From 84d3e4bbb7c44fb158a00dd0b48708cf9cb6dcec Mon Sep 17 00:00:00 2001 From: Takumi Yanagawa Date: Wed, 6 Dec 2023 15:38:07 +0900 Subject: [PATCH] Separate docs from C2P for OCM and C2P for Kyverno Signed-off-by: Takumi Yanagawa --- README.md | 104 +++++------------------- docs/images/e2e-pm.drawio | 165 ++++++++++++++++++++++++++++++++++++++ docs/images/e2e-pm.png | Bin 0 -> 99922 bytes docs/kyverno/README.md | 112 ++++++++++++++++++++++++++ docs/ocm/README.md | 10 ++- 5 files changed, 305 insertions(+), 86 deletions(-) create mode 100644 docs/images/e2e-pm.drawio create mode 100644 docs/images/e2e-pm.png create mode 100644 docs/kyverno/README.md diff --git a/README.md b/README.md index 5cabb44..f830bc0 100644 --- a/README.md +++ b/README.md @@ -1,98 +1,34 @@ # compliance-to-policy Compliance-to-Policy (C2P) provides the framework to bridge Compliance administration and Policy administration by [OSCAL](https://pages.nist.gov/OSCAL/). OSCAL (Open Security Controls Assessment Language) is a standardized framework developed by NIST for expressing and automating the assessment and management of security controls in machine-readable format (xml, json, yaml) -## Continuous Compliance by C2P +![C2P Overview](/docs/images/e2e-pm.png) -https://github.com/IBM/compliance-to-policy/assets/113283236/4b0b5357-4025-46c8-8d88-1f4c00538795 - -## Usage of C2P commands - -### C2P for Kyverno -Prepare Kyverno Policy Resources -- You can use [policy-resources for test](/pkg/testdata/kyverno/policy-resources) -- For bring your own policies, please see [Bring your own Kyverno Policy Resources](#bring-your-own-kyverno-policy-resources) - -#### Convert OSCAL to Kyverno Policy -``` -$ go run cmd/c2pcli/main.go kyverno oscal2policy -c ./pkg/testdata/kyverno/c2p-config.yaml -o /tmp/kyverno-policies -2023-10-31T07:23:56.291+0900 INFO kyverno/c2pcr kyverno/configparser.go:53 Component-definition is loaded from ./pkg/testdata/kyverno/component-definition.json - -$ tree /tmp/kyverno-policies -/tmp/kyverno-policies -└── allowed-base-images - ├── 02-setup-cm.yaml - └── allowed-base-images.yaml -``` - -#### Convert Policy Report to OSCAL Assessment Results +## Usage of C2P CLI ``` -$ go run cmd/c2pcli/main.go kyverno result2oscal -c ./pkg/testdata/kyverno/c2p-config.yaml -o /tmp/assessment-results +$ c2pcli -h +C2P CLI -$ tree /tmp/assessment-results -/tmp/assessment-results -└── assessment-results.json -``` +Usage: + c2pcli [flags] + c2pcli [command] -#### Reformat in human-friendly format (markdown file) -``` -$ go run cmd/c2pcli/main.go kyverno tools oscal2posture -c ./pkg/testdata/kyverno/c2p-config.yaml --assessment-results /tmp/assessment-results/assessment-results.json -o /tmp/compliance-report.md -``` +Available Commands: + completion Generate the autocompletion script for the specified shell + help Help about any command + kyverno C2P CLI Kyverno plugin + ocm C2P CLI OCM plugin + version Display version -``` -$ head -n 15 /tmp/compliance-report.md -## Catalog +Flags: + -h, --help help for c2pcli -## Component: Kubernetes -#### Result of control: cm-8.3_smt.a - -Rule ID: allowed-base-images -
Details - - - Subject UUID: 0b1adf1c-f6e2-46af-889e-39255e669655 - - Title: ApiVersion: v1, Kind: Pod, Namespace: argocd, Name: argocd-application-controller-0 - - Result: fail - - Reason: - ``` - validation failure: This container image's base is not in the approved list or is not specified. Only pre-approved base images may be used. Please contact the platform team for assistance. - ``` +Use "c2pcli [command] --help" for more information about a command. ``` -### Bring your own Kyverno Policy Resources -- You can download Kyverno Policies (https://github.com/kyverno/policies) as Policy Resources and modify them - 1. Run `kyverno tools load-policy-resources` command - ``` - $ go run cmd/c2pcli/main.go kyverno tools load-policy-resources --src https://github.com/kyverno/policies --dest /tmp/policies - ``` - ``` - $ tree /tmp/policies - /tmp/policies - ├── add-apparmor-annotations - │ └── add-apparmor-annotations.yaml - ├── add-capabilities - │ └── add-capabilities.yaml - ├── add-castai-removal-disabled - │ └── add-castai-removal-disabled.yaml - ├── add-certificates-volume - │ └── add-certificates-volume.yaml - ├── add-default-resources - ... - ``` - - You can check result.json about what resources are downloaded. - ``` - $ cat /tmp/policies/result.json - - ``` - - There are some policies that depend on context. Please add the context resources manually. result.json contains list of the policies that have context field - ``` - $ jq -r .summary.resourcesHavingContext /tmp/policies/result.json - [ - "allowed-podpriorities", - "allowed-base-images", - "advanced-restrict-image-registries", - ... - "require-linkerd-server" - ] - ``` +C2P is targeting a plugin architecture to cover not only OCM Policy Framework but also other types of PVPs. +Please go to the docs for each usage. +- [C2P for OCM](/docs/ocm/README.md) +- [C2P for Kyverno](/docs/kyverno/README.md) ## Build at local ``` diff --git a/docs/images/e2e-pm.drawio b/docs/images/e2e-pm.drawio new file mode 100644 index 0000000..0adb5b5 --- /dev/null +++ b/docs/images/e2e-pm.drawio @@ -0,0 +1,165 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/images/e2e-pm.png b/docs/images/e2e-pm.png new file mode 100644 index 0000000000000000000000000000000000000000..5a96786c33beade6b540b66735e27e41e31407e1 GIT binary patch literal 99922 zcmeFZ1z42bw>~_yQi9abiXuo4jkE};NT{STzyL!?cejMJK{wd6K{pc8pa?46NJ|Ui zw?`R7Up>Ei&wJkQ{0|ow%slhN-fOMB*1hhv_S{fWk|)Ba!G}N~MCZ<)xdee=!66V# zwgb4}$RPWXTi_pt-6i?ckeoKUX$VAK(_U87-on|))Eo(6=9BsMikVLqyf!pN7~3K& zn0a|j4Vn4QF!S;Xsb5qyGFCM)5aGS7dQQaA+D1?p90q4tA}o;K&QU=aBROHHqhD`g z;Vf^9ur^V&GDMn#^9-H8odx3+Qd4#_mFt$ZM?(1E6c~A!~o4W4aAGUj) zv4g20(r))|->$T`vNE?fwf^y-ft95t(!ljW@Kf)JIURrT7!A~a1rXj zWdnryACGF78rqxeo(mHc`8F8T>1UCq#wNRu7UmWD_JIWgee&*1>`V}bR!-lp|9a@F z;B2j|z?HIJbs~c_M+pxtmv7g}{pQoX@!KLTcc1-VU$8r1M})bRnBwlIg2KD9*)5#>1d+1Rdh9Q2W#`bbLylfRvS_<8?I0rCAtKtO29D$?MuJi;Dn zhD2H;ZU26f68tMA#s6zb0n3#GVv<9c8~ptin*h&WC?Q_KKUfIT5JdCc0B2=uZ(?O^ zWr;AC{eER6dtN&$2U`Q=?o~epczJZ> z|9bC#6!ZCa&2b;-`PWS3H|qXsB>#o7{|&tw3iI#?@$G4EAAFD&;Nbxg9j)VaR_3M# zC@d;%Xklt;3KkDAVJk~;KnASZ|1{YAv__2(hC+y6LP33gK>;3qFfb!4OMA4ZLcwcu zgg(+-#mdg~>!|q77xm6r}J-f+PAnt(q)ZuO9%sd z6fFM>avC)JMvFv*4~??-3FTLK9GxluMA0kkf*=xF0Y47;tx^_5PK=d*~l7$i1cetCai4 zr2J1+bsE)KW{Az^X+`wg|tt0RYzy+w-S~&s^@_(~O zfT8IRw1?*Vl`{Uj43r-@+Mj&wzl6#EDr}8T4|%u%Fb9#~dx|K?C%pUqd#;Dd7*XOx z;dIoQKWBQsb>x3FD(6S1=xE3OEd~5Twgs|M1PU*sPqRiPabLsaud_PApLjQZp>Mg@ z9-;kH7WjwrcgOXe&HXllUq21dpj;xm(Ph_)!2`K?1VFBY{@Ddb=n4FJ*$4lxkf@+J z3NBcK%)=P<0{s7az|IJ5rumvfLJ*TCE1z-k1#(-kLEUj!U z5Fq;p_uxUL343QD5q9>R2s?1aA5Sz#+Jh{H6Fknq)YACd=RDTmM#6*6AvkxT3F;~O z2s@;?=~u=9jCFTV=+Wd z0#$24<&NJ>pNCaNT?K_4zfo{1vMP2b(R%*P^ughMCh?Qo`+Go4l!@(Q8~DJF99V>Z zM#3og6ZRAk`bE%(p=pBsNC<}ZCg|1s?_`Ype}tcVhRu2gX=iE+ieJ1um+b-N3>5jd z)Xs0?#y_973!o$UuA_wgG9lXo1^d;2Ms5Fz76gD?QKH=kzAho{9DsNH-z#z9T`Ki^ zX!<^8uL1@;#7u1Nk;obKy9GfQI&S_)j`)wvfQrmHW?mUo3{;i@NmM>`=+&52a<) z?S68J|5j=FYt8#>MI7)XD6jeTfEJ1h;SvBbVE4dxrsN-2#Q`<kkMXcc%QS}1Bm;*C3;PwW%=)9fuN}Vb^iOjrK&B`&K?v`|0B8lw0QJ+ zkbFo%AkH7lM9iSO0V&KQj9LhPf+S%gKlM(a*}VOdL|fpWF3DZ^vQLuAmt~|c0Cd1A z1OCbZ?i@%3$W>0}4ASWDno|Gsi1EJxE;s|n2<(6l&2OMX(qCF568d9`xTi>IJ3FME z-7fR>Em8kJMgAUI{M^jM&;M8ESZL6>Z$&DAPE%V;&|~($xunhaqZi~u*Oc~oL3HTY z?*#u0@Qv<)*(dTnQt>BF5%@)Uq$Lt`8lhSZej9`TcPF`g=$`0(y7?v7h*sEt66?`a z@~@Qh|1jgrhnDR>(!rmxKty(XF8Ar+zcBv427vy&^908CD=)p*&$i!Z{3&}+U}%{3 zn*TBL?vvx+dv_H~@K;pYFXKDf1plM>{>KdTZ@<5am*=k) z(I1;rzKIC9#J~LxD_;J;R#tz^gTKlOuvLHGJyyKJf31xESUdfHF~tO1+kX)Y(71Yk zDEL$S+-~jkH*oPEZ*BX{z9l}ve?-XtGvM*(;Qa6GTteg9AFCRCU-!oR9@_pEXZ{R6 z|0$%1-bJ(@DWZ|ge|uY|z;2qfi{SXt6gfIP{-$hT;rvq{<=QkDUxtB$t+~r-TZDlb zYH#j8D$sqe=AoSF&l?HNkw&O{pj&|d;Wk3sZ(nY*cL91A;ohbtL(n#9u)9kUv?`;% z_T*2|4*!qMF#_l+)_&~>>^ipn+Cisd|AKaa&zw{j8z+DY^a=UdzN-RGV7jfw8{KkuQ%u3A}#XSFCAxoLVoQD z1=2KM7XRpzTrC3Rqhd1I^h->)I(*k$zO=6=*?q7tb(&8aA1HR3*m7fth<9sq8(3dX zE>2q5v>-NQI)eGr@4;h3$IT6iIDS6P1i8W0kNwlhOp#KUhv5gWXQs(YVW0WoH(g=f z`#{i-zsDoJ&uCx{Uo#;k!T8}fa;i)Gk0UvLq%%sYh~~;qcg8+mVt?qTI|oT&9z1K$ zOp+5o`Qx2QFu<^}{%_d(1^$21{?CmBa&W8!djI-oUHc!+9{c<`sr1Y{kXNfKdOX5{ zot8>xS94@?Sx(h3 z)3dbX!X>7Iu0Hm|CBlrb@sF9rP#EBFVE$q8JUjwc1Y4tAeQ{`?9#5}ZZyw^govp2Y z^67Ss!3vM*O`3TE=}?zs;{7%NUiX4WWq#}yy zJ6?RSW$fi`(uhEIx*OcDRn`^8i*=t}+IN}{FH>sZ6fb7nNbQBTmoHzYO|d;Hu2C4s zxrO=KW&iSviU#*%?)@YeM#D)b?z-a1ykxt%RD=j9F=ne4&tMKly9`xJOc9Y2c1`5u z5GCpH6Bh+Dd$8=^T3;BysLi7BvRr#$gYO2SgoUYiBp%?vGRv-233t_7>ODSKN z>h*BF8$K>4H3XM9t4B{W9!NFSNw&MlV{)IyuVHyP$%Z+}I)u__!55PQ*ZKHHqwdW7Y8z{a_i|{pXIiAe`vaStQ2usWKV@)Vyo}a-gv{k^ zM+P$YmL&duvy`KrBNukOq$$MxV~(iH zM?+e;<_C7R7kRG_2%u*iBt=7Z0Jqf+B;HWRA|#zEl{$!PO>o3~NTv z;`H;g%i;3&&#xgJbt)OWD9QEOZ6MbCveQ6YbO%z2$_;nw43Tlo^mywz+Be{n?M`o&p6YdQKo&2^;RaBV z4{;e-pYV2p)cc=q8};lQ7ZyG&)n6ty*;Y%;_neOp)&->-7T#!q&LRnQ#^R^M`EWne zA%4=!Jl>;yGndc8jR;*!(r4Tn zs_!T!ENUL{w!=uI!yg{fBWb{L?tv!4RlHwPQ*XGvI>CP*kB25uk0b?CxC^Qx^~Q#- zZ$a23DQ5D*Ti5pN*n2FCK`M=Dkr&KvPo1Bc3o-k6|9E+EdRUe|jSZ|vdT-HFL;^w7 zL>CZNeNKzyI}YV{D%O7##U33iv`X*oL61k}AHvljZGa!C(kK$pP-ud9N8{%KY2nA+ zjEj3%YD9D)ifyAGN*AB9(1PDULm01t!EwkxF{e7U7)L4)T*J@aOoykp^jK}9*wKRh zz;c*$!jjU*gc) zM!-#oo#&etLk_2=)+;(DJ1R&A5hEBXS7|H`Gke*@`|9MCY5(P1PWEPOdOT%dY|<3N z>bIsIA1Kvap#i>khr!H$Z@TA>3=wb}V&GGDq;eAb)47I2-!+VoDFDMZ+jPoZ41hHf zV_RRs?yO7UY;JeT2|se5vSWt)Kx!4Vj}BjC#nZx|I&~VN*Ag%A@Nx#O5vDT}x$S&w zo1jR&p0KwO#1q53NbgK1#epFu10ErgDh56yVFfsBMbNuYTUp}}1PfypcSs&Wq#u+c znr>rV?vfA^gzaZ^3+8;ROi!N21h>NuI^VBQBgis#7(ln`_)~t-4oVt@mi?5i2|~G^ zAF@>VNYU<;#Al2oDDlmPc>RJPWvtTbuBkVsL?LLyw=E7N4(pBG?I%H+fJ}dv4PoPCa~2;KcBjE zG)(oaR;vseNFI5MJwgI+Nz=FNItfft0Lt%2kB2utF7hCdqD$}P2CQWgAA9lU=+KxH z#7@Yf#;soOxWY>}-!QYgnm}jJ`_N8b>DsR47|6z*v|yb_4iiZK)6OT^38+Mg>v^dx zw&q~Wmy|Rd3tal4+s{44KdEL18(@^xBytHY%qmRyW$T1VI`xqr!