t4v5c+4f)O@;rU6JZa%$yG~|=*Jo&KWh|>Q(tx~V9R^i))q+Z=1jRW8|
zTivbOwoxUmxG#<EYY*|={H;rL@=d)*$fn7)$#24!PwiAmNf$i>_dP&vGjB_o4Vg~e
z_lL{u=RWeuT#%s=AqL)3MO#|ty^MuFucN+y^zKWnUWJd^c`X8sf(emu<kNl)Q3bW0
zGvLXE+T^PbjB|s$EqJ`|5(1R+>E1MU@;09iI^XkwQkLO>EE6@fsn^0e-K47b!gXaz
z7;@yYX*>>$a-%8B9DKygzh>A&2$DT*3LZCYk1al5DVKl$llw5&qgOZ6u>HGFsZ7`d
zh{DVF8v-P``>{eoh7DjX9CZ=S`t^4f;F_%%eB@#DeD`a6fE*12x5UXS8N{ECRB1mp
z7(2S_TBNx2_MeOZx~SysY@ef;wADdPy?DU(PkLgU9m}WjiB`Dksk+B%*fcmw)=UX!
z9KHYIQC0h=6-dWY>;Hd}4V|(s{Z9)(dw*I&K82-<xXnw(>4}g6ooG&W)sGVnknCvd
zOR7R2FD}*EtTLguSOEedi$oR5r|&HUx2u08gz^&S)w_;E0cbpaPeD?+B1KX%XOn(C
z$sW_1J%mb)J@{=?4SEGR=ORDAhYuopkM8!bTZA+-s+QEn?xzK)1X-|3&*hqKx0J09
z@bFWckvKH<VU^9rBKoM2L+jiM+rSA_-IVaNNX&woD-pLMji=e=bZv-EW<)`qdTxD^
zO!w{Upa#%-Z8Nn9Ia=&bbFt&*mG@ynPSkg;h46qF>iJAsWxW}4KZMacSCFoTahW9o
z!LCu@D)z7*Q<o1dRor1to_q_kI~l~sRbf3W1L_kzRI#`YMd5xwOVr!yDZz7dhP-{~
zm-!b3Ed>^c9i|}75sC8S68I`*^0DJ?l;$X&i=SUH{hw6WF1OS{4;`2`V>tSBUVhgg
z7Ew#C4jS=1+FncZ`|V!CJJU1SzQF^U72$to6p*~bU=i7~FOIbNDC0G$?ii(w>|_l6
zVg1WxcTRn(CUEW{01J9cVNI%;`o+4|r~YD^oD8zw;VR}0y!Hrxvrcwq%SgB6m%2#a
zH|{Yww#%tlV+*k|5t3cP9cA{&1`j7+Ub$LAAy$8ZdnF2C$8hm|Wlz%C<7b~wXNaNR
z&!qO-hYLbIuP$*4V!#>YHwTmZ(6^f&_yTP%4xOn`R;?Wd?(NNI)Vro$=kk|Z+VuM?
z<LcZRvvKZI+*dLQZ(f#dw1R-R*cUDY^84dbzaVx(9n$7E&iQ^xBgpoUIcMnyFdi|N
zr^{P5RT`h^nIhHyB&Qv&=IVyXz=kmLJv0UrCwyQ2{vLV@b=Yt`XSGHYUwol7vv~-F
zP|}VKrtdnDfH4~NHO+yuH`n*>&ka-jeU0~VcpIW*=u`DYbK|dAb)w#fupj@Ar}yxu
z`v3p`E7eiTNrYZjC@U)oS?48{G@Oh`W(j2;+rc>}#E~sBA`&IpdmnqR>^%;SJ&t*t
zb8vnSukYvm`vcOYOZ9v_9{2n0cD)|b%i2jk4W4{e{4}tP<efx)e>7~S1*$<Z4h(CY
zB0Xwl+a>GCQ<$(o1nu=^l8@2ceER9_iL=e`?SeJcDv0$Z+EWNrlZ+f3am{?TrinQi
zhdo4h6t$w6qdk|v{P|~J*+QF+o05*0iLraf5x<?&KG_!<ZM0F*U2QTvt9cL?7q_(%
z2GiQ{K^^enEzTdF^qp;8_me5R?#Aq+SjR31zG{HC{(%cKY?1kSd0dqnP|bOC&XGZc
z<=G9nM=EBqn~BmxAM{Pmkkw!b8SjGzUeNF^e$TGYHEFtzi6zcqmGx0FmbF9x@$<zF
zYvfct{KA&Ct>^|Dkosb3xYCfC8$TAyJQ7a0M(DP??cN1ytAgwY{Ute5FA3^4DFPZS
zjP#Bh12S(Qo+98Hm!$2_xI0i$WV4iXN%dq^+xq0lwFSYTLfc`n!afZjiA2sO6rRs*
zYTj}?%2(OvqShpb7Wjg5q(?E$JcR*RRdIRe`VZ3NlUrfaJSRBjdM-Af+NF1W1n4r0
zk$l6vMLtHOZ(Z=3#pR3Bg69CvCy%38HZ*^VS(zjG_^xZqb+Sq9hwIh$xq85XQ#cy$
za%ty$L_3~cqFVO`jIkYfVrl57AcD81<*l}9b#|9W_=Kdool02T*qWygcb!sD_c+@|
zeh^HqAk_qh7xq4IzLZowRk0>>cfCvD%ovf0vHe1hfu6I*{1E+OjALPzsi%dxIv52z
zCdvPH*-_%>S1nu{K4T`X%g8R%pKS{>Z1=UEeR{P@u8rF)D(ktLKH#(}pR)6lpIo?<
zVnf~+Otgyha8?%!a|DULqgwjZUw!m81@x<houWVekNTKQBmEiuIj%n|$j4lM*DA<E
zfnAp<oj!%%oSf#rZQY_S`0e9YTGJ3~Nq~MhZsL1hym*FQ&fXMzI%@g7;|$uIuxYW-
z0%#|^UIyQw!V8MKKSbmA<3tl--PE3#E<4^xsKP;Vd-~`NwSnyywi&uR!a+Vf=>6nz
zBGF9CX%l+1lbr+3j&C8N1o=lb!{ZENt-Kf73vAWkXS_Op^Ws|g-c)()p3Yo1{+ar?
zYLz`N{QOyU+pVnVcr1>Wq)ZNuN|4d~vwm-l=M8yoL`UIuE7bAzX0V}FGYR%(f0wsT
zwrNATxEygWo;^RH{nr?T$7{NJq7HtZAW|0GM65sa<n3n3ZNjv_B}2SrVaTv<mP=H>
zL`hm<hU<5tLd@*AkB{~?<lS_*Ub5|+7~{jZ=7D_49<Wd1v3!%`fPOb>h@38xC9H~N
zJST<C%^Sp3Vz?0!UIyD2OW09EYDw)?CQrYFO`+S9a$R54S<Kq5``V4rK|i~7DGb1V
zRs1ygZd!kWhImIOe5#4c`KBMFW&i6>om|%}KWA?cC+(&UogCzRH#Z7d7~Pnvu6}E7
zt{GJ?UahgtDW~IcN4XPIpAeE?kmzpw$0AXromGNWrckk`YVn|@s`bhtX4M}(O@6$6
zDva+){l&CDyDfA<xY2q2ezoQXPHQ)igAfo1+4to#ZTKWz_=$G?g7^;?q78C&I8Q6@
zq1e*%v|qt?j#4j-<%n%1oN+mN*|cZkB6^P>a~m0q?jSWo<rfUo3tjydHhrG0Mmoa#
zm7mXZpHVv#OchrQN`~JJ)_a)<5`)rZq|uvx_PFghKN85S3qFdsq*6o7WPE{DC}!99
zO<!i~Wn5Blg@<`QRB7oo8ye?rPi7fS2{wG`XsPq_Qy*8He*Ho{$Sy7QP1!%{%Wkx@
z@viN|Md$^)j>s*!Pv544<cn95c=hFM&x;^WqpZUoOZHxZQqMy~z2MGIHIv$4SH1i9
zU{_CqGw!cyKa?HGN()t{yn9WTr5-6z#*jAM&yVQI(l7W$i#w%^v2a;i#^By`q^j5P
z*WtgFTYV`s#u>iU`3UuQ{$r?*^Eh<D(4XM&k}&~EGEr9!XG%%OfO*@#ulS-2pjYC*
z`y8cqvy$B4rMH|de?FGl?oq4Cp>x7r>4Iwk>4U84W_xX5NKPdmbv+Nu@_urhcCk5<
zb(2<U@b4se6ep`^y&8dQjx5ViZ7R}F^AETa-Oidkd`YZ@Y>j<a*$TE+Z3P49GsdIH
z?Cokt!sEDknWb3Yo(0WmujmD$>cfZrz=IBnJbEwQTqdV@us60<ha$Cp%g(}ruIZ{#
zHICL>W9>H1OEPkf2;<l*x;V^2g10LY=Kcm=;o@^l?;}Xw#4rfwq*yOJksY5-Qj{`p
zW5IutX{j?oGrieaE$H?zA_zAAJ8RNZ1*aP=iMb<Db$y%;Ls=3$Zo8$LcfEczntF?}
z8E5GgOsS-1U*g|rsFHS=U5x>6i*$aqHox@^c3c(Bp~Ma+COWfieme2;2h<VcKhEoA
zj&pr*29j~wIxJo~Tk8QuH%p}O8{Kch<Cy5cAtOQi&NzO~hj{Ko^%6U&**_U`nW0>o
z+ggoP60kA{JzC}V$6}AaRV@9a-t~?5)Mqb`Txm<61XB$PEVODH@7a#OEY0nAJF;CJ
zes^{DfV4b0fxM)dEm6v5&;&DsHE@b0anA;C{(IbwKWe3y?3xjJ%;_7fr!e^*Vpb4d
zA;SV>BV!KF^pULCAlQH(_Jck*`}kj|;&NsUKy24vyahNlqS>*w%rYhA$cC-lm^nx`
zq4p&IgF=m4V%iW^HSs;W$bL#%c5X#dv~l4h#>yj)yA4??(JrL#-x#j6Z7U~-DfI?h
z4IH3O8@0(NX+Nx4WL5;FT*};1(tN!XN2aO6+~`-Q;YcZPz-2I496pC9)RS(5%E{el
zD4}AdMgK!hWw5Y1VyJt^c2B7s?|vdhoCUGs>jC~tq*WE?AOIlfuiEl)V<(I6`wDE>
z%&So|%ChT(rKr^UuKWqrnzhoyj7{5SCBp+hnOadO3;`@VzY9)<IsS&qHoQ|n<(IxG
zem4A;yHIiU2HD#hiKuzRl%@T&z2CbrA_!GCuEC{@kE~PMbM?GmG(IJQ<#LTBMqOFP
z_o7cTn$I(Ri@cHoZ_~Vh+S>o?rFB&lcxI|Ig!uRQipl{s<AWb4q3L_JMR{Q`Kb~aS
zDgb`A#;q{{3KkP|V>34noWsXlJl802h^0tN+b&ddoRo2@J0>7I`})<>6%yyct+8<=
z;Pq_Uc3=17`uMT7Z+95|X8ay>01VQI?Us9<>xeXnQAWc))S2zNS8~Fx-opEmD!Hd*
zR+m}B^aD^k6@HG{1_84Xe<g7HKb$G1l~eb9TS~Ubx!QnMJ;g0~kZT&OJT*6KfR5x|
z=G!-Yop0Hl*y}_wOxG^fNtAJ+&3le)Q_~$al0#yd(8~*{GD9sZ8#qDNK5VgS4K)4y
zW-0E?$T*1e8GO*BEp=ziZO$)H>}7QobMA(dI!jcr7q0UCZ2!W{xSxrf=e>%UeUXnf
z2)1yDuIC<pNo{vTl4qKFXMgG)lr&Qd%O9<m?w`W22Q=G<9a#7)BG<3hZ9Livalk!j
z;f?vDH-0TgskffWuiHSZqk6V2sZK@svq`r%!h~ME(h#XGk?7N<H2o06##(4lMrSK?
z-*uc!)Xu3=_a9OiPl`r^&(6<N)z(Xs3wFC<(MeR;#Q_Fe%YrU8N8_3R6iG&muwJpT
z2aj0l-E-A<A%*n*s#QO_wL*9H!X-w$;`Y3P<BD}kl>o!+ZRj8IiWspKvjr7W9sl%Q
zmPY%pM_~BN3Ci%j*+vR9`r$8kR^<HW@UuMO%AfftiQEOE8?Qx<|E-2UGzHV@?Y@BN
zYbS@KodT<Vz0aE&PZ3&iVGK)Co^Wgzt8siV6_dKVW=ojtFhj+$IlGB#-EU&#5cO(L
zQoZQ3(6vj7tHQN>ZnLX*WGhi=QTnBuB9OnF)_9rndR_ae?dKW5R`xx^>rcytn--A(
z!Bba!YwDc}&uZKa>$e`&&4=2j81K$qTG}6ubZlL^_||sk$J8Y=Gl$P(AFDQk-XrJl
z4G2Ccyf|EFz6IS~y188)ciliQ=SS>KuZ+rxF&_0W;R5sZA!b6!c?h}wb4=3MeH`cR
zALpgsMyI?_hh1jX;Y&P~Hw&ha^(1c`vmm?;>D{gpGX@<qLDTHY7j_eFb<<Wau}rGj
zM5s-VNezDpQ|4uoi39<H;KVy>=maT!D_ecRpO3#d2DJFnK|Cue;T|7S<0{mmrLh`$
z8!(O+8A9ghshQm!b-HnDH#@I9F9o~IOP-W^-njgX7>4-l&hdwkFs4DzyKP1*T!f7Q
z#evuQtxA44D=K-_v01h1?Yp$%tsbZD7VdV;y~ePLDL~Rvg3%uBw+7VN-Hs6CyRb4o
ziE@1>+Ptn=x9y%>_4?_jtH-Pxz|pZBg)F})UB4vuUqR#6sq){JYz+DbW}8lFre^08
zlwWb8oSBwmX_FOHySr_+xp}|aN~p0Me;X}&f4l)F+Ulxu+K;drLK;V#5%MQy<`Hk>
z|7HP>H<WAE-bh3EVohF#H$lM`ePKb6rQQOVto}VS_J00p-l2Dx^4fvxh}1E{74w6S
z9d&>D+Oe5Jp=$5zYK2$XYW{Xt8ApJ_4%U8t)XL6@3AMU5@GFG4{k-9v=bZ_ZYulZn
zM@DY&Z&DZ>?O?L0aVJ?b<shYvJZ3vhh<P$=78;=n*evhji@g<P3ZJ5@5BDPD0RM2l
z*4KO*#HZ@c3GUa+_ScTJ7Lh)C?7rReIaBxg^QVc5_CgT$L%Rn0!Z=+Y=Ladvp{|Af
z6->P!#Cl|0(5*}j=!nHbmGKOWKHXbgmJ#zK7@BvwX@L%4omDxQ@j{Kecaw?{Q`145
zoNf4^%YEaAb2D}m-&?-eRR(k3)!G|Fxgk-5qGfm-b?zTFHO5*S#BAQKx?t<K^$nw$
zj@pb_fJ>OUV>O3UTMi1r-^22(+iv|RwXL2Bywz1k`r^L8^{4V3msx+P5r8-bFi(Zv
zcp;9n8R>B}`_3sTX9#DdQ{yr5Gc^2<o}LtZVpj6~k@*EyX&D#XzcIyE8Vck<4#^IY
zq-D2=mGa@b4;WLW)yB*={-}Gfb3s6Q<+0iWzrHiO%Y5+NSBNK3EV7v!5M9c)YM9!w
z*uVDezN&F7T+8Z974yRUi2j&C@Aur)VV|JqmhGm)7n{#{^y`b44?p;=S`$$42Kddk
zAVw^{Y4@r|8zgRt1YkoQTl)kk|GeqvwSw?OMY<y{Ei;uCU-0MA%79-LM-`Rsd3#*h
zVG>JQqUF&az!t@4Z&q4FHVHn{G;F?GKJCh>t^0pkxMObqE}dFC*l{ZMFT6T`s}z4n
z?-Hxp(l~chSgil-^`%3>UzKX~8%&_&%kJS2rC6d3(L2n@2H-69KMcG0Iyya?X_Puh
zxBQPz%f)+a?cu^3QDVkgel-KaEb`UKv)?(cD=zt-$?kq^j-h+*Ag9f!p!<-74zS5q
zRDK)VJ@h$5nQ$f^`s^FOz4OZT<1!#jGI^@*S7OLr#xlh4>sqE}I`y;^MrPc={&rrR
zR<D>q^r#ywY&%3nYWVuV9&t@^;%&wv>+@qe?=jElU^e+K{jJi&EXS2(FwWSN`|Z#z
zXwphWC5A6#TL~{DIE51F7tJ`51ob5pZ_e6PJqD;ZwhqtDc;gp0DV4bCq|O^CtMjlJ
zNpsb`U+i*gZ_El8kz#YivlpFYIhXju1`JkK*@TVn$>r8Iz07)5bO68fLV5lrnK(A0
zRW;mI_h#XD$yBsnh3gK?`-45JRnE%xkArfnpO`<4F9BfLJkwxWiRkazyW#D5oI<Fn
z^RY~Sk{uN$!X=iblOd|6mp!*>DbTqSk78Mb*xrD5ynLs0v_I=-Z+Dp)r*3>_TZdfJ
zX!XlLdg1wH$UEK4S2yl-DH?oDME=@w4$4q;<S-acFVGXdj87M*@))ZY+kHaOM!dKr
z-2<d6SCmJHUG&{}zvhr_rzb`gu3v67lA=A~84yvEZj)(k+a!t77@ki4Jfz1{;J|_{
zI^J8!NYyDrRY|CA)80o;ygdDuIs94WUvZaX=~p5@5tC($W>$W^euELe+g`*y<GP->
zDua%l3Y9w)y<2Ek)qwOV^XvwghN`_$25l+##)p`HBgr92S5GuFrItKwWq!tS9%kTe
zG9P)xj^B1PAo+;Mt%%UF6~waK{rj@8!A@!`_3Kg1wJC8dvtyZ{Lrr-3nQrA7*^T2D
zPnq4cWHOxJm%8U!o%sbBiQB>6BuC3q#<ka#*AXM08&wm=;}@QubK;3}xvAHdskXiy
zp8)ndj_~<SEeFc|KaK=qd-ms!_8eB6xyD#~wAf9~Q?CpQvc2>&qY`rA@4J6)ymg)w
zgkwaStJOnp|I=C(*WCIcKAV-%w-=j}UHY#sdQ(_hVnD;{nvuNQ9#%7jy572G{b}U(
z;cGq{{juP4lY%)3+ovqoO8UIg0TSTI^fLBySEggG;>dv^t<0B{^QJR}u)61V4iX^e
z+*TDycU^VED#mkhXZ49eo2p6ICB|Ih<mNNi3r?^bjcjtr(Yo4*`uV4k;AfH3N{F|a
zOTa6L)9uZ##VV-yy@U9-&sYz~8-H1p`7%ZuuWf`MuTOizl;>oV>^T+hDI4YAn=H)>
zK?u16Z0GNGw4iKMpIzyT{mO=U{%dQz+%gaMUnjg%!1E&1!GM4#Q<>A|757W<esC?M
z&uuBu&c%aHEY5zZCr2)@!BJo6bn{u^{B01h`_z}#z7AFVw}&AJ`>5AP>NKF}aUS9!
zN|M*-miRJub8PbsZ9W<Xy*7BTi@CdWohIAxNiZ?ibGU}0!jp&2O{UBhF;4AF9MkOR
zUnze|dGzNlZ5DT^i$m_ezUr}(B}HuFIIN1KuEeVGe3_l_3Pi1jzxlWq4x}Teu+9rX
z;(VK@*b>3=(#QVeAjs>c&wDxM0FLY*&Mo@#opZ^-HARYTK%1bL3>jM1d|1fHF;^eb
z40yl$bO%@-bm=N}#8OLWe|}|zL$)me5aRpbuq%wl52`#`W5CJgNRr)P;6V#fH>#^K
zu)KBwAvE!cf;v-U%T2pmh*8#Jld}GsJlq>q(dnu+cLwAe0aZ21ml4gbjXz6gNI4Tz
zO_jPmq2xL$J!P_U{9F;^uVH_isUIJ#(uRSAfujTI9DW@o*;G^|9!1qd|0Q^M+wax_
zmTer{Z*BD%){o#_voQ&b4TptmwK2t!mBkFO9i#SsUIfEez3B{F_hbD)e3ZIyhHcx<
zH+ckriyBfp6&cP#dK3*m-a4sae1_4rC{x&0d&-pfC=2(dP4)jWM9!B^<7NtP2tOp|
zs{S$DGF==-Uh$mnzsVNN4nzUDpyZr{T}unDQOyNbiNtQL>EUY^*LootP;5TI`@cr?
zgAXg$I8D@NnKA0_00*(zS=8X(1T3YrHW(+t0M!_|Q;!t-WbohlVmJGA_0tP>ZN$7B
z2j;lnbgSKL{B`%6MczS+&*Ge^-{muM6q^!v&p`6n4M!jRKYQtaPoz|=k!zIOvWb--
z2d9n2OOk2S+F3~T4V=e>$H+hSSAy!fBI0P@JGRJ9w<0{JPjO=}iilEsXws*{9K}KA
zOd3NulkVDoE722VfvHnNRp!I-xJ<MT8}Vb+lSulh23<p>j;LX2`2Em7dM3Y~0%}=6
zx$_dAY_*c^Ub@qd+`Fx2wMdV1<2etjmZ6C6VC^kZM(L_}3-(w-9>;+wuQrRpfRAXc
z*7-}Dyw#=yIY(n_b1#MwKQ@ZLaq1?c!<0y$(<5=w26kl+>|BDfIYsWyMi+1OW!e*l
z@N{zl6M-s`n?2Xaln|!6U!3tyA2t*89Ul!?IWF<T$w?O9VTyzHbEt1WXXbaGSMDU-
zf>+Y4t{i%%h3y8F*lflJ6arks^rBl8Hw58ci3Hb7ua}v@I~?*)_sNVzu-19uE{&|X
zl~fvw6JJQe;D(mK2(E)ld9u+=w{HHoq4g-d>&y))L-n_Pzn<lr?m_c^*-MyMq{Mb=
zv)Z1N9#o`!-C`~I4Gb;*2d_xdch@KeEp3ZEDTEJnjN!)M|B0^&CcYVVXjw1eMH^0d
zmcMfG7Z50dvSbEROIzDznOg@g%k$!6?Ah<z@VoIJeMhV@gPHoj+fLrG66j(s$HVL=
z74es5jjuqXIu1#jSaHqDrC;%>WBc}VwXIX<AkyTefWaX{eh##en6F*6O1W&N#PPO@
zwp3CKg?&{b>1GA|AzoYqyAldr$PF-K0j*_nnvdb4%<K4xsoPLCzc4|xu=XTU`*EnJ
zEUESNw1hG#0YN`Itn`?ED#23OVlrVk%l9~N5WofDT{dw&<18`mR7%pk_A4Xi;JSpN
zYqEX2-Ou)xql?`UvwyheF^Rr{>9w<y&n;+lb14hd{rc~UyldZm8Moq7l+q5Sp}!C`
zUr05W_#WUNCYClbn+#^X<P8avdx}E}QWHl@9nA3O%v{9n@Ea$++G&8#$h5PdktEVs
z{ZC9z&MfvK>!d2xSbLCkuA2TOA&bKtATU`_9Mw)7y?#&Dc=rhlY$Gf-F!?9h9CAAH
zJeX8WAUjs$Q;3rDD{=rop;Lv<JO*MH!}>GG!xQ)swuP}zh%R0ls|L!0&CU45pH6<=
zlHre**hnjJ>qqFeUtemDj#{ZM55t<x-&$M@+w5a&9#B$ohwYOEaRc3bBfq`6s=75N
ztlmJ+l%SW9W#mtmZ#$U7=&>639&W8k2CXZT3ru&>EWRr+=v=TmLQ;#vtnI(->irsV
z<z7M7-Bk-H`{kK4VnY6k&P)fxXYRAI)Pn4J#WD}$<z*3x@zXv4trsbi_aTsLIYO?j
z0@2wmtu*p01Qc0^?e95Me{dVuP>68vuyh2z%{FY$9&pmjOOC!DJKe-*JuKk71omR?
z12=WTw?kpZ;-~`$%-@K5ZbV_C&hCs5CVslto>1E;ZoVuODR{9x(EBFjLhV^$px??3
zS6kgZ)L}$Hk^OjVl)Md)Q;-7WuPnFL-*~_>`(D^99sl`>c*J&lOw3mZw@}5L;$3>4
z$?CDnqVnnC+{2Tqq9D(tKBJXWy7hSn|8flRerT!(Y8Du}JoeHT3#^1+Xt$Y$=eY>C
zok1W)68PdW>6)$)Qa8D05cPRL#udabn^U&(#oFKFbhg;dhkuUn&mXez!^g@7MbBn?
zS+j}G`P7zBfLphPr!JRr#wcUafZN<ATtwsQ6kxsJ^=VP>^+0qkjhdURxCKVQk6!fq
z&qN0)A0d+>-4}&Il}yB^QTeV;W$POX;7m+SRtoA#1c=dKF({+Y#a-2-?s=SCpyNi*
zA|Kw<?_yEf(Q%&yb?(C9-=rBUI>vjjIueU`o-T}7^GNLBe_7MFpvh*qJqTeZAVdZ5
zrs}f_{XjjmE-z}@^&#g}OeJL~zp=&1)^CWZbZf1Mp4G8-I)i8H_>a)7pbJZonErz!
zc$@j^H~{&~>}kesN?P!QT;NfGQ^j6{1KXa_inMFPDbY_P%gq8W8!&91(zZ$eZjYR<
z>@E!Q0=JT5?(wiDUwD;AQA(kV?Sf2bjY+(jQ=45lOW~5{QvdC@v*ktkHZ^_d`m^nb
z`c5WE8Ld5`N(L5uUau*qj2zDS9Qhz()m~-G{XG!{%@EKQM2p+w$iHZ;W8n5E7-r;N
z?A41GARlaZ9}2Mf4-eO|!Dy<;t^6yXEao^|)BCKl)cxEa^XUTAK}ompwB^j#skt7G
zoMa)zxVa*p81jKZ759#?gpIor>94QWkEd7hf*v(E+L7nfSs7O04AV$OTRw9-BA}Ih
zfvSas3!6m}5ZwQp1x)V2pZ1i>w0;#WWKL{zGm!EsZl)tKOr0j3A#D*m$XgExW`-K6
zf9sH2`!OR^T9D~~={L!n#M#uReuw51Jrj!W9Xk7}E_?qwWf}4IR7+n7rL;g;;mwva
zk6;LotFlpa)#jjkk`~UsP}}TLwXV1^{j){ptCCvoH^=7*3=);sK+5IwKWi1ON-kFP
z8?B(vd$zG%7Ukg?e5$-6dek>FceCa7)tS|kq`F!zw8f{!S2EEXhhBfC8eCpT9WA`L
zuJ!A=KOCuF?wszt_*Z2zzTjWi(X#Mh<d){iS&khq=ABT5_3%8lgn4Kc=(#4^{E*sv
zXklS5`nU@=`g6mGF$#2-K?lH+Y2SI|kD`-s=j>O3i#b!^Q7KPz-q!g2q$qe*5TW^@
z`S2r>yW*h1n4^UE(L~R)E)wiY{fw*=aipX;@<+vnI9F)qb<V+3XQEIUYOZ2y-)~`G
zm5VU(iy59~g;G;kDiMiJX{r)F)*;+@65W!Xmbkp2g8A;S2dzs6(q-|+?p$g`OVAyW
z&%5{H(PO2W=tS8ep2U-Lrqf*&tT8iA)mKJawM#5IVtJK}uZk3MF>ddH8?Ml-+vp36
z5DtbpzqC+?@0Tm$G1O<2;<5%FIpnlA<gF74Ew%siBpU2nyRU?jUn}d^hIP+XijKr`
zl^BS8A-N3CK0h-s&JX+<g3N*%Ea=IlmKi_qszQ*0UY?}=zSIpjL8=3bO<wtW`AVw6
z;A!DPmnVt1;>E+@YHanlJG%P`Ga;pH2W1UZfd?!%^K6(N(E9vlo5R@FncFc568vhR
zQCMz|M~sSVqQV8VlfA{G-ic`>zIF26-=*yh)OE`_PI-{@_Ed_g7grp3h~m<-aHFLr
z*u#z<1u(%nA)A1390eZk6SU0x<dt<IM2C#Lx4d)sN71bu_U`=Pew+27Wkx>Wi*mg(
z6jeO8p7Q>7`sV`1ad;q$FyFyy&q=kxo#CLNk_eJrSsSe(vJ^AQJvtp&M!S3PcJ|>J
zz%8pU9uU#m*|MZ0hT}jFBJ9D3Gc~CXst|clZX=0zn$Ov8;Dv_XOoL4HZ|Kn0OZSf)
z=M{6G13vOtKge^jb7&6^X@h%%Y<V})#h`e{sReLO5xfH;I*)8DOCM#~-cv^jgZg~U
zOiR)2m(xS?l&2Nb-n_}m=F51^um*7N{&Wg4BlJUFFBgCZ?it^lZ7FKE`PT=_DY^Rj
zl@Y*TE`KTrVdiArk8EQ1+I{ek8ktH5sbze>$TP-!7TQyMsEjH%nLfJ7E$<Ko<5tJv
zU)AcVC^jzfEAD{blk8{)>dvTPp3;V>{dDozfwWAYi~pftY_FVbx-kpYjF%sDJ~+DC
z<$e)qI$TuxCYW@o`6!93#>V)@<-Oog__vs8A;6UcUu(tFti{ZSz|^vEWmKc;JY^1m
z+yf(r&^=wxllJP>d((`F>Gg?@1KjN8Aj+<$?;z%@$)grAW%%O1TBj*i>Rw!wycV!%
z(=~?z!*@yS@+;uz;8fRtK;G~5`ki4o^A8UAYZy`PR=$;^CxcQBW=}HyP}~CVMNlAH
z_64FHFt(b-N`b$v|CFOifhT5}HL1byE&NN3x~nC;(BQJxnLvk5KRMh{2do@%DdUM}
zDXz}ifE*2gOXM6v?l&M2T(!R4pSIQyK9H3JP2Ggby&zYAN+FL1Fh=;mx%Q$m_G<nD
zK(t~TsHFx|<N}K`%9PT-6<$dWMe`PZdpUemqxp${C}-N9eMgLk1B5)ttnq(1wrY?`
zb=6mD{~z5!Ex3l3C1bg<d@!}_G&)98IX#@9CC|Y-2Ym3viLR;!`%$8{LRu2KoalZi
z?-~7Z9a@d}`{5b0%!Rwd4j?{ADYqVV35UmIN3HCM32#h#6g_p0H`S@6c1mBaR&QvU
z(FgFE?n;<$w%58jK7PZ?3=DF@*cj~ssA;w{Y3zoY<snI;wiEsr%Wa}J3z-hsM($8^
z+m{D2lF9X)HtWt3dQbQ7^4C;ZaoxPFYl)%8JNllz=rz^CpM*KcleV8s$gJEW>nRsG
z)Iq-&fARuX{sb>ez5J~$+oASpJ2$HRZ~<Ogs=(jIIX?Q>{II*YVVD}w4NRwPX_c22
z@|;*7mFXp=2~}`uH)F=e*v1(+TyM6m&N}j0COPJJeBBB$G|9_^z1-R-1^L;x)AHT(
zXup)>1K^6A9}T_gHuI-`-2GwO*lcIMw<TkoNclE(zn^^)jd2UJ%rsf(n;Q2Qvi<p;
z67&t#RvnXZZOvL|YbtR;FkSh8s483rzgvB`mHAa7YEQqGZ8n+A^x`>_4A0cp&8qJ0
zI)6lgMQ2N!Lo?UHaX6h|cS`w|WqL_7v$fYxPvlzBP^wxOckkNnEgYOP@ipBRSk*?0
zCuv-kiM<-c>5+~c-*oH>fPQqijKhrbSoYEYJ3A75JOHC);^BvtD6--b<>Il(v-61D
z_?Ud8wA-&;S9`%m3O*og@Hn^K5CuGq=bZk5TzIJDj9Kp<+3a(R9JJq41O_H&GQ_@B
zf&sk)Q>yRo+Pv*z&+X}7*`FDKpnp>bf}FyVockGL2U19C5B4DWELtE3K81@7pOVdF
zThC#6r`-*9C$nu=SgH_`h_2Uat+y;?H*uxSSHu%gv2R=53LF<YcUOj<v>VvPG{@hG
z{#j5R6A4$=-;YZGxRUlcm-x!84P|Nr4;X~|bIb*eTDG)kheo$4H1_70z)ZS1DTo|3
zM_aHs{+oR#z5rTb=tfjVhvpbrxFI*vCmovxS3Q@P`6}dpwS211i8Olhb}B3`<%x+$
zQ9uR!vY7)d;0D&uP`7J%NmifQF7dX?aEr*i)!RArX!myaCMru;j#`t_WMKPm@$h)r
z2t3NV7jQN5smf(XcwWx7ymD)|R<u<+KU6u^bCJa}Nz6nHWnX>nN}Rk4fOfIPmmIBc
z54*2o8<iy(=FgK{*F8D?mj|=ro6AU~@);?bbP@mt4x4o<$K$n~TXtwfv$%*|98o9E
ze0{R5uNTy?B&N`x3D9iUjlYavD^1=)%g}!_9LaqWbKK|W)4prGbN4@xGk08f-+4>A
z$5Th;-Y|+3ZFWhD-$B!N_b~64asU3$Ovvt?nVEUe=}OOl5<TF}j-~P>JkV`ChS3j=
zG^(C(7d`(9d=v+6gnbYcdsMF)rTX|PZ`k)IR)^0mG^JWCwBkSKI_(YDW3nwmEg6x3
zsC(<?mz;{OG|E<F1)Gf`)kch>Gj?BP>}PCrI=}0&SRg2qHLYt4@7?p?A|Oisw6O|G
z&jc{UoQd9Iz*;9G3gPxhW!0-##(GH3WU>=L80%EU8=}r{z4*e$(7S~2I{p{pNJ)y-
z6vkF?x6Kc0f11-f&79y}U$j><{rMHQd1)%WOVoQPQt}F-GjfLQg81PJWpsebB2RFv
z2$Tb%ifYV*AA413;Og${Fqge%8Yz6vvJyLcncHkQ)UB~@GgKLsH*~^$KTsF~3#?Ts
z_0QyyBp8VAfz!p}9T0~A#jZ?^%3r}Ew9rir<CVg1K+;xM#4c~z03Z8T|1M}oW=G#?
z{MFdXPprRt?t+qYZdlFFr;oXWKY!E*I@r-7^C_O&iMecBqDhKJc)#-g^h<h_pP)?|
z!exFC&Nr$Cv<C-O2DiLwRfx|5Yi<;=oA2-Iq9jZAOXL)nKkvL3Jf1!8r}141?UoC?
z&KVRu287kO?Xtwze4BUQEf_Ykw-1U_7GDNSd4UlePvi78L$yI@?3NgtXlQSlk=Z>j
zrnUzEVLl8iY<W8J&-V=Evw>`}+uWJi%lc2ruhcwquc#rXWC;<hJ4Y!`lzzy>+GoKI
zhNTR{t{_T3Q)t1dT*oWiX%NHtb`)9lSYbEp{<U$@hI1U(r&GGEuN~`hIy#<KpWA=C
z?L_#I5_(C-VP9Yi?3KmcO6-I=omIl@Wg~IqwsxuIxmUfrA72@V`ATsH#vb849hbNt
zd=&H}?!>Hvp(CUKvoj^bBWssn*h9KeeX;?*l~9Pj`>QhQre0TCGi|48wb~(z*mqiV
zR5u&t)2v|Z`2`MFSd)G~`X^-EiE67w!5O52QE}Zvvl!*>Rwa(WHY9ap4OxkhG*f-J
z_fyJw@p<*@V+uSqElrf->X8`oz1uNSrp|(`T*T&|BDsuY!`*{x7=-_sx#K2wlZivJ
zbe6GxAgh?jae7yJssF|B%c|9xpem~h*R_vHn$rdwVjSOi?Y|kB{HlUIw34m3FJEjg
zQJrNpiv%|6G8U!EXv}8@oZc5$%WM*AFV1kp?SrCMSGv|w{AL}TR`X5CvzVC5me{o2
zTa@*&Q;ubL)mk&-AAMRDhNJ#*(Fz48LJCnIiTB#yKEM7`>*wPm6n^3R{wMxP1$1_@
zAwgtoEj7o_zEI)ov1quLGN>^3WmY5zXUQXBC<1@lcGM&f=b1hyhKLZpK@y0lT0pI6
z%bXv{G*gYTpW5Em*eQAvBaS-?(OsZMg}j|ySux=jzbNt|ip^s$oX{Tg1oUU-uvh!c
zH)>H{Ns1#?L}fpYY14+r7iqM<<JV{?-}4fiy;>IA%R}jtW-R;!ZgYq1_lSvp!S3-+
z3(Sze;CYB}nLPsLLH<UX+pFJ;;ed{+9ec-V&H%)S8Si#7Qwt#iBhMQ%@}C!F+n*>W
zV5xI<*U{_v_of%IRbWaGC*fxD6&1S?3pTa(dT)7ZY&5Hj7rK&QCK}4yqO<}9tWMVa
ztwg@9I;#FX1?r25A+t(n5NUS*!A8#bC-L!2^%pqD-XHhxv^crMw~dPWtt0>J5A&l{
zou+HN>$+!-GYm)5f}5)3*x*%F3D_55K~Ae-`$H?5Hf$%djI)c1;wCA#WPHcWsa!$j
zH7{r%9=>bX|FkvP7j_Q9l>QPN5xGxthSZ)+IC`FHU3OV9@1wYs<<W5}c@%;)S2NGD
z+|MoEe~q)>xusQlQ7_`Eu7v)^=Ye`_Ta559m1!fr(cOcQP%>_LZXQWJVg`Z4jG}6l
z7*IkbvoOZpB#GTnyc(hiaZpE!w6_sp?I0~rvVGmLDJ{!Lbi8zyag%?3m^V8aBRPP?
zO!8eN*Q)()Z9g>GfqedIf{9#pb5y;%5*nJ{5CT<JeaAyS*Se5nyM|Q6hp5&jg(B4w
zD@)T6h;|M~iG9~kFQ=lA8>MMh7p6D$@3$i^A+&;g-z)sz83ICh@7x|1SzRyt{ITF=
zY@txV=f)m$&D({oK5qkR&#2~tg|B9C<;-B%jHvNvz5h4Jzy2bpLPIXR6`qxTabBKr
z`Tf;Hf1r={ium`|Ofu4zO_7pqo(0rDr<i|W{x=ICYNvTo&O=V7Jq@f$e)>30QJ9d5
zYmOKTKrj?VTW%NIo*BvI^x`e-oLThAu-ys-1kD*0g)6>kr%ZOQ@|@Z14=p+g2o+Nw
z3-@Y-Z?f@3WeJ_tL-zYxdkXO*F16EP8GgA$Em@Z?-Ba=^%8)n3$6h;|tn8`^7?#%!
z4^5AC6k}2VA!r?Ti#=3t8R&?%3x%5`OS$3~r6$Yf)3r}RX5}@X?utF+GHi^Zvpam=
z1ge6-=A5pK%ni4`B`31ny^I|$eBbwWJ4)E+Vtf5rL&VlA()M<D`&VDa%VQeu9XDB3
zAu1+jXTqd@>_w@@c@(K6$|JO{G=52wtIXAC?-zzn&4FizxC~PpeJmlFL#=hTY3uI`
z73}e}&e(_$uGKx<xiB>$*n{;I`&ijHBShskyCoO!2Dn#LFHH68PetLEJ=LyqZ#bz?
zK;})^<M<>I<g3|#({;hNS#xqFIFG(L)ZRHx?dnv2`UhV>vpA0+P5+Eo%83%R&@9&V
z6{pd%PLkqFPV*9@GSkHz+?q^}L_{Dp?I;r+usP?l!_@Aye2Oiha?txmr;6eBDEGd|
zqIKrqpTWPC++Y1Nwhadt0HK@Nijt>|U#6KaPhSH`F?RFP;rl}TrqNhCApK1AIL!zO
z-4AWJ$}80xe9E6s`@5JDZQ^rP53*qH(Y}oA$8OdCb#xw|&UYiaMGgL1I~d}tvGAV|
z?f1`3PLYGKba^d5pzT~?)QJ)|dbNL|f$x2U*-EP!Y5b>^R)NK{tNWYo>8_4+VR<9X
z{!i1`OrjaecQ4_VI!i`@BI!Wo0%NmtHYzm%IUnaZN@jaBxQ#kUIn*3X`xK6Gb-HyK
zxiNsRQ=v~>%-=Y9<>$<q7)ppV0N8+NQod8f4=KkQhJ5@trhNBxPP`x|ZhwXW`DdqA
z3cN+66@UCGQH@87<YA?)#?;S3xkbGSzMh|PXuBi(81M^(=L4rC|Gc_Y^7O2@uuHe`
zq@mn9NBp4@p~c@)eRIkTpZgH3(GO2XJ6vJhjt`0%R50HEg&z3x0@Vf=?KpblLnHgO
zb7OQpcF<4vUCA}BCHr(rHa>yW=CdqElu751sg8uwcb`_Z3S()}%J39C5u|3HrD|?J
zc{{(7BY$xdZt|L$QE8`oT#0IW4x%gV-$<H(8>4dL7xdak=wtaS_G3LH7YOOd_Edry
z>VT?No$EP%hOND$Td?KWcmS#hQda#!-A8tRx0NxVo=y#!H6e}aO;)cOE=^RFTws^{
zcPIU{&5th%g@Kq;C-=TuJY$t13}@DJH?hNP*6{_l-D*E|(zR-|D%~Ak&u%QSvbB7P
zb0O3*NbEptA6DLO8rrCQ69-2o(^7}Qa9Uw+fy{!Uq6AR?MawDzKP0jFl*OF&Sy2ki
zH}30jiF#2QbBpA32qTR<p&4gS%-t4~h`N3AMbw+dKyuQJueZ$nIUNnT$oR21$C{H6
zcbCL#5B$^Y5$xf2gQR?T)+IVNJK)V+ZVAC<#0zB^&u&(y(_@p)P|EvpZx6f25RVGM
z50WATbrTkw7FvT_BONjFInR6}=L*T%gz$R?N=Z~Zd=nd05m#EG<&M}Fx_tNGI~}SV
zxov?*m%1M*n#}uoc7XK8O+mxaSLlE4=vY{wgg`%8iKPB2$93&Gs!RF7I|jHwvY0`+
zBCqB6D5DELo;Ez4wk(~k#;MaYWc&4?>|k|0%LFz!5rgDAmyi*5w=TvyT8Qt)<EZen
z3*R<22y_Msf(PS<-~j)4<dn1UNr1U2bQdeFIkP}cEH4RyJ-t^pt3Q&&W6Z78#B=#4
zZCYg9Nvx^Q?zh4En;Pm<?qs8A$RL2IRF3Wm<kuzleYO0?f4IIP;+tc|d$9U9fQkRW
z^8r`tgZ$f{#&1~#FTR{nf?QYj2%9hH+14`>s6ZWrBK89W*QR;6ZJ&P|t}?mFCU*MR
zDm?<rBTzic+dAQj{Pug5Q&VHVQ^PoPbE3J^`dJyz9KY6SoVv3(iT2oAW(Nx=694*2
ztU!#uT(Ugq#WKa+iJIvPU#LxB<LKrTde%$7D#;}DPE+C>gn^A#vzXZk=0cZQudMO$
z$uWH9^~b$INb`)oRT+M>SS$E~Ys-|EEm%IIyUr4<4!)nJ0EEI0qz`L^@E*s|4$;Oc
z5Y59PgW{G-<o1V3Q{M}e)TqtQIt6n8DjtNHuQq8$fv#P;65;uve37^KZhr(Hf(TED
zbnm~(2!PR`tPed2?>)SI0pk!g0c)@4_IajtkQdt-t3H#?#i1wZT=Tb?aZftOwdOaS
zT8r;{V<hX4yyR(<Xvi;_!cb|T2$`=}{ar7RKFSOK7Tt<HJXsIjNGEs;F4h0+3fvNn
zo(C0>AbLsTdWTO&i0mg@0io^T9BLy&3`1uX@0YRm-2yr07m1F!5e)ztCeC?1bbNen
zP)){m^g7T=*1`28tfrJni6<bRQiOQ??UyriF3mC+XYM*z;QhVeY9BJzG&v0XFGMVt
zOo{(ADA`+)0bGx48%JvdsPIhk6VrVzZVmIoAM3A0K+>LiJ*sWV`KG9E{HoemH{0;s
z+!^t!ga}BzxUhLv{X>=Q&yLgle}cFM>*P+HX5ISSbW!<ly@rsLuXJdBvsO#;Q>FCX
zn2)t8_b|a+8BeAFT(D44&NLO{X9kEJq~vQT8~?S_RP6OTRE+2;!ytU@jnmV#`EeX^
zf7X1Th_4%e<XNg*s$6f)8#<n_H18@0vgX}Q(LifuW7B*8PuU&b!6VG!t{&$38LlzR
z!OPV~Hj^D|8OTtEpwdFul?p-N`~H1VG6T*HvI7bkdfiT?nk$d;Zs&QrAuS*5F^3Fr
zyDVy3tY16B-<^<dE_qr!y|FeIZnct|_pa{r)m%F+MD_;*l!y+SLezizw0Z|sg)HuJ
zdi0}#hn(i!LF$HHwM8z0>B_rjUN7<@fD8Hm7ez$y9c$YnCbKZ<SvClw*y3NM_yA7%
z=bYSRoUQmK>`OhIKeyJkZH1>DYmXDxOG5rLU_8yO^E2=%b=v4Pe}J!m*ArrdKEuzc
zFJf;2jZ<p^wfI_lX&>iH0QiR;j}*1AJ%~Pf|KRpW(fxBv!+9x-vKe{E$GakRwU=5z
z<0mPn%%VkT$=UhEwd(hSMb>(E9fm9Fx<^G#aEAN;4pn0?NYe@NGOQ5s+1QYI;!^du
zNm^6J+>apfEg7P!z_L4bv77JtS<8aJ%Jb~VnKYM!%3838h-pok+JTr5nNdnF&~h8+
z-<!~0YI4Kyw^0;lq}yItFL_qtuv_KM;)Gsy`Qp8}+&3W$c_*J>AX%ex)#)Ly9nz?^
z1k!qtlRWcbd8@;`^J5yG=yb)Vcnczf_1=%;$35u!(FDEfcScF3?D3Z|S@?w~g{8Wz
z8cFlA0!!@~fak(SS`@4Lhqj6KnT?MkVF2{!=&d`+9v7pQ=<(`tbjOkU&1I8u6z1x7
zy%%j8+EBRh<4e9l((7L8{K{`u88loDe>!Qwud}jvfN_Vz&8hqS5|nOWB!lI}F|IWk
z%5q$tDck#*y!Dr><oS+Pse{v$uFOYEunGZOu<d-0R`?O|Lj35ZqP1fgeDqGI>$284
z{_yBN`U6j<=~uP}S#NM>KazyzWgqRyr(Fn3vs$dI^TwfhyhO9?>{p=db@+dQAS@JD
zQPDwJW$sZu*Z<%qntv1WRv_DOW#j6J4r=OnvpeO{JVB32mv}s}T~rF8kY9v;4$HO^
z2c@eYi_lN&mDUdUaKb{)#a(#V(%)oX9lHn=4`=_L0A~M}+s0&Xt~HeGMc{!yz~kI>
zswnvmMl!B#!fE@i4kr*Xqj5(>It@9weE`Tihm}$0>NnwD8#Xqs#D(Pc+;v{cadfSy
z_)acHnC|+EliJX-Zl8<QIQi^hy{bUkQjsVa=Hlg+uyA>ZK-JqKtH~FBNet20WLV&o
z5;e^7uWt4#e4>uon7=02@Xf$jBF5Mw9g!Q5^!^{fQ4uw$dc|0k8gk+2Z6(pTMk!6z
z@+!IQ8rgBzqrXy&(uT5a=_tF5qoJSbbSel$zmRKKF@8y9Pue;KpAu|)1R6=l_byWB
z>%=N(_Vvgqv?`8g+(ZB+-xYRlrs)(KjEyC;?Wz~ObbfB+4tW_YmwHBpC~aCD_B$P!
zE@Z-Cdsy)>0FB4IBX|o~KKe4EU8O94qb({zI367Xp5z|Ef)x`oGhDFjfIP?q18L|A
z18YlkXS{iP)6_@R+Tfzmv_yf(jg9LEsXQA6DQ((GZ~>+a=)W}eD`^tX94XN3Q(<(H
zuQPw^8EqZM3Yqw8-duY#hI3hbZc->0E2esazew&SfMc6UHsFs&e(;qe&~8bzEOCNd
zoAD}8y@Jg_(<!UoAAbnx&scF{p+`v4_$;kyX5)gFcSN0;c2xDZ<5?B8(MMdSR)_e2
z8>MvxF?v2pzU@`oUM6&TIzlAdT=E#!5dS04S5xgOR}sU*|J#FTk8fofEi(;VMB3bc
zc|jaB^B87oLsDA8gttWgv9`S_^E<_M85+#)i&YGYz&-)?YI<}(xB2PpEonc?W-i6k
z*~`|CIePjW#k&s=p+GqlBVCx`{yR+EhY|S4AN=Py2Jb4B`Ru;}L*9)p2P1ibjEdPv
z1!KGxW0?cX4Q^IVZV!6b9>EvM-{!tN;Xaw<a6~@JB?C60u;4f6&xP-L?%5p@*fzj!
zGI8(cn$F=TX2HjYe_jx%VX!?#8xUhbnu2;gf5dR++KK6S7ENV#IPba_?XU*j>0ccu
zQtDE(Ua`u@Fd>kW(}MJdv!Xit&bCblL>F;i06Dy0pkAD1P{L{i^{MxIJqz(yTK%q;
z$igeWhdQgRjJzVb^=GWXR<y*)p&0$UIq}=V-ynVx4&uaT_)+F{q%`1EVd!n^>KTO%
zwN3}){Mn0t>nRXx?s0S8N6x8ovr|%alN<w5IQC4C;7A>#PZKXZ7k%7M1!6u+cU!ZV
zTUHKDV(xORc-!_eRHvRv>vy<vL<g4pGR~%v4H3s7NLu~mN!}bb^Fv)c2F)aurJA=#
z*TuZ%yk7XJc&yl`rz=xwk7!Z@`g#FOm%A>iAKDD(CijDkU|facPiMr64t1?0NwTC0
zzhyAPu3bigjMAB+%$Q+7!>X@LuE1W1D9EnTm65f3TEw=Kr&a|yj-HV1Z+MN6&nxZZ
z`HCR5K9*i^yoyVeeqDDuh8c6B#qmU*ij{-p3f5zF6CJKL-Jn_PBx9=;zqrNiCo{m9
z?%100grdi8`@wR}he<Gl0g@mM9@xjL?o}bCN6?B@p^g6PehnG9;c?U1CK>O}YrX+J
zTK}5`$i%Q%`hKJ!`eu7JSm*C1oB%|*KTo)8=RxTDt<xF1813c9Q#h1g(y4dUd5B{>
zQPzAoCer*TRW-q$i&aENh!j7$zmOKR|4RvL+r;G(IF34CD%)$B#)foyF87B^*=e7<
z05e_Ge)vuS%e4qI|A_VxwqF38qt1zbTSnot(51VxVfIQ^CY!3?2xz>F+Q@yrL{=<>
zw#0*p=*!>~4eNMyVy<y(`nf=nEnzymslaZc{AfXBJzma8!vp>MLd!pb4C4YLAiR1r
z$lAjGcaJP4x54(3)di@B&4=Kn-4D5%%Ul&PDj71ZH`nZ3%V1y<`^h!@a*Up?eY6K*
zZwHI0xioV>0j}VV!Nh)&=_9!o{c#uPyxE`eY!d2RbRjJ1F~CYh@5IWheN`HM;_kyB
zcQ0P*{My`DTc5MsqSJP+EFn~Oa+_zKOb#_0x8PTvHmF$KQno(${eOrCiBlc=9iH;d
zRt$00vD#M_zWQ6|IF%aG@Rg_bX0|Rmno~oM3~t*jJ6v<ZBW>sMICA!|0zD6=Wq#{u
z%5~J$27H@%BP#a;*9v`!Gw!Oa@`X*4!K$1dqEPeX#UH*n>V~SW9cWAIm)L!i<~+()
zBsS_GXOpRpD16#8Y^W6G$P4D?^ub=+w<*8$fcGA(>Lf`DO|}xobn|a*epoP6Kd`vr
zG*^Fnq5VatcsLl1orC>snAv?|26C&K<CM{NR~1|{futvGsz-BgIH$65a@Kf?l~H`_
zew3e}%;$2?4c>oXzz=R9kCHUTiRH%=x&JoR!)+I#JJXdw1PXXAIghe5p!?JlyJ?&{
zD$!#4Gtg2ZcNI$G7qL%S^tV&X?qqk`<2+0M_Mk9j(P!4W&B4{xCDm)X_)DoMC>SHW
zEeVCH>y;4A%tCl<(`2WO-Dw$#{r^s)skUXig9coDlj2u1p2V|512?yy8}O{&EDYM)
z9PzQ&y5qnwuvgGbwk!Dl77HOn-yEH53aBq_Q0C{ar^<_Nv*?$<OU788g2yTpYACe|
z6=!5pjtqF43e95#I)6^Y^90I$TgbM%0c=$yxQXY^`0cmrk<ixTL`#^`UTi{dY5KVS
z?DM6`T%3-vWIN5P=ZoF#f5)rO@l-C%9)VpVrT&?iec3a{42+{)1!p5oP-A?-CUfU|
z&>jz8-mG$`T!GwwYY2&l|FZ3_zTt^Ax|BL4D&!yJ6X+LIvY29K3w9!$Ue}@_*hY<t
z=jYER^&c<jJx_j-pQD*=XiTFs<`2Dd9y9%T9@pFY{2w7zalg>yr|PXQe>)p#2fPh!
zdpR$3`^$x~{#%FYY}mJt+YnOD4t#v-AEj0)8zhg!jXsjTC2XK7khwx{$}($LKWQTu
z=ebdYvCKLggP|$eH?z=FF5BGaYk%gj_<lYeedtc_Z*+K_!q=q>bJ{$Yxgq|E_h6C1
zQ?5rBs#x07#QWv8&4shs&kC0c9eR4wuEQ|x25q-Y4razrDFy%SRD3!7LQt-)gQFfn
zkGi33>?yv)5TUoA6AF{0xW9%9=H9J%ra?5Q_4CV?_ukIpKBWy!T4sXMMtS9IdOs<<
zxFez@Z)AV2p=2ApPPy$|Z;beIwXaw`+_p|2PKrpfsJXjn$Uma%$u%9Z$LVZWvLKMT
zQErnxSZ`t5aa3!I>UQm{FeXlqR3}Xy{H^EKwR5XEY2GeYl1UTTMC{DkVW?ZH`0ce6
z|IWwqkd8f!`F_c>L0W%?@e7UpNm83Shs_7wMs})QY&WFh3j2}QcKlR=XOMYj*+s<R
zUH%)NZq3Oh9n1+1NjxLpW9u5JuMRPm8!m2Ld7?Sl;A7vFniHz#m_S_AyUa;;hDAZv
zl8$!LT=)w%%8}6EkIJE&=3@X7OvL7duXLPKGM_$N6(EM8cQcUXt9N<$9^$BW0*Qak
z1@B|}mjVgB?qy+iQ=PP@Cm1|yFN%&*2rBAQ+=lLt5Vzqx*=8{gW{9V64%~OZFM?bh
zl5LIhzIl_b3%<b7s+^FLT~PBa>3UN0K1hFG#qLh*kFQszvH5T)qc?+0qSA1y=7e(3
zRZZ^gCfR6a4dpW2+U^Yrr1}WyBvgnayTXp#skE*sGx{#2+@i)`Ziz;az@%G?PU=88
zf`oJ3r^Akl&^sye&_B#(s}**B-Hj_rh<jv;8tm1O?o4|#PN$-e7aR2qTNFL(Uv-w!
zl+r=|yIxUiL9sc{zt4suRk)yau!k<LlRNVm+tOPP(-~#E^1Swp^qN^J|E8FE-IbBy
zTnMs5&`r2ZT!c9}|JAnOgtDUhUvF{7x=wY5K_u>DhFKUU-a*tprFEd*@LjE6smPvZ
zPMQ`nNURJaK;8a7n%*=n>Gb>mpT^Q@T&OIURG6mH7T27>ohhfB7PYcca|=zaTu{jr
z1sPkUa%*!bR4Pj=cg+<<4V6L>%>`U>1$Pld1p)u>KEMC>jyJmD<B{*{y3RST*Ylk7
zyue#A?@_*r)H?8b410<rp7u#88*ID{g9SeY#uORICFJL@^O>!{FAhLG^uq3gX0ns2
zcDZWH>v#GOCx?26l4rP6`=Zzpi-Do{GGxvAJ(-R=?ys!#Kstj%WjlN9eu*EHlvy6Q
zyNkk4vK^3|9LOAPV&&`Y5_h&fYde&Se2byT4FWSZhS76^%!R5Vq<-m^vqbM$6<beg
zwH@U*c!;!hV0L`0x^DiVUH!N4>vvAFfAiD>hlqAy3kvJ#zw>-_x}P=3{VXRGVTVal
znqDG|)2Vs?*x*CUjs>$8!VP-k%lNdT3TC*ekL}yJuWdHJ2)Eef9P`;MwQ@#MKH9x`
zOKfCp@7F&MnO~*;x(w^%e57C%`UZl_ejegC<y6}xGbVGajcL3#v~tydlMxsf_uFA<
zDY}9%T-Y&eDh#xCVn2@^jvvS(FKF_5@fVwGfgx<^9wUPEDXC8Ag*fzmoeZ5&@)<P4
zc+Ds-U|K)1+5|`1z|Pt4ep!NM1ZjYF$NU$txep?x+SkE7FQ*s9BuoAdx(+tQ%x%Cg
zaQ@-GeQI7!K36-KT<im|tqDP1bJwQc`bZW{TTi_?0)D#kcPAn+%O%`K&z(7x<=0ug
za6NWg@Nng)j_tOzO?Qvr%ZpJB8+$C@BzDfy1Fx@)dqy{9R~?G;?g~_nIS~A)mzv4M
zt?Z|tTSNzXp~`{jH7r=eWov@bXQXB9r~<@ov4Yv%hFr6)!OSEPGk~YR)K03tS{$A|
z_wo^<jYqBtUL`tzLQ>J)gpteA-4m3JMGw2RvV$!;*KPi)6qcGHp3Pm|uq!dN70!?E
zyQ-rCmoKNzRg>d3-#BCh4s*FEvrqghetT02pa3sGvLB58@>utqSFAK#<nz$~cPzc}
zrlR5Rvo|$=K@<d2YTrG1_?0quHTu7;BgW@b`kR4M{eU>ySOMuUyn7APZjnRjbOo;S
z`SZXNYUlJDP6Jh8cOKU|U7fjYC1`UDgwjcG%16$R5y0)^hm#slvQxD9E7Y%G?=QIz
z#*Uaf$EtwprziH;jMJfE99fG=x~&?V9NoAlwNuqL<kz4`k64SESNVDo%kzV={AsJ!
zu8easKlH<gAyxkt<k#<DX8xuIp_k@6javLe_!74=<`0kFYR7_;wySk38O+A}Z<bQ#
zxFHv|Rxerg*0#iY{@usQ0nTY!+7_Pi_tk8C@%<!{_keI$s&^}by9MRjhfhVU+{aTv
zg_Zrj4iM~}+TLWOCs@)1N=I(;@uIiW0OwJYCF-kAhru`cr}ogm9^k(=7R1LB9GxXR
z6`kj2zp|LlR%a@QqUVZ&W}G>Uq1YaKH4bj`qXrV(v%}zGs#|3;a6ichM?VcBORjM~
zPKP`MufXR^sq_R`?HO_N^MfJ;<7}o(UEH}lzv_~Q*G$|Y;_R~igM&-4KK-#;8*1?N
z6XMkR)g!=keizxy0o|DKwz9Gri)t<7>>V)&gdJ!W>Gm3kX;okYe0-C&`Xwwd7cfp(
zE_1NE<iv?+8;4s7_H`5%r1DE9ow578+25hpv9L|IvL^6$<MS$*#_i|N+{;&^?H|~O
zWiha=+f_2W%#<`}2j&uAjQac3yoIH?C>9s0OroBFctt^W6CF%UsG{?$@VfAhKx~ar
z2fj5gZdEn(0(olKX1#TdqIsERD*a~};8U;V#1?p@xx%?-{@J!`hOC;_<F^}34s`{-
zfcX6ADjO?Z{Bsqmk2Rg!2ENqgy)^4uB0Pc(`4J`LDQm$k3WmAR<HaFW{feF`>&#6<
zP<@*hJryS^cmfa3<ixEpkj18;Z`l^&k|z~7cG}V9j+0YNoGi!^SA|fWJVC|sI!xli
zYv+oPUUq`Y5(ZZ7FIcJNxuR{cSk@HtnW*V>_PC})$`)MjSX|U{F)1Ath=b0ElyooL
zg$uq#WFS17?cc2YThO-n0dXhEIqQ`}D&M5|W1{~)u+tzbYMAU<L4#N$TvZOtjf=co
zh0USAdD@~X4PG5H^}kMUr02u~-KJ@>-()W)Vn^(wax~*rcl|x062AZs9&fb2KC6xI
ze>50SUwN(op5TwIgB~}}Q!CMdDz77DowxjMi~4uxGqMYjsKD>v2!ZT&n-GFM{ZW6y
zPJ$nZKFZCUKBXe~s;K7abtdd(m!?_cAe#!e!2s*b^1&A8J^Fq78{&LDjX-g)*yU3P
zY4!#WHu)dan5$nNhaVoav(oO?$j9t8(fc#%6>X%0nn0Y$Lf5=Fubp|UR1nx$X-vm>
zQ6oIy=U;`h**05f4AjZ%Z;^|SERUL6MK9PY%3qtrIbOW$j#;}VF>lqQuI~!8#??7A
zv44MClH<oxdz{%ngr52Iq28g1@uJ9%<ZGJ0*F=plKNfRntC9vbdLS$&df)-^bv{Eg
zt-U+nEAofE;Q)}*mGVpU{&a%AV`Rj%PFH2tw7f!F91x<sd^9NQO!UKArp48WFcAWA
zIJi?4S6U+FuK6?b;kj8NAu$8k#ze81|4?Fx*OiS3C?>?q9dKTjBz-RkH1=b7QGYJo
z5!(NLXz^}!0Y@Ns8n&8z|ERv-1cW=(rN$}UVabRN%f%f5qISWJ>%kY1D(2papBJdx
zYc$k_??zkN(u??3VG?ZA_i-~@t?zXM(#cb2wFtnK@#uUoaqaIt_n|YSVq@=sBnl<z
zluFSi@RIUTO=4cg+z>zEe7h)lhAIi|glMExm^_iZ42%3wQ;w^tx&*gN*;T9(KXD@~
zr)rn8*W<ycj7fOu6J*t^fMrKqTBpAUq48@v)V6ksxG4n~Ws)X*DQc|L5)p4XH<s`~
z)t?h7(mLg1ED8$5`Dv+*r9L`CxG|hGF#|Fbj*b~bn|i);n%?THr}1mP&OuKv?;g=%
z1ig^yz+p@toInkYW&N&O-OEz*#6CZ);Cfe)+rj9^*R9`gL4S6<PEVr#Oom_VOwnOI
ziMjrE$tG3ac#n6jO$!6mC?9p6&4Mw@+(90QsDtEJ5E%@fWZiu&6?fT)KLGjd|FnQ*
z#oZJj+2<8E#I<M|UAufvNQ`v`QfBdwQf+Yu6B}A}g&tXq%C4<D+uW`%TaEkOBtJXh
z8d<jN&WyRbT-D54s&uv7yr)dRKe9#<)R{B0VyB<mo;)#6zwP(&AGJ}3EObEaMClpB
z9Iw0m{?kTN?Hp;IZY>7wZZ%Y5Yf7QJ2d2S2qY(_H?9#--A{D}{sqQ<yA5l~@y$-wy
zW=uIU_l|7Nr(q~;)hNkg#4|)FA;86F#B)Cb_U*4N3lt)@al6l1Z0#cB1%C%rviN*s
z$OI>D6Fj4;9d%G8OyEY)yjs=q(i5qU2McqosWv)(_fFYHH(fbRv}!`89xhx;$T~nu
zk)8DOH{bZ(c;kiVGwsaaDd0_2TO?lz&`lqdAb$R_L*<sK3a(bPv;(FR0Jupe@i&5N
z{mo3!)(dLZ^B0Weqe?s($+xJo@8nV3#sV@(8_Kj^A`gtLzh)Jp+(T4w>z`O_rZ81T
zIWWxN(C0#I{TySWjyq7BZ5OeAF%@=oSfUR*JUlo8JwKeE7AvRWUV^|;p0#r{xHso~
zl0&=WfjMgb0_l}!cI86VR2-Ez<6$fMH1#?)=Cb7siF4{OM7LF5hQ#DnF(KS(<*I?t
z<98VQ`}HBMhvO_yHM`s{2$cII#L_2#G%bQ~U+oCxfoRsXVQ*#D`h5r>?a#WjFtuxa
zVw6!F)$k53=&{K`(%G++2rx8hVtkCFtxesxj*|^?=-;Wbg$3v6la@0M@Yhj>VZZsb
z_6~#<3bNX~r&NU@+|^+zds$Lku&MT4Jc@7V^dd)>affWHp?Po@#XObs+HPmeO@Xx)
z&%v2#W`;Tk#_0rb=};f&e>ryx*C{bI-25~vATc?=Fo^n%%VwW;>T?ZLfXykTi>O?;
zEa*L7zeB-CDjY-ZrX5(fX4?I|MR~h-LBj==m9O5@U;kzQW)m%82cbaS4$fYm9KW_|
zr7tK}Ga#7r)h(0eek=d3^Ul@VhFbhH6zNG|7=CH|W^7+vF>I-GOMMS02W?9GUdHnv
zJb;MK$W_fvRnZ?9jXyq|J13={ds=+UpHhsdErR5=M|<*$H<MDsJq!o@)()XwTK*t-
zN~KAxl5rxcHDcdO>yhP@$_KCJ!j76s;~&a93pahPWpR6KqPp^5(sETb3u5?U_wwj~
zreB=yv1Sub6h1p@gW0tj_GOrqhS*=z)#tFTi5q=e;^^?$;Y*sI+d9j62o&Mee|*(!
zxa})@e?P8xE~v%!;06m>_>44Q7sB<tkgCN_oA~zll-MN{(-uL?hFrQ@OZB4fUp$5y
z>1?`^094o2nadS}5)gdl<aFDWFKMOeZF!V4c`BZJj*U{xH1b>Qq77$1r6TxuPwdo4
zyoY|fV<ajg7<x-xqT$nP?_A$I#TgGt*<P}wQT3`;`b84F>IFk?Iqv(dPCCkc*xeZX
zmv<23I4^i~rcDxj?Z)wrqzV7Ho@H~Bfr~#}mPq0<YX3ATG*qaT(3S(FRA(kX=(%zt
zKiEv}L%|QP)v@Y}ZDtpvOrmgO%5B4V)sslOH*K!5S&~q0v~&!F`v~91Gf*Y2-qS2B
z4R<7#?gN*JysE$cYOdDgGJa(Hd2f#-BiT-mFCN}2f#jvSTEFj#V-By-1M>ko%FDmf
z@*R|}`Z+5vnacV>*_654-az48^(*aQS3u(E_$TLM{-aMi{@eIhzJ?bjr((cg|6iEp
zAvs1EN?>RKBm{cQnY0wZJt#lPheYtK9V+C1anF=s{D&<Vs6V|qkyEKu-A9<=Iq&Mw
zFd!Yz3T&6ZZ&uU^zR+-R$?io-wepBCN3dQ^NxQuawci73syGT=7+o8V&WbKzgzCo}
z%IdgH&6{`;8q*!oy3^rhGHj$~9?&_byoj6R;#x5gJo?pR=pA{+oOn1EM0i;e-Ex#(
z&Z1~|dP}}LYarn(6^?*D5sb;zNlOLkl#e9wNhO#Mx};6{R1C1R&b+E$%NXEk$|v2K
zN1S6e2HS)bF+(7BZ)p81^P^lwevX?%@28>`V_1TUrUc6VRGWx^+&im|TTBIu`8FRg
zn~^02NUHQl2IVp!nhd%UCA!Rt4yyt~_wx7h-QT|(5N%3Kq+nS-yca(NwAYFxe?L<)
zwk@2oi=qQnRnBr!V2@l!)o)02%lT-ms!j`1-dj?WS&`pFd_Me;JCm4UR4~!JzlPp<
z#elDo+ZHN6e*rxc_jg9)a<BdMj*8&wsjX2z69J!NrFYz1Z;P^`N--l%|NnOi<S^P_
zX+tKe*u$F=SMF!swIbvmr1vuaEW2G8X>+rDF|ydDoJefglwHBSz{APua(;JIMtkj2
zEN6qBpI{k*M^Jijm63fHFE>RpT0B)B9Ik*Y9BWsl16F8E_I~K_oo>O5-rYkbU~YT2
zlXX$_zqG7#9IbNs;ry&iIlz{&sqfVKX|^iN5I2bC2{<M=wB@1)=XI=UMY}wzk#8x}
zfvo>6o*;3&D3usAdL<WP3rl_IDCC|{(!0D0mW;^TeENv!cO50WkTabP%rG)Um`U4h
zIZZ0g3h%INQFuMxqTC<J@=8?FU@XBUU8(f9EXpdmI!5mQNccV#Tc|6d!8`N}Cf+kM
zen>b9_~Q+ct0Sbs<!=t@z+MgV2yWOlZjHoAi?W+J<4;4hv)I_RazIbbpw&+qO?5D1
zz3X9}%pXx1x($ttHE!QcodR*+a-!DC*c8ej`i?nh1jw(2kL|wm?ynyB|KD?M^U_(m
zR?qHkdd3zV-FI{ygHral9}dAWJ;^T_8n>>#qMimr|GpU#V7T$k1{&pEH(uSjTtTsF
z=Uy5Kd&lujBL$;nXA<TUDU`OaVfPBa7(xg%U7)X<W0O3^<X#HaAG;M8>&sFb=HFLN
zt%~`V-JQqO2WOYntc>l_^>6)>eAKs7AK{vvG$SY}sZ?si-l3)J1iMeKw^hdNS{1C1
z1y{?D_GRU!S!b#D>jwh~m5bulVwIY>Q!h(`+^ij5skhg^QZi@NbeKEg+5=j{)^GCc
zbWuIeTg*XEqpwuDmW+&f4`y&ciAiwV#fd{x8r1P$b)>1oxhET*2W}=Y0)d4$cXcT*
z53F+|ptQwptqFt{x8<2Oudpx6*Db>QN5`xOYPQ1XZ@uWurK%;}tfqnTN-BdqQ$A64
zpgYKB!)AsnEuT9Sy>${PJLH2CN^O3sv8~_qy|hSvHnJuc+LeIw9>Kw%@uPj@ybawP
z`BjLf(>U4fQJek<@D++bYnOgBSiSqUq~(jrUJZAn-?=SzZk))YKp(>8<`0^?+@|qJ
zS^TGpPwi&6@RXR}3cWht!xP-4?PklIsEIOO^!nFI(}K7K1oh(g)beEYYEdfQM6s$D
zG3yRdbD0IrkoIUshqK%K?se@{_+B;jdj?jQldxH0J@j^HEEi$~_4BbbtfB(FJ<Wm~
zb*GP<X`6{8^Cyl8r8;%dILp!hBo`FtC9H-x%c)NLHajX7==A4?ttOshH|}w5evTe5
z+quz!7#pmXp*W|gwJ_+_RkoV(;6QvqcW;UF_Wi!!lsTrl{@h!5)ky5XMc0I_;DymA
zwnTO5<>0&Kmg{F}k8-TG6I%bdzVDS1HN=vCMlM%5uW_~gKcVVtroCINT1qycanH@_
z{+LbeZ+Bb2zJG2!$&0lv84*4-d1;SF(+7VEUW|EzBsk;hbYthsTJjFZVqxa2fxq5Q
z<p1@un3D*Wjz;`AV~}Re5qJ1kp2#1c*~<;w^h-IMpN$ScuT~Jf7J+x<-OFAIRCxMa
z@*~%*V6JBu%%o8+<-v0^;IbL#%H2A0M$US3`AQMeXwGXXW(v-cawBGqkd~}e;X;8|
zQE&ut<0Tfz9U_1pv2>o@TCIO#piM4D763cypci==J*MpAX5$$#3up+UD)O9H8_)#n
z7K)kBVc}z%4b;s3U{4N(va^Q#YvAOm^@&8{<vO12lDk^$yk8_Mc5^15=#7a-aIkAe
zBj3Wlg@O8kiE)W0);61BrU`Q>fKaz{Hva{{Db$zuy$(trR%{^HEZh=}P<IgNK58{e
z0nHN&=Fl7cBX>$=pMty!LKo>>yoBYYN|yH&9xmNi>1!?qgbrl?_|@toCVLkhqUyS{
z=|Mgl0|PjMh-I>|^u;AvhM+D#H#l3MGI7j1Qi~LkWrjUq8tM7-BF8(5c6dJLMcT-U
z?7&$MvfHRFL_jIp^D4efsHVa5UytbMn+vEZKGqktxmJsv8@p!v^F(12&`FM{8LPQM
zmz?A64S}je5Mp0ogD|_YZjA3<bu|G#ZX@!8=-mE5S-5g43;3|rL7U7?sk7{GWo3fp
zRMEzQEAB^!j^j#~Yw_#WzY@k8Wj#+NL_FH*R;W)%q7mI(&GJ2Y<%3BPs?#ru{npM+
zTP$oX%?G}!XkP;hjJ<;v!YCKPcI~bp5=TZaj$L%mA+;G#0Uy~_+|P`=3YIl09rL(5
z98w)YN;D}(#%|#kC0PJ$M5a|LBziP{%IjwgS+A<TvJv<E+xoKidM7?TRz-%4=_btH
ze?U@&5=9bLhR0%sGn%S1a)I16WnB^%iEhKmG`m|oaloTqUkFS}id;ONI>TSu2dYMv
z0)+xRXN@dikHwV=JFHp6d0{CXf)C%ibV7lrZb0<x*qnfz5HVmt!+KQx($Iu)6p&by
zVP<<=f;iL!oR8j}&J&`2Sr*_*zjYVkYq0m;H+x@LS_^Jx-KdNYBwPGbe0_Fn{!*Rf
zdK~wZ&jwOq{r`^%HJ@+%6xg3wU)n5B2ZnS1n&`OWezm3V{=-OiQ^<o!M;*6mo~nif
z8vQG^%-u!A@*)gmO*%IJGE;!3Sn2p)15#t^&IDLqDhW5R_3OjK6^;_4JUvg*D7CfK
zSU<W0QoloTCmE7gbU?7hRWYT&WMKBjK3!*sb@V?Tp5pbUm9eAtqY-HnCG3F2dzU5;
zL!9+2Fke<z#%P&6%Yty~_I`gr1zGU(z@<F4^=p^&uh;A|6}5MB4R{Jrz%@CnaMV??
zwV2Z=!2EGrNM|1pvFl(pSpL?~BFNIPyOvW`OV!;Yhrl)lX3Z&)XVKqnmpm!51!P7D
z9=9GhmBra(HuhsbhUAdUDC2(7b!mQTCYir+-nwSCODTw^rmk)?o^M|sV&kTxo+L|B
z(kzB=%|VB0<^1r}GvgZ>qnq|yoW=P6rfYI%tQ0ff-$paHFpaD9_$0?~=z2tBzUYR?
zLgd%iEwB2~QY~7xwvik85uWjZu@=%p)I2LhM%-wVPB-m?I<_W~Ol6O`-+NK^$<BZD
zb9y`wC6?;y;?rn|5x?47|EC4Ky<n}eyBDEREBw`Wv^0It_}}s8^F)S5cY?_cVfo6;
z>ab}ZV%d_`6P00z5uOP1fNPxkz6~c<K3lt5S>grTmYj`Dq-b<t?F9<dym4lNqeb*V
zrW{ed6yTfr@amzkX3Y;)KTax>u`oZA=pyfwF-<CW`W%pp34Dm+^XQF1j(4z?{Kg|u
z2uB)FZy;1J7nYuxCTwVYGy2kSo6YW}f!pt`Mi!$P5uyz8`{3h-F9$EA5sf<F4P?2$
z$<a-u+YK7%89@Oocq;ga*e4TF17?;+WQ(<`i=0jQ+CvKCDyO4?T8b!JE9KXVP&qCz
zVt>uF0^|^ubtT*8DpvaBoSw6Xt*}S5&ADOqHr2N#=C@%$EV5V|yEF5k$YS+vL9@&F
zp_#3%8PF_?yaivYjrF&w`9;CoV8RvZOKr`-Q3+s3hMn^NqoV-ht(49@A(w=<)M_l|
zJQYn~kY>E_>tngI`HX)TYKqG@gHg%H`+g3E!ilGNaG#M#nsxeMC^>wYPrr|M>{+N9
zsml`02QnGvoQ;vSOhX^L`BFhnHTeU1hSgB46Vqs2SYPEk;@QO9aJDJamCrb{komFu
z`;HV8UP8NiL<aO*roPo9g^PwwH`_<@jmiA4pXUPiv-{qpMp1Q!-sqZ>W;V!(+=~$L
z@&eLlQU1}Pm#8l&+MEDcys<&BZ}bL^tnrhRn@LhBZ;DIBsBVf(jSrF#KJrIei@4O-
zm+A?gL+Cc6w&w@W(Fwp;TM^I^=GvQ@4eO_dcgU7gah_00S2CU8z5aDzmA_riz{j>9
z#gpg%3cenDNWfK~>HLr&%&YhAmGc+0h~_Kknr{l`3ZCGVH%fbSfZp7c-k<7uXbNTK
zWA3b3`D4$7%^aXJTmv*2Z84ooT^_tyy4>1dZKX0i73UFhB^?|aYzd^)MsaGh0Wgw#
zJ#NnY^ats48|NT(Acw;51msUMMNxZi>%*N3qscQ9<NrX4$^UrxeACjvx>)*;E`9$`
zm=b44`!!MM2A?4v4GiVn&di6~wtoP|yAd`%y>*rG@&43U4$1C)Q}x`GLxc3gZL?JD
zIu&BP6f<+KZ66?OqZdp~W@;EAp)Ms+Yl^Jub=$vd=88#uN|PyQ!Hc#8XUw0sYbCuU
z-jJNmZ+^V|mM{AaaIa<6TS%og)$qV|!`Ny^m=Q!W>)PfT$dR68VZV9ow*9hRMT1i?
z<Lbmib6#t8Q@O+qPs@!UpQ9!l-yG-w&*csjjf8YnB*yQ^)DRLIw3tH$nT~rNYiDpV
z?069Nrg-Q&FEoneVJU1kZ!_>&dG~qkhl5=?dEFjz@)LZU?8zACm%Sxox-0$X0TPmz
zMv)aKG*rc1yduN1^2wB&u{VD(({p4rc%RZk8@FjkXtfU42l=QL$YZWaF+-Ya06%Q8
zw8aHf5&Q8D&}Jbj@`!sq>tLU48!-<Ze7OdqWi2?^jPHD7`JHC+x7jBLwVnyLQ(2{>
z{whrI)5vh~cN;A%Mg*u4=e0j-XUYpFwKK)8w6oyJ-6L=l1*k<dlc4RVmE!n@{OodB
zce*Cws5?i|k#y_Vids#{7&YNspMSUhxSU{eqzs|3Um9pkC_R{1{hBtF-%In~KbWM|
z8XS=19oCy`QhIZ4!r{C$(9?%o(B@$s7d?GydoCm-a#u81eRCiL;^`T2Dx>jb2F*D3
zl|x3oMb7+a&xD<>^}<!(LZGy`$nSp!pZJy;ld{EGjTUW`kP+Gcj+rX?U+gQ)(l%v2
zGW2OE9@gl-yYvmUO9jRShxn@b!Ui9_$~Z{`FJ=M=%rw7q3^E)QE3=*rs<!7*Vr7Ad
zZX0u?)3qvcV>wPffd0MpD)&}(nQL&3=Fu~J+DfuHcV@I}->VX1a5T3m`INQ=!N^(1
zLE9$Mb79)=C?D!tbG(nC@wWX;L4iVRam;VA;Wh}12o~5H+Z-P0X`Gl3fo~`qw&uc1
zzwK|Y{g{n5#lCN;0Lc)jeY*HjqnFn5@UM!+WG!n9P#|Sw#}{bidi7Lv!m73-FQYGZ
zj{5+DwnuosqHdImvTSs8Tb>$ZkR3nQ@E1X{d=0Do63gmkl+CwU7~T1y444hFn|LXL
zsv0C3(Db}8-PR4GEGJ8nS3QPjueQJrV9ilotAi}$O6<4$zml*pb*eTsVRn$iPY_H&
zq;DvTfMYWH#PwBp_-PMF2S+hBU#*H_L;B5W^U*}gQHSh1m&Ah`9G{Sh=Y9!{MuJM>
zj8Yu`{*>NQw8Qc*vp5x<&vU_*S1g0s-$bV~mM}c)$QQeCc);sQ)HEsPbl%X^j{?t@
