From 952936d12b514672fa3eface72710558a26ab141 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 22 Sep 2022 10:47:47 -0600 Subject: [PATCH] split all the .md documentation into different files --- README.md | 4116 ----------------- docs/alerting.md | 34 + docs/anomaly-detection.md | 12 + docs/api-aggregations.md | 24 + docs/api-document-lookup.md | 90 + docs/api-event-logging.md | 73 + docs/api-examples.md | 1479 ++++++ docs/api-fields.md | 28 + docs/api-indices.md | 31 + docs/api-ping.md | 11 + docs/api-version.md | 51 + docs/api.md | 3 + docs/arkime.md | 177 + docs/components.md | 59 + .../README.md => contributing.md} | 0 docs/cyberchef.md | 5 + docs/dashboards.md | 90 + docs/development.md | 156 + docs/{web => }/download.md | 0 docs/file-scanning.md | 28 + docs/hardening.md | 59 + docs/hedgehog-boot.md | 17 + docs/hedgehog-config.md | 262 ++ docs/hedgehog-hardening.md | 59 + docs/hedgehog-installation.md | 41 + docs/hedgehog-iso-build.md | 36 + docs/hedgehog-ssh.md | 19 + docs/hedgehog-troubleshooting.md | 9 + docs/hedgehog-upgrade.md | 330 ++ docs/hedgehog.md | 52 + docs/host-and-subnet-mapping.md | 88 + docs/ics-best-guess.md | 11 + .../images/arkime-capture-ip-port.jpg | Bin 0 -> 28943 bytes .../images/arkime-capture-ip-port.png | Bin .../images/hedgehog/images/arkime_confirm.jpg | Bin 0 -> 37850 bytes .../hedgehog}/images/arkime_confirm.png | Bin docs/images/hedgehog/images/autostarts.jpg | Bin 0 -> 83989 bytes .../images/hedgehog}/images/autostarts.png | Bin .../hedgehog/images/autostarts_confirm.jpg | Bin 0 -> 77503 bytes .../hedgehog}/images/autostarts_confirm.png | Bin docs/images/hedgehog/images/boot_options.jpg | Bin 0 -> 38416 bytes .../images/hedgehog}/images/boot_options.png | Bin .../hedgehog/images/capture_config_main.jpg | Bin 0 -> 28574 bytes .../hedgehog}/images/capture_config_main.png | Bin .../images/hedgehog/images/capture_filter.jpg | Bin 0 -> 26934 bytes .../hedgehog}/images/capture_filter.png | Bin .../hedgehog/images/capture_iface_select.jpg | Bin 0 -> 76072 bytes .../hedgehog}/images/capture_iface_select.png | Bin docs/images/hedgehog/images/capture_paths.jpg | Bin 0 -> 33567 bytes .../images/hedgehog}/images/capture_paths.png | Bin docs/images/hedgehog/images/desktop.jpg | Bin 0 -> 127592 bytes .../images/hedgehog}/images/desktop.png | Bin .../hedgehog/images/file_quarantine.jpg | Bin 0 -> 40316 bytes .../hedgehog}/images/file_quarantine.png | Bin .../images/hedgehog/images/filebeat_certs.jpg | Bin 0 -> 49177 bytes .../hedgehog}/images/filebeat_certs.png | Bin .../hedgehog/images/filebeat_confirm.jpg | Bin 0 -> 83931 bytes .../hedgehog}/images/filebeat_confirm.png | Bin .../hedgehog/images/filebeat_ip_port.jpg | Bin 0 -> 29801 bytes .../hedgehog}/images/filebeat_ip_port.png | Bin .../hedgehog/images/filebeat_log_path.jpg | Bin 0 -> 24463 bytes .../hedgehog}/images/filebeat_log_path.png | Bin docs/images/hedgehog/images/filebeat_ssl.jpg | Bin 0 -> 34375 bytes .../images/hedgehog}/images/filebeat_ssl.png | Bin .../hedgehog/images/filebeat_ssl_verify.jpg | Bin 0 -> 14493 bytes .../hedgehog}/images/filebeat_ssl_verify.png | Bin .../hedgehog/images/forwarder_config.jpg | Bin 0 -> 54489 bytes .../hedgehog}/images/forwarder_config.png | Bin .../hedgehog/images/hedgehog-color-w-text.jpg | Bin 0 -> 34741 bytes .../images/hedgehog-color-w-text.png | 0 .../hedgehog/images/hostname_setting.jpg | Bin 0 -> 151112 bytes .../hedgehog}/images/hostname_setting.png | Bin docs/images/hedgehog/images/htpdate_freq.jpg | Bin 0 -> 21920 bytes .../images/hedgehog}/images/htpdate_freq.png | Bin docs/images/hedgehog/images/htpdate_host.jpg | Bin 0 -> 28328 bytes .../images/hedgehog}/images/htpdate_host.png | Bin docs/images/hedgehog/images/htpdate_setup.jpg | Bin 0 -> 80843 bytes .../images/hedgehog}/images/htpdate_setup.png | Bin docs/images/hedgehog/images/htpdate_test.jpg | Bin 0 -> 30653 bytes .../images/hedgehog}/images/htpdate_test.png | Bin docs/images/hedgehog/images/iface_mode.jpg | Bin 0 -> 28266 bytes .../images/hedgehog}/images/iface_mode.png | Bin docs/images/hedgehog/images/iface_static.jpg | Bin 0 -> 32522 bytes .../images/hedgehog}/images/iface_static.png | Bin .../hedgehog/images/installer_progress.jpg | Bin 0 -> 23568 bytes .../hedgehog}/images/installer_progress.png | Bin .../images/kiosk_mode_sensor_menu.jpg | Bin 0 -> 65157 bytes .../images/kiosk_mode_sensor_menu.png | Bin .../images/kiosk_mode_services_menu.jpg | Bin 0 -> 74087 bytes .../images/kiosk_mode_services_menu.png | Bin .../hedgehog/images/kiosk_mode_status.jpg | Bin 0 -> 68445 bytes .../hedgehog}/images/kiosk_mode_status.png | Bin .../images/kiosk_mode_wipe_prompt.jpg | Bin 0 -> 33576 bytes .../images/kiosk_mode_wipe_prompt.png | Bin .../images/malcolm_arkime_reachback_acl.jpg | Bin 0 -> 54924 bytes .../images/malcolm_arkime_reachback_acl.png | Bin docs/images/hedgehog/images/ntp_host.jpg | Bin 0 -> 19717 bytes .../images/hedgehog}/images/ntp_host.png | Bin .../images/opensearch_connection_protocol.jpg | Bin 0 -> 18924 bytes .../images/opensearch_connection_protocol.png | Bin .../images/opensearch_connection_success.jpg | Bin 0 -> 19137 bytes .../images/opensearch_connection_success.png | Bin .../hedgehog/images/opensearch_password.jpg | Bin 0 -> 21464 bytes .../hedgehog}/images/opensearch_password.png | Bin .../images/opensearch_ssl_verification.jpg | Bin 0 -> 19037 bytes .../images/opensearch_ssl_verification.png | Bin .../hedgehog/images/opensearch_username.jpg | Bin 0 -> 21886 bytes .../hedgehog}/images/opensearch_username.png | Bin .../hedgehog/images/root_config_mode.jpg | Bin 0 -> 42071 bytes .../hedgehog}/images/root_config_mode.png | Bin docs/images/hedgehog/images/select_iface.jpg | Bin 0 -> 76196 bytes .../images/hedgehog}/images/select_iface.png | Bin .../images/hedgehog/images/time_sync_mode.jpg | Bin 0 -> 37983 bytes .../hedgehog}/images/time_sync_mode.png | Bin .../hedgehog/images/time_sync_success.jpg | Bin 0 -> 16743 bytes .../hedgehog}/images/time_sync_success.png | Bin .../hedgehog/images/users_and_passwords.jpg | Bin 0 -> 91149 bytes .../hedgehog}/images/users_and_passwords.png | Bin .../hedgehog/images/zeek_file_carve_mode.jpg | Bin 0 -> 92063 bytes .../hedgehog}/images/zeek_file_carve_mode.png | Bin .../images/zeek_file_carve_scanners.jpg | Bin 0 -> 42418 bytes .../images/zeek_file_carve_scanners.png | Bin .../images/hedgehog}/logo/Attribution.txt | 0 .../images/hedgehog}/logo/favicon.ico | Bin .../logo/font/ubuntu/CONTRIBUTING.txt | 0 .../hedgehog}/logo/font/ubuntu/COPYRIGHT.txt | 0 .../logo/font/ubuntu/DESCRIPTION.en_us.html | 0 .../hedgehog}/logo/font/ubuntu/FONTLOG.txt | 0 .../logo/font/ubuntu/LICENCE-FAQ.txt | 0 .../hedgehog}/logo/font/ubuntu/LICENCE.txt | 0 .../hedgehog}/logo/font/ubuntu/METADATA.pb | 0 .../hedgehog}/logo/font/ubuntu/README.txt | 0 .../hedgehog}/logo/font/ubuntu/TRADEMARKS.txt | 0 .../images/hedgehog}/logo/font/ubuntu/UFL.txt | 0 .../logo/font/ubuntu/Ubuntu-Bold.ttf | Bin .../logo/font/ubuntu/Ubuntu-BoldItalic.ttf | Bin .../logo/font/ubuntu/Ubuntu-Italic.ttf | Bin .../logo/font/ubuntu/Ubuntu-Light.ttf | Bin .../logo/font/ubuntu/Ubuntu-LightItalic.ttf | Bin .../logo/font/ubuntu/Ubuntu-Medium.ttf | Bin .../logo/font/ubuntu/Ubuntu-MediumItalic.ttf | Bin .../logo/font/ubuntu/Ubuntu-Regular.ttf | Bin .../font/ubuntucondensed/CONTRIBUTING.txt | 0 .../logo/font/ubuntucondensed/COPYRIGHT.txt | 0 .../ubuntucondensed/DESCRIPTION.en_us.html | 0 .../logo/font/ubuntucondensed/FONTLOG.txt | 0 .../logo/font/ubuntucondensed/LICENCE-FAQ.txt | 0 .../logo/font/ubuntucondensed/LICENCE.txt | 0 .../logo/font/ubuntucondensed/METADATA.pb | 0 .../logo/font/ubuntucondensed/README.txt | 0 .../logo/font/ubuntucondensed/TRADEMARKS.txt | 0 .../logo/font/ubuntucondensed/UFL.txt | 0 .../UbuntuCondensed-Regular.ttf | Bin .../logo/font/ubuntumono/CONTRIBUTING.txt | 0 .../logo/font/ubuntumono/COPYRIGHT.txt | 0 .../font/ubuntumono/DESCRIPTION.en_us.html | 0 .../logo/font/ubuntumono/FONTLOG.txt | 0 .../logo/font/ubuntumono/LICENCE-FAQ.txt | 0 .../logo/font/ubuntumono/LICENCE.txt | 0 .../logo/font/ubuntumono/METADATA.pb | 0 .../hedgehog}/logo/font/ubuntumono/README.txt | 0 .../logo/font/ubuntumono/TRADEMARKS.txt | 0 .../hedgehog}/logo/font/ubuntumono/UFL.txt | 0 .../logo/font/ubuntumono/UbuntuMono-Bold.ttf | Bin .../font/ubuntumono/UbuntuMono-BoldItalic.ttf | Bin .../font/ubuntumono/UbuntuMono-Italic.ttf | Bin .../font/ubuntumono/UbuntuMono-Regular.ttf | Bin .../hedgehog}/logo/hedgehog-bw-large.png | Bin .../hedgehog}/logo/hedgehog-bw-small.png | Bin .../logo/hedgehog-bw-w-text-large.png | Bin .../logo/hedgehog-bw-w-text-small.png | Bin .../hedgehog}/logo/hedgehog-bw-w-text.ai | 0 .../images/hedgehog}/logo/hedgehog-bw.ai | 0 .../hedgehog}/logo/hedgehog-color-large.png | Bin .../hedgehog}/logo/hedgehog-color-small.png | Bin .../logo/hedgehog-color-w-text-large.png | Bin .../logo/hedgehog-color-w-text-small.png | Bin .../hedgehog}/logo/hedgehog-color-w-text.ai | 0 .../hedgehog}/logo/hedgehog-color-w-text.png | Bin .../images/hedgehog}/logo/hedgehog-color.ai | 0 .../images/hedgehog}/logo/hedgehog-color.eps | Bin .../images/hedgehog}/logo/hedgehog-color.png | Bin .../logo/hedgehog-wallpaper-plain.png | Bin .../hedgehog}/logo/hedgehog-wallpaper.png | Bin .../hedgehog}/logo/hedgehog-wallpaper.xcf | Bin docs/index-management.md | 7 + docs/live-analysis.md | 57 + docs/main.md | 178 + docs/malcolm-iso.md | 81 + docs/malcolm-upgrade.md | 73 + docs/netbox.md | 7 + docs/preparation.md | 233 + docs/protocols.md | 64 + docs/queries-cheat-sheet.md | 74 + ...ork Traffic Analysis Quick Start Guide.odt | Bin ...ork Traffic Analysis Quick Start Guide.pdf | Bin docs/quickstart.md | 93 + docs/running.md | 222 + docs/severity.md | 44 + .../README.md => docs/third-party-logs.md | 0 docs/time-sync.md | 9 + docs/ubuntu-install-example.md | 323 ++ docs/upload.md | 26 + docs/zeek-intel.md | 58 + sensor-iso/README.md | 833 ---- sensor-iso/doc.css | 324 -- 206 files changed, 4883 insertions(+), 5273 deletions(-) delete mode 100644 README.md create mode 100644 docs/alerting.md create mode 100644 docs/anomaly-detection.md create mode 100644 docs/api-aggregations.md create mode 100644 docs/api-document-lookup.md create mode 100644 docs/api-event-logging.md create mode 100644 docs/api-examples.md create mode 100644 docs/api-fields.md create mode 100644 docs/api-indices.md create mode 100644 docs/api-ping.md create mode 100644 docs/api-version.md create mode 100644 docs/api.md create mode 100644 docs/arkime.md create mode 100644 docs/components.md rename docs/{contributing/README.md => contributing.md} (100%) create mode 100644 docs/cyberchef.md create mode 100644 docs/dashboards.md create mode 100644 docs/development.md rename docs/{web => }/download.md (100%) create mode 100644 docs/file-scanning.md create mode 100644 docs/hardening.md create mode 100644 docs/hedgehog-boot.md create mode 100644 docs/hedgehog-config.md create mode 100644 docs/hedgehog-hardening.md create mode 100644 docs/hedgehog-installation.md create mode 100644 docs/hedgehog-iso-build.md create mode 100644 docs/hedgehog-ssh.md create mode 100644 docs/hedgehog-troubleshooting.md create mode 100644 docs/hedgehog-upgrade.md create mode 100644 docs/hedgehog.md create mode 100644 docs/host-and-subnet-mapping.md create mode 100644 docs/ics-best-guess.md create mode 100644 docs/images/hedgehog/images/arkime-capture-ip-port.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/arkime-capture-ip-port.png (100%) create mode 100644 docs/images/hedgehog/images/arkime_confirm.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/arkime_confirm.png (100%) create mode 100644 docs/images/hedgehog/images/autostarts.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/autostarts.png (100%) create mode 100644 docs/images/hedgehog/images/autostarts_confirm.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/autostarts_confirm.png (100%) create mode 100644 docs/images/hedgehog/images/boot_options.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/boot_options.png (100%) create mode 100644 docs/images/hedgehog/images/capture_config_main.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/capture_config_main.png (100%) create mode 100644 docs/images/hedgehog/images/capture_filter.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/capture_filter.png (100%) create mode 100644 docs/images/hedgehog/images/capture_iface_select.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/capture_iface_select.png (100%) create mode 100644 docs/images/hedgehog/images/capture_paths.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/capture_paths.png (100%) create mode 100644 docs/images/hedgehog/images/desktop.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/desktop.png (100%) create mode 100644 docs/images/hedgehog/images/file_quarantine.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/file_quarantine.png (100%) create mode 100644 docs/images/hedgehog/images/filebeat_certs.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/filebeat_certs.png (100%) create mode 100644 docs/images/hedgehog/images/filebeat_confirm.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/filebeat_confirm.png (100%) create mode 100644 docs/images/hedgehog/images/filebeat_ip_port.