_X$y+fqzWiE`2Q zfe>@CR-M*$MzosH^|==?$!dg9-j|lfkT~R@CoelqcA_(CcJR%ZF1L`7kke3=&&q+A zHqEmc4l{4Ina*uJNxF9|?dhINW;=$#t!+K?!Qb<6{mZ7Br{M-6idndM^)?+`-0g7; z#mZF4__#1!@44IK!p;VP^c^-$H}eGqlg) zd5ah&;$@OjS`P@A=^N)N$H0VBl3{Dp__#zNjy!iGeQ&s2lce!m+T3(zg}$JLC^<|v zG949Lz>2PX5Tvg|;~lUPM6otq<7+}ULJ9{ajv$Pe!!Nziv!#^I4tL_(ahb&Rs~&K1 zap91;!e-WABESy4WbLmObFw?{loncZQrK+dJ`=5q<)MVH`w(~>vAlI}p=LILjFygC zl?(|LpPCS`;8sdP8bJ|;@u=_!0i}(}*$g!mZ#G@e>1|@@1Ej*N`o?7AgzHDmM!)h( z^W=DA^ZGJN`ki=z=FOPoXB6xz{Rs<417nkz1h~1l0!MPVlfq-B&Ohj9+tgNoU+~l6 z8n=sb$FjfwJ-Ksj?ZRc77ncH|B|2RGl=nyG zuPN<$35sAT^=Q-jYk}0%&e353?5{`IruBg(jn-ys)`-oatmgchsb3=lMOo zg5c5=vAKW&~R-+5vWH<9?%&w9t~XCKiwwul zZ}S<4Kb6=%b0bGTEsF&2vV~$e#Wi7*jw6duh~M!dwigv{f@rJNXoQW3_+QP*Y7VEm=f$S~67}q0US&K`ESgkUNxz<_p zjFYvBFD>$^+r?MF_Zo{38v&2&J90r3%5OlAXQlSYxA0AFgV&B-7)AnAGCE~JjFK=u z5Tmpp^-HW?M;U&qYxiT}%!kV%d=IiXmL(gi{dUY`ODeaQLma-SWd{o>@K$DVyn1V6 zeU^1ho264N5uVlCK*PliCCquK_4NL#`{&gj-4MA@Xg;Ht&I6^S+-Ppy0r~M^_BF-S z?i=60nv@I4Vmu+1F#9nq-L1(yN6u&pW)3i|25iiYqHAjA>zk8p@gHNow6yuyo1fXy ziIL!oYz0P42InXXnpa^7T&n`+s#s*?#h7!}F7-(EB^*T%Ah?6$0Ss&04o`n!aa|-o zq9-Gbg!mxt#iX#vu8O?qi5NrD5Je0@fqMDb{_%sQdL6R|^!!JM4jU}$ zUz`j)-PY$!jpsMv2$?y3bdq?1ZefQ_-!sJJv&p({6x)!U?dw(91YM=@m)hktv)ON8 zl7j~~dyXh;l!?XF=7kxx%sICQQhgGL{Rb>&mObn^-$vP;}Xq6IDv_et{*A5F~wggewHnfR*Ex$m&#=w>FEUaV}eh4!2EqfpMl9K}3#D z7&BxZ#JH`#O($Er3%$<{iXsiYhn>F2iAsVH$^+#WD(NeAi#3`4? zZ2jAVPKOQ$NE}_edzzT6#EM3H*PF8OW28JVOC8lqw#q*N;=)kC%Zu9OhYt*;`C_u; z<6nF8;$WsmhN$=ZFbw|}kEI}kT?U4PCm=->QgbQ?2Qmbv%NVi`6AdvkrgF#Rd%()wyn2-`d z_2fxbp|R`{Z#R7W4%{k5aw@gQM@mzxf?s66!5BIYDaX*p8X8k+e0hipUO(i~P~GvN z`)0nU_!E5mMO^=>$7;?1>%s=1EkMaQLubODBd}=HGXsotoDn=Gu}r+)?Y`lDBK4Zw zul>UPCi_=Ex`fwc^LZE44;e*2VtERHjK_|=x;=KTwoe?f-gs$NGLqANAgKTO# z+)oIgGQss;pkp4EV^|(x)lXC!5q$b!K`Mk{lykIh>glL>7w{RMVl*%1?T+WOFB= zMV`U*S`Iu!tv>Z40Ct0gUOOkbu&ljU#|Uk58*tl?+MZ;sVpMxP#Mn?B2V8<#e%m2j zMLY;M)KBpFwc*=pnbt>oDDg!qH@Rb@kgQkMUjmFxL>9CX?mt;!k*u4wmCL_uHqb{$ zb6_a5<-+XTLjH+Pwd#sR-|C@W71q}xq`u7&O&V_(**)K?@q}IpM~8VpFuuU&CgeWQ zneH!=o(g$&`e?&JGWg0njwObYa?FGE-U!E)cjm;)__(cXkQo0-7>?hB8zihYx|Ak$ z{l&zp^J%}+M})|2iEU+ZWHHLkSFU%4kXdTrV#Y3Tn-A;C)1}WS^pN>~=*|y4-A>_8 zNIN^;TAS3YI<ZIF!KC`COTGte2crNIREV=FsQ#Or*lop8Bvi3TN|IGe(Czxo5ks zk|YR-5?8Ff$l%@%*OB2Cv$tU#Ge1BkX{caDBd(y_opq!C{so&i^`|Oj@NO@SMnJKK z4hv=79%%6NJUW##O=b|8kg~wzW&X5|M)J*Ps+sNd2`a+)Q;?lSG0%a!$4d@x_}`jM zJ6ZJZxmi!~aiU0tQyKyE6-)KBqo>m%W0uvr((IG>uGzK z{0t8_3&^1ZA+dFf;3nC4&Dk!!$9UF*MJ^eais&E1a3`#CtrE0+CL-@Z-{9J^ zgFG;@GTnB%XY24edyh7f`j!i?`-@1`p%mmpQutvl7wDR->(0&u$=F*&y&CVQu{?TH zsPKBOR{Oj2!50EH{cq%miyzYA?~F>aAO`FQL8fXomp5ksj7gh^-^!BM5NdqH`?GP2 zwP$GJ^0T?tgec@EQQ~)BQ*bXZ@=bek?>A)69h7>am$lx)_{e77ti_bE4(xGWO#$8g*Njnpa1HVlZ0qj8WG98e&{obQAT}WNKbu zy0Phi1+xH*gCI%O(oSNIN&3qKGk|WV#%D!{uS|}M2y!w@=d3yG1~}w27Hl12FKV(NjH6BAawF$ zgfVt>dGSLZHPZ>Igjz@eIw;^xv1-M=Hq##*Eg&;YPf5BejtgRkh++8x zzJ7A=5s1ZW?~6zY(pS&g`Hu_ebl!5#xfpLS1qTp_h?jS9J(Rkwt1C1r$S$L`ef1JC zfj^y~?|}JX_>ErwvGBN80BPn+ZZG;-T+>cIVWr{H)${y&DspM;sm1P(T|FzKMg>QyN-?ajD+U)6o1Pwi9%cIl(bd#vm>HZFeP0abELw}o;iiyJv3 za}!9&Jf@UY^q?oMb?$pu>BDwvIcV}LwK8gRky9*C!irllF&d?Jv5tQzo1LAdNK*+y z+`fF+fhdd}tpk;`gRySn~lnqRqaBCvrts{UM;FOKuz*v3=;y4D{OB#A~2;q8o6X;dI{^4lMe-_C8xa zG-Y{Pp1}nhkI_A^UnSh;%jfm?c3fqPr~6!IvWIFtGu5-L$D=g#0d3;EvpH!qeJ>{6 zZGFCIp<*k~aqh~>OwS>B=@Y0>mQbeEV8zDH)`HE*4VHIHKsdJaV< z=u#2f@hy(mm(N1Wx>7!x50vN$sd=&I-aS_cq2;=H`_9z)J#^@pC^2nu#}y$4B-H6U|X ze94kBRJPn!yE&N>0jf8{$!_!2j9%M5R+XPA7b?Fh5*WEMEE94%ODqCXbIQ$SnW0$tSF~X z@iptZdk!k$F3jLOgaMu?+H2P?evF}E^J1^ZVl`e7I5Ou_*k>C;;n;clMDsGP!o+jt zl3V9WLvxus)#{}L68DfI8|lN2bhEclkS3k!I7Th8K0P{aL=RFtUHj5QMo<;R4 zFciNAsEYyvkM({h_2d0u&1;r9=dVU~zIUj?z#A$Y^nAL!QbTaEBAs4dxsOWM-G?Q` z{V*QAJ;{B=gn+Cp4)a3#W_nc}P~aFXw|f1sv!*jcej(W6_?d<9&QyHEGv$! z+umI6e0cF#0^XbZinMfYv-waSJ?|tMyUb`V_%(3^Ief*i(+pG_x!pUtOJXxu=SvrS zaXL+C0nsHi=x!ixyInjvt)BzN%eoDv1cvE#<&aLUPPrgKMHi34x*c;#mmA*YPt9l3 z*~_iCTG7j(DNgFVfRcsgwZ?obx!DaX1p$SvP!TUZ=crJ zatY2#uq=5Qo#3@lzHZ)0IAL54R=S{9NbyyHYp<(bDNE89PJQ~kK4`HN8X>vUi=Uk) z6F5?h$M~%0exp7H@lITFu}K4rDilXTm@$B>%Pl4)C1RpAAqH3LT?(k|4P1@w(v<@s z)WgnnkM3&2zVu1t0l#^TELB5#uRaF8Ybt~5)KNk@;SL?&;XraFPi3l1GG3O@kzjvL zP0M5)Ax*7F-ypfpGo%gpK`ZvKh0JrePh1p->w0~DPNC2PcS_2>cGe&qT5gqG8Oz0Iia*V-o${m{>Z^W8ceW^sx8gjBGqsuG6ylah=G3m^zcr)tBv^O_pAOpv`s^|vbIqlHVf9yn`%?`?p; zqR_p{(BmatTN7QgyI3wY@vA+GJnbBR6$%hSyhZF84OgpJBksM(CWLV#r|9Bzl`3G> zqdthLu51I#KAW7gQc=wBwhR4PjWJJtPQ2V^ZokQY44h^}dqVlYz72Wpt0(}4p0Ha_ z-v1DLvQ#EMcGoA}Ru}-z(b=}N8A3@@y%B*rfeI|*U^4^D20=eYJRa78} zt}i^1f_yh}cx4{>e7_B#`y-{|f^#w#QhcKWXRijldZj`UR~7TrtEN#x1X%#s_+MQR zlA|-p2;V(9$XGIJ>Tx4&*7IHN`YVI23E*7`X;T=GcX3*e|94m|g?;NR(CCdkhez25 zRgZT@9ZZ$*7Jzu-sHC>;L6xtaBr)D+Vl4e_k3|xvo3VKx^SJJb!9!d{0{McO+WP@- zNN^A)iCJ`@%6Pur6PJgiifml&3f2BQuquNwjGwE#r7H?Q)58K`fDA!QFoz5vaEwr! zI@LpvISiH5IpQHBNDRc}fF3m@m`kvGe2G_26v9!sjORUW19@AwO1DEl-upNw=4Ms~ zJ(=f+ws{>JtDPGL#KVEFaq_SrZ_N5NeU}}A_kzth6DZ6SuZiAMPvAbp9mj-#}}-4rHO5|p!!L5LGMERj`-F?0%&f)z`YO6t8St8(W- zW{1MrLkLJ!9fUP}O5pB#g!WYoy@mq+oGB*00IN&(7hiYqIZ$}h_DkkM7EgN9 z^^;a9&cgz+Vu$Bn9<)4Qg125m4*%T05X`U< z8&2=&oS-ers_F5ygu4VG=*J|@CbwWjvSfo3GFUVi7F@90 zm-6cNsvrA9*84P&-XYORLMO3Gp=BCKOzEgwV3*q(nKwa=`uPa$yTz(Qx^PZT#RIRg z^B%Yj$}PXB#~ml3YVTa6=nIFET-%Vos=PVfxBY0Q6E2%zpV8q$PXVwjjr;p--|#Z$)AXrnSvGQF>9by9=oc=LvDiSZsFPAcc5ZafcjSavAw601}^2`g2nfNgB$ zo2&7WUHqdbB1s{x+M-7$mZq6XYV1nN{Fi)^5tf8EXGX7b`a^1oPBKkVUvx$w{N*JU zVRv~LI_na-D47wgBmR*1VwV1efb~xHZW>4}R&ChPAo2dd@+004v@zBg01dnn?qZBN zoE~y0)vMSAP6%6}C2--{jyx1MItslS7$n7XkjLs~rDSe#T0u*Up(ugtR07t}I@#4L zFYpJ$D2QjXef+O$wnpg);PX&6rY$+eAl`0^M}M>7JD2Uo>K*uQCN#TRJ_$bS?Y33h z)hp271-G|Z$gwZi;~-ut$W_4_+)kdh%+a;)#CqCGHH2oF7w=&x&Ebi(}OVWu8`6R%<*&H>!(7tczW)*1SWUe z;E>k3Os}%BxyMY_Zc?!|8`R# zINnx?j3G`#`1XAS5a@hE8S6wzKFtvsp_7pTfoj}_#1uGWb%(@NR}zw^T*=;V*p@Yx z-QFrl(hnXEY*8C-pT;rpKNoPdQ{lO|cQK>_*ZO%viu@tE!7e+UP1qT#5ZA@Ds5I3? zZgF!C<1cL9SGAYmJ_QO2=PqNq=hsqUyOWYwu3#=BNy_VG{TF!8fMvqdV3b~ku;hxF zTpC|sxGD+I!ZgucQ?N{qqcA~Dhx&jId&X3-Q{i+sLQ}g;(S4L&h(3H&hN136`Q_xB zIOU#MS(F10W_UG7TpB(iZjO(Zv-!0=9dVxAsL!zec)pge=epI%$vm-U+(km~`ihkN zse}G8gG??Z8zQpHw=H*qox~=+4na2OUk!6*ZP<+|Kz4HSiTno3`eZ7`pp?hlW4LeX z`(wSzY>v6G!o?R6GWxWLq}+r~H$8J?(CkVYSkFrU2v9`CgopcqA=5>&Egfx{N!JM8 zyh@0}(X_GHaCjjL`ZDs-*?MeGb+ggQ9rt{bQC`Uq~x^7E(GjORB-If2WJh%$|)DWpX!N8js({P4h5Sb95Ib79HG)Fh(v*wA{ z`!G>IB1#4%S$S_uu7lxR0T|?b=G^&+mmrO9kT8t~R!tEBp}oOZw!l{y%%UqtM>r(A zK1tY)T#D5kF3qp;nWoPnN-aNxh^GC}d@UpEP9xoU?uKU3(77XJOmq|x73yEftWMBt zJw4BAhdIqrqA!4tJV0be*_+FLCFn?q*&;Nc1-2cqd4?B-%g$0_xW==_v*w5y3~~wL ztz#=^E%v8_=WtF46OP}DT@IBrc2F z^_P73r`AGf@btV2A5(o%HW@br{$w$8)c zjb(7k4m~@*zu)&XX4HB6^0jwn!pkjuHXy$q4WPBG0-Q_!WU|}HJG0z6X*~MtM`Z$r zdJQ7#Kmx8Y_Br2n{QT=2_!FPT#%VagX4slef)i{c!Ce z$!7*BZu7-OfFPM`Z-`*Dnyi6|D1mnCIXWe=r89ki^65p!zYaRNkI|OyP1Hh4h9AvU!lkGX!qr{r~`HcfRtIztpDAi#&g}ohF zVb=MhB`7vW+pblhXe5|@ak2K0)%|HuhB^_Olw={U7Xx>UqqtfdKvWAv>n*xaMt1vz zVhv|upD!o~reAq}t!QH;q_e={D!U=H0&1~+)vBE0Hj8ro>qjd-kOn$C!gtS1{Qz4v z^xmrSx&DneB@Sj=y6f}(7r!%0;`7Cm3|Uv6;aonn= zC!|s}&uI?UD=eAJwN_w$s4=2=$Jsl^9#6^lJMOY%maVbRy9<*$zV$!y3!`zNNq$&Cykd z5bXZL8R_g_Wbq>ihsvlOKWk@&Ko(Cwa}gIr8r@9qscpYK73_DH_@p2}()!0<9gI3& z7D?NmE=$l73&WE9yh672)|jz$-Rw=4bRaSP;+v~hX-2K_f_;%X4+yx5Kyxs6#YT;5 z1k_d7;vN4CJU!+{axQ4e83ue(J|@e%4L;+xXOkT85^{2;(uE4qik(kpZVWi@0lnbA zIs@8V1f1rzXXZ-Q2i)?Vm-OAl%Hb=jfF`j*QGB4^3Gs#Q05*^HkQDnAYoiIdruKV4 zVO_tiEb%s2Am>Is-E+XGk%OhAb7_7PxXdMfd}id@z=tuxFNV;gjD(ukk|n>qBBFLb zASDlRCwYfe^=e+GF3xhEiup@EVm#q(qrEcZ0oKsw%f!+ZQ?YIB&KOX$f1&+bnD=raEwJ5gc2iNgX=vf^u@NC zrv`7JK(xoax+7B4@gfCWL_*xtythSLBUqteSdW-X=rb}UzX-; zlc(qG>)vsB=o|(~7jv5Wbo(RnWUc@r-WR!APmN4oKfFmHM2>q%d?k`XgPgr(4lL19 z^Ts1}B>snGASVlG_)WYeJU*owwgAuA69yGms%MC5Mw66N=vLR9GL6(Y>M!t)mt^q&x4La`E64=YiHfUvEU=PkC%HhAQ$X3D6Mg* z-S94j=6T@YP)CeA5#!J-t8Ml#-%LnolAGUdOD}T8lX8M=Q%wqMoN-AH;Z6#`YP4a` z<1KW!?*^|h*GDjgD@bdq%4)b4vz8FsH7p5^J3^BBVH{C0$PxSO=LVKSEROGZOTdWa5p zz=1BYcJdHgo`n$K@R87AZ@Rz&L@loSa;wlA1$iGzu9Bjh21f4f$vQGPxjNv><6CK) z8yofRk6E9S-}rL&k?_J&t=O--h`~n_Vf$*9G-YdIC{_6 zQ$Ijb3wQ7!GW`Y{SHfl8V`pEGm{u$fZxVXke<)J@dFLY_p|e;^Sl_V@us)o(kv;B4 z`LT}NOYRUwIdZ)|UxK@kQ``RH*hQ(%+YRQ1a>Of`i%IWq`Egf4JvSb2F^aoxSKK4H z+ne#QA5>3YRyfsL}<>b-sRf5=%kPA1VuNCG&4t zN`LSHR5=DXo@s9QrCe66J64kHwc{eH5zIgFpd6^JfKZ~`i7@O!z`e|=^SB8nJ$m!l zjG-HjsJf*J?BE3_nILLGc^GNti0MUOVArBcWnI)u)0>qo;%G6&v8y_Braro2cFDZx zkerb2B(}yO3c+29C)X!Gqv$RIPoC1Z7!+HtJ1mn?P9hyZS}|53=2}DK6#BfvBt26E zB6oPv4qq+DznsK$CDDc}k=Fk>4z#vtuCfx6Lu9pZv{Mb{71!jZ26DY}EK`@y=UGZ( zXI{{8PUyp8Lh1yPJxdnZ6PSW(X0DSd~(m3?uJ)myV697$;jri>o^|ONmGe2h9E=I`3TYr`E}4S69>sJlsMece#5vNC8pEb8 z+ha29-y)w86P_OO<((jLX|hw8b!Xl3M((D1k|1E*XJU@SjR3LDB^q^UIjbX`U8k!h zGu?YBSl@Z_q7>(qXN?m`i%RihiwZ^@lS-sxs9x$OR3QmeSNhu?xH?esb64b_9^tOs z)?e-{cpv`dI7>SqU>dGy0CMy!Bc{2Cv=yPhPmG;FeXGVt_2FFSrrzr&BJdSqn8uwi z>t|vlA2cg7Yum#bla6}K_4^UqT)ncWON*OE#axn%y_oa%f+-1;VTLJ*-XCkbR1?U%Zlau-|{XHOzemh4K*?UECY3ZyVp}9 z2A#zC=dNU}x&S>@$B$Ar=|PWXQsMTK$ha@>h`}J;kJYPfs0M;* zxg-gkv}u*4U%qHt95!YdUZNT(T>juyCn7v2EZ1UXR{42JXiYqz#5v^o&fw80>yM;G zSu*dLw0Nb<-}%sYeC(*-u&;qbw;L6p!rLNcJ5#N~(@?p)CwhRkn@fGQ71P;$XhqE4 zaL}GY6-(cb&_>mDowLu!7PG^w(Y?xhJwPpggQVK4b3-uh&;bsM7M-h}22Ty5Be)4q za6ZfJPsEG1)uBR+8hGev%~NDw#%3eKP$w}A;I4Es$!AM;O=nLeC6LRTB3_O+(Q($} zSEll6(hc7jdaT) zgNq@~Z>SzAQ`H{Pg4Q-$A$<-_1m_pwhUwpCI2E7_sMG7PtebL&-adfHee#J?x9==< z=y+M4XE>cAJl=a`?VSOY*n0f~&Cd%o?9Qz2w-D=MYxtJM3)E$+8`&m#>+{YVapxLM zT~t(kZik92(GXB_%f2FW8+rZat!D8DU3YOOQqSa1!UdUa72Q|gTQ%?0R5Uosw9c6g zrSsY4*{*syf3BU59_L$Ml@7ce_W}C0Mz*IkrR~Mm<;wbd^zVkM0?OdGzZCJxDJEUEfD&(;>ZJwJL%GYqC4^`E!~ z+pL@jOOo7tSF4CB5Bjso!*%gFd zuF@O!)#k48qMdn`rRh+SMv0=MZ4ygfMH?KaM15jTcv$8ZkF87E80MX1DB8RhyX77Hum-<$uMS|A4>~%>$ zM#|5@WD%C(ZIg6?ezXfAPjl!