zA!gD9(4%8u@8O`5dU^+Njp7=*PDh^50}H-8$CZC$oJ(+gw1%BI7a5PmBg$msh<(HF
zs*#I7Xt}~p2FwKNXKOJTV%|Cs<z*Z9?Ea(eKAvaYRszpMwx8E?)y71A&G7pS-sO2v
z$D*Sw9baN%0hsgsu36Un9d)yB^PPTm1?lWmHr$#wGRt$+lmRYJ&7a3Qqr8s4U{*iu
zXetxxv1+qLl^ewb7{0OGu6{Op5|ksfEq?K4W%voy71!TJ2mbdxNL3+!yFu24(AdGj
zbaiLT4?`iDOq1wFg;^$47ub{A`=C1CCML6Dtv`@h>)1yqsU9I)>}(JLl*ce$+>@7s
zKW;;g>MI@lxO9%Q87J;7UH%C6b31PP(J$+NSVoSr4W&0uvPN;0_pS9phP61W)P&;d
z_qwq5jd(bg{l{Oh!9TF03!$!8eL^ZDTK|w1*K%J!sbvfmsBS_PqTf8k#r4NOOx>U0
z_@hKkr?8Z!vi4NO@@bIXWIyVqa7860hmhztkJ*ITVd(IeED7B;-9Y!w1=-^#KwRNY
z>BBeNlS#V*Hw&$TDWBz$tNCZw=SgE)s%!6+1DDDq^^7sLU#d~6WI45M%mM744hjFK
z_Pc2UR?gWx+6Ev8<-m05y6>}ZGk`jU<Qc-AA6{OqE`curi(vyZ6hJmlUyUbkNnAt`
zC9U_^Nqsy0F2mwN-Z@@B`(r#}8wdy*55urqnc?7xhpE%l1yXU2`W?Vc<fncE0tV3n
z)Jrq1v8<LEKA0Q$E*SuvCxY^IcOsZj6kOFGFjWauB^_v<^<1F6Y-Dw%s=B_&ZY!2=
ziler(K<IDwbUz>dJpmbEY`ZapYMM%bkr7ix01w0z<9@uzxeO7EAepvpPI%o*Hg^`r
z$Q22-+(asdM4umWQ&qu9LgVHY{(_}`E-}M|UXf4kH%9`e!pFaKjhzhZ^P*rx1*{(m
z=|8!P+t^ek+mFHI!O$s9$Y!+VMpQ!q`}p1d59#u6ZMUgfJsYHvD;FUn7q`QG*EIau
z*s7uOp<C<cLyLvocS?hXWQ$WnQS}AnQP~p95PS?R8i~yaH1zT2{4tS#A47>czk@9j
zdkotcDT*?4dvK!Ok|R%IpAugU0=pdAT;x0){X2XUjqVS_iIDg2ud#EpETklbE(ODC
zoy9W+#dWv)!!mjGC%DKZ98NqGCS4>?r62OoFu~Oh@n)P&=C1&Q1veM!_3}Il&k7ov
zk{)&{1J2iX3jlTaLi0bF4+IXtC5^aoy*F)t(%~m*mI`HK`%V+i(UWe`^q<B&Qr#sA
z>GSe1Gbr(_BI}Z(3u>#LIOZR$a9jV6mX~OSKoLZJ#(r{I@Icmg`TmYVW?tqo{e-gQ
zKL}1m5Q(pP5c@X(xH==M5Wm|q4x+f_cDVLwzNm_`S-tKTKK{ibDd)Md$JswOEnVmP
z++ZH>W1U*>AX@Dl_8vhXKlW{gvr+TS7n)Y`!5Qv8(Z1i8x25Tcg7=rUYi>?WJ+>Xp
z)r5L@a{gZsvC+QCds4G1#QbrM^%wA#w~IIt44(xXkjFGQjkg`jKovQnhBS#1c3tVH
zi1m|^u$;G|*1xHRj8;m5Uo$Hp6AzNbxBT)Uerj>oyHetW$T=S$K5E$Z2<-vY`(@4e
z4fSHZd)=*|Zis*1C+KU>CXKywHpATk;5vWne{v?Gzpme4T0V~y?UV`Lc~6A;#;e=-
zS8XY<s#voC{^h_kdtmC5DesWs;BH*#9EhMiW`P-d9Qby~vKXNN6P(OY{n`)#1d`3$
zfHoEQ)+ALqFI#iB(IWuof+3FCwT765SOp*I*B^k!w`z2V0*!TQjQXO44G4MwCz*yu
zYdDFg67@vNQ1;&!i*19SJ`tJ&b%IQ>0eN&by47p(QiDj|sAN~l{*NpxU0&^7t1qF{
zN!I{1<Sqod82pQzRcaYstw|{*FEp!vVi<X{TKNX8Eo+@wv0+p9l#LHnYx%AZy~U?9
zhb4VePJr9F%wPZ=b;6eW#?IPMh1I<pwKB2-ki3+>4a&Vb%mv_)HC#prtpB}q-L>J!
zrfsm6-PB>{!%Pg<yiJ38dLjWX*?H|TGQyi2>>lD^6DRrVtXovcech5Nn}3QF!WZOg
zCJ-IyW6nyVPY=;xrO5FKFfX8p)9i|CERC18BEn^PRK=My_lZbVosVxzh=%<EgdeK3
zws$qiNC78GnCdgR6+V8?{ZT7Z%jsxM>F6hQg0WG8&fT;o)O>Hn=#SJ(#JXL@2c(72
z;JOF4S~+ZUjhg2VREHi$H#Pl~QPN&*;f2|8vKplR=Lf}43c$aj)T%vMr(;9>4Kbzm
z#E<Gw#!N;)cPml+#L;XU3)bnZ#mx^1<h3lR>3nDl;MrAuA8$!)Q_tZ)kmzeI5L8j*
zW0Nev4DOGtf!vJ!*c>n)SrS=Pi|lH^WNz5H9dgRz7dZiDASfk33fMcLvRVkJ1mpMU
z@SPxVg6b&XFqB7s^eZ|JyeD8A@l$)c0e~Ia{W3l%1;w_S)5jG+hD0FcpG}zT&RP9Z
zcS2{)i9qmQUoxTAUq5u4Q<A{w<6(t_NFhs#8J+XaFBtf80+TTYUZW$rcTe-)yd=uz
z1NTgoj*V1s7fGx-Mtir9Tp;K~bd)sCLu!4d0$>G24bmx-UY-wLm6@TU^Cn-_Pw?ic
zlg>xzc@r@7tez{|k=*Zpw_@$3i_?}g)r5_=u%c6;f8u^ZGxRNl&}(rNPMm+kiC{$%
zb2zMCL=UoCek{N%n`Dtn5<-t#Y$$2)T-iMb<wFU*6K0n+zT%5#m7Ny{QCTLsGK76S
zpq^+S9d8`-vHS^Znk$5Z1!JC<1I`bkNdtWM)3#f=m~5J!Rd)3Pnpnm+yKqjM8~;MS
zPV<fH4CvMklOf`k`}uwlf*AcSRfTxp)q47kptm1y9A>Ms)`>_t<{E?~FSmZcbtQ5c
zMGm^*|Hv$1G9O#nO1YRz&_orjzG@IV_9wu_hX1Dp%=DHR|CB3_7ff0J_T|p*3q703
zy}TGzVM$fYHxs;A@MtNn8cJoh;cIu60y?3FaOUn{h^v(J3pbD_eL%2+&wKq93m2>&
zshuSilcO@>wknUJdM-LJhLro<a(@~#X&WHo_j;o)S?DrgKIkbe!f*ohp7CTTpkv9n
z;9mrauS#&TIT6Dc%i1H~F(K#kkT{QuaX?9A%{n(d4q8Ag_AWmMlmNR<F#4K*+Lg0p
z1lO8cKj~T_lo^GFE3a50sNo_g&1CV5i<k|_vo?2Pq{}px$&TpK9JtNdof%f`p0CZ&
zT|BAFE*pRDwsf?GU-Wf%NYwxQfjpJMdF@Q_UHAUfPPiEb*jLYt1*8>+k*$wAgIn2u
z&~^5i5)PLkc6sU?sOh@;HQg`=y>WK^zZZS_^MZj%15|&Nds<no1wQ#`)%F}lwjVz8
zi+!^;!6|<1w5@M;#Vcr4SeVBqf3%`V%>_B}pu!B~14O04=I;sX$wamIvNJx`gQmtq
zN&RfSiow}(<;1dr3Qd{|ff-}0V%cH0vJ<+VDsfAB=lm+9v#83Y7}4P}(PCigUy!K8
zJl4vPxd0R)aG;D8aH${4<}}kwP^%NKJA}L2hn|@YWj6HKU*{h36lz1dloG87vwrfK
zIbn=j$y50^#p=VQ?H@QDIMeX)A0YReDWT|b)olK@0%$k+G1YYr9wxQP|4PlV@{-Zf
z>ze{_i^g~8WJ9uYUrO52Rahw|>m;nS7UM~`eKKrCLD+;CO8#A^mr*B;X}_aV^VB`f
zZoYV=?A#!9{FHhb^XQ80xwdY6!GU0YMQ81Odp;1FcE?^1gCb^ue0bfJ{@*FvMBIVa
zJ&E{*lRya)sjfe<GUK&3fl4_hoOVB?=V8IhsJ*ihDt()N*UU?*;o>1PBN*i|GM<-?
zA=E{c(1DMk-Yxd~O8xMsHeKr%LRzYi8nps%mEs_ndU|k4QJ$T!ZEOuhh=F<GfXIfo
z`=T2L0OCNe<J2hNdJcuKyxPP%9pvK)kkzkIUl5e|%?Wd+;kgbw(tP!e?H}o7G+h^)
z=}S6P2!UXKF%CHBQ`?cz_iryN?$JrpRMUA8m>uQaLPoy<bZ7ytvLz9J?J(5x%5C|N
zK_$vc9xT318NeCW6Y`L8q0v9iOdSUpY+S@6Y~q}c<VVJlrES!Jf+sB-skU6RsmB0q
zGP0f$)x#>^(5EoBdb=!ne2BINn3pM_H_vx}g@ogqSof{i$74qK3HhI#m2G(`4q=aD
z!tN{W=RfSIFKs!^=rX-)<vv~UxS%J$_<jC?G+0u8i{Zc=(*h{j93_4>Zecy!Wgmd`
z&kG5TyBB`q0T;EyLMyATFIZaKrF_j=3J=9+mjx+v>ze(ETOk^e&|aFfo8=&#yr){N
zU|jc6Its1c(p$So!$Z8Cu3<%jIY9BwBsSO1ZPV<LFaSwg0GI`D*WIgOszT2Fs~$z;
zth&C++cQiEAlM0}5sSyxZpHr6GU&S)CL{o>Ur_LN=d0xTi>aSMb}23WBl*)>EWaxD
z$;zzoKKGVEFF7xx!4L^>H*?g-;NTwd7=Zs2VAiQqZ7gzL0FZlg+$rL98jBbt=zIf<
zddy&M2f)Ck;YTdp^`N5K083$%Ia2*UBk>?-HXskL?Tr2Lf-VMn$6*6fJ|14k>09F#
z1p*@Zu*#~s{hhuXM(<8)Yxu~UzKm2CU8W94kX}beCM3J?zOGgG=jlq{g3?kkllu=Y
zo>{DHfJ>(7ez{9^5kor$Jra^HfWEFD{xf^z+aJ!emL;VPKyf;CnyM%+@D_cRRAA%I
zE=dvU*v+x%;ShG`s_>j9GxX1Hp2L|8BkWnNc%E?k>1$vW*E8%!GkF1H1U~wHswr$E
zlxxxTaOaTO=Ko2ML{zX9!~>}FO^UT6Gv_S*_+>&c*R$21IQrZq2jwJA-2~nbZQ*_<
zCP3Ux-1LMi<V202TkL;~oP4xK2=dIedo$Lgx&T|M@e|JgW)w&T6;3`rRX6hJc>CL(
z4N5&faq(Q&WquX2*DPa8hKY~2O<{iM`SHu3?_~+YdI3CfcOY(WhwbD8b*DqIoH_5Q
zR;uU37G&(XSP&{7wpYHE5BCa<l+9&SD0X;&tUmsa{Q#B(ZV1u<Y@wq9vup&X>x@i*
z-$X3d^7`<XucEsWpWs2VJ5N(4@JtDPN%gKw_c<O5Hpi^SGJ#xf6Ksb9u!G*V$OP%=
zw<gz3A)IIX%hss#0_lyMhnteMh7z&s8dL+`c4sWi#|?G=6@F7svrcfpdm(?Z)*uGm
z$bYpd9pl*S6%-z5ec$Zb5Z&$Arr@*uBnAT@OAA$l>8UvB#8gKV1%-VI7o1mWSgL#O
zr+OYvIGb7C`*52>c2c+=FOjk_Tw6Bbc<d)``ZB)Ytm4)B&s(ip#7t)6hmiNp+@wPx
z51JJp-~DY!@eFt1PI>rlEl3j*<~pj~9bi5eXoy;7hnj^Kzi9~O8XN%7O-^fZs-r)<
z((;C10rtYy6dfC@2g8p}#GVfeF7HaU8T+1{*<&Bp?@=CIu*=hJrQ(_2j*R8NBrnO^
zTos*H)jL|f*Nf}y?GWyoPG1!%Zr3wf+pz1cuThK~X$3WJm-DO0`vxUVR3QCuB|xU&
z|LVhjTKk?UD$>aQPeQ1fXTwoXQod11`mq$=YcK)MxPo>vg?ufipzn7jmG%1$#0L^e
z`}Es~dIxqJg!XB6pG4i^E+ac!6TF0DA8hA$*jWAJx%2*AcA{=$*h|SV<Bl@j3Z+yx
zdwB4q)`~W+^=s&KH`OIz<fK-tyX#PCVH*%q_|5e@mIS&Dr5UoO$p;OksxQvbj+)BC
z{8M~%a?tT*7bix7cYd^3U8toxEa=KdK`ld@mQH`b>GMRp_@6Y-=hyLW(?OcQYyha_
zTjsj}l9{Gt;hnGdq2}!yuM7f%uhk^QWj;LZ&;1JUeSaDRpC>k4#i`_S1YhnKfXzHj
z4Jm!A*^BQ#a_+jKn@guj-S;7$kpH^$*T_8EHU>WV2SknVa%o*ulE`RfgoY<Z(A&JP
zs!1D_=uOnTjOtJ1>13p#0e}WhRRd&9#vETSu7AI#k^8$tNL`IDz_7J1*VYWcfOA;-
zOR)@aO-m?7+;1#ORhDh=?)54%j1fKRPs?Z^Q+oZE$6H!-Zt}$i%Dssiw=@!en98w1
zeF1N6vPHSCU=3{3)6KOv-Bj)lkzY$C)N$J^93d@E<H3>wK6z@i|ML1z2XdTHT1^^W
zpu4UPmSFCzdSs820mI4%{6*B)q8P8mKHz&nkU!~jrZt+MPC!ejr}?b_Q+(WkfJ`}N
zz@G-`{4~(TPtDHOoV{mY;>S|Aolvzi&c0bNXP|w5;)m=1jN0sY6BVI*+#|XedKZ{v
zA5I3ye{fZ&^Jqb6*{OQ(FOMzj>y5{=LPN#_&l4Q|r-482>XtP7bi>1Od;QX`T>S)c
z9r7h&>GgOqTR|`GNhltHS|az?%1`Trx{Wt!m=yu8>iM+eKpL6epa*qbg13L7Wk>s(
z@iy}6Rr}!$YxPqVCK!a}WD&B6Oauv!W7lebZ<jx|KuJfApjLKtdw?w87osX&Rlkw4
zwkW+USgP{qpS<N<fXp=8<b(j%eOV!{WX?068w!Zny|X1FqT=#imz+yvbPKb|7R5I8
z7QP@B65gZLCSva+I_zTEf7{OZL5}+9ExH1m>aSOZ4-%#CrI>}vAen1}<jS(k9~(Yl
zC$Pf4qa*TF$>}}W!8RiKnyXRV)n<&md|!u&+S(i8B6jJ?2C6HJiL%j4B@9jKzY%=e
zVl9hd9o<kX+p=gEydHBd(Qoub*JkvHkS_PxxYmziXN}y@dJ&tk@%<+#aL<9J6D*IO
z{dAC*T0)tl$5ZRSJNrhjM`SbOs&s$4$rX4uFvW){$?Kv4Haugy^;>7xqy_TtwC;SB
zczkFpzdX6juLORFpIiL0AUFdO&FwPa{|x`y+F>J8!l$6jV-uwmk}r2v6>ph=MGX}L
z2DJN}S?VWHWg)<U`4<#b9bp0`bYupMX*aq|>c@*h?N&~mA1QwLMdBkr27_Vv_aTKK
zES1A&)B37`IMiV|<v`^PfQDDAraC-AKNVyyT~0dls>E`khHE?&PLurII+zek%O?u6
z#*L2I@isnH&#4Mui|4bcp8g#%UHtwbDkkpr;?P*mScq2xU?b9JT}jvaH~OlL9aK?6
zgaqascyV+;M%c2M9C~Men79Xs6BQaJ#h_!a_b=JDm({>6Wh(=lgOMyF5TKdT$JS~b
z&@4cB16#H;;!dCOUW^8uxrJ&DrIXZVJ#ukX-jn}CiI4Se2&+l0fnDBTf$JkO<}^Dj
za_xrJfyN`!x3Qlprl;^?>JbnDyJIAS4L;sp!nBl3N2E5DOx&68j01L&W&}b|?L#^-
z0%l#rKK(M{1|I%Wb#=I!Jie#o5D&;0&Gb>L`3Yj&&+6D2$YBzRi68bufDRGPf5D!A
zwTsXl%?0e>q&xTXjq}g`>iWb%`xrFPfpggjP{Dvk2Y+VcN@*KC?!ndP>%n13A@6@P
znTUplq#IHu5z4wX$B<7O1*f0f4gT^4+JIR_AM^_zJ8DkZ(HDBMKXYdwDLnEP;il!?
zxc&>L+h?KA*_S~(T}FcG(J5OTAhBbK#^)iP*^T1u;PW;Jldw!XOJDm>j%+Qe?u$;E
zpPwO4axK;`)508t=a=+k%#|AYVSS$m@!Z3fn-9l9d3^siUbgisR>}*fzTOnn$)Ain
zfMj*3)D#Z}Y3dIo5v&K$y8@Gx+k}syi)`|(#qV+ad&K33rV??JZTQy#@e4|(U})Qf
z$wrqNW~AOP6C@;SlV^h}PQ6B*Y#1k)d`5i?cL-dkZBHU5CE5;HwC=7=bwfzL^t;|x
zuPWHwty!oC*D(UMo(@_PT(@{&a!_X$jp6U0tRqu>tgk{(;vGeeNuOF)c+zdKXvvv+
zhYz|<_XwybJa!<V#^UTQ?8;cbriy{zK=j*uTcB_+xCS(AJ*oAYuK0x=+CFw|2gB2i
z^zpYj(m9O-{o@Kbn%W4B-A0$HqB)VM#GdFo;Vmy~e;Ov;Nz3`!6A#K>m_Y%VpQoh6
z%IvxCQ`V1^Z^p3ad!s}?@=F&xe4>WS>7~!E0wo4#2=l%4@QjfmC9+Nej1Or9SOa;L
zbP`&97`zJHa=Xim)ePupxyUH=qK2w+_g>#i2|kfu8;&*qDpAlhNeL*kl&mX&3XzVM
zQ}16q@x+FTdV@CCej4%1`%@03Hc<6oW#<<DPYalxYYF*JGP7N$3gJrOQodVG<8h$6
z=%Y>BsN4lHA>`@;I?bw{q7zZwq7j*Ug;r+|e(AIRRg-?iB=*&9FE=<>wp7CTb1L^9
zfIp$SPWk5}-VW-Q;k~McZ@iFH{2K+<Ak{l=(E}v6Kb^H*Xv$7WTUg6UP;e7K-@{BJ
zu}#V($#z{0|LeW3^u#!9@Zs;eQ2sTW;9^NB{%xO9#^qzq*5fW9geDS*ky{uu%q=ed
z05J42-hxwZnOP;ga3-q&%S!I(m6&HxVozQlun69or&_|gHqiOIXMco`dGPCj!iqCI
z1gWymv!bxFbuZu)-EA*5TU+GWRa3D36T?v@aG8*eaCvD&X}(j@ucXJ+flgg##xY~*
z+c_KF=+67#%b46a;LaL*s0bH&fqJGRu_3G8LCSyW@+4N%W8VsGynzQKk3akBY?cWe
zLlZF{e{`5TeJ!Zi9d^w25c+GAQpN`*u-l?#JA|w3`(lT<mMY!IrnnYGESLL>fZ60g
z6)HebyQQk#wbA+6yIbxbq&O}W{e_GfnxIF<30_3x=fmq)zxR`ff|tHh>E*EXZX8fq
z<on1Y`X$=TL(n|g)`tQy(7jem+d;rXY_-JC9c+BBXVh-YLo3#737G^{yL4dSAI!<G
zBW3}B#_l!@4%2^H@X_|vE^4&gH24}ESp!*r{OKo3+FTz{4-jCU6L0Q+#^RC+mI68|
zf<SB5$nAU=Ty;OPLBL0ti@($KT*;BDYx&gE)n+Z|@#w}g;K0$QZs#FC55t=AM|L(e
zyTSLVxd*x&AYgza0<`*xhdDpd(&BF_7E1#twN{7LY&;f*VoV9clazHxT=s7SoscgV
z#bXG3nr29~m+aLA;yLWd6=QI*3=84^C()LyRyWjNpbz)C=l>6e4#C%wex*X<pk7hK
z5gn$1Y7EIQiI(278cp(>d0|S_OTD}7x0$(NEt3XGD<(b^vYh-nrun^7SX%3hIhi;h
zF43(2*wG74?+H{Jp3j375v%L{=K%QYmStEbh^0OLzF}26u!kuP++2*B`n0j+!(pES
zI!-!DaGM)~#4(Pt>3DwJO8pXvV+13y>Yu>sYVfw$Ro<h;>gck?avC`HC8|M?c1<&O
zvRA<vuFYL>p09L8FPk>}sf(U`)-u>(vtG+R=Y45W){~ze{l~)*D?kjdhsFFCNCjx)
zxYs2roAroH4*s27+P#s0<7oxKhLmhPYXRS@To!`#uoJWgrc>dfPm-t4V}GGo4zhb%
z@<M|P7Rt{phmm1_)1MKq4`69}ZExj_@TP6k2S>j88+$E`flAh{>H*PavU%B0U4M1-
z7GMH!Z%rJrcg^mE1r`8V_Wvpz97a(dms%i~>FX<R&T5x7Azm1ys^?|HY=hUExlSYN
zS`$^7P!Fi%%V2frpyL4x$}tq8#z;TUPZRmj`=MiIa!q;=b*9`m@PTR>{T!bLectN(
zyKL{=y#Aj6254*d<;<%3(CCZ-Sbmds;I!Y3bB`U^ALW3@;=V2KIeLX1BGkOQ{QYE|
zWWWLeIOH19N2POZW@F9E%7aZP=`ohsGj*#2m`WQ-Zvb5>ZkmTgHvO+1aFj@hciXZ1
z;oN}kC-C^|t4!gRc1(cNHw#(%pzpw)f!b6@)a9K0{a;;wT->D<n%G+#Sfe?*1BzI%
zIpu>Z;P?&%A3D?if@==VElPEyO#Wm2fa10+rY72jMC$tg%T^8jk_(qUu(J`IF_;*T
zpu82@Y;<XV37hxa6}<qkUzLnfgcP%_L=Obk7IIS3Y(0603A2bOm2Tp}nzuSw{wlla
z9emx726ph27AR%d0S461J5oaFzxttN^rvHd#J|zkkJK562veB@dMlopwX%(Wzh={(
zc{fb_q^?||4V}B@;|@t}oc)tm$}V!ezA%1}paB=*A8qNA%#cFwC_D%IGzF?xb=ZU7
z9r~%S-mYCJjV6yomU!4%2A>^4x&0m20pL=>cZ)0fu1!5eM%(wtXbo;8JnW~bB(B1;
zWs0)w1jZ$J6CVgaUof$5D*@Bm)RPsLvaqZ)zViMtTyJ(%U!kA_VK301D{`H4rU1RL
zxk|XbBO~Jk2@jOm(grkpu#ptGD1w8S;4?Vur-5uKH<4Jy*H5=3RS;Sz&z>}_{8VBl
zn*j(1?pfvW<zr#(U?_^yX@mX#yl!6>>K~?WmEfL_^j%>%VesXBd|A+vtSmK65AYbs
zQ%1<c21E=n>YXUxTCDSXgXN}FQq%zqrhd=<o3e)HrJ1Pd)PiHmn#Qgy7(gQao!U_6
zJ@vfxqA|%~apkb+8D&nxrsEY}r|x3;b|gA}Vn$N|=pCDY>8_1ZR~$TS@AR01J!SC)
zFK%}46Ack<LkDiC2+_|dav*<})@z5^Jyhit2<-;w7A%4IcT{MVa2wX@6>!ER{TIg7
zLr^iKeGg0Ez@-SX5j>mPN7WrsWlhfj4FqCF>BV&tVo}}%io3vZD<8b-(QEnLb}E4?
zoz;<p@4kgVCr%_M;u*H=N<4ZovLx0^wjGRA-=UfHjbThZJpu*#PeQBv15W8UvFAy}
zcG6tElbfXr)h5oQO<5ZPuXmLb9Z3h0V$_JZL$HAuS^1lx48YFi41K}_de-oU3TkHm
zQVeT6Kc;FZqD^8B*pxm%SBif%!pR%8Hk_F3K=>jpv}%Vi^`QFo&;BcO02&kgXX2I8
zH|y5w=P)xNzaq1-<_y1)^;W?sLb&`0$TLa}0GDK{)dT4Tjgif@RRBIsIk2%U9ZB98
zo<dPuOB|WNV_j(%eJgh*A22A!5<%rCPDb`(v_r2XFMdt!E=QQN)>Bne3>(r+6_0Bs
zR!?LdUti-Y(#AiSU~h#l{qyCFta2=8L!OEwH#<YRfZn+*L7;GDxFq^itynUb(cNKF
zftfDwF#-=QL$yHL>qBZvMgbQ7kjHkL=q^x{orA}Am*=C_OWDq1_MB$W^`;M?L@4<D
zE3*X>XH-!b@%ztV3wwYj_H2~dAgbdw54Dr48)bAOE3WPTxtq(6S5G&{BQ3*beh5Tk
z6$L>YW?J@fOslA>kQFzs9vRx?Kha-ZcSYP}+8}nX0tTEEfd07sqQc3hY#uY`kpUsg
zMgDlr2Cd5vDZg)WjX*s^cUH&lWKwp7pYjT|dAZykQgzrwi))3n6_1++qTft@MHpL0
zu4irL<)$0~W|+IW13wD(%6<w`<pX>%p8@orv`7sH`vAWaEi&clSz=Ddb>QTIwG2}q
z(&o^Vm`NlIBCXoJ@G3&sLC_umfef5Eju$&G65*I)Sn7tj_S9OPtL4r9@`xV0jh7k3
zxESo<|Jp<&+WtSX-aD!ZyZr-g1w~{;r7}t+RTNZ&FkS;lAa6ybDx;PvAcPeGk+5YG
zC^7;vq9_6lkRl2yd+!-Y1j3TNH(^5vU<e`HZ|v{A=bm%_^c>-keAn}Q)?+?V#Nmv2
zwhQU(53~0s$f>+7wi2qon)dALot@mc<+!Dvb<>d8b<c_#q-R!Y+fu0ZH*siXz>qT6
z4rn~0G}&-apJ;-l6(7HOg=msy3sWx5r*;Kx_f2c;*Wym|XY)s<ew2Vzq1N3Ay;p-G
zc4|qS$9tSDa4SJH{ml&~(W>RLZCPJAe-j=|c5FUOJ}5tL<$HlyvY(gD_=uk>mSVd}
z1_KSyK*}5`A*6MKr}RzK;_D?VC2Bo5OluyR`a(n^^d4glJH#(9G)E8&5@YZ|(JgYP
z?V!>MZM0c@2k*^7$ou}BEQC?>TpD$I^mTERKUxIoeH>@!RNPYHKKwhOrUB%J=tv%V
zyh{z&(FvaUPtd{0-RBt>Y!VIDXuV~xT8t>e{h4CyijkSN%I8aDlZdI(y->S}B&D4B
za07SEhgcdTB6b3baihl77v5gq9D1GY%>lJ=;IsqU`38#47eSC_7kn4XnO3U0ef3xS
zmL8be*&*1W-R3pXDVFCcs|vd;cy;096Jo}6a#k0#CDZ@-;d1i5#13TFRI+?Wp=MCk
zLfS)EkeQ^Y)#_&f7{Xr6l~!+Yl$6JC2w2v*8-FlYc0FoO!&lk6G$ZVkvwL_~!y8uH
zN$(bz^M?vmg0^q8rp&N_sJq2X#aDDBzWU|im$Ra$UaQ8bfs|NbF_UOIYbi>RX+4~$
zBWWq!1+81B9r<&Ja?SDpNUf(nzV26_{EV%hh^gB}nadr5itnSaX<vJE;A+!V{W9rj
z@tbP)Dktq32_nu-$3iX(65G5PD%(5Z{BJ9_6@M#B(jW&9bh$T?GyT7q<|rff%u1fz
zKgi4w_^%RF{8_#V_EHd=Ny<lA6+Saf`qn_<-AYAIOigt-fAO_30P1Z9tcvZ|2df@x
z`kDUsTf|SUKU8%6^Q{6;Lu!!AUGZ1ImLbM0pQ8->s6nL6Sfz`cms*pRtL!1_Tk0eu
zZvF%L*!l{-<!}mR)Bhm5i&-|B=bJ6eDdhXcvAJ)q9fo!lVzsUw`40f(OnE}s7wTWJ
z71I%Rz@hy^;$Z#4HLsp=^*cYR1NrE3IcNT+R&!>CLG!3^RkpBDM_2G>XuBS1C#TBV
z`Nw@h;J0O5@j?lCWPvlLbKzNOh-c$bi8pj4U9;ugH@=9YTs?@;H;<*!kJv+w`Q#ro
z#k*i~j&<`%00kT*dZ(yC)SsR8+%28PAblf)u6K&j)5>&`R7aMT-=#4&kJ8QWxT!%R
z+6n$&Bs05M<~W{?pPME;cCcEU?H`aAmzu9kchZ5R<_ni3IbBkQ?k0rvoa=N#^y{+j
zcUe?n7xrNJz!~{ycPT7p+;}_O0J6P@*iQup#!kHn<W@<Rc5X8{6gQYYsB;Ddd)5T9
zl_mfi`}c$9KA%}`%fhc;21STCBTGQQHRz$L#=Mh^@=@5oAI?uhIsyAEtAzM*LuOqU
z9x&X#oZ^(>u~GX?sY_$Mg8dIZ0PpLwy#F&Sm8ipIw2*ZsZhOzgX}xs@YW(Yi#kY3r
z*1g)}55DCS+t;0qK%dk;E0C&Qzt=JU9QbWkt2gTA!{LGFo|>)gPv*Nmb0;zX+aU#T
ztv%q<t8E%Gky;PG7l$n3thoj&koIT}%cDm*HF)<H_cNoPLGx!8JfvTG-~8-*l&?9=
z+jRVkNK%ka5W?JN^ht&X+XjEe)m&q5?sa<+@aA#0oLv=yxJ!n`5X@I0=}v)nXMN`+
zZ#PHimfUgc=cBeW7G*c5!km+se+D1d*Vb5mT<tZO`^}1{iM8mFiexHv-rr4~e6KBG
zvoOuOl{D-5$Tn6|lBnj=4sg0r-%oe=!tQ}3&^SDosQK&Bu*YkIHay@~u$;cEfil!~
zf=#cvA@cX)y<^gSd-tu5gDff1X#Tg#t_0nP%EJ~I`***-44DTtzb@Nb9r~N?yqLCD
z{~s1WhUJlFW8vEgl#|THhk#p|uO`=@DLXr})m=?GvSm#>2h^81Wmme^_$TQ8l96#X
z#QHOGB?+^fvefwU0Km=`0W6EoG*-tenWk^nwOu<C+*0~9evkn_yDm5(vllWwDWYDz
zKc4&<rTgtmzX?2FN@q407ujMF2ne9Jie*FZ>dvToET0R46me{mbgeX-S3;zY&FQw5
z#~(@y2hr9>%<@2TR-!f#&-*G1kn(2bcE7wT-}8<9YEG@IKG>a~g9H`${{FQ~-|q`!
zW_oD47cwdVH-DHd<+=V?#wy`IoYtCjGv?2;eR7RmW1C`yGyfxT60~`bgu?zQwme0G
zsJ3<tZ}3sPcp5{7&tjx6gtSDEys=*%qsa?d<IP2{FtT!<!wn+DXAEyk|EH&nv67AM
z3AsVhJ+3OwY)&>_#MC9bSHgG&#eTEB)TY)GA;xyLblb5@L%3AGdQfO1b}xAkJPm&6
zFD}qtM6h$(yzIVpzAX`cdg8=PMZu}UnEA-lfbEbRT{E3Gw32pMV1(;><cx4`=9LPf
z+TIHNzd2BAUQgqkR0b<Qs<~Kx^nBodiBbwt)0=iu=uk70pk!)Z>C(oQap?v2hX0W$
zW5R-S;gZ3_DB=uF($LL;j{05js^`+620qDy^OLI8I7dTV42oKvStz?6LiatAAuoC{
z=1H^yJ)y3S*83Ku`*SLisg^`}sLmraB1(rFYlb^Faf3VjMP)NlMWrxRWv8JJqhDeB
z1;j9ROf|ZhO9Pt<zDH2H!Xts24U1^kJMIEKY{>LzYpB0*%r+ekUv30dQFOUq%w~T?
z$2%GjUj`X#!+*LB;*E+DRGcfq+qzp#7iRifzT&loKb!!`Z&iYCb`*o+6rYp@Nk-l3
z*!+;X<NO7O9lE;T$4oOBs2J&Ae$HA0TKF0Hkeb{%380qWI{*-l;aTwrlE$1pz*`@e
zxyXz>+3x5etd^PY1&4CeA-?}z8}&Ek-;Mn<Xs-Bqaj+7*LEtXP>X=Akp_n`Q@C_J3
z@;>&t&PMG<>i)5d+_eqdhR6CwuoW_ChPYN<#ocLF585B~SUHy`QM-7nrCjeIr@0o0
z=5uQ4X*;87bxVeW5o^SVqdUGI?GIDEKj*)m^hiWkWDC(ZfbPFN<Cs=<=Gb88G(_6N
zlO?ZnKlr*HP3x@3Z@BrInzKN#utVg0r?NpT!<G8_4(DY)CGibdKv#gM_}#tjg3Wc1
zQ!R}+J@Cl0gPl9P4{;AeQEzJBz00{0rE@W){gXzCAi(iDU&{qqRNW0k1}3RqaD$p|
zlT(d*1_pf;*p0ms?B$S8uNOTH9|y3{*G*jwYm8zjfHvCgmcu{V>iaG&%yCVc>%#R(
z>Vm5&t-sULzXEJAIm^0Zn{1c5!-f&3zjUsyF!3Z@BdcAqQx`;w%$$1_&n3=^62luw
z<gXUGfKK%%(YVQNfnEnJ8@PtsPJ?^K+K&)so#uF#S5m(A`<blOnsd{RAfxF!^T706
z>_yK9OcH(aL&C=e&iX%LP@ancLyWI<!#-^5rN>tV%ln<$8#QdtpVe!Z3|1&MW%4dm
z=HFyFW%IDwx|J7xUnQGQ0EcUGz}fM->M)6e``3ePWR=VMJ%y#1FTVl}#GpCgZ_Io&
zf|98)^m(O=pz)LZS{V9$14mu&k*HbKgFzz*5=j>GDogo8k%!$GTCGox$!#7cg#g`<
zi2?mdE{zL3wE0H|)7NQdwOmt~opzpxy0X*iD@{Yq?Q{*x$&PQZB)=5P<2cC!>9MI}
zEu)`V<gPmFXQ~mhoiWoi_x!0!T(1!Psui32t=*@NnYtA+UCiy-Up21t-R_yMktJNE
z2CX^mG;V567Bl}#OLk-4ireAAM4C@Q`_T(Xpg_(n3_g)LBNBx=<j~ur%w5c6wsy-C
z`y;x>n3OlG>~G<mLWN-8xfyUtPUQEsnx-}P`k?3S(1A^Pv!{_d9;+IU`+4T8-I2k!
zqmXY&u|QmtQ%Lz)?c3)!0Z5h2*Uk+^XlILfzmXY9@^)#(kh!qy|I}2p?`o=KLMKWS
zAuWZGhEkO#o?1ReXk+6ZuMZs)w45mEvA^Wn`Q&vW0EiA&NwA@KIXQ&$`7)JK%xT@~
zS7L}_mmS>5)^j5DuGQp;F}wDaP=vx%Xzb6U1(kPAkhwaCKoU87g}Pd*k=K!ZX-CX^
zwBrF3^K-FN%4+vTa51Hg(Pu;WoV=FAsQrZ}#&;#BPa<)-!8pxhTqTHHqM{LzJI@H!
zYOTL}EYqE%VE0Rx0A>E~PR~EA7v9riH7|KC{asHJOwYQYVv;T9`4iDE?l}=tY!GC<
zP)nPSCPBqwVq<z>sTueH{asyxPM-hJU-M<xRpiUK(;O)UT-CCh^F_g$5y^EsW&bu>
zFXfCe#b))2`;DQO3huY^+#cZqD>#JVe%Orf0<tH27h&~hk;~?6#m}Q37(-IbF2gb>
zedXB)_N|fuJ)P{CFN|K`3r|C|BE)AJ8E>9NR)PH&HO?^of~w_J4E?Gng@!Ti=A2ME
zkWhu=)Qf-o0KZTnF3p!M^xW}RRSoQ8;^sZ{?`h~jI|-BFW%AWX1wk10k-l@KILb2x
zgBU)J^aQ86aB|sv@`{$Q5Oo-GkPV4$S7&W!wU>I20vWrkoJPP+?ZA&D_wki0ZNTh0
zSatu>?$pvhlOQIb1vB(CJMWRY5I9QM_8)2Qu1Pzc^|9DnR<JUwNpDdf#f^IAg8(%F
zVedpG^M^H};|ue#LHp+0Kl^ay=nCGGwPVYdjXvSHIouw?TWxW;l9O|7=>k&lkOz{q
zj0(qu|AO|BT;YSU8k!E>$v1W@L0OMOv)4m$2hwTJ{_txDm^&|Y!`65pd+3lZ;(Dn*
zklow<D|yeYR1bM1cj3-OLaLRiLWrJl&!mrnjIo8E@l3Iib-Khwq(%?S6!da!^e5JL
zn<C=F>imcP*+}^-yrHjHNuRjrWOuG+-e3&~oQcBCem`IDBo{KrImF7&ojPK$$X9?i
zRK{sLUv%u6tmulF9!8-m3TSqtUJ01zj06?73TatriI<16H2e8`F(Bq`ei#z{S_kb_
zQ5MhNd3$P^{VvxqPkStSy|V3!T|R(JCZJ`la>Ty9*Jy9I?^|XGKPzcG<YmMVGn_a!
z)uHASxLYiAwIV&s0GI;Onq*)$V(_qF`U_JQI+7}CS@t7F9<$moQt>Fp1?)AtXwdOI
z{{_d_Sj;&YsL>t#$8SIqwPa(mx>fix*q;Y27O9@3+YI@{#id5Cc`eqgfg5ZeXaMM@
zyF-7R9(=Catl707nRdVo6>7IA8};L(1j&fuJoPDVJX3-)yJEQ!5B9%J`3|f?W2yH6
z-bta>z-}-au0-%}5^F0nsrRp3mkIdkurNzF?YfPwz7)PNyJiVMGiQCq3Rl5U7rTAp
z*!vu<z_;RwLG0Bswp-N}%HAaSw>h1WZ4e40i6<-?&oJ{l^Zj>!lwaK>IX5&D_d<FE
z1+Ov}mq4VNJ5?EHW@WzGskQ?yVg=yN{GI^!;5@IEGl?Q^cL^5NrVk4{s+(B9b7FXh
z@^{^Ci*GScmmpp$Rpk^eot8G&Ee;aWcCBcLH2CP<8&0ZG5l7m^T?WyW&DLt!rI$O!
z$sZDDZN=UmJc(9gT3=vhxX3E35T*mcznWxfI#L6RGMa^=EW*!v(<wi{Pk*oV6BBX7
zCb#xsqBcWAW;!(WBx3GX4J9|otR~0YxyvP|Y1nw7!dlVD0@%AuF3VgL%!ysuv15OV
zP(4t$v%c8gFr<B@OP~q8_%{N!;5UJ^G4v#;%0KCagxpH)DBNowGeY^^MRY{v*3}`q
z3LMwl7}4pmuVql0-jaE$)T0=+{l@fsth-9238|{6vwy`>^{}z!I0P58c#A00IFF*9
z=+z^orhw-xJhgzhvlJ0Kb#!1v&2V>HY`6KfCqKl-1g53Dv&wgS^GzkZpt~QUCTAL>
zrhFiU5i<Eih$Q9tN2+{uNJCVwhKo3}Bnbw{i)Rt@xAIgcE6bbq0!KXT={TK#tQwcP
z0B`Dc%=W%pdU#!p@{{!L-vLK=tF6JUPk~!-Z=&v<bD^3zWcVEG?)AGz$j*ge?-BoS
zJI>2?8@>9x*Q5-1!aE|qYD87tGQ_+<#B|gVH(-WVIfaqY0`lpE3<GNvpcVT!p7q>%
z;fFc03EM3Zl%|MXj0vkx8EnWa2cZRDWC<yL)os)GL?4j401^`jaEDZ{hm6|^;~+wd
z^$=B!JvBLJ0rbVoWVqcf5F_~&qj!jj;5NN~vSzV;9^}uRnLV9lLR<-LO|`JXl#jQ`
z5wU-iJ;KBm_4uzOT*G^_FeVd=H}9Ab8zQggsXpr$ob>oC^ZcHXps_=Ff4_w9n-Is|
zUO8+jyI^Xru3`8%lw!Eq&nIL^QH5{Tt^6rpSt6{DJIoR;Ipn&z#HEJD(3uZLuPw4o
z<U4uCkw_luj=(p(>m>Ni6k%t;DONW%$KlLK227)cD6sSsk`dYP|Ifm2kJENO$B}Qx
z3Fe7Fa63Su)6x6PeXq+eVhN;^^vEeQZJpFtX2Zd{Q^b4ZD6QadS|K&{Hcxu*gp2H~
z$};;rVQACE&tz8EtC&v?F^U!+bk1|9o`~@xI+)?vRwRT4TIvWSEx!AeL}gnb7jCq^
zgg^L{qUvV%_?OO6taN5-m)Y8GjaSevFNByQzkQsD8N@k>m2Xrzx}aFrpFW=Vxw560
zb(7ez#d)XwwzuFF;c|>(lenYTur!hECMX@JAYHKx(5FV@1s%yz#R#g*{rdl;aX|s_
zRLuFjlHG1btir@w>A;ll7#Z*d71{F=3I2$q^?BVnhD{lgtmMDElm4da*La!#cDsh!
zx320cjv#I<-yT|sei3^nDOUWVpnfXMZo;i6Vl?tTWLn^DrSICYGdYxGPO*(_*7!{!
zB3ri^ZaE9FDtKBfrDc^H>^;T8c89+z$coFjz}&pIcPuy#wJkf4GAL;>bS9KRpKW#>
zI&Mj!tS&*OeXy(S;&F??M7tcw0>_bhh4f4|FWh&g4H!D@WU^8Ul2xD<^yL57RqB@d
zw-rX`<VEZ%@7z~*mAdLYOT`D#q*v!OLwH7g2b?5oEhSREb0AYQuOC0JG5ns8C3Bt|
zslM8@NcR&%ZSyq1e`inYd^#KNr{Pwony0;xwF6^gzx+D)$UN`Oa2`e#!F?;?U96pi
zw9`*1SPfNto=?M7<`H5T)*gxU>bv{@!vd&3Nv1~r7{Mnr3INnzt5I^{akS*CURw5$
zWBUqO{(%Eae`YA!AqEeJv=!uzr)9<A#{>jO03l7(;rUBVJ_v(+KdU66!KSm05^UT1
zYVd6{PDWBC5Sc9?#!8khsS#v|;+Flon|*2$_OH}jS&@YsN@f~aVz$2)^$+^+P)l$K
zdoHavJR&A80B_T<kk;@ap$l1D!#zBx-y$-*@*!m@LF^@q1g)_danH)^hE4gcH#@`q
zaUTEl9|ButHiDPVCenhe4thFMM>@a`Gr!2T10~*u2Z-1>`9bGnlZ*44KY)uXPA^8G
z;x0xaA9DuDk_4d!aipLdi8t4+`7?#3SD%vkqQR>zGlrBqa0_}akra=<couX2sYAMv
zggV;>#H8b=Kj9nPit_57=n0Y^%qX<Zx2O(!4d}f2Cz$tTJU*5}?DRS9ZL<&^D7xb5
zoGjlL#Z&8w;F5IWcZRVl&b|Zq!lg&9J9|&SE%<OqW376R`4e$kPy1%hO|8|Z-^QER
zjTyQiY!%Zj+KPl~j7kl5?lm`p|HidpM?z0}oi}O2N+9gZ=flUb5c{iAV)9q_t)r(D
zJgxFpWHHF3F~+Uu0>)jYePje0fQHvcZ2Pl76ytc!{$*&Q%Nt6ox_)qEkk`S#tNChw
zY6>6Zl=z+B0`l-LB&igiPTkYHHW<2ZN_nHFOVd^<e>8VMu133luZ^vNEgKY;2{3~V
z_>9;0k13(H{<+}sf#w&2?(qx=K(a2xg{ba#dEp+%2&_~m&*DMam-ddNe9p!KGsU5Y
zbTDlXl1P2V7svA8D^8QMtww3zTos3SAmsy9WiTU8f%l*vKB6-3N*Q3?K$JJan1ZOl
z%Gu?KD41ej77V(ujzjZ6l_7{64J#$8DXZAwk~+?f<-nvhSMgJ2NL=Bo*E_L}*wx%%
z_UemYMN7z*b3a66To@*3n4=IyMcUVu?S3mu@2Xgsw;SFnddzs}34!%QOD-@X4E}>t
zq*(5%WZomp)%|;(?Q?8JT&!&)D`MPZBs4{3q_;t0z2#!kvf2QL0OS4LfEDyqJ308+
zqBpNM@=J=fjtkw$!c%YIZ!KDviu@GEbwM;Rh&~KmFbrzS3__}u)@+j8J?oQHZ<A7E
z9Pu>fH5y|(!{|;usI4TM+jobw@9MbU*_G}5lA!av-7>A*hJAw-RaMbEG7?^jyq>J*
zb1tX<j00uy6k;wM?KNvMn0Sliy&l>VJGO+ELS3y;<`z3k>IkO!PdVoRsdzFPXA`>d
zR$`AjFIy3!XAU#B1!*3XWWPLAU6b7S9j=|)Cj6Q*-9_f*tw!%(yWahCR3FzE{>j0`
zy3qG$=jhmEJ-E18u>mqVF<EG(dXMOpKB*K4djB08mK50$_{Sdx&e0Pe;TYvya)ios
zvB0d6dFm4sh!(xlrLp|6s22o+bRwBFk2xFs(iJeymGp=LL(J){n5^1BvQfIP+`U1@
zy@{<gUwNG4loLLtg)lne<mC>~BG*nqn2qtU4|@FfNYjxa_b*Ao*V!Jz9EO;w+ve2W
z)5x8-(#|-3lVnCiQ>IQ5CWd%a=AaSZ`k=kn=m@nJA&OAV%R{+&nU?e~U4{#h)8Uyk
z5sUBktn+;C5cj%5I_KeOdbX$Xx}frNCzmf{b;M+?nZTAPZo>_eWEJN?plc<wS}l^2
z9)ZT5)x{b@-Xa0sN3^w$?Lx8NzPwb<<=X&cy-R|Y@2;36a{rXW!V(qq4ErI7kjuJ7
zaTPS5T(oI>2FdT4MAIX*^K(+Th@XuKI%hdKBhM&#-}-@1g%94@6aY|a6(G+L5u*)0
zRs*9{cM3ySORFpB@nL!zk*qG}sq$9Osx*NjW_s44ic}3ENw|D@yhLGEfa+Au2^{^M
ze@gjsrx|@_sMNaCxpLu^M*VO!w_zwuK`ryF?;=0NXkjMm(>yRtpc3uJQZ8r4^f+i?
zM$QeJOm+;#=v+J)2%f?X9_Z3{q1hEN*D#3)E-k}J7-QPmD@l-P#VvQHVj=iN@J@qB
zGG?5W^&U&WKIN1|OznWx)G#D1B__2iZt1E-E_XD0qv{cf%d_z+1Nrt#UQTm%(|v%r
zJ_!xouW7XLY|hlHPCh+W^Q)~aE#krA?2u%uw9YCyq0v|#!@7}VkO-1?k`M45g|Sdv
zBDG#c(X8eSJ0;RFJtgv<uqNE&q_cZO`YOr5zenN&UX=yGRRmtS<CMXk#J<YAG6R#Y
zXBE3NC#a~X#H%1@TO~ysA=US({k)@6*60$ejjKMJKO$W)HPaepam#R%^(t|ykdRGF
zDogqD$^W?YvZBQQWe4ej>>%U8O3ibVkegZ*uQeiM_B!>xD_zt#HQ=j7)k^~l-0CGk
zTHssEX@}C}h2p6fmlujbHb5q#+Bt{vhEAR;<xboFHCvo3B0r3RDMK$#6D=1S=O+UH
zW^@luj=T(|ovCLK7^>oh_WJr59qVB{qES7Fdh6`ML^|!AQ3?~M2rqzUCs}Wu2J}qp
zuhEUg{OZ0v^74ui3J<*#DtsyLWX@+!T_TI(Ql4bP!*0d7-7rM%*Vv|D{6so|hP2{}
zJqTOwZkoOk9lUlvLq#Cd@am;U@3D+JV!dWFWPNBR<7kIB<JDSB4{)#Tj0d8&V~RcS
z9UlsQ?3Hl#YPt=4VjtXl9>nKBsD5L$>mM#z9e_*|UK*yM7C6>Gik_QO)OO{}H~ETO
z9U|}q$W@+B<aVoP7IIpH2OQwri}7_tl00;m^`)vJEZBRv@;@?KjTw5@+eK*1*Tjn$
z7TbFJoiG4=+jm3^{GSzxfa8q69ztH65&*BviD(AfE#bnmeu*Zs+`cb(f_FexslIZ&
zUq#@~IA>NMpL)sp&HpBd>``t5b}O;7yl^jTekNJ$21(ls@rK3k;?in5)fO`wX9IM%
zRa2oI-j*5g%-u)M&QE8HULQz{5y7aGj&DXJ7vM}2wb7L}EDD;^U>~2%g=rjmpfdC8
zOV0@;-<xDneWlDVWvajmR&|Mzy5QK}I$L(qC}kKG)bh2~TwmEwP)Vkm{YW_NVnt(g
z-QTb6xy@%3s_$ALD@`ChMs9Cxh&qNP;Ipt@<n%PosTg|m5!*oF@aHi~=PmliMLO$Z
z8l}Ql(miPQV{v+)-c;v&%+WlW#=0c%ROdr<Kmz6u+U$k0z>bD(JJg7qx2lUiwv3Ha
zpG4uRaNjmm%IQ!ktyd`Oe@WM`(hZ0=VQC0QPYKC@Eto}(I0nw)2egk=FU7%FJ8T>P
z9Qusya*Kc8F%al$_C3(ING3Vh!(tRD^31B9ImVuM4f_H6czEh}h}7sWg^ls*A#S$1
za-+@JMBQMz+)VuLk8kYS@9n}Ls$42QR1ucnjMP*{Fc(C@9C?I1<%~wKFXHbZ5U22d
zhtJ6mQN(K1s7`N(Xdg)&tYI7#3tqSda^J0TlJz7eY$?ZGFOGhQruxLCil%84qb2JK
zkBO2ovdU~l0$igNx#q2}9Ek9=n9lC^L3bwu)yA8UqpF*bFy}JQLCdU#uruodS&Dj!
z$<l*C)*}ml3<g`jDe2H&gGK>KjzrUK3|nA4qZze;+Dvk2af!2dqVJJGn7YEO`BbYq
zkpZoSR%_genXI%$`fhsb`?9wf5L&G)40!S+tFiG@J^gYsCxRPA(t?io!~omnGACTb
zv|UJ)SaBCL<bl}&;?N{hiR(VwJkN@iB46RhL8TMB<1eCvaq6LF7A60ctn8NSvF|<a
z>7*u32+aZ_9v7}14$15Agi@2`kBxbgKW*4!i%vbyPMdvRn0zp``2k8^Y6#6p#k8?>
zt(bp%GzrSTiIq^a&1>V0s<;;noTtjT-0_C1bz88tI-;iB$T=HXU$-QUD6s5Qc_jTe
zt+3cda;*P07^RYSFiS3)0{6ewDH-?aTiV-<#U&yA>J6pIp`}w**jud;RjN1Zuh+$Y
z{5DS0JX3fSjF^ouf?t?T&j(Rsevndrgtv|Z$~O?CmdxU{lr(tQ(mPe_G}~-#2mly8
zl{>%D!ZqQ1z21s_%xl`F|8$rHh)k7pdE31uiS1G`@HO-_R`Gp4eCAL2#xuo;5Gi9y
zGXU(^5afbum9lpcT;u8}l<Y>ETrC}YQtmxkQ>4J9i5Y_=0q}yhblV1o1s|LnRzf3j
ziV{XvI^2-hmcLcJhcBFxKsz@{+=sYqTJtMqEuT~NDq9pAdI|~F@J*X4kosU~aZ&rC
zps)$Cd#Rc+w({LX|0-nY@C*Gs3RgZ;so_1*G_ulNxgOYwC>?bo!q{yzG*Eq?!7Nuh
zy0|j01n(t%$>)3<f3X*8l{Utlt|&?f2RFvhyo6D3drNO3jz@1D9utP%rp$CnT5(>g
zSlJk%1cTaR_b-WpSnK@%KYo7qr1`}5$+*~@i_!4OuE`kZoQAE16GWM`R^o33g$5Ey
zB3V#lEKstvdb=|tdOr;JB|1Otr7Iv_9Wl0dVYzxfcL@E>g0)(BbnxM6w#Pg840z%E
zMm#3tqIA#*RZ{Gx5ePp5hl|^i59e2Bmh6-!L8C6)Qh8rs&6jZQNu+z88%GZj68kD2
z5fQ^^DN89)S!xH2t6g+^l<&?d_pN+x@T)rx-wntJJ{jcxiepx1fN!_}^SzV0)gfk3
zGpF-jF~sa?uTQE2+EfeHKoe|3`V_o!UZ$#1V_W#0c9tx}BgE>qEChNJcS>cs-WD@2
z_FgNQvp^szAfiI-WJHmxj$)E%zm7m~)BdGr-9~$jVpt7mpUCgGBS2Jct!kWG-GU>i
zBJlmrnn1!#v|&45+G(g;RC@DcZ>)dwnX&HJAk6QOG=J;mo3I#&m+A48j!V<al<0gA
z{9<wOl=0l9(Ut_0K^QM$74#Ve-S5&`>b;9U0gCY#DWPz2Sy@PkBmA+Li`Zq)z1HZ&
zbV8!U&mbu;@UQ}OrVXEEn&b{v^>X;dy-W99ZsF=w;j2xGeajirzC*o~`!oDOgVhtI
zDMcWTrCS%GNQHXp`vH4Q%pX>-IxIUq7i9~6?E^C*$a#|1W>&#G+@MGs>Gu`Zl<7av
zFUPuzOH9NYEq<LQ@!NCaf+>COdxB}FGmTOu_f0wd_9IB@#nr;}pNy>AUN)5OoqyIO
zfyOD@mGtu&XX*8sLvIgZ31@T8zD{~1Lu?d5VSnD&PUFm-k@=^GH#F+d=@@5!HkzJN
z+~jx7TlBisUhCj7TBTGHB95s+sxK%IGmUTj9~SUQ=6RM3dl}FP$~AT744sgbs;A%A
zPnQHQjBj{jW~DU)k%`$xn*>iBA=NGp4j4_{#og2{pb3qQCA(YrZ*|WAFT}n&`gt}D
z=|AI2mmYgNxI6=XfO_fJf!UCkFzaPIVs~oB?vV9<p3I7>C?Ow1E(5oIy0iu6_bzrw
zW0X!(e8Y_?>}^34^$A+|68XVt6{%`y=@?-6Rv^4X1e$Ex+UmUL{eX1O`&J9r6H_Nc
z9A`C1Og~{E;_^A)<@Ef{+hu~hkx`vC!%BHhnf+Ow0A;|{4P6MiTwLef3`0tSNfMm_
ztkqlfWkE+wmSw?g8_TJ+K>R%;8CBSX54uAL4bE6v8H+h~g4}`Jot7elpNP9J%q|W?
zBP+2Os-3#;$hl1w9h9^1vm+T<25t%GX28n!nOo@Zacs)tY<4G4GJcUv;ePKC!P}br
z{cTl+r3QOo-F2gtv2H_>Pt~=z=_03VVuqD_<f5|7u=+}7$V2&%P3PvvF4lhJsF0yZ
z$4a*90OdUjYcB&GybW#(Nd^7yq}e^97_w|>7M~}g<b1&2NnqQtHJzu+`>sAVv4pqh
zaqQAen-gaL^LE#FDpH&B8(gS*>-5kE#t5bjF%IR6$&HCp!1P3vzJsqU!-@rc47XsF
zp{?!{l41WUCE5~x94x7nv#QR+-CtONLBu_c+^mzcoOPbie+y(<EgTa^EX5}Ysi|}5
z8bC$eZXaD3)gCOPpl`LCp%}z8i=G8x0K`d}=g9W)l;EAnGnuJ=BNz=VEzdp5$|BLx
zXHKTwWf$e(y4(06Qg1czah}d;zf&adxf|L-X|p61zptI%E&K$=;^4#h21XMdiJR4D
z^a3|YT47UB>{K}9fIl%W=%PM)JyxBijBC6v@9WHceh(FVdoH>YeCc^7q)cmk87FKg
zGw5oTLpsPkd-z0x-`zGuWre(Cr?0iyEtrFzYcB2{+Ttk_Dy0a#ro1DDaV8$r#)VS2
zyX@S<hJBZauG@2lXq2G7_Uw#>CxC^yz!%^>iSrphTE4M>dcv2TS{z&?;;t#DnZMff
zNM?tYQGIe?`KbfiKTO20N8a#V9$YAm*P@3P=ZAsUSE4Ia$hfP_hINw^-$0G?ob2dw
zbldxo@feo2<|vQ{+zM`foq?t<0!DX=)&VRX@|j;r9HF4GFJCbAmrX7VSdVu6zu+o(
z4)O2NRk^jt&=P@!)WpJ8@szh&&W7an!5_X){wo2qh5!{k*q?NWHC_eeC#JY%sAa9X
z@lf2nPyP3!nKbqYhC7Y@a;C1zl+_E)Gbek+r0Gp^mUaYru@u~QdD+ZxZus^zPMsux
zQQwCINRdwk5Chm3woY?pCD=t%rPMd5lmQrWb&0o7EoXLec$6VCN;FTE*<@dKs-|J_
zq(v1wL3yW6IuIS_2~uYLV{WK#Cu}7g9yCgP#}IEHODXTH42+{{s(S}fu1P~x?9#j~
zMsqs=hKP>Ff^vg2yI9VQ))?+Y*etx`<(X#SM}0yM+ud<-dq7Ch0t>L6HZn(rF!S@Q
z1i{JOl@!ew9O+*N$6T5%@fEMfX$&nS9^h+ZrXy=Rv~j1s`|p6Ac5gD*SAUq|cn~E^
z{WQLH1c>?>j{^!+P;Q8=ijpPjUJPcUb~Hce!C^-x&mG2dw{az;Sa{<sJeoUwx&En!
zMUAh!NS}d$ol7WYy!2Xj^TO?kUmCNeFF5wfAp&hZGp|5`-JFw}BieuHKU|`V=my!6
z3r^b~4u$<Z8aWN8-mG`=|B#gQ<lxWMl4R0+t9Q#M_-NmP6-O~`@4osjEtE;xX=!!g
znKjfz!SW4Tn{Zy4j1@AXQOuzxk?N7K+Fjp213+4$rkurT?;TBXWiLDNnv2nN)M7Kr
zusKgu%os3+pwVZ&@5kGv=Yt@+>Aj?e=HV@#?I1~Yv#b5DfIr7bH>XD)EI9QCKC%2F
znWov1@*H$4pi{U8o7;Oo)BZLQL#%Aq{+!yiJk~>djUCui8z(diN*52?ZnwCu$GP`N
zn3VJj=CRC?On0~WUzk&z#|Jrj^86;X{rFPv;g{J^6mGVQ{cIk-kDo51M%AXs>$sVt
zCBX+4aKe!{o0AE_tS(NtGU7M4P^yD9d#{y2c1r-`%Bt=wH49ltA?8|Cu4Tr=&daDX
zS@!qV?<@+WdGho0Q4bXP#CIv;M-^q_B?&F{HNQNWehDfr=lg$JEnZ<HNY#UI*dIE~
z=O_Tb5_)H&wx1R0bpIMvus8AG31M0pVSWJkCe$|Y?V0~BE|&5bSK+;jTEM5JEF66x
ziM#0N{6%4ueH{0_O-HB!Edxc_SAm67f1UV|Zu&gmC?$9Ng$PkFBwFz8Y*u@w&PC$#
z-P1{cB3k_<rs?SUB05W08c<zY8;e`F`UKBjB(^=tE>0L#uCl3L14va?{@K8t@B&(+
ztgXj7URx5U8ScbuAzsk_yT1XUOYiSNpNYJTncf+vb-kGe+)RMW?Db&t8lcmZxqdD$
zWcLw%Uh`;Thd-JYbWfUs!s^$zECTk3&XttFc?0&@tz~j1nE=RLB)B@5GF)<F2hthD
zbn|7rc3(rlD<~wt)#*~kY#EggPLG1HbCqJI^d_O|XCct%be3K4G>Tevl5$MYWs@bW
zk3wk%fp&*kqO0B(?i->&J_bf`Jk;=^co3Xc)7#a}J$|LQ@yHtBmPlII#dqOko}F!T
zsGBH3N2}l+@sD*xp>KDlaf4_(`tEhB4_zA+Nn54Z8cB5|0Zp7ro}}50+_WrFgJtHo
z3{m>Q(3A_a+j}8+e)Z8ld^UW$AH;@8yP;)s0sR1~8@XEEnFQ0*^dZ$2X2}N<1uORU
zk_e4AexAD3E`Prl(LxTzmk1swmukkV>mG4+9@#Ezydi%9YmbvwS-UMxL^!ifpzW$p
z9g}8~<#1ftJk6`IuXU`z)t_MdA=|JdA#6PfHY;53`yFS*dfQd|_TL_{Xqk7y%I3zx
zOxBAG{GNJcPwouJ;JU+O3$m3mq16Z*leFS|6&-!fvl~amoG9<o4yI@9Q0^A01SKUa
zDT2n%zmBW6<R1s~zHF6dqv_-h@lOxk*T`cTwuZ;iVGVtJuFi2Cf(2N$ZH!W%9Cpif
zy;szo@U*Z%3i^Sy0!>)(^({@Nn1KXUg@;L5E!LvyO1m#<uSS;nx!+jRp=aaQo(`HC
za{?Pj_JyS}dl*?*Rv~iw<$(It(Fd;7INfaq2^aOiN*r1FRK?ro6rW}El0<O8D%ogp
z=9ET^;s+k}_l^Xonh8=99O_hIh_?aP{Z_F}Lt!wGCjR$)b8(mXG&K9HNi(UH@+Kts
z_hVPLOQU_1*D(yE@gvq(?Vrvr=KGEmd|j_TqkfUGWM?I0gDZc>dzZwch9CWA1quZa
z1pcxiMz$b)1~PW!%IGtj?UDrkJQ{+k3>EtPZwsi1pdU5$W~$g2>*LC8xl_5?9P!!E
z;CHC7@9h_l!l6nMViAU>(oUcsi<BIiC*)&Iqz#WiTo#vQUm1fSdjGqoeV#F!51SCR
z2=AbGsO`<Z7UKSqK?z^$o&g`nq$KwnZmC+ibx1OkuP0rNH;xaO76pde>Hm07iVW@?
z`4*-@(3L<b?=+Yb^VI3r43E>UjV+fCUI7$#Kd?NR+zCDhNJNV+cl3M(JC8UD6;ZNU
zPR<f>5XcLQGB;0cIFvzwWVRyo8X$UEe01QlT<|<NhmDyxs`pK}xjtuEo3Qzcfi+3Z
zy$2?X;R<hS-$l$_8M$k^7`~<=Y{FS9grL%+^`?}|-i)|;*+m9%cNC_Vaq6gVn|0D%
zwRPPO9E@8<k=z3tz<kvFd;B(s&vjPsLV=rXB86VFTAl1Uyw~cp_*o!R#@ESn^-)-|
z)uV&LO3(*gFK3*(QD0kUgFU8qIcV^-OB_IO{brldmx463wi7C51|G_9wy)9oX03j(
z#y_qG*_izdfldG%L&Xlx%|P2pL5wS{H~gM@hTSVddzm)BlX*utTon>OxZgDQ8RXg=
zQ8#psKj@*JW8c_RgT%GFfbmlL>#DnZWQd;Cbjru6?e9${NNcw_mWf9{Yzi$>4KE?<
z80AmTb)5PumQeF+y!s#5Fn+x|M~t(wp~a3snCr}6Ds8y!-2M0f<ip-{+DUwmcV)FW
zAN(0O`~r36v6w2McuUDn?0#^wo$;me{`po)lFCs?+$dYnWubA?+1d_jZvh$vWT`h}
zvpC3F(?{8_NhIVGFlNN>vm&C5laGR{9q!i}h-5^cs|c~f)!l$o!`odKKfiwJ`4}Ua
z=6MUX&w#+#-``OXSlPgr4BwxM|5?9o_s6`+Ky5OOz7}{y-i+iD?MN=x!KMei*~=+)
zjFam1A+#}nLiw#v<Gb+=)tvI#_mk{=Hn~<|c3o?8)qH=8t@6!2;F-<c_}M;jlQ`I*
zib~J{=xxk`&*gN;6La$rHnKAh@UeHcOS$vywQ^hG@+O+cBt=~o$*hp@JcNag>O;nK
z@o$SyU$>!s)@%dWZ&p98KpKq)<>Lx+J4_Y`samUFyG|o)uvc`;&>QjP2S*XSeSZQ_
zfJ+qd!<cik;{0&SGOSCwk+i^D34R-}<l!beCy_e?nYSps*C-~atlg@*`vk8B7^w&>
z1S?~II3n)9cLMZ?<N5%Z__w{fP4c%+mZ%7yjG6tKfEVAWmO6YU2wsrIsCsla)!8ps
z$q-buA?H;VA%fLg@01dkhwTBb#bS>XHmPOC>J<gMH~z*Faw*w4Wq~lqt>qZ|IjW^8
zg(%z^66M(_Dfu!-gbd%Xr>0SENp(-Mtt_v44)@D#&sLOF@N9d4*4*46gd>7e@M|25
zp<8XUUzAv(#lW?{cq|q+4!x2WGGGt>gtVWyx>hMtvstBJNFX{@q8JUr)FA1T?7_hq
z6$!gZU!2b#r`z?QVdxi4LuYQRg4<a53>5+b)a;^5si7TjvkZnJefw=Nr*XOPviTR?
zpa*rCPzhh6ir^%5^hwu4+Vv=aVgWNid*mv7u?5)|mf3(8-<f{>gqg61sm#KYE@GRS
zfK0=9Z{vKg#-WOoayhj!smp94mEhM&_Ee%*{veR}_@F^8f)8}dn)OUgf`sRB(GVUc
zF7sFPos`_5{}W#rk;3Oov}NLoE#?ECig7fQmJ7mpkR~-N+Grb09VGhb+xW&=Es_@_
z6$`pemW?B(=!*;M|HA?tWS|2e44K>Lv%V>|Hq}Bu%L@?W)r)QqzVHGm9!y_4cx}6F
z(?z*G0X_9XBwoDO#*Qq%S)+Mca=bz9En_H2FlRg^-L?3N>-untqk2kFkdv_$rDWI{
zCq<8cC1A&bMWbd{fl#&WYA$T-tpuiR_Axmkp(qwciiIX(RK-yTwAtWuSNEl6dt}+R
zoMoYwPmuZ@BNNLem}P)|?5T|n%`Tv-&l*k~I<B8Q+vja?N#5*}s`62$Ys!zFw*ykE
zg3M{9hu>&tv3J#i?;cTewX;%Y{+Z@LL#vQVE!epRWokymaVWrCbT=OzvZqdkmL<Je
zmu@@B0`k!fnb%Z7A*teQI3c<&pwBMWN<TM`(eMb32`fJx$oSlT%5Y$CAdBYS^r$Y0
z6`x%YqBnQ|-)2}}0H!E=;dSJh4FBUwX{v!sp_g^H_0Upd4QeD<;cWPn)NAj>1(q83
zD@5sXwyVye!*O0Yz~jj{|J;+#Z$X(_{uI_9P8mLWKROyr=PXhDDNgYXZ$z6|R4l+j
zjyn3EODC;u<)h#_U%OP6VB{$<Cw#NMMf@W6J1qcOI+pl<8T~dK$852Rq&|2%M9DH6
z;<Wbk8yK@T19ur16t7Q-2$r-;me_ryzZ!?8EQtY4(D;||x~sk%hZxivR^s*}VL}+J
zP*1yJo3~qZdKw=bGtvfv0=Bh{nD}W8B^jt3yhl_&*?G!Q?-Oaxd&n9*f{lV`F#ly3
z+PhJGPJRjMlll#<XU9Wre2=AUVCeSIU`Er~5UpU@q=pi{E>p^0uUy3%l;0CQw?{1n
zJ1$kL82x`MBdty)sqCDr8K~Fso$P4-M^VmhH&>({8RRy<{Zs&!Q}sM%_*UEOi38dh
zhjuaJ=%e}lYt@WOIaXYB6|^vUr*!ACXG+0acxD~3)nTY1gI7G-{JS_Zn)e}%EyfXW
zfTTroKPrSu`z|nNHNe_{ac|rk>QsV6g~8z309xWdyfDv;d;-CXx*4SW8K`g;h%h)y
z*;_-#)&2VkipN!yXh>_(bUh0Y>N1If`usf#N!u?soV%IKga<3i`4j*M#vToQ4x?UN
z-pt9*1xb$$iwl?*FwPj-TM%O6h3_g$hxFzP3+tH!*4f)!I5F7MeY>$)Y_0pj%vms0
z=JWR#25_lYUVZ0Mn{C*1{>pLh(KAA~hO0YX7K)rU#lD{kGqfH-7+@vsgk?A}@UY=X
zGaK12<^QN#{i#II2~N&ZRI;P&xvHOI+&&<Ic>4Lj&Q{$$Eq!}=n<*zLJeX;{@E}mK
z_rxrevj~ig1&uCch3#LBqkUB)1{bXKS4%K3@?u#XW9V8C<MV7I7~F^hBQ+P>yryiQ
zN1-rYF)O*~BN^?MErYdlqx0L-fXij^MqRy-kO@Q{^gJY(WPbj?viEfeZz?GBx%)vG
z^QWs_DkJG{@|l%;*2VXN*vH|l<m!{+o)Wb$8^E8P3g~vLwZJ?$W`^EwkpmCY32dFo
zJrPv0<D?*X;H}fb!@OnQS{rHeC)RNsf~Nc|wmYg7^E;`R4^J5n*b%zK)oxQYN1Mrm
zc$gQ``QRM8Pfav~xM#cdPaG>WS}&15Qwerg^M3r4y$sUh9T4=X->vZ1x~;M#Bsf~J
zoskQZ+r{!_=AX@CEv*PiR|KQIpN8zGeB@z~hbN>8et81*OYZ`y`njy%Po%ZnwmY5|
z-XvaL`C8%=L!#;Gr82JKZ}$2rpm^2CAX@qWIMQLrw*7)Ab#FmMtl;r^Do@FRU_QyR
zIzJ!8rG#-jPjxl~bj-?mDH3A{`PHKY5$ET`(Ska26(3Ga>{-<63kgVO9_@6^Dj_(9
zhA-^3O_$J+$(i5kO*5*<h50KZ-mD&jD{Jr=)W*Jf&Hbic3FuD4rbN>)r3HwU_wbC@
zUQ}gv;PiD^$sJ0O2+mjW*x_J;<Kx4R-?fP{6h9f2hOL@+XK{NqH6_fmC{Ob3Xn<VN
z{Wve{h>ef(xM03plZnirq#PHJh-f@0#iy{{K%@k@Hq|4qF#>uem9_AN`tGhk#FSso
zc88E+R}IK__>D3orpx<H8@ORPnV?A#93;RrIXlbX9`v12<;(Gg7BPl^cvY^B(pBnD
zW8M8m03$!HG=6EiGS8ria9wb;F}6%+$aH;YekIJHDR@nKE9?DXxYc2m%VVQM?#owq
z@)m__7H`2HHNIzdR{r)*Y#^<;C$Y<q?ygln)nj76egjAsddKSa7Ivx<)y|uE5SbE8
z(}0u_POq$4qPDj=V4?kj+>e9LGd9|nO*m{Bo7e(>lb*10-EY=`jw?b}M?h+WfR%Pw
zUR9+At1%j+hQHI%UOX@K{e-$b0Dh-IAW8lpTYS2?%9k<o^DX42Z76wxGIZ<?_W7UT
z(-6z(VdbAk!=x8IA<7?_88kM+V-XHuUt%)?zqKG-t8$=nwF2Q;lpkJ!D1UUQspOZg
zU|42O6xvJ2!))~t@80D;Ho2Ui4D(%ax+;%2HOhhiWbD+HG(@XwA=m5py%LhN9KcUs
zRudI_UD!!ZRD>(a8DbzZ=-uC}mu(w5B%!3BxZt?zy^D~$)6?Z_`81qmvd&y94S=Q(
z(}Yc5M()4<Xi>lBCE7b^*^5citV@-pZc~++cWB{$X)2_0&zU5yq}*-aRQX=MUzBlc
zNzJZG0}`j*lZ{($nWSJ;N<HP3v;a&w)N2G3_XL1(&cK+2@*CW7$k(A*{5VvMmel;l
z9m(Bk6_SBrkT}2vAt?ENcfW}stD5(+E(9vvnY&OiObD`YKMGggWf?DL*SvusPeXSK
zVikh?-Hr&EkAQm|v^;7f_h)3DP5s(?@cVPQy~OsvZq@R}BH4?pVG6|g86~4fAD9jd
zmiZ>b#J`wklO#GBtmSH###=5aFI7-8CI9>_@gK&1p7g=M=Q>1?%HtG+HK^9=21A!*
z0J>)Yp-^G&QTY7Al(>09?1P9~9v9Q$FhDNuY^KY+gRg!j!(+ivY<D{yX~6l(XxmNs
z2EJ<O1CXwp8bJ~KhT>O#BkB1vxQg8TsiOiYWiK#Ua5j0;M~x~b|9)e^3bQ$&4#dtY
z3(i-fjjf=vUNfVIZM=$AO6tks!SvWO?(0pU<)hal91FuczrEG6@4eRTqc-^aZkK%k
zI%bJr!)Y3=JdwGv)eLh_c5S%@y5YP@Ak=U!R6$h${t>vXQFo8PqJyu>gQ4OdHX=+N
zU`5tOF>O#F$*c1Fb_v=P3?3l~q)v0%4r3ea8R=Pav50fk`?FdxKnJ<1SFbTFY-v66
z><xc@e~U<*|Mu()l1xfNNfZJA;?MerW4zx~49pz=j=1Lto0^|r)!KNo<|h>GX*{mU
zQ`GoXq?$L`FT~kkcgJba_=93i1cBjWhHz(j;4Ed7teiQgOn~+k+zBXRDZ<@cUs$Tw
zUKUV-N%3<GGT1upf)l2k;d;sMipk}%G~6tM_YK+^e%tWv4ma?QsgM2D%35RO0+nAL
z<PkN4IlF=~_aRWD>VAkNty1UP6d*LFuDlMp+#S5agNZoiFmAg{jew=-^~HZ|L;0%5
z{}a+87s-}{xRASU$N7I5%7oAs^vj}L#Rx&W1g$cg2+|JYk-m9OE<C9&Cts0!G1{T-
zOuoTThr6RmfTNf&q2ooC$d#nJ0mxX=mWItX!+cE6vMeMzQN?{aw;;-QWb5k|5P#Lp
z>v$?~SD4Gv&gbC>3ie$rV^d8@&O7$n?ADmAN~WY1diQv6+sRql?o_T$Or(jFcc^-1
zFy~ahZt8cfL&7D#bt7@v-z@6gwT09Q0u9JCX({rxZ%OTay0&>hr&g(eVeMJ|W8gMg
z`8pV926Ls!DIvSY3m#gTa{}iXWLYKd0w-oHgO<8=1Alc+esfho&d{H8NiYTN4!&_!
zW^@0Rn;UaTVF1Zd#b3ibcc`AZMvuO@pGLj+ZL!;VLvKr8e$-k*E|~K%8hz)vG%qfP
zU;UYyc-hW0BOP^bs=`KkA!&}&xLEk%LWtdX!|+#Fpcl^k(7*Cs#kx4$(qg5Tlx=w|
zGm`GmU<<m(K_9i~WWQg#n=W_IK7be%H$cBairuikA~3$IWr%&?H|%zG{_5&Hv&$=8
z)ehI1;5g1INDiI-8c|+TR~;C1HN`#v+ZgHZWRe5qCSZK87efkl(;`^_e_7Y$tlS3B
zo&!R|fJN??Ksw{h-a+7Qri%_hl1e3H!PI#*;XWBmIG!%k{Gc}krYQ6QFji^@3(it!
z?P5lD=i7MxOv4+f+2jr1GP;ZPwyrgX{sbt0l(1X6ERh(Iq3wcbeSHr*y9NgsDdaZ`
z-A?kRgsBePMnj4W)0#{rvsEP!-nqT5`3e@M1N6hKk>+^?D?C_~09r7m<rkS<itTds
z-eii^7o#bUFFGNG*`46l+;_3B>y}ftTZqaA>RH~ZfEGM=^W_uJsRq4qp0Tf<>35-~
z`I*6h*uEz~J@u{7Z0Pq@(Q;7JuE{`Eq!U#@wZ8dg#Ow%F#7dcZfeyJ1A3c6`Wu{^H
zk7HKoNx>B`uqCe=SZW5@JOJhlm@9C`My*qeo`H}er;t1QY2<6_3oAcFWYa8?oa8VX
z+a1zaCov1t1*M;QlMF0;<Af;QWuLScP_wKV8`rCub>^CMZ+B_E-zLEbaW(Z_v`;17
zo0?TB<=3haV?>%&Q|dZnq|&TnV-6F<?Zoifky=N6l8kg)H^eed4~5i-bG8uUF<bu{
ze9nD0_=IO{8^!d9rEq_>32mY1h1vE}Zr`QY%3i>*+@$pjZH{DEsh59UI1PQP?qH2b
zTy&_$&e+FvAmrGJ`L<adhfC)qadu^&Iub?lp(v#5`KO~-o7&mWvJY)!Me!DY!wxWP
zp<#3pD_(tkvwxX+v6BWM@*wLOSCvXv+-wAzddspTRTlK>Q(l}7_q@7@l*hrgPjQV+
z1E$FbQKi~GH&FXF@@^`60o!9zonolLztn1#9*BcaQQ%?s3zsqfsB^HgGOIRow#rrS
z2la1rd;AXAbyZRsGp3Sik#tae2Q><fzRW2>=#tRT8&=5&Pi9}#w~SWMsuc-&8soC(
z2ktS+R=Z+sFv`j$J6|zt7$vN}FNnQrl<R7Nu{Plj^+Zr5`*mZ22VDMJid}o*D4abv
zZ8SuY{(C35&dH7?n>JwNrUth?`{(i@`?-Y9Q|hL`VCBZpjL7dHrI-`n$3RWYfDogB
z{JgMzeT{MQ@n10i!vY|7nE33c$2g;MR2POTHofcl<Ey)7tm1!wT};DVs#g@b%_rUK
zpbkey19q>f`+DZ2EtaqcW7_qcM%_%|5SGBjgS<Xmj^J#ucv5!A?+rH|9eQ++l>Txx
z4a#?jeT=J86t8(WD5-Xv00wE(Zq#0vshR(ODEscPCbO;Iv5cTFfTAEu6)_@BW1|F6
zK@bB(K<N+}iAWQvhLSJ}Qlz(_lrT!~NR=9jlq4!rBTZUp2^~TS1n$N;=X`U{ckX?j
z`^P*^UXuOpz4ofVwf0^#Kbzf)KIZR{+Mv<rPW>WCRgX7b<{JzhT^$PDYcQ%3+hB8<
z*5G$rd7W6Y;{O{94J4%K4HpFgs`uU%5?YFz`Bp61xXD<)u@8`xkE3iF)7Gl}V@A5b
zB9K1c*xqW|<e!r8{R*G5Z%LvvO<yEVeQ(2nf*{6Z&9z;Wur!jN2`*cDTM17LZ9ceA