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/filebeat_ip_port.png (100%) create mode 100644 docs/images/hedgehog/images/filebeat_log_path.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/filebeat_log_path.png (100%) create mode 100644 docs/images/hedgehog/images/filebeat_ssl.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/filebeat_ssl.png (100%) create mode 100644 docs/images/hedgehog/images/filebeat_ssl_verify.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/filebeat_ssl_verify.png (100%) create mode 100644 docs/images/hedgehog/images/forwarder_config.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/forwarder_config.png (100%) create mode 100644 docs/images/hedgehog/images/hedgehog-color-w-text.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/hedgehog-color-w-text.png (100%) create mode 100644 docs/images/hedgehog/images/hostname_setting.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/hostname_setting.png (100%) create mode 100644 docs/images/hedgehog/images/htpdate_freq.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/htpdate_freq.png (100%) create mode 100644 docs/images/hedgehog/images/htpdate_host.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/htpdate_host.png (100%) create mode 100644 docs/images/hedgehog/images/htpdate_setup.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/htpdate_setup.png (100%) create mode 100644 docs/images/hedgehog/images/htpdate_test.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/htpdate_test.png (100%) create mode 100644 docs/images/hedgehog/images/iface_mode.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/iface_mode.png (100%) create mode 100644 docs/images/hedgehog/images/iface_static.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/iface_static.png (100%) create mode 100644 docs/images/hedgehog/images/installer_progress.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/installer_progress.png (100%) create mode 100644 docs/images/hedgehog/images/kiosk_mode_sensor_menu.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/kiosk_mode_sensor_menu.png (100%) create mode 100644 docs/images/hedgehog/images/kiosk_mode_services_menu.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/kiosk_mode_services_menu.png (100%) create mode 100644 docs/images/hedgehog/images/kiosk_mode_status.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/kiosk_mode_status.png (100%) create mode 100644 docs/images/hedgehog/images/kiosk_mode_wipe_prompt.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/kiosk_mode_wipe_prompt.png (100%) create mode 100644 docs/images/hedgehog/images/malcolm_arkime_reachback_acl.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/malcolm_arkime_reachback_acl.png (100%) create mode 100644 docs/images/hedgehog/images/ntp_host.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/ntp_host.png (100%) create mode 100644 docs/images/hedgehog/images/opensearch_connection_protocol.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/opensearch_connection_protocol.png (100%) create mode 100644 docs/images/hedgehog/images/opensearch_connection_success.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/opensearch_connection_success.png (100%) create mode 100644 docs/images/hedgehog/images/opensearch_password.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/opensearch_password.png (100%) create mode 100644 docs/images/hedgehog/images/opensearch_ssl_verification.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/opensearch_ssl_verification.png (100%) create mode 100644 docs/images/hedgehog/images/opensearch_username.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/opensearch_username.png (100%) create mode 100644 docs/images/hedgehog/images/root_config_mode.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/root_config_mode.png (100%) create mode 100644 docs/images/hedgehog/images/select_iface.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/select_iface.png (100%) create mode 100644 docs/images/hedgehog/images/time_sync_mode.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/time_sync_mode.png (100%) create mode 100644 docs/images/hedgehog/images/time_sync_success.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/time_sync_success.png (100%) create mode 100644 docs/images/hedgehog/images/users_and_passwords.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/users_and_passwords.png (100%) create mode 100644 docs/images/hedgehog/images/zeek_file_carve_mode.