(;f{}Q#K`6E;CFaU)BBx4_X6}fy9?TJB}4njh}IBy zuf4pGo@v;}wyAX(9<_~o_QgkbzbSnZaapQXvWv4Gd<2k8|0N6`1}=%?*9-54ueva; zoiPBtK6i03)QJt3b#`>s9kF{OLI(?rhh?JG?Hww|5uqN_GK4cd)a6_gThC9wfA(^V z1=4tG^oo1o5EXyF7x#9tzCiTn;;!JBhJ})*0Bm0VNV%JG5!7J=3^e6p9^9g2Jr3en zZqM}VKG!VDhD)2dy-0I*YstQPg9~4jyKM1IGX2GcAcZ;MIb{jV1y9~rJDa6W^20Ir zyhb(@@H4b#7RpO0LY`?bP6v`jT&r*ycpJ!nX2AUZAxx{#3hL*My~Mzbo+cfW%y^gq ziC>+-dOxO|4KKt9EGRWv?(K0BCv(#I|HyjFs3^m(Z5R=xyFoxiLSjgf?ht8^5@u*Y zI)-j3VF*zvK{`|#q=piZP#UDWhwiTT5Pp_u~HWW)u(Ay)Ba2 z>)9MAQNxRF%88(Wk{i!8-x7}&LE~6EPs^4x#Wl}B5DFM{A5kbU-9j)fe(1O~zxChD zw%)N(CGd|>w!nH_N~=H>HpNLa7y8GPLy4LaQ(FnfvPbtXGh{#n;Y`!>@O7Zg{A zbFVoQuT~==H$6OD=cjQQjbw}(x0Lr8yeRMcenq5~+Q+R|t}c92zb@KKJ-M3ymc2RU zjTm$qA0FKtDd=9;``vixBKhE0vLCl*^FdsD*S(~ia~XmyF9n=7uid(r?8q~}r4_Rd z#CP%7B{#~P*z5_&&Y>X}k^kFO^(0=Cl42q{`Rqc$SMHAT=pglPy|m!NdUtJ>9SON@ zU7s;`)4B=i-)l>P@^!er^h3+E@$Hac8eMzptAZKQQVvF_1lY#Gkck3-LkswM zan_4t^0ISfI54RvateGH1&RnRb`I(X>(84}$m1WenMz>yBO=4Uk^8j_lLsurx8_TY z=S?K^fdhngk@0ZdY;1f$p`Y^h0*kh~ZpfzvB79A~9Gi?5PS}@r$c#)Ieh@d?@|we_ zhX=_%OTFj?N8I1OprKqZ54im!BYd(KBCRp*fkl-sU6Lxm_XFkQ`;vjddk5O^96}|+ zZ8&U&xW1Zl-3pwhIH6U-AS%NzkdVUQ{_>1#g#L@^;L6I|i?uF4#nsHi=Im&Z#4YUZ zcl`D&3&(4mBR=MDRefTX(1du9DJEP|!$ez_Y$ zemCZh9EjV2{JMB$KM{2vk;BuJLS!$3Zq9g7BGzu6?#pKDC`kKTV@BQ%-We^2vN~1s z?_~X7HBY$`wkCAYAg&1KJ!^vLP-nf_?Dh+Bie1hC62hL|Ud+@sg-U>}26xuBs-%~` znpW;r#^7KI9*Qbi&}e#ln2q}5v$=0%AL$VlmAE!-df4Ctga4o~Tub*5OsD<37+WSA z^)3pQp{3DGuLI|sL%^8&hpSLagD0XrbQUijb$VY^#W6=ge1b(!Xl>m(!e{=`v~@O` zVZJwkd#5uuqs-G^of!JNjD!`;-=y+jDlFses#c~Kv9Si29`>hGyFRNRnq{;bEv{h@ zk17-u;~U5sfO+rY!8as&R!jNhhw$2$t&4cOG^Lsq{;nScs>}QquTXMqCQYh#3Q=h0 zl3QBx9p4N%JlXq}ZMVSFoO8Mzw{*VXU;KRk`mMdCnV;;+{pr&Pqcs6E}-Myqd*#6MpCtKJ=kz>D~{B885 zm1C1WHv3SOm%VuB;FO|bQN!O8%Je(zM#djzkDed{KX*flOJ60uHw*Q{`+d+U7_eXd zk+RbLJWv1MT3E};cdNP<)3Vbtvo_nc<+5*vgNpwjABMSmm4hp%`Pb6^yRnDNBAm~9 z@bXqz$moniGUH)(EUr-da4BVzzWIxXoNL}00`}WuR)I??V^XumlhfVn9Dj#bK%=qd z(wl8@H{sS`p-sFzrF1UN%mNm}jzk$|cmA;JTyn8hC#Euyn(j-;TX{N74Wm|uO9*}w zJCQ^d61YDMu+ta69eu^AisCkxiDkIYST)N^xlDb9QqjBO{=!dt>@laUYH>bS2%;oJ zNIz!fkY?y~_FpMis&grIAf*c2U-Hm5Ri$H~4VIJ^{#-K6tbJH*roTGt-JmOycE^Yc zD;-{C<=%eIw$K;BI_b`xu`g)5t$Cm8t%jB&XCeQkGAZ;XDi`J?waTOIr}d$H=Dy1F z0F2Cnsrr60sOl%vh0?>BjLHo*39V>Vvk*8gF>Zk}S_iV(lU%iENVR44IWGB4+BUrn zIk`Pei?^4@yQ#J~o>VGy;fKF?Yj8PyFOOX?@f2t?h^R>$rqy;$DNxOn>=1I)^0k12CrYqJ22&v^an)6 z`_<}~T&Z8%a_ew3mxiGNY_ zv=RcP;&3wBvC^8l58+8f6i*ulfVbSbxppe1ARuStk%E&EI*oSubhFPJ@TcpNq$nxg z8*EncO-*h8pg`M(qK$ zDOmcSiNnTU)|(F7O>D4EH8~n`Z5#ZWhXS>1wvHzLoP+Il{I}hk!|k}AZirP@2i(Q; z$}p}=n{UIeU6B(~fs*@<7({QLhYuNkl&6wg7{827r#)dcwInoIJur-53LvUwa#3~3 zOwN9hX)w=c|Gr~S7D=}*W4`haR&ti9X=)-?9cKDEh)UqE5I!UNeDhpDj(J{0H=bwY z6Qn`O$7ZzXtv{Z08Hag?h>~9xm?#TlCIvG&t=5Xqo@n!RY0n#>G70ylSPv!^sKRQHW`|+ zvt^J?WQV{6cd#&@#97c0R)2dh$a53j8SS>FEc1esYH*}V$LQf0a*Lr_2^#plV{oY9%wSGWH7j}S%QBF|s@2fDlLZ7G7^NKYz+|?3a zO8N7NjhTT+|ID;Wvu!bI-fK0_;%=Dhkt4bl6S4uJCCGJamvHPAmLzX|GpM0*BVF|) zW!&u)8U>|^(YS`Sa7Vs$g zV|~fpfg6KAGvym6Ds;>7MJsoZthztFzC&Uzd-V6?$B0C(%51l!NuyR83zswBk!FL7 z&bjKil)xsgjh6f#ch8wW;ZGA4j z9J@4wwT}kaeNJ2&706#icP!B9DNcJOBwvrcA(Cnm%zvK=W(%%FIy1*jF|Ahx_GzzD z#t!4QJ=lqFvF1tjgOh%>rP@TBLvtq?*W9Tj zn82=sTHX7S_%=txabZsXaI&-_8p>rmD4FvGriOlxGV3|u%Ggt*Y!>exW?freUe<&s z{4-u)ane`5w;>LoTYe_Z#Oy*fq(N>!kLO+TqV-s3YxVFl zMlQaKk^sulU{!anC7!N}eQM54u5T>psQ_l1$!!)o{NStZgG+LVCrI{J$x8|@ZE4(5 zf;{;#j@sb>T;!jQ7co(-%A7Yld$gvq`w=8Mm~ssRQn)N&rpHTs>8-a~-?i%LT2BTo zqYRwSBzjiHr~c|hAjo&-v2{8YVlhf>6BU{BZP719=?>Lr2&Yy2Le*ZdHj`60O6E%n zEe|L^@@@sQ7%cb>-ye8(kSU(RNT+S1(Br%RR&K&a2PuQ|AxXt$V(n zr-;7_X0AT^ZK7QBo@n-EBhaHnlvI^6lfp5d5xOGmyf7bLi9mb&%^AqtJ{iz|5YfhO zvp7p<8yDvzdpZ=}Sy>w#Wx6UX-X%ng_OL^{*P!d*IDDfk5s z875A9EE_g+B&6TsHy`^zvVJ@NF1ZA`tT9zP-Clz0Ahh%U-X!?)~iS711hSq@;etY8LK*=P4N}j zVWh$D;b}$T;9;aab}KX=W}hW#Pchk7gouAxy4@e+*lJR7sIP`sU?3no#=Kt&5M}JV zDEjQv2u!ZYd!{?Oxsp))_#Cvozjc+bA9bgcx~B}gRSgvjQ@^ESUrxr-9T#+%0)J)Q zqKg^N*GrM;Bh^jUfTGV7`-fyi$E`1n)8`ZQMkgF&_1%6y*y~ECT~kDY8GDiS z$AmULF!r*=t^^GM7Z{wN;E^rqje!;ZU|7)$`B@DcK;c?9xG)5$Mv#y;F`u3EfvONZ;f(hv{v784P3c zFUsu{XKyY)U_AWMFtoogRzRK27MafO6S(+H56|)iW81NKaHpGLaQFP$!B@}^H~UJpL9zN>L;P1;+&O%hcBya zsJG^PBWa;hrNqCA?_R&cG&L`*ZFp=W;D0)t;uW|tR{K+qZfckF3k5m#wDakw@yeY( z)Nt5#O7;{9y_4+h*15qgeNJtZwLOQQ?bwvdDFM~g=5Mj)MJQ(N9`e$Gs6y_`7DA}_ zi(yvhMubD0Fu7BlnM?gg!?Pqs6#uL@sAa$+}kz#O=h*G|lxa^+^-Anenrw z(Cfx3gZ=RRCiueTZJ4DoZy}kh#M%e*?2NW83P>KgFpz^{x>aNsvwivr}2`y9t%e z(uCW2)Yknw=rU{8QEZ_>^3<@U;~7x{@)Lpo(droJ4^(UI$DE2=rLrF;7ed4*((Aux zqOqCy&=E>xN{%{=2R&z7Gvsqui6b0$;<<6FZNCF&38gN5{!KSM0JwN9Ma9uFJ=~Rt zvmwCimTAg9#jla|UjgG7x+lyti$EsYgTAvx=x{ASfi_}HY^7qVX7ON%U5_hnj^jPb zyz7y#72hit6*6QOHHyW&Yv%XaQ{72s8p@ZYbP|36oWpB{chmE*HJ!0P@{fdqswm4{Y*q`OjwsQsyp|_gH;6V%720|Me!XP$ z-np;w5=izRHqi=ihzL5MWkeVf_HdKR*CcTk4_(B~Fv>k29gtXEe_LM>pKN6tWNN{; zt5qD*X0O%3XgOBwLdxms|3J($mAYrJmi977gpD!y_QuFMm5HeC#@rbnS279`zBw~?tG(rOme|n8TtWD2fKF_wOa1voU6t)D z22ayr%67!@3gUErC?JRT95FF^Ut#cgyCLIwgcQTHmy@84f7n;X&aAzIQNNwHN){1s zRC(S}=%it#ik&uYsZQliIKkxJM9B($IEn6=*hSPifaXXPG-8Y>2Bwtgv*wcxjX>x1 zyKxINCUtpOF)31O1v4f})u-wNr^nIv(cOL>=kxkug1r9v^IZOz5BP)a9l?WNTzRv8 z5(UvuljaoV%JH?adKc-rg-+q5D9;2j&(YL_hmb@1m1pje|MeTJr|ndlxt8esJ+z6U+?r+w4l(a#t{LwdpgT74L{!T z#?p9wQcK3O3h2NgL<% zbIhA_(A}_EYZUKyf1hMI1?BZYJ%ukD{jlGmv9M$+y6>X-RinT2N#v~@Di!l=uhLMj zYfw%hj%cmYb+s~?_QJ7nPxkf-l|{SvtCD(r(|Fp?%2zex8Ih9vhIQB@OuTkt%&|02 zrEI`}q_;Ilcd{+UC0x@kF5_<3A6t9OG3q)#x>2*^*uJq<6K+vYJK}6mFPVDoHf=M8 zL&Os;)K@y3F5SpH!9%@QOJ4K2L0;dlIZ)J=6Mf||^54Tc^SLmUfEygS@Je;{!9;LS z`cCAM>3r3R32&0kdbG3b=Q|I+kxRtgGo5lwB$Mdlw*E^RP~_Fd8VEY}Ced+F7x^rC z7X=cIE~?6!};tDb&U6%2ot>I{gYeeY*9^8Usp-<`I}M#zS~ z`;FIDUnFM~{m|=NFMIP7jayMcjCrJD+`yg@Qjr3hZXMGJfi|H-FJoGLb($w}O}Pe- z7jygVTRxm-JPfrUlIjY_7`jxvv>wIaL|!rE{7{=Ra++-YgTFIw4jYVj)}T@t{Si1e z-cThv5nou+=kG*LD4b>eZ}UuHY=kNU=^e1(iQ7KSRB#fWq2lK`oR|X^kW^GVlk|^U z|1)F18Av_~d-Vi;dWtczgD^-X9FTf3$V~Wr7!VHvSNxEEjAKZi(xUhQU-011j~8lrZk`^zYv^A zc2;qxS7#LJB0|{VmtQ^3>GghUYHAvIJ?`CI=lG5~5LZ@+gamZp29a~%b6aZR;+EF! z#Ni!E_fr8O-^>kTX*43CFGtn{bD4=JPjkOMeU?eox|1fvgZGVS{gWw_KfXT zW+Tj_v!f~1;Df`XKjh4A{_UDbMt-$*h`Svvkz1;k_*HR+R}iguo#v>g8L+=7F<#=M zTXf@DOyQ01o4W>?bZ?b_)?1p8yQJNx-HM#K9h+F4@itzpPpy6k_Ee3{MVrJGsN_7Y zC_bSLduc1c6#%*8E|v$)DILO~Ohv3wvnTK1W!w<+Numavub}%7zP)sk>eaFR=a=&@ zlbLY;o+Wc;iEy?GZ-z#Lbd+dEG5YWPP_EV%H(}OG=`#g==9&Y7cJthW{K(o6*N_&| z-G&D7aKpsEuWKB8al^@t$zlI18EvP4f_CK8s`GwJz%p7>poP?Tbjz<=4gOP-`RQ3u0s~CPgeL*BQ{U-Y5Qs#BwUxl_oi3q zws4H4U?GOcdVF&r)w5fdeu)y=kjVC$hIRZVmsy&JR$-KW3>E~Y5A59B<)T_UE=Stj zLprn9Z+sWJlftt{&DIpahXhF46`s%C%;V{O2#-5l4{iB2Y;FhHpHVZ4{fOd#@X_-O z=J`G%!5ET(4_?a0%axMHNKkDcVdc7L?;Ims15PT9$eCZOQ{lbg_4{zk_b`40bAq`4 z@VNW~Ry(7FeL8CKjB7xK=b>8zyDGbDs{)uh;Uw{;aOlzQq#y3i^DD7*oTwfH|CPy2 zWD^poaVSt@A41xgL9*FOUG)02$~?&-Z~vWkl~0nLC^4V;qw0vI=p9ePK^Y6kNUp{k zM;4@k+FpmF^^|SkX`H`=x!1x6C6j7z?NTY9%3i3g?>^e{i73@I=wbo*km<6h2{pOz z6-_Q92&5?tH1p8Nz1ELhY@ik6K4% z1DK5#MNM5%VHxVRcm$_2_u1fmn4N3l=)u2M&s}0}%0+Hy9E{9+=F_X4J5D0tQQgDs zhvUTOQTK?97FKCE3ABG|zrQ}|oYUJXCzpzu{T<0%(wU{UN#*@jO225<_69mx6Dizx z?{e2l;!WODEuKM&x!sJ|$tdaX8O2vQ?M5#`7QznTy3=BO^kBu~4R6RPd5tmy9+X!& zoqm|6sq=#@<%DTcw|=WDvK8;GrXZhqJSHT0PGSFd15f`rR!G=01MHARgjp!q7)~z# zB-;IR$f85M!b^S(6OHoznP6~@=65-KC{L0s9$Bq&d3Yi!N`bvm3e*=)w^5wPMLLQT zrZ@Ygfu>1cZ4-WEIW>$S;L~%3H|>*En`NDjVot~V&32;`uDkd%2uu7C3!6pBV~;Q+ zGmpYHYGfDb$w;B@#40=-4f498$ESgP{G~+$AswyTP5n-f<5MHLv2y!!Trmy3XVGJ= zYbHZ3QOI<8{f7FiB|k9D4;T9^68wq;+CyuJ+4^Dx?`bs5HH`4yo;zI_X*<4z9{$ti zW>zlemV=!o|AjEWW5ctH;sFECleaaGnec2hRnP0S`Hep;Rs6&j`z`=majsz;dx>^h zdv5tK3B7-=fb(Mk0zJ0Q#K?9#@tkt<9>J%>mmjBAR$X22OQ3q{cZ)nYejg#6AVooe zvZBaeh2sCt0-TkUub>g;AOUkOc_s*tz&YARQCrpv~~a2 zXr^*S!5^>A4be7gM<~g>-%c4LpFrN8_I`J*Bdrs2iRK=pz{(Yrl+WgD>IJjPai3y2 z7{H?!_lE|Ia`}t&mA#*K+Jk-;=;rN& z7~UR7_w(pEbkd<%Dcqr2t&cfwpZ}rBAnPsQFQRu8bICtDvgCpB$>bpHu6%U#cf6m8 z-=3MA*6*fTTevKWT{n!iv!oq%9M106cn7RS>Qjs)i@Mu>2|~*+Y@b0bY=8##*AE{) z7!JNX?tK1gwk8A}9qK_m5|&Sn;@{=PK=uqP`xxd2NhewPC_5cyZmRCBbums)a-ET) zJ{CmbV#B>h-7=#>epA^B+x}y}X22fBOT=R`o~I#3xdzLX<=~)0S0gzGtkTtoy7@6N zkX*wmKAl9+t@4AaTgUN8q9zRF@^@0y!L+q>n90TE<(zT~f8N1=h$EBU^rwG~DJ@V* z+Ii*WC5(uB;q67`{Qv`Ly!>d(GF&>zyA>CnQt;`hLiJuSr2FXO?5Yfv9RB(?ze9OT zk~G!c(Yj8<%|#(*AeZ-Sx>R5Zl1;UXANR!W(+9 ztD5aG^JtZweghaZ*Q1E7wA7-^ulLxdrQ~^&<+k*NO`2+V)qLllHJZo0Z?tL*dSVZM zBzQgd-xLhmLc775FF#S_N4xFd4T!%VWoF>>LSMnkY|pstf8i<$hXo5G*u9d#Rl znsl_u)QhgHyaF?ez+ea+CVYPZoFV-OAa7A+o^EntRD~*!oez(kwDi08ml_h;4!`r_ znM2M8`FBp%f`@Cp=U)|lh4&}rWNrf94$X}9fa`>+m7Dt|jlQSZ+IcU9{myuQ=$FQ( z2w49p6a-`o_hZlJLx>iqQF{w*@lTXVE&qIE={vVbmCxjqrO^n6$f9>Q>|*{Z2>j@= z*Kig}_4qKIM^9w=8fM=Rff#7lqx+?|y}NaYCQXkvcR!QyCnPBD-txUYH$SN$LNAjR zJwI=w(ebSNK*7bhz)8YC!V;f88n8-%tscRGgXYJA zaCs!KfA&n&RQdOLIK>FH8Fh$Fk9NnaW!VAB;AGItx!Vc&4CysWdHiVW-*=sjXF{!% z5}M$&S^(n(ukVR{XlUrSF+ih%c=i49&T@AGCzW0)ECy^A$jj=h9tK|Rcb);p2tNC9 z-e<9H;$C}bfHhiw6HtoCPJCunqg74jmGPb&2g9-*i;jQg^ow6VyIXFMl$0z*DQJvs zPt}0^8G@=fKp|K7Y$#u?5Vko}|NP9b+O*}}-+KL8XR~LgKi>|2;4zWpdi@i7eYgN? zo6E4`381#f7xx59Aviitzs`M+P+8({|1kkJHCxHRz`y|n^(VD`h9AmU8le!Fy#2;^ zt#%eP-i-B%YR`AnDg(o9?fgd#HYsWmklEYguP3zrC7x*bgY(^_{sh~bySvR#o;=Bo zkqGMkr}+s?GmYQ!D-g`YsJ{6DT!^(45zwTsrT?!cm7e*K)&9h09yxx-Ep^4Rr{-rd zv*Pc03I|N78o?bubPES^l|Q|hAfguybzS*u21MYszZmuoF;nlEqnRapHg|hd&`OBI zdwp>%w>eroSmR_88WxsiKT&~ei_LJ9+b$%P1rZk)=jV#MZ3?`V49BO*&MY)2H$Ow= z#O;Bd0rT~tyjrjQ$6yaEU-p6T$yVe80$Njm_ttvuG7vI|Q!~R!CKcltVzwqKImK`s z0b#3LBq<^H?(`%Fe((Cf$QCaMBmg-r>XPx&n)RcHPU6&;&E`Ni5dShlda~mFx%2S*1*YN?~{RM-L- zF$Xzc$@x+U1Ra*Zp-aB!qUQ4x+X_RzM20=9hSPIrx;Efi^ycbNhCDnFR~cO zl=<7{zT8D}OlyX)13s5g0YRxtoWyM;L?NpDVd?T;&_KJpcJ7O;2EQ2EXWFLv4PGu7 z4<2w3J){eU0KypD$+L*bG8Y2d8uNDC)PQ7h5+p}^CbooOVbxe6+W5B>*Fi-4!xBog zZ@D|`{9hMYgJ@VES$~?>BP1lm#-{!g@prHo@Z`8ACEb^&Lb(QYsT<2?c8l+0{=Y%5 zebko){lsn|G#%gQ;$$fdvg%5LR86fcq}tH@-AZ-zh_A=->TLh-@NdQO%ud^>YKOm5 z!?i9J6tXpMdTB8w@%JqXbqf>GADft%eC9EMc}FCZQO;crW+Bq~DYphBpcw2WogLW> z7`(0cau_+!!}&?