zy|f9g|MuE#5L=D&)b95Q-rJ+;3Ro59`nYOKMC(&~?uzE0QhM*sh|38NtNglhaCc^a
z(xeE&_s+y`uBPOxhdjnVKIsZJ?p9+yeZ1Wf?jmjU$at}-{LOx{bFhsxcJOnE@u)iT
zJEzFAmmCITzk<5I*5k~E1`h4o<}yY}KGNcF$_`76H^%(1z#E%R!cm_-{^=TnV^hrU
zgFl|HOqrQa<tvDOeFRDztiImmzFOZ>fH(<G;eOd||B+m8>k`X2urMk2gA{gt|2`PI
z-r@IyjfeI{slA-t?{fIO%Y~b_)kUkL)NWGm9lLR3-|gwMckbOg`}?&&|72(X{g`_9
zFRxvK_U%*f`QlrryrpetM^k?6VdL?5t*>3h-~mDzAw-xj7|+h!O6JU^+m&g(jj>|5
z2JtgVaT=?yP|BUw^h<1nr~E9_@Of+F0#zm=9Gi<zK=^*DJcV3>G|^m^>@c=-S0-<>
z(AH**m>7{OqzCTgF1CqAgaS1-f*OBC05@Q=JROsM+6Ps-7~-=$M)l9?rr-^?>=kSo
z98oT*pNnCh8x6e7VzOg_SI<)B1{ET)KlsL(B3_<5Hu1^N;=+GF{YZQ_o#RJI&WU`#
z<2CXp50A==W^+Fg{M;R=;(U?6>K3z$E8dRPdovnpUn$S7Xw!~D+8xIG2{I04BWot5
zu5)!zW4hM$pQeB24X2ZKnzCa#FjmA&RpDOQ8Hx`o7Br#Fm$M*;)o_5O6%SxRSQECL
zwp>~ZMRr1Cm#9U~JxpjxfmJ?uBVBg5(BXgrOKy{f(<sYZ8)19pAPGTK-b(w8+TCRb
z+39Nc66%n}zq%CVd+de!Lo-pHL&0X2bFXvz4I-5B-mph0Q!4&T&1U23%I8k5hgDPk
zrYk1TKhn%sbqu!)v*^z$c;Hz3kU{xadXv>y#p*XL&y}#5HHcu6y*{_Qdv>idVz81T
z6S%odRgz(NM86gxFC~wjhP>H@UM5$ir(!2asRK0LzAPjxOCrLkLPV}VTbPNae)5A9
z2&048qE5(7lv<dPUCdlo7m4rB`_*mb<#9y#v<0ytV6<aK8E*as@U~8y?MJKfyW1;D
zV##Uh4<TnpzMbv=GR^NSrj`;Jg*bWt^jQHeO+N?J$EP!hah-s&LmkA6p=@C&R@Z7-
zer(LST!e%OLb#5{cGue2Otp{rOaN)BIupy>K(Elmx}a@2B5|nb2eMcbS<InHeO!`9
zoXhGxqIl+D!gYawr9VrhV+1`XprTUnnz}VHNRm+jl(v@ZS5Rfo8sX4u!?|qeWuSRX
zT#k;#JI{#D+4U3_ZirnMkgeu_nfW<V4@u;Y5Bx+tl1U`0$tY|Si+qyrVtghjHT6_U
zev2#f1D%(6^|caT+?Z7z3`A`Lo?jWO!*i0^V$-EnYMH_<*Vo!OT#yu)3%*BRq#gZ$
zT)w&#nynZ3?af8N&&YCjsI;;l$7fg4y{CP$j*W5y0*ov|9vdMx^|}sHbtZm!70AX~
z7sQMtX{0n0&xn!fqGl{ndr%rIQk*6~BFRTf&zERV9PgQH4e`+ELsMh<Va|;1^#dlJ
z=}8{%iwALn%09*CNj!!0MsX47SOafF)u%W~p?B!EPSv^6iIjVev#MD@P&7IBT|;{N
zSD3SCxuhgc@+0`gq1+g&lN5Rb?-<8WQ={lM(<CoNpqNU!bOnuHxV;)@%lV$4YLdW7
zo|7B6DiClr{4*_cs*?ARWQBtfT$ZNiYr>7S_;CfplBVmavWP`htX0iEyQiIBtFXl=
z?^uN}Na0f{Z~=CUy-b9xWk@#?nHecJ@P|=_Dw^~lf=6!kCBF~rIQPpKv?L^-Q!M&A
zTz0v~b})T~Iv#;^O&R%zcv~C=;yveuD%YzPeDX;>(}c^Bqy}RX%Rg{AP=YEH$?i8z
zffaLQ2<G_<;?a^J*L!>9FDmVcw!%A2!?$BM`)Q)=ggmm9ULRx`C@WUyM!wpoVwj5_
zA{$Xrpqbbf@6yRM>GjhztYn^Ij4GJtGDfvkso>%{;}yZDqij(Ik0tp%i}VYaZMHUH
z5EI6D2%BxLyoH#4K$U4t7KGXzW@obLZf36lrM<4x5a>rDV<NXYUoFh2Jntndw*SIP
z*6bTofB0OS=g?t|;OXqC3PJBsCA@2mOOmK2q-DRe_3UfsTc@I~3V-Q>@Vj?#=w~=9
zb>1p=Ph1RJx|)KuPdbCFKvwpj@&WZMSA>qwNpI35yQm|Oyv<dzSKFU}@L@~&YZPXG
zPUtC{xk67W?b@ioR;u}gEd=8!5r$EI=b}-&IHs2-Z6x5nwZxtyW$nlBPS)IDF#LmS
zzMaq{bs4^^v2`Jx4Q%VU&7`St<V|auEbA?P(reRrONG~!D#9L3-eQ9tjfUSn=y7WQ
z<Zq512oCrWKT*&c&kW`nV>O*2aAj)d@)g~HGG=I6SyaUX-w@!Mhh~PxcCsUk%e71`
z+_&f+9m$+c)5rB`<GGoWk`+{~nEc<0(J}8ZzYJcecy+kaaEr`jXr8tMTw@s8yX;pA
zuk5g7x(`_s5A#bthvpT)-@55}Cclgbq*l-l*If%RUrdYRoqHbvA)NJ@fy$xZNewH%
z7hV!|u_k#@wK()*;f4t{JTfE>69$EevY_(d?I->qU7p|MBY~BKU)et|vwre*@zB6L
z<xVvO(zLuH((Vs)X<V+ut<}W2psj}}KtWk%M_d=c(P@g6<h0LTNoRADQE$_Ty*@QK
zmCa(T?S!5EVtUU}Tj&$0bVUg@H&Z*tFQsS_5n%NtNnKX}wKa3P-3$nkmXX=3ekpZy
z=bcldhw0Zwv*kz<VB9HrPl=wnSWQb~TnJFa5rf8*cWOUIZVxRV#RjtpD_faFT&cqz
znK-=E{OTsyB2o>ps0QBvfs4dJJMX9*={tXU`K6rB@MXTOaP}D>HHokOSgM8X2HBM7
zIYBwc6`}J+p7W@8TZSjq39(HO`dgVz^zvN{7{)xlMif=vQqFt}L6lF9m#q@x8E|{Q
z@<T||YH^)IIsp?NI3Gr=tqb1K>Pre|Q@P*(<2qCBsd+E<B)i}0iLX(7(Ga7x69@r`
zorVyvyB6pk=5m}AXU@c;AHNlmms_8(?B8(thl^YG*6~e&b3g6%-v!#?yR~Sb7?9{m
z1@i{ilgE4lCC4NXRoTAN&m_6bZ+#ur&o0z<PcF%v>(-}BWm2`ed<Q#64Nd01XOKJ(
zMfgZUELPI#9?>CcrTQs(ev+FK%{TRl;$|Xmh!Jb?ESI8>c(qSeIwTpgL4_9$N+j}L
z5HAR{N7Bd;qm`vtcsysLAJT*$UsJr>;D^jdlmnJ@TAC(Dz+6y6%ZvU6<f(SA$|q9-
zC&f1*NADag7uuhGvvGy4AlI7aJeb{r8IKSDWGos!UC|=znJ%sH$cSi=QT16bmxfFj
z54E|9cq@VM>K}Zkv+UO`XW1(UW?QCZskPC6pElmZ_;!g8=Yke9TQQqUxuz+Z*=;m=
z#WI*z0ppTPj86lM)x!9esgJCKt`ex@J(Mfx3D}EF&NSh7RsQGEV`65#mzOhr(gU9c
zS766F4!?#H<0fd{Llhh~Ry?$r47JC$eHw@j^~Ec=Xa(2n-mX`k#mf$~^PIOheOzGo
zuJBvj&64zp);|?=kbNXI&d~HI-iW%Q?pFIatrQ1GShEx(y)4Dtgy3Rd=XFv6j$vpA
zO!&#5#Ht$gbrbT6^4I`(rQWQb%tcgBixxK)o4e}-^e|$?%t)hAj!QI^sB~3<fVd_O
z+d2CgdmExryR~tz%;sW}hfZ9+Wm*C8Vo<?$cLbE~#U6R0mx*@s4-ynOE95U{x$I|D
zE`%7cSD3l9@a<-9aT=t_Wh<4lriz88s%Z!o;+i7rvJj`DPK=2;ANQH?Do`HY$UV;+
zTz^!f9`jfy&3OG!?_*l2#3B#vpsoJeyXS)HoU^-IW00h=p7szZ5c4<2^a{Kc3g^<<
za)Ci{A0+}#1!f3r&)y$JRoRh=KtQU5mzfVpqpuvkIF*SMCLwMijcHP@rwTs>4*~_%
z@<j0_@PrCH5CIc=9Ay-+6Yo>QOgL2Npo)h^dim3iy&nk<bTHxGu|C;b^A3S4DE2R*
zQlq5EJ<lnHRNxLVzWw&vt2-=H+lm<R@zT({T$?YKHDx7_e%C(u9h;01U4Me{ZB-Uo
z&noX;zbI@sGftFZEYX~Ayp0iS_1K6vZXgJrwmPh8C3!u>DBOs8PR-jPo`2#sA|U-k
z{?cX5<<b&a%GGoc^`}s2WLGrg>C>RKm?l^5g9yb93Aqg!%VbT0MCK6f*qLz|i${f}
zX#F#h>}U5Y{rchr@TfaS9Hu&M)}MXes;TO+y_vZDta)GXfmC_U;9dp)Y)@+;-5#df
zT@x3sBvO+El<RY^AXQrE3@Op*oB-QRce9>!!1QC^avWk{#f>BI2sSNvVAjUXjeIX^
z{9Nq0(-T_aFvpzD{I&7qu4g-Xy4l0D7%x*7=KXlBaG$<{rBiZ@+B^u=ABCK$$|y*I
zrRmUeJeNsc(_`<dv}>xcZ@OWq^9G5jp}=mbPvLiJz8-3=l}nBV3mD*iaq$j}mFLQb
zPi^^N^E&2H=ut2GSsvV@*B{8}a=b!Lw^Lj;*LLq9xZP*qI3pevP<L^Iy4r=dq~&JD
z@^V{B@^7C<oYIN8n$bJgYM@&C=QlZWkKty>qABKm?qD%?ymm8P`ZCpDBBj8ENLK6b
z9wVxy*Il{bNy_u=yqLWpRP5FxnRE_<6h5Nh%w$?x5^Ncfn(stVRqc1{plSgPP3F@k
z;w3ii!Z-EL6g@injN5EHPUs<3>bE~QU&dJFFY%__EWWm*15AjRK3O!RRn(NyENZ%3
zY6F!v%(w>Rtaz1CC~c77P>NJM-+zMj9#PQUn#kFdAlE+<??SpCQA7p)ww2rY>`f-}
zR3WjK+1YOb<Wh#*ByP0QMzjY}nTzF1xy*lJ0oAK1Njy<<wovUEU(~jtMwp0Y><QHP
zjJJ%EKyR-a4%>(QJ}!oOAIaOw-Dt$G(#Xv!)^=Got>HtyMQz0?2pCp~6!tbJa^_C7
zY3Cx9ms97)to`KXDm5mhXFzOF!c%n4r7-z9b0+nGItGbrS1+}Ka@tQGUN71<6)E&N
zBv(7~@@uVSgl~(YD+$KR%9J(`+Hf~piVbZ0GmDTer@BEs*R<?vL6a)^`wsQ&0<CaW
z_Z<?Kn@_Uzzb??b7F+;sL5`d8ibVw^6;Zo@%OMXTsR38p6c4*kgQrGkeolZW|HfNI
zJFXiOBgg$J>0{MuZ4I`ICKho^mBcwT5`hwS$@t7-`xIS%YM=K(`=A4X^GzQ$%O2IJ
z<}!qVIJ-Eg`t!p^&PsoXX^F700QTJ8<WcZadTi@J&WE9s={kCZ&F8(}bq!S`Rlqg~
z4)_%Ua|?@zyotVboN+M1a*--!V7#1WrN7eF88715MQzK9fxUL7T;{2=j`rZ*-xs6)
zutGfYt86vvh{(I0zRybR3hSX$`LWZY>SwsrJ{`q|Knh_&Vu3~^MK|Y<_eBmWlsdCN
zAeFD0!Q4lb*zIQG9Z#V$Yn)}A;#4Ym`L+)Gn;MxWl9pdi@wn?G%GP|eFB3VJo(GLH
zz;SdfeJhmz-kdv;X2x}UL+@$#iJ4-&egQScU58$tLr+qMc<7zO%pJ$UZ13X~@>w)}
z?oCmcGfGncU1lDug&U;}UdBr$Al(J@+Ejz<*KUh)9-ET=f|&R|sz9Nk=bMjWm0L%M
zQYbSR6f{2HHg*et?VORP`8L1mrO}#gtVM#i>D=|_u@f3faMt;fSo@_GFWh9ZzAV~Z
zxxwj+9tZ|Ak>Tx~S<UueB&_Kw-L}xI=2nBJ$|4Pg;C>{RyXNKw+X+Tw&{)0hIY`9&
zzlcN2Xd;yxi)D*tEb|fJc&NYI`#GB2ru9<W8*TxmdnZ-%4o}SKlb#A4U>{s7ub3Mg
z=y;$}*ZC(zS-|l0St3;U2;9VWyMKd}WxUeX6JQ2A)NSek&C4e|m@F;V4Y0}?t$j*x
zfgdQiCiy%;@KF|4ytqsdUlUyj1L2UEA256!qS9fe%#HrTnN>Sbo$xxZPkxKt$Z{=9
z69UX7#wxNb;QbENujYz{SVD7*NHMkL+5<KS&9;oteS+d~mg~UrnJhJ7eF`u%7`;I0
z3n*fgoTv3-q@sV&Z0TCHt~Cz`x$ZxA=6R_q(EDRtFJoI2a9A30^!{=gSukDpcolHB
z5?|HhmAw`1Q;{lLvmJfuN~`S{NmCWI&W#DzqcAH;c)_GrMa!#^FI^Ef?_&)f=N623
zX0#pD37BcOH+fo`4XiV~k`H0Ak#4@&@*(4tnnqvC$A|c2BZAAQKBZ?2uy#@^2|AOD
zJc;VI^#q%e$Vq;Kn`msu=r5OQDd<JW3j?Kn7hhUs>iSxddN`9fnyYDygBLd2_oyKR
zZYhr4scjsQ;*AKsnlQy7Fz~8!_Ydt(L(vgSS2>l5_aTNkuD*9au`Yx!DwmAiM31FA
zglM*0Myg(KNX%T=)YFiJ4CP3nnYYgY*E>QDc%%8PgHH^y5#c^2z9E{22(cWN7Kp{L
z@$~I1!j&KGxhX2<cZY0i-Xqiv?^uw6s?z9dJT3e<_fcSsT?48HA$sR(vr>VpU_>5`
zbLphzEC|6o^}^*XWsD|sIhu_V$7Q;s_W+yBGe9<#7$l)r9%hSgSGE7hN%0st5qRD@
zQjOP&_`F_!C2hQ33l>y&phRB;fh8uIPIkVqkQwNNjMuwFsj0hgMU$9uCXb-GI?j=4
zmdBa-%n9I!G&j6KPsh7#OzgwC-ILKI%=4OT7bD#hI2-wK6EuQ-&R}u=A_#8nG~;cV
zB<T;Pk|oc6i19K}$_+6hsF7fx`u%z9!Wbf|v<8clMbqa1L{`71QNNw`N@}GGB0EEJ
zh6}%*Lc-V)HNw?)_|?)6x%kvjNh%qd-n#UR^c`rBesv@(U*Q%KuA(sh)Z$!a^!2i2
z_)5moy<~E?dw&`WrM$fO3RNkCuc9$$qGa4{mh6($%B77wQ9q~YZX2W0kdwr_pAb#y
zY)wV}UZ($eTrtKz&UPo*L()JAu3+oK6yt|kg&5JgBp}kLrC5brY<p~3ij8*Aw1mWd
zC4qhRFzYXwBAh;re-ba|DSZF^d@S<xDFHcqVH1t!V)Gi)ly}ZhX^Mp0owuvvGHLDK
zOmV@8@@x1*2rLg~$<QqB^fqt`x-%jT`1+t>nTSR{LS7)J2|&YIL2qK&twQXCbYmi?
zeb^>V-**-61-zq(Vr_T-B=o&*<l2eCr>d6I{&`gzl@d*u#kR;Ed@;6o`L4o@Xz`r{
z2bs*z#G=7MXdy06c;LR!`Ee;F8c*wKRPI_+b`9PdSeaR3r3eX1_BbR0%Bmy>KnsPG
zue+Zhiq>ECp95?Emi-gvaef*;4qWUIFj(k}h*3j>fHMQRlBO)jaJ@Zzxikov7(N&5
z{R}1v3b48*(PF&L+!5hQ+jcvX$x`fvl2={U#!3N^51dS%hGfdlNl#2iS-dd{bKNt8
zHBg;Hqa5U_Qd?kOdj(z~gKxq`fUBOHl=uE~u`nb0fpD}2`j(=YNR56tr;26UuZZts
zQE`FO8pfotsKf^Z8`7J30p2rST4urZA1sUpy+0VeS@Wrmho_Cz$t`%UE540}%)PxH
zfJ1$2|4?go)u!Q~r3Ch3vWL!H1+P`J8n3z|eZ}Tg8#1hfLY){ZPY1aP3mf+y%3G|K
zo{=O!3OCVVOFV?AgWg;GwB#2n6&~>^tYocq9s~RYQ4nN#oY_A!Tg+S7uV+`HwNSJ2
zm9G5<R`$L7$i%la2fUid4D(s@=(kfpI!8@0Bh-f(y-26GA+**}zD-egg)359IXa9N
zW^i4BiG9&m-g9Rzi@x3oA|7r%Y9dyAOu|q`m{pa$+J>t_Ta&An+JNESE;hHFlV18W
zP%e*AE3lA&^C@1G8u&v~MD~_Hn`+I2VuL!n8<}~Us!K0p-)Y-Ai=E+T3@+(K%r$m2
zv+yA>b_t!^qL<50?4N|Ru(w=lce78*Y2|Gv=*B(@EOmbRo0DyL!ZnY$Vp3AZuw4w(
zj+Fp$+=k*`vt{QBrY;d}Z7edb^)UVdo0WAtRc+dXi-CGNh7yp$dvq4kTjkv2ZWEeg
zC}Z)gOr?B0ZYNJ6Cl6k^I;48bKU0>H_UTB5yDG6$a$;48`?iG`zpdwaKz#jc)Vr45
zsdHCVNgUWV4Q5)5F70>ORdbWwiJIxxXXg$b93;=vtK>pohMam!gj(WIBU*u@_XG>C
zB#nu+wA*UTo2K|UPNx;_nDRyVL^7N0SqXB=0s#*WJ@(qTdJc`MrSgp1T10q|asf2D
z`Adm(ptN=yTQ<C=8yTCa9Ai}}jEcPiVA`TfqzBh$&j=OM00J6pgfws;jho|EK=n*q
zD4|A481;&SQ75nJiI}K|V@-sG-vXhhL9lROZ<~V!J>5l}_ePNdHv(A?LDB{B*v`X^
z;zl&w947{bF1L<*u&hi*sO)Tfg}vI#37EaOQMvo99oJ4^4lT^vo(*d|Ot!fJgk0I^
zH%)<cFMud4r`JItYG#C<3>@}LjG+;WGnZUqf`jWSnK@pVh}8lxNvfRmmey0Kwn#h)
zdW%5S>1vgm=!Sz`sCZ5IBx<&X^n&I&W_sa1Q9_6FD>VeJV$rK`?ZtCV7sF>HkQP_J
zTH9k>(C3*aT%vG+FOd}S!r0#`qxl)%@;A{a0kP9Az|!e<c4*WKf8UtL4icP(6H*r4
zhO6WCO3Uiv;n>09hSY_(a*QQvJYXE)*gN~rmfF<y7LsE#QXXy9-uQ6qVidbMh*wQ#
zEqGldzIFmMw{<eQkdp##h<QF2C9fcM1pl$>y>jPyYcfDSIP^8(y4Xdc=(X;;1<mRR
zZ@l(D!o3qO+&ucSjpomn4ZMulHxs;GrP-Qw{7cXQoV@(uI<*w}D~E;qZgahC>o7_6
zZD_XmGM?3Wp-aqIMkyaiTAZ2)n+dA2tN%FL<Nnj?<prk^*f3s}>)PktPOWLmM5o+9
zHrHRy(Mw9SMc1yxY*|TnV2s;zh&bh7h6LdOKc21*d1kvrl`82$c%qd1sfy#`o}|!^
zMP~#55VWY<<>h}q@8rpK(_d>Z-{Z=&IOrA7uFNV<8SG-BcOHc{sI?p(_d|bsKOPDV
zvnZ>BnvKUgpQG`d%FLLdpmIWV`>;&=mT3;TbLEf2&r(iRXZ9GZe7UqrW~S-@k0SFX
z&B^La;aTQYU9?QnBHbmutVG&Ckl+Bp(`)bwcdOs;zEEb3NE#&4ycVf(KFs-;Xi)Rm
zd=$enB3wBGCrHO6)kH&dbd8Uh_)NskwWj(mjx>Z@wI{S+M%4yFEO9YQAUPsFvg3iQ
zCZvj3ZA*m(E}v`qb_Gg)boTgroXYqk&+{5w%~li`%kV9zGHEfG5QE+Ui5<i$T&0p&
zv{qDrOXaO8#*b9cth5U^nT0Hr0GfVj8i%qYT#JR-qH+j%kPRBQC*};lEtDPL6aX)}
z&!Sxzh|sLa(>x{8gCg1YAaPn6tXs!XBRy5iW!dva@N3lRgHgOjY{xV=@}U!Pj-r7^
z^fBP~fTTm9UYL-HkCmkNNd1eBJ93{Zk0_eKTfH3T71n>)+9a19dEI;YM!mB64+0wh
z!nWN@GFN*XK};?DjKgkjzZ$&4s?v7vkR;!02M(;zc7S=ls(>L`G6XAgT}SnzB;AQv
zj;1AW+S9pBHgBR)LK}OO-%AvN|E^%J2=o>Rt=e`h8L;|a#j;g{q)}jYLlY(A_Qmvw
zX@8$&TwtsK11?^C-VJDQIR1))m6r9AULV$$$;Lgolln<&TvKG9_p1YNI)|zerC%;~
z{X=g{t+X)p?Q>sE(`gePoDZzsoG709S#ZEeDP23D?2+vD$b(~+n6SmRZuxP5-J%F=
z>%^jRVW0c-2udaM$QvlVYSG+g`^jm5P8S){;_JBuZ2ck9bc(Ql1htGx{S{f+h7s~e
zadUfdZ%?vj-41s4q3jDr3UVZ_t?*&aHCHDs6@T#My3^A3PL<2Rv}U<J;JkvBB>k6`
zQC*_=__G}Mhm-YM*n890QBG*{pfIa$r0_=DvyVo!n8e-;*R?$N``H5pI;8wfW_M>H
zYHB8iyR+9;KAv^|aV}z2h|A6>Haq#5EMp=ncT1hHQ~ZnYraoT;R&rphqX~3Mj$8|g
zN8ME_;ynZ6%~;QQfp+>+cZQUEijw`N%Dx93asR{uRM3kL<3nI=d(Id)fKrmYTU=Y4
zyp-QCwoi++9TecDIRjS<?D!)a1<go-R$`0bBbaQfF0-Z16lsA{CVk>97)3sFHY$%x
zx|SbR{mi5QWFMjM&T})SzO!A2Tiw&K@bYE@%jpodY(mRH1lA%#rR>?u;ajfV`nzV#
ziJH_OS%g_taMzi6IhpxOA+864`c<dt>@pm)V)*vl<@_B}L*-|7Gg6w>?^&d?AtJD)
zB}JK`>hy*tFNEUMZFY${je}g$0!2~YFlOtGlg?tP56NxPg|QMwD`^6%W=w_{7Ou(}
z52orsJQOh+t^EzKsetYh@ME7tIlmmZvYc)Xz+tQ;KkU#@l}@Tdlj!U(MX?f@Nmb?_
zr5pWfp}=i8wrk5M-9X1!2}n6|=s$K(R+{ThDaHa&Ot>-uqJyhL^9XCF1KiS7x9(aG
z%ZWJFkScw^2`YX12OL{kMvZ!aEY<YU6Yeuq>PZbR)-KL>=@W;ws&2gGce}L**&3eV
z+2Uq<Kd<Rt9r!BW`(yJ;UNpDe5S_HTO?eb%ll36OhW++i0BjVI^lsy;Oqt7eJJ!a^
zI~_e4rd-Gr5_2imB>I{bg~_~6udp_QO}wf@M>5OU;$TbBncA2f=L{f}<NS<RCP{pt
z^Lj51BcWM0sS|)oBD<s(n3l)t;nq0d3NwF3Bg(a7Ix>Jb0K%WrmBCCr;Xh_{&SYsM
zn9hsY`mH_OMsi&wQmbE<{i8^}Or-Z}O&3BWak5TGJaFe@s~K$kyI9mEQHVat(yQUu
z<f&BQ%VV3OBI?7J{a<SOLi2<ZsZlcY!}z_V$%Kui@cUeyGQm2PIL3H~q*h{@JqDA*
zFe{e9FW*AK?y&m(?&8rzgUM0=t@Lbw>B8<}CL~kmW0;i7<-l5YoqH2Ialv5dPHj+L
zQEUuX9hxe6d2Hj(+YOTXyv;fz+k1Udfc*~;$2Dn+!oMG4Pb(o``^c{J;qZr%M}li5
zaw)3xiQKBuk#zTIec_Myo=u-I7q4~;q9`W0d{kFCze+xE+LJ3YfeB|*SoXU`C>Va%
zuHY@ZRe6ZzEZ=>h>xGF40m`^c3o24cYJ`~4H7(o|S8acDn&II-2kvKly3{*;{h1-5
zYE_jK<WbOp%ptrAX2MOFSLJ9OJNkTIuga~aDwE!;{${Xwp45{PG%kLchLj(zO7=##
z<CTq*FA7;`oL@%l;f5DgExcyZ$5#f|G0#WpZ7q~F1q^7H_8~IK&gal&(l&v;-)&~~
zHSSHvqezK4gm8ts7O2XWO2fqNin~v32MatqyIKrf@AvsWDy+II%sS_kU2t{Id@M?C
zAPr!wpZRpHd&=4bQL=^PP<#Dlvzn~Tr@O|JK!9afRfw*O`I|I3vfr<kL+vA!Vwt4r
zm<r)wkC_;S^12LbOkZe2Q_>URRY5H&HPbh-?1C!$2XYUtSMr(gLXVe+z6^a~{qp3I
zX1Gb!RYbzg@@wXWfE7476mm*Q<_Oj*yh+Le^E;2sR&a!!FpE!jm48MRGl4^8i4;Dd
zG}e&bX?W5uY+cAt&W94?eH=la8uUlbcTR@mU1lgS_c$1oBtvgVMQ~|}17O4rah%l{
zV?@##k7se>fg}eS^%epj^<;9&U6nrIa8^N<>{xsep>^>SVKtZA9d-nxuf@)t4S`5+
z;w`qWyHZ{pV5>rB5P?oK3;x5~iLo<&V?8!R*0cv)Nlh0Jz5j#aTu3Rt)EmjIpP^QK
zhhxbf^|rHXmF{(mFxh2fWHN7kGU4lGn$*Pm&(WG1NV->B?>IlO?OxmO0D`kTO_}>7
zj_fVmgSJ_DQ?kXte=gJufYLoKL|`q>nRrSNnnS#3Yf`+0=^}G_DwzAE(cD~+vjeCo
z4I6-!$<?{4OFCPqbH}`Pd;|H}V#9ivsWW_~?$6&jD~1;ZCw2}fY7HFTx1N4AU~APQ
z0_zq&2T3Y&@r1P=TdD~WZ^tM<j?8b>2GG=;yvp8$PP37#7Q2m>V}p$-!>3BxbOU-G
z;rHg_M7@r+yJu;_Uzxzqc;YLmB!FY~ojg4gkBK(a$PVFm57xBIO`(Q1(NuSNQ%<&8
zC^}(3iB~am-8M9F#ic)EymGERr&BTSxrGj&&$U%POxD6y!NS(p_6DDsm+N`7Lcimo
z^3RSwpFWev?Kmc?WqA*-iVmSEEe0?9udI^G6`v(|1R3{=pm0@tF(u537)UIw%IHD%
zo?uW=y^K2*K*H2YT-TC5F7x^3YBM(gM8b>nLG{9H8S?7VsIqK#cFnrjm;!E&rT4N+
zkw)ic9kfrXJL0$M7VsXu3PVD|o<};Oes@(q2Sg26bM(Q_dXwjno=3fQqCVJ1ZHl(U
zoP_V^dGz`cwDT6~$W&OXHSjha6M$fcCZjC6NcWL_J8x04(@$LGUAs$}X5*f~NPiJp
zjM!;PozJ|Yk^}(3Py7w)%Bw*3121cKfJm>pr>7vO_7?N-RB;NFh?{G$A5{;p^S<!x
z3`h;{&cIzqc^BLxxI7<6PNgkuby#U9JOzk?8PEg9;!w+YjP-GAYxM>j>*L&y-peO&
zHeF!*1;*q|PglX$m?A5$Iwia-?#(n?N$Y9;Q&PA)S^`2S05bRGz-Lq0RWdfm23pFX
zSKT5=Utfg_D{m)g5}L&c>_9<-NXL}vtV5~`XUGX;+XGDXDaidD2(A&`2B9;#8<>VX
zk!3U~xKv(0qlhX;O1&;%Nb%E5iK>BpzprX(f(X%6Edu%A40QJJSX4s_ry3itzfFNY
zVJf}}{?+K7mSR8qNA53Db<1bmQqHVD8?5fofGsTxEONe!)_mN1`95yof-4T24c8rN
ztinzt7~I`7alF8=i8CQ(8!0y?01*oBu_j*%7RDDjOqDX1=w7D47v4U9otDj58cq9c
z4?N6++T%;TrsIoO^C5P^o6(T`!30gDC9yT6u1(Di(ggjA67JKF&+{lRO5x0HwFNS0
zJl;J`KiO;1cG(XG!K7?)zmafMJvf-!E7;=Rz0R7xSmZlg=j^Co{{6DJh01ljTxp|t
zk$M+CJw5NiL^<i~WgUV~05RLlm{Mr|NLNxd|FfyD;oE#KJIoBo2TTUB*&5jUL?O#v
zO<5c6tbCOy4s2}hQ${y)Lrh#`^f27yC&SiP#x|R|IT#sb=W4^mUc+FFkvQwmwM}Nj
zis8*Irt2#ys=J#*bD+cdaWeX^9G>u=d@aQ<PCu_dYx^Ovw58#9`QvZYJ1R3(3qi|8
z<lrTZsGD3CG_})gSGeL0g}w@Uan!`R^Q47FXF3F4`=LAOARe~pFM&99JMq)eKHSdK
zS1->@k(+{Et3=BFmk@`gwq6%tVm=FAvvBEu)Ox$bEwXS*9d@hus;?d%`eSjLEh5lt
z?54M_VzvRn<t4<DBF>F8J|=8pd~n7-cNZe;Gqh3mN}ua1<Epd8T|8ao2PDkTWIc8}
z(x?Kv##+|+q?}VjPI>nG`UJ<1F3e`*dZ^PcE^d7#HrzdXIMMfW?1I6M-=x5X@hnlK
z8`QA*`y=gpMhYo+Dg-aKe3<g@QJwMAtm_8(1M4>3#Bq{m#7-%bB7f0bo@MizbS>N0
z^le#^N3_$DNS8%tgLGSsEi9~*2XXSz2l+8;<CX2>zkf*u<%GjsJuBDx3~;p82)a>w
z`bG<O+qE72gES~q)9cecRyKJalQqykW@{spiO8a|eVr&<!0o&xf9-R9+ck46SDfA-
z!Zzw`Daja8l3{rZ`XDr~(XKyV#|$@2>$LlR-Iy``KDq!_rR|M<U%<)xV(9fBTif+7
z4kX+3u?kZ-Up4k;5&sZqQQr)D=K{=RY#0<SjM?TZymmh)(MKi(xe}W_7sPc2)Wbc{
zRiILPfU`$Il;fHbGkoRWJfUB~Fn-M@%!;evpGB3^Y%I7fKqU+)9iZfJEbQ*=EEtXE
z0rTkaxsXBknzmOXW)@;8X_N7`UR|pb0I~w<Oq#904@P#29aMTf*z%jTF}drUBe#GU
z9!kCjVDp~!Cz83G8_gx8XYKDEws$5?D4a`-Wp`jZI2gg$X=2eI4x4gRMwFHL97<D8
zyxLxJbC`uVw8z<dW`Fhy$RaYcq%W@$#cZ$S0^!)(6lmPg*lzROQwrFXm4&(0J!9%r
z$?T!D_138RQpKwiG<Rh{UrD2QxFKt!VCarb@>T4RRcMMw|Ht9)07}^isBxCu*jkra
z@tJ_28(CXxR~ac@mE`=fh2aXPS@=+|p=wzPt_yO1`M}h&S0e^w4~8XD9NwM_w85X>
zELgHO&J}UJ+wGLxvyNd)Jz#@Zn7=;qf?(5*|LQuvsfPeccZla%d$sCN=7;Cc<h+Fk
zTW{jqy#!Z6yJ78}r5`F|(>X$-A<A&18Bvs(m5$(wQY#_lF*4&!$dU$qGT7Skvu5Ri
zKv{JgUBBRI-FD40?vbL&cnmXDWn#2ql_<J-N4aq?<7CmA)9NmZnyGfW`y-DDS73Bj
zg!4tfV77B^+-Dw1K`TC;r0<-7XsSp8<n-8!A^#hS)w3D7p2xR-ZwS;*;KST;^`8dm
zx$3d{j&(Bf4~40;(-Fv*Gg}jG!|TavZDtm%ySW?atOdCkaf21@5w43-=*TN<p?5R^
zD12K?Jhm6hVvp8{3V)^y3+Lk#x#{a#Hr`T^C8PLK*0+f_5w;DPSMq%DLr8e@&DR%k
zbRK{HC3b?xaK!VCGHDgz3n=mxl}c0Osi>Z{=`M89W^hRLokIU9k=a$%XS|JE4K-;@
zMFwjb)43i$#El_*c12Xm-9mbDSyiX|daun2ELDxYm<pBu>E=#)wIB19^v>LF_W-3t
z^@>LqLr+(ay}kb9{H>r+{+6&hq{r)+$&(!}e`E=rKY3-*&SXVH*+Y_FB$!PL_@~02
zK4*o`hNW#`J<YpCy4T4wbx1BsQ{uT?d^D)xvmAnKhAhWYqHC%3kBpM8SSVR1@#Fjh
zCzq(c^Lg>^jnUKZ6DW3F?_routo*@-lVI8mK*w+9kCVH84u&6(Jz8~ZrWm`P>K&i@
zwK7l;(<X+>feU&blE)rNpJ{PDvpU$eS9td8!9ma+*N=@m+?$8Z)Ji^d=dx%yIy7EP
z{4B_b2*?SXg$oOSfTyPO7cF3Zui|BMKmz$<9#cOAnpvg=Lc1P=j5tlCaYf3_iYtOK
z@8qOWHZv6Wj#f3&O>`s3aNA<enDru3qAI%~mzPhcoG%0k#6t3Y!VZ}OxXRz--8<yE
ztjmzbI7tA$E`?nD$^D=Z<%<(hH)mQv_n%lmfK{9tmok%SLhEv5NETeK6=lvR|MYH=
znIP+rb3P-Y4qS*wyKz<pP@AxJ+F?kjw?ey9o6Q?`2mXV3se_3nYa;mgI)cOQ2VZ2@
zzTd+Ryqc<S=j!G<o@9$%{8i5QL$#+NkIFIb=mL-+Uf#F^yK_owowe-s!1vy;T;>*5
z!JOMEA<yfs{`DMB_Y~k<7+AvB)|@=y5QGUEm*C0u-?%<<3%=G23Opkdt1%`~>47p$
z5(MKtEwk0bd)O1o+5WXzi^~X4(nhcE-oSMtt(GYNf_qhY!>o_MjDNMtS-TsfM!Fv_
zPs8mDt=SowF$codCHv62{`ka8mv=#B$;o}|*;_pu!tHhfUMfuNrh>~bP$?fi44Ja^
zaM?HT_Ls09Rj`te4;J6%Ls-HI)To;i{om3*sMs&%^-$SNR)Q(Ty-}bpZ1t#+KO_$<
z7(k<zK#ld%QOHaMPMR-BX*R~HwBFggnK}qjtt3?*LtxE$$3<PZ-=6;Dx3(~Fy<p!N
znLWT*o;&I`dcNdjB3Oyg#iemecf%=sT!7|Zux|BFSU2Bj?L340$#(y3K5Sc>V#K@;
zbHNRvv{IJZaKSoVFHQXH>7|Lq8ZMB{(h%bn>kHBh0(U^SgHE`r7=w)F%q6?JEAI^~
z&o~Wiy$}5r!J~PUODu}-P~jxmbsF`;KtE*ap~ESVvW7@WA1>^T*Pxc(9$wAHatI+T
z7e{~LK5MDJICko=1+SGBTF`iL(CKD-%?Pq8h+`skx8L{fluA$do-LOz=UJRhObPvU
z;-jeJc2vY3ELE_7Qce|1eDie4Uic;|3-SaX^RVqO@d&(;Bd~F#0?oA2K90K*X4LNO
zW?FNbF>_`j_KFT6_9%qX8L?S^^+-ZXVheXIdnU2R$M(3_(SpF|^2KgZUPDGfO;S0@
zmY9y_ct4VNwBQ9s+za`vs+2L4de>c$FKs=uAOCB6aNT7-D9>y0fPUMSuG^f&s{;4q
zPJG%hrHzdrrdOR)8#w$YE-@nlNl_K(2jHs%|4;%X%#`7ZJI`R$N+<~gWR$#8`=C#F
zu$u>^gYc}cmk)7z30^sJ7y!BnnL07=!feB|rsG*@5hSnfhLZ>awM)*O*f9~SPa2JJ
zT;gj8u47v8E`jn)P_XY2)da5Zdu##f%HS9bkl#0o)<x~1Hmkr-NF5TLl3|B9K0i2^
zIeF54$k;Vle7)3%Y9hBa_7=BCJq19$X=1C$aB|girzwt84NC3{Kd!<&tzSuuf=6Z8
zkW7)i2(86NANJ%_I|Aab?Jx7=J=0Au_QdEFR$D}*IefRf7LF+tG}Rp%m`tv!`0^YB
zS9EtWoA0j8-OQX<c1z~VBjl-Vch}OpRNWU=nL|d?*NkfI0(HH*Q#HI#34>T<`nbW5
z7;0pBq@?70E1Hj5=^JzGMRL%M(6`R2tsl>XZV^Brc&Wt$8LbHL$LB?VM%&1}ly5ga
z5NBPezhVYc+!K`YW^p)SAs*BbVHE@^4uNABUjYOX=!hZUjNhO{Pq0(g<B1Fm0UEx_
zLitnyyEe|isNx3Jb3J7gVBPDvsGh=nCjWh<Lt}`hGzkufqD0y1QlnNgBaDu;^oHqP
zLf@$}WAd+utJv-yv)|sc`EiwXHT**<%T?R)pt>x$K3wzR2QB~_{Vt#0Z6*5fcME^4
z?J!L)?pwB}uPbA`>N;%sX6`j3w2X<9v`9EM*4CMa`fN!jQ`KgBCNUZSH9J>plwh<=
z7BXhb(%7h`TED5}3X=Rt5jRoJmT#dGE@$C9KQg@(FS1)0=SCgXgf;R-$Q}`Rw|WJj
z<^AB?hUF0UB<{_f)TMjtJYNeAyrxSFuf{==zGEhSL(JN-@u|+;+ud%l8f?r?05h&W
z{^BIuzXi`H5MesrUAp;4jZ19s@3T2msp3~Pv&HXN<SP_=yuRqsnLVIRXwGF2%T_4^
z5Y#~(dtR(^d}AH{`Dh)UexEK?k`975$Fkr&dyzC9WW_=&CGXeAGn9!7u176%wdcOI
zf4i>AM&y`%J~N&?boXFy*dJ44dn}4CTG)EJTZeg6wcVxo>G?%OhI<im<rYEZdrAgU
z>CiVh_n9z;+-+0$GIVGfd`xOLPEwEb^+HL3Z$cfE1ns$5-UIPORl0#wMB53OpQ{km
zJ*<Y4RXjg(m|T@Hg9t!naxUK_9hYN(5+jn##9|xNI^GB7c~vLCgOx5T#0*)Dk!Cwi
z$&Te_C1}>=!F}!UZn2WWX`ic7mTSbk11sv>Cqj;(Cog*Iw&%D3_m1~y5F`Fu?cjTZ
z^?9Kw5#%$;l@y=trE#+#R~LXREN`tBekVR%S&E2Q>c2EvZd7dw%Ibd1hhEn3bi9Rb
zGzE-0&{^o-qpU-~J$M{K=`?x@FYh_Wl<0^nU@Vz^H#;5sJ*DdT;q`R)TY#%`85Zrp
zP0g>&*jmq@h;odp1O}<#Y1frLTjo{Y-MTUcFf%wxj;7h_Wzv<WY(&57{lV=|%N35k
zdG*Iu)!B7#oy_@KhtEM%x7ubvB1%{jM#qEd2{%xhe@1B3+IX^ui86%&3e5nK75V{d
z%AB`IdQSUMRxH7H^m@4lU@^I6T9L$Qm?M`W&=08AuK@5m@GDRdj!KB3Y8>11`@f&%
zQnk`*2(cGS;?&$x+*2pl9Y4FL{AyS--|>0i6}xr(UTw^Y{qbgTB=s}TVtJk@oEu!W
z%N@?6lx~~}Li1Q0w;de-eNc>6z_9^T`38No$I$}u7UW82Zqp&TP7-CLSONf<T++>$
z8zkB62dcn^HcOFT%PSn8VMkU^eF`e@m#K{V917$R<N|dMnm)Q4Vw05Hs_v4NxBR4C
zuV25y_EcdHq~<m_0+m+`Zv>|~3|FQ{IQ-s!PLQ*p$K-pG^i(~UL~C%Mmgw5*nX|xa
zxZnETH5O`*LFENzssM$6M(upyX;(S7pMLX?50O#PR<U@*vQkjQ^@R+fvGMpomYdKR
zh3h1G*{+X4i~oAaP0u2u$`n?0M~TP6YA+_si1SQi^n~%{BYh)1M60rTot9REW#5M^
z`j_n$12b+X=p%>np*;^sQ2>?N2E442c^u5CSakz<Z-qKPj>*u))Ou^pNMl4P&()uN
zuL)u!>)Nu{HAe^5F;n>_?w5YFzI*wR32^L3`}Vcp9%|=ncYO&8a<iyqc=#qLM_V@C
zW-P|O%Zujg$qcz`F|$V!his{EBYFi|Oo|f}jI$xmTf}RXPri}{6q)%OMa~+vAKoYv
z6z=2mRR(poxoLcbpWD%Ao=J-rO|MKS+>$VK(<4f?3ewa5>>uS$c_ea7PBN)$*6$_X
zMBn8y>qm1QX^prQEfbGYvn=I1HE9We)li!8`Wk{7S)YOozFg5J#!)`G=N86*#pl&T
zw*i=^;A(k1Q~&{@81)fjP0?hFaE8*uK!$IJTH@^qH(%vqD*ro1Y$eD=)6SI$pe{Vu
zv+Efi(~)x0>$^RX(G#=%6Iq-TE5bWJ-g{K)`12=w$Ld0Y!l3y~vl_jROf{|tvjxq$
zsEqWP_qLl7z6s_b!((x%xFtp#&Z}fBQExJj36%rE)MN4bZvwh<oNqWQxkeT0Hngu!
z@l&7uu*o2|>y7Wlkv;~AC84WFKsP!{wByoAYdDLwg(K&oh}|{de^5p=<+;+h!h?}=
zo6O!$rzKEMCp1o<?aC_Y79QQfkmvH~oh>5`CmS|pK%+&7us>wp=BfY9jj}wsSKTld
zH#<y?DQ*WjIPYOk%M6+R^L$BfD=4f;0;(m^Fk?+rQKARc8KF`s{A9Oo!hY=3omB8v
zPiLLQZ(a+@#oFyLh{_1Ai<n_aZqGGAOZ1L^Cy1xsvg#i{JyS&Hd6rf7B%UwM;=XPz
zJxYSWo}c*{Y(FI@UNC3Hw8r$YX@YD54!N93ECY4oCWZpY2#4(JQgs5TuQ_rn;TQIs
zY+k$ZP`Q2ZeQ^kBX2;8#D0ho4St2noRz{Nuq}A{h;@;viLNX@eK`E9DHpB?`poJoC
zMnl1VhN<cgW%g=(_+qF(<v5aEFoxYallR5X9R&L?dh{dbKDIe70J4ZL$)l&#N1pxI
zw}U!GzNCBUiGq9I@NG}0O)5kwEnL+0_>75|!hO=6)M!YZu%#rqW8Vy+D9yGeK`!j>
zkm6U#{m!90IRDnoENZYENs3`X{<A;(0HL|d<E-kPDlp-w-)h;HOhI_q_br5n`?g{u
z4oh^E6Q!I4QDf>I&7kLfL$!j59ubsnU<&5Ak~}9#nH$PxZ7Z*Ea54dCp-6UzbNfv^
ze&TLFKmKD)vxoK)z}L;2XVvzqzO4KH{>Pu+`KI7M^^2e2XErSnt=BFUu5Ft(*E>8~
zyp$>&Q`a#*!YYArjzKrB{T15(4{i1Weemh~&ArUkAvwdGp9f+0O85Wc4fXSyqTX-*
z_w&6u1Ghlr#q8);H6UmnKdzGbApiO68)u%C9&Ka(eOLbR=AZvOTo;d2*4~@S!-2hO
z$bq#^>!zO*``5QTg!hA!Z+kUe|Ni{1>9g3ax&LSIktciQ&YD|CtXcnDMg50AZmeDU
z@4p6RVygT5n*L+(har21fo1k9=4$P|^3PW{mjBC}|6}_9IY0U0J-S9UUxq6|*{vo2
zIh((T_CKGBwvM(5|2)$4-zopl!0XLd*~I<!e0x6F|NQP>-*!0uq8t9-D6==ep@<u6
z7s1lG*Z`2LAh@c3{eRH`<WTbdFRbw&)OomXj}!Mr>Yx4lAakKN%4Pok;P1rzCw0fF
zZG!%Z1^jIr$$NAr7quDx#r5^`w?w^T{`)fjVl=D&B_4u)dt|<Z?kFL*D(>&w{rlVh
zzG>h8olpL4w}wIh-1VvK%O0iv{+oY&`sXtK_2BQ{`Z@A*<vmSAmvi>`Z-Z>Ir>Xz1
zng3J1u?LF-f9~rn-yVG{%!#v_|Munj$D)y_{|Afwn{X;|?m_le{L+bu|0JXX_rc;5
z|AljYPT;@tA2|8~2EkJ#%;LZxN+(`8JpZ>D{f&ud|26&p<W9{!=s+Q7QA8=u2Jt@<
z`frq1{~z)H_ve3o8j7g*n6^@^b_mRkbo}qc|H5uP{P*4X`?vlzxQsebPvtzbc^CfI
z4&OZp#s8B~|G9!a)%Gurdq&+mLM$F(i~GAOtREGN?En9ut;5MZ%3gHK{>LCiJ?z$)
z|Bv7QoZ>}pFv#1$dy|m;10pXR{x!va>4bkQ<o~`m;Em7NUs%k}x?}|k{C(L)Aw1|I
zx+SG{m$fi_TbWew&!G+-+yO{`p*QH}`5nXTN>Mp7M7;2GSHF85RAF{Rcz6T5wzKZL
zyB_plC*yi;w$iha`lC`#;=ej-5UzEG52dX%%V9rUM$BiZ2odYfs%RejA}s~>qnvkt
z3bQ-2D!zs)p}^*l84~T-_ba<K|FIW6d!lUzgO)WN{kYi3QSCjv^<(HZzeQ=2cl4K^
z9^M|C^s~d}Y!P(q_;qY*a%I>@1&C8>NR*C($I&)CWWQNZ{gldj<^0hIwEB9>^*Uz`
zdy4{EyzgdwbtY^=k{rDKQ%>sn#1=n9VDh}b*ju`)CvWeJitN1ep0h_*-&THNR3gB#
zqqsRdQ&1aP47ffkyz-`1@U)PnjT~=^`+nTm9yRYD{kYl*r##qI0u6@e-*ID}tOI&2
z&^rer7o(&3sn}(RZ}HY=8<mn+((ca<7d*YUybsRF5pOM37ChVOdwme+=bU`EE_F@K
zKKV=F>OZ`yw}vXbKg9TQ%Sox7nAkHV{g)1p@S%ze9T<Olb8NPx-SYcIdu-?43wQY(
z1TY&-BJ*nt!^6tEo9)BJiY4!XR{So&?z2fo&SMwWv4z#tX!y1ChNblIy_*&};&*#1
z>dLCeg%;!={4i$rwPQW(b_}f@(vW5y1<9tZDZ85~&v&=mcL!NhzB@M0OAF^bK3!bw
zqcNI1KAjmTRbaQy4z7>7H8Q+2H(VuUK6-@SzwnmQLpbp$sS3Mh<6G`M14mXZ3hNGl
zIAd=zGwid9HvITFU+_m9J|u7+-137N82I6FzD)V$mnw~2X5nr>tJjHTxc=Ml;%`G=
zoUki%9eobBf09Ls?S;b(*UkDwr`-k61lDn=KPjey0d8>KJE(B(%%T)wS!##~NvR3G
z>R{0kTDi40N4Erh>E!NbV}u(_T)U@0rgQ!`C-i|2;u`H<y(KNh^X`S-VOBdo4ZbK3
z8eGBDr#!Ncd;0rfzvpMw=q?kOFBG4!hhj`JVVgW(xI-(<AYE9Y6L#pClTNn-u4UOM
zv(EUQosNp|v0i8MU1ZaIpOuZO0ZnG<*qL~2w$e;mOcg(2qdAxQ8I`h4g;W!^stNSR
z3R*0RFUzR4Z`n^|d*lL3@f{2)QvHKbK-mn=aoWT=&47MAkmq3ei4o=F@S*Ow(n4<7
zdS(0Eyw8+U1k%BbX#9G*{qg95%=8O}JFbRXt-jl>^Q;A5Ur1eaR1_e#@vHj1eeqan
zdH>+Z+wT|mFL+U^6?LTm&w2C7Hht7W_X=z6ME&XdRl&xsVEe}c>&JXQrEV?iJe2%X
zoj%kQEutq`sIX=b&!2y65~|u8?#EI7hb5<HY`C7f=b8z1409I@2qumssLIruP|jn!
zHnvyV7kq@>Oj$(4!QQ|dcYivDMYTMOljmD?^Gz27Yb-t89sFH%f3VwS?-~8-eJ>(>
zx5tMnu=I-gfPzq`Kk02(3!HyzIQ9ES#@a(`pQR9_V5;+-fdtpDN((jf1<z~kTkpY+
zh)jwEu!gt44A06>uydDuyuYUzECTAu$era6nnpEaCt9EFr1Txb{%CzsBj*;m-5FnZ
zcDi@`c%$A(6{U7Qi^6;)9ae^w@|8lLo}qXRG<%LxuyYiR%xL}i%lGJ0i}Kf8e9ogN
zyc9_JSmKY>jG=X(_VrNY0oNh(uJcojLSGhI9u02k&#&$Xd)i$#85bg3l~v8icN((T
zBpJ;YxF*v>RdtRs^B1{y7rB)%E^?i&cYw-MDXV79IjPp=t*5FoQ<Do>rEV1ot&+3U
z7{t6h6}I*vLMV4?Ls0{_<8V!-pkot$%>wzTYQ1)02s2@XMXd`BF9{7T0Z8_Pquf=o
z-8~8)*r#eTZZ8~`=h(!I*xiWGQBLX431?>iAFlqxk?QyV<Hsu%g(D5?93({|LO91d
zMMxQyviC8w_c}<jGBXkmib7@YdF*4KW7Ki1V;mfNW*+o=o?f5#@AvzD{{YAH`Mj>{
zG4Hp>_0R)0d0ALt-ow>o&%=bDa9^zGq($VYrJ7aFdt<5=&zFYJ6N3Kpj&~KNTn%30
zKEAq=Ia+@Da#h3;@T9*Zob-4rpDUS}TDb49q^qMgiqpLFPC3B{U&l~Mp;*O{zUzhU
zAL^Bf)f+yQLmDy#b(_&n<M~o4|8s6ljt`n-*RH!XxD`u176ER}^TGw}mPuU;MI}gG
zBMMP7x=PrYT_aFqrH?r4Yh%cKz>t)`mexteUOm~H&N5cDi6?2pu5s6{&erYa%DH1y
zaKoL69k$3MlX$6Z&WmJCwxm3J1=&cov!2(_po!DPDnqe}Wj)lL5d}|UF^PXqBcyR<
zN$*`$!Ei0UBIiBF)5cA3qs#wUx@8Aeg91gEh)^nh?*(+?+rRvQTl^$eC8XXgbv=+u
z=XQ&H`t0xqeYXQK?AGqXjVC*Gnfno$Y=QXZ$RPBi1M0z>NXYo}6-fTeuuE&6RdpWJ
z|2}>U7_-BL@R{WSh>S|mH#i99<XM*Hv66zGo$vG6Beb)c)F;;M20~;{erX>6TDZPV
zf}fDG;|^gTp(ym!Tl(6u@p;J!s)5Mf-MQ>Pb#_*NUzKNADRZh-PbItR3^z!a+U0D-
zv<WPv;E?nCNtu(!6O)|jk>$M9*dBkw^yvP_&XU5DHh%eml&4>-=#OVaPRu)+UFyoM
zvsdpi_1`6*U(~xgY%XUPqBp1B<Ja}nSS;Z8+_fU_c4(M-!qb3%hS!am5Ok&vGt&O3
zwe?6z#CO1(-QEJp5hZo<s?asbNHise(_jks&*6%k%!o*5Y!JCVy8=G7j3l>IAUjR<
zA*S4tu={1qNWi&{$pJPfO^;}0%nL603EUhyLE_r0PI2h${a+Ywn#*gNZ7*zsgXH5t
z+<i&#JvaDp1K_BdMz40me6&pa6o4Sa6nvxqbv%uXUy(LZdlQd9rvK)nE#2zlY)M_A
zffYby6RiU-<J}T76`UXY?2cH+hG|<suBLUYXmTnvt~xli8nX_#>|>ne3!<0r+zX-p
z;_&sR5^B)U_9PJco?^=)^14L5z(Pm~DX|H|`Dk=}K?=aO8%4Alw$s-k={F$4t{11B
zrL?|xyVJq?BI5FPZHm0rw_X#izAgvcJ#-!O9o>3mvh!*p^JFp8(^!A|H;daD>*pG`
zJ2lxy8l79J$LEBlxW*4)X*<7|OF?=`T`BGLJ45i}A*01-?p?Q%qhjvCk6Pif0U;q*
zx`#4P{={e;Xk801U%aSOtw82iOk6a5&KdYeCGe)M;ud@(h$+fHv5QCB`!8j(k<!e4
z)I9JVbKDs~DNSz3*UC9+<pD{qJqIZs);`v=U!1o!$qC*R&)AH@R?tlpw2;Tpt7Dku
z-sjQTjNo;-HJ4bBaY51XBZ`>X*%+m>NP&<cl*_!y$()HYKP@TMqrzh|_NX(~UQic3
zBZ$u0p38CgoyT~8p8B%NcdcU(7D4d&m*%^VTl%hRXi%-Zj9-3&hP18tk4~|=!l##j
zpum)Jqxc(E7$QVGUh|6OIsgZ~<A>*7Oao;m%pN#iuj;C9W^}ygDA_P_&2kbrTgzW@
zK)i${kH2k9`qF+LH_B`2EHqX)2~pFKKbYNQ44FJgpJXrN-gran4&R`G-}7zpiv$ma
z&OK!E?ccwEt!g}870eVZyD;<3iI)@|!sNf8*v872P);N6<bu<GWV`HJI8bgk@%mFp
zI%BDnh~$`J<*UH|6#_i@&oIQ!D~H)QdAEXN7Wj3Ttc^_N+E2;bf%vqFYLJC#&3Nf4
zz|Rs>BQb11cpTu)2q(`<#N9+lo=HiggACC@)htaj&b^gORxF@}?>A3)1(3aBoQgCP
z$g(8HEnniN%2>B&p41T3$EJsUAi!7ONMdqq$J>~T8Sj3$nCr!T(5X_Zr77pp`(9CZ
z`^tO&tg13j?ZfXp$9yZ!gwr2eABhwo|Lz6CJv*GaHN<&I{oG;QVOfY%Ovj>`a<e>4
z>^}d-kz5XX(1gQzAM_;iY}7M&O^2|0Vjf7|tG{k?!OHr6hD-eP%?CI(@>5<O)@gM|
z*Mzl1EsaIUIQ!&lnZ%v@Mj*%%eFNR^R<j#}9{Ygxv69^oIdJkFO2Zr|7%f>N1h)-b
zNVE4CCWsAwbyqZ?q3@vB|J4G_WKWglE`p9p<EF>!A+YTM8t(n3B$3F(;}^;3c=*>*
zm;3hvU7pYxbC&*g3AKkYFJ@<c+idR&gC9*J0;9>ZBO)VieSxT(BOcS=*5||X$Yq(w
z_K(P+Xa;lQbfW9vAkTG(;qtRT+scPWZ&~X<liY)Go8M5lok<<d6~^OUrj#q1vL)Ld
ztneycqj<T*V3l3%nDng`k&q(foS+PdZ(h`-Xu3COo!{?WStstIz;ONhqnq&+w483=
zYJQ`B7@Cw#6NYNf&jLO5NqE5bKI4I8yOp4)=>;ue6Z>P0$76NthlT4)hD^gf9IdP-
zkSW)T?<E0MgV5WiEIY?W2Ge}{+;_DrJ_i-Z6nRt`kDWOwCKD&_$?jD#ROVQ}A(0a%
z|K|&7J4*wH!yWbF+%rb*9xZ+Op)y#B*Gp1E6w5{LYw)?{?6&Gx)3tMbm(XEb&et?t
zuFco;#+PE-6L-pU<qELf?*Hs}$JsLm^DE}Ovwi2%#2W2hi?h>l%X$}YA9T28^WbKg
z6HaRe`Vw0<Fd-ptqhtHhx-O609=Y8=N7$T~YOE1&68{krq`|o~e|rdMl-@K)O!Zy#
zE$hsh{3`mCZ_EC5{ia!&)d$BiQ?siFqqx(weEySO5G8wK-b}Lr1BOAOZrLXvLMs>F
z$maE=$}gqO0n}7;WOjhZdEBMLL(&3eEabak+RHvqJuhC{X_FAUn@+XkfI(PiQ%cfg
zl}F4EaywK$_L;eoN$}wnAu8y0>+k%fhSD-z`y2i{z{m&=9V2e~5`*y>mh6?RVH<n}
z7yX?R@47bd5@;h}r6VA}v+MtIs|Ppwm75GL3)3oCOsg$#-j~uh_%zh_J!<&*4_LUC
z>R0Qqo*H62`Rmf^Bd2YD;Lc7%EcDMX(xHG94YA0m+>}e4(A(3EboRVp+}r#iqhj8?
zz5-Oe^s0zsCS7uTGsX)t{0Ob=ylgO8JEU<2#;?fpU!BeJ?0g^hZs87FLw?Os^63er
zId0DM11XH=2j2MC3HEdnjTpxMi&RDO(<Nov6ukTz5Iq!iNDVYNGnckhp?3;M!x|(@
zy7RBX0yP7+5@cvyjE%4Bynx(sH553o9RKpQRZ`Z0<>S`;ZIK^Se%VBMBh+bPz}^K-
zZw0U9x^YWc!y`)LU&<z#cLm;cHiVI9o)76~N;?AL>~rv@!f|nQ51OD}-2%B$yAMR(
zPP^bQNm(V4vPH*uX8hOvCS#7VZ0)L3b0UF0VT5w%yW6}AAtFe#4h{Z3$Hlw8E??Kc
z<5TC;OQMIOG7HR-6Im_l=j^99h#cd(PO?!*gl!FeZ%7XQM-l$ZWq<#-$?<QOsK8zX
z*OeJ9MJxx9+W1Q!?s8(Dxy2PF5IX*a!Hq&KX8lMDjd0Jz<M$$Ikier&K@WC6|B|yA
zg1vWUa(yAyrGeUd>8-kckX1h*QIM5ZFZDQ72$JIn!|HeN@X#_)c(9M{qjuFR3<Vv~
zvo~i1r{;~IpE75R`&rnMO~j{fw-mC&lel8;bibEAM6UxGn3u<HRCDBp0HF2p?lYX6
zY5*c{&TMZKa-0@zOsWNL*?5J`b6$v5bo#XXS0`{s$7^22MMKKi{hrjFAsk<N;K>1J
zZW54H<&q$7dEr)586oHVD~(o**PPd%5$+%jd5;$;0Y_UP1E2Ed(U$rmIho+nB$X>c
zO2gwA1yV(kJJg!_<MOJ{LD?a6*}hYHe7se(Ubt0{fy-LN6HJl{yI*+&@fp?v?Hp+V
z(%RUA9=*8DPU%tk*0OxaqhaqZ%)8ezS5jC~=%EZ1!2E<wKfK;GJ%qMgX3Ilk)x#pD
zZEV()bfuY{8ZO9mH+wmtoDaaDUR8A=|BjR8t4JGpT%YI)nBL9bjrlfnE5(i1p}-9L
z-u)c}F)~%&Jd7m>%-wy<UvnLi3+ouyH{R>S{a5@%oDK>}H&UbHGoyE=DT$7r3`A_C
z(I&Q+s-uD?nwfoKxcIKQ1dD3=)6}@fMI?LOiTz7M3yQL*XSz})QcJKQyyR&6cI?ii
znBFxp3%_$U@Ynk1ClgWrkee3b8?b%RX|ZRn^`a#yx`4{wo)6;aGWtv>vG059*Uo3O
zOinQb2z1}Pv#hzFg&uSzOFikZKIM(|8D6_qhtmkeIfNKQYYoVJV`!h%Z#mp>cwvuP
zR81i5BQ`B)FpD&}G-if`LQUwKh2;8p@31>P%Bo{(3y{z$(&ye>LG{Y0v&8B$=3V8-
z(BF^rBnwCR93JLrd>Z*>pk`YpCCyT!yj@r!{p9d?^6zoXmnM(B9F3IZO=`vCG@Zqj
zD?yAmiU&NpZrGhxFO|H$yxOAEu=I*E_nBKNEUmdUEfpll&fk!vLaWEC3;%>GNbc2S
zn31fFs+8=<D_Qg<;U&oFUKz7C@5;?~&)-JuGJa&3bMI@9ntNw1Z@rQrOg6Q(#Ob?z
z??I`tj9g8l;N<qkvC<X*??cM1D{yet2>p*Klsqfxc2b=AF1aDcrxo2DFo5nq8DtaE
zzyvJ;xyU%X-73@O+g?_TD`FEUlC)xZ@{>U;J)OOy9Vs%MZ2`|ABSjZE-=s`B22#en
zh%<XLVU?r&g2`(AKymKA@@g!*<|>Z!iEDhKnTVj~<k!}H1Kji7vX%4b9Mef)fK~BL
zil41p_N8gq{+4oM13ZI<f!52Oz8eFG8i7dg)ERp-6mz~E?45H~tC#7Ty0@gV#yRis
zp`gvqhb(^lVN51z=3{QUHilBl@r+yBcOYh87kx!F$2A*@!H0JuHYW}z2s>Z-<!s9h
zK3ot}wp+gI<kN$NcARv8_$PIj?!7=AtIM>(LY?0}&&~YMnx=$)v*H}x7e$I-JyS6;
z{B(xjjBv)Eag2!hBH;H^>^JlA)-4WCMUNgWE^zMgU{ay`t$e=k;Dd`78Af1rw^S*-
z`z7B?tw*Kqmgt<6t)_@;vxVK5XCV~(r_z*np#|oDE1GN3IEcm`l%9e>@_b<f5|SdR
zez|u<EZ;GX@oc|voe!kQ?&?>**n2?N+DD&q?|yO(F8}nOFeB;NoDflw<uHj5yDlFU
z`1siF&qG^yw=ErRI0D+HCMdoSX@Mr+PSygY!NA4V);~AQ{D!$I-S<b9TRI<>Qd9!x
z_&H_h?A<5U<YP+A@Tp^w>X?9VeVy82|HY>qechRs6wy$uG<as#Jl3?JDC0WmN*EYd
zyDhf5sg{-;#g0Kp3d9hxroG(QY=ZkQ_PN9_o0b{r5fc~iz(+NZ7P0y{hO(_U-y1Zx
zlqL;0T5Ha$^HAcqZ*6n1;|fa}WPi4hdwCu~j{A~PKIZZ*CVzywkG^njlyw9JmAq{b
z+U3JEqn$FBKg>1Ro=o@BYI&6Xb-C#3P|-1d&cNE--sjM1-3s~3bGQv^m-$G(Q`U@$
zmQ~h`6`biEC&#98%XTks*?!%o@QW0artibzOR@eR|8D?U2gezDnYvGGjHr4e#x_1b
zECb8$vIpV=hb?sM;JXRg5sydT-Hqxa1BE}Mt`BUz-kAo3(b)t0FASl=VBRam?$0Lo
zm{+|iX^*JODVZh-iO)^<)F-c=1xZT6`1G9QZV$J8E|7GzxXWdKXHHaX^m^(kn8&B9
z4l&ba=4BsTs@uoLvqE|L&%XZR$oowetjZI{>QEdP*AadJ0gli;r5lwuH1ifj^Hud%
zj>hO&$7U_3vy=dKCgZYMeeeDR>xZV<7BmHSB~^%4)j*OuRuceuqDEw4VyG&i`x*&l
z-#n};sUozLLErGu1b2;w7Op3c-3%O+(4W;GQYjqC=Gw{IbY9c&s=b0Q{Ic@+UjP`<
zWPet&R#?yCuIU=-zBvuhpyX&m_K3EHW}H5DiS--b*S?i~Gwc<H&PQI=9|!^5=iQcX
zr6Jt%rIy(Y*|c_g>(^HOT;@jlLpQPDwI~+68vfGgG^5t?r8F;TGkd@Ut!7lsZ!KCA
z1ZYxJ3dHk$*k%z8=W<aAJc-n)YITgK5uZhU8z}munfivWazgbh=T`MrDJ!fE4;_)7
zr`~sZM-rRW?J_Y__G(t%9ve2?R`9M<8eVvLEHN?4=TZ2|dhe@IbKELDV%NjDI1EuO
z!FsP)3_JL6_l*Jt?x*Z@<o0os@4G+D;7vo>v1rYwY{=s$$!;$vMb^(DGVO@GTJc+7
z8yrL)K`h?Q8_|BADYiT%xxRbsTC@Lez~S{Ve~U{~`Ar(uvWVDHV=K5;Z7Y;iAo86J
z9(5OD05yWXbhWX}-w{8Bp8=KC|4~Z5^4_Bcx;1Cxso+Agh&sj~cSV*RVs3Q*W^u(l
zF^f~Yw<{&GTjD>Xk|*om?Do0Cvm1lyYCU<&E1Q;cq-Q~VqXNs39?vFS7bD`O(09f(
z+dnbQCLfE55W@O{cqo|xCqUUmcHsN$(~rBNho<9|xHsR9Kh)^@7e|$5U*A=rq&{{#
znMHo#oadtbzEZeSGdevQYA^Ul8|@>pk~7+VV%MmWv3(^M<W|2t`-ZiVPukl8#uHIR
zr{U~Xpb&;Sz*o!~E~PH;pZMN}SevrBWx<9cQ`RK5Z>JQW6RcaOfHdos+>!o|>v$(U
z+)go?;Ns<-B;}Vp)eF?2Z%4Gs)a%Hm<iiA2>B>v@w5$2?b&gd;<^I&ld8^pz{OPFn
z25S`AyHhooSdS#%TGLwHuJ;pe-9<!|a)0uaoUMP%iSEA1@LocGEWvd%8jR5-WdeuK
zr1Jc3R6=CEm|+|Ct8k@|TVzQaET;N6ytLOz!7cCj9W0n8JWjpKkX}X1-ujRkA<Xq&
z?o_U%$rZ^-8*%^b406DSvOGO&S7-4Ua228YmmS(_NPKu9%|G%$M;|T!L?*2aG<9=M
zpJTh%=+KgBRyG0B@QDV>EfAcYc(1eK1*^59tQ!X<73zx4^~dO9V<DPmH<&<?Q>rW@
zWIZQBk;}`L|2)=|?jut(YgS??`l#71BRKT*q*ZHfrPXO`Gt(KdhpCsk4qs+R2oN9L
zn@YRt{h>#N$d=tPqIg(7qydJrVy3L$HtbduO&p-~YS{Q$Upi_Cy|AB|QNNeQ82Juu
zVtn=S_Gra)G~+EN&mF*>veR^_%JgqxP|?gZ-y*O#`T7iqIVmXhGSwcw)|(hXmPsoO
z8|LO|C5UEbJEy(N>?Nt7)Tuusv#-xse72}B_rB*MhLW}y*BcV(8Y2(RooSuv<7=K#
z$Ow6NY2=S;9kyFCW$f$7JC_z7#7x+CXlcpi+8m-GYp$K!qcC~iy8)^Nb~h&*%%4lF
z>l-|)RR-Ny1aQ{>T3Rx6pVFjCsph3=idGerX7(s?S3B#VZ+>`;6MsD_TXHK3EJ=~f
zV<4l?BhX2>;f3zS|J4FcEw5fWe|7Hq@;Rqa!mrdGwyK6^#Kcsegh>=n$0h73-nF=d
zX}$4!AtCaV65cTC1TQpix(u~rozu<s9=ge(5GA|+za-1^%9%7+V4LxvF1Bg4=VK?j
zGXQJcg}UzOWF1w(ZSk4G2xCk!{4^FUW<2JW7Fcip7H-FFO>~Z9A=SY!&0l>XYGNm&
zJ>surEF^Z*Iuh*yHUQzFD#Kn>?e3d-s1FEa4tk%g(=zf+LS^7#2|W4|?qt|ZdnJge
z;lY4y-NA*7(FeQKTxsFiYmtRWy8lb7iUnOWoEKWZqxx`!`AhWDD5d<0|4PBus6PLR
z?&>G#b&7_(Ogas(<P%brgmf-5?Z=gu-KG4+!mLun2=Gu;uBaos*Rf$-RRt%*D13h~
zszR2`=oFt8n@?E}{7Vu1vHh`*Zp;SS`Ev-_tf$Dm%D*B)xY>oh0e3-YwiI@35{C`C
zPs*eY<5|YCT-*9&mINr4nl~p6bBt*dA>2K|G6xbPUd3iD4>Jz`Ot98Kb*2u!L%z^F
z;Q?yqg}=|`6!O!uSHr>+ao@F4Ms09gK&$tH-<^_yR7I$Ux9Wglr%$U#?jQfjJ^%D-
zk&UJnO&4c(SMI#0k7Lj^zvbqh(t><o#A5!)F>riBCE5M)9Zn0bYq71*H+SM;88I-_
z6(*G|%EWpA33qKo{E#DP=S+%HM6}7|4(@3j$Y&&F)oTK0-)0aLyIa~L^J(uJ$KGjh
z1*MbqU7OtSY<vvo*{B3?35AV&zM!Tcf@iU3AKx{zv=tw}UypQ)@hEYrtUPA(N)%nS
z?}Q4%Gi+UOPEk_xG%?8-Ww?ZObWE;>wZiOEG1??s$_4A^-t&@nw%dL8Wv;+*Xt}r5
zC9Jy`e>c<o9e-v5Znr5^u1of*=ZCT%&YmTjoB0N$G~PZh$O~jd`@SXC_2Vpuw9a70
zmQc5>g^*)<*9WC-><%y`jW9QJ?)6Rzca%Ry39Du?&NP2_Tf<OiJ7xLOFtdh5uz8FY
z3s((6N>v3d%HmlVS<^1NV%(;MhF##pSlA^WuHfVl{))Kq>=j@lCM|EAy5?CBJvHNE
zC}n9Np83~=a#8qByQTe9t#BWu4%H2pftLDQQb8HpPuY)tWgG`Zw>j9n>pb6fKKeBF
zy5qK)sAKjmcqjO3Nkr3j`&AR;l6xO31(?roUaImD+oaXBaTC11Ng$;5ckYiepd*I9
z_6m@wy>xzu8Ia<)u5d^xd*$Y}b&4fFnBHsgy0WGVy-y^&i^E3EbC<>eo6Vb!m&@tQ
zoM-148uzbO&<Kfjo`1SfaP>>ovc022K27!@b0~xPqw=X2IpvIo5#lSGACwZ}u3TEz
za)IihK6T#32pO7__<_(SK5X8|F7!+!$YjuksbBS9x&VM5o|meD{_U89g;8mzepBtK
z_=@IJxU^#hw?-I#KECWu_9?~ks$1;&4KQ<16^}&VPzlTBtb2H0dQIu2`?;wyn{kq#
z*4ql0zP7VZhRlY{Q|$}Gwb=qo`_XoGA+~3byw@VZ(M6X!75_6Z1YtT084znw9|~UI
z^w}R{1&RhLT_767q_rl%^LpoDI+r)%>qUOB*{!aww64JYRYSxt2IppebS`dRPz%7z
zYoHr`(kO?%wEWpK7LM_uJP;#hU3Kk_aQ()4vz<$p2%3F)S$Ue!;Wxl@__NO)!Oh{P
z37tyIe%CoJ5akoKIsE0L2u~Zt(l`lMOi%A5p9)UGeWp(+?W0a42c*2<(@w5_wmr?@
zF%D}5+7LWBF2V(X<FTWo)vsj*Ofp<M7ak0-o<+)q@WOK0JRe)K4a2~te-B!&WmLPo
zSJ&_lxcqB6MNu1j3&kF7hT<XY5;h_8f~=Dn&0kVPUcnw~<@geAkFanqDWO>xqXI1m
zo8`Aw^1UTo0{WRiJfm~P{ivp#ZYx?|2ea&NJ>Q$5`RG!UU0Tq!F1EA~$U#V1_!T+(
zUwz*Ph@CyL7)oBk#B=tQ7KOIZ$FZDAtL%mMM8j$v3$MW1HV5jhgg-cb@M}fpIYA`+
z8#?MO9o=-n+o{1iw5WiSj?)#CQ`#kgFD2_l#*GAH9)egok6J?H2xi};#}O-)?r#YX
z+gBIgfq8~ofZ%22((j;qGWo&QAb~ZnVLY<N<^betWMa82!p{kMR2X6XUOc)~63p#k
z12?F(yR&9_c`xszMFxAZlaCWj&7(l+=*)(BNld)p>V5nwhU>`ZAfv*zGPB<UE=VsR
zg$*^2UhRq8iZbiIcu>6BFB;2M7Bx37wf#0ZXW?A?{$&%5`+wPncqdcG^`!?_o?rwP
zUDdY6*#)DUXXeE!ML^*e=>jP-4gG6|{rmR$an`-!9V57M><<FA(+8a{?ozt_Rw^U;
z>&^hGxKl5&q}qcoH~+d@Of{MSP9ppI1NaNs(pT)^sFl;Kys5Z2xp;(KtIuSscXBrR
zY4K$*jcXKsL|(}icp<O9h}=}fkVnG^5#@46B{1L299zSHi}koGn`9|p+;~5<qvs3|
z5>xAekVrbAm6g)x&h{@D2(k#Dha5+w=z`lr^AE<ATc_Wv_Pq_tU<|!LXzC-h=grd#
zO2+efr*U4fSG(P9rgqc%vd8{A`wgK>07=?S%%7_1c{+)~SXc!$M{2Q$KYW(Q$-+V`
z>{m_@Ik`V$DTw>}y0yEXEfRuUy%t|~p>+Ds_F2%X(B*pDOOfF7&%pXy@($LdKJQLC
zTg7%=n{0C5n@=~{mAkTaWjE({DpBnqdD;&)T2TBH?Z|`HM+Obw);RRW<9>^zxq}`#
zhcU@vg<KpQZUSxlWrUYJPGBbW0?_EW=|rs14pW3>G)XSG|EE%+iXW6N=~~?F-|GRJ
zxY-%y)PQm0b}^RsHmrDwvLpk&jDw8kdmykwmP2Y^5S}KgiD60-jemwx>uZ#(Un<2i
ze{|cpVOQww7ynQ)>IB4I;Kp{VUf{Ld7yGYrWq6Y@D-As1zj1|<%t1=?On$fh_z<~O
znCR_YpWUV{2tM6^cZ9_HWc5|UfhL~K3D-H*BdR3D76YsH=4ngwhnScbN!xL&3@2Y)
z$z}hrn!?#VqSzD33SZf*Hxs#^?2Q<b{}qt%kT9Ksl>WncC~6u;lUvh#qANFDY^!mz
zs6k=w;_8)<&XZR*fj_v3Gl`N+rL5uN3-R0doN^l3FAXJfw}Ksig=A7ww}>~2FgpXg
zmCKBh4`}D{1I=FEuTkb&q|cX-h-exWT7)rircD^voYnfw&c`iibE3IU7Lm78rU<7E
zMRjr797J3M3A@;|v*a>_nSyTli-wZ2cB+y`kvq36V9vLPny;nZ;y(+QXe(UoF~L|N
zz7_>6hIy7hu1jiVu~{t=uB>%7w$QmR5+aNiF?5|3pxm0|L7muv^D8a{vNR`%U+C~1
zeh42yAmEBRdZVn^1aFi@FAeAw=h<48{d@OSk`9eAf6R@2IJ-X1_Q$tIw!Ykb2~u$0
zPNEquNPLw6Q<gU<hkaTtOB98V(JwKvTh=C*N6LL{_@(3Vgwtg>N^ZoTr{THlL~q?1
zH|=+0Hp{wKTokeTKHOj=P%21Y?rCn9JH!1YQ*^7vP7h->lg&lDgy&wnuqPaLm$n!6
zb3CD>@Oqki6mRi^J#s+}0&N<&sl*h+FfEj|?{i?0^PCXfD_2m)qhW=CYY1kTSj$6h
z5&{!#V>X2DgtcBsi#~B~dC4aeU-TtT$&6f*c~2W`mn7iC3<M_@1rGU_$qcQk7+JGM
z^Yypz=qPoJ!Xf7Is;Plk3>X|O=$=j{xP=Rj8Mlnv7L_mPU7hf`zib$*#p}Q7%m_sv
zj;8tGJvLn>RM;qD6xg;r7r!DlZ(cz1J|Z5*zIJGiDm4)!3rxzZ+4!GQT&4#lc+VT|
ze@Zh&tcf;uDsFFl?Wn=ipV~20hX2>(KrjZWdwGhQ>Gc|1zo+eDCCUuFE@qat&vu}8
ziBA!J!GfoUFu(mpI6OL-F*leyA>>?8^mUvE@=8con2^{aN%V~<<~#0u$$IkS)ICvA
zh}fCbeYIzj0<y*q(n)5|P2F1ZtXm{%NP->BG5hyR54JDJ97z6_q+v+llbzGIAlRhP
z-OaN{*?;z~NImQDL@i4G6-y+<QuL&GXg)y}aXXipt3vWV5q;fS@%kgl?+SA%x<)jm
zGqPH96_O!`j4Ek2(->{RoM1nUenOt>(fK)-4$fiQ<XWUsnCN}bNg~jbVNQT$lo|{_
z&ajhS)_1F)X0Z4G!11*4fBt7Zw0YycSJ3@AKB{;laj_47)Y;iYXO1QbEkEebLDhRi
zJ9GF1w;pvpHZwBa?*3%1)zj2m6Y~5MZ@%KAG;OC7UGS%{B)fvI45616T|ttpI0Lto
z*hLrL3U=12X0NH+Ty4&W(@cTYJuuj%E^6gH#^dZEP%Aji>$EgdHR8oiZkSu`^UvJ(
zbne;=cI$an<og>79@!1qMZ0$qWFp3Rr8k(Fw)h&8nWB!p3w$n4HfJ<|5e3IK(8NwR
z=ecJ+Cn+V`;}3aAg;f)M@ZC4NZp6I3t%!zu*%gZV+n4#(T)VfkE~;GH{Dk<Ur!Ui|
zz8f(}4Ke~yQ8oQX812u(e(HXDeo7AfMQU@<o0Y6p!yuZ9qyG%v^`@XVZeiZ4kjIcu
zVXY=9!|(k@q8jqCt+6huTpj0mW`J9lMy^o;3JSWLQvd;iYk#}3fN^|jVgx^yZ_!eY
