From 49533de21ba8dbd1f194a8d9a7d842e03107bcb9 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <toni@blyx.com>
Date: Thu, 15 Apr 2021 23:51:21 +0200
Subject: [PATCH 01/82] Added support for custom output folder and S3 bucket

---
 include/outputs        | 14 +++++++++++
 include/outputs_bucket | 53 ++++++++++++++++++++++++++++++++++++++++++
 prowler                | 19 +++++++++++++--
 3 files changed, 84 insertions(+), 2 deletions(-)
 create mode 100644 include/outputs_bucket

diff --git a/include/outputs b/include/outputs
index d9d4fb1c..b16bc6bd 100644
--- a/include/outputs
+++ b/include/outputs
@@ -20,6 +20,20 @@ EXTENSION_TEXT="txt"
 EXTENSION_HTML="html"
 OUTPUT_DATE=$(date -u +"%Y%m%d%H%M%S")
 OUTPUT_DIR="${PROWLER_DIR}/output" # default output if none 
+if [[ $OUTPUT_DIR_CUSTOM ]]; then
+  # output mode has to be set to other than text
+  if [[ ! " ${MODES[@]} " =~ " text " || ${check_id} == 7.1 || ${check_id} == 7.74  ]]; then
+    if [[ ! -d $OUTPUT_DIR_CUSTOM ]]; then
+      echo "$OPTRED ERROR!$OPTNORMAL directory \"$OUTPUT_DIR_CUSTOM\" does not exist."
+      exit 1
+    else
+      OUTPUT_DIR=$OUTPUT_DIR_CUSTOM
+    fi
+  else
+    echo "$OPTRED ERROR!$OPTNORMAL - Mode (-M) has to be set as well. Use -h for help."
+    exit 1
+  fi 
+fi
 OUTPUT_FILE_NAME="${OUTPUT_DIR}/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}"
 HTML_LOGO_URL="https://github.com/toniblyx/prowler/"
 #HTML_LOGO_IMG="https://raw.githubusercontent.com/toniblyx/prowler/master/util/html/prowler-logo.png"
diff --git a/include/outputs_bucket b/include/outputs_bucket
new file mode 100644
index 00000000..41cbefe1
--- /dev/null
+++ b/include/outputs_bucket
@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2021) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+if [[ $OUTPUT_BUCKET ]]; then
+  # output mode has to be set to other than text
+  if [[ "${MODES[@]}" =~ "html" ]] || [[ "${MODES[@]}" =~ "csv" ]] || [[ "${MODES[@]}" =~ "json" ]] || [[ "${MODES[@]}" =~ "json-asff" ]]; then
+      OUTPUT_BUCKET_WITHOUT_FOLDERS=$(echo $OUTPUT_BUCKET | awk -F'/' '{ print $1 }')
+      OUTPUT_BUCKET_STATUS=$($AWSCLI s3api head-bucket --bucket "$OUTPUT_BUCKET" 2>&1 || true)
+      if [[ ! -z $OUTPUT_BUCKET_STATUS ]]; then 
+        echo "$OPTRED ERROR!$OPTNORMAL wrong bucket name or not right permissions."
+        exit 1
+      else 
+        # need to make sure last / is not set to avoid // in S3
+        if [[ $OUTPUT_BUCKET != *"/" ]]; then 
+          OUTPUT_BUCKET="$OUTPUT_BUCKET"
+        else
+          OUTPUT_BUCKET=${OUTPUT_BUCKET::-1}
+        fi 
+      fi
+  else
+    echo "$OPTRED ERROR!$OPTNORMAL - Mode (-M) has to be set as well. Use -h for help."
+    exit 1
+  fi 
+fi
+
+copyToS3(){
+  # Prowler will copy each format to its own folder in S3, that is for better handling 
+  # and processing by Quicksight or others.
+  if [[ $OUTPUT_BUCKET ]]; then
+    if [[ "${MODES[@]}" =~ "csv" ]]; then
+      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_CSV s3://$OUTPUT_BUCKET/csv/
+    fi 
+    if [[ "${MODES[@]}" =~ "html" ]]; then
+      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_HTML s3://$OUTPUT_BUCKET/html/
+    fi 
+    if [[ "${MODES[@]}" =~ "json" ]]; then
+      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_JSON s3://$OUTPUT_BUCKET/json/
+    fi
+    if [[ "${MODES[@]}" =~ "json-asff" ]]; then
+      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_ASFF s3://$OUTPUT_BUCKET/json-asff/
+    fi
+  fi
+}
\ No newline at end of file
diff --git a/prowler b/prowler
index 8d129916..9987a504 100755
--- a/prowler
+++ b/prowler
@@ -32,7 +32,7 @@ OPTRED=""
 OPTNORMAL=""
 
 # Set the defaults variables
-PROWLER_VERSION=2.4.0-07042021
+PROWLER_VERSION=2.5.0-15042021
 PROWLER_DIR=$(dirname "$0")
 
 REGION=""
@@ -100,13 +100,17 @@ USAGE:
       -w                  whitelist file. See whitelist_sample.txt for reference and format
                             (i.e.: whitelist_sample.txt)
       -N <shodan_api_key> Shoadan API key used by check extra7102.
+      -o                  Custom output directory, if not specified will use default prowler/output, requires -M <mode>
+                            (i.e.: -M csv -o /tmp/reports/)
+      -B                  Custom output bucket, requires -M <mode> and it can work also with -o flag.
+                            (i.e.: -M csv -B my-bucket or -M csv -B my-bucket/folder/)
       -V                  show version number & exit
       -h                  this help
   "
   exit
 }
 
-while getopts ":hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:" OPTION; do
+while getopts ":hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:" OPTION; do
    case $OPTION in
      h )
         usage
@@ -190,6 +194,12 @@ while getopts ":hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:" OPTION; do
      N )
         SHODAN_API_KEY=$OPTARG
         ;;
+     o )
+        OUTPUT_DIR_CUSTOM=$OPTARG
+        ;;
+     B )
+        OUTPUT_BUCKET=$OPTARG
+        ;;
      : )
         echo ""
         echo "$OPTRED ERROR!$OPTNORMAL  -$OPTARG requires an argument"
@@ -243,6 +253,7 @@ unset AWS_DEFAULT_OUTPUT
 . $PROWLER_DIR/include/csv_header
 . $PROWLER_DIR/include/banner
 . $PROWLER_DIR/include/html_report
+. $PROWLER_DIR/include/outputs_bucket
 . $PROWLER_DIR/include/outputs
 . $PROWLER_DIR/include/credentials_report
 . $PROWLER_DIR/include/scoring
@@ -607,6 +618,7 @@ if [[ $GROUP_ID_READ ]];then
     fi
     cleanTemp
     scoring
+    copyToS3
     exit $EXITCODE
   else
     textFail "Use a valid check group ID i.e.: group1, extras, forensics-ready, etc."
@@ -634,6 +646,7 @@ if [[ $CHECK_ID ]];then
   if [[ "${MODES[@]}" =~ "html" ]]; then
     addHtmlFooter >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
+  copyToS3
   cleanTemp
   exit $EXITCODE
 fi
@@ -643,8 +656,10 @@ execute_all
 if [[ "${MODES[@]}" =~ "html" ]]; then
   addHtmlFooter >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
 fi
+
 scoring
 cleanTemp
+copyToS3
 
 if [[ $ACCOUNT_TO_ASSUME ]]; then
   # unset env variables with assumed role credentials

From 2ac96cf29a52b796cbae7e7bf0909c1b96fbea62 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Mon, 19 Apr 2021 19:18:23 +0200
Subject: [PATCH 02/82] feat(aws-securitygroups): include new control to test
 ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21

---
 checks/check_extra7134 | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 checks/check_extra7134

diff --git a/checks/check_extra7134 b/checks/check_extra7134
new file mode 100644
index 00000000..bb577b28
--- /dev/null
+++ b/checks/check_extra7134
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7134="7.134"
+CHECK_TITLE_extra7134="[extra7134] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21 (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7134="NOT_SCORED"
+CHECK_TYPE_extra7134="EXTRA"
+CHECK_SEVERITY_extra7134="High"
+CHECK_ASFF_RESOURCE_TYPE_extra7134="AwsEc2SecurityGroup"
+CHECK_ALTERNATE_check7134="extra7134"
+CHECK_SERVICENAME_extra7134="ec2"
+CHECK_RISK_extra7134='If Security groups are not properly configured the attack surface is increased. '
+CHECK_REMEDIATION_extra7134='Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.'
+CHECK_DOC_extra7134='https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html'
+CHECK_CAF_EPIC_extra7134='Infrastructure Security'
+
+extra7134(){
+  for regx in $REGIONS; do
+    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`20` && ToPort==`21`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $SG_LIST ]];then
+      for SG in $SG_LIST;do
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for FTP ports" "$regx"
+      done
+    else
+      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for FTP ports" "$regx"
+    fi
+  done
+}
\ No newline at end of file

From 68b3e1fa06253d3240206eff3bf12d87d7b4428c Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Mon, 19 Apr 2021 19:19:24 +0200
Subject: [PATCH 03/82] feat(aws-securitygroups): include extra control 7134 in
 extra group

---
 groups/group7_extras | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/groups/group7_extras b/groups/group7_extras
index e7333d62..d7539f16 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,7 +15,7 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`

From 595bcba1d98c536714371a38432746e4525a0131 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Mon, 19 Apr 2021 19:24:31 +0200
Subject: [PATCH 04/82] feat(aws-securitygroups): include new control to test
 ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092

---
 checks/check_extra7135 | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 checks/check_extra7135

diff --git a/checks/check_extra7135 b/checks/check_extra7135
new file mode 100644
index 00000000..3150a2d1
--- /dev/null
+++ b/checks/check_extra7135
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7135="7.135"
+CHECK_TITLE_extra7135="[extra7135] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092 (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7135="NOT_SCORED"
+CHECK_TYPE_extra7135="EXTRA"
+CHECK_SEVERITY_extra7135="High"
+CHECK_ASFF_RESOURCE_TYPE_extra7135="AwsEc2SecurityGroup"
+CHECK_ALTERNATE_check7135="extra7135"
+CHECK_SERVICENAME_extra7135="ec2"
+CHECK_RISK_extra7135='If Security groups are not properly configured the attack surface is increased. '
+CHECK_REMEDIATION_extra7135='Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.'
+CHECK_DOC_extra7135='https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html'
+CHECK_CAF_EPIC_extra7135='Infrastructure Security'
+
+extra7135(){
+  for regx in $REGIONS; do
+    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`9092` && ToPort==`9092`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $SG_LIST ]];then
+      for SG in $SG_LIST;do
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Kafka ports" "$regx"
+      done
+    else
+      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Kafka ports" "$regx"
+    fi
+  done
+}
\ No newline at end of file

From ab43a8b71767a4b7e64264a4f58c01e2b406e5ae Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Mon, 19 Apr 2021 19:26:10 +0200
Subject: [PATCH 05/82] feat(aws-securitygroups): include new control to test
 ingress from 0.0.0.0/0 or ::/0 to Telnet port 23

---
 checks/check_extra7136 | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 checks/check_extra7136

diff --git a/checks/check_extra7136 b/checks/check_extra7136
new file mode 100644
index 00000000..6117d61e
--- /dev/null
+++ b/checks/check_extra7136
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7136="7.136"
+CHECK_TITLE_extra7136="[extra7136] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23 (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7136="NOT_SCORED"
+CHECK_TYPE_extra7136="EXTRA"
+CHECK_SEVERITY_extra7136="High"
+CHECK_ASFF_RESOURCE_TYPE_extra7136="AwsEc2SecurityGroup"
+CHECK_ALTERNATE_check7136="extra7136"
+CHECK_SERVICENAME_extra7136="ec2"
+CHECK_RISK_extra7136='If Security groups are not properly configured the attack surface is increased. '
+CHECK_REMEDIATION_extra7136='Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.'
+CHECK_DOC_extra7136='https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html'
+CHECK_CAF_EPIC_extra7136='Infrastructure Security'
+
+extra7136(){
+  for regx in $REGIONS; do
+    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`23` && ToPort==`23`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $SG_LIST ]];then
+      for SG in $SG_LIST;do
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Telnet ports" "$regx"
+      done
+    else
+      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Telnet ports" "$regx"
+    fi
+  done
+}
\ No newline at end of file

From 4327333d008cc0f4825c8d94f76453c180ee3fb3 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Mon, 19 Apr 2021 19:28:10 +0200
Subject: [PATCH 06/82] feat(aws-securitygroups): include new control to test
 ingress from 0.0.0.0/0 or ::/0 to Microsoft SQL Server ports 1433 or 1434

---
 checks/check_extra7137 | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 checks/check_extra7137

diff --git a/checks/check_extra7137 b/checks/check_extra7137
new file mode 100644
index 00000000..81d45c98
--- /dev/null
+++ b/checks/check_extra7137
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7137="7.137"
+CHECK_TITLE_extra7137="[extra7137] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434 (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7137="NOT_SCORED"
+CHECK_TYPE_extra7137="EXTRA"
+CHECK_SEVERITY_extra7137="High"
+CHECK_ASFF_RESOURCE_TYPE_extra7137="AwsEc2SecurityGroup"
+CHECK_ALTERNATE_check7137="extra7137"
+CHECK_SERVICENAME_extra7137="ec2"
+CHECK_RISK_extra7137='If Security groups are not properly configured the attack surface is increased. '
+CHECK_REMEDIATION_extra7137='Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.'
+CHECK_DOC_extra7137='https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html'
+CHECK_CAF_EPIC_extra7137='Infrastructure Security'
+
+extra7137(){
+  for regx in $REGIONS; do
+    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`1433` && ToPort==`1434`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $SG_LIST ]];then
+      for SG in $SG_LIST;do
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Microsoft SQL Server ports" "$regx"
+      done
+    else
+      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Microsoft SQL Server ports" "$regx"
+    fi
+  done
+}
\ No newline at end of file

From 672f3833fc3e7936379864ba8d76c31c521f6a54 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Mon, 19 Apr 2021 19:31:06 +0200
Subject: [PATCH 07/82] feat(aws-securitygroups): include extra controls 7135,
 7136 and 7137 in extra and internet-exposed groups

---
 groups/group17_internetexposed | 2 +-
 groups/group7_extras           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/groups/group17_internetexposed b/groups/group17_internetexposed
index 9cf2563c..8df4a499 100644
--- a/groups/group17_internetexposed
+++ b/groups/group17_internetexposed
@@ -15,7 +15,7 @@ GROUP_ID[17]='internet-exposed'
 GROUP_NUMBER[17]='17.0'
 GROUP_TITLE[17]='Find resources exposed to the internet - [internet-exposed] ***'
 GROUP_RUN_BY_DEFAULT[17]='N' # run it when execute_all is called
-GROUP_CHECKS[17]='check41,check42,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102'
+GROUP_CHECKS[17]='check41,check42,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102,extra7134,extra7135,extra7136,extra7137'
 
 # 4.1 [check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)  [group4, cislevel1, cislevel2]
 # 4.2 [check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)  [group4, cislevel1, cislevel2]
diff --git a/groups/group7_extras b/groups/group7_extras
index d7539f16..ea9ce095 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,7 +15,7 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`

From cb60085779f739e973db034abc319e3167467c17 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Thu, 22 Apr 2021 18:29:12 +0200
Subject: [PATCH 08/82] New Networking checks for FTP, Telnet, SQL Server and
 Kafka (#2)

* feat(aws-securitygroups): include new control to test ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21

* feat(aws-securitygroups): include extra control 7134 in extra group

* feat(aws-securitygroups): include new control to test ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092

* feat(aws-securitygroups): include new control to test ingress from 0.0.0.0/0 or ::/0 to Telnet port 23

* feat(aws-securitygroups): include new control to test ingress from 0.0.0.0/0 or ::/0 to Microsoft SQL Server ports 1433 or 1434

* feat(aws-securitygroups): include extra controls 7135, 7136 and 7137 in extra and internet-exposed groups
---
 checks/check_extra7134         | 37 ++++++++++++++++++++++++++++++++++
 checks/check_extra7135         | 37 ++++++++++++++++++++++++++++++++++
 checks/check_extra7136         | 37 ++++++++++++++++++++++++++++++++++
 checks/check_extra7137         | 37 ++++++++++++++++++++++++++++++++++
 groups/group17_internetexposed |  2 +-
 groups/group7_extras           |  2 +-
 6 files changed, 150 insertions(+), 2 deletions(-)
 create mode 100644 checks/check_extra7134
 create mode 100644 checks/check_extra7135
 create mode 100644 checks/check_extra7136
 create mode 100644 checks/check_extra7137

diff --git a/checks/check_extra7134 b/checks/check_extra7134
new file mode 100644
index 00000000..bb577b28
--- /dev/null
+++ b/checks/check_extra7134
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7134="7.134"
+CHECK_TITLE_extra7134="[extra7134] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21 (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7134="NOT_SCORED"
+CHECK_TYPE_extra7134="EXTRA"
+CHECK_SEVERITY_extra7134="High"
+CHECK_ASFF_RESOURCE_TYPE_extra7134="AwsEc2SecurityGroup"
+CHECK_ALTERNATE_check7134="extra7134"
+CHECK_SERVICENAME_extra7134="ec2"
+CHECK_RISK_extra7134='If Security groups are not properly configured the attack surface is increased. '
+CHECK_REMEDIATION_extra7134='Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.'
+CHECK_DOC_extra7134='https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html'
+CHECK_CAF_EPIC_extra7134='Infrastructure Security'
+
+extra7134(){
+  for regx in $REGIONS; do
+    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`20` && ToPort==`21`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $SG_LIST ]];then
+      for SG in $SG_LIST;do
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for FTP ports" "$regx"
+      done
+    else
+      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for FTP ports" "$regx"
+    fi
+  done
+}
\ No newline at end of file
diff --git a/checks/check_extra7135 b/checks/check_extra7135
new file mode 100644
index 00000000..3150a2d1
--- /dev/null
+++ b/checks/check_extra7135
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7135="7.135"
+CHECK_TITLE_extra7135="[extra7135] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092 (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7135="NOT_SCORED"
+CHECK_TYPE_extra7135="EXTRA"
+CHECK_SEVERITY_extra7135="High"
+CHECK_ASFF_RESOURCE_TYPE_extra7135="AwsEc2SecurityGroup"
+CHECK_ALTERNATE_check7135="extra7135"
+CHECK_SERVICENAME_extra7135="ec2"
+CHECK_RISK_extra7135='If Security groups are not properly configured the attack surface is increased. '
+CHECK_REMEDIATION_extra7135='Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.'
+CHECK_DOC_extra7135='https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html'
+CHECK_CAF_EPIC_extra7135='Infrastructure Security'
+
+extra7135(){
+  for regx in $REGIONS; do
+    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`9092` && ToPort==`9092`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $SG_LIST ]];then
+      for SG in $SG_LIST;do
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Kafka ports" "$regx"
+      done
+    else
+      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Kafka ports" "$regx"
+    fi
+  done
+}
\ No newline at end of file
diff --git a/checks/check_extra7136 b/checks/check_extra7136
new file mode 100644
index 00000000..6117d61e
--- /dev/null
+++ b/checks/check_extra7136
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7136="7.136"
+CHECK_TITLE_extra7136="[extra7136] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23 (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7136="NOT_SCORED"
+CHECK_TYPE_extra7136="EXTRA"
+CHECK_SEVERITY_extra7136="High"
+CHECK_ASFF_RESOURCE_TYPE_extra7136="AwsEc2SecurityGroup"
+CHECK_ALTERNATE_check7136="extra7136"
+CHECK_SERVICENAME_extra7136="ec2"
+CHECK_RISK_extra7136='If Security groups are not properly configured the attack surface is increased. '
+CHECK_REMEDIATION_extra7136='Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.'
+CHECK_DOC_extra7136='https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html'
+CHECK_CAF_EPIC_extra7136='Infrastructure Security'
+
+extra7136(){
+  for regx in $REGIONS; do
+    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`23` && ToPort==`23`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $SG_LIST ]];then
+      for SG in $SG_LIST;do
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Telnet ports" "$regx"
+      done
+    else
+      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Telnet ports" "$regx"
+    fi
+  done
+}
\ No newline at end of file
diff --git a/checks/check_extra7137 b/checks/check_extra7137
new file mode 100644
index 00000000..81d45c98
--- /dev/null
+++ b/checks/check_extra7137
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7137="7.137"
+CHECK_TITLE_extra7137="[extra7137] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434 (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7137="NOT_SCORED"
+CHECK_TYPE_extra7137="EXTRA"
+CHECK_SEVERITY_extra7137="High"
+CHECK_ASFF_RESOURCE_TYPE_extra7137="AwsEc2SecurityGroup"
+CHECK_ALTERNATE_check7137="extra7137"
+CHECK_SERVICENAME_extra7137="ec2"
+CHECK_RISK_extra7137='If Security groups are not properly configured the attack surface is increased. '
+CHECK_REMEDIATION_extra7137='Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.'
+CHECK_DOC_extra7137='https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html'
+CHECK_CAF_EPIC_extra7137='Infrastructure Security'
+
+extra7137(){
+  for regx in $REGIONS; do
+    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`1433` && ToPort==`1434`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $SG_LIST ]];then
+      for SG in $SG_LIST;do
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Microsoft SQL Server ports" "$regx"
+      done
+    else
+      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Microsoft SQL Server ports" "$regx"
+    fi
+  done
+}
\ No newline at end of file
diff --git a/groups/group17_internetexposed b/groups/group17_internetexposed
index 9cf2563c..8df4a499 100644
--- a/groups/group17_internetexposed
+++ b/groups/group17_internetexposed
@@ -15,7 +15,7 @@ GROUP_ID[17]='internet-exposed'
 GROUP_NUMBER[17]='17.0'
 GROUP_TITLE[17]='Find resources exposed to the internet - [internet-exposed] ***'
 GROUP_RUN_BY_DEFAULT[17]='N' # run it when execute_all is called
-GROUP_CHECKS[17]='check41,check42,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102'
+GROUP_CHECKS[17]='check41,check42,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102,extra7134,extra7135,extra7136,extra7137'
 
 # 4.1 [check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)  [group4, cislevel1, cislevel2]
 # 4.2 [check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)  [group4, cislevel1, cislevel2]
diff --git a/groups/group7_extras b/groups/group7_extras
index e7333d62..ea9ce095 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,7 +15,7 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`

From 8f784a45486f51ff411a1d2a9361a4d707c90247 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Sat, 24 Apr 2021 13:13:41 +0200
Subject: [PATCH 09/82] feat(network-acls): include checks to test NetworkACLs
 open to 22, 3389 and any port

---
 checks/check45         | 38 ++++++++++++++++++++++++++++++++++++++
 checks/check46         | 38 ++++++++++++++++++++++++++++++++++++++
 checks/check_extra7138 | 39 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 115 insertions(+)
 create mode 100644 checks/check45
 create mode 100644 checks/check46
 create mode 100644 checks/check_extra7138

diff --git a/checks/check45 b/checks/check45
new file mode 100644
index 00000000..7471e1ae
--- /dev/null
+++ b/checks/check45
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_check45="4.5"
+CHECK_TITLE_check45="[check45] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22"
+CHECK_SCORED_check45="SCORED"
+CHECK_TYPE_check45="LEVEL2"
+CHECK_SEVERITY_check45="High"
+CHECK_ASFF_TYPE_check45="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
+CHECK_ASFF_RESOURCE_TYPE_check45="AwsEc2NetworkACLs"
+CHECK_ALTERNATE_check401="check45"
+CHECK_SERVICENAME_check45="ec2"
+CHECK_RISK_check45='Even having a perimeter firewall; having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.'
+CHECK_REMEDIATION_check45='Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.'
+CHECK_DOC_check45=''
+CHECK_CAF_EPIC_check45='Infrastructure Security'
+
+check45(){
+  for regx in $REGIONS; do
+    NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?(((!PortRange) || (PortRange.From<=`22` && PortRange.To>=`22`)) && ((CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`)))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $NACL_LIST ]];then
+      for NACL in $NACL_LIST;do
+        textFail "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for SSH port 22" "$regx"
+      done
+    else
+      textPass "$regx: No Network ACL found with SSH port 22 open to 0.0.0.0/0" "$regx"
+    fi
+  done
+}
diff --git a/checks/check46 b/checks/check46
new file mode 100644
index 00000000..81225920
--- /dev/null
+++ b/checks/check46
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_check46="4.6"
+CHECK_TITLE_check46="[check46] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389"
+CHECK_SCORED_check46="SCORED"
+CHECK_TYPE_check46="LEVEL2"
+CHECK_SEVERITY_check46="High"
+CHECK_ASFF_TYPE_check46="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
+CHECK_ASFF_RESOURCE_TYPE_check46="AwsEc2NetworkACLs"
+CHECK_ALTERNATE_check401="check46"
+CHECK_SERVICENAME_check46="ec2"
+CHECK_RISK_check46='Even having a perimeter firewall; having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.'
+CHECK_REMEDIATION_check46='Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.'
+CHECK_DOC_check46=''
+CHECK_CAF_EPIC_check46='Infrastructure Security'
+
+check46(){
+  for regx in $REGIONS; do
+    NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?(((!PortRange) || (PortRange.From<=`3389` && PortRange.To>=`3389`)) && ((CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`)))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $NACL_LIST ]];then
+      for NACL in $NACL_LIST;do
+        textFail "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for Microsoft RDP port 3389" "$regx"
+      done
+    else
+      textPass "$regx: No Network ACL found with Microsoft RDP port 3389 open to 0.0.0.0/0" "$regx"
+    fi
+  done
+}
diff --git a/checks/check_extra7138 b/checks/check_extra7138
new file mode 100644
index 00000000..21ec01f8
--- /dev/null
+++ b/checks/check_extra7138
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+Ensure no security groups 
+CHECK_ID_extra7138="7.138"
+CHECK_TITLE_extra7138="[extra7138] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port"
+CHECK_SCORED_extra7138="NOT SCORED"
+CHECK_TYPE_extra7138="LEVEL2"
+CHECK_SEVERITY_extra7138="High"
+CHECK_ASFF_TYPE_extra7138="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
+CHECK_ASFF_RESOURCE_TYPE_extra7138="AwsEc2NetworkACLs"
+CHECK_ALTERNATE_check7138="extra7138"
+CHECK_SERVICENAME_extra7138="ec2"
+CHECK_RISK_extra7138='Even having a perimeter firewall; having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.'
+CHECK_REMEDIATION_extra7138='Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.'
+CHECK_DOC_extra7138=''
+CHECK_CAF_EPIC_extra7138='Infrastructure Security'
+
+extra7138(){
+  for regx in $REGIONS; do
+    NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?((!PortRange) && (CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
+    if [[ $NACL_LIST ]];then
+      for NACL in $NACL_LIST;do
+        textFail "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for any port" "$regx"
+      done
+    else
+      textPass "$regx: No Network ACL found with any port open to 0.0.0.0/0" "$regx"
+    fi
+  done
+}
\ No newline at end of file

From 056190cfc92354cc82945111713936e8fbf7e8cd Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Sat, 24 Apr 2021 13:23:14 +0200
Subject: [PATCH 10/82] feat(network-acls): change textFail to textInfo because
 NACLs are stateless

---
 checks/check45         | 2 +-
 checks/check46         | 2 +-
 checks/check_extra7138 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/checks/check45 b/checks/check45
index 7471e1ae..f0e1d898 100644
--- a/checks/check45
+++ b/checks/check45
@@ -29,7 +29,7 @@ check45(){
     NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?(((!PortRange) || (PortRange.From<=`22` && PortRange.To>=`22`)) && ((CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`)))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
     if [[ $NACL_LIST ]];then
       for NACL in $NACL_LIST;do
-        textFail "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for SSH port 22" "$regx"
+        textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for SSH port 22" "$regx"
       done
     else
       textPass "$regx: No Network ACL found with SSH port 22 open to 0.0.0.0/0" "$regx"
diff --git a/checks/check46 b/checks/check46
index 81225920..97252df1 100644
--- a/checks/check46
+++ b/checks/check46
@@ -29,7 +29,7 @@ check46(){
     NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?(((!PortRange) || (PortRange.From<=`3389` && PortRange.To>=`3389`)) && ((CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`)))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
     if [[ $NACL_LIST ]];then
       for NACL in $NACL_LIST;do
-        textFail "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for Microsoft RDP port 3389" "$regx"
+        textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for Microsoft RDP port 3389" "$regx"
       done
     else
       textPass "$regx: No Network ACL found with Microsoft RDP port 3389 open to 0.0.0.0/0" "$regx"
diff --git a/checks/check_extra7138 b/checks/check_extra7138
index 21ec01f8..90c57f13 100644
--- a/checks/check_extra7138
+++ b/checks/check_extra7138
@@ -30,7 +30,7 @@ extra7138(){
     NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?((!PortRange) && (CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
     if [[ $NACL_LIST ]];then
       for NACL in $NACL_LIST;do
-        textFail "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for any port" "$regx"
+        textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for any port" "$regx"
       done
     else
       textPass "$regx: No Network ACL found with any port open to 0.0.0.0/0" "$regx"

From 625384ad6d9c7419fd2406ff84f6bae3cc9df416 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Sat, 24 Apr 2021 13:38:36 +0200
Subject: [PATCH 11/82] feat(network-acls): include checks in networking and
 internetexposed checks

---
 groups/group17_internetexposed | 2 +-
 groups/group4_networking       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/groups/group17_internetexposed b/groups/group17_internetexposed
index 8df4a499..33e30e18 100644
--- a/groups/group17_internetexposed
+++ b/groups/group17_internetexposed
@@ -15,7 +15,7 @@ GROUP_ID[17]='internet-exposed'
 GROUP_NUMBER[17]='17.0'
 GROUP_TITLE[17]='Find resources exposed to the internet - [internet-exposed] ***'
 GROUP_RUN_BY_DEFAULT[17]='N' # run it when execute_all is called
-GROUP_CHECKS[17]='check41,check42,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102,extra7134,extra7135,extra7136,extra7137'
+GROUP_CHECKS[17]='check41,check42,check45,check46,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102,extra7134,extra7135,extra7136,extra7137,extra7138'
 
 # 4.1 [check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)  [group4, cislevel1, cislevel2]
 # 4.2 [check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)  [group4, cislevel1, cislevel2]
diff --git a/groups/group4_networking b/groups/group4_networking
index 05b307b4..ca124465 100644
--- a/groups/group4_networking
+++ b/groups/group4_networking
@@ -12,4 +12,4 @@ GROUP_ID[4]='group4'
 GROUP_NUMBER[4]='4.0'
 GROUP_TITLE[4]='Networking - CIS only - [group4] *******************************'
 GROUP_RUN_BY_DEFAULT[4]='Y' # run it when execute_all is called
-GROUP_CHECKS[4]='check41,check42,check43,check44'
+GROUP_CHECKS[4]='check41,check42,check43,check44,check45,check46'

From 2dc1ce61ec1375f036218fdcfc87491213385ec1 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Mon, 26 Apr 2021 12:30:44 +0200
Subject: [PATCH 12/82] fix(network-acls): fix line typo

---
 checks/check_extra7138 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/checks/check_extra7138 b/checks/check_extra7138
index 90c57f13..a7b47806 100644
--- a/checks/check_extra7138
+++ b/checks/check_extra7138
@@ -10,7 +10,6 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-Ensure no security groups 
 CHECK_ID_extra7138="7.138"
 CHECK_TITLE_extra7138="[extra7138] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port"
 CHECK_SCORED_extra7138="NOT SCORED"

From 2727b7e8e2391b7f2f577a02c6d95ab741246467 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Wed, 28 Apr 2021 18:50:20 +0200
Subject: [PATCH 13/82] fix(network-acls): update resource type to match AWS
 documentation

---
 checks/check45         | 2 +-
 checks/check46         | 2 +-
 checks/check_extra7138 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/checks/check45 b/checks/check45
index f0e1d898..299adbc1 100644
--- a/checks/check45
+++ b/checks/check45
@@ -16,7 +16,7 @@ CHECK_SCORED_check45="SCORED"
 CHECK_TYPE_check45="LEVEL2"
 CHECK_SEVERITY_check45="High"
 CHECK_ASFF_TYPE_check45="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
-CHECK_ASFF_RESOURCE_TYPE_check45="AwsEc2NetworkACLs"
+CHECK_ASFF_RESOURCE_TYPE_check45="AwsEc2NetworkAcl"
 CHECK_ALTERNATE_check401="check45"
 CHECK_SERVICENAME_check45="ec2"
 CHECK_RISK_check45='Even having a perimeter firewall; having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.'
diff --git a/checks/check46 b/checks/check46
index 97252df1..5f69998d 100644
--- a/checks/check46
+++ b/checks/check46
@@ -16,7 +16,7 @@ CHECK_SCORED_check46="SCORED"
 CHECK_TYPE_check46="LEVEL2"
 CHECK_SEVERITY_check46="High"
 CHECK_ASFF_TYPE_check46="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
-CHECK_ASFF_RESOURCE_TYPE_check46="AwsEc2NetworkACLs"
+CHECK_ASFF_RESOURCE_TYPE_check46="AwsEc2NetworkAcl"
 CHECK_ALTERNATE_check401="check46"
 CHECK_SERVICENAME_check46="ec2"
 CHECK_RISK_check46='Even having a perimeter firewall; having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.'
diff --git a/checks/check_extra7138 b/checks/check_extra7138
index a7b47806..e23f0a81 100644
--- a/checks/check_extra7138
+++ b/checks/check_extra7138
@@ -16,7 +16,7 @@ CHECK_SCORED_extra7138="NOT SCORED"
 CHECK_TYPE_extra7138="LEVEL2"
 CHECK_SEVERITY_extra7138="High"
 CHECK_ASFF_TYPE_extra7138="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
-CHECK_ASFF_RESOURCE_TYPE_extra7138="AwsEc2NetworkACLs"
+CHECK_ASFF_RESOURCE_TYPE_extra7138="AwsEc2NetworkAcl"
 CHECK_ALTERNATE_check7138="extra7138"
 CHECK_SERVICENAME_extra7138="ec2"
 CHECK_RISK_extra7138='Even having a perimeter firewall; having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.'

From ce00f3a019765f8ad448f5b5d0cdc2cba1b8f6a2 Mon Sep 17 00:00:00 2001
From: Pablo Pagani <pablopagani@gmail.com>
Date: Sat, 1 May 2021 17:33:54 -0300
Subject: [PATCH 14/82] improved error handling. Added check 7139 .

---
 checks/check_extra7139 | 43 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 checks/check_extra7139

diff --git a/checks/check_extra7139 b/checks/check_extra7139
new file mode 100644
index 00000000..ad24f11b
--- /dev/null
+++ b/checks/check_extra7139
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7139="7.139"
+CHECK_TITLE_extra7139="[extra7139] There are High severity GuardDuty findings (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7139="NOT_SCORED"
+CHECK_TYPE_extra7139="EXTRA"
+CHECK_SEVERITY_extra7139="High"
+CHECK_ASFF_RESOURCE_TYPE_extra7139="AwsGuardDutyDetector"
+CHECK_ALTERNATE_check7138="extra7139"
+CHECK_SERVICENAME_extra7139="guardduty"
+CHECK_RISK_extra7139='If critical findings are not addressed threats can spread in the environment.'
+CHECK_REMEDIATION_extra7139='Review and remediate critical GuardDuty findings as quickly as possible.'
+CHECK_DOC_extra7139='https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html'
+CHECK_CAF_EPIC_extra7139='Incident Response'
+extra7139(){
+  
+  for regx in $REGIONS; do
+    DETECTORS_LIST=""
+    DETECTORS_LIST=$($AWSCLI guardduty list-detectors --query DetectorIds $PROFILE_OPT --region $regx --output text)
+    if [[ $DETECTORS_LIST ]];then
+      for DETECTOR in $DETECTORS_LIST;do
+        FINDINGS_COUNT=""
+        FINDINGS_COUNT=$($AWSCLI $PROFILE_OPT --region $regx --output text guardduty list-findings --detector-id $DETECTOR --finding-criteria '{"Criterion":{"severity": {"Eq":["8"]}}}' 2> /dev/null | wc -l | xargs) # Severity LOW=2, MED=4, HIGH=8
+          if [[ $FINDINGS_COUNT -gt 0 ]];then
+            textFail "$regx: GuardDuty has $FINDINGS_COUNT high severity findings." "$regx"
+          else
+            textPass "$regx: GuardDuty has no high severity findings." "$regx"
+          fi
+      done
+    else
+      textInfo "$regx: No GuardDuty detectors found." "$regx"
+    fi
+  done
+}
\ No newline at end of file

From 9ac8c78fdb98810c0796b2ae05a480ee62f5563f Mon Sep 17 00:00:00 2001
From: Pablo Pagani <79593935+pablopagani@users.noreply.github.com>
Date: Sat, 1 May 2021 17:47:08 -0300
Subject: [PATCH 15/82] improved error handling when listing regions

---
 prowler | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/prowler b/prowler
index 8d129916..21639796 100755
--- a/prowler
+++ b/prowler
@@ -295,7 +295,8 @@ TOTAL_CHECKS=($(echo "${TOTAL_CHECKS[*]}" | tr ' ' '\n' | awk '!seen[$0]++' | so
 get_regions() {
   # Get list of regions based on include/whoami
   REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' --output text $PROFILE_OPT --region $REGION_FOR_STS --region-names $FILTERREGION 2>&1)
-  if [[ $(echo "$REGIONS" | grep 'AccessDenied\|UnauthorizedOperation') ]]; then
+  ret=$?
+  if [[ $ret -ne 0 ]]; then
     echo "$OPTRED Access Denied trying to describe regions! Review permissions as described here: https://github.com/toniblyx/prowler/#requirements-and-installation $OPTNORMAL"
     EXITCODE=1
     exit $EXITCODE

From 5385c4e5467340965472e9ef766397ba4a33c7ea Mon Sep 17 00:00:00 2001
From: Pablo Pagani <79593935+pablopagani@users.noreply.github.com>
Date: Sat, 1 May 2021 17:54:11 -0300
Subject: [PATCH 16/82] Improved error handling sts get-caller-identity

Instead of looking for a fixed error string, it uses error codes from aws cli
Previos condition was not catching this error message:
An error occurred (ExpiredToken) when calling the GetCallerIdentity operation: The security token included in the request is expired
Also forced the output of the command to json. In some tests I was doing was failing becuase it was sending output as text
---
 include/whoami | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/whoami b/include/whoami
index a2fa3ce2..a7c6256e 100644
--- a/include/whoami
+++ b/include/whoami
@@ -29,8 +29,9 @@ case "$REGION" in
   ;;
 esac
 
-GETCALLER=$($AWSCLI sts get-caller-identity $PROFILE_OPT --region $REGION_FOR_STS 2>&1)
-if [[ $(echo "$GETCALLER" | grep 'Unable') ]]; then
+GETCALLER=$($AWSCLI sts get-caller-identity $PROFILE_OPT --output json --region $REGION_FOR_STS 2>&1)
+ret=$?
+if [[ $ret -ne 0 ]]; then
   if [[ $PRINTCHECKSONLY || $PRINTGROUPSONLY ]]; then
     echo Listing... 
   else

From b72f66469e6fc0b3b7d308e080660b6c1195fae9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A1bor=20Lipt=C3=A1k?= <gliptak@gmail.com>
Date: Mon, 17 May 2021 11:23:51 -0400
Subject: [PATCH 17/82] Bump Alpine to 3.13 in Dockerfile

---
 util/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/Dockerfile b/util/Dockerfile
index f7a5ee67..87911e46 100644
--- a/util/Dockerfile
+++ b/util/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.9
+FROM alpine:3.13
 
 ARG USERNAME=prowler
 ARG USERID=34000

From 8d9ca987b55a2ac5171281592ecc5a028c412a47 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 18 May 2021 15:41:45 +0200
Subject: [PATCH 18/82] Added link to doc for check45 check46 extra7138 and
 extras

---
 checks/check45         | 2 +-
 checks/check46         | 2 +-
 checks/check_extra7138 | 2 +-
 groups/group7_extras   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/checks/check45 b/checks/check45
index 299adbc1..fd847076 100644
--- a/checks/check45
+++ b/checks/check45
@@ -21,7 +21,7 @@ CHECK_ALTERNATE_check401="check45"
 CHECK_SERVICENAME_check45="ec2"
 CHECK_RISK_check45='Even having a perimeter firewall; having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.'
 CHECK_REMEDIATION_check45='Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.'
-CHECK_DOC_check45=''
+CHECK_DOC_check45='https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html'
 CHECK_CAF_EPIC_check45='Infrastructure Security'
 
 check45(){
diff --git a/checks/check46 b/checks/check46
index 5f69998d..b98eb2f0 100644
--- a/checks/check46
+++ b/checks/check46
@@ -21,7 +21,7 @@ CHECK_ALTERNATE_check401="check46"
 CHECK_SERVICENAME_check46="ec2"
 CHECK_RISK_check46='Even having a perimeter firewall; having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.'
 CHECK_REMEDIATION_check46='Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.'
-CHECK_DOC_check46=''
+CHECK_DOC_check46='https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html'
 CHECK_CAF_EPIC_check46='Infrastructure Security'
 
 check46(){
diff --git a/checks/check_extra7138 b/checks/check_extra7138
index e23f0a81..5af3d0ba 100644
--- a/checks/check_extra7138
+++ b/checks/check_extra7138
@@ -21,7 +21,7 @@ CHECK_ALTERNATE_check7138="extra7138"
 CHECK_SERVICENAME_extra7138="ec2"
 CHECK_RISK_extra7138='Even having a perimeter firewall; having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.'
 CHECK_REMEDIATION_extra7138='Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.'
-CHECK_DOC_extra7138=''
+CHECK_DOC_extra7138='https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html'
 CHECK_CAF_EPIC_extra7138='Infrastructure Security'
 
 extra7138(){
diff --git a/groups/group7_extras b/groups/group7_extras
index ea9ce095..7fa96aaa 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,7 +15,7 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`

From 501082876cce6800105f109c7e6516568bbabc85 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 18 May 2021 16:08:10 +0200
Subject: [PATCH 19/82] Fixed alias of extra7139

---
 checks/check_extra7139 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check_extra7139 b/checks/check_extra7139
index ad24f11b..bfb10568 100644
--- a/checks/check_extra7139
+++ b/checks/check_extra7139
@@ -15,7 +15,7 @@ CHECK_SCORED_extra7139="NOT_SCORED"
 CHECK_TYPE_extra7139="EXTRA"
 CHECK_SEVERITY_extra7139="High"
 CHECK_ASFF_RESOURCE_TYPE_extra7139="AwsGuardDutyDetector"
-CHECK_ALTERNATE_check7138="extra7139"
+CHECK_ALTERNATE_check7139="extra7139"
 CHECK_SERVICENAME_extra7139="guardduty"
 CHECK_RISK_extra7139='If critical findings are not addressed threats can spread in the environment.'
 CHECK_REMEDIATION_extra7139='Review and remediate critical GuardDuty findings as quickly as possible.'

From 30442b2da76ff4784bf3597c3896047878b935cf Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 18 May 2021 16:10:55 +0200
Subject: [PATCH 20/82] Added new check extra7140 for public SSM Documents

---
 checks/check_extra7140 | 41 +++++++++++++++++++++++++++++++++++++++++
 groups/group7_extras   |  2 +-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 checks/check_extra7140

diff --git a/checks/check_extra7140 b/checks/check_extra7140
new file mode 100644
index 00000000..1c605cdb
--- /dev/null
+++ b/checks/check_extra7140
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7140="7.140"
+CHECK_TITLE_extra7140="[extra7140] Check if there are SSM Documents set as public"
+CHECK_SCORED_extra7140="NOT_SCORED"
+CHECK_TYPE_extra7140="EXTRA"
+CHECK_SEVERITY_extra7140="High"
+CHECK_ASFF_RESOURCE_TYPE_extra7140="AwsSsmDocument"
+CHECK_ALTERNATE_check7140="extra7140"
+CHECK_SERVICENAME_extra7140="ssm"
+CHECK_RISK_extra7140='SSM Documents may contain private information or even secrets and tokens.'
+CHECK_REMEDIATION_extra7140='Carefully review the contents of the document before is shared. Enable SSM Block public sharing for documents.'
+CHECK_DOC_extra7140='https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-before-you-share.html'
+CHECK_CAF_EPIC_extra7140='Data Protection'
+extra7140(){
+  
+  for regx in $REGIONS; do
+    SSM_DOCS=$($AWSCLI $PROFILE_OPT --region $regx ssm list-documents --filters Key=Owner,Values=Self --query DocumentIdentifiers[].Name --output text) 
+    if [[ $SSM_DOCS ]];then
+      for ssmdoc in $SSM_DOCS; do 
+        SSM_DOC_SHARED_ALL=$($AWSCLI $PROFILE_OPT --region $regx ssm describe-document-permission --name "$ssmdoc" --permission-type "Share" --query AccountIds[] --output text | grep all)
+        if [[ $SSM_DOC_SHARED_ALL ]];then
+          textFail "$regx: SSM Document $ssmdoc is public." "$regx"
+        else
+          textPass "$regx: SSM Document $ssmdoc is not public." "$regx"
+        fi
+      done
+    else
+      textInfo "$regx: No SSM Document found." "$regx"
+    fi
+  done
+}
\ No newline at end of file
diff --git a/groups/group7_extras b/groups/group7_extras
index 7fa96aaa..7dd686bb 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,7 +15,7 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`

From 1655bdb9025238694c1024993d18a2dc39c6bcdd Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 18 May 2021 16:57:37 +0200
Subject: [PATCH 21/82] Added resource id to RDS checks and in json,csv,html
 outputs

---
 checks/check_extra7113 |  7 +++----
 checks/check_extra7131 |  6 +++---
 checks/check_extra7132 |  6 +++---
 checks/check_extra7133 |  6 +++---
 checks/check_extra723  | 12 ++++++------
 checks/check_extra735  |  7 +++----
 checks/check_extra739  |  6 +++---
 checks/check_extra747  |  6 +++---
 checks/check_extra78   |  5 ++---
 include/csv_header     |  2 +-
 include/html_report    |  1 +
 include/outputs        | 40 +++++++++++++++++++++++++++++-----------
 12 files changed, 60 insertions(+), 44 deletions(-)

diff --git a/checks/check_extra7113 b/checks/check_extra7113
index a9dcbcce..aba1629e 100644
--- a/checks/check_extra7113
+++ b/checks/check_extra7113
@@ -36,20 +36,19 @@ CHECK_DOC_extra7113='https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER
 CHECK_CAF_EPIC_extra7113='Data Protection'
 
 extra7113(){
-  textInfo "Looking for RDS Volumes in all regions...  "
   for regx in $REGIONS; do
     LIST_OF_RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[*].DBInstanceIdentifier' --output text)
     if [[ $LIST_OF_RDS_INSTANCES ]];then
       for rdsinstance in $LIST_OF_RDS_INSTANCES; do
         IS_DELETIONPROTECTION=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].DeletionProtection' --output text)
         if [[ $IS_DELETIONPROTECTION == "False" ]]; then
-          textFail "$regx: RDS instance $rdsinstance deletion protection is not enabled!" "$regx"
+          textFail "$regx: RDS instance $rdsinstance deletion protection is not enabled!" "$regx" "$rdsinstance"
         else
-          textPass "$regx: RDS instance $rdsinstance deletion protection is enabled" "$regx"
+          textPass "$regx: RDS instance $rdsinstance deletion protection is enabled" "$regx" "$rdsinstance"
         fi
       done
     else
-      textInfo "$regx: No RDS instances found" "$regx"
+      textInfo "$regx: No RDS instances found" "$regx" "$rdsinstance"
     fi
   done
 }
diff --git a/checks/check_extra7131 b/checks/check_extra7131
index fc8266a1..946f1682 100644
--- a/checks/check_extra7131
+++ b/checks/check_extra7131
@@ -32,13 +32,13 @@ extra7131(){
         RDS_NAME=$(echo $rds_instance | awk '{ print $1; }')
         RDS_AUTOMINORUPGRADE_FLAG=$(echo $rds_instance | awk '{ print $2; }')
         if [[ $RDS_AUTOMINORUPGRADE_FLAG == "True" ]];then 
-            textPass "$regx: RDS instance: $RDS_NAME is has minor version upgrade enabled" "$regx"
+            textPass "$regx: RDS instance: $RDS_NAME is has minor version upgrade enabled" "$regx" "$RDS_NAME"
         else
-            textFail "$regx: RDS instance: $RDS_NAME does not have minor version upgrade enabled" "$regx"
+            textFail "$regx: RDS instance: $RDS_NAME does not have minor version upgrade enabled" "$regx" "$RDS_NAME"
         fi
       done <<< "$LIST_OF_RDS_INSTANCES"
       else
-        textInfo "$regx: no RDS instances found" "$regx"
+        textInfo "$regx: no RDS instances found" "$regx" "$RDS_NAME"
     fi
   done
 }
diff --git a/checks/check_extra7132 b/checks/check_extra7132
index eb64827d..97e72ad0 100644
--- a/checks/check_extra7132
+++ b/checks/check_extra7132
@@ -31,13 +31,13 @@ extra7132(){
           RDS_NAME="$rdsinstance"
           MONITORING_FLAG=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].[EnhancedMonitoringResourceArn]' --output text)
           if [[ $MONITORING_FLAG == "None" ]];then 
-              textFail "$regx: RDS instance: $RDS_NAME has enhanced monitoring disabled!" "$rex"
+              textFail "$regx: RDS instance: $RDS_NAME has enhanced monitoring disabled!" "$rex" "$RDS_NAME"
           else
-              textPass "$regx: RDS instance: $RDS_NAME has enhanced monitoring enabled." "$regx"
+              textPass "$regx: RDS instance: $RDS_NAME has enhanced monitoring enabled." "$regx" "$RDS_NAME"
           fi
       done
     else
-      textInfo "$regx: no RDS instances found" "$regx"
+      textInfo "$regx: no RDS instances found" "$regx" "$RDS_NAME"
     fi
   done
 }
diff --git a/checks/check_extra7133 b/checks/check_extra7133
index 2be3d662..62e8847d 100644
--- a/checks/check_extra7133
+++ b/checks/check_extra7133
@@ -31,13 +31,13 @@ extra7133(){
           RDS_NAME="$rdsinstance"
           MULTIAZ_FLAG=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].MultiAZ' --output text)
           if [[ $MULTIAZ_FLAG == "True" ]];then 
-              textPass "$regx: RDS instance: $RDS_NAME has multi-AZ enabled" "$rex"
+              textPass "$regx: RDS instance: $RDS_NAME has multi-AZ enabled" "$regx" "$RDS_NAME"
           else
-              textFail "$regx: RDS instance: $RDS_NAME has multi-AZ disabled!" "$regx"
+              textFail "$regx: RDS instance: $RDS_NAME has multi-AZ disabled!" "$regx" "$RDS_NAME"
           fi
       done
     else
-      textInfo "$regx: no RDS instances found" "$regx"
+      textInfo "$regx: no RDS instances found" "$regx" "$RDS_NAME"
     fi
   done
 }
diff --git a/checks/check_extra723 b/checks/check_extra723
index 187f50ce..3e0cbd04 100644
--- a/checks/check_extra723
+++ b/checks/check_extra723
@@ -32,13 +32,13 @@ extra723(){
       for rdssnapshot in $LIST_OF_RDS_SNAPSHOTS;do
         SNAPSHOT_IS_PUBLIC=$($AWSCLI rds describe-db-snapshot-attributes $PROFILE_OPT --region $regx --db-snapshot-identifier $rdssnapshot --query DBSnapshotAttributesResult.DBSnapshotAttributes[*] --output text|grep ^ATTRIBUTEVALUES|cut -f2|grep all)
         if [[ $SNAPSHOT_IS_PUBLIC ]];then
-          textFail "$regx: RDS Snapshot $rdssnapshot is public!" "$regx"
+          textFail "$regx: RDS Snapshot $rdssnapshot is public!" "$regx" "$rdssnapshot"
         else
-          textPass "$regx: RDS Snapshot $rdssnapshot is not shared" "$regx"
+          textPass "$regx: RDS Snapshot $rdssnapshot is not shared" "$regx" "$rdssnapshot"
         fi
       done
     else
-      textInfo "$regx: No RDS Snapshots found" "$regx"
+      textInfo "$regx: No RDS Snapshots found" "$regx" "$rdssnapshot"
     fi
     # RDS cluster snapshots
     LIST_OF_RDS_CLUSTER_SNAPSHOTS=$($AWSCLI rds describe-db-cluster-snapshots $PROFILE_OPT --region $regx --query DBClusterSnapshots[*].DBClusterSnapshotIdentifier --output text)
@@ -46,13 +46,13 @@ extra723(){
       for rdsclustersnapshot in $LIST_OF_RDS_CLUSTER_SNAPSHOTS;do
         CLUSTER_SNAPSHOT_IS_PUBLIC=$($AWSCLI rds describe-db-cluster-snapshot-attributes $PROFILE_OPT --region $regx --db-cluster-snapshot-identifier $rdsclustersnapshot --query DBClusterSnapshotAttributesResult.DBClusterSnapshotAttributes[*] --output text|grep ^ATTRIBUTEVALUES|cut -f2|grep all)
         if [[ $CLUSTER_SNAPSHOT_IS_PUBLIC ]];then
-          textFail "$regx: RDS Cluster Snapshot $rdsclustersnapshot is public!" "$regx"
+          textFail "$regx: RDS Cluster Snapshot $rdsclustersnapshot is public!" "$regx" "$rdsclustersnapshot"
         else
-          textPass "$regx: RDS Cluster Snapshot $rdsclustersnapshot is not shared" "$regx"
+          textPass "$regx: RDS Cluster Snapshot $rdsclustersnapshot is not shared" "$regx" "$rdsclustersnapshot"
         fi
       done
     else
-      textInfo "$regx: No RDS Cluster Snapshots found" "$regx"
+      textInfo "$regx: No RDS Cluster Snapshots found" "$regx" "$rdsclustersnapshot"
     fi
   done
 }
diff --git a/checks/check_extra735 b/checks/check_extra735
index 0b789f5e..f1d07aba 100644
--- a/checks/check_extra735
+++ b/checks/check_extra735
@@ -25,20 +25,19 @@ CHECK_DOC_extra735='https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overv
 CHECK_CAF_EPIC_extra735='Data Protection'
 
 extra735(){
-  textInfo "Looking for RDS Volumes in all regions...  "
   for regx in $REGIONS; do
     LIST_OF_RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[*].DBInstanceIdentifier' --output text)
     if [[ $LIST_OF_RDS_INSTANCES ]];then
       for rdsinstance in $LIST_OF_RDS_INSTANCES; do
         IS_ENCRYPTED=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].StorageEncrypted' --output text)
         if [[ $IS_ENCRYPTED == "False" ]]; then
-          textFail "$regx: RDS instance $rdsinstance is not encrypted!" "$regx"
+          textFail "$regx: RDS instance $rdsinstance is not encrypted!" "$regx" "$rdsinstance"
         else
-          textPass "$regx: RDS instance $rdsinstance is encrypted" "$regx"
+          textPass "$regx: RDS instance $rdsinstance is encrypted" "$regx" "$rdsinstance"
         fi
       done
     else
-      textInfo "$regx: No RDS instances found" "$regx"
+      textInfo "$regx: No RDS instances found" "$regx" "$rdsinstance"
     fi
   done
 }
diff --git a/checks/check_extra739 b/checks/check_extra739
index e36f4ab1..0cf5eb98 100644
--- a/checks/check_extra739
+++ b/checks/check_extra739
@@ -31,13 +31,13 @@ extra739(){
         # if retention is 0 then is disabled
         BACKUP_RETENTION=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].BackupRetentionPeriod' --output text)
         if [[ $BACKUP_RETENTION == "0" ]]; then
-          textFail "$regx: RDS instance $rdsinstance has not backup enabled!" "$regx"
+          textFail "$regx: RDS instance $rdsinstance has not backup enabled!" "$regx" "$rdsinstance"
         else
-          textPass "$regx: RDS instance $rdsinstance has backup enabled with retention period $BACKUP_RETENTION days" "$regx"
+          textPass "$regx: RDS instance $rdsinstance has backup enabled with retention period $BACKUP_RETENTION days" "$regx" "$rdsinstance"
         fi
       done
     else
-      textInfo "$regx: No RDS instances found" "$regx"
+      textInfo "$regx: No RDS instances found" "$regx" "$rdsinstance"
     fi
   done
 }
diff --git a/checks/check_extra747 b/checks/check_extra747
index f2473563..ec6a86d8 100644
--- a/checks/check_extra747
+++ b/checks/check_extra747
@@ -31,13 +31,13 @@ extra747(){
         # if retention is 0 then is disabled
         ENABLED_CLOUDWATCHLOGS_EXPORTS=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].EnabledCloudwatchLogsExports' --output text)
         if [[ $ENABLED_CLOUDWATCHLOGS_EXPORTS ]]; then
-          textPass "$regx: RDS instance $rdsinstance is shipping $ENABLED_CLOUDWATCHLOGS_EXPORTS to CloudWatch Logs" "$regx"
+          textPass "$regx: RDS instance $rdsinstance is shipping $ENABLED_CLOUDWATCHLOGS_EXPORTS to CloudWatch Logs" "$regx" "$rdsinstance"
         else
-          textFail "$regx: RDS instance $rdsinstance has no CloudWatch Logs enabled!" "$regx"
+          textFail "$regx: RDS instance $rdsinstance has no CloudWatch Logs enabled!" "$regx" "$rdsinstance"
         fi
       done
     else
-      textInfo "$regx: No RDS instances found" "$regx"
+      textInfo "$regx: No RDS instances found" "$regx" "$rdsinstance"
     fi
   done
 }
diff --git a/checks/check_extra78 b/checks/check_extra78
index 16d91ba2..a164eddb 100644
--- a/checks/check_extra78
+++ b/checks/check_extra78
@@ -27,17 +27,16 @@ CHECK_CAF_EPIC_extra78='Data Protection'
 
 extra78(){
   # "Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for RDS instances in all regions...  "
   for regx in $REGIONS; do
     LIST_OF_RDS_PUBLIC_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[?PubliclyAccessible==`true` && DBInstanceStatus==`"available"`].[DBInstanceIdentifier,Endpoint.Address]' --output text)
     if [[ $LIST_OF_RDS_PUBLIC_INSTANCES ]];then
       while read -r rds_instance;do
         RDS_NAME=$(echo $rds_instance | awk '{ print $1; }')
         RDS_DNSNAME=$(echo $rds_instance | awk '{ print $2; }')
-        textFail "$regx: RDS instance: $RDS_NAME at $RDS_DNSNAME is set as Publicly Accessible!" "$regx"
+        textFail "$regx: RDS instance: $RDS_NAME at $RDS_DNSNAME is set as Publicly Accessible!" "$regx" "$RDS_NAME"
       done <<< "$LIST_OF_RDS_PUBLIC_INSTANCES"
       else
-        textPass "$regx: no Publicly Accessible RDS instances found" "$regx"
+        textPass "$regx: no Publicly Accessible RDS instances found" "$regx" "$RDS_NAME"
     fi
   done
 }
diff --git a/include/csv_header b/include/csv_header
index 7a867815..3ab095c3 100644
--- a/include/csv_header
+++ b/include/csv_header
@@ -15,6 +15,6 @@
 printCsvHeader() {
   # >&2 echo ""
   # >&2 echo "Generating \"${SEP}\" delimited report on stdout for profile $PROFILE, account $ACCOUNT_NUM"
-      echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}CHECK_RESULT${SEP}ITEM_SCORED${SEP}ITEM_LEVEL${SEP}TITLE_TEXT${SEP}CHECK_RESULT_EXTENDED${SEP}CHECK_ASFF_COMPLIANCE_TYPE${SEP}CHECK_SEVERITY${SEP}CHECK_SERVICENAME${SEP}CHECK_ASFF_RESOURCE_TYPE${SEP}CHECK_ASFF_TYPE${SEP}CHECK_RISK${SEP}CHECK_REMEDIATION${SEP}CHECK_DOC${SEP}CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+      echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}CHECK_RESULT${SEP}ITEM_SCORED${SEP}ITEM_LEVEL${SEP}TITLE_TEXT${SEP}CHECK_RESULT_EXTENDED${SEP}CHECK_ASFF_COMPLIANCE_TYPE${SEP}CHECK_SEVERITY${SEP}CHECK_SERVICENAME${SEP}CHECK_ASFF_RESOURCE_TYPE${SEP}CHECK_ASFF_TYPE${SEP}CHECK_RISK${SEP}CHECK_REMEDIATION${SEP}CHECK_DOC${SEP}CHECK_CAF_EPIC${SEP}CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
       # echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}RESULT${SEP}SCORED${SEP}LEVEL${SEP}TITLE_TEXT${SEP}NOTES${SEP}COMPLIANCE${SEP}SEVERITY${SEP}SERVICENAME" | tee -a $OUTPUT_FILE_NAME.$EXTENSION_CSV
 }
diff --git a/include/html_report b/include/html_report
index 42db8626..5db51f08 100644
--- a/include/html_report
+++ b/include/html_report
@@ -158,6 +158,7 @@ addHtmlHeader() {
               <th style="width:40%" scope="col">Risk</th>
               <th style="width:40%" scope="col">Remediation</th>
               <th style="width:40%" scope="col">Link to doc</th>
+              <th scope="col">Resource ID</th>
             </tr>
           </thead>
           <tbody>
diff --git a/include/outputs b/include/outputs
index 5cfa4fe9..bd22569e 100644
--- a/include/outputs
+++ b/include/outputs
@@ -77,6 +77,7 @@ fi
 textPass(){
   CHECK_RESULT="PASS"
   CHECK_RESULT_EXTENDED="$1"
+  CHECK_RESOURCE_ID="$3"
 
   if [[ "$QUIET" == 1 ]]; then
     return
@@ -89,13 +90,13 @@ textPass(){
     REPREGION=$REGION
   fi
   if [[ "${MODES[@]}" =~ "csv" ]]; then
-    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
   fi
   if [[ "${MODES[@]}" =~ "json" ]]; then
-    generateJsonOutput "$1" "Pass" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_JSON
+    generateJsonOutput "$1" "Pass" "$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_JSON
   fi
   if [[ "${MODES[@]}" =~ "json-asff" ]]; then
-    JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "PASSED")
+    JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "PASSED" "$CHECK_RESOURCE_ID")
     echo "${JSON_ASFF_OUTPUT}" | tee -a $OUTPUT_FILE_NAME.$EXTENSION_ASFF
     if [[ "${SEND_TO_SECURITY_HUB}" -eq 1 ]]; then
       sendToSecurityHub "${JSON_ASFF_OUTPUT}" "${REPREGION}"
@@ -118,6 +119,7 @@ textPass(){
 textInfo(){
   CHECK_RESULT="INFO"
   CHECK_RESULT_EXTENDED="$1"
+  CHECK_RESOURCE_ID="$3"
 
   if [[ "$QUIET" == 1 ]]; then
     return
@@ -129,10 +131,10 @@ textInfo(){
     REPREGION=$REGION
   fi
   if [[ "${MODES[@]}" =~ "csv" ]]; then
-    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
   fi
   if [[ "${MODES[@]}" =~ "json" ]]; then
-    generateJsonOutput "$1" "Info" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
+    generateJsonOutput "$1" "Info" "$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
   fi
   if is_junit_output_enabled; then
     output_junit_info "$1"
@@ -144,7 +146,7 @@ textInfo(){
     echo "      $NOTICE INFO! $1 $NORMAL"
   fi
   if [[ "${MODES[@]}" =~ "html" ]]; then
-    generateHtmlOutput "$1" "INFO"
+    generateHtmlOutput "$1" "INFO" "$CHECK_RESOURCE_ID"
   fi
 }
 
@@ -176,6 +178,7 @@ textFail(){
 
   CHECK_RESULT=$level
   CHECK_RESULT_EXTENDED="$1"
+  CHECK_RESOURCE_ID="$3"
 
   if [[ $2 ]]; then
     REPREGION=$2
@@ -184,13 +187,13 @@ textFail(){
   fi
 
   if [[ "${MODES[@]}" =~ "csv" ]]; then
-    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
   fi
   if [[ "${MODES[@]}" =~ "json" ]]; then
-    generateJsonOutput "$1" "${level}" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
+    generateJsonOutput "$1" "${level}" "$CHECK_RESOURCE_ID"| tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
   fi
   if [[ "${MODES[@]}" =~ "json-asff" ]]; then
-    JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "${level}")
+    JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "${level}" "$CHECK_RESOURCE_ID")
     echo "${JSON_ASFF_OUTPUT}" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_ASFF}
     if [[ "${SEND_TO_SECURITY_HUB}" -eq 1 ]]; then
       sendToSecurityHub "${JSON_ASFF_OUTPUT}" "${REPREGION}"
@@ -210,7 +213,7 @@ textFail(){
     echo "      $colorcode ${level}! $1 $NORMAL"
   fi
   if [[ "${MODES[@]}" =~ "html" ]]; then
-    generateHtmlOutput "$1" "${level}"
+    generateHtmlOutput "$1" "${level}" "$CHECK_RESOURCE_ID"
   fi
 }
 
@@ -265,6 +268,7 @@ textTitle(){
 generateJsonOutput(){
   local message=$1
   local status=$2
+  local resource_id=$3
   jq -M -c \
   --arg PROFILE "$PROFILE" \
   --arg ACCOUNT_NUM "$ACCOUNT_NUM" \
@@ -279,6 +283,11 @@ generateJsonOutput(){
   --arg TYPE "$CHECK_ASFF_COMPLIANCE_TYPE" \
   --arg TIMESTAMP "$(get_iso8601_timestamp)" \
   --arg SERVICENAME "$CHECK_SERVICENAME" \
+  --arg CHECK_CAF_EPIC "$CHECK_CAF_EPIC" \
+  --arg CHECK_RISK "$CHECK_RISK" \
+  --arg CHECK_REMEDIATION "$CHECK_REMEDIATION" \
+  --arg CHECK_DOC "$CHECK_DOC" \
+  --arg CHECK_RESOURCE_ID "$resource_id" \
   -n '{
     "Profile": $PROFILE,
     "Account Number": $ACCOUNT_NUM,
@@ -292,7 +301,12 @@ generateJsonOutput(){
     "Region": $REPREGION,
     "Timestamp": $TIMESTAMP,
     "Compliance": $TYPE,
-    "Service": $SERVICENAME
+    "Service": $SERVICENAME,
+    "CAF Epic": $CHECK_CAF_EPIC,
+    "Risk": $CHECK_RISK,
+    "Remediation": $CHECK_REMEDIATION,
+    "Doc link": $CHECK_DOC,
+    "Resource ID": $CHECK_RESOURCE_ID
   }'
 }
 
@@ -377,6 +391,7 @@ generateHtmlOutput(){
       echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+      echo '<td>'$CHECK_RESOURCE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
   if [[ $status == "PASS" ]];then
@@ -395,6 +410,7 @@ generateHtmlOutput(){
       echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+      echo '<td>'$CHECK_RESOURCE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
   if [[ $status == "FAIL" ]];then
@@ -413,6 +429,7 @@ generateHtmlOutput(){
       echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+      echo '<td>'$CHECK_RESOURCE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
   if [[ $status == "WARNING" ]];then
@@ -431,6 +448,7 @@ generateHtmlOutput(){
       echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+      echo '<td>'$CHECK_RESOURCE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>'>> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
 }
\ No newline at end of file

From 78e5dc5dba71d23ac6d9cfbda93952d60a17255c Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 18 May 2021 18:28:15 +0200
Subject: [PATCH 22/82] Added new check extra7141 to detect secrets in SSM
 Documents

---
 checks/check_extra7141 | 55 ++++++++++++++++++++++++++++++++++++++++++
 groups/group11_secrets |  7 +-----
 groups/group7_extras   |  2 +-
 3 files changed, 57 insertions(+), 7 deletions(-)
 create mode 100644 checks/check_extra7141

diff --git a/checks/check_extra7141 b/checks/check_extra7141
new file mode 100644
index 00000000..3bb32926
--- /dev/null
+++ b/checks/check_extra7141
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7141="7.7141"
+CHECK_TITLE_extra7141="[extra7141] Find secrets in SSM Documents"
+CHECK_SCORED_extra7141="NOT_SCORED"
+CHECK_TYPE_extra7141="EXTRA"
+CHECK_SEVERITY_extra7141="Critical"
+CHECK_ASFF_RESOURCE_TYPE_extra7141="AwsSsmDocument"
+CHECK_ALTERNATE_check7141="extra7141"
+CHECK_SERVICENAME_extra7141="ssm"
+CHECK_RISK_extra7141='Secrets hardcoded into SSM Documents by malware and bad actors to gain lateral access to other services.'
+CHECK_REMEDIATION_extra7141='Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use Secrets Manager service to store and retrieve passwords and secrets.'
+CHECK_DOC_extra7141='https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html'
+CHECK_CAF_EPIC_extra7141='IAM'
+
+extra7141(){
+  SECRETS_TEMP_FOLDER="$PROWLER_DIR/secrets-$ACCOUNT_NUM"
+  if [[ ! -d $SECRETS_TEMP_FOLDER ]]; then
+    # this folder is deleted once this check is finished
+    mkdir $SECRETS_TEMP_FOLDER
+  fi
+
+  for regx in $REGIONS; do
+    SSM_DOCS=$($AWSCLI $PROFILE_OPT --region $regx ssm list-documents --filters Key=Owner,Values=Self --query DocumentIdentifiers[].Name --output text) 
+    if [[ $SSM_DOCS ]];then
+      for ssmdoc in $SSM_DOCS; do 
+        SSM_DOC_FILE="$SECRETS_TEMP_FOLDER/extra7141-$ssmdoc-$regx-content.txt"
+        $AWSCLI $PROFILE_OPT --region $regx ssm get-document --name $ssmdoc --output text --document-format JSON > $SSM_DOC_FILE
+        FINDINGS=$(secretsDetector file $SSM_DOC_FILE)
+        if [[ $FINDINGS -eq 0 ]]; then
+          textPass "$regx: No secrets found in SSM Document $ssmdoc" "$regx" "$ssmdoc"
+          # delete file if nothing interesting is there
+          rm -f $SSM_DOC_FILE
+        else
+          textFail "$regx: Potential secret found SSM Document $ssmdoc" "$regx" "$ssmdoc"
+          # delete file to not leave trace, user must look at the CFN Stack
+          rm -f $SSM_DOC_FILE
+        fi
+      done
+    else
+      textInfo "$regx: No SSM Document found." "$regx"
+    fi
+  done
+  rm -rf $SECRETS_TEMP_FOLDER
+}
diff --git a/groups/group11_secrets b/groups/group11_secrets
index 52a2df02..76d46056 100644
--- a/groups/group11_secrets
+++ b/groups/group11_secrets
@@ -15,13 +15,8 @@ GROUP_ID[11]='secrets'
 GROUP_NUMBER[11]='11.0'
 GROUP_TITLE[11]='Look for keys secrets or passwords around resources - [secrets]'
 GROUP_RUN_BY_DEFAULT[11]='N' # but it runs when execute_all is called (default)
-GROUP_CHECKS[11]='extra741,extra742,extra759,extra760,extra768,extra775'
+GROUP_CHECKS[11]='extra741,extra742,extra759,extra760,extra768,extra775,extra7141'
 
 # requires https://github.com/Yelp/detect-secrets
 # `pip install detect-secrets` 
 
-# Initially:
-# - EC2 UserData
-# - CloudFormation Outputs
-# - Lambda variables
-# - Lambda code
diff --git a/groups/group7_extras b/groups/group7_extras
index 7dd686bb..fa5e60a1 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,7 +15,7 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`

From 229d9ba00c779940f8955b49612984932d732a18 Mon Sep 17 00:00:00 2001
From: Josh Moss <45637452+Outrun207@users.noreply.github.com>
Date: Thu, 20 May 2021 12:36:30 -0400
Subject: [PATCH 23/82] ALB Header Check

---
 checks/check_extra7142 | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 checks/check_extra7142

diff --git a/checks/check_extra7142 b/checks/check_extra7142
new file mode 100644
index 00000000..4e42eb26
--- /dev/null
+++ b/checks/check_extra7142
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7142="7.142"
+CHECK_TITLE_extra7142="[extra7142] Check if Application Load Balancer is dropping invalid packets to prevent header based http request smuggling"
+CHECK_SCORED_extra7142="NOT_SCORED"
+CHECK_TYPE_extra7142="EXTRA"
+CHECK_SEVERITY_extra7142="Medium"
+CHECK_ASFF_RESOURCE_TYPE_extra7142="AwsElasticLoadBalancingV2LoadBalancer"
+CHECK_ALTERNATE_check7142="extra7142"
+CHECK_ASFF_COMPLIANCE_TYPE_extra7142=""
+CHECK_SERVICENAME_extra7142="elb"
+
+extra7142(){
+  for regx in $REGIONS; do
+    LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[?Type == `application`].[LoadBalancerArn]' --output text)
+    if [[ $LIST_OF_ELBSV2 ]];then
+      for alb in $LIST_OF_ELBSV2;do
+        CHECK_IF_DROP_INVALID_HEADER_FIELDS=$($AWSCLI elbv2 describe-load-balancer-attributes $PROFILE_OPT --region $regx --load-balancer-arn $alb --query 'Attributes[6]' --output text|grep -i true)
+        if [[ $CHECK_IF_DROP_INVALID_HEADER_FIELDS ]];then
+          textPass "Application Load Balancer $alb is dropping invalid header fields"
+        else
+          textFail "Application Load Balancer $alb is not dropping invalid header fields"
+        fi
+      done
+    else 
+      textInfo "no ALBs found"
+    fi
+  done
+}
\ No newline at end of file

From a711b482dff11f76d647690d89a38829faf7b550 Mon Sep 17 00:00:00 2001
From: "Sam (Yang) Li" <sli@MAC-sli.local>
Date: Thu, 20 May 2021 14:49:53 -0400
Subject: [PATCH 24/82] Fix #795 custom file option

---
 include/outputs | 22 ++++++++++++----------
 prowler         | 12 ++++++++----
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/include/outputs b/include/outputs
index 5cfa4fe9..ce6d6dfa 100644
--- a/include/outputs
+++ b/include/outputs
@@ -19,7 +19,7 @@ EXTENSION_ASFF="asff-json"
 EXTENSION_TEXT="txt"
 EXTENSION_HTML="html"
 OUTPUT_DATE=$(date -u +"%Y%m%d%H%M%S")
-OUTPUT_DIR="${PROWLER_DIR}/output" # default output if none 
+OUTPUT_DIR="${PROWLER_DIR}/output" # default output if none
 if [[ $OUTPUT_DIR_CUSTOM ]]; then
   # output mode has to be set to other than text
   if [[ ! " ${MODES[@]} " =~ " text " || ${check_id} == 7.1 || ${check_id} == 7.74  ]]; then
@@ -32,9 +32,11 @@ if [[ $OUTPUT_DIR_CUSTOM ]]; then
   else
     echo "$OPTRED ERROR!$OPTNORMAL - Mode (-M) has to be set as well. Use -h for help."
     exit 1
-  fi 
+  fi
+fi
+if [ -z ${OUTPUT_FILE_NAME+x} ]; then
+  OUTPUT_FILE_NAME="${OUTPUT_DIR}/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}"
 fi
-OUTPUT_FILE_NAME="${OUTPUT_DIR}/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}"
 HTML_LOGO_URL="https://github.com/toniblyx/prowler/"
 HTML_LOGO_IMG="https://github.com/toniblyx/prowler/raw/2.4/util/html/prowler-logo-new.png"
 TIMESTAMP=$(get_iso8601_timestamp)
@@ -46,19 +48,19 @@ PROWLER_PARAMETERS=$@
 # $ACCOUNT_NUM AWS Account ID
 # $REPREGION AWS region scanned
 # $TITLE_ID Numeric identifier of each check (1.2, 2.3, etc), originally based on CIS checks.
-# $CHECK_RESULT values can be PASS, FAIL, INFO or WARNING if whitelisted 
+# $CHECK_RESULT values can be PASS, FAIL, INFO or WARNING if whitelisted
 # $ITEM_SCORED corresponds to CHECK_SCORED, values can be Scored/Not Scored. This is CIS only, will be deprecated in Prowler.
 # $ITEM_LEVEL corresponds to CHECK_TYPE_ currently only for CIS Level 1, CIS Level 2 and Extras (all checks not part of CIS)
-# $TITLE_TEXT corresponds to CHECK_TITLE_ shows title of each check 
+# $TITLE_TEXT corresponds to CHECK_TITLE_ shows title of each check
 # $CHECK_RESULT_EXTENDED shows response of each check per resource like sg-123438 is open!
-# $CHECK_ASFF_COMPLIANCE_TYPE specify type from taxonomy https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html 
+# $CHECK_ASFF_COMPLIANCE_TYPE specify type from taxonomy https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html
 # $CHECK_SEVERITY severity Low, Medium, High, Critical
 # $CHECK_SERVICENAME AWS service name short name
 # $CHECK_ASFF_RESOURCE_TYPE values from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html#asff-resources
 # $CHECK_ASFF_TYPE generic type from taxonomy here  https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html
-# $CHECK_RISK text about risk 
-# $CHECK_REMEDIATION text about remediation 
-# $CHECK_DOC link to related documentation 
+# $CHECK_RISK text about risk
+# $CHECK_REMEDIATION text about remediation
+# $CHECK_DOC link to related documentation
 # $CHECK_CAF_EPIC it can be Logging and Monitoring, IAM, Data Protection, Infrastructure Security. Incident Response is not included since CAF has not specific checks on it logs enablement are part of Logging and Monitoring.
 
 # Ensure that output directory always exists when -M is used
@@ -433,4 +435,4 @@ generateHtmlOutput(){
       echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>'>> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
-}
\ No newline at end of file
+}
diff --git a/prowler b/prowler
index 528aec4a..f62b16e9 100755
--- a/prowler
+++ b/prowler
@@ -104,13 +104,14 @@ USAGE:
                             (i.e.: -M csv -o /tmp/reports/)
       -B                  Custom output bucket, requires -M <mode> and it can work also with -o flag.
                             (i.e.: -M csv -B my-bucket or -M csv -B my-bucket/folder/)
+      -F                  Custom output report name, if not specified will use default output/prowler-output-ACCOUNT_NUM-OUTPUT_DATE
       -V                  show version number & exit
       -h                  this help
   "
   exit
 }
 
-while getopts ":hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:" OPTION; do
+while getopts ":hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:F:" OPTION; do
    case $OPTION in
      h )
         usage
@@ -200,6 +201,9 @@ while getopts ":hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:" OPTION; do
      B )
         OUTPUT_BUCKET=$OPTARG
         ;;
+     F )
+        OUTPUT_FILE_NAME=$OPTARG
+        ;;
      : )
         echo ""
         echo "$OPTRED ERROR!$OPTNORMAL  -$OPTARG requires an argument"
@@ -356,7 +360,7 @@ show_group_title() {
 execute_check() {
 
   if [[ $ACCOUNT_TO_ASSUME ]]; then
-    # Following logic looks for time remaining in the session and review it 
+    # Following logic looks for time remaining in the session and review it
     # if it is less than 600 seconds, 10 minutes.
     CURRENT_TIMESTAMP=$(date -u "+%s")
     SESSION_TIME_REMAINING=$(expr $AWS_SESSION_EXPIRATION - $CURRENT_TIMESTAMP)
@@ -369,7 +373,7 @@ execute_check() {
     fi
   fi
 
-  CHECK_ID="$1" 
+  CHECK_ID="$1"
 
   # See if this is an alternate name for a check
   # for example, we might have been passed 1.01 which is another name for 1.1
@@ -382,7 +386,7 @@ execute_check() {
 
   local asff_compliance_type_var=CHECK_ASFF_COMPLIANCE_TYPE_$1
   CHECK_ASFF_COMPLIANCE_TYPE="${!asff_compliance_type_var:-Software and Configuration Checks}"
-  
+
   # See if this check defines an ASFF Resource Type, if so, use this, falling back to a sane default
   # For a list of Resource Types, see: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html#asff-resources
   local asff_resource_type_var=CHECK_ASFF_RESOURCE_TYPE_$1

From e3893c7d5b259c85c6731adffa3d611683b79827 Mon Sep 17 00:00:00 2001
From: Josh Moss <45637452+Outrun207@users.noreply.github.com>
Date: Tue, 25 May 2021 13:49:27 -0400
Subject: [PATCH 25/82] Update check_extra7142

---
 checks/check_extra7142 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/checks/check_extra7142 b/checks/check_extra7142
index 4e42eb26..9822fce2 100644
--- a/checks/check_extra7142
+++ b/checks/check_extra7142
@@ -27,13 +27,13 @@ extra7142(){
       for alb in $LIST_OF_ELBSV2;do
         CHECK_IF_DROP_INVALID_HEADER_FIELDS=$($AWSCLI elbv2 describe-load-balancer-attributes $PROFILE_OPT --region $regx --load-balancer-arn $alb --query 'Attributes[6]' --output text|grep -i true)
         if [[ $CHECK_IF_DROP_INVALID_HEADER_FIELDS ]];then
-          textPass "Application Load Balancer $alb is dropping invalid header fields"
+          textPass "$regx: Application Load Balancer $alb is dropping invalid header fields." "$regx" "$alb"
         else
-          textFail "Application Load Balancer $alb is not dropping invalid header fields"
+          textFail "$regx: Application Load Balancer $alb is not dropping invalid header fields" "$regx" "$alb"
         fi
       done
     else 
-      textInfo "no ALBs found"
+      textInfo "$regx: no ALBs found"
     fi
   done
-}
\ No newline at end of file
+}

From baf5232cbc11ebbacc5a1d3ce0dbd565d341ca63 Mon Sep 17 00:00:00 2001
From: Dom Bellizzi <dominick@classdojo.com>
Date: Sat, 29 May 2021 22:26:15 +0000
Subject: [PATCH 26/82] Fix finding customer kms keys in cli v2 for checks
 extra737 extra736

Key id is in position 6 in aws cli version 2.2.5, but in position 4 in aws cli 1.x
Use --query to select only the data necessary and output in a consistent format
---
 checks/check_extra736 | 2 +-
 checks/check_extra737 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/checks/check_extra736 b/checks/check_extra736
index 0b5993a7..660f34be 100644
--- a/checks/check_extra736
+++ b/checks/check_extra736
@@ -19,7 +19,7 @@ CHECK_ALTERNATE_check736="extra736"
 extra736(){
   textInfo "Looking for KMS keys in all regions...  "
   for regx in $REGIONS; do
-    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --output text |grep -v :alias/aws/ |awk '{ print $4 }')
+    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --query "Aliases[].[AliasName,TargetKeyId]" --output text |grep -v ^alias/aws/ |awk '{ print $2 }')
     if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
       for key in $LIST_OF_CUSTOMER_KMS_KEYS; do
         CHECK_POLICY=$($AWSCLI kms get-key-policy --key-id $key --policy-name default $PROFILE_OPT --region $regx  --output text|awk '/Principal/{n=NR+1} n>=NR' |grep AWS\"\ :\ \"\\*\"$)
diff --git a/checks/check_extra737 b/checks/check_extra737
index d10a301f..5fda36c5 100644
--- a/checks/check_extra737
+++ b/checks/check_extra737
@@ -19,7 +19,7 @@ CHECK_ALTERNATE_check737="extra737"
 extra737(){
   textInfo "Looking for KMS keys in all regions...  "
   for regx in $REGIONS; do
-    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --output text |grep -v :alias/aws/ |awk '{ print $4 }')
+    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --query "Aliases[].[AliasName,TargetKeyId]" --output text |grep -v ^alias/aws/ |awk '{ print $2 }')
     if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
       for key in $LIST_OF_CUSTOMER_KMS_KEYS; do
         CHECK_ROTATION=$($AWSCLI kms get-key-rotation-status --key-id $key $PROFILE_OPT --region $regx  --output text)

From 55e703540ef4bd23043c026814deb770a919fafa Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Mon, 31 May 2021 18:47:56 +0200
Subject: [PATCH 27/82] Fixed typo in check extra7141 ID

---
 checks/check_extra7141 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check_extra7141 b/checks/check_extra7141
index 3bb32926..ff4ce69c 100644
--- a/checks/check_extra7141
+++ b/checks/check_extra7141
@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra7141="7.7141"
+CHECK_ID_extra7141="7.141"
 CHECK_TITLE_extra7141="[extra7141] Find secrets in SSM Documents"
 CHECK_SCORED_extra7141="NOT_SCORED"
 CHECK_TYPE_extra7141="EXTRA"

From 5f1fa558c95cd6c04997ee31a278909d2e1e7bad Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 1 Jun 2021 09:09:25 +0200
Subject: [PATCH 28/82] Changes in text output with severity and service name

---
 include/outputs | 56 +++++++++++++++++++++++++------------------------
 prowler         |  4 +++-
 2 files changed, 32 insertions(+), 28 deletions(-)

diff --git a/include/outputs b/include/outputs
index bd22569e..f707bfa6 100644
--- a/include/outputs
+++ b/include/outputs
@@ -219,49 +219,51 @@ textFail(){
 
 textTitle(){
   CHECKS_COUNTER=$((CHECKS_COUNTER+1))
-  TITLE_ID=$1
+  TITLE_ID="$BLUE$1$NORMAL"
   if [[ $NUMERAL ]]; then
     # Left-pad the check ID with zeros to simplify sorting, e.g. 1.1 -> 1.01
     TITLE_ID=$(awk -F'.' '{ printf "%d.%02d", $1, $2 }' <<< "$TITLE_ID")
   fi
 
   TITLE_TEXT=$2
+  CHECK_SERVICENAME="$MAGENTA$3$NORMAL"
+  CHECK_SEVERITY="$BROWN[$4]$NORMAL"
 
-  case "$3" in
-    0|No|NOT_SCORED)
-      ITEM_SCORED="Not Scored"
-      ;;
-    1|Yes|SCORED)
-      ITEM_SCORED="Scored"
-      ;;
-    *)
-      ITEM_SCORED="Unspecified"
-      ;;
-  esac
+  # case "$3" in
+  #   0|No|NOT_SCORED)
+  #     ITEM_SCORED="Not Scored"
+  #     ;;
+  #   1|Yes|SCORED)
+  #     ITEM_SCORED="Scored"
+  #     ;;
+  #   *)
+  #     ITEM_SCORED="Unspecified"
+  #     ;;
+  # esac
 
-  case "$4" in
-    LEVEL1)  ITEM_LEVEL="Level 1";;
-    LEVEL2)  ITEM_LEVEL="Level 2";;
-    EXTRA)   ITEM_LEVEL="Extra";;
-    SUPPORT) ITEM_LEVEL="Support";;
-    *)       ITEM_LEVEL="Unspecified or Invalid";;
-  esac
+  # case "$4" in
+  #   LEVEL1)  ITEM_LEVEL="Level 1";;
+  #   LEVEL2)  ITEM_LEVEL="Level 2";;
+  #   EXTRA)   ITEM_LEVEL="Extra";;
+  #   SUPPORT) ITEM_LEVEL="Support";;
+  #   *)       ITEM_LEVEL="Unspecified or Invalid";;
+  # esac
 
   local group_ids
-  if [[ -n "$5" ]]; then
-    group_ids="$CYAN [$5] $NORMAL"
-  fi
+  # if [[ -n "$4" ]]; then
+    group_ids="$CYAN[$5]$NORMAL"
+  # fi
 
   if [[ "${MODES[@]}" =~ "csv" ]]; then
     >&2 echo "$TITLE_ID $TITLE_TEXT" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
   elif [[ "${MODES[@]}" =~ "json" || "${MODES[@]}" =~ "json-asff" ]]; then
     :
   else
-    if [[ "$ITEM_SCORED" == "Scored" ]]; then
-      echo -e "\n$BLUE $TITLE_ID $NORMAL $TITLE_TEXT $6 $group_ids "
-    else
-      echo -e "\n$PURPLE $TITLE_ID $TITLE_TEXT $6 $NORMAL $group_ids "
-    fi
+    # if [[ "$ITEM_SCORED" == "Scored" ]]; then
+       echo -e "$TITLE_ID $CHECK_SERVICENAME $TITLE_TEXT $CHECK_SEVERITY $group_ids "
+    # else
+    #   echo -e "\n$PURPLE $TITLE_ID $TITLE_TEXT $6 $NORMAL $group_ids "
+    # fi
   fi
 }
 
diff --git a/prowler b/prowler
index 528aec4a..2f9da953 100755
--- a/prowler
+++ b/prowler
@@ -322,6 +322,8 @@ show_check_title() {
   local check_scored=CHECK_SCORED_$1
   local check_type=CHECK_TYPE_$1
   local check_asff_compliance_type=CHECK_ASFF_COMPLIANCE_TYPE_$1
+  local check_severity=CHECK_SEVERITY_$1
+  local check_servicename=CHECK_SERVICENAME_$1
   local group_ids
   local group_index
   # If requested ($2 is any non-null value) iterate all GROUP_CHECKS and produce a comma-separated list of all
@@ -340,7 +342,7 @@ show_check_title() {
   if [[ ${GROUP_ID_READ} == "ens" ]];then
     textTitle "${!check_id}" "${!check_title}" "${!check_scored}" "${!check_type}" "$group_ids" "(${!check_asff_compliance_type})"
   else
-    textTitle "${!check_id}" "${!check_title}" "${!check_scored}" "${!check_type}" "$group_ids"
+    textTitle "${!check_id}" "${!check_title}" "${!check_servicename}" "${!check_severity}" "$group_ids"
   fi
 }
 

From 311d21546de80724b0cdc90bc43ca664ee19f315 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 1 Jun 2021 09:10:51 +0200
Subject: [PATCH 29/82] Enhanced -f <filterregion> usage info

---
 prowler | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/prowler b/prowler
index 2f9da953..0981f0c5 100755
--- a/prowler
+++ b/prowler
@@ -74,7 +74,7 @@ USAGE:
       -g <group_id>       specify a group of checks by id, to see all available group of checks use "-L"
                             (i.e.: "group3" for entire section 3, "cislevel1" for CIS Level 1 Profile Definitions or "forensics-ready")
       -f <filterregion>   specify an AWS region to run checks against
-                            (i.e.: us-west-1)
+                            (i.e.: us-west-1 or for multiple regions use single quote like 'us-west-1 us-west-2')
       -m <maxitems>       specify the maximum number of items to return for long-running requests (default: 100)
       -M <mode>           output mode: text (default), mono, html, json, json-asff, junit-xml, csv. They can be used combined comma separated.
                             (separator is ","; data is on stdout; progress on stderr).

From 4ddf0aff862fa079a6b01c5bbd80cadb3a4ac68c Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 1 Jun 2021 12:28:30 +0200
Subject: [PATCH 30/82] Added extra7142 to group extras

---
 groups/group7_extras | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/groups/group7_extras b/groups/group7_extras
index fa5e60a1..2ecde56a 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,7 +15,7 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`

From 124ae0fd2e46c3e37cb8228f05685831096fd5f8 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Wed, 2 Jun 2021 17:53:12 +0200
Subject: [PATCH 31/82] Fixed kms keys compatibility in cli v2 and v1

---
 checks/check_extra7126 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check_extra7126 b/checks/check_extra7126
index f1b80877..7b91e0e2 100644
--- a/checks/check_extra7126
+++ b/checks/check_extra7126
@@ -26,7 +26,7 @@ CHECK_CAF_EPIC_extra7126='Data Protection'
 
 extra7126(){
   for regx in $REGIONS; do
-    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --output text |grep -v :alias/aws/ |awk '{ print $4 }')
+    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --query "Aliases[].[AliasName,TargetKeyId]" --output text |grep -v ^alias/aws/ |awk '{ print $2 }')
     if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
       for key in $LIST_OF_CUSTOMER_KMS_KEYS; do
         CHECK_STATUS=$($AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx --output json | jq -r '.KeyMetadata.KeyState')

From 5aeb670a846f4c5c5cbcf8835eb9a21f2654f6c9 Mon Sep 17 00:00:00 2001
From: h1008 <9917357+h1008@users.noreply.github.com>
Date: Sat, 5 Jun 2021 11:57:04 +0200
Subject: [PATCH 32/82] Fixed issue #811

---
 checks/check_extra7113 | 2 +-
 checks/check_extra7132 | 2 +-
 checks/check_extra7133 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/checks/check_extra7113 b/checks/check_extra7113
index a9dcbcce..26809c67 100644
--- a/checks/check_extra7113
+++ b/checks/check_extra7113
@@ -38,7 +38,7 @@ CHECK_CAF_EPIC_extra7113='Data Protection'
 extra7113(){
   textInfo "Looking for RDS Volumes in all regions...  "
   for regx in $REGIONS; do
-    LIST_OF_RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[*].DBInstanceIdentifier' --output text)
+    LIST_OF_RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query "DBInstances[?Engine != 'docdb'].DBInstanceIdentifier" --output text)
     if [[ $LIST_OF_RDS_INSTANCES ]];then
       for rdsinstance in $LIST_OF_RDS_INSTANCES; do
         IS_DELETIONPROTECTION=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].DeletionProtection' --output text)
diff --git a/checks/check_extra7132 b/checks/check_extra7132
index eb64827d..4fbdfbc5 100644
--- a/checks/check_extra7132
+++ b/checks/check_extra7132
@@ -25,7 +25,7 @@ CHECK_CAF_EPIC_extra7132='Logging and Monitoring'
 
 extra7132(){
   for regx in $REGIONS; do
-    RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[*].DBInstanceIdentifier' --output text)
+    RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query "DBInstances[?Engine != 'docdb'].DBInstanceIdentifier" --output text)
     if [[ $RDS_INSTANCES ]];then
       for rdsinstance in ${RDS_INSTANCES}; do
           RDS_NAME="$rdsinstance"
diff --git a/checks/check_extra7133 b/checks/check_extra7133
index 2be3d662..6daec448 100644
--- a/checks/check_extra7133
+++ b/checks/check_extra7133
@@ -25,7 +25,7 @@ CHECK_CAF_EPIC_extra7133='Data Protection'
 
 extra7133(){
   for regx in $REGIONS; do
-    RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[*].DBInstanceIdentifier' --output text)
+    RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query "DBInstances[?Engine != 'docdb'].DBInstanceIdentifier" --output text)
     if [[ $RDS_INSTANCES ]];then
       for rdsinstance in ${RDS_INSTANCES}; do
           RDS_NAME="$rdsinstance"

From c74faa6d0748dd78dd21486fa2f8c7f998d4b983 Mon Sep 17 00:00:00 2001
From: Ramon <w0rmr1d3r@users.noreply.github.com>
Date: Tue, 8 Jun 2021 14:18:46 +0200
Subject: [PATCH 33/82] add missing * to align with the rest of the titles

---
 groups/group21_soc2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/groups/group21_soc2 b/groups/group21_soc2
index 20e3f0d5..84f2cac3 100644
--- a/groups/group21_soc2
+++ b/groups/group21_soc2
@@ -13,11 +13,11 @@
 
 GROUP_ID[21]='soc2'
 GROUP_NUMBER[21]='21.0'
-GROUP_TITLE[21]='SOC2 Readiness - ONLY AS REFERENCE - [soc2] ***'
+GROUP_TITLE[21]='SOC2 Readiness - ONLY AS REFERENCE - [soc2] *******************'
 GROUP_RUN_BY_DEFAULT[21]='N' # run it when execute_all is called
 GROUP_CHECKS[21]='check110,check111,check113,check12,check122,check13,check15,check16,check17,check18,check19,check21,check31,check310,check32,check33,check34,check35,check36,check37,check38,check39,check41,check42,check43,extra711,extra72,extra723,extra729,extra731,extra734,extra735,extra739,extra76,extra78,extra792'
 
 # References:
 # 1. https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf
 # 2. https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/mappingsrelevanttothesocsuiteofservices.html
-# 3. https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/othermapping/mapping-final-2017-tsc-to-extant-2016-tspc.xlsx
\ No newline at end of file
+# 3. https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/othermapping/mapping-final-2017-tsc-to-extant-2016-tspc.xlsx

From aa3edbc63657c605fb320505713bfbf47ec79a49 Mon Sep 17 00:00:00 2001
From: Pablo Pagani <79593935+pablopagani@users.noreply.github.com>
Date: Wed, 9 Jun 2021 14:01:27 -0300
Subject: [PATCH 34/82] corrected bug on groups when listing checks

corrected bug on groups when listing checks (option -l)
Previous regular expression will include groups when it matched half of the check_id
---
 prowler | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/prowler b/prowler
index e6075a09..b3cc2e09 100755
--- a/prowler
+++ b/prowler
@@ -330,16 +330,19 @@ show_check_title() {
   local check_servicename=CHECK_SERVICENAME_$1
   local group_ids
   local group_index
+  local check_name
   # If requested ($2 is any non-null value) iterate all GROUP_CHECKS and produce a comma-separated list of all
   # the GROUP_IDs that include this particular check
   if [[ -n "$2" ]]; then
     for group_index in "${!GROUP_ID[@]}"; do
-      if [[ "${GROUP_CHECKS[$group_index]}" =~ "$1" ]]; then
-        if [[ -n "$group_ids" ]]; then
-          group_ids+=", "
+      for check_name in $(echo "${GROUP_CHECKS[$group_index]}" | sed "s/,/ /g");do
+        if [[ "$check_name" == "$1" ]]; then
+          if [[ -n "$group_ids" ]]; then
+            group_ids+=", "
+          fi
+          group_ids+="${GROUP_ID[$group_index]}"
         fi
-        group_ids+="${GROUP_ID[$group_index]}"
-      fi
+      done
     done
   fi
   # This shows ASFF_COMPLIANCE_TYPE if group used is ens, this si used to show ENS compliance ID control, can be used for other compliance groups as well.

From 79a0eb622d95876755c86f53a487701698c5889c Mon Sep 17 00:00:00 2001
From: kamiryo <ryota@ryotanoMacBook-Air.local>
Date: Thu, 10 Jun 2021 23:13:17 +0900
Subject: [PATCH 35/82] Add WAF CLASSIC check for extra7129

---
 checks/check_extra7129 | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/checks/check_extra7129 b/checks/check_extra7129
index 130c8074..a96ad6c2 100644
--- a/checks/check_extra7129
+++ b/checks/check_extra7129
@@ -28,30 +28,45 @@ extra7129(){
   for regx in $REGIONS; do
     LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[?Scheme == `internet-facing` && Type == `application`].[LoadBalancerName]' --output text)
     LIST_OF_WAFV2_WEBACL_ARN=$($AWSCLI wafv2 list-web-acls $PROFILE_OPT --region=$regx --scope=REGIONAL --query WebACLs[*].ARN --output text)
+    LIST_OF_WAFV1_WEBACL_WEBACLID=$($AWSCLI waf-regional list-web-acls $PROFILE_OPT --region $regx --query WebACLs[*].[WebACLId] --output text)
+
     if [[ $LIST_OF_ELBSV2 ]]; then
       for alb in $LIST_OF_ELBSV2; do
-        if [[ $LIST_OF_WAFV2_WEBACL_ARN ]]; then 
+        if [[ ${#LIST_OF_WAFV2_WEBACL_ARN[@]} -gt 0 || ${#LIST_OF_WAFV1_WEBACL_WEBACLID[@]} -gt 0 ]]; then
           WAF_PROTECTED_ALBS=()
           for wafaclarn in $LIST_OF_WAFV2_WEBACL_ARN; do
             ALB_RESOURCES_IN_WEBACL=$($AWSCLI wafv2 list-resources-for-web-acl $PROFILE_OPT --web-acl-arn $wafaclarn --region=$regx --resource-type APPLICATION_LOAD_BALANCER --query ResourceArns --output text | xargs -n1 | awk -F'/' '{ print $3 }'| grep $alb)
-            if [[ $ALB_RESOURCES_IN_WEBACL ]]; then 
+            if [[ $ALB_RESOURCES_IN_WEBACL ]]; then
               WAF_PROTECTED_ALBS+=($wafaclarn)
             fi
           done
-          if [[ ${#WAF_PROTECTED_ALBS[@]} -gt 0 ]]; then
-            for wafaclarn in "${WAF_PROTECTED_ALBS[@]}"; do
-              WAFV2_WEBACL_ARN_SHORT=$(echo $wafaclarn |  awk -F'/' '{ print $3 }')
-              textPass "$regx: Application Load Balancer $alb is protected by WAFv2 ACL $WAFV2_WEBACL_ARN_SHORT" "$regx"
-            done
+          for wafv1aclid in $LIST_OF_WAFV1_WEBACL_WEBACLID; do
+            ALB_RESOURCES_IN_WEBACL=$($AWSCLI waf-regional list-resources-for-web-acl $PROFILE_OPT --web-acl-id $wafv1aclid --region=$regx --resource-type APPLICATION_LOAD_BALANCER --output text --query "[ResourceArns]"| grep $alb)
+            if [[ $ALB_RESOURCES_IN_WEBACL ]]; then
+              WAFv1_PROTECTED_ALBS+=($wafv1aclid)
+            fi
+          done
+          if [[ ${#WAF_PROTECTED_ALBS[@]} -gt 0 || ${#WAFv1_PROTECTED_ALBS[@]} -gt 0 ]]; then
+            if [[ ${#WAF_PROTECTED_ALBS[@]} -gt 0 ]]; then
+              for wafaclarn in "${WAF_PROTECTED_ALBS[@]}"; do
+                WAFV2_WEBACL_ARN_SHORT=$(echo $wafaclarn |  awk -F'/' '{ print $3 }')
+                textPass "$regx: Application Load Balancer $alb is protected by WAFv2 ACL $WAFV2_WEBACL_ARN_SHORT" "$regx"
+              done
+            fi
+            if [[ ${#WAFv1_PROTECTED_ALBS[@]} -gt 0 ]]; then
+              for wafv1aclid in "${WAFv1_PROTECTED_ALBS[@]}"; do
+                textPass "$regx: Application Load Balancer $alb is protected by WAFv1 ACL $wafv1aclid" "$regx"
+              done
+            fi
           else
-            textFail "$regx: Application Load Balancer $alb is not protected by WAFv2 ACL" "$regx"
+            textFail "$regx: Application Load Balancer $alb is not protected by WAF ACL" "$regx"
           fi
-        else 
-          textFail "$regx: Application Load Balancer $alb is not protected no WAFv2 ACL found" "$regx"
+        else
+          textFail "$regx: Application Load Balancer $alb is not protected no WAF ACL found" "$regx"
         fi
-      done         
+      done
     else
       textInfo "$regx: No Application Load Balancers found" "$regx"
-    fi    
+    fi
   done
 }
\ No newline at end of file

From 8e9ef841e5b990e3955f796365ea0de1a751a31c Mon Sep 17 00:00:00 2001
From: Patel <nayab.patel@siemens.com>
Date: Mon, 14 Jun 2021 12:43:21 +0530
Subject: [PATCH 36/82] Adding custom security checks

---
 checks/check_extra91 | 46 ++++++++++++++++++++++++++++++++++++++++++
 checks/check_extra92 | 48 ++++++++++++++++++++++++++++++++++++++++++++
 checks/check_extra93 | 35 ++++++++++++++++++++++++++++++++
 checks/check_extra94 | 47 +++++++++++++++++++++++++++++++++++++++++++
 checks/check_extra95 | 41 +++++++++++++++++++++++++++++++++++++
 5 files changed, 217 insertions(+)
 create mode 100644 checks/check_extra91
 create mode 100644 checks/check_extra92
 create mode 100644 checks/check_extra93
 create mode 100644 checks/check_extra94
 create mode 100644 checks/check_extra95

diff --git a/checks/check_extra91 b/checks/check_extra91
new file mode 100644
index 00000000..70afae9a
--- /dev/null
+++ b/checks/check_extra91
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra91="9.1"
+CHECK_TITLE_extra91="[extra91] Check if S3 glacier vaults have policies which allow access to everyone (Not Scored) (Not part of CIS benchmark) (Custom Check)"
+CHECK_SCORED_extra91="NOT_SCORED"
+CHECK_TYPE_extra91="EXTRA"
+CHECK_SEVERITY_extra91="Critical"
+CHECK_ASFF_RESOURCE_TYPE_extra91="AwsS3Glacier"
+CHECK_ALTERNATE_check91="extra91"
+CHECK_SERVICENAME_extra91="s3Glacier"
+
+# If an s3 glacier vault has a policy principle as *, we consider it public accessible resource.
+
+extra91(){
+  for region in $REGIONS; do
+  LIST_OF_VAULTS=$($AWSCLI glacier list-vaults $PROFILE_OPT --region $region --account-id $ACCOUNT_NUM --query VaultList[*].VaultName --output text|xargs -n1)
+  if [[ $LIST_OF_VAULTS ]]; then
+    for vault in $LIST_OF_VAULTS;do
+      VAULT_POLICY_STATEMENTS=$($AWSCLI glacier $PROFILE_OPT get-vault-access-policy --region $region --account-id $ACCOUNT_NUM --vault-name $vault --output json --query policy.Policy 2>&1)
+      if [[ $VAULT_POLICY_STATEMENTS == *GetVaultAccessPolicy* ]]; then
+        textInfo "Vault policy does not exist for vault $vault"
+      else
+        VAULT_POLICY_BAD_STATEMENTS=$(echo $VAULT_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow") | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
+        if [[ $VAULT_POLICY_BAD_STATEMENTS != "" ]]; then
+          textFail "$region : Vault $vault allows public access with policy as: $VAULT_POLICY_BAD_STATEMENTS"
+        else
+          textPass "$region :Vault $vault has vault policy which does not allow public access"
+        fi
+      fi
+    done
+
+  else
+    textInfo "No glacier vaults found in $region region"
+  fi
+ done
+}
diff --git a/checks/check_extra92 b/checks/check_extra92
new file mode 100644
index 00000000..0f76bd84
--- /dev/null
+++ b/checks/check_extra92
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra92="9.2"
+CHECK_TITLE_extra92="[extra92] Check if EFS have policies which allow access to everyone (Not Scored) (Not part of CIS benchmark) (Custom Check)"
+CHECK_SCORED_extra92="NOT_SCORED"
+CHECK_TYPE_extra92="EXTRA"
+CHECK_SEVERITY_extra92="Critical"
+CHECK_ASFF_RESOURCE_TYPE_extra92="AwsEFS"
+CHECK_ALTERNATE_check92="extra92"
+CHECK_SERVICENAME_extra92="EFS"
+
+# If an EFS has a policy principle as *, we consider it as public accessible even though client connects through a vpc peering or transit gateway. Also if EFS has a default policy(no user defined
+# policy), it's also a security risk, as default policy grants full access to any client that can connect to the file system using a file system mount target.
+
+extra92(){
+  for region in $REGIONS; do
+  LIST_OF_EFS_IDS=$($AWSCLI efs describe-file-systems $PROFILE_OPT --region $region --query FileSystems[*].FileSystemId --output text|xargs -n1)
+  if [[ $LIST_OF_EFS_IDS ]]; then
+    for efsId in $LIST_OF_EFS_IDS;do
+      EFS_POLICY_STATEMENTS=$($AWSCLI efs $PROFILE_OPT describe-file-system-policy --region $region --file-system-id $efsId --output json --query Policy 2>&1)
+      if [[ $EFS_POLICY_STATEMENTS == *PolicyNotFound* ]]; then
+        textFail "$region :  EFS $efsId doesn't have any policy which means it grants full access to any client"
+        # textInfo "EFS policy does not exist for efs id $efsId"
+      else
+        EFS_POLICY_BAD_STATEMENTS=$(echo $EFS_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow") | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
+        if [[ $EFS_POLICY_BAD_STATEMENTS != "" ]]; then
+          textFail "$region : EFS $efsId allows public access with policy as: $EFS_POLICY_BAD_STATEMENTS"
+        else
+          textPass "$region : EFS $efsId has file system policy which does not allow public access"
+        fi
+      fi
+    done
+
+  else
+    textInfo "No EFS found in $region region"
+  fi
+ done
+}
diff --git a/checks/check_extra93 b/checks/check_extra93
new file mode 100644
index 00000000..c9aed63d
--- /dev/null
+++ b/checks/check_extra93
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+CHECK_ID_extra93="9.3"
+CHECK_TITLE_extra93="[extra93] Check if aws cloudwatch has allowed sharing with other accounts (Not Scored) (Not part of CIS benchmark) (Custom Check)"
+CHECK_SCORED_extra93="NOT_SCORED"
+CHECK_TYPE_extra93="EXTRA"
+CHECK_SEVERITY_extra93="Critical"
+CHECK_ASFF_RESOURCE_TYPE_extra93="AwsCloudWatch"
+CHECK_ALTERNATE_check93="extra93"
+CHECK_SERVICENAME_extra93="CloudWatch"
+
+# When CloudWatch allows cross account sharing, a role with name CloudWatch-CrossAccountSharingRole get's created by aws itself. So we are validating role name existance for checking the 
+# cloudwatch security.
+
+extra93(){
+  
+  CLOUDWATCH_CROSS_ACCOUNT_ROLE=$($AWSCLI iam get-role $PROFILE_OPT --role-name=CloudWatch-CrossAccountSharingRole --output json --query Role 2>&1)
+  if [[ $CLOUDWATCH_CROSS_ACCOUNT_ROLE != *NoSuchEntity* ]]; then
+      CLOUDWATCH_POLICY_BAD_STATEMENTS=$(echo $CLOUDWATCH_CROSS_ACCOUNT_ROLE | jq '.AssumeRolePolicyDocument')
+      textFail "Cloudwatch has allowed cross account sharing with policy as $CLOUDWATCH_POLICY_BAD_STATEMENTS"
+  else
+      textPass "CloudWatch doesn't allows cross account sharing"
+  fi
+}
diff --git a/checks/check_extra94 b/checks/check_extra94
new file mode 100644
index 00000000..bd721d92
--- /dev/null
+++ b/checks/check_extra94
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+CHECK_ID_extra94="9.4"
+CHECK_TITLE_extra94="[extra94] Check if lambda functions has policies which allow access to everyone having an aws account (Not Scored) (Not part of CIS benchmark) (Custom Check)"
+CHECK_SCORED_extra94="NOT_SCORED"
+CHECK_TYPE_extra94="EXTRA"
+CHECK_SEVERITY_extra94="Critical"
+CHECK_ASFF_RESOURCE_TYPE_extra94="AwsCloudWatch"
+CHECK_ALTERNATE_check94="extra94"
+CHECK_SERVICENAME_extra94="CloudWatch"
+
+# If a lambda function has a policy principle as *, It can be accessed by any aws account. We consider such functions as publicly accessible resource.
+
+extra94(){
+  for region in $REGIONS; do
+  LIST_OF_LAMBDA_FUNCTIONS=$($AWSCLI lambda list-functions $PROFILE_OPT --region $region --query Functions[*].FunctionName --output text)
+  if [[ $LIST_OF_LAMBDA_FUNCTIONS ]]; then
+    for lambdaFunction in $LIST_OF_LAMBDA_FUNCTIONS;do
+      FUNCTION_POLICY_STATEMENTS=$($AWSCLI lambda $PROFILE_OPT get-policy --region $region --function-name $lambdaFunction --output json --query Policy 2>&1)
+      if [[ $FUNCTION_POLICY_STATEMENTS == *ResourceNotFoundException* ]]; then
+        textInfo "$region : Lambda function $lambdaFunction doesn't have any policy"
+      else
+        FUNCTION_POLICY_BAD_STATEMENTS=$(echo $FUNCTION_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow")	 | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
+        if [[ $FUNCTION_POLICY_BAD_STATEMENTS != "" ]]; then
+          textFail "$region : Lambda function $lambdaFunction allows public access with policy as: $FUNCTION_POLICY_BAD_STATEMENTS"
+        else
+          textPass "$region : Lambda function $lambdaFunction has policy which doesn't allow access to everyone having an aws account"
+        fi
+      fi
+    done
+
+  else
+    textInfo "No lambda functions found in $region region"
+  fi
+ done
+}
diff --git a/checks/check_extra95 b/checks/check_extra95
new file mode 100644
index 00000000..f9cee66c
--- /dev/null
+++ b/checks/check_extra95
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+CHECK_ID_extra95="9.5"
+CHECK_TITLE_extra95="[extra95] Check if there is any unassigned elastic ip's (Not Scored) (Not part of CIS benchmark) (Custom Check)"
+CHECK_SCORED_extra95="NOT_SCORED"
+CHECK_TYPE_extra95="EXTRA"
+CHECK_SEVERITY_extra95="Critical"
+CHECK_ASFF_RESOURCE_TYPE_extra95="AwsCloudWatch"
+CHECK_ALTERNATE_check95="extra95"
+CHECK_SERVICENAME_extra95="CloudWatch"
+
+# If there is any elasting ip which is not assigned to any instance or network interface, we will list that out.
+
+extra95(){
+  for region in $REGIONS; do
+  ELASTIC_IP_ADDRESSES=$($AWSCLI ec2 describe-addresses $PROFILE_OPT --region $region --query Addresses --output json)
+  if [[ $ELASTIC_IP_ADDRESSES != [] ]]; then
+    LIST_OF_ASSOCIATED_IPS=$(echo $ELASTIC_IP_ADDRESSES | jq -r '.[] | select(.AssociationId!=null) | .PublicIp')
+    LIST_OF_UNASSOCIATED_IPS=$(echo $ELASTIC_IP_ADDRESSES | jq -r '.[] | select(.AssociationId==null) | .PublicIp')
+    for ass_ip in $LIST_OF_ASSOCIATED_IPS; do
+     textPass "$region : Elastic IP $ass_ip is associated with an instance or network interface"
+     done
+    for unass_ip in $LIST_OF_UNASSOCIATED_IPS; do
+     textInfo "$region : Elastic IP $unass_ip is not associated with any instance or network interface, it may incurr cost"
+     done
+  else
+    textInfo "No elastic ip's found in region $region"
+  fi
+ done
+}

From f5a4e357b9de68ae03508e5da0ca364a6450a470 Mon Sep 17 00:00:00 2001
From: Nick Malcolm <nick@malcolm.net.nz>
Date: Mon, 14 Jun 2021 20:27:16 +1200
Subject: [PATCH 37/82] Consolidate javascript at the bottom of the template.
 Remove duplicate bootstrap includes - you only need bundle to get Popper (see
 https://getbootstrap.com/docs/4.0/getting-started/contents/#js-files) and you
 don't need both plain bootstrap and bundled bootstrap. Remove dupe jQuery
 too.

---
 include/html_report | 60 ++++++++++++++++++++-------------------------
 1 file changed, 27 insertions(+), 33 deletions(-)

diff --git a/include/html_report b/include/html_report
index 42db8626..76935786 100644
--- a/include/html_report
+++ b/include/html_report
@@ -29,31 +29,10 @@ addHtmlHeader() {
   <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
   <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.21/b-1.6.2/sl-1.3.1/datatables.min.css"/>
   <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous"/>
-  <script type="text/javascript" src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script>
-  <script type="text/javascript" src="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.21/b-1.6.2/sl-1.3.1/datatables.min.js"></script>
-  <script>
-    \$(document).ready(function(){
-      var maxLength = 30;
-      \$(".show-read-more").each(function(){
-        var myStr = \$(this).text();
-        if(\$.trim(myStr).length > maxLength){
-          var newStr = myStr.substring(0, maxLength);
-          var removedStr = myStr.substring(maxLength, \$.trim(myStr).length);
-          \$(this).empty().html(newStr);
-          \$(this).append(' <a href="javascript:void(0);" class="read-more">read more...</a>');
-          \$(this).append('<span class="more-text">' + removedStr + '</span>');
-        }
-      });
-      \$(".read-more").click(function(){
-        \$(this).siblings(".more-text").contents().unwrap();
-        \$(this).remove();
-      });
-    });
-    </script>
-    <style>
-      .show-read-more .more-text{
-          display: none;
-      }
+  <style>
+    .show-read-more .more-text{
+        display: none;
+    }
   </style>
   <title>Prowler - AWS Security Assessments</title>
 </head>
@@ -179,16 +158,31 @@ addHtmlFooter() {
   <!-- Optional JavaScript -->
   <!-- jQuery first, then Popper.js, then Bootstrap JS -->
   <script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
-  <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
   <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.bundle.min.js" integrity="sha384-1CmrxMRARb6aLqgBO7yyAxTOQE2AKb9GfXnEo760AUcUmFx3ibVJJAzGytlQcNXd" crossorigin="anonymous"></script>
-  <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script>
-  <!-- JQuery-->
-  <script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
-  <!-- dataTables-->
-  <script src="https://cdn.datatables.net/1.10.21/js/jquery.dataTables.min.js"></script>
+  <script type="text/javascript" src="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.21/b-1.6.2/sl-1.3.1/datatables.min.js"></script>
   <script>
-    \$(document).ready(function(){ \$('#findingsTable').dataTable( { "lengthMenu": [ [50, 100, -1], [50, 100, "All"] ], "ordering": true } ); });
-  </script>
+    \$(document).ready(function(){
+
+      \$('#findingsTable').dataTable( { "lengthMenu": [ [50, 100, -1], [50, 100, "All"] ], "ordering": true } ); 
+
+      var maxLength = 30;
+      \$(".show-read-more").each(function(){
+        var myStr = \$(this).text();
+        if(\$.trim(myStr).length > maxLength){
+          var newStr = myStr.substring(0, maxLength);
+          var removedStr = myStr.substring(maxLength, \$.trim(myStr).length);
+          \$(this).empty().html(newStr);
+          \$(this).append(' <a href="javascript:void(0);" class="read-more">read more...</a>');
+          \$(this).append('<span class="more-text">' + removedStr + '</span>');
+        }
+      });
+      \$(".read-more").click(function(){
+        \$(this).siblings(".more-text").contents().unwrap();
+        \$(this).remove();
+      });
+    });
+    </script>
+
 </body>
 </html>
 EOF

From 89af81ed22ee2bdfd60e560310a5a1acd32e3eda Mon Sep 17 00:00:00 2001
From: Nick Malcolm <nick@malcolm.net.nz>
Date: Mon, 14 Jun 2021 20:31:34 +1200
Subject: [PATCH 38/82] Use DataTable's SearchPanes extension to allow easy
 filtering by result, severity, region, service, or check.

---
 include/html_report | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/include/html_report b/include/html_report
index 76935786..8db263d5 100644
--- a/include/html_report
+++ b/include/html_report
@@ -27,7 +27,8 @@ addHtmlHeader() {
   <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
   <!-- Bootstrap CSS -->
   <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
-  <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.21/b-1.6.2/sl-1.3.1/datatables.min.css"/>
+  <!-- https://datatables.net/download/index with jQuery, DataTables, Buttons, SearchPanes, and Select //-->
+  <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.25/b-1.7.1/sp-1.3.0/sl-1.3.3/datatables.min.css"/>
   <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous"/>
   <style>
     .show-read-more .more-text{
@@ -159,11 +160,31 @@ addHtmlFooter() {
   <!-- jQuery first, then Popper.js, then Bootstrap JS -->
   <script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
   <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.bundle.min.js" integrity="sha384-1CmrxMRARb6aLqgBO7yyAxTOQE2AKb9GfXnEo760AUcUmFx3ibVJJAzGytlQcNXd" crossorigin="anonymous"></script>
-  <script type="text/javascript" src="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.21/b-1.6.2/sl-1.3.1/datatables.min.js"></script>
+  <!-- https://datatables.net/download/index with jQuery, DataTables, Buttons, SearchPanes, and Select //-->
+  <script type="text/javascript" src="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.25/b-1.7.1/sp-1.3.0/sl-1.3.3/datatables.min.js"></script>
+
   <script>
     \$(document).ready(function(){
 
-      \$('#findingsTable').dataTable( { "lengthMenu": [ [50, 100, -1], [50, 100, "All"] ], "ordering": true } ); 
+      // Initialise the table with 50 rows, and some search/filtering panes
+      \$('#findingsTable').DataTable( {
+        lengthMenu: [ [50, 100, -1], [50, 100, "All"] ],
+        ordering: true,
+        searchPanes: {
+            cascadePanes: true,
+            viewTotal: true
+        },
+        dom: 'Plfrtip',
+        columnDefs: [
+          {
+              searchPanes: {
+                  show: false
+              },
+              // Hide Compliance, Check ID (in favour of Check Title), CAF Epic, Risk, Remediation, Link
+              targets: [0,5, 7, 10, 11, 12, 13]
+          }
+        ]
+      });
 
       var maxLength = 30;
       \$(".show-read-more").each(function(){

From 34e27131fd87af44858c711a97baf05323de51f4 Mon Sep 17 00:00:00 2001
From: Nick Malcolm <nick@malcolm.net.nz>
Date: Mon, 14 Jun 2021 20:46:14 +1200
Subject: [PATCH 39/82] Refactor the HTML outputs so that they reuse code and
 are easier to change

---
 include/outputs | 94 +++++++++++++++----------------------------------
 1 file changed, 29 insertions(+), 65 deletions(-)

diff --git a/include/outputs b/include/outputs
index 9d51f823..b8434ff1 100644
--- a/include/outputs
+++ b/include/outputs
@@ -347,76 +347,40 @@ generateJsonAsffOutput(){
 generateHtmlOutput(){
   local message=$1
   local status=$2
+
   if [[ $status == "INFO" ]];then
-    echo '<tr class="table-info">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><i class="fas fa-info-circle"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>INFO</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ACCOUNT_NUM'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$REPREGION'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_ASFF_COMPLIANCE_TYPE'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SERVICENAME'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$message'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_CAF_EPIC'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-    echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+    local ROW_CLASS='table-info'
+    local STATUS_ICON="fa-info-circle"
   fi
   if [[ $status == "PASS" ]];then
-    echo '<tr class="p-3 mb-2 bg-success">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><i class="fas fa-thumbs-up"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>PASS</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ACCOUNT_NUM'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$REPREGION'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_ASFF_COMPLIANCE_TYPE'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SERVICENAME'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$message'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_CAF_EPIC'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-    echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+    local ROW_CLASS='p-3 mb-2 bg-success'
+    local STATUS_ICON="fa-thumbs-up"
   fi
   if [[ $status == "FAIL" ]];then
-    echo '<tr class="table-danger" >' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td> <i class="fas fa-thumbs-down"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>FAIL</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ACCOUNT_NUM'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$REPREGION'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_ASFF_COMPLIANCE_TYPE'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SERVICENAME'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$message'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_CAF_EPIC'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-    echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+    local ROW_CLASS='table-danger'
+    local STATUS_ICON="fa-thumbs-down"
   fi
-  if [[ $status == "WARNING" ]];then
-    echo '<tr class="table-warning">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><i class="fas fa-exclamation-triangle"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>WARN</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ACCOUNT_NUM'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$REPREGION'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_ASFF_COMPLIANCE_TYPE'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SERVICENAME'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$message'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_CAF_EPIC'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-    echo '</tr>'>> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  if [[ $status == "WARN" ]];then
+    local ROW_CLASS='table-warning'
+    local STATUS_ICON="fa-exclamation-triangle"
   fi
+
+  echo '<tr class="'$ROW_CLASS'">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td><i class="fas '$STATUS_ICON'"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td>'$status'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td>'$ACCOUNT_NUM'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td>'$REPREGION'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td>'$CHECK_ASFF_COMPLIANCE_TYPE'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td>'$CHECK_SERVICENAME'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td>'$TITLE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td>'$message'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td>'$CHECK_CAF_EPIC'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+
 }
\ No newline at end of file

From 01663e4e0dfd8aa7c36520745029fc687d5b4478 Mon Sep 17 00:00:00 2001
From: Nick Malcolm <nick@malcolm.net.nz>
Date: Mon, 14 Jun 2021 20:57:28 +1200
Subject: [PATCH 40/82] Page width improvements. Use the 'link' icon for the
 link to docs, to cut down on page width. Remove the status column to save
 width, and also remove redundancy (colour coding and Result column serve the
 same purpose). Remove the column widths that added to over 100%.

---
 include/html_report | 13 ++++++-------
 include/outputs     |  7 +------
 2 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/include/html_report b/include/html_report
index 8db263d5..d9b08f36 100644
--- a/include/html_report
+++ b/include/html_report
@@ -124,7 +124,6 @@ addHtmlHeader() {
         <table class="table compact stripe row-border ordering" id="findingsTable" data-order='[[ 5, "asc" ]]' data-page-length='100'>
           <thead class="thead-light">
             <tr>
-              <th style="align-content:center" scope="col">Status</th>
               <th scope="col">Result</th>
               <th scope="col">Severity</th>
               <th scope="col">AccountID</th>
@@ -132,12 +131,12 @@ addHtmlHeader() {
               <th scope="col">Compliance</th>
               <th scope="col">Service</th>
               <th scope="col">CheckID</th>
-              <th style="width:40%" scope="col">Check Title</th>
-              <th style="width:40%" scope="col">Check Output</th>
+              <th style="width:20%" scope="col">Check Title</th>
+              <th style="width:20%" scope="col">Check Output</th>
               <th scope="col">CAF Epic</th>
-              <th style="width:40%" scope="col">Risk</th>
-              <th style="width:40%" scope="col">Remediation</th>
-              <th style="width:40%" scope="col">Link to doc</th>
+              <th scope="col">Risk</th>
+              <th scope="col">Remediation</th>
+              <th scope="col">Docs</th>
             </tr>
           </thead>
           <tbody>
@@ -181,7 +180,7 @@ addHtmlFooter() {
                   show: false
               },
               // Hide Compliance, Check ID (in favour of Check Title), CAF Epic, Risk, Remediation, Link
-              targets: [0,5, 7, 10, 11, 12, 13]
+              targets: [4, 6, 9, 10, 11, 12]
           }
         ]
       });
diff --git a/include/outputs b/include/outputs
index b8434ff1..34503944 100644
--- a/include/outputs
+++ b/include/outputs
@@ -350,23 +350,18 @@ generateHtmlOutput(){
 
   if [[ $status == "INFO" ]];then
     local ROW_CLASS='table-info'
-    local STATUS_ICON="fa-info-circle"
   fi
   if [[ $status == "PASS" ]];then
     local ROW_CLASS='p-3 mb-2 bg-success'
-    local STATUS_ICON="fa-thumbs-up"
   fi
   if [[ $status == "FAIL" ]];then
     local ROW_CLASS='table-danger'
-    local STATUS_ICON="fa-thumbs-down"
   fi
   if [[ $status == "WARN" ]];then
     local ROW_CLASS='table-warning'
-    local STATUS_ICON="fa-exclamation-triangle"
   fi
 
   echo '<tr class="'$ROW_CLASS'">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-  echo '  <td><i class="fas '$STATUS_ICON'"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   echo '  <td>'$status'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   echo '  <td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   echo '  <td>'$ACCOUNT_NUM'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
@@ -379,7 +374,7 @@ generateHtmlOutput(){
   echo '  <td>'$CHECK_CAF_EPIC'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   echo '  <td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   echo '  <td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-  echo '  <td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+  echo '  <td><a href="'$CHECK_DOC'"><i class="fas fa-external-link-alt"></i></a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
 

From da45af78bc764ee894727894477b10bbbd3430c6 Mon Sep 17 00:00:00 2001
From: Nick Malcolm <nick@malcolm.net.nz>
Date: Mon, 14 Jun 2021 21:13:19 +1200
Subject: [PATCH 41/82] Disable ordering so that it sticks with the order the
 HTML was generated

---
 include/html_report | 1 -
 1 file changed, 1 deletion(-)

diff --git a/include/html_report b/include/html_report
index d9b08f36..ec694411 100644
--- a/include/html_report
+++ b/include/html_report
@@ -168,7 +168,6 @@ addHtmlFooter() {
       // Initialise the table with 50 rows, and some search/filtering panes
       \$('#findingsTable').DataTable( {
         lengthMenu: [ [50, 100, -1], [50, 100, "All"] ],
-        ordering: true,
         searchPanes: {
             cascadePanes: true,
             viewTotal: true

From b14ac340bbe7e4812fd4854569255a52742e2da4 Mon Sep 17 00:00:00 2001
From: Geoff <singergs@amazon.com>
Date: Wed, 16 Jun 2021 09:12:17 -0500
Subject: [PATCH 42/82] Update:  Add data to the ASFF

Added in the ASFF ProductFields ProwlerResourceName.  The resource name is passed into the fining from the third parameter in the Prowler checks
---
 include/outputs | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/include/outputs b/include/outputs
index f2130405..525301ce 100644
--- a/include/outputs
+++ b/include/outputs
@@ -319,17 +319,25 @@ generateJsonAsffOutput(){
   # Replace any successive non-conforming characters with a single underscore
   local message=$1
   local status=$2
-
+  
+  #Checks to determine if the rule passes in a resource name that prowler uses to track the AWS Resource for whitelisting purposes
+  if [ -z $3 ]
+  then
+    local resource_id="NONE_PROVIDED"
+   else
+    local resource_id=$3
+  fi
+  
   if [[ "$status" == "FAIL" ]]; then
     status="FAILED"
   fi
   jq -M -c \
   --arg ACCOUNT_NUM "$ACCOUNT_NUM" \
   --arg TITLE_TEXT "$TITLE_TEXT" \
-  --arg MESSAGE "$(echo -e "${message}" | sed -e 's/^[[:space:]]*//')" \
+  --arg MESSAGE "$(echo -e "${message}")" \
   --arg UNIQUE_ID "$(LC_ALL=C echo -e -n "${message}" | tr -cs '[:alnum:]._~-' '_')" \
   --arg STATUS "$status" \
-  --arg SEVERITY "$(echo $CHECK_SEVERITY| awk '{ print toupper($0) }')" \
+  --arg SEVERITY "$(echo $CHECK_SEVERITY| awk '{ print toupper($0) }' |  sed 's/[][]//g')" \
   --arg TITLE_ID "$TITLE_ID" \
   --arg CHECK_ID "$CHECK_ID" \
   --arg TYPE "$CHECK_ASFF_COMPLIANCE_TYPE" \
@@ -339,6 +347,7 @@ generateJsonAsffOutput(){
   --arg TIMESTAMP "$(get_iso8601_timestamp)" \
   --arg PROWLER_VERSION "$PROWLER_VERSION" \
   --arg AWS_PARTITION "$AWS_PARTITION" \
+  --arg CHECK_RESOURCE_ID "$resource_id" \
   -n '{
       "SchemaVersion": "2018-10-08",
       "Id": "prowler-\($TITLE_ID)-\($ACCOUNT_NUM)-\($REPREGION)-\($UNIQUE_ID)",
@@ -346,7 +355,8 @@ generateJsonAsffOutput(){
       "RecordState": "ACTIVE",
       "ProductFields": {
           "ProviderName": "Prowler",
-          "ProviderVersion": $PROWLER_VERSION
+          "ProviderVersion": $PROWLER_VERSION,
+          "ProwlerResourceName": $CHECK_RESOURCE_ID
       },
       "GeneratorId": "prowler-\($CHECK_ID)",
       "AwsAccountId": $ACCOUNT_NUM,
@@ -373,6 +383,7 @@ generateJsonAsffOutput(){
           "Status": $STATUS,
           "RelatedRequirements": [ $COMPLIANCE_RELATED_REQUIREMENTS ]
       }
+      
   }'
 }
 

From 4961498562080ebfd48f6865c96ff6f856e7d238 Mon Sep 17 00:00:00 2001
From: Geoff <singergs@amazon.com>
Date: Wed, 16 Jun 2021 22:25:44 -0500
Subject: [PATCH 43/82] Added parameter to report resource name

Added a third parameter to checks textFail and textPass to identify resource name in finding.
---
 checks/check116        |  4 ++--
 checks/check119        |  2 +-
 checks/check121        |  2 +-
 checks/check122        |  2 +-
 checks/check14         |  4 ++--
 checks/check21         |  4 ++--
 checks/check22         |  4 ++--
 checks/check29         |  6 +++---
 checks/check41         |  2 +-
 checks/check42         |  2 +-
 checks/check43         |  4 ++--
 checks/check_extra71   |  4 ++--
 checks/check_extra710  |  4 ++--
 checks/check_extra7100 |  2 +-
 checks/check_extra7101 |  4 ++--
 checks/check_extra7102 |  2 +-
 checks/check_extra7103 |  4 ++--
 checks/check_extra7104 |  4 ++--
 checks/check_extra7105 |  4 ++--
 checks/check_extra7106 |  4 ++--
 checks/check_extra7107 |  4 ++--
 checks/check_extra7108 |  4 ++--
 checks/check_extra7109 |  4 ++--
 checks/check_extra711  |  4 ++--
 checks/check_extra7110 |  4 ++--
 checks/check_extra7111 |  4 ++--
 checks/check_extra7112 |  4 ++--
 checks/check_extra7114 |  6 +++---
 checks/check_extra7115 |  4 ++--
 checks/check_extra7118 |  6 +++---
 checks/check_extra7119 |  4 ++--
 checks/check_extra7120 |  6 +++---
 checks/check_extra7121 |  6 +++---
 checks/check_extra7122 |  4 ++--
 checks/check_extra7123 |  2 +-
 checks/check_extra7124 |  4 ++--
 checks/check_extra7125 |  4 ++--
 checks/check_extra7127 |  4 ++--
 checks/check_extra7129 |  4 ++--
 checks/check_extra713  |  4 ++--
 checks/check_extra7130 |  4 ++--
 checks/check_extra7134 |  4 ++--
 checks/check_extra7135 |  2 +-
 checks/check_extra7136 |  4 ++--
 checks/check_extra7137 |  2 +-
 checks/check_extra7138 |  4 ++--
 checks/check_extra714  |  4 ++--
 checks/check_extra7140 |  4 ++--
 checks/check_extra715  |  8 ++++----
 checks/check_extra716  | 10 +++++-----
 checks/check_extra717  |  8 ++++----
 checks/check_extra718  |  4 ++--
 checks/check_extra719  |  4 ++--
 checks/check_extra72   |  4 ++--
 checks/check_extra720  |  6 +++---
 checks/check_extra721  |  4 ++--
 checks/check_extra722  |  6 +++---
 checks/check_extra724  |  6 +++---
 checks/check_extra725  |  6 +++---
 checks/check_extra726  | 10 +++++-----
 checks/check_extra727  |  6 +++---
 checks/check_extra728  |  4 ++--
 checks/check_extra729  |  4 ++--
 checks/check_extra73   |  8 ++++----
 checks/check_extra730  |  4 ++--
 checks/check_extra731  |  4 ++--
 checks/check_extra732  |  4 ++--
 checks/check_extra733  |  2 +-
 checks/check_extra734  |  6 +++---
 checks/check_extra736  |  4 ++--
 checks/check_extra737  |  4 ++--
 checks/check_extra738  |  6 +++---
 checks/check_extra74   |  2 +-
 checks/check_extra741  |  4 ++--
 checks/check_extra742  |  4 ++--
 checks/check_extra743  |  4 ++--
 checks/check_extra744  |  4 ++--
 checks/check_extra745  |  6 +++---
 checks/check_extra746  |  4 ++--
 checks/check_extra748  |  2 +-
 checks/check_extra749  |  2 +-
 checks/check_extra75   |  4 ++--
 checks/check_extra750  |  2 +-
 checks/check_extra751  |  2 +-
 checks/check_extra752  |  2 +-
 checks/check_extra753  |  2 +-
 checks/check_extra754  |  2 +-
 checks/check_extra755  |  2 +-
 checks/check_extra756  |  4 ++--
 checks/check_extra757  |  2 +-
 checks/check_extra758  |  2 +-
 checks/check_extra759  |  4 ++--
 checks/check_extra76   |  4 ++--
 checks/check_extra760  |  4 ++--
 checks/check_extra762  |  4 ++--
 checks/check_extra763  |  4 ++--
 checks/check_extra764  |  6 +++---
 checks/check_extra765  |  8 ++++----
 checks/check_extra767  |  4 ++--
 checks/check_extra768  |  4 ++--
 checks/check_extra769  |  4 ++--
 checks/check_extra77   |  6 +++---
 checks/check_extra770  |  2 +-
 checks/check_extra771  |  4 ++--
 checks/check_extra772  |  4 ++--
 checks/check_extra773  |  4 ++--
 checks/check_extra775  | 10 +++++-----
 checks/check_extra776  | 12 ++++++------
 checks/check_extra777  |  2 +-
 checks/check_extra778  |  2 +-
 checks/check_extra779  |  2 +-
 checks/check_extra780  |  4 ++--
 checks/check_extra781  |  4 ++--
 checks/check_extra782  |  4 ++--
 checks/check_extra783  |  4 ++--
 checks/check_extra784  |  4 ++--
 checks/check_extra785  |  4 ++--
 checks/check_extra786  |  4 ++--
 checks/check_extra787  | 12 ++++++------
 checks/check_extra788  |  6 +++---
 checks/check_extra789  |  4 ++--
 checks/check_extra79   |  2 +-
 checks/check_extra790  |  2 +-
 checks/check_extra791  |  4 ++--
 checks/check_extra792  |  8 ++++----
 checks/check_extra793  |  6 +++---
 checks/check_extra794  |  6 +++---
 checks/check_extra795  |  4 ++--
 checks/check_extra796  |  4 ++--
 checks/check_extra797  |  4 ++--
 checks/check_extra798  |  6 +++---
 131 files changed, 280 insertions(+), 280 deletions(-)

diff --git a/checks/check116 b/checks/check116
index 3edd41c9..109255ef 100644
--- a/checks/check116
+++ b/checks/check116
@@ -30,12 +30,12 @@ check116(){
   for user in $LIST_USERS;do
     USER_POLICY=$($AWSCLI iam list-attached-user-policies --output text $PROFILE_OPT --region $REGION --user-name $user)
     if [[ $USER_POLICY ]]; then
-      textFail "$user has managed policy directly attached"
+      textFail "$user has managed policy directly attached" "us-east-1" "$user"
       C116_NUM_USERS=$(expr $C116_NUM_USERS + 1)
     fi
     USER_POLICY=$($AWSCLI iam list-user-policies --output text $PROFILE_OPT --region $REGION --user-name $user)
     if [[ $USER_POLICY ]]; then
-      textFail "$user has inline policy directly attached"
+      textFail "$user has inline policy directly attached" "us-east-1" "$user"
       C116_NUM_USERS=$(expr $C116_NUM_USERS + 1)
     fi
   done
diff --git a/checks/check119 b/checks/check119
index 43db9e77..4a557308 100644
--- a/checks/check119
+++ b/checks/check119
@@ -33,7 +33,7 @@ check119(){
         if [[ $STATE_NAME != "terminated" && $STATE_NAME != "shutting-down" ]]; then
           PROFILEARN=$(echo $EC2_DATA | jq -r --arg i "$instance" 'select(.InstanceId==$i)|.ProfileArn')
           if [[ $PROFILEARN == "null" ]]; then
-            textFail "$regx: Instance $instance not associated with an instance role" $regx
+            textFail "$regx: Instance $instance not associated with an instance role" "$regx" "$instance"
           else
             textPass "$regx: Instance $instance associated with role ${PROFILEARN##*/}" $regx
           fi
diff --git a/checks/check121 b/checks/check121
index df966919..c38d96fe 100644
--- a/checks/check121
+++ b/checks/check121
@@ -32,7 +32,7 @@ check121(){
   LIST_USERS_KEY1_ACTIVE=$(for user in $LIST_USERS_KEY1_NA; do grep "^${user}," $TEMP_REPORT_FILE|awk -F, '{ print $1,$4,$9 }'|grep "true true$"|awk '{ print $1 }'|sed 's/[[:blank:]]+/,/g' ; done)
   if [[ $LIST_USERS_KEY1_ACTIVE ]]; then
     for user in $LIST_USERS_KEY1_ACTIVE; do
-      textFail "User $user has never used access key 1"
+      textFail "User $user has never used access key 1" "us-east-1" "$user"
     done
   else
     textPass "No users found with access key 1 never used"
diff --git a/checks/check122 b/checks/check122
index 29b69ffe..99c15ba3 100644
--- a/checks/check122
+++ b/checks/check122
@@ -38,7 +38,7 @@ check122(){
     if [[ $POLICIES_ALLOW_LIST ]]; then
       textInfo "List of custom policies: "
       for policy in $POLICIES_ALLOW_LIST; do
-        textFail "Policy $policy allows \"*:*\""
+        textFail "Policy $policy allows \"*:*\"" "us-east-1" "$policy"
       done
     else
         textPass "No custom policy found that allow full \"*:*\" administrative privileges"
diff --git a/checks/check14 b/checks/check14
index 01147aca..9d1b40ac 100644
--- a/checks/check14
+++ b/checks/check14
@@ -37,7 +37,7 @@ check14(){
         HOWOLDER=$(how_older_from_today $DATEROTATED1)
 
         if [ $HOWOLDER -gt "90" ];then
-          textFail "$user has not rotated access key 1 in over 90 days"
+          textFail "$user has not rotated access key 1 in over 90 days" "us-east-1" "$user"
           C14_NUM_USERS1=$(expr $C14_NUM_USERS1 + 1)
         fi
       done
@@ -55,7 +55,7 @@ check14(){
         DATEROTATED2=$(cat $TEMP_REPORT_FILE | grep -v user_creation_time | grep "^${user},"| awk -F, '{ print $15 }' | grep -v "N/A" | awk -F"T" '{ print $1 }')
         HOWOLDER=$(how_older_from_today $DATEROTATED2)
         if [ $HOWOLDER -gt "90" ];then
-          textFail "$user has not rotated access key 2 in over 90 days"
+          textFail "$user has not rotated access key 2 in over 90 days" "us-east-1" "$user"
           C14_NUM_USERS2=$(expr $C14_NUM_USERS2 + 1)
         fi
       done
diff --git a/checks/check21 b/checks/check21
index b9e63b97..343c4cd9 100644
--- a/checks/check21
+++ b/checks/check21
@@ -43,9 +43,9 @@ check21(){
 
         MULTIREGION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $TRAIL_REGION --query 'trailList[*].IsMultiRegionTrail' --output text --trail-name-list $trail)
         if [[ "$MULTIREGION_TRAIL_STATUS" == 'False' ]];then
-          textFail "Trail $trail in $regx is not enabled for all regions"
+          textFail "Trail $trail in $regx is not enabled for all regions" "$regx" "$trail"
         else
-          textPass "Trail $trail in $regx is enabled for all regions"
+          textPass "Trail $trail in $regx is enabled for all regions" "$regx" "$trail"
         fi
 
       done
diff --git a/checks/check22 b/checks/check22
index 94fbe2f5..ac3809c7 100644
--- a/checks/check22
+++ b/checks/check22
@@ -43,9 +43,9 @@ check22(){
 
         LOGFILEVALIDATION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $TRAIL_REGION --query 'trailList[*].LogFileValidationEnabled' --output text --trail-name-list $trail)
         if [[ "$LOGFILEVALIDATION_TRAIL_STATUS" == 'False' ]];then
-          textFail "Trail $trail in $regx log file validation disabled"
+          textFail "Trail $trail in $regx log file validation disabled" "$regx" "$trail"
         else
-          textPass "Trail $trail in $regx log file validation enabled"
+          textPass "Trail $trail in $regx log file validation enabled" "$regx" "$trail"
         fi
 
       done
diff --git a/checks/check29 b/checks/check29
index 311e715d..2bfe4a62 100644
--- a/checks/check29
+++ b/checks/check29
@@ -34,15 +34,15 @@ check29(){
     for vpcx in $AVAILABLE_VPC; do
       CHECK_FL=$($AWSCLI ec2 describe-flow-logs $PROFILE_OPT --region $regx --filter Name="resource-id",Values="${vpcx}" --query 'FlowLogs[?FlowLogStatus==`ACTIVE`].FlowLogId' --output text 2>&1)
       if [[ $(echo "$CHECK_FL" | grep AccessDenied) ]]; then
-        textFail "$regx: VPC $vpcx Access Denied trying to describe flow logs"
+        textFail "$regx: VPC $vpcx Access Denied trying to describe flow logs" "$regx" "$vpcx"
         continue
       fi
       if [[ $CHECK_FL ]]; then
         for FL in $CHECK_FL; do
-          textPass "$regx: VPC $vpcx VPCFlowLog is enabled for LogGroupName: $FL"
+          textPass "$regx: VPC $vpcx VPCFlowLog is enabled for LogGroupName: $FL" "$regx" "$vpcx"
         done
       else
-        textFail "$regx: VPC $vpcx VPCFlowLog is disabled"
+        textFail "$regx: VPC $vpcx VPCFlowLog is disabled" "$regx" "$vpcx"
       fi
     done
   done
diff --git a/checks/check41 b/checks/check41
index 3231f42f..c18b06b7 100644
--- a/checks/check41
+++ b/checks/check41
@@ -29,7 +29,7 @@ check41(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`22` && ToPort>=`22`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "Found Security Group: $SG open to 0.0.0.0/0 in Region $regx" "$regx"
+        textFail "Found Security Group: $SG open to 0.0.0.0/0 in Region $regx" "$regx" "$SG"
       done
     else
       textPass "No Security Groups found in $regx with port 22 TCP open to 0.0.0.0/0" "$regx"
diff --git a/checks/check42 b/checks/check42
index da7b50f3..5db4ebe0 100644
--- a/checks/check42
+++ b/checks/check42
@@ -29,7 +29,7 @@ check42(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`3389` && ToPort>=`3389`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "Found Security Group: $SG open to 0.0.0.0/0 in Region $regx" "$regx"
+        textFail "Found Security Group: $SG open to 0.0.0.0/0 in Region $regx" "$regx" "$SG"
       done
     else
       textPass "No Security Groups found in $regx with port 3389 TCP open to 0.0.0.0/0" "$regx"
diff --git a/checks/check43 b/checks/check43
index ae11b6f1..d467c103 100644
--- a/checks/check43
+++ b/checks/check43
@@ -30,9 +30,9 @@ check43(){
     for CHECK_SGDEFAULT_ID in $CHECK_SGDEFAULT_IDS; do
       CHECK_SGDEFAULT_ID_OPEN=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --group-ids $CHECK_SGDEFAULT_ID --query 'SecurityGroups[*].{IpPermissions:IpPermissions,IpPermissionsEgress:IpPermissionsEgress,GroupId:GroupId}' --output text |egrep '\s0.0.0.0|\:\:\/0')
       if [[ $CHECK_SGDEFAULT_ID_OPEN ]];then
-        textFail "Default Security Groups ($CHECK_SGDEFAULT_ID) found that allow 0.0.0.0 IN or OUT traffic in Region $regx" "$regx"
+        textFail "Default Security Groups ($CHECK_SGDEFAULT_ID) found that allow 0.0.0.0 IN or OUT traffic in Region $regx" "$regx" "$CHECK_SGDEFAULT_ID"
       else
-        textPass "No Default Security Groups ($CHECK_SGDEFAULT_ID) open to 0.0.0.0 found in Region $regx" "$regx"
+        textPass "No Default Security Groups ($CHECK_SGDEFAULT_ID) open to 0.0.0.0 found in Region $regx" "$regx" "$CHECK_SGDEFAULT_ID"
       fi
     done
   done
diff --git a/checks/check_extra71 b/checks/check_extra71
index a0a8ce03..23234823 100644
--- a/checks/check_extra71
+++ b/checks/check_extra71
@@ -44,9 +44,9 @@ extra71(){
         # check for user MFA device in credential report
         USER_MFA_ENABLED=$( cat $TEMP_REPORT_FILE | grep "^$auser," | cut -d',' -f8)
         if [[ "true" == $USER_MFA_ENABLED ]]; then
-          textPass "$auser / MFA Enabled / admin via group $grp"
+          textPass "$auser / MFA Enabled / admin via group $grp" "us-east-1" "$auser"
         else
-          textFail "$auser / MFA DISABLED / admin via group $grp"
+          textFail "$auser / MFA DISABLED / admin via group $grp" "us-east-1" "$auser"
         fi
       done
     else
diff --git a/checks/check_extra710 b/checks/check_extra710
index 3a15384e..8e13384d 100644
--- a/checks/check_extra710
+++ b/checks/check_extra710
@@ -33,10 +33,10 @@ extra710(){
       while read -r instance;do
         INSTANCE_ID=$(echo $instance | awk '{ print $1; }')
         PUBLIC_IP=$(echo $instance | awk '{ print $2; }')
-        textFail "$regx: Instance: $INSTANCE_ID at IP: $PUBLIC_IP is internet-facing!" "$regx"
+        textFail "$regx: Instance: $INSTANCE_ID at IP: $PUBLIC_IP is internet-facing!" "$regx" "$INSTANCE_ID"
       done <<< "$LIST_OF_PUBLIC_INSTANCES"
       else
-        textPass "$regx: no Internet Facing EC2 Instances found" "$regx"
+        textPass "$regx: no Internet Facing EC2 Instances found" "$regx" "$INSTANCE_ID"
     fi
   done
 }
diff --git a/checks/check_extra7100 b/checks/check_extra7100
index 8fe3e53b..1aa6859f 100644
--- a/checks/check_extra7100
+++ b/checks/check_extra7100
@@ -72,7 +72,7 @@ extra7100(){
       textInfo "STS AssumeRole Policies should only include the complete ARNs for the Roles that the user needs"
       textInfo "Learn more: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html#roles-usingrole-createpolicy"
       for policy in $PERMISSIVE_POLICIES_LIST; do
-        textFail "Policy $policy allows permissive STS Role assumption"
+        textFail "Policy $policy allows permissive STS Role assumption" "us-east-1" "$policy"
       done
     else
       textPass "No custom policies found that allow permissive STS Role assumption"
diff --git a/checks/check_extra7101 b/checks/check_extra7101
index aa6b43e4..e1ba8dbb 100644
--- a/checks/check_extra7101
+++ b/checks/check_extra7101
@@ -31,9 +31,9 @@ extra7101(){
       for domain in $LIST_OF_DOMAINS;do
         AUDIT_LOGS_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.AUDIT_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
         if [[ $AUDIT_LOGS_ENABLED ]];then
-          textPass "$regx: Amazon ES domain $domain AUDIT_LOGS enabled" "$regx"
+          textPass "$regx: Amazon ES domain $domain AUDIT_LOGS enabled" "$regx" "$domain"
         else
-          textFail "$regx: Amazon ES domain $domain AUDIT_LOGS disabled!" "$regx"
+          textFail "$regx: Amazon ES domain $domain AUDIT_LOGS disabled!" "$regx" "$domain"
         fi
       done
     else
diff --git a/checks/check_extra7102 b/checks/check_extra7102
index dc47d115..b9efcc29 100644
--- a/checks/check_extra7102
+++ b/checks/check_extra7102
@@ -47,7 +47,7 @@ extra7102(){
           else
             echo $SHODAN_QUERY > $OUTPUT_DIR/shodan-output-$ip.json
             IP_SHODAN_INFO=$(cat $OUTPUT_DIR/shodan-output-$ip.json | jq -r '. | { ports: .ports, org: .org, country: .country_name }| @text' | tr -d \"\{\}\}\]\[ | tr , '\ ' )
-            textFail "$regx: IP $ip is listed in Shodan with data $IP_SHODAN_INFO. More info https://www.shodan.io/host/$ip and $OUTPUT_DIR/shodan-output-$ip.json" "$regx"
+            textFail "$regx: IP $ip is listed in Shodan with data $IP_SHODAN_INFO. More info https://www.shodan.io/host/$ip and $OUTPUT_DIR/shodan-output-$ip.json" "$regx" "$ip"
           fi
         done
       else
diff --git a/checks/check_extra7103 b/checks/check_extra7103
index bd0c8116..558a1d94 100644
--- a/checks/check_extra7103
+++ b/checks/check_extra7103
@@ -31,9 +31,9 @@ extra7103(){
             for nb_instance in $LIST_SM_NB_INSTANCES; do
                 SM_NB_ROOTACCESS=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-notebook-instance --notebook-instance-name $nb_instance --query 'RootAccess' --output text)
                 if [[ "${SM_NB_ROOTACCESS}" == "Enabled" ]]; then
-                    textFail "${regx}: Sagemaker Notebook instance $nb_instance has root access enabled" "${regx}"
+                    textFail "${regx}: Sagemaker Notebook instance $nb_instance has root access enabled" "${regx}" "$nb_instance"
                 else
-                    textPass "${regx}: Sagemaker Notebook instance $nb_instance has root access disabled" "${regx}"                    
+                    textPass "${regx}: Sagemaker Notebook instance $nb_instance has root access disabled" "${regx}" "$nb_instance"                    
                 fi 
             done
         else 
diff --git a/checks/check_extra7104 b/checks/check_extra7104
index d38a43cb..00b9b065 100644
--- a/checks/check_extra7104
+++ b/checks/check_extra7104
@@ -31,9 +31,9 @@ extra7104(){
             for nb_instance in $LIST_SM_NB_INSTANCES; do
                 SM_NB_SUBNETID=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-notebook-instance --notebook-instance-name $nb_instance --query 'SubnetId' --output text)
                 if [[ "${SM_NB_SUBNETID}" == "None" ]]; then
-                    textFail "${regx}: Sagemaker Notebook instance $nb_instance has VPC settings disabled" "${regx}"
+                    textFail "${regx}: Sagemaker Notebook instance $nb_instance has VPC settings disabled" "${regx}" "$nb_instance"
                 else
-                    textPass "${regx}: Sagemaker Notebook instance $nb_instance is in a VPC" "${regx}"
+                    textPass "${regx}: Sagemaker Notebook instance $nb_instance is in a VPC" "${regx}" "$nb_instance"
                 fi 
             done
         else 
diff --git a/checks/check_extra7105 b/checks/check_extra7105
index 39220549..1316a431 100644
--- a/checks/check_extra7105
+++ b/checks/check_extra7105
@@ -31,9 +31,9 @@ extra7105(){
 			for nb_model_name in $LIST_SM_NB_MODELS; do
 				SM_NB_NETWORKISOLATION=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-model --model-name $nb_model_name --query 'EnableNetworkIsolation' --output text)
 				if [[ $SM_NB_NETWORKISOLATION == False ]]; then
-					textFail "${regx}: SageMaker Model $nb_model_name has network isolation disabled" "${regx}"
+					textFail "${regx}: SageMaker Model $nb_model_name has network isolation disabled" "${regx}" "$nb_model_name"
 				else
-					textPass "${regx}: SageMaker Model $nb_model_name has network isolation enabled" "${regx}"
+					textPass "${regx}: SageMaker Model $nb_model_name has network isolation enabled" "${regx}" "$nb_model_name"
 				fi 
 			done
 		else 
diff --git a/checks/check_extra7106 b/checks/check_extra7106
index 39f62234..e49b8a50 100644
--- a/checks/check_extra7106
+++ b/checks/check_extra7106
@@ -31,9 +31,9 @@ extra7106(){
             for nb_model_name in $LIST_SM_NB_MODELS; do
                 SM_NB_VPCCONFIG=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-model --model-name $nb_model_name --query 'VpcConfig.Subnets' --output text)
                 if [[ $SM_NB_VPCCONFIG == "None" ]]; then
-                    textFail "${regx}: Amazon SageMaker Model $nb_model_name has VPC settings disabled" "${regx}"
+                    textFail "${regx}: Amazon SageMaker Model $nb_model_name has VPC settings disabled" "${regx}" "$nb_model_name"
                 else
-                    textPass "${regx}: Amazon SageMaker Model $nb_model_name has VPC settings enabled" "${regx}"
+                    textPass "${regx}: Amazon SageMaker Model $nb_model_name has VPC settings enabled" "${regx}" "$nb_model_name"
                 fi 
             done
         else 
diff --git a/checks/check_extra7107 b/checks/check_extra7107
index 7464387f..2f8c70a6 100644
--- a/checks/check_extra7107
+++ b/checks/check_extra7107
@@ -31,9 +31,9 @@ extra7107(){
             for nb_job_name in $LIST_SM_NB_JOBS; do
                 SM_NB_INTERCONTAINERENCRYPTION=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-training-job --training-job-name $nb_job_name --query 'EnableInterContainerTrafficEncryption' --output text)
                 if [[ $SM_NB_INTERCONTAINERENCRYPTION == "False" ]]; then
-                    textFail "${regx}: SageMaker Training job $nb_job_name has intercontainer encryption disabled" "${regx}"
+                    textFail "${regx}: SageMaker Training job $nb_job_name has intercontainer encryption disabled" "${regx}" "$nb_job_name"
                 else
-                    textPass "${regx}: SageMaker Training jobs $nb_job_name has intercontainer encryption enabled" "${regx}"
+                    textPass "${regx}: SageMaker Training jobs $nb_job_name has intercontainer encryption enabled" "${regx}" "$nb_job_name"
                 fi 
             done
         else 
diff --git a/checks/check_extra7108 b/checks/check_extra7108
index 45c38b7e..f84f6997 100644
--- a/checks/check_extra7108
+++ b/checks/check_extra7108
@@ -31,9 +31,9 @@ extra7108(){
             for nb_job_name in $LIST_SM_NB_JOBS; do
                 SM_JOB_KMSENCRYPTION=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-training-job --training-job-name $nb_job_name --query 'ResourceConfig.VolumeKmsKeyId' --output text)
                 if [[ "${SM_JOB_KMSENCRYPTION}" == "None" ]];then
-                    textFail "${regx}: Sagemaker Trainings job $nb_job_name has KMS encryption disabled" "${regx}"
+                    textFail "${regx}: Sagemaker Trainings job $nb_job_name has KMS encryption disabled" "${regx}" "$nb_job_name"
                 else
-                    textPass "${regx}: Sagemaker Trainings job $nb_job_name has KSM encryption enabled" "${regx}"
+                    textPass "${regx}: Sagemaker Trainings job $nb_job_name has KSM encryption enabled" "${regx}" "$nb_job_name"
                 fi 
             done
         else 
diff --git a/checks/check_extra7109 b/checks/check_extra7109
index 5474ce38..80778fd2 100644
--- a/checks/check_extra7109
+++ b/checks/check_extra7109
@@ -31,9 +31,9 @@ extra7109(){
             for nb_job_name in $LIST_SM_NB_JOBS; do
                 SM_NB_NETWORKISOLATION=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-training-job --training-job-name $nb_job_name --query 'EnableNetworkIsolation' --output text)
                 if [[ $SM_NB_NETWORKISOLATION == False ]]; then
-                    textFail "${regx}: Sagemaker Training job $nb_job_name has network isolation disabled" "${regx}"
+                    textFail "${regx}: Sagemaker Training job $nb_job_name has network isolation disabled" "${regx}" "$nb_job_name"
                 else
-                    textPass "${regx}: Sagemaker Training job $nb_job_name has network isolation enabled" "${regx}"
+                    textPass "${regx}: Sagemaker Training job $nb_job_name has network isolation enabled" "${regx}" "$nb_job_name"
                 fi 
             done
         else 
diff --git a/checks/check_extra711 b/checks/check_extra711
index b5bf3ee7..746d4a8f 100644
--- a/checks/check_extra711
+++ b/checks/check_extra711
@@ -32,10 +32,10 @@ extra711(){
       while read -r cluster;do
         CLUSTER_ID=$(echo $cluster | awk '{ print $1; }')
         CLUSTER_ENDPOINT=$(echo $cluster | awk '{ print $2; }')
-        textFail "$regx: Cluster: $CLUSTER_ID at Endpoint: $CLUSTER_ENDPOINT is publicly accessible!" "$regx"
+        textFail "$regx: Cluster: $CLUSTER_ID at Endpoint: $CLUSTER_ENDPOINT is publicly accessible!" "$regx" "$CLUSTER_ID"
       done <<< "$LIST_OF_PUBLIC_REDSHIFT_CLUSTERS"
       else
-        textPass "$regx: no Publicly Accessible Redshift Clusters found" "$regx"
+        textPass "$regx: no Publicly Accessible Redshift Clusters found" "$regx" "$CLUSTER_ID"
     fi
   done
 }
diff --git a/checks/check_extra7110 b/checks/check_extra7110
index fe91f12a..5a6ebefc 100644
--- a/checks/check_extra7110
+++ b/checks/check_extra7110
@@ -31,9 +31,9 @@ extra7110(){
             for nb_job_name in $LIST_SM_NB_JOBS; do
                 SM_NB_SUBNETS=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-training-job --training-job-name $nb_job_name --query 'VpcConfig.Subnets' --output text)
                 if [[ $SM_NB_SUBNETS == "None" ]]; then
-                    textFail "${regx}: Sagemaker Training job $nb_job_name has VPC settings for the training job volume and output disabled" "${regx}"
+                    textFail "${regx}: Sagemaker Training job $nb_job_name has VPC settings for the training job volume and output disabled" "${regx}" "$nb_job_name"
                 else
-                    textPass "${regx}: Sagemaker Training job $nb_job_name has VPC settings for the training job volume and output enabled" "${regx}"
+                    textPass "${regx}: Sagemaker Training job $nb_job_name has VPC settings for the training job volume and output enabled" "${regx}" "$nb_job_name"
                 fi 
             done
         else 
diff --git a/checks/check_extra7111 b/checks/check_extra7111
index f3117ab0..965c6048 100644
--- a/checks/check_extra7111
+++ b/checks/check_extra7111
@@ -31,9 +31,9 @@ extra7111(){
             for nb_instance in $LIST_SM_NB_INSTANCES; do
                 SM_NB_DIRECTINET=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-notebook-instance --notebook-instance-name $nb_instance --query 'DirectInternetAccess' --output text)
                 if [[ "${SM_NB_DIRECTINET}" == "Enabled" ]]; then
-                    textFail "${regx}: Sagemaker Notebook instance $nb_instance has direct internet access enabled" "${regx}"
+                    textFail "${regx}: Sagemaker Notebook instance $nb_instance has direct internet access enabled" "${regx}" "$nb_instance"
                 else
-                    textPass "${regx}: Sagemaker Notebook instance $nb_instance has direct internet access disabled" "${regx}"
+                    textPass "${regx}: Sagemaker Notebook instance $nb_instance has direct internet access disabled" "${regx}" "$nb_instance"
                 fi 
             done
         else 
diff --git a/checks/check_extra7112 b/checks/check_extra7112
index 5693bf0c..ed954a9d 100644
--- a/checks/check_extra7112
+++ b/checks/check_extra7112
@@ -31,9 +31,9 @@ extra7112(){
             for nb_instance in $LIST_SM_NB_INSTANCES; do
                 SM_NB_KMSKEY=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-notebook-instance --notebook-instance-name $nb_instance --query 'KmsKeyId' --output text)
                 if [[ "${SM_NB_KMSKEY}" == "None" ]]; then
-                    textFail "${regx}: Sagemaker Notebook instance $nb_instance has data encryption disabled" "${regx}"
+                    textFail "${regx}: Sagemaker Notebook instance $nb_instance has data encryption disabled" "${regx}" "$nb_instance"
                 else
-                    textPass "${regx}: Sagemaker Notebook instance $nb_instance has data encryption enabled" "${regx}"
+                    textPass "${regx}: Sagemaker Notebook instance $nb_instance has data encryption enabled" "${regx}" "$nb_instance"
                 fi 
             done
         else 
diff --git a/checks/check_extra7114 b/checks/check_extra7114
index 0fa3a7b7..a6f08e20 100644
--- a/checks/check_extra7114
+++ b/checks/check_extra7114
@@ -34,12 +34,12 @@ extra7114(){
         if [[ ! -z "$ENDPOINT_SC" ]]; then
           ENDPOINT_SC_ENCRYPTION=$($AWSCLI glue get-security-configuration --name "${ENDPOINT_SC}" $PROFILE_OPT --region $regx --query 'SecurityConfiguration.EncryptionConfiguration.S3Encryption[0].S3EncryptionMode' --output text)
           if [[ "$ENDPOINT_SC_ENCRYPTION" == "DISABLED" ]]; then
-            textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have S3 encryption enabled!" "$regx"
+            textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have S3 encryption enabled!" "$regx" "$ENDPOINT_NAME"
           else
-            textPass "$regx: Glue development endpoint $ENDPOINT_NAME has S3 encryption enabled" "$regx"
+            textPass "$regx: Glue development endpoint $ENDPOINT_NAME has S3 encryption enabled" "$regx" 
           fi
         else
-          textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx"
+          textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx" "$ENDPOINT_NAME"
         fi
       done
     else
diff --git a/checks/check_extra7115 b/checks/check_extra7115
index cc883edb..14e4e9b8 100644
--- a/checks/check_extra7115
+++ b/checks/check_extra7115
@@ -31,9 +31,9 @@ extra7115(){
           CONNECTION_NAME=$(echo $connection | base64 --decode   | jq -r '.Name' )
           CONNECTION_SSL_STATE=$(echo $connection | base64 --decode  | jq -r '.SSL')
           if [[ "$CONNECTION_SSL_STATE" == "false" ]]; then
-              textFail "$regx: Glue connection $CONNECTION_NAME has SSL connection disabled"  "$regx"
+              textFail "$regx: Glue connection $CONNECTION_NAME has SSL connection disabled"  "$regx" "$CONNECTION_NAME"
           else 
-              textPass "$regx: Glue connection $CONNECTION_NAME has SSL connection enabled"  "$regx"
+              textPass "$regx: Glue connection $CONNECTION_NAME has SSL connection enabled"  "$regx" "$CONNECTION_NAME"
           fi
       done
     else 
diff --git a/checks/check_extra7118 b/checks/check_extra7118
index 524ac4c2..da129972 100644
--- a/checks/check_extra7118
+++ b/checks/check_extra7118
@@ -35,9 +35,9 @@ extra7118(){
             S3_ENCRYPTION=$($AWSCLI glue get-security-configuration --name "${SECURITY_CONFIGURATION}" $PROFILE_OPT --region $regx --output text --query 'SecurityConfiguration.EncryptionConfiguration.S3Encryption[0].S3EncryptionMode')
             if [[ "$S3_ENCRYPTION" == "DISABLED" ]]; then
               if [[ ! -z "$JOB_ENCRYPTION" ]]; then
-                textPass "$regx: Glue job $JOB_NAME does have $JOB_ENCRYPTION for S3 encryption enabled" "$regx"
+                textPass "$regx: Glue job $JOB_NAME does have $JOB_ENCRYPTION for S3 encryption enabled" "$regx" "$JOB_NAME"
               else 
-                textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx"
+                textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" "$JOB_NAME"
               fi 
             else
               textPass "$regx: Glue job $JOB_NAME does have $S3_ENCRYPTION for S3 encryption enabled" "$regx"
@@ -45,7 +45,7 @@ extra7118(){
           elif [[ ! -z "$JOB_ENCRYPTION" ]]; then
             textPass "$regx: Glue job $JOB_NAME does have $JOB_ENCRYPTION for S3 encryption enabled" "$regx"
           else 
-            textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx"
+            textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" "$JOB_NAME"
           fi
       done
     else 
diff --git a/checks/check_extra7119 b/checks/check_extra7119
index fbd035dc..954908a1 100644
--- a/checks/check_extra7119
+++ b/checks/check_extra7119
@@ -34,12 +34,12 @@ extra7119(){
         if [[ ! -z "$ENDPOINT_SC" ]]; then
           ENDPOINT_SC_ENCRYPTION=$($AWSCLI glue get-security-configuration --name "${ENDPOINT_SC}" $PROFILE_OPT --region $regx --query 'SecurityConfiguration.EncryptionConfiguration.CloudWatchEncryption.CloudWatchEncryptionMode' --output text)
           if [[ $ENDPOINT_SC_ENCRYPTION == "DISABLED" ]]; then
-            textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have CloudWatch logs encryption enabled!" "$regx"
+            textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have CloudWatch logs encryption enabled!" "$regx" "$ENDPOINT_NAME"
           else
             textPass "$regx: Glue development endpoint $ENDPOINT_NAME has CloudWatch logs encryption enabled" "$regx"
           fi
         else
-          textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx"
+          textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx" "$ENDPOINT_NAME"
         fi
       done
     else
diff --git a/checks/check_extra7120 b/checks/check_extra7120
index 553a37db..d4217ed2 100644
--- a/checks/check_extra7120
+++ b/checks/check_extra7120
@@ -33,12 +33,12 @@ extra7120(){
           if [[ ! -z "$SECURITY_CONFIGURATION" ]]; then
             CLOUDWATCH_ENCRYPTION=$($AWSCLI glue get-security-configuration --name "${SECURITY_CONFIGURATION}" $PROFILE_OPT --region $regx --output text --query 'SecurityConfiguration.EncryptionConfiguration.CloudWatchEncryption.CloudWatchEncryptionMode')
             if [[ "$CLOUDWATCH_ENCRYPTION" == "DISABLED" ]]; then
-              textFail "$regx: Glue job $JOB_NAME does not have CloudWatch Logs encryption enabled" "$regx"
+              textFail "$regx: Glue job $JOB_NAME does not have CloudWatch Logs encryption enabled" "$regx" "$JOB_NAME"
             else
-              textPass "$regx: Glue job $JOB_NAME does have $CLOUDWATCH_ENCRYPTION CloudWatch Logs encryption enabled" "$regx"
+              textPass "$regx: Glue job $JOB_NAME does have $CLOUDWATCH_ENCRYPTION CloudWatch Logs encryption enabled" "$regx" "$JOB_NAME"
             fi
           else
-            textFail "$regx: Glue job $JOB_NAME does not have CloudWatch Logs encryption enabled" "$regx"
+            textFail "$regx: Glue job $JOB_NAME does not have CloudWatch Logs encryption enabled" "$regx" "$JOB_NAME"
           fi
       done
     else 
diff --git a/checks/check_extra7121 b/checks/check_extra7121
index 9bfe383e..032bcfa5 100644
--- a/checks/check_extra7121
+++ b/checks/check_extra7121
@@ -34,12 +34,12 @@ extra7121(){
         if [[ ! -z "$ENDPOINT_SC" ]]; then
           ENDPOINT_SC_ENCRYPTION=$($AWSCLI glue get-security-configuration --name "${ENDPOINT_SC}" $PROFILE_OPT --region $regx --query 'SecurityConfiguration.EncryptionConfiguration.JobBookmarksEncryption.JobBookmarksEncryptionMode' --output text)
           if [[ "$ENDPOINT_SC_ENCRYPTION" == "DISABLED" ]]; then
-            textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have Job Bookmark encryption enabled!" "$regx"
+            textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have Job Bookmark encryption enabled!" "$regx" "$ENDPOINT_NAME"
           else
-            textPass "$regx: Glue development endpoint $ENDPOINT_NAME has Job Bookmark encryption enabled" "$regx"
+            textPass "$regx: Glue development endpoint $ENDPOINT_NAME has Job Bookmark encryption enabled" "$regx" "$ENDPOINT_NAME"
           fi
         else
-          textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx"
+          textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx" "$ENDPOINT_NAME"
         fi
       done
     else
diff --git a/checks/check_extra7122 b/checks/check_extra7122
index de2c2b47..738efc2d 100644
--- a/checks/check_extra7122
+++ b/checks/check_extra7122
@@ -33,12 +33,12 @@ extra7122(){
           if [[ ! -z "$SECURITY_CONFIGURATION" ]]; then
             JOB_BOOKMARK_ENCRYPTION=$($AWSCLI glue get-security-configuration --name "${SECURITY_CONFIGURATION}" $PROFILE_OPT --region $regx --output text --query 'SecurityConfiguration.EncryptionConfiguration.JobBookmarksEncryption.JobBookmarksEncryptionMode')
             if [[ "$JOB_BOOKMARK_ENCRYPTION" == "DISABLED" ]]; then
-              textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx"
+              textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" "$JOB_NAME"
             else
               textPass "$regx: Glue job $JOB_NAME does have $JOB_BOOKMARK_ENCRYPTION for Job bookmark encryption enabled" "$regx"
             fi
           else
-            textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx"
+            textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" "$JOB_NAME"
           fi
       done
     else 
diff --git a/checks/check_extra7123 b/checks/check_extra7123
index 0c96f273..02a83000 100644
--- a/checks/check_extra7123
+++ b/checks/check_extra7123
@@ -30,7 +30,7 @@ extra7123(){
   if [[ $LIST_OF_USERS_WITH_2ACCESS_KEYS ]]; then
     # textFail "Users with access key 1 older than 90 days:"
     for user in $LIST_OF_USERS_WITH_2ACCESS_KEYS; do
-      textFail "User $user has 2 active access keys" 
+      textFail "User $user has 2 active access keys" "us-east-1" "$user"
     done
   else
     textPass "No users with 2 active access keys"
diff --git a/checks/check_extra7124 b/checks/check_extra7124
index 739ede63..df02efaf 100644
--- a/checks/check_extra7124
+++ b/checks/check_extra7124
@@ -33,12 +33,12 @@ extra7124(){
       LIST_EC2_UNMANAGED=$(echo ${LIST_SSM_MANAGED_INSTANCES[@]} ${LIST_EC2_INSTANCES[@]} | tr ' ' '\n' | sort | uniq -u)
       if [[ $LIST_EC2_UNMANAGED ]]; then
         for instance in $LIST_EC2_UNMANAGED; do
-          textFail "$regx: EC2 instance $instance is not managed by Systems Manager" "$regx"
+          textFail "$regx: EC2 instance $instance is not managed by Systems Manager" "$regx" "$instance"
         done
       fi 
       if [[ $LIST_SSM_MANAGED_INSTANCES ]]; then
         for instance in $LIST_SSM_MANAGED_INSTANCES; do 
-          textPass "$regx: EC2 instance $instance is managed by Systems Manager" "$regx"
+          textPass "$regx: EC2 instance $instance is managed by Systems Manager" "$regx" "$instance"
         done 
       fi 
     else 
diff --git a/checks/check_extra7125 b/checks/check_extra7125
index 8aabe4d3..7e7cd722 100644
--- a/checks/check_extra7125
+++ b/checks/check_extra7125
@@ -34,9 +34,9 @@ extra7125(){
       if [[ $MFA_TYPE == "mfa" || $MFA_TYPE == "sms-mfa" ]]; then 
         textInfo "User $user has virtual MFA enabled" 
       elif [[ $MFA_TYPE == "" ]]; then 
-        textFail "User $user has not hardware MFA enabled"
+        textFail "User $user has not hardware MFA enabled" "us-east-1" "$user"
       else 
-        textPass "User $user has hardware MFA enabled"
+        textPass "User $user has hardware MFA enabled" "us-east-1" "$user"
       fi
     done
   else
diff --git a/checks/check_extra7127 b/checks/check_extra7127
index ecc725c1..cc23e4b6 100644
--- a/checks/check_extra7127
+++ b/checks/check_extra7127
@@ -32,12 +32,12 @@ extra7127(){
     if [[ $NON_COMPLIANT_SSM_MANAGED_INSTANCES || $COMPLIANT_SSM_MANAGED_INSTANCES ]]; then
       if [[ $NON_COMPLIANT_SSM_MANAGED_INSTANCES ]]; then
         for instance in $NON_COMPLIANT_SSM_MANAGED_INSTANCES; do
-          textFail "$regx: EC2 managed instance $instance is non-compliant" "$regx"
+          textFail "$regx: EC2 managed instance $instance is non-compliant" "$regx" "$instance"
         done
       fi
       if [[ $COMPLIANT_SSM_MANAGED_INSTANCES ]]; then
         for instance in $COMPLIANT_SSM_MANAGED_INSTANCES; do
-          textPass "$regx: EC2 managed instance $instance is compliant" "$regx"
+          textPass "$regx: EC2 managed instance $instance is compliant" "$regx" "$instance"
         done
       fi 
     else 
diff --git a/checks/check_extra7129 b/checks/check_extra7129
index a96ad6c2..44ef5f60 100644
--- a/checks/check_extra7129
+++ b/checks/check_extra7129
@@ -59,10 +59,10 @@ extra7129(){
               done
             fi
           else
-            textFail "$regx: Application Load Balancer $alb is not protected by WAF ACL" "$regx"
+            textFail "$regx: Application Load Balancer $alb is not protected by WAF ACL" "$regx" "$alb"
           fi
         else
-          textFail "$regx: Application Load Balancer $alb is not protected no WAF ACL found" "$regx"
+          textFail "$regx: Application Load Balancer $alb is not protected no WAF ACL found" "$regx" "$alb"
         fi
       done
     else
diff --git a/checks/check_extra713 b/checks/check_extra713
index 6002ac8d..008bf252 100644
--- a/checks/check_extra713
+++ b/checks/check_extra713
@@ -34,9 +34,9 @@ extra713(){
         while read -r detector;do
           DETECTOR_ENABLED=$($AWSCLI guardduty get-detector --detector-id $detector $PROFILE_OPT --region $regx --query "Status" --output text|grep ENABLED)
           if [[ $DETECTOR_ENABLED ]]; then
-            textPass "$regx: GuardDuty detector $detector enabled" "$regx"
+            textPass "$regx: GuardDuty detector $detector enabled" "$regx" "$detector"
           else
-            textFail "$regx: GuardDuty detector $detector configured but suspended" "$regx"
+            textFail "$regx: GuardDuty detector $detector configured but suspended" "$regx" "$detector"
           fi
         done <<< "$LIST_OF_GUARDDUTY_DETECTORS"
         else
diff --git a/checks/check_extra7130 b/checks/check_extra7130
index 4a712973..7c55d7fe 100644
--- a/checks/check_extra7130
+++ b/checks/check_extra7130
@@ -33,9 +33,9 @@ extra7130(){
         SHORT_TOPIC=$(echo $topic | awk -F ":" '{print $NF}')
         SNS_ENCRYPTION=$($AWSCLI sns get-topic-attributes $PROFILE_OPT --region $regx --topic-arn $topic --query 'Attributes.KmsMasterKeyId' --output text)
         if [[ "None" == $SNS_ENCRYPTION ]]; then
-          textFail "$regx: $SHORT_TOPIC is not encrypted!" "$regx"
+          textFail "$regx: $SHORT_TOPIC is not encrypted!" "$regx" "$SHORT_TOPIC"
         else
-          textPass "$regx: $SHORT_TOPIC is encrypted" "$regx"
+          textPass "$regx: $SHORT_TOPIC is encrypted" "$regx" "$SHORT_TOPIC"
         fi
       done
     else
diff --git a/checks/check_extra7134 b/checks/check_extra7134
index bb577b28..6d38148c 100644
--- a/checks/check_extra7134
+++ b/checks/check_extra7134
@@ -28,10 +28,10 @@ extra7134(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`20` && ToPort==`21`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for FTP ports" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for FTP ports" "$regx" "$SG"
       done
     else
-      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for FTP ports" "$regx"
+      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for FTP ports" "$regx" "$SG"
     fi
   done
 }
\ No newline at end of file
diff --git a/checks/check_extra7135 b/checks/check_extra7135
index 3150a2d1..c8562b52 100644
--- a/checks/check_extra7135
+++ b/checks/check_extra7135
@@ -28,7 +28,7 @@ extra7135(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`9092` && ToPort==`9092`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Kafka ports" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Kafka ports" "$regx" "$SG"
       done
     else
       textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Kafka ports" "$regx"
diff --git a/checks/check_extra7136 b/checks/check_extra7136
index 6117d61e..3c247bcb 100644
--- a/checks/check_extra7136
+++ b/checks/check_extra7136
@@ -28,10 +28,10 @@ extra7136(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`23` && ToPort==`23`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Telnet ports" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Telnet ports" "$regx" "$SG"
       done
     else
-      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Telnet ports" "$regx"
+      textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Telnet ports" "$regx" "$SG"
     fi
   done
 }
\ No newline at end of file
diff --git a/checks/check_extra7137 b/checks/check_extra7137
index 81d45c98..8014b442 100644
--- a/checks/check_extra7137
+++ b/checks/check_extra7137
@@ -28,7 +28,7 @@ extra7137(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`1433` && ToPort==`1434`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Microsoft SQL Server ports" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Microsoft SQL Server ports" "$regx" "$SG"
       done
     else
       textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Microsoft SQL Server ports" "$regx"
diff --git a/checks/check_extra7138 b/checks/check_extra7138
index 5af3d0ba..c1704c67 100644
--- a/checks/check_extra7138
+++ b/checks/check_extra7138
@@ -29,10 +29,10 @@ extra7138(){
     NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?((!PortRange) && (CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
     if [[ $NACL_LIST ]];then
       for NACL in $NACL_LIST;do
-        textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for any port" "$regx"
+        textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for any port" "$regx" "$NACL"
       done
     else
-      textPass "$regx: No Network ACL found with any port open to 0.0.0.0/0" "$regx"
+      textPass "$regx: No Network ACL found with any port open to 0.0.0.0/0" "$regx" "$NACL"
     fi
   done
 }
\ No newline at end of file
diff --git a/checks/check_extra714 b/checks/check_extra714
index 38bddcc1..fbe31dbc 100644
--- a/checks/check_extra714
+++ b/checks/check_extra714
@@ -30,9 +30,9 @@ extra714(){
     for dist in $LIST_OF_DISTRIBUTIONS; do
       LOG_ENABLED=$($AWSCLI cloudfront get-distribution $PROFILE_OPT --id "$dist" --query 'Distribution.DistributionConfig.Logging.Enabled' | grep true)
       if [[ $LOG_ENABLED ]]; then
-        textPass "CloudFront distribution $dist has logging enabled"
+        textPass "CloudFront distribution $dist has logging enabled" "us-east-1" "$dist"
       else
-        textFail "CloudFront distribution $dist has logging disabled"
+        textFail "CloudFront distribution $dist has logging disabled" "us-east-1" "$dist" 
       fi
     done
   else
diff --git a/checks/check_extra7140 b/checks/check_extra7140
index 1c605cdb..4b34c7a5 100644
--- a/checks/check_extra7140
+++ b/checks/check_extra7140
@@ -29,9 +29,9 @@ extra7140(){
       for ssmdoc in $SSM_DOCS; do 
         SSM_DOC_SHARED_ALL=$($AWSCLI $PROFILE_OPT --region $regx ssm describe-document-permission --name "$ssmdoc" --permission-type "Share" --query AccountIds[] --output text | grep all)
         if [[ $SSM_DOC_SHARED_ALL ]];then
-          textFail "$regx: SSM Document $ssmdoc is public." "$regx"
+          textFail "$regx: SSM Document $ssmdoc is public." "$regx" "$ssmdoc"
         else
-          textPass "$regx: SSM Document $ssmdoc is not public." "$regx"
+          textPass "$regx: SSM Document $ssmdoc is not public." "$regx" "$ssmdoc"
         fi
       done
     else
diff --git a/checks/check_extra715 b/checks/check_extra715
index 2be3409b..2ce8d287 100644
--- a/checks/check_extra715
+++ b/checks/check_extra715
@@ -30,15 +30,15 @@ extra715(){
       for domain in $LIST_OF_DOMAINS;do
         SEARCH_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.SEARCH_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
         if [[ $SEARCH_SLOWLOG_ENABLED ]];then
-          textPass "$regx: Amazon ES domain $domain SEARCH_SLOW_LOGS enabled" "$regx"
+          textPass "$regx: Amazon ES domain $domain SEARCH_SLOW_LOGS enabled" "$regx" "$domain"
         else
-          textFail "$regx: Amazon ES domain $domain SEARCH_SLOW_LOGS disabled!" "$regx"
+          textFail "$regx: Amazon ES domain $domain SEARCH_SLOW_LOGS disabled!" "$regx" "$domain"
         fi
         INDEX_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.INDEX_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
         if [[ $INDEX_SLOWLOG_ENABLED ]];then
-          textPass "$regx: Amazon ES domain $domain INDEX_SLOW_LOGS enabled" "$regx"
+          textPass "$regx: Amazon ES domain $domain INDEX_SLOW_LOGS enabled" "$regx" "$domain"
         else
-          textFail "$regx: Amazon ES domain $domain INDEX_SLOW_LOGS disabled!" "$regx"
+          textFail "$regx: Amazon ES domain $domain INDEX_SLOW_LOGS disabled!" "$regx" "$domain"
         fi
       done
     else
diff --git a/checks/check_extra716 b/checks/check_extra716
index 360d32f2..f666b273 100644
--- a/checks/check_extra716
+++ b/checks/check_extra716
@@ -40,7 +40,7 @@ extra716(){
           # check if the policy has a principal set up
           CHECK_ES_POLICY_PRINCIPAL=$(cat $TEMP_POLICY_FILE | jq -r '. | .Statement[] | select(.Effect == "Allow" and (((.Principal|type == "object") and .Principal.AWS != "*") or ((.Principal|type == "string") and .Principal != "*")) and select(has("Condition") | not))')
           if [[ $CHECK_ES_POLICY_PRINCIPAL ]]; then 
-            textPass "$regx: Amazon ES domain $domain does have a Principal set up" "$regx"
+            textPass "$regx: Amazon ES domain $domain does have a Principal set up" "$regx" "$domain"
           fi 
           CHECK_ES_DOMAIN_POLICY_OPEN=$(cat $TEMP_POLICY_FILE | jq -r '. | .Statement[] | select(.Effect == "Allow" and (((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and select(has("Condition") | not))')
           CHECK_ES_DOMAIN_POLICY_HAS_CONDITION=$(cat $TEMP_POLICY_FILE | jq -r '. | .Statement[] | select(.Effect == "Allow" and (((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and select(has("Condition")))' )
@@ -67,13 +67,13 @@ extra716(){
           fi
           if [[ $CHECK_ES_DOMAIN_POLICY_OPEN || $CHECK_ES_DOMAIN_POLICY_CONDITION_ZERO || $CHECK_ES_DOMAIN_POLICY_CONDITION_STAR || ${CHECK_ES_DOMAIN_POLICY_CONDITION_PUBLIC_IP[@]} ]];then
             if [[ $CHECK_ES_DOMAIN_POLICY_OPEN ]];then
-              textFail "$regx: Amazon ES domain $domain policy allows access (Principal: \"*\") - use extra788 to test AUTH" "$regx"
+              textFail "$regx: Amazon ES domain $domain policy allows access (Principal: \"*\") - use extra788 to test AUTH" "$regx" "$domain"
             fi
             if [[ $CHECK_ES_DOMAIN_POLICY_HAS_CONDITION && $CHECK_ES_DOMAIN_POLICY_CONDITION_ZERO ]];then
-              textFail "$regx: Amazon ES domain $domain policy allows access (Principal: \"*\" and network 0.0.0.0) - use extra788 to test AUTH" "$regx"
+              textFail "$regx: Amazon ES domain $domain policy allows access (Principal: \"*\" and network 0.0.0.0) - use extra788 to test AUTH" "$regx" "$domain"
             fi
             if [[ $CHECK_ES_DOMAIN_POLICY_HAS_CONDITION && $CHECK_ES_DOMAIN_POLICY_CONDITION_STAR ]];then
-              textFail "$regx: Amazon ES domain $domain policy allows access (Principal: \"*\" and network \"*\") - use extra788 to test AUTH" "$regx"
+              textFail "$regx: Amazon ES domain $domain policy allows access (Principal: \"*\" and network \"*\") - use extra788 to test AUTH" "$regx" "$domain"
             fi
             if [[ $CHECK_ES_DOMAIN_POLICY_HAS_CONDITION && ${CHECK_ES_DOMAIN_POLICY_CONDITION_PUBLIC_IP[@]} ]];then
               textInfo "$regx: Amazon ES domain $domain policy allows access (Principal: \"*\" and Public IP or Network $(echo ${CONDITION_HAS_PUBLIC_IP_ARRAY[@]})) - use extra788 to test AUTH" "$regx"
@@ -82,7 +82,7 @@ extra716(){
             if [[ $CHECK_ES_DOMAIN_POLICY_HAS_CONDITION && ${CHECK_ES_DOMAIN_POLICY_CONDITION_PRIVATE_IP[@]} ]];then
               textInfo "$regx: Amazon ES domain $domain policy allows access from a Private IP or CIDR RFC1918 $(echo ${CONDITION_HAS_PRIVATE_IP_ARRAY[@]})" "$regx"
             else
-              textPass "$regx: Amazon ES domain $domain does not allow anonymous access" "$regx"
+              textPass "$regx: Amazon ES domain $domain does not allow anonymous access" "$regx" "$domain"
             fi
           fi
           rm -f $TEMP_POLICY_FILE
diff --git a/checks/check_extra717 b/checks/check_extra717
index 982bb232..53892197 100644
--- a/checks/check_extra717
+++ b/checks/check_extra717
@@ -33,9 +33,9 @@ extra717(){
         for elb in $LIST_OF_ELBS; do
           CHECK_ELBS_LOG_ENABLED=$($AWSCLI elb describe-load-balancer-attributes $PROFILE_OPT --region $regx --load-balancer-name $elb --query 'LoadBalancerAttributes.AccessLog.Enabled'|grep "^true")
           if [[ $CHECK_ELBS_LOG_ENABLED ]]; then
-            textPass "$regx: $elb has access logs to S3 configured" "$regx"
+            textPass "$regx: $elb has access logs to S3 configured" "$regx" "$elb"
           else
-            textFail "$regx: $elb has not configured access logs" "$regx"
+            textFail "$regx: $elb has not configured access logs" "$regx" "$elb"
           fi
         done
       fi
@@ -44,9 +44,9 @@ extra717(){
           CHECK_ELBSV2_LOG_ENABLED=$($AWSCLI elbv2 describe-load-balancer-attributes $PROFILE_OPT --region $regx --load-balancer-arn $elbarn --query Attributes[*] --output text|grep "^access_logs.s3.enabled"|cut -f2|grep true)
           ELBV2_NAME=$(echo $elbarn|cut -d\/ -f3)
           if [[ $CHECK_ELBSV2_LOG_ENABLED ]]; then
-            textPass "$regx: $ELBV2_NAME has access logs to S3 configured" "$regx"
+            textPass "$regx: $ELBV2_NAME has access logs to S3 configured" "$regx" "$elb"
           else
-            textFail "$regx: $ELBV2_NAME has not configured access logs" "$regx"
+            textFail "$regx: $ELBV2_NAME has not configured access logs" "$regx" "$elb"
           fi
         done
       fi
diff --git a/checks/check_extra718 b/checks/check_extra718
index 39f27bb1..17b11b0b 100644
--- a/checks/check_extra718
+++ b/checks/check_extra718
@@ -34,9 +34,9 @@ extra718(){
         continue
       fi
       if [[ $(echo "$BUCKET_SERVER_LOG_ENABLED" | grep "^None$") ]]; then
-        textFail "Bucket $bucket has server access logging disabled!"
+        textFail "Bucket $bucket has server access logging disabled!" "us-east-1" "$bucket"
       else
-        textPass "Bucket $bucket has server access logging enabled"
+        textPass "Bucket $bucket has server access logging enabled" "us-east-1" "$bucket"
       fi
     done
   else
diff --git a/checks/check_extra719 b/checks/check_extra719
index 998c6e86..ad148c3a 100644
--- a/checks/check_extra719
+++ b/checks/check_extra719
@@ -30,9 +30,9 @@ extra719(){
     for hostedzoneid in $LIST_OF_HOSTED_ZONES;do
       HOSTED_ZONE_QUERY_LOG_ENABLED=$($AWSCLI route53 list-query-logging-configs --hosted-zone-id $hostedzoneid $PROFILE_OPT --query QueryLoggingConfigs[*].CloudWatchLogsLogGroupArn --output text|cut -d: -f7)
       if [[ $HOSTED_ZONE_QUERY_LOG_ENABLED ]];then
-        textPass "Route53 public hosted zone Id $hostedzoneid has query logging enabled in Log Group $HOSTED_ZONE_QUERY_LOG_ENABLED"
+        textPass "Route53 public hosted zone Id $hostedzoneid has query logging enabled in Log Group $HOSTED_ZONE_QUERY_LOG_ENABLED" "us-east-1" "$hostedzoneid"
       else
-        textFail "Route53 public hosted zone Id $hostedzoneid has query logging disabled!"
+        textFail "Route53 public hosted zone Id $hostedzoneid has query logging disabled!" "us-east-1" "$hostedzoneid"
       fi
     done
   else
diff --git a/checks/check_extra72 b/checks/check_extra72
index b4ce5a70..a7598b30 100644
--- a/checks/check_extra72
+++ b/checks/check_extra72
@@ -33,9 +33,9 @@ extra72(){
     for snapshot in $LIST_OF_EBS_SNAPSHOTS; do
       SNAPSHOT_IS_PUBLIC=$($AWSCLI ec2 describe-snapshot-attribute $PROFILE_OPT --region $regx --output text --snapshot-id $snapshot --attribute createVolumePermission --query "CreateVolumePermissions[?Group=='all']")
       if [[ $SNAPSHOT_IS_PUBLIC ]];then
-        textFail "$regx: $snapshot is currently Public!" "$regx"
+        textFail "$regx: $snapshot is currently Public!" "$regx" "$snapshot"
       else
-        textPass "$regx: $snapshot is not Public" "$regx"
+        textPass "$regx: $snapshot is not Public" "$regx" "$snapshot"
       fi
     done
   done
diff --git a/checks/check_extra720 b/checks/check_extra720
index 396f59b2..5cef8b37 100644
--- a/checks/check_extra720
+++ b/checks/check_extra720
@@ -42,9 +42,9 @@ extra720(){
           for trail in $LIST_OF_TRAILS; do
             FUNCTION_ENABLED_IN_TRAIL=$($AWSCLI cloudtrail get-event-selectors $PROFILE_OPT --trail-name $trail --region $regx --query "EventSelectors[*].DataResources[?Type == \`AWS::Lambda::Function\`].Values" --output text |xargs -n1| grep -E "^arn:${AWS_PARTITION}:lambda.*function:$lambdafunction$|^arn:${AWS_PARTITION}:lambda$")
             if [[ $FUNCTION_ENABLED_IN_TRAIL ]]; then
-              textPass "$regx: Lambda function $lambdafunction enabled in trail $trail" "$regx"
+              textPass "$regx: Lambda function $lambdafunction enabled in trail $trail" "$regx" "$trail"
             else
-              textFail "$regx: Lambda function $lambdafunction NOT enabled in trail $trail" "$regx"
+              textFail "$regx: Lambda function $lambdafunction NOT enabled in trail $trail" "$regx" "$trail"
             fi
           done
           # LIST_OF_MULTIREGION_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query "trailList[?IsMultiRegionTrail == \`true\`].Name" --output text)
@@ -62,7 +62,7 @@ extra720(){
           #   textFail "$regx: Lambda function $lambdafunction is not being recorded!" "$regx"
           # fi
         else
-          textFail "$regx: Lambda function $lambdafunction is not being recorded no CloudTrail found!" "$regx"
+          textFail "$regx: Lambda function $lambdafunction is not being recorded no CloudTrail found!" "$regx" "$trail"
         fi
      done
     else
diff --git a/checks/check_extra721 b/checks/check_extra721
index d8c03776..93d2ed92 100644
--- a/checks/check_extra721
+++ b/checks/check_extra721
@@ -32,9 +32,9 @@ extra721(){
         REDSHIFT_LOG_ENABLED=$($AWSCLI redshift describe-logging-status $PROFILE_OPT --region $regx --cluster-identifier $redshiftcluster --query LoggingEnabled --output text | grep True)
         if [[ $REDSHIFT_LOG_ENABLED ]];then
           REDSHIFT_LOG_ENABLED_BUCKET=$($AWSCLI redshift describe-logging-status $PROFILE_OPT --region $regx --cluster-identifier $redshiftcluster --query BucketName --output text)
-          textPass "$regx: Redshift cluster $redshiftcluster has audit logging enabled to bucket $REDSHIFT_LOG_ENABLED_BUCKET" "$regx"
+          textPass "$regx: Redshift cluster $redshiftcluster has audit logging enabled to bucket $REDSHIFT_LOG_ENABLED_BUCKET" "$regx" "$redshiftcluster"
         else
-          textFail "$regx: Redshift cluster $redshiftcluster logging disabled!" "$regx"
+          textFail "$regx: Redshift cluster $redshiftcluster logging disabled!" "$regx" "$redshiftcluster"
         fi
       done
     else
diff --git a/checks/check_extra722 b/checks/check_extra722
index 30146620..53dde9ed 100644
--- a/checks/check_extra722
+++ b/checks/check_extra722
@@ -35,13 +35,13 @@ extra722(){
           for stagname in $CHECK_STAGES_NAME;do
             CHECK_STAGE_METHOD_LOGGING=$($AWSCLI apigateway get-stages $PROFILE_OPT --region $regx --rest-api-id $apigwid --query "item[?stageName == \`$stagname\` ].methodSettings" --output text |awk '{ print $6 }' |egrep 'ERROR|INFO')
             if [[ $CHECK_STAGE_METHOD_LOGGING ]];then
-              textPass "$regx: API Gateway $API_GW_NAME ID $apigwid in $stagname has logging enabled as $CHECK_STAGE_METHOD_LOGGING" "$regx"
+              textPass "$regx: API Gateway $API_GW_NAME ID $apigwid in $stagname has logging enabled as $CHECK_STAGE_METHOD_LOGGING" "$regx" "$API_GW_NAME"
             else
-              textFail "$regx: API Gateway $API_GW_NAME ID $apigwid in $stagname has logging disabled" "$regx"
+              textFail "$regx: API Gateway $API_GW_NAME ID $apigwid in $stagname has logging disabled" "$regx" "$API_GW_NAME"
             fi
           done
         else
-           textFail "$regx: No Stage name found for $API_GW_NAME" "$regx"
+           textFail "$regx: No Stage name found for $API_GW_NAME" "$regx" "$API_GW_NAME"
         fi
       done
     else
diff --git a/checks/check_extra724 b/checks/check_extra724
index 69356973..f53e13fe 100644
--- a/checks/check_extra724
+++ b/checks/check_extra724
@@ -34,12 +34,12 @@ extra724(){
         CERT_TYPE=$(aws acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.Type --output text)
         if [[ $CERT_TYPE == "IMPORTED" ]];then
           # Ignore imported certificate
-          textInfo "$regx: ACM Certificate $CERT_DOMAIN_NAME is imported." "$regx"
+          textInfo "$regx: ACM Certificate $CERT_DOMAIN_NAME is imported." "$regx" 
         else
           if [[ $CT_ENABLED == "ENABLED" ]];then
-            textPass "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging enabled!" "$regx"
+            textPass "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging enabled!" "$regx" "$CERT_DOMAIN_NAME"
           else
-            textFail "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging disabled!" "$regx"
+            textFail "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging disabled!" "$regx" "$CERT_DOMAIN_NAME"
           fi
         fi
       done
diff --git a/checks/check_extra725 b/checks/check_extra725
index 614feff0..8a90f8c9 100644
--- a/checks/check_extra725
+++ b/checks/check_extra725
@@ -53,14 +53,14 @@ extra725(){
 
         if [[ ${#BUCKET_ENABLED_TRAILS[@]} -gt 0 ]]; then
           for trail in "${BUCKET_ENABLED_TRAILS[@]}"; do
-            textPass "$regx: S3 bucket $bucketName has Object-level logging enabled in trail $trail" "$regx"
+            textPass "$regx: S3 bucket $bucketName has Object-level logging enabled in trail $trail" "$regx" "$bucketName"
           done
         else
-          textFail "$regx: S3 bucket $bucketName has Object-level logging disabled" "$regx"
+          textFail "$regx: S3 bucket $bucketName has Object-level logging disabled" "$regx" "$bucketName"
         fi
 
       else
-        textFail "$regx: S3 bucket $bucketName is not being recorded no CloudTrail found!" "$regx"
+        textFail "$regx: S3 bucket $bucketName is not being recorded no CloudTrail found!" "$regx" "$bucketName"
       fi
     done
   else
diff --git a/checks/check_extra726 b/checks/check_extra726
index 341833e1..1119e526 100644
--- a/checks/check_extra726
+++ b/checks/check_extra726
@@ -38,19 +38,19 @@ extra726(){
     # Possible results - https://docs.aws.amazon.com/cli/latest/reference/support/describe-trusted-advisor-check-result.html
     case "$QUERY_TA_CHECK_RESULT" in
       "ok")
-        textPass "Trusted Advisor check $TA_CHECKS_NAME is in ok state $QUERY_TA_CHECK_RESULT"
+        textPass "Trusted Advisor check $TA_CHECKS_NAME is in ok state $QUERY_TA_CHECK_RESULT" "us-east-1" "$TA_CHECKS_NAME"
         ;;
       "error")
-        textFail "Trusted Advisor check $TA_CHECKS_NAME is in error state $QUERY_TA_CHECK_RESULT"
+        textFail "Trusted Advisor check $TA_CHECKS_NAME is in error state $QUERY_TA_CHECK_RESULT" "us-east-1" "$TA_CHECKS_NAME"
         ;;
       "warning")
-        textInfo "Trusted Advisor check $TA_CHECKS_NAME is in warning state $QUERY_TA_CHECK_RESULT"
+        textInfo "Trusted Advisor check $TA_CHECKS_NAME is in warning state $QUERY_TA_CHECK_RESULT" "us-east-1" "$TA_CHECKS_NAME"
         ;;
       "not_available")
-        textInfo "Trusted Advisor check $TA_CHECKS_NAME is in not_available state $QUERY_TA_CHECK_RESULT"
+        textInfo "Trusted Advisor check $TA_CHECKS_NAME is in not_available state $QUERY_TA_CHECK_RESULT" "us-east-1" "$TA_CHECKS_NAME"
         ;;
       "*")
-        textFail "Trusted Advisor check $TA_CHECKS_NAME is in unknown state $QUERY_TA_CHECK_RESULT"
+        textFail "Trusted Advisor check $TA_CHECKS_NAME is in unknown state $QUERY_TA_CHECK_RESULT" "us-east-1" "$TA_CHECKS_NAME"
         ;;
     esac
   done
diff --git a/checks/check_extra727 b/checks/check_extra727
index 400e78d8..63ad651e 100644
--- a/checks/check_extra727
+++ b/checks/check_extra727
@@ -39,15 +39,15 @@ extra727(){
             if [[ $SQS_POLICY_ALLOW_ALL_WITHOUT_CONDITION ]]; then
               SQS_POLICY_ALLOW_ALL_WITHOUT_CONDITION_DETAILS=$(echo $SQS_POLICY_ALLOW_ALL_WITHOUT_CONDITION \
                 | jq '"[Principal: " + (.Principal|tostring) + " Action: " + (.Action|tostring) + "]"' )
-              textFail "$regx: SQS $queue queue policy with public access: $SQS_POLICY_ALLOW_ALL_WITHOUT_CONDITION_DETAILS" "$regx"
+              textFail "$regx: SQS $queue queue policy with public access: $SQS_POLICY_ALLOW_ALL_WITHOUT_CONDITION_DETAILS" "$regx" "$queue"
             else
               textInfo "$regx: SQS $queue queue policy with public access but has a Condition" "$regx"
             fi
           else
-            textPass "$regx: SQS $queue queue without public access" "$regx"
+            textPass "$regx: SQS $queue queue without public access" "$regx" "$queue"
           fi
         else
-          textPass "$regx: SQS $queue queue without policy" "$regx"
+          textPass "$regx: SQS $queue queue without policy" "$regx" "$queue"
         fi
       done
     else
diff --git a/checks/check_extra728 b/checks/check_extra728
index 60758fd1..3fbaff2c 100644
--- a/checks/check_extra728
+++ b/checks/check_extra728
@@ -33,9 +33,9 @@ extra728(){
         # check if the policy has KmsMasterKeyId therefore SSE enabled
         SSE_ENABLED_QUEUE=$($AWSCLI sqs get-queue-attributes --queue-url $queue $PROFILE_OPT --region $regx --attribute-names All --query Attributes.KmsMasterKeyId --output text|grep -v ^None)
         if [[ $SSE_ENABLED_QUEUE ]]; then
-          textPass "$regx: SQS queue $queue is using Server Side Encryption" "$regx"
+          textPass "$regx: SQS queue $queue is using Server Side Encryption" "$regx" "$queue"
         else
-          textFail "$regx: SQS queue $queue is not using Server Side Encryption" "$regx"
+          textFail "$regx: SQS queue $queue is not using Server Side Encryption" "$regx" "$queue"
         fi
       done
     else
diff --git a/checks/check_extra729 b/checks/check_extra729
index 21feea47..e3759bf2 100644
--- a/checks/check_extra729
+++ b/checks/check_extra729
@@ -32,13 +32,13 @@ extra729(){
     LIST_OF_EBS_NON_ENC_VOLUMES=$($AWSCLI ec2 describe-volumes $PROFILE_OPT --region $regx --query 'Volumes[?Encrypted==`false`].VolumeId' --output text)
     if [[ $LIST_OF_EBS_NON_ENC_VOLUMES ]];then
       for volume in $LIST_OF_EBS_NON_ENC_VOLUMES; do
-        textFail "$regx: $volume is not encrypted!" "$regx"
+        textFail "$regx: $volume is not encrypted!" "$regx" "$volume"
       done
     fi
     LIST_OF_EBS_ENC_VOLUMES=$($AWSCLI ec2 describe-volumes $PROFILE_OPT --region $regx --query 'Volumes[?Encrypted==`true`].VolumeId' --output text)
     if [[ $LIST_OF_EBS_ENC_VOLUMES ]];then
       for volume in $LIST_OF_EBS_ENC_VOLUMES; do
-        textPass "$regx: $volume is encrypted" "$regx"
+        textPass "$regx: $volume is encrypted" "$regx" "$volume"
       done
     fi
   done
diff --git a/checks/check_extra73 b/checks/check_extra73
index 0340096b..9a0b9162 100644
--- a/checks/check_extra73
+++ b/checks/check_extra73
@@ -127,13 +127,13 @@ extra73(){
 
     ALLUSERS_ACL=$(echo "$BUCKET_ACL" | jq '.Grants[]|select(.Grantee.URI != null)|select(.Grantee.URI | endswith("/AllUsers"))')
     if [[ $ALLUSERS_ACL != "" ]]; then
-      textFail "$BUCKET_LOCATION: $bucket bucket is Public!" "$BUCKET_LOCATION"
+      textFail "$BUCKET_LOCATION: $bucket bucket is Public!" "$BUCKET_LOCATION" "$bucket"
       continue
     fi
 
     AUTHENTICATEDUSERS_ACL=$(echo "$BUCKET_ACL" | jq '.Grants[]|select(.Grantee.URI != null)|select(.Grantee.URI | endswith("/AuthenticatedUsers"))')
     if [[ $AUTHENTICATEDUSERS_ACL != "" ]]; then
-      textFail "$BUCKET_LOCATION: $bucket bucket is Public!" "$BUCKET_LOCATION"
+      textFail "$BUCKET_LOCATION: $bucket bucket is Public!" "$BUCKET_LOCATION" "$bucket"
       continue
     fi
 
@@ -150,11 +150,11 @@ extra73(){
     fi
 
     if [[ $BUCKET_POLICY_STATUS != "" && $BUCKET_POLICY_STATUS != "False" ]]; then
-      textFail "$BUCKET_LOCATION: $bucket bucket is Public!" "$BUCKET_LOCATION"
+      textFail "$BUCKET_LOCATION: $bucket bucket is Public!" "$BUCKET_LOCATION" "$bucket"
       continue
     fi
 
-    textPass "$BUCKET_LOCATION: $bucket bucket is not Public" "$BUCKET_LOCATION"
+    textPass "$BUCKET_LOCATION: $bucket bucket is not Public" "$BUCKET_LOCATION" "$bucket"
 
   done
 }
diff --git a/checks/check_extra730 b/checks/check_extra730
index 100cb37d..f37e9a8f 100644
--- a/checks/check_extra730
+++ b/checks/check_extra730
@@ -37,9 +37,9 @@ extra730(){
           EXPIRES_DATE=$(timestamp_to_date $NOTAFTER)
           COUNTER_DAYS=$(how_many_days_from_today $EXPIRES_DATE)
           if [[ $COUNTER_DAYS -le $DAYS_TO_EXPIRE_THRESHOLD ]]; then
-            textFail "$regx: Certificate for $FQDN is about to expire in $COUNTER_DAYS days!" "$regx"
+            textFail "$regx: Certificate for $FQDN is about to expire in $COUNTER_DAYS days!" "$regx" "$FQDN"
           else
-            textPass "$regx: Certificate for $FQDN expires in $COUNTER_DAYS days" "$regx"
+            textPass "$regx: Certificate for $FQDN expires in $COUNTER_DAYS days" "$regx" "$FQDN"
           fi
         done
       done
diff --git a/checks/check_extra731 b/checks/check_extra731
index 5bf1743b..69b4d81c 100644
--- a/checks/check_extra731
+++ b/checks/check_extra731
@@ -39,9 +39,9 @@ extra731(){
           if [[ $SNS_POLICY_ALLOW_ALL_WITHOUT_CONDITION ]]; then
             SNS_POLICY_ALLOW_ALL_WITHOUT_CONDITION_DETAILS=$(echo $SNS_POLICY_ALLOW_ALL_WITHOUT_CONDITION \
               | jq '"[Principal: " + (.Principal|tostring) + " Action: " + (.Action|tostring) + "]"' )
-            textFail "$regx: SNS topic $SHORT_TOPIC's policy with public access: $SNS_POLICY_ALLOW_ALL_WITHOUT_CONDITION_DETAILS" "$regx"
+            textFail "$regx: SNS topic $SHORT_TOPIC's policy with public access: $SNS_POLICY_ALLOW_ALL_WITHOUT_CONDITION_DETAILS" "$regx" "$SHORT_TOPIC"
           else
-            textPass "$regx: SNS topic $SHORT_TOPIC's policy with public access but has a Condition" "$regx"
+            textPass "$regx: SNS topic $SHORT_TOPIC's policy with public access but has a Condition" "$regx" "$SHORT_TOPIC"
           fi
         else
           textPass "$regx: SNS topic without public access" "$regx"
diff --git a/checks/check_extra732 b/checks/check_extra732
index 2f355c13..75e4f9ab 100644
--- a/checks/check_extra732
+++ b/checks/check_extra732
@@ -30,9 +30,9 @@ extra732(){
     for dist in $LIST_DISTRIBUTIONS; do
       GEO_ENABLED=$($AWSCLI cloudfront get-distribution-config $PROFILE_OPT --id $dist --query DistributionConfig.Restrictions.GeoRestriction.RestrictionType --output text)
       if [[ $GEO_ENABLED == "none" ]]; then
-        textFail "CloudFront distribution $dist has not Geo restrictions"
+        textFail "CloudFront distribution $dist has not Geo restrictions" "us-east-1" "$dist"
       else
-        textPass "CloudFront distribution $dist has Geo restrictions enabled"
+        textPass "CloudFront distribution $dist has Geo restrictions enabled" "us-east-1" "$dist"
       fi
     done
   else
diff --git a/checks/check_extra733 b/checks/check_extra733
index 3fa7e785..32a05152 100644
--- a/checks/check_extra733
+++ b/checks/check_extra733
@@ -32,6 +32,6 @@ extra733(){
       textInfo "SAML Provider $PROVIDER_NAME has been found"
     done
   else
-    textInfo "No SAML Provider found. Add one and use STS"
+    textFail "No SAML Provider found. Add one and use STS"
   fi
 }
diff --git a/checks/check_extra734 b/checks/check_extra734
index 3d66582e..cb64f335 100644
--- a/checks/check_extra734
+++ b/checks/check_extra734
@@ -52,7 +52,7 @@ extra734(){
 
       if [[ $RESULT == "AES256" || $RESULT == "aws:kms" ]];
       then
-        textPass "Bucket $bucket is enabled for default encryption with $RESULT"
+        textPass "Bucket $bucket is enabled for default encryption with $RESULT" "us-east-1" "$bucket"
         continue
       fi
 