~0?rn&jw$cioFA-k;D1OLtp;pK>fQ^~7d9J%!)xZ_^I#>Zu$2zS z**-CgMW}`a}EX`(Cz~O8d8<2@-1z|KV zW0OeUb?`<=Cw&cdkADlqBZmE7s>OFaDu+w+avUG4fob~@48?!!TK881I*9j{SRK_a z;(sBCOU|AtdqvHmL~VY#RoPEY{8h|TJ#1{>Ulu1TB#_OE`Y%D*4|2=`zn*Z#GgSwm}NNmG*Aq@u(5*2};Y{N};h;NTvJsXjp@TJf4B?#>`?w zPEXU4S+$%bsupYY10bN0R^FwjJC)z1Kb-}ObeNv@`2z}>S6~xQ7i{}wMYYRT+fR_@ z`D96t1vXQB%YMrggA##O{UnyvW3@EH4<|WU_O{Vk#^lBNHC2>fLNUbKyIyf!lRzMF z22uiJ;9rHT?@_5G@ygK=4)kQ9L*L-8q0p74K3XV5n_oT3ShqdL^%Hrinrd4Uqn zQaN>P$1=KLrKf?};3{aOi)-z*dR(2kB;5X%CGVMeoF-^DiVs|}R{EoWK1&oV_MymQ zJmmqh4${M(6>|h3ba2f&(%q*AkQn7Wip6A4R?725COfqogWDkVv!V4K9HH@bx)}LR zP3MXeqE>&&by4qFrjE;AK$R$wrtcXWO&Sgn9s=TJauI|aY%vz#UY)#ye`lf#F=kQa zGE`X~XDh*K?6-G}cN>Fk)qf?Q?GK=^<&|uVeOdhrH1}se40{a+ z6qc~rLm7SYs1=p4Cu^KCDpJitdnU4n|B$ue8SYqq{uAy^ zMJ0!0*c67z)GDZv^qrOKd4@{;5<&z9xd#OSM{FWTDNZ()E1hI2iehV_- z&UTgf?s2t;0$$GL^7p;cSBBSOV2$f>d`wL*4~+n=27`p`n#)qTV;`3>4uQg)NJDu` zV=9QJYi$2-ip}ZcB=K_q(O~@f(d?eA$}4wrc#0ia8>S)TYdfnd-C;7S(HxRg6|)d@ z1hMK#)}rWmKTEyZi5tmfYc>gDSe`5yPS8Fy^9nV{O!2a7PiFWTs@R;5AY9Ouz>SV6 zzO0k@rLT}i5X5(5X{(OlI;+NAU^3)-L*qj+S+`d$9z2C%1S>_rylb&vGyAps@xg4B z9XS5xrBb@F_(xig;ipxLCBEE= z;>rIKMPm@C6^=!bv~a^_GMcvtkgQjKvz{xz2Y&qs3NQQ#Qhk#zVB1@cSE5S3XgK!- z1C?!U+rF&KZp?&sT<_jF+!@D*)Ww58l%PzRJ#OC$knw6ZbQ2`pKma_L+2qehcEiR8 z)m*U92qK2e%jKsA55-CQ8Ke|b7nogay7l7+j@v_BaBE)^U1P^FO1^Ry^4Rui(C1ie zRnm6~E%9gxQIps^5i+D`O!+>OVX@mD{lz4+o1MjqK?hV!_Pz|@$8cN@CenUvfb0z@ ztY&oZK@4M9$IS{u%H#8a->hOO1w%qI=rn>$iZlG9@|X(tUcbYj9xHjKeVHp4_jLI4 zYv0kLjt*}(zTH$gQ%8d)QkFs2J<})3iTGmy*Az`*xXk%`va9fs?k~zK9=hLdv%c89 z(d2oek?``~S200Z{i*quKEdN(T+eG!#+ltIaqrhkxCgAJCQ77#sq_sz#A8> zY8B*9%QpPj1H|Fj!#*BuGkeZwlw6@5{ukLcD;#{X`l)8juWk&E^zuFE@spp=araFR zrk5m1W2#ZZL`WuJ_Z55L3p{EV$mvBF4>4vSCoz8JES17g>Xp-v4x=g0FT%oLxBJ3X zw?V=2iWcg#GNo@;7N3poZp&}nu)j_J4sz4Y^unyU3hFAgKb!n7|9m_2dJJD@3dLu$ zyjQI%aEvYZ91jh$_IVK*i7E+oj(&akSB(2FSJIi?vMt%} zH5AAr*@xAJ3$r6Z@v4)loMaMjxX2sg5YRRTC7y5u@(c@ z@J1L$Equ2jC(7;Wc#Qz#xl>d}vx`cn~w6H7P)6xXm~tkWGc?E=EH{d&2Vj^QMP z#%0*IzH9Wl;!DF?%<-a7(Ul2X2{`qS8v8IZ-&0fjRK0H_`P@VKft&~FB`RzE7OI<+ zwf@)0F9=NG2Y&pFIAr@xZeva*Xi!=&OuP9o!=UaJYixMkP32ZBB`$oz!**0U3Faqf zvI~vs_NhlY;JQ>j51_Jb2xzGSYZO7RvfG-z)>GgFdVKAq#bCz~-c`xc?Of zjob2j*NhG+&z(nC7w(oP$GTR_$0xf|r~5vOPrM{1{b~9$B-)Nul0I;GyPjEgnf4t( zhC6jLyU81j2d7vDR`}zJlxQ9Uqj7nS3q?k#oZ8kgIcxC(lVPBvp}#|3O3n>x!3zXK zE+yI1aiJ%=z5Z`JSy0)wjrS71Z`;m7f+45g`7?jC!M{=O#zkp2n@nH9c>d=Jz~+Sd zgH+_k61j~M!$U)Vy3;+I`K1{Qc`p2fP8Hxe8sh&eF)>1i`WP@Z8uvP9W;<|-x&PG3 zERo6ZI0K zni9>RVC6K$6o}PQj5hy6mpAScRW$gf*kjmz4CG=$S1lnrwBzkML;wd~*R5=5T~H{a zPn?NsTl*T8B%S2mpA;Qs1gf2>bYd0hzaN{b4XsWG)q^4RyDur7@qo%c^ioBK5|U3T zBm#Ym4=MXZ1FBD)|H7g`pmdXYS%2o$j1@|$js8D!bhtYSq4(D7Ky)e;Znrn+(4D|= zmu+CF4Tlu}h4>8Q-N7N-;OFo@k%5-K0a;)yppZX_>fo$Wx2rd z7$In8w~YdLgQaKgc{F!9Ji&h{13DBOj07M5q~4ve>kd@x-$7a{CykiM=^N~&Y2YHg z*Zxa(Dw!&o-PLT0ic@#BeKGE9A=uqJOgGg?CrvSCNhjS?vLQm@&YaK($=A|*;MB+k zKKu1DrIi8q>}ky=tz_IiaZeTm5GOjI%;RLBDl3{* zH&M&%URN^JzyEvKD!oBbmdcD1KJ|PLuju|GCcmqLZ&E|XI>A#}YYApqM$gf_2%EoH zEi5Gs5?g>k@JTDPTj*MN(iruzJKkYzGQs*ocRchE4nV|1pI`+a=Wt<&4h?W(lXZ43 z+s6Bg5BZMPFLcyV>E%EM?tdYrnUu-w))avT@&`l4q?nDk?#xeuIg=B;wj}%2oY^Wj zN29S`F!OL{Yv=P%z4PEKr%1rr=V#;%93QNxOi_KNG1k6EnN5arZOkD7KLpAP6#z7w zFt+{)DNbf7?0ycT_?dH4O` zM92Dd?lOnoPvqc-TY0K3c-E&;7FK{@?o!)_l`sp8wepn3FFU5N)fgS&&LByEFqxcZ zH4C@@^B`avxnQExQJty{uYK6+0}3J>Bb|iD5H*-|K+~vDR{*qYB^|Ov;a>b7?IJSD z-1I={hC1HDT5)?nO&0rvIYO}-8my~o?$l<9QUi!EvY^}JTHNXZkdgSGq>{83-zQGK z*u7j!*8_hd(cf!a2o6T)FC|Kp-;Lr5JvAz+Tm1XX52{8e$$%A93uy3EtkM7eKzPK^ zvmMhMyL3lWTdwG6Gk0p+cjcmTDVry4f^B|dnDzWlScXY3UJ#yRRSkwqW5T>-x7 zZ~+dtB%`3`(ZI@6wx^fQcEA>!A9Fd_api&ws;OKSKwNDmC0X$xJyx(ruAPrOk2cE(fKXw9qQQzPlc#3X% zYxgVojj$#kgj4TP5D72yy=dFm`#TH-7B(^hPjeU2*2YHkC{V6dWF)=~+IP-F(gWCR zpT0P-`Q;d3?P+csz(t~VK;dwE<8NH=K>&C+6e=wLL{Io}Rf>BbU?lOFbbxiLkms{r zZ6$Vff0uz9b|p2B(B}l-IMK;7U^RRG9}xZde_rf69-JnpK5t;8$=?_A4tdska0g6+ z={^}78+Jl~!QEc(29DRdFoTLG?xBclCcq%swI1Kd3IKv61%T4Cs;5y~Su|fA;C*>! z7Y^WUr6$;SZI(MK6#)2l0CE|VdpYLqQCWb5b|Y@~j&$bjaQ=7iC`xYH94|n4zyp%S za2kO(@=g79lsvF#bWGgePtU-E$^ptF_;%=ty5>~51=a&1hG@V}MCTUtpcjPH4BK?e*S+9z_HfIWUoip|Srso9EWA;qkcRp>BPjmsff?TDsX^3!~oz!3&mX0!ax58|&& zOqyej>s+%ywX`A8=d!=30NI*b776I?DETHFc zxw-OQ?)z%gxVp5Iv${Q$hsUas{xFA|UKIW-o>{5P@7$G~2HY+%z+l!p&B_NVF6wOoQh~KJBust@Q?s0f z@ZtMzT;TDu5X5(c*V7H&Acxv%2b4j@l>4Wr`m@Es_pufMk-ryU_Sgq}z*%5D3pee| z)916O=T3B-#mc<=&t=nxZM zky4-2^4hY_^W*HIL({JXOuKi0&1>}|%aKXlX^&}*fyEo39%F#_RtUywG(K`(kI58p zTUEux0e8Os0vf#sg#NUYyp4E04CG9tqV5~H^SJ=XHmI<~0T}bQ8@ox{(W39JweU<{ z|55;S<2qw&hn4`4o70PFz+v*Ia&I62jls>qSfERw1W;OD%P!(vl_YhU$8zLqbaIcu z?GAF7_87!BNdw<%LUG961){w1u(36>5JxDI>^pAxDoL5h!vV*4)b}Fy{v1;aoden~ z&Tq`7^pbuC#~KM72^C3biq0(4B)O=Vde7bTp|EQlV~poJahX2@Zvz@Gcj{mIw$6Qi zs#9h+2BA1n)_n4-Lx{0z3Lq~-??0? zYG}B+^*@msS9@S6c0!9}VX0Tg<$K!XvJGc*PC zJrn^@`(D^_p*2jam_kkV;37<#SeQAG%d|JJG(H0tq>;*8TIf49-UufafiWf#oI@Mt?K*lcW_}CKPvAQN!rt6J_!zBp29Fz`(D~ zz$k>?4p^{DZq(732Fkx-(KR|6v-!kQO1K{JuBVHkGjCg4oH59;;y^J9z_HD%{bqR=U z%+q!OuRh0C{6b`Ym?8$U=&JomoBTa3X>w=%yI^{}d{cS3kfU_=R1jaJ!ZKXri{MUk zmY0Vq9^8R(fQG1gm62kYlqX2|@Uu8{9D_uGKiSeG_;w`f4Qfh=u2xt&lk=pYJyDhx zBOkPeemKkME!DekCZdz9lCGo4m*U@hzYvbWa+5WNm}PiJ(_#VY&T&9i$EisA7h5!6 zvqe3WR(2L}spp8l9CSmfvSsVXz(n+kS>N)@c{bQMrhh(+Xu79rhHxy!o**Kq9 z>~-~h6-!t{#I#EZ6CHLXQ+3KRiTd&V{FD{jBSb?FOWSJ(8l zTp(`5fqP##y_(2ie*_F^@U9TpWsWa>%^eD2Xx)o+Pq%EdURu;_g^1AZEFxAeB1`w0 zsLZQXcx3I*aKVdx7}N1-vpR!Pqz{1weTI-O$B0wAe(IpdJeY;H!M=z^&{F>Urlt?{eEgGG9u>d1d4$ea#3O`S{1PgS9{cu>XR97S3d%jUC)rh8VR{P2 zm2YC+J@q+E=2WPsff?kzq|jxGmzL`%JykWeq)_siL#^caJ2f6B;(lEohc)_q_u~mS zK9KMkI+CTu*U07m85g9e$^2qNa=#a(*5h=GvyfKWl7Dr{(vE}ewWPh5Y? zTIR8Z+VRz;O?2o%_bYN@O!<2}`k}4RgT(wWbtmu_yGtPYEh7%lf^hOg|x=S=6pT zU?l827#iT%C1QF%%epFb4f<{6iJz?}ynPam&V|_;^?Lq1wqHMmr|9wg^DNX?u?+b9 z)*^sh!Wjfu-7J3}=CiU~akCdrJvonS2Md4umzy&mj*h>3_wKWGG;fC(66K#m75l60 zgG%_`dJF{-j?$n?hk$j={EN%W?+{&-_V$Fz%B zS(fT>HMvazYWOz3U2NPuHI6~R)&>{3xPDM;l2yS3oCGoEqTZeKHQp1dh5q>WRA_GMCHIJx|YNfvFJ7*6%29^&>Dwa>@x z+JYB)E-E4G6Y1@?#%xL)W$-pGjBRTIm6f9uX*bAB*~r%r#}qg{1+e~qjFi=;O9ne} zF$}yuQwG>_f!vbyG}(U|hkR{bvu2pZH?WH;M3Hk$$Hx#Wq8<;BK3a!@=wbMo#XOY< z2~d;$uh9*=j<~3m(qm!&(%3Q2nl>_D`W%o0`n$&xs@c^zC?T5eYa(BmJv69#h!`u9 zt08HjmdfP0@U$Vi6+L!dmHl?$M>4cXC*{3hj-M)Y|9LEZ#|^Vmj`VP2;El|Po`cK5 zmdKVt1@-BzcV;Fcy=+J!O5QOIZM;}PKt7@bwZxeOu`(&|Ndr)VYF65~S|+E*{x&95 zUEHzM@HO}g3}SW|z*{Lkqgm3%J-fW*!NI|KE0+Uk9NgEz4H!L&rmlkXE_i^g;_$p(C&)gev6ax7_nul}b z`^k-rm*_@*1W)T0=DcX~Gk9j_^F+|a*eBz;%i)QMEn&%Zcd*3SDvA#iI%otc=`!!Z zE3eK?5z7-@uA2!=a7E!jJkI38A4Qt24FB~-dYI;5nL2I2- z`Zmw|KHoXVztmxd*>Uf^_FBK|+JqX=V~S@l(lpqOOTAdBLwk(fk5Zk>fl4(5L`0k_6W8Ih9cFKg>St=&J=eAAM z`gT5)=~yFwyScOP=gvV2aWSsq>CI}RP~(CDh0daI zk_?&D?bqIlX!E3$U419}U7Av)nrbQA-XgC0iBnc4ZWWnJ%g7?qpo4f{`dzsuvyU_e z=M-;p$?-j9EF(P;4xTiYwj&^_`I@x)0Ty3(YMAuv8&-CzILxzky*7GO;SR9*n8-bD zf$w_#cPnQ|Mmy4xeUd#2{|IK;d!@CTGPG6y1z6iiVw%Ga*lKhoCZA(auVhxt$jRhozkvTjCwj?jqv!`Gqw;r%Ie|ZmMSp%! z%$1@KoJM>9B>5S)3k)!sB>WGB#{Me2w%GGkkWFQF*cOOP9X_1O`@qKH(;zBW#& z-iap!*~x?-Z6qMObLGXGd#m4Iwg0-GCKz&Mjg=IJHiVvQMdiZy(&QENs_&?p+JVdd z+x1<|Dum;8<~`%Jy*eE!@-0Hx@jWf^U-~PgS5*^YmCR7x5Q^`lqR<;0R zu|;Jjq}2r-E#2BnFz|olBJkmOP^#}KXV4nr?q`tXJ<~}=$f3Ok@xrk)S_@vFpxKQX z7A0=_^GWQUn?a)5?8RzM`YG+=)g#D7xwMcv&$T z=I#E;ue-`;pNUcq;keE>ttOfqQO)#hR8jOy3|IaMlD6sNA+Ee8;K?~^bxyd0kzLAz~pY`@}%%#DE~g6b5fE z3C*s42l;@WhOuI}`5bE6z8nX!H57pyLC(?7^)q)xAx3dWegwIgfx(b8BP2e=dD0MK zO0}LB`*6gPX7sC7N2+p8IY2*NY4ze`(Q6{&&^`?9PR^7ZP;h;t0%YU6oUOr$6ayT1 z^9Oiu&`c(kV^wp-R%8vx;j^n(KRN~F8P5qf)Kgr)M}*UXix8664`%SB@E{9bdqjap zkQ9g>hACg*6vQ7=L*6X~dDe*h@*6^uA!W#pHqB^g zGFfwFNt?~aAIL5h4Ez-R3#iA`Oi3+wzMlrDe5JNx!5~jWjBpldHex*he%-hVo9hanJu zp7QwVL}njSw&y{IhB}03R!nVVmWLE^-vC3zJOBQR5i#{*uhQd#9yEwM>j)mNXNUmzBXn!;-*@Xt+PXBWBv7}ij+OxfqS1qV*)u+;+^MeR!a{K-gy5h zj6^do4MgvN7n{Lrdq87!CBm#7=XFppqvPNFIzN=}$9#{HkTaQ0>JYHDWBZiPv_gc+ z;7$HnseGh``H%sEII%J{Tm&1FMCeGsPrlE}XRcPz8iH;ZxCsSGxk2jqqDS2W!q)U9 zUb0CJl0C4t{ZvC0>%r0#5QqM_OFebA`bNk_Z|eEKx7~eQ-LwnE|NKD zwv|wdj(4)ZU&i#7_;OHy^5+dYtGKu!R9Woh42xM^*fvphH~7|#FrOPCx?E*lX8iMq z2ZvXRUl*xGKuU^V?Vnc@NXZX;a&{1gKZ1UozM-0sAvmcPo3s};Iu7Axi@){9fAU`E zSO#2kg?W%-ZLf}pRLP6>RNW_nMlLf4Q}+@V_#j&FaePp_NLDXWDL1@2l{{9~z`^;) zVZ>vYTq^ZbLeo#Jd5%+aiKe*zd0I+%Xi2d?9_KVa*1M;DzSbCVU{fD$+ShoNN@#N2 zN5V>oZBm5`mynNIzj=>!7uM>*vb!WtsfD9<9Oug`2i-4fL?s?=&ih`>^ZPd1aDF?# z?7bDA+DDCi`f}y3Afrol0CLwi37+2SvXaigBoxw-!JTZJ!StXDwDj+5OQ*QG+-PA< zTsliL7|EzDMsD$@xOvr#ETk72VrS<68lr*}vk0l`qma@@$~?FTVzvXuuWam83B&*? z5>jMcPB5ap6@+YhaGON$6Cm65M$Xo}E8gg_0MWENFIHvgJ?pFZCbi53Bh`^T8x*H> z5QmFZs{e9s;MXPi*!-WMGU`W|Ej!|H5!aVlE^STgOBMRut4Ww-!bxti5Mw^7#mt{> zUg`^eC@%ZP{RpM^_j1)mXZ-6->akq=(M-^cPem0xGJYV(DM1;?^?0lq6!cnnk$KS< z`nb&BDOsUBT~V$29uNnJhLTT`_C0;ib&tw(%-*v!4*;L6#$=Zc8&r`%Bl9A%M7!?6 z0WVSsae#I|rF7th@=d{P4nA;%J*eBE&8x`XY+N&9h92xLj`OKgx%8y%_bZIgV?)v# z-1M*GiHUA`)aoMAW5%|Dzxq^BO%2x$yDEs7`7rOB%$s-x@pScZm-VL;k36N+7Ga>+ z{)UvNMeP}gSUt^{E{zqTZd+-KfBgNmi0hu@KXHZ8jQ1uSCOV{Kg7_7Yn{K-+-&>E! zxXd21By)s5vhnXx&&xZnG2jPbGP=@3Mg@oUmQ4_sn2s#Q{heKEBLn!dj&CEmTe;55 z+@tkzQZCO!E#H70zNlZr(JQ&eOzS3c*FJL%8?MlzV}cKo>~-NA!CW5L!p=|#V=#n>7M4K4J&PrY)zdQpUQ zsM@!9-tBXfwp{%cS%1T{bFth(}s;Yt59FM6O+htc$V>2vPu=d)u&dUX}SHTU?-EVjNlPyZa> zpARYzxQQ%dr)!t~!E4jg&sw2`;oEAOjg~$)P^6N8mi|I9$dR44g(4kXZL3 z&vm@4)(25)s+1Q06lLSrI%MprdRda5sRm~@-^$$L?@e@AxinDn$$c@uG4dz-QI55v zRXfO^L})FFhWNFmL&ODw24xzo&mef);M*=>8|fjpX?*v)oi}_pLkayaG;JRj$n6~AZj{RT7n{WbV@6vET%`cnTYgA z*RhWKk<3%Xu5L~<7|Jt_8V?eAl}V28)5OX$${d_bswZ%n$zZ}m3RI6IbzB}qAsTJN zq~YMYc#f;;E@b{bM1@-9euqJG6b8MFZt2rdB;xi7rWCrUTX*6KC85}B{DITm_h_vy zr5D)hF7Fj{|K}jscsMyhccN4K3O18%BozIdn1z{1wBCYs`FV!cUiAKw$XlXYR)bg2 z*;cq{JfD*JiL-ap*q_CF>e!qO=Xohmu(U{}3TD+s{{h8CH~cUUvs%OxS(v&#DgB_y z@lUtk&Hag{0RgwmAorV#HCC(xxL__MNuF#k4L#!