za*1awHCO|?ULZdtsLDPc5-)WZRMa_izV?IXMz_ZDx3U+)TLxeJ>A}{5BEW1w@7X>W
zvBm2W+o$gd>B(xUDD&B*dR}Ieuf6)1(-k$Z^^Xh9kiV@`dv73jY6J5HpZK`lmwiIC
zYOgRe9;xV+Mao+5&g{sE7G?Bmp4F%8HE{FOhW6`q=+nqll{i-LS@CZEZr3|lkty)q
z%-69_XRPUf6*?ytuSq)Ty2)gkBWBpldMl)+Am)KnWCAqC+4v<btuxQX4i-Cmw`lPj
zq`Z2i6*c_QsJXhM1D4nplqoNhTyqDl5jC9UWBqFP${%F2DCRt=L0mfK!%_w9n~wUj
z+jHe~G5gp_tMp};J7(76lWCgiN*tNckB1RZzsnSu<p^$M7^dRRVmn?@=p4QBySE2&
z-~R$8CB3M?`H^cOt4ZkYR(+|VW{fKS3gpeN5R=QOiMq0luhvCYnHD(RCF}n{8^ks0
zVLqLIVL(R<@ZypTug`mChPi)Iz$8n1W8Lg|5aw1;(umDzr!Qt%Q@72{r@yv5#60S<
zlSgx93DI8;dv+dq9+uhjGE_E_20qvNbbPki)MnF6EJ+g^6sw9o|Bfd<n8%7m;(xV(
zXjzLvvgIB5NVfazv-Vh_J4cv;h|wHshidF93qNtcpT)oGQYqnip=w<4d+)elfrRu{
z33?i=D4!)pneEfPyK3I3&=^HgWi_x`+9P69ebStt%ri<NzfrvEWETC&C_|VHxYy{Z
zvK~fDSv#SwipAjxv}sDoheephuF!A8$|zfJIJM)B3R~L(`<&$`x_p|TtLoIq8WQAV
zcN%O!8#ss5SFnn)TA2H6$0gyUw=5(kl5)jA;3IED)n@NsQMi6E!Px-pl7H<-Fpb(T
zARo5Qc3A5WpTt0f3OLK~hVrV81(w29de+bq4O8z5fnn?I8rK3Dw&dJ`MxaykuZj(M
zO4pkPH#I}<u+;je1wZzaqo|7rbb39$J$bVIyC}fJnw#9Gim}DU?Pg%i&%eZY(N-Ia
zO|c<jG0@k4txlNllqt>M5&3uzlj^5{;Yv>U2I~Z;&Y)edXF`Gt{C`RjH|ysX=+B`L
z(9utg^~F3)DOKe<<43mGaFO(sr`@pk3|r^FWmXicXmiVMd}w{;r{ec~(fP+_PM%zW
z|NVgfh6K>xC?>T-PqEQQ_h39E)x&Jc=HK)!l($N_UGXDZB{qV)%e_V!j|utmH|5hp
z>_3hvm=aTgvSN&X8@(dx;)oQ%7`+i9;*Q_IM$OMvEiq=4xQ>ooVqXSEe&@1aiTH8+
zB7Pr_hbSN~46t8RxoBeK!iD+L;uGb@HFsUa)s3UXYa_n6OwjMNPb49QkiMeRS*Ga{
z!>Y2PfDJ|cR@KY~P7q3Y1)iw$v3aB|piRExFc2sXzG#eEUd|%>7D|L&Ht8;PLh!pW
zwPo~a-hx%R5v|s?U+6;(M*+E&6@@bfxXUazGa#a+hRd)*QxDzJ9@GiVYuw)r+?cm-
zPwA?66j{9WSI^sZs=|bH)OMh(_kWS|GM#-y8GRfuF64A`MB5uIV(7Hy(J#gnpEllv
z<ZtbvT?3j6pB}v~^0|_xcsp}@W@4eBrq(_NET1s4XE#}CI{S03r#wU@C4*%cM63=F
z>q_(Bvx`iMTc@B&E<f%zr?DzexI;S@;52tS*sFDKrm*$6B40BS`5u_mM#x&)OuG86
zPNLUk!mOTK3j~p!i`J7jwOEV=v@pxEgx*@^p+X5J1NwYw$;EQ>KW>t$st2g+8oN>b
zCIk6MXi;9GRzXo~1nvgry*DKnIE03T_$s{$Pv%PCngCgLpTp<aGJm*V-<-p(TD%Mz
zKOcQLltrUha-LxU70PZ{Kb>8OKNKWe-2OL7z9jsOi`VE8v$ywR6FSO%;~kJY6R*zp
zH-8^M<Ht=`c9KNI0s_Jjr1UlS+?cZWa(6q}LSKCm@xzXG2q3spg4xUsT+yfW=Xd-k
zQ<!?M`8U@8rI&M46|lqJ(^NvAB)eUe&%G9QakmrX%<jMW^dc>rh})Fk*cIh&Kyzkz
z_5~bxzso^8JX1euAQF8J%R_35|MZ5HTtVo}#(Dgm<!2g%6)>tgy<%Ta<Vb0&OO1Eg
z!EV>qT5;&lTc_1k`e=v%)DlW_xe88Kr_otThT4&!%<xuLABEj-ww`>IcODfg?dYR#
zA)@8i^DlB$2!~<!Un3?(0$5%pU$ON|2(N0X6+wqvPU7P|96Ru=BIgsuwz~i1L+xQV
zmE?>!_LxtRzoI=C+ugBh#;^A-r`pNWYl?7rGdDlIT(;C#|L<{y6;1a#Dtkxf9xIFh
zamS;Q1!%nGdRwVlfV}GH-cQC@nGz9?G)ll~#k_<;kEQg#w+8+a%0cIC*Ji*)e3Yrv
zSTyR>>Yp*LJumL<O*8q0mjvLA_cELx7f^of0VKs-MOQ7*lAXGJy}11qM=-m;UG`5a
zZ<@H~iLr0!ycV9&>51GnGP}#-y8Bjzj?-PSt>s8LCx>4hn*UduAt28pFZ3GBqdO}O
zDl8fQ%O>^CS{2m9+N-DOaO5&9Pxt+t?o7&0uiMFAdi-Vf)_Dr2$<k(-)-KX`eD6%^
zv6-G`wDsg3C&gSKVUzJj+-u-RitR2DJ^=TcoIn0wV~d)mu0YS$drbFvq`iPI=F$*d
zuVQaF)dFfm?scT2`^WKtZiMV+4sPHFe0c&*XVF7_u?3!~Ap%5RA0(<$^eW9@n=06K
zmv3An?@CtX2+95T%}klknuEHFYK7ivcmD%oip!Wg@lKp)(1-uTt!3n~TK%$|f2-oj
zO(nr7g|@r5|M$TkpOs`j-I#W?=G9nNx2WzkDz{?B1h%U^*(rjDmYuYv#i3Kho(gXR
z&+{MmgkTS%>edl^$5BIUUGRS&?dBPkYp27UxlcC2>L`FbL#2XK&*z5oRp!ng|4+E8
zQh@pZ>LO~A|L7X2GXR6&C)4<|roq7HzJ9WYqu2in<sq)APgJhTP*%$7{3*L0@)Ap{
z+j4%p?!?;6;VG(=XJP`-TVh#X&UaZ+Wx#4G*U3|h1PhHD#o$X&GRm!X*=XGtX0jF<
zS@VF~)uHy(V}W=&dz!O_9tCzDc7e)H;QK;p|KOx1(4*_aaG8xP%Y-XIMsJ#O<#)cX
z-4gLpwPqMSH!-qn^q4Y-5gAxE-m9e|41ZhB0f<b?vu~z1oZ0BUE)^=8vW2bz;;=uJ
zYs24?jcW_WlA~p$>5yw~naf<8;VSM<ND??!gU0h=fllpUQmr^nw#@H%*<^BJ552c)
zyjz-lcl;++N4vsBA#?}}Wxl2EC6=J{d$dIk9<IP7k>I8QV@2Wt)@yAoV6RSufk0(y
zgoV=Hjxhxp)ksbR+_R4S|E?1tJmx9>y_|_Z3=m7P=Y3R4#XO6z(bWS2<pr+8{xDDK
zU!$-6_9!T^etIWEt4q5=a5dRYxGicWS8mmI!s!U()ElRp?(s6+NL%Wb*1weocs;5+
zj0zhD2!`Zb$?&~pe)-La?*|^Cikm8OOV1}3b2Etz(~M3F!qro6*CI`h%<p=(4HCl}
zFcO6WM##-}mHb{I8?Wn^(nhEcK;-0<e&0~tW3)DSpqjO8NS0P9xu)lF!+C|Lm<Zb^
zDBku%(b+?S0x4C2;Ksa}yQ$I1gLuP4N)~HFp5Ja+W<wm5c96<bOx$&JiCp6b=qQ#!
z)i0|d4+_<*hIcyg|38GRX`Yw*MKUQhnc%?pGQPWhjeCCStTpJxG_*jYA=hV%PjnC(
zI{P^S4fdZhGGpT%f4HOIow1!LYuRi+;IK|M{P`xbda{B$$)`|3En#Qrapl}&R}x+A
z`Q-!4w*Wu~#jC4xnQ?^!T6gijBMV2({}41Mzp=5(uP)U07^4dI#^Y-}pWI>?n%s|`
zB&<%<RZ)WB`@u0~T?6(qq!X&19&3%ssc3z)BVn>FF;qId;eP`dzJX<HJnsfbcPqrd
z1nlSpdU&+}<ESu4RI#0%J1A_E3QJM;JK)6QZTR2q>8oW~6skPZuZf1MpQ`$jITZKG
z{Ch-JvCdA4;S6TpPIUa+_;>H`S)jihqhR`T{uxfSkX*T5P(p-xQ+6%v^#JY&xcT89
zmjf!HaydDbc7l5vTHumIGYxNGch_BA#z+)p(j%!7$DC~(_F)t1XGM)<h{As%*uRYf
zp{KLoISexz#yS7R{XNno{|u*6VjU8H0mNw73;m;$9n(CcZQiKmQ2uw5`|m*eNTzu7
z`Vn>=()jsU1yGNZQZx<61a$fQl5b4auAi03@~l0(y=!c8IG9`uo>)*$cN5wIf1#@Q
zSA^>~TClKJ-<=qwQ^|oIb;9WVnKi2XcP{~ckTAiy<{Y*L=%0=Eu9<9Jn^5IX|5YLa
z!O}0=HVPFT9nP#J`0Uy0nM>Ct+CYM!n!HSHPJefuxPt~u!wVFe$Z=GvC_1vCuW;z|
zK^dG<mS)r!bLVe0DQ1}}-twfP7?_PEVC2D`IDA`tLT2&+`~CQys1yE%EJU*$p--dM
zDS38i%kG4#C>~Iq1qR4Wcp*Ey+ylDXz(1vGy40n??|&MtzMjytPJi`NV(9##m2z|a
zLRKW^r4YKK&FskM_fO;Bn}?HS)|y`Jg2p8>2eS!vRB(*c++udMPT51e=w~;TL~{8s
ze_iEJ_p9#b0`iF*i%YjWx5L@d9jD)r)a4q<ld+IGV43U6WyU_xt(-l}W?wM`y=`A0
z!#W`YFdD~3dsL!qA^~8+)~MWA-462F^NH;Rs`<OUMRggJCR+J>YrOx&tJ{`r>;;u1
zT(%x?K&;_oMy_4Aw%>Oid0daP8}fLQl=W{T0LQVZ@X-`u`ImNKV17h_(--@@Juc~P
zbrQz_SOWLd^k35IU=?lHSN%Ay-7gDX)vi<ugiWeZx+zbMx8gVN9cljkqgm&4GVjF2
z)U-&Y*uZ-{R8+8z```ojBKml&v7rv=S<9^j#o&9eDwm~bcN({48i!nFVSpd$ke4ol
z`79bv0ouunbe`uL0H?=Mw3vC+mFd1$H+fu31p~NDx~+o$<O>a|Qpmu(c?beG>_0Kw
zw}NjDrj;RKrjN!yY%1OQyJPbA7F(A%=HZHHtWWPJd5*v(&xWaUB5aMbTQq>Me}dX(
zUF#LcK|0!t4u2Fa5m;r1P@a;5_;M4+vlW({1pihkWUH%rP$S?LPd#2{7Cjxe*Ay;u
ze@}_l<>>2b!~>x-$P2A4^9XK=F8_EG{zs1{;r7_g&V?SW7l*pHu7rgoXug{OM9AE7
zJ%QU&fn^lHrk<<;K1ydh*Bjd5%;8cHbKkLECJELv(%$lBh_*)Q`#L3wvgGJhXFx7n
z1{fN_S}I>4=$}r0w@H<XrfXKXC8oS8YOh3Md0Se)QDyw!!tIQf_0x+cb@z?_9u9MJ
zn#^PvGmn~D02__3U3Vo?Dnn^6mi&wu^O?85lg$ae3(!z>i6512o-v4gLzcvVacfq6
zUqrQMeI4zJ*0U-cEI`KPD~V63g`t*_b`ICk+96$rTs=R2jHc7u)yc-d`&W+-GXMHW
zG0;@-DhIf#ngKkVM@Ocyd7|%vBKN4=(KOR~#!kNV-EylOlfimV@vYI!L}_-o>{(X_
zU+?{I)NvIn=4VUosD96mnb5t1Q<2~La1BzhN!l14rWf|A>G9A+&RhW&9pI4`Spzp&
zbu6T0E_)__jK<S{T$$Wq<&pfUUKl2Kj`p|~6gIxg25Q?|l`Ra3_+KqxtSWx>+z^#1
z`bUATQL(l<D!q}u9ZmIR>2jAklBpmTVNir%0-T5RfTM-jlLc?@#z6w3GV(h>I{0)h
z%x0~lj8P*{){Pe{R_U1z#Wmm;2!o?9+=pKVzBlW{1OTK&AhLP*>Bw$!2|Po`dmJ}5
z5wl=Cob1!6yJ66{W6&lI_mEVU+{m5VXrIQ42hK$BJAQ8C%^rN6T(aSoNip;SsL>j?
zA~5UZK1RwDc-6pxgBu^ohSfxtug9(p;YNH;NIhK7=;DeiyJy%n@r4E;0yOc7?8PPR
zx5X4m7|z|%Sp>+#fYst|%{kuKH_bh!mgXl^`%v=M&UibOvj}5nNa8?Le>iO~ly^wl
z_GF>0e*<%8>p!+<vc3SiCL1W2gb?!q)b!DftglNLv-#x~RROuU(4bJ(lV{$~6H07^
z4peTeZ6pqV&SX#3&Ik$ev(!JiFR!Uhj}y!ET7Z#J;-yOgF}*WPwCDDsikhjR%xzcU
z$gMakr#k$>jDdqU>>w;S@`fWozIXz-ci^N?fY2=WUUi2DNaRQ;!4K6t-EU>66RDoL
z<PM#-E-lCLgs3N2Pq<aTf+KR)venm&90;AqPep($N?)I?bOrV8jBA@rME|yi^oZIc
z2;a1C0EBzsVQwIYQa(?QM{Z`Rq5FE<rQYYM55t2-!EqPoX79?rXmft~vHgK1x1)$z
zx~x;5;nI7NLB~vS`Mq(ss@cfTqwYd+qDF8x!!U)x8+2dQfSvkZ=srZ<rkaZ@GuNe-
zghlJApnFM4BVf$#j;P3@^P)c%XwL!L)=1kJl0+18&FlU!No-Gc>h^_tJstxmnH-o-
zdgZj8|Jw@0k=a8%!CZenZ#o|VB%3BV#JKUK$x|axFuWkmVZsAR+|KYKydrLWtb*WV
zMuvbr)L7wW+@fsFjR`oP&{{Zqo7Fi)(C`asYKHu}9+eM6zn;mM>i?&n(AByCl36q)
zR1Br)`H5J=QU0Aqi%)be+lNy<?Q`5g51Za0iU0S<w`<gRWGe63Pa_U<hN&oCuG!%S
z#(>9;5h42#gBxvZ>eEAZvgRO>uFLIft{s;jLs*eB1Tz4MQO7-+=C`T;=9xA&o<lky
zSG63=S2u4Y1H`iSd-Mb_J6Co4)Ss@ONl^t6LN9w{)#m4Zw%x?F{_f*9x@@nO&!35O
zCDUK3H|Rl1gS!2RqfVa>-d#(7p**h8nS4hcupUpjn0={X(ZT(seuK!161H#~+vn!Y
zt>CJ;>CWaX<3IiB%0%R!bC)wkN#__uO6&dncl)x!s>FznJXn?h<&N#=dtGPVSl^~C
zma3m-v}0&TwL#OIoj0v+1<S0AEAoB3z5ZuNb6p6}J{Y_QVE1``BR$6WgOx15MJn=d
zQ6Tt7iI2Wj?+J@6<fFbAnx!Q&xeA%So}wTznMD`-+&Elc*B`fs)U;+^J+bKI*GbSs
zo^wi7o2_cW%Q+tL_6*ek^$v5q0&$)Fuq{(|_=51v!=Ym5*nNRqYgrO|I;FWHd#JW>
zf0+lT3*&=TR|CFI+IOxNo@nV300=6x{eWo+#Ac$-yN#zmdIYwG95c32WOvNPnEM~9
z7Cy0TDeRRL-y|t7p9ok=a>P=2S@pq68w(5U$-S{90^bcpMKX`d$u1u#c(#6h8iA^t
zq_OGzitf@jIeKu4VzlVcJkMMu9a_diZg>fIqdq#y&7(&0Z@~dkBF{4R<*1>!14#ab
zhXo9{h3);RFf0Em9f9F={95En`U3o9Gj<*N*nn5ed;-8#R`PiYQt}Z=fz=jAuM3i(
z+4cMFB5Tz6yw^xP*+I8_q9owGlzER>jMWj<R}PN`3W;?LuVO1~qaWw||0kgYwlhQa
zHw|pl$^!Aek~3WvVgcVC)bg2l901;YC)Hnfaa6kkIBDCAGBjhGIstP!T-sm-AAId6
zx9DWYu2S0zA9g7bS+w#SK@&q6yXCJ$%KdzjqIRjNO}777#u?m*8A`8>zHtBH(2CoK
z#({q0kfFxROaYU^466>|W!s7_oofM0xdA^Aie4;Jmgh|l`^hi%oJo=8MIOdqh)OF-
zSWeUh+5KjwHGOO4fFJWjAV1uH1+jE>wn?Y&7PQUweB?K>wUQ;|#w_&YU<ZR(N%3Ti
zX2#yjHr#vJHVnoPTJapU_B~irD#kCPYrs`G`i&Wb>P%3^Fp3}}DS08za$oD!OHE?>
z?kU$W<)*V<lD@n*Hc)(=3XgtxSWL$$juo~}_rULWeM=jk<s;>WcPnlKvwS^)*#(V*
zE_t^fio@Dl14nIhqkZL1&%YTOhN+!mum`Dsc(}nDFwKg&0T>=ykNRI~Z{_{2GQE}l
z)%QFHnC5@FZT*JyIQKQ{BQrL41ojep8Im}8dJVXELOSN^5D08#mh~CvHbT@W9NicA
zQT+!39R983&!#i`|G<BM?PCwzdZ&ZRbdQfk?ymd*=5La>o#j{OrM>sNx|n8E*)ZCf
zLE_CE?!1{9%jW$LAP_Z{59@AP#crm%#bI*!+ad3PkJ&ImZJ4<TO|8tt0T-hKI6DAA
zay7VYzC{w>fB85RBQHLV!A-=K=$3`&ZCd@Zbe9N{U3wn7Bqa2Enfw}hCdHz0bquY}
zEZ*f&aE`&MdqeMTW*^C4x5xQ%X=iibK&0{g-N{*DPK*BCnihWeK^G^PhCZv)E~GHQ
zuQ7>?mI@MeHn?5O<<d|dq7}3}rB?$~DMp*o?p&_v-LBJ?W=~^=J~hj1sYjvM80NcO
z)u+D)GV~XaUo-b2FQ@A`{TjL`7nwm3!!<1D`g{MBMqNV#sIQQc^xhdG@9nr9hMFSN
zEZIG=5Ix<^!OH4CM{yoFpA4w+J&jhH$<yss$eyb3!nk@4QYXqIRy-qNd!>3fDkXyx
zhqiv05#oeowB}-2qvu+ad~vuo+P=>`{3>OrbKm}pKDl*h`@4}S-?{UU%h7%A&`+CB
zye`e$J^g8hwxT;ic32}5Chw~2#&pq0bJ&9TiDiy1T1rx7+BwX+ek<o(n5yk;m16Yb
zJiUgwcVzt5xEs&<XgD|4JSkvsnzy*qLn5G7v%$<s<Jw13cRjMey)QRf9TVfTx0){z
zw-szv0G=-hob`)rIWqV67*yr=sH$$iTl-YF#^R_Cf%s7~g1YAfN|#`={W&>VA%BJG
zEib<UD7jlorAyrEb}X_cBS9)!e_MiBUold?^F$AK!%bJfDPL&F63I(4%#X~5RO@An
zGMv@4v9DSSO8?_Krk;CqKgkx63M-oh#=6<?7R%H`_Hv_dj~tGCcKv&X)1<1bvdsEJ
zj7uw2$RXNd!WJSaum4vsxyNob-540J5aT4LS4E(YQ>21pXN@NJ5DT#fUGn|41%Ta7
z?LPTUd~{M?6U5wY+)4~VN%uu}Csc;k0>cSpPoh3lrja*-^_R^o*$n0@Wbn07Kb{+x
zOARW>+9^ArDjQ3QnN^xvA4@)dQK{$imq)?S!Xm>t5;sybfco+O)#@IZBItTcKj^j!
zRFwDW8I;k>Og^yBonsG6ev^K>*k_2bR9k2`2WyhASg@S$RN&uLI;Jn>s*r4D@@EHA
zoGFtDrRJ4NODR<`z(s<0?c^l&*;ar_{^j57)@6}a6}HS{tdwG3Y7jxET$+2?C5Hy=
zN56<(uY-b1$R$MUNvkq*ve)^D&QT`156f#DQ1Rl%%cC8g2JcvEB)g{{Px-#DW7YRu
zDP9*E<=ac&mbd(PpMLKJR&HQ)sMl^XfBSvKZg=1!;VNmgdXH63d{En@z{LnP`Iy!x
z2gUn%4BpzjW0kBBiJ~7;0++NmqhB>{J<)H|FjecHe^C@gdGW*TqILTI%GVZKwoZE2
zf(0L<;d*rkP`j6jzOg1@GBB-sUo7XyWp@n{hj=x)N5a`G8r((a6}TAJWf_7rmIA0A
z8%92$l7QH<o2zOG(L5HcBkKtc(+%Nkvh~wr9Ejg~gUV}F)sD|&Y9+^ZdqA%;c6>t3
zssz)GAozpBFmUg=EvppVb@4an7KRky^fUZ|Z%8>e$!43*5ftBdBE`=AaiG%AQ|%bL
zhynV^hgbN|otHE*x|fmy{pyb&X~WPh6o(>Jm#o=dR%vFz!aq8-h(F)baOZ_R@@#c8
zr(${$fCL%j|LgZ116Zfx0{M{;l3`aKP9|%NL$-qF&BR1ZU?3w-*$DW;LnaO&&UJG3
zusIH5LO#&$fOWp@d6a#Z*KLt$+|1m0$MRf4Y_P8rgRo`nU!yCTPlFkQ0i0y1J*(9q
zn4v@#Kt-KPryP1rm(&%GcXuxAMcI+)FR$IAX$Iit73|r0`S*$(`?1$_0-^9v<;c>}
zx6Zghg~;S@G~1Uf^X|vBp2N+wTKqUZjMX%T6-1=RJREB<`;4dcZ}oaGU+ZcWr%Y7}
z%ZTNoT)X!@-gn6FmQdMj8JaIg*Zn=xO?NlK;7DZa2SvL2uIlsDOiPBVdvxJVx4*u0
zQk)_S0pcsvw$tMu!96P|*X`P{2FzuOiIFP|3lV4Et34b~26P5Lr9C)hy`7I*Vvw^Z
ze7sz3dG^z!!@7<QGd5he4>^5U?=$KD!_`}dMICkP-x3mngeVLxpoBC-4Joaph;-+G
zbmt%;T_P$qfCz%p-3&c+!_eK`0z>$I@j1`=o$LJ{xR^bAueJ8t>;ByJ6y6%X4mWlW
zjfQ?CU5-7S0z`mrNDS47M5euM7;Cm_U;3BYg;%KRwa+q6;&;gSq+z73GiNULv)W$d
zWTl%KAzyEiYB(*ujMMH*PD|-;ijNHl7+i?;lJYaa;USd%Lk+&OUJ57yk77#j4R(^R
zW|JWlbm@03#xbjp#8c%&@4jhsU78lL4&TX>So5)(Ya$m$J{%AsN`rKH?RPPpbBlG%
z;TFa5%?++UP}P{`T)1Jf8?JDPwoj)P9&x?cllW5=2t5IiKdW9fS@SmLRE?ia820M$
z<JE3_afH_?+oDsEwB~hJtu>goWm3qZX8ZYB)1#Mzt{lqKAk6*Vm?9<e#v(oBR_nCF
zEETfRRQa>~$?=AGTsoVjYQ1BOJ5t)c67}-J8dWECnJzP!1u3e$Ev*%zpf>lv?)=aI
z7Me8R9q0n%cn?HBDNi>>BM~+ypQ@-N8%vqK2xd@Mi_ajoEy>LLdF;g%pyDTIjJDwO
z_KLGe^e69b9aE!HE*|n!g>CPQf-}6fNR>dyL`?+!=^dEHHYV`|30YD9!eH?jyip_c
zGyVwWP9`+KJ-vTsvW;*X%mct8lQwvE9oMFfX7sl9I?Lt-yz{zYOZrjN+A%CND$(`n
z+$(Ov;q7&<!;J}0qbXAkas`xC^fOfE2z)YD5^!2Icpqm<{AwbpqsuYI_S&)k;UBkB
zwYT4n`h+bE4$Xr2`o)Jm_^gw8$t(Zc3qbkk%vr2grZUk(T;of}jRJ!!&zL0MR@Zj<
z(9;jBx9FV5OP&0&IRubS=>mxCB^5<(t|0=ES%^drTbp&(CG$nC;KOGC#o~X%w>f@b
zn{M@BS$uOzRe!(e%J(*+Uh+jb%B`nRY9RnQA-_RTMP_TaGZZGa%8(|rHu&N8B<ojV
zap7fW`v`s5i0`)n;YkVMZ^GOr8phe_-aC^vRWFEy>~Nwct<x|{_c#P9^|3Q_?Ngvv
zZ*i$3hbqbR4%$*VIh@KB;y2#RUZx2{17_y`RQ;g6!V_&OZkvRbs(U-@uQybRQm$UN
zK*C|zX4G*M5kM>_+SyC|VrkrkdTumRI^{`jpKvu!*EyA4rkD~UTC3}u;=PyZZe+S3
zGH7HYS<{sq@4>j?olbxBd9vnT&lJu)+cqF>x@%w&@4Cd=dsgB3wMw$;gC%<!G|K$S
zcHHrA5yzF^gzNkzhVH}&B+pBQCUKIaL2MZ@j&Qn84wb5Cp@<fi6{dGq?ePE3<u0u7
zScIE&`hY-xRV;2480&?8N(+e5SlB(0>AamwcTbOTi}#RAw)<s-$w%Hg+qkFK%ROi&
zMi8}ozE!KX#2QOJo)&gq!K+0pMcueCtE3)!_-fie2D*;&hQbEw#v0R4@@Y>jDacZ)
z5wj*Z*c79tc*TNg>GE`Vjv3w1Y-gTr9=++9=cj8VOLro^mRHQ|#6jIH7W5gkV0Fkn
zXDRs>nGfjOGNCb0^Rkr07jYbN0%l?Sux~_T5Z4RB&(uhUFc(_n`+OOdvS`1%`az!M
zKADxW!?EJqs<2NOqb(0tQu%0!I=-v=(=neMe{I3bfziD)#&9<2mw88r`v|FtOEW@b
z^3Z~uZ$zpnw`S*_@uXs6`>3Ww17Q_S<SH<mCYQ{gmE8f~>2>OP>ANAiPzz@0@l4t`
ziGt>cttA2TT9<Xs_nuDFIb4w6FPVU<@=r${q&y&HViqH;TZU^aIyC>JZW^@a%~o@J
z@8U$nO)Q>O+$Iqw2~X?_72=KN{9(X8|A`!jrkREjnaS$C>d*g5^l9QBcY@5oX@RA$
z%7bTzIF0y<zA6<wj8QZXQeG-^IXyFP>5lK3kl^?O%IdDm<wS^OjgUXUVU3cz0FTw>
zo{bAcLO&M>;&&4S3yX-Y^Tut>vLN`Dr_Kw!=#-no3uF`%q+pyA!O1(pvz|rwXV3au
zQP@A}CR6WqkV4Kw@sniWJErB|3y*^vXxaBK146t$g;e`*U2znc*eYk|(w#@#`VP#d
z7Db3faWb&*HF0l2#+i*)ifXS$g%zyk#rOT6bw+fW4V16@FSV~1n$Gv_3-Fzk45_*x
znQ^hnNtlIi0+bB2`Sz8Fc#1-N2O2quY%l$pRfQdux3AWqbEeqdQLju@PI`{~YJ_MW
z*yLVK;<O8I)@rBwO|&$=5RZz!MB14vbU{EAo+=!Q97LSf;*Nq0$Fp(!Hb4V=BwcQu
z=$s<$jDx(3o}eOK!UtzAW5+P@m-+Ax`mPC<wsTNhVstoLOCjdjlbon#HGlGpcr|CP
zI;tQrI;<R}x2|aW_{_^+e<x#746^D*Khy5TC3XU9y1pLC5C|Jc4cp90a<wZeU@0_?
zZoCjILaDAs+ngB$#gV5KpZUgD>Mn4fJ5T#`oFFzE933i4`EelEm9b8PI!$_xbOXW^
zCnAI-vmbx*HpAXGgl0WF{jq2CSmUgAqXz=IYpSvR3(I@B#O47!T{VlB6@o$%loWlu
z^N+wddU3j`?M6{XwfnnQYo+f|^ASaS5a<whgoayo7MIPAhz(L281j9$lcyt8y^bRf
zvwe+5<sw~urESGrQ*Vr>Jd*nKh=DXvc7S+nl|GJhCA;JAn=E&(y-s;zV4Gppzrh~<
z=TlKcqWNyywQL6W(JzI$lGLid0l`%&sVi&a*+m8bYs}(*rV&hp7(c-ju>sunuzUT@
zHV1WtkL}EC1DME`-&Un=faar=5oQ$<N>=JX4y``5q{J=Towk^&n7Z1-&o1OHG;M4L
zao-A?7-gsH?o4`D<sppcHTuejMS4wxQ7E~?<nbIiRL38>rLJbdb~=07y+b4FH<RI$
z?+Pc5gk3+vbf_SpYI-)>(~ZKpv;$%4!x0SV^9h{NwEEcH)+ht&v$E0hnZYvi@`FCx
z1jP4}n+mw0)e=#bt}hk$O6%lJPZ6zfS-CC!OwAP~(I4^Mz3H}rn()REZ~PzNy}nmQ
zB+;<S=Od)Z#%-VXafwcArNw~V&ke`Js2YWACB}SuyEOC$JXHKMVd_GG?UMn<Li85*
zdnmK5Ur?IY>x;uq^VAAYPkVU6N`Gs!#JsrDfcTo-fCA&><zckA^pz`AL#TeL|5@r|
zs5p($WL%r7$>0IR!vV8c&MqdZik<3FmCcpuMn(%o+28t%y*7%ugVA8yN$!a(QGx?+
z^8z2@4gZr}HYV2ezf7iA?hj)M2XMudb{Uq_9nU(>;vjq_2|{rm(dALNC>g6`j|A`l
z#3W9rEysN<<ope0-vn{jW!?Qj?u42O>R1LI2P?7ktW(0LBc~XHpRk=IMO!dhW=xN5
zm#rU(;Sx%;tYCDSUkmX7o;)vE_c-kbaOpsNL~LW+MF&JV-LJt;__k&w{5md*Joi$D
zmYJQ&LRMP;H5?OJe!ZcF;PYDLMdjuP;>DdrU{MGa-cP^(xD(qaoOc9+liNIs!?<Y4
zURe#X^Fui)6_2n4j-|ZK{F={yKq`Z_$`&iVrEBTCmoT4Aa78do*rr;Jk*<uDl*;L2
zm+8a4Stt$hA%`%{Z2PmVAyWEeJo9@{VXd&M@kINI1j5L=_IUiZMW)zO-47k{GJLR)
z84;fl+(MgVZ51+(WWNK`#jr|!RcYeM-pApGFzBafe8Q3&{CpM6Qh*3y3bJjr2`Lbv
zbnW0o88G1%kH81b9!1p&Q?V)4S~PT9yO4SYbg$^rTz-B%J2P@*fQI02J)LL`l9_Ha
zRcG6$+G)C)FYgBOw>!Pw_fBvnUEh}|I~)W0!AH1UXD0*SIzQ1R5K*pRAfV%>1*Q0O
zXR9PD0lsaGKVj0sR9GA)8>W_@JYmt`>0g5lXmO40a-9)!9Ov_jjvrO}!anO`(9D67
z0Syfwq<GOU)tT8aW+ojF*l>ln{GuF>{7CL;)aN&6eoDS%7=!Ll7zYck-oa&}d53jO
zoFBWKAfMHBH5!C2r-$f-53sW^pM$VAnKCK}{BmP#R^PkCwP!|%t;F&MXr#z}t!>pO
zPZwQzzxWb0$;e?7U&};Jke>QhXk|yH8CDbT9^u~hV`3ass7Z7hZL_?6Y87<Ra4nav
zuoCKQih|iHr&Z#lR6B$_59$;jz?wX6$WFdNTTkp&!A;I|V-w%KLYWHVc*CZZhZ84K
z!VcqAez(b-{D6#t@`we8d5aQckh%;b@;eacRoyfpW9p{pwDn)QwqSWSOZlsvvz{NW
zNoR$;l1K&fNUZt9rt7t|DxEM|fEcl*AsXD^{H!QWdUcA#<<_ubZgrS3=`;I=$rhl!
zV_{gN<o%{kPy{uuPrq!_qhv;En7$GFJI}Yu6X&REI#wxo8u~mP_W2CqRlEO1o|jx7
zstB;g&g!@ih9&=ApOog_!6bh29^Ac~Q)CEK30?xvahIxBCS>N(rRv7pwJmzD8RkXG
z|CYt^YS|`2a_#C%ol!ns!ydL-B86dl;=4-bA1ocM9IA}UiBl?@-iG?)_bZ%9^v@1%
z;gT0MHpbshfpuK@4hLrLdbRmY&+L0DZ6aPF$pX!Z0(YJM^C;5H05Aa@pvEN#(Y=b%
zI-3pkO8bGSK-gIYm}rB+w7vl#uQ~k+G3=ykz4ZmCOn%pS;S}GeLepY|HA+IO1b;5d
zflLcBr&M-l#%=Z-AMWj%8;RQ;qoR9827PF4#W@Cjsw{gyhncC7G8oxpSt_}Z2Q}eI
zluuV|)=eT_!3IR&wh`qF`0Czstw!w<41<YHrh6hTREq|Iag#;sg>#KO{Z{hnqo27A
zoMb=C!%cu<xCrng$kg@Ny~B5<PB5=M_2tMcwtk?L5>oGLf=XvLDzcxNn%Y=T)AmAI
zO|kFIO|I<DOx||Yv-E<qHlucab0btAHQ+T0GdpBZU%g!GxMAad1tAU7pCmQs-cL4N
z@%+|}L%#95yy%IpWz}}Iw%Y=SkAJfk$$2<mu<&^;U61n|oVt6(X}!Ue9B1I?X_Vo&
ztgpqW61ioz;C`vu#>I55L7cTjx3BpImdYZ*E``qy;S*8ROyrdUTq9hTICp4Jx~y#;
zW}o><f!U0GhLxbBepf)KY;20eJukcPaf2=u(yZ0029i>f!H<TQW*t-QuPie{Gd)yA
zcUG=h7Qh?^AMc_wM)S<yh8zdCENXZ78)ejq$mQRudSYRvND<=2@ol#C`&f94CbH_J
zqk$Ma8)Q%V80FuP@_t{A2wGCk4NE#y2ECD0e@FO>6~x1|{;>|8j=`JG$Sj6vyq%a|
zZ`}6>AM_)VFAt!$b@g?1t;Ma9TH+sNsiGdNrTQjBm<Ra=I?w$8A$>#dDLy;Ee0S~<
zL^(@yk3%|^cg8B!{z0+m0aMarkI)WqF<7)8<l13hzgNYzgC!%PrvK3iwt6WP-MwMF
zozY=(k?r>dX#-xqFYinc;%mQ{mM=ctZ_Q<70?K{kevq~!tc;%5FJYr1bz-4v4pQ%6
zl*gdhtH7hKA$O1Zi9V8ETVo-1U)&6+5v~kb375laL+Zq}d=C9Q`eV^(QEJ*vxpkMH
z!kX|ct78@?BFk?TMqVQrLAw4r<&bX`qql7clRgTY1sC};mJsyHK2C0-8cDIdWyB*<
zIROKM=+m=QVsorkDJBS=&I&$o_8tC-J_O`zYO8~rb2MSdoQfcSj}9JZouywtn|Ru$
zH)ydk*h4`~2SzVh`!VE&+l>sy#)Af5E75Sji{fB(jD5q^*8K!v(X|ODYW=N=B`7)L
z+GZA){$+3z30cz#=z5JyFp-z{U_C(tr<G~IkH;}aYAe)?To#jIW!zqwI`Q~RQ$8<^
z{pV``vidJ?XU?&4Ws4(n52Cdvp6VdWN|*J$bT^rd?GvkLPcwv#){|&<e)y!YA0EXn
z8)h7R`ld>g%e2Nelk#j|u)0=-k`MWn31$omk}HVg?M(Hqx)PYD)SrF`Jzu9%5N=IJ
zfXbM=+1GvGKEW;JOhG1s&oVYs)!h?6Or)$gnn+M4>{oW9?e=+_dG@2ApN0j`RryC8
z*Zo}$p)_S+{S>Qk0V1s|>o5;R`kk~Z!UU$0HwcT*{%eG}R;97^8!$(B?SZePg+z~n
z|B7|#c~IpTS|SqnfnI*Pb>^vxQ7_etqNu+SkibDH8v=RX|Mmikhuu|6*6+9UpG#9b
z+{=<dPz)K{X8B@pcGA~4;#hY0JeRnDoc9mO6(31htJ6DLHO7in8pF)ER<wZ|BNe$V
z<`PYDRIJX*%9xP%pTb1g4&3LFUg2}8(P;XbWyvAC)4n81Jx6ar8H$_{Hqq@Z2w=bg
zC((I;4r~gDxC~G99Hh)<BmT^GlyAZA+7n80jYs#^$2P=v^?4(d;o|q=^OQ2Oj)F?~
z=ja9t+G7>bcjF?R3T3ZPXenQc4~dFaH6&zIma0&<9*NNW{`n;Dz2SU+-T6_Q%ubBw
zI~=quB>*dmT>13lcK>RX-DXH-LfwT5N`7!ye~6TPdl>)Zu+^H$D2{OW`3J(xqhlfw
z!tzxWh75-PH*~5cib=3GbLIBTspCUEj^tjtU(A9#_hQyo>zwOyj<(aF>SAQ#>boU6
zNhnjo)zHJ0Ex2`5BGEkjNRTFVrfxn@uT$pyYZjqpeeAONm76Al?69UN%dKMhsG<Mi
z8`y>0_-lWe3p06`jq&v|1;sT$j8<yLXCN4AYty9Bm)dNd<e0J^OXCE?m$&56UY;HT
zm&1RjXY(>9d)lX7717C{aa0kdrV^*jS*MdS+t273c5}8DA=5huf^&)F(ET?+cvMJS
zGt5wl-M4`wM$R?I?ZKbr!#zGmPuZFGaf(zj#R^Lwx8|6&Dcl^!Nv@oRuZz~k!{VZq
zH{|x;Pixep^YX7>pZ4Yb=CXUW&-AIX`)fLcz64)Hy#p*tp|7t^D@{Q;0HbLX9%xY#
zg%o{++c|W38vM$0-x)&bJ2pyvP9i`_n+v&RKZ+@jA^M$oz;t1We_qO5>Uec2L=>_v
z+Ne-r9^Sys?WM4wdTdWI53?=cqX5s3&A_8Cscn1s-J6hsrKW~%3l(Q<^f#_C2&V;#
zZ!zUc#xlr8C@TilAaf7v1If^ND>TpKjC1c|OJMWjSz202fZQy}6T0}v7ts{VpkTyn
z8b#U5l<*N#KGrO3$-hD0Q$EHTt_bv=^bDTz$b&YSRYo<~!ZUq9ucFhot@+q-+ssNc
zzqiY(Yo$y^|BQY{W4()hOR=}4Y-YOEmVE$YCEG)mzcd$N?eyBe-=ZlQ#n>9{Y-(W&
zik}a1IFjXoubMpt3!Z4LflNs&be?t*R+cQ?YXPZrZ;M_Md?`iaoGdodqQXONt(*eA
zvq%5#^X3()$Y^s|(7fb<(Y(oC>dU6vA6J*OW|zyU3a2pn!5RBy{f$WhkLpxJn9eJ*
z7PYRLb2?@umYSY3sW9WF?O;RrT<3wj3*Yd86Yn446j0maOme9UhPq=OF5V*Ko6)Tx
zCgM;A!nor_&8-)OqkPvA8N4~fCXe>UI}ewyP3b`TXbcajdmx#mRjTxWQasyok4mij
z{2d;PZA-6V(Y_}m5p0Ap=<j)Xj7C#Z9MSaiUF)>OZ&zAD0pPfq*E}m2#s2VDtZ|et
z(gGN{km@8_&PjUOlTJ=8_qJIUkZ`RJv2N=z74|gQLWvDKZ7+DtbjFNT?=^p<W<j?D
z*JujwWXJ7;^iBlg<RP;hP0sr+P$xEn1Pt2>k9=5SMUyrqbFTPE6;}8>9p5Lsp!8?P
z5+_|1l8q*&=}*ctl~vP*JX|%CBb3_7BurZ(>Ap=L`-D}Ape`=5(8m8Wk^lNH3AZ0a
z*K4K)C$STB*z+{*XR*QG1&9g{>GpW%8_SW_#aDQ+3MOo*ITxaPXM}<0byH}N^xv5+
zhZz2YtSZ<+SYIc@3aUnC;*c!M>#5sBUC<vrrkMtEz1hycJkvH5gRZVE;+^u^J1O}l
z`!#wqg;^?8?~Oc%85T%o`>A!7TgK+l(wR%XHjL3L8_SLCdbWG+l95LG`k{wb@Wi#i
z^wuF*f-$9HTLJgTdwPZ$AEfgrde1`O0i|~oeYKHCp({czj4~H8<brw(8XC56)1f+@
z)-((~W*;GdB`J<(x1@tl89(7`-NQ^6BEF`ZpVx~pZiP;MG~vX#Z`3L#&%&Cyi>@&5
zMZXHIa7fy*mMy6F0xdi^_N;XHOqNoXP&rB@;D$kLPP<wVMO<mqfzOBd$?x*qb@2)S
zOKVeXb@xx_NibB$Wj&<1S|xoT0i=ckUwTQgiuonDb-xDmfnKDwtxzp}(e^!8*y4kz
zD!-0+T*<9DR>(s&HhLHSh9gJS5>lvnEW&l+`G-x(%V&-ceiQz8-tta<!0`|hR`sN^
zd8RhhA(ks(KjaqrB__DQk*vt^Fv)GrjoC|DOahTX+w5DXnmbwceCWP#L^@}WXzK5y
z;?;{G+$hITgv;T)p`Tqw(Tkq#kzqxd#K#TiBz|?<{2#fsm=(gDo*vVbMfozo4L6II
z!V@XzeIB2qgNc$55%UqF0shBDQJxc>BcEW0hv>=jm(VqlY{w#C_)t-AbLxjt$!{j=
z520fbrKtuvsuDko*ALA!^t-f=L))Y+Qi{+W7rSNM$zVgYqH7RQTG4xWf4F`3mi%t~
z^eYtO2OB0sv3lER8MI7UhTE>U9aJSufbaR-@3O8?%uA0_!LXv^7~L}lC4I>;N-hh3
z`}0^h{U0ne|3Tryd5Cz}ToU2Hw>3BKSjlP2wC`aK10Cw1_H|3)QR94EZ{5pPnD9r5
zK%<~rDUm8$^E8Km**;{){BNUWNWV_+=A%^``}l=7hUS}Cb=w`xuj5pVY0CU&tU7XV
zxljCmiGOV<radI`y?wUeaR%9t^KQeAb!$eyhL=npF%t{2``Fyr)8LJc-Sh}qznnoq
zZ-)-@!!B1vo)vgODH3{2_(+uvWLuYQTlh>tiXbH0NkG)a<hVR#2QPLwv!Hb7@XG?4
za=Y9{+V<s#r%#DSn3R`!IK{5Ngq3J&YP!KYLZskQY3iT(hAmuN?zepu13B_Mi$=j8
zfjl~TS-$v(=eQ91Mcr>JD&u&?Oe($FB|<<${7Q$%4)oM8NoTQso=KWql89X;jP#5Q
zWJjWbW37rq?p;5}p&XvU50~Si6uS=zd*k;uh_BB!ia%PPT$Y7~=gU(Aaz28Z`$SxD
zefYZR(g~gV*}NH%sBGBqv&SXJ9pO5!%txXK<bHRMdmtmxb-7Q!A*FkS_a!jRI%P;Q
zb3s<KON%Y96_Y_KMsD%*nrQ|xSOl!fth^oGp@kmKdXEm?(Humxt4bb@3l5^61aBp4
z3$>a%S6%%2%WiZOX@>j#$X={Rp&7)W2ZwMNAdAsJ9T$z~njY|*k5y|ecrjTC`IuS5
z2xKR$Yq8e$iv>Z+QKeZqzz&Yxdyf!eKEwEdoaz&W5lOD8w<?*drqs_9jJ*9`FSIUP
zEj&W(fsFCqO>@q13^QBTUkP>ny0W*3>pPzc_gl4bV0s3B`9lpx_EDKCkRrS4>GU>%
z#t|B49>w6*Ghwh!^TeJe<f|iZZxOtdM8F)+G`Pt>3=2s%JmhgQhz@WLEQhT4n#aU@
zbb+erbY+4vPi}q<h26Jez`LsX)53<<gvIc#Gz%-dgLtq}d!WRkL#s{;Un73!<w;Ow
zkcKjS7F+8-p~D(Wj5~Usq3%v!mSfX&^pqGA%e3R7tjZ?J3uiSiFY+>)TxX-uc|FWs
z?eCV-!D(Y%YB1tSZgGXuw0Z>-l9<ph!PJH{Dckt$NlUk12{Sd;dZqxCN||rwj(A5H
zDn>swTEQ>c{YMnJ(r5?Pl>11B5GWURO^kjW5itL&JU}QwD#56e3LF{wXPBV@*C(b*
zCpb=cIlPs0xUO#rWc+g$&pPxn%wO-MU)?Y1TxP4Xa>5hVKsm1{xkS6l&42mCRS!0_
z%2ih^X5ZSY80XQV=<n6sQRI4T%I_{`o}c#u^+?`m?=kn{s6iM?{{vyiI|Q1^x@3be
zqWS$xlSgPN`K1fx*ycgK+@lH<B-Y!D<b>Qoko6O+D`!<-)!E|J10KIZcO4PG-24DZ
z*AC+qDZe;eckcPRECZs83j?u+%Ai(EHI9dJ+{yhykE2kWJ)DwY1?1Sg#PmxK;Of=6
zHbwNW9!Ai<bsPv9X%)KQ7%X`SJ{<S*^SdOud_W&Q&?SQhiFrFAf{O*34hS&*f<sJm
zO0qYkw#@WNGIYdi>$A|q)#Lx;o5oHN_|ulMQ6(|<qxg%9cVcBJrT2%<hyM<%1DSnf
zD1MRnsOj{toub?LDfX%S>4W31IB~D!I~PWM(V_lNGB~+?<f!k@Rm&JdF8n-#oc%b&
zWfO}O#lPxmuDDms_lCu^-TVvIve0}Q48fuvqT0^#X1pD$Yf)dizO9@Nh3_-DqDMqc
z;vYRX-n9PdGO{-Kv|#rv5!&@s1|2#-2YTmuj-db9N%xjTkiSZ!EXHqgZ!>L5wJUD9
z&gme*rfyrI=(FU_hH$Du2I6hwm7V-)8V$Vf$y(`P39*xpDS^4<)1CONvs`{mZ>j+c
z`$0@`n&hF2@6~*`Tci~EQ9Cb;Yj-hvD*cCO%kg#8qAd?LEvJY#@h5})WGL+H%82zO
z3#jc-7Ak0n4cy})@d_fJXjM~(HRG0wND$f8x%KMM!o0ewJF)RyT^q4v!w~+E`3w3S
zL0u|ix9VLZ6rYEcpn^?*WoDhct)_8ffw>>fX4KTTF}1X>{SM|__1j9hyKT0=fP#7D
z<;*4r^JNu*qnAfv>8|#OwOYaD_M<?UF4bTb3g^fTT(tg1Q$_9E)=)ZX==qIs4=UH+
zPoSV>KELx*$#R-ufXP!nGtfQe>K5xj$j#|!6h7C(pO4h^5>%<k;#-~!D=34$vEou*
zaQcPEM!am1i=e=H?yVcZ_LIXuHtG+x@$n&%RO`n{jNDPyA6^rB_ZkuhmQ|)YyIQPc
zy1ZFH*qPCM5M@8Y7$2Qq9B;^<vfw!JAH|rIy$w2gr=dm9Y<R$n8_jn7ljLJ=M?`sK
zh>D>w7K0l(!vp2|#w80<fg}j`VQj@_OK)o%53x2jCWGY{DP<C$15!GI7^wlWVN4?K
zD7gPB_G*u5w^@-txg>1ylzNa9lrYAYu0q%I%A1`6-0I!z`!SVt$QPR`EAy5RLXH(_
zY~&CgcHb~rQ}YQ+U~{C4wgf594?JAPWm)o@-v<qe)m5#^H22*#3tb=a(nZr^hq+9$
z2_spUzB@~Ma}Zxp??k_GTD7!o`NI`dx+3bmt@M##*rk|r#0K{{R~FTQmMYQq-YapC
zB;fRuSnw;C8he2;PlepMM*j<`j%-J)ODum$0)p~1j#swSp@^z!+d|@nnl4i7g!&vU
zaXhLT%ZL=p`f)^#)Kt}Yye`8#>TxEd&~NN+`b=Q{D?1P2p`w5XJUg2%8WXL#pmE_^
zH>`~!PV&MfSYVoj|LDWNDJ&K~)$ts2r_n;p+2p1@usan9W5uS|Fd=HM`AP)No8Rx(
z5C+K{l7@9V*J0_K{kIoD%ZKdOFz-n^@2?pO3*r62z4y$C_N!XCag2a%w%fGHZXHFR
z_{t<339?8S_AKpa%qXFOVwcY9u@G~N^NM`KSq?Y-fZcYHBW#pV2E~7|2^I~c<n#kn
z1Ts4r8#+z1S@$>ZBMqjuIgJhne75wXC*Dk(`ej0sJT48MTD13(4tdI;$CLOM*k0qk
zNP54rGV40Xi6Rh_o$$3)otU<e&|A2&E*0oY+FA~*yTGZajr+?R3K8R<0NL_FO<YAp
zen#EJ@iT3;9dIX=_m4Cb#%W!*kT-OWx^wX1&k5^QlKJRIxN}m(UuhXGo>W+{J_L6j
zm3h$l0ajmJ7i5>2amX<<6y%bGAOG1$jlrJsSYS}otk9ltXkO**L1t1<_3L19=qqe3
zg1hQ^hb<jzFkG9*5v~|1*=ejk`KD%3?x<uHqzKW`D{lmc4O4nAiZ+rRHd$n;mnEDB
zoqaVU{=4j}Xz#}+_XE)6<~RuIFS=*T?AU!f^vAP*ntCOV_OPCy6{qYZ?yQELAx9G)
zrilG^WHTRrpQH=@xs_1d#l5o1@BM?p;`L3)U)i`}UPV)}HGb;`zvu*@Z;}3=zJ(^>
zQwjk(7*;{|(qm#%W7GX&iS4Jex`t0VGE;ZTon@aNg?Y({5F%gsyzwrz9d_+WnEQBZ
zvNv7%T=n&#IO6le7V!;Io7uPrhHG8rad91Co?B%<`kY1d4j}E|NA>hUYT9X`n|5EB
zhHNHf=|qT~Nl%%K7S_SeZo8*iKz-uR#1$m6Lo8w;=1G4rK;BFw#l=V;zc8t}s(`!s
z;`Hnx<P+_uy~qNo*f+Qff^DBfhBZsO<6W`&V%dFZabH}zFYPy?seF-zb^Mk<P5rP`
zd&s#Z2@z-Ts(QX^Dvv(xNm|nF`<duTO#9|snH7un%ubqRR+1VUEQp>jV~Nsceh$nW
zPNyy&L%onvj#QuVka7rB`@&}b5pm2iOg4mNoqx-8GGm7+^XHJ2yJ%H*fJLy~Z9K3s
z$S@KXX*f9DYQ#h@g7Zi17<|K?%0(L>?1NWj*D?v^2K&cw-+cE!-9S}i5sQ_48ee<8
zu7xB1Z03_Y=lrm~j^|V<+<IJ_8*S>EE&<;4*xfs2I$eW<H{-`W^9!q9Bur|IkBbpe
zF9TKf65!WeSbDk@Md`S`=c}4%9RhVjiUmOmOsYucirv2tqM#gFnwoZb@23yPv)BtB
zKq>CM)6^uqM`o;$?8f|BS;PhnJW?uSuY3-f<JDnier|N4|FI9#LEVA`kNdY3Rl?wr
zs;0Y?v^9_5Xw`wr1Lq`WvJB_h@<n~JX_zQ$`P6*gHZnU8*`&=3W$<FeB;18-g7zrc
zX%chAqDZ1S6v<g9c?*(1Z9_l5QYwuISK3G)mEqtTQQw5@1)LC?H@>zs{i9m4*g7@t
zYTUf|Zaj2SRHC=$<t!^N6LHe<H~Gb}M1@>AMR8CItG&wG$kEKT-nI*wF&=XDZ~4at
z3L%@m2YGofkT1ci4Nr+y-e^)+4cFt1v^Vl9UD6Krv$xIs@<eOane2m9V!UJ7KraaI
zwWX0+kUaEqt^@4HY;o+@pS3MvCCE4zsrK_{?ZYVC^Yii!Z`)1y3R1GZZ1;40yh7wL
zw-GY6PAMDuEf9XWhRb0p>{Z=c00#9rkj1refo2>|?#HnbLJ0h4DB_bAozPTAGb2_g
zjn+JV|7BpaiGM%FK?*~-DmXUyBa|?oo#qNzb4^OMbtO$t?tx+qUpZFK*wl8_1SJX{
z(w8yI(IF|21{sH}sKFzLR}$L}uqekAZClxi6yTc##xPDJJ?cq(2Jo#_z-pG1j{P+?
zEUcX=#MR;S?hgwZG?2e)Hw{C7N|{(U<;CzSIz0_=!YRLXF(X+xM*w(2EZB+`B~qE5
z_?_m;C5|`Vw0P{_BLr>Air{=qRwm3X{BwIs6f~ltt_XF@<zHkwAh5$}*f;9oeQ14b
zwRet+$kS8k&415FMegmaCkMu}UM8;}Sjxr!tokg$7+d<O)K_W7WrO_pUX7+}sp^>#
zzXeKP2P^y>tdTYO$!IdigDYQI+)WYfvk=?HG96Ph=P^@h{N#XfgzC|`GcAi~$JL)o
zNZ8B)ybn^OvR9Fw>b*qC*4`fXAZwe;FqNKM=mmdo<oTw|tWdGF`;e8*SmC9_erLD#
zk^j5odG&kS+~=+Q)_$7L9Ut@p9Rcb<zyBQ&CXafl>Av%7Q+K)!Qgt6~I1%#2SW~kU
zBbCV`mEyT0uA_mbrf#`azjWm0bxwEZa@0}hikmJUaQXKcM6FU`a3w60xl{ePdP_9b
zYQ-v6zhU)#X6YA+_sCQ`3~V^7JuU)^-C$^_cSFk|_O~LoZXmQg*HP4ux}w#Kxx_t;
z)9f}a6Gr2Lc=@yaY<~CwO^<Ij$Z<7Y*q;YJTqnPjjCD2V1ev^Cy-I6i4LfZv`_UeA
z)ibYfXmS+{3b-8JiKndXxY|>GE&9#EQ&pj<cQS~K*P)nR*!EQwUN^il6jPw>qyEF>
ztu-#$+30pWk+I(o40Ee|p=*Udnp{l5RRqrc&a;YM&%HOAZEi8Jv$EmP1X4raQHM_d
zjmKP7ay}MyyH>QP?!GZG=crgO+>NSRm(A*U;}a^cs2x3X3ekBx`00t-c3uHq)c6h6
z2kF%bgy2k=M9RV*|4O=cOnI;HJ@QAunhtm4j7lSn*%o#Im2e1@PcAd7WS1XWv4Mw~
zVI|6`h$p9MUo#{y`o=|ZB04qEmq0|#7RN;uB8JK7AFeG-*r#Nem`8^fP)5S29eDDP
z+ftbzm=Tvnw#5O~7sjtddYZ^PX+V<*j4bOA4zCBLUBm4`*=a~JZ1HW=n_qcHCk!L~
zz{~a1%VTSgCnkdZyb}22JsI+gI{a=b+b<mTE|tr2bQNfO<&(Da^btzf<U!5PPD&kT
zwZ{EUUY<yYk&mdAqeHWPW<0ccKsKtkk>Xw@6MWD1{0&&*;GeiANda5_sO>~&@K*xa
zweaIA%R!rw3)WtDLdR{*(Em=O{|6u;Yog0ElzWw;xx&0OH=dc7XSO0dlWMF)BDBY2
zlSZy_E1Ya)ke)Efo|k8A%+?fR3Xc5KFHJ$=z2WYIS2Cl*T^*A+`WQKL|ApjW-GZA(
z?MqL~_G~<!bm7*B#M$fxuFlgW2D<j%(*3C4U|e#RIAKEtiCCeP`_mrFhpHw{tBb4t
zmG@l(t1sS)&P2CO9cUjvU5n|(==`lba$MnVA7&GK6cgA{fy%a78%27Km1`Kb3&s68
zhcl2SF=JAjOQ@FLCahQLZIQ@@kD94M*1jx1F1^zqTP7NMP~tBDH%>RCdZ|ZS`+i9L
zeJcyb5=PQ4c}`sH0*!>jwv!=d(XL&KWv^wBmHT^<eBW3ed#a2Eo2RK0|NmvG!&7dp
z7u8%C1VNtr)m2XNRKMP?SW28zOX%V^gs6-f4Qs0Yt?$T9`o`sOB+yNxg@rjv<>>a}
zq~J;gnmEprQXUi0{Fp=-5Iy&LHeJmvZ-mn5?>~-Q|IMYr%2=L6iV5&BRGqg+^cT>m
zR;lhS(O9YW_JLnreIA(DG*Rb(g1wH%=z{VazC?fazh0ujy+H7QaMt9_LAY+GDq7sY
z_V)fGRo>-~WU8z^N7M~F<^8GuKE*m-;93{4DB}fy5oeFhT<~0g+44icC?W85Lc<ne
zOMk)tm1OBe;8~<vMFu?VQjN{9VF35|nRoMp->X`s;uYv&uN$7H4shk$StB;Y57@+{
zv~|ljifWC4C+eO%Z?f8aZS4?`8T;yEz;rYJA|hxdR<ua9XX_`TThcYKx#n_D=)Rix
z+1T>4#5+jB8eo6;!ee1j?x(i%b2D1ulRmJm0w3`AL9v>nr*@myOgs*pX@66S^Ost1
z=?#cPcT3PqcaEhh)sCL^GvkBhXjed7i_$edubU_={vVSvV4;is&+?A}YtkyX=e+k$
zeksl6k|&_bu`F)<^CFhhQ;~v2K3Ad0aV*;5+h?J11qC{9i=&h3|9r~-K~&iBW0x(;
zn$Tc&W5viYuWV2TR>1`<XdF3`t<s(0@^jzn_g$z!7IaEc%?&&Lqf?ePoo({md%$d{
z17taz>01GvM+m2`Y45M6lDs8<Z?CwssEYHq?=14lJocu4?BC74Kfq0LcRW52dpac0
zMENvr|M+uaLpF_5GsfEYV4{?;7YejmYXYdi!s_`t;pY(;=9-xCF{;?>gn>nsZUcED
zWg@Y;en@b-I^we5@!QqH-`h1n<8FMHCAum`BWK+w40{3YfPvtG--(T7^5uVIttQwK
zfZK1Pg4i-?$KYRnu&%@PVNR-pUaa_^Ni*E9XV<^7V&4lwt<IIYQ*QxmAZwh@SXR%S
zxma=~3-~Ty)yh0&|Ht`k&Qmb??ft!CxB$%{^yJ>O3+j_|!xz37=K&0;f%)G*)lD(J
zmAlJ{z*0?Nq(9+0DY`ohnu4!5H<c=Fw=Y)Wxb^Ky<@RVwdrY{*v}St7nQ_ARx&4o#
ztj5BxE~BUI%KLkI0UAr$g8x-N^uD%r;Q-)NBi(WX%-&eq5nQdG%W=8H9|MRDL<7JA
z;Y_tF>z?#G?ihJWveOKBO)VYAIQnJH*Vgkthu$GqhC*I0=uMyPiT#5T7{*GVH=jEz
z&-orS_Ch62lFh_ZSqRIx?lkHmq$RPowHey3_MyPxSy<!p{5^4EUp198^(A>uzc(>b
zXm2||S-{BwJP`RmQ2RTW!h5N^1-YZJoT-@?k^7aWjmiXIy<SDpRqt)Q651BAO-AAa
zXBj<i+c*aBSe75TN7Xf~aXPZmINFWqIW*Of*jpP_I{w~m=yy5sKV#%Ms9RXu*yY<W
z?_T~30BtJn;6SOpDS#mSLm|cW&tC@D20g_7hr!9@=V=Fixd!WeiERFFI|p~29wgZW
ziYEic$G4956%y-7=Exk2RRkc_l=uTfBt69RXF3KDCP^ym;DPaBH$eI>^8jgYpq?;r
z0MM^~ivjYK7kA1JoX&>0-VdKI?!1UQ)L7hM;Abim=e;+EMOeL!xaGI(PXb?0jC_rh
zsk*}mX$fH}u}ys5xF%{OlYq;I7;F2_VG&%AEx1hUG;dsXKLW-$D?ge*)&Jjn2#*jR
zhXAoG?k<$~FYrwc&|swo6nj+We}zh3O|6k-T(sX;)rWiEFAMn1aG2C7mSb>-=P8Z&
zF77ZhsKM@qK}qW|X&OR%d?!Kl9!W@l=K$bcz8M2(1b5X_KL7%hwc}y1{WkH1C!$w1
z|9{zmCusz@JVZ?HL6#Q^san|$^@LZ9`C{~UX4_w`0)+rovuFJ=dZNj{2cpIz8v8U6
zar!eiL063nh|tyBkIOx-r+`q`3xE)cT>v5d_{3eq`)sh{&VRU|m;MZwA^i#O72tlR
zOR@DX6>Zf{e-ls=>orc@@$wdM&aM&zjv+Uk-fOIJU7(n4dhF^b02^;Dz@nG0yA7Z>
z9e-pIGqso-1eErC`(s}KpXJK6yDj~WMw&eGU<#UHI5Bfk<S2j5Tg05aa7VOxP;4cc
z0UZ96vQ9eRFL&c<0_MVuR}nw14W{pWu}8+|8ElwexFtVF850=de$&+`uVV)V7C{gO
zsrC-4W#70aJggcMg)numWKB?b96t@NDvM!-egKJs^DabQRs+Bsml#`vtUCY!+npcw
zgU-a)Gw58&o8PyqK=87FrL7L$?e4l+86rqFU`AWb);}uT9S5&u>E<5wU?PEi6>}C+
zy%hXE(+A|3O5Iq)GmFj)7eEY~x6EnDQB=kCH}bBY^I+F^sI`RU_1$^CKJrLN)-sV@
z=K+y6ZnC18azB2er2||$zub`|)&QaL<c|}3XbEpRB(mZ7YjFXsY?stF$%^1=f!F@>
z+6MrLGtT$*AyEbZ#oAV>=85EGTd=_%Fu2Rcz2{ATZ(IO+&lhgM?I@&w1;Dp>GqgER
znnqm!ieK$JCH9v)-}y@W{z;M?^{}6PZIeoKYi}9TE&D|Qj27P--E#O-rKlWVoc9EE
zzDLxeJe!`R88)c6k+=S%F0G#?emRv!85RK2bVpXelaiPqDAegPIqgo-yLP83?#fVK
zrg6P9z<uhGb!?z)z+)dPOPxq8AK=<jbH3+gGz7RCi`zm!vIFA&yW)lom)_3_vi&Qo
zCw1X^JtbbcYi2<O-52rCZS}pG<W_YrgE+Dyes)_iP|f=W_&~LIKw>s59O5ec0Q`nf
zFB1U5ItGlb9fk+EqFRKInu+DT*(a$(r2TU~JB3lB=6C2T^7(TbW6b<l;O-}=kqmc~
zu3TfEfVMMfXm&&e`;o|&NXaAKE<sL5Y~jvKN>!KCgm20}sZe=8m%rw`UFv)G?`x)f
zN^-nYu%<`NL?n5ASavcXnn>)oh;^p+BYyANVi25h**AT(W=ia<li5c-t=!O9k&vEk
zbG{WTy07y^2}2S83dkgeTJBGQ5%+PeHR2B!GB@xK<Z&-g$DeaKM|42HLH;Lc{|mv=
zCc4$`Y~J7LZ#ETnN>eJ+Ld7>H&Eq&P&hHFm*8r1dF8{ZoM!roqf7tI12?1{8*%Q5>
zyJZv#na{9)4i_ZX;J}3mvcw*(KD^sy^T2^8r~Z5ZY!y!CtJ+H~-yeLcp3d|uTJ@=e
zExn_;0J4QXPw1iRt*PUkL9g~CxC+Qvdh0W=^Eq2;!rER?{GeH|^UVtV-x^jKBY(av
zjSTcVd+sqw{|KoD4P!31OoFd>h>T+U_q*@!!a2bl^9F^@H>CjgZLUNmM@#WU%s@Af
z<VQVXWZs0wZ@xbNu?PCiZm{&ABj^^OZ@oH|C&qj0Wi(L6r`q+><O>GYgf1>i!^NDq
zY}EPToel7DtY<@(l@;hHb<GtNkFzo!oq-fzSCI&>+4;p|Bgyj&0gxSw(nxOs<$YyM
zuH70(Gt(77P%`T0kA9I)8+K8>vP^0IV?NgT>Uu+xez+Hn22_Rx7dE`P<;}`XS5x@{
zwy3eBDe*|i;uj2PI-(!P6@GjT?ColURYnTu`o$8EA7uRyHD{5ag8U}ARnzL!vnw)D
zt9l8<SR?j*N=hP;&F|9$H+NeyCXHVPvqMsT#D*96-*b1=K-dM4yIR3{?cQXf6<h3B
z0ef})U*&0If?@~%WV}8cjGbR_{CJf5IXlDZtO0&wlKmaKF@&*X%!P9ejELX$$`zga
ztrf6eJ}7a&$qVqsok*pGr$kE9PBRmAj4X>AhJCy<*$ZJ3&ZXvSiC{_B`S1tuEcuN<
zla<|jj@TfKQn=Uuwf7n9IqbieC}%tizq{vrT<mY3ao>y7+f_|jfkVRllVc4T>JJdU
z&Sg;=sI=u*8+Iq98OS3Ig%J+9#ja-Z_Vi<*x#Ko0S0;o{vvR%w@ar<eZUXx|<S_()
z%TbiYgTJqw<YVTw(5Y*Fof-L7Zbmbc)Qo|rrk3N|qmlkrxOdWSSB8)LYW&}x@#I^w
zHWTw|n&jz;*t$ztdphm_4q%+6zM|J_5sO|&)N;xKL9=IC66RTNcnQZV(8A`bNTC`C
zc<=0rJs~~4Cn`%Cxb9uEQ&dk*@aOJKwAvotF^RmVN7Jh$0Ao@#>J03tC7Drn+Y#-!
z+nN<{1&kkO5PZQ7{&{#Iv-rblfMp-j>;&>^AuxJFQU&1jG)~`P;WDXWG`R2exlTu9
ze05O_Nr3z)x#Jby&r-;wbl!FyQ&$-8Oaxd)6EE(H%;j-eZI;W6fP{pdUje3zPQ2S`
zWIVvwQnuHJVCvcL2=_56!b&I*#5kv;eu<y`R^wbb1|WT%^s15#+A&ifWDA?#tkMCN
zpCLakfuN$S+vBfq9DyOEy6-&wAZR`j4kpRz204jDIl@+~PqB!Ezu(sKvXJpi;xN6B
z`6R!X)S{mnR?N%bV12kZtUzzb<KoZNr5D)!ens@PKj@_B)bJ!VL2V|!GljWHbasj8
zXI@?_C9cdiODavvChcyt_Bm_`FpYjw3)FME25DwYH(vpB;8v3so30ucxVdr4A<;SP
zqx#vo!{dQvmWLiscC!9>q6$4`E7F%lEap}78~UK$OheiDS$ZSq^Fk}@@ty?u*fJ+L
zhIN~A+#>4aS=MvE2nCU|yLw6r<Gd^Xw23<JfxE01YH^L3bHVe3aROb-c&4C$Dl*jX
zjiC9}5nn4~#FQIO{YaYpD^&D`6`dvaK$mFIYw^zbb`6NDuofm!BI>_f^bKYCK6L|1
zPgkN7;<{j8(5ni$LLvgW`SXv@vQ{}<G$%X>U=%R997AimOG8E;yg=oDcYwQj7CUTg
z<k8+;7MFZ4V)#MWQB5i1#e$Vd!ckw#M;Xyv@~Rhtgd!UXlIUThL?C>(omE~!A7{+_
zH4XXt<)}3J3wGvAbSd22?lj%z59zL4G9kQae=3~VVvc<3^y|%JQM~|aiee*p%Kps|
zPc}Ds+ri2nWc?yyQh#n+D<md3dPq}}W&9)I<J`Je^#3xxRou$GcANIs5+zF@vYYFg
zPVu4=<I=&Q=kg`5wGe^^B@`k&i+5MaWZ6I8i9_Q2rk4Omc?DB7YACTL3+z|nF8TT^
zFfny*nqP6WmEV<wd!oJUF@#jd2U{zqJgS3yxOO<k;hk5BAT9l!kNEV{m_xz(fDv}`
z-8Lf8g4+RSX!!RKB8;k`BZtQh{wJx4cj$=@N#xwW;u_Epa{BI7YQyTHyewH$vy?S8
z&jv%D(%}W28@Buqby$i$@EYV>1?P#PlT9IF)Z^pl{T+s)!pqG$d3iyLxTK$1%)&{`
z@Wh0$q-h2TTLHA$)%*1TGJLc3G#|U#wQml#8>EupkKwyO9I^zCOyLJAt5=jXukP$>
z$1mYN+rI_WzbViTUyL$;#Cyy{6Wr(_h!0`9RsjsTr<s5sYP2=XxRbJmwDqceK#!uU
zv8i<@s<(S~PCv;IvB5ofUY|uF=^sePf!HS0r6fV%eos~F7DD^d4)T!T&>f1Viw=?3
zCgG-!T4eOZg;zmJ{-~}-w6j~}t;@)#QPGNSPxXaAq|VV_#o{4tCi31hB3eU2$F$>)
z^Jg&`MRgbc1|T66gv~SvsO`g+H}d<Qdnajk(zy1aGkR;sFQciIfkj;yQ^;u3xQfPA
zPF%3dJ{?~O{GEWm+L1b;=|mN6%d@;6<GUcTKM=ozmi7a08Y@tm%?dZq{k=WsR(-v6
zZv;8vDRb;LYm`uXY6y-_S(wjoMp9OmrMpmjd^vYUljOdzK>(HHWBa9~Hud|65$`az
z=uwMk?iGjG3!&U4c4F6obCkBC`vtYO%*X|owDwKCQ@X{jE>mIZo;h=&W|F6EEt+tP
zWea(~&-o+`T|E)Fe$`-niTAxajLygUM!)o9tvaXt1PCqs;?XPEsPe?Q(R7hFzgtlf
z%NPD*TO1<&yEFnj9{<!(XKe^JKJS5_&9?72duXNuoslyxnSZ*BlYnN$1lz)TC&O|p
z6;9*$qr+XeO4okS`GuOcTl*m4l6H6TDuktJQKOMU{zwNw&0_2P=KNtw0o^glohH9-
zOm)d2h=s^V&!F63FsOzrT{k83xUj<dD^MD!N|bG3EjYDN&zI16Ee4+9XY#yp0B5X=
z8)9zwl&OM^=!Y_8>yQ3%BGnh~`_=_mp^JR&ZAJ{;KO>Yp{z&}ifBc{8Uhl&|E(Gi`
zv20k+AK5|1p>9{}SdW=WW%_;xQs*K!7WmX0!G(AOD~y9qXqVruVLpmFx0>#)eByps
ztP$mQ)A_vbgh#2Z@zwO%AZk(N=%-tzoz@6`38*vIcYz{wOqUM8ah@qoVl2v>+iP55
z;L^P5dR$~musf1f%GMoMH1{<NCk$V5hDohuUGE?za8$iZf^=b=BHoJkTEdr>I_{QP
zhSGc+<D{zzW*KM3<n;F6{Z3kl&Sp&eZ-?t@n?#2<UIy`Kn#c6-TP}Eh%0hd!vp~8q
zNj%n+*3{PI6SGl=47(0yS*`emI~1LCQyyIjvw7FwyYg$|tX@MEV%a!1=vBh@-M*MN
zV=UO9Cub#*eDeObvfhWjCfyybC$Di_pH!$A^Y1k*gP&o-@CsJXdy!KiN2#MBE9D%A
z4cBm4QtXQS1kfSp0Qo(F+zJ|cGhPo&ykP#2PoAVaj~gC(udA<y=W>{_ZqNjLQV-RA
zEH3&!84KH-`v(II%(@_5Xs5vBihY#697~#%%Ni7!q|?rp%zEf$q&G`>@KxZ2<K?fv
z{SF@GjP&&*B&1DbfNH~A2^#OYrfb`>&eI&QR&gJDh)7UJsm%tH!H&#Y-bGUFw9pZj
z@4@pudX+Vp?YkEt?mxA985>;rOEBdjnc5dKc(4gZIf9P|8qO|{Wxl>CI-d^5-Nw8<
z!WDG7?KFpFera!Rmhon+6mnX>2*itAfM&oV(|pi063dKT+P*yRX}*A3&vL8esI-%6
zdg$qp@&0c-kAkkpI~!k0Sx2|(E;z>qECu4yZMx%k{6IS^KN@TM&4kSKs8?_!mbh4K
zEqw{p@5-)W8o0=BD_;rmn{N#NI~M@3D;(<!h!4jlI)mHV25-H7+pnPe)oB04B2XL;
zl?ckT$Z-2U?!}hc35X1--eTbVfB@M)ImC5f@^OoQ{j^bRI`EM;{H#?|MA5*Nu8p0@
z0a@*Tw0{)$!EefSP@I6F^$Jgc*8Sa*PQ}%JeWDQJDCW8U$uJEv0EjHa{iD45BYIKM
zY|&W_W_HaQ{=7|duAhe2@3^dI1MkjSyr`h_Z5>Y>rp;(i$z+l7N7l-0!SQn!o78`&
zyQg}m3nW)*&s?|(Uo)i*Y5(PdpT!^Xy{GG{rxd16ag?HOkkOB(KSyy+5^wp&;-Nf2
zii1arbV!2rN#RqDiU|y7%5TJ&D6I+?20#4FcB;sEIw0=er+*pFw=j*T(|N?UJS?%0
zq>vthIES75vQ7IYnYjlrZ6yg51VpDH>XC5)h$T_6^R;n>oz-E&QFtl}46{;sDP!8B
z{{NBnmSIuFUE8<P(j^RCQqmy|T>?sn3Q9{0NXL-UHI#tV03skL(g;ZB5CTJY58d7I
z?D4v<=eghG{e)jUVD{d#_FC(I{>~G}XjJ4Tw!*ysLrFgBiH>afDR25c<~IdTlK-Oa
zq0L3bqCpVD8(TXX|5(EfF|>JS<JET+pS-7cZT0eee5vlnVr3h+jg#eJL2(td{^a*7
zdXm%a^k-#l{IYCEQsGhG6TKL26T<h~F6SC$*JQE9pg!L*+*#Rcmleep0l!yI<K}Cv
zg_Fa+rcUd#o*D~RL0s1FBHs*}Vg^|m5|$1KhNpiinAuel-YLu$5?4IDWS@^7A<{6;
zy9V#oB0sSEhfzpEy?e+U$rfq}^XsovuJY=&y8p)}5cT6Yq=ozPOoV79NlyHE0pGHD
z4KV!$Wq&hpJ7P54u-~MVImsb{7&2^_<#)v`%^m#R!9uxw{`CV4d#62E1i~@&BzM4#
z&oZ4&sEq0u&af>9St}|3bR{mY8}$f^7|jDVk!L?o4maJu9p4WIRPHYZU`}?dbuiUV
zmi_(W=KtmtZY`6)GOy&$UNKXqVjW$&JCd95+PBCNeA<#l(2Y17G<Q}yBKt9nvqIq^
zbi+GCCz0)yQ^W_hx8b_2uChq{E@gq!tSS8@`(h6`KPa5}m@6)(lC^7UNG&uhL82%V
z)*e+gPm{fei6|Ko@c<)8l6Iw6IL>!v*`Lz=kvA#(lj(cZbGmuBd~Ly%0UOh6YRWaq
zU)S~2;9bH&Hu{?}m^F`i+FRL8l<=tgfZihbyvit5y6#q27(~<|Rl(AtZ1U3Q{^K5@
zqek*5e1-`PD0!Hz>%=4-Nhu7uBFp7wi6XugU@=SC9n@$B5+Zg$P^jujq#D-De3VEL
z*QyhHO2t%lF!g#DQ;}#Lzb|$j2d1-}Rb$S5LbBc)iDu@hDc}Z7eUwozn)Ph7-I6kV
zIXTA0<oS5a8;vaI--3hVeJ1cFO@F_fm!uF|@L~wN(8u8X+i?wH)x)c<<9{G9=u-9R
znc^F;4d8Sx8t>*OODn~AM;k{>Dl_wh{tfNthINdUr}K|TWT&FyIS`(581=nhpPxv5
zC&Gg2W{H{CD#^Z>RW_Kz!#9Xk9SNXyhth!Cbs8}@`9b7yyLX9ve40x3lVE`mq0l-l
zeseZIJ`CNi2R|D%@^WCSOFw*Vp?^295g=hGmr}6MV>J?8_fzAA`lp&-BRXY6he;C)
z4cS{j0XY0^do&$Wj};;><p*PkoP(q%td|9ZK+li+>r4Fc@|`9wHh)H!=MsfM-EZxs
zO%3^xsd&c2Tit({L2POXH=yABPzBeII>YHKO?KFj5SC<T1_?>zE6P=^mTig2b^{qI
zva7nZZ0U38BX&clCxMib{pT&7pC!i(_?u%W3kIAxmLl41nc=>!hGw%dl#^5@S8p4C
zDVC%<=mAyH(NDOVvu)w-tcH?)?8@o$A%j;}!$$<`D#1$@BNL!~f?I6gYah$b_nS%q
zz@gh?(}xn<f^7aa3+BCI&YLV3?~vdYew=Q-=0CV_oyz78OMPja)UJ)zJl{wP(l=ti
z_+6aInP#I!3ySgfFkLeawxq}3Dao|e2uz>Pd-@%B(=v$ajsER1rezvpiv5G{2oom)
zc2e&h4#=Fwi7ee$R~sQ_Jk-kDdA4D;1L}U3Mm1sSGt)c9eo0i4LxsObuknfhee*|T
zO><7r7s^Oi-&J9iz*M>$F02t~>{^06RD(j7BvLMpw`Xc!S`&4ZbfDhYT!IZgIdOOK
zDPp3oTS-k+950b#7CKcy8i8utnRW3*gPl2o<}3LQ8#)F}otipPi42??hlyTpbvSjw
z(w7mgi6TF;8@idc)**&Cb#@bWdCn?7eHvOg3t&1DS2M8Iz^r2e<Fr1!fK6sK6;I%$
z<6!*1&-7BUF|2xOknFz&ycm_d5N>z0Z#I0v-ZR|&<<vy99%vbxc`+?=STa3_86Rh*
zjH(hX!MGv3p9y<Jjjl$WI#8LJT$@*e+_|dfWDQbHWO1Na>XVa`ypw))8bgL`jr#$!
z_RS}5J8rXR*PpA0eh{>Vs>vbL_xryqbP=*tN5;!d(oWJ`pV(-8eh8ILAZp6UZK~Un