@@ -66,7 +66,7 @@ extra734(){
         continue
       fi
       if [[ $(grep NoSuchBucketPolicy $TEMP_SSE_POLICY_FILE) ]]; then
-        textFail "No bucket policy for $bucket"
+        textFail "No bucket policy for $bucket" "us-east-1" "$bucket" "us-east-1" "$bucket"
         rm -f $TEMP_SSE_POLICY_FILE
         continue
       fi
@@ -74,7 +74,7 @@ extra734(){
       # check if the S3 policy forces SSE s3:x-amz-server-side-encryption:true
       CHECK_BUCKET_SSE_POLICY_PRESENT=$(cat $TEMP_SSE_POLICY_FILE | jq --arg arn "arn:${AWS_PARTITION}:s3:::${bucket}/*" '.Statement[]|select(.Effect=="Deny" and ((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*") and .Action=="s3:PutObject" and .Resource==$arn and .Condition.StringEquals."s3:x-amz-server-side-encryption" != null)')
       if [[ $CHECK_BUCKET_SSE_POLICY_PRESENT == "" ]]; then
-        textFail "Bucket $bucket does not enforce encryption!"
+        textFail "Bucket $bucket does not enforce encryption!" "us-east-1" "$bucket"
         rm -f $TEMP_SSE_POLICY_FILE
         continue
       fi
diff --git a/checks/check_extra736 b/checks/check_extra736
index 937af033..00d246c9 100644
--- a/checks/check_extra736
+++ b/checks/check_extra736
@@ -32,9 +32,9 @@ extra736(){
       for key in $LIST_OF_CUSTOMER_KMS_KEYS; do
         CHECK_POLICY=$($AWSCLI kms get-key-policy --key-id $key --policy-name default $PROFILE_OPT --region $regx  --output text|awk '/Principal/{n=NR+1} n>=NR' |grep AWS\"\ :\ \"\\*\"$)
         if [[ $CHECK_POLICY ]]; then
-          textFail "$regx: KMS key $key may be publicly accessible!" "$regx"
+          textFail "$regx: KMS key $key may be publicly accessible!" "$regx" "$key"
         else
-          textPass "$regx: KMS key $key is not exposed to Public" "$regx"
+          textPass "$regx: KMS key $key is not exposed to Public" "$regx" "$key"
         fi
       done
     else
diff --git a/checks/check_extra737 b/checks/check_extra737
index 7e6eed0d..b3e751b8 100644
--- a/checks/check_extra737
+++ b/checks/check_extra737
@@ -35,9 +35,9 @@ extra737(){
         if [[ $CHECK_STATUS == "PendingDeletion" ]]; then
           textInfo "$regx: KMS key $key is pending deletion and cannot be rotated" "$regx"
         elif [[ $CHECK_ROTATION == "False" ]]; then
-          textFail "$regx: KMS key $key has rotation disabled!" "$regx"
+          textFail "$regx: KMS key $key has rotation disabled!" "$regx" "$key"
         else
-          textPass "$regx: KMS key $key has rotation enabled" "$regx"
+          textPass "$regx: KMS key $key has rotation enabled" "$regx" "$key"
         fi
       done
     else
diff --git a/checks/check_extra738 b/checks/check_extra738
index 1ea1c457..da1f9840 100644
--- a/checks/check_extra738
+++ b/checks/check_extra738
@@ -30,11 +30,11 @@ extra738(){
       for dist in $LIST_OF_DISTRIBUTIONS; do
         CHECK_HTTPS_STATUS=$($AWSCLI cloudfront get-distribution --id $dist --query Distribution.DistributionConfig.DefaultCacheBehavior.ViewerProtocolPolicy $PROFILE_OPT --output text)
         if [[ $CHECK_HTTPS_STATUS == "allow-all" ]]; then
-          textFail "CloudFront distribution $dist viewers can use HTTP or HTTPS!" "$regx"
+          textFail "CloudFront distribution $dist viewers can use HTTP or HTTPS!" "$regx" "$dist"
         elif [[ $CHECK_HTTPS_STATUS == "redirect-to-https" ]]; then
-          textPass "CloudFront distribution $dist has redirect to HTTPS" "$regx"
+          textPass "CloudFront distribution $dist has redirect to HTTPS" "$regx" "$dist"
         else
-          textPass "CloudFront distribution $dist has HTTPS only" "$regx"
+          textPass "CloudFront distribution $dist has HTTPS only" "$regx" "$dist"
         fi
       done
     else
diff --git a/checks/check_extra74 b/checks/check_extra74
index 6ffa01d8..fde3b648 100644
--- a/checks/check_extra74
+++ b/checks/check_extra74
@@ -34,7 +34,7 @@ extra74(){
     for SG_ID in $LIST_OF_SECURITYGROUPS; do
       SG_NO_INGRESS_FILTER=$($AWSCLI ec2 describe-network-interfaces $PROFILE_OPT --region $regx --filters "Name=group-id,Values=$SG_ID" --query "length(NetworkInterfaces)" --output text)
       if [[ $SG_NO_INGRESS_FILTER -ne 0 ]];then
-        textFail "$regx: $SG_ID has no ingress filtering and it is being used!" "$regx"
+        textFail "$regx: $SG_ID has no ingress filtering and it is being used!" "$regx" "$SG_ID"
       else
         textInfo "$regx: $SG_ID has no ingress filtering but it is not being used" "$regx"
       fi
diff --git a/checks/check_extra741 b/checks/check_extra741
index 023e4f00..3fbd71e9 100644
--- a/checks/check_extra741
+++ b/checks/check_extra741
@@ -51,12 +51,12 @@ extra741(){
             # delete file if nothing interesting is there
             rm -f "$EC2_USERDATA_FILE"
           else
-            textFail "$regx: Potential secret found in $instance User Data" "$regx"
+            textFail "$regx: Potential secret found in $instance User Data" "$regx" "$regx" "$instance"
             # delete file to not leave trace, user must look at the instance User Data
             rm -f "$EC2_USERDATA_FILE"
           fi
         else
-          textPass "$regx: No secrets found in $instance User Data or it is empty" "$regx"
+          textPass "$regx: No secrets found in $instance User Data or it is empty" "$regx" "$instance"
         fi
       done
     else
diff --git a/checks/check_extra742 b/checks/check_extra742
index d6083ef0..92cd10b3 100644
--- a/checks/check_extra742
+++ b/checks/check_extra742
@@ -45,11 +45,11 @@ extra742(){
           # New implementation using https://github.com/Yelp/detect-secrets
           FINDINGS=$(secretsDetector file $CFN_OUTPUTS_FILE)
             if [[ $FINDINGS -eq 0 ]]; then
-              textPass "$regx: No secrets found in stack $stack Outputs" "$regx"
+              textPass "$regx: No secrets found in stack $stack Outputs" "$regx" "$stack"
               # delete file if nothing interesting is there
               rm -f $CFN_OUTPUTS_FILE
             else
-              textFail "$regx: Potential secret found in stack $stack Outputs" "$regx"
+              textFail "$regx: Potential secret found in stack $stack Outputs" "$regx" "$stack"
               # delete file to not leave trace, user must look at the CFN Stack
               rm -f $CFN_OUTPUTS_FILE
             fi
diff --git a/checks/check_extra743 b/checks/check_extra743
index e7e21965..fb98bec4 100644
--- a/checks/check_extra743
+++ b/checks/check_extra743
@@ -34,9 +34,9 @@ extra743(){
           for stage in $LIST_OF_STAGES; do
             CHECK_CERTIFICATE=$($AWSCLI $PROFILE_OPT --region $regx apigateway get-stages --rest-api-id $api --query "item[?stageName==\`$stage\`].clientCertificateId" --output text)
             if [[ $CHECK_CERTIFICATE ]]; then
-                textPass "$regx: API Gateway $API_GW_NAME ID $api in $stage has client certificate enabled" "$regx"
+                textPass "$regx: API Gateway $API_GW_NAME ID $api in $stage has client certificate enabled" "$regx" "$API_GW_NAME"
               else
-                textFail "$regx: API Gateway $API_GW_NAME ID $api in $stage has not client certificate enabled" "$regx"
+                textFail "$regx: API Gateway $API_GW_NAME ID $api in $stage has not client certificate enabled" "$regx" "$API_GW_NAME"
             fi
           done
         fi
diff --git a/checks/check_extra744 b/checks/check_extra744
index 36ed0705..6d0d219b 100644
--- a/checks/check_extra744
+++ b/checks/check_extra744
@@ -35,9 +35,9 @@ extra744(){
           for stage in $LIST_OF_STAGES; do
             CHECK_WAFACL=$($AWSCLI $PROFILE_OPT --region $regx apigateway get-stages --rest-api-id $api --query "item[?stageName==\`$stage\`].webAclArn" --output text)
             if [[ $CHECK_WAFACL ]]; then
-                textPass "$regx: API Gateway $API_GW_NAME ID $api in $stage has $CHECK_WAFACL WAF ACL attached" "$regx"
+                textPass "$regx: API Gateway $API_GW_NAME ID $api in $stage has $CHECK_WAFACL WAF ACL attached" "$regx" "$API_GW_NAME"
               else
-                textFail "$regx: API Gateway $API_GW_NAME ID $api in $stage has not WAF ACL attached" "$regx"
+                textFail "$regx: API Gateway $API_GW_NAME ID $api in $stage has not WAF ACL attached" "$regx" "$API_GW_NAME"
             fi
           done
         fi
diff --git a/checks/check_extra745 b/checks/check_extra745
index 0b507d7b..743bf12a 100644
--- a/checks/check_extra745
+++ b/checks/check_extra745
@@ -33,13 +33,13 @@ extra745(){
         if [[ $ENDPOINT_CONFIG_TYPE ]]; then
           case $ENDPOINT_CONFIG_TYPE in
             PRIVATE )
-              textPass "$regx: API Gateway $API_GW_NAME ID $api is set as $ENDPOINT_CONFIG_TYPE" "$regx"
+              textPass "$regx: API Gateway $API_GW_NAME ID $api is set as $ENDPOINT_CONFIG_TYPE" "$regx" "$API_GW_NAME"
             ;;
             REGIONAL )
-              textFail "$regx: API Gateway $API_GW_NAME ID $api is internet accesible as $ENDPOINT_CONFIG_TYPE" "$regx"
+              textFail "$regx: API Gateway $API_GW_NAME ID $api is internet accesible as $ENDPOINT_CONFIG_TYPE" "$regx" "$API_GW_NAME"
             ;;
             EDGE )
-              textFail "$regx: API Gateway $API_GW_NAME ID $api is internet accesible as $ENDPOINT_CONFIG_TYPE" "$regx"
+              textFail "$regx: API Gateway $API_GW_NAME ID $api is internet accesible as $ENDPOINT_CONFIG_TYPE" "$regx" "$API_GW_NAME"
           esac
         fi
       done
diff --git a/checks/check_extra746 b/checks/check_extra746
index 82f82d53..91d3052a 100644
--- a/checks/check_extra746
+++ b/checks/check_extra746
@@ -31,9 +31,9 @@ extra746(){
         API_GW_NAME=$($AWSCLI apigateway get-rest-apis $PROFILE_OPT --region $regx --query "items[?id==\`$api\`].name" --output text)
         AUTHORIZER_CONFIGURED=$($AWSCLI $PROFILE_OPT --region $regx apigateway get-authorizers --rest-api-id $api --query items[*].type --output text)
         if [[ $AUTHORIZER_CONFIGURED ]]; then
-           textPass "$regx: API Gateway $API_GW_NAME ID $api has authorizer configured" "$regx"
+           textPass "$regx: API Gateway $API_GW_NAME ID $api has authorizer configured" "$regx" "$API_GW_NAME"
         else
-           textFail "$regx: API Gateway $API_GW_NAME ID $api has not authorizer configured" "$regx"
+           textFail "$regx: API Gateway $API_GW_NAME ID $api has not authorizer configured" "$regx" "$API_GW_NAME"
         fi
       done
     else
diff --git a/checks/check_extra748 b/checks/check_extra748
index 245b40b4..925f5173 100644
--- a/checks/check_extra748
+++ b/checks/check_extra748
@@ -28,7 +28,7 @@ extra748(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`0` && ToPort==`65535`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0" "$regx" "$SG"
       done
     else
       textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0" "$regx"
diff --git a/checks/check_extra749 b/checks/check_extra749
index 4acf5f35..72bbb129 100644
--- a/checks/check_extra749
+++ b/checks/check_extra749
@@ -29,7 +29,7 @@ extra749(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || ((FromPort<=`1521` && ToPort>=`1521`)||(FromPort<=`2483` && ToPort>=`2483`))) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Oracle ports" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Oracle ports" "$regx" "$SG"
       done
     else
       textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Oracle ports" "$regx"
diff --git a/checks/check_extra75 b/checks/check_extra75
index f6e97ccb..f2ae8842 100644
--- a/checks/check_extra75
+++ b/checks/check_extra75
@@ -44,12 +44,12 @@ extra75(){
         GROUP_NAME=$(echo $SECURITYGROUPS | jq -r --arg id $SG_ID '.[$id]')
         if [[ $GROUP_NAME != "default" ]];
         then
-          textFail "$regx: $SG_ID is not being used!" "$regx"
+          textFail "$regx: $SG_ID is not being used!" "$regx" "$SG_ID"
         else
           textInfo "$regx: $SG_ID is not being used - default security group" "$regx"
         fi
       else
-        textPass "$regx: $SG_ID is being used" "$regx"
+        textPass "$regx: $SG_ID is being used" "$regx" "$SG_ID"
       fi
     done
   done
diff --git a/checks/check_extra750 b/checks/check_extra750
index 54b09ac1..d8352433 100644
--- a/checks/check_extra750
+++ b/checks/check_extra750
@@ -29,7 +29,7 @@ extra750(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`3306` && ToPort>=`3306`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for MySQL port" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for MySQL port" "$regx" "$SG"
       done
     else
       textPass "$regx: No Security Groups found open to 0.0.0.0/0 for MySQL port" "$regx"
diff --git a/checks/check_extra751 b/checks/check_extra751
index 5e44d87b..c9772ccb 100644
--- a/checks/check_extra751
+++ b/checks/check_extra751
@@ -29,7 +29,7 @@ extra751(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`5432` && ToPort>=`5432`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Postgres port" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Postgres port" "$regx" "$SG"
       done
     else
       textPass "$regx: No Security Groups found open to 0.0.0.0/0 for Postgres port" "$regx"
diff --git a/checks/check_extra752 b/checks/check_extra752
index 815f3f01..17217098 100644
--- a/checks/check_extra752
+++ b/checks/check_extra752
@@ -29,7 +29,7 @@ extra752(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`6379` && ToPort>=`6379`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Redis port" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Redis port" "$regx" "$SG"
       done
     else
       textPass "$regx: No Security Groups found open to 0.0.0.0/0 for Redis port" "$regx"
diff --git a/checks/check_extra753 b/checks/check_extra753
index 150a8c14..045af6bf 100644
--- a/checks/check_extra753
+++ b/checks/check_extra753
@@ -29,7 +29,7 @@ extra753(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || ((FromPort<=`27017` && ToPort>=`27017`) || (FromPort<=`27018` && ToPort>=`27018`))) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for MongoDB ports" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for MongoDB ports" "$regx" "$SG"
       done
     else
       textPass "$regx: No Security Groups found open to 0.0.0.0/0 for MongoDB ports" "$regx"
diff --git a/checks/check_extra754 b/checks/check_extra754
index 8046782f..03400ba1 100644
--- a/checks/check_extra754
+++ b/checks/check_extra754
@@ -29,7 +29,7 @@ extra754(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || ((FromPort<=`7199` && ToPort>=`7199`) || (FromPort<=`9160` && ToPort>=`9160`)|| (FromPort<=`8888` && ToPort>=`8888`))) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Cassandra ports" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Cassandra ports" "$regx" "$SG"
       done
     else
       textPass "$regx: No Security Groups found open to 0.0.0.0/0 for Cassandra ports" "$regx"
diff --git a/checks/check_extra755 b/checks/check_extra755
index 45460007..e0e55079 100644
--- a/checks/check_extra755
+++ b/checks/check_extra755
@@ -29,7 +29,7 @@ extra755(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`11211` && ToPort>=`11211`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Memcached port" "$regx"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Memcached port" "$regx" "$SG"
       done
     else
       textPass "$regx: No Security Groups found open to 0.0.0.0/0 for Memcached port" "$regx"
diff --git a/checks/check_extra756 b/checks/check_extra756
index 5e33bcc5..ba4bb323 100644
--- a/checks/check_extra756
+++ b/checks/check_extra756
@@ -30,9 +30,9 @@ extra756(){
       for cluster in $LIST_OF_RS_CLUSTERS; do
         IS_PUBLICLY_ACCESSIBLE=$($AWSCLI $PROFILE_OPT redshift describe-clusters --region $regx --cluster-identifier $cluster --query Clusters[*].PubliclyAccessible --output text|grep True)
         if [[ $IS_PUBLICLY_ACCESSIBLE ]]; then
-          textFail "$regx: Redshift cluster $cluster is publicly accessible" "$regx"
+          textFail "$regx: Redshift cluster $cluster is publicly accessible" "$regx" "$cluster"
         else
-          textPass "$regx: Redshift cluster $cluster is not publicly accessible" "$regx"
+          textPass "$regx: Redshift cluster $cluster is not publicly accessible" "$regx" "$cluster"
         fi
       done
     else
diff --git a/checks/check_extra757 b/checks/check_extra757
index 23c8bff8..9277f030 100644
--- a/checks/check_extra757
+++ b/checks/check_extra757
@@ -35,7 +35,7 @@ extra757(){
         do
           EC2_ID=$(echo "$ec2_instace" | awk '{print $1}')
           LAUNCH_DATE=$(echo "$ec2_instace" | awk '{print $2}')
-          textFail "$regx: EC2 Instance $EC2_ID running before than $OLDAGE" "$regx"
+          textFail "$regx: EC2 Instance $EC2_ID running before than $OLDAGE" "$regx" "$EC2_ID"
         done <<< "$INSTACES_OLD_THAN_AGE"
       else
         textPass "$regx: All Instances newer than 6 months" "$regx"
diff --git a/checks/check_extra758 b/checks/check_extra758
index b4c483cd..17b47776 100644
--- a/checks/check_extra758
+++ b/checks/check_extra758
@@ -35,7 +35,7 @@ extra758(){
         do
           EC2_ID=$(echo "$ec2_instace" | awk '{print $1}')
           LAUNCH_DATE=$(echo "$ec2_instace" | awk '{print $2}')
-          textFail "$regx: EC2 Instance $EC2_ID running before than $OLDAGE" "$regx"
+          textFail "$regx: EC2 Instance $EC2_ID running before than $OLDAGE" "$regx" "$EC2_ID"
         done <<< "$INSTACES_OLD_THAN_AGE"
       else
         textPass "$regx: All Instances newer than 12 months" "$regx"
diff --git a/checks/check_extra759 b/checks/check_extra759
index 01c6bebb..aa557e46 100644
--- a/checks/check_extra759
+++ b/checks/check_extra759
@@ -41,11 +41,11 @@ extra759(){
         # Implementation using https://github.com/Yelp/detect-secrets
         FINDINGS=$(secretsDetector file $LAMBDA_FUNCTION_VARIABLES_FILE)
           if [[ $FINDINGS -eq 0 ]]; then
-            textPass "$regx: No secrets found in Lambda function $lambdafunction variables" "$regx"
+            textPass "$regx: No secrets found in Lambda function $lambdafunction variables" "$regx" "$lambdafunction"
             # delete file if nothing interesting is there
             rm -f $LAMBDA_FUNCTION_VARIABLES_FILE
           else
-            textFail "$regx: Potential secret found in Lambda function $lambdafunction variables" "$regx"
+            textFail "$regx: Potential secret found in Lambda function $lambdafunction variables" "$regx" "$lambdafunction"
             # delete file to not leave trace, user must look at the function
             rm -f $LAMBDA_FUNCTION_VARIABLES_FILE
           fi
diff --git a/checks/check_extra76 b/checks/check_extra76
index 854d48e7..c8348216 100644
--- a/checks/check_extra76
+++ b/checks/check_extra76
@@ -31,10 +31,10 @@ extra76(){
     LIST_OF_PUBLIC_AMIS=$($AWSCLI ec2 describe-images --owners self $PROFILE_OPT --region $regx --filters "Name=is-public,Values=true" --query 'Images[*].{ID:ImageId}' --output text)
     if [[ $LIST_OF_PUBLIC_AMIS ]];then
       for ami in $LIST_OF_PUBLIC_AMIS; do
-        textFail "$regx: $ami is currently Public!" "$regx"
+        textFail "$regx: $ami is currently Public!" "$regx" "$ami"
       done
     else
-      textPass "$regx: No Public AMIs found" "$regx"
+      textPass "$regx: No Public AMIs found" "$regx" "$ami"
     fi
   done
 }
diff --git a/checks/check_extra760 b/checks/check_extra760
index b75303ae..f770e5b4 100644
--- a/checks/check_extra760
+++ b/checks/check_extra760
@@ -45,11 +45,11 @@ extra760(){
         unzip -qq $LAMBDA_FUNCTION_FOLDER/$LAMBDA_FUNCTION_FILE -d $LAMBDA_FUNCTION_FOLDER
         FINDINGS=$(secretsDetector folder $LAMBDA_FUNCTION_FOLDER)
           if [[ $FINDINGS -eq 0 ]]; then
-            textPass "$regx: No secrets found in Lambda function $lambdafunction code" "$regx"
+            textPass "$regx: No secrets found in Lambda function $lambdafunction code" "$regx" "$lambdafunction"
             # delete files if nothing interesting is there
             rm -fr $LAMBDA_FUNCTION_FOLDER
           else
-            textFail "$regx: Potential secret found in Lambda function $lambdafunction code" "$regx"
+            textFail "$regx: Potential secret found in Lambda function $lambdafunction code" "$regx" "$lambdafunction"
             # delete files to not leave trace, user must look at the function
             rm -fr $LAMBDA_FUNCTION_FOLDER
           fi
diff --git a/checks/check_extra762 b/checks/check_extra762
index fe55e875..92389bc2 100644
--- a/checks/check_extra762
+++ b/checks/check_extra762
@@ -36,9 +36,9 @@ extra762(){
         fname=$(echo "$lambdafunction" | cut -d'%' -f1)
         runtime=$(echo "$lambdafunction" | cut -d'%' -f2)
         if echo "$lambdafunction" | grep -Eq $OBSOLETE  ; then
-          textFail "$regx: Obsolete runtime: ${runtime} used by: ${fname}" "$regx"
+          textFail "$regx: Obsolete runtime: ${runtime} used by: ${fname}" "$regx" "${fname}"
         else
-          textPass "$regx: Supported runtime: ${runtime} used by: ${fname}" "$regx"
+          textPass "$regx: Supported runtime: ${runtime} used by: ${fname}" "$regx" "${fname}"
         fi
       done
     else
diff --git a/checks/check_extra763 b/checks/check_extra763
index 79d35f1e..7c8b74ce 100644
--- a/checks/check_extra763
+++ b/checks/check_extra763
@@ -34,9 +34,9 @@ extra763(){
         continue
       fi
       if [[ $(echo "$BUCKET_VERSIONING_ENABLED" | grep "^Enabled$") ]]; then
-        textPass "Bucket $bucket has versioning enabled"
+        textPass "Bucket $bucket has versioning enabled" "us-east-1" "$bucket"
       else
-        textFail "Bucket $bucket has versioning disabled!"
+        textFail "Bucket $bucket has versioning disabled!" "us-east-1" "$bucket"
       fi
     done
   else
diff --git a/checks/check_extra764 b/checks/check_extra764
index 426c53ae..7e1153c4 100644
--- a/checks/check_extra764
+++ b/checks/check_extra764
@@ -49,7 +49,7 @@ extra764(){
         continue
       fi
       if [[ $(grep NoSuchBucketPolicy $TEMP_STP_POLICY_FILE) ]]; then
-        textFail "No bucket policy for $bucket"
+        textFail "No bucket policy for $bucket" "us-east-1" "$bucket"
         rm -f $TEMP_STP_POLICY_FILE
         continue
       fi
@@ -61,9 +61,9 @@ extra764(){
         CHECK_BUCKET_STP_POLICY_PRESENT=$(cat $TEMP_STP_POLICY_FILE | jq --arg arn "arn:${AWS_PARTITION}:s3:::${bucket}" \
           '.Statement[]|select((((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and .Effect=="Deny" and (.Action=="s3:*" or .Action=="*") and (.Resource|type == "array") and (.Resource|map({(.):0})[]|has($arn)) and (.Resource|map({(.):0})[]|has($arn+"/*")) and .Condition.Bool."aws:SecureTransport" == "false")')
         if [[ $CHECK_BUCKET_STP_POLICY_PRESENT ]]; then
-          textPass "Bucket $bucket has S3 bucket policy to deny requests over insecure transport"
+          textPass "Bucket $bucket has S3 bucket policy to deny requests over insecure transport" "us-east-1" "$bucket"
         else
-          textFail "Bucket $bucket allows requests over insecure transport"
+          textFail "Bucket $bucket allows requests over insecure transport" "us-east-1" "$bucket"
         fi
       else
           textInfo "Unknown Error occurred: $policy_str"
diff --git a/checks/check_extra765 b/checks/check_extra765
index 8c23408f..e00d272c 100644
--- a/checks/check_extra765
+++ b/checks/check_extra765
@@ -44,16 +44,16 @@ extra765(){
         SCAN_ENABLED=$($AWSCLI ecr describe-repositories $PROFILE_OPT --region $region --query "repositories[?repositoryName==\`$repo\`].[imageScanningConfiguration.scanOnPush]" --output text 2>&1)
         case "$SCAN_ENABLED" in
           "True")
-            textPass "$region: ECR repository $repo has scan on push enabled" "$region"
+            textPass "$region: ECR repository $repo has scan on push enabled" "$region" "$repo"
             ;;
           "False")
-            textFail "$region: ECR repository $repo has scan on push disabled!" "$region"
+            textFail "$region: ECR repository $repo has scan on push disabled!" "$region" "$repo"
             ;;
           "None")
-            textInfo "$region: ECR repository $repo has no scanOnPush status, newer awscli needed" "$region"
+            textInfo "$region: ECR repository $repo has no scanOnPush status, newer awscli needed" "$region" "$repo"
             ;;
           "*")
-            textInfo "$region: ECR repository $repo has unknown scanOnPush status \"$SCAN_ENABLED\"" "$region"
+            textInfo "$region: ECR repository $repo has unknown scanOnPush status \"$SCAN_ENABLED\"" "$region" "$repo"
             ;;
         esac
       done
diff --git a/checks/check_extra767 b/checks/check_extra767
index a87b0c52..b97bbdae 100644
--- a/checks/check_extra767
+++ b/checks/check_extra767
@@ -29,9 +29,9 @@ extra767(){
       for dist in $LIST_OF_DISTRIBUTIONS; do
         CHECK_FLE=$($AWSCLI cloudfront get-distribution --id $dist --query Distribution.DistributionConfig.DefaultCacheBehavior.FieldLevelEncryptionId $PROFILE_OPT --output text)
         if [[ $CHECK_FLE ]]; then
-          textPass "CloudFront distribution $dist has Field Level Encryption enabled" "$regx"
+          textPass "CloudFront distribution $dist has Field Level Encryption enabled" "$regx" "$dist"
         else
-          textFail "CloudFront distribution $dist has Field Level Encryption disabled!" "$regx"
+          textFail "CloudFront distribution $dist has Field Level Encryption disabled!" "$regx" "$dist"
         fi
       done
     else
diff --git a/checks/check_extra768 b/checks/check_extra768
index f0c6b3d1..c1806dd3 100644
--- a/checks/check_extra768
+++ b/checks/check_extra768
@@ -46,11 +46,11 @@ extra768(){
           # Implementation using https://github.com/Yelp/detect-secrets
           FINDINGS=$(secretsDetector file $TASK_DEFINITION_ENV_VARIABLES_FILE)
           if [[ $FINDINGS -eq 0 ]]; then
-            textPass "$regx: No secrets found in ECS task definition $TASK_DEFINITION variables" "$regx"
+            textPass "$regx: No secrets found in ECS task definition $TASK_DEFINITION variables" "$regx" "$TASK_DEFINITION"
             # delete file if nothing interesting is there
             rm -f $TASK_DEFINITION_ENV_VARIABLES_FILE
           else
-            textFail "$regx: Potential secret found in ECS task definition $TASK_DEFINITION variables" "$regx"
+            textFail "$regx: Potential secret found in ECS task definition $TASK_DEFINITION variables" "$regx" "$TASK_DEFINITION"
           fi
         else
           textInfo "$regx: ECS task definition $TASK_DEFINITION has no variables" "$regx"
diff --git a/checks/check_extra769 b/checks/check_extra769
index 3d45692b..f9f5308f 100644
--- a/checks/check_extra769
+++ b/checks/check_extra769
@@ -38,9 +38,9 @@ extra769(){
       for accessAnalyzerArn in $LIST_OF_ACCESS_ANALYZERS;do
         ANALYZER_ACTIVE_FINDINGS_COUNT=$($AWSCLI accessanalyzer list-findings $PROFILE_OPT --region $regx --analyzer-arn $accessAnalyzerArn --query 'findings[?status == `ACTIVE`].[id,status]' --output text | wc -l | tr -d ' ')
         if [[ $ANALYZER_ACTIVE_FINDINGS_COUNT -eq 0 ]];then
-            textPass "$regx: IAM Access Analyzer $accessAnalyzerArn has no active findings" "$regx"
+            textPass "$regx: IAM Access Analyzer $accessAnalyzerArn has no active findings" "$regx" "$accessAnalyzerArn"
         else
-            textInfo "$regx: IAM Access Analyzer $accessAnalyzerArn has $ANALYZER_ACTIVE_FINDINGS_COUNT active findings" "$regx"
+            textInfo "$regx: IAM Access Analyzer $accessAnalyzerArn has $ANALYZER_ACTIVE_FINDINGS_COUNT active findings" "$regx" 
         fi
       done
     else
diff --git a/checks/check_extra77 b/checks/check_extra77
index 4391c320..b9624616 100644
--- a/checks/check_extra77
+++ b/checks/check_extra77
@@ -48,7 +48,7 @@ extra77(){
         fi
         # https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html - "By default, only the repository owner has access to a repository."
         if [[ $(grep RepositoryPolicyNotFoundException $TEMP_POLICY_FILE) ]]; then
-          textPass "$region: $repo is not open" "$region"
+          textPass "$region: $repo is not open" "$region" "$repo"
           rm -f $TEMP_POLICY_FILE
           continue
         fi
@@ -57,12 +57,12 @@ extra77(){
         if [[ $CHECK_ECR_REPO_ALLUSERS_POLICY ]]; then
           textFail "$region: $repo policy \"may\" allow Anonymous users to perform actions (Principal: \"*\")" "$region"
         else
-          textPass "$region: $repo is not open" "$region"
+          textPass "$region: $repo is not open" "$region" "$repo"
         fi
         rm -f $TEMP_POLICY_FILE
       done
     else
-      textInfo "$region: No ECR repositories found" "$region"
+      textInfo "$region: No ECR repositories found" "$region" "$repo"
     fi
   done
 }
diff --git a/checks/check_extra770 b/checks/check_extra770
index 7c52439b..e8d023a4 100644
--- a/checks/check_extra770
+++ b/checks/check_extra770
@@ -33,7 +33,7 @@ extra770(){
         INSTANCE_ID=$(echo $instance | awk '{ print $1; }')
         PUBLIC_IP=$(echo $instance | awk '{ print $2; }')
         INSTANCE_PROFILE=$(echo $instance | awk '{ print $3; }')
-        textFail "$regx: Instance: $INSTANCE_ID at IP: $PUBLIC_IP is internet-facing with Instance Profile $INSTANCE_PROFILE" "$regx"
+        textFail "$regx: Instance: $INSTANCE_ID at IP: $PUBLIC_IP is internet-facing with Instance Profile $INSTANCE_PROFILE" "$regx" "$INSTANCE_ID"
       done <<< "$LIST_OF_PUBLIC_INSTANCES_WITH_INSTANCE_PROFILES"
       else
         textPass "$regx: no Internet Facing EC2 Instances with Instance Profiles found" "$regx"
diff --git a/checks/check_extra771 b/checks/check_extra771
index cffc6021..9bcaea71 100644
--- a/checks/check_extra771
+++ b/checks/check_extra771
@@ -33,9 +33,9 @@ extra771(){
       else
         BUCKET_POLICY_BAD_STATEMENTS=$(echo $BUCKET_POLICY_STATEMENTS | jq --arg arn "arn:${AWS_PARTITION}:s3:::$bucket" 'fromjson | .Statement[]|select(.Effect=="Allow" and (((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and (.Action|startswith("s3:Put") or startswith("s3:*")) and .Condition == null)')
         if [[ $BUCKET_POLICY_BAD_STATEMENTS != "" ]]; then
-          textFail "Bucket $bucket allows public write: $BUCKET_POLICY_BAD_STATEMENTS"
+          textFail "Bucket $bucket allows public write: $BUCKET_POLICY_BAD_STATEMENTS" "us-east-1" "$bucket"
         else
-          textPass "Bucket $bucket has S3 bucket policy which does not allow public write access"
+          textPass "Bucket $bucket has S3 bucket policy which does not allow public write access" "us-east-1" "$bucket"
         fi
       fi
     done
diff --git a/checks/check_extra772 b/checks/check_extra772
index 2604662e..9f3dbcd9 100644
--- a/checks/check_extra772
+++ b/checks/check_extra772
@@ -31,9 +31,9 @@ extra772(){
       for eip in $EIP_LIST; do
         ASSOCIATION_ID=$(echo $EIP_DUMP | jq -r --arg i "$eip" '.Addresses[]|select(.AllocationId==$i)|.AssociationId')
         if [[ "$ASSOCIATION_ID" == "null" ]]; then
-          textFail "$region: EIP $eip is unused" $region
+          textFail "$region: EIP $eip is unused" "$region" "$eip"
         else
-          textPass "$region: EIP $eip is used" $region
+          textPass "$region: EIP $eip is used" "$region" "$eip"
         fi
       done
     else
diff --git a/checks/check_extra773 b/checks/check_extra773
index 34a6cacc..b8eee770 100644
--- a/checks/check_extra773
+++ b/checks/check_extra773
@@ -31,9 +31,9 @@ extra773(){
     for dist in $LIST_OF_DISTRIBUTIONS; do
       WEB_ACL_ID=$($AWSCLI cloudfront get-distribution $PROFILE_OPT --id "$dist" --query 'Distribution.DistributionConfig.WebACLId' --output text)
       if [[ $WEB_ACL_ID ]]; then
-        textPass "CloudFront distribution $dist is using AWS WAF web ACL $WEB_ACL_ID"
+        textPass "CloudFront distribution $dist is using AWS WAF web ACL $WEB_ACL_ID" "us-east-1" "$dist"
       else
-        textFail "CloudFront distribution $dist is not using AWS WAF web ACL"
+        textFail "CloudFront distribution $dist is not using AWS WAF web ACL" "us-east-1" "$dist"
       fi
     done
   else
diff --git a/checks/check_extra775 b/checks/check_extra775
index 9d871b97..dbb50c8d 100644
--- a/checks/check_extra775
+++ b/checks/check_extra775
@@ -44,11 +44,11 @@ extra775(){
           if [[ $FILE_FORMAT_ASCII ]]; then
           FINDINGS=$(secretsDetector file $EC2_AUTOSCALING_USERDATA_FILE)
             if [[ $FINDINGS -eq 0 ]]; then
-              textPass "$regx: No secrets found in $autoscaling_configuration" "$regx"
+              textPass "$regx: No secrets found in $autoscaling_configuration" "$regx" "$autoscaling_configuration"
               # delete file if nothing interesting is there
               rm -f $EC2_AUTOSCALING_USERDATA_FILE
             else
-              textFail "$regx: Potential secret found in $autoscaling_configuration" "$regx"
+              textFail "$regx: Potential secret found in $autoscaling_configuration" "$regx" "$autoscaling_configuration"
               # delete file to not leave trace, user must look at the autoscaling_configuration User Data
               rm -f $EC2_AUTOSCALING_USERDATA_FILE
             fi
@@ -56,14 +56,14 @@ extra775(){
             mv $EC2_AUTOSCALING_USERDATA_FILE $EC2_AUTOSCALING_USERDATA_FILE.gz ; gunzip $EC2_AUTOSCALING_USERDATA_FILE.gz
             FINDINGS=$(secretsDetector file $EC2_AUTOSCALING_USERDATA_FILE)
             if [[ $FINDINGS -eq 0 ]]; then
-              textPass "$regx: No secrets found in $autoscaling_configuration User Data" "$regx"
+              textPass "$regx: No secrets found in $autoscaling_configuration User Data" "$regx" "$autoscaling_configuration"
               rm -f $EC2_AUTOSCALING_USERDATA_FILE
             else
-              textFail "$regx: Potential secret found in $autoscaling_configuration" "$regx"
+              textFail "$regx: Potential secret found in $autoscaling_configuration" "$regx" "$autoscaling_configuration"
             fi
           fi
         else 
-          textPass "$regx: No secrets found in $autoscaling_configuration User Data or it is empty" "$regx"
+          textPass "$regx: No secrets found in $autoscaling_configuration User Data or it is empty" "$regx" "$autoscaling_configuration"
         fi
       done
     else
diff --git a/checks/check_extra776 b/checks/check_extra776
index 5bfe48a4..a572afe4 100644
--- a/checks/check_extra776
+++ b/checks/check_extra776
@@ -54,28 +54,28 @@ extra776(){
             if [[ ! -z "$LIST_ECR_REPOS" ]]; then
               IMAGE_SCAN_STATUS=$($AWSCLI ecr describe-image-scan-findings $PROFILE_OPT --region $region --repository-name "$repo" --image-id imageDigest="$IMAGE_DIGEST" --query "imageScanStatus.status" 2>&1)
               if [[ $IMAGE_SCAN_STATUS == *"ScanNotFoundException"* ]]; then
-                textFail "$region: ECR repository $repo has imageTag $IMAGE_TAG without a scan" "$region"
+                textFail "$region: ECR repository $repo has imageTag $IMAGE_TAG without a scan" "$region" "$repo"
               else
                 if [[ $IMAGE_SCAN_STATUS == *"FAILED"* ]]; then
-                  textFail "$region: ECR repository $repo has imageTag $IMAGE_TAG with scan status $IMAGE_SCAN_STATUS" "$region"
+                  textFail "$region: ECR repository $repo has imageTag $IMAGE_TAG with scan status $IMAGE_SCAN_STATUS" "$region" "$repo"
                 else
                   FINDINGS_COUNT=$($AWSCLI ecr describe-image-scan-findings $PROFILE_OPT --region $region --repository-name "$repo" --image-id imageDigest="$IMAGE_DIGEST" --query "imageScanFindings.findingSeverityCounts" 2>&1)
                   if [[ ! -z "$FINDINGS_COUNT" ]]; then
                       SEVERITY_CRITICAL=$(echo "$FINDINGS_COUNT" | jq -r '.CRITICAL' )
                       if [[ "$SEVERITY_CRITICAL" != "null" ]]; then
-                        textFail "$region: ECR repository $repo has imageTag $IMAGE_TAG with CRITICAL ($SEVERITY_CRITICAL) findings" "$region"
+                        textFail "$region: ECR repository $repo has imageTag $IMAGE_TAG with CRITICAL ($SEVERITY_CRITICAL) findings" "$region" "$repo"
                       fi
                       SEVERITY_HIGH=$(echo "$FINDINGS_COUNT" | jq -r '.HIGH' )
                       if [[ "$SEVERITY_HIGH" != "null" ]]; then
-                        textFail "$region: ECR repository $repo has imageTag $IMAGE_TAG with HIGH ($SEVERITY_HIGH) findings" "$region"
+                        textFail "$region: ECR repository $repo has imageTag $IMAGE_TAG with HIGH ($SEVERITY_HIGH) findings" "$region" "$repo"
                       fi
                       SEVERITY_MEDIUM=$(echo "$FINDINGS_COUNT" | jq -r '.MEDIUM' )
                       if [[ "$SEVERITY_MEDIUM" != "null" ]]; then
-                        textFail "$region: ECR repository $repo has imageTag $IMAGE_TAG with MEDIUM ($SEVERITY_MEDIUM) findings" "$region"
+                        textFail "$region: ECR repository $repo has imageTag $IMAGE_TAG with MEDIUM ($SEVERITY_MEDIUM) findings" "$region" "$repo"
                       fi
                       SEVERITY_LOW=$(echo "$FINDINGS_COUNT" | jq -r '.LOW' )
                       if [[ "$SEVERITY_LOW" != "null" ]]; then
-                        textInfo "$region: ECR repository $repo has imageTag $IMAGE_TAG with LOW ($SEVERITY_LOW) findings" "$region"
+                        textInfo "$region: ECR repository $repo has imageTag $IMAGE_TAG with LOW ($SEVERITY_LOW) findings" "$region" 
                       fi
                       SEVERITY_INFORMATIONAL=$(echo "$FINDINGS_COUNT" | jq -r '.INFORMATIONAL' )
                       if [[ "$SEVERITY_INFORMATIONAL" != "null" ]]; then
diff --git a/checks/check_extra777 b/checks/check_extra777
index ffd79feb..fe784968 100644
--- a/checks/check_extra777
+++ b/checks/check_extra777
@@ -58,7 +58,7 @@ extra777(){
                             )
 
             if [[ (${INGRESS_TOTAL} -ge ${THRESHOLD}) || (${EGRESS_TOTAL} -ge ${THRESHOLD}) ]]; then
-                textFail "${regx}: ${SECURITY_GROUP} has ${INGRESS_TOTAL} inbound rules and ${EGRESS_TOTAL} outbound rules" "${regx}"
+                textFail "${regx}: ${SECURITY_GROUP} has ${INGRESS_TOTAL} inbound rules and ${EGRESS_TOTAL} outbound rules" "${regx}" "${SECURITY_GROUP}"
             fi
         done
     done
diff --git a/checks/check_extra778 b/checks/check_extra778
index 3814d52c..14383912 100644
--- a/checks/check_extra778
+++ b/checks/check_extra778
@@ -58,7 +58,7 @@ extra778(){
 
                 # Edge case "0.0.0.0/0" for RDP and SSH are checked already by check41 and check42
                 if [[ ${CIDR} < ${CIDR_THRESHOLD} && 0 < ${CIDR} ]]; then
-                    textFail "${REGION}: ${SECURITY_GROUP} has potential wide-open non-RFC1918 address ${CIDR_IP} in ${DIRECTION} rule" "${REGION}"
+                    textFail "${REGION}: ${SECURITY_GROUP} has potential wide-open non-RFC1918 address ${CIDR_IP} in ${DIRECTION} rule" "${REGION}" "${SECURITY_GROUP}"
                 fi
             fi
         done
diff --git a/checks/check_extra779 b/checks/check_extra779
index e0d614ec..79e0bf2c 100644
--- a/checks/check_extra779
+++ b/checks/check_extra779
@@ -45,7 +45,7 @@ extra779(){
             if [[ "$eip" == "None" ]];then
               textInfo "$regx: Found instance $instance with private IP on Security Group: $sg" "$regx"
             else
-              textFail "$regx: Found instance $instance with public IP $eip on Security Group: $sg open to 0.0.0.0/0 on for Elasticsearch/Kibana ports - use extra787 to test AUTH" "$regx"
+              textFail "$regx: Found instance $instance with public IP $eip on Security Group: $sg open to 0.0.0.0/0 on for Elasticsearch/Kibana ports - use extra787 to test AUTH" "$regx" "$sg" 
             fi
           done < <(cat $TEMP_EXTRA779_FILE)
         fi
diff --git a/checks/check_extra780 b/checks/check_extra780
index 17c85c9a..a2402595 100644
--- a/checks/check_extra780
+++ b/checks/check_extra780
@@ -30,9 +30,9 @@ extra780(){
       for domain in $LIST_OF_DOMAINS;do
         CHECK_IF_COGNITO_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.CognitoOptions.Enabled' --output text|grep -i true)
         if [[ $CHECK_IF_COGNITO_ENABLED ]];then
-          textPass "$regx: Amazon ES domain $domain has Amazon Cognito authentication for Kibana enabled" "$regx"
+          textPass "$regx: Amazon ES domain $domain has Amazon Cognito authentication for Kibana enabled" "$regx" "$domain"
         else
-          textFail "$regx: Amazon ES domain $domain does not have Amazon Cognito authentication for Kibana enabled" "$regx"
+          textFail "$regx: Amazon ES domain $domain does not have Amazon Cognito authentication for Kibana enabled" "$regx" "$domain"
         fi
       done
     else
diff --git a/checks/check_extra781 b/checks/check_extra781
index 73528083..69fe516f 100644
--- a/checks/check_extra781
+++ b/checks/check_extra781
@@ -31,9 +31,9 @@ extra781(){
       for domain in $LIST_OF_DOMAINS;do
         CHECK_IF_ENCREST_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.EncryptionAtRestOptions.Enabled' --output text|grep -i true)
         if [[ $CHECK_IF_ENCREST_ENABLED ]];then
-          textPass "$regx: Amazon ES domain $domain has encryption at-rest enabled" "$regx"
+          textPass "$regx: Amazon ES domain $domain has encryption at-rest enabled" "$regx" "$domain"
         else
-          textFail "$regx: Amazon ES domain $domain does not have encryption at-rest enabled" "$regx"
+          textFail "$regx: Amazon ES domain $domain does not have encryption at-rest enabled" "$regx" "$domain"
         fi
       done
     else
diff --git a/checks/check_extra782 b/checks/check_extra782
index 4ff97968..5ec70206 100644
--- a/checks/check_extra782
+++ b/checks/check_extra782
@@ -30,9 +30,9 @@ extra782(){
       for domain in $LIST_OF_DOMAINS;do
         CHECK_IF_NODETOENCR_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.NodeToNodeEncryptionOptions.Enabled' --output text|grep -i true)
         if [[ $CHECK_IF_NODETOENCR_ENABLED ]];then
-          textPass "$regx: Amazon ES domain $domain has node-to-node encryption enabled" "$regx"
+          textPass "$regx: Amazon ES domain $domain has node-to-node encryption enabled" "$regx" "$domain"
         else
-          textFail "$regx: Amazon ES domain $domain does not have node-to-node encryption enabled" "$regx"
+          textFail "$regx: Amazon ES domain $domain does not have node-to-node encryption enabled" "$regx" "$domain"
         fi
       done
     else
diff --git a/checks/check_extra783 b/checks/check_extra783
index 0294f6bc..612e59ff 100644
--- a/checks/check_extra783
+++ b/checks/check_extra783
@@ -30,9 +30,9 @@ extra783(){
       for domain in $LIST_OF_DOMAINS;do
         CHECK_IF_ENFORCEHTTPS_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.DomainEndpointOptions.EnforceHTTPS' --output text|grep -i true)
         if [[ $CHECK_IF_ENFORCEHTTPS_ENABLED ]];then
-          textPass "$regx: Amazon ES domain $domain has enforce HTTPS enabled" "$regx"
+          textPass "$regx: Amazon ES domain $domain has enforce HTTPS enabled" "$regx" "$domain"
         else
-          textFail "$regx: Amazon ES domain $domain does not have enforce HTTPS enabled" "$regx"
+          textFail "$regx: Amazon ES domain $domain does not have enforce HTTPS enabled" "$regx" "$domain"
         fi
       done
     else
diff --git a/checks/check_extra784 b/checks/check_extra784
index 9c9de6b0..d5426628 100644
--- a/checks/check_extra784
+++ b/checks/check_extra784
@@ -30,9 +30,9 @@ extra784(){
       for domain in $LIST_OF_DOMAINS;do
         CHECK_IF_INTERNALDB_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.AdvancedSecurityOptions.InternalUserDatabaseEnabled' --output text|grep -i true)
         if [[ $CHECK_IF_INTERNALDB_ENABLED ]];then
-          textPass "$regx: Amazon ES domain $domain has internal user database enabled" "$regx"
+          textPass "$regx: Amazon ES domain $domain has internal user database enabled" "$regx" "$domain"
         else
-          textFail "$regx: Amazon ES domain $domain does not have internal user database enabled" "$regx"
+          textFail "$regx: Amazon ES domain $domain does not have internal user database enabled" "$regx" "$domain"
         fi
       done
     else
diff --git a/checks/check_extra785 b/checks/check_extra785
index 0c51277a..62139103 100644
--- a/checks/check_extra785
+++ b/checks/check_extra785
@@ -36,9 +36,9 @@ extra785(){
         CHECK_IF_UPDATE_AVAILABLE_AND_VERSION=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.[ServiceSoftwareOptions.UpdateAvailable,ElasticsearchVersion]' --output text)
         while read update_status es_version;do
           if [[ $update_status != "False" ]];then
-            textInfo "$regx: Amazon ES domain $domain v$es_version has updates available" "$regx"
+            textInfo "$regx: Amazon ES domain $domain v$es_version has updates available" "$regx" "$domain"
           else
-            textPass "$regx: Amazon ES domain $domain v$es_version does not have have updates available" "$regx"
+            textPass "$regx: Amazon ES domain $domain v$es_version does not have have updates available" "$regx" "$domain"
           fi
         done < <(echo $CHECK_IF_UPDATE_AVAILABLE_AND_VERSION)
       done
diff --git a/checks/check_extra786 b/checks/check_extra786
index 99c0c9ea..b9895f57 100644
--- a/checks/check_extra786
+++ b/checks/check_extra786
@@ -35,11 +35,11 @@ extra786(){
       while read httpendpoint httptokens_status instanceid  ; do
         #echo i:$instanceid tok:$httptokens_status end:$httpendpoint
         if [[ "$httpendpoint" == "enabled" &&  "$httptokens_status" == "required" ]];then
-          textPass "$regx: EC2 Instance $instanceid has IMDSv2 enabled and required" "$regx"
+          textPass "$regx: EC2 Instance $instanceid has IMDSv2 enabled and required" "$regx" "$instanceid"
         elif [[ "$httpendpoint" == "disabled" ]];then
           textInfo "$regx: EC2 Instance $instanceid has HTTP endpoint access to metadata service disabled" "$regx"
         else
-          textFail "$regx: EC2 Instance $instanceid has IMDSv2 disabled or not required" "$regx"
+          textFail "$regx: EC2 Instance $instanceid has IMDSv2 disabled or not required" "$regx" "$instanceid"
         fi
       done < <(cat $TEMP_EXTRA786_FILE)
     else
diff --git a/checks/check_extra787 b/checks/check_extra787
index 5481a0f6..a8aeaf51 100644
--- a/checks/check_extra787
+++ b/checks/check_extra787
@@ -50,9 +50,9 @@ extra787(){
               CHECH_HTTP_ES_API=$(curl -m 2 -s -w "%{http_code}" -o /dev/null -X GET "http://$eip:$ES_API_PORT/_cat/indices")
               httpStatus $CHECH_HTTP_ES_API
               if [[ $CHECH_HTTP_ES_API -eq "200" ]];then
-                textFail "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Elasticsearch port $ES_API_PORT response $SERVER_RESPONSE" "$regx"
+                textFail "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Elasticsearch port $ES_API_PORT response $SERVER_RESPONSE" "$regx" "$instance"
               else
-                textInfo "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Elasticsearch port $ES_API_PORT response $SERVER_RESPONSE" "$regx"
+                textInfo "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Elasticsearch port $ES_API_PORT response $SERVER_RESPONSE" "$regx" "$instance"
               fi
               # check for port $ES_DATA_PORT TCP, this is the communication port, not:
               # test_tcp_connectivity is in include/os_detector
@@ -62,17 +62,17 @@ extra787(){
               # codes for better handling, so 200 is open and 000 is not responding
               httpStatus $CHECH_HTTP_ES_DATA
               if [[ $CHECH_HTTP_ES_DATA -eq "200" ]];then
-                textFail "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Elasticsearch port $ES_DATA_PORT response $SERVER_RESPONSE" "$regx"
+                textFail "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Elasticsearch port $ES_DATA_PORT response $SERVER_RESPONSE" "$regx" "$instance"
               else
-                textInfo "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Elasticsearch port $ES_DATA_PORT response $SERVER_RESPONSE" "$regx"
+                textInfo "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Elasticsearch port $ES_DATA_PORT response $SERVER_RESPONSE" "$regx" "$instance"
               fi
               # check for Kibana on port $ES_KIBANA_PORT
               CHECH_HTTP_ES_KIBANA=$(curl -m 2 -s -w "%{http_code}" -o /dev/null -X GET "http://$eip:$ES_KIBANA_PORT/api/status")
               httpStatus $CHECH_HTTP_ES_KIBANA
               if [[ $CHECH_AUTH_5601 -eq "200" ]];then
-                textFail "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Kibana on port $ES_KIBANA_PORT response $SERVER_RESPONSE" "$regx"
+                textFail "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Kibana on port $ES_KIBANA_PORT response $SERVER_RESPONSE" "$regx" "$instance"
               else
-                textInfo "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Kibana on port $ES_KIBANA_PORT response $SERVER_RESPONSE" "$regx"
+                textInfo "$regx: Found instance $instance with public IP $eip on Security Group: $sg with Kibana on port $ES_KIBANA_PORT response $SERVER_RESPONSE" "$regx" "$instance"
               fi
             else
               textInfo "$regx: Found instance $instance with private IP on Security Group: $sg" "$regx"
diff --git a/checks/check_extra788 b/checks/check_extra788
index 3510a1f8..9ca6f854 100644
--- a/checks/check_extra788
+++ b/checks/check_extra788
@@ -78,15 +78,15 @@ extra788(){
             CHECH_KIBANA_HTTPS=$(curl -m 2 -s -w "%{http_code}" -o /dev/null -X GET "https://$ES_DOMAIN_ENDPOINT/_plugin/kibana")
             httpStatus $CHECH_KIBANA_HTTPS
             if [[ $CHECH_KIBANA_HTTPS -eq "200" || $CHECH_KIBANA_HTTPS -eq "301" || $CHECH_KIBANA_HTTPS -eq "302" ]];then
-              textFail "$regx: Amazon ES domain $domain policy allows Anonymous access and Kibana service endpoint $ES_DOMAIN_ENDPOINT responded $SERVER_RESPONSE" "$regx"
+              textFail "$regx: Amazon ES domain $domain policy allows Anonymous access and Kibana service endpoint $ES_DOMAIN_ENDPOINT responded $SERVER_RESPONSE" "$regx" "$domain"
             else
-              textInfo "$regx: Amazon ES domain $domain policy allows Anonymous access but Kibana service endpoint $ES_DOMAIN_ENDPOINT responded $SERVER_RESPONSE" "$regx"
+              textInfo "$regx: Amazon ES domain $domain policy allows Anonymous access but Kibana service endpoint $ES_DOMAIN_ENDPOINT responded $SERVER_RESPONSE" "$regx" "$domain"
             fi
           else
             if [[ $CHECK_ES_DOMAIN_POLICY_HAS_CONDITION && ${CHECK_ES_DOMAIN_POLICY_CONDITION_PRIVATE_IP[@]} ]];then
               textInfo "$regx: Amazon ES domain $domain policy allows access from a Private IP or CIDR RFC1918 $(echo ${CONDITION_HAS_PRIVATE_IP_ARRAY[@]})" "$regx"
             else
-              textPass "$regx: Amazon ES domain $domain does not allow Anonymous cross account access" "$regx"
+              textPass "$regx: Amazon ES domain $domain does not allow Anonymous cross account access" "$regx" "$domain"
             fi
           fi
           rm -f $TEMP_POLICY_FILE
diff --git a/checks/check_extra789 b/checks/check_extra789
index c005c036..ed014307 100644
--- a/checks/check_extra789
+++ b/checks/check_extra789
@@ -47,7 +47,7 @@ extra789(){
             for ENDPOINT_CONNECTION in ${ENDPOINT_CONNECTION_LIST}; do
                 for ACCOUNT_ID in ${TRUSTED_ACCOUNT_IDS}; do
                     if [[ "${ACCOUNT_ID}" == "${ENDPOINT_CONNECTION}" ]]; then
-                        textPass "${regx}: Found trusted account in VPC endpoint service connection ${ENDPOINT_CONNECTION}" "${regx}"
+                        textPass "${regx}: Found trusted account in VPC endpoint service connection ${ENDPOINT_CONNECTION}" "${regx}" "${ENDPOINT_CONNECTION}"
                         # Algorithm:
                         # Remove all trusted ACCOUNT_IDs from ENDPOINT_CONNECTION_LIST.
                         # As a result, the ENDPOINT_CONNECTION_LIST finally contains only unknown/untrusted account ids.
@@ -57,7 +57,7 @@ extra789(){
             done
 
             for UNTRUSTED_CONNECTION in ${ENDPOINT_CONNECTION_LIST}; do
-                textFail "${regx}: Found untrusted account in VPC endpoint service connection ${UNTRUSTED_CONNECTION}" "${regx}"
+                textFail "${regx}: Found untrusted account in VPC endpoint service connection ${UNTRUSTED_CONNECTION}" "${regx}" "${ENDPOINT_CONNECTION}"
             done
         done
     done
diff --git a/checks/check_extra79 b/checks/check_extra79
index 81d541df..70057d75 100644
--- a/checks/check_extra79
+++ b/checks/check_extra79
@@ -37,7 +37,7 @@ extra79(){
       while read -r elb;do
         ELB_NAME=$(echo $elb | awk '{ print $1; }')
         ELB_DNSNAME=$(echo $elb | awk '{ print $2; }')
-        textFail "$regx: ELB: $ELB_NAME at DNS: $ELB_DNSNAME is internet-facing!" "$regx"
+        textFail "$regx: ELB: $ELB_NAME at DNS: $ELB_DNSNAME is internet-facing!" "$regx" "$ELB_NAME"
       done <<< "$LIST_OF_ALL_ELBS_PER_LINE"
       else
         textPass "$regx: no Internet Facing ELBs found" "$regx"
diff --git a/checks/check_extra790 b/checks/check_extra790
index 91f54808..e31f73cc 100644
--- a/checks/check_extra790
+++ b/checks/check_extra790
@@ -60,7 +60,7 @@ extra790(){
             done
 
             for UNTRUSTED_PERMISSION in ${ENDPOINT_PERMISSIONS_LIST}; do
-                textFail "${regx}: Found untrusted account in VPC endpoint service permission ${UNTRUSTED_PERMISSION}" "${regx}"
+                textFail "${regx}: Found untrusted account in VPC endpoint service permission ${UNTRUSTED_PERMISSION}" "${regx}" "${UNTRUSTED_PERMISSION}"
             done
         done
     done
diff --git a/checks/check_extra791 b/checks/check_extra791
index 06b5784e..99ccac1a 100644
--- a/checks/check_extra791
+++ b/checks/check_extra791
@@ -29,9 +29,9 @@ extra791(){
       for dist in $LIST_OF_DISTRIBUTIONS; do
         CHECK_ORIGINSSLPROTOCOL_STATUS=$($AWSCLI cloudfront get-distribution --id $dist --query Distribution.DistributionConfig.Origins.Items[].CustomOriginConfig.OriginSslProtocols.Items $PROFILE_OPT --output text)
         if [[ $CHECK_ORIGINSSLPROTOCOL_STATUS == *"SSLv2"* ]] || [[ $CHECK_ORIGINSSLPROTOCOL_STATUS == *"SSLv3"* ]]; then
-          textFail "CloudFront distribution $dist is using a deprecated SSL protocol!" "$regx"
+          textFail "CloudFront distribution $dist is using a deprecated SSL protocol!" "$regx" "$dist"
         else
-          textPass "CloudFront distribution $dist is not using a deprecated SSL protocol" "$regx"
+          textPass "CloudFront distribution $dist is not using a deprecated SSL protocol" "$regx" "$dist"
         fi
       done
     else
diff --git a/checks/check_extra792 b/checks/check_extra792
index df64d8b6..33ee3aa4 100644
--- a/checks/check_extra792
+++ b/checks/check_extra792
@@ -66,9 +66,9 @@ extra792(){
              done
           
              if $passed; then
-               textPass "$regx: $elb has no insecure SSL ciphers" "$regx"
+               textPass "$regx: $elb has no insecure SSL ciphers" "$regx" "$elb"
              else
-               textFail "$regx: $elb has insecure SSL ciphers" "$regx" 
+               textFail "$regx: $elb has insecure SSL ciphers" "$regx" "$elb"
              fi
           else
              textInfo "$regx: $elb does not have an HTTPS or SSL listener" "$regx"
@@ -106,9 +106,9 @@ extra792(){
              done
    
              if $passed; then
-               textPass "$regx: $elbname has no insecure SSL ciphers" "$regx"
+               textPass "$regx: $elbname has no insecure SSL ciphers" "$regx" "$elbname"
              else
-               textFail "$regx: $elbname has insecure SSL ciphers" "$regx"
+               textFail "$regx: $elbname has insecure SSL ciphers" "$regx" "$elbname"
              fi
           else
              textInfo "$regx: $elbname does not have an HTTPS or TLS listener" "$regx"
diff --git a/checks/check_extra793 b/checks/check_extra793
index dac5bf98..c91d60fa 100644
--- a/checks/check_extra793
+++ b/checks/check_extra793
@@ -54,7 +54,7 @@ extra793(){
             if $potential_redirect; then
               textInfo "$regx: $elb has both encrypted and non-encrypted listeners" "$regx"
             else
-              textFail "$regx: $elb has non-encrypted listeners" "$regx" 
+              textFail "$regx: $elb has non-encrypted listeners" "$regx" "$elb"
             fi 
           fi
         done
@@ -88,11 +88,11 @@ extra793(){
                if $redirect_rule; then
                  textInfo "$regx: $elbname has HTTP listener that redirects to HTTPS" "$regx"
                else
-                 textFail "$regx: $elbname has non-encrypted listeners" "$regx"
+                 textFail "$regx: $elbname has non-encrypted listeners" "$regx" "$elbname"
                fi
              fi
           else
-            textFail "$regx: $elbname has non-encrypted listeners" "$regx"
+            textFail "$regx: $elbname has non-encrypted listeners" "$regx" "$elbname"
           fi
         done
       fi
diff --git a/checks/check_extra794 b/checks/check_extra794
index 1e424237..a4d38eaf 100644
--- a/checks/check_extra794
+++ b/checks/check_extra794
@@ -34,12 +34,12 @@ extra794(){
         TYPES=$(echo $CLUSTERDEF | jq -r '.types[]')
         if [[ $LOGGING_ENABLED == "true" ]]; then
            if [[ $(echo $TYPES | egrep "api.*audit.*authenticator.*controllerManager.*scheduler") ]]; then
-              textPass "$regx: Control plane logging enabled and correctly configured for EKS cluster $CLUSTER" "$regx"
+              textPass "$regx: Control plane logging enabled and correctly configured for EKS cluster $CLUSTER" "$regx" "$CLUSTER"
            else
-              textFail "$regx: Control plane logging enabled, but not all log types collected for EKS cluster $CLUSTER" "$regx"
+              textFail "$regx: Control plane logging enabled, but not all log types collected for EKS cluster $CLUSTER" "$regx" "$CLUSTER"
            fi
         else
-              textFail "$regx: Control plane logging is not enabled for EKS cluster $CLUSTER" "$regx"
+              textFail "$regx: Control plane logging is not enabled for EKS cluster $CLUSTER" "$regx" "$CLUSTER"
         fi
       done
     else
diff --git a/checks/check_extra795 b/checks/check_extra795
index 698f0d8c..aaa925c5 100644
--- a/checks/check_extra795
+++ b/checks/check_extra795
@@ -34,9 +34,9 @@ extra795(){
         PRIV_ENABLED=$(echo $CLUSTERDEF | jq -r '.endpointPrivateAccess')
 
         if [[ $PUB_ENABLED == "false" ]] && [[ $PRIV_ENABLED == "true" ]] ; then
-          textPass "$regx: Cluster endpoint access is private for EKS cluster $CLUSTER" "$regx"
+          textPass "$regx: Cluster endpoint access is private for EKS cluster $CLUSTER" "$regx" "$CLUSTER"
         else
-              textFail "$regx: Cluster endpoint access is public for EKS cluster $CLUSTER" "$regx"
+              textFail "$regx: Cluster endpoint access is public for EKS cluster $CLUSTER" "$regx" "$CLUSTER"
         fi
       done
     else
diff --git a/checks/check_extra796 b/checks/check_extra796
index e69040a9..ac39473e 100644
--- a/checks/check_extra796
+++ b/checks/check_extra796
@@ -38,9 +38,9 @@ extra796(){
           textPass "$regx: Cluster endpoint access is private for EKS cluster $CLUSTER" "$regx"
         else
           if [[ $(echo $PUB_ACCESS_CIDRS | grep "0.0.0.0/0") ]] ; then
-            textFail "$regx: Cluster control plane access is not restricted for EKS cluster $CLUSTER" "$regx"
+            textFail "$regx: Cluster control plane access is not restricted for EKS cluster $CLUSTER" "$regx" "$CLUSTER"
           else
-            textPass "$regx: Cluster control plane access is restricted for EKS cluster $CLUSTER" "$regx"
+            textPass "$regx: Cluster control plane access is restricted for EKS cluster $CLUSTER" "$regx" "$CLUSTER"
           fi
         fi
       done
diff --git a/checks/check_extra797 b/checks/check_extra797
index 13a16727..6484c2b1 100644
--- a/checks/check_extra797
+++ b/checks/check_extra797
@@ -32,9 +32,9 @@ extra797(){
         ENC_CONFIG=$($AWSCLI eks describe-cluster $PROFILE_OPT --region $regx --name $CLUSTER --query 'cluster.encryptionConfig')
 
         if [[ $ENC_CONFIG == "null" ]]; then
-           textFail "$regx: Encryption for Kubernetes secrets is not configured for EKS cluster $CLUSTER" "$regx"
+           textFail "$regx: Encryption for Kubernetes secrets is not configured for EKS cluster $CLUSTER" "$regx" "$CLUSTER"
         else
-           textPass "$regx: Encryption for Kubernetes secrets is configured for EKS cluster $CLUSTER" "$regx"
+           textPass "$regx: Encryption for Kubernetes secrets is configured for EKS cluster $CLUSTER" "$regx" "$CLUSTER"
         fi
       done
     else
diff --git a/checks/check_extra798 b/checks/check_extra798
index ddbfe8fa..d14799f1 100644
--- a/checks/check_extra798
+++ b/checks/check_extra798
@@ -35,12 +35,12 @@ extra798(){
           FUNCTION_POLICY_ALLOW_ALL=$(echo $FUNCTION_POLICY \
             | jq '.Statement[] | select(.Effect=="Allow") | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
           if [[ $FUNCTION_POLICY_ALLOW_ALL ]]; then
-            textFail "$regx: Lambda function $lambdafunction has a policy with public access" "$regx"
+            textFail "$regx: Lambda function $lambdafunction has a policy with public access" "$regx" "$lambdafunction"
           else
-            textPass "$regx: Lambda function $lambdafunction has a policy resource-based policy and is not public" "$regx"
+            textPass "$regx: Lambda function $lambdafunction has a policy resource-based policy and is not public" "$regx" "$lambdafunction"
           fi
         else
-          textPass "$regx: Lambda function $lambdafunction does not have resource-based policy" "$regx"
+          textPass "$regx: Lambda function $lambdafunction does not have resource-based policy" "$regx" "$lambdafunction"
         fi
       done
     else

From 8a2d2924b46c9e9445b1fc5a740d6332d4a62371 Mon Sep 17 00:00:00 2001
From: Patel <nayab.patel@siemens.com>
Date: Thu, 17 Jun 2021 11:43:19 +0530
Subject: [PATCH 44/82] Fixed typo issues, removed commented line, change in
 severity

---
 checks/check_extra92 | 6 +++---
 checks/check_extra93 | 4 ++--
 checks/check_extra94 | 9 +++++----
 checks/check_extra95 | 4 ++--
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/checks/check_extra92 b/checks/check_extra92
index 0f76bd84..d83c3f24 100644
--- a/checks/check_extra92
+++ b/checks/check_extra92
@@ -19,8 +19,9 @@ CHECK_ASFF_RESOURCE_TYPE_extra92="AwsEFS"
 CHECK_ALTERNATE_check92="extra92"
 CHECK_SERVICENAME_extra92="EFS"
 
-# If an EFS has a policy principle as *, we consider it as public accessible even though client connects through a vpc peering or transit gateway. Also if EFS has a default policy(no user defined
-# policy), it's also a security risk, as default policy grants full access to any client that can connect to the file system using a file system mount target.
+# If an EFS has a policy principle as *, we consider it as public accessible even though client connects through a 
+# vpc peering or transit gateway. Also if EFS has a default policy(no user defined policy), it's also a security risk, 
+# as default policy grants full access to any client that can connect to the file system using a file system mount target.
 
 extra92(){
   for region in $REGIONS; do
@@ -30,7 +31,6 @@ extra92(){
       EFS_POLICY_STATEMENTS=$($AWSCLI efs $PROFILE_OPT describe-file-system-policy --region $region --file-system-id $efsId --output json --query Policy 2>&1)
       if [[ $EFS_POLICY_STATEMENTS == *PolicyNotFound* ]]; then
         textFail "$region :  EFS $efsId doesn't have any policy which means it grants full access to any client"
-        # textInfo "EFS policy does not exist for efs id $efsId"
       else
         EFS_POLICY_BAD_STATEMENTS=$(echo $EFS_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow") | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
         if [[ $EFS_POLICY_BAD_STATEMENTS != "" ]]; then
diff --git a/checks/check_extra93 b/checks/check_extra93
index c9aed63d..02fbd1ab 100644
--- a/checks/check_extra93
+++ b/checks/check_extra93
@@ -20,8 +20,8 @@ CHECK_ASFF_RESOURCE_TYPE_extra93="AwsCloudWatch"
 CHECK_ALTERNATE_check93="extra93"
 CHECK_SERVICENAME_extra93="CloudWatch"
 
-# When CloudWatch allows cross account sharing, a role with name CloudWatch-CrossAccountSharingRole get's created by aws itself. So we are validating role name existance for checking the 
-# cloudwatch security.
+# When CloudWatch allows cross account sharing, a role with name CloudWatch-CrossAccountSharingRole 
+# get's created by aws itself. So we are validating role name existance for checking the cloudwatch security.
 
 extra93(){
   
diff --git a/checks/check_extra94 b/checks/check_extra94
index bd721d92..de9a00c3 100644
--- a/checks/check_extra94
+++ b/checks/check_extra94
@@ -12,15 +12,16 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra94="9.4"
-CHECK_TITLE_extra94="[extra94] Check if lambda functions has policies which allow access to everyone having an aws account (Not Scored) (Not part of CIS benchmark) (Custom Check)"
+CHECK_TITLE_extra94="[extra94] Check if lambda functions have policies which allow access to everyone having an aws account (Not Scored) (Not part of CIS benchmark) (Custom Check)"
 CHECK_SCORED_extra94="NOT_SCORED"
 CHECK_TYPE_extra94="EXTRA"
 CHECK_SEVERITY_extra94="Critical"
-CHECK_ASFF_RESOURCE_TYPE_extra94="AwsCloudWatch"
+CHECK_ASFF_RESOURCE_TYPE_extra94="AwsLambda"
 CHECK_ALTERNATE_check94="extra94"
-CHECK_SERVICENAME_extra94="CloudWatch"
+CHECK_SERVICENAME_extra94="Lambda"
 
-# If a lambda function has a policy principle as *, It can be accessed by any aws account. We consider such functions as publicly accessible resource.
+# If a lambda function has a policy principle as *, It can be accessed by any aws account. 
+# We consider such functions as publicly accessible resource.
 
 extra94(){
   for region in $REGIONS; do
diff --git a/checks/check_extra95 b/checks/check_extra95
index f9cee66c..a41f3c9c 100644
--- a/checks/check_extra95
+++ b/checks/check_extra95
@@ -16,9 +16,9 @@ CHECK_TITLE_extra95="[extra95] Check if there is any unassigned elastic ip's (No
 CHECK_SCORED_extra95="NOT_SCORED"
 CHECK_TYPE_extra95="EXTRA"
 CHECK_SEVERITY_extra95="Critical"
-CHECK_ASFF_RESOURCE_TYPE_extra95="AwsCloudWatch"
+CHECK_ASFF_RESOURCE_TYPE_extra95="AwsElasticIPs"
 CHECK_ALTERNATE_check95="extra95"
-CHECK_SERVICENAME_extra95="CloudWatch"
+CHECK_SERVICENAME_extra95="ElasticIPs"
 
 # If there is any elasting ip which is not assigned to any instance or network interface, we will list that out.
 

From 74ddaf80871d1275e0963dda5a4210d2dace8e90 Mon Sep 17 00:00:00 2001
From: Joshua McKiddy <jmckiddy@amazon.com>
Date: Tue, 22 Jun 2021 11:07:14 -0700
Subject: [PATCH 45/82] Adding code for running in cloudshell

---
 util/cloudshell/README.md                     |  59 ++++++++++++++++++
 util/cloudshell/README.pdf                    | Bin 0 -> 150189 bytes
 .../screenshots/action_download_icon.png      | Bin 0 -> 24293 bytes
 .../screenshots/action_upload_icon.png        | Bin 0 -> 29500 bytes
 .../screenshots/cloudshell_icon.png           | Bin 0 -> 13433 bytes
 .../screenshots/download_prompt.png           | Bin 0 -> 30667 bytes
 util/cloudshell/shortcut.sh                   |  36 +++++++++++
 7 files changed, 95 insertions(+)
 create mode 100644 util/cloudshell/README.md
 create mode 100644 util/cloudshell/README.pdf
 create mode 100644 util/cloudshell/screenshots/action_download_icon.png
 create mode 100644 util/cloudshell/screenshots/action_upload_icon.png
 create mode 100644 util/cloudshell/screenshots/cloudshell_icon.png
 create mode 100644 util/cloudshell/screenshots/download_prompt.png
 create mode 100644 util/cloudshell/shortcut.sh