^yr>iR!q9G z#Ng`5YYo0zpCRp{jKijDpFfK238@o1)lE4b0kL;SD%XS_p&I+vop>Q#i4Ebl^HGT) z4uYH3+9p=6qUoO#RhG=3D^i&j?nBIKTeklg0^EuN>##hZN zH)wrV`vIrT6$w0LV2#BuTClmgS?royc3qg3jwm|&QL zR_^cva;t~vL^Z;F8b|MxZ1bSuw3-oUZ<(byNtMUPF|@{Xd`GE!Z~}fbQ-0+ef8dg7 zuT${=8y-SLl8QpM(Ar~Sj$ zo>_7@n6{r>CY7L<_ZnoLN+z1#2aiOe|D)5zznp%Sm{oP|@BPc~J@Ffu>(`B;dpY^h zsvdjatW>i4%N^I9z@E!Yzc2bKC>0!AYZ#i9hd1&o*|eVC?G#4Op&o%8VbhpR`yue~ z&fbh4ya^JY2v`JOmx{r`QzO?ppsGy^Ys!EU*IaiCvh0_82BDQq*2S{0j(1jw=ruU` zVcKej<9=|X`r@>+rp|4)jHW%5uktd0>sP#&5m@*7%h(OM-6lRKyq?_UcSM=~zWGxV zT*dA8o~y(~kr*btUSCulLOMC+c0I!$lf_M`Ea;%+&g=VTY4HbB8lzz17AqO6>r$r+ z)_${n`OM6jRrR1!?l6PZN!i!pq#7RXE?-=@d6||bgX3Hp3Ob2fZ|Cvm?S9ESK zmJiI}J_iT1PGLV4Qew!pRta1dmM+hj%je+6JuPQ@|xVA((7k+UJntu!cgKKF27il zo%lQJQS)D~IK)91sybL8t4j>=QMIOk=F&lo>3Ro5@%}-c=MisH6u=dGeMEhr2eVZb z+t3x^r&Yn{knYFxWXlBKe571nBegZ!us-U3Lmu^CDl8TKhrnq~_=E;`a@8~6VTHvv zoeutw_|UQvmrP1Iy%hxgE*>%tmA$bM)4k>opmMgSiRV| z_y@`z9HZIdnHwhw9B_o@>gwv%soJ+*pR0l=l&&^+wTO%3->=(1H~kyaG_9;dk$|MD zk3Kiu8!>4|!>y?fhM6Iw^^VPU@E(Kv*GQ!fKTaSkVa|=RL1tHpi&mg;tI@@0jm5ho)wyIy+D*ajvX0Z1f%gMLAv9=d z`JtPFvt`7M8KlDh`F)FZF?RkI^S5{;8&6!VFy6e% zluT7^d-K~gh+}YPkGLF^YWlg`ellPi0dbj=#VF>`%%2pq@c&nn^9aO1taoJ`89q*c z|82y-_g8HjNh7WL8|FMU%;ojza`FFt=!`Ax-$+Sy z4_#k+VMbUOg1XiQ2j}1m4p3E0xa)-82bti!b?6|Z2dxeU$+Bx=AR6JQg13dmkZ)&U z2skgtfI3*2*f}Ac!U`zS={4FD`(OQ4Jn;q>R41?ye@fqM2GyFUVq#Q}7#SVs5Q+dzigP(+V4Yqv{EuFQjFu>Xsew!O z>t7xjjdWQeE=|z$yrGA6PR+98bgsJwA7SR-5;h!Xj~VV89jjcMr!v6ON&|IeXLU{d zLJ1_!A$NBmbqAsA`{DuzVElild(nWkV74`vt_OvMOlBLoW}qJ|6$bj2$HGqI+2SPz zjVz#oPf8CC4TmT6N{Mo4rYg~ZIlu?9yWS{bw(e~j0FQ}}eSKYV{9i6_42=WEZWd;I z)bdpUt^x&|($L8C0geOO<1R6dCRXl29n7b>ulZkK^4HpfDPC@QbSiBOin1I)kwyUS zZQw?@StPtL9sEFDqF>KIBk3R07x~CyEK4{|)Pn;+4uN+!VU2W{ba?ac%WF&NvidGD0$BNITvD1&6kA z3%CaAPVe^3MNysX?7_o_!Hcafpo~q<1W=2qY{wvu&q|y)gSk?HU`bars#18By5u#{9iU`t z`sD8VDp2o#;`i?uMuBY%x$k$;f^e z8;w|AE4y`P|_J}qFg%do^H|q_XYjVs)qm`KhHQtGKFBjMSWopGZn*ObvfT}blq3b< zB@5GftX4PDCLAMUARXdYuFrVIA0)f$t~VG$3pZQZ zGbZE)KI7gy0g8WKebbzZGdOl!4mAL4V$#Tk`1<*2>(NT$09Zu*3$b)eo*$dJblgK( zOy|XxAO_V8rnzqkbXb6xcn{bHIbmeL&4pr695ZB_dJV>DDYQOUYmpotm8*EaKzEo3 zk@k3CktghNhCt6W5JA2Lyv0!Ja0+`gpp=-Lvw1-Rm{%*6-{RF1@JEUm`6hV=@FU9g zHsd!`5Kh|^22jU#*XhH!<}SHDsMyFbqOgQW7HEl2naBS=lEiad2!u z8Cj&uS?Ey;7_o1xKv&D?ib6_%nFdxV(?O5kq|wRiT>@?;LEOiEvD1%oqzkZGsVr|2 z7{>!H8h!o1x|p!8nv>Cz`x@X!--g}R`mpbasvq@$sbNCOFR*Brg#aL{%&1oK<{TZ| ztS7*l(Q)@6*W=^TKUg=(J+LZwphiO(PWmj&Q}&odKLNu_F9rpjArJh?mU7P5wr z>@;!raR~{fkxGIwOLY{c(ahUSBBHztCrw5fu)9IZ;Dkqhzms`xW_5I*ng3?Or|=VBMgm4 zF}j~AZMc7p;@>B|ksnVzfxL?DBg$^_s2I%pkp5^=MG3l!7ij{H23MdU&7BfByT2V( z>P_3Bv+*ri^TJ5vew{b1xN-Zwa@XhRK>0W-N|(tL4tP|%*HM`{1+LroBjo)zBdjhu zU|C238;UC??lq>($M(coP*CEDyGu4INT+sA?jb1w5sL>|zD|4~;ok~>8>y|vhL)iz|=Ebpr?%R{kevPC* z0v5D_9wPPsKw8!;=0}~C=IZ;qBKdL^5U9(Ok8>$@rh-cunW}%bx?t&68*5)!Pel8q zSp^1t!a(2>X%^QRKvS8CANygw5?S8iO%BQr?1z!z!Ee9J?(bAL_i`9IB;me^L6hht zOvd)RdRkUQ{sX{KT2rq#fgeIff%~EY7_HBZ6+~@l(3_i^Otmbbgn?-}7J~-Von?bJ z1ivN2(L9c6#SS)ygAh|?{1In$#}pN(9_!qN1n*5-Ku8d#%<{+}FK}3!UVSSb0|HWvla_@c~kiwyZG7bj<;Kla6KI(cP zC>})pHY*3F4|73?9(MpyuM+j$OAV_61Qi<|DE6`r(t{~%o(>=)fnWb=5w_eQmipM})T?HKzftx&K$nXetn3CkaA^{rA)Wk+yk9H@K zYXxkj45)W;FeZGA^=PFdd@rU4rON}5Hera<0zp?d0z6uuwUQ?PR$U%|MX@>tfZEVz zSvNt{$R@!R0D~x*w0Q|;sDRqH%*uD2i>tY``kMM4J3jH zk;G7=i&fIOZc6$ilz5mEoS@y;l-CmkhQ}7>)uR9?R@Udt*3BJ`Citn{#DUykVWf4B zKpWEr%OPyZov69DDi84BV@nYgPHAX)hO=m#x3$dQ0k&PUeo!080PrTgA00H2Q@$MCxlj8WR3 zAb{V2^42IiIKfd<=t>twRi*y?GfEJg;6s3quYiiR`Ku=Ue=0y{2JPi9u$*6l9mz={ zdLUdoSt98_i@0_-2?{~&jhD9&2UzSX#$Q=qWt*$ejhEk>R8H!UgM&n}!?MH>a{QUN z4VBcL%4*tm?EA#u(**oKZC`lXj`1TJ-F$;n8Y>DssXf)N$~wdmFL(c5~#%< zx3KDi{rAP^Rj($pf5W4;Uf|Ky(b{~38FS_e2LDtO)CzxW?FP5;{^t!i*)=$sAREyW zz78!Wzk7rDf8PKMP{?ck>tG_lYKq!=2o6@`z2yuKP={sf?&sEc*BjOiKnte8%5oHW z7v!taje!O? zc3Z^%S&`SZ7}EsA9{(A$yFq~duPey5V?EHHa1f&EF2vgHft;pV#3|hQ)Cy=MdP(^` zq(_@(NA@_c!IRf5f>~(U?uPK{Wdd4$A*+=HABxdGqWLoFdV-d=wW5uHP! zT#`=Ypt8ho_)*?}*Dz_s{e$}=O%(G(u<@446Ox1{$85%P)^|>JJue;(WeX=IEJV0~ zXd+yR9Y>zYRLC{5CO_~QY-Ib9snVIyC6BqX7*^O<=12cSW8U1Y02gJ`GIK@B3BkWW zzMW#GBIpl$CY@uM)>|0A)x_s>+a1?CD(0>XQnXpgRilX&vo||v9TaeR4ST0sNn@4m zvFwlIH{U2duEU-e%466*miLG@?8im_0Oy3+km9++q-Vog$`^E<^o(yfx2i6MXa`Gr;eDFACzR3^U) zVd92ztdAt7%Rz_1x?N|)OHK=x+x$R9R#QILM#lr%hYTu#9pP~+YsuxP#Rlw641ze# z-mf^M7N8V!mt6iel!cvBp%)sM*iWcenm;^N%PcUB2ke-6h4t@F z=Z^!~IRDd-a%Rwwy99ixW^vz-8ZILIE6B0ur{yN{S?6WB>WTH5{R2XJfi49 z&3C&IlU9m00_s=09uAXajVwCdagrtx4N1$T8G9m6axJkJTRjMLtA1)|G_3A^vUi?! zT9iu9zey8zVB#rMCkSJBC*G3+h}WSUR??J;p9e5kLIW4=(l9`?tzE|Meso+Q@O{4l zmR!>!h*8Ji&%rg9Ku@ew1gXdorNoNM=`PWCIT+p;W=iCI4EQLyBZM2WMfZWg-eT;> zuSu-cb7`H@wez2&8Ic?Il9e>haZ;&+k895yz-HnzX5h~9pDxzF3l{E6v;V`F+I|{Z z>v6Hg^y)Ls*zI9?aLq!%ZDl)u2&1_z83rd*h8EZeSWqNinVPPcU3i&+tDXzig&Ft8>=t99iUOnA6CCI|oV5<4fThti~ z-@)Ks=HHVqvL&-cnLA_r*t!lA;&5DS-!@M>OzrQL(kJ#zh80ZTh*`@Hmr#U-OTJxJ z9f&mEcS1a=rMWk%B}-lhh9_r7ZSG95*zU*YCk{)njcC&7>CO-Xj!ytuk(9Z6rocKp z^~(BP9hi}75)e)U2`J>oYg67Qr7{Z5sWfl`DL-Vo9`4se z*q{6E&=-1EYY@f7`;&2dAChdqR0b<$J**kZr4OX5y=-CBl*RKe?p`2j? z;d)EyxRnXhKjh%lS|j!GKxT|Q(=S9pAc&*+D#6{R07wBZj{8oT?t)8nX-o;I2324H zpD>wj5|PyR7?)kXU9=TH$Vnw7M}Zu4U-QX*t}2H_%)<*ThQ*(r-zabtu4di-M?a;~ zk?ZpTHEpJ6oY(H9L6?hmSK^&EY|3BC&12!T(>tpw>%teO%@i~n6vVO!0W}N$y(PhK zLVj+WqP0@@I^;r9&kP&;3#HMuJoD_L@epK9gS7#l#Ay1Jtwc^|uYHhyznCzUy)8^jBO4X|A1eVt>4`_$YnDF&B6T_joJroZ>+n4>;!S9>B<1}Bw056<8E zHaWfj_7`TqK#_z+5Q7FE&yiH@`uj*bt;jAK8?jawM;qw?0*Y(Bp(nd{3$d{%`L;Re zmDaf+p|4cd#rx<79DyeMl&{cR&~y0%IdN-1_y8faf{klSp;rL->``WtMCDV(@;BqW#6u4Fjk{!uU#qYJ%KZ6ban*`I zA&WVU5Rh1CTDh2AR2#-jzHkEB8*IL&NpE}vAf9U0^#-Xg!u?ZS`f~XQIZrzp{P@@2)fI1} zWS9;Q05P!BaZV2==)}AaF*<+L<*VLGvlRYa6TH-tm=DBG;(EPJS}mnJq;4~j>!XgL zQ$eO5^UG+C^V_3AjsAMkX8E8hPLDn5g6s}$|JmB`+F7PW~KJldJega|S-zOXP zt(DVJyi3<(z0tyXX6eNWa@VS+E zr&Us6YArQ*dcMBNUU6>E`+|ri!g;nLhW~SPKMhYRbM;}Dbu3vJzhN_T%Vh6in$L#G z=WL!x8i6pFf^+dS4l95v4!UjzviI@JoxFu|@SjvPp#Hbo_pU@|G^+{{{zf3z0?R@4 z4FsUOy_3w35}sKM2<1gzBVz9>gs$}?uilHK9ehRGSVFkIdEE3^sAPHlW|))}mNFvP zsQB}JsS_K@e&-}LD~w}fD6^737;P5jaMdT@ zVwW%dpu_k|B!m3ddww!jn5kf(DuvwNwKY=6x7X_=PuJdCnnNBn`l~|0buPGpe<5X1 zRHfICcTl1GPl&pSD#xuM?S%}Kkg>ssmV;UBDHWVBvOGwKA!pF_Kci}B0fZ_ITL`ns zRTN+@FoFx3(pQC^@;rbM`(EH-Sw$+&pSd|6YI6D;CgQ11sytAiL3`A7?1Rt&0$2g` z^VdxICr(o@LJ1k3cQ;Jj_E3DrB`;i#UN%R7tbziU-E2+J&X`e20(^Mnf-_Gbb#?iLZXpY6?SHL{cF;KmA#lEMWUAByKyGq6)0E}OQ zY6!pU?Y+4Q>_q*{^D8`yee!%?*Wq;AC;6a9mxj^n%ZIxX#x2PE?(w-B$rO`dQWXQ~ zeT~tF-&~DwpFCi@L$=x*^%Zgh?H)GMli3Y96>%2cu$mWy)Qrr)@er@4su6Li2Q3qJ z6HCoyU>_*sq}qZsig2dc(DFw4?03u|3`!SHhMTihI-^c^Jo29}s=rNSHi2M=Wt>?2 zIU;<3%Ful0Xk}G)5x1+d2X+GU|E=geu^(`i2l;ys;*y`ND%^2(Q zuTZs|g<)WpM$#)^hFV{Y4&l^r2~;ZysTwZEDaCPLb?h(JHlm04E$ZV=@4NPUupD-N zf%OqVO%EROd}3N5!vuNdtgy%VMUiM)E5VzfF!3ahSv+u_;#^KQB7Of@uM+Zr&;#w` zOb^C|3Sl7`NsF;hb=RpxSH@mHXMrk%Sm6oXu_FNboEb5?$tX9I36UufGPD&FVUCyG zOT=8*%wk-uJ;T3wMiY=$zlyQR$zOboWQ*&3x5-EMIkolftahgndD+bX;s%Gr@q&8< z(@$7&A+JRrRp`Bq&pmFsC$Y#Su7<(8X+#)ujPnKrQcwC-d^dw@Cwi0dyH#!i3~|(b ztGvcg+y$vI@m4UnK2&VxhO6QYN1z$xsks|qAe}0toY@8c^5^E)_hJ_eqpFbd)juM( z>ko`MOthbIJFRmyPDFyL&92~yBUNbcO(>Ow#@&$9w7Pc%La zVNPtVIx6prHf{x6tgTbGFb=|%Z1W{PPDk9=?CMV{kmuCLcT^=gh-ZMcbf7U{@)>b7 z#IJdyxz;ja?vI-X-6xq^3GJP9xYPQ$<5}GU+LHt0yFAy~Z>z1l#$kYe{ALs}d;Rqv z9^m5MSu+0vF}6idpg-#SM>U@b;)_WkE8*NnY_a~1OD$g zK^)R(qiR4n!Tx;XbI9lL<?4zh@!~&P^r~VJ%~O^Ff7556c6l=-k}5n)C**-~KYR zWYbowto8jz^u5{`kJiTjRd(swaB~0A)^UiN*6T%a>R?$$|A>didX;XXm}WjH?D7|D z{an{m&&b5Q$_{O{nO@4AJbS|Ni3hs~rYMzn$Mx5LJezmJM6{ox#GThc(>#h#=O-xV zL%)VpdChkiuw6?$ziewI##^uBY;*rSJAOJJGQtXL3I0#>LS4+dm;&>gQQ$mcp8!NA zYyT<@&+X4>?$RtW0?s{@UO0WW-Q#Ut3V+I`3u4r>SaS|_LiZM^cUyQDnx6!W&NF3k za(4b4D#r+-TwO(R*)q9PuX$+RHm2pWYHq*#R^Wa+qC~HhMfNjCBo-XHm_2_ZOA>;s zpwtWH51!iyg87vbI9thy+;CI;(@IGKY=-M&U)!|rMx8lW&2X^)fv&IwHW}!jdqBj{ zkv}XSUa$Rn0XcnL&4|uL){R!l=KB_+3H^mu^9aKEd{cg?_^1w}J?C^@-!Xd|QUz(j zT5*J|Lw;c$U_<;x)~HQ-p;!4Gk~mV3z$uDj`M$O1k1!YS5^$GPATWPSt4bTdFT5K5 zpsxv}2Uy~wkZ#@!*5^dbRqbkuf>r&LN=c<%l0G*^p_kk$H8OwA=QDnK-Vf5o8PhNiYi@zCRGPTyK)Xb2qqkN!t|pKJNl5zxug8J!8NA@_ zLuqHWqtF^-99b32T(Q8o{L$g)gbRMYFL7r9*XX(Vr{T*S{&g)Cq3nlA;}8(JbJec; zKs+ES_cZk1cQ(ww9$=!czpE62HQ66+{M>>0o@z!uiLFL~$irtZBBl+`JMf<7mCOHx z>a{tF0yQRD7u64>^P=1djWoM<(9>EOU5E8F$&|4!IU*E{f*1cNrMho%h0yc(7x%xo zt!k~6vC;=r!d|aJrDw{B0s&H2e)xBU+v41!!+zgl`H-09>MgjY@H-h8FmXbT$K41GaNDc_JYIy8g&+NCK)ca}9Qn66sexzE?K^E};A^xbf=U`6|5AmmGir z(G5RV@3mY616;~KP$x~&__i`NF{6`km58~ zvTSp{f@rOO$))Z@Kd#HAgNkxA`jaL6F}&hM`sCb=J_ge#5f7RmYLU_!=}n7^LZyOs zeT)W=daM4+%K0)hnlBwbPfHvrUCAY$KExL`=1j{=O?^Bic>le~t*%C|KWsp}-V>2k z)IM9aON=Z+*9GRCHSacF(5q(f&7gZQxH|r*!<3emK0ld_5YxB&-)wU>(g!c_HRSjg zB<%h}hbXiX{J`v*O>T#eT~O3szHU^kSzv{s*gYwDWy`%@B4Cw@edsskb)q33CioET z7AdCFZWNx)!61#42+p*lE2)e%!%I2L*vAg1^Etr3>zIHs^=yg$>eK+mVqE9)9y0Dm zEP}^t*5{6vU(=x2j~MtCm|O-4A=OJQL2Tr_!MF9X%YT-;s^7IF+W)k@_1mYZy7kgb z{v1H3|NAjwMBqC(?YTj&@ZK2V5X4CAb3=w9Blk2g zAV+nssL5VZVJw$n6y~J{jAY{ox`0+Ti1deH*x&4E2e1aQ>O2WW`xVhcAg zOo;)&#VP<1<~n=?fon!2a4?|*9;&trP3$7>za#E|lQd;uBOhD}DrBIKa1V}-db5OG zYTWn!j1vPoT!7&hPA;ID3e@GRD#fsk_t$Dt#`UZwEi!lrN z63t=VJoaA}fcW{%xD5}bz~KJ7CXZ&1v$3OJO7EIQMUTdQFZ*w@9;w4!C*=SAY1{8> z1dhDkd#zj9^R@-CGS`sVPaeyqykkPL;QtYSTGsJL`KDChG>VsyHlO_t-9Z{32ci9% zUVI!=-4Uz0FD_+vsl2ZIs{e}NWZmR!cI-+*7>{%tA(!t5=E}{H$$i1K>A2V&fwWI> z1f|T&Yl5M2tc6n1zr*M^p7ffTb?EgU+>&S1**-(|zZ#D4T(%`&b^BS8i0~YqU(n<+|Z0H{U7lhzAFxQ*DaTJ0^0qJ-r%Li^R?*LiAv8ymRkFf(_R*FaX4*ZP9&A` zKM4;5`GpxK(>Mp*-HLE$swO-RQ8ELvlY{6^L~O>93r{0C1>&#;pCe!Dan7(VQbq1l zP@752Ps%%xU%C>uzwy7KdQG0wL2oye2BEh@cVnF0Z=Z0DGkgV=)m6sNq#R|LHEDX4 zS$M}zg8}CW$3gbSWL96R0Uj;*1-Tmbbw~b_7`|`>r7$l?-=d4`@MZs+zQk-s` z!JWdvrUv|UYymBDeXI##x#=1eSg=KD%+v)i>orRNQ{*?eCl*lU+-SYJ)-8rLS!hkR z*Je7zfqsXH4J;e&%f3gW+{n;p6?1PP>(-f$B&M&>xwfcNU1BqFB(1>WiE5%IgP2 zmke`lc$DO1%^O*oYgD*xFa#F=!Ek=yy_Kf#xIEj?G594^#UENofYZq+^?r^smp%IW zi@ig!dNW!wvni@fh4b;J$C$YA3-V}uJ0;Mp#Eu7N-L0D$%CDP4EYy;C4$`tu}CcB1qxN#Ze~FDaSxO zJnQFkB`kNFg?rc?m}cb{f@$`Wv;9D(X6Ub%`Sw#C(7wROP6;{w|Lkg3PIhOVaSz;v z+V|=*!>ZJ1{LYqOdO^iZrYQTU-<`JiU}OlM2NT*_`BI8fq`^iWOK$U)NvblzQFwxj z8k#EH@)7+#`3tuo`~nL7D5cd94IPC+#Td=x(TWMVYAQuWsNs+3b36DBP-Xp`NR*=eg%w;p9yf^ zfL%kzy{D?FoM~&mMa=x<=_YH3Ga0v~rLan1+1y)8G2h+F=HLZ-B~c@V!BOFoY2Gg| zJt!+u3j8KKqJ`9NTHui>eut==gt_v$CZ`N4HYB2jRq0Svp4ziAZ?Y<_Oc-}~IExs7 zA5$a17re`hiB%d){4iR-ONqFNFk6T1G8*m-Or4R?|m z;>GE-cQ$SjxzV7uUQmi=?x(!niK%MsafwX(o$TKaS0~kAz9Pp~cpZBN?2Uq=9$Lm( zJe}`GeZz3!*%*!mV7YS)t6Td}@pPL;iT61LGj{kwFa1d*CB>|LD24iDU1IjfV@K&- zTsSd7s=6&B<~${$>LvJea>Tq{&p>BPSk>!>@5>HHdS2YF+EwY}T&`aD4RN4_r{u#g zd=jN*&j}Gi0cJ|$FAU^fRkx7Ns7&C!5mX9DZip_#eg?>9g8{EOSJ+APl5<+HjB2hufe5=dl*&e5zpHjC$*IZNPv)ZX; z-DLO0LBk+xR^%9x|M)b#$Vs!rCMPzNy}ml97A-E@yTZHbL{W7qDJS$>bYA&g>+^