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/zeek_file_carve_mode.png (100%) create mode 100644 docs/images/hedgehog/images/zeek_file_carve_scanners.jpg rename {sensor-iso/docs => docs/images/hedgehog}/images/zeek_file_carve_scanners.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/Attribution.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/favicon.ico (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/CONTRIBUTING.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/COPYRIGHT.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/DESCRIPTION.en_us.html (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/FONTLOG.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/LICENCE-FAQ.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/LICENCE.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/METADATA.pb (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/README.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/TRADEMARKS.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/UFL.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/Ubuntu-Bold.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/Ubuntu-BoldItalic.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/Ubuntu-Italic.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/Ubuntu-Light.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/Ubuntu-LightItalic.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/Ubuntu-Medium.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/Ubuntu-MediumItalic.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntu/Ubuntu-Regular.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/CONTRIBUTING.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/COPYRIGHT.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/DESCRIPTION.en_us.html (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/FONTLOG.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/LICENCE-FAQ.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/LICENCE.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/METADATA.pb (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/README.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/TRADEMARKS.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/UFL.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntucondensed/UbuntuCondensed-Regular.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/CONTRIBUTING.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/COPYRIGHT.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/DESCRIPTION.en_us.html (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/FONTLOG.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/LICENCE-FAQ.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/LICENCE.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/METADATA.pb (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/README.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/TRADEMARKS.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/UFL.txt (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/UbuntuMono-Bold.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/UbuntuMono-BoldItalic.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/UbuntuMono-Italic.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/font/ubuntumono/UbuntuMono-Regular.ttf (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-bw-large.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-bw-small.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-bw-w-text-large.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-bw-w-text-small.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-bw-w-text.ai (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-bw.ai (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-color-large.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-color-small.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-color-w-text-large.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-color-w-text-small.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-color-w-text.ai (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-color-w-text.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-color.ai (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-color.eps (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-color.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-wallpaper-plain.