diff --git a/util/cloudshell/README.md b/util/cloudshell/README.md
new file mode 100644
index 00000000..75b989a0
--- /dev/null
+++ b/util/cloudshell/README.md
@@ -0,0 +1,59 @@
+# ShortCut
+
+ShortCut - Run Prowler and ScoutSuite in Customer's environment using AWS CloudShell
+
+### Use Case:
+
+Customers look to use multiple auditing tools in order to provide quick assessments about their AWS environments. These tools allow for reports to be generated for review by the customer and appropriate teams, which in turns helps them begin security remediation efforts. 
+
+Prowler and ScoutSuite are two publicly available security auditing tools that provide comprehensive reports for customers using AWS.
+
+ShortCut is a mechanism for customers to use to run both Prowler and ScoutSuite within an AWS account, using AWS CloudShell. When customers use ShortCut, this allows for customers to quickly perform an audit on their environment, without having to provision IAM Access Keys or EC2 instances. 
+
+### Prerequisites:
+
+Note: The current version of this script is ran in a single account.
+
+In order to use CloudShell, the customer will need the following permissions within their AWS Account:
+```
+cloudshell:*
+```
+
+In addition, the following IAM Policies are needed in order to run ScoutSuite & Prowler:
+```
+arn:aws:iam::aws:policy/SecurityAudit
+arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
+```
+
+### Instructions
+1. Log into the AWS Console
+2. Go to AWS CloudShell. There's a screenshot of the AWS CloudShell icon below, or if you're logged into AWS already, you can click this link: console.aws.amazon.com/cloudshell
+
+![Alt text](screenshots/cloudshell_icon.png)
+
+3. Once the session begins, upload the shortcut.sh file into the AWS CloudShell session by selecting Actions -> Upload File.
+
+![Alt text](screenshots/action_upload_icon.png)
+
+4. Once the file is uploaded, run the following command within your AWS CloudShell session:
+```
+bash shortcut.sh
+```
+5. The results for Prowler and ScoutSuite will be located in the following directory:
+```
+/home/cloudshell-user/<account number>-results
+```
+6. You can check the status of each screen session by typing the following commands:
+```
+# Prowler:
+screen -r prowler
+# ScoutSuite
+screen -r scoutsuite
+```
+7. To download the results from AWS CloudShell, select Actions -> Download File.
+
+![Alt text](screenshots/action_download_icon.png)
+
+8. In the Download File prompt, use the file path and file name to download the results.
+
+![Alt text](screenshots/download_prompt.png)
\ No newline at end of file
diff --git a/util/cloudshell/README.pdf b/util/cloudshell/README.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..f7c3f80d32a0986169546a90fcb9e70d9ba1a65d
GIT binary patch
literal 150189
zcmb@s1yGz%*Dn~{HMmP~cXto&?hxGF-7OH@CAdp)hr!)_kl^kPJOB56@AvIiZQZ?l
zce|*m;hFA!P9OiB(-cbLk_;@2?C=!xr^h?+EF{b%4kp&{{QOK}&gRCh4$dUhVwTPh
zc2;h7H1JGH&JJd7rsklBsy0@}OrW(ScHGRMAO1Dj%E4aT*wvhbTAY`anU#f^jfIVw
znVprHg^rn-3iJn>C+}ePKc6Bf2ybq0_74ec|4oXiF$oJilc+oilY)b@ow4nIPvZFR
zNn#@ZO#1g!IWZDucqX~;|N7MY=efKb2|GNKstAdzvzz(<{a&oh|Gk--m!mlela`{1
zwYjM)Xq}sh>%X4J*cn@ZmTOv>xmuEN@o>R2Nt;_)Sh|w1@qn1%VC&$l>S$~VS}Jbt
zZe?n&A|(oXmzArFlDV^(gPo&;y}7+B2{$~Gq?N5Jh>c8=wjhRyo0~eAfp(QMx3>Uo
z%gxHgEhtFh;tCRg9lU4udCsw}npF4jCkiEP@HY6!(&mgj1fDXOgdQp;23Kz@R2-g&
zgakOP6WDJj3pneE2XQvaEtV+lY`KMR<Ud5dT5OpuS+F`>Y`pGvkH6>Mo-@YGm#)v-
z%FA8*66c<r@VZr;ER+LFEBp^#T}?EalKwsB%9IxtCVpZ(fYZ_Zd&HqbZBw*B(Tu75
zXUu)mvK%ARR7siF$h+V+QE!Ggj#58X#o`{OG80yYdl#lVQ&;`ZTs#&qf0Krdsb5p8
zD1=a-M6HgV-aa}_>pX&6`+IZ}8sGmtdf?G~&hDppgwW&867GMQk4n9-Cw>-@|6ycc
zjd#5F+^0QDQCBI{V?(gPLm|Fv`ZsObXjRa*QjU9t1@V(P_c|}8`7finuOqq7&68eB
zsY}-C#}+DVKm|Y$x(UxlEic(G*VgYNN@m6E6>9UImKEe|WX=u$J~d{ab+0=l7vpyJ
zu-yGGfx{XG<6m~2bP~VjsnX1ORCl>b{%+JiZ^N6J6LW=)YZx@ZcL=Df1T$a4z7kga
z293LMbXzIZ@%}EMKD8;v^(VwR<%Wb3l_J(qTakVFaIv3JjpPzP)yMo_TSwoQs`~9!
zQj#$={>9+13KA^|Vz<q_v0*h5GT=?}khHyS(|Qffe8b%xH);eQUzb_RXOY01)oqP7
z4T^j5ENPhfzt~nl%dNqq=$%&Kd~tNDW>7MRRnjZ{wSnMk!(4v4E%j#bTsjfV?iIC%
z^^`t7b`^o$L;bI_y^`Mv2_Dz0y>+^a+iS|}o_hzSEj_J|X+7@{K}mnqV;y)_uT9QH
z5)rQ>(SV{)SS(~;|IR#Kq1_!UJ|1Az!ufP1hyEAo!dd`|qK$~HV%l0E%#1O+ynL3F
zc$N9=dQ$j^ZDFJu)^oV5E(MJ?lrvMxwIK!fr)F@e`(RAw<HNjwi`S3Y9HvVVq0<1f
z($BZ)PcnLy?$22UUvWINTj1w2@o$m*+kX6s-}`2Vx|+40_m`jIBp}s7SJ5i|hvyg-
z!A6V8WZ0nd6R&oCsMRD>w;*x<W>B<>{fk%U+B!G#-G@`jur8WL+N;xuqg|jXY4ds2
z3$RO0g8&)E{6&UDqX}90De}|#`|ll1;qtm=37Vh(butpI6t(?LunFJw4mHe_M7&8i
zT4Gg-{YmZ>r?;+Jd*3+^y4IicGy#%lO^6v)Kh+N~nKS?na)fNNCC@bx4Je);yEbXH
zdI%kGSh6b9cB^sB%Q+zSiKJJmY;241_e+1RuC)oOS{MSBsY`36@Q??X@0aBKfw>~y
zsRJ(mOTNa+s8tP%KETRtew*9&@(w$YY*|*1!Q*ro^SsHFM$L*%Q^Yk^k84~Es=jX_
zRDDl*1Pjsa64$)Q4JQW*cter~CXidXG~Pz*D!41%%U6R}f;d3-rZNu~iW|agf;vqo
ze9iD-zwzcOWk;SA21P`<`r|Kyj&@xWe;<#JG%G!=uAxpF1-%=tj`lF^49080%ysjx
z`s-$}jfAhIyad{8R8*xX^Y7iphcy)fJ|U&g@@jfA`{8NR**3g>oQwd>p;;QvzFdwD
zqjc6hRXv?$-@>*=n}=Wu<ElMax&Wuq_?IE4`Y5rKf)pZ5NxLoej(Ts8l^B*M=P6x{
za0D*SAJ!`|yhen)UTZGb=xRQH%Ls_`GQr}a;)%7IFSK2#C`yo|f>=Jj@s&y_+-=dv
zXlm5GDY@!d|AYuJO4*ByR~K5H*NIXupS|#xRsZtsMnz;Fo|q{E0q*A+NQlyjTTqpE
zoDmlW`*nm30$;Ou-ID}Z8Q-I{pd#Dd_rz9e9Ri-fM86PA#a4Y^(s1%f=vH^FMMqY<
zD>VsB^aBd*4&|-TVLUUlaKW2TKP1i~_!yX+Dqn6qIbM1B-@ZSNz&COByWu)(4_2`0
z3zS_Jw`|pH`4~AJTfa$Z*-V`FARJ@mT2J$P*NAO2;{=EMCVycfJ+ym038A9X(T+FM
zeOyY>v`ffL<|o)oktjgZY4;gYz}fc17pIvzF5BB8AJ%m62P43rtIuFNG^s-}ZA6sh
zh{#m9)2mBDPqlx^hU%NIld`Mzp*g!}#q>swZYgeNTz~+}>pMRfNpk_#r!HM+_HX?T
zL5ukFTwLjVfGKg51EX&5S1g6-jmgv*IYM>ti-lYWz>#A-A<UuR^Sm;Hg_-j?(so;D
zG(6=I{4!TEDY?@Z3Nb+I9gAQ0eI0C}o^~ll9T&V3r`vIlW29x?A~{=yj1EEr?y-W(
zv$`escn-Tf9=uqO4f}@tBO$i$eH{2f`fyK;TWL@wApJ=DZO`85FpLYe#5CnCn<V9I
z>TnEmF7_K|>kmfJBERQ*E{=P78_x4G8|!kO8TKdJ%8FC>1x`e%AST1MA6gjb?VK3G
zmOnA8bky5qbhB=<SqC9%P!m3}E=@KXaSSp$+F5c#YFRBXlWW$w{|>Arn^8fB7B<{$
zk1EANFxZLtKY$&r@*r3+Q4_^y_oZ4!gVC=Utwgv%IEHsQK~uUmZbl?%$!KpnmL1=%
zZd>iD=vfZ!E@B$jrj;knH7a+8(Jh6#E~rUi#g9$paCwi(_*UEV6Fg87#wvwnhRE-d
z_eW~?6s@KFN<d3!`Hd+)Y%6^+;1ZJ-!OO-9`!ltp4w!VmGjE}kZjO1HGkvg+$?!{R
zF9p96I!OJ(Uu*w{R|8-M15&3;S8{^Ls@z!h2#zYeTbxSpc1^Hiqeg=cZ~6G=Ba{|2
z9##YmXvncCy43n;VsoGyuO18K%n#zUPRaZ$(c%={8Iwb%?u$?LB)(7A$KtHK_np1z
z%j}c(k>b*|kl`<!DZ18MZ|C>Fa<GA&4~7B`240AylT?Ns&PX)V4|-U>Ss5)j&%md@
zON&6ix|VCL{OmjiYOBkm=f4j*9`?ST6E2)eK>@EH5kYnEhDctoT79&Pav2woo9E~6
zS4)=+Tgwj<1RE8Voc1hj`)s+Jot0RP{D|E3aPE>OB;MD>Au#KT#>g@2*{6p%X{bH<
zt{mOF2b)#>Cb2@?Sf53d6w}mNzvD3XPq{QM?QLypH=5_`P?J*ye8#sRvhzu~6lhtt
z&#ZW(T}UPAn_u%{`kzq#en~Mt5_98zjLpr~t9O&~v%#nI#%<rr@LAfp=d(7F&s{f&
zyBk6Js-6gU67xMSFFDk60u|S)EXHcw2vOV%Pk^fO;cOaqdxw*h5i^Wu)+NYI@BK|<
z9$oZT(p+LdNGajsYMl$00*gSv#{&dXp<iG*jx%TprmC&@RHosXVINqUhFMB_YS`BT
zW@=`I2r%L_qQ4NZ*ffU>bOTL<n%2t&lya5tF+uG`e~V8!cPg{JVw81Up+8SdE4uA{
z{*+O+BO!}_In>epQ(aK~9_9z5wVxeK_FF^({7?G54V59uyvs9Jxz%*+j1>VxV0f4k
z|B7A{(VSfN32LfxAj?TS{!Z~%qHF}V_@pr;w_#n!g>j3io%Zbo7Ptq7KW?ptGixzp
zOVDjG@|8VJzJA7|v`w_|fmj9=T%P&Pc&xE49m;;by34-ca7xXvKq5bV7drUZ4#|!F
z@Msd~7OEEr6Gx5+t1S9&qgr9>ki=e(a0P56=ze0S6SA85eL<O3;5FEiZ6i@puto+0
zxly^X(vT(l45(?_&znB8;76maQY$XP^3rTRedw`1t&pw9+4C;@x8Uc0H^CT*hy;Mf
zIx%QNv@>ecueDHQm8kW!D+7VIvb1e#6jHn7WY>$ZUq%f-KNN%HPAlB+1$+k|X<^My
zUO&)U9-a~})WZpT@wtQm^)4~XUk1!BtI$;S*61(3<eqi@<TUMmTO4k=B>M<a3_v06
zRj1$n*_*DapSI<H=>Z!Ud8KYUcDDtCBKUek7b^5}cFWZB0UeY)!ShJWFP_PC5rAYs
z){}97m@oSMTkGADdME@YcWE6vs>V(wsRJ>cR+uXA?cJip5Q>yB0F2bJlGDR&AawM4
z)hjG=SShexG*&cSijCzA;Sp(gNDh!sn_6{^dGXSpl!7=wFpwP=BM*7V3?^x1gaXbS
zb8{Ss)c*{&=QY(S@hm~{wBmY#=!{xa_}M0ooU(2pZnk*gN4F$|vKMTO)QlJwYGj$o
z*TL=EM{sr3jDXFe(El?khXx0GkV(6d(a*a^qu)y><Y^huV_xX?L-=DnZ#~q^2ywn-
zsCT^FvdF#x6l40DLYXhP3Ax0qEWkW(Q&a0#EMW)`a>c)>qw<_m1Wfe=LoilnV=}^@
zJDk!9P&3$}M)#QoqW&1U({o_QASbto??zS~c?i818NRI*Ji}waeu-K_f{!+8PDjBx
z@RY&^|J$pc)dK(3bj<{-Hb)OAe8{>0XtIzzf-TLdX+)rRI`gIKFWc*H;D8NONr(O;
z_E`#6Jb)qyUKp*B`ip87U)c#=fBv|UVN<};;HSk;zjoopfafX?Cb*xyE`Xy}bDb%F
zLJk%rY`heJ44AU?PafG@HnXA~j6fv2xJuhND+y1g5Sd;hQ1mR}ZKy&NAE13^Eoj^!
zr=)ZSFZCb4H82VYSCV&!m_qm>ai#!kluZimq!JGO*A-4bMt-b=+{PWOk=Oac*KN-@
zE@L`3Z5m-i^fS$roByKBL9Wgm$C_n9%Y43`RsdB4imI|#D`knevT3;*X1F3`lFGR5
zJKf8(#NK~2*hSa<SJ6{x&rai478Bi{S>AzkPOu`fTVUU^qJ+NTc-7uVSDY~QJcpY(
zKaX()qLQUm&2l!c@i8(_p8IqyJNToY4^-&iGtIYk`Q9q{RtXih?J_N6cRvu@$EVg+
zTzhsji?~;aWlymm$~5Cf4k{ZpQemZEz2#iN%tJu;648S46=7KwQe*Yd=@&<wf^l9-
z6C5{|LKEAF;`!7@P6t3bV$m1oZF)?1ta)ol=J0tX=a~aZ=md^fOh6?a+K?k@f5R9j
zf5H=-pjebLp(#est|%5|Y`DukzT%pq*Na0<U#1aaXq<46va_hHUkvB#kZq=wQQe@j
zG>Q$l(qODETUa^nhZ~C>E^A1iWY*ZTEs+X*Fp`RB4U`wm+~^uB0<?9ggiL5q{1uDi
z!9-g)JaR+RL`9vru3vvF{*HjWl-K>N(h&o!TwY@!G@-E`$>faf<_>U5cDZIi${Cg<
zE+btdK*5P-4i*Kgj##iiU+PGfng}=+b$0dNDwuSNUS<J~W~}9;>iCZ3*4Neq`NvJV
zS6Tr+a2|GEQi#u@K<~@nK&&6>aifyW&KZb{Qe2e3ohYKU;&otXOHuJk`{v`>_24PH
zhbULtw)NWVsDADAa~usM2S{*7kVVCzk7_}Y^-G1EQa&bwsi6s0^{a(dgZV>auw-;5
zGMK7gTTd2e(?xSbZic*xRiU$CGji`O@aKq_d2S$!Yd;voiWdGPPf%yo&gotgAkdQV
zZTI=KS)K@U<`*QJBW?+o5zYrex}Qb`V8Uq3h&+LR`kykPnCH61hA;27q~`tZ&s&VL
z&i^362Kc^S0Jv&}4L3etK0+d91*^W_sDGuo^jnTFn_aVEG#J*jnnx(2s5<ewg(o|t
zH(;2;q&}oub|Cq9Aiga4rWi^$pt0>}`>7nV0omzN`)KdrAU%M5U{65Al5N62ozb#V
zRO?S)sg-d3Rh2V#PIjs4_GxL9g_3;Yu#TG;TUXQ^zsU!9B~D6@c4LtqBbv^NKNfiX
zot|KSLiZcxCdi%eBONA52v^t$inx3c+n!B3y~SeKvt2vL6_G+yMu!C^<&!`Lx}yo|
zMh*T;akN;}X7+TM;K^S8!qAX@W21uoUEC32JQ0k)-boljr@%flb2BF2<Ofonk|u-F
z%y6--q*o=?6`GgAy3oOISb`oq=%4OGXIZJ>ni<)qI`6Q4y5d87`bkB6LD})bg|<OD
z6T5$YRoZ$p_E2(MW{i*h5jN3DZRJ}Ll$!R4)F)DaS3+D+=<$0Pw>T7}kt>ZfZY0r0
zRqPaAES*nY;e{mLB~PbS;tBKgfhU4)Z<Oae+t{DgEX6hS=!A+j)<F{$Y^MY7bBI9u
zRSL9TWDKYh4T<Cn)}pW;Qx~`2gYK`8=lJ7np<8c|MY_i35~+UN9VfI^noVKc94ral
z2xfy8XqFak<%PiPw9P<n-|lF<7>19hk>h1?R8L!4hw<f$FYD&r4ka2o;&AHBd^N}u
zm}SjHSLnkalRKVHVVAZusz|v7P(f&jR9kewDRlYyac3ujS8jP8>icHp^oajPNoG?z
zi9DoVp1iViY+$v8LI(b64ptA+o9F7OYrLE-dMOFw&+EU26a$k-r?I)M(b*bVjEg{$
zj4-X`Cw`1?dC$Y|f0HG8X7Tt6(Ls->ZBo(w@?3p0Gpu^`O!%w^omkb2I67sO{t{(H
z(y$NV>gy>r1UJ|?RySKG<y(kbf;#Ut-=5x#cw2ymL104b1sH7#t=oH|UiwtV{vrJe
z_1B1BVE0H4AUl90A_fJcs`G<_z&UWHaNkShn4oxd9|CEMu4BQ+{Cz#6LyhRzN@@N?
zOjt_GtW7gAqIyK4?sel1at_jp<#d_xsSVK$Zh<Yx48#MyW1Y^1;0^GsaZfBvAi93<
zubb6Xk{g4!CmETMr6M0)DDNJT{F6gWhFfU`RXwVxnc3N%Z0GR57RI}Yq$0al$835z
zSawiKEY+~n@g1XI+vh)+Wrix+0OQxQ+k1lt&eL;CK1f=CgpDDjQ1$Fc`Kx<sMuVV|
zU?WWPt7_IrMEZ-qI$Q9ha_=qT7x`Wg;GdipjKHj{s(>?tzfL*0xLG|Uf5WTnqh3u^
zR<`8R$o+C|m>8L0Oe48m=}>q~TT!9uuwne7RV<`2Y0!ku67Y1BuqLs(+eHmt`Q&-f
zERc`~kC@B`mFfLnA!#CEej0+k*n!DyyB?4Xz@~TXJCV~=R35G9^ol9ivs<IQ=K_A#
zeJcyGx$3~V1;#CAzV_X{J>N(Yg=4UQ+iq5B|7x<eoAUp=;pJr(2p0C&w$bI!Y9-z9
zDc<A+660xh#lY357;cV!n_W;_)@R!rz^Tf1;FdiGl!<(szB|6}>-$Ak;|SrjHHV4z
z4mQ-oSi(R)*fm9BgCI5S#{R@uV+EHXbR3WMD*;^oj|CZjk6H2M3YjrG2tV~b)cYY~
zHW}!ALQX{E$Dp+r#anu{ub5BK_7-11HP0#icrn}=!;1!ky*}cjcO4tkZKYSbCwE1l
zP7N<Ch9V$=r|0vqN^Bf%nZzgqh<3RLO_`U;=I7D?2}3P#>}y7xsL-Cda(Knq_mi-7
zgc*fF8FRwwclwr{qwGt=8<4G67C2^#sxENk!Kx|nh%t6D4@j8Xpc&K~==SfoM{m3v
zUC7gs8Qz6AD_@78v1&L`QuN@6v_>Sxct%OI3?k9#pjX4_VN1bP?LM$T^ZHA0(SCU*
zsgK65HL3Itt*3=mMS|0~mQeTbzBKH1W{7Of;~-Gn5R<(nNNZ7;a^{Pm9T<CV-U=_%
zeWer@%E5UIC><tXP{a{b`>9^n^!75T2+A847P#CxUxr$Q-W*>Im{uqm?UuSOUyj5K
z)b%}D@7YC0h%56G?qQgHUS9^$fAv;CjW6$1))EVfAH1S)aS=IiP2$3UlIXh1k9{{?
zkFLiZDQ>faw|zzWHwWOS<5Tk|b&M7!z60O7U*ERq=N1f?^0g1pPqVf4E{bQnX4t4w
zL|SC_WRl6#b@@BuCIP1tpJHC)ms@Xz8E%cLwbn4Osnz5DdgDXJL@F4H*e{^y0a0UQ
zMy+3pMA?rIKM=`(UW};fRx{Mw391_{t(16q%gMOE<jKPB36)Ir#@<w%vu`w6j)1v|
zOBi7=BRb!)J(<tasdugfU8eLWFEufKFoY;0!)3orV4R7hsR{PkX{nRf3AAi>?3(F_
z>PW8eWlAJmI{9!)yA6=8Sf+c{pc}~@NS|Imf5)Y@tZ&-T*(b_IZQNxu?@oQ}W>-0*
zE~pGVnql2GE~GJxHKGppxUI~Gef~mkob|KX>b|Wrgh-{Sq0`fi!UswR@gNIzgea*)
z$>mO`r3=rUSt&-l&HY1Q=2I`cJ^f(<c2hAH5+JL1id(eoq&PndDpnL7^6_`4^`r63
z?8B#4m92FpB+A~)AWg7eh_fr~H|Ky*g(dHnJqVP_GpXjEEVnen!S9;V+<CDvlxFV)
z&n-qmR!2#(KG)&LX#TOdY>2)G<;`V$jHv+<fdQZ*T7Cf8P?3<Ri8(dCz1K^RQQsl+
z3_PSnWy5Loa!=i%QEY$l@Sj`hnD#)Hgzl?&n)Fz8y+??ST`dJ3o?L#k${8_GEo8sY
zM0luJ>Vuo_HP$oPIkbMPSFN<x{k6x^k6CMRy8J*fp#M`4I4nq$lw{b$+yt&26cCP8
zBR<tzVFwr;_>LgD`YapB;_E|&vpuJ)iIA3ZTM3}!^8HvOUQIIkeK4Q7{(P-U_@M>G
zozyi`;34!BsfAhHW1p<+W7ND{+ijES670f>Y|Iikco#&B1b;tlQ}Iaj#qhc~KT=yo
z!ykyJ4My5bY>8S67#JCl!JQzEFiiLuL?wP6&E`qd<-s{zzAP(1fN7Ct4vpqFwzEOz
zV4<MAaiRg$I$!r6g~`r7ozLC?YxC+29$-U1O%M70_+^kw9gpn>Fp>%u4JO*<B<M2l
zUSAWeVQ7Jg$xvS;M9Ry&7|oln^?(%am(e&XlPW+C3p(tSNN?~bAkAZv#@|=@O%~Q?
zjDuK<dJX|b{R^U<06d$Gzti7A@h^xh>ADVg>TGH=->t~+-U(kuM~YJ#cT4aU1`~|X
zuTjZ1rAOTARPP=+F~qp*B%V-XE=6u?{X-oxpq`5oMw!xT9C#8no8)lF)rjT6)DRX-
zG;00@wQeriJ_P13FUqipobKiv&i&1`pS{y{t_5$4ZI*)$onUWv+-cikYH4U$7ZX=!
zmZti@aJPN8^3DKPC$_*)P-TDd6;jD}h6hOF&bh=+t>fT2u9FEcB8`aHdg9Us+c4D7
zT+l-_hRH%#ne^<Nww2AwQt{us(nYFU257*WQEa&*3zLQH2-(XlsCDK-agjU<tO8dA
z&(1~a#thdV7K>b>!L+w9h>WXvZxvcP6#&axNTeF0tevLD-+(o!)eh^MYg}Nk3+t#|
z0TR1LPu5eh?5Jx!I>SLFk?LX!Hhq{`teXNIBMUijkmgw$%ulLcvJszO4`U(2)A&R6
zLq5yRPt7FcnLE^3(j%`!`=w2;x#)k|N*gHKzf-X(aeiLIr+QyObOh+X=|T@Ftnk_A
zJn<!Dj5URZ!))#IjuA6-M+$mcwNa7jCBrNUYHTUlb-mn-xAMP)tK~y`nfznV1-Y_+
z&kSwnFYvyJeI|`CL?y+@61=f$)4N<b>x`l<kKgIw(*_T~yu~mNkgAX!K!q=l<P*M)
zTU}Md%alF+jP+TQ3`|C$grepLrn4ATH4t8XP#V2tENov^H$3feEcbW=i7WLE3A=%i
zO)py&mU+O2r$qA$6uev{0(-E~4_`BW;YeS%D*l4PnIBNmfhy~%-$F`0-WuGwVUdKx
zo*MCYQIYu+sFg#8D`0b~x?2MRruvJGiRb<8`ptl@rOvL_i$e_Q-Vt3mCA?d+>Okk+
zW4`4t?3qmSM`>CS>~EC$<<KGO1K(aaJ)vK+0tYJwX_++4y9rS%p<h(T6Y6PCqaRCC
z_qa-Qe8+hK%N4-4GZ$V}H$7G_-6vS-aJm!2>OK4OxS*}-_+oP2P-YWhL+7!raB8n{
z6k-uQ<6$@oYw0>#Q6LQ5Yv2{#g5z7#_SG?$vJ-@X4W9iXN8a|Hzv5~ebpEVwMlLI6
zY8CIy+{1W#Ojz(6<@Vn&1rzlPa-V!4q}*5@SVQ~A;;Tmb*mS}sX4d(H&tLuO=$tH*
zcP_A^dnmg6h0Rw(F_<jH@W<Jnv1d-Z`*I;eD0KZsM97r05hXc}3U;-Bx1jD$6KOOg
zPR%$3Ny#6Bruc<cLC1^r@T#XBiczoG#t%?TN)2fyDdEvrwGgTk`U+9?9ZExDsCaLo
zFT;8P-cqfF?Ap=`yf<q45suVZ*XahfLxBcK3%)Y>pCPL5SoPgOaW7bXig5iY7S!Id
z6HOI+)bT)yuWB+iEou9)b${`Ncg?o9g5|5~u!6hz5KlmxR`K0}v~kKmjZKv@_+WKq
zxC_e`woj?c;FQLJQ-j5TKI<=L`vNnIlf>H1ho6=Su9kd(|8(c%6=GsNb{0S{@2C5(
z4kM0+yc?)rSiIzgUB%vTA{R9#my^#|^GH=WgF()c@_@MAy<lOIL@``J#SdNfn;rbW
zn{y^9%_umyhps&*sAefH!>M(voIy6Ab``H)SfQ<jiF$kU<Dn_-BZarRm8|*=a(+K;
z@m0lz)~#B^Xf52oJG>e28bu}7N+gZ_e!bV%H6y>-A1mFNw2vKAKy6+xzy+^`qJzs*
zGL~M=ZG07-`+1uXlag14wVYmqqsAkndO4wRu`<c>gy;rgx(D^Yx~-s|ak$G5W0J;Q
z-8yHfA)aA*8QIlZ9ua|XI${&;6yJp&!jbR5S6Nck<J!va^Jx_u*5%)2{xyz|e=QGu
z2f{C8kLGYnWeGfj?N|r)@5FOv9Te5Ps)F9@oaykY$e{l3zB!FR&dqa;h2y04*|*p9
zsOI$G<fpjuQ6E*i2-{3#A??vu6(?BayK1H9xAH;WlrXN!|Iu-OcLp%D4clm_&Vgi#
zS~Dak=SRtz5{MD4;zSYzuT3iEmGk}I0!~VrQ>Blpaz$|`tO3c7+|VlWUaR@b4W*HH
zTnS~VR}k%1@vCZBQ27V(cjLv0e=b@4=Yqk1u3NDFpRRuVFWr7%V`csC+YkSI|NrUw
z0}BTmC;R{P{==h-noR2DCnDKFso(97$I11ajEfSVHE~<T=?m1^Mizlr&-rx`p%SF#
zYa$))pwKTop#;)6Ua`W`BRipxH=-jxm+BR?t4Um~-oT3au`a)Hr3Q6PULd!~-^sBo
zE(cnn$LvmYH_724$<>vEMM+614zY^gTS~wS!qSc&<E%e9%k~MU@b+gF^Ok===of-_
zbLNV<WcfnKq?y82%V>a{T=8{}znv?x_^9NaZ=GIFF2BS5y(_-#As)GIV;NYBPcZn6
zZQK^YSW6RP;JwA$ulTRGyIuR7J6Y!_c|{*p#Rowa1J=@!fBAlEgmqE!QDl50(xh7s
zt-7KEQ^-WKaJU<V#ERh`s`3MGZxNlB+lA8Sgi)m*jkCG@vQcyhx92Mq!pJs4^D`?e
zv#YC{^I|0H?-5hY$+6&8L5^lIQj)V@b)o~gibxn5kE}GDyxnD>=}XyvO-9es8@DrC
zDdq_wmwS9A8RiIE;9~z`wv%}NQDmWuCt2HAhm8e`pPD!O`~yR<FW6TjQB^5LQ|p(Z
z+G}TPP2hQTcvQcu@f@>Tdhg5-8+(fd$7!zSK_5AJ(-2XHp?m#gS|9nh`|u?42hH;^
zZ0MfZsAaB;^_RsGhn}sQ_vQ7a+Rbj`^Z2*`t`$m7d|UDogkRz11CaKDt(zU@d~JJW
zl6lc%V+RL6;xzd3=j-`?WOejmBO)W^Ty7~~;6L;a#WABQOv;y^mRZkoy59Y9Jzg_D
z=|kqkkNbhB8UZ&!`yJ@A15>zCc^c7QSh&{S{tzF()h*a++EEL}S&UCzLtK^*jPi81
z`_3diV1N_E-pPz=e{MghvViDj9ihHSu3wj{%(1Q;cL4t{!c6dbwi=M<WpA@plGF^8
zMJ{kU{<9TX`&+k~^I+P#!cX!c4P+;hY*-DFRI=)cEf%Ep*w_Q4uaQ>bfrN8Aq8HrV
zWDRAlt=$D8i;Igw%tntKy(O+<;%Q4h5!A>IH~Cz1)3nZY1!C;5n*FfTgl2MkTzs6s
zGj2r;DNRFqYWk|0@`C)e3!6as<8b-wfeRaPC$$h1>M43}9i@~O_gCnh$n&Y-!nlp=
zmJZHgcW5-gvd!B~o=|O7g|(f{>GAoWS3D!trrFABn6<Jz>KY-K=*H-I1e+T)uwWD0
zi!+5jbY{7tAQSbv{3mVyZeyE`xx({{=2uqGq9Bva?fhhuvzU4s#tOfWM?(C?5JJ#Z
zBIUQu8sgm&nr`J&l<4uX@vN+@43lOaJY`>C=<aSicwzd$u@{S6QTDFIbfig~hRvgS
zZ;2(FtdoLON#ZW(GE%ULo{q-S!ona%<K!$s_HJ|T0YYM5lp^|hJgMr$L0vN}hM{6-
z+wr!&mZb5EF23d;4Kqx0&hpdatEr+^H=pMI1+g4=szjO}E^@k%(Jh2qQr~iKTmo$N
z_O|RTX|f%}G;^ft6g@XMd}ci+=J(S}=|J0#G|yn9En$a@RV(-)kz8&r6`!IKFE(k0
zXg^u{p5S9e;?>IfTZW{TZFs$HH;#3lHP~Vx=Lkxcx+b{lcVYfGvb$_197cv;QN5j?
zp{G7^HWHsf5xUr_3y7Fr{KE2uD?o7}e`|4>(8KI?yXX=ya|;7il0Io{S3rXt3kwZJ
z+Cu)o%~$X<+bQ9M??q?na$O-7b-V0aXjsr>ayACWOwv?4j+e}uuxt9yRFcYwea(X%
za(*x+XaF;YqdvZr!K@zTIZ}iiOP1-Hs48MDJY@7KJd;#Jq2t6r*vY_!IC|%CnBt#-
z3Q0FYTIKu)58~l@V5|&{Bof#@u@f3I5sweLxu=;3OJ)j3ipj*CuP{M8YtBt4E%D^q
ztB!3C;ow}jiw8aud7iG`Bt|1cHUl-FZNCjt^H=+aOrI)v#pV$b+D74->(DCwJ(*gn
zir%V<f<W>THtvYLJgP!A^-!DZ($-h#9%3wfiZN#K%f;#x&iHJT<I6|e0+({;wAM_T
zAG+MSO3_HKdcTCZ4wS3<=Dl$E3EiujRrOR1#RV4J)$j$!6bi&_Q>&F?BcN-@b{{gE
zD_W3WdrXfvb<M-HhZp5o*85lcm1Do8lj(X3K#_|+b`TAf3Ti?qZFw3|WoD@Oo_-Lj
zM)Sd}`L7|Ag4_l+SqM~{1~nzb(_O{e50yJzsSj0pyQv?9nrr}D1PcTyCu{#q_Rw$&
zL776lv*260+cHGaoir<-bv{C?BJ@6Y1?~8=b1W}MZww{Ury)!_j6G4Iw^samS7C8f
z0hO5@T`7Ow-g#C4BS<nuAkyTV=mXI?dNZ^lqkDn|bWtuM)8@d1f4&YBY^p_7-|ck{
zt3-?J2dPRys+K}@9cgMt_7>-y@g0jhwCMO`UiqT#u#>&5ZjNun{ll)tS3@I^=J%GI
z(aN8A(=FQ_+tb$2i3i&4Q3&&{jf;Aeq}z?AZ_*f04*erD766EfInc`J)nt1)7S)Lo
zSJUVW6OjK?oxo_M*^JyBUegtK(i+hI*s2aI;%=W$qwZEG90Ya%I1ME+4&8;wqM7~>
z9A5V7!4_TiB3?RwZ6kf+V_rQNKYA^zY?4S88WH<*J=%!zB6x!I+Je1|$pW}F*_SWw
z$U*Tg=bGmiqL<sgEc%fp1p(L;5D;9m`y0PE)=$kP{(WjdU>L=(#b^8x>!U1vQgQ(D
zf^P@I5LY68rNc&6K_Q-@jWk?J();!0#f_Jf^K@x`xm2anl$Qw|aJcSK{8uoLkFjjD
z)|RI7yvkl_nFHrjA;}I)vQcwW8Mkap3PWni=kVZQEveK>xU|y2cCJy&Vg7WvmWqn1
z1A0xMolB|vHS)(}VdmS(lJissx71gjuY2B%GaI>!RkG8HljGxbj5J<0Q-j?>L33l@
zeV9;F!S4<xv#^;A5K&NKxEAY1uo9A9z^4rPZN5IobU?2|^`~!Tsbixmd^XYe>wcJ&
zq?;EBUsr0@4h;{34pCFt1v&Cj(N)e+|K~jAYJ|{_!3ej6=**~bRt>^#`jrUAjTi$K
zMvYizdL)pXk(RNhy0Xa8+tM?g=EtNyY(;5F$#%SYW;}ID#24Iy;w^%$eXJs6=@~tl
z1q1mLWMiL7fSY0LT<-nS8%YV8D&CSiFQp(fh7c2VSy|OLso0#$s}We$iOh}>LPa?_
zL`1|gwTizF(jMpDFFBFPmd&^s>B4dcn<YO%uz}CXX_be^e19J)E)JB77zPLtT#p<b
zQDNQ94iop>e!M;y5Yhu+K{0TzzP|qB<6~-SDtajCNF%`E9;+T>^@nkKFaBir^jJeo
zOpL6oY{2{U=gkz~WtCprO$dtM)71cq&<kw3zb%|`Nje7t+DK7R(HC5zw(|1w_IBPz
z-hF?4SKEP<^*HQR+osl`%JinYv4}uyMx3|Qw6x`gg|}M=|JyB}%hgC`(22rOH4zeG
zXLO2Yn_619I5|z8)j>l|Em^TL)?D4Bkl8AoR}RFJU(Z=Uu(3y|eq`zE^VUH+<K@gu
zT?<#NwY@6cdN>4j+NIcU!b3z}o}R6>wJ7xDz4mr?cJ}r|Dz@nw0^`Ah82@BU|6{8T
z58&(jWq<>Dze}lB(eYO2ZNByZ%Gw!?t~=q&N5p2iBCCaKK~rf4H^SzWcNv?Cn5nF`
z*CI$AunwK!F}uz(Gc)msiDAZhbCBukN=v0G7p-Ge8mppzz|Dur3@jLfv&5xOcx>sy
zN!cRw+)7+;iA~kn`D6>@+Aar~sufvAFFS0;j3XVn#<=k8M`yEYg&XE(XAi=Qrwf=Y
zFpope>isJ_6P6>VyxmL*cU+SUJ!C1YskR}BX2GfOGSKP-9{(M(dsS-lyWF{}(yO3~
zPRQkt0XO2gI4PJ%DkOUR>dFDG2$AjFKiODaEw<JZYZAJD^tH5hz2UI#)@pFwI?nyE
z&y*Qs#>mk!9eJHkot(VLpc~tXagCVw1YSrsXIq@TtgJ@lS;iY{Ob{&X<poA>%5%Q!
zY$E^!qZ5G@T#{&0Or`h1<{^Ww#wW}{?7uF%KEe8}r1H5*xFI7T@!*ZVhAb$m(*IGt
z5G)fqB#vdpgW$q&zJdS!K28nY&%M!PDs;c?y#({9Ks7`qARJPfvFfV4uxCuxVWQ}e
z=fAddAV4S1^P<2%27}ze&i-cv&$RGRP-y(SgBDw|EjVF>$&>gKN7ps>*Fjl%{VxAZ
z6K+*R!DD~;#CX<DqOp89I|H2lMjES6)@WUwb+k~WpqiM<P>C&Zuql0^cR5((sH%$c
zVrZ}DuuXw3ao+6iEpPx1oTNf&z5t)e((bqubvUX7i~&5<_rL6U*eOQ=-AqJ;_(hE;
zCt0H8_DWvB1gf#IN;A-Dh=}u~J0FjHw~Ik~89J=yRz8{qAy9~!=zcRWe3zg96-`H#
zzqUn~Wh^l5<*y&hIHNN`G)-aZP*({CguqK#YZJlL-OzalhW`L-!|m^PSsF>%Gp%ym
z^A3rPj>n&DV>IQ*PafkJVr5aXtyF-|-4sUxB7T$n6q+AAB?O@+o?^T8oeg*q7!250
zX(s^+^{^gLOnYCymJ0Y;Rnnd3Q4c|YnRDCUw0->=?%}-v5!UTE^VjRzVPO(yf#1hK
z9O;M<k3eATYUIT#n)o;W>}R%#E#wgf_hZ{MVho2W4=li;1jr#1Vn72hLN#Vsy!7CW
zdLd585uGfaDbt5R9D&h?OM6IINyp1`yj`&NDf6Y{+-Vy2q5*(V)^2sO<a`|7S?#D{
zi1vv#ziuzRmy2z2c`kK0wSOSj@XsrwjMuk1t>$qs>JO_)prQ=92cqv$N&|Z#)^@M_
z<K06M5u;Y<d_<07LTv09BbYw`d6{Y({m(}8aFkw!=P%#>NrVX4YCsf++x?w1X-r&?
z)V(5W!*TRe+QT@8)oGkyPCKCI4lfR%!@e40(kR-xzA^XXn1g9|r(g%o3W>AR&W>>I
z(Uf%ujnrTq1sTbsVxh$0cxPS&xH<UR@RGaL-Ta`iYP4N0PbX70NI@SL3ee%^!2rZm
zjT<iyUMBJ&{-Dtu&oFt(q6^eh(J{WPuhVK=b}rF!Knyt-fW)$?(K*0q)RGmJV~Htt
zWdYEq&H+IGf5%pxFrm@^Uw?R6<C{nGqaK5yBpsmAo^Em)ttkDy`*UWi$f&+*)R^Yt
z;^KKP@1xUnS<%Zty5o_E{}P+qFs-b*@{$;*ZtI}3wnw|i>eN?15ugLBUC2EbEGjm@
zKb@l+8sz3)q4Bnx25Oy~DL*eS8WIUyuo|X4E!G0t++O4FIptW!ulL=isMy&Tk~KPB
zO$u>Vf;l$tJVs<`?CosUJI#kX=!C+@y9vL>WY%4kIdlV`=AJPBOfpp4EcsIf?*#Vd
z`@v+3A1-qIaXdZx98mlS`~jN<?DX1mAA-=|anAE^roCB1vWAOxnq|8%u#8fa5Qy35
zc3z3hq*jpkfiHn<3*McbRo;fKDy#v1Bl7WiB`Pf`P%==Cf}U+LQQB%YP1t%0Yq31r
z^_FxsP}MzkKB32}dUx+iYjMzUk0<2;gilfr@C`igl84@TlLM%0Kh`tzx5shd#=;~3
zF^;eFsprm)(S4c<_KffnfN+O&Yz$yjN6c7wxMbJ0Pla;05Fs9(Bq{sEPavvgh#t<B
zINL%IvDGI8FCp!u<N~dFTI635mN&jdMFoWd!7I@#a3F6C2OEzdfZAcT8NuGe+WNcF
z*|8f@Ub{~&IYhN%QCWmgSmG__Z(uCvlX)-WIWXCTePm<;x!pBPVX(*hmmdq%%D)Ly
zfdmi|=1?2L!C_*k@*_HT`Mr(Y+}tRm&?+0M>xTqHL`e1ePvmIvL;lV(Ns8UQj)JqT
z?-LAmj4m`a*}J2}m{;&cv(E!G=tt*kIrs`l)K*2Agica(wKR=QskoIZ_n0mVo|!p$
zzEn|-m3bxKXe}jC4?Sccqy3B#;0QY^>Bi~fVK!`h=m=}Kz_QU$fd`nHnmPst@0J{3
zC3D$tebD!O$>lwl@s_t^_@j6KjQupS{0Tl*M)eRO$4ZTsbOiRdxv6>X0^i3tP6OZf
zxdL?5TZGogxaXZBDn$INr$LEUKdf<g9&W&#rpi@mu*rMV<G0tlM)hD1TU%u@F!#^i
zFJr0xJNRzzl&}&ZAi)LViK{xmAQL7^F4*+wD=I>#uj3}9&5vSf)59bVsMy8?5*cCR
zj#`kC@NjTYAd7SrcNX(*l319T@|0l6v%~=A*g%GO^S@<?|0^b&wx`O^!Eq1DI$Jn>
zo^SSx=}3!<&0Sa4*Qwq`8D!@y*_&ObOn4dyGIlpMI(uq9oB>S!&y|KfjrIcv7SB)`
zcnOMfk#~$CA!5|Tg5JS`4aqy~bbK(ANlBNw#NiBZD%$jXW5zT!RTa=Cfn204&s*<O
zB55@%3fG`anaL1|fttQBf!>@utOvOhwMxZJn>gyf7L}OEkcnbd)RY$|m)!YX;&VA%
zs#M+!mE!2Up1(XjiO(aJ&ec%!(XQp6ogBow4D=UmzXSE3uW>zUM@MNIOFdj&?bqug
zSZj7kuXX_ltFV_tR75WBpv3$0;5E)440|$n4hVE;jqyP_N_IJXzwY$DKf&Y}lDe~d
zW&~ALm(mQYyU@{jFWDw^Se><^`zWva@Sy8dRO&iuhTM7FQj<88#xQXK$wd9^1Lb$<
zm?`Q{uudKRyaP0rQ0BVL=Y`($^TR_!M=?hN{C>TJ@Z0*FHwf5Fvzjv@tC3}=sS3{^
z-SLDxE^SoHCo14W2AP4<l6A){&R*X<Jw5+Tr{OmE6o>2%=-ma`8+v0W!2uEmn1xzT
zmfSQ1!5EDgr`12WQ<P&%!Mcu5PEVx-jMxPPF6_aP*%}*;e<lgX#m9f|pop%lu&K%e
zXI4(n%q$$N`jU|(+4riNM6+?9pfG%3L8~pR6EDZY&dLfN9BE#dM9oN7nGgLujX;Ao
zu|bnc87v|IHPA4>lju~IH6`hE?%gC^L@$mJBPLtAjTM_vbd%0k54(pp7h-rb?urfD
zNHYg=54pGE4XF(T*(T`x%N5f-U&d<<ds3C<nEF6^!GsLJFftvNi)dv;o=s@d#Ra4)
zkQ#w>VYBfP_3dVFft^5QN@ENvDhp~Gwv)zfVWTwhk6JNobb%e;gA%0^E+A6WNlQ!3
zHpe7!M~!x!2CFn8OezYp{AbK5F2Tdy-S>_ZW!wE^)2SNAKY`fw;tmePCupJ&x>gQ>
zgt~6N;!M|C^r}4c00{tvF#32$bB!R`32$nB$05(Vt9aML`n{vUl?}1~4a~}T8dLq6
zazcKxzsoo3RCDeWgMO@N^HNno*ZjxMeAsw&V!zvW$<+~a3|*dmD{sm!n1La%h=8~G
zyy5|c?#KL+W~?k%V&E5VAjfCpgbq4LkYL!=CwW`a9k~TUT_n-R=1g7cSeJ=MerRM`
zU7;rL(`?z_nM8If-J<0c1D>eEkc}%pn<W=1JQ6J_i&w^IKpss^EW%R`u2ukKxBHql
z#~8L06GQ0qSfJ2KX)Lv|wkFvlO%WA|ce-(>SV2#L4I(?I+^p1;|Eli&{k{2-IYyP_
zti%cHGmd(^9V8*u(FXuMmaG#-h@trG3iFy1B7Lfuj1wsI(`TfcV96evL~GL*$ACh5
zGUI<j`v0eg1bMp@+0Sa6Kd@}voz0@td=FGtJuDlw8h;I_bP}-Uu>z{RK(4WBW1<u_
zJT7Rb>OQL(3o}iNSC;pnpupJbdr1@3acfw8Jqsely_3gRRGoaW?08gg^1kyTE<_(+
zUp)u8mJ`>(j49FgT)zlMiFR>eqZyDA_C^h7>zA|GM1eS^VSk`1zP+1uH9Ik;J;y?B
zDfR3wNAD(@VFT^TYYj0_hH9iFl#b;<+yfC2pP!wZSe&OIP0C2yttRx1onZee(gv0)
zTQRrr8%7lcWkj)7?aD-{5HF!vv1BDCN9t5V&Tb{Cv6|vDxl%b7WwLmN3jSBX*RQ`8
z5Oc9TLcs~xiR4|LCH+$O#uI6l=-6(L1K!LzNRpPcc*otN0e)Z>G}Y93e3!LcGRR?`
zx#+_r;!^LWdDWuRyYx%wzd}^yR5T7$NyJ3De-<}l1(|eRw?z<w2?7XCTthggcw|LD
zq1ao(Tu?$NJYVyMXmn0nsHhc)Is`J4@0T_P)ReQG6u<z>aofgZ3J~#a8H#&flV*M#
zUcBR2ix{H~IULg;ryq+7qa<>A3u_4)qPaQAz`4JaTPe<xaNLh}ek5xllm2^QA9-A;
zr2q1h!PFdxj{|76=?ZQqzBd@kh(^U2MS)`1&G6<R1L%@zR~M;Y$3=14EE?9YqsW+7
z4BP(+G6$KlN#AJB$c$q07S~kQ3376Bee3(T2Fd09<po(SWQF>2?pvA|ieJ0b2NR|A
zsdCXp=>U^aP$Bn!nwT~gwHlU!OvME<iv#fB|4^q@^@;VrlE?0IV;o{*=)=dI9CP><
z$ZObtq}17H^Gsvyih?*lzpJ{jFxT#ND3TGEplG|%eECZ39s$B?_zpcJ$z8roQ}g-_
zTC&<Pica$S0<dA{uh)Zp<cww@$tS4f<=&#$+i?AbH3iwzy17)e`SUBkFSrLWe`=!L
zlYuraKx}~g;_!{@e5J?#bnB~q?%iS<DCg&fBJu@+DvPf7$pc2S`qYp!X(vBZ7oSpi
z$#O+^LhkUfr{6H%U!xz1oQFtJ!wXOeOr-N2SDx9&^3z4HLB$guMd+Af>D5FNV{^<!
z?{N%GwPn=mt7b<awJC8NYmTlaFqE^%)HM0xCqO5>fgI3_rGT|Gw^q|4=L7<V)c=6-
zUSsU^$e~BRoZk(n+Qe}sJ_bKR04jw97KXM_yDLvV;w<iyX4}}g*dN%hCMWQD)_(+C
za4}<w^>|nT7F|eQgEzUDb0u1t3=(A>r5>+a1C~F3z8NtVnbarKk-#w%#_gte$ow@X
zuLXiYYJQr|3i1FS2&9SXZ3;2hnLm;a&ZQ01%$9;cuuCQ^mTbL_Z}jO&mVcqAiKq@!
zG0x8Q)Vq}Bbj-lbm^BIgRyb)H5fN^|17rsfQ0an;9#d?|AP8udJ*e{We$C3%b!!(<
zX5+XoY%89${XJ>IKn$Xi9%~%ye;@PwKc-s0;NfE!_2Dvngaib-j!KJ)R5gTnc<!&1
z$3QW7>J_Tn`~G|7c?lC<X6<Q1Y9m4F?!`r}(8uw#8OZ$~966=+7w(32Y=p(6{R4np
zE=xNL(ck~>?~k8+MgOJTV*w<^US|9A$Bo*s8;>_(*_^=w6yI`kXz4FO{%dfUsz1Q*
z{+^2)5e~^Pf1H6Gz~^yk2ugs}h=_@Ma9qoqYy637$91Ma*y3_<6O%(ztY1kih8Ubi
z_*JvVA10Ug`9o}hf1F7Rlw5<LMlxD$&3fJH_<9;%X^8+p>Ky{2#{Qzf7|nP`IY9q?
zAB3_5_bw#bw#?Ww+>tTUl0gth0OXG2^<Q<?*UAh^@%eXl!(Tq1#;sd*Z~>qi0LU{t
z!Jn`|8z19pmn=_?O`$CV_74Jdv}Kjy3vm|mDJeOT_s1%%lfe{(jZj7Hljn1Pn<_?w
z!%9HZ#j-l)pHqphDhla_fj{4&2tA8!hix;gyBB0<*^K<5EgrQ!^fpzCT_NG$)tM=#
zJHkbQv_>hMJ@`34do^;}8chT6OwZ@SfoCQY;AAv#-)v}rPhNId!}FtqM#0td?z71F
z^X)fDw3L*Ta>x;$`Aq1|_V&-MBlo@qP=Y9d%ZP}P?|Aw^=p1l=kF*e|013DXNj9pl
zttCe4P5d}y*FMpsJ)0MyfVYm5jQ#GwQ}_YOK3mySj;&0;Uw1<&?AEL5=)}J~Jj6d|
z$S)<O22+;+0w@NrRAB4r<b0d#hKZ^IFzTEn@gYYYy9K+!u3~#}MYw5qj_)L+;at#9
z-oX)hHh+U&LjbPf*s8qj(4U}65eSIF%~)M9V#L@hghk&FnC?R@l<hFDuaXwQNJ~yF
zJm?$1NDiWEF54{{kW$<(TCO!zCDB*Y10QsDcG;Zr{9++Y<(tibp?ktFD2N6%*uI_V
zKKyj&WR0hvh&LT(5;~K=vOcVse(X>MN~UPSOoSobmF73?MjYFnZrzg&yM1Nyg89}Y
z$kd==o0JKOh-5(ccxh&3e?i;Y3IUMH8&QjKXn@!*j={ywDPx!m+R`;X0)nc_cv21I
z^&?8BZ-Wc}`k>VHJK=berVGk<f1*Z!v_u5y;rH%xEviBvDd)(`aZasgSaFLS%dT1S
zPB*B2P49-xgg79HqYM^F8Ex3<8FUDJGyp**Kprz>#Rr%>Erd1?onHYbDFc-xfIwi6
z(bowbUXa$0_Ks)%0d97DO8de`gxS?v2Igy;8G-tt=(eJjf}g?eW3HA_yGzZS-d%{&
z3~nEPt)MN7mzPZptGL=ty;G1}1ii-S0jHd{SQzt-6c_fvXYE%X78_lIZpTq9z}qpM
zU{I{HL)*5tv%|;7&q~`uZIUh0Zp<kPk}N9F++aO+4IzWgdv!B^Cex;;Q(^xnBbx>V
zxv~GZ)t7j&>n!u~uymOv=U;?0CFXLU*xUO}2K4w*x<lut=s4C(Rp!{ya0c|-@z+Ch
zI}=rXp-n-$<?plO!>rI3SjV}XNE!+8@$m@>pb9~-P0(%Uo0;~wRE#2v#_>$dM?|}H
zPi_wA>Vo#c!Fm^YIn{5Qd_PZ59BxH<`5<%X3=VPzO2FS>m+)WwKAh3!XC?2i4IC_R
zM4R|THV*gq_d)wnQE*S@?ql@pe=IRf<rTUzBMD)DCY^%14Qt2V)r)-XfX^R|z?=Fq
ztlG+RDuE78nW*lX2Nf$`XlUr6p&=Zz)N>v7=z7XxSeS}O0qf2j!^GPve!g1z7{q;Z
z^S0uQQI6$zbsxwPWm=S!?~6cS!aHja|D}-A(%k&6l3Y-e@RQ_l+o5_}Q!E&h7UTcH
z+B-&97DZcwNh-FJiczs$si<Pxwo|cfvtrw}lL~HZ+xAVx>|5`BdSmqH*F8r6x%bb(
z-sh~nFz4Lsl#S6<`KqZTqR`d&^c=)oVYWu&Pt#3DTDannP_>G?y1GJuBnvou$5UET
zT9A>aF4zzK5QYPD96z>?liM{WOp!#BCyP}XOc$#UIeuX|vD`VWT|4*huW&znLFjg&
zpxz6#^s(9^$GJ}IM81yoaxQJ^fsM;s)y3h8(jJOv^N|rUiGrDo>vZ)IHHPD56|%la
zcs9j3uLj+0SC;6EY!nSN&jAFCeuMU=9@MCILDl)98tYlkCReVOd-jCGB(slozZwXd
z0_e~Tr#`(oy!1sEwa)>&58#_AG2JhlrfavVR{`tK+A8#*w|8RDu0p2IqXXBchwhVV
zn3g?97edv>Hbz_Q?%g4W*R<fhj$=$M<AMV1_son8cD%`(o129N%ueGJ7f{r=A!pL>
zxw~8y#587-!8at)+0ux<k4xT|U7jnp4l9S@2|i3R`53VKJXO1uwWP4pnQoV`Hd&h6
z4Cf5U|4>_7u{d|L)p?&xZ5Zonu(|W&qDVo$E~T1pHgnVMu-@RO1XoU2Lzl+%s%%wJ
zS8r`?eZ0SqiHmFGG1FWoQ`lhH`q?WFRI(F$i|A&CunbPnXuT2F7|O_(yR575DneLd
ztDy8!OL!IVeU*13+Q8;uUTDj96DDn?e?6DAE=(+3wt0Ht%I#`3d^8I#DZ4(g6U~f5
z3s@jxybfL-^?N<f{kZ=taN))eRvRXz1C?B<<`;_roGm_275V&wvFZDCoqNI8bN%=8
zWqiBmmFaX5L+QF^^OoUdxZOhRVc>(IWck-DClQZVR*l!(dU0c~>>A3~O(t7{);P&O
zDhn;@Mv)dZtd+`m`1qrQ#%>^fw8|o%MvPtKN0wyl_o9Ii0+yD5aME4>I?wuOOV!6%
z%c2zhbQne>;vosT2qR1-N1}X0#JF}IVn-LD=krNFai8O#_+x^gDfrHBO@80-aDUvL
z4^sq7Ya_7PjCCpXnGW7W*6p<>KeJx1oWYfcPWrr`&V>@y%X`Sv@Vq~uis+2JC_#4k
zfk<eCSh6hIS|;v)NpuqM5<Ki?>P8iPMJU{_Vj$GtxiLbxT^m(XUVeIUv2f~~n3zbQ
z@;?Tj#*y|DQ{Vc&glo=z&^{{s+ivItnGHE0Jw(2opP3gd>_kBdgL9KQ7bqb8tKT+c
z2bD^SCm2TjaB}dRnwZZC@^I;jQm`P}2)8Djv)m)@6qSE7X>aexfD14@kJH_V;Jd>N
zIsn2%25N}75Sb*>7{5kERkgXLB{I)*cL_}TRLdf=o<<J8O%zkS^=Up9_kz9rJeZub
zv*lO*_e$#QGvectog2d?J{s9k`9y`#FYo2T#^J~*ifTwr`^wvuJqZqIWrMwCkd6A@
z@40(g;dAEVEH&Y*T@U4dOAStx*QzPvM+vDcYES{K_)KalD(qZbk9T*`F)@>j=aAOv
z7J@V->i-<52yoI&KtV_2y{e)(y5G_Uk%7VHwkXw32b%+om?H;=PnKqiX0qSVc}|u_
z)*<dH@9oY5uescUwQX}}gruo&3g_+@U)`_Cq0g|f@D+RZKemt8+P&F40Ow7<;RiBA
z5`;LoMmZKl<p4MkAB%;Vnwn~CUA1T>E+)nt)5T$?IVYt227<Y004q52C2h@}ihL`E
zAx3S|_3IR!F4x#rwuAa?#c2hHRL|u~84Zzah=(Il3(&TNVZb<JyKg#dS=w2oH9|eO
zow`W@a|AR)Wg@vP_$3e+zZVF}irez@1q)~WjePq64P>1PI`e9RnA-5AqYs4JC<H&H
z)*6RNXVw2%7kE0fYIPoN4TefT)IK?G_jyUHJnWjo)Ai>w)k2W|;Pf43h3I<tpUj8;
z#a~#yq`raQ3-A+|N$yeZ#f{f#QuJ`9!F4cm-lu}n#*P}2E?^$#61SvSN`%B5G&R2}
zPSlobE;T=4;w<yS0Dkew+7;uH-aQbz1tPQN1-vu)h+x*P*UNb)X{X2%d+6MVOtQEg
z>+K)mu`A+>%!&|)2jvz^c`7J~Ao2KourC@@MTrk;)9{~O3So}dAc)7oz`BG$yHifY
z?!CNtHfw=oDOI2noznW!mbT0jx|as2S5yRPc)6@5F&l!3zPPZY8l7JeyL-PXwg-ED
zJb!>P5&0MUs>}J03I|>MY12r}#w9X^EEfAz>R2mahN8$XfXV9~g@K4e)dPeg!Lofa
zxm8LG$kj(V%SY^i;@vO5PSedlOa&+ASlq6qc0JKswxX8Pk-aZFt=jbX&9J?eR(Mqf
zy|i~1Yf0J}miu-YDVc_}Aa;K%gV>^Gj*b{;m!ZLFh4yh~?CgB!{pjjA42p-p-YVlv
zP4Co+K^lNWa{kgSEghW+zx%!h#i$#cwEg{kNj_4Mdi~>^u3LKT4+y7c+{vHI23`t}
zf(1`vjdqffaGy|=<6;c`pP^}4Sr>Q~k0)C{KN0u~RyR{Vk?Lh+-t5BLauD{kA###U
zQ&UowmX>ZmLk(67M4xganDn}EiHLlwx+!|<sTu%<MLmCBK4o-nDL>4~y6S%7Dm%B*
zK<={tihPFR7{_LS0AQ++vv$=ypp(2-K9sZ!F14s@y`=ab8dL;uUWCxZQw9&L$&sgo
zl7rmQt{t4gY8l{pD5t!f<_R;ogk0*7^p$e`hOrgb<!9iLRKbIllG_MtecM%(;#wo<
zAr)<#AOuHAA^dbOHKp(~Mj3aVjNS9io^n0M$2~bcKcBP6(AK7_tTaAj%3ZA5w@Y?Q
z^seNkJTO}fxtoyDaFvr2R79hM{~rXpIs2~7_?Ve2P$n1ahH_;iCMM?o@zKrIRgFDG
zr1b?9$5#0IA~%r|?F&~QH8nXO`eBQ9K|3Vzo-%DT+2)LVD|wd=PEM$oN~Ma01~qhb
zvo*6Fdl`SU?2cUyMU9W`;nnU9&C?M>=&iy2TklNKmb-Sz=94N>>ARxt2LS=#HZN=I
z>!6gf-np`(f|izctW>oH@tZ9+SM2)mHv?K`(lqR;oBoV)Y=L#WrQ^ZD!J8XqPH&B-
za3XDOZIF<zJ{rG7wYP}E76X*{41+R6W~{7VF&sRr6n{@aN`jJ-5|Fl}-ooVvp_-k%
ze4JY4B5tuBbO8^5VgFyg06FD7meG8X7D6zNC1>vFh+c`qauBXKFfQiY+vYGOG?h_!
zA;fYTqZs^m+_GDP6TOvw$JAG|5tN&zoK7|@2u*ymZXb1^HmlcY#8BqF&PYqkI;DXM
z5lyWLo)}*or=y+4B6C#~#>aLDXT?iONm*SnG%tm}<j|_Fns6jo4f$Vn@+UBLQLryH
zQ(Mb?4Ngr(T>MyOdhXPjqq$iPZzDDWP<A!ASv;`T;YlzwOce<Y;vk-0^ijj&l;>yi
zI!ds29oz?-K^0{49!{^f+u<;e>!q?ad&xTrGIF-VW4~_USG>;?XT)S2M!o)BnQK5*
ze}Cc3;>t?e)^|}*+CM~UbHBZ$(@7LF2BNhHLPJGYR(2cTAexxyD&vziW63)eq8CE|
z_D?4fD{byo-ddI*@R{w*<Z&ygE?w_s>5`}S<(@|k4@?r#Z1GrsW*3xnA-CGBi-v(P
zTgZ?KX<3dxs9}kT$_dN1c{_Wa&^p^O@^?U_6QxSi?EN9|?~G`uxWU6vSJ_0c2!brZ
zJb<7*GiMpAv&6ca5fDJ{S>jGJ7K=%>?I#fiE9h`?<soN>_*sX%TTutm7dvz^Rd-W&
zA&9;7$zrZv-GVO<#_nIO`I-#^?4AVQqU0?%A*j#3vgiBg>3wi*+ub3w!IJAoG%ope
z5(SSztAW@(d10XeAX68!>YiqRFuc?}TSNFB42tsI5SL?~BM4ZezUJ8p_B`KZuZem9
zIh+R1uK?T|b$!1euYfODjlrb^ayTD+H$u#|F=HSY!~Xr`D_1k9@-4vKMS@os5;9#T
zi)7I)o%U4vj_E@e%FoL4EK|Qfjz-N$Pdj8NWYn;=BSogjzq<!55MmmU94gfh&v8>U
zMJ4azQr_L=1E+y$yU`VM2on~|idVJWgcXC<bY6PuZ&)oRqTB1uktC$q6fDUV_l;L_
z2EBWCE=TXU9R14x4T#bChr{-QO4=&>RAqCAl{qUC3Vu>J(+y;(8j9j#vunI*aL1(*
zV#$9LS4kQH3L`w?TuxEp$LPFs5<XsL*;gV$&~8AKIPa%X;+t8I-k({4mS|`ki^d4d
z?CkV4qL}jvETkuprd9^7x9LX1sf0Ap2slBEeU$~#&0z*u#Q7w92Oun2LmI@Oxc=CS
zhN5xG*6=kWw@R*%=EVp{cGm!whn2<^hvU8Plk>7Di19|VK5ysb=s5>s#j>jLi$R4!
z_1K5ws`9e@@pV6Nfq<NbKNXd<|Mf)ubgMcqEltC3e*!zU!mpf*I|RZr7PU*BKpb7!
z^yp-<Cs_hDh&Uhcx0Kl8_r;__1*Cac<z_r!hW(kJJ75FEGVv(M@QBd*V|MQ@&XXXc
z$@Ek8bK0#6o^zA4Wo|(kGSLXBeFc<>vpr?=IJnKG>B*;GaaAkG%sMJNA#k=IVkJ|X
zn;y@IgFqt+?{|<Rq($TYvtBSG!0ZnWreR67f?!-Jy#w1I;o}p^$B~0llA02WK`8Yq
z5-jtjMTDgVF3|IRdfWCiW*R(8f_`7Wd$cF*3X`R)c+@<SP~SDKtlmMmy{SpZ&f85E
z0WMY;*XNyl35C<=ZVT>Q_R}e{o)t*_$7(oZ_|yU$1HUwv6tJR&?$a;w3GyTkY3a$b
z{szWT5GOy?`^zPvsKTM|J~Ux7EmY<xwJ1-&1MB*;Bjc#m0_2-O_-EVPdt0;-`VnfT
z#e%Ux3Uv$ne^}@hrm-TaR_LRLDdyQDp?!lhSvA=YG;7=qMLyS(vf;o5`Chuly{O3^
zq@`2mGB+2e>B&iQa_^DhStW53gi@Ky-Q^PpLsv;<d&ZCi5oF|6rpnY<j8|JAtE^pc
zMuFQ!EP(Hf0+XCS0eOHPFcXv6s;IA{WE5c}oj8rj({mxml9cfR8CLHAd^y$KZ9bp9
zyd>0MaEs|J6D^BA3=2=<bg-!9Vl;lzhiugd3)i(|s+zT`2Q~>g+*N~QH*&JVVRNn8
zgAh8&W#!eCIPWtbm|=U#IB%H0jsaYv!^2bsPR>z=x%Lj^<_w(<XBg%IH2!~g4B^FK
zt1N_LI>A2fQV?q}9$mJWP!Gq|k*?G6Gc!&PHH3x9Ij`H?3evVj_satb!AqhzY4UJ0
zll~y|rB%MXK;KEmNj*7BV`^u3d#;Dl?FmvbOgkXe9VxmN{j*Nza0REywd=YTQ1V;%
zFi1@MXQ%6KC@+B|kdW_6Xxksyl^5>&3o;cZX(Xi2f<{S1Hlglr?u3{zS>ZRMsKQT1
zdDudsPy06K6X(Iz8!$;Psj!2u#Vl-XV48F#`VsqcW}h;6B;j0gbkWy+_RH>`Gu>qz
zcpC^0Qw88c5ccB7wyQ1HfV*?kiRh<d&KziG%MHx;egsVG=1u2P6ZaF<W!#UA5F@Nc
z%*<@>Xcz%P0)Fo#GKT55;VCU@?jwBzWF#bGLum}Myp7pe8ZTKSnWA2=OD<pOP=@#Q
z6&vic%S*O*V-#glL@?7i1OE@Z)bEh()z!aB_8~3WWap7tu%1Tl+5@EjL_{6?Gq7fR
zcLSGA%*N@(<BgRjjOuOvzoJI}Eq?u9=@t;&CqC6qBh6q{xQFq3u+@J`ku-l7L>U)z
zG&n1=O;*toX0AH?7>N_kIBITfon{9vu_kP?<<@}IEFk&^J}R<0*JzxJbiXu$`264?
z+Am2?Jd5S`+S-pFyhj&O+i|jCAkV9})iZY?t?%=WBsZ%q!C+NUa+I>^g)-NwQ(!Iy
z9VWMAxAtQ`KLe}d9-*y_%Qq}%^`eq(a+LZ%?~S7z#k5UCKu~avkZl~+C|zppwhGL&
zK_U2oPMqt$#T4I@la2mO^EbnINq+upJYRmkgIG{Ly9`}PBIjA@a;St;wC78p#Sa_1
zYYju0brYKAG8y@KwppS&5X6p$fe*7SxEhZWXe7O=p2`aVIp?7}vV*k$d8Y)Ugi~$1
ziOXi8-!>pUgm}>hJtNBjM+!scQcKIEwyQ!(={gIv>(!>8i2RrDogCJ^<il2LaphzM
zHHF|rluxNbte$vzId}?`Aj$vp7s5bfPc;oG23jm{$SID@MNugjY*Mfyga9`nSimp}
zNQ*OegVx5B0p2A3{*UQo3%+GX1Ee(6q5~}D=axZXI<W=B5$rn1m@C<_0mAv}j%fC2
z53Pg5#Kl2iuYo~YJ#ludB0As5;v}K*kOZ?$7CIibqKb}Cs@Mcc&-C_%dl75q5!U_p
zqTxdN&FW(QVJga-q=BqLbYoC9n^HXA?8^jFIDvxfJBX8Z;BHDiDi@bd@G)>WAi-2N
zB7dQEr&md;cVzy@4^a55b|x83FqGikgV1UvN5hK<qGH|>Cf#8IGBA)LmTf(*ysqpf
zQOJv3ZhB-+-kf5q&7*Vc>2RVftW}pK8y}4nlE2u_mormKrDAT5ReHORvG|KTV&o`|
zI{BE^uhx&__Og@J+XKr`-ygaNo?zk{mH+XgB8=`3xn#L*sbAYy(-+odSP%(zA5OU?
zi50Q&@5Ivc?Gc)|^3CZpNb&mOg5-vcX-SwRzHQdA6Oqzc>H%a&=Qg#@66YKZc`f4d
z_o%3)OJA3~@`=HTaM}nHUcy+7Ba>#L$YJu+=Fs-U3%Pz^CU6%wH4)sy8Wm$ItBFKr
z(aeLJq7K2QiY=JECd5FZxXv>8qLKkIh+4{q#WEd-4YI44%~Ap|*y{{r^r~9pLDK_4
z;5TSlv8Uf8PJiYaeO*}Q+WF@sK{TE*1%lPx@9;IH2UV>VBX^Ctq`&=hGHVj`?!~Sk
zg%t8>=8Yw7S<dZge5RNHEL&L)>oDA7j9318{eRBK6f??;Yn{piX<lb;4zAUg$%2Np
zf4jp6hPYfs_vO^2t>2m{79`tT%TjWVJPcEndgh|pRTML8NiyPXwZxZ(h6F)_nF=;7
z#H$iBSOjz_+Xn}j)qYa1feKlSVKDrA6bpY2^NEEd*WxU#6w9gWljxynC1(Wf%tR2y
zG^eRyxujY6lulA41C4%LKB%tt;2J_BEzZeIIqTCulqMCX2;sfo3I8TYY$En7iwpw`
zr1lKg#EXkhX0K(91kjkh7Tu+SvUih5ifnuQYbZSClCz*%@vri<8?n9)hajsH+krtr
zN}%F}I!Qd*9;B4(u-SpP{2B$FWF{e2zv^2w;9rS#nj1XZ6Cu&33?;zi7zK*@pdN!T
z4VHUYpdnlOxX4x)KS@<VN^#Rp$}#SFG-A$U$gk;%u}Eh4ETRKa%p8|6jrGZ6_)cI5
zi5z6@@Bt}9<R%o8l@yVa4-tIGw6fcwl2jW*UZlI_QGBeIz0~+SMq_ByVrf#fG#2|2
z&wZ>Zhj70cGiT~xlR%Y==_WcLT;g=bMnEZH0IG#-oo4CxO{vCNlMlIDsJtby$tj>g
zf`PW0fS9;cHl3XUL(*AvDzz@8j(mu;Teq(OJvC8m;SOEK*)+un^hp1O&rwZfnf7&i
ziF-(dc3y2zR`MUV%%Et~BJXKVwnYFhIe)t5&h*W31LVQeoaSQ|g~nqsz1&}TnW+1x
z&@dW|JgHy-LjYx16>asn;>;v(;!Z@%sY#HePU}HK+P)U#Urvh|tDS6WSU!Dx-a&?q
z9JE!d1TBW1AR*x3*hw~2(x!f<!BC8yyh(o_q#6ls@W*W*gXV4xB*z448VV8;iHAK0
zZcAYBx^vb*3Lpk85q}kV%z=S|Xba-4;FcSa`r?bqe+gCMT)pJDPzts0^DRa9EFfdJ
z9~x6*@$PIIJCY$rd_*Zjz1#HPgBK@&j>z>rXvY5znRyqKSTf%X)RQ2qVcWE33cQeD
z`P#jLqp5H|l;jN}XhgoedD9S=u^&?w6H*PR3{=jwCp|cauq2nR`VOj6KM8(0{c{3E
zo)WP2l$nh+^q94$ti?tKS_E1PDs4QTjU7fmxGJ~Oc#^lm&tmZDJPD=5(#~V*!qYxC
zJp2S%mKgY6)Nr@ajd%aU9gng8fsbUEEONG)Yd|IHP4OnnNoQB2i}v#fOj!`?xE;lc
z^jA}`Ii#X9;he106RNlD&~EfG$^uiKz<R&WX3wsPc_b5I`jnO)pQs6dN*?%tqU^p&
zqU2os<UOWr8=5!x^No;Gj$M|N_S~Gv)XPe743W`g3AgkP^@=DCR`Vi8+t%)y`4uO}
zSS)>MJ<Uh;2jYBsQmicJR4aTOGVh*>?%CIDQy<=jkI52`Y|&izv~gc)kfXDH?KZ#&
zHow2H^@s&ASs+0W>??-|EFJdy@}LkXd*Bc^41)+p;U;XprF9YfCs%Yz?S7*8Zy5FE
z3+k)o)0LGKf<7}r;4raY*KN@D=ilqCSN&eE$6VjnSh5TC-sfzx3%`$XJDf#(MH%GG
z-<QOGk5`|*<`nU7?v$AL8$fYlpPOBAy6sPYS>Qt-3`pV6pXrDs(Dx|t#2251)=!Te
z1u&}D_&@&`nmz<tw_;iTZ+0uQ{_kGx|4+Tt*|=H%YcF+z)mVa7pifUh?w2;eD_As`
zUiH#+EY!Da#|x5pf|X}K64h^+^uH&sa#pt%X>lbhFUxlotD;l^M$<wsH|9n+kDck>
z&XLnOUe_h^`iy=$H(vP!nMG#4FMo4Wdp}KI2zRWGpg&faf8K+40O3AAE{AFO-=5bG
zH{%>%E_)5x&kqONQNOR$g7?>1di$545HnrpEF6@^_4fY+7vPuV(H;)T3C`m8ZTFtW
z-5CfDB8C#c=5KsTcN*HEE4k1wjr;8Jern^-!?tOWanuw$fcAxa`xCBHYW~JBZ`aIS
zVDGCYC&|VAhYhKH9x%SjrE5?6oh>m_H(zx*IkR|N{^l_b;n+;92baSEp$G$Sg}N;V
z$(g1qi47flI7VK!Ro53j9<}^1JolzKz>h?TmovRPMDyfxrVA#trcsPcR)4M#bKcxr
zg}Mrv-|5c+4cqRr813j68QNNo{%CWuW@9OM9-scLSZ!N-c2sc78?U@#m}htrC_0$(
zojgpT5!eCofNYN^Jj>JisQZ-}sia=8fqX39kkc%bI)6x4Y;YEQZD{9u3dTPju)>DX
zD7lP7>vwNobIobmwK8_i3)AmRsDnLXv?QoP4k!CzYhgWM=g~jnO-Uy3tYw?^_TLe$
zLZru%1aaN^(OyU;Sna$;ErV$-n@D)!n0K<tx`Z_jeqCT_emo1U1?K#@<;WdL1N(wb
zEod(8GiR30Yjmng;-5WY1cnXwGX;s+`*(yz#816a{@{2p1YwNGFR+Tt33do}V0Z}>
zZ^F3r@Us!`@ykLb!_zoqXzer!S-js8SXj9ehM>mD8a)_9+D0p)uuX1JO-D_>S*ec5
z-ZA|RIk7y_UpkRb^~<NRSAGk_Ht;|`5-s#-KmXMIyngxgtNawu--Z7cMt-MGvN}oz
zrb!z`l6+1N(XSQd&-^X7f<91%Q=*9h8(dI=UoJe9+52FDOu{sfR?`R#HB{KCpCOnO
zy`upZR@51)9u_<lo0MN93N^P}G(4Wn#k7np*LjX?1ge|t#`LQw$BAbYI@XwpF5Mm7
z4@nx`rq-Jx3y)phCWw)B02#@6xv2kiw&+idZ-VKBh6#{^->94H10YN}V86h_TEU?$
zWkQBf*08|A2IYTQ#Lgf`Oo&gG{Yjly$y*Nxp7IOASBjIAUnx@|1ACQ57@MXr5yykx
z!mOU5lIB)+IU6e<wd_Qi)MS=k3Rn;n!X>JXfYPW&{0M)=xnuhU^z*q0{nqtcT!QH5
zNT|P6=a0mG%J}p+eMUBz_T)4i!}($TlIzvicnpt6lT=2Mb^r9%^1cCMtDO|+9YY$X
zwsGOM8Hk-gVex$ook%dZMmHh29{)uY%b&T>kczii4!=@-E3(ma-HV%KkeW0p4<;VS
znP^C-C=E1)p@_?FHYci%^o)Hg^S@YlUO-uBmZZBdkhYC5w4r5zThj@F;pV3gMj-F>
zc*>0=o`QWJ1TI_@FIAu_G_wf>8=cNXpd0W7r{ts$2$x=bZBi%?$s!B_m<67MxgxTC
zK`^4NA__zbHRvi$dn_65E%5A4Dt%<Yn+fF6h^hu!P%#mXA7C#`Q0x7Lk}!_pG}TRr
za)maAxH08D*H+;^V^gQ+dd@?qoWo11hJ5G%6cO?m3Smdo!{ud+DuhqM45rA#{fePY
zNM=jOr^wJIwJuzIz1UR!O7)tIPvwH<A24<?#(_V2kGD*h^&ooHZ9N>%wqn<7)PIX>
z<*L-cD!toIaO0g@2p8vio5`_f=0rxEXkn;bX-(EdXI@ikH@Q*Tr2j`uW@3~>s{mTd
zNOPK7M?6P_|G_2#zu?D2O0Y$guASYVY2^$jI_!%dqhF5eW}NgdT9B5o0n0IeD9Im|
zmyz8jYsjGoH&gyZI&*BdBo~X`3*P_uM(DIw`HRq~oqU||w4`i5Wmxfwz>rZ}aczz9
zl9qv(`Z7$edL7APeZ*Fyzd<@_k+XA9v9<g@8Cr>RMMz-bI9Nx1r=*~FO5^z0vAi$}
zW~z*hcUl8-rKx*$qA7)uiy>u*Q<lU1B+J_J%(MzIQV;`DNvroDO>vFHCVs=p?#EDz
zvWN35w|T)*MsoQ#n}xCRE&CQ>A$Kaw?=H7%q*3iBa0LXAif_<?ChVKY8Kc?b=*?xO
z6q0H+FbF8})nfs$Z~(|v@g<ilylIdQrf)9-n`b=jDrPzKdT9Ah4VHDhWs85je$@>@
zeEko)q-5-*mkWbPb?ZoNM``utYoB%d*5fRja<aI+v;M{nEpjKyE737D+Jm{rNgxRc
z$FMi70PlE)=i&uk_&xaXIsCFi@D_jPgK8np!xF-le$-QZxWX&%GVH6|%<Ww821UQ?
zcW;R#eOktKls&q&1%&UyBeu86+J>vLt{Xi9i0-M*g{tAllwXl4avvUHI268WFRxbr
zzzckK5g*{cZ<^CHHr#q{@rZBTSW(*~V{uWix9ztcUW)sR5<+s{p~no*NB{oFY)3v(
z*)Zo4wI_Y~+EdB{r@#E@V=dXX&hhw@)~8PNax8}6bcoRyx^w%dKg^Ex+?kycZxjaO
z?Lo;8lXaYGUCK+`I(#`jJ?huizTyKRb(6B;HnG%59BuKIb1l!6;TBXzHLA*50>;>`
z5;h_KeWm*PwBw<u=?HK=sZVVh9`BkuyZK&E&MX((-(R>S8-z0L*d<0*M}oMNOSYLd
zBEBXTnL&7KJ{=)|dk&RMKR0F&VDD*!jDw}YAflPY{~`JbzZAnUi9BvYIIl4b8I@Ly
z9{NRPa*lao;YU^2oPW|^$58#c=1HyHXgGfgZ4Hj|d>05q7i5{@_Q`561M};2O5-nx
z7z_R=0HGaKA_{InoSzzEgp?X;ss?ShGYmdc2hTcR0Q4MA?tPZ&U|$7zNcjLzzCvrV
zw{1<qoc@#a(UE{FO9$|iD#v_OJ~UErm%I}pQ1@XXhHn&`2$!QGA+lIXA^9fYA%9KE
z=~#mfMX2Qhi?yw8l4m8e;Ag~N5~huy8`$W-K*|v0G`jbh_1(OQGP8NreKES-FvQym
zh490cW(I@3Q=-SzZ(OzBtuxG0@ox_QrbQy*vQN%{gDaJU)wW+ThXDy*V5}CyRF#f3
zw2Vd8AGl(npb^+mN3>jWI)^?HdKl(=>Qpj&EPV?56E|g?WNRFe8CfDVUc)v$0i1*x
zLLtdvA($(L4V)o)h_%_&13VmH(3TN`42B46Y6JyFl6WfF$>3bNZ;rg!W@4t)Rc>*B
z^>Et|K9@k})M#Q9`DrLhpw_SyUs8a?SxIRJ(Gv(JH(2R2_GcPHBoLxduxk^x7wrK|
zfYCQh;4OjWLBrgnBcVO;o$2U!9PzMccQh5IQnki3tO$3ZDm#;~gA>0s=k=@qv^`+z
zUUt!+WZOG*m#F`jN4%uDmZ)Sbh0U{EB!sW~2oMKRmSAO{BkV`Pz0MrU2%EhdOf^by
z5f!Gy=#_I<GhrBtO>Qx)xtTLG&DHUNpWco8Y0injcV~XJT8AI?^v|2!z7NIc=Hgfv
z6&R=}41ue?ThYDmb3jAIi@%Nt8Rv|xe?((_CDLdRQCWwEC`hoN18MRtL6sIkAY=8f
zWMi=FmFX=@Qpw+>V5Z4tBP1CXBR?~&Mt-6<r%Fl$%cGI4`bYCf;wOo!{UIpF&ST7{
zg<9i3&m(2OY(Rd3NJ*{=8lsc<wFDlZyF?0+Sv3Gr)qq^gvn!S!ZXZh~nx=#Ob1<LY
zMKnXL0hyMn9#$b~0SUa{6SpK<;tJd!&z`ve{#Re-myT0sY3qnUQr^&f=VV_nlB(1a
zVr*Dh0ea>P-w{4(TzN`rQoj&sNfgvBX|jN-x*`IRsTI^bT1eW><WwIbq20wNPL%wg
zb!xY$@Yiq69<Y$E9<YRoze22j91y}8O14gbv-%pUg-9FH_hrIIUHnC@khJX9A`%Kj
zFX9aj)IgKS^O)cWo)#F?5qWy!@6&keS`r&i8;0eMdSq$M-yUuyl1#k)N_oU>&uCNl
z%O=RqOY4>xttau^f78#kFP}QfLa(~1!^C9%oL-Z!<oX6n`Du?fH)Tq>)3lsy*WcvU
zk^tv8;j}ZJOv(hFrcgv~P&l(&RXbfm75nptW`4D!Thom7;S~k<LW(*aJA+m^Kh<2S
zdeE3-O~zm08_s~Q8(gBWbrRuOg6G=DYaT~P+64Rii>HA1UuaGz?xX0Xc8kB4B?uYi
znRZ3vN-&W*`5oxq8^X)w1`mo1pDS1S%Uyq1^Iv6E%sez|?f>8y7#a|8=Hk1oYU->Y
zJIqji&NM#GChtfMXVK^X`m`8l`e=upqrovlQDiGyPVr)EU8wNo*T#AD+V?Z>-<+|b
zT!b`z_(8aXXQ`+cnJ!025trR34RS^7qN(Bl7xGn?{*c0bQ<Z(2+Z(w>>kR_m?6VK;
zns|aPCYQe)6+TsVzMVr~xtc(@U6I`^TAQ|tRL}W%LhJPFgFGa%hgK^NRME-pPW=kp
z@eu7ehRA49(S7v(%cgPt`t}&B!T#5y!Ey#S_bPs?JpNbhoyx2=qLk!!g@zbnn4QbU
zjf=qJM*OqDN<qshbp#Q8AB2@hH!Ujj+yO2g>h)$Rtkukh;wiWx#CE-IfKO+ByQ=Bo
zPg4|qt~1_0shxy8X~3k0lwm9?-Y%ms;>Y`~5iB6#U$=O<AoNrrDvrE)j_dfgciMIQ
zsTUhSU`uLz2B$TaoX}h<0p*J$C!KkbeHR8A2WrAVquW@gr@BQi?l{8$u!3wiNo&lO
z!LbD^TP}fgd2e<m4~1}npvmys>bVk<u8`r>e!_dHGWq6BivCz>+rjKcC39HVG^n&T
zBO$Te?Gx3;^G*K5<<MbCt6*^?fQlm1xV>5AyzVb|#M17~b!Rsug4axp9Ri@^k*Nk@
zg9G_aoq@lHkI$tI`rcY!&%1iZ9W{A_K#*X?NY36A1}pS+*=Rca+I91d%lGxg_0pp~
z6*Z2Q#m?8TZ&$rAKA%VZ7(Q?WO)z#V%|e-ZxjSe_b?eDfpy%T-r`h+5=K1SGZ}0mu
z=h_)R%3T%jkf9Q>$tN{JhtWrN-t6LTl-IKE<=VqYGk(|5=LrJDl*WwYZ`UDhR@be)
z?XHgAnLLShoOALx<U7$;58;a-7MGUc?NFwbnsMh1m}lm!1AE(h1lL<x8i-?h=q(yp
zyF&Yo?Q`m^Vd}Ti@lUXIuI#e^oBEvnf7j>#@4AVxfIgu1Kfk5M%J%<XH!(I&Zr1<W
zP3+kTQytXq4nfp;0%enLmhJD_Wi{b$2~`I0FMI8#9yC`R6@C!Qkc}A{$+!e8={M9U
zNFy90nEGpjhsBHE8qEc|u+<jZZuN)Ws>2;}4HY7iw5qBF*Hm)Uwp$$@Y=4*DkGQ!g
z4uKz@fm|_SZ226V9J3becrjvy|Mkx!gMzYDE}eV*vRBfB50N|q==|y?g-;UtoT9H#
zgl6uaFzDX#&Qpwp8q{n5nB-Tzvu!-1V}@Dll<#iI$QHTWuF%Dv`W0}lL#>xF9=+$n
zh{-f*DhB+46PbF%TIimQ0FZV{SL~V!*(+|J;1%pbLW-#@<jUoD8{MSZgZy{Wgy!C+
z)6PlRbxFVNX8Y&ZkSHMTdPBOZygYfbaCmwo7sr*?V=pPuf&Aa4kLZEEJPx6-_E&*7
z>YT`Fou~}SmDOccTDbMBW{=>dS&~do4pVQMPT1dz>HdwuDbn4Em|sZ1m{MkVnn_F^
z#L_4b^D#1nsq7{IEf3D_%QU-ekk;}jXoqE=Nx3;LeU;$h`F#Z&#{V8qbJ=ajJXmnr
zHq_2N#k8$kU^g4CSCq*X4$Hq<O+2E}6)eC_AZSP8Ex=5oT%VlG5FG6!U^uP|=3fg7
z0_Swh<j}4wTry{;Q_{LIO5el#pQY7{ddkb6$L%P~{W=106=}v)p(XX&iJ~C1#`LV0
z>^R<9W1Zd4E=14$4kSI|W8=Kvj`9$J{R)2^2zmd$1(NyL`Fs*1{f~+53eU=`Jq*NX
zyXEiT;L_f&yIx^T4sG{5UaU5Pwm_)x`@E>E5ev8w9fCT=oB&?$R@r7}Bb)K_1-JcC
zlXm@@8G!|wdcNS^l^fWoHih(^MJ1*MUm4+jez+gOrtv%yn%37+-SN4XfZlauPZSr+
zbAUxfM+xV{lI|>;=a6`~fnp8|-AY|lxH@3K6NrtCC5^(}?y<t_aTMsdN~U)~=Oufa
z9x{2^`B2G<Nb2bzSsrB02>#d4hfnVzS%^5u{NF^*JKgI;n`6!52n1r{b^;ZLtQP8|
zx%MWfCKHLI#>aRBI<V<7HDKMy^>ifcSCp`_Qh6D@4lO_NnBy`GsP8ELb9nrbIDK`&
zwYP(Cl>J$(PMrL@9Y%y><im1e?p52;YXm<$l{oMBep&v)g39h(X`j+1?AC;9!3V<6
zbn@P9xt*-gO~0l3ucqApuj@UEZT#}dLY&I_)U>MWm-UEeG=;^`(@3e&QvV(!C9(h~
zSsn_b<{QvEBGsKs<>?e{rr-5_<^(v8%3K@0_RS65`Du&|MYC-p$36dC4+Zw$O1M|-
zLa!1MuMm3)zFc#|%?yjpR*6eZz9Lzf-7k@(NEuzW9Xbafu*lsbsVKqgV$$?_38htE
zAH1G^-2SQP$p>$R!eS$jz8=TANBa*W7@I#*S5npeB8f)?p}xG}`d6c^riYa7m9)SD
z1_eBz@O|EV`o+1xC-mR?(;?pq`0{@)NNT-fp?`Mz|8hO!vl;%th~Y+vJ~;RaZu==`
z`32N}TbX71;yszET0AttnHOO0BP{G8Drzc=6eIQ*HRv1ZgnDFaMaPSvSV?CPl+Z}+
z&)=v=bO3EdRTm!8zD+7=*yrTIq=m5x+Q?MYc|jn$krK6@kW8d3u*V$G>G$!Mc-wRQ
zKMxb=zJKVv?y;^`109MIwns5o<X+`&>`JVG)l9=iS1Rt6&-XCbTbvlbjI|uz+E%18
z$Euat%@s5%{VA8zK2!MRtKQn`c9FTsc6+LYyE-#zO`qvrHuEA1<@072gQQ{6(86AF
z>Z6+Ka@&!8@QH)NN|j#h=EfWu2bYl@$dD<xmwU3m3+w6Ex<t4QRT*IBp>6xeTS-SA
zyo831ES@`H{9*JB$Ztm>K7Hj1$EoLf8NAYu&N<oVf)R941nxU1`}*hmLpQtJH>9WP
z&&<r=c2J|g7Q82=H}0wyV-WX}u(#zV6=-gqL^*0ajYW=CXbK`6Xbt%aU?ku54g%VA
zyLQKyJ+-%j80;oOzvT+})wo2c+ky8XDE1nR!rP70)lwt^rq%7vK(|+SREj3xc}^ud
zVhk=!C43~hkWq1X=%02}Sg0gW8XFs<Yhrx#Jk&bw1XAE{KF+_-vo#{c=m(jc59)w!
zbmM<xltD3HKk|*6L-rh<Nr%dWLUQSbX6(j+T3Ezles*?tX{qLVn`G-^gLgEqqCskx
zS`oh`e+Qpg{=5T=UcZr)g<BO*r=3V!ON|jCm0*$+5XIJ)KF(+%-zu#Ww+=u+r4_FV
z4-6a>-3srl?(RDJbs=Swkde~fLPvT#XeqD-dPygs>w`q1?_qIF(HiZvR*AQ9P$7W5
zPSp=JPy?0N?7Jn3{-19)aBIg_u7j1D4YHECI)BkycU*x|D^)1A)c^#*s5r3oy3fTn
zVikl9Wc50$ZujbSSwt+Bu_tmg!`o8H-2c6rX!k}I5Rc0Z&Dea6J5lYmQEhq~ZxjQf
z%LBUid>$^+M{e|lSUD-a#m4j&cGK%&&C{kgHMKy8(x;eK_4uJNU45Y*kc|ohwP;f2
zo}}mr;lUP&%EfQF5}91YcbLl?y466m-CY0eA$5*^J-ct-lnRKl(02`>yM7%(om1YR
z)4P9?AYMHKAe>I7VbS0JCbg}wBe7De+N6G7BU2YWe-#I#k9mg>mL^J-^mwg#5BQ6H
z3eeu3$s=Ny^mVGr2Ji@1&|++C27jxjlO*5=uxg%(cKs}Xda{LFi8Zev8>DHI?$U^n
znoQU)1w0FJ+}djpbG||cOL%=hY`B$L7}%{yTOGEO6BaJqMg9FvSFP4?m#+9Q4Q?I~
zP+{KxI};1oxW)pqgsX2xzrQOr9t0$l@0C`CP-HF96X|pS<ULr$!pCod1>!_x*3;Q$
zr@m-IcDvjoz2MQCfuir6z%8pkPtePH+*-#AD2Sa4KqU-Tc_9;UETkr@^G=L&Wg)&f
znip4B#g+|{USz|OzK2nTF9WKg*NS{U$2C&ZQo*V9p2w+A9+$FTulR9<Jg31hnRd2S
z;+OpcX!L~izWj3<@Bry>$$WP>78*<@Qp%8j4nm<TI1LlzE)s?Qr)T-E2OY+6Z5M#f
z0Oc0{&S)O(d51wE<UYD;Bq`$ImF)txxbS;l4>KN?{ar-W{}iE&%@}LHM5?4bPg_~h
zVfT0Sc%YZyIi@jILc-5LxeLEa10RdSt`7nyOWxNv0QBu6gmu52_zHsC*-|#Y8@DA=
z-_J0vmf?$w9wdM?Z|)3~q4jbNhs0t`j`|=%vyjmuM{k#rF4NY=Mp&U(oX`H`<4&Hj
z>xIx{$4SgUw>W=&*E|OukNF9+9TqTDTtqJ8qVR{jlw1IY_~&&O7wjY|ey=-_jM;*y
zqkngcnB9G#gkcVS4<Hy6C_IavTj43h3nPz^DcV&kmm89lWRUC*5(MY7mRar}Rg(?e
z-bP|j$rsvR`$FK^toL9XvKUiYq;L%u)cgI6KjY=5SoC|)VaMh47CCtn#bMIDl38Wm
zvrgKL+O-0r?YT~p=_LugxLX|Ds(!~vGTz_QwSNx&9%~+n)9~_qi-ozjXJ`2Xc(u`u
zlYDymHRI4{ih96nX>qZzj<bTTkQfuGuRl+UU6}7>_7T(tCPpgL&`D4*AAXrs&)uoq
z&e~esXK?QD-TO574lxdkX{>NKIw<j%ot^p~5}a<he2_49xL}ceMp@Wna73jl#CFFo
z82FjC9zSbfLEke%Dw%p!3L#LrQR}Z1=4IeG)u02fW>*~1VPTh*Y!Z4cWH;)?TOGhi
zy;e`0Z!r92u*l@Cs@Bf`!0loK>GB+>D^ReDp}JawU-&k>i9%(o-a5{VLQm7QbLSS$
zfj}O+*34t?8%nNdS9px#)Yufug{p!^@JszZrD1a9B)5~Wg4m?|usohtq<cMkimb?{
zRX4puTl29fB(e(%;nAl4vW!ISjXjW)i)-MJ254qxTKKkDW>>4*3)k!YGSPmJq+-ea
z6h!)DG5foix=`<%zIn3f$?1Hl0-2}3L8FtSscDRht>ozbA>Hx`Aj&LiAk}b|&*vzv
zY`gQ?AAvC!br>iEJj-S6^P&Y>>GmjHybA^;Pt;q8#)!-&tEy73zlvTCO=^?Mu!rmP
zz-xuZ7q^Zoo1Y9E84ie#Ac14!vR_N8dkPBiLds**lK*s=`3|w8_XtMO(%M=n8{S=B
zK590ek)cINPM#C-6(9{e`)@&llK=m&3-bSI)dDqupxc2Ad@p%2hu5RQXmM@5^?J<A
z!z1M5Q00M|k;b9ONr?9=3g-18oqCw}T{&n0zP<`{0RiE)phvkXyPvY8mV92+(t><=
z%I238cTs%X<$lVVLCEV|^g3_<4TGB0c5r?$Gd>N{RIu?CBmwh2C>_D7B*eJ}RRiiZ
zu^nIWsfbsl58<u}>YY6V1q~m~_arD4gf_xUBh=BM%b7J2lCsF!c@AAp^kZIH>dGX%
zG`kE|ZqU3Q3G3tz%de&8{0orAzytbL+;s26K%30AyqT!KH&s_}9$kT~G43mmpi-33
zD<L6aDBDKkqkpabpT)}MFt0crf}V*Z#^mJWY;}jHvWo_TUG$BT9DX0#7+^w|%$5KN
zte4O2YMrWeK^A}iL37{yAcCY2M_R{BxgJT{BD%!ubPgR2;<wLm!LHxzeLs>*KTsbr
z(1B=yPSteDR3h*WF+^-~XVq?YwzescP16W)K^qGG6G-Mg&a3bq!aPMCzWZigom~PJ
z%vZcx>eyHd<ov@&vASLgzHe=qF%JA~5u(-Wb@mP-0<jz{+&PqbH-8W5e(ymFsQyMn
ztGykumt3*2vTC5wt6o>hfd=kTlAzRrb|EODAZcCqcuo7-=(RmH+DMTV4GoF;w32NN
z79Cu<1rRA(*x98b7R}UtlMAd(6_IW`v*hoY`YLs+wI8qtg@lBJ8Y`hONWItX1^UuS
zn=iRqL&2SH*Gm<3S!(!l9nTvRXQj23iPQYiFIw3;p}|Vd%gaFNpSx4pUOcW>VpXwi
zgbm4vQjS>R#S}H){dSddVSaZ_fhr29r}92x#DHK>l4Xlp%e(x;{UqFakWP_3WuPHq
z-w5OVq?03jd5f`NKDn}xQYHhQ$$Rg>(niWrY1B77Dx?NYSNf%>2Zh{27ia<u1UXWP
zK${?UG%F)EPR1TDV1-JKCjn0Fnh(eblHo9)U?2?}tEzOit3lB6#ojp%*f9JgnIkn*
z?N7cvlQPw9e6>N1(0y_bM)7ct9LlY>Cv62XGZ!nXwU?Mo7B7(Rv(PpCTenNTQ?Ucs
z@~}g_7)_+IHz^Z8py_>4+~X*^T_Em91LC=+vTrMF#AG_yM?G1zJxUCu;}5P+GMZ28
z#*1rf5E}fg^?OzDTMI)bmX(tPK=9fqw(<5meo!YaL&#$=u~Q^Ir<#w03*M%plj(Wb
z&`pOe7Ls~E1~aS9N2q&o|FbFdLRTie^Ub(-XCY2QVjte7yqOc!SsA7+TUSevW#O$3
zZc09%JUl$e^W#%?8gv`5Ig*Inumj;WE{_h5$edL;Xl;h>T0RD-yhfdn%6Yva4c*#A
zpXSHLq=vmt0E}RCrWXK#oo}1_>3hvXbw?DzX`)^63__;#(3|ea!S0x5XiTJoVE?~4
zp2*?IM-Dll<#%%-&oG$C$7Xq;rTa2FY4^bVAP=gNw^G+2jeCasWab{mPLqSt3JAB{
z9t3PRw5EP!ou8fETSmy`a)(J<SXuR3=J`J6yu*H*A$1l1<ImQ2Sjd&-DlHvlHcEHK
zHX#2X^d2m!>>$D|;x2NqgA!^WuHOr0DWk^*N<)rhff3Bw-PA;r9jnrQQ{fYev8(mc
zKN8p(RTmfMphFvlzLUNiXdHzx<nX#cj~!3xFLcbYmjzY0P1S1R$2i`-$ifo6nN6lF
zARcglMqZiD2{>ja)>lbM;#K2#cyQF|s$8y0^c=15mzw-7gk~zaNw){eW)sbB8r#S)
zcVZpH&&CmsBaT6fZgC=g@9#kGC&t?B^2++S1F+&eF!G*E)T6JTB11Ls8|3A0Q7DJ+
zXWPW=xO|n}Bi5njk?PFqk@D1{WF8^i-8v+Cla8IjD{=BHp&T5|$g$ikXgTzHlPWa)
zv-0L9m0s*7cD1R4+N)nH#jDrzdKpW@)#Dv_oDb5-3uPxlN+XuLX!sv51;RPEV?K#W
zJ=r*skL~Q3-nqvE^1cVppMcl5HufJqX}8u#3b?$`<7M%>43%%A17ZL3Il_G%OCL$U
zUiHe$?7lljY&~C0o}af{vO!~VuE1e}Ur|BHQ$W_ntkFEgQr$yB%qWfJ`3vJ$#q)Ak
zjT#4v4RmQ-0ID?-=B3>BZqNlbW@Z#LR1S0^b_wit`0agTKw(yE05dljmpRHkeJ>I9
z%YSQ-bL2o!%kdctcKN!T$mLBpJW!SV-{q}<%e`(_HebM6jOk&vT|~S4^9u-<!tv`_
zB8DLYy<*e7$%!e#`%RUg=B6fJjw7$@S}KuWE1{f!ahSxpofV4`8Dry@zotfTadRN`
z2g_zX?1M^rBam=hAe*<-U^Ft!Bm1--6vGLIL7<5*x3RAM${eVE{q9%(SF{QmxU|SM
zp^M7zcyYkgn|^?UtEH(LGqw>HcND@9(o4kWt2OgxpSk)1`xUlLugmhQrpGfB^XL~=
z+Xg0DP$lYJ+$-3HQSxGlF&2_v=Phfl1y0<{O)cDoZpX#J@#ujF%R*6uQ`^w_n8^OR
z*PWY0Miych(kS-T+9b(zd!b3D$<oH^H>6)M;!hnWy)rCDtd#7`(p8-6d}Aub52L%m
z>(bW&l@Y#C^OU47M~w80G%jN#s77KNJx9${Te`2vQSS9**g-bC=DWY@Wm0NxEJybn
zda|%cj{si)`0TxG2-C^d^$j~dFL&iGcEzTL+j3a}(67iWpM+oYKmbNbSh(A8PSBqG
zvfb9~+#Kz6dEG(?(*r_Q+)jH#h3DOqC2X3y*stI6wK{Q^^Y<7=S~`?lpkbrgNn2O;
z=rQRH{xR;&r8(EM*^-tBbzJ<yC^B`Agfyqe-s8TS(UXNvS~6t1=Ry!<%}7@}F)>!Y
zbm(elcRe!Z`=pW@5f=|04g;!b_F(^4nd2Vou8&Ih;_@eA)uGVc)R*7y<88IkT)xv?
zh`tQGZ^t0K%+x4Gdyp;zFfn1}WnX@}&=;CUct6YHa&BStdft*<E0D7mKeMp`>I$~D
zwS~-0hsATQO=1Rm`+&PjU#0eX!{@XN`7pK5kfj(O<#$OH7k9zSLQt$OYbz}Lf?nbq
zu_FbH9N^n%`WtoT*D5ph=+{h}F?C0-{El;7f#RxWQ&v+G8oa)?wi9w17;z*7G-_z(
zv)0ujzN@sU-1@9=9J!dg#=(AJVt|bu$(6=Hpi4W{XLS$(Y`X}3j0ZaQ7BuvO#+H(T
zeU@qgLYXPoYsacR{fq#9SEK8mfBTy8%hhX3b<l*<OD?o-57VlU_QyXKDRz5<Q(jV%
zk`@*g3>fHNT$b2L%mz93k}Wi8+;;ah>ra<WeT5q1?R8#ao}x2bS&a=_8~32wM!y^U
zWTszMt_{YVP<h$ZY3gWe!+lZxSdK^xNJGF0SI<$<Tx##7ZgrB=()nex<}xwo)!vFh
zyeU1_o2wHauaqVcWJt|Sf{Tra97^3Zqki|QpZrNh`bhM~v}a!B_xxr>vJV05=drQT
zV6=5p0`2$HQDpq)&2@}zX8E$eFwxL-5gDB|HnCAbkB2B60Nz(;V9zYl+PME?-#qGX
z3^k(f(~Y5~rY5L$mAE)e_O*X;F94zU=I(T!WidB=9q>aPyItYxJ<N>=lgc>qXz>7Z
z;kXYTpJ+B|H0|G&aLeAISoXZdlRwEpeTM4l>N+|)nwyiS-2UuA0L@y8BiG+69AQ&h
zHIB)&#Mr~(;64MNH5bzKH&hhnbYQ(Ulth9?Eetf6zvGf2s#qzaLn~xmuSR3Ex3}+k
z*WVVq!%)66=s~)qX2?aje<6}bZ;cWq5EA^3DI+~0pI%d34PXx%9We-JR=};{K2#Rz
z;%VeEH8H`&!C78h1Z@Oib0kW;YjsCkAhZcb12WRzf$|RfPK_~Al3?w8N5WYqX!wEV
zDqf92{Nzq{1_lNJ0e#Uaxm?`Azo&LUqrT2U{to3X)oYM3r7YU+6?&zcT8>?I=#miG
zjy=~@YuIQ$e3**rX;@iV>FMd2nwo;b@TA*a!g7u;RxNLJWVtrgUd%`?0&vKDLuRa(
ziG?l2<!TWSfj>O3#Bk;%FbWlMaxC}2AnfC-t2Y5mgZoH45}68ll<{^Z7VvV=LBtHD
zt8k1!x08~BPw759Jd~A{#Wi8{f+2Zl*rJlp0hMSRwe;>zv}_3YM4C}tGy=P|xk%Wr
zaZI1w+!kk}nN%<GUHO$lpX=+r=UxKG*IB{>!!-mf3wA%+(C&@Bdozhx|2p<hQ!_>D
zZA9%G<uU7=SM=ZSO@g{v($NLE|6k0#1#BE$lr9)!%#4X4W;<qPika=$F*7qWGcz+Y
zGcz+YW6aFF_5ZtXo<<stM%uU1T2^(dTU~YQ*17kb^L+=N$4#|&F|G^INJE_~^!~Q7
zH_??1O{7-ubh|p2$#i~rEvwh+goq7ry1pd$WO@BCpi&i3n(B&mZowQH;KS}uOHZfT
zJpeld2|FEd<D^8`ov0W+5pI`rTPjH%IK|8p{>udi>XZ9PcNBFsrWR>=Uf$w*HfP1t
zm1&D^P!1my^@yO%p!V&Or{g<5H@R2}{b$fs#13*=;)m9ySNn5Mn`fA(AfFjE;pwDK
zk)8~~yCW80{w(oq^&9nzdkCAPPPHEwe?ES`apIKmx4Sg7$p4k@qbVL@CtvgO?7Fu>
z)Zi$N4C`Yj-#j}zo1Og~3W)9VZh*3EoudreDCVUGAGT{slP%t^Y5ZgQir+mc3=-)#
zzFu+xh}wF=_LronPga=So-N!P&*9SOs=`RY=i!4sNaU5X_IZ>SLKNjzmzB2$og?f=
z5EDd#yb18n5Q!$iUGl}<0dDY)9$D{@?xphx7M#cRiaPSorGDC_GxZ2JSOlqS6p<_U
zYr<|}_+Q5H1cdR7W3#e>Tm%JPk#A@QY*dn-Xp3j6)RPygH|Wkf@dhHnn3^&ONviST
zkkL{6f)5-^-xs%$h+rOXFG}l9NX<W%oce5xDaND*RonI62TR%}R-PD(yE4#au49#e
z8%|&cx)&bW;ei*^-Om)8Xz8uyc?;36{y+&VgIC7@=Y>KiniVE_OAS_<rw)8+q4b3(
ztX*P<Gxc@T==6YSZ&dhIw0zwi0Oo;7ix3*Ey%?)P*T3^(NufClpGmtpXHz6w_g-{P
zE|8$?SsFzOA>AWFG7*46ofXOrVu1Vc9Bq}1uK-t}gZi<=f4zF@-sf{q{v$ge-QXZh
z#wlZ+LgcK?8JSF=9R%5DwA|}J@EXO8OTB#>f!HrK{|(&SRptf8;H-F`lv41{@0m7i
zy8I@5qsU1>*O-fYUP+aMP}41=kFnGPkW9>LO_`2DFSt$2>s-5a)O}LDDRNES2&2#?
zuaM8{)1fAu72lAEiReEBH^+&2YBlTz7fitrr&9N3@>q^Nq!?WV8fB{Y3Z>t#39*E+
zCtI_5rZf+)TIi^3k-_+e2{r47&OvkgJPbdd-)%D^!<4+#=d;6;v2A#M1y2OA@{&sz
zI*(8SmR%@6X_n{h^J3oGe34MZv+`^yWU%?Isog;yDr+RASTCg4hfle08>W@Ja5)!w
zAj`P}z{P0>E8q#1F;}r^xsb!Bu}lpWIs*$taW_Ft{I2spa8DQK4dcByl9ClBG^rg0
zGuX*%gXMY1zuH%&>Wv6q1THmntQq?GQCG`MK%Yj&we1)O9tCfs&ZQB%z~txb#jDM&
zsjWE+#x+e9OpKSLa#CBkS3bY`kImcrA))pU5>&0{!x$zv@gZvnrRQQV=>04a6wEih
zU*dfp$d|#PU0M>IXL6s(+8BL&2TR;ID);z=n~Wwy&r#6*5T7W^>+5e)3qv>G(gBV7
zmeie@`X;fRvYOY`4q3FD=kE{xA@Reehj*{3u~GO>P}nW5)=SlCiPF>56ZdbL@@xVt
z+lHp*4U%X6kdTl!Bllh3rEQ=w0_Hr=P2~$;x|L{;WG7^i$mjr)&?0!5QrD(vC!nn3
zQ&L8jw&ASRuRvRY-I9rg<)VB!TeB5U^~jBkER#0-bZ{Q_XxlEqmfm~DB_=q<pl3{E
z0t^Sx%Y;VY&ak8J@t$Py@M~H~ajNnCN?ogUZ>>SfhmOKy8lxF%`+nZomaIfXepQ|%
zl`hAwfc|tBlvB|$E~z4zSx&#97#sClQlyG3Rj;l5nGUHYhyG3dVD8ymCCM0Wv?I;_
z>#oPuHi%ZMG?P*Rr;n4dnORvy1vLf5ihBJwSk}U)vq??q>yVva_36e0%*@PWWI@N$
z!GC)N^^{WqV;nF<04+zhzZpgjhxg|LvB{|F!MYELdIYgG#vT4tU2yEGMV1CN0=XxF
zf`@)3H7$+)dYcXDsi3GRYl5wY(M?|AViw&+hsod+kEX9WUHTO|H9^P{P&A7zSWJaa
z#4t*vONt+u1o(;O0RaJkLQak|F);~-ly4QqyDHA<{@0MeB8S6-j2LMM={4A0uzwlQ
ztpLhDwzht&L+01^^z_u!#QSR`jkyAb#SDdo1P2TGRlwh;*IH+q&R&5AS)D?YKU2%W
z-oC!EQI`ckaCKA_6%~PQ7)dJRxL3pfnod|aaL9m;4&dKI{h4ds;oLxj8SVl_HoLhQ
zX%Zq^J@SjF=0~27&OfFpU<1%_sOJt*@1koeBcb!2??TsPLkgNC){;Q3lWT&}2BW`o
zZ1<l5MlLh~x9>l&emmao0HMu5X+x9M*14O~kS9lt(-z3-OZi#)Rq${M@6*uW03eZn
z6csrhoBi+5WKgXfr7yHTA9e;LlI|0VRT@Z3(>hdD)jB+H*BazbUp+wqxb7h@D(Kr!
z0P*=4OuOvhHMZu{zDlV(9Fj@*?Q2lZgy1~=f6irU`fdNqV^NjhM0<3#<->{9bzzZF
zw%4#COO<8^%}}m$$anfA=eSt;K!jT!`~793EX2=u{7vs^AfJ_q5}BEW1rl<?FVFq3
zgMZH5ouuF6dKcp7PJay%&uX<v*vV)A$lMV|r^C%WwjVE+F4841h(LIJpN|^a)DQrs
zn|x^o>IZ&+@Y}8f$TE_~<DO^?NK{L|+xd%Bd=Ag&ie1sv8?wQXXdTK-@r+(g$oAqA
z?H7on>y!XmVRu{(ubGGB46VpF$a{d^Fiua74`<lNXt4CFXAOQ_e-1+>l}bRU;e^B8
z#VL;pvy|(ivNc%FwVu!7@M!$}8V;upgoNLFL&55pJARPFN(-{Lw2)6Bs!>@qT5N?#
zofThJXJ;cN0O0Ab6~M0ss(c?1K}~a*4<gU}9h_iW@&DR{0hF*u7;R=0{k~4VeV4&Z
z<*%$Ke7)J>rgc)a6+G~FDyiy7$o`|3Bz}jcKuUZR%=}j`IZ@<5Q4FQx<v;wvQ;4|e
zJ%B;T<Bt7JT|&Oz4JPjs`5Hv!og?GX<j;l+Ja5Yj0a0y$)+jA(EretaOQc#T{|DFg
zpYRKcJQBK_yN)9t8rX_ud47gi4%h60wx})*I2sJk@FrpW>2$W5r-EmoCsu~AWOhAj
zLnig$Glv<rQd8yy84@iG014KSrX-X&9JX-GH*HFO&i^ojVM}30oA2Q9OF~xhEY`cr
zTsAj%0GlM&U35ae>vHhObAEn4+qtwmpi;sEZ36-zq;xJPaK&FhTd==38JLZ8Uc&qS
z{`r$53oFcdhnzr|P2C+lj(0EVtGM#Gu6*X>uSTfYgPq?R8r->NDu)1YquFU2fsz{h
zZHK15MR!4!$x*%iWv{WJVK4h?Pb3PLmYk~9_5LLwjJM6Of4I9JY(VXg#{0(8B>@aQ
zIjEW1vuOV-fQv7PgousY%=8W*7hh*_E7eh@6A+sC$*Kr`&FLu<FIdMXHisn0fi1u*
zQ&`8=q}T)`POv?2ueV~alRzT}#1i72^S8b>fD56YoPM93W85aWw=(^$!<f4caQb~T
zS1qMLsj0A`D2W{qcv{z9O~4Xf3=#-xHo3b{fFGi!q#UwwTS6y@+^gAb2+^6480H&P
z-wiNF{z+Dp-})*DWyAXyg_c0@KOzJEGk^ClU2rGbp1{lul%PW`FWPl@%m_rfq5Kcm
z_`gL`s_Kq}40F?JY$jdBHacFRk4p3M1Qxj59wa|)D>4m<CZ=flUSng20vWDx)G0P+
zXKTAY&IM`^KR>3156Wt5?Oa!(NoVs!p1C*5S_=zblMegOmILa3TWKUd%ABCy3s)*r
z(|Te`r*lO>ij7bJ1&)F>yTmlVJp&s|1TJeyar1KP=jv)}_O`4#b81eF{x6kQa|jkU
zS85g&%noD?W>!|SM1tS6%Wp?}IcY3bbFP`wvY)MVogCwgHU-WkE<JZCyceq-h^U&R
z$>J8<KlaF^eeUn3*Yq4qlNwe9HPJZ%(x`R?*mb4EAfSFyQVPMIG(^kdvjC1btNH5e
z^U0F;k71XoO)#CXUJ{!eJasnv2myZ)!Ce|3v!qu(uV75kZ~YZ(jsS{AYPu1K%jsl>
zc6k~MxCKYU^egf85IqF2OcLQi$6ts1L%xmx6+?{^p95DA_;praUm&<V)nRt>K+KQm
zF1xc`9%>zb2^xFdpWN>NWe$UA{X&fTHTwdiWJi$EV#%#1R*m2MrxL_R@_)n>?Gpe6
z8XVQ@+PBbk-z?uA$z@W{{9Z2f3`g)+XJ>Vbf%pnCsuGDEng#NmzkwSGtWnCXI7y@j
z@$p}+?~brBnGMgtk*oGO>n4S0b_c8{Qoa-RMD1JEvOb|z9qtKV4-O8LDR@{Tk$)cH
zLsj{&1Vaak%b}WXv%VWn&`?pqWORwzhxR5`&;x@GC2yy~c384nZ?|=b?=OqZmhS@k
z-huIt70G1nPXDtwP{;x`F35;;+qHLMtAstmLa1q#rY4Ui1)Hrt`70>D!|po*Wna^j
z;Ge_H8b3s7HAmX~QM=#8d%fq3CQTC0y2*=-^u-z1>4~|DtE`*>z3^nbvkP_Rt0SjV
zH%~NKRaT}ngmOJvqRTf8Jv!U{cU!(aGYSY4f~E>nr&w{IKOnwkhWUx5*<pxVI1Nx$
z9)?dkc;9eH3^OLGRk9l71#@C4yj=)%9(oP$qN1$x_^|nDM|Um8Mn`9$NgEAEh=c2V
z-F(ZdL--Un$gRObHmg-g)Ti+kyovfm#*`{+c<MFVWBWlQ^d@50L5i+NjQRjzj@x~o
zj8-C0umlqX2(q)o-vx>~0uXd!F<*aJOwt3uG2fqzx|`ZvQD{y9KvKd&7TOP_d7x#M
zE-G>!@lgEya`IqoIjSedsUUjNw|+B5v!Z*|+V9umqUk9K5fJ6X6m8DOweC#&c``dI
z08!mRbv(YUCRbcu+6#>}>!h0zW>9`41T9`%e56jh*Qo7b{O<DYw=W@FB5EU<W;sOs
zazhfnvI)kso=8l!z7>7B%Yis@@!EIy(4|`&rDZCYn#=W;B9+WvV{dXJ^g36@sRpas
z{A5wFbQ3^?h8eAyQB;4JL7tM5CNcej7eH$-w_9Hu(TeSC%=&@~`c%fl&JjI}!Lv8i
z@Cg@CMZ+IWp+1s(6v~B2ZiAeMV3sMptFHaf1knqIU^ubSedsr{`gbNYb_djdiNa~!
z&if{j)Kzrg8r%#=CbveX&99BEn#i}aWSxrNY<YKY0}~$_V%ncK0w?kWgGqJ1Gq6vi
zV@E0hUb&S0;{q<ps(2}@h?rl#D<vS2L~v+SNh7Zil{Odo-DDY!cDa@r@*e8jS;*4n
zzrykzUpWKd2GZIbFXvhn-GR+yY|PDHtk%ftkX9KPQE!ppEFR+9s#)R+tW_8k#@v+V
zqO{qyIO*0uAprvKV3aXmaN<hEq@?8EhgVV4PAD+iW2qLdW9H8`oW5k_sii+eefaFA
z!ei2S=+cTpyRy5Uu}vbG#ttx4f|e$I)v}InrWxUCwskl}-3uS5a@kDC%=8Ihuhi(L
zlu58*<X?{3iA{j&4@(dQSbnUs`g;323MWx#Yq#A7)~A~<@FM;1Qd$>#I6tKO@Bfv&
z6+td``(#$2XQ=>KVfsrOD3*G{VgjU+so}>q?emA_dU)K{Yj@Ae*eb<N<;V09K7s;T
zewI)2+wL|R8|5A1<Igl6#<yzB3%ptiPg#5{0R*IYrKLU#oNwI9TAY8oT!Z%wT<QbL
z2Bicl3yPbumV6y*OufH+v5oT(iNZcyxX;ES%JamINb|<|hDp*@<LiviOOrr}-q%4x
z!7g+fDrp|N^mlvD{pwu%c3Fn(?jY0aJiqIzm^Z4ttZc|#QCh05d=-y-l$FamkmIh4
zu_38p?%QectV(>6lJciTAhY!gQqt!AUSxikCKL-9>(YyDHtlJAp{kOw-02zw0!UKD
z{w36+UsXqXhk_Pqrng84fC;nx&lKPPG(P5E{p#H8%+21CPY_h-cedsw+re8GRj%^g
z<6XGCb1<5rq=-WB{?PE2i+lfc`jC;DwyIj1hnde>DRe4|2an_S>*sRw(}k1Genig`
z%C$vf!~N6uyOf<EMlms$A8DPQAUAj>EA3g)SR7t4JYX|`tvp1Nnt_wLsBdTxmBl8s
zi5QYeg7}T&*><0moBK~%_S(SC7}J>9k$EBZxe3Ov_m&kd8AKPKI#)3V3yX|)le#F}
z2O6vLHJkS`Ei#!5z%%d(2qW4*KZqqB#)}+J1WIyFrh^`1b8}#e3GFW=6w02aqWp}Y
zJvk5>1p@OPhsR=DhcywTzyMm5&&}BV;G`J0?V(#<v~lYLsj7o1ud2fta1tVSguG{l
z5Zsbj7taBb<EKx9p_ti0!C0xw^{hd{9>d3?#e`|&{$Cy(X4i6k&QO4`tJ`0TP5Yw0
zHm$R{D_rqfWB5KeVeIV&<te^S!U{4k0Vd}1Jn81AkD42;=HG#n>bi|wT{VG5<|?Os
z!S7`IV_1EIb$g2lh-6{l0<Dw~{&FtI3+VS|2hmDG<bOs+xC!VJ`0qTRek?k(3I|%{
zBERjF+k=_t7DyV3^M8T?RR?|eZ>@E)Y5*2JmKOmW9C9z+hLp|Xtd_;pL;a1Korw_q
zzSS-5FmK3^M}A&U{vtFGsId5AZelSo0k0P+p01{$(LrEk{<u_Y@j6MZrpNPaj)f5P
z@N#!*T%tL7`3(qW6T2X?5+8aK#72eOV+1zu1C1lsYh6+L-r}uhmonn10oTK#J+gz0
zeJl>a7QlO8d98u8gVsV?&AV>7#cZf7Zv&h$#k%%>toy49O^uZ=$aLHCE&{a^z>HXK
zb(&qGAGpeG3lsP>>5~aQU+?`sKX8|{m0-7fXkScd1Lx-BNzN5-f0zvqb)I2NuO)Vm
z$=_u8cP8kDzb4T(i9Cz`Zp~&LiS(C<HkY?G6JqSgd*aY{TF>YuBK-3c#_cfgh%~FD
zm0Unm$<0ID^k+Ka>Yl<i{I{FI&KuQz%5DwNq`aGLQ5w;Nn`P!^rS@2F#I0aM8~mRU
z!x@~9vQeUc01XdDzEjiwsl~9bt9#mKnD&k}3EpJ0Ks~5M!rNPcey=PjL6}fjNJ=Y_
zir(BV4Xqq|YwBoge8O)3M9$+IR)YuLK|Wpd@-R0$TO$E%iK!mfx}cOb#;w&WnyGRr
zQzv(HaU`hz9WnN@?I#o~=`94y@t6Z+vZ5WtNytUvo=6J7J1P0eZ%c$pdYA5K8~cpR
z!Acr!6FdVd%7@~Mh|Z5ozKK6)o*$AYqhMfQfN8H96={Qf3{}F&MDf*K)Ug%M6%%{0
z1Kh9<XPcx%l2R-~9?OK(1ZRr}JvLPPg_Ke}EmO5NNw*OnUuQLhpfyfk!ujr=9DKRx
zPW)5gSrNCy5-b&E3lbozDP)sCcM;DvQfQ9<p_TBoUPwTx(#|lPul_3}OHgELMeNr4
z_m7#3*x*l)@I?nJG}in}k&6QHSE!WzO@sd!{kd+PjM$Si5NOfoaQt<>#|#9Zzn`Eo
zaShh9t=Ut}Y^t0|_ReSYhM2>&ypQfeNNf1!rZCueQaVa~@>l7DmkfDd=DhX(P(;U%
zq>6(3ra^a-+W5wdDeYMPXwo{RB7VV1eR;{>M|0zkPyG_BCZA=m264_ZK*`GC;pXQI
z;gKr$k2;F&z@WvTeGwJtJUY5hV;br=`@cunK&F}Ip-bQ=e)?7Y1;pt}6@1;i<|9EU
zk+|26#1f5GSI*_;N0>MqtYH-u4cf~Ju;#c&RaV#oErr^lI1T0ud0qQEepUReAS;Z%
z$xPm<WkNj+kTHnRyF{)T%_*reH!+EUNaCT6$!_h%))kSX>^8+ryXgkE6T_9pXBo4j
zUPzF-KA8(&MXl<HIcsnxvA||2&}1S+m_)u_<-`|aeU>~ASu)JJ;S%JAQ#iUE<Z!0;
zZ9Zl;%cK9hSXT5gc)y#0iQ>3th@%*Q^|h+<58iTvTUI}NNr_2v4G<RD1M@3Ooq>^3
z&5*MYDgF4E@o@jTT+)gvo&F3RJ%QzQCM%GOA|c(+7fQC%*rxVpbmF$+rSSQ|G?RMy
zo!>|ZYBw~%yYuaq$>j}o@)}pCw>Vo!GLD<JM2(;pLB|!2stYBP-4kj)$;Ttl_BjpT
zsP~)EP84%ruYMPMZ#f==aohE{*$?4L8&DW>55%BLIWWm2+HG*+fpL45WPaUkSRuPG
zXA^UO{mx?1LrP4cmCj>T?zco(Og`y~dkzXv#q=%=RkI$ZiNyB&JvpTyor+@aB{DP=
zEA<0(y;nK4Rr`;3wfp7uD^VPwf^5dwy!0*#!B$#zZ>ED|H~qgoe##3$3_jQztNNA2
z8Rctgh>0>w#LBufmZ)Gz-Dt~8&R3`~<$}IKz$TGj6Iv#5W+olD(Ed#eUIJFEK&d>5
zrW;WSFRO=&Pg^B7Vz62PTzt|2qR{m3)g!WYHXihbpVyAJ6F<%WGA`KfHcXzH*2$!k
z-4zdte+Wxwu`c$Q$qnnh0TFMj>0s}nMei>8T&?p)SM!?EG|=pOq~0c09eF$ojVn>8
zHe5l4#O;f1hU&hasFS!(kOJNj5|d+Y`nOZGGdUCSg$RY%3t55pq9;=m)|pk{PH^ih
zK-&@5dZouhy`wEdo;l6C5Vz)?CHKJgnn*2JMUG~n$BWokAjmBVsm@yndl!T@>C;sS
zaLQ*ntKocXi(bZ=^ogCY0pp`%P@@+8zlp|;#|vqyEesUSbMa-T+2s9vp0etEpZt6R
z8a=+^f8M=%x%Htvw0+)-$S+%c9(J|NTlagp`5BtNZUEl~v2OYkf1Y_eb7ouusQ~Yj
zZC0K4EE9JR4{Khor_`w~@LStzvU_cp9J%Vhpa}et{?{SD=*>$I%P!-;$P#1z-&tb+
zZ50<*rvIG7rLJa$+l1`N+ohWY>)iJW0R^KRn{ZeUx$0CTCO1qG`{9+%*gj$H;_OI*
zJ7jCEKel;mB8G6-m>#8GAwG210QGchX@Kt+V-`;zcrbT3XGQkb!oW|p8ruB!Q8mZ=
zQTqndtWw}do5gX&!^haNoz?YTy&tya#qROwr|J2ubuuB+AzFgw_+a-7d^44Hd$BF5
z=n`)NB`JzmKtznE#klL`M}kJYCXXkN2QBz8k%G4s*cKj7*qe$t!L~^6Qx^^Xr`^ld
zwR@0a$O0@i^F2APJLOX#UIFzI@ZD!x7<Va>5^6Yt#20pnqzBu$;-zL2U(}wMfX-#K
zi*KpoN@;IUUY?v{$BOk~jA3`#90on%;;Re%s0;;~ay83Vow^g7COU$x9!sS#Z-QzW
z6|KUE7EfK%=HNN7bYPLiyEiTBu$YNt?JP$zARvf0;P8dM-_u!C4Q11e34Li`{#>F#
z7B;*0BKY3T7T|51G=xE3Mj+!*=nb;Nn#OE@h#!OYHoz@w?oQd+rK#>@Xy%m}z_kU@
z{Q1Vv59dqHplcVftD<!QQNyhIg-q9-{Kt!C%Zt73%o3u^lg@%_sv{ZbBn+;L7nE?A
z&r-y>u5yArofavXuVNo&8j|j&%jHW+8<r9jsY!DxQanFIrF4INFwH}$$g;5!I;%Wr
zPj=vUv>qU@z5J<nE@T6NZ#F<xc?imvC;sr)52%;w!n?$SfF~gb|MgBuIDXlnT@F4t
z+Ax@~#{9%-QQ<ba4nn97&H)SWAELT;Unex7{N@dHgr%^YSy!{`1@UEDHF-0V>!vrx
zD^#1t!CJt_)x=b9Oj9vnzZ8PNBozL{_?<70;i>*kr7)sERXkE055kl25z#_K^-NnB
z?wS!BF`#cJfz{-1^UpyJb#N=IW|{mnVcmzJvH%I&JnNS}omfg_5fXS1n(q%|`F@^&
z;p~~iTlX@}FW-Md`Rc)d9OzLl9Uy_{c;#@wf<o0oEgd5H2jRqa#|zy286kKUND^S^
z_o%%edQXa&@aPyB$;+Jx{)&{w71dBkju9`F!{wQB<5JEla9utvsd_719WOZjy_FcW
zJ6RA3Cl<H@iriq77<i8b3ctA|p{$(_5wbH1Ka%TX;CGN7MltXm3luRd6681KIML3F
zSg4JOw^D~O^=OIi^@Mzqu0oR<B<*k6+9svC{6ZWCAj1n&z6p{8y{X~i?AzF7k!qvO
z1>yf5lqxvGQK&<Vt)FN@j0uKjA^2qrAKVe3GQ|joVJ+gIbh9P%S|E{e;(|ekz60YD
zIQRWAoNJIJh$P$sCPN4<DMqZ7Kpe|!FGeh|PNwFy?zOVKzLb{E^>Z~``3ul)UYSTp
zPB!+J%A4&$oidp~O*tPawF_9pW-OGeK$74WtT^DDDE!uvgpd~PQiM>Jz$Nui=#6)Q
z8@DFcL;@EJKaYdz{m}r!6-FFg3*}j^LagPa;(uWnDfG@jw$DHpMB*}1XQE35m5e~H
zo?5G{9HXcLWeZkqO`=!RO<MOG!+CIYFOkVo?B9bxe8W()h2kQXNgcUL)fx@M@NP=I
z+?^%*=BTmFr34kemulzIyW-07>L_f5hb8>Ey~$Tta~(ejvSBCl#@bbn3NJF6JFm~q
z2U;`En0Ls~VE3^-k5-7qkZQiBK}@!No1QV>M!6tRkv8<@s%-%T$r)HUr()Y6O+O^<
zBiA5oe+IL8y2h}B$hIKDID7HX!mvX)8Zy7F68o>=<Z|$}KYtQqjS`XT#h3fK(?Kk5
z=4e)ti(=Qz$@4aQVu{3Tx>=0tXs9Vwlu<FZzEq<liiiG4-bzSu(s&d{(m4~zZAq;=
z8rl_D6krR22|BTXH2Tg`*|4DBk`}PonB(--@5ndP-Vqj7MUrFgPJe@KNHZ?#ajmB*
z=FS2f92N1z(FZat2%Z}{u8*faVRgvPgi@R?yc4H7&fL*RnDYLkv#OYG*(MF=5&b^-
zGWtq?{&~9_Cqr<GN-OKSk4N(1{i=DDR=)z1^VT4&^Jlj&Md^C}lq|$?IMYaqss+S~
zVHn}Cqy0>}Og*-;p)qCMGXdL`LTFVp8>8K2KtLxgV)4Wxc(vrC5vU_C16gZJG|~w2
zz&P^d5YLN?hP2a~c}<$foq6PIR6tNgu^N6ZS~)32^PLZ8<8RSZ1g8#sv#%(VDMd#3
z+$2X)`0lEn+ypJ<x%QUyAUCKAOa8@2-7D4I#aIe8$iD^z$stgv;X#w_J;z+azOMR$
zl<dILk+YXejgvw_7X;fn&%&O5EguE7r=}K1za9B$UAmCUWzKE};UL9S7B$NXXNDU+
zDlYQ~0vhlKEwNQexh403gI%Fiu3;agOg*xY;AEUFkvV!5gX;9SL_nL)z)#H>+^^S1
zHg-f;mqWhTBU2Umo9X7C6Q}?*DR_Fs1DW1X7!<=ej<P}+|A&&3{KR~RZ$4*z1_TnZ
z^ZGWa8;eTSkOKI>bJN|`!{tYUpg_DRdHU&~xgp7H!iFmeMMYs%e<`?pU5G+KAePq_
zg0CzMhYvACj#jA_^ba*=p4FwMtnu$}MPZ<`CBBL)PkO^nIMY?s6rOf#?>+D>v503a
z8-T9!OmL!{Pp-k_b16QqP*7JmAetPxp+FyRDk*A&7=v-;kdxSxg#hU*j?hm3DipLo
z{0GDN$oE+HZ+YtcU>-vBY<3EE)L!a7m%|74Sb^ul?*YElLb1ihpXu;3RCCaC=EMDl
zcr%4f*RdzuLo%9`!yo%z(E@zA)gq1eUN|RS>k}yV`DHa%7TKNFSDzX@cB)kszE)2y
z_g5=A@Uc~MEvxo2TH}ZUVswV0l;SLea$mIejZb)<L1cEIpOIgm(@A&>E3#xfgDpNq
zJtYCoVG(<K<IcGAmr8@Y?8BJ$SuXW!W{vI962z-n_4|Q_O2M8yAvpSeHTg;rj;4kz
zf_;w!=5qb8oWAk!ugT%g(+X%!P0tGy0r@n%jC}}rua;3+N#S*^TKvjLL`5|PVVKaY
z%5b#9^39QYd~#Y!Bfmvo;TGXWXZ9VNfL)`%h95wp+~d#L<8NoX{y8)~GwizfWI<9K
zMTCz;CP5GHC{#lc!f&L;{kLb2KIh(fl%YKqQ~7_h*%p=+!91|kJ*BO()N&|>>UF{s
zW}C3vBTb=Ls`S`bw#5wu1B&cGGeL#Lg_+sH)S3x76h}E=2jO)En7tPlxBc(J&G^dm
zzQJ^-1cKV+=I|-h%5N#G+ff8V{%{GQ$#$_Rzc^9MKRGJt>#kJv9}W)uQfpj5ltiK|
z8b4?r9H?#cxoR&c!1tWJ$rx@ttUSe}5H1ftpI9%g7wyr^q%RhmMkRgw-NS(RyLOFQ
zdoZ2S2zKB$WKMic3_ODCBdF6-NxlO=-vQ<9$e`jYNAYY<=gBbS;cc~osFFV_0{ULO
zfZ58Z)1nvU9Vh=cl5RoEd5|<!A}n<sL#Ptd-F$)WNA!Gz*cb$UKa+Tt$PpB#Cx7Pe
zvjoOhncC@k`2y3O>AgR2e=N!)VDI>YnJFbqwpuM7gPS<&6UHe`&qK;QtH%5N&h1Pq
z#p>{`It=tBD7aF-@~%2ZLHBvwp1M*C{Uy{KzV_mKp;yT8n>X^MhG7mPWHlNBHQ<H(
zya%ggD-^wzXe4fbIftX$INLTqc3HBEV*zB6Cx>GbKbxblqDs&~^0mpy2=97R(=&2S
zXUkm;4|fwSgQ}Md{Uqnl1*3@jX5vhKToB`(NSD70QQ1|-`_Hc2j1F$9*_~XIHS0zt
z*ML0A*Zba$?gI0u`?I#Wetts{B^nN`!=(<Js+xsnnVR-y!Q}3xV)0KwwPIQsRnK5r
ztbw)b;9ln6Q!K)3$3dN4?~K}7m291ISX)d1*AeOdxyq+47^B|}V_7wa6ht+ozgU<4
z3RV0qcMkIdt-fTskPwsa%GH2~G6-Z&c2tFuvlCRiAyu2R7qq)wL?Xf2kIiI;Pg;#B
zn*0k3R1HK1pCDEAnIK=an4@-?7xeu3mFQQ<U;$(%BD$+bxSpTQMs#1|u^<l6Lr8h&
zN9ox2sP^c-^sDydGhRv&VV|jlL)w1xV>VjM_DMcymK`5v0{M%;w7|H@6pQ^kX~TKa
zP?Vn->Ff0)4BK0VR0T>R=oYa8O-4+W5Tm#3kjR?dH}Bok^mk~OFLQDzKNl!_#Ues&
ze&;oq-+jT)ribpJim>0dWp(tOs-D4;!c1Q?R^8i&^fqLcHp)5Si_TLzbaMscvxYDJ
z=`ds^n!H@vQ1hk$@f)U$;dvsoFdF;;M`VC)tmiu`XSLk0eukjFCMma53d__?R42w#
zPD2%(_gFg^%FHo2ge}S?Y?53{SP-ry|1V3qW2MaN%zNoFVkjz_+w;a)!hmhM04%XC
zy>cY{kRK^9tz`OFQo}4K^aLFnre<T?PvIoOe>-tRq1`~SxyDFmTR2$y2|~IzGD{j6
zQPvK{%dglJ6Puu~7AT1I?)`tY^70W#scD7$N`0UWGKkZf8|4fS<KR}A$K8Byt!8t3
z{^eYY_jY4di?fR4ndUxo9*;u#;CgX%lalj38yM15Vq|#<{dNcN6LfLxng<Ydc}&av
zC0cDuTXBW&J*C`_#CG6_Q^JI)ne<OoD;h~Pc|nq&lFrhQ^r&Hp+?d5M&e5?5<XCwe
zbGPgKrPEj5eMuvI4;}@)OL;bBUs;=>#xYAd#6M|0l#+%sBR*Cs*PAuN3sxu1NC|F`
zAyZBT*EJg(6ivf=E<Z}fZ?3lH-&{|JvyF->Sr4XG9QNz)6ExYg9zUBK@aLOnb}z&5
zdT*(-9NGpB@o}?gwFVO_!l~mt0?^g#9J+kd;6yb|NHtv|3i>ZHPd|j$&XZWx2X<)A
zGCIz%Zd9c3Ruw<?w$Pm!g;Sv!QuZW?jG8hlu^8g!8dy0Fgp1nIISg8HM-_*8Gd~ci
zFH?X07hW#w|MqhKN3~E`=$QVa777C^^Z&V8C~U0sEdQw%O2?s{x>9OU%V*Evg`{;M
z@0p{$;1s5X(7eCyPX**Zobqb8e>M(U6&6Zk#S?RhLvzXH2!$>?9>I?~9yisd-4I<-
z0>R;NcA&hWL0b@SNMtlN+f%;yfX9CEl3CB5<bHI1<h*QQ%?TeL2mZ~Ls_@y|iHQMd
zpnXtZkm-7~!Ho0aOw3UQ_#{}LPznuz4B$+10pvhO6g2>N5lAHmzQURn1mJ|;Xi^y9
zC6GxD02k=;L;ism2>w6%iSq!v`(1xtZmzP7OTGC)tG_<+KUcc`>Gz}aw&zg84FN7*
zh|5LL+kZIspYimU!Idr*9D4Jq*!zllvjytE$NV!`=K<*W0e@Is(SL3umt;F`pb)7)
z`kx;N!uC*xNf87SnCRBYs;H!#5dxo?b&u%EL+KX(G1Jx2*}43D!tZ+T%X+!TUl&w)
zJLo_Z>+%Sat^qY)ZhrQ9_v*5|Mf`jkjM`Lh)Lkf<Ga{dD^Ll-96o!<E!eJM-uRNes
zWR-&sK+0v_iIm)P4_U=RDGtHq^cdQ`q*2(;=<4LPy=%@DOlrwoZ}Zv`_l0DZ!$|y)
z@p=gBE;^)DzhfC*zDDi3T-{iYE6NWf3^i$rBQ0Y3_lyhM9zj^A67#~bd{S?vdrg|q
z)=M&*FVD}nm?*zjlL(Jf*(~3PVW;ndGV8lH+SuD3&t8kXJokpIIt}3edCbACyRXHh
zlZZ^;1mul(@38BDOkZZZMfLt(chCE(E~^hGQ?Vt%{Atj1cDqRzAi9m$<)(lAA2BFK
z^wCOT37}#LAjRW$TzALgcJ+@j&OBYTvL`^q<9KUA<Z;;(vC?IFzn1aRXw*%3mXXT%
z=n=`X1sK>>_s+}J47L6NOGF$leUL<IEfocYyBV^qok6>UQf9B0s7F!w>kMwAObCSe
z{@mSNeu2Qx8>KFK>eq)h{EPLL(@esHb548P-yf4&TUuQ@aZQmy2)G19csi#s(o|AZ
zG&Cu6Hlbyl4)wZir^7LNIasO6%F4@CpW1G)VxvUDkpvBakD*Av>aBO*&IosEm-ADh
z><(#}rhNQ@Ql@rE#&V~WUhi;^;JG||^)2yv#vMRx?QXBIS={3{E;j3?#5C^=998N`
z34^6C*8^fT+Z;DQ-yRUXLZvO1DvhZ9o*)e|D?-@W*=t4(mjWXiet)kB+0^iF>jawF
z3Ohys7gj&BY8!YNogdjPduZAKWxl@J$@{y~sNrTA!@@M|UOoKs@O>Y>c6^-5PEQQk
z`Lq%Dg2K|BZvCtg2%jti3U)t`xW2sdegthG;L~%U<%j4E$(Y~1z2fUHl?y4c@TImn
zo(2@OcnnQ`fCVkjWp=!-$QLCihhmjJ4b2LgFVpXlrdA9sbQs}VwtU=d23<4T>>t_u
zWwf1FHlLN@dGEEXtGi^XbpqDQ!7R!rq;ocDp;o7P=I6s2uWg&n97dbPqsv!VI-A*f
zqn~uHI8BA}M}OnUWFQf7cNDCqqj%8J(WNB?_+y)R&%K}BUpEkaKs+BlKW5!&G{p}e
zuJ?v$-eY5bYdKt9|NIMx=47S4j;={AKRs19(6)Kp=q7&tDb<)nQ1U!6vHpw6R|J+~
znSb^xaH)zA0ET}E-HwkpaZF>d2!vQ};+=5kuzw@ne^$J`IiMUa&cJC5aWB~0cbHhc
z&-pPTaJ*}*YhX|y&$qvj%QhE#_A3Ta`!B7sWTdjM^bFmiv;AAYSljzi+?4t`N?FJz
z$_vfeqVPi`uo-fgm`bIyn^n5#-q~=Pjytz$wCkrpuz9?cE16AZb!j)*{heeDdQI3m
zW4|4bNlL<Zb&;Z?q_q25ROzh0`uBN+I`$3_dg0R;lU%nHQD%+1ep6i&laetsvw1g{
zE_L)@P&0x|C8U4<{(XO%Xj*mFgrd=^X`Q%LGRH6kk_rFLd2J)z){sA30?4nDyDa_T
z9@>=w^Gw0|;H~Rq$9jJ8k#yRjQJvG}-)5z(!Vvbyixqhkn?KS|D<uh6WLEF$UI@}q
z1gTkt)BQDjWR~mo0ry)Tzn<54-$p#+4<~tJTBOpNax*Ug$mEnondAKh(edx>u$<mC
ze}4MZ`ZFxGaz?7Mg8G>PoL*gf`+CAv+N4I6M%x8X3%#73E4SH$x}}wozVmtiw4I41
zs>{90-rxkY*%Iq-)W-`qN6WWkBQ4D?Pp~Y<EGN1wK<Iw|8XfO4Cj+*N`Qc6EUr=&n
z6Sq$0XK5IH?;ebo2k&xTt3G~{UXPg`PtEf3m4N)iDi)FYz9&vs0u9!3IDJT%zAvtX
zSP*J~KTk>v(0dBaVoBMTZv1@?xhS|B^HEuE^=OOfAOhr88rWwa=)>DSj<dG-Vog6c
zO>AmdmBqx4qjiWn2<X8sd7ZaGxjf&NaZNDL(6;R^)?LUlXp-mpyF9K!p4s?qQiBPE
z(I~@5MnmF?)|ZM31xaNF^G7HqvD^=<F4v-H>2}q<uTe?czTkV@q`Vq<X#26<JEgKQ
zJG4G)6Qxa!tJs~l&wH4;9!(=}MUlJQZTIv+-US0vl|-oWsTB_7Y>c<w0=rJ17L?Z$
z-O@WdGZ7itSDW^X807cW%Jy~~KYB_^PDNAVfDRR9<>cbsKMD%VTExyd{*M=OaH~UY
zYJh5<$*<r2REh`QUH|@ntE{2t`$rFn^R;>YQYp7OKc55+P}9&HFB)Afn6b8J0xOz=
z@o(el)kbni$>Rkto81Lr=Ibm1JT7w$h|2zY8?XI5`0ur97q>o`mGNn*3#;zk;5oAk
zWQ0{ZT3%l1T8MxE#H`Qr#X)-&^3o-7iLu!#^*yb&3NM*^e1?~+8B|*If)!(Z)PNH?
zionOj^ET921)>u7808*yFBg>#OVqlC<I#uIzLTZAE!i#n08b0Cc+y&|e=GsVj>qdH
z?iU1pW0XIlPn{xOv*ya{Z*QRD4%^dmRfjQqWY>}@>{fG&xKt2c&(#lJP|Q{{wlG`X
zRE3gR0)n~tye@@00p`-O)+d`6WtZoPy>@1{@|topJ8Ktvq%ut+Z4dd^M=ud-Yfk3{
zA?03MpY=qXFj}eKo6erp)(|kZtMD7V6cpx@X<$2+&Gw2Uo$|s)zPqMm<}QyZR)(P;
z+$5NlH^I~B6Pf&Te=`VK?$^{6OWXM<3p|_mJ(bF}M=xVzS2J;)PpxKqVKZ=ND_&RA
zF?%C4Levt9<sBI@f3l*1(q;uBxn%dJV!F&W2dNRPRtDqAb-@O=eU4g5+@9&hwxsH)
zMN^u51QQV^ed~zKzfd_HjyIg9hXc{8o^vh~;#g`_v)ZhoomBHZq|-Ufat#SqsHdZ#
zNGQ?Iqmm5`H&!|>y{#ldbWzOapGppC^BKQ9;IgS}YG#s4>7#~$#lhf@3$rlh^qcIi
z2aK(6W<R^!Gt<kR>z(%1{yAk}s5=iuuPrdsJ+yqUo`};3RW%kf|9tU}Cv_DoC%sti
z0D6zXS}s|XzjuM_8dTTUj(aY&45i+u2_QqHusb0~sx>k4yq%p+tT_e{2CfZddG)nE
zx(v|(Qm2bBU8LnXH*qF)c~YZ$@A@WYy}wM+h^%`+jB86gdPN^ch1IerMmIlN6mpAM
zMVA-&#gRT%fR+Z9s!KpPl8nRUJOYlIWxSkDf2MN|F^cOmtc=G`cy~mIgL2Wl`sVhs
zTSpH}qRp`nL)AOPj~vzfz0e{)#a#?X%4S42Z{~+1+DKulq*(fcSOz<O1|jVOo?`fi
zfUt~o#yN~$kt7un(V+CjdWF>*EvK6s3_Fq5B1f&Gh0sMFS^jo1i&<v_&|rhLg@kBS
zML|7$%D;qB@1BRG3G#0Dyw)!$%Hf=O+W-FOTK*}$D_L4tky8P&DPvUl@te|JVqhjA
zGnIO6;T3FRd3|Y3daW~x$5Amf2}watbE+uV>ZUhN#Y`^e7=KdB9%n0Dfi`?dC8mqV
ztAG}4qw$LA>Xz%<D;^j*%K0&OUlebtPT$}2{6M3skG^ISI!hSIij@&?#h(hVyi1*u
zM6#up9bZv5ndn`)vUuD&`<gbW8&HcToAZ+s!r_G#JXVJw8HwPhq%~ZH@ZG+3-uDD+
zVz<BlQGN=3*hws^Z#2=h$BcuT^QT7rtW<5IUnGWCCv2Bb*kN^eSzn!aGty$@bUz@z
z9vD-S=g)n_V_SdAbIXD}OstK8;uJ{otttWg>ZL8Ay4WE9QCDSCT@swo(1d#=-WqbI
zd_Z;Gy-MG3tflsz9}-DAD>x4RGDfO5bm=;~lr&q#pbOpSZ}40|^eYBC0uhV?jb03E
zFlRVln?y%6U#n$MzSp0t>?;wB3<k-pPVMsVaVj3q8#ujj7A{uHO+&FEddu1RHulG9
z^{w1cvRhw}zF$4e&i!mkcul?0Y>WpzenEx&%i_ent7-}g<IxY1_!wUc|14#KiG?!A
zdJ2E!7L*m+YMWSaZ#5fyMJ{1r|82g$ughSHhM9ykUTW1Eo!}AFOIK}z;~s3>mxh5y
zXCFSGds1_!5=P%bS}=K&v5%CLU%V8HZYI`MUj8r~PaeM#tD8`b?mfXpaL$BPQI9R<
zLY~aZf0rs!cSw5;54~gnBrfRpgXeq5nu-hQ#ZuKAL4o41E4oEW%|SeTJ7&bQ_Iee_
zqF!@K2{9!yIv!n}Bls3^cWq?TZF4ft9<IW%w0S-_BWSDRk@p)74wbFC4yWGTVq|R0
zX3p$P0Q5A0!4B`;SS}j<lFbO-$k+K3bM0D$8NDaYr{8ucx{vI98+njLs33`2*S^5`
z>q%rRO4$9PNv;)FnoJXqANCXzXM~lQMvH5P*NO^#@97+mC7nE-E;8#?Lwp6|xV@vI
zx@3gx^yv0EZ6gTWy&jp&+`#-26MbtKZJ`zc4H5X``FOc<9FuEEb^E%45QD7dP3?>^
z(Ofmv(NPyB^SikAWgHdv<Z}01*>Gne0?wNcwTTKNiPh$)HklPI18ChtW8cIYcCmGZ
zPNyxdj&ab@YE4H^jmarOc%<B3kvJ-@R6$70T%%1~(cE^!q3zeGWL~1^%KmS?aR|Dc
z`j<CH2*PX<>PG{8s2E0RGnV(-I{e;eCAcd(9Q4juU{qs^GbTZiv7iWQ9bi+^QtIOo
zEjx39lq`iXEqR#DDyZbtGAehuS_uqoDNuhO5_zlZHyzCHo=PsvL(##^def-dY~o5a
z!2;8O!c;%7AJ9~+mUh}?&86VDlKQ?FA&%rX<E+>wTTk;h*Ilk3XeIJ+1oX<n7N)sf
z_9+xx7UOaUaI}F_61D{#fpI8(@elt}2+`v5-28aPi`7ikf6SbpE`);r6U$W&w()#f
zk1;iLt|;C=EU*?{_^obEF7pBLj0zKlxo60cmJJI?S_~}+@gYkG9&m^D`)PJaG_g4d
zVXClT(fIDM1uG{fJkC_zUuu>DmH>vG!XXvIjLL--p3XdUF68o~)YX^nPMfoQ6Ll!X
z?SGzUtb^ZZMuxCcjfszmdhud9VrKq~gy7LYiMULTdLqNeX4FBuing`NE#w2wMWdEu
zBoF63vjde>xTToZ`BBDk9VWQpIc&&>?dha+p4m{h-OvmN=l!f;YBENR*`md|=~y|Z
zoK7TTyFiQp`(VX{6o>0f?LzbU-8iT0#u`$S>kn?K;|Kf4PB4~qBxV#H=vt<cj1GJR
zPHr=A(%QeM5MGc`8pT{Jy{Y$V%5f9~ZOm4tHB9u?^)^f~LVaoF)Lo6Njkh$TToeY2
zb<L>1(`}Swr0NT^E2f!gIFn(xn@+#N;}3Ps$D>ElLD}C){Eman`eXc+vopH#3!I-*
zrdOZ5^3!lUiM2{`-4d3zb7q_MF@%&mPo9ZI=uYdndD)AZuC|d2*xIDOj-edr=>nY;
z+<5BXW2c~=qbz3bcxsb>cMTJ=K-AG!MEp86VJJtHZD#}^Rl8cGw#3vCCeN3nl@{d0
z9N!8g8O?c>Y@H`}N?NZ1uCfcu2Q>?S>2??)Cbw<52%?76<PHVd)uxo8F4>#rz?gHU
z*1C_O`cZ(MX=Z8O!8F$lm~be*%ddvGTByKG|JIZG=E~!jdPD|B9ocWXd*YCGB!waA
zwsU}xdW68Sp~;ZR=D>ocLSwyFR=EilBr++Hh5HA>RCh@e46rmNOihY{C7)jr@lXOR
zbjS(8%hC0X<P$)=fM8HHa46xDladfo#+EduI+8-|GZrB5UfEwoV7dLe3jWvQOJ6V`
zf&~>_q`ghNcO-N|4HcZH--S9H_ed4-GUp5@sw~no!Bl?JRVAA_56<)lNGQp1J%&NP
zmd|U##k_LH+>T7&hFoIMn|7F4ed}3HU0sQ}+;|^lZpie2jL3giIaNL~CRs9I;a>U4
zC~9oVS=~^OhD%F0HfuEYOS{ToYorE}n3&TdcMpIZJia3AX~*a|qEa%JEhZa~=ws`f
zJ994aYZiZ@kU!|2ywTNqjs6jV<l1@mbYf6Dnc64Fr@m{Z`zB|xkQ0K3j=s^Fp%X?H
z2zgIvFxP)1F84U>S;*UifXjX{DebX`jW3L>7wD)LnA@c&>dJ0=w>pHdaB7Y(|9cQR
zO|6^-G>GuwEPq}lnXXd7=Moi6335qG!N&mHEj?!!SQ2f^We_(1>(T0V)Z!p##G7DW
zBJ*dHLOygF^t<Pav{zxdOX0FTfvL^bl45d9O3RrR>BuhfNa-u}oddR;Xo`EDnb8nv
z`Iqp8oIKK1I9=^%^E*C|3ekAd)gSd?oBASBPHRMI$q!IoxA~WwE}q+sz}C6`P#{Gf
zNLt%O0M{xov~prm7T0mE`=?$DCYzScyn8CWZJ6ua!LFXP_5E%B*v{fSS0Ud-b%e`d
zz|c(G;i^duZF;Z^4FB=xwAx4a?4(xv?qw<)0ZAw6sx7_VBw?G7jWMbO5^g;hVPVTc
zJjxB)4%EQ3;NO5#Us-*5jn_$fU1wETPO#|yjFG{v`fkoCFXKJWk{!M(Oj@n;)G)gG
z{L@<5{UB#c=Vq;ao!nGJAqQa<`>G5!hr#zzztxqT#3uN2oTx%W`uhCM5O?t!-HAZi
zeSh{^F3W4jO20q7tqBGM)phR6U+mICk6dedmz^lU^%Rny&!{Vsp7K&pru`~+nQA?X
zdIGvrguxX<h3h(t-}`enmRS7U_t?>%O@}S9-|GD+iOXmZh^L52Jztl_BLh_vEHKhs
zSDWwyD-g@OH*Fy+fwgKZ_WgwT^yK@-fH_J!Mt@4akA%Nd>2EXEVG~y3!GU{2on6Z?
zvF+kQ8S1<UHOFSO|MfuQBO_`GMld)QyKgaOvDh6$A+%?LD{(tU62}`7CVn)oZ|=Oi
z&T@GT1uhoKV@XGd^_NTgc_2W$MtD33%~U;K-B~K0swg;BS`IvPQX0*6nEL|jj<+zx
z(od&a-FeFK7xD^2UGZ_Z=v@Yuh`^rn+R&PTWIa$A#N7>g^z2oa3@vZT801o7oK4xx
zt?SO3%x81*epds0*9jx+Hn=9v!^Y#DkcJ|D>GE6>SP{o=QP%W??z}dke@b3yBU5Cj
zoeQs3=uWBh(;sX|=@Mg_u$CDdNWTO9g`Fvl4I^n4?J?a#n8m=7pztLrRhxN8SV2XY
zAtFDpRqf?pAprxC<1{L|GX*8N0Ws56jiS}@?2q}@>6ItggKKWr`NL@MDzoJ*6N^J$
zrWJw^%1Wc23}Edp3%xoLRk6c=h*e!7ztyE;$_NTE{*ZDv;76qw1N_}@7GfcPjb1A|
z`i3NHoiuxGE_z8`ZHkSFeW*hQI4u_6p1fq`h%x^EfQtW@*n1V}UktRP*#e0q8jY&+
zgN6R;e;|QxME^&Sc_K<qPFmj2)rjx^QUFx|vdLaxU;vZ`Py82OpKwV|3nMk$XsJ8w
z_R&ug0w@7dQYb<tOV5vMMx$5_41h2oOgTDJ_}`R)4Qp;l69dD){DGz&LtX83fBNg=
zV}1ci8x=q)2r`TekB^T{EwQrvLomGKrj;#KT}lULu$kD3ulfkEm6n!XY_#E%?fZR2
zq@<+GdzZ=N;I{1D2Xf`x%@-w-DwJDXEw+h5=PTSUH9cO842&?*&=M08c2Z(u#DoF7
ztleA~KAZg(<rmbB==PT5YxDWxmc#MKZ@JaCK3;_H^xuZIbBL_BIx~>5%B!!CWx9^n
znO|n+<Bz!*R$M7OA1}Q=PPceMABy0JhyTG>0aN!p>*G0sxBVUA<8=;U*K4=GBx#~J
zQ@z=mf|Yh^T`D69z<&4uREqaA>+@#wHLG0#ttg~uDjk>6@t2U0Hwo0j!UB-J$nJb(
zeV6BNwwvApD+)j-TN{>}wbbi(905<08BN{);_sp`QaK@_-y0WJ9lp~wc)rwWS?5q;
zKstP9v?L_(x>=l(6DSG+_k5kYM7h3wz-_xf+M7+Mx0}@3e9tZ|4K0!YS};uk;8UZ;
z(nkb-M+n(qiOFuBh>(7(#}EyyU-Wf7@K;zk80vEreO!-SN5z*-n%nNr#0exj<#zvH
z#JvSn99`Egn2-PgLI}ZwLx2$69Rf5E0*!>=7Tn#XA-KCc!QEXNcX#(daHnyYBH#PX
zfB(7vy(4$c46D}aT1|D;k$ujo^E}Vqd+lRNgVn~?EpbiuYwt7;_g@Stm4AjYtTuP6
zvxK3n5(@V04<0_G#|E0NBI^QfXLQ<h>NV}B8HZP@Y$ry#M?jC}MFEgx&*moWj#|q@
ztw1{S)rM%LBdZCFSB?PtPN3zCBR7CLpT&|~OV~H0GeT45hY=Y80DJ3kYRkSM<VO~h
zm1UZ5qazgyCh)3@2LRN~HOtfAgUx_HVn)FWgg0Ht!Y@y%aN;}?<C)F2EZi>HwQgX<
zAWZu4qtTOv<Df*PZ{Iux#@QiTrcsrMXhhBv<*nX=D?l$})e^QMU~d87=gW=|*oonv
z5<YAohQC;ZxL>U4zso++Ii}N{^q4cGTF)kd$aO}4G?p0ec8&bz_J)G*p7{`P7xm^#
ztTVpgUIbW|YRnwT6l_h5W{SbV!FHRu)0nkcgIvJLoHUrHOXMnp&8jVfqK=yA@bnaU
z5!YcEM0;GWL)B#Ttx?J6S8^T1AQyIle!e@Arm9lyc25F;n;xtwlv1gY#t(pZ&zAiP
zlr<U!F(*9eU2#C2`^kX2*+L0~(>gLBK=<@F>zI@p3JS3@@*zZ<01T?BIhyrp(^Khg
zS?e~^eta%G7+V!2<V=GV%55mJlpKnPO(}z+evZ(>0)W#e-&k`gms=j6^~|0`sYQPV
zSDj7ugb|a6^0{2vkb*Hz+CnPg-BS|3Xf0ojCG}4Cm<fm>o+P(eTGd%48j7WCueP>z
z>}S|7gIqK0Zw8gk6^qme3mKng5l1XTDe!ACXvy6`BXQkFk3=At6TSHvX$gu^qW>=Z
zu86t0SrN5dZbHjMXZC<Xo$Y>d<%vC+d<W!W{z3`7hQUTN_^U%q8>^dj3=;6f3;Jh`
z4kljN<sMmv;c{)Q{_0qAfuT-<93MMs79V~WrvYA<@nI97=w9gZTn*$8K=T~1$ew2u
z6!b$y#HCw;&wuD7QUdhOjK;!JbCOrUuC71rmq)-3pemi?pvntMuv8zz$2#ka_vW91
z9G9Re<xT_an%tDe7LV6UsQ4T@L=OOlUnlfSrl?(MO+37&!T$a)O&Ter&4&I9Nuc&8
z92@#n<q_RMW<Q79d5)3x?s<X+81%J{kVC6NV$q1KNVzf9AEsq+`z9q>WA>6=jrZVG
z7;OUd8=;uVeR7CUkxUon^-7aY+lXxEZtcLqvC4kQ*Yfwss#0Rk5|2aks57OpQYZE^
zL0%hJGQ~S3+<1PQ8i+8D{=WAML^KJ2%+0tKPp6zFj&)cOi)TQAZQS3YC1dS;q^AcW
z_Lh{Cz^?ynZHoNy7ZULcMypBXa26HKIhs)Dz;gz|t{#?7bTR}}5M5pF0bC3#n)q0!
zLfFIGCq4_56##y2e6_)`66mH(?frILUiAMCXZ+zSh6$M?L<1(>Sw#ZNB7D!qznPuE
z3%OynoAw;$y9rC<J`*%wPO!njkCnR5XF0h=vla_Y`x-HAw!93|`$?KfMa1o#u`_PL
zzFqOWqg(WG=fljft=0T59qCkWPi?Byp0I&iR6?7Jo1v|~;k?Sw3*zx&{U81cq8Y5^
zm+28H4KS_#*#mzoIUf6+p(-#4PZMdpR711cyt4ieord6n#-|$~a5%T?42vDi6Ua7E
zVYq6p#EnF&+dp{yl4Q0#%HW-nZ{&EzjtzEw#Ak3^ky>2qc~sYQic5Y_VO&S`S;83(
z($9~q(oVqkAWD7yS0<9U*-2nEp7NX>!r8RdCDaQsjNlSJ?=jq*?S*g^^SkT-4s$)m
zUd5t0r6hd?_QNUsnh$xwr7vx8=pIXYp4o7G9?&0Dzq6a+-x_B42x@vCD+Px#*Zf%4
zmPz@6(P2aA2Ftmn;xu5XCNaBI3S3lD!tb=@`tkb|?<N4pPRk87+wHSic3$PPK%Qp>
zWMoIRUIyq;f_1nVH4#E_d-~Pn<T|QS*bPWwI=RF*!|}DaC}ad&ED78;sUmp1)<U~Q
z@XMfAIw(BiYpuDDW#yWXl_0!xvr9Jv2DNsBNpH;k(J>4;q%&}>+ZYw&9=pX6*ALEe
zgxAD92Oi`-w{P&k$RF&^K?jeGZ{ex5&F0*;gLHNZF4p`->)MMJszR9S;KSRaaH!v=
zGD^BG&MIRfJ;F;U`jF@LNGKNXjhno^4kZw%ZpvtnF?fiKp>I$xqFTej2`>baq*Jfk
zAMiO|K6owf7R{B#RLE+k+8=RD?k3r9<L-o0&g2E;U(jZG#n#rn)PU;00DrxSF0i?L
z;8lk@zvv<X;#}J6*U-E$A?bgBlzLQ+<bAn~x~dP_p;w-kpPz`V=2oe^#OFppG~(|a
z3eudraUj0P{t*2fAMwRvLA~>R>`k=&aJ$~L!ktMhn{011sUV7DQV^)Fdbe|?695^J
zM5l@zgJMg6Rr-6{PR@0WHRI7lRO8p8M}lTYKqh1{DdEh8CTVS$MyKcX>>C*dqxqFM
zuXOl%>~m#_Opw3PyMFJCVK#Y~i7+y;8C}~oB>Y;jcnId%Hw&5nB>APheD`%91TpL!
zk2g@vmO>t-B`*Ma0=xykx2tVup`|W>Czs>?NDGn!R0Fi1=(WDH?BN|qa=YTT4$@9r
z>X%H^nL_|Jouw~>aUSUi+=&evT5wotN-?rASn(j|JQV1qV65aZ{Zj>O(<Sv`DZucw
z*#mn(XyKLWOxenZH5=4qW&7x8@G<6cjOFF0fZ&PMR0);X;V7OyNv+YbxiyG~<1TOK
z55}7u9!Z1Vp}Y!^d6#r0LDmEA=$7mbA*oQ?Ai3P<;riZo8yUJ?Ly3`May3gGEpV4X
zX}`zgoppMOVv4g?9HCdMHSh*GAQs(c-&{|ZkjDujYGNOUXeu|{{phmDbXq!=8ZPRU
z*_Wl<!T13(`@2bHxJ+^-*XaJf+87V^T&s^SuGe$&J{(5s;eZA(B4at2y1>Z69_KVO
zmQhl7{ZP>5P{{$bJSta}tuJ&<D}PE^rJJgn=A)}_q}aeqb{rG7P+%e;+oYX2VT*u!
z`)sIsJ>oQbU<Sxp;E$hnRULXb)CwwDX$pBUm08MRwt!U}a79A!9d)RB_vJ9jSD~`;
z3g&kosDV(afv@vOJbQh^ffSMZA0A#>?lf{olIS@0<^_P5P6AmJ=7`tDb-p=>Cfa!b
zaKef2#|>e4CJD2&&s+ic`A6ktZ^7c)Ej)UvdrK1)b2<-+__Ci{+U<<UWR*6X_-Qc*
zaoAylltpEhAPh6(j@}dMt)12$X6A6I!0!q$Tn-bG!=>9d^PW11C`DB)Tl6*JJsG+N
zEgEN31m&JD!YFF@XLTefu(Vz<GTE`?R3Cp5xw?k6F3y?*a6%siy8T0EH5i^IK4_1H
z3hbn8tkkd1pk%zqetUd_Ij;JFyM5;&2+WOD&ss}2_A!Nnjk|ZVeLS$tIZ7{zcyB*i
z|Ci?p&27a}t&N45J?ycuYVA*<%MT-@FmWE6<#!;zkK3j{Y{n?fZR;!L2Fd2<N|IgB
z0HpxdNUTFNjazZ13kzdJcH#6|+040zLGJQ&PKA>3S~?!9$-_IL@v&F*wf>ox`_XLy
z>~mjA<Y`6@ho{gv5bW+M<v0|;P&&b2s|B>W41`dQXsgy^D=Mipa<+`Jl&4wYP~mPf
z)luY25#@Zr=I}QekG_dNi7t!Lc=3#D4Xk6jT}$)Et!k-k?nX1qUYTs@3vIapv^*MV
zz(}rVtE|hK{63N!FvvFE!(`dXNx3nZaJKkq*PnvJJYRQYFmVJ<8;3oV!`T%)2n90D
zCDU^kRt4=14KFXGa=Ayee&G`7QY(<dc(LNsH4fr6GPXIIclqhRkNqwq;Po?Z4mUl`
zn%kztI>#=R`44Jn;3_$7*0JGmNaA*4P-}dGhV-<qZf~puy=mT6;`YDW3B9uIK<T0W
z4~l)1G=^+cD;{R3>p9zxStX*ecAziQ-_69Zj7q(p5yn_jQm@o1)YC<pzgZ1@&$(R2
zIz&dqZ;xE9Uo@@<U8;Bs7Sv`Nqg;i)5ZkvOui~P80K&jZwK%5)utSE)c$EzpU(W6k
z0V7g6jglGV__wUM5#E4*%5quK5HzYID=&<adBfimB8XheTww~WWTFS=q0REmd29mS
zx#orC1^$N0kzJ(}U?go9CPK3NOfT@j8fVWD;q~V_UDI2aw>=UKB?v;WLz|G=p*g&m
zBN{iH`@F`thxba@@oBMa3rO>%m<1Jjovh`<Le5bk*#WebFZnHhJDO|oo0->$-m{HC
z%d(L%$qBLoPH0pg4^7G_$wWa3ExHtBJbK-WoQZ~XVf~pXuxiWmx%|D(t3=$EX<(j?
z_lLBAct+U@r_J6}VeE)~ZRac^>^5OX7$(X2fDzu1eq}0@%8P`Kpc+iy5yj=dthLD$
zi6nkV4=JVmrvE-F&_#d&ji9h5LAlHpi&T8bO+e^m_L<CP>xn1;+RDkj7ofQ<sn6%9
z$Qqb+@$)f!pZFc)Xlu~`uj(ZD&HN=6`(FL%tJF|}M^DNOFYl^nMM6MyH5k(~9Eq<#
zDWxPYjL7y>AA1q%gnwgrTK+bXY}{0-az*8@SuG1<mp*!kx|k>~*NE@Moc*e|G8o^Y
zD$p0_Ssxr*I=32f2=R$#-b<jYSTAReSE!JvMI)^%<7l=rOW7H7kLO#eGK(9C8$dQq
zR5BoK?#l=`{5i9b^|F%Tqp8b}mdWEB-#%h73=_q94KFo1I5s9Jy}b!Y(XkYRDQAN6
zF3=6*^Z6u-wNPP6j2B5L`)8?NdVhH&ZgY>Fuis@4EU%MpO4YAVayM}3P<Wb|kREiz
z8-lAYbAia*SRO2Sw`b+L#Dm`CRIj%>l7|MNI>cY?{9PS&7=%$3dn|v;eMIpB|A89~
zX7z!D{qFu$Mr@yAm>HU|KzeHDyy}P|#*eyte3w28l|&I(DVxhx5MqTNI(9If)o}^a
zOb1>e3`DPgumpIln$Oul_oaWKSKoOG9UTlUBpiMoF>6n-f)dMCm<NZtUg6NpU0r{(
zo(|d8wC`!h*7!qNav22Qk-%um)nvkKro9jxN2d!(Cz~Bcb%Si&@3V(1#jveAXbPo!
zmRny6)?H1V*lW826;-f6@D0}cIQPaI$Sv)kD)`#v_sE{`nR5@F&Gc<I%i97B6YZOB
zW6tq_LCzx!`6jD9f#oI|ueV5lF76i0p_c*Ov4k$b%hb$T7utaa{JRGh(J_^sbmDuY
zF-{F>@ZbPLJikFibFYo*QoX}u=OiEupeX!a&grric{JlA^pe?O>=b23F;X3wRE4oL
z_phdN>^})e0>(R^|2ce^!7_NLh3~Q3dBT=TvebG<SI-=xN&=bzdC>N1vAY_CeFrt;
z33h7GSU|zMIbNmvkROrgNJFk8t)k+Eam_#@B^Ox<ABLao`J`9*5>DFrO5E5I+3EV4
zB0IbO`nqR?_0FBv1a4_{`w96GGRz{1iH#u*0;ZJ3rB^(%PaBDKc@omZ+1|^5e*sW%
zA(NRI>+>zN&PQ!t>bI9vg|GkpQ$2k>EKKZO2q0heSNKeR(F<{K-nZ=#nEaO%6zhvW
zrAEEI*~%~BzE562fg;|%&ljtAass4N>Mc%ZqbI&pe-*GNpGL2ar0Nq7AnPIc90KOI
z*K6crfV7bp0GSZ}%>Jk`T@rnMdU^(V_$A|iO2A`JMp`eKm>g+OGJEKjALt?xGy85j
zO^J>&Qb<&kvSamd$?;L*@H2p0@ms7|4KKojWj`_WCC<0^{6(-Zj$3dntXRKcR8~}$
zV^}Ohn{8I0`X4(+*D{{~DQs;1_iWAtp-)eCySH#(4TQO?X-GLyN{fTP(0^bv?c8n^
zW01G9$bYBWezRf5)L-^vEYkh@!s7At5OJ9im?i)m;{J@s{dQ->4Nx1RJlep{&j&Oe
zZr(hmG-_OxqqT_wP|D*r)5hM$N=1b^H!PP>7dM&Hs^2`KccGSLU5p8~za$1iUX0Ez
zq#%{Mo!XyPWZY9K>mEm0u{~5tYb_22HA|cNu25CTK>+P%&Cw`za(cj7g<8FHh$LRf
zSXfqohokEL@B9hdl@Y+N`S=JBtJb5OZOfvkK7mA(v>rCrhxKBFJa!L&O!b9$m-|5j
z>ahFrozK<d;mTvMd+lNK-noUcG6yw3_-;R_v~Cvzojl?bBVtm8Z8fW#aZBRT4YEF=
z-|p`22}bUZ${8w4noM{jGF6fr+ZE`%K)eoy!C9;suwPg2M!=XhbFgw<gxT=o;ggGn
z0B-e2fW|4t-SIX>Bq*-@tX!+Z&1k0r>ou2<{n6az$%cWu8J0V**(*XW=Rwt<ZNg&V
z)H-OF08q2+@`w?61E7IGs+2rwtFK?bI>Qco{3)I-R06@o`S8)HI{*ldHW&+9RmDnx
z=b_UL*8PG3&t{wWMLqsa^f5<^i%WYJ^$Cp|pq{%FFg3w45c1I!#V{C3y<F=#SfrCr
z;;|6?@f?n&Vk>(GfU!DZKn5h9hOVz<t3MPsQU+)%(TI3EJ#25bPE#5k=592a?Uy*>
zY|c)LRCg$ktkDNr^z;tA+PDl3;kf<jXDjS(Cvv58b0i<T7#?GSx0(C#LT%|0;5Yn;
zu1h2w5Lk2~iTa>t`_gzU=*MU-tPxUL^x>~?NbyP(a2L;Mg`BSY<rRHBJ%u<ZsnPUN
z*35{&X<Q5Kv>Fx3wDGC4)aK_m`eYa$=ZYmNI<g3;c%j)k+!8;CWO>slMMrv`kitlJ
zyu066OWLLSwNOuG9^5ai`HkCfyvka!wCY5m=d=Zh+>jh3CLgUP5vp-xL&3!DrTqEM
z^09G1!n-K!7uF7_BwkCKpXfHMZ7(@|zN#m)9J}3jr+uA|O2Atr++$&7u>g(wQG`_&
z!KFYtZNF79z=w&9p4wW+pjP*LD8*<`j^KlrDmJzP5<xIUEHeU^IR-ijiur*EJ`Iui
z)<bZDP5hSm{V(Jq-q)u92!)Er&MeiHK<PODUIco@BDh-`V2C%iRLu6{$MbbvU7TWv
z$A=f1K~5(_dSbM8{w#5j0g;pkx{oG)%E;`zG6dX!qm((H+&6>KrskV-G%=0O8v$rM
z3G@Qz0P?b2VTaGZ6IZH4_9W}|Vg&X%Z*V!I$G?3d2>y(JhnX4^zT87(r5E4w13j!{
zrEaa?ODF`7$D^(ejgbGH8$WYBE`Cv3xjvcftkv2NQKe`4a%R{lII293Y)qE?Dp;lu
z6>Gs$=2r8t3j$fI3jLmT+*NHfVcZ(NwO+CxCP5dk_MQbr7E76~W?~qzRbhe$89t^n
zZ1Xf$n|}f#8L3jD$YCMIk~{#}V%Q&R4(4qJn9YM=o#Jvs#7L{t_B^yCb!Ke_@l0@F
z`!HgGfX8ChS~}$R9=bDh4i@y<OJVrZ^)lO4QL}>xBVzOoL$Zyb+r)7r?en5Ad8?#X
zJ3Db!XP6ucmK$tL4bQBY$#i99%TadBm>7z6@QkFupyA{$v75uHs1r#<c|}Esn;I11
z-dhn+N}}O|W5XmM9`DP<=P(zId(PMX^(h&!vWQ4_QVcuuNHU*6nD!8e^8K5@{<jrN
zDUe!WCR5~p8byC3VI+q}A+yV3Va5j3)i>Wtn;j=U@y6aYv6raZbL`ffvFfWzAZ5jK
zn3U4Wa}*xwBpFk?W3kUe#FYcsmT6>V@s2U@m+7P(R(I=hkNxwWpDoL=dR7SSm<>{5
zzA}~~;kn6L`LDm0=5&7`tChS{O6(1Nk4WK=&jrr<Ue`=jQvPY#z4h%~@o!4Y54aK-
zz|s=@+$7EnK^ss}J>MPdUHhjAGK$K3)n<y6>bVKVNM2L87#qZ2DQzrRfwb1h@vXB)
zwku?po`IWeE=%yt0cm@=9A`(T$w}m<{T^M|Qbzn*UId;AW#W!stE?QEcBITR1SI8!
ztCJiIPGX3>Kha?M{Pc-RNZyUE*=&7O!ok`{ux*=Y7~aa(HA;knxWpJp-wzKYN^7(|
zor(5fsyUP<@3SD6J2EMUA<Ml*LYdmQZ${WJg3F_iCN}IIj%0Dtv{S0uf_@3CmItz;
zqWVd_^$N7$CilnZq2(J?^^?hz+HhsIvq&+7LfxgDC=oQ*P>4}Es}(RW!?-@iHH!vk
z2aLhzv5<GnXltnSFpq<jb!_TO%1PIz(p@eOlPI12^2}Cc18X1e%#(Tr`Nrp-0Wk71
zro;Z^+#rX3h*Kmy|KZEl+yIz97Xcfy&JZZ71y~GRm!ahEYP2@=&CBVXzM9;QBPEAH
zKY`G;l+5-Vivew0#T&82h+G)l7@$L-p3t`*sKAbwqDdDqT+f!+F(Wgu9j1z9l>{e*
zwzy!mE3IRX<>yi|&n2uLMz?C+Y!1sJbr;{#Qr%^&hx3?!)egh;USz(sv9Ym|OyC|$
z%1KFK-fvEmuXQ?Ul<V*K7GR)YZ(kG`Rjn!yCn5i5j#@ee{09&}J+srtoc&j|lMQmE
zytYZ;7IJ4i;x&rYnx|tqInV(m`-1%eBmf8u#)7h+lnl^aGUP|s^|ib(sZp38^r^4c
zDfKemT3x0#<7SzW<sOz;HSN3{7SqI9KSs9SD@<VHLABnwgK(4@(1NRUENd5xAXTpb
zV83B~y``lvkOI{fXjkPGz!ieYa@)}5QdSzQR%d9G)Z4b|gAzAB!BAOWEiDRB__Qm@
zIE|O{r%l)o$utN{^>A>oNamxiW-{{~KrwVx2s07!eX1a2-u$5VjRXwzho^OCFH_cZ
zvw`LWsJ&FJ`iWveBi@=vOolSNZNjS6<g=8BFnk#cB6F75v=gf>gMi8%`>e5<c!btg
zTH#*mV-^QMvCqc2V<WN*$!4jvSoDXrT0H1yBPcued&hKaCjdIesljR@7Kj=McmObV
z{77Qu>Vhs){oY|QIO*w;V#Dj;<pzTC-Aft!PXa4tfCSyX#H87R!@JbE-*jlwcxirN
z1ot^MiUw*|qWVP%uT*Of3^A_1bn92$+qcH99NVyXM}AjOKo}M?(iW=F7rBYke6$~1
z*ORnS4T2p=WXjj?W5q~g?3k#yEqeFW_yr8tP95)>kjZ(;uH9a2$CqQkWs?$=5A0We
zN$Q=kGIj14X+f|Gs=?zqOnSLkbiLM_8`*sO#_;S8<7>AhEQJRavs1B2qi!EecKbaY
z{5!gDn&NC{I#ZhSRI6a<oIRp+V=+>j7&XxVa6RAz)6&tgEkq6QYZ?swa%{O?TA*)&
z1isB(&zZDmQr_>WU;gH_#6R2G2v@ngE{gF2<!yXKsZ*xvAj%Hnu%7C(q3C1lgBw(q
zs?5yMD_Dpc-@U5L^qVxwcjNpUReSen3+n-H^-Lq?Ee#Fa1lO(0LvWr6l+3nc)V1u)
z%m+X24g^|))<*}h;qNOH1A|5F9W*3DPV0!<tRku*d+YcKYq%^-1lOF4uKUx&ACpD;
zJWWNkcj1S{`qiYtuJDZ)Q+?btJPS2Y|4b9D#{G^TX_WH=CitK9sjCz;AmGIcJ0K|A
zipvZJCI7-Cf&+oV$OS&f;#l4s7?wn$N&lMn$a?MmZAng!Z}I!RpL8;BVBNu@X}N7G
zS^|pa-(+RQ)xQ+;Q{;ZZ!%Kh)WNp#O-$`He`ZG`FKJ&oi(yosGf?1?v=y!Qb(M`Ja
z`&I|g=`J=kZEr(8b|EOO>2_(-KOAcUZjP6YY=NYADJ^m)vy!^@j)hxEVPvvp*i!~t
zR#eXh4Uhabi(?cuF&1h}Mxd-Rpv312VcSvm=!n%yg<7!WYqJb!&hcDv##B_1Kvn`R
zP%+&X$+Uv3vlY`5k{G@!MRu)CK@ZFOl?+hhrP3(xFu-<oVm>rt4)qk4K6%@L&Pe`G
zNPR~v){~YZ&ifVyKD(OFEqwry7r`3->(S*x`9ppi^#>4!OIrQeNt<eP=S!8RjhpR`
z@xwn`H|qMtS6(A4_oXz$ADRVipLTsSCN8AHne^RvUUx(Je@h@C_TQ2_y+Z>u^wjk(
zN6T%QVp0E){n4>8zXF~%cTya88}b1EpMfQFwLR8+dpXv5?}tY956dt37L0Mh|Kz%7
zB4y2X^5C@yuq^h6W9~~^2Rn)-dU`8eHUO3mpyfsn?VV(p1sUEZ9OfO6t;H^WFEP6v
zzU}c%lQGiDqu=NF+>{J0t$$jKm$oLAQQpUH44j_t$eohi01OB5?=9IMyqAB8rR?YV
zNWkMntl60Kw(dgJokvug)@S=zR&4kD7FXw7MtdJRx~K6R{xUM1x0&`qibX@c{pPNu
zfZkzgtueKi<FEvR;IPAHxK=UMt7+RCw4;dRw4vZT;tsGL+HABvahts-a-HCm<{ul=
zDcdCGyhd8{^}}^LilyW$R&bMZTfjazL-4K5;gUowrTvkB>2V&?7SxI7Z28`A&Dlh|
z)PtPSXZ_{pH)Ub(zI{2hHY(9*p-|`r8D((v!~yVBm!`vk&LMzN=+diMfRh^yuO0Xh
zI+0`yl2AxNL6ovB(x6w2=lX-HcL0Au+cIky|7pek$PXWVuAC|)mv+n>AcFu5e)N<L
zA0aIHr>CXe&972*5RwaPc}|Z0PJvxspW@2pdoDL)ClQ~4l9f>=P-mJF&n3b3vc-1i
z<lNN}kEOSybXxOl_2mz^aGvML#8~zIVS$0UL&~%HCd7BtW&q%q8qH-l4fjCEu3u5A
zG3Q|O#o*6!m1nycZUFrd0J7&X`{L?tPdoS{Wh-I?Nqo(JRm&@4D2YKW-d}XBDP}G9
zQ>}4Gxh~jU5kLWl#*o=b^{~Hsk7OCy#1^T|6d%bfW>V#7i@ejbn6G5W1f28iPwyyb
zs8egj!K%%Pbw{h{`&RAegv|3aD^<Qh5+>;oz8f?YpMu^zo3IDKkK?SSen9aRsR{;w
zDMY;hq1ssN|K6#KD^hadVZpZ({z)W2-{TjP5Dv(E*Yr0>di(W<3?NYFdrBOXqvLY9
zb|NsZ^ExZ3bShUGgvxKz8L(J-9&8(hEz(TNcj)SsFFKw$9aETRHb6m2r8LW^`o`?N
z0@4%7;h+nGBHs}5Mc8kD^Z>`d3W%gvtKq((TZ_iCK@vs&!X=Jwz12j)3FL;1pnA=n
zk*;^8`K4ujs`GhAPsA8NH8NKo%?8k<z9PH%(uGFMBmQMyJIK>owh<tgnz>ZkWHMO(
zFjN$_@@X%AuTU+sjp@pMR)y7O_`HxmHIp*u-BMySEGq`6fUc$>5W}0}_a@HUnMOns
zdIge$&mi0IXCOhmIg9wRoB1ZDOhC+|0S4USC=q8l>ts<EfuUHgsPaS<Hg`QC+YXGq
z1^l|_ARBT5elQ3w9P9OGdQ-AA^qG1W_aiP1fF9MIv}v_$q@$xj;pL$qq-C%nCw^tc
zNye9FV4FQEX#4!d&~^Oz>StC<o!CSH`Ao)TQId>=60MOr>O{{uLpHJx+}k|n7n|G2
z3IJPid3cX#mBgx(XTH)*jJRH{JtR8FVGp<VC*x?oGdCcq=71~^>u1gGId7IAvD1ju
z99O*h{%bSMr;$OEna^egaIUm7oMm_?tP>;CFiZ7Be{oN5QUd#w7TdX`ObdwU&KJB8
zz)af9+0dKgc_AhBJ>Uc_W<m*!fMN32e1A4r(UabA6r2<>^4*ZTE{mp5N2N)q7E{8A
zbnA64>)&(nj2UGx^n3<4xt-Y;Q))Da{)}8r_8Bnbp1}mXEQfrH72s)p9=)2(4dAWr
zFuNt<Y#0J)`Is@&#8<eKMT14N09Lbwkrx2*3qD+SR{}<0ai3pUitfos{beivMKY7c
ziO)F=HgsfFHl8tzIF6XpI{C>+Bjf1ialu!E>Qw|R{Vw)_NWPLJG=|6&3H%1KoHdk@
z{1oRmoZy$b!){JmLiX$DT$QVDzkc$s(D6xWRJvUsOGzPH>_u+NL)UZs{(XM}q#1g`
zhJIOeEpb4Re%sD2gMmY@3dWr;sLR6a@ysqXWIg<dB+X&IRIk^QdVDtWGao(7`s~z5
z5<p8hqT5yRofj6n-T@e#a0crMFiD%6tyEt=JM8ZVSX#ERsu!|0<w}oB0fv7eVGh$d
zLB`<Df`U)Cl3gX6ChYO7vljP^Hpv1s*U@;@(`kK7%<n^$_^?}-C-CaZQHO{(4h79M
zIDIL}P_HUaUHA@KCl&$zJl8mOvK4)!Jt9haya=M|OofO)s&@`df;j=WKb4?c;tA*=
zi$;+@+sOJ1x<mVHV32V~M3}v0rH`fTJ_?yl?x1r{K$f&Dm}U;4j<UL2Y|-e>^7r>x
z#;Y)bG@-<gB<sWGFNq^hYq%i4wUJ0cg}=BSTX1s%#srMQx`zc&O=A}l=7y_4*h}QW
zfQS(r#dc2Q-1EoW5&!y6q%Do{E>Aca_9BMTT#mqzuXgo_53n+RuA7e^T|rUiE7hgL
z;nL*s_!vYnwjq+C%aTK_VNs#*u)nSN`OHvT+-S}_T3JbS)*Kusp^e8z+6Daz(X&ae
zb%gJJA4?50nuz%dj8@`AFou}4q+Xl*U0u_TwbN2On|mKHYkRoMiUF?=FGe5bl>S4A
z_y3mf{(q@b{15pg+0OTU>7k>Ww6n%L;)eHjcK0Jyx;orI8+*SM_v>mR+3_4dE%o%L
zWzQjh5(!4wMwU<(?-)ypJ%Q9@J0H}=R3@h4L!Y7%fX2leLaTBLnFyaM<DV5}OK1dE
z{P)eMcDTnAOS)~npB(-prN-^D*wjOIUOg4%LrT`(7n6qf6X;K{@)vILnTTmyw!aVb
zkL?98vckf`B&yOBmvKtTgmOS3kTZ~RA|%6k-hvZ)MQo3Ce$$dD=p0CSce>MTTaqE(
zV(e<1J;1GE9KzuGug4n-@*?@<NG6?~{8?!N92M2fTJ~M{J9l!1ZCA_6f3yAAj(@sm
z;<uEvHE>x@QM&7hH|134`i^@=lO-#Ebx#tait$t7^3XOnvHa8X*IbC*=KvQr|BaGn
zBXEkvz&L1fl;ZaHy1vo6#8dUFFhzq?g4ypcGGUj*yyrJMykx4xHMchm#BOa<4##;J
z>)LlH#8}n0ySIlB-y)5cdUd}efB#!8^VF{X`pcgSmjVa=WuXaI`)FboE7f7)A5PZ{
zG)t9Rx_DK?DSb=!3*-wE+?|{+o3hoCPhC)CYJMF}BulVuicDSC(n!+^Ivb-29HsvG
zBz5lq$1A=P+UR<DrQ$QsJxR3Y=KN=IA~^`_R<58zYKoV>v(mN?Q0RSu$|q16e?2P*
zI`SzwbYk7j-O{vj9G>u-G44M#`4m{lEFC-OHgbn@^H@t2S2G>GrGT?iO6~L`U;IhY
z#P53ARcjbE!5}7Xl#dtYZnDruFrZM}LwsGSdc@}P@D898Vo4*0G0;2DTGw>!gPIb(
zqC4nhFibY7H!owEVT#4wW_Z5`&`&-Q+^h_#Lk-}*VwU8$si!yu9rJdD_)dS740&ue
zyU64jOH^XrQG|wnOh;0?>eDHGoIq484wtVD6Xo!EGOyhi{XXn;%FymVniuCrH!&tk
zL3KEEs^ECQWzGlC1G=oV0oXJ>AL8mmiHiWykaF2%)^Trnlyn;Z(9l57S>Z6>u^NH6
z`y%ir!eP2hWS)?yRA`0%DRgjix`^?CPJNl$_I}RDX6(1SaH_G+5~otds+=P3ActJ}
zsrp7TWrk)~<ua=J@=p5|>q*}=YBi8cG>ijQ%E>xF#J9{(rkw$!PB`O#H&}eV(H+R@
zVAfCFQp#I>s@(tA#t`-ANDaoqDvo~tc=iU53wrr;&HK7ZC$3Bk<Dkj*+pg*2%EKs*
z!;uGh^1{h-kLG#++s!7&(%^RjHgn@TJ!9>$=oO`YpnH?~6;hSjGb87Y=FE2bkNPjA
z+GXXGzgank(gZuTXIecD7-?T0&NJBePhZxEjV1ca;<=gYPj?r%sU&SA$X`b=e5VOx
zDCy_yzM$P?5};8Yg()+|y2X@U0#m_BWYz7iOI5y08Y%x{(LN7l+?`2{E`SHJ>$J3G
zHti@aq6yq42JZu#P&!$R0f&(4=z(e5+r}YB$2Vbta*y|Onbk|Og$5L_V$MdQP?C(7
z<gxDL)Wa_%wKYaNHL!U<V-Rcf+@EXQR4PfQO;S3#2_GO8^Y9dxR6J$`WCuYRIVcOB
zdRqgVXXLlF02c5z?WU$-j`&N{?od`v&SrIV?8cA`A-&nXsGz`lXF;qO@JT)1G)eR~
znzNOch^JiUJT{z^rWwzf`abEV=gmke&fE2_sJYP{kIsft>twKHQj`{IP|FsEa$+S?
zz{y&enrN8eOCV<bTJ~q8Pud*0q*V0GqDYjRJm3=nm$(h2eN0xBJ`cQ?OUtHxngX3=
zzN?w$Bqw+iyFZ}TM#&kJu2c=ZG(S0I)0dde5BS57(`Z|Uw_tZguXY=0mEdH*J8m+1
zY<0kMU*@EGz#aB=exL^sEF|R_124zKo3}Z$6a6|Ukgx)jBVHF<TaRn+aR<<TWBAg1
zPo5QPIjmaecO}6CUBaW)P9*GMzp!u=x~_c0-#F0dv!96nIM0luD-x&tG`C-TxRrX7
zu?58u8H)w<b+WQX-wdZSCOQ|JTuUjX64-knIxlEu%x#fxA94vhB35i)<8dwDMik&>
zIoKQ~A>lzxlRmyL4Uj&{Zk#lBKMjX8*g8>NV*YZnwyH#tNpYz(Y-c!#s6;(LnJVBh
z=!hWZYN%t2sU}`Yq>R-6;1)xzxY?&yZICr3&Gh=r1kJREOFaAa)0~Z5t$6|Ro|?<b
z3AhWAnMNp~E$-(v0ywKD73_CKMe<M}fv<+N>;BnToF~X%UI!-i5)(EbqMD%Wkjm?{
zj;aj1viiR7J?0258qsSJrzJRl{J;)QL;I@8x$b_&+c#;;NaFMGNLM~(`tL=IHH;EU
z`M<bO{aqQ!|F5o$E1QqBUuvSOJPT`3-LIto_jNGvKA(0=d?p&({r))3u<xJM^8fAl
zKL3+<guBO?8=l(#B8n5|e?)QmpT#O>=3@MBLoE4xQ<d;ydJQ=$?X4`Mjf0t>tb66T
zDDaOuSiR8d-+DxpUg+EMnR}a<#YJT#$6gAF_>Aqk9-F6DJuNh{P=<1_sEvO5AqK{<
zcH+7GHmnFk;qc`OL2Gm(Z;>JHEm)}}nVmR=PLWE!Qncm}-6+4~^X>&ftV6`7A(OWk
z57E3f^u_^$M$5hu=;!1L>F9}T1IO|rmLHfj$L`*n|7k&rLNc(rAkUPN@$!_NXftml
zhB?NLece>b!1=U&7Iey+#XUnDZVyB~y`#lcZb|Pkz6@8FNvRvs3(UfkHbBy01@k_)
zCdjsNneFB&!kC3iz#xYm$)K)uMuq)?t!L{JRRu+U;^7`u>yakK3gdgZ{$l8~k9n!-
za#`RxSA=iSf6>tY(a!&hmL;QQpoh%xP0z-{&RR#$hJ=@wLB`rbM^4X{M3q4XBuc{Y
zUC+^$ghAX4xKQYyPvL()#nq7+L>z6!<ZQKU^`3qz#zMjZJmDKMgBTmhQ~c>~{QSra
zO48cKdOEgG7br0^k^slwOO%+INPy#?i$pEV|6U==O2YcD|BJGdu>W($LGl#l3%IQ)
zC&`nkJe_foaQ$<}#7F`h|N54Ri3B+QIcFweV*d9z3klOdMH6LWB>|3qu3;l#`dd)o
zj!f(%!12%b93)KtekKzq32^-LJr@bn-{<lJf5;4AJzXO$Aqz(m)u#fmak0{Kv2k&+
zlW?*!(Q`3zad84IBn;F{&)n9Ag!!Ms$k|%k>DbC>S^xc(5t-p%rzFh(-1w>6EVPZ0
znV$;$bOJQo|4+TeO2YiNrJm~gU-Z!bQp^9ZwB$cs_Mcml>3`gkPu=?eK}-I3*3Ln~
z{MU;9tM>bUVnP3y;eW0-^Z&TsPZssx)!XLDChdUX#)8ZsVWewAqWae`N&ec~HxlN*
zV?Z4!@;`RS@?_ip=`O-rwpykZ22am5049z9qv5hVjlh3?AgO0=U~34BN_I|GPQZwa
zOl|e7Nf<;;fhhx|r(>ZDOh5m+1{kc2Tpa)H{NC(><fz&;1sj~&6{*?hJRuTa*6yjO
zUih~DA+o4&Xc~$F7eS%i_*<!hBFMYKb@Z*_uYElukMY=QPObboqdApV?$?G!w?HQQ
z$Zuc8IpEYuVD2TRes8x=T}K}8SQ;Fbx&90$B(NC77SfOgzcu#6C(Jjak2nuXM%zPg
zkNUjC5+iM}lcr<gdB+#d;mh(1@4L?psXM_b-`X|YV|OP#mJkT#<18;>pWjrm7x^ou
zm{uHVF=6;l5_Vz!H`k#%2})Zz?Ktt_j||?ph}t_oJK5xXEucJ@nfLD0$(Nk-Piyx`
z{z8PWb$H(gHc_~)xvnw@T}N=feJ}ML2mRfk%ta52&$uI%8S<&3aFT6by{pHxr{?Fp
zz1&uYY@4;wIGFm``{+`iyMqK7BVP#Lo}G8YLHHko44+XhoV#dLr_q_-5ntx9jnsp1
zMYZRU)4|`TJ~5nuWUM#r6ap;xDc2pBBR(){LEr21K~wWB9-1uy@~X2}Laf}bL~V*B
z2+@#W&Q}xwLUgj%E5$05s{I@T@@bHEa4W(Y9u9*}7^?DR;28a(02RU4o<_&BfRMh4
zUYdaN4GY;-Z!X)tpT{`Js}Q@pIeR?kYoUU|Cmc&Wc+ltO6wB(-5@GzG50q*>tIh_>
zD6Xq?0?<>P_rdheKO6iv)phdF?9%VIokyFA@8PIrSR4nE9I1X2e`d(k%n-)}jgYW3
z;Ny=9>WX}dZsU<bbAt~dc?W^#drpBZ^G5e#TjI;JY$D}r`ccu*B|{|0v*nopdlCV|
z`qvPrO*~r^XZ+?C>%D%SFTV6}0g8%lA)syE)pvQQ7oNi(65E79TAOEvRFe*T&M)ub
zEL7$K*vYuw3v*)%TSW^hpKG?d5Htt6dGe%l2!DBfu^oY?9#|qY^GoEMU~A3hc<8(!
z=IZM^r(f{m9~~&pxAe|c&kYuTrge^#+7|IXgOST{d?PdSamQ%DTM9JKboNa3bHpU<
zpx@85oA^xwIPLWNk!YeR$YmngQbzZtLq?<a#(-Ro{w>}rw<oV)t9Y(N{QhZFRaL0A
z*c}bl&#NL)Vaw0Q5DrF!B}zZf{6szad@1Dm{{AhkrcWahsuht{^7Lo93Bus(n33Ye
z+SAT{v>zbcyf^y-&#m5J$siGaj{EFV3PSsJl#$l1bdQwMN;}v!H0q0ZymxiE`T@1`
znW2kEY$jpWl9<?e(sn6}Ju`pHUC3r8O?ixof`;0)YFC`nk6SlZWLYG;eW5qMg`Q(R
zSIzzOaH3~R%<WBtu+SW+AzYe?VTfnp>lUg__hy~>;k_FIahp5ED^H2z^x^00XPt_q
z{2~OT8rjuj+(!4TNC&j@)m5eAhv}MK{){l@5`6;ghg7>CTulVZshZ2RceDMS{dP2$
zMZECE=$}pUnApfL&Zj*V89gWR)XFae`{UC2E;A8H`Ck@0WAgcieqM0%3H2I*ytL0N
znEeG$OWOU3*VjRar>Fc)((%h0Eso$Yv|FoJR3~n(^bZWK7@bKc#iL<}B>cg|T@34S
zC(<NDT}MK9G;JhGAe1riIl8enTn3u9|0@hDGC^H`hR=5hR>UXI%0a?aDXe^SFRdbA
zm<RIn(uOTr_bJPw45K5z-2L3VAKu@8yk|H^!&UQ*U(<3-pp(S1Nd@R3H-$huhCMc0
zT+=(c?TLKSU~GSr0QYnoq!)vgM{RJ&a9Z9GvtdU)wO-lKH*Pe3S2q5}{_p&!-ZDJH
zH}|Q7VlxGnJ9@NteIb>~F4M#OC~8ir={p6lC%m&0$jYyGuQJru;MJzc2yV_Ut<7ze
zX#Hb$xNm4-VrH~lRc<7#^P(0SDyJ%^-lflkXZzkGB7A@PXpI4OpqzDShaV#R9m@04
zdz9LnFUXZ-M}WGrcSR0;!~NSg)X0fk@d8DPDJlx4I04^oUvJlnq?W75lB5=IuQvj#
z4BHJa?z(iaO!HT1KE=OKBKZmDT0v2=!2l$=vz8Sg7Wi^F=F#9cHHj?n;icG%foYjQ
zoH0j3_a^vvUp>`K_ogF)ikBLY!=@#C$%5?t(k81>UV4zOkrAOeNYiDQA86mNs#p~e
z5Q9?O@?5^er_YDc7l+u2(W`&U%m-v)DLa~3K5#*uL<OO~ZCzXDOWHQq9CXA6Gw4op
z)Po`!io}6LlU_#jY$f`aGWDZ+;YpS!f^=50tu6ix$VKcK<FF|WP@{NY1y!GB(eAW;
z4;tm=&!LD3_d4*BsJ)-9hluVavAKM$0<&<tpX%@u{j*G7-YmRvnH_t<f%?K73kJ39
zmecQGk;4QIk`&9-DwG`KU3Nhhoa?o(6icHD6m~(M#@fo>b&|YfJZCOfVuSu6alnsO
z(LJ|ryhdCRW0YCyS-$^3Q6;JcvtALy%<?_U5_{&3%J7S>J%Hl7-X(GSRgecoll9oU
zaXbFkJlF^Ol|PrH>xG37vq@P<UbZVdPcIgN5~&pDc89o!yN_aW_0F7aFs`02e?<=7
zZu|MFVdIo)^$>=FJ>>z5VtoI~^aY<+G?BB&NZT{RFC|7_6j*<HVvu~ml=>NPv+w5T
ze!{DMo1ud9Eb8YYuihmCKfJ>0m!FNdbtOob(hQYN&KRql3~8Q?6=36RKg06yLR7R_
z^6bieLu4xOWyovl?wx2Z#-xci#dq0fB^BNym5NG#>`>;Zg=*6QjRNv^`X{EknVVyJ
z(!Q3Ovh(jK1L@V{fj*m$VYEe8(zLv%#LAB6m2^ek>|x)q749D^k89*;Uk^mCuXI<A
zW|!f2A6u<wxD(Md%KO7yZer4c%Y=)21nzEoU02V08}uM(;%e3t(jz6rF2o#VG}omE
zoSBgiS22eMv6rs4SbuztNp%aQ4!K??KYzQy%~?CX%FFoh%me&->m96s=WU8!#xG-p
zB~T{1nY?5yQl^6a)DgV1!N6+z#Z~-fXMD_UTfC2p_UnW9JWSnuZ#V*!rb!HE;o^QW
zwVbaB;9@*FS_Z%>!<>J0r<FE^q<K%MqVCFB{4g!fUt{H{Ew6o7T%DW?pUt39r6Q%&
zmv=~4HDE1CmUBt{o1B^2)Me1TNtuWKoe|qQ_NTEx&_;R$^b|#?(_eVOp+NO*h`z~(
zSCXUKlV{Imy%uouVul@GT8O~8_WVlv<*BeId#Fk`x~Q&GC!2lKq~~ZUaH$-CJ7CG-
z##GS+Nko6_;Z@4E+QdD0tAmyd&yh(prGB}(GV_oV0HeKOx<Snl5BL1FK1w+^sLIZ=
zYd+UW`i7MregF1)3UNO6)if!;wC(RJrbEP@(Gs1;bm9#ZV~X9P1Ct%IU7bt&b1Rn}
zNb;63ybwMTyuKZr_T-BKqhdLdrswAJ2a@nPY^`Q*g*I!jhkINcGMD&5P*3SV4mct8
z<@rugMG@TZ%U%i2#6l4cxBY`>)3ElN_Da+}=`Yrk(t-|?Royn`MhH1Kl4CSD)5Vu>
z-<7Dk{n>44a{7@_em^3e=ICa1-FBPSDJscp?aA%aih)`jXN5iQZM{2vofDMg56y|7
z%z$-b-iFZ6ujDFO*m5+tDYwsc;O8X99@p<8NYRC)S8_1V7R_Vh%6Zm!ccD#BTdO3g
z5_M3NJ<Ob#S8cJa(whkL))ba2>p4Bnie25e2?pQ__OP3o8qQBP$)?W+V4<Eu59ui-
z#%RcM%51heBj9Z$+>;6s{}|&v7oGBpiY-159U6=vIiS%tqN?4HEjZvwKVV=c%Oj-A
zr*gr!daq}t{en(NP4!Xm9uaIS%2#Qm1F^t>gfG2J4O3MqG_eG;h4{`J(iNi?)3Hs(
zx0!0^?Be1lnOn$_3%bx9eD2UG4tr<n*ek@?kV2S2E>=%W;5TNrV3n1P+T=D<j<Ahv
zZup(8;A7`K|K%+$LhZp^|E$Ak{k{e^qG)|VLyfPjwA^Ze3a$z_j=BGPjYC`qQ;6YZ
zXhpf_E_YDhd<BN$Vp=QQPOl*gxa@@i(^>2y1<}}Q`gvH~;`K_41{AlYuIH1{0OY(-
zzX?t3u<53|ciVJI^|Hme<6wY+A&rF~PyK;VFQK(R&FC!n123XRCJ{?@Y8#mnUy?I|
z(x>T{G<{zyaFqU(9hpK(a&weN$H#*Wg%-Out5`AcjRP(bC)Eks<mBrLzE){<yc;gu
zTfobB@q)nIn1$R<g80ydAT^4@-%Bh!JdgVWy4Ryufc@i^SfSjr*W~lfnFkm5Kj;qw
z>{RnVN>o?766X+~yXZzqa%Y5F<i7@j&)VWYTLcn0zO$8&^&u9h+pBny*{J!a$}&JT
z7Fxx#N2G9kquF>ju=1gn^U`#Hwx!|jkV{MOs8*kNB%2`aM~2x#^&ee*!gdzr839`{
z_TRV)sKJ!x5bbN6oMJQW-Fo8GIXq1RZ!Oqan_kbP!`QCTqJj!db2&6(Vc6sk+Bm|_
z3rQ@nh$2&uqmHX|b?!Cuyx#eX{h&hn-)c$@TK7JS1CDVg7U@f$TLNw5m*g)Ltt?iT
zT93x8Z0%kK4e4iWfs+`=#^DrAXmV;Npnbn<W^Cs7ZVKUL1o_<MXvTzuhwSRS=j2`4
zqo_?^wiWE|dWe4PGtD;h^lJGj>!->g&$2`3Iw<O0R<DQTGFdHeEQpoVU0Rx1-pD2o
zVk_tvAqx%}C44XI(*WvOP?1hH{H4E)OZ!vDY*LMvX*yj6KU^QH`olCT8uJgZcU3kV
z0u6cgw`!UES40yclM!fg{%~o3m|+4eFsDP@ARYv9!u@Bf-E{~$@g13ECFb2GXUfY|
z?Vj9{bV@_`Ob7isN3?!sHGEfxZcVfcTD&JS=}q}#HtS|Q7A8sP7Nonct^>%a9>!JK
z?oH;)(Sm%&c9%8m&t&d@PaCul8%A+VF}rA$P1~2<mw8S7B0ATrKEJkiMRW;ho`n6l
zU6~6;x6e$6Hs`h&c%?Vjw=`P4kmY;*0DjxCw8UqcbKCc3u^hxmyuUGtYWh<?**>on
zrzvh8@L2S^47CcARrLBQQY_1ubgSBE2uS;#QtqS#sZzv`%=Yvy#~R`@>k6>UgQc`F
z%jXNlPHq~SFYeC9%$ph!?_6xNJQ}m5N4pkhTb0z;YCgWa({~oecz!sv@9XnT`+6e8
z-Ek{)b0sQr6T-rMKsy$e)Z#U==w7nqa%LgLo3@n(p&%%&b-!rUpYwB9%ag}4j2p?D
zgBZ9$<}Nok9Y%;Y%rZ^KgWujem5B?y|ICmlH%51+N<S}Dc&h<+fv}Y<E6zAUR9zr6
z=7hUhNHQ+&?r7?x!-q%a4bXbR>ebj^Im0>JDm10J1=$V~Y{j{yLC{~J>MIVKGnVf6
zjEzQKWj1G956{`hMu>3Jt7|X|C<{>XMwZ3S>CmUp-msq{Y_s;qd#TO@U$-4@^n``A
zasRYG$aoiMAMCO}JD->jhxlEVdehhc_QBkBf2pl)%9c)o4kMGQxaOA&u7e`2I9*7E
z?^kSgG`yHhB+Ij9s{>l~p~%`UVkI{NL-J*}Ush2{i>6IKu9XMm7z7OD4jzs*)(4jZ
zpR;W2LpNvM%<|mEi4}KkLNoLd%5^62F6rF8ZX(g;rgfpHWjK8KQcV=C0IBm{U(5t-
z)AKo`Ky+p8z~8P(27cuC6dPN6Hw+fKTTtN9J(R@5QLETdAJ}1BTAZ(qk=K|oJqgXv
ztjvuok0?HTYiqt=dSEd-xiUR5qH}o(oA@kffS4IFv&`OVrbM=lW<EEFQKDikvC=@1
z&m}>Zas(ZK;Fw+=Hu8YXR!qF)z-O}o`o`L&NQ_F0g4~jl2oB)`M5^j~0_;DquuZ+^
z9Q)l+#L|8He`B(`59h7;m9~|x8Jt{HsvPVG933uLtvmJvV7zlPPna1%S`?N0)13ez
zeu&YS>LD6&t#Z)EksL8Tg`2-19v&aL*+z8eeOcXXlG;1_rlwF(bu4X?LT4dtA%Kn$
z%|T${BC{k@-F=U9xhuoLY=3^XxjM5pXsiudcord*v8=WLt#0w7F|^n{Dmelc4ZSH_
z2Rl?&dwb7|25xTWA2URUHJAH4T%`u(e#;YbjatGyCUpU;Gq74T+j1W6#s(fn;ZX^j
zTK!2l+VsV5N=rPg#ks-M1b4G^G%lBKWF<D=qNrZ)nqLeC+>gje5HYSkIF+rr9pV}*
zUC49xr!U1!rCZ6Nq|7Z2Z0ne3I59T+Y_`Q1xj*dchl<YBR)wHmW$k27@^|YN(}%=Y
zbH4<w?U$+>@vYSAT{m5uB@!?>8$N{mIqF`S)m|#U8?_#wRpvb5JuzLm>hNP*D()C4
z!Z>+<?^LDj+*DxEYjZwOTbpv#sMNbpv4uB~Fh@9rwIH#I=@QHo<~z!M&SJN9^T2bf
zx&H_~2CrF>V(9r^qH1!xZX7RpUA`7zzS=&P@DlS)lY4MIHs~n*v}foAh|@S4x7Zq*
z8#1>7eTVM!T?~4*XyCuiF76DSm(YDfcVrQUhAeYV{@kn}ovukyt$AhKu$|FOx2wO{
z1WNbo7PZry3#_F_zZ#vjFS|O_iEg7AK`ARDTA0fFR&37WXf`ir&{mzLy^QTspqckJ
z6h<m9uqcYK2~pxID@KzK1^>|FWc}ugP^vCK?+G~HC<nkp!K&(S*qQfEu;Htr_UOn?
znMGE*2d4GtSDnY956kw-X5=GWnEUH6=Kqbow}7gv$+kv=y9bxxZU>j(?(P=c-QC?S
zKyY`51PHFdHMm32;4UHWknX;nufO~~(*5rJ?|WnPID^62b#~RRy{dMtS+mxxy#W%i
zp2(VRk(#nPqKKG!y?oV!wl;Rstn7JgJf|(g-Mcm)>3WPsZWa*TXx$jaMVzZS|1^oj
z;vfwTeRf^u=+c0oKil>_P>io-YXrpW1fo>W=V&(e4T8T;1Xb~hf5qObgP3?#&TO-F
z-};yug!z8xW0$I6)50She4G<3H&EZOmN*>48UOy%(1Stxd$t+<FE^J~hkLuOvBwAV
zV<&9Zhc%}kE$`qxWyFq>ueOS=6&eRQstEA056o>1CM+cmLp-RO>or;u2P~^hHRueN
zpzh0$7^x559TQBRei33oLg~*XvyykbJcw6_-*LDaw&*T_9Qtr|iJ%31<J~v?)&MKw
zR7$bti-BF&5Aw_=_!R^s)KD;RjS1D2E9If<jR0+LBXg|&kNWTB(+Q(S!ZwrQ0}^#8
zicqom-ze-;WW9J_kp&`0QK<wz`~Hbe2$y{p`vaZ{W7sKrVlDn-^v+~`&xe>(7tR#d
zTT%AwBG!Xdl+S6y5%phW0%l_Fh(z9KeC}VI*eAi-(dWwl7@S{T_23mZb7M~K;i7BS
zZp>*ESG&YDPeSjdXEx6{&(#uzXQQd5Re4Oj?9lVR^ei5&TF$1&dIpUJlin2_??~1&
zPy`tsI-AfRKC(Gv!7^yNdk~aXS*K6a8~2LAxlVRcqfzvBm&>wjq4=->Mf%5?o;osD
zriZUJa$rBtdTCM|)jO$HmX~UfJUV7(EFQ=mf{Wc63FUOC99me+K^H^J4%9g}vd%m#
zPdnAgPQzTOR+rzoa#_mr>@qvmZ4~&njJ<Pa&0y^|-!Ssm?5!;SmL$uS?)^?Su2e@&
z>BC~GZ*F~V)`fYd%GWYEmt*D3tL(}PBY&=$PhT=NwUYTwl~ueoDNJ<`T%%9Noo&oY
zxOFH36%aPiNaISi)Ta4YII^eQ>-c#rEGoVy$?kLjLtcS2`0^<>mnC6FRlSeSXvmLi
zgU~O|^zwL%+`?zdGq~!QPUCE3A6nU1+%}9YE-uO;g3c_}tTy=O0k17OQ+LKU3B!bN
zXu(#caz5^?xF%NBzP0=MW2>n<(r!rX+Ceo0)Rwyik`6-lnW6u8O8(|-G-~0{(h2Cf
zbh{%zn$wO+h@%BBSd59ag0YtGuWPvYMorzmJEwhTnJBH+dy;um*6CBOs&i#@5R40A
zVw&?-vc*Cfrx(%5)wr<<$^c3>-?Ma$Prf67|In5OAmV<o<#d&TnmyWMY0HLh#xUbR
zH{uG~>L2+&P-fMH7lAeN9wW&DohM<ef3}9RBcfC<N*nK8nuL(?x|H*BsW2C)O<yrJ
zQfSadD`P8RR8UZS3FA9-(Tnc=AUh9LtkCfcMidnC^KM~*RC;J;cl{#5k)mMcQz~dv
z$8Iml)ND))li-W+i3Y|bq%IZYkfH8UN-rimkSLg9lVBxzxEb`wOhrAjtTN_=Y*bMU
zhwi<Z490g=EJR|B#G1&WyVTYa1;NvtWfIelc688&MEbPEQH8;^UJ6+0G;oF&-EJl7
z<^W19OJ}RfjX`PkR9NF6suCJ>1Q;b4eQGl4!i_}qB7WZFSU4pSeGkdh7?|l&NwsN5
z&L)hYeRq9wE}9W(vEVc;ugz|0$<)EBbOXuM=uQebY_fE86U@49ZPC=>Y7MiK3_CWG
zj8Vm+ccU_JrbK!{Na}PAYN^@pP<HZ9!{IJ!BdDgkU+<0eKuN=a)+agV#zNGH6Oq#v
z1O?+6A2lZ-d+=l<kBu7#_sJ`(5A_AT={{d>;gjd<_D8!IUZ;_T?cX^PFfYh)^dLby
z#y-(zVK&Wti%#DC<YdPc$98v_YrvFxT14I!UqeI*i%VBGXw>xPs(^0Vpq@&-hJ#$i
z!F|5NmDDV5zGq)}A~((yAA48V)TDnCIpynEg}W`s5u*{)W&ue#X7lu!hSV}KbBvhD
z`P6AxVTrVbHgzElzH&<<>Y9@#Hx8p_BJX$j{Umg8M+;E^U7CGpR8^eXyLVwjV2Y9S
zJIRAiMG(fF_{rwRv-XY-l4?$=D~^SJbEYnmpdz7s$ybGBfoRy}R@6#PAI00oGpLh$
z`rG{Xt%&wXw}?E+<6yZA>GNl5a}p2GeavYwNT-=?!h3fwBD)J{$ZJhm6x!HjAWfM#
zBh9EQJ`Xp(Ppu=wWsPLz4e#EVHj&0IW=OCfdPG|cqNsG0ZIOzpQBPwss>qWt?IK94
zjgcLoMfosmm>iBi8z!9RNYRF-8$O$ulBy)@EquUOv`eB<PJEz9+M^h$phWxDdS7u$
z>m9b-Es0NdgVB)5IRqxvp!#lcQIw6N6~jKhv-l=k3MVF#QAPwIHkEKdytZsdj-4m^
zs(JqEMlwVpL5Cw3Wuw_w*-(3?9lO#^&Ttt;<d4?}gC$tt^$AV3K^d2_y;6wgUSrv^
zUxY+tK4Dy#1@tpE3=<>bCe`murcUL+1<9y}Gp)mg4i?nyu^#l8RCi<HA;pM&lTYDg
zI;KqSrLS*ZpW*&ez{hdK(#xz=U`(G{8=SeIJz0Qy7)_8V%uFwF=!F(9NTu!62Sy*s
zO?HDF0Vy-N^`U<-NLrBkYEfG<U(uL+I02@EMShkHFVM(~X-~PJBKJ&@7>j{gBHxI5
zT}s3n=1XgC$yKn_W_b8^$&4xncb;gpI6FOTx+IR8{HrJp$%45gA}J&HF<XUju}}7e
z;)f1<-Pnc031Njs5>gXyGbiOFzkqlT5&^gx^Y)FXIpXc(3VM_rf~7UK0u=EkEHd6F
z8O?BHMI12Qr|J|>i45IsH!<tYa`Y-C0(U&G+sh{3y0+uDNQOdnSTho!O(ClY@hjsf
zqZ5+S#we#DdsRysVWaYzyl#JVHD}CXjvEy2osmA#5wSO$^=m`P)SW=CM5Pqc9@SDY
z8w~ED_Xb0iuR`m1FOt}^BK8uegelD>_9IR9bvsyh5;=!ZdNQo2aoIVQ_FKiWv$AD9
z@ri7Wx{?}XIV37alBi5Z?Pa)-ktDS@o5qblGu-y8poGq{<VFr6XfpAl5CCxVjWpRa
zSK!FU#$}6IQF@}>htizyz_Jo%Xfo5zi_sPJ*ouSg(e|ArqeaUAa!pEbvr%jWGnS1g
zJ-ta3<*X*;6==Mr)Eq}t5X5x>&Ri%BVx-hslxfpu_(K)M`IHC4?qYAWN#GtT3Iy2d
z+1uYZ%Sn(B#m;f#<0*^?qq6ymABcyL#y3MtASP5jwvtzlKMa6Pz3CRlNi1^D9I;GA
z9lsUQt@hHyquUiVDSFLoOAl)Jm9(;6X;Zp$OX16i4-@7D#&i)xVrUd+x6&X#V`^BC
z;Jw`^DtZo`w98xNZWu?eF$_Dc-PZo5e%j9#%i(FQ=GDxV7xUV=Ny0C$d$$sglVok#
zERD&Oc-O~5y!&%FDP*()V63~XlbRf362?<pLhuQ8h3Bzgns`ji8I|5SNlEVe0pc=U
z$VoI^7t*J&Faktlksv$KPt&B^m2HN$V!viy_ZN3Vw)s?d#GM;cDDu`?5N)eOi(M8L
zj316bM2#tYZ%Um>Va+Q6(9baxP<*PZV>zm)g3s!@Gw+~Vm*Ym~w3auJutbo3#d$Ib
zRjK5o<>atzjId7vN1qbp)V-+f;+B-#u)rCgOnO;3-=LbJ;pf~fa4^*_JtQGYR>NjG
zS|m?@6n(%Nf5ze@TS4j3$4r%IO3qm6T0~J-c9%o6=U`5&ue6+iWO}t)T3RqCSoGDU
za&Dh7>7{@M{r*TQ7)Wt1ejImxyg?V=M)o_^KG2K%coa2dF5WLmA;nkrmLoe6l&v1t
zigJ+Nh!W<#1*uZOXffvv1EtV~${N|@X@snWby68wVK`UJ3X#O=$yfmd5>{i0&`=2P
z+)D*A7^Hh6$fwe=Gs8HoFw|)CX*_m@-nlI>*-(cLlk1Qc(I#NHcjp0Q4z}I}P_S;<
z4PD1@Pur^(leLs6^XW^3ens>ZPGf;I#U~mTBqRZN^x2E?;^Rdb!CeSAdI&1bs?+vs
zgtt>N45IFcvm8?`WdK5FaboUBH!Dib8ixxCdXJ|)dLZSx)Mb;&(KZ!Q8T5q!UzEvK
zl-?_r;!)k|%%%>YO;CYt<Z!Z-!j4<AX4OfT%LO?N=8R@4?n&u~OW+`wWo)>6YLo(!
zw@}o&&{%q-lvGds--v!??^UEe48XOZ4L5E{8mb!Bsw8uq+OIW1kO*B-9}*FF95kS^
zoa%D3($2?^1$XwZn=1SSj!*Etp(_v1b^8lWXk7)-birIM)kn#$B)a1>>2Xc%7Kc^-
zw@Nmd3d!&sV#N)G3sjDz4CyYIt#zOkQZb!ojJdF!itdGdX!VdxJ4x358AQX)3AMrr
zvjx-Z4Af}v9SEza!UK7$z3l9GUwDS}i;hti)XbGw*+loS*nH-8CP*ej6iX!42)feY
z-A5D`cO5ZL5zX)j^^(OHU$Ry`kq%1wD3qn`!DQ}WIdacw$;l+pLSD!=FNtQ8I9yo&
z$!OLNc~*!$!&tg2%xw`kC|lbw<!IH2gPrZ0iDqloG@rAXC5{ln$)qK0G|*w6re`pB
znTM)xQ-@x8RI(B*A5McK^p*6dN#U|mGki@)Y}0xz_m;L$qDMN5)>3;rpvQ)eOXSI+
zQ-9Ke#luwEfT>^?9=JI`5woe4NH|S`qRAzUG3>QP=A`_2iIb6ddQ|e@xo&n(F-+64
zf$0QK;$^B5z>u1uj)H}%62MfQJe2ts!kueRQO09Mf8U6c0){Jc)4Y@wI2Z-9Qr&3u
zk0LrwY}d6=6mq%B^6h^>^uXU}ZDdKDwCH;`7%V=qIUEfC#cTQPL}V*UA<Xqmo>f=w
zc@dn3`NFH(1My@!e0Xel5q4}UjKSbHFR$OH<`yW-?}F9wTl8bhaz4)1i4@xxYoqas
ztnP_Jy!rabRLqKg2Jv;VPN<m1b4Q6_%3QK9fDM6Dut=FWbJpU+Uax8;(Pk#&i04)9
zV-xxQX(_yF?MO-jgp)x6ZOS%*qE)t2f`^na`t&UsQHpZ58d=+Z4#OLJ+$1F>o5;`V
zh!o@!<*!jwdg`d@697_9f_dXuQZfAeDXx2&X$qLP(R5q2Q2J#>BZ~pKIRGdxjAH9n
z4m3Iq(-FiD->G8k=+ydY)yzRj`lt|AAM3^UZxrH;>)y;+WC|cqHO3B$kY_UCjV=b}
ziYu^DIhVjEIPq_$zC2`#F)vqQ1@%OC%W%-mh9{+~<4nml8#-_<s*^6J7HcFgTrCp^
zHyo>AXWe~IOF1%|Cn10#S+C1(USHa6qr&tmlU!e0GI81kiy^-kw-#qTNcj^(C#MU@
z7y(SV6kg3+Fn_AdKK!XMIm@j=Qi(BIGp2k4b-o>GRh2GdnY4l7w?UI-K{|Tmvmdur
z0~r{LFE~vy;*~R;Bn)s;ICn00#3V9>DxAxvm}(b{anwS-;)Jf5UA@bU;OE%3Bahm0
z=qSRw9AJK%(}l0ah|#y5G|=(}^UJb8pirTN2U<~>gY5QOF((v_-h<ee2sTQqB^P3&
zRemgAr8RO9vnK)QFi|vMxylL#_U?IHB%Ek=yGbtD165KM%pm5gIX9HaWr7Mgr*C(p
zkG01(voh-5W(4w9)|DutvqGlKZ@OybsWNrs%zaW4jRjXloo=1Q9-ki;h_=m5bxamd
z*GWgv^uB{HrIR%$$)k#1Q;T^U0UO@~c9`$LyNxs=M;9dI5lC)+2I>7aNJM{1BLF8*
z39oht{TO13U?u{yf=bD4Dlwz3w6}}Dh=qM04GLjvJI88S89o_o+D4(1fD$S|sok!h
zgO^K2QlfgrTIL=NCryARYnt|x5PkMSjwAZ$dLp&X@|#$4Pz|>lhowf&%3#{D9&B6P
zY8YutN#^|;RWPl<Zk|+Su2D@#majBXkP^YY+0X-1Te?!pdU4H{h4SiJ)S|s6X-g$o
zEb(ItHG=t5=&ZVd<J8eb4YJYX)h)NX%YhF?eGTE&P1W(izTd9p_-;1z7Z3&T0kdAE
zx6voX9gW}Xns4au4IXT=p43uY5F!>~tvj$dJWr3<*}Si8W7FG{>t3JZhuodj``$c>
zc&7Qbo{I>Rs>N8}uD1zEON}0Pd~LgtD|OWK*eP1+!d@kz16!styoL(4ZDaH~LX+d$
zE#szfjXj<J4hZ>RpFFVYJMOZS&L@4vqSIxzd{rnGdrikv^!{<P`2)HwugfYBV;?Qm
zyRVhE`MTSdxwYTReEG8UQp=`&(>(KbXm$5(Y+Lib9Q#RYqHodTj^4NHw<+}1!(WT=
zFQ6+c8LXDHcrO-ZFxPRMzdanJEX-xHf7r9Oz74-$uKxBdfPA_dce}m}7rn#vb^6jn
z_Z0K0El2zO<rodz@v01xk8p=gFIUYsAfm7Kv|YU!)3fnC!OXu|-dQ?*ru{h-JqNPs
zHReYTn+e<JU6gJ{;Cvsqv<Kq5>d%?QIIdj}L!I=R@1P#AO<S+N%&Q>b+Io<k-Z1E3
zHJ?G;6~^jizxL?=@IklfXuy{5vi_D~x9;Kiwwk$mdbxe(N{GGMX6hmtsU_p+F|^wA
z>?(g;g~xU2mEOiT<ALze>h>$t{RLN^j*k2HM?z{xZkG!;9zHcB-8w$I<~urR__lgw
z;t#7l-#z2Mb2_Ym-L#%>WW`r(w}xV|KW*ro%spLS>V0S(v7s8wUiP{we=1$&x|_x|
zS!>!HGu#nebG_#APW&>a7AWWI=}YnYo_*_m;u?zaq!dMmr9sX~rT)Qp^fiqh7E=Dh
zj);PM9H-HHh6@y2Z+!%2e;*KW1Fp97Z*%RiMeR`KfjE>SpxTi|)J<iAu4;BNUvO!4
zAm*}&dnzZspfA5@!m+Mg?~i!Of?bu5H!oW+QW~=1g7~0%V4!NZJK%I}!Ckt#v3Q_z
zuQ4Q*RolFmzK?njzQVr-;)?E&M;VdJnIsCsUq620S@Go)*rsdW8tQk^NA5E*%SXIZ
zAv25`^i$d)etKo93w!s7?*R5_D?ehwcoEy&1tZJrMO>e4S);r=B2#*_A<6BY%`j5x
z>bP6<DJnZ|-^`9o26U+;A%lfDqh9Rj(L$km^k(im)MUxm1&U{^%*^|gzOPf#(rAQD
z?~1J4QswNEQJ;*6(`jf&gzs>`vO9DIyIqw?)#!QD#JB72Vx=nVw-nlWQ|L|`9qT72
zw1e9YD3WVX3!lcX_iKVk1EtJ{b6VODplq~H`akLtbm}=9HiiW9fwQBk9X}3bYBiHQ
z=C*_o>vVOiF`i|!um#-vT*QJ$VS7a6w8QB1(wL!4B!c4}bRbQ5`$1o-1hi0Ia)Ne=
z6k0iPt`CD`i!l-!2gdIDC4fmHQgY@@OfJOL3n7@Qu`CjbeYPmy?u}c5;It>B2v`)3
zLsM~h9pH^s|2cMj?G2m@ulo4I@haD<p&O`H=Z2fQ!>s`>@U7Dby<&J??q7WTTVlrV
zAhIuTvK=|IFF1L3VZ5m7z({nO4V^PHFO;}Vm&X>2cdhCj3Hp{4_!!L&ihRblzGW2p
zjIlp(KHPI&e9Or7q4b7M^ZzzF^v!~GZRD;z?ShAS*MoVNn7P<$M>?Gol-aZ_aC*AS
z{A8VW!|_#FN8M9|hcd*eKMjYPE=a@8NlKX8JF>^sK&I6kyPyw244hvv1RXZ?Z&qH9
zihA+l<QVQvx|{jsOnHl|NnqAACA_U^>SiFoK;W-^+{o1PH#*tK6zjsHV$s$oM;eX+
zRdJv9#*kAAHn!v{6dx#>%I)E<2ECr`=}vKb2iXdNu%%0QL#PqF5^aQjR@Io~KEDFB
z83mP-O9Li_^=gOil{)dMP%Dy%>?%}`lv7SCUu$p3wi=jJ?@Fk9btItz`-KlVSL6*J
z_h_prf6w%Bek+BD`6@}bq(8TFtis|XzIv3c{M>0feM^Mv$34_lYi^paT1M#Jb1gK3
ztYG|JVXiPGgGdbeC;F=uQDwOyDWK638{iD^+qg4Vt@<03<76I5yU3&GR^_Z|PRYHL
z9tBgGH#2xL6mld7+eh<vsJ0&wJseVt^CDjD464zjAgZ-cEN~9u1|3hn+O&3-a?_C~
zQ$;!hF3T>^B3ULCz6saxuF#z|QKcvkU-`6CcR1hp)q*X3)M$EP{lnLy!esWDz?sdp
z-fcygMA?;n^bxX>hs7mm(0Uj<x&u9w$XmGd9amtM<%OK7L*A|TrboQD8o7>Vi!dp^
zXH{dJc}bu&nf~D-5LXo0p=Y*dw&E*2w{+An{JMU=Qd~4n{`AOZY3dmb4=JZwMg}lg
z;S+i94B8=rM4X|)$uZi{dCXpjw}i&0OY$QD0w5`Q*6T>nYo%2CgmWNzos<Q`@kR0?
zQo}ejQ9Q#@xt-ql&EVr;m4q>dO!`NB0_kTY1BKMHZpMl@Knxc~FFg>Ut!mKHZc|s7
z(NG{w^#3G_P39m@4dySzWFAa+pGv1~%&oRC2Kx{dyU<hqRZDf@!;1%I>&Fggg(F{b
z*YDWuS-xmj)#W@ZMlY*)B2&f&v@pigH!qMfeYY0ZYVWV5gSV7%BIsA=@jugLtyONl
z;@T=2f3qfBJH9uIFUTHm^F23xMqy=xdB#-vslxetpWeKbPhORj>}=x=Tz2kPxTLx^
zWgX1K>@ISu>po>2QWZ>z&(5{?o02-pYoCIo(!WQ^r>1k$Wb;`%$M#sB++TO0e(F7I
zJc@qdA@e0#k2NEz#1Zx5Id2V)3P{MjJeX;erY^!Je}zA@1ituZAtRO5^+^R1ix<oO
zY<@AaVYCg{1_%}Wt^GLjfLlKZ@tS5x=Y0B3?)8^J6S56xO&<wo<-g~HA9GB-SVb_U
z4jL0Q1-Y>bV>Lrs1k*myRty{qm4WFBKLYK<%!SL%gqrB{WAKOeB;|s>mD+>tocZo-
zIiZ4#y=UR%4Cegw5z@n+P8hNUkywyD=TKlrGz@wLycQA|01Nr(?1Z~+%P+i#cq!BA
zn#V2Bqq9dpVaMM4Zpc#sgG;y#Qv@l$hu{4r59lo*jP{a47}5ij2c$4dSWd9?B&XQ#
zf%cwWoEIwI-zOjoYN&cb&i`EN(z4T5s6xP(zXR-1EDZjVB8+v9=hC$12x^aGy+hDw
z-Q|)UYeII}-=YTD7V>pe=!?i&=$e;OFKF~V1>JB}LCE!yMCbjk{FLUQIS`gu!A^Rx
zbG&d*poV(fU{3R~Jp5k`#De&s@`2o<KfYXlwfPG43FQf;jHuvN#SRaf$g+fJJ19d<
zh!PrN9mN3rlo9}|E<p)W4voHU-OJXw6n^A45C-Vv4#W3zMdb!557)_&k?Y)>ZWqAn
z)aZ}^OP@Z@Spm7FU(ED7$z4IX)m?1!Lz-@fxFuTr=J!4Q+PagkpbhkPx8W7Y6aJC2
za!*t8H6q@nt>JPAR=I6u{@!;`kOp#!Kg)lZp9B5>5Xt{6>JT<|G;}bxbFy{#i^xM(
z-`W_c`!TmRcBE6Zwbr)*CR^#7Iuf$MG6*;t0#z%7?5sf9%5%Qw1E%K#B`0HRRiF-s
zgPwzfjUB)V)EMa7i5r`nnmG}&u>t7Wm;j8xL<yj9z}!&4#?;D~5SZ)v@`69~GjvRh
z%=7>zRzf-!CJuTgCMGtZ8i$>cksiRw3e@f}u><H?I9QmU1vSr^fI0$WCc+;=gJ+G=
z-;@e}Qp`M``<EPlze~a&W&mo41oa(_pHKLQn^kf)aB{Z;nm|ZG`1$8&?F~?40X$N+
z6_XH_(YFKYpNxQaZtmp%BU#Da5qS3!HYT>u8Ye|#Q*%cr2X{hB0icY>m<pCb&cVpo
z!Q94_kn(TYfQd@Zc6L_A*3Sk6irQcq)Sfj&TI@_r^Z+(?PIeujk_xCm0^0Uje5A$1
z&Q8z4478EXv;GLEBw}S`BxGhIWacFNuPlTtzyjC+jKC8)IaqWES%CRCI5>gjF#_0h
z2!UqQVq;^Y=j3DpaOx1U0|>Q%h3F7+JYV*|iU-<PSnWrR{$|r>0nlIj%s*3aFme1r
zo2L^$Y7xwc9DL&*p|MI&Z&9^KFWjW9WjFcC;^D=+C^mV+F#C-qcG-$xNYvX@#~sqd
zJyo?vRm41Y?r=!_OG&B7iw1T7iH#f<DGqV6Wm%_)T2|Wg9g|G_n8srY)t4_OKUR;8
zRoS%+mG*FBv}uN`?t{o?f9Q9t$GV6nv48^5NX5-R$c|UKn~Md7S?y}xw>TUwcs{*+
zRW7jJE7264N;+1AZl=XUNMq0;NtyLXjcsvPodu;f7g;@<aKHK4eq_smBn!0=W|9n1
z8Dc1mNj7N}?F*FxMv}Wony2eiy0bQ&g!tQSq6>ggi0mU#P@!k!n?>CknR~2Q^@^*+
z+>@Mms~&lr*jLPn3))LhAZYwCEPs9^f3oghG+uw{vH#TvpA&%(%KxFOir4@ZG|xTj
zzd9tH_}?B(BYogw0_?s(eGl^w=^L<Vm2FjQ%%4R!gv@`_b^WcGpCwhl(ag-OY(GnM
zbP{D8z=@!PZyY1q{gfW5+_DN3HAta89p&dBPPd)$h};UN^M4H}Us9=2Ypp?IXw%KU
z-Sehw_IYKfsPhy=8bma3o}LOen7F%JbbhrF88Xh+!8uGhs2qX({utMI3|4^&Y)DA>
z!E!6;&eLoBPBh)F1VTNGveRZrOkS?wSl)A+LA`4@p%2s|qYn-v5S{!bmaH1av^W#q
zbu><WmYF==R5xt;=c^)X6^yNq=kfW%NTKDpg_<ld-tCg(h~_;O2QDaGU+q@p^b^&3
zGOf^XGmcwUd!c7B_H;rfN_vNf=!5+d#2?&n2E!|A5a}`(lj;*&^5C@=dG6TQQL{sF
zcjD9<qCFE2QS8VuSNh~h%PL)&7gOjgm;6WGDlyJjNjO6#sLKKX;~+b9nPAe6h!Zqc
z2kG!#3O1Y^pQYP0wV7h*O`zWQC=(s2&3;{fq#Y$Z%0@x^c6f$VJo8!a&s_%i*#A~j
zu`)CL+*CZugN@7l(5*BPviukGDQ^Aa<Dn-nGTL(4@l9aC5ng^46vStw?T=LK2+Ip}
zdh8x>XvO1w;yr$KDAq3}`l<>FipeVv+1bLKyVD%GPiz1e(2kVoU9;?rd@h}zLo{^Q
zB)|k;`@LPo5dW(+`I}dYmBwRR2{hnD&Mo*K$B+B1Uo~0@>@|g>m$rs6`wh!-W(MB6
z$+Q_TkG-xo9Gl16sGB_8d1zD9v*pK}Fd<eS7$+&B;G1FF&VZli4Qd>s&|p^FYIk>}
z%<cD=8Eb5dq>buM#~`1tZx^p=Vz5Qgd@ql3;cX-)^&m)o_xj~7D1T^|fC$HF|FOGC
zNkx6gx-PAK{Y!U~(wKAkcdxk%ma#dR`R5Q%vG}Z=#P%APQ7Uf4zo;7)xZ10x8U}d|
z*CsVU+UcBMCPZ2(_q@{<T<l2<8XGPr%_f*t#X9hiBlr;g9$+`XfE!gbuj%qm?a1dd
zfvy_3+fXZXrHTeY=Eu`Fe3G6=5jOO>kv^|3LY$}MO52I%p@VyBR6RyAKFtD#Ny+Xg
z&yuyv8x;`VQtb-LB<4rbhKa36_-Gci_yR;w*+L0VHM*ExH(Dk*dOn9RT=g<`LmYtS
z=<y^8xdANg66T#UTRn=MBP9&f$VcnBLt3)~zx9;{fl0gp%X>gI5~z^CoJiLgUgcd@
zFyGA_5ZoQUKDoPi^mzjN>V28;i>~#oR{V`ofQgCa=dPs_*JaZ~h%9{K)klyh1TK-B
zZd~esJ{Vf0u<Y|9q%l&N!7Li->ET7AVkuNyNE%fAry_65L6JCMTuTphAjvStLokA1
zY(9zoYky~Qo3gJaQv#pBT@Uf>EzD2z%3f^qG&^piyHwBKG+~|x($(doxai5GIDH5@
z4MbA}Cp*BQMcglP#jo-ZjDz5AV7sHQ3hjL)<DK)fqrSgg>UWEDoPgAr4$D(43psEo
zg-H0eYc0%|YCB4`P*9+_o0701%bZN%ISYVuv{3A4KtJD#IlU9=3YGqH_2Mzq2J9DR
z`bn?;_fh-r2;(n^<1aXhUP)9|N!Z-c&PpGM7XAVM{2e0!SXh8^%)g>24&aEd{#Wn>
zU}Sj)N<RP?0Qf*Z*XFr}ei{V+UWI2^@mKKjoCqxO*#pSvJ2{vGHOlmijEpQC984U~
zIO|!|N%xN_&*;kB!O=;`OyA)dpGoWg^*aCvfS!x`3s__0AY|bLDyKPt5Q7c~&;Y=E
z{|9*VlgIg+o*G!p-%Ulx{8vq@nz@ma8PHcT0jv0<a?cg~;|IV5U<F?3zntEG>7xIZ
z0(5=mCML!}VfC|?9f+qGO#jtC0Hffu^p)Y+0?$hLACh=rDa?PB9Ge19cm`fTIrt9&
z@88_#PfFW=hLZl{KL6L<ClDq7-WbQh@$(pGtT1Q|4uF672+Ph0rZcNB4k<v84m#yc
zyRb?dHy4L0hH5SxhlmezA51(&(qQ<#GbE_~Y=yG_k@wJ(Y7b79XxFyLC%;V8G<_x<
z$jQjm?G}AtW_GdfXr4fK{8CffnZG}A6O+55xkc|fKOw3p+YE-++-$v<<Yc3Jo<|*b
zUUz0yYc0HD<CN2UGx6HJs)w1L77jp3VdspZyCuVMcUtulmuC^Hx~Gg-m%2-`vn7r!
zw8U+Gs(K+jM)fsQq;w|nH_iLX8nol(U7EAryVu{(L~BA8c18eDbkaCqHqGo!qHOWt
z584fKYqG0LB1Z_SD$eBCy5)2--sk68T~g#@Uo5e(tiHW5;S_w!rJx3NFZW=PeT2!5
z>976gF_Psc5%@oQB7if!pUwQUE14DoA0#>e(Xc=hInOm$`S8k5|A_cAoaR>G_jdkD
z<pYoc{hcn_^JQJlbC_*hs3rY?u0+F(o^FiXfyqP;ye{{2HWgRyG)kk8kIu3jjV$1~
ztbShO#~E(HD~WJCywG<;hzrxuAIBY2oImv5Mx!Z$lD&h(L%b`(M6)#!j6+}gK>xs7
z`7i?XC9`3675Ar0{g9!KEEo$DVS+TD{n~YL{kNaoaVL?khifLrQ!<nfF4gOo%yWl~
zZn#|Z$7Bv}8wK5$(N=vaL)1&^d|rT?+2H-zP(Qic{~H522XGet_mQ0Q-x<k&G%axc
z{9MexH<JHxT>sC}f4>C)K-};@?JNIP-};~P|8+d_ADjKp+Kfr?|A6;?Y{mo2U<y3p
znOOS=yvOnrllsrR+kf!h|32RPi4^{4O~u5)`ZExbiI;NdWrP;K;ex=dfeRvCf6bgc
zM1HdtGVVso@U<UfG+(9!6dG=WI0G`s8x*^>bhL{f*4KK!Wq~1FvDQ?;4p4OPG}T%_
ze`-PQ!q5R<waQr-ba;B<Xw=4g^>q)S&>Ir3Qqn<bsDW+M^M1jQgJ`j`lwI#@4)S`T
zZuBT`i>2>!tZrTH(YNLLNr9S@(@l*}xnssIbF~gwYNP|(_!@o+wTgaE@4I*Q!(%1L
zG$IV#n`elc6W6N8n8P35HH#M<E=ccveQ9+bPBk1L+uR@M-~>DDqKdcgC9N9HFlfX<
zvx-a*L{ju}=A?Rfx~~6Pv2ORnXIgxRIwOrFD)#S_8V`jh_1^%EQxaL9j?#_6AEuu`
zFgl}U|BPW+exfn|sf}6wu)&Wp(8dr%&?3840SFBc#INS2OO+uR;65D(nrShhQxMQY
ztErIl6B0K;8~YK1bwQ!$VT7MdX&d@}@iD)Fs#N%*4j%PxM##yl*T&8rtqJa<N+u0B
zemIy%F-Z($fMJ(TP&NV0v{-UDc;34`!?&E(o%|sgXsb6b`q+9F000}Yjc=7~NpJD+
zwaZ>5Cki#<p+wBMqbQUmjTV~>;z1r&<_Fp>Ii<v0QVbZ4D@7X?aE2)Ll-L%*>A}G~
zY~NvicSjq_>zX#qJDeTyLK>7mN(!6wDS`iZ&-Rw+kjm=bYv!HlIXo{}D``;nxeD(v
zLyo;&-Y=~8o7^iC`yW^r6~$ruK1S%)a#)<2fybbdfi!7E28e<Ozo2hf&Zl4VAZpiR
zAfX6*Lbk!F@$uSg^lz{QZ|S@~fmDZ_`}NQ%!159<*bBgi^|+3KrN_1n06;gv*pBSp
z%a6Z7Vr3vAVvLPIM1FglC8N9wnAYifn}y!%d0J6y<}bN`o}{J%UX~gx2eXu$e2G@1
zC*w{!Q(6cj`BvK|CN-lTX)egkJzgMDObJ3zsGMB`#HCq=`ltzY;e3(wo(Gp^4O`!2
zB;5XW6N(`jgGJVPkmVlry<cNasoVPUE=A0M3C*|7R3U8+474Sj&+?+5`j7M-j%=+F
z?#iTVhs^6ZT6~m6>(A9b+^k*C`7F9VK=EVw(Eh@(KanK=v|F<OVXCJRKMI`cK?k2y
z1wfkg#v(LjX^3!I!HVB>rKYKPok4koK#@1VKnKA>=~JXy@T2L@6dmJr%heC|os4Gg
zMo*n3aex;gLLH9O1Oi0GVbzqhPLk!KnP0vX+l;E9gfBu+JCtjb4%?ED!rnOTb!*p*
zDT&6L`wV_|Y2|J=CwNUsB&=c`>ewh=p$~n;7a4=wJV4!RJFd^4VEA?qKD2tZBELWS
zE@2+Kpa6DzVos8$A)kWsib-T&r9VhJ_)Ux<?Tv$hVd=ztC9h`}3|q=coc3ruTRYku
z>ER)-t4{%Z36c&So8}kw(q)@c-h?XMX=9G4A&n4=*ol#0-H<93kD+4x%`KwqZ%ge<
zY7bzPuI`7wFz!zimw#$p7UrMFRUP?ZiylVg)<c@>RDuA!0SQm!kT~SiT%?0*FeCFL
zXbXu?=Uu*Q$#{x;0tO+O*d{62=~9L=;7=$S763up3Pg@(PRbxeD8q#+aBJn(`p0qw
zkN&}BdZpgl+BQSM7pHRXWC64_oaS>IXj>-&hKw$Lqc_cDt7EI**TdKZyAE(zu9GgQ
zzop}$xV^W=m2pH%p>uzFsTV0m$-Gu+oixqiUdkxWO^7C<5ZI(^8KU|<U8Ow#@Usl0
zVtZU2WlRD31Jl-Sf}OLby~wSd_8HOcN+uPj_4ksB9pn;gUWKYOSe(dM8jsyXnl?ST
zW@p4dTke<a;r|$Q#{pcn{riLuxC`RHPTjHm+teL!LHIfEfA@#&$I9=&QYzbz?HqrV
z1Hj16`QJTLVrFFhH@L_D4Xn@11l;5EUuH@Fm6|dGd(Xdi1!h*}UvjWNKsS(gFnu;J
z%a1k9=L6s!{J<YSegR&L<!@9iupB~`KT)+m=;hy7<M<DB|KEr1zs;)u(SIvSICL^X
zf80fX;%73c^}i{Y-p~E^y%Cf<?fPXJVH{cF^`wWR4aNSYDDjkA0}>Z){QK;lK!&8g
zbMeeC4jGi#DyB8z^Hq~$IWDhy1u;iCA$X?gbIkWP!g%(K>I0H+Yqgsx;zjjtaj}-h
z9wk;9Oy1zhQE@07tpgBF0}SPQ+M7jK=dy5`)Am4b00FDAFK6%wUrv!tB*8l7$RF%!
zm^L{e;-{;MZDpuT^jv3lx{JBiR;q(mA(#5)V5lG{t9xJczh`%!DlI&LTL~S0ykT%7
zpTp{Y3jz)$$)r8>apLqb#onsCl-m|Cyk<B4bj|~4efvZ%l=QZKD4noeWfQVpyeMkC
z{_@0fJ#=ew&7R9zj|v6#g>$F|I@N+=|HVkJ+W}6MJ6|hK2Hp|K@LO+pO>EMsxLrCb
zl>t8~LFJ*B<D3ZWT7!!YFZEAo^4!CC&n%Wso_O11#<wtEXs3+)*{cB~Req0G|Hrk%
z(dV_ppp(}>)(-DDiKSG^#CcgN53WHND|8Ax1T4KymoQ6`C3*Z<M!Xm!Ti=h<-GQG+
z2OcqYtq%gm^z|brw)Q0O<knkd(#t+(O21_4S>d9{(8LLtz~OH<b(L-HJ{}AvxDjlx
z6S`*UKE7BqUZDf{Yy~CphZli_3bpU|^?po4HtIvH9B!98Bx3drk7Xs!DC2#4U)!~T
z7cIiZk~bmAnq&Jxl(5-%RrE6O8x!s2T|%Oy&KT>*OpG$=>k>oEo#lcUJ({Eeo{g<g
zgRo%gL#SIv>+3(8>8CFJe}V30{lmH)2h+dd{C~9T|EJhq01M;)_&VUf;^F=`&Shr#
zwTt}gYN{zPzK7)ph4u3)CF^gl$^6Il{ja+|*54%<S^j|&_`#?wd%`lD7Tr?WWu-_O
z1339@UMXj|Z}r=3ldycULZ`<0j2R&=Vo<H#QDe7T6L0^GE+X!h7ShWOPdd`P!@WL#
zVB=srP;B{Q(?$a#oJ+>4CQ4`bi!tmvgdCLmuzX`1b}lQGT1codr!l7n#?GeIzHU>V
z)&_|d+-~|R0d#Bs8w<P6ix9Xl(@%LtOH1PCe38^%ipB5obzV^+tJfWE?<}D!T!Sa1
z^Kne7yej3pfCqUR8uze{P@>T~jUp1Igy&b<spk-X-Ga1N2Q@8$Mtu3UPfy2M3&nXP
zDTHyJt^;|?Y=JLtI4+U^55zr08r3_bjV^j;R|HK=16Pt*te;KI<Pg&m8_u*ohw5ai
zwn96ZOyMO!)=L(i>d<=}d-9-Eih90!a%hO|PH?@R`lRWqR)XU#maQ|{z+B?um-!%G
zOrsK}nS1*0d_1MU*hn9UEPu<{v9kSvR8&zOw8sO$Kgzw7e)HZAMeOyV!yOS+&Q}P(
z?TR*}Qjh=+93J5i&NqbTO$sAu5b#-Bn7Uz1Hf*@Q45U8x-<+0N%s2dt7;K#kxmbNg
z1EqBxm(vctYbW8R@zY8e;-}+k`Z?4?WJ`QchV9?a4Z%+i0UqjL5y3ak-M)FNS;~`B
zyFd{yG?}7LC3-G^PHY5In0f3D;n{5x*1YCwCicHyuERa*2Q$2JPA4eFHe!%xf63ek
z7h7#<vd7h-<GqV{X7k!B8)n2oSZ-9(+U#}Gn;3}nr~z4B<|e?9P*N8$Wg9qCP|M4N
zmp7Z1+=^K_fJWq9MHT)08{>;N<M^I)6>i5Pub1t=WXz914J??=Mz!mcIPA8b6ulH}
za-Lh=F1Ot(hc_dTWX7rk5DTUR^Jp^3E7iKl<S9}N#JF(4Cz)8&Lc+E=LOnVu5+J(W
zC$DfLMXWmP=y?$5hygdaE0(NOPB|_feos{XMLAeV4sb~p?Sx@iPAoykE22P#g(1=m
zp8h^<hr?5@4_`!9mcF4_0-L-*d<XAU1UjM<pF>CShJw}S)P1QPycl9*$8<f|0@Y*U
zExq))It<8_>E2y1@>)F799Gd6Jjs!-^V0eX_r+j1#oD3awoRV+P&|1tmKk90;(Wro
zHIF<tC1$OfWovqf!H&rt(+_ipL<q!RU41BBxkh{^h4y}&lFg3-93Qi{nI)@@PU|$W
zB&+XA@Tlj)z(>!wYHbb)suN=8&j^C`H_282;~!VnV<r*&fQ0t<v;YWc*g}Y%Ni066
z7auSedxd>h?OlWTzlK0$+7qD&Y@&8X^IKxfO$5(F%Z0sviWW!M>aeeBFv)IiU2Gw*
zgizbFFMVSw5iu&wnQ59YOrmt{v{jFbIKKgsfJyQTrik@-`Ayb8z<3=6DTh8n_$5bJ
zy>;U_-%j_beWyu+oDbFh{O9jvj27yQ!GwyWOVV`ZRRZkD0QdZ;1BAgos0ZC^XqFcc
zB5CS&%HgrP@Z9Ui!Njj=jRdeVC5*{6<=M)bnKWwi;RN!Or5{eD=?XIGc!cR4f+oJm
zz$A&e+MP+A*B~Dz?c3$qa9cp>9`b*OdVAPEwfF_;MeIiAC|wb8`89&Z!RbVI_u_<<
zd?W1{jY-TEBuC<fR)5eyh*oKptDgCx=-m1l%ZGXtmub^QJJ5yCS?<?3{!5#YLjfv}
z^yaOFpGL+d?89^*$G&)^(^P$A6+T=+hW#qtacz4qnZ1wn-qPLq7cKw0d?w%zvDh;4
z!|`B5@WLm;x!@sFNZy;ZmX=8MAXe8H>)kto`TIW52*!+r!kr>zurCMsPYd4Ws*p(B
zTBcpkx{_>^2*Zqi2rEEOakonv7bp$*x)kHV(ocbsCWgfKq(3lrtanV}+~~uOyY>-#
zO#9UvGz{&7$%-uJ_>np^*K!rY{yi4frWtS!=d_gqsmcQdP|qagQ`)NgUWjCOb$Um$
z6~!=(8=>pkK^O(47D0B-yErAbG(u-tocN)Hde3hCrDMzEhW3o_XKOx7a-JaH7?k~f
zVVK|KA_0IuJQ6&z!zh9P=vE~N1S3dj{{n(cc7lc%A5)^=4g09i3w-2;8`v(=RiuNv
ztxC#8Z)N+y_=Q4c{zf-6eho!>dy}n?F#kJQ%UC~`!^ku=Rp<cfBXRwys6NOpjP$p$
zSxQ-vgq0iG(5@rbwac7H-fl#S^Iuf`CpPe((x|L}KhUUgGL}J%$RQ_p=#I+-Z%Zn5
zV2K;(;Rx;ptbO^VMRC;=k+*;}szegqW!x$JMf*ix`t>pnzMrof4L3ZaS^n!WmowDd
z0R`N*m^lsbo=HBOFasQEADt078ck{{%3j=381JsDalEEk+QQ#D(aoJR3F>j3R#>JR
z)3FysBQ$hIfQ2f%q+U)>MRu#h*Aj8ZpCx&wQOkuW6*Fw7#mntn1oJRWgjJ0-5I%oV
zWM(<gJGOVc417cZzCo6%zJk_b(`3tY(`y%MbF;x-Li_k$X*(r4TQR%M;44<OgO&*W
z>NLi_lldb@6Pw$|s(SjC%?AkG9rwy#Sn!uqs=o)O{DuDfDH`+nl{WugC?@;!D=hvL
ziuvR1Gk;~2{x8hwIDs!Z`8%QeZ^dG={&kx04-q`9KV}R-Ey~Zam;mM<A)0@tP65v}
z+@F(wP603h1B`x7_}g~?>kp&-?eM?rKY$ZB#r<<(0A`kdD;Nd<6xsYfb@?0_`uk`9
zs$>A*Unv0qd{fK+yX*a`4*wHr03e6(do=~H3jA_j`(x(%Oz=K8$&b0wUk(JHWlcX`
z&1Cv)ydTi$$1gzJ{D2)l4uF?u{lNo27r-h&$ogYF<L8+%+jFP+4=Mcr2l)%zZ;}`+
z0M4Hsri_wQ-4-MC^25s(piqf#cM!NyrO|N*KELXLI|?f}T#Gpg6RkQBxP4OJuY;aN
z(oN9jEV?>D4Z)lv;qD?>llLO*Gq{f6nSIEcNx7=G3BcNm)TU9+@K_}ZbaodKc-O66
z;kAk}P@G7tilzJo1ftQ07Z-NIUz+QxsdY6<fE~Nt?$~i#4GBbJ;DPD$9f_sQ6%_*k
z&MiEXQ3q3Nbw>&o{fMG)qyUHvpU_D>kJ^eRUF$&`<&n9~iZjMAt1PO%E0YGV4oj%6
z%`G;xbJ4|3Yvxwx#3G)j<ALD?LcJ{E%+ctSB{tfU$?&kE33ztqgW?uc8$-O_mP$x6
z4(G^Gn@C!h;c@@9jA{=Z3GWge`iZz_fq*|ON?Dcy+oQJhEVvKDw=?CStZi+i$_P6=
zCDK<KWF4TzNn$hXC7;hVMo4K5g^9VZ*WdFagjdRUf_vP@q=0U_&e!p+GMj@Yhzyrl
zi_6Tfx9ZldB;1|uhvj~o4)e=KdVy`q&@i{DytXo;&%2l~8phe}c%{!XopM1y@t*3t
z_ID8c@TS5)J9f6;=0N@cjZ_q+>Tm(j%ZD$u-xT$#O}X!=P)BY*EwPAaIkeW`B0Ei|
z_E9)*PVO6=1Y)g`X8JVs2{!H7rkA;{*E4Asv8&lptx=XrZ_@j4i>?<=Pp3YVEaphf
zloOe1xkUTq=Xn{-so;l;WvdK-@Sb8lGCoFiq8r{HhF4zMY|XTQB7&Qw^2#p`-s?Kn
zGRV%fTIk1cGc3eGf!kk(?W`dd$1lSucr7Et{#Z{G1^b5J@zt@0ny)VdLBhmcFmwGn
zQ}TB777}WCQ0JWXG>?cRx*;uWe5`%sn0?mu$KY5eQM*!q{11A`sf4#dJhB%V<`p(1
zSESV_uZq>^UvA)jJ$%WcdVe7QeoI;ArQ3M}gJ`M(<DL|{rTo5398Fe+Ona;vxifB8
zyuL@&5wt7_*~FXBj_%5;H?43PStuv8j{@f->0q+*XGKEQuIAg-*GNQ>$*8|*o8Kfr
zm^uHzPsu1P*@FR~AJx!V?ASMn_^&c35@QSeoL=!K3_LZ91O)5o3oGpT>1=fK@=PG-
zATn5iVAG?8u62H89~fVEKuJxsQT_}wN4jE{w@iX);*+&g@j(oRyirjf%#cfXa)O`R
z=8^@w?RX64B7)3tlDmZxOk#OF^}(E@1~GI;-4N3d$)N`!#Lk4=NNXQfBlRM#N947n
zADJU8{|+j$wis#0G#RyPI(CnePnJoPmP*i=NS$V14chd8bUJfkIIRjQSe>;BW^k<g
zNKKR}HJUa3?R0CM6Q)>-&sQ>S+KnnDs#67_!L(Nc4m{u`m4oL=&JW}JJ9~x#M7|F;
z4Rml9c}fdoV%j*&uGAvqQWGDz(dkd%`bh+4Ay^9E9K!IxZmkSj*c-r!rPPBenaQNA
zn_E1&8!Cb)atNz6KP<Lr3SxrIfq!dN(?~mP)sfj#XptGQyH)^GRg{1Aa3FhoS<U$Q
zMEGXQjNr}5lSBlM?)4~6WUFrQ_|aX;x5ks}&rcvL%vBt}Xwcte6`21xNml``wE@HA
zS`X2^I_cSnE(zoc9mJn}5eOHU&-xGoRLlLFxCxPQ@Mi469l%806b><<(0tOvvoO|1
z><F__Ux8#NEue6saRiMasyV*Z@lvmj=vog9$i^bSei7fiXry^sOxVvye_|UKKr1Kl
zv=vS;QOq~dKkGCC#l_%H6clHp&~qzoF@u704rs^OlB^g5A^%oHk^wdq7F<<y);iAY
zo|-t#2A1+thEKdL0nb9`!~nKD*1!Fb<||V@Z|;1BV4zuOpy3OR5`hdw;XL{7F_yN2
zmr0xh^`S0}CnjN30geF|*7BtN6D&j_wO`y2PELtkZs0>Uj?-QyjNCG78^BTTTe~~i
zFbC193lWtUO>SA6M=d+JkU|y$x;}GFDWSp`>pUdmKO_^XPN{zYVSPQiL=fm;&+@*Y
zQ&EHQ_2Oj$camofIRn+4h^1%pFy>PFbbN|oY>N3;VC;>9SVr+L8tXS16=u$V7#SrJ
zwt<cHfPU|XZxHWyqbw%&s)&HGBU@NY?#_UpRw6-IRf<m8v$-^+xG&i9F0ULSnY$tR
z=5r-qfGvddl6@(r(8|&1@Zq^?b_@e@Nn_JSpStRMPde9KX`_?rM@Re9lKt<+uodVd
zq6W2MC3~MHIa@!o3E($XAMQE`B`I7&lCHkdFk^MDi%!hrQ6D@-WXh^wpVbk3SN-WV
z2uf6)c`JR?8V7SuHxk{4aq@Wue!We7p<p|2uT9ffl@SG3+*%$ly8_vC`l}Z@O~~Gh
zm5qkD<JJf%1@k#=R4;;ZBv^2`$?4Ml%d%dERZk@a=u2r}h(lFRV-TDy4rD2+6PwRX
zCTSun5x}7m63&(33)`h{ql8keVDM|!nR^qMpZADEl%rMKEt!fL*;R-*mj@ZF_aW_)
zNcO;3q?;bYo{2;-48of|k-uXJL@V<m70lxJT;zee_rCP$oY}i*t%5pzG%Coq<(pBz
zMIER>whd4C)50e7J;Tg5?{8qpK8-EEXwBcHb=d#FUg*RR+k^k0bp$}Aa`nK@zP=rX
z;(lRjOZsMZtNFA=Y)?#Sh&6p13cC?ryy!8nmw5WStfqCAo;`2Ko-o#0oW&u<W<Sfe
z0UJG2$J=C&{lu9S|Mh+9hyj>~JL$y+<el9tBK5jSyA?{UVwrIx=Ez-ML^B1tFs(OQ
z9{qyEVExCCq9-5s96|8FV-eoNW-GJawhUl=!<o!_fxZ-<+Uc>hD0^e3Mn__#WcBW%
zZ21XB)#u1?7jyHAc;us%p>;*}<CBS!+7b`FOunbnsR#ZvZdGxVpKnu+$4V!?VY164
zPE72i;b+6)2(;~Cb;DrgDqpbR>RENwIa63min|F{ncSn<$3)&~v3m%srC`oqnD#e`
zAr|&OfJGH0sTe~bgy>MZ1$Afg<&e|N*C;sYu<mrBz^9Vjz@m&`B78^%D~f>{ITfx7
z6zIp)Mtxg+u=TJBhP~^yUVzKO7kK`_pRd(_LEL#pShN%#2GtS;mAJB~#{IH165;dd
zm?wDtg><83f7yP4PW?mQOchMNJNQ-{SXN5Nv7q;x{<ORJEpTT$>K4!76CaT4!J?kN
z`VG&3p&8k`)G3%X*wn$?^I7p&mktl!>hCGC5}BNhtQwV-hI1TTsW+Ul$b;uBbj<op
zPL{ahb!lH_jb4a^hH%HU>uUC}ysD-_e%kz$08@;&N3}YsXw0#Q0hoTl2AIxEq@cAt
z;IVKzoBx{RBUM;$71k@-_L=WH$_S5z%IF}YMH&wS!(E|tJjDW03RDZ(p`CR(5d^*r
z6F?(x)&kjcKc_W=E5AD{kjO>!sZGOTA)+K+6t61CvhcO^>uEKB9Mcj;?Q5}p^h&G#
zo)ya*j#?cNxOSZG<xaJ1NtcDXz$Dj{Kq9B~k@w4=oNdrte5Fmkl;3;n23*^Zd5i=w
zVGiT)Brha<h3Z@w_~=s=e3$WsLwHa>O|oS2aLCge%zOQ{i%4gJ7dO!s<vSSHe2w@e
z9|EgGq6{d7*sZlIuzJ7-`7e6OZ*p+V&jMUR;N~92`qr>+8P<w})}+AI92!{i97v>a
zvDb!JK3^eg78pb%4EdJ%^UFyIRE*FPK|!$vi^Cy<xct@waj?IPu8|9!KNPp?^f9o+
zh@BH5Uy03ut;D~o?&;E)D&|AewZ>BU>PNsrFf{MSxkEK!$Y|CMp*yPXvzj`dn6TiJ
zQ*XR~9P+t~Rd(yxi`9*^QKDE~A+x1Ba7cME*>-~UF*;MMIU++sb5!??9&gAQxix)2
zo8_Wu28IIz2~0-@uI*i(o}M!kSrtHVpoJNW{^O!LCyDnx0Y1@SJZaU5f7uGp2rJR$
zNErg1+uP)ipTCUkVYW_wg0To+)0RB%;*6xTam1iiNI^44Fklwu{eRed3$UuT?R}W;
z6ltWTrMo+&Q;_cN4hfO&?i8d1=@tb<q(mB|k(6$!Z-K{q<s9z4oEzuf-~T($eqisp
z*4lH=HRfDv&H0XZyrVj}VE~Ht%R7obPgeQxrtG<G%|Oe|Gb#rvpBl<{h_O5fPNRJ5
zuMdWJC!QoTg*?2${67JBe-{E}zIKrs0{#JjJ^tO-2?4Rd9V2NNg-2L}9L$>*jEj5h
zz-CuaXOJ1K-SQ&oF4F?CIN{fz4B=d_ClM!*A}RCfClTa@HbDfzqis9)M0ys8`B0Kn
z7UsP57H#5R&AOF_VUk)lK%ftERb~!|T;%2Gw4$i&0O<VtWtP#luq@<FNXKTBkBOu_
ztW7wMUAieKP+StOhjL%wpY=C0MZ}597(Wi#3vV%?c7FIG+g|yN0-{?-mS0wHv*LrC
z1)ER(X(;0xTbN}tnH><3J+r=g=0}mUyaam2+@TOtWCSD!w7!PxYf9zLZma7l)35DL
z2t4!nk|{hhe``OsTY?urLh5V7H&V*#^7(O?>I=_YzMZg38eIM!Psb|b?Lg>VN@^|4
zm(a{ieKKi&-`Yj{le|Ck)diJ!ab%03#bKT|qQoFA&hR}vJby&@98ziD3mcn0%q*c(
z)yMyBw;`d#GKC#-?@>UEYZ+Jl(ZM4c9zDc~Ae7+<3>*>>hy)F4YlIKZCgv`W@Q|1>
z;mvB>qw-H8aagtU;~OJhQ8wIRSfdGhaYqYl0Ht67mODbO)45Z+h&1c|q-@6S!Rsf7
z6`nPv2k?*I%Glpvja%Xa49wRqW<%L7L_r3G2IpWJ{y5o~%H6G}>@6S`vRVURck0?+
zKIl+p<R=uXjm-9|go1!Zw}YE~lq>PI<8yvHSjIS?%%Fu*NL0Ha`{M+uTIHba=dX0u
z`BL8(dVLOjOc^a&*rW)iI)<;`!zPj>@t|OD8&Pj0sRGw28S+pbZ-Rn#!ZzUawCHnJ
zNh9dz8P=p5PU@CRVP=MF{$@*HDg606=+RQkf7-`Xs_>}M+50oEH>oVfwrCiFgAjbr
zlD7}sygy2MAS0f(OP1dGaa|xq-zKkip;smY@*P|{=+`W-u@IuOdbgX^81Kt%bl=DG
zwa-!A!kepXIZ+sMhO#queTef;{i7!1o6np&xSg?$S-5gTm^7}lTd8!2oFDJja6*Wy
zWR%4b+Qfc-Ps`zMo0Il9_Woo%dum;L2^Orwbad~8^Ds9WF*wb!(%3^Uebxt7c>@{d
z_KT;34hWyngUs&^ViQEdCqOqG6~qQcD7aeH-IIPk^fAk|;H46q=m+WewfOmCpCn#X
z*^YfSbo9#6R$`ZndAs6x)o7G*1owIy*U!V?LT2VG!zaOaROxx%K2dP3ePpi_5@E4f
zu`bJK#n=_vUVgW;Og1FGXr((z1c5c)jghjkSa-#AteynC=G&?)WlgoB!fpZDeE&nm
z@Wp2m8<x=L(AI4(DkVJHuPc4=-9lGUR-4!c1FHt$NEhpj6Tmx9V;B+pc)n#<2wi;a
z*GrMY3gsKwTpQWPe7yhW)eXIT%SAQg^>_tKxrxhog;QsA<}zyfO}B%)U*;9~>yfKR
zoP+LO(6`X*6G}n?etAE7a2S7|8G*3S!rh_7x;guIt?aB08~H<0I$=Qw;r!59cS4ez
zld;l7jC@EW1nM{`?}b|U6mc9tPVR-yeVTdqK+`QhJ{j3eJe|2q%pvV9#O(8x53dy!
zarb=Z=c^Q+__Z=>vDXj1OKc@+P!f+yB2~r0sSq=1$_|)homWFLa?2?)-Q(lA|0u?%
zLd&^8zdIPAS*JMEC8K}Nk!DvT)bKNS4q5G*ZyzMAr<L9wa&y$jyGwD#b&o^t)~P<C
zR6jEk>`E=_6Ry~-e`@s}-&)dn+%ed2Y2w_lqpPGeg2<z$@1WlcWQNvd{s!aTa)JA+
zI55qADQiD^1dthbFaL<ithu55r;#cYcLI2rs|i4YR*1t;{P$X3X9#7>jDzlBPw1q+
zuqYIjfbVZeatXnJDtP+FwH`P8<GeIgd@dnr4Uzh$$5-Z%7j>FOA^JJbg1&I@?+J{J
zB}20I>8)-DiCBwfMy*1nl$JlQZ8AUeBcXz4poT+X|Cpl1c{Uyf(?4Eq3GwB*X7%8%
z>UN#UQ-?4#KEw=&-uihHPDi2m4qH%HO-zKiqXa3&=}*X~4NNqBW>jJGLJDQ4SgFyn
zNzRLp-8SDZH65mVNHih$a&6|=fAJ(vAm3!FgX^PPFn>YU>G+}`wYBEu+Lo^5A+FU>
z#MxE@LuK+l_i$RRrMQ0t$v}*g=EgTj)PoSp-`berr+e=o;0a^APH()Vd;e}(61K}>
z0eA^+;|lw&XX%gI!T`A2Zg6e=k=p>-m>=Fe28JtQ{q<k}Y5!k$FaRok|8%?AuA~MS
z7;lh-0mNV~m(9O@vCv=k=<Qw%3=G%(g)D!g(%)9c!1fncBLg6T^Y4xzxvj(O|Kf3s
zOv1Nx2mW6?yW6yxk?q$O07RK?VG~Anf!iF#!E}qGZqv@+a}1;4kE0m{8E^6Xmx1-S
za|&P9%P91paCS2a|GhRairnTrew_7f-Wf%IeHM(OH#@wq9MYH0>&uJf%H?@g0LIOg
zSL~_)3>nrR-tWti!TQUi49KX(M96vx5nmk!^a~)S`lG-|$a>}dzN{MP0f0X8%O1eM
ztiSL-j4$nSb=$tG05Aif7W&I!z!|Vz-ZQWEhzbz0UA5q6Upm`u!RbGxB>&q|l5Dp{
zp4qP<2b$4cwypF4p|BVXQ4M^{PnPF{ft|#~2neC!r)^US*al>3#rqHtg3mCsC{c9%
zgSSNdUx8zvVqn{`Tu9(4@8N8jxfEzCL+S^?@1%e_6XD@4ts3hY!Ak9bE;461;`hw0
z4+`$Xstt_q@90){Ox1r|qfRa36Ha+>1PSI=*s$kg`gSc(`GifA%gP>S4_lfd!(!(h
zlB)$X`QeAI!xaO_&0f|dwtBbbF4?5Lu%^A)X(GeY2l{hCavz|=hIZW$?V%rQ@P5iH
zTyo6bCyhYkF{H=0pG%SJeO}5c^Oa;QGA50%t~(}X=#IeLCYnMeowvRqmz8YQD@iVe
zlIqS_J-fWmxOn#NT@L9F@H!iwF9ah^H;Hyme?ewkkL3RCyqN8lFf<S=`7=VJsUTq2
zLJ0V4;CLfLVZfTn(`1m>FG?W?NiAhUY{v{yadDOS3v6`mK?OecftUpkNn9v+D~oE8
zf5bK{vE+5o!YQ*O>l3yF%k<bEx2JG?F6uyd%Dxtl;jQjV7j!evx0|p{raBIo)(?Ak
zaE0j{GAq5gtzN`GW3T1WWtthTu65Qkx2c@{l*Ul%;vC6|@eY)M>mA~*z@oPnQZ||~
z+|&G?DK%Ro0frrA;*8ULT0tJzUQxLC;gTrF{EvxhMV8N1q4m{4t<r$(Kjm{#U3$D$
zOUdczT3?D_@};*uovIB<k=3?kq%{P=MCmjN<rC5fvNpoLZ9&g#naA5_J|%802*~&C
zvN@=V8<uiCYNp}wZ`dD)Vnd0CeVN_8$v12xpZdU@STQU$^!!V1c@ExorSLb10eeBw
zZw&@oiz<EZVy)*?L~8h;5sXWL(ModEw*&uLFdyTF9=at23<y#G+(U*@Z)^egr^sfZ
zFVt61ACRH>hhzcLpewxIxjjU@qnqG!eiq^0{J}P;GSF*K5Cntbly|1XlIBkeH=nOU
zOGCJHYwY@T$-|Swhztk39T46R*TbkK3m5d2k4BAkcry^|YOHGXUc>2ilbmJVpnDsr
z(3BHubP8P9;`A&0B7=+cGkE>i_yf3U5{%^@hzO=921;**J=?g3D7tJ$d9k|~^t$!H
z(Le81W_gJgy>D5at4$N8B6-vm6SG3o+Nx*JN^)P7sP6+WMl;48b-VND7mX4xzHNPC
z!r?7?pT9w^cE>(NFs&l~0fP~rZ9x}>!S3s5D~Gv-uHNvoiSPssZ9k&Z%F=@|FVOIA
z7q1(vdP`)Nh5njVm6ar-@c>@#2=$RSRU2{qVP)&A(8-0WA8SV{jwCE;B(oC<KoZE(
zMGlYyUEP8wSU5H6-EvOx1POOZOX|!jupwT*_fZtf10QEzM7ipe9wl*3nnJ&xeahn_
z$SjgH7~0FkC}Oy2u`nd1#1@<T!46U7-mt3J2ZaZ&-8SXo>}wu}3kl~BiMyUh`pPI8
z#H*G)r6Ufjf5>iJXEs&KzVap17cF_WAD<jfLbvR}{BGd4_N4&51~`@laXpJMt7=A5
zrZKWn`a&W&KAY@OGS}u9We_Kg#Y2I?_G*Qb(NT5iO-I5H0&-cEM%^waRp=y%G^q6D
zVaGAj$WxgPmdoofOBhsbb&N9>Bru!IE)N7r9a}rmPtsQ$>Jn(;SIXUy4;mi#D}#P+
z!k`hTcuH<W=kj<Uwlw`=b%Esl*JeW5^)lJh<RT7GMf3c};U%W;=#aR}i=S;m-UHY-
zPLDQ*zOh#&;5N+|k|`&qe%=#ac&ENs<<OZ_tuwh#YB)?>svrC!H1)~r)l%eSV~5WV
zUk<4d#w9ZKq&J=*Gn};C(~tk!<c_FSeeCIbAv90Az09)r-p?`BIn)#G?T%KSaXVBg
zzFWHMhQ7ua?si1Yog;bCzGCLZE+x=$jv5R-`V0Bf^s}?lW9}#E(|vs1q%(oP9Xo(7
z`K>5<jBMA)?wSgnm(Qlt3OHsRMBAAC(U?vWO2SF#8KSN^p$ZU;5J*Z)AGq-uA3SX|
zKO{PuHf{x^*YK*=TZ)xWT6*u8pwLFDPohjB_k!noWwuLz^4{S9Rpq&hpS4d@>`|F1
zNpIkU>PwFt`jNlY5<U;7*?tN`>l@NIy28OD1lxzJ^v?$Z`>hg*8Ol25W_`;^K!ZEL
zMC*!|56svbv)?Bblrx$Z?jq!A!<m=7lt_ZCdL(1DjutG<R9ErM>TYL|ImSZ)f`Pel
zm=T@GWUG>wA7GL`wR!JSz9Yk|O}C`ywQ1f#x33u(2yCLeYi&@w-ktne&%=HtPsl4|
z|E(rxv-#4+p=xuN>M^tdzRwLoy1<n2c1Gp6297H$JhB3$W=;<&Yx#*QaC&13SH;}D
zr<$?2<Z+so5hv*RQCc&>%>uwrU|M>?24}%F1ZhiKW$jzTUSndcuo?8n><ZWn55V7J
zE=vV#-5+$wY#kCc%1ja|Pf87Xh}dnyg!dlFOy8#{$T}kvv#MK=CY;7#vwc$RTr<p{
zN^eDB>i8iC)IiCrheXLMZGCbtjtI#25hV&@aWeT3<qQ!MPwpg9HIh2GJFFH)Ti`TL
z=zA}wye@jw@quFC;4O+%MdLd{St8Gk9>aY6>UkuYgW?kC+Fn}=#uIg$!5}cRXxCm$
zwWTlZk)9j&eLG>Eow!`AvW3o*TjNLNxiXDqP&}i=T949;>PYZw_6!4>zBxS#!`7Of
zvAz_*L=MCD-MV4?-V(BBxUT9WEjNMMN)K~l42KbjT-KwXzUOvk0=;|yNpAT8xttWj
z*ocf&sXeR{Ea@5Hd>9cb-KT9x-t{)wM5-V^IHWVdq*ME4L;R%2<wjqJ9D7-9*T&uA
z*$bsmANp`%wY#yi^)OZv^$aB9wz0EteVyc<K%)J`p5`;LCF#T?8j~nLoS8ZlXc!@2
zZml4rUbr8;`!U9tn2M}&L-!8XOI$IFj@Nyzt>7D5pod7j&u%#B+alQX*DhLVz!e2a
zgaC2ris}wLKtACP%BG11UpQFN#n0(@2T3c8>mo|PlTCnC!HGB4&(|+*f6wT`Qm$fT
zF&~ub45dvk9&>50BMA#xV^F2rF$W8uWYJI3wXA-nkja%~h_-k<P*=Z-Xv^6<Fe4CV
z>JxjM6nkW12KD28<ic6wa{H!ac2g#hTr6=i3OoMtUeW>8rQT1f<ege}uYB;7YYa#D
zIrJQfoq~(Gpj?twcVDPcrmo5`d=1Y!Tc5Z9^oPtY5Q1bIZ!pJgG3V=1oIFud;cbMM
zp1HS}i7-#-7r9NtjQTw<)?@FPkP437UF4vzkRx~gHp`1?%SNL4kj{$nZuvldLHlzo
zl~+NJzhdR`I#1<k`YAo#U~MbqkC({P*6L+QbJ=#{@(`aw95J25+q0TID+)k1vEd)*
zWDE*#T~fs{`%;~R)+-RWk)n2zbI0=zI7Pp4c8mk)-lS62eK>WAVN=P6^f|)~LEmBo
zY)f(UJnq_yj`h2Fp|7e<2e(GZsxs=Nt@wYU2Vnw;Sp2063aL0c3!f^){oO^PxEdu(
z&#=bcpd~0Sh3g$MvI_Cex{f!TRZSlt_Z#Sq-e9_0t|EUG(xcq-1`)V?AU`(b>wt=#
z>JWAhyjUf=mpOqsQl+jv6NJp#5|&6PiT+hUS0)n;QV*M3N^Nr_U$rtmwiw=$24={F
zA*t`4X<#YRO2Eqw$x#3EPOA$%Z!1o$2adRPU8$?Q_m95JY{srA<A2ebGV6I@bwkr{
zyQ*Tlu8b5VeW{G(f5_QRGayp-mE9KX9ZED#<1(_NJBS8OzOOn)dHL2lSM)<TO>vLb
zZnVv?XeoQkO1sF$35m*O9XWON)cgi?7@nzEBU2~^*cz2t41HrY!8xa-d*NaDWGe9>
zozRZP#+ak2Uk2yVq^636i}ny%wG-l353IV8!(ZI9QBfwe%}mhZ+y#6M5|Ng;5}se;
zADEt#@nZT#`g4X^wUOGgrtwd#;Fd@4!hNWJi3Q}$NZ6rRf!>~cgv0ZRVhI|DwqmIT
zl6=ZAim7kpJ=feR9tZgp0r6%~NE~vyY!v*QKK}7SUAPC*I~C}uZ0&iHhFT4&SFJCF
zv@(=TJv;)ELRF7<;jO0qTz+fUE3Ed9i?d<4RAm2apbdb1|9<ZR`!B%D@AobM`1Wr>
z=YM|7PZ&De)y(R*RRKas*TL|g4`I8K*!g+OkIw-5eR-1q$_s$uzki*9<;q~ct?M^H
z{f|Tb6FRs5yXs9$jK9V!f1iF66Vq+*<6k40|CEB$@4$9{{d@n8G82GH{uNzj0)Vc+
zmi|%wOt-?~f7HUnE_7qa(iIGPiIQFprz@cCssQxh6&m!tAWF#g1Ax8k8@3++?4`-C
zF4L>S0LSLl#QmxOoY<A;>3e~dko^Y)eA#UF9}qCmDnj-v2>54c_DYQH&oHO|3t>*|
zKLJt?4XunFOn`h~e}$e{uEx!eyPyFB+;1P3?6(A8fK+RLt=A<LNOS-|S_mgaa4b5=
z65GY(Ne}TQ07NVE>!fEfUmkxX7@?L#OkM}Knld@vV&`rQbOk-<Yj8P5FHvEuVZn9b
zQch<LngeZ##jMY1a8IbIN9wk=xm7wl!>v_x_Zc}Yy%5OaD`vq&UCBn}L={X3=Jte{
z*#y1%T=$aJ)y<J4SDQ=DqO8~<Y;<e7Sl%@rI2Ng{Pr}D`olhS<<1=Z0)w&hj@a+DZ
zrvg0ODNS*!3GheNp%al#&yaQrgx25$L7z?~VQG&O(UImquoRQ`1!bCE%_N)c$;KbN
z!%bwXNR6(Pu%GE9Ik2BZK{7S*QiG4eJbz}}17oq9t1@99Y0mr<TzSiE=C=mrxHR{z
zuAW~lo~5F{(8Ele+->GpSTy%YcW~U-TRfjY9d*@=X?K4MMQR{Ed9vI#MfV9iO*kiH
zpU!NcD&*j`Wq%{&ba&*lZ}-qOoixZ9-%X<jPv@g*d|ue_eMXx^h|t|!2z?)1($U5U
zjUDa+RE3i{LGE)p!E$`_8P>zjRN`83SBqi894naI#W?G!)~b4%RJg;`{FZ^#^%n);
zIn(sT)L67yPlZ9hVAyrOJ#9-=@92DKV|SnIv7dHMHKi%WxP&g2zc5J&46mc{S)2fb
zzum`yx5uv={GA1q-!l+kgmTYRc@l)g=#SgNJ1z2rjSQ}{grO#BMaY4sVvf!(^^`$c
zgStmoM94x@ds0XX_AuDhYSzD)<LJW*qJP=v$8yj2g=778p--Msg}5oHt=lY?RkBxX
z_sEhj&Ni*$*Y)>@*j$<w_K!jXp5U1DeR?cL#oEekm(cf&Z$00$=7~{hjK>Y#bW4nb
ziT<bS$t6`fS|GZO5Ju#X!yi*T7&+K3Jv}*D1jyQT0G?=KJP-a_yCpMR{)LVWhrIa%
zl>IV~*_Oy|iDT)!9p1`_#{t{V&mW~eHyS~S(vpcQLeEU0BM<d(y{A(F|I&$10NJ0J
z+PEs2%&jAhW3W?YJ$f&6U;}cPeD)xHhAb;jPUuv$2e+}jVfBUMr?t`I^%Y5pVK0p_
zvj^s~80x2-!iNBbsKavlEp>zOq4VicXP`?9Irh5D0p(8XFojrPAfz*0CMUeNLFty;
z28VC%hHI@+;uIa@d~d9nuSO%a5mTJo5wY6)$NFI;I++L?H7l@R7|oS?7Y*m!=b!4L
z9pNiv?kAxs*T@tj9y1wyH24yS>2w~6P~6xrdJ^gVZ5*U<s!dqxO-Ve@nM=s#Ji!K6
zxWf&Wzb)i(ou#N5E`Zd^4+Fm0=!-1;wq>JyQ$lI~BX8#GO~Kq3EA0o~$WYJ9=>=W=
z8klnF7QhWAhnF;)9W76Z1DAOs-an4ZfI(Dx-t)w!=4qKmd>4a#gkbzeE{+7RVnA9A
zM?CJ1{_vVnPmI}iK>A)L-NR}M_ZwP%OWcBq?b@ZSsR#tr5F#}0!g*%m<zhrm&4&kZ
zI9yzC3eFTRZ?^{xE5YgD4Z?CSL#D|@(%;FUt9&X+$CRJpmrvozwz&;IjtBdu?4oQg
z3|*k55?&u6E5YV9Dc}9QGHMdFu#IO(4czy{c}ZTr;)To1HpcNc<+Qe`A*$dWh0^yj
zZos&!ux*BNrv9L<Qf;B_PL58bH|A{fn+4?toxS}14_%DQg&o;<41I`N!)h`tF)Xv9
z!loCz7tS&p>Mjo2KR<d!RhtGkR*ax9J`-4Npf+!rTJALnnjVRuMdkQj61~R$eORE#
zEBwum{H9e@TWUgvo&~0DN8=&KG{{uuhFLG9nEG_!pCcr(r`J|eOpH0CH)P;^8u6d6
zQw1Y19*~eavXO9Jwf6LDit)u^A1`S$PB=rA`=-_Qm~*WTbxf;T@2f$0E5mw-$N2_E
zYdW0k1D}TyZ;Cw9>(XIP$Y|zP;%v<}mx!iTc1<=8YR*hAK<JTjZ;)c*xFyDNJrGej
ztP9qgA8=t75F^5HC4DW$7vVMmb=ow7eAAU;fKNJ>LMFnbIkWL$4sMc=25&AIJJ=0w
z{E3Wq_CzKT;!8aYu^#uboprZ+5>JV`z9#ZiAFsp<Ik|#Z4CCC8vJYUT-RjA~z<3Q2
zP>y(m3J&O_Zz>6Z+a7s8D<S7f!gGQbKa^KRYi$qU<t32|^+)}{R?8(MY3T|ru%kj3
zvLm5V65he@Toig_Y-)_FF%um0^pjcTD&?+zv5kao)uR5Cg0pAuT#+F2*s7rIeOYWL
z?d+%$WAm*|E^D{`7+$n_I`bPYkXvFJfHvRHlL_U>F2pP88Kqe$)*T%S8=jzSyl5b8
zQa5?=0dt=hxOgTf8k%|@`18BIuTYnL?&fCkqSd3jkq1uTr_QTkAY1gDQ>6E~#lYJi
z2B$%zI76gZSedlCe~F@aR3jYacJJt^i?}ss%Z|7Ei&gWbDIuo3kHq>~%F9$vUs#=Y
zk(*cI(pR8`a@j3!IHg-UWdRY3pHE3Mq6-nYTM1uwN;NkyPwJ456}qI`7NcvxLc8Q(
zV>}49tf#DB0drQ3RL)|9p?>SyQwM_e?QXRbqntg9Hx1?jQ>v5c6JJ(E8;_*t+DW|x
zQ@ugD{fMqsm=)<CPSkVM?J8Qa4Gm)hh|LZ<-9LA>ZRgZ*FVGUaOQsFG;XHntDgM3i
z2`2h$@=8FM^i}voA7yPz#Zh7E(sP9|AW9l!H6<v;G|N8^yFAF7|MRQ}Cs`zpAC^Zy
zOP;Dt%ckJ~t4jRvyb@BAybkD_?%hbEt!9%0GFM_z#&HDp>`w256k7Vkm?XJ0AkE}J
zq00+YyoLy!VeGpOhBSGiTJYNtDUBIo+#(%Io^={v#A^)~^AeRqM)_1hyXo`&tf`q#
z##fsSF`Z&Qw42E5_NYHkK<^CM=pwfnk=Ej!+GsA#Sg%6yAE7;K?S{#+HI>9273Asc
zwyMT6IQ}T_zQO3mxs#N$(Xr8%XJ_=GW7cnOo5kGtY13Yg^7&K<-J`~RDV6o|EC#;1
zWJXn@penw4m~BN-&4jnUHAgP06FEGoRPpI74Ys9C$E<m4$7u2PHAO4ihx^c=N8u7T
znEsYiY^Li;uA~9e1MZZGC16I#2$K@g7bBA&G6KGL(EgfzOc(<!l%A1D-q)T}UQ&Wz
zMDW{N(7v>;l^T7?43f3;3@})eV)**G58Gpeh1>T*+v#4INfQ=?^()Ld6Y%#tRX<D+
z!&i5f%ukRvPAf81WkVqBBa5<XvTGo(5T=xSOhiTO=N@9lC<U#m;XGnz`nngZca*$7
zA}s91h^bl#_YrUIMqpV_|GT>P8c95SO}H_x#^ud%q4&nBFYfWRnv~Vtf1y8TGx;Sc
zo8hIq495DaR4Qb)M9D+FX^e6e$ZWDK`c>(NeOylYV>F{f!=`UOyuyqbe#_F=lO}2&
zgu&ZQ$|B(z3bnzY>6d{B{h}uw>A~8*$pg{E#$7j+`Q>KAsv`&eBQd4vahLm!A)qfc
zEt%l*he!d|fTYS4Dgo{{-g8jvrVPyAcE+VN$gS?OjO^DR;@5H4)Ld9deeu*^aMwpT
z4Zp@+ansYw3+q@#-QQ15l4|UIG|$279q5q&H0dqXn!%qx*DiADl2?n5s?{`#(AWPK
zgbvAnATT-B0Lg01;&{|j&X)htl&NL0$gIH1diZ=M@Ey3ZAuOEx_#W}sA}rK$iV4=>
zZ{u_tpH8JcXfbp#*SPDVV&0Cy1<53WK6>K{E25cz5cX{(M^#v2q|18N#6dPEb<;({
zBhcf0&>{6ExHcL=V8l{eM~m_t+IE4=sjx>UnyL?7P^r&IlJT6`q!3vM=ep}c|JEvv
z8uIoOQxw}0MfedkLqMcAtIGu$*H|Xp66XF$pwA5!{%Mx<$J4t3-rDa6V80Iv04upI
z0(-fzW?=do5b2Ng_P_oP@TY%^nlb>{IsYXf_3yO{AYxxm&ly-4FK=4^_{DMq>G~gk
z>-Qc3xNj~8)vsR+Y*&lz%gsQ8f4%p6832oK-tq6<3h?eP^PB$2F?yNe{rlMevE?6R
z9lgXMnSTfR_ybq`UwQ}Bg#R&o`hSwu&H4inXBE1|Dc-hE*#6T=6>i&*fAu)Q+py9v
zf8;l0Zo%JU0-+zh@UOP_zx{pDn|%RSxce1gPk42Qzx>Edcm>d2ZDl6By4_uU7AEBQ
zLAC}4C&%SI`*J%lJ^@zu_s_uax?1&KZU=hkYIS+_S&;C`7kBj;IOYe@8!+#c4&UW=
zQJ|hHFT>A%0S5ZpVrGAGw*T9lZ3g<wA#n>Bnvv~#EHIG37@!xN7QwOV=vvdR1)(m?
z-ksT~fHoZEhk!}N?oAgaBcR8!`79^=ECmtInY){X)(g3Yo4_&8A3SA(Z?wDj$nt)^
zquz{M4!=!{V#i2UvrIT$*Y?5ycwZKAsW=8rw@^H3KxoJ*dIDS$X1ZTO0vi`$wPqAz
zw4bU7nTJSr>&y52otEKC@-98tt&N0e!h4nvM%T-G@1ockeY)S1T{212N0m|15-a8S
zfPi>m>ofS$7Dau)N7MD73Unb_e{Yfxcaz&Cxy<Q;^}h7E<-LnwYedz8sbWNb=2+le
ze?r;(V){j(VjsYz^HOlHSvAHPQ%c@xh+7_4aLz1~YW*^!LMVE|(Hz0oFz+pQ!~B;1
zrwQ)gUrJwtj(;qr-Qj2f)%DJ$OC^GBJAj{*Bsup^)WX6<f*r&sdPZawR9KIHOTaIB
z4T1U;UvKzmGBJ_1;0s|V?h2<g#L%O_xLN#UuQByCQuMsz<_0Y^(XxWDjoIi6J0B-`
z`CS|5dp?P7Y2VaSg`2ZEVm}2(ds25VrefvOynBmH9vAtvFNbol>g}40%dpTPOkDE`
z+=0r1JVeIe<B$*IkMA*kQc?9&M=>vr>eb#No`1`^!dE=@I=~%0c>xm5S=#Ms9#7gg
z4+9jcQd1>8^ZTKrlm$-oDg0G3eLLi2d(UgYSBq7pL!J$Zsf~0+ehJyemOQC%ln*+K
z^xGuJVQHE_5<E=YZ$(n!oGR#c5_Q=?8=EQ{-5%aXt)PzP*|<3GboU7B+Xh!vdnSLA
z>2C?+v0P6lc1ab!lr&nqlr$>7)0j_2wkWsjeeMY!{dlsOJqk6+LX>Rnqx^GiiUH2K
z+}`mEotTv~9Dq&CI*8#>Q{ZLKU5gaTm)F8Gw{3;Lu{x;T<M_2z%D<*)VmYDvQ65c<
z=BFk?-tfXD)*z9`h)JlYL!n=`^gNOT>>tkYzJn^wYxVL%?U)E=*;pyj#M%so+je6~
zchOgXB3W`?#QrE|42RCmM5&~?HEE+mi9ka7Qr(8UEsR#_D}n%<@w3BxywB(n%aKe_
zOVo^hj+_GyIQQAQH1Z7wQN<N1426ZW6;dDT<1_Sk)C$S&bQ$f|N2_($+!f9W%|~O!
z_BGrX(J3s1$cbB5c#NOM!BcO<{=fwMZES3nPM{lGpPnq&ncc{}c}7kF6g_sv`+nII
zn!%sABE-njKRkxn>O@#;kut&hl0L-GcMdZk!=L+p9S>Y-*LARXL(;7mY9d@eFyHVM
zQN<HE1kCMsV8+QKlam73!Qrz~Tv76OT*Sn7jTJuPH_1N}H#MkX4=CAc@b3+PL`Mo4
zU>bNj#t<d%8fCUGOCrntIlZJ?E2B!sm)F5+&rES)giYvMv7Ci($$Io>A?PQCLLid~
ztXU<NWAuvc?`#rz%<{%&kMx(5O*+QC)g{n2Vlo(*_T*sU8;7SUXHUQ}1J535(%6ry
ze>H^YN!~I9E)dA`+VCTuGn<|#ld2~p=hfB_qUW?X4YOM!u}qBDF@nFaidhK}ZT&7;
z#jUgetC-M)Bb-;g*k)ajf7#Qar5{;mQFuISI*Y^3!<7|FAHwA>yG?H!`vO`;v;Fzp
zvLq^24}8&y#5O;Du9F$}VBFqbPj+8V@GfO%=$N%Mj4TYVyU3?iy|j{YmeDu$j4znf
z`SSE)r*W`L4K@N&HaVUi5nFz+3dMlOYM~OU<)j{`1%JRe4ll(HRgg&R`G)cS<Owo7
zyEP%+eMnn-lzQE&myt{AIlc@dV76uGDT67~*zKX`1I@T4IZqRfNt)ZFMn$yL6$fYT
z8|G=ORH)OotLNCk4K&Ar_`7;H@RRN}=;yA%j4A4nQ;l>&b*~rHqoc*xYvjDr3&hbT
zXKr0f;E(iF>x=TvlghF<rRa`cjPI6J<DZ2bMwZ*!XYi1SX&$FD#*WUrsV8oUC<9E6
zpW#<S#fGpi^a$OW{y1es=bdg-b2e|RE>@5X$699b5XBa@%<uFvKto2vC^@1eA->uc
z3D7|5-?m?<l-d$WX?MGiAP7R290M)A)5R~1o8f1&D6&DTLq$s%5kG7T_a!*nl3I&1
z`_;hbAecMU2ykzpOp_5JgnN7C?r41JrjnyrA(AwN*hb_HSZmB`$5njWs$OdHR%Bjg
zQLYQ`Lo*&%##ne%b{zi39jDe!A=d-Ea)#vdKDmW6UiQ^?rKvEo%-W{1g@P78C&_g<
zUjq~0h@mhEFsS+h<8b55Mf@$W43e)I33t7uEtt`&T&na7N^+(7tHD;f&D`k}n{c({
zP78|WtBE-^Mly4tof+HJWj}bt+RCoo?G{UHrg^r>Ywi7VPTAsZ-b?*YCk`luI3Wcp
z3CWgaJ6bWBrHUw(s)i`>xy{rM%>)p58?-`rj2GR=WK!B>36+}0n}d@2P?y~o-}NE1
zY+lUUpYojJy=EN9)W50oZi$^UUk@A;0Yq58>ybQeQ4~Dwn^&R=Iox=S2-C?#{WQyG
z13!0#9;9<tloeVSneZ8(OMxt*?{t@`5{fUu2LdBX&q}XQZ$B2a)|omK*J5OdLp*(D
zdjT>|-LD&76+5dh)Wnn-O2GUk%2n<>!m{d!+P3%K@kOfD*U9rJjoE(#_3ZN-d(){(
z!DB1Df%1SRlu1nDoCEZvIUI2+_b(H~8LkJG6_N!l)Tf;vW#k`1L?@-WzW&ynI<mu-
z?S^QpSz1tCgH9kqxcFgSxX(~j+m30zvYxo5>7+n>`73i^nCiYs`74t9U58sDCF5SF
zv5a1$AI_CLp57~n6x|K;m&uc6?{NmpXYD+S#q{gp_jBHR%=r35^;xumMct>np!QMe
z6(t+uLws6as&wXv;)-eRnb0sPzkl1o((grOKK2xQh&rbYmZMjE){rj9aLjUc>05#o
zZMovxX{pmLO)}EbLzTPFUy~x)V=t!L55pulh7H3^4!rm(QHr!S_EIbBJp(sK2B>6p
zLs9|*GrG*dGXjr+R}%|qu}*D{U2q?0HbLWTqFNmtov|pwri~)@0-ZymH&8l0s_%8L
zuyvL91xrK}>w16~O$|&y^^z4_<j~HeYr2UunzHuY6FH<7F4#HzhP*xT8TY0Eb4w=$
z!}Y)eO}R-+KL!|&!@D$Fj}{3QC6xEG05UIhU^c}ogA=4$Ca5GZBpr&!6vW;X5HQ-c
zSh9xa@dm?Z4OD*0!d7&|Z>8Vz(nF%lgvnZLKT|ZZFJUm6h6@VoFWIv6U#eCgV;BsE
zT-wk=o(NaqbV(1-O^vG689*6hmkjY}p512yA`&7d6e98)q6OAf;I`S}1D(Y%V<IZ#
znD4){Wt|DMr4>>t#4A!IVIO+PxyXXF(ThKSs?E3NJ_&jcMoi--JKWM^!161ZO{MRe
zwtbWipt3<3C`;Q#N*Hv9(@-d%MzugmGEH&7XDymQ_1!_&EI?v#B~E<I5zN}wr&)AA
zFYqCbV14pAh{k<(fraCcyw0)`f6xpPxOv2{W#7Vc#$vB@0D{zQo#T;Aq6j3D7Uwr0
z?^-rZ7Hc@f4Ii3znzGSq&233kX!4{qg)~-D*6mZzJ2-GpT6Q(d7dj+rH|CdWVTe%^
z%^Oy`*UF}44^3r2@Csb{^*#FT!xf!r1O5yY&;g@GfA7Y3C*@Xenkrtf9_lp1TZX(T
zn@X7ZTxtAN0P|Jcn)XIM8OA&Lv$A>2*e`Uch8aXCl+=ph<2EL*W~^a#MjW$~*@_II
zV#4a!y|lX=7N5}F`TRbkCo{d<I3Un2zL>{vnri039k1Bd>FjcmRuZmMrfoXQPqAD0
zU*PsuH<aS%rbnjDZ6hYX&`m7B;xe<p>2G<%*miCa^whv~V8qvAti6<MF`JW^Vnk2Y
zbfdg?DdqvURKTMrd+Gapga}KHEA*g9d{eK&4xdk?cBh<^x7PErlvJB!Xl8Y^^L&hd
zEtlX4^^IZ+A?*R{0|G+c!~yBAL?`rolu08b-(bXRN{%UQLujN@hWt<Dn`}ME!-m+$
zdp37i*y32rh9q3<^w^srykcFbU9$(>)AE;(p+N<yPIWo9Pw~uz$(B_&x{H-ZP@3Iv
z)-dzF&@~!nJYsYXOS;bnJ7(R#3wnQ<s|~8_$;*rPA4wT+7<E_l+FL9c0o3*9XRWew
zSJY!54o~*3<cu^Z80_4mge!%~O(@TI4FM$>vU3B>2t_@jVRbbDj&AyKCUfi1uhqo2
z*8AXDp^wh=(kplviC=BGIG?`x#DzZiE<1-ua))&$Y83GZ{_q|-u9h~K%gnAIn$NDN
z9(jp4%rRmgHYPH1E{)wB@`m-ZhDt_~;O$@uRO?Z(KJK}7YB9UIVP2U<W|%mL`N=?b
z&@@%ktyRzA3KRUwd7kjp9AkOe#5v2O7wj%AZD6k-)7NQ6N>kNvdY7h2b=wl#V)}Pv
zCb^&;!A8i;##I$;zsh71IuX^T1J(jGW|h+qdg}*v!Wz=xrKXeKS6U~PFsZuYqFM9J
zDRZIOjirwThrLgCisQ7<_Nlc!eo8o4{)O8H9eX&9anDnNCCH^5KEy^u(=<~)mm*eG
zY%F)}C9yI(dF)QNzQ`<zGL`}P^V|%vrzA&-TE_#O3rT^EnR~G#OnIA`U*o>$JSx}V
zzzOCp6lPCz7T>9TK}R7}V_Z$aDyBeDZMJJSUgc|duDY96nz@#!&>0^g^&s5-KogI7
zIi9W}eOc8Y**CZ7&R`g-+8mWDeyHuEg~L0r<)tg4UFIfPF?yf~?s4(EiMaQt0pdV*
z?9_qa@yWM+#)qu$)XFqNWf<s}Wjc=J!1T*aqv>DN($|?rEFV{`VZTQ$Kp2=q@@vFj
zzW3qL*wV96e6q<*iGkd1j&gPEx;;Upn20Tjq5RL=Z$0uhry3VciYJ*Iz23R1I4O>A
z6_I0@gG*CJvTR>yD~(8kQ(J^Q36(r7K0sCHUU>g9?I2eTBUapTdu5kX6fQS&96Pet
zBan^Lyv+C_8pg$$BZqO>Ci5)(LrdXn&r?A~#h^%PW5ppE7F)KcsCxmRpQ?qppT!6J
zMZDA<6Y?2~qZDv-lY@28rSGrIyN?;a?r*4(HTSs422uGnpW5QQ6WsvzRxQdm(Vg`P
z=5KpZeUhnK{Y5qxFc2Kw_ga;y_{IWR9INR4t@vo`<BhvK!G)tZW-#Yq*`LmUF6`~x
zNwv7}I0F~ua9z3S>bfO(_N#<U%F>;P-uy79K=v6EorEHSu<b0!(Iz;vIge+Zcxud~
z4tQ#v{f}QM&UCj>jjYuA)#X~&`cxlnh+h~Ezam#~luYI~sKiBQq*WexBO4f0Xu;Bc
z9@Ess@#?F)yVh_oC^d}@7!ebh&P^@8C4>Z|Z@zXv=<P>*%Z~v5@#0|=r20@o2whSD
z+%_n984u5Mk(pA=&hqG7D>yby@c|Hr73_K;unC9NB5_tvxW)@x46i^ee^zpGE4}yG
z&r6*k91l!X+p(!5QbnBT5M~NPZE2rexOE9_?0_P@z0Yt{n{SEDFwkFvy)?sL0co!g
zAlzkVA^B~m+B&%jg)dtiG)LH`x^zL^D8AUD_b%oI6}W%?ot6}oNL*^|dqp6;fVQ9X
zapuAx(X&zA=M=o6xg0}@8B$*8)J$fB33Kqm0bmfD?~K{*RStk_-?=Y-Q-g1bXaI2+
zKO0#j9Ef1zhk>{N_$2}~Hh3?|<G+Xj{F1(7i>}w$7$5U6s7YeA^LlmL)7z=v*CTyB
zeO~63`;LII4;MA@SjZ&O?(kUO#Mv}v>gjV>MrZ;n@y?FMmk-QCLfs?mz0i;PWpK|x
zlgtSvZ))-_SH}$3qu{0GB<=t~R}CkC2sl3cR`g}U-RBptF>I0(V{}M~mK_!DBjj}>
z=4L~DgqJ8pq4JD*Kg<73zCHo9>n=4^XMb_p^Zuk*^X*p(R_Zf@re1=ss|u@TZ-!Pt
z0pa0*F+UDk{W8?Uc1B;Sg)Ew~_VPr~-ZszA!no|%y45RK6g5mn8VO%h7+yYx7asQR
zLr>YL+uLkRe?|BD^*%%!91`0_uJbogF;t18n@;(b%g|q;shZJJ(GWy1!iSD<w3$RR
z(0v1FXcb8()*3BTD^C7U24r+!MKVE<e4qN`D82NC;d8OoZ2`N$+#U2i>DELh{qS}T
z1+1_7Wi)Q%OUe6d_WpxrqLy*bJ0f$x8SGOl^gB^&1keY3DzUfF%^kuDb5*1EdnP%k
zQj9(jJR;)B9kwQr(%<$Lk7!X0`}r|hKXym&7k|U59ShXO-n^Rf*1$#N5;PPZ_QIo#
zEE#=RE(_|`VSR^~(c0%9*{mPETxDh3Bx7~gHg0m2rHwlLYRHzn6MNo?+oc{nsqR-o
zr;t{wOz?jFe(^mcHk<_Ht?(w$VH=roF!$r)JBz*b8pon{z9Lsf_P0!x#hq^MLnZP@
zN8e=HTP_kA*sfgw(ve-3;0ypYuh19K<jqBXI-)P$9N1^i+R&ygiHN~&9sWBq{FxM^
zPbv9xK_?KJP2`C!;=Mcgl3O>;d|HP;rDz&Iq2%<Pek>k#-w}IPv`CgFx)p~7+3wKS
zAsy14Z%Hy6TR!40s=tY$pPX|b1hVNe*iw0LE4e;3CDtyrom7HZ4?5|y2XQSyYbaR|
zZ)(qLP4JK`NQ_D;-<U9&g%(BZ@pjvv6>siCTfN}LzUjnox!7T3zjk}ojOqab01-Mi
zz2NRO2z820RQjPTf5NaEh3+~4DJXGx*3J-a|9(QYS_s#u>=<^1?va9$O1>l@HW;wt
z8it_`hz({DAd1z_{USD4@kM)zC0T^@W&RsI)q-kcS0ohAXy-B`-y!)uRS&)X22_*W
z`Zuc$#how3N}jwDG9)q*0R_|eus6P3lP46|XrT$aBgIuBu^V`l%q+ONPI~(65Da?K
zhB>UBsB6B~`_zsSi)y<s!9c*y@>o`1t$9qr<Y7MH)B|>nEw49y@VvCOkGEFdO!zG^
zlT7)iuC#AU&7f`bA~ia5cf^JZP40bVAABB7!)F1O;pt~j{!+On`~>0H1R<<%v%9ZH
z`XN<gsq*1?!RIsZCY`989tl6)VE+I*3Io%%#9RLq8-?L=WB_is+p<yqy;O#qYGYtx
zyd=C_`v;IN{<7iv=ik=Az<iZW>9;$+Z(;q5N*+DnoBS>1<!^nD<;qe&_OjBm6JGuS
zN>*3@e{BEpe%aiAg`@G`b{qdYexHT$(&Nqos6<}=zx3O)F#XUkW4R)5urRRzTfgsT
zyV}qGOZhgx4>(?a$I(C6$O2^V`YnBg1xU&D+pRx;@1Ob1!usn7$se__02*e1O#l+q
zFE#*_KX3Q@ENmh-M)-aAnqNBAFKz$bFMCx2`helemH55H0F*9oRo_dDK<O$l@A7*<
zzW}R(zwBcHN<W<TEKF=b>6iNja3pY*(qB35FTV%$#rK%mt2zPu0s*o=Y60x}UDony
zA7BqaI`qdrzy^SH=U+-dTNwV*7Qh|=8|yFoM1ay&TdolW7;cGQ{h31izn(&z;fgnR
z3)JVo85seDxdS8a7LELqLj6Zjs2Ohw3@|cXbINH(_L#L1-t|A^ZP%2+^pi26ghYK7
z%a3uEWlGSpEKS8s#by*$Q_9(Tw_c7rbyqVyq2|nfQxoi5<_$ukj@{Iqm%1c=^mAXi
zxma}4Bvh5HE0*88JPYuYuHEy3dngHV9yQ6*j}%aWNHWE6E{f54jE$td9=TuEe&h%L
z4Z@ca5+k2`MWjQuiEu0Uo_mUC!hycg`JD`RVUt2$&GAGX+puv$Q$CUyL5fJtd@Q$<
zK6BbO_9ScRhrCW4lx=4*dgbP8Cjv?v$rNZG=&XmjMPoIFlm|JV2kyE|s35$O`*I3a
zo@MjohN(W|PpHIS=b(RN^4Xu3?0;<l9G#-0o`b86A>kES^%o%vX<Y|9Qx`%FT6%hV
zfNBhA&N5zpo1XB&ueSh`DN$29dj}yCT{}X0IJ$?rzkL3c<TgMn`zJWrSECGgI{j)E
z3`9SDfBIa@Kl@{j_y5QDKZb+-ziHWjm3RGP-uLJG?Pj_E*X{KG4Cng)dPn?`?f)Bm
zYe19e`;){N7!}{=!Iz66fcyM?zNv6+O~d#Tj`Vj~pMR2{|Lf%Es|m|3mJ5v6iAR4b
zR{u`L>dWNvw_BH8Ps*mOzyaigMOZt7^Ww+fMu|AIAd4YBeu5iaerTgB#0-h*9oeP}
zCgbnJ#2rOlM(i>BD&Bc$W)tOY%<h|_x8nZ74QBk@x=(3b@DgKN{bhT|qx*G6_ljO6
zgyi7B+f@aor9Yu$yR%#8O|iohxk4i;%Kd5#N?+xvQ3bUQe^^j^J`JQruLUKBh6;^=
z^c+Q%db;(<ada!<u1y4|B4rA=ZR_;2VkY_IiYeU<md)^^Hhe_#>5mUqh$E)b*=^xB
z<_91ZE$S3&9fUud#W3?951gpdM$9j%9ZTm_3I>nL1t#|e$2&F<)+C%oyz-<)kB;k^
z?z$%<G^8w{t%W?mr8N8@F+|qngq+f5Rix5L8`?K+2RF9ZvFn8|wx&Uy_2j!j7D;0&
z+M0&RbW=z(X_3t?9&4dDp~IGI1J!E5_G<~l*6${8&0^5aUYbYlY^)e3op_#tx63EK
zylM4uOApJRs@1<owVD9{!*4bA|CFu%Q?}a5;Fo-$hE@ib&m}-D;&y}QPu=R@p<Deu
z`PFTn``7uSe+pOse&K4s&w0xc%yL~AMXu{ozqWCW`XCYC_f&G+kKyT4Z)8uo8UjKo
zb5%JhK^3I)lb83|{P9VRl9DFVzAPPl!nx=D+Lf9Mf!-vCyZ2!6zF<TSD-9jLDRwp0
zx!s*`TSn(DJR7qfokyDBTh4k*Gnk`kvFqDD+p47>&6(bA?0%M?oJ>7=2P^Fz%7RFN
z_hO*JhE7j#roY-6eVdcUedm;t7b8HfjZ=0)yvW8$FdNfISjG4e`2PMlJ@YDo>U}Z3
z_jI!o$HE_IxT33R=}`INpB5>;MW1bDm=*e3!?8QfJMo^8T>cTMVKXIK4ecxZ)pVJu
z#(bUaWQP7^5!^<C&yQ;AhY!IGMSZGnctHO&iTVS;Id<0Xn3|xVHGuN{Q-ZbMJO7`<
z=Kjr+wclZ>E8*JzfMo5z+g<#>D;oRrdYp+-1aNx(&x*$0>}I`MpI@%uFKzrCvc4(-
z=kk4-^1XDq(*NN+y%baZK8?HD2dJrje=c8@06Ep~&y(vg0N^dZ)vWJN*XDoUwaN68
z+vV><HrIWd(uxzd;6SEaRdi+>wmBmH{Z#Uph+J<60{-ZZ^Ewe<e@$Isc_6dQ>|0)*
zk0_Z)bQYl4v}gg-EnnF>`ey7<6JxBDhG0iXCvCDnlOP#+r7srOh{2LoDd>Xha|-u=
z<ma;5W5#aU=!M-4zOUcURZjsf@wqSY#FV`ZDPU1eA5$OMt`+f_jS-oF#tPh{#NEhN
z5pGHE`}T1Bi+4~Si;=z_xKHJrg59d<m2MQOq5QO0q+Gqd3~iv}VG7gpAR6U6;N_Oe
znEny2-DRQ1RA`p8M+1%J4wzyIUSID&rkQ=INVz31)R{!kVaEgUqNH;t*72loWpP<w
zfauAIRpkTt-E76NUa`kGOwLpyeNrE5xX@`g;op%63_~(M*I9$*ft#P~G_%!%7fYxB
zQ#6rIm@zdwchy&bh+!92tvea7R~N(tAAvY)RDG1R)~G4HEMG6(ZF3+GuA(4EaIz|M
zv{y<$v?+WzZ-TG0c`gymqjk`O6Vj;V-?x68a8|W>Fmw(&$@G%_h9@P!gt*<+$8kMX
zkiz%)-;>MuU%e>rLnSdWf;@cs*BQbZvd4P-G!oImDpC)W-0KRS<+uBrA7>Xq#&K1~
z9S)W7`C3ChoUkpx6q;P`=~~-S$q1)Ic~Mn6+peZk?f$@d>7l{qz^T3M){B*ke7Iut
zZc)8gVlS58_j5E3u?pO)EnQo(6N;7JgCd>Md1S)kSRNLW&7;=2g~XU%%r>kkm|Xgv
z8x%FP+_aH4bef$h^DXj&nm)2od4BCVT_JxPPmej{2<2{hXWUmj9yYl$DYW|_nzbmN
z<0V!4xP6w03Av-0O_U%{GbNaDxX2!)_!Oq!4J`c>>#HmE2typYbN~Z?bG##6L5<jS
zq(4?2Nf96Z4k6)4;XPrSlm*lP%1I1<^>R~BeAAs)amXUHQkw~5F$0@o5yzsZdNb|F
zOC*x5ux2U78*tkq!E~JnCg)_y%zkKv9;AZl>_d5Ocb2OQ&UctR^QMcbQhGw4KB+%5
zcxP4)CXivp6LdZ{2lI_?@XYfJ9L1}u{-*By$u0T!E>Onn@R6bXcTqZbIJ&Jo2#AHt
zNct!|!W!gY-n3v`++zneyMj7{%xLYF7fE-S7LdgWzXoLp=XyPfIDr&NnNL57ATP8D
zA_yLB+qoywvp~#;lBBXQ=dHJB6aQ+~tuzdi)Up8reVD5<b3o)GFGr^pMP<kOo8<dt
zmeIDbEaXi{$7Ym|iKINNO*oESx+y47ToSH_a$n$|^*1v`#EHrnKMvUoZ!w^De)uBW
zUipmzqFYCnUsi9k;)9$8n@{~|DB~Mjm}N7W9T1T{v%Y%fN0GC<1bW8Yp%7DK1SAKv
zzJ}{-O6AUOtLrJ#ukB6<JoEUHDLgZ8GT={B$G>a9KXZZq{#@V;0JrK^cN@m*iCHwS
zEpbwFDPds*Z1uLXkXH}D4NTYJ%p~6Lym_L{BM8SM-c8Td`t?(NQ>7?$=H}D~Byfar
ziiir$M&V`K!Dn9&GAj|-;-7H9ikUDwuU##1VD&-vNDA$@s4ddtfF;gHwyP!1V$lZi
zCdQJNjUZYkajM^2BC;l!Ln<<eWXlN^5zPQcT%IRr8AU>)#?920xytNZME&qg#JbAu
zJ}ijjCWCzIuh_o{c)`n#uAq<?t**4dauLAuiaySO;}!cn2&rv9)sqxGaB%p+ZkxBd
zhx`MJqJZU=mx!^Z-Sb0utz}348%E|&ruzfdH2)UD!BuwybH6_c2f(nu&FjYe-oO3g
zzm(kjx7GdaEx#wJ_usDNHhca|=KcQ<y1>t?;(zDo+a>b8%`aYNasGd&Fa9$Lyl-R2
z|I{&mD|I&zi~!tYFOi1JvA}S(RJ|$z{mF2(%(*H7`L-DVLjEsD0-3ZKn6Ajz*Qf~q
z>-$#ols_?v{{c+m){dX+0jhsS68^(TLgvdS_iemC*LAivBL&Rc2vPhu&x1LvkV7^O
z<lye8Rnsh#O?;~4Ygr~mPnIWJjC`V9r3=qP!99Jl7q;`cxpD#RJsVPWD}*0;2YZ13
z1HdCeZp-ew%W7G;;lwEa9>IAn)yB*eM$jDOIDL|18?GS+o`)Ca_yf||08B%leS%|6
z+ff*r0@(dzC_JR&yrLjBCZhMj>lz838N;3cEt$Yvm|ey5$Wq_0l>;Zl!bCVL&WvB1
zHjLlyqA_e4`ovIeIe#ftX?0tvV!|}*gTW!ElWwo{>QR-T>u0p7Clt@rUX*)*T%cMZ
z+%P%+>3;DCOwIws|7VZGKgR~X>fApk=QmGIfq1unx2NJi^*sEu-al@(#=^#Yv#;c8
z!f-ji0FD4=6jwCJYcmSwpPakj^NIm;6joMdfaL%8U?v6z_Mg*_xuj0I!^Uc~$C>cN
zrRS<xE6_RBj9593vx-};<6?atZ+LFCt{{a7WuBmZGOUj02g?v*`N@Eg6-p3Ka1<;Q
zEzned9t)STm;iy*z&n%(<qnpRxSo*j`jYmh#5*gp-HX%RzSJkZrG*-s!=8@Tll6{8
ztGrc+^dKP6$_^mKGCu5wqftm8Wf;Pmm=BLDGGU8_*GbKuP_t`(JvqWAa|@V+1Chpq
zJqZEHe*gl)8!|-~Y>-p%Sdjhc_-59jR8FVa(>Kir6d<8!AP&{-f(0K&Bl+Q5z?gB?
z-l&ZdaPGRCFzk5|%q4W7`0SIen}Njh2!>-yp;IGI4ezrJdLf2AdT8W(-s5gvl64MX
zhY35X<)JFoSdK$kPTEwD_g<T6I-pbufjCeOoGTqUXH4(1f_!K|y(qWHljC;3R|^I*
z1X})tm7w?hi*~x$DOE0=J*D?vtBDaiNG-&)4}1Jz#?}LrETW>1$=K47BKiHxGq{}?
z{Q)gok7BVjg)yDTnfyJ=kaRkFv+MdtX2m-DUxepY5&2>mY~t_bW`%wltGF9!ZTv>+
zE_bLW0T0RDFQVgBN_}qWkO3dvafYlh++iEA-Qi{r{RUn%<DWw6w?27u7iJ>DrD@Mg
zI1SWUF_mcxITPa0hph#E=HAmYP(^{ZkS5S?uk^*odzQp}PUP263P)PcK88GKSD4}b
z%0Oz%gTn;=@_80{j}Pf<LB7xzrQW#m&4{0&8DYp-8t_*xG`1i{!DPI-ObGlWp7KGa
z3w=Y$Ea8Q6y6fRX%JZ-x6hq)FUFg#WgtOj=Urr`JG#2i@2LYetJW+vcCN>BPi1WPI
zHkY`2=92uW{T`Hed*~xkOnZ<X-^z)zQQn8b72a$p7j84Ys&DZ;peKY0G81Mybe=)Y
zaMD9+wMQ`4w;<Sqbkh^7#Wjb2SnE9Q|FGvc+B&08$^>%pZ2U~TqM-mAd<&w-N5cj_
z*&d>QBX2dyt!Kttbw>6529R`Z6lM}+B$I7zMSlj#hHmb$4-Gg!)Q6AD*k$;ypQpcR
zr9hsoX|WXNHAH+U*nsd^I^_Rr?5o3~?7DuXC8Z>#yP08NW&lBukWT4tkdhKmKuWp<
z>F$*7Zjeq1X-Vk@i8J_q=XoFDJJ)sQ&oz7Pz53oa%vwJ^&G0H+$~PvdSd7C&K?g%E
z^xLSJU_I+cNTUVVu5a55N<Og|;7`89F(W#qjr1I&!bG?d7-XMWG&B2NGB<nHQ0(D<
z8)8D?H(iZB<y5Ki+hi!Y(q$9<?E?FU5q3z=j3~u3=Uc(|7dO}omPe-p21h4#pVY2-
z$*6f7AJb|22XDBNorFGfBoy%fwo#|;)~dE(GPvd`#be(VgE0V4un^3gaJEi#`h0=a
z$!Uyrm~9?G?U9b#Q`fnUy<cP9j`byuxvgt7ZJpPT->jVxhtnhby=(biU2Ah>W@ev~
z#<BK<sxgnj6=!}MFO?Y5_*S{T;ky2l8+x-?y8s2$6`jdXws(5_C2lqeZZ;$8s}|z%
zye~Gpvq&+s4NiMsL+X6%KRGt}USGRiYNJ@rYoj=z|8^4?FW7k_Gh+X;At%kAZ?tyD
zz{hq=F+AWC;VyjBK*Fyg&l_!0u#HX)@j%8%G7?IYP)iFKwH>pKHI=qa=$f@^M67WJ
zGTa<ai*fwqnC7_~FNh~b3x-Qvu>clv?O#N?*o9so#+A}rKC0iQSYwK^5xqbKjuBjQ
z96qg>?Zx2B<v)FL#C1%63Asi&K06R)tlzgf*N;N&dPn@8SQqH0&=lbkPiLB?mY0nc
zWs}LD)b+Edfl;Zc&h12^BudoEb3L#T_wZuUUQpX{YmJMjDP>hmX7YPCH)e;w)iIGf
z1#eKC-lo8d?qOMYjKVkIuC`+F_4>tWnr_jL_CL=fR@!8(1>cpV%u-}{k0I6UAMXWN
z^;b1t(+$<+zI7j4Xg&MrtH-1kmKftFo2CL+R<_90f;^BKcZSdVOML^1zLBW@NatnJ
zaOA-*YYX;#@cwC6Io|W>jp?}!E{f-I8`Iv&7{}XI!-U)$L8R9)4fOc>@}o?ipLgBS
zka<zCkNYlR`=$Dv_WbN+angC~b^daZWm(PA^eX5)%mC3-8=tbN1u=4}A<~m$|9QuA
zwU0HXC<^mJJ|*=MQ=W4T2qU)X(&S79p26;fZci4yD52kThK+kuv&Hhi2adPqZBmjh
z_8?pJAQNqkcJ0VVs6hMx&0SNvhDExDiO8SU#sdK;wFp`tI<d1`YH@cdui1tDcDS%r
z2e4I%OL9<);OgHY*At2f-rDcrm!iGDR^Ay(DHil?lr7{H-6Bmp*hnxJALgxAdh>GY
z<x4bl(WL9SYn;n!*+wb8L+q^pE8(Dv_uEe6_U>*bnfBbeJ)Tq)Ej;?a{FA13L_U9Z
zS9z(LYER^qyktUB6A;P<S3wspdx2?}f;WT)Kn1!x-fj-L`%+xLM@#An`@Aw-oXsz1
zyY#AuJA7xO=M$0Za<Qj<S5g67T&XyK?tmZlxFBGs1N4?JFNE-iaPerLe~w2DLQV!3
zg<lwe+}HqA^0~>Y7wV=}Nd1LZK$p%k-O&&jtn>Vu$RUweY|n298^!;noWa?A*xYXl
zBY^EI1jsdDTY=uY>ND0W^@1=DwgRP35pD9hZ?}jXT1=hrROjThPH3HoM_sXZLdC;<
z&CIg)h*Z3VFoq*6ydg;e9|8U=$Js(XCR8oR)8UxNBS@IjB#+`|OSSj2=^Fw%jpPZ{
z@Ywah_Vc1Nfgklw{Bpu*o(Q23N48%^^|lHcPxc`Z{Zd*e)8(Z4R79rJg1ocAlMLtJ
z&pozL;yd4ARASv?on1QVRY|m+6OC#`s<F*@%6V`UIfd>wW-3enWCg)=W52Z6d5YfP
zdF`x}sbH#Zz;dVwCj|z^J02?=zuEfg%DoM^Wdi8SA5_1DOax@UUi&eG+6&+rJez3&
zlEjQr;k<Lu`PiOd(_r5n0^Y4T>H;_M+ph(2$faC-J_YauvQY|9C)1h)gq7%6M&;s=
zmcA)TC?PEk=@0{5+V{lM8OacAAT}(KTk@e;+SKKFx0|HVpc7Uz*Xl_`W(H|(j&;{Y
zrOAdf5Osa=Uj=R+dbYX)8ta1w+iMV}`WZAmoX^-gh)z3Hi9#Unw;~DOw#KR2EL3b(
z{T6gyuWsf$qTEE$9R46<*2L2C&X41bRazzY6L$4Fp9vAeGL#s0?R0%Ghq`2U9mSq&
zswp4g`)B+w76fWS>J3+MosLF*rAt1f<;#qBDzo8z6_I@Y{_@<<OgBTh`iXfOhrmnM
z$?v5*N<KW~W~*u-yVWV_mX26ZPp1A)Nyp+g<Y+)${Tf?mw4NC~LSJ-oI9u!17@l4M
zXWX$S?g78^^0()z13ywOTgQK)_%|noQb^$I1nfB19AE!@^SflyF!}ntu~@6lRf(O5
zbOWdHrY~a;6SI*!zuv{osjgVH#AE%)L&tONtMFtKf_eg6*C&oPWOFk-3}E=XQ4$?#
zmty3_DLiZ!#u+OR96N0_v9WW-^wwB@{W27M!bVE#hKb|?*xqXQxuDe-xZ)iA9Vq_E
z9#n!l{r*vB+Q1@pIC&G%fV+^clpG)4_O8D5&c?#%SwW{}b7ixkxE#ym%RMVYE)54a
z2eGqN!i*ySeij0Ii50Zu>-`S%(YnN;8s@M0FGZ8H+k<?ieBIjIm&%g#7^)(xA{)yu
z=3V&K_qL~}>+OYRXFlmiFg*n#y?ZhF>2aU2;zd?$FpyWt30ij4a3RGxbJOR36{&F;
z+FkPeJ-ge7l_4F0lkXg*q}KIYEl(pF=h=p|s~W=SdyU(t!O3-I+x?DbeqY_!<{ME6
z7v#T4nW`4rLOQA=xZIEj#)Ax|O-dd=_9Hy50JRqF$Y|ETtJu?ZR^`~(;5@D1Btpjs
z8tLyau#-X!ReFy$An#A5E0Dt`mOs%-2mXHebPhoa^@r0~HYtxylm3{DslejGQ<sA<
zie~(oQVXYOdgr5^ccJ7iXI2`WOLRJvHzHSj2S0p{2!N?wEmWC9lw}_{urWByrbk^r
zB2*od$5ubJtK!-5<0Eizs(AECAC7mdbG-`ucA0CicgV-PN73zLAKY~huPz^>x%g%3
zrXSWa=m3kye`M#KhM0}!?+vB*6zcE%G&)!GB@5AwS39pv$734KW(xLnU7_YNC$GY=
zGI4XP37<KzP0dVJeyPl`5_BR=ltaOYkC+|d7oPFe+OKsIdS~Rey0zZVAFL=M7Kbi7
zIQVr2$8~c>P6uN_qGF-Kd@PzRfoBf!$ykMlpnH%#d_8{Bik37$2-JLWS}z{jbaV=J
z>*2_-&J4?R*BuGB`{^e7#)moxapS8&DrsUv0dE9S?|QoZJC%1HVDB=qGbmr$s==go
zVAJj~N}=xawddi16m?z@(T0!{x0|(?dW|NJv21a*ilWHi1;JwF=K+>kZM>xfma*s6
zJDq+`S$QYI_4Y_*N(|xDEN@E)CasaHp8lBVg7joN0!JKM&8%#8m!GL$Z*NWv1?E{D
zP#w|?nl59FD$bc*brPY$%YX1Rp#8aldl}f?`gWUlc}9JivFrWDTe0t0??DiIjYm(0
z)J!P&z+1u=$~U%hN~DO`hL)?lHnl+^BSbCZGaY6;4iV&1&}|Ecj<oh*tr$4#Ib$5^
zB}LMJCfgz9-8#1N@^ln*!T0`Ezk>s+-v2&JzM76BCDu0G)g=6oQgLHy)({fxH0)FO
zCYh8iTmc>rDPmi!WB5wLO;n?&2QJ+#NXyq`c+{VA3x|=GX6XA?ga|mECy<VI4q?h-
zn~l|xHzdpdtTd~<{Fp^f%EV-G6*NE*fhC7S-XmmhEvk@W=L`sK>aQ*<nF~L%oYmf^
z{3S2W6*MXGCWmY01q$%&?LqmF(|FkV6FKl8<ri#*kp3NmeNN&-BzBUhH99PP28vsz
zgI-#@e)jX<aY~v`8sDBFcgYFTvt2{uFK7+nNE}7o=8MLa<)Z?!hmYBFyCVn2(VgbT
z>ejR+*?-v)LkV^!SU%XeU5)AD-UgDjyYKJ3*>zo^<ac3Vg8I^$hKq9`2omdzjE&5T
zn0j@h6Zh{%7rEKqws|)`qhG8l?;<AHb*?v77&?c)ezfl6q8ilK5cI3AtsaFH^8Upp
zUt@g3=18w3`|;KjxzvD2zoNi~p-&;gb=ZVJA89J7DOw}+gzx>DTplt*@$=m1ldM|h
zW&_LIQao)T$06rpU1DoulU>;%+aUv7M<#1S$Nk5Htg-5lax;^I{?BlhY>o{BzdG4%
zQ;(9zWg0W*s#&e;07t3)diBRbU(A(HS`e;VxefKtr~Pj@-)>9CInCwxo-_;Ev+dLk
zmH&)vvYy-G{#1NTJiVN7^I@Oj_mSW2a7z6x_(odyjB;}jWXr`XC6+rI5|~V+$=5PT
zaLDs!%j|n==x*Qp+?P8ajvaPsMNy^#yNKn;Ei0xbHErfx`--aP4-aB=KO7zq>b4l#
zG`k!py$fx+IGyYG)v@P)762}x3J%6miKsUdTuQ4SuK5|qOssQ!5?9x3h2r#>Tq}4`
ziN>)^$99%-@A^`W?8-Gd<h{w@wbFdKAHT}&em5ZvU&)Y7;lgw9yxkfS^7}5R&{h07
zqBb{&v>pTL_a_&X0N-u*=cE4Ug*{mPCXZ`u-_PD;drR|p!>O53Jb$0aKNEo_u0ua3
z3E}U7dluZjgW#q{q560@21&e!47oivnybGOj?`pjs)p=M=_QhbyY|{xadQRFWsh~{
zYVp_aGJX1v6P?X27yYEij(btX+NW%z=%MM3`jl2GA4m5&pRNwrAi5kWROF~PWcmdj
z)wL3AKWcm<b>^8|q;)yjdd)bjsrBTz5S`d6Lt5-R@LJO0CHbvbYB!baXRvYi2WISA
z%BeRUt_v8yhzLJ9!jlkB^!DcNKK&)T{^>+jz`X7vdZn1}ot)@dtpzyIXw&0Z&ZZgS
zBB*`Rk^dTon+O`NTHM7v+an{I;)q0YBNeTv%Bt4>z2dPe&ecdho#eaVeWeZhG4`o^
zX34sx6RXUrTzx=>(ci?DcV=y#xLdB!J^IIV=2&EPXX49GQbBrWxT@N(T~Dr6Dd;&c
zugI4d`{R-puzon*N>w;=O|6FX7*Jj3+iaJTS#Im0*EUO=WhlJgc5v(L40%2oz#dq4
z<l&abAqYz7aW_3mexB}U7sl`Z{FOD(E@&h_XV-0*!nOH;h4Pxyjm)gIrv1_czoIN*
ziqXUvT&~bF<3p{|^?^PpU?^vWl^~LbVpK!^`$ei~dzX1Q67ixQS3y?XTu1(`^;B?^
zqV87@JF1t7K@;m;6_0gZI3w&6%J0t)cD2kb6%EK7uVv{mRmE04VoyI?4vHrzBLs0+
zsbfVO5{^W#5CYf@uu9I^nB$+R0+gju-#7*(bI%x=@l-mi&1VOg=t}tz_~E!dOR+!$
z%Z*t$`=0D%e>jrotB<L|XBQQYDT^s{0g<~yckDiJzxUZOlp9%g4sJ|#Vk;ai&icM@
zQ(kO*R@gadM~4n5(?b}TYT13s=i$7UHrJtAPk!6Uj_)639?$iAX&}dGl-hKcmW}vj
zPM2fPXEMF@k|sxYO&0Th6Ah)l4@PpkS6B|S12*fA4qI0%sw%67Y~H+?u;tYh(i~G+
zqq3fDm1WOq{Bq^BsplA6waM2@nRLmzB41Fb=y=s`gNU0eN415nGA-oRItm?oMiSJw
zwPCesr9EHOpxsNh8tQbeG5zx$j<<wimHtWJYfp)IPSiv#V+?l9%8PHaN~bI#J}1~b
zpNOC6myQ<uH)|V|{&1Nncj()k)i1jVn)-0K_q>PiQ7$1cf+#fQmIg)E*cQ&0c2GZ0
zsRxl{IG0J~&<r8COV?(L$op+_gphGdER6@dRFW|L@JBJ3QXa0jN8{*muY!B|hk7!B
zdV>*yF<G)ycxEp$veh(i5>~6r)W(aWLMWIef*o(frN&LP_fMa_#rkK1Dlj*kJcki=
zX?FHeu#7UYjQ!6c<A2V^O2B;47#`3uwS5$9$&7IN?807s3m@o-46+FP@_T``xxALx
zcT$-OFMu1IVrrQUG)w-sbWYV(@P9U+oIDCHQbsQN_vVwyRXmTje5Gk8C!LZ@L%yY2
zg<jRNI-<qBKp^4ntPA&+t#^fO{1&oK3{^%>gdVP!jWZd+W15ZQ|1w}F{P^d~+I8Yu
zW#k|K{_>5kDZ`@^VS3zO+x$aQ62`+&@f)pZUSH`{xR7{*oxQE}8`|%$_g)!jYp)a6
z=VH{Y^`!JE=7ghyQWca6y^q%ZV-J_3L9W3JU@Z9G+>JHW|2g>NG}&}J3%HT=Z*{+F
zR6PD87Mq4c@>`rQt?B=ktH8Mz_m93+M!hawbjrw5e;s^y<NhCOEO;cBrhH5F__sA&
zds`m;(TS7@G6Z>H%*pw0sV2T^q5g4`%2)oOn$O?#R{!m%34RdbpKm{X8sx%KAjTN@
zZ;X5`Pv3}+qb7*N+09EBa$5e~d{b~%TM_L})G^4N>k(&5p5u8-oA$1NqlM<UeTsgI
z<Lb84=TdNH@kHm`a?$(tHFRM(&u6g~eMXbL<@GI!T~95)_ae5}2_|IRS$tIB<-T&p
zHPlPl+nvknI^;rz>Wb0p7sujr20^i+HjQJdRs>Z1PZ5Goc3&uPwJ^j=DNMavYL+FU
zR~PPesPH63cf1lCUmd!!B=F6sKzp=<0)Jri*mqL$@aXx*Itu!g-WQ6)qnG;bkbx(J
z=MfOW&+FatOb07e?hP$rgcrTkg0B~I0<RoCr-)|t44Iz$A~tglaI9V9GzrG9{Kos>
z(HfT8bN2n*larYV@o~r@!sEUp1T#*MQ7lEU7zfd`piC%vys-S^{g-qi`6lN}F9ImU
zB<YwMfteOd)PlkOs~Cc~X~)3~7ZDhF)|o!3-@-00Mz96re~P0UyH_Z$i051Y1euL3
zgkQNDDvoqDWTz9~C^PrSohzVHzB<5r6(d4aX$W<v9+aa!51?f>cZV-!K*K=<xTp8a
zU1nSveM}K?gePW{nPF5Hrt?nyCMSEO<Ze`Eo17BpbCJi$3_v7yXKt0tB3+YC>&?D~
zy7RWk`N=bdBg<wCZi1Kr?sYzl6ClCJWm7cFzIDl~4}mFiky7D9BIhpS>=|Av2olVQ
zWmm#PUx>Wmo3XQ^nR+==0qD7@#xIi&e}1DPeHx)3gzAnn;o@G}!x3$NWx&?SL3iHc
zI+g`$-hOfv(aI9X*c?cJ#wK0lFu2#_VTMGG%;72J=`F(6)+^k?$QJxYoKB@$&X7^=
zlOsue2Yz`%<)>h?ejQG=%C_9zq~48ZNR@+BT(i&BE0x}az0UFKO;?Ss%E7F%8`;76
zl>IH+U(;-O`kNv1wSU92;K$jxb}rnI^d-?}(T8g4<`j;HZM!9Nf}2B9K%tmH{X=>g
zgE04gBfG8g$&&HRRi<vX)A%_p2h~Cn)o4|mniIOL8AaL5tmqd#sWK$n20HYyEMYR)
z!YUD3oJ(WzO2nd-xUcAq$I=f{-~Whpprt>&(DGN6HVf_=jvXt+43%P8dF^JTY!nh5
zaye=?NpCy*l&4b1qOZfqD|i~49Wv0H-u}hjCBs@hOK(3mBs!kQlwGBL%cxf$zY9}I
zCt<jdIOSD>7TuAEmi${e6)`&vaaq7Fc4xzMVuxB)l+?<phA^NgGS4L-uyUC_ZkQ!&
zf{ru}%_8%2cr7PEm`Xbhs$Wt}uT)SpYWwkdE=w$~U!R23_;d5eF~%yhW-oMb5s%qz
za#eymx|zL1#PnI~=zW;8v=xs!y=61RsCzRDBhzriQ#B^)3l$bR%*KtB4oA%cwB@7B
zyRP9KWeS#Sac2y4(#L9ovlXdxM`!@J-X?a^PkU?FBD}sc5(hCArf)b44Jj#4#J>>B
z8B?XLd!@{m)lcGpW}KJ!tnVA0MxQbp4Ia`ld;&F{s$92}of0eIevWv?N~p##%XhIZ
zGPELj%X|W6V0~u3;%xT>)?AI4QaCYLRY&ZcN`#pATbW9FCFxl_*@974?wHT>BI?h$
zVjJRopc!l~v=Iu)pmn)U{<?_7IZ6r^MB%~kjvf5imk0h4gdBm2xI$_sy)r~xogXYa
zUY~~i#LPQLZ3Ar*sCP{u+w-s%PR*sOz12#UA#{`QHk4k$Kow(CZ|qWi28h$LuGCC8
zJ*W3wW~%O{DdSC~^Q&2|3Uk4L766rd=yJAQUAl^F{jxq4LM`Pa%X?!z!9_AqTA)=c
zDQWLxTJxA3UIJW|iZre1LY{;SbGKI%lCj_H5^~glCgNzgVFNH&Ij_$(SUbe!+BV=m
z@x-iHEzsI&CNADm_}s3{Qz`Ot5TOi&UswjRaY9&r<1inO74o~QjVVl52PDRtJ!~eq
z0qp214;}ePGsHz`2ecpLivQeaoTfFp78q<%aN41!r}Yb4a~!of``N2E-*oB+6v~6m
z#l`a_e`kI(!OKmA%aXuW&MzeP6USFwQxZ-V=6s&jBXP7sw@}miWq4JL**Clvms7^L
zpF5_AvS=#XdG~`bKH1aYqo_4Iku=5qV=VRYUEp+=_u+=J0?FeGt;=uz48>pS=E`cc
z_wrunjB{&eEh>n;p|ct<8mY^)Xl(gPp&Dv2zM85_{EV<Z8);dK`WM?Pj3#MHO(uyT
zF%S0{y|+`W1b!Tav1OVkI4O-9Ut+CFJ7T{o4i=<ahYftemOzj-pSK#87`I><Qou(g
z`x*r(tSAt*_HHjI`uS`G$1OK|OmthvMMO7JZrV}uyT3d(6aED6LM*Sc6myXwT-MiT
z(Wps^#nW60oUs_E9}3rA5m|J3@v=B<MwPu9PK|X^&7b#D&sHeFP^lm4Ig0P9JoT66
z)8_H>5zwg!ALbRq^!!-0g<+H*n8^)Iv&{x_tJ?DaRLM^isus}V3Dz7}gbuBb7d)*!
z@N$#PJbkUr;~?;u8Z}`w`n71HU40HMs$4BnRl5C59KO2OuAbUYX$Y%@qc9&?fMgMB
z79^XU)B-6lS8KRnJEIj4!pB&=wwj+ilzH6!jX2Fg+LR**ZLQaclVa4LjXSAkEySX2
zr3blnGapC;*brlI9#f)wD#rm7;}Y=ZHd7gIFm`b2m}rx%1TD)4jWm_21iJgNnp85-
zuJC5q&g2u&e#v4AXuxL;Dr(EmClC>Ds}a%46J>K!l~z&t>5wlX$=-wL;*_PUO41h+
zYdC5kY&_D9grn4BcpR(DZR*+&Fi2u%+-Z&POCS6W+LAC7O(7XUW>$2}Uk1jH3B`bO
z%8;LnC0KmWP-d-t>iJQI34deUBBcTJR7rH3$-bX(cxECwVkXMAFkU_^G{g)MUPxZ&
zo5m`+n=oEP6eu)UFVm>V7lTSk#~3JrpA|I(wI1?k=%@{+F@3AXpZt+Z0Znat(5ICz
zjdNepUB-@@Bj4rcP3{zMi(n!uRH2?Ndt|+D(kwHV$wf4~WY*Gu#)U*xCr{x!{-;14
zEvCGIXy??-N@i|#dx^C?B5Idr1p?qNqv%ozH;7;a7Tq%oV!6Fibe4e63xGJVk>#lm
zg8<ZIm``y!o|-p_+4(0;s4}}LIGTZbD{!8nXndIXwOzCq9`wkFAB0=rYG>Rmlo{ZB
zvTPxn*q29k$&@3c@;D$kF7f;B_-kK7sFEdUBXnKsRAa_mMaGq1-<(}92<<2TYE*}o
z<A#euGUeup<m;!^0zWZwt!foV^Bg7lLj!OYa$Ac5;y+1J7&c1_oL@)GnGV)%=P`wG
z6Ghjp*4D^pqpvCxS3U|Uco$sPMIQ+F-5(TlOe<+^HBm%#wt=uDtO1~U8{)gFcoJ2i
z7n+y2`%`3+-y*y&XtXD`Dk_GLm7SsP@@Ye9up0fqW9_VnG5`TiuNJYsN(wq*w)3Tg
z5`?VWr=Pi8nJfBT&I$=A6ueQKRmuKkhObR3s*6?ey*hXmNA6RSs|y<+E{W=Tu%aKi
zOWAw7@n`P{B!NNojDP@1C7st)rl<ryHxAAn0_=UA+4TLQNn?wNqess&h%*XF@V~8m
zwUfdA=8J$;-m5k){!;RdB+;aXU5~C9e-=E)Uh&K`S1X`R=+;xa?p)nmp|g;0v=dB{
zvfd0Dk0FulX`?ie3@17P?a^|O3|?_H{h^K^{c^F-#jjSj61!7A`~1)d6XQ|@Y}zxu
zbTqJ})*cu6oaF;ZqyYGr!KHLBax;2Sds`XwbA7D}8b*pZaXtq0iGc9rdqk0S+tm79
zD^Rt^UzfjkxlHfiUj;H0<@<cw`A*12tWeliuJRPGtS~1xwujHs74}E!2w6#b@k87Y
zah;J=9MM6qY37qzpc2WM5%x}rrGQ>3vxB;k&D$>W5`R03-?{a{YxH)}WV@Rck{kQt
zxD$El;xx-&f@qu!nF&FB6;z(eZ{+a5#ED3gfojm=H?>gbGG2xCmIgl}^F+3%!u2N%
zlu#1mSv`=I_Al3{&LgOpW|j<N;xy(AmL{TKt|}W{dDX}89MzPc)K+4^xU|8ntm{Xc
zMVeY5?U%OLeh%=|OFJDc^#I=T^u)BELxJdPK3`&TWyS3kmAc5vzFAG0NhpROg{Yek
zn#T|xK?{`3qNY|o<EeS#-o|}iVK=PW#`t9cY&2#z7>?C)wHID`Orm`g)yf`U@$<(@
zWJbK!08{iA$*s(3YnHH|_U_(-rnyG&I>|h^z?#ekpE>NYwQtsGG)s?v4s@BR5P=df
zvs2})M`{(Wvh2pupdO=pL~+=BkwTSP1`4V2!;#!;xLD#}H~L|(BqF6-RiXH35;+sZ
zw#wyr#*tkFF+NI>Bo4oRCRr3KlQJ5QT8lfj4dH#Gp{`fW&c_#_ml>vWFjsn74F)iM
zlagj^8%8|r{R|b19yh`r6K<@^t<16G9_sO7G-V50MMz)nh*c*6{d&Hl1UxpT99-?J
zRqUd}DezHI@3-oA=~{M){1{`OjqyoXmTU7XE&gsU!)s-qZSr^Hw4{LEZDd0zS2|Mx
z2w90<JFy?#@XNk(Q!clv{Ew%D1Q@+#lLYe7_{lYfv^u@cGzMRqqA=E14uWS5CnuPb
zgL{p}WOJoO->4hd5i%g4I-IV4)`%-I2-tZ3wLyop?{W4@U8%%a)B+{bPfP<Lk=3(c
z660MF$d>?SWBBrB$Yybrr1h6qTe*4kqrgT6D=-v)rR(5Z=2%2v-khsno!L{7a=6#S
z5s8emzIEHV^Te1apSe{fjiY}pk9=k=V7V;%BHzpQE<`y5Nng}r=y!wHu~E-bWqLVX
zVtB@LZAo>huRcPbOY6T(m)1-sg~b6s>&Yj8sggo2yxxt5EQi>&YDJk|MMBqOIdbCs
z*XggRtJ^7xgGFB7Bz6Q2o}_c}lQ}SUu|_Mn@Z)^e9Hu7&Q<Iwt?BQP?xrQ|uVVitd
z6K34w@EKlO!|4*2Tr2FMBL3dvj8`i?lh{|wAkIJGueLaW$nf*f+)qE<g1t{<-m=w*
zki_ERGvDW@CQ2^eJdrrl+9cKDNjyP8c$YsaW^h9A;X8AsD8>-SEW9;z0LUU#ZaP0p
z^KzDPbHIcwJ;o;0daO(2EM0Slg?+D+L-VeouV=QgSM59Vl_@{V5gC5{_`z<ROWW3z
z;fgBf71yT3Z{cqm&x$_3+Q9GuVR^EzzUrbT*6&G}__d=^!9K60xK0AtM4AYf;UYdV
z>8}-$)pqiworaX9jHh6I!Y>UR{`&nDe8959WHw>1FEm*&4={^IlGB<$I@9>toYF=H
zIf+LC5>t-sLr|)XKb||WocJ=D^Jyc!rVyp_uWMNcJ}AF_Bac-fK0{(}ENu!n3O=+#
zd2d~`eN8Kikuc`uX+p>98RHJqgowP+JLY37QChvisZJoK4KrWzq1+^^!jsFkUV;$G
zxm;1dLGpy5bfJ17(tb7Wv5P=S%ExgQ+`nGYC6#p`mEpwb%?JWF`_|K$@byD#LIlp(
z*Tok!&o!MAt*5(P^B{aow~OUx!QIhXc|)uOO{Y8U;!P_CDN_>N3;nyMY<w--(PlSW
zWF}-yC)GtBjmJe&UtP961FFe;88vNgR|fY87O(|9XnC*aOHJM1(w5k{uSV}H)w*%$
z`008z<K4at;+%InjNTz6YckZ`9c^AXes?*Yr)PFh)lJy!{@c5`{<>b*F<Wp4=<#iU
z#p7m88-<zT$IiFwwfZx%$65|{CwcmE-Stld-ZsptOtENPy5EE@T$yjanR6MS==PN<
zekGMe+_l~p+W2+=<?Q+(rdvIsO?AGpO2XxGes6y3Vxvl~ZD}X6Wa78Ya<u@f(~X54
zYWZd)jp~-Wwxhe>?@g-(_eJBSpnA4$c)_jf#Q`}T_hc7WsSn>z{RDL~+-RJ4YDQ|g
zF6A^&Kb|w8>;(#vIXhPW*57+>!{%1Jlg$90J2>k{X*~<Q={ye3`@wR1V7-9;PJoZH
zuKYZFd;bt6D&yitxi7GMF+QjTp{v||FpQ;PHt5Yl&2eSplj7Oht*G^pp!tz_opWR9
zi|pbLy?wW^|D;Y+SU0HLM1IL%TCq7)ZTS4oy#iXfku9!^ty8(1b^XMx?zXrrEIVcG
zI_#wR$K@{y9q1gbLRP4$DcRZ8@#e;Wj9gfJCVUUCeeZ$YIt@c;iUd}p*MZ87-J1oQ
zX%vs+gQ(vD3&CvDXVr$a{o8}$`+}WPt;v47E?dFoOD}iv_ylgRGL)K~;1Bn*BXw_`
z)R0e+Wp7fvN|9w>x*cOa^MWfW^c)jn*|1)O=%uNUG2A9m6Ftd^jH42VXh>cjQExKq
zzrrU_=x9QIE4wn<WbeklgNH8qjVjIJRc1{|4o_s!+RBJp=^oYi%iJv`)AC;11vB27
z{Jpk!Kc!rBQ)ku><#Mutn`S9p6bZ9PC*k4GK?eqDu}^+0UDXje0;kt0f8&R1_}aSj
zKGQ(jx=p~&D*sL?<$1gR9zuD$^MiawtnfEsb#doJP>FR3<_l$;%$p%}&wbha-A81(
zYl;xR{Mpu|T<eVeN!_b@9MvZVMS2Jpl^=za!3co->8J+!d_we!w0ManjQl6EOAdip
zOlTqLdhG)6xQP7aaLM$GOz`e>pF9@OZ>!+kFFIAOq~P6MKHhXnP~3E?oOg;{_Tu#&
zL<%_D#kw0nuYTzwp6fPydEm4N;_chR-$-Bx{_;w(_U?`d>_&C|aJs#;RDSFMZj%$h
zT1v6>rtn*&Kt1;hBUtvJTogxN+Cx3phj)L`vasX3*Ze)G`S$6DVnXs+<lB&s&2)?P
zdk!mmxcf=g=chd9#m$>tw_iRs*Jcsl%78z-LHKZl>x|DGsskT}y&v*@`kWN;LlWi_
zynSx?rn<PG=DNo>VJ`bm;hP#Tn<|X4Jpw**;O_fk?z_O>pu>5{w5;!1cBarRQo)nc
zE^;CAfBZ?d;ni&6`8#DkXpdoW?Dyod+@7zTP3GP#pZ}gF`Wfcf8CF});~G=a#3Y3k
zIb2(?>-G)W4Q{Wi*T*owMGoQpbt_v{lq*ws0Wpje&oJD59Qd0;1Oe$5KXS`<3fy*-
z*+qmi`vVk}w%@h;IcJzlf^(1dNWBE978?<-0C4YaatRlRy#(w0yl-;}=i5C6joRx`
zoe4>Pvcu0$qrLl4inbus!l%-@V|KMOyI4iB-C2#ZkJ3}^UP5@IM{|9uiE=Rey=~TS
z6Gl#XeC{@WbED(@i!xEDD^{U>FKybr7=3;eqnf&H68nc&aFsE(^;%m3sxuy(4ecUk
zLd`iQ;*SpB1-iu(#49XSZ;x)&Vw%M+w1(4o%=1db1`~uIC5Y|`AAim2g?u!Im&Gel
zwrrK!DFFp}E>&-K5~%UN;BaVZ<9sgH@(ivVu|G4(*@RR&M`hWZLAuCC0-nCZHt^$H
zK(HH9#(RCAkNWVR9ur}(wt6FCJi;PZgTF@95^pI$b)GQda(_*#Me3z0@TB-f2ut0f
z5tj)0&W;xz;xYDcV+rBAptPWmvhci*%@!V6AyzmEp~H2TQhiALX!t(Og$@*Qx=4@o
zY{F?V<GHQKf_E79u)jtZHYhb(pJV*&1sU}QzI?&b@(fmPQWoYD@Cf&olUBQLygJDX
zwi8>@uhxEB>f4VjFpJGw{bm>US*vg=Co4cpZ!{L;)h(SNBF%{(W2m08|3>>tznI0c
zM2DzMg-{?Y&!q8@Wk6o&#f3Z}J40$eMpheA%{T_#1{GB*kt05yypK*0!HXq$#uu@v
zC|@n&{fcMM{mzrl<q4m~XGOFhLbVbXP%kp;W;YswP~MWmafm(VAon30VQ=N2UX+CY
zO1XIG1cAtTKiOKUo>_VX7gJfi()W030qk>T^U>|4Z5}bZ5Df>_q5(X+aFw=5i?7*h
zg3~r6#BDmgCvfXDs7IK#I%n7datQVH5a%=O?d2BP@#1oHC(0Wvc)OAQT9O_i8rzz1
zrE2Z>n&|WMShK&X-n=nhv0^JJvaVM#s#oE$6s>yiH9v}|`D#INI03asj7uM{#GKsd
zEoJ0K4BB|17Y*pbAn5tiOe**tTz@L05~{}#?1WC?1nXAk+gsZGTMf_Kz6zo%IZn#5
z+5e?Q1@x~uJOAxb`QJz8%NSc*+OR1an>t$R+rfUJZmDl-5Bpg=8i$a*p|Q0CB@_r@
z2LgdSu)$Y%8{CnAT-@vsE+_;9n}P3OY^8EH2Z$X607H48XdEx~ZC@Fio0>ULf`L%j
z(0eW@tbs+sLEqBcP{`WU()e!H{ausze<o<L!BBYFVQ4L|@j+}{U=TYutlt?(2?l`K
z!C)@X9dru_z|MWQ$=$qs7#r*t^u{nul|R3+hYc6HQ~u9PKp0%hKmAMpRrx<W|5Y5u
z_&=S4!us~ccl%Lt+%v#GQ~h5`h}<o>+YAU(OF~51MqENfM&Fi_L&6AV26G3OKV&5r
zdzcX<tW9hv`T03uhBSwbD|De`6oLt6%!I}vXJ=$=XKrmu$@qWSU_>QHTU$$Gt2=AL
z@L<t6R4FxK=uJQv_!5wvlbaKK*ODTl`scfUH2nV^-va!5X58mqYi~~MPka2nVVhL&
z<#Z9)ijsjHX+e^gk2=T|r8?ERp!=uXT(n;-P^A_uuU6tpEM!AeLVYQm@Yx`fENpDj
zD+6eHgf+}$`>_&qKO~)l(zt{+B4=IfI6-w3-syU*SI6_c({Wazb`32`*iD+KDw`~`
zA6^%&pPKYP!AK<w@+vdJb=BRh<g%H2#M)6|MboHT>+;L~hI+6Zj)2Bqkwy$Pauab%
zR+oyA+Cx%h{3Z&{>|$u>dxaE76JO9$z>~0a2y=v8y3dA)gUGT-uOzpEFTQ;`VLCq3
z>MPWV{#+9~%5M>6G_Y4eWgIg3%X~mHi@QS)4aN!}k5556-DgJP4Jf++`_fd_b<`B7
z$aj$(e4<TDl2^b=vyyDoS-^^0#=l#J7}gt*Q0Z<~!vrZZmX&NbjO#axE?oVMB(PZc
z?SIL#e>EfiJL3KcpgSTg*#DoACTeYHV{{i7|HKp9tN)v1M*6T&hee+~r6%A{Xe+`3
zLfPiEwK<H(7#7BN!SJv6ceXP&L4#o;fw<9N$P@qbq2%Gd1Eeyc{D*c2MRfO}wEiC&
z4>te|Ym54e#>olbhHd{B4GiUi!g^=_qQTZdVXZEI(IA{q2+S^j(}17{XFzy3@0!y7
zUI*cX+?Nju;JKSk_SZTngd22E7Fd}8L+-7Ep*O)sRR7Hj8$Ix+2l(In!8+`qcK~aD
z(|Dj@Sfk%xG%ijc53G9pP2++U!+SKCwmkQEVLU*dduMQRLcn*hQUBhL69|GC>mCi}
zMd&>}V46K#2Lk?qulj309&YH}wA8<7AQ<ibxjZ14=kBfJ;eo+MKA=53mxl-VAU0s$
zfOTg7eJ&URzJulZOBNU$Hs~Sk4p!~{Iw<#j`5>I!_x-_n7ee=Ch5)!A4{4A)kgmUE
zfdB#E`*wjn=I&;7{=E*w1snW$p9X%oAMCkxUk?ZjbL@dEFvPTb@yrR~f!_78|9vi)
zi|2tXV3-B(uY-W^AfNu`g#thiWQKC{+}9Th%jx@ehH`R&@5=|}eCSIkEcYL*gFVk5
zoB_B4wE0^;D3JSskDy$f4{QqM`ZK5GFWq3J=?+xwZyJc}LHt2sA$i|cP;MaXzHyJ2
zo97PP;P3r-06Y(A+}sa%d0@uB&kGBUhcqtk2R48u&3(T?A%Oe-1#ogcs0T2dJXnGG
z`&<}}>%Ko=G{_xL-oJH&aRMIJQ`kK7d+`Fp+k+i^pO*`C2Q~Efeq22FYaNUide=Ak
z_c{;|HYf5v4Rrsx07LKlGfVPsURY7Qmq)O5JooDwj0WYo=W`hT9~b1oxnS`9+=8ux
z-mk?lv_P(h{(x}be_q1Yf$!%VjP{_0!3s9up-rK8P=xpF0)<8XJsJQAgtdeJy$&{?
z^FbWItam>LVR(h0`>_ifNW}TTZ?KET1G~V|_YP3;FMq&p3=es^!S`z?4E^vy4ZFMX
zKkyp>4C1_(3$S(E_j4LXgAwn`0=ul-j}2IFE#!V203fjBzt0PS1;RZVkn;}g^KX5D
zoDY2ogkeJ7&n+N;`$2vH0gwmh0%7IqzJKrT0{7z-2!dUl?#sf>d578Ymp@>cb^i_m
z8|w<aUteIuU4ajB0rsx<Ant)+=!1Fy<9tvzV0g=b`}F__g&}+2mk(yX2X=-+AMD2k
zgk1pd@p8cwx$jFZ*eIX-zJ!$~*c;W~c7a9ngPZ~JfF9Td#Pe4TbFkBgy?5H7!Cvr`
z%w6y9-`r>%iZ(V5lrSLDKl5e&y#K+X<j<wt-a+5a;m?&E00P581&xkQR8H*w0K}d_
ArvLx|