-#D(PGoOTk7}|;~idKz<=1D4>um5`gjGAtnLy7T)`S79UQ=wIg`>t@7ZDu7w z1!Z!Q%HC&{EOxOd<2lXATl$V?cDaSLiE2-A>_V#epIw`Tl%~?vz@Kajo&Ji>2pJ7%|Ij%n~b$UTfBY_)0WgJw>b$+8UHT5-xN2-s7 zd>UiVv_ayZ_+xX7ymC!sXy)qjMDReXUddPtvcFN{!^z*JQ^K1X!0s=|w`6KhE+n4D z+}?H+Mn3B>kk0WdAsz}v+rx*;ItOU&2&7lSThknW@U2Z~#!Y+|x7HeOOf5sm$m&i{ zx*bN|EkM@-yKQ;pqxTwu|Ij1l^KpzWB39At6N7hGt`h$Z5WHDmcrnTT_g3jCexlim z+PPmyWnN%ICRZJ}^BKk=G38jQyu0K5JZ893}DqaqgF;HhGW{ zQhxijs1Exm^Mm5ZmYV~t>*6*xn|phh46(z6D0iv=6LVna)8}$G;;CdO6I$1Vi34vX zo5A<)$qmM?bbZMWbR~^$Zu*LM5)*%iLWtkOqx)Of)UbX-11Zj)ZnTNWfXGC45ynDXTJkqzUF?Szjx%JKH2 zg5T%t*SC3_G~dY)2fj=y^T#3di_;gpRl(!*UHpA)q{9e9)!XJ2jMBBdAkzEM5lUu3 z598u3*3m5ZPYB}q+UVEv%h}goIQ0AU1aVsi{(GF_ibm6y$Pm@FG3%P=gJ9pFQG84i z6Au1;xGsU}e^ODyD)vz&gih)hoZ$gcac2-yfO)=O;K=}2?R)~lN8H%vY* zrC;lPp7vH2>ROxpuZymbkicErHv%0_Kl(%s=S+^xXiNDYhr#qDvay9eJ0<#sH=PXW zSBaq}6qwB~g4BXI?qTZo<~0*ceiz@uK9GMaa&e`mYu?P1gYPFT>)fUdhDk|$)|$QY z^py?j1(J`JbM4#Z?|Aw{RA~cxdLNy~GX5#ty z$*CxFx~y&&drG+uYtF1047Ytpnj9hGfZYAQ)F;mMse{X})N&*4F)eI{G0{GLHNFS- zv|Cn;B$SNZyz#mCxV?pU4#$)29Bw77!L|IMI9dWnp2ui*tVKJRi=Looj*8csO5T68 zHG1SBzt%xhnj}#*1N*KTq!wHy*QXxdS)F%#X4?cI8WD+ULrALXjq)}-QNy&4M&-;Ae`>l1(I)7NK@i)J__P+MDuY2#g z@$M~3aewbeb2Qq9SFFf&APm>--rpya+oJHhFS+J;bWQW z+4(LcBQ?V^td~vB|BuxX&H% zVJ2z_dhyeJ%5Z2~$i{+n47Z5XhOIBNhRMCn`<8(69QsjbMGP>;V|U>B#Z&@a{Ef)L zBIBIfMHZ@dK{+2;f8GIx~tI1hwui<;qrYUG<| z<%hWx%mMCwgglWqOadb>uvP`z-Zc*%3{;#V>EWW}T3D+~*^s^P7;03-ew$%Gx( z8M)E67^1BHHo{n1G%gfVxOweuLL#t_#R({7;}!re1po+kK>uoTx<~)`63Url`rGoF zVgVn0Eh+NZq+Dbi-wd3`G?qM@!jWc3izd45MS!TWgw&DsbAmW>ieKeERoCf*F`Harm0F{%TS54QBQQLXjH?wP0d2!%iIg+lB@NUvr?;O8;!yhlmz_r) z2VFzXxoIlNZT=vmTTs_|amniSq4+9a5Cb!>y@<1hVAXezqg1vq5dpU`qxxC~7IV63 ziq|zv*i@g1r~92$hz#Yk%|`k%0_Q9+1S*nY#0Pkgf`-Y0IQ%nC)13BOq7{4FQTsUG znhwu?VbOD}TRb5IjoP%O;LDKj$+`l^G(|I$*5e4`c)v*$%nOAaqm&t>dC*^Yh2U{C z2ioSW9j(6K$$m%xW>p72&XehdxDJoB&Ak1lAt8+pPq!hp^n17)zM(`2A$lZ-Q z3hq)9dv`v(M8U;OH4*c6L{Lg?hV^4AEQYXG#~f!=f1MseyiT*m^Y;I5DF%j&TxRW} z$9Wbi{Dl|!%#S|hYO~$PmL=1<8`D0gZL*+X9lJ`@e4KImvu&u`6j!F2^Nd<**~5I{4H>!x>P zbkpiRNxR1=iAt2lspN};4YJBpBvMTPj^?#nAXr$e+E4tQqjoE+$oPiaT6;yutyu`w zu_1#<$IZ)W9kb$##*ipxUteo7Jy%wn<=>y}Q^DEJhiy@q;rCbtFj$GNVla8tbdPD5 z+aAU>R=64I<5C$}FBIRbokC2Q@{T2pFEHqu`ilCk;OLfD<(2CU%qJfNWw-0GVyO@t zN`zB#;6V!N_`rp-Qt?5S8tA^#U0qIojS8#vN|$wt<(s`_NfSA0ZQLLfbL223T>V-$ zscm3$rP(a+)a584jU z5*ROfy`QvBE5F%31cRR{gr_bFYg4gY)A<3fB|naPB15_R14&%0wuU#&jglTwjwUTb zM)jfW@L(|n`}O6$&5G=z8SZSQI|0{82Yb*0Tl`+6{BJ!7B=`x>#i_MOkbxVJ*3o<`S zm#kU?8HzEVwGzRG)R^lF7nH#(V~@E*m#>v~Q=98@;8t zac$s8&v-PH6l@>2JN3)BtQ)~EysY~htD~&@X^ahTBo(0tslnr z8}pCI{qpIT)uG)eBUv%Gb~ek^w*+Op#}01q`GZKp~n%d+YiQJUMg=5GU@p@+F#24Da2Ne+a1wVK9A6iJ~93{2J}_ zHV2$E=_E~G99YixrS+Rw&B{P=!%waa+g*d8JtDIFVjSix;`46y?D_zzcaI7&7F(5F z4Z%{~+Q>Ws)v{V#Ie-JDx(fm0rnElq(=Rje0qiK~r*XiKxXl1oDNCfZ!B8** zg=5k)HQBR~F|&CkQ#JkcTgZ-h`&6IR0?!`)CmjvXAk!<8If?{^Ot+(q+TFYjI*P}~{?Kh582KDVGXxE5bCRc6nw*Rqt1rElH&`L%!50;-G`#2V9KG9W@Z{{z(gYySInI8uJGT*dec}#V#?)`(z&_6gES|y0 zEk$Q#m$#N<_R9|8pADLI@~LB$n(xaZR-9PlR%#!9yEb90AEY$P83T$UZrmg;tVYe- zP0aW3wV~<^8#O?qnaZaRkB-w!mXYRwnf}Xd`v7KIX05m~RPr2r^DhS+NSk1K1kyxn zS&^Qrptv<81#t7C@K`rxKR`bRdy>B6Q7X3qB(eI1V-qO)=tq`jg0+XGk!TCXgOkAEUTgJ12F45~^DZAut0!e!u_q5$8sEHwP3|W@X)| zOXEpb^mYkn?$J*lLz+-#3^fGz4o96T`x!9Ahx52_5iSPtGXy-Go!4SLFWG`zJe)3z z;(Gf=+>69b)$>2M%U(hs!Exw{^@=`{KIZWzEjkSo-uo`UWh!D;Cc(7KvdB7pVKdk? z7Bp8G3G)}ckQAo!^V!|DB#hGMOCPg`$rC6LD@+1X2hQ28BC^<$XAPOzMf-PqL{R)+ zDcpP7Ur`qgf-PIj?lmRZG6qgKgTh;QQec5=^Qp1NXUQ-XuuKpokPM?3@@OSyd<@R} z#U45GN?wNX+Znaz*4qTwGM{-K9hm4nkVDy|$RZqYBhBUL1%~4TqlGs&d<9aazWmM- z{CyriL=4|s84>Jw^$J`gb?V3$%1_~`)d4mDS55tdS%wMQd#PZIx`zduu9IUe-8M9K zwV<*-4j3sh=aoVW#kUX4gA9kp#?BBmPfp)Gn!4|ECoJeOeu=`wwOIQY7%-q=g9i9z zqhlJBXb)a@bi13AQ>C3aPBaYO1>v5$2(xQ-&rK8@cLaHYKlH$KQde2$z2hJsx&}5% zNPr+F>_jn09obNJe;QaH8?~qoPQO_GBDQ7h{-mRZSR43J%wi*VTKpg2ScmKRm+10Zg(6-G6AjO9s7+l9CX^}7tGL7Gh z$vi>EGkk6JDnjb?)R}mhXFLM13FYBGcqBE%7RI#EvKL?c5@z;n zLaYjPx$-G+FJY9g-~;IEG7GIW;2LekW{~JbDb&Mkqik!vqQnV;pWvp^S>m*D_3Y2#G|J7wcFQe#yi>&@fwzBF6iy z+e8{Bdy{`Ym9keVQ+R3k)M$hl|zVROXm~68A2_y=HAVm z?4p`s8Pr(5Wj*+?Lvp-mGbeXJ*MD$m2nT61hKOPUWN6Mifp;8;BdV(VPkb=2t{aM3 z1#v3=EsHs@k*y|*ruEB?lZ_QqD*qXI^~!|!BLMRr@`^!wDB@^!XtmqM- zNGb&$U>)CEV_;wjlzj=X1HCAYuPgg`F4(yxWs4AAW<`X6a|A+1{1&VX#$5B;8=I@y z`}Kh+S6IHr;3pDnJ^+v3(91k+A2P}b6hkSDm&|}iS-OHpMKQD)V>xT-4Dnf136PO1 z!uL#(^~D2LybXQ2eSK?qEG1|V0HhRwV_`5KOZamO@X`Lz*k-CRfng%sHvug0gpSJ& zuOHmCk)uS&fO-+{!@e`aEAd!I$OLXpoJiYe^hH9A(yN^=9ATH-j*ayPz!3X!obdvH z)Icl_9$dZiCKRK)q=xQy%dJ8dP$f_y5(^dgw?i?LyN=0~0LV$9n>V!sOAOu3#!#xz zGH`cawcP*fZ=+Xnd4nL%8^7YE4Iaix^LIPwYnbGDWT9)t!Jn&OweA%w56Ysd=WF*@ z$JWpwmG5LmJ*V53*z0r{&4=r$w*{$d5i@00Lo%J1B|8ywkv(`8I>K7oh3d&pUTpO9S1b^}lwY~=vt$f%B zI-0xp3}tJy=Xdps);xV!h~KsPW=VzXVVwR$K%r0!f(;!)(uHsRjQ{vIZnaUUO0jKgiH zHh^+RVf91K>R5>Wniw&H%&9XQyjLVdR^Ph_NExfg`{_}7)w_w{{n?F&UQI`*UKOCzJ5gax*ec(LEV2}cp*yS;+@?Y-!1#!J%XG&{Q+k?oCu$l zyjFBb5qH35Xc32jq2nX|6}KAphuXG18I5~K!I!?*Ij~6IG3@&Aa#;V=V-mc0m%Cf zkHplzfK|>hkej~$T3;$cyzVSR&H-m9yu4Fy*fR8R zxo~0N)9%5%*jQ6psnx?BVu_b1ipU446I#)zI=aN5@Sa1V{I^5QW%pl zZdR9C>oPa%v3E`%r=QxK^`CS4{kkDmJ!+^)>(~G=PpTuPu4>Yu$iC^%&k+z&+%;1C z{lt&}u^3pATM%3iJ9zYU^Dd6Oyh)PP@4LL2we>6&;=usPL?VzI0H^0J_kU)`pELm9 z-~DK*wfbuO1;%zLAqkuPa^W)^i0Vu0WHg1jhCA_*#DrylGTSx)Z&9M5APPo=@91hU zN+Kfi)_@*pSXZPZ7xchc1&(+O1UiL)p1Fy49&nSk>bO_6Uf-NQ{$05sOrumu`D!o0 z=nolXKa)oAKFZ@N?rgxKP$G<`xPVb(!4@(FT~z5DN*rk&)EIA5xA(p=1CHNYW=UiR zQa-W7C^d0KquC-u;G!dl%E-h+D+d(TQu>rY0B7n__oM3trY!{n9zC!%}Ly$239x}BmC0{oVG+YM#(|(jRMFPX((o#{o7P- zq(s6{!J_n=`vBHT+ux1X4SZMfaYn(GIk${-0ti}qU8WU4pYXl+s;5F7sCX8RSFhPO(+|qvZPun;jh9po=YlWw zX(FR9aMD{Q`G9Umr+26su342N>I#XtTECz&tM_L{Xqbrf?~dCSW%q%D;?)1215-5* z4$L^m=+r}T{qHELSNa0Rcw=JvT~}B54mlQ0PIKsxxBh}((Q*+QieVw%UBPQD@Y~z* z-|ap53mkq&YKKiJMi#78#vS}5IlmDRDO9T)N(?PE?!5{h%$7rq-J2dL`G!BP$o)tE zu^a#XS4{RA-ss@n<5x^Izl+0~^z&u8YC(3?wk}{fbA`VC-4cFk^#5#N{WL&PP$7(> z)mSr;%MSB5Hf9=+M}S6X`W>L_zLLtwHM&n8>WA`xxKKds2|qs|8WR&fEQ2B75lAQa zCo{INRux1bGAJWS0%z~Y?4l6Tv7xcHU=xcG@a4%~FixW)z%H)R{{s!d?+T=t`&&@- zk)A?DDap>(yC1rH7oUATj#QpdeD`-UR>S4*RlE+xplN;_Kr~GJy9IKR9v%%1elWn~ zzr;W5efVEkm5<;3R?95!k$=zOUrkf2jC>pR^PNG}uyf!n4rRvft$z1GbPpNn z{$UGnUGCkUvmL1d)XmpxJ=F=o^cm@9FW@y0f7u)13__qM3B~|w#k`x%BiiEm-k4;D zBG?K^E!_83p^0U!2$8&s`IM=I@qv6%#tscI02Bo{Xq zMFK~n+%MH9YAuq2k5dwFjY)QI0dJQIx`T~1tCCC}(XT#QOQn!#xH=LAq*aNP<%xUC z!;Af32m$*IU8s$QodH(>HJxI*3US6J(x~b=H(+--ul+B01B|c#&|Yl7iH6hH9l%wF z4e+;k0>fvYmuQURja7OlGYn;&eUGuI zV@Spn^H9T;E8gR%mKzgyI*=x3HvkE zaTio3iVebGR#gFWvj>`Mt>M*}OLx2R?V^B@4qan&@3@?800_&x7_gjH_Bl#thl`Wo zcm{{K?2VaB0Na#b@ILd%gz#nF8c@iM0S&LF>R;~gRY88LuwM-zu_A7|M2S}Dlx>2r z3z@wMo~B75S{8_R;0B5tRqrwajz-=B;Gs&~Hx1(RBB14sIy(4b6Ke(22m`p|+UP`) ziG;Q0dZ9t$lotTsqrJ1`b^byJeUJKS1tu2FJhmpQ2nLT=NyqWzt;)!d(Fz;T{79gj z%UVgG*MNl2!MWzEosGiLkOsAV-H)V^VQtP5AOj<*tzF9Wty+E;<&bKhPv#N^`3w|i z@4<()fLyK=#2ER2n3PqcnhWADfuF+1wE!90B^G-g07CL3aN=3A909F43M^%2Z^e&f9f65o?b5{H4S!Xw zfFk2QBd1`*gaaQHgJ-qpBClhP^lmT)e(V)4BAQ!Fg;xbiLE;^M9Y<6<0wg>JK$>%v9INa?a(XUKEcK@P>pgQSI zh~(5nJrltAufylvp6i?KqOoqQ>AstF!M?l@ZK!%Optm7*wYM!$!m?>JvF`Mc;kx%bEW1?F2zY!@2c$Kq7 zGIR*9w?^&&Ce~p-gz=)de{C;RBOywn={jUsPoj}-YVDBY3RK}xZjQKWPU`ynOIng; z7L!voMmG3_Xq(R2XQ38m8gp#SHp=tJ7_*9_Ra;d^rEgs!r4AlpLdBEc}U|{HI5OEdC?os+$kvAD@53Ns; zgA$XkeCNRCU_#=qf3$4&=f3r7Fi38SF6sv3ort~lP*#@0&>QDqA~crVdHL)p z92qcS04X3ofm-JDZ2Xau{y1TW3>?(J34^76KdWH=d|bzm;J4rX{e8Jj;(JZU zjqdYOo)tA%QP;Vu=n4_+W9Rv8P5rClCj|AiHf~}yyuV{79Z?M#y=49@i`j&)_^gY+y z?7y@8VBos^r9Gq~vvbJkw&$9qS3Y$}aavky-=lE@hw3BXcuNHAawg3d8{Xc)6`@_? zQFn;=WSP2yo=d_!H2cQoE@KDccYR^ku^vk2XX?09bl2;u>Rh=mcA7X%bXRiKech;O zo?>ew!j`h|yVtk)rZ!pgSSKV=GKL!ibxGMpYvr=2S34Xa@RM^L8k6@5X!3Db?w#kItzX{IMg|T8!eu2O$|4X9*{#BNw2C14*ml{KM(#N z2)c2DU6W<7A?b_k@vw=i8ofs?^W}+8KbFA5D_6|a6p00#0+D>2I9dm_p|@g4ot&XECT+2t)c zMH8|3&R_O+Yoyj`%u4ScC6Aq6kR^V&EF4f1Eid&i7ZVD&7?4_?&a1i01u*-!59pnk z(F?%r#LL7nVQ$|;bnb0&!$dk##A1X{oP3q@LXrb(%rI76tdJ2Y*O+Q%v!9ZSCrq`| zrY0OF8-6N<`r(&Z_v{C#js_?xRWlIuKK^m97w8L&^6#j8CclOkEYRL8-9yW$Gkzs? z-}1eQ@8 z(-cYKs*!hq5bl{3@$VwQ0iK>bt!y+k=0$OnBnf1Z)#{QTKb>buv1Om)esS-&a=Arr ztg4ECApJT4Y%O<{iAkCbJr(LB8*??8t!-(mWAu0Ko95!E_|^rIOXGQX{flF_iNo@$ z5BYrpgh|0c)?LG`cwD5J{nf8`zcv01QydOf3@y$n5kFSG=M<|+(}6_CZ1hFcf{b(^ z=B8{*gtr*3J>XkNQin^w(8}85%WJwW3)l~f{XCxE9l|L=C83xa`{?YVr^|&zLzA`( z|2*@5XyN6N5;b=E59c+zo=$#YCL1L*g((maTi@If!iQnZSlwG_OU|pemXExDNvGDx z^;q_agkpZ991e0Q5gRIPn{R>U#W+h7uRH&wRt=Y?LcCE=K5}pq6cv6&i_KL1ZTS4! z;RCU$fV7IaBAR7~@^5|pC3gUG@OsLq^ER9JSg-<+^3so+pSW3-(z;B3Ci2kyE7f}n zHs07K?^OC3Gu9zY++q1DV>@~?#KhA~@~VK;_)yjxKK?Bde?q&6EkO+ClRsK7 z7mD!_SwF(7?c|8RtVQ16@Xc4~>S{mk9DM8a@uJu8TPkF)k70kZC_Y^L6DSOZ3u-$M zF8Bx3icrm{2WzMKPL?LT6vw8+>v7Xt0tk}5*-tdLdYkA9OK=d?)!y+0asjpm!FVk z{ekI_g@0Pr&>`*q@9vd1H-bs2gyqLF6@N>`-_I#Rhk_IhOz63qE;uWT`GjSACNS+h z@t#b1voVi=bZ;@tX-@7l{(hRwlAP%rb0F*apdU27sMX1uf6MG1E)RV%5mlV~hL8Vp zHT>mKC)F$07*^f@{(>({xj~O!+weF;(}MYw*-JZ{KPKPQ{j;-B?MAk`>LKbL)@cy$ zm9YCVcZ8o^upo?YfB#)cf~roNpLc`_mku=j0_RRQJ&7U#~Rb?+%*}wzIw37 z%ffka&81r4ZEJ=!os)~awzl)m)~Aj7Q&2ehmI<*n%zJ+`(Fxe}Q%gs10*!*b=`$xS zaV}_C^zNOP92Pk5h&N_HRyJbRkg!i2 zjv7YztJLNC@=bHCn8JW?SloW=%VS71F%yGLxPhXy%ZKR17?0#+RBkTsyS`yP^gv9& zhpls@<(JwwDzTMJAb-1-T|t!9I`2T|fh6JpQ+qpkGla}ZY&75-sGiPfEFAEN({DZaj#`iX+QXbRr7kFIh+X{PGo>dwq;x5lW?657|D5hynN=6i` z&dzT6E3za-PV1p%C;6x)w8hpF=GCn?Z{bzWXC5Ntp?joYS`qP$uZ{%cOUEGNHoe%i zvg*O02frgE+A>IdIUR11=g;5@zxpTp(~=%z?PZ&uwjc3p_uSmgRk89FwfErOvQBKR z@hXOHHYYabW$yYWr%S1&ckoKY2?Azpm%O{KIwOO4mI#8}TIA2b(2wr>{9v01-z_?