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-wallpaper.png (100%) rename {sensor-iso/docs => docs/images/hedgehog}/logo/hedgehog-wallpaper.xcf (100%) create mode 100644 docs/index-management.md create mode 100644 docs/live-analysis.md create mode 100644 docs/main.md create mode 100644 docs/malcolm-iso.md create mode 100644 docs/malcolm-upgrade.md create mode 100644 docs/netbox.md create mode 100644 docs/preparation.md create mode 100644 docs/protocols.md create mode 100644 docs/queries-cheat-sheet.md rename docs/{ => quick-start}/Malcolm Network Traffic Analysis Quick Start Guide.odt (100%) rename docs/{ => quick-start}/Malcolm Network Traffic Analysis Quick Start Guide.pdf (100%) create mode 100644 docs/quickstart.md create mode 100644 docs/running.md create mode 100644 docs/severity.md rename scripts/third-party-logs/README.md => docs/third-party-logs.md (100%) create mode 100644 docs/time-sync.md create mode 100644 docs/ubuntu-install-example.md create mode 100644 docs/upload.md create mode 100644 docs/zeek-intel.md delete mode 100644 sensor-iso/README.md delete mode 100644 sensor-iso/doc.css diff --git a/README.md b/README.md deleted file mode 100644 index eed455f5b..000000000 --- a/README.md +++ /dev/null @@ -1,4116 +0,0 @@ -# Malcolm - -![](./docs/images/logo/Malcolm_banner.png) - -[Malcolm](https://github.com/idaholab/Malcolm) is a powerful network traffic analysis tool suite designed with the following goals in mind: - -* **Easy to use** – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is automatically normalized, enriched, and correlated for analysis. -* **Powerful traffic analysis** – Visibility into network communications is provided through two intuitive interfaces: OpenSearch Dashboards, a flexible data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols; and Arkime (formerly Moloch), a powerful tool for finding and identifying the network sessions comprising suspected security incidents. -* **Streamlined deployment** – Malcolm operates as a cluster of Docker containers, isolated sandboxes which each serve a dedicated function of the system. This Docker-based deployment model, combined with a few simple scripts for setup and run-time management, makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases, whether it be for long-term deployment on a Linux server in a security operations center (SOC) or for incident response on a Macbook for an individual engagement. -* **Secure communications** – All communications with Malcolm, both from the user interface and from remote log forwarders, are secured with industry standard encryption protocols. -* **Permissive license** – Malcolm is comprised of several widely used open source tools, making it an attractive alternative to security solutions requiring paid licenses. -* **Expanding control systems visibility** – While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common ICS protocols. - -Although all of the open source tools which make up Malcolm are already available and in general use, Malcolm provides a framework of interconnectivity which makes it greater than the sum of its parts. And while there are many other network traffic analysis solutions out there, ranging from complete Linux distributions like Security Onion to licensed products like Splunk Enterprise Security, the creators of Malcolm feel its easy deployment and robust combination of tools fill a void in the network security space that will make network traffic analysis accessible to many in both the public and private sectors as well as individual enthusiasts. - -In short, Malcolm provides an easily deployable network analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs. While Internet access is required to build it, it is not required at runtime. - -## Share your feedback - -You can help steer Malcolm's development by sharing your ideas and feedback. Please take a few minutes to complete [this survey ↪](https://forms.gle/JYt9QwA5C4SYX8My6) (hosted on Google Forms) so we can understand the members of the Malcolm community and their use cases for this tool. - -## Table of Contents - -* [Automated Build Workflows Status](#BuildBadges) -* [Quick start](#QuickStart) - * [Getting Malcolm](#GetMalcolm) - * [User interface](#UserInterfaceURLs) -* [Overview](#Overview) -* [Components](#Components) -* [Supported Protocols](#Protocols) -* [Development](#Development) - * [Building from