literal 0
HcmV?d00001

diff --git a/util/cloudshell/screenshots/action_download_icon.png b/util/cloudshell/screenshots/action_download_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..f8bed6ed8998cb0e8c513cd0a652896e2666c9bb
GIT binary patch
literal 24293
zcmce;Ra6~O8!QL}C%^#`2n5&Q!QI{6Jp^|M?vmgTJa`Be+#%S(-Q8Ue?k>~kpMPep
znRV}7_vt?5p%1&ecX#jps=lh~gexmbp`#L@!oa|w%Sel>!oa`^0sq915rJRiB~h?|
z4M{68F=ZJsF;Zn`2XiZ1GZ>gpai+$`*fI>C`b|uXjr&LFX;GcsRl~xfRE_-y+lSk`
z+DDDsNt1r*>#u(Rt-n$4gvnLuXs~%3Mfy<9)L(jA#(Z({`iy~Li?-|nw%9e2zy1_J
zPgTc_FZ~L;S-Tzd2OANw_Z_KTV@n=P_X$k3L_|OgT=ibSJOp%u2;xKO6ok{n!QOuR
zbq%H(A)XC8(EKwPrrI_BXZKXxyt21Q01Y=!-S50l8f5MB0Rb*DNK{4dsYn-j+J0Am
zViU*}@4)&XTZEeBIpD>MDv2oh<L%qupF{t?_`D%Zj`~7~Ts0|<h<KR&_U-T<))$ny
z4<G8QSw2hKN`=u5TNtk+9jw;3kXC)dI)UkRVCb>xl>~9#x*;OYTD`vdV^|m)&wVw%
z^L~DPU0Zs6eQkbg`ND|!<INgOse@@{i_sk(42&?0jJSxp2kfx{g0Z?3P8Kr3awa?@
zM&NqSN@Vl<J2|HaIVVO&iAY>aS|$luCwCg@iS-i@oJhQXo6PDK)$$Iuv&>27+vQeY
z`kLmoU0*JG_buf%9X@|-EO>ZWk##h&_KlvQ6j48;`QLKx2(Tgn{VKws|NKc#T)6*K
zj?fiSLrRJqwnO9pCMbaP%#55gc`b$KWYR`tJyHr75&4P(f`JcY#(~{qu2}+pZfAu{
zsnE|~xP18&8cVD<%D`ib8n`_WulmS2@=4B|tL7N{f(<R2(g%VZaQASvFJ6v6<quJw
zH+ZcuXp`BZQOtFsKuWc1miHbJr9d&_g{!;^xjVY7fY~x1_=0y)Ggg(Pi3S%W%#8)Q
zK%)sz)dzv#k8ohggdPdGtm=Tdh5#FFj&PrPfXitY1V+`2IVJpW@1iHN-V>R^ZuMaM
zV6mmCXBDr|Al5%t5GqB0mx*;}1EI5?t;cD@AQr?eC|_-H4aFc45K+qFpBb`SsS3S0
z5t6^eW6EzhU4@)ue~u3LnQf&{sR;^mgs-<<l5ki9@60_!>vgKHP2;ysDYYpUzCoO1
z&}sR+Gn9}}tW_k;V%m+I0PY`MwrT%-AYknARqJD(;Jv*Ah<jTS6h;VtmWxv1<MYWr
zgM0h(fy1C>TLKJrpw%q><@M%dxm78lV5C6L{Up970cU3*GuX@ZP&(H?O<t>FZQUm_
zxvW6LhD&)aW^M8jlSKVVq3LxUtImEkZ0h;x$?_yf!WIkccll$p&n2g+u7pj5yesQD
zbY7L=Cl^<%|7%uE=2hP9>8jd`Ph*k8*l6h+yJyo0=caE9kr}4kYCo<ZmeQ|T@7Q+x
z>YaO)!Hjy1$>nSRdK$6pwJS6~$?0;XYx~XisMVst<%k;lt~V{uQAMb3ilYpyt!2BN
zEEJ|(-}p%gJiJI7&Xw1gAqRD{<2g@WzTK1hkW4ZAVAyhn@vrzSI5hTWH>>L||6(bF
ze4-Rlf2h@YK^Y(S^Zg~BzWv<lo7&TLEU(Mn6q&32bG2>HUBbN%-c5fzCZ`YG9_N$q
zHBR>wO3s7d3~5!E8hD6(a8e-?^-~FKn!fL$aNM4k>0LkEl=y2L=tGDoV^wWCqZ>4{
zyS^?g(EJpe%<xNOiaKUvTjH|dP*dx&_uA_GY3=XVs!m;%XH+@IF>tVtQK>Xp8rPPV
zYzim(TGu9PL~bs{E8L(_n-WC`S)WptxpS-gE7=<6{!}JziQAK)DS6|+?wx;?V1>+k
zZ(*!|3TWRlITf(JsfYbEQvc25>NkO$!R`7(27xkxK?i#<^N_xGt9NASYH}&PORL;)
z&*ng#7NvV9ub}lVnm4TGvTugY!h!~jB!ig3XWdjPGgADXHY@ESncg5M*N|>#^3!<g
z00%{a^`8(FZj@y5f_fQjn$5=zQ@;Xmu;k?B9&>79^o|(LY(evju>iYPD+uhiMU6nS
zHNKDLKup$lM*e9BA@DQ#+3D`FK3wvOyTRjlg_;F~fc@|^S~okGQXXWagl4lItt&PS
z-;ET$hwX?^mGd&*AHpKGUvi|wLtn5V@Q9wX<bLwK;BQtR_loP;tMs%kH(f!SsNchx
zv@j^l177fN(SFgCMdKg%h<Vj~`3`2gOXGCjayXe(ejX!cZ-bp^WH8J5?$+g^xUH~y
zQ*F_8ty<xm*;D>8M17TP&ej>WRFv*myjaP%Ct?XSQIskFoIH;mZ^3WOozr7x3!9~1
z`h7(@;{=|cErrtUYr0Y4f&$)S&HL~FwRd{v_4~Kz8{N0aWxFVO`J&$`)E-W<QL0+R
zK*Zx0zgmQjn1KKvC*XaPvHQXqce&NaTXkN!d3s%Y+iqe#Q@TM@)~(3uX6~@u(!&R~
zd0ohRZMO*jLY%$L^**q^eNrxg?tQ*&Qc$JoTUe`53E{NlkixEHRvi|D{;>$-2s)8=
zY`Dc*+(S!(^PFMe{rG%O*5WjTVLg#2NCK+^wkArTntj7@2=Y8A+M>fL9M0ncgTL*a
z2vAe0CF{45@J@}Z;CLWuKbmdn^HfhYFs6$}57hD5J%i?cv6!Bvipaa4i|PmZc>c95
z3aAs)#Exh%3HAyl*V;CB@;JXRThEf))?}zdfvb-ZUOM#}zxZC0+maefEVNN%UY#c+
zNLJE!@R68QHM(+`<0h4N(%I;Eu|O&N#~5zfkOdR51*pnCg{Ou-n}<DREP3-IyTcgY
z)b1i>ayHLbN<&a37QC?6E~Qm`_ilVpw<(g=QV)7OXz(K;cr=UA<&(>j6z9TOWvo-Y
zCiICULF+c_?>~yr>iz~=-9OM+<pb4S8z0!9e?xZwz*oB<2pILhzsny?xH~Ux_2*gr
zD-jlJuOKHhh!3SM)!JEDT2-9xF%0Ze(0S<^9yZv7?28eAPQ0~tiaM;#sdoQ#F1p56
z)-7BK(c6g3H6tmJfhm$22P5AVW$(rk@zoC)RkA!@*SilsPKjNIr|?O&V=^upx8=zI
z!vI7IYfpV0RV#iskmQi4oxRQ0yt`NEcXT#mldXg*9RiF%hPw%ZiQ;~8ETLtQ^DAJL
z%lOZa69@p5?X$*DVu}cZka6Hd{Y--7SfS|mO{BeJWo2bM<b#bL*t&2#qtN0Tq~uBr
zxLx4S@XmW9QY;yS3MV%aJGbATS)`%RP6`9uxqCSP-2<7iVQcoDY~M%Uqoq{imC(H(
zIsl6c6_)KW>wl4AL75rzZm^oTb5WPZ2hLk*3QwN&WWNHI^F@k%i&g&JrSQjo6oQ|^
zMire4^_*kenpuSnwD8`9nbB{%pR`48KOekr+#3@cy%<RYy(&_wfRLHt;$;0SZI`*L
z8b<&aq{yCw#Yn;Fj<s+WVQtB*X}IX>eHyk$^-pIX-At)IE_0YP6ltFYg{fZzZ|y8h
z`I*1vAIr$aGJQk%S?R^|op+E_XO=IL)kb{M)n<>JS4GQG*Mid)qAT*0ey*(s?s|2S
z4Wx{>Ba_;dj$pchuOngR5|7#PrloEFD)n{$c&Q<gT7m9hzFZ^B$Z_`Si)^dQt=~;x
zgxUtJ8fC5`(c;g@NHlaJfxsGcqVdSdLOC&|q&E=5H$R+~+XYuX>BLiBMPB53$@t>G
zv@TLf>G8f+FzyV;MPGiqHz7@Uz9rIC>v-~nWJl{+%`BpCr;!OfpDy8EO;t>}TFka0
zVeDZBrzZ48BK$><(MN!#r!aQ;Nc<~8(DNb6aT*aUZFGM(4ksadmxGYouEJK(7S`ta
zh!LI59i2d<kS-P)Lx}0Pd9<C^GP722c<`P8_B=<Brj7&SqPg%XWAxF5Hn4WB<=jkk
zwdNI6!s~JOY3;G)f~+A5A34PJrVUO0pCt~VI41se!sL0trI5#6*kzl?OZ@4nkVpS*
z!|C#l5jxAuxA=xzdc`-0<iH9Bu^`VA-gDTf#}+6MipjnHl99t5Hbz6nU5C`XB8dF<
zN<ytY8q=9xPfsJnynrz=X!DFbHKBdEeq{Gc`gDMmSK62kI~bG>K%*}EDHj1pt&l}<
ziq}4)=0DOk5*|15Gp~q>@2I<l30W4uDzRXP>@Py%T9U)OwX2dTrEW^EhUQ`Du{~A%
z0L1-d9`zwPLbeHbKYXa+;&_kI6+W`$FaI+`%H;J;F7&DFG?r=gfDq+z7bI1_Ezx9>
z0>FNY-(u9@_mijdgguAri~FS;a8o|i*{npN;?aSiv-@VHI<<(N4!L;G98p-%losG)
zqgf)}d_(*j0IT!bo6dat4E<JTPhQ^>{!k(!q9WTOY{JoEKdHCL>mz!}Wr|l_3kxzO
zF<(ASCZJ;yVW1$xVFd+@#I4O|7mioqz^>7SV|AsjwtAC%>5CT9*g8H|$b6amvH90%
zeWk^Yrees15glH;Q8X2F9bn9NeWdiuSu|rNap4m_Tb^m`?O0aZ`ZaGUO>YcQq<cmz
zV*Q-7HWQOmBR8j;IJ6GlfGUfuPLa$^h=e@TR1TJE*p!5DD8t5XV+MIysVv@<G3A+!
z#D^CS9P4uB-`7w>(g}g<;?PLkdU}2{i#@jaE1X<V+r)o3OBBsqX?DocHHBF(Vhfj1
zZ)6U;2lev3O%MpQnLwk&;{&P2Gg2#F!)8O}l$8%p2(&dSauvq{%0!qpyzSscS1p#B
z;LrYE#wDwYMg8{j3fg;@bJWflW==s;DBIW~%k;Y1qorV|L$X$bjpx_F1{17R|8)rh
zX(tO^k;n=(`}Eyvujy59Iy8OYF5BsEZzxV0oE&VMJ4|QhC|2K2{6majwVNU2;of9=
z>t{VksFhuyRiPVrNvW9llbHUCKG>S^c)?%UZgQEUxZvGDLJ=5AyD9ib?9NLRzMwJ@
zdISz-_A<17yMiiFhQ<QnN_n*nTy3;W4-cmyF5iU97B>E(QQnPO=++4qVv&?~nFK#L
z3Wl7nHY*`v6s>62DgL4}bH3JlVdNgUyGdI7+W%9KQ7SNOvY3L!(`9e_5k0-0cIEcE
zCRBF?1&31EY|<%9{2-kyttS-X&}L}hk<j%|P^ZMp?80$u>>f+<wbC!lwF>}j7yeE5
zB8^tmx$sQ0BlbsM<fg8&orDr7evrVXKWX4;`)O6IsIP7If7tANJ)Cps*V;kA!bgDL
zcD?4!SIktUQ8H~}Ioi6^EyL<H|02p?kUuulM9d&X!D3}*tg|^Uo0+Cjq?6mETkF>|
zfh(`4vic7(>@6t=q20hQmS-B9h%~sLTXGVMmG2~gMMdg^9CB5{#3|#qacJM2n8odi
zn|Z-Mv<Jf?kjeIpml`kmcKVM7sFDDVEG}E2>|Up=59>Fwnk`{KFZ)xo8{_voau`z;
zT4Zr*0Jd_(9}884F7CnWY75G^DYj7bG)128{t+5&@}-_f)W<w04ql}F1d8X)WC@4>
z#079bHxMKKKr!tI1Hi84kE~Xe!0ph6@&TLQpLn55|NqP`)L8AzHR(8HLN5K%Ex;7S
zZQw(m{#>8Q?m_232wdUrPZW!%O{yWw`#~6HhYfWqX!}VD2dYH7XfE-SXw)94p59%0
zg=9^!Gc3B^Wl6>m7p_RoU)MVSc{!WNRX%*RIak#s+s3nQq0A)(Eg*9@IIOLH%{*Og
zD-2c2`XwKEByD75baBx%SYbA#rMe}FenqX{?3cOO6Ir+>rT*J(<p;Zmv61yulbN^%
znHRMA9Ykig91n=6Yp8b&|EPb|88}gAGgl;iKAA|P#3T_gx8I*5kjO3*z`Tl@RHAmG
z-?%?#)a$awWCRu!`w^X&KqEjKcyVykc4JrMT7t`N_aMIrHpOGqsSODH=Xj2NeZm)@
z%kChHe&E|>))$lhyQSBlFttr#!im>&Frh#(UF2}qL3wpuRprN9NKrVs5$G&HM9gxp
zT;Q9Lr>$HvJ4&71QUv&LJZ5P2uYr=MjklNts`t3iM@~9SC#Sy}L*`yhhJjEqg0vIV
zpG3pl^UZB?Wt@P%I?}3QcKyVFk8L381CM4Ts<ZF?1(imzu3TeTi=;ubpHidq?r-oj
z5*tsx){EQi$x;P>W#%sH;|<Yo06oXOB&<RInlm^oh&#9{RMx?)GNcntjZN|1FHeaK
zI;^AqI}vyq<=TOaq7Cx)>|gh#JKq`L$S1`T3n-4Ha~5C@#!Ef`N3Z?b2vAkwcjU%e
z7*St(A|y;DF$)VumXx~?U5h-b{)qh6Yc<cjNPUdh9Zgf@d4FDKyBft<f6V8mIzyMl
za~k+2^slmr`=b9kY2&|t<5{hbkl>3X?~P6gCcQ@I@1(q!J0oINQw2E){tS7#93=>;
zH%xlf%42%vw)k}VrSFaxTcxs-Qy5e-G?|RLJ$c;^r19Cz3R{c8*gcVu9ZD#zR0$3+
z(D4iS>(f}RUi8KDA;;anQ}?$@x&F=OQjc89)H+$0)z$pDydxfy{vYu{6c30h)%%5G
z(-L&G^&Bxo){VeB3_|{4vq(HN0hSJ{hk_A3t4`(w%ekyp{g>lrcdvvDQ=cc>a3Vfj
zPmgzbj7#;05Ns&L{43Ue(vPW(PQv?(OUN&shY#7gVus*j_rOH>x)nNeX-yLCGe@6R
znW~JAxwq#58d{ax2tlHZf>tb{K*8*Zn_A`~$IPO>?Whf8WbfLBPW>Oe>(O+yVz!{z
zd{|(}w?Bkx2hHw+ijj;nWDqDvaYFWCS0FFPD6w&KamgoM;hp+bg`>^I$xjNI%HOd`
zphl<lt}i9z1ShF!QhdEggd_?X8Or|U6dz2c?McT?Z?HwHo-ko3{2slQsFPbT5A;0+
z{<CG9R_vw1bHhehv&af41+$e*E_<U^bUK^RRT+;}DK~`q!4<NsV&_MR4yPr-LG<G-
z5oZKrONsT?8@{qdYAMM&wRA=s+{Lp~YP$S_c2H^C2C-_vH(D^Fzg*&HGNtSW+Z9Er
zSfawn6ehKZcLO{h-BJL8EH-5^jA|GaL&#H5uqt%^@FkYy;o@DhQ`bZGb^<aKZhhd7
zBAy6|gmg9LOFwWpTY|d5gIUqBEylsQCR@Aewc_{$oIdXaJkFHIwDc70$f)4B<WTXL
zx^K-A5yD(W)Pf)`Yk~rh@eK;~R&xX0X17*dp{KOUfr&CH2j|;Qilic8PK%Kv@&50t
z{M0H~7!B%!7VE8K&=2M~G`@GE01Kaz!WeJwsWW20+qHCiwruGgvtNr+X;<X|>#lzx
zCz~TBV)JO)x*mzsmp+X1-`4<rpsm-Hiz*p?2nX<2c$*9~$s^RPe^~=h#K5677nNN7
zoo8j5_I&$bIGai)p0X;RA)X0X!*Njo1`6I3_#ca)-QXV<pxRD&IOf|xL4+89g3Ed7
z2xv_<h1TTrb=f&+P3DKz<f^!L&|B4ujC?P#)sa*V%sRjm7&UB4K?_|o(Lk3O*&9r6
zfCE&SOJG!LpQI}E$r4bIZsSEGX*E#;=idcJvBgH`K_|^FDcsLYfLZ=c0hr1#Fv^1X
zqYR*>23kf1{4`=G)`z44Q~3obqhtJ>@#MhX6CZ#c&XWJ%BnL2+&#{0c=xIwS@jtkb
zW(py0Ixb!m*0s7=+OyX4p$fJA@f-@T?dL~KK_{<rnlzN<CSSf`*K`%C3Fz#5kmu3w
zJ1F$N56;jA>$wePFmicY1i!f$@8{bYw_Lu<hMdLaW;{ctED{@pO%7Jve;YnsL2BSF
z#CPHC>CwCrfA7$1rVd@mv`}Sczx(;0RmBc}6!a96%`KylR#!k7jx&`PE;MmhmHXGx
zBz6oDWpwcI`d9+}qt7=Aoo0J6-8R2qolMWm?Sib8X63lg(>5}N3xkv*z}1lx!Zwq(
zv003<fP}90C8Ixb{C>DTP_D>YNjzPK>D!`F@>DHzAQ-<$Dk+jY_DZC+VWJ-T$mNg*
zKRz)L=SE+0-W#1BQhm(pGltPaqmVl4h0CmSBhzRxmOTZ2g9L%pSY*sLyc(ymUUQ{!
z`cmuVHD0{S3k(jOOy>fV9fVL^YuYX1T;S2`Br{F|Q0k{jLjIy#o49`Dvp2e;ULm69
z77*j%!b>dZ^C2L(gO^Cq`K{i7<6cn`f@Wn}PGM}d-$b%C2RO%wMrnutf*RQe1$iFf
z9$K|xC6?UQSUM1BBKO9O&b$oQ{DMDO#1N|IdTDgBH@eJanfE!ikyn?@l_vxTzX4Wq
z$YtYy(PcP<Pu9V~p?qr~fhObjsL_Sp`HDMDz@1ow!6;^V<#H;c@zUxw@Qt}E*y}oC
zP^(z+BbQwcpyMh(e6#Xobe<2JpkDISD`R2OZAm2Hu#<5=S<UYb$6=94pNix6bZ&CL
zB`(u#O}_TMI}6-p*6tU-UGvA|w!dBVU5+i)VO3ju3AVhPwVQ4@#Z)h|HoLg-Gpi=T
z23VRD{86Wa10dsCO>}xr*Xc1IEaxMk6Y<6)V(g14q_d;4Qb*#A7LrTA6?CPtHckS?
zb^6V*LX4uK$OXQ`#s3$nRMKY|qX)=-sLZ8l4E;JH=J$~Hyzm~M$n7gqI?bYXWqPtf
zNtnw<+f~hv*wJxMcX;i~Tc{Yrd?)1RlW=XfT=@fad#ukY`P+1{MlhqQ?OTJ!&7Ny0
zNXF&%eNxKOueBHx9L#2B&X-9@8_jx-1!}kiV>%ayPK7us+yp*sbLG=#n4O`d{5Owo
z<MR_;p8TJQ2szAsepYpS)5N)jL*Vw<KkFkhWE|0*<96Eod@f=H)LxxqZ!^2pgrSrQ
zN7arXSi3HTsy`CkC%YqhJ{;EtSR|7SkiYs>a3$QX2epbGKqb_`g@|-cyFbPl*y2;D
z<w{;J#P_m$OzoEGE3N`63qoM5tqGEV;!jdoJ#(bn(>z<9nsM?v>fOCPi|U>8%|^$k
ztv=W(^@LP%o=E`Y$|tDog_j%?KB<Vtct7u=8!@)(Osf1A77WS{y&h<N#86J1%>OHX
z{zu-ca4f@2u2MB0CWw&zcf}$<!GPLMa@mqfpW+IG1~Vi`xK^aSykAL-XsSy-b$Nec
ztM8yR3o;S}a5^5og4&$-{;%V^Z+!)GN2Bm3T{?jG^Z@m<!jC)!oF+Hj$&I5U`MQ~D
z_r6hsTDwO@GacMrBI{DFQ4O2;PuT)`n&mjj&LznsNfNCI?$uglhGM&%;r{|!P~awz
zfwx{rexb6a$?g%ObD?p~d~{bK7~^<JHG{kAdgFt@4UKN|35jmK50yd|Z>DOYqQrLr
zRF&ZmEZk$XV^iOrAJ7HbaHRoc)RW^La=)5)YVv?oCtodSsqt17!E|680W`@o)2XMp
zt>|m`W+I)&pz_Rn0wQgt?m&A`mQ+qqBC8qdOJ%#g$MGUZBe8s-lR4I}c3!^{j3BX$
z%%d;(zn176f`mOlm62^%T-LJxq=|&i0aESTQ(LYPX+B*ybSv^eO!0%Q?$wAU=FRy?
zI$y#Ucx<DTQKD4gs+!26EEQwM>*FakBEI|Y#dD={t^WIpt<yuFdauPzTN*2QGT920
z3P`+e3m?$maN<|qpAC&|$rrO|6sD)s15fkd5W5t!sY)HDNEys9qI#!+k#X^b#$)wK
z2r_?;laa+>rAokN&Fv847y`YYgs@2N?(PW*0zw={mm0GjJYxZnT*mdYiygTp_g6tP
zXBP^ZE)1s8QV!eYjM)ku8PChz0z5h+XPiEbGY+okw+h!t5N)xj_w>m{+hY-I`8b+$
zBk2vuhw<E57d&6kiT>j4VV@S8vX__RUyr1ZS;Zz|!P{a5>U&<O%3IK|nn}-p-zf}?
zs1tPQ6RG7VE#Efpr>EQ$^OS?=5}7onO`?>HkBo3ISPKr=pc5$*@VS*bHtZzy%7l;_
zBO%ZCq-9ePZWU9|{Mzk}dOxMADT4>)^8r|u^h0CIzo3*cp${WXF4+SBM-aTA2&t~N
zU-p$OIWP!N9s>ZhL<peNfubc16!u;8^R=L`4-3FP8jMUe6!w*%u)p_DwgL+KaKI>B
znE0<y*w2E({+LseAr$rzfKd!Elmk%U6oA5h))rkWHZU19V3ZDwbUd_O^CAaeU!YIJ
ziwXd4TxkCZ^OF)Pw_X8eD6>~g$(1ZH6$VlO_F+k7Z~@rg4+miXickxZ1WZL+7=V2^
z;dllp?Bl=!fDY~0xE_Mv_WWy)?PYFLG>J9Wy?MMP`P7gCUbOpL-eA9m;j)sWYP%y}
z@L;n;C!R@ad<%tjyS1tWI`wiz{N-x3UE9V56D&f!?~<#up(0zoukxX>ggZw{*@C$(
z2&ihO;5XNsj^X!b6BN&a9x(Qd0J0mq$97B&ujox$mFs(K1>bVDJmj^If{3tyc9hR=
zlaj+~HZ7h~Q9gnCB~M=|=1=E$0YPtmY-)Mo=ZBj=KhO^jc&+E`qydp({4^NpVs~I9
zrZqAo$54(pc#iBAdJjFJXqd_49fNhBBgJLC{1<knLMznk`baWgE@}HNp^(35mJ1zO
zvC(F_Tq?DC_e*t)(`A7S<wmc4Lp6cJ@;{kROXXd+N9*2`iI7r@stYVa{VV~0#mB_U
ztHQA?CshEc7BJ6hA#4leBT0p%=!E=<1|mQ5E)QmGri&H4MPI&94OL4#+#D~h&p>V+
z1u-_qj4D5ISTDw}w-aIG3XEk5?D^R(wrI>fj{S(fQfTenK0Y3?L-a#?)fF{pzTIpZ
z=hSX)hx_%Xb-yMy7W44VW<vE~@)&9Iij+t&VS*`a>~N0VZ5jTd=^Mg{1;D=#%y@!<
zcTxqQqd$#OCym(T?UsD|;PEmTvV{CQ4n2Jz(f?%dI4egVXrN4Oj~aNVeaEA8zFu^_
z(Lj^h1#xL<Ige#$$ETj%qs7Bu33y(FTxJQl#{f!zRL$OKZp6+|T(h@d8k;+qyzqa;
z07}{JJ{F9S=8J{KD(9o_(0b37M&$Ya`rGwqZ{^W_+3jv`2HqyC9q{39uP$%5u7F~c
zTd0(+3RG+q$cSEjeq3&E98f9MWqrqojm~I}S8HN5mNgHvhmtG4!VRZUvE5o6H~G&u
z^0N-7vc*y>rpYQ0aOGhfFMet(!hkpGA`c2EBQ?fbU1H5sQi{YK%`IQ?QrTk?u-qSy
zV|NrLv0ltm0TJRcXDCTTz{`iSnK|dPn9@|5ZCN@x66Xap4Ww{k<}0NCz<sLv3D{<m
zcDfC3vwDsM4s>g*@e@{pkuYhM{4jaFuDGuuD^q!j+M1;8LU_aZvhRm#Ryo&RVr6QK
zvPlHbW%ylY2}f%z_HbtlIlAMCY4*lG&cZ%>sWp^m{v-JLRJzbM71!mBQZ8cD;vrI^
zS&@_57o(Om_`a@STxZPm9gU(bc&*xwkBHkNtSg1d$i)56TD_f_2F;mQ575MRh6fmE
z`|X?FJDWk;!9?tCSB@vF1uD6{QJ9myxms>e8iB5<CN4uLfr^2FQ7R}AvF+pgx)Ho^
zz(g+^@Q&fbIA=)Yd&VHNl@`y)ir$8ry_Z}7je|fWlU>Dqf7$XXvD&`MBsgm#q3#<6
z!K2)*j*T&gp+?_<AZaWVt=^9@QzpJ^t=_SPt(6~)+Wc_xG63aLB|2c`CrLo(8|0y*
z^_R><pu5z~o6QUoiX!+8<rHV<TLD(ZxFkthrNJWln~1gO8{*;Eo1ztKKC&2<*gzZB
z3+ZjBJYY$VE_K|IeQ&uC|2^X0)P=4|J{`w&e8*IOvEcz0JOdzWY!_Zr`#s&+VhMOX
zX=l!`wdy!t<k494C34nc_ihE}sM<`YvWR&xx$GY4v@#S7{H(PSv@1-neyAM%YsYH&
zy|Y+~NOAkm>S_i1`#9&GAJYd(a=+l24V&bbrg=-lNR8>CRm8-^Z*Y3ea_NRBL?Ph+
zB@73L3NYWU=ChF_Pqf3b`CWM{c;4T95(g3z#w|*oSp`6C@(J<<tn7iFp6~8lRR!OX
zI9k5QTGSOM=^UTMnOcsmKDUhi`!chpUM=n<n?$!mqcK~g5xiCD6wDUweS5t3qBn`t
z(iT30MRw(o$vfzxsE}V3{J7UCkv(lOf_%ha`iyCl!)yfpI#XrZQ*HkKj~oaY56(@*
z&tW>zG0w|4oztPKPu4H(jK0o#BC5&lUQl|^wA*oa3zs_xHkHerx<|Qt4`5OTyzbkf
z{)-MZL5UsclaDu$f#%{Fo7sFojPsB0`$v2u^Cuixjdx{P->Ua&;M?vnPw`qM?X^nt
z)I9C;&YlxBJBZ`2QOZ*E7A5*eu0nw3CG0`izRD<_y=;OlZkc>a3vIs_w**J7SSi%H
z3LFz_m9@?1b41kl7Uh4OirUC*c2ldtwe!T;2X3+FT!U8~T`vPRF8rT&P;zk_z@t)W
zepgf!U%{K^ILc=H@PUCx*4{*9x!FIPwXrcS!2}6U6RY3kIV~xX%fa3&=YopMNgu)J
z5e`2MC(jg}CHXz$J2hUX?Ja;Phqw-G54_=&9j-$;?|<E&Fg1K-yIG3QT7T||VH~9|
zP&;%??x)YY3E?~rUVQ4%8DzIo)q6iRKFfR$|NoGV1pm`)cWUy8&po;%hGZyV^o{rz
zsNr|Nr&PV9uhZlJ4wL*VJ-wunJiD8st;nj1N}%Jg_eWg4&7%wz76|qap#Ma}jQmjr
zAq&B|u^iV;D`betW%9o7`JXZnIPi@bQ*1X>btW|yhjNf!3>j?z>fr;&0kFp-NTiH~
zQVl*R)mZr{8w%A3*a7139g%8)0*dy4KHX-?l{ZNS5D#Q@fQ00T$Xq}LgIclnO_h|;
zK%rIqV=pEmfN=y`MhjoGlhAU`$wY2j$OQ8AU^4@U2nt}NAe}PQBPOy+ho0*La1boS
zvQGfZfYk$3hp}WSsYR$9f%OBR93dj~5m1RY8S0boOvKeg1(^^sV6G<P5nrI($qbmQ
zt>?EqJ1AP4Kn=X(MehK=R93ZT{b#Y0tK{Qm$Xrp4<xsr=7Ge<eG=a>Ru#uq|W#|L<
zkttT)^WoGpqglLx=EH`<j!)>AUo+cm<Q_4JbJ+Gq>DO?W|9-ijq#lyV115_MXCgs5
zIWRUim$C{*KdVdE<~icz-43*<l)Sb{*h_u=Yn|_GavZt+ANEH&jV#W4kFUq+^yKIq
z{&DVuM4w_-0iXNn1Yjg5@+8>&WIsmKTn~|%8aO;~eK_k-@}!Vcc=p@>!(UI8KcrPY
zNfMbnl|N*-U8=8RE}b3o<LXp~#Wcbn6I}?Z$Obr%5hRfU+IT`sxxwBXpa(1`^0}W(
zM&dC;&JzmF(`UWgKQ}p^qvDXTuKe>%N5R~XnX;GyVnSrnr)#ZR82uHW<SvQUhM>;@
z8IAx>#rhtdh(p8%=^8Q-&X4N%Ew79Q9*vL>GH~cWI>@*gw2%PFys%no664}6XONUH
ztc#9^^=(qi(l?rrb8v8WLa{bLRHJPGp2QgfIVgWSh18FKCDpMr1Vt1<sG#X5=3t}8
zoMG@4E2$vJB)&U*e_+aj-Dh|#5s2%!LhcxQV)2y5XrPoB1Ro%r7{9iiE#+IiYhk5b
z3t_nkJR(KG?xxWWI$Ps283qvuIq_y{sTs)^dEa~##py#YthG{gGW3LMTp}>Y;<WeQ
z&5+su$fZzo;B}3j4G(M$Ebv(38Sg}YSPne_Y_4a2LIogYW(j0wrt><uOo|jQpgK3Z
zaQm8wtEkg=T9iS;0%vij44d97pHa-_hPEQMfU-1>Jbaf|QX!6GyZqUQYI8TWL$8Yc
znG!Ab%|5U#Bwr>eLN#Ajq++dQW42H>l{~_mYzF$mm63rU&8;ypioA%Gs|+&VtMfk@
z^5b3H-qIXl^hJLR^>TmBiY+(JJU#Nqo3=k?%!2ES!VkujGHr_Nn)swfYD7$@R~(XW
zO=$q!93cBZxV*CRtZ==cgcVw$tH!qnv7+Od-1_W`?ne#cYX(?h?)E@}$|Pm@HRt^U
z*zC`6#zN8@+%-I4*#@=aeHR{W@uW@GC2(Okv0Qkn)%sYp-W__UPMdHkH<W8&+7ltO
zP-8Z0ze5LoW!q_x#UE;K6L9|<;!pt^7Nd6oOd8PpHBDhWHDze49VSi;m$MKM(K0Ko
z5G349Zp^k_h(%PsD0kSDT(B}U(}es%2GivDyKa=#Y?%fSkW+~iPE5#_{KnnjzVqza
zbpJviaPBQ$@$CBxJ{LD@-^klGLM)spUX>v9Dsh08&wm9_%v9Q}#XnJgcz(qN*Ah$8
z-Ur@gwfKwE8@`G>t~nGIzQlsrpX`d;!dI#CJJlnsc{%@3jt<-{vE8*wv<QcZ25@rd
zPyTWw2T^So>Ufv<;7+oxtwGRRHCK@9!FWfU8PAEEyP(e*Z2pq5mTYAO1|%=}X{Tw*
zu7!v`zxaPVXxK%=bI6Tn@P^~TA0Y%v(+GjGE7m@y9SOwWfY*v0QNQxII-M&C<F8rd
zc${J@%fD)~9!H0?{b|4eUrpZgtb{pz_aQVYmJs9+#Hg_PKE>a3^MYOHITyXz6QNY~
zrDt>2vaN+t)0pyYj5<~hvN*~;0-2zMSJBg?iq+{s;snhQO*+xVPl^4z!@;UuFOD0D
z#dJps0Y`8brN^`<^L^`e?u}sUl~V`vmtYt({crn}#)Zh@boU#uUFup5ckj;M`{|_(
z3YN(D9qjE3-TAJE%IZ0CDOPQpME+{~ti1`+ukr1dNF_Eev_qL4M@e~>59l*JDMS~f
z|68miFls@F6qNw*nF?fag8PjPuZInmit}@IuAg^<0wofsZ~Rj*g_ICVM4PR*EqvCG
z-dpO~bM;Dk`zmK$7K82ENksd$PE6sJ-+5EL_c07o<;}ym*a%@|<*etgo~-`~jlp!4
z+qdr`s#v#O*`DKvW1=1Y(%i5fd_XIrh`+f<w(Le4BCK#fT~(RkLf_XMF1aG@CGtAl
zm(%-Fp7Y?Kdq|?VcvA6mZEuT-Di=3UnoNja-{bF1+fsp7iM-%-TcSHh*1@00%B#xX
zF?jt-HBUdOG4YhcJUTvz7~fmnX`PjcMP?M%T<_r@f@ZGlJ4xj4949ZruJO)IDLBO6
z!o`XDSw8ICzD}rl4Y#fv7}PZeatQK^lk!vCBQ(&3z)+Z<ag-69Z=fF4p-1aGTwG#2
z(TC!-Q24BDu$uX%C-kA=^7Ufe1HQAjIH_tsCgx1p?VPI*Ys=8EjXWs_zvbdLttFXh
z;!k7(MAgXXmfSX!Vct;)Co50Y6Zn0(`mbVz-rEmM^c54Gq9Giy{JQtZc6p!h;7g-~
z^L%W#U^}#C*~4E2$%NQRd9*PX*->vreF$XZ{AZ-)KO#jbe332Y+Wx-9M$ND7D|s=+
z1|$(HDd5SYpUw;naO-MA-VB5Izg9lgmfW0KX^m1k#6<-B5GenUK9Aw#5se$&-Wys^
z`$xw&t?olnbmAa9EIlb`W4lm*aPhs}Y^O*28LO`MVwc5tu*Ba83aQwMj5R!QZ6Zu!
z{;$tm4y&v>NPflsfM|HN^%INTZ1HVY#Ht$cVeQK0S*_AXJas}J{?BfbaN@*v{8+eH
z(ANu@MhM2_U}K#4^VSTZ<?X4^?<VxL{R)5>P5{Jrf4^#LH$vRw>D-jYa<`NROLMIC
z@mA**2t6sxR(W3H5?pP4_9}_V_h`E+kV`379^t*V>d21dZsS-ij8-^9H0G~knJMqM
z>~AGCK13ED{2?Vx`hgM6bY6RRrMUqf?XPn_>b6S1fu~Kg0*zAEpP0-hmBJXJzko;F
zdt@Z;0TA!)-L$~o7~;`q-{%L8I-8|5*?08TNiXRi(I^)1yEKc`69HQ%3_!B%n*b{<
zxo0M2QlXi04Ye^&hZhp|;|3k|T4}6@gA!Xp|Fd;6Kp+=1X!7~4&u0ExGMYg7x;P24
zo<m_xz?1!Ob0DHqQ*6p<-B7J}YnVvoVt%mN%9gTH?@PmI*p$&5jW1HOH(WS9cv}%1
zOkuZJokU!0WtlI#QzTb-I#ZSL%j;tltcxqf*!k9=YQ{64L918v>fM7XR;=hW<ncAG
z#70u{{Aj@??PW=RvC#&TN+B%-&_hhs%R)CIJvztQCOf*M!cb2AGq2d;!4GuJF%m!F
zU2ELe{L;8ym59;-mm28m1J@TAR)eoX?ie~L@ofnMrBiPt-yxa}C7RDzjAo+!%My?>
zc$d>5YdiT@(34(jS1dF-5AcaqsJXOwT?Z4O7OZD$OZj9Dg_PAyTHOQh0`RaQ6J4Q$
z=;qiQ(JkU?g=2YCLz?42YE<Q9na2`Ro%HSKAEf9e6?7o^9q>O)@X{I6xbk;L(i~Uh
z5(O0`qlu+T=1SGXPef*lH2^K)%_7h(RGb@Zs@S@c@;m(zPvn!r@H2CB*?JN1d+PqB
zftk(gn&$O1u5~XEBWLgq;-}oFE*XPgQ79)2x|;-rsSYu>7}Ln%I=<aHS@ABl4zFG$
z9ZF%!3qiqAeRQ)c((kdp0-7s!hZFh1oKkXI_*&bEM8zy#38&3&lS35oUpy|<P%j+X
z>$t8n8i8Bby?fOSul%p}Sv1O2LKVHUayF?8lF4Qa%5ANRb!vFq*mrJER&tM*+?Cq^
zD|2+Exz^>Dc&6NZu=**cW_u_-9c;IzGE{D~)g3dEe1IS^>bO|0Q#MbkbA3x7V06|#
zxkLZ24ac9juP?INd_?xR?NFS{emU<g{v^^E(=9;WrP|8}#`=(if{Oi+#;KT$D)i4)
zr{?A5eZm~w+zL9aqtDJJU~JGSL#$ZcWMhehB(4vAyWqdc@|fRVURsbdXjH==c76<#
zOpmt_e>C)^?@81y{%9u5-h6YUCM8XnRC8U(|GaZ|$fa!tZYd~i%J?wKCEu{s6DgHY
zsA#I-VEA}(omQ;Z&z!L?>(ngXUS8PR0Ou|WXd)x)rsxbJLGU7o<c3f1^48p0Dt|m!
z6!~0k-s*WGtX!%&y+<PF_q(9flWcU^d#fr~%awd!SmQ=CV>6$~X}>7nH^X$D%JvE=
zZf!Mkn(vXwEQ%yO*U%*Ip1?AaaVhx6#57%MWm;#2UAg-~WF|saq}?2=Qf~<JYrW+J
zHe$W-i;vI9PqJLyDZc(T*&v5#VMRJsxoknAY^vdSsv2E)IYqhTQe)BK1U{}-&n>ww
z$tY^=IE@nZ-QZUJ&ruG*WU9Y?*BzsmSEGI&PO}(Ilk;aZ9NdTsg#Y$%r9-!WLfo4s
zmLg!6#{LaRL}Y1homGdCp5;>*YbCEmAI<^Zrs)+R>`eo9b(W~#QUO)Id}>f%mGcg&
z4-wys#Rb3b56st9uuDpD2|7G-LFN0Ql#OeS(pM^JQ1<7UkQv~^3xk8L#1yoUGh8hN
zGP1`TlJz<+IafZqPS1-g+KN*mAt%-2gOk}h3w0ZN(jAG&l!?I^8_T(qR_g}OtgIKF
z!1d#<-SH`lG0VxsqHixx5_LH)sk5(_%)t9{=Q1sa52TZzLbt<2{7wiSCtbDKkZjkF
zw*}T3^pIfX#xI_oiyt|;XUiW$w?upZi*5QcQQgLCTt)o2ShO-Z^wJrKdm$&xd?#8@
zqSsQn&GNMzIWYTLWS`OTk?n@2_*tPVz(BXo`|Xz>>r(L43Qyq=HzeYweG2RUc<XG=
zW|q?v9;|<>M6Jb(_?+F$l&U1PlzUBlF}vPGfc<e|eZWkP>=Ta6{ja(CG5z3QHt*0*
z3Ao))(GD?0%8~f3QKRntfs*c(NrCE)67gz&(QxF!Q!pa87c6U+lCDXx=#nwAQYJTA
z=*slF!8B(T8$B$l#krPodj-+rkKFt|S7AVS->N>F`!p1t&~C9D@|<BKeJu7dpqXc)
z*Y1AlzIJHCC}|{+PN+<Y%1C2#i}ie~&%)NUM1jmEI=!(Th*_OAB5x0;r+g{en^GBh
z2pZ}u<n)M0I^Fo7hvR`Z1&^6ZjjR{^R4I43dr({yT}fZcII=lOhf-w!Q~W@^sJ4{4
zA{?8F9siXl&crUe3d2r6YogC3`1~0g5ud~+Dyd2l1r07PTzI@u4Spsnl(J5Y*MM)C
zvXidkjkym5pVAly**L0v+_RN&U^RdHbFUhO;Bm1<JfIK&te^Yd3RB9wu;NpkKlTrV
z7n2QY6$(NAub|^Bhi%3|(0K1g#w+bb0SvvsOQ?9_AeTTwmbr?xW(8-j%B*pbHt6mx
zJbA{`I5j_^hcYT(VlUC_TDmbs>+9LM6wA4R9{)Gc@gUa)ZV|HOd{<99Z(9$)rpM5+
znly=2^wZ~ZQJ*+oe$~|XSO76Bfy{?}x$oQE?V|ti)b#}iX0_9C26sPB#2dM6UQ5Lc
z78czls_WwRa=-r7l?iK#88^wtFgzT?0=~+v=oz^Ta9EV77R<52645b7F61^dqO8F-
zqVyTNw5FZeM5YvFX%1q3zd*A-QlwFM;?0W;5pJuWqpuvl_aJR99XH4{JPfv$N-&XZ
zCgi#VECId@ABm%tAO(naJ2dUHMyHtCN)fDqw|{sH@2MGFi0RQ1ONEN(+9JGzi3dzw
zDB4cQU4UpeTB$(kxk>R5E{XpMx3Xb&r}~knr?ca?aUunL-*R!Ep*%zp(l4N}cNbHo
z-114r3((f!Y4u^^{MTbD%xT}h5#SL_Vy|{$x5>#?t@W8~;#@@j3Y@EbpyRr5q>V5z
zSY3vJ;D=S*Yz2@+^dMpPDtenR)H%(38vr7VH1Oo#pJ0%Q-|>I0B!D&?$G%<@h}rLJ
zX>VlRqJphHKXqB#V{gpsQ(}XR|FF&GCKFE+kQ6jk-jR|D5{mW(n(MRtAh^eulhyvu
z!IGZX;kw_1K<qTKz0}V<Q5LaX&^>#3yJM<c&jdX`UB5#S2f;bgrajgnIoKOVW2zZM
z-<{ckj?=jb&cii`Mc$BEQvgjAh0v8GAKs73`u?m*GL9MlsWfXZuAD=R6qJ~%4H8^?
zYzcB=*duV?>(8I@U^$T@U$%WU9b5bM&MtO5+-ymov>6M+p)iO1X~3Bx36!Q1VmGRJ
zIa4MpUD?VReBh*M1P{sjojzST1Xvo(_Nz9hl(>RE>pEbtz>S&)&9iTIad)VuK+0Xu
za2e}^g%f|0G{qL-h%X_`5_4wUvSr<~#b>b$f8Sx$M}{X8ycP+m8t;8GWnd@o*yAzq
zjZ5EA&g7#QpbB9=&oKz<M`IF7W3FAb%kiC+Vr9A2u{<4tc?e($`a~&sLBDZ(xve~p
z!Bdlf#z6*cLdhxw9RF>Sb#<9j3WSgWWc>@4%Z#)F1^4kAnP#b`WSTF!q`C-!{Zgc|
z1DGo_#0(%pVov?K6vWV<*+0a)^`pBBqC;^D4JZoCC+LvHiQrTe{dDK*Lgkyu4W*UD
zXq?L>k0=TyizGl{yzsU^p5#SHF>`6vDWM6Y(m>(7r{YKs0y=2I6levg;f&thZxq(}
z-MgX^@qX)0`+zu6_i$P_h^7}HH%N*S$c4vb_=QHo(FcCap~9#wClr&!+4^hkn0h*J
zz&mWH>(=~tnE@9Fqtx53ybOFGdzl+h6AI^gf38TBk6*Z~ODyO-tzNCMnapS;f%bAY
zl*e>rI9E3JOOy6Ck(>SL=^pK1vW#YDbT8)#@lhE#^w%y*RnQ$ARwaZ($d2D9$<&Ft
zq6Bcb$|N9K-9nyE>TL}>?Z9Vo`*9Zuk5hLOgFEJC_SX8>nL2kEKk)cSc7(LWfomm4
zg2r^lMV&4ZX`Z>i!Pi-?s_Ph`L6#dY)$=NmqCfHl0Va=w>c~(EvsLXyVYA&5hF3{J
z4^<>yE}0O9G0o<@9r0(&Fz3(U(33TP;emMSoO(OG33sAJNYgrr$LQ%LWYCP6PNSG|
zrO7oiTz(AnVgBq?awp73a4q@+N3!{FTCRo6FVa9_4B`M+ZtE*<H|Lm}Kz1a|qYALi
z$Fs=!j?1A|K!^*$fNlPD^P`-;drG==@A{Z4%z3w8grit19~!6xLZu_ccPEeKSC1`1
zpDL=sKq5o|kO~W$uG9C|SOamc2H(?v>V(MIr!HIekH>wxJrS67-`u9Per;3yw$-a}
zaA)BC0t+KQp%9*%i^C@^rCXlC(=Xuf=O^HMp<eb(#I6yt#ry3@o?i1=0f>I&1EHMp
z<u$x<AkR6xn*tBjeTm>E1}~<XT0Ay<=v2Fd9sX;4oh2@?oIQ5yg5^?}r!>vZeb=hq
zpyTrg<X&!%N<1UINPFKB{hl0**Q@`Ulbku2#3=SXGU*RsQ7Qu=U&{@n!H(E?gC#Dt
z&JftyrOak`$ikF`7e1qMzO#gE#wV-}Roj_r9$$lMZkl`Wb$<Skru9OQeiaZX-?Jy+
z^Wv_vT8W>6<|aRK*_(gCjMuS;s@L+!;&K;VToUX~%*p}5z-O#EK!VkJ!sq&;saH!r
znuAt-JTtiRPS|fgdZpEZIaAOjSv603)asX?=x7E{A;WORw@tB(+^)VRClcaDuWJIl
zHUD*xC&CXBL7zOgP?GObWr^<r#qm2}mS)$3uSw6O!#JH|v-vlSOXsU<|0<P3y{cs(
z|Kb^qZ-`|7nNk{L6g%7Lu-dYLjvU(=0i*FDIZcyf7LJU0+RLOk5jLj96+!duZ*<U4
z9`Nm3TD5|AX2Zr_&+%;iP@Oge6}pgXt)`qUUKT3jUglo(T1}VSk2WjQZ6pPlJl3~m
zlwxGlITg+*WmA}hPs4Ev|9bq^2y^8}o}4Y!>1(ceE!C5#L^eTaGJlbMjTf3dnJrrr
z27|#q-*ysEJMrT<6@=5}5<f{Y&QQmM0cX_4gl1i|{ao9MM)tNUiM3jF-}CyvkSk;g
z2J7qV{}sJ=76Emf*a2B6<m9RCqA6O}19kOzigpMmYt{w7!W{5bE(LYvAM>$HDXYo6
zU4um<YDM$Rd@z$tUkr&wYYMYb&UBILM7$Y&(6ky@AD>#t_Ak&g0ijR<$zO&RBk?@a
z;PKUN^|o}RiNzEeC42iv2R3sx{+Y3$h=2+&gB=41;FyMLmTg0&UmU2_ma{_f<Fy|b
z*UkJqC}4W`RZz|-a!dLe7s$Juc3OMxj${r94TnE6W%2=(woN6TQpWOWK91e}=51#T
zotrNi@OtMXT$-!>5l5LxTbpb7Pg+#*4XjwLl|w==dTNN1Ey729?bohU0YYtzvJY)-
zQAKuVHzTPWnc&muXx?Hx_^)e?Q|^@8c)B4}*`&q<|98H{Z}MrnDY@c7vKt7vSmi=C
z<47W19Due}GyN?}>Qhwu$7Z+F{2$TjQx6>UGZRV6Ez~LeI@L-9;T3TkbKxAYsT+5w
zV3RmQ1@~y)xV?>BsdqGPwh?&DS(=pn@26H%4q!OLrU<?i`*K_CKi-s;-s-$Do;dFz
z{mJHF7?B@^Ds`Qn*wJIpAXK)&t@?+EeqvMJ;QYF3`@l>#syp<Xw$ZPfG#oW}>*137
zf1i85)7TdK7O6@s_sV)K(wQN^dP}r>?XlXz!1`#sRonPg^<`1mCJzPbCJiCaXYSx(
z{~{(vfNZl|t|cQEmF59vO?%3B;o9maaA{7$DpW1@0MaICm|m)yKv6!z1!z<=5wF!h
z=)y*V?fgA^2m?c;2>rhRfX{G$(*S1_X}5=3KTA0YKcE4X|KIMBQU=6`FU}DwH_8Oi
z2(1w%+`x>Mwiq_laT1Xpq=Lp*0bfZ%xS+M3mvxc}C|_a9fMZ1d&QJxqLwy7gy(x={
zs+EI+#5=&<LjJCm_#eF<$jDffP*5C0tt?~-AQvOL@qPz-sU?6Rws6od-3+ZSqR@<u
zvWG+?a0&BtfR_cFrr5wS3Eyy`*+J;};xO^77^UiI!nCh3reUxzOhwS=PWVjf%e&=V
zflv%07RgXvpW{VWCVwEb&xG?NI2}Q`g%=BDAsGno>2);ylNgP@Q$Ib?8~pR2U49c3
zx&Z`3HfG--?KqO*6Qs7SE1e9Hpy5FlfSAmXQzS0)%oga^*$^cGGzG}*;rE6ZNT60*
z{DZWO{OOcvGbibQ=0~C70{hjb_jyt0yFhN1-SJErE{1mMpYy_~ftO=4ki?z*cP{j?
zMo-`^xfl__gvr}=X*z|6;Y21=&0_sJ+>x|rzBx1+m45HL{)sW`zUz-%jZc|;?u|ZY
zk7KHI-@(%G41TSQ<jR2!Y|K0U^(tKt+bVxaTYc{1-A)!2glOS_ugt<vgr8gvh<UsS
z@q&l?&iWVY4z0TXI&Hf`N+mehW`d(%hBdWD8a?W5b+}K~qSK445+qBvHo8Kurb5CA
z?N>{~Pr~gkcgr$vOO6(-c8?m_ZM!Y4^PgZ+7<BYawiFDtDh^IqgSimJ)qv!;>~BK8
znR1;>-8$O>eG6~_5WYbeBcQ#lFl_zf{Jw-%$xX)cs^8>D^POP4X}D36bcYcgiU6F7
zsGsg7_@xP+<L@o{T0MX<j6^>r&c8^Ys1@L|?Ttqym7rvwP(|S7v*d=VHPu=T00GA|
zeounu8WW0Et@{XET6t)6&NNA)%D0bcR_ibwF_GQ^!w&}OEy16DSImxQ3gW^4QVAz;
z8!jW2{E{%CTEU2NOb43d)0%$;6@UNu*7m-*94@0W=2_wDx?%=@Pd7)UKS}+*@%hd`
zLgeLasY-Na8W32KsyFRZs<v+-QgiJz;axUAnQu%ds_Fy2r&G+}?(zJAP9*O*YcJDu
zv)`jrZ}$?KS*|x2dzD!XM!}((00fkU4zFf6yDO)8K%m;<wi^`R>187-3C?#@GT}Pk
z3&6xx`oF3<uYb7uaEpsxf~XN~cts~fuR#!^cazZxg6N}{(Mj~)qu0@UuVIuB(OcAL
zqr~V@&vvfPzi=++!r1m_+rQ^oYkk*GegWr6axvd4Hp|hJWYU)r)%rflstSPybFb+3
z3_|NgTU{?-nHf%aDBd_OX)FnGi_%WcyJ7>jTm@k1sraZi-duelqb2MMx)rhzA_R$s
z4VUWwbbuO?;1mbPiMno=g*$Te+IZreuZf9?P520AD<z1$E(u;+KHVw#k<J&NlLG=`
zvhvBCdbzzAHwgwT!qj}wmp6OzR##|)(+!$aDIqv~&Kq)Hp&K=>PKC0>wDC0Akxa&k
zy6`y-mZH;}7`k~!o*_sg{?@3=#Oc|KF7tAI05x$J@#l3K+Xu8Vpj5%49GpkHQ})cW
zQoEUvP67(nwmiYt8c3=KLIrs&T|j+@iwSV_SR5F$!D+NV`o>9rV~->eGjp~L+KMPp
zh(&SVvNV65iV?bP|B@kKqbQI6JYUl1((VI$`+u^Y6Eytp=<28(NuR2c7Z^?wu!DI#
z+xc92QE^ethd`<FHjI-nfs1!QybH4r*hnD$X%J)WeOF<}-^IY#!@HiuqaSt?Ebk0f
zBO8oe_mS8I3sZ~w;s){_2lUqQLM&v%pBCB!YT?Df0<M{A3ipRntaM-e=bZAu>5?}X
zO}&ev5w6HX|984~sh%TY897y|p#Jo!={3=4t<Rj=p9)$gKpqU(9(zc{W={w$(g!$>
zaj&%=Mvh(MfQv(M>6vo9?GA$H+;}Pk$3i7rl?El0lD=0FVT2(0#%>!$QCDC2ZnntL
zd7(<WOOV8x=?L%DS$5?c5e6R*M~nQwMO@pTMNfVKnYVN~(bpl(+y>33IEehvQvlyV
za|!3aBq<m~7U^-_MT)V%9Uuqs`0}3Z&G1JsM-n%zbb33b0}1b`=0oulYC8bq@sjOd
zp5IRfybN5{M+>_*!=R`*m7xnr98KO!F0p%^{5g{&Aud+CJX$U3l?^*3&?Dn|38n`|
z>Mfk({YeVkOu`g*`S`B)m2k6qGl2Mcx?mt*{O+~<t3jx?naaY%IFPED0PJ<0MkVGh
z1UU`5!e$!!Up+T-BQhH5Q2f?<!AQYApaiCN1~UjFT{bI;;_S}ja1Wr)Y>`)z**AYB
zbj$QI-)Hkvt(Xtu9;+X0ZdybTihADPVzKCeTb{*T%-PzbZbKs(pFdUU^kg^H9_f^R
zA_;SXi$wlc55PJ3Uar;}_r6{W=HbkCN%OT*YI}m=2lpdN&Hv{qNm!l83*PNnp_}eD
z;bCc_v9%{gk5nR)$nrF^$D_oYP37RM3lvP%t9&>=luF~!E$bzY)*JL3xHiq}V=lEQ
zaezWprBb;~hKIp+1l0izjKHIoAC+ErI*4)9=otdnDKD+~(Ft8M?IEYs-tF*mVfqro
z_7*|ST+zFh!06}QC${m%GEYXY+L%Tn@;X;>&{@B~rk$`(Er~7QN+1-EjOF9xAZZ};
zlP|JSe=N(N4pu;BI2z3EY*&t-piJ~A+nH+xE>cF6+ZdifF!P~{aKSp+8^>g<W(|@B
zhQ&IY&U=j#)x@x{r}Vj&1TF(-xIE7YVst+*)oPnGAc9(1>}D%0%tM*AN^`{xzEq`m
z^R<VSB==LunW;IEWA7VR8Z>HrG&KHsahY+h;xFQlzF)4AuGJBF2Zt1dP(-l*7s8$Y
zqP~^Legw|>8gsHl9WnZ(86(!6DxrlKtpDAc&fU+*h@U!9HH_bSyaLyQ6{OrdP3r>K
zHpb0RC{%}r_sPJI4~gKZ;4D$s6bT7@?2kn2bSV{0F$BuOs*3`Qe~LAt{UY!mTLPHT
zg=GAlXR!Mt%%rs1iB_iopt4N<ltt$<b1`HLvm$x@3GDU?&!_{Mo*`)eT^kGzn4g&7
zj_=8yulP`Z93&}3VCq+>7@w6FFcUAP%K;(%RQaJ#fr&J$H#juZ{d?34-Z8laHxByA
z`=!|sn{O<`iOkj~2A4mv-&~+4xH>y)ig&V}(OLcBu5z!g4GeBT$9hvGXnu;Ny-O=v
z2aiUxhP3%&k$t>zuWaN9GQ2t8lQ(EST-#*ExIQoDO6UKTSfai#f?RH88i)kdkVQ65
zBrt!~{@vD?etUgJ^BwH4+z>h^baPHPFF3eO_;H~wIm9{8;d8*t_X%m6k!9JQL%E=E
z&DbL&Ps4_D<?pNQ9yyO0Ntg0yxQas+R86(ML@lRR`|!U|$=&GQa)tY~pw|R82b&1u
zt78$gzVU;1y?+xSS9>RG=fii;qXOF7+q=v3@6oYtUH=RhScT6%7gRk}j~6R=IH7>M
zZP|`&nbfQK!J4^5?{cJIN7Y1cZ-hThN1ZbA7^`MBZ{OZwKi&3)_%_pb-X%98Y}zjm
zPA}QC5>DsJmWE91ldgmv7M12se_tAjN<74dW|?pgol34!t!ThzkZvM`_FDVVVLGq}
zC0*O==iHhsinI<B#M367dPb6!03}ml{rj5Gd-)o6zty6a-M;UPtMZNSx0JPmhnnnz
z2F@aG=e8UPXR|^-#vI=k2Y*cJE2CLdi}NYVW}f>mx4WUGq9x*cAg2O72QsZQQ@_;L
zjO%o~B>lF^yU&HtGl^E+wr^KfR_>9R&&3=dKGTf$Ft?Wxqj3I+tmk*re};Zp&^B8j
zUd7<s9K8N^B_8N-zCLvKdc{r*$abJTaiVJZL5>h*m?Xc1D@6OwpyFM>eJf62;wD0X
z=*#v<xn6^@GE8lO7aWja!&yMdw;}5@R=S8>ZZWj0L~P@YGTm*xxr|<)hq_TN1o40A
za`eNqgXK~9b{_mHKmeHOB!eEu?8!0TMtGwJ?P;LkXM8fSliIjilEjCeHuGa4G>eAU
zmLudWsm~@-IF0q$Ee4-{mcix$W%#&S#MaH<%@rROAITP&oXEj2UAD)RYsno&#6)~2
zKV-6Yt3$Ye`hmygfiy5~h)2o8M|Qz~_%S>d6fpC+Hi#AGYdkI*k2!iDDrTF4$9<L#
z_yCvXz<*pW=pV!H;hG6Tz;5#Y=11C@rCMxnx8~SKhzIC=dKS!S))O)P+50#nQ@IMZ
zIQ7HzRU@{NPZ_r&{8m}LR77J}fmI}SiZxyK1xbfg@84+K1C-+iV4p`3`+k$2_lU$I
z_85Gle053^L3*OS(pm~Y+}CiI8OU^JiOWRigLJ8ni;*Y~weY=l8z7cfvNK<8_JOFE
z--hWYHS;^Pm+ZVS(glL!S_>z-yPYoAg?P)lL;xPT_HGIYs?Ra)2CM~!uC5F0@oTq5
zeZT|%$hd2NeZ#sAREX7O{sgv?;v^fx)|D6a+fH5GN&BM|Br5(u`j|D28Z#zpEr`rM
zQ0kAN7k<LY>^oot+BgH&lM@ltm~{u%U-e_3f{~hgRjSc<x>OD_D32)OH&@={2D!Wd
zwaxoBBe=V<Mx-S+?%jOcWbDzzf3=!j$iy*auZtkqY_&2aYc+f>jR869_!i^lGOx<0
ztJ&Lbt-0BItgXRfzxzP@!j&^XzaHSwT~NS%)m-Ul6@3b8J#O{6ScWC>IMT=57>KIi
z#7n|ZLBOE@!+G~Io(WN^RP^;Awi)n&lelb1sU=;gZm7Ea@4`;rUH+2dea_c$*Y3>U
z=&%$>*CcE+8F9DQSK=Hb{m>Cs5l@;W>hp?_=5+?7@zXoz8E}{HUgh8^N1}P500Xsd
z0<Rf*(8I^rw?`zC@c05m?TTo9u|kBuk2W<RB?szMfJto2=}lExRKLBe;doRAf!Swc
z7Z|Um3fZT20j)DhR}=>%_K|^t6C%e+`UgLVhVS#sY>B=1c+;TChsEZi*-8kT@~&gX
z10pA@Sv!@U+(c9YB>EYbOdotE+lv&mTS&G9X8OHLFW5xx6TbyFs|CIy#ee-pcQ{1I
zKg}M0{m0uac3yR6;}Btk1Gh#}iVbW>i00Ca+M$JxOHGrfX#_od(l>B@_}lKE>1MAC
z;yha_vIKWLAOL+J&dQ@xgGQ)hKZ{FE$+oO~fn10l?d98@trsSwpNIv{)Vfh+E}jZa
zxftR~F*jSRU$Bku>|G!sDDS`*K+DWPZRZfu*o-g#gQ7N=-RFsL_8lCmvIdr0oHwjH
z*g?IRT5p`zo;~g@Z65nSK$IF-td|9dd%2~i!`$YPMUD?0RD}PW16))<Ys+1Z54{J4
zE9%^`Y*M3Ve}=WMk6?$TxqbGFXX&@ix-CwO_i?jXGvP&dY1}GV0-;2pHzW4Sx%ZTU
z&QNIK@AgZr5%O|w=7>ia)0(r<POpT0%F2l*z(Dc5mwE4Jw@N<X=hp>aX_=%J-hb7A
z(Tcqlg%e+iSDdS2j1*;!#J&)e&;g3^s5bs8{(G+%b3`)*tR|%Z87=ee_c-z|AE2cP
zeBNcK6c>U;C)iYr>Ktpx#^gv0>w^_X0)@zM6}N*|agYmePze^SALPa?Xc<DW(71mo
z(Q+j_Nd2|`L@HB6^S@U?G9Cb}vGF~6j1v6m-0qxP3l<kmJ-hil!VWS1J1dC^p+6F&
zTz>C~G26H13Ox5a{}_7(Ks>m`kwf9PR|QHy;yC(+cpyuu6gUa*y)<oUy;Za=qa{HC
zHYwHPVurGxY76yFQ;TzvtKxZ{r6cDI%)OmYZ|N*Ju%!^so^`lnsNs<@7rL)D<yn+>
zXmaSVA)4KgLbo5i9e>~?420`<wz+)*K#foFkj#(}0f)g8GdyB?zO0gX`)QnMfTk0G
z_~qK>XU)3ioN(;Zg6hDafvC;k|HOwDTz6W!m&m<*3#?emrV9T9tE^7jRa6|joX+<m
zdqmZ*UDwUWK`9qfu=^lLlMP}k^Kn-r|8k@WihI`^zN0HB8QN3LXGIpB(NqW|ceOUY
zf8pAgDRcG6D39Q?`jK{~dYDmI$;|RTE6vS3C9wMe*icb^pN@B>juogyJlRCWM71DW
ztV;+)xPQ(APAX!Fdq!<7f>^ViRQuZx5*(hLV|RLz{0f2x@-qHwo~zSp1|$G+^rD#F
zMQ>dJXZwZ6Xu_09W%zNYH=F3)2nEkWcKd}B*e}S18Y;81P``7vg4hvUg-g+Q>8B{f
zLFK{<a|p0}#NCk4II&Uv^6l#4T<@wkci7Htb#b@N4ol-^=T67ElE?SRC!6=Bf^?lf
zij-6DC|)?zH^6p}HSa&QvujS-kC)88Q)PBFJcqd5(Fob(m0(CUXeR=bZ(U67CX18K
zu-4XHHxN2ewz{1lTEiONF%DTOvDSD}$Vrf0Fil<Z(6DN?cgUk%Rri1*V?95xm5iK<
z^5cNyM@cQ>)e1QD-jLlIS1V#QbbkR10OT)Z@76WY26bi90sYe715Rx1=2;U-3YCTh
zzZ+}#7~0=0GZ`O%>LV~OyUSufw*U8arh))QlcAD+O@r|A@o^=u(fv4TMkvnojd3Qt
zn>p$4Z|i{KH$#F~;BZRfq;>$ws@lKwdXiQqC>N6nh-Ouny}>x%^agkV{XLe&p0AWj
zI(wy<jXO`)OFdDBSNO^}Q|J}!GN#GWuZ+6h)>`0Xn;W$r4A=ne1v{K8fb6~77pi>i
zcPy=V4Y(f!-?H_pt}`o}3|n1K2H*d7L{8MK7wn=ES(9`=U{Q>uGM|S_e|@=7&IQ;d
zK#_?8vod)}zd}s8x`A-h@<=LY!T#X%UXC05(`ibjfXxYXMWTnLw-`2u^lFgK5^)wO
zUC$lJY&Xw%s$45qYwn$Luu$)O71TGIkjuq2E7oY6F^2r}M{X51_sv$Px^MQGdk|a)
zuKI{9ootODx1zMo=b~QBKu_>W{Ki}Ml*TYOsP2U(i{JOR-p(|PjqX#2N0MJmC{uD!
z)pQlV(Ks)w4bJelP2jTOBN7u4`J~w)<a22pzzqDSaMqd89bw_`wncfL519r&Y6!1^
zTW-UOX;+;WKd}+dVo$A<^D4Wlt~ev?lIEDnez`-Qo7+zrJXxw!+tCHhwQfN5AT*l-
z!;FDe7lU|UbL{HUv{QLzZEfv8pdWd?>Tw{wP-nI7xw*72?07Xh{OkSC)pARI4()3@
zizbHknq9=%`p<64sRBgoFt;nwNE*918Hl_}drCynxiJiH!D9{W@Hb34UQM%$N3Vg`
z?Cx)FhT2;ta^i>`n)9%GT{t9EsKR7ypAAq(PugNqs*I+Jlt+63(8gAi(RdZpJm_3q
zRpWW_@8X!EPhJh2LOcv$rpA|4{Gas>mpY^CtBmj1y)q|JqMKGq>Yp|mhzU2vGAU<k
z@T2K1zST5<v_C2y6FU^VQC^Qj_J>mdOHTlMmAp~lU`W`L6T9`e<DOOGlv2Qq`Kc^8
zGFc2zh#$(ww<qlfPx^z9fV06by%+{G@b2yX*sJd-LnG*C6LwhPTPasBMl<h$;LlF}
z_`-)cFN{0ePe;d~GQD+<rr{6LP$T2|#$#NUC9G#^lfr2b_88E~);m1Pqg-S>I{LR)
zk^?K!g;nSA*;-)E=CaFxYFY4lGcucUtG2NA3Sxj)rRJ$sw3m^BGQXQ@V5lpzLM;7U
zqO$-l<`MGR*>AhZ18sN@_=RO!MSre|u*A#BByv!1{H~#f+wN?!459AJQEt8t;G5$f
z7FARaG0W!|>4t_HB$4t>WA`ZV;yAI=0`I@Q2W|<qC?=>b%|4CP-k!_`k|Tu^`_8t%
zz;fUH43PsvdFr#7jO(}w(LFCpS>00B_w4of_f>bg(93SI#fISgU?o)eNdP3;R`;Kb
zuAP7i%g*>60-*xb8z`bSah?qU%?O^0A2ic{Kg)t+XqLIj3n6OP2%QNHql`MO=>Fyc
zMIpR$cZNg9P0$7WrZh-76CH!d;Y^DeMo>|)DidcpA=)$0OV}E;C;(y_wia9OGJsDz
zNE0(w>PEMst7Dhk@kzq%`sqlSkZhDTf2A}qTl@>|QKm~R(>tXZME4u0Vh|Ey01B~k
z;T&{#*y-lNem61Mg|jK1;UtlBaf^+%$LH|sx+%3ro8Tt<mAdG`yE6iWo#RZoj=97P
zHKXIKDcLX^I1W*aJNQHln}~h{M0&W?C}hP?(*zuS_tNi=ed@oezBCONFSuUo3r8Tk
z=O&BC4E9pLB>r0;sM_6$D7v6=qa=8_EF(p<+3gm!)F-bT^?@r)wwxGIRTC(r9*r~Z
zx8aDEsm#m8@L?vL)ji$$h}_z^KNv?%crBQ!gdYi4<=U(Z8&I29!qz4TjBi{I9Qe>t
z!}h;RG#4(7ysF?GpkDWRHFSVG5F7jAjd($P5&8zlhEFqTAa4vMzb2jO6E{?89e&>1
z6L&v2A%5R&tcW$e_##!-AShDo$EXcBE6mf&Xv>ESNrQFyiHx#HP;*rcRSoGRLf9SZ
z;e^~J3+7wC_QFz|kC+%)``RUwG&Ag(|M!`t%(bxnikPDDxv3NNO3eiEt)P*uUvmFq
z7>>~An!x-bxVq0nR_pI`LgL0j#3e-Ry39R%hBOm27sxvqHQ8dr>DP~jVvII8zQ^nq
zM(VDLt+zF(@)nk5tH(?Ukxy%q!R)yvUY%iW3E*|*p&Jb~TmMB!AVZ|%R14!4tM_KA
zY=46h1T7X*gx8H1j1~5tX?;ZAZ_A1A`mwRj)<U~B{?Z2dZ~R3^0TawdOU*`aDEcb)
zgGiPeorLE+mA&?QoR9>qG_*KkUR{;gZ>E`I+{-&dDP~#()F>2a592cKzkdDoKbfy2
zOkwn)j^O1sx6BRp(PwsKy;yDLWfo|IHc-Xu;MCX%p9)rE%~|Rg{O^Rz)3~aVX<^+u
z`z~oK8&PR2J!qGMBA@*w^rnnd7M!2<vGp83GHdK`5@iee>7x7cF|~z%b{`!5-Wya4
zrVy%%6gm^E<g8uh{c`*f>~G4nlii0mrO2c<=xc@-K7GIDts!-+l+K40YSqu=>9uT7
zt}ZT=tVpNHhmRawEJ2B08%pp-_T=4cDqI*~$y$h4QjDhy^9;DSvnce3B^NKf8dA5b
z016;w7?31ACuCjb3$@z9Z`h(S9-26SR<*Iup7R`@|7*_Se(j0S-1MYt_3sp$u9Kh2
z{o)Q~{bQ{V%&ba*`T0rU0Bmf>MmR=wq2AY!t!~Fyaq00}wMc3_HZZ_%{o}7$nUWtd
z_{v9ios)_2@R4m(e01-$)>DAQx=asXJf74i$H%z?B7t<_BM4vSq-^=<>v7_Om*M_Y
zS5vZ0lcqM|fK-5so+rc5dY#@H_nqtC`rK$1Ep3_Hu-2JOD2gI&mus?{jmpS(Yv}u2
zOnxr2mZg9!nh6b5uX-M-zbti6YB8af!74@W4rM^3y*@Ju#f9h`J!a-}@A(RDaAGMm
zNGZ(Z&;Vpo?Q8!JKiDGIzr0uXE)wX-=9|Z2I>4z^!^MTmm;6fVdc4+BK+qr%)Jf0;
z1daU1j?`Z^0!2K)g+H?e49&NM$sfsqzjZeRKy#qfs(X=-vIuqH1IF2J{;ob#3k#sW
P9__unnq1Xe)1dzWG0D~J

literal 0
HcmV?d00001

diff --git a/util/cloudshell/screenshots/action_upload_icon.png b/util/cloudshell/screenshots/action_upload_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..8784053a5f1d1dfb503c864ad856ff78e1d74dfa
GIT binary patch
literal 29500
zcmdSAWo%qc&^2f~jy<NB5_8PV%#34ZW@ct~%*@P=A!dk~nVFfH8Dsdy&%57hrIl9u
zWB;rrOEaUoef!q!t~%#bb(oxt7y>L7EEpIVf;doE0SpXW@be!41^OkhVlER53?67M
zBqS#;B!n;LU~6J-Wef%e3`<glR#O~C%hps7H~R$u!nB9YlqDi*K!TU}N5w*-NJPR2
z^iBLN_qRkxmQ!_7?h{#r7}AhmY$1Pm|4mCtb!yNZJd*K!%DMA#<8k6~yxn&q^EM~G
z`Edd)S9LN$0#42w43<RXZ^4n>LSLj5S_w8j*q0YS$U8T$=ESU24Cq|=^$*&rDgjIK
zlyxPokIauM1AL^BXE6LQBvZJ(SHaLnaKDt>!oP%Iq3?3GT(!W`o&*Bc_-;so<Wjpz
zsFX6h2B^hiYlV1rq)SLYsoiU%X0W3M0iLqd95{C;TmCaz<WLf@qd0<Z+YxRMp@#Ul
z%4+P|L3uyzM&A9&9&Iz1do#IpF6bBLexo@As?pMHjlb}%UUwE&^D}(!1^<=~L`x_r
z#e6syeZN!tQ6#WNH5@JLw}iCQXz*(V*C3Hnp|8N=Oy030^NS}`DpD()8*&X&h7b-3
zMQF_INv&g_yjJKotbk;n$lCXcOTs*EM)gs3x{T~Z`ank`oQ8$QG&03O<>ef?y+42J
zU)h8OFOWXU6yzmZNKGR(sAVET)X)uzxcN9#3<H*v!r8BdSQ$m)DSf#@zXZh}*&*<;
zvWTH271XEv7zsJ)M+@s)bEB!GK`HDrb9cFMKY5kLw?UOyDiPuqeC}(?(}3&=1xlYU
ziR2M0Ytj`Zq6Lwed+P$>Q0gDpmDP|cW>)#FXz64YUUmpX>;x>HuHDS#4Z=xfxw&H4
zXyp?Sbs%=YpoPKE<htSziUPRtFV3vbgF2a+<o%$H@X-OkGE|uM;wrP_x-1#VzxoOi
zL*D3j+TE8UeHVHg)UP-=fpVCu?YD^Wx&rJ7BEi9K*#@mhGUCu6ynbWZ@fAMo)q>lS
z8-G(A3{GdS5M}5aox%P~EQ&%D%Fsvto5?0PWJ|yer!Ba9JM7;sxX`js0~t4=6EZGR
zB}!so#%!PQ->MV+U)TIFM8f8l6Yqab*1-S1Y;C*I?}e<fqq2RmX=01)8xYdB!Ykf4
zV^UTAV0qlMc=~;+!4=N+wJ<U_P(HKcVa|E_9@9kr{%-V}xx+Z_1(m7W!Rb>b9Vd<7
z<5Cq(jmVPD*>@Lsu7IC?8sKnT{`LBYHA0l!ZQ(wuRloDh#813#2x6Y_uH9BrOJzpZ
zGuAxU_{<K%14&9BiMFItCgQ^!MMS7sy>8*uwP1Yj$dmuH{(%N7y$n5IxsNY-=fxkZ
z&2ct<0E09P2nc}YJ2lw+QjN&VrL=FFr3mNsa}8qa4z@#3rF?q36b@YO7p~WDsb3`3
zUuCLsWw+q``7uHvcljZJ;Fx-pXMX{erkJTP2Yx}h5K6!H^$?1`Vt1QV|9pjf@Kdov
z!uita@3=+S1Z&efKZ}s<&wGUhj}H(OJOX@S5GhCU?E7&o{2GTuj1ndk9}7<mH!MON
z3XvAz6`({w6{lf@IurUDiNhaFU>ZxiN9urgETDsbDGy(mCtCdV#4lRlO`a7iq9|8!
zO3MjKBRn}@avG}+d_AlocW}z_NLeY2SL7dq-?5(57?xx2E5o;BKVt)qRQQY#WrKOO
zFAI_Ny&unvMSUJMuI$LBThwa^m0K9xKMr@9uH2tc+R!$m8@I@=MxVUf5I=--QO95^
z1Nk9R=;LA~Q^kw%l~5Z{9#Ca^{*+`~r2~l>!=i=xo|sLLZbNIsBtuWbT0_OcwEIH(
zd{DxSBpgV-CZGVh6_88(>!RxtoC2M~=A=C&7YH=tc!uTor2YnKiB^(c;^UF(67rEE
z%H2^sB=So@i14S0sEaNOn*Y(tby9>XhEfu<pl1n67t;n-<gqHsDqPCxo*W%59YG#R
zO(CCBPnAqBS2$`Mc1&=k6O0E9<VhD%m`R$inu(dSnbRFRwS3`;%oeBnO;^Y^6Ek}`
zy?MguBzEfH{I%uQ`P50%iSC$pHvee(wC29(B<V!?^nAWGcd<-%+I8yi==SdLc<~r-
zs<U#_wu}CX9!O8ltY%Q%yA|1uDiog=pkI*JRlR0cyKUba0w1YAx<&sKX^WwWL58_5
zDoi9sR4Jb=pENBinkDKz5InFkU_L-H;5-l#nIsi?+_lFDmpYp2nYx&IDW(>w7lRb7
z#{Jv9uMpW*N;Ew%4IoV^?UJU&;%+;_7{xr!rmeqX;jswM=E#tt$2w~juq<A?5hqF%
zAbKOF61~QBlgwdpVUTUayXsZ@?0)M5CmCS|SJKZJv5VH8EHz3$$~`)t975w+j-f)J
zVo)}(B3AychgrK+4xxf@3RyO}vc@@}q2E5-GV9SbFikpNG-i@AuB};G(P<rhZn64p
zm6waE_1eYpEd9)8S@G=cT;##>Tz0wB-p&c=`ZSR@za5qzMzmNnS2KJajk-=TXCAB=
zF#E&wcWtL*$F0X<1Z{CdOvF&(#J)e($;m0Di}vLTOE^8HUZRmwZ}F)OGh2gZjb_5?
z+w|D9eg3FuW3&(JfQ{5a>JLMisOP<lU7f9t{<nsZyg~LD#u%3v^laK}uSw2HDjlaP
z@~USYYn{n<?e?Gz>^9pcdar?hUWc>Wx6_N0st2oQtGlL$Df_CIuIrmaeAB*RAID&V
z{BB*ZegWW@5Z+%RARZy#f9#<p;?)ry4XX{-^wek$@WMC19DKEfRSB*Z{43}KkPp@f
zxe>$`#0y*whUsYt<}u-_y<Os3p6prgHQxT$yJ-i(;m9FIR2_O0Iubeo>>ZjLS{d?`
zXO(Z3mzMXQ=AEw1j~PHRFfdf<(>m0!dtMW@*<|mucO1+LE$k;9To~XDbqq`Bua6NM
zjKS`-c+GPA=O*rD2?5+9EthD@I7($Fx=w-Vg9$@DA?2310j4K7QKrRl)3}S>oF-l+
z8dEeXW-0tA`DyN9o-m6wyHOxkP$i`*gTrKh(dUS1g1HmfAf;fUaj-D<E*_V#Aa#;`
z#?)+ZQ%@1CC{dJ|X2DvocamrBG3z$_V1oR2rq;#CdyC`>%k6D>?d;`@mp7y{`9leb
zRE_2c846An7Vi-9uzbut9y_y@vQg|iWhvTyILD60^=(^fTa>%)4eCwfJ|bEH`WYoL
zy2%gRSPY3960#yq8M?F$66YipU=kCAX?fZ-Swxa`644FCO#>lOlRjUSoq|_clP->e
zmg=jE$;wze2^2|u{B5n42~GBW6Laa^;PR8z`&l%{f+N~QGhYgi>nyjC&O=-DbHnZE
zp(|aePPI3Iv;KR}=E&NpN^<)P>08EwL&VM3eZ<bF_l6R|MnM((x7OTCR@xr)Fmz|y
z2aPtH>pv0#`^%J%r6;9`l24KoK9|?t<BtK7j>#^xx7rQ*9QMsd&-Fj@s2Zx6)zn*V
zwo9+eG*oI;R4aYzO;*yG<~QcC7ZnyM7bq=vELIklD>OSUger<3EVSL$D?M&s`tNNQ
z;1+aOkQ(yb^ZN%%qb_}sKI{w??~0P4LV{1m`^Nh-@T|pG9ZtkP@UR=xtt(bu>@$oq
z96V<pP@{aJqPWIfsVxOFzDx6PkzKYuDfY=)kK2rAxG=aXpF_3&X#IHNI6buVG<bA6
zyWd=GoAl9r^BH&_K`Ss;k<=|KR$fk?UU1f1`xX6=`|#Eo`EI-_a2nto5{XE|CB>uV
z<8}o+j(g9a$!{NYh~YU)U9kW6)VHfDBgH=L&iJr*tefw{;}h<EGIYE(3q1*$&0)9j
zVRg!}=}2?vJ#qOle%Sby)saPm{z_Y?4d1l1!P0PgRX8O%NGqoGeh>RN(p+|}+FDtt
z(`xU1<Ghd19Yw|lXT#g6>}9$2;LjDvmE?MVsj|t`xp+l)=zFg4LW#H@)8zXua1*eK
z_>7qIPW$mD<oZnXl7BL&5`&%N#>=sUI`4QLBkt?Om&E(?sN!jMYx2cZX7b_f$HU@t
zN0|5er12!QF15S)i^D3_rRvYOu(wAY^bTA%#pi{)^9R@WOPO|A-w!vv1L&EM^q2{}
zRla_o7A7@zcJlpUx04DmDCqQrFI^GVU{g$BdRl@1Ld4S@vo(;$mzAQre0$Psb2Yrc
z&4StHU9ud%`>ort3rdB!&a3c{z~}1d^a@ek;Lyn;pd)0v0c@e6bv3~FEugpZt?cad
z-nO;|Y3P?Tz;LqiICM(`0h3UCZe>#>Cc_X{Nw3%q*}lTl)?r6rVEka>!U9Te;Ah%j
z-IT=8d646g2-WOdK}ap26>U+Wt?7FTL=Yk0S6G@0Ir9Drw>YG=bsF|Sq<ExBKG$S*
z*5LvCzpZN-wyp<JlWA?Wu6ym42fL@(P-vol$f1G!YHAo>f^BxBc61j(*&%crViLXJ
z!6AOusbBtvd>3I*3dj<XP}9)p>FE*l85<whH!(pgnKqFMjHBQ7v&8`?<bTOTSPPl$
zZbgdZry=}4VbBCPiq8~LWBiU#9{k%bC@JYjJc(oxiLk_<jO4H>yTL@wWJmzg^w%IL
zJ>4$KH3S|q7<ranN@5O$uf~FZ^)%H2NdrQa<j+VMAi56(0CiVEDf5ny>Mxd>LPjYh
zxk!|dEMg9pTxyz{mN4=u@HF)tOT7Ski1;VM_*@}7jlDbCFP=H@@vlzxg4z}S+marT
zf<i*uNv{;Re>%YMsAM^^aTgZ1Nqy=ly{$;9%wK^*1;>A}_!a;OK4(o|q5Q$tg_(c4
zAZ`%aVpyoKcK#l^P>0ed$jfzWvESpI{ZmhR9#vqvKFr^8FU>6U#vUh`6C10yChHD6
z`O|jfeU|;l>sB~no^mX=yTj7bk{OE-mh1wcGt3wD!bl1*HNK1eqEiV|nh_494>45_
zgoGYFL(4&1-{0Xv)`w(_Ecq5Ks|NWUCO8bQ9O-)aQd2#8n(5zZJdSOlolr7cP+v@1
z!UJ>^F!qK4ne=SQ?pPEwVfZ?(a#m3s|EvO1Ao0`9J{1o88Pp|WhXJSYw>*@dOlJP;
z=`%jjjUeWDn+!FkAXXp`iXkQ?uV7F}yEp9KziH(6hD&4%+(=DUGP#~kR_Z>C8N~Dz
z5feh@8sD!MGHb~AC<W$p*3sm{$J!b)A;;;!YUv1*p>&p7Elq_%267qcsNu=@JHV7$
zd|+T8zS?W3yBl|Z(fVm@Lr{@5os})YmbWqoO#?jq9Bzd^;oMg5<|aD?oe*v};s(ms
zm7hgXaZ^)BQ%<SO0)zr9_5~s?g(BoAN*8S3^y6K1<M5lAMe8u*SuD}ov~WVD#^XoV
z_xL6G+|v01l=Z%;h3zs6C*SoB2&eA#4k7?8Add#z(O(o;170cmkulSCkh{&l?W9XW
zC~-wOCB)H#OJKksNJfPa3b!QlX(gipQRBZ((p(HN+}3)9<mQe6&@_n5qnWX%B8$77
zg0Oo4#JmtryHA1c=2Q(RhmaJJfS9_k+tZa~3@{e@jA}82!dO(#$jqj2(AJ)BG+xBd
zajZka#X&(lo175B9s+qeh}$E*GZ5cbeiVr~uVBEq9!P1`Vz5Gl!w<8do@6JbMKyF2
zm<YrJ#8C@kUZ-aV{)QkwK_Ta6_z5@X&=%x3hxKXSg+1-DB;@uDV083EsRr8TU#kcY
zDH<ALNZT0t6Cp)I^35075FUrqJE%vZf^+T_aCulz?>G6r5bUuC?&4_LICB%_PQwwQ
zm)c;3Pv48l3=;&0@+TTTgn^Ze3x`St2D5vtkp}Q@-AWgf$zll4HX&d8fg$InBhVuc
ze96^<B+>%{o?c$IFQYWKeQxRqSVnVKdkz5z9&Szcn-CD5h_4~NgEAwPE@tcSL2y4p
zof~yKJP;-uFJmbbq1ZVsqC+z|e34Bjb>njw3nd9Le}Wr?p@A;|@`FN%Fn<M#Z9RoC
z0lvW|=Hw5u1Y)deEZVLG8<#C^uON(Ts*vkm{|=JR<=0WFP?+8lw|i&{O69SYw`$GM
zJAV2@*qyuYkNGPV`Rd9oI0lbzWKr<>-@o1W-a!C7Jc_JvD0-(){Gu)Q^<wb2+w~0#
zb-yIu&EaI!w+c<Y=abIu>$^0m`rXZdrH@U9I@@(EUIx%l92*_?!o4jl#@s)Vmpd%!
zCbXO2Km5Q7fN>D@WvZe<H^#=V{Zxz9)`z&?M^aSVnn@s4D>uK#<OJo~b-y0XRTfGK
zS+6%Ag5h#|P=8C+#CIHsJlZI1_p(tX4c%P?pWgU0sWYUtSEXLzfFl{&xmS)nfS0U=
zLWE=rxh7+_a4nHS4K4;P_H4HKESXZjk0d^k`WE8l4rU%DoSZ_dn{vHqyAgkU?7!p1
z`_v^?j`;HYB>sWTV65`j{`MOVy0g4bjS!eF9-h_mJDp7SbeoxfCB?_FBRa7<6ci+(
z61R`b{)zKi>jyvD?IK@By$|6qG$P)xsk8D=d;6SDx3Knqh~~AiIX&?bYD7|$d(Aqc
z{P=dqCkSByj@La3s9g3p@G{xl5jVyX!*(-?M{gcZ#jTG2lF3u~@OS|;glU}i%mY%H
zwBptF0i1%ZR77|bt#;Spk*d0P7?>5<@$6jaBDKNy^uE&)+`i8!o)35n3nJHd%;SE%
z>v6Q!SdrQE$_w7R4?ISwbaZZSFEk_qlX#qjsuO2d{|bgjy4ZcDO`^X$+lX6@eb5v=
zfBE+iYAAl4kjc{X)Ey_O54jWBb>8|&5{CTD&dH81dy)A!^3S9$Fg`DW%z#rOeuIK0
z{5vH%-o4~8IkOnS-BJ#UhwSeQLqE#QwMAQINYQsn+WkH3^wA{yB1zD?mr(UqS5ph8
zu!Z7Scdlzp>2~T1gvTrKIHc40#o<efj8$-no>ifwXz={N&zVNdyXX6I#z9U?5g0~K
zA$Q1$3H}SrIzBdb;BmB0U9H_EpslD%(R5PMH&<<vsHV0y;UdNB>({U5wacN4a|y(a
z(@o6MMfbf+L%Hufaa<|E<;Og}Ob4$e^C*T1IWtExVdFiaUs-;?inD-Xv=UJ_Em3SJ
zV9M!!pkno}D3>P}J4az0-l&lZ<Jn$G?TmC5X}uF3uMgp7A|c(Km-pR=l>@UuUBVP;
z(pvi;^~+Yrj}G|XFLT(=O6kQ~ngYMuTbz5Y2;K@*#ECtw9iGhHl-!k@TqLBxbKL1O
zbBcz-Xxc<mmqH!ABmMaOT#WZua;`p@uf&jsW1AvadT3T%duM0ibS^jZ4W4Hldi|xK
zB60Y>rp^2bNLiYDa-Ty=<F!19beQ#@Ak=Ac!;I?F&=;;jrb{e5rj>4HvtAGTh;A9a
zq0pu{Bt%X)Z7*sVOMN4o;ou09#cIBlf|)H?K&s!6@_-n&QyBY=_RUZRQ<owYunQ+n
z8-g7A1%gc0+{My-T{;fmm`=Velvwa42g&?ozB0PS*+Or!Lnxj-Y%FmBXl@ZoL{_%I
zi!NpZArMmbCD78OvdluBa_gUrb+z8Ggnhw5Rx;%6-f+;s{prZlWDM%asH{E~U;nfx
zW&+H4Tv6X$-gt)KSGe2)$C^n@gYDDhdPQml5+4-S!?dSV$0(>kFl)#uIL`IA#$Eqq
z-sdy(hsTMb6J?y?KFeqEfM@Fq!m(6tnfPD4J;3sdHgpZlV~M&Nl$xKHo1VSh-Mk8J
zeGT4M*Zr-om$9^2s6fTYvMJ0#bc03?$D+t>R?8g?8H2(<*FQOLOqnq+B2SZTP;xSR
zxGia`{^s5*c-B0m3wnX}ZaMO{2ga`|;jZgho0<-Txn1X%9jD&2bA`|hz91X9%vYzW
zjOdxv^edCFk|^@W5M({j<^e<1&m`D|j|3yqvjET|r>}%M_+o&I;!l9S3}7-&bb%08
zQ7{;4-v8~AqELQDv+SeXj;|T!*)wug_J7Fq)g!Tgb<y)2X!NTCo#Dg6rkVy*H1T8s
z1@w|7G!#=avZo(X!FLaoq{1}xqC4`22ey^&hKMYyoWeMGD8$8qL$P6UdEFOm5n$_p
zX#Mm<`{7IDdo9bS3>#ug`>Utt2-Qt$-hs7ibUIxEV+rUsR?qVJcPj{H+sn9>Ei%Eq
zFY^Q3BWn*;qWl~1zrT~+S^;q_Vq#42kc^HItM+8$SlL6o$}602Mb+vLY};-hlG$cW
zwRg(O4k1vGz-KlUBZQ9THGcFe-?q=R)HqkO%i+eNnG6S_k?Z&t@iL$gwErgKZ-X7u
zI$Sq}S#qIGM+Q1U9!b*+>@c*JgJj;-lfd#1`BJ#*+adfgI^`3kqX!|+>quM1b3<dP
z;4oe(`%*a?1IVw?+p+tM)*DW|?t7_}5X31y@P@>K9^Ynfv(Rt$hbw3zc_RHN2>AIP
z?j}0IeGu&Vj&S^uz;rETxhL&lL?B9s52KFL4ATi`M`e!>2;^4^DD?GVz2#5+nJWk1
z8hfaeYRmO;EyAoWC5G(t?F-Pwi?1W&07Cs(VL2aSid`Z9x&TKaet@W<@eRfw5>N{R
z=CxT4hI``SWj93>SZdlE^obJ^ZK1zxm~W^El`1!SIOwO5<RF2xn7N#oO<xv;Sg?4b
z<fGXN<EYs=#;C_hU^HMEBUzA1HRzfMMe$*f@d=3$@(PTl+hDySL(o!4ws{)bA*!~}
z$-k??sQ28A(ie)$Ii^7-*iGFjNo#D)POY+||3$Rz%^v;EEc(s%FX3(mA$=obiV5@)
zbW}2@8TJ0sDMds8#xGk~@D}+ap%w6T{7M09J96^xF$vm9eTUZ1SY$MfU7T}hG6c)9
zgmcI$Cal|aJ+`p)U(U+4CIFr>Df)=pwhznS;G!&xV!rCRa^b~FEV(21i5Xgv0AsbV
z93@b9=a#_!jY%6o?)(H72{bAgT3Gou|HirH{~@4N&l`!v6g3{h9}#l}_-6&wW)-X$
z8T5>3>Y@|y(~*$$B}UU9j{Oi4*}I|*^UOmmcn~{nV`XKnMxl+WClq8tM^7;eiC+M`
z^$Xtg*J5GA>dvrF^a3!xKrmOta}Di$WSxDyJU?$|eOPMMazi1Wo&u_$%FQu^d^_e@
zXMUN_Ksb7nBa|U&a@<?5c6=#M@ZP}5JEnhoDnYai+&uAxd*niaaB?J<hr2W}IhGsf
z1P^a73uC+TiwPp*P4}I$2&3d_6_4;sz3L(D`_>>pv5k}}BWZVFU>L~E=a@$^^Hdr`
z$nPMY3P^ByZF2b{<Yxn4uTpG-)>4!)Oi7=@Zj$gLuRCvrOjhakhkdD~3o1Ieh?!E^
zg}yn5jRDQnnwI04xGL(Lb>1|}cJTPBfD2ZsY6Y=X#lh6MV&?1P1z%qtk<HA8(CKA*
z9|av5D-Yxxg2<kjAltWd>Qe0RiTRn3qUpP75`OK@V*<k_9tA^D8sg5G7qhjwr4ssZ
z)#D_|=lDQ?Zs;NFpmesty%+_YZ%(Ckb%$`sw^s24e~wzyf0Tq?Pe%;VaH!#R0Y>D)
zZig3Nnt7EA?7&O1j!yYPNN^xdObArh`JIH2!Dp}ty$MkW67+ha#H=J#3W~T)?hHlo
zu(;M4l+B$-rBMhApbDOhHWSAXU%cmVmRzbELxLtaqilpaNj|EWd{fv~%FR(@DfbT>
ze|t${U<m5YON&&t<T=5_z7k9M2h(fhOghcPq+oH~3l$B?HY00h5(}pi2yu?3^U62u
zA5?IqzN~T|=dhaBd1Z#t%H;6Gbh3pXSGi5`sJ%k`sje51yuNC++=peXczL-zvbXv!
zTK1)11`o3accwGNZ8eaH_vuM*{6)Hl{Q<%Jmc_9M{wdE;(`YhV**I#Z(EKsZknBqS
z3}=SV9ZLVDdiC*K-!cP7(R3o|Srq;_BocEb;=#MCNqp95DHgmvP6KJtOP}vyq8(Zx
z07#Xsc)n3cbaOCFF&l})rjFv<NP8|{Cntcz=>@;)0@8u4)Tf)hsm3&`mE!S9aM{dT
z=72sKoWEFv!gO|gr=x`MUifk|!nN+@EAlLp3&i+S_U4*O=$(HmQzZlf@+~55o=R%b
zuT++FmCr7yq8ZE88<CYMlT-95X)xPVZuX9u#(oGhy7cK$YcxQqR<6f>^wo9T9);0M
zy`71ahsFY9Pb5hjRs;O~ueI7nOwTtnM4AI2IiP?BJkAH)>8zz8x9D`@j0J<ve@!Nc
zt%_x0&sD5F?hj~4CsS$8cQ^~B15&CsfxmCB7jXJ>-3Vt*e_P*4JqC!$Dyaw@q%%7O
ziq{$xMj6Nw66Jadm6WD|{XhxcFRcleEQ3!5Xfj)ex>TeSMNJi(!Om1nB9&lnv^b)F
zy^T=Z$tm#3!ZKSfM|OE{#mi_oj~5pF$c@Qy8~W~S(ehh5qUa{?Wol~a%>nU8y7r5c
zc@UIY1PG5C_Ea(1e{2(#z%(UNgb@wO?yLok=7e6Amj7`oL22^2O-_dNe4mo9)Q(PL
zmqsBouV`;|RvBM7JwVRj?Uca?irf7&^mN=Ane?U#_vpc7uNO~nMZ%^P&yq|PjRqb-
zBAD)i%X<)AwrD%jF9QeXC>|;ysnGtrg#1lN#kGPsEEahCkoAvTrvNFsC8sC*?PL2c
z4bEXjy-iI&iAIA>=*4Nt_Xu#o;|6H`o)e`X68hH?&VYpQ&h0^qHhr_jQ8rn*OykE|
zlegH5c!V>Bs>aLh!9<uPn@xA`u6mub0`a|2${mnszCF4IOy(0*=mz?AqYy~ji=Pt8
zE6yEx09!jGyxzR7y$4yVk+B(t&9ZfLQtt;rMM-^Ss^(%N4{gF3eM3@<KZVTu^GRcA
zjD$&U%e$?Qm-bhkh6<~-H8sgAn}t-1MhYv13h{(N6?ahK(gdH{7rhiDFJ2*A?!)wT
z;4OO95E{b8B5K6pcwl}&dmAgdMgng$P0^Ty!@&^gBJygzMKGVK>{oMR;<^X)q`)9^
z7qH_aSo5rcESglNpSOo*tb*h@rL7wC;eS)_GaAGj4W1ci#)(-ifuVP8Z5xsw+VZ&K
zoHg6OsdNlbfjLJOem*|0FHGJT_83G+n*c8r?VZ-WD)N}3<hpKwKnJ<A(wPBBYx1Ln
zdTiDJm+1K-@pPq<y|{#JL(*Xi=LReFtDAZ3w0R2a6QIZ*(jk(#nWE7v-R!mDBkfK4
z0%qg+N&pBqj#{qM5%!F)x>~xrS}K=O=4VBqe>IP-8|87^n{?1Pe-oIs(I_L%D|yA1
zm9;{#48GWTCA7Xef~^RnL~xs_Q_p>mM9yFy?hn|Z24TTidH_bMXz}y|5ZiL4xN>fU
zR=YVG_0Qz+E)yj9dG3h>8iTSjF;HVSH1Ey0F5rsK^BRRrChKdQylBnEVvV)rdijj3
zY@yL)y825Fw|Dg2ah9A^IbHl~>t!tYze1N3jd^QZQ?eVQICHafsli{s@`?(2BYrw}
z_Kc#Xa7gU=vI?47pLMLiy28nI6KYL*K543|(}j0;hFf$l#pZ*YQi=UNphW}|;wRAQ
z9jue{E^NhUgszcwk;p)ZBaGn`J=MKItMxr@8r9y4G;0aGNVP(Y43F<6V)0f@GXA$y
z!7rbutuLIuz&;##;BG-ay)@RGK<&Uik?3wcJDQN<Ds>u@sD&p#KmJflatFII5)I<h
z(~Efuq!N28$UjJ~kP^wXU#LbWP0$FF^<otb=Yi?Cha+j)+M>rOzoyB4$Ey6u_%fGB
z=YDggC_6(t-%?=H9FbhrT{yZ}cL;yFP+5sxaX*{ZT^z_PM)-IX7^<uLHod>i4qC5I
zjF9l@fX;GBn2ghA_Acp=ievE<o2=FA744p$@j@nuFn<tg$I-{-vnb}~!&q11i578i
z09^<)fP}ZIB@UYoHNKbfuYn9tV1NLrhNyXQ@ZZ@IKyV-B8#rlCU~jUd2_yzMk$_*=
z6c8#rWB5Nuf`;tTA0=Uei1drY?-Dj6{?b2g1c~u0P{=Qge!F@<9ur)&3y7pg$Q=J`
z$Al3glD~(bOE}eT$zk}DJP?EU0@g6UJrl?be;Z^b#ctJX^tt;`AX5QRM!8LCpX<sF
zWJZe9pv6ek1;7A6Fr?`i6Eeqw2BZfKIP*E6(~{%(=YaU1mRI~%>kVJHTrb79G@9H#
zeS-xV84l2G_lUA!InA^E=+=O9D82mx^%kh^cu+D5>1eyrf-vcNX`ubCd&;JFix#y!
zsb;zp_<8SQfZD^!Jk<(pK!DKIL6&KqISN($nCC{5y{3=Fe0el!6t+c~&(#(9S)g-s
zV6v#R=5`8<;Z%!qL||q3s42)7Zi2bmtu8&xHWKDLs=9H>aA?$1=#>aWsLAg=f@{?T
zLUsD$=M<U?m_i{j0`rtfu?kBt3uK6RJUxlJrdwlajz9{qqxD*Bjr!MbqpIZtdA(xQ
zUc(SDBX7`%3>IT<PG*~E2&aolBI8+Xc!;>XJ+>bir8F-uQ5kAYW)!@DQ<u*1><Aiz
zkyX)Hg1GBF-9NiqdA(Oi2mDO1j=AeC&H{hFo!7Z<wz)@9D4Oc6K4ew@Xpm{~+GNmb
zV<qtX<aGi_Pp4I#dRb!%mg#H;B%&-VDp8l4jWNWTm`sPoxptLRRdg2f*8U)$>tAiX
zldIGLUJ!AD*?Rg+lBv_GeLsBh4Tw0rU*Nytx%6Jhp1K)9+&%K4!NNIw+a4i~$SzT|
zgzq~XPQWhA%!(tGw%`!ybiKqqS*##p>F0L8)myr%$u)0_pZ!Az6nyVc^!(JtpK1>$
z%FJ9oS56o*y#yh#V``^NnqT3l%J$kbTpa$Z>m_eVGfg@l`p=*uw(~_@Bdo^V3v$(l
z^1B=!Pni}nne5<p`t|0IEq(LE<Bj%zjJD(Hm5e&xKd9xv-u~Sur$k{d49W^Y|8^)0
zpE0?<DU8@-kxn6d<5nr+u)j$h3D>AE)gLXoKUyz?ez;sG>6H!lPzQOdiyrB7I!BZ$
z#ePN7Sb9g*^11aw+ReU~d2MUNtQ18uIbqA4lL<zyhZ8*PfSEGYMyTlKpD8PA7d-#2
zPxr3lUoSR&{b~=H`!q_8DAoz{?-PDK6N#<U`)(U#vKJC`<!<3y<Nlp24+OSJB*8AZ
zZu!9)q=0s6JO+3^>mi579(^K(?hh)}Dj4WpF<)PIYkeDVCP#)pKW1t@(UqJi=-!-9
z=LY-)dhK@)XvF=TE#?Kg{h#fwXGjFh2B#{mCEKBPjSm32N~%HO^IN-*$n_RYJL9X3
zj3Q2C%Zi+wJ7edq$Pzn}pV5O7GBO=dYclRXO%!5q)-;UL`CBAhf~`yqn)vymwP+}b
z3EI6^oP?o}B&}1AL2D%CS9|+Ui-lrR;1zp=&1z86D0-kI-nC%L-owRu3`j83-^{jl
zpoy>R#c77?jzs%$4+H`M?_4{<3M3JyVf*->H-&|abg?M!I(ZQ?H5!YR(Uxemn5Ud6
z)ZR__GqE*{ir8G{xm#osKnzks$TjMaSZ!8<OO>fc>-I;Jk`|q|6?F1BMgUoK(4L+g
z{k-@KsC2r`lrG75J;M}HQrBDELTzr(C{!vH3&VNWxQ<-EI2=C`Ptyzsq!TsFuxkRw
zKa)uCFF$#dyyrj1v;x3E`J#7D2AuR}$NfHkK2yWPN*=S7wx~>A*;ID*3#_uh@eG#a
z4F_Wh$;D;${Ji-pUCm0OQl}PLOcy*h6ZU8vuILp5RgcMRZ*tvA94yx2i0pRgT;XBZ
zCeO!?vEOAZ$ux=zb^E%^W^;l#o9Y1_-X6JmOLqGDpn%-V-!<0XPeR>NRO}dtKA9aw
zn<g+Y&3yNKiw@LJfhhUSZu>-nfQTlhca$2Hl$6BE#ba$?XiXEQj*Zd1yMK?nz`6jm
zF+?Q@ru*DV1ju%@%A6~XfuilA7^rpy-NwW597RU<(T#PH@R}z|B?i=F#u9@Vvvv@l
zFTx8l(!nD0iQYcyGy0BzqHp@mk;CR^%uoS+8Gt2~=>s{d2&5S0QN++bMuAqTK@ccw
zl<VyX|NrR{3>xHkc~|W(;x)%K%UJ47ZWOdSZ3WWr2ji<isGa&ac{iOlH{`>XeDd&s
z&zuK_M9)d+<jVJJU|a)VbHaZ}bqG_t<sp`o%P_z=7Qg43PqzCR4&C_X@v>dMz)d|e
zC$}a->KB{sIuxcsxCAI3h=nQqC{%7Ko)LzRDH#hreop_)#pvMqggs@8mHF<Y-+&36
zENBxs0n1E(@~oB_bt5q_U2@p<nG?-rDU0Q2RhBwG^b(EHK;g_#^er%cg5<XpDg$8=
zBT><z<>$-O`pk-;)JHOnIaP(2&TJD3b$^=cI(gC4P#p|kwb>NLdd_8dc)?>f-#~PO
zM*Yi%=Vfd8_RvF~g^g`6F5kxO<obJ}YgcYg!S(&7$z;+#DDM&}@LnR~ZIRZ^JZ@|-
z+U(FN)>u7D=vTSb&naa|HtUVdVFCaEP>Ts8=ZE3uuiU$Ni-q1cJ~VuCa&iUl@72bq
zF0uMgsAMvEyN~MyHEysmrSP({vIyULlK;l1)%v8YFr~4R<h2FP4=b7$`1bTs{H3AM
zs2|)Z993d<!Te<l@#!I0+Wq}pr{fjLcx~aGtA}^L-jH>AvmwBDS|tEYI$NCR1~lSN
z<b6F{ZZ}9oJicFPn6VmW>BR0gd!iJkrUl~p%?smar>9h>S1-)o9UkXcqETs~Un7!p
zUB=VN$$-y~&2V-XYt7`Ncel4f_bUiBpx04nzK+82*R-Eb(L`@xY`I0*{B1IuXE45y
zYPwv6%MCC?TAMqaB=F|;aEA$sd=#VjH=5OEnD6V3NUj$f3HoHRImvHBX+&HDZ`{bO
zk7xZy)4h8!5iv124K@$-5TG(z9Ks!zT@{n@Sg7<zx#*^k&{Tyd9w-2Q+Z~J+o-K;%
zt$)dJrjq|HY>$~trRoy-6GXy8(x$-jQPOW7E*G(H(WwP?gYTz7;G{TS6xP+bBGB1V
z1+c@^yV{uT@8`1J(?5E2Ybe`pY_suK+9Df!p-MPuB+1C#`yXO5Bxmks3^0yRq=1ur
zYwJDBe+zD;DRsnbp&X`2I){YKAD732`n1-yIt5$g>&;<6#wv)F(goZd&xTb~6>FCT
zKW&>8HR^mbf|UCCt2nKj-&3bX@GB12Upz+>=>(dyc~c~lk9V=Ah4eJ<3zeGR{YGm+
z5$Oo=b}+lgJqrse@%TUf)D3OPD$02)ueCn%L!nb?2xDt^XsI8Qozqdu69caqlH}Lx
zOQ{cD?lYR)j^ouNoka&9tnGI8%wvO_JSTmaE!1R-j;HcyR4R4I{*2Tqb@c$eECF67
z@I)ugSy@?gOKZ`%{L{aKsvY*R0)vB3&IQ81H!!Zv&Pv*PDL}q>zmk_pXKT%}w%9p2
z#p=I<gU>`AQx!3Wf2V+)0h7()iP*jPBR4*;Y~d&DR~PXnKuy%-LpUn%<;CD4^VorN
zy~WxT{wFJC(FsR3GCc)kWISLVF!i0WN^R2feJ3du;$+jT$>Tm<Dx1L&Dv3svt@04n
zkXnv-iiSyZftqo&VzseeeKKd!tQ>RZ&tkC1VOR+~92{Jo%`#5NJD0!q$A!=`BgwYb
z??B=%<+24r-3={J{tYSjXN}Tmc>4D7bB)NgZ?XK1YXqU_Xr<3S(yxY4Pf6JA;`M8@
zkmuUEwgn3aG$dhv`vUz6z{a*b$B@e5fcuAt(-)o9%3wLc4bq9el7yoNDE~EL94{PI
zy;ia!75)xNqa`9g+1)Tws<iq8LJ)~a!*1(47%f3bel%}=f7WzjJ0~im+GHJSu2dO8
zM#kJwS<GsrSbkmECN%azwM~toKsp2JE8IcC?AF0}#)yYmdYj@I?PilZs*cVj@{{@D
zO3xah%K4TsNZ`f?O&DYAGG^X#akn-3=e9<B_L}+mdM%ZQ(+9ztni@&1@Zbc`RJ$o3
zW{1@<1gJN~zph}r7i#+wA*04<dBo2B$bV-r3NxB$Fgo95oph<zRJVY+fTv&NE-6jf
zERZUBe6aa8WlAkm^NdXo15^g|D^Vmprde5AqgHUU8UX>wx-qc~!n#a;g+DIR$0}7t
z>O#bXS_H{xrSoQfJ^dqk_a~k7{~AjiP(?`h=tQ@$|96J=2@VeG)-{7c@7GAk1N_u?
ze|td)g%34LoJwmd8ei4Byr>Yo9Y(~9qjfG-qSQE@$#)Tsl!xh`P0vqCQdSb*!Ktj0
zA|zPB$#a%+b|S0%Iw*#zM3&|0b${~XuhDS%`cs&tCOZ$2UNL|@g%ZIs4_~BkNO&A7
zc!g-1Rs%coBs9!|HBRk>Jd~OfrQnsJzl?Kd=Y%Q&m^t)nNz6Nv`%+O+(a}PqJBv6m
z3Lqwdu+KOoF_tuxcXhzVZpJk;u26@I6hV{ugg=pBkqShS7Hi??bm58@V!y)=>_90+
z5Au#sPXQ}$1J?l`#MS5_7(k>D;|o8|_$LU60fB(y7>38#PY}QlB8X6a?4L<Z3J;uA
za2C(-f&g?)pC1Svz=PQ{gFdJ7LP!M`@eQmAfyNF62hmUrupKkdXL@fCJ(Tv1Yz_fo
z2&69{D+aK>=}$cI@(DrSF&q&;!3-40$`C9x|1%-qA%jTh8^ZzaCkciB#3o=!VxPSA
zm<YsMUkt~1K6xt!h=WFg<41o|-C40NvoLzlUuM|Y68w*4g#T;S*VKn)mh=3HJsE*c
zx1;51H4=5n{PKdm>1^lz-y(GqKDzLMh{~wvZ^--_R~5_D;&cwqxbhtv21S_t{g8s)
zSHMu{>CMyjJB1F~E}7JV3EA#p_T`3o6_LmPPW~`sq4x6HgGwe!&mFAX2ELsQ+!K=k
zQ0+%lBv7?VTkJOZXDq3+1$8DLbgik3(DGm74mYc_^K*Lp9y4a!1vO1kB7GglkN1F;
z)6i`HudqO(Ba$ph;mGhC&LYPAu_0uT!(zz+7(b9V+MFf*8FO{<n9bLa5Ka~aF0<F=
zJ2L+tK|nY0tdCf9%XZ12qTB{}fDZ(w(1-PdmiokkH5cLj?fVtDjUbix<vGnR={ut`
zR+esu!T&%2KlsK3_pzf9ubaLvd=EbX61o*8JY)Y1!TotLRb!M&0J+E9_k~(PrB8XD
zw)&{g{!(Zu4s9Zv0KAjh_<)da`QCr<whj-;R;8{p8m)SVrgx3C=U8X_Vc>caS0ugP
zpRV(%4MrEvF&HdxlsLZg*<I1gwE}rzHRl`;$HgjIqKx<kBQuJ}sZg)biS)oepI^m}
zf{x&HrapzZHMCEF?Pa^y27}oM5*D2@5N$jol;R8*9+#6)q8JgE+dm{G2cX$8wSqR0
zK*lD)!9^sUJ{NZrCv9BXdpdjfd{S?T!D2#)My=t$!eaS56Muj6khZJY@$ffw0`QN=
zd9c5oORn^3@=zR48M6wX;lUa3ULH)k;*`~l7GZL+N)!6|_8_V6$D)J3kiYS&ZiiP%
z#o_(wB0fAsAE&vQT5;q@&81!&>f0%Z{J4Qsvg8UbeGm#F*DPYTm@5wEJER*ZnZ@E-
zG)i&rAE`f@H^m242Z{dGzF$f&5f3HqRdp^H-c)@E{cEV0E)!GLS6zTNibxAWrYDAs
z90}Jhio~or&Y3@2wFR^|Uj~2_fBn~`IJ1?z+qvYfH`8^AL~?npoy`CD@B-L-WV`7B
zdv1<StJN0C%l9y+NouZD;BKSViK0xY8oz&k&ZmZQ<mbaD`ggg_>zOj`U}?L3D3-Uq
z;XQSP0o^5`Q`jes9csPBB~G1(XH)+nlW*JSl`png2@emiT>W3;(I!cgN<}%%`$&*t
zHAvB2^n5rE`4^UevDArpvDQu}UEW~13TtGU4thvo$loSVLRJ-Kiv6%Z?9PUK#?n}%
z8>&@v1XADr;caVJnmjaX_J^Y-*rU^0umXEXBLBc?YHEu6D`n0Q2INnBT&#QIThgl3
zg*JTsWRpHK)r2ESWs7pvdL4GeKyy&lz0V=PrHJGUi8-HnzX=j$EfN<O*Ku%gFsMm{
z0;S+|t=WNqoE|7TU#5v2gX^Aaat^h0HA(vP54xE8j1dAVpzH9%Ex=r13?VNgj+wPF
zA6l-?jG$br84A?zuPgxqBr~VS$A$j!Yxn=^I+D4Yi>&AH#l)bOX+QjigatIzUha+w
z>$xiTg(>loAxc$B0xL2Wi7Xq+kNE5`uvo0Y>8c*X<d{^u0e!gO`NV?r?cXUB@c$18
z!VXtF&99W{Pz7rpPHZ>;Pf0GyMompUz-%v_t7+0uu5R?8*=TDS!QrcuUvnbkt!$Lt
z=DxR*wUR5hZBHYH<CCavp2frv#9F&hsX+>JJ(6_lP)osZdf0;TD;0^JlCU6a#&}e9
zr>V7djbE+VqhietgMCZv{N=l|+sl~xlJ6G2%h_5KNR}IBDMjgz=%!R>3>*AJ8h6LF
zz$Nyj)!vP6T<CAO1N&5}*IV1YAdh3^R*j__^!^HTNs-Or2=QgL=}C9SmMc?X0rj~=
zDSfR_kB7%*5Y0~Gc6`V@^Of2cKC8;l&p+FI_}OZIIHBE)+GcUD8+Q^h3AU2Q>$?qM
zcAm(riGr;|6)79qT<*r-RUAsskJAro%;D*<Tt=>(KON3m*x+gXE%u1lBcPu&hVql^
zk^eFK&FJYb37np}ISgElJH6Ku{%gBFQ!=$CCM}}2+-nm<@BW3=d5d(l>0}4c+-Y%=
zP~-$=O4URq54lo}RTt-1bKt<vnn5RcuUvr~xKtLSxGW4mkwD<w1?Z7PW)G~VDh*ZF
zkOsXCD9H?bk3HtDy4gW(R+Oy^aa`Snk|}cwB@5v7;63>-lCAA62BNEHf`q}RMFf05
z+s)T2;b76J0={Lngk>Gc6zi-j_f>;5i~zs1hzQBL+b%hVtQ+*hRod)%oD}-NqS?8N
z`%|`fz|nz<plm9V{MmZDvK8%KNDMHAQ<?Hdh4b+=6X8H{;Ewq?1FtK`eUkVf(9AJ#
zfdSMDvBLmU_(ywfu0&CMM&;P>bFSh{`M0sm2&%$=MkD~L^)U+^yQs5)W>hKW>HjBE
zx&Odr!N#D+tz!k1KLTx<=H#Wie-jB%G8H`?okUT}=%xwp6wLRlkhgb~ID+0`c?N67
z+=Z>x>3g~pL;a=Y$U$2qzZVD{D(<FoN*%8KHJyZ@vK-gYlR5^0Z9Pyv7wjTu=_wAb
zbi4k|zVAa^YW5AJ&Vq~b(?O6HBA=WSK!cFM{|9IS>2#MVTPOJT0c{o!?SCK*Iz)+L
zQDjZA8mhh(Y(x#~f2FKQKXAe>MZ+&R-)&GpScjMvgkr)X*cJysPzfp&1eL(Q!Lo&c
zW)9-~q&<E88J32i>3$Ig>F;3BK^dR2N>~I4EA8xz*E4`{3}`fAGrxcyP$vS$uRf73
zy|Al9dW$-{Ws5eST?%B510UFkl&bEUT{2X3g33=JMhf?r8eVa<EitG-7i!)a#5PuW
zlFH;AkKbO8Pjsx((*R77v9>=MbJuG3LDd226wL<iNr~G3;k*v4U&KT`U0wY85$tj<
ze%Tr|pvHsD_@KJvacr2K)}WKhq|TNEEwKMk;50$3k#O;9@i1Qu|IOa8bATPF&yw5o
z9RftX1s<$k5OCamuex(0lD9Vk!~ifbA`4@f47swd=FJz=`DALH=GdSxjwq?$PT5Ky
z&+No+OZ?Ahm0io&s~hBmO=gIk`D)_8?cv!&x3g;{9|#C$jh$Ijx~q+UUpCq!UW^fU
z$)pFzS09OC6mIc&+`|zvT!*r$)mmWLY}Vu6w{rE?S{xAtdZ;Pj{+lf_GCd&5ZX}Xp
z#RcJH6}3MCZAM3IzuDmpYNOp3G>aXF_e^vA)%JGi=q^xi5%D&U@3Vx-o4Fp|-ed}P
zhmTKO-9+)oe|Y$*0f`<!==9kH&@9T~T-_Kk58(DVBbW^W2%QlPN>3l;Ig1hYGxt>g
zTXns>Ivv}LqY`tuJDLHfu(GZ{{;zXA(oe7pKh$oeVA_6R0pgWK(d+~$S8XzKdZb6k
zEG)SM_&0z$h|t^ib#(9U>AhDB<N5ZxR2Dtf@hn$KN9`!cLy>;Mpb_Y44Fy(k#f#vN
z3njV6I;FGlU9xEQ>R$-YZJ)L}-0oixNTt#!{tS>!W{M;P-z%YfO6yzL0{CN6PD*wn
zN(RirK(0Zj=&OdMuR8TE0qi=n7zYNNKPig_>R40RTxFh~o_ZD+5%YuZ2a9uje;B2K
zV=@->g7oL*4=0&&1kwALuI<RK#z_A7bF7SvV>7#H`g*KP${!=W8?;|R2MGG&un-xN
z8oK%Il?FyeB(lZYTy~R}SRP_$jW`Jnlg40~NnH5cMGx$0b-vT?OO)*_8UMF`BmN6w
zsSgq{WJ*Xeo$M|S*JtWHHDP#n*Smwj)37^??8Zj6nF5)hM2esFQLymv{)4loH#i1;
zCAF-`pY@HdJ!EqE7G|qJe<R$W8DnNeLly;OL><K@#g)06{2B7a5lT#l{jo~g<^Q=O
z9fUY5%fc!aNXz(CI$=HwR}fRp5}(Y38pJseEV-LlKEX94h-Z+3A8C<*78V8?XoCl{
z;I3hT%zzLevji}w%6QN|gogw1pI$6P8-&j|01h$}2jf)zEU*QGq|!Y7DCovukXbw!
zC=L*VWtDy2wO0@n2dW1GG(QhFh<|b>6u${&Pz3YS2i3#O)ONcoK<e->;!m0d!+%Km
zNr9?A>u}}QTMM6MGZYXrONGpJO!{O^YM^;yEx6fP{_n?mm6)2$<OvCiNbxbIkT><E
zDZi3`mJQ@V^F~2J3gz*9)PD+PNM$j_6%-V_Qov{=OCio%{Zl24GXTKA{^TcBI_;wM
z>GyRxCY$x$M>VK+4{OiFy>Fl_jzMQdN|wm&do7rJxqYo<`$O1&^J5Adyr;VT(bIOV
z*%7^8vPJLsCW+Bouu;}FpFI|to)H91O~iAXmTlLXqQ0GL=EqlCJZ?=JX0p4(B49W6
z?TH&s--ldA!M|78Ui=F9$TOQ3OnqB*Qpdn-#9}kSC{?PwyAN`NiR@zY_mejdw2&G}
zp$jOI#x|Vt>sYF`VF3Y5QM2F#yW0ipBuFxuOu@2-pK*<PFtG<sj*qyQt~Ya-b>^Gu
z7Bb)Y6^CfGJ@p1YOe}9vn&q%SWkdSwloB=4y0U#Lm3;eJG&|aTe^4RKuc$y?T*+DS
z<rbYb7erZ%IOZBU-k^84^Tk$vgKGYUuYtNoUT?wU)yAVP)|r(dRxB}?Y{;GuKl_rX
z7L7ei#<g4Sd*s<%+uW`d*xcDa7#erCtMgcEKp~G2LR35u8M@qL{DkpnWWH>s-Q%1y
zz1}Q@tMT%;Z%+1=#|Q3u%VT%9P)HmX=x87B8C2sgnbFF>N4%{~9_SjgW7zYSl?m;S
zoizF{>7bOZ)$W3jKOoiTFCr<|Y9gITr3%$KsqN=@I3Z#s8tJU)PbQm9m`~5mm+OlM
zkGllz2|_-l^QU#jQJ8GtaOgB*6&mx?rOI&A2Oo9z$UM>CzE#&s(~d}nC`?S;DAN1-
zEO$2AZi-6LR?%s<_=6}*_r%1v1Rva}*eN~uXY<63I-DVZ7Zm_wevZ9Vz+NIlMHF;I
zB;g`F$+E!nX-bEklXGiugGVkGNHL~cje*Tp9uzS}9`n;xEaj357U7)m?C05a_rEU}
z>#Z@MC8WRD`R~fG%4X$6OPfl6J^cqgDy#fv$9>;|b*tU>j<Hhl)^F*2?&*2${1z&Z
z@J-G~$y4t>nrv;r$puk|+hjk>3XjJMv}jE%DsZ%)t6UW(S!@}$wz`^~`qe}|#D|a1
z|3VSZs(L^d>2Yhae^URqGXj0=%d!V8erT;tfQj4d6U<-Z(NdZm9#F&!^b<$Q%h?p;
zFmZ8dm}&QU3&xK%h=-)`vw6~B(W(IzATc+q1++PmijL3268=oLnyOl@w`j+%lEeyl
z684`|DjRFO{H?D~A_l%Qn=2#)Y{|C%y%9X5Dr%vih?@Y_gGE}$zSeXEP5yb{^U6&l
zOmU*kQ#5$>u-#}QVb&HKOD$1{&1DgZ2ek|_AP>;ZX{93*=%EN7UC#*#W|KIg9ltz1
z;aftU4@^(XqiC6#6}u4qDrzryt5AC(dwqQ+rhtO_Djrn=j1$ylj%1i`_x>kycftfP
z9_0*J@suc6r@X$tkJI651+~m?XlrN^*VN6yx3{<R1b;h@(c*BFqlY89k|xx<69)D*
zxDCT{xD`rpO0t2d?NYNPqJKa@J=?22!w*_DdOXk(vN$qX8<5T@V&ezW2FuMDyk0T<
zHoT#`2M5uAuGA-M?4`Vl^(j66CK;9Q^s%Pa<km&|ID8FCy>A`JArkwB=^}4dR7$5i
z6MS^DH<tDVeL^=;(RL>BvoZ@tKQbQg>58{?m*(hy_Ab(x?OhEL?jtepQD+Jr;|*8p
z%!!WQx$R+TLG?gHtj!L`|5eIaMa9u}Q92NU6KGt5HH}+>6I>g22oN+7+}+*X9fG@C
zaDrQK4er5%yG-%@H?!t;xMTI(tE#KI>pf@hXCG3_rTT=8`nmZwQ><nZ=waaXwUZ5#
zqLx{NXf|79R7E~U`g_R0%8Jl{`?u01mehBvZLW;-Z<)2)Xpp|nCQ`U_NKRZltA|9U
z|6D(fHF)hY>F&dqLypZAs-lV?5;F*=nRqgJmTT-edHMJ{i#^7A5mR7af8BMvkG}n~
zU-c&@V(p|_9nOC2Efpm@@gB^U1nLW*^#ZQKj(AV~eqC?B1cJlSgj{-|o8u^9c9}U2
zfw;N114(qgN{P}`<Y=<_tkhsKC*Eu4V*M@^xN^UqpH8>Wlx=wn!CrfdJj*RwfOuGK
zG|Q4NlZfg0fF_piv=+W^Uucr9Pdi887|5oB33iVQInEnRdwz2Jul?3+Cjr`yF2Hly
z_O(d$?F0~8447A1wR-PfHXY&l+se`ApSnp()<G^!ba&dZ>DWREA`&D@Ha>JLu6;T7
zyt4E$rVg(sphzj2$5iWWoOBh|q*pO_1#NBF5o<q870Cy055*4@aLJ7z;uFJCN+kzH
zDzN<)phX1n=v|rzfOzuVWuY>5+k=%v31nUcf%~{5+AE?d1ic#Fdl0~&+{@j<#+$$H
zE3uLLjhONVcH^%q)dcwo?0*%Wtr)N?R)*NRy>8gtuTr9wM6<|i@&5(*XDbZ9=(RJ5
z2N;%#?Vtpn*HZic|1GH3ARafT<efv10<-SzeOwcq_%8>b)C8;KLo4rT230d!j5wVT
z_b|!sW`pex`}-={<oXa(IAA5E0>Uo$j%mjINj5D{Sv?RvgMTS_ONJDpd3IkhrKYkU
z{Z;}OXt)_x|7Ow^muA*cAQcOf2|?n7*Q&LBt-OKIANeiuvZwQ=+5`a*R3pH%6Q5ed
zhKU-qq+(dsnDcA@PIsrt?Dl}>8G@gR8fi$@oQf1Cn2VJ&1uK7h(rx=<iHM9c;S^KU
zrAf2dCj$8!e$({934h*yS&^lhLrQZl0Elt!QC5dxBnII#C)$xm_<+DM#iA0Tc-VwK
z#H-=9ta}bk`&Ev`j8g%IzN*!X3_a!DeFWr{l8f7Vb%Jo}x82j{w6Kh9Y6pH8KGQ}#
zXLP5ZwEP!;0W9_0++1y@Xb7a7SPK94kVuqlGV~)DsSs5*xUFL+_S|4sf{4<?z-z@D
zQqk_FDbVE^%zE1BL2>43VoMP0C#<+q<&SGUg%OHM@UN;T-JXaUHdH*oL3zqS{R`G_
zoV^I%RVG9<Bryq-kTwtn(;im6hkySusSM+%m~?(Nys5U)pe3h)Gf1DRq!&Pq_q}`Z
zr`h<TjawehyfOZteFQ-UO`+{$ZBov|&B{taQs!Iz*qSA?<1OD$NhL^g7Tx#WWXFug
zSn@dKNaVnhU8EzC1MG>Yk2hI@ZE=Vruje)DK=cm`_|>&gw!}c~jSNJ@(_nx9x0`vM
z0d@BZt^m3($xFJV6T9)H0-fR^I2X*2iTXuAFaes3PtllOMF67=T$GR)r{LLsiQ$P$
zB`ip54@A_f-lYonY*v;a7LhNDzi;6ze&S{zEB5HwX@3p{?O;|s{9oDtmmFYXsn;47
z)bFb0iiYA(drSJ|4J>b5owQf$YjG+$O+`T?3DK9Z8)<YqG9EtxL=n>U5nl*j>(5_W
zk7OQ}57<ab+LuU}@J%78?d4e`rgkA37?m0%A_On+i=<@TeBj+!!f}`gA0%+hx~K#v
zWF>@+QY~)&XGX^RY4%t$#>MI25Czi!Y&=O;5PCYV%c=V6OoG}Mn&tU<`J^18%5nLm
zJJAgZs)H!?sE$irOd~6*xn;PTJ^Gi89;gc=Ti2TSbHMq|@bKob(n5|+j-L_*BsVJh
z8gvcG2hnMvyi@C!9ARWx?z#UAu<f+o0eis`1^N{V-95T%7_dlk0RcM~*$Ag-?#%iH
zEBcH0IqX6$XCX8Wp&xVAa;1ZC!F(Ers>&uB>qX4SoSgGA75|pogPSjQ^CaWN7h1j(
zRjxDz)_#`)3Q5ueBw1-8RF?K?BpFMxvx|$KTAVW5qZA@PSbv2^3xdmoKRC3?g$c?-
z0=vw9tq+m_Wr8ecs+{L|nA9!dVUU{Ku^iQE&?As;`||u&rC5PvT&GPCd1-s`Tvhl6
zi@HXC3s>Xi#|7R9FWp#Imrhbyl_x)chkA<z<+6N6%yF4w-RG94)AnCXkLZ4M(m*UW
zpkxts2s4S44Zc2IhG)cj9j5G;mfZ&l5o%r<K44E~B>(T8Y%Z<;#Z*2odOvsc9;<6|
zw4|_CG{m98N?03K<!x^FpsE*6krp!b6qn-xL#0kD3=rU9ba%4A-rl;IM7KA7kxx$^
zR7kuSNigMdIYlI7E2cj}TH5^A$%z8n9-26UJDf`@;0B2(_##v&LtyiJlz6)EDX27&
zp4@Vgt;zE*QxGa~;O|t{&4;n$v)fPvtF@N5#(%#7pZb9TPNPUNQ%VPyCWe$Cz|tVj
zz)zy2y~T6daxH&I*>?BH^^pv976CC=r{07hBOFhpFN}%ByO(*ESuDgs7Js@yS%SkQ
zU?suvPTd6=ji)RlD}GmEk*7fMjv{Gf9x!UaF*KqQ(WA6A?<L8t*}%M0{4)s=m3b6G
zi2_U~q@ClU<eyd`LrILRUJsTe{9cbVMdd9!E-o$-m`8KR?w5OWV&Xd^@d)u$@~<ML
z;#4!2k<5!~dV$P-9GAx}KA?DqXtJB@%~!6lSX~VlOwsUY0}?mkzcurEJxlQoTHTKF
zl;=eQ00fK6m&RtM%X{k&3$O%EEBTrNAo^KOr{6Y!X{{Ty*5ay+X{RDu%z~8zssS}_
zWA4%l3oOYzn>@n+0gG7atsb8@Z>aKKX90vL>=-A5ZgDXru)+Dp!HE<4rkE|C65)#r
zEwM>{q=i^%++FMxZQ35+I|9nD=>2T+fO2HNX1RnuPCn&Cksl-!@hvRuyEE<X75AH%
z`*?A@OVhf)g%i)nKqEsbMA!S9;kht*Jc~d6IQQPPCuDo{tNdLo-X{-Q7D#e+BTL=n
zZni8|Lr!kJ5LgCReEq91nNX<0io!6ZUg8fcsrx-MUkBn$^{<rilh%9!<|)|OY|Lde
zb0aj773x(KXXochl_y{HvKKNi;<}jvITir#|337M>BVL%u4UiMB57jp{TdJRsQqLq
z^Xe*T48O={%hlWKm_~`*yR!+@)NpB6!{HS2IaS&=S`pEV64Dk!2~!$|Z=aEk_2Fbd
zzHpSnurjfMOfCn7Gmeg1dFMRbrh~hkJ<uLYl?*;_MWdlOT4fcDzO)rff@G#l<$N|d
zxwPtZPV1aK>Wb6rOdb~Ppoo2&%e_x+UQf96Ul@diYAT`I>dj`1jEWPQYn9sW82I?b
z&dFR#fwrhNKr6FLqfrY7z>HYHgEgN1H%Mqd&sNExVEL5$E)4Wh8xAuAG0$J_%htpd
zG%?soBAvrDq+-eG+X*R(LV=ywgkk~?{k()_WyAu(Tw<VfQjXXK)hQlAx+ye;gB2Nv
zA)B)Lkn`Vq;KIsiIyI-=?(eY9Im<Vof`$e(TxM<B5eA)dE~}Le%J71QUZ8z2c<~i!
znf+DZK_D5RTr@7aC5~qM)Q^_IZ;yL-zWY9zsS(eiJXo}W+4)4P_PFdzmA|FkSM0$b
z=;OV<7HMh8SglJniNzo1DEYO$Ek<@60EmF%Ro=6b+Uds~1pFP0)<R!0rEGL0&@w=x
zh5==05It3@Iyw=rVFJf!eMzTDbloL3)Bu-B3mFQ9q8`0a6v|`;d@`V3FVZ(KbfYd}
zOJTPs1dPmehWFZE%G7Z324oU!Mf)LPY-aPNp$Ipm`updqc31&(D1iIw7wwgXM>5#^
z$zy+0@X#f8i4#UZJ|#fEhy6Iu)Z@l#Z6Fje&m8tj?25X@;llu83K-UiiHQkBCArZm
z865r8r;G$(b7-WXaQc>-J&VOy^mH3Km*lodyN4tpxgSb)$f>}rh8ibh`ltHz5^4BP
zIPy?KolY;thQ@l+DU*3Z+O<2B<cTt8?{cjUjC|R<(9F#Qzf*A7XU?MTl6Ig6OGJo~
zWK}s#rdyRhg8dp!K{I3JDXeU;m`G(8i9R{cFJHqiB_C=yn9c2kmFza-l7Y4mEUo_{
z*>(|T+<x((mf%_Y^Cun=zY}0?#R}lt5=1xE`%kmLhDHj8P8H}=kPv>1{zeK`WD|BX
zsKs;>!w#L|Pbk|oI9x=E4B`KTl$n_q%};(li_>zJnZb5w+p;lS6)mIsp?Pw)Af2hv
z%kwy|<ZfO{Pkme4<A4WiZ5}*w7m4G0%d-VSgS}jIp}b`C$JEB0xhlJ5c8p(AAKAC7
zm2ds6s~J_Yqm2KsaWU2`Tdd6mYskXZp!oN>7vA@jPSL`y_Y>NRI&B}3oW!6!Gs-Mq
zl{jZni_n(3L&6YB7+Nf2`W%$tg%OHz&D=v0CbE;3C)FsFR-|QOfsI6W^R++p;n|Wr
zCYvy)C5J_Q*N5=~r1mm`zMVk@M7ELwIndNO{nAE}ed<Z*M)Yh%Sg{NQ)ZY8b#l11*
zQ}HaeV|O}R#b5%YBSARK1jLd~2a!p%q=EAM#)q4uaWXE5x|I|LXo|H`ie9CX<CA*_
zAxt1```)J3Ait$6fxzy3R5VzKkeNz|QS|6e97BQ)452sM)Mmw;Lmyfl<fNLeq&fD9
zlMW~@Ble=WrFP-OLBedLe(St$xnQqR1dKP?zE{wUBO#v8i6pQK#YjcO@=$MreJety
zIET2u3s#OZ6pKVfoE(*`iYy|kG|_W(eH*9SP8|4nV5Cy%yJ2)Xst5!pP5ngu=0)TO
zov;e;1XKc4Ll}QEvNLxAD&8&m4m=gvYxy$c1Qu?Y987>{C{nx?cJQAv-)i^M%~sH(
zoNzy<ky(jJh?a~|xV0l^jG2Qo{anr_)Xg?M06Vy$tz?x_JfFSa@osO#d^;n;$M$~}
z8j0ujSNUF7eilkewV6R54A76CJLY%&hHe@(?bOjaATevG;#~yRT)riH>PbG{#?(nQ
zP&MJwVlrG;Hd>H9?G@KWZ%^TWI+5gY(sG|7!!QS5K3?`GGMiF?NKC2gN$}T6VU0V*
zt3k>;t?#KZ%qnZX3bzhj)=t=99<wrUD4hqA!0m;gKE<X4Yk~*Trv`5uY53PE7~bt`
zgi}idw7h5CC~9~2J~KqE0!cO9js##xFs`zY#`mTn8YrtfB!WOwCm&;TIy(iF?q{Je
zKUk)GF#e2X`_JV^R`)W)UV^pKkf-}Yw6Gi|7?fjN;jTg`_>`c^1`QgRos8>KfVK)H
zn-jfl&?c7^K{5@27)r&J7stYo*JcU<cMG`pBf=UTA7B<Ui&*`DNMs+kP-L^*eQZu7
zsDVmi8!9RhFbKKbQMZ?y7JMzs*K^YqD{x91Xj+mui$0QxHnQ$DoaOV;)#iJ&c(oXX
zlE7$>E;6L<exQEB0Q})A!S5fXW3#QY_N4!+1K0|Ngaa6Y82TtNV^!NCw9lJ!k_yyi
zGgl+O9}Dncw1p`I^vi7uM?rxNU_n9@V2X~sbr+zer2y`bR6syp%RYEDAAr$<iWy4w
z%>rfoY#-27@(aU1fk-@O&LHPlLZ$V#WxmR+u!VuI9iN~4O8#~!QNo}+h^!e%BqG-|
zHHWQZ|DhdK&{l4f!ulD<%}$}`h6o`5VI~|HL2C1e5`e&-0xO6PvblQ@m(i^eNXuzO
zX=nD@-AX8dRjNygl$)`~;EE^iK7YZRuA&dM2M!kQBZQH|?{Wt}7mOSX*jIwWWT$sF
zy21%#-}_NupPva^M|71JQtSR!16X<$Ex5l8fXfmcCvsf1bI?96qE6$q6kcm#iywB1
z^73X4KQildB>bV!@s>=@_`4)VCK-A<TQ*;;R+n|H+^NqBXoiS4q`Z#@pd6yDA*|>s
zrU7YQO_wdB0O(6DjU!NU8|rdct>((wDlaG(@>>Dw8<BVxz~>rV|MLz&S@K@bmT`aT
zmu+SfG?FT7niGy%4qVq7eg|-o{r37^Y;>+Kt3=9$V{bN6$nC9Coo^8%XIrO>#=kv|
zE9VXqGH(DjbBrSmIRDe$R09Hw@klVkpNqUd&X(0i6}zJwhG7Yd_RoI(RE}Ci>%hE`
z-!JEV^r`Hdj#?vImur9m@R^;e%$n0`SsYM1vmI!SJ#N?iDWK8cy7NsJ8Vo3;5*?m5
zCsRM!H~!`^o{L~+@@F|&aeiaa|Ki8P`K?3$FS8c-q0R>MN7;(%a1<Z{QI{x&O&9BH
zP%kbodjmq13p&4t?+#|r=3SC<o&JzX=lQ}^uG9LSLOc>`t?%S;lma3v^F$9o`&&FG
z7wSOBZt9x=9NJ!S{3es<mwXBq<%qi^xtEt$v051nOQAESkz!FdttBBZ$SJ3yBA!yr
zzDZ7;OcO3H0a0~?PR&86=iYJWd-@z>0lcXAOemtMW&_~B-x_ZjEjQo1VJ}tf8s8E}
zvQHv7RphN}GaRzBSZn?&*G{KqBh<;?o?qAiu$&sJBVRHV^KHl@NVrksy)&Z#GN@;3
z-`>^V>2U5{=I8qO{YJ#d<K??>6NRex&)AEa`$}n?X4Z@K??~GOvSlB}&Qr$EDN!yp
z`&ylzf*>_R@%`T}7bMAKV^C|Rl|NK`Wgl20;xJhK*EwYG0etzCwFh=azCb{jUB^q_
z7>r-pa18Y+3nP-hr)~5EAzq~YsCZ+>Dt?MeTv@Z$=031XGa4yA=m&tz`g8v-0MQu-
zn^xtGcB@wvaj^YgW*;w^!A5&=U-lt@eO~Vy`EvVxlgrifVwdsvgFSf^fFuhCqI6FR
z8ASPlX^A&DEKI!XEvJ<V=Wni#?ohay5Z*si=eaw*z+4IlVy-NVz&-XM_F}z$Q|9J_
z%jVf2iq(Q%1np*5nh_tKScem611BkhHfKs$r(!;fJzvec*<wARA1^hESCMG<fj+Rh
zUgXOqO6^iw<|ov#0$vyGIQ43)Gy2uxTo*G|Kbib0Z@2or`ov|%_Mf`H>a`A(fZKpD
zRjE|yfF1CS;`mXCH&HoPy@qCd^%%oYt6GmgC)5$UH}?G!U`SXfm7;8&LO9`UV=#u;
zEEMo$)7gIQv;H+)=z&J}*5BZmsW>Oj&k8hKzJt+i!f)r0I<yQ%Zw);s>`Q~I(rIOS
zaQl0$efe)%*(?fhHDU#@XMApi<MUZ0u~h92uZc50dy4DCU9a8+lPolu5`A_wi$4E8
zqW99(Ls#;P7Xcsv{A#wSM!vtX77DvJTqO;+xju50OmbLoUtb3)nC20=dwvIUmZt@X
z_yOWg$}ximLU8iDS^9Tj?A6ZI&>blp!ykn*53*(|SpDX6Er4KsI`AX>qus5-a<jYc
zs>ShQBXUu}6Pp9sb?8+iF!ICaQ7Va9JHM@1r3TjN-)b-xwS11`R?y<9|ATWbAW<wH
zI%nx9Va+l^iSC9(lplfC(V$oUZNc0^jRBAC1#{oJ&{ICVdRIZ4jH{Z3IyR#czLnL9
zi9%<Tgn6i{`E&Pe4aGYG6GX*=iZ4aDK=uSgAs!{t4!@R@Z~y6c3O}XRk_r!?L{qfy
zzk?Z2GkJ>LKFw+GCToA|b+q#KU04F9d3|_;;RkIEXf*La9+YI^a@<U%Jez>NmX*)$
z63()*bH1WGyQ^o1<qhLIRN^U8PwyifxgKIpqm<&-qTeC{>cpQN-&VvXF@J%djBE#H
zy?%r}^YIZf3CQ1hsxvKv2u&3(N0SI1%#>{GT<OSFnfU7+T&A9j5MrCk<;TvHef_!`
z!EVm^#!{uXzE$cB;0Ptrc6v*cF+0eF%3E@!{aQ9A?^gP-;|qN&D^)>&=a|M`I%E#k
zz+@rRZ7gSvBC+?cs;VMeW2I5dZMwxyoHhlFxOJz;d`PRqeug25+v2W!j%lXAVGyVX
zAzU_aq*$?xJgT*I#AT(*aEPr@&qVfPqn)<QPN-HWoMdqaV8qx;8ZVM)Yd8lw$tvaB
zfHDm?bn}uZ0HI^K8rQo*13CHp`)Oxtr$3vPcFxar8bwcZEP0$hwre`{*8j*83{fuA
zDVIm*bzPY>F3q@Q<r)eJ;j|>oG>%DX-HtY;I<n(DvqY(d7FWJnqmi)Zx4}7z)41pG
zO0Evtn(_`Mdtp|551V04e>flOG{m6|ciHKjR4?K+Q4&fucCv=!su&H29I^96@0#gL
zz7%l)xd8>aaN3CaS=c-FY46X%!scmg+EFyAEJnS*o;_`*o?;>vJ3O6xA)8Q<I_%T+
zt{w?n#dm;9Pc~cRK^F-iP!O9dmptV8zh1Z5sRvVEEpoBI3kS1Wl;lo_iyF^}6D)!<
zn9~ab2|u<7e4EJhFo3}7`upRhA;%U)gMNd7#z={Hs)mT+IBwRU_axbIf%c}zVn5=A
z%Pbb#(3Y3wP4FH~YqW=eXdUIy$x<B}fYrq=QV>grj&@m2UFTwc))6^06u3T#N}FXj
z_f2pbsN_@X$-KQ#FL6}GR<?~>`#YAr2y7q~ZB(+RUAYBuJ~P<L;-a@;;e5)s(Z*?{
zNGm1>B3t5Dy+KoIs4u1;Um<9siuoVRy8K7jmibp=_rB!ZUd!5*_GTo`Glmbhik(TR
z%+@5S>q!gPbUJOtRJLquq9LNskb3hhe$RUoB?>hIQcIW*Lx{aFF#Z#Ws_yaOrc>LY
zTRUtvhmFK`Eps`Z=8p|0q^{3LXIs=w4*SR^!N~!I&A<-(3&>D>Q(S`v{Rz?5#9XW?
zSdm#Y$@cF6cy~iCQ&|T@=f2WefV{0b`cpRyap;deP%_?D;a}XR+@GmoqzlnDzuIRg
zY=AtVn{Ap7%ZiFCuS?<34RhV+5?|y&SH5e-f&=R}98PSW)?NlbmyFkM$p$PpNK;!9
zYL5fYiyca0jXU!d_-2a7e_5WuM1!1VZFzlT>Mc_<*+n%V9I|~ij#VV#VKkZ=yySdh
z?(9-$JWjRs)8bDQkMqg5{aPG5OJ(@5s;L5L&tU<A;OGzW2EvDc_SWe|;hc&dvho5v
z%JqOSPzvh}IyW&eI;lwtw?Mj=U}a%C!e{%a+5Q{uIweO#w=PuUBlIJz8$iB9D*Tzv
zzMjQ6G_R~o{3v{cJzt`&Y{q51*3mVgpVu%-eO#2vMeqFknCmr=f#e5neV#y?Eo((4
zolyJ`-t4enyKGXdm`A6^sLN24#piC$Cfzb5F*B3mlyM~)c`)1CFXifRv@8-gn~D|O
z7iA}9Ipuix603<_5xg(u^(k;XnKL=VZ#q@DrKZz-4xe7FQfw%WvR*Q?Pm^5of(q?B
zA&$^tko{lA7)^%2$*9ZQnjS^ja*+cp@blXTrx5MMP<&p8d=8|Fx0tl8Y88;B3+<7p
zCYuv36IP>?h2>O!gT|R|+P9g1A<Giy+hdf@4W`q<{Q1pOV|<z4AvxL`JJNp*X7<iZ
zrcc~MWhp*26xruM*xIT59={Kxy2|Q0uoXL3outisd)5}@M$T-JA9Iw}6e+*E^cIFD
zvKWsA0NP<dYbAXWSRLPY0j#&XxrvFZy{TZ^F)BcV_+Qvh!*5_R7J1w`YcP#cnyWi|
zpPATG@&~_mQ>K9#M(l?_(3~$*^yGduphHbFv(jz@yL}%Ut&3h2Ba2NS@EiUsTX15A
zt5I09tmrRKvy%j~o~rP+XbJ``eNMx4GP8~!2i@gWG#d|!G)ggrB;60Y5?-@coAi>2
zRpBcMl5Eys7~3;*Y;k|q@KomFVe50;Jy-NTxk9dk=|YHmmlgxXK2{#NuxI4okN;s~
z-~0t-L`@XT18Vj$ieBT3;$$5Fm>*#++RXcE#(f6-w@9nOrmj~rZVjMP`Z;s8NM7j~
zVgQQ~=QLc_1D1tYzuI&}icHY}783!)(}nYhSgbw*%X&G1WoMBz$pe6ACmsyYGm~fp
zoGHMvO(KAvxfM?sd8O#`Uah^opa`Phz_PPQfS&Q77~XlM=q6w383&PmG#~-sdn*q3
zgdL!rbKpFG?Y+`7E#zD9KxjbF0|*V^uZ7sT0_Umc@Ji3D#Mr(D|Nh^P6Oo0;$D8$S
zW3yn2C37;Ts;JA*Kk&%Lqap@Ju=Yc8jBwJiTxOKTNdKAunNoxCSXTTNHZ3>_2K0b+
zruh@!;PD5Uboixrc{xPtEBj}scE^W-=UeFi-QP?fwQ_XR{ejcZJ@Y7cKOm3jihgko
z`zUxxr{=mx8u`2r3(HRw9jz+P7b+e>NWJ6*)R>k>`1)d%UOh$=4J95s2kgIZ*DOpm
zRniq)G#ic)>HGt%RsqO`%)ZfMFpf_EF`V6eex#|m<7CC#2O#~0appA#W4M2oe@UHr
zG=GA(SgmC&EkDDQ!`+t4`ph^2rjP@EYO$8&?vrB$S`$BC^z;M&1x5%kBF6XcOH+RH
z2J0Lq5zW6Kt+Yw*2soek^#(r+taaXq$8LWA<kh_mXZrrBiqCZun9xRKo&(sQhPuhW
z1(N9YBVat;^Q01`049ftki&}hc#jIM7(I}Cc+oL^9e}-bRe3d>DW)@Ko-3A|%|?bZ
z>5J+|JRZh~Ef<(_Qb#k`@zOcWk3K2G{V}0(?*~+H7>z*+_uiWmzF+03$~8ti-}I~7
z`O7N=zGhG3UJqTYZR8cJH&eB>ujPpZH>Ny1pt6CegouyWuEQw`<@XMO3=)zODLRXH
zi`x!3f`|vR84g!8hQU_k*XrtfEb0hxd;Mp2azh{tc)Mn8kC|(d$2d)PM3{`nVV{o7
z(+BZ~zr=BJN|ttSz@b-*30kDhu)rUGGVq-!t;`0jLVO;hrjNKMGK#U=05p_xeu$dE
zZU3HDxj+<%XH1mtI4?A~S5^DBi5F7K4tGt$2t*SH!gh;WX$=<vW#=Dy%e&`=GNNa#
zYB+y{>-b$!dL;j2NRimeI~44gXJAV))MUYY84-<ye+_^Ue38671Nx9Dj*IG?rv~`B
z?}pgA`JXQLR&*DUvUrS*uuHlT;%Ud(y(<RX^n>rB$d;vWhLKzQ{TnPHqX`jzZchGa
z8$lvBia>dv>=qQTnRQeaX$wo1jPy_W1XJETowOQl&^5W7)wYrFTOe9kl=t-Q>wMsK
zz#ma7@4hnURA?~!jtUCe2eRbgcu{t%mb<M@YT1kf@FNNiQ;3(RTb@TVOD&?Vu5OIt
zgXhD0GQmf(R<)7{Alrq4Rb2A@u~)Yc2ymkbiwN(auMnN}%vV`6`-**H(5hE?wpPV9
z;By#!Lz6ydYbr1b-hFDu08G~yOM3^K38&HJ<quHN^yvcGaA5kVK9C*Za()IA&XoBJ
z;4z8sD^Y#|qK_e!{4CR-y}Q1B;Icv7rgmR=`*71$HT_Ke?0hrQqSJ8@0S-jb|6RNh
zf<^)e>9{Wl`gVnr9opuPPvcbepqs=N=aPvHiheTLG`3A|^O#0~{&h*E$d7bBW^?6C
zd6io2bSu)ymD%49<*Kn3$MSzbDIje4B3^_AoIGeIj5%j3&F<*_2shB0T(Jr7^^d0R
z^HWn==0AR##CFqAhRldBEJjM-l`5q*I-M-wj;682L3X`16C#Fzm<o%LM6kiY@(%l-
zZ9eY}7OE)HNN6;#;0O%BuE-BNBxFSt7z4-+zVQ!+h!SR8%~ga{s?sV1bdtf(L^D-b
zs&Nt<`88-n{AwntbACrH-J?%zuVJ@jzW~XQ6zkO)eB&bXS_IGAYNAy)w<*fGmv#^q
zm7EyeS<h6S`@F;m9<Zs0sR#n2B`6qS21Dd^+wW0DJ9u3u3LT{tcd0CZkZrWpvcttd
zpMb-HN%QVp-T?Y$@IG&$?8{@`CzC-NARYwD$ds1YIt2oXB8N_y4bp@_1S<ZC&*oI1
z{<e}9sHh_p4XAR3@^IrAy!WP%h&U~Kg3!{x$8SzOqmz0}0L>wbcahw&VuuC6k$?-A
z*8Ka|FweI+L1CxXWCra}BgVxc$^-xrrL+~h@|JV;BIH1xHvXNowUX<qJaH5*`lo0t
zWmWR|1sK?(95etQ?duQKJDrIA`12z)=yJbLrXO!atupRz|1eM;p8P}I_vy!KQ;LW#
z5%|@-hXi_E{&JTRrEfu4FW~y9>dRESK%h~wZ|e5+@G!i!uKPP|^GQPA6&V{HD;@Ft
zzB^Ew<#{r1Kp!9llDu+a2f66Nhub_KqS~HsCv|ngbyZy%+2U-@u<^C;Sd;^*h&Zi+
z%IXxS|8?JA66MRX>rYj&=saEoHWLdlJ#C7|o;*Jx^z`269E}4-pveWV%k9T<(~CJ4
zv<6)n-R|P!d&7aTm!Hm8U8*==9wE$J5ONRiowpLgNW$eG-@il6j;+$v?;lJS4EG}k
zJC<geW|q7-)H5<pexoJz^F=C{1;y(Hnh6p&FtUL~Yodf<1M(>_^x%aNAQN*PS!=G=
zoDY@%R&I1kcd6=vhuR-(ua8#OR^3nj*kALP21a|9Y?KyQJa_-QOJ?+zn13q}p{(fn
z^eMK+tA~m<?fLl6Gt}$WK$Y=U|HCg7w&%GeLyt6HtYY0(t2}Idt42$2o#+>yy0Ax5
zZ#&UC>xCwbgWu+K8BRr{TX16OoPV#lE?Ow$irqJVxd%I(F?(syJ?UCnUU718ND|`H
zyV*hm6LJ_4&y)ETa!Uz<orMn+eeb$SX%=q-X<b~d8rs1qH$l1QmP-YwH%N#JwS9D^
zftjI2U%i`>C!Ry8zeu|O?c$!V+4OZXPD^iSB4$>V5;(F?s0|yY8`5pE5xQ`pgdv94
z#+96R{bqXPp|91xNGHbUmOn@^5&}$e0C^B)&&>&XQan89ZKOEV=1A5KPYF_07!wi;
ztdi|)ytg_JeouTJNY(nH!Z@e3ItapaNVOm5yNn<3rW;vZZFj$5F+}ETHANxjR)Ugx
zoI2AnWXRCc(y|%!6RV6Q%~$J-^ySiT7vz8$s!Hi})+s0XH33cZ$!+wr2FH`_U%a<e
z)!&5XE8p2Duz)jb5;}gX?QZ)?rhUIX)smbiHNW_NAO(fxmr<{~*bQI`mgV>{4we4X
zlFDsBr>fE+Qzrc*$CTA*dTdx=BHs^o)Ql-T`0p;J0GrZ$mg}@I1*C=OMqJ#j#pdph
z*lBcjK_F#eZcW?vJ9c*V{T+MZTzS=tCp>i)Y6xVnR>&WIDs`7NF538!nh^G8Q}&M2
zR72F#F0wnu@Oe-1^S?RWwGPjKs%$;KU1#auFa$09eSZXVMOI_E<jW=RXB5V}6L9J3
z#b=xqKIv9GHUnx27dumrgG*XpCVE!AZ#@GrQc_ZJo%Qu>*Q2~(X{nNr@5AN?IBPa_
z6>B3B{*CF)O3sR(wGKg5tflXqqJpxDGB)nm7@QMmgb>}gMt_P@`3YqEHw2rkt(mFA
zyn76Khcyu1DRqa?$zFLZ1SgO%G{b`|M$W|C@ne<GM&ePhn3a}-;#9%=e&4i?>)ZYP
z)uGaS-IugoAzk(Ey1>E_FeU%PQK?G7RRl?hZ?`Y=f#B%Ul+n$}fy6hF;n@$ptk&eP
zn}fx8h<=!1>rOC%OZRy$%VTE|FXuZxhdp<g&hh`s?GMqJnJ{#QYZTni_IiNX)%3aA
ztvWc)V_EIiXCt*VNlbhLTioFoa!-t3y{QFh1LNZ3WrP1{L<l02=*7#`z4YdjYY@a`
zj(BA*XIRwHK}M-s$Np}MCRL^SAz9%0IyP7xD<>op?4hWZ{m>C%J}FMfMlJ9BQ+EQ<
z>7MHH5B^iruA~{=e3yQ?JuY2>AmHP?!meE2o4pW&RcU)!ESS9me%MQ3)%mnzh>k^n
z)6BTTmTcW-wE~7FPZsKS`mig19f3(hc&oHd6u>e*MpD{41;o1?7G+TJCv@-KqpO~B
z5R%hXLDLE$)xGkWNa`{m0)L#Ev9E00H8VvB6+O}X_v%gz*=Qbq*}s4Pk``yN{jf>k
zy&7U2V(26<K}Hv4#a8y!`_$FH8V#*0$;Qy?-@W%~%773s4rfI^QI+R=2LPRZbqqM1
zFZ-UQ5P(KaNIC5G{OIbIN?|xVYi$EL{6xrQ<Fg)QLNHv-#<aN}5S?e{=z%3mmof;G
zpt4co`QoVq%rcVLwv2<$xVWAv4I3WrFPvc|#C}o-=Zn;`6g;zYY*p11B&5cYPc})M
zt70n>p5>VRrT-?m0WatvKiT~br8m~2wnh^B^wKmC?k@|C_vPL%ZUNn~1&+Gw)Y-Ux
zn6I`vrNwcG+)0}QToV^dS47-&UaXPCtl}3XqIPz*aFJx*Cw^ioN{?@#TnGyG_N>|)
zdY~lQcK55zbtoTkMOpk|P#{t;&qFR`QKzv%tGC1lB}p4mXPx|>+ImRHrZ=D4c^ntY
z^?+>({@Up77YpsXKprPL{k?T8*wG8g8qhxPrrFIFX27;w&6wZ%Junr#*(FV7Ey`rc
zv?R5^?@z<cE!M~>WGjy^pi|T57{%eGywH?w=eB8Fwx`&b^;J_-;`oK_Zh5NmDUxt#
zTo@OaN26?JMn~WC6*A~oA=_kZ{UH_la5FEVF!EPAF4@ZcjHb!ak4Er_Rt#gz!LuoH
z&E7FKBe?YO5HaajO}GHp<v(qYAEaZ3@h;p4x>sdI0noGVGxPz*j7t;$b3S+7WFy1~
z8vcx;W&V|ydC!N2K~lc!rpl@k?sez*Dk57yPs^$I2DX^=<R$(FM7<Ail+ivul7j{^
zHYW6+-LEsePagY}D*H#%W1oI};4W3~&ho|b!!Jb}YvRCw^1PGR;@SHq9o}i!*F)a+
zcq&Q!9uf16H)Z%us-)&S>GfXdsn~3l$F1Va!dI#TJtXh%U{}@XLl38E`=hvrs!LzC
z0~tD|yN>r9*~|aCqUm;b=6L(k?<N$!bR6F(75agohX+q)OdpxFP!?(J;0?%7JP^<u
z&dSyA{A1oEEZrt*IU0GV^`kUV=po#hc}SG$Npc;L4O9qdk@^wE_zP&!pV(tmV%@wO
z#$(o?`hK=a9_bf6TVO6ax6wnI)|Vv(MM;7PZZw-3cSP<JKJ)?2kE6kZ=D|81xAXOf
zE=jbqL5N2ZJn0W`%Jb-`F)c8Z;+7=?PJ{C_Zc59nb;!B#h3@=RpxZWcNcv=3PY{yi
zwT|USiY~1;E%grG<|O?)Vn)4|8Ay7eIUhb~p%jKRKeT`we#g7}T;Rh{k^ajwUdg&B
z7s*eSpRV>g(X9WdIJJlcN@_Frfg0d`U5K13a4Wjtx8>v5^&Y9q)xS0Q-60K9X?{&_
zGkP`oMkiU}wFU5Ze&}(ZKgIbbyqoh2k1lf1E>~yy<$~>2F^|B%Q1R-Kgq0HP9B!NR
zMnrYE&$zx@M|PhlZQ=ybv}r3zj?k{?#FPUpsS>_a{fZg^>w!)oum$ojK?{5$H;fuU
zx|}=fgF(4}ZP-V(e1;!lzrYxNzvgNq&nct!b&&P<L{l59jj0LiiA#Z(*3sZv{4n9-
z)Ie@qUbT7EugAlHDMRGJ@K|d2-|OYz%YNPkMRhm^SmF>L)c|6|j^oAGqr$@i?=m1c
zqG5o=^?ff&wtLKq$E<zuOMkJF5f&FFT<`&7k7##<r6|8R45Kq{S6U*U_NRQo_|V$U
z3p%og(n2EA4@K9g+dAqC=Vx9{ex7W(@HZ!AkU8C<6_3i!TYPO$ZMN0p^m6Em_4-Ta
z#)TY82yxQ@Xq~f?I<bC0zplp~`X&tHB~CrKx!od<4qyqQulrI5yBRcqbH(+o4Dy+^
z(6$smzIr`(TM9iK{pFZH@ULg~MdTM<cO^&OwcG2$CQx<QN2@`Lx8Xiw*=6Lwx-aR9
g?tHHcmk}S)b-5Q-cVJRG-vED-VsfID!g_xH2X`rPmjD0&

literal 0
HcmV?d00001

diff --git a/util/cloudshell/screenshots/cloudshell_icon.png b/util/cloudshell/screenshots/cloudshell_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..4c520ac4e0adb125828390b524592b4211b1f22d
GIT binary patch
literal 13433
zcmZX*bx<AAvn_mZcPF^J1-FB{yGw8hPH+$I?(XjH65!wv;6QM<;O;N?`|7^;?(fyA
zn(05LW_I=T+Fjjyb)<@tGzuaiA^-qDk(H590|20i|Jk(gu>Y>M3Dmy;00?Otad8z{
zad9#g7e`AQdkX-7F44@y1XGrYZrs$=#AJM$ksi^-LoFgAM$IH(Vqk=9d|;Gpwjejd
zz+f96eH%(+2vDp#*lvd$L-x|dGF}rN#1TL9_iT<KqkClS;cw7t#;GbmTh7**BjE#T
z#0CT-NsWvgLod?i;w1|au>oNojSWEzV?GPf_?!GM3fT|LpMKCaG*sgR<9!h3NK{r-
zkkcl<5awr8<dNl+jfD@v0A(i^TTxlnDzU&u2#BL3R5>+9Igu7ue^ConOK+*jU`n<W
zH5|d)q<c5)7~~ja0(=ouRMq!qSY9TAU%cqwN+Xexmw^QM8MBlln04%I_7-L)2`h2v
z>KU^G189rA-@Qb?sZy*%#BAwA{f>zxv%fe;My~n&@%c$KGcZsG8n}9V`TXo}|NQ*)
zAeej8M@EM0g8;x9eWUTf976yAIL>7yL^V7i&JE#wH6<T}W#Mz@#L#*@5;g^*=wvWP
z!dANL{4BIr-8Vjq?7+Vyb<uGkL`6kQc_1((yY4o{>eZ6p`Y+dcSb5^XNj)NSe9s3P
z+#VC1u2wT16YCWd_iJSl)RPeZ4}zGEMC9ZSB`zx}Dwyicw6GH>897?L^iXyF18?(u
z=tL$Zc)q+Q!^U~qkm!vCd+{IKD-Zhr@t{Nsl!Hk^w{6nCf=nXOH9cl7t=TWCPa2mG
z^bZdS(23%FmTU^(Cmm`ern=D&SW;X!^S`TW-Ar)*36@;|gor{Rb|h&6l`}Dbcb8Qz
zsS@i5l?K$fs_J5*&_YE@eMR=>)W#&x4H-}O<#%G`k%MC!QNw@WO7Bb5rl)8WnnKcX
zk9kx)QtGVfioJStn1Fi<)!<7aFNYjzZ2XTvDeQKIJ*pXp?O{Fs_1W2rPZnO4B2QBr
zaAD~P4%1b)b^Q0A2Z8?^1EmK8*JiZln>mt69iK8fFx8>tR#7QlFTvP<Q(}Ask0G;f
zr6rYWl@gKQB$JfGQ#T|di(JZO?Aa52-HWK(&{?DhvmjN}U&s>$my*oEDuCEqIwpP`
zPjjB?a2R4dAuXR>xg(KoRA%$j5_%UW;HHCo8r1)dlYJ52YtIvZaSsCEMRvob0u(RV
zXZ~guMP#w05(_0fgqKsqg|T_(TytT7S`yWkCIz))e41ct0>Xgw4$Bmi?vK8bFF8<G
za}Dt^xR_mp1hS^0(o!9km!M^$2u6G>2<bL|u{M|g^U2k0C=CO(Jos>H)dKlc@DPNP
zvy*Mq-&cT1hzJyT=|GkpP{g`m62u878g)yCO9i}-9zQ$)sok(7KAoBM4D7YvgIuhM
zn#i_goS8_N_`5rF`F1Wvv#eQl|09V0EBXwkARtj;W50%pW5E9Og&`VlH0!CsKPI03
zwDtsIAkSf%eoVKj=qr1#+ug_zVNk=B7a07aq*uF90>p^P4)B7Kl41gcl&AJqJ3C&|
z?_ywx(^EFu*#3h8L0edG9dfByoT%wl%%ej)7<UM~f@I=@!Ep9YKz@Fj+)vmF&p@~v
zva5nGc=R-mDcJomlSd5O1AKvKtT*GZ$nhOMnwKPCnRL`z>N*h!diAc7w=VzUm>0Jq
zre}mUvbo~NE%NS1s)>>MzI*O|-Mz4d8fU)}-5tfTXg_Z^aT4nN^G9hLy~Al&XPBF_
zYrSb7$cdGbv4=62f&aj^n$v&|I^s8711=ts8RfT?)uo%IA&5W`GzLht7tQM&qp5K;
zh?ul}2rL~Eyj3dy910vG69Rg*lH~DC52As@q@kOP(dW3agCEUN6{R8DJE{Gjx|kCw
zYGr>{yU_q8vA!=m*#I1r)b0?6b6WAw4+BCaw60dxfpIdgzd-^EIizoQ!$Wr^{etfi
zhs1d4#+FmhMnO`yG}<;FHV#d2|0h)b+e#0F>TGn;s5ufKGANY`89kYi@FKMi2^>C?
zliVIe%6zjT8TB6OQD%)_z-d}pU-_n*)SYFvqoPt$r&*!QT@aziZ@pw4@I7F))hfT;
z2Koy$F*I(=kEx7a5$ncnFSB>+KNUe`^{TaUS+CafPrKEZcSM(~y*#RQm*Euz|3R4l
zT2y)_6yIbC;++95m^>KrC?6NK)rD>j9h6NQf7gG_UuoRmwm<CO(Q+J~Z@&JM{$|b5
z$|+hMbx=C$Fn;@n3#3-jnyg>vqUvG^#Y6-kQa~^Z4{^<zH2oC*oDxrBH5Mj#+hsJ}
z!eTO&U?v_@&iO}5odyWpQR*lyM78Eo)VT`X-l#75*cZ282d}?<4hy$CIOF-sQ|^l9
z0ZecdQ$Z7{jB@F9x%+Kvu*Yd*Y5#Lqd~+s~?tvgI+S+j{@h!OvM1>(G85n$pL+Me~
z<95tp`Dc47fA)c$@g(db#i2=<C_(qBfh$ElQUgI<^j9*q#Yb%g*>BG`6M_ChC0@U)
zOB~KmyJlT8OaD1qClh+ad5*y}LS#e{_9v&~0-%wQVp_;S+p!<0cF|E<Px4hN1gxAR
z2%}vE<NdleEQPpH+egA9Hj5E6HPY|+anZ!`=x=XdqrsF<#@DdX=0`hc1KSUeB_&P>
z$$m7EEAOw<#1ym09SKB5w_f*u4UA?{%;#1Q>jjD_6#*^N5Jzwlf<qA}BC%-qR}#%K
zr&%^0x90lOM@A15W`WOwH9j_N-@%=^oc6w{b^h1$0n!tR!#jR-^fi!8bgKS3vhv@U
z{<snB_7Z+eaQM^Ii9Iq#-!J+1PnEHjr7B~<)+)F4f{HD;nsN_FLVGluJGn4g_SieV
zFd;#AE6nqlY7U+3&-V}we~{7JB&+;N*lta+WVe*yTs$@rdVAEYEzY9)oy70KdFM_1
zPrFBbjOXJpCp8|uo<w{+u@H@{Y>e`_pk|epE-DR4!roY%m2k7${=hYmG-WZTdM4L>
zG*0VWPyV%zxTmw{V-~!BNAEi$0EzuQ1}EW69r#wR0_cPy0-%?urEpeg>!W?XA3Evw
zo64V-lKCuEYbKSG^lR5rQeX+vXV$|h6vXU*<$dUIXD`U9(`<3`{0$A-@{8QwJs?+>
z{}pw>iDvX=uAX-PCXB;#yxN5W%Qu?txL|Uzf#;(TH<~oS=)xhyBcIIlaQ(8>)n^QL
z5qUe<#_I!&lHHSr+-1O?TbP*d&tgX|GN%~rO!0Okg!XpAYGfBBn@!v%RDa3fvAL-{
zUtT$TSSzrvto%7mB<1$HyFKQP&?*ddk$xL6C(88|nV4hW%Vw#nvqq;=PpeLcI-AE4
zN00Axsh-iW{vzgG&gBy--l`+w>Dx8ORi9{*fU<)l32j_{LVI}MiO|d`F(f>qvp%;y
zYIg<hcRhHxGexId!Jzu)ycw}=q93J0GM+~v9`boTUI(q|VH2T9iJ2n9bXsz04D{fK
zzbuhXFouoxr9^ygyg6%-Wt9f490M1!)2t>%TPL9}8BlWR^tlcLqC1s3pxq|_>8=J|
zv(4z*?4j(p;fXsA+KEI;Dci+5`Y+(`Q*MgzAItTIr0fvPzj4H1Pre%u)5Mlo&kqIY
z42b4oIXTTd@4WtU!EC~c^!psue~~S%N~NNqk(#}>;xlh@q)}YLN$8;!|En?L>-BPH
zvwGxQ&#Kc=fQ;|iOcL*T8G`O1eaNx(E<n<ue$!!)Hj~H4=m;?RyV56a>HF32l)EO{
zxl2O=kyCX4gTr+%Mq@m&Ys?3E+jHkxnhPlyea!uImq_tX^hRSwIhKO|wIM2*D$$T3
zl_uG4-TE&ckfFzVN#I`dwJ`{+ZZ*)$P`~bGhIX=8m}=y6*8BO~$=IWg0Yi+8UjAk2
z{{2#}xoENM;C5lra?~Eq4ZVadZg}K7lWvy*zu5s}9xZ!rwl(z*aB`bLtHrlLVKmX4
zmO-^AW1Xu3Xf*JZ!}+E?3BJU*&mcHQ^k|mh#c5v$gn;r;3QNTLc}~F93u6b?3alM#
zg13iZ<XN{f+)<JoVE21r^15GY?`dZ?c!GKWs-J~72FH-RXFhs&2oOzO`tKVp@!!aw
zbhn+S1cxHY@>yfBP~+VB?pwbupPS;X5pI9X4Gve4Bfpl}Cpf*N*kERV9ixUJvi}iY
zN8EZ(ib9&|V7i+AodMm1JT?`;x}}hJ>htUoU{K{oUk^ym8#MyIdedVXbK1|T!ly|u
z#C_lC$2+N<J&>7vNak28^PIBSaO_Z05|xRC4vfTRUHC2BC;dwvJ304?`>7bK79YrB
zuxl}V{)n6cJx)`dUY~-~Fg|MXyj;edB?krYpTRSe@;_DlVq31>&SFbWz-RxHrj+_~
z4YW1>;TKuxp!n#n*BC9{IM6t+*uEj40x|aJiZ|Xiy;h=<C?-ZGHaR`>UEnT14>l2!
zSZOuR<gzXte2XCF5C3fB_<BA?P-*n5(Ht6z#AX8CJ+MiZq-KZciO5T-Y;|rz)Txm$
zDr|OCdD*VTJ_esl>vXxY5ZsZkY9}or3TIf2FL7Zsly>9`>d?6l`hr`}`V4A}a+1gU
z_oE5G3|p@@I|T>D@?*>2g6I5x8_euQ;Y`|IGitpv>|xyPshmd7>_GyQ(AHh6HEPvF
z!PZ7_j5FDnAIhS`(>xnwt#(?;tFCx*V5RQ|fS-Neenm~#xJ{9>_FjOL_b)`DO4LG|
zZgzp23H(=`l;i9ggz_j`&S$Y|+=bW|0*t`V9yMWN9(wCeXemD*_vAmVRiMT_T8rPK
z%r~1?@rr5w?awy^-9=lI-bsvY7FMU;?zFX=4W>5J(`7TzguOnG2`q;Ea#A92a59kb
z7V`dS2lBb4#b_kFblIk>Uo|ip`&w<mauX?v1K>rpacwLbpH@|zDvgxo^EH_ricp*m
zhqWF_%K#pEI5pcOTvh`nYPpnzs^hQf{ZD#|6YeI3HVaLa+THgAH1TQ(rL7$+IgJZv
zWt(a=g)#O}fM-<5+Ip@6`)8L0$os-*lldo#sz$x*NkrXlm)OPbsyt4IO^s<VXD*fu
z!L3)pOU4g1!0``19(wJ{U|V93f;WP#8I@Q)5}hD^qu&H3H9a{39$J<G0`hG`yAoJ_
zhAmdt!IBF-?nvw5^?l!Vc~SAW+Q8@=%sTPU&4+`;HHE%FR!y6ocv7n?VVGSXuf=-B
zu{JgM?F6mpeB93pcXo?shud!jG~3(F6!*k)+Nh*_Ourk@r3!wq8xsAQKlsC<7hi$|
zLT`GUP_W*cNMWXo&EiSSAmaOZp=W>DZtO>Sz^I*I%T+b;lO3y9Pv*uKr^fYP?B7f>
zLZ->ICcAUbn$5q3F7(O!(4(HAGMoM`S4eNeudiCFA-5{LE-6cSUq?4II5l1p8L!3~
zi=X_XX{QO`c<#)<T+ej9%Ux}=$lf$U!tHuNIRoWw_?T}_b^3eB1y$jQxU3?gX3!d^
zvFfv|B}&is@l>QGUrJEx#G@7(?QOUHYW*uem?ie7(=XlO8SA(cAH~`GHJQikZ^QfG
z>0UgkZ`k0bz@hS_)GhZkH88E3rv)ka2Rr<FZv6>`df%HK*GA8BsgHK#G{zZB^WWm!
zx^squ0fCpW&zn6CP^Lh+M!l|Ka~JB~RvmHo+@&!11uH@&;pnvuW7hxrO|on}aLq*U
z`&wtOo+=v61=ynpy#~{cZFy>}nH#&p@36~9ANtlpyCuBfL~s--3BrUZ<d{RwqngOG
ze`Ty}XM@A60BF=u&ttb_aLQRx?Jxz+c569x9p`h=RG;G478<x$PA%`A!*PGu<91u1
zUqbQIB<{=WkIP@4TROH&waj0ZzpL2s8FsdR|HJUR%r~5!LF!do&~xTG>T*LEfFdmL
zke^Jewvn_7*Hv_xI*{RfIA!A=kPEcy>kH4J6)=f2L~#sZSgIZnYD;+l!{E>Q;aE)T
zaV6iRGL%6OxA-5-=950>4K`<1Pp|ri;<J9<epq|mC_l>aP0hO%M&Vzvp=q|;>_}(H
z*M&soUAr!w-q$tjBq9x%E$4(1t_^Zl54BL0gP`FsP^gYh)u1s()kN{COdWe_8VR7`
zXfh0f5cu07-`U7U?7i~pG@<drj@y2{;mgc$z$;}~k@2v&ZXK+!7&mGu>P%;IFQQ_j
z6;7vbzCEJbY&1nu(Nb4mEtP4ipDgX!Dvmy|I~_HKU!-JlRUK2IV-ZtplRJbA1WJ&%
ztu38XLlgur$1<c&P>xq58Zp9uJ?*aV{|P7vQ^RNFqfNYtU?zuQeEc;SFUtrIo6YU0
z9n`K`?Cq`GklzkS5mV*05j#js1)qr*$c~ufF<F{n{oG2TmN!wEOuwkYAB=WD<T_jK
zI`$6^?cPS!AbP%BZPkZ+)oOT3tP&gOv6!n>BMiX^E$0<nD`U>C)XhnzguyntL>^4F
znaL5VHYv91|Dv(7((TiJm<+vBWzPqP{M%c#hYIe!86EPhI-w%c0O$olQ@v|QIsXaP
z{iKj26v^oCQ&z5pgJDbCIx7>-Vo~wCD>^FoslQ;5Acbsj0fef<Dt@8~KSv-c`LKg<
znDsR3F4xpAt8~lLlpY=hUGg2gIO<e#7DLc&Ba&%DlfD8rbLMpFA$5$hB}9Ld0wJ%3
z(0&f-Uv?>SncHdCilTzlT0DCWagM{C^);_*o*K)|q~rMCApf8)vmoX_0zU$mv$vV4
z`4F(Yztba68w7Rm7Is5M4v{?1K6Z!}haF=r^#+C{^RDT2M0_26+S8<31HEK$T=?Dj
z<IJ3Nu6O8SdHoo7?Gl1vlNrqSTTp4w15Yf04U0wo?RpvTb@jG?bXc?B)@Rda6C?^V
zXX~{;jl@Kg>d1pUv#^3yzR$k8Uk#9lTUF?bb-GLxzYd)Ji)%Tfjt$MQ&|b&^W_pOI
zFAM%L5G5wFq2S+Z`JVCFVoPJBz~Ekwscf={f^N^qU50{#nez^3k^vtrf=l*S8T-1N
zO<PXeKQeMqD@k-U8zEMp#=wuu*T*0<73@YdHESz_aihTA418&Wj-wqP_n1FD&R=T^
z!ha%0sbEKy$7XS9ncf`=IEIFDXr&T=XHz-|af!pO@$0h~6BQ3&9YqY5|BmDhX>-(;
z+jai6AigW+Thg*umfrj5u~~^oPlZu+S3A&Efi9R&$g0l3dp7lD*dwUL9D@19#)f>K
z6?05ejs1?X?{{tiHpTX~t&~RCRW6OwUbpOks4f*O3Ep)>i|X*KzjkYxI_jm*F(@48
zZ=*5}i-AO{&AX$kpeBC!;GGcL1=dxL7_x;|PjRnfpX%B6M`YNWcxXm8JYgl-x2=Ad
zJ)TsH^z;D$bu)^=moAOohf$~1pvRgTIM4m*v!3Cg%Nvhh#=3t$X9Tt{QMX*D$#|05
zyf^V4-Cbu&oQ;t@fYKcZ!?KU@+M9{mMla1QiFOOX*P;G9%Ak+}_oFe$cppfC{*1TW
zE@}3-;RK#KD6HUmJIz|cC6*T&xXa$p>%qeZ`)2Beve`91k1dMt`aHisHSLxs8S7C(
zV0M0ThOrqVXXSVyrH$J;qJX^v_)otp^7t1u#zgq?|48zEpH@H-xtwbY)d<<L2>-!s
zzBraIukNeBj?4NSql?61>#?=D;eM49XLpJE<)D|OW}US^i{={r$HOI%PF!`?2@14=
zaPl~&iOL&sCNqpF^x9*|U)4^r>O`C2XlYq3pTBUTUT&(^tLH5)0)&ixD*t@dfdV0r
z_}rhB67K9ce&Rv8A`qv5gq1q{3fRk)KYi-^YO^}R^ZhkK0kGm}!MIUw*kTuS(4N0x
zg2f;w$>&V{7xxK^V1gtRuOD>^f<kWI1H5HuRgy>TPlkJ;FDw=>{J33W-e8&GV8X{f
z-+mHF<qS1|w|<wrqkAelC1F7-3ewOdbqjkB-K#gcPzz<<JyW>@vtStEDz!g1tJr-$
zV?PUO)NdAz^XG5h=(RU75Uu>bil2?RZul6Me~+EcRKGoex5Ih;y9*P&Bot`#aK4F`
zKsxv|(}BG3Vhpa7ltmMJBMMLRTj*fLshP^+miG_E&6jwDv4wnZwcGCXI39W4;t4;w
zEqchDjsIiR1*x(oz2kWYN9vVtMjulcM|PkQ@gCY@b;Ppqauap#d&8>i^%~M0U{R9G
zG?K#Zcj~6wWsTrla#mR|;2ldMtoC~18W3P)n3K`xeNG6#k6k1j5;1zfLG%_7x=^42
zKHir8`Y92pz^1tUih=v3&}9CzE&J^zg>coza~5CytJfQz5x6D}?6%PJuePJbG9fPy
zyc^g<t6GW}X!revnB=w-%wtKu;)-zR4|Arh*KtN$*hBdjt}31tDAw!IN%m&6)gC^#
zF#MQwDJlt#A}y}^tFhd`>!=s_<Edgfcme`3VszuUOu#{vjK_HjTDSdBTU(L-uQ)lB
zsKa0B{1Y!>0jvUfaHbPIzB0nf?csFs-k-7KGw9V=(}V7p7rPdt`2?eo)>%V1J@(^o
z;(<y=YzZBVH>L`P6n$T$O3|2!7}IJK=&|}2^z$KfXpWyvKfWQ1AjMUdbT&A2FfV%F
zAifvAi4+x$rpFv~;g3@C^oDpvm=Qm}t$dA_jqT!E(t7}f7l&THLC`68C{qNws$<b{
zR;FaeUMHrpABvVDjqx&gBhP!^{N63~mO+<0Knju|xl4qD&|BwxI_N*$$@ugulB>BU
zjZcMWSkS1@5Iy3a3CSNW0`W0+Cqs~o?p_c0wKJl3rraOOX$p0Dq^U=2tVi*Ur+dbM
zGc38x|B#wsD6&doyUh_-8MYgn#5yG~_ph1O;1sj1Wcz6)U8uf2mWpicSc7Zx_4uAj
zUG*TJxLn%5q&o_yzj{8bOL~&^%UtGx$6LW}8k4`^hQlTT*GLnaNK6}X*E2poz_cw@
z?4A(vKG5*$kB(*2*L9v;0Xy+GbMH{4C?d$B(*L;6wc5Tl%?|2aYqF3(`%oYi!K^W`
zrQ;ql(8IYPF9!M=_T>s|4@&TEhxi9fXK@Esr_1k!iUuI@S6n09X|a5{VDrpbM%817
z)D>VDPVqq;aw<40%xZO;k8ipLqqrF6lT`J3T}6f;v<CDb4mJ^T`ta?vwP+ct)9tIT
z$vo1-I;-=};b@cDt2Pv7Ps73wmv9^q?N|^&Lqeiraut;{lEz*mR(V4L?}AD*vjRg#
zMC=w+<JpSf>PT(bDibNT$uuhrL}_p7S<=fS;6tE^bI{+G#!_=H9D;tNxSJO|dUn*R
z(iMb7>v6(%s1Glp*5TSe{!|`28<F_@zMM@qjt+x$D9$5^d3od>+z71<6oh1xnkE9J
zlP;O!AdEcfD5OCbE^dDQxM^X^5K_K{zZXxZ!wfZ6Yxtp>VA%~1h^3BU7sjrN%{GT*
zQn%&021qMSIhZC|q%fZWnj|{DI$=H@XqK$mOpww2TP)61$E^b4W9V}J(TaAww-%q>
zMqz7SK0KHR6Gmh~3HnFYn{U43Dq>uLg7EojtF$N=gd1BPhcacuS5y$XVc1GM0<X-B
zElcH4+RLjC&5FuwsU{p8a%nj*(>vpP!^_j2bj4%bGAp9%-j%R(56z_w3P;ejg(=7s
z&`2;D>k?QHatUY!ePQE%hC~e}KAb!<k1)f!Evi0>ZGT9Y-Rnmt=>C_diPB}TkDrZ_
zZ+vP}h`{hVA+5@eS8pkz0rVOb=mywU$16j>4+Qt{nVVa568eU#T*98>=DYA?@bug5
z?{(I_C-)JO-I#bDjVsq~@n+y^yis)+WgNhCB-x#Tm%ElaOg7&wjm`4mC0pu}iO$&X
zlEy>c>%7hm)u7)&3Hp^yj$k7g;+8C@x`Lt*vJ_WJh^wB=nH2>|yhxKsIifDlwlheu
zatA>8YD64Sq#k;Eko)+Nv*X^X#Uz-iC<>pJ#Lqe*IO@n4pCM93<P~%F`j7r6Ns$fK
zN#phy#ja2OEAJma^hiHQq%PU(EfkLRR|4j6vXEz`k-)@Uh;SRy^zrxoW>$;s4dn`v
z{4a!+Gz~6n+u7J5M!zhAo<DC{tIcVIbMPa0O__9BG?=NlOoHtf8{!VV=Ds#|UrwUj
za)Nl~Xf--#kw1ViUx=Ju?mLyFkbNX+**rFb9^N}uo(1rZKPJ8Msx=ew+jrt$wgvk!
zzJ7nP4@e&t9t%p;E3g25)Fjh|qA872+5XUP`(CQo;$iF~9cqQRjhz;Qt`A=wl<>oT
zqf)<kaNoqff}_TC@y`p(n0z{v?Pr^4vt7hTSILOq>r^GDzU{Bd15Sy-Jh#9LJQ9YT
zOqn<{3&wzZ_LHd}r|IhEe4C~(pDr9G1X9^jzxhJ~>4|)wE}U?<_Zt2(*}SHm(;#hd
zJOoMbz-@|~<~9<QG&xb1ET<>yk@-XK355FBwGBn4%!V#UIYrDSyJ1@-2e(e@<oatq
zGApv|9~gCj6X^i+#DmONnUP+PO44j*{9UjZWQkTEo;W8zvN-UO%qtZ5%F&XKs2;c$
zE^?Lh@moMYt_Tw4XnD6|9NcJtTSs;PqTl(0yc1Tkh@<L8v?^skwt7cc{DwDz6(Sdu
z{7$+gA2}C(n7Lo;KtTzm$K25}58Pw52>ZYIR6N#EU`ytZR#?#BFsaG3@6$uTw~k0<
z9Kj6h>&44?LVuw2m)&n!c40a_QgvP)TnB6shFNtZ1sigCJylA($$I9YNff?xMRHLl
zaGAfrZw;E9e?6IQ%Ym!uS`$|>)6)1>g9~Hz*whJ4^f!9YQ#2IA>>K>cD}+5)_?%Da
zZ&ao$F^*+551*K`jSIs{v)EVuM-;RT2cJHh^|2P~#F>0~7y&B`uqcJ`FgXK%g~6Yw
z4yi6U*Zj{5zJzBL_D6_5kO{WEJ0Pw}U_LkMn#irbC>v)_kOha`^X=J+1lIxhwq+$6
z1T6|{A@C@4QfcL>%rC@e6x`z6nN;Fj*{s&QqRV{#v}&E%Biv5}{NjorryPLMLO~?t
zZQxi!;N|#_UIDs|QX36J)6S<J&86zEX&g_h(u>R?Y3Knh9$OHVp$LWSkp3QCEp-Zb
zRR&51!|1%iz9ab0W6{bsB3?o@S_9r;MVt;=GQOo9nvI6Ys7DJO28C6aOoRr%qCQGW
z>YPG%lR9NV^iAIG*22e%<o+>j5&BpjBDEi|OpZ1`87)PF<`+Z8axw5_iw@IM06SU9
zP4gx<MB2aP${f?sy!`eJA?<YI*OK}z3@Z;x2AYPc;U#XX%gJmrj>Tk9v@HOk?}YIQ
zf7^wHm*&JF(Yn&^!tHPkT^~fUCBKnfLjo>2A&bYBKpr;&zT*&j8{2Z?<Q{*(TUDVE
zL;RsNif7!`c|lJYF_%4wCef1wTPUCIh<;OGL)Pi_qi|<L>3E8~VM?;2pslYU<L(%{
zb%a0|%uxK`p<DqX5gRSSVm9-L@8kqXkT7&F2BcTkB{AJ8+1do(X}K=Sh|7E(dM!ju
zcv1k5#2!FSG2~Fq2aKe~!-h-zpxF1gIvgsG+~>FBdPOItSpGpes5xyWeN>*90YMAl
z{X~Idjau<P@x%!u!W*UC%@Z@if@aOZ>viXGPB=H6(4PHb*O~5=p;c(2D4^+hl}lpL
z7y@-qR;UWu?zwd9ASz;EH<@;(e!iMYsxJN1nsWdWmVGUrAaImoSBv8cQ*?u_qig<q
zCBk|E{5O0@+=|(syOjjt_yOM{-m{$fO8&o4U#3&DPNiwJUQ^p*{2HekJ*9b$yd;K<
z^9sH37oS$@W(+CMI4IO%x!#CY`QzSZj2NjdN1KD-0OkniF{#Zh+7?{d%RNokqaeU1
zMX>85%c1q-;^>Y}u=7$L?(tH)ns*Eon|Ix*rg`)Z40HZXhwXbgIn@~X+l5s#Kl82W
z)W~>X@F`A2{>W02_(?GiGeW<lsEbmoZa0ALo8IQI&+le_o6|MCs-I-w>=a>2o<&~r
zPhCBkANfvm_6hr$U5k~wjyERB!!Elylz^oOAS;XujeL*+hz__UkzOgr;q?{f<6lLk
zIKQhzrq#v7o)?UZGV1IkCIr{Ag~}M~^uCv>b5O-;FnS}>Okn@Mr|1;G9~hLusEaW^
zm79O+uv>RS^i<{oY7T0DNc_`U4T>Y~X2;)O#7`7C=zIN;zA2Z!NXkVApozNX0sHs7
zhw)RKKpnd5@2T5b2M*u_Jma+Te1C)VnS+~7hd-zgj1YkBPOE&CPjIPxdM7K~M!B(n
zxr3qU;0k=d4|Jqx;DH>O!K^Q<mbckoXl)q!*#cAKWA|-wV(o?kr&ZBlB&G2?+C%fx
z+?<_T<ys6dg>kd9d)Cb}Ie!-=n{Z%Xmz!u-WCw!MI#n^sfpF_k)%~q?f!9pJyh~PO
z<dOCeT9(&i$2F|`FSen{qpM;R4bo)Nc5HwSi8gALR&kdRKOnHj?2LP({718(K@5W^
zdM(UjxyR=_w?SKuh*bNp&`1Qp@u}#5sCHJq|C8)39bzpts73-if;8w!7#GmOg<G={
zcr+Ba3^|^UE1x!YS)+pg0!I2&fV$Jk3nqS=$Ofex1-C|<1kdKO3&*S$swfsc<VrBY
zMGjtjnOYRjNf_Iz6<fwG^5h~R{>y-CW%>a<6EXtX?cd3B0WFH8i&H|tO%B0H6T$%B
zI!^QPk{z{7H|Y}Uu<8}3`Iszs+taU<8D$5<CGJ3Df3pw?#dqWmkYL!;PX`_Y#%vx3
z#0m9~)=mja`I;W7^qdWVFjXI8>*-Q3S7U3P)9tU7$f`;%Byp7|^9HwyqomCb^E9+2
zx$W?1)da}@?w#17G072WKkYQ%;1H8d-0laoNQW3y%31Jv91>}j*i{y+2aYi3p(VGT
zFDhw6S3{pMFrz`Q!!~e2ksU@kBOS4b5D;sc4mAD(sMuzP+-Ir?9`KGlMw^6<^v&|Q
zq>t4y>b%~;g3<DMUh&QPR{E#DVbMhR64cZntMp^AmuaMNI&P>L;^Pe+q*x^Rda)B+
zTOpvQw43E{Ok}^aAT?A!G1{hI64lP+P<D(%){5t(XPH=tF(4f(Waq+8H95D~W4vhx
zy2Lryw<u*Ejdq4Is<5M;A>Wv8I_$Os^;&Ey8EJ2Xc2}nPV)uBMZ%-hIzwY=etb)=n
z#A|SmYWzIYZGPFW>@z6dh~rmRKOef&$8X@GLh<6SsSX$a96#;Kz>%`)-KLOAk;G4z
zkFe3m*z}v_QZHBcTs|p`2#hQBak0z9dc924)xWW%f68d(s=wMohnTJS@-UINhhY;1
z;#ObVLtj)^ODa`lq;-nQvWARy#_H2D4ITURJuvjzo$q!JrLW_VOpm)18dUE$1)}@$
znB}eiaCOwZ8*btZM!RJHIA^jOk>1-s{19qP(t)bE(KKHE=u&O{9W*fwgJRBSUDHv7
zOKVr81N-WDonZpCH1_zmr~E$sxQOGduyZU4K=VgWC@6M0kb4r@#(kF|>j%%n)+x^d
zKU1zKgT=$%)Q4b5XdCa?(%~#j%oVEf4`8?kMrm_|Yl%84+4q68ThFeCcKk{|{Tw<~
z{UT2Srm0o!OsHw~2%dJRlQI?V0YFY#yzog(IDMs}9G%MADkynW!`5{@df1;1dY3xT
zQ}32`2Au0zEM1dt9oCVE<8fhrz_)B#yKT>Zrzvk8rBW%PIaI-isTrQUL5aNNsv>m8
z&VjBm2+?BZ^G{FFr?m)I&Do58J6?)JUpI4Zy3(9**wo1U=Z3c9FTEg$PPuC88Gl~;
zvluH(B6E${e|<h_V`4`EDFlwH4Z6B{Auh5A%ReC4zR&|$avpo@D$IUf3VB+tm$S(Z
zc%d&NLt-MHxf3p`@0k3{wKfgs7w1a)@7D|}pNNY}%h}G7_Qj0_S2^VBuxnC9k}>83
zn2*sETA?B#=M>C?9uUXv(-th9g0wKWkjhD**$q|%LK(NhVx+Mr<<ZJ$eMhD$Ht(m3
zKtYS#)qMEvKOQG!c3L%It)rP7HmZA{rZsI6JOo(B{RET2$>rD@Ji~rGi>|Vc0SjRr
z{xNGR1^-niH9W@Yx|Wj1VZB9^e^sg(;Z@Z?!Zs?u3D#17X?HCQ%>s1C{GxDXGM!Ru
z)&gX0@Sm+Xru7>}dfYI?P$It^HNO$e#$A&d97K&+aYF^YLJtqVDA46CR9P`$Oo3~3
zEDVsuTjL+`^?F@e<I<t;YQFY^2M$J0<fQa&gwpU>b&(nMHJ3EE@v%R+ASYHmo-X6@
z47j_Q(^g{RE(*Nn7&s21>)k%(K6h56cuM(EPAhy^g9wipvHqT~^|@x`^E#+Xk!6%5
zjiLj4z*va%qx<Y_yH?Nyt~2az_=vwjd$h719m8r~lDnQSClT{q0l0D{PLY1ILY5h?
zain|<tye7B!V{fou4xD{JSR<SX<H}%RBaGMHTjbjDF;jUscWa-uH(}`A6jAt#YCin
zrdX3)2MY#Sdy;kzTv`oN&)T^}Xnvy<ul-)zz$}$LX>PhOQOay#>7RlXi72@*mU`3e
ztle}zfsY=WyNtHpgeEowDn(fHWm>{=6s)#+HWoFJvVMW%43H=gaXrK!d#@qua=o^A
zU<Rsm*0`F&x4;<&W$3Eb*G%1B_&6qc82QoeO5$%P##m*NY@0HOK}?^+n$Eb&w_{<p
zJ~|XlLgq(a=ervtwbg$#1Nuheg?0YK7?^#W)M8DV`nVL=(&+p#<X)4#?di9>a3fen
z8;KY3Ek6jBK$j^>4P!J%3D0j>(<{Lfe}lHeYweO!KW6<Bz{2PTENaLgL2S=;i!GAR
z^r5c2OTnUJex79?&!5yP@CnXE8&&6-eVPVz1@*i<7M@yS#egqv#DvoC9%z$2q|VGP
z(C#)v32DVz!=IbupW=Xmmxr|Re8vak7-#1pI}e#orvq>Asud5<n^;v$52Rg%u&41K
zo`Zrm*Vno7ev>nGV+JRYBKGq=p<Q%Q5SwLvfA#mn`yZS^c95Zk;vcDn&RZ#_ZTr+_
zXwA0%yZBxZK{pp~Csnf4%3pNu>F|2v>QnN=T)41>Ztf^=cCH%zlT|y#^hFZ;@Jbd#
zpmpe7wxi8ui4K^YXZ+;@aZBq!EjU-k`yroi^6hUV;m->ldGI&ty;--{A`BU%J}wc;
za^)n~?bNdKdF$~>hK{t8L5(2K05cW1k7AOiBd+%B9Azo*@d6jvXxF8sLDs&aqfPI7
z$#=PDAvEDLp7C{K;g1=~MZtlLC;^((v@ccp32@mYsYiOG%K?z+!STju`$_lV-+sfO
z!gJV;<U=L!6@OanvWzbXb?(nQ%9~{C=h?Z-#8V>Jzp*n=9zES$xWjC`Ob$P}y>{b9
zy1JoUO9xF@<kp)H?9|sL^0%9Oh&|JC_#kd2|7#bNrb9xY9_~3d9eF81;u-v*$U_R}
zfP^0cflENvANI;*DuaC<FK#c-wx`(kUn=^7o*V|kK*{p9bwRjX|ITV2;q0{O$XD`J
zQj7)$`G2k{=^<3$m^)cg(W8HU)ste&>+(tiJfi6FK(+!^o(uEj3m$$l&=%jb-y>@{
zR5(*;_+$hWbag+2+_3l8hYULWXma@30s^qB{Q4e$GDN@A;y>?6RtSb1q#M@Fe~*&K
z_<gg7#1DC2TT|hqb-S>IFAHYz*Qa7U?!ode(H+A@G8}U0DCQ27r`@Ppke@UiM3LZ&
zD*J;zLn^o7u^<pgJJ)-08#7<plvAfg`es$3cXQ(13QfxM&|a1Lx~cN|PxeyQAbW-c
z|B3QMX1(1{4(neJhfYom#0z~lI84%j8;_XGEMh0T@X0XQ7}OyUWHh?v=HaAw)q|Zy
z-J{R`@^{&V42y{DN~h1a)Ha4AF}C*}ac|(&u_s+>u4|}@^oRSiyXVKJQAAzc*>cS^
z_cX}iJ`&o@-_ef-QxFvA)g$;+imV+i`rd`iRdb}x;P=(5%3q!8<~}~jRX`o)#n;_L
zQ3j&ofPVa)Gwi8LE|%!M6S>Rq>b!MAOdITEgYgY-Ofh2@$TtDfUQ?%2%UQb!j9bjQ
zZflYL`06s#CwNEfK3@-|&A6bgZZ)CfOG4g^jU)S5C6a1-<uMjjULu?MRjq6wR0Q;v
zXEngPCn0P^05_M2sFaa$VNjZwf9cgvu$mlzk7}OkvqTye)K>W4!p{G?V@~x({Vj~f
zG4rgB2eLN)ir~27x+Ir%IZdalm&e-3+Fsn>DO;6_>O}1rR|o1&y#Im_IBGy&&mvj(
zI2~Z^_&puvU{q*OO`%yW@@yViI^53YamBMynl+@!0MyE+0MKKlcUd-fUXE>eakAxH
zs1L4}9nYj1rh~Y?H|qaCLS9z5xS7bLZ|`%$HIoK657w(af&@<?j3O8j+go-QWHJ%h
zS55%9fatB=#yYY~%4VYI6x@?H^Dm>um~%T0%(a-y96N^*8}0w0AMe2A6JZ<;VxL#r
z@1lwv4EFb8kdy^=U-gz_v;?DLZj+i&E&UmE&4eMD8ZP`6!Xk4KHRHeFNZ%B|DH3iu
zi`fXZov7E=d3Iw@FyR3D4@vKTNqotAi2@DseL3YYrPUV76Id|={9;l%vfEGrfYG7t
zeCf)O_o+7lk1;4G>|WgG2J5%K#6iET;&=}#7*iopdq<$tb6Gk|_nO*QwEj~u{O{!y
zL}YUjN#c9O)XJ??^y{Hx^q2vLG5gi26p{HQ<2D`o^lSzHy7iC*%wIAnltZxHE7g#~
z;hcyv<EVYc&;tkR1}(hZ&r*)C^X4HbJ@R3Q6ZcA|>9d^zCy7V#;=yQD7Rd~&w*U9I
zfPpAc0TIUOaBvIFT<Amx`#GT;bi!X45-$d6*-*Tz>GI;If<r=IIG8O-Md4z)!C{0)
zf2Tu<BUucV=t<2g7i^AYl+6%cR6yK0t7{?6q4eAi0Bz%xFXvb1q++`HebwZKjQ$5{
zG!%6dUfK_0JsF}tH@pAo*nci1+s+WMYW%wuKy_TJv<|zT+mWQnAsmdTT~+j+RJx!0
zB;#g;_!8Hh%!8FLe)+5-fM*&;XNnAGShYAb_=>>YpqKVcSJ-Tu>RJp#T!?R9|DS^n
zI;iGms2PFIaGqrTP^3e#3@Olf6?F6qvJE*Gk`d(UwR{0&lBlyT!J}MZ;<fnybh@R^
zLdIksfnjFP;~GI2U8{Qh6eBX(vHyFd;Qt>k7$8lCGTKg@(yRsuKA~L=-gZ_~%l}gx
zW9l#J00)ZQcG2~?W`>2%{-TaV)ZAXJB!@r4h6kg(lfVVRv09Q23=*zopw7BBfB6rB
zKuiY3xCSo&^F%P|NE{MOKwy0Hm*V{?*cVNV1m3ln^dJE)%Md<Kkx&u=(ofgGa4235
zO)1=Udr@gzwk1m&K9m1}tFaw`VJ4A?C|Tf-TgGkM>nrH&uZK_ps)+o)ltN-K-fZIG
yJwDKcoauDiY}+9NAtyN+tK@OR>fblsfB{Og#fv@_DgQ=_0J4%w5_MuG!T$@)l^d-9