_ zNsbT?>2REznJ}`ZXBJ^#5GLO?k?2l*7#K$HVq73J+UlUVsoJ=(diYZER0t8fErCilD7)mU)MmbJu2B|Qfd~du#K{7HVGw>BbgT)!+Q~TzvLu2B%(OtXk zLt{)CP!@}_@pzP3E5BFdP&>uNuS4i$o~bx+|Ca~LzA!F5nJH%7$uqtvU>=p@$kRCGeqvL&VPhh&o+B44{tGtx;w%7D>aP);#Vf609Q8udc!(dk0de64LfQIV&~TaN%* z!q6xQ1_uT`ZwttcKn5~J+2q}aN^do3%!%ud(urA%t@E-(f^M2qLB%js_X*74-=c0z z#65Nw%npkJ#!Mbh9s(m`j4>=T5<=~zXKI(|DT-W0d81W}yd|g*uiii#m@c#3HrJfA zd!@&9N5e{KuDy?W+c1GBA0nV8c>0?VRlfSU55bKpH_Ry3-|<2ll!)jt#*w60U$&89 zpAax-1BzLrNO})l0tC@-TGAJeG$C*XwU|M$>30ag1+U2)PzG&=q$+!1M=tj}D{YPX z712V-1*)lC_=h>>z@i!6ZHu*4kJZk`>q1k<-P-sYB()Q8E*Mg+ZWavkxSS5!N#aXN-0#Y(8OIKcv;D}MrQRmXS z$QoTxAv#Gs%W?EW*?E;7tME{XnH)3rw@g{b!#SEydgQJ9M1_m*UV=!kU5}<{)=|^s zrbX3-P{BH_`M$y0tSBxoHOfx}@8H&g{V0>6PGN;RA!EXIDi8YM*@F2+BFhW>v5Zp2 z6J)iIesE6k@3Xbb6c*9%;11uGmOpVUR+A(yyG}b2p13w5^>Bf0Dj?#AZZh)i>ysBp z<$kn|ZxSLFlzSf8Cr=~aCVy>kV}kj7(R!iDRlM+njwaa3lUL}UWxN~sId~BkJn8p( z(P2z{#R3lN#1niDvo=(SKdfd>eeet%>w7egnTtoB#DAqD#L5%NpT^}kb-5>LoE~*| zP>h&CGBD!0s1&1qudgCFFTk|_RkULOYeN|%}%|6p)A zm|cTl;X!AYRDwn4EmI{Mee-P}hv2a%z8d@L<|&_^eCpj(e3<@8Sbl;}Q-<1p;J7$? zY^`8X(p&;j_&`!3=Z#7S`FAbo=6v;radO(Wn+9G(jCbKET_&vGM_UZQG#)UscWp%2 z@M<>zhrrDYyntKb4z$}7TxfEelq>1O3%h4WDQF*sq;a-xi~swXVzn?~D@T)LLRUSL zuo>#Tb#N^@a~13IcSLK#Y6O%>T)I(}XZMiUM*@C&9iW*XJ$#_>M1)G>O5$T&dJuba7fwqPZzme6HTD`Wx zujwQ_=)RxHGJlf983#a$;Qn6UW~|`eKt+@28uqU1-j-@$<3^>>`N8rxQ_p12YhQ7E zUg8$1jkhO29m60h+^!#*jFoq_!0xul9I&H`N% zer#sFjT{*kSs>|c;1ZKq@rQjj6*a3R6r+_h;V)4&eeIPOiewclzZ_!M$-A)bbs?lr_~Z)gA@7^>jS|gW?F} zHwyDaH4jen@G0dc0ni;FPU`HK0luZKJSJykg;hI8Tar_9Jl;2rIkD9Pk?D zizuH^c5k3DXx-M%WJ<#qEw!vg!o*YO@q zP!Cxb`left&Nt9NXl1gNk!drsmezer>GHaFyp6`h26FP~%|ag=gPi%rFT74St6HqB zMMRxOKj-&1u>D4M>v8%<(~p1D`++{B6dBqFtJ8VfizFX+X$gM>xm05|g-SpD9axmi zkKkE(QCqIyyJDTuHkP8iEgt3jv-}r&y`WnvSaxf~ZPT{I1{q=U2^axxSEecA)ZU}CW~g~~z+N4*L5*rpOA;W88;{GURF2S7#~ zVh&ox;Oj)>v<8!sUQhs;7f&G1UdHE*0H6B- zip9%zQ$Z@IYQ|?RWD5koa8h6v3xVNE|0_kh1fst>nb2 zu)Gi102y?Oi7R8ExzQIKq3=w1>Fx+rWGn}5m$>WFI^SWf#MHdl8E)hvE7?V}??%KM zxZJ;NaiKw((-Id7Q{c^P@9JykFHdhH`Q(%z9mV6tS2Wdq^OB+@CcW}#V9Bv#%U@(A z?EbgFX2zT-oDBM6Y+M+{2siPbyf1P^evVh+b`S=MrJ?_s)G_1tQ5Pw_!@kJql<6Or zYsB9uW=#x7OxL7Qx$x%J5#Y*h9Fbhw3`t>0ryU%j=LY`uf zNXx?)WWP8#5l07GoH3lTPAUG!W)>@2jG{>RC{XJvIfDcg6kApyR!JFiANMJqSLR2; zJrW2}6C?vHzA?TmO09rZLes^i29Pv@4h3RVPa{mGhJSzz8P)h-T{*~3HiI;S5RjX= z`}}Gp4WXyJ0`&Jks=(5a{OaI&y485F3cC7?Tlj9!tC-owYpTyO0@i#esROsy$!Pf) z$U4V?3W;6C_hh>}L^GzQ7>Mcs0rP2o)4Suc_A*G3Qk>#zoV?Ja+8Fl4XIbl(Di+Z% zWT-FY(-l!0EU$q*RSXhk0#&U^7(Z17w^Qzz;AHNFTHM2x3nsp!}-9oy>sB70Ge&smqVzsx)3+J5x5qeMQ&m)kIinJ}(Xp zNOSn&jy6uHx_=T)?_<0`HZ)t9)#O*SHU1#z=asma6+r1vy@kIjO{j8=u3mjGq?CEN z=QR39>I-6uKAFIzP;eu$EIdyPfw*Dvge^*Fs{60I47znEYh{R-r~zzss8ZPz>v>)B zERUm=_oO=Bz}Vpjx(t*=7mS6bE|se{g5!bLX%nWO%u@#p@h6+VBjxbsI>``sEU7jQ zpVtlKIi2nmDP@C@#t~rg+G2~?;D+zq z7Etcuz#R?tDHW(Dqz3-{@d3UZ&10hPAj=InpdG<(8uERYdBQx z>$i<0Rzj4y&7YaTKbh88+)(QNyscnPoz>2LQ2c_{-OSGt*R<_n{541_-M2hOUWISz z^+3NPmY@@fb!+Qx>*o}mgD|^v(M_Gh3HXOe&by=r+CIl`&(`u0Ae8wU1%#f}B)q`b zUJm6`$&K~;i+4~j2n@o+7Ycm#*O?b;_rY6RAz-~gQN$rC_S!)9jgEggICP}73xgnI zNdqBbR1du1NPm?m+8HG7Oaq>)`+~wU{l;d_)mG)gqK?Jop>~YGY;cqynPlKum{1w=aL&S9%X}f~~xaOK(TI z1gwnDh^@#C7ruO0K!=)7YxJhfeV@tC554PGgY_p%%^M)*zia>t?YPFbEx#FgeS^T3 zaPeS;{#QGn7|UXJ?ZsdF>3mM($E-jZI6s9ozjB8XtMeh4m0LWZmX`KowXvVpuf8sZ z%Ss}ju6HSaYP&F`sZKRT(wy*;KQ)A5DyrO;QJryoFKTf~RCS@k@2>DOZE>O}ya2A2 z5qKJd!xNH7;-w;bt(FYAZ3^sOupWD0LKS?n#e*d1^Z2Lo+WrFk=rQe@^v3nYVf)2_+tpvSFLBXIX>ZQg?e7(by z#u0DJJ|;;Xdwdpw zPQq`hn(rHAGV|8n>+>C4w^P6sfl;^`O^-}EnOHE{yzrz&5E1r}crMd`yw5ec`@1Z> z^xe$GeVD>%!woZ=Dr43w7Rm=z1qP)iF`t&n;|!?Jyh?h8jG7V zKS*HqwXfO;YheelH>;igu>y)e;u<91$OIu%OM!m11(a1}TZAzV{bQ2sNk zy|zih6etIyxm%D+{j2cAa*8`7%emPvcmr9uw(uo>81jJZ4J8I20~-_?|Dun}2+`-JoIipSjKCi9!0j40xDcTqE$d?(vUcaP{(r~0_j zb8w+XW`goLpSzABh^zt%ArD$~eR9+-^1ZDI(yz2IO5DAEa*K)9jPF4&Iz=23PVb1* zzo%2tN(0@t{8CKorMCL>*4)F`4n|w;@1}HfF@vuUr7Sl6-x%b?a^L7Rl8h(qERupMVfTssk-*wN|zIJ!sQv~Nj?LMQdL_`QyEt36?3@1JuFpHKTdf)B4U znB!UCGJ=eEYA#t6tr24cH_JvL)N1re;(-xN`9MZ{#g>qWGCZJ-hnVRSV>OT+tpSZ5 zSvefuN>1Spt6kbwHs;DAzSPRoxdab#TN5EcnA2V$a>EJD29=Nrrr$X~5iE^trd#C~ zS-@)ytjHZX$_=Yn588~3AMo4i5Irsv9exxTFB$`%E&Dy(1OzoN2m z#nx;GdI`4GCHv1noO#U@iUied_;;?rp8n4aVX`QOg9t@U;Pz#dP@RINzf*SO5Ebc4C>xej8Jw6p-M0ji) z!2tlCBoj@!5S82n(onQI8~t3UQG|bdd3>!*FOYGui`uj>`J$|!x093pntKvKVQKiu z`vMz%ezc$+m0Rv9NbA4Ft5Mv@8Pp(&FFAqsCLIrdve+L6Q^{Vi3XcNiYo^#F&6joa zHPK#oBFDlyDXB)X9Q91zE2&J~{u?YmB#$c#zP}^dQTtEu4GYRwH>p#nU3=LnnDPAu z)yqF@QFqYDrl}(cWmdSpZ>`*TrB!zOyN>FzaC(NRW4Av!uAt=L^Fs|J1^E(Am7L*f zu`^$rj*7^bi}|$`k@0p^s^1jP*DFVOWs93vF2ov?J)lrSBGSB(={Nj^I#)%U!m^7- zKOOqwUkJYy!R(_l2@o61;ol^ol1}e#Rb+}%P$+j4R-96a;{xJPh$O}jS(v0i4EfQb zM$vt6HCH_fAu|RtuXp>G{*L3H=VUd~>ufO}s;vuiliS)@`9@m4_boD@Hh;4%wB|6_ zGUFwq*ni6wuSSh@vLmuS9~(U*=v~aJN$wF_v?fbbk>w|(XQSqDB;r?>J(Ua z^6=1{!o7fRf;|=W%{VSPO!-EH5GS4VJGAl}5Aczv^gE!HgBj(%06#ZV5~wsPiv@gs zi8rbF;LsQ}*!*48B5Wb{HNso`e_uF)fD8pycDk+6b-!g<9d-aij(FB&TlbO8MJg*w z#G`_8J@}r}RPqIIRPtFeR9<=gNu;MtKknk}`vXeb9It);j*$4Hw+?M_;4(CqPrW5> zXzYmh#A)hd*m|(){bBa~6C~mNeFzV$H8pHYca>Gn+%7=kZ!GY4+OsO@mWA_0?pkf8 zWTc#Ge031`suD^y^>xw12aUDhDakIX4)d{wsWFB$ zmiafXAy&>nH9}p68^yPEkDR9tQxXL~pZ^zc^GN6)BwMNF)grR^bLBhPBgHfn_g9j+ zD$A***sbufHe$)IRm$Zk&sc`?syrZ!c(7A!;{z_SY-Fo&+a0#Hb&?eH?9YJ8L~tCo z+;{zBd;7(*w!~jDx4Cr$n<{Wsac!0TXvX^&rqXjc?k=! zt$G5z?UWf!z5Azt%Y@)QscxzsP5q~BL;%bwx}|+5Kf#w<#MnaztA`7fOi7$R$V^71 z=Z@u+%3z3hba--x@4y5*ZQNww5-wSvJp*gH%}ne*PW|(m#cJBZ0O*8&M7k%2jOW-) zjhmv&+_vk_5q^SP)hF*HtCfa2+r%v7ExQgPr1>*iXPOXdj9X%i-GgbDJvLJ?G3mee zHo%qYrlax7r&d3;U>#4a8+rC4Yen_X7GGcjZr)R|3n2Hr1N>3e+6Z`4@o2A`CQyzK zbS*B7`_WNDiN$bdQBX(dmFQL3fQIp~J-Rl}za<#{9=$ws%J&$~} z9dN*&O9QQFadO+&E@KLo`sSf1=7TeygS~9 z{y;r2f_+AE<(?Zcmt7GPYF*B}$+57GzR)#|duUlxB%=P3|F_-M?^q)%eY z$&Jxk9XA>H>bQ#L$uIYQQn;z5o)z_yCB50+JhAOz;Nr+o=M2kwTDg^Zb=&l>z{j0D zRO{7}r)!49N#Z9Bgjd_&vbGSCApSMEzzhwMlV2mon%-dgSPpuoVOLAt`Aur2 zQ&-Ea@+dIR4^@J@4>bvOI;^3_6q?Ja+ydP#QvXkDUmgzS_x_KND2#}dZR~s2P-KlE z$}*N=EJ>C@$=J7qm~2tmx1=zbD8k6nLJBd%ARzX;wdG2$c`#$GB_w%}6&)FAd>y1Sf=G)j5Q-*jh0FV=VP55SAQNkp7OzSaiU2479 zO7kNbDNIpLzACTLcO7}La7)DW-s9On+1xCM76UgCu=Vf|xtE6v0+~_n)kEbKpsw!Ng@8Bz zc*^g^%?OkWU(&8w6dP{vG=NkxmVQoroq}Gud{V zc{kfqXY=QW-)0W3d}m=|Wr+h=al^iERe$|j0Uq3!A@vD|hCqR1loporU&?l*GX&R4 zh^MfWq=RdN#pi?nW1CPO{9BQxc|qCq+QQ5v`90%7o*nbIO8|&r_<7%7oeXJ4KGGT} zF?}$ksS$8rk`BB8Ttp{*`sP1Y4)p}ub5#KH4g~>Upo2`KImW+kgt7($WMZ+m&-R{q zH{V`|{%Z(bAZ1TENE!Z_1(eF?7|{KfQsJOOj<-`$9pDK!GRaV*?XO?W0YJj#hU#1kCwXVv>XmrT%H z9?1kqp?7v>R&LM;e>*j>;g^h9c5EXkQpy6T({&L2V<4E^D}Rsx@&M_L-V}Y_Qo$q@ zZHRCc!byX)f$#Y0Uh&d-jUYW82t@Zg1sr|2EeDW2Y`EV;T5clMjb!SJcq4wU6t43@ zNvO@KbU*Ods_*7yUe6hiM_WzL{v!nRU}cnj#%*RV$p~bbhccBAcpc;-Q3_p(cfeua z0b;wQ&awnmn7IHz%aJ&2W+crqX9rNXZ*l@aJ_`awQy|h+22oJ6X4(~PKz#8LIKbdr@8gPWn zLRE4AcwGWu@#X-Gp9TsKkYS*xj2qC%fMY$k-}0zB)dx@-xmvaY&Ydhu-KSS)K)SOR zV5PrG&TN5`<(nIX&s0=j0kiLc0Tkde0QAR>+{DV4i{Mc7g0U84&gTKznK|v0l+&71 z`)z@&fYBhoA@^eUOqVqGAv=ioI2aHU|2O)v<3So0Wp~4UVvaY8$|I`Cm^`#6a zgcKSSe%()lNGvLb_DC$o<>P7?8K5!%zd@(iS@2$U&NMt0RGt|@kn_0aUg0Y2xQGhK zASZ7!wq${NL`6^)NxRVor90F<-`2VD@KB&(!F*x73>jqMA8CYbxd99>1z=-~0K{Ke zQ*f-NN1G{T6`b*8a(&v4z9?+l=mG`wmrIr~sK4wO8JQF{%>Up9jpL5*cGIB?lS?PobsxdE!9XG$IEup zC7l9F1=!1j{{Lzv2!#mrKjg5ole3QT9}RL{teZ@tCU`e2K09Gg#VlubN&P3#mJ%qP znE?vnSh0eb9}dVsNNG9ej%kn(c#*N%8>JyL1J#AxxHk{f*9WGYd&n2~Rw5m`+6#K7 z0}6MzF1CV_tbHR_UmZe$g$jp{sK8Q9>8R6XHs`_KN z?WHt4htLTJ(xj#A0DH|%@8>IL7n^r?1O!@dFv*lm0wiGQcK}YO573fw2Gbo_dDa-5 z+JMIwR}Wr{Pdtj6Xr|)Xk&&9bAtPn|+S7-p+yi7f+9yH92G69uK?2u-({T#JfDXDE z@F36y81N@Qb4-~ef@SNxfv-bG`-7BKaHKG(36uV7R-a4utn|c4^2?!w9`L8df98Ih z2YRQr7i!>Abh}WgDC}bn%5-ru&%eHun~WbGvoJS)Xk{Ptu!H^UTMcLyFV;XMgW9L9 zXl`7ReLc|{?f|~0I&wsnQO+GI`+zDEZlBv{^+t&K&~-sVxeb82N==2KAt^M&IJo$6 zXQ03zn?}>Lf#F+DxK_F9EVjB!5xe%xx~9U~~l+6WhqF$6_g z5)~=QB~Zn6%#F>fd+p-IK)WMH#ZLAzUMj!7{A-8~5ET&aV=5nZ`0hQY?twA>Xe|@G z`60KOrWxvK@y<(#uZr-ZXG(Q%lbd0n`#C{@y;?AV7?63sfc=cQ&_DQ|zwE-=(Xky6 zDfbXSv@zs&X+&1?gf}Fxh7Kr^#msO+G+Doo!O=9~D|2y9{-PDvrO|#Fpju2VZfF)c zM5fFtwEU_CDKa#`XV%QO6CEsD(g?xb;8u+sOD$W6AkwU*Ctye7fpAp61$~C4IDs02 zIew2~EBBeX|5pr0BdbP;MqrdN!132j0`qZfzz4vWm~_GMb`i&^!s4YO&>@bdQFwi$ z(P1^(jT=k(c+KiIhVCZwZt10Mdi(W)_a9?zRkLXp{5l><3;;$iXlF)?QDJ$+-76{3 zBU@((HK_myMG2l+ODGf?NL-d&Fnk3VO|ke1et(tChTg5^9aN-=1=Y+%^78i3S@57f zJ6xlI9_;!`ant5|fr2pK0;RWvSQw=ao(zTnuAwji%t_LX(d zWWO#zDlLA9d9uf$XB2sR&8A%wc&zN_+IDW1?`>j!kYC->X!Vfk}{&Zln z*Hoo)Nn$!yt_e>=+<(t-MX_e8#OcM${S?=V0fpK@Mn(O|bNAfdADu|;~ev4`yS)dv0`%x%6_aS6m*XZP92=8Q<70NaJ zfv8V<$x45sP6Kv>H&<2P-k6TzD1mqe{fL|8$D#0jyr2&8JLc^a; z6*nol?gij-DE6gTfm?>H`z`)+r+UVsr(FI7#-(})k@K4;B?rPVf4E+!`cE5WXnnXW zHj?rm!qV^1m;m|Hp9n+~lx0sxa+DZ@9=x_T7mhcK;0BvV98Q=Xes zvPYQ_i^$5(0MFsEfpYJUTw7}4~g{o!u9C6QT{}I|1h&k8k z6Y%(tZT zKws~V2W$-eJA#GCW&c-0DQIFmC*#hGIAaiOM7COQ{P@@--+-K)dbWR@*qowhNIvgZ z(l8{ET@g^T=smFdO+|kQiP`7?-5&ubEed?!)Ma1-J#36rsB|OLlY*LQLp2NXbZPf= z>Y6LU$YAR%**R6l@I_}=YX5xUfQ~TWZC`_r=^V39sje@=NLVbIBF-40{EtsJip|m? zvMsFx)R`aaE(hB+=cpasa27I#3H-ny^o`UCbMDx#WuT_pmxYjcb5-Ay(xSeurxCIP zB`cSFB3&|yWQCEv-?_8LdV#v#AfBU&6NcUoz|>U~w2)JIlMbni?=-{~8N;JTgxxEC zOsGFD+7>pJoK;6CyjfMb+~tNKBFSp0Cg*I*RlL^&N3~LS`eRPiXmYlIry%o3t`iK` zyubWZmD29NOWI;Mo+CTEa9J7uet^J16iKltHJR!h!PfHKRxB;DSMng)lKBx~LL)Mz zS?EwirVoa|c0|K@;(402fJv{E=g4i`t%2?*TTYWB?a7qXbceh2984%Bt z*HQ_0tIg&zXo(_m{l!J^jtV!*&K^QocQ6`BgCp+ynx+fszKLc4lOIsJHMbcCjy%y= z?YFOvi$C;jEGX;q`vuX&@<0cFo&BRDz-;-==~5|6WkTzVg_@E4AeA;LNdpPqlSmKs=9jh z%DB@AQO*w@;k<0@$qiLW%}44u%{U3ynDpjH&Im2CRj9UzJPfJ+P6gf`<3xJZD&tf8 zx{E2GHBm5bf;Z?gma^bcAVJAi>tX8P58E_h`)cISb5s5Txi&Qqx47Tir~9>sswSB} zbw_g63{l+b`#p)^Qi~W;>hJ3KxkGBb^NQTF-pnv?@~re`xIf~Qp3wnng#Aod3H^OiFK6rH?