zIFoLu6BcQ3iONw$CgnJertLzd3X1qvN{h>MYpSK5|M9z#&N7r5O*HyszXUNX`}5|u
z+hWJoKF`a)BHeM?<&6)m>InX!kzvOE?Dc#YA#!$2+)vKKOjOW6tow}!b_*`Wj_q{c
z5D+CKk<b+9F=E%2G?GllGljNklyS!Ir!a1&YtAA_w5q!IYTW~e>I3I4u9I$D6_+d%
zP=W{pEs;BI{42u5A<5=g1tb_u9&d~71~Bi%>w4e&14GG}%qml;(I7s8LKs0|i<|d7
z<y&Si0E~WypX0OO3*$5E{po#;i)6J%-=BF%5&>4>%u4l;kIW^OH*8znrea!x65~JY
z{Bo2(;eqA8DJdlQM<iH8tKvsCW`+)7g6s~}&pbsZBY`I+DfP3fhPX%~mUL|A>AiV*
zUXye3cO__WPUyA9&lY|rwuUGHi&V4@y>}tBu4GWs;BqfHI;pO2v#+s2vmA+eLkt->
z$Z{wdn65@0cNAe<*5o16jUt#VJwuP^L2=!>Chh1s(RZ?-7_p9{K?Ncn=mL4zkpj0E
zKY&N7QFi{g>tgf@|5PU)^Mo9hie>(?!GA5@%+TE5lv6r_bM`d4f=ba`?PV@qNt5d{
zf8q~O`iLgi)z>jUqTN6ewj?g*IsrC`0<&X|YoBiF;F?KH_uB4<xAElzf8V{kG>zc=
z7UQWF-LyQn+js=^iG6pl1b!kdpHUv<$Dcjy<l)?DWBzM4e0l1n>QPrnFU@>!LRgTI
zOg$xk<CYoJn*u6!Y(Anc$`iQ%1k$U(zc5PU`jHnj(W>QBYFsj|-1p5#K2U&0!w7$8
zxmXNj<;TId{nc&$S-U(uz|`SR*%;%Qt3X!$F#eAK%7L{k7igNZIl_ktPQ)#VH*TaS
z5zfBLZayNu<I}n+a|G8isQfn9?=D-1{}=C}dET1p{Oz9LBa<M<7IY_mi;l|gIebIj
z^`%Jqed2SQ5!C)VD9ed|6JS>9-%cb6d?=Zu>+tGqRcai1a}r*Gw#(@IO#%K}vhJwj
z<LQt%M7X_bosGrDw4X$s;a$<A;){otH4s*3s(*_fK<_Y~6*?G~{B+{8*kUxF%kQG$
zcQKydcJMEIBz&v3@k}n--lt^wH0&p4o#X|*$>~~7Kbj}Ls@$!fp>ScdCR~WaThZIM
zk1ZPtX`?nG@0zkC&HAI-lwb7Ki|8sOyc&HZGQlQ|fX45L<SwWpQ!QB9HE9~KV2gGf
z^L!N{K83L;HUEh=hp)T3*F)2znk!i{Xg~Q2Y<A_i^JOXDTwHE_PT^SGuqA5m`XAu|
zb>OdApx682>yv@)5+p4hErio3`gKahKFI|EC!@i2uzJisXjj?1czoasJ=uBGlpB|K
zjN=bIu5zq9`Qc@43s077E~d3Th;qoZo79<%o16x7gL(Ad$zYC*j&T)fYObt&6c=7~
zUU4RsQN{%7Z>qH6=-YVuY`TF*IqZ~tP8U|Cn<E8wGMUZQ<x_(Q=LXxO%Dv5i+p2_y
z&HIBjS~JO!qH-CxQ^gHzv+x>G-h+8FA`*54uYWdA&|d5@whx9uR{ubgZk(0r`XGg1
z#Q6%gewkE!`{Ha;rSA+qaEV(%2lkS+)#x`JQ?)yJn&&|Tb33o#ykfZsdh6U^X#wjz
z%L$?JNmg)u{LIQ<XK2ZS<cQLKkA%99KKMGZvF{~~cfZi)$`IkmxX~6;x?X;Zccw8O
z5h=?FbU>ZU4(sHO(r|hWjtF-XcINb9ew@&w&bCcav`#$QC*TT<@|*|qP7Tqa?TyGW
zjux;8<I`BTe>{EH!+jPoH5Y#IGAw=ZNxD|7_V>s**_Rz7<I7aeCHROE9BNH@ykcRE
z3=%#@oOy#(DFZ_V?Tsk}J*KvtX=kS`7f#qZpgfqi1Qh2>t;~qv5vlJzkL7YdJs(A;
zz1M2iisED-IgL$>aVyC3-nz<$M0$HO<dow3MR2GRktrAcIX4I<57=Wd-I+Zm_ZYJZ
z6W4e~9={dlyfljRgE^t$X%Il~K?M7-$!`cTf#?2`K8@|*_g-^&sU;w;A$nX{=%;gm
zdHz>fobIRfKJJ6zpeG%v$5?34cx5UOgRR&HXQjmh3)uSu*b})WkS)~RRv;MkRD&~>
z{P|m7j<8IT;Hi$JqgP${UVOzx&J;+mSIw<zbtQ)*dXx)zS7VO}cgqR6`o1`Kb=&Rz
z$j!axNa-&EKWe>Mga!q6HkiRdHmf|T86^VBRST2E>`o2Ne!#h|;XN$~UqE&Fgbd1G
znk4}1|Klh{%op-)(odqW9(<wkxxjfz0$Tg$`y7)Os0LnlF3?QZyq?B_ANGYT`SM{q
zc(-FV`8yvF8qdOq<#b+d_rUyRVPr$Ywu(^Roe`Lb$_I)Crwr8b<8On9HC26d;;+I|
z8`eCEH2qa4S|Wx{-JYdTsN?YqeOZW`4}+pNMN7-(#|V7T8X5TTC9LHW<u=5yv&*Z?
z)2mwgypcgLu5PV&`nTQV*9>$Ynn*RoI!Hx;Ly`bJw7d`_NSgARJY{hrwl~@8!26Fs
zOWpO2W^=P?Lvu~0?S6>==X-3Lj>DbgA0Ii|{;vM>%DbC-k0t9|BMU#@YWH+PM%cN+
z9pl0U8`|AxUkYCd`e?(gTjDD~tV&O-eb_692MAJ+PSxOAqV7*ju51ki9l;ue2~_nf
zGhg>LuvnFU5~Y7c1|Rik_#Gv<kuTF~bXTrOi4#>ojmn3<u+1ql_=S%ra&puTsrJ4(
zO5X43K4FKOCkEt5)(G^R_dj62?CtW)*i({{x3cliI7i7ge2Kf$+0an`A|**>T>#tx
zzM;3eVt(<GJ;O)r2z&9LyFp7<&<2+FHtm9%JF=tNvoC)j*s`S_519UU7x34N=|pw7
zO2LF`m}??=zQMr<#{j3XMmT6Ba&!9-NTRr~I#jrDs|&E*9I$_|>P1}5)$sH#;6<hx
z7lTOhVCQmh=QH%I8P^o)Oo9Zz$bO<Mk#uLRMOmi7z)Ix}vTA|L(A&V^Q1$&~*gKgL
zK4_fn;We%DM#GW=I`_>a`TNScI&f>q?5c5Q523wM7N!>{W9zZY7cWE!(hK6PxxchD
zO*lje_r9j1(wrrpQV}=Tl$ce<xg4q`nWzr!@HvV)hdY4nTjgL66hy?%gUW?e=kf*X
zc5nkJ)6}O?AZi&DW<)Xl7Jr_Ct9~6e-STOQjakkV%+8Od`@js%w<{R2ESD4d$>ojd
zgZvFS5GXz~i6oYAtLK7+E(p%}1YFYhty_OjUz|R~Lv4mcDbVt8O{;BNmtLOZbQE1q
zo_3VP?1;X-?ZH3}u(eA3<O`}IVTpF-z|Sw(ad|DOcj~d)Z`%bM;q($^wohele%37z
zq=S2yIIl^d{l4>k(ZJR^do~!Skiq`uSMXU+b{l`hbAF>`mXl<reMVkd?I7?EJbYr^
z5NMEVG*5M5<!cjs^uCiHWV-x}PR~0!wvmj5FeNY2Z6W39O-C%p`msze5<-=u6{(${
zbL8nxIz#|aa$wAQb3;JO0TNqF(uopSp~HH1mGEAV77h)@3wwlYKV*fYW9AFnjsN1j
zY6lByh;7(VV%pJ~Mc5P>fO{`u6Xp2r023VDp=L=}I^}*_wLim;0-4@VjXA=DPmGWS
zrMyj)b#QMOZ?M@CcS|8Ik;GH8wd>Ro53up>2R*Xa{Fxu2%6d%G-%Z5CQ={Pto@n1$
zLog6mgRl7~`uKLo@5c$Sbj;J+(#R+ZMC=}}HA>yDFg>SRlz5rdaO8(5@0<K;!^Ry^
zS^axmbZt%o*;X5#rb}hYVcY`ySybmmPsv7gpP&r(bFOH+0J3;^@lW?qO-^%NT>Br#
zoz{??5G^Z0oN<xupx?5$eLNE{uU>k$>X*^it()!7mq%swJ5H>LFN(Eq$+l3J<m0Pv
z@X$Z#Z`J*(I6sy7v6!XLhvJvm#>-#YYaR>NOu#~@M1LW<zt*aW)Lu*_3a`MlL49ze
zq#<lj{L;l@_GA4nuD7ExF0d9lQdCV=w0*v`w7z)qkp64q7nPL%5FHR%)BN7wBH!YT
zOlf;{&R6JU)>ZeO2wnGlGxD4pE0Vus-WS`VmSVNbE%jhl`P5ZWf_xl4$Z#Zq`P;i2
z0Y{IewJ@h~kY~e5Q=nRLIEwVikW5k>I8l4UNLJVDn$!oXA~X8%x2Crv;IpIHHdlCi
zz2J`blWQ(z$$5IjrwPYi<@uTTR*p}5Ilxk4vu7QqnGfu+1w+BT4h!*=Qi)<lOKnRF
zoGG!J)n;8U9Z&GQY<gYUl~ictu2)te<a3<{UX(ZG*N@5nWqbWMLjsos)K*giVZ3>A
zmz;%@-7^JZ==<KOBzJBv!~#A{+o5w?@G|lhG7`<KI@c()TF(jZkeTNAOR<{SKe`Ox
z)V=O4(=G(2E^o&=(^bV5Yw;hXh;9lC^prXu&1Qs%Krh?3x#7Xf5pCNVYbKFm!XH9e
zv!XCw`L#hp=YIa@aY~fR9%X6iSs4z2v$7`aWt8!HRgd?10vz)6kQQxkmNKOoCMXql
zn2vUl=Tlfq@Ff_1!o0RjOETFb2p)q5(GT8}DT}8bT;Os#&hWjy-<;Nvk8$SC{ic;A
z*5)(6>DtboYuGkti~<>38@d^%Gmr$aP0HMWnSJwFz$x{w4~WkHVySaB$~%fOT`<Wv
z)OL&a6x|@GLTT!;j_0E^fDsMD>1*xbrFmmBt%(!fDF(g9VO|ca)vx8wgVBJbIn6kR
zU|DiZkE5su$SGbz!xYKns##_PI+sa;7zef-naHin*H^wu;)?h3;nH`YKeTSJS}CY?
zk$*&_*~<;#Z!>=ZR&~<B31ZIHs$f#;&EcpdW_c4UVHLmrN=^>$6*t+daQ%MiHCE8m
zMobzOOOno4TBZVZ&N$^x%%4&@=wVx34`29+c{09gQhY(nK!Dvx&IYySS^dHiEw;ij
zqU}`D&!2~nC5<P+#@E#OWYa`Nwtk+2Oze{v5&G`%ek>^W(@6H!oR8c)T#0iKox8^g
z-71|S^x^&}!<&fIGwrQEHHmTWlM{&=mfCS_*qNaxRQbzz#s@)H)^Yp=!#yLlT8;x)
zAZF)-b#A0I8lUz6dB3+^Wpz=h|8Ncb0(iA=BX&B3vSOOWmv3ZJn-1!v@5{A9+CEo|
zJ`#Xcci=4>3D_CkVv&Jcr$AcwXaANzd9bGP*r~4#-{T1ojth!TbqW68L&5?&bV==0
z`NNmd?Ofw?gPn`w8lq)iZqFMEl+5C-efv|KEpV0v85TNm`Ib08dG4yUXZG{ncLslJ
zg{tWYl+OOkObvAC%664%PUGkdb@A~RntzJzI%n0r(@|wUN^LF~8f0{(9T*%VAY*aU
zbsm`cCz|9tcX-@2lWo{&Gv0bhd4aE5QxW8&16y9I-niXi(C-oV&;EiXP(Aq{zdJ78
z^T)?Eja$Qit^c<$rJKzuG>fHwGa7ded$JwpInGw~Bo=*D*ly=5yGCjy#Ucw%mKM#q
zf4AgTIv0jnRTPr4fYyz{F-J`@smMDmdawQ{>Qry8Ye;-|b@3_RcE9lY_h*mzf{jy0
zLbPykEN!FzIDV|2(Ah^Vt!06%8JxwbgPU;y-?5`)yHc(8sU*9eRxgVq>)RuSfNohY
zk^S!HNgXQ;H&0f%|Ip2S4Pj;fS}sk{$td=b<CckGu~Muo7h<7&!}RtU%pRP!flWxi
z^@}?&80xi3w3>F<ja)IH5wss4Y+7UhzzcwjTwyulnd$?arX@8>TceQzEA5ZwAN!YV
zlw3vYvH8D|+))@(3wzE-*Iq)z(MFd*#3x9KKN^P?z%iHH>|(l`{=YnaNCQ`6A7mBA
zIXWK8o<y9;pFH2e7AddTUi91KH<h1IS5`=oqwN3woDWK5j{M5<xm4JV??U8^>nPZ9
z<M~0K8yI;q?q|7}Qtu{n;l4WURW#5qtE^bS8mnQClReNADiupW(ENgZAkBcDw%I6r
zluD+^<e+fRPqbGfKX%@IbL4P*7{|-%My3GAo9(uhu#<DaM}Mm7C(%LQ4(IYIroXqL
ziCXl+`i?wXg*LSY?Uh(lCF@UY8ioR<Ger?*Z{;I&KSpd4jhDma59>r$xe@S;q9$ht
zY^2&O2Ti2cQPy^0Q|c%XBID~4FF6x9FoqTA(XeiV?Gr;54UULpKX2_1bGtGSH#k(M
z`jB4tH^(D%HNQSYKkT{b84k+dfta~WgVFga4D-=Ld43I<+mp5pE&}TZ#!y;=yz(-q
zu(AitFc>vBh4Doy2F922GzIifkmkEfoCv1&ctz4cU_;-ey|R?qNiu|->n(hrQ{$z>
z0Re7}a3@7jTh2qda}8OLm`iQVqR=OEo6+`ffE$~eQ(rkhOR9&r86$TCc`l6CcmJ(-
zN6bj5cx#JilJ_u9l5wo50xf4V$MI+kJHIk1+%QTQS1c9`GxlY7dU8bYjaTX$Zxh{B
zuj~s>jEn^)=?KdA{YxR=)MX^Z37N)IV(U<uGR8{D(QjV`K*U+woxQIDk2JEw%t_gq
zqx5>EE~hVd=LcLDyw}NT2#K9Yu~`cGwWxLaT(}pBmor<ozc`bcRd8uY@e_b_3*5Dy
z3nrNp3#g~csA$?6jy=wee&jJLg7pNZTorm`AVvaB{yq|Z_}<WId~uO%(=hV}O~SVB
z%Ap%5I)4YtKN_|h%yB^aO>SevMoPC{K3KFEwt$}Cg{gZl;D$WFdJmRhZ8a3EZisG4
zRdwDjY>99kqoi&A^{7l()I6&&_%sxW!PX7#SWIVcatLE<N?iFNHBPo2_N-H1xW<$@
z;C2YM0Nd;%7<dcEHfsU5U$pkzl)w2=X$^tmP3I6LiCNtI?V5a3{VZZQBj?*6k&}EX
zoq%IE+5sbT&8ZM+SB|SGY765{6Syyuac%U;Erzune_-e2^2RsEq({ozGVOK$Q+VVa
z#3;KC@yo>6(8Z1WSf}9BeVC8#(oEf7`|3H4hU}3rn*~~;i1LzXD^M4{KP+&_`G&aZ
zX%ad#hMaS2=-EEd72U-DhNo)`u^?>w)lXBJC5JHGh8j(!s!EWzeG_Z%wg8El=}Y2n
zdD6g#IQjvHX%`xTMW^<x-M?4(eCwap5}>CA(rSnt#oh!feU2Q|c8Sh@VE;6e)1K3g
z^E7;z0RqTlmcI5MS@O#U><*q}&33$f4#{HCf*}vPsW(90b6rBYr9in6B)lq!`;7$T
z#!fk~*Yptg2ww|V!qvJM?h7692Mt1&qO0P6Wc{~h^6Fvwr<i}beBcy%a+y8VNlO+V
zqnr-Wg0ZaM2$qQhr()AT0+1bG$p72^081d#KP-b?sP;#a&j8cl@pTlJKkoia2bv69
zR%Tdhrm?=Uy|~El<)V$7Ll+Uac#dRK!AuT<O%pm&pfdA1?556521auby`y;a0o&Wz
zS5m5vSbEON+}p{wd4EGkjIKLHH?n9@&$`aB;b|k74s`pbo3bemXnWv5X6Kjen3D_J
z22rWRyOzI+Tr0N0oCX*)$^PaAqyd!~bA9>H?Py@~(s<*%B~J6e?|01RPP$vPJ;-P8
zk2RA}xm|+gmddj`n-q~y!ZJ?lmsUGeuE6{y!h;ld^KG)lTG&R$tEca8NSR4IuRhAW
zQsvS_?0zL&Q<RvmbbfhfjyzPmt8|_PA7=i+WT{iwA1mTi;B*Bx%qwf7Mq80U=OaU+
z|9F5m-R@zTjR5moD2Fxw!^1@O;S<aPMpI^Rp+1<7KzT@sY5a!5H3-t8&tIq$^=zSD
z`GD5_yKz<q6V#x;cC9gVUg&#dC2j#Nf`phsreCgHaTD$pO$^!3^r(&dN(imnB6m(S
zrV1CJ&Yh-)2+?b%JDPaww?re+&|==28BSpPEnE?zv(e$hwq(o0(?*+<G7j21Ub1up
z=hL(J8gjNxiR_MM9Rq$sJjxI1&&Et7m9PU{J`fksA;X4KT$8xgspe;C?fE&I(uAMC
zRcOjBOCCtw*cNq&mOkr`Cw3pgHriy#6c`Zezggw%vqf`Na{l|L<q(>C6uF<V4?ak}
zrnTZ9>-XFfXeO_@8gUh}DT0VTHF1Wv4D+YHugF*s*+(~V9wzG1efO~P@52H8lUe-!
zO9BJqJB<zjtlt^3rfRP6+*(oVvEOOR6ODoy<_&2S#=D*%D?6Sz=Ymw>k*?cXVTCQk
zi-l0vq@ji_cErZRhln5GEEeJi;AE1I%mYA^q2sv##no=|+;x{V42#7XEB)^-U@Z94
z=@<w!_C8D%?ai<A3&PF5)`(-;bL2ctwBPmvan@1~o7k~62^B2YQYvenkJ2^!ETz)#
zy1v3w*9$tTUQ3fuNQj!TKKI|X8`bu8<v9hwHPn6-BL6@$D6W;Vl>E>5)vRIojF+9O
zM6A7VY;12_h0r`vj?C_jRNT+R5!E5R{ft2TDF0}M_G#a8FEerkw{%;fU}LT!s{+Ox
zJu}17Gkc4i%0&yiM7*rPpe$13CgcXMW$`(!xgm><1U+k3hTdwZzaj%p|9StlmBc3d
z;5;Bg(){m|mNalIyhX)MfWA7~k)ab^>}9-Pr#q7u$4D3lds5Y<wlA&!XI?KIzpeN>
zjDP}I$%#6>Ge>r8Y23d3d&}r$Epv2Fy|?|IUSowUKH=+YKIdEW1<I8_$Yp2?K3{ya
zX-QG_LDDQt=DVGCR$cgcJgg=gprsA##@w6wI{5^aq@eVJYxK%ISjIrUVFFuSO!Y_`
zso!8K=`#7@4lVG)YEgKB6;F-X;N?tTJ){&cToWpRIDQn)UbTc>JmRN;PXT#4)-e3v
z`g8e5F>({yOz=`q{@})I)S5%9_ouT*nw7Nyh{ppuFw!S_oKA$npLkXCQu50;E85Rq
zbyrl_^n);mon=?t=adNsQFZ+aRI~v*A6Fpu%B(POlJnxA$+1=!q$s$&uX0*5&(vxc
zzopLwUTNn#zco{WfEPCFrt{ZG-p-t+<*xtgeJc0q;MWfiXl=E^g3o4wSR72Ui^^VL
zyG!2IXh6L&?LRkvlesK?Wjb^?dy~28U>3Z6Eyjww)@@0886lXR8!H{RUth9PA~CnA
z5$e*wWdsnQ|JnbGp}j?kEuWxqQ3t-fbi3hRcQ^~IHa`>ol>VK**eKh{qdejF?Z?sM
zs!Kl_tZvNQ-rm|ymiW5Ao#v^4Kpsz#G1G`5%FsUrrw`{Ld$iV5-rtq|&~%|wdrq&K
z=?_I{1q4Ef0$vRMN)Ifz{IqpXRqcCJ@>?fj<Z>$iY%d%FXWOoJA#wUuG@c0v2ze=S
z{Pt%UxGm_#UjEg17#rq)rk3TO)#5JDN-do<zB+4&KYZ!%?=Oy&B@2AHp?O@N-&D}z
zsnUx&xP)<B12{|0PQ_ndmLdU%%NK9`_kQ~gFLk#G36f0O;8?T*xA4Dn^k?GK5KT|P
zsB8i66(G|?7l-1TvfZ2R&2EiXCwTbFw<~dp+H7-^k`DeRMuKXTfulwml!!hal2me(
zYM#7&^^5d&#(#1h0p%*01~}(t;r`ZS$~;aAD<APZvgH>^S#W#8H&~fc^4PimsAwWw
zEa><jFxfH(0F&DYs)el#)~iHU*T_!;@Be$if%Ol;1gkro&w292_P}$+D;jHpbYGY%
zf3x57>XN9l_`ioC|NSq74>g`>bY#~@J$veQHf5c%52S~$KGO7(M~Q^~0`aGNf+w$1
zltdu)_{1;fRs}cmlJz_7N4znHr!1w&i;!!m0Li7(I`MZI#sA_-Ooh?@FMmm3oaMC~
zd0M$(T<mzH$y}B|;?y=FhfVhip4mHk?oT}y03=Jiy=f{zn(dxgxw$g`6+WU*@2Xm}
zI+9f&LAXV>^eQkKB;jz2Vh{p~DHqf!=a~Qf^@0g6z{RA@0Qv5x$G`4r0gd%4inc0G
zbRV~L*ttOf>BcTA3CdqkC;K$@Pv4^A-~Wfn_{EIz8T&0=X5-Aq`ee_>ZKG#=0VrH5
zX6;00VI@0_iQg8UyMvLqCcrbdnzsrN!y_#|V%0w7?izJNF{a}6Zpg~zc|b~s;8CV^
z?)dzB8<k4*IXM~gA9u%3{!qDnzxn=-=E=hU1|A8PkC{j&Q*kb+n3M{f-8Xz>_Udzh
z^X)oYv9n3@XgXXJ^7B_)neN%i$dCMt@ma$U^fn(J^zr8Qp^QaP-HQf^)2mCNtV8JX
zddT3ydE>sHWq<lJRh=1Bi1aGJ;az`D`dyB93A9gI^rwZ&$tY3J|Nql}Nyokfz^10C
z!OYU{^GN!04wMY$Wbl6o(954@<5o$TraG_KhKvS^`rUqPJtJsf-_1^r_y4g8cWLL&
zH2Pu?$5YW1a6Pl|#eRYmIZI(+uT6HW_{Qg@3<?T-wR2}YEWch@hPpDVK#J`P$P%83
zz87u4rmD$PfN$DgD-4S+>eV6H?Hm(q&U%I>X%+ySX4q@>&HL;d0pufsyui}_fSKV9
z6<Vd^o=ct(D%i9aC4vW#hKwon(WhqbTwMXE<_+1Az<(|eBZ)pS8j4D@yQ)u8IYd!k
ztE_yGo}jJzS?M;K!piJOm;V2Lf2WDN&j4N<J1~DuF6*L${Y%FD$#<H9^0yzR{x{>v
zO6?la!XeRG`ysZHhhWSIm7nbB7qlih&5-G_AELcIf+FLt^0ey~QPI?^sFZE+3%1y7
zjQvO<lU9Ze%6`?U$GDXEKyt2}8pUJt^6L#{8S$EdhXJ?SCMkXK*FBp46)*r}T1DZ?
z-}vc{1WKy`-hofy^VxR@5W}hmJREW5n*ehnlRN`F&8sLSG~}<ryiOB<T&4iO4`DvS
zS3|j;<@0fO<tV8@GXIXJhXx4pefDr3g-wxR{EPpqVJj}(7wDqZ-T5qeI;uO-Merx>
z93quRU}TH+yOb-~@`6y;9k>O)RO6CG4Wz^yxk6kyF~^f(`742I<+pDO{+*zTu>Hfr
z4_zf`Dhc0uFb^tyqJ6@fIhPa9L}J4jU-Lf|Qb-Y?PUBI+a)5j{;Q%Nn2J30wv}RNe
zp<ey;ST8CM>?l&x_uCEdxgKYlJ!UR5v}nok2y*n>Hu#;n(+M!QK|UjJmjT>@Z2v1P
z$l%+GzYfHILWoe;W?NTr%B@(l1f^Mqpm>sxzy+ZQr~b#9qGG!L)$_c!Hm70Bje|FO
zTb_ZC-jZA&aHf$GvSLxc`E;kI3Wa0xf#cr#+q9neEL3u{993V`n?&i#d9j(Ce52&4
z->FdD4LL%EyRT-QH&_E8^`5R56FopfTW$<>(7KiQu5uM!bsqpI;7>pl$?zljH<9;X
za4$-$?sECpq)GZNl}wRaoJA%}J5R8^(y?4|r>vducO^vu59D$aS9!<zfj1x-H$<UX
zZ8U~y^DG@Df0;T6J5hfc+3OlR<MvyWNdNhzdb-y*$n&?Rk+o5i;1_XyJU;gysyy!H
zZ;hF?SO%4?-z>w5Xqpo4Q_od9(H&O4TOIzp5q)%M3;@AuCl=#UTI6C8j|xm%eN$8S
zI!DcwR`{*OpCLGtV4M8R^AbORt9g@kHCpfmkYCT!v|OT4DsJHg0>O8zL?RV7TUvi)
z|DDwQ-zv&Y5tzRscMyiMDBXSvDA=1zODk{Mi9a4!X0N!3FMToi_%{0~@<bNv^z9cZ
zUPlnrN7PnQ>I%iA9sv}0ZSCHl^(@N;zw=^IO;kn560ZNFhM)p?L@$Ly-Jh_O$?3_7
z$#Ad$LGg(em6MHsrHZl%_&I&qVP>w%b=Aeot;aMyF}W85Y<H;i@m1$IAH(N7m#4r7
zFg9YVpF)Ay-?9in#Fq^BhYX!wj0Fa&9>A}20q7y`)@DXQaz{(+3wAWsm!fxXw~qc~
zgjW7Nvc1Ls5JlWQzPxz1Q;Fb(vCKv<Oa_Xs#)tY)pWXlf{~K#E4U*G#=-uq5hUe3X
zhP7wWXNMHkAah=6Ad~eADuw)1z<D2d)nX+N;7pwg5ukFn@XV>??@@?t0}$o;6mSZd
z>rGImfBO%^0AhIpcw$*-UQH&E&TSi?|D2KOM|Kd?jnxB}LZ6|0y--TV`2>|uDm{J$
zz`GEDt@qch23}s%<q`6FR}cam0V0o6K$63|E(q?pp?g*e04)q(imRu8VjMESHd{iR
z?ot9SQ`#~-7TL+zw?AYHl-xLxr-P5hZXdXo0eG%hvC$j5e3n5)>n|g9b+cEG;>uo0
z4!X3n{ij7~xxYc&k4o?Z1O=Z4F8u3BtD}yuu1KOmI<9mYa0N;^MPe5NGy&+u1t@CG
zZz`mK#MBbcM4sQ!d<{GTKfxeCF3G-hxZ9Dh#(pi%x`)Z<CC7yH2fic5ChCOzeBMLR
z<1*{&qG-<Y+bDo?FXVsoxTJxc%w<WE5!u7BKM~U!?euOt<y{nK=&^)e-UX&kE>n)p
zw_6150NKQqE3WF2S)D~d)C3qDq@a+f&Qrish3o!y;oj(myC3y%v)YdQ!YhBc1Vk>|
zEUi>b82gNA@YyR&cP|C|JG`I^>;9y0l;)n!<bmc&fwd+0!=Xo%WRho2be)-9*yRYw
zlRz&OQ2`^NLcChMhR=<W)Ds+lhlVBukj@$aFQ3xK8QOijsA6ucNxPEakrruYaKFvW
zSsx4MMU@{x=U<Awk3f>I{Gc`x8XLHJwesZ`{n2eb-+X&ijddPdQ+u)80n~ZP-%oOW
zLhV3(&%S@lCEtv~KI$=L4g!fr^PQiUdu2h^(n61_Vs|bT4tpVHhJuiz#TAUU@>LWy
zbU5RlRGJh``}C$yoA}uIQcdViMXyfh)>RwSW4jtnlB72h8JsW(TGu~8MR02kKFu&6
zQZ>2K=~)*seV*%*(zs)ZtUeaEFg|umeq=T8KFx%4Z?xx<GM#3Zeo17@ung(sGA@_y
zUq8;izY&gJD1`8gy{pxxNee~rpc%PYi4_;Q;vJ+$tu`>At0^IH0{cWr^o?=s>o&jt
zmJD2X6Ym!Oph?e6GxbC^>~lfli@`dc>d9}5u9;BIEd29sW$9su-44X%8j4D7j9diD
zCKqiPr$PABH``E=<!osxxtZ5Q^9nO79Xh>kQE*3~6FD6^I9fbde#$ZN@!dJq6-f)t
zi{Iqpq^tj*j`sn8b_WY*8i~x<3w0v6eSzndPsEGU6xA+kctG07vb0dxDa9GJNN5)j
zAQtM&*sp_8(Ivb~36q^n19}9}v9X#*0MmHqZbsyKrAYUu?|yd2N|ei9)&ku8$rLF{
zm5>=D71(HMNXDM<uxqt^^l;5QTk-%{$Cj5p`f1SZvd2y!l6d{yR_Ij7eEFkuv_Y+X
zQW;>uQD^Al?dN)zebGrc0A80FzvlxW+%X!Y!;7UG^3+j2>^rKU^BohNr~lmrwETMW
zTCmpEX+b~P>RH(9)t&e3qk#9|8`{pQ_<=LJTxqmM!0v=X`RPoI75muPjH5~R-V%7J
zdq!I$3sR}0rg-zK6bH9m0@JLX8|0*K)1`SWrh%ET|GL!sbxQi;@yAuSmYLH&A;d4F
z_2K$^%6k1wo^Tc!M^rLMzJA1Zcb1GsnAt2tN+06J%Nmf;kb@;Y?*k2uOX~w);KjzR
zuB79Q*X*?b$+B{?$U34W0$skBT<ja#0yww(Zsf1}Epoqz$Vf?}%=jR=&L{8m#bhIL
zeb4;U%?xRX-?^3=QGBnUTc6TifVs}%8R4g$w+%w*Aeah^GofK925hw%0Q9yJBS2Uy
zNKcaAW3vKZGy%sQc_;lHF!i*w#0Rkwzcrz3PJxs$yY$vQ;2aV2S&2-6wn%PJ?qNZK
z-dX~VT9hnhW*RWPRF!y;L(@|<ejyial`m1jhNsGJ2(!BG3tRHGFJz<*MlFAMeN}ud
zDD%%D%k%+Szme(g3i4vzqwY)ylg;0;Ak*V1!)3Sfbm{gw@01*xFj^edQ81l}Xyc}O
z^xP)^wMcq$`Y25V4~#oym4E{6f5YT$xdXG+SG&tk#|?bAVWQn&O-QdU?py!DV5xaS
zV|O<6J2jPa3o#9uMWbx!;M$=dnc1uR&wsjw{FTlD#|=N{zEjjV6>tQQlZ{PRxeS>~
zoBmmCVBZ<{yypz8>x)7FczZ}I$aiN)eQ8Pm|0dW$Sw=@ZDGYjwg~<?eP6)BMmgUIy
za`7B;MtRet!9Z;iI3wReh@}p?x_&S#dY|ho&V>F4!ym2tH<dkpdspmoXvQX6W7qmp
z{>&NPsonO{3?y#Z4CQk}SuLHBnZFKdyJRYRTr(-lK0q;OtxWS;#*)S{cPDjT(KLf4
zS89cc=!a#rvecIL;m<OL=?K}6EE78o#{-tf{i1yKWZPshf2f|KSIaO=+$)sZtc&(k
ziVa(`f9>*HCd;msR!#jCkb1x-@<oD&ReDU%J_<!yF@NYO<=5hns3{`ee${=xj3I+`
zJL+MdsJLazuxI}8?dvbz2KHY2=kK=-bom6BU#7vmRHxj@D`@yWj)ChZcP-?a{)13n
z*=Bs2>#(Sj^I{noYa=7O0_smub3NcN^p+-<PSswXv58zID7$QFXVIX(*lR^>I?@HP
z$-A7KV;?K{`t_KyqRhG&f|CMgzaA}E2-94TTFD8I75#VivRu;gy5;EDdBp3L9J&Z0
z`=395#<AH6(vYkFGp`6^Y>F&WWZ5I3YhGIC;M1TifAABVop_VD4>gB(ZnFD#IsIcN
z-`l*P^2d#0|KYoHmphvnzOF52&{>pXC$!;sYa{n~G@2|*_^Li8;lgS#Jd17}PDV9Q
z^QYed7olpdD)WywT+Sy0=Yn~{a`BaE&1G-m`7szS86%Q<_QWK#Y1_L~QJu;=hDY<l
zhG%1sbf5BdoTZw_a;7q{cY%kLZUCzWoD^}!4v^I3i)hm{hMKyu;$B{$Wu6DUW0$^1
zpkN~TR=<s$aEjh(?OWjz0(gpmKdQ~Uf!$p$0H}SM=RK5XRkZn1U0d%Wb$vb*nOM%K
z(b%cXf4=(6!Wdi5lh)j~6tO)2`tGX1ZeABoqX65y!TR3h_KYn?cm5#NYJbUrHm&C1
zS@>${FRP8Vw=*G3+h58*{b&Rx1QY9pnvZJYCRCz*ar&a<K{*rH<H`vB&>^O9S{?o?
z4Dv$-^xT)fLYo8-zZY&LLw>by$+f^l?$WEgUTycgZhtt=6j0M1hSIn=-r?u09=X`F
z2Ht+qtABS(<}jYG4~Tjj&A%f1qQ{L;Mo*qIL}^_|lvU>4;;{(R(VKICf_J%C3NKxt
zdlJXgN)6gPz}#90_sK)p{aZsEM?DBF*Tp>ykHx5IQZ(v1L|8niFVDK{v!*zD@%lAp
zX(W*{%d*c6J-ajEV-m^<-l^6)|ASU+%KDLR+!B96&K22ux^uvBMVw1!L7^mZ{s-HI
zS`<ga9AM{g5d;T}>k1t1m?|M`c4DM-QXfi==M@<Z7JwXXZftt5MQ^e3f#-z6DD>+|
zQ7K-&kI~gbDxw6Elcl}-ePfA}3oNV^!wOt6<LpREj%A}Bt=GQ^8IB%Ya`zt1OXb&G
z<Md0%)-nl?>wgkeCUarEf#p#{Ivx}8sY{BM8eNEt{3-ZbmV>r?PRry5ZjIaU1iSTo
zK6JQN8OWWCyJ$%zd9wT;XKP@^)qMj{0jBPZgO+jBoxv~w*|CK6qrDfI9ggE~@QM9I
zxjsvbIH_<e)S$}2ZY_dzIk&#1HKtye8{fs}4DKVT{w5Nqj$MN9yN6mENHhW%<^*qV
z`}#6s)BLawz%adb%oz+|97`*ddKDp_3T^S?e+zzC2NU^GN=e*GOm!y@XiPIna{IrV
zuHMs_eSc|Ff#8rxZwM{9I_=?vqZ^RS&?-|NB?u^nefE^_D%hVsM8aFOsQ8bzx9^?x
zLF+3jmu^#dQ{qHY3s{|SQ-#`-T~iHE%I<}i6?zgJM%o4W>rRU`uc##|-ak31Mt>MP
z*Z2C`;X^GjOd_4_H!8b2!WAr8%_Gc7GfJL4f#1;qqeJ(HM%V{ks95`+a%_Q+m1Za&
zL|U5BQ)R-sIS{C!$C0!)F~NE;;>VEsv!!CXEoFwGQPm3(w1)ce3}+-yQ=DCINnpo~
zVM<IT9xI+gKdMKQA6l!zRSv~`xEnO;tP-m#5($3r;xE|Vv_9ahGTVsw3@on#Gc^_Z
zJmY6CM{fNY{C?^so=5-T^z%VU39B@c@gI!P+hNh*qg$*$6}KXy%EbHX{!xl5oYA<*
z`q0*ulAk|)fosi0o&=rlrB1H#9nA)cQ;BQl_Gp%S?5pbzcIhSegqjSk6|JPB4a+Ci
zlDWiHwU>=@`l`{+Ipq0CC$xbn#fnJ4+2PIY$WwfCjk6YVt*`L+ZZk9U)psFix?;41
zurT@Z-flv?)YIg^_*r09dP-piO-odSy;}xv*L@lX=x=Q&w-{4pM)|hD;Ll#yyES|$
zpP=HC+eK^{eTF%n;=3iu9RIB_VkP51b13WPDT$-0S1-bmGK!K|r+Hx`>+^&>?*b@b
zdDZXcu!|Botsg8JmOAY8f?=Z>Bzh$D9V*(ZDY5?>v;9|GBZCfmEY@&uwE3eo<>tsl
zK1cg=oZ=>@IFe)vdjCqzv@4EzRpf>PTss8sn3XT9TwSrzEu7Zng`Y6&d{+cyqJC41
z4v*M}3QXWcq@1>U=O8*=shxMzugBAwj>U26q~qDK5|#m6u*tPi^|j1NzmFQ*TFW`@
zN>xfrD+FI;tsJu3c&bUuE<V71@T>;PS<v)?<z&g8hiX_FBEaFa=OSY<H%OV-Hvv3t
zuASZwL@jaP&0JViVdJFopUdqe+ehn|)iFSwpiV~8U;JBJnq@i#FYJs&DUo8Oku7;R
z`g(&ZcA*g4+v)-RxVj@jjmG_NLjCTq-}TjHZ?i;9OUb4&Hc?TiDzB`rU-T(TTpgm}
zJK4~ruQZ;<FljU(B}@PVxrmZX>O<KkI?=f8koyaB<FjHU?dSm+c9vtI#o+q~b0`$m
z?2KV*lv19H`;p>s?xFDoR&jZ(H{mp$WPI&^a!Ty+F(_1IMw6j|*c~*FG`)utal6_V
z6%KcoXKpI9jXUvj43cy#(6)cMk#DJAex7|Pm*0SMQOXMmbCvSukfJxD<B08X*kES2
zI;uX`);lL@3v3f-aNgyjX4R1BHdu*a+ut_Auxy`NLqBCB+6Qn+McOp1eV$^;p_0%+
zDZva$rA_RP^B$aGVTf-XW<l3yS7c^gs5#bEv`CF*CTi;#I*bsNPbAE(al^5|!u8z8
z^oz6d7}Bqxf)K?i7_%c<<BqiG(Q<LAtP<5le$ZKPx^yaUw2KaRKE~QJ+j<&NNprPK
z+3c0$vzh4Z%K~EAD%y7-W;{<Q?q|3mr!uJ15@8Q`5EDaRfs+3GTf?*%GJQ&EkwLm1
zK36!ErXI46`*6(YCxQq0jJYA6?wjdV$00&^Lo@%VSuOm7F6ph!!Ig-a%0m83&iy7A
zx(qnBi%>elA*}HQ<ien#o{NTV{vI`@=$-OCjL_xvp_mG5!pVNeegXKIAS}pTB0o(;
z6O<}A*=|jZk`QriYkObhNOH3iL&~uKC=C)tFXe95Z(beVI!I9aLG*4n>aSPGy<Mt#
zPc4hy)q6M`(q%T+TJdZ2c<kWxdz~ZU4>P)nskG=tWIay<C@J7LM)zQ!9Dh><CWUgj
zgk-Txr%5djA)9-!L|~JtY7#cP??R}9EiD#2)y*DcAug^?_<9H2`<{|5_a(AQSI_0o
zcHvh?sE|98X5#vchv5Q2a`GgTgS^`?X$J3YNz)hX>xv@cGdXcnJKXy0)4^0NhV5Lp
zpjxIg8e6l$4xb3$t$OK(u1!{7E^e!aG@qjg(_;7R3NG?B7H%4AN{s9gIeZ)R6alG-
zUNBhwZZgdSW%MXfPprAAE~{s(U*g=Ce$7wK6oUUfR)a!wNPa4K>W~&NFs&_)JC5o!
zLj?xnV7K|-Ih2F5{I51cgQFI>@*?ChR#iy~ODIfj#fWDC+pXecSL;moH;?4^jD+~N
z>=GL|8$ekNMD1E2@ArC@*?LFwZF#)pa!|!oTzvyt5<J_FPQf&_zlh3lSV}-r8U+5;
zFC~BRe<Bt7ULWOY>9+j*c~7C_f_5xq;<XaTE~uPeGU-*5+=1cDLj_jAA5>|vcw?Sd
z9*>lj(oq=$iz%%69O`pLr9|Nn!VlM8j9>&2!7_YvjSecdi+_&CV4se}Q8?nN;NzB>
zZPK}}ZcW<G$0xPIf8ULy;7Ao<LsTY0;~=K9Aeyc4oN+cRZS!yzXp`Vs_~=VW&ezwT
z(bYv>56waoe2{7xnO{j4v|u#tsgD*y*MA;rM#ex+r9yL^9St!OSrH{7T3f2Y&Yq7?
za-Eq<zZVGH@Hc>P&6Od;EcPXSuFXHkPjjmxt_vY_=DL|ncJ`_WNR-}QJOm*zKKokp
zwh+O80EfEoZE6O1=a_!s>jEn|nvZyMXnf*C23_ZX^<D>DuV5?KmHDjJc@)zGKI%JF
zUGQbyIVedfmBkSXi=jhW#z~!VK&Qr8k@)5uCWO);y#*ZjxAJgXJ<Zf8<fHvY$ztcd
zVuErC?}2z=jQk{Krj{Na;=5gQ`9W&0musBCZV@bQJ`1mV+9<G7fIG-x_aHE=a&sx1
z!5Alg<SWaT+N5aBAdel$o7aE$GN{yUC$&tP#O2pp3{qkGX5o+Yxz<f_#Gn|1E-|(}
zVBL4>+&r!=&urW-E?XGoYgl}2qrWzU@!wqlts*u$Z&MIDez?j$)kCA=p%Sru)KdNh
z2C%Zn%V*f~?I2OE9evmwey25_An?o8D^pwWfp}2Z#o(0&VLRDdgTuunr};-09Cp6l
zjD8j91(v-6z4{eAO|ao1&bXtZpYAtS2jS}B0sEM~)pp%Zdl?U#l{a}~KW8C>eb~{L
z35J+Xv}n^KJUhvN$+0?=R{qQJz$2j&FU^V0!NwM-WJDHr)6wH^jaQaQP)7B{F6%sE
zc5o+VF)JP_sGa2X$;9gtm*lIa+k!}gq`$V2vyqN)GCM9hY$`XLnBt%Ax9|i*sojca
z)dw6`?Y0?EayUI?lF-m?+UuL-Yh_E1!^gwI3J2Kg{z17(!WWDK>K5oOMAA|A%6E2u
zKMx~^X!|v*-(VwK8V~oS-nPEJul-($M=tn3XM(67WPzbayKb>&%3m3}7?9YjF?_BL
z$BYX06e0}Q<8b;39Q?xzx~o@`Wj<Hb@VD^w!DxQ|>+h;H!Qn~Yi|`vH=0A|fsfVxn
zG>Fm1G%TmZrVL<}&R4Y#tu7)!`wsl<*^4~6#V2yGFJf5n+8ad}9w3Lx9PVL{F)AV&
z@9M=kGhr1XnWS)nyXGl+hvJ`|heH-Lmo1tSQ`Fs#Cq@_hC{up(ils-rix(CnTO1kT
z=dIasE*_iI*g%6G9Ivj_^XX`R`<|D3a%4qd;I4%;3Z^3ROyj-1%OoS&rAUyNgo;VG
zfA?L>n*6=$-GTbbSm;AYChUcV$oj8`S3|Xre2N>oOW+LzPqUOm<BjTe1bS(hxe~bg
zSyx+3?q^=fHb3PZe{^oP?TU~t<k`ba{fs%6v9GWzIxKoPPN}e>yWqYwSCDehc;-<o
zYJ}{cO;ip^r5Q;vLi}_Gan@rEx0n7S$es@cdAauSLm+`VPVUbp7`vW>XqVJK=usk}
zEG~X_E^o`)STtcqZ<;Fgz0ahWV-MaLa-@TFcC3z?=-w}pX%1N{e^G1~3dKj)d0lL9
zA~oZuv`K--8YjN0TDnWFJPff~baB9Ph=`0@)b-L<VmeF87=BM^$b$=@Rw_xd6ul86
z9_KLGmF+C~p4Tnl(DEJ)0sO?!SUmxDQh1a8255!bqm|=r?Fv(2?mFWWBTFZ&BZBvf
zRdjw|)o^7c=BesHHF+fOnLd&d9%|&a8k+suiKQ$s3_&!S?;Gal$RdBSwCJQ!2&}#g
z=0s(IY;`Krr|Os&O`SIc=Z~cT^ShDucYk?WQw_2Ha=Cib@LHQ_M~s4Z_?y961J3iZ
zWxjuhp2WU7=H@dmEY%psg~pV?rLD+v%=_?vd1X-JX;+JN{+$+0{gCRM+9rEpESb-5
zpGn%Ln&d)FKd=2l2UfTL0bSGGb_Mw~m8FC>(GauOBi3L~bk1$0Es$e)YBjPv)L~&3
zaQ?DdfH#Q5Hcoi<e#Ied>wY0&F|SMUmj$GLj`qH1TaO+Na6hRXNg<1QnjmH<-+uTq
zw}TM$L-zR^hho#Y!gx%{<<n*>{xC^%xDlpn4@}^!Phq?9uvKWT7T<R)vhu5AdQN2S
z=?mkvU}3Y`RtxNQ9>9HvpA&67G4y~{JN8-Mg-AB0oz-C4T3zo&r;`QygREdzn3$}Y
zEWfD9cRA&QSJ1pI<pk4`PD5r;lrqa0+3hKJq1}NBa;^N?^JyG8E>mLX12;!H&k8zm
zdC+r(1D=h@b8?1plXH?mk_Jslvb~jlf$r(Zk2R35FaDWm>wm}LMt(5Z2inPlnRJav
zhuu>lB`?i^IHMb(0_=sxgHS$hXYTUf$z)<z@=a&P5py3z488Ue={OGZ6-v8B_kPEX
z08GI6`*UY^&G|h2(_?T}`^z>zA*U-PJk(4cM2JaL0~o4M9z9{FsQLs`dlT|<ko0m9
zlaquKB*o<^;1)NlWVJm^bkc*fHMDZrv%5T~Uyv`psx4zDTA)kAGici@y9p0%fpbQj
z;Ms`Ja<H7*E)FaIAGW?auBvY9S~^8Kq(KEGB@bN+N|y=>NFxHmp&MzGmX;DJMH-~L
zyBnnrB_VJCY53MgeV%*o_x^+65BA<??X~6{bF4MTF!Gg?3y;aP?w~BZQO$$jLBeII
zfg!qyZ@gFNJ5+Lf{FqjDhirylrh|~No2|S2h4B4)<oAQlcahn9i`e}kXv--(G6{;W
z$W^kO_~~_ipCJFUn@5N}N4x#Cq)_gwON4kLh91#u?yEFvCl&ghb4VO>T;fcz{~m?>
z6GcIv0~}9QOBRH^h_g=LAd>b8Cavmrpz~LOaN07Cnj6ok1Ft3uWSaC`qxR;BZmnBR
z*$kEud6s(mRjOuKWMc3eA~e}%@SAEYPS!OF2l7R!6vJ6Ky)f4Ss+g#rE9*5j`kLF-
zzFW*Ms@*nilB2_a7N-~W?~R6w*D5GC9xP=4VCbY9ib7bv3Om=ZX56!$*J9$7E>)Q=
zYnRHvndHh}=rlaGd~i|FZdm@^{VA3$IaNfj8v3LkKILW_R)z%stB&9e>kZqx*W8Wl
zye<6H98q0c3ON$wkch(t>YZgR3d{}Zp?ASnwk&M^%=N-{8Q!!m{qe7+cHGDDWj5{_
z(<9Vo9Vfp}*u-?lwxWdOb_m>5PFP#N<ChXwWA#&B&eZqoT_ew@zN_eSA|sx|EpDIO
zbHsI>zxeVY_K1UNt=l3_nHw5Cy7E=y!wW5wbn$QLg^0G$Y$;TlMgH&|WQYwYc}O|L
zLDM@-536Ok5`q{Kru8N2ti9j+Xs*^okO*<d45PZc>BUbEzh1C~;cN7Z!_(3ISx{zC
za}PhNuY}68V6~P?o~G)jFW6bhWz1nTK@_a~wc)MFD4mA$;QTbP(Y$yNZu<L`oTn?6
zBwhF6KCN9b@UF=EpLdn=lh9aa3=MWH;bUC4%8++uhir=@``~T!_Qd;p;?mEljw4W&
zT;p59Wb5}kc%ROym)$kBBbMg&{fzCiF%3j7^le%iZw7?}8t=L?CNO#mcGbU^wvx;@
zwb`}vkUB<%=;Sq)=!f&8>tQG%cH70g{qbp9GLn>cLb2{i(#4y?9q(Wk#gI$U`KS<z
zvK&*YAV)aIO({W1O79|Ym(TGw-|epbydp|xRn9=<C@fRbpEr=T!holTR}m#?pDoiQ
zx*d)}kWxKGxMa`};;>7o(Gb~AvtN5|#^AuEFUwjU`lLT3lhSfuHM_2ID-phXJ!{5-
z88eb3R7kSXQm3T~P2>mD3!|Qs_^9;dz&&KEYDN3$uBKoXY*x*4og^gZz(?R}qxKXw
zVrr$fXf>z)OODs~)%OKRBEwBwELuB4G=*(L=eq&iIyL8+D_?)gzhJhkqS&*tOD1R0
zV$;bBZ~HPwrI&xKL|@SlG&<1%+_+g(_O$zWHN=6xE%&I8)zkwK{nk^98klL#9#>Kd
z6E}sV+S-h8+(a{Z^EF^zo~p5<8aQpb(3s=gUrs3trY;XlH%WT1ITT5tTUu5{k$aNA
z`MU2d?-q{rYJnMU(1$lgGjE^2VVs795qHBIq<>)5wH{~rAKE-QO+D?nITIYb-{;{6
z?2_vvpE323rTUjMZ8?*}-d4Dp_5O@9lV+5^wVTW!5%%jR^9O^UMzn2l2=m*rLKAam
z8}7~Y3M?<S!0Dk1Lm3oLQZYh$@8U$BVcyKxUXD5`l1@f77I_%Y`(NFG(y#8?tGJ*}
z8YOvNaU2SXBHAMnrW5t-U^c!{I#WJKvB)ZdvoE5HO*L_%##lG%wQYL`Z>gZP>$<#A
z%o4S?&I(`IT!8@{!J;wUF{UVLa^T+L9^;|>mpVr4HEQ@F4Z_c;{(NyDM}mS0(V$g_
zgsU6{XB%>>Ki(s0_6D|p|D4*3z(z+s+|Zs(m)&8ozv-O9N?-rr`C3A90Nu2hM<AQt
z_%h3ZbIw5fkV0^}MY%RvYHyoleRJoP*=1m~_$0tOdR_Q!J3%`zSu#ft8#sJ;N_n18
zrz2XYNfSs(O+(ecQ;)x#c9OaBE>^ESz@nZIYQ$x#G`eiWbuEiXlm+M?S%_TFqBC(L
zpl&ccTICd(8aQrrNlN;d4>_Y1S@;ffwiMkw<aD-!Gp098+LaD^jKj9|R^Oon?tv=#
z?o21Em7Br#vGK#=w>!h7GDRdd$Ley8?ji7b?Kx3Hg39dr(jy6^fAVP+H#b&@*)Q#*
zDD%!4%Piy#v#7~$Q5rh!{y9%s`U69GhFWzB#qnceK7KbgJA!?0$3%m@OQZ>5(8Kny
z*5?TGP531zTx?!y^yv(f&bu7Wt%>!`-zim3TF7HvY210((L#3hhrvxwlP9b_a#{j?
zoOu4hY2O<V{@uP|YM|RPIfu!M&Kh4hgf0Hc?2#Bx2*yn^)UJ~#weJfCcMb51x%oo#
z$Z3CYQ-!EC0V4%f)>B2D>cUN(tOz?|^mb}I)Ieff1qUL^72VNhpO*%Y<w!JYTFFWD
z8y8<RG0KXEXha8)kK96e+xqakd%;Y;XZ7I6Hk1aHBmD*L`;O6*M`lG1>cM-S@_|Th
zeEGFpPf^WHc1?*1)i(3g)4S?L6MPi1TYhysi?oWU3&EdvlB*i7433z>*JR9J!he0^
zymogmZVH?EEw9yGamxPEM5My?nSOHDcuK)S)A&ULcI&hCI}@L?EHR}KJ|AP}XG9d~
ze5se1OufgAxuv6HhV;kgdKCnwuG1yUY~K|K(Z0u2XsQ|Q#Ebu#q(I$jo^*Mdf$1lP
z33ou%N@4oNca5gDZ^dYu&suihI`VT8I?F!^V<pXso}}RqdART7dPRD26jS+?4}3Lo
z`^t)D77YRSvJbLH8$ryRRxd3%CkZ%zDxQO-+aZbLgQn&ox6d|bKx`Fq0Hom$i~!tm
z$3n-J3T|2E<ReTjqpnx2tGj71!EUN?adR4lpYlH}X>De|zPhI?*ZbtH@$Q&=v7_4R
zI+hhrIV`ku_ORU4KPrN@b3rFmsQPX%mCKJUn^I)n5tqurn1wW%qA0aRetd(Lf|!}s
zAa>6q#K4HSuu;gDQio9;JC#r1QtqP2$Z*m}uw~`oFv3HVw*d=618mtHAD%B@SUgQE
zC*+E^1Ay)TX>4q4SsH+c7=y2)dA7M4^>tI5zNk7<3Nlf(K<cIBz3D2Ro)JTQHnZ<_
zT@W9;a`0P-L`xZ)&xN+8YJX&K&5=9Ozv|G8V1MeZ6Vv$7XN_$1cWQ$-2~KA44&9JM
zfdP!gXfq>Di);klhp$d6DohzlT$W#a%y+bLX-ij2d3Rq7aWE2$e`Dso^=39{xM&kR
zT6#<nl?tEM=jzO}Br`t#=%oc%jRrAS?9WJw&g-kVo>3cV1Znh=CDAM)?}+B67k6af
zZ^M@*KlY)zU~v(cd92h5d<dViCLz?jlKhDLc=OJ+v&|HIHu_CEd872LPQE=>q`@|P
zlmdvDJZ?*EpxWZ<TMlD9e8;hu_X|D~Y8ztVL0kR!w#Jf0E`H?A%+L?YNTedU@#^cq
zb7uO5FE!0<6{Zh_ieCr(<pO>m&(`{dZHz|j9U9g^=%$&7)o3@bvOVJ5Ue=4+-}3VV
z{Ln;zUD&A)*ZFyk$?AjcNoNaTB3Bv-l_v6~XNjL%Lx(r_V!X{Z7m9Wqy5=<z*HKbe
zC@8lx4&7x<91c>F{e1D-aYd=x;|e3q%lRy??io#OY8U>Pba;@wlQT3_a<{a4oB(9+
zre<M|$eA}{O4JjQz;|qsRp3_HYuj@PkDTu-v#}2kUlhNyevkAsGk9<olFljA3M(>y
zt%M<AS@PL>qAi3u42geie6NBn?o>)(xGe&04(ka|FrSaTF~NcK_I$dr<ix|_(F<Lz
zh+y~dS?g)M$+a5h-S-+B1yc|7h8?$(Y`XMT>daa6RhCv4_B5*={F2HJx?VERYDg1x
zQpNoNZB%x)gtti}VZ%U~jH%u~U)^OWB73qc#DPaNA>1n3Q&X&!+G$x(NO8L3&0<|z
zG4auJz2oOD$N{>FjzErQUbn~HOY7nf>fY!R_~)7`D!!~YUl7w2=YLhb9pHOx9`5*c
zpZK`x#6L`M_MKg?i4o_rV^@AeLO5gus;G&n<og}{9wA2)DGxbTn*m-`YwN<g)3Ed8
z-3%V4^;>P)BK_RgZwdPJutgZEiDEL|3f>DUgeeB=Ds>@7)E_-c(=YnOI2UGw7%+q*
zP*x5(ve`O(W$*+1hOtqlZZqqN8|cVs#TXf6vlcT5&HH&{OO>c<O>np)2kN*vJMkK0
z=!i<Nxk(M~utu<-(y+2uP!cJUVqxtgu4L5V_XPP_bMTQ9!L%%i<j@CN%>2wo9%rS`
z=_DFFpdxoyL~pflw~!jF-`0<iv4M@*xDIgH1i~|%T3OX&8F9I#Lku!%3u6PGWYz!`
zHdzMKnvAc$8j+rAuSz=weVjy(xY23uaXSTJZ5iWAnZHLtq|<owhT4ZAcB$VD`4c-~
zix1fiNsokB^`{pCS6Kp<`1|r2M+`QUXj0Qcc9eKw6^KHg_{QeJsY0h4&nOK&xaiMh
z4Z3d2)WgIH)MOTEj{@c+vfU{kyG$QDYEpx_cZ~iD`A(U;PdC)uVcDi-{%vIRAPHKN
zn%w(|H!$O$3S1y|9_!ZLWm+yQMXhN`B=Oj#3#g+S)!V_RT+VmPX061X3cA}kqG50J
zF_);>##8@{L<dRK_O)N+Y-R1n7shqjare>k&9B|x#8*G~zCHI#DBdgh^2_kXTo9H0
zmLHZZVVL4_QIS#4UCP5YQNKX(yJOtC@p?Uh`|8&%c(dBgHB&%Yrtn6RKDp>tJl@!&
zK9;te{n4jyetq0p3l5j^?Tu?4A_|~)A-0r`-($CtXCBZF%*_;?Y!#Fl7me*xe);6|
z(IbZf#A*?L=eJv`E@gI|G~>$q4HiJ+ynuB~td!hi<w57|4xJ~lqPeN7R*6{1KWez$
zI4HO`_ghyYmA2y?Ga{{6^Qw)n;L;)q&Zl3oAvu@G&V!Q-Jz|{D-N{>L2`5pk7TgsH
z8WYtz(hQK28Xso>c(LUcPeD#iDa*E(+@^T`YUNgC)ahoa^1-4BlIUi!J?aYalbUqb
zcX@-DZ{3k~PN*pnNh+KN>~o2oFM~7P7JE6*u2kV*ovyM{c`p!#s$1_9Z-ixj8+Wwt
zT_z}1y>PKUV8|5In=UDfR1?aJs%-I}k(}OXSm@a2UQk7K+Ec63<r}N`KyR~ABZ{8L
zSQ@A!_llpqGwhHIp?aM!VS^w2xm8;AHm!dZ{6YQ`iK8Hvz`5XWY$~aUt<WWS@r`z7
z2OiImyH?Bk3fdg>r%~?PSV#&pohnmcA;XC}S$ui?nb<p1`pUJ5%Z(OiiBrwEUetOy
z3BT+#Y6FcX7R37Y!r`kUdEfBnt-|N?f$qM7O^A7k_8*SNU2`{l`&$CTKse3oTG|_E
zqxM=YCEBrk>a2UPHf6s-A-CoCWYMybPVQDiL6O`9ANy5m|MduA1j{}i-C*q&K#rq>
zBDOuS@08yr=`%=Hdsf$0(_yTj8;~P9oFH*ndVQQFd!Wef*r47{9!vNAuYqy%YezoG
z;qJHcU}bWSj6a%Y#`p=`nKeh9sR)&a8eZyLIPH@q1aS_<$AwEu<fMKtDY$O7OiC5w
zF+#&!@7$j9kbKljNyJ+tXhLUk3Eh>&q!^3Z+9pa+yYDL=+N?rzT}L0b;BF+x8?g{w
zvU5x7p+T~!Y@x}B@5w){IlBW-@lH5JeyVCe6wybgSc<HLl@AoWlj}4vR$n?6;zeGk
zu_{aR4WObf+Ii)R@vQg8FKR2R1*OLtSnFDG?(zU@3Qkrja5W04PU6v8*JaAU`MJ~`
z{af7q$+k97U!ji?aQS|hHbqtcc4TE6oWK{YM}GS)zq#V8J~T&J?JKP7lrN}Ufp;GJ
zN96?La&1L&7sh}Pb@Hcp%qB6SH8SpZ8Ec;1enR+4UWjDM?FXSc?t`uy_pm@$bVHJs
z{<mlM*lo#C_doEpT+tV1oncpwr@)oO10lDysjGS908IBEL~NMP9eljEU|J8D<13&O
zh<F9ET`aQh4(Xap2`>x~H;ho0oqZ^el_g0%jJ%^$cr@Kb_F|+A0$%gi8#&AAGpS6#
zqvtX*ltR|(EIgU78m7&Tj>h<sNI%IIxwyto#P2fw8H>W>-W%uh^`-=0qfiZ2psw!E
zlu6A(f9BoctWsq0jgcWbdM%g6N<H>`a4VkQLBQ0vaodAleCS2oc|<JlYquRB2cb+F
z*cK{$7;AThg(>(5oVtD%V%39k>zi8$MSx!k&P|af<~|W`+Zem(Ul!D|k5Z!ZXnZq>
zxEqo4K}-d3tBA+c^QN9W$A+v#+FO)-y*Pf|cD(WR%MrisyU%_Lw?{1VXQA7*Oc0vu
z-o3h9WyEx{ES6bw<XyRECBiMQ|Ek4qu1J|Gv8IyQxgeaIP6i(4AXf)!=<muRo0`$)
zJ&zw<RHeBaO_vkB-*p(7!jL$7)99PLKVCj|eYYbCVfE7!>?iEzP(Iskz}8N8H==8t
z)@p&-R(&B!y=Z@GvMGL1rq3sIpNi{u^n6`ue3e?xEH`aT#v;u%LE{Crt4Ur%lvX;9
z$LiM_uvv|*>qn|=LSxBFI6&l}N^eJ5->hY<m-B@80~bJ{_G8AV`18GX<HE{9O@m|a
z8$JY33@Ohx5=aEf@>G0gsl(dzA(4yAdFoV??fNv3>TAwR8M+60e~@Sx_8h$9)|f|i
zV#k#++4Ywc7m72CCGc}uuWiS%%?S8=E!CIv)|~>*Tw86OyaL{HWVZngh}0ynM5&jb
z*{_{5Cax)pI^DKejXT6Xv=>djdfUg%o%=e8xz6qN+sE6D#;=NRP5O{T91v{?x0tn;
zu!)meX|sQq39jBlTf>%dW)(ygr?B$zEt{W5(7JZt_D@=~r?F2BA>Gp5=grI)O_IcW
zt}Go!b3hj!Y%N<ZCZ`%(M<Z{P9P%KJsOwip;E?zp&Y}qQs}X;+w|vp5`7+zB-H85V
zzI!RVv^Q@~64B2kSkB$~uq$KykcVKShh+A1wx<(ULmTCX-AUVSj$lvwrzuXq2jfqt
zSv)4Hy@2j7R#Dw3EGokiRjyM)@jy^=Q-*VL3DAm`iB9@#t0%od+{2z7VjC>@G!FY7
zX0L0~Q4rj|e9!lJGotegZO7F`qSJV#(mmyn^CXAuQ~`m(aD+D1_fA1ei$#jrc?TiR
zj=0?UJA0#4skE*FNR;pIZGjSqjI)*_z3BEsmSoM<><$iOdU%rv0#4B^7iG2B?m3d1
zc*3~PEJB5~!GPF^KaOAzux@J~KA2QA5H(LcH+p_!7H1LfN!dNyu&NHU*q_XEl{=F=
z8^X$%G(#8Ml!5-@Tg4KE1;y)BBJ_t1Shz<D9_U*W1fA{MJo!z^4P_0USFjSzGQ%5g
z85r?r--7E>PAK**ce!*>uILaG7+O-yP^~N)7S~o4p2&AQ-l9BN)I(7GvP`KP=CnI+
zK)c4C#^oPaxgt`$1FNR446f;nWlR3bBoO;4Rk(2LI^NjbP12BS!n%pV(Myw0n_L3V
zV{*-t_9m?tM_Z^d*SPP25L)h@#|4<jvG}_EEQ^}X=hU<*gpPyJx@kNT1`#FQr<zXl
z{GW4jC^yJ?e24CpF|^#Hd&j#4?2Y~3y-}!qL1g<*de^N7XBow)v7(uB#(issX>l<u
z=c!o)5e14=$cfsM;6Uf#(EDND<96t6T$t7@rK+OZtnB$SZrQXynL$ws!~LYuqU5?{
z^LmhSbgW}qTG+hK;|E%>V^vPhS~{XD-izG8!GSg^gWKoXob3G2xEyISa#S!WCq!hX
z9UCJcNG;5}ugGV}B~0{7&K*w`lAXc<H;EgEbTYR&GC$Qh&JuVysH^NYS2V(yw^99J
zs1}w+1UYM|MijD$W9g$_r?rQSTy?aIBzDDLuI|tlXy9Lw<yxTW{uH|Ntwx<w19NxI
zs_k0k*86dqJEdQeuVr5kb08}4KrGiD&3j~6Jr9ix8YVD`Vq`+Sg+>zGA)hTSV-x#$
z73_g@*@vn=8f{sZ4e^Cr#PP=%k@@r8;_R}0R8KjZlIYDqv{hPtl<z@rH+-5E5-$98
zc*%~bkQAFTa2ffjk_#9%l#&ZNz4`KmpQ+93k&?2UyM<YVMjNX<_PF0QcXSrHurFPu
zW31M|bs~I6Kl;vC?s9qh7<>!3EvvX)_xFa$wgG41z>)8Q={}`I;hbeIADrWUyM!*&
zde0faV4uD?q#6QxkMXobgJUrDux*r6bsXDR<bd?`;Tj_{q$+|aiM$ylFv*f7$=L<R
z*+^bJ+W~I)qHfpooqh?9klj0LCXT7sj_k2N({Ae?do%L*c!szR@>aBCY4BBT;kMm-
zl$Y+`Yk#=BT;le2O110psLl2DX;aE4Sw&2`8stBk<C-GX8gN39`yS|BP6v(*)v^QD
zGR8DVI6Jy0FY)gsdA2aO*!{OKFed7wQ7h;$VBw>^N%pEW$if-_r{BAQ7+F_$(lgG$
zS@G}6?!2A+hipss9^;FHN$(Bp%A$BJpBgJ5+#9JHVtN<~fbmmq`TiVZCmRh9<#{bV
z@q5=YxT~|n7Q*01#{_xOw)8lEhNXFFbq;4ob@|bYeNBnk(&mU`q1v{IwRakzR#5&q
zXZ(s6_KYPVf*?YML|5d5=}1}iRW&Cf#fYZmgp;bU;3D~!5J51oWw469reKtv+{T-z
z)Im1nm)wAfOO3G?XTPb>D{^KkQg=k-z)&!hY5UH+&S@+8i{vf7ETJn8zv%hM5O&lK
zVMCvHP^B)aj8>n>Q4o3SS$-W@l6=EYnPGfXcn0(tzTC<aSe-|UE`5ebb58{Vs{)ao
znfSL(N;S1luzr1PP|`t%E797t2o?;r@Y4F;6>-`nmH*2H$a57<?3m7+#9(ZOAayhx
z{hQjZeQBFCd9Rx2j#>JKx7VGwAm+`L<sNe>N{Z@}4ckTR)}R+Op)dJ;-ZV^_^q<&k
zzHe<&QfIlRuBGTwavZzDhPtuntsN72#7T=<lk37`logjh!hRcS@30YHT%>5rfPa0C
zO`E1!RFc3r6h@VDj!vZ<=CO2N>{fDnWf+#Ni!LU%F&T+>=-Vrq<+u}{mxS~5vy=Bz
zOWYQzShS|7ZoML&lsaA_E_ExiS9zA5MsL#;_B{*vEUfXi#hR7Vr!T;_tFu3Befc$8
z!GDpvpb?z}C9zbfyCfk(0;X&8-bsFoH4%Mg8Yg0d-Ku@noMG=8T^YNqpuj^h*_}b%
zSrv5&ts)7B$-7G|O2Y;pzMKN(u+occUC-t5@GIa9K!(K9X?A=obV^+OSS(q0Ii0?k
z{L2-Td)^Bbn>(<aAC&m*y+S-zq#A;2iT+@evi%n&x~)&oGg66nhab(833nrTwkDZB
zNC>%1dT^f%75m-OKVq2E<gVs{DIFit@mpVy5-o2w{1KFVVW4HTQaisJpc2)C&}kQJ
z;Y_{k&|Z~h7&C5XaLP>Fqs^9`ooHO~lVcJ2h_Wyxr^;nEDdkq>BY@SW`@?j<k3g|K
zMB`_FPKfz(aKQ9g$3xxZ<a1`PYBb$x17i1ju(L_pZYHR*Ww{au<XrzYL>JyA?BF5s
zo@8t=Z5nh58g2y+rHBQykR(D__4ODYoNFSbbWzAb-J`ybp1MoD$nQ7KB)VOVXTG3$
zn}?Q1>#ms90E5cYz58P~h$gO}1a#FN%v8fFjeRMORGH^if|5`d${E&!PD^r$<|?=1
zAIM=Kg`bawsvQBv5mKUU4GGXU@pK-$Y^&~MOsIV@YQH&NLP1IHa<YW~s0jJpZh?+U
zqePRi$wJ>OWpc0hO*$RuYow4USZkrozA4-{89Byd+fr!}Fv)BKIsv|}`a-rQzx<Wb
z{OtOKvSE3U8Hfek?*!^QU3lOk-`r}tH6rNp4S3Sqcm6(1cgh^Wf7!nd`iO1O^BwXm
z$g=C%T^fVgZDQT`n7+iOvH+(DKkSSRVMcvk#gslyUUb0{=;^K!#V<!Cha;<jEcyC7
zg9PTe7Y~#w8n3>Zdj}oBxsF`}^}RywO7MGZ;qZE~m*on~ojTu?g~J8ggnya|C+Tog
zyf(Rc`M%=`z0ZD47r-#KKr=+*cK1%F5X+&<qjob1$X_f;_f%&FG`*KEtOU1tC0J*@
zxq{`{$JD*l($x+6vzA6QR5+Avj}}=Zv_;lnaJ%dAP;2}?tX#tZYX6|V=FR@6nf$Na
zwhT~Wm$TMV7YEJj;6(O=Nry4)YyA?*x&cP~U!oJN!8BpN;teDZzy9scc-}C6)LFw=
zIIJu(DsMIJ^5xkW3(>>`HY{xkay3+zF8Xo-EPJOW9$nY2JL<+>7v_;-vo*>^Ks8eL
z`N`I7&O`Cvny8|L6_7Pq-No5f90=NqwN0R{(dx488HQn-<pNx!o;~i`vQ?qYZ8d=*
zEhN(RAWvDS;fngmlaAR+*ruvmK@a)PwgCkz+Lu81#hp?6rh)H3!{GB`Ou~O0?zx=p
zy8#WkhpR3YX5fLfeqiHA=spofw;QeliVTVQ9dE&}H{8HJe3RYpzRYXVvE{7%&N}Nm
z4EwTccV`)L$!+^A84Cnx(a=FJTy=DMxOf%l78kJ7o_@Hp)27u<Wdn7w_uTZ<{tS+_
zGe_j5vY_YWyw6@U)?KFb4hFu1tttk!e~p1PUmim)+BP2&<V_PE{#}oM_T;$(v3q>N
zQ<_b~KC8>Jpt7NPgQb>D4}6_HkC`mq{S`BSo>_-!8)ygAy6>gab6ob;7kkREwN9E;
zp5D9nJ?k{;KYsV0RS(^Tjo#bR;NRP_V*_alZ9>Z<wSWK5k{!MHTc+GxdHtDHB`~0U
zq6c+Nd(3OF?|ifC=ZLEs$;^s3GL8AaZo$ol&NKUmHu?L{2Rv|(AJQzdmr@D;s^fC=
zq9+A0?QQ|P=+-lEh(Z_i5j`J0Scp?N1YVJvW4YQTIys5^f7a(e8WysQ5%7N_*`JYv
z{#jv;=;K`RjktKigF0FE_wHb2v!X)&D_uA&NvfxqpGEb6QFtsQRK5f?Vpc*{nR=l4
z`;DH!Jm}lCt6aRvRcX1FNT&3gQ-^L0RIp0_&wGOZEJP9=n&AykE~RQM>i#>5fYb|U
zfI6{lK{Hki)ZNX?wF^ljw3xVqCRomC>w1q$pk?tm<yUET-o-iS$#gh#2VJhQfxwz|
z9f4TB0Kx-ZpjoE3sp!UntS-1heJtdEOyLZ~x=xo+;lpoXz^}c_gwrm;+$8Ska^@F`
z5_UYjTxkC>GJhYvp-Yb8Sv+>GG^FD}=IAQ$A8|o|6BX)U?pjW?)_Y~2P8|ad8|2o2
z==SV6qXfyK%ebx+$D>CvUvxKLE(!I!C?A1#eb5YAkq8;dE`f%@Z*%*QB!%r{w_cee
z(iyA?o%dl}EUE6c(AswLPGx@Ae;>5{+5$O<s&ByNlnZiS5B7o@X@!1dM0ME#Q{2ne
z-0bS0@a?xxYCc*5r&W_cT1Qrj>WNl?7f&+Ytjo|J4+!U_lE1A02WM;VS5C2oHTOWS
zskR-AfzcE-a~MldZ~kiIJP=NBJOW?J#Kq)jte(<G3VylnZ3$Ur{%?r59G+Zv^kV-%
z1I0!G*)AX<qg2s#?fyHL?c6eNjdo{2FQ{$<ti-nZ&a>Emue0mZV0icr^2UX1be-m%
z;Zcd-GG4tSQHNwp#^L4F-#6DtG{lcORbtn{RM>axqXS|kc1MlZJXIy=T^1wn(*n0{
zl@Vp$e$QVe!BOh450-!cSpr=g?#VwntX&i~qd&6GKU8s5uLN=PdD0zb@2#XMB<QJ}
zO;-(sI_miQ_n{B#zNV3yL#veU+{#AIl0JeXdpiH27&JzYTf<sy?!0jvjm(pP%!gmf
zU01%l^Ohvygrodhaoa*!d9BqXupqZEOU)MF|BNA^oD_KrRS{bH<KaN|#N%Z)U6>R!
zpSyt_^QLWq+xIUm^`Jq`=_{Iw=nDU(97m>X!&I{Erh0nH(&bwJXQ)FY8PbIbAJo;N
zCAt3-H+qO5f1Rb<DlYOapkq@T5_@TiFbv%Br9YiRf)HRIHrJE$=Vj$8q8C4cgj(67
zx#o?LAF#we^=-6}sN^QA>zyOx#`}}hAiGH*b`U<=52lQk(AnNFo?P^$$8RU6Q`K<t
z+bHerdvf$1_L0lEC4F~50H9bqfoyK~%RLP{dWqy{=GC!|7Sh6mmgA9KPwI-pP9Rg*
z=fK;i`gkpTSTjuG{16GWKMKXQWs~Mw$XMzstg#4KX>4H?FpvA^<rS?QYsSDXynoH&
zq#ts0wgo~nz-&hDdYB|~0#eqYbK6jZoxWHHKG=y!NE_e<8`gEomcS%9aFPln>*JWZ
zDhG%Da{UHU6fBH&x5MYaGdyQ&SLJfvQlokM4~2)SjkELqqkoc&ZT#iZXNC3V(JvZ|
zf7UuuQhyS3IC5By|AZO|r?#8*cYzgXruez1i)8XwMfArEsFN9&Ve;{9RJ<jHB-17;
z->9xlkg~7WLU`n`GWpWz8R*S8&}7G&i6W@hla)jz=5bV5Y3{+&A1r2&oJP1w$Ym%i
z`@m5ZU_~9{ZhZ_;Um(y(ssbVb+Q4hsW^f;eOF6Ex<36Xl#L4da@tQ30NB3R(d*}Az
zozIW@z3R?cqE2%oovjcsyEh6tA8l$XAr*vt*U>MoU!~?Im=<{ADnk@#_4ad~j4m}T
zLo;J@uX%6@*o5SH1^j@#q97|gbN^kHvw=f9NbBK@B=ChpWi#zh)%Ijyr?@}*L#Q{(
zc&+1iVr(F0($7<_bi_gF{|IU9xMCYC|1)lPq#2HWJsO#u9Ql(%OhOxq;f@9{;7w1b
zzJ>e_Z>R0f>l2*dUd6vZ8>S~4{=jR-WhLgT#dw>M#~GxAbAc{-Rv094Wd3ik$+d)p
z^8M1g63kMxQwLBpFB8zy@v7Kq+cdm9qux_eHQJqU31xvD5(#CoBRNfvO3?nV11q0{
zfAfN}e0j|hM>iDoz^OH2VWQU2AM9&CVS4>EmPxpXJ<5KTWP5cFpOh1cvmYv)>&>Q#
zR*#{Cn&<V)?t$_Y;))&6JBq;)-}YVtS`v2ib03wV$UFam*a~b#KTR?at>4eH<^a+o
zDqT<pT40GSwFc4|9FQY*EoZn(kI@?23dP&3<M~qw8t<un5s50BZ}8Ed6m{GF_qS<8
zQ>&Wp>-;t)7QjRun~Sy(#6*^`@!DO2`9IJTWMdcX8?$xDV?Lnp1OXXCqK>T<5^o3c
zn4{e3k(VY|g}SYfjE@3k0;N7TJJiah+Xvdds%)VSbkRAKYoAj8tcE|YY*<zwSdo8D
z*4S99Zx{QiHUor7#wAopmmmw$CCJ<v-ql%>vY(5DoRmdDgvd)afW58(z=N$f>f!cX
z_;vjDNXW)|3H*XN6qF0SH43)2VPW(8yAPp2t(!4y`0cXgAJUHMwgN`?P4j*wU6AAs
z65yoXbz#fe{jq%<K4la5#}LpuEHct}hxk(Zpt(D)ZZC6TBu)_cuKV+bI!Pyvs|#c&
zLRuXyIPB0H#gmJ-`L(0*U_ocJ^9?^1jg4gEGyq;sY`v)u7FL;5OoVV&fN+i>{B7t8
zY`#r}(qq%&IY|suXqW~|E{mg~=X%^8@4GV5!vlqd3S1$+zg)m?6O`Xo1`}#$xe8HF
z&r2bO2#4RYUFl4Pcan7LfXK&K`@;0-DU?DmPY)5{1qGf24WY>c`5~<N|4r=*pwc{q
zJp-u8>Gl?|=6;DqqD+%$UFUMCl>_s#d0Gj?O7u?s!c!40klM%Ty?#g`sTf4j(MMHn
z{P}7y?~au@-)o$n%Y$z?^}6IzAdwMKa%C1s-745U*&adxG0?#5i)4SYk)G$?g=B*c
zAKt7PfYhMsF96to^89RGaiJv|ssxq<$}5#NOPh(zfD}Kga*PYWAdi*B_B9_0Vk?iI
zfS!5XshY7}py*>eAcZx0)X*wN^IGQsR4&E+;wK{#(~I}04?vY@hPQHEqIC~SE|9p-
zZOHc!4=W8EU680>T&!;gLUc=@Bl@#S=OpkCUz?q5LrY1`$S>D0gmg_@zhN^5{~p$P
z><pc1n+;_5zbNz)zv_P`)M_ukc%Bygz->f5EoJF%c6*He*uMnNw{sYv!6{b5_L4r+
zLpaSj=v-bXf(4`&b=*C5xOe{WUqqTIr5_X1MAZ6_&G8u4=+BH57&)vWQ7i8Ks-4z}
zJr$_>bODj7z$UdtP*Spi`8qvzaqn6MEGx)v%dIBN%^=b0Jhj%%yWBGO0(L%qD^8kG
zdO_lWfhMOvabLxwcNg5eKkwc-``*RsM8(_15h>F7z22U+O}B-n^XAfH+0#dwKg++p