literal 0
HcmV?d00001

diff --git a/util/cloudshell/screenshots/download_prompt.png b/util/cloudshell/screenshots/download_prompt.png
new file mode 100644
index 0000000000000000000000000000000000000000..fd5eac3501aa87b69c4ed3c330673437f4671a65
GIT binary patch
literal 30667
zcmeF3RahKd*QSHJYj8*ijazWHK+wh|IKkcBH9&9+?(Xg`2_D>Cf;H|mOy~Q*H+ko}
z=5P+?VET-rx~le)U2E;<-u(qAFNuasg#7B&E3}VN;!3YxL2JKy1%-nM4>_{^u#f=x
z<Ab@F81SQ*7zNP5*2LV(_|+>wtdYJx_D2T5cLM``{qJM+w8##wN?~D<O8UOT-J{)o
z-Q)V*6p1O?+8czJ8!#%puksXonk-QxDIRK>zL(!tFkf7}fYH&dP*xl}P51O<uK|Aa
z)D7IPrCy-6>URQivEktdaVb8vwCBI-2feD52=|MEuHE-rIKaGt$K*rm6@*s9!QMgr
zy#A^dE{+}B--M;}RjqSeO#gK30?<>$kA|D4Av+(SO4+^O=jZqlfw}~bnqrBkE4voJ
zE|4eQgGDG^f}H98!-E(31N?^&RMc#i(Bfw=7?Pw&LlVTADRFrCqbyX^(S0mKq<KQZ
z##&YuDJ#h^+EG*e4TQtB#&(Jt02b)gpe@6I`QQgk&RZ9F_&M{J7hiN!ef{~*`gfk-
zmzVYBmzS3|RI_JB_z;-&SLL=w)$MwB1g~BRzxpUHqT&X1oB`*BH-s}3x<RzE`uo!X
z%r9V63df_Buc2a`gbtp<cm2<2KKuUEwwEk<dv!#{4e3W0dzOMjW79=PN5|r~7S9|e
z?e<@C(z+cU5>23$f+u$eBV}<!L?}uM*dRYlOlZ+=Iaq!t!PEARgW!3T4qBN%{}6_p
z#f8O!%fz)yv-qzs2qS7BhV>dlQKgCgKIMPTx8s6RY+jL5xxj(`do<V&pp8#aOZ(qD
z{XW|j2QzqNRh(MrU$^=Hm;1kHyY3eRe}PBzsk;3Muoddm=%?n<38$<$iqWEUhJED!
zdJE!q3T|w_S`LR%Sm~s<tk=hL{#26TJJqScMtD>*iR4P{-R*`_b%zv?vTJzokuuWo
z{U5gqSHFp271NSVeTzk}1S}@eY#klOpGso>L^ZiYiL9QTlNcHNpU8sv+kZmh6@G>8
zYG;#bYdPesCC#3dpYV`K5mCH=Jj8$FCx8@+uYkTdk<kyyd2>s`w%o15>tk}2ZUMGL
zxc>hZtuF+y+4|Sy{BcZrErYB&X1Iop8y`@uMv~wG_)KzJFLw8!)wY*DwU6=t6Wqdx
zchP>cQ+PAO_!jiY$td&32h&9=b@DK!x@Bb7<SYxp>?>LMiqp(3Pp3=HSL~N~^y<pr
z91>~G!<`ZYOnp+D^sz_<9TJu&cOsIUu9rB*jZW9V=`>3mzCDIQmx-|d3_+C5ABa0#
z-08l$@H&iM<U%tHowRLo#T~_q<BdzXMgpsm$8ZK8f%j@FoJ6g=&h-4pEOQvp+-lpc
z!+~O+IGCYfq23%N+4JQYrf4^d+dW*%`??}_57go5BuA^!=6cGyRPA(t{P0kg<g^dc
z37CSTRWGc!k1GEs0q=aN^uI2OF6;01E=P<DzTT9F7ctztaM@T2psIEs;Ur?cP;VSe
z=eD29IC+@ZYj8R7$UBiE;>hNpPX>Zpor{$Qka2k&K1;_?2;$LeEl9ng|7UE^Sx6d*
zjQv(To}R4L8n9n_jVryn1Ur7McfI68fjyLm6KL-y3r5t7m6JhlStU)Bpgwi^fJ5vJ
z^Fpp^#X_!dxok-2wDK`Y`P!3RP8UWWBgJc}{yQgZyd?O&F-AGpo=ahBJ9TQok%?)>
z9m5+>Vno>;{ubyuTcQ&<oKz(WY(^&)6b%z7RjFx@^-6XK{QBq(P0H&Or0eFcILGj<
z#0Si)QucvEo_%xTN4?PylkVx{Gv9C$2TGMIxQ1r6(>ru)C_+*Q<8bKF1+*l$O(VN?
zJ)B4f48AZfv3?}i`0*&+^4@l>U4q?YJSQ*|UHMRjwnTSTYo`9=8~M}Y^-BU~v#Tm2
z^XWZCr>kG~YE+kdKjboee+i#&4RFY>R@>u@rJdr)I6ptZtzl3X*VKxtmIKG7Lh+iJ
zeHD|ste0J@B}(@mZyuySFS?!gM!b8uZmK1+;fT6A5emx{|6*lzlxVx`RiNF%b6wa+
zy*2kCim30tM-FMXSu0Wc>MJjoVLu}JL~O=CUI{>f;xm?+SD@E%^JE3AM2J+{9fTMn
z5vZqeR+KD9cersSFjd%%WwJ-}x*VFw%k#N_wz~2pqZCiGS{+yBQ*W8x1MGp#Wc+SY
z(}fdk<3~%o2;pR_@r{7n0{P{3P33^xdW&l<`J&sScp%2p?r3Zvo9TG5t8cwH*)F}>
zn+jn{sJZi|&j$`#Emo8TQnA`6)I{KA?l-#OuEoA~C0n*jLh&UUtXUKG!mQ;ww}H8?
z+k<jMd^YWZ11|Sh2RIMz-|h5<dPZVrDwL;x+8C|ZnNAdI2bY#39%YzKfB$Ku(hYVd
zx*x&p_>}Z#(A56hH1d!42MA?T4G!1v4_#pMEGP3RLW0As0h#vav&}b$vu#~9T^<c|
zGp)PHgE##jeQP*MKA#&7c6vWzoVDs6!g$`^!v>RcyGfnqdbv9iA9=uquWe*KD(g<y
zB$lZi^`R&GmU@^OqcB4`DGz6;O=j1p;AN96)+)viqM1+n30_Skd?Bf?WY=jj$kQ$8
z5%Xo8L&0MZ&XYvXV@~7ZxLK?ac0XA;@End2%!tijB>3u1eq$Lt&i(7N@l*egklNWA
zu}`T&rtqI&?T6D_E*FV@?Kttg{U;&naK6XW^LfAMSPFI36(m+_&C<c8*1{2H&GrT(
zi$`yMfkRpGz|?Tht`^>SCcZpE)Qu+P!$%|HkDOPp(vbwhXK!>THtDqBLkfV8^cv|>
z;N?13@<f1c0^`R8gk46jyR$3tmeKkIVEFRgy6^T_0&Se~>Vupcc&}oa_e<X{^mGxf
z$=Fl!RDqnBokF41i4oqXPD4C*_l|r-tlm0_@$`>9&~U$^&wU>fE<0E40uP(ubA-oI
z&oRiWRO?zD2p-DQE?KI!87FS6yK?9cD^QwWQQD~&DkLY(D<=6&$GURgH+}vx!CWZj
zest%}C;ysP*39MJP|TYld21+o|1H8_V_f3+P3?vYA0RV~Br(0z(QEHbki3;m@jG%p
zxG>fc8crOcSwrE&d@0z?_4p-5rwW)rCcv$C+#jF5IpK5n%~;}CB&u^haw*j*<2~)`
zaxj)5K8jK^q?Jje4|w&$ZaVS$Bi1b(5-}&kryp0QZ!1fyZj0nI!q?i}#p?D)P2n*8
zPd?66C0qLEBDT1ITh}ClQSeyi0v!fcm;g3k;=QYd4?Ws}l`2?&%9(Cw=q#O0Ui;o5
zqCh$th0I9H=coHngjUmfvk#WJ65#6R<3-0cy;c<@BDT>X=#Z2GFar9;^IS#e=U|i?
z4c=-pgm8TO2^y?yVRL^zR;OQ+9`T0a(Kh9My>Qg<>w~p};jh1}RkeHFPc7g{Xf_Lm
zw)=pW)N88iHK}dVF_>XAqJK30uIv8uZarg#ijH=LTP5qa_zL!JSJVe-3)+rT%cRaM
zgfiz_@^~CK>v9DAJYR(I`h<LOl(O!wN#QFPWgI{SdvASA-X3%`Iei&8HOL2Z$E@9K
z_o3ykFvTU5s;y$#g|OwFe0o?ExsW;Flbtzey)Gk)Y-xlUjSy*8y7X3!?ReP+=gdZ)
zobbr5$s+Sd+`Akc$=m6YZ3J)d0e3?;K<@(gpND*rqWF%-<aMaOTgpMwrBWh|*89l~
z)2lFB<;Rvr0fVMs`|Gf(+-+-7*uL#L1g%=rky7;%i(TpV%1gQ!A!b_wChf`jXNTSN
zHk_}hjP!d|8(I9$;YRuTn{>sve2jfQuO%R-s7SAKzj;Q@QtBp-E1F23{Q-!!py`ab
zzFJg%lOae*<6<=>O|`^kIAiN{FlFqstypBg&t@@$p*J?P&vGS$@=!;5r;U)HT90xv
z;BeB4Mn1co;T+fgPoeQ7gpKGBZ27A?cBb~4>%IOY=C&NShEm8Azn^F@@<8NtzP#L5
zqPcBnjcBcU3$a;?8IFLS^LvELrZVYdrp=?Jjr{-$_sctmYmv)OUp=zuN2IXcV6PDd
z31ju1;_9jmf4`+O(;F#YbS#lNXA8P9zc1O3ZcpWuv*?KMxH^<kEt}7If{P%29Hn3N
zJ+`viqJIhwPs-(7Z{)gZailgK$LI+fNvg^}<nT^85_V7Eu)347QNK`m?Y4M4GUxQt
z1LLYDc7gqmPka?9q;Q!ql)d8Lg)dM5SlybdG&>^K&!&f}kC)pB8o-rb-3hAtsBfbm
zlsZC(LQDJb%%eDlV^@bB3Um^<v7}Schnq|eH#hTs8FZ;Vl$!$yzy_)bc%0fAQ9Peo
z-N*_QMb1t96D_vxScC4^5Vh?De2xt@sxVDMqB9Spqf?ian&cUu+k+aNHoagU(u8jP
zyj`$)uMn8_-jfxA$;brHO@MFD2YgRNBXMXrv!LOyvH~W%VD-lluER(Uwwsw8i8KlR
zI~odDFC4@I-Sd6*oimuR<XK{8>hL=+ziHRniKbxTi-_Th8_>xo=_G~&)0bFFFAY2!
z(K17q{c+Okq)oKmB6{q1QX4XqGgli)eC`+T2g32Dfeu%!N7%MZy%}Lokhiy?!13Hk
zQ}{_djY5mgT;w^-e3Q+Z8Z(?5Q2ToKNrTl$EB^c6tlU8G*RQg>SM=p!fc+<Y5dHNP
zx@%r&7t}w|0seI~MobvDGRCnYzwn=TV305(H3hOdVuziQ^`B{nVh0m5n0`l_zNF+&
z@?(l3h4tczGN-G2`qQT&^1zC3BJ<2kThRTvNe~b^*DiPxg=QB2kG(|EAw7xcctc$3
z-=2Xo0n*P=UiE%#_*>uqpC1qNE%H31W|ew@<0$eq9W7YABxtKxAYg7UmR#>~dhRWV
zzUa5bmVdIO^Iok)`AT+6v)bXB6-6dAaL{<NASWgn_4q5@@3`6VHgnjLA-T@*`oZrr
zmf^TaSI?=mMGx=IJ@wvujiGCgtGgP#qVsbag{-N-(CEl|5J>F%f})Ve{RLhIkE?(6
z4ECfCyZ(2;Qr#(qDb6In6KOyn8%rhB(k?k?bJ2YH`mrs^Gi~4cw>CTIhpy|1s_9Yi
zP^!y$tt$Vx=Iw~fcWS?Vm8xek@2?G%O&mQ<dj`;L7H)3dvyBmovMG}}w3<`>GtbLv
zxSzmbj`|}%w`pj#7phg7OjMh2uOF^0TkX!-Ry!S&l?tWy=qF%8qo+c~mP^EIL=)cI
zi>5wJ$nrYv5Xz<TCo$=EN=rs(oFxio6GKW(b@z;X2V-fV*LC33OBM7$t@pkzE~A#p
zgV7bH%^qyQq|H)o;PZnKZZHOU)Ea=g$!LBp;hnRz#p88yI{eU(!gDhG^?mHPUb}ew
zbEX06+s)qKypP*Hib8{=4{xmK=dH3|JK|3s&D-9kgoYw~eX%Z9N?lzJjcI8h|N2_!
zTjS}9<qWOr@Xkz^dh)B=G@PPwV2G1BK%w$j{*t>4w|)B%VYW<-&NP9PL>+pYC_Cf1
zh1q^$Q*vb_f#Hx@e0&(u>Ur*5UES+2pEc;&nr83WNY3$L)V<a2pw{{JW%efNqz%wc
zM1Qe2j+MK_VcMfa7sEwBEuYY>cirjyh@Qdc8;j>CX_VK+7T@0p3$3#`MJ=}Z<C_3V
z#d32Zr}e6cj>lDz&`cld@Z?JbiJ(LJnXv6_ITjbKEhybdL9=Cru}D5EZ>B^EnCHQ<
zn&DhMZ2RM478VYCzD*N^fU~5XuP><9d_&IL3xh%yQ2lnz_iPf_>~bOinQlXi`lSzo
zIoOOZ@@GJ4N##-*0=_+)fhOR>imQn$p7QJjW}N^k$tZF4N}YWXuIe0p7bN2{(Zx6w
zIa<M$%uo!NHjQ!L{Y-GZs-|9GTQA;Q7C|vek%2C?Yv}|b1*W{<@dU;<KYiVd&ueGP
z>x140TW-eTC9wEt`_gN_Y|4=4%VDquk4&=@QOm`JrE-->nkyG&*WeURraGq;E8R~y
zoloKI-h2`bjV3FCOfJ9!Y>8s&f!djxPvpa?JTM%V+R>HT9UnRn(2E`#%9IzC2Fy<V
z#jb|>ea-qe1ZPf){1e`MGHLa?=532I91N51XnWb13}_VA44t!G8f3~#U#tbLYN@t3
zf>t`B^##r^JU-@#25&v_HrVzN7%dJrytn<y=5c-4Q0gfiN?`VI3|B7I%X?v*cKY>w
zjp1Ov0gUJCWe+%}N*<J?Nvr~v{xHzTYYX+fUbqYF(QBEcs+@gh-Lq#(7!Rc#sn{#?
zncID=phd)IAUe1In<d|kNyXWupqUOwzFN!uDLl(&a5Wp1cYYXFu|qJM)vjMJp)M^Q
z>9UW+>!~8v;h+ITrVN8XpDo@VfuEJi3UmdP$|Z)u_e<96EujEh+F(GJp;qt_Y7=aE
zie8h|uzL=O5LJuAR<=(PET6+K`g814Q)1aElH8qjiXxfX2JcF{H9;byjyCNZPqWRb
z#Gs>CR&On}UKd&kDE1cbQgZPy%*-lclU3R{>Vo*;)_6wCcg`KU_JZfzLwVdaM)uE0
zIQ^HZQEMrzo|M$mDSn+Vl?`hH;MoP1ifpTy{fk7)@=?_)C4YzA@6y%CsKgvmKKCsc
zjsa90TTMb{J29O*uNjFJuk(tAkx@V9;Yw><o+ZZ#YACGJtyM3ath!3I5bG%gI}{X)
zWE`$E-bYMkHL;1U(4Q>Te<mwDT&jG&K4n<S9uH2$^hV;hw?2M|;(4=@_Ij#d?`omT
zYnE559CxSY4gAkFa45;ew<f#SC&1f9yV+=px;;iUbBxl*Z5q+8m0Itn)|b4pBiAGk
zmy@$txNiy`FB6)in<hj3=-%{+wW7Bti{Cu1iF3=@)ZO5t9}gZID_WSpUDj7-@p>ou
zfW5H=yslE>Xyinh+uI}Gy4;>(84qOM&A(SmRUB{9<6s}}K_0Bh3VkUYY>4!#x)1H@
zbj6{LoVc}F;jU2;D(;Dg)eGic2z&h|<Z%7mo3w`5)tg$0SRqR=?^*1_)T|}fosUlm
zsBH4I!l+q+^jf5P2&`8w1(ivmTA~p$q-tuER>yjmhQ8|c)qaE55@fj4X<3yj9Gn|x
zL1LlZl~h%l=UpteI5mLizTWDsuGy;$%mQU_XRLa!<W1<e`fR^jZFY}1jlkD?pD%iU
zN$AekI!MTM0s=Eyko2(+{dAso9<2g(oV4A<NCGgNeUtMcof=O?o}j{IusWP||8=*c
z)szss+lt6Lm-G#)^&-$Li$P!UBhy)j9DMi7S$KyW4`$BJNPN7lpmh=%hYJ-(l#ugL
zu}!+@a7A4V%Yul=a=SInJS>JDK+Nq<Y|eIN5Cfk-{j6Ki`-WdtbyzZsEaTT27@^+c
z<b%BFvn#OWN#7xuIwzTEl3Ax^xJFGXFfHd~p3&_1d)C27A)47s&l{(YEl`R>=5>3@
zQRUw>Tl&6kN@c$_`H|q?TROg6Cxh@D=-_hNX@o++`?%b6`fJ_*O#3NG_Pu6H$Js_2
zk1JLpgKo;ZsMnS7M|)N!tjY7Dvt!B)Jmy>C+8@rT;99_Kw`BQ-!6?9!!^9t&d_Bm+
zTCML(%(@kH7MIwS&&OjKQP2*Tb!HD38G&_g>-3XCL(#}eV^)U)U?Y@#oJn&4eWFu^
zvjj6*0_EqgG^-c(y)-QB80)*2LN6&?L95%L@GG^9vwkLc{Pj63sw(rPK}51SB!<Ls
zv_`zVg$b__an%6Gu~Z*+QVJ~RZR3)aq{H!tCmy9~lfrV$udQi1qrx(3k#WD9PGprG
zC9iq>%CqiQ-=suUXVUfo=6{I#);*67#__cy5N*e0x9alTKdC48XMP~RIGO3F3ddRM
zhbdwr2?V^ON)gXjw-M!ctHJQb1?^U8z0b*k@%UMTQ<Na%nI<?kVO(%g05Bf@TuzcV
zA!_e5=Q{dY^nA76nWn>id)r51U8)>+j>~p!>7u2o+~rmdyy<_4((0S7C;Hm|y}3r{
z7X84AeEKX_Jf|%B#m?v;xUEx3mJ%;9j<?#Ci>LzB6lM{}Dkc|`j&z4k^js!Q96MnN
zYznE`i2~`py>lFP3Mb+~2J_qy9Ih2)AZJM#rXwVyk?ozUteela$EI36L_@NT-B@bK
z`Qqv-e_bU@L<bz#KzD;0ul>|RjR?uL3U`rMzuF72$Ep&?P+Ko|>f;BB1U6YBdjWl&
zk%G!lJ)^W$!pMj0lRZ{+Y1r}=!oE)P*~p=HLGCFM^P7WX%U8}3%qkim@oXMT*!Q{R
zr$B->U}Gb6b*U^)j_8`j*_|<lsLGl;&-Fz}CSBe5424q+`pC*=19^xouiR5@V@2-~
zuR~NSG@_13sU1G6HImr(2Eiel<~?w@A6KV^r7klbWyx>U0kox;w^EJLyTx8}NoNox
z(psk`s8l$(`@AYwK~`>28o2il{)Wf!dNFaz@%#c$4LK@<`{O_a{(Ho3?I<@q4WzR(
z?~QKiIxWqBTzVN|_;sg4lTx)75}h`mKpnMe)L<kWEzM-LGV833!y}83x|eP&rn~|N
zoWZX+X^E(Lz-i<t33V8K0Ed`AwtpAl@YJ5vq)9)`rU8e}0ICRWV4NQU@X5{IEZD<M
zE=?e-f=$hr*Xz>mQ}6D8G2n<Wzdd|EAQ2TcqXEa9l~2NBCsAtvSwhKOgtf;7+8C|(
zl>t6~wuAA6G_k4|(dXcB=iZI5`V`e&rAou<P_|SKnGZ{)TjbiYxIf~6X-RtAk@0>F
zu+s1elOz`1ePVEGD2NHP0I3v-ywmLCdTD=tr#tR>1W=q+DH-OdysujLXOjY15!$;}
zZ-UI0i=Nw;E108mob?mVqMt`;O(z?z8~#YojI-Ft%jg`_F7L)4untk^G0H8g!@Dnn
z7C0E~%0y!auYVLJu+I<}SFToT(%u=kE3x^Wvmq0|W1ug5;O|QMRR<&#EAxqN>_+~j
zzW&pFu3XFi=v4vAEe)>u=rGJM!hLRrPUlOKbnzq6ZFL5B+4e98F>R`nn;r98bufy(
z6(*n*D1}uN`dp6Z+s0N2u;eM9ZAh&3^J1f?7BUP%OkV*#4+wm%M(TH?dUtwV#$|QT
z|MAyQ^<-b|wQ|!bPY4Ue({%?5iZhP!Pm#{*<~!<N%qg<x>upW)LpqkaW(uHmO(Zg?
zD-qe7`ny?#uE#@}%ni}kx1Lsx{P0J$qed&^0*?!;U3Le^y}a$%kLV<GAH5mN%1n_5
zCBW_7+(+eE0oExj1{(H*-Uc@;6h>{9$7R5g5WV?|a*w&5?nxl+4IzepgNvGEM#o-+
zWgMM^!y4LnF;^z3OL{h-uTDumSfLxm--j0a4mM!4z|01DEwfh)riQ~KBoe(6&cCE8
z@e$pIv45*vqfS>q`*booW9jEDov=q`DwIA;J&NwY*uK;T_IrAkR@r7N{gB`T0vmx*
zvie^Si@PP$_ogL`6z4Nva}b!F+yG|PD&-m-{uLxZI~MvOzf*GiIeGPqbGvSg%6TS%
z$II*xH#&`a3c@oENh>4Lq&5Yteya@SxmT$C8J<_$<=x~MG8!~F`Ub?|NJ-xkjj=F*
z?fHHW-L+wk4QDb$bRj5niKjlldTdiURMl`9f8p54knuaop4RFFFutu1RhSe=fJHow
z9xX$EX_<<iWO~{hKxsb-*T0GGce1v_$o3MLG(1@EG#p!>?Zi>0?Q>H!C}`!H035L~
zj5X_>$3gc~l3N-;tw3z4fj4%`9p1fMvhI95J}f$Tb@1!{lE5da{8aJCI~plbaPQYM
zI9E}pv71S&HT(gU$fjSDiagR1qJ!qlTjUxOv>ldP&q*H%g3ddcwW8CSHd8~X%HZPh
z!tU2*w=3oIl22ze(A1MP-xIuCiF6Hewy`c~SL%k&65^9Mu7`eF{}v=V+UL3Xs9J%L
zpT*lch=g<JGJohm!U%4)A@mgsMc-yGgsqNh)#j5=n-%}4CzgRPBl$QwWDK50yz7h*
zWMnQf6;hmoN%@GC!f$_};?td|9QaC`J*-8m`7`y9Y7hAG?uRlR_*ssk`4cDL#WevC
z>kgmEtLhNtDB6x@vhRb$d&|zz-MfR*M6ON9QegPS4SEzl`=Cz(u1s#k1Z{D(@N#x<
zr>kgU&ymySyyoK9b|sT0mSQ+5yst)xzPVWBE3)cpCJ|ac3MNEBuXY23f|<m{vIg|=
zC3Cr>Lr#-MLX{8nx6I{qyoFHL>vb;_ZKK&?r2Jm8nyn5Fjn#+{@tBKDJD|C;^1B0G
zU?8#YR5RAqZIIqQ21r^1Q(q2Brhmpy4tm!kU@DeRlC!ZnyPawn8s7gRnBct~`U<hz
zC1OA`Sy?w~^!qUOKw@Hyx3Z|1U4|er>TvumWz%sTDK{9@B&nGOsh)N#%^s2VZ^*mo
zmFkR;dFUNZtHM@0MC!E5Jl`7pS;VJJWdq|JVvKx?z0&)TDV(v<8<=Yf@|=sLk_a!Z
zoIt5$#?^Vb%HZWF1)!YExzMTu@s-1r1r>9vsR`6RM#AkgY412{-<x*Aj~|9Li+WAL
z*l22q{3IVw@94f&iYP>LkAvUUiXctHwO|Wl+pO*I*~ZtCX`bDDsA=>4iGdXm^O4rs
zJK>RFJGHU3yO*{4HrguoWX&^XlkAq+R~9`dW?NTy1t3bO?=6<*`*LX;#Wij1*mz~R
z!f{I;8DV!0k^MqwM3eE9t?^vu5XN@5b+0U~>WBl!?teLJe8Wugn?$?<U(sb^#yhGH
zXbMS?eLpI6kT7g-458$19jq=DC0Tu3uytLvLk-wRW+<|w3Bb!l@|pd)KZ@~!6#*ww
zPW1p&{>>#_|9t2z9wl!xxwFuK^MLs2sd=5yX9i1~H)lQNJB<w9run9LXY1P-Fyan)
z3oD&+C`K-DmM~8T>pm}UvLe6L`3U#q`Xf+42T+F1i=YN%I7i@od+q@Tr9^G!`KsgB
zHj=1(y+c8SpCMoJ9y_u#mRIu+k^9uJy~qnsf~XyhI5l+ZI?1!S=kU(tD8`0w>dhJw
zX!s_>H<xx>@_h96R_JAO!;vHu#kd$b=9J4VpOvt0*RQ8PHXGyuO^w*I9ko=lY@Ghs
znK9THpGc%S?1(D$8c(_4vP88aw-%LjcL6s&+#i8~5=b(n@Q|$KH66Q}ZIGCoKd}wV
z`JyjBMEvFMI50^R?qaf^b~=T!+%h;ZAkbeSt(Rv(I}xn_-5d7egQnkehG23cw$--3
z28EstU4D6rn!o4$?2)?kH@&g*KwfWOyf=_IMcn(4C9dBXg;QSH+&vbdz$1L`zl-Mk
z5u4_HxcywT&04F(_B(llGDdkn6d0)PUzTdRdn3UbQth8vx0=qi(WmCrD({Kt@KJ6t
z-qD?J4}yzNUneTj8%yJ=f+oGK?gK}jLtXS1Z%8lQHHHGoR<ZzlyCVrZeL#xiyN%6A
z0t8;C`!CCIYD*4=)<q2rmmGF3<bgk=ovp7pUX36bh14v=;?p3$<7?$V@-7(}0AFW>
z=a8^JGe?#6H5)fdZ=x9-fgg(=R=(SIDVP|O-V4|CIrpc9VajS{JBe)eMhJ=}67x_z
zC0A(o;REZT=I{{>bq#VR(&!Pox_kI$g#_Tg4N-fKE;d_&gb3eYd4_bmCww7P8k?xZ
z5IuN5VsyRb|DQ_HYFx5vzFaHzEKXs<N6d|&QsH*|q($iPee20!;}8N$a-C23)vrEC
z%I9&Ov|(}gWRwj2<d|b}Up*bY?G&7Vv|B@%5y<L1xS8!1PapLB7glBF8YvkcXx?Qa
zW^|M50_wI^^jcQVOYqtwVS4I5px}D67Y7l{j2cx7GL87*ApRx`@IDqmd#R%S+$~ct
z5s#&UnmEB358{m4_@FRRjH@~pv`XudRCU=eONL<ri=2v=tWLM^dWgiE9Cc_Tyj!0X
zC_+rRw41X`@+PFHiW^FUhd;sLjMg}Zq|IeZLl|~W5_UD}-k74N;4}Vc9K{|n!E!Z&
z;k#>|KsE!oR`18k5fEp4B0TG5(+wqT{njpwhE$H#H#mGO4LL0O&v>R_#CcMXl?L$X
z%>!>Ab`E(EH@UGnb<fgm`F)<iUXSX&d52{A{^kiQAk||lH+uP8gaPZ00zigb?c48x
z2I&@dw_CS)&HPmnZDlOqd35Pn>7%*6|5@ASYk=i%+%L5L-7#25cTKZk<?!X{o_HT4
zIh9Oi5<gM_`1a{dD_Yc`j^m3+W_7B*s4<grazRya1IFRD$HDwU2wQA&9;?Q_fv(|-
zNLJ_t8D`B<(RUOp{cp851SEBBgHa%F(|I(gCvOCBuYIA%aeWjqWDafBfMX`;K`|gh
zIp*#Oz@V>MJdAj<JLQhZt52d`uEaugLP@rqJyR5|S35oAsVo!=WkdNSHp4JR*IaXK
z<3xh8|9Z|NysNPS2CtE{VX<`dt_)Mzu+1ekuDKq09(66Zzld93z)?j=KtqGQ|LYS^
zBI67KOsKD6+Gu!^O>_f>2#-ii*&F*gT~qLPEOp8IPq&LYrk8=e5R1B}Br=lJjVNa|
z+4SKz@^8aMyhF1%S{<B<!g$9W_0Vpg8;^IyVW%dUU~3(}Dz?bX8I{1OG7YISVWuA@
zou(KBKUb91HEzP5@N(`S=^3N!FEv07je-%DO?L5?P0q_Yc`Nk1NsO1i_V8j{PT8!m
z7TGu2%q!TVFDzW6LF&WfHOb7VO5z)_<A=yP-iP#q$1Z2+usoM^%+hTs@kIym-Rax=
zIdMS&p&y$s39n2t3lblZY)8Hz`U8gr0w>5f*r8kkTYwJCP+pc3R<W+Optw)^SavR}
zcBd4&^d47!p7PLTYjIVNNU+4oxsPe@c>XTri&D5@R!6s^lU>Ja{lky^MuPewa29>P
zo~Zdh_zn~$=E`pkVWlc&M&Yl9aQ<6EI8O!=QT)*mU|k^^0^BYA+v~pom?-~m4dID8
z0sikzdNLpyLJt`EBlxfIfvEtII52&Y3ZVW<9CkDiiNmf-ROv4$_WvIb`u}V_ipT~y
zj4b{dP~2ZV=r?<%Kyen^i$`NJs_<Q29`BE|12KFxHfC~eVwe>Q)E@z<dko@K2X^2O
z`9FTfgjRz%RrAZglq(9@6<J{j5eSob{KtP#l==`oD*6AB%XNz(NqoT$uExds_kit$
zprToF#FT>&u>kd2;eX>15^>F0ev&EG20ZiC7A5nmdXYQ-mfv2OprWN>sqBy5e2DyB
zIq<@SY~J!mV55MA4)q(_mW<}!ABrZQ?nA(UF2enx`Y!{%7(ipwzL0m`O*#FsG=&+W
zn_Cw%jY=_4L^(I%9}?=f$6g4bq9Ln7cJb$hhLC>p*=Q_z@84;AhUDhv=^3A#Ot8r~
z08q?>_xYj}@UO>tHiG32If5W=PA|{i9v3?wtF51_y1wR(eQLA^>nFC^Zx_lqcQ_w$
zc0lj}&XYCoNAv#T^<T4P>W${w0xU**R;lc^{?j{VV#$>P#hw#uPWQuj17Iit&zs1J
z7PoWk`Q4?4Bl%0j(!ibyL6KP-TFHL~+lE9aa#`)v;eD#><Vvac-d1A$W%4?{mh|ot
zxYTORw|{;avzZ{E?$c_wnLEu-4#AEz9d`=GrF&}Pb=qzwV{*D6a#YnxTywkcQl#el
z`7gb}4|65+VNqH9A2+~H_b9^|RV*B4E0H73PWQ<3yARjIOvwl1L6T7<d3>&?M4CRJ
z2SU79ynpOWnJydyYn>tFE20@AsFU-voL-ed0ZVmMGXNIpiYZh^VZv;t!jfh<p0B8H
zTcpFWZ*WX|C*cPU0D|kauhn^~hZ8W{0M!Q!+-EK33Umcpl`c)>NXe4_09Zl7-H3$v
zm3|qZm%8?LU8PwfXS1H(fh(ivtYYC!>?f}KD&NS_wGL0oKFP>JssU-`wI>O)$qj=+
z)^hDur*Dnc>pvbLm>;9_!QAxxIT8*H1jG4?bZ@oRp2$Q$5}VW)8m)ARucuhZ&{F)N
z;-TJiLf1QtOwg;}`BQ^OMUCy^MPfR-jk-pGQ-*TkkACMzqu#6!TBh`GB%^b_#6NGn
z9qY6j+x6?~9gz9e|3kU4C{w^QiipE}{2H!|*7xOz<)lX}lt-cYJ-vFFM6q7rhp`3g
zFF5J5r2CClV6-+)N&0!lL%7@GBp3vYbNex?ctg6s!P+bjVKypV*G>^_+N-+EB_D6e
z^IM%QuzV)4!clR_5EH5l`Xu8_ofIq<b9qjdUAxsIFuNMOhvYpj_c*9!k`kVuP3cyZ
zS<SSbRl?DHVu)>Zs8-?dh~eC?ez9^`uf-)*X-J?E%@jZot?8r+K^tij---*dRhyN&
zjVUoy!izH{dwt->cm|)s?r?&M3@|)_w%9cbifJGoqKRfgkeMh$faHx;0=uWnGoQy5
z_x=wAh8Ij_^+r)u-YV_blO=DlZ)_&nl|naEGe79eh!59PX|rClf6j(bfs+qt#0PCI
zq&y{ct=sVwtVV-7PPB0}`yK;Pq|1O@^;4f?2kW(VT2fxGAb8r_%CJ8<xWVgBVNc6j
zDqj?JQsP*2dJjyUDJhmH<9uRaR;y?E`uY~Zcp@n=i79nx=u^`}+!nPg2tZt_nMVZX
z+;c6^w#wygu$Y8sl!!Hw-j7!g0B~x<ktR>7;59RyYAq~zsNtON#zyoM?~*_HU8aCz
zseSS1FIx#s!ir1v?kKZW>O%{sX1i%spJ<y7WtN&=UR~eSls)vEouymNree&!KXOOG
zXEZ3A&PUn?<S8|#a@vT?Br%yvl!|~`=XTl!j1F;!lbJE9ie$f~`;hUc>t~4ZWy}gF
z<_48Ft5qodw4=3<nM>E4E;fr5O{dYVOnHBA>+!q=C!r*SK>as5?&LP=XtnP^$w_zT
z+vlZCwG^9Q1vIKl)hlu__;gH0V{|p0rluWs9|C(DEXH`lNqE>GgxYc5rF<4o-=o9c
zcLS2kQv^M|_A@108Jhw~L@TZ|+jD2B+aNY`(S6q9alPTU9ZTUDT8L=O;N6`@H!3n8
z=-Uqbsnp~+4-zQXhpz{PB~Qlz3`BJY8nFMq3$)*yE#fk@9SXQ#Bw$E<-Fx8bA>t@k
z5b(HGv;_+k4MZd>b+k61qQte3fEQ8fYE1<}^StG}?icul1cz<L637JaS5m^Fkx@l>
zVkXIQXcHs>x-YrrZ|KzWS*jkdnWYoHr|+zFJX*yf54S$5a`7<zw?x|L5~o<8)vk8w
z39qx9w@I!No25(C*i5~+RpIs7dW%NP`+c+JV5)EvEScy`r;w>lUgTcIE#Q54sl#9y
zATd1Pdb=i|)%aO(cRVp(pH(`OPT+oC+GK3rhVSE+xEJENNh`?3ob*J<?TqC#q-}Dx
z6(J7vtJtIVpSrEvH>4ZkMVZCIVc^18ReMH_sJyc&*w&U3xbm&LK^+359WMJ~LeQ`v
zhux<Qw)a`;*}^_+$M?#5S}hi6a%qAQh4NYEZ@*x@fv5Kjix*`eT$_1xJ#^Y`cA?xF
z6Y)xSS|P`YG}1Va#Q(~a-ql@W)`{NSjKyJrE8k+Y&(xTiNUI#)^ms-3o&SuKxt-%n
zw=-W4aYjTkL*Am}-p?wd!4d`2{-Snw2V#&yTdU;l)lTD^aWwKk0q?zX9jsctf8I2h
zXEgp4%FX<1ZT+IL(Uzl{0thcFS&-RU`Yu7Vf*0*zZ!B%lwahNlrRv*dv3e7y?VNhg
zjtf4G#up!QzSK(Hjt_T)^lP0Xsnm6`XloY73ptFN>`2to>e)~*p}_I<#jo1~;rNuW
z!%Z)p?7O4NG1=|H^)fXEfgZ!qE?HV73JkE~KmyqI?Kf3-=@Ji4=H@eDIV5kRC$x8%
zRni}Bh^3lr*K5WEtrl2<6pZVwUto&vEvMX`7vFUqMm4&gOvPfJs+LI0xs0W5_gJAM
z!2BtD{jy+1b(-B`VPeh}14q=WlosQt!Thwv*c5(b!>DW3jzts-URqG(B+mKi0zOYE
zWP%>zUvQ|YB&88L2cv`?B(HlX&^JjW_gj|Wy{^f+tV`hBML$O7GUz`9mOP~B_EI4h
zpxU~ajHP}f6LJ@|m(6mSJb+C2=0HwCO8*Isu)l>7h!XSIuz7S$ltEn|F@XVWlArgK
zM>|jPeB2*Pl{ek1bX8)g))+%@A)CqnZDdhYGu$YTg{O=UxjN~@Atw&_$6M9Zn4g&>
zmWjSYHDPvh)nHaZNI&kT9hz_dy4RbtgFV9ASqX;+SZKGSi;d2VteC*`zl0JjK2(hz
z9KPlc^*@)zgg%9ICe%72|2pCisZA?|;TabHRo6nQ)q{T-7!&dH??#19|A+3szL;zG
zk^CQI64KKMQ{W&v1*7OW&kK1Q*`RcqFm0uGKa4G#egAGhj&pB+b+X)a^_cYn47KSn
z-&y$LbTqERYxfI~wHx&W2CUsw`wn-yA4P4kBrR9lEz&LX!#sBT8RVHSj|=$g$cB9<
z_b#5u)+1S4HuJlG$i=W(Ym9*G&mpy1x`C8A59S+oyv~FB`z---11b_veIuibLe?>z
z$K+aZYKYCD!rAoN0*@F4E*YNZ6uD*mZv7e-Wj6+sIQPOEcO~raT{qc`hIZ-aXC@eR
z*c)MLYdzORc)gBc3uNNMm5OBLl?%rUk(3MV)j;3ZXL-G)m-m=;E4j6cjy2g7p|2ff
zMJN?A1@q41iyjV}<}26pWe!urFjrN&_K|j1ZMHsxKK=4#-($+J;B!SFcB-0D&{%Ep
zjJDyq*HLm+aalTsbApI$zQ)G84K~|qORasZeC(z#xK!SYLiKMeFzqn>h1Hu=xhf@X
zXHZ?&a(A_jPz52oO$y=$kQMW#uvVwTU*ff0P8LsHP=;fTXlNn)>rA19a;Z`dYQs}5
zR0H^7go5UV*19b}Vf^lV3t0ETnN|-(BBJDaH617!^)rpjHZZ^aWnZ+`cwCAxl{1?P
z?gA{tHEpn*4an$nTij%A%TUuj;<PS+*l>|L84St2AWUfg=K^;PRiy%{4{41j`9!L8
zlk3y_K-g<OUyj*_KFMhFy><zw<2zcVE-E=qwt^yf2vsu!h(&sLO88UYU|DU9(D;Qi
zZw7;FD4&xt?Libprhg?^=HTonPLQT0h(r@fTGw_L)QyS{8nxT(y%5xp3W*{rGTB{|
zMmh(wPn4BM&Xj2eBkxXZ)9YDvd&5a=LQpbXE_tiNOC!mpT=>b^BhH_zp11CL!EDq3
z-^_HUn<t5f>*yZ|tlmVtE?e(k051OREh?U+it}rM0Qb25532-BIv>*-LHV07p7!?u
z6tyA<R#!LhYOX8tU<%kDhUMnD(%*G3v*`GA7TWu>Uc}ml0794eru^PfQTz5wu}&KP
zQ{K{d4CuMgD4*}srp&DCA{}i9az;qE!vWOvi=`o1$fdwW*hD(D1@5TC`v~>PN^b;!
z%P67K<`mv|nZ-cuD27cQ&!N`FP$MOzd@5i%S-xwt_PTiVZ3ac-`9Ar}Y(l&LifgsG
z6BtFnAg@Vunu+OrZ@FgZ0}${%4^S#~uv9G*hhR3Whr~iQB)qPh*tfyCaF;(190|Cy
zSPVp`ljRO^$Q-mb3N@Q&hMX5mOnvp*yAdk^R~6r5sTB9otpS;b#Ff=z&rk=--`ETD
z;)^DxMv|+F^*dLd`gR}-TN<@yl(Tc;&ldYTzNS;1fs)O(o04-fxU^CYW$Ih}H^)L!
z5OldPzG!^P(wWrRS8R1N?t{<}PqU;>A~Bb(qux`cGdt+CS>a-DSY9$=_Xv_W(%+(F
zI@-J^7F&9MR%RV|PBPhES!;i4KF02EYD#c9UQ3R9CoisEwVn+jA_3k@Gv&v5V=mjs
zZoT2R5I7uUlsKGJID5oppT@E%z6kbk+Op2)^SMC1-ArF(yIlBeV!j85^7?^iQ2NR@
zG7X}Xyr<be3bRMsetj7BMHOOFp0U9SKC_b$MyJzf7&4(QGmTKj)lN1baTF+v{g4cz
z-7um(mC*0=SzVo4&5{Ua6J$j_QWyldU0o;3l`sB>A4f-oZ4E{-ZnT&S!wb^$Ayx<*
zGS}|H$KV7KM$s9Ubt*|87DJIEBP7s#-yTwMkJ&`KKK&U_Q-1f$x}$%i;kMg=PA3=9
z`KgivPZ2{Ik&J2qv|91zg@PTPA2FfGlFNo}0Kn+1h#`X!4XpRN_7F6A4&_&`Sp9ww
zqcB#A_kHAuS`H$sj}rbY>EmLYh2f$Cvl}td6LQ~Z(R!^(f9tE!UaTu_PRw}n>kWMQ
zejb0=98CpXz^GPE7*ZSTP?o^lhfI<n#-Ea%Zt(^5`fKM)BObL<S7Ni#t)NMZ<tbED
zggLN?7rb!J=h9N46rQa)oWwAQp}<cOOY@997%d4@BK?u?YjU>n6+!G!<%jvEr^#M@
z^sKYr1q=aov$&!Vi=g+oXr=O&I8w2FN9y}*b%FqF7m=~!bIdE-<<VUZb6^DCgobpF
z7+8jYxpy9Om<-+%fNYnx)dOveihOUqdzgB+W?g!OQqbl2Sk<y#p@@;q@Ot|4+V}Q`
zl<`x`xc1xK(WKzt_{XCbhvj#$I!!kRlX@v(1Gtn&!1Fm>t^Jg*vKqxKD<Ht{3j*#(
z4O#xY531hfctXNlHjCq`mkNA!C0~Z-8B@;!adC3d=rCkuV-U!Wf98tkpszPx&90vb
z|7M92nRU`VT+AnK{Y<vzv2iE?o4U+;7Xq*$K#erc;=bWN2q5Q9A}m;GSAS&sK<1Rd
zm4E;c{)N!d>Xc2Q$-b;cEIkKCz(5*C0zuF*h3UB6GM<jrW;U6x#wq!z#FNU`(|dyP
zlFqiGEZ@Y|zv6Qs(;J(P>t@TJbZ-41d|<+5s7rA-a0n)^8uE_dcj!7z-n-HWRVqFm
zdhJMXe%&vQI*;bv;X5(zWjm4C)$dVy0uJ<iHE$8$+O)wNQh<(3tzp=UH2!+J01OaX
zq=XdQM$jU;cJ3b{hS?pPv02lC*`RwEFkl4X^K*kQ>KtB0MEb%a6O)N24kvE);NFYq
zGxC)tr0<r^E8f{{{wn$S!>>2!>PNyXtw_7u6Xr&|><cCrmM$3638#RBYNGrb8>Z}I
z%$&4;Q18!+h!Fnj9<71`*&n&u7^rjAz2)omUoGe@QOL|7LB8pR-d|~eZ-GDBoYU<d
zbg|LCDH<rOX`#^sPpyy|RBJlc|HyJ@y;2*9#|djcp;sF)A5A}!su@EA?>+-_JwRR=
z{6>Ty9k-_GbPd~N7K2>SM4biqb6K`Lu(-RRvKBp8FlAG$roRsgpC4e1se$yg%<1TE
z=9)5T01yp2)Aj}E#z2t7^FTEAd$eH-C`<k8;obX9B~eZ9dev9v&ffMN=NrfboD4l|
zUrq>1nY-ys@Bz)|2@<GrOwM#R$%2`h0_~G}In|-6_rm_Ji8_9dDo9y^i5!mbl^-B!
z+9GeRRIp*0f3#=8$6nI9ZBVlM)a(O1q;LVFvAO{PlePvwM-nJAnAFbK<@<cWeRpj>
z+e!ALHgNZ!hhvh4iyK8iLT(#ul5IYPBMu3-YcPULJS%O#qL-laCu*2-x`h?}g9*Il
zqGepRrI%)Cza1<fDc|kBN{D5WlOD&vWdjK`-zWe^3>K;l%zoC+hNNNQ8}aoB;A^eg
z#=eo<;wRC>zjkg~i~ePc*}uG*Iq2MJf4OaG<ocq&;+G7C1GlmcK)8iZ@QDmw7<?=F
zdt>xGWa5)iRL?V9j3dc{b&bMDeMJ~lAEbB`wPrRmM9LV8Kz3o$(}&;l04!H}D>Gb4
zcxivxN~BCOTsB`dBYc}<BbC2iJLNpLYxv<%ibdZ57(kC32!im=GYse0Z7O3-43hi2
zOQBEo-G+Yco6r9GNCWKI7l*U-f*fj*gb6GLUb+fdObw-N(E&!uRVGjbjB6qM9$UCV
zQYR@3yGAx?Iz(+?J8u!iS?n8c-^oh3j`dX;Zys&q{U||W8<-Thpif<tZx-=T3V!fo
zvF?9$c3dlu@&4uWK`FndA@rhTz$<gjwCR13b7Ec@cr?8!Y5=8xVX1SV_2jX5t+!*(
zO1o!=UOB|u3Xhz9lR3b-MfL~PgOkyhb4Jl1#7@w%SBnGTkdX6$m(bxkGDxwW*a)^f
zPtD%tg+kkKAQg?@g+@NbPhUq|8=!qoXxlCEU!yLr<{}7nh+nhN2c<#3vlz`bsGWOf
z(LBe363T%HVsAzvK{9dXCO6m5X@TsnNtMXl%tt$#(Z9vGxTwM%&q`(_A5p8=_EO{$
z@RQHrh-M^)XocHWSdw{gOk^7T8;3z`8m&PJsJINGgw<H<suX%m87uSH_^<#vmifMh
zZCQO|{}!RjRBv_Fxqx<_I%QM^1=AugC)7ap!!Qr(j|njq;;t%-VFG2q)}Y!_>Sw8M
z67RSXKr$L#8@b)tC<J5oGRf{AR$4WUq~qCwt1h0VIrV5-s}<|@eOyj^R3iifxk)u{
zvVXy=)KhQvAFz7~r0;IiwfWu9ni@ae5+(q(Pf6%pighbWhkN(6vU<EjJngR^#*U%I
zM&H6B!<J8<s6J&s2RaX}G-+4lfgI?bU%ldd|NFN9%1AP<+1qOCo$soAP3_4=wBw`Q
z`1s*!KHGh=U2jOP5_)K=vxhUne5csa>avmSAC<{n!celwZQD<>l^HUH998{n0>pp6
z(p1ga%X=i-3y2^zthQSv=~%RO6`~r2zSucXrYmFkGJry$&&7XZK;m<C#~RAR-R8T|
z8|o*?gh&2KR>yKDv^7Ds(zzZ5`JHw(6{KwDrrB72zr$a#96hI08Jm+g^fQbVhugOK
ztW=$L;)sxBuVe!1X)=!-V=YCZjCJdcNH>dNU!iQ;*w99Rs1^Q-6(J%8;ba1%-@MSn
zK0rCK7{Yjv5Cml_K8ctU3*?g{JW_$6-?<>-lFxiXfv!9Erb2{QpFs$KB4$RRh$^rM
zu5F)qs8TuaEqA*iVu_rXwvn*pwaW9cQ+zH<5PT8|C!iI+##Y~Tz7*19<gym75tStz
zCT90~rOKq2DkPJ0gi$t7CHDBOj%{u;#P0|b`j!C}lsrH;SD=%uyP~#s|D5H!WFn|g
zmBy&yk)?}2oRy|Y(TN@qilp7@k)gi!!cPCR2cC0=)!oJ+y?Y<Tj{d-}zHr~9pm|jK
zSnVuysK08uI(HqUiVv#II5ft5G9Q>yBzquX*wm6-*UbjeKS`+C>yG!YH2Ii4;?YQC
zlwa4{wEZp_H80t0`vk%k+QFewcKp=3Zg%e!vIL9>XcJzulx8zrDJFcHu+hF(9uTtN
z;w7A~Pz)YI?T<8Q@79|bKT)+Zap%yL%U0Ze-q~W+>>=*Ao7I$<CkH9?$Ge>JrRZ#?
zw3~|%0h+?<YS*GuoHisVSGMm0g-cG>N*JltLB4>o2=(&9!^GjmH6gcn5@u9NrrK(v
zqv{IANBwXDLY6Q6{jcX(e(!iZMhb##aG_E-&qmbl^iciQE3;IDp8tl|442)gj^fuP
zX!SASt-a`_P3TcIV$bMT3LD1i?(PagOqAqtm?REZ$)g3z;~_!VwZ8sJ$OiMcuNmCI
zXLcg#nEelnDDB{&Qz>UPTM!S<PIL;jI_$}y70w($K)B5zQ$EkgwVob&`EC!dTx>72
zMjm4Tzp6MIY)p|HA)=EN@!rme-|Z@F+v|#Fui&>6ClZ~j-HL}pPzH1=(XV>KhT(R?
z?*`=eH!ZTJ4q%Ls)S7L6!>AW$YLtdC+6IOvpT;jZ$Q^_8^dK{2mOJUb$hY2ReH!b|
zmsq{dk}3wjjn8tHT$SAqL7uEXJ(JtV$!(JjQQ6kB2rsKotdt5ShOlMVN(uPWzZwIU
zJ%qNjuekb^s7$ct<xw<JE>V7gVKVpZ)%Tfy|JsHZ&Yj)u{Tg}xCp8Hff+&$yJY$pt
z(lJaO(orY(s3f3Q`7lN!t78LBS#EF>1#92HvclJ+*;>A_1zW}m?hSpo6PFnmgpZ^k
zHhLK;KWkX(HY&v824r|USk>h(kijR1u0AUmZvynxaZ$W8%Z|IdhoP3o9}<}QbVmGc
zUh_}t;90I;Ot|}8i*!AF)6wK+HsSU(9`Pbea4D+|-i9<LAkU+Y=qnGU5NAdgqf9{?
zoqz&8e$v(G?+D%~b1r4SrF6)U-V7%tmO~`PA=rT6-rZ&kN=s&VgOt;;B$id^(a)@y
z+nx%~q-M@!J;q-&2wgR!17y<j$wa$lUx7Zie+B$!?bwdSUw>1{$u#gS^FJ~UWTJuP
zf)=?+GPJX7p7|p;K^ELaBp|Cj*;I_Xe;1NoG@<>;`eyehIf#4@IajY7p6n-I7~IX9
z|E$kr9wYWgV<vTeBv1A*mfM+Yg)0p%8}cu6dj27UOulq=PSd2O$M#pl4)S|M6gK@|
z?Yw1F97`APO$b3lfDj}E3mO~}T!Xv2TX2`bJpmFNg1ZK1aCZ$(aJNCi4DQa`oRf2&
zbJu#m-0ycj_Ufsw+Erb>Yw!R5aot@~3I;pm1L+=n=mp{#(%zzKd+vuint*GAoz9mQ
zG@dfsBm~atNimWCJ_$$;O0BNmZL4^9SsW{^w7yB~+TK2aPfoaMW>%cU%js%+fcJQX
z)K+C8x4Uwtt!H=nO0o7<T5kM*!K;kVaL)14qh3DxvuT^2tHCPzMc^R;ugj=(UibBp
zX3GB>3Hga=``5Mgj0gn*Yr6jh;sM*N>cJB$R2yspN^c5`vlFbxz59PA+oxQ8qP||N
z4(2rA*Q$>6typg9k+l8KEtdya$dJ7~*+>$BAFh_)K>sUser)FAC9_ez!KTO2dZ4FM
z!s36D!lVd4$sIR-ezCI;R6Ei(><Yr6_)n{t@U~Q|SS&^&Lc40GzkhuW?*yIia$RS;
z)6KUUQ`;=nriq1J4-XH!=(`N6muxgHx44cP{s8N@ZCxMC*YvG9xbEGa)j3oHWQ+Vc
zZ&Yb3o{|MQwEO2sca4l0SyD<HW>oe^>y)i{VBMzsem3`<<=?hvQ+2FBPL7`oEI+)e
zybqIS&>q3iL$F<H9L{h@)vJk_H-{&_I9S=nXY6+1^Ej0_cqkdv1Y*+zs#foWuTQJJ
zZ{!HxpC*iIk(dQW-h&92n%zT<`a(9D=d9S6bMBiic0q27x;#ktys>f0W><f@H8OBV
z*jF;M+2EM)@Bzdf$Ef}dI&F8W7>C(bZ+nMWq?-R0=bcV~?Mmy3Vlr@+9&@#6+lE+8
zmp%OE9C^+AiIaqc-7B{(@<APXiIqq?@33=>1B^?*%`g_3a<?-uw70gHE~U;ouSYsw
zvGS9o4j<*%xc7kfo_gL!>*3ptnHHi~7iIc0(2mc+v25ac(8ZcyeaX#BGcwGrr6$+g
zcrtq2Wy?D!G}DNQ{LyUaRFOg${x1PnP-?vI@uUT}+i&K_?1Tk37k)KD$&ATC>)okn
zmD;Nhrq3IFAD-~}oX)BT0%=JR)uO3vpc3;Xee3q9KIy4&mDfV;(^8Fwpz&O}p1zEt
zYSX0Si?&I-c7uUL7Cw?Tr|q&U<}1)`o07P`LO@5apP+C(uCE;aHh6w0kt>*56Nthe
z&A7j%saVA0SEu7#Y$`i_^PjXWT|ecp8L0unuy0T$5pILU32uOAnP3ZdYXp;aYmDV&
zk$h6+hLLisyIKgSp48#_G>S&-;Y+w~Ahe)bsu=u3E=6*W+c|r;;rI=1$m<Vg$|h%-
zJ?^@`yP~5R0vrQho;~eT`q3}4Nvo1a#N+z9@AQ$@;9m1sc>ZOfTrkH}N311Cc8;=W
zB01qQ`yrCgC%gG7)Lu(Nc7O4xqQD?Z*jv3+&nh*0p^W5MAtpEyUsg0EZi^QYo!B(D
z2i474v5K&|*l3f06*|Mx8Uec{toXuHr}%vfQTjQ12AQv1vXE@6`5GM>^R-n-Bweqj
z?jAH7OjD)^UcQ^P1Och}oaZo*WCA<--ePNXt+kePAQ~R)_)gqAMY4&-xrrShjy|~s
zQ}d_;Z$>V0Pc%%3@67y)C@qbnRn7d~_hM{Z^aR-<TI~pS>6;g!#yH#Cf;2;Tjd~3`
z#wkW#K_cX_<&Ar%ntmX7npHegcC=GY)gJTpKJw=7hNSVhB@`23kw?AE=dwdH>=~ym
z&Y~GU#<bmRw=XBg1qDL9f;HsceD3-Ux5IHPcp|I1t8uD8(fdC21r#HcYGej7c=_#n
znA49!6bfj$1H`m86M8dcyV$AWcMK8`6T3sa9g5fF!)kAksIoXw%ON}oS-K2FAsgv>
z$*8E|yeG1cM)JO6ZJAA<d=afaXsa!&ODqbgWVKPdTdS<x5E?sRR=oAT6=_u;%Q(_$
zzau|(M@HZYwAw0Z;B~6z$6u&@@GnKHu~ggcux(U|Cml`a%TY3+t3Z3%7egV}?Lgpt
zbEA>A?A}KHPDsFcUkrnoH<Kxuo$9jT4aZ#!;&Z}m)29su=D#|v{l{1oJkNI_5I6ht
z-Q~FDR!?an9?%IW&;Tp7(6oWgN=5m|F5P+KCrj%Sm%U|S6X}F(fLKz{=&i6iMD2Sg
z%j47jX*fAh>J^ii(-uQ!a?P7V;jOcj8J(3k9Q^fs3i`Y<&6D!Xf`|5<a0i70Hh=Qz
zsVyFUXSq{WGm0~10t!8-o4<D^%vvKBD!!0usL>>BPZ=ziEpf!s7$f@NXW#k_<P9cR
zq&T9bnA`=0OVKoUH|;{9C5+d}>jZL%oJmGBuD12%Yn%cwP{&9CltbvqjQaA|x!ckD
zJki!2kYmbL$P$|S@eP}Yz0J!gp&bl)h~ws7ciO#lP*Vf&13CPyyMocNaYq*dRFyH&
zbm}jllNEe>E51>^cl`eH4=1B-<{Q6RCNq6>Ete`AJjT8lg;KQAeD%ER|Bf-;r<^}J
z24qbMaim#{yI1cjjC*oZ=c<&8Vrft=e6|^vXuRjECv!aUq!LM=M6zr>kEhq|O#xZX
ztWrWFQ81yi^@iRa#U(icXZzsmyBGXEvNRzRW<z8$on^&01o56`5H)~&^m{8jg%#j7
z@skW}$F}8HI)c`}L>||<!`N-<=*!du-`Lx660{N1z!>ojU!tgg3b;Hf$$zupsDGJ>
z{Nkd_L2*)QOXhV$TlQ$LLd8sd`o$y#T)=ksvrVet%$4D^x~N|HL=l`xCsOZg=hKU}
ziLjfm*!^v!l$cZ!(kD6Pp0w%DKlDWq%^wf_O1+(3^B!2j_IEAStXnSUWYDPpf&}(`
zNEa~~j9rHeYkT!nZQAPkWR5`%QFqGdU+pb;55m4`cYXF4-7n>>C-<?r4-iGDle=;>
z`90dN>{gz9KKiK)iQ6p>S~I5_``!d~#27+FBCT_G5nq3VeZO(1&0dxz^6lj@_r0bW
zw%JH}UJZ<WjKfAt`9N=pOE-Qf>C(RnwD7`3@-_8BN!TBqLMe^Jc;i&UD<(rn^0NwK
z>R2-M*kpDWUe6knhM&Qk6q|be1+k?+!r%Og$s3G&W<ai5tk&~$C5_Gnq`NAl3!N+y
ze2R3c+7@%T_PJ#mwm#A*rROhBYLh(4>OKF8%}{D6&}*&;UA0grItb$~sV++bl1?-R
z=1Al6jCe`$Ri2^sHlQ;YgCtYRFlI8}6(eFnI)RY^OrDcewPo*9pRdHDU}}H3V)5af
z`Us&Vd}8v%y8fEbGmGWao#wlxI-7Tz1J2a||Akhi+%MX6^H?;N+>?DdsE0@@VX0oV
z#?s{4X6S$r&U=5+T@LM;Wuy{u)u(<D?Mbxv_)lL_$rx;a)l<Xuxra$XE37u-%(Kn!
z@?ezGZ79yFqio2{oKsfQIiDoIk3|l|nN#1m*g?RUtDN-7Kw15UWSFkU9Elr3KwM{y
z+mVtj4ZW(`uL0b1YWaAXp7q6T3VR+wX6$Jt0Jq{It<&Hb7n3hB(qw2mmHl*4I6AUN
z$k&jh4EXA@(M8}g&|1(X-SfXj^Z<ZP$$Q4%=v0^mGJtmvh2K=I_R?>21*m&*mv3!$
z4<m1Iy1HCsDJMhxnPd>vnq}HHRXk7k@eDd;>N;eysdZI5tgcdKZK1C@U%?BADDqQ|
z?z29lKR*VrH%Fk>9Q0-yHoJQ=hyuL{n;&S5siL@;4%G2^yu><-9tJup_TnOTMgXKc
zMUEy!EU5GVePyatIkXPDNHRpNcC}Jipv@hI+Y}ZJ=Kw-x^9%e@>9{fiAgGoo66+_6
zwfhpoUMC^hKZ^&QUI~dx|GL;~%h?)EzOM9H??KV15`TX2?QXp13(Ae*yKv06yqo>s
zLz!77F~oBx25_hE2<isnXogW|-uA${`@ffb0svv(8SoWiS5Zap2)|Vwp$R|``+=l>
zmi4pKWspkkE*dxd;n?niuitc;R<9mzQ_N96HN(}(rlA$R4m8pED*}T*hL*%wJgmIh
z_dadpY24D#_%F%%fLC1O!S%0~qJc~p7kAI7_dE#cJNNzSen)$RCMUvE0eS&_R+~>6
z>xX_{v8ih_+^sgzQPXf+_BVyRYnmvEcD&Le^@M)C=5~W?qD*GDlC){H0b_9KTIyx-
z2{|>5xl~uUv9vw?d_>yaCGn7^#Pq73%msulp-ZTXrw%2x2nd2(-kQ35I!LGPZB$v3
z*XDJ=-RI+t@k7<Ytscn%Yyi*Vxus$vDc8+-P`OEWGKe|t1z(9ia|Fc+Ep#b`?$(Ng
z;S*bGt=<QJ+;O5xhbr@Ml&w_DuFurRk&Cmd-PY3JVbQPjgyN`9SKgMG6LEQj;fz;?
zd?r7#x~)vd9`l?@j<iN1deXf{CTG9FB&_k;wPxd|Vz#|f{fcNndV8>i=2*gBakp__
z#KaLc^`rcu_57yhi4*O{?+W8w22sz8{cZ1WFMaIyj$YtBP^!8Ut5#{ed%88}&+mO?
zlz|^HKaiJ48R*DH_72zoBAQHeyh%Xo5hrv(#A*K(75A_rf{4@Y>%|d^T}Fm_Wv}i|
z*m`jy+EBae-h8R6cl8%Gj0(%}H*A?}ZDH$)wIoe*DXAdDufCsI%@q<byKQjq{Fo0u
zfYpmM(hs*KGQ-Gb@i63zXQ$XmK@QHkC7b={+vIRok#p<D>eze^9e2e``_t7uDvOl&
zn5+?_UM0%5cHKULLriTNqfXV~_%u}pogC+Nij#R&A^s&QY5Mj4Xjp*8<snJT-b9<B
zc<Us3B_gef#%U{TYpL~dq1uC0inWs1trtba0Yt+$NMFHhnoNngY%*)$lEk#93f`*q
zZKKy_k(?=g+ESAknI;N5!eJ-Ex;<9cY`Gwx@08W(%_w$HB*}{YwxrPoCNev28K9DJ
z3f(21cNrE{;LKg|%diLyN%C7T+P@7XRDQBaL8{bX^sLtCY=<Li2`MqWE6~3#nDn8j
zE^+n!*uLm)aT%icPuD%}V_`T`k9y+HmIsfAtS<52<9UOzvd;#Lfx^ojCarRNmbP$C
zqYZG02o8gi#<R)ZRglJ*0^@S7h`VW_Mk{@SKSzzii{+Sc_#Q+%j;v;2swaTJ_mx88
z7zrKEHDL?=2|r?){EC07fUWgVZd5`I(X>rkFer&zRce{d>YO(sT9~;4*9-(w!}D$h
z?fh=knE2^(NDXK5lqrW^r}_(|c2!P<lykW;U=>}jnJvtYd~Fj|0s&_*@1Sq42)wr3
z(dUPyP(o>`k}=0OBHH|pLN<A_+VethzL1Lf>zWAHCGnf(uV2;?rRj9OVAdZoyBA#W
z+kSU#eF#1|JbxPye<VgWJ_XiZNbR0!q=VoZDJlAH#8JC4y4YlgmshG5pTEr|l~N(G
z;)0^XGW8(|;E<nU<<xK&B&{T0>jlD+^lNXEZxGVCe!E^yFj|U-cP!K=CaykRcYBJD
zjkuIgl$YS`FW!ETZ@(I6vk@i;?_Y2>36}>cJQZ}>jaxR;`ymmXdXIlm?16S9UZgui
zEkW3kOCDQ@lMShMgWL(EQ7_xR5A{JSZ4L3~c89*gI7glgBvq*S=<mgknpoK#PRupr
zMGJ5dzmF6mJ%!iJ%56uTYCDkk(pxx~KfF(5F|I7O8}Ak<0Hqut+tCSODxY8IW20wq
z>k<4GuxE~Yr|TaX$D|)r>f6}fA#jn;Gf?`CqvkO9qc2fH(A=56@;%!k>FmQvyAPpG
z@j~fI1>;0<;yVp|9_QUo|6|S<o0$GP3a?7{%5Akzx?CD6O@2qBe4o@#=ReYMi-IEM
zR5eoNBGiH;i<jYQP-C?<BuZy`l1G>j8{1~{CcL|&Hz#z|-YE}dy0_`Mx-6DiLl!S8
zf?almgor@eyYc1LOUmAa8F%d@xz2?zCkqVu=Ibr0LZ(vsFo<^hWJs{t4*g;RI4TZ<
z9Y{UTOM0!2ziJQU8)+OyuTn_9R1Sx#a*4ry1MI+3G2L2DjspE)K#$dp&A1V6aQR}-
z%P5ceO0e8VknM%WvoblE7_kTLcnt5kW|~NpS$pR+rCfV{+qLFwQB=c@y)g(GzKjAS
zjEk|#dMAce)Y~-A5VBRR-h#Ygee0-#$Jia|>!|Mq_iFNDA3_~@)$n<i*NvZfMDTFB
zI6j6lWFpK$`Sb^va-aOJ!pu$8<6&}X#$gUw2p*47@3eR2n{s}$da3sIo?KR&t2<<r
zNf9-~brGSzIj*J`oLk$c-{!OD4bUVH7V7L4ejFY61Iz-?41T9x?P2C{WzW0GNLbOb
zHS2kjx&j8y<bJ6s+1AqX0MVM2_Osuf#TocVt!_J&bxOQmL|sAG(6+kk+<-1)?uu*1
zgu3K4n5_OFAU;S$8aM)Hq7O7~dT;M9MatFGb~WDpLOF0v74YqNa|WUqc|0R*HQzQe
zZdF$jJ0cf=%{()>oTlI0wbR$PjbyZ~maY>IH@OpCtnBf)^3Q`^HE!tlu}=6Roa;Fh
zYjMvkUbP+s-@TVQcpo2EG<{mOkcnbPS6s=_i?04`kK6ZtqK_f$t(sUwFOxcqawh=q
z2`|PiPkgc6m_vrB^kK77eC6s?fq~u|^)tK&R&ouE`c?R@AuKyQM3vPbK$q|SQQp;!
z*hpvy>{I+C91tk>e}EPo3|~%TD`JS3$-po^ccHHRj<Zc8F|GDcE56W7D9@flk?EyT
zqNwB9brzV9;&p!?Y*7NNW*%P2J(*~-hU){3)Tt>=U1!@e9lSKP__v{OdVar{Iufm3
zpc#j}>K|?j1BqW`I4G1p4pr1@G4E{o%NeTDLdTm)uhlz&+hl*=Ze0j2y}BAK4s?4g
z-$G$?NVYmt)efGY=L6qz%SSXNd@NU}Kdd6aKP`D0<e754(_om%@4X(?_3>JMRM!#t
z-IE5!CzRCN4N{rzRaBF^p}j8-?f|)y!}FwKcS-KIn6D5H4XyFtiv(c!8)VsE;b35U
z*<UsPAWnsngO1+9N&A1rM5c!yq56D(N7UP1l(RvHFoe)*ITdh7{n85=A*JrsXN;GH
z-~JP<T$Bcsau>(3{|(_CVgUs_{6b_r{|V~>(Zp=~hJ^eLsz1Wk$GU|`00@1C_42RW
z`#)`7yhK(Bq|^Jtyz!cym8kh)v85*dzl~!eBV<-lgcC+&cGW8{rljPVGK_cU6_4sE
z)}ZI_RQ?}D8l;@qewC`MdaP=Vi<+Y!YwXd7q7#+G(d5C)9!*svF$w=X6o?wb2LeG;
z`d{QPo$+0zGPUXze(7mqA7${+F}R~V`8TReN`Zx}f~GD3{}%M0%9xJ^SU?3-`A@0V
z|AZ>t<Vj^Ven!(gf-`|kS;#Az7{C7siUHHue|Qr46^q<4{t>cO4we5u@!Bm2yn1au
zvOs_VqSMmcyqMDTU(-E#`;pj`5|;N)XPolCR(65U^8Gzoh~apKOqBdsMOp~#O`dP}
ze;#g?^02zBze;X0f9>AlC3>*jk^{WSKLJ>j?7b@$5s!OvrRm6OM0Nmg<P3Oa41@2w
z=)5`i`Hs?rzp!{i>7W`oryB)Z0f6ifPVWp%!A=M5AT-iHPHFE)`q-@HI060OJisa0
z>`xkQUf2X#wdnBwqFMtsA&c9MLROn|FK!1YeV$Bo*hng$Jj!}s-dRfBuiY!@LVJH+
zcC$g-e@y%~;p10#X@~puO=nFS{JE-6*$7AL<0Q}yKEnZ4D&PH1N^Yn9fVQ&E#&B&5
zSi}-z+6S9+_(r#@5NV62G3IC2vZqQk(a(;z)+h3ZHQNU$<_Q=qUoFs+@c9V2?l0#6
z>?<A_r~7qEZqNJdF5|M@>gmBar_{W;mIG2EewTppJW0_)WvYA{WwSRkhX8a5dadW=
zaxLB$k-;sjK&y-Opkt?g{GIimnZ6bF6YzrW5#6>S_)7AHLHa_4hY6-O&wC<pzLT|J
zTwch32F-&~YL!xFD`G_{!OJF1UyKmxWR7zsttY$&{D&7@6~lg~FY<4k03t40-Dc#e
zBDEvs%DWAx(zENy=aGawl38(-HL{^UQdK*=8g{1Bnx2ff%%tBrU;aiZ(rt;!aKGI4
zxJgQ)_(zJmDi3d{*Xq@u&+BvCosr)dPly|@|Bxv2N6A)6iG-mQ8@vZp3@P<z2fiz+
z+@RNOi1%>4NjK^V>tO5}X+cz2)|uNmO*%Q%&~!SSsdZw?Sq<Bnz{jv_!5)ANxrdq`
z+;^P{_2g1Y$9$cyu@J-}7a5cMo$ueZ)6pev{aVOJl`b}~<_(8(C&E!-i&T@t;0vvC
z=V#u(G8tvnr>TB6iw;_J#KcX4#i`XIoK4Favzm?j<gozY<$lW_kz}FqMQbdT2`abK
zJ$z5Z>+g-Omc{ZP;vd;*E>i#s1Q38oeD=8tkL>8Fb%4E?YNh(ZA)$DmN2g9BwILD9
z<SG|DFbn94EPnp1NW~ZkmLBWs>ihcbd?c|c3MdZBDS92^XgVk}{AR`&4ZlqOoc{IB
zYBXebyjVL2H3=4on#CZAO`W|UB`Bl^FtFafYXPK&5c!Z?ne^D?N$~I)Sg`>Jb81B`
zumEzn)9c|kQn|Cl+#adm;wyse^v@oykm@a8^P72e?MK>@&IleltXx$l-yd`mRm7w-
z_>(E8C^7*$SZBMEb<fvy=nlwGvrzM-$7*#wy>$<gRcZ0hCa(IG{^VRf8oWeyPRLG}
zkv?1XmHoPMRjc};^Yd$5^3eiCK<QR`Y1rs6=t7$+fRV3VX@p+q3X9-71!Tbij?=k<
z3?cX|@N`BiHMU}xXhid$iTQ75<7xph+dP0QV=GWj^Vz*5YI>_)y08&yIDuG0Ba_Gs
zVC8s6=zNz`Rdi`k6yUN{hBfPBD@_O5rO1x`Un!jlH>lx}#Fpkr%@yf45lkt@<Gy?1
zG<Aj9otVb!6z}+HSOzFmfOt>)hQ^l~<snO%Ipai5Lqmg75%xu56W+VOPd=PsZG1R<
zdoozMUNLREC?p<{QEe(p-YY{||Jv}`EpAxn7xwXwbKFkn@F2?z95w||pyvTV2+9Rx
zyn;Lmf3v*!SyZ+>-eOljLp1~tK7~?&?`aWX&pXhOMUl(K03ITC>=H6G#kPQCqkqDz
zSwMK6Ri*Y5i&Q)-OP#8|@S!+C@khmUHaixR{zN?*`83VKWIo?-;7_Up35pdq6>;wg
z;<=_2q*T6N*KoG6VBcp0(&F-G)jB)tpIVj;{?0uDFCFPS6okgkyf?}}L=<tNGKP??
z!J0K>c@pto#&e|v?PA{tW!e!6*k8WOs5Bg8ucdfYjp(`?3I%5YU}UFT3?sixX0DeS
z`Kz__wN4nrf2p}LIQQsi)`NxU2IW7QFbL_DSAMi;e@g5itx%-JYSWH!;%uRG++c4;
z#&FDzMlbdg16A{v(3NJPAEh{2iJ}6+dlQLb*Vob-W|+KXCxL9JFiefe@_PwQ_#;Iv
z4a+E`5_yI926q*x>kaK603q~1WkTXQZ9*Y#EH=9}zE-t0+uoe-SJ#7i*N-GWm{KP5
zp;9z5vCRB*oLe3{B0Cd5OgAeMEvYHw%dB;%W0Bl5V>^|4(5j4FE|$HuDm?hKCurm7
zdKfkB13~C}of&4;1zzcAB<rQ59C0<MM^3BGkSzxN{?+yHlIt+>cO<6u{07qsG(YoI
zN$-_6<AJ;cdIsdT$IXBY`#)bdg!fPSw4_P#EJuhj3~mK20fn!ycz8}4EjyAOW#h{f
z;}JBNUF;2N2wDjZCcUAmlc*kzG$8^mZapM3^O8~laY#x7KQF3*02`_9^$1w4u*8PN
zPKA$jtI-dyBuGuLf%rg^pwDaUS|cM?duoVMzl?C#<HLBXzC)hgmQ(eDlCA`;ayD{@
zRD;`<rH}&8tB>!#-bbs0z2*_|Oy5N+=$L7U=wf*@*7GYes&)5%`zKX;xd@<nIya?+
z4UYn}_g0clG`{(#4C8b>B{||zh&8YXcn=SgQ{B8CNcq6ib9n0h`ySl#;mP-+#^cMv
zqB1CBqXlNNDi$7DXeNt)rkDsO%4f1~reVn}a+4GV4xub5y;wg*%)-!;{m{Pnp`j*W
z_SE|m2z?Y`p=Hdp7MhUAW@T+rSD#vR3RPFZTT+sBRXl6-*}iF9_PkhfO;{;CC>GdG
zb^X;$Lj5YitUGoK$$~#7h%q6FdAl)^ebzqZ-rPz<ieVLF7Sg9JCECJHKp<NUxh68^
zqrHyLMSYH5iVkgS<Dffwy?wixHyG|(`qLvPwQ?iJBX#m7-%xQ+->K;|yjL+OoV=6O
zPO>LH1nq3UAXv65=Yf@&Y3_#qi-$Wal5OUZ5={aGiO{U8y8mtmL<_NmaxqNQjM@K&
z)=kfDJlM(L&*)5vZPIF~QtWtyv1H52@_8DEo1KPD$gy03_^gvc8qC7CWn}e}6{1UY
zSQF&<ya-;X+2wgm{1{He(Fbpw$yxWY_aY&X!aYI$NE(hX&R9=)5cdHIGFqA6zd3SO
zC6;09>jsi9-QXtRcclOIJ?BQIFtHxiie%DVs2|N3464oEgTAqgFMRL>muQ>?-5t%`
zmEO0K)#7|<O)Ch1;e9`d5*=lVr@p_8MUS-5P!J73O~9d=(`xxZ0G&+D*T09#!Q7pC
zGy6_t%_psznUe)TZIb+>gD3qn%9yWdUsn4P*(v`>C+cHG(S=z(pyBcxub5796<@p)
z5Fm}@zoMpDs$JT6?>)1dzZHjM%4gIQgo@wiEQdutu%E`S92-h}mh`C?i6EhNn-@Zu
z#-GaetB$VbzzF-jj8B!*N=fzGZOIBU$%P57A`PWq=g^`lQ{PIO<C6v3Iwo{;o3mDn
zk&NUZrZh8WU+_vIU%yJKCGtfh9XJY_OyF*Ro>ObP?qL<7X~a_tPlD+O2Uyad_2r@U
zeDmD($4TMpyy{5`jz~FUS0r04K2BO%R!uD@N2Qt#%uEm7No~hi6dLZ%k9FE(%?y2$
z+Bh%7l~COa)g^lpCgLZ8oF);R*@hXUdQ3->sO?%?#P(Z^9i{GI8X%JQIN$pl<e|~h
z&ld{KmF(1w3MO8Ek5Jyu<dT=wl<u2Sd6TT;dlLIl!DX0SonFMXENr%zJf^QzyW{~!
zWS0&MJ{3GYaohS-bKQeuYQ#T%oB!`Muxfxp$SJvFpl!S6bX_}N(r~hi_yekF`E7Q*
zES2O_zBalnR6m<Cgn?m(#AUmWuR>3G8!CCtE3InIWwT4qRL9d!jf%9brz}pCAEc8~
zxxvmKx#ZtFH|{_gxs4GyTxY1gnYTO;uW_tZ@O50lJezV<^&pR|wp#D8BN5Xbf2~9~
z_#M(Hwg74B{04Pld2Yd0&~n30qLo_B)pr<ppy-J6v&CNhY2GtgmzkEb_5M>i2;tku
z6$}T@B}EDo3gK#eA@c_Q&vdxR80h1A@T5}!G^oD^2?w7<;kP<K;e8$S=L#t`GHJb|
z5#TNUzdQcg3jTlW5tYzCvh&BPW9cZ9jA?IGLv3-s1udMgF3c?Q^3$X;i=v9@&HXs(
z?3(()Y4QB;87PnR3t_-8vLeC6OWpC%j9%<D7PYToQAqwX9o;C2BnRfV0oWXv<*+!!
z=&)7CF6alb$Ju<GK^<ARj!o#M@!{Xo`2@M%A1+`Jy|^3y&y-`@vpqpbC{Bp%5dQlg
zq^pSV$c!8%FO9$ancns(1WbT6#*c{c*CN66^Lqo#_hPwJ7}lRv@<bimAm3e`iR5!I
z@Si9?gwC~cH(uf+k1EK@aj5=%O7q3N7MG8KFBfbmdhTfvy4d>OxO#Wp0X45yg>W_~
z&SuOJmi!au6!Xd(=CdHN834;$gK%ig7<`c5#%PiVAP3jFx~>Q?(rqmdDL{H|)adlO
zQT|?Rq-^kKSy8;KFf4cPGi@bZWn&UrTH0921YhwWj2k7(@Z7@bkT~#QlbHS9yzZ}k
z1oeDLw4Q~t0<n#3Ri3=_ng*r21e)*xjLksmSxK)J#5qR3D^UyB{6d9ib4E32yceCk
zejfkbupnTcpE&SrY&DKk=mOsd255OUc{AigLV2WYY|?fMhnnjs)u#mm<MYcy@6aMz
z^}LqaNIgyUW9TMahk3Dd$~0*aQ6E1PO~^7S_vJX+1VX7U+bTPAIi5LBiY{R1JO|&;
z-mpvRdbhO9Jk<LfLts>r`RhhBD>d3ax1s$?<9VT8CbN>qyC>4Ql|@<++?A1w=1}JY
zHKPogg;wDocl(Ak3=533(4gnU=JQ|g`Z}5DuZo8r+VaENi(_tY{k)7j-MH-5FU26{
zqj*_0(z)wvXx#z^VXq?EM7@GDNc}s^LLX+qQs!NbJZJFO9(4E~S#B6SLfKP1l+{P7
zg<6*%=!Qb>?})YYp*#9g=6COR+^%?!Kv2pvEBzR#S-zD0P<V`QCxW)w%#xYJ_8UE{
zqic%OUn>*`zt`63xWvddwew7OoC~%2+B7G*TVEL4z0{w{p(H?&bh|-PI-4ARxm+>A
zuk3bj*S&JUdW7r3mZj82^PpfEzess@&}MMp86uVYJHTT7fM=4I1WlJ?K{I~&qrJ&a
zCo}!yil37+*lRp<`P$Wb+jG|)zg$pUT=kZZ@8af!;+17o4U9i#ThB|B@penZi6|x{
zgzwxAvK3jA%*LmGx*O_vm4~M-=-MT37bihsbWmumeby_mdsT@8?jI81H62AeJ}EV`
zSq=!K@^Wi*rkB#^9CS%EA)#$95@J*Gnj+(=<RzC;v41w&tj8VJ#>TIOezp1LmvM_h
zq|XW}Ys=1ofD}RPy)gXKz7Wao59>8QQOnvhD{AHHclj2A4i4XLwW@oyAoT&TQqG}M
z2kEK+={_Z|9_({2@1Mr^%{?u-6E#c{SFs)J4^q#v5V*S+Ce650owRlAaUQmTQgXT4
zi!*l)EtgO1jnRb0k6UvT1R*uGbeYeSRgw(<`M`#@ZA_o3d_teuXw<juu&T58w(EJH
zGiqIjLSC*5L9WWtwe$2Xy~5##i3v4pi}&}DWmo>ZEZa}6miX!xJWsZms{6q5mmKb&
zrtLOk*M#@Z=%kI)i9Dl)Nzn7``pjT^j=6jo5tsgaVi&tn1JvM(bQ*@AFrJ~W>FEv_
z%FEHhr3o@U@yRo8Ws}9RGcY&LJ-6iDz$^3FY9(4zy?0p{xC>-<+vL{X+dk_oZoL@B
zMsx&mP|*j<nnAPqh4cU;8hrOSKCs9AOy%~)O8oHyzhseqeOLUI$0?pS*T=|+*~&Y)
z41?~afNn+|hlt=ooWX9=$8GKt$rBtw#S?NZD_%|6q@ah%iPN7Dv`;tGJR(l5ldOGo
zb3udx?X63*GheXltd~qh)F##D%4xQ)pe7<|<OPj!iRIrbj*oTE>o4>2Dy^@i3g53u
zu$?uhd7jVgx-)uHc%<dFim_TOO|Vb}v59EZL0P`3`Ow}orP@|pdb}tn&do$k=BJ*I
z(j#M{i#_*9gD$&sAH}0cm$4ebM2|o`YPU~EEuERJI@KLZ7(%>iB`xm>JU>^g#vaU%
z<$^s0Ji#4bxX|QUWCC))HmCK}ZDSsg)Xw=hr_yaXJ_Fki2nh>nVMjub8`MkqYxe9Q
zgc<MptbQz;IW1a_CEh8I0@hLK9!=@eT6U^&?xat*pU@7_KLp9j$roe^!czrHKU@=e
zIy+9K*1vep`GJ4*&@2VA?eP-5hf@q@oUJm*>;9zB_l5=~qH+3bRfLj3t(HQu{z(`@
zP%3!`)=J$>bec9r^B$3B>w`F|mF2afQ!i!{a>{3U-d4XeBha`)0k%>Y>n!a^a39Q7
z?oAyQ6Q~d6t*C1WcFyBBCJKb$>`TWs+@Qqt-8k7UZ>^USOkZUr&8I|w+H5**A{Q4M
z$=3*~0?pVhQlN{eP-+<((r=p$6-<~+pEf~!`z23kd*@3xHy5I`*ShtkJ1ka0Wk2XJ
zol#BZ-#CiG&S&30u;kB1>92Nwb9l8TkFNZ^4ySOInC=8gR>`}e0Iy$5&!2Ddjr?>+
zBK7PXKknS?6D7;##2}=n`n;p&rHRPOh6V0M5wr8&D;jfm3rFFNR`0a2+eTJ+e84EK
zjl+lb4K_XaOu+ZZpZ={qu#NN&s1}!QL$l^02Zp#JL#e<s_~6N}%E5gn6@cuDAu`3Q
zI3eM_rH7n^!zH%)eoLEu?S3IamqDCxS=uG3?v2@Sec!1=rDVIWWV*X;MYAE)nT{sf
zW=mEKojRS*HjHqpE>d>>!Te4v>FAKK;n*{ww*JA|w|&L#3m_gY4iD0-+I{OFB6p|l
z8-Kf&@D;rMap(P2ms^X3d!c!Di`MVEo*3U_*IoCntr_FZwJ2|G1vJ<S%X0p!(yU!w
z$iRC&CT!b%w|@FLY;@_R6f~nN!>zq8F=MuLdhaU5lQu$_+tJf?7Rk$RKkVKYCCHwP
zt1!E?SedQc%%nor9EX)y6#m+dML*WL)Wgmfa$UjcE(Q^1(oRi{u1wM3@Yg06o8xuZ
z56!>1`Z2nj2}bCv^(x&j;@w*+JgJ`(Q{bigmMwMYEzI1O&2xLJD{crda_h?xzW<r-
zTM5yx+-kx2l;00Sy)=IN?##<#R#`YHMPS(yR+A9fJ(f8_qor-wtZFykeF+u4S(chC
z#e=TgN#|II-`5D956w~Y!(@<uRgC>ebhDZz_M}t1xE$XjBV1@(Nko!meQw?vpG>Y+
zcP)tpG5K)Ak;u!?CTkDYbgZNKKxPZxaiiPTH>(YHTiFWOVaL|e|9+N(UU8VOtR9Ke
z)}}$0VOuQ<ZIGUMasJJ__N>8dVr!Tku2?csTT0qw_xCTGC8WJaN5bzT4|S%Ix%M3O
z%jdWfk~56qrcE`~GN`D>;YdYRImhvOUe|MSbm`T1A{9R*FSVuWGzDjh&0J9^P@0OM
zmNdJVXacp>qtnw5yS=^iS_{h^{9u$*g7MJA2l#iDO}hpul2=@N;KBz>3D>Mh_Q`J{
zt)EU@pf=6gX{E^0t=l@Vl<&0A7lAc3)ZtO<SsHBDkEgG(5fpPJuMBbz4z9tifs~S4
zuE2hwk-{RQ{d%81&V(DH50te4QUVdJME&Q66%nnKl(oeQ^q1vG2_~-}KCg;VaRW>3
zkJKn5tKUcT|C|LdB><O`?wN#&Kk$UV&l#m}{Z=i}`O*Xby+VWe(LN9E8|^=C>c>nr
z!09Z_>Z|(q3h6U=<g!<!iqHOWI+3e`-~x)-PTg?-y^{M8t|JbfqUewJ`y#?m{Cq|J
zVO49rP*}LVEMZQ)th97b+Zu*7PW*Rg+Vc=lNAKc9CJrHcN`z(jwPosST*?bxCA+LE
zTM`zSe>aUuuE2aO^-JJ6yj%U{i$ASD9#*k|Zog(8{>OKQdxC(s^2bYl+}TWlF0(%U
z;r@?1PU^S1&hxho9>+B<19aE4o%J8b8V(q<7t$Xi0c#`~g|vSBdE(YTzPcY=K<L50
zHp7(o@B~3U`N;(DKXwI-ctrHqG5W7QSWx+`N_{X$ess$Jekd|y>(l=kbQpM?1)|K!
zzgOTodR+gU0)YE-lYn^}_Ol@V*Sw_vmxF)6Kr>y={Bb^e0SEjfMdd`wgbV`yKmUj`
ATL1t6

literal 0
HcmV?d00001

diff --git a/util/cloudshell/shortcut.sh b/util/cloudshell/shortcut.sh
new file mode 100644
index 00000000..063b3686
--- /dev/null
+++ b/util/cloudshell/shortcut.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# ShortCut - Run Prowler and ScoutSuite in Customer's environment using AWS CloudShell
+# DozerCat - Team DragonCat - AWS
+
+# Package Prerequisites
+sudo yum update -y
+sudo yum install python3 -y
+sudo yum install screen -y
+sudo yum install zip -y
+
+# Variable and Environment Prerequisites
+account=$(aws sts get-caller-identity | jq --raw-output '.Account')
+mkdir ${account}-results
+
+# Prowler
+cd ~
+git clone https://github.com/toniblyx/prowler
+pip3 install detect-secrets --user
+cd prowler 
+screen -dmS prowler sh -c "./prowler -M csv,html;cd ~;zip -r ${account}-results/prowler-${account}.zip /home/cloudshell-user/prowler/output"
+
+# ScoutSuite
+cd ~
+git clone https://github.com/nccgroup/ScoutSuite
+cd ScoutSuite
+sudo yum install python-pip -y
+sudo pip install virtualenv
+virtualenv -p python3 venv
+source venv/bin/activate
+pip install -r requirements.txt
+sleep 2
+screen -dmS scoutsuite sh -c "python scout.py aws;cd ~;zip -r ${account}-results/scoutsuite-${account}.zip /home/cloudshell-user/ScoutSuite/scoutsuite-report"
+
+# Check on screen sessions
+screen -ls

From 800bcb0016a299680c2a6184444486b9fd3db0ce Mon Sep 17 00:00:00 2001
From: Patel <nayab.patel@siemens.com>
Date: Thu, 24 Jun 2021 15:47:29 +0530
Subject: [PATCH 46/82] renaming extra checkId, change in text message format,
 adding more metadata variables, lowercase servicename, adding checks in
 extras group

---
 checks/{check_extra91 => check_extra7142} | 33 +++++++++++----------
 checks/{check_extra92 => check_extra7143} | 35 ++++++++++++-----------
 checks/{check_extra93 => check_extra7144} | 30 +++++++++----------
 checks/{check_extra94 => check_extra7145} | 35 ++++++++++++-----------
 checks/{check_extra95 => check_extra7146} | 32 +++++++++++----------
 groups/group7_extras                      |  2 +-
 6 files changed, 87 insertions(+), 80 deletions(-)
 rename checks/{check_extra91 => check_extra7142} (55%)
 rename checks/{check_extra92 => check_extra7143} (54%)
 rename checks/{check_extra93 => check_extra7144} (57%)
 rename checks/{check_extra94 => check_extra7145} (55%)
 rename checks/{check_extra95 => check_extra7146} (52%)

diff --git a/checks/check_extra91 b/checks/check_extra7142
similarity index 55%
rename from checks/check_extra91
rename to checks/check_extra7142
index 70afae9a..daee64f6 100644
--- a/checks/check_extra91
+++ b/checks/check_extra7142
@@ -10,37 +10,40 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra91="9.1"
-CHECK_TITLE_extra91="[extra91] Check if S3 glacier vaults have policies which allow access to everyone (Not Scored) (Not part of CIS benchmark) (Custom Check)"
-CHECK_SCORED_extra91="NOT_SCORED"
-CHECK_TYPE_extra91="EXTRA"
-CHECK_SEVERITY_extra91="Critical"
-CHECK_ASFF_RESOURCE_TYPE_extra91="AwsS3Glacier"
-CHECK_ALTERNATE_check91="extra91"
-CHECK_SERVICENAME_extra91="s3Glacier"
+CHECK_ID_extra7142="7.142"
+CHECK_TITLE_extra7142="[extra7142] Check if S3 glacier vaults have policies which allow access to everyone (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7142="NOT_SCORED"
+CHECK_TYPE_extra7142="EXTRA"
+CHECK_SEVERITY_extra7142="Critical"
+CHECK_ASFF_RESOURCE_TYPE_extra7142="AwsS3Glacier"
+CHECK_ALTERNATE_check7142="extra7142"
+CHECK_SERVICENAME_extra7142="s3glacier"
+CHECK_RISK_extra7142='Vaults accessible to everyone could expose sensible data to bad actors'
+CHECK_REMEDIATION_extra7142='Ensure vault policy does not have principle as *'
+CHECK_DOC_extra7142='https://docs.aws.amazon.com/amazonglacier/latest/dev/access-control-overview.html'
+CHECK_CAF_EPIC_extra7142='Data Protection'
 
-# If an s3 glacier vault has a policy principle as *, we consider it public accessible resource.
-
-extra91(){
+extra7142(){
+  # "Check if S3 glacier vaults have policies which allow access to everyone (Not Scored) (Not part of CIS benchmark)"
   for region in $REGIONS; do
   LIST_OF_VAULTS=$($AWSCLI glacier list-vaults $PROFILE_OPT --region $region --account-id $ACCOUNT_NUM --query VaultList[*].VaultName --output text|xargs -n1)
   if [[ $LIST_OF_VAULTS ]]; then
     for vault in $LIST_OF_VAULTS;do
       VAULT_POLICY_STATEMENTS=$($AWSCLI glacier $PROFILE_OPT get-vault-access-policy --region $region --account-id $ACCOUNT_NUM --vault-name $vault --output json --query policy.Policy 2>&1)
       if [[ $VAULT_POLICY_STATEMENTS == *GetVaultAccessPolicy* ]]; then
-        textInfo "Vault policy does not exist for vault $vault"
+        textInfo "$region: Vault: $vault doesn't have any policy" "$region" "$vault"
       else
         VAULT_POLICY_BAD_STATEMENTS=$(echo $VAULT_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow") | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
         if [[ $VAULT_POLICY_BAD_STATEMENTS != "" ]]; then
-          textFail "$region : Vault $vault allows public access with policy as: $VAULT_POLICY_BAD_STATEMENTS"
+          textFail "$region : Vault: $vault has policy which allows access to everyone" "$region" "$vault"
         else
-          textPass "$region :Vault $vault has vault policy which does not allow public access"
+          textPass "$region: Vault: $vault has policy which does not allow access to everyone" "$region" "$vault"
         fi
       fi
     done
 
   else
-    textInfo "No glacier vaults found in $region region"
+    textInfo "$region: No glacier vaults found" "$region"
   fi
  done
 }
diff --git a/checks/check_extra92 b/checks/check_extra7143
similarity index 54%
rename from checks/check_extra92
rename to checks/check_extra7143
index d83c3f24..fbd1c324 100644
--- a/checks/check_extra92
+++ b/checks/check_extra7143
@@ -10,39 +10,40 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra92="9.2"
-CHECK_TITLE_extra92="[extra92] Check if EFS have policies which allow access to everyone (Not Scored) (Not part of CIS benchmark) (Custom Check)"
-CHECK_SCORED_extra92="NOT_SCORED"
-CHECK_TYPE_extra92="EXTRA"
-CHECK_SEVERITY_extra92="Critical"
-CHECK_ASFF_RESOURCE_TYPE_extra92="AwsEFS"
-CHECK_ALTERNATE_check92="extra92"
-CHECK_SERVICENAME_extra92="EFS"
+CHECK_ID_extra7143="7.143"
+CHECK_TITLE_extra7143="[extra7143] Check if EFS have policies which allow access to everyone (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7143="NOT_SCORED"
+CHECK_TYPE_extra7143="EXTRA"
+CHECK_SEVERITY_extra7143="Critical"
+CHECK_ASFF_RESOURCE_TYPE_extra7143="AwsEFS"
+CHECK_ALTERNATE_check7143="extra7143"
+CHECK_SERVICENAME_extra7143="efs"
+CHECK_RISK_extra7143='EFS accessible to everyone could expose sensible data to bad actors'
+CHECK_REMEDIATION_extra7143='Ensure efs has some policy but it does not have principle as *'
+CHECK_DOC_extra7143='https://docs.aws.amazon.com/efs/latest/ug/access-control-block-public-access.html'
+CHECK_CAF_EPIC_extra7143='Data Protection'
 
-# If an EFS has a policy principle as *, we consider it as public accessible even though client connects through a 
-# vpc peering or transit gateway. Also if EFS has a default policy(no user defined policy), it's also a security risk, 
-# as default policy grants full access to any client that can connect to the file system using a file system mount target.
-
-extra92(){
+extra7143(){
+  # "Check if EFS have policies which allow access to everyone (Not Scored) (Not part of CIS benchmark)"
   for region in $REGIONS; do
   LIST_OF_EFS_IDS=$($AWSCLI efs describe-file-systems $PROFILE_OPT --region $region --query FileSystems[*].FileSystemId --output text|xargs -n1)
   if [[ $LIST_OF_EFS_IDS ]]; then
     for efsId in $LIST_OF_EFS_IDS;do
       EFS_POLICY_STATEMENTS=$($AWSCLI efs $PROFILE_OPT describe-file-system-policy --region $region --file-system-id $efsId --output json --query Policy 2>&1)
       if [[ $EFS_POLICY_STATEMENTS == *PolicyNotFound* ]]; then
-        textFail "$region :  EFS $efsId doesn't have any policy which means it grants full access to any client"
+        textFail "$region:  EFS: $efsId doesn't have any policy which means it grants full access to any client" "$region" "$efsId"
       else
         EFS_POLICY_BAD_STATEMENTS=$(echo $EFS_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow") | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
         if [[ $EFS_POLICY_BAD_STATEMENTS != "" ]]; then
-          textFail "$region : EFS $efsId allows public access with policy as: $EFS_POLICY_BAD_STATEMENTS"
+          textFail "$region: EFS: $efsId has policy which allows access to everyone" "$region" "$efsId"
         else
-          textPass "$region : EFS $efsId has file system policy which does not allow public access"
+          textPass "$region: EFS: $efsId has policy which does not allow access to everyone" "$region" "$efsId"
         fi
       fi
     done
 
   else
-    textInfo "No EFS found in $region region"
+    textInfo "$region: No EFS found" "$region"
   fi
  done
 }
diff --git a/checks/check_extra93 b/checks/check_extra7144
similarity index 57%
rename from checks/check_extra93
rename to checks/check_extra7144
index 02fbd1ab..7f8192e9 100644
--- a/checks/check_extra93
+++ b/checks/check_extra7144
@@ -10,25 +10,25 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
+CHECK_ID_extra7144="7.144"
+CHECK_TITLE_extra7144="[extra7144] Check if aws cloudwatch has allowed sharing with other accounts (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7144="NOT_SCORED"
+CHECK_TYPE_extra7144="EXTRA"
+CHECK_SEVERITY_extra7144="Medium"
+CHECK_ASFF_RESOURCE_TYPE_extra7144="AwsCloudWatch"
+CHECK_ALTERNATE_check7144="extra7144"
+CHECK_SERVICENAME_extra7144="cloudwatch"
+CHECK_RISK_extra7144=''
+CHECK_REMEDIATION_extra7144=''
+CHECK_DOC_extra7144='https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html'
+CHECK_CAF_EPIC_extra7144=''
 
-CHECK_ID_extra93="9.3"
-CHECK_TITLE_extra93="[extra93] Check if aws cloudwatch has allowed sharing with other accounts (Not Scored) (Not part of CIS benchmark) (Custom Check)"
-CHECK_SCORED_extra93="NOT_SCORED"
-CHECK_TYPE_extra93="EXTRA"
-CHECK_SEVERITY_extra93="Critical"
-CHECK_ASFF_RESOURCE_TYPE_extra93="AwsCloudWatch"
-CHECK_ALTERNATE_check93="extra93"
-CHECK_SERVICENAME_extra93="CloudWatch"
-
-# When CloudWatch allows cross account sharing, a role with name CloudWatch-CrossAccountSharingRole 
-# get's created by aws itself. So we are validating role name existance for checking the cloudwatch security.
-
-extra93(){
-  
+extra7144(){
+  # "Check if aws cloudwatch has allowed sharing with other accounts (Not Scored) (Not part of CIS benchmark)"
   CLOUDWATCH_CROSS_ACCOUNT_ROLE=$($AWSCLI iam get-role $PROFILE_OPT --role-name=CloudWatch-CrossAccountSharingRole --output json --query Role 2>&1)
   if [[ $CLOUDWATCH_CROSS_ACCOUNT_ROLE != *NoSuchEntity* ]]; then
       CLOUDWATCH_POLICY_BAD_STATEMENTS=$(echo $CLOUDWATCH_CROSS_ACCOUNT_ROLE | jq '.AssumeRolePolicyDocument')
-      textFail "Cloudwatch has allowed cross account sharing with policy as $CLOUDWATCH_POLICY_BAD_STATEMENTS"
+      textInfo "Cloudwatch has allowed cross account sharing"
   else
       textPass "CloudWatch doesn't allows cross account sharing"
   fi
diff --git a/checks/check_extra94 b/checks/check_extra7145
similarity index 55%
rename from checks/check_extra94
rename to checks/check_extra7145
index de9a00c3..d608d8c4 100644
--- a/checks/check_extra94
+++ b/checks/check_extra7145
@@ -10,39 +10,40 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
+CHECK_ID_extra7145="7.145"
+CHECK_TITLE_extra7145="[extra7145] Check if lambda functions have policies which allow access to every aws account (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7145="NOT_SCORED"
+CHECK_TYPE_extra7145="EXTRA"
+CHECK_SEVERITY_extra7145="Critical"
+CHECK_ASFF_RESOURCE_TYPE_extra7145="AwsLambda"
+CHECK_ALTERNATE_check7145="extra7145"
+CHECK_SERVICENAME_extra7145="lambda"
+CHECK_RISK_extra7145='Lambda function access to any aws account may result security issues'
+CHECK_REMEDIATION_extra7145='Ensure lambda function policiy does not allow access to any account'
+CHECK_DOC_extra7145='https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html'
+CHECK_CAF_EPIC_extra7145=''
 
-CHECK_ID_extra94="9.4"
-CHECK_TITLE_extra94="[extra94] Check if lambda functions have policies which allow access to everyone having an aws account (Not Scored) (Not part of CIS benchmark) (Custom Check)"
-CHECK_SCORED_extra94="NOT_SCORED"
-CHECK_TYPE_extra94="EXTRA"
-CHECK_SEVERITY_extra94="Critical"
-CHECK_ASFF_RESOURCE_TYPE_extra94="AwsLambda"
-CHECK_ALTERNATE_check94="extra94"
-CHECK_SERVICENAME_extra94="Lambda"
-
-# If a lambda function has a policy principle as *, It can be accessed by any aws account. 
-# We consider such functions as publicly accessible resource.
-
-extra94(){
+extra7145(){
+  # "Check if lambda functions have policies which allow access to every aws account (Not Scored) (Not part of CIS benchmark)"
   for region in $REGIONS; do
   LIST_OF_LAMBDA_FUNCTIONS=$($AWSCLI lambda list-functions $PROFILE_OPT --region $region --query Functions[*].FunctionName --output text)
   if [[ $LIST_OF_LAMBDA_FUNCTIONS ]]; then
     for lambdaFunction in $LIST_OF_LAMBDA_FUNCTIONS;do
       FUNCTION_POLICY_STATEMENTS=$($AWSCLI lambda $PROFILE_OPT get-policy --region $region --function-name $lambdaFunction --output json --query Policy 2>&1)
       if [[ $FUNCTION_POLICY_STATEMENTS == *ResourceNotFoundException* ]]; then
-        textInfo "$region : Lambda function $lambdaFunction doesn't have any policy"
+        textInfo "$region : Lambda function: $lambdaFunction doesn't have any policy" "$region" "$lambdaFunction"
       else
         FUNCTION_POLICY_BAD_STATEMENTS=$(echo $FUNCTION_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow")	 | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
         if [[ $FUNCTION_POLICY_BAD_STATEMENTS != "" ]]; then
-          textFail "$region : Lambda function $lambdaFunction allows public access with policy as: $FUNCTION_POLICY_BAD_STATEMENTS"
+          textFail "$region: Lambda function: $lambdaFunction allows public access to every aws account" "$region" "$lambdaFunction"
         else
-          textPass "$region : Lambda function $lambdaFunction has policy which doesn't allow access to everyone having an aws account"
+          textPass "$region: Lambda function: $lambdaFunction has policy which doesn't allow access to everyone having an aws account" "$region" "$lambdaFunction"
         fi
       fi
     done
 
   else
-    textInfo "No lambda functions found in $region region"
+    textInfo "$region: No lambda functions found" "$region"
   fi
  done
 }
diff --git a/checks/check_extra95 b/checks/check_extra7146
similarity index 52%
rename from checks/check_extra95
rename to checks/check_extra7146
index a41f3c9c..980b9fa4 100644
--- a/checks/check_extra95
+++ b/checks/check_extra7146
@@ -10,32 +10,34 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
+CHECK_ID_extra7146="7.146"
+CHECK_TITLE_extra7146="[extra7146] Check if there is any unassigned elastic ip's (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra7146="NOT_SCORED"
+CHECK_TYPE_extra7146="EXTRA"
+CHECK_SEVERITY_extra7146="Medium"
+CHECK_ASFF_RESOURCE_TYPE_extra7146="AwsElasticIPs"
+CHECK_ALTERNATE_check7146="extra7146"
+CHECK_SERVICENAME_extra7146="elasticip"
+CHECK_RISK_extra7146='Unassigned elastic ips may result in extra cost'
+CHECK_REMEDIATION_extra7146='Ensure elastic ips are not unassigned'
+CHECK_DOC_extra7146='https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html'
+CHECK_CAF_EPIC_extra7146=''
 
-CHECK_ID_extra95="9.5"
-CHECK_TITLE_extra95="[extra95] Check if there is any unassigned elastic ip's (Not Scored) (Not part of CIS benchmark) (Custom Check)"
-CHECK_SCORED_extra95="NOT_SCORED"
-CHECK_TYPE_extra95="EXTRA"
-CHECK_SEVERITY_extra95="Critical"
-CHECK_ASFF_RESOURCE_TYPE_extra95="AwsElasticIPs"
-CHECK_ALTERNATE_check95="extra95"
-CHECK_SERVICENAME_extra95="ElasticIPs"
-
-# If there is any elasting ip which is not assigned to any instance or network interface, we will list that out.
-
-extra95(){
+extra7146(){
+  # "Check if there is any unassigned elastic ip (Not Scored) (Not part of CIS benchmark)"
   for region in $REGIONS; do
   ELASTIC_IP_ADDRESSES=$($AWSCLI ec2 describe-addresses $PROFILE_OPT --region $region --query Addresses --output json)
   if [[ $ELASTIC_IP_ADDRESSES != [] ]]; then
     LIST_OF_ASSOCIATED_IPS=$(echo $ELASTIC_IP_ADDRESSES | jq -r '.[] | select(.AssociationId!=null) | .PublicIp')
     LIST_OF_UNASSOCIATED_IPS=$(echo $ELASTIC_IP_ADDRESSES | jq -r '.[] | select(.AssociationId==null) | .PublicIp')
     for ass_ip in $LIST_OF_ASSOCIATED_IPS; do
-     textPass "$region : Elastic IP $ass_ip is associated with an instance or network interface"
+     textPass "$region: Elastic IP: $ass_ip is associated with an instance or network interface" "$region" "$ass_ip"
      done
     for unass_ip in $LIST_OF_UNASSOCIATED_IPS; do
-     textInfo "$region : Elastic IP $unass_ip is not associated with any instance or network interface, it may incurr cost"
+     textInfo "$region: Elastic IP: $unass_ip is not associated with any instance or network interface, it may incurr extra cost" "$region" "$unass_ip"
      done
   else
-    textInfo "No elastic ip's found in region $region"
+    textInfo "$region: No elastic ip's found" "$region"
   fi
  done
 }
diff --git a/groups/group7_extras b/groups/group7_extras
index e7333d62..090deca2 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,7 +15,7 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7142,extra7143,extra7144,extra7145,extra7146'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`

From 4e9e421c84349e4a6c5e959cf0616e8caacd8596 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Thu, 24 Jun 2021 17:49:33 +0200
Subject: [PATCH 47/82] Updated README to include reference to CloudShelld

---
 README.md                  |   3 +++
 util/cloudshell/README.pdf | Bin 150189 -> 0 bytes
 2 files changed, 3 insertions(+)
 delete mode 100644 util/cloudshell/README.pdf