source](#Build) -* [Pre-Packaged installation files](#Packager) -* [Preparing your system](#Preparing) - * [Recommended system requirements](#SystemRequirements) - * [System configuration and tuning](#ConfigAndTuning) - * [`docker-compose.yml` parameters](#DockerComposeYml) - * [Linux host system configuration](#HostSystemConfigLinux) - * [macOS host system configuration](#HostSystemConfigMac) - * [Windows host system configuration](#HostSystemConfigWindows) -* [Running Malcolm](#Running) - * [OpenSearch instances](#OpenSearchInstance) - * [Authentication and authorization for remote OpenSearch clusters](#OpenSearchAuth) - * [Configure authentication](#AuthSetup) - * [Local account management](#AuthBasicAccountManagement) - * [Lightweight Directory Access Protocol (LDAP) authentication](#AuthLDAP) - - [LDAP connection security](#AuthLDAPSecurity) - * [TLS certificates](#TLSCerts) - * [Starting Malcolm](#Starting) - * [Stopping and restarting Malcolm](#StopAndRestart) - * [Clearing Malcolm's data](#Wipe) - * [Temporary read-only interface](#ReadOnlyUI) -* [Capture file and log archive upload](#Upload) - - [Tagging](#Tagging) - - [Processing uploaded PCAPs with Zeek and Suricata](#UploadPCAPProcessors) -* [Live analysis](#LiveAnalysis) - * [Using a network sensor appliance](#Hedgehog) - * [Monitoring local network interfaces](#LocalPCAP) - * [Manually forwarding logs from an external source](#ExternalForward) -* [Arkime](#Arkime) - * [Zeek log integration](#ArkimeZeek) - - [Correlating Zeek logs and Arkime sessions](#ZeekArkimeFlowCorrelation) - * [Help](#ArkimeHelp) - * [Sessions](#ArkimeSessions) - * [PCAP Export](#ArkimePCAPExport) - * [SPIView](#ArkimeSPIView) - * [SPIGraph](#ArkimeSPIGraph) - * [Connections](#ArkimeConnections) - * [Hunt](#ArkimeHunt) - * [Statistics](#ArkimeStats) - * [Settings](#ArkimeSettings) -* [OpenSearch Dashboards](#Dashboards) - * [Discover](#Discover) - - [Screenshots](#DiscoverGallery) - * [Visualizations and dashboards](#DashboardsVisualizations) - - [Prebuilt visualizations and dashboards](#PrebuiltVisualizations) - - [Screenshots](#PrebuiltVisualizationsGallery) - - [Building your own visualizations and dashboards](#BuildDashboard) - + [Screenshots](#NewVisualizationsGallery) -* [Search Queries in Arkime and OpenSearch](#SearchCheatSheet) -* [Other Malcolm features](#MalcolmFeatures) - - [Automatic file extraction and scanning](#ZeekFileExtraction) - - [Automatic host and subnet name assignment](#HostAndSubnetNaming) - + [IP/MAC address to hostname mapping via `host-map.txt`](#HostNaming) - + [CIDR subnet to network segment name mapping via `cidr-map.txt`](#SegmentNaming) - + [Defining hostname and CIDR subnet names interface](#NameMapUI) - + [Applying mapping changes](#ApplyMapping) - - [OpenSearch index management](#IndexManagement) - - [Event severity scoring](#Severity) - + [Customizing event severity scoring](#SeverityConfig) - - [Zeek Intelligence Framework](#ZeekIntel) - + [STIX™ and TAXII™](#ZeekIntelSTIX) - + [MISP](#ZeekIntelMISP) - - [Anomaly Detection](#AnomalyDetection) - - [Alerting](#Alerting) - + [Email Sender Accounts](#AlertingEmail) - - ["Best Guess" Fingerprinting for ICS Protocols](#ICSBestGuess) - - [Asset Management with NetBox](#NetBox) - - [CyberChef](#CyberChef) - - [API](#API) - + [Examples](#APIExamples) -* [Ingesting Third-party Logs](#ThirdPartyLogs) -* [Malcolm installer ISO](#ISO) - * [Installation](#ISOInstallation) - * [Generating the ISO](#ISOBuild) - * [Setup](#ISOSetup) - * [Time synchronization](#ConfigTime) - * [Hardening](#Hardening) - * [Compliance Exceptions](#ComplianceExceptions) -* [Installation example using Ubuntu 22.04 LTS](#InstallationExample) -* [Upgrading Malcolm](#UpgradePlan) -* [Modifying or Contributing to Malcolm](#Contributing) -* [Forks](#Forks) -* [Copyright](#Footer) -* [Contact](#Contact) - -## Automated Builds Status - -See [**Building from source**](#Build) to read how you can use GitHub [workflow files](./.github/workflows/) to build