zwK+`fZ??-VF-_$?=}GDqUw3!iPx?9rEw=rdgOu9#+%1<euguBE$lN>V<}Vaf{pBun
zY#K2lFU0SiK;kX%i?ai)M)Lf?grD*A{*&7AdHw>VrkeAE_eHZ-JD9^mfN>7ii3=aG
zSHZ`tjI{ZIl2FI_JJXDL9XEiL@x8_uU`>Kaf!n}WqEA6Wbn1<`izP8{XJKE6`-U5!
z1!7EV=GBz)^770D-h)}iVPljF{CgE^z*NgLzXP<~?h#TN`nJ>GWxhI3SH^+M`k_IU
zc&=pTBA-^iAbvdOH7fWo@MW+3^_gJ$YcFf-wkNF?>XIlJq@Qvc3bCtgG=6|Qq$DVV
z#1nGdn1F3JpbaZsUwf==5(5K8q~Xz0oZ0Y4=rXGODDCNzBse24zs_yZ^<+p#AVBlA
zvUik8oNn3f9hap3li7>&PopoB9b8NR2zkI8x44OXSBP!(sXv@)fk+%(@l#@qbfG`h
zb7w^&#(94Vy^0cQ={tT7l>LvM=#oKX!*<ZkJ|UB?Xvi~i$a(!tH~2~)a8HUewY@F=
z@lBu53V;Hy9-Fa>rtoYrU*VPUmA+rbu-LT0bx7)14SiUA9F&V{#|JfvdKu6sm*mBE
zz6uQr1McC$FR7M;k;~y|R@T?@(+&9kW$iWDs{d;xGF31jIkzL4SrrpS2$_vd$xH)W
z!220O#Ot{%#V}AdTi)?|TvZ*wR#3wu_R1FYLu}^1+5bJX(D-^V=u`ar)9>#zA2t*!
zoIM$Sia`opo>W!;0p4Pv!n0@7ufu$`HDk35->~)%4Sm0#1TuV44^MZ?+LwYEU6S?7
zry*TcK{<JR`FH>E#d{48)`W{o>G*jrcrD`3btO@xS*9&Zl(vIDQ0O_Q-Ik&Qh`eIq
zEt}z&yt15=ima@f7hLk*2F!Dkzc2m!aV{_W;TSbc6+9ee6>5NPz)y>n7&d6SK%Yqr
z7h+G$$D##ioYUJK&x&^6DR904T>=H|`PoW|vA+sxkX`0NH$0sq|M#P_s(PTvefo19
zB`*Dm%pcF0xS;!}N_sC-Y~v<s=x=@<4}*l!iW*Sy@DDNQTvyZJpnv(mdFIh$?VJ8^
ztzQ!Z$^Ua<CC0h?m(%(8mjQP0(C?RGwuM34^;^`ihtLNpL*3lm+&SItKY*R9rORe=
z_d#%gZn{$A^7g-<;TFX<@}JTB{eCdD8Vb9w___(Bv;VoPs)P6Vb1yO35K6Uu17Yz$
zuW?na;eQ_stPKzEMyfP}xJLLv?%!u_z(>6%wx`Nowfb>qH9fqq(E8IOFk)<XFHU!_
zeeM3`3SNe{H_`Ur+x;DP=xUdvcXkI1+;f*roxcyhn%oejB2EP~7q{G;R7uK!fY}8t
z&>neCqL&ai(u1m(_-D2MJ4Tw%8;I^)UU`554A!yqp!na<?JZ8I1!9>7mlp{BL&!~f
z8QUE&1KYq$7r9aJJ@|hopFSbFXy!jRkmN$guiiuL&bs`#y*K8*vZ{)CKh2B9++PUh
z%DO25l>WS0?^EcKme07dCF<gC{sbf|gVvCVoH+t4{h*apuR2ZYohgfgUe)m@WL)*9
z#k|#fWLanbK0GUTE(T4_KevSD6L<P+gE%UsTs8d{c+S5Upp5Km1_dXI6OfYIJWn<$
zg1PFPLuf?=>VVt5qq*zQLzY%z1$Lrz+0eJ(9Dzt5(81z7*_Cy3b7L?6W(%p<tmKqt
zY*jA5XUnhtSyc)OFO_xxk|}`jggy-j(~XGep)gD@#Z>Xyk|h8YsL<i=A!;md*#5q0
z$yvOK^#6KHFyhTx`V%0=>{x6J{8@D$!ZGN8lLu@uLS`X|ISgBx1=6!f0$SNSZPeC$
z_F3JW)$EU-S$*Z(#bJyEQ?Irg4m7#0877#-zF`g*<pIU{LF>&p9b$+v6P|VlRAVp@
zRu!{SiRWfqPW3uJ1Zr>OT(x`ZIc(?7YoD{#ZI&Q4Dl`6ZmoaU#%uPsJ6AnOe=0H!&
z8xjP-dBI`_-+0?XsVM-EuzVTirDNC24@ZOwVm4Ar3#7}1D_6rzGh-gV1!}L1R`p=^
zn*T5Y=7<uPlL#!C;oJXC+uz?w?qkrTfvM(x?VlG}OF9AMUlHI1g`FMDO86@S&DK;P
zi%Ppt)J~UZt`bP^=?q~_Fz8O`D5R)2R77{~;g%6HrJ<SLH>d<sgP9Dto3j7_sggO(
zxR}w{4@ljfLxOe9s0<X`4mZps5`T%EA0o`PPa_M={mCA$=GFnnKJ_chpiGg*9nJ;s
zwb3Zh6A1aY0cpEbh8meq{@f}nQnYMf8hYBC0r$0++lLutWo2{630Jd>oRUDhGdokD
zZqnpU_@RuqDG?N7{v!}WOY)!CDFDUJUWLuS;q^lSdb~EoDTRQ!2>V&Jo?mf(yndN2
z!^zfu(DZzOxZf72n5h67m_7rYkVG&<h7B<XzXGVAGms1D(x|1-LN%h26?O}I?cR_S
z_Hxdb{I?)g^7mp!Ig)#d?)LDS2Twj9l5fA3UvCs?nhoKO;?<AAobutq3xl!{E}cl0
z=0b-LwM|RFC=3$I1&8su_iC5lTVT#p(<R>14>;RvEv^iHlKm%G|DDpWQAa6k{Qmp|
zGJiAYBe(ms;lC%j2ctf{7%m~tBzR#)J@Iz|_2bSY8%{?H@hfhk0m*<SoYigtXDcY^
z&sODp^*c(<hnf066feG0$U38bRblXy$EYh6=!2H_U88flM`!}bqF@kqxG;3E`xL=s
z=Bz(O0;KA6{!%U|;8!qvF?L`Zm040Gom~raU_Qug`j6uv`fUeb+PjZ+;H?w-zE{<&
zA;<_{&nwSz@Ek}nsU*x#3mfPiee#@Ehh)0vMstOh*ZI+kw$}f=$@h;M)-Ms!pEMnW
zTVp3@97NF24TV5V^#(g=l9w<yAOd2wO%p19WF;D=`IEoJpwQtSduCnBz>NgO11E;c
z>II}n2LZ$%YBCnNMY6afgfuRDgL0F}Vaz(VK-vR~w*V4OEjnBX&h|KEm?$1mS7-%|
z(uvYAba=df0F@T@zyK(H%M2n-edi<ZQCpR&xzY@k*X`$N0epl23XBiKwS~b{_ig6`
zM<`%Hn-KAzo7H~3s1C?aXKtQs)l2jWG-L8k7MA|A072XwL9fyKlfnMXWA9~h?v0^u
z1^ud(!Ucbm<8{KhNEwjujiB6r`$1E>*Vt2wJo_8-WT<y~Mv6hOY(LyV3?o7(IuYKG
zCV-Y@QR@O=HC2;rnsDGC8I^odNb7|pUJpkLJY&{eG}ZGS<I#zg0twvAc9u+9S_y#}
zXGB;k5qMIss#uGHS^*&N<6YXT2#zq$Vfj+&V|URwjHtmu;KmqlKXM5n8t(|<1GvL_
zZ3T*E+;sT{-WcQ$7^zVO%(H(-BCr_mpoYo(O_cwv)EqAE8?rAZO#T6cV47>*e@)m4
z#IuP3C9Dg@ySo7Q^6@n>^{gVdo3FJu;c+FcLHee1cV+!_V|5)T<1O+leYABZ9zF<Y
zr=a!N8!Q5mI-{Lwr{km8uL<Vf7U>{=Il94EJ3afs`{v}7rm^#)J?zcmrhZ3&jY|A=
z*A73NgDJXM{J0v3+xZOiq`3X0(#TSLgGKMo4G8NxeE|v|&aY2Hv+f$U1RVl?gXGz(
zN)rIIE5M3b0D(mD<TMR>^nbGXe?;Bi0T-7q3S>r8SN<CEKd+h65w$0)3E>Y^O)L3+
z39TgYa_olRjMZX-NXDgJXvHjmgePCp%x%=I=e9`(1wq^ogt9^ad>h6*0)h@~-CXtV
zEAZTJ0E6!U{Xl-;XOATyqLBAkp`?yb>qoA;n|~DqvaaAg+HxJQ)*9g`?G=#?qoFz)
zl&$Pr;wH7}_&1{bjVAwK!v+RyN=GVmdzH_BqEGX)53pls27_#s4Ay_!h1{L~pub$e
z(_c`WiKkr#Sp(112LSUY3qT<-{9)9sRv$c0t&O_wW02vg(Jhe7Aypgp|NnG2)@<ne
zckv&qeAubJbLMpQSMKHgub`4+1o%r@SXgX7_z0pDBghmNEs(bOAyE7kQ!rv-Xzt+x
zJm`U9xEH94fSzVw5J)qez`)k2zqI!1zn2Ezd3zEUKKri~r(cGFU)>{+M$0-di~6eo
zx~J+*Z)mCfP?P51;DF|#^G+)Tf|>s4LH)HIWH*<}%5`2-#ro84l7H87&)e7S|Nivn
zJIQoZ8NrRARcxz&A~|1V1K7Bv2lMRV6Z=-OCmHRyRu%IB=G78jr^vW^#qR~BL-OW7
zuKj+-fRNV||5S@m!G!(I<KR1d^wE?3?u3()E$!Mlvs4cO$kfLf-~-dIc;Ol#I-069
zq?4^?f~lwHGx-ltji*JS6XP=<%BVP)aWewp><t8M$hGvnCw~;D8I6Ots|6OG(cpaw
zt53C|VD%nh)JXr=U`cwPlgz1&RBzR})hB(BI7u1BgHpO7*m-~3PUmL%xO%%no6s3l
zk%j;@geY*;mQJUCA1t|Y(O0z;`>YMhE-BPiPf#%KumBis%k>%UPmK3YV<>FGWov=*
zhnCZK2dqU~pq+D40sacCJ|Z;RIw{dN+5d}vCB1R+YL1o@f%hyPZxSR&U1FaCM5<QA
z0%T3Ix3sH1U=qBvwpPj0bKhw#-D_{a=HA@}Fo(9r40AbTRHPe1loUEPQpe@}YoUEa
zw?9a#0NCI<1W)~)RAY#282<0IBKZ{q?5d<<lq}D<@AjUFtD@e9CZ(H43Sbv+w1v~t
z>sUBp^}n3`zCTW}FLaM@qMmghY}JWizus$&cO7o`y(UgMu4AVJ0ft&3%d#nA?qh%@
z<Bl8700Sud&FkXK-0joZoLDcS65?E2zZBF7>&IO{(GZ9Mkni?Oc)cHWZBX8L176i_
z0Q~t{yP-;~;RBAd;eWq25Q0C|y=K;gu+k^L2B6*@)wTmRpm;e>knQUQ^)s2(PxM@F
zLQ#*?A=GlQu*EQ#W6Ww-d$W3);6%S2f@dS$Ao(Q5qV1$xf|C$RiR6iv#Sgy$Y;Wm!
z8$!3D2jA>;*G$b2Z&*@-Kt&`3fo3h!1d|1@2d4v>A?Q|}f{hMBNVy6Ei$wr_$vKsr
zi5{<}!$DntSto!ea4G%z)!|3>Oxw{)D!r&rpasJXTOg6s238)u0%xVMYbjBQv;^Rp
z_X(`t3)9is13|lXP~Ol19>CTTEGGEzk8G#PI%vEIU~{h<OaXznT3k>u_{m`>zB7s?
zyBCTh5I`yI3x`%Z9LRiUj7Q1QC?)XRgi55MZa}V(5p!>-r%{w}1sXp8zvsZ80EvrF
zhVshq0?6ho#GQchPlDrQtsNK)Uk67<%oe$?o)MpeMTViZ`KZ$%4isOd(+JbATdzbm
zd}&<-!n6~5O&=?(yfFEZ8K>MxXbS7};FiH&hh*J-x$(WD0Txcl+5425(nS1O4NU^D
zJ9Y8g2GZ<h6NW{A{%l3NCQ1nDm+LrAn(RP_8cG78iFgVBu<f|fy7$MQ(*v$5`DC{X
zVssSPi|%cJhztj=25qer&uQA}z1(MXojUOaAdiFe%*>nTD_-X;%CLFAK1V!`Qq?4n
zUz0`O9j7t29HzuTA(niC<>o*BB`=Qy$_S*~jQFM7O?d5K6M_m*9R?xPf}FYwAW0>S
zK}UsJfKW|}<%HKtvQySsD}Crwitu^fc@U+seb`T3m`9|KfRO$5ZjN%D4S>nvpg_t3
zFCs-$NcY)}^EeshE7V6c1qN|<>T)irgnv*3pl%$|MIZksx_Gbnnoz1P17dv5`6XOg
zta{qQp$*g>?`!T1*ks=vr>#D-G|`vvbU!4h9(ca?sV^MNaOEc+kMCaz>@zj#p&6f+
zt_Yfx#17zQ#+Ax~A_*LX!_0i_uLA*+xM|FEx{xS4TYl}YDN>(@p{Da#yydwdaKQl!
z)&fzvu=U&$AIYn{;oRx?4))!-3{kg~<ip#bViEy1*l&))fm(T%$+?t`5eV4ITl93g
zt%@vQ|2a^7E;E}d2)kVLXff(GX>)pI;fMY=BrKTWXs&>PL1asund2@IHa#^8<zE21
zY1B%XUkUZK9Y!A+?X3=acT<46!gv=#-o3Ii12^jr>Vbqbq<$aFhlwhS{<Ojwm5bfZ
zd_=gszZ<+ymdY(q`R_oF<o}ejV$LVtEX8F3{5gF4sZFh)ohR5G!U#B;Xc~G1=$j^}
zmf8+p$^3_h0^qd}HAU$^M;}VB-V}3pS-&0jo83xk3iXoa`qt97?*e&5h+kqixKw3+
z_Dz&PP+P*Fl4=h|J;k%z1}UvSc6)?0GK-H)uSRoQOPs^t4c&VbkzH-UI&Ss_VgZ<#
z^gv$e;LRbOuKP7*(b}u6w*r?0TP1=%lR{8<*YemOH99@qF_$F~P6j1~5jam14E9Xe
zp|a(0BwL(JC}<b3^Ml5*@}8o^-XSzCto^3Vh*!Trwa#aOQ&Q#*;(2JOz!a<4a*!&)
zR*btXopsAG|F{lG&z<5^WH%P#BPW)z78iM2AF~HUWVE#d)K(fihsV~l*Yqwyz6|&z
z@IC9g24vIqv#3p98$5qbs@D#(AYX48bYg>_CS%^C$)b&adxC}TtKU^`+BI87zP8j!
zi0v`Q?<tdJ^*?K!gu5E`7FB}ZaSs<iUY*<T4(Glu;%EuB+GwQ)0>*vj@Wy|EASH$^
zw1m*T^Ffjy#C}bLgFWe=D8(I*n)2*_-V9(;x#qC3?$3dh9}M<2Z^v`^%B9&5eXH>V
z+NwSg=;0}8`C8a_l0Yfn7;3+kt&*A|O(NRmCzofFo_cI(KpqJOg4dY_Z+}l|&SzgI
zKGNS42gW_DSob6Kpu|{~AXX^8(Y119{UkF^Po5FSlm{pnixacsY(|G~zB*~dqE{3=
z#CZtd^Mw7dlJ6DSSN%QI=!6ru7)k-0cEnWp#HL5WYp_j8*+jn4?f)9nAbvf+n)Au1
zu5zLP$JlePvxZtdv?e-GnmBHJ9oM_P(U|V@;vkdD<Mu7Z_=cBBz#hgtHV&dP;>G;N
z!E9cBc=DDvYx{jh7pB+tF;__sk5q-<U1A^o#}Nzj=&<d%vtqz<+W!O<THcT=K+oOa
zsDdC=$L>`miDEi(594hmyVs78DR|QFI%nvBgnW?w=vV|CEAi1b5twz~o%3iwL{7Xx
z>rNn>QP>lEIr0e*?YAGaR0KcnvDuvkV)2a@@<FDH9g&U9-lk&*01wBTs;1Ezkj%)5
zqP~^L9$Au>40LFc|2p+d4?tKa!tI2W&GE>y(5J%!6f>zkP4^yf)XUjbgpAt*5G3^>
zB!V;*!w)VFc4M<8NWw*t4}P`*_D@q1klGk}_X42;gzwAi@l44_7>ApoG6X_5!e9$Q
za}wg=!fT)S{C`ke*Qkv$ig5lHJoxYo#R)>JXSW;JsZO8ahld;7qUdWySXQ_wT?vq@
zQ;oypb<*)V+b;ra0G41wLah<RK7qu;ou!!Y?p2vxdX1<ZF3MHY;Epry5*%;;8l^)6
z->U)-c-tU4Oo7q+s^B+n=Mbe=&F|#03vUc;gKCNwn{4|*43vH~v(<klZeI=GWSncn
zCxb|HT%+v=iS`YOp4*4?s5E|L&X#ym#L|*IHI4NKa9CO-#IJdR1j$0J=meHUM>rP~
zWwZxQIw7Wk09jb(_LiO~GSK0hw&N49VK*|z4?qF+n!ph_4n>xfI_{@^KfclbJi*+r
z9p`@g1*Kg3$L<T9Db>b0h*_Q_{xG-yp)Rt?&6|+mas1AdJ1{{|mP)6=oR1XQdqfaN
z*uwatsD)UeP$b?vkj#|JAOUZM;q<O)PrS}(<szjILk%7JeI!Bt8;AVB@i%hk+d(W%
z0yS|(^Zlq+u6OpD@o&}q^n*KdanniP@-xHs-cB(&tqFt9G`)8*$@@AcZ}1t(9I%!g
zOy%tCMTlv5;RJkFv|fJB^cjC=g)7B9<CWyQsRLnt2IrXaN`WymQ>8?m_`3n;I7vj7
zX(_L-DV*oUHc%LVeq^xsbASMJh|)a8x#D62g%#M0;@$%l5B}Ns01>_zN`V#>DD;Ey
zwy9B09nmk;y1d+fmh_7kfymjip_nGz^03DJpV{I~g^{cFn{e}<B!vOa903%Hy?hfm
zAfgGKX7!y7b|aSQ5(A%<s;?_5dk?wv1OF@N-obE0TW0&<H?Z=59C86G7kCp6O9qwD
z$8Cwe=K7<>JE&w3V?K2wNXlj&(60FBN<j>0f&-QF{RnlK^~;GJ=0Lf_o45PyKsLr0
z?+hUk)yqtONP1$LXoDTz%@{AK75F@N;jRce^Mpi+Z6gLn#w|ZVh~p!D;R4X0?*RU|
z!W<SCU1Le-t;CEnbQG<l`im0@@*nS!Mv2IJIMMqDA|jrI#QHUdI}hH6<-EG+H!_)c
z$coNpI?)gzOlRQBKaXdMWAK=0YUJfs&$(1Jjh?<(oG3GP!2w{3s4I%X6CAI9{U~+@
z_8*_)m})Sx-fIZ@KvZzIfIj>qQ${1A_{DSfo;%UyyZF2i7oNYSLq5GEkMGR2ecltk
z*Li|%U8vmfh8ru5Y=%V#0Wl#*`yZ85{JBZIZoO!Bduug=SCbvjZ(4u$OCj9fP-07^
zNy{(g#rW75Idpz+l7G0kgDE&e0<R}p+Bp!-nFHrXVV@9AL!ln${Y2S3J9_jY0DsE&
z9(;xlo>dAXL*)I2oKy3w)^ea7p6qsBB2H#fx%fBwk5;7eK@|}}@#14)cSO1UmA`34
z5&f{8IO}||ob3<`{e0f<LVrPGj{NLB<zFr!5XZauvc^!=7eE)){5J)8C*W<rplZ5a
zdV{nvm;5vlfBIto`9+MWg_d>g{zS;B7Om-*xd1W2*@RJl>JxOl_@X7=)FVa09EK|m
zQht(e8OeM&{M2ke1QcSF1PsKsf8E}apy72vF6v{FqS9<2;sNx3H_GWxh$4tg1&Ls8
zP;LV{>ZE<I$of?SZ!?Yv_Anvo{A_%MK|j|MHHnfYE%Rn(1MHeYW!e(ILS-ADb1fEp
z$q7FjtmzG-hlM_q+*)4C31(X8j^>#NxiYi1h_GI|i`4H=pFTDG?l7(-b@f}qet?|%
zPJ9+1k2sM>$PGICuAbYiH`jHTQ7BMFEQhgB=;@lH+NC}PdDPzSA>;!*0z*f0&n+G1
zl9cTS^r+0=dljSlBh5?=#?o}ghu?XrSXx*FgOY*8S%qR6DQ@UUKT|FGKJW@bT9RR+
z?3i7B&x?1>3>8GEMj@a;egc(EpV{;hONVxRui#Dtlwsfg7;&*8#sgnyVaR9|4u8JT
zPdJ|sN~R26zaic5(5EX1A&M;ny4IL=t>puDub+pz9sAn}YWUx_S=pzaUUI4f^#JOD
z<9RcGw?}+XPvz+Acep`#n{%l-H6`i~va<hlYKnHD7CXKBj27BWn^EkBoSA-<hYke*
z>QCPp8z%ox%($Ed-ZvW3A6Lw$3J81Jpe3uKd547c>c_t2AJbxX?jaDINI3GJRKS)}
z6*Oo<e~-bNz`cvhYfX4(Ue<YPaL3mMrM_dN=>2)W;+<U4!#Q8}q55vZFazKA#zJFR
zoY)@XsAhUgJC7dhCgE^ZgNGHju&yB$S%pTVC>aiVnRO4Hm`o?*MO|zOA2Z@h7iKvV
z9B<^0ytM9p`>vUylGdAW3<r4%I6)(RY&>o@T*fPHiWR=JIvND{+!k04eu3D_G=O3=
zzeQu}U~a#BEzE2zTGR-~I|71=lx#oIb&)REjRPr7Ms8Z-ASAL6h5SFpzB`cWw*Md5
zTgk{Q6(S?qo1&7{vUd)$$v*Zf>Zr)fx~V7`*?Ywa$0%}a$6m?aqu=#WM9*_SzwbZy
zEzakBuJOLE>pfnt*Cil9^T<cVYX^eY;tM>Sj}?$7C9^FaqoI+cc>+Lev6g<`VNFko
zUXI4xcHNl@U%RWMq(ppS3`@l(G3xuoPW?=4N(|xXsOQ)@fu#A}vsL*ZQR~$Gl>a2I
zie`&S`nLgh-uX?MtszO&R%Evap;1njd6hF;pyFvy$cNq5Z$V;8TEu2jm1{1e9w}Fa
zc#EIA8R6Wq@g+?#_>urw?!bJ}SsYv7euzAF!jXpp=lL#hrTp!;Dr9noj7^DxJs=;S
zBnE8Z-IBK0@!yk4hl8^%PyExoI@f1Ik%q^uCV)uR=e%lpqx9K%melRqV_U%<_S^p@
zR`!*Uv)Mi&!J4)R?i~_EKwj;6No+cshwTWN>mU;i%V4FJTlYnt%n4)YWm9-!C`kBp
zH0F})*;Y`LjAnlP>8X1SDQa5Q;}kCldqD|^oAA+S+z6W@;^tOSLu>QHNZhN?El}&@
z!j<&f9u#O)%AGFN5kNKoM}O=0OCZG|b+_78lXEqmh3yJ!a1LJzSy<-j^_q2a>0G%-
z0YXq_m(PRLDCw#2fQU12Db|66a&+c%J}k5@X&WV7tdRAoV0?4{n-R5FdZ-)+-dl+!
zQrV{+uIHtr?*^U6eX4njaKMfXK*qG(GpL<(DVnxLSUYJo4Y6rt34@V$`HzvFEQ<_a
z*PMur?)FE=BoSBB!Um>zB5L@lajxsuPJmkgS-GocE&(6XFo;&4eYY8bevZM<Ewl54
zK;7;vR1q~1^Y~d8ckI1tsB!gO6BkYyw|LkCFf+*}GQ0qFsm5ty0eEU*-A0m?w3><E
zUL0dD<Av^0s(Q@Nr^4KPMGaSDlijEGqcBL(>R<O}-dGC2Gl8-O{`8LtBj%Zh1_j*)
z?Y;B`2F$i&hIaVemnWB-{I|E*C#*Y8u`x^L11Ac9$IdEezA4bE{U>xYks*wp+tt>p
zu;00Qq|{Y)$t=_vB)Zdrsu;h~1*QD1+;kC%U`}6{hl0Qze3GBZQ9l;~esaJ>Hl)pC
zw4<zds{>wN{c}|8xg%Y~B6fH|@t_{ZNQp~}kXZa|C`1WE8AejuyqV}$i_Sk?d-IhD
zf8aIO?<7Be)F}Tbn*-=uVjL0(D0?f~pJ4~W<M6dNf<PgTxxMzOouA<Q%#sIUPbhJ@
z`aZGWueD-F{SY^*3BU~65TdfZKzRxu8>dDjKyz{qfT`W>a(7-iwh+NCih`oBpZ$Cn
z8?%vosly;jPPSia>$^ZLn?bajzYGrcv7Uz-uCFL;Q2)qv`Be}$Q&zFwmy7mSJVnK4
zsPM9nV#rrwgrvS>DLP*J15JP=Au&c#GBBF}L<}&WWHRKU2)&#HE?JB8&uwZkLzX~F
zD(q*&miOL&^Fz+sdDTea1`(=YV$B+dJbigR)d=5FUVsoVUEd4l^@sA4rM-xruF>am
zIaYwIu(0b-%FX0s)6rvN0BWZ?M=PhU+wK8S@~l^68HlTi2S{-JrGU4M%mS$;!+Lr-
z9b5_XRw?2MD6SUGP|`9_4*a?mfl-WN%FUL=1fgHq^PTw8B0k5s-8%wqMPL#hgge@m
zZy#sYn?Ne(447B@t}Vw}X40=4e%2(S<lj1Og7T!I9NuY~k!PBd9x!+ko<!;tp^)K5
zu`rjuO`rK~AhtZn#IeCBzpR<9WnG}!BM|wF>KfbRr^KB;D2yTX^c4--rDXJla`4o4
zdcYLSZLoLk1Aev*v&bxZM=VkBZr^JL*VIJtBzQl=NRMt%jNBReoh$#9=jR|Q+N)cr
z-NlBjVg{Ah*PbuZ5jj!bVHJ74#$SproChLXX4ISKGg`+n7?`+l1E7oj!0=z{xE*cn
z7o$no!Y6>d@IK=>iuw7^@*u@_JGR7`A;#@3vM_I>Ao|WIeRqqJ>$!e*y8wv5s;#4Q
zn@PZ;jdzHy<tM;>NH%|b;q1K4vD!>Z55d^|weCijk3ysY_nRle?9UWcSuqA&5hI^j
z{h6<Qkz8`Q?J^hH5F_*3T2h)5>?))+G>o6E=ukG*?mXM#C&OMDd9*7FKZWApPJIt+
zq1zn8po|>Cp5S^$Qu{HzDxqm=yugMm3$CrJ1l8#?u=Hwg04|z#IBP_r@9*#^h+Y=>
zD}Gpb1-b+T$7O~EF(utCrYqkxC}3%)b;D<-FB0v{_vm_Uj9KW~R&2oBo4vthOSsjk
zjBgr{#>gk!ASZ140GX2Ds(Z_gQNrty<(d0(pC37|tAaGC>l_@^lU3&=YvhaPhF^4B
zxVA2(y)oX&$P8nVmMS8zF+#=GZpB)H<&YT8u8M%NAc3x3Ka{H<Nymw_@dlMCW>#!Y
zv+DZW=SbHGLTCd+6iOVoXr5P^{5`v6iz6^}d?~QSb2|?fx0oGEX4vhcx<6cwN+iO8
zq2Qkq=Rn!)pWJc)_)sGQrSNaAOlDHVI{T%U+l2Eh{oBEv_zYHUZjv`+njU6vBhS3t
zMxp`4fd*tJCF1sLa%xHT*gC)PI3Nm^*Tp=OCx1L#8Alyl%gx%yF)?^6WJU6W<B}wS
zX5(y8bqkxOgXGSHlN=A~yqxA~^n$H0iZ8q{R0-C^@#Fos2UF@7`o3p<D`~l+{$mTU
zS5$Nz8qQUtSWy!4(LUYg(K~+UgujPQOxu*-dynT!UH?rl&cTzJ#g`0Li|Glmc6~)D
z`-;iAD_K*reI?BEyUCO`tn-;=Gx}NYaoCwMIUm0qfm)>jq~$Yos8S7oopYV1XTE+#
z%a6^Ag`j01mHiMc@l5~*Gr7*-x$I9L*qFtxXQJZzc*U2y4EZ2G)0?J5-22NsNRrx8
zHuiv^pwu#9Iwt>-bSspv?pY1Sc}Z*MW7JhA3@yaNHO(<R#-t;^YD3|mGHOt)5+5IR
z8%8sYg6-fjpnhCxW){#yx1cTr_%!Bbk#??-)-4?`xDX^9G)#xT6&o{__Qf(g9xQkk
zFmJUJ`Oc|_-V=e>_n&2+^T#n?q)_<n$e~ACr-s1nF`B)ySAY&4^;h|@NU<f>UoOff
zz>6ud`1gP>-)s3D*((0SUD(Um|E|q0pRHm`fij15pqi)J-1n<SSCs^nKdGHn_kfG)
z*u4KellIF!o}^p{4o&xhfH6pj+)(oV^{Td;z;BA3`Zli}l;K00xnCtXXvZNCM^csD
zaZRApZ`>@1egaAZ4@Jm&bM{P;l*)G(gy~c`y!$ACKZQ(~e3krf|9mePPx8ZooP<7r
z?SN|4#E6#DoJm#OgszWpl+S@WTe?0uufpLY_8lAM+Mloc{nI{jM$M29Bos-3p5U)o
z4!j~L*T+QTSKR;SYarO;L3uEV1tb-g*)sKhWr*7tuzL?y)c)lD9`}QBAVyVy5@ok=
z9swTpqye_a|9->%>rX)d3BJ3zg3Ipz-i7@S?|lNwe0p$!aVRt{`0E{XaO|ujpFMa0
zjIXZ^7>9?)O!5!eyu5mq<$s#zpOFYE1zj52CAa(S29r`?EAAK4_s8J~j0dc*+A9F$
z$mf>K^ai|0&7kT4n|jc)gW}ym_2V5hui9B}Q>M7Ew|=K&{$*+ozJ=}uPC0QYX#<t}
zmp@JU{ZktkHp8Lh{;yU4Yr^EUK=ahRR?3_Y$8>bpuv=gMW!l%6@W1Tm0uFUj9;7Fm
zC|#eIUD^MFq++}>vHgD>wC_kSV->+lUMi!}e+-Sj%r{)d-#Dj3P5&EtQRPDd)~=m{
z>ORW#&}YGS>|x-J{0ihep>eFd?=hIA_{T1P|MXuU*n@kl=7L%F!Y}YR+6P|+T&tA7
z#^hieWCp>;GR2_iacH)Zym7zZ{WER9e}e3FKm67JTZwy}smbpbnbTlr{U?Ir&;!t5
zra`s!gb*jt)vC6W^NokMioL-;Sm_5tPuB_F6SUGK{R)3h^Z)R9$PVA}QW|xcij*}X
z)Q@(-(3M2Q{piR*t%3^BhIB+=h7@=U<nJE58!WU;9GicEEP_7BtU&dRIYFl@`*T<I
zo!Ip#0u{2?Bi0~)57^u@&#5vys3D*(HUDJ)>4OP6jECO)V>1sJxNd{fS*iezfD!!v
zZ(xw2D4ziju^14R{;zG}&`t%7gB1@r_?lPTT?LOcO6D#uWALHP=GPzh`{fT_WUAIB
znSStzs`-<4qes30>f7ON?Qnv|NjuH%A7ZCyv;Uxl_XlGC1;4+kjR4rfCe{}oXyA6K
zvu*$TR34f?FuUfuV7ZRmD*!#qI&#z;-cXO439!O)W&qFD4|m&d$-xrzzlhoRH#00b
z0S<upCx?LkP)-}S?0;Y$=vE=~-qDf4`rQ{ga-6@dcF&>@7M_gn5H#FHWnU3{=WkMi
z544_+HuUgF@BQ&4XxgnD+KwTPHesCAJ%YxOM-HF-`(H(>3~Zs?t>5bX{%;Om^WQ$c
zH@zaMPzrx4sx|cJd4{i2CGf8ciH{mO)&n&fEDz3gYI7KN*55_kU!}tR4d^j==<=7)
zq1V4!rFIcp@n5&N{SJ_pf$h;(cnvH$zCJw0$^(Pl|G-}s2aVBk9JHmT<c|yxcj+HB
zl)q-?;E%w7b|mF$d3G*Z{rr1wP`Xt#fB$ZOWq6(iiz1A5_K2Ns%2!GKo5ev3VE}Ag
zQ}IzB_CMo0PC0+!(6at@G9TSplQKb{O1SU+a_H`2XYDV;KhOQOb%Wd~bc79LRi>~=
z;UEsB(0}*(@6SW4kd6kYR^t05ZhaGizg>+gK3co=|2hsLuOMr9tMS|2Jg~W|*y#N(
z9v<jDK1x~==nrv48ac%2_?_KZ#g))L_}BiPaHy4rlYkgQUy>EC@yijek|A;3XKfsK
zGk?%YzlU)O*!SffrBOUk-d-Yc4g9ZN`0JG4C!VAYJBgg%Z{L24{(i%+-vbx+ayKDa
z>E&*c;jx1u`1P_o@>S}8{p!GnAVq+II7}-62284fjr_20;0F)>S;EWjAp;-FcieAU
zk~((pzb@8a+lGt*<TH?5-P#+LNoj14|HC1Z1aV5-eNAuU#a^$nJmhU0^!bn5elR@I
z>PZg(heOf)>3=R(<*J2){_Ic0FW;yi%<WWUJ=6Yg_qt!Dc48i)(HymkgOyR09Xj{t
zPe+1?gGUZ|f`B0f_TjFw4)R}%;ZO<k-@oPEd9cDCWTlO$%lKAMW*^BA?KSMs3--T-
z?jPukm?RMviJH~=_vRn85&9m0WX@9rNM`d&Fa7eP16L(O<jTB1)dvs#dav*4)1Xg>
z;m^?cHgjQK{x5rIhPJI3eX^|mZ0WnRn7>i;AZh=bJN9e*0X+z;a-5R4(3T%m=#z5v
zynr^gKe5a2C7tvWJhPnmL6WOY99!pKf`TJ64yGMdAk!YK2lEJUK62pgeN34b1J?0h
zOXHUTc|z`Y*4bIb{aM&+_M`{4$DcFmS5N*l)K?#}x^vOZe<mqbw#xGN$NqfLk)9<%
zq2?w}=dX6~UB)YW@Gp~d@CAm^&{jNdixr$zWk+TA>hCV^A18-@&nE$mcNn_3R9$-y
zOMIl;e>Q_d>j|*bj0C|cRy#fBoPGGaz@u}7MQ{EZxBYlR?J95^?!xafg&(rJTsBP3
zUte+9AFQGTvGb(>0|{Ozw+amy{=KT)|7COF%fS9i=WMZy{>%kUNvvMg3<NR$Z7aWi
zIx^CGze=(I<8ZlIX(;fHY88Oh{?&>99$As*RaFJ+;kySUsQ&c=&`|v<fq$_ff3Pl0
zpJ60F92y8>QdMll|FIkIK<NN)&)NNP0PBVyTjzhbvyC0{ivzx>{ObE8FZR~qAZD-0
z|1lDiPl4SHn0Eu5B8X_Y{%^bSG}!gi{VzqlKN@oHS@?h1xqdC;njhfId}urJ*QVo}
zd=B&NUq+6YgA!1}4x!jN)ZDNM{yJ8{-2JiJ|H#;>(b)ZWr$#c}rf5GG@MobOfqlaa
zs+f=15j2EH_b<qp=-xpaGth}}q6qT&latzi@;`=rZ<x#-e5D9WFK-Z*OB}UT@P(7d
zuuK1Cw+IRX)0Mm+=JxXNGHT1f(T_T8U3<&-z=^&55<K+AU9^mD|5c!Jiny|85QqPB
z$SacZt)>J^k#0I+FS;-kArU!}UHPw5?dwGiBA>7#XJFXnRM|)D{b-90Z7+OVVDw;v
z+1?)6F8j?pSik>nOj1ygWftL_dUWNsp>b9ZxC{qx`E4IEwonf69%}W_*pXKFX#BnU
z4;vIm8?-=d3^RT^HonOm7{UL~nNwv)3&yT*5F23t4z*yPlz%@f4u;<_8cOS)=gq6l
z;5Gceja-sUKJIj&-aA3L{}S=6;AZ^GHh2LFxnJ<U_dmp5lkwG}oxk?)!%x=;nfT)S
ziTs1EALGOn@0<8RFODn@P>lx<RfUe8+gsk33w<=+%H$FO^!!yF=?ECZTl8L_)>eqK
zv(PV_=;`rt_19rig&}f<9d3*{Gn9^4(sn&Zd}rU;yUbdpT=gYIQ4s(m0r#KtImyb(
zjSs8$dbL07ejMQURM&X_P1@jt(9&jwh_~}p=(!(cWfDTr{uX=Br<Gqy$1=ZA%0D#m
zX$P7Mz#FYC^EaE^k;_;0KHU2W&+kFaYz=Q;jqBD!mRk%`>qq1GvtwfZ>=VCwPG<+&
zbxh?4(f%KN3vr8v>Xpj?cR~cBT|^66Yg7M3fBky=V&J8T5U#hg0N#%rJ<rMTLo6rR
zk`rNa4;?C$TZ-@iy{P`Dd$wuhBpnY9#PEfvtqYqoSrk#Hg=a-Pwsvw_YDk3p*O009
zBSF<`itQDFWqf#>dYA_G#3z7FRhI=w7+%s*>_>MFe2uDHib!C>)j+E2x7`DRbdmaX
z!$2RBAqqat<8Zgubtb<WcOHfxC5l!>z0A)Gmp=9(Hr<^V2lXV8)FiV2gdn!MHXb_}
zW#TZz7*Q4<wKCm^{2J*@-5L7&xme9rTqp8!yLY~{18^F=Q<UoftHJ<54YmOl$|}i;
zLb*>+2S?J=n=!A3SeDc4yviwI9&%=Bub{aw2XREYhOk9n5&dTBY^pue4l~>?%1hMi
zYf<LP%CyKXW?`h1QHjY~i-yE0!nhxF-uP>gy#S-MMc)&rF_S4X@GmkJ@UJ4CiJ>hM
z@Gt(^)bQ=y=npO*2{iOD3rLo*J=iQD(Z8ekw(#c&eaLPIxx{U)z)CmiyM7$Z;SXHG
zLbZ@BTd(QjyyCSGw)RUu>Drw&GV(v;xCvYgD_KkCC`{p*<=zo_;J#CknBLAl!Pz+>
z73%a*)w6ubQDVz6nQ3OMK-lR?zJ4MYD9_=JxDksc!O@xpTqphVi57E9OA?rS!xp~f
zl-o&jXJ5daWYZf41;~iVT{;Qh$jC_ZDULcWSI5oeJW(W#PO9nd!e;7qbq2u;wr|E5
zXmu&aoI75}zh;^J@WH9Kb0%Eu#*Z^=S{WuRD=RGqSxmD{*7TO;1y4KdxnDmo&}FwS
z4$|$Ca@}4x_gHM0-(q`TbjMJ^cXf63&IX_@roP^1Lt>b)(Z82;k}c$8KTRqBy@$&D
zB)n6A2FBZJm-3?ecq2!!oRDQH*DAB%B?rQQB!zcec*Z3pFWXj!BVSHc<f>^%sY*#D
z2G<v7>i0Teoh!V^+?xMYwR~je+m`~(>6M0Eca^-^AF&}5!?7XAC7oSsYwKf+44VOX
z>le*fj@7<5r+<J`=3NXMtmGioj{(rA{y7Rcx-m6E*(fR<n{ImNWHP5Q=KwJ}_2Ptr
zIk8bnXD6EJ#@WS%I;`uN@6iQa2!vy=u_U^&!X1fzpJJWUF%!PCtTVShTx<~)##=C^
zc_WkI^BhIy<4c~K%aCTtFhIp010~m3eGK6KT5nn|<D66jZekhbp`FMb3I{ZFg`mSA
z_G;A(@NANK+P;3hR7*){L@iH$`I=LTf<mTQoR)Uu&`Ce$yw+LGw`xCQC?3XBoyXG?
z+r011lV?)y3NIJy8QnBaJBL0Q_STyJPK{7t!P9_S=89Vmi5*aT7h<#j$?S?OSrlB*
zR_p2MF(1e>1;xZrXrZ$M)jSa(nmP=K(~6Y|Sz6+QfMhoecvrTaO*1P_I{?Y@V}(E0
zv1+z(kU7q#!~z13#l_pWds>kf1G>rF)JhI>n+pzH|D^{PKHs9$G+_xqD)s_%QYX*q
zAaQCVSaHnAJN`aCFp0#|`QF2fwoH>RrmIozPI(P0b%xh7o6y(AiP1WlprM*Q>d22>
z1^P_ZX}kqZPTZk84mQ&v*6AtKGp-jojxFp|uc$!)nLUk|HNwGj5Mi`ZTH7jH%8`zD
z43KgjTNm~VK{(H}nxBwx%IDk!(hgU^vrGI0kin8k6P`fz<Lf*`{sI)a?}V-yM_nBm
zNw5pA+{s`l!O<`N^(Xl|K3IwyU(?yTUL0e@73``gdOgE^F>j>HIL&|7eWioStHJXt
z!b^)L>}`LusuY_3qmgu=d*oQbm{@^@j#bo*CQYkq>0)tOir&ULb%%wW0t55T9jOY&
zheM1Tx_#OAOQn^_+4)MF0F#tO>0<sJ?&8rG5Wn{m#KzdDSM%1F7g+Y}P*<#jAVNT<
z!l5uK+>C0fpqlkZ5kPbp1FU{nv+$q<fQyAj15U#TARsVibCm$H;0U0ig+gfis+NYw
zi!-KOcu&VUaYY(6<n=r(Eu-l5dUQN!A11dNXZuSLRie15<w}Kr6u(tk53EQt)B2IC
zixjdBopoSp8s4zbkfL?U<6==&d#j6%D;P^6nfQ#P__RhakwWRb(KjK5d=T3oI2RU3
zqs;-K${?2dEl-1=bQ!I$BoLKAGGqY=&s~OOYbV|nM!rsL-Yl0@d*;LC%Tysi$f^8F
zB<JDEPN^FpRMtZxjt~pEy^{UHa)Q}I{_nSB?EfkrC4u`-8I8JL6EM0QY{Wa~)XMl3
zy8L2PrtxGPvIAv^hn|+jXN8(H$x^MVtMa{}TTMcE)`@LiB#=oP>2jZV=OSSp>iIRu
zk^g+BV=`jJxEIdD-2O?57#QDdmx^rE*C&_DE#eS!=Q(b}B}Fv6U$P-Y&H&j2iicCX
zfb2!?C6E{w1yP#5ZbHOC9_x1{3t%JcVCsRmY7o=w3A3aazI$gx3GJOU3Bac?2I>%m
z`c059Ly_-i8!yX*F&S!`R}Kkp6TM>Vd|qx>T>gH^aMVfl&UV=uE7^7b7Yw%*vCg()
z7RQ&TWZT$mqk6xQ_~aE9I1{~ZV@ICs{mT1V7d_C^)ApU8v3H<nMdFpe<4I)rjAo~}
zhW#7*P3}UIxCPo?buej+1`@(Z$9V40EP~!0JsJb}Leb{*dw}Zw@d(fi%9kF3#qYdF
z4N?~BKD$mj+xLZl%YP*%oL92dZxLw7jK8Cg1T3!*DmH~rpoD+9wxT+NH7ysAlnAgj
zaKzze+kgpT0N`YzkN^%v*XuD>%G^=Xj_YKlq!D=&e?mgKOdJFVrp}O-uJast8Tjfx
zScJ*X6#RH@&!8sd+EN*BoW_##%#oZhiXOuvnr(Cnco2egVD#)H`PN|>*Ls)n1hQSV
z+>z>GgSCYQ`Jf%6XQWx`^_6y(cj8;5)}a$OWTRqmO~IZw`O%;WqO3t2&99;m3kvh5
zy(9hh2+%rxKwJ&+&;X$ZY}S$q08-tN`9RtgF3;R9T(R)<vUnpP&Co<ZSdZCF;Ds>m
z(G}760TK9yQ|?BJD!DXxT-=ri5<%(D*alRf7n`tpUoe(JAJ*2wXbs@}@qTe723tMo
zTO5yKaEiX{fY)A_oe5*vs2>B8!2K-!y=J_4ggTVO$)ob=mX{~L4v3j>1Y%wDutd9W
zrv7y3N-59JS7Hqk3Xp3|KD9X-+lWN(4}eSg2vPQEL0(Ek?-w&Sg;SfBw($#_;K*Xp
zWuF*|))k?cDb~}`VTe1X4T)-D!~??@%|$A1LwYTcNRwadIar%J;3RZQ_L_p7bTP1U
z`Kyw}%V&fF-Bx7_^;7&RaE(hU&d0HgA%U(UK#b91TCQ=~4q~vO1KK*4n}`YV0Q6&$
z+U24Vgh~D&i7agk@-d_Wx(;aGul&^E0Ny;ydF2y-t~TklmUpj^zZYzk6|rj(w98iU
z0siTwC;C>w`wZ~rb8VfSk$$H{C#%0vtr}{PW>a2^>G|kD-AlFmc_ojR28W{#i^zHg
z?=Iv!giIudF%okogj)X7s?g)Wv&o6C+?7dd*f7y(ElOe1*vqImm8m*S&u;AiEpisH
zX>*394+z>@dDF@<zVb)X&rd#v<bn}E15Pqf2Vzq|{P6Y^PN}7s)=z-BqZ+%aHB`6+
z7$84|U7y@?i9fC|HPd|u0FN^+_hJcmLKJ+LgxJA`bM&VBxd1yeXKENn5~agXP#>i7
z2&ji7e&>eBGJ`G0b0jx}x5dRdGnVr;l4meqt^x%Top;0I7fgnQSBi6Po<n=?te|sy
zCdPo<shW#pciRE*L7qa<K)k<}FC-#_$sGlbhP?Zr#B!Uwg@N}rrv998d+AIZdK@rk
z5fGGav3cr8kG8Z2PT4r_MTa*30SBxUIw1>NPp+a{R*Fd}<trcD5nPds-#^b<^qQ-^
zhI8*YD0k3iJ$9cad^WnIhAh^+#1mQErdZ6wk~m}0KF}j3zy79FDt%&mgONMkBxdV=
ze2IfvkfVCYthqQ{ptR#F7l@6PtGu9P52OOsPvRN^Jb5riK=SVLFu~6JhLC2WsKnPW
z#X9S}FA6z;D*Z;rpaKq)E1iD#{_6xJLS9+~<aXP6YP_GsBvB;F-dWtKX2a3S(jfGO
zXxA&wE7$uW`3l^JgvE>9*VKZwstJ`G{B~baJ@Fw6>)8TI3GqO)PQc%BF^y}Nx$4Cn
zS%r>Uc{dszSn1eirW(dSycKVmynI(A)KPoSMV%(nJc#o_3NKq}MgO+qUNV5M6o)yh
zij|0Rm4kqfFrb6vL8{v4wC8#_e7Zu_<T$LN->ZdI#*&Cv@=OePI_xvyR+%ioy}xO#
zC2IS|v?9}32VrKGgRq{S>2%Wd&NTb}>g|BjS4A77SfG>^%`xucOvu|oo~t~m_)#n=
zaBvZ}N~2N&*5t>@TZEO6N_sj%?I!sxzLa{PWOy9n=$dq-sdI|ReLg*S?FIq0mtFWw
z#BG&5bptRc#VwK&a=wF;1K?4ynGmjJMOKJvP3}il=c(HYk(T?;vfWqj)3A+S`br>t
zq7o>irgq~O<=nGUY71tF(&aUJ4$xJS4$;PdU1|@&({Cs#!<vWQa0%PIRf*UB{*U91
zne>(x25H;ka?d$~?>wX1b{izdTlF!e1pQMQIKN-{A;C|GwrCO00_ow1n`umPn)}fU
zn-=FF?FG1WT@pBh(6fMHuaq3Qy*uQ}{J8Gv>>hJ8pq7n4dMeP9y1r*}D~MsZ{jF+P
zf>&+gjN9PWfFe3R&^{iByg>9bNI1*{v=2ch)WzC-ucQ0(OD|ehxGX3BuXzIJBfe~y
zaa#b%*)CbnAO6<UO|mDaEszzuX(PHDUAnD;5n*pL`yxj~-@qlH=n%|K-?Ekz1=1PK
zzEZb<w$#Z&jP&T}m=S(clcozquG$R%YHsM&d98*-w;Hzqsr5eAysx((`Lqr$uGM9D
zji-jXZYib=(!+Tn$*u)R`+8|97{i|Y3{sf!EGX|c)#hWPL$5)+WzU2YG^PY$*ua@(
zyS*ORItdBURcBm~IFnu4Dv0w0ZbNk?IZSt*TN2`(<+ZDjw6upCNWCc=U1Ij0j&XwJ
z)X|s-zT9TINqPQm$40dayC*~zsa}(fKQC}+Y);P^A|sO2q?T1!O?(7P3t!+l72)t!
zfYxYQ(-tI{y+<DixF2nA4e;RPa`JB8_6-x#=&t@XZLd2<qTg#!;*dZL&<bK7k9Qfk
z+(ar64y2T%FF4PY;2Z-9jNj4SUVhE+GbmHgf8>p)&8(^-aaDlA9N&r)pDT@YzUP!C
zDe;%dZc%q|;9gBjq5O_{eyv!tH+?olPoAlx-3um5)kFE<H1%y89rC(Ssik7kNIB1P
zvDGmt$2QXkoNBc>c{4xOjU}y{a?xrUbFTGw$iKDOu<ofhwY0+lGm?VYOh&{v?gk`;
zZ<78x@`iAXc?ZaofN+KLeGc$$-gHYq`l4^Nv<PkO7_Ez_B2PJOuY=Gg!H;jb5bTq0
zMv9*+ZXx=s$s{8C44Y=GCThs8td;{F^ptRQIy>$HxCw)6$5}E==L~l)q#-o}eEc{I
zNQ!_`a|oYlV!TYk*gwve5&86*&8<suO5}NztQ(0xHxe}gh5aA6z!R^~z&Ho1rMPYG
z&_FFLa*6pW<Gb3GfGOXe!XpI4P?y(}!HN-o>K~VsF6$3Gl`!us6&4#{KXeI7q2o2t
zHVQmh@_j^s1szCh3Z!3Dg;!lAiB?DJQ7u(u(-!S-USF`m<pEU91xS>EaBg1ggw;^}
zEYPQ*L($080@);9kspva6s6j`Zx8Oc(6rQY^GTN5+5oz!CZN0e)4SZ$ws?&x!+j@0
zG3VdXB6iQUbzW*#Q~Bpa-;+>=lqg+?>+U<nD*7%1{^`%9H+7Q+)(CvV7<VxN0n&}W
z$ESM%KD_O9SERciQ-HLCBoqNYFSL+PPB>?+b<07o_##?{<8@yFT(6%=)w5W2TEy%}
zxV>Y-0KQ(x&esWswZ3-Kj1Kz*WATES_|VPj3%ETZ!im1zj(d^`+ubk)Dk(>ZBVP92
zvAcb5#kIMy4btbau~x4UVJk_sud9qM1<!H895(;~{-s|4WWJ1k7{^sW5um`KgX=c~
z38II03+FfDTq0_@JEVcqsBG7Z746yhRuws6cqWy^*w*7#0T}&=J2(s*!Z^e*KF5p!
zb$`a8Yw}A<dsinAYvNh4qC9>kDG$)8aR=$kf{NNGWT|`9+&2f#MT^+<6;U(y19#C+
z>&yBsMx;Iu$j=ZAvOxM_cjE)QzofBOUHgeDQg{|&67zB#DA{XZdOok6iXW%1SX>iN
zW|Av~s2ewdBE&l44U<V~<~CEKROrzd6$oQO_>Ajsb36+U@~$u)A43JvGTG0mn#k+s
z8sxE~?tT}6htzvp=N`<(Y{*q8WaqdLC&5*7`Cbr<auv=_xz-3Tza&9A>TPT@ioco7
zG|brOu}~6^EM}UC0CBCoavhdZCW!ai0v*3-@Z^<GHMqc}8&-C5?vFp|<IPQ-@BM~q
zt5H7ZcLrCkXah+m0uwx~S!H!LKuyF3u%$R3R@)9`<#%dV=l$&C7(LG@TwUZ_|5UE$
zk^pgKcdMAddrG;XaVBAs^pV0Gt??RV4x0-fn{7KPXY}T7R0>ws(dc}F+?#jp%{d^A
zm8a6?8y9G0$2JSW%<WDjC~n(%cAR)Mbe^lyP1P_UE~3w8q_D0#(KaAQpJ%&X1Ur_o
zD7w$y<cZMQ!@dZZ7WW4x;jv=bYi)kr23?AF0fVO|sK}m(hQ)g=iCCbo4Xq^icjcIv
zfbbKRuQW7%S{MsbuXFBnJQ2q53fEnPUA!m;x%fS|6#?n?RKKuhJ}t{(I{fMJ0=Pd0
zPxzQ)QE&_a;m7&jH3@{jHB5a-WI%v>=B2`ba2Xm<6V6C`J!U|Z5%9A`e<D-KWM6CD
za8>=-OlF-K<3#Lx9x)<ToP*L#D_pL`s(xb3;cqQ>zD_LDZ_}aeEV{6;K!INd!~`QI
z2$6)<IxnKQ2>&yA$<`aX9WQ%VAHpk`H&g83Afg{#a^xO5QLk;KB;GUOoN;^l+ij%a
z$=XZBnegr2iGSX=yy$hlM><bDbWBBSF83igMU(_QvJ>r&g*`Tjzmz*i0y7_Ob+DCk
zoQ#@R2CECTS?7W+5NOYsC<#}|ZCN{M)Bto?F0OOOT(-EShLn=>caJp<?ABc5KKsPi
zhYh*V{pq7-G+vN(1s73Xc8d#3GDA!48v9lnJKyIu(wV0;h~!xy2iEY9l2OJJ=%=Y$
zszuL}D28ri`Z}X<kZaW-sAh)Nz-ZDas=|f+X7n>Z&gglq*0s~@DF%@%#Do2C+gu74
zKOT7SLV4AoQuMjEU*-fiKTk9o(N;u#B-z>!uQmyjq`_6AM*}ZjDSsb9@aw!X$H&ex
zdIZ%+&hSP=?L&yZon*CACpFD(HV+-5C?E==Wacb*ov?~~?M*@139G5QKKD1}?d^xU
z`q-O>i$y4$#tJrczc+zYB*J%Q?uS^@#ObnI8BIGMxjP-1H@WpsI58SzjEMO01h|Bt
zujs6PSOJPS%N|4aWUm4kG$m?+v$4YHlM>?Oz{2sp>gpFGWWE)ixE*lSt{vfn0xShu
zi5tOub&!Hhz)iw8cJfcF2!v;gp1T3EH?HtIk!S`}Rq36Fv77-6ZXGXecNcUfH`e=t
zkgW3@XEURg7P|Z)&IjSkHbwHeQ7l~9C~z4;m|nH*SZ<9yIDdA#U?}dHlQmLLE)LSM
zjmnlTqIkB?Z$j7AIO7RVyPn0tCWEJso@eP58Q0P(O0Ta_AgLzrS?t~AX5hq)uzPz^
zm}{w7!bU~Fl6VDGwg_V4GRJ!iu&E&`8Agq=jV5LFo{5^28=7XFj9|t_URRW^HG_yG
zf%*DX2I4Fx;aWF}MM5etJn3Lzd}X^_^jNucn=Zv|Jchk|EiLpBW~bhxctClruikW!
zgtCAm=u+1>cilWeFRpwV7c?=mAN2e$0?w;PkD591BOF*h+Qi~^mUSjq&<*pr);f2d
zV(W!%U2pJv$1#&o^rxHvjS#0|gUCAfo`OQ>*>EvLmP`EJ?DTd_+~CTgi>S#^dlj9{
z)Z{R<<ugYz-6}f4NF%G6`g|_5V||w8DSW&w@5>yi9|PRmo>U;6@)e}?9tk@$v=qii
zy5%q=&XYCKI#Q;myVze0)WK5UK@>Q67f0|}BEI97O$Wg>8OLa*)FmO!LG1~FSQ(B)
z%Z<{2xv9L|YL<=MXKm{K!MH<heUWXHvXm8OZlos!%#GyL7L$XSLk7ISr3u#tB|Yb0
zCvcLf2iT)2eNOubfMAFKEh8<krJq73s~ZViwv>={m46U5Bkw`R!;g=r_ki>RQp>+F
zzRgh9xmcg#0Js_ygN03r!|m1;z)NULJ=3Kq876uGUodULwMRhb`hX%xavF04IOEEM
zI5DbL=9x;;PHXZOyhbcVWQ96XeQcN*7ip>c=qk}0U>ssS748TUO-QFm{|k(*6~;O(
zwSr&Rw>XOtUfnH$CPXFFVQ&#T#fZ2~t2M3kc6IWLx<Idx-)Xu7Vk|$Q7dQ_o13KX|
zHwIJrBq3si9^|_)=c~Q{_LY<sx@$q#ed@JEByEqqJVL7YdY!HBZKQHKquP)?X$O_A
z(e)u%4^R=Tdtf*6oFP<V_)M^Tk!U@NNkYtzQlX;z<*|za*F{7Kbc)`9?5}8lQ7X^i
zv)5#STK6?0XVRNYGmFP>ybrjdX{2xxmOIqf7mx}@k~eK6XcT0NRqndy0j4c}i^O=a
zBK=sm!ussPRYC3b56(T8j@?j2-;C3x(R=tMFGReu8NqO}@ACPgTHD@5{$o@7xqw_x
zAc|8b&?-^;z@3ybi^Yf)#{OA=f>P=_*}(3XM}w#VVFIRyZN24J868pl)iVa~%U5=d
z3s_-<#;{{@>XkdQwrs80;kMZhd~*~wcNR-9%_$e7Ut&_jRYKt5;m(n}R8WzprCU?v
z*ih(drwhzH86oFcd~u~CzpwzvbB<9emV+D`p%1nH88DNmcc4nwk)v;=q~|g71YK85
z_;S?Ik#WLUOCn*`L1%Ncug<x{K7P4@zpe(FNf7!APQI9#bO|!i(B=$5wzF6}^vl4#
z?J69M@TsRm5+|%^n;@QSUc=3c8QXwTY`(tbw;G`!<#=kRh1E))@445;_o3%-&^tvw
z8s^}7Gd3f!RWz3*9vk7~#h919e7*FZlnE#k)_@mgSSFp9m{~qoFuq8Z6eyebtl_?|
zd%|gE)uEG$`COenoc5ztDtE>Da60{<naHRQ@e1xON4v+Ko;&4DE)2dJJU-|EQ=X#Z
zdCjsf6)MmoLf#bf<wzm#LX1ZQ=H%e}S7DVJ86O)jOwI9cIHi2}bwv1{X2;<Du1OzZ
zMuGek1U}cpBYdppaB+yt@08y34^Iw4pHVdho2E;Jty_e45%NrVZ05JfpS4AL3W#fv
zKZ9}rAo-+`gD41aSX^n74ph5oue$+8m9fdS5#6wm$6IK6v(9qZbvk6C0r`=eS=GBv
z%%&^1e=u-Re}b{E$hiBO(HpX!v3Y`-F$W-6{PrEV@!|sB&FGzg!E0|{u;K^{YrV~G
zet}e+k6VV+lc6&29lS6uNFAzu6JnD`_I*0XU2E$saGSLHxXms8+9n`G{k(@S{HFHQ
zdbJ75WN@5zU-nE|h=ffi=Y|5Tf=Yo&pocOQ6U5mo%Do6hNX>T$KV;XWP-q^1hj~LU
zJU}?5hE!Ja;!1SF5ewjh#KBn0Wcve%PWaI~Y1-z^uM^Z<z*Tp>LzO#<`rf5I`vF53
zHjO!NQ!I&oIm6dH!(BW8M3clMg)WHgB4@gDCby+4^;#9|g@U2m1qfp)FB?N^0hH0v
ziaLJk;JAuI)Ww)|!K8&lfR{*SSR>JQb6kPL#Hf=FCV*KPs&}@T`DnX0H(4O&(DUQ!
zIMK+8^+KM$W9;j|=Dn@5umY6+i$cdz#>)-8+!jqAUA?9oCmOMj<8X`>yn3&xsB@!y
z>4Z!J$P`ZS6pR$Dc6MSUzH`y^MD>pIk4cFplnlE~`kR0P4=*}DKmW^pwMJsDjAt!M
z<~}ck26n3x4PeAW_LuMQH<2_Azzy0GzJ4}Sff4}<OQN!sKtPu&v_(!Na4x4MM2xF$
zj!cdo_txSB%6kXx{hAGuxXZh*KvnbfRang1b;gnB*WiijtyY|u%Ru1j_l$J#98j;+
znx7Qyx!vmJ7aVX+%Qg=Z7)<Bf8H*{nb@iBZ0g$U>#kymoy^WfiUE}dRxoP6eA4y%0
zTH_HY;#WH56!BxXLLF=;<zGOkv4d&;xE{OU;tvXXQqk9+D6);s-P^5@nU6|hNB$B*
zI1J|jqzC|xNi11~0A`nY43$7=&q`=W*})NfiO@&Q;QT+5M&W%4);*)vot(JJZwfL{
z56n)})hOg#M4ouZ8Ki8EHunkG{hFUC^5R>IT%|y13p`=b=_?VE)-0mInx7NjdeJEo
zd4)ybeM&Q^gA~~(3@cwK@VKz?oUD#Py>7Kn1SLz(EISW^ID*Q@Ds4V(xB~CFfy`Na
zFy&<<A?gdRsZ~HPZVGdrGwefyEYYexqZ0GEWhlu~l&q8};T#-um(Vji@r4<c(RoUn
zR0JKrAF#)>T%ZKX047E=h>ZD5)eE_2L0H!k#scCH9ZNbGZcd38kH!ERf)S`Gcu~GH
zj5DFtx=(e_Uxt_~z#Wn!s)|)4hSDL#uxp|~2Jeh?NU-x$>iXKJsxaN5oEt#vofw9T
z*(|nygamp}l&HSi8QDb94F6srWvP1iLcmqN#xVWi{Lj_Yr|dj|QZxShg&_)Wk&8{j
zKOHnfMi!OzZ5kKF9F9Hrhpkq`fO^VpzK{YSp-C2cXEKbT&IE~24tozN%7_^#p29R-
zih@hQNH>8}8WS~QD1UUth$gPD)AT11;OM8RlbeEc*c+^y8>l>Xs~5ew%5i1QVxYPp
zDkH}i;8|C|s0sz{&Wx>2V`@amFOjATt_2{RFGVHDF<F~A$8Si~IXZF&j)YFMST~^~
zvT|LO8I|^C%<!aC?GmXDe02~A^nU3X0@2koCIKOPYq<U#$XZQ3zhAylfziCdmMHqv
z%WS?oyz*E9koTZ=$1n<T!7JN>>_6Tw;FOCG;B-s_Pi}>rzRsOCk|TplOEfmWQ!`;l
z9sw~uFB1Xjyi<d2aBs?*v+K9EZElh=tjn4QSDjOiIT=WQb6tup`m+ncX$92cAc=X@
zu~ZEMPp2rwEj})aFv8K&CzfxsfD<*2ezsu8Lwx$G)O(_e@j23Iq8mBfQ3LR-lVQ!d
zZE8ptQh@@hq~V;~aPQ+4=a%KxgDOM$9LcP?^cfS5hTt+RAcB}WcBS;s9T`a_I6y%+
z-k+_lT7f@8HVp`rC_MdsDTR2pakl$>+ARsGLU2Bi2CAuY7L4gKdfO|Z)o!L>AKzrV
zb6YB5#@Ikg!!6E}x<w#=q;G5{RZ=zzq`ZhqM#28$7&Rjj$$zqU%${aO#EX?!czn?f
zx~-y2tbGg!f5!IM$#Z;&@EWzl`v!DmJ?4wBU=O;T(0V37mh2JOfd@aqym|UAj|9;R
zm#>q#*jxhnJU7t7LZf=xPGCZv%M9ZvjBH{6s|dlCLj$_XgeGL`o}SaUjsTx)+HPBl
zUK#kp7mA03fe29%$R+yCV1!F8B5hG8y=z~ML<<J(^j*H+V8Rzo=HqmOJQ7mAs<y3m
zBo)T51OlT3VH3&C8Pu?=Rer1l!tBr`S$LiTj#x%#b|s(-Jf3HTcHbgI+AY~MoQrw_
zX_CYzmN2>W@k@Su!~hSt;tIz_=K&QN1+Oyv-ZJLprVYX*HN~OlD%{1_ueTA1!?=<V
zTDY1m-#z6A%P7p7Rw!={pCZEH*TEJ3<hDb&LHTUB@TY}R^dp9>jHMD@aN~lkVTdIr
zNFcX#{@Td`i`tPJgjLx#Q{vbIw8e$)$)s{j;27bYyhZ9^cM~KkaqosCBl-|Y*Ed{O
zPxd<SAb5k7Pmw)qW3g@mxs&fr6BlfA!(N14G+>`iPiaHQ>G<&!xBi$uG-F95vc4$@
zu?tYy5ooj?6O%3^T3;}We1<0gv(tmy@aNKEU#r2}j(MH%b#e{QnqdPq)$D?gR;`35
z%+uGn&<wHwOv@L&Y=PDuIo4;2#}>32%vf_DFSsdq!#h8sdNbOEbBnTD)^L<?E{f9C
zI`0m!!fRG<aDAZ0y-TP$jzzpu&IvRaT$#XKeJrVlrxU*gT;5O_DfQRtAROdNx&9-{
zhjj+12*U2u)_=;sR7yI?0<S<YieAEtG7r^Z8!X)rf5}Ql9^gqXI!akW2qzp$eTrbg
zeI!OBuw5xUXvugJ6EX%A_BB)G)?c!+=c4B~1=>kwwwc&l<*pEh7@CV!u^hrlLO7t4
z)RU#B>7A#<l|26Bu(XmG8<SEPA94~15ZY%;qfcOxX6r6;-R{={a2)dK&>^a6WM2Qt
zu@T{!G|RIxH4Dqvb@s~k!%iQST?0*dHYCO@8<Dg#j=g>Co^1%Qa2n5xd}Clo{<L}i
z{NcB(Kt;mQK^VJc+hl`-4BMa;H;W?WY3YGrhAXI5b(`8%a5wEK(fjgkfqXcXoUOLo
zjw5_O>xHa2p@1RO5EjLVxpp#;r7z-afGn#YWg~PgSIqz+jEQyonYV}397=dPW+i~Z
z3sSr;RS}=f!_?C<^hJ*-T$Cj)a6FwPI~in1Dl8d8e{RkMTodPYiH>DvTga3D{uQP`
zhKlWb@P)$W^hB*8dzC)((RwD~bH&B4!i?gPTw^)*;b8@RS4M-l2l~23dO%s)_S5oI
zyFUY*vGvKZb^cxL50)ZRRmUh&uT$GzF}_my9V5t|Dwh`II3Z=WS}~*v<HC%enNxxV
z4V@~!S1-5z7<pps8HsRMu?nI|pn1MzQH&C2_*4<SBv8V^d^y|q=*>k?qSA(`8=en-
z3BX9UAOSvkiyTHdZ0McIUiAg!qDH(MXGMbKJozQ$n6O_ss0Efdqy?DF=y9#&z0T52
z1JI;+E3~*UGIC~Vp>Fd>=HrniHxU9Ph`$A^ACEMRq|WxJN>m#iy9Yr+2)v!OZmlmx
zsjATV%|kM}%qXEct9$UsrHLq^+(pl7dk})#G4}{9#>=t>w=zgciv%GjAz_^LZB3x&
zGMvJ)V?NqSzj~X{_T&9~7o}37lLHqPyRS<IwlYV;U9wYw8mHkKN+}kiV?%WdKy|Z~
zw{s&iMH<FpRI2GpP2o!#S+|+cX>UTq3sX70ET<XKs)H~R1+qERkBs7K*3RV?+U=k^
z0!fnZRJ;!ZLX($C$YmLOR#!cuSUL6K%uD?@KR<V>@Fwb<@Bier3Ef-TY8>=6ZcdQA
z#annN-#G5Y7VH&VmH+msECzv+`JS&qx8_RY+z%&rU((pw0TiJnz#x^MU)twysu`~0
zfjo(r_-QM3@>n&XRZ@pVK%izoUQan4-SgG8?X`Ya>cGO-lA}$_-8t>z0%MNAf{w8n
zv#mF86H?waaSL`twaT+iYmJX+u}|KziR*pY+6?(zZLf8s!q~ZMMK??B9K#q~%ZW-M
z`C~|*8ebs%p^Il9>+t!L!gZ0_57JpFYnop};(OJkX8|_JYQA?0QeiWr?OPtH?;ndY
zU<QDor>@&Ky(I7}pSCEA;!sM|KN`emPpwhD4#PHry#Q*ZiM1uvHI#i4qea8yFusP7
zp%S-;xM5E*62$;1O9Jy8Qa@gdFokYwc>C!)J_z{g<h-|qB%Pr2@#$Q`oAF|Tlc6R>
zHZ~s@3GsSX3g#!)z}=OEHLOqK=SgP*G}k}u^s#tt(@2H|vs!&Z5uifkID#-YZGumD
z^*up3xiygK`|*r<_Km_a@@gUdV0%7)a!+;iXHaX*>6<*ux&m(AAwYjFrX!I(jiU{+
z<8$&LN|$A5fv$!XDjzhj-O2(|(5`Tr+%I;XD5>YRXWQ#9ZQ+#tbl?rRIE}{_{roi@
zCJEH4jKWtt!Q~%)2-ETruy6G|RP7l4goQ;xbp49#9a=2T#6-u!LTB$x<I23(b8xQ$
zqBu1T8x1K6YxCAiEUjW_EohpytN@ZjOtd0F!1F|;k*Hc=E3D=|be*JsO!zwK#8S9o
zD_`8nL?<`_pXId=_u_^=!p64zRA8$ywN48$iaJtF8yRD{l>;vLpm4?5;6j;5kJ7Hm
zxP!|hl0c6nG|o;SIjtziYPGb{yha(O&gJDzwS4-M=5E>9RM~6KyR8;Yh9}u+<z9%2
zT(7c&qySG-!#)i;+J-9&JqG@saHN6PhGFMRxNeG4i|QmEiInZeE7R+S;Z=$`EU+^p
z&t1zRC4_jSFNC#z{Vwmpy*^-AuDPz8xmMmZ!5@Z&vR)YHSHNXXH-Y0CZ14<i#h17T
zqKlr-2_nu#*REmbM&~FS-J`8Z5S6&D7A{mq;o9tGZIQ^L{F(nxV(T|t{BNFg6&6uM
zEqgrnlar+_LN%zfxOyQ*CvaFjDwm>D9@h0UCC-FaKT`;s=v%=#Tij~Q@frZ#(9Lx#
z9f%!jkk0BW&~FR$3Y`^+oZ*gpDBJ?y9&HF0HLawz*|s~8EzEAL5Cz@4A&H+{IzpH`
z&#>JW@DG_VdGYfrhQ17O+d(424L~HD(OLM;IKV<-##zJcF<6LxARzCrsK5xHua>0@
zbhn9E&{@wwbKzc?{`M0JC2**4Ws0zam5Z6GpG)Lkb2Cuw?fb;GUL8$j$VY<X1kRJ&
zeB?H1Mpr#mcP@VnV+eKY4EWKrv`z_oHxy*%V(tDe%k1-06`TvL5=%EBw|N2FG<<Qs
zap&@4MT520V(+T1Nx5TAVvQHGiR_@&ZA~*8qMOCfQ6sWNzKw#=^+nZIxcNO#g!@E0
zfl=2b;g^qLDe_OsN*aM=ZCw>UHo4!aI;j$IDKu@bkh{c$jcq)?%!@5<eam8mb!Hs@
z^54T(P@eA;q$uqKji8LDHy;nN_bO5D!g?(5Kt-eDLt9muW$SliUTW=BV9F#t$5D+g
z_=&=}O6%O?x&C~tMkl4j*HJu(K*f5h7e*{bNN`zwnj=k?vA9%tNbl237H|`aEZ>V&
ziIzu{<I(&kew3tPPALiW7K9zyQsRO3t>0a1I3<3htv~uFhADi_1ugB(j(M&uafZ;A
zIVCF0sA22T-0@Dcd#85v*|Hlfb-#yYn^__g1$W71ie4yMQ@IY!fy0fnRqdWcz0+Pz
zy9DPK!5MO4YW0EaLbf*vA;kG0CBR0e$t)4gGh}SA{0tomXC&ps7b)6g9Ol5+Ggrb&
zb(NSkH<(*@kVMY)8>*de4Y?&ji$u@lYAQ0|oYOU1hy{>WllYnyfnz9Cj{}@M-%gjO
zIMY=^Hp+csqGbL)EEK-2roY(RhWc2Y;#jmH1_`<e{{$CReZt^>g(@BacijaPyxO+_
zpp49GDYgwKH^<KLB_EkA9kYPXU`F4Q5wZ2=*&jBIIo{61VOKF<s3a=<1|ON7$Bhio
za}D?cptCfnN0-DW=)Ri}74j)H8yXNyOekE=#k2R1Wk~C4ncni-<?bh;u9Ob>-M`6m
z!6G5Dv^~eMIGI(&d(h$)x~&UO@l6Rs?S6nlNrir5omfwqeXC@(6HV6RO=Iy+PF-nJ
zn6+pH03NB4Aomh9dJC?Z<pUeVJoTR@45Yj`E}E@u8N(7qJs09-HD8P9D1CWpXXLUK
zG7B>WDpGYI#rsk&8ka97J#<c8--Ma|3SanKIJlI|;a-VttO?<>MKQrzyag95X3jdc
zY{ELeCbBGh0o^z>Uk6^9*C7BlHDE^oQb`lntjI|qBeEx>1n!ft%UuM(wn+ysKW0%M
z^*&k2)8u~i#R=I2Gj(bNy?I<{d$<d5cU%LPpu_X)HI5+53(T!<#czK2ogZ6jD}e8e
zNm<BOrt5L0)jD;G)1vhyXg$YArm}9l2Ca9W`9O;*s~MqMZ}w)s$X_b_45Z3rsbD5U
zIrQ5!UO*ZXT(%>j+>BgVh+D^XiYD?s=bQMPO;KpY$-|y_`K;R9mj5$FazpB{*A?aY
zGZ_~GB+YM=I%W3{^qd+KL%gL1&eqsG@dR%{ifYZ7rvb*3xvmluqwBvL2Oe38+Dawc
zDJU%Hj4yvZP+YV+Ts)ZzrekEvmLp30LnrSbZ8Yh(InvB{Ed1P(`6AH@#hCIZ^!hL-
z7|*6v>~P?382<rTN{t`*D^B`q@AnZQzPmK6997>LfEzp|aT5E9aniXt4)lpmLj(RQ
zfR|c9%<)X#l1RWJl6|?ju&f2;OqT$5U9WtkX}0S}CX*+1YpZiPka@h#TXn0V1r8T&
z^PlL5eChAL?Z#BZgL8%(C_96jHAy<QcFk>PPnkEM2M2oc6SDEQLa@mT(#_r+?+gvJ
zyOwitw#y&`6i2{o@-7lwGuM$ya9%<17MhfnIxnkBNcXPvjL$1CY+C44s7#AgFirws
zTvNDvrL^nS|F{#8lnguTV=OS3cN-;Q7k--&VBRriu$rsC|7M)hzxqT~a;1$_L)kEe
z4lAAZ@(^p!2f*{laOUiwmFEPg2cJ||X0aj7$gvTk(2frbf-lC??W{!a*OE^Yz020;
zPWP&FL6{kcsV1vVN0&p{mI+NcelV%Lh{rj%kqfwb;8q*&&1R)e(0$6|mvdw`wnhM_
zWu*QpZTwIOkrnkZ))l|=j90{K7&2%{R_fHQxgbxlawY^ziA0)itb@EJPcE{}43vpu
zEdp1m5w9y;tuoEtoCJflI#vK`YFnw2ATbT{K}u;5q<HgQTHpwWuByk3j;Hb18o`Al
z$8MUBk359j4ax(Ipwl~xZVSIdJia@4>&@E$l5&+?OV?vD#~woyR|oJD{)04cDSbB9
z0w*5YOq6iB^z!GYSo1I{HT1e^+4O$>;$4g=XjSfZ3|i9l_-d~{x6L(Zcl|+Avs5Fk
zs+9QoddG$7<x)RuQ0G;7iYD&;vLG$T$rO4yg}6yKjTirJ8hgj3{IL(+8eMPNG9^4n
zuxUVnQCq~8=T)L*V=okv`Tp~=m*={PF^YO~Oz^XCSoe>LB8ZGl2Zwkv9A4gxpp=Pp
z2ZhQC+VzYSpaKYouc><9Nc?7X8&Hg-I;F=VIuNaux+0M;0If;C*WHN$+$2Ui5#ulv
z=+x>x`G_jrde^GL3#|tt)DN`65-WE`ODx#qJ4_ku<v6*CVzW_!o5pH^?s69cY(uPX
zm%h9gd)gd?n*|$v+@jLxPh#hKJ#7)9U!y-#Oe}64!#fBL00SDiPfwJW1?P^M>&vn|
zm=z$8XjNIpnfgW|7$O6>A*NUhLsZ9?A!Su5T1!t%e2g}z2LAIQCBn?xXq9?8wEB2K
zDOZ1fir3<31OLV>$Z~<sEE>=z^mm^hocFL<Oo*3_|1td_U;DejgQ+{<|3C$tdfGDI
zrNA;@`zBNQ4dgoQt7N_6S#1_gzWfhB1Q4G`_?&Q$XDe%m!)yccb=<p-p$01+%ab>C
zv<FIzP?kQ$P=$r=0uJ13q5Ce_!LSIz#u`i-1_{Qx4F+CGNp@+F#%A~HO=U8zY={Gd
zECcaOo!t6)+ljdlGN66mlBD9|1QHm{+cg>7`P%5Y5O*g>02HlW2d(P)in#T@{I()P
zPv?U<xcAKg<51R)nw6z~+3Ii%>Fmht&;0eBg@OQ*y#w5c9pkgl&H`;RKLhqI<z-`6
zPQV@iE%&ml;KN|nSCnd1G{bD)d|jHf)3JL!HTM>4(BOFMSQ`lsIkB*K=-3<fpY(Os
zo#{=;v2&gd@BvtZP~eJj^6Y4#Kc8FiQ057?ELy;AE1k)8CGQkfEiV{M+{KWZoD!IA
zp`V^+Qtb~abrKxYrS9`s5`!qy)aF9iQpiP@I>1Zw)4IDT)HDP1Y5}cnMpc5J11?S7
z1TazpwG$Vd;QBNq;Ee!RdLswn)I(FrrkQxzMz?=1?D_~SV=hy5lZU1SRKq<iXGl%l
zXOsM4Y42SmoCv~L2J0>-o>+r<@VZI@xf)lT1TFC11Nc2qv&P_!)2-ijuQ%es%>N!H
z!}B;OnOiouyigQd7HB=mt<b=NzG$vUF6Vekf+s8|>clz$6Du<AP2DB8#cDkqQ8xq8
zG<nbexANMeeMy!Z9#_5Ey4L*MUiV%dKEsM7f}&5i<pkeI2W<pcrE`Es<>|+%@}Cda
z-6{<~|1W7_?#JR;U%&d<S-QR777Z*CzrM;i{oP@sK!s-B^RGn#?Z4jr(wR5C^j2Vm
z{<NycDbuDul9>6l4LDu7P4ms>Gm{$F;X6TK!%e{5_iVW>ZLw^<_k`j5P0y-3Xe_(9
z`jzkPe=jxzJ72t8O|){Yfhp9cF>BsT;IORnYji23Kyqk2#*za(4(_ima4LO&>s#Q)
zTtpbA=_P;@8nPJDc`OV1L3`l@m)wO{qJI?==EEF|s8ZoK)PaP6M^gX?1U_#9pUvk`
z%uyjqKm({jdPNj?Jk#`}UaW1a8m{9x9RSHFp8Up#f}jI=Hewu|f#sNUpbx=Ysuwr|
zS4^`v{YO1*W0lT>8;DSWvS3?!CH$EF^D{8~|KE{Uc$R^Ifeq9tW@gw}q8Gf=u)7{8
O!r<xZ=d#Wzp$Pya@Dtbo