*)~q)QaAHUAG`PD~PZ%LfNtrA~#;sv9_hw zZyI3f+OGMV;8tv;N6q7nf@P9sZO{omrS(=OyYgX<_42@txgUcWSjpPH1w6MppQgcR z!X=*5_hMBWveIsaymPwN~CijY0X*L6wbe!xDmxz0{#AHWJbz;@|aSLB(k z7dXbLHqK654qOS9pc$GZ;oIWX309$_=HxTNT`9Male?Pa8>xB8>tiT7i*b3xhqG){ z%E(ZGR;5(uz}YF`JA;ZtwCt?I^g?!=(t#}lIpXORFTE`bPfmX$GnIr(&1xg+w(g(Y zou10k6E+ZlEoyAaU^IrhA=Ze7 zKJPYd-8Bt_mGZ3ts=m#oI)>Oj9Njt+VcX`j?_gxxrQj!S{vk>lyp@_fLHjv_~5^QOqCZUjl;C-usv!7de z(v>w?z#BsSt0b--Dqy#7(4EwX_>Fdt(6Yd8RV0Slc8I52RVtHZ0Rv{98{Ak<#|(X7r1(n zgWs=xu~&7rYjtid23yo^QJ~Hs?nAX8l#R4R@>4TOFC~KV9i*s%&J_%r+xY z&U9fbBvfue!YhOZ?QUJjJT}qpHZ}2q1uNW=Vkh`(;uaGZLY+$MV!K!!bvO+DsS-Q> zo{npLCyiZ7x9^TMv9gmYn2IkGCjR`=q;}jo!wIU1O7HQ!1LwvjT8*w$nc+s)I0mWD zUQaFRp*PzST`caZR`61PEfKpefy;gMB=XDdr_tOub4PN0k4LcWlti2pW60#4W2A|?{<@k(oLdmDkF$aywq_FLpm4@MHwe#Hejni$mGvV z7>LUk^RS^kCUOodpG-MbW72=o2#d=q4Vde94=^I><&^661}9cT8oc|Ih|*f_c>-e& z=^yI}vvnR0)@N8f!fpn$HK;rr8+`C>E~J_^ym&?nt%3J6%fLAiOctN&T<6x1ej--4@J1j%k?UxQ-mLN!yN8HdCb%{~ z-L6MHnHS;ax*V_`5`IZ%_n@L0S$Ix|y^~bgWa+^3>uaW(ShjU(gzlt#aPLNLOsyE) zskKPA(c&b$W!kqW9=Gp7qIZaH`r6BfuY`PzZ;v&I5K#?{cV;LQlx1Cqz)hPIMChJXvJ;^WOg#gKgcNCpsbuo{h!+0Se zJb7m5m7_5h*S-|Afx=dFEfaS}(tUsu7KB(yHHR%^m?D7^IB1^EY98ZXo7yQJ*_{~v z>DQHLz%WTgw?kfFt_k5l!#xU5jBHi9z_^qy*%lgo#$C;t?;~11!Vp!s!E4Z7EW6zb z=29||CVG0~gqGrzceC2lxVdAs&Ro_N*PUV@duIgYxkatj*XQ2bxbO4qs`;x2qj6)W zAJ4!|@|EZZ&x+2yXBbf;QQZB>b9twhL@l`F7dX(gv70dVrqDGC^AZv}YZZJ?>{eHCB6Gz}+{%Z}&ht?G`k#yFW$3>VA`j!`+G4s$^rMl;|4&TM^5 zJ1zTx68S3faP&RJjvBEz3$+b|kCMK4_UlXf&ELykq^{&uA=F2L^$FTo#7Nj^;70u| z`S&dsx{B7UKF#k&f8{&u(bQKgtvA3+|555!0&79xy{)_v@UFKI7&`r%6_%Hc#>$Al zaNc8cdRBmyrZ)b1djh*o_NKR4^I*#`Yy2Rq=3I1AjfvKR@wmL7S3Fm&2E647@oRw0q+X0E-pVvP!1KBDQO=CKa<+}ht-Mz=kq!3`H4n+HpXJWpQf69l zJy+ypnAjU9HOcX7{xWmI>9}5JFP1ACx2O>7S(xqwt#^XO+KDr%OYQ29v)8msQ*+Y- zI}M^Lg*_D~T|#6~4>z+igw`0Wx~I|%F2D-7GK;^2(B8FB@jYAxJLF=d5l^spzOl37 z%)@oIj<78-@!Uw3E8nYPPfIq<6#=?y*HptXT~$7#QLGxeIS%h7vsHQKoZmXy^v0Ze zF|-UgklN(PR(c;p9UN4)f|Uh7ylPRaRS=`@qIKcj&I`EG{nIl1;I|6k6WN+TX(Huj zZCo@0SMMw&TDhGfQUY^A3sPn+ zy#zlE+=9=_@nuMn*DAJ{*9Y?cZwB~;NKrnuxj~f*UhT^ zmUI_3<}vg9Nk|Q*+1Sk{Y4V#xRF_wl?H9Jaiz-zzPG~|Sf(F$`yW^PCJ9TwR$15oA zio+|OmDsX5-?F)wQ~T>r({2s4sajuoy1LUrTu?82=QQ|U-1p{(AQWHad^sWF6Y0e_ zs)-8QoS-Sz`7;&xh#_L&#_wyiI1=fMzLmAM-Z{VtpWM2-7+ z4G$Fr@2P@-JeC0je9aa=cP!vsHA`c7Eq)8fGw>MwEeN?DgIxcHTxUW0^;dnGob(NW zlxn8|HvJCQJW;UVMYo_uDy^_MvtQq64Yx+RkrZ1i$}j&RvaH^K-&8oPaK6v?)WaFI z^}*hVy=zs$wUQ1u4({oTz(Z|%JDCSoc=9-@FuwwSg=f}L7KuEgw(~O>xxRxGMt21v zle5Uf_Eq?%5_}w=Yk+zcUc*ukvNS>*bCLB{X4lUd6= zy6J`Ul4pzNNt4^MHpqN5lFttL*bI3_5$<`$9GUzWZ-vKi@c8=250!}`DGpYYH+(iV zEZ{r51biw0KgU@%=Yw3|=w0WtMzWOQtsYC*?Uvx1oD5}u5?_3+Et`9wFEPquL9w!= za9U78tSHTvlz=1vz>*8h$A1f*{D|Vi#Pud8`1vH?J&)N;az5v9rZ8$5%#tPYz3}#k zPh$=1$`%11JO!%=ZcdS}Ya8pu&mAtCqu}SJ^_!U~OI5qmW6|TqNi{on@LN0ht#A0P zWc<+f4!VJ_{Gb?^_a!#4?=)cYGh?A?kfTu^HfsuZiMtWNmHp}b(d^K5_1)9nJLy%M z5tDfMUC*`yvNd|TJ@b|n7E21ol9HVm@^jPLctDP%=lH92u>2FS7c1l^dnBJ6Eqx?> zy-Q(jWl-Szmo@GECwBvojTEjo0ag?p{da{;2RMCwdlX<_ZSJ)AcGy}_6!3Gau^D#X z1l1U7&peiZ&-&er+g!m1C;L>baMxlOr>|HSTTqy`S0xFSt3>Hy?37_I9K z1zW|0usLJGq0RjXiOt69FvmO6w}d^`a_~uu;3rzIY}S+9WOUs5zxm<*c5%Qq3sLl$2wH#v9CQPK+M7xfhljI)PCyK)lB z-gH|>UsV$#_V>Gr6N|2~ot!IIF+!d17U1d%%Cw)^)=d{tPgU8h+4=^Ff~i|(VHYj*rJ&I(<97bVFx#}88raF_%;Wy{93^- zi;Jq=bNipMqmR$@arxb0dvqlBg2099BL~8|>;)6|C$F_NU72kkSVzBp%k)UDB%SSH zDx<4&_&MzQFEX#5C38(Tm#J*&Rrm=w#!Pf1qy*+1P31$W_^`Q=RwCftcN#&OznRHh zu1cQjBzzdk12Km9qUo^U?|IXm);;92Eb>Hru^RRk_bCyg=f^Xyb{n0u z;qKw^)6p4OA~$sM;b`Se^m%``Uwv*zYZVP=gUQmk0sRDnfrcc-=Y+(04ODbzVZ0Nq z;BD_|7#cJGlpXym$BKt0-X>N})(?3loSszE>S%;T82_BrL*YYo`Sb0OgQfcfO9s9K zpd*^(3BbipfvtBwNhb6W4>S;chLYr9ZDd#=5@wo}Scj@`DZ+U5N_rHsxQEkbwB6Q8 z?A42tdBi#Q{!5lzcTe;5^N%H_Y9howA0P9(gda7|q0GC;G9~>hIW7<1Beu)*Bt{Y{ z1?7AbGu`_5k`#4zNAZ)_>b`oG-)EsoR$rJds#;j~B@!QD zF4x3HHVwehg=MtOZdUs1A78ncEpof+IVaA%b8rHZp1cKOgG3bJpfcnxCMJ$Y=#?ko zr^<jV44oGCg>5Q&IjBJ#C61P^0g?n1` z>Vmz&PaC7<#1c*!!eP=Sp_fxv=YO5rWHIF33uIgcz|waFRlhf&C38YIKaEc4E&(rBBnLo8`UIVO_AQib0mdjvTHetn~3$tZnS@ zYw(x^xz7CYxOU5v$8mZ~IFHc;bM7ym7X%t_r$nPfy=;1gwe=L`Szwt%D884iO8wod zI4R7j}2gtH7N__qQ5cVcaPs=Da`F^+T3Vk2E`ICGv0mam5_^dIu={IVrKf&Ofi zg-H&Z|1}&K_H7Xg>*`K}Kr#J|+IdE3!Ozy!>`LyEgY}3UAs@t1Ge?IUyZ`bc8g1Rc zwbU5U?f3e+SPoXZH1hpjHKWyK{$i~ZnU`)Kh~M33RRR}|wh3}SI8yF4nrN(R99(#o z9mY+|))dD7)ut^Bk2zpk7~B5psn>YO#{?sL#m2+2ZB?<<+oA5+5vM3WyTWWZ2`TW3 zF!o3yaW5>bO93A4{rQPY59IHxG@>G!Dh5t>QE!sM+y{Lo-uw=k86t;ufdeU5T>dAp zylP52WT6w$v05NAcXU?tcYv7$EqQ`Wx$aQ#1%hteb)vw!`A4SAvqc~VheF<#`UASy z++%3(gL?t-ehDaX7%q#`v3eE aUz>ZpP7?|jNIq2H4?@pGm!R!<<9`6h!rZ3- literal 0 HcmV?d00001 diff --git a/docs/kyverno/README.md b/docs/kyverno/README.md new file mode 100644 index 0000000..068f86b --- /dev/null +++ b/docs/kyverno/README.md @@ -0,0 +1,112 @@ +## C2P for Kyverno + +### Continuous Compliance by C2P + +https://github.com/IBM/compliance-to-policy/assets/113283236/4b0b5357-4025-46c8-8d88-1f4c00538795 + +### Usage of C2P CLI +``` +$ c2pcli ocm -h +C2P CLI Kyverno plugin + +Usage: + c2pcli kyverno [command] + +Available Commands: + oscal2policy Compose deliverable Kyverno policies from OSCAL + result2oscal Generate OSCAL Assessment Results from Kyverno policies and the policy reports + tools Tools + +Flags: + -h, --help help for kyverno + +Use "c2pcli kyverno [command] --help" for more information about a command. +``` + +### Prerequisites + +1. Prepare Kyverno Policy Resources + - You can use [policy-resources for test](/pkg/testdata/kyverno/policy-resources) + - For bring your own policies, please see [Bring your own Kyverno Policy Resources](#bring-your-own-kyverno-policy-resources) + +#### Convert OSCAL to Kyverno Policy +``` +$ c2pcli kyverno oscal2policy -c ./pkg/testdata/kyverno/c2p-config.yaml -o /tmp/kyverno-policies +2023-10-31T07:23:56.291+0900 INFO kyverno/c2pcr kyverno/configparser.go:53 Component-definition is loaded from ./pkg/testdata/kyverno/component-definition.json + +$ tree /tmp/kyverno-policies +/tmp/kyverno-policies +└── allowed-base-images + ├── 02-setup-cm.yaml + └── allowed-base-images.yaml +``` + +#### Convert Policy Report to OSCAL Assessment Results +``` +$ c2pcli kyverno result2oscal -c ./pkg/testdata/kyverno/c2p-config.yaml -o /tmp/assessment-results + +$ tree /tmp/assessment-results +/tmp/assessment-results +└── assessment-results.json +``` + +#### Reformat in human-friendly format (markdown file) +``` +$ c2pcli kyverno tools oscal2posture -c ./pkg/testdata/kyverno/c2p-config.yaml --assessment-results /tmp/assessment-results/assessment-results.json -o /tmp/compliance-report.md +``` + +``` +$ head -n 15 /tmp/compliance-report.md +## Catalog + +## Component: Kubernetes +#### Result of control: cm-8.3_smt.a + +Rule ID: allowed-base-images +

Details + + - Subject UUID: 0b1adf1c-f6e2-46af-889e-39255e669655 + - Title: ApiVersion: v1, Kind: Pod, Namespace: argocd, Name: argocd-application-controller-0 + - Result: fail + - Reason: + ``` + validation failure: This container image's base is not in the approved list or is not specified. Only pre-approved base images may be used. Please contact the platform team for assistance. + ``` +``` + +### Bring your own Kyverno Policy Resources +- You can download Kyverno Policies (https://github.com/kyverno/policies) as Policy Resources and modify them + 1. Run `kyverno tools load-policy-resources` command + ``` + $ c2pcli kyverno tools load-policy-resources --src https://github.com/kyverno/policies --dest /tmp/policies + ``` + ``` + $ tree /tmp/policies + /tmp/policies + ├── add-apparmor-annotations + │ └── add-apparmor-annotations.yaml + ├── add-capabilities + │ └── add-capabilities.yaml + ├── add-castai-removal-disabled + │ └── add-castai-removal-disabled.yaml + ├── add-certificates-volume + │ └── add-certificates-volume.yaml + ├── add-default-resources + ... + ``` + - You can check result.json about what resources are downloaded. + ``` + $ cat /tmp/policies/result.json + + ``` + - There are some policies that depend on context. Please add the context resources manually. result.json contains list of the policies that have context field + ``` + $ jq -r .summary.resourcesHavingContext /tmp/policies/result.json + [ + "allowed-podpriorities", + "allowed-base-images", + "advanced-restrict-image-registries", + ... + "require-linkerd-server" + ] + ``` \ No newline at end of file diff --git a/docs/ocm/README.md b/docs/ocm/README.md index edfbe7a..a3259a6 100644 --- a/docs/ocm/README.md +++ b/docs/ocm/README.md @@ -1,6 +1,6 @@ ## C2P for OCM -### Usage +### Usage of C2P CLI ``` $ c2pcli ocm -h C2P CLI OCM plugin @@ -21,6 +21,9 @@ Use "c2pcli ocm [command] --help" for more information about a command. ### Prerequisites 1. Install [Policy Generator Plugin](https://github.com/open-cluster-management-io/policy-generator-plugin#as-a-kustomize-plugin) +1. Prepare OCM Policy Resources + - You can use [policy-resources for test](/pkg/testdata/ocm/policies) + - You can also use [Policy Collection](https://github.com/open-cluster-management-io/policy-collection). Please see [C2P Decomposer](#c2p-decomposer) ### Manual end-to-end use case @@ -150,7 +153,10 @@ Compose OCM Policy from policy resources from compliance information (for exampl └── policy-sets.yaml ``` -### Setup pipeline +### GitOps automation use case + +https://github.com/IBM/compliance-to-policy/assets/113283236/da3518d0-53de-4bd6-8703-04ce94e9dfba + 1. Create two repositories (one is configuration repository that's used for pipeline from OSCAL to Policy and another is evidence repository that's used for pipeline from OCM statuses to Compliance result) - For example, c2p-for-ocm-pipeline01-config and c2p-for-ocm-pipeline01-evidence 1. Create Github Personal Access Token having following permissions