diff --git a/README.md b/README.md
index 43deffaf..57d04e6b 100644
--- a/README.md
+++ b/README.md
@@ -343,6 +343,9 @@ Sets the entropy limit for high entropy hex strings from environment variable `H
 export BASE64_LIMIT=4.5
 export HEX_LIMIT=3.0
 ```
+### Run Prowler using AWS CloudShell
+
+An easy way to run Prowler to scan your account is using AWS CloudShell. Read more and learn how to do it [here](util/cloudshell/README.md).
 
 ## Security Hub integration
 
diff --git a/util/cloudshell/README.pdf b/util/cloudshell/README.pdf
deleted file mode 100644
index f7c3f80d32a0986169546a90fcb9e70d9ba1a65d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 150189
zcmb@s1yGz%*Dn~{HMmP~cXto&?hxGF-7OH@CAdp)hr!)_kl^kPJOB56@AvIiZQZ?l
zce|*m;hFA!P9OiB(-cbLk_;@2?C=!xr^h?+EF{b%4kp&{{QOK}&gRCh4$dUhVwTPh
zc2;h7H1JGH&JJd7rsklBsy0@}OrW(ScHGRMAO1Dj%E4aT*wvhbTAY`anU#f^jfIVw
znVprHg^rn-3iJn>C+}ePKc6Bf2ybq0_74ec|4oXiF$oJilc+oilY)b@ow4nIPvZFR
zNn#@ZO#1g!IWZDucqX~;|N7MY=efKb2|GNKstAdzvzz(<{a&oh|Gk--m!mlela`{1
zwYjM)Xq}sh>%X4J*cn@ZmTOv>xmuEN@o>R2Nt;_)Sh|w1@qn1%VC&$l>S$~VS}Jbt
zZe?n&A|(oXmzArFlDV^(gPo&;y}7+B2{$~Gq?N5Jh>c8=wjhRyo0~eAfp(QMx3>Uo
z%gxHgEhtFh;tCRg9lU4udCsw}npF4jCkiEP@HY6!(&mgj1fDXOgdQp;23Kz@R2-g&
zgakOP6WDJj3pneE2XQvaEtV+lY`KMR<Ud5dT5OpuS+F`>Y`pGvkH6>Mo-@YGm#)v-
z%FA8*66c<r@VZr;ER+LFEBp^#T}?EalKwsB%9IxtCVpZ(fYZ_Zd&HqbZBw*B(Tu75
zXUu)mvK%ARR7siF$h+V+QE!Ggj#58X#o`{OG80yYdl#lVQ&;`ZTs#&qf0Krdsb5p8
zD1=a-M6HgV-aa}_>pX&6`+IZ}8sGmtdf?G~&hDppgwW&867GMQk4n9-Cw>-@|6ycc
zjd#5F+^0QDQCBI{V?(gPLm|Fv`ZsObXjRa*QjU9t1@V(P_c|}8`7finuOqq7&68eB
zsY}-C#}+DVKm|Y$x(UxlEic(G*VgYNN@m6E6>9UImKEe|WX=u$J~d{ab+0=l7vpyJ
zu-yGGfx{XG<6m~2bP~VjsnX1ORCl>b{%+JiZ^N6J6LW=)YZx@ZcL=Df1T$a4z7kga
z293LMbXzIZ@%}EMKD8;v^(VwR<%Wb3l_J(qTakVFaIv3JjpPzP)yMo_TSwoQs`~9!
zQj#$={>9+13KA^|Vz<q_v0*h5GT=?}khHyS(|Qffe8b%xH);eQUzb_RXOY01)oqP7
z4T^j5ENPhfzt~nl%dNqq=$%&Kd~tNDW>7MRRnjZ{wSnMk!(4v4E%j#bTsjfV?iIC%
z^^`t7b`^o$L;bI_y^`Mv2_Dz0y>+^a+iS|}o_hzSEj_J|X+7@{K}mnqV;y)_uT9QH
z5)rQ>(SV{)SS(~;|IR#Kq1_!UJ|1Az!ufP1hyEAo!dd`|qK$~HV%l0E%#1O+ynL3F
zc$N9=dQ$j^ZDFJu)^oV5E(MJ?lrvMxwIK!fr)F@e`(RAw<HNjwi`S3Y9HvVVq0<1f
z($BZ)PcnLy?$22UUvWINTj1w2@o$m*+kX6s-}`2Vx|+40_m`jIBp}s7SJ5i|hvyg-
z!A6V8WZ0nd6R&oCsMRD>w;*x<W>B<>{fk%U+B!G#-G@`jur8WL+N;xuqg|jXY4ds2
z3$RO0g8&)E{6&UDqX}90De}|#`|ll1;qtm=37Vh(butpI6t(?LunFJw4mHe_M7&8i
zT4Gg-{YmZ>r?;+Jd*3+^y4IicGy#%lO^6v)Kh+N~nKS?na)fNNCC@bx4Je);yEbXH
zdI%kGSh6b9cB^sB%Q+zSiKJJmY;241_e+1RuC)oOS{MSBsY`36@Q??X@0aBKfw>~y
zsRJ(mOTNa+s8tP%KETRtew*9&@(w$YY*|*1!Q*ro^SsHFM$L*%Q^Yk^k84~Es=jX_
zRDDl*1Pjsa64$)Q4JQW*cter~CXidXG~Pz*D!41%%U6R}f;d3-rZNu~iW|agf;vqo
ze9iD-zwzcOWk;SA21P`<`r|Kyj&@xWe;<#JG%G!=uAxpF1-%=tj`lF^49080%ysjx
z`s-$}jfAhIyad{8R8*xX^Y7iphcy)fJ|U&g@@jfA`{8NR**3g>oQwd>p;;QvzFdwD
zqjc6hRXv?$-@>*=n}=Wu<ElMax&Wuq_?IE4`Y5rKf)pZ5NxLoej(Ts8l^B*M=P6x{
za0D*SAJ!`|yhen)UTZGb=xRQH%Ls_`GQr}a;)%7IFSK2#C`yo|f>=Jj@s&y_+-=dv
zXlm5GDY@!d|AYuJO4*ByR~K5H*NIXupS|#xRsZtsMnz;Fo|q{E0q*A+NQlyjTTqpE
zoDmlW`*nm30$;Ou-ID}Z8Q-I{pd#Dd_rz9e9Ri-fM86PA#a4Y^(s1%f=vH^FMMqY<
zD>VsB^aBd*4&|-TVLUUlaKW2TKP1i~_!yX+Dqn6qIbM1B-@ZSNz&COByWu)(4_2`0
z3zS_Jw`|pH`4~AJTfa$Z*-V`FARJ@mT2J$P*NAO2;{=EMCVycfJ+ym038A9X(T+FM
zeOyY>v`ffL<|o)oktjgZY4;gYz}fc17pIvzF5BB8AJ%m62P43rtIuFNG^s-}ZA6sh
zh{#m9)2mBDPqlx^hU%NIld`Mzp*g!}#q>swZYgeNTz~+}>pMRfNpk_#r!HM+_HX?T
zL5ukFTwLjVfGKg51EX&5S1g6-jmgv*IYM>ti-lYWz>#A-A<UuR^Sm;Hg_-j?(so;D
zG(6=I{4!TEDY?@Z3Nb+I9gAQ0eI0C}o^~ll9T&V3r`vIlW29x?A~{=yj1EEr?y-W(
zv$`escn-Tf9=uqO4f}@tBO$i$eH{2f`fyK;TWL@wApJ=DZO`85FpLYe#5CnCn<V9I
z>TnEmF7_K|>kmfJBERQ*E{=P78_x4G8|!kO8TKdJ%8FC>1x`e%AST1MA6gjb?VK3G
zmOnA8bky5qbhB=<SqC9%P!m3}E=@KXaSSp$+F5c#YFRBXlWW$w{|>Arn^8fB7B<{$
zk1EANFxZLtKY$&r@*r3+Q4_^y_oZ4!gVC=Utwgv%IEHsQK~uUmZbl?%$!KpnmL1=%
zZd>iD=vfZ!E@B$jrj;knH7a+8(Jh6#E~rUi#g9$paCwi(_*UEV6Fg87#wvwnhRE-d
z_eW~?6s@KFN<d3!`Hd+)Y%6^+;1ZJ-!OO-9`!ltp4w!VmGjE}kZjO1HGkvg+$?!{R
zF9p96I!OJ(Uu*w{R|8-M15&3;S8{^Ls@z!h2#zYeTbxSpc1^Hiqeg=cZ~6G=Ba{|2
z9##YmXvncCy43n;VsoGyuO18K%n#zUPRaZ$(c%={8Iwb%?u$?LB)(7A$KtHK_np1z
z%j}c(k>b*|kl`<!DZ18MZ|C>Fa<GA&4~7B`240AylT?Ns&PX)V4|-U>Ss5)j&%md@
zON&6ix|VCL{OmjiYOBkm=f4j*9`?ST6E2)eK>@EH5kYnEhDctoT79&Pav2woo9E~6
zS4)=+Tgwj<1RE8Voc1hj`)s+Jot0RP{D|E3aPE>OB;MD>Au#KT#>g@2*{6p%X{bH<
zt{mOF2b)#>Cb2@?Sf53d6w}mNzvD3XPq{QM?QLypH=5_`P?J*ye8#sRvhzu~6lhtt
z&#ZW(T}UPAn_u%{`kzq#en~Mt5_98zjLpr~t9O&~v%#nI#%<rr@LAfp=d(7F&s{f&
zyBk6Js-6gU67xMSFFDk60u|S)EXHcw2vOV%Pk^fO;cOaqdxw*h5i^Wu)+NYI@BK|<
z9$oZT(p+LdNGajsYMl$00*gSv#{&dXp<iG*jx%TprmC&@RHosXVINqUhFMB_YS`BT
zW@=`I2r%L_qQ4NZ*ffU>bOTL<n%2t&lya5tF+uG`e~V8!cPg{JVw81Up+8SdE4uA{
z{*+O+BO!}_In>epQ(aK~9_9z5wVxeK_FF^({7?G54V59uyvs9Jxz%*+j1>VxV0f4k
z|B7A{(VSfN32LfxAj?TS{!Z~%qHF}V_@pr;w_#n!g>j3io%Zbo7Ptq7KW?ptGixzp
zOVDjG@|8VJzJA7|v`w_|fmj9=T%P&Pc&xE49m;;by34-ca7xXvKq5bV7drUZ4#|!F
z@Msd~7OEEr6Gx5+t1S9&qgr9>ki=e(a0P56=ze0S6SA85eL<O3;5FEiZ6i@puto+0
zxly^X(vT(l45(?_&znB8;76maQY$XP^3rTRedw`1t&pw9+4C;@x8Uc0H^CT*hy;Mf
zIx%QNv@>ecueDHQm8kW!D+7VIvb1e#6jHn7WY>$ZUq%f-KNN%HPAlB+1$+k|X<^My
zUO&)U9-a~})WZpT@wtQm^)4~XUk1!BtI$;S*61(3<eqi@<TUMmTO4k=B>M<a3_v06
zRj1$n*_*DapSI<H=>Z!Ud8KYUcDDtCBKUek7b^5}cFWZB0UeY)!ShJWFP_PC5rAYs
z){}97m@oSMTkGADdME@YcWE6vs>V(wsRJ>cR+uXA?cJip5Q>yB0F2bJlGDR&AawM4
z)hjG=SShexG*&cSijCzA;Sp(gNDh!sn_6{^dGXSpl!7=wFpwP=BM*7V3?^x1gaXbS
zb8{Ss)c*{&=QY(S@hm~{wBmY#=!{xa_}M0ooU(2pZnk*gN4F$|vKMTO)QlJwYGj$o
z*TL=EM{sr3jDXFe(El?khXx0GkV(6d(a*a^qu)y><Y^huV_xX?L-=DnZ#~q^2ywn-
zsCT^FvdF#x6l40DLYXhP3Ax0qEWkW(Q&a0#EMW)`a>c)>qw<_m1Wfe=LoilnV=}^@
zJDk!9P&3$}M)#QoqW&1U({o_QASbto??zS~c?i818NRI*Ji}waeu-K_f{!+8PDjBx
z@RY&^|J$pc)dK(3bj<{-Hb)OAe8{>0XtIzzf-TLdX+)rRI`gIKFWc*H;D8NONr(O;
z_E`#6Jb)qyUKp*B`ip87U)c#=fBv|UVN<};;HSk;zjoopfafX?Cb*xyE`Xy}bDb%F
zLJk%rY`heJ44AU?PafG@HnXA~j6fv2xJuhND+y1g5Sd;hQ1mR}ZKy&NAE13^Eoj^!
zr=)ZSFZCb4H82VYSCV&!m_qm>ai#!kluZimq!JGO*A-4bMt-b=+{PWOk=Oac*KN-@
zE@L`3Z5m-i^fS$roByKBL9Wgm$C_n9%Y43`RsdB4imI|#D`knevT3;*X1F3`lFGR5
zJKf8(#NK~2*hSa<SJ6{x&rai478Bi{S>AzkPOu`fTVUU^qJ+NTc-7uVSDY~QJcpY(
zKaX()qLQUm&2l!c@i8(_p8IqyJNToY4^-&iGtIYk`Q9q{RtXih?J_N6cRvu@$EVg+
zTzhsji?~;aWlymm$~5Cf4k{ZpQemZEz2#iN%tJu;648S46=7KwQe*Yd=@&<wf^l9-
z6C5{|LKEAF;`!7@P6t3bV$m1oZF)?1ta)ol=J0tX=a~aZ=md^fOh6?a+K?k@f5R9j
zf5H=-pjebLp(#est|%5|Y`DukzT%pq*Na0<U#1aaXq<46va_hHUkvB#kZq=wQQe@j
zG>Q$l(qODETUa^nhZ~C>E^A1iWY*ZTEs+X*Fp`RB4U`wm+~^uB0<?9ggiL5q{1uDi
z!9-g)JaR+RL`9vru3vvF{*HjWl-K>N(h&o!TwY@!G@-E`$>faf<_>U5cDZIi${Cg<
zE+btdK*5P-4i*Kgj##iiU+PGfng}=+b$0dNDwuSNUS<J~W~}9;>iCZ3*4Neq`NvJV
zS6Tr+a2|GEQi#u@K<~@nK&&6>aifyW&KZb{Qe2e3ohYKU;&otXOHuJk`{v`>_24PH
zhbULtw)NWVsDADAa~usM2S{*7kVVCzk7_}Y^-G1EQa&bwsi6s0^{a(dgZV>auw-;5
zGMK7gTTd2e(?xSbZic*xRiU$CGji`O@aKq_d2S$!Yd;voiWdGPPf%yo&gotgAkdQV
zZTI=KS)K@U<`*QJBW?+o5zYrex}Qb`V8Uq3h&+LR`kykPnCH61hA;27q~`tZ&s&VL
z&i^362Kc^S0Jv&}4L3etK0+d91*^W_sDGuo^jnTFn_aVEG#J*jnnx(2s5<ewg(o|t
zH(;2;q&}oub|Cq9Aiga4rWi^$pt0>}`>7nV0omzN`)KdrAU%M5U{65Al5N62ozb#V
zRO?S)sg-d3Rh2V#PIjs4_GxL9g_3;Yu#TG;TUXQ^zsU!9B~D6@c4LtqBbv^NKNfiX
zot|KSLiZcxCdi%eBONA52v^t$inx3c+n!B3y~SeKvt2vL6_G+yMu!C^<&!`Lx}yo|
zMh*T;akN;}X7+TM;K^S8!qAX@W21uoUEC32JQ0k)-boljr@%flb2BF2<Ofonk|u-F
z%y6--q*o=?6`GgAy3oOISb`oq=%4OGXIZJ>ni<)qI`6Q4y5d87`bkB6LD})bg|<OD
z6T5$YRoZ$p_E2(MW{i*h5jN3DZRJ}Ll$!R4)F)DaS3+D+=<$0Pw>T7}kt>ZfZY0r0
zRqPaAES*nY;e{mLB~PbS;tBKgfhU4)Z<Oae+t{DgEX6hS=!A+j)<F{$Y^MY7bBI9u
zRSL9TWDKYh4T<Cn)}pW;Qx~`2gYK`8=lJ7np<8c|MY_i35~+UN9VfI^noVKc94ral
z2xfy8XqFak<%PiPw9P<n-|lF<7>19hk>h1?R8L!4hw<f$FYD&r4ka2o;&AHBd^N}u
zm}SjHSLnkalRKVHVVAZusz|v7P(f&jR9kewDRlYyac3ujS8jP8>icHp^oajPNoG?z
zi9DoVp1iViY+$v8LI(b64ptA+o9F7OYrLE-dMOFw&+EU26a$k-r?I)M(b*bVjEg{$
zj4-X`Cw`1?dC$Y|f0HG8X7Tt6(Ls->ZBo(w@?3p0Gpu^`O!%w^omkb2I67sO{t{(H
z(y$NV>gy>r1UJ|?RySKG<y(kbf;#Ut-=5x#cw2ymL104b1sH7#t=oH|UiwtV{vrJe
z_1B1BVE0H4AUl90A_fJcs`G<_z&UWHaNkShn4oxd9|CEMu4BQ+{Cz#6LyhRzN@@N?
zOjt_GtW7gAqIyK4?sel1at_jp<#d_xsSVK$Zh<Yx48#MyW1Y^1;0^GsaZfBvAi93<
zubb6Xk{g4!CmETMr6M0)DDNJT{F6gWhFfU`RXwVxnc3N%Z0GR57RI}Yq$0al$835z
zSawiKEY+~n@g1XI+vh)+Wrix+0OQxQ+k1lt&eL;CK1f=CgpDDjQ1$Fc`Kx<sMuVV|
zU?WWPt7_IrMEZ-qI$Q9ha_=qT7x`Wg;GdipjKHj{s(>?tzfL*0xLG|Uf5WTnqh3u^
zR<`8R$o+C|m>8L0Oe48m=}>q~TT!9uuwne7RV<`2Y0!ku67Y1BuqLs(+eHmt`Q&-f
zERc`~kC@B`mFfLnA!#CEej0+k*n!DyyB?4Xz@~TXJCV~=R35G9^ol9ivs<IQ=K_A#
zeJcyGx$3~V1;#CAzV_X{J>N(Yg=4UQ+iq5B|7x<eoAUp=;pJr(2p0C&w$bI!Y9-z9
zDc<A+660xh#lY357;cV!n_W;_)@R!rz^Tf1;FdiGl!<(szB|6}>-$Ak;|SrjHHV4z
z4mQ-oSi(R)*fm9BgCI5S#{R@uV+EHXbR3WMD*;^oj|CZjk6H2M3YjrG2tV~b)cYY~
zHW}!ALQX{E$Dp+r#anu{ub5BK_7-11HP0#icrn}=!;1!ky*}cjcO4tkZKYSbCwE1l
zP7N<Ch9V$=r|0vqN^Bf%nZzgqh<3RLO_`U;=I7D?2}3P#>}y7xsL-Cda(Knq_mi-7
zgc*fF8FRwwclwr{qwGt=8<4G67C2^#sxENk!Kx|nh%t6D4@j8Xpc&K~==SfoM{m3v
zUC7gs8Qz6AD_@78v1&L`QuN@6v_>Sxct%OI3?k9#pjX4_VN1bP?LM$T^ZHA0(SCU*
zsgK65HL3Itt*3=mMS|0~mQeTbzBKH1W{7Of;~-Gn5R<(nNNZ7;a^{Pm9T<CV-U=_%
zeWer@%E5UIC><tXP{a{b`>9^n^!75T2+A847P#CxUxr$Q-W*>Im{uqm?UuSOUyj5K
z)b%}D@7YC0h%56G?qQgHUS9^$fAv;CjW6$1))EVfAH1S)aS=IiP2$3UlIXh1k9{{?
zkFLiZDQ>faw|zzWHwWOS<5Tk|b&M7!z60O7U*ERq=N1f?^0g1pPqVf4E{bQnX4t4w
zL|SC_WRl6#b@@BuCIP1tpJHC)ms@Xz8E%cLwbn4Osnz5DdgDXJL@F4H*e{^y0a0UQ
zMy+3pMA?rIKM=`(UW};fRx{Mw391_{t(16q%gMOE<jKPB36)Ir#@<w%vu`w6j)1v|
zOBi7=BRb!)J(<tasdugfU8eLWFEufKFoY;0!)3orV4R7hsR{PkX{nRf3AAi>?3(F_
z>PW8eWlAJmI{9!)yA6=8Sf+c{pc}~@NS|Imf5)Y@tZ&-T*(b_IZQNxu?@oQ}W>-0*
zE~pGVnql2GE~GJxHKGppxUI~Gef~mkob|KX>b|Wrgh-{Sq0`fi!UswR@gNIzgea*)
z$>mO`r3=rUSt&-l&HY1Q=2I`cJ^f(<c2hAH5+JL1id(eoq&PndDpnL7^6_`4^`r63
z?8B#4m92FpB+A~)AWg7eh_fr~H|Ky*g(dHnJqVP_GpXjEEVnen!S9;V+<CDvlxFV)
z&n-qmR!2#(KG)&LX#TOdY>2)G<;`V$jHv+<fdQZ*T7Cf8P?3<Ri8(dCz1K^RQQsl+
z3_PSnWy5Loa!=i%QEY$l@Sj`hnD#)Hgzl?&n)Fz8y+??ST`dJ3o?L#k${8_GEo8sY
zM0luJ>Vuo_HP$oPIkbMPSFN<x{k6x^k6CMRy8J*fp#M`4I4nq$lw{b$+yt&26cCP8
zBR<tzVFwr;_>LgD`YapB;_E|&vpuJ)iIA3ZTM3}!^8HvOUQIIkeK4Q7{(P-U_@M>G
zozyi`;34!BsfAhHW1p<+W7ND{+ijES670f>Y|Iikco#&B1b;tlQ}Iaj#qhc~KT=yo
z!ykyJ4My5bY>8S67#JCl!JQzEFiiLuL?wP6&E`qd<-s{zzAP(1fN7Ct4vpqFwzEOz
zV4<MAaiRg$I$!r6g~`r7ozLC?YxC+29$-U1O%M70_+^kw9gpn>Fp>%u4JO*<B<M2l
zUSAWeVQ7Jg$xvS;M9Ry&7|oln^?(%am(e&XlPW+C3p(tSNN?~bAkAZv#@|=@O%~Q?
zjDuK<dJX|b{R^U<06d$Gzti7A@h^xh>ADVg>TGH=->t~+-U(kuM~YJ#cT4aU1`~|X
zuTjZ1rAOTARPP=+F~qp*B%V-XE=6u?{X-oxpq`5oMw!xT9C#8no8)lF)rjT6)DRX-
zG;00@wQeriJ_P13FUqipobKiv&i&1`pS{y{t_5$4ZI*)$onUWv+-cikYH4U$7ZX=!
zmZti@aJPN8^3DKPC$_*)P-TDd6;jD}h6hOF&bh=+t>fT2u9FEcB8`aHdg9Us+c4D7
zT+l-_hRH%#ne^<Nww2AwQt{us(nYFU257*WQEa&*3zLQH2-(XlsCDK-agjU<tO8dA
z&(1~a#thdV7K>b>!L+w9h>WXvZxvcP6#&axNTeF0tevLD-+(o!)eh^MYg}Nk3+t#|
z0TR1LPu5eh?5Jx!I>SLFk?LX!Hhq{`teXNIBMUijkmgw$%ulLcvJszO4`U(2)A&R6
zLq5yRPt7FcnLE^3(j%`!`=w2;x#)k|N*gHKzf-X(aeiLIr+QyObOh+X=|T@Ftnk_A
zJn<!Dj5URZ!))#IjuA6-M+$mcwNa7jCBrNUYHTUlb-mn-xAMP)tK~y`nfznV1-Y_+
z&kSwnFYvyJeI|`CL?y+@61=f$)4N<b>x`l<kKgIw(*_T~yu~mNkgAX!K!q=l<P*M)
zTU}Md%alF+jP+TQ3`|C$grepLrn4ATH4t8XP#V2tENov^H$3feEcbW=i7WLE3A=%i
zO)py&mU+O2r$qA$6uev{0(-E~4_`BW;YeS%D*l4PnIBNmfhy~%-$F`0-WuGwVUdKx
zo*MCYQIYu+sFg#8D`0b~x?2MRruvJGiRb<8`ptl@rOvL_i$e_Q-Vt3mCA?d+>Okk+
zW4`4t?3qmSM`>CS>~EC$<<KGO1K(aaJ)vK+0tYJwX_++4y9rS%p<h(T6Y6PCqaRCC
z_qa-Qe8+hK%N4-4GZ$V}H$7G_-6vS-aJm!2>OK4OxS*}-_+oP2P-YWhL+7!raB8n{
z6k-uQ<6$@oYw0>#Q6LQ5Yv2{#g5z7#_SG?$vJ-@X4W9iXN8a|Hzv5~ebpEVwMlLI6
zY8CIy+{1W#Ojz(6<@Vn&1rzlPa-V!4q}*5@SVQ~A;;Tmb*mS}sX4d(H&tLuO=$tH*
zcP_A^dnmg6h0Rw(F_<jH@W<Jnv1d-Z`*I;eD0KZsM97r05hXc}3U;-Bx1jD$6KOOg
zPR%$3Ny#6Bruc<cLC1^r@T#XBiczoG#t%?TN)2fyDdEvrwGgTk`U+9?9ZExDsCaLo
zFT;8P-cqfF?Ap=`yf<q45suVZ*XahfLxBcK3%)Y>pCPL5SoPgOaW7bXig5iY7S!Id
z6HOI+)bT)yuWB+iEou9)b${`Ncg?o9g5|5~u!6hz5KlmxR`K0}v~kKmjZKv@_+WKq
zxC_e`woj?c;FQLJQ-j5TKI<=L`vNnIlf>H1ho6=Su9kd(|8(c%6=GsNb{0S{@2C5(
z4kM0+yc?)rSiIzgUB%vTA{R9#my^#|^GH=WgF()c@_@MAy<lOIL@``J#SdNfn;rbW
zn{y^9%_umyhps&*sAefH!>M(voIy6Ab``H)SfQ<jiF$kU<Dn_-BZarRm8|*=a(+K;
z@m0lz)~#B^Xf52oJG>e28bu}7N+gZ_e!bV%H6y>-A1mFNw2vKAKy6+xzy+^`qJzs*
zGL~M=ZG07-`+1uXlag14wVYmqqsAkndO4wRu`<c>gy;rgx(D^Yx~-s|ak$G5W0J;Q
z-8yHfA)aA*8QIlZ9ua|XI${&;6yJp&!jbR5S6Nck<J!va^Jx_u*5%)2{xyz|e=QGu
z2f{C8kLGYnWeGfj?N|r)@5FOv9Te5Ps)F9@oaykY$e{l3zB!FR&dqa;h2y04*|*p9
zsOI$G<fpjuQ6E*i2-{3#A??vu6(?BayK1H9xAH;WlrXN!|Iu-OcLp%D4clm_&Vgi#
zS~Dak=SRtz5{MD4;zSYzuT3iEmGk}I0!~VrQ>Blpaz$|`tO3c7+|VlWUaR@b4W*HH
zTnS~VR}k%1@vCZBQ27V(cjLv0e=b@4=Yqk1u3NDFpRRuVFWr7%V`csC+YkSI|NrUw
z0}BTmC;R{P{==h-noR2DCnDKFso(97$I11ajEfSVHE~<T=?m1^Mizlr&-rx`p%SF#
zYa$))pwKTop#;)6Ua`W`BRipxH=-jxm+BR?t4Um~-oT3au`a)Hr3Q6PULd!~-^sBo
zE(cnn$LvmYH_724$<>vEMM+614zY^gTS~wS!qSc&<E%e9%k~MU@b+gF^Ok===of-_
zbLNV<WcfnKq?y82%V>a{T=8{}znv?x_^9NaZ=GIFF2BS5y(_-#As)GIV;NYBPcZn6
zZQK^YSW6RP;JwA$ulTRGyIuR7J6Y!_c|{*p#Rowa1J=@!fBAlEgmqE!QDl50(xh7s
zt-7KEQ^-WKaJU<V#ERh`s`3MGZxNlB+lA8Sgi)m*jkCG@vQcyhx92Mq!pJs4^D`?e
zv#YC{^I|0H?-5hY$+6&8L5^lIQj)V@b)o~gibxn5kE}GDyxnD>=}XyvO-9es8@DrC
zDdq_wmwS9A8RiIE;9~z`wv%}NQDmWuCt2HAhm8e`pPD!O`~yR<FW6TjQB^5LQ|p(Z
z+G}TPP2hQTcvQcu@f@>Tdhg5-8+(fd$7!zSK_5AJ(-2XHp?m#gS|9nh`|u?42hH;^
zZ0MfZsAaB;^_RsGhn}sQ_vQ7a+Rbj`^Z2*`t`$m7d|UDogkRz11CaKDt(zU@d~JJW
zl6lc%V+RL6;xzd3=j-`?WOejmBO)W^Ty7~~;6L;a#WABQOv;y^mRZkoy59Y9Jzg_D
z=|kqkkNbhB8UZ&!`yJ@A15>zCc^c7QSh&{S{tzF()h*a++EEL}S&UCzLtK^*jPi81
z`_3diV1N_E-pPz=e{MghvViDj9ihHSu3wj{%(1Q;cL4t{!c6dbwi=M<WpA@plGF^8
zMJ{kU{<9TX`&+k~^I+P#!cX!c4P+;hY*-DFRI=)cEf%Ep*w_Q4uaQ>bfrN8Aq8HrV
zWDRAlt=$D8i;Igw%tntKy(O+<;%Q4h5!A>IH~Cz1)3nZY1!C;5n*FfTgl2MkTzs6s
zGj2r;DNRFqYWk|0@`C)e3!6as<8b-wfeRaPC$$h1>M43}9i@~O_gCnh$n&Y-!nlp=
zmJZHgcW5-gvd!B~o=|O7g|(f{>GAoWS3D!trrFABn6<Jz>KY-K=*H-I1e+T)uwWD0
zi!+5jbY{7tAQSbv{3mVyZeyE`xx({{=2uqGq9Bva?fhhuvzU4s#tOfWM?(C?5JJ#Z
zBIUQu8sgm&nr`J&l<4uX@vN+@43lOaJY`>C=<aSicwzd$u@{S6QTDFIbfig~hRvgS
zZ;2(FtdoLON#ZW(GE%ULo{q-S!ona%<K!$s_HJ|T0YYM5lp^|hJgMr$L0vN}hM{6-
z+wr!&mZb5EF23d;4Kqx0&hpdatEr+^H=pMI1+g4=szjO}E^@k%(Jh2qQr~iKTmo$N
z_O|RTX|f%}G;^ft6g@XMd}ci+=J(S}=|J0#G|yn9En$a@RV(-)kz8&r6`!IKFE(k0
zXg^u{p5S9e;?>IfTZW{TZFs$HH;#3lHP~Vx=Lkxcx+b{lcVYfGvb$_197cv;QN5j?
zp{G7^HWHsf5xUr_3y7Fr{KE2uD?o7}e`|4>(8KI?yXX=ya|;7il0Io{S3rXt3kwZJ
z+Cu)o%~$X<+bQ9M??q?na$O-7b-V0aXjsr>ayACWOwv?4j+e}uuxt9yRFcYwea(X%
za(*x+XaF;YqdvZr!K@zTIZ}iiOP1-Hs48MDJY@7KJd;#Jq2t6r*vY_!IC|%CnBt#-
z3Q0FYTIKu)58~l@V5|&{Bof#@u@f3I5sweLxu=;3OJ)j3ipj*CuP{M8YtBt4E%D^q
ztB!3C;ow}jiw8aud7iG`Bt|1cHUl-FZNCjt^H=+aOrI)v#pV$b+D74->(DCwJ(*gn
zir%V<f<W>THtvYLJgP!A^-!DZ($-h#9%3wfiZN#K%f;#x&iHJT<I6|e0+({;wAM_T
zAG+MSO3_HKdcTCZ4wS3<=Dl$E3EiujRrOR1#RV4J)$j$!6bi&_Q>&F?BcN-@b{{gE
zD_W3WdrXfvb<M-HhZp5o*85lcm1Do8lj(X3K#_|+b`TAf3Ti?qZFw3|WoD@Oo_-Lj
zM)Sd}`L7|Ag4_l+SqM~{1~nzb(_O{e50yJzsSj0pyQv?9nrr}D1PcTyCu{#q_Rw$&
zL776lv*260+cHGaoir<-bv{C?BJ@6Y1?~8=b1W}MZww{Ury)!_j6G4Iw^samS7C8f
z0hO5@T`7Ow-g#C4BS<nuAkyTV=mXI?dNZ^lqkDn|bWtuM)8@d1f4&YBY^p_7-|ck{
zt3-?J2dPRys+K}@9cgMt_7>-y@g0jhwCMO`UiqT#u#>&5ZjNun{ll)tS3@I^=J%GI
z(aN8A(=FQ_+tb$2i3i&4Q3&&{jf;Aeq}z?AZ_*f04*erD766EfInc`J)nt1)7S)Lo
zSJUVW6OjK?oxo_M*^JyBUegtK(i+hI*s2aI;%=W$qwZEG90Ya%I1ME+4&8;wqM7~>
z9A5V7!4_TiB3?RwZ6kf+V_rQNKYA^zY?4S88WH<*J=%!zB6x!I+Je1|$pW}F*_SWw
z$U*Tg=bGmiqL<sgEc%fp1p(L;5D;9m`y0PE)=$kP{(WjdU>L=(#b^8x>!U1vQgQ(D
zf^P@I5LY68rNc&6K_Q-@jWk?J();!0#f_Jf^K@x`xm2anl$Qw|aJcSK{8uoLkFjjD
z)|RI7yvkl_nFHrjA;}I)vQcwW8Mkap3PWni=kVZQEveK>xU|y2cCJy&Vg7WvmWqn1
z1A0xMolB|vHS)(}VdmS(lJissx71gjuY2B%GaI>!RkG8HljGxbj5J<0Q-j?>L33l@
zeV9;F!S4<xv#^;A5K&NKxEAY1uo9A9z^4rPZN5IobU?2|^`~!Tsbixmd^XYe>wcJ&
zq?;EBUsr0@4h;{34pCFt1v&Cj(N)e+|K~jAYJ|{_!3ej6=**~bRt>^#`jrUAjTi$K
zMvYizdL)pXk(RNhy0Xa8+tM?g=EtNyY(;5F$#%SYW;}ID#24Iy;w^%$eXJs6=@~tl
z1q1mLWMiL7fSY0LT<-nS8%YV8D&CSiFQp(fh7c2VSy|OLso0#$s}We$iOh}>LPa?_
zL`1|gwTizF(jMpDFFBFPmd&^s>B4dcn<YO%uz}CXX_be^e19J)E)JB77zPLtT#p<b
zQDNQ94iop>e!M;y5Yhu+K{0TzzP|qB<6~-SDtajCNF%`E9;+T>^@nkKFaBir^jJeo
zOpL6oY{2{U=gkz~WtCprO$dtM)71cq&<kw3zb%|`Nje7t+DK7R(HC5zw(|1w_IBPz
z-hF?4SKEP<^*HQR+osl`%JinYv4}uyMx3|Qw6x`gg|}M=|JyB}%hgC`(22rOH4zeG
zXLO2Yn_619I5|z8)j>l|Em^TL)?D4Bkl8AoR}RFJU(Z=Uu(3y|eq`zE^VUH+<K@gu
zT?<#NwY@6cdN>4j+NIcU!b3z}o}R6>wJ7xDz4mr?cJ}r|Dz@nw0^`Ah82@BU|6{8T
z58&(jWq<>Dze}lB(eYO2ZNByZ%Gw!?t~=q&N5p2iBCCaKK~rf4H^SzWcNv?Cn5nF`
z*CI$AunwK!F}uz(Gc)msiDAZhbCBukN=v0G7p-Ge8mppzz|Dur3@jLfv&5xOcx>sy
zN!cRw+)7+;iA~kn`D6>@+Aar~sufvAFFS0;j3XVn#<=k8M`yEYg&XE(XAi=Qrwf=Y
zFpope>isJ_6P6>VyxmL*cU+SUJ!C1YskR}BX2GfOGSKP-9{(M(dsS-lyWF{}(yO3~
zPRQkt0XO2gI4PJ%DkOUR>dFDG2$AjFKiODaEw<JZYZAJD^tH5hz2UI#)@pFwI?nyE
z&y*Qs#>mk!9eJHkot(VLpc~tXagCVw1YSrsXIq@TtgJ@lS;iY{Ob{&X<poA>%5%Q!
zY$E^!qZ5G@T#{&0Or`h1<{^Ww#wW}{?7uF%KEe8}r1H5*xFI7T@!*ZVhAb$m(*IGt
z5G)fqB#vdpgW$q&zJdS!K28nY&%M!PDs;c?y#({9Ks7`qARJPfvFfV4uxCuxVWQ}e
z=fAddAV4S1^P<2%27}ze&i-cv&$RGRP-y(SgBDw|EjVF>$&>gKN7ps>*Fjl%{VxAZ
z6K+*R!DD~;#CX<DqOp89I|H2lMjES6)@WUwb+k~WpqiM<P>C&Zuql0^cR5((sH%$c
zVrZ}DuuXw3ao+6iEpPx1oTNf&z5t)e((bqubvUX7i~&5<_rL6U*eOQ=-AqJ;_(hE;
zCt0H8_DWvB1gf#IN;A-Dh=}u~J0FjHw~Ik~89J=yRz8{qAy9~!=zcRWe3zg96-`H#
zzqUn~Wh^l5<*y&hIHNN`G)-aZP*({CguqK#YZJlL-OzalhW`L-!|m^PSsF>%Gp%ym
z^A3rPj>n&DV>IQ*PafkJVr5aXtyF-|-4sUxB7T$n6q+AAB?O@+o?^T8oeg*q7!250
zX(s^+^{^gLOnYCymJ0Y;Rnnd3Q4c|YnRDCUw0->=?%}-v5!UTE^VjRzVPO(yf#1hK
z9O;M<k3eATYUIT#n)o;W>}R%#E#wgf_hZ{MVho2W4=li;1jr#1Vn72hLN#Vsy!7CW
zdLd585uGfaDbt5R9D&h?OM6IINyp1`yj`&NDf6Y{+-Vy2q5*(V)^2sO<a`|7S?#D{
zi1vv#ziuzRmy2z2c`kK0wSOSj@XsrwjMuk1t>$qs>JO_)prQ=92cqv$N&|Z#)^@M_
z<K06M5u;Y<d_<07LTv09BbYw`d6{Y({m(}8aFkw!=P%#>NrVX4YCsf++x?w1X-r&?
z)V(5W!*TRe+QT@8)oGkyPCKCI4lfR%!@e40(kR-xzA^XXn1g9|r(g%o3W>AR&W>>I
z(Uf%ujnrTq1sTbsVxh$0cxPS&xH<UR@RGaL-Ta`iYP4N0PbX70NI@SL3ee%^!2rZm
zjT<iyUMBJ&{-Dtu&oFt(q6^eh(J{WPuhVK=b}rF!Knyt-fW)$?(K*0q)RGmJV~Htt
zWdYEq&H+IGf5%pxFrm@^Uw?R6<C{nGqaK5yBpsmAo^Em)ttkDy`*UWi$f&+*)R^Yt
z;^KKP@1xUnS<%Zty5o_E{}P+qFs-b*@{$;*ZtI}3wnw|i>eN?15ugLBUC2EbEGjm@
zKb@l+8sz3)q4Bnx25Oy~DL*eS8WIUyuo|X4E!G0t++O4FIptW!ulL=isMy&Tk~KPB
zO$u>Vf;l$tJVs<`?CosUJI#kX=!C+@y9vL>WY%4kIdlV`=AJPBOfpp4EcsIf?*#Vd
z`@v+3A1-qIaXdZx98mlS`~jN<?DX1mAA-=|anAE^roCB1vWAOxnq|8%u#8fa5Qy35
zc3z3hq*jpkfiHn<3*McbRo;fKDy#v1Bl7WiB`Pf`P%==Cf}U+LQQB%YP1t%0Yq31r
z^_FxsP}MzkKB32}dUx+iYjMzUk0<2;gilfr@C`igl84@TlLM%0Kh`tzx5shd#=;~3
zF^;eFsprm)(S4c<_KffnfN+O&Yz$yjN6c7wxMbJ0Pla;05Fs9(Bq{sEPavvgh#t<B
zINL%IvDGI8FCp!u<N~dFTI635mN&jdMFoWd!7I@#a3F6C2OEzdfZAcT8NuGe+WNcF
z*|8f@Ub{~&IYhN%QCWmgSmG__Z(uCvlX)-WIWXCTePm<;x!pBPVX(*hmmdq%%D)Ly
zfdmi|=1?2L!C_*k@*_HT`Mr(Y+}tRm&?+0M>xTqHL`e1ePvmIvL;lV(Ns8UQj)JqT
z?-LAmj4m`a*}J2}m{;&cv(E!G=tt*kIrs`l)K*2Agica(wKR=QskoIZ_n0mVo|!p$
zzEn|-m3bxKXe}jC4?Sccqy3B#;0QY^>Bi~fVK!`h=m=}Kz_QU$fd`nHnmPst@0J{3
zC3D$tebD!O$>lwl@s_t^_@j6KjQupS{0Tl*M)eRO$4ZTsbOiRdxv6>X0^i3tP6OZf
zxdL?5TZGogxaXZBDn$INr$LEUKdf<g9&W&#rpi@mu*rMV<G0tlM)hD1TU%u@F!#^i
zFJr0xJNRzzl&}&ZAi)LViK{xmAQL7^F4*+wD=I>#uj3}9&5vSf)59bVsMy8?5*cCR
zj#`kC@NjTYAd7SrcNX(*l319T@|0l6v%~=A*g%GO^S@<?|0^b&wx`O^!Eq1DI$Jn>
zo^SSx=}3!<&0Sa4*Qwq`8D!@y*_&ObOn4dyGIlpMI(uq9oB>S!&y|KfjrIcv7SB)`
zcnOMfk#~$CA!5|Tg5JS`4aqy~bbK(ANlBNw#NiBZD%$jXW5zT!RTa=Cfn204&s*<O
zB55@%3fG`anaL1|fttQBf!>@utOvOhwMxZJn>gyf7L}OEkcnbd)RY$|m)!YX;&VA%
zs#M+!mE!2Up1(XjiO(aJ&ec%!(XQp6ogBow4D=UmzXSE3uW>zUM@MNIOFdj&?bqug
zSZj7kuXX_ltFV_tR75WBpv3$0;5E)440|$n4hVE;jqyP_N_IJXzwY$DKf&Y}lDe~d
zW&~ALm(mQYyU@{jFWDw^Se><^`zWva@Sy8dRO&iuhTM7FQj<88#xQXK$wd9^1Lb$<
zm?`Q{uudKRyaP0rQ0BVL=Y`($^TR_!M=?hN{C>TJ@Z0*FHwf5Fvzjv@tC3}=sS3{^
z-SLDxE^SoHCo14W2AP4<l6A){&R*X<Jw5+Tr{OmE6o>2%=-ma`8+v0W!2uEmn1xzT
zmfSQ1!5EDgr`12WQ<P&%!Mcu5PEVx-jMxPPF6_aP*%}*;e<lgX#m9f|pop%lu&K%e
zXI4(n%q$$N`jU|(+4riNM6+?9pfG%3L8~pR6EDZY&dLfN9BE#dM9oN7nGgLujX;Ao
zu|bnc87v|IHPA4>lju~IH6`hE?%gC^L@$mJBPLtAjTM_vbd%0k54(pp7h-rb?urfD
zNHYg=54pGE4XF(T*(T`x%N5f-U&d<<ds3C<nEF6^!GsLJFftvNi)dv;o=s@d#Ra4)
zkQ#w>VYBfP_3dVFft^5QN@ENvDhp~Gwv)zfVWTwhk6JNobb%e;gA%0^E+A6WNlQ!3
zHpe7!M~!x!2CFn8OezYp{AbK5F2Tdy-S>_ZW!wE^)2SNAKY`fw;tmePCupJ&x>gQ>
zgt~6N;!M|C^r}4c00{tvF#32$bB!R`32$nB$05(Vt9aML`n{vUl?}1~4a~}T8dLq6
zazcKxzsoo3RCDeWgMO@N^HNno*ZjxMeAsw&V!zvW$<+~a3|*dmD{sm!n1La%h=8~G
zyy5|c?#KL+W~?k%V&E5VAjfCpgbq4LkYL!=CwW`a9k~TUT_n-R=1g7cSeJ=MerRM`
zU7;rL(`?z_nM8If-J<0c1D>eEkc}%pn<W=1JQ6J_i&w^IKpss^EW%R`u2ukKxBHql
z#~8L06GQ0qSfJ2KX)Lv|wkFvlO%WA|ce-(>SV2#L4I(?I+^p1;|Eli&{k{2-IYyP_
zti%cHGmd(^9V8*u(FXuMmaG#-h@trG3iFy1B7Lfuj1wsI(`TfcV96evL~GL*$ACh5
zGUI<j`v0eg1bMp@+0Sa6Kd@}voz0@td=FGtJuDlw8h;I_bP}-Uu>z{RK(4WBW1<u_
zJT7Rb>OQL(3o}iNSC;pnpupJbdr1@3acfw8Jqsely_3gRRGoaW?08gg^1kyTE<_(+
zUp)u8mJ`>(j49FgT)zlMiFR>eqZyDA_C^h7>zA|GM1eS^VSk`1zP+1uH9Ik;J;y?B
zDfR3wNAD(@VFT^TYYj0_hH9iFl#b;<+yfC2pP!wZSe&OIP0C2yttRx1onZee(gv0)
zTQRrr8%7lcWkj)7?aD-{5HF!vv1BDCN9t5V&Tb{Cv6|vDxl%b7WwLmN3jSBX*RQ`8
z5Oc9TLcs~xiR4|LCH+$O#uI6l=-6(L1K!LzNRpPcc*otN0e)Z>G}Y93e3!LcGRR?`
zx#+_r;!^LWdDWuRyYx%wzd}^yR5T7$NyJ3De-<}l1(|eRw?z<w2?7XCTthggcw|LD
zq1ao(Tu?$NJYVyMXmn0nsHhc)Is`J4@0T_P)ReQG6u<z>aofgZ3J~#a8H#&flV*M#
zUcBR2ix{H~IULg;ryq+7qa<>A3u_4)qPaQAz`4JaTPe<xaNLh}ek5xllm2^QA9-A;
zr2q1h!PFdxj{|76=?ZQqzBd@kh(^U2MS)`1&G6<R1L%@zR~M;Y$3=14EE?9YqsW+7
z4BP(+G6$KlN#AJB$c$q07S~kQ3376Bee3(T2Fd09<po(SWQF>2?pvA|ieJ0b2NR|A
zsdCXp=>U^aP$Bn!nwT~gwHlU!OvME<iv#fB|4^q@^@;VrlE?0IV;o{*=)=dI9CP><
z$ZObtq}17H^Gsvyih?*lzpJ{jFxT#ND3TGEplG|%eECZ39s$B?_zpcJ$z8roQ}g-_
zTC&<Pica$S0<dA{uh)Zp<cww@$tS4f<=&#$+i?AbH3iwzy17)e`SUBkFSrLWe`=!L
zlYuraKx}~g;_!{@e5J?#bnB~q?%iS<DCg&fBJu@+DvPf7$pc2S`qYp!X(vBZ7oSpi
z$#O+^LhkUfr{6H%U!xz1oQFtJ!wXOeOr-N2SDx9&^3z4HLB$guMd+Af>D5FNV{^<!
z?{N%GwPn=mt7b<awJC8NYmTlaFqE^%)HM0xCqO5>fgI3_rGT|Gw^q|4=L7<V)c=6-
zUSsU^$e~BRoZk(n+Qe}sJ_bKR04jw97KXM_yDLvV;w<iyX4}}g*dN%hCMWQD)_(+C
za4}<w^>|nT7F|eQgEzUDb0u1t3=(A>r5>+a1C~F3z8NtVnbarKk-#w%#_gte$ow@X
zuLXiYYJQr|3i1FS2&9SXZ3;2hnLm;a&ZQ01%$9;cuuCQ^mTbL_Z}jO&mVcqAiKq@!
zG0x8Q)Vq}Bbj-lbm^BIgRyb)H5fN^|17rsfQ0an;9#d?|AP8udJ*e{We$C3%b!!(<
zX5+XoY%89${XJ>IKn$Xi9%~%ye;@PwKc-s0;NfE!_2Dvngaib-j!KJ)R5gTnc<!&1
z$3QW7>J_Tn`~G|7c?lC<X6<Q1Y9m4F?!`r}(8uw#8OZ$~966=+7w(32Y=p(6{R4np
zE=xNL(ck~>?~k8+MgOJTV*w<^US|9A$Bo*s8;>_(*_^=w6yI`kXz4FO{%dfUsz1Q*
z{+^2)5e~^Pf1H6Gz~^yk2ugs}h=_@Ma9qoqYy637$91Ma*y3_<6O%(ztY1kih8Ubi
z_*JvVA10Ug`9o}hf1F7Rlw5<LMlxD$&3fJH_<9;%X^8+p>Ky{2#{Qzf7|nP`IY9q?
zAB3_5_bw#bw#?Ww+>tTUl0gth0OXG2^<Q<?*UAh^@%eXl!(Tq1#;sd*Z~>qi0LU{t
z!Jn`|8z19pmn=_?O`$CV_74Jdv}Kjy3vm|mDJeOT_s1%%lfe{(jZj7Hljn1Pn<_?w
z!%9HZ#j-l)pHqphDhla_fj{4&2tA8!hix;gyBB0<*^K<5EgrQ!^fpzCT_NG$)tM=#
zJHkbQv_>hMJ@`34do^;}8chT6OwZ@SfoCQY;AAv#-)v}rPhNId!}FtqM#0td?z71F
z^X)fDw3L*Ta>x;$`Aq1|_V&-MBlo@qP=Y9d%ZP}P?|Aw^=p1l=kF*e|013DXNj9pl
zttCe4P5d}y*FMpsJ)0MyfVYm5jQ#GwQ}_YOK3mySj;&0;Uw1<&?AEL5=)}J~Jj6d|
z$S)<O22+;+0w@NrRAB4r<b0d#hKZ^IFzTEn@gYYYy9K+!u3~#}MYw5qj_)L+;at#9
z-oX)hHh+U&LjbPf*s8qj(4U}65eSIF%~)M9V#L@hghk&FnC?R@l<hFDuaXwQNJ~yF
zJm?$1NDiWEF54{{kW$<(TCO!zCDB*Y10QsDcG;Zr{9++Y<(tibp?ktFD2N6%*uI_V
zKKyj&WR0hvh&LT(5;~K=vOcVse(X>MN~UPSOoSobmF73?MjYFnZrzg&yM1Nyg89}Y
z$kd==o0JKOh-5(ccxh&3e?i;Y3IUMH8&QjKXn@!*j={ywDPx!m+R`;X0)nc_cv21I
z^&?8BZ-Wc}`k>VHJK=berVGk<f1*Z!v_u5y;rH%xEviBvDd)(`aZasgSaFLS%dT1S
zPB*B2P49-xgg79HqYM^F8Ex3<8FUDJGyp**Kprz>#Rr%>Erd1?onHYbDFc-xfIwi6
z(bowbUXa$0_Ks)%0d97DO8de`gxS?v2Igy;8G-tt=(eJjf}g?eW3HA_yGzZS-d%{&
z3~nEPt)MN7mzPZptGL=ty;G1}1ii-S0jHd{SQzt-6c_fvXYE%X78_lIZpTq9z}qpM
zU{I{HL)*5tv%|;7&q~`uZIUh0Zp<kPk}N9F++aO+4IzWgdv!B^Cex;;Q(^xnBbx>V
zxv~GZ)t7j&>n!u~uymOv=U;?0CFXLU*xUO}2K4w*x<lut=s4C(Rp!{ya0c|-@z+Ch
zI}=rXp-n-$<?plO!>rI3SjV}XNE!+8@$m@>pb9~-P0(%Uo0;~wRE#2v#_>$dM?|}H
zPi_wA>Vo#c!Fm^YIn{5Qd_PZ59BxH<`5<%X3=VPzO2FS>m+)WwKAh3!XC?2i4IC_R
zM4R|THV*gq_d)wnQE*S@?ql@pe=IRf<rTUzBMD)DCY^%14Qt2V)r)-XfX^R|z?=Fq
ztlG+RDuE78nW*lX2Nf$`XlUr6p&=Zz)N>v7=z7XxSeS}O0qf2j!^GPve!g1z7{q;Z
z^S0uQQI6$zbsxwPWm=S!?~6cS!aHja|D}-A(%k&6l3Y-e@RQ_l+o5_}Q!E&h7UTcH
z+B-&97DZcwNh-FJiczs$si<Pxwo|cfvtrw}lL~HZ+xAVx>|5`BdSmqH*F8r6x%bb(
z-sh~nFz4Lsl#S6<`KqZTqR`d&^c=)oVYWu&Pt#3DTDannP_>G?y1GJuBnvou$5UET
zT9A>aF4zzK5QYPD96z>?liM{WOp!#BCyP}XOc$#UIeuX|vD`VWT|4*huW&znLFjg&
zpxz6#^s(9^$GJ}IM81yoaxQJ^fsM;s)y3h8(jJOv^N|rUiGrDo>vZ)IHHPD56|%la
zcs9j3uLj+0SC;6EY!nSN&jAFCeuMU=9@MCILDl)98tYlkCReVOd-jCGB(slozZwXd
z0_e~Tr#`(oy!1sEwa)>&58#_AG2JhlrfavVR{`tK+A8#*w|8RDu0p2IqXXBchwhVV
zn3g?97edv>Hbz_Q?%g4W*R<fhj$=$M<AMV1_son8cD%`(o129N%ueGJ7f{r=A!pL>
zxw~8y#587-!8at)+0ux<k4xT|U7jnp4l9S@2|i3R`53VKJXO1uwWP4pnQoV`Hd&h6
z4Cf5U|4>_7u{d|L)p?&xZ5Zonu(|W&qDVo$E~T1pHgnVMu-@RO1XoU2Lzl+%s%%wJ
zS8r`?eZ0SqiHmFGG1FWoQ`lhH`q?WFRI(F$i|A&CunbPnXuT2F7|O_(yR575DneLd
ztDy8!OL!IVeU*13+Q8;uUTDj96DDn?e?6DAE=(+3wt0Ht%I#`3d^8I#DZ4(g6U~f5
z3s@jxybfL-^?N<f{kZ=taN))eRvRXz1C?B<<`;_roGm_275V&wvFZDCoqNI8bN%=8
zWqiBmmFaX5L+QF^^OoUdxZOhRVc>(IWck-DClQZVR*l!(dU0c~>>A3~O(t7{);P&O
zDhn;@Mv)dZtd+`m`1qrQ#%>^fw8|o%MvPtKN0wyl_o9Ii0+yD5aME4>I?wuOOV!6%
z%c2zhbQne>;vosT2qR1-N1}X0#JF}IVn-LD=krNFai8O#_+x^gDfrHBO@80-aDUvL
z4^sq7Ya_7PjCCpXnGW7W*6p<>KeJx1oWYfcPWrr`&V>@y%X`Sv@Vq~uis+2JC_#4k
zfk<eCSh6hIS|;v)NpuqM5<Ki?>P8iPMJU{_Vj$GtxiLbxT^m(XUVeIUv2f~~n3zbQ
z@;?Tj#*y|DQ{Vc&glo=z&^{{s+ivItnGHE0Jw(2opP3gd>_kBdgL9KQ7bqb8tKT+c
z2bD^SCm2TjaB}dRnwZZC@^I;jQm`P}2)8Djv)m)@6qSE7X>aexfD14@kJH_V;Jd>N
zIsn2%25N}75Sb*>7{5kERkgXLB{I)*cL_}TRLdf=o<<J8O%zkS^=Up9_kz9rJeZub
zv*lO*_e$#QGvectog2d?J{s9k`9y`#FYo2T#^J~*ifTwr`^wvuJqZqIWrMwCkd6A@
z@40(g;dAEVEH&Y*T@U4dOAStx*QzPvM+vDcYES{K_)KalD(qZbk9T*`F)@>j=aAOv
z7J@V->i-<52yoI&KtV_2y{e)(y5G_Uk%7VHwkXw32b%+om?H;=PnKqiX0qSVc}|u_
z)*<dH@9oY5uescUwQX}}gruo&3g_+@U)`_Cq0g|f@D+RZKemt8+P&F40Ow7<;RiBA
z5`;LoMmZKl<p4MkAB%;Vnwn~CUA1T>E+)nt)5T$?IVYt227<Y004q52C2h@}ihL`E
zAx3S|_3IR!F4x#rwuAa?#c2hHRL|u~84Zzah=(Il3(&TNVZb<JyKg#dS=w2oH9|eO
zow`W@a|AR)Wg@vP_$3e+zZVF}irez@1q)~WjePq64P>1PI`e9RnA-5AqYs4JC<H&H
z)*6RNXVw2%7kE0fYIPoN4TefT)IK?G_jyUHJnWjo)Ai>w)k2W|;Pf43h3I<tpUj8;
z#a~#yq`raQ3-A+|N$yeZ#f{f#QuJ`9!F4cm-lu}n#*P}2E?^$#61SvSN`%B5G&R2}
zPSlobE;T=4;w<yS0Dkew+7;uH-aQbz1tPQN1-vu)h+x*P*UNb)X{X2%d+6MVOtQEg
z>+K)mu`A+>%!&|)2jvz^c`7J~Ao2KourC@@MTrk;)9{~O3So}dAc)7oz`BG$yHifY
z?!CNtHfw=oDOI2noznW!mbT0jx|as2S5yRPc)6@5F&l!3zPPZY8l7JeyL-PXwg-ED
zJb!>P5&0MUs>}J03I|>MY12r}#w9X^EEfAz>R2mahN8$XfXV9~g@K4e)dPeg!Lofa
zxm8LG$kj(V%SY^i;@vO5PSedlOa&+ASlq6qc0JKswxX8Pk-aZFt=jbX&9J?eR(Mqf
zy|i~1Yf0J}miu-YDVc_}Aa;K%gV>^Gj*b{;m!ZLFh4yh~?CgB!{pjjA42p-p-YVlv
zP4Co+K^lNWa{kgSEghW+zx%!h#i$#cwEg{kNj_4Mdi~>^u3LKT4+y7c+{vHI23`t}
zf(1`vjdqffaGy|=<6;c`pP^}4Sr>Q~k0)C{KN0u~RyR{Vk?Lh+-t5BLauD{kA###U
zQ&UowmX>ZmLk(67M4xganDn}EiHLlwx+!|<sTu%<MLmCBK4o-nDL>4~y6S%7Dm%B*
zK<={tihPFR7{_LS0AQ++vv$=ypp(2-K9sZ!F14s@y`=ab8dL;uUWCxZQw9&L$&sgo
zl7rmQt{t4gY8l{pD5t!f<_R;ogk0*7^p$e`hOrgb<!9iLRKbIllG_MtecM%(;#wo<
zAr)<#AOuHAA^dbOHKp(~Mj3aVjNS9io^n0M$2~bcKcBP6(AK7_tTaAj%3ZA5w@Y?Q
z^seNkJTO}fxtoyDaFvr2R79hM{~rXpIs2~7_?Ve2P$n1ahH_;iCMM?o@zKrIRgFDG
zr1b?9$5#0IA~%r|?F&~QH8nXO`eBQ9K|3Vzo-%DT+2)LVD|wd=PEM$oN~Ma01~qhb
zvo*6Fdl`SU?2cUyMU9W`;nnU9&C?M>=&iy2TklNKmb-Sz=94N>>ARxt2LS=#HZN=I
z>!6gf-np`(f|izctW>oH@tZ9+SM2)mHv?K`(lqR;oBoV)Y=L#WrQ^ZD!J8XqPH&B-
za3XDOZIF<zJ{rG7wYP}E76X*{41+R6W~{7VF&sRr6n{@aN`jJ-5|Fl}-ooVvp_-k%
ze4JY4B5tuBbO8^5VgFyg06FD7meG8X7D6zNC1>vFh+c`qauBXKFfQiY+vYGOG?h_!
zA;fYTqZs^m+_GDP6TOvw$JAG|5tN&zoK7|@2u*ymZXb1^HmlcY#8BqF&PYqkI;DXM
z5lyWLo)}*or=y+4B6C#~#>aLDXT?iONm*SnG%tm}<j|_Fns6jo4f$Vn@+UBLQLryH
zQ(Mb?4Ngr(T>MyOdhXPjqq$iPZzDDWP<A!ASv;`T;YlzwOce<Y;vk-0^ijj&l;>yi
zI!ds29oz?-K^0{49!{^f+u<;e>!q?ad&xTrGIF-VW4~_USG>;?XT)S2M!o)BnQK5*
ze}Cc3;>t?e)^|}*+CM~UbHBZ$(@7LF2BNhHLPJGYR(2cTAexxyD&vziW63)eq8CE|
z_D?4fD{byo-ddI*@R{w*<Z&ygE?w_s>5`}S<(@|k4@?r#Z1GrsW*3xnA-CGBi-v(P
zTgZ?KX<3dxs9}kT$_dN1c{_Wa&^p^O@^?U_6QxSi?EN9|?~G`uxWU6vSJ_0c2!brZ
zJb<7*GiMpAv&6ca5fDJ{S>jGJ7K=%>?I#fiE9h`?<soN>_*sX%TTutm7dvz^Rd-W&
zA&9;7$zrZv-GVO<#_nIO`I-#^?4AVQqU0?%A*j#3vgiBg>3wi*+ub3w!IJAoG%ope
z5(SSztAW@(d10XeAX68!>YiqRFuc?}TSNFB42tsI5SL?~BM4ZezUJ8p_B`KZuZem9
zIh+R1uK?T|b$!1euYfODjlrb^ayTD+H$u#|F=HSY!~Xr`D_1k9@-4vKMS@os5;9#T
zi)7I)o%U4vj_E@e%FoL4EK|Qfjz-N$Pdj8NWYn;=BSogjzq<!55MmmU94gfh&v8>U
zMJ4azQr_L=1E+y$yU`VM2on~|idVJWgcXC<bY6PuZ&)oRqTB1uktC$q6fDUV_l;L_
z2EBWCE=TXU9R14x4T#bChr{-QO4=&>RAqCAl{qUC3Vu>J(+y;(8j9j#vunI*aL1(*
zV#$9LS4kQH3L`w?TuxEp$LPFs5<XsL*;gV$&~8AKIPa%X;+t8I-k({4mS|`ki^d4d
z?CkV4qL}jvETkuprd9^7x9LX1sf0Ap2slBEeU$~#&0z*u#Q7w92Oun2LmI@Oxc=CS
zhN5xG*6=kWw@R*%=EVp{cGm!whn2<^hvU8Plk>7Di19|VK5ysb=s5>s#j>jLi$R4!
z_1K5ws`9e@@pV6Nfq<NbKNXd<|Mf)ubgMcqEltC3e*!zU!mpf*I|RZr7PU*BKpb7!
z^yp-<Cs_hDh&Uhcx0Kl8_r;__1*Cac<z_r!hW(kJJ75FEGVv(M@QBd*V|MQ@&XXXc
z$@Ek8bK0#6o^zA4Wo|(kGSLXBeFc<>vpr?=IJnKG>B*;GaaAkG%sMJNA#k=IVkJ|X
zn;y@IgFqt+?{|<Rq($TYvtBSG!0ZnWreR67f?!-Jy#w1I;o}p^$B~0llA02WK`8Yq
z5-jtjMTDgVF3|IRdfWCiW*R(8f_`7Wd$cF*3X`R)c+@<SP~SDKtlmMmy{SpZ&f85E
z0WMY;*XNyl35C<=ZVT>Q_R}e{o)t*_$7(oZ_|yU$1HUwv6tJR&?$a;w3GyTkY3a$b
z{szWT5GOy?`^zPvsKTM|J~Ux7EmY<xwJ1-&1MB*;Bjc#m0_2-O_-EVPdt0;-`VnfT
z#e%Ux3Uv$ne^}@hrm-TaR_LRLDdyQDp?!lhSvA=YG;7=qMLyS(vf;o5`Chuly{O3^
zq@`2mGB+2e>B&iQa_^DhStW53gi@Ky-Q^PpLsv;<d&ZCi5oF|6rpnY<j8|JAtE^pc
zMuFQ!EP(Hf0+XCS0eOHPFcXv6s;IA{WE5c}oj8rj({mxml9cfR8CLHAd^y$KZ9bp9
zyd>0MaEs|J6D^BA3=2=<bg-!9Vl;lzhiugd3)i(|s+zT`2Q~>g+*N~QH*&JVVRNn8
zgAh8&W#!eCIPWtbm|=U#IB%H0jsaYv!^2bsPR>z=x%Lj^<_w(<XBg%IH2!~g4B^FK
zt1N_LI>A2fQV?q}9$mJWP!Gq|k*?G6Gc!&PHH3x9Ij`H?3evVj_satb!AqhzY4UJ0
zll~y|rB%MXK;KEmNj*7BV`^u3d#;Dl?FmvbOgkXe9VxmN{j*Nza0REywd=YTQ1V;%
zFi1@MXQ%6KC@+B|kdW_6Xxksyl^5>&3o;cZX(Xi2f<{S1Hlglr?u3{zS>ZRMsKQT1
zdDudsPy06K6X(Iz8!$;Psj!2u#Vl-XV48F#`VsqcW}h;6B;j0gbkWy+_RH>`Gu>qz
zcpC^0Qw88c5ccB7wyQ1HfV*?kiRh<d&KziG%MHx;egsVG=1u2P6ZaF<W!#UA5F@Nc
z%*<@>Xcz%P0)Fo#GKT55;VCU@?jwBzWF#bGLum}Myp7pe8ZTKSnWA2=OD<pOP=@#Q
z6&vic%S*O*V-#glL@?7i1OE@Z)bEh()z!aB_8~3WWap7tu%1Tl+5@EjL_{6?Gq7fR
zcLSGA%*N@(<BgRjjOuOvzoJI}Eq?u9=@t;&CqC6qBh6q{xQFq3u+@J`ku-l7L>U)z
zG&n1=O;*toX0AH?7>N_kIBITfon{9vu_kP?<<@}IEFk&^J}R<0*JzxJbiXu$`264?
z+Am2?Jd5S`+S-pFyhj&O+i|jCAkV9})iZY?t?%=WBsZ%q!C+NUa+I>^g)-NwQ(!Iy
z9VWMAxAtQ`KLe}d9-*y_%Qq}%^`eq(a+LZ%?~S7z#k5UCKu~avkZl~+C|zppwhGL&
zK_U2oPMqt$#T4I@la2mO^EbnINq+upJYRmkgIG{Ly9`}PBIjA@a;St;wC78p#Sa_1
zYYju0brYKAG8y@KwppS&5X6p$fe*7SxEhZWXe7O=p2`aVIp?7}vV*k$d8Y)Ugi~$1
ziOXi8-!>pUgm}>hJtNBjM+!scQcKIEwyQ!(={gIv>(!>8i2RrDogCJ^<il2LaphzM
zHHF|rluxNbte$vzId}?`Aj$vp7s5bfPc;oG23jm{$SID@MNugjY*Mfyga9`nSimp}
zNQ*OegVx5B0p2A3{*UQo3%+GX1Ee(6q5~}D=axZXI<W=B5$rn1m@C<_0mAv}j%fC2
z53Pg5#Kl2iuYo~YJ#ludB0As5;v}K*kOZ?$7CIibqKb}Cs@Mcc&-C_%dl75q5!U_p
zqTxdN&FW(QVJga-q=BqLbYoC9n^HXA?8^jFIDvxfJBX8Z;BHDiDi@bd@G)>WAi-2N
zB7dQEr&md;cVzy@4^a55b|x83FqGikgV1UvN5hK<qGH|>Cf#8IGBA)LmTf(*ysqpf
zQOJv3ZhB-+-kf5q&7*Vc>2RVftW}pK8y}4nlE2u_mormKrDAT5ReHORvG|KTV&o`|
zI{BE^uhx&__Og@J+XKr`-ygaNo?zk{mH+XgB8=`3xn#L*sbAYy(-+odSP%(zA5OU?
zi50Q&@5Ivc?Gc)|^3CZpNb&mOg5-vcX-SwRzHQdA6Oqzc>H%a&=Qg#@66YKZc`f4d
z_o%3)OJA3~@`=HTaM}nHUcy+7Ba>#L$YJu+=Fs-U3%Pz^CU6%wH4)sy8Wm$ItBFKr
z(aeLJq7K2QiY=JECd5FZxXv>8qLKkIh+4{q#WEd-4YI44%~Ap|*y{{r^r~9pLDK_4
z;5TSlv8Uf8PJiYaeO*}Q+WF@sK{TE*1%lPx@9;IH2UV>VBX^Ctq`&=hGHVj`?!~Sk
zg%t8>=8Yw7S<dZge5RNHEL&L)>oDA7j9318{eRBK6f??;Yn{piX<lb;4zAUg$%2Np
zf4jp6hPYfs_vO^2t>2m{79`tT%TjWVJPcEndgh|pRTML8NiyPXwZxZ(h6F)_nF=;7
z#H$iBSOjz_+Xn}j)qYa1feKlSVKDrA6bpY2^NEEd*WxU#6w9gWljxynC1(Wf%tR2y
zG^eRyxujY6lulA41C4%LKB%tt;2J_BEzZeIIqTCulqMCX2;sfo3I8TYY$En7iwpw`
zr1lKg#EXkhX0K(91kjkh7Tu+SvUih5ifnuQYbZSClCz*%@vri<8?n9)hajsH+krtr
zN}%F}I!Qd*9;B4(u-SpP{2B$FWF{e2zv^2w;9rS#nj1XZ6Cu&33?;zi7zK*@pdN!T
z4VHUYpdnlOxX4x)KS@<VN^#Rp$}#SFG-A$U$gk;%u}Eh4ETRKa%p8|6jrGZ6_)cI5
zi5z6@@Bt}9<R%o8l@yVa4-tIGw6fcwl2jW*UZlI_QGBeIz0~+SMq_ByVrf#fG#2|2
z&wZ>Zhj70cGiT~xlR%Y==_WcLT;g=bMnEZH0IG#-oo4CxO{vCNlMlIDsJtby$tj>g
zf`PW0fS9;cHl3XUL(*AvDzz@8j(mu;Teq(OJvC8m;SOEK*)+un^hp1O&rwZfnf7&i
ziF-(dc3y2zR`MUV%%Et~BJXKVwnYFhIe)t5&h*W31LVQeoaSQ|g~nqsz1&}TnW+1x
z&@dW|JgHy-LjYx16>asn;>;v(;!Z@%sY#HePU}HK+P)U#Urvh|tDS6WSU!Dx-a&?q
z9JE!d1TBW1AR*x3*hw~2(x!f<!BC8yyh(o_q#6ls@W*W*gXV4xB*z448VV8;iHAK0
zZcAYBx^vb*3Lpk85q}kV%z=S|Xba-4;FcSa`r?bqe+gCMT)pJDPzts0^DRa9EFfdJ
z9~x6*@$PIIJCY$rd_*Zjz1#HPgBK@&j>z>rXvY5znRyqKSTf%X)RQ2qVcWE33cQeD
z`P#jLqp5H|l;jN}XhgoedD9S=u^&?w6H*PR3{=jwCp|cauq2nR`VOj6KM8(0{c{3E
zo)WP2l$nh+^q94$ti?tKS_E1PDs4QTjU7fmxGJ~Oc#^lm&tmZDJPD=5(#~V*!qYxC
zJp2S%mKgY6)Nr@ajd%aU9gng8fsbUEEONG)Yd|IHP4OnnNoQB2i}v#fOj!`?xE;lc
z^jA}`Ii#X9;he106RNlD&~EfG$^uiKz<R&WX3wsPc_b5I`jnO)pQs6dN*?%tqU^p&
zqU2os<UOWr8=5!x^No;Gj$M|N_S~Gv)XPe743W`g3AgkP^@=DCR`Vi8+t%)y`4uO}
zSS)>MJ<Uh;2jYBsQmicJR4aTOGVh*>?%CIDQy<=jkI52`Y|&izv~gc)kfXDH?KZ#&
zHow2H^@s&ASs+0W>??-|EFJdy@}LkXd*Bc^41)+p;U;XprF9YfCs%Yz?S7*8Zy5FE
z3+k)o)0LGKf<7}r;4raY*KN@D=ilqCSN&eE$6VjnSh5TC-sfzx3%`$XJDf#(MH%GG
z-<QOGk5`|*<`nU7?v$AL8$fYlpPOBAy6sPYS>Qt-3`pV6pXrDs(Dx|t#2251)=!Te
z1u&}D_&@&`nmz<tw_;iTZ+0uQ{_kGx|4+Tt*|=H%YcF+z)mVa7pifUh?w2;eD_As`
zUiH#+EY!Da#|x5pf|X}K64h^+^uH&sa#pt%X>lbhFUxlotD;l^M$<wsH|9n+kDck>
z&XLnOUe_h^`iy=$H(vP!nMG#4FMo4Wdp}KI2zRWGpg&faf8K+40O3AAE{AFO-=5bG
zH{%>%E_)5x&kqONQNOR$g7?>1di$545HnrpEF6@^_4fY+7vPuV(H;)T3C`m8ZTFtW
z-5CfDB8C#c=5KsTcN*HEE4k1wjr;8Jern^-!?tOWanuw$fcAxa`xCBHYW~JBZ`aIS
zVDGCYC&|VAhYhKH9x%SjrE5?6oh>m_H(zx*IkR|N{^l_b;n+;92baSEp$G$Sg}N;V
z$(g1qi47flI7VK!Ro53j9<}^1JolzKz>h?TmovRPMDyfxrVA#trcsPcR)4M#bKcxr
zg}Mrv-|5c+4cqRr813j68QNNo{%CWuW@9OM9-scLSZ!N-c2sc78?U@#m}htrC_0$(
zojgpT5!eCofNYN^Jj>JisQZ-}sia=8fqX39kkc%bI)6x4Y;YEQZD{9u3dTPju)>DX
zD7lP7>vwNobIobmwK8_i3)AmRsDnLXv?QoP4k!CzYhgWM=g~jnO-Uy3tYw?^_TLe$
zLZru%1aaN^(OyU;Sna$;ErV$-n@D)!n0K<tx`Z_jeqCT_emo1U1?K#@<;WdL1N(wb
zEod(8GiR30Yjmng;-5WY1cnXwGX;s+`*(yz#816a{@{2p1YwNGFR+Tt33do}V0Z}>
zZ^F3r@Us!`@ykLb!_zoqXzer!S-js8SXj9ehM>mD8a)_9+D0p)uuX1JO-D_>S*ec5
z-ZA|RIk7y_UpkRb^~<NRSAGk_Ht;|`5-s#-KmXMIyngxgtNawu--Z7cMt-MGvN}oz
zrb!z`l6+1N(XSQd&-^X7f<91%Q=*9h8(dI=UoJe9+52FDOu{sfR?`R#HB{KCpCOnO
zy`upZR@51)9u_<lo0MN93N^P}G(4Wn#k7np*LjX?1ge|t#`LQw$BAbYI@XwpF5Mm7
z4@nx`rq-Jx3y)phCWw)B02#@6xv2kiw&+idZ-VKBh6#{^->94H10YN}V86h_TEU?$
zWkQBf*08|A2IYTQ#Lgf`Oo&gG{Yjly$y*Nxp7IOASBjIAUnx@|1ACQ57@MXr5yykx
z!mOU5lIB)+IU6e<wd_Qi)MS=k3Rn;n!X>JXfYPW&{0M)=xnuhU^z*q0{nqtcT!QH5
zNT|P6=a0mG%J}p+eMUBz_T)4i!}($TlIzvicnpt6lT=2Mb^r9%^1cCMtDO|+9YY$X
zwsGOM8Hk-gVex$ook%dZMmHh29{)uY%b&T>kczii4!=@-E3(ma-HV%KkeW0p4<;VS
znP^C-C=E1)p@_?FHYci%^o)Hg^S@YlUO-uBmZZBdkhYC5w4r5zThj@F;pV3gMj-F>
zc*>0=o`QWJ1TI_@FIAu_G_wf>8=cNXpd0W7r{ts$2$x=bZBi%?$s!B_m<67MxgxTC
zK`^4NA__zbHRvi$dn_65E%5A4Dt%<Yn+fF6h^hu!P%#mXA7C#`Q0x7Lk}!_pG}TRr
za)maAxH08D*H+;^V^gQ+dd@?qoWo11hJ5G%6cO?m3Smdo!{ud+DuhqM45rA#{fePY
zNM=jOr^wJIwJuzIz1UR!O7)tIPvwH<A24<?#(_V2kGD*h^&ooHZ9N>%wqn<7)PIX>
z<*L-cD!toIaO0g@2p8vio5`_f=0rxEXkn;bX-(EdXI@ikH@Q*Tr2j`uW@3~>s{mTd
zNOPK7M?6P_|G_2#zu?D2O0Y$guASYVY2^$jI_!%dqhF5eW}NgdT9B5o0n0IeD9Im|
zmyz8jYsjGoH&gyZI&*BdBo~X`3*P_uM(DIw`HRq~oqU||w4`i5Wmxfwz>rZ}aczz9
zl9qv(`Z7$edL7APeZ*Fyzd<@_k+XA9v9<g@8Cr>RMMz-bI9Nx1r=*~FO5^z0vAi$}
zW~z*hcUl8-rKx*$qA7)uiy>u*Q<lU1B+J_J%(MzIQV;`DNvroDO>vFHCVs=p?#EDz
zvWN35w|T)*MsoQ#n}xCRE&CQ>A$Kaw?=H7%q*3iBa0LXAif_<?ChVKY8Kc?b=*?xO
z6q0H+FbF8})nfs$Z~(|v@g<ilylIdQrf)9-n`b=jDrPzKdT9Ah4VHDhWs85je$@>@
zeEko)q-5-*mkWbPb?ZoNM``utYoB%d*5fRja<aI+v;M{nEpjKyE737D+Jm{rNgxRc
z$FMi70PlE)=i&uk_&xaXIsCFi@D_jPgK8np!xF-le$-QZxWX&%GVH6|%<Ww821UQ?
zcW;R#eOktKls&q&1%&UyBeu86+J>vLt{Xi9i0-M*g{tAllwXl4avvUHI268WFRxbr
zzzckK5g*{cZ<^CHHr#q{@rZBTSW(*~V{uWix9ztcUW)sR5<+s{p~no*NB{oFY)3v(
z*)Zo4wI_Y~+EdB{r@#E@V=dXX&hhw@)~8PNax8}6bcoRyx^w%dKg^Ex+?kycZxjaO
z?Lo;8lXaYGUCK+`I(#`jJ?huizTyKRb(6B;HnG%59BuKIb1l!6;TBXzHLA*50>;>`
z5;h_KeWm*PwBw<u=?HK=sZVVh9`BkuyZK&E&MX((-(R>S8-z0L*d<0*M}oMNOSYLd
zBEBXTnL&7KJ{=)|dk&RMKR0F&VDD*!jDw}YAflPY{~`JbzZAnUi9BvYIIl4b8I@Ly
z9{NRPa*lao;YU^2oPW|^$58#c=1HyHXgGfgZ4Hj|d>05q7i5{@_Q`561M};2O5-nx
z7z_R=0HGaKA_{InoSzzEgp?X;ss?ShGYmdc2hTcR0Q4MA?tPZ&U|$7zNcjLzzCvrV
zw{1<qoc@#a(UE{FO9$|iD#v_OJ~UErm%I}pQ1@XXhHn&`2$!QGA+lIXA^9fYA%9KE
z=~#mfMX2Qhi?yw8l4m8e;Ag~N5~huy8`$W-K*|v0G`jbh_1(OQGP8NreKES-FvQym
zh490cW(I@3Q=-SzZ(OzBtuxG0@ox_QrbQy*vQN%{gDaJU)wW+ThXDy*V5}CyRF#f3
zw2Vd8AGl(npb^+mN3>jWI)^?HdKl(=>Qpj&EPV?56E|g?WNRFe8CfDVUc)v$0i1*x
zLLtdvA($(L4V)o)h_%_&13VmH(3TN`42B46Y6JyFl6WfF$>3bNZ;rg!W@4t)Rc>*B
z^>Et|K9@k})M#Q9`DrLhpw_SyUs8a?SxIRJ(Gv(JH(2R2_GcPHBoLxduxk^x7wrK|
zfYCQh;4OjWLBrgnBcVO;o$2U!9PzMccQh5IQnki3tO$3ZDm#;~gA>0s=k=@qv^`+z
zUUt!+WZOG*m#F`jN4%uDmZ)Sbh0U{EB!sW~2oMKRmSAO{BkV`Pz0MrU2%EhdOf^by
z5f!Gy=#_I<GhrBtO>Qx)xtTLG&DHUNpWco8Y0injcV~XJT8AI?^v|2!z7NIc=Hgfv
z6&R=}41ue?ThYDmb3jAIi@%Nt8Rv|xe?((_CDLdRQCWwEC`hoN18MRtL6sIkAY=8f
zWMi=FmFX=@Qpw+>V5Z4tBP1CXBR?~&Mt-6<r%Fl$%cGI4`bYCf;wOo!{UIpF&ST7{
zg<9i3&m(2OY(Rd3NJ*{=8lsc<wFDlZyF?0+Sv3Gr)qq^gvn!S!ZXZh~nx=#Ob1<LY
zMKnXL0hyMn9#$b~0SUa{6SpK<;tJd!&z`ve{#Re-myT0sY3qnUQr^&f=VV_nlB(1a
zVr*Dh0ea>P-w{4(TzN`rQoj&sNfgvBX|jN-x*`IRsTI^bT1eW><WwIbq20wNPL%wg
zb!xY$@Yiq69<Y$E9<YRoze22j91y}8O14gbv-%pUg-9FH_hrIIUHnC@khJX9A`%Kj
zFX9aj)IgKS^O)cWo)#F?5qWy!@6&keS`r&i8;0eMdSq$M-yUuyl1#k)N_oU>&uCNl
z%O=RqOY4>xttau^f78#kFP}QfLa(~1!^C9%oL-Z!<oX6n`Du?fH)Tq>)3lsy*WcvU
zk^tv8;j}ZJOv(hFrcgv~P&l(&RXbfm75nptW`4D!Thom7;S~k<LW(*aJA+m^Kh<2S
zdeE3-O~zm08_s~Q8(gBWbrRuOg6G=DYaT~P+64Rii>HA1UuaGz?xX0Xc8kB4B?uYi
znRZ3vN-&W*`5oxq8^X)w1`mo1pDS1S%Uyq1^Iv6E%sez|?f>8y7#a|8=Hk1oYU->Y
zJIqji&NM#GChtfMXVK^X`m`8l`e=upqrovlQDiGyPVr)EU8wNo*T#AD+V?Z>-<+|b
zT!b`z_(8aXXQ`+cnJ!025trR34RS^7qN(Bl7xGn?{*c0bQ<Z(2+Z(w>>kR_m?6VK;
zns|aPCYQe)6+TsVzMVr~xtc(@U6I`^TAQ|tRL}W%LhJPFgFGa%hgK^NRME-pPW=kp
z@eu7ehRA49(S7v(%cgPt`t}&B!T#5y!Ey#S_bPs?JpNbhoyx2=qLk!!g@zbnn4QbU
zjf=qJM*OqDN<qshbp#Q8AB2@hH!Ujj+yO2g>h)$Rtkukh;wiWx#CE-IfKO+ByQ=Bo
zPg4|qt~1_0shxy8X~3k0lwm9?-Y%ms;>Y`~5iB6#U$=O<AoNrrDvrE)j_dfgciMIQ
zsTUhSU`uLz2B$TaoX}h<0p*J$C!KkbeHR8A2WrAVquW@gr@BQi?l{8$u!3wiNo&lO
z!LbD^TP}fgd2e<m4~1}npvmys>bVk<u8`r>e!_dHGWq6BivCz>+rjKcC39HVG^n&T
zBO$Te?Gx3;^G*K5<<MbCt6*^?fQlm1xV>5AyzVb|#M17~b!Rsug4axp9Ri@^k*Nk@
zg9G_aoq@lHkI$tI`rcY!&%1iZ9W{A_K#*X?NY36A1}pS+*=Rca+I91d%lGxg_0pp~
z6*Z2Q#m?8TZ&$rAKA%VZ7(Q?WO)z#V%|e-ZxjSe_b?eDfpy%T-r`h+5=K1SGZ}0mu
z=h_)R%3T%jkf9Q>$tN{JhtWrN-t6LTl-IKE<=VqYGk(|5=LrJDl*WwYZ`UDhR@be)
z?XHgAnLLShoOALx<U7$;58;a-7MGUc?NFwbnsMh1m}lm!1AE(h1lL<x8i-?h=q(yp
zyF&Yo?Q`m^Vd}Ti@lUXIuI#e^oBEvnf7j>#@4AVxfIgu1Kfk5M%J%<XH!(I&Zr1<W
zP3+kTQytXq4nfp;0%enLmhJD_Wi{b$2~`I0FMI8#9yC`R6@C!Qkc}A{$+!e8={M9U
zNFy90nEGpjhsBHE8qEc|u+<jZZuN)Ws>2;}4HY7iw5qBF*Hm)Uwp$$@Y=4*DkGQ!g
z4uKz@fm|_SZ226V9J3becrjvy|Mkx!gMzYDE}eV*vRBfB50N|q==|y?g-;UtoT9H#
zgl6uaFzDX#&Qpwp8q{n5nB-Tzvu!-1V}@Dll<#iI$QHTWuF%Dv`W0}lL#>xF9=+$n
zh{-f*DhB+46PbF%TIimQ0FZV{SL~V!*(+|J;1%pbLW-#@<jUoD8{MSZgZy{Wgy!C+
z)6PlRbxFVNX8Y&ZkSHMTdPBOZygYfbaCmwo7sr*?V=pPuf&Aa4kLZEEJPx6-_E&*7
z>YT`Fou~}SmDOccTDbMBW{=>dS&~do4pVQMPT1dz>HdwuDbn4Em|sZ1m{MkVnn_F^
z#L_4b^D#1nsq7{IEf3D_%QU-ekk;}jXoqE=Nx3;LeU;$h`F#Z&#{V8qbJ=ajJXmnr
zHq_2N#k8$kU^g4CSCq*X4$Hq<O+2E}6)eC_AZSP8Ex=5oT%VlG5FG6!U^uP|=3fg7
z0_Swh<j}4wTry{;Q_{LIO5el#pQY7{ddkb6$L%P~{W=106=}v)p(XX&iJ~C1#`LV0
z>^R<9W1Zd4E=14$4kSI|W8=Kvj`9$J{R)2^2zmd$1(NyL`Fs*1{f~+53eU=`Jq*NX
zyXEiT;L_f&yIx^T4sG{5UaU5Pwm_)x`@E>E5ev8w9fCT=oB&?$R@r7}Bb)K_1-JcC
zlXm@@8G!|wdcNS^l^fWoHih(^MJ1*MUm4+jez+gOrtv%yn%37+-SN4XfZlauPZSr+
zbAUxfM+xV{lI|>;=a6`~fnp8|-AY|lxH@3K6NrtCC5^(}?y<t_aTMsdN~U)~=Oufa
z9x{2^`B2G<Nb2bzSsrB02>#d4hfnVzS%^5u{NF^*JKgI;n`6!52n1r{b^;ZLtQP8|
zx%MWfCKHLI#>aRBI<V<7HDKMy^>ifcSCp`_Qh6D@4lO_NnBy`GsP8ELb9nrbIDK`&
zwYP(Cl>J$(PMrL@9Y%y><im1e?p52;YXm<$l{oMBep&v)g39h(X`j+1?AC;9!3V<6
zbn@P9xt*-gO~0l3ucqApuj@UEZT#}dLY&I_)U>MWm-UEeG=;^`(@3e&QvV(!C9(h~
zSsn_b<{QvEBGsKs<>?e{rr-5_<^(v8%3K@0_RS65`Du&|MYC-p$36dC4+Zw$O1M|-
zLa!1MuMm3)zFc#|%?yjpR*6eZz9Lzf-7k@(NEuzW9Xbafu*lsbsVKqgV$$?_38htE
zAH1G^-2SQP$p>$R!eS$jz8=TANBa*W7@I#*S5npeB8f)?p}xG}`d6c^riYa7m9)SD
z1_eBz@O|EV`o+1xC-mR?(;?pq`0{@)NNT-fp?`Mz|8hO!vl;%th~Y+vJ~;RaZu==`
z`32N}TbX71;yszET0AttnHOO0BP{G8Drzc=6eIQ*HRv1ZgnDFaMaPSvSV?CPl+Z}+
z&)=v=bO3EdRTm!8zD+7=*yrTIq=m5x+Q?MYc|jn$krK6@kW8d3u*V$G>G$!Mc-wRQ
zKMxb=zJKVv?y;^`109MIwns5o<X+`&>`JVG)l9=iS1Rt6&-XCbTbvlbjI|uz+E%18
z$Euat%@s5%{VA8zK2!MRtKQn`c9FTsc6+LYyE-#zO`qvrHuEA1<@072gQQ{6(86AF
z>Z6+Ka@&!8@QH)NN|j#h=EfWu2bYl@$dD<xmwU3m3+w6Ex<t4QRT*IBp>6xeTS-SA
zyo831ES@`H{9*JB$Ztm>K7Hj1$EoLf8NAYu&N<oVf)R941nxU1`}*hmLpQtJH>9WP
z&&<r=c2J|g7Q82=H}0wyV-WX}u(#zV6=-gqL^*0ajYW=CXbK`6Xbt%aU?ku54g%VA
zyLQKyJ+-%j80;oOzvT+})wo2c+ky8XDE1nR!rP70)lwt^rq%7vK(|+SREj3xc}^ud
zVhk=!C43~hkWq1X=%02}Sg0gW8XFs<Yhrx#Jk&bw1XAE{KF+_-vo#{c=m(jc59)w!
zbmM<xltD3HKk|*6L-rh<Nr%dWLUQSbX6(j+T3Ezles*?tX{qLVn`G-^gLgEqqCskx
zS`oh`e+Qpg{=5T=UcZr)g<BO*r=3V!ON|jCm0*$+5XIJ)KF(+%-zu#Ww+=u+r4_FV
z4-6a>-3srl?(RDJbs=Swkde~fLPvT#XeqD-dPygs>w`q1?_qIF(HiZvR*AQ9P$7W5
zPSp=JPy?0N?7Jn3{-19)aBIg_u7j1D4YHECI)BkycU*x|D^)1A)c^#*s5r3oy3fTn
zVikl9Wc50$ZujbSSwt+Bu_tmg!`o8H-2c6rX!k}I5Rc0Z&Dea6J5lYmQEhq~ZxjQf
z%LBUid>$^+M{e|lSUD-a#m4j&cGK%&&C{kgHMKy8(x;eK_4uJNU45Y*kc|ohwP;f2
zo}}mr;lUP&%EfQF5}91YcbLl?y466m-CY0eA$5*^J-ct-lnRKl(02`>yM7%(om1YR
z)4P9?AYMHKAe>I7VbS0JCbg}wBe7De+N6G7BU2YWe-#I#k9mg>mL^J-^mwg#5BQ6H
z3eeu3$s=Ny^mVGr2Ji@1&|++C27jxjlO*5=uxg%(cKs}Xda{LFi8Zev8>DHI?$U^n
znoQU)1w0FJ+}djpbG||cOL%=hY`B$L7}%{yTOGEO6BaJqMg9FvSFP4?m#+9Q4Q?I~
zP+{KxI};1oxW)pqgsX2xzrQOr9t0$l@0C`CP-HF96X|pS<ULr$!pCod1>!_x*3;Q$
zr@m-IcDvjoz2MQCfuir6z%8pkPtePH+*-#AD2Sa4KqU-Tc_9;UETkr@^G=L&Wg)&f
znip4B#g+|{USz|OzK2nTF9WKg*NS{U$2C&ZQo*V9p2w+A9+$FTulR9<Jg31hnRd2S
z;+OpcX!L~izWj3<@Bry>$$WP>78*<@Qp%8j4nm<TI1LlzE)s?Qr)T-E2OY+6Z5M#f
z0Oc0{&S)O(d51wE<UYD;Bq`$ImF)txxbS;l4>KN?{ar-W{}iE&%@}LHM5?4bPg_~h
zVfT0Sc%YZyIi@jILc-5LxeLEa10RdSt`7nyOWxNv0QBu6gmu52_zHsC*-|#Y8@DA=
z-_J0vmf?$w9wdM?Z|)3~q4jbNhs0t`j`|=%vyjmuM{k#rF4NY=Mp&U(oX`H`<4&Hj
z>xIx{$4SgUw>W=&*E|OukNF9+9TqTDTtqJ8qVR{jlw1IY_~&&O7wjY|ey=-_jM;*y
zqkngcnB9G#gkcVS4<Hy6C_IavTj43h3nPz^DcV&kmm89lWRUC*5(MY7mRar}Rg(?e
z-bP|j$rsvR`$FK^toL9XvKUiYq;L%u)cgI6KjY=5SoC|)VaMh47CCtn#bMIDl38Wm
zvrgKL+O-0r?YT~p=_LugxLX|Ds(!~vGTz_QwSNx&9%~+n)9~_qi-ozjXJ`2Xc(u`u
zlYDymHRI4{ih96nX>qZzj<bTTkQfuGuRl+UU6}7>_7T(tCPpgL&`D4*AAXrs&)uoq
z&e~esXK?QD-TO574lxdkX{>NKIw<j%ot^p~5}a<he2_49xL}ceMp@Wna73jl#CFFo
z82FjC9zSbfLEke%Dw%p!3L#LrQR}Z1=4IeG)u02fW>*~1VPTh*Y!Z4cWH;)?TOGhi
zy;e`0Z!r92u*l@Cs@Bf`!0loK>GB+>D^ReDp}JawU-&k>i9%(o-a5{VLQm7QbLSS$
zfj}O+*34t?8%nNdS9px#)Yufug{p!^@JszZrD1a9B)5~Wg4m?|usohtq<cMkimb?{
zRX4puTl29fB(e(%;nAl4vW!ISjXjW)i)-MJ254qxTKKkDW>>4*3)k!YGSPmJq+-ea
z6h!)DG5foix=`<%zIn3f$?1Hl0-2}3L8FtSscDRht>ozbA>Hx`Aj&LiAk}b|&*vzv
zY`gQ?AAvC!br>iEJj-S6^P&Y>>GmjHybA^;Pt;q8#)!-&tEy73zlvTCO=^?Mu!rmP
zz-xuZ7q^Zoo1Y9E84ie#Ac14!vR_N8dkPBiLds**lK*s=`3|w8_XtMO(%M=n8{S=B
zK590ek)cINPM#C-6(9{e`)@&llK=m&3-bSI)dDqupxc2Ad@p%2hu5RQXmM@5^?J<A
z!z1M5Q00M|k;b9ONr?9=3g-18oqCw}T{&n0zP<`{0RiE)phvkXyPvY8mV92+(t><=
z%I238cTs%X<$lVVLCEV|^g3_<4TGB0c5r?$Gd>N{RIu?CBmwh2C>_D7B*eJ}RRiiZ
zu^nIWsfbsl58<u}>YY6V1q~m~_arD4gf_xUBh=BM%b7J2lCsF!c@AAp^kZIH>dGX%
zG`kE|ZqU3Q3G3tz%de&8{0orAzytbL+;s26K%30AyqT!KH&s_}9$kT~G43mmpi-33
zD<L6aDBDKkqkpabpT)}MFt0crf}V*Z#^mJWY;}jHvWo_TUG$BT9DX0#7+^w|%$5KN
zte4O2YMrWeK^A}iL37{yAcCY2M_R{BxgJT{BD%!ubPgR2;<wLm!LHxzeLs>*KTsbr
z(1B=yPSteDR3h*WF+^-~XVq?YwzescP16W)K^qGG6G-Mg&a3bq!aPMCzWZigom~PJ
z%vZcx>eyHd<ov@&vASLgzHe=qF%JA~5u(-Wb@mP-0<jz{+&PqbH-8W5e(ymFsQyMn
ztGykumt3*2vTC5wt6o>hfd=kTlAzRrb|EODAZcCqcuo7-=(RmH+DMTV4GoF;w32NN
z79Cu<1rRA(*x98b7R}UtlMAd(6_IW`v*hoY`YLs+wI8qtg@lBJ8Y`hONWItX1^UuS
zn=iRqL&2SH*Gm<3S!(!l9nTvRXQj23iPQYiFIw3;p}|Vd%gaFNpSx4pUOcW>VpXwi
zgbm4vQjS>R#S}H){dSddVSaZ_fhr29r}92x#DHK>l4Xlp%e(x;{UqFakWP_3WuPHq
z-w5OVq?03jd5f`NKDn}xQYHhQ$$Rg>(niWrY1B77Dx?NYSNf%>2Zh{27ia<u1UXWP
zK${?UG%F)EPR1TDV1-JKCjn0Fnh(eblHo9)U?2?}tEzOit3lB6#ojp%*f9JgnIkn*
z?N7cvlQPw9e6>N1(0y_bM)7ct9LlY>Cv62XGZ!nXwU?Mo7B7(Rv(PpCTenNTQ?Ucs
z@~}g_7)_+IHz^Z8py_>4+~X*^T_Em91LC=+vTrMF#AG_yM?G1zJxUCu;}5P+GMZ28
z#*1rf5E}fg^?OzDTMI)bmX(tPK=9fqw(<5meo!YaL&#$=u~Q^Ir<#w03*M%plj(Wb
z&`pOe7Ls~E1~aS9N2q&o|FbFdLRTie^Ub(-XCY2QVjte7yqOc!SsA7+TUSevW#O$3
zZc09%JUl$e^W#%?8gv`5Ig*Inumj;WE{_h5$edL;Xl;h>T0RD-yhfdn%6Yva4c*#A
zpXSHLq=vmt0E}RCrWXK#oo}1_>3hvXbw?DzX`)^63__;#(3|ea!S0x5XiTJoVE?~4
zp2*?IM-Dll<#%%-&oG$C$7Xq;rTa2FY4^bVAP=gNw^G+2jeCasWab{mPLqSt3JAB{
z9t3PRw5EP!ou8fETSmy`a)(J<SXuR3=J`J6yu*H*A$1l1<ImQ2Sjd&-DlHvlHcEHK
zHX#2X^d2m!>>$D|;x2NqgA!^WuHOr0DWk^*N<)rhff3Bw-PA;r9jnrQQ{fYev8(mc
zKN8p(RTmfMphFvlzLUNiXdHzx<nX#cj~!3xFLcbYmjzY0P1S1R$2i`-$ifo6nN6lF
zARcglMqZiD2{>ja)>lbM;#K2#cyQF|s$8y0^c=15mzw-7gk~zaNw){eW)sbB8r#S)
zcVZpH&&CmsBaT6fZgC=g@9#kGC&t?B^2++S1F+&eF!G*E)T6JTB11Ls8|3A0Q7DJ+
zXWPW=xO|n}Bi5njk?PFqk@D1{WF8^i-8v+Cla8IjD{=BHp&T5|$g$ikXgTzHlPWa)
zv-0L9m0s*7cD1R4+N)nH#jDrzdKpW@)#Dv_oDb5-3uPxlN+XuLX!sv51;RPEV?K#W
zJ=r*skL~Q3-nqvE^1cVppMcl5HufJqX}8u#3b?$`<7M%>43%%A17ZL3Il_G%OCL$U
zUiHe$?7lljY&~C0o}af{vO!~VuE1e}Ur|BHQ$W_ntkFEgQr$yB%qWfJ`3vJ$#q)Ak
zjT#4v4RmQ-0ID?-=B3>BZqNlbW@Z#LR1S0^b_wit`0agTKw(yE05dljmpRHkeJ>I9
z%YSQ-bL2o!%kdctcKN!T$mLBpJW!SV-{q}<%e`(_HebM6jOk&vT|~S4^9u-<!tv`_
zB8DLYy<*e7$%!e#`%RUg=B6fJjw7$@S}KuWE1{f!ahSxpofV4`8Dry@zotfTadRN`
z2g_zX?1M^rBam=hAe*<-U^Ft!Bm1--6vGLIL7<5*x3RAM${eVE{q9%(SF{QmxU|SM
zp^M7zcyYkgn|^?UtEH(LGqw>HcND@9(o4kWt2OgxpSk)1`xUlLugmhQrpGfB^XL~=
z+Xg0DP$lYJ+$-3HQSxGlF&2_v=Phfl1y0<{O)cDoZpX#J@#ujF%R*6uQ`^w_n8^OR
z*PWY0Miych(kS-T+9b(zd!b3D$<oH^H>6)M;!hnWy)rCDtd#7`(p8-6d}Aub52L%m
z>(bW&l@Y#C^OU47M~w80G%jN#s77KNJx9${Te`2vQSS9**g-bC=DWY@Wm0NxEJybn
zda|%cj{si)`0TxG2-C^d^$j~dFL&iGcEzTL+j3a}(67iWpM+oYKmbNbSh(A8PSBqG
zvfb9~+#Kz6dEG(?(*r_Q+)jH#h3DOqC2X3y*stI6wK{Q^^Y<7=S~`?lpkbrgNn2O;
z=rQRH{xR;&r8(EM*^-tBbzJ<yC^B`Agfyqe-s8TS(UXNvS~6t1=Ry!<%}7@}F)>!Y
zbm(elcRe!Z`=pW@5f=|04g;!b_F(^4nd2Vou8&Ih;_@eA)uGVc)R*7y<88IkT)xv?
zh`tQGZ^t0K%+x4Gdyp;zFfn1}WnX@}&=;CUct6YHa&BStdft*<E0D7mKeMp`>I$~D
zwS~-0hsATQO=1Rm`+&PjU#0eX!{@XN`7pK5kfj(O<#$OH7k9zSLQt$OYbz}Lf?nbq
zu_FbH9N^n%`WtoT*D5ph=+{h}F?C0-{El;7f#RxWQ&v+G8oa)?wi9w17;z*7G-_z(
zv)0ujzN@sU-1@9=9J!dg#=(AJVt|bu$(6=Hpi4W{XLS$(Y`X}3j0ZaQ7BuvO#+H(T
zeU@qgLYXPoYsacR{fq#9SEK8mfBTy8%hhX3b<l*<OD?o-57VlU_QyXKDRz5<Q(jV%
zk`@*g3>fHNT$b2L%mz93k}Wi8+;;ah>ra<WeT5q1?R8#ao}x2bS&a=_8~32wM!y^U
zWTszMt_{YVP<h$ZY3gWe!+lZxSdK^xNJGF0SI<$<Tx##7ZgrB=()nex<}xwo)!vFh
zyeU1_o2wHauaqVcWJt|Sf{Tra97^3Zqki|QpZrNh`bhM~v}a!B_xxr>vJV05=drQT
zV6=5p0`2$HQDpq)&2@}zX8E$eFwxL-5gDB|HnCAbkB2B60Nz(;V9zYl+PME?-#qGX
z3^k(f(~Y5~rY5L$mAE)e_O*X;F94zU=I(T!WidB=9q>aPyItYxJ<N>=lgc>qXz>7Z
z;kXYTpJ+B|H0|G&aLeAISoXZdlRwEpeTM4l>N+|)nwyiS-2UuA0L@y8BiG+69AQ&h
zHIB)&#Mr~(;64MNH5bzKH&hhnbYQ(Ulth9?Eetf6zvGf2s#qzaLn~xmuSR3Ex3}+k
z*WVVq!%)66=s~)qX2?aje<6}bZ;cWq5EA^3DI+~0pI%d34PXx%9We-JR=};{K2#Rz
z;%VeEH8H`&!C78h1Z@Oib0kW;YjsCkAhZcb12WRzf$|RfPK_~Al3?w8N5WYqX!wEV
zDqf92{Nzq{1_lNJ0e#Uaxm?`Azo&LUqrT2U{to3X)oYM3r7YU+6?&zcT8>?I=#miG
zjy=~@YuIQ$e3**rX;@iV>FMd2nwo;b@TA*a!g7u;RxNLJWVtrgUd%`?0&vKDLuRa(
ziG?l2<!TWSfj>O3#Bk;%FbWlMaxC}2AnfC-t2Y5mgZoH45}68ll<{^Z7VvV=LBtHD
zt8k1!x08~BPw759Jd~A{#Wi8{f+2Zl*rJlp0hMSRwe;>zv}_3YM4C}tGy=P|xk%Wr
zaZI1w+!kk}nN%<GUHO$lpX=+r=UxKG*IB{>!!-mf3wA%+(C&@Bdozhx|2p<hQ!_>D
zZA9%G<uU7=SM=ZSO@g{v($NLE|6k0#1#BE$lr9)!%#4X4W;<qPika=$F*7qWGcz+Y
zGcz+YW6aFF_5ZtXo<<stM%uU1T2^(dTU~YQ*17kb^L+=N$4#|&F|G^INJE_~^!~Q7
zH_??1O{7-ubh|p2$#i~rEvwh+goq7ry1pd$WO@BCpi&i3n(B&mZowQH;KS}uOHZfT
zJpeld2|FEd<D^8`ov0W+5pI`rTPjH%IK|8p{>udi>XZ9PcNBFsrWR>=Uf$w*HfP1t
zm1&D^P!1my^@yO%p!V&Or{g<5H@R2}{b$fs#13*=;)m9ySNn5Mn`fA(AfFjE;pwDK
zk)8~~yCW80{w(oq^&9nzdkCAPPPHEwe?ES`apIKmx4Sg7$p4k@qbVL@CtvgO?7Fu>
z)Zi$N4C`Yj-#j}zo1Og~3W)9VZh*3EoudreDCVUGAGT{slP%t^Y5ZgQir+mc3=-)#
zzFu+xh}wF=_LronPga=So-N!P&*9SOs=`RY=i!4sNaU5X_IZ>SLKNjzmzB2$og?f=
z5EDd#yb18n5Q!$iUGl}<0dDY)9$D{@?xphx7M#cRiaPSorGDC_GxZ2JSOlqS6p<_U
zYr<|}_+Q5H1cdR7W3#e>Tm%JPk#A@QY*dn-Xp3j6)RPygH|Wkf@dhHnn3^&ONviST
zkkL{6f)5-^-xs%$h+rOXFG}l9NX<W%oce5xDaND*RonI62TR%}R-PD(yE4#au49#e
z8%|&cx)&bW;ei*^-Om)8Xz8uyc?;36{y+&VgIC7@=Y>KiniVE_OAS_<rw)8+q4b3(
ztX*P<Gxc@T==6YSZ&dhIw0zwi0Oo;7ix3*Ey%?)P*T3^(NufClpGmtpXHz6w_g-{P
zE|8$?SsFzOA>AWFG7*46ofXOrVu1Vc9Bq}1uK-t}gZi<=f4zF@-sf{q{v$ge-QXZh
z#wlZ+LgcK?8JSF=9R%5DwA|}J@EXO8OTB#>f!HrK{|(&SRptf8;H-F`lv41{@0m7i
zy8I@5qsU1>*O-fYUP+aMP}41=kFnGPkW9>LO_`2DFSt$2>s-5a)O}LDDRNES2&2#?
zuaM8{)1fAu72lAEiReEBH^+&2YBlTz7fitrr&9N3@>q^Nq!?WV8fB{Y3Z>t#39*E+
zCtI_5rZf+)TIi^3k-_+e2{r47&OvkgJPbdd-)%D^!<4+#=d;6;v2A#M1y2OA@{&sz
zI*(8SmR%@6X_n{h^J3oGe34MZv+`^yWU%?Isog;yDr+RASTCg4hfle08>W@Ja5)!w
zAj`P}z{P0>E8q#1F;}r^xsb!Bu}lpWIs*$taW_Ft{I2spa8DQK4dcByl9ClBG^rg0
zGuX*%gXMY1zuH%&>Wv6q1THmntQq?GQCG`MK%Yj&we1)O9tCfs&ZQB%z~txb#jDM&
zsjWE+#x+e9OpKSLa#CBkS3bY`kImcrA))pU5>&0{!x$zv@gZvnrRQQV=>04a6wEih
zU*dfp$d|#PU0M>IXL6s(+8BL&2TR;ID);z=n~Wwy&r#6*5T7W^>+5e)3qv>G(gBV7
zmeie@`X;fRvYOY`4q3FD=kE{xA@Reehj*{3u~GO>P}nW5)=SlCiPF>56ZdbL@@xVt
z+lHp*4U%X6kdTl!Bllh3rEQ=w0_Hr=P2~$;x|L{;WG7^i$mjr)&?0!5QrD(vC!nn3
zQ&L8jw&ASRuRvRY-I9rg<)VB!TeB5U^~jBkER#0-bZ{Q_XxlEqmfm~DB_=q<pl3{E
z0t^Sx%Y;VY&ak8J@t$Py@M~H~ajNnCN?ogUZ>>SfhmOKy8lxF%`+nZomaIfXepQ|%
zl`hAwfc|tBlvB|$E~z4zSx&#97#sClQlyG3Rj;l5nGUHYhyG3dVD8ymCCM0Wv?I;_
z>#oPuHi%ZMG?P*Rr;n4dnORvy1vLf5ihBJwSk}U)vq??q>yVva_36e0%*@PWWI@N$
z!GC)N^^{WqV;nF<04+zhzZpgjhxg|LvB{|F!MYELdIYgG#vT4tU2yEGMV1CN0=XxF
zf`@)3H7$+)dYcXDsi3GRYl5wY(M?|AViw&+hsod+kEX9WUHTO|H9^P{P&A7zSWJaa
z#4t*vONt+u1o(;O0RaJkLQak|F);~-ly4QqyDHA<{@0MeB8S6-j2LMM={4A0uzwlQ
ztpLhDwzht&L+01^^z_u!#QSR`jkyAb#SDdo1P2TGRlwh;*IH+q&R&5AS)D?YKU2%W
z-oC!EQI`ckaCKA_6%~PQ7)dJRxL3pfnod|aaL9m;4&dKI{h4ds;oLxj8SVl_HoLhQ
zX%Zq^J@SjF=0~27&OfFpU<1%_sOJt*@1koeBcb!2??TsPLkgNC){;Q3lWT&}2BW`o
zZ1<l5MlLh~x9>l&emmao0HMu5X+x9M*14O~kS9lt(-z3-OZi#)Rq${M@6*uW03eZn
z6csrhoBi+5WKgXfr7yHTA9e;LlI|0VRT@Z3(>hdD)jB+H*BazbUp+wqxb7h@D(Kr!
z0P*=4OuOvhHMZu{zDlV(9Fj@*?Q2lZgy1~=f6irU`fdNqV^NjhM0<3#<->{9bzzZF
zw%4#COO<8^%}}m$$anfA=eSt;K!jT!`~793EX2=u{7vs^AfJ_q5}BEW1rl<?FVFq3
zgMZH5ouuF6dKcp7PJay%&uX<v*vV)A$lMV|r^C%WwjVE+F4841h(LIJpN|^a)DQrs
zn|x^o>IZ&+@Y}8f$TE_~<DO^?NK{L|+xd%Bd=Ag&ie1sv8?wQXXdTK-@r+(g$oAqA
z?H7on>y!XmVRu{(ubGGB46VpF$a{d^Fiua74`<lNXt4CFXAOQ_e-1+>l}bRU;e^B8
z#VL;pvy|(ivNc%FwVu!7@M!$}8V;upgoNLFL&55pJARPFN(-{Lw2)6Bs!>@qT5N?#
zofThJXJ;cN0O0Ab6~M0ss(c?1K}~a*4<gU}9h_iW@&DR{0hF*u7;R=0{k~4VeV4&Z
z<*%$Ke7)J>rgc)a6+G~FDyiy7$o`|3Bz}jcKuUZR%=}j`IZ@<5Q4FQx<v;wvQ;4|e
zJ%B;T<Bt7JT|&Oz4JPjs`5Hv!og?GX<j;l+Ja5Yj0a0y$)+jA(EretaOQc#T{|DFg
zpYRKcJQBK_yN)9t8rX_ud47gi4%h60wx})*I2sJk@FrpW>2$W5r-EmoCsu~AWOhAj
zLnig$Glv<rQd8yy84@iG014KSrX-X&9JX-GH*HFO&i^ojVM}30oA2Q9OF~xhEY`cr
zTsAj%0GlM&U35ae>vHhObAEn4+qtwmpi;sEZ36-zq;xJPaK&FhTd==38JLZ8Uc&qS
z{`r$53oFcdhnzr|P2C+lj(0EVtGM#Gu6*X>uSTfYgPq?R8r->NDu)1YquFU2fsz{h
zZHK15MR!4!$x*%iWv{WJVK4h?Pb3PLmYk~9_5LLwjJM6Of4I9JY(VXg#{0(8B>@aQ
zIjEW1vuOV-fQv7PgousY%=8W*7hh*_E7eh@6A+sC$*Kr`&FLu<FIdMXHisn0fi1u*
zQ&`8=q}T)`POv?2ueV~alRzT}#1i72^S8b>fD56YoPM93W85aWw=(^$!<f4caQb~T
zS1qMLsj0A`D2W{qcv{z9O~4Xf3=#-xHo3b{fFGi!q#UwwTS6y@+^gAb2+^6480H&P
z-wiNF{z+Dp-})*DWyAXyg_c0@KOzJEGk^ClU2rGbp1{lul%PW`FWPl@%m_rfq5Kcm
z_`gL`s_Kq}40F?JY$jdBHacFRk4p3M1Qxj59wa|)D>4m<CZ=flUSng20vWDx)G0P+
zXKTAY&IM`^KR>3156Wt5?Oa!(NoVs!p1C*5S_=zblMegOmILa3TWKUd%ABCy3s)*r
z(|Te`r*lO>ij7bJ1&)F>yTmlVJp&s|1TJeyar1KP=jv)}_O`4#b81eF{x6kQa|jkU
zS85g&%noD?W>!|SM1tS6%Wp?}IcY3bbFP`wvY)MVogCwgHU-WkE<JZCyceq-h^U&R
z$>J8<KlaF^eeUn3*Yq4qlNwe9HPJZ%(x`R?*mb4EAfSFyQVPMIG(^kdvjC1btNH5e
z^U0F;k71XoO)#CXUJ{!eJasnv2myZ)!Ce|3v!qu(uV75kZ~YZ(jsS{AYPu1K%jsl>
zc6k~MxCKYU^egf85IqF2OcLQi$6ts1L%xmx6+?{^p95DA_;praUm&<V)nRt>K+KQm
zF1xc`9%>zb2^xFdpWN>NWe$UA{X&fTHTwdiWJi$EV#%#1R*m2MrxL_R@_)n>?Gpe6
z8XVQ@+PBbk-z?uA$z@W{{9Z2f3`g)+XJ>Vbf%pnCsuGDEng#NmzkwSGtWnCXI7y@j
z@$p}+?~brBnGMgtk*oGO>n4S0b_c8{Qoa-RMD1JEvOb|z9qtKV4-O8LDR@{Tk$)cH
zLsj{&1Vaak%b}WXv%VWn&`?pqWORwzhxR5`&;x@GC2yy~c384nZ?|=b?=OqZmhS@k
z-huIt70G1nPXDtwP{;x`F35;;+qHLMtAstmLa1q#rY4Ui1)Hrt`70>D!|po*Wna^j
z;Ge_H8b3s7HAmX~QM=#8d%fq3CQTC0y2*=-^u-z1>4~|DtE`*>z3^nbvkP_Rt0SjV
zH%~NKRaT}ngmOJvqRTf8Jv!U{cU!(aGYSY4f~E>nr&w{IKOnwkhWUx5*<pxVI1Nx$
z9)?dkc;9eH3^OLGRk9l71#@C4yj=)%9(oP$qN1$x_^|nDM|Um8Mn`9$NgEAEh=c2V
z-F(ZdL--Un$gRObHmg-g)Ti+kyovfm#*`{+c<MFVWBWlQ^d@50L5i+NjQRjzj@x~o
zj8-C0umlqX2(q)o-vx>~0uXd!F<*aJOwt3uG2fqzx|`ZvQD{y9KvKd&7TOP_d7x#M
zE-G>!@lgEya`IqoIjSedsUUjNw|+B5v!Z*|+V9umqUk9K5fJ6X6m8DOweC#&c``dI
z08!mRbv(YUCRbcu+6#>}>!h0zW>9`41T9`%e56jh*Qo7b{O<DYw=W@FB5EU<W;sOs
zazhfnvI)kso=8l!z7>7B%Yis@@!EIy(4|`&rDZCYn#=W;B9+WvV{dXJ^g36@sRpas
z{A5wFbQ3^?h8eAyQB;4JL7tM5CNcej7eH$-w_9Hu(TeSC%=&@~`c%fl&JjI}!Lv8i
z@Cg@CMZ+IWp+1s(6v~B2ZiAeMV3sMptFHaf1knqIU^ubSedsr{`gbNYb_djdiNa~!
z&if{j)Kzrg8r%#=CbveX&99BEn#i}aWSxrNY<YKY0}~$_V%ncK0w?kWgGqJ1Gq6vi
zV@E0hUb&S0;{q<ps(2}@h?rl#D<vS2L~v+SNh7Zil{Odo-DDY!cDa@r@*e8jS;*4n
zzrykzUpWKd2GZIbFXvhn-GR+yY|PDHtk%ftkX9KPQE!ppEFR+9s#)R+tW_8k#@v+V
zqO{qyIO*0uAprvKV3aXmaN<hEq@?8EhgVV4PAD+iW2qLdW9H8`oW5k_sii+eefaFA
z!ei2S=+cTpyRy5Uu}vbG#ttx4f|e$I)v}InrWxUCwskl}-3uS5a@kDC%=8Ihuhi(L
zlu58*<X?{3iA{j&4@(dQSbnUs`g;323MWx#Yq#A7)~A~<@FM;1Qd$>#I6tKO@Bfv&
z6+td``(#$2XQ=>KVfsrOD3*G{VgjU+so}>q?emA_dU)K{Yj@Ae*eb<N<;V09K7s;T
zewI)2+wL|R8|5A1<Igl6#<yzB3%ptiPg#5{0R*IYrKLU#oNwI9TAY8oT!Z%wT<QbL
z2Bicl3yPbumV6y*OufH+v5oT(iNZcyxX;ES%JamINb|<|hDp*@<LiviOOrr}-q%4x
z!7g+fDrp|N^mlvD{pwu%c3Fn(?jY0aJiqIzm^Z4ttZc|#QCh05d=-y-l$FamkmIh4
zu_38p?%QectV(>6lJciTAhY!gQqt!AUSxikCKL-9>(YyDHtlJAp{kOw-02zw0!UKD
z{w36+UsXqXhk_Pqrng84fC;nx&lKPPG(P5E{p#H8%+21CPY_h-cedsw+re8GRj%^g
z<6XGCb1<5rq=-WB{?PE2i+lfc`jC;DwyIj1hnde>DRe4|2an_S>*sRw(}k1Genig`
z%C$vf!~N6uyOf<EMlms$A8DPQAUAj>EA3g)SR7t4JYX|`tvp1Nnt_wLsBdTxmBl8s
zi5QYeg7}T&*><0moBK~%_S(SC7}J>9k$EBZxe3Ov_m&kd8AKPKI#)3V3yX|)le#F}
z2O6vLHJkS`Ei#!5z%%d(2qW4*KZqqB#)}+J1WIyFrh^`1b8}#e3GFW=6w02aqWp}Y
zJvk5>1p@OPhsR=DhcywTzyMm5&&}BV;G`J0?V(#<v~lYLsj7o1ud2fta1tVSguG{l
z5Zsbj7taBb<EKx9p_ti0!C0xw^{hd{9>d3?#e`|&{$Cy(X4i6k&QO4`tJ`0TP5Yw0
zHm$R{D_rqfWB5KeVeIV&<te^S!U{4k0Vd}1Jn81AkD42;=HG#n>bi|wT{VG5<|?Os
z!S7`IV_1EIb$g2lh-6{l0<Dw~{&FtI3+VS|2hmDG<bOs+xC!VJ`0qTRek?k(3I|%{
zBERjF+k=_t7DyV3^M8T?RR?|eZ>@E)Y5*2JmKOmW9C9z+hLp|Xtd_;pL;a1Korw_q
zzSS-5FmK3^M}A&U{vtFGsId5AZelSo0k0P+p01{$(LrEk{<u_Y@j6MZrpNPaj)f5P
z@N#!*T%tL7`3(qW6T2X?5+8aK#72eOV+1zu1C1lsYh6+L-r}uhmonn10oTK#J+gz0
zeJl>a7QlO8d98u8gVsV?&AV>7#cZf7Zv&h$#k%%>toy49O^uZ=$aLHCE&{a^z>HXK
zb(&qGAGpeG3lsP>>5~aQU+?`sKX8|{m0-7fXkScd1Lx-BNzN5-f0zvqb)I2NuO)Vm
z$=_u8cP8kDzb4T(i9Cz`Zp~&LiS(C<HkY?G6JqSgd*aY{TF>YuBK-3c#_cfgh%~FD
zm0Unm$<0ID^k+Ka>Yl<i{I{FI&KuQz%5DwNq`aGLQ5w;Nn`P!^rS@2F#I0aM8~mRU
z!x@~9vQeUc01XdDzEjiwsl~9bt9#mKnD&k}3EpJ0Ks~5M!rNPcey=PjL6}fjNJ=Y_
zir(BV4Xqq|YwBoge8O)3M9$+IR)YuLK|Wpd@-R0$TO$E%iK!mfx}cOb#;w&WnyGRr
zQzv(HaU`hz9WnN@?I#o~=`94y@t6Z+vZ5WtNytUvo=6J7J1P0eZ%c$pdYA5K8~cpR
z!Acr!6FdVd%7@~Mh|Z5ozKK6)o*$AYqhMfQfN8H96={Qf3{}F&MDf*K)Ug%M6%%{0
z1Kh9<XPcx%l2R-~9?OK(1ZRr}JvLPPg_Ke}EmO5NNw*OnUuQLhpfyfk!ujr=9DKRx
zPW)5gSrNCy5-b&E3lbozDP)sCcM;DvQfQ9<p_TBoUPwTx(#|lPul_3}OHgELMeNr4
z_m7#3*x*l)@I?nJG}in}k&6QHSE!WzO@sd!{kd+PjM$Si5NOfoaQt<>#|#9Zzn`Eo
zaShh9t=Ut}Y^t0|_ReSYhM2>&ypQfeNNf1!rZCueQaVa~@>l7DmkfDd=DhX(P(;U%
zq>6(3ra^a-+W5wdDeYMPXwo{RB7VV1eR;{>M|0zkPyG_BCZA=m264_ZK*`GC;pXQI
z;gKr$k2;F&z@WvTeGwJtJUY5hV;br=`@cunK&F}Ip-bQ=e)?7Y1;pt}6@1;i<|9EU
zk+|26#1f5GSI*_;N0>MqtYH-u4cf~Ju;#c&RaV#oErr^lI1T0ud0qQEepUReAS;Z%
z$xPm<WkNj+kTHnRyF{)T%_*reH!+EUNaCT6$!_h%))kSX>^8+ryXgkE6T_9pXBo4j
zUPzF-KA8(&MXl<HIcsnxvA||2&}1S+m_)u_<-`|aeU>~ASu)JJ;S%JAQ#iUE<Z!0;
zZ9Zl;%cK9hSXT5gc)y#0iQ>3th@%*Q^|h+<58iTvTUI}NNr_2v4G<RD1M@3Ooq>^3
z&5*MYDgF4E@o@jTT+)gvo&F3RJ%QzQCM%GOA|c(+7fQC%*rxVpbmF$+rSSQ|G?RMy
zo!>|ZYBw~%yYuaq$>j}o@)}pCw>Vo!GLD<JM2(;pLB|!2stYBP-4kj)$;Ttl_BjpT
zsP~)EP84%ruYMPMZ#f==aohE{*$?4L8&DW>55%BLIWWm2+HG*+fpL45WPaUkSRuPG
zXA^UO{mx?1LrP4cmCj>T?zco(Og`y~dkzXv#q=%=RkI$ZiNyB&JvpTyor+@aB{DP=
zEA<0(y;nK4Rr`;3wfp7uD^VPwf^5dwy!0*#!B$#zZ>ED|H~qgoe##3$3_jQztNNA2
z8Rctgh>0>w#LBufmZ)Gz-Dt~8&R3`~<$}IKz$TGj6Iv#5W+olD(Ed#eUIJFEK&d>5
zrW;WSFRO=&Pg^B7Vz62PTzt|2qR{m3)g!WYHXihbpVyAJ6F<%WGA`KfHcXzH*2$!k
z-4zdte+Wxwu`c$Q$qnnh0TFMj>0s}nMei>8T&?p)SM!?EG|=pOq~0c09eF$ojVn>8
zHe5l4#O;f1hU&hasFS!(kOJNj5|d+Y`nOZGGdUCSg$RY%3t55pq9;=m)|pk{PH^ih
zK-&@5dZouhy`wEdo;l6C5Vz)?CHKJgnn*2JMUG~n$BWokAjmBVsm@yndl!T@>C;sS
zaLQ*ntKocXi(bZ=^ogCY0pp`%P@@+8zlp|;#|vqyEesUSbMa-T+2s9vp0etEpZt6R
z8a=+^f8M=%x%Htvw0+)-$S+%c9(J|NTlagp`5BtNZUEl~v2OYkf1Y_eb7ouusQ~Yj
zZC0K4EE9JR4{Khor_`w~@LStzvU_cp9J%Vhpa}et{?{SD=*>$I%P!-;$P#1z-&tb+
zZ50<*rvIG7rLJa$+l1`N+ohWY>)iJW0R^KRn{ZeUx$0CTCO1qG`{9+%*gj$H;_OI*
zJ7jCEKel;mB8G6-m>#8GAwG210QGchX@Kt+V-`;zcrbT3XGQkb!oW|p8ruB!Q8mZ=
zQTqndtWw}do5gX&!^haNoz?YTy&tya#qROwr|J2ubuuB+AzFgw_+a-7d^44Hd$BF5
z=n`)NB`JzmKtznE#klL`M}kJYCXXkN2QBz8k%G4s*cKj7*qe$t!L~^6Qx^^Xr`^ld
zwR@0a$O0@i^F2APJLOX#UIFzI@ZD!x7<Va>5^6Yt#20pnqzBu$;-zL2U(}wMfX-#K
zi*KpoN@;IUUY?v{$BOk~jA3`#90on%;;Re%s0;;~ay83Vow^g7COU$x9!sS#Z-QzW
z6|KUE7EfK%=HNN7bYPLiyEiTBu$YNt?JP$zARvf0;P8dM-_u!C4Q11e34Li`{#>F#
z7B;*0BKY3T7T|51G=xE3Mj+!*=nb;Nn#OE@h#!OYHoz@w?oQd+rK#>@Xy%m}z_kU@
z{Q1Vv59dqHplcVftD<!QQNyhIg-q9-{Kt!C%Zt73%o3u^lg@%_sv{ZbBn+;L7nE?A
z&r-y>u5yArofavXuVNo&8j|j&%jHW+8<r9jsY!DxQanFIrF4INFwH}$$g;5!I;%Wr
zPj=vUv>qU@z5J<nE@T6NZ#F<xc?imvC;sr)52%;w!n?$SfF~gb|MgBuIDXlnT@F4t
z+Ax@~#{9%-QQ<ba4nn97&H)SWAELT;Unex7{N@dHgr%^YSy!{`1@UEDHF-0V>!vrx
zD^#1t!CJt_)x=b9Oj9vnzZ8PNBozL{_?<70;i>*kr7)sERXkE055kl25z#_K^-NnB
z?wS!BF`#cJfz{-1^UpyJb#N=IW|{mnVcmzJvH%I&JnNS}omfg_5fXS1n(q%|`F@^&
z;p~~iTlX@}FW-Md`Rc)d9OzLl9Uy_{c;#@wf<o0oEgd5H2jRqa#|zy286kKUND^S^
z_o%%edQXa&@aPyB$;+Jx{)&{w71dBkju9`F!{wQB<5JEla9utvsd_719WOZjy_FcW
zJ6RA3Cl<H@iriq77<i8b3ctA|p{$(_5wbH1Ka%TX;CGN7MltXm3luRd6681KIML3F
zSg4JOw^D~O^=OIi^@Mzqu0oR<B<*k6+9svC{6ZWCAj1n&z6p{8y{X~i?AzF7k!qvO
z1>yf5lqxvGQK&<Vt)FN@j0uKjA^2qrAKVe3GQ|joVJ+gIbh9P%S|E{e;(|ekz60YD
zIQRWAoNJIJh$P$sCPN4<DMqZ7Kpe|!FGeh|PNwFy?zOVKzLb{E^>Z~``3ul)UYSTp
zPB!+J%A4&$oidp~O*tPawF_9pW-OGeK$74WtT^DDDE!uvgpd~PQiM>Jz$Nui=#6)Q
z8@DFcL;@EJKaYdz{m}r!6-FFg3*}j^LagPa;(uWnDfG@jw$DHpMB*}1XQE35m5e~H
zo?5G{9HXcLWeZkqO`=!RO<MOG!+CIYFOkVo?B9bxe8W()h2kQXNgcUL)fx@M@NP=I
z+?^%*=BTmFr34kemulzIyW-07>L_f5hb8>Ey~$Tta~(ejvSBCl#@bbn3NJF6JFm~q
z2U;`En0Ls~VE3^-k5-7qkZQiBK}@!No1QV>M!6tRkv8<@s%-%T$r)HUr()Y6O+O^<
zBiA5oe+IL8y2h}B$hIKDID7HX!mvX)8Zy7F68o>=<Z|$}KYtQqjS`XT#h3fK(?Kk5
z=4e)ti(=Qz$@4aQVu{3Tx>=0tXs9Vwlu<FZzEq<liiiG4-bzSu(s&d{(m4~zZAq;=
z8rl_D6krR22|BTXH2Tg`*|4DBk`}PonB(--@5ndP-Vqj7MUrFgPJe@KNHZ?#ajmB*
z=FS2f92N1z(FZat2%Z}{u8*faVRgvPgi@R?yc4H7&fL*RnDYLkv#OYG*(MF=5&b^-
zGWtq?{&~9_Cqr<GN-OKSk4N(1{i=DDR=)z1^VT4&^Jlj&Md^C}lq|$?IMYaqss+S~
zVHn}Cqy0>}Og*-;p)qCMGXdL`LTFVp8>8K2KtLxgV)4Wxc(vrC5vU_C16gZJG|~w2
zz&P^d5YLN?hP2a~c}<$foq6PIR6tNgu^N6ZS~)32^PLZ8<8RSZ1g8#sv#%(VDMd#3
z+$2X)`0lEn+ypJ<x%QUyAUCKAOa8@2-7D4I#aIe8$iD^z$stgv;X#w_J;z+azOMR$
zl<dILk+YXejgvw_7X;fn&%&O5EguE7r=}K1za9B$UAmCUWzKE};UL9S7B$NXXNDU+
zDlYQ~0vhlKEwNQexh403gI%Fiu3;agOg*xY;AEUFkvV!5gX;9SL_nL)z)#H>+^^S1
zHg-f;mqWhTBU2Umo9X7C6Q}?*DR_Fs1DW1X7!<=ej<P}+|A&&3{KR~RZ$4*z1_TnZ
z^ZGWa8;eTSkOKI>bJN|`!{tYUpg_DRdHU&~xgp7H!iFmeMMYs%e<`?pU5G+KAePq_
zg0CzMhYvACj#jA_^ba*=p4FwMtnu$}MPZ<`CBBL)PkO^nIMY?s6rOf#?>+D>v503a
z8-T9!OmL!{Pp-k_b16QqP*7JmAetPxp+FyRDk*A&7=v-;kdxSxg#hU*j?hm3DipLo
z{0GDN$oE+HZ+YtcU>-vBY<3EE)L!a7m%|74Sb^ul?*YElLb1ihpXu;3RCCaC=EMDl
zcr%4f*RdzuLo%9`!yo%z(E@zA)gq1eUN|RS>k}yV`DHa%7TKNFSDzX@cB)kszE)2y
z_g5=A@Uc~MEvxo2TH}ZUVswV0l;SLea$mIejZb)<L1cEIpOIgm(@A&>E3#xfgDpNq
zJtYCoVG(<K<IcGAmr8@Y?8BJ$SuXW!W{vI962z-n_4|Q_O2M8yAvpSeHTg;rj;4kz
zf_;w!=5qb8oWAk!ugT%g(+X%!P0tGy0r@n%jC}}rua;3+N#S*^TKvjLL`5|PVVKaY
z%5b#9^39QYd~#Y!Bfmvo;TGXWXZ9VNfL)`%h95wp+~d#L<8NoX{y8)~GwizfWI<9K
zMTCz;CP5GHC{#lc!f&L;{kLb2KIh(fl%YKqQ~7_h*%p=+!91|kJ*BO()N&|>>UF{s
zW}C3vBTb=Ls`S`bw#5wu1B&cGGeL#Lg_+sH)S3x76h}E=2jO)En7tPlxBc(J&G^dm
zzQJ^-1cKV+=I|-h%5N#G+ff8V{%{GQ$#$_Rzc^9MKRGJt>#kJv9}W)uQfpj5ltiK|
z8b4?r9H?#cxoR&c!1tWJ$rx@ttUSe}5H1ftpI9%g7wyr^q%RhmMkRgw-NS(RyLOFQ
zdoZ2S2zKB$WKMic3_ODCBdF6-NxlO=-vQ<9$e`jYNAYY<=gBbS;cc~osFFV_0{ULO
zfZ58Z)1nvU9Vh=cl5RoEd5|<!A}n<sL#Ptd-F$)WNA!Gz*cb$UKa+Tt$PpB#Cx7Pe
zvjoOhncC@k`2y3O>AgR2e=N!)VDI>YnJFbqwpuM7gPS<&6UHe`&qK;QtH%5N&h1Pq
z#p>{`It=tBD7aF-@~%2ZLHBvwp1M*C{Uy{KzV_mKp;yT8n>X^MhG7mPWHlNBHQ<H(
zya%ggD-^wzXe4fbIftX$INLTqc3HBEV*zB6Cx>GbKbxblqDs&~^0mpy2=97R(=&2S
zXUkm;4|fwSgQ}Md{Uqnl1*3@jX5vhKToB`(NSD70QQ1|-`_Hc2j1F$9*_~XIHS0zt
z*ML0A*Zba$?gI0u`?I#Wetts{B^nN`!=(<Js+xsnnVR-y!Q}3xV)0KwwPIQsRnK5r
ztbw)b;9ln6Q!K)3$3dN4?~K}7m291ISX)d1*AeOdxyq+47^B|}V_7wa6ht+ozgU<4
z3RV0qcMkIdt-fTskPwsa%GH2~G6-Z&c2tFuvlCRiAyu2R7qq)wL?Xf2kIiI;Pg;#B
zn*0k3R1HK1pCDEAnIK=an4@-?7xeu3mFQQ<U;$(%BD$+bxSpTQMs#1|u^<l6Lr8h&
zN9ox2sP^c-^sDydGhRv&VV|jlL)w1xV>VjM_DMcymK`5v0{M%;w7|H@6pQ^kX~TKa
zP?Vn->Ff0)4BK0VR0T>R=oYa8O-4+W5Tm#3kjR?dH}Bok^mk~OFLQDzKNl!_#Ues&
ze&;oq-+jT)ribpJim>0dWp(tOs-D4;!c1Q?R^8i&^fqLcHp)5Si_TLzbaMscvxYDJ
z=`ds^n!H@vQ1hk$@f)U$;dvsoFdF;;M`VC)tmiu`XSLk0eukjFCMma53d__?R42w#
zPD2%(_gFg^%FHo2ge}S?Y?53{SP-ry|1V3qW2MaN%zNoFVkjz_+w;a)!hmhM04%XC
zy>cY{kRK^9tz`OFQo}4K^aLFnre<T?PvIoOe>-tRq1`~SxyDFmTR2$y2|~IzGD{j6
zQPvK{%dglJ6Puu~7AT1I?)`tY^70W#scD7$N`0UWGKkZf8|4fS<KR}A$K8Byt!8t3
z{^eYY_jY4di?fR4ndUxo9*;u#;CgX%lalj38yM15Vq|#<{dNcN6LfLxng<Ydc}&av
zC0cDuTXBW&J*C`_#CG6_Q^JI)ne<OoD;h~Pc|nq&lFrhQ^r&Hp+?d5M&e5?5<XCwe
zbGPgKrPEj5eMuvI4;}@)OL;bBUs;=>#xYAd#6M|0l#+%sBR*Cs*PAuN3sxu1NC|F`
zAyZBT*EJg(6ivf=E<Z}fZ?3lH-&{|JvyF->Sr4XG9QNz)6ExYg9zUBK@aLOnb}z&5
zdT*(-9NGpB@o}?gwFVO_!l~mt0?^g#9J+kd;6yb|NHtv|3i>ZHPd|j$&XZWx2X<)A
zGCIz%Zd9c3Ruw<?w$Pm!g;Sv!QuZW?jG8hlu^8g!8dy0Fgp1nIISg8HM-_*8Gd~ci
zFH?X07hW#w|MqhKN3~E`=$QVa777C^^Z&V8C~U0sEdQw%O2?s{x>9OU%V*Evg`{;M
z@0p{$;1s5X(7eCyPX**Zobqb8e>M(U6&6Zk#S?RhLvzXH2!$>?9>I?~9yisd-4I<-
z0>R;NcA&hWL0b@SNMtlN+f%;yfX9CEl3CB5<bHI1<h*QQ%?TeL2mZ~Ls_@y|iHQMd
zpnXtZkm-7~!Ho0aOw3UQ_#{}LPznuz4B$+10pvhO6g2>N5lAHmzQURn1mJ|;Xi^y9
zC6GxD02k=;L;ism2>w6%iSq!v`(1xtZmzP7OTGC)tG_<+KUcc`>Gz}aw&zg84FN7*
zh|5LL+kZIspYimU!Idr*9D4Jq*!zllvjytE$NV!`=K<*W0e@Is(SL3umt;F`pb)7)
z`kx;N!uC*xNf87SnCRBYs;H!#5dxo?b&u%EL+KX(G1Jx2*}43D!tZ+T%X+!TUl&w)
zJLo_Z>+%Sat^qY)ZhrQ9_v*5|Mf`jkjM`Lh)Lkf<Ga{dD^Ll-96o!<E!eJM-uRNes
zWR-&sK+0v_iIm)P4_U=RDGtHq^cdQ`q*2(;=<4LPy=%@DOlrwoZ}Zv`_l0DZ!$|y)
z@p=gBE;^)DzhfC*zDDi3T-{iYE6NWf3^i$rBQ0Y3_lyhM9zj^A67#~bd{S?vdrg|q
z)=M&*FVD}nm?*zjlL(Jf*(~3PVW;ndGV8lH+SuD3&t8kXJokpIIt}3edCbACyRXHh
zlZZ^;1mul(@38BDOkZZZMfLt(chCE(E~^hGQ?Vt%{Atj1cDqRzAi9m$<)(lAA2BFK
z^wCOT37}#LAjRW$TzALgcJ+@j&OBYTvL`^q<9KUA<Z;;(vC?IFzn1aRXw*%3mXXT%
z=n=`X1sK>>_s+}J47L6NOGF$leUL<IEfocYyBV^qok6>UQf9B0s7F!w>kMwAObCSe
z{@mSNeu2Qx8>KFK>eq)h{EPLL(@esHb548P-yf4&TUuQ@aZQmy2)G19csi#s(o|AZ
zG&Cu6Hlbyl4)wZir^7LNIasO6%F4@CpW1G)VxvUDkpvBakD*Av>aBO*&IosEm-ADh
z><(#}rhNQ@Ql@rE#&V~WUhi;^;JG||^)2yv#vMRx?QXBIS={3{E;j3?#5C^=998N`
z34^6C*8^fT+Z;DQ-yRUXLZvO1DvhZ9o*)e|D?-@W*=t4(mjWXiet)kB+0^iF>jawF
z3Ohys7gj&BY8!YNogdjPduZAKWxl@J$@{y~sNrTA!@@M|UOoKs@O>Y>c6^-5PEQQk
z`Lq%Dg2K|BZvCtg2%jti3U)t`xW2sdegthG;L~%U<%j4E$(Y~1z2fUHl?y4c@TImn
zo(2@OcnnQ`fCVkjWp=!-$QLCihhmjJ4b2LgFVpXlrdA9sbQs}VwtU=d23<4T>>t_u
zWwf1FHlLN@dGEEXtGi^XbpqDQ!7R!rq;ocDp;o7P=I6s2uWg&n97dbPqsv!VI-A*f
zqn~uHI8BA}M}OnUWFQf7cNDCqqj%8J(WNB?_+y)R&%K}BUpEkaKs+BlKW5!&G{p}e
zuJ?v$-eY5bYdKt9|NIMx=47S4j;={AKRs19(6)Kp=q7&tDb<)nQ1U!6vHpw6R|J+~
znSb^xaH)zA0ET}E-HwkpaZF>d2!vQ};+=5kuzw@ne^$J`IiMUa&cJC5aWB~0cbHhc
z&-pPTaJ*}*YhX|y&$qvj%QhE#_A3Ta`!B7sWTdjM^bFmiv;AAYSljzi+?4t`N?FJz
z$_vfeqVPi`uo-fgm`bIyn^n5#-q~=Pjytz$wCkrpuz9?cE16AZb!j)*{heeDdQI3m
zW4|4bNlL<Zb&;Z?q_q25ROzh0`uBN+I`$3_dg0R;lU%nHQD%+1ep6i&laetsvw1g{
zE_L)@P&0x|C8U4<{(XO%Xj*mFgrd=^X`Q%LGRH6kk_rFLd2J)z){sA30?4nDyDa_T
z9@>=w^Gw0|;H~Rq$9jJ8k#yRjQJvG}-)5z(!Vvbyixqhkn?KS|D<uh6WLEF$UI@}q
z1gTkt)BQDjWR~mo0ry)Tzn<54-$p#+4<~tJTBOpNax*Ug$mEnondAKh(edx>u$<mC
ze}4MZ`ZFxGaz?7Mg8G>PoL*gf`+CAv+N4I6M%x8X3%#73E4SH$x}}wozVmtiw4I41
zs>{90-rxkY*%Iq-)W-`qN6WWkBQ4D?Pp~Y<EGN1wK<Iw|8XfO4Cj+*N`Qc6EUr=&n
z6Sq$0XK5IH?;ebo2k&xTt3G~{UXPg`PtEf3m4N)iDi)FYz9&vs0u9!3IDJT%zAvtX
zSP*J~KTk>v(0dBaVoBMTZv1@?xhS|B^HEuE^=OOfAOhr88rWwa=)>DSj<dG-Vog6c
zO>AmdmBqx4qjiWn2<X8sd7ZaGxjf&NaZNDL(6;R^)?LUlXp-mpyF9K!p4s?qQiBPE
z(I~@5MnmF?)|ZM31xaNF^G7HqvD^=<F4v-H>2}q<uTe?czTkV@q`Vq<X#26<JEgKQ
zJG4G)6Qxa!tJs~l&wH4;9!(=}MUlJQZTIv+-US0vl|-oWsTB_7Y>c<w0=rJ17L?Z$
z-O@WdGZ7itSDW^X807cW%Jy~~KYB_^PDNAVfDRR9<>cbsKMD%VTExyd{*M=OaH~UY
zYJh5<$*<r2REh`QUH|@ntE{2t`$rFn^R;>YQYp7OKc55+P}9&HFB)Afn6b8J0xOz=
z@o(el)kbni$>Rkto81Lr=Ibm1JT7w$h|2zY8?XI5`0ur97q>o`mGNn*3#;zk;5oAk
zWQ0{ZT3%l1T8MxE#H`Qr#X)-&^3o-7iLu!#^*yb&3NM*^e1?~+8B|*If)!(Z)PNH?
zionOj^ET921)>u7808*yFBg>#OVqlC<I#uIzLTZAE!i#n08b0Cc+y&|e=GsVj>qdH
z?iU1pW0XIlPn{xOv*ya{Z*QRD4%^dmRfjQqWY>}@>{fG&xKt2c&(#lJP|Q{{wlG`X
zRE3gR0)n~tye@@00p`-O)+d`6WtZoPy>@1{@|topJ8Ktvq%ut+Z4dd^M=ud-Yfk3{
zA?03MpY=qXFj}eKo6erp)(|kZtMD7V6cpx@X<$2+&Gw2Uo$|s)zPqMm<}QyZR)(P;
z+$5NlH^I~B6Pf&Te=`VK?$^{6OWXM<3p|_mJ(bF}M=xVzS2J;)PpxKqVKZ=ND_&RA
zF?%C4Levt9<sBI@f3l*1(q;uBxn%dJV!F&W2dNRPRtDqAb-@O=eU4g5+@9&hwxsH)
zMN^u51QQV^ed~zKzfd_HjyIg9hXc{8o^vh~;#g`_v)ZhoomBHZq|-Ufat#SqsHdZ#
zNGQ?Iqmm5`H&!|>y{#ldbWzOapGppC^BKQ9;IgS}YG#s4>7#~$#lhf@3$rlh^qcIi
z2aK(6W<R^!Gt<kR>z(%1{yAk}s5=iuuPrdsJ+yqUo`};3RW%kf|9tU}Cv_DoC%sti
z0D6zXS}s|XzjuM_8dTTUj(aY&45i+u2_QqHusb0~sx>k4yq%p+tT_e{2CfZddG)nE
zx(v|(Qm2bBU8LnXH*qF)c~YZ$@A@WYy}wM+h^%`+jB86gdPN^ch1IerMmIlN6mpAM
zMVA-&#gRT%fR+Z9s!KpPl8nRUJOYlIWxSkDf2MN|F^cOmtc=G`cy~mIgL2Wl`sVhs
zTSpH}qRp`nL)AOPj~vzfz0e{)#a#?X%4S42Z{~+1+DKulq*(fcSOz<O1|jVOo?`fi
zfUt~o#yN~$kt7un(V+CjdWF>*EvK6s3_Fq5B1f&Gh0sMFS^jo1i&<v_&|rhLg@kBS
zML|7$%D;qB@1BRG3G#0Dyw)!$%Hf=O+W-FOTK*}$D_L4tky8P&DPvUl@te|JVqhjA
zGnIO6;T3FRd3|Y3daW~x$5Amf2}watbE+uV>ZUhN#Y`^e7=KdB9%n0Dfi`?dC8mqV
ztAG}4qw$LA>Xz%<D;^j*%K0&OUlebtPT$}2{6M3skG^ISI!hSIij@&?#h(hVyi1*u
zM6#up9bZv5ndn`)vUuD&`<gbW8&HcToAZ+s!r_G#JXVJw8HwPhq%~ZH@ZG+3-uDD+
zVz<BlQGN=3*hws^Z#2=h$BcuT^QT7rtW<5IUnGWCCv2Bb*kN^eSzn!aGty$@bUz@z
z9vD-S=g)n_V_SdAbIXD}OstK8;uJ{otttWg>ZL8Ay4WE9QCDSCT@swo(1d#=-WqbI
zd_Z;Gy-MG3tflsz9}-DAD>x4RGDfO5bm=;~lr&q#pbOpSZ}40|^eYBC0uhV?jb03E
zFlRVln?y%6U#n$MzSp0t>?;wB3<k-pPVMsVaVj3q8#ujj7A{uHO+&FEddu1RHulG9
z^{w1cvRhw}zF$4e&i!mkcul?0Y>WpzenEx&%i_ent7-}g<IxY1_!wUc|14#KiG?!A
zdJ2E!7L*m+YMWSaZ#5fyMJ{1r|82g$ughSHhM9ykUTW1Eo!}AFOIK}z;~s3>mxh5y
zXCFSGds1_!5=P%bS}=K&v5%CLU%V8HZYI`MUj8r~PaeM#tD8`b?mfXpaL$BPQI9R<
zLY~aZf0rs!cSw5;54~gnBrfRpgXeq5nu-hQ#ZuKAL4o41E4oEW%|SeTJ7&bQ_Iee_
zqF!@K2{9!yIv!n}Bls3^cWq?TZF4ft9<IW%w0S-_BWSDRk@p)74wbFC4yWGTVq|R0
zX3p$P0Q5A0!4B`;SS}j<lFbO-$k+K3bM0D$8NDaYr{8ucx{vI98+njLs33`2*S^5`
z>q%rRO4$9PNv;)FnoJXqANCXzXM~lQMvH5P*NO^#@97+mC7nE-E;8#?Lwp6|xV@vI
zx@3gx^yv0EZ6gTWy&jp&+`#-26MbtKZJ`zc4H5X``FOc<9FuEEb^E%45QD7dP3?>^
z(Ofmv(NPyB^SikAWgHdv<Z}01*>Gne0?wNcwTTKNiPh$)HklPI18ChtW8cIYcCmGZ
zPNyxdj&ab@YE4H^jmarOc%<B3kvJ-@R6$70T%%1~(cE^!q3zeGWL~1^%KmS?aR|Dc
z`j<CH2*PX<>PG{8s2E0RGnV(-I{e;eCAcd(9Q4juU{qs^GbTZiv7iWQ9bi+^QtIOo
zEjx39lq`iXEqR#DDyZbtGAehuS_uqoDNuhO5_zlZHyzCHo=PsvL(##^def-dY~o5a
z!2;8O!c;%7AJ9~+mUh}?&86VDlKQ?FA&%rX<E+>wTTk;h*Ilk3XeIJ+1oX<n7N)sf
z_9+xx7UOaUaI}F_61D{#fpI8(@elt}2+`v5-28aPi`7ikf6SbpE`);r6U$W&w()#f
zk1;iLt|;C=EU*?{_^obEF7pBLj0zKlxo60cmJJI?S_~}+@gYkG9&m^D`)PJaG_g4d
zVXClT(fIDM1uG{fJkC_zUuu>DmH>vG!XXvIjLL--p3XdUF68o~)YX^nPMfoQ6Ll!X
z?SGzUtb^ZZMuxCcjfszmdhud9VrKq~gy7LYiMULTdLqNeX4FBuing`NE#w2wMWdEu
zBoF63vjde>xTToZ`BBDk9VWQpIc&&>?dha+p4m{h-OvmN=l!f;YBENR*`md|=~y|Z
zoK7TTyFiQp`(VX{6o>0f?LzbU-8iT0#u`$S>kn?K;|Kf4PB4~qBxV#H=vt<cj1GJR
zPHr=A(%QeM5MGc`8pT{Jy{Y$V%5f9~ZOm4tHB9u?^)^f~LVaoF)Lo6Njkh$TToeY2
zb<L>1(`}Swr0NT^E2f!gIFn(xn@+#N;}3Ps$D>ElLD}C){Eman`eXc+vopH#3!I-*
zrdOZ5^3!lUiM2{`-4d3zb7q_MF@%&mPo9ZI=uYdndD)AZuC|d2*xIDOj-edr=>nY;
z+<5BXW2c~=qbz3bcxsb>cMTJ=K-AG!MEp86VJJtHZD#}^Rl8cGw#3vCCeN3nl@{d0
z9N!8g8O?c>Y@H`}N?NZ1uCfcu2Q>?S>2??)Cbw<52%?76<PHVd)uxo8F4>#rz?gHU
z*1C_O`cZ(MX=Z8O!8F$lm~be*%ddvGTByKG|JIZG=E~!jdPD|B9ocWXd*YCGB!waA
zwsU}xdW68Sp~;ZR=D>ocLSwyFR=EilBr++Hh5HA>RCh@e46rmNOihY{C7)jr@lXOR
zbjS(8%hC0X<P$)=fM8HHa46xDladfo#+EduI+8-|GZrB5UfEwoV7dLe3jWvQOJ6V`
zf&~>_q`ghNcO-N|4HcZH--S9H_ed4-GUp5@sw~no!Bl?JRVAA_56<)lNGQp1J%&NP
zmd|U##k_LH+>T7&hFoIMn|7F4ed}3HU0sQ}+;|^lZpie2jL3giIaNL~CRs9I;a>U4
zC~9oVS=~^OhD%F0HfuEYOS{ToYorE}n3&TdcMpIZJia3AX~*a|qEa%JEhZa~=ws`f
zJ994aYZiZ@kU!|2ywTNqjs6jV<l1@mbYf6Dnc64Fr@m{Z`zB|xkQ0K3j=s^Fp%X?H
z2zgIvFxP)1F84U>S;*UifXjX{DebX`jW3L>7wD)LnA@c&>dJ0=w>pHdaB7Y(|9cQR
zO|6^-G>GuwEPq}lnXXd7=Moi6335qG!N&mHEj?!!SQ2f^We_(1>(T0V)Z!p##G7DW
zBJ*dHLOygF^t<Pav{zxdOX0FTfvL^bl45d9O3RrR>BuhfNa-u}oddR;Xo`EDnb8nv
z`Iqp8oIKK1I9=^%^E*C|3ekAd)gSd?oBASBPHRMI$q!IoxA~WwE}q+sz}C6`P#{Gf
zNLt%O0M{xov~prm7T0mE`=?$DCYzScyn8CWZJ6ua!LFXP_5E%B*v{fSS0Ud-b%e`d
zz|c(G;i^duZF;Z^4FB=xwAx4a?4(xv?qw<)0ZAw6sx7_VBw?G7jWMbO5^g;hVPVTc
zJjxB)4%EQ3;NO5#Us-*5jn_$fU1wETPO#|yjFG{v`fkoCFXKJWk{!M(Oj@n;)G)gG
z{L@<5{UB#c=Vq;ao!nGJAqQa<`>G5!hr#zzztxqT#3uN2oTx%W`uhCM5O?t!-HAZi
zeSh{^F3W4jO20q7tqBGM)phR6U+mICk6dedmz^lU^%Rny&!{Vsp7K&pru`~+nQA?X
zdIGvrguxX<h3h(t-}`enmRS7U_t?>%O@}S9-|GD+iOXmZh^L52Jztl_BLh_vEHKhs
zSDWwyD-g@OH*Fy+fwgKZ_WgwT^yK@-fH_J!Mt@4akA%Nd>2EXEVG~y3!GU{2on6Z?
zvF+kQ8S1<UHOFSO|MfuQBO_`GMld)QyKgaOvDh6$A+%?LD{(tU62}`7CVn)oZ|=Oi
z&T@GT1uhoKV@XGd^_NTgc_2W$MtD33%~U;K-B~K0swg;BS`IvPQX0*6nEL|jj<+zx
z(od&a-FeFK7xD^2UGZ_Z=v@Yuh`^rn+R&PTWIa$A#N7>g^z2oa3@vZT801o7oK4xx
zt?SO3%x81*epds0*9jx+Hn=9v!^Y#DkcJ|D>GE6>SP{o=QP%W??z}dke@b3yBU5Cj
zoeQs3=uWBh(;sX|=@Mg_u$CDdNWTO9g`Fvl4I^n4?J?a#n8m=7pztLrRhxN8SV2XY
zAtFDpRqf?pAprxC<1{L|GX*8N0Ws56jiS}@?2q}@>6ItggKKWr`NL@MDzoJ*6N^J$
zrWJw^%1Wc23}Edp3%xoLRk6c=h*e!7ztyE;$_NTE{*ZDv;76qw1N_}@7GfcPjb1A|
z`i3NHoiuxGE_z8`ZHkSFeW*hQI4u_6p1fq`h%x^EfQtW@*n1V}UktRP*#e0q8jY&+
zgN6R;e;|QxME^&Sc_K<qPFmj2)rjx^QUFx|vdLaxU;vZ`Py82OpKwV|3nMk$XsJ8w
z_R&ug0w@7dQYb<tOV5vMMx$5_41h2oOgTDJ_}`R)4Qp;l69dD){DGz&LtX83fBNg=
zV}1ci8x=q)2r`TekB^T{EwQrvLomGKrj;#KT}lULu$kD3ulfkEm6n!XY_#E%?fZR2
zq@<+GdzZ=N;I{1D2Xf`x%@-w-DwJDXEw+h5=PTSUH9cO842&?*&=M08c2Z(u#DoF7
ztleA~KAZg(<rmbB==PT5YxDWxmc#MKZ@JaCK3;_H^xuZIbBL_BIx~>5%B!!CWx9^n
znO|n+<Bz!*R$M7OA1}Q=PPceMABy0JhyTG>0aN!p>*G0sxBVUA<8=;U*K4=GBx#~J
zQ@z=mf|Yh^T`D69z<&4uREqaA>+@#wHLG0#ttg~uDjk>6@t2U0Hwo0j!UB-J$nJb(
zeV6BNwwvApD+)j-TN{>}wbbi(905<08BN{);_sp`QaK@_-y0WJ9lp~wc)rwWS?5q;
zKstP9v?L_(x>=l(6DSG+_k5kYM7h3wz-_xf+M7+Mx0}@3e9tZ|4K0!YS};uk;8UZ;
z(nkb-M+n(qiOFuBh>(7(#}EyyU-Wf7@K;zk80vEreO!-SN5z*-n%nNr#0exj<#zvH
z#JvSn99`Egn2-PgLI}ZwLx2$69Rf5E0*!>=7Tn#XA-KCc!QEXNcX#(daHnyYBH#PX
zfB(7vy(4$c46D}aT1|D;k$ujo^E}Vqd+lRNgVn~?EpbiuYwt7;_g@Stm4AjYtTuP6
zvxK3n5(@V04<0_G#|E0NBI^QfXLQ<h>NV}B8HZP@Y$ry#M?jC}MFEgx&*moWj#|q@
ztw1{S)rM%LBdZCFSB?PtPN3zCBR7CLpT&|~OV~H0GeT45hY=Y80DJ3kYRkSM<VO~h
zm1UZ5qazgyCh)3@2LRN~HOtfAgUx_HVn)FWgg0Ht!Y@y%aN;}?<C)F2EZi>HwQgX<
zAWZu4qtTOv<Df*PZ{Iux#@QiTrcsrMXhhBv<*nX=D?l$})e^QMU~d87=gW=|*oonv
z5<YAohQC;ZxL>U4zso++Ii}N{^q4cGTF)kd$aO}4G?p0ec8&bz_J)G*p7{`P7xm^#
ztTVpgUIbW|YRnwT6l_h5W{SbV!FHRu)0nkcgIvJLoHUrHOXMnp&8jVfqK=yA@bnaU
z5!YcEM0;GWL)B#Ttx?J6S8^T1AQyIle!e@Arm9lyc25F;n;xtwlv1gY#t(pZ&zAiP
zlr<U!F(*9eU2#C2`^kX2*+L0~(>gLBK=<@F>zI@p3JS3@@*zZ<01T?BIhyrp(^Khg
zS?e~^eta%G7+V!2<V=GV%55mJlpKnPO(}z+evZ(>0)W#e-&k`gms=j6^~|0`sYQPV
zSDj7ugb|a6^0{2vkb*Hz+CnPg-BS|3Xf0ojCG}4Cm<fm>o+P(eTGd%48j7WCueP>z
z>}S|7gIqK0Zw8gk6^qme3mKng5l1XTDe!ACXvy6`BXQkFk3=At6TSHvX$gu^qW>=Z
zu86t0SrN5dZbHjMXZC<Xo$Y>d<%vC+d<W!W{z3`7hQUTN_^U%q8>^dj3=;6f3;Jh`
z4kljN<sMmv;c{)Q{_0qAfuT-<93MMs79V~WrvYA<@nI97=w9gZTn*$8K=T~1$ew2u
z6!b$y#HCw;&wuD7QUdhOjK;!JbCOrUuC71rmq)-3pemi?pvntMuv8zz$2#ka_vW91
z9G9Re<xT_an%tDe7LV6UsQ4T@L=OOlUnlfSrl?(MO+37&!T$a)O&Ter&4&I9Nuc&8
z92@#n<q_RMW<Q79d5)3x?s<X+81%J{kVC6NV$q1KNVzf9AEsq+`z9q>WA>6=jrZVG
z7;OUd8=;uVeR7CUkxUon^-7aY+lXxEZtcLqvC4kQ*Yfwss#0Rk5|2aks57OpQYZE^
zL0%hJGQ~S3+<1PQ8i+8D{=WAML^KJ2%+0tKPp6zFj&)cOi)TQAZQS3YC1dS;q^AcW
z_Lh{Cz^?ynZHoNy7ZULcMypBXa26HKIhs)Dz;gz|t{#?7bTR}}5M5pF0bC3#n)q0!
zLfFIGCq4_56##y2e6_)`66mH(?frILUiAMCXZ+zSh6$M?L<1(>Sw#ZNB7D!qznPuE
z3%OynoAw;$y9rC<J`*%wPO!njkCnR5XF0h=vla_Y`x-HAw!93|`$?KfMa1o#u`_PL
zzFqOWqg(WG=fljft=0T59qCkWPi?Byp0I&iR6?7Jo1v|~;k?Sw3*zx&{U81cq8Y5^
zm+28H4KS_#*#mzoIUf6+p(-#4PZMdpR711cyt4ieord6n#-|$~a5%T?42vDi6Ua7E
zVYq6p#EnF&+dp{yl4Q0#%HW-nZ{&EzjtzEw#Ak3^ky>2qc~sYQic5Y_VO&S`S;83(
z($9~q(oVqkAWD7yS0<9U*-2nEp7NX>!r8RdCDaQsjNlSJ?=jq*?S*g^^SkT-4s$)m
zUd5t0r6hd?_QNUsnh$xwr7vx8=pIXYp4o7G9?&0Dzq6a+-x_B42x@vCD+Px#*Zf%4
zmPz@6(P2aA2Ftmn;xu5XCNaBI3S3lD!tb=@`tkb|?<N4pPRk87+wHSic3$PPK%Qp>
zWMoIRUIyq;f_1nVH4#E_d-~Pn<T|QS*bPWwI=RF*!|}DaC}ad&ED78;sUmp1)<U~Q
z@XMfAIw(BiYpuDDW#yWXl_0!xvr9Jv2DNsBNpH;k(J>4;q%&}>+ZYw&9=pX6*ALEe
zgxAD92Oi`-w{P&k$RF&^K?jeGZ{ex5&F0*;gLHNZF4p`->)MMJszR9S;KSRaaH!v=
zGD^BG&MIRfJ;F;U`jF@LNGKNXjhno^4kZw%ZpvtnF?fiKp>I$xqFTej2`>baq*Jfk
zAMiO|K6owf7R{B#RLE+k+8=RD?k3r9<L-o0&g2E;U(jZG#n#rn)PU;00DrxSF0i?L
z;8lk@zvv<X;#}J6*U-E$A?bgBlzLQ+<bAn~x~dP_p;w-kpPz`V=2oe^#OFppG~(|a
z3eudraUj0P{t*2fAMwRvLA~>R>`k=&aJ$~L!ktMhn{011sUV7DQV^)Fdbe|?695^J
zM5l@zgJMg6Rr-6{PR@0WHRI7lRO8p8M}lTYKqh1{DdEh8CTVS$MyKcX>>C*dqxqFM
zuXOl%>~m#_Opw3PyMFJCVK#Y~i7+y;8C}~oB>Y;jcnId%Hw&5nB>APheD`%91TpL!
zk2g@vmO>t-B`*Ma0=xykx2tVup`|W>Czs>?NDGn!R0Fi1=(WDH?BN|qa=YTT4$@9r
z>X%H^nL_|Jouw~>aUSUi+=&evT5wotN-?rASn(j|JQV1qV65aZ{Zj>O(<Sv`DZucw
z*#mn(XyKLWOxenZH5=4qW&7x8@G<6cjOFF0fZ&PMR0);X;V7OyNv+YbxiyG~<1TOK
z55}7u9!Z1Vp}Y!^d6#r0LDmEA=$7mbA*oQ?Ai3P<;riZo8yUJ?Ly3`May3gGEpV4X
zX}`zgoppMOVv4g?9HCdMHSh*GAQs(c-&{|ZkjDujYGNOUXeu|{{phmDbXq!=8ZPRU
z*_Wl<!T13(`@2bHxJ+^-*XaJf+87V^T&s^SuGe$&J{(5s;eZA(B4at2y1>Z69_KVO
zmQhl7{ZP>5P{{$bJSta}tuJ&<D}PE^rJJgn=A)}_q}aeqb{rG7P+%e;+oYX2VT*u!
z`)sIsJ>oQbU<Sxp;E$hnRULXb)CwwDX$pBUm08MRwt!U}a79A!9d)RB_vJ9jSD~`;
z3g&kosDV(afv@vOJbQh^ffSMZA0A#>?lf{olIS@0<^_P5P6AmJ=7`tDb-p=>Cfa!b
zaKef2#|>e4CJD2&&s+ic`A6ktZ^7c)Ej)UvdrK1)b2<-+__Ci{+U<<UWR*6X_-Qc*
zaoAylltpEhAPh6(j@}dMt)12$X6A6I!0!q$Tn-bG!=>9d^PW11C`DB)Tl6*JJsG+N
zEgEN31m&JD!YFF@XLTefu(Vz<GTE`?R3Cp5xw?k6F3y?*a6%siy8T0EH5i^IK4_1H
z3hbn8tkkd1pk%zqetUd_Ij;JFyM5;&2+WOD&ss}2_A!Nnjk|ZVeLS$tIZ7{zcyB*i
z|Ci?p&27a}t&N45J?ycuYVA*<%MT-@FmWE6<#!;zkK3j{Y{n?fZR;!L2Fd2<N|IgB
z0HpxdNUTFNjazZ13kzdJcH#6|+040zLGJQ&PKA>3S~?!9$-_IL@v&F*wf>ox`_XLy
z>~mjA<Y`6@ho{gv5bW+M<v0|;P&&b2s|B>W41`dQXsgy^D=Mipa<+`Jl&4wYP~mPf
z)luY25#@Zr=I}QekG_dNi7t!Lc=3#D4Xk6jT}$)Et!k-k?nX1qUYTs@3vIapv^*MV
zz(}rVtE|hK{63N!FvvFE!(`dXNx3nZaJKkq*PnvJJYRQYFmVJ<8;3oV!`T%)2n90D
zCDU^kRt4=14KFXGa=Ayee&G`7QY(<dc(LNsH4fr6GPXIIclqhRkNqwq;Po?Z4mUl`
zn%kztI>#=R`44Jn;3_$7*0JGmNaA*4P-}dGhV-<qZf~puy=mT6;`YDW3B9uIK<T0W
z4~l)1G=^+cD;{R3>p9zxStX*ecAziQ-_69Zj7q(p5yn_jQm@o1)YC<pzgZ1@&$(R2
zIz&dqZ;xE9Uo@@<U8;Bs7Sv`Nqg;i)5ZkvOui~P80K&jZwK%5)utSE)c$EzpU(W6k
z0V7g6jglGV__wUM5#E4*%5quK5HzYID=&<adBfimB8XheTww~WWTFS=q0REmd29mS
zx#orC1^$N0kzJ(}U?go9CPK3NOfT@j8fVWD;q~V_UDI2aw>=UKB?v;WLz|G=p*g&m
zBN{iH`@F`thxba@@oBMa3rO>%m<1Jjovh`<Le5bk*#WebFZnHhJDO|oo0->$-m{HC
z%d(L%$qBLoPH0pg4^7G_$wWa3ExHtBJbK-WoQZ~XVf~pXuxiWmx%|D(t3=$EX<(j?
z_lLBAct+U@r_J6}VeE)~ZRac^>^5OX7$(X2fDzu1eq}0@%8P`Kpc+iy5yj=dthLD$
zi6nkV4=JVmrvE-F&_#d&ji9h5LAlHpi&T8bO+e^m_L<CP>xn1;+RDkj7ofQ<sn6%9
z$Qqb+@$)f!pZFc)Xlu~`uj(ZD&HN=6`(FL%tJF|}M^DNOFYl^nMM6MyH5k(~9Eq<#
zDWxPYjL7y>AA1q%gnwgrTK+bXY}{0-az*8@SuG1<mp*!kx|k>~*NE@Moc*e|G8o^Y
zD$p0_Ssxr*I=32f2=R$#-b<jYSTAReSE!JvMI)^%<7l=rOW7H7kLO#eGK(9C8$dQq
zR5BoK?#l=`{5i9b^|F%Tqp8b}mdWEB-#%h73=_q94KFo1I5s9Jy}b!Y(XkYRDQAN6
zF3=6*^Z6u-wNPP6j2B5L`)8?NdVhH&ZgY>Fuis@4EU%MpO4YAVayM}3P<Wb|kREiz
z8-lAYbAia*SRO2Sw`b+L#Dm`CRIj%>l7|MNI>cY?{9PS&7=%$3dn|v;eMIpB|A89~
zX7z!D{qFu$Mr@yAm>HU|KzeHDyy}P|#*eyte3w28l|&I(DVxhx5MqTNI(9If)o}^a
zOb1>e3`DPgumpIln$Oul_oaWKSKoOG9UTlUBpiMoF>6n-f)dMCm<NZtUg6NpU0r{(
zo(|d8wC`!h*7!qNav22Qk-%um)nvkKro9jxN2d!(Cz~Bcb%Si&@3V(1#jveAXbPo!
zmRny6)?H1V*lW826;-f6@D0}cIQPaI$Sv)kD)`#v_sE{`nR5@F&Gc<I%i97B6YZOB
zW6tq_LCzx!`6jD9f#oI|ueV5lF76i0p_c*Ov4k$b%hb$T7utaa{JRGh(J_^sbmDuY
zF-{F>@ZbPLJikFibFYo*QoX}u=OiEupeX!a&grric{JlA^pe?O>=b23F;X3wRE4oL
z_phdN>^})e0>(R^|2ce^!7_NLh3~Q3dBT=TvebG<SI-=xN&=bzdC>N1vAY_CeFrt;
z33h7GSU|zMIbNmvkROrgNJFk8t)k+Eam_#@B^Ox<ABLao`J`9*5>DFrO5E5I+3EV4
zB0IbO`nqR?_0FBv1a4_{`w96GGRz{1iH#u*0;ZJ3rB^(%PaBDKc@omZ+1|^5e*sW%
zA(NRI>+>zN&PQ!t>bI9vg|GkpQ$2k>EKKZO2q0heSNKeR(F<{K-nZ=#nEaO%6zhvW
zrAEEI*~%~BzE562fg;|%&ljtAass4N>Mc%ZqbI&pe-*GNpGL2ar0Nq7AnPIc90KOI
z*K6crfV7bp0GSZ}%>Jk`T@rnMdU^(V_$A|iO2A`JMp`eKm>g+OGJEKjALt?xGy85j
zO^J>&Qb<&kvSamd$?;L*@H2p0@ms7|4KKojWj`_WCC<0^{6(-Zj$3dntXRKcR8~}$
zV^}Ohn{8I0`X4(+*D{{~DQs;1_iWAtp-)eCySH#(4TQO?X-GLyN{fTP(0^bv?c8n^
zW01G9$bYBWezRf5)L-^vEYkh@!s7At5OJ9im?i)m;{J@s{dQ->4Nx1RJlep{&j&Oe
zZr(hmG-_OxqqT_wP|D*r)5hM$N=1b^H!PP>7dM&Hs^2`KccGSLU5p8~za$1iUX0Ez
zq#%{Mo!XyPWZY9K>mEm0u{~5tYb_22HA|cNu25CTK>+P%&Cw`za(cj7g<8FHh$LRf
zSXfqohokEL@B9hdl@Y+N`S=JBtJb5OZOfvkK7mA(v>rCrhxKBFJa!L&O!b9$m-|5j
z>ahFrozK<d;mTvMd+lNK-noUcG6yw3_-;R_v~Cvzojl?bBVtm8Z8fW#aZBRT4YEF=
z-|p`22}bUZ${8w4noM{jGF6fr+ZE`%K)eoy!C9;suwPg2M!=XhbFgw<gxT=o;ggGn
z0B-e2fW|4t-SIX>Bq*-@tX!+Z&1k0r>ou2<{n6az$%cWu8J0V**(*XW=Rwt<ZNg&V
z)H-OF08q2+@`w?61E7IGs+2rwtFK?bI>Qco{3)I-R06@o`S8)HI{*ldHW&+9RmDnx
z=b_UL*8PG3&t{wWMLqsa^f5<^i%WYJ^$Cp|pq{%FFg3w45c1I!#V{C3y<F=#SfrCr
z;;|6?@f?n&Vk>(GfU!DZKn5h9hOVz<t3MPsQU+)%(TI3EJ#25bPE#5k=592a?Uy*>
zY|c)LRCg$ktkDNr^z;tA+PDl3;kf<jXDjS(Cvv58b0i<T7#?GSx0(C#LT%|0;5Yn;
zu1h2w5Lk2~iTa>t`_gzU=*MU-tPxUL^x>~?NbyP(a2L;Mg`BSY<rRHBJ%u<ZsnPUN
z*35{&X<Q5Kv>Fx3wDGC4)aK_m`eYa$=ZYmNI<g3;c%j)k+!8;CWO>slMMrv`kitlJ
zyu066OWLLSwNOuG9^5ai`HkCfyvka!wCY5m=d=Zh+>jh3CLgUP5vp-xL&3!DrTqEM
z^09G1!n-K!7uF7_BwkCKpXfHMZ7(@|zN#m)9J}3jr+uA|O2Atr++$&7u>g(wQG`_&
z!KFYtZNF79z=w&9p4wW+pjP*LD8*<`j^KlrDmJzP5<xIUEHeU^IR-ijiur*EJ`Iui
z)<bZDP5hSm{V(Jq-q)u92!)Er&MeiHK<PODUIco@BDh-`V2C%iRLu6{$MbbvU7TWv
z$A=f1K~5(_dSbM8{w#5j0g;pkx{oG)%E;`zG6dX!qm((H+&6>KrskV-G%=0O8v$rM
z3G@Qz0P?b2VTaGZ6IZH4_9W}|Vg&X%Z*V!I$G?3d2>y(JhnX4^zT87(r5E4w13j!{
zrEaa?ODF`7$D^(ejgbGH8$WYBE`Cv3xjvcftkv2NQKe`4a%R{lII293Y)qE?Dp;lu
z6>Gs$=2r8t3j$fI3jLmT+*NHfVcZ(NwO+CxCP5dk_MQbr7E76~W?~qzRbhe$89t^n
zZ1Xf$n|}f#8L3jD$YCMIk~{#}V%Q&R4(4qJn9YM=o#Jvs#7L{t_B^yCb!Ke_@l0@F
z`!HgGfX8ChS~}$R9=bDh4i@y<OJVrZ^)lO4QL}>xBVzOoL$Zyb+r)7r?en5Ad8?#X
zJ3Db!XP6ucmK$tL4bQBY$#i99%TadBm>7z6@QkFupyA{$v75uHs1r#<c|}Esn;I11
z-dhn+N}}O|W5XmM9`DP<=P(zId(PMX^(h&!vWQ4_QVcuuNHU*6nD!8e^8K5@{<jrN
zDUe!WCR5~p8byC3VI+q}A+yV3Va5j3)i>Wtn;j=U@y6aYv6raZbL`ffvFfWzAZ5jK
zn3U4Wa}*xwBpFk?W3kUe#FYcsmT6>V@s2U@m+7P(R(I=hkNxwWpDoL=dR7SSm<>{5
zzA}~~;kn6L`LDm0=5&7`tChS{O6(1Nk4WK=&jrr<Ue`=jQvPY#z4h%~@o!4Y54aK-
zz|s=@+$7EnK^ss}J>MPdUHhjAGK$K3)n<y6>bVKVNM2L87#qZ2DQzrRfwb1h@vXB)
zwku?po`IWeE=%yt0cm@=9A`(T$w}m<{T^M|Qbzn*UId;AW#W!stE?QEcBITR1SI8!
ztCJiIPGX3>Kha?M{Pc-RNZyUE*=&7O!ok`{ux*=Y7~aa(HA;knxWpJp-wzKYN^7(|
zor(5fsyUP<@3SD6J2EMUA<Ml*LYdmQZ${WJg3F_iCN}IIj%0Dtv{S0uf_@3CmItz;
zqWVd_^$N7$CilnZq2(J?^^?hz+HhsIvq&+7LfxgDC=oQ*P>4}Es}(RW!?-@iHH!vk
z2aLhzv5<GnXltnSFpq<jb!_TO%1PIz(p@eOlPI12^2}Cc18X1e%#(Tr`Nrp-0Wk71
zro;Z^+#rX3h*Kmy|KZEl+yIz97Xcfy&JZZ71y~GRm!ahEYP2@=&CBVXzM9;QBPEAH
zKY`G;l+5-Vivew0#T&82h+G)l7@$L-p3t`*sKAbwqDdDqT+f!+F(Wgu9j1z9l>{e*
zwzy!mE3IRX<>yi|&n2uLMz?C+Y!1sJbr;{#Qr%^&hx3?!)egh;USz(sv9Ym|OyC|$
z%1KFK-fvEmuXQ?Ul<V*K7GR)YZ(kG`Rjn!yCn5i5j#@ee{09&}J+srtoc&j|lMQmE
zytYZ;7IJ4i;x&rYnx|tqInV(m`-1%eBmf8u#)7h+lnl^aGUP|s^|ib(sZp38^r^4c
zDfKemT3x0#<7SzW<sOz;HSN3{7SqI9KSs9SD@<VHLABnwgK(4@(1NRUENd5xAXTpb
zV83B~y``lvkOI{fXjkPGz!ieYa@)}5QdSzQR%d9G)Z4b|gAzAB!BAOWEiDRB__Qm@
zIE|O{r%l)o$utN{^>A>oNamxiW-{{~KrwVx2s07!eX1a2-u$5VjRXwzho^OCFH_cZ
zvw`LWsJ&FJ`iWveBi@=vOolSNZNjS6<g=8BFnk#cB6F75v=gf>gMi8%`>e5<c!btg
zTH#*mV-^QMvCqc2V<WN*$!4jvSoDXrT0H1yBPcued&hKaCjdIesljR@7Kj=McmObV
z{77Qu>Vhs){oY|QIO*w;V#Dj;<pzTC-Aft!PXa4tfCSyX#H87R!@JbE-*jlwcxirN
z1ot^MiUw*|qWVP%uT*Of3^A_1bn92$+qcH99NVyXM}AjOKo}M?(iW=F7rBYke6$~1
z*ORnS4T2p=WXjj?W5q~g?3k#yEqeFW_yr8tP95)>kjZ(;uH9a2$CqQkWs?$=5A0We
zN$Q=kGIj14X+f|Gs=?zqOnSLkbiLM_8`*sO#_;S8<7>AhEQJRavs1B2qi!EecKbaY
z{5!gDn&NC{I#ZhSRI6a<oIRp+V=+>j7&XxVa6RAz)6&tgEkq6QYZ?swa%{O?TA*)&
z1isB(&zZDmQr_>WU;gH_#6R2G2v@ngE{gF2<!yXKsZ*xvAj%Hnu%7C(q3C1lgBw(q
zs?5yMD_Dpc-@U5L^qVxwcjNpUReSen3+n-H^-Lq?Ee#Fa1lO(0LvWr6l+3nc)V1u)
z%m+X24g^|))<*}h;qNOH1A|5F9W*3DPV0!<tRku*d+YcKYq%^-1lOF4uKUx&ACpD;
zJWWNkcj1S{`qiYtuJDZ)Q+?btJPS2Y|4b9D#{G^TX_WH=CitK9sjCz;AmGIcJ0K|A
zipvZJCI7-Cf&+oV$OS&f;#l4s7?wn$N&lMn$a?MmZAng!Z}I!RpL8;BVBNu@X}N7G
zS^|pa-(+RQ)xQ+;Q{;ZZ!%Kh)WNp#O-$`He`ZG`FKJ&oi(yosGf?1?v=y!Qb(M`Ja
z`&I|g=`J=kZEr(8b|EOO>2_(-KOAcUZjP6YY=NYADJ^m)vy!^@j)hxEVPvvp*i!~t
zR#eXh4Uhabi(?cuF&1h}Mxd-Rpv312VcSvm=!n%yg<7!WYqJb!&hcDv##B_1Kvn`R
zP%+&X$+Uv3vlY`5k{G@!MRu)CK@ZFOl?+hhrP3(xFu-<oVm>rt4)qk4K6%@L&Pe`G
zNPR~v){~YZ&ifVyKD(OFEqwry7r`3->(S*x`9ppi^#>4!OIrQeNt<eP=S!8RjhpR`
z@xwn`H|qMtS6(A4_oXz$ADRVipLTsSCN8AHne^RvUUx(Je@h@C_TQ2_y+Z>u^wjk(
zN6T%QVp0E){n4>8zXF~%cTya88}b1EpMfQFwLR8+dpXv5?}tY956dt37L0Mh|Kz%7
zB4y2X^5C@yuq^h6W9~~^2Rn)-dU`8eHUO3mpyfsn?VV(p1sUEZ9OfO6t;H^WFEP6v
zzU}c%lQGiDqu=NF+>{J0t$$jKm$oLAQQpUH44j_t$eohi01OB5?=9IMyqAB8rR?YV
zNWkMntl60Kw(dgJokvug)@S=zR&4kD7FXw7MtdJRx~K6R{xUM1x0&`qibX@c{pPNu
zfZkzgtueKi<FEvR;IPAHxK=UMt7+RCw4;dRw4vZT;tsGL+HABvahts-a-HCm<{ul=
zDcdCGyhd8{^}}^LilyW$R&bMZTfjazL-4K5;gUowrTvkB>2V&?7SxI7Z28`A&Dlh|
z)PtPSXZ_{pH)Ub(zI{2hHY(9*p-|`r8D((v!~yVBm!`vk&LMzN=+diMfRh^yuO0Xh
zI+0`yl2AxNL6ovB(x6w2=lX-HcL0Au+cIky|7pek$PXWVuAC|)mv+n>AcFu5e)N<L
zA0aIHr>CXe&972*5RwaPc}|Z0PJvxspW@2pdoDL)ClQ~4l9f>=P-mJF&n3b3vc-1i
z<lNN}kEOSybXxOl_2mz^aGvML#8~zIVS$0UL&~%HCd7BtW&q%q8qH-l4fjCEu3u5A
zG3Q|O#o*6!m1nycZUFrd0J7&X`{L?tPdoS{Wh-I?Nqo(JRm&@4D2YKW-d}XBDP}G9
zQ>}4Gxh~jU5kLWl#*o=b^{~Hsk7OCy#1^T|6d%bfW>V#7i@ejbn6G5W1f28iPwyyb
zs8egj!K%%Pbw{h{`&RAegv|3aD^<Qh5+>;oz8f?YpMu^zo3IDKkK?SSen9aRsR{;w
zDMY;hq1ssN|K6#KD^hadVZpZ({z)W2-{TjP5Dv(E*Yr0>di(W<3?NYFdrBOXqvLY9
zb|NsZ^ExZ3bShUGgvxKz8L(J-9&8(hEz(TNcj)SsFFKw$9aETRHb6m2r8LW^`o`?N
z0@4%7;h+nGBHs}5Mc8kD^Z>`d3W%gvtKq((TZ_iCK@vs&!X=Jwz12j)3FL;1pnA=n
zk*;^8`K4ujs`GhAPsA8NH8NKo%?8k<z9PH%(uGFMBmQMyJIK>owh<tgnz>ZkWHMO(
zFjN$_@@X%AuTU+sjp@pMR)y7O_`HxmHIp*u-BMySEGq`6fUc$>5W}0}_a@HUnMOns
zdIge$&mi0IXCOhmIg9wRoB1ZDOhC+|0S4USC=q8l>ts<EfuUHgsPaS<Hg`QC+YXGq
z1^l|_ARBT5elQ3w9P9OGdQ-AA^qG1W_aiP1fF9MIv}v_$q@$xj;pL$qq-C%nCw^tc
zNye9FV4FQEX#4!d&~^Oz>StC<o!CSH`Ao)TQId>=60MOr>O{{uLpHJx+}k|n7n|G2
z3IJPid3cX#mBgx(XTH)*jJRH{JtR8FVGp<VC*x?oGdCcq=71~^>u1gGId7IAvD1ju
z99O*h{%bSMr;$OEna^egaIUm7oMm_?tP>;CFiZ7Be{oN5QUd#w7TdX`ObdwU&KJB8
zz)af9+0dKgc_AhBJ>Uc_W<m*!fMN32e1A4r(UabA6r2<>^4*ZTE{mp5N2N)q7E{8A
zbnA64>)&(nj2UGx^n3<4xt-Y;Q))Da{)}8r_8Bnbp1}mXEQfrH72s)p9=)2(4dAWr
zFuNt<Y#0J)`Is@&#8<eKMT14N09Lbwkrx2*3qD+SR{}<0ai3pUitfos{beivMKY7c
ziO)F=HgsfFHl8tzIF6XpI{C>+Bjf1ialu!E>Qw|R{Vw)_NWPLJG=|6&3H%1KoHdk@
z{1oRmoZy$b!){JmLiX$DT$QVDzkc$s(D6xWRJvUsOGzPH>_u+NL)UZs{(XM}q#1g`
zhJIOeEpb4Re%sD2gMmY@3dWr;sLR6a@ysqXWIg<dB+X&IRIk^QdVDtWGao(7`s~z5
z5<p8hqT5yRofj6n-T@e#a0crMFiD%6tyEt=JM8ZVSX#ERsu!|0<w}oB0fv7eVGh$d
zLB`<Df`U)Cl3gX6ChYO7vljP^Hpv1s*U@;@(`kK7%<n^$_^?}-C-CaZQHO{(4h79M
zIDIL}P_HUaUHA@KCl&$zJl8mOvK4)!Jt9haya=M|OofO)s&@`df;j=WKb4?c;tA*=
zi$;+@+sOJ1x<mVHV32V~M3}v0rH`fTJ_?yl?x1r{K$f&Dm}U;4j<UL2Y|-e>^7r>x
z#;Y)bG@-<gB<sWGFNq^hYq%i4wUJ0cg}=BSTX1s%#srMQx`zc&O=A}l=7y_4*h}QW
zfQS(r#dc2Q-1EoW5&!y6q%Do{E>Aca_9BMTT#mqzuXgo_53n+RuA7e^T|rUiE7hgL
z;nL*s_!vYnwjq+C%aTK_VNs#*u)nSN`OHvT+-S}_T3JbS)*Kusp^e8z+6Daz(X&ae
zb%gJJA4?50nuz%dj8@`AFou}4q+Xl*U0u_TwbN2On|mKHYkRoMiUF?=FGe5bl>S4A
z_y3mf{(q@b{15pg+0OTU>7k>Ww6n%L;)eHjcK0Jyx;orI8+*SM_v>mR+3_4dE%o%L
zWzQjh5(!4wMwU<(?-)ypJ%Q9@J0H}=R3@h4L!Y7%fX2leLaTBLnFyaM<DV5}OK1dE
z{P)eMcDTnAOS)~npB(-prN-^D*wjOIUOg4%LrT`(7n6qf6X;K{@)vILnTTmyw!aVb
zkL?98vckf`B&yOBmvKtTgmOS3kTZ~RA|%6k-hvZ)MQo3Ce$$dD=p0CSce>MTTaqE(
zV(e<1J;1GE9KzuGug4n-@*?@<NG6?~{8?!N92M2fTJ~M{J9l!1ZCA_6f3yAAj(@sm
z;<uEvHE>x@QM&7hH|134`i^@=lO-#Ebx#tait$t7^3XOnvHa8X*IbC*=KvQr|BaGn
zBXEkvz&L1fl;ZaHy1vo6#8dUFFhzq?g4ypcGGUj*yyrJMykx4xHMchm#BOa<4##;J
z>)LlH#8}n0ySIlB-y)5cdUd}efB#!8^VF{X`pcgSmjVa=WuXaI`)FboE7f7)A5PZ{
zG)t9Rx_DK?DSb=!3*-wE+?|{+o3hoCPhC)CYJMF}BulVuicDSC(n!+^Ivb-29HsvG
zBz5lq$1A=P+UR<DrQ$QsJxR3Y=KN=IA~^`_R<58zYKoV>v(mN?Q0RSu$|q16e?2P*
zI`SzwbYk7j-O{vj9G>u-G44M#`4m{lEFC-OHgbn@^H@t2S2G>GrGT?iO6~L`U;IhY
z#P53ARcjbE!5}7Xl#dtYZnDruFrZM}LwsGSdc@}P@D898Vo4*0G0;2DTGw>!gPIb(
zqC4nhFibY7H!owEVT#4wW_Z5`&`&-Q+^h_#Lk-}*VwU8$si!yu9rJdD_)dS740&ue
zyU64jOH^XrQG|wnOh;0?>eDHGoIq484wtVD6Xo!EGOyhi{XXn;%FymVniuCrH!&tk
zL3KEEs^ECQWzGlC1G=oV0oXJ>AL8mmiHiWykaF2%)^Trnlyn;Z(9l57S>Z6>u^NH6
z`y%ir!eP2hWS)?yRA`0%DRgjix`^?CPJNl$_I}RDX6(1SaH_G+5~otds+=P3ActJ}
zsrp7TWrk)~<ua=J@=p5|>q*}=YBi8cG>ijQ%E>xF#J9{(rkw$!PB`O#H&}eV(H+R@
zVAfCFQp#I>s@(tA#t`-ANDaoqDvo~tc=iU53wrr;&HK7ZC$3Bk<Dkj*+pg*2%EKs*
z!;uGh^1{h-kLG#++s!7&(%^RjHgn@TJ!9>$=oO`YpnH?~6;hSjGb87Y=FE2bkNPjA
z+GXXGzgank(gZuTXIecD7-?T0&NJBePhZxEjV1ca;<=gYPj?r%sU&SA$X`b=e5VOx
zDCy_yzM$P?5};8Yg()+|y2X@U0#m_BWYz7iOI5y08Y%x{(LN7l+?`2{E`SHJ>$J3G
zHti@aq6yq42JZu#P&!$R0f&(4=z(e5+r}YB$2Vbta*y|Onbk|Og$5L_V$MdQP?C(7
z<gxDL)Wa_%wKYaNHL!U<V-Rcf+@EXQR4PfQO;S3#2_GO8^Y9dxR6J$`WCuYRIVcOB
zdRqgVXXLlF02c5z?WU$-j`&N{?od`v&SrIV?8cA`A-&nXsGz`lXF;qO@JT)1G)eR~
znzNOch^JiUJT{z^rWwzf`abEV=gmke&fE2_sJYP{kIsft>twKHQj`{IP|FsEa$+S?
zz{y&enrN8eOCV<bTJ~q8Pud*0q*V0GqDYjRJm3=nm$(h2eN0xBJ`cQ?OUtHxngX3=
zzN?w$Bqw+iyFZ}TM#&kJu2c=ZG(S0I)0dde5BS57(`Z|Uw_tZguXY=0mEdH*J8m+1
zY<0kMU*@EGz#aB=exL^sEF|R_124zKo3}Z$6a6|Ukgx)jBVHF<TaRn+aR<<TWBAg1
zPo5QPIjmaecO}6CUBaW)P9*GMzp!u=x~_c0-#F0dv!96nIM0luD-x&tG`C-TxRrX7
zu?58u8H)w<b+WQX-wdZSCOQ|JTuUjX64-knIxlEu%x#fxA94vhB35i)<8dwDMik&>
zIoKQ~A>lzxlRmyL4Uj&{Zk#lBKMjX8*g8>NV*YZnwyH#tNpYz(Y-c!#s6;(LnJVBh
z=!hWZYN%t2sU}`Yq>R-6;1)xzxY?&yZICr3&Gh=r1kJREOFaAa)0~Z5t$6|Ro|?<b
z3AhWAnMNp~E$-(v0ywKD73_CKMe<M}fv<+N>;BnToF~X%UI!-i5)(EbqMD%Wkjm?{
zj;aj1viiR7J?0258qsSJrzJRl{J;)QL;I@8x$b_&+c#;;NaFMGNLM~(`tL=IHH;EU
z`M<bO{aqQ!|F5o$E1QqBUuvSOJPT`3-LIto_jNGvKA(0=d?p&({r))3u<xJM^8fAl
zKL3+<guBO?8=l(#B8n5|e?)QmpT#O>=3@MBLoE4xQ<d;ydJQ=$?X4`Mjf0t>tb66T
zDDaOuSiR8d-+DxpUg+EMnR}a<#YJT#$6gAF_>Aqk9-F6DJuNh{P=<1_sEvO5AqK{<
zcH+7GHmnFk;qc`OL2Gm(Z;>JHEm)}}nVmR=PLWE!Qncm}-6+4~^X>&ftV6`7A(OWk
z57E3f^u_^$M$5hu=;!1L>F9}T1IO|rmLHfj$L`*n|7k&rLNc(rAkUPN@$!_NXftml
zhB?NLece>b!1=U&7Iey+#XUnDZVyB~y`#lcZb|Pkz6@8FNvRvs3(UfkHbBy01@k_)
zCdjsNneFB&!kC3iz#xYm$)K)uMuq)?t!L{JRRu+U;^7`u>yakK3gdgZ{$l8~k9n!-
za#`RxSA=iSf6>tY(a!&hmL;QQpoh%xP0z-{&RR#$hJ=@wLB`rbM^4X{M3q4XBuc{Y
zUC+^$ghAX4xKQYyPvL()#nq7+L>z6!<ZQKU^`3qz#zMjZJmDKMgBTmhQ~c>~{QSra
zO48cKdOEgG7br0^k^slwOO%+INPy#?i$pEV|6U==O2YcD|BJGdu>W($LGl#l3%IQ)
zC&`nkJe_foaQ$<}#7F`h|N54Ri3B+QIcFweV*d9z3klOdMH6LWB>|3qu3;l#`dd)o
zj!f(%!12%b93)KtekKzq32^-LJr@bn-{<lJf5;4AJzXO$Aqz(m)u#fmak0{Kv2k&+
zlW?*!(Q`3zad84IBn;F{&)n9Ag!!Ms$k|%k>DbC>S^xc(5t-p%rzFh(-1w>6EVPZ0
znV$;$bOJQo|4+TeO2YiNrJm~gU-Z!bQp^9ZwB$cs_Mcml>3`gkPu=?eK}-I3*3Ln~
z{MU;9tM>bUVnP3y;eW0-^Z&TsPZssx)!XLDChdUX#)8ZsVWewAqWae`N&ec~HxlN*
zV?Z4!@;`RS@?_ip=`O-rwpykZ22am5049z9qv5hVjlh3?AgO0=U~34BN_I|GPQZwa
zOl|e7Nf<;;fhhx|r(>ZDOh5m+1{kc2Tpa)H{NC(><fz&;1sj~&6{*?hJRuTa*6yjO
zUih~DA+o4&Xc~$F7eS%i_*<!hBFMYKb@Z*_uYElukMY=QPObboqdApV?$?G!w?HQQ
z$Zuc8IpEYuVD2TRes8x=T}K}8SQ;Fbx&90$B(NC77SfOgzcu#6C(Jjak2nuXM%zPg
zkNUjC5+iM}lcr<gdB+#d;mh(1@4L?psXM_b-`X|YV|OP#mJkT#<18;>pWjrm7x^ou
zm{uHVF=6;l5_Vz!H`k#%2})Zz?Ktt_j||?ph}t_oJK5xXEucJ@nfLD0$(Nk-Piyx`
z{z8PWb$H(gHc_~)xvnw@T}N=feJ}ML2mRfk%ta52&$uI%8S<&3aFT6by{pHxr{?Fp
zz1&uYY@4;wIGFm``{+`iyMqK7BVP#Lo}G8YLHHko44+XhoV#dLr_q_-5ntx9jnsp1
zMYZRU)4|`TJ~5nuWUM#r6ap;xDc2pBBR(){LEr21K~wWB9-1uy@~X2}Laf}bL~V*B
z2+@#W&Q}xwLUgj%E5$05s{I@T@@bHEa4W(Y9u9*}7^?DR;28a(02RU4o<_&BfRMh4
zUYdaN4GY;-Z!X)tpT{`Js}Q@pIeR?kYoUU|Cmc&Wc+ltO6wB(-5@GzG50q*>tIh_>
zD6Xq?0?<>P_rdheKO6iv)phdF?9%VIokyFA@8PIrSR4nE9I1X2e`d(k%n-)}jgYW3
z;Ny=9>WX}dZsU<bbAt~dc?W^#drpBZ^G5e#TjI;JY$D}r`ccu*B|{|0v*nopdlCV|
z`qvPrO*~r^XZ+?C>%D%SFTV6}0g8%lA)syE)pvQQ7oNi(65E79TAOEvRFe*T&M)ub
zEL7$K*vYuw3v*)%TSW^hpKG?d5Htt6dGe%l2!DBfu^oY?9#|qY^GoEMU~A3hc<8(!
z=IZM^r(f{m9~~&pxAe|c&kYuTrge^#+7|IXgOST{d?PdSamQ%DTM9JKboNa3bHpU<
zpx@85oA^xwIPLWNk!YeR$YmngQbzZtLq?<a#(-Ro{w>}rw<oV)t9Y(N{QhZFRaL0A
z*c}bl&#NL)Vaw0Q5DrF!B}zZf{6szad@1Dm{{AhkrcWahsuht{^7Lo93Bus(n33Ye
z+SAT{v>zbcyf^y-&#m5J$siGaj{EFV3PSsJl#$l1bdQwMN;}v!H0q0ZymxiE`T@1`
znW2kEY$jpWl9<?e(sn6}Ju`pHUC3r8O?ixof`;0)YFC`nk6SlZWLYG;eW5qMg`Q(R
zSIzzOaH3~R%<WBtu+SW+AzYe?VTfnp>lUg__hy~>;k_FIahp5ED^H2z^x^00XPt_q
z{2~OT8rjuj+(!4TNC&j@)m5eAhv}MK{){l@5`6;ghg7>CTulVZshZ2RceDMS{dP2$
zMZECE=$}pUnApfL&Zj*V89gWR)XFae`{UC2E;A8H`Ck@0WAgcieqM0%3H2I*ytL0N
znEeG$OWOU3*VjRar>Fc)((%h0Eso$Yv|FoJR3~n(^bZWK7@bKc#iL<}B>cg|T@34S
zC(<NDT}MK9G;JhGAe1riIl8enTn3u9|0@hDGC^H`hR=5hR>UXI%0a?aDXe^SFRdbA
zm<RIn(uOTr_bJPw45K5z-2L3VAKu@8yk|H^!&UQ*U(<3-pp(S1Nd@R3H-$huhCMc0
zT+=(c?TLKSU~GSr0QYnoq!)vgM{RJ&a9Z9GvtdU)wO-lKH*Pe3S2q5}{_p&!-ZDJH
zH}|Q7VlxGnJ9@NteIb>~F4M#OC~8ir={p6lC%m&0$jYyGuQJru;MJzc2yV_Ut<7ze
zX#Hb$xNm4-VrH~lRc<7#^P(0SDyJ%^-lflkXZzkGB7A@PXpI4OpqzDShaV#R9m@04
zdz9LnFUXZ-M}WGrcSR0;!~NSg)X0fk@d8DPDJlx4I04^oUvJlnq?W75lB5=IuQvj#
z4BHJa?z(iaO!HT1KE=OKBKZmDT0v2=!2l$=vz8Sg7Wi^F=F#9cHHj?n;icG%foYjQ
zoH0j3_a^vvUp>`K_ogF)ikBLY!=@#C$%5?t(k81>UV4zOkrAOeNYiDQA86mNs#p~e
z5Q9?O@?5^er_YDc7l+u2(W`&U%m-v)DLa~3K5#*uL<OO~ZCzXDOWHQq9CXA6Gw4op
z)Po`!io}6LlU_#jY$f`aGWDZ+;YpS!f^=50tu6ix$VKcK<FF|WP@{NY1y!GB(eAW;
z4;tm=&!LD3_d4*BsJ)-9hluVavAKM$0<&<tpX%@u{j*G7-YmRvnH_t<f%?K73kJ39
zmecQGk;4QIk`&9-DwG`KU3Nhhoa?o(6icHD6m~(M#@fo>b&|YfJZCOfVuSu6alnsO
z(LJ|ryhdCRW0YCyS-$^3Q6;JcvtALy%<?_U5_{&3%J7S>J%Hl7-X(GSRgecoll9oU
zaXbFkJlF^Ol|PrH>xG37vq@P<UbZVdPcIgN5~&pDc89o!yN_aW_0F7aFs`02e?<=7
zZu|MFVdIo)^$>=FJ>>z5VtoI~^aY<+G?BB&NZT{RFC|7_6j*<HVvu~ml=>NPv+w5T
ze!{DMo1ud9Eb8YYuihmCKfJ>0m!FNdbtOob(hQYN&KRql3~8Q?6=36RKg06yLR7R_
z^6bieLu4xOWyovl?wx2Z#-xci#dq0fB^BNym5NG#>`>;Zg=*6QjRNv^`X{EknVVyJ
z(!Q3Ovh(jK1L@V{fj*m$VYEe8(zLv%#LAB6m2^ek>|x)q749D^k89*;Uk^mCuXI<A
zW|!f2A6u<wxD(Md%KO7yZer4c%Y=)21nzEoU02V08}uM(;%e3t(jz6rF2o#VG}omE
zoSBgiS22eMv6rs4SbuztNp%aQ4!K??KYzQy%~?CX%FFoh%me&->m96s=WU8!#xG-p
zB~T{1nY?5yQl^6a)DgV1!N6+z#Z~-fXMD_UTfC2p_UnW9JWSnuZ#V*!rb!HE;o^QW
zwVbaB;9@*FS_Z%>!<>J0r<FE^q<K%MqVCFB{4g!fUt{H{Ew6o7T%DW?pUt39r6Q%&
zmv=~4HDE1CmUBt{o1B^2)Me1TNtuWKoe|qQ_NTEx&_;R$^b|#?(_eVOp+NO*h`z~(
zSCXUKlV{Imy%uouVul@GT8O~8_WVlv<*BeId#Fk`x~Q&GC!2lKq~~ZUaH$-CJ7CG-
z##GS+Nko6_;Z@4E+QdD0tAmyd&yh(prGB}(GV_oV0HeKOx<Snl5BL1FK1w+^sLIZ=
zYd+UW`i7MregF1)3UNO6)if!;wC(RJrbEP@(Gs1;bm9#ZV~X9P1Ct%IU7bt&b1Rn}
zNb;63ybwMTyuKZr_T-BKqhdLdrswAJ2a@nPY^`Q*g*I!jhkINcGMD&5P*3SV4mct8
z<@rugMG@TZ%U%i2#6l4cxBY`>)3ElN_Da+}=`Yrk(t-|?Royn`MhH1Kl4CSD)5Vu>
z-<7Dk{n>44a{7@_em^3e=ICa1-FBPSDJscp?aA%aih)`jXN5iQZM{2vofDMg56y|7
z%z$-b-iFZ6ujDFO*m5+tDYwsc;O8X99@p<8NYRC)S8_1V7R_Vh%6Zm!ccD#BTdO3g
z5_M3NJ<Ob#S8cJa(whkL))ba2>p4Bnie25e2?pQ__OP3o8qQBP$)?W+V4<Eu59ui-
z#%RcM%51heBj9Z$+>;6s{}|&v7oGBpiY-159U6=vIiS%tqN?4HEjZvwKVV=c%Oj-A
zr*gr!daq}t{en(NP4!Xm9uaIS%2#Qm1F^t>gfG2J4O3MqG_eG;h4{`J(iNi?)3Hs(
zx0!0^?Be1lnOn$_3%bx9eD2UG4tr<n*ek@?kV2S2E>=%W;5TNrV3n1P+T=D<j<Ahv
zZup(8;A7`K|K%+$LhZp^|E$Ak{k{e^qG)|VLyfPjwA^Ze3a$z_j=BGPjYC`qQ;6YZ
zXhpf_E_YDhd<BN$Vp=QQPOl*gxa@@i(^>2y1<}}Q`gvH~;`K_41{AlYuIH1{0OY(-
zzX?t3u<53|ciVJI^|Hme<6wY+A&rF~PyK;VFQK(R&FC!n123XRCJ{?@Y8#mnUy?I|
z(x>T{G<{zyaFqU(9hpK(a&weN$H#*Wg%-Out5`AcjRP(bC)Eks<mBrLzE){<yc;gu
zTfobB@q)nIn1$R<g80ydAT^4@-%Bh!JdgVWy4Ryufc@i^SfSjr*W~lfnFkm5Kj;qw
z>{RnVN>o?766X+~yXZzqa%Y5F<i7@j&)VWYTLcn0zO$8&^&u9h+pBny*{J!a$}&JT
z7Fxx#N2G9kquF>ju=1gn^U`#Hwx!|jkV{MOs8*kNB%2`aM~2x#^&ee*!gdzr839`{
z_TRV)sKJ!x5bbN6oMJQW-Fo8GIXq1RZ!Oqan_kbP!`QCTqJj!db2&6(Vc6sk+Bm|_
z3rQ@nh$2&uqmHX|b?!Cuyx#eX{h&hn-)c$@TK7JS1CDVg7U@f$TLNw5m*g)Ltt?iT
zT93x8Z0%kK4e4iWfs+`=#^DrAXmV;Npnbn<W^Cs7ZVKUL1o_<MXvTzuhwSRS=j2`4
zqo_?^wiWE|dWe4PGtD;h^lJGj>!->g&$2`3Iw<O0R<DQTGFdHeEQpoVU0Rx1-pD2o
zVk_tvAqx%}C44XI(*WvOP?1hH{H4E)OZ!vDY*LMvX*yj6KU^QH`olCT8uJgZcU3kV
z0u6cgw`!UES40yclM!fg{%~o3m|+4eFsDP@ARYv9!u@Bf-E{~$@g13ECFb2GXUfY|
z?Vj9{bV@_`Ob7isN3?!sHGEfxZcVfcTD&JS=}q}#HtS|Q7A8sP7Nonct^>%a9>!JK
z?oH;)(Sm%&c9%8m&t&d@PaCul8%A+VF}rA$P1~2<mw8S7B0ATrKEJkiMRW;ho`n6l
zU6~6;x6e$6Hs`h&c%?Vjw=`P4kmY;*0DjxCw8UqcbKCc3u^hxmyuUGtYWh<?**>on
zrzvh8@L2S^47CcARrLBQQY_1ubgSBE2uS;#QtqS#sZzv`%=Yvy#~R`@>k6>UgQc`F
z%jXNlPHq~SFYeC9%$ph!?_6xNJQ}m5N4pkhTb0z;YCgWa({~oecz!sv@9XnT`+6e8
z-Ek{)b0sQr6T-rMKsy$e)Z#U==w7nqa%LgLo3@n(p&%%&b-!rUpYwB9%ag}4j2p?D
zgBZ9$<}Nok9Y%;Y%rZ^KgWujem5B?y|ICmlH%51+N<S}Dc&h<+fv}Y<E6zAUR9zr6
z=7hUhNHQ+&?r7?x!-q%a4bXbR>ebj^Im0>JDm10J1=$V~Y{j{yLC{~J>MIVKGnVf6
zjEzQKWj1G956{`hMu>3Jt7|X|C<{>XMwZ3S>CmUp-msq{Y_s;qd#TO@U$-4@^n``A
zasRYG$aoiMAMCO}JD->jhxlEVdehhc_QBkBf2pl)%9c)o4kMGQxaOA&u7e`2I9*7E
z?^kSgG`yHhB+Ij9s{>l~p~%`UVkI{NL-J*}Ush2{i>6IKu9XMm7z7OD4jzs*)(4jZ
zpR;W2LpNvM%<|mEi4}KkLNoLd%5^62F6rF8ZX(g;rgfpHWjK8KQcV=C0IBm{U(5t-
z)AKo`Ky+p8z~8P(27cuC6dPN6Hw+fKTTtN9J(R@5QLETdAJ}1BTAZ(qk=K|oJqgXv
ztjvuok0?HTYiqt=dSEd-xiUR5qH}o(oA@kffS4IFv&`OVrbM=lW<EEFQKDikvC=@1
z&m}>Zas(ZK;Fw+=Hu8YXR!qF)z-O}o`o`L&NQ_F0g4~jl2oB)`M5^j~0_;DquuZ+^
z9Q)l+#L|8He`B(`59h7;m9~|x8Jt{HsvPVG933uLtvmJvV7zlPPna1%S`?N0)13ez
zeu&YS>LD6&t#Z)EksL8Tg`2-19v&aL*+z8eeOcXXlG;1_rlwF(bu4X?LT4dtA%Kn$
z%|T${BC{k@-F=U9xhuoLY=3^XxjM5pXsiudcord*v8=WLt#0w7F|^n{Dmelc4ZSH_
z2Rl?&dwb7|25xTWA2URUHJAH4T%`u(e#;YbjatGyCUpU;Gq74T+j1W6#s(fn;ZX^j
zTK!2l+VsV5N=rPg#ks-M1b4G^G%lBKWF<D=qNrZ)nqLeC+>gje5HYSkIF+rr9pV}*
zUC49xr!U1!rCZ6Nq|7Z2Z0ne3I59T+Y_`Q1xj*dchl<YBR)wHmW$k27@^|YN(}%=Y
zbH4<w?U$+>@vYSAT{m5uB@!?>8$N{mIqF`S)m|#U8?_#wRpvb5JuzLm>hNP*D()C4
z!Z>+<?^LDj+*DxEYjZwOTbpv#sMNbpv4uB~Fh@9rwIH#I=@QHo<~z!M&SJN9^T2bf
zx&H_~2CrF>V(9r^qH1!xZX7RpUA`7zzS=&P@DlS)lY4MIHs~n*v}foAh|@S4x7Zq*
z8#1>7eTVM!T?~4*XyCuiF76DSm(YDfcVrQUhAeYV{@kn}ovukyt$AhKu$|FOx2wO{
z1WNbo7PZry3#_F_zZ#vjFS|O_iEg7AK`ARDTA0fFR&37WXf`ir&{mzLy^QTspqckJ
z6h<m9uqcYK2~pxID@KzK1^>|FWc}ugP^vCK?+G~HC<nkp!K&(S*qQfEu;Htr_UOn?
znMGE*2d4GtSDnY956kw-X5=GWnEUH6=Kqbow}7gv$+kv=y9bxxZU>j(?(P=c-QC?S
zKyY`51PHFdHMm32;4UHWknX;nufO~~(*5rJ?|WnPID^62b#~RRy{dMtS+mxxy#W%i
zp2(VRk(#nPqKKG!y?oV!wl;Rstn7JgJf|(g-Mcm)>3WPsZWa*TXx$jaMVzZS|1^oj
z;vfwTeRf^u=+c0oKil>_P>io-YXrpW1fo>W=V&(e4T8T;1Xb~hf5qObgP3?#&TO-F
z-};yug!z8xW0$I6)50She4G<3H&EZOmN*>48UOy%(1Stxd$t+<FE^J~hkLuOvBwAV
zV<&9Zhc%}kE$`qxWyFq>ueOS=6&eRQstEA056o>1CM+cmLp-RO>or;u2P~^hHRueN
zpzh0$7^x559TQBRei33oLg~*XvyykbJcw6_-*LDaw&*T_9Qtr|iJ%31<J~v?)&MKw
zR7$bti-BF&5Aw_=_!R^s)KD;RjS1D2E9If<jR0+LBXg|&kNWTB(+Q(S!ZwrQ0}^#8
zicqom-ze-;WW9J_kp&`0QK<wz`~Hbe2$y{p`vaZ{W7sKrVlDn-^v+~`&xe>(7tR#d
zTT%AwBG!Xdl+S6y5%phW0%l_Fh(z9KeC}VI*eAi-(dWwl7@S{T_23mZb7M~K;i7BS
zZp>*ESG&YDPeSjdXEx6{&(#uzXQQd5Re4Oj?9lVR^ei5&TF$1&dIpUJlin2_??~1&
zPy`tsI-AfRKC(Gv!7^yNdk~aXS*K6a8~2LAxlVRcqfzvBm&>wjq4=->Mf%5?o;osD
zriZUJa$rBtdTCM|)jO$HmX~UfJUV7(EFQ=mf{Wc63FUOC99me+K^H^J4%9g}vd%m#
zPdnAgPQzTOR+rzoa#_mr>@qvmZ4~&njJ<Pa&0y^|-!Ssm?5!;SmL$uS?)^?Su2e@&
z>BC~GZ*F~V)`fYd%GWYEmt*D3tL(}PBY&=$PhT=NwUYTwl~ueoDNJ<`T%%9Noo&oY
zxOFH36%aPiNaISi)Ta4YII^eQ>-c#rEGoVy$?kLjLtcS2`0^<>mnC6FRlSeSXvmLi
zgU~O|^zwL%+`?zdGq~!QPUCE3A6nU1+%}9YE-uO;g3c_}tTy=O0k17OQ+LKU3B!bN
zXu(#caz5^?xF%NBzP0=MW2>n<(r!rX+Ceo0)Rwyik`6-lnW6u8O8(|-G-~0{(h2Cf
zbh{%zn$wO+h@%BBSd59ag0YtGuWPvYMorzmJEwhTnJBH+dy;um*6CBOs&i#@5R40A
zVw&?-vc*Cfrx(%5)wr<<$^c3>-?Ma$Prf67|In5OAmV<o<#d&TnmyWMY0HLh#xUbR
zH{uG~>L2+&P-fMH7lAeN9wW&DohM<ef3}9RBcfC<N*nK8nuL(?x|H*BsW2C)O<yrJ
zQfSadD`P8RR8UZS3FA9-(Tnc=AUh9LtkCfcMidnC^KM~*RC;J;cl{#5k)mMcQz~dv
z$8Iml)ND))li-W+i3Y|bq%IZYkfH8UN-rimkSLg9lVBxzxEb`wOhrAjtTN_=Y*bMU
zhwi<Z490g=EJR|B#G1&WyVTYa1;NvtWfIelc688&MEbPEQH8;^UJ6+0G;oF&-EJl7
z<^W19OJ}RfjX`PkR9NF6suCJ>1Q;b4eQGl4!i_}qB7WZFSU4pSeGkdh7?|l&NwsN5
z&L)hYeRq9wE}9W(vEVc;ugz|0$<)EBbOXuM=uQebY_fE86U@49ZPC=>Y7MiK3_CWG
zj8Vm+ccU_JrbK!{Na}PAYN^@pP<HZ9!{IJ!BdDgkU+<0eKuN=a)+agV#zNGH6Oq#v
z1O?+6A2lZ-d+=l<kBu7#_sJ`(5A_AT={{d>;gjd<_D8!IUZ;_T?cX^PFfYh)^dLby
z#y-(zVK&Wti%#DC<YdPc$98v_YrvFxT14I!UqeI*i%VBGXw>xPs(^0Vpq@&-hJ#$i
z!F|5NmDDV5zGq)}A~((yAA48V)TDnCIpynEg}W`s5u*{)W&ue#X7lu!hSV}KbBvhD
z`P6AxVTrVbHgzElzH&<<>Y9@#Hx8p_BJX$j{Umg8M+;E^U7CGpR8^eXyLVwjV2Y9S
zJIRAiMG(fF_{rwRv-XY-l4?$=D~^SJbEYnmpdz7s$ybGBfoRy}R@6#PAI00oGpLh$
z`rG{Xt%&wXw}?E+<6yZA>GNl5a}p2GeavYwNT-=?!h3fwBD)J{$ZJhm6x!HjAWfM#
zBh9EQJ`Xp(Ppu=wWsPLz4e#EVHj&0IW=OCfdPG|cqNsG0ZIOzpQBPwss>qWt?IK94
zjgcLoMfosmm>iBi8z!9RNYRF-8$O$ulBy)@EquUOv`eB<PJEz9+M^h$phWxDdS7u$
z>m9b-Es0NdgVB)5IRqxvp!#lcQIw6N6~jKhv-l=k3MVF#QAPwIHkEKdytZsdj-4m^
zs(JqEMlwVpL5Cw3Wuw_w*-(3?9lO#^&Ttt;<d4?}gC$tt^$AV3K^d2_y;6wgUSrv^
zUxY+tK4Dy#1@tpE3=<>bCe`murcUL+1<9y}Gp)mg4i?nyu^#l8RCi<HA;pM&lTYDg
zI;KqSrLS*ZpW*&ez{hdK(#xz=U`(G{8=SeIJz0Qy7)_8V%uFwF=!F(9NTu!62Sy*s
zO?HDF0Vy-N^`U<-NLrBkYEfG<U(uL+I02@EMShkHFVM(~X-~PJBKJ&@7>j{gBHxI5
zT}s3n=1XgC$yKn_W_b8^$&4xncb;gpI6FOTx+IR8{HrJp$%45gA}J&HF<XUju}}7e
z;)f1<-Pnc031Njs5>gXyGbiOFzkqlT5&^gx^Y)FXIpXc(3VM_rf~7UK0u=EkEHd6F
z8O?BHMI12Qr|J|>i45IsH!<tYa`Y-C0(U&G+sh{3y0+uDNQOdnSTho!O(ClY@hjsf
zqZ5+S#we#DdsRysVWaYzyl#JVHD}CXjvEy2osmA#5wSO$^=m`P)SW=CM5Pqc9@SDY
z8w~ED_Xb0iuR`m1FOt}^BK8uegelD>_9IR9bvsyh5;=!ZdNQo2aoIVQ_FKiWv$AD9
z@ri7Wx{?}XIV37alBi5Z?Pa)-ktDS@o5qblGu-y8poGq{<VFr6XfpAl5CCxVjWpRa
zSK!FU#$}6IQF@}>htizyz_Jo%Xfo5zi_sPJ*ouSg(e|ArqeaUAa!pEbvr%jWGnS1g
zJ-ta3<*X*;6==Mr)Eq}t5X5x>&Ri%BVx-hslxfpu_(K)M`IHC4?qYAWN#GtT3Iy2d
z+1uYZ%Sn(B#m;f#<0*^?qq6ymABcyL#y3MtASP5jwvtzlKMa6Pz3CRlNi1^D9I;GA
z9lsUQt@hHyquUiVDSFLoOAl)Jm9(;6X;Zp$OX16i4-@7D#&i)xVrUd+x6&X#V`^BC
z;Jw`^DtZo`w98xNZWu?eF$_Dc-PZo5e%j9#%i(FQ=GDxV7xUV=Ny0C$d$$sglVok#
zERD&Oc-O~5y!&%FDP*()V63~XlbRf362?<pLhuQ8h3Bzgns`ji8I|5SNlEVe0pc=U
z$VoI^7t*J&Faktlksv$KPt&B^m2HN$V!viy_ZN3Vw)s?d#GM;cDDu`?5N)eOi(M8L
zj316bM2#tYZ%Um>Va+Q6(9baxP<*PZV>zm)g3s!@Gw+~Vm*Ym~w3auJutbo3#d$Ib
zRjK5o<>atzjId7vN1qbp)V-+f;+B-#u)rCgOnO;3-=LbJ;pf~fa4^*_JtQGYR>NjG
zS|m?@6n(%Nf5ze@TS4j3$4r%IO3qm6T0~J-c9%o6=U`5&ue6+iWO}t)T3RqCSoGDU
za&Dh7>7{@M{r*TQ7)Wt1ejImxyg?V=M)o_^KG2K%coa2dF5WLmA;nkrmLoe6l&v1t
zigJ+Nh!W<#1*uZOXffvv1EtV~${N|@X@snWby68wVK`UJ3X#O=$yfmd5>{i0&`=2P
z+)D*A7^Hh6$fwe=Gs8HoFw|)CX*_m@-nlI>*-(cLlk1Qc(I#NHcjp0Q4z}I}P_S;<
z4PD1@Pur^(leLs6^XW^3ens>ZPGf;I#U~mTBqRZN^x2E?;^Rdb!CeSAdI&1bs?+vs
zgtt>N45IFcvm8?`WdK5FaboUBH!Dib8ixxCdXJ|)dLZSx)Mb;&(KZ!Q8T5q!UzEvK
zl-?_r;!)k|%%%>YO;CYt<Z!Z-!j4<AX4OfT%LO?N=8R@4?n&u~OW+`wWo)>6YLo(!
zw@}o&&{%q-lvGds--v!??^UEe48XOZ4L5E{8mb!Bsw8uq+OIW1kO*B-9}*FF95kS^
zoa%D3($2?^1$XwZn=1SSj!*Etp(_v1b^8lWXk7)-birIM)kn#$B)a1>>2Xc%7Kc^-
zw@Nmd3d!&sV#N)G3sjDz4CyYIt#zOkQZb!ojJdF!itdGdX!VdxJ4x358AQX)3AMrr
zvjx-Z4Af}v9SEza!UK7$z3l9GUwDS}i;hti)XbGw*+loS*nH-8CP*ej6iX!42)feY
z-A5D`cO5ZL5zX)j^^(OHU$Ry`kq%1wD3qn`!DQ}WIdacw$;l+pLSD!=FNtQ8I9yo&
z$!OLNc~*!$!&tg2%xw`kC|lbw<!IH2gPrZ0iDqloG@rAXC5{ln$)qK0G|*w6re`pB
znTM)xQ-@x8RI(B*A5McK^p*6dN#U|mGki@)Y}0xz_m;L$qDMN5)>3;rpvQ)eOXSI+
zQ-9Ke#luwEfT>^?9=JI`5woe4NH|S`qRAzUG3>QP=A`_2iIb6ddQ|e@xo&n(F-+64
zf$0QK;$^B5z>u1uj)H}%62MfQJe2ts!kueRQO09Mf8U6c0){Jc)4Y@wI2Z-9Qr&3u
zk0LrwY}d6=6mq%B^6h^>^uXU}ZDdKDwCH;`7%V=qIUEfC#cTQPL}V*UA<Xqmo>f=w
zc@dn3`NFH(1My@!e0Xel5q4}UjKSbHFR$OH<`yW-?}F9wTl8bhaz4)1i4@xxYoqas
ztnP_Jy!rabRLqKg2Jv;VPN<m1b4Q6_%3QK9fDM6Dut=FWbJpU+Uax8;(Pk#&i04)9
zV-xxQX(_yF?MO-jgp)x6ZOS%*qE)t2f`^na`t&UsQHpZ58d=+Z4#OLJ+$1F>o5;`V
zh!o@!<*!jwdg`d@697_9f_dXuQZfAeDXx2&X$qLP(R5q2Q2J#>BZ~pKIRGdxjAH9n
z4m3Iq(-FiD->G8k=+ydY)yzRj`lt|AAM3^UZxrH;>)y;+WC|cqHO3B$kY_UCjV=b}
ziYu^DIhVjEIPq_$zC2`#F)vqQ1@%OC%W%-mh9{+~<4nml8#-_<s*^6J7HcFgTrCp^
zHyo>AXWe~IOF1%|Cn10#S+C1(USHa6qr&tmlU!e0GI81kiy^-kw-#qTNcj^(C#MU@
z7y(SV6kg3+Fn_AdKK!XMIm@j=Qi(BIGp2k4b-o>GRh2GdnY4l7w?UI-K{|Tmvmdur
z0~r{LFE~vy;*~R;Bn)s;ICn00#3V9>DxAxvm}(b{anwS-;)Jf5UA@bU;OE%3Bahm0
z=qSRw9AJK%(}l0ah|#y5G|=(}^UJb8pirTN2U<~>gY5QOF((v_-h<ee2sTQqB^P3&
zRemgAr8RO9vnK)QFi|vMxylL#_U?IHB%Ek=yGbtD165KM%pm5gIX9HaWr7Mgr*C(p
zkG01(voh-5W(4w9)|DutvqGlKZ@OybsWNrs%zaW4jRjXloo=1Q9-ki;h_=m5bxamd
z*GWgv^uB{HrIR%$$)k#1Q;T^U0UO@~c9`$LyNxs=M;9dI5lC)+2I>7aNJM{1BLF8*
z39oht{TO13U?u{yf=bD4Dlwz3w6}}Dh=qM04GLjvJI88S89o_o+D4(1fD$S|sok!h
zgO^K2QlfgrTIL=NCryARYnt|x5PkMSjwAZ$dLp&X@|#$4Pz|>lhowf&%3#{D9&B6P
zY8YutN#^|;RWPl<Zk|+Su2D@#majBXkP^YY+0X-1Te?!pdU4H{h4SiJ)S|s6X-g$o
zEb(ItHG=t5=&ZVd<J8eb4YJYX)h)NX%YhF?eGTE&P1W(izTd9p_-;1z7Z3&T0kdAE
zx6voX9gW}Xns4au4IXT=p43uY5F!>~tvj$dJWr3<*}Si8W7FG{>t3JZhuodj``$c>
zc&7Qbo{I>Rs>N8}uD1zEON}0Pd~LgtD|OWK*eP1+!d@kz16!styoL(4ZDaH~LX+d$
zE#szfjXj<J4hZ>RpFFVYJMOZS&L@4vqSIxzd{rnGdrikv^!{<P`2)HwugfYBV;?Qm
zyRVhE`MTSdxwYTReEG8UQp=`&(>(KbXm$5(Y+Lib9Q#RYqHodTj^4NHw<+}1!(WT=
zFQ6+c8LXDHcrO-ZFxPRMzdanJEX-xHf7r9Oz74-$uKxBdfPA_dce}m}7rn#vb^6jn
z_Z0K0El2zO<rodz@v01xk8p=gFIUYsAfm7Kv|YU!)3fnC!OXu|-dQ?*ru{h-JqNPs
zHReYTn+e<JU6gJ{;Cvsqv<Kq5>d%?QIIdj}L!I=R@1P#AO<S+N%&Q>b+Io<k-Z1E3
zHJ?G;6~^jizxL?=@IklfXuy{5vi_D~x9;Kiwwk$mdbxe(N{GGMX6hmtsU_p+F|^wA
z>?(g;g~xU2mEOiT<ALze>h>$t{RLN^j*k2HM?z{xZkG!;9zHcB-8w$I<~urR__lgw
z;t#7l-#z2Mb2_Ym-L#%>WW`r(w}xV|KW*ro%spLS>V0S(v7s8wUiP{we=1$&x|_x|
zS!>!HGu#nebG_#APW&>a7AWWI=}YnYo_*_m;u?zaq!dMmr9sX~rT)Qp^fiqh7E=Dh
zj);PM9H-HHh6@y2Z+!%2e;*KW1Fp97Z*%RiMeR`KfjE>SpxTi|)J<iAu4;BNUvO!4
zAm*}&dnzZspfA5@!m+Mg?~i!Of?bu5H!oW+QW~=1g7~0%V4!NZJK%I}!Ckt#v3Q_z
zuQ4Q*RolFmzK?njzQVr-;)?E&M;VdJnIsCsUq620S@Go)*rsdW8tQk^NA5E*%SXIZ
zAv25`^i$d)etKo93w!s7?*R5_D?ehwcoEy&1tZJrMO>e4S);r=B2#*_A<6BY%`j5x
z>bP6<DJnZ|-^`9o26U+;A%lfDqh9Rj(L$km^k(im)MUxm1&U{^%*^|gzOPf#(rAQD
z?~1J4QswNEQJ;*6(`jf&gzs>`vO9DIyIqw?)#!QD#JB72Vx=nVw-nlWQ|L|`9qT72
zw1e9YD3WVX3!lcX_iKVk1EtJ{b6VODplq~H`akLtbm}=9HiiW9fwQBk9X}3bYBiHQ
z=C*_o>vVOiF`i|!um#-vT*QJ$VS7a6w8QB1(wL!4B!c4}bRbQ5`$1o-1hi0Ia)Ne=
z6k0iPt`CD`i!l-!2gdIDC4fmHQgY@@OfJOL3n7@Qu`CjbeYPmy?u}c5;It>B2v`)3
zLsM~h9pH^s|2cMj?G2m@ulo4I@haD<p&O`H=Z2fQ!>s`>@U7Dby<&J??q7WTTVlrV
zAhIuTvK=|IFF1L3VZ5m7z({nO4V^PHFO;}Vm&X>2cdhCj3Hp{4_!!L&ihRblzGW2p
zjIlp(KHPI&e9Or7q4b7M^ZzzF^v!~GZRD;z?ShAS*MoVNn7P<$M>?Gol-aZ_aC*AS
z{A8VW!|_#FN8M9|hcd*eKMjYPE=a@8NlKX8JF>^sK&I6kyPyw244hvv1RXZ?Z&qH9
zihA+l<QVQvx|{jsOnHl|NnqAACA_U^>SiFoK;W-^+{o1PH#*tK6zjsHV$s$oM;eX+
zRdJv9#*kAAHn!v{6dx#>%I)E<2ECr`=}vKb2iXdNu%%0QL#PqF5^aQjR@Io~KEDFB
z83mP-O9Li_^=gOil{)dMP%Dy%>?%}`lv7SCUu$p3wi=jJ?@Fk9btItz`-KlVSL6*J
z_h_prf6w%Bek+BD`6@}bq(8TFtis|XzIv3c{M>0feM^Mv$34_lYi^paT1M#Jb1gK3
ztYG|JVXiPGgGdbeC;F=uQDwOyDWK638{iD^+qg4Vt@<03<76I5yU3&GR^_Z|PRYHL
z9tBgGH#2xL6mld7+eh<vsJ0&wJseVt^CDjD464zjAgZ-cEN~9u1|3hn+O&3-a?_C~
zQ$;!hF3T>^B3ULCz6saxuF#z|QKcvkU-`6CcR1hp)q*X3)M$EP{lnLy!esWDz?sdp
z-fcygMA?;n^bxX>hs7mm(0Uj<x&u9w$XmGd9amtM<%OK7L*A|TrboQD8o7>Vi!dp^
zXH{dJc}bu&nf~D-5LXo0p=Y*dw&E*2w{+An{JMU=Qd~4n{`AOZY3dmb4=JZwMg}lg
z;S+i94B8=rM4X|)$uZi{dCXpjw}i&0OY$QD0w5`Q*6T>nYo%2CgmWNzos<Q`@kR0?
zQo}ejQ9Q#@xt-ql&EVr;m4q>dO!`NB0_kTY1BKMHZpMl@Knxc~FFg>Ut!mKHZc|s7
z(NG{w^#3G_P39m@4dySzWFAa+pGv1~%&oRC2Kx{dyU<hqRZDf@!;1%I>&Fggg(F{b
z*YDWuS-xmj)#W@ZMlY*)B2&f&v@pigH!qMfeYY0ZYVWV5gSV7%BIsA=@jugLtyONl
z;@T=2f3qfBJH9uIFUTHm^F23xMqy=xdB#-vslxetpWeKbPhORj>}=x=Tz2kPxTLx^
zWgX1K>@ISu>po>2QWZ>z&(5{?o02-pYoCIo(!WQ^r>1k$Wb;`%$M#sB++TO0e(F7I
zJc@qdA@e0#k2NEz#1Zx5Id2V)3P{MjJeX;erY^!Je}zA@1ituZAtRO5^+^R1ix<oO
zY<@AaVYCg{1_%}Wt^GLjfLlKZ@tS5x=Y0B3?)8^J6S56xO&<wo<-g~HA9GB-SVb_U
z4jL0Q1-Y>bV>Lrs1k*myRty{qm4WFBKLYK<%!SL%gqrB{WAKOeB;|s>mD+>tocZo-
zIiZ4#y=UR%4Cegw5z@n+P8hNUkywyD=TKlrGz@wLycQA|01Nr(?1Z~+%P+i#cq!BA
zn#V2Bqq9dpVaMM4Zpc#sgG;y#Qv@l$hu{4r59lo*jP{a47}5ij2c$4dSWd9?B&XQ#
zf%cwWoEIwI-zOjoYN&cb&i`EN(z4T5s6xP(zXR-1EDZjVB8+v9=hC$12x^aGy+hDw
z-Q|)UYeII}-=YTD7V>pe=!?i&=$e;OFKF~V1>JB}LCE!yMCbjk{FLUQIS`gu!A^Rx
zbG&d*poV(fU{3R~Jp5k`#De&s@`2o<KfYXlwfPG43FQf;jHuvN#SRaf$g+fJJ19d<
zh!PrN9mN3rlo9}|E<p)W4voHU-OJXw6n^A45C-Vv4#W3zMdb!557)_&k?Y)>ZWqAn
z)aZ}^OP@Z@Spm7FU(ED7$z4IX)m?1!Lz-@fxFuTr=J!4Q+PagkpbhkPx8W7Y6aJC2
za!*t8H6q@nt>JPAR=I6u{@!;`kOp#!Kg)lZp9B5>5Xt{6>JT<|G;}bxbFy{#i^xM(
z-`W_c`!TmRcBE6Zwbr)*CR^#7Iuf$MG6*;t0#z%7?5sf9%5%Qw1E%K#B`0HRRiF-s
zgPwzfjUB)V)EMa7i5r`nnmG}&u>t7Wm;j8xL<yj9z}!&4#?;D~5SZ)v@`69~GjvRh
z%=7>zRzf-!CJuTgCMGtZ8i$>cksiRw3e@f}u><H?I9QmU1vSr^fI0$WCc+;=gJ+G=
z-;@e}Qp`M``<EPlze~a&W&mo41oa(_pHKLQn^kf)aB{Z;nm|ZG`1$8&?F~?40X$N+
z6_XH_(YFKYpNxQaZtmp%BU#Da5qS3!HYT>u8Ye|#Q*%cr2X{hB0icY>m<pCb&cVpo
z!Q94_kn(TYfQd@Zc6L_A*3Sk6irQcq)Sfj&TI@_r^Z+(?PIeujk_xCm0^0Uje5A$1
z&Q8z4478EXv;GLEBw}S`BxGhIWacFNuPlTtzyjC+jKC8)IaqWES%CRCI5>gjF#_0h
z2!UqQVq;^Y=j3DpaOx1U0|>Q%h3F7+JYV*|iU-<PSnWrR{$|r>0nlIj%s*3aFme1r
zo2L^$Y7xwc9DL&*p|MI&Z&9^KFWjW9WjFcC;^D=+C^mV+F#C-qcG-$xNYvX@#~sqd
zJyo?vRm41Y?r=!_OG&B7iw1T7iH#f<DGqV6Wm%_)T2|Wg9g|G_n8srY)t4_OKUR;8
zRoS%+mG*FBv}uN`?t{o?f9Q9t$GV6nv48^5NX5-R$c|UKn~Md7S?y}xw>TUwcs{*+
zRW7jJE7264N;+1AZl=XUNMq0;NtyLXjcsvPodu;f7g;@<aKHK4eq_smBn!0=W|9n1
z8Dc1mNj7N}?F*FxMv}Wony2eiy0bQ&g!tQSq6>ggi0mU#P@!k!n?>CknR~2Q^@^*+
z+>@Mms~&lr*jLPn3))LhAZYwCEPs9^f3oghG+uw{vH#TvpA&%(%KxFOir4@ZG|xTj
zzd9tH_}?B(BYogw0_?s(eGl^w=^L<Vm2FjQ%%4R!gv@`_b^WcGpCwhl(ag-OY(GnM
zbP{D8z=@!PZyY1q{gfW5+_DN3HAta89p&dBPPd)$h};UN^M4H}Us9=2Ypp?IXw%KU
z-Sehw_IYKfsPhy=8bma3o}LOen7F%JbbhrF88Xh+!8uGhs2qX({utMI3|4^&Y)DA>
z!E!6;&eLoBPBh)F1VTNGveRZrOkS?wSl)A+LA`4@p%2s|qYn-v5S{!bmaH1av^W#q
zbu><WmYF==R5xt;=c^)X6^yNq=kfW%NTKDpg_<ld-tCg(h~_;O2QDaGU+q@p^b^&3
zGOf^XGmcwUd!c7B_H;rfN_vNf=!5+d#2?&n2E!|A5a}`(lj;*&^5C@=dG6TQQL{sF
zcjD9<qCFE2QS8VuSNh~h%PL)&7gOjgm;6WGDlyJjNjO6#sLKKX;~+b9nPAe6h!Zqc
z2kG!#3O1Y^pQYP0wV7h*O`zWQC=(s2&3;{fq#Y$Z%0@x^c6f$VJo8!a&s_%i*#A~j
zu`)CL+*CZugN@7l(5*BPviukGDQ^Aa<Dn-nGTL(4@l9aC5ng^46vStw?T=LK2+Ip}
zdh8x>XvO1w;yr$KDAq3}`l<>FipeVv+1bLKyVD%GPiz1e(2kVoU9;?rd@h}zLo{^Q
zB)|k;`@LPo5dW(+`I}dYmBwRR2{hnD&Mo*K$B+B1Uo~0@>@|g>m$rs6`wh!-W(MB6
z$+Q_TkG-xo9Gl16sGB_8d1zD9v*pK}Fd<eS7$+&B;G1FF&VZli4Qd>s&|p^FYIk>}
z%<cD=8Eb5dq>buM#~`1tZx^p=Vz5Qgd@ql3;cX-)^&m)o_xj~7D1T^|fC$HF|FOGC
zNkx6gx-PAK{Y!U~(wKAkcdxk%ma#dR`R5Q%vG}Z=#P%APQ7Uf4zo;7)xZ10x8U}d|
z*CsVU+UcBMCPZ2(_q@{<T<l2<8XGPr%_f*t#X9hiBlr;g9$+`XfE!gbuj%qm?a1dd
zfvy_3+fXZXrHTeY=Eu`Fe3G6=5jOO>kv^|3LY$}MO52I%p@VyBR6RyAKFtD#Ny+Xg
z&yuyv8x;`VQtb-LB<4rbhKa36_-Gci_yR;w*+L0VHM*ExH(Dk*dOn9RT=g<`LmYtS
z=<y^8xdANg66T#UTRn=MBP9&f$VcnBLt3)~zx9;{fl0gp%X>gI5~z^CoJiLgUgcd@
zFyGA_5ZoQUKDoPi^mzjN>V28;i>~#oR{V`ofQgCa=dPs_*JaZ~h%9{K)klyh1TK-B
zZd~esJ{Vf0u<Y|9q%l&N!7Li->ET7AVkuNyNE%fAry_65L6JCMTuTphAjvStLokA1
zY(9zoYky~Qo3gJaQv#pBT@Uf>EzD2z%3f^qG&^piyHwBKG+~|x($(doxai5GIDH5@
z4MbA}Cp*BQMcglP#jo-ZjDz5AV7sHQ3hjL)<DK)fqrSgg>UWEDoPgAr4$D(43psEo
zg-H0eYc0%|YCB4`P*9+_o0701%bZN%ISYVuv{3A4KtJD#IlU9=3YGqH_2Mzq2J9DR
z`bn?;_fh-r2;(n^<1aXhUP)9|N!Z-c&PpGM7XAVM{2e0!SXh8^%)g>24&aEd{#Wn>
zU}Sj)N<RP?0Qf*Z*XFr}ei{V+UWI2^@mKKjoCqxO*#pSvJ2{vGHOlmijEpQC984U~
zIO|!|N%xN_&*;kB!O=;`OyA)dpGoWg^*aCvfS!x`3s__0AY|bLDyKPt5Q7c~&;Y=E
z{|9*VlgIg+o*G!p-%Ulx{8vq@nz@ma8PHcT0jv0<a?cg~;|IV5U<F?3zntEG>7xIZ
z0(5=mCML!}VfC|?9f+qGO#jtC0Hffu^p)Y+0?$hLACh=rDa?PB9Ge19cm`fTIrt9&
z@88_#PfFW=hLZl{KL6L<ClDq7-WbQh@$(pGtT1Q|4uF672+Ph0rZcNB4k<v84m#yc
zyRb?dHy4L0hH5SxhlmezA51(&(qQ<#GbE_~Y=yG_k@wJ(Y7b79XxFyLC%;V8G<_x<
z$jQjm?G}AtW_GdfXr4fK{8CffnZG}A6O+55xkc|fKOw3p+YE-++-$v<<Yc3Jo<|*b
zUUz0yYc0HD<CN2UGx6HJs)w1L77jp3VdspZyCuVMcUtulmuC^Hx~Gg-m%2-`vn7r!
zw8U+Gs(K+jM)fsQq;w|nH_iLX8nol(U7EAryVu{(L~BA8c18eDbkaCqHqGo!qHOWt
z584fKYqG0LB1Z_SD$eBCy5)2--sk68T~g#@Uo5e(tiHW5;S_w!rJx3NFZW=PeT2!5
z>976gF_Psc5%@oQB7if!pUwQUE14DoA0#>e(Xc=hInOm$`S8k5|A_cAoaR>G_jdkD
z<pYoc{hcn_^JQJlbC_*hs3rY?u0+F(o^FiXfyqP;ye{{2HWgRyG)kk8kIu3jjV$1~
ztbShO#~E(HD~WJCywG<;hzrxuAIBY2oImv5Mx!Z$lD&h(L%b`(M6)#!j6+}gK>xs7
z`7i?XC9`3675Ar0{g9!KEEo$DVS+TD{n~YL{kNaoaVL?khifLrQ!<nfF4gOo%yWl~
zZn#|Z$7Bv}8wK5$(N=vaL)1&^d|rT?+2H-zP(Qic{~H522XGet_mQ0Q-x<k&G%axc
z{9MexH<JHxT>sC}f4>C)K-};@?JNIP-};~P|8+d_ADjKp+Kfr?|A6;?Y{mo2U<y3p
znOOS=yvOnrllsrR+kf!h|32RPi4^{4O~u5)`ZExbiI;NdWrP;K;ex=dfeRvCf6bgc
zM1HdtGVVso@U<UfG+(9!6dG=WI0G`s8x*^>bhL{f*4KK!Wq~1FvDQ?;4p4OPG}T%_
ze`-PQ!q5R<waQr-ba;B<Xw=4g^>q)S&>Ir3Qqn<bsDW+M^M1jQgJ`j`lwI#@4)S`T
zZuBT`i>2>!tZrTH(YNLLNr9S@(@l*}xnssIbF~gwYNP|(_!@o+wTgaE@4I*Q!(%1L
zG$IV#n`elc6W6N8n8P35HH#M<E=ccveQ9+bPBk1L+uR@M-~>DDqKdcgC9N9HFlfX<
zvx-a*L{ju}=A?Rfx~~6Pv2ORnXIgxRIwOrFD)#S_8V`jh_1^%EQxaL9j?#_6AEuu`
zFgl}U|BPW+exfn|sf}6wu)&Wp(8dr%&?3840SFBc#INS2OO+uR;65D(nrShhQxMQY
ztErIl6B0K;8~YK1bwQ!$VT7MdX&d@}@iD)Fs#N%*4j%PxM##yl*T&8rtqJa<N+u0B
zemIy%F-Z($fMJ(TP&NV0v{-UDc;34`!?&E(o%|sgXsb6b`q+9F000}Yjc=7~NpJD+
zwaZ>5Cki#<p+wBMqbQUmjTV~>;z1r&<_Fp>Ii<v0QVbZ4D@7X?aE2)Ll-L%*>A}G~
zY~NvicSjq_>zX#qJDeTyLK>7mN(!6wDS`iZ&-Rw+kjm=bYv!HlIXo{}D``;nxeD(v
zLyo;&-Y=~8o7^iC`yW^r6~$ruK1S%)a#)<2fybbdfi!7E28e<Ozo2hf&Zl4VAZpiR
zAfX6*Lbk!F@$uSg^lz{QZ|S@~fmDZ_`}NQ%!159<*bBgi^|+3KrN_1n06;gv*pBSp
z%a6Z7Vr3vAVvLPIM1FglC8N9wnAYifn}y!%d0J6y<}bN`o}{J%UX~gx2eXu$e2G@1
zC*w{!Q(6cj`BvK|CN-lTX)egkJzgMDObJ3zsGMB`#HCq=`ltzY;e3(wo(Gp^4O`!2
zB;5XW6N(`jgGJVPkmVlry<cNasoVPUE=A0M3C*|7R3U8+474Sj&+?+5`j7M-j%=+F
z?#iTVhs^6ZT6~m6>(A9b+^k*C`7F9VK=EVw(Eh@(KanK=v|F<OVXCJRKMI`cK?k2y
z1wfkg#v(LjX^3!I!HVB>rKYKPok4koK#@1VKnKA>=~JXy@T2L@6dmJr%heC|os4Gg
zMo*n3aex;gLLH9O1Oi0GVbzqhPLk!KnP0vX+l;E9gfBu+JCtjb4%?ED!rnOTb!*p*
zDT&6L`wV_|Y2|J=CwNUsB&=c`>ewh=p$~n;7a4=wJV4!RJFd^4VEA?qKD2tZBELWS
zE@2+Kpa6DzVos8$A)kWsib-T&r9VhJ_)Ux<?Tv$hVd=ztC9h`}3|q=coc3ruTRYku
z>ER)-t4{%Z36c&So8}kw(q)@c-h?XMX=9G4A&n4=*ol#0-H<93kD+4x%`KwqZ%ge<
zY7bzPuI`7wFz!zimw#$p7UrMFRUP?ZiylVg)<c@>RDuA!0SQm!kT~SiT%?0*FeCFL
zXbXu?=Uu*Q$#{x;0tO+O*d{62=~9L=;7=$S763up3Pg@(PRbxeD8q#+aBJn(`p0qw
zkN&}BdZpgl+BQSM7pHRXWC64_oaS>IXj>-&hKw$Lqc_cDt7EI**TdKZyAE(zu9GgQ
zzop}$xV^W=m2pH%p>uzFsTV0m$-Gu+oixqiUdkxWO^7C<5ZI(^8KU|<U8Ow#@Usl0
zVtZU2WlRD31Jl-Sf}OLby~wSd_8HOcN+uPj_4ksB9pn;gUWKYOSe(dM8jsyXnl?ST
zW@p4dTke<a;r|$Q#{pcn{riLuxC`RHPTjHm+teL!LHIfEfA@#&$I9=&QYzbz?HqrV
z1Hj16`QJTLVrFFhH@L_D4Xn@11l;5EUuH@Fm6|dGd(Xdi1!h*}UvjWNKsS(gFnu;J
z%a1k9=L6s!{J<YSegR&L<!@9iupB~`KT)+m=;hy7<M<DB|KEr1zs;)u(SIvSICL^X
zf80fX;%73c^}i{Y-p~E^y%Cf<?fPXJVH{cF^`wWR4aNSYDDjkA0}>Z){QK;lK!&8g
zbMeeC4jGi#DyB8z^Hq~$IWDhy1u;iCA$X?gbIkWP!g%(K>I0H+Yqgsx;zjjtaj}-h
z9wk;9Oy1zhQE@07tpgBF0}SPQ+M7jK=dy5`)Am4b00FDAFK6%wUrv!tB*8l7$RF%!
zm^L{e;-{;MZDpuT^jv3lx{JBiR;q(mA(#5)V5lG{t9xJczh`%!DlI&LTL~S0ykT%7
zpTp{Y3jz)$$)r8>apLqb#onsCl-m|Cyk<B4bj|~4efvZ%l=QZKD4noeWfQVpyeMkC
z{_@0fJ#=ew&7R9zj|v6#g>$F|I@N+=|HVkJ+W}6MJ6|hK2Hp|K@LO+pO>EMsxLrCb
zl>t8~LFJ*B<D3ZWT7!!YFZEAo^4!CC&n%Wso_O11#<wtEXs3+)*{cB~Req0G|Hrk%
z(dV_ppp(}>)(-DDiKSG^#CcgN53WHND|8Ax1T4KymoQ6`C3*Z<M!Xm!Ti=h<-GQG+
z2OcqYtq%gm^z|brw)Q0O<knkd(#t+(O21_4S>d9{(8LLtz~OH<b(L-HJ{}AvxDjlx
z6S`*UKE7BqUZDf{Yy~CphZli_3bpU|^?po4HtIvH9B!98Bx3drk7Xs!DC2#4U)!~T
z7cIiZk~bmAnq&Jxl(5-%RrE6O8x!s2T|%Oy&KT>*OpG$=>k>oEo#lcUJ({Eeo{g<g
zgRo%gL#SIv>+3(8>8CFJe}V30{lmH)2h+dd{C~9T|EJhq01M;)_&VUf;^F=`&Shr#
zwTt}gYN{zPzK7)ph4u3)CF^gl$^6Il{ja+|*54%<S^j|&_`#?wd%`lD7Tr?WWu-_O
z1339@UMXj|Z}r=3ldycULZ`<0j2R&=Vo<H#QDe7T6L0^GE+X!h7ShWOPdd`P!@WL#
zVB=srP;B{Q(?$a#oJ+>4CQ4`bi!tmvgdCLmuzX`1b}lQGT1codr!l7n#?GeIzHU>V
z)&_|d+-~|R0d#Bs8w<P6ix9Xl(@%LtOH1PCe38^%ipB5obzV^+tJfWE?<}D!T!Sa1
z^Kne7yej3pfCqUR8uze{P@>T~jUp1Igy&b<spk-X-Ga1N2Q@8$Mtu3UPfy2M3&nXP
zDTHyJt^;|?Y=JLtI4+U^55zr08r3_bjV^j;R|HK=16Pt*te;KI<Pg&m8_u*ohw5ai
zwn96ZOyMO!)=L(i>d<=}d-9-Eih90!a%hO|PH?@R`lRWqR)XU#maQ|{z+B?um-!%G
zOrsK}nS1*0d_1MU*hn9UEPu<{v9kSvR8&zOw8sO$Kgzw7e)HZAMeOyV!yOS+&Q}P(
z?TR*}Qjh=+93J5i&NqbTO$sAu5b#-Bn7Uz1Hf*@Q45U8x-<+0N%s2dt7;K#kxmbNg
z1EqBxm(vctYbW8R@zY8e;-}+k`Z?4?WJ`QchV9?a4Z%+i0UqjL5y3ak-M)FNS;~`B
zyFd{yG?}7LC3-G^PHY5In0f3D;n{5x*1YCwCicHyuERa*2Q$2JPA4eFHe!%xf63ek
z7h7#<vd7h-<GqV{X7k!B8)n2oSZ-9(+U#}Gn;3}nr~z4B<|e?9P*N8$Wg9qCP|M4N
zmp7Z1+=^K_fJWq9MHT)08{>;N<M^I)6>i5Pub1t=WXz914J??=Mz!mcIPA8b6ulH}
za-Lh=F1Ot(hc_dTWX7rk5DTUR^Jp^3E7iKl<S9}N#JF(4Cz)8&Lc+E=LOnVu5+J(W
zC$DfLMXWmP=y?$5hygdaE0(NOPB|_feos{XMLAeV4sb~p?Sx@iPAoykE22P#g(1=m
zp8h^<hr?5@4_`!9mcF4_0-L-*d<XAU1UjM<pF>CShJw}S)P1QPycl9*$8<f|0@Y*U
zExq))It<8_>E2y1@>)F799Gd6Jjs!-^V0eX_r+j1#oD3awoRV+P&|1tmKk90;(Wro
zHIF<tC1$OfWovqf!H&rt(+_ipL<q!RU41BBxkh{^h4y}&lFg3-93Qi{nI)@@PU|$W
zB&+XA@Tlj)z(>!wYHbb)suN=8&j^C`H_282;~!VnV<r*&fQ0t<v;YWc*g}Y%Ni066
z7auSedxd>h?OlWTzlK0$+7qD&Y@&8X^IKxfO$5(F%Z0sviWW!M>aeeBFv)IiU2Gw*
zgizbFFMVSw5iu&wnQ59YOrmt{v{jFbIKKgsfJyQTrik@-`Ayb8z<3=6DTh8n_$5bJ
zy>;U_-%j_beWyu+oDbFh{O9jvj27yQ!GwyWOVV`ZRRZkD0QdZ;1BAgos0ZC^XqFcc
zB5CS&%HgrP@Z9Ui!Njj=jRdeVC5*{6<=M)bnKWwi;RN!Or5{eD=?XIGc!cR4f+oJm
zz$A&e+MP+A*B~Dz?c3$qa9cp>9`b*OdVAPEwfF_;MeIiAC|wb8`89&Z!RbVI_u_<<
zd?W1{jY-TEBuC<fR)5eyh*oKptDgCx=-m1l%ZGXtmub^QJJ5yCS?<?3{!5#YLjfv}
z^yaOFpGL+d?89^*$G&)^(^P$A6+T=+hW#qtacz4qnZ1wn-qPLq7cKw0d?w%zvDh;4
z!|`B5@WLm;x!@sFNZy;ZmX=8MAXe8H>)kto`TIW52*!+r!kr>zurCMsPYd4Ws*p(B
zTBcpkx{_>^2*Zqi2rEEOakonv7bp$*x)kHV(ocbsCWgfKq(3lrtanV}+~~uOyY>-#
zO#9UvGz{&7$%-uJ_>np^*K!rY{yi4frWtS!=d_gqsmcQdP|qagQ`)NgUWjCOb$Um$
z6~!=(8=>pkK^O(47D0B-yErAbG(u-tocN)Hde3hCrDMzEhW3o_XKOx7a-JaH7?k~f
zVVK|KA_0IuJQ6&z!zh9P=vE~N1S3dj{{n(cc7lc%A5)^=4g09i3w-2;8`v(=RiuNv
ztxC#8Z)N+y_=Q4c{zf-6eho!>dy}n?F#kJQ%UC~`!^ku=Rp<cfBXRwys6NOpjP$p$
zSxQ-vgq0iG(5@rbwac7H-fl#S^Iuf`CpPe((x|L}KhUUgGL}J%$RQ_p=#I+-Z%Zn5
zV2K;(;Rx;ptbO^VMRC;=k+*;}szegqW!x$JMf*ix`t>pnzMrof4L3ZaS^n!WmowDd
z0R`N*m^lsbo=HBOFasQEADt078ck{{%3j=381JsDalEEk+QQ#D(aoJR3F>j3R#>JR
z)3FysBQ$hIfQ2f%q+U)>MRu#h*Aj8ZpCx&wQOkuW6*Fw7#mntn1oJRWgjJ0-5I%oV
zWM(<gJGOVc417cZzCo6%zJk_b(`3tY(`y%MbF;x-Li_k$X*(r4TQR%M;44<OgO&*W
z>NLi_lldb@6Pw$|s(SjC%?AkG9rwy#Sn!uqs=o)O{DuDfDH`+nl{WugC?@;!D=hvL
ziuvR1Gk;~2{x8hwIDs!Z`8%QeZ^dG={&kx04-q`9KV}R-Ey~Zam;mM<A)0@tP65v}
z+@F(wP603h1B`x7_}g~?>kp&-?eM?rKY$ZB#r<<(0A`kdD;Nd<6xsYfb@?0_`uk`9
zs$>A*Unv0qd{fK+yX*a`4*wHr03e6(do=~H3jA_j`(x(%Oz=K8$&b0wUk(JHWlcX`
z&1Cv)ydTi$$1gzJ{D2)l4uF?u{lNo27r-h&$ogYF<L8+%+jFP+4=Mcr2l)%zZ;}`+
z0M4Hsri_wQ-4-MC^25s(piqf#cM!NyrO|N*KELXLI|?f}T#Gpg6RkQBxP4OJuY;aN
z(oN9jEV?>D4Z)lv;qD?>llLO*Gq{f6nSIEcNx7=G3BcNm)TU9+@K_}ZbaodKc-O66
z;kAk}P@G7tilzJo1ftQ07Z-NIUz+QxsdY6<fE~Nt?$~i#4GBbJ;DPD$9f_sQ6%_*k
z&MiEXQ3q3Nbw>&o{fMG)qyUHvpU_D>kJ^eRUF$&`<&n9~iZjMAt1PO%E0YGV4oj%6
z%`G;xbJ4|3Yvxwx#3G)j<ALD?LcJ{E%+ctSB{tfU$?&kE33ztqgW?uc8$-O_mP$x6
z4(G^Gn@C!h;c@@9jA{=Z3GWge`iZz_fq*|ON?Dcy+oQJhEVvKDw=?CStZi+i$_P6=
zCDK<KWF4TzNn$hXC7;hVMo4K5g^9VZ*WdFagjdRUf_vP@q=0U_&e!p+GMj@Yhzyrl
zi_6Tfx9ZldB;1|uhvj~o4)e=KdVy`q&@i{DytXo;&%2l~8phe}c%{!XopM1y@t*3t
z_ID8c@TS5)J9f6;=0N@cjZ_q+>Tm(j%ZD$u-xT$#O}X!=P)BY*EwPAaIkeW`B0Ei|
z_E9)*PVO6=1Y)g`X8JVs2{!H7rkA;{*E4Asv8&lptx=XrZ_@j4i>?<=Pp3YVEaphf
zloOe1xkUTq=Xn{-so;l;WvdK-@Sb8lGCoFiq8r{HhF4zMY|XTQB7&Qw^2#p`-s?Kn
zGRV%fTIk1cGc3eGf!kk(?W`dd$1lSucr7Et{#Z{G1^b5J@zt@0ny)VdLBhmcFmwGn
zQ}TB777}WCQ0JWXG>?cRx*;uWe5`%sn0?mu$KY5eQM*!q{11A`sf4#dJhB%V<`p(1
zSESV_uZq>^UvA)jJ$%WcdVe7QeoI;ArQ3M}gJ`M(<DL|{rTo5398Fe+Ona;vxifB8
zyuL@&5wt7_*~FXBj_%5;H?43PStuv8j{@f->0q+*XGKEQuIAg-*GNQ>$*8|*o8Kfr
zm^uHzPsu1P*@FR~AJx!V?ASMn_^&c35@QSeoL=!K3_LZ91O)5o3oGpT>1=fK@=PG-
zATn5iVAG?8u62H89~fVEKuJxsQT_}wN4jE{w@iX);*+&g@j(oRyirjf%#cfXa)O`R
z=8^@w?RX64B7)3tlDmZxOk#OF^}(E@1~GI;-4N3d$)N`!#Lk4=NNXQfBlRM#N947n
zADJU8{|+j$wis#0G#RyPI(CnePnJoPmP*i=NS$V14chd8bUJfkIIRjQSe>;BW^k<g
zNKKR}HJUa3?R0CM6Q)>-&sQ>S+KnnDs#67_!L(Nc4m{u`m4oL=&JW}JJ9~x#M7|F;
z4Rml9c}fdoV%j*&uGAvqQWGDz(dkd%`bh+4Ay^9E9K!IxZmkSj*c-r!rPPBenaQNA
zn_E1&8!Cb)atNz6KP<Lr3SxrIfq!dN(?~mP)sfj#XptGQyH)^GRg{1Aa3FhoS<U$Q
zMEGXQjNr}5lSBlM?)4~6WUFrQ_|aX;x5ks}&rcvL%vBt}Xwcte6`21xNml``wE@HA
zS`X2^I_cSnE(zoc9mJn}5eOHU&-xGoRLlLFxCxPQ@Mi469l%806b><<(0tOvvoO|1
z><F__Ux8#NEue6saRiMasyV*Z@lvmj=vog9$i^bSei7fiXry^sOxVvye_|UKKr1Kl
zv=vS;QOq~dKkGCC#l_%H6clHp&~qzoF@u704rs^OlB^g5A^%oHk^wdq7F<<y);iAY
zo|-t#2A1+thEKdL0nb9`!~nKD*1!Fb<||V@Z|;1BV4zuOpy3OR5`hdw;XL{7F_yN2
zmr0xh^`S0}CnjN30geF|*7BtN6D&j_wO`y2PELtkZs0>Uj?-QyjNCG78^BTTTe~~i
zFbC193lWtUO>SA6M=d+JkU|y$x;}GFDWSp`>pUdmKO_^XPN{zYVSPQiL=fm;&+@*Y
zQ&EHQ_2Oj$camofIRn+4h^1%pFy>PFbbN|oY>N3;VC;>9SVr+L8tXS16=u$V7#SrJ
zwt<cHfPU|XZxHWyqbw%&s)&HGBU@NY?#_UpRw6-IRf<m8v$-^+xG&i9F0ULSnY$tR
z=5r-qfGvddl6@(r(8|&1@Zq^?b_@e@Nn_JSpStRMPde9KX`_?rM@Re9lKt<+uodVd
zq6W2MC3~MHIa@!o3E($XAMQE`B`I7&lCHkdFk^MDi%!hrQ6D@-WXh^wpVbk3SN-WV
z2uf6)c`JR?8V7SuHxk{4aq@Wue!We7p<p|2uT9ffl@SG3+*%$ly8_vC`l}Z@O~~Gh
zm5qkD<JJf%1@k#=R4;;ZBv^2`$?4Ml%d%dERZk@a=u2r}h(lFRV-TDy4rD2+6PwRX
zCTSun5x}7m63&(33)`h{ql8keVDM|!nR^qMpZADEl%rMKEt!fL*;R-*mj@ZF_aW_)
zNcO;3q?;bYo{2;-48of|k-uXJL@V<m70lxJT;zee_rCP$oY}i*t%5pzG%Coq<(pBz
zMIER>whd4C)50e7J;Tg5?{8qpK8-EEXwBcHb=d#FUg*RR+k^k0bp$}Aa`nK@zP=rX
z;(lRjOZsMZtNFA=Y)?#Sh&6p13cC?ryy!8nmw5WStfqCAo;`2Ko-o#0oW&u<W<Sfe
z0UJG2$J=C&{lu9S|Mh+9hyj>~JL$y+<el9tBK5jSyA?{UVwrIx=Ez-ML^B1tFs(OQ
z9{qyEVExCCq9-5s96|8FV-eoNW-GJawhUl=!<o!_fxZ-<+Uc>hD0^e3Mn__#WcBW%
zZ21XB)#u1?7jyHAc;us%p>;*}<CBS!+7b`FOunbnsR#ZvZdGxVpKnu+$4V!?VY164
zPE72i;b+6)2(;~Cb;DrgDqpbR>RENwIa63min|F{ncSn<$3)&~v3m%srC`oqnD#e`
zAr|&OfJGH0sTe~bgy>MZ1$Afg<&e|N*C;sYu<mrBz^9Vjz@m&`B78^%D~f>{ITfx7
z6zIp)Mtxg+u=TJBhP~^yUVzKO7kK`_pRd(_LEL#pShN%#2GtS;mAJB~#{IH165;dd
zm?wDtg><83f7yP4PW?mQOchMNJNQ-{SXN5Nv7q;x{<ORJEpTT$>K4!76CaT4!J?kN
z`VG&3p&8k`)G3%X*wn$?^I7p&mktl!>hCGC5}BNhtQwV-hI1TTsW+Ul$b;uBbj<op
zPL{ahb!lH_jb4a^hH%HU>uUC}ysD-_e%kz$08@;&N3}YsXw0#Q0hoTl2AIxEq@cAt
z;IVKzoBx{RBUM;$71k@-_L=WH$_S5z%IF}YMH&wS!(E|tJjDW03RDZ(p`CR(5d^*r
z6F?(x)&kjcKc_W=E5AD{kjO>!sZGOTA)+K+6t61CvhcO^>uEKB9Mcj;?Q5}p^h&G#
zo)ya*j#?cNxOSZG<xaJ1NtcDXz$Dj{Kq9B~k@w4=oNdrte5Fmkl;3;n23*^Zd5i=w
zVGiT)Brha<h3Z@w_~=s=e3$WsLwHa>O|oS2aLCge%zOQ{i%4gJ7dO!s<vSSHe2w@e
z9|EgGq6{d7*sZlIuzJ7-`7e6OZ*p+V&jMUR;N~92`qr>+8P<w})}+AI92!{i97v>a
zvDb!JK3^eg78pb%4EdJ%^UFyIRE*FPK|!$vi^Cy<xct@waj?IPu8|9!KNPp?^f9o+
zh@BH5Uy03ut;D~o?&;E)D&|AewZ>BU>PNsrFf{MSxkEK!$Y|CMp*yPXvzj`dn6TiJ
zQ*XR~9P+t~Rd(yxi`9*^QKDE~A+x1Ba7cME*>-~UF*;MMIU++sb5!??9&gAQxix)2
zo8_Wu28IIz2~0-@uI*i(o}M!kSrtHVpoJNW{^O!LCyDnx0Y1@SJZaU5f7uGp2rJR$
zNErg1+uP)ipTCUkVYW_wg0To+)0RB%;*6xTam1iiNI^44Fklwu{eRed3$UuT?R}W;
z6ltWTrMo+&Q;_cN4hfO&?i8d1=@tb<q(mB|k(6$!Z-K{q<s9z4oEzuf-~T($eqisp
z*4lH=HRfDv&H0XZyrVj}VE~Ht%R7obPgeQxrtG<G%|Oe|Gb#rvpBl<{h_O5fPNRJ5
zuMdWJC!QoTg*?2${67JBe-{E}zIKrs0{#JjJ^tO-2?4Rd9V2NNg-2L}9L$>*jEj5h
zz-CuaXOJ1K-SQ&oF4F?CIN{fz4B=d_ClM!*A}RCfClTa@HbDfzqis9)M0ys8`B0Kn
z7UsP57H#5R&AOF_VUk)lK%ftERb~!|T;%2Gw4$i&0O<VtWtP#luq@<FNXKTBkBOu_
ztW7wMUAieKP+StOhjL%wpY=C0MZ}597(Wi#3vV%?c7FIG+g|yN0-{?-mS0wHv*LrC
z1)ER(X(;0xTbN}tnH><3J+r=g=0}mUyaam2+@TOtWCSD!w7!PxYf9zLZma7l)35DL
z2t4!nk|{hhe``OsTY?urLh5V7H&V*#^7(O?>I=_YzMZg38eIM!Psb|b?Lg>VN@^|4
zm(a{ieKKi&-`Yj{le|Ck)diJ!ab%03#bKT|qQoFA&hR}vJby&@98ziD3mcn0%q*c(
z)yMyBw;`d#GKC#-?@>UEYZ+Jl(ZM4c9zDc~Ae7+<3>*>>hy)F4YlIKZCgv`W@Q|1>
z;mvB>qw-H8aagtU;~OJhQ8wIRSfdGhaYqYl0Ht67mODbO)45Z+h&1c|q-@6S!Rsf7
z6`nPv2k?*I%Glpvja%Xa49wRqW<%L7L_r3G2IpWJ{y5o~%H6G}>@6S`vRVURck0?+
zKIl+p<R=uXjm-9|go1!Zw}YE~lq>PI<8yvHSjIS?%%Fu*NL0Ha`{M+uTIHba=dX0u
z`BL8(dVLOjOc^a&*rW)iI)<;`!zPj>@t|OD8&Pj0sRGw28S+pbZ-Rn#!ZzUawCHnJ
zNh9dz8P=p5PU@CRVP=MF{$@*HDg606=+RQkf7-`Xs_>}M+50oEH>oVfwrCiFgAjbr
zlD7}sygy2MAS0f(OP1dGaa|xq-zKkip;smY@*P|{=+`W-u@IuOdbgX^81Kt%bl=DG
zwa-!A!kepXIZ+sMhO#queTef;{i7!1o6np&xSg?$S-5gTm^7}lTd8!2oFDJja6*Wy
zWR%4b+Qfc-Ps`zMo0Il9_Woo%dum;L2^Orwbad~8^Ds9WF*wb!(%3^Uebxt7c>@{d
z_KT;34hWyngUs&^ViQEdCqOqG6~qQcD7aeH-IIPk^fAk|;H46q=m+WewfOmCpCn#X
z*^YfSbo9#6R$`ZndAs6x)o7G*1owIy*U!V?LT2VG!zaOaROxx%K2dP3ePpi_5@E4f
zu`bJK#n=_vUVgW;Og1FGXr((z1c5c)jghjkSa-#AteynC=G&?)WlgoB!fpZDeE&nm
z@Wp2m8<x=L(AI4(DkVJHuPc4=-9lGUR-4!c1FHt$NEhpj6Tmx9V;B+pc)n#<2wi;a
z*GrMY3gsKwTpQWPe7yhW)eXIT%SAQg^>_tKxrxhog;QsA<}zyfO}B%)U*;9~>yfKR
zoP+LO(6`X*6G}n?etAE7a2S7|8G*3S!rh_7x;guIt?aB08~H<0I$=Qw;r!59cS4ez
zld;l7jC@EW1nM{`?}b|U6mc9tPVR-yeVTdqK+`QhJ{j3eJe|2q%pvV9#O(8x53dy!
zarb=Z=c^Q+__Z=>vDXj1OKc@+P!f+yB2~r0sSq=1$_|)homWFLa?2?)-Q(lA|0u?%
zLd&^8zdIPAS*JMEC8K}Nk!DvT)bKNS4q5G*ZyzMAr<L9wa&y$jyGwD#b&o^t)~P<C
zR6jEk>`E=_6Ry~-e`@s}-&)dn+%ed2Y2w_lqpPGeg2<z$@1WlcWQNvd{s!aTa)JA+
zI55qADQiD^1dthbFaL<ithu55r;#cYcLI2rs|i4YR*1t;{P$X3X9#7>jDzlBPw1q+
zuqYIjfbVZeatXnJDtP+FwH`P8<GeIgd@dnr4Uzh$$5-Z%7j>FOA^JJbg1&I@?+J{J
zB}20I>8)-DiCBwfMy*1nl$JlQZ8AUeBcXz4poT+X|Cpl1c{Uyf(?4Eq3GwB*X7%8%
z>UN#UQ-?4#KEw=&-uihHPDi2m4qH%HO-zKiqXa3&=}*X~4NNqBW>jJGLJDQ4SgFyn
zNzRLp-8SDZH65mVNHih$a&6|=fAJ(vAm3!FgX^PPFn>YU>G+}`wYBEu+Lo^5A+FU>
z#MxE@LuK+l_i$RRrMQ0t$v}*g=EgTj)PoSp-`berr+e=o;0a^APH()Vd;e}(61K}>
z0eA^+;|lw&XX%gI!T`A2Zg6e=k=p>-m>=Fe28JtQ{q<k}Y5!k$FaRok|8%?AuA~MS
z7;lh-0mNV~m(9O@vCv=k=<Qw%3=G%(g)D!g(%)9c!1fncBLg6T^Y4xzxvj(O|Kf3s
zOv1Nx2mW6?yW6yxk?q$O07RK?VG~Anf!iF#!E}qGZqv@+a}1;4kE0m{8E^6Xmx1-S
za|&P9%P91paCS2a|GhRairnTrew_7f-Wf%IeHM(OH#@wq9MYH0>&uJf%H?@g0LIOg
zSL~_)3>nrR-tWti!TQUi49KX(M96vx5nmk!^a~)S`lG-|$a>}dzN{MP0f0X8%O1eM
ztiSL-j4$nSb=$tG05Aif7W&I!z!|Vz-ZQWEhzbz0UA5q6Upm`u!RbGxB>&q|l5Dp{
zp4qP<2b$4cwypF4p|BVXQ4M^{PnPF{ft|#~2neC!r)^US*al>3#rqHtg3mCsC{c9%
zgSSNdUx8zvVqn{`Tu9(4@8N8jxfEzCL+S^?@1%e_6XD@4ts3hY!Ak9bE;461;`hw0
z4+`$Xstt_q@90){Ox1r|qfRa36Ha+>1PSI=*s$kg`gSc(`GifA%gP>S4_lfd!(!(h
zlB)$X`QeAI!xaO_&0f|dwtBbbF4?5Lu%^A)X(GeY2l{hCavz|=hIZW$?V%rQ@P5iH
zTyo6bCyhYkF{H=0pG%SJeO}5c^Oa;QGA50%t~(}X=#IeLCYnMeowvRqmz8YQD@iVe
zlIqS_J-fWmxOn#NT@L9F@H!iwF9ah^H;Hyme?ewkkL3RCyqN8lFf<S=`7=VJsUTq2
zLJ0V4;CLfLVZfTn(`1m>FG?W?NiAhUY{v{yadDOS3v6`mK?OecftUpkNn9v+D~oE8
zf5bK{vE+5o!YQ*O>l3yF%k<bEx2JG?F6uyd%Dxtl;jQjV7j!evx0|p{raBIo)(?Ak
zaE0j{GAq5gtzN`GW3T1WWtthTu65Qkx2c@{l*Ul%;vC6|@eY)M>mA~*z@oPnQZ||~
z+|&G?DK%Ro0frrA;*8ULT0tJzUQxLC;gTrF{EvxhMV8N1q4m{4t<r$(Kjm{#U3$D$
zOUdczT3?D_@};*uovIB<k=3?kq%{P=MCmjN<rC5fvNpoLZ9&g#naA5_J|%802*~&C
zvN@=V8<uiCYNp}wZ`dD)Vnd0CeVN_8$v12xpZdU@STQU$^!!V1c@ExorSLb10eeBw
zZw&@oiz<EZVy)*?L~8h;5sXWL(ModEw*&uLFdyTF9=at23<y#G+(U*@Z)^egr^sfZ
zFVt61ACRH>hhzcLpewxIxjjU@qnqG!eiq^0{J}P;GSF*K5Cntbly|1XlIBkeH=nOU
zOGCJHYwY@T$-|Swhztk39T46R*TbkK3m5d2k4BAkcry^|YOHGXUc>2ilbmJVpnDsr
z(3BHubP8P9;`A&0B7=+cGkE>i_yf3U5{%^@hzO=921;**J=?g3D7tJ$d9k|~^t$!H
z(Le81W_gJgy>D5at4$N8B6-vm6SG3o+Nx*JN^)P7sP6+WMl;48b-VND7mX4xzHNPC
z!r?7?pT9w^cE>(NFs&l~0fP~rZ9x}>!S3s5D~Gv-uHNvoiSPssZ9k&Z%F=@|FVOIA
z7q1(vdP`)Nh5njVm6ar-@c>@#2=$RSRU2{qVP)&A(8-0WA8SV{jwCE;B(oC<KoZE(
zMGlYyUEP8wSU5H6-EvOx1POOZOX|!jupwT*_fZtf10QEzM7ipe9wl*3nnJ&xeahn_
z$SjgH7~0FkC}Oy2u`nd1#1@<T!46U7-mt3J2ZaZ&-8SXo>}wu}3kl~BiMyUh`pPI8
z#H*G)r6Ufjf5>iJXEs&KzVap17cF_WAD<jfLbvR}{BGd4_N4&51~`@laXpJMt7=A5
zrZKWn`a&W&KAY@OGS}u9We_Kg#Y2I?_G*Qb(NT5iO-I5H0&-cEM%^waRp=y%G^q6D
zVaGAj$WxgPmdoofOBhsbb&N9>Bru!IE)N7r9a}rmPtsQ$>Jn(;SIXUy4;mi#D}#P+
z!k`hTcuH<W=kj<Uwlw`=b%Esl*JeW5^)lJh<RT7GMf3c};U%W;=#aR}i=S;m-UHY-
zPLDQ*zOh#&;5N+|k|`&qe%=#ac&ENs<<OZ_tuwh#YB)?>svrC!H1)~r)l%eSV~5WV
zUk<4d#w9ZKq&J=*Gn};C(~tk!<c_FSeeCIbAv90Az09)r-p?`BIn)#G?T%KSaXVBg
zzFWHMhQ7ua?si1Yog;bCzGCLZE+x=$jv5R-`V0Bf^s}?lW9}#E(|vs1q%(oP9Xo(7
z`K>5<jBMA)?wSgnm(Qlt3OHsRMBAAC(U?vWO2SF#8KSN^p$ZU;5J*Z)AGq-uA3SX|
zKO{PuHf{x^*YK*=TZ)xWT6*u8pwLFDPohjB_k!noWwuLz^4{S9Rpq&hpS4d@>`|F1
zNpIkU>PwFt`jNlY5<U;7*?tN`>l@NIy28OD1lxzJ^v?$Z`>hg*8Ol25W_`;^K!ZEL
zMC*!|56svbv)?Bblrx$Z?jq!A!<m=7lt_ZCdL(1DjutG<R9ErM>TYL|ImSZ)f`Pel
zm=T@GWUG>wA7GL`wR!JSz9Yk|O}C`ywQ1f#x33u(2yCLeYi&@w-ktne&%=HtPsl4|
z|E(rxv-#4+p=xuN>M^tdzRwLoy1<n2c1Gp6297H$JhB3$W=;<&Yx#*QaC&13SH;}D
zr<$?2<Z+so5hv*RQCc&>%>uwrU|M>?24}%F1ZhiKW$jzTUSndcuo?8n><ZWn55V7J
zE=vV#-5+$wY#kCc%1ja|Pf87Xh}dnyg!dlFOy8#{$T}kvv#MK=CY;7#vwc$RTr<p{
zN^eDB>i8iC)IiCrheXLMZGCbtjtI#25hV&@aWeT3<qQ!MPwpg9HIh2GJFFH)Ti`TL
z=zA}wye@jw@quFC;4O+%MdLd{St8Gk9>aY6>UkuYgW?kC+Fn}=#uIg$!5}cRXxCm$
zwWTlZk)9j&eLG>Eow!`AvW3o*TjNLNxiXDqP&}i=T949;>PYZw_6!4>zBxS#!`7Of
zvAz_*L=MCD-MV4?-V(BBxUT9WEjNMMN)K~l42KbjT-KwXzUOvk0=;|yNpAT8xttWj
z*ocf&sXeR{Ea@5Hd>9cb-KT9x-t{)wM5-V^IHWVdq*ME4L;R%2<wjqJ9D7-9*T&uA
z*$bsmANp`%wY#yi^)OZv^$aB9wz0EteVyc<K%)J`p5`;LCF#T?8j~nLoS8ZlXc!@2
zZml4rUbr8;`!U9tn2M}&L-!8XOI$IFj@Nyzt>7D5pod7j&u%#B+alQX*DhLVz!e2a
zgaC2ris}wLKtACP%BG11UpQFN#n0(@2T3c8>mo|PlTCnC!HGB4&(|+*f6wT`Qm$fT
zF&~ub45dvk9&>50BMA#xV^F2rF$W8uWYJI3wXA-nkja%~h_-k<P*=Z-Xv^6<Fe4CV
z>JxjM6nkW12KD28<ic6wa{H!ac2g#hTr6=i3OoMtUeW>8rQT1f<ege}uYB;7YYa#D
zIrJQfoq~(Gpj?twcVDPcrmo5`d=1Y!Tc5Z9^oPtY5Q1bIZ!pJgG3V=1oIFud;cbMM
zp1HS}i7-#-7r9NtjQTw<)?@FPkP437UF4vzkRx~gHp`1?%SNL4kj{$nZuvldLHlzo
zl~+NJzhdR`I#1<k`YAo#U~MbqkC({P*6L+QbJ=#{@(`aw95J25+q0TID+)k1vEd)*
zWDE*#T~fs{`%;~R)+-RWk)n2zbI0=zI7Pp4c8mk)-lS62eK>WAVN=P6^f|)~LEmBo
zY)f(UJnq_yj`h2Fp|7e<2e(GZsxs=Nt@wYU2Vnw;Sp2063aL0c3!f^){oO^PxEdu(
z&#=bcpd~0Sh3g$MvI_Cex{f!TRZSlt_Z#Sq-e9_0t|EUG(xcq-1`)V?AU`(b>wt=#
z>JWAhyjUf=mpOqsQl+jv6NJp#5|&6PiT+hUS0)n;QV*M3N^Nr_U$rtmwiw=$24={F
zA*t`4X<#YRO2Eqw$x#3EPOA$%Z!1o$2adRPU8$?Q_m95JY{srA<A2ebGV6I@bwkr{
zyQ*Tlu8b5VeW{G(f5_QRGayp-mE9KX9ZED#<1(_NJBS8OzOOn)dHL2lSM)<TO>vLb
zZnVv?XeoQkO1sF$35m*O9XWON)cgi?7@nzEBU2~^*cz2t41HrY!8xa-d*NaDWGe9>
zozRZP#+ak2Uk2yVq^636i}ny%wG-l353IV8!(ZI9QBfwe%}mhZ+y#6M5|Ng;5}se;
zADEt#@nZT#`g4X^wUOGgrtwd#;Fd@4!hNWJi3Q}$NZ6rRf!>~cgv0ZRVhI|DwqmIT
zl6=ZAim7kpJ=feR9tZgp0r6%~NE~vyY!v*QKK}7SUAPC*I~C}uZ0&iHhFT4&SFJCF
zv@(=TJv;)ELRF7<;jO0qTz+fUE3Ed9i?d<4RAm2apbdb1|9<ZR`!B%D@AobM`1Wr>
z=YM|7PZ&De)y(R*RRKas*TL|g4`I8K*!g+OkIw-5eR-1q$_s$uzki*9<;q~ct?M^H
z{f|Tb6FRs5yXs9$jK9V!f1iF66Vq+*<6k40|CEB$@4$9{{d@n8G82GH{uNzj0)Vc+
zmi|%wOt-?~f7HUnE_7qa(iIGPiIQFprz@cCssQxh6&m!tAWF#g1Ax8k8@3++?4`-C
zF4L>S0LSLl#QmxOoY<A;>3e~dko^Y)eA#UF9}qCmDnj-v2>54c_DYQH&oHO|3t>*|
zKLJt?4XunFOn`h~e}$e{uEx!eyPyFB+;1P3?6(A8fK+RLt=A<LNOS-|S_mgaa4b5=
z65GY(Ne}TQ07NVE>!fEfUmkxX7@?L#OkM}Knld@vV&`rQbOk-<Yj8P5FHvEuVZn9b
zQch<LngeZ##jMY1a8IbIN9wk=xm7wl!>v_x_Zc}Yy%5OaD`vq&UCBn}L={X3=Jte{
z*#y1%T=$aJ)y<J4SDQ=DqO8~<Y;<e7Sl%@rI2Ng{Pr}D`olhS<<1=Z0)w&hj@a+DZ
zrvg0ODNS*!3GheNp%al#&yaQrgx25$L7z?~VQG&O(UImquoRQ`1!bCE%_N)c$;KbN
z!%bwXNR6(Pu%GE9Ik2BZK{7S*QiG4eJbz}}17oq9t1@99Y0mr<TzSiE=C=mrxHR{z
zuAW~lo~5F{(8Ele+->GpSTy%YcW~U-TRfjY9d*@=X?K4MMQR{Ed9vI#MfV9iO*kiH
zpU!NcD&*j`Wq%{&ba&*lZ}-qOoixZ9-%X<jPv@g*d|ue_eMXx^h|t|!2z?)1($U5U
zjUDa+RE3i{LGE)p!E$`_8P>zjRN`83SBqi894naI#W?G!)~b4%RJg;`{FZ^#^%n);
zIn(sT)L67yPlZ9hVAyrOJ#9-=@92DKV|SnIv7dHMHKi%WxP&g2zc5J&46mc{S)2fb
zzum`yx5uv={GA1q-!l+kgmTYRc@l)g=#SgNJ1z2rjSQ}{grO#BMaY4sVvf!(^^`$c
zgStmoM94x@ds0XX_AuDhYSzD)<LJW*qJP=v$8yj2g=778p--Msg}5oHt=lY?RkBxX
z_sEhj&Ni*$*Y)>@*j$<w_K!jXp5U1DeR?cL#oEekm(cf&Z$00$=7~{hjK>Y#bW4nb
ziT<bS$t6`fS|GZO5Ju#X!yi*T7&+K3Jv}*D1jyQT0G?=KJP-a_yCpMR{)LVWhrIa%
zl>IV~*_Oy|iDT)!9p1`_#{t{V&mW~eHyS~S(vpcQLeEU0BM<d(y{A(F|I&$10NJ0J
z+PEs2%&jAhW3W?YJ$f&6U;}cPeD)xHhAb;jPUuv$2e+}jVfBUMr?t`I^%Y5pVK0p_
zvj^s~80x2-!iNBbsKavlEp>zOq4VicXP`?9Irh5D0p(8XFojrPAfz*0CMUeNLFty;
z28VC%hHI@+;uIa@d~d9nuSO%a5mTJo5wY6)$NFI;I++L?H7l@R7|oS?7Y*m!=b!4L
z9pNiv?kAxs*T@tj9y1wyH24yS>2w~6P~6xrdJ^gVZ5*U<s!dqxO-Ve@nM=s#Ji!K6
zxWf&Wzb)i(ou#N5E`Zd^4+Fm0=!-1;wq>JyQ$lI~BX8#GO~Kq3EA0o~$WYJ9=>=W=
z8klnF7QhWAhnF;)9W76Z1DAOs-an4ZfI(Dx-t)w!=4qKmd>4a#gkbzeE{+7RVnA9A
zM?CJ1{_vVnPmI}iK>A)L-NR}M_ZwP%OWcBq?b@ZSsR#tr5F#}0!g*%m<zhrm&4&kZ
zI9yzC3eFTRZ?^{xE5YgD4Z?CSL#D|@(%;FUt9&X+$CRJpmrvozwz&;IjtBdu?4oQg
z3|*k55?&u6E5YV9Dc}9QGHMdFu#IO(4czy{c}ZTr;)To1HpcNc<+Qe`A*$dWh0^yj
zZos&!ux*BNrv9L<Qf;B_PL58bH|A{fn+4?toxS}14_%DQg&o;<41I`N!)h`tF)Xv9
z!loCz7tS&p>Mjo2KR<d!RhtGkR*ax9J`-4Npf+!rTJALnnjVRuMdkQj61~R$eORE#
zEBwum{H9e@TWUgvo&~0DN8=&KG{{uuhFLG9nEG_!pCcr(r`J|eOpH0CH)P;^8u6d6
zQw1Y19*~eavXO9Jwf6LDit)u^A1`S$PB=rA`=-_Qm~*WTbxf;T@2f$0E5mw-$N2_E
zYdW0k1D}TyZ;Cw9>(XIP$Y|zP;%v<}mx!iTc1<=8YR*hAK<JTjZ;)c*xFyDNJrGej
ztP9qgA8=t75F^5HC4DW$7vVMmb=ow7eAAU;fKNJ>LMFnbIkWL$4sMc=25&AIJJ=0w
z{E3Wq_CzKT;!8aYu^#uboprZ+5>JV`z9#ZiAFsp<Ik|#Z4CCC8vJYUT-RjA~z<3Q2
zP>y(m3J&O_Zz>6Z+a7s8D<S7f!gGQbKa^KRYi$qU<t32|^+)}{R?8(MY3T|ru%kj3
zvLm5V65he@Toig_Y-)_FF%um0^pjcTD&?+zv5kao)uR5Cg0pAuT#+F2*s7rIeOYWL
z?d+%$WAm*|E^D{`7+$n_I`bPYkXvFJfHvRHlL_U>F2pP88Kqe$)*T%S8=jzSyl5b8
zQa5?=0dt=hxOgTf8k%|@`18BIuTYnL?&fCkqSd3jkq1uTr_QTkAY1gDQ>6E~#lYJi
z2B$%zI76gZSedlCe~F@aR3jYacJJt^i?}ss%Z|7Ei&gWbDIuo3kHq>~%F9$vUs#=Y
zk(*cI(pR8`a@j3!IHg-UWdRY3pHE3Mq6-nYTM1uwN;NkyPwJ456}qI`7NcvxLc8Q(
zV>}49tf#DB0drQ3RL)|9p?>SyQwM_e?QXRbqntg9Hx1?jQ>v5c6JJ(E8;_*t+DW|x
zQ@ugD{fMqsm=)<CPSkVM?J8Qa4Gm)hh|LZ<-9LA>ZRgZ*FVGUaOQsFG;XHntDgM3i
z2`2h$@=8FM^i}voA7yPz#Zh7E(sP9|AW9l!H6<v;G|N8^yFAF7|MRQ}Cs`zpAC^Zy
zOP;Dt%ckJ~t4jRvyb@BAybkD_?%hbEt!9%0GFM_z#&HDp>`w256k7Vkm?XJ0AkE}J
zq00+YyoLy!VeGpOhBSGiTJYNtDUBIo+#(%Io^={v#A^)~^AeRqM)_1hyXo`&tf`q#
z##fsSF`Z&Qw42E5_NYHkK<^CM=pwfnk=Ej!+GsA#Sg%6yAE7;K?S{#+HI>9273Asc
zwyMT6IQ}T_zQO3mxs#N$(Xr8%XJ_=GW7cnOo5kGtY13Yg^7&K<-J`~RDV6o|EC#;1
zWJXn@penw4m~BN-&4jnUHAgP06FEGoRPpI74Ys9C$E<m4$7u2PHAO4ihx^c=N8u7T
znEsYiY^Li;uA~9e1MZZGC16I#2$K@g7bBA&G6KGL(EgfzOc(<!l%A1D-q)T}UQ&Wz
zMDW{N(7v>;l^T7?43f3;3@})eV)**G58Gpeh1>T*+v#4INfQ=?^()Ld6Y%#tRX<D+
z!&i5f%ukRvPAf81WkVqBBa5<XvTGo(5T=xSOhiTO=N@9lC<U#m;XGnz`nngZca*$7
zA}s91h^bl#_YrUIMqpV_|GT>P8c95SO}H_x#^ud%q4&nBFYfWRnv~Vtf1y8TGx;Sc
zo8hIq495DaR4Qb)M9D+FX^e6e$ZWDK`c>(NeOylYV>F{f!=`UOyuyqbe#_F=lO}2&
zgu&ZQ$|B(z3bnzY>6d{B{h}uw>A~8*$pg{E#$7j+`Q>KAsv`&eBQd4vahLm!A)qfc
zEt%l*he!d|fTYS4Dgo{{-g8jvrVPyAcE+VN$gS?OjO^DR;@5H4)Ld9deeu*^aMwpT
z4Zp@+ansYw3+q@#-QQ15l4|UIG|$279q5q&H0dqXn!%qx*DiADl2?n5s?{`#(AWPK
zgbvAnATT-B0Lg01;&{|j&X)htl&NL0$gIH1diZ=M@Ey3ZAuOEx_#W}sA}rK$iV4=>
zZ{u_tpH8JcXfbp#*SPDVV&0Cy1<53WK6>K{E25cz5cX{(M^#v2q|18N#6dPEb<;({
zBhcf0&>{6ExHcL=V8l{eM~m_t+IE4=sjx>UnyL?7P^r&IlJT6`q!3vM=ep}c|JEvv
z8uIoOQxw}0MfedkLqMcAtIGu$*H|Xp66XF$pwA5!{%Mx<$J4t3-rDa6V80Iv04upI
z0(-fzW?=do5b2Ng_P_oP@TY%^nlb>{IsYXf_3yO{AYxxm&ly-4FK=4^_{DMq>G~gk
z>-Qc3xNj~8)vsR+Y*&lz%gsQ8f4%p6832oK-tq6<3h?eP^PB$2F?yNe{rlMevE?6R
z9lgXMnSTfR_ybq`UwQ}Bg#R&o`hSwu&H4inXBE1|Dc-hE*#6T=6>i&*fAu)Q+py9v
zf8;l0Zo%JU0-+zh@UOP_zx{pDn|%RSxce1gPk42Qzx>Edcm>d2ZDl6By4_uU7AEBQ
zLAC}4C&%SI`*J%lJ^@zu_s_uax?1&KZU=hkYIS+_S&;C`7kBj;IOYe@8!+#c4&UW=
zQJ|hHFT>A%0S5ZpVrGAGw*T9lZ3g<wA#n>Bnvv~#EHIG37@!xN7QwOV=vvdR1)(m?
z-ksT~fHoZEhk!}N?oAgaBcR8!`79^=ECmtInY){X)(g3Yo4_&8A3SA(Z?wDj$nt)^
zquz{M4!=!{V#i2UvrIT$*Y?5ycwZKAsW=8rw@^H3KxoJ*dIDS$X1ZTO0vi`$wPqAz
zw4bU7nTJSr>&y52otEKC@-98tt&N0e!h4nvM%T-G@1ockeY)S1T{212N0m|15-a8S
zfPi>m>ofS$7Dau)N7MD73Unb_e{Yfxcaz&Cxy<Q;^}h7E<-LnwYedz8sbWNb=2+le
ze?r;(V){j(VjsYz^HOlHSvAHPQ%c@xh+7_4aLz1~YW*^!LMVE|(Hz0oFz+pQ!~B;1
zrwQ)gUrJwtj(;qr-Qj2f)%DJ$OC^GBJAj{*Bsup^)WX6<f*r&sdPZawR9KIHOTaIB
z4T1U;UvKzmGBJ_1;0s|V?h2<g#L%O_xLN#UuQByCQuMsz<_0Y^(XxWDjoIi6J0B-`
z`CS|5dp?P7Y2VaSg`2ZEVm}2(ds25VrefvOynBmH9vAtvFNbol>g}40%dpTPOkDE`
z+=0r1JVeIe<B$*IkMA*kQc?9&M=>vr>eb#No`1`^!dE=@I=~%0c>xm5S=#Ms9#7gg
z4+9jcQd1>8^ZTKrlm$-oDg0G3eLLi2d(UgYSBq7pL!J$Zsf~0+ehJyemOQC%ln*+K
z^xGuJVQHE_5<E=YZ$(n!oGR#c5_Q=?8=EQ{-5%aXt)PzP*|<3GboU7B+Xh!vdnSLA
z>2C?+v0P6lc1ab!lr&nqlr$>7)0j_2wkWsjeeMY!{dlsOJqk6+LX>Rnqx^GiiUH2K
z+}`mEotTv~9Dq&CI*8#>Q{ZLKU5gaTm)F8Gw{3;Lu{x;T<M_2z%D<*)VmYDvQ65c<
z=BFk?-tfXD)*z9`h)JlYL!n=`^gNOT>>tkYzJn^wYxVL%?U)E=*;pyj#M%so+je6~
zchOgXB3W`?#QrE|42RCmM5&~?HEE+mi9ka7Qr(8UEsR#_D}n%<@w3BxywB(n%aKe_
zOVo^hj+_GyIQQAQH1Z7wQN<N1426ZW6;dDT<1_Sk)C$S&bQ$f|N2_($+!f9W%|~O!
z_BGrX(J3s1$cbB5c#NOM!BcO<{=fwMZES3nPM{lGpPnq&ncc{}c}7kF6g_sv`+nII
zn!%sABE-njKRkxn>O@#;kut&hl0L-GcMdZk!=L+p9S>Y-*LARXL(;7mY9d@eFyHVM
zQN<HE1kCMsV8+QKlam73!Qrz~Tv76OT*Sn7jTJuPH_1N}H#MkX4=CAc@b3+PL`Mo4
zU>bNj#t<d%8fCUGOCrntIlZJ?E2B!sm)F5+&rES)giYvMv7Ci($$Io>A?PQCLLid~
ztXU<NWAuvc?`#rz%<{%&kMx(5O*+QC)g{n2Vlo(*_T*sU8;7SUXHUQ}1J535(%6ry
ze>H^YN!~I9E)dA`+VCTuGn<|#ld2~p=hfB_qUW?X4YOM!u}qBDF@nFaidhK}ZT&7;
z#jUgetC-M)Bb-;g*k)ajf7#Qar5{;mQFuISI*Y^3!<7|FAHwA>yG?H!`vO`;v;Fzp
zvLq^24}8&y#5O;Du9F$}VBFqbPj+8V@GfO%=$N%Mj4TYVyU3?iy|j{YmeDu$j4znf
z`SSE)r*W`L4K@N&HaVUi5nFz+3dMlOYM~OU<)j{`1%JRe4ll(HRgg&R`G)cS<Owo7
zyEP%+eMnn-lzQE&myt{AIlc@dV76uGDT67~*zKX`1I@T4IZqRfNt)ZFMn$yL6$fYT
z8|G=ORH)OotLNCk4K&Ar_`7;H@RRN}=;yA%j4A4nQ;l>&b*~rHqoc*xYvjDr3&hbT
zXKr0f;E(iF>x=TvlghF<rRa`cjPI6J<DZ2bMwZ*!XYi1SX&$FD#*WUrsV8oUC<9E6
zpW#<S#fGpi^a$OW{y1es=bdg-b2e|RE>@5X$699b5XBa@%<uFvKto2vC^@1eA->uc
z3D7|5-?m?<l-d$WX?MGiAP7R290M)A)5R~1o8f1&D6&DTLq$s%5kG7T_a!*nl3I&1
z`_;hbAecMU2ykzpOp_5JgnN7C?r41JrjnyrA(AwN*hb_HSZmB`$5njWs$OdHR%Bjg
zQLYQ`Lo*&%##ne%b{zi39jDe!A=d-Ea)#vdKDmW6UiQ^?rKvEo%-W{1g@P78C&_g<
zUjq~0h@mhEFsS+h<8b55Mf@$W43e)I33t7uEtt`&T&na7N^+(7tHD;f&D`k}n{c({
zP78|WtBE-^Mly4tof+HJWj}bt+RCoo?G{UHrg^r>Ywi7VPTAsZ-b?*YCk`luI3Wcp
z3CWgaJ6bWBrHUw(s)i`>xy{rM%>)p58?-`rj2GR=WK!B>36+}0n}d@2P?y~o-}NE1
zY+lUUpYojJy=EN9)W50oZi$^UUk@A;0Yq58>ybQeQ4~Dwn^&R=Iox=S2-C?#{WQyG
z13!0#9;9<tloeVSneZ8(OMxt*?{t@`5{fUu2LdBX&q}XQZ$B2a)|omK*J5OdLp*(D
zdjT>|-LD&76+5dh)Wnn-O2GUk%2n<>!m{d!+P3%K@kOfD*U9rJjoE(#_3ZN-d(){(
z!DB1Df%1SRlu1nDoCEZvIUI2+_b(H~8LkJG6_N!l)Tf;vW#k`1L?@-WzW&ynI<mu-
z?S^QpSz1tCgH9kqxcFgSxX(~j+m30zvYxo5>7+n>`73i^nCiYs`74t9U58sDCF5SF
zv5a1$AI_CLp57~n6x|K;m&uc6?{NmpXYD+S#q{gp_jBHR%=r35^;xumMct>np!QMe
z6(t+uLws6as&wXv;)-eRnb0sPzkl1o((grOKK2xQh&rbYmZMjE){rj9aLjUc>05#o
zZMovxX{pmLO)}EbLzTPFUy~x)V=t!L55pulh7H3^4!rm(QHr!S_EIbBJp(sK2B>6p
zLs9|*GrG*dGXjr+R}%|qu}*D{U2q?0HbLWTqFNmtov|pwri~)@0-ZymH&8l0s_%8L
zuyvL91xrK}>w16~O$|&y^^z4_<j~HeYr2UunzHuY6FH<7F4#HzhP*xT8TY0Eb4w=$
z!}Y)eO}R-+KL!|&!@D$Fj}{3QC6xEG05UIhU^c}ogA=4$Ca5GZBpr&!6vW;X5HQ-c
zSh9xa@dm?Z4OD*0!d7&|Z>8Vz(nF%lgvnZLKT|ZZFJUm6h6@VoFWIv6U#eCgV;BsE
zT-wk=o(NaqbV(1-O^vG689*6hmkjY}p512yA`&7d6e98)q6OAf;I`S}1D(Y%V<IZ#
znD4){Wt|DMr4>>t#4A!IVIO+PxyXXF(ThKSs?E3NJ_&jcMoi--JKWM^!161ZO{MRe
zwtbWipt3<3C`;Q#N*Hv9(@-d%MzugmGEH&7XDymQ_1!_&EI?v#B~E<I5zN}wr&)AA
zFYqCbV14pAh{k<(fraCcyw0)`f6xpPxOv2{W#7Vc#$vB@0D{zQo#T;Aq6j3D7Uwr0
z?^-rZ7Hc@f4Ii3znzGSq&233kX!4{qg)~-D*6mZzJ2-GpT6Q(d7dj+rH|CdWVTe%^
z%^Oy`*UF}44^3r2@Csb{^*#FT!xf!r1O5yY&;g@GfA7Y3C*@Xenkrtf9_lp1TZX(T
zn@X7ZTxtAN0P|Jcn)XIM8OA&Lv$A>2*e`Uch8aXCl+=ph<2EL*W~^a#MjW$~*@_II
zV#4a!y|lX=7N5}F`TRbkCo{d<I3Un2zL>{vnri039k1Bd>FjcmRuZmMrfoXQPqAD0
zU*PsuH<aS%rbnjDZ6hYX&`m7B;xe<p>2G<%*miCa^whv~V8qvAti6<MF`JW^Vnk2Y
zbfdg?DdqvURKTMrd+Gapga}KHEA*g9d{eK&4xdk?cBh<^x7PErlvJB!Xl8Y^^L&hd
zEtlX4^^IZ+A?*R{0|G+c!~yBAL?`rolu08b-(bXRN{%UQLujN@hWt<Dn`}ME!-m+$
zdp37i*y32rh9q3<^w^srykcFbU9$(>)AE;(p+N<yPIWo9Pw~uz$(B_&x{H-ZP@3Iv
z)-dzF&@~!nJYsYXOS;bnJ7(R#3wnQ<s|~8_$;*rPA4wT+7<E_l+FL9c0o3*9XRWew
zSJY!54o~*3<cu^Z80_4mge!%~O(@TI4FM$>vU3B>2t_@jVRbbDj&AyKCUfi1uhqo2
z*8AXDp^wh=(kplviC=BGIG?`x#DzZiE<1-ua))&$Y83GZ{_q|-u9h~K%gnAIn$NDN
z9(jp4%rRmgHYPH1E{)wB@`m-ZhDt_~;O$@uRO?Z(KJK}7YB9UIVP2U<W|%mL`N=?b
z&@@%ktyRzA3KRUwd7kjp9AkOe#5v2O7wj%AZD6k-)7NQ6N>kNvdY7h2b=wl#V)}Pv
zCb^&;!A8i;##I$;zsh71IuX^T1J(jGW|h+qdg}*v!Wz=xrKXeKS6U~PFsZuYqFM9J
zDRZIOjirwThrLgCisQ7<_Nlc!eo8o4{)O8H9eX&9anDnNCCH^5KEy^u(=<~)mm*eG
zY%F)}C9yI(dF)QNzQ`<zGL`}P^V|%vrzA&-TE_#O3rT^EnR~G#OnIA`U*o>$JSx}V
zzzOCp6lPCz7T>9TK}R7}V_Z$aDyBeDZMJJSUgc|duDY96nz@#!&>0^g^&s5-KogI7
zIi9W}eOc8Y**CZ7&R`g-+8mWDeyHuEg~L0r<)tg4UFIfPF?yf~?s4(EiMaQt0pdV*
z?9_qa@yWM+#)qu$)XFqNWf<s}Wjc=J!1T*aqv>DN($|?rEFV{`VZTQ$Kp2=q@@vFj
zzW3qL*wV96e6q<*iGkd1j&gPEx;;Upn20Tjq5RL=Z$0uhry3VciYJ*Iz23R1I4O>A
z6_I0@gG*CJvTR>yD~(8kQ(J^Q36(r7K0sCHUU>g9?I2eTBUapTdu5kX6fQS&96Pet
zBan^Lyv+C_8pg$$BZqO>Ci5)(LrdXn&r?A~#h^%PW5ppE7F)KcsCxmRpQ?qppT!6J
zMZDA<6Y?2~qZDv-lY@28rSGrIyN?;a?r*4(HTSs422uGnpW5QQ6WsvzRxQdm(Vg`P
z=5KpZeUhnK{Y5qxFc2Kw_ga;y_{IWR9INR4t@vo`<BhvK!G)tZW-#Yq*`LmUF6`~x
zNwv7}I0F~ua9z3S>bfO(_N#<U%F>;P-uy79K=v6EorEHSu<b0!(Iz;vIge+Zcxud~
z4tQ#v{f}QM&UCj>jjYuA)#X~&`cxlnh+h~Ezam#~luYI~sKiBQq*WexBO4f0Xu;Bc
z9@Ess@#?F)yVh_oC^d}@7!ebh&P^@8C4>Z|Z@zXv=<P>*%Z~v5@#0|=r20@o2whSD
z+%_n984u5Mk(pA=&hqG7D>yby@c|Hr73_K;unC9NB5_tvxW)@x46i^ee^zpGE4}yG
z&r6*k91l!X+p(!5QbnBT5M~NPZE2rexOE9_?0_P@z0Yt{n{SEDFwkFvy)?sL0co!g
zAlzkVA^B~m+B&%jg)dtiG)LH`x^zL^D8AUD_b%oI6}W%?ot6}oNL*^|dqp6;fVQ9X
zapuAx(X&zA=M=o6xg0}@8B$*8)J$fB33Kqm0bmfD?~K{*RStk_-?=Y-Q-g1bXaI2+
zKO0#j9Ef1zhk>{N_$2}~Hh3?|<G+Xj{F1(7i>}w$7$5U6s7YeA^LlmL)7z=v*CTyB
zeO~63`;LII4;MA@SjZ&O?(kUO#Mv}v>gjV>MrZ;n@y?FMmk-QCLfs?mz0i;PWpK|x
zlgtSvZ))-_SH}$3qu{0GB<=t~R}CkC2sl3cR`g}U-RBptF>I0(V{}M~mK_!DBjj}>
z=4L~DgqJ8pq4JD*Kg<73zCHo9>n=4^XMb_p^Zuk*^X*p(R_Zf@re1=ss|u@TZ-!Pt
z0pa0*F+UDk{W8?Uc1B;Sg)Ew~_VPr~-ZszA!no|%y45RK6g5mn8VO%h7+yYx7asQR
zLr>YL+uLkRe?|BD^*%%!91`0_uJbogF;t18n@;(b%g|q;shZJJ(GWy1!iSD<w3$RR
z(0v1FXcb8()*3BTD^C7U24r+!MKVE<e4qN`D82NC;d8OoZ2`N$+#U2i>DELh{qS}T
z1+1_7Wi)Q%OUe6d_WpxrqLy*bJ0f$x8SGOl^gB^&1keY3DzUfF%^kuDb5*1EdnP%k
zQj9(jJR;)B9kwQr(%<$Lk7!X0`}r|hKXym&7k|U59ShXO-n^Rf*1$#N5;PPZ_QIo#
zEE#=RE(_|`VSR^~(c0%9*{mPETxDh3Bx7~gHg0m2rHwlLYRHzn6MNo?+oc{nsqR-o
zr;t{wOz?jFe(^mcHk<_Ht?(w$VH=roF!$r)JBz*b8pon{z9Lsf_P0!x#hq^MLnZP@
zN8e=HTP_kA*sfgw(ve-3;0ypYuh19K<jqBXI-)P$9N1^i+R&ygiHN~&9sWBq{FxM^
zPbv9xK_?KJP2`C!;=Mcgl3O>;d|HP;rDz&Iq2%<Pek>k#-w}IPv`CgFx)p~7+3wKS
zAsy14Z%Hy6TR!40s=tY$pPX|b1hVNe*iw0LE4e;3CDtyrom7HZ4?5|y2XQSyYbaR|
zZ)(qLP4JK`NQ_D;-<U9&g%(BZ@pjvv6>siCTfN}LzUjnox!7T3zjk}ojOqab01-Mi
zz2NRO2z820RQjPTf5NaEh3+~4DJXGx*3J-a|9(QYS_s#u>=<^1?va9$O1>l@HW;wt
z8it_`hz({DAd1z_{USD4@kM)zC0T^@W&RsI)q-kcS0ohAXy-B`-y!)uRS&)X22_*W
z`Zuc$#how3N}jwDG9)q*0R_|eus6P3lP46|XrT$aBgIuBu^V`l%q+ONPI~(65Da?K
zhB>UBsB6B~`_zsSi)y<s!9c*y@>o`1t$9qr<Y7MH)B|>nEw49y@VvCOkGEFdO!zG^
zlT7)iuC#AU&7f`bA~ia5cf^JZP40bVAABB7!)F1O;pt~j{!+On`~>0H1R<<%v%9ZH
z`XN<gsq*1?!RIsZCY`989tl6)VE+I*3Io%%#9RLq8-?L=WB_is+p<yqy;O#qYGYtx
zyd=C_`v;IN{<7iv=ik=Az<iZW>9;$+Z(;q5N*+DnoBS>1<!^nD<;qe&_OjBm6JGuS
zN>*3@e{BEpe%aiAg`@G`b{qdYexHT$(&Nqos6<}=zx3O)F#XUkW4R)5urRRzTfgsT
zyV}qGOZhgx4>(?a$I(C6$O2^V`YnBg1xU&D+pRx;@1Ob1!usn7$se__02*e1O#l+q
zFE#*_KX3Q@ENmh-M)-aAnqNBAFKz$bFMCx2`helemH55H0F*9oRo_dDK<O$l@A7*<
zzW}R(zwBcHN<W<TEKF=b>6iNja3pY*(qB35FTV%$#rK%mt2zPu0s*o=Y60x}UDony
zA7BqaI`qdrzy^SH=U+-dTNwV*7Qh|=8|yFoM1ay&TdolW7;cGQ{h31izn(&z;fgnR
z3)JVo85seDxdS8a7LELqLj6Zjs2Ohw3@|cXbINH(_L#L1-t|A^ZP%2+^pi26ghYK7
z%a3uEWlGSpEKS8s#by*$Q_9(Tw_c7rbyqVyq2|nfQxoi5<_$ukj@{Iqm%1c=^mAXi
zxma}4Bvh5HE0*88JPYuYuHEy3dngHV9yQ6*j}%aWNHWE6E{f54jE$td9=TuEe&h%L
z4Z@ca5+k2`MWjQuiEu0Uo_mUC!hycg`JD`RVUt2$&GAGX+puv$Q$CUyL5fJtd@Q$<
zK6BbO_9ScRhrCW4lx=4*dgbP8Cjv?v$rNZG=&XmjMPoIFlm|JV2kyE|s35$O`*I3a
zo@MjohN(W|PpHIS=b(RN^4Xu3?0;<l9G#-0o`b86A>kES^%o%vX<Y|9Qx`%FT6%hV
zfNBhA&N5zpo1XB&ueSh`DN$29dj}yCT{}X0IJ$?rzkL3c<TgMn`zJWrSECGgI{j)E
z3`9SDfBIa@Kl@{j_y5QDKZb+-ziHWjm3RGP-uLJG?Pj_E*X{KG4Cng)dPn?`?f)Bm
zYe19e`;){N7!}{=!Iz66fcyM?zNv6+O~d#Tj`Vj~pMR2{|Lf%Es|m|3mJ5v6iAR4b
zR{u`L>dWNvw_BH8Ps*mOzyaigMOZt7^Ww+fMu|AIAd4YBeu5iaerTgB#0-h*9oeP}
zCgbnJ#2rOlM(i>BD&Bc$W)tOY%<h|_x8nZ74QBk@x=(3b@DgKN{bhT|qx*G6_ljO6
zgyi7B+f@aor9Yu$yR%#8O|iohxk4i;%Kd5#N?+xvQ3bUQe^^j^J`JQruLUKBh6;^=
z^c+Q%db;(<ada!<u1y4|B4rA=ZR_;2VkY_IiYeU<md)^^Hhe_#>5mUqh$E)b*=^xB
z<_91ZE$S3&9fUud#W3?951gpdM$9j%9ZTm_3I>nL1t#|e$2&F<)+C%oyz-<)kB;k^
z?z$%<G^8w{t%W?mr8N8@F+|qngq+f5Rix5L8`?K+2RF9ZvFn8|wx&Uy_2j!j7D;0&
z+M0&RbW=z(X_3t?9&4dDp~IGI1J!E5_G<~l*6${8&0^5aUYbYlY^)e3op_#tx63EK
zylM4uOApJRs@1<owVD9{!*4bA|CFu%Q?}a5;Fo-$hE@ib&m}-D;&y}QPu=R@p<Deu
z`PFTn``7uSe+pOse&K4s&w0xc%yL~AMXu{ozqWCW`XCYC_f&G+kKyT4Z)8uo8UjKo
zb5%JhK^3I)lb83|{P9VRl9DFVzAPPl!nx=D+Lf9Mf!-vCyZ2!6zF<TSD-9jLDRwp0
zx!s*`TSn(DJR7qfokyDBTh4k*Gnk`kvFqDD+p47>&6(bA?0%M?oJ>7=2P^Fz%7RFN
z_hO*JhE7j#roY-6eVdcUedm;t7b8HfjZ=0)yvW8$FdNfISjG4e`2PMlJ@YDo>U}Z3
z_jI!o$HE_IxT33R=}`INpB5>;MW1bDm=*e3!?8QfJMo^8T>cTMVKXIK4ecxZ)pVJu
z#(bUaWQP7^5!^<C&yQ;AhY!IGMSZGnctHO&iTVS;Id<0Xn3|xVHGuN{Q-ZbMJO7`<
z=Kjr+wclZ>E8*JzfMo5z+g<#>D;oRrdYp+-1aNx(&x*$0>}I`MpI@%uFKzrCvc4(-
z=kk4-^1XDq(*NN+y%baZK8?HD2dJrje=c8@06Ep~&y(vg0N^dZ)vWJN*XDoUwaN68
z+vV><HrIWd(uxzd;6SEaRdi+>wmBmH{Z#Uph+J<60{-ZZ^Ewe<e@$Isc_6dQ>|0)*
zk0_Z)bQYl4v}gg-EnnF>`ey7<6JxBDhG0iXCvCDnlOP#+r7srOh{2LoDd>Xha|-u=
z<ma;5W5#aU=!M-4zOUcURZjsf@wqSY#FV`ZDPU1eA5$OMt`+f_jS-oF#tPh{#NEhN
z5pGHE`}T1Bi+4~Si;=z_xKHJrg59d<m2MQOq5QO0q+Gqd3~iv}VG7gpAR6U6;N_Oe
znEny2-DRQ1RA`p8M+1%J4wzyIUSID&rkQ=INVz31)R{!kVaEgUqNH;t*72loWpP<w
zfauAIRpkTt-E76NUa`kGOwLpyeNrE5xX@`g;op%63_~(M*I9$*ft#P~G_%!%7fYxB
zQ#6rIm@zdwchy&bh+!92tvea7R~N(tAAvY)RDG1R)~G4HEMG6(ZF3+GuA(4EaIz|M
zv{y<$v?+WzZ-TG0c`gymqjk`O6Vj;V-?x68a8|W>Fmw(&$@G%_h9@P!gt*<+$8kMX
zkiz%)-;>MuU%e>rLnSdWf;@cs*BQbZvd4P-G!oImDpC)W-0KRS<+uBrA7>Xq#&K1~
z9S)W7`C3ChoUkpx6q;P`=~~-S$q1)Ic~Mn6+peZk?f$@d>7l{qz^T3M){B*ke7Iut
zZc)8gVlS58_j5E3u?pO)EnQo(6N;7JgCd>Md1S)kSRNLW&7;=2g~XU%%r>kkm|Xgv
z8x%FP+_aH4bef$h^DXj&nm)2od4BCVT_JxPPmej{2<2{hXWUmj9yYl$DYW|_nzbmN
z<0V!4xP6w03Av-0O_U%{GbNaDxX2!)_!Oq!4J`c>>#HmE2typYbN~Z?bG##6L5<jS
zq(4?2Nf96Z4k6)4;XPrSlm*lP%1I1<^>R~BeAAs)amXUHQkw~5F$0@o5yzsZdNb|F
zOC*x5ux2U78*tkq!E~JnCg)_y%zkKv9;AZl>_d5Ocb2OQ&UctR^QMcbQhGw4KB+%5
zcxP4)CXivp6LdZ{2lI_?@XYfJ9L1}u{-*By$u0T!E>Onn@R6bXcTqZbIJ&Jo2#AHt
zNct!|!W!gY-n3v`++zneyMj7{%xLYF7fE-S7LdgWzXoLp=XyPfIDr&NnNL57ATP8D
zA_yLB+qoywvp~#;lBBXQ=dHJB6aQ+~tuzdi)Up8reVD5<b3o)GFGr^pMP<kOo8<dt
zmeIDbEaXi{$7Ym|iKINNO*oESx+y47ToSH_a$n$|^*1v`#EHrnKMvUoZ!w^De)uBW
zUipmzqFYCnUsi9k;)9$8n@{~|DB~Mjm}N7W9T1T{v%Y%fN0GC<1bW8Yp%7DK1SAKv
zzJ}{-O6AUOtLrJ#ukB6<JoEUHDLgZ8GT={B$G>a9KXZZq{#@V;0JrK^cN@m*iCHwS
zEpbwFDPds*Z1uLXkXH}D4NTYJ%p~6Lym_L{BM8SM-c8Td`t?(NQ>7?$=H}D~Byfar
ziiir$M&V`K!Dn9&GAj|-;-7H9ikUDwuU##1VD&-vNDA$@s4ddtfF;gHwyP!1V$lZi
zCdQJNjUZYkajM^2BC;l!Ln<<eWXlN^5zPQcT%IRr8AU>)#?920xytNZME&qg#JbAu
zJ}ijjCWCzIuh_o{c)`n#uAq<?t**4dauLAuiaySO;}!cn2&rv9)sqxGaB%p+ZkxBd
zhx`MJqJZU=mx!^Z-Sb0utz}348%E|&ruzfdH2)UD!BuwybH6_c2f(nu&FjYe-oO3g
zzm(kjx7GdaEx#wJ_usDNHhca|=KcQ<y1>t?;(zDo+a>b8%`aYNasGd&Fa9$Lyl-R2
z|I{&mD|I&zi~!tYFOi1JvA}S(RJ|$z{mF2(%(*H7`L-DVLjEsD0-3ZKn6Ajz*Qf~q
z>-$#ols_?v{{c+m){dX+0jhsS68^(TLgvdS_iemC*LAivBL&Rc2vPhu&x1LvkV7^O
z<lye8Rnsh#O?;~4Ygr~mPnIWJjC`V9r3=qP!99Jl7q;`cxpD#RJsVPWD}*0;2YZ13
z1HdCeZp-ew%W7G;;lwEa9>IAn)yB*eM$jDOIDL|18?GS+o`)Ca_yf||08B%leS%|6
z+ff*r0@(dzC_JR&yrLjBCZhMj>lz838N;3cEt$Yvm|ey5$Wq_0l>;Zl!bCVL&WvB1
zHjLlyqA_e4`ovIeIe#ftX?0tvV!|}*gTW!ElWwo{>QR-T>u0p7Clt@rUX*)*T%cMZ
z+%P%+>3;DCOwIws|7VZGKgR~X>fApk=QmGIfq1unx2NJi^*sEu-al@(#=^#Yv#;c8
z!f-ji0FD4=6jwCJYcmSwpPakj^NIm;6joMdfaL%8U?v6z_Mg*_xuj0I!^Uc~$C>cN
zrRS<xE6_RBj9593vx-};<6?atZ+LFCt{{a7WuBmZGOUj02g?v*`N@Eg6-p3Ka1<;Q
zEzned9t)STm;iy*z&n%(<qnpRxSo*j`jYmh#5*gp-HX%RzSJkZrG*-s!=8@Tll6{8
ztGrc+^dKP6$_^mKGCu5wqftm8Wf;Pmm=BLDGGU8_*GbKuP_t`(JvqWAa|@V+1Chpq
zJqZEHe*gl)8!|-~Y>-p%Sdjhc_-59jR8FVa(>Kir6d<8!AP&{-f(0K&Bl+Q5z?gB?
z-l&ZdaPGRCFzk5|%q4W7`0SIen}Njh2!>-yp;IGI4ezrJdLf2AdT8W(-s5gvl64MX
zhY35X<)JFoSdK$kPTEwD_g<T6I-pbufjCeOoGTqUXH4(1f_!K|y(qWHljC;3R|^I*
z1X})tm7w?hi*~x$DOE0=J*D?vtBDaiNG-&)4}1Jz#?}LrETW>1$=K47BKiHxGq{}?
z{Q)gok7BVjg)yDTnfyJ=kaRkFv+MdtX2m-DUxepY5&2>mY~t_bW`%wltGF9!ZTv>+
zE_bLW0T0RDFQVgBN_}qWkO3dvafYlh++iEA-Qi{r{RUn%<DWw6w?27u7iJ>DrD@Mg
zI1SWUF_mcxITPa0hph#E=HAmYP(^{ZkS5S?uk^*odzQp}PUP263P)PcK88GKSD4}b
z%0Oz%gTn;=@_80{j}Pf<LB7xzrQW#m&4{0&8DYp-8t_*xG`1i{!DPI-ObGlWp7KGa
z3w=Y$Ea8Q6y6fRX%JZ-x6hq)FUFg#WgtOj=Urr`JG#2i@2LYetJW+vcCN>BPi1WPI
zHkY`2=92uW{T`Hed*~xkOnZ<X-^z)zQQn8b72a$p7j84Ys&DZ;peKY0G81Mybe=)Y
zaMD9+wMQ`4w;<Sqbkh^7#Wjb2SnE9Q|FGvc+B&08$^>%pZ2U~TqM-mAd<&w-N5cj_
z*&d>QBX2dyt!Kttbw>6529R`Z6lM}+B$I7zMSlj#hHmb$4-Gg!)Q6AD*k$;ypQpcR
zr9hsoX|WXNHAH+U*nsd^I^_Rr?5o3~?7DuXC8Z>#yP08NW&lBukWT4tkdhKmKuWp<
z>F$*7Zjeq1X-Vk@i8J_q=XoFDJJ)sQ&oz7Pz53oa%vwJ^&G0H+$~PvdSd7C&K?g%E
z^xLSJU_I+cNTUVVu5a55N<Og|;7`89F(W#qjr1I&!bG?d7-XMWG&B2NGB<nHQ0(D<
z8)8D?H(iZB<y5Ki+hi!Y(q$9<?E?FU5q3z=j3~u3=Uc(|7dO}omPe-p21h4#pVY2-
z$*6f7AJb|22XDBNorFGfBoy%fwo#|;)~dE(GPvd`#be(VgE0V4un^3gaJEi#`h0=a
z$!Uyrm~9?G?U9b#Q`fnUy<cP9j`byuxvgt7ZJpPT->jVxhtnhby=(biU2Ah>W@ev~
z#<BK<sxgnj6=!}MFO?Y5_*S{T;ky2l8+x-?y8s2$6`jdXws(5_C2lqeZZ;$8s}|z%
zye~Gpvq&+s4NiMsL+X6%KRGt}USGRiYNJ@rYoj=z|8^4?FW7k_Gh+X;At%kAZ?tyD
zz{hq=F+AWC;VyjBK*Fyg&l_!0u#HX)@j%8%G7?IYP)iFKwH>pKHI=qa=$f@^M67WJ
zGTa<ai*fwqnC7_~FNh~b3x-Qvu>clv?O#N?*o9so#+A}rKC0iQSYwK^5xqbKjuBjQ
z96qg>?Zx2B<v)FL#C1%63Asi&K06R)tlzgf*N;N&dPn@8SQqH0&=lbkPiLB?mY0nc
zWs}LD)b+Edfl;Zc&h12^BudoEb3L#T_wZuUUQpX{YmJMjDP>hmX7YPCH)e;w)iIGf
z1#eKC-lo8d?qOMYjKVkIuC`+F_4>tWnr_jL_CL=fR@!8(1>cpV%u-}{k0I6UAMXWN
z^;b1t(+$<+zI7j4Xg&MrtH-1kmKftFo2CL+R<_90f;^BKcZSdVOML^1zLBW@NatnJ
zaOA-*YYX;#@cwC6Io|W>jp?}!E{f-I8`Iv&7{}XI!-U)$L8R9)4fOc>@}o?ipLgBS
zka<zCkNYlR`=$Dv_WbN+angC~b^daZWm(PA^eX5)%mC3-8=tbN1u=4}A<~m$|9QuA
zwU0HXC<^mJJ|*=MQ=W4T2qU)X(&S79p26;fZci4yD52kThK+kuv&Hhi2adPqZBmjh
z_8?pJAQNqkcJ0VVs6hMx&0SNvhDExDiO8SU#sdK;wFp`tI<d1`YH@cdui1tDcDS%r
z2e4I%OL9<);OgHY*At2f-rDcrm!iGDR^Ay(DHil?lr7{H-6Bmp*hnxJALgxAdh>GY
z<x4bl(WL9SYn;n!*+wb8L+q^pE8(Dv_uEe6_U>*bnfBbeJ)Tq)Ej;?a{FA13L_U9Z
zS9z(LYER^qyktUB6A;P<S3wspdx2?}f;WT)Kn1!x-fj-L`%+xLM@#An`@Aw-oXsz1
zyY#AuJA7xO=M$0Za<Qj<S5g67T&XyK?tmZlxFBGs1N4?JFNE-iaPerLe~w2DLQV!3
zg<lwe+}HqA^0~>Y7wV=}Nd1LZK$p%k-O&&jtn>Vu$RUweY|n298^!;noWa?A*xYXl
zBY^EI1jsdDTY=uY>ND0W^@1=DwgRP35pD9hZ?}jXT1=hrROjThPH3HoM_sXZLdC;<
z&CIg)h*Z3VFoq*6ydg;e9|8U=$Js(XCR8oR)8UxNBS@IjB#+`|OSSj2=^Fw%jpPZ{
z@Ywah_Vc1Nfgklw{Bpu*o(Q23N48%^^|lHcPxc`Z{Zd*e)8(Z4R79rJg1ocAlMLtJ
z&pozL;yd4ARASv?on1QVRY|m+6OC#`s<F*@%6V`UIfd>wW-3enWCg)=W52Z6d5YfP
zdF`x}sbH#Zz;dVwCj|z^J02?=zuEfg%DoM^Wdi8SA5_1DOax@UUi&eG+6&+rJez3&
zlEjQr;k<Lu`PiOd(_r5n0^Y4T>H;_M+ph(2$faC-J_YauvQY|9C)1h)gq7%6M&;s=
zmcA)TC?PEk=@0{5+V{lM8OacAAT}(KTk@e;+SKKFx0|HVpc7Uz*Xl_`W(H|(j&;{Y
zrOAdf5Osa=Uj=R+dbYX)8ta1w+iMV}`WZAmoX^-gh)z3Hi9#Unw;~DOw#KR2EL3b(
z{T6gyuWsf$qTEE$9R46<*2L2C&X41bRazzY6L$4Fp9vAeGL#s0?R0%Ghq`2U9mSq&
zswp4g`)B+w76fWS>J3+MosLF*rAt1f<;#qBDzo8z6_I@Y{_@<<OgBTh`iXfOhrmnM
z$?v5*N<KW~W~*u-yVWV_mX26ZPp1A)Nyp+g<Y+)${Tf?mw4NC~LSJ-oI9u!17@l4M
zXWX$S?g78^^0()z13ywOTgQK)_%|noQb^$I1nfB19AE!@^SflyF!}ntu~@6lRf(O5
zbOWdHrY~a;6SI*!zuv{osjgVH#AE%)L&tONtMFtKf_eg6*C&oPWOFk-3}E=XQ4$?#
zmty3_DLiZ!#u+OR96N0_v9WW-^wwB@{W27M!bVE#hKb|?*xqXQxuDe-xZ)iA9Vq_E
z9#n!l{r*vB+Q1@pIC&G%fV+^clpG)4_O8D5&c?#%SwW{}b7ixkxE#ym%RMVYE)54a
z2eGqN!i*ySeij0Ii50Zu>-`S%(YnN;8s@M0FGZ8H+k<?ieBIjIm&%g#7^)(xA{)yu
z=3V&K_qL~}>+OYRXFlmiFg*n#y?ZhF>2aU2;zd?$FpyWt30ij4a3RGxbJOR36{&F;
z+FkPeJ-ge7l_4F0lkXg*q}KIYEl(pF=h=p|s~W=SdyU(t!O3-I+x?DbeqY_!<{ME6
z7v#T4nW`4rLOQA=xZIEj#)Ax|O-dd=_9Hy50JRqF$Y|ETtJu?ZR^`~(;5@D1Btpjs
z8tLyau#-X!ReFy$An#A5E0Dt`mOs%-2mXHebPhoa^@r0~HYtxylm3{DslejGQ<sA<
zie~(oQVXYOdgr5^ccJ7iXI2`WOLRJvHzHSj2S0p{2!N?wEmWC9lw}_{urWByrbk^r
zB2*od$5ubJtK!-5<0Eizs(AECAC7mdbG-`ucA0CicgV-PN73zLAKY~huPz^>x%g%3
zrXSWa=m3kye`M#KhM0}!?+vB*6zcE%G&)!GB@5AwS39pv$734KW(xLnU7_YNC$GY=
zGI4XP37<KzP0dVJeyPl`5_BR=ltaOYkC+|d7oPFe+OKsIdS~Rey0zZVAFL=M7Kbi7
zIQVr2$8~c>P6uN_qGF-Kd@PzRfoBf!$ykMlpnH%#d_8{Bik37$2-JLWS}z{jbaV=J
z>*2_-&J4?R*BuGB`{^e7#)moxapS8&DrsUv0dE9S?|QoZJC%1HVDB=qGbmr$s==go
zVAJj~N}=xawddi16m?z@(T0!{x0|(?dW|NJv21a*ilWHi1;JwF=K+>kZM>xfma*s6
zJDq+`S$QYI_4Y_*N(|xDEN@E)CasaHp8lBVg7joN0!JKM&8%#8m!GL$Z*NWv1?E{D
zP#w|?nl59FD$bc*brPY$%YX1Rp#8aldl}f?`gWUlc}9JivFrWDTe0t0??DiIjYm(0
z)J!P&z+1u=$~U%hN~DO`hL)?lHnl+^BSbCZGaY6;4iV&1&}|Ecj<oh*tr$4#Ib$5^
zB}LMJCfgz9-8#1N@^ln*!T0`Ezk>s+-v2&JzM76BCDu0G)g=6oQgLHy)({fxH0)FO
zCYh8iTmc>rDPmi!WB5wLO;n?&2QJ+#NXyq`c+{VA3x|=GX6XA?ga|mECy<VI4q?h-
zn~l|xHzdpdtTd~<{Fp^f%EV-G6*NE*fhC7S-XmmhEvk@W=L`sK>aQ*<nF~L%oYmf^
z{3S2W6*MXGCWmY01q$%&?LqmF(|FkV6FKl8<ri#*kp3NmeNN&-BzBUhH99PP28vsz
zgI-#@e)jX<aY~v`8sDBFcgYFTvt2{uFK7+nNE}7o=8MLa<)Z?!hmYBFyCVn2(VgbT
z>ejR+*?-v)LkV^!SU%XeU5)AD-UgDjyYKJ3*>zo^<ac3Vg8I^$hKq9`2omdzjE&5T
zn0j@h6Zh{%7rEKqws|)`qhG8l?;<AHb*?v77&?c)ezfl6q8ilK5cI3AtsaFH^8Upp
zUt@g3=18w3`|;KjxzvD2zoNi~p-&;gb=ZVJA89J7DOw}+gzx>DTplt*@$=m1ldM|h
zW&_LIQao)T$06rpU1DoulU>;%+aUv7M<#1S$Nk5Htg-5lax;^I{?BlhY>o{BzdG4%
zQ;(9zWg0W*s#&e;07t3)diBRbU(A(HS`e;VxefKtr~Pj@-)>9CInCwxo-_;Ev+dLk
zmH&)vvYy-G{#1NTJiVN7^I@Oj_mSW2a7z6x_(odyjB;}jWXr`XC6+rI5|~V+$=5PT
zaLDs!%j|n==x*Qp+?P8ajvaPsMNy^#yNKn;Ei0xbHErfx`--aP4-aB=KO7zq>b4l#
zG`k!py$fx+IGyYG)v@P)762}x3J%6miKsUdTuQ4SuK5|qOssQ!5?9x3h2r#>Tq}4`
ziN>)^$99%-@A^`W?8-Gd<h{w@wbFdKAHT}&em5ZvU&)Y7;lgw9yxkfS^7}5R&{h07
zqBb{&v>pTL_a_&X0N-u*=cE4Ug*{mPCXZ`u-_PD;drR|p!>O53Jb$0aKNEo_u0ua3
z3E}U7dluZjgW#q{q560@21&e!47oivnybGOj?`pjs)p=M=_QhbyY|{xadQRFWsh~{
zYVp_aGJX1v6P?X27yYEij(btX+NW%z=%MM3`jl2GA4m5&pRNwrAi5kWROF~PWcmdj
z)wL3AKWcm<b>^8|q;)yjdd)bjsrBTz5S`d6Lt5-R@LJO0CHbvbYB!baXRvYi2WISA
z%BeRUt_v8yhzLJ9!jlkB^!DcNKK&)T{^>+jz`X7vdZn1}ot)@dtpzyIXw&0Z&ZZgS
zBB*`Rk^dTon+O`NTHM7v+an{I;)q0YBNeTv%Bt4>z2dPe&ecdho#eaVeWeZhG4`o^
zX34sx6RXUrTzx=>(ci?DcV=y#xLdB!J^IIV=2&EPXX49GQbBrWxT@N(T~Dr6Dd;&c
zugI4d`{R-puzon*N>w;=O|6FX7*Jj3+iaJTS#Im0*EUO=WhlJgc5v(L40%2oz#dq4
z<l&abAqYz7aW_3mexB}U7sl`Z{FOD(E@&h_XV-0*!nOH;h4Pxyjm)gIrv1_czoIN*
ziqXUvT&~bF<3p{|^?^PpU?^vWl^~LbVpK!^`$ei~dzX1Q67ixQS3y?XTu1(`^;B?^
zqV87@JF1t7K@;m;6_0gZI3w&6%J0t)cD2kb6%EK7uVv{mRmE04VoyI?4vHrzBLs0+
zsbfVO5{^W#5CYf@uu9I^nB$+R0+gju-#7*(bI%x=@l-mi&1VOg=t}tz_~E!dOR+!$
z%Z*t$`=0D%e>jrotB<L|XBQQYDT^s{0g<~yckDiJzxUZOlp9%g4sJ|#Vk;ai&icM@
zQ(kO*R@gadM~4n5(?b}TYT13s=i$7UHrJtAPk!6Uj_)639?$iAX&}dGl-hKcmW}vj
zPM2fPXEMF@k|sxYO&0Th6Ah)l4@PpkS6B|S12*fA4qI0%sw%67Y~H+?u;tYh(i~G+
zqq3fDm1WOq{Bq^BsplA6waM2@nRLmzB41Fb=y=s`gNU0eN415nGA-oRItm?oMiSJw
zwPCesr9EHOpxsNh8tQbeG5zx$j<<wimHtWJYfp)IPSiv#V+?l9%8PHaN~bI#J}1~b
zpNOC6myQ<uH)|V|{&1Nncj()k)i1jVn)-0K_q>PiQ7$1cf+#fQmIg)E*cQ&0c2GZ0
zsRxl{IG0J~&<r8COV?(L$op+_gphGdER6@dRFW|L@JBJ3QXa0jN8{*muY!B|hk7!B
zdV>*yF<G)ycxEp$veh(i5>~6r)W(aWLMWIef*o(frN&LP_fMa_#rkK1Dlj*kJcki=
zX?FHeu#7UYjQ!6c<A2V^O2B;47#`3uwS5$9$&7IN?807s3m@o-46+FP@_T``xxALx
zcT$-OFMu1IVrrQUG)w-sbWYV(@P9U+oIDCHQbsQN_vVwyRXmTje5Gk8C!LZ@L%yY2
zg<jRNI-<qBKp^4ntPA&+t#^fO{1&oK3{^%>gdVP!jWZd+W15ZQ|1w}F{P^d~+I8Yu
zW#k|K{_>5kDZ`@^VS3zO+x$aQ62`+&@f)pZUSH`{xR7{*oxQE}8`|%$_g)!jYp)a6
z=VH{Y^`!JE=7ghyQWca6y^q%ZV-J_3L9W3JU@Z9G+>JHW|2g>NG}&}J3%HT=Z*{+F
zR6PD87Mq4c@>`rQt?B=ktH8Mz_m93+M!hawbjrw5e;s^y<NhCOEO;cBrhH5F__sA&
zds`m;(TS7@G6Z>H%*pw0sV2T^q5g4`%2)oOn$O?#R{!m%34RdbpKm{X8sx%KAjTN@
zZ;X5`Pv3}+qb7*N+09EBa$5e~d{b~%TM_L})G^4N>k(&5p5u8-oA$1NqlM<UeTsgI
z<Lb84=TdNH@kHm`a?$(tHFRM(&u6g~eMXbL<@GI!T~95)_ae5}2_|IRS$tIB<-T&p
zHPlPl+nvknI^;rz>Wb0p7sujr20^i+HjQJdRs>Z1PZ5Goc3&uPwJ^j=DNMavYL+FU
zR~PPesPH63cf1lCUmd!!B=F6sKzp=<0)Jri*mqL$@aXx*Itu!g-WQ6)qnG;bkbx(J
z=MfOW&+FatOb07e?hP$rgcrTkg0B~I0<RoCr-)|t44Iz$A~tglaI9V9GzrG9{Kos>
z(HfT8bN2n*larYV@o~r@!sEUp1T#*MQ7lEU7zfd`piC%vys-S^{g-qi`6lN}F9ImU
zB<YwMfteOd)PlkOs~Cc~X~)3~7ZDhF)|o!3-@-00Mz96re~P0UyH_Z$i051Y1euL3
zgkQNDDvoqDWTz9~C^PrSohzVHzB<5r6(d4aX$W<v9+aa!51?f>cZV-!K*K=<xTp8a
zU1nSveM}K?gePW{nPF5Hrt?nyCMSEO<Ze`Eo17BpbCJi$3_v7yXKt0tB3+YC>&?D~
zy7RWk`N=bdBg<wCZi1Kr?sYzl6ClCJWm7cFzIDl~4}mFiky7D9BIhpS>=|Av2olVQ
zWmm#PUx>Wmo3XQ^nR+==0qD7@#xIi&e}1DPeHx)3gzAnn;o@G}!x3$NWx&?SL3iHc
zI+g`$-hOfv(aI9X*c?cJ#wK0lFu2#_VTMGG%;72J=`F(6)+^k?$QJxYoKB@$&X7^=
zlOsue2Yz`%<)>h?ejQG=%C_9zq~48ZNR@+BT(i&BE0x}az0UFKO;?Ss%E7F%8`;76
zl>IH+U(;-O`kNv1wSU92;K$jxb}rnI^d-?}(T8g4<`j;HZM!9Nf}2B9K%tmH{X=>g
zgE04gBfG8g$&&HRRi<vX)A%_p2h~Cn)o4|mniIOL8AaL5tmqd#sWK$n20HYyEMYR)
z!YUD3oJ(WzO2nd-xUcAq$I=f{-~Whpprt>&(DGN6HVf_=jvXt+43%P8dF^JTY!nh5
zaye=?NpCy*l&4b1qOZfqD|i~49Wv0H-u}hjCBs@hOK(3mBs!kQlwGBL%cxf$zY9}I
zCt<jdIOSD>7TuAEmi${e6)`&vaaq7Fc4xzMVuxB)l+?<phA^NgGS4L-uyUC_ZkQ!&
zf{ru}%_8%2cr7PEm`Xbhs$Wt}uT)SpYWwkdE=w$~U!R23_;d5eF~%yhW-oMb5s%qz
za#eymx|zL1#PnI~=zW;8v=xs!y=61RsCzRDBhzriQ#B^)3l$bR%*KtB4oA%cwB@7B
zyRP9KWeS#Sac2y4(#L9ovlXdxM`!@J-X?a^PkU?FBD}sc5(hCArf)b44Jj#4#J>>B
z8B?XLd!@{m)lcGpW}KJ!tnVA0MxQbp4Ia`ld;&F{s$92}of0eIevWv?N~p##%XhIZ
zGPELj%X|W6V0~u3;%xT>)?AI4QaCYLRY&ZcN`#pATbW9FCFxl_*@974?wHT>BI?h$
zVjJRopc!l~v=Iu)pmn)U{<?_7IZ6r^MB%~kjvf5imk0h4gdBm2xI$_sy)r~xogXYa
zUY~~i#LPQLZ3Ar*sCP{u+w-s%PR*sOz12#UA#{`QHk4k$Kow(CZ|qWi28h$LuGCC8
zJ*W3wW~%O{DdSC~^Q&2|3Uk4L766rd=yJAQUAl^F{jxq4LM`Pa%X?!z!9_AqTA)=c
zDQWLxTJxA3UIJW|iZre1LY{;SbGKI%lCj_H5^~glCgNzgVFNH&Ij_$(SUbe!+BV=m
z@x-iHEzsI&CNADm_}s3{Qz`Ot5TOi&UswjRaY9&r<1inO74o~QjVVl52PDRtJ!~eq
z0qp214;}ePGsHz`2ecpLivQeaoTfFp78q<%aN41!r}Yb4a~!of``N2E-*oB+6v~6m
z#l`a_e`kI(!OKmA%aXuW&MzeP6USFwQxZ-V=6s&jBXP7sw@}miWq4JL**Clvms7^L
zpF5_AvS=#XdG~`bKH1aYqo_4Iku=5qV=VRYUEp+=_u+=J0?FeGt;=uz48>pS=E`cc
z_wrunjB{&eEh>n;p|ct<8mY^)Xl(gPp&Dv2zM85_{EV<Z8);dK`WM?Pj3#MHO(uyT
zF%S0{y|+`W1b!Tav1OVkI4O-9Ut+CFJ7T{o4i=<ahYftemOzj-pSK#87`I><Qou(g
z`x*r(tSAt*_HHjI`uS`G$1OK|OmthvMMO7JZrV}uyT3d(6aED6LM*Sc6myXwT-MiT
z(Wps^#nW60oUs_E9}3rA5m|J3@v=B<MwPu9PK|X^&7b#D&sHeFP^lm4Ig0P9JoT66
z)8_H>5zwg!ALbRq^!!-0g<+H*n8^)Iv&{x_tJ?DaRLM^isus}V3Dz7}gbuBb7d)*!
z@N$#PJbkUr;~?;u8Z}`w`n71HU40HMs$4BnRl5C59KO2OuAbUYX$Y%@qc9&?fMgMB
z79^XU)B-6lS8KRnJEIj4!pB&=wwj+ilzH6!jX2Fg+LR**ZLQaclVa4LjXSAkEySX2
zr3blnGapC;*brlI9#f)wD#rm7;}Y=ZHd7gIFm`b2m}rx%1TD)4jWm_21iJgNnp85-
zuJC5q&g2u&e#v4AXuxL;Dr(EmClC>Ds}a%46J>K!l~z&t>5wlX$=-wL;*_PUO41h+
zYdC5kY&_D9grn4BcpR(DZR*+&Fi2u%+-Z&POCS6W+LAC7O(7XUW>$2}Uk1jH3B`bO
z%8;LnC0KmWP-d-t>iJQI34deUBBcTJR7rH3$-bX(cxECwVkXMAFkU_^G{g)MUPxZ&
zo5m`+n=oEP6eu)UFVm>V7lTSk#~3JrpA|I(wI1?k=%@{+F@3AXpZt+Z0Znat(5ICz
zjdNepUB-@@Bj4rcP3{zMi(n!uRH2?Ndt|+D(kwHV$wf4~WY*Gu#)U*xCr{x!{-;14
zEvCGIXy??-N@i|#dx^C?B5Idr1p?qNqv%ozH;7;a7Tq%oV!6Fibe4e63xGJVk>#lm
zg8<ZIm``y!o|-p_+4(0;s4}}LIGTZbD{!8nXndIXwOzCq9`wkFAB0=rYG>Rmlo{ZB
zvTPxn*q29k$&@3c@;D$kF7f;B_-kK7sFEdUBXnKsRAa_mMaGq1-<(}92<<2TYE*}o
z<A#euGUeup<m;!^0zWZwt!foV^Bg7lLj!OYa$Ac5;y+1J7&c1_oL@)GnGV)%=P`wG
z6Ghjp*4D^pqpvCxS3U|Uco$sPMIQ+F-5(TlOe<+^HBm%#wt=uDtO1~U8{)gFcoJ2i
z7n+y2`%`3+-y*y&XtXD`Dk_GLm7SsP@@Ye9up0fqW9_VnG5`TiuNJYsN(wq*w)3Tg
z5`?VWr=Pi8nJfBT&I$=A6ueQKRmuKkhObR3s*6?ey*hXmNA6RSs|y<+E{W=Tu%aKi
zOWAw7@n`P{B!NNojDP@1C7st)rl<ryHxAAn0_=UA+4TLQNn?wNqess&h%*XF@V~8m
zwUfdA=8J$;-m5k){!;RdB+;aXU5~C9e-=E)Uh&K`S1X`R=+;xa?p)nmp|g;0v=dB{
zvfd0Dk0FulX`?ie3@17P?a^|O3|?_H{h^K^{c^F-#jjSj61!7A`~1)d6XQ|@Y}zxu
zbTqJ})*cu6oaF;ZqyYGr!KHLBax;2Sds`XwbA7D}8b*pZaXtq0iGc9rdqk0S+tm79
zD^Rt^UzfjkxlHfiUj;H0<@<cw`A*12tWeliuJRPGtS~1xwujHs74}E!2w6#b@k87Y
zah;J=9MM6qY37qzpc2WM5%x}rrGQ>3vxB;k&D$>W5`R03-?{a{YxH)}WV@Rck{kQt
zxD$El;xx-&f@qu!nF&FB6;z(eZ{+a5#ED3gfojm=H?>gbGG2xCmIgl}^F+3%!u2N%
zlu#1mSv`=I_Al3{&LgOpW|j<N;xy(AmL{TKt|}W{dDX}89MzPc)K+4^xU|8ntm{Xc
zMVeY5?U%OLeh%=|OFJDc^#I=T^u)BELxJdPK3`&TWyS3kmAc5vzFAG0NhpROg{Yek
zn#T|xK?{`3qNY|o<EeS#-o|}iVK=PW#`t9cY&2#z7>?C)wHID`Orm`g)yf`U@$<(@
zWJbK!08{iA$*s(3YnHH|_U_(-rnyG&I>|h^z?#ekpE>NYwQtsGG)s?v4s@BR5P=df
zvs2})M`{(Wvh2pupdO=pL~+=BkwTSP1`4V2!;#!;xLD#}H~L|(BqF6-RiXH35;+sZ
zw#wyr#*tkFF+NI>Bo4oRCRr3KlQJ5QT8lfj4dH#Gp{`fW&c_#_ml>vWFjsn74F)iM
zlagj^8%8|r{R|b19yh`r6K<@^t<16G9_sO7G-V50MMz)nh*c*6{d&Hl1UxpT99-?J
zRqUd}DezHI@3-oA=~{M){1{`OjqyoXmTU7XE&gsU!)s-qZSr^Hw4{LEZDd0zS2|Mx
z2w90<JFy?#@XNk(Q!clv{Ew%D1Q@+#lLYe7_{lYfv^u@cGzMRqqA=E14uWS5CnuPb
zgL{p}WOJoO->4hd5i%g4I-IV4)`%-I2-tZ3wLyop?{W4@U8%%a)B+{bPfP<Lk=3(c
z660MF$d>?SWBBrB$Yybrr1h6qTe*4kqrgT6D=-v)rR(5Z=2%2v-khsno!L{7a=6#S
z5s8emzIEHV^Te1apSe{fjiY}pk9=k=V7V;%BHzpQE<`y5Nng}r=y!wHu~E-bWqLVX
zVtB@LZAo>huRcPbOY6T(m)1-sg~b6s>&Yj8sggo2yxxt5EQi>&YDJk|MMBqOIdbCs
z*XggRtJ^7xgGFB7Bz6Q2o}_c}lQ}SUu|_Mn@Z)^e9Hu7&Q<Iwt?BQP?xrQ|uVVitd
z6K34w@EKlO!|4*2Tr2FMBL3dvj8`i?lh{|wAkIJGueLaW$nf*f+)qE<g1t{<-m=w*
zki_ERGvDW@CQ2^eJdrrl+9cKDNjyP8c$YsaW^h9A;X8AsD8>-SEW9;z0LUU#ZaP0p
z^KzDPbHIcwJ;o;0daO(2EM0Slg?+D+L-VeouV=QgSM59Vl_@{V5gC5{_`z<ROWW3z
z;fgBf71yT3Z{cqm&x$_3+Q9GuVR^EzzUrbT*6&G}__d=^!9K60xK0AtM4AYf;UYdV
z>8}-$)pqiworaX9jHh6I!Y>UR{`&nDe8959WHw>1FEm*&4={^IlGB<$I@9>toYF=H
zIf+LC5>t-sLr|)XKb||WocJ=D^Jyc!rVyp_uWMNcJ}AF_Bac-fK0{(}ENu!n3O=+#
zd2d~`eN8Kikuc`uX+p>98RHJqgowP+JLY37QChvisZJoK4KrWzq1+^^!jsFkUV;$G
zxm;1dLGpy5bfJ17(tb7Wv5P=S%ExgQ+`nGYC6#p`mEpwb%?JWF`_|K$@byD#LIlp(
z*Tok!&o!MAt*5(P^B{aow~OUx!QIhXc|)uOO{Y8U;!P_CDN_>N3;nyMY<w--(PlSW
zWF}-yC)GtBjmJe&UtP961FFe;88vNgR|fY87O(|9XnC*aOHJM1(w5k{uSV}H)w*%$
z`008z<K4at;+%InjNTz6YckZ`9c^AXes?*Yr)PFh)lJy!{@c5`{<>b*F<Wp4=<#iU
z#p7m88-<zT$IiFwwfZx%$65|{CwcmE-Stld-ZsptOtENPy5EE@T$yjanR6MS==PN<
zekGMe+_l~p+W2+=<?Q+(rdvIsO?AGpO2XxGes6y3Vxvl~ZD}X6Wa78Ya<u@f(~X54
zYWZd)jp~-Wwxhe>?@g-(_eJBSpnA4$c)_jf#Q`}T_hc7WsSn>z{RDL~+-RJ4YDQ|g
zF6A^&Kb|w8>;(#vIXhPW*57+>!{%1Jlg$90J2>k{X*~<Q={ye3`@wR1V7-9;PJoZH
zuKYZFd;bt6D&yitxi7GMF+QjTp{v||FpQ;PHt5Yl&2eSplj7Oht*G^pp!tz_opWR9
zi|pbLy?wW^|D;Y+SU0HLM1IL%TCq7)ZTS4oy#iXfku9!^ty8(1b^XMx?zXrrEIVcG
zI_#wR$K@{y9q1gbLRP4$DcRZ8@#e;Wj9gfJCVUUCeeZ$YIt@c;iUd}p*MZ87-J1oQ
zX%vs+gQ(vD3&CvDXVr$a{o8}$`+}WPt;v47E?dFoOD}iv_ylgRGL)K~;1Bn*BXw_`
z)R0e+Wp7fvN|9w>x*cOa^MWfW^c)jn*|1)O=%uNUG2A9m6Ftd^jH42VXh>cjQExKq
zzrrU_=x9QIE4wn<WbeklgNH8qjVjIJRc1{|4o_s!+RBJp=^oYi%iJv`)AC;11vB27
z{Jpk!Kc!rBQ)ku><#Mutn`S9p6bZ9PC*k4GK?eqDu}^+0UDXje0;kt0f8&R1_}aSj
zKGQ(jx=p~&D*sL?<$1gR9zuD$^MiawtnfEsb#doJP>FR3<_l$;%$p%}&wbha-A81(
zYl;xR{Mpu|T<eVeN!_b@9MvZVMS2Jpl^=za!3co->8J+!d_we!w0ManjQl6EOAdip
zOlTqLdhG)6xQP7aaLM$GOz`e>pF9@OZ>!+kFFIAOq~P6MKHhXnP~3E?oOg;{_Tu#&
zL<%_D#kw0nuYTzwp6fPydEm4N;_chR-$-Bx{_;w(_U?`d>_&C|aJs#;RDSFMZj%$h
zT1v6>rtn*&Kt1;hBUtvJTogxN+Cx3phj)L`vasX3*Ze)G`S$6DVnXs+<lB&s&2)?P
zdk!mmxcf=g=chd9#m$>tw_iRs*Jcsl%78z-LHKZl>x|DGsskT}y&v*@`kWN;LlWi_
zynSx?rn<PG=DNo>VJ`bm;hP#Tn<|X4Jpw**;O_fk?z_O>pu>5{w5;!1cBarRQo)nc
zE^;CAfBZ?d;ni&6`8#DkXpdoW?Dyod+@7zTP3GP#pZ}gF`Wfcf8CF});~G=a#3Y3k
zIb2(?>-G)W4Q{Wi*T*owMGoQpbt_v{lq*ws0Wpje&oJD59Qd0;1Oe$5KXS`<3fy*-
z*+qmi`vVk}w%@h;IcJzlf^(1dNWBE978?<-0C4YaatRlRy#(w0yl-;}=i5C6joRx`
zoe4>Pvcu0$qrLl4inbus!l%-@V|KMOyI4iB-C2#ZkJ3}^UP5@IM{|9uiE=Rey=~TS
z6Gl#XeC{@WbED(@i!xEDD^{U>FKybr7=3;eqnf&H68nc&aFsE(^;%m3sxuy(4ecUk
zLd`iQ;*SpB1-iu(#49XSZ;x)&Vw%M+w1(4o%=1db1`~uIC5Y|`AAim2g?u!Im&Gel
zwrrK!DFFp}E>&-K5~%UN;BaVZ<9sgH@(ivVu|G4(*@RR&M`hWZLAuCC0-nCZHt^$H
zK(HH9#(RCAkNWVR9ur}(wt6FCJi;PZgTF@95^pI$b)GQda(_*#Me3z0@TB-f2ut0f
z5tj)0&W;xz;xYDcV+rBAptPWmvhci*%@!V6AyzmEp~H2TQhiALX!t(Og$@*Qx=4@o
zY{F?V<GHQKf_E79u)jtZHYhb(pJV*&1sU}QzI?&b@(fmPQWoYD@Cf&olUBQLygJDX
zwi8>@uhxEB>f4VjFpJGw{bm>US*vg=Co4cpZ!{L;)h(SNBF%{(W2m08|3>>tznI0c
zM2DzMg-{?Y&!q8@Wk6o&#f3Z}J40$eMpheA%{T_#1{GB*kt05yypK*0!HXq$#uu@v
zC|@n&{fcMM{mzrl<q4m~XGOFhLbVbXP%kp;W;YswP~MWmafm(VAon30VQ=N2UX+CY
zO1XIG1cAtTKiOKUo>_VX7gJfi()W030qk>T^U>|4Z5}bZ5Df>_q5(X+aFw=5i?7*h
zg3~r6#BDmgCvfXDs7IK#I%n7datQVH5a%=O?d2BP@#1oHC(0Wvc)OAQT9O_i8rzz1
zrE2Z>n&|WMShK&X-n=nhv0^JJvaVM#s#oE$6s>yiH9v}|`D#INI03asj7uM{#GKsd
zEoJ0K4BB|17Y*pbAn5tiOe**tTz@L05~{}#?1WC?1nXAk+gsZGTMf_Kz6zo%IZn#5
z+5e?Q1@x~uJOAxb`QJz8%NSc*+OR1an>t$R+rfUJZmDl-5Bpg=8i$a*p|Q0CB@_r@
z2LgdSu)$Y%8{CnAT-@vsE+_;9n}P3OY^8EH2Z$X607H48XdEx~ZC@Fio0>ULf`L%j
z(0eW@tbs+sLEqBcP{`WU()e!H{ausze<o<L!BBYFVQ4L|@j+}{U=TYutlt?(2?l`K
z!C)@X9dru_z|MWQ$=$qs7#r*t^u{nul|R3+hYc6HQ~u9PKp0%hKmAMpRrx<W|5Y5u
z_&=S4!us~ccl%Lt+%v#GQ~h5`h}<o>+YAU(OF~51MqENfM&Fi_L&6AV26G3OKV&5r
zdzcX<tW9hv`T03uhBSwbD|De`6oLt6%!I}vXJ=$=XKrmu$@qWSU_>QHTU$$Gt2=AL
z@L<t6R4FxK=uJQv_!5wvlbaKK*ODTl`scfUH2nV^-va!5X58mqYi~~MPka2nVVhL&
z<#Z9)ijsjHX+e^gk2=T|r8?ERp!=uXT(n;-P^A_uuU6tpEM!AeLVYQm@Yx`fENpDj
zD+6eHgf+}$`>_&qKO~)l(zt{+B4=IfI6-w3-syU*SI6_c({Wazb`32`*iD+KDw`~`
zA6^%&pPKYP!AK<w@+vdJb=BRh<g%H2#M)6|MboHT>+;L~hI+6Zj)2Bqkwy$Pauab%
zR+oyA+Cx%h{3Z&{>|$u>dxaE76JO9$z>~0a2y=v8y3dA)gUGT-uOzpEFTQ;`VLCq3
z>MPWV{#+9~%5M>6G_Y4eWgIg3%X~mHi@QS)4aN!}k5556-DgJP4Jf++`_fd_b<`B7
z$aj$(e4<TDl2^b=vyyDoS-^^0#=l#J7}gt*Q0Z<~!vrZZmX&NbjO#axE?oVMB(PZc
z?SIL#e>EfiJL3KcpgSTg*#DoACTeYHV{{i7|HKp9tN)v1M*6T&hee+~r6%A{Xe+`3
zLfPiEwK<H(7#7BN!SJv6ceXP&L4#o;fw<9N$P@qbq2%Gd1Eeyc{D*c2MRfO}wEiC&
z4>te|Ym54e#>olbhHd{B4GiUi!g^=_qQTZdVXZEI(IA{q2+S^j(}17{XFzy3@0!y7
zUI*cX+?Nju;JKSk_SZTngd22E7Fd}8L+-7Ep*O)sRR7Hj8$Ix+2l(In!8+`qcK~aD
z(|Dj@Sfk%xG%ijc53G9pP2++U!+SKCwmkQEVLU*dduMQRLcn*hQUBhL69|GC>mCi}
zMd&>}V46K#2Lk?qulj309&YH}wA8<7AQ<ibxjZ14=kBfJ;eo+MKA=53mxl-VAU0s$
zfOTg7eJ&URzJulZOBNU$Hs~Sk4p!~{Iw<#j`5>I!_x-_n7ee=Ch5)!A4{4A)kgmUE
zfdB#E`*wjn=I&;7{=E*w1snW$p9X%oAMCkxUk?ZjbL@dEFvPTb@yrR~f!_78|9vi)
zi|2tXV3-B(uY-W^AfNu`g#thiWQKC{+}9Th%jx@ehH`R&@5=|}eCSIkEcYL*gFVk5
zoB_B4wE0^;D3JSskDy$f4{QqM`ZK5GFWq3J=?+xwZyJc}LHt2sA$i|cP;MaXzHyJ2
zo97PP;P3r-06Y(A+}sa%d0@uB&kGBUhcqtk2R48u&3(T?A%Oe-1#ogcs0T2dJXnGG
z`&<}}>%Ko=G{_xL-oJH&aRMIJQ`kK7d+`Fp+k+i^pO*`C2Q~Efeq22FYaNUide=Ak
z_c{;|HYf5v4Rrsx07LKlGfVPsURY7Qmq)O5JooDwj0WYo=W`hT9~b1oxnS`9+=8ux
z-mk?lv_P(h{(x}be_q1Yf$!%VjP{_0!3s9up-rK8P=xpF0)<8XJsJQAgtdeJy$&{?
z^FbWItam>LVR(h0`>_ifNW}TTZ?KET1G~V|_YP3;FMq&p3=es^!S`z?4E^vy4ZFMX
zKkyp>4C1_(3$S(E_j4LXgAwn`0=ul-j}2IFE#!V203fjBzt0PS1;RZVkn;}g^KX5D
zoDY2ogkeJ7&n+N;`$2vH0gwmh0%7IqzJKrT0{7z-2!dUl?#sf>d578Ymp@>cb^i_m
z8|w<aUteIuU4ajB0rsx<Ant)+=!1Fy<9tvzV0g=b`}F__g&}+2mk(yX2X=-+AMD2k
zgk1pd@p8cwx$jFZ*eIX-zJ!$~*c;W~c7a9ngPZ~JfF9Td#Pe4TbFkBgy?5H7!Cvr`
z%w6y9-`r>%iZ(V5lrSLDKl5e&y#K+X<j<wt-a+5a;m?&E00P581&xkQR8H*w0K}d_
ArvLx|


From 706d20b5f66025a856c122b87bfdcea655a016af Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Thu, 24 Jun 2021 17:55:46 +0200
Subject: [PATCH 48/82] Updated document title

---
 util/cloudshell/README.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/util/cloudshell/README.md b/util/cloudshell/README.md
index 75b989a0..21c3ac0a 100644
--- a/util/cloudshell/README.md
+++ b/util/cloudshell/README.md
@@ -1,6 +1,4 @@
-# ShortCut
-
-ShortCut - Run Prowler and ScoutSuite in Customer's environment using AWS CloudShell
+# ShortCut script: run Prowler and ScoutSuite in Customer's environment using AWS CloudShell
 
 ### Use Case:
 

From 8c74ef102ff35c81e5c7eecac9ee1fa159607a84 Mon Sep 17 00:00:00 2001
From: "IB (AWS)" <ioawssec@amazon.com>
Date: Mon, 28 Jun 2021 14:49:54 -0700
Subject: [PATCH 49/82] fixed aws organizations multi-account s3 upload issue

---
 util/org-multi-account/ProwlerEC2.yaml            |  1 +
 util/org-multi-account/ProwlerS3.yaml             |  1 +
 util/org-multi-account/src/run-prowler-reports.sh | 14 ++++++++++----
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/util/org-multi-account/ProwlerEC2.yaml b/util/org-multi-account/ProwlerEC2.yaml
index ad9390e4..94e56936 100644
--- a/util/org-multi-account/ProwlerEC2.yaml
+++ b/util/org-multi-account/ProwlerEC2.yaml
@@ -334,6 +334,7 @@ Resources:
                   - s3:GetObject
                   - s3:PutObject
                   - s3:ListBucket
+                  - s3:PutObjectAcl
         - PolicyName: Prowler-CrossAccount-AssumeRole
           PolicyDocument:
             Version: 2012-10-17
diff --git a/util/org-multi-account/ProwlerS3.yaml b/util/org-multi-account/ProwlerS3.yaml
index 17b9f8b3..fc0ef4d9 100644
--- a/util/org-multi-account/ProwlerS3.yaml
+++ b/util/org-multi-account/ProwlerS3.yaml
@@ -60,6 +60,7 @@ Resources:
               - s3:GetObject
               - s3:PutObject
               - s3:ListBucket
+              - s3:PutObjectAcl
             Resource:
               - !Sub arn:${AWS::Partition}:s3:::${ProwlerS3}
               - !Sub arn:${AWS::Partition}:s3:::${ProwlerS3}/*
diff --git a/util/org-multi-account/src/run-prowler-reports.sh b/util/org-multi-account/src/run-prowler-reports.sh
index 54201b84..5de1e63b 100644
--- a/util/org-multi-account/src/run-prowler-reports.sh
+++ b/util/org-multi-account/src/run-prowler-reports.sh
@@ -91,9 +91,6 @@ for accountId in $ACCOUNTS_IN_ORGS; do
         # remove -g cislevel for a full report and add other formats if needed
         ./prowler/prowler -R "$ROLE" -A "$accountId" -g cislevel1 -M html
         echo "Report stored locally at: prowler/output/ directory"
-        # Upload Prowler Report to S3
-        s3_account_session
-        aws s3 cp prowler/output/ "$S3/reports/" --recursive --include "*.html"
         TOTAL_SEC=$((SECONDS - START_TIME))
         echo -e "Completed AWS Account: $accountId, using Role: $ROLE on $(date)"
         printf "Completed AWS Account: $accountId in %02dh:%02dm:%02ds" $((TOTAL_SEC / 3600)) $((TOTAL_SEC % 3600 / 60)) $((TOTAL_SEC % 60))
@@ -103,7 +100,16 @@ done
 
 # Wait for All Prowler Processes to finish
 wait
-echo "Prowler Assessments Completed against All Accounts in the AWS Organization"
+echo "Prowler Assessments Completed against All Accounts in the AWS Organization. Starting S3 copy operations..."
+
+# Upload Prowler Report to S3
+s3_account_session
+aws s3 cp prowler/output/ "$S3/reports/" --recursive --include "*.html" --acl bucket-owner-full-control
+echo "Assessment reports successfully copied to S3 bucket"
+
+# Final Wait for All Prowler Processes to finish
+wait
+echo "Prowler Assessments Completed"
 
 # Unset AWS Profile Variables
 unset_aws

From bc959a23f1aba2546cf7fa6c1371d1d785faf6e5 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Sun, 4 Jul 2021 12:32:50 +0200
Subject: [PATCH 50/82] License file and banner cosolidation

---
 LICENSE-CC-BY-SA-4.0 | 360 -------------------------------------------
 checks/check11       |  15 +-
 checks/check110      |  13 +-
 checks/check111      |  13 +-
 checks/check112      |  13 +-
 checks/check113      |  13 +-
 checks/check114      |  13 +-
 checks/check115      |  13 +-
 checks/check116      |  13 +-
 checks/check117      |  13 +-
 checks/check118      |  13 +-
 checks/check119      |  13 +-
 checks/check12       |  15 +-
 checks/check120      |  13 +-
 checks/check121      |  13 +-
 checks/check122      |  13 +-
 checks/check13       |  13 +-
 checks/check14       |  13 +-
 checks/check15       |  13 +-
 checks/check16       |  13 +-
 checks/check17       |  13 +-
 checks/check18       |  13 +-
 checks/check19       |  13 +-
 checks/check21       |  13 +-
 checks/check22       |  13 +-
 checks/check23       |  13 +-
 checks/check24       |  13 +-
 checks/check25       |  13 +-
 checks/check26       |  13 +-
 checks/check27       |  13 +-
 checks/check28       |  29 ++--
 checks/check29       |  13 +-
 checks/check31       |  13 +-
 checks/check310      |  13 +-
 checks/check311      |  13 +-
 checks/check312      |  13 +-
 checks/check313      |  13 +-
 checks/check314      |  13 +-
 checks/check32       |  13 +-
 checks/check33       |  13 +-
 checks/check34       |  13 +-
 checks/check35       |  13 +-
 checks/check36       |  13 +-
 checks/check37       |  13 +-
 checks/check38       |  13 +-
 checks/check39       |  13 +-
 checks/check41       |  13 +-
 checks/check42       |  13 +-
 checks/check43       |  13 +-
 checks/check44       |  13 +-
 checks/check45       |   1 +
 checks/check46       |   1 +
 52 files changed, 404 insertions(+), 615 deletions(-)
 delete mode 100644 LICENSE-CC-BY-SA-4.0

diff --git a/LICENSE-CC-BY-SA-4.0 b/LICENSE-CC-BY-SA-4.0
deleted file mode 100644
index 63f44cc3..00000000
--- a/LICENSE-CC-BY-SA-4.0
+++ /dev/null
@@ -1,360 +0,0 @@
-Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International
-Public License
-
-By exercising the Licensed Rights (defined below), You accept and agree
-to be bound by the terms and conditions of this Creative Commons
-Attribution-NonCommercial-ShareAlike 4.0 International Public License
-("Public License"). To the extent this Public License may be
-interpreted as a contract, You are granted the Licensed Rights in
-consideration of Your acceptance of these terms and conditions, and the
-Licensor grants You such rights in consideration of benefits the
-Licensor receives from making the Licensed Material available under
-these terms and conditions.
-
-
-Section 1 -- Definitions.
-
-  a. Adapted Material means material subject to Copyright and Similar
-     Rights that is derived from or based upon the Licensed Material
-     and in which the Licensed Material is translated, altered,
-     arranged, transformed, or otherwise modified in a manner requiring
-     permission under the Copyright and Similar Rights held by the
-     Licensor. For purposes of this Public License, where the Licensed
-     Material is a musical work, performance, or sound recording,
-     Adapted Material is always produced where the Licensed Material is
-     synched in timed relation with a moving image.
-
-  b. Adapter's License means the license You apply to Your Copyright
-     and Similar Rights in Your contributions to Adapted Material in
-     accordance with the terms and conditions of this Public License.
-
-  c. BY-NC-SA Compatible License means a license listed at
-     creativecommons.org/compatiblelicenses, approved by Creative
-     Commons as essentially the equivalent of this Public License.
-
-  d. Copyright and Similar Rights means copyright and/or similar rights
-     closely related to copyright including, without limitation,
-     performance, broadcast, sound recording, and Sui Generis Database
-     Rights, without regard to how the rights are labeled or
-     categorized. For purposes of this Public License, the rights
-     specified in Section 2(b)(1)-(2) are not Copyright and Similar
-     Rights.
-
-  e. Effective Technological Measures means those measures that, in the
-     absence of proper authority, may not be circumvented under laws
-     fulfilling obligations under Article 11 of the WIPO Copyright
-     Treaty adopted on December 20, 1996, and/or similar international
-     agreements.
-
-  f. Exceptions and Limitations means fair use, fair dealing, and/or
-     any other exception or limitation to Copyright and Similar Rights
-     that applies to Your use of the Licensed Material.
-
-  g. License Elements means the license attributes listed in the name
-     of a Creative Commons Public License. The License Elements of this
-     Public License are Attribution, NonCommercial, and ShareAlike.
-
-  h. Licensed Material means the artistic or literary work, database,
-     or other material to which the Licensor applied this Public
-     License.
-
-  i. Licensed Rights means the rights granted to You subject to the
-     terms and conditions of this Public License, which are limited to
-     all Copyright and Similar Rights that apply to Your use of the
-     Licensed Material and that the Licensor has authority to license.
-
-  j. Licensor means the individual(s) or entity(ies) granting rights
-     under this Public License.
-
-  k. NonCommercial means not primarily intended for or directed towards
-     commercial advantage or monetary compensation. For purposes of
-     this Public License, the exchange of the Licensed Material for
-     other material subject to Copyright and Similar Rights by digital
-     file-sharing or similar means is NonCommercial provided there is
-     no payment of monetary compensation in connection with the
-     exchange.
-
-  l. Share means to provide material to the public by any means or
-     process that requires permission under the Licensed Rights, such
-     as reproduction, public display, public performance, distribution,
-     dissemination, communication, or importation, and to make material
-     available to the public including in ways that members of the
-     public may access the material from a place and at a time
-     individually chosen by them.
-
-  m. Sui Generis Database Rights means rights other than copyright
-     resulting from Directive 96/9/EC of the European Parliament and of
-     the Council of 11 March 1996 on the legal protection of databases,
-     as amended and/or succeeded, as well as other essentially
-     equivalent rights anywhere in the world.
-
-  n. You means the individual or entity exercising the Licensed Rights
-     under this Public License. Your has a corresponding meaning.
-
-
-Section 2 -- Scope.
-
-  a. License grant.
-
-       1. Subject to the terms and conditions of this Public License,
-          the Licensor hereby grants You a worldwide, royalty-free,
-          non-sublicensable, non-exclusive, irrevocable license to
-          exercise the Licensed Rights in the Licensed Material to:
-
-            a. reproduce and Share the Licensed Material, in whole or
-               in part, for NonCommercial purposes only; and
-
-            b. produce, reproduce, and Share Adapted Material for
-               NonCommercial purposes only.
-
-       2. Exceptions and Limitations. For the avoidance of doubt, where
-          Exceptions and Limitations apply to Your use, this Public
-          License does not apply, and You do not need to comply with
-          its terms and conditions.
-
-       3. Term. The term of this Public License is specified in Section
-          6(a).
-
-       4. Media and formats; technical modifications allowed. The
-          Licensor authorizes You to exercise the Licensed Rights in
-          all media and formats whether now known or hereafter created,
-          and to make technical modifications necessary to do so. The
-          Licensor waives and/or agrees not to assert any right or
-          authority to forbid You from making technical modifications
-          necessary to exercise the Licensed Rights, including
-          technical modifications necessary to circumvent Effective
-          Technological Measures. For purposes of this Public License,
-          simply making modifications authorized by this Section 2(a)
-          (4) never produces Adapted Material.
-
-       5. Downstream recipients.
-
-            a. Offer from the Licensor -- Licensed Material. Every
-               recipient of the Licensed Material automatically
-               receives an offer from the Licensor to exercise the
-               Licensed Rights under the terms and conditions of this
-               Public License.
-
-            b. Additional offer from the Licensor -- Adapted Material.
-               Every recipient of Adapted Material from You
-               automatically receives an offer from the Licensor to
-               exercise the Licensed Rights in the Adapted Material
-               under the conditions of the Adapter's License You apply.
-
-            c. No downstream restrictions. You may not offer or impose
-               any additional or different terms or conditions on, or
-               apply any Effective Technological Measures to, the
-               Licensed Material if doing so restricts exercise of the
-               Licensed Rights by any recipient of the Licensed
-               Material.
-
-       6. No endorsement. Nothing in this Public License constitutes or
-          may be construed as permission to assert or imply that You
-          are, or that Your use of the Licensed Material is, connected
-          with, or sponsored, endorsed, or granted official status by,
-          the Licensor or others designated to receive attribution as
-          provided in Section 3(a)(1)(A)(i).
-
-  b. Other rights.
-
-       1. Moral rights, such as the right of integrity, are not
-          licensed under this Public License, nor are publicity,
-          privacy, and/or other similar personality rights; however, to
-          the extent possible, the Licensor waives and/or agrees not to
-          assert any such rights held by the Licensor to the limited
-          extent necessary to allow You to exercise the Licensed
-          Rights, but not otherwise.
-
-       2. Patent and trademark rights are not licensed under this
-          Public License.
-
-       3. To the extent possible, the Licensor waives any right to
-          collect royalties from You for the exercise of the Licensed
-          Rights, whether directly or through a collecting society
-          under any voluntary or waivable statutory or compulsory
-          licensing scheme. In all other cases the Licensor expressly
-          reserves any right to collect such royalties, including when
-          the Licensed Material is used other than for NonCommercial
-          purposes.
-
-
-Section 3 -- License Conditions.
-
-Your exercise of the Licensed Rights is expressly made subject to the
-following conditions.
-
-  a. Attribution.
-
-       1. If You Share the Licensed Material (including in modified
-          form), You must:
-
-            a. retain the following if it is supplied by the Licensor
-               with the Licensed Material:
-
-                 i. identification of the creator(s) of the Licensed
-                    Material and any others designated to receive
-                    attribution, in any reasonable manner requested by
-                    the Licensor (including by pseudonym if
-                    designated);
-
-                ii. a copyright notice;
-
-               iii. a notice that refers to this Public License;
-
-                iv. a notice that refers to the disclaimer of
-                    warranties;
-
-                 v. a URI or hyperlink to the Licensed Material to the
-                    extent reasonably practicable;
-
-            b. indicate if You modified the Licensed Material and
-               retain an indication of any previous modifications; and
-
-            c. indicate the Licensed Material is licensed under this
-               Public License, and include the text of, or the URI or
-               hyperlink to, this Public License.
-
-       2. You may satisfy the conditions in Section 3(a)(1) in any
-          reasonable manner based on the medium, means, and context in
-          which You Share the Licensed Material. For example, it may be
-          reasonable to satisfy the conditions by providing a URI or
-          hyperlink to a resource that includes the required
-          information.
-       3. If requested by the Licensor, You must remove any of the
-          information required by Section 3(a)(1)(A) to the extent
-          reasonably practicable.
-
-  b. ShareAlike.
-
-     In addition to the conditions in Section 3(a), if You Share
-     Adapted Material You produce, the following conditions also apply.
-
-       1. The Adapter's License You apply must be a Creative Commons
-          license with the same License Elements, this version or
-          later, or a BY-NC-SA Compatible License.
-
-       2. You must include the text of, or the URI or hyperlink to, the
-          Adapter's License You apply. You may satisfy this condition
-          in any reasonable manner based on the medium, means, and
-          context in which You Share Adapted Material.
-
-       3. You may not offer or impose any additional or different terms
-          or conditions on, or apply any Effective Technological
-          Measures to, Adapted Material that restrict exercise of the
-          rights granted under the Adapter's License You apply.
-
-
-Section 4 -- Sui Generis Database Rights.
-
-Where the Licensed Rights include Sui Generis Database Rights that
-apply to Your use of the Licensed Material:
-
-  a. for the avoidance of doubt, Section 2(a)(1) grants You the right
-     to extract, reuse, reproduce, and Share all or a substantial
-     portion of the contents of the database for NonCommercial purposes
-     only;
-
-  b. if You include all or a substantial portion of the database
-     contents in a database in which You have Sui Generis Database
-     Rights, then the database in which You have Sui Generis Database
-     Rights (but not its individual contents) is Adapted Material,
-     including for purposes of Section 3(b); and
-
-  c. You must comply with the conditions in Section 3(a) if You Share
-     all or a substantial portion of the contents of the database.
-
-For the avoidance of doubt, this Section 4 supplements and does not
-replace Your obligations under this Public License where the Licensed
-Rights include other Copyright and Similar Rights.
-
-
-Section 5 -- Disclaimer of Warranties and Limitation of Liability.
-
-  a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
-     EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
-     AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
-     ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
-     IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
-     WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
-     PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
-     ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
-     KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
-     ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
-
-  b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
-     TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
-     NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
-     INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
-     COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
-     USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
-     ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
-     DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
-     IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
-
-  c. The disclaimer of warranties and limitation of liability provided
-     above shall be interpreted in a manner that, to the extent
-     possible, most closely approximates an absolute disclaimer and
-     waiver of all liability.
-
-
-Section 6 -- Term and Termination.
-
-  a. This Public License applies for the term of the Copyright and
-     Similar Rights licensed here. However, if You fail to comply with
-     this Public License, then Your rights under this Public License
-     terminate automatically.
-
-  b. Where Your right to use the Licensed Material has terminated under
-     Section 6(a), it reinstates:
-
-       1. automatically as of the date the violation is cured, provided
-          it is cured within 30 days of Your discovery of the
-          violation; or
-
-       2. upon express reinstatement by the Licensor.
-
-     For the avoidance of doubt, this Section 6(b) does not affect any
-     right the Licensor may have to seek remedies for Your violations
-     of this Public License.
-
-  c. For the avoidance of doubt, the Licensor may also offer the
-     Licensed Material under separate terms or conditions or stop
-     distributing the Licensed Material at any time; however, doing so
-     will not terminate this Public License.
-
-  d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
-     License.
-
-
-Section 7 -- Other Terms and Conditions.
-
-  a. The Licensor shall not be bound by any additional or different
-     terms or conditions communicated by You unless expressly agreed.
-
-  b. Any arrangements, understandings, or agreements regarding the
-     Licensed Material not stated herein are separate from and
-     independent of the terms and conditions of this Public License.
-
-
-Section 8 -- Interpretation.
-
-  a. For the avoidance of doubt, this Public License does not, and
-     shall not be interpreted to, reduce, limit, restrict, or impose
-     conditions on any use of the Licensed Material that could lawfully
-     be made without permission under this Public License.
-
-  b. To the extent possible, if any provision of this Public License is
-     deemed unenforceable, it shall be automatically reformed to the
-     minimum extent necessary to make it enforceable. If the provision
-     cannot be reformed, it shall be severed from this Public License
-     without affecting the enforceability of the remaining terms and
-     conditions.
-
-  c. No term or condition of this Public License will be waived and no
-     failure to comply consented to unless expressly agreed to by the
-     Licensor.
-
-  d. Nothing in this Public License constitutes or may be interpreted
-     as a limitation upon, or waiver of, any privileges and immunities
-     that apply to the Licensor or You, including from the legal
-     processes of any jurisdiction or authority.
\ No newline at end of file
diff --git a/checks/check11 b/checks/check11
index d8040e41..b77edbbe 100644
--- a/checks/check11
+++ b/checks/check11
@@ -1,15 +1,18 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check11="1.1"
-CHECK_TITLE_check11="[check11] Avoid the use of the root account (Scored)"
+CHECK_TITLE_check11="[check11] Avoid the use of the root account"
 CHECK_SCORED_check11="SCORED"
 CHECK_TYPE_check11="LEVEL1"
 CHECK_SEVERITY_check11="High"
diff --git a/checks/check110 b/checks/check110
index 3e638cc5..e031bf60 100644
--- a/checks/check110
+++ b/checks/check110
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check110="1.10"
 CHECK_TITLE_check110="[check110] Ensure IAM password policy prevents password reuse: 24 or greater (Scored)"
diff --git a/checks/check111 b/checks/check111
index ea03f28b..1cc174da 100644
--- a/checks/check111
+++ b/checks/check111
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check111="1.11"
 CHECK_TITLE_check111="[check111] Ensure IAM password policy expires passwords within 90 days or less (Scored)"
diff --git a/checks/check112 b/checks/check112
index 4431bf29..0336877a 100644
--- a/checks/check112
+++ b/checks/check112
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check112="1.12"
 CHECK_TITLE_check112="[check112] Ensure no root account access key exists (Scored)"
diff --git a/checks/check113 b/checks/check113
index a5414034..63717306 100644
--- a/checks/check113
+++ b/checks/check113
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check113="1.13"
 CHECK_TITLE_check113="[check113] Ensure MFA is enabled for the root account (Scored)"
diff --git a/checks/check114 b/checks/check114
index 3b489350..f8a5b315 100644
--- a/checks/check114
+++ b/checks/check114
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check114="1.14"
 CHECK_TITLE_check114="[check114] Ensure hardware MFA is enabled for the root account (Scored)"
diff --git a/checks/check115 b/checks/check115
index 57827b00..54dfc0a9 100644