literal 0
HcmV?d00001

diff --git a/fast/stages/0-org-setup/datasets/hardened/defaults.yaml b/fast/stages/0-org-setup/datasets/hardened/defaults.yaml
new file mode 100644
index 000000000..6a86ae90c
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/defaults.yaml
@@ -0,0 +1,92 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../schemas/defaults.schema.json
+
+global:
+  # use `gcloud beta billing accounts list` to populate
+  billing_account: ABCDEF-0123456-ABCDEF
+  organization:
+    # use `gcloud organizations list`` to populate
+    domain: fast-test-00.example.com
+    id: 1234567890
+    customer_id: abcd123456
+projects:
+  defaults:
+    # prefix must be unique and less than 9 characters
+    prefix: test00
+    locations:
+      bigquery: $locations:primary
+      logging: $locations:primary
+      storage: $locations:primary
+  overrides: {}
+context:
+  # you can populate context variables here for use in YAML replacements
+  iam_principals:
+    # this is the default group used in boostrap, initial user must be a member
+    gcp-organization-admins: group:gcp-organization-admins@example.com
+  locations:
+    primary: europe-west1
+output_files:
+  # local path is optional but recommended when starting
+  local_path: ~/fast-config/fast-test-00
+  storage_bucket: $storage_buckets:iac-0/iac-outputs
+  providers:
+    0-org-setup:
+      bucket: $storage_buckets:iac-0/iac-org-state
+      service_account: $iam_principals:service_accounts/iac-0/iac-org-rw
+    0-org-setup-ro:
+      bucket: $storage_buckets:iac-0/iac-org-state
+      service_account: $iam_principals:service_accounts/iac-0/iac-org-ro
+    1-vpcsc:
+      bucket: $storage_buckets:iac-0/iac-stage-state
+      prefix: 1-vpcsc
+      service_account: $iam_principals:service_accounts/iac-0/iac-vpcsc-rw
+    1-vpcsc-ro:
+      bucket: $storage_buckets:iac-0/iac-stage-state
+      prefix: 1-vpcsc
+      service_account: $iam_principals:service_accounts/iac-0/iac-vpcsc-ro
+    2-networking:
+      bucket: $storage_buckets:iac-0/iac-stage-state
+      prefix: 2-networking
+      service_account: $iam_principals:service_accounts/iac-0/iac-networking-rw
+    2-networking-ro:
+      bucket: $storage_buckets:iac-0/iac-stage-state
+      prefix: 2-networking
+      service_account: $iam_principals:service_accounts/iac-0/iac-networking-ro
+    2-security:
+      bucket: $storage_buckets:iac-0/iac-stage-state
+      prefix: 2-security
+      service_account: $iam_principals:service_accounts/iac-0/iac-security-rw
+    2-security-ro:
+      bucket: $storage_buckets:iac-0/iac-stage-state
+      prefix: 2-security
+      service_account: $iam_principals:service_accounts/iac-0/iac-security-ro
+    2-project-factory:
+      bucket: $storage_buckets:iac-0/iac-stage-state
+      prefix: 2-project-factory
+      service_account: $iam_principals:service_accounts/iac-0/iac-pf-rw
+    2-project-factory-ro:
+      bucket: $storage_buckets:iac-0/iac-stage-state
+      prefix: 2-project-factory
+      service_account: $iam_principals:service_accounts/iac-0/iac-pf-ro
+    3-data-platform-dev:
+      bucket: $storage_buckets:iac-0/iac-stage-state
+      prefix: 3-data-platform-dev
+      service_account: $iam_principals:service_accounts/iac-0/iac-dp-dev-rw
+    3-data-platform-dev-ro:
+      bucket: $storage_buckets:iac-0/iac-stage-state
+      prefix: 3-data-platform-dev
+      service_account: $iam_principals:service_accounts/iac-0/iac-dp-dev-ro
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/.config.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/.config.yaml
new file mode 100644
index 000000000..2c1571f36
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/.config.yaml
@@ -0,0 +1,123 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# TODO: data access logs
+
+# yaml-language-server: $schema=../../../schemas/organization.schema.json
+
+id: $defaults:organization/id
+contacts:
+  default:
+    - $iam_principals:gcp-organization-admins
+# conditional authoritative IAM bindings
+iam_bindings:
+  # these don't conflict with IAM / IAM by principal
+  pf_org_policy_admin:
+    role: roles/orgpolicy.policyAdmin
+    members:
+      - $iam_principals:service_accounts/iac-0/iac-pf-rw
+    condition:
+      expression: resource.matchTag('${organization.id}/context', 'project-factory')
+      title: Project factory org policy admin
+  pf_org_policy_viewer:
+    role: roles/orgpolicy.policyViewer
+    members:
+      - $iam_principals:service_accounts/iac-0/iac-pf-ro
+    condition:
+      expression: resource.matchTag('${organization.id}/context', 'project-factory')
+      title: Project factory org policy viewer
+# authoritative IAM bindings by principal
+iam_by_principals:
+  $iam_principals:gcp-organization-admins:
+    - roles/cloudasset.owner
+    - roles/cloudsupport.admin
+    - roles/compute.osAdminLogin
+    - roles/compute.osLoginExternalUser
+    - roles/compute.xpnAdmin
+    - roles/orgpolicy.policyAdmin
+    - roles/owner
+    - roles/resourcemanager.folderAdmin
+    - roles/resourcemanager.organizationAdmin
+    - roles/resourcemanager.projectCreator
+    - roles/resourcemanager.tagAdmin
+    - roles/iam.workforcePoolAdmin
+  $iam_principals:service_accounts/iac-0/iac-org-rw:
+    - roles/accesscontextmanager.policyAdmin
+    - roles/cloudasset.viewer
+    - roles/essentialcontacts.admin
+    - roles/iam.organizationRoleAdmin
+    - roles/iam.workforcePoolAdmin
+    - roles/logging.admin
+    - roles/orgpolicy.policyAdmin
+    - roles/resourcemanager.folderAdmin
+    - roles/resourcemanager.organizationAdmin
+    - roles/resourcemanager.projectCreator
+    - roles/resourcemanager.projectMover
+    - roles/resourcemanager.tagAdmin
+    - roles/resourcemanager.tagUser
+    - roles/securitycentermanagement.customModulesEditor
+  $iam_principals:service_accounts/iac-0/iac-org-ro:
+    - roles/cloudasset.viewer
+    - roles/essentialcontacts.viewer
+    - roles/iam.organizationRoleViewer
+    - roles/iam.workforcePoolViewer
+    - roles/logging.viewer
+    - roles/orgpolicy.policyViewer
+    - roles/resourcemanager.folderViewer
+    - roles/resourcemanager.tagViewer
+    - roles/serviceusage.serviceUsageViewer
+    - $custom_roles:organization_admin_viewer
+    - $custom_roles:tag_viewer
+  $iam_principals:service_accounts/iac-0/iac-networking-rw:
+    - roles/compute.orgFirewallPolicyAdmin
+    - roles/compute.xpnAdmin
+  $iam_principals:service_accounts/iac-0/iac-networking-ro:
+    - roles/compute.orgFirewallPolicyUser
+    - roles/compute.viewer
+  $iam_principals:service_accounts/iac-0/iac-security-rw:
+    - roles/cloudasset.viewer
+  $iam_principals:service_accounts/iac-0/iac-vpcsc-rw:
+    - roles/accesscontextmanager.policyAdmin
+    - roles/cloudasset.viewer
+  $iam_principals:service_accounts/iac-0/iac-vpcsc-ro:
+    - roles/accesscontextmanager.policyReader
+    - roles/cloudasset.viewer
+logging:
+  # disable_default_log_sink: false
+  storage_location: $locations:primary
+  sinks:
+    audit-logs:
+      # description: foo
+      # exclusions: {}
+      destination: $log_buckets:log-0/audit-logs
+      filter: |
+        log_id("cloudaudit.googleapis.com/activity") OR
+        log_id("cloudaudit.googleapis.com/system_event") OR
+        log_id("cloudaudit.googleapis.com/policy") OR
+        log_id("cloudaudit.googleapis.com/access_transparency")
+    iam:
+      destination: $log_buckets:log-0/iam
+      filter: |
+        protoPayload.serviceName="iamcredentials.googleapis.com" OR
+        protoPayload.serviceName="iam.googleapis.com" OR
+        protoPayload.serviceName="sts.googleapis.com"
+    vpc-sc:
+      destination: $log_buckets:log-0/vpc-sc
+      filter: |
+        protoPayload.metadata.@type="type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata"
+# authoritative IAM bindings by role
+# these are internally merged with IAM by principal
+iam:
+  # reset default role on new organizations
+  roles/billing.creator: []
\ No newline at end of file
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.accesscontextmanagerDisableBridgePerimeters.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.accesscontextmanagerDisableBridgePerimeters.yaml
new file mode 100644
index 000000000..7e72e8fb5
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.accesscontextmanagerDisableBridgePerimeters.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.accesscontextmanagerDisableBridgePerimeters:
+  action_type: DENY
+  condition: |-
+    resource.perimeterType == 'PERIMETER_TYPE_BRIDGE'
+  description: Ensure no perimeter bridges are used. Instead, use ingress and egress
+    rules.
+  display_name: Deny usage of perimeter bridges
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - accesscontextmanager.googleapis.com/ServicePerimeter
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunDisableEnvironmentVariablePattern.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunDisableEnvironmentVariablePattern.yaml
new file mode 100644
index 000000000..ff3c47f52
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunDisableEnvironmentVariablePattern.yaml
@@ -0,0 +1,27 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudrunDisableEnvironmentVariablePattern:
+  action_type: DENY
+  condition: |-
+    resource.spec.template.spec.containers.exists(container, container.env.exists(env, ["[sS][eE][cC][rR][eE][tT]", "[kK][eE][yY]", "[pP][aA][sS][sS][wW][oO][rR][dD]", "[tT][oO][kK][eE][nN]"].exists(pattern, env.name.matches(pattern))))
+  description: Enforce that certain patterns are not used in environment variables
+    of Cloud Run Service or Cloud Run Functions
+  display_name: Disable usage of certain patterns in Cloud Run Service or Cloud Run
+    Functions environment variables
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - run.googleapis.com/Service
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobRequireBinaryAuthorization.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobRequireBinaryAuthorization.yaml
new file mode 100644
index 000000000..124742a94
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobRequireBinaryAuthorization.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudrunJobRequireBinaryAuthorization:
+  action_type: DENY
+  condition: |-
+    !('run.googleapis.com/binary-authorization' in resource.metadata.annotations)
+  description: Enforce that Cloud Run Job are using binary authorization
+  display_name: Disable creation of Cloud Run Job without Binary Authorization
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - run.googleapis.com/Job
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceRequireBinaryAuthorization.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceRequireBinaryAuthorization.yaml
new file mode 100644
index 000000000..52df5e670
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceRequireBinaryAuthorization.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudrunServiceRequireBinaryAuthorization:
+  action_type: DENY
+  condition: |-
+    !('run.googleapis.com/binary-authorization' in resource.metadata.annotations)
+  description: Enforce that Cloud Run Service are using binary authorization
+  display_name: Disable creation of Cloud Run Service without Binary Authorization
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - run.googleapis.com/Service
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlDisablePublicAuthorizedNetworks.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlDisablePublicAuthorizedNetworks.yaml
new file mode 100644
index 000000000..1e6cfeb57
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlDisablePublicAuthorizedNetworks.yaml
@@ -0,0 +1,27 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudsqlDisablePublicAuthorizedNetworks:
+  action_type: DENY
+  condition: |-
+    resource.settings.ipConfiguration.authorizedNetworks.exists(network, network.value == '0.0.0.0/0')
+  description: Ensure That Cloud SQL database instances do not implicitly whitelist
+    all public IP addresses
+  display_name: Require Cloud SQL database instances to not whitelist all public IP
+    addresses
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - sqladmin.googleapis.com/Instance
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlEnforcePasswordComplexity.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlEnforcePasswordComplexity.yaml
new file mode 100644
index 000000000..d4abe112f
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlEnforcePasswordComplexity.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudsqlEnforcePasswordComplexity:
+  action_type: DENY
+  condition: |-
+    resource.settings.passwordValidationPolicy.complexity != "COMPLEXITY_DEFAULT" || resource.settings.passwordValidationPolicy.minLength < 12
+  description: Ensure that Cloud SQL instance is configured with a password complexity
+    to be combination of lowercase, uppercase, numeric, and non-alphanumeric characters
+  display_name: Require Cloud SQL instances to configure password complexity to COMPLEXITY_DEFAULT
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - sqladmin.googleapis.com/Instance
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireAutomatedBackup.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireAutomatedBackup.yaml
new file mode 100644
index 000000000..0abe78c6e
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireAutomatedBackup.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudsqlRequireAutomatedBackup:
+  action_type: DENY
+  condition: |-
+    resource.settings.backupConfiguration.enabled != true
+  description: Ensure that Cloud SQL instance have automated backup enabled
+  display_name: Require Cloud SQL instances to have automated backup enabled
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - sqladmin.googleapis.com/Instance
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireMySQLDatabaseFlags.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireMySQLDatabaseFlags.yaml
new file mode 100644
index 000000000..dc2a0b401
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireMySQLDatabaseFlags.yaml
@@ -0,0 +1,30 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudsqlRequireMySQLDatabaseFlags:
+  action_type: DENY
+  condition: |-
+    resource.databaseVersion.startsWith('MYSQL') && (
+      (resource.settings.databaseFlags.exists(flag, flag.name == 'skip_show_database' && flag.value == 'on') == false) ||
+      (resource.settings.databaseFlags.exists(flag, flag.name == 'local_infile' && flag.value == 'off') == false)
+    )
+  description: Ensure Cloud SQL for MySQL instance database flags are set correctly
+    (e.g skip_show_database, local_infile)
+  display_name: Require Cloud SQL for MySQL instance database flags to be configured
+    correctly (e.g skip_show_database, local_infile)
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - sqladmin.googleapis.com/Instance
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePointInTimeRecovery.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePointInTimeRecovery.yaml
new file mode 100644
index 000000000..a813c1fc9
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePointInTimeRecovery.yaml
@@ -0,0 +1,27 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudsqlRequirePointInTimeRecovery:
+  action_type: DENY
+  condition: |-
+    (resource.databaseVersion.contains("POSTGRES") || resource.databaseVersion.contains("SQLSERVER")) && resource.settings.backupConfiguration.pointInTimeRecoveryEnabled == false
+  description: Ensure that Cloud SQL instance is configure enable point in time recovery
+    in the backup configuration. This setting is possibly for Postgres and SQLServer
+    databases.
+  display_name: Require Cloud SQL instances to enable point in time recovery
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - sqladmin.googleapis.com/Instance
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags.yaml
new file mode 100644
index 000000000..2820223c0
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags.yaml
@@ -0,0 +1,31 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags:
+  action_type: DENY
+  condition: |-
+    resource.databaseVersion.startsWith('POSTGRES') && (
+      !resource.settings.databaseFlags.exists(flag, flag.name == 'log_checkpoints' && flag.value == 'on') ||
+      !resource.settings.databaseFlags.exists(flag, flag.name == 'log_executor_stats' && flag.value == 'off') ||
+      !resource.settings.databaseFlags.exists(flag, flag.name == 'log_lock_waits' && flag.value == 'on')
+    )
+  description: Ensure Cloud SQL for PostgreSQL instance database flags are set correctly
+    (e.g log_checkpoints, log_executor_stats, log_lock_waits)
+  display_name: Require Cloud SQL for PostgreSQL instance database flags to be configured
+    correctly (e.g log_checkpoints, log_executor_stats, log_lock_waits)
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - sqladmin.googleapis.com/Instance
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseFlags.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseFlags.yaml
new file mode 100644
index 000000000..f7c756a08
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseFlags.yaml
@@ -0,0 +1,36 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudsqlRequirePostgreSQLDatabaseFlags:
+  action_type: DENY
+  condition: |-
+    resource.databaseVersion.startsWith('POSTGRES') && (
+      !resource.settings.databaseFlags.exists(flag, flag.name == 'log_connections' && flag.value == 'on') ||
+      !resource.settings.databaseFlags.exists(flag, flag.name == 'log_disconnections' && flag.value == 'on') ||
+      !resource.settings.databaseFlags.exists(flag, flag.name == 'log_min_duration_statement' && flag.value == '-1') ||
+      !resource.settings.databaseFlags.exists(flag, flag.name == 'cloudsql.enable_pgaudit' && flag.value == 'on') ||
+      resource.settings.databaseFlags.exists(flag, flag.name == 'log_min_messages' && flag.value in ['error' , 'log', 'fatal', 'panic']) ||
+      resource.settings.databaseFlags.exists(flag, flag.name == 'log_min_error_statement' && flag.value in ['log', 'fatal', 'panic']) ||
+      resource.settings.databaseFlags.exists(flag, flag.name == 'log_error_verbosity' && flag.value in ['terse']) ||
+      resource.settings.databaseFlags.exists(flag, flag.name == 'log_statement' && flag.value in ['none'])
+    )
+  description: Ensure Cloud SQL for PostgreSQL instance database flags are set correctly
+    (e.g log_connections)
+  display_name: Require Cloud SQL for PostgreSQL instance database flags to be configured
+    correctly (e.g log_connections)
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - sqladmin.googleapis.com/Instance
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireRootPassword.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireRootPassword.yaml
new file mode 100644
index 000000000..cce520793
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireRootPassword.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudsqlRequireRootPassword:
+  action_type: DENY
+  condition: |-
+    resource.settings.passwordValidationPolicy.minLength == 0
+  description: Ensure that Cloud SQL instance is configured to use a root password
+  display_name: Require Cloud SQL instances to configure root password
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - sqladmin.googleapis.com/Instance
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSQLServerDatabaseFlags.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSQLServerDatabaseFlags.yaml
new file mode 100644
index 000000000..dff0b551e
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSQLServerDatabaseFlags.yaml
@@ -0,0 +1,35 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudsqlRequireSQLServerDatabaseFlags:
+  action_type: DENY
+  condition: |-
+    resource.databaseVersion.startsWith('SQLSERVER') && (
+      resource.settings.databaseFlags.exists(flag, flag.name == 'external scripts enabled' && flag.value == 'on') ||
+      resource.settings.databaseFlags.exists(flag, flag.name == 'cross db ownership chaining' && flag.value == 'on') ||
+      resource.settings.databaseFlags.exists(flag, flag.name == 'contained database authentication' && flag.value == 'on') ||
+      resource.settings.databaseFlags.exists(flag, flag.name == 'user connections' && flag.value != '0') ||
+      resource.settings.databaseFlags.exists(flag, flag.name == 'user options' && flag.value != '0') ||
+      !resource.settings.databaseFlags.exists(flag, flag.name == 'remote access' && flag.value == 'off') ||
+      !resource.settings.databaseFlags.exists(flag, flag.name == '3625' && flag.value == 'on')
+    )
+  description: Ensure Cloud SQL for SQLServer instance database flags are set correctly
+    (e.g external scripts enabled ...)
+  display_name: Require Cloud SQL for SQLServer instance database flags to be configured
+    correctly (e.g external scripts enabled ...)
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - sqladmin.googleapis.com/Instance
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSSLConnection.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSSLConnection.yaml
new file mode 100644
index 000000000..c1a58b39c
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSSLConnection.yaml
@@ -0,0 +1,27 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.cloudsqlRequireSSLConnection:
+  action_type: DENY
+  condition: |-
+    resource.settings.ipConfiguration.sslMode in ['ENCRYPTED_ONLY', 'TRUSTED_CLIENT_CERTIFICATE_REQUIRED'] == false
+  description: Ensure that Cloud SQL instance is configured to allow only connections
+    that are encrypted with SSL/TLS
+  display_name: Require Cloud SQL instances to allow only connections that are encrypted
+    with SSL/TLS
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - sqladmin.googleapis.com/Instance
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsAllowedSigningAlgorithms.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsAllowedSigningAlgorithms.yaml
new file mode 100644
index 000000000..60ae1e55c
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsAllowedSigningAlgorithms.yaml
@@ -0,0 +1,27 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.dnsAllowedSigningAlgorithms:
+  action_type: DENY
+  condition: |-
+    resource.visibility == "PUBLIC" && resource.dnssecConfig.state == "ON" && resource.dnssecConfig.defaultKeySpecs.exists(spec, spec.algorithm in  ["ECDSAP256SHA256"] == false)
+  description: Ensure that allowed signing algorithms are used for the Key-Signing
+    key and Zone-Signing key in Cloud DNS DNSSEC
+  display_name: Require Cloud DNS DNSSEC configured to use only allowed algorithms
+    in Cloud DNS DNSSEC
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - dns.googleapis.com/ManagedZone
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequireManageZoneDNSSEC.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequireManageZoneDNSSEC.yaml
new file mode 100644
index 000000000..c1ffe64d7
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequireManageZoneDNSSEC.yaml
@@ -0,0 +1,27 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.dnsRequireManageZoneDNSSEC:
+  action_type: DENY
+  condition: |-
+    resource.visibility == "PUBLIC" && (resource.dnssecConfig.state in ["ON", "TRANSFER"] == false)
+  description: Ensure that Cloud DNS DNSSEC is enabled when configuring a DNS Public
+    Managed Zone
+  display_name: Require Cloud DNS DNSSEC enabled when configuring a DNS Public Managed
+    Zone
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - dns.googleapis.com/ManagedZone
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequirePolicyLogging.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequirePolicyLogging.yaml
new file mode 100644
index 000000000..5ab51b295
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequirePolicyLogging.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.dnsRequirePolicyLogging:
+  action_type: DENY
+  condition: |-
+    resource.enableLogging != true
+  description: Ensure that Cloud DNS logging is enabled when configuring a DNS Policy
+  display_name: Require Cloud DNS logging enabled when configuring a DNS Policy
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - dns.googleapis.com/Policy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforcePolicyRuleLogging.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforcePolicyRuleLogging.yaml
new file mode 100644
index 000000000..abcc0eb1a
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforcePolicyRuleLogging.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.firewallEnforcePolicyRuleLogging:
+  action_type: DENY
+  condition: |-
+    resource.rules.exists(rule, rule.action != 'goto_next' && rule.enableLogging == false)
+  description: Ensure that Firewall Policy rules have logging enabled
+  display_name: Require Firewall Policy rules to have logging enabled
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - compute.googleapis.com/FirewallPolicy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforceRuleLogging.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforceRuleLogging.yaml
new file mode 100644
index 000000000..c625f51ff
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforceRuleLogging.yaml
@@ -0,0 +1,33 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.firewallEnforceRuleLogging:
+  action_type: DENY
+  condition: |-
+    (
+      (has(resource.logConfig) == false || resource.logConfig.enable == false) &&
+      !resource.name.startsWith("gke-") &&
+      !resource.name.startsWith("k8s-") &&
+      !resource.name.endsWith("-hc") &&
+      !resource.name.startsWith("k8s2-") &&
+      !resource.name.startsWith("gkegw1-l7-") &&
+      !resource.name.startsWith("gkemcg1-l7-")
+    )
+  description: Ensure that VPC Firewall rules have logging enabled
+  display_name: Require VPC Firewall rules to have logging enabled
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - compute.googleapis.com/Firewall
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictOpenWorldRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictOpenWorldRule.yaml
new file mode 100644
index 000000000..2f4f60b70
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictOpenWorldRule.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.firewallRestrictOpenWorldRule:
+  action_type: DENY
+  condition: |-
+    (size(resource.allowed) > 0) && (resource.sourceRanges.exists(range, range == '0.0.0.0/0') || resource.destinationRanges.exists(range, range == '0.0.0.0/0'))
+  description: Prevent the creation of VPC firewall rule with source or destination
+    any IP address (0.0.0.0/0)
+  display_name: Restrict VPC Firewall rule creation that are open to the world
+  method_types:
+  - CREATE
+  resource_types:
+  - compute.googleapis.com/Firewall
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpPolicyRule.yaml
new file mode 100644
index 000000000..a13c82dc0
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpPolicyRule.yaml
@@ -0,0 +1,36 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.firewallRestrictRdpPolicyRule:
+  action_type: DENY
+  condition: |-
+    resource.rules.exists(rule,
+        rule.priority < 2147483644 &&
+        rule.direction == 'INGRESS' &&
+        !rule.match.srcIpRanges.all(ipRange,
+            ipRange.startsWith('192.168.') || ipRange == '35.235.240.0/20' || ipRange.startsWith('10.')
+        ) &&
+        rule.match.layer4Configs.all(l4config,
+            l4config.ipProtocol == 'tcp' &&
+            l4config.ports.all(port, port == '3389')
+        )
+    )
+  description: Ensure that RDP access is restricted from the Internet when using Firewall
+    Policy Rule
+  display_name: Restrict Firewall Policy rules allowing RDP access from the Internet
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - compute.googleapis.com/FirewallPolicy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpRule.yaml
new file mode 100644
index 000000000..a53c3e9e5
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpRule.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.firewallRestrictRdpRule:
+  action_type: DENY
+  condition: |-
+    resource.direction.matches('INGRESS') &&  resource.allowed.containsFirewallPort('tcp', '3389') &&  !resource.sourceRanges.all(range, range == '35.235.240.0/20' || range.startsWith('10.') || range.startsWith('192.168.'))
+  description: Ensure that RDP access is restricted from the Internet when using VPC
+    Firewall Rule
+  display_name: Restrict VPC Firewall rules allowing RDP access from the Internet
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - compute.googleapis.com/Firewall
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshPolicyRule.yaml
new file mode 100644
index 000000000..21d43b9c3
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshPolicyRule.yaml
@@ -0,0 +1,36 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.firewallRestrictSshPolicyRule:
+  action_type: DENY
+  condition: |-
+    resource.rules.exists(rule,
+        rule.priority < 2147483644 &&
+        rule.direction == 'INGRESS' &&
+        !rule.match.srcIpRanges.all(ipRange,
+            ipRange.startsWith('192.168.') || ipRange == '35.235.240.0/20' || ipRange.startsWith('10.')
+        ) &&
+        rule.match.layer4Configs.all(l4config,
+            l4config.ipProtocol == 'tcp' &&
+            l4config.ports.all(port, port == '22')
+        )
+    )
+  description: Ensure that SSH access is restricted from the Internet when using Firewall
+    Policy Rule
+  display_name: Restrict Firewall Policy rules allowing SSH access from the Internet
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - compute.googleapis.com/FirewallPolicy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshRule.yaml
new file mode 100644
index 000000000..0d62fb1a9
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshRule.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.firewallRestrictSshRule:
+  action_type: DENY
+  condition: |-
+    resource.direction.matches('INGRESS') &&  resource.allowed.containsFirewallPort('tcp', '22') &&  !resource.sourceRanges.all(range, range == '35.235.240.0/20' || range.startsWith('10.') || range.startsWith('192.168.'))
+  description: Ensure that SSH access is restricted from the Internet when using VPC
+    Firewall Rule
+  display_name: Restrict VPC Firewall rules allowing SSH access from the Internet
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - compute.googleapis.com/Firewall
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedNodePoolImages.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedNodePoolImages.yaml
new file mode 100644
index 000000000..afe36af55
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedNodePoolImages.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeAllowedNodePoolImages:
+  action_type: DENY
+  condition: |-
+    resource.config.imageType in ["COS_CONTAINERD"] == false
+  description: Enforce that GKE nodes are using authorized node images
+  display_name: Allow only authorized node pool images
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/NodePool
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedReleaseChannels.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedReleaseChannels.yaml
new file mode 100644
index 000000000..bc5bdc7d6
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedReleaseChannels.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeAllowedReleaseChannels:
+  action_type: DENY
+  condition: |-
+    resource.releaseChannel.channel in ["REGULAR", "STABLE"] == false
+  description: Enfore that GKE cluster are using authorized release channels
+  display_name: Allow only authorized release channels
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableAlphaCluster.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableAlphaCluster.yaml
new file mode 100644
index 000000000..e0c354ee9
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableAlphaCluster.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeDisableAlphaCluster:
+  action_type: DENY
+  condition: |-
+    resource.enableKubernetesAlpha == true
+  description: Enforce that GKE clusters are not using alpha features for production
+    workloads
+  display_name: Disable alpha features for production workloads
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableKubernetesDashboard.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableKubernetesDashboard.yaml
new file mode 100644
index 000000000..053dff095
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableKubernetesDashboard.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeDisableKubernetesDashboard:
+  action_type: DENY
+  condition: |-
+    resource.addonsConfig.kubernetesDashboard.disabled == false
+  description: Enforce that GKE clusters does not have Web UI dashboard enabled
+  display_name: Disable Web UI dashboard
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyAbac.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyAbac.yaml
new file mode 100644
index 000000000..69a0e4294
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyAbac.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeDisableLegacyAbac:
+  action_type: DENY
+  condition: |-
+    resource.legacyAbac.enabled == true
+  description: Enforce that GKE clusters is configured with no legacy ABAC enabled
+  display_name: Disable legacy ABAC
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyMetadataEndpoints.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyMetadataEndpoints.yaml
new file mode 100644
index 000000000..fcb79f4da
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyMetadataEndpoints.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeDisableLegacyMetadataEndpoints:
+  action_type: DENY
+  condition: |-
+    ('disable-legacy-endpoints' in resource.config.metadata && resource.config.metadata['disable-legacy-endpoints'] == 'false')
+  description: Enforce that GKE clusters are created with legacy metadata endpoints
+    disabled
+  display_name: Disable legacy metadata endpoints
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/NodePool
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireCOSImage.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireCOSImage.yaml
new file mode 100644
index 000000000..099e6e4c8
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireCOSImage.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireCOSImage:
+  action_type: DENY
+  condition: |-
+    resource.config.imageType != "COS_CONTAINERD"
+  description: Enforce the nodes pool are using Container-Optimized OS for running
+    containers
+  display_name: Require Container-Optimized OS on node pools
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/NodePool
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireDataplaneV2.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireDataplaneV2.yaml
new file mode 100644
index 000000000..1242373a8
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireDataplaneV2.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireDataplaneV2:
+  action_type: DENY
+  condition: |-
+    resource.networkConfig.datapathProvider != 'ADVANCED_DATAPATH'
+  description: Enforce that the GKE clusters is configured to use dataplane v2
+  display_name: Require dataplane v2
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireGKEMetadataServer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireGKEMetadataServer.yaml
new file mode 100644
index 000000000..8fad83b2a
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireGKEMetadataServer.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireGKEMetadataServer:
+  action_type: DENY
+  condition: |-
+    resource.config.workloadMetadataConfig.mode != 'GKE_METADATA'
+  description: Enforce that GKE clusters are configured with GKE metadata server enabled
+  display_name: Require GKE metadata server
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/NodePool
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntegrityMonitoring.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntegrityMonitoring.yaml
new file mode 100644
index 000000000..928ebdac0
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntegrityMonitoring.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireIntegrityMonitoring:
+  action_type: DENY
+  condition: |-
+    resource.config.shieldedInstanceConfig.enableIntegrityMonitoring == false
+  description: Enforce that GKE nodes are configured with integrity monitoring enabled
+  display_name: Enable integrity monitoring
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/NodePool
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntraNodeVisibility.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntraNodeVisibility.yaml
new file mode 100644
index 000000000..2863cbc36
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntraNodeVisibility.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireIntraNodeVisibility:
+  action_type: DENY
+  condition: |-
+    resource.networkConfig.enableIntraNodeVisibility == false
+  description: Enforce that GKE clusters intranode visibility is enabled
+  display_name: Enable intranode visibility
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMasterAuthorizedNetworks.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMasterAuthorizedNetworks.yaml
new file mode 100644
index 000000000..ba496bbfc
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMasterAuthorizedNetworks.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireMasterAuthorizedNetworks:
+  action_type: DENY
+  condition: |-
+    resource.masterAuthorizedNetworksConfig.enabled == false
+  description: Enforce that GKE clusters restrict network access to the control planes
+    by configuring master authorized networks with authorized CIDR IP ranges
+  display_name: Require master authorized network with authorized CIDR IP ranges
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMonitoring.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMonitoring.yaml
new file mode 100644
index 000000000..2962a2f21
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMonitoring.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireMonitoring:
+  action_type: DENY
+  condition: |-
+    resource.monitoringService != 'monitoring.googleapis.com/kubernetes'
+  description: Enforce that GKE clusters monitoring is enabled
+  display_name: Enable monitoring
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoRepair.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoRepair.yaml
new file mode 100644
index 000000000..491c52d6e
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoRepair.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireNodePoolAutoRepair:
+  action_type: DENY
+  condition: |-
+    resource.management.autoRepair == false
+  description: Enforce that GKE clusters are configured with node auto-repair enabled
+  display_name: Enable node auto-repair
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/NodePool
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoUpgrade.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoUpgrade.yaml
new file mode 100644
index 000000000..9d62cfb02
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoUpgrade.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireNodePoolAutoUpgrade:
+  action_type: DENY
+  condition: |-
+    resource.management.autoUpgrade == false
+  description: Enforce that GKE clusters are configured with node auto-upgrade enabled
+  display_name: Enable node auto-upgrade
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/NodePool
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolCMEKEncryption.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolCMEKEncryption.yaml
new file mode 100644
index 000000000..5054042c2
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolCMEKEncryption.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireNodePoolCMEKEncryption:
+  action_type: DENY
+  condition: |-
+    has(resource.config.bootDiskKmsKey) == false
+  description: Enforce that GKE nodes are configured with CMEK Encryption
+  display_name: Require NodePool CMEK Encryption
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/NodePool
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolSandbox.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolSandbox.yaml
new file mode 100644
index 000000000..9b60179bf
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolSandbox.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireNodePoolSandbox:
+  action_type: DENY
+  condition: |-
+    resource.name.matches("default-pool") == false && has(resource.config.sandboxConfig) == false && resource.config.sandboxConfig.type != 'GVISOR'
+  description: Enforce that the GKE clusters nodes are isolated using GKE sandbox
+    (excepting the default node pool)
+  display_name: Require GKE Sandbox runtime
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/NodePool
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequirePrivateEndpoint.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequirePrivateEndpoint.yaml
new file mode 100644
index 000000000..6c8f81a51
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequirePrivateEndpoint.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequirePrivateEndpoint:
+  action_type: DENY
+  condition: |-
+    resource.privateClusterConfig.enablePrivateEndpoint == false
+  description: Enforce that GKE clusters are created as private clusters with public
+    endpoint disabled
+  display_name: Disable public endpoints
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireRegionalClusters.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireRegionalClusters.yaml
new file mode 100644
index 000000000..9f0ea5c90
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireRegionalClusters.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireRegionalClusters:
+  action_type: DENY
+  condition: |-
+    resource.location.matches("^[a-z]+(-[a-z, 1-9]+)$") == false
+  description: Enforce the creation of regional GKE clusters
+  display_name: Require regional GKE cluster
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireSecureBoot.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireSecureBoot.yaml
new file mode 100644
index 000000000..6bae09764
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireSecureBoot.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireSecureBoot:
+  action_type: DENY
+  condition: |-
+    resource.config.shieldedInstanceConfig.enableSecureBoot == false
+  description: Enforce that GKE nodes are configured with secure boot enabled
+  display_name: Enable secure boot
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/NodePool
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireVPCNativeCluster.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireVPCNativeCluster.yaml
new file mode 100644
index 000000000..e7171b9ee
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireVPCNativeCluster.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.gkeRequireVPCNativeCluster:
+  action_type: DENY
+  condition: |-
+    resource.ipAllocationPolicy.useIpAliases == false
+  description: Enforce that GKE clusters are created with VPC-native
+  display_name: Require VPC-native
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - container.googleapis.com/Cluster
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamAllowedMembers.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamAllowedMembers.yaml
new file mode 100644
index 000000000..9443cd4df
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamAllowedMembers.yaml
@@ -0,0 +1,29 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.iamAllowedMembers:
+  action_type: DENY
+  condition: |-
+    resource.bindings.exists(binding,
+      binding.members.exists(member,
+        !MemberSubjectEndsWith(member, ['@${organization.domain}', '.gserviceaccount.com'])
+      )
+    )
+  description: Ensure no binding are done with members outside the organization domain
+  display_name: Deny principals and members outside the organization domain
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - iam.googleapis.com/AllowPolicy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisablePublicBindings.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisablePublicBindings.yaml
new file mode 100644
index 000000000..4d6167628
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisablePublicBindings.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.iamDisablePublicBindings:
+  action_type: DENY
+  condition: |-
+    resource.bindings.exists(binding, binding.members.exists(member, MemberSubjectMatches(member, ['allUsers', 'allAuthenticatedUsers'])))
+  description: Ensure no use of public bindings (allUsers, allAuthenticatedUsers)
+  display_name: Deny use of public access bindings with allUsers or allAuthenticatedUsers
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - iam.googleapis.com/AllowPolicy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableRedisAdminRoles.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableRedisAdminRoles.yaml
new file mode 100644
index 000000000..c4e63e2ef
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableRedisAdminRoles.yaml
@@ -0,0 +1,34 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.iamDisableRedisAdminRoles:
+  action_type: DENY
+  condition: |-
+    resource.bindings.exists(binding,
+      binding.members.exists(member,
+        !MemberSubjectMatches(member, []) &&
+        (
+          RoleNameMatches(binding.role, ['roles/redis.admin']) ||
+          RoleNameMatches(binding.role, ['roles/redis.editor']) ||
+          RoleNameContains(binding.role, ['roles/redis.viewer'])
+        )
+      )
+    )
+  description: Ensure no use of the basic roles (viewer, editor and owner)
+  display_name: Deny use of the basic roles
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - iam.googleapis.com/AllowPolicy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableTargetHTTPProxy.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableTargetHTTPProxy.yaml
new file mode 100644
index 000000000..2d8c63ce5
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableTargetHTTPProxy.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.networkDisableTargetHTTPProxy:
+  action_type: DENY
+  condition: |-
+    true == true
+  description: Ensure Target HTTP Proxy are not used
+  display_name: Deny usage and creation of Target HTTP Proxy
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - compute.googleapis.com/TargetHttpProxy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableWeakSSLPolicy.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableWeakSSLPolicy.yaml
new file mode 100644
index 000000000..7fda224f9
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableWeakSSLPolicy.yaml
@@ -0,0 +1,39 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.networkDisableWeakSSLPolicy:
+  action_type: DENY
+  condition: |-
+    (resource.profile == "COMPATIBLE") || (resource.profile == "CUSTOM" &&
+      resource.customFeatures.exists(feature, feature in [
+      "TLS_RSA_WITH_AES_128_GCM_SHA256",
+      "TLS_RSA_WITH_AES_256_GCM_SHA384",
+      "TLS_RSA_WITH_AES_128_CBC_SHA",
+      "TLS_RSA_WITH_AES_256_CBC_SHA",
+      "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+      ])
+    ) || (resource.profile == "CUSTOM" &&
+      resource.minTlsVersion in ["TLS_1_2", "TLS_1_3"] == false
+    ) || (resource.profile == "MODERN" &&
+      resource.minTlsVersion in ["TLS_1_2", "TLS_1_3"] == false
+    ) || (resource.profile == "RESTRICTED" &&
+      resource.minTlsVersion in ["TLS_1_2", "TLS_1_3"] == false
+    )
+  description: Ensure SSL Policies created does not have weak cipher suites
+  display_name: Deny usage of SSL Policies with weak cipher suites
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - compute.googleapis.com/SslPolicy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireCustomModeVpc.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireCustomModeVpc.yaml
new file mode 100644
index 000000000..a4a604936
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireCustomModeVpc.yaml
@@ -0,0 +1,24 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.networkRequireCustomModeVpc:
+  action_type: DENY
+  condition: |-
+    resource.autoCreateSubnetworks == true
+  description: Enforce that the subnets creation is using custom mode for a VPC network
+  display_name: Require custom mode VPC network
+  method_types:
+  - CREATE
+  resource_types:
+  - compute.googleapis.com/Network
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireSubnetPrivateGoogleAccess.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireSubnetPrivateGoogleAccess.yaml
new file mode 100644
index 000000000..ee0ea17d0
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireSubnetPrivateGoogleAccess.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.networkRequireSubnetPrivateGoogleAccess:
+  action_type: DENY
+  condition: |-
+    resource.privateIpGoogleAccess == false
+  description: Enforce that the VPC network subnets are configured with private Google
+    access
+  display_name: Require Private Google Access
+  method_types:
+  - CREATE
+  resource_types:
+  - compute.googleapis.com/Subnetwork
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.storageRequireBucketObjectVersionning.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.storageRequireBucketObjectVersionning.yaml
new file mode 100644
index 000000000..fe80d3dd3
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.storageRequireBucketObjectVersionning.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+custom.storageRequireBucketObjectVersionning:
+  action_type: DENY
+  condition: |-
+    resource.versioning.enabled == false
+  description: Enforce Cloud Storage bucket object versioning to be configured
+  display_name: Require object versioning
+  method_types:
+  - CREATE
+  - UPDATE
+  resource_types:
+  - storage.googleapis.com/Bucket
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/network_firewall_policies_admin.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/network_firewall_policies_admin.yaml
new file mode 100644
index 000000000..2d5f872e6
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/network_firewall_policies_admin.yaml
@@ -0,0 +1,24 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json
+
+name: networkFirewallPoliciesAdmin
+includedPermissions:
+  - compute.networks.setFirewallPolicy
+  - networksecurity.firewallEndpointAssociations.create
+  - networksecurity.firewallEndpointAssociations.delete
+  - networksecurity.firewallEndpointAssociations.get
+  - networksecurity.firewallEndpointAssociations.list
+  - networksecurity.firewallEndpointAssociations.update
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/ngfw_enterprise_admin.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/ngfw_enterprise_admin.yaml
new file mode 100644
index 000000000..38b4ee7b6
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/ngfw_enterprise_admin.yaml
@@ -0,0 +1,49 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json
+# this is used by the networking SA to deploy NGFW Enterprise through the addon
+
+name: ngfwEnterpriseAdmin
+includedPermissions:
+  - networksecurity.firewallEndpoints.create
+  - networksecurity.firewallEndpoints.delete
+  - networksecurity.firewallEndpoints.get
+  - networksecurity.firewallEndpoints.list
+  - networksecurity.firewallEndpoints.update
+  - networksecurity.firewallEndpoints.use
+  - networksecurity.locations.get
+  - networksecurity.locations.list
+  - networksecurity.operations.cancel
+  - networksecurity.operations.delete
+  - networksecurity.operations.get
+  - networksecurity.operations.list
+  - networksecurity.securityProfileGroups.create
+  - networksecurity.securityProfileGroups.delete
+  - networksecurity.securityProfileGroups.get
+  - networksecurity.securityProfileGroups.list
+  - networksecurity.securityProfileGroups.update
+  - networksecurity.securityProfileGroups.use
+  - networksecurity.securityProfiles.create
+  - networksecurity.securityProfiles.delete
+  - networksecurity.securityProfiles.get
+  - networksecurity.securityProfiles.list
+  - networksecurity.securityProfiles.update
+  - networksecurity.securityProfiles.use
+  - networksecurity.tlsInspectionPolicies.create
+  - networksecurity.tlsInspectionPolicies.delete
+  - networksecurity.tlsInspectionPolicies.get
+  - networksecurity.tlsInspectionPolicies.list
+  - networksecurity.tlsInspectionPolicies.update
+  - networksecurity.tlsInspectionPolicies.use
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/ngfw_enterprise_viewer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/ngfw_enterprise_viewer.yaml
new file mode 100644
index 000000000..3e814ab9f
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/ngfw_enterprise_viewer.yaml
@@ -0,0 +1,35 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json
+# this is used by the networking SA to deploy NGFW Enterprise through the addon
+
+name: ngfwEnterpriseViewer
+includedPermissions:
+  - networksecurity.firewallEndpoints.get
+  - networksecurity.firewallEndpoints.list
+  - networksecurity.firewallEndpoints.use
+  - networksecurity.locations.get
+  - networksecurity.locations.list
+  - networksecurity.operations.get
+  - networksecurity.operations.list
+  - networksecurity.securityProfileGroups.get
+  - networksecurity.securityProfileGroups.list
+  - networksecurity.securityProfileGroups.use
+  - networksecurity.securityProfiles.get
+  - networksecurity.securityProfiles.list
+  - networksecurity.securityProfiles.use
+  - networksecurity.tlsInspectionPolicies.get
+  - networksecurity.tlsInspectionPolicies.list
+  - networksecurity.tlsInspectionPolicies.use
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/organization_admin_viewer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/organization_admin_viewer.yaml
new file mode 100644
index 000000000..b3008abc1
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/organization_admin_viewer.yaml
@@ -0,0 +1,34 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json
+# this is used by the plan-only admin SA
+
+name: organizationAdminViewer
+includedPermissions:
+  - essentialcontacts.contacts.get
+  - essentialcontacts.contacts.list
+  - logging.settings.get
+  - orgpolicy.constraints.list
+  - orgpolicy.policies.list
+  - orgpolicy.policy.get
+  - resourcemanager.folders.get
+  - resourcemanager.folders.getIamPolicy
+  - resourcemanager.folders.list
+  - resourcemanager.organizations.get
+  - resourcemanager.organizations.getIamPolicy
+  - resourcemanager.projects.get
+  - resourcemanager.projects.getIamPolicy
+  - resourcemanager.projects.list
+  - storage.buckets.getIamPolicy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/organization_iam_admin.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/organization_iam_admin.yaml
new file mode 100644
index 000000000..24f2de838
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/organization_iam_admin.yaml
@@ -0,0 +1,22 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json
+# this is needed for use in additive IAM bindings, to avoid conflicts
+
+name: organizationIamAdmin
+includedPermissions:
+  - resourcemanager.organizations.get
+  - resourcemanager.organizations.getIamPolicy
+  - resourcemanager.organizations.setIamPolicy
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/project_iam_viewer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/project_iam_viewer.yaml
new file mode 100644
index 000000000..b02b3ae38
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/project_iam_viewer.yaml
@@ -0,0 +1,24 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json
+# this is used by the plan-only admin SA
+
+name: projectIamViewer
+includedPermissions:
+- iam.policybindings.get
+- iam.policybindings.list
+- resourcemanager.projects.get
+- resourcemanager.projects.getIamPolicy
+- resourcemanager.projects.searchPolicyBindings
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/service_project_network_admin.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/service_project_network_admin.yaml
new file mode 100644
index 000000000..809435090
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/service_project_network_admin.yaml
@@ -0,0 +1,33 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json
+
+name: serviceProjectNetworkAdmin
+includedPermissions:
+  - compute.globalOperations.get
+  # compute.networks.updatePeering and compute.networks.get are
+  # used by automation service accounts who manage service
+  # projects where peering creation might be needed (e.g. GKE). If
+  # you remove them your network administrators should create
+  # peerings for service projects
+  - compute.networks.updatePeering
+  - compute.networks.get
+  - compute.organizations.disableXpnResource
+  - compute.organizations.enableXpnResource
+  - compute.projects.get
+  - compute.subnetworks.getIamPolicy
+  - compute.subnetworks.setIamPolicy
+  - dns.networks.bindPrivateDNSZone
+  - resourcemanager.projects.get
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/storage_viewer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/storage_viewer.yaml
new file mode 100644
index 000000000..faa31936b
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/storage_viewer.yaml
@@ -0,0 +1,33 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json
+# the following permissions are a descoped version of storage.admin
+
+name: storageViewer
+includedPermissions:
+  - storage.buckets.get
+  - storage.buckets.getIamPolicy
+  - storage.buckets.getObjectInsights
+  - storage.buckets.list
+  - storage.buckets.listEffectiveTags
+  - storage.buckets.listTagBindings
+  - storage.managedFolders.get
+  - storage.managedFolders.getIamPolicy
+  - storage.managedFolders.list
+  - storage.multipartUploads.list
+  - storage.multipartUploads.listParts
+  - storage.objects.get
+  - storage.objects.getIamPolicy
+  - storage.objects.list
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/tag_viewer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/tag_viewer.yaml
new file mode 100644
index 000000000..926ee7168
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-roles/tag_viewer.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json
+# the following permissions are a descoped version of tagAdm
+
+name: tagViewer
+includedPermissions:
+  - resourcemanager.tagHolds.list
+  - resourcemanager.tagKeys.get
+  - resourcemanager.tagKeys.getIamPolicy
+  - resourcemanager.tagKeys.list
+  - resourcemanager.tagValues.get
+  - resourcemanager.tagValues.getIamPolicy
+  - resourcemanager.tagValues.list
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/observability/auditConfigChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/observability/auditConfigChanges.yaml
new file mode 100644
index 000000000..242042242
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/observability/auditConfigChanges.yaml
@@ -0,0 +1,76 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+alerts:
+  auditConfigChanges:
+    combiner: OR
+    conditions:
+    - condition_threshold:
+        aggregations:
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.organization_id
+          - metric.label.folder_id
+          - metric.label.project_id
+          per_series_aligner: ALIGN_SUM
+        comparison: COMPARISON_GT
+        duration: 0s
+        filter: resource.type = "logging_bucket" AND metric.type = "logging.googleapis.com/user/auditConfigChanges"
+        threshold_value: 0
+        trigger:
+          count: 1
+      display_name: 'Log match condition: Audit Configuration Changes'
+    display_name: Audit Configuration Changes
+    documentation:
+      content: 'Log-based alerting policy in project ${project} detected audit configuration
+        changes.
+
+        This alert helps track GCP services audit log configuration changes to ensure
+        appropriate audit logs are being collected. ``` protoPayload.methodName="SetIamPolicy"
+        AND protoPayload.serviceData.policyDelta.auditConfigDeltas:* ```'
+      mime_type: text/markdown
+logging_metrics:
+  auditConfigChanges:
+    bucket_name: log-0/audit-logs
+    description: Audit Configuration Changes
+    filter: protoPayload.methodName="SetIamPolicy" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:*
+    label_extractors:
+      folder_id: EXTRACT(labels.folder_id)
+      method_name: EXTRACT(protoPayload.methodName)
+      organization_id: EXTRACT(labels.organization_id)
+      principal: EXTRACT(protoPayload.authenticationInfo.principalEmail)
+      project_id: EXTRACT(labels.project_id)
+    metric_descriptor:
+      labels:
+      - description: principal
+        key: principal
+        value_type: STRING
+      - description: method_name
+        key: method_name
+        value_type: STRING
+      - description: organization_id
+        key: organization_id
+        value_type: STRING
+      - description: folder_id
+        key: folder_id
+        value_type: STRING
+      - description: project_id
+        key: project_id
+        value_type: STRING
+      metric_kind: DELTA
+      unit: '1'
+      value_type: INT64
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/observability/customRoleChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/observability/customRoleChanges.yaml
new file mode 100644
index 000000000..0deb4d50e
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/observability/customRoleChanges.yaml
@@ -0,0 +1,78 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+alerts:
+  customRoleChanges:
+    combiner: OR
+    conditions:
+    - condition_threshold:
+        aggregations:
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.organization_id
+          - metric.label.project_id
+          - metric.label.role_name
+          per_series_aligner: ALIGN_SUM
+        comparison: COMPARISON_GT
+        duration: 0s
+        filter: resource.type = "logging_bucket" AND metric.type = "logging.googleapis.com/user/customRoleChanges"
+        threshold_value: 0
+        trigger:
+          count: 1
+      display_name: 'Log match condition: custom role changes'
+    display_name: Custom Role Changes
+    documentation:
+      content: "Log-based alerting policy in project ${project} detected custom IAM\
+        \ role creation, deletion or update activities.\nThis alert helps ensure security\
+        \ by monitoring changes to Identity and Access Management (IAM) roles. ```\n\
+        \  resource.type=\"iam_role\" AND \n  (\n    protoPayload.methodName=\"google.iam.admin.v1.CreateRole\"\
+        \ OR \n    protoPayload.methodName=\"google.iam.admin.v1.UpdateRole\" OR \n\
+        \    protoPayload.methodName=\"google.iam.admin.v1.DeleteRole\"\n  )\n```"
+      mime_type: text/markdown
+logging_metrics:
+  customRoleChanges:
+    bucket_name: log-0/audit-logs
+    description: Custom Role Changes
+    filter: "resource.type=\"iam_role\" AND (\n  protoPayload.methodName=\"google.iam.admin.v1.CreateRole\"\
+      \ OR\n  protoPayload.methodName=\"google.iam.admin.v1.UpdateRole\" OR\n  protoPayload.methodName=\"\
+      google.iam.admin.v1.DeleteRole\"\n)"
+    label_extractors:
+      method_name: EXTRACT(protoPayload.methodName)
+      organization_id: EXTRACT(labels.organization_id)
+      principal: EXTRACT(protoPayload.authenticationInfo.principalEmail)
+      project_id: EXTRACT(labels.project_id)
+      role_name: EXTRACT(labels.role_name)
+    metric_descriptor:
+      labels:
+      - description: principal
+        key: principal
+        value_type: STRING
+      - description: method_name
+        key: method_name
+        value_type: STRING
+      - description: organization_id
+        key: organization_id
+        value_type: STRING
+      - description: project_id
+        key: project_id
+        value_type: STRING
+      - description: role_name
+        key: role_name
+        value_type: STRING
+      metric_kind: DELTA
+      unit: '1'
+      value_type: INT64
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/observability/projectOwnershipChange.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/observability/projectOwnershipChange.yaml
new file mode 100644
index 000000000..d064e5df8
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/observability/projectOwnershipChange.yaml
@@ -0,0 +1,82 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+alerts:
+  projectOwnershipChange:
+    combiner: OR
+    conditions:
+    - condition_threshold:
+        aggregations:
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.organization_id
+          - metric.label.folder_id
+          - metric.label.project_id
+          per_series_aligner: ALIGN_SUM
+        comparison: COMPARISON_GT
+        duration: 0s
+        filter: resource.type = "logging_bucket" AND metric.type = "logging.googleapis.com/user/projectOwnershipChange"
+        threshold_value: 0
+        trigger:
+          count: 1
+      display_name: Project Ownership Changes
+    display_name: Project Ownership Changes
+    documentation:
+      content: "Log-based alerting policy in project ${project} detected a project\
+        \ ownership assignments or changes. ``` (protoPayload.serviceName=\"cloudresourcemanager.googleapis.com\"\
+        ) AND  (ProjectOwnership OR projectOwnerInvitee)  OR  (\n  protoPayload.serviceData.policyDelta.bindingDeltas.action=\"\
+        REMOVE\" AND \n  protoPayload.serviceData.policyDelta.bindingDeltas.role=\"\
+        roles/owner\"\n)  OR  (\n  protoPayload.serviceData.policyDelta.bindingDeltas.action=\"\
+        ADD\" AND \n  protoPayload.serviceData.policyDelta.bindingDeltas.role=\"roles/owner\"\
+        \n) ```"
+      mime_type: text/markdown
+logging_metrics:
+  projectOwnershipChange:
+    bucket_name: log-0/audit-logs
+    description: Project Ownership Changes
+    filter: "(protoPayload.serviceName=\"cloudresourcemanager.googleapis.com\") AND\
+      \ (ProjectOwnership OR projectOwnerInvitee) OR (\n  protoPayload.serviceData.policyDelta.bindingDeltas.action=\"\
+      REMOVE\" AND\n  protoPayload.serviceData.policyDelta.bindingDeltas.role=\"roles/owner\"\
+      \n) OR (\n  protoPayload.serviceData.policyDelta.bindingDeltas.action=\"ADD\"\
+      \ AND\n  protoPayload.serviceData.policyDelta.bindingDeltas.role=\"roles/owner\"\
+      \n)"
+    label_extractors:
+      folder_id: EXTRACT(labels.folder_id)
+      method_name: EXTRACT(protoPayload.methodName)
+      organization_id: EXTRACT(labels.organization_id)
+      principal: EXTRACT(protoPayload.authenticationInfo.principalEmail)
+      project_id: EXTRACT(labels.project_id)
+    metric_descriptor:
+      labels:
+      - description: principal
+        key: principal
+        value_type: STRING
+      - description: method_name
+        key: method_name
+        value_type: STRING
+      - description: organization_id
+        key: organization_id
+        value_type: STRING
+      - description: folder_id
+        key: folder_id
+        value_type: STRING
+      - description: project_id
+        key: project_id
+        value_type: STRING
+      metric_kind: DELTA
+      unit: '1'
+      value_type: INT64
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/accesscontextmanager.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/accesscontextmanager.yaml
new file mode 100644
index 000000000..58a0c960a
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/accesscontextmanager.yaml
@@ -0,0 +1,24 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+custom.accesscontextmanagerDisableBridgePerimeters:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/appengine.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/appengine.yaml
new file mode 100644
index 000000000..6ec545dcf
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/appengine.yaml
@@ -0,0 +1,24 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+appengine.disableCodeDownload:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/bigquery.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/bigquery.yaml
new file mode 100644
index 000000000..3285de8d9
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/bigquery.yaml
@@ -0,0 +1,32 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+bigquery.disableBQOmniAWS:
+  rules:
+    - enforce: true
+
+bigquery.disableBQOmniAzure:
+  rules:
+    - enforce: true
+
+custom.iamDisablePublicBindings:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/cloudbuild.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/cloudbuild.yaml
new file mode 100644
index 000000000..6077bbd1e
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/cloudbuild.yaml
@@ -0,0 +1,35 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+cloudbuild.allowedIntegrations:
+  rules:
+    - deny:
+        all: true
+
+cloudbuild.allowedWorkerPools:
+  rules:
+    - allow:
+        values:
+            - "under:organizations/${organization.id}"
+
+cloudbuild.disableCreateDefaultServiceAccount:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/compute.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/compute.yaml
new file mode 100644
index 000000000..3ca84e0fb
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/compute.yaml
@@ -0,0 +1,132 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+compute.disableGuestAttributesAccess:
+  rules:
+    - enforce: true
+
+compute.disableInternetNetworkEndpointGroup:
+  rules:
+    - enforce: true
+
+compute.disableNestedVirtualization:
+  rules:
+    - enforce: true
+
+compute.disableSerialPortAccess:
+  rules:
+    - enforce: true
+
+compute.disableVpcExternalIpv6:
+  rules:
+    - enforce: true
+
+compute.managed.blockPreviewFeatures:
+  rules:
+    - enforce: true
+
+compute.requireOsLogin:
+  rules:
+    - enforce: true
+
+compute.requireShieldedVm:
+  rules:
+    - enforce: true
+
+compute.requireSslPolicy:
+  rules:
+    - allow:
+        values:
+            - "under:organizations/${organization.id}"
+
+compute.restrictLoadBalancerCreationForTypes:
+  rules:
+    - allow:
+        values:
+            - "in:INTERNAL"
+
+compute.restrictProtocolForwardingCreationForTypes:
+  rules:
+    - allow:
+        values:
+            - "is:INTERNAL"
+
+compute.setNewProjectDefaultToZonalDNSOnly:
+  rules:
+    - enforce: true
+
+compute.skipDefaultNetworkCreation:
+  rules:
+    - enforce: true
+
+compute.trustedImageProjects:
+  rules:
+    - allow:
+        values:
+            - "is:projects/centos-cloud"
+            - "is:projects/cos-cloud"
+            - "is:projects/debian-cloud"
+            - "is:projects/fedora-cloud"
+            - "is:projects/fedora-coreos-cloud"
+            - "is:projects/opensuse-cloud"
+            - "is:projects/rhel-cloud"
+            - "is:projects/rhel-sap-cloud"
+            - "is:projects/rocky-linux-cloud"
+            - "is:projects/suse-cloud"
+            - "is:projects/suse-sap-cloud"
+            - "is:projects/ubuntu-os-cloud"
+            - "is:projects/ubuntu-os-pro-cloud"
+            - "is:projects/windows-cloud"
+            - "is:projects/windows-sql-cloud"
+            - "is:projects/confidential-vm-images"
+            - "is:projects/confidential-space-images"
+            - "is:projects/backupdr-images"
+            - "is:projects/deeplearning-platform-release"
+            - "is:projects/serverless-vpc-access-images"
+            - "is:projects/gke-node-images"
+            - "is:projects/gke-windows-node-images"
+            - "is:projects/ubuntu-os-gke-cloud"
+
+compute.vmExternalIpAccess:
+  rules:
+    - deny:
+        all: true
+
+custom.networkRequireSubnetPrivateGoogleAccess:
+  rules:
+    - enforce: true
+
+gcp.restrictTLSCipherSuites:
+  rules:
+    - allow:
+        values:
+            - "in:NIST-800-52-recommended-ciphers"
+
+gcp.restrictTLSVersion:
+  rules:
+    - deny:
+        values:
+            - "TLS_VERSION_1"
+            - "TLS_VERSION_1_1"
+
+iam.automaticIamGrantsForDefaultServiceAccounts:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/dns.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/dns.yaml
new file mode 100644
index 000000000..e612f0b97
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/dns.yaml
@@ -0,0 +1,32 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+custom.dnsAllowedSigningAlgorithms:
+  rules:
+    - enforce: true
+
+custom.dnsRequireManageZoneDNSSEC:
+  rules:
+    - enforce: true
+
+custom.dnsRequirePolicyLogging:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/essentialcontacts.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/essentialcontacts.yaml
new file mode 100644
index 000000000..6f3d6bab6
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/essentialcontacts.yaml
@@ -0,0 +1,36 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+essentialcontacts.allowedContactDomains:
+  rules:
+    - allow:
+        values:
+          - '@${organization.domain}'
+      condition:
+        title: Restrict essential contacts domains
+        expression: |
+          !resource.matchTag('${organization.id}/org-policies', 'allowed-essential-contacts-domains-all')
+    - allow:
+        all: true
+      condition:
+        title: Allow essential contacts from any domain
+        expression: |
+          resource.matchTag('${organization.id}/org-policies', 'allowed-essential-contacts-domains-all')
+    
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/firewall.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/firewall.yaml
new file mode 100644
index 000000000..be6f066c5
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/firewall.yaml
@@ -0,0 +1,32 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+custom.firewallRestrictOpenWorldRule:
+  rules:
+    - enforce: true
+
+custom.firewallRestrictRdpPolicyRule:
+  rules:
+    - enforce: true
+
+custom.firewallRestrictSshPolicyRule:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/gcp.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/gcp.yaml
new file mode 100644
index 000000000..b41b0ca04
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/gcp.yaml
@@ -0,0 +1,29 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+# gcp.resourceLocations:
+#   rules:
+#     - allow:
+#         values:
+#           - "global"
+#           - "in:eu-locations"
+#           - "in:europe-west1-locations"
+#           - "in:europe-west4-locations"
+    
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/gke.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/gke.yaml
new file mode 100644
index 000000000..d85766ead
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/gke.yaml
@@ -0,0 +1,112 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+container.managed.disableABAC:
+  rules:
+    - enforce: true
+
+container.managed.disableLegacyClientCertificateIssuance:
+  rules:
+    - enforce: true
+
+container.managed.enableCloudLogging:
+  rules:
+    - enforce: true
+
+container.managed.enableNetworkPolicy:
+  rules:
+    - enforce: true
+
+container.managed.enablePrivateNodes:
+  rules:
+    - enforce: true
+
+container.managed.enableShieldedNodes:
+  rules:
+    - enforce: true
+
+container.managed.enableWorkloadIdentityFederation:
+  rules:
+    - enforce: true
+
+custom.gkeAllowedNodePoolImages:
+  rules:
+    - enforce: true
+
+custom.gkeAllowedReleaseChannels:
+  rules:
+    - enforce: true
+
+custom.gkeDisableAlphaCluster:
+  rules:
+    - enforce: true
+
+custom.gkeDisableKubernetesDashboard:
+  rules:
+    - enforce: true
+
+custom.gkeDisableLegacyAbac:
+  rules:
+    - enforce: true
+
+custom.gkeDisableLegacyMetadataEndpoints:
+  rules:
+    - enforce: true
+
+custom.gkeRequireCOSImage:
+  rules:
+    - enforce: true
+
+custom.gkeRequireDataplaneV2:
+  rules:
+    - enforce: true
+
+custom.gkeRequireGKEMetadataServer:
+  rules:
+    - enforce: true
+
+custom.gkeRequireIntegrityMonitoring:
+  rules:
+    - enforce: true
+
+custom.gkeRequireMonitoring:
+  rules:
+    - enforce: true
+
+custom.gkeRequireNodePoolAutoRepair:
+  rules:
+    - enforce: true
+
+custom.gkeRequireNodePoolAutoUpgrade:
+  rules:
+    - enforce: true
+
+custom.gkeRequireRegionalClusters:
+  rules:
+    - enforce: true
+
+custom.gkeRequireSecureBoot:
+  rules:
+    - enforce: true
+
+custom.gkeRequireVPCNativeCluster:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/iam.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/iam.yaml
new file mode 100644
index 000000000..5784dc49b
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/iam.yaml
@@ -0,0 +1,68 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+iam.allowedPolicyMemberDomains:
+  rules:
+    - allow:
+        values:
+          - is:${organization.customer_id}
+      condition:
+        title: Restrict member domains
+        expression: |
+          !resource.matchTag('${organization.id}/org-policies', 'allowed-policy-member-domains-all')
+    - allow:
+        all: true
+      condition:
+        title: Allow any member domain
+        expression: |
+          resource.matchTag('${organization.id}/org-policies', 'allowed-policy-member-domains-all')
+    
+iam.disableAuditLoggingExemption:
+  rules:
+    - enforce: true
+
+iam.disableServiceAccountKeyCreation:
+  rules:
+    - enforce: true
+
+iam.disableServiceAccountKeyUpload:
+  rules:
+    - enforce: true
+
+iam.managed.disableServiceAccountApiKeyCreation:
+  rules:
+    - enforce: true
+
+iam.serviceAccountKeyExposureResponse:
+  rules:
+    - allow:
+        values:
+            - "is:DISABLE_KEY"
+
+iam.workloadIdentityPoolAwsAccounts:
+  rules:
+    - deny:
+        all: true
+
+iam.workloadIdentityPoolProviders:
+  rules:
+    - deny:
+        all: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/network.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/network.yaml
new file mode 100644
index 000000000..0d1bd0c27
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/network.yaml
@@ -0,0 +1,50 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+compute.restrictDedicatedInterconnectUsage:
+  rules:
+    - allow:
+        values:
+            - "under:organizations/${organization.id}"
+
+compute.restrictPartnerInterconnectUsage:
+  rules:
+    - allow:
+        values:
+            - "under:organizations/${organization.id}"
+
+compute.restrictVpcPeering:
+  rules:
+    - allow:
+        values:
+            - "under:organizations/${organization.id}"
+
+custom.networkDisableTargetHTTPProxy:
+  rules:
+    - enforce: true
+
+custom.networkDisableWeakSSLPolicy:
+  rules:
+    - enforce: true
+
+custom.networkRequireCustomModeVpc:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/serverless.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/serverless.yaml
new file mode 100644
index 000000000..b7e9ba0eb
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/serverless.yaml
@@ -0,0 +1,56 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+cloudfunctions.allowedVpcConnectorEgressSettings:
+  rules:
+    - allow:
+        values:
+            - "ALL_TRAFFIC"
+
+cloudfunctions.requireVPCConnector:
+  rules:
+    - enforce: true
+
+custom.cloudrunDisableEnvironmentVariablePattern:
+  rules:
+    - enforce: true
+
+run.allowedBinaryAuthorizationPolicies:
+  rules:
+    - allow:
+        values:
+            - "default"
+
+run.allowedIngress:
+  rules:
+    - allow:
+        values:
+            - "is:internal-and-cloud-load-balancing"
+
+run.allowedVPCEgress:
+  rules:
+    - allow:
+        values:
+            - "all-traffic"
+
+run.managed.requireInvokerIam:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/sql.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/sql.yaml
new file mode 100644
index 000000000..37ccbbd7b
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/sql.yaml
@@ -0,0 +1,64 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+custom.cloudsqlDisablePublicAuthorizedNetworks:
+  rules:
+    - enforce: true
+
+custom.cloudsqlEnforcePasswordComplexity:
+  rules:
+    - enforce: true
+
+custom.cloudsqlRequireAutomatedBackup:
+  rules:
+    - enforce: true
+
+custom.cloudsqlRequireMySQLDatabaseFlags:
+  rules:
+    - enforce: true
+
+custom.cloudsqlRequirePointInTimeRecovery:
+  rules:
+    - enforce: true
+
+custom.cloudsqlRequirePostgreSQLDatabaseFlags:
+  rules:
+    - enforce: true
+
+custom.cloudsqlRequireRootPassword:
+  rules:
+    - enforce: true
+
+custom.cloudsqlRequireSQLServerDatabaseFlags:
+  rules:
+    - enforce: true
+
+custom.cloudsqlRequireSSLConnection:
+  rules:
+    - enforce: true
+
+sql.restrictAuthorizedNetworks:
+  rules:
+    - enforce: true
+
+sql.restrictPublicIp:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/storage.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/storage.yaml
new file mode 100644
index 000000000..612e8e174
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/storage.yaml
@@ -0,0 +1,38 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+storage.publicAccessPrevention:
+  rules:
+    - enforce: true
+
+storage.restrictAuthTypes:
+  rules:
+    - deny:
+        values:
+            - "in:ALL_HMAC_SIGNED_REQUESTS"
+
+storage.secureHttpTransport:
+  rules:
+    - enforce: true
+
+storage.uniformBucketLevelAccess:
+  rules:
+    - enforce: true
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/vertexai.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/vertexai.yaml
new file mode 100644
index 000000000..bf6171952
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/org-policies/vertexai.yaml
@@ -0,0 +1,38 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# sample subset of useful organization policies, edit to suit requirements
+# start of document (---) avoids errors if the file only contains comments
+
+# yaml-language-server: $schema=../../../../schemas/org-policies.schema.json
+
+ainotebooks.disableFileDownloads:
+  rules:
+    - enforce: true
+
+ainotebooks.disableRootAccess:
+  rules:
+    - enforce: true
+
+ainotebooks.restrictPublicIp:
+  rules:
+    - enforce: true
+
+ainotebooks.restrictVpcNetworks:
+  rules:
+    - allow:
+        values:
+            - "under:organizations/${organization.id}"
+
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireIngressInternalAndLoadBalancer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireIngressInternalAndLoadBalancer.yaml
new file mode 100644
index 000000000..2fb646ea1
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireIngressInternalAndLoadBalancer.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cloudfunctionsV1RequireIngressInternalAndLoadBalancer:
+  description: Detect if Gen1 Cloud Functions are not configured to allow only internal
+    traffic and traffic from load balancer
+  predicate:
+    expression: (!resource.ingressSettings.matches("ALLOW_INTERNAL_AND_GCLB"))
+  recommendation: Ensure Gen1 Cloud Functions are configured to allow only internal
+    traffic and traffic from load balancer
+  resource_selector:
+    resource_types:
+    - cloudfunctions.googleapis.com/CloudFunction
+  severity: MEDIUM
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireVPCConnector.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireVPCConnector.yaml
new file mode 100644
index 000000000..516ee36c2
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireVPCConnector.yaml
@@ -0,0 +1,23 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cloudfunctionsV1RequireVPCConnector:
+  description: Detect if Gen1 Cloud Functions are configured without any VPC Connector
+  predicate:
+    expression: (!has(resource.vpcConnector))
+  recommendation: Ensure Gen1 Cloud Functions are configured with VPC Connector
+  resource_selector:
+    resource_types:
+    - cloudfunctions.googleapis.com/CloudFunction
+  severity: MEDIUM
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireBinaryAuthorization.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireBinaryAuthorization.yaml
new file mode 100644
index 000000000..108d91494
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireBinaryAuthorization.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cloudrunRequireBinaryAuthorization:
+  description: Detect if Cloud Run services are configured without Binary Authorization
+    enabled
+  predicate:
+    expression: (!resource.metadata.annotations.exists(data, data == 'run.googleapis.com/binary-authorization'))
+  recommendation: Ensure that Binary Authorization is enabled for all Cloud Run services
+    and that the project's default Binary Authorization policy requires attestation
+  resource_selector:
+    resource_types:
+    - run.googleapis.com/Job
+    - run.googleapis.com/Service
+  severity: HIGH
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireIngressInternalAndLoadBalancer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireIngressInternalAndLoadBalancer.yaml
new file mode 100644
index 000000000..2223c065e
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireIngressInternalAndLoadBalancer.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cloudrunRequireIngressInternalAndLoadBalancer:
+  description: Detect if Cloud Run services are not configured to allow only internal
+    traffic and traffic from load balancer
+  predicate:
+    expression: (!resource.metadata.annotations['run.googleapis.com/ingress'].matches('internal-and-cloud-load-balancing'))
+  recommendation: Ensure Cloud Run services are configured to allow only internal
+    traffic and traffic from load balancer
+  resource_selector:
+    resource_types:
+    - run.googleapis.com/Service
+  severity: HIGH
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequirePointInTimeRecovery.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequirePointInTimeRecovery.yaml
new file mode 100644
index 000000000..c0b38dc0b
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequirePointInTimeRecovery.yaml
@@ -0,0 +1,24 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cloudsqlRequirePointInTimeRecovery:
+  description: Detect if the CloudSQL instances have point in time recovery disabled
+  predicate:
+    expression: (!resource.settings.backupConfiguration.binaryLogEnabled && !resource.settings.backupConfiguration.pointInTimeRecoveryEnabled
+      )
+  recommendation: Ensure the CloudSQL instances have point in time recovery enabled
+  resource_selector:
+    resource_types:
+    - sqladmin.googleapis.com/Instance
+  severity: HIGH
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/computeDisableNestedVirtualization.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/computeDisableNestedVirtualization.yaml
new file mode 100644
index 000000000..31ad54aa8
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/computeDisableNestedVirtualization.yaml
@@ -0,0 +1,23 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+computeDisableNestedVirtualization:
+  description: Detect Compute Instances with nested virtualization enabled
+  predicate:
+    expression: resource.advancedMachineFeatures.enableNestedVirtualization
+  recommendation: Ensure Compute Instance does not have nested virtualization enabled
+  resource_selector:
+    resource_types:
+    - compute.googleapis.com/Instance
+  severity: MEDIUM
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeDisableClientCertificateAuth.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeDisableClientCertificateAuth.yaml
new file mode 100644
index 000000000..a9d6b510c
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeDisableClientCertificateAuth.yaml
@@ -0,0 +1,24 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+gkeDisableClientCertificateAuth:
+  description: Detect if any GKE clusters uses client certificate authentication
+  predicate:
+    expression: resource.masterAuth.clientCertificateConfig.issueClientCertificate
+      == true
+  recommendation: Ensure that control plane does not use client certificate authentication
+  resource_selector:
+    resource_types:
+    - container.googleapis.com/Cluster
+  severity: CRITICAL
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireDataplaneV2.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireDataplaneV2.yaml
new file mode 100644
index 000000000..c574f034a
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireDataplaneV2.yaml
@@ -0,0 +1,24 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+gkeRequireDataplaneV2:
+  description: Detect if GKE clusters are configured with a version different than
+    Dataplane V2
+  predicate:
+    expression: resource.networkConfig.datapathProvider == 'ADVANCED_DATAPATH'
+  recommendation: Ensure only GKE Dataplane V2 are configured
+  resource_selector:
+    resource_types:
+    - container.googleapis.com/Cluster
+  severity: MEDIUM
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireRegionalCluster.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireRegionalCluster.yaml
new file mode 100644
index 000000000..1238a185e
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireRegionalCluster.yaml
@@ -0,0 +1,23 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+gkeRequireRegionalCluster:
+  description: Detect if any non regional GKE clusters are used
+  predicate:
+    expression: (!resource.location.matches("^[a-z]+(-[a-z, 1-9]+)$"))
+  recommendation: Ensure GKE clusters are configured to be regional
+  resource_selector:
+    resource_types:
+    - container.googleapis.com/Cluster
+  severity: MEDIUM
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/tags/context.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/tags/context.yaml
new file mode 100644
index 000000000..0ecf1c1a5
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/tags/context.yaml
@@ -0,0 +1,23 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/tags.schema.json
+
+description: "Organization-level contexts."
+# iam:
+#   "roles/resourcemanager.tagViewer":
+#     - "group:finance-team@example.com"
+values:
+  project-factory:
+    description: "Project factory."
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/tags/environment.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/tags/environment.yaml
new file mode 100644
index 000000000..f004043f6
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/tags/environment.yaml
@@ -0,0 +1,43 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/tags.schema.json
+
+description: "Organization-level environments."
+# iam:
+#   "roles/resourcemanager.tagViewer":
+#     - "group:finance-team@example.com"
+values:
+  development:
+    description: "Development."
+    iam:
+      "roles/resourcemanager.tagUser":
+        - $iam_principals:service_accounts/iac-0/iac-networking-rw
+        - $iam_principals:service_accounts/iac-0/iac-security-rw
+        - $iam_principals:service_accounts/iac-0/iac-pf-rw
+      "roles/resourcemanager.tagViewer":
+        - $iam_principals:service_accounts/iac-0/iac-networking-ro
+        - $iam_principals:service_accounts/iac-0/iac-security-ro
+        - $iam_principals:service_accounts/iac-0/iac-pf-ro
+  production:
+    description: "Production."
+    iam:
+      "roles/resourcemanager.tagUser":
+        - $iam_principals:service_accounts/iac-0/iac-networking-rw
+        - $iam_principals:service_accounts/iac-0/iac-security-rw
+        - $iam_principals:service_accounts/iac-0/iac-pf-rw
+      "roles/resourcemanager.tagViewer":
+        - $iam_principals:service_accounts/iac-0/iac-networking-ro
+        - $iam_principals:service_accounts/iac-0/iac-security-ro
+        - $iam_principals:service_accounts/iac-0/iac-pf-ro
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/tags/org-policies.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/tags/org-policies.yaml
new file mode 100644
index 000000000..ebf85412f
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/tags/org-policies.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/tags.schema.json
+
+description: "Organization policy condition tags."
+# iam:
+#   "roles/resourcemanager.tagViewer":
+#     - "group:finance-team@example.com"
+values:
+  allowed-essential-contacts-domains-all:
+    description: "Allow all domains in essntial contacts org policy."
+  allowed-policy-member-domains-all:
+    description: "Allow all domains in DRS org policy."
diff --git a/fast/stages/0-org-setup/datasets/hardened/projects/core/billing-0.yaml b/fast/stages/0-org-setup/datasets/hardened/projects/core/billing-0.yaml
new file mode 100644
index 000000000..29070bbc2
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/projects/core/billing-0.yaml
@@ -0,0 +1,29 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/project.schema.json
+
+name: prod-billing-exp-0
+iam_by_principals:
+  $iam_principals:service_accounts/iac-0/iac-org-ro:
+    - roles/viewer
+  $iam_principals:service_accounts/iac-0/iac-org-rw:
+    - roles/owner
+services:
+  - bigquery.googleapis.com
+  - bigquerydatatransfer.googleapis.com
+  - storage.googleapis.com
+datasets:
+  billing_export:
+    friendly_name: Billing export
diff --git a/fast/stages/0-org-setup/datasets/hardened/projects/core/iac-0.yaml b/fast/stages/0-org-setup/datasets/hardened/projects/core/iac-0.yaml
new file mode 100644
index 000000000..9f9aa24cb
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/projects/core/iac-0.yaml
@@ -0,0 +1,179 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/project.schema.json
+
+# TODO: data access logs configuration
+name: prod-iac-core-0
+iam_by_principals:
+  $iam_principals:gcp-organization-admins:
+    - roles/iam.serviceAccountTokenCreator
+    - roles/iam.workloadIdentityPoolAdmin
+  $iam_principals:service_accounts/iac-0/iac-org-ro:
+    - roles/browser
+    - roles/cloudbuild.builds.viewer
+    - roles/iam.serviceAccountViewer
+    - roles/iam.workloadIdentityPoolViewer
+    - $custom_roles:storage_viewer
+    - roles/viewer
+  $iam_principals:service_accounts/iac-0/iac-org-rw:
+    - roles/cloudbuild.builds.editor
+    - roles/iam.serviceAccountAdmin
+    - roles/iam.workloadIdentityPoolAdmin
+    - roles/owner
+    - roles/storage.admin
+services:
+  - accesscontextmanager.googleapis.com
+  - bigquery.googleapis.com
+  - bigqueryreservation.googleapis.com
+  - bigquerystorage.googleapis.com
+  - billingbudgets.googleapis.com
+  - cloudasset.googleapis.com
+  - cloudbilling.googleapis.com
+  - cloudbuild.googleapis.com
+  - cloudkms.googleapis.com
+  - cloudquotas.googleapis.com
+  - cloudresourcemanager.googleapis.com
+  - compute.googleapis.com
+  - container.googleapis.com
+  - datacatalog.googleapis.com
+  - essentialcontacts.googleapis.com
+  - iam.googleapis.com
+  - iamcredentials.googleapis.com
+  - logging.googleapis.com
+  - monitoring.googleapis.com
+  - networksecurity.googleapis.com
+  - orgpolicy.googleapis.com
+  - pubsub.googleapis.com
+  - securitycentermanagement.googleapis.com
+  - servicenetworking.googleapis.com
+  - serviceusage.googleapis.com
+  - storage-component.googleapis.com
+  - storage.googleapis.com
+  - sts.googleapis.com
+org_policies:
+  iam.workloadIdentityPoolProviders:
+    rules:
+      - allow:
+          values:
+            - https://token.actions.githubusercontent.com
+            - https://gitlab.com
+            - https://app.terraform.io
+buckets:
+  # Terraform state bucket for this stage
+  iac-org-state:
+    description: Terraform state for the org-level automation.
+    iam:
+      roles/storage.admin:
+        - $iam_principals:service_accounts/iac-0/iac-org-rw
+      $custom_roles:storage_viewer:
+        - $iam_principals:service_accounts/iac-0/iac-org-ro
+  # Terraform state bucket for additional FAST stages
+  iac-stage-state:
+    description: Terraform state for stage automation.
+    managed_folders:
+      1-vpcsc:
+        iam:
+          roles/storage.admin:
+            - $iam_principals:service_accounts/iac-0/iac-vpcsc-rw
+          $custom_roles:storage_viewer:
+            - $iam_principals:service_accounts/iac-0/iac-vpcsc-ro
+      2-networking:
+        iam:
+          roles/storage.admin:
+            - $iam_principals:service_accounts/iac-0/iac-networking-rw
+          $custom_roles:storage_viewer:
+            - $iam_principals:service_accounts/iac-0/iac-networking-ro
+      2-security:
+        iam:
+          roles/storage.admin:
+            - $iam_principals:service_accounts/iac-0/iac-security-rw
+          $custom_roles:storage_viewer:
+            - $iam_principals:service_accounts/iac-0/iac-security-ro
+      2-project-factory:
+        iam:
+          roles/storage.admin:
+            - $iam_principals:service_accounts/iac-0/iac-pf-rw
+          $custom_roles:storage_viewer:
+            - $iam_principals:service_accounts/iac-0/iac-pf-ro
+      3-data-platform-dev:
+        iam:
+          roles/storage.admin:
+            - $iam_principals:service_accounts/iac-0/iac-dp-dev-rw
+          $custom_roles:storage_viewer:
+            - $iam_principals:service_accounts/iac-0/iac-dp-dev-ro
+  # Terraform state bucket for FAST outputs
+  iac-outputs:
+    description: Terraform state for the org-level automation.
+    iam:
+      roles/storage.admin:
+        - $iam_principals:service_accounts/iac-0/iac-org-rw
+        - $iam_principals:service_accounts/iac-0/iac-dp-dev-rw
+        - $iam_principals:service_accounts/iac-0/iac-networking-rw
+        - $iam_principals:service_accounts/iac-0/iac-security-rw
+        - $iam_principals:service_accounts/iac-0/iac-pf-rw
+        - $iam_principals:service_accounts/iac-0/iac-vpcsc-rw
+      $custom_roles:storage_viewer:
+        - $iam_principals:service_accounts/iac-0/iac-org-ro
+        - $iam_principals:service_accounts/iac-0/iac-dp-dev-ro
+        - $iam_principals:service_accounts/iac-0/iac-networking-ro
+        - $iam_principals:service_accounts/iac-0/iac-security-ro
+        - $iam_principals:service_accounts/iac-0/iac-pf-ro
+        - $iam_principals:service_accounts/iac-0/iac-vpcsc-ro
+        - $iam_principals:service_accounts/iac-0/iac-org-cicd-rw
+        - $iam_principals:service_accounts/iac-0/iac-org-cicd-ro
+service_accounts:
+  # IaC service accounts for this stage
+  iac-org-ro:
+    display_name: IaC service account for org setup (read-only).
+  iac-org-rw:
+    display_name: IaC service account for org setup (read-write).
+  # CI/CD service accounts for this stage
+  iac-org-cicd-ro:
+    display_name: IaC service account for org setup CI/CD (read-only).
+    iam_sa_roles:
+      $service_account_ids:iac-0/iac-org-ro:
+        - roles/iam.workloadIdentityUser
+        - roles/iam.serviceAccountTokenCreator
+  iac-org-cicd-rw:
+    display_name: IaC service account for org setup CI/CD (read-write).
+    iam_sa_roles:
+      $service_account_ids:iac-0/iac-org-rw:
+        - roles/iam.workloadIdentityUser
+        - roles/iam.serviceAccountTokenCreator
+  # IaC service accounts for vpc-sc stage
+  iac-vpcsc-ro:
+    display_name: IaC service account for VPC service controls (read-only).
+  iac-vpcsc-rw:
+    display_name: IaC service account for VPC service controls (read-write).
+  # IaC service accounts for networking stage
+  iac-networking-ro:
+    display_name: IaC service account for networking (read-only).
+  iac-networking-rw:
+    display_name: IaC service account for networking (read-write).
+  # IaC service accounts for security stage
+  iac-security-ro:
+    display_name: IaC service account for security (read-only).
+  iac-security-rw:
+    display_name: IaC service account for security (read-write).
+  # IaC service accounts for project factory stage
+  iac-pf-ro:
+    display_name: IaC service account for project factory (read-only).
+  iac-pf-rw:
+    display_name: IaC service account for project factory (read-write).
+  # IaC service accounts for data platform (dev) stage
+  iac-dp-dev-ro:
+    display_name: IaC service account for data platform dev (read-only).
+  iac-dp-dev-rw:
+    display_name: IaC service account for data platform dev (read-write).
diff --git a/fast/stages/0-org-setup/datasets/hardened/projects/core/log-0.yaml b/fast/stages/0-org-setup/datasets/hardened/projects/core/log-0.yaml
new file mode 100644
index 000000000..71088bf2d
--- /dev/null
+++ b/fast/stages/0-org-setup/datasets/hardened/projects/core/log-0.yaml
@@ -0,0 +1,35 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/project.schema.json
+
+name: prod-audit-logs-0
+iam_by_principals:
+  $iam_principals:service_accounts/iac-0/iac-org-ro:
+    - roles/viewer
+  $iam_principals:service_accounts/iac-0/iac-org-rw:
+    - roles/owner
+services:
+  - logging.googleapis.com
+  - pubsub.googleapis.com
+  - storage.googleapis.com
+log_buckets:
+  audit-logs: {}
+  iam: {}
+  vpc-sc:
+    log_analytics:
+      enable: true
+    retention: 31
+factories_config:
+  observability: datasets/hardened/organization/observability/
diff --git a/fast/stages/0-org-setup/organization.tf b/fast/stages/0-org-setup/organization.tf
index 582f67b21..3a6064d76 100644
--- a/fast/stages/0-org-setup/organization.tf
+++ b/fast/stages/0-org-setup/organization.tf
@@ -85,6 +85,7 @@ module "organization" {
     org_policy_custom_constraints = "${local.paths.organization}/custom-constraints"
     custom_roles                  = "${local.paths.organization}/custom-roles"
     tags                          = "${local.paths.organization}/tags"
+    scc_sha_custom_modules        = "${local.paths.organization}/scc-sha-custom-modules"
   }
   tags_config = {
     ignore_iam = true
diff --git a/fast/stages/1-vpcsc/README.md b/fast/stages/1-vpcsc/README.md
index f539e1142..b7528d6fb 100644
--- a/fast/stages/1-vpcsc/README.md
+++ b/fast/stages/1-vpcsc/README.md
@@ -45,7 +45,7 @@ The stage is designed to allow defining additional perimeters via the `perimeter
 
 Restricted services, access levels, ingress and egress policies can all be configured via YAML-based files, which allow intuitive editing and minimize the complexity of running operations.
 
-The default setup only contains a single access level and an initial list of restricted services in the `data/access-levels` folder and the `data/restricted-services.yaml` file.
+The default setup only contains a single access level and an initial list of restricted services in the `datasets/classic/access-levels` folder and the `datasets/classic/restricted-services.yaml` file.
 
 To configure ingress and egress policies simply add `ingress_policies` and/or `egress_policies` folders under `data`, or point the factories to your own folders by changing the `factories_config` variable values.
 
@@ -55,7 +55,7 @@ Examples on how to write access level and policy YAML files are provided further
 
 The way we set up the perimeter for broad access is via a single geo-based access level, which is configured to allow access from one or more countries and deny all other traffic coming from outside the perimeter.
 
-The [`data/access-levels/geo.yaml`](data/access-levels/geo.yaml) file serves as an example and **should be edited to contain the countries you need** (or replaced/removed for more granular configuration).
+The [`datasets/classic/access-levels/geo.yaml`](datasets/classic/access-levels/geo.yaml) file serves as an example and **should be edited to contain the countries you need** (or replaced/removed for more granular configuration).
 
 ```yaml
 conditions:
@@ -167,7 +167,7 @@ The stage creates the org-level access policy by default. A pre-existing policy
 
 The default perimeter is exposed via the `perimeters.default` variable which allows customizing most of its features.
 
-The only exception is the list of restricted services, which is configured via a YAML file with a list of services. To configure restricted services edit the list in `data/restricted-services.yaml`, or set the list of services in the `restricted_services` perimeter attribute.
+The only exception is the list of restricted services, which is configured via a YAML file with a list of services. To configure restricted services edit the list in `datasets/classic/restricted-services.yaml`, or set the list of services in the `restricted_services` perimeter attribute.
 
 Note that it's not enough to define access levels and ingress/egress policies via their variables or via factory files: in order for them to be deployed they also need to be referenced by name in the perimeter via the attributes shown in this example.
 
@@ -220,14 +220,14 @@ access_levels = {
 And the same defined instead via factory files.
 
 ```yaml
-# data/access-levels/a1.yaml
+# datasets/classic/access-levels/a1.yaml
 conditions:
   - members:
     - "user:user1@example.com"
 ```
 
 ```yaml
-# data/access-levels/a2.yaml
+# datasets/classic/access-levels/a2.yaml
 combining_function: OR
 conditions:
   - regions:
@@ -246,7 +246,7 @@ Like access levels, ingress and egress policies can be defined via tfvars or fac
 This is an example ingress policy defined in yaml:
 
 ```yaml
-# data/ingress-policies/sa-tf-test.yaml
+# datasets/classic/ingress-policies/sa-tf-test.yaml
 from:
   access_levels:
     - "*"
@@ -265,7 +265,7 @@ to:
 And this is an example egress policy:
 
 ```yaml
-# data/egress-policies/gcs-sa-foo.yaml
+# datasets/classic/egress-policies/gcs-sa-foo.yaml
 from:
   identities:
     - serviceAccount:foo@myproject.iam.gserviceaccount.com
@@ -307,7 +307,7 @@ Some references that might be useful in setting up this stage:
 | [access_policy](variables.tf#L67) | Access policy id (used for tenant-level VPC-SC configurations). | <code>number</code> |  | <code>null</code> |  |
 | [context](variables.tf#L73) | External context used in replacements. | <code title="object&#40;&#123;&#10;  identity_sets   &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  project_numbers &#61; optional&#40;map&#40;number&#41;, &#123;&#125;&#41;&#10;  resource_sets   &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  service_sets    &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |  |
 | [egress_policies](variables.tf#L85) | Egress policy definitions that can be referenced in perimeters. | <code title="map&#40;object&#40;&#123;&#10;  title &#61; optional&#40;string&#41;&#10;  from &#61; object&#40;&#123;&#10;    access_levels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    identity_type &#61; optional&#40;string&#41;&#10;    identities    &#61; optional&#40;list&#40;string&#41;&#41;&#10;    resources     &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  &#125;&#41;&#10;  to &#61; object&#40;&#123;&#10;    external_resources &#61; optional&#40;list&#40;string&#41;&#41;&#10;    operations &#61; optional&#40;list&#40;object&#40;&#123;&#10;      method_selectors     &#61; optional&#40;list&#40;string&#41;&#41;&#10;      permission_selectors &#61; optional&#40;list&#40;string&#41;&#41;&#10;      service_name         &#61; string&#10;    &#125;&#41;&#41;, &#91;&#93;&#41;&#10;    resources &#61; optional&#40;list&#40;string&#41;&#41;&#10;    roles     &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |  |
-| [factories_config](variables.tf#L128) | Paths to folders that enable factory functionality. | <code title="object&#40;&#123;&#10;  access_levels       &#61; optional&#40;string, &#34;data&#47;access-levels&#34;&#41;&#10;  egress_policies     &#61; optional&#40;string, &#34;data&#47;egress-policies&#34;&#41;&#10;  ingress_policies    &#61; optional&#40;string, &#34;data&#47;ingress-policies&#34;&#41;&#10;  perimeters          &#61; optional&#40;string, &#34;data&#47;perimeters&#34;&#41;&#10;  restricted_services &#61; optional&#40;string, &#34;data&#47;restricted-services.yaml&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |  |
+| [factories_config](variables.tf#L128) | Paths to folders that enable factory functionality. | <code title="object&#40;&#123;&#10;  access_levels       &#61; optional&#40;string, &#34;datasets&#47;classic&#47;access-levels&#34;&#41;&#10;  egress_policies     &#61; optional&#40;string, &#34;datasets&#47;classic&#47;egress-policies&#34;&#41;&#10;  ingress_policies    &#61; optional&#40;string, &#34;datasets&#47;classic&#47;ingress-policies&#34;&#41;&#10;  perimeters          &#61; optional&#40;string, &#34;datasets&#47;classic&#47;perimeters&#34;&#41;&#10;  restricted_services &#61; optional&#40;string, &#34;datasets&#47;classic&#47;restricted-services.yaml&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |  |
 | [iam_principals](variables-fast.tf#L26) | Org-level IAM principals. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> | <code>0-org-setup</code> |
 | [ingress_policies](variables.tf#L141) | Ingress policy definitions that can be referenced in perimeters. | <code title="map&#40;object&#40;&#123;&#10;  title &#61; optional&#40;string&#41;&#10;  from &#61; object&#40;&#123;&#10;    access_levels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    identity_type &#61; optional&#40;string&#41;&#10;    identities    &#61; optional&#40;list&#40;string&#41;&#41;&#10;    resources     &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  &#125;&#41;&#10;  to &#61; object&#40;&#123;&#10;    operations &#61; optional&#40;list&#40;object&#40;&#123;&#10;      method_selectors     &#61; optional&#40;list&#40;string&#41;&#41;&#10;      permission_selectors &#61; optional&#40;list&#40;string&#41;&#41;&#10;      service_name         &#61; string&#10;    &#125;&#41;&#41;, &#91;&#93;&#41;&#10;    resources &#61; optional&#40;list&#40;string&#41;&#41;&#10;    roles     &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |  |
 | [logging](variables-fast.tf#L34) | Log writer identities for organization / folders. | <code title="object&#40;&#123;&#10;  writer_identities &#61; map&#40;string&#41;&#10;  project_number    &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> | <code>0-org-setup</code> |
diff --git a/fast/stages/1-vpcsc/data/access-levels/geo.yaml b/fast/stages/1-vpcsc/datasets/classic/access-levels/geo.yaml
similarity index 90%
rename from fast/stages/1-vpcsc/data/access-levels/geo.yaml
rename to fast/stages/1-vpcsc/datasets/classic/access-levels/geo.yaml
index 96a3d6857..55d2e40e7 100644
--- a/fast/stages/1-vpcsc/data/access-levels/geo.yaml
+++ b/fast/stages/1-vpcsc/datasets/classic/access-levels/geo.yaml
@@ -12,11 +12,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# yaml-language-server: $schema=../../schemas/access-level.schema.json
+# yaml-language-server: $schema=../../../schemas/access-level.schema.json
 
 # this is just an example that reflects the FAST core team members' locations
 # and needs to be edited, or not referenced in the perimeter variable
 conditions:
   - regions:
       - ES
+      - ID
       - IT
diff --git a/fast/stages/1-vpcsc/data/ingress-policies/fast-org-log-sinks.yaml b/fast/stages/1-vpcsc/datasets/classic/ingress-policies/fast-org-log-sinks.yaml
similarity index 90%
rename from fast/stages/1-vpcsc/data/ingress-policies/fast-org-log-sinks.yaml
rename to fast/stages/1-vpcsc/datasets/classic/ingress-policies/fast-org-log-sinks.yaml
index 1efc9cf13..42bb2d59a 100644
--- a/fast/stages/1-vpcsc/data/ingress-policies/fast-org-log-sinks.yaml
+++ b/fast/stages/1-vpcsc/datasets/classic/ingress-policies/fast-org-log-sinks.yaml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# yaml-language-server: $schema=../../schemas/ingress-policy.schema.json
+# yaml-language-server: $schema=../../../schemas/ingress-policy.schema.json
 
 from:
   access_levels:
diff --git a/fast/stages/1-vpcsc/data/perimeters/default.yaml b/fast/stages/1-vpcsc/datasets/classic/perimeters/default.yaml
similarity index 91%
rename from fast/stages/1-vpcsc/data/perimeters/default.yaml
rename to fast/stages/1-vpcsc/datasets/classic/perimeters/default.yaml
index 8e9d59cbd..877c32a75 100644
--- a/fast/stages/1-vpcsc/data/perimeters/default.yaml
+++ b/fast/stages/1-vpcsc/datasets/classic/perimeters/default.yaml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# yaml-language-server: $schema=../../schemas/perimeter.schema.json
+# yaml-language-server: $schema=../../../schemas/perimeter.schema.json
 
 use_explicit_dry_run_spec: true
 spec:
diff --git a/fast/stages/1-vpcsc/data/restricted-services.yaml b/fast/stages/1-vpcsc/datasets/classic/restricted-services.yaml
similarity index 100%
rename from fast/stages/1-vpcsc/data/restricted-services.yaml
rename to fast/stages/1-vpcsc/datasets/classic/restricted-services.yaml
diff --git a/fast/stages/1-vpcsc/datasets/hardened/access-levels/geo.yaml b/fast/stages/1-vpcsc/datasets/hardened/access-levels/geo.yaml
new file mode 100644
index 000000000..55d2e40e7
--- /dev/null
+++ b/fast/stages/1-vpcsc/datasets/hardened/access-levels/geo.yaml
@@ -0,0 +1,23 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../schemas/access-level.schema.json
+
+# this is just an example that reflects the FAST core team members' locations
+# and needs to be edited, or not referenced in the perimeter variable
+conditions:
+  - regions:
+      - ES
+      - ID
+      - IT
diff --git a/fast/stages/1-vpcsc/datasets/hardened/ingress-policies/fast-org-log-sinks.yaml b/fast/stages/1-vpcsc/datasets/hardened/ingress-policies/fast-org-log-sinks.yaml
new file mode 100644
index 000000000..42bb2d59a
--- /dev/null
+++ b/fast/stages/1-vpcsc/datasets/hardened/ingress-policies/fast-org-log-sinks.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../schemas/ingress-policy.schema.json
+
+from:
+  access_levels:
+    - "*"
+  identities:
+    - $identity_sets:logging_identities
+to:
+  operations:
+    - service_name: "*"
+  resources:
+    - $resource_sets:logging_project
diff --git a/fast/stages/1-vpcsc/datasets/hardened/perimeters/default.yaml b/fast/stages/1-vpcsc/datasets/hardened/perimeters/default.yaml
new file mode 100644
index 000000000..eb32bb40c
--- /dev/null
+++ b/fast/stages/1-vpcsc/datasets/hardened/perimeters/default.yaml
@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../schemas/perimeter.schema.json
+
+status:
+  access_levels:
+    - geo
+  resources:
+    - $resource_sets:discovered_projects
+  ingress_policies:
+    - fast-org-log-sinks
+  restricted_services:
+    - $service_sets:restricted_services
diff --git a/fast/stages/1-vpcsc/datasets/hardened/restricted-services.yaml b/fast/stages/1-vpcsc/datasets/hardened/restricted-services.yaml
new file mode 100644
index 000000000..edfb7790c
--- /dev/null
+++ b/fast/stages/1-vpcsc/datasets/hardened/restricted-services.yaml
@@ -0,0 +1,87 @@
+# skip boilerplate check
+- accessapproval.googleapis.com
+- adsdatahub.googleapis.com
+- aiplatform.googleapis.com
+- apigee.googleapis.com
+- apigeeconnect.googleapis.com
+- artifactregistry.googleapis.com
+- assuredworkloads.googleapis.com
+- automl.googleapis.com
+- bigquery.googleapis.com
+- bigquerydatatransfer.googleapis.com
+- bigtable.googleapis.com
+- binaryauthorization.googleapis.com
+- cloudasset.googleapis.com
+- cloudbuild.googleapis.com
+- cloudfunctions.googleapis.com
+- cloudkms.googleapis.com
+- cloudprofiler.googleapis.com
+- cloudresourcemanager.googleapis.com
+- cloudsearch.googleapis.com
+- cloudtrace.googleapis.com
+- composer.googleapis.com
+- compute.googleapis.com
+- connectgateway.googleapis.com
+- contactcenterinsights.googleapis.com
+- container.googleapis.com
+- containeranalysis.googleapis.com
+- containerregistry.googleapis.com
+- containerthreatdetection.googleapis.com
+- datacatalog.googleapis.com
+- dataflow.googleapis.com
+- datafusion.googleapis.com
+- dataproc.googleapis.com
+- datastream.googleapis.com
+- dialogflow.googleapis.com
+- dlp.googleapis.com
+- dns.googleapis.com
+- documentai.googleapis.com
+- eventarc.googleapis.com
+- file.googleapis.com
+- gameservices.googleapis.com
+- gkeconnect.googleapis.com
+- gkehub.googleapis.com
+- healthcare.googleapis.com
+- iam.googleapis.com
+- iaptunnel.googleapis.com
+- language.googleapis.com
+- lifesciences.googleapis.com
+- logging.googleapis.com
+- managedidentities.googleapis.com
+- memcache.googleapis.com
+- meshca.googleapis.com
+- metastore.googleapis.com
+- ml.googleapis.com
+- monitoring.googleapis.com
+- networkconnectivity.googleapis.com
+- networkmanagement.googleapis.com
+- networksecurity.googleapis.com
+- networkservices.googleapis.com
+- notebooks.googleapis.com
+- opsconfigmonitoring.googleapis.com
+- osconfig.googleapis.com
+- oslogin.googleapis.com
+- privateca.googleapis.com
+- pubsub.googleapis.com
+- pubsublite.googleapis.com
+- recaptchaenterprise.googleapis.com
+- recommender.googleapis.com
+- redis.googleapis.com
+- run.googleapis.com
+- secretmanager.googleapis.com
+- servicecontrol.googleapis.com
+- servicedirectory.googleapis.com
+- spanner.googleapis.com
+- speakerid.googleapis.com
+- speech.googleapis.com
+- sqladmin.googleapis.com
+- storage.googleapis.com
+- storagetransfer.googleapis.com
+- texttospeech.googleapis.com
+- tpu.googleapis.com
+- trafficdirector.googleapis.com
+- transcoder.googleapis.com
+- translate.googleapis.com
+- videointelligence.googleapis.com
+- vision.googleapis.com
+- vpcaccess.googleapis.com
diff --git a/fast/stages/1-vpcsc/variables.tf b/fast/stages/1-vpcsc/variables.tf
index 48cc09e6e..9065f6ac8 100644
--- a/fast/stages/1-vpcsc/variables.tf
+++ b/fast/stages/1-vpcsc/variables.tf
@@ -128,11 +128,11 @@ variable "egress_policies" {
 variable "factories_config" {
   description = "Paths to folders that enable factory functionality."
   type = object({
-    access_levels       = optional(string, "data/access-levels")
-    egress_policies     = optional(string, "data/egress-policies")
-    ingress_policies    = optional(string, "data/ingress-policies")
-    perimeters          = optional(string, "data/perimeters")
-    restricted_services = optional(string, "data/restricted-services.yaml")
+    access_levels       = optional(string, "datasets/classic/access-levels")
+    egress_policies     = optional(string, "datasets/classic/egress-policies")
+    ingress_policies    = optional(string, "datasets/classic/ingress-policies")
+    perimeters          = optional(string, "datasets/classic/perimeters")
+    restricted_services = optional(string, "datasets/classic/restricted-services.yaml")
   })
   nullable = false
   default  = {}
diff --git a/fast/stages/3-data-platform-dev/data-domains.tf b/fast/stages/3-data-platform-dev/data-domains.tf
index 8e434611e..f14031d97 100644
--- a/fast/stages/3-data-platform-dev/data-domains.tf
+++ b/fast/stages/3-data-platform-dev/data-domains.tf
@@ -69,8 +69,11 @@ module "dd-folders" {
     })
   }
   iam_by_principals = {
-    for k, v in each.value.folder_config.iam_by_principals :
-    lookup(var.factories_config.context.iam_principals, k, k) => v
+    for principal, roles_list in {
+      for k, v in each.value.folder_config.iam_by_principals :
+      lookup(var.factories_config.context.iam_principals, k, k) => v...
+    } :
+    principal => flatten(roles_list)
   }
 }
 
@@ -179,8 +182,11 @@ module "dd-projects-iam" {
     }
   )
   iam_by_principals = {
-    for k, v in each.value.project_config.iam_by_principals :
-    lookup(var.factories_config.context.iam_principals, k, k) => v
+    for principal, roles_list in {
+      for k, v in each.value.project_config.iam_by_principals :
+      lookup(var.factories_config.context.iam_principals, k, k) => v...
+    } :
+    principal => flatten(roles_list)
   }
   shared_vpc_service_config = (
     each.value.project_config.shared_vpc_service_config == null
diff --git a/fast/stages/3-data-platform-dev/main.tf b/fast/stages/3-data-platform-dev/main.tf
index 22ca9af20..53c472f29 100644
--- a/fast/stages/3-data-platform-dev/main.tf
+++ b/fast/stages/3-data-platform-dev/main.tf
@@ -67,8 +67,11 @@ module "central-project" {
     })
   }
   iam_by_principals = {
-    for k, v in var.central_project_config.iam_by_principals :
-    lookup(var.factories_config.context.iam_principals, k, k) => v
+    for principal, roles_list in {
+      for k, v in var.central_project_config.iam_by_principals :
+      lookup(var.factories_config.context.iam_principals, k, k) => v...
+    } :
+    principal => flatten(roles_list)
   }
   labels = {
     environment = var.stage_config.environment
diff --git a/fast/stages/CLEANUP.md b/fast/stages/CLEANUP.md
index 79898fa8c..a8c989d89 100644
--- a/fast/stages/CLEANUP.md
+++ b/fast/stages/CLEANUP.md
@@ -67,6 +67,8 @@ A minor glitch can surface running `terraform destroy`, where the service projec
 
 Just like before, we manually remove several resources (GCS buckets and BQ datasets). Note that `terrafom destroy` will fail. This is expected; just continue with the rest of the steps.
 
+Also, you can't create a custom constraint with the same name than a previously deleted custom constraint. To avoid issues during next future reprovisionning, *it is recommended to remove from Terraform state custom constraints*.
+
 ```bash
 cd $FAST_PWD/0-org-setup/
 export FAST_BU=$(gcloud config list --format 'value(core.account)')
@@ -82,6 +84,12 @@ for x in $(terraform state list | grep google_bigquery_dataset); do
   terraform state rm "$x";
 done
 
+# remove custom constraint to avoid future issue during reprovisionnning. 
+# comment this part if permanent removed is needed
+for x in $(terraform state list | grep google_org_policy_custom_constraint); do
+  terraform state rm "$x";
+done
+
 ## remove the providers file and migrate state
 rm 0-org-setup-providers.tf
 
diff --git a/modules/organization/scc-sha-custom-modules.tf b/modules/organization/scc-sha-custom-modules.tf
index e6c336e29..8eefe7739 100644
--- a/modules/organization/scc-sha-custom-modules.tf
+++ b/modules/organization/scc-sha-custom-modules.tf
@@ -65,4 +65,10 @@ resource "google_scc_management_organization_security_health_analytics_custom_mo
     severity       = each.value.severity
   }
   enablement_state = each.value.enablement_state
+
+  depends_on = [
+    google_organization_iam_binding.authoritative,
+    google_organization_iam_binding.bindings,
+    google_organization_iam_member.bindings,
+  ]
 }
\ No newline at end of file
diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md
index 139b42528..dcd837120 100644
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
@@ -748,11 +748,11 @@ compute.disableSerialPortAccess:
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [factories_config](variables.tf#L169) | Path to folder with YAML resource description data files. | <code title="object&#40;&#123;&#10;  folders           &#61; optional&#40;string&#41;&#10;  project_templates &#61; optional&#40;string&#41;&#10;  projects          &#61; optional&#40;string&#41;&#10;  budgets &#61; optional&#40;object&#40;&#123;&#10;    billing_account_id &#61; string&#10;    data               &#61; string&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
-| [context](variables.tf#L17) | Context-specific interpolations. | <code title="object&#40;&#123;&#10;  condition_vars        &#61; optional&#40;map&#40;map&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  custom_roles          &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  folder_ids            &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  iam_principals        &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  kms_keys              &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  locations             &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  notification_channels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  project_ids           &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  tag_values            &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  vpc_host_projects     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  vpc_sc_perimeters     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [data_defaults](variables.tf#L36) | Optional default values used when corresponding project or folder data from files are missing. | <code title="object&#40;&#123;&#10;  billing_account &#61; optional&#40;string&#41;&#10;  bucket &#61; optional&#40;object&#40;&#123;&#10;    force_destroy &#61; optional&#40;bool&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  contacts        &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  deletion_policy &#61; optional&#40;string&#41;&#10;  labels          &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  locations &#61; optional&#40;object&#40;&#123;&#10;    bigquery &#61; optional&#40;string&#41;&#10;    logging  &#61; optional&#40;string&#41;&#10;    storage  &#61; optional&#40;string&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  logging_data_access &#61; optional&#40;map&#40;object&#40;&#123;&#10;    ADMIN_READ &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;,&#10;    DATA_READ  &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;,&#10;    DATA_WRITE &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  metric_scopes &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  parent        &#61; optional&#40;string&#41;&#10;  prefix        &#61; optional&#40;string&#41;&#10;  project_reuse &#61; optional&#40;object&#40;&#123;&#10;    use_data_source &#61; optional&#40;bool, true&#41;&#10;    attributes &#61; optional&#40;object&#40;&#123;&#10;      name             &#61; string&#10;      number           &#61; number&#10;      services_enabled &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  service_accounts &#61; optional&#40;map&#40;object&#40;&#123;&#10;    display_name   &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10;    iam_self_roles &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  service_encryption_key_ids &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  services                   &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  shared_vpc_service_config &#61; optional&#40;object&#40;&#123;&#10;    host_project &#61; string&#10;    iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10;      member &#61; string&#10;      role   &#61; string&#10;      condition &#61; optional&#40;object&#40;&#123;&#10;        expression  &#61; string&#10;        title       &#61; string&#10;        description &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;, &#123;&#125;&#41;&#10;    network_users            &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    service_agent_iam        &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;    service_agent_subnet_iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;    service_iam_grants       &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    network_subnet_users     &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  &#125;&#41;&#41;&#10;  tag_bindings &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  universe &#61; optional&#40;object&#40;&#123;&#10;    prefix                         &#61; string&#10;    forced_jit_service_identities  &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    unavailable_service_identities &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    unavailable_services           &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  &#125;&#41;&#41;&#10;  vpc_sc &#61; optional&#40;object&#40;&#123;&#10;    perimeter_name &#61; string&#10;    is_dry_run     &#61; optional&#40;bool, false&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [data_merges](variables.tf#L106) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | <code title="object&#40;&#123;&#10;  contacts                   &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  labels                     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  metric_scopes              &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  service_encryption_key_ids &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  services                   &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  tag_bindings               &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  service_accounts &#61; optional&#40;map&#40;object&#40;&#123;&#10;    display_name   &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10;    iam_self_roles &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [data_overrides](variables.tf#L125) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | <code title="object&#40;&#123;&#10;  billing_account &#61; optional&#40;string&#41;&#10;  bucket &#61; optional&#40;object&#40;&#123;&#10;    force_destroy &#61; optional&#40;bool&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  contacts        &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10;  deletion_policy &#61; optional&#40;string&#41;&#10;  locations &#61; optional&#40;object&#40;&#123;&#10;    bigquery &#61; optional&#40;string&#41;&#10;    logging  &#61; optional&#40;string&#41;&#10;    storage  &#61; optional&#40;string&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  logging_data_access &#61; optional&#40;map&#40;object&#40;&#123;&#10;    ADMIN_READ &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;,&#10;    DATA_READ  &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;,&#10;    DATA_WRITE &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#41;&#10;  parent &#61; optional&#40;string&#41;&#10;  prefix &#61; optional&#40;string&#41;&#10;  service_accounts &#61; optional&#40;map&#40;object&#40;&#123;&#10;    display_name   &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10;    iam_self_roles &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#41;&#10;  service_encryption_key_ids &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10;  services                   &#61; optional&#40;list&#40;string&#41;&#41;&#10;  tag_bindings               &#61; optional&#40;map&#40;string&#41;&#41;&#10;  universe &#61; optional&#40;object&#40;&#123;&#10;    prefix                         &#61; string&#10;    forced_jit_service_identities  &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    unavailable_service_identities &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    unavailable_services           &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  &#125;&#41;&#41;&#10;  vpc_sc &#61; optional&#40;object&#40;&#123;&#10;    perimeter_name &#61; string&#10;    is_dry_run     &#61; optional&#40;bool, false&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [factories_config](variables.tf#L170) | Path to folder with YAML resource description data files. | <code title="object&#40;&#123;&#10;  folders           &#61; optional&#40;string&#41;&#10;  project_templates &#61; optional&#40;string&#41;&#10;  projects          &#61; optional&#40;string&#41;&#10;  budgets &#61; optional&#40;object&#40;&#123;&#10;    billing_account_id &#61; string&#10;    data               &#61; string&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
+| [context](variables.tf#L17) | Context-specific interpolations. | <code title="object&#40;&#123;&#10;  condition_vars        &#61; optional&#40;map&#40;map&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  custom_roles          &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  folder_ids            &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  iam_principals        &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  kms_keys              &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  locations             &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  log_buckets           &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  notification_channels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  project_ids           &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  tag_values            &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  vpc_host_projects     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  vpc_sc_perimeters     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [data_defaults](variables.tf#L37) | Optional default values used when corresponding project or folder data from files are missing. | <code title="object&#40;&#123;&#10;  billing_account &#61; optional&#40;string&#41;&#10;  bucket &#61; optional&#40;object&#40;&#123;&#10;    force_destroy &#61; optional&#40;bool&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  contacts        &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  deletion_policy &#61; optional&#40;string&#41;&#10;  labels          &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  locations &#61; optional&#40;object&#40;&#123;&#10;    bigquery &#61; optional&#40;string&#41;&#10;    logging  &#61; optional&#40;string&#41;&#10;    storage  &#61; optional&#40;string&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  logging_data_access &#61; optional&#40;map&#40;object&#40;&#123;&#10;    ADMIN_READ &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;,&#10;    DATA_READ  &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;,&#10;    DATA_WRITE &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  metric_scopes &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  parent        &#61; optional&#40;string&#41;&#10;  prefix        &#61; optional&#40;string&#41;&#10;  project_reuse &#61; optional&#40;object&#40;&#123;&#10;    use_data_source &#61; optional&#40;bool, true&#41;&#10;    attributes &#61; optional&#40;object&#40;&#123;&#10;      name             &#61; string&#10;      number           &#61; number&#10;      services_enabled &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  service_accounts &#61; optional&#40;map&#40;object&#40;&#123;&#10;    display_name   &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10;    iam_self_roles &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  service_encryption_key_ids &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  services                   &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  shared_vpc_service_config &#61; optional&#40;object&#40;&#123;&#10;    host_project &#61; string&#10;    iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10;      member &#61; string&#10;      role   &#61; string&#10;      condition &#61; optional&#40;object&#40;&#123;&#10;        expression  &#61; string&#10;        title       &#61; string&#10;        description &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;, &#123;&#125;&#41;&#10;    network_users            &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    service_agent_iam        &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;    service_agent_subnet_iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;    service_iam_grants       &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    network_subnet_users     &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  &#125;&#41;&#41;&#10;  tag_bindings &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  universe &#61; optional&#40;object&#40;&#123;&#10;    prefix                         &#61; string&#10;    forced_jit_service_identities  &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    unavailable_service_identities &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    unavailable_services           &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  &#125;&#41;&#41;&#10;  vpc_sc &#61; optional&#40;object&#40;&#123;&#10;    perimeter_name &#61; string&#10;    is_dry_run     &#61; optional&#40;bool, false&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [data_merges](variables.tf#L107) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | <code title="object&#40;&#123;&#10;  contacts                   &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  labels                     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  metric_scopes              &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  service_encryption_key_ids &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  services                   &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  tag_bindings               &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  service_accounts &#61; optional&#40;map&#40;object&#40;&#123;&#10;    display_name   &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10;    iam_self_roles &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [data_overrides](variables.tf#L126) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | <code title="object&#40;&#123;&#10;  billing_account &#61; optional&#40;string&#41;&#10;  bucket &#61; optional&#40;object&#40;&#123;&#10;    force_destroy &#61; optional&#40;bool&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  contacts        &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10;  deletion_policy &#61; optional&#40;string&#41;&#10;  locations &#61; optional&#40;object&#40;&#123;&#10;    bigquery &#61; optional&#40;string&#41;&#10;    logging  &#61; optional&#40;string&#41;&#10;    storage  &#61; optional&#40;string&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  logging_data_access &#61; optional&#40;map&#40;object&#40;&#123;&#10;    ADMIN_READ &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;,&#10;    DATA_READ  &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;,&#10;    DATA_WRITE &#61; optional&#40;object&#40;&#123; exempted_members &#61; optional&#40;list&#40;string&#41;&#41; &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#41;&#10;  parent &#61; optional&#40;string&#41;&#10;  prefix &#61; optional&#40;string&#41;&#10;  service_accounts &#61; optional&#40;map&#40;object&#40;&#123;&#10;    display_name   &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10;    iam_self_roles &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#41;&#10;  service_encryption_key_ids &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10;  services                   &#61; optional&#40;list&#40;string&#41;&#41;&#10;  tag_bindings               &#61; optional&#40;map&#40;string&#41;&#41;&#10;  universe &#61; optional&#40;object&#40;&#123;&#10;    prefix                         &#61; string&#10;    forced_jit_service_identities  &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    unavailable_service_identities &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    unavailable_services           &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  &#125;&#41;&#41;&#10;  vpc_sc &#61; optional&#40;object&#40;&#123;&#10;    perimeter_name &#61; string&#10;    is_dry_run     &#61; optional&#40;bool, false&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [folders](variables-folders.tf#L17) | Folders data merged with factory data. | <code title="map&#40;object&#40;&#123;&#10;  name   &#61; optional&#40;string&#41;&#10;  parent &#61; optional&#40;string&#41;&#10;  iam    &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10;    members &#61; list&#40;string&#41;&#10;    role    &#61; string&#10;    condition &#61; optional&#40;object&#40;&#123;&#10;      expression  &#61; string&#10;      title       &#61; string&#10;      description &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10;    member &#61; string&#10;    role   &#61; string&#10;    condition &#61; optional&#40;object&#40;&#123;&#10;      expression  &#61; string&#10;      title       &#61; string&#10;      description &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  iam_by_principals &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  pam_entitlements &#61; optional&#40;map&#40;object&#40;&#123;&#10;    max_request_duration &#61; string&#10;    eligible_users       &#61; list&#40;string&#41;&#10;    privileged_access &#61; list&#40;object&#40;&#123;&#10;      role      &#61; string&#10;      condition &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;    requester_justification_config &#61; optional&#40;object&#40;&#123;&#10;      not_mandatory &#61; optional&#40;bool, true&#41;&#10;      unstructured  &#61; optional&#40;bool, false&#41;&#10;    &#125;&#41;, &#123; not_mandatory &#61; false, unstructured &#61; true &#125;&#41;&#10;    manual_approvals &#61; optional&#40;object&#40;&#123;&#10;      require_approver_justification &#61; bool&#10;      steps &#61; list&#40;object&#40;&#123;&#10;        approvers                &#61; list&#40;string&#41;&#10;        approvals_needed         &#61; optional&#40;number, 1&#41;&#10;        aprover_email_recipients &#61; optional&#40;list&#40;string&#41;&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    additional_notification_targets &#61; optional&#40;object&#40;&#123;&#10;      admin_email_recipients     &#61; optional&#40;list&#40;string&#41;&#41;&#10;      requester_email_recipients &#61; optional&#40;list&#40;string&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  tag_bindings &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [notification_channels](variables-billing.tf#L17) | Notification channels used by budget alerts. | <code title="map&#40;object&#40;&#123;&#10;  project_id   &#61; string&#10;  type         &#61; string&#10;  description  &#61; optional&#40;string&#41;&#10;  display_name &#61; optional&#40;string&#41;&#10;  enabled      &#61; optional&#40;bool, true&#41;&#10;  force_delete &#61; optional&#40;bool&#41;&#10;  labels       &#61; optional&#40;map&#40;string&#41;&#41;&#10;  sensitive_labels &#61; optional&#40;list&#40;object&#40;&#123;&#10;    auth_token  &#61; optional&#40;string&#41;&#10;    password    &#61; optional&#40;string&#41;&#10;    service_key &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#41;&#10;  user_labels &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [projects](variables-projects.tf#L17) | Projects data merged with factory data. | <code title="map&#40;object&#40;&#123;&#10;  automation &#61; optional&#40;object&#40;&#123;&#10;    project &#61; string&#10;    bucket &#61; optional&#40;object&#40;&#123;&#10;      location                    &#61; string&#10;      description                 &#61; optional&#40;string&#41;&#10;      force_destroy               &#61; optional&#40;bool&#41;&#10;      prefix                      &#61; optional&#40;string&#41;&#10;      storage_class               &#61; optional&#40;string, &#34;STANDARD&#34;&#41;&#10;      uniform_bucket_level_access &#61; optional&#40;bool, true&#41;&#10;      versioning                  &#61; optional&#40;bool&#41;&#10;      iam                         &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;      iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10;        members &#61; list&#40;string&#41;&#10;        role    &#61; string&#10;        condition &#61; optional&#40;object&#40;&#123;&#10;          expression  &#61; string&#10;          title       &#61; string&#10;          description &#61; optional&#40;string&#41;&#10;        &#125;&#41;&#41;&#10;      &#125;&#41;&#41;, &#123;&#125;&#41;&#10;      iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10;        member &#61; string&#10;        role   &#61; string&#10;        condition &#61; optional&#40;object&#40;&#123;&#10;          expression  &#61; string&#10;          title       &#61; string&#10;          description &#61; optional&#40;string&#41;&#10;        &#125;&#41;&#41;&#10;      &#125;&#41;&#41;, &#123;&#125;&#41;&#10;      labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;      managed_folders &#61; optional&#40;map&#40;object&#40;&#123;&#10;        force_destroy &#61; optional&#40;bool&#41;&#10;        iam           &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;        iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10;          members &#61; list&#40;string&#41;&#10;          role    &#61; string&#10;          condition &#61; optional&#40;object&#40;&#123;&#10;            expression  &#61; string&#10;            title       &#61; string&#10;            description &#61; optional&#40;string&#41;&#10;          &#125;&#41;&#41;&#10;        &#125;&#41;&#41;, &#123;&#125;&#41;&#10;        iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10;          member &#61; string&#10;          role   &#61; string&#10;          condition &#61; optional&#40;object&#40;&#123;&#10;            expression  &#61; string&#10;            title       &#61; string&#10;            description &#61; optional&#40;string&#41;&#10;          &#125;&#41;&#41;&#10;        &#125;&#41;&#41;, &#123;&#125;&#41;&#10;      &#125;&#41;&#41;, &#123;&#125;&#41;&#10;    &#125;&#41;&#41;&#10;    service_accounts &#61; optional&#40;map&#40;object&#40;&#123;&#10;      description &#61; optional&#40;string&#41;&#10;      iam         &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;      iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10;        members &#61; list&#40;string&#41;&#10;        role    &#61; string&#10;        condition &#61; optional&#40;object&#40;&#123;&#10;          expression  &#61; string&#10;          title       &#61; string&#10;          description &#61; optional&#40;string&#41;&#10;        &#125;&#41;&#41;&#10;      &#125;&#41;&#41;, &#123;&#125;&#41;&#10;      iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10;        member &#61; string&#10;        role   &#61; string&#10;        condition &#61; optional&#40;object&#40;&#123;&#10;          expression  &#61; string&#10;          title       &#61; string&#10;          description &#61; optional&#40;string&#41;&#10;        &#125;&#41;&#41;&#10;      &#125;&#41;&#41;, &#123;&#125;&#41;&#10;      iam_billing_roles      &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;      iam_folder_roles       &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;      iam_organization_roles &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;      iam_project_roles      &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;      iam_sa_roles           &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;      iam_storage_roles      &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;    &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  &#125;&#41;&#41;&#10;  billing_account &#61; optional&#40;string&#41;&#10;  billing_budgets &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  buckets &#61; optional&#40;map&#40;object&#40;&#123;&#10;    location                    &#61; string&#10;    description                 &#61; optional&#40;string&#41;&#10;    force_destroy               &#61; optional&#40;bool&#41;&#10;    prefix                      &#61; optional&#40;string&#41;&#10;    storage_class               &#61; optional&#40;string, &#34;STANDARD&#34;&#41;&#10;    uniform_bucket_level_access &#61; optional&#40;bool, true&#41;&#10;    versioning                  &#61; optional&#40;bool&#41;&#10;    iam                         &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;    iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10;      members &#61; list&#40;string&#41;&#10;      role    &#61; string&#10;      condition &#61; optional&#40;object&#40;&#123;&#10;        expression  &#61; string&#10;        title       &#61; string&#10;        description &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;, &#123;&#125;&#41;&#10;    iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10;      member &#61; string&#10;      role   &#61; string&#10;      condition &#61; optional&#40;object&#40;&#123;&#10;        expression  &#61; string&#10;        title       &#61; string&#10;        description &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;, &#123;&#125;&#41;&#10;    labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    managed_folders &#61; optional&#40;map&#40;object&#40;&#123;&#10;      force_destroy &#61; optional&#40;bool&#41;&#10;      iam           &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;      iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10;        members &#61; list&#40;string&#41;&#10;        role    &#61; string&#10;        condition &#61; optional&#40;object&#40;&#123;&#10;          expression  &#61; string&#10;          title       &#61; string&#10;          description &#61; optional&#40;string&#41;&#10;        &#125;&#41;&#41;&#10;      &#125;&#41;&#41;, &#123;&#125;&#41;&#10;      iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10;        member &#61; string&#10;        role   &#61; string&#10;        condition &#61; optional&#40;object&#40;&#123;&#10;          expression  &#61; string&#10;          title       &#61; string&#10;          description &#61; optional&#40;string&#41;&#10;        &#125;&#41;&#41;&#10;      &#125;&#41;&#41;, &#123;&#125;&#41;&#10;    &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  contacts &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  datasets &#61; optional&#40;map&#40;object&#40;&#123;&#10;    friendly_name &#61; optional&#40;string&#41;&#10;    location      &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10;    members &#61; list&#40;string&#41;&#10;    role    &#61; string&#10;    condition &#61; optional&#40;object&#40;&#123;&#10;      expression  &#61; string&#10;      title       &#61; string&#10;      description &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10;    member &#61; string&#10;    role   &#61; string&#10;    condition &#61; optional&#40;object&#40;&#123;&#10;      expression  &#61; string&#10;      title       &#61; string&#10;      description &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  iam_by_principals &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  labels            &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  metric_scopes     &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  pam_entitlements &#61; optional&#40;map&#40;object&#40;&#123;&#10;    max_request_duration &#61; string&#10;    eligible_users       &#61; list&#40;string&#41;&#10;    privileged_access &#61; list&#40;object&#40;&#123;&#10;      role      &#61; string&#10;      condition &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;    requester_justification_config &#61; optional&#40;object&#40;&#123;&#10;      not_mandatory &#61; optional&#40;bool, true&#41;&#10;      unstructured  &#61; optional&#40;bool, false&#41;&#10;    &#125;&#41;, &#123; not_mandatory &#61; false, unstructured &#61; true &#125;&#41;&#10;    manual_approvals &#61; optional&#40;object&#40;&#123;&#10;      require_approver_justification &#61; bool&#10;      steps &#61; list&#40;object&#40;&#123;&#10;        approvers                &#61; list&#40;string&#41;&#10;        approvals_needed         &#61; optional&#40;number, 1&#41;&#10;        aprover_email_recipients &#61; optional&#40;list&#40;string&#41;&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    additional_notification_targets &#61; optional&#40;object&#40;&#123;&#10;      admin_email_recipients     &#61; optional&#40;list&#40;string&#41;&#41;&#10;      requester_email_recipients &#61; optional&#40;list&#40;string&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  name &#61; optional&#40;string&#41;&#10;  org_policies &#61; optional&#40;map&#40;object&#40;&#123;&#10;    inherit_from_parent &#61; optional&#40;bool&#41; &#35; for list policies only.&#10;    reset               &#61; optional&#40;bool&#41;&#10;    rules &#61; optional&#40;list&#40;object&#40;&#123;&#10;      allow &#61; optional&#40;object&#40;&#123;&#10;        all    &#61; optional&#40;bool&#41;&#10;        values &#61; optional&#40;list&#40;string&#41;&#41;&#10;      &#125;&#41;&#41;&#10;      deny &#61; optional&#40;object&#40;&#123;&#10;        all    &#61; optional&#40;bool&#41;&#10;        values &#61; optional&#40;list&#40;string&#41;&#41;&#10;      &#125;&#41;&#41;&#10;      enforce &#61; optional&#40;bool&#41; &#35; for boolean policies only.&#10;      condition &#61; optional&#40;object&#40;&#123;&#10;        description &#61; optional&#40;string&#41;&#10;        expression  &#61; optional&#40;string&#41;&#10;        location    &#61; optional&#40;string&#41;&#10;        title       &#61; optional&#40;string&#41;&#10;      &#125;&#41;, &#123;&#125;&#41;&#10;      parameters &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;, &#91;&#93;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  parent &#61; optional&#40;string&#41;&#10;  prefix &#61; optional&#40;string&#41;&#10;  service_accounts &#61; optional&#40;map&#40;object&#40;&#123;&#10;    display_name      &#61; optional&#40;string&#41;&#10;    iam_self_roles    &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    iam_project_roles &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;  service_encryption_key_ids &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  services                   &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  shared_vpc_host_config &#61; optional&#40;object&#40;&#123;&#10;    enabled          &#61; bool&#10;    service_projects &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  &#125;&#41;&#41;&#10;  shared_vpc_service_config &#61; optional&#40;object&#40;&#123;&#10;    host_project             &#61; string&#10;    network_users            &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    service_agent_iam        &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;    service_agent_subnet_iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;    service_iam_grants       &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    network_subnet_users     &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  &#125;&#41;&#41;&#10;  tag_bindings &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  universe &#61; optional&#40;object&#40;&#123;&#10;    prefix                         &#61; string&#10;    unavailable_services           &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;    unavailable_service_identities &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  &#125;&#41;&#41;&#10;  vpc_sc &#61; optional&#40;object&#40;&#123;&#10;    perimeter_name &#61; string&#10;    is_dry_run     &#61; optional&#40;bool, false&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
diff --git a/modules/project-factory/projects.tf b/modules/project-factory/projects.tf
index 759d36712..819a2afc7 100644
--- a/modules/project-factory/projects.tf
+++ b/modules/project-factory/projects.tf
@@ -49,6 +49,10 @@ locals {
   project_ids = {
     for k, v in module.projects : k => v.project_id
   }
+  ctx_log_buckets = merge(local.ctx.log_buckets, local.log_buckets)
+  log_buckets = {
+    for key, log_bucket in module.log-buckets : key => log_bucket.id
+  }
   projects_input = merge(var.projects, local._projects_output)
 }
 
@@ -123,6 +127,7 @@ module "projects-iam" {
     folder_ids     = local.ctx.folder_ids
     kms_keys       = local.ctx.kms_keys
     iam_principals = local.ctx_iam_principals
+    log_buckets    = local.ctx_log_buckets
   })
   factories_config = {
     # we do anything that can refer to IAM and custom roles in this call
diff --git a/modules/project-factory/variables.tf b/modules/project-factory/variables.tf
index ce0cdd8a0..d32bf85ed 100644
--- a/modules/project-factory/variables.tf
+++ b/modules/project-factory/variables.tf
@@ -23,6 +23,7 @@ variable "context" {
     iam_principals        = optional(map(string), {})
     kms_keys              = optional(map(string), {})
     locations             = optional(map(string), {})
+    log_buckets           = optional(map(string), {})
     notification_channels = optional(map(string), {})
     project_ids           = optional(map(string), {})
     tag_values            = optional(map(string), {})
diff --git a/modules/project/README.md b/modules/project/README.md
index 21e280f43..e3bb4d186 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -1952,7 +1952,7 @@ alerts:
 | [billing_account](variables.tf#L23) | Billing account id. | <code>string</code> |  | <code>null</code> |
 | [compute_metadata](variables.tf#L29) | Optional compute metadata key/values. Only usable if compute API has been enabled. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
 | [contacts](variables.tf#L36) | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [context](variables.tf#L43) | Context-specific interpolations. | <code title="object&#40;&#123;&#10;  condition_vars        &#61; optional&#40;map&#40;map&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  custom_roles          &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  folder_ids            &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  kms_keys              &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  iam_principals        &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  notification_channels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  logging_bucket_names  &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  project_ids           &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  tag_keys              &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  tag_values            &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  vpc_sc_perimeters     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [context](variables.tf#L43) | Context-specific interpolations. | <code title="object&#40;&#123;&#10;  condition_vars        &#61; optional&#40;map&#40;map&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  custom_roles          &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  folder_ids            &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  kms_keys              &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  iam_principals        &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  notification_channels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  log_buckets           &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  project_ids           &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  tag_keys              &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  tag_values            &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  vpc_sc_perimeters     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [custom_roles](variables.tf#L62) | Map of role name => list of permissions to create in this project. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [default_network_tier](variables.tf#L69) | Default compute network tier for the project. | <code>string</code> |  | <code>null</code> |
 | [default_service_account](variables.tf#L75) | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | <code>string</code> |  | <code>&#34;keep&#34;</code> |
diff --git a/modules/project/logging-metrics.tf b/modules/project/logging-metrics.tf
index 03673a580..59dc7088e 100644
--- a/modules/project/logging-metrics.tf
+++ b/modules/project/logging-metrics.tf
@@ -71,7 +71,7 @@ resource "google_logging_metric" "metrics" {
   disabled    = each.value.disabled
   bucket_name = try(
     # first try to check the context
-    var.context.logging_bucket_names[each.value.bucket_name],
+    var.context.log_buckets[each.value.bucket_name],
     # if nothing else, use the provided channel as is
     each.value.bucket_name
   )
diff --git a/modules/project/variables.tf b/modules/project/variables.tf
index 5a0c33653..6b771c1c5 100644
--- a/modules/project/variables.tf
+++ b/modules/project/variables.tf
@@ -49,7 +49,7 @@ variable "context" {
     kms_keys              = optional(map(string), {})
     iam_principals        = optional(map(string), {})
     notification_channels = optional(map(string), {})
-    logging_bucket_names  = optional(map(string), {})
+    log_buckets           = optional(map(string), {})
     project_ids           = optional(map(string), {})
     tag_keys              = optional(map(string), {})
     tag_values            = optional(map(string), {})
diff --git a/tools/duplicate-diff.py b/tools/duplicate-diff.py
index ef1219774..c4b8af5de 100755
--- a/tools/duplicate-diff.py
+++ b/tools/duplicate-diff.py
@@ -17,8 +17,19 @@
 
 import filecmp
 import sys
+import os
 
-duplicates = [  #
+# List of folders and files that are expected to have same content
+duplicates = [
+    # File comparison
+    [
+        "fast/stages/0-org-setup/datasets/classic/defaults.yaml",
+        "fast/stages/0-org-setup/datasets/hardened/defaults.yaml",
+    ],
+    [
+        "fast/stages/0-org-setup/datasets/classic/projects/core/billing-0.yaml",
+        "fast/stages/0-org-setup/datasets/hardened/projects/core/billing-0.yaml",
+    ],
     [
         "fast/stages/2-networking-a-simple/data/dns-policy-rules.yaml",
         "fast/stages/2-networking-b-nva/data/dns-policy-rules.yaml",
@@ -28,12 +39,76 @@ duplicates = [  #
         "fast/stages/2-networking-a-simple/data/cidrs.yaml",
         "fast/stages/2-networking-b-nva/data/cidrs.yaml",
         "fast/stages/2-networking-c-separate-envs/data/cidrs.yaml",
-    ]
+    ],
+    # Deep recursive folder comparison
+    [
+        "fast/stages/0-org-setup/datasets/classic/organization/custom-roles",
+        "fast/stages/0-org-setup/datasets/hardened/organization/custom-roles",
+    ],
+    [
+        "fast/stages/0-org-setup/datasets/classic/organization/tags",
+        "fast/stages/0-org-setup/datasets/hardened/organization/tags",
+    ],
 ]
 
+
+def check_dir_diff(dcmp):
+  """
+    Recursively checks a filecmp.dircmp object for any differences.
+    Returns True if a difference is found, False otherwise.
+    """
+  diff_found = False
+
+  if dcmp.left_only:
+    print(f"[DIFF] Only in {dcmp.left}: {dcmp.left_only}")
+    diff_found = True
+  if dcmp.right_only:
+    print(f"[DIFF] Only in {dcmp.right}: {dcmp.right_only}")
+    diff_found = True
+  if dcmp.diff_files:
+    print(f"[DIFF] Mismatched files: {dcmp.diff_files}")
+    diff_found = True
+
+  for sub_dcmp in dcmp.subdirs.values():
+    if check_dir_diff(sub_dcmp):
+      diff_found = True
+
+  return diff_found
+
+
+has_diff = False
 for group in duplicates:
   first = group[0]
+  if not os.path.exists(first):
+    print(f"[ERROR] Path not found: {first}. Skipping group.")
+    has_diff = True
+    continue
+
+  is_dir = os.path.isdir(first)
   for second in group[1:]:
-    if not filecmp.cmp(first, second):  # true if files are the same
-      print(f'found diff between {first} and {second}')
-      sys.exit(1)
+    if not os.path.exists(second):
+      print(f"[DIFF] Path not found: {second}")
+      has_diff = True
+      continue
+
+    if is_dir != os.path.isdir(second):
+      print(f"[DIFF] Type mismatch: {first} is {'DIR' if is_dir else 'FILE'}, "
+            f"but {second} is {'DIR' if os.path.isdir(second) else 'FILE'}.")
+      has_diff = True
+      continue
+
+    if is_dir:
+      dcmp = filecmp.dircmp(first, second)
+      if check_dir_diff(dcmp):
+        print(
+            f"[DIFF] Found differences between directories {first} and {second}"
+        )
+        has_diff = True
+    else:
+      if not filecmp.cmp(first, second, shallow=False):
+        print(f"[DIFF] Files are different: {first} and {second}")
+        has_diff = True
+
+if has_diff:
+  print("\nCheck finished: Found differences.")
+  sys.exit(1)