--- a/checks/check115
+++ b/checks/check115
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check115="1.15"
 CHECK_TITLE_check115="[check115] Ensure security questions are registered in the AWS account (Not Scored)"
diff --git a/checks/check116 b/checks/check116
index 109255ef..2d864117 100644
--- a/checks/check116
+++ b/checks/check116
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check116="1.16"
 CHECK_TITLE_check116="[check116] Ensure IAM policies are attached only to groups or roles (Scored)"
diff --git a/checks/check117 b/checks/check117
index e390ad47..85c5eb56 100644
--- a/checks/check117
+++ b/checks/check117
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check117="1.17"
 CHECK_TITLE_check117="[check117] Maintain current contact details (Not Scored)"
diff --git a/checks/check118 b/checks/check118
index ef69a226..c57647d5 100644
--- a/checks/check118
+++ b/checks/check118
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check118="1.18"
 CHECK_TITLE_check118="[check118] Ensure security contact information is registered (Not Scored)"
diff --git a/checks/check119 b/checks/check119
index 4a557308..e82f8e83 100644
--- a/checks/check119
+++ b/checks/check119
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check119="1.19"
 CHECK_TITLE_check119="[check119] Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)"
diff --git a/checks/check12 b/checks/check12
index 1d8f572f..63314bab 100644
--- a/checks/check12
+++ b/checks/check12
@@ -1,15 +1,18 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check12="1.2"
-CHECK_TITLE_check12="[check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"
+CHECK_TITLE_check12="[check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password"
 CHECK_SCORED_check12="SCORED"
 CHECK_TYPE_check12="LEVEL1"
 CHECK_SEVERITY_check12="High"
diff --git a/checks/check120 b/checks/check120
index 6a520b16..6cabbad4 100644
--- a/checks/check120
+++ b/checks/check120
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check120="1.20"
 CHECK_TITLE_check120="[check120] Ensure a support role has been created to manage incidents with AWS Support (Scored)"
diff --git a/checks/check121 b/checks/check121
index c38d96fe..26f2458e 100644
--- a/checks/check121
+++ b/checks/check121
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check121="1.21"
 CHECK_TITLE_check121="[check121] Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)"
diff --git a/checks/check122 b/checks/check122
index 99c15ba3..0aa01e3c 100644
--- a/checks/check122
+++ b/checks/check122
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check122="1.22"
 CHECK_TITLE_check122="[check122] Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)"
diff --git a/checks/check13 b/checks/check13
index 80388de1..6ede4ae6 100644
--- a/checks/check13
+++ b/checks/check13
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check13="1.3"
 CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled (Scored)"
diff --git a/checks/check14 b/checks/check14
index 9d1b40ac..594a785e 100644
--- a/checks/check14
+++ b/checks/check14
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check14="1.4"
 CHECK_TITLE_check14="[check14] Ensure access keys are rotated every 90 days or less (Scored)"
diff --git a/checks/check15 b/checks/check15
index 4cbc6203..902efcdf 100644
--- a/checks/check15
+++ b/checks/check15
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check15="1.5"
 CHECK_TITLE_check15="[check15] Ensure IAM password policy requires at least one uppercase letter (Scored)"
diff --git a/checks/check16 b/checks/check16
index 009a3cd3..bb818535 100644
--- a/checks/check16
+++ b/checks/check16
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check16="1.6"
 CHECK_TITLE_check16="[check16] Ensure IAM password policy require at least one lowercase letter (Scored)"
diff --git a/checks/check17 b/checks/check17
index 5230095f..8995dcc3 100644
--- a/checks/check17
+++ b/checks/check17
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check17="1.7"
 CHECK_TITLE_check17="[check17] Ensure IAM password policy require at least one symbol (Scored)"
diff --git a/checks/check18 b/checks/check18
index 453a0a7d..cb68c2e9 100644
--- a/checks/check18
+++ b/checks/check18
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check18="1.8"
 CHECK_TITLE_check18="[check18] Ensure IAM password policy require at least one number (Scored)"
diff --git a/checks/check19 b/checks/check19
index 97b43848..c28d21d8 100644
--- a/checks/check19
+++ b/checks/check19
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check19="1.9"
 CHECK_TITLE_check19="[check19] Ensure IAM password policy requires minimum length of 14 or greater (Scored)"
diff --git a/checks/check21 b/checks/check21
index 343c4cd9..e88b2a71 100644
--- a/checks/check21
+++ b/checks/check21
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check21="2.1"
 CHECK_TITLE_check21="[check21] Ensure CloudTrail is enabled in all regions (Scored)"
diff --git a/checks/check22 b/checks/check22
index ac3809c7..9aaba77c 100644
--- a/checks/check22
+++ b/checks/check22
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check22="2.2"
 CHECK_TITLE_check22="[check22] Ensure CloudTrail log file validation is enabled (Scored)"
diff --git a/checks/check23 b/checks/check23
index d88cc079..719a3ac7 100644
--- a/checks/check23
+++ b/checks/check23
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check23="2.3"
 CHECK_TITLE_check23="[check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"
diff --git a/checks/check24 b/checks/check24
index c423e64c..3146d71d 100644
--- a/checks/check24
+++ b/checks/check24
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check24="2.4"
 CHECK_TITLE_check24="[check24] Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)"
diff --git a/checks/check25 b/checks/check25
index d836e7c9..3444bbdb 100644
--- a/checks/check25
+++ b/checks/check25
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check25="2.5"
 CHECK_TITLE_check25="[check25] Ensure AWS Config is enabled in all regions (Scored)"
diff --git a/checks/check26 b/checks/check26
index 7730623e..3b1e0947 100644
--- a/checks/check26
+++ b/checks/check26
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check26="2.6"
 CHECK_TITLE_check26="[check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"
diff --git a/checks/check27 b/checks/check27
index 1afea54d..8eb61059 100644
--- a/checks/check27
+++ b/checks/check27
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check27="2.7"
 CHECK_TITLE_check27="[check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"
diff --git a/checks/check28 b/checks/check28
index b35b4c95..a1f7b547 100644
--- a/checks/check28
+++ b/checks/check28
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check28="2.8"
 CHECK_TITLE_check28="[check28] Ensure rotation for customer created KMS CMKs is enabled (Scored)"
@@ -27,7 +30,7 @@ check28(){
   for regx in $REGIONS; do
     CHECK_KMS_KEYLIST=$($AWSCLI kms list-keys $PROFILE_OPT --region $regx --output text --query 'Keys[*].KeyId' --output text 2>&1)
     if [[ $(echo "$CHECK_KMS_KEYLIST" | grep AccessDenied) ]]; then
-      textFail "Access Denied trying to list keys in $regx"
+      textFail "Access Denied trying to list keys in $regx" "$regx" "$key"
       continue
     fi
     if [[ $CHECK_KMS_KEYLIST ]]; then
@@ -35,7 +38,7 @@ check28(){
       for key in $CHECK_KMS_KEYLIST; do
         KMSDETAILS=$($AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx --query 'KeyMetadata.{key:KeyId,man:KeyManager,origin:Origin,spec:CustomerMasterKeySpec,state:KeyState}' --output text 2>&1 | grep SYMMETRIC)
         if [[ $(echo "$KMSDETAILS" | grep AccessDenied) ]]; then
-           textFail "$regx: Key $key Access Denied describing key"
+           textFail "$regx: Key $key Access Denied describing key" "$regx" "$key"
            continue
         fi
 
@@ -53,25 +56,25 @@ check28(){
         cmk_count=$((cmk_count + 1))
 
         if [[ "$KEYORIGIN" == "EXTERNAL" ]]; then
-          textPass "$regx: Key $key uses imported key material"
+          textPass "$regx: Key $key uses imported key material" "$regx" "$key"
         else
           CHECK_KMS_KEY_ROTATION=$($AWSCLI kms get-key-rotation-status --key-id $key $PROFILE_OPT --region $regx --output text 2>&1)
           if [[ $(echo "$CHECK_KMS_KEY_ROTATION" | grep AccessDenied) ]]; then
-            textFail "$regx: Key $key Access Denied getting key rotation status"
+            textFail "$regx: Key $key Access Denied getting key rotation status" "$regx" "$key"
             continue
           fi
           if [[ "$CHECK_KMS_KEY_ROTATION" == "True" ]];then
-            textPass "$regx: Key $key automatic rotation of the key material is enabled"
+            textPass "$regx: Key $key automatic rotation of the key material is enabled" "$regx" "$key"
           else
-            textFail "$regx: Key $key automatic rotation of the key material is disabled"
+            textFail "$regx: Key $key automatic rotation of the key material is disabled" "$regx" "$key"
           fi
         fi
       done
       if [[ $cmk_count == 0 ]]; then
-        textInfo "$regx: This region has no customer managed keys"
+        textInfo "$regx: This region has no customer managed keys" "$regx" "$key"
       fi
     else
-      textInfo "$regx: This region has no KMS keys"
+      textInfo "$regx: This region has no KMS keys" "$regx" "$key"
     fi
   done
 }
diff --git a/checks/check29 b/checks/check29
index 2bfe4a62..0187f628 100644
--- a/checks/check29
+++ b/checks/check29
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check29="2.9"
 CHECK_TITLE_check29="[check29] Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"
diff --git a/checks/check31 b/checks/check31
index 7674f8a4..938c147d 100644
--- a/checks/check31
+++ b/checks/check31
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check310 b/checks/check310
index 40744be0..4f821784 100644
--- a/checks/check310
+++ b/checks/check310
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check311 b/checks/check311
index b36dff27..9c661251 100644
--- a/checks/check311
+++ b/checks/check311
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check312 b/checks/check312
index 702f068e..8c44117e 100644
--- a/checks/check312
+++ b/checks/check312
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check313 b/checks/check313
index 258af60d..5852e63e 100644
--- a/checks/check313
+++ b/checks/check313
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check314 b/checks/check314
index 488663c4..820458eb 100644
--- a/checks/check314
+++ b/checks/check314
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check32 b/checks/check32
index ff13166b..9a28147d 100644
--- a/checks/check32
+++ b/checks/check32
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check33 b/checks/check33
index 840e386d..7af68e62 100644
--- a/checks/check33
+++ b/checks/check33
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check34 b/checks/check34
index 727512c8..d32bc066 100644
--- a/checks/check34
+++ b/checks/check34
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check35 b/checks/check35
index 13fae612..cdbbf038 100644
--- a/checks/check35
+++ b/checks/check35
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check36 b/checks/check36
index 8ab2a0ef..1696912b 100644
--- a/checks/check36
+++ b/checks/check36
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check37 b/checks/check37
index 7c891a9e..2d7d189b 100644
--- a/checks/check37
+++ b/checks/check37
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check38 b/checks/check38
index eabf8475..196ced51 100644
--- a/checks/check38
+++ b/checks/check38
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check39 b/checks/check39
index 05cc9936..5e580499 100644
--- a/checks/check39
+++ b/checks/check39
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 #
 # Remediation:
 #
diff --git a/checks/check41 b/checks/check41
index c18b06b7..1ffd8961 100644
--- a/checks/check41
+++ b/checks/check41
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check41="4.1"
 CHECK_TITLE_check41="[check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)"
diff --git a/checks/check42 b/checks/check42
index 5db4ebe0..d0e34354 100644
--- a/checks/check42
+++ b/checks/check42
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check42="4.2"
 CHECK_TITLE_check42="[check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)"
diff --git a/checks/check43 b/checks/check43
index d467c103..a8da5612 100644
--- a/checks/check43
+++ b/checks/check43
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check43="4.3"
 CHECK_TITLE_check43="[check43] Ensure the default security group of every VPC restricts all traffic (Scored)"
diff --git a/checks/check44 b/checks/check44
index 4683abe8..62a8bf4d 100644
--- a/checks/check44
+++ b/checks/check44
@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
 #
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
 #
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
 
 CHECK_ID_check44="4.4"
 CHECK_TITLE_check44="[check44] Ensure routing tables for VPC peering are \"least access\" (Not Scored)"
diff --git a/checks/check45 b/checks/check45
index fd847076..fdd5912f 100644
--- a/checks/check45
+++ b/checks/check45
@@ -10,6 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
+
 CHECK_ID_check45="4.5"
 CHECK_TITLE_check45="[check45] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22"
 CHECK_SCORED_check45="SCORED"
diff --git a/checks/check46 b/checks/check46
index b98eb2f0..fc03c121 100644
--- a/checks/check46
+++ b/checks/check46
@@ -10,6 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
+
 CHECK_ID_check46="4.6"
 CHECK_TITLE_check46="[check46] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389"
 CHECK_SCORED_check46="SCORED"

From 3936a7b17ad961e258fff82df14b1565ae883a81 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Mon, 5 Jul 2021 20:11:35 +0200
Subject: [PATCH 51/82] Changed how color codes are shown in text mode

---
 include/colors                                |   7 +-
 util/dashboard/index.html                     | 307 +++++++++++++++
 ...or-continuous-monitoring-template.yaml-WIP | 369 ++++++++++++++++++
 .../create-data-source-cli-input.json         | 217 ++++++++++
 .../quicksight/create-template-cli-input.json |  18 +
 ...rowler-quicksight-datasource-manifest.json |  12 +
 6 files changed, 928 insertions(+), 2 deletions(-)
 create mode 100644 util/dashboard/index.html
 create mode 100644 util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP
 create mode 100644 util/quicksight/create-data-source-cli-input.json
 create mode 100644 util/quicksight/create-template-cli-input.json
 create mode 100644 util/quicksight/prowler-quicksight-datasource-manifest.json

diff --git a/include/colors b/include/colors
index dd8a8d20..d1f2afcb 100644
--- a/include/colors
+++ b/include/colors
@@ -67,7 +67,10 @@ fi
 
 printColorsCode(){
   if [[ $MONOCHROME -eq 0 ]]; then
-    echo -e "\n$NORMAL Colors code for results: "
-    echo -e "$NOTICE INFO (Information)$NORMAL,$OK PASS (Recommended value)$NORMAL, $WARNING WARNING (Ignored by whitelist)$NORMAL, $BAD FAIL (Fix required)$NORMAL, $PURPLE Not Scored $NORMAL"
+    echo -e "\n$NORMAL Color code for results: "
+    echo -e " - $NOTICE INFO (Information)$NORMAL"
+    echo -e " - $OK PASS (Recommended value)$NORMAL"
+    echo -e " - $WARNING WARNING (Ignored by whitelist)$NORMAL"
+    echo -e " - $BAD FAIL (Fix required)$NORMAL"
   fi
 }
diff --git a/util/dashboard/index.html b/util/dashboard/index.html
new file mode 100644
index 00000000..afa55c3c
--- /dev/null
+++ b/util/dashboard/index.html
@@ -0,0 +1,307 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Bootstrap 5 Simple Admin Dashboard</title>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/5.0.0-alpha1/css/bootstrap.min.css" integrity="sha384-r4NyP46KrjDleawBgD5tp8Y7UzmLA05oM1iAEQ17CSuDqnUK2+k9luXQOfXJCJ4I" crossorigin="anonymous">
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/chartist.js/latest/chartist.min.css">
+    <style>
+        .sidebar {
+            position: fixed;
+            top: 0;
+            bottom: 0;
+            left: 0;
+            z-index: 100;
+            padding: 90px 0 0;
+            box-shadow: inset -1px 0 0 rgba(0, 0, 0, .1);
+            z-index: 99;
+        }
+
+        @media (max-width: 767.98px) {
+            .sidebar {
+                top: 11.5rem;
+                padding: 0;
+            }
+        }
+            
+        .navbar {
+            box-shadow: inset 0 -1px 0 rgba(0, 0, 0, .1);
+        }
+
+        @media (min-width: 767.98px) {
+            .navbar {
+                top: 0;
+                position: sticky;
+                z-index: 999;
+            }
+        }
+
+        .sidebar .nav-link {
+            color: #333;
+        }
+
+        .sidebar .nav-link.active {
+            color: #0d6efd;
+        }
+    </style>
+</head>
+<body>
+    <nav class="navbar navbar-light bg-light p-3">
+        <div class="d-flex col-12 col-md-3 col-lg-2 mb-2 mb-lg-0 flex-wrap flex-md-nowrap justify-content-between">
+            <a class="navbar-brand" href="#">
+                Simple Dashboard
+            </a>
+            <button class="navbar-toggler d-md-none collapsed mb-3" type="button" data-toggle="collapse" data-target="#sidebar" aria-controls="sidebar" aria-expanded="false" aria-label="Toggle navigation">
+                <span class="navbar-toggler-icon"></span>
+            </button>
+        </div>
+        <div class="col-12 col-md-4 col-lg-2">
+            <input class="form-control form-control-dark" type="text" placeholder="Search" aria-label="Search">
+        </div>
+        <div class="col-12 col-md-5 col-lg-8 d-flex align-items-center justify-content-md-end mt-3 mt-md-0">
+            <div class="mr-3 mt-1">
+                <a class="github-button" href="https://github.com/themesberg/simple-bootstrap-5-dashboard" data-color-scheme="no-preference: dark; light: light; dark: light;" data-icon="octicon-star" data-size="large" data-show-count="true" aria-label="Star /themesberg/simple-bootstrap-5-dashboard">Star</a>
+            </div>
+            <div class="dropdown">
+                <button class="btn btn-secondary dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
+                  Hello, John Doe
+                </button>
+                <ul class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+                  <li><a class="dropdown-item" href="#">Settings</a></li>
+                  <li><a class="dropdown-item" href="#">Messages</a></li>
+                  <li><a class="dropdown-item" href="#">Sign out</a></li>
+                </ul>
+              </div>
+        </div>
+    </nav>
+    <div class="container-fluid">
+        <div class="row">
+            <nav id="sidebar" class="col-md-3 col-lg-2 d-md-block bg-light sidebar collapse">
+                <div class="position-sticky">
+                    <ul class="nav flex-column">
+                        <li class="nav-item">
+                          <a class="nav-link active" aria-current="page" href="#">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-home"><path d="M3 9l9-7 9 7v11a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z"></path><polyline points="9 22 9 12 15 12 15 22"></polyline></svg>
+                            <span class="ml-2">Dashboard</span>
+                          </a>
+                        </li>
+                        <li class="nav-item">
+                          <a class="nav-link" href="#">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-file"><path d="M13 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V9z"></path><polyline points="13 2 13 9 20 9"></polyline></svg>
+                            <span class="ml-2">Orders</span>
+                          </a>
+                        </li>
+                        <li class="nav-item">
+                          <a class="nav-link" href="#">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-shopping-cart"><circle cx="9" cy="21" r="1"></circle><circle cx="20" cy="21" r="1"></circle><path d="M1 1h4l2.68 13.39a2 2 0 0 0 2 1.61h9.72a2 2 0 0 0 2-1.61L23 6H6"></path></svg>
+                            <span class="ml-2">Products</span>
+                          </a>
+                        </li>
+                        <li class="nav-item">
+                          <a class="nav-link" href="#">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-users"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"></path><circle cx="9" cy="7" r="4"></circle><path d="M23 21v-2a4 4 0 0 0-3-3.87"></path><path d="M16 3.13a4 4 0 0 1 0 7.75"></path></svg>
+                            <span class="ml-2">Customers</span>
+                          </a>
+                        </li>
+                        <li class="nav-item">
+                          <a class="nav-link" href="#">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-bar-chart-2"><line x1="18" y1="20" x2="18" y2="10"></line><line x1="12" y1="20" x2="12" y2="4"></line><line x1="6" y1="20" x2="6" y2="14"></line></svg>
+                            <span class="ml-2">Reports</span>
+                          </a>
+                        </li>
+                        <li class="nav-item">
+                          <a class="nav-link" href="#">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-layers"><polygon points="12 2 2 7 12 12 22 7 12 2"></polygon><polyline points="2 17 12 22 22 17"></polyline><polyline points="2 12 12 17 22 12"></polyline></svg>
+                            <span class="ml-2">Integrations</span>
+                          </a>
+                        </li>
+                        <li class="nav-item">
+                            <a class="btn btn-sm btn-secondary ml-3 mt-2" href="https://themesberg.com/blog/bootstrap/simple-bootstrap-5-dashboard-tutorial">
+                                <svg width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-book" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
+                                    <path fill-rule="evenodd" d="M1 2.828v9.923c.918-.35 2.107-.692 3.287-.81 1.094-.111 2.278-.039 3.213.492V2.687c-.654-.689-1.782-.886-3.112-.752-1.234.124-2.503.523-3.388.893zm7.5-.141v9.746c.935-.53 2.12-.603 3.213-.493 1.18.12 2.37.461 3.287.811V2.828c-.885-.37-2.154-.769-3.388-.893-1.33-.134-2.458.063-3.112.752zM8 1.783C7.015.936 5.587.81 4.287.94c-1.514.153-3.042.672-3.994 1.105A.5.5 0 0 0 0 2.5v11a.5.5 0 0 0 .707.455c.882-.4 2.303-.881 3.68-1.02 1.409-.142 2.59.087 3.223.877a.5.5 0 0 0 .78 0c.633-.79 1.814-1.019 3.222-.877 1.378.139 2.8.62 3.681 1.02A.5.5 0 0 0 16 13.5v-11a.5.5 0 0 0-.293-.455c-.952-.433-2.48-.952-3.994-1.105C10.413.809 8.985.936 8 1.783z"/>
+                                </svg>
+                                <span class="ml-2">Read tutorial</span>
+                            </a>
+                        </li>
+                        <li class="nav-item">
+                            <a class="btn btn-sm btn-warning ml-3 mt-2" href="https://themesberg.com/product/admin-dashboard/volt-bootstrap-5-dashboard">
+                                ⚡︎ Volt Dashboard
+                            </a>
+                        </li>
+                        <li class="nav-item">
+                            <a class="btn btn-sm btn-primary ml-3 mt-2" href="https://themesberg.com">
+                                By Themesberg ❤️
+                            </a>
+                        </li>
+                      </ul>
+                </div>
+            </nav>
+            <main class="col-md-9 ml-sm-auto col-lg-10 px-md-4 py-4">
+                <nav aria-label="breadcrumb">
+                    <ol class="breadcrumb">
+                        <li class="breadcrumb-item"><a href="#">Home</a></li>
+                        <li class="breadcrumb-item active" aria-current="page">Overview</li>
+                    </ol>
+                </nav>
+                <h1 class="h2">Dashboard</h1>
+                <p>This is the homepage of a simple admin interface which is part of a tutorial written on Themesberg</p>
+                <div class="row my-4">
+                    <div class="col-12 col-md-6 col-lg-3 mb-4 mb-lg-0">
+                        <div class="card">
+                            <h5 class="card-header">Customers</h5>
+                            <div class="card-body">
+                              <h5 class="card-title">345k</h5>
+                              <p class="card-text">Feb 1 - Apr 1, United States</p>
+                              <p class="card-text text-success">18.2% increase since last month</p>
+                            </div>
+                          </div>
+                    </div>
+                    <div class="col-12 col-md-6 mb-4 mb-lg-0 col-lg-3">
+                        <div class="card">
+                            <h5 class="card-header">Revenue</h5>
+                            <div class="card-body">
+                              <h5 class="card-title">$2.4k</h5>
+                              <p class="card-text">Feb 1 - Apr 1, United States</p>
+                              <p class="card-text text-success">4.6% increase since last month</p>
+                            </div>
+                          </div>
+                    </div>
+                    <div class="col-12 col-md-6 mb-4 mb-lg-0 col-lg-3">
+                        <div class="card">
+                            <h5 class="card-header">Purchases</h5>
+                            <div class="card-body">
+                              <h5 class="card-title">43</h5>
+                              <p class="card-text">Feb 1 - Apr 1, United States</p>
+                              <p class="card-text text-danger">2.6% decrease since last month</p>
+                            </div>
+                          </div>
+                    </div>
+                    <div class="col-12 col-md-6 mb-4 mb-lg-0 col-lg-3">
+                        <div class="card">
+                            <h5 class="card-header">Traffic</h5>
+                            <div class="card-body">
+                              <h5 class="card-title">64k</h5>
+                              <p class="card-text">Feb 1 - Apr 1, United States</p>
+                              <p class="card-text text-success">2.5% increase since last month</p>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div class="row">
+                    <div class="col-12 col-xl-8 mb-4 mb-lg-0">
+                        <div class="card">
+                            <h5 class="card-header">Latest transactions</h5>
+                            <div class="card-body">
+                                <div class="table-responsive">
+                                    <table class="table">
+                                        <thead>
+                                          <tr>
+                                            <th scope="col">Order</th>
+                                            <th scope="col">Product</th>
+                                            <th scope="col">Customer</th>
+                                            <th scope="col">Total</th>
+                                            <th scope="col">Date</th>
+                                            <th scope="col"></th>
+                                          </tr>
+                                        </thead>
+                                        <tbody>
+                                          <tr>
+                                            <th scope="row">17371705</th>
+                                            <td>Volt Premium Bootstrap 5 Dashboard</td>
+                                            <td>johndoe@gmail.com</td>
+                                            <td>€61.11</td>
+                                            <td>Aug 31 2020</td>
+                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
+                                          </tr>
+                                          <tr>
+                                            <th scope="row">17370540</th>
+                                            <td>Pixel Pro Premium Bootstrap UI Kit</td>
+                                            <td>jacob.monroe@company.com</td>
+                                            <td>$153.11</td>
+                                            <td>Aug 28 2020</td>
+                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
+                                          </tr>
+                                          <tr>
+                                            <th scope="row">17371705</th>
+                                            <td>Volt Premium Bootstrap 5 Dashboard</td>
+                                            <td>johndoe@gmail.com</td>
+                                            <td>€61.11</td>
+                                            <td>Aug 31 2020</td>
+                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
+                                          </tr>
+                                          <tr>
+                                            <th scope="row">17370540</th>
+                                            <td>Pixel Pro Premium Bootstrap UI Kit</td>
+                                            <td>jacob.monroe@company.com</td>
+                                            <td>$153.11</td>
+                                            <td>Aug 28 2020</td>
+                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
+                                          </tr>
+                                          <tr>
+                                            <th scope="row">17371705</th>
+                                            <td>Volt Premium Bootstrap 5 Dashboard</td>
+                                            <td>johndoe@gmail.com</td>
+                                            <td>€61.11</td>
+                                            <td>Aug 31 2020</td>
+                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
+                                          </tr>
+                                          <tr>
+                                            <th scope="row">17370540</th>
+                                            <td>Pixel Pro Premium Bootstrap UI Kit</td>
+                                            <td>jacob.monroe@company.com</td>
+                                            <td>$153.11</td>
+                                            <td>Aug 28 2020</td>
+                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
+                                          </tr>
+                                        </tbody>
+                                      </table>
+                                </div>
+                                <a href="#" class="btn btn-block btn-light">View all</a>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="col-12 col-xl-4">
+                        <div class="card">
+                            <h5 class="card-header">Traffic last 6 months</h5>
+                            <div class="card-body">
+                                <div id="traffic-chart"></div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <footer class="pt-5 d-flex justify-content-between">
+                    <span>Copyright © 2019-2020 <a href="https://themesberg.com">Themesberg</a></span>
+                    <ul class="nav m-0">
+                        <li class="nav-item">
+                          <a class="nav-link text-secondary" aria-current="page" href="#">Privacy Policy</a>
+                        </li>
+                        <li class="nav-item">
+                          <a class="nav-link text-secondary" href="#">Terms and conditions</a>
+                        </li>
+                        <li class="nav-item">
+                          <a class="nav-link text-secondary" href="#">Contact</a>
+                        </li>
+                      </ul>
+                </footer>
+            </main>
+        </div>
+    </div>
+    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
+    <script src="https://stackpath.bootstrapcdn.com/bootstrap/5.0.0-alpha1/js/bootstrap.min.js" integrity="sha384-oesi62hOLfzrys4LxRF63OJCXdXDipiYWBnvTl9Y9/TRlw5xlKIEHpNyvvDShgf/" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/chartist.js/latest/chartist.min.js"></script>
+    <!-- Github buttons -->
+    <script async defer src="https://buttons.github.io/buttons.js"></script>
+    <script>
+        new Chartist.Line('#traffic-chart', {
+            labels: ['January', 'Februrary', 'March', 'April', 'May', 'June'],
+            series: [
+                [23000, 25000, 19000, 34000, 56000, 64000]
+            ]
+            }, {
+            low: 0,
+            showArea: true
+        });
+    </script>
+</body>
+</html>
\ No newline at end of file
diff --git a/util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP b/util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP
new file mode 100644
index 00000000..b80526c9
--- /dev/null
+++ b/util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP
@@ -0,0 +1,369 @@
+---
+Description: Stack for AWS resources to run Prowler scan
+AWSTemplateFormatVersion: "2010-09-09"
+
+Parameters:
+  ServiceName:
+    Description: 'Specifies the service name used within component naming'
+    Type: String
+    Default: 'prowler'
+
+  LogsRetentionInDays:
+    Description: 'Specifies the number of days you want to retain CloudWatch log events in the specified log group.'
+    Type: Number
+    Default: 3
+    AllowedValues: [1, 3, 5, 7, 14, 30, 60]
+  
+  ProwlerOptions:
+    Description: 'Options to pass to Prowler command. For all options see ./prowler -h'
+    Type: String
+    Default: '-r eu-west-1 -f eu-west-1 -M text,junit-xml,html -c check11,check12,check13,check14'
+
+  ProwlerSchedule:
+    Description: The time when Prowler will run in cron format. Default is daily at 22:00h/10PM
+    Type: String
+    Default: '0 22 * * *'
+
+  ProwlerInstanceType:
+    Description: Enter Instance Type
+    Type: String
+    Default: t2.micro 
+
+  Ec2ImageId:
+    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
+    Description: Latest AMI ID for Amazon Linux 2 (via AWS Publis SSM Parameters. See https://tinyurl.com/aws-public-ssm-parameters.
+    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs
+
+  Ec2InstanceKeyName:
+    Description: The name of key pair
+    Type: AWS::EC2::KeyPair::KeyName
+
+  SecurityGroupIds:
+    Description: Security group IDs
+    Type: CommaDelimitedList
+
+  SubnetIds:
+    Description: VPC subnet IDs
+    Type: CommaDelimitedList
+
+Resources:
+
+  ReportBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketName: !Sub 'prowler-reports-${AWS::Region}-${AWS::AccountId}'
+      AccessControl: Private
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: true
+        BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
+      VersioningConfiguration:
+        Status: Enabled
+      # LoggingConfiguration:
+      #   DestinationBucketName: !Sub "my-access-log-bucket-${AWS::Region}-${AWS::AccountId}"
+      #   LogFilePrefix: !Sub "${ProwlerReportBucket}/"
+      LifecycleConfiguration:
+        Rules:
+          - Id: AutoDelete
+            Status: Enabled
+            NoncurrentVersionExpirationInDays: 30
+            ExpirationInDays: 365
+            Transition:
+              TransitionInDays: 30
+              StorageClass: STANDARD_IA
+
+  ReportBucketPolicy:
+    Type: "AWS::S3::BucketPolicy"
+    Properties:
+      Bucket: !Ref ReportBucket
+      PolicyDocument:
+        Statement:
+          - Sid: DenyDelete
+            Effect: Deny
+            Principal: "*"
+            Action: s3:Delete*
+            Resource:
+              - !Sub "${ReportBucket.Arn}/*"
+          - Sid: S3ForceSSL
+            Effect: Deny
+            Principal: '*'
+            Action: '*'
+            Resource:
+              - !Join ['', ['arn:aws:s3:::', !Ref 'ReportBucket', '/*']]
+            Condition:
+              Bool:
+                aws:SecureTransport: 'false' 
+          - Sid: ForceUploadEcryption
+            Effect: Deny
+            Principal: '*'
+            Action: 's3:PutObject'
+            Condition:
+              'Null':
+                s3:x-amz-server-side-encryption: 'true'
+            Resource:
+              - !Sub "${ReportBucket.Arn}"
+              - !Sub "${ReportBucket.Arn}/*"
+
+  InstanceProfile:
+    Type: AWS::IAM::InstanceProfile
+    Properties:
+      Path: "/"
+      Roles:
+        - !Ref InstanceRole
+
+  InstanceRole:
+    Type: AWS::IAM::Role
+    Properties:
+      Path: "/"
+      RoleName: !Sub "${ServiceName}-prowler-role"
+      MaxSessionDuration: 10800
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - ec2.amazonaws.com
+            Action:
+              - sts:AssumeRole
+      ManagedPolicyArns:
+        - "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"
+        - "arn:aws:iam::aws:policy/SecurityAudit"
+        - 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore'
+      Policies:
+        - PolicyName: ProwlerAdditionsPolicy
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Sid: AllowMoreReadForProwler
+                Action:
+                  - "access-analyzer:List*"
+                  - "apigateway:Get*"
+                  - "apigatewayv2:Get*"
+                  - "aws-marketplace:ViewSubscriptions"
+                  - "dax:ListTables"
+                  - "ds:ListAuthorizedApplications"
+                  - "ds:DescribeRoles"
+                  - "ec2:GetEbsEncryptionByDefault"
+                  - "ecr:Describe*"
+                  - "lambda:GetAccountSettings"
+                  - "lambda:GetFunction"
+                  - "lambda:GetFunctionConfiguration"
+                  - "lambda:GetLayerVersionPolicy"
+                  - "lambda:GetPolicy"
+                  - "opsworks-cm:Describe*"
+                  - "opsworks:Describe*"
+                  - "secretsmanager:ListSecretVersionIds"
+                  - "sns:List*"
+                  - "sqs:ListQueueTags"
+                  - "states:ListActivities"
+                  - "support:Describe*"
+                  - "tag:GetTagKeys"
+                Effect: "Allow"
+                Resource: "*"
+        - PolicyName: LogGroup
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Effect: Allow
+                Action:
+                  - logs:CreateLogStream
+                  - logs:CreateLogGroup
+                  - logs:PutLogEvents
+                Resource: !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:${ProwlerLogGroup}:*'
+        - PolicyName: CloudWatchMetrics
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Effect: Allow
+                Action:
+                  - cloudwatch:PutMetricData
+                Resource: "*"
+        - PolicyName: ProwlerMaintenancePolicy
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              # - Sid: AllowAssumeProwlerRole
+              #   Effect: Allow
+              #   Action:
+              #     - "sts:AssumeRole"
+              #   Resource: !Sub "arn:aws:iam::${AWS::AccountId}:role/application/prod-prowler-role"
+              - Sid: AllowScaleDownAutoScalingGroup
+                Effect: Allow
+                Action:
+                  - "autoscaling:DescribeAutoScalingGroups"
+                  - "autoscaling:DescribeAutoScalingInstances"
+                  - "autoscaling:SetDesiredCapacity"
+                Resource: "*"
+              - Sid: AllowDescribeRegions
+                Effect: Allow
+                Action:
+                  - "ec2:DescribeRegions"
+                Resource: "*"
+              - Sid: SSMSessionManager
+                Effect: Allow
+                Action:
+                  - ec2messages:*
+                  - ssmmessages:*
+                  - ssm:*
+                Resource: "*"
+              # - Sid: SlackNotification
+              #   Effect: Allow
+              #   Action:
+              #     - events:PutEvents
+              #   Resource: !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/default"
+              - Sid: AllowUploadReport
+                Effect: Allow
+                Action:
+                  - "s3:PutObject"
+                Resource:
+                  - !Sub "${ReportBucket.Arn}/*"
+  
+  ProwlerLogGroup:
+    Type: 'AWS::Logs::LogGroup'
+    Properties:
+      LogGroupName: !Sub "${ServiceName}-${AWS::StackName}"
+      RetentionInDays: !Ref LogsRetentionInDays
+
+  Ec2InstanceLaunchTemplate:
+    Type: AWS::EC2::LaunchTemplate
+    Metadata:
+      AWS::CloudFormation::Init:
+        config:
+          files:
+            /opt/prowler.sh:
+              content: !Sub |
+                #!/usr/bin/env bash
+                set -e
+
+                # export AWS_DEFAULT_REGION=${AWS::Region}
+                # export AWS_PARTITION=aws
+
+                # declare -A ACCOUNTS
+                # ACCOUNTS[ssvc]='798980982229'
+                # ACCOUNTS[prod]='579842252590'
+                # ACCOUNTS[uat]='990839841794'
+
+                # TOKEN=$(curl -s -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 360" "http://169.254.169.254/latest/api/token")
+                # INSTANCE_ID=$(curl -s -H "X-aws-ec2-metadata-token:$TOKEN" "http://169.254.169.254/latest/meta-data/instance-id")
+                # ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text)
+                # ENVIRONMENT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`ScanTarget`]|[0].Value' --output text)
+
+                # PROWLER_REPORT="${!ENVIRONMENT}_prowler_report_$(date +%d%m%Y).csv"
+                # REPORT_S3_LOCATION="${ReportBucket}"
+
+                # cd /opt/prowler
+                # /opt/prowler/prowler -f eu-west-1 -c check12 -M text,html,csv
+                # aws s3 cp --sse AES256 /opt/prowler/prowler/output/*.{html,csv} s3://$REPORT_S3_LOCATION/
+
+                # /opt/prowler/prowler -A "${!ACCOUNTS[$ENVIRONMENT]}" \
+                #   -R "application/${!ENVIRONMENT}-prowler-role" \
+                #   -T 10800 \
+                #   -m 500 \
+                #   -r ${AWS::Region} \
+                #   -E extra79,extra710,extra712,extra757,extra758,extra770,extra774 \
+                #   -b -q -M csv | tee -a $PROWLER_REPORT
+
+                # Upload to S3
+                # aws s3 cp $PROWLER_REPORT $REPORT_S3_LOCATION --sse
+
+                # Send Slack notification
+                # message="Prowler scan for \`${!ENVIRONMENT}\` completed. Please check report from \`${!REPORT_S3_LOCATION}\`."
+                # aws events put-events --entries "[{\"Source\":\"myorg:slack\",\"DetailType\":\"hello\",\"Detail\":\"{\\\"username\\\":\\\"Prowler Scanner\\\",\\\"avatar\\\":\\\":aws:\\\",\\\"channel\\\":\\\"#t-fs-calabash\\\",\\\"text\\\":\\\"${!message}\\\"}\"}]"
+
+                # Scale Down Auto Scaling Group
+                # aws autoscaling set-desired-capacity --auto-scaling-group-name $ASG_NAME --desired-capacity 0
+              mode: '000755'
+              owner: root
+              group: root
+    Properties:
+      LaunchTemplateData:
+        SecurityGroupIds: !Ref SecurityGroupIds
+        MetadataOptions:
+          HttpEndpoint: enabled
+          HttpTokens: optional
+        TagSpecifications:
+          - ResourceType: instance
+            Tags:
+              - Key: Name
+                Value: !Ref 'AWS::StackName'
+        UserData:
+          Fn::Base64: !Sub |
+            #cloud-config
+            runcmd:
+              - while ! curl --connect-timeout 1 -s http://169.254.169.254/ > /dev/null; do echo "-- waiting for instance network to wake up ..."; done
+              - /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource Ec2InstanceLaunchTemplate --region ${AWS::Region}
+              - yum update -y
+              - yum install -y python3-pip git jq
+              - pip3 install detect-secrets
+              - git clone https://github.com/toniblyx/prowler.git /opt/prowler
+              - export AWS_DEFAULT_REGION=${AWS::Region}
+              - export REPORT_S3_LOCATION=${ReportBucket}
+              - export TOKEN=$(curl -s -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 360" "http://169.254.169.254/latest/api/token")
+              - export INSTANCE_ID=$(curl -s -H "X-aws-ec2-metadata-token:$TOKEN" "http://169.254.169.254/latest/meta-data/instance-id")
+              - export ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text)
+              - export ENVIRONMENT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`ScanTarget`]|[0].Value' --output text)
+              - cd /opt/prowler
+              - /opt/prowler/prowler -f eu-west-1 -c check12 -M text,html,csv
+              - aws s3 cp --sse AES256 /opt/prowler/prowler/output/*.{html,csv} s3://$REPORT_S3_LOCATION/
+              - aws autoscaling set-desired-capacity --auto-scaling-group-name $ASG_NAME --desired-capacity 0
+              - /opt/aws/bin/cfn-signal -e 0 --stack ${AWS::StackName} --resource ASGroup --region ${AWS::Region}
+        InstanceInitiatedShutdownBehavior: terminate
+        IamInstanceProfile:
+          Name: !Ref InstanceProfile
+        KeyName: !Ref 'Ec2InstanceKeyName'
+        ImageId: !Ref 'Ec2ImageId'
+        InstanceType: !Ref ProwlerInstanceType
+        BlockDeviceMappings:
+        - DeviceName: /dev/xvda
+          Ebs:
+            Encrypted: true
+            KmsKeyId: alias/aws/ebs
+            VolumeType: standard
+            DeleteOnTermination: true
+            VolumeSize: 8
+        InstanceMarketOptions:
+          MarketType: spot
+          SpotOptions:
+            SpotInstanceType: one-time
+            MaxPrice: 0.006
+
+  ProwlerAutoScalingGroup:
+    Type: AWS::AutoScaling::AutoScalingGroup
+    UpdatePolicy:
+      AutoScalingReplacingUpdate:
+        WillReplace: true
+    Properties:
+      VPCZoneIdentifier: !Ref SubnetIds
+      LaunchTemplate:
+        LaunchTemplateId: !Ref 'Ec2InstanceLaunchTemplate'
+        Version: !GetAtt 'Ec2InstanceLaunchTemplate.LatestVersionNumber'
+      MinSize: 1
+      MaxSize: 1
+      HealthCheckGracePeriod: 300
+      HealthCheckType: EC2
+      Tags:
+        - Key: Name
+          Value: !Sub "${AWS::StackName}"
+          PropagateAtLaunch: true
+
+  ProwlerScheduledScaleUp:
+    Type: AWS::AutoScaling::ScheduledAction
+    Properties:
+      AutoScalingGroupName: !Ref ProwlerAutoScalingGroup
+      DesiredCapacity: 1
+      MaxSize: 1
+      MinSize: 0
+      Recurrence: !Ref ProwlerSchedule
+
+Outputs:
+  ReportBucket:
+    Description: Report Bucket Name
+    Value: !Ref 'ReportBucket'
+    Export:
+      Name: !Sub 'prowler-reports-${AWS::Region}-${AWS::AccountId}'
\ No newline at end of file
diff --git a/util/quicksight/create-data-source-cli-input.json b/util/quicksight/create-data-source-cli-input.json
new file mode 100644
index 00000000..a65da2b7
--- /dev/null
+++ b/util/quicksight/create-data-source-cli-input.json
@@ -0,0 +1,217 @@
+{
+    "AwsAccountId": "",
+    "DataSourceId": "",
+    "Name": "",
+    "Type": "SNOWFLAKE",
+    "DataSourceParameters": {
+        "AmazonElasticsearchParameters": {
+            "Domain": ""
+        },
+        "AthenaParameters": {
+            "WorkGroup": ""
+        },
+        "AuroraParameters": {
+            "Host": "",
+            "Port": 0,
+            "Database": ""
+        },
+        "AuroraPostgreSqlParameters": {
+            "Host": "",
+            "Port": 0,
+            "Database": ""
+        },
+        "AwsIotAnalyticsParameters": {
+            "DataSetName": ""
+        },
+        "JiraParameters": {
+            "SiteBaseUrl": ""
+        },
+        "MariaDbParameters": {
+            "Host": "",
+            "Port": 0,
+            "Database": ""
+        },
+        "MySqlParameters": {
+            "Host": "",
+            "Port": 0,
+            "Database": ""
+        },
+        "OracleParameters": {
+            "Host": "",
+            "Port": 0,
+            "Database": ""
+        },
+        "PostgreSqlParameters": {
+            "Host": "",
+            "Port": 0,
+            "Database": ""
+        },
+        "PrestoParameters": {
+            "Host": "",
+            "Port": 0,
+            "Catalog": ""
+        },
+        "RdsParameters": {
+            "InstanceId": "",
+            "Database": ""
+        },
+        "RedshiftParameters": {
+            "Host": "",
+            "Port": 0,
+            "Database": "",
+            "ClusterId": ""
+        },
+        "S3Parameters": {
+            "ManifestFileLocation": {
+                "Bucket": "",
+                "Key": ""
+            }
+        },
+        "ServiceNowParameters": {
+            "SiteBaseUrl": ""
+        },
+        "SnowflakeParameters": {
+            "Host": "",
+            "Database": "",
+            "Warehouse": ""
+        },
+        "SparkParameters": {
+            "Host": "",
+            "Port": 0
+        },
+        "SqlServerParameters": {
+            "Host": "",
+            "Port": 0,
+            "Database": ""
+        },
+        "TeradataParameters": {
+            "Host": "",
+            "Port": 0,
+            "Database": ""
+        },
+        "TwitterParameters": {
+            "Query": "",
+            "MaxRows": 0
+        }
+    },
+    "Credentials": {
+        "CredentialPair": {
+            "Username": "",
+            "Password": "",
+            "AlternateDataSourceParameters": [
+                {
+                    "AmazonElasticsearchParameters": {
+                        "Domain": ""
+                    },
+                    "AthenaParameters": {
+                        "WorkGroup": ""
+                    },
+                    "AuroraParameters": {
+                        "Host": "",
+                        "Port": 0,
+                        "Database": ""
+                    },
+                    "AuroraPostgreSqlParameters": {
+                        "Host": "",
+                        "Port": 0,
+                        "Database": ""
+                    },
+                    "AwsIotAnalyticsParameters": {
+                        "DataSetName": ""
+                    },
+                    "JiraParameters": {
+                        "SiteBaseUrl": ""
+                    },
+                    "MariaDbParameters": {
+                        "Host": "",
+                        "Port": 0,
+                        "Database": ""
+                    },
+                    "MySqlParameters": {
+                        "Host": "",
+                        "Port": 0,
+                        "Database": ""
+                    },
+                    "OracleParameters": {
+                        "Host": "",
+                        "Port": 0,
+                        "Database": ""
+                    },
+                    "PostgreSqlParameters": {
+                        "Host": "",
+                        "Port": 0,
+                        "Database": ""
+                    },
+                    "PrestoParameters": {
+                        "Host": "",
+                        "Port": 0,
+                        "Catalog": ""
+                    },
+                    "RdsParameters": {
+                        "InstanceId": "",
+                        "Database": ""
+                    },
+                    "RedshiftParameters": {
+                        "Host": "",
+                        "Port": 0,
+                        "Database": "",
+                        "ClusterId": ""
+                    },
+                    "S3Parameters": {
+                        "ManifestFileLocation": {
+                            "Bucket": "",
+                            "Key": ""
+                        }
+                    },
+                    "ServiceNowParameters": {
+                        "SiteBaseUrl": ""
+                    },
+                    "SnowflakeParameters": {
+                        "Host": "",
+                        "Database": "",
+                        "Warehouse": ""
+                    },
+                    "SparkParameters": {
+                        "Host": "",
+                        "Port": 0
+                    },
+                    "SqlServerParameters": {
+                        "Host": "",
+                        "Port": 0,
+                        "Database": ""
+                    },
+                    "TeradataParameters": {
+                        "Host": "",
+                        "Port": 0,
+                        "Database": ""
+                    },
+                    "TwitterParameters": {
+                        "Query": "",
+                        "MaxRows": 0
+                    }
+                }
+            ]
+        },
+        "CopySourceArn": ""
+    },
+    "Permissions": [
+        {
+            "Principal": "",
+            "Actions": [
+                ""
+            ]
+        }
+    ],
+    "VpcConnectionProperties": {
+        "VpcConnectionArn": ""
+    },
+    "SslProperties": {
+        "DisableSsl": true
+    },
+    "Tags": [
+        {
+            "Key": "",
+            "Value": ""
+        }
+    ]
+}
diff --git a/util/quicksight/create-template-cli-input.json b/util/quicksight/create-template-cli-input.json
new file mode 100644
index 00000000..ee3d3567
--- /dev/null
+++ b/util/quicksight/create-template-cli-input.json
@@ -0,0 +1,18 @@
+{
+    "AwsAccountId": "951061203682",
+    "TemplateId": "DemoDashboardTemplate",
+    "Name": "Demo Dashboard Template",
+    "SourceEntity": {
+        "SourceAnalysis": {
+            "Arn": "arn:aws:quicksight:eu-west-1:951061203682:analysis/ e52808ac-43df-46c2-bde6-d08393effcf",
+            "DataSetReferences": [
+                {
+                    "DataSetPlaceholder": "DS1",
+                    "DataSetArn": " arn:aws:quicksight:eu-west-1:951061203682:dataset/44767579-c881-42e7-bf4c-929af56bdc69"
+                }
+            ]
+        }
+    },
+    "VersionDescription": "1"
+}
+
diff --git a/util/quicksight/prowler-quicksight-datasource-manifest.json b/util/quicksight/prowler-quicksight-datasource-manifest.json
new file mode 100644
index 00000000..0bc67c2c
--- /dev/null
+++ b/util/quicksight/prowler-quicksight-datasource-manifest.json
@@ -0,0 +1,12 @@
+{
+    "fileLocations": [{
+        "URIPrefixes": [
+            "https://s3-eu-west-1.amazonaws.com/prowler-ens-reports-eu-west-1-prowler-951061203682/"
+        ]
+    }],
+    "globalUploadSettings": {
+        "format": "CSV",
+        "delimiter": ",",
+        "containsHeader": "true"
+    }
+}
\ No newline at end of file

From 90ae53a9765550c884db36087c36ee294e9cdb84 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <toni@blyx.com>
Date: Mon, 5 Jul 2021 20:15:33 +0200
Subject: [PATCH 52/82] Delete util/quicksight directory

---
 .../create-data-source-cli-input.json         | 217 ------------------
 .../quicksight/create-template-cli-input.json |  18 --
 ...rowler-quicksight-datasource-manifest.json |  12 -
 3 files changed, 247 deletions(-)
 delete mode 100644 util/quicksight/create-data-source-cli-input.json
 delete mode 100644 util/quicksight/create-template-cli-input.json
 delete mode 100644 util/quicksight/prowler-quicksight-datasource-manifest.json

diff --git a/util/quicksight/create-data-source-cli-input.json b/util/quicksight/create-data-source-cli-input.json
deleted file mode 100644
index a65da2b7..00000000
--- a/util/quicksight/create-data-source-cli-input.json
+++ /dev/null
@@ -1,217 +0,0 @@
-{
-    "AwsAccountId": "",
-    "DataSourceId": "",
-    "Name": "",
-    "Type": "SNOWFLAKE",
-    "DataSourceParameters": {
-        "AmazonElasticsearchParameters": {
-            "Domain": ""
-        },
-        "AthenaParameters": {
-            "WorkGroup": ""
-        },
-        "AuroraParameters": {
-            "Host": "",
-            "Port": 0,
-            "Database": ""
-        },
-        "AuroraPostgreSqlParameters": {
-            "Host": "",
-            "Port": 0,
-            "Database": ""
-        },
-        "AwsIotAnalyticsParameters": {
-            "DataSetName": ""
-        },
-        "JiraParameters": {
-            "SiteBaseUrl": ""
-        },
-        "MariaDbParameters": {
-            "Host": "",
-            "Port": 0,
-            "Database": ""
-        },
-        "MySqlParameters": {
-            "Host": "",
-            "Port": 0,
-            "Database": ""
-        },
-        "OracleParameters": {
-            "Host": "",
-            "Port": 0,
-            "Database": ""
-        },
-        "PostgreSqlParameters": {
-            "Host": "",
-            "Port": 0,
-            "Database": ""
-        },
-        "PrestoParameters": {
-            "Host": "",
-            "Port": 0,
-            "Catalog": ""
-        },
-        "RdsParameters": {
-            "InstanceId": "",
-            "Database": ""
-        },
-        "RedshiftParameters": {
-            "Host": "",
-            "Port": 0,
-            "Database": "",
-            "ClusterId": ""
-        },
-        "S3Parameters": {
-            "ManifestFileLocation": {
-                "Bucket": "",
-                "Key": ""
-            }
-        },
-        "ServiceNowParameters": {
-            "SiteBaseUrl": ""
-        },
-        "SnowflakeParameters": {
-            "Host": "",
-            "Database": "",
-            "Warehouse": ""
-        },
-        "SparkParameters": {
-            "Host": "",
-            "Port": 0
-        },
-        "SqlServerParameters": {
-            "Host": "",
-            "Port": 0,
-            "Database": ""
-        },
-        "TeradataParameters": {
-            "Host": "",
-            "Port": 0,
-            "Database": ""
-        },
-        "TwitterParameters": {
-            "Query": "",
-            "MaxRows": 0
-        }
-    },
-    "Credentials": {
-        "CredentialPair": {
-            "Username": "",
-            "Password": "",
-            "AlternateDataSourceParameters": [
-                {
-                    "AmazonElasticsearchParameters": {
-                        "Domain": ""
-                    },
-                    "AthenaParameters": {
-                        "WorkGroup": ""
-                    },
-                    "AuroraParameters": {
-                        "Host": "",
-                        "Port": 0,
-                        "Database": ""
-                    },
-                    "AuroraPostgreSqlParameters": {
-                        "Host": "",
-                        "Port": 0,
-                        "Database": ""
-                    },
-                    "AwsIotAnalyticsParameters": {
-                        "DataSetName": ""
-                    },
-                    "JiraParameters": {
-                        "SiteBaseUrl": ""
-                    },
-                    "MariaDbParameters": {
-                        "Host": "",
-                        "Port": 0,
-                        "Database": ""
-                    },
-                    "MySqlParameters": {
-                        "Host": "",
-                        "Port": 0,
-                        "Database": ""
-                    },
-                    "OracleParameters": {
-                        "Host": "",
-                        "Port": 0,
-                        "Database": ""
-                    },
-                    "PostgreSqlParameters": {
-                        "Host": "",
-                        "Port": 0,
-                        "Database": ""
-                    },
-                    "PrestoParameters": {
-                        "Host": "",
-                        "Port": 0,
-                        "Catalog": ""
-                    },
-                    "RdsParameters": {
-                        "InstanceId": "",
-                        "Database": ""
-                    },
-                    "RedshiftParameters": {
-                        "Host": "",
-                        "Port": 0,
-                        "Database": "",
-                        "ClusterId": ""
-                    },
-                    "S3Parameters": {
-                        "ManifestFileLocation": {
-                            "Bucket": "",
-                            "Key": ""
-                        }
-                    },
-                    "ServiceNowParameters": {
-                        "SiteBaseUrl": ""
-                    },
-                    "SnowflakeParameters": {
-                        "Host": "",
-                        "Database": "",
-                        "Warehouse": ""
-                    },
-                    "SparkParameters": {
-                        "Host": "",
-                        "Port": 0
-                    },
-                    "SqlServerParameters": {
-                        "Host": "",
-                        "Port": 0,
-                        "Database": ""
-                    },
-                    "TeradataParameters": {
-                        "Host": "",
-                        "Port": 0,
-                        "Database": ""
-                    },
-                    "TwitterParameters": {
-                        "Query": "",
-                        "MaxRows": 0
-                    }
-                }
-            ]
-        },
-        "CopySourceArn": ""
-    },
-    "Permissions": [
-        {
-            "Principal": "",
-            "Actions": [
-                ""
-            ]
-        }
-    ],
-    "VpcConnectionProperties": {
-        "VpcConnectionArn": ""
-    },
-    "SslProperties": {
-        "DisableSsl": true
-    },
-    "Tags": [
-        {
-            "Key": "",
-            "Value": ""
-        }
-    ]
-}
diff --git a/util/quicksight/create-template-cli-input.json b/util/quicksight/create-template-cli-input.json
deleted file mode 100644
index ee3d3567..00000000
--- a/util/quicksight/create-template-cli-input.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "AwsAccountId": "951061203682",
-    "TemplateId": "DemoDashboardTemplate",
-    "Name": "Demo Dashboard Template",
-    "SourceEntity": {
-        "SourceAnalysis": {
-            "Arn": "arn:aws:quicksight:eu-west-1:951061203682:analysis/ e52808ac-43df-46c2-bde6-d08393effcf",
-            "DataSetReferences": [
-                {
-                    "DataSetPlaceholder": "DS1",
-                    "DataSetArn": " arn:aws:quicksight:eu-west-1:951061203682:dataset/44767579-c881-42e7-bf4c-929af56bdc69"
-                }
-            ]
-        }
-    },
-    "VersionDescription": "1"
-}
-
diff --git a/util/quicksight/prowler-quicksight-datasource-manifest.json b/util/quicksight/prowler-quicksight-datasource-manifest.json
deleted file mode 100644
index 0bc67c2c..00000000
--- a/util/quicksight/prowler-quicksight-datasource-manifest.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-    "fileLocations": [{
-        "URIPrefixes": [
-            "https://s3-eu-west-1.amazonaws.com/prowler-ens-reports-eu-west-1-prowler-951061203682/"
-        ]
-    }],
-    "globalUploadSettings": {
-        "format": "CSV",
-        "delimiter": ",",
-        "containsHeader": "true"
-    }
-}
\ No newline at end of file

From f540758e36b6b29dce2804fd505b47988293cdfe Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <toni@blyx.com>
Date: Mon, 5 Jul 2021 20:15:48 +0200
Subject: [PATCH 53/82] Delete util/ec2-automation directory

---
 ...or-continuous-monitoring-template.yaml-WIP | 369 ------------------
 1 file changed, 369 deletions(-)
 delete mode 100644 util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP

diff --git a/util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP b/util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP
deleted file mode 100644
index b80526c9..00000000
--- a/util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP
+++ /dev/null
@@ -1,369 +0,0 @@
----
-Description: Stack for AWS resources to run Prowler scan
-AWSTemplateFormatVersion: "2010-09-09"
-
-Parameters:
-  ServiceName:
-    Description: 'Specifies the service name used within component naming'
-    Type: String
-    Default: 'prowler'
-
-  LogsRetentionInDays:
-    Description: 'Specifies the number of days you want to retain CloudWatch log events in the specified log group.'
-    Type: Number
-    Default: 3
-    AllowedValues: [1, 3, 5, 7, 14, 30, 60]
-  
-  ProwlerOptions:
-    Description: 'Options to pass to Prowler command. For all options see ./prowler -h'
-    Type: String
-    Default: '-r eu-west-1 -f eu-west-1 -M text,junit-xml,html -c check11,check12,check13,check14'
-
-  ProwlerSchedule:
-    Description: The time when Prowler will run in cron format. Default is daily at 22:00h/10PM
-    Type: String
-    Default: '0 22 * * *'
-
-  ProwlerInstanceType:
-    Description: Enter Instance Type
-    Type: String
-    Default: t2.micro 
-
-  Ec2ImageId:
-    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
-    Description: Latest AMI ID for Amazon Linux 2 (via AWS Publis SSM Parameters. See https://tinyurl.com/aws-public-ssm-parameters.
-    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs
-
-  Ec2InstanceKeyName:
-    Description: The name of key pair
-    Type: AWS::EC2::KeyPair::KeyName
-
-  SecurityGroupIds:
-    Description: Security group IDs
-    Type: CommaDelimitedList
-
-  SubnetIds:
-    Description: VPC subnet IDs
-    Type: CommaDelimitedList
-
-Resources:
-
-  ReportBucket:
-    Type: AWS::S3::Bucket
-    Properties:
-      BucketName: !Sub 'prowler-reports-${AWS::Region}-${AWS::AccountId}'
-      AccessControl: Private
-      BucketEncryption:
-        ServerSideEncryptionConfiguration:
-          - ServerSideEncryptionByDefault:
-              SSEAlgorithm: AES256
-      PublicAccessBlockConfiguration:
-        BlockPublicAcls: true
-        BlockPublicPolicy: true
-        IgnorePublicAcls: true
-        RestrictPublicBuckets: true
-      VersioningConfiguration:
-        Status: Enabled
-      # LoggingConfiguration:
-      #   DestinationBucketName: !Sub "my-access-log-bucket-${AWS::Region}-${AWS::AccountId}"
-      #   LogFilePrefix: !Sub "${ProwlerReportBucket}/"
-      LifecycleConfiguration:
-        Rules:
-          - Id: AutoDelete
-            Status: Enabled
-            NoncurrentVersionExpirationInDays: 30
-            ExpirationInDays: 365
-            Transition:
-              TransitionInDays: 30
-              StorageClass: STANDARD_IA
-
-  ReportBucketPolicy:
-    Type: "AWS::S3::BucketPolicy"
-    Properties:
-      Bucket: !Ref ReportBucket
-      PolicyDocument:
-        Statement:
-          - Sid: DenyDelete
-            Effect: Deny
-            Principal: "*"
-            Action: s3:Delete*
-            Resource:
-              - !Sub "${ReportBucket.Arn}/*"
-          - Sid: S3ForceSSL
-            Effect: Deny
-            Principal: '*'
-            Action: '*'
-            Resource:
-              - !Join ['', ['arn:aws:s3:::', !Ref 'ReportBucket', '/*']]
-            Condition:
-              Bool:
-                aws:SecureTransport: 'false' 
-          - Sid: ForceUploadEcryption
-            Effect: Deny
-            Principal: '*'
-            Action: 's3:PutObject'
-            Condition:
-              'Null':
-                s3:x-amz-server-side-encryption: 'true'
-            Resource:
-              - !Sub "${ReportBucket.Arn}"
-              - !Sub "${ReportBucket.Arn}/*"
-
-  InstanceProfile:
-    Type: AWS::IAM::InstanceProfile
-    Properties:
-      Path: "/"
-      Roles:
-        - !Ref InstanceRole
-
-  InstanceRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Path: "/"
-      RoleName: !Sub "${ServiceName}-prowler-role"
-      MaxSessionDuration: 10800
-      AssumeRolePolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          - Effect: Allow
-            Principal:
-              Service:
-                - ec2.amazonaws.com
-            Action:
-              - sts:AssumeRole
-      ManagedPolicyArns:
-        - "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"
-        - "arn:aws:iam::aws:policy/SecurityAudit"
-        - 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore'
-      Policies:
-        - PolicyName: ProwlerAdditionsPolicy
-          PolicyDocument:
-            Version: 2012-10-17
-            Statement:
-              - Sid: AllowMoreReadForProwler
-                Action:
-                  - "access-analyzer:List*"
-                  - "apigateway:Get*"
-                  - "apigatewayv2:Get*"
-                  - "aws-marketplace:ViewSubscriptions"
-                  - "dax:ListTables"
-                  - "ds:ListAuthorizedApplications"
-                  - "ds:DescribeRoles"
-                  - "ec2:GetEbsEncryptionByDefault"
-                  - "ecr:Describe*"
-                  - "lambda:GetAccountSettings"
-                  - "lambda:GetFunction"
-                  - "lambda:GetFunctionConfiguration"
-                  - "lambda:GetLayerVersionPolicy"
-                  - "lambda:GetPolicy"
-                  - "opsworks-cm:Describe*"
-                  - "opsworks:Describe*"
-                  - "secretsmanager:ListSecretVersionIds"
-                  - "sns:List*"
-                  - "sqs:ListQueueTags"
-                  - "states:ListActivities"
-                  - "support:Describe*"
-                  - "tag:GetTagKeys"
-                Effect: "Allow"
-                Resource: "*"
-        - PolicyName: LogGroup
-          PolicyDocument:
-            Version: 2012-10-17
-            Statement:
-              - Effect: Allow
-                Action:
-                  - logs:CreateLogStream
-                  - logs:CreateLogGroup
-                  - logs:PutLogEvents
-                Resource: !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:${ProwlerLogGroup}:*'
-        - PolicyName: CloudWatchMetrics
-          PolicyDocument:
-            Version: 2012-10-17
-            Statement:
-              - Effect: Allow
-                Action:
-                  - cloudwatch:PutMetricData
-                Resource: "*"
-        - PolicyName: ProwlerMaintenancePolicy
-          PolicyDocument:
-            Version: "2012-10-17"
-            Statement:
-              # - Sid: AllowAssumeProwlerRole
-              #   Effect: Allow
-              #   Action:
-              #     - "sts:AssumeRole"
-              #   Resource: !Sub "arn:aws:iam::${AWS::AccountId}:role/application/prod-prowler-role"
-              - Sid: AllowScaleDownAutoScalingGroup
-                Effect: Allow
-                Action:
-                  - "autoscaling:DescribeAutoScalingGroups"
-                  - "autoscaling:DescribeAutoScalingInstances"
-                  - "autoscaling:SetDesiredCapacity"
-                Resource: "*"
-              - Sid: AllowDescribeRegions
-                Effect: Allow
-                Action:
-                  - "ec2:DescribeRegions"
-                Resource: "*"
-              - Sid: SSMSessionManager
-                Effect: Allow
-                Action:
-                  - ec2messages:*
-                  - ssmmessages:*
-                  - ssm:*
-                Resource: "*"
-              # - Sid: SlackNotification
-              #   Effect: Allow
-              #   Action:
-              #     - events:PutEvents
-              #   Resource: !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/default"
-              - Sid: AllowUploadReport
-                Effect: Allow
-                Action:
-                  - "s3:PutObject"
-                Resource:
-                  - !Sub "${ReportBucket.Arn}/*"
-  
-  ProwlerLogGroup:
-    Type: 'AWS::Logs::LogGroup'
-    Properties:
-      LogGroupName: !Sub "${ServiceName}-${AWS::StackName}"
-      RetentionInDays: !Ref LogsRetentionInDays
-
-  Ec2InstanceLaunchTemplate:
-    Type: AWS::EC2::LaunchTemplate
-    Metadata:
-      AWS::CloudFormation::Init:
-        config:
-          files:
-            /opt/prowler.sh:
-              content: !Sub |
-                #!/usr/bin/env bash
-                set -e
-
-                # export AWS_DEFAULT_REGION=${AWS::Region}
-                # export AWS_PARTITION=aws
-
-                # declare -A ACCOUNTS
-                # ACCOUNTS[ssvc]='798980982229'
-                # ACCOUNTS[prod]='579842252590'
-                # ACCOUNTS[uat]='990839841794'
-
-                # TOKEN=$(curl -s -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 360" "http://169.254.169.254/latest/api/token")
-                # INSTANCE_ID=$(curl -s -H "X-aws-ec2-metadata-token:$TOKEN" "http://169.254.169.254/latest/meta-data/instance-id")
-                # ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text)
-                # ENVIRONMENT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`ScanTarget`]|[0].Value' --output text)
-
-                # PROWLER_REPORT="${!ENVIRONMENT}_prowler_report_$(date +%d%m%Y).csv"
-                # REPORT_S3_LOCATION="${ReportBucket}"
-
-                # cd /opt/prowler
-                # /opt/prowler/prowler -f eu-west-1 -c check12 -M text,html,csv
-                # aws s3 cp --sse AES256 /opt/prowler/prowler/output/*.{html,csv} s3://$REPORT_S3_LOCATION/
-
-                # /opt/prowler/prowler -A "${!ACCOUNTS[$ENVIRONMENT]}" \
-                #   -R "application/${!ENVIRONMENT}-prowler-role" \
-                #   -T 10800 \
-                #   -m 500 \
-                #   -r ${AWS::Region} \
-                #   -E extra79,extra710,extra712,extra757,extra758,extra770,extra774 \
-                #   -b -q -M csv | tee -a $PROWLER_REPORT
-
-                # Upload to S3
-                # aws s3 cp $PROWLER_REPORT $REPORT_S3_LOCATION --sse
-
-                # Send Slack notification
-                # message="Prowler scan for \`${!ENVIRONMENT}\` completed. Please check report from \`${!REPORT_S3_LOCATION}\`."
-                # aws events put-events --entries "[{\"Source\":\"myorg:slack\",\"DetailType\":\"hello\",\"Detail\":\"{\\\"username\\\":\\\"Prowler Scanner\\\",\\\"avatar\\\":\\\":aws:\\\",\\\"channel\\\":\\\"#t-fs-calabash\\\",\\\"text\\\":\\\"${!message}\\\"}\"}]"
-
-                # Scale Down Auto Scaling Group
-                # aws autoscaling set-desired-capacity --auto-scaling-group-name $ASG_NAME --desired-capacity 0
-              mode: '000755'
-              owner: root
-              group: root
-    Properties:
-      LaunchTemplateData:
-        SecurityGroupIds: !Ref SecurityGroupIds
-        MetadataOptions:
-          HttpEndpoint: enabled
-          HttpTokens: optional
-        TagSpecifications:
-          - ResourceType: instance
-            Tags:
-              - Key: Name
-                Value: !Ref 'AWS::StackName'
-        UserData:
-          Fn::Base64: !Sub |
-            #cloud-config
-            runcmd:
-              - while ! curl --connect-timeout 1 -s http://169.254.169.254/ > /dev/null; do echo "-- waiting for instance network to wake up ..."; done
-              - /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource Ec2InstanceLaunchTemplate --region ${AWS::Region}
-              - yum update -y
-              - yum install -y python3-pip git jq
-              - pip3 install detect-secrets
-              - git clone https://github.com/toniblyx/prowler.git /opt/prowler
-              - export AWS_DEFAULT_REGION=${AWS::Region}
-              - export REPORT_S3_LOCATION=${ReportBucket}
-              - export TOKEN=$(curl -s -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 360" "http://169.254.169.254/latest/api/token")
-              - export INSTANCE_ID=$(curl -s -H "X-aws-ec2-metadata-token:$TOKEN" "http://169.254.169.254/latest/meta-data/instance-id")
-              - export ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text)
-              - export ENVIRONMENT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`ScanTarget`]|[0].Value' --output text)
-              - cd /opt/prowler
-              - /opt/prowler/prowler -f eu-west-1 -c check12 -M text,html,csv
-              - aws s3 cp --sse AES256 /opt/prowler/prowler/output/*.{html,csv} s3://$REPORT_S3_LOCATION/
-              - aws autoscaling set-desired-capacity --auto-scaling-group-name $ASG_NAME --desired-capacity 0
-              - /opt/aws/bin/cfn-signal -e 0 --stack ${AWS::StackName} --resource ASGroup --region ${AWS::Region}
-        InstanceInitiatedShutdownBehavior: terminate
-        IamInstanceProfile:
-          Name: !Ref InstanceProfile
-        KeyName: !Ref 'Ec2InstanceKeyName'
-        ImageId: !Ref 'Ec2ImageId'
-        InstanceType: !Ref ProwlerInstanceType
-        BlockDeviceMappings:
-        - DeviceName: /dev/xvda
-          Ebs:
-            Encrypted: true
-            KmsKeyId: alias/aws/ebs
-            VolumeType: standard
-            DeleteOnTermination: true
-            VolumeSize: 8
-        InstanceMarketOptions:
-          MarketType: spot
-          SpotOptions:
-            SpotInstanceType: one-time
-            MaxPrice: 0.006
-
-  ProwlerAutoScalingGroup:
-    Type: AWS::AutoScaling::AutoScalingGroup
-    UpdatePolicy:
-      AutoScalingReplacingUpdate:
-        WillReplace: true
-    Properties:
-      VPCZoneIdentifier: !Ref SubnetIds
-      LaunchTemplate:
-        LaunchTemplateId: !Ref 'Ec2InstanceLaunchTemplate'
-        Version: !GetAtt 'Ec2InstanceLaunchTemplate.LatestVersionNumber'
-      MinSize: 1
-      MaxSize: 1
-      HealthCheckGracePeriod: 300
-      HealthCheckType: EC2
-      Tags:
-        - Key: Name
-          Value: !Sub "${AWS::StackName}"
-          PropagateAtLaunch: true
-
-  ProwlerScheduledScaleUp:
-    Type: AWS::AutoScaling::ScheduledAction
-    Properties:
-      AutoScalingGroupName: !Ref ProwlerAutoScalingGroup
-      DesiredCapacity: 1
-      MaxSize: 1
-      MinSize: 0
-      Recurrence: !Ref ProwlerSchedule
-
-Outputs:
-  ReportBucket:
-    Description: Report Bucket Name
-    Value: !Ref 'ReportBucket'
-    Export:
-      Name: !Sub 'prowler-reports-${AWS::Region}-${AWS::AccountId}'
\ No newline at end of file

From a9f277e131c97da1ea29cd92291409429aedcdeb Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <toni@blyx.com>
Date: Mon, 5 Jul 2021 20:16:22 +0200
Subject: [PATCH 54/82] Delete util/dashboard directory

---
 util/dashboard/index.html | 307 --------------------------------------
 1 file changed, 307 deletions(-)
 delete mode 100644 util/dashboard/index.html

diff --git a/util/dashboard/index.html b/util/dashboard/index.html
deleted file mode 100644
index afa55c3c..00000000
--- a/util/dashboard/index.html
+++ /dev/null
@@ -1,307 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Bootstrap 5 Simple Admin Dashboard</title>
-    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/5.0.0-alpha1/css/bootstrap.min.css" integrity="sha384-r4NyP46KrjDleawBgD5tp8Y7UzmLA05oM1iAEQ17CSuDqnUK2+k9luXQOfXJCJ4I" crossorigin="anonymous">
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/chartist.js/latest/chartist.min.css">
-    <style>
-        .sidebar {
-            position: fixed;
-            top: 0;
-            bottom: 0;
-            left: 0;
-            z-index: 100;
-            padding: 90px 0 0;
-            box-shadow: inset -1px 0 0 rgba(0, 0, 0, .1);
-            z-index: 99;
-        }
-
-        @media (max-width: 767.98px) {
-            .sidebar {
-                top: 11.5rem;
-                padding: 0;
-            }
-        }
-            
-        .navbar {
-            box-shadow: inset 0 -1px 0 rgba(0, 0, 0, .1);
-        }
-
-        @media (min-width: 767.98px) {
-            .navbar {
-                top: 0;
-                position: sticky;
-                z-index: 999;
-            }
-        }
-
-        .sidebar .nav-link {
-            color: #333;
-        }
-
-        .sidebar .nav-link.active {
-            color: #0d6efd;
-        }
-    </style>
-</head>
-<body>
-    <nav class="navbar navbar-light bg-light p-3">
-        <div class="d-flex col-12 col-md-3 col-lg-2 mb-2 mb-lg-0 flex-wrap flex-md-nowrap justify-content-between">
-            <a class="navbar-brand" href="#">
-                Simple Dashboard
-            </a>
-            <button class="navbar-toggler d-md-none collapsed mb-3" type="button" data-toggle="collapse" data-target="#sidebar" aria-controls="sidebar" aria-expanded="false" aria-label="Toggle navigation">
-                <span class="navbar-toggler-icon"></span>
-            </button>
-        </div>
-        <div class="col-12 col-md-4 col-lg-2">
-            <input class="form-control form-control-dark" type="text" placeholder="Search" aria-label="Search">
-        </div>
-        <div class="col-12 col-md-5 col-lg-8 d-flex align-items-center justify-content-md-end mt-3 mt-md-0">
-            <div class="mr-3 mt-1">
-                <a class="github-button" href="https://github.com/themesberg/simple-bootstrap-5-dashboard" data-color-scheme="no-preference: dark; light: light; dark: light;" data-icon="octicon-star" data-size="large" data-show-count="true" aria-label="Star /themesberg/simple-bootstrap-5-dashboard">Star</a>
-            </div>
-            <div class="dropdown">
-                <button class="btn btn-secondary dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
-                  Hello, John Doe
-                </button>
-                <ul class="dropdown-menu" aria-labelledby="dropdownMenuButton">
-                  <li><a class="dropdown-item" href="#">Settings</a></li>
-                  <li><a class="dropdown-item" href="#">Messages</a></li>
-                  <li><a class="dropdown-item" href="#">Sign out</a></li>
-                </ul>
-              </div>
-        </div>
-    </nav>
-    <div class="container-fluid">
-        <div class="row">
-            <nav id="sidebar" class="col-md-3 col-lg-2 d-md-block bg-light sidebar collapse">
-                <div class="position-sticky">
-                    <ul class="nav flex-column">
-                        <li class="nav-item">
-                          <a class="nav-link active" aria-current="page" href="#">
-                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-home"><path d="M3 9l9-7 9 7v11a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z"></path><polyline points="9 22 9 12 15 12 15 22"></polyline></svg>
-                            <span class="ml-2">Dashboard</span>
-                          </a>
-                        </li>
-                        <li class="nav-item">
-                          <a class="nav-link" href="#">
-                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-file"><path d="M13 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V9z"></path><polyline points="13 2 13 9 20 9"></polyline></svg>
-                            <span class="ml-2">Orders</span>
-                          </a>
-                        </li>
-                        <li class="nav-item">
-                          <a class="nav-link" href="#">
-                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-shopping-cart"><circle cx="9" cy="21" r="1"></circle><circle cx="20" cy="21" r="1"></circle><path d="M1 1h4l2.68 13.39a2 2 0 0 0 2 1.61h9.72a2 2 0 0 0 2-1.61L23 6H6"></path></svg>
-                            <span class="ml-2">Products</span>
-                          </a>
-                        </li>
-                        <li class="nav-item">
-                          <a class="nav-link" href="#">
-                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-users"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"></path><circle cx="9" cy="7" r="4"></circle><path d="M23 21v-2a4 4 0 0 0-3-3.87"></path><path d="M16 3.13a4 4 0 0 1 0 7.75"></path></svg>
-                            <span class="ml-2">Customers</span>
-                          </a>
-                        </li>
-                        <li class="nav-item">
-                          <a class="nav-link" href="#">
-                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-bar-chart-2"><line x1="18" y1="20" x2="18" y2="10"></line><line x1="12" y1="20" x2="12" y2="4"></line><line x1="6" y1="20" x2="6" y2="14"></line></svg>
-                            <span class="ml-2">Reports</span>
-                          </a>
-                        </li>
-                        <li class="nav-item">
-                          <a class="nav-link" href="#">
-                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-layers"><polygon points="12 2 2 7 12 12 22 7 12 2"></polygon><polyline points="2 17 12 22 22 17"></polyline><polyline points="2 12 12 17 22 12"></polyline></svg>
-                            <span class="ml-2">Integrations</span>
-                          </a>
-                        </li>
-                        <li class="nav-item">
-                            <a class="btn btn-sm btn-secondary ml-3 mt-2" href="https://themesberg.com/blog/bootstrap/simple-bootstrap-5-dashboard-tutorial">
-                                <svg width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-book" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
-                                    <path fill-rule="evenodd" d="M1 2.828v9.923c.918-.35 2.107-.692 3.287-.81 1.094-.111 2.278-.039 3.213.492V2.687c-.654-.689-1.782-.886-3.112-.752-1.234.124-2.503.523-3.388.893zm7.5-.141v9.746c.935-.53 2.12-.603 3.213-.493 1.18.12 2.37.461 3.287.811V2.828c-.885-.37-2.154-.769-3.388-.893-1.33-.134-2.458.063-3.112.752zM8 1.783C7.015.936 5.587.81 4.287.94c-1.514.153-3.042.672-3.994 1.105A.5.5 0 0 0 0 2.5v11a.5.5 0 0 0 .707.455c.882-.4 2.303-.881 3.68-1.02 1.409-.142 2.59.087 3.223.877a.5.5 0 0 0 .78 0c.633-.79 1.814-1.019 3.222-.877 1.378.139 2.8.62 3.681 1.02A.5.5 0 0 0 16 13.5v-11a.5.5 0 0 0-.293-.455c-.952-.433-2.48-.952-3.994-1.105C10.413.809 8.985.936 8 1.783z"/>
-                                </svg>
-                                <span class="ml-2">Read tutorial</span>
-                            </a>
-                        </li>
-                        <li class="nav-item">
-                            <a class="btn btn-sm btn-warning ml-3 mt-2" href="https://themesberg.com/product/admin-dashboard/volt-bootstrap-5-dashboard">
-                                ⚡︎ Volt Dashboard
-                            </a>
-                        </li>
-                        <li class="nav-item">
-                            <a class="btn btn-sm btn-primary ml-3 mt-2" href="https://themesberg.com">
-                                By Themesberg ❤️
-                            </a>
-                        </li>
-                      </ul>
-                </div>
-            </nav>
-            <main class="col-md-9 ml-sm-auto col-lg-10 px-md-4 py-4">
-                <nav aria-label="breadcrumb">
-                    <ol class="breadcrumb">
-                        <li class="breadcrumb-item"><a href="#">Home</a></li>
-                        <li class="breadcrumb-item active" aria-current="page">Overview</li>
-                    </ol>
-                </nav>
-                <h1 class="h2">Dashboard</h1>
-                <p>This is the homepage of a simple admin interface which is part of a tutorial written on Themesberg</p>
-                <div class="row my-4">
-                    <div class="col-12 col-md-6 col-lg-3 mb-4 mb-lg-0">
-                        <div class="card">
-                            <h5 class="card-header">Customers</h5>
-                            <div class="card-body">
-                              <h5 class="card-title">345k</h5>
-                              <p class="card-text">Feb 1 - Apr 1, United States</p>
-                              <p class="card-text text-success">18.2% increase since last month</p>
-                            </div>
-                          </div>
-                    </div>
-                    <div class="col-12 col-md-6 mb-4 mb-lg-0 col-lg-3">
-                        <div class="card">
-                            <h5 class="card-header">Revenue</h5>
-                            <div class="card-body">
-                              <h5 class="card-title">$2.4k</h5>
-                              <p class="card-text">Feb 1 - Apr 1, United States</p>
-                              <p class="card-text text-success">4.6% increase since last month</p>
-                            </div>
-                          </div>
-                    </div>
-                    <div class="col-12 col-md-6 mb-4 mb-lg-0 col-lg-3">
-                        <div class="card">
-                            <h5 class="card-header">Purchases</h5>
-                            <div class="card-body">
-                              <h5 class="card-title">43</h5>
-                              <p class="card-text">Feb 1 - Apr 1, United States</p>
-                              <p class="card-text text-danger">2.6% decrease since last month</p>
-                            </div>
-                          </div>
-                    </div>
-                    <div class="col-12 col-md-6 mb-4 mb-lg-0 col-lg-3">
-                        <div class="card">
-                            <h5 class="card-header">Traffic</h5>
-                            <div class="card-body">
-                              <h5 class="card-title">64k</h5>
-                              <p class="card-text">Feb 1 - Apr 1, United States</p>
-                              <p class="card-text text-success">2.5% increase since last month</p>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-                <div class="row">
-                    <div class="col-12 col-xl-8 mb-4 mb-lg-0">
-                        <div class="card">
-                            <h5 class="card-header">Latest transactions</h5>
-                            <div class="card-body">
-                                <div class="table-responsive">
-                                    <table class="table">
-                                        <thead>
-                                          <tr>
-                                            <th scope="col">Order</th>
-                                            <th scope="col">Product</th>
-                                            <th scope="col">Customer</th>
-                                            <th scope="col">Total</th>
-                                            <th scope="col">Date</th>
-                                            <th scope="col"></th>
-                                          </tr>
-                                        </thead>
-                                        <tbody>
-                                          <tr>
-                                            <th scope="row">17371705</th>
-                                            <td>Volt Premium Bootstrap 5 Dashboard</td>
-                                            <td>johndoe@gmail.com</td>
-                                            <td>€61.11</td>
-                                            <td>Aug 31 2020</td>
-                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
-                                          </tr>
-                                          <tr>
-                                            <th scope="row">17370540</th>
-                                            <td>Pixel Pro Premium Bootstrap UI Kit</td>
-                                            <td>jacob.monroe@company.com</td>
-                                            <td>$153.11</td>
-                                            <td>Aug 28 2020</td>
-                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
-                                          </tr>
-                                          <tr>
-                                            <th scope="row">17371705</th>
-                                            <td>Volt Premium Bootstrap 5 Dashboard</td>
-                                            <td>johndoe@gmail.com</td>
-                                            <td>€61.11</td>
-                                            <td>Aug 31 2020</td>
-                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
-                                          </tr>
-                                          <tr>
-                                            <th scope="row">17370540</th>
-                                            <td>Pixel Pro Premium Bootstrap UI Kit</td>
-                                            <td>jacob.monroe@company.com</td>
-                                            <td>$153.11</td>
-                                            <td>Aug 28 2020</td>
-                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
-                                          </tr>
-                                          <tr>
-                                            <th scope="row">17371705</th>
-                                            <td>Volt Premium Bootstrap 5 Dashboard</td>
-                                            <td>johndoe@gmail.com</td>
-                                            <td>€61.11</td>
-                                            <td>Aug 31 2020</td>
-                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
-                                          </tr>
-                                          <tr>
-                                            <th scope="row">17370540</th>
-                                            <td>Pixel Pro Premium Bootstrap UI Kit</td>
-                                            <td>jacob.monroe@company.com</td>
-                                            <td>$153.11</td>
-                                            <td>Aug 28 2020</td>
-                                            <td><a href="#" class="btn btn-sm btn-primary">View</a></td>
-                                          </tr>
-                                        </tbody>
-                                      </table>
-                                </div>
-                                <a href="#" class="btn btn-block btn-light">View all</a>
-                            </div>
-                        </div>
-                    </div>
-                    <div class="col-12 col-xl-4">
-                        <div class="card">
-                            <h5 class="card-header">Traffic last 6 months</h5>
-                            <div class="card-body">
-                                <div id="traffic-chart"></div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-                <footer class="pt-5 d-flex justify-content-between">
-                    <span>Copyright © 2019-2020 <a href="https://themesberg.com">Themesberg</a></span>
-                    <ul class="nav m-0">
-                        <li class="nav-item">
-                          <a class="nav-link text-secondary" aria-current="page" href="#">Privacy Policy</a>
-                        </li>
-                        <li class="nav-item">
-                          <a class="nav-link text-secondary" href="#">Terms and conditions</a>
-                        </li>
-                        <li class="nav-item">
-                          <a class="nav-link text-secondary" href="#">Contact</a>
-                        </li>
-                      </ul>
-                </footer>
-            </main>
-        </div>
-    </div>
-    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
-    <script src="https://stackpath.bootstrapcdn.com/bootstrap/5.0.0-alpha1/js/bootstrap.min.js" integrity="sha384-oesi62hOLfzrys4LxRF63OJCXdXDipiYWBnvTl9Y9/TRlw5xlKIEHpNyvvDShgf/" crossorigin="anonymous"></script>
-    <script src="https://cdn.jsdelivr.net/chartist.js/latest/chartist.min.js"></script>
-    <!-- Github buttons -->
-    <script async defer src="https://buttons.github.io/buttons.js"></script>
-    <script>
-        new Chartist.Line('#traffic-chart', {
-            labels: ['January', 'Februrary', 'March', 'April', 'May', 'June'],
-            series: [
-                [23000, 25000, 19000, 34000, 56000, 64000]
-            ]
-            }, {
-            low: 0,
-            showArea: true
-        });
-    </script>
-</body>
-</html>
\ No newline at end of file

From c09385976a36900f02feab5b83ce20322dea2419 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Mon, 5 Jul 2021 20:17:27 +0200
Subject: [PATCH 55/82] Consolidated titles and outputs including resource ID
 in ASFF

---
 checks/check11                 |  4 +--
 checks/check110                |  8 +++---
 checks/check111                |  8 +++---
 checks/check112                | 10 +++----
 checks/check113                |  6 ++--
 checks/check114                |  8 +++---
 checks/check115                |  6 ++--
 checks/check116                |  8 +++---
 checks/check117                |  5 ++--
 checks/check118                |  5 ++--
 checks/check119                |  6 ++--
 checks/check12                 |  4 +--
 checks/check120                |  8 +++---
 checks/check121                | 10 +++----
 checks/check122                | 10 +++----
 checks/check13                 |  2 +-
 checks/check14                 | 14 ++++-----
 checks/check15                 |  6 ++--
 checks/check16                 |  6 ++--
 checks/check17                 |  6 ++--
 checks/check18                 |  6 ++--
 checks/check19                 |  4 +--
 checks/check21                 | 10 +++----
 checks/check22                 | 10 +++----
 checks/check23                 |  6 ++--
 checks/check24                 | 12 ++++----
 checks/check25                 | 10 +++----
 checks/check26                 | 18 ++++++------
 checks/check27                 | 10 +++----
 checks/check28                 |  4 +--
 checks/check29                 |  4 +--
 checks/check31                 |  2 +-
 checks/check310                |  2 +-
 checks/check311                |  2 +-
 checks/check312                |  2 +-
 checks/check313                |  2 +-
 checks/check314                |  2 +-
 checks/check32                 |  2 +-
 checks/check33                 |  2 +-
 checks/check34                 |  2 +-
 checks/check35                 |  2 +-
 checks/check36                 |  2 +-
 checks/check37                 |  2 +-
 checks/check38                 |  2 +-
 checks/check39                 |  2 +-
 checks/check41                 |  6 ++--
 checks/check42                 |  6 ++--
 checks/check43                 |  6 ++--
 checks/check44                 |  7 ++---
 checks/check45                 |  4 +--
 checks/check46                 |  4 +--
 checks/check_extra71           | 12 ++++----
 checks/check_extra710          |  5 ++--
 checks/check_extra7100         |  7 ++---
 checks/check_extra711          |  5 ++--
 checks/check_extra7113         |  2 +-
 checks/check_extra712          | 10 +++----
 checks/check_extra713          |  4 +--
 checks/check_extra7130         |  1 -
 checks/check_extra7134         |  2 +-
 checks/check_extra7135         |  2 +-
 checks/check_extra7136         |  2 +-
 checks/check_extra7137         |  2 +-
 checks/check_extra7139         |  2 +-
 checks/check_extra714          | 10 +++----
 checks/check_extra716          |  6 ++--
 checks/check_extra717          |  4 +--
 checks/check_extra718          | 12 ++++----
 checks/check_extra719          |  8 +++---
 checks/check_extra72           |  5 ++--
 checks/check_extra720          |  8 +++---
 checks/check_extra721          |  4 +--
 checks/check_extra722          |  4 +--
 checks/check_extra723          |  4 +--
 checks/check_extra724          |  7 ++---
 checks/check_extra725          | 18 ++++++------
 checks/check_extra726          | 22 +++++++-------
 checks/check_extra727          |  4 +--
 checks/check_extra728          |  2 +-
 checks/check_extra729          |  5 ++--
 checks/check_extra73           | 22 +++++++-------
 checks/check_extra730          |  2 +-
 checks/check_extra731          |  2 +-
 checks/check_extra732          |  8 +++---
 checks/check_extra733          |  6 ++--
 checks/check_extra734          | 18 ++++++------
 checks/check_extra735          |  2 +-
 checks/check_extra736          |  3 +-
 checks/check_extra737          |  3 +-
 checks/check_extra738          | 10 +++----
 checks/check_extra739          |  2 +-
 checks/check_extra74           |  7 ++---
 checks/check_extra740          |  7 ++---
 checks/check_extra741          |  5 ++--
 checks/check_extra742          |  3 +-
 checks/check_extra743          |  2 +-
 checks/check_extra744          |  2 +-
 checks/check_extra745          |  2 +-
 checks/check_extra746          |  2 +-
 checks/check_extra747          |  2 +-
 checks/check_extra748          |  2 +-
 checks/check_extra749          |  2 +-
 checks/check_extra75           |  8 ++----
 checks/check_extra750          |  2 +-
 checks/check_extra751          |  2 +-
 checks/check_extra752          |  2 +-
 checks/check_extra753          |  2 +-
 checks/check_extra754          |  2 +-
 checks/check_extra755          |  2 +-
 checks/check_extra756          |  2 +-
 checks/check_extra757          |  3 +-
 checks/check_extra758          |  3 +-
 checks/check_extra759          |  3 +-
 checks/check_extra76           |  5 ++--
 checks/check_extra760          |  4 +--
 checks/check_extra761          |  7 ++---
 checks/check_extra762          |  2 +-
 checks/check_extra763          |  4 +--
 checks/check_extra764          |  2 +-
 checks/check_extra765          |  2 +-
 checks/check_extra767          |  2 +-
 checks/check_extra768          |  5 ++--
 checks/check_extra769          |  2 +-
 checks/check_extra77           | 24 ++++++++--------
 checks/check_extra770          |  5 ++--
 checks/check_extra771          |  2 +-
 checks/check_extra772          |  2 +-
 checks/check_extra773          |  4 +--
 checks/check_extra775          |  3 +-
 checks/check_extra776          |  2 +-
 checks/check_extra777          |  3 +-
 checks/check_extra778          |  3 +-
 checks/check_extra78           |  4 +--
 checks/check_extra786          |  2 +-
 checks/check_extra788          |  2 +-
 checks/check_extra79           |  7 ++---
 checks/check_extra792          |  4 +--
 checks/check_extra793          |  4 +--
 checks/check_extra794          |  1 -
 checks/check_extra795          |  1 -
 checks/check_extra796          |  1 -
 checks/check_extra797          |  1 -
 checks/check_sample            |  4 +--
 groups/group17_internetexposed | 52 +++++++++++++++++-----------------
 include/check3x                | 16 +++++------
 include/check_creds_last_used  | 20 ++++++-------
 include/outputs                | 44 +++++++++++++++-------------
 prowler                        |  2 +-
 148 files changed, 415 insertions(+), 452 deletions(-)

diff --git a/checks/check11 b/checks/check11
index b77edbbe..6162db56 100644
--- a/checks/check11
+++ b/checks/check11
@@ -35,13 +35,13 @@ check11(){
       days_not_in_use=$(how_many_days_from_today ${date%T*})
       if [ "$days_not_in_use" -gt "$MAX_DAYS" ];then
           failures=1
-          textFail "Root user in the account was last accessed ${MAX_DAYS#-} day ago"
+          textFail "$REGION: Root user in the account was last accessed ${MAX_DAYS#-} day ago" "$REGION" "root"
           break
       fi
     fi
   done
 
   if [[ $failures == 0 ]]; then
-      textPass "Root user in the account wasn't accessed in the last ${MAX_DAYS#-} days"
+      textPass "$REGION: Root user in the account wasn't accessed in the last ${MAX_DAYS#-} days" "$REGION" "root"
   fi
 }
diff --git a/checks/check110 b/checks/check110
index e031bf60..2e60a65e 100644
--- a/checks/check110
+++ b/checks/check110
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check110="1.10"
-CHECK_TITLE_check110="[check110] Ensure IAM password policy prevents password reuse: 24 or greater (Scored)"
+CHECK_TITLE_check110="[check110] Ensure IAM password policy prevents password reuse: 24 or greater"
 CHECK_SCORED_check110="SCORED"
 CHECK_TYPE_check110="LEVEL1"
 CHECK_SEVERITY_check110="Medium"
@@ -29,11 +29,11 @@ check110(){
   COMMAND110=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --query 'PasswordPolicy.PasswordReusePrevention' --output text 2> /dev/null)
   if [[ $COMMAND110 ]];then
     if [[ $COMMAND110 -gt "23" ]];then
-      textPass "Password Policy limits reuse"
+      textPass "$REGION: Password Policy limits reuse" "$REGION" "password policy"
     else
-      textFail "Password Policy has weak reuse requirement (lower than 24)"
+      textFail "$REGION: Password Policy has weak reuse requirement (lower than 24)" "$REGION" "password policy"
     fi
   else
-    textFail "Password Policy missing reuse requirement"
+    textFail "$REGION: Password Policy missing reuse requirement" "$REGION" "password policy"
   fi
 }
diff --git a/checks/check111 b/checks/check111
index 1cc174da..1a696f0b 100644
--- a/checks/check111
+++ b/checks/check111
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check111="1.11"
-CHECK_TITLE_check111="[check111] Ensure IAM password policy expires passwords within 90 days or less (Scored)"
+CHECK_TITLE_check111="[check111] Ensure IAM password policy expires passwords within 90 days or less"
 CHECK_SCORED_check111="SCORED"
 CHECK_TYPE_check111="LEVEL1"
 CHECK_SEVERITY_check111="Medium"
@@ -29,11 +29,11 @@ check111(){
   COMMAND111=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --query PasswordPolicy.MaxPasswordAge --output text 2> /dev/null)
   if [[ $COMMAND111 == [0-9]* ]];then
     if [[ "$COMMAND111" -le "90" ]];then
-      textPass "Password Policy includes expiration (Value: $COMMAND111)"
+      textPass "$REGION: Password Policy includes expiration (Value: $COMMAND111)" "$REGION" "password policy"
     else
-      textFail "Password expiration is set greater than 90 days"
+      textFail "$REGION: Password expiration is set greater than 90 days" "$REGION" "password policy"
     fi
   else
-    textFail "Password expiration is not set"
+    textFail "$REGION: Password expiration is not set" "$REGION" "password policy"
   fi
 }
diff --git a/checks/check112 b/checks/check112
index 0336877a..f2f6c422 100644
--- a/checks/check112
+++ b/checks/check112
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check112="1.12"
-CHECK_TITLE_check112="[check112] Ensure no root account access key exists (Scored)"
+CHECK_TITLE_check112="[check112] Ensure no root account access key exists"
 CHECK_SCORED_check112="SCORED"
 CHECK_TYPE_check112="LEVEL1"
 CHECK_SEVERITY_check112="Critical"
@@ -30,13 +30,13 @@ check112(){
   ROOTKEY1=$(cat $TEMP_REPORT_FILE |grep root_account|awk -F',' '{ print $9 }')
   ROOTKEY2=$(cat $TEMP_REPORT_FILE |grep root_account|awk -F',' '{ print $14 }')
   if [ "$ROOTKEY1" == "false" ];then
-    textPass "No access key 1 found for root"
+    textPass "$REGION: No access key 1 found for root" "$REGION" "root access key1"
   else
-    textFail "Found access key 1 for root"
+    textFail "$REGION: Found access key 1 for root" "$REGION" "root access key1"
   fi
   if [ "$ROOTKEY2" == "false" ];then
-    textPass "No access key 2 found for root"
+    textPass "$REGION: No access key 2 found for root" "$REGION" "root access key2"
   else
-    textFail "Found access key 2 for root"
+    textFail "$REGION: Found access key 2 for root" "$REGION" "root access key2"
   fi
 }
diff --git a/checks/check113 b/checks/check113
index 63717306..657c9b0a 100644
--- a/checks/check113
+++ b/checks/check113
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check113="1.13"
-CHECK_TITLE_check113="[check113] Ensure MFA is enabled for the root account (Scored)"
+CHECK_TITLE_check113="[check113] Ensure MFA is enabled for the root account"
 CHECK_SCORED_check113="SCORED"
 CHECK_TYPE_check113="LEVEL1"
 CHECK_SEVERITY_check113="Critical"
@@ -28,8 +28,8 @@ check113(){
   # "Ensure MFA is enabled for the root account (Scored)"
   COMMAND113=$($AWSCLI iam get-account-summary $PROFILE_OPT --region $REGION --output json --query 'SummaryMap.AccountMFAEnabled')
   if [ "$COMMAND113" == "1" ]; then
-    textPass "Virtual MFA is enabled for root"
+    textPass "$REGION: Virtual MFA is enabled for root" "$REGION" "MFA"
   else
-    textFail "MFA is not ENABLED for root account"
+    textFail "$REGION: MFA is not ENABLED for root account" "$REGION" "MFA"
   fi
 }
diff --git a/checks/check114 b/checks/check114
index f8a5b315..7872583f 100644
--- a/checks/check114
+++ b/checks/check114
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check114="1.14"
-CHECK_TITLE_check114="[check114] Ensure hardware MFA is enabled for the root account (Scored)"
+CHECK_TITLE_check114="[check114] Ensure hardware MFA is enabled for the root account"
 CHECK_SCORED_check114="SCORED"
 CHECK_TYPE_check114="LEVEL2"
 CHECK_SEVERITY_check114="Critical"
@@ -30,11 +30,11 @@ check114(){
   if [ "$COMMAND113" == "1" ]; then
     COMMAND114=$($AWSCLI iam list-virtual-mfa-devices $PROFILE_OPT --region $REGION --output text --assignment-status Assigned --query 'VirtualMFADevices[*].[SerialNumber]' | grep "^arn:${AWS_PARTITION}:iam::[0-9]\{12\}:mfa/root-account-mfa-device$")
     if [[ "$COMMAND114" ]]; then
-      textFail "Only Virtual MFA is enabled for root"
+      textFail "$REGION: Only Virtual MFA is enabled for root" "$REGION" "MFA"
     else
-      textPass "Hardware MFA is enabled for root"
+      textPass "$REGION: Hardware MFA is enabled for root" "$REGION" "MFA"
     fi
   else
-    textFail "MFA is not ENABLED for root account"
+    textFail "$REGION: MFA is not ENABLED for root account" "$REGION" "MFA"
   fi
 }
diff --git a/checks/check115 b/checks/check115
index 54dfc0a9..356ba6d7 100644
--- a/checks/check115
+++ b/checks/check115
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check115="1.15"
-CHECK_TITLE_check115="[check115] Ensure security questions are registered in the AWS account (Not Scored)"
+CHECK_TITLE_check115="[check115] Ensure security questions are registered in the AWS account"
 CHECK_SCORED_check115="NOT_SCORED"
 CHECK_TYPE_check115="LEVEL1"
 CHECK_SEVERITY_check115="Medium"
@@ -26,7 +26,5 @@ CHECK_CAF_EPIC_check115='IAM'
 
 check115(){
   # "Ensure security questions are registered in the AWS account (Not Scored)"
-  textInfo "No command available for check 1.15 "
-  textInfo "Login to the AWS Console as root & click on the Account "
-  textInfo "Name -> My Account -> Configure Security Challenge Questions "
+  textInfo "No command available for check 1.15. Login to the AWS Console as root & click on the Account. Name -> My Account -> Configure Security Challenge Questions."
 }
diff --git a/checks/check116 b/checks/check116
index 2d864117..18a0cbc3 100644
--- a/checks/check116
+++ b/checks/check116
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check116="1.16"
-CHECK_TITLE_check116="[check116] Ensure IAM policies are attached only to groups or roles (Scored)"
+CHECK_TITLE_check116="[check116] Ensure IAM policies are attached only to groups or roles"
 CHECK_SCORED_check116="SCORED"
 CHECK_TYPE_check116="LEVEL1"
 CHECK_SEVERITY_check116="Low"
@@ -33,16 +33,16 @@ check116(){
   for user in $LIST_USERS;do
     USER_POLICY=$($AWSCLI iam list-attached-user-policies --output text $PROFILE_OPT --region $REGION --user-name $user)
     if [[ $USER_POLICY ]]; then
-      textFail "$user has managed policy directly attached" "us-east-1" "$user"
+      textFail "$REGION: $user has managed policy directly attached" "$REGION" "$user"
       C116_NUM_USERS=$(expr $C116_NUM_USERS + 1)
     fi
     USER_POLICY=$($AWSCLI iam list-user-policies --output text $PROFILE_OPT --region $REGION --user-name $user)
     if [[ $USER_POLICY ]]; then
-      textFail "$user has inline policy directly attached" "us-east-1" "$user"
+      textFail "$REGION: $user has inline policy directly attached" "$REGION" "$user"
       C116_NUM_USERS=$(expr $C116_NUM_USERS + 1)
     fi
   done
   if [[ $C116_NUM_USERS -eq 0 ]]; then
-    textPass "No policies attached to users"
+    textPass "$REGION: No policies attached to users" "$REGION" "$user"
   fi
 }
diff --git a/checks/check117 b/checks/check117
index 85c5eb56..e9854cd0 100644
--- a/checks/check117
+++ b/checks/check117
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check117="1.17"
-CHECK_TITLE_check117="[check117] Maintain current contact details (Not Scored)"
+CHECK_TITLE_check117="[check117] Maintain current contact details"
 CHECK_SCORED_check117="NOT_SCORED"
 CHECK_TYPE_check117="LEVEL1"
 CHECK_SEVERITY_check117="Medium"
@@ -27,6 +27,5 @@ CHECK_CAF_EPIC_check117='IAM'
 check117(){
   # "Maintain current contact details (Scored)"
   # No command available
-  textInfo "No command available for check 1.17 "
-  textInfo "See section 1.17 on the CIS Benchmark guide for details "
+  textInfo "No command available for check 1.17. See section 1.17 on the CIS Benchmark guide for details."
 }
diff --git a/checks/check118 b/checks/check118
index c57647d5..736bb594 100644
--- a/checks/check118
+++ b/checks/check118
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check118="1.18"
-CHECK_TITLE_check118="[check118] Ensure security contact information is registered (Not Scored)"
+CHECK_TITLE_check118="[check118] Ensure security contact information is registered"
 CHECK_SCORED_check118="NOT_SCORED"
 CHECK_TYPE_check118="LEVEL1"
 CHECK_SEVERITY_check118="Medium"
@@ -27,6 +27,5 @@ CHECK_CAF_EPIC_check118='IAM'
 check118(){
   # "Ensure security contact information is registered (Scored)"
   # No command available
-  textInfo "No command available for check 1.18 "
-  textInfo "See section 1.18 on the CIS Benchmark guide for details "
+  textInfo "No command available for check 1.18. See section 1.18 on the CIS Benchmark guide for details."
 }
diff --git a/checks/check119 b/checks/check119
index e82f8e83..e9d148dc 100644
--- a/checks/check119
+++ b/checks/check119
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check119="1.19"
-CHECK_TITLE_check119="[check119] Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)"
+CHECK_TITLE_check119="[check119] Ensure IAM instance roles are used for AWS resource access from instances"
 CHECK_SCORED_check119="NOT_SCORED"
 CHECK_TYPE_check119="LEVEL2"
 CHECK_SEVERITY_check119="Medium"
@@ -38,12 +38,12 @@ check119(){
           if [[ $PROFILEARN == "null" ]]; then
             textFail "$regx: Instance $instance not associated with an instance role" "$regx" "$instance"
           else
-            textPass "$regx: Instance $instance associated with role ${PROFILEARN##*/}" $regx
+            textPass "$regx: Instance $instance associated with role ${PROFILEARN##*/}" "$regx" "$instance"
           fi
         fi
       done
     else
-      textInfo "$regx: No EC2 instances found" $regx
+      textInfo "$regx: No EC2 instances found" "$regx" "$instance"
     fi
   done
 }
diff --git a/checks/check12 b/checks/check12
index 63314bab..15ae9e4b 100644
--- a/checks/check12
+++ b/checks/check12
@@ -36,9 +36,9 @@ check12(){
     done)
     if [[ $COMMAND12 ]]; then
       for u in $COMMAND12; do
-        textFail "User $u has Password enabled but MFA disabled"
+        textFail "$REGION: User $u has Password enabled but MFA disabled" "$REGION" "$u"
       done
     else
-      textPass "No users found with Password enabled and MFA disabled"
+      textPass "$REGION: No users found with Password enabled and MFA disabled" "$REGION" "$u"
     fi
 }
diff --git a/checks/check120 b/checks/check120
index 6cabbad4..e2935a5b 100644
--- a/checks/check120
+++ b/checks/check120
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check120="1.20"
-CHECK_TITLE_check120="[check120] Ensure a support role has been created to manage incidents with AWS Support (Scored)"
+CHECK_TITLE_check120="[check120] Ensure a support role has been created to manage incidents with AWS Support"
 CHECK_SCORED_check120="SCORED"
 CHECK_TYPE_check120="LEVEL1"
 CHECK_SEVERITY_check120="Medium"
@@ -34,16 +34,16 @@ check120(){
       POLICYROLES=$($AWSCLI iam list-entities-for-policy --policy-arn $SUPPORTPOLICYARN $PROFILE_OPT --region $REGION --output text | awk -F$'\t' '{ print $3 }')
       if [[ $POLICYROLES ]];then
         for name in $POLICYROLES; do
-          textPass "Support Policy attached to $name"
+          textPass "$REGION: Support Policy attached to $name" "$REGION" "$name"
         done
         # for user in $(echo "$POLICYUSERS" | grep UserName | cut -d'"' -f4) ; do
         #   textInfo "User $user has support access via $policyarn"
         # done
       else
-        textFail "Support Policy not applied to any Role"
+        textFail "$REGION: Support Policy not applied to any Role" "$REGION" "$name"
       fi
     done
   else
-    textFail "No Support Policy found"
+    textFail "$REGION: No Support Policy found" "$REGION" "$name"
   fi
 }
diff --git a/checks/check121 b/checks/check121
index 26f2458e..64dd729c 100644
--- a/checks/check121
+++ b/checks/check121
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check121="1.21"
-CHECK_TITLE_check121="[check121] Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)"
+CHECK_TITLE_check121="[check121] Do not setup access keys during initial user setup for all IAM users that have a console password"
 CHECK_SCORED_check121="NOT_SCORED"
 CHECK_TYPE_check121="LEVEL1"
 CHECK_SEVERITY_check121="Medium"
@@ -35,10 +35,10 @@ check121(){
   LIST_USERS_KEY1_ACTIVE=$(for user in $LIST_USERS_KEY1_NA; do grep "^${user}," $TEMP_REPORT_FILE|awk -F, '{ print $1,$4,$9 }'|grep "true true$"|awk '{ print $1 }'|sed 's/[[:blank:]]+/,/g' ; done)
   if [[ $LIST_USERS_KEY1_ACTIVE ]]; then
     for user in $LIST_USERS_KEY1_ACTIVE; do
-      textFail "User $user has never used access key 1" "us-east-1" "$user"
+      textFail "$REGION: User $user has never used access key 1" "$REGION" "$user"
     done
   else
-    textPass "No users found with access key 1 never used"
+    textPass "$REGION: No users found with access key 1 never used" "$REGION" "$user"
   fi
   # List of USERS with KEY2 last_used_date as N/A
   LIST_USERS_KEY2_NA=$(for user in $LIST_USERS; do grep "^${user}," $TEMP_REPORT_FILE|awk -F, '{ print $1,$16 }'|grep N/A |awk '{ print $1 }' ; done)
@@ -46,9 +46,9 @@ check121(){
   LIST_USERS_KEY2_ACTIVE=$(for user in $LIST_USERS_KEY2_NA; do grep "^${user}," $TEMP_REPORT_FILE|awk -F, '{ print $1,$4,$14 }'|grep "true true$" |awk '{ print $1 }' ; done)
   if [[ $LIST_USERS_KEY2_ACTIVE ]]; then
     for user in $LIST_USERS_KEY2_ACTIVE; do
-      textFail "User $user has never used access key 2"
+      textFail "$REGION: User $user has never used access key 2" "$REGION" "$user"
     done
   else
-    textPass "No users found with access key 2 never used"
+    textPass "$REGION: No users found with access key 2 never used" "$REGION" "$user"
   fi
 }
diff --git a/checks/check122 b/checks/check122
index 0aa01e3c..70423199 100644
--- a/checks/check122
+++ b/checks/check122
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check122="1.22"
-CHECK_TITLE_check122="[check122] Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)"
+CHECK_TITLE_check122="[check122] Ensure IAM policies that allow full \"*:*\" administrative privileges are not created"
 CHECK_SCORED_check122="SCORED"
 CHECK_TYPE_check122="LEVEL1"
 CHECK_SEVERITY_check122="Medium"
@@ -29,7 +29,6 @@ check122(){
   # "Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)"
   LIST_CUSTOM_POLICIES=$($AWSCLI iam list-policies --output text $PROFILE_OPT --region $REGION --scope Local --query 'Policies[*].[Arn,DefaultVersionId]' | grep -v -e '^None$' | awk -F '\t' '{print $1","$2"\n"}')
   if [[ $LIST_CUSTOM_POLICIES ]]; then
-    textInfo "Looking for custom policies: (skipping default policies - it may take few seconds...)"
     for policy in $LIST_CUSTOM_POLICIES; do
       POLICY_ARN=$(echo $policy | awk -F ',' '{print $1}')
       POLICY_VERSION=$(echo $policy | awk -F ',' '{print $2}')
@@ -39,14 +38,13 @@ check122(){
       fi
     done
     if [[ $POLICIES_ALLOW_LIST ]]; then
-      textInfo "List of custom policies: "
       for policy in $POLICIES_ALLOW_LIST; do
-        textFail "Policy $policy allows \"*:*\"" "us-east-1" "$policy"
+        textFail "$REGION: Policy $policy allows \"*:*\"" "$REGION" "$policy"
       done
     else
-        textPass "No custom policy found that allow full \"*:*\" administrative privileges"
+        textPass "$REGION: No custom policy found that allow full \"*:*\" administrative privileges" "$REGION" "$policy"
     fi
   else
-    textPass "No custom policies found"
+    textPass "$REGION: No custom policies found" "$REGION" "$policy"
   fi
 }
diff --git a/checks/check13 b/checks/check13
index 6ede4ae6..81b2c52b 100644
--- a/checks/check13
+++ b/checks/check13
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check13="1.3"
-CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled (Scored)"
+CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled"
 CHECK_SCORED_check13="SCORED"
 CHECK_TYPE_check13="LEVEL1"
 CHECK_SEVERITY_check13="Medium"
diff --git a/checks/check14 b/checks/check14
index 594a785e..0d9d1cc7 100644
--- a/checks/check14
+++ b/checks/check14
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check14="1.4"
-CHECK_TITLE_check14="[check14] Ensure access keys are rotated every 90 days or less (Scored)"
+CHECK_TITLE_check14="[check14] Ensure access keys are rotated every 90 days or less"
 CHECK_SCORED_check14="SCORED"
 CHECK_TYPE_check14="LEVEL1"
 CHECK_SEVERITY_check14="Medium"
@@ -40,15 +40,15 @@ check14(){
         HOWOLDER=$(how_older_from_today $DATEROTATED1)
 
         if [ $HOWOLDER -gt "90" ];then
-          textFail "$user has not rotated access key 1 in over 90 days" "us-east-1" "$user"
+          textFail "$REGION: $user has not rotated access key 1 in over 90 days" "$REGION" "$user"
           C14_NUM_USERS1=$(expr $C14_NUM_USERS1 + 1)
         fi
       done
       if [[ $C14_NUM_USERS1 -eq 0 ]]; then
-        textPass "No users with access key 1 older than 90 days"
+        textPass "$REGION: No users with access key 1 older than 90 days" "$REGION" "$user"
       fi
     else
-      textPass "No users with access key 1"
+      textPass "$REGION: No users with access key 1" "$REGION" "$user"
     fi
 
     if [[ $LIST_OF_USERS_WITH_ACCESS_KEY2 ]]; then
@@ -58,14 +58,14 @@ check14(){
         DATEROTATED2=$(cat $TEMP_REPORT_FILE | grep -v user_creation_time | grep "^${user},"| awk -F, '{ print $15 }' | grep -v "N/A" | awk -F"T" '{ print $1 }')
         HOWOLDER=$(how_older_from_today $DATEROTATED2)
         if [ $HOWOLDER -gt "90" ];then
-          textFail "$user has not rotated access key 2 in over 90 days" "us-east-1" "$user"
+          textFail "$REGION: $user has not rotated access key 2 in over 90 days" "$REGION" "$user"
           C14_NUM_USERS2=$(expr $C14_NUM_USERS2 + 1)
         fi
       done
       if [[ $C14_NUM_USERS2 -eq 0 ]]; then
-        textPass "No users with access key 2 older than 90 days"
+        textPass "$REGION: No users with access key 2 older than 90 days" "$REGION" "$user"
       fi
     else
-      textPass "No users with access key 2"
+      textPass "$REGION: No users with access key 2" "$REGION" "$user"
     fi
 }
diff --git a/checks/check15 b/checks/check15
index 902efcdf..079245d0 100644
--- a/checks/check15
+++ b/checks/check15
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check15="1.5"
-CHECK_TITLE_check15="[check15] Ensure IAM password policy requires at least one uppercase letter (Scored)"
+CHECK_TITLE_check15="[check15] Ensure IAM password policy requires at least one uppercase letter"
 CHECK_SCORED_check15="SCORED"
 CHECK_TYPE_check15="LEVEL1"
 CHECK_SEVERITY_check15="Medium"
@@ -28,8 +28,8 @@ check15(){
   # "Ensure IAM password policy requires at least one uppercase letter (Scored)"
   COMMAND15=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.RequireUppercaseCharacters' 2> /dev/null) # must be true
   if [[ "$COMMAND15" == "true" ]];then
-    textPass "Password Policy requires upper case"
+    textPass "$REGION: Password Policy requires upper case" "$REGION" "password policy"
   else
-    textFail "Password Policy missing upper-case requirement"
+    textFail "$REGION: Password Policy missing upper-case requirement" "$REGION" "password policy"
   fi
 }
diff --git a/checks/check16 b/checks/check16
index bb818535..719811d9 100644
--- a/checks/check16
+++ b/checks/check16
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check16="1.6"
-CHECK_TITLE_check16="[check16] Ensure IAM password policy require at least one lowercase letter (Scored)"
+CHECK_TITLE_check16="[check16] Ensure IAM password policy require at least one lowercase letter"
 CHECK_SCORED_check16="SCORED"
 CHECK_TYPE_check16="LEVEL1"
 CHECK_SEVERITY_check16="Medium"
@@ -28,8 +28,8 @@ check16(){
   # "Ensure IAM password policy require at least one lowercase letter (Scored)"
   COMMAND16=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.RequireLowercaseCharacters' 2> /dev/null) # must be true
   if [[ "$COMMAND16" == "true" ]];then
-    textPass "Password Policy requires lower case"
+    textPass "$REGION: Password Policy requires lower case" "$REGION" "password policy"
   else
-    textFail "Password Policy missing lower-case requirement"
+    textFail "$REGION: Password Policy missing lower-case requirement" "$REGION" "password policy"
   fi
 }
diff --git a/checks/check17 b/checks/check17
index 8995dcc3..72fdd247 100644
--- a/checks/check17
+++ b/checks/check17
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check17="1.7"
-CHECK_TITLE_check17="[check17] Ensure IAM password policy require at least one symbol (Scored)"
+CHECK_TITLE_check17="[check17] Ensure IAM password policy require at least one symbol"
 CHECK_SCORED_check17="SCORED"
 CHECK_TYPE_check17="LEVEL1"
 CHECK_SEVERITY_check17="Medium"
@@ -28,8 +28,8 @@ check17(){
   # "Ensure IAM password policy require at least one symbol (Scored)"
   COMMAND17=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.RequireSymbols' 2> /dev/null) # must be true
   if [[ "$COMMAND17" == "true" ]];then
-    textPass "Password Policy requires symbol"
+    textPass "$REGION: Password Policy requires symbol" "$REGION" "password policy"
   else
-    textFail "Password Policy missing symbol requirement"
+    textFail "$REGION: Password Policy missing symbol requirement" "$REGION" "password policy"
   fi
 }
diff --git a/checks/check18 b/checks/check18
index cb68c2e9..c13e101b 100644
--- a/checks/check18
+++ b/checks/check18
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check18="1.8"
-CHECK_TITLE_check18="[check18] Ensure IAM password policy require at least one number (Scored)"
+CHECK_TITLE_check18="[check18] Ensure IAM password policy require at least one number"
 CHECK_SCORED_check18="SCORED"
 CHECK_TYPE_check18="LEVEL1"
 CHECK_SEVERITY_check18="Medium"
@@ -28,8 +28,8 @@ check18(){
   # "Ensure IAM password policy require at least one number (Scored)"
   COMMAND18=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.RequireNumbers' 2> /dev/null) # must be true
   if [[ "$COMMAND18" == "true" ]];then
-    textPass "Password Policy requires number"
+    textPass "$REGION: Password Policy requires number" "$REGION" "password policy"
   else
-    textFail "Password Policy missing number requirement"
+    textFail "$REGION: Password Policy missing number requirement" "$REGION" "password policy"
   fi
 }
diff --git a/checks/check19 b/checks/check19
index c28d21d8..27a61f9d 100644
--- a/checks/check19
+++ b/checks/check19
@@ -28,8 +28,8 @@ check19(){
   # "Ensure IAM password policy requires minimum length of 14 or greater (Scored)"
   COMMAND19=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.MinimumPasswordLength' 2> /dev/null)
   if [[ $COMMAND19 -gt "13" ]];then
-    textPass "Password Policy requires more than 13 characters"
+    textPass "$REGION: Password Policy requires more than 13 characters" "$REGION" "password policy"
   else
-    textFail "Password Policy missing or weak length requirement"
+    textFail "$REGION: Password Policy missing or weak length requirement" "$REGION" "password policy"
   fi
 }
diff --git a/checks/check21 b/checks/check21
index e88b2a71..bf7d2064 100644
--- a/checks/check21
+++ b/checks/check21
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check21="2.1"
-CHECK_TITLE_check21="[check21] Ensure CloudTrail is enabled in all regions (Scored)"
+CHECK_TITLE_check21="[check21] Ensure CloudTrail is enabled in all regions"
 CHECK_SCORED_check21="SCORED"
 CHECK_TYPE_check21="LEVEL1"
 CHECK_SEVERITY_check21="High"
@@ -32,7 +32,7 @@ check21(){
   for regx in $REGIONS; do
     TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].{Name:TrailARN, HomeRegion:HomeRegion}' --output text 2>&1 | tr "	" ',')
     if [[ $(echo "$TRAILS_AND_REGIONS" | grep AccessDenied) ]]; then
-      textFail "Access Denied trying to describe trails in $regx"
+      textFail "$regx: Access Denied trying to describe trails" "$regx" "$trail"
       continue
     fi
     if [[ $TRAILS_AND_REGIONS ]]; then
@@ -46,15 +46,15 @@ check21(){
 
         MULTIREGION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $TRAIL_REGION --query 'trailList[*].IsMultiRegionTrail' --output text --trail-name-list $trail)
         if [[ "$MULTIREGION_TRAIL_STATUS" == 'False' ]];then
-          textFail "Trail $trail in $regx is not enabled for all regions" "$regx" "$trail"
+          textFail "$regx: Trail $trail is not enabled for all regions" "$regx" "$trail"
         else
-          textPass "Trail $trail in $regx is enabled for all regions" "$regx" "$trail"
+          textPass "$regx: Trail $trail is enabled for all regions" "$regx" "$trail"
         fi
 
       done
     fi
   done
   if [[ $trail_count == 0 ]]; then
-    textFail "No CloudTrail trails were found in the account"
+    textFail "$regx: No CloudTrail trails were found in the account" "$regx" "$trail"
   fi
 }
diff --git a/checks/check22 b/checks/check22
index 9aaba77c..3ae3e775 100644
--- a/checks/check22
+++ b/checks/check22
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check22="2.2"
-CHECK_TITLE_check22="[check22] Ensure CloudTrail log file validation is enabled (Scored)"
+CHECK_TITLE_check22="[check22] Ensure CloudTrail log file validation is enabled"
 CHECK_SCORED_check22="SCORED"
 CHECK_TYPE_check22="LEVEL2"
 CHECK_SEVERITY_check22="Medium"
@@ -32,7 +32,7 @@ check22(){
   for regx in $REGIONS; do
     TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].{Name:TrailARN, HomeRegion:HomeRegion}' --output text 2>&1 | tr "	" ',')
     if [[ $(echo "$TRAILS_AND_REGIONS" | grep AccessDenied) ]]; then
-      textFail "Access Denied trying to describe trails in $regx"
+      textFail "$regx: Access Denied trying to describe trails" "$regx" "$trail"
       continue
     fi
     if [[ $TRAILS_AND_REGIONS ]]; then
@@ -46,15 +46,15 @@ check22(){
 
         LOGFILEVALIDATION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $TRAIL_REGION --query 'trailList[*].LogFileValidationEnabled' --output text --trail-name-list $trail)
         if [[ "$LOGFILEVALIDATION_TRAIL_STATUS" == 'False' ]];then
-          textFail "Trail $trail in $regx log file validation disabled" "$regx" "$trail"
+          textFail "$regx: Trail $trail log file validation disabled" "$regx" "$trail"
         else
-          textPass "Trail $trail in $regx log file validation enabled" "$regx" "$trail"
+          textPass "$regx: Trail $trail log file validation enabled" "$regx" "$trail"
         fi
 
       done
     fi
   done
   if [[ $trail_count == 0 ]]; then
-    textFail "No CloudTrail trails were found in the account"
+    textFail "$REGION: No CloudTrail trails were found in the account" "$REGION" "$trail"
   fi
 }
diff --git a/checks/check23 b/checks/check23
index 719a3ac7..56984176 100644
--- a/checks/check23
+++ b/checks/check23
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check23="2.3"
-CHECK_TITLE_check23="[check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"
+CHECK_TITLE_check23="[check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible"
 CHECK_SCORED_check23="SCORED"
 CHECK_TYPE_check23="LEVEL1"
 CHECK_SEVERITY_check23="Critical"
@@ -32,7 +32,7 @@ check23(){
   for regx in $REGIONS; do
     TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].{Name:TrailARN, HomeRegion:HomeRegion}' --output text 2>&1 | tr "	" ',')
     if [[ $(echo "$TRAILS_AND_REGIONS" | grep AccessDenied) ]]; then
-      textFail "Access Denied trying to describe trails in $regx"
+      textFail "$regx: Access Denied trying to describe trails" "$regx" "$trail"
       continue
     fi
     if [[ $TRAILS_AND_REGIONS ]]; then
@@ -89,6 +89,6 @@ check23(){
     fi
   done
   if [[ $trail_count == 0 ]]; then
-    textFail "No CloudTrail trails were found in the account"
+    textFail "$REGION: No CloudTrail trails were found in the account" "$REGION" "$trail"
   fi
 }
diff --git a/checks/check24 b/checks/check24
index 3146d71d..57691f3b 100644
--- a/checks/check24
+++ b/checks/check24
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check24="2.4"
-CHECK_TITLE_check24="[check24] Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)"
+CHECK_TITLE_check24="[check24] Ensure CloudTrail trails are integrated with CloudWatch Logs"
 CHECK_SCORED_check24="SCORED"
 CHECK_TYPE_check24="LEVEL1"
 CHECK_SEVERITY_check24="Low"
@@ -32,7 +32,7 @@ check24(){
   for regx in $REGIONS; do
     TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].{Name:TrailARN, HomeRegion:HomeRegion}' --output text 2>&1 | tr "	" ',')
     if [[ $(echo "$TRAILS_AND_REGIONS" | grep AccessDenied) ]]; then
-      textFail "Access Denied trying to describe trails in $regx"
+      textFail "$regx: Access Denied trying to describe trails" "$regx" "$trail"
       continue
     fi
     if [[ $TRAILS_AND_REGIONS ]]; then
@@ -46,14 +46,14 @@ check24(){
 
         LATESTDELIVERY_TIMESTAMP=$($AWSCLI cloudtrail get-trail-status --name $trail $PROFILE_OPT --region $TRAIL_REGION --query 'LatestCloudWatchLogsDeliveryTime' --output text|grep -v None)
         if [[ ! $LATESTDELIVERY_TIMESTAMP ]];then
-          textFail "$trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)"
+          textFail "$TRAIL_REGION: $trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)" "$TRAIL_REGION" "$trail"
         else
           LATESTDELIVERY_DATE=$(timestamp_to_date $LATESTDELIVERY_TIMESTAMP)
           HOWOLDER=$(how_older_from_today $LATESTDELIVERY_DATE)
           if [ $HOWOLDER -gt "1" ];then
-            textFail "$trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)"
+            textFail "$TRAIL_REGION: $trail trail is not logging in the last 24h or not configured" "$TRAIL_REGION" "$trail"
           else
-            textPass "$trail trail has been logging during the last 24h (it is in $TRAIL_REGION)"
+            textPass "$TRAIL_REGION: $trail trail has been logging during the last 24h" "$TRAIL_REGION" "$trail"
           fi
         fi
 
@@ -61,6 +61,6 @@ check24(){
     fi
   done
   if [[ $trail_count == 0 ]]; then
-    textFail "No CloudTrail trails were found in the account"
+    textFail "$REGION: No CloudTrail trails were found in the account" "$REGION" "$trail"
   fi
 }
diff --git a/checks/check25 b/checks/check25
index 3444bbdb..c853cde5 100644
--- a/checks/check25
+++ b/checks/check25
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check25="2.5"
-CHECK_TITLE_check25="[check25] Ensure AWS Config is enabled in all regions (Scored)"
+CHECK_TITLE_check25="[check25] Ensure AWS Config is enabled in all regions"
 CHECK_SCORED_check25="SCORED"
 CHECK_TYPE_check25="LEVEL1"
 CHECK_SEVERITY_check25="Medium"
@@ -31,17 +31,17 @@ check25(){
     CHECK_AWSCONFIG_RECORDING=$($AWSCLI configservice describe-configuration-recorder-status $PROFILE_OPT --region $regx --query 'ConfigurationRecordersStatus[*].recording' --output text 2>&1)
     CHECK_AWSCONFIG_STATUS=$($AWSCLI configservice describe-configuration-recorder-status $PROFILE_OPT --region $regx --query 'ConfigurationRecordersStatus[*].lastStatus' --output text 2>&1)
     if [[ $(echo "$CHECK_AWSCONFIG_STATUS" | grep AccessDenied) ]]; then
-      textFail "Access Denied trying to describe configuration recorder status in $regx"
+      textFail "$regx: Access Denied trying to describe configuration recorder status" "$regx" "recorder"
       continue
     fi
     if [[ $CHECK_AWSCONFIG_RECORDING == "True" ]]; then
       if [[ $CHECK_AWSCONFIG_STATUS == "SUCCESS" ]]; then
-        textPass "Region $regx AWS Config recorder enabled"
+        textPass "$regx: AWS Config recorder enabled" "$regx" "recorder"
       else
-        textFail "Region $regx AWS Config recorder in failure state"
+        textFail "$regx: AWS Config recorder in failure state" "$regx" "recorder"
       fi
     else
-      textFail "Region $regx AWS Config recorder disabled"
+      textFail "$regx: AWS Config recorder disabled" "$regx" "recorder"
     fi
   done
 }
diff --git a/checks/check26 b/checks/check26
index 3b1e0947..a6663a22 100644
--- a/checks/check26
+++ b/checks/check26
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check26="2.6"
-CHECK_TITLE_check26="[check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"
+CHECK_TITLE_check26="[check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket"
 CHECK_SCORED_check26="SCORED"
 CHECK_TYPE_check26="LEVEL1"
 CHECK_SEVERITY_check26="Medium"
@@ -31,7 +31,7 @@ check26(){
   for regx in $REGIONS; do
     TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].{Name:TrailARN, HomeRegion:HomeRegion}' --output text 2>&1 | tr "	" ',')
     if [[ $(echo "$TRAILS_AND_REGIONS" | grep AccessDenied) ]]; then
-      textFail "Access Denied trying to describe trails in $regx"
+      textFail "$regx: Access Denied trying to describe trails" "$regx" "$trail"
       continue
     fi
     if [[ $TRAILS_AND_REGIONS ]]; then
@@ -45,13 +45,13 @@ check26(){
 
         CLOUDTRAILBUCKET=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $TRAIL_REGION --query 'trailList[*].[S3BucketName]' --output text --trail-name-list $trail)
         if [[ -z $CLOUDTRAILBUCKET ]]; then
-          textFail "Trail $trail in $TRAIL_REGION does not publish to S3"
+          textFail "$regx: Trail $trail does not publish to S3" "$TRAIL_REGION" "$trail"
           continue
         fi
 
         CLOUDTRAIL_ACCOUNT_ID=$(echo $trail | awk -F: '{ print $5 }')
         if [ "$CLOUDTRAIL_ACCOUNT_ID" != "$ACCOUNT_NUM" ]; then
-          textInfo "Trail $trail in $TRAIL_REGION S3 logging bucket $CLOUDTRAILBUCKET is not in current account"
+          textInfo "$regx: Trail $trail S3 logging bucket $CLOUDTRAILBUCKET is not in current account" "$TRAIL_REGION" "$trail"
           continue
         fi
 
@@ -62,7 +62,7 @@ check26(){
         #
         BUCKET_LOCATION=$($AWSCLI s3api get-bucket-location $PROFILE_OPT --region $regx --bucket $CLOUDTRAILBUCKET --output text 2>&1)
         if [[ $(echo "$BUCKET_LOCATION" | grep AccessDenied) ]]; then
-          textFail "Trail $trail in $TRAIL_REGION Access Denied getting bucket location for $CLOUDTRAILBUCKET"
+          textFail "$regx: Trail $trail Access Denied getting bucket location for $CLOUDTRAILBUCKET" "$TRAIL_REGION" "$trail"
           continue
         fi
         if [[ $BUCKET_LOCATION == "None" ]]; then
@@ -74,20 +74,20 @@ check26(){
 
         CLOUDTRAILBUCKET_LOGENABLED=$($AWSCLI s3api get-bucket-logging --bucket $CLOUDTRAILBUCKET $PROFILE_OPT --region $BUCKET_LOCATION --query 'LoggingEnabled.TargetBucket' --output text 2>&1)
         if [[ $(echo "$CLOUDTRAILBUCKET_LOGENABLED" | grep AccessDenied) ]]; then
-          textInfo "Trail $trail in $TRAIL_REGION Access Denied getting bucket logging for $CLOUDTRAILBUCKET"
+          textInfo "$regx: Trail $trail Access Denied getting bucket logging for $CLOUDTRAILBUCKET" "$TRAIL_REGION" "$trail"
           continue
         fi
 
         if [[ $CLOUDTRAILBUCKET_LOGENABLED != "None" ]]; then
-          textPass "Trail $trail in $TRAIL_REGION S3 bucket access logging is enabled for $CLOUDTRAILBUCKET"
+          textPass "$regx: Trail $trail S3 bucket access logging is enabled for $CLOUDTRAILBUCKET" "$TRAIL_REGION" "$trail"
         else
-          textFail "Trail $trail in $TRAIL_REGION S3 bucket access logging is not enabled for $CLOUDTRAILBUCKET"
+          textFail "$regx: Trail $trail S3 bucket access logging is not enabled for $CLOUDTRAILBUCKET" "$TRAIL_REGION" "$trail"
         fi
 
       done
     fi
   done
   if [[ $trail_count == 0 ]]; then
-    textFail "No CloudTrail trails were found in the account"
+    textFail "$REGION: No CloudTrail trails were found in the account" "$REGION" "$trail"
   fi
 }
diff --git a/checks/check27 b/checks/check27
index 8eb61059..fa6a432d 100644
--- a/checks/check27
+++ b/checks/check27
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check27="2.7"
-CHECK_TITLE_check27="[check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"
+CHECK_TITLE_check27="[check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs"
 CHECK_SCORED_check27="SCORED"
 CHECK_TYPE_check27="LEVEL2"
 CHECK_SEVERITY_check27="Medium"
@@ -32,7 +32,7 @@ check27(){
   for regx in $REGIONS; do
     TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].{Name:TrailARN, HomeRegion:HomeRegion}' --output text 2>&1 | tr "	" ',')
     if [[ $(echo "$TRAILS_AND_REGIONS" | grep AccessDenied) ]]; then
-      textFail "Access Denied trying to describe trails in $regx"
+      textFail "$regx: Access Denied trying to describe trails" "$regx" "$trail"
       continue
     fi
     if [[ $TRAILS_AND_REGIONS ]]; then
@@ -46,14 +46,14 @@ check27(){
 
         KMSKEYID=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $TRAIL_REGION --query 'trailList[*].KmsKeyId' --output text --trail-name-list $trail)
         if [[ "$KMSKEYID" ]];then
-          textPass "Trail $trail in $regx has encryption enabled"
+          textPass "$regx: Trail $trail has encryption enabled" "$regx" "$trail"
         else
-          textFail "Trail $trail in $regx has encryption disabled"
+          textFail "$regx: Trail $trail has encryption disabled" "$regx" "$trail"
         fi
       done
     fi
   done
   if [[ $trail_count == 0 ]]; then
-    textFail "No CloudTrail trails were found in the account"
+    textFail "$REGION: No CloudTrail trails were found in the account" "$REGION" "$trail"
   fi
 }
diff --git a/checks/check28 b/checks/check28
index a1f7b547..aef746b1 100644
--- a/checks/check28
+++ b/checks/check28
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check28="2.8"
-CHECK_TITLE_check28="[check28] Ensure rotation for customer created KMS CMKs is enabled (Scored)"
+CHECK_TITLE_check28="[check28] Ensure rotation for customer created KMS CMKs is enabled"
 CHECK_SCORED_check28="SCORED"
 CHECK_TYPE_check28="LEVEL2"
 CHECK_SEVERITY_check28="Medium"
@@ -30,7 +30,7 @@ check28(){
   for regx in $REGIONS; do
     CHECK_KMS_KEYLIST=$($AWSCLI kms list-keys $PROFILE_OPT --region $regx --output text --query 'Keys[*].KeyId' --output text 2>&1)
     if [[ $(echo "$CHECK_KMS_KEYLIST" | grep AccessDenied) ]]; then
-      textFail "Access Denied trying to list keys in $regx" "$regx" "$key"
+      textFail "$regx: Access Denied trying to list keys" "$regx" "$key"
       continue
     fi
     if [[ $CHECK_KMS_KEYLIST ]]; then
diff --git a/checks/check29 b/checks/check29
index 0187f628..b5023894 100644
--- a/checks/check29
+++ b/checks/check29
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check29="2.9"
-CHECK_TITLE_check29="[check29] Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"
+CHECK_TITLE_check29="[check29] Ensure VPC Flow Logging is Enabled in all VPCs"
 CHECK_SCORED_check29="SCORED"
 CHECK_TYPE_check29="LEVEL2"
 CHECK_SEVERITY_check29="Medium"
@@ -31,7 +31,7 @@ check29(){
   for regx in $REGIONS; do
     AVAILABLE_VPC=$($AWSCLI ec2 describe-vpcs $PROFILE_OPT --region $regx --query 'Vpcs[?State==`available`].VpcId' --output text 2>&1)
     if [[ $(echo "$AVAILABLE_VPC" | grep AccessDenied) ]]; then
-      textFail "$regx: Access Denied trying to describe VPCs"
+      textFail "$regx: Access Denied trying to describe VPCs" "$regx" "$vpcx"
       continue
     fi
     for vpcx in $AVAILABLE_VPC; do
diff --git a/checks/check31 b/checks/check31
index 938c147d..4411c6fa 100644
--- a/checks/check31
+++ b/checks/check31
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check31="3.1"
-CHECK_TITLE_check31="[check31] Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)"
+CHECK_TITLE_check31="[check31] Ensure a log metric filter and alarm exist for unauthorized API calls"
 CHECK_SCORED_check31="SCORED"
 CHECK_TYPE_check31="LEVEL1"
 CHECK_SEVERITY_check31="Medium"
diff --git a/checks/check310 b/checks/check310
index 4f821784..0a2d53d9 100644
--- a/checks/check310
+++ b/checks/check310
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check310="3.10"
-CHECK_TITLE_check310="[check310] Ensure a log metric filter and alarm exist for security group changes (Scored)"
+CHECK_TITLE_check310="[check310] Ensure a log metric filter and alarm exist for security group changes"
 CHECK_SCORED_check310="SCORED"
 CHECK_TYPE_check310="LEVEL2"
 CHECK_SEVERITY_check310="Medium"
diff --git a/checks/check311 b/checks/check311
index 9c661251..fb66edb6 100644
--- a/checks/check311
+++ b/checks/check311
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check311="3.11"
-CHECK_TITLE_check311="[check311] Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Scored)"
+CHECK_TITLE_check311="[check311] Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)"
 CHECK_SCORED_check311="SCORED"
 CHECK_TYPE_check311="LEVEL2"
 CHECK_SEVERITY_check311="Medium"
diff --git a/checks/check312 b/checks/check312
index 8c44117e..1de26238 100644
--- a/checks/check312
+++ b/checks/check312
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check312="3.12"
-CHECK_TITLE_check312="[check312] Ensure a log metric filter and alarm exist for changes to network gateways (Scored)"
+CHECK_TITLE_check312="[check312] Ensure a log metric filter and alarm exist for changes to network gateways"
 CHECK_SCORED_check312="SCORED"
 CHECK_TYPE_check312="LEVEL1"
 CHECK_SEVERITY_check312="Medium"
diff --git a/checks/check313 b/checks/check313
index 5852e63e..2ce23a51 100644
--- a/checks/check313
+++ b/checks/check313
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check313="3.13"
-CHECK_TITLE_check313="[check313] Ensure a log metric filter and alarm exist for route table changes (Scored)"
+CHECK_TITLE_check313="[check313] Ensure a log metric filter and alarm exist for route table changes"
 CHECK_SCORED_check313="SCORED"
 CHECK_TYPE_check313="LEVEL1"
 CHECK_SEVERITY_check313="Medium"
diff --git a/checks/check314 b/checks/check314
index 820458eb..a0d728bb 100644
--- a/checks/check314
+++ b/checks/check314
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check314="3.14"
-CHECK_TITLE_check314="[check314] Ensure a log metric filter and alarm exist for VPC changes (Scored)"
+CHECK_TITLE_check314="[check314] Ensure a log metric filter and alarm exist for VPC changes"
 CHECK_SCORED_check314="SCORED"
 CHECK_TYPE_check314="LEVEL1"
 CHECK_SEVERITY_check314="Medium"
diff --git a/checks/check32 b/checks/check32
index 9a28147d..b932b13a 100644
--- a/checks/check32
+++ b/checks/check32
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check32="3.2"
-CHECK_TITLE_check32="[check32] Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)"
+CHECK_TITLE_check32="[check32] Ensure a log metric filter and alarm exist for Management Console sign-in without MFA"
 CHECK_SCORED_check32="SCORED"
 CHECK_TYPE_check32="LEVEL1"
 CHECK_SEVERITY_check32="Medium"
diff --git a/checks/check33 b/checks/check33
index 7af68e62..1cd54328 100644
--- a/checks/check33
+++ b/checks/check33
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check33="3.3"
-CHECK_TITLE_check33="[check33] Ensure a log metric filter and alarm exist for usage of root account (Scored)"
+CHECK_TITLE_check33="[check33] Ensure a log metric filter and alarm exist for usage of root account"
 CHECK_SCORED_check33="SCORED"
 CHECK_TYPE_check33="LEVEL1"
 CHECK_SEVERITY_check33="Medium"
diff --git a/checks/check34 b/checks/check34
index d32bc066..250044e0 100644
--- a/checks/check34
+++ b/checks/check34
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check34="3.4"
-CHECK_TITLE_check34="[check34] Ensure a log metric filter and alarm exist for IAM policy changes (Scored)"
+CHECK_TITLE_check34="[check34] Ensure a log metric filter and alarm exist for IAM policy changes"
 CHECK_SCORED_check34="SCORED"
 CHECK_TYPE_check34="LEVEL1"
 CHECK_SEVERITY_check34="Medium"
diff --git a/checks/check35 b/checks/check35
index cdbbf038..bae1f254 100644
--- a/checks/check35
+++ b/checks/check35
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check35="3.5"
-CHECK_TITLE_check35="[check35] Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)"
+CHECK_TITLE_check35="[check35] Ensure a log metric filter and alarm exist for CloudTrail configuration changes"
 CHECK_SCORED_check35="SCORED"
 CHECK_TYPE_check35="LEVEL1"
 CHECK_SEVERITY_check35="Medium"
diff --git a/checks/check36 b/checks/check36
index 1696912b..fc9e4c39 100644
--- a/checks/check36
+++ b/checks/check36
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check36="3.6"
-CHECK_TITLE_check36="[check36] Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)"
+CHECK_TITLE_check36="[check36] Ensure a log metric filter and alarm exist for AWS Management Console authentication failures"
 CHECK_SCORED_check36="SCORED"
 CHECK_TYPE_check36="LEVEL2"
 CHECK_SEVERITY_check36="Medium"
diff --git a/checks/check37 b/checks/check37
index 2d7d189b..03f593ea 100644
--- a/checks/check37
+++ b/checks/check37
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check37="3.7"
-CHECK_TITLE_check37="[check37] Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs (Scored)"
+CHECK_TITLE_check37="[check37] Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs"
 CHECK_SCORED_check37="SCORED"
 CHECK_TYPE_check37="LEVEL2"
 CHECK_SEVERITY_check37="Medium"
diff --git a/checks/check38 b/checks/check38
index 196ced51..9d81443c 100644
--- a/checks/check38
+++ b/checks/check38
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check38="3.8"
-CHECK_TITLE_check38="[check38] Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)"
+CHECK_TITLE_check38="[check38] Ensure a log metric filter and alarm exist for S3 bucket policy changes"
 CHECK_SCORED_check38="SCORED"
 CHECK_TYPE_check38="LEVEL1"
 CHECK_SEVERITY_check38="Medium"
diff --git a/checks/check39 b/checks/check39
index 5e580499..aabbd359 100644
--- a/checks/check39
+++ b/checks/check39
@@ -37,7 +37,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check39="3.9"
-CHECK_TITLE_check39="[check39] Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)"
+CHECK_TITLE_check39="[check39] Ensure a log metric filter and alarm exist for AWS Config configuration changes"
 CHECK_SCORED_check39="SCORED"
 CHECK_TYPE_check39="LEVEL2"
 CHECK_SEVERITY_check39="Medium"
diff --git a/checks/check41 b/checks/check41
index 1ffd8961..02f0fbf5 100644
--- a/checks/check41
+++ b/checks/check41
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check41="4.1"
-CHECK_TITLE_check41="[check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)"
+CHECK_TITLE_check41="[check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22"
 CHECK_SCORED_check41="SCORED"
 CHECK_TYPE_check41="LEVEL2"
 CHECK_SEVERITY_check41="High"
@@ -32,10 +32,10 @@ check41(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`22` && ToPort>=`22`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "Found Security Group: $SG open to 0.0.0.0/0 in Region $regx" "$regx" "$SG"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0" "$regx" "$SG"
       done
     else
-      textPass "No Security Groups found in $regx with port 22 TCP open to 0.0.0.0/0" "$regx"
+      textPass "$regx: No Security Groups found with port 22 TCP open to 0.0.0.0/0" "$regx" "$SG"
     fi
   done
 }
diff --git a/checks/check42 b/checks/check42
index d0e34354..a2bf70fd 100644
--- a/checks/check42
+++ b/checks/check42
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check42="4.2"
-CHECK_TITLE_check42="[check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)"
+CHECK_TITLE_check42="[check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389"
 CHECK_SCORED_check42="SCORED"
 CHECK_TYPE_check42="LEVEL2"
 CHECK_SEVERITY_check42="High"
@@ -32,10 +32,10 @@ check42(){
     SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`3389` && ToPort>=`3389`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
-        textFail "Found Security Group: $SG open to 0.0.0.0/0 in Region $regx" "$regx" "$SG"
+        textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0" "$regx" "$SG"
       done
     else
-      textPass "No Security Groups found in $regx with port 3389 TCP open to 0.0.0.0/0" "$regx"
+      textPass "$regx: No Security Groups found with port 3389 TCP open to 0.0.0.0/0" "$regx" "$SG"
     fi
   done
 }
diff --git a/checks/check43 b/checks/check43
index a8da5612..205f4eb3 100644
--- a/checks/check43
+++ b/checks/check43
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check43="4.3"
-CHECK_TITLE_check43="[check43] Ensure the default security group of every VPC restricts all traffic (Scored)"
+CHECK_TITLE_check43="[check43] Ensure the default security group of every VPC restricts all traffic"
 CHECK_SCORED_check43="SCORED"
 CHECK_TYPE_check43="LEVEL2"
 CHECK_SEVERITY_check43="High"
@@ -33,9 +33,9 @@ check43(){
     for CHECK_SGDEFAULT_ID in $CHECK_SGDEFAULT_IDS; do
       CHECK_SGDEFAULT_ID_OPEN=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --group-ids $CHECK_SGDEFAULT_ID --query 'SecurityGroups[*].{IpPermissions:IpPermissions,IpPermissionsEgress:IpPermissionsEgress,GroupId:GroupId}' --output text |egrep '\s0.0.0.0|\:\:\/0')
       if [[ $CHECK_SGDEFAULT_ID_OPEN ]];then
-        textFail "Default Security Groups ($CHECK_SGDEFAULT_ID) found that allow 0.0.0.0 IN or OUT traffic in Region $regx" "$regx" "$CHECK_SGDEFAULT_ID"
+        textFail "$regx: Default Security Groups ($CHECK_SGDEFAULT_ID) found that allow 0.0.0.0 IN or OUT traffic" "$regx" "$CHECK_SGDEFAULT_ID"
       else
-        textPass "No Default Security Groups ($CHECK_SGDEFAULT_ID) open to 0.0.0.0 found in Region $regx" "$regx" "$CHECK_SGDEFAULT_ID"
+        textPass "$regx: No Default Security Groups ($CHECK_SGDEFAULT_ID) open to 0.0.0.0 found" "$regx" "$CHECK_SGDEFAULT_ID"
       fi
     done
   done
diff --git a/checks/check44 b/checks/check44
index 62a8bf4d..e5328c29 100644
--- a/checks/check44
+++ b/checks/check44
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check44="4.4"
-CHECK_TITLE_check44="[check44] Ensure routing tables for VPC peering are \"least access\" (Not Scored)"
+CHECK_TITLE_check44="[check44] Ensure routing tables for VPC peering are \"least access\""
 CHECK_SCORED_check44="NOT_SCORED"
 CHECK_TYPE_check44="LEVEL2"
 CHECK_SEVERITY_check44="Medium"
@@ -27,11 +27,10 @@ CHECK_CAF_EPIC_check44='Infrastructure Security'
 
 check44(){
   # "Ensure routing tables for VPC peering are \"least access\" (Not Scored)"
-  textInfo "Looking for VPC peering in all regions...  "
   for regx in $REGIONS; do
     LIST_OF_VPCS_PEERING_CONNECTIONS=$($AWSCLI ec2 describe-vpc-peering-connections --output text $PROFILE_OPT --region $regx --query 'VpcPeeringConnections[*].VpcPeeringConnectionId'| sort | paste -s -d" " -)
     if [[ $LIST_OF_VPCS_PEERING_CONNECTIONS ]];then
-      textInfo "$regx: $LIST_OF_VPCS_PEERING_CONNECTIONS - review routing tables" "$regx"
+      textInfo "$regx: $LIST_OF_VPCS_PEERING_CONNECTIONS - review routing tables" "$regx" "$LIST_OF_VPCS_PEERING_CONNECTIONS"
       #LIST_OF_VPCS=$($AWSCLI ec2 describe-vpcs $PROFILE_OPT --region $regx --query 'Vpcs[*].VpcId' --output text)
       #aws ec2 describe-route-tables --filter "Name=vpc-id,Values=vpc-0213e864" --query "RouteTables[*].{RouteTableId:RouteTableId, VpcId:VpcId, Routes:Routes, AssociatedSubnets:Associations[*].SubnetId}" $PROFILE_OPT --region $regx
       # for vpc in $LIST_OF_VPCS; do
@@ -39,7 +38,7 @@ check44(){
       # done
       #echo $VPCS_WITH_PEERING
     else
-      textPass "$regx: No VPC peering found" "$regx"
+      textPass "$regx: No VPC peering found" "$regx" "$LIST_OF_VPCS_PEERING_CONNECTIONS"
     fi
   done
 }
diff --git a/checks/check45 b/checks/check45
index fdd5912f..d68fc140 100644
--- a/checks/check45
+++ b/checks/check45
@@ -30,10 +30,10 @@ check45(){
     NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?(((!PortRange) || (PortRange.From<=`22` && PortRange.To>=`22`)) && ((CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`)))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
     if [[ $NACL_LIST ]];then
       for NACL in $NACL_LIST;do
-        textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for SSH port 22" "$regx"
+        textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for SSH port 22" "$regx" "$NACL"
       done
     else
-      textPass "$regx: No Network ACL found with SSH port 22 open to 0.0.0.0/0" "$regx"
+      textPass "$regx: No Network ACL found with SSH port 22 open to 0.0.0.0/0" "$regx" "$NACL"
     fi
   done
 }
diff --git a/checks/check46 b/checks/check46
index fc03c121..02c2101b 100644
--- a/checks/check46
+++ b/checks/check46
@@ -30,10 +30,10 @@ check46(){
     NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?(((!PortRange) || (PortRange.From<=`3389` && PortRange.To>=`3389`)) && ((CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`)))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
     if [[ $NACL_LIST ]];then
       for NACL in $NACL_LIST;do
-        textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for Microsoft RDP port 3389" "$regx"
+        textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for Microsoft RDP port 3389" "$regx" "$NACL"
       done
     else
-      textPass "$regx: No Network ACL found with Microsoft RDP port 3389 open to 0.0.0.0/0" "$regx"
+      textPass "$regx: No Network ACL found with Microsoft RDP port 3389 open to 0.0.0.0/0" "$regx" "$NACL"
     fi
   done
 }
diff --git a/checks/check_extra71 b/checks/check_extra71
index 23234823..4bf1706c 100644
--- a/checks/check_extra71
+++ b/checks/check_extra71
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra71="7.1"
-CHECK_TITLE_extra71="[extra71] Ensure users of groups with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra71="[extra71] Ensure users of groups with AdministratorAccess policy have MFA tokens enabled"
 CHECK_SCORED_extra71="NOT_SCORED"
 CHECK_TYPE_extra71="EXTRA"
 CHECK_SEVERITY_extra71="High"
@@ -27,7 +27,7 @@ CHECK_DOC_extra71='https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentia
 CHECK_CAF_EPIC_extra71='Infrastructure Security'
 
 extra71(){
-  # "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
+  # "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled "
   ADMIN_GROUPS=''
   AWS_GROUPS=$($AWSCLI $PROFILE_OPT iam list-groups --output text --region $REGION --query 'Groups[].GroupName')
   for grp in $AWS_GROUPS; do
@@ -36,7 +36,7 @@ extra71(){
     CHECK_ADMIN_GROUP=$($AWSCLI $PROFILE_OPT --region $REGION iam list-attached-group-policies --group-name $grp --output json --query 'AttachedPolicies[].PolicyArn' | grep  "arn:${AWS_PARTITION}:iam::aws:policy/AdministratorAccess")
     if [[ $CHECK_ADMIN_GROUP ]]; then
       ADMIN_GROUPS="$ADMIN_GROUPS $grp"
-      textInfo "$grp group provides administrative access"
+      textInfo "$REGION: $grp group provides administrative access" "$REGION" "$grp"
       ADMIN_USERS=$($AWSCLI $PROFILE_OPT iam get-group --region $REGION --group-name $grp --output json --query 'Users[].UserName' | grep '"' | cut -d'"' -f2 )
       for auser in $ADMIN_USERS; do
         # users in group are Administrators
@@ -44,13 +44,13 @@ extra71(){
         # check for user MFA device in credential report
         USER_MFA_ENABLED=$( cat $TEMP_REPORT_FILE | grep "^$auser," | cut -d',' -f8)
         if [[ "true" == $USER_MFA_ENABLED ]]; then
-          textPass "$auser / MFA Enabled / admin via group $grp" "us-east-1" "$auser"
+          textPass "$REGION: $auser / MFA Enabled / admin via group $grp" "$REGION" "$grp"
         else
-          textFail "$auser / MFA DISABLED / admin via group $grp" "us-east-1" "$auser"
+          textFail "$REGION: $auser / MFA DISABLED / admin via group $grp" "$REGION" "$grp"
         fi
       done
     else
-      textInfo "$grp group provides non-administrative access"
+      textInfo "$REGION: $grp group provides non-administrative access" "$REGION" "$grp"
     fi
   done
 }
diff --git a/checks/check_extra710 b/checks/check_extra710
index 8e13384d..a1c10252 100644
--- a/checks/check_extra710
+++ b/checks/check_extra710
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra710="7.10"
-CHECK_TITLE_extra710="[extra710] Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra710="[extra710] Check for internet facing EC2 Instances"
 CHECK_SCORED_extra710="NOT_SCORED"
 CHECK_TYPE_extra710="EXTRA"
 CHECK_SEVERITY_extra710="Medium"
@@ -25,8 +25,7 @@ CHECK_DOC_extra710='https://aws.amazon.com/blogs/aws/aws-web-application-firewal
 CHECK_CAF_EPIC_extra710='Infrastructure Security'
 
 extra710(){
-  # "Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for instances in all regions...  "
+  # "Check for internet facing EC2 Instances "
   for regx in $REGIONS; do
     LIST_OF_PUBLIC_INSTANCES=$($AWSCLI ec2 describe-instances $PROFILE_OPT --region $regx --query 'Reservations[*].Instances[?PublicIpAddress].[InstanceId,PublicIpAddress]' --output text)
     if [[ $LIST_OF_PUBLIC_INSTANCES ]];then
diff --git a/checks/check_extra7100 b/checks/check_extra7100
index 1aa6859f..8e2a3807 100644
--- a/checks/check_extra7100
+++ b/checks/check_extra7100
@@ -37,7 +37,6 @@ extra7100(){
   # Learn more: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html#roles-usingrole-createpolicy
   LIST_CUSTOM_POLICIES=$($AWSCLI iam list-policies --output text $PROFILE_OPT --region $REGION --scope Local --query 'Policies[*].[Arn,DefaultVersionId]' | grep -v -e '^None$' | awk -F '\t' '{print $1","$2"\n"}')
   if [[ $LIST_CUSTOM_POLICIES ]]; then
-    textInfo "Looking for custom policies: (skipping default policies - it may take few seconds...)"
     for policy in $LIST_CUSTOM_POLICIES; do
       POLICY_ARN=$(echo $policy | awk -F ',' '{print $1}')
       POLICY_VERSION=$(echo $policy | awk -F ',' '{print $2}')
@@ -72,12 +71,12 @@ extra7100(){
       textInfo "STS AssumeRole Policies should only include the complete ARNs for the Roles that the user needs"
       textInfo "Learn more: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html#roles-usingrole-createpolicy"
       for policy in $PERMISSIVE_POLICIES_LIST; do
-        textFail "Policy $policy allows permissive STS Role assumption" "us-east-1" "$policy"
+        textFail "$REGION: Policy $policy allows permissive STS Role assumption" "$REGION" "$policy"
       done
     else
-      textPass "No custom policies found that allow permissive STS Role assumption"
+      textPass "$REGION: No custom policies found that allow permissive STS Role assumption" "$REGION"
     fi
   else
-    textPass "No custom policies found"
+    textPass "$REGION: No custom policies found" "$REGION"
   fi
 }
diff --git a/checks/check_extra711 b/checks/check_extra711
index 746d4a8f..4a0b5d66 100644
--- a/checks/check_extra711
+++ b/checks/check_extra711
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra711="7.11"
-CHECK_TITLE_extra711="[extra711] Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra711="[extra711] Check for Publicly Accessible Redshift Clusters"
 CHECK_SCORED_extra711="NOT_SCORED"
 CHECK_TYPE_extra711="EXTRA"
 CHECK_SEVERITY_extra711="High"
@@ -24,8 +24,7 @@ CHECK_DOC_extra711='https://docs.aws.amazon.com/redshift/latest/mgmt/managing-cl
 CHECK_CAF_EPIC_extra711='Data Protection'
 
 extra711(){
-  # "Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for Redshift clusters in all regions...  "
+  # "Check for Publicly Accessible Redshift Clusters "
   for regx in $REGIONS; do
     LIST_OF_PUBLIC_REDSHIFT_CLUSTERS=$($AWSCLI redshift describe-clusters $PROFILE_OPT --region $regx --query 'Clusters[?PubliclyAccessible == `true`].[ClusterIdentifier,Endpoint.Address]' --output text)
     if [[ $LIST_OF_PUBLIC_REDSHIFT_CLUSTERS ]];then
diff --git a/checks/check_extra7113 b/checks/check_extra7113
index 876ce7eb..3412a56b 100644
--- a/checks/check_extra7113
+++ b/checks/check_extra7113
@@ -23,7 +23,7 @@
 #	[--apply-immediately | --no-apply-immediately]
 
 CHECK_ID_extra7113="7.113"
-CHECK_TITLE_extra7113="[extra7113] Check if RDS instances have deletion protection enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7113="[extra7113] Check if RDS instances have deletion protection enabled "
 CHECK_SCORED_extra7113="NOT_SCORED"
 CHECK_TYPE_extra7113="EXTRA"
 CHECK_SEVERITY_extra7113="Medium"
diff --git a/checks/check_extra712 b/checks/check_extra712
index 21c9fcae..754c3559 100644
--- a/checks/check_extra712
+++ b/checks/check_extra712
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra712="7.12"
-CHECK_TITLE_extra712="[extra712] Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra712="[extra712] Check if Amazon Macie is enabled"
 CHECK_SCORED_extra712="NOT_SCORED"
 CHECK_TYPE_extra712="EXTRA"
 CHECK_SEVERITY_extra712="Low"
@@ -24,12 +24,12 @@ CHECK_DOC_extra712='https://docs.aws.amazon.com/macie/latest/user/getting-starte
 CHECK_CAF_EPIC_extra712='Data Protection'
 
  extra712(){ 
-#    textInfo "No API commands available to check if Macie is enabled," 
-#    textInfo "just looking if IAM Macie related permissions exist.  " 
+#     "No API commands available to check if Macie is enabled," 
+#     "just looking if IAM Macie related permissions exist.  " 
    MACIE_IAM_ROLES_CREATED=$($AWSCLI iam list-roles $PROFILE_OPT --query 'Roles[*].Arn'|grep AWSMacieServiceCustomer|wc -l) 
    if [[ $MACIE_IAM_ROLES_CREATED -eq 2 ]];then 
-     textPass "Macie related IAM roles exist so it might be enabled. Check it out manually" 
+     textPass "$REGION: Macie related IAM roles exist so it might be enabled. Check it out manually" "$REGION"
 else
-     textFail "No Macie related IAM roles found. It is most likely not to be enabled" 
+     textFail "$REGION: No Macie related IAM roles found. It is most likely not to be enabled" "$REGION"
 fi
 }
diff --git a/checks/check_extra713 b/checks/check_extra713
index 008bf252..7a83b9bb 100644
--- a/checks/check_extra713
+++ b/checks/check_extra713
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra713="7.13"
-CHECK_TITLE_extra713="[extra713] Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra713="[extra713] Check if GuardDuty is enabled"
 CHECK_SCORED_extra713="NOT_SCORED"
 CHECK_TYPE_extra713="EXTRA"
 CHECK_SEVERITY_extra713="High"
@@ -25,7 +25,7 @@ CHECK_DOC_extra713='https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_se
 CHECK_CAF_EPIC_extra713='Data Protection'
 
 extra713(){
-  # "Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"
+  # "Check if GuardDuty is enabled "
   for regx in $REGIONS; do
     LIST_OF_GUARDDUTY_DETECTORS=$($AWSCLI guardduty list-detectors $PROFILE_OPT --region $regx --output text --query DetectorIds[*] 2> /dev/null)
     RESULT=$?
diff --git a/checks/check_extra7130 b/checks/check_extra7130
index 7c55d7fe..a302f0d4 100644
--- a/checks/check_extra7130
+++ b/checks/check_extra7130
@@ -25,7 +25,6 @@ CHECK_DOC_extra7130='https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-e
 CHECK_CAF_EPIC_extra7130='Data Protection'
 
 extra7130(){
-  textInfo "Looking for SNS Topics in all regions...  "
   for regx in $REGIONS; do
     LIST_SNS=$($AWSCLI sns list-topics $PROFILE_OPT --region $regx --query 'Topics[*].TopicArn' --output text)
     if [[ $LIST_SNS ]];then
diff --git a/checks/check_extra7134 b/checks/check_extra7134
index 6d38148c..4d649f83 100644
--- a/checks/check_extra7134
+++ b/checks/check_extra7134
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7134="7.134"
-CHECK_TITLE_extra7134="[extra7134] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7134="[extra7134] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21 "
 CHECK_SCORED_extra7134="NOT_SCORED"
 CHECK_TYPE_extra7134="EXTRA"
 CHECK_SEVERITY_extra7134="High"
diff --git a/checks/check_extra7135 b/checks/check_extra7135
index c8562b52..42a27bfb 100644
--- a/checks/check_extra7135
+++ b/checks/check_extra7135
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7135="7.135"
-CHECK_TITLE_extra7135="[extra7135] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7135="[extra7135] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092 "
 CHECK_SCORED_extra7135="NOT_SCORED"
 CHECK_TYPE_extra7135="EXTRA"
 CHECK_SEVERITY_extra7135="High"
diff --git a/checks/check_extra7136 b/checks/check_extra7136
index 3c247bcb..7b440031 100644
--- a/checks/check_extra7136
+++ b/checks/check_extra7136
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7136="7.136"
-CHECK_TITLE_extra7136="[extra7136] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7136="[extra7136] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23 "
 CHECK_SCORED_extra7136="NOT_SCORED"
 CHECK_TYPE_extra7136="EXTRA"
 CHECK_SEVERITY_extra7136="High"
diff --git a/checks/check_extra7137 b/checks/check_extra7137
index 8014b442..754acc5f 100644
--- a/checks/check_extra7137
+++ b/checks/check_extra7137
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7137="7.137"
-CHECK_TITLE_extra7137="[extra7137] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7137="[extra7137] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434 "
 CHECK_SCORED_extra7137="NOT_SCORED"
 CHECK_TYPE_extra7137="EXTRA"
 CHECK_SEVERITY_extra7137="High"
diff --git a/checks/check_extra7139 b/checks/check_extra7139
index bfb10568..0b635a10 100644
--- a/checks/check_extra7139
+++ b/checks/check_extra7139
@@ -10,7 +10,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7139="7.139"
-CHECK_TITLE_extra7139="[extra7139] There are High severity GuardDuty findings (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7139="[extra7139] There are High severity GuardDuty findings "
 CHECK_SCORED_extra7139="NOT_SCORED"
 CHECK_TYPE_extra7139="EXTRA"
 CHECK_SEVERITY_extra7139="High"
diff --git a/checks/check_extra714 b/checks/check_extra714
index fbe31dbc..27681e1f 100644
--- a/checks/check_extra714
+++ b/checks/check_extra714
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra714="7.14"
-CHECK_TITLE_extra714="[extra714] Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra714="[extra714] Check if CloudFront distributions have logging enabled"
 CHECK_SCORED_extra714="NOT_SCORED"
 CHECK_TYPE_extra714="EXTRA"
 CHECK_SEVERITY_extra714="Medium"
@@ -24,18 +24,18 @@ CHECK_DOC_extra714='https://docs.aws.amazon.com/AmazonCloudFront/latest/Develope
 CHECK_CAF_EPIC_extra714='Logging and Monitoring'
 
 extra714(){
-  # "Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)"
+  # "Check if CloudFront distributions have logging enabled "
   LIST_OF_DISTRIBUTIONS=$($AWSCLI cloudfront list-distributions $PROFILE_OPT --query 'DistributionList.Items[].Id' --output text | grep -v "^None")
   if [[ $LIST_OF_DISTRIBUTIONS ]]; then
     for dist in $LIST_OF_DISTRIBUTIONS; do
       LOG_ENABLED=$($AWSCLI cloudfront get-distribution $PROFILE_OPT --id "$dist" --query 'Distribution.DistributionConfig.Logging.Enabled' | grep true)
       if [[ $LOG_ENABLED ]]; then
-        textPass "CloudFront distribution $dist has logging enabled" "us-east-1" "$dist"
+        textPass "$REGION: CloudFront distribution $dist has logging enabled" "$REGION" "$dist"
       else
-        textFail "CloudFront distribution $dist has logging disabled" "us-east-1" "$dist" 
+        textFail "$REGION: CloudFront distribution $dist has logging disabled" "$REGION" "$dist" 
       fi
     done
   else
-    textInfo "No CloudFront distributions found"
+    textInfo "$REGION: No CloudFront distributions found" "$REGION" "$dist" 
   fi
 }
diff --git a/checks/check_extra716 b/checks/check_extra716
index f666b273..9a307f67 100644
--- a/checks/check_extra716
+++ b/checks/check_extra716
@@ -34,7 +34,7 @@ extra716(){
         # If the endpoint starts with "vpc-" it is in a VPC then it is fine.
         if [[ "$ES_DOMAIN_ENDPOINT" =~ ^vpc-* ]];then
           ES_DOMAIN_VPC=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.VPCOptions.VPCId' --output text)
-          textInfo "$regx: Amazon ES domain $domain is in VPC $ES_DOMAIN_VPC run extra779 to make sure it is not exposed using custom proxy" "$regx"
+          textInfo "$regx: Amazon ES domain $domain is in VPC $ES_DOMAIN_VPC run extra779 to make sure it is not exposed using custom proxy" "$regx" "$domain"
         else
           $AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.AccessPolicies.Options --output text > $TEMP_POLICY_FILE 2> /dev/null
           # check if the policy has a principal set up
@@ -76,11 +76,11 @@ extra716(){
               textFail "$regx: Amazon ES domain $domain policy allows access (Principal: \"*\" and network \"*\") - use extra788 to test AUTH" "$regx" "$domain"
             fi
             if [[ $CHECK_ES_DOMAIN_POLICY_HAS_CONDITION && ${CHECK_ES_DOMAIN_POLICY_CONDITION_PUBLIC_IP[@]} ]];then
-              textInfo "$regx: Amazon ES domain $domain policy allows access (Principal: \"*\" and Public IP or Network $(echo ${CONDITION_HAS_PUBLIC_IP_ARRAY[@]})) - use extra788 to test AUTH" "$regx"
+              textInfo "$regx: Amazon ES domain $domain policy allows access (Principal: \"*\" and Public IP or Network $(echo ${CONDITION_HAS_PUBLIC_IP_ARRAY[@]})) - use extra788 to test AUTH" "$regx" "$domain"
             fi
           else
             if [[ $CHECK_ES_DOMAIN_POLICY_HAS_CONDITION && ${CHECK_ES_DOMAIN_POLICY_CONDITION_PRIVATE_IP[@]} ]];then
-              textInfo "$regx: Amazon ES domain $domain policy allows access from a Private IP or CIDR RFC1918 $(echo ${CONDITION_HAS_PRIVATE_IP_ARRAY[@]})" "$regx"
+              textInfo "$regx: Amazon ES domain $domain policy allows access from a Private IP or CIDR RFC1918 $(echo ${CONDITION_HAS_PRIVATE_IP_ARRAY[@]})" "$regx" "$domain"
             else
               textPass "$regx: Amazon ES domain $domain does not allow anonymous access" "$regx" "$domain"
             fi
diff --git a/checks/check_extra717 b/checks/check_extra717
index 53892197..f2f8996c 100644
--- a/checks/check_extra717
+++ b/checks/check_extra717
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra717="7.17"
-CHECK_TITLE_extra717="[extra717] Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra717="[extra717] Check if Elastic Load Balancers have logging enabled"
 CHECK_SCORED_extra717="NOT_SCORED"
 CHECK_TYPE_extra717="EXTRA"
 CHECK_SEVERITY_extra717="Medium"
@@ -24,7 +24,7 @@ CHECK_DOC_extra717='https://docs.aws.amazon.com/elasticloadbalancing/latest/appl
 CHECK_CAF_EPIC_extra717='Logging and Monitoring'
 
 extra717(){
-  # "Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)"
+  # "Check if Elastic Load Balancers have logging enabled "
   for regx in $REGIONS; do
     LIST_OF_ELBS=$($AWSCLI elb describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancerDescriptions[*].LoadBalancerName' --output text|xargs -n1)
     LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[*].LoadBalancerArn' --output text|xargs -n1)
diff --git a/checks/check_extra718 b/checks/check_extra718
index 17b11b0b..8e1e8020 100644
--- a/checks/check_extra718
+++ b/checks/check_extra718
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra718="7.18"
-CHECK_TITLE_extra718="[extra718] Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra718="[extra718] Check if S3 buckets have server access logging enabled"
 CHECK_SCORED_extra718="NOT_SCORED"
 CHECK_TYPE_extra718="EXTRA"
 CHECK_SEVERITY_extra718="Medium"
@@ -24,22 +24,22 @@ CHECK_DOC_extra718='https://docs.aws.amazon.com/AmazonS3/latest/dev/security-bes
 CHECK_CAF_EPIC_extra718='Logging and Monitoring'
 
 extra718(){
-  # "Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)"
+  # "Check if S3 buckets have server access logging enabled "
   LIST_OF_BUCKETS=$($AWSCLI s3api list-buckets $PROFILE_OPT --query Buckets[*].Name --output text|xargs -n1)
   if [[ $LIST_OF_BUCKETS ]]; then
     for bucket in $LIST_OF_BUCKETS;do
       BUCKET_SERVER_LOG_ENABLED=$($AWSCLI s3api get-bucket-logging --bucket $bucket $PROFILE_OPT --query [LoggingEnabled] --output text 2>&1)
       if [[ $(echo "$BUCKET_SERVER_LOG_ENABLED" | grep AccessDenied) ]]; then
-        textFail "Access Denied Trying to Get Bucket Logging for $bucket"
+        textFail "$REGION: Access Denied Trying to Get Bucket Logging for $bucket" "$REGION" "$bucket"
         continue
       fi
       if [[ $(echo "$BUCKET_SERVER_LOG_ENABLED" | grep "^None$") ]]; then
-        textFail "Bucket $bucket has server access logging disabled!" "us-east-1" "$bucket"
+        textFail "$REGION: Bucket $bucket has server access logging disabled!" "$REGION" "$bucket"
       else
-        textPass "Bucket $bucket has server access logging enabled" "us-east-1" "$bucket"
+        textPass "$REGION: Bucket $bucket has server access logging enabled" "$REGION" "$bucket"
       fi
     done
   else
-    textInfo "No S3 Buckets found"
+    textInfo "$REGION: No S3 Buckets found" "$REGION" "$bucket"
   fi
 }
diff --git a/checks/check_extra719 b/checks/check_extra719
index ad148c3a..b3435656 100644
--- a/checks/check_extra719
+++ b/checks/check_extra719
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra719="7.19"
-CHECK_TITLE_extra719="[extra719] Check if Route53 public hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra719="[extra719] Check if Route53 public hosted zones are logging queries to CloudWatch Logs"
 CHECK_SCORED_extra719="NOT_SCORED"
 CHECK_TYPE_extra719="EXTRA"
 CHECK_SEVERITY_extra719="Medium"
@@ -30,12 +30,12 @@ extra719(){
     for hostedzoneid in $LIST_OF_HOSTED_ZONES;do
       HOSTED_ZONE_QUERY_LOG_ENABLED=$($AWSCLI route53 list-query-logging-configs --hosted-zone-id $hostedzoneid $PROFILE_OPT --query QueryLoggingConfigs[*].CloudWatchLogsLogGroupArn --output text|cut -d: -f7)
       if [[ $HOSTED_ZONE_QUERY_LOG_ENABLED ]];then
-        textPass "Route53 public hosted zone Id $hostedzoneid has query logging enabled in Log Group $HOSTED_ZONE_QUERY_LOG_ENABLED" "us-east-1" "$hostedzoneid"
+        textPass "$REGION: Route53 public hosted zone Id $hostedzoneid has query logging enabled in Log Group $HOSTED_ZONE_QUERY_LOG_ENABLED" "$REGION" "$hostedzoneid"
       else
-        textFail "Route53 public hosted zone Id $hostedzoneid has query logging disabled!" "us-east-1" "$hostedzoneid"
+        textFail "$REGION: Route53 public hosted zone Id $hostedzoneid has query logging disabled!" "$REGION" "$hostedzoneid"
       fi
     done
   else
-    textInfo "No Route53 hosted zones found"
+    textInfo "$REGION: No Route53 hosted zones found" "$REGION" 
   fi
 }
diff --git a/checks/check_extra72 b/checks/check_extra72
index a7598b30..0d088896 100644
--- a/checks/check_extra72
+++ b/checks/check_extra72
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra72="7.2"
-CHECK_TITLE_extra72="[extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra72="[extra72] Ensure there are no EBS Snapshots set as Public"
 CHECK_SCORED_extra72="NOT_SCORED"
 CHECK_TYPE_extra72="EXTRA"
 CHECK_SEVERITY_extra72="Critical"
@@ -26,8 +26,7 @@ CHECK_DOC_extra72='https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modif
 CHECK_CAF_EPIC_extra72='Data Protection'
 
 extra72(){
-  # "Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for EBS Snapshots in all regions...  "
+  # "Ensure there are no EBS Snapshots set as Public "
   for regx in $REGIONS; do
     LIST_OF_EBS_SNAPSHOTS=$($AWSCLI ec2 describe-snapshots $PROFILE_OPT --region $regx --owner-ids $ACCOUNT_NUM --output text --query 'Snapshots[*].{ID:SnapshotId}' --max-items $MAXITEMS | grep -v None 2> /dev/null)
     for snapshot in $LIST_OF_EBS_SNAPSHOTS; do
diff --git a/checks/check_extra720 b/checks/check_extra720
index 5cef8b37..06608532 100644
--- a/checks/check_extra720
+++ b/checks/check_extra720
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra720="7.20"
-CHECK_TITLE_extra720="[extra720] Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra720="[extra720] Check if Lambda functions invoke API operations are being recorded by CloudTrail"
 CHECK_SCORED_extra720="NOT_SCORED"
 CHECK_TYPE_extra720="EXTRA"
 CHECK_SEVERITY_extra720="Low"
@@ -24,17 +24,17 @@ CHECK_DOC_extra720='https://docs.aws.amazon.com/lambda/latest/dg/logging-using-c
 CHECK_CAF_EPIC_extra720='Logging and Monitoring'
 
 extra720(){
-  # "Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)"
+  # "Check if Lambda functions invoke API operations are being recorded by CloudTrail "
   for regx in $REGIONS; do
     LIST_OF_FUNCTIONS=$($AWSCLI lambda list-functions $PROFILE_OPT --region $regx --query 'Functions[*].FunctionName' --output text 2>&1)
     if [[ $(echo "$LIST_OF_FUNCTIONS" | grep AccessDenied) ]]; then
-      textFail "$regx: Access Denied trying to list functions"
+      textFail "$regx: Access Denied trying to list functions" "$regx"
       continue
     fi
     if [[ $LIST_OF_FUNCTIONS ]]; then
       LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].TrailARN' --output text 2>&1)
       if [[ $(echo "$LIST_OF_TRAILS" | grep AccessDenied) ]]; then
-        textFail "$regx: Access Denied trying to describe trails"
+        textFail "$regx: Access Denied trying to describe trails" "$regx"
         continue
       fi
       for lambdafunction in $LIST_OF_FUNCTIONS; do
diff --git a/checks/check_extra721 b/checks/check_extra721
index 93d2ed92..8b2e54bf 100644
--- a/checks/check_extra721
+++ b/checks/check_extra721
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra721="7.21"
-CHECK_TITLE_extra721="[extra721] Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra721="[extra721] Check if Redshift cluster has audit logging enabled"
 CHECK_SCORED_extra721="NOT_SCORED"
 CHECK_TYPE_extra721="EXTRA"
 CHECK_SEVERITY_extra721="Medium"
@@ -24,7 +24,7 @@ CHECK_DOC_extra721='https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing
 CHECK_CAF_EPIC_extra721='Logging and Monitoring'
 
 extra721(){
-  # "Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)"
+  # "Check if Redshift cluster has audit logging enabled "
   for regx in $REGIONS; do
     LIST_OF_REDSHIFT_CLUSTERS=$($AWSCLI redshift describe-clusters $PROFILE_OPT --region $regx --query 'Clusters[*].ClusterIdentifier' --output text)
     if [[ $LIST_OF_REDSHIFT_CLUSTERS ]]; then
diff --git a/checks/check_extra722 b/checks/check_extra722
index 53dde9ed..4db8470c 100644
--- a/checks/check_extra722
+++ b/checks/check_extra722
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra722="7.22"
-CHECK_TITLE_extra722="[extra722] Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra722="[extra722] Check if API Gateway has logging enabled"
 CHECK_SCORED_extra722="NOT_SCORED"
 CHECK_TYPE_extra722="EXTRA"
 CHECK_SEVERITY_extra722="Medium"
@@ -24,7 +24,7 @@ CHECK_DOC_extra722='https://docs.aws.amazon.com/apigateway/latest/developerguide
 CHECK_CAF_EPIC_extra722='Logging and Monitoring'
 
 extra722(){
-  # "Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)"
+  # "Check if API Gateway has logging enabled "
   for regx in $REGIONS; do
     LIST_OF_API_GW=$($AWSCLI apigateway get-rest-apis $PROFILE_OPT --region $regx --query items[*].id --output text)
     if [[ $LIST_OF_API_GW ]];then
diff --git a/checks/check_extra723 b/checks/check_extra723
index 3e0cbd04..9653b956 100644
--- a/checks/check_extra723
+++ b/checks/check_extra723
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra723="7.23"
-CHECK_TITLE_extra723="[extra723] Check if RDS Snapshots and Cluster Snapshots are public (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra723="[extra723] Check if RDS Snapshots and Cluster Snapshots are public"
 CHECK_SCORED_extra723="NOT_SCORED"
 CHECK_TYPE_extra723="EXTRA"
 CHECK_SEVERITY_extra723="Critical"
@@ -24,7 +24,7 @@ CHECK_DOC_extra723='https://docs.aws.amazon.com/config/latest/developerguide/rds
 CHECK_CAF_EPIC_extra723='Data Protection'
 
 extra723(){
-  # "Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)"
+  # "Check if RDS Snapshots are public "
   for regx in $REGIONS; do
     # RDS snapshots
     LIST_OF_RDS_SNAPSHOTS=$($AWSCLI rds describe-db-snapshots $PROFILE_OPT --region $regx --query DBSnapshots[*].DBSnapshotIdentifier --output text)
diff --git a/checks/check_extra724 b/checks/check_extra724
index f53e13fe..e0b2497f 100644
--- a/checks/check_extra724
+++ b/checks/check_extra724
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra724="7.24"
-CHECK_TITLE_extra724="[extra724] Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra724="[extra724] Check if ACM certificates have Certificate Transparency logging enabled"
 CHECK_SCORED_extra724="NOT_SCORED"
 CHECK_TYPE_extra724="EXTRA"
 CHECK_SEVERITY_extra724="Medium"
@@ -24,7 +24,7 @@ CHECK_DOC_extra724='https://aws.amazon.com/blogs/security/how-to-get-ready-for-c
 CHECK_CAF_EPIC_extra724='Logging and Monitoring'
 
 extra724(){
-  # "Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)"
+  # "Check if ACM certificates have Certificate Transparency logging enabled "
   for regx in $REGIONS; do
     LIST_OF_CERTS=$($AWSCLI acm list-certificates $PROFILE_OPT  --region $regx --query CertificateSummaryList[].CertificateArn --output text)
     if [[ $LIST_OF_CERTS ]];then
@@ -34,7 +34,7 @@ extra724(){
         CERT_TYPE=$(aws acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.Type --output text)
         if [[ $CERT_TYPE == "IMPORTED" ]];then
           # Ignore imported certificate
-          textInfo "$regx: ACM Certificate $CERT_DOMAIN_NAME is imported." "$regx" 
+          textInfo "$regx: ACM Certificate $CERT_DOMAIN_NAME is imported." "$regx" "$CERT_DOMAIN_NAME"
         else
           if [[ $CT_ENABLED == "ENABLED" ]];then
             textPass "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging enabled!" "$regx" "$CERT_DOMAIN_NAME"
@@ -47,5 +47,4 @@ extra724(){
        textInfo "$regx: No ACM Certificates found" "$regx"
     fi
   done
-  textInfo "*Read more about this here: https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/"
 }
diff --git a/checks/check_extra725 b/checks/check_extra725
index 8a90f8c9..4100b083 100644
--- a/checks/check_extra725
+++ b/checks/check_extra725
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra725="7.25"
-CHECK_TITLE_extra725="[extra725] Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra725="[extra725] Check if S3 buckets have Object-level logging enabled in CloudTrail"
 CHECK_SCORED_extra725="NOT_SCORED"
 CHECK_TYPE_extra725="EXTRA"
 CHECK_SEVERITY_extra725="Medium"
@@ -26,17 +26,15 @@ CHECK_CAF_EPIC_extra725='Logging and Monitoring'
 
 # per Object-level logging is not configured at Bucket level but at CloudTrail trail level
 extra725(){
-  # "Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for S3 Buckets Object-level logging information in all trails...  "
-
+  # "Check if S3 buckets have Object-level logging enabled in CloudTrail "
   LIST_OF_BUCKETS=$($AWSCLI s3api list-buckets $PROFILE_OPT --region $REGION --query 'Buckets[*].{Name:Name}' --output text 2>&1)
   if [[ $(echo "$LIST_OF_BUCKETS" | grep AccessDenied) ]]; then
-    textFail "Access Denied trying to list buckets"
+    textFail "$REGION: Access Denied trying to list buckets"
     return
   fi
   LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[].TrailARN' --output text 2>&1)
   if [[ $(echo "$LIST_OF_TRAILS" | grep AccessDenied) ]]; then
-    textFail "Access Denied trying to describe trails"
+    textFail "$REGION: Access Denied trying to describe trails"
     return
   fi
   if [[ $LIST_OF_BUCKETS ]]; then
@@ -53,17 +51,17 @@ extra725(){
 
         if [[ ${#BUCKET_ENABLED_TRAILS[@]} -gt 0 ]]; then
           for trail in "${BUCKET_ENABLED_TRAILS[@]}"; do
-            textPass "$regx: S3 bucket $bucketName has Object-level logging enabled in trail $trail" "$regx" "$bucketName"
+            textPass "$REGION: S3 bucket $bucketName has Object-level logging enabled in trail $trail" "$REGION" "$bucketName"
           done
         else
-          textFail "$regx: S3 bucket $bucketName has Object-level logging disabled" "$regx" "$bucketName"
+          textFail "$REGION: S3 bucket $bucketName has Object-level logging disabled" "$REGION" "$bucketName"
         fi
 
       else
-        textFail "$regx: S3 bucket $bucketName is not being recorded no CloudTrail found!" "$regx" "$bucketName"
+        textFail "$REGION: S3 bucket $bucketName is not being recorded no CloudTrail found!" "$REGION" "$bucketName"
       fi
     done
   else
-    textInfo "$regx: No S3 buckets found" "$regx"
+    textInfo "$REGION: No S3 buckets found" "$REGION"
   fi
 }
diff --git a/checks/check_extra726 b/checks/check_extra726
index 1119e526..76de3c84 100644
--- a/checks/check_extra726
+++ b/checks/check_extra726
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra726="7.26"
-CHECK_TITLE_extra726="[extra726] Check Trusted Advisor for errors and warnings (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra726="[extra726] Check Trusted Advisor for errors and warnings"
 CHECK_SCORED_extra726="NOT_SCORED"
 CHECK_TYPE_extra726="EXTRA"
 CHECK_SEVERITY_extra726="Medium"
@@ -25,32 +25,32 @@ CHECK_CAF_EPIC_extra726='IAM'
 
 extra726(){
   trap "exit" INT
-  # forcing us-east-1 region only since support only works in that region
-  TA_CHECKS_ID=$($AWSCLI support describe-trusted-advisor-checks --language en $PROFILE_OPT --region us-east-1 --query checks[*].id  --output text 2>&1)
+  # forcing REGION if not set will be us-east-1 region only since support only works in that region
+  TA_CHECKS_ID=$($AWSCLI support describe-trusted-advisor-checks --language en $PROFILE_OPT --region $REGION --query checks[*].id  --output text 2>&1)
   if [[ $(echo "$TA_CHECKS_ID" | grep SubscriptionRequiredException) ]]; then
-    textInfo "Trusted Advisor requires AWS Premium Support Subscription"
+    textInfo "$REGION: Trusted Advisor requires AWS Premium Support Subscription" "$REGION"
     return
   fi
 
   for checkid in $TA_CHECKS_ID; do
-    TA_CHECKS_NAME=$($AWSCLI support describe-trusted-advisor-checks --language en $PROFILE_OPT --region us-east-1 --query "checks[?id==\`$checkid\`].{name:name}[*]" --output text)
-    QUERY_TA_CHECK_RESULT=$($AWSCLI support describe-trusted-advisor-check-result --check-id $checkid --language en $PROFILE_OPT --region us-east-1 --query 'result.status' --output text)
+    TA_CHECKS_NAME=$($AWSCLI support describe-trusted-advisor-checks --language en $PROFILE_OPT --region $REGION --query "checks[?id==\`$checkid\`].{name:name}[*]" --output text)
+    QUERY_TA_CHECK_RESULT=$($AWSCLI support describe-trusted-advisor-check-result --check-id $checkid --language en $PROFILE_OPT --region $REGION --query 'result.status' --output text)
     # Possible results - https://docs.aws.amazon.com/cli/latest/reference/support/describe-trusted-advisor-check-result.html
     case "$QUERY_TA_CHECK_RESULT" in
       "ok")
-        textPass "Trusted Advisor check $TA_CHECKS_NAME is in ok state $QUERY_TA_CHECK_RESULT" "us-east-1" "$TA_CHECKS_NAME"
+        textPass "$REGION: Trusted Advisor check $TA_CHECKS_NAME is in ok state $QUERY_TA_CHECK_RESULT" "$REGION" "$TA_CHECKS_NAME"
         ;;
       "error")
-        textFail "Trusted Advisor check $TA_CHECKS_NAME is in error state $QUERY_TA_CHECK_RESULT" "us-east-1" "$TA_CHECKS_NAME"
+        textFail "$REGION: Trusted Advisor check $TA_CHECKS_NAME is in error state $QUERY_TA_CHECK_RESULT" "$REGION" "$TA_CHECKS_NAME"
         ;;
       "warning")
-        textInfo "Trusted Advisor check $TA_CHECKS_NAME is in warning state $QUERY_TA_CHECK_RESULT" "us-east-1" "$TA_CHECKS_NAME"
+        textInfo "$REGION: Trusted Advisor check $TA_CHECKS_NAME is in warning state $QUERY_TA_CHECK_RESULT" "$REGION" "$TA_CHECKS_NAME"
         ;;
       "not_available")
-        textInfo "Trusted Advisor check $TA_CHECKS_NAME is in not_available state $QUERY_TA_CHECK_RESULT" "us-east-1" "$TA_CHECKS_NAME"
+        textInfo "$REGION: Trusted Advisor check $TA_CHECKS_NAME is in not_available state $QUERY_TA_CHECK_RESULT" "u$REGION" "$TA_CHECKS_NAME"
         ;;
       "*")
-        textFail "Trusted Advisor check $TA_CHECKS_NAME is in unknown state $QUERY_TA_CHECK_RESULT" "us-east-1" "$TA_CHECKS_NAME"
+        textFail "$REGION: Trusted Advisor check $TA_CHECKS_NAME is in unknown state $QUERY_TA_CHECK_RESULT" "$REGION" "$TA_CHECKS_NAME"
         ;;
     esac
   done
diff --git a/checks/check_extra727 b/checks/check_extra727
index 63ad651e..797401be 100644
--- a/checks/check_extra727
+++ b/checks/check_extra727
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra727="7.27"
-CHECK_TITLE_extra727="[extra727] Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra727="[extra727] Check if SQS queues have policy set as Public"
 CHECK_SCORED_extra727="NOT_SCORED"
 CHECK_TYPE_extra727="EXTRA"
 CHECK_SEVERITY_extra727="Critical"
@@ -41,7 +41,7 @@ extra727(){
                 | jq '"[Principal: " + (.Principal|tostring) + " Action: " + (.Action|tostring) + "]"' )
               textFail "$regx: SQS $queue queue policy with public access: $SQS_POLICY_ALLOW_ALL_WITHOUT_CONDITION_DETAILS" "$regx" "$queue"
             else
-              textInfo "$regx: SQS $queue queue policy with public access but has a Condition" "$regx"
+              textInfo "$regx: SQS $queue queue policy with public access but has a Condition" "$regx" "$queue"
             fi
           else
             textPass "$regx: SQS $queue queue without public access" "$regx" "$queue"
diff --git a/checks/check_extra728 b/checks/check_extra728
index 3fbaff2c..f7589af1 100644
--- a/checks/check_extra728
+++ b/checks/check_extra728
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra728="7.28"
-CHECK_TITLE_extra728="[extra728] Check if SQS queues have Server Side Encryption enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra728="[extra728] Check if SQS queues have Server Side Encryption enabled"
 CHECK_SCORED_extra728="NOT_SCORED"
 CHECK_TYPE_extra728="EXTRA"
 CHECK_SEVERITY_extra728="Medium"
diff --git a/checks/check_extra729 b/checks/check_extra729
index e3759bf2..743e568d 100644
--- a/checks/check_extra729
+++ b/checks/check_extra729
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra729="7.29"
-CHECK_TITLE_extra729="[extra729] Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra729="[extra729] Ensure there are no EBS Volumes unencrypted"
 CHECK_SCORED_extra729="NOT_SCORED"
 CHECK_TYPE_extra729="EXTRA"
 CHECK_SEVERITY_extra729="Medium"
@@ -26,8 +26,7 @@ CHECK_DOC_extra729='https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncry
 CHECK_CAF_EPIC_extra729='Data Protection'
 
 extra729(){
-  # "Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for EBS Volumes in all regions...  "
+  # "Ensure there are no EBS Volumes unencrypted "
   for regx in $REGIONS; do
     LIST_OF_EBS_NON_ENC_VOLUMES=$($AWSCLI ec2 describe-volumes $PROFILE_OPT --region $regx --query 'Volumes[?Encrypted==`false`].VolumeId' --output text)
     if [[ $LIST_OF_EBS_NON_ENC_VOLUMES ]];then
diff --git a/checks/check_extra73 b/checks/check_extra73
index 9a0b9162..c2329607 100644
--- a/checks/check_extra73
+++ b/checks/check_extra73
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra73="7.3"
-CHECK_TITLE_extra73="[extra73] Ensure there are no S3 buckets open to Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra73="[extra73] Ensure there are no S3 buckets open to Everyone or Any AWS user"
 CHECK_SCORED_extra73="NOT_SCORED"
 CHECK_TYPE_extra73="EXTRA"
 CHECK_SEVERITY_extra73="Critical"
@@ -43,14 +43,12 @@ CHECK_CAF_EPIC_extra73='Data Protection'
 # for day to day usage that is probably desirable.
 
 extra73(){
-  textInfo "Looking for open S3 Buckets (ACLs and Policies) in all regions...  "
-
   #
   # If public ACLs disabled at account level then look no further
   #
   ACCOUNT_PUBLIC_ACCESS_BLOCK=$($AWSCLI s3control get-public-access-block $PROFILE_OPT --region $REGION --account-id $ACCOUNT_NUM --output json 2>&1)
   if [[ $(echo "$ACCOUNT_PUBLIC_ACCESS_BLOCK" | grep AccessDenied) ]]; then
-    textFail "Access Denied getting PublicAccessBlock configuration for AWS account"
+    textFail "$REGION: Access Denied getting PublicAccessBlock configuration for AWS account" "$REGION" "$bucket"
     return
   fi
   if [[ $(echo "$ACCOUNT_PUBLIC_ACCESS_BLOCK" | grep NoSuchPublicAccessBlockConfiguration) ]]; then
@@ -61,7 +59,7 @@ extra73(){
     ACCOUNTRESTRICTPUBLICBUCKETS=$(echo "$ACCOUNT_PUBLIC_ACCESS_BLOCK" | jq -r '.PublicAccessBlockConfiguration.RestrictPublicBuckets')
   fi
   if [[ $ACCOUNTIGNOREPUBLICACLS == "true" && $ACCOUNTRESTRICTPUBLICBUCKETS == "true" ]]; then
-    textPass "All S3 public access blocked at account level"
+    textPass "$REGION: All S3 public access blocked at account level" "$REGION" "$bucket"
     return
   fi
 
@@ -70,11 +68,11 @@ extra73(){
   #
   ALL_BUCKETS_LIST=$($AWSCLI s3api list-buckets --query 'Buckets[*].{Name:Name}' $PROFILE_OPT --output text 2>&1)
   if [[ $(echo "$ALL_BUCKETS_LIST" | grep AccessDenied) ]]; then
-    textFail "Access Denied Trying to List Buckets"
+    textFail "$REGION: Access Denied Trying to List Buckets" "$REGION" "$bucket"
     return
   fi
   if [[ "$ALL_BUCKETS_LIST" == "" ]]; then
-    textInfo "No buckets found"
+    textInfo "$REGION: No buckets found" "$REGION" "$bucket"
     return
   fi
 
@@ -87,7 +85,7 @@ extra73(){
     #
     BUCKET_LOCATION=$($AWSCLI s3api get-bucket-location $PROFILE_OPT --region $REGION --bucket $bucket --output text 2>&1)
     if [[ $(echo "$BUCKET_LOCATION" | grep AccessDenied) ]]; then
-      textFail "Access Denied Trying to Get Bucket Location for $bucket"
+      textFail "$REGION: Access Denied Trying to Get Bucket Location for $bucket" "$REGION" "$bucket"
       continue
     fi
     if [[ $BUCKET_LOCATION == "None" ]]; then
@@ -101,7 +99,7 @@ extra73(){
     #
     BUCKET_PUBLIC_ACCESS_BLOCK=$($AWSCLI s3api get-public-access-block $PROFILE_OPT --region $BUCKET_LOCATION --bucket $bucket --output json 2>&1)
     if [[ $(echo "$BUCKET_PUBLIC_ACCESS_BLOCK" | grep AccessDenied) ]]; then
-      textFail "Access Denied Trying to Get Public Access Block for $bucket"
+      textFail "$BUCKET_LOCATION: Access Denied Trying to Get Public Access Block for $bucket" "$BUCKET_LOCATION" "$bucket"
       continue
     fi
     if [[ $(echo "$BUCKET_PUBLIC_ACCESS_BLOCK" | grep NoSuchPublicAccessBlockConfiguration) ]]; then
@@ -112,7 +110,7 @@ extra73(){
       BUCKETRESTRICTPUBLICBUCKETS=$(echo "$BUCKET_PUBLIC_ACCESS_BLOCK" | jq -r '.PublicAccessBlockConfiguration.RestrictPublicBuckets')
     fi
     if [[ $BUCKETIGNOREPUBLICACLS == "true" && $BUCKETRESTRICTPUBLICBUCKETS == "true" ]]; then
-      textPass "$BUCKET_LOCATION: $bucket bucket is not Public" "$BUCKET_LOCATION"
+      textPass "$BUCKET_LOCATION: $bucket bucket is not Public" "$BUCKET_LOCATION" "$bucket"
       continue
     fi
 
@@ -121,7 +119,7 @@ extra73(){
     #
     BUCKET_ACL=$($AWSCLI s3api get-bucket-acl $PROFILE_OPT --region $BUCKET_LOCATION --bucket $bucket --output json 2>&1)
     if [[ $(echo "$BUCKET_ACL" | grep AccessDenied) ]]; then
-      textFail "Access Denied Trying to Get Bucket Acl for $bucket"
+      textFail "$BUCKET_LOCATION: Access Denied Trying to Get Bucket Acl for $bucket" "$BUCKET_LOCATION" "$bucket"
       continue
     fi
 
@@ -142,7 +140,7 @@ extra73(){
     #
     BUCKET_POLICY_STATUS=$($AWSCLI s3api get-bucket-policy-status $PROFILE_OPT --region $BUCKET_LOCATION --bucket $bucket --query PolicyStatus.IsPublic --output text 2>&1)
     if [[ $(echo "$BUCKET_POLICY_STATUS" | grep AccessDenied) ]]; then
-      textFail "Access Denied Trying to Get Bucket Policy Status for $bucket"
+      textFail "$BUCKET_LOCATION: Access Denied Trying to Get Bucket Policy Status for $bucket" "$BUCKET_LOCATION" "$bucket"
       continue
     fi
     if [[ $(echo "$BUCKET_POLICY_STATUS" | grep NoSuchBucketPolicy) ]]; then
diff --git a/checks/check_extra730 b/checks/check_extra730
index f37e9a8f..706922fa 100644
--- a/checks/check_extra730
+++ b/checks/check_extra730
@@ -14,7 +14,7 @@
 DAYS_TO_EXPIRE_THRESHOLD="7"
 
 CHECK_ID_extra730="7.30"
-CHECK_TITLE_extra730="[extra730] Check if ACM Certificates are about to expire in $DAYS_TO_EXPIRE_THRESHOLD days or less (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra730="[extra730] Check if ACM Certificates are about to expire in $DAYS_TO_EXPIRE_THRESHOLD days or less"
 CHECK_SCORED_extra730="NOT_SCORED"
 CHECK_TYPE_extra730="EXTRA"
 CHECK_SEVERITY_extra730="High"
diff --git a/checks/check_extra731 b/checks/check_extra731
index 69b4d81c..3a5eec01 100644
--- a/checks/check_extra731
+++ b/checks/check_extra731
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra731="7.31"
-CHECK_TITLE_extra731="[extra731] Check if SNS topics have policy set as Public (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra731="[extra731] Check if SNS topics have policy set as Public"
 CHECK_SCORED_extra731="NOT_SCORED"
 CHECK_TYPE_extra731="EXTRA"
 CHECK_SEVERITY_extra731="Critical"
diff --git a/checks/check_extra732 b/checks/check_extra732
index 75e4f9ab..3b584d34 100644
--- a/checks/check_extra732
+++ b/checks/check_extra732
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra732="7.32"
-CHECK_TITLE_extra732="[extra732] Check if Geo restrictions are enabled in CloudFront distributions (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra732="[extra732] Check if Geo restrictions are enabled in CloudFront distributions"
 CHECK_SCORED_extra732="NOT_SCORED"
 CHECK_TYPE_extra732="EXTRA"
 CHECK_SEVERITY_extra732="Low"
@@ -30,12 +30,12 @@ extra732(){
     for dist in $LIST_DISTRIBUTIONS; do
       GEO_ENABLED=$($AWSCLI cloudfront get-distribution-config $PROFILE_OPT --id $dist --query DistributionConfig.Restrictions.GeoRestriction.RestrictionType --output text)
       if [[ $GEO_ENABLED == "none" ]]; then
-        textFail "CloudFront distribution $dist has not Geo restrictions" "us-east-1" "$dist"
+        textFail "$REGION: CloudFront distribution $dist has not Geo restrictions" "$REGION" "$dist"
       else
-        textPass "CloudFront distribution $dist has Geo restrictions enabled" "us-east-1" "$dist"
+        textPass "$REGION: CloudFront distribution $dist has Geo restrictions enabled" "$REGION" "$dist"
       fi
     done
   else
-    textInfo "No CloudFront distributions found"
+    textInfo "$REGION: No CloudFront distributions found"
   fi
 }
diff --git a/checks/check_extra733 b/checks/check_extra733
index 32a05152..24ea3275 100644
--- a/checks/check_extra733
+++ b/checks/check_extra733
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra733="7.33"
-CHECK_TITLE_extra733="[extra733] Check if there are SAML Providers then STS can be used (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra733="[extra733] Check if there are SAML Providers then STS can be used"
 CHECK_SCORED_extra733="NOT_SCORED"
 CHECK_TYPE_extra733="EXTRA"
 CHECK_SEVERITY_extra733="Low"
@@ -29,9 +29,9 @@ extra733(){
   if [[ $LIST_SAML_PROV ]]; then
     for provider in $LIST_SAML_PROV; do
       PROVIDER_NAME=$(echo $provider| cut -d/ -f2)
-      textInfo "SAML Provider $PROVIDER_NAME has been found"
+      textInfo "$REGION: SAML Provider $PROVIDER_NAME has been found" "$REGION" "$PROVIDER_NAME"
     done
   else
-    textFail "No SAML Provider found. Add one and use STS"
+    textFail "$REGION: No SAML Provider found. Add one and use STS" "$REGION" "$PROVIDER_NAME"
   fi
 }
diff --git a/checks/check_extra734 b/checks/check_extra734
index cb64f335..bb6e2ae5 100644
--- a/checks/check_extra734
+++ b/checks/check_extra734
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra734="7.34"
-CHECK_TITLE_extra734="[extra734] Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra734="[extra734] Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it"
 CHECK_SCORED_extra734="NOT_SCORED"
 CHECK_TYPE_extra734="EXTRA"
 CHECK_SEVERITY_extra734="Medium"
@@ -30,7 +30,7 @@ extra734(){
     for bucket in $LIST_OF_BUCKETS;do
       BUCKET_LOCATION=$($AWSCLI s3api get-bucket-location $PROFILE_OPT --region $REGION --bucket $bucket --output text 2>&1)
       if [[ $(echo "$BUCKET_LOCATION" | grep AccessDenied) ]]; then
-        textFail "Access Denied Trying to Get Bucket Location for $bucket"
+        textFail "$BUCKET_LOCATION Access Denied Trying to Get Bucket Location for $bucket" "$BUCKET_LOCATION" "$bucket"
         continue
       fi
       if [[ $BUCKET_LOCATION == "None" ]]; then
@@ -46,13 +46,13 @@ extra734(){
       # query to get if has encryption enabled or not
       RESULT=$($AWSCLI s3api get-bucket-encryption $PROFILE_OPT --region $BUCKET_LOCATION --bucket $bucket --query ServerSideEncryptionConfiguration.Rules[].ApplyServerSideEncryptionByDefault[].SSEAlgorithm --output text 2>&1)
       if [[ $(echo "$RESULT" | grep AccessDenied) ]]; then
-        textFail "Access Denied Trying to Get Encryption for $bucket"
+        textFail "$BUCKET_LOCATION: Access Denied Trying to Get Encryption for $bucket" "$BUCKET_LOCATION" "$bucket"
         continue
       fi
 
       if [[ $RESULT == "AES256" || $RESULT == "aws:kms" ]];
       then
-        textPass "Bucket $bucket is enabled for default encryption with $RESULT" "us-east-1" "$bucket"
+        textPass "$BUCKET_LOCATION: Bucket $bucket is enabled for default encryption with $RESULT" "$BUCKET_LOCATION" "$bucket"
         continue
       fi
 
@@ -61,12 +61,12 @@ extra734(){
       # get bucket policy
       $AWSCLI s3api get-bucket-policy $PROFILE_OPT --bucket $bucket --region $BUCKET_LOCATION --output text --query Policy > $TEMP_SSE_POLICY_FILE 2>&1
       if [[ $(grep AccessDenied $TEMP_SSE_POLICY_FILE) ]]; then
-        textFail "Access Denied Trying to Get Bucket Policy for $bucket"
+        textFail "$BUCKET_LOCATION: Access Denied Trying to Get Bucket Policy for $bucket" "$BUCKET_LOCATION" "$bucket"
         rm -f $TEMP_SSE_POLICY_FILE
         continue
       fi
       if [[ $(grep NoSuchBucketPolicy $TEMP_SSE_POLICY_FILE) ]]; then
-        textFail "No bucket policy for $bucket" "us-east-1" "$bucket" "us-east-1" "$bucket"
+        textFail "$BUCKET_LOCATION: No bucket policy for $bucket" "$BUCKET_LOCATION" "$bucket"
         rm -f $TEMP_SSE_POLICY_FILE
         continue
       fi
@@ -74,18 +74,18 @@ extra734(){
       # check if the S3 policy forces SSE s3:x-amz-server-side-encryption:true
       CHECK_BUCKET_SSE_POLICY_PRESENT=$(cat $TEMP_SSE_POLICY_FILE | jq --arg arn "arn:${AWS_PARTITION}:s3:::${bucket}/*" '.Statement[]|select(.Effect=="Deny" and ((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*") and .Action=="s3:PutObject" and .Resource==$arn and .Condition.StringEquals."s3:x-amz-server-side-encryption" != null)')
       if [[ $CHECK_BUCKET_SSE_POLICY_PRESENT == "" ]]; then
-        textFail "Bucket $bucket does not enforce encryption!" "us-east-1" "$bucket"
+        textFail "$BUCKET_LOCATION: Bucket $bucket does not enforce encryption!" "$BUCKET_LOCATION" "$bucket"
         rm -f $TEMP_SSE_POLICY_FILE
         continue
       fi
       CHECK_BUCKET_SSE_POLICY_VALUE=$(echo "$CHECK_BUCKET_SSE_POLICY_PRESENT" | jq -r '.Condition.StringNotEquals."s3:x-amz-server-side-encryption"')
 
-      textPass "Bucket $bucket has S3 bucket policy to enforce encryption with $CHECK_BUCKET_SSE_POLICY_VALUE"
+      textPass "$BUCKET_LOCATION: Bucket $bucket has S3 bucket policy to enforce encryption with $CHECK_BUCKET_SSE_POLICY_VALUE" "$BUCKET_LOCATION" "$bucket"
 
       rm -f $TEMP_SSE_POLICY_FILE
     done
 
   else
-    textInfo "No S3 Buckets found"
+    textInfo "$REGION No S3 Buckets found" "$REGION"
   fi
 }
diff --git a/checks/check_extra735 b/checks/check_extra735
index f1d07aba..72cb30f9 100644
--- a/checks/check_extra735
+++ b/checks/check_extra735
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra735="7.35"
-CHECK_TITLE_extra735="[extra735] Check if RDS instances storage is encrypted (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra735="[extra735] Check if RDS instances storage is encrypted"
 CHECK_SCORED_extra735="NOT_SCORED"
 CHECK_TYPE_extra735="EXTRA"
 CHECK_SEVERITY_extra735="Medium"
diff --git a/checks/check_extra736 b/checks/check_extra736
index 00d246c9..1c87be8e 100644
--- a/checks/check_extra736
+++ b/checks/check_extra736
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra736="7.36"
-CHECK_TITLE_extra736="[extra736] Check exposed KMS keys (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra736="[extra736] Check exposed KMS keys"
 CHECK_SCORED_extra736="NOT_SCORED"
 CHECK_TYPE_extra736="EXTRA"
 CHECK_SEVERITY_extra736="Critical"
@@ -25,7 +25,6 @@ CHECK_DOC_extra736='https://docs.aws.amazon.com/kms/latest/developerguide/determ
 CHECK_CAF_EPIC_extra736='Data Protection'
 
 extra736(){
-  textInfo "Looking for KMS keys in all regions...  "
   for regx in $REGIONS; do
     LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --query "Aliases[].[AliasName,TargetKeyId]" --output text |grep -v ^alias/aws/ |awk '{ print $2 }')
     if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
diff --git a/checks/check_extra737 b/checks/check_extra737
index b3e751b8..056e7be6 100644
--- a/checks/check_extra737
+++ b/checks/check_extra737
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra737="7.37"
-CHECK_TITLE_extra737="[extra737] Check KMS keys with key rotation disabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra737="[extra737] Check KMS keys with key rotation disabled"
 CHECK_SCORED_extra737="NOT_SCORED"
 CHECK_TYPE_extra737="EXTRA"
 CHECK_SEVERITY_extra737="Medium"
@@ -25,7 +25,6 @@ CHECK_DOC_extra737='https://docs.aws.amazon.com/kms/latest/developerguide/rotate
 CHECK_CAF_EPIC_extra737='Data Protection'
 
 extra737(){
-  textInfo "Looking for KMS keys in all regions...  "
   for regx in $REGIONS; do
     LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --query "Aliases[].[AliasName,TargetKeyId]" --output text |grep -v ^alias/aws/ |awk '{ print $2 }')
     if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
diff --git a/checks/check_extra738 b/checks/check_extra738
index da1f9840..2a637a9d 100644
--- a/checks/check_extra738
+++ b/checks/check_extra738
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra738="7.38"
-CHECK_TITLE_extra738="[extra738] Check if CloudFront distributions are set to HTTPS (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra738="[extra738] Check if CloudFront distributions are set to HTTPS"
 CHECK_SCORED_extra738="NOT_SCORED"
 CHECK_TYPE_extra738="EXTRA"
 CHECK_SEVERITY_extra738="Medium"
@@ -30,14 +30,14 @@ extra738(){
       for dist in $LIST_OF_DISTRIBUTIONS; do
         CHECK_HTTPS_STATUS=$($AWSCLI cloudfront get-distribution --id $dist --query Distribution.DistributionConfig.DefaultCacheBehavior.ViewerProtocolPolicy $PROFILE_OPT --output text)
         if [[ $CHECK_HTTPS_STATUS == "allow-all" ]]; then
-          textFail "CloudFront distribution $dist viewers can use HTTP or HTTPS!" "$regx" "$dist"
+          textFail "$REGION: CloudFront distribution $dist viewers can use HTTP or HTTPS!" "$REGION" "$dist"
         elif [[ $CHECK_HTTPS_STATUS == "redirect-to-https" ]]; then
-          textPass "CloudFront distribution $dist has redirect to HTTPS" "$regx" "$dist"
+          textPass "$REGION: CloudFront distribution $dist has redirect to HTTPS" "$REGION" "$dist"
         else
-          textPass "CloudFront distribution $dist has HTTPS only" "$regx" "$dist"
+          textPass "$REGION: CloudFront distribution $dist has HTTPS only" "$REGION" "$dist"
         fi
       done
     else
-      textInfo "No CloudFront distributions found" "$regx"
+      textInfo "$REGION: No CloudFront distributions found" "$REGION"
     fi
 }
diff --git a/checks/check_extra739 b/checks/check_extra739
index 0cf5eb98..0dea5d78 100644
--- a/checks/check_extra739
+++ b/checks/check_extra739
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra739="7.39"
-CHECK_TITLE_extra739="[extra739] Check if RDS instances have backup enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra739="[extra739] Check if RDS instances have backup enabled"
 CHECK_SCORED_extra739="NOT_SCORED"
 CHECK_TYPE_extra739="EXTRA"
 CHECK_SEVERITY_extra739="Medium"
diff --git a/checks/check_extra74 b/checks/check_extra74
index fde3b648..7d94a6a9 100644
--- a/checks/check_extra74
+++ b/checks/check_extra74
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra74="7.4"
-CHECK_TITLE_extra74="[extra74] Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra74="[extra74] Ensure there are no Security Groups without ingress filtering being used"
 CHECK_SCORED_extra74="NOT_SCORED"
 CHECK_TYPE_extra74="EXTRA"
 CHECK_SEVERITY_extra74="High"
@@ -27,8 +27,7 @@ CHECK_DOC_extra74='https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security
 CHECK_CAF_EPIC_extra74='Infrastructure Security'
 
 extra74(){
-  # "Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for Security Groups in all regions...  "
+  # "Ensure there are no Security Groups without ingress filtering being used "
   for regx in $REGIONS; do
     LIST_OF_SECURITYGROUPS=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --filters "Name=ip-permission.cidr,Values=0.0.0.0/0" --query "SecurityGroups[].[GroupId]" --output text --max-items $MAXITEMS)
     for SG_ID in $LIST_OF_SECURITYGROUPS; do
@@ -36,7 +35,7 @@ extra74(){
       if [[ $SG_NO_INGRESS_FILTER -ne 0 ]];then
         textFail "$regx: $SG_ID has no ingress filtering and it is being used!" "$regx" "$SG_ID"
       else
-        textInfo "$regx: $SG_ID has no ingress filtering but it is not being used" "$regx"
+        textInfo "$regx: $SG_ID has no ingress filtering but it is not being used" "$regx" "$SG_ID"
       fi
     done
   done
diff --git a/checks/check_extra740 b/checks/check_extra740
index 37f81434..7f771663 100644
--- a/checks/check_extra740
+++ b/checks/check_extra740
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra740="7.40"
-CHECK_TITLE_extra740="[extra740] Check if EBS snapshots are encrypted (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra740="[extra740] Check if EBS snapshots are encrypted"
 CHECK_SCORED_extra740="NOT_SCORED"
 CHECK_TYPE_extra740="EXTRA"
 CHECK_SEVERITY_extra740="Medium"
@@ -25,7 +25,6 @@ CHECK_DOC_extra740='https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncry
 CHECK_CAF_EPIC_extra740='Data Protection'
 
 extra740(){
-  textInfo "Examining EBS Volume Snapshots ..."
   # This does NOT use max-items, which would limit the number of items
   # considered. It considers all snapshots, but only reports at most 
   # max-items passing and max-items failing.
@@ -47,7 +46,7 @@ extra740(){
       for snapshot in ${UNENCRYPTED_SNAPSHOTS}; do
           unencrypted=${unencrypted}+1
           if [ "${unencrypted}" -le "${MAXITEMS}" ]; then
-            textFail "${regx}: ${snapshot} is not encrypted!" "${regx}"
+            textFail "${regx}: ${snapshot} is not encrypted!" "${regx}" "${snapshot}"
           fi
       done
     fi
@@ -55,7 +54,7 @@ extra740(){
       for snapshot in ${ENCRYPTED_SNAPSHOTS}; do
           encrypted=${encrypted}+1
           if [ "${encrypted}" -le "${MAXITEMS}" ]; then
-            textPass "${regx}: ${snapshot} is encrypted." "${regx}"
+            textPass "${regx}: ${snapshot} is encrypted." "${regx}" "${snapshot}"
           fi
       done
     fi
diff --git a/checks/check_extra741 b/checks/check_extra741
index 3fbd71e9..ebf12543 100644
--- a/checks/check_extra741
+++ b/checks/check_extra741
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra741="7.41"
-CHECK_TITLE_extra741="[extra741] Find secrets in EC2 User Data (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra741="[extra741] Find secrets in EC2 User Data"
 CHECK_SCORED_extra741="NOT_SCORED"
 CHECK_TYPE_extra741="EXTRA"
 CHECK_SEVERITY_extra741="Critical"
@@ -30,7 +30,6 @@ extra741(){
     mkdir $SECRETS_TEMP_FOLDER
   fi
 
-  textInfo "Looking for secrets in EC2 User Data in instances across all regions... (max 100 instances per region use -m to increase it)  "
   for regx in $REGIONS; do
     LIST_OF_EC2_INSTANCES=$($AWSCLI ec2 describe-instances $PROFILE_OPT --region $regx --query Reservations[*].Instances[*].InstanceId --output text --max-items $MAXITEMS | grep -v None)
     if [[ $LIST_OF_EC2_INSTANCES ]];then
@@ -47,7 +46,7 @@ extra741(){
           fi
           FINDINGS=$(secretsDetector file "$EC2_USERDATA_FILE")
           if [[ $FINDINGS -eq 0 ]]; then
-            textPass "$regx: No secrets found in $instance User Data" "$regx"
+            textPass "$regx: No secrets found in $instance User Data" "$regx" "$instance"
             # delete file if nothing interesting is there
             rm -f "$EC2_USERDATA_FILE"
           else
diff --git a/checks/check_extra742 b/checks/check_extra742
index 92cd10b3..6c78c7a9 100644
--- a/checks/check_extra742
+++ b/checks/check_extra742
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra742="7.42"
-CHECK_TITLE_extra742="[extra742] Find secrets in CloudFormation outputs (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra742="[extra742] Find secrets in CloudFormation outputs"
 CHECK_SCORED_extra742="NOT_SCORED"
 CHECK_TYPE_extra742="EXTRA"
 CHECK_SEVERITY_extra742="Critical"
@@ -30,7 +30,6 @@ extra742(){
     mkdir $SECRETS_TEMP_FOLDER
   fi
 
-  textInfo "Looking for secrets in CloudFormation output across all regions... "
   for regx in $REGIONS; do
     CFN_STACKS=$($AWSCLI cloudformation describe-stacks $PROFILE_OPT --region $regx --output json)
     LIST_OF_CFN_STACKS=$(echo $CFN_STACKS | jq -r '.Stacks[].StackName')
diff --git a/checks/check_extra743 b/checks/check_extra743
index fb98bec4..b5c365a4 100644
--- a/checks/check_extra743
+++ b/checks/check_extra743
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra743="7.43"
-CHECK_TITLE_extra743="[extra743] Check if API Gateway has client certificate enabled to access your backend endpoint (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra743="[extra743] Check if API Gateway has client certificate enabled to access your backend endpoint"
 CHECK_SCORED_extra743="NOT_SCORED"
 CHECK_TYPE_extra743="EXTRA"
 CHECK_SEVERITY_extra743="Medium"
diff --git a/checks/check_extra744 b/checks/check_extra744
index 6d0d219b..48cf6f11 100644
--- a/checks/check_extra744
+++ b/checks/check_extra744
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra744="7.44"
-CHECK_TITLE_extra744="[extra744] Check if API Gateway has a WAF ACL attached (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra744="[extra744] Check if API Gateway has a WAF ACL attached"
 CHECK_SCORED_extra744="NOT_SCORED"
 CHECK_TYPE_extra744="EXTRA"
 CHECK_SEVERITY_extra744="Medium"
diff --git a/checks/check_extra745 b/checks/check_extra745
index 743bf12a..1ee49e72 100644
--- a/checks/check_extra745
+++ b/checks/check_extra745
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra745="7.45"
-CHECK_TITLE_extra745="[extra745] Check if API Gateway endpoint is public or private (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra745="[extra745] Check if API Gateway endpoint is public or private"
 CHECK_SCORED_extra745="NOT_SCORED"
 CHECK_TYPE_extra745="EXTRA"
 CHECK_SEVERITY_extra745="Medium"
diff --git a/checks/check_extra746 b/checks/check_extra746
index 91d3052a..638d15ef 100644
--- a/checks/check_extra746
+++ b/checks/check_extra746
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra746="7.46"
-CHECK_TITLE_extra746="[extra746] Check if API Gateway has configured authorizers (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra746="[extra746] Check if API Gateway has configured authorizers"
 CHECK_SCORED_extra746="NOT_SCORED"
 CHECK_TYPE_extra746="EXTRA"
 CHECK_SEVERITY_extra746="Medium"
diff --git a/checks/check_extra747 b/checks/check_extra747
index ec6a86d8..2b2ede3b 100644
--- a/checks/check_extra747
+++ b/checks/check_extra747
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra747="7.47"
-CHECK_TITLE_extra747="[extra747] Check if RDS instances is integrated with CloudWatch Logs  (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra747="[extra747] Check if RDS instances is integrated with CloudWatch Logs"
 CHECK_SCORED_extra747="NOT_SCORED"
 CHECK_TYPE_extra747="EXTRA"
 CHECK_SEVERITY_extra747="Medium"
diff --git a/checks/check_extra748 b/checks/check_extra748
index 925f5173..f46ef6c5 100644
--- a/checks/check_extra748
+++ b/checks/check_extra748
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra748="7.48"
-CHECK_TITLE_extra748="[extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra748="[extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port"
 CHECK_SCORED_extra748="NOT_SCORED"
 CHECK_TYPE_extra748="EXTRA"
 CHECK_SEVERITY_extra748="High"
diff --git a/checks/check_extra749 b/checks/check_extra749
index 72bbb129..820d2f68 100644
--- a/checks/check_extra749
+++ b/checks/check_extra749
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra749="7.49"
-CHECK_TITLE_extra749="[extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra749="[extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483"
 CHECK_SCORED_extra749="NOT_SCORED"
 CHECK_TYPE_extra749="EXTRA"
 CHECK_SEVERITY_extra749="High"
diff --git a/checks/check_extra75 b/checks/check_extra75
index f2ae8842..34a05fb8 100644
--- a/checks/check_extra75
+++ b/checks/check_extra75
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra75="7.5"
-CHECK_TITLE_extra75="[extra75] Ensure there are no Security Groups not being used (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra75="[extra75] Ensure there are no Security Groups not being used"
 CHECK_SCORED_extra75="NOT_SCORED"
 CHECK_TYPE_extra75="EXTRA"
 CHECK_SEVERITY_extra75="Informational"
@@ -27,9 +27,7 @@ CHECK_DOC_extra75='https://aws.amazon.com/premiumsupport/knowledge-center/ec2-fi
 CHECK_CAF_EPIC_extra75='Infrastructure Security'
 
 extra75(){
-  # "Ensure there are no Security Groups not being used (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for Security Groups in all regions...  "
-
+  # "Ensure there are no Security Groups not being used "
   for regx in $REGIONS; do
     SECURITYGROUPS=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --max-items $MAXITEMS --output json | jq '.SecurityGroups|map({(.GroupId): (.GroupName)})|add')
     if [[ $SECURITYGROUPS == "null" ]];
@@ -46,7 +44,7 @@ extra75(){
         then
           textFail "$regx: $SG_ID is not being used!" "$regx" "$SG_ID"
         else
-          textInfo "$regx: $SG_ID is not being used - default security group" "$regx"
+          textInfo "$regx: $SG_ID is not being used - default security group" "$regx" "$SG_ID"
         fi
       else
         textPass "$regx: $SG_ID is being used" "$regx" "$SG_ID"
diff --git a/checks/check_extra750 b/checks/check_extra750
index d8352433..62dcf115 100644
--- a/checks/check_extra750
+++ b/checks/check_extra750
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra750="7.50"
-CHECK_TITLE_extra750="[extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra750="[extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306"
 CHECK_SCORED_extra750="NOT_SCORED"
 CHECK_TYPE_extra750="EXTRA"
 CHECK_SEVERITY_extra750="High"
diff --git a/checks/check_extra751 b/checks/check_extra751
index c9772ccb..c98cd4fe 100644
--- a/checks/check_extra751
+++ b/checks/check_extra751
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra751="7.51"
-CHECK_TITLE_extra751="[extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra751="[extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432"
 CHECK_SCORED_extra751="NOT_SCORED"
 CHECK_TYPE_extra751="EXTRA"
 CHECK_SEVERITY_extra751="High"
diff --git a/checks/check_extra752 b/checks/check_extra752
index 17217098..07aa549d 100644
--- a/checks/check_extra752
+++ b/checks/check_extra752
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra752="7.52"
-CHECK_TITLE_extra752="[extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra752="[extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379"
 CHECK_SCORED_extra752="NOT_SCORED"
 CHECK_TYPE_extra752="EXTRA"
 CHECK_SEVERITY_extra752="High"
diff --git a/checks/check_extra753 b/checks/check_extra753
index 045af6bf..34042b6e 100644
--- a/checks/check_extra753
+++ b/checks/check_extra753
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra753="7.53"
-CHECK_TITLE_extra753="[extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra753="[extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018"
 CHECK_SCORED_extra753="NOT_SCORED"
 CHECK_TYPE_extra753="EXTRA"
 CHECK_SEVERITY_extra753="High"
diff --git a/checks/check_extra754 b/checks/check_extra754
index 03400ba1..4277fe4f 100644
--- a/checks/check_extra754
+++ b/checks/check_extra754
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra754="7.54"
-CHECK_TITLE_extra754="[extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra754="[extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888"
 CHECK_SCORED_extra754="NOT_SCORED"
 CHECK_TYPE_extra754="EXTRA"
 CHECK_SEVERITY_extra754="High"
diff --git a/checks/check_extra755 b/checks/check_extra755
index e0e55079..50430f1a 100644
--- a/checks/check_extra755
+++ b/checks/check_extra755
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra755="7.55"
-CHECK_TITLE_extra755="[extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211 (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra755="[extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211"
 CHECK_SCORED_extra755="NOT_SCORED"
 CHECK_TYPE_extra755="EXTRA"
 CHECK_SEVERITY_extra755="High"
diff --git a/checks/check_extra756 b/checks/check_extra756
index ba4bb323..a931904f 100644
--- a/checks/check_extra756
+++ b/checks/check_extra756
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra756="7.56"
-CHECK_TITLE_extra756="[extra756] Check if Redshift cluster is Public Accessible (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra756="[extra756] Check if Redshift cluster is Public Accessible"
 CHECK_SCORED_extra756="NOT_SCORED"
 CHECK_TYPE_extra756="EXTRA"
 CHECK_SEVERITY_extra756="High"
diff --git a/checks/check_extra757 b/checks/check_extra757
index 9277f030..364caab7 100644
--- a/checks/check_extra757
+++ b/checks/check_extra757
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra757="7.57"
-CHECK_TITLE_extra757="[extra757] Check EC2 Instances older than 6 months (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra757="[extra757] Check EC2 Instances older than 6 months"
 CHECK_SCORED_extra757="NOT_SCORED"
 CHECK_TYPE_extra757="EXTRA"
 CHECK_SEVERITY_extra757="Medium"
@@ -25,7 +25,6 @@ CHECK_CAF_EPIC_extra757='Infrastructure Security'
 
 extra757(){
   OLDAGE="$(get_date_previous_than_months 6)"
-  textInfo "Looking for EC2 instances in all regions..."
   for regx in $REGIONS; do
     EC2_RUNNING="$($AWSCLI ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId]" $PROFILE_OPT --region $regx --output text)"
     if [[ $EC2_RUNNING ]]; then
diff --git a/checks/check_extra758 b/checks/check_extra758
index 17b47776..0beabcf4 100644
--- a/checks/check_extra758
+++ b/checks/check_extra758
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra758="7.58"
-CHECK_TITLE_extra758="[extra758] Check EC2 Instances older than 12 months (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra758="[extra758] Check EC2 Instances older than 12 months "
 CHECK_SCORED_extra758="NOT_SCORED"
 CHECK_TYPE_extra758="EXTRA"
 CHECK_SEVERITY_extra758="Medium"
@@ -25,7 +25,6 @@ CHECK_CAF_EPIC_extra758='Infrastructure Security'
 
 extra758(){
   OLDAGE="$(get_date_previous_than_months 12)"
-  textInfo "Looking for EC2 instances in all regions..."
   for regx in $REGIONS; do
     EC2_RUNNING="$($AWSCLI ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId]" $PROFILE_OPT --region $regx --output text)"
     if [[ $EC2_RUNNING ]]; then
diff --git a/checks/check_extra759 b/checks/check_extra759
index aa557e46..15f73fcd 100644
--- a/checks/check_extra759
+++ b/checks/check_extra759
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra759="7.59"
-CHECK_TITLE_extra759="[extra759] Find secrets in Lambda functions variables (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra759="[extra759] Find secrets in Lambda functions variables "
 CHECK_SCORED_extra759="NOT_SCORED"
 CHECK_TYPE_extra759="EXTRA"
 CHECK_SEVERITY_extra759="Critical"
@@ -30,7 +30,6 @@ extra759(){
     mkdir $SECRETS_TEMP_FOLDER
   fi
 
-  textInfo "Looking for secrets in Lambda variables across all regions... "
   for regx in $REGIONS; do
     LIST_OF_FUNCTIONS=$($AWSCLI lambda list-functions $PROFILE_OPT --region $regx --query Functions[*].FunctionName --output text)
     if [[ $LIST_OF_FUNCTIONS ]]; then
diff --git a/checks/check_extra76 b/checks/check_extra76
index c8348216..9124b8cb 100644
--- a/checks/check_extra76
+++ b/checks/check_extra76
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra76="7.6"
-CHECK_TITLE_extra76="[extra76] Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra76="[extra76] Ensure there are no EC2 AMIs set as Public"
 CHECK_SCORED_extra76="NOT_SCORED"
 CHECK_TYPE_extra76="EXTRA"
 CHECK_SEVERITY_extra76="Critical"
@@ -25,8 +25,7 @@ CHECK_DOC_extra76='https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/usingshar
 CHECK_CAF_EPIC_extra76='Infrastructure Security'
 
 extra76(){
-  # "Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for AMIs in all regions...  "
+  # "Ensure there are no EC2 AMIs set as Public "
   for regx in $REGIONS; do
     LIST_OF_PUBLIC_AMIS=$($AWSCLI ec2 describe-images --owners self $PROFILE_OPT --region $regx --filters "Name=is-public,Values=true" --query 'Images[*].{ID:ImageId}' --output text)
     if [[ $LIST_OF_PUBLIC_AMIS ]];then
diff --git a/checks/check_extra760 b/checks/check_extra760
index f770e5b4..ca70b83f 100644
--- a/checks/check_extra760
+++ b/checks/check_extra760
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra760="7.60"
-CHECK_TITLE_extra760="[extra760] Find secrets in Lambda functions code (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra760="[extra760] Find secrets in Lambda functions code "
 CHECK_SCORED_extra760="NOT_SCORED"
 CHECK_TYPE_extra760="EXTRA"
 CHECK_SEVERITY_extra760="Critical"
@@ -30,8 +30,6 @@ extra760(){
     mkdir $SECRETS_TEMP_FOLDER
   fi
 
-  textInfo "Looking for secrets in Lambda functions code across all regions... "
-  textInfo "This check may take a while depending on your functions size! "
   for regx in $REGIONS; do
     LIST_OF_FUNCTIONS=$($AWSCLI lambda list-functions $PROFILE_OPT --region $regx --query Functions[*].FunctionName --output text)
     if [[ $LIST_OF_FUNCTIONS ]]; then
diff --git a/checks/check_extra761 b/checks/check_extra761
index a8504632..34ecb953 100644
--- a/checks/check_extra761
+++ b/checks/check_extra761
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra761="7.61"
-CHECK_TITLE_extra761="[extra761] Check if EBS Default Encryption is activated (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra761="[extra761] Check if EBS Default Encryption is activated "
 CHECK_SCORED_extra761="NOT_SCORED"
 CHECK_TYPE_extra761="EXTRA"
 CHECK_SEVERITY_extra761="Medium"
@@ -24,15 +24,14 @@ CHECK_DOC_extra761='https://aws.amazon.com/premiumsupport/knowledge-center/ebs-a
 CHECK_CAF_EPIC_extra761='Data Protection'
 
 extra761(){
-  textInfo "Looking for EBS Default Encryption activation in all regions...  "
   for regx in $REGIONS; do
     EBS_DEFAULT_ENCRYPTION=$($AWSCLI ec2 get-ebs-encryption-by-default $PROFILE_OPT --region $regx --query 'EbsEncryptionByDefault' 2>&1)
     if [[ $(echo "$EBS_DEFAULT_ENCRYPTION" | grep "argument operation: Invalid choice") ]]; then
-      textFail "Newer aws cli needed for get-ebs-encryption-by-default"
+      textFail "$regx: Newer aws cli needed for get-ebs-encryption-by-default" "$regx"
       continue
     fi
     if [[ $(echo "$EBS_DEFAULT_ENCRYPTION" | grep UnauthorizedOperation) ]]; then
-      textFail "Prowler needs ec2:GetEbsEncryptionByDefault permission for this check"
+      textFail "$regx: Prowler needs ec2:GetEbsEncryptionByDefault permission for this check" "$regx"
       continue
     fi
     if [[ $EBS_DEFAULT_ENCRYPTION == "true" ]];then
diff --git a/checks/check_extra762 b/checks/check_extra762
index 92389bc2..2345f058 100644
--- a/checks/check_extra762
+++ b/checks/check_extra762
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra762="7.62"
-CHECK_TITLE_extra762="[extra762] Find obsolete Lambda runtimes (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra762="[extra762] Find obsolete Lambda runtimes "
 CHECK_SCORED_extra762="NOT_SCORED"
 CHECK_TYPE_extra762="EXTRA"
 CHECK_SEVERITY_extra762="Medium"
diff --git a/checks/check_extra763 b/checks/check_extra763
index 7c8b74ce..d2d53e0d 100644
--- a/checks/check_extra763
+++ b/checks/check_extra763
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra763="7.63"
-CHECK_TITLE_extra763="[extra763] Check if S3 buckets have object versioning enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra763="[extra763] Check if S3 buckets have object versioning enabled "
 CHECK_SCORED_extra763="NOT_SCORED"
 CHECK_TYPE_extra763="EXTRA"
 CHECK_SEVERITY_extra763="Medium"
@@ -24,7 +24,7 @@ CHECK_DOC_extra763='https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Vers
 CHECK_CAF_EPIC_extra763='Data Protection'
 
 extra763(){
-  # "Check if S3 buckets have object versioning enabled (Not Scored) (Not part of CIS benchmark)"
+  # "Check if S3 buckets have object versioning enabled "
   LIST_OF_BUCKETS=$($AWSCLI s3api list-buckets $PROFILE_OPT --query Buckets[*].Name --output text|xargs -n1)
   if [[ $LIST_OF_BUCKETS ]]; then
     for bucket in $LIST_OF_BUCKETS;do
diff --git a/checks/check_extra764 b/checks/check_extra764
index 7e1153c4..67a6158c 100644
--- a/checks/check_extra764
+++ b/checks/check_extra764
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra764="7.64"
-CHECK_TITLE_extra764="[extra764] Check if S3 buckets have secure transport policy (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra764="[extra764] Check if S3 buckets have secure transport policy "
 CHECK_SCORED_extra764="NOT_SCORED"
 CHECK_TYPE_extra764="EXTRA"
 CHECK_SEVERITY_extra764="Medium"
diff --git a/checks/check_extra765 b/checks/check_extra765
index e00d272c..38cdc508 100644
--- a/checks/check_extra765
+++ b/checks/check_extra765
@@ -21,7 +21,7 @@
 #     --image-scanning-configuration scanOnPush=true
 
 CHECK_ID_extra765="7.65"
-CHECK_TITLE_extra765="[extra765] Check if ECR image scan on push is enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra765="[extra765] Check if ECR image scan on push is enabled "
 CHECK_SCORED_extra765="NOT_SCORED"
 CHECK_TYPE_extra765="EXTRA"
 CHECK_SEVERITY_extra765="Medium"
diff --git a/checks/check_extra767 b/checks/check_extra767
index b97bbdae..7bff69fd 100644
--- a/checks/check_extra767
+++ b/checks/check_extra767
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra767="7.67"
-CHECK_TITLE_extra767="[extra767] Check if CloudFront distributions have Field Level Encryption enabled (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra767="[extra767] Check if CloudFront distributions have Field Level Encryption enabled "
 CHECK_SCORED_extra767="NOT_SCORED"
 CHECK_TYPE_extra767="EXTRA"
 CHECK_SEVERITY_extra767="Low"
diff --git a/checks/check_extra768 b/checks/check_extra768
index c1806dd3..dc222b5d 100644
--- a/checks/check_extra768
+++ b/checks/check_extra768
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra768="7.68"
-CHECK_TITLE_extra768="[extra768] Find secrets in ECS task definitions variables (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra768="[extra768] Find secrets in ECS task definitions variables "
 CHECK_SCORED_extra768="NOT_SCORED"
 CHECK_TYPE_extra768="EXTRA"
 CHECK_SEVERITY_extra768="Critical"
@@ -29,7 +29,6 @@ extra768(){
     # this folder is deleted once this check is finished
     mkdir $SECRETS_TEMP_FOLDER
   fi
-  textInfo "Looking for secrets in ECS task definitions' environment variables across all regions... "
   for regx in $REGIONS; do
     # Get a list of all families first:
     FAMILIES=$($AWSCLI ecs list-task-definition-families $PROFILE_OPT --region $regx --status ACTIVE | jq -r .families[])
@@ -53,7 +52,7 @@ extra768(){
             textFail "$regx: Potential secret found in ECS task definition $TASK_DEFINITION variables" "$regx" "$TASK_DEFINITION"
           fi
         else
-          textInfo "$regx: ECS task definition $TASK_DEFINITION has no variables" "$regx"
+          textInfo "$regx: ECS task definition $TASK_DEFINITION has no variables" "$regx" "$TASK_DEFINITION"
           rm -f $TASK_DEFINITION_ENV_VARIABLES_FILE
         fi
       done
diff --git a/checks/check_extra769 b/checks/check_extra769
index f9f5308f..00e34e00 100644
--- a/checks/check_extra769
+++ b/checks/check_extra769
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra769="7.69"
-CHECK_TITLE_extra769="[extra769] Check if IAM Access Analyzer is enabled and its findings (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra769="[extra769] Check if IAM Access Analyzer is enabled and its findings "
 CHECK_SCORED_extra769="NOT_SCORED"
 CHECK_TYPE_extra769="EXTRA"
 CHECK_SEVERITY_extra769="High"
diff --git a/checks/check_extra77 b/checks/check_extra77
index b9624616..d3cc4a50 100644
--- a/checks/check_extra77
+++ b/checks/check_extra77
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra77="7.7"
-CHECK_TITLE_extra77="[extra77] Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra77="[extra77] Ensure there are no ECR repositories set as Public"
 CHECK_SCORED_extra77="NOT_SCORED"
 CHECK_TYPE_extra77="EXTRA"
 CHECK_SEVERITY_extra77="Critical"
@@ -26,43 +26,43 @@ CHECK_DOC_extra77='https://docs.aws.amazon.com/AmazonECR/latest/public/security_
 CHECK_CAF_EPIC_extra77='Data Protection'
 
 extra77(){
-  # "Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark)"
-  for region in $REGIONS; do
-    LIST_ECR_REPOS=$($AWSCLI ecr describe-repositories $PROFILE_OPT --region $region --query "repositories[*].[repositoryName]" --output text 2>&1)
+  # "Ensure there are no ECR repositories set as Public "
+  for regx in $REGIONS; do
+    LIST_ECR_REPOS=$($AWSCLI ecr describe-repositories $PROFILE_OPT --region $regx --query "repositories[*].[repositoryName]" --output text 2>&1)
     if [[ $(echo "$LIST_ECR_REPOS" | grep AccessDenied) ]]; then
-      textFail "Access Denied Trying to describe ECR repositories"
+      textFail "$regx: Access Denied Trying to describe ECR repositories" "$regx" "$repo"
       continue
     fi
     if [[ $(echo "$LIST_ECR_REPOS" | grep SubscriptionRequiredException) ]]; then
-      textFail "Subscription Required Exception trying to describe ECR repositories"
+      textFail "$regx: Subscription Required Exception trying to describe ECR repositories" "$regx" "$repo"
       continue
     fi
     if [[ ! -z "$LIST_ECR_REPOS" ]]; then
       for repo in $LIST_ECR_REPOS; do
         TEMP_POLICY_FILE=$(mktemp -t prowler-${ACCOUNT_NUM}-ecr-repo.policy.XXXXXXXXXX)
-        $AWSCLI ecr get-repository-policy $PROFILE_OPT --region $region --repository-name $repo --query "policyText" --output text > $TEMP_POLICY_FILE 2>&1
+        $AWSCLI ecr get-repository-policy $PROFILE_OPT --region $regx --repository-name $repo --query "policyText" --output text > $TEMP_POLICY_FILE 2>&1
         if [[ $(grep AccessDenied $TEMP_POLICY_FILE) ]]; then
-          textFail "$region: $repo Access Denied for get-repository-policy"
+          textFail "$regx: $repo Access Denied for get-repository-policy" "$regx" "$repo"
           rm -f $TEMP_POLICY_FILE
           continue
         fi
         # https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html - "By default, only the repository owner has access to a repository."
         if [[ $(grep RepositoryPolicyNotFoundException $TEMP_POLICY_FILE) ]]; then
-          textPass "$region: $repo is not open" "$region" "$repo"
+          textPass "$regx: $repo is not open" "$regx" "$repo"
           rm -f $TEMP_POLICY_FILE
           continue
         fi
         # check if the policy has Principal as *
         CHECK_ECR_REPO_ALLUSERS_POLICY=$(cat $TEMP_POLICY_FILE | jq '.Statement[]|select(.Effect=="Allow" and (((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")))')
         if [[ $CHECK_ECR_REPO_ALLUSERS_POLICY ]]; then
-          textFail "$region: $repo policy \"may\" allow Anonymous users to perform actions (Principal: \"*\")" "$region"
+          textFail "$regx: $repo policy \"may\" allow Anonymous users to perform actions (Principal: \"*\")" "$regx"
         else
-          textPass "$region: $repo is not open" "$region" "$repo"
+          textPass "$regx: $repo is not open" "$regx" "$repo"
         fi
         rm -f $TEMP_POLICY_FILE
       done
     else
-      textInfo "$region: No ECR repositories found" "$region" "$repo"
+      textInfo "$regx: No ECR repositories found" "$regx" "$repo"
     fi
   done
 }
diff --git a/checks/check_extra770 b/checks/check_extra770
index e8d023a4..c1e9694b 100644
--- a/checks/check_extra770
+++ b/checks/check_extra770
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra770="7.70"
-CHECK_TITLE_extra770="[extra770] Check for internet facing EC2 instances with Instance Profiles attached (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra770="[extra770] Check for internet facing EC2 instances with Instance Profiles attached "
 CHECK_SCORED_extra770="NOT_SCORED"
 CHECK_TYPE_extra770="EXTRA"
 CHECK_SEVERITY_extra770="Medium"
@@ -24,8 +24,7 @@ CHECK_DOC_extra770='https://aws.amazon.com/blogs/aws/aws-web-application-firewal
 CHECK_CAF_EPIC_extra770='Infrastructure Security'
 
 extra770(){
-  # "Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for instances in all regions...  "
+  # "Check for internet facing EC2 Instances "
   for regx in $REGIONS; do
     LIST_OF_PUBLIC_INSTANCES_WITH_INSTANCE_PROFILES=$($AWSCLI ec2 describe-instances $PROFILE_OPT --region $regx --query 'Reservations[*].Instances[?((IamInstanceProfile!=`null` && PublicIpAddress!=`null`))].[InstanceId,PublicIpAddress,IamInstanceProfile.Arn]' --output text)
     if [[ $LIST_OF_PUBLIC_INSTANCES_WITH_INSTANCE_PROFILES ]];then
diff --git a/checks/check_extra771 b/checks/check_extra771
index 9bcaea71..a2236c00 100644
--- a/checks/check_extra771
+++ b/checks/check_extra771
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra771="7.71"
-CHECK_TITLE_extra771="[extra771] Check if S3 buckets have policies which allow WRITE access (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra771="[extra771] Check if S3 buckets have policies which allow WRITE access "
 CHECK_SCORED_extra771="NOT_SCORED"
 CHECK_TYPE_extra771="EXTRA"
 CHECK_SEVERITY_extra771="Critical"
diff --git a/checks/check_extra772 b/checks/check_extra772
index 9f3dbcd9..93b36041 100644
--- a/checks/check_extra772
+++ b/checks/check_extra772
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra772="7.72"
-CHECK_TITLE_extra772="[extra772] Check if elastic IPs are unused (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra772="[extra772] Check if elastic IPs are unused "
 CHECK_SCORED_extra772="NOT_SCORED"
 CHECK_TYPE_extra772="EXTRA"
 CHECK_SEVERITY_extra772="Low"
diff --git a/checks/check_extra773 b/checks/check_extra773
index b8eee770..7c168fcd 100644
--- a/checks/check_extra773
+++ b/checks/check_extra773
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra773="7.73"
-CHECK_TITLE_extra773="[extra773] Check if CloudFront distributions are using WAF (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra773="[extra773] Check if CloudFront distributions are using WAF "
 CHECK_SCORED_extra773="NOT_SCORED"
 CHECK_TYPE_extra773="EXTRA"
 CHECK_SEVERITY_extra773="Medium"
@@ -25,7 +25,7 @@ CHECK_DOC_extra773='https://docs.aws.amazon.com/waf/latest/developerguide/cloudf
 CHECK_CAF_EPIC_extra773='Infrastructure Security'
 
 extra773(){
-  # "Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)"
+  # "Check if CloudFront distributions have logging enabled "
   LIST_OF_DISTRIBUTIONS=$($AWSCLI cloudfront list-distributions $PROFILE_OPT --query 'DistributionList.Items[].Id' --output text | grep -v "^None")
   if [[ $LIST_OF_DISTRIBUTIONS ]]; then
     for dist in $LIST_OF_DISTRIBUTIONS; do
diff --git a/checks/check_extra775 b/checks/check_extra775
index dbb50c8d..96d0d3b4 100644
--- a/checks/check_extra775
+++ b/checks/check_extra775
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra775="7.75"
-CHECK_TITLE_extra775="[extra775] Find secrets in EC2 Auto Scaling Launch Configuration (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra775="[extra775] Find secrets in EC2 Auto Scaling Launch Configuration "
 CHECK_SCORED_extra775="NOT_SCORED"
 CHECK_TYPE_extra775="EXTRA"
 CHECK_SEVERITY_extra775="Critical"
@@ -29,7 +29,6 @@ extra775(){
     mkdir $SECRETS_TEMP_FOLDER
   fi 
 
-  textInfo "Looking for secrets in EC2 Auto Scaling Launch Configuration across all regions... (max 100 autoscaling_configurations per region use -m to increase it)  "
   for regx in $REGIONS; do
     LIST_OF_EC2_AUTOSCALING=$($AWSCLI autoscaling describe-launch-configurations $PROFILE_OPT --region $regx --query LaunchConfigurations[*].LaunchConfigurationName --output text --max-items $MAXITEMS | grep -v None)
     if [[ $LIST_OF_EC2_AUTOSCALING ]];then
diff --git a/checks/check_extra776 b/checks/check_extra776
index a572afe4..f234bb0b 100644
--- a/checks/check_extra776
+++ b/checks/check_extra776
@@ -26,7 +26,7 @@
 #     --image-id imageTag=<value>
 
 CHECK_ID_extra776="7.76"
-CHECK_TITLE_extra776="[extra776] Check if ECR image scan found vulnerabilities in the newest image version (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra776="[extra776] Check if ECR image scan found vulnerabilities in the newest image version "
 CHECK_SCORED_extra776="NOT_SCORED"
 CHECK_TYPE_extra776="EXTRA"
 CHECK_SEVERITY_extra776="Medium"
diff --git a/checks/check_extra777 b/checks/check_extra777
index fe784968..f79d907e 100644
--- a/checks/check_extra777
+++ b/checks/check_extra777
@@ -15,7 +15,7 @@
 # Reference: https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html
 
 CHECK_ID_extra777="7.77"
-CHECK_TITLE_extra777="[extra777] Find VPC security groups with many ingress or egress rules (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra777="[extra777] Find VPC security groups with many ingress or egress rules "
 CHECK_SCORED_extra777="NOT_SCORED"
 CHECK_TYPE_extra777="EXTRA"
 CHECK_SEVERITY_extra777="Medium"
@@ -29,7 +29,6 @@ CHECK_CAF_EPIC_extra777='Infrastructure Security'
 
 extra777(){
     THRESHOLD=50
-    textInfo "Looking for VPC security groups with more than ${THRESHOLD} rules across all regions...  "
 
     for regx in ${REGIONS}; do
         SECURITY_GROUP_IDS=$(${AWSCLI} ec2 describe-security-groups \
diff --git a/checks/check_extra778 b/checks/check_extra778
index 14383912..63cb12cd 100644
--- a/checks/check_extra778
+++ b/checks/check_extra778
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_extra778="7.78"
-CHECK_TITLE_extra778="[extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918) (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra778="[extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918) "
 CHECK_SCORED_extra778="NOT_SCORED"
 CHECK_TYPE_extra778="EXTRA"
 CHECK_SEVERITY_extra778="Medium"
@@ -27,7 +27,6 @@ CHECK_CAF_EPIC_extra778='Infrastructure Security'
 extra778(){
     CIDR_THRESHOLD=24
     RFC1918_REGEX="(^127\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)"
-    textInfo "Looking for VPC security groups with wide-open (</${CIDR_THRESHOLD}) non-RFC1918 IPv4 address ranges in all regions...  "
 
     check_cidr() {
         local SECURITY_GROUP=$1
diff --git a/checks/check_extra78 b/checks/check_extra78
index a164eddb..bdabda6d 100644
--- a/checks/check_extra78
+++ b/checks/check_extra78
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra78="7.8"
-CHECK_TITLE_extra78="[extra78] Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra78="[extra78] Ensure there are no Public Accessible RDS instances"
 CHECK_SCORED_extra78="NOT_SCORED"
 CHECK_TYPE_extra78="EXTRA"
 CHECK_SEVERITY_extra78="Critical"
@@ -26,7 +26,7 @@ CHECK_DOC_extra78='https://docs.amazonaws.cn/en_us/config/latest/developerguide/
 CHECK_CAF_EPIC_extra78='Data Protection'
 
 extra78(){
-  # "Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)"
+  # "Ensure there are no Public Accessible RDS instances "
   for regx in $REGIONS; do
     LIST_OF_RDS_PUBLIC_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[?PubliclyAccessible==`true` && DBInstanceStatus==`"available"`].[DBInstanceIdentifier,Endpoint.Address]' --output text)
     if [[ $LIST_OF_RDS_PUBLIC_INSTANCES ]];then
diff --git a/checks/check_extra786 b/checks/check_extra786
index b9895f57..87a33ecf 100644
--- a/checks/check_extra786
+++ b/checks/check_extra786
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra786="7.86"
-CHECK_TITLE_extra786="[extra786] Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra786="[extra786] Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required "
 CHECK_SCORED_extra786="NOT_SCORED"
 CHECK_TYPE_extra786="EXTRA"
 CHECK_SEVERITY_extra786="Medium"
diff --git a/checks/check_extra788 b/checks/check_extra788
index 9ca6f854..8d0655c1 100644
--- a/checks/check_extra788
+++ b/checks/check_extra788
@@ -27,7 +27,7 @@ extra788(){
   # Prowler will try to access each ElasticSearch server to the public URI endpoint.
   # That is from the host where Prowler is running and will try to read indices or get kibana status
 
-  # "Check if Elasticsearch Service domains allow open access (Not Scored) (Not part of CIS benchmark)"
+  # "Check if Elasticsearch Service domains allow open access "
   for regx in $REGIONS; do
     LIST_OF_DOMAINS=$($AWSCLI es list-domain-names $PROFILE_OPT --region $regx --query DomainNames --output text)
     if [[ $LIST_OF_DOMAINS ]]; then
diff --git a/checks/check_extra79 b/checks/check_extra79
index 70057d75..ffad816f 100644
--- a/checks/check_extra79
+++ b/checks/check_extra79
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra79="7.9"
-CHECK_TITLE_extra79="[extra79] Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra79="[extra79] Check for internet facing Elastic Load Balancers"
 CHECK_SCORED_extra79="NOT_SCORED"
 CHECK_TYPE_extra79="EXTRA"
 CHECK_SEVERITY_extra79="Medium"
@@ -26,8 +26,7 @@ CHECK_DOC_extra79='https://docs.aws.amazon.com/waf/latest/developerguide/web-acl
 CHECK_CAF_EPIC_extra79='Data Protection'
 
 extra79(){
-  # "Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for Elastic Load Balancers in all regions...  "
+  # "Check for internet facing Elastic Load Balancers "
   for regx in $REGIONS; do
     LIST_OF_PUBLIC_ELBS=$($AWSCLI elb describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancerDescriptions[?Scheme == `internet-facing`].[LoadBalancerName,DNSName]' --output text)
     LIST_OF_PUBLIC_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[?Scheme == `internet-facing`].[LoadBalancerName,DNSName]' --output text)
@@ -40,7 +39,7 @@ extra79(){
         textFail "$regx: ELB: $ELB_NAME at DNS: $ELB_DNSNAME is internet-facing!" "$regx" "$ELB_NAME"
       done <<< "$LIST_OF_ALL_ELBS_PER_LINE"
       else
-        textPass "$regx: no Internet Facing ELBs found" "$regx"
+        textPass "$regx: no Internet Facing ELBs found" "$regx" "$ELB_NAME"
     fi
   done
 }
diff --git a/checks/check_extra792 b/checks/check_extra792
index 33ee3aa4..c9906104 100644
--- a/checks/check_extra792
+++ b/checks/check_extra792
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra792="7.92"
-CHECK_TITLE_extra792="[extra792] Check if Elastic Load Balancers have insecure SSL ciphers (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra792="[extra792] Check if Elastic Load Balancers have insecure SSL ciphers "
 CHECK_SCORED_extra792="NOT_SCORED"
 CHECK_TYPE_extra792="EXTRA"
 CHECK_SEVERITY_extra792="Medium"
@@ -25,7 +25,7 @@ CHECK_DOC_extra792='https://docs.aws.amazon.com/elasticloadbalancing/latest/clas
 CHECK_CAF_EPIC_extra792='Data Protection'
 
 extra792(){
-  # "Check if Elastic Load Balancers have insecure SSL ciphers (Not Scored) (Not part of CIS benchmark)"
+  # "Check if Elastic Load Balancers have insecure SSL ciphers "
   for regx in $REGIONS; do
     LIST_OF_ELBS=$($AWSCLI elb describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancerDescriptions[*].LoadBalancerName' --output text|xargs -n1)
     LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[*].LoadBalancerArn' --output text|xargs -n1)
diff --git a/checks/check_extra793 b/checks/check_extra793
index c91d60fa..42b3bf36 100644
--- a/checks/check_extra793
+++ b/checks/check_extra793
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra793="7.93"
-CHECK_TITLE_extra793="[extra793] Check if Elastic Load Balancers have SSL listeners (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra793="[extra793] Check if Elastic Load Balancers have SSL listeners "
 CHECK_SCORED_extra793="NOT_SCORED"
 CHECK_TYPE_extra793="EXTRA"
 CHECK_SEVERITY_extra793="Medium"
@@ -25,7 +25,7 @@ CHECK_DOC_extra793='https://docs.aws.amazon.com/elasticloadbalancing/latest/appl
 CHECK_CAF_EPIC_extra793='Data Protection'
 
 extra793(){
-  # "Check if Elastic Load Balancers have encrypted listeners (Not Scored) (Not part of CIS benchmark)"
+  # "Check if Elastic Load Balancers have encrypted listeners "
   for regx in $REGIONS; do
     LIST_OF_ELBS=$($AWSCLI elb describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancerDescriptions[*].LoadBalancerName' --output text|xargs -n1)
     LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[?(Type == `application`)].LoadBalancerArn' --output text|xargs -n1)
diff --git a/checks/check_extra794 b/checks/check_extra794
index a4d38eaf..347e4809 100644
--- a/checks/check_extra794
+++ b/checks/check_extra794
@@ -24,7 +24,6 @@ CHECK_DOC_extra794='https://docs.aws.amazon.com/eks/latest/userguide/logging-mon
 CHECK_CAF_EPIC_extra794='Logging and Monitoring'
 
 extra794(){
-  textInfo "Looking for control plane logging enabled for EKS clusters across all regions... "
   for regx in $REGIONS; do
     CLUSTERS=$($AWSCLI eks list-clusters $PROFILE_OPT --region $regx --query 'clusters[]' --output text)
     if [[ $CLUSTERS ]]; then
diff --git a/checks/check_extra795 b/checks/check_extra795
index aaa925c5..d28e0f4e 100644
--- a/checks/check_extra795
+++ b/checks/check_extra795
@@ -24,7 +24,6 @@ CHECK_DOC_extra795='https://docs.aws.amazon.com/eks/latest/userguide/infrastruct
 CHECK_CAF_EPIC_extra795='Infrastructure Security'
 
 extra795(){
-  textInfo "Looking for public access enabled for EKS clusters across all regions... "
   for regx in $REGIONS; do
     CLUSTERS=$($AWSCLI eks list-clusters $PROFILE_OPT --region $regx --query 'clusters[]' --output text)
     if [[ $CLUSTERS ]]; then
diff --git a/checks/check_extra796 b/checks/check_extra796
index ac39473e..5351d4e8 100644
--- a/checks/check_extra796
+++ b/checks/check_extra796
@@ -24,7 +24,6 @@ CHECK_DOC_extra796='https://docs.aws.amazon.com/eks/latest/userguide/cluster-end
 CHECK_CAF_EPIC_extra796='Infrastructure Security'
 
 extra796(){
-  textInfo "Looking for public access CIDRs for EKS clusters across all regions... "
   for regx in $REGIONS; do
     CLUSTERS=$($AWSCLI eks list-clusters $PROFILE_OPT --region $regx --query 'clusters[]' --output text)
     if [[ $CLUSTERS ]]; then
diff --git a/checks/check_extra797 b/checks/check_extra797
index 6484c2b1..7576292b 100644
--- a/checks/check_extra797
+++ b/checks/check_extra797
@@ -24,7 +24,6 @@ CHECK_DOC_extra797='https://docs.aws.amazon.com/eks/latest/userguide/create-clus
 CHECK_CAF_EPIC_extra797='Data Protection'
 
 extra797(){
-  textInfo "Looking for encryption config for EKS clusters across all regions... "
   for regx in $REGIONS; do
     CLUSTERS=$($AWSCLI eks list-clusters $PROFILE_OPT --region $regx --query 'clusters[]' --output text)
     if [[ $CLUSTERS ]]; then
diff --git a/checks/check_sample b/checks/check_sample
index 99057dd7..2b16c752 100644
--- a/checks/check_sample
+++ b/checks/check_sample
@@ -25,7 +25,7 @@
 
 
 # CHECK_ID_checkN="N.N"
-# CHECK_TITLE_checkN="[checkN] Description (Not Scored) (Not part of CIS benchmark)"
+# CHECK_TITLE_checkN="[checkN] Description "
 # CHECK_SCORED_checkN="NOT_SCORED"
 # CHECK_TYPE_checkN="EXTRA"
 # CHECK_SEVERITY_check="Medium"
@@ -34,7 +34,7 @@
 # CHECK_SERVICENAME_checkN="service" # get service short name from `curl -s https://api.regional-table.region-services.aws.a2z.com/index.json | jq -r '.prices[] | .id' | awk -F: '{ print $1 }' | sort -u` 
 #
 # extraN(){
-#   # "Description (Not Scored) (Not part of CIS benchmark)"
+#   # "Description "
 #   textInfo "Looking for instances in all regions...  "
 #   for regx in $REGIONS; do
 #     LIST_OF_PUBLIC_INSTANCES=$($AWSCLI ec2 describe-instances $PROFILE_OPT --region $regx --query 'Reservations[*].Instances[?PublicIpAddress].[InstanceId,PublicIpAddress]' --output text)
diff --git a/groups/group17_internetexposed b/groups/group17_internetexposed
index 33e30e18..b76a5c53 100644
--- a/groups/group17_internetexposed
+++ b/groups/group17_internetexposed
@@ -19,33 +19,33 @@ GROUP_CHECKS[17]='check41,check42,check45,check46,extra72,extra73,extra74,extra7
 
 # 4.1 [check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)  [group4, cislevel1, cislevel2]
 # 4.2 [check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)  [group4, cislevel1, cislevel2]
-# 7.2 [extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)   [extras, forensics-ready, gdpr, hipaa, apigateway, rds]
-# 7.3 [extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark)   [extras, gdpr, hipaa, rds]
-# 7.4 [extra74] Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark)   [extras, gdpr, hipaa, secrets, apigateway, rds]
-# 7.6 [extra76] Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark)   [extras, gdpr, secrets]
-# 7.7 [extra77] Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark)   [group1, extras, secrets, elasticsearch]
-# 7.8 [extra78] Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)   [extras, rds, elasticsearch, trustboundaries]
-# 7.9 [extra79] Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark)   [extras, trustboundaries]
-# 7.10 [extra710] Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)   [extras]
-# 7.11 [extra711] Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)   [extras]
+# 7.2 [extra72] Ensure there are no EBS Snapshots set as Public    [extras, forensics-ready, gdpr, hipaa, apigateway, rds]
+# 7.3 [extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user    [extras, gdpr, hipaa, rds]
+# 7.4 [extra74] Ensure there are no Security Groups without ingress filtering being used    [extras, gdpr, hipaa, secrets, apigateway, rds]
+# 7.6 [extra76] Ensure there are no EC2 AMIs set as Public    [extras, gdpr, secrets]
+# 7.7 [extra77] Ensure there are no ECR repositories set as Public    [group1, extras, secrets, elasticsearch]
+# 7.8 [extra78] Ensure there are no Public Accessible RDS instances    [extras, rds, elasticsearch, trustboundaries]
+# 7.9 [extra79] Check for internet facing Elastic Load Balancers    [extras, trustboundaries]
+# 7.10 [extra710] Check for internet facing EC2 Instances    [extras]
+# 7.11 [extra711] Check for Publicly Accessible Redshift Clusters    [extras]
 # 7.16 [extra716] Check if Amazon Elasticsearch Service (ES) domains are set as Public or if it has open policy access   [extras, elasticsearch]
-# 7.23 [extra723] Check if RDS Snapshots and Cluster Snapshots are public (Not Scored) (Not part of CIS benchmark)   [extras, rds]
-# 7.27 [extra727] Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark)   [extras, gdpr]
-# 7.31 [extra731] Check if SNS topics have policy set as Public (Not Scored) (Not part of CIS benchmark)   [extras, gdpr]
-# 7.38 [extra738] Check if CloudFront distributions are set to HTTPS (Not Scored) (Not part of CIS benchmark)   [extras, gdpr]
-# 7.45 [extra745] Check if API Gateway endpoint is public or private (Not Scored) (Not part of CIS benchmark)   [extras, apigateway]
-# 7.48 [extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port (Not Scored) (Not part of CIS benchmark)   [extras]
-# 7.49 [extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483 (Not Scored) (Not part of CIS benchmark)   [extras]
-# 7.50 [extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306 (Not Scored) (Not part of CIS benchmark)   [extras]
-# 7.51 [extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432 (Not Scored) (Not part of CIS benchmark)   [extras]
-# 7.52 [extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379 (Not Scored) (Not part of CIS benchmark)   [extras]
-# 7.53 [extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018 (Not Scored) (Not part of CIS benchmark)   [extras]
-# 7.54 [extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888 (Not Scored) (Not part of CIS benchmark)   [extras]
-# 7.55 [extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211 (Not Scored) (Not part of CIS benchmark)   [extras]
-# redundant 7.56 [extra756] Check if Redshift cluster is Public Accessible (Not Scored) (Not part of CIS benchmark)   [extras]
-# 7.70 [extra770] Check for internet facing EC2 instances with Instance Profiles attached (Not Scored) (Not part of CIS benchmark)   [extras]
-# 7.78 [extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918) (Not Scored) (Not part of CIS benchmark)   [extras]
+# 7.23 [extra723] Check if RDS Snapshots and Cluster Snapshots are public    [extras, rds]
+# 7.27 [extra727] Check if SQS queues have policy set as Public    [extras, gdpr]
+# 7.31 [extra731] Check if SNS topics have policy set as Public    [extras, gdpr]
+# 7.38 [extra738] Check if CloudFront distributions are set to HTTPS    [extras, gdpr]
+# 7.45 [extra745] Check if API Gateway endpoint is public or private    [extras, apigateway]
+# 7.48 [extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port    [extras]
+# 7.49 [extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483    [extras]
+# 7.50 [extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306    [extras]
+# 7.51 [extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432    [extras]
+# 7.52 [extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379    [extras]
+# 7.53 [extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018    [extras]
+# 7.54 [extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888    [extras]
+# 7.55 [extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211    [extras]
+# redundant 7.56 [extra756] Check if Redshift cluster is Public Accessible    [extras]
+# 7.70 [extra770] Check for internet facing EC2 instances with Instance Profiles attached    [extras]
+# 7.78 [extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918)    [extras]
 # 7.79 [extra779] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports   [extras, elasticsearch]
 # 7.87 [extra787] Check connection and authentication for Internet exposed Elasticsearch/Kibana ports   [extras, elasticsearch]
 # 7.88 [extra788] Check connection and authentication for Internet exposed Amazon Elasticsearch Service (ES) domains   [extras, elasticsearch]
-# 7.71 [extra771] Check if S3 buckets have policies which allow WRITE access (Not Scored) (Not part of CIS benchmark)   [extras]
+# 7.71 [extra771] Check if S3 buckets have policies which allow WRITE access    [extras]
diff --git a/include/check3x b/include/check3x
index 83a2ab74..9d8f97f2 100644
--- a/include/check3x
+++ b/include/check3x
@@ -18,7 +18,7 @@ check3x(){
   # be based only on CloudTrail tail with CloudWatchLog configuration.
   DESCRIBE_TRAILS_CACHE=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region "$REGION" --query 'trailList[?CloudWatchLogsLogGroupArn != `null`]' 2>&1)
   if [[ $(echo "$DESCRIBE_TRAILS_CACHE" | grep AccessDenied) ]]; then
-    textFail "Access Denied trying to describe trails in $REGION"
+    textFail "$REGION: Access Denied trying to describe trails in $REGION"  "$REGION" "$group"
     return
   fi
 
@@ -63,7 +63,7 @@ check3x(){
       for group in $CHECK_OK; do
         metric=${group#*:}
         group=${group%:*}
-        textPass "CloudWatch group $group found with metric filter $metric and alarms set"
+        textPass "$REGION: CloudWatch group $group found with metric filter $metric and alarms set" "$REGION" "$group"
       done
     fi
     if [[ $CHECK_WARN ]]; then
@@ -72,15 +72,15 @@ check3x(){
            *:*) metric=${group#*:}
                 group=${group%:*}
                 if [[ $pass_count == 0 ]]; then
-                  textFail "CloudWatch group $group found with metric filter $metric but no alarms associated"
+                  textFail "$REGION: CloudWatch group $group found with metric filter $metric but no alarms associated" "$REGION" "$group"
                 else
-                  textInfo "CloudWatch group $group found with metric filter $metric but no alarms associated"
+                  textInfo "$REGION: CloudWatch group $group found with metric filter $metric but no alarms associated" "$REGION" "$group"
                 fi
                 ;;
              *) if [[ $pass_count == 0 ]]; then
-                  textFail "CloudWatch group $group found but no metric filters or alarms associated"
+                  textFail "$REGION: CloudWatch group $group found but no metric filters or alarms associated" "$REGION" "$group"
                 else
-                  textInfo "CloudWatch group $group found but no metric filters or alarms associated"
+                  textInfo "$REGION: CloudWatch group $group found but no metric filters or alarms associated" "$REGION" "$group"
                 fi
                 ;;
         esac
@@ -88,10 +88,10 @@ check3x(){
     fi
     if [[ $CHECK_CROSS_ACCOUNT_WARN ]]; then
       for group in $CHECK_CROSS_ACCOUNT_WARN; do
-        textInfo "CloudWatch group $group is not in this account"
+        textInfo "$REGION: CloudWatch group $group is not in this account" "$REGION" "$group"
       done
     fi
   else
-    textFail "No CloudWatch group found for CloudTrail events"
+    textFail "$REGION: No CloudWatch group found for CloudTrail events" "$REGION" "$group"
   fi
 }
diff --git a/include/check_creds_last_used b/include/check_creds_last_used
index 4f8633b3..09c64632 100644
--- a/include/check_creds_last_used
+++ b/include/check_creds_last_used
@@ -69,23 +69,23 @@ check_passwords_used_in_last_days() {
 
         # "When password_enabled is set to TRUE and password_last_used is set to no_information, ensure password_last_changed is less than X days ago"
         if [[ "$days_since_password_last_changed" -ge "$max_days" ]]; then
-          textFail "User $user has never logged into the console since creation and their password not changed in the past ${max_days} days"
+          textFail "$REGION: User $user has never logged into the console since creation and their password not changed in the past ${max_days} days" "$REGION" "$user"
         else
-          textInfo "User $user has not logged into the console since creation"
+          textInfo "$REGION: User $user has not logged into the console since creation" "$REGION" "$user"
         fi
       else
         days_password_not_in_use=$(how_older_from_today "${last_login_date%T*}")
 
         # "For each user having password_enabled set to TRUE, ensure password_last_used_date is less than X days ago."
         if [[ "$days_password_not_in_use" -ge "$max_days" ]]; then
-          textFail "User $user has not logged into the console in the past ${max_days} days"
+          textFail "$REGION: User $user has not logged into the console in the past ${max_days} days" "$REGION" "$user"
         else
-          textPass "User $user has logged into the console in the past ${max_days} days"
+          textPass "$REGION: User $user has logged into the console in the past ${max_days} days" "$REGION" "$user"
         fi
       fi
     done
   else
-    textPass "No users found with password enabled"
+    textPass "$REGION: No users found with password enabled" "$REGION" "$user"
   fi
 }
 
@@ -122,22 +122,22 @@ check_access_key_used_in_last_days() {
         # "When a user having an access_key_x_active (where x is 1 or 2) to TRUE and corresponding access_key_x_last_used_date is set to N/A,
         # ensure access_key_x_last_rotated is less than X days ago"
         if [[ "$days_since_access_key_rotated" -ge "$max_days" ]]; then
-          textFail "User $user has never used access key $access_key_name since creation and not rotated it in the past ${max_days} days"
+          textFail "$REGION: User $user has never used access key $access_key_name since creation and not rotated it in the past ${max_days} days" "$REGION" "$user"
         else
-          textInfo "User $user has not used access key $access_key_name since creation"
+          textInfo "$REGION: User $user has not used access key $access_key_name since creation" "$REGION" "$user"
         fi
       else
         days_since_access_key_used=$(how_older_from_today "${access_key_last_used_date%T*}")
 
         # "For each user having an access_key_1_active or access_key_2_active to TRUE, ensure the corresponding access_key_n_last_used_date is less than X days ago"
         if [[ "$days_since_access_key_used" -ge "$max_days" ]]; then
-          textFail "User $user has not used access key $access_key_name in the past ${max_days} days"
+          textFail "$REGION: User $user has not used access key $access_key_name in the past ${max_days} days" "$REGION" "$user"
         else
-          textPass "User $user has used access key $access_key_name in the past ${max_days} days"
+          textPass "$REGION: User $user has used access key $access_key_name in the past ${max_days} days" "$REGION" "$user"
         fi
       fi
     done
   else
-    textPass "No users found with access key $access_key_name enabled"
+    textPass "$REGION: No users found with access key $access_key_name enabled" "$REGION" "$user"
   fi
 }
diff --git a/include/outputs b/include/outputs
index 525301ce..712745c3 100644
--- a/include/outputs
+++ b/include/outputs
@@ -15,7 +15,7 @@
 
 EXTENSION_CSV="csv"
 EXTENSION_JSON="json"
-EXTENSION_ASFF="asff-json"
+EXTENSION_ASFF="asff.json"
 EXTENSION_TEXT="txt"
 EXTENSION_HTML="html"
 OUTPUT_DATE=$(date -u +"%Y%m%d%H%M%S")
@@ -72,6 +72,11 @@ if [[ $MODE ]];then
   fi
 fi
 
+# textInfo "HTML report will be saved: ${OUTPUT_FILE_NAME}.$EXTENSION_HTML"
+# textInfo "JSON ASFF report will be saved: ${OUTPUT_FILE_NAME}.$EXTENSION_ASFF"
+# textInfo "CSV report will be saved: ${OUTPUT_FILE_NAME}.$EXTENSION_CSV"
+# textInfo "JSON report will be saved: ${OUTPUT_FILE_NAME}.$EXTENSION_JSON"
+
 if [[ $PROFILE == "" ]];then
   PROFILE="ENV"
 fi
@@ -92,23 +97,23 @@ textPass(){
     REPREGION=$REGION
   fi
   if [[ "${MODES[@]}" =~ "csv" ]]; then
-    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
   fi
   if [[ "${MODES[@]}" =~ "json" ]]; then
-    generateJsonOutput "$1" "Pass" "$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_JSON
+    generateJsonOutput "$1" "Pass" "$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_JSON
   fi
   if [[ "${MODES[@]}" =~ "json-asff" ]]; then
     JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "PASSED" "$CHECK_RESOURCE_ID")
-    echo "${JSON_ASFF_OUTPUT}" | tee -a $OUTPUT_FILE_NAME.$EXTENSION_ASFF
+    echo "${JSON_ASFF_OUTPUT}" >> $OUTPUT_FILE_NAME.$EXTENSION_ASFF
     if [[ "${SEND_TO_SECURITY_HUB}" -eq 1 ]]; then
-      sendToSecurityHub "${JSON_ASFF_OUTPUT}" "${REPREGION}"
+      sendToSecurityHub "${JSON_ASFF_OUTPUT}" "${REPREGION}" 
     fi
   fi
   if is_junit_output_enabled; then
     output_junit_success "$1"
   fi
   if [[ "${MODES[@]}" =~ "mono" ]]; then
-    echo "      $OK PASS!$NORMAL $1" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
+    echo "      $OK PASS!$NORMAL $1" >> ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
   fi
   if [[ "${MODES[@]}" =~ "text" || "${MODES[@]}" =~ "mono" ]]; then
     echo "      $OK PASS!$NORMAL $1"
@@ -133,16 +138,16 @@ textInfo(){
     REPREGION=$REGION
   fi
   if [[ "${MODES[@]}" =~ "csv" ]]; then
-    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
   fi
   if [[ "${MODES[@]}" =~ "json" ]]; then
-    generateJsonOutput "$1" "Info" "$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
+    generateJsonOutput "$1" "Info" "$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
   fi
   if is_junit_output_enabled; then
     output_junit_info "$1"
   fi
   if [[ "${MODES[@]}" =~ "mono" ]]; then
-    echo "      $NOTICE INFO! $1 $NORMAL" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
+    echo "      $NOTICE INFO! $1 $NORMAL" >> ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
   fi
   if [[ "${MODES[@]}" =~ "text" ]]; then
     echo "      $NOTICE INFO! $1 $NORMAL"
@@ -189,14 +194,14 @@ textFail(){
   fi
 
   if [[ "${MODES[@]}" =~ "csv" ]]; then
-    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
   fi
   if [[ "${MODES[@]}" =~ "json" ]]; then
-    generateJsonOutput "$1" "${level}" "$CHECK_RESOURCE_ID"| tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
+    generateJsonOutput "$1" "${level}" "$CHECK_RESOURCE_ID">> ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
   fi
   if [[ "${MODES[@]}" =~ "json-asff" ]]; then
     JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "${level}" "$CHECK_RESOURCE_ID")
-    echo "${JSON_ASFF_OUTPUT}" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_ASFF}
+    echo "${JSON_ASFF_OUTPUT}" >> ${OUTPUT_FILE_NAME}.${EXTENSION_ASFF}
     if [[ "${SEND_TO_SECURITY_HUB}" -eq 1 ]]; then
       sendToSecurityHub "${JSON_ASFF_OUTPUT}" "${REPREGION}"
     fi
@@ -209,7 +214,7 @@ textFail(){
     fi
   fi
   if [[ "${MODES[@]}" =~ "mono" ]]; then
-    echo "      $colorcode ${level}! $1 $NORMAL" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
+    echo "      $colorcode ${level}! $1 $NORMAL" >> ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
   fi
   if [[ "${MODES[@]}" =~ "text" ]]; then
     echo "      $colorcode ${level}! $1 $NORMAL"
@@ -257,7 +262,7 @@ textTitle(){
   # fi
 
   if [[ "${MODES[@]}" =~ "csv" ]]; then
-    >&2 echo "$TITLE_ID $TITLE_TEXT" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
+    >&2 echo "$TITLE_ID $TITLE_TEXT" >> ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
   elif [[ "${MODES[@]}" =~ "json" || "${MODES[@]}" =~ "json-asff" ]]; then
     :
   else
@@ -279,7 +284,7 @@ generateJsonOutput(){
   --arg TITLE_TEXT "$TITLE_TEXT" \
   --arg MESSAGE "$(echo -e "${message}" | sed -e 's/^[[:space:]]*//')" \
   --arg STATUS "$status" \
-  --arg SEVERITY "$CHECK_SEVERITY" \
+  --arg SEVERITY "$(echo $CHECK_SEVERITY | sed 's/[][]//g')" \
   --arg SCORED "$ITEM_SCORED" \
   --arg ITEM_LEVEL "$ITEM_LEVEL" \
   --arg TITLE_ID "$TITLE_ID" \
@@ -321,10 +326,9 @@ generateJsonAsffOutput(){
   local status=$2
   
   #Checks to determine if the rule passes in a resource name that prowler uses to track the AWS Resource for whitelisting purposes
-  if [ -z $3 ]
-  then
+  if [ -z $3 ]; then
     local resource_id="NONE_PROVIDED"
-   else
+  else
     local resource_id=$3
   fi
   
@@ -374,7 +378,7 @@ generateJsonAsffOutput(){
       "Resources": [
           {
               "Type": $RESOURCE_TYPE,
-              "Id": "AWS::::Account:\($ACCOUNT_NUM)",
+              "Id": $CHECK_RESOURCE_ID,
               "Partition": $AWS_PARTITION,
               "Region": $REPREGION
           }
@@ -403,6 +407,8 @@ generateHtmlOutput(){
   if [[ $status == "WARN" ]];then
     local ROW_CLASS='table-warning'
   fi
+  
+  local CHECK_SEVERITY="$(echo $CHECK_SEVERITY | sed 's/[][]//g')"
 
   echo '<tr class="'$ROW_CLASS'">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   echo '  <td>'$status'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
diff --git a/prowler b/prowler
index b3cc2e09..a67bf35d 100755
--- a/prowler
+++ b/prowler
@@ -32,7 +32,7 @@ OPTRED=""
 OPTNORMAL=""
 
 # Set the defaults variables
-PROWLER_VERSION=2.5.0-15042021
+PROWLER_VERSION=2.5.0-05July2021
 PROWLER_DIR=$(dirname "$0")
 
 REGION=""

From 5670e4a9723dba83bae5b92fc86f4933b08c8cbd Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Wed, 7 Jul 2021 16:00:09 +0200
Subject: [PATCH 56/82] Removed CSV header stdout and add
 bucket-owner-full-control

---
 include/csv_header     |  2 +-
 include/outputs        |  2 +-
 include/outputs_bucket | 12 ++++++++----
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/include/csv_header b/include/csv_header
index 3ab095c3..30d731db 100644
--- a/include/csv_header
+++ b/include/csv_header
@@ -15,6 +15,6 @@
 printCsvHeader() {
   # >&2 echo ""
   # >&2 echo "Generating \"${SEP}\" delimited report on stdout for profile $PROFILE, account $ACCOUNT_NUM"
-      echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}CHECK_RESULT${SEP}ITEM_SCORED${SEP}ITEM_LEVEL${SEP}TITLE_TEXT${SEP}CHECK_RESULT_EXTENDED${SEP}CHECK_ASFF_COMPLIANCE_TYPE${SEP}CHECK_SEVERITY${SEP}CHECK_SERVICENAME${SEP}CHECK_ASFF_RESOURCE_TYPE${SEP}CHECK_ASFF_TYPE${SEP}CHECK_RISK${SEP}CHECK_REMEDIATION${SEP}CHECK_DOC${SEP}CHECK_CAF_EPIC${SEP}CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+      echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}CHECK_RESULT${SEP}ITEM_SCORED${SEP}ITEM_LEVEL${SEP}TITLE_TEXT${SEP}CHECK_RESULT_EXTENDED${SEP}CHECK_ASFF_COMPLIANCE_TYPE${SEP}CHECK_SEVERITY${SEP}CHECK_SERVICENAME${SEP}CHECK_ASFF_RESOURCE_TYPE${SEP}CHECK_ASFF_TYPE${SEP}CHECK_RISK${SEP}CHECK_REMEDIATION${SEP}CHECK_DOC${SEP}CHECK_CAF_EPIC${SEP}CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
       # echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}RESULT${SEP}SCORED${SEP}LEVEL${SEP}TITLE_TEXT${SEP}NOTES${SEP}COMPLIANCE${SEP}SEVERITY${SEP}SERVICENAME" | tee -a $OUTPUT_FILE_NAME.$EXTENSION_CSV
 }
diff --git a/include/outputs b/include/outputs
index 712745c3..d1dccad2 100644
--- a/include/outputs
+++ b/include/outputs
@@ -234,7 +234,7 @@ textTitle(){
 
   TITLE_TEXT=$2
   CHECK_SERVICENAME="$MAGENTA$3$NORMAL"
-  CHECK_SEVERITY="$BROWN[$4]$NORMAL"
+  local CHECK_SEVERITY="$BROWN[$4]$NORMAL"
 
   # case "$3" in
   #   0|No|NOT_SCORED)
diff --git a/include/outputs_bucket b/include/outputs_bucket
index 41cbefe1..f89a7fd4 100644
--- a/include/outputs_bucket
+++ b/include/outputs_bucket
@@ -38,16 +38,20 @@ copyToS3(){
   # and processing by Quicksight or others.
   if [[ $OUTPUT_BUCKET ]]; then
     if [[ "${MODES[@]}" =~ "csv" ]]; then
-      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_CSV s3://$OUTPUT_BUCKET/csv/
+      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_CSV \
+      s3://$OUTPUT_BUCKET/csv/ --acl bucket-owner-full-control
     fi 
     if [[ "${MODES[@]}" =~ "html" ]]; then
-      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_HTML s3://$OUTPUT_BUCKET/html/
+      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_HTML \
+      s3://$OUTPUT_BUCKET/html/ --acl bucket-owner-full-control
     fi 
     if [[ "${MODES[@]}" =~ "json" ]]; then
-      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_JSON s3://$OUTPUT_BUCKET/json/
+      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_JSON \
+      s3://$OUTPUT_BUCKET/json/ --acl bucket-owner-full-control
     fi
     if [[ "${MODES[@]}" =~ "json-asff" ]]; then
-      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_ASFF s3://$OUTPUT_BUCKET/json-asff/
+      $AWSCLI s3 cp $OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}.$EXTENSION_ASFF \
+      s3://$OUTPUT_BUCKET/json-asff/ --acl bucket-owner-full-control
     fi
   fi
 }
\ No newline at end of file

From 85cb2085b91fe3b83e849fcc51695499eb03fc4b Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Wed, 7 Jul 2021 16:15:53 +0200
Subject: [PATCH 57/82] Output consolidation

---
 checks/check_extra7114 | 2 +-
 checks/check_extra7118 | 4 ++--
 checks/check_extra7119 | 2 +-
 checks/check_extra7122 | 2 +-
 checks/check_extra7123 | 2 +-
 checks/check_extra7125 | 4 ++--
 checks/check_extra7126 | 4 ++--
 checks/check_extra7128 | 4 ++--
 checks/check_extra7129 | 4 ++--
 9 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/checks/check_extra7114 b/checks/check_extra7114
index a6f08e20..93c7906a 100644
--- a/checks/check_extra7114
+++ b/checks/check_extra7114
@@ -36,7 +36,7 @@ extra7114(){
           if [[ "$ENDPOINT_SC_ENCRYPTION" == "DISABLED" ]]; then
             textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have S3 encryption enabled!" "$regx" "$ENDPOINT_NAME"
           else
-            textPass "$regx: Glue development endpoint $ENDPOINT_NAME has S3 encryption enabled" "$regx" 
+            textPass "$regx: Glue development endpoint $ENDPOINT_NAME has S3 encryption enabled" "$regx" "$ENDPOINT_NAME"
           fi
         else
           textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx" "$ENDPOINT_NAME"
diff --git a/checks/check_extra7118 b/checks/check_extra7118
index da129972..12cc7b08 100644
--- a/checks/check_extra7118
+++ b/checks/check_extra7118
@@ -40,10 +40,10 @@ extra7118(){
                 textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" "$JOB_NAME"
               fi 
             else
-              textPass "$regx: Glue job $JOB_NAME does have $S3_ENCRYPTION for S3 encryption enabled" "$regx"
+              textPass "$regx: Glue job $JOB_NAME does have $S3_ENCRYPTION for S3 encryption enabled" "$regx" "$JOB_NAME"
             fi
           elif [[ ! -z "$JOB_ENCRYPTION" ]]; then
-            textPass "$regx: Glue job $JOB_NAME does have $JOB_ENCRYPTION for S3 encryption enabled" "$regx"
+            textPass "$regx: Glue job $JOB_NAME does have $JOB_ENCRYPTION for S3 encryption enabled" "$regx" "$JOB_NAME"
           else 
             textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" "$JOB_NAME"
           fi
diff --git a/checks/check_extra7119 b/checks/check_extra7119
index 954908a1..4f6e904b 100644
--- a/checks/check_extra7119
+++ b/checks/check_extra7119
@@ -36,7 +36,7 @@ extra7119(){
           if [[ $ENDPOINT_SC_ENCRYPTION == "DISABLED" ]]; then
             textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have CloudWatch logs encryption enabled!" "$regx" "$ENDPOINT_NAME"
           else
-            textPass "$regx: Glue development endpoint $ENDPOINT_NAME has CloudWatch logs encryption enabled" "$regx"
+            textPass "$regx: Glue development endpoint $ENDPOINT_NAME has CloudWatch logs encryption enabled" "$regx" "$ENDPOINT_NAME"
           fi
         else
           textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx" "$ENDPOINT_NAME"
diff --git a/checks/check_extra7122 b/checks/check_extra7122
index 738efc2d..1b4f8d27 100644
--- a/checks/check_extra7122
+++ b/checks/check_extra7122
@@ -35,7 +35,7 @@ extra7122(){
             if [[ "$JOB_BOOKMARK_ENCRYPTION" == "DISABLED" ]]; then
               textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" "$JOB_NAME"
             else
-              textPass "$regx: Glue job $JOB_NAME does have $JOB_BOOKMARK_ENCRYPTION for Job bookmark encryption enabled" "$regx"
+              textPass "$regx: Glue job $JOB_NAME does have $JOB_BOOKMARK_ENCRYPTION for Job bookmark encryption enabled" "$regx" "$JOB_NAME"
             fi
           else
             textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" "$JOB_NAME"
diff --git a/checks/check_extra7123 b/checks/check_extra7123
index 02a83000..c462f749 100644
--- a/checks/check_extra7123
+++ b/checks/check_extra7123
@@ -30,7 +30,7 @@ extra7123(){
   if [[ $LIST_OF_USERS_WITH_2ACCESS_KEYS ]]; then
     # textFail "Users with access key 1 older than 90 days:"
     for user in $LIST_OF_USERS_WITH_2ACCESS_KEYS; do
-      textFail "User $user has 2 active access keys" "us-east-1" "$user"
+      textFail "User $user has 2 active access keys" "$REGION" "$user"
     done
   else
     textPass "No users with 2 active access keys"
diff --git a/checks/check_extra7125 b/checks/check_extra7125
index 7e7cd722..545d6d8b 100644
--- a/checks/check_extra7125
+++ b/checks/check_extra7125
@@ -34,9 +34,9 @@ extra7125(){
       if [[ $MFA_TYPE == "mfa" || $MFA_TYPE == "sms-mfa" ]]; then 
         textInfo "User $user has virtual MFA enabled" 
       elif [[ $MFA_TYPE == "" ]]; then 
-        textFail "User $user has not hardware MFA enabled" "us-east-1" "$user"
+        textFail "User $user has not hardware MFA enabled" "$REGION" "$user"
       else 
-        textPass "User $user has hardware MFA enabled" "us-east-1" "$user"
+        textPass "User $user has hardware MFA enabled" "$REGION" "$user"
       fi
     done
   else
diff --git a/checks/check_extra7126 b/checks/check_extra7126
index 7b91e0e2..6017afa4 100644
--- a/checks/check_extra7126
+++ b/checks/check_extra7126
@@ -33,9 +33,9 @@ extra7126(){
         if [[ $CHECK_STATUS == "PendingDeletion" ]]; then
           textInfo "$regx: KMS key $key is pending deletion" "$regx"
         elif [[ $CHECK_STATUS == "Disabled"  ]]; then
-          textInfo "$regx: KMS key $key is disabled" "$regx"
+          textInfo "$regx: KMS key $key is disabled" "$regx" "$key"
         else
-          textPass "$regx: KMS key $key is not disabled or pending deletion" "$regx"
+          textPass "$regx: KMS key $key is not disabled or pending deletion" "$regx" "$key"
         fi
       done
     else
diff --git a/checks/check_extra7128 b/checks/check_extra7128
index 27be1f66..20182e8c 100644
--- a/checks/check_extra7128
+++ b/checks/check_extra7128
@@ -31,9 +31,9 @@ extra7128(){
       for table in $DDB_TABLES_LIST; do
           DDB_TABLE_WITH_KMS=$($AWSCLI dynamodb describe-table --table-name $table $PROFILE_OPT --region $regx --query Table.SSEDescription.SSEType --output text)
           if [[ $DDB_TABLE_WITH_KMS == "KMS" ]]; then
-            textPass "$regx: DynamoDB table $table does have KMS encryption enabled" "$regx"
+            textPass "$regx: DynamoDB table $table does have KMS encryption enabled" "$regx" "$table"
           else
-            textInfo "$regx: DynamoDB table $table does have DEFAULT encryption enabled" "$regx"
+            textInfo "$regx: DynamoDB table $table does have DEFAULT encryption enabled" "$regx" "$table"
           fi
       done
     else 
diff --git a/checks/check_extra7129 b/checks/check_extra7129
index 44ef5f60..ddeb1c77 100644
--- a/checks/check_extra7129
+++ b/checks/check_extra7129
@@ -50,12 +50,12 @@ extra7129(){
             if [[ ${#WAF_PROTECTED_ALBS[@]} -gt 0 ]]; then
               for wafaclarn in "${WAF_PROTECTED_ALBS[@]}"; do
                 WAFV2_WEBACL_ARN_SHORT=$(echo $wafaclarn |  awk -F'/' '{ print $3 }')
-                textPass "$regx: Application Load Balancer $alb is protected by WAFv2 ACL $WAFV2_WEBACL_ARN_SHORT" "$regx"
+                textPass "$regx: Application Load Balancer $alb is protected by WAFv2 ACL $WAFV2_WEBACL_ARN_SHORT" "$regx" "$alb"
               done
             fi
             if [[ ${#WAFv1_PROTECTED_ALBS[@]} -gt 0 ]]; then
               for wafv1aclid in "${WAFv1_PROTECTED_ALBS[@]}"; do
-                textPass "$regx: Application Load Balancer $alb is protected by WAFv1 ACL $wafv1aclid" "$regx"
+                textPass "$regx: Application Load Balancer $alb is protected by WAFv1 ACL $wafv1aclid" "$regx" "$alb"
               done
             fi
           else

From 265f494b0dbc340672821c44e6947a004af5a9f5 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Thu, 8 Jul 2021 17:09:22 +0200
Subject: [PATCH 58/82] Fixed check21 to fail if trail is off

---
 checks/check21 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/checks/check21 b/checks/check21
index bf7d2064..0446243e 100644
--- a/checks/check21
+++ b/checks/check21
@@ -48,7 +48,12 @@ check21(){
         if [[ "$MULTIREGION_TRAIL_STATUS" == 'False' ]];then
           textFail "$regx: Trail $trail is not enabled for all regions" "$regx" "$trail"
         else
-          textPass "$regx: Trail $trail is enabled for all regions" "$regx" "$trail"
+          TRAIL_ON_OFF_STATUS=$($AWSCLI cloudtrail get-trail-status $PROFILE_OPT --region $TRAIL_REGION --name $trail --query IsLogging --output text)
+          if [[ "$TRAIL_ON_OFF_STATUS" == 'False'  ]];then
+            textFail "$regx: Trail $trail is configured for all regions but it is OFF" "$regx" "$trail"
+          else
+            textPass "$regx: Trail $trail is enabled for all regions" "$regx" "$trail"
+          fi 
         fi
 
       done

From ab1407217dde87e491825ad067a6371f409a8976 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Fri, 9 Jul 2021 13:57:35 +0200
Subject: [PATCH 59/82] Enhanced Dockerfile with py3-pip

---
 util/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/Dockerfile b/util/Dockerfile
index 87911e46..6fbed17c 100644
--- a/util/Dockerfile
+++ b/util/Dockerfile
@@ -5,9 +5,9 @@ ARG USERID=34000
 
 RUN addgroup -g ${USERID} ${USERNAME} && \
     adduser -s /bin/sh -G ${USERNAME} -D -u ${USERID} ${USERNAME} && \
-    apk --update --no-cache add python3 bash curl jq file coreutils && \
+    apk --update --no-cache add python3 bash curl jq file coreutils py3-pip && \
     pip3 install --upgrade pip && \
-    pip install awscli boto3 detect-secrets
+    pip3 install awscli boto3 detect-secrets
 
 WORKDIR /prowler
 

From 0a4ca0d2ed92096bc95216b9267d7f61ad458e99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafa=C5=82=20Le=C5=9Bniak?=
 <thorkill@users.noreply.github.com>
Date: Fri, 16 Jul 2021 01:35:46 +0200
Subject: [PATCH 60/82] Update check12

Added missing MFA in remediation description.
---
 checks/check12 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check12 b/checks/check12
index 1d8f572f..fb328063 100644
--- a/checks/check12
+++ b/checks/check12
@@ -19,7 +19,7 @@ CHECK_ALTERNATE_check102="check12"
 CHECK_ASFF_COMPLIANCE_TYPE_check12="ens-op.acc.5.aws.iam.1"
 CHECK_SERVICENAME_check12="iam"
 CHECK_RISK_check12='Unauthorized access to this critical account if password is not secure or it is disclosed in any way.'
-CHECK_REMEDIATION_check12='Enable MFA for root account. is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.'
+CHECK_REMEDIATION_check12='Enable MFA for root account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.'
 CHECK_DOC_check12='https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html'
 CHECK_CAF_EPIC_check12='IAM'
 

From 8c70efde5fe35e2b1a737fc60f3e6f696f261f1b Mon Sep 17 00:00:00 2001
From: Ramon <w0rmr1d3r@users.noreply.github.com>
Date: Fri, 16 Jul 2021 12:03:39 +0200
Subject: [PATCH 61/82] delete check extra756 and its references

---
 checks/check_extra756          | 42 ----------------------------------
 groups/group15_pci             |  4 ++--
 groups/group17_internetexposed |  3 +--
 groups/group18_iso27001        |  4 ++--
 groups/group7_extras           |  2 +-
 5 files changed, 6 insertions(+), 49 deletions(-)
 delete mode 100644 checks/check_extra756

diff --git a/checks/check_extra756 b/checks/check_extra756
deleted file mode 100644
index a931904f..00000000
--- a/checks/check_extra756
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra756="7.56"
-CHECK_TITLE_extra756="[extra756] Check if Redshift cluster is Public Accessible"
-CHECK_SCORED_extra756="NOT_SCORED"
-CHECK_TYPE_extra756="EXTRA"
-CHECK_SEVERITY_extra756="High"
-CHECK_ASFF_RESOURCE_TYPE_extra756="AwsRedshiftCluster"
-CHECK_ALTERNATE_check756="extra756"
-CHECK_SERVICENAME_extra756="redshift"
-CHECK_RISK_extra756='Publicly accessible services could expose sensible data to bad actors.'
-CHECK_REMEDIATION_extra756='Ensure there is a business requirement for service to be public. Use the cluster security group to control access to the service.'
-CHECK_DOC_extra756='https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html'
-CHECK_CAF_EPIC_extra756='Infrastructure Security'
-
-extra756(){
-  for regx in $REGIONS; do
-    LIST_OF_RS_CLUSTERS=$($AWSCLI $PROFILE_OPT redshift describe-clusters --region $regx --query Clusters[*].ClusterIdentifier --output text)
-    if [[ $LIST_OF_RS_CLUSTERS ]];then
-      for cluster in $LIST_OF_RS_CLUSTERS; do
-        IS_PUBLICLY_ACCESSIBLE=$($AWSCLI $PROFILE_OPT redshift describe-clusters --region $regx --cluster-identifier $cluster --query Clusters[*].PubliclyAccessible --output text|grep True)
-        if [[ $IS_PUBLICLY_ACCESSIBLE ]]; then
-          textFail "$regx: Redshift cluster $cluster is publicly accessible" "$regx" "$cluster"
-        else
-          textPass "$regx: Redshift cluster $cluster is not publicly accessible" "$regx" "$cluster"
-        fi
-      done
-    else
-      textInfo "$regx: No Redshift clusters found" "$regx"
-    fi
-  done
-}
diff --git a/groups/group15_pci b/groups/group15_pci
index 6a834bbc..82f64bb2 100644
--- a/groups/group15_pci
+++ b/groups/group15_pci
@@ -15,7 +15,7 @@ GROUP_ID[15]='pci'
 GROUP_NUMBER[15]='15.0'
 GROUP_TITLE[15]='PCI-DSS v3.2.1 Readiness - ONLY AS REFERENCE - [pci] **********'
 GROUP_RUN_BY_DEFAULT[15]='N' # run it when execute_all is called
-GROUP_CHECKS[15]='check11,check12,check13,check14,check15,check16,check17,check18,check19,check110,check112,check113,check114,check116,check21,check23,check25,check26,check27,check28,check29,check314,check36,check38,check43,extra713,extra717,extra718,extra72,extra729,extra735,extra738,extra740,extra744,extra748,extra75,extra750,extra751,extra753,extra754,extra755,extra756,extra773,extra78,extra780,extra781,extra782,extra783,extra784,extra785,extra787,extra788,extra798'
+GROUP_CHECKS[15]='check11,check12,check13,check14,check15,check16,check17,check18,check19,check110,check112,check113,check114,check116,check21,check23,check25,check26,check27,check28,check29,check314,check36,check38,check43,extra711,extra713,extra717,extra718,extra72,extra729,extra735,extra738,extra740,extra744,extra748,extra75,extra750,extra751,extra753,extra754,extra755,extra773,extra78,extra780,extra781,extra782,extra783,extra784,extra785,extra787,extra788,extra798'
 
 # Resources:
 # https://github.com/toniblyx/prowler/issues/296
@@ -39,7 +39,7 @@ GROUP_CHECKS[15]='check11,check12,check13,check14,check15,check16,check17,check1
 #     Ensure the default security group restricts all traffic check43
 #     Remove unused security groups extra75
 #     RDS should not have Public interface open to a public scope extra78
-#     Check for Publicly Accessible Redshift Clusters extra756
+#     Check for Publicly Accessible Redshift Clusters extra711
 #     Ensure Lambda Functions are not publicly accessible   extra798
 
 # 3.2 Requirement 2: Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters
diff --git a/groups/group17_internetexposed b/groups/group17_internetexposed
index b76a5c53..bb482a0f 100644
--- a/groups/group17_internetexposed
+++ b/groups/group17_internetexposed
@@ -15,7 +15,7 @@ GROUP_ID[17]='internet-exposed'
 GROUP_NUMBER[17]='17.0'
 GROUP_TITLE[17]='Find resources exposed to the internet - [internet-exposed] ***'
 GROUP_RUN_BY_DEFAULT[17]='N' # run it when execute_all is called
-GROUP_CHECKS[17]='check41,check42,check45,check46,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102,extra7134,extra7135,extra7136,extra7137,extra7138'
+GROUP_CHECKS[17]='check41,check42,check45,check46,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102,extra7134,extra7135,extra7136,extra7137,extra7138'
 
 # 4.1 [check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)  [group4, cislevel1, cislevel2]
 # 4.2 [check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)  [group4, cislevel1, cislevel2]
@@ -42,7 +42,6 @@ GROUP_CHECKS[17]='check41,check42,check45,check46,extra72,extra73,extra74,extra7
 # 7.53 [extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018    [extras]
 # 7.54 [extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888    [extras]
 # 7.55 [extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211    [extras]
-# redundant 7.56 [extra756] Check if Redshift cluster is Public Accessible    [extras]
 # 7.70 [extra770] Check for internet facing EC2 instances with Instance Profiles attached    [extras]
 # 7.78 [extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918)    [extras]
 # 7.79 [extra779] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports   [extras, elasticsearch]
diff --git a/groups/group18_iso27001 b/groups/group18_iso27001
index e451fabb..60196080 100644
--- a/groups/group18_iso27001
+++ b/groups/group18_iso27001
@@ -15,7 +15,7 @@ GROUP_ID[18]='iso27001'
 GROUP_NUMBER[18]='18.0'
 GROUP_TITLE[18]='ISO 27001:2013 Readiness - ONLY AS REFERENCE - [iso27001] *****'
 GROUP_RUN_BY_DEFAULT[18]='N' # run it when execute_all is called
-GROUP_CHECKS[18]='check11,check110,check111,check112,check113,check114,check115,check116,check119,check12,check122,check13,check14,check15,check16,check17,check18,check19,check21,check22,check23,check24,check25,check26,check27,check28,check29,check31,check310,check311,check312,check313,check314,check32,check33,check34,check35,check36,check37,check38,check39,check41,check42,check43,check44,extra71,extra710,extra7100,extra711,extra7113,extra7123,extra7125,extra7126,extra7128,extra7129,extra713,extra714,extra7130,extra718,extra719,extra72,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra731,extra73,extra731,extra735,extra739,extra74,extra741,extra747,extra748,extra75,extra756,extra757,extra758,extra759,extra76,extra760,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra77,extra771,extra772,extra774,extra776,extra777,extra778,extra78,extra789,extra79,extra790,extra792,extra793,extra794,extra795,extra796,extra798'
+GROUP_CHECKS[18]='check11,check110,check111,check112,check113,check114,check115,check116,check119,check12,check122,check13,check14,check15,check16,check17,check18,check19,check21,check22,check23,check24,check25,check26,check27,check28,check29,check31,check310,check311,check312,check313,check314,check32,check33,check34,check35,check36,check37,check38,check39,check41,check42,check43,check44,extra71,extra710,extra7100,extra711,extra7113,extra7123,extra7125,extra7126,extra7128,extra7129,extra713,extra714,extra7130,extra718,extra719,extra72,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra731,extra73,extra731,extra735,extra739,extra74,extra741,extra747,extra748,extra75,extra757,extra758,extra759,extra76,extra760,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra77,extra771,extra772,extra774,extra776,extra777,extra778,extra78,extra789,extra79,extra790,extra792,extra793,extra794,extra795,extra796,extra798'
 
 # #	Category	Objective ID	Objective Name	Prowler check ID	Check Summary
 # 1		A.9 Access Control	A.9.2	User Access Management	check122	Ensure IAM policies that allow full "*:*" administrative privileges are not created.
@@ -66,13 +66,13 @@ GROUP_CHECKS[18]='check11,check110,check111,check112,check113,check114,check115,
 # 46	A.9 Access Control	A.9.4	System and Application Access Control	check14	Ensure access keys are rotated every 90 days or less
 # 47	A.9 Access Control	A.9.4	System and Application Access Control	check13	Ensure credentials unused for 90 days or greater are disabled
 # 48	A.9 Access Control	A.9.4	System and Application Access Control	check112	Ensure no root account access key exists
+# 55    A.9 Access Control	A.9.4	System and Application Access Control	extra711	Check if Redshift cluster is Public Accessible
 # 49	A.9 Access Control	A.9.4	System and Application Access Control	extra7113	Check if RDS instances have deletion protection enabled
 # 50	A.9 Access Control	A.9.4	System and Application Access Control	extra72	Ensure there are no EBS Snapshots set as Public
 # 51	A.9 Access Control	A.9.4	System and Application Access Control	extra723	Check if RDS Snapshots and Cluster Snapshots are public
 # 52    A.9 Access Control	A.9.4	System and Application Access Control	extra727	Check if SQS queues have policy set as Public
 # 53    A.9 Access Control	A.9.4	System and Application Access Control	extra73	Ensure there are no S3 buckets open to Everyone or Any AWS user
 # 54    A.9 Access Control	A.9.4	System and Application Access Control	extra731	Check if SNS topics have policy set as Public
-# 55    A.9 Access Control	A.9.4	System and Application Access Control	extra756	Check if Redshift cluster is Public Accessible
 # 56    A.9 Access Control	A.9.4	System and Application Access Control	extra76	Ensure there are no EC2 AMIs set as Public
 # 57    A.9 Access Control	A.9.4	System and Application Access Control	extra77 Ensure there are no ECR repositories set as Public
 # 58    A.9 Access Control	A.9.4	System and Application Access Control	extra771 Check if S3 buckets have policies which allow WRITE access
diff --git a/groups/group7_extras b/groups/group7_extras
index 2ecde56a..2441ec49 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,7 +15,7 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`

From 0d9ec6320e01714f2a30633c033e0423941815ba Mon Sep 17 00:00:00 2001
From: Ramon <w0rmr1d3r@users.noreply.github.com>
Date: Fri, 16 Jul 2021 12:09:54 +0200
Subject: [PATCH 62/82] delete check extra737 and its references

---
 checks/check_extra737 | 46 -------------------------------------------
 groups/group23_ens    |  6 +++---
 groups/group7_extras  |  2 +-
 3 files changed, 4 insertions(+), 50 deletions(-)
 delete mode 100644 checks/check_extra737

diff --git a/checks/check_extra737 b/checks/check_extra737
deleted file mode 100644
index 056e7be6..00000000
--- a/checks/check_extra737
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra737="7.37"
-CHECK_TITLE_extra737="[extra737] Check KMS keys with key rotation disabled"
-CHECK_SCORED_extra737="NOT_SCORED"
-CHECK_TYPE_extra737="EXTRA"
-CHECK_SEVERITY_extra737="Medium"
-CHECK_ASFF_RESOURCE_TYPE_extra737="AwsKmsKey"
-CHECK_ALTERNATE_check737="extra737"
-CHECK_ASFF_COMPLIANCE_TYPE_extra737="ens-op.exp.11.aws.kms.3"
-CHECK_SERVICENAME_extra737="kms"
-CHECK_RISK_extra737='Cryptographic best practices discourage extensive reuse of encryption keys. Consequently; Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.'
-CHECK_REMEDIATION_extra737='For every KMS Customer Master Keys (CMKs); ensure that Rotate this key every year is enabled.'
-CHECK_DOC_extra737='https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html'
-CHECK_CAF_EPIC_extra737='Data Protection'
-
-extra737(){
-  for regx in $REGIONS; do
-    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --query "Aliases[].[AliasName,TargetKeyId]" --output text |grep -v ^alias/aws/ |awk '{ print $2 }')
-    if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
-      for key in $LIST_OF_CUSTOMER_KMS_KEYS; do
-        CHECK_ROTATION=$($AWSCLI kms get-key-rotation-status --key-id $key $PROFILE_OPT --region $regx  --output text)
-        CHECK_STATUS=$($AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx --output json | jq -r '.KeyMetadata.KeyState')
-        if [[ $CHECK_STATUS == "PendingDeletion" ]]; then
-          textInfo "$regx: KMS key $key is pending deletion and cannot be rotated" "$regx"
-        elif [[ $CHECK_ROTATION == "False" ]]; then
-          textFail "$regx: KMS key $key has rotation disabled!" "$regx" "$key"
-        else
-          textPass "$regx: KMS key $key has rotation enabled" "$regx" "$key"
-        fi
-      done
-    else
-      textInfo "$regx: No KMS keys found" "$regx"
-    fi
-  done
-}
diff --git a/groups/group23_ens b/groups/group23_ens
index e48efed3..098ddc61 100644
--- a/groups/group23_ens
+++ b/groups/group23_ens
@@ -15,7 +15,7 @@ GROUP_ID[23]='ens'
 GROUP_NUMBER[23]='23.0'
 GROUP_TITLE[23]='ENS Esquema Nacional de Seguridad security checks - [ens] *****'
 GROUP_RUN_BY_DEFAULT[23]='N' # run it when execute_all is called
-GROUP_CHECKS[23]='extra733,extra7123,check13,check14,check121,extra7100,check120,check116,extra7124,check12,extra7125,check14,check13,check21,check25,extra7127,check35,check24,check31,check36,check32,check33,check34,check22,extra71,check23,check23,check27,check37,extra736,extra737,extra713,check21,check29,extra793,extra792,extra764,extra738,check43,extra74,extra710,extra75,check41,check42,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra7128,extra729,extra761,extra740,extra735,extra734,extra728,extra781,extra773,extra744,extra7126,extra7129'
+GROUP_CHECKS[23]='extra733,extra7123,check13,check14,check121,extra7100,check120,check116,extra7124,check12,extra7125,check14,check13,check21,check25,extra7127,check35,check24,check31,check36,check32,check33,check34,check22,extra71,check23,check23,check27,check37,extra736,check28,extra713,check21,check29,extra793,extra792,extra764,extra738,check43,extra74,extra710,extra75,check41,check42,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra7128,extra729,extra761,extra740,extra735,extra734,extra728,extra781,extra773,extra744,extra7126,extra7129'
 
 # ENS Control ID for AWS;Prowler checks that apply
 # ens-op.acc.1.aws.iam.1;extra733
@@ -49,7 +49,7 @@ GROUP_CHECKS[23]='extra733,extra7123,check13,check14,check121,extra7100,check120
 # ens-op.exp.10.aws.trail.5;check27
 # ens-op.exp.11.aws.kms.1;check37
 # ens-op.exp.11.aws.kms.2;extra736*
-# ens-op.exp.11.aws.kms.3;extra737
+# ens-op.exp.11.aws.kms.3;check28
 # ens-op.mon.1.aws.duty.1;extra713
 # ens-op.mon.1.aws.trail.1;check21
 # ens-op.mon.1.aws.flow.1;check29
@@ -80,4 +80,4 @@ GROUP_CHECKS[23]='extra733,extra7123,check13,check14,check121,extra7100,check120
 # ens-mp.info.3.aws.au.1;extra781
 # ens-mp.s.2.aws.waf.1;extra773
 # ens-mp.s.2.aws.waf.2;extra744
-# ens-mp.s.2.aws.waf.3;extra7129
\ No newline at end of file
+# ens-mp.s.2.aws.waf.3;extra7129
diff --git a/groups/group7_extras b/groups/group7_extras
index 2ecde56a..be5b4a42 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,7 +15,7 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`

From 9ddb31f9c3e325555ca639cb1e579c7c51bb4612 Mon Sep 17 00:00:00 2001
From: Ramon <w0rmr1d3r@users.noreply.github.com>
Date: Fri, 16 Jul 2021 12:26:46 +0200
Subject: [PATCH 63/82] fix grammar issue

---
 include/scoring | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/scoring b/include/scoring
index b6fc7f08..3023d395 100644
--- a/include/scoring
+++ b/include/scoring
@@ -22,7 +22,7 @@ scoring(){
 
   # TOTAL_RESOURCES=$(awk "BEGIN {print $FAIL_COUNTER+$PASS_COUNTER; exit}")
   TOTAL_RESOURCES=$(($FAIL_COUNTER + $PASS_COUNTER))
-  # Score is % of passed compared to failures. The higher score, the better
+  # Score is % of passed compared to failures. The higher the better
   PROWLER_SCORE=$(( $PASS_COUNTER * 100 / $TOTAL_RESOURCES ))
 
   if [[ $SCORING == "1" ]]; then
@@ -47,7 +47,7 @@ scoring(){
     echo -e "$BLUE------------------------------------------------------------------ $NORMAL"
     echo -e " Checks Performed =$NOTICE $CHECKS_COUNTER $NORMAL"
     echo -e "$BLUE------------------------------------------------------------------ $NORMAL"
-    echo -e " * the highest the better (0 to 100)$NORMAL"
+    echo -e " * the higher the better (0 to 100)$NORMAL"
     echo -e " Prowler scoring uses any check, including CIS not scored checks$NORMAL"
   fi 
   if [[ "${MODES[@]}" =~ "html" ]]; then

From c32fa9aa1fd53e20f16af5b3e166839beb4dc817 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 27 Jul 2021 14:43:20 +0200
Subject: [PATCH 64/82] Added s3 and glue required permissions

---
 iam/create_role_to_assume_cfn.yaml | 2 ++
 iam/prowler-additions-policy.json  | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/iam/create_role_to_assume_cfn.yaml b/iam/create_role_to_assume_cfn.yaml
index 6414f810..99e0a767 100644
--- a/iam/create_role_to_assume_cfn.yaml
+++ b/iam/create_role_to_assume_cfn.yaml
@@ -63,4 +63,6 @@ Resources:
                 - 'support:Describe*'
                 - 'tag:GetTagKeys'
                 - 'lambda:GetFunction'
+                - 'glue:GetConnections',
+                - 's3:GetAccountPublicAccessBlock'
               Resource: '*'
diff --git a/iam/prowler-additions-policy.json b/iam/prowler-additions-policy.json
index 33eacc35..441104ff 100644
--- a/iam/prowler-additions-policy.json
+++ b/iam/prowler-additions-policy.json
@@ -10,7 +10,9 @@
                 "ecr:Describe*",
                 "support:Describe*",
                 "tag:GetTagKeys",
-		"lambda:GetFunction"
+		        "lambda:GetFunction",
+                "glue:GetConnections",
+                "s3:GetAccountPublicAccessBlock"
             ],
             "Resource": "*",
             "Effect": "Allow",

From ffe147b5b5dd5a0aca7720fccdecafc017e1179d Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 27 Jul 2021 14:49:58 +0200
Subject: [PATCH 65/82] Added s3 and glue required permissions and removed
 obsoletes

---
 iam/create_role_to_assume_cfn.yaml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/iam/create_role_to_assume_cfn.yaml b/iam/create_role_to_assume_cfn.yaml
index 99e0a767..1e1140a1 100644
--- a/iam/create_role_to_assume_cfn.yaml
+++ b/iam/create_role_to_assume_cfn.yaml
@@ -55,14 +55,12 @@ Resources:
             Statement:
             - Effect: Allow
               Action:
-                - 'dax:ListTables'
                 - 'ds:ListAuthorizedApplications'
-                - 'ds:DescribeRoles'
                 - 'ec2:GetEbsEncryptionByDefault'
                 - 'ecr:Describe*'
                 - 'support:Describe*'
                 - 'tag:GetTagKeys'
                 - 'lambda:GetFunction'
-                - 'glue:GetConnections',
+                - 'glue:GetConnections'
                 - 's3:GetAccountPublicAccessBlock'
               Resource: '*'

From 4d6285f1679a9409b04c9188862daa99846e3088 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 27 Jul 2021 14:52:23 +0200
Subject: [PATCH 66/82] Added s3 and glue required permissions and removed
 obsoletes

---
 iam/prowler-additions-policy.json | 2 --
 1 file changed, 2 deletions(-)

diff --git a/iam/prowler-additions-policy.json b/iam/prowler-additions-policy.json
index 441104ff..4ef43c5a 100644
--- a/iam/prowler-additions-policy.json
+++ b/iam/prowler-additions-policy.json
@@ -3,9 +3,7 @@
     "Statement": [
         {
             "Action": [
-                "dax:ListTables",
                 "ds:ListAuthorizedApplications",
-                "ds:DescribeRoles",
                 "ec2:GetEbsEncryptionByDefault",
                 "ecr:Describe*",
                 "support:Describe*",

From 3f63b831793d48891b7973be0e07b17a38356a2e Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 27 Jul 2021 15:12:14 +0200
Subject: [PATCH 67/82] Added section with info about regions

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 57d04e6b..727b7242 100644
--- a/README.md
+++ b/README.md
@@ -185,6 +185,12 @@ Prowler has been written in bash using AWS-CLI and it works in Linux and OSX.
 
     Valid check numbers are based on the AWS CIS Benchmark guide, so 1.1 is check11 and 3.10 is check310
 
+### Regions
+
+By default Prowler scans all opt-in regions available, that might take a long execution time depending on the number of resources and regions used. Same applies for GovCloud or China regions. See below Advance usage for examples.
+
+Prowler has to parameters related to regions: `-r` that is used query AWS services API endpoints (it uses `us-east-1` by default and required for GovCloud or China) and the option `-f` that is to filter those regions you only want to scan. For example if you want to scan Dublin only use `-f eu-west-1` and if you want to scan Dublin and Ohio `-f 'eu-west-1 us-east-s'`, note the single quotes and space between regions.
+
 ## Screenshots
 
 - Sample screenshot of report first lines:

From 52e04406dcb59fda6756b376bfb513eab983420d Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Thu, 29 Jul 2021 17:03:04 +0200
Subject: [PATCH 68/82] Added servicename to the title for ASFF

---
 include/outputs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/outputs b/include/outputs
index d1dccad2..d9c53d02 100644
--- a/include/outputs
+++ b/include/outputs
@@ -326,7 +326,7 @@ generateJsonAsffOutput(){
   local status=$2
   
   #Checks to determine if the rule passes in a resource name that prowler uses to track the AWS Resource for whitelisting purposes
-  if [ -z $3 ]; then
+  if [[ -z $3 ]]; then
     local resource_id="NONE_PROVIDED"
   else
     local resource_id=$3
@@ -337,7 +337,7 @@ generateJsonAsffOutput(){
   fi
   jq -M -c \
   --arg ACCOUNT_NUM "$ACCOUNT_NUM" \
-  --arg TITLE_TEXT "$TITLE_TEXT" \
+  --arg TITLE_TEXT "$CHECK_SERVICENAME.$TITLE_TEXT" \
   --arg MESSAGE "$(echo -e "${message}")" \
   --arg UNIQUE_ID "$(LC_ALL=C echo -e -n "${message}" | tr -cs '[:alnum:]._~-' '_')" \
   --arg STATUS "$status" \

From 26d310e35b50f783603882568f11c83f0e948a37 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Thu, 29 Jul 2021 18:37:57 +0200
Subject: [PATCH 69/82] Updated Prowler additions policy

---
 iam/prowler-additions-policy.json                |  1 +
 .../codebuild-prowler-audit-account-cfn.yaml     | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/iam/prowler-additions-policy.json b/iam/prowler-additions-policy.json
index 4ef43c5a..f0285c24 100644
--- a/iam/prowler-additions-policy.json
+++ b/iam/prowler-additions-policy.json
@@ -10,6 +10,7 @@
                 "tag:GetTagKeys",
 		        "lambda:GetFunction",
                 "glue:GetConnections",
+                "glue:SearchTables",
                 "s3:GetAccountPublicAccessBlock"
             ],
             "Resource": "*",
diff --git a/util/codebuild/codebuild-prowler-audit-account-cfn.yaml b/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
index 1022da6e..1af61a7a 100644
--- a/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
+++ b/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
@@ -179,6 +179,22 @@ Resources:
                   - s3:GetBucketLocation
                 Effect: Allow
                 Resource: !Sub 'arn:aws:s3:::${ArtifactBucket}/*'
+        - PolicyName: ProwlerAdditions
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Action:
+                  - s3:GetAccountPublicAccessBlock
+                  - glue:GetConnections
+                  - glue:SearchTables
+                  - ds:ListAuthorizedApplications
+                  - ec2:GetEbsEncryptionByDefault
+                  - ecr:Describe*
+                  - support:Describe*
+                  - tag:GetTagKeys
+                  - lambda:GetFunction
+                Effect: Allow
+                Resource: !Sub 'arn:aws:glue:${AWS::Region}:${AWS::AccountId}:catalog'
         - PolicyName: CodeBuild
           PolicyDocument:
             Version: '2012-10-17'

From 3a66ca336ae23fb38f7c5ceef712a607b23e7289 Mon Sep 17 00:00:00 2001
From: daniel <danielperezcascon@gmail.com>
Date: Mon, 2 Aug 2021 13:23:16 +0200
Subject: [PATCH 70/82] changes made so there is enough colour contrast for
 WCAG 2.1 accessibility standards

---
 include/html_report |  4 ++++
 include/outputs     | 12 ++++++------
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/include/html_report b/include/html_report
index 42db8626..3dec6ae6 100644
--- a/include/html_report
+++ b/include/html_report
@@ -25,6 +25,10 @@ addHtmlHeader() {
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <!-- Required meta tags -->
   <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+  <style>
+	.read-more {color:#00f;}
+	.bg-success-custom {background-color: #70dc88 !important;}
+  </style>
   <!-- Bootstrap CSS -->
   <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
   <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.21/b-1.6.2/sl-1.3.1/datatables.min.css"/>
diff --git a/include/outputs b/include/outputs
index 9d51f823..1f6e9178 100644
--- a/include/outputs
+++ b/include/outputs
@@ -362,11 +362,11 @@ generateHtmlOutput(){
       echo '<td>'$CHECK_CAF_EPIC'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+      echo '<td><a class="read-more" href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
   if [[ $status == "PASS" ]];then
-    echo '<tr class="p-3 mb-2 bg-success">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+    echo '<tr class="p-3 mb-2 bg-success-custom">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><i class="fas fa-thumbs-up"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td>PASS</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
@@ -380,7 +380,7 @@ generateHtmlOutput(){
       echo '<td>'$CHECK_CAF_EPIC'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+      echo '<td><a class="read-more" href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
   if [[ $status == "FAIL" ]];then
@@ -398,7 +398,7 @@ generateHtmlOutput(){
       echo '<td>'$CHECK_CAF_EPIC'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+      echo '<td><a class="read-more" href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
   if [[ $status == "WARNING" ]];then
@@ -416,7 +416,7 @@ generateHtmlOutput(){
       echo '<td>'$CHECK_CAF_EPIC'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_RISK'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><p class="show-read-more">'$CHECK_REMEDIATION'</p></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><a href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+      echo '<td><a class="read-more" href="'$CHECK_DOC'">'$CHECK_DOC'</a></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>'>> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
-}
\ No newline at end of file
+}

From 558a9b5f2edaafdd4837be7f291f5987681e4454 Mon Sep 17 00:00:00 2001
From: Ramon <w0rmr1d3r@users.noreply.github.com>
Date: Fri, 6 Aug 2021 11:46:45 +0200
Subject: [PATCH 71/82] ignore secrets folder when scanning for secrets

---
 .gitignore | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.gitignore b/.gitignore
index 7644e14e..f6e46e88 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,6 +14,7 @@ Sessionx.vim
 *~
 # Auto-generated tag files
 tags
+
 # Persistent undo
 [._]*.un~
 
@@ -23,6 +24,9 @@ tags
 # Prowler output
 output/
 
+# Prowler found secrets
+secrets-*/
+
 # JUnit Reports
 junit-reports/
 

From 62050e2e349f64bfd8088eb0aadd4bae89f8ef5e Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 10 Aug 2021 14:01:40 +0200
Subject: [PATCH 72/82] Added PROWLER_START_TIME to CSV for reports

---
 include/csv_header | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/csv_header b/include/csv_header
index 30d731db..1c01f93d 100644
--- a/include/csv_header
+++ b/include/csv_header
@@ -15,6 +15,6 @@
 printCsvHeader() {
   # >&2 echo ""
   # >&2 echo "Generating \"${SEP}\" delimited report on stdout for profile $PROFILE, account $ACCOUNT_NUM"
-      echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}CHECK_RESULT${SEP}ITEM_SCORED${SEP}ITEM_LEVEL${SEP}TITLE_TEXT${SEP}CHECK_RESULT_EXTENDED${SEP}CHECK_ASFF_COMPLIANCE_TYPE${SEP}CHECK_SEVERITY${SEP}CHECK_SERVICENAME${SEP}CHECK_ASFF_RESOURCE_TYPE${SEP}CHECK_ASFF_TYPE${SEP}CHECK_RISK${SEP}CHECK_REMEDIATION${SEP}CHECK_DOC${SEP}CHECK_CAF_EPIC${SEP}CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+      echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}CHECK_RESULT${SEP}ITEM_SCORED${SEP}ITEM_LEVEL${SEP}TITLE_TEXT${SEP}CHECK_RESULT_EXTENDED${SEP}CHECK_ASFF_COMPLIANCE_TYPE${SEP}CHECK_SEVERITY${SEP}CHECK_SERVICENAME${SEP}CHECK_ASFF_RESOURCE_TYPE${SEP}CHECK_ASFF_TYPE${SEP}CHECK_RISK${SEP}CHECK_REMEDIATION${SEP}CHECK_DOC${SEP}CHECK_CAF_EPIC${SEP}CHECK_RESOURCE_ID${SEP}PROWLER_START_TIME" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
       # echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}RESULT${SEP}SCORED${SEP}LEVEL${SEP}TITLE_TEXT${SEP}NOTES${SEP}COMPLIANCE${SEP}SEVERITY${SEP}SERVICENAME" | tee -a $OUTPUT_FILE_NAME.$EXTENSION_CSV
 }

From c6203bf9e313277c9982ca367fe270a4b514397f Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 10 Aug 2021 14:02:21 +0200
Subject: [PATCH 73/82] Clean up redentials report output

---
 include/credentials_report | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/credentials_report b/include/credentials_report
index 8a98e2de..3741e89a 100644
--- a/include/credentials_report
+++ b/include/credentials_report
@@ -13,7 +13,7 @@
 
 # Generate Credential Report
 genCredReport() {
-  textTitle "0.1" "Generating AWS IAM Credential Report..." "NOT_SCORED" "SUPPORT"
+  textTitle "" "Generating AWS IAM Credential Report..."
   for i in $(seq 1 60); do
     GENERATECREDENTIALREPORTOUTPUT=$($AWSCLI iam generate-credential-report --output text --query 'State' $PROFILE_OPT --region $REGION 2>&1)
     if [[ $(echo "$GENERATECREDENTIALREPORTOUTPUT" | grep AccessDenied) ]]; then

From cdf99c96000f8748b7848300ee60f82c069c73a9 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 10 Aug 2021 14:03:13 +0200
Subject: [PATCH 74/82] Removed scored info from title

---
 prowler | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/prowler b/prowler
index a67bf35d..23a7fb7b 100755
--- a/prowler
+++ b/prowler
@@ -45,7 +45,7 @@ SEP=','
 KEEPCREDREPORT=0
 EXITCODE=0
 SEND_TO_SECURITY_HUB=0
-SCRIPT_START_TIME=$( date -u +"%Y-%m-%dT%H:%M:%S%z" )
+PROWLER_START_TIME=$( date -u +"%Y-%m-%dT%H:%M:%S%z" )
 TITLE_ID=""
 TITLE_TEXT="CALLER ERROR - UNSET TITLE"
 WHITELIST_FILE=""
@@ -357,7 +357,7 @@ show_check_title() {
 show_group_title() {
 	# when csv mode is used, no group title is shown
   if [[ "$MODE" != "csv" ]]; then
-      textTitle "${GROUP_NUMBER[$1]}" "${GROUP_TITLE[$1]}" "NOT_SCORED" "SUPPORT"
+      textTitle "${GROUP_NUMBER[$1]}" "${GROUP_TITLE[$1]}"
   fi
 }
 

From d869c748fb23e98ed777961a99601e0f8de3ad92 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 10 Aug 2021 14:07:31 +0200
Subject: [PATCH 75/82] Now shows default output regardless custom outputs
 called with -M

---
 include/outputs | 42 ++++++++++++++++++++++--------------------
 prowler         |  4 ++--
 2 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/include/outputs b/include/outputs
index 6e28afd6..e1971d0a 100644
--- a/include/outputs
+++ b/include/outputs
@@ -97,7 +97,7 @@ textPass(){
     REPREGION=$REGION
   fi
   if [[ "${MODES[@]}" =~ "csv" ]]; then
-    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID${SEP}$PROWLER_START_TIME" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
   fi
   if [[ "${MODES[@]}" =~ "json" ]]; then
     generateJsonOutput "$1" "Pass" "$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_JSON
@@ -115,9 +115,10 @@ textPass(){
   if [[ "${MODES[@]}" =~ "mono" ]]; then
     echo "      $OK PASS!$NORMAL $1" >> ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
   fi
-  if [[ "${MODES[@]}" =~ "text" || "${MODES[@]}" =~ "mono" ]]; then
+  # if [[ "${MODES[@]}" =~ "text" || "${MODES[@]}" =~ "mono" ]]; then
+    # runs showing console output no mater what output is selected
     echo "      $OK PASS!$NORMAL $1"
-  fi
+  # fi
   if [[ "${MODES[@]}" =~ "html" ]]; then
     generateHtmlOutput "$1" "PASS"
   fi
@@ -138,7 +139,7 @@ textInfo(){
     REPREGION=$REGION
   fi
   if [[ "${MODES[@]}" =~ "csv" ]]; then
-    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID${SEP}$PROWLER_START_TIME" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
   fi
   if [[ "${MODES[@]}" =~ "json" ]]; then
     generateJsonOutput "$1" "Info" "$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
@@ -149,9 +150,9 @@ textInfo(){
   if [[ "${MODES[@]}" =~ "mono" ]]; then
     echo "      $NOTICE INFO! $1 $NORMAL" >> ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
   fi
-  if [[ "${MODES[@]}" =~ "text" ]]; then
+  # if [[ "${MODES[@]}" =~ "text" ]]; then
     echo "      $NOTICE INFO! $1 $NORMAL"
-  fi
+  # fi
   if [[ "${MODES[@]}" =~ "html" ]]; then
     generateHtmlOutput "$1" "INFO" "$CHECK_RESOURCE_ID"
   fi
@@ -194,7 +195,7 @@ textFail(){
   fi
 
   if [[ "${MODES[@]}" =~ "csv" ]]; then
-    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID${SEP}$PROWLER_START_TIME" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
   fi
   if [[ "${MODES[@]}" =~ "json" ]]; then
     generateJsonOutput "$1" "${level}" "$CHECK_RESOURCE_ID">> ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
@@ -216,9 +217,9 @@ textFail(){
   if [[ "${MODES[@]}" =~ "mono" ]]; then
     echo "      $colorcode ${level}! $1 $NORMAL" >> ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
   fi
-  if [[ "${MODES[@]}" =~ "text" ]]; then
+  # if [[ "${MODES[@]}" =~ "text" ]]; then
     echo "      $colorcode ${level}! $1 $NORMAL"
-  fi
+  # fi
   if [[ "${MODES[@]}" =~ "html" ]]; then
     generateHtmlOutput "$1" "${level}" "$CHECK_RESOURCE_ID"
   fi
@@ -261,17 +262,18 @@ textTitle(){
     group_ids="$CYAN[$5]$NORMAL"
   # fi
 
-  if [[ "${MODES[@]}" =~ "csv" ]]; then
-    >&2 echo "$TITLE_ID $TITLE_TEXT" >> ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
-  elif [[ "${MODES[@]}" =~ "json" || "${MODES[@]}" =~ "json-asff" ]]; then
-    :
-  else
-    # if [[ "$ITEM_SCORED" == "Scored" ]]; then
-       echo -e "$TITLE_ID $CHECK_SERVICENAME $TITLE_TEXT $CHECK_SEVERITY $group_ids "
-    # else
-    #   echo -e "\n$PURPLE $TITLE_ID $TITLE_TEXT $6 $NORMAL $group_ids "
-    # fi
-  fi
+  # if [[ "${MODES[@]}" =~ "csv" ]]; then
+  #   >&2 echo "$TITLE_ID $TITLE_TEXT" >> ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
+  # elif [[ "${MODES[@]}" =~ "json" || "${MODES[@]}" =~ "json-asff" ]]; then
+  #   :
+  # else
+  #   # if [[ "$ITEM_SCORED" == "Scored" ]]; then
+  #      echo -e "$TITLE_ID $CHECK_SERVICENAME $TITLE_TEXT $CHECK_SEVERITY $group_ids "
+        echo -e "$TITLE_ID $TITLE_TEXT $CHECK_SERVICENAME $CHECK_SEVERITY"
+  #   # else
+  #   #   echo -e "\n$PURPLE $TITLE_ID $TITLE_TEXT $6 $NORMAL $group_ids "
+  #   # fi
+  # fi
 }
 
 generateJsonOutput(){
diff --git a/prowler b/prowler
index 23a7fb7b..6b3f2798 100755
--- a/prowler
+++ b/prowler
@@ -580,9 +580,9 @@ get_all_checks_without_exclusion() {
 }
 
 ### All functions defined above ... run the workflow
-if [[ " ${MODES[@]} " =~ " mono " || " ${MODES[@]} " =~ " text " ]]; then
+#if [[ " ${MODES[@]} " =~ " mono " || " ${MODES[@]} " =~ " text " ]]; then
   prowlerBanner
-fi
+#fi
 
 # List only check tittles
 if [[ $PRINTCHECKSONLY == "1" ]]; then

From f418c706b5009888bebd32eea76e20b1ff9c2204 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 10 Aug 2021 15:13:14 +0200
Subject: [PATCH 76/82] Removed extra756 from extras as duplicated

---
 groups/group7_extras | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/groups/group7_extras b/groups/group7_extras
index c61e7980..a8359bb6 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,11 +15,11 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`
 
 # Extras 789 and 790 VPC trust boundaries are not included by default in Extras
 # to run trust-boundaries use `./prowler -g trustboundaries`
-# read more in https://github.com/toniblyx/prowler/#trust-boundaries-checks
\ No newline at end of file
+# read more in https://github.com/toniblyx/prowler/#trust-boundaries-checks

From c8e9cf2e77af3d284eed5a4ee01fda527a25620e Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 10 Aug 2021 17:00:18 +0200
Subject: [PATCH 77/82] Tested new checks 7143 to 7147

---
 checks/check_extra7142 | 60 ++++++++++++++++++++----------------------
 checks/check_extra7143 | 16 +++++------
 checks/check_extra7144 |  8 +++---
 checks/check_extra7145 | 22 ++++++++--------
 checks/check_extra7146 | 42 ++++++++++++++---------------
 checks/check_extra7147 | 47 +++++++++++++++++++++++++++++++++
 groups/group7_extras   |  4 +--
 7 files changed, 121 insertions(+), 78 deletions(-)
 create mode 100644 checks/check_extra7147

diff --git a/checks/check_extra7142 b/checks/check_extra7142
index c246aa2d..5fbd6922 100644
--- a/checks/check_extra7142
+++ b/checks/check_extra7142
@@ -10,39 +10,35 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra7147="7.147"
-CHECK_TITLE_extra7147="[extra7147] Check if S3 Glacier vaults have policies which allow access to everyone"
-CHECK_SCORED_extra7147="NOT_SCORED"
-CHECK_TYPE_extra7147="EXTRA"
-CHECK_SEVERITY_extra7147="Critical"
-CHECK_ASFF_RESOURCE_TYPE_extra7147="AwsS3Glacier"
-CHECK_ALTERNATE_check7147="extra7142"
-CHECK_SERVICENAME_extra7147="s3glacier"
-CHECK_RISK_extra7147='Vaults accessible to everyone could expose sensible data to bad actors'
-CHECK_REMEDIATION_extra7147='Ensure vault policy does not have principle as *'
-CHECK_DOC_extra7147='https://docs.aws.amazon.com/amazonglacier/latest/dev/access-control-overview.html'
-CHECK_CAF_EPIC_extra7147='Data Protection'
+CHECK_ID_extra7142="7.142"
+CHECK_TITLE_extra7142="[extra7142] Check if Application Load Balancer is dropping invalid packets to prevent header based http request smuggling"
+CHECK_SCORED_extra7142="NOT_SCORED"
+CHECK_TYPE_extra7142="EXTRA"
+CHECK_SEVERITY_extra7142="Medium"
+CHECK_ASFF_RESOURCE_TYPE_extra7142="AwsElasticLoadBalancingV2LoadBalancer"
+CHECK_ALTERNATE_check7142="extra7142"
+CHECK_ASFF_COMPLIANCE_TYPE_extra7142=""
+CHECK_SERVICENAME_extra7142="elb"
+CHECK_RISK_extra7142='ALB can be target of actors sendingn bad http headers'
+CHECK_REMEDIATION_extra7142='Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true)'
+CHECK_DOC_extra7142='https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#desync-mitigation-mode'
+CHECK_CAF_EPIC_extra7142='Data Protection'
 
-extra7147(){
+
+extra7142(){
   for regx in $REGIONS; do
-  LIST_OF_VAULTS=$($AWSCLI glacier list-vaults $PROFILE_OPT --region $regx --account-id $ACCOUNT_NUM --query VaultList[*].VaultName --output text|xargs -n1)
-  if [[ $LIST_OF_VAULTS ]]; then
-    for vault in $LIST_OF_VAULTS;do
-      VAULT_POLICY_STATEMENTS=$($AWSCLI glacier $PROFILE_OPT get-vault-access-policy --region $regx --account-id $ACCOUNT_NUM --vault-name $vault --output json --query policy.Policy 2>&1)
-      if [[ $VAULT_POLICY_STATEMENTS == *GetVaultAccessPolicy* ]]; then
-        textInfo "$regx: Vault $vault doesn't have any policy" "$regx" "$vault"
-      else
-        VAULT_POLICY_BAD_STATEMENTS=$(echo $VAULT_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow") | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
-        if [[ $VAULT_POLICY_BAD_STATEMENTS != "" ]]; then
-          textFail "$regx: Vault $vault has policy which allows access to everyone" "$regx" "$vault"
+    LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[?Type == `application`].[LoadBalancerArn]' --output text)
+    if [[ $LIST_OF_ELBSV2 ]];then
+      for alb in $LIST_OF_ELBSV2;do
+        CHECK_IF_DROP_INVALID_HEADER_FIELDS=$($AWSCLI elbv2 describe-load-balancer-attributes $PROFILE_OPT --region $regx --load-balancer-arn $alb --query 'Attributes[6]' --output text|grep -i true)
+        if [[ $CHECK_IF_DROP_INVALID_HEADER_FIELDS ]];then
+          textPass "$regx: Application Load Balancer $alb is dropping invalid header fields." "$regx" "$alb"
         else
-          textPass "$regx: Vault $vault has policy which does not allow access to everyone" "$regx" "$vault"
+          textFail "$regx: Application Load Balancer $alb is not dropping invalid header fields" "$regx" "$alb"
         fi
-      fi
-    done
-
-  else
-    textInfo "$regx: No Glacier vaults found" "$regx"
-  fi
- done
-}
\ No newline at end of file
+      done
+    else 
+      textInfo "$regx: no ALBs found"
+    fi
+  done
+}
diff --git a/checks/check_extra7143 b/checks/check_extra7143
index fbd1c324..09f24131 100644
--- a/checks/check_extra7143
+++ b/checks/check_extra7143
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7143="7.143"
-CHECK_TITLE_extra7143="[extra7143] Check if EFS have policies which allow access to everyone (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7143="[extra7143] Check if EFS have policies which allow access to everyone"
 CHECK_SCORED_extra7143="NOT_SCORED"
 CHECK_TYPE_extra7143="EXTRA"
 CHECK_SEVERITY_extra7143="Critical"
@@ -25,25 +25,25 @@ CHECK_CAF_EPIC_extra7143='Data Protection'
 
 extra7143(){
   # "Check if EFS have policies which allow access to everyone (Not Scored) (Not part of CIS benchmark)"
-  for region in $REGIONS; do
-  LIST_OF_EFS_IDS=$($AWSCLI efs describe-file-systems $PROFILE_OPT --region $region --query FileSystems[*].FileSystemId --output text|xargs -n1)
+  for regx in $REGIONS; do
+  LIST_OF_EFS_IDS=$($AWSCLI efs describe-file-systems $PROFILE_OPT --region $regx --query FileSystems[*].FileSystemId --output text|xargs -n1)
   if [[ $LIST_OF_EFS_IDS ]]; then
     for efsId in $LIST_OF_EFS_IDS;do
-      EFS_POLICY_STATEMENTS=$($AWSCLI efs $PROFILE_OPT describe-file-system-policy --region $region --file-system-id $efsId --output json --query Policy 2>&1)
+      EFS_POLICY_STATEMENTS=$($AWSCLI efs $PROFILE_OPT describe-file-system-policy --region $regx --file-system-id $efsId --output json --query Policy 2>&1)
       if [[ $EFS_POLICY_STATEMENTS == *PolicyNotFound* ]]; then
-        textFail "$region:  EFS: $efsId doesn't have any policy which means it grants full access to any client" "$region" "$efsId"
+        textFail "$regx:  EFS: $efsId doesn't have any policy which means it grants full access to any client" "$regx" "$efsId"
       else
         EFS_POLICY_BAD_STATEMENTS=$(echo $EFS_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow") | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
         if [[ $EFS_POLICY_BAD_STATEMENTS != "" ]]; then
-          textFail "$region: EFS: $efsId has policy which allows access to everyone" "$region" "$efsId"
+          textFail "$regx: EFS $efsId has policy which allows access to everyone" "$regx" "$efsId"
         else
-          textPass "$region: EFS: $efsId has policy which does not allow access to everyone" "$region" "$efsId"
+          textPass "$regx: EFS $efsId has policy which does not allow access to everyone" "$regx" "$efsId"
         fi
       fi
     done
 
   else
-    textInfo "$region: No EFS found" "$region"
+    textInfo "$regx: No EFS found" "$regx"
   fi
  done
 }
diff --git a/checks/check_extra7144 b/checks/check_extra7144
index 7f8192e9..5fc9a270 100644
--- a/checks/check_extra7144
+++ b/checks/check_extra7144
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7144="7.144"
-CHECK_TITLE_extra7144="[extra7144] Check if aws cloudwatch has allowed sharing with other accounts (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7144="[extra7144] Check if CloudWatch has allowed cross-account sharing"
 CHECK_SCORED_extra7144="NOT_SCORED"
 CHECK_TYPE_extra7144="EXTRA"
 CHECK_SEVERITY_extra7144="Medium"
@@ -21,15 +21,15 @@ CHECK_SERVICENAME_extra7144="cloudwatch"
 CHECK_RISK_extra7144=''
 CHECK_REMEDIATION_extra7144=''
 CHECK_DOC_extra7144='https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html'
-CHECK_CAF_EPIC_extra7144=''
+CHECK_CAF_EPIC_extra7144='Logging and Monitoring'
 
 extra7144(){
   # "Check if aws cloudwatch has allowed sharing with other accounts (Not Scored) (Not part of CIS benchmark)"
   CLOUDWATCH_CROSS_ACCOUNT_ROLE=$($AWSCLI iam get-role $PROFILE_OPT --role-name=CloudWatch-CrossAccountSharingRole --output json --query Role 2>&1)
   if [[ $CLOUDWATCH_CROSS_ACCOUNT_ROLE != *NoSuchEntity* ]]; then
       CLOUDWATCH_POLICY_BAD_STATEMENTS=$(echo $CLOUDWATCH_CROSS_ACCOUNT_ROLE | jq '.AssumeRolePolicyDocument')
-      textInfo "Cloudwatch has allowed cross account sharing"
+      textInfo "$REGION: CloudWatch has allowed cross-account sharing" "$REGION"
   else
-      textPass "CloudWatch doesn't allows cross account sharing"
+      textPass "$REGION: CloudWatch doesn't allows cross-account sharing" "$REGION"
   fi
 }
diff --git a/checks/check_extra7145 b/checks/check_extra7145
index d608d8c4..fa74b27b 100644
--- a/checks/check_extra7145
+++ b/checks/check_extra7145
@@ -11,39 +11,39 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7145="7.145"
-CHECK_TITLE_extra7145="[extra7145] Check if lambda functions have policies which allow access to every aws account (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7145="[extra7145] Check if Lambda functions have policies which allow access to any AWS account"
 CHECK_SCORED_extra7145="NOT_SCORED"
 CHECK_TYPE_extra7145="EXTRA"
 CHECK_SEVERITY_extra7145="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra7145="AwsLambda"
 CHECK_ALTERNATE_check7145="extra7145"
 CHECK_SERVICENAME_extra7145="lambda"
-CHECK_RISK_extra7145='Lambda function access to any aws account may result security issues'
-CHECK_REMEDIATION_extra7145='Ensure lambda function policiy does not allow access to any account'
+CHECK_RISK_extra7145='Lambda function access to any AWS account may result security issues'
+CHECK_REMEDIATION_extra7145='Ensure Lambda function policiy does not allow access to any account'
 CHECK_DOC_extra7145='https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html'
-CHECK_CAF_EPIC_extra7145=''
+CHECK_CAF_EPIC_extra7145='IAM'
 
 extra7145(){
   # "Check if lambda functions have policies which allow access to every aws account (Not Scored) (Not part of CIS benchmark)"
-  for region in $REGIONS; do
-  LIST_OF_LAMBDA_FUNCTIONS=$($AWSCLI lambda list-functions $PROFILE_OPT --region $region --query Functions[*].FunctionName --output text)
+  for regx in $REGIONS; do
+  LIST_OF_LAMBDA_FUNCTIONS=$($AWSCLI lambda list-functions $PROFILE_OPT --region $regx --query Functions[*].FunctionName --output text)
   if [[ $LIST_OF_LAMBDA_FUNCTIONS ]]; then
     for lambdaFunction in $LIST_OF_LAMBDA_FUNCTIONS;do
-      FUNCTION_POLICY_STATEMENTS=$($AWSCLI lambda $PROFILE_OPT get-policy --region $region --function-name $lambdaFunction --output json --query Policy 2>&1)
+      FUNCTION_POLICY_STATEMENTS=$($AWSCLI lambda $PROFILE_OPT get-policy --region $regx --function-name $lambdaFunction --output json --query Policy 2>&1)
       if [[ $FUNCTION_POLICY_STATEMENTS == *ResourceNotFoundException* ]]; then
-        textInfo "$region : Lambda function: $lambdaFunction doesn't have any policy" "$region" "$lambdaFunction"
+        textInfo "$regx: Lambda function $lambdaFunction doesn't have any policy" "$regx" "$lambdaFunction"
       else
         FUNCTION_POLICY_BAD_STATEMENTS=$(echo $FUNCTION_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow")	 | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
         if [[ $FUNCTION_POLICY_BAD_STATEMENTS != "" ]]; then
-          textFail "$region: Lambda function: $lambdaFunction allows public access to every aws account" "$region" "$lambdaFunction"
+          textFail "$regx: Lambda function $lambdaFunction allows public access to any AWS account" "$regx" "$lambdaFunction"
         else
-          textPass "$region: Lambda function: $lambdaFunction has policy which doesn't allow access to everyone having an aws account" "$region" "$lambdaFunction"
+          textPass "$regx: Lambda function $lambdaFunction has policy which doesn't allow access to everyone having an AWS account" "$regx" "$lambdaFunction"
         fi
       fi
     done
 
   else
-    textInfo "$region: No lambda functions found" "$region"
+    textInfo "$regx: No lambda functions found" "$regx"
   fi
  done
 }
diff --git a/checks/check_extra7146 b/checks/check_extra7146
index 980b9fa4..92ffb813 100644
--- a/checks/check_extra7146
+++ b/checks/check_extra7146
@@ -11,33 +11,33 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7146="7.146"
-CHECK_TITLE_extra7146="[extra7146] Check if there is any unassigned elastic ip's (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7146="[extra7146] Check if there is any unassigned Elastic IP"
 CHECK_SCORED_extra7146="NOT_SCORED"
 CHECK_TYPE_extra7146="EXTRA"
-CHECK_SEVERITY_extra7146="Medium"
+CHECK_SEVERITY_extra7146="Low"
 CHECK_ASFF_RESOURCE_TYPE_extra7146="AwsElasticIPs"
 CHECK_ALTERNATE_check7146="extra7146"
-CHECK_SERVICENAME_extra7146="elasticip"
-CHECK_RISK_extra7146='Unassigned elastic ips may result in extra cost'
-CHECK_REMEDIATION_extra7146='Ensure elastic ips are not unassigned'
+CHECK_SERVICENAME_extra7146="ec2"
+CHECK_RISK_extra7146='Unassigned Elastic IPs may result in extra cost'
+CHECK_REMEDIATION_extra7146='Ensure Elastic IPs are not unassigned'
 CHECK_DOC_extra7146='https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html'
-CHECK_CAF_EPIC_extra7146=''
+CHECK_CAF_EPIC_extra7146='Infrastructure Security'
 
 extra7146(){
   # "Check if there is any unassigned elastic ip (Not Scored) (Not part of CIS benchmark)"
-  for region in $REGIONS; do
-  ELASTIC_IP_ADDRESSES=$($AWSCLI ec2 describe-addresses $PROFILE_OPT --region $region --query Addresses --output json)
-  if [[ $ELASTIC_IP_ADDRESSES != [] ]]; then
-    LIST_OF_ASSOCIATED_IPS=$(echo $ELASTIC_IP_ADDRESSES | jq -r '.[] | select(.AssociationId!=null) | .PublicIp')
-    LIST_OF_UNASSOCIATED_IPS=$(echo $ELASTIC_IP_ADDRESSES | jq -r '.[] | select(.AssociationId==null) | .PublicIp')
-    for ass_ip in $LIST_OF_ASSOCIATED_IPS; do
-     textPass "$region: Elastic IP: $ass_ip is associated with an instance or network interface" "$region" "$ass_ip"
-     done
-    for unass_ip in $LIST_OF_UNASSOCIATED_IPS; do
-     textInfo "$region: Elastic IP: $unass_ip is not associated with any instance or network interface, it may incurr extra cost" "$region" "$unass_ip"
-     done
-  else
-    textInfo "$region: No elastic ip's found" "$region"
-  fi
- done
+  for regx in $REGIONS; do
+    ELASTIC_IP_ADDRESSES=$($AWSCLI ec2 describe-addresses $PROFILE_OPT --region $regx --query Addresses --output json)
+    if [[ $ELASTIC_IP_ADDRESSES != [] ]]; then
+      LIST_OF_ASSOCIATED_IPS=$(echo $ELASTIC_IP_ADDRESSES | jq -r '.[] | select(.AssociationId!=null) | .PublicIp')
+      LIST_OF_UNASSOCIATED_IPS=$(echo $ELASTIC_IP_ADDRESSES | jq -r '.[] | select(.AssociationId==null) | .PublicIp')
+      for ass_ip in $LIST_OF_ASSOCIATED_IPS; do
+      textPass "$regx: Elastic IP $ass_ip is associated with an instance or network interface" "$regx" "$ass_ip"
+      done
+      for unass_ip in $LIST_OF_UNASSOCIATED_IPS; do
+      textInfo "$regx: Elastic IP $unass_ip is not associated with any instance or network interface and it may incurr extra cost" "$regx" "$unass_ip"
+      done
+    else
+      textInfo "$regx: No Elastic IPs found" "$regx"
+    fi
+  done
 }
diff --git a/checks/check_extra7147 b/checks/check_extra7147
new file mode 100644
index 00000000..cff62c59
--- /dev/null
+++ b/checks/check_extra7147
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7147="7.147"
+CHECK_TITLE_extra7147="[extra7147] Check if S3 Glacier vaults have policies which allow access to everyone"
+CHECK_SCORED_extra7147="NOT_SCORED"
+CHECK_TYPE_extra7147="EXTRA"
+CHECK_SEVERITY_extra7147="Critical"
+CHECK_ASFF_RESOURCE_TYPE_extra7147="AwsGlacierVault"
+CHECK_ALTERNATE_check7147="extra7142"
+CHECK_SERVICENAME_extra7147="glacier"
+CHECK_RISK_extra7147='Vaults accessible to everyone could expose sensible data to bad actors'
+CHECK_REMEDIATION_extra7147='Ensure vault policy does not have principle as *'
+CHECK_DOC_extra7147='https://docs.aws.amazon.com/amazonglacier/latest/dev/access-control-overview.html'
+CHECK_CAF_EPIC_extra7147='Data Protection'
+
+extra7147(){
+  for regx in $REGIONS; do
+  LIST_OF_VAULTS=$($AWSCLI glacier list-vaults $PROFILE_OPT --region $regx --account-id $ACCOUNT_NUM --query VaultList[*].VaultName --output text|xargs -n1)
+  if [[ $LIST_OF_VAULTS ]]; then
+    for vault in $LIST_OF_VAULTS;do
+      VAULT_POLICY_STATEMENTS=$($AWSCLI glacier $PROFILE_OPT get-vault-access-policy --region $regx --account-id $ACCOUNT_NUM --vault-name $vault --output json --query policy.Policy 2>&1)
+      if [[ $VAULT_POLICY_STATEMENTS == *GetVaultAccessPolicy* ]]; then
+        textInfo "$regx: Vault $vault doesn't have any policy" "$regx" "$vault"
+      else
+        VAULT_POLICY_BAD_STATEMENTS=$(echo $VAULT_POLICY_STATEMENTS | jq '. | fromjson' | jq '.Statement[] | select(.Effect=="Allow") | select(.Principal=="*" or .Principal.AWS=="*" or .Principal.CanonicalUser=="*")')
+        if [[ $VAULT_POLICY_BAD_STATEMENTS != "" ]]; then
+          textFail "$regx: Vault $vault has policy which allows access to everyone" "$regx" "$vault"
+        else
+          textPass "$regx: Vault $vault has policy which does not allow access to everyone" "$regx" "$vault"
+        fi
+      fi
+    done
+  else
+    textInfo "$regx: No Glacier vaults found" "$regx"
+  fi
+ done
+}
\ No newline at end of file
diff --git a/groups/group7_extras b/groups/group7_extras
index 0276affc..9cc03fa8 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,11 +15,11 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142,extra7143,extra7144,extra7145,extra7146'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142,extra7143,extra7144,extra7145,extra7146,extra7147'
 
 # Extras 759 and 760 (lambda variables and code secrets finder are not included)
 # to run detect-secrets use `./prowler -g secrets`
 
 # Extras 789 and 790 VPC trust boundaries are not included by default in Extras
 # to run trust-boundaries use `./prowler -g trustboundaries`
-# read more in https://github.com/toniblyx/prowler/#trust-boundaries-checks
\ No newline at end of file
+# read more in https://github.com/toniblyx/prowler/#trust-boundaries-checks

From 9c3ab79510f314170ed3634535572955a860e707 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 10 Aug 2021 18:45:39 +0200
Subject: [PATCH 78/82] Removed Scored from title

---
 checks/check19 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check19 b/checks/check19
index 27a61f9d..e8b92818 100644
--- a/checks/check19
+++ b/checks/check19
@@ -12,7 +12,7 @@
 # specific language governing permissions and limitations under the License.
 
 CHECK_ID_check19="1.9"
-CHECK_TITLE_check19="[check19] Ensure IAM password policy requires minimum length of 14 or greater (Scored)"
+CHECK_TITLE_check19="[check19] Ensure IAM password policy requires minimum length of 14 or greater"
 CHECK_SCORED_check19="SCORED"
 CHECK_TYPE_check19="LEVEL1"
 CHECK_SEVERITY_check19="Medium"

From 3297fba2098298135857474e96e92240b5e7b9e2 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Tue, 10 Aug 2021 23:11:50 +0200
Subject: [PATCH 79/82] Added new checks to extras

---
 groups/group7_extras | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 groups/group7_extras

diff --git a/groups/group7_extras b/groups/group7_extras
new file mode 100644
index 00000000..5c2b7010
--- /dev/null
+++ b/groups/group7_extras
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+GROUP_ID[7]='extras'
+GROUP_NUMBER[7]='7.0'
+GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
+GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142,extra7143,extra7144,extra7145,extra7146,extra7147'
+
+# Extras 759 and 760 (lambda variables and code secrets finder are not included)
+# to run detect-secrets use `./prowler -g secrets`
+
+# Extras 789 and 790 VPC trust boundaries are not included by default in Extras
+# to run trust-boundaries use `./prowler -g trustboundaries`
+# read more in https://github.com/toniblyx/prowler/#trust-boundaries-checks
+
+

From 63233c9333288e9fd06e10c2eaf48911c1cf501e Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Thu, 12 Aug 2021 10:37:36 +0200
Subject: [PATCH 80/82] Changed check textTitle format for default output

---
 include/outputs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/outputs b/include/outputs
index e1971d0a..830404d2 100644
--- a/include/outputs
+++ b/include/outputs
@@ -227,7 +227,7 @@ textFail(){
 
 textTitle(){
   CHECKS_COUNTER=$((CHECKS_COUNTER+1))
-  TITLE_ID="$BLUE$1$NORMAL"
+  TITLE_ID="$1"
   if [[ $NUMERAL ]]; then
     # Left-pad the check ID with zeros to simplify sorting, e.g. 1.1 -> 1.01
     TITLE_ID=$(awk -F'.' '{ printf "%d.%02d", $1, $2 }' <<< "$TITLE_ID")
@@ -269,7 +269,7 @@ textTitle(){
   # else
   #   # if [[ "$ITEM_SCORED" == "Scored" ]]; then
   #      echo -e "$TITLE_ID $CHECK_SERVICENAME $TITLE_TEXT $CHECK_SEVERITY $group_ids "
-        echo -e "$TITLE_ID $TITLE_TEXT $CHECK_SERVICENAME $CHECK_SEVERITY"
+        echo -e "$TITLE_ID $TITLE_TEXT - $CHECK_SERVICENAME $CHECK_SEVERITY"
   #   # else
   #   #   echo -e "\n$PURPLE $TITLE_ID $TITLE_TEXT $6 $NORMAL $group_ids "
   #   # fi
@@ -429,4 +429,4 @@ generateHtmlOutput(){
   echo '  <td>'$CHECK_RESOURCE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-}
\ No newline at end of file
+}

From e39ff9683ced09b1ac33f3db204d8cba810dc21b Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Thu, 12 Aug 2021 10:38:59 +0200
Subject: [PATCH 81/82] Set new version 2.5.0-12August2021

---
 prowler | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/prowler b/prowler
index 6b3f2798..879f73b9 100755
--- a/prowler
+++ b/prowler
@@ -32,7 +32,7 @@ OPTRED=""
 OPTNORMAL=""
 
 # Set the defaults variables
-PROWLER_VERSION=2.5.0-05July2021
+PROWLER_VERSION=2.5.0-12August2021
 PROWLER_DIR=$(dirname "$0")
 
 REGION=""

From e0f60114f4465205cf782aea108c521d84a7f78d Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Fri, 13 Aug 2021 10:05:56 +0200
Subject: [PATCH 82/82] Consolidated license file

---
 LICENSE            | 6 +-----
 LICENSE-APACHE-2.0 | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/LICENSE b/LICENSE
index f764ae67..b9b7f40f 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,2 @@
-All CIS based checks in the checks folder are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License.
-The link to the license terms can be found at
-https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode
-
-Any other piece of code is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at
+Apache License 2.0 as specified in each file. You may obtain a copy of the License at LICENSE-APACHE-2.0 and 
 http://www.apache.org/licenses/LICENSE-2.0
diff --git a/LICENSE-APACHE-2.0 b/LICENSE-APACHE-2.0
index cd482d89..46de5eb1 100644
--- a/LICENSE-APACHE-2.0
+++ b/LICENSE-APACHE-2.0
@@ -186,7 +186,7 @@ file or class name and description of purpose be included on the
 same "printed page" as the copyright notice for easier
 identification within third-party archives.
 
-Copyright [yyyy] [name of copyright owner]
+Copyright 2021 Toni de la Fuente
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.