Malcolm. - -![api-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/api-build-and-push-ghcr/badge.svg) -![arkime-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/arkime-build-and-push-ghcr/badge.svg) -![dashboards-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/dashboards-build-and-push-ghcr/badge.svg) -![dashboards-helper-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/dashboards-helper-build-and-push-ghcr/badge.svg) -![file-monitor-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/file-monitor-build-and-push-ghcr/badge.svg) -![file-upload-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/file-upload-build-and-push-ghcr/badge.svg) -![filebeat-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/filebeat-build-and-push-ghcr/badge.svg) -![freq-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/freq-build-and-push-ghcr/badge.svg) -![htadmin-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/htadmin-build-and-push-ghcr/badge.svg) -![logstash-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/logstash-build-and-push-ghcr/badge.svg) -![name-map-ui-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/name-map-ui-build-and-push-ghcr/badge.svg) -![nginx-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/nginx-build-and-push-ghcr/badge.svg) -![opensearch-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/opensearch-build-and-push-ghcr/badge.svg) -![pcap-capture-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/pcap-capture-build-and-push-ghcr/badge.svg) -![pcap-monitor-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/pcap-monitor-build-and-push-ghcr/badge.svg) -![suricata-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/suricata-build-and-push-ghcr/badge.svg) -![zeek-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/zeek-build-and-push-ghcr/badge.svg) -![malcolm-iso-build-docker-wrap-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/malcolm-iso-build-docker-wrap-push-ghcr/badge.svg) -![sensor-iso-build-docker-wrap-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/sensor-iso-build-docker-wrap-push-ghcr/badge.svg) - -## Quick start - -### Getting Malcolm - -For a `TL;DR` example of downloading, configuring, and running Malcolm on a Linux platform, see [Installation example using Ubuntu 22.04 LTS](#InstallationExample). - -The scripts to control Malcolm require Python 3. The [`install.py`](#ConfigAndTuning) script requires the [requests](https://docs.python-requests.org/en/latest/) module for Python 3, and will make use of the [pythondialog](https://pythondialog.sourceforge.io/) module for user interaction (on Linux) if it is available. - -#### Source code - -The files required to build and run Malcolm are available on its [GitHub page](https://github.com/idaholab/Malcolm/tree/main). Malcolm's source code is released under the terms of a permissive open source software license (see see `License.txt` for the terms of its release). - -#### Building Malcolm from scratch - -The `build.sh` script can build Malcolm's Docker images from scratch. See [Building from source](#Build) for more information. - -#### Initial configuration - -You must run [`auth_setup`](#AuthSetup) prior to pulling Malcolm's Docker images. You should also ensure your system configuration and `docker-compose.yml` settings are tuned by running `./scripts/install.py` or `./scripts/install.py --configure` (see [System configuration and tuning](#ConfigAndTuning)). - -#### Pull Malcolm's Docker images - -Malcolm's Docker images are periodically built and hosted on [Docker Hub](https://hub.docker.com/u/malcolmnetsec). If you already have [Docker](https://www.docker.com/) and [Docker Compose](https://docs.docker.com/compose/), these prebuilt images can be pulled by navigating into the Malcolm directory (containing the `docker-compose.yml` file) and running `docker-compose pull` like this: -``` -$ docker-compose pull -Pulling api ... done -Pulling arkime ... done -Pulling dashboards ... done -Pulling dashboards-helper ... done -Pulling file-monitor ... done -Pulling filebeat ... done -Pulling freq ... done -Pulling htadmin ... done -Pulling logstash ... done -Pulling name-map-ui ... done -Pulling netbox ... done -Pulling netbox-postgresql ... done -Pulling netbox-redis ... done -Pulling nginx-proxy ... done -Pulling opensearch ... done -Pulling pcap-capture ... done -Pulling pcap-monitor ... done -Pulling suricata ... done -Pulling upload ... done -Pulling zeek ... done -``` - -You can then observe that the images have been retrieved by running `docker images`: -``` -$ docker images -REPOSITORY TAG IMAGE ID CREATED SIZE -malcolmnetsec/api 6.4.0 xxxxxxxxxxxx 3 days ago 158MB -malcolmnetsec/arkime 6.4.0 xxxxxxxxxxxx 3 days ago 816MB -malcolmnetsec/dashboards 6.4.0 xxxxxxxxxxxx 3 days ago 1.02GB -malcolmnetsec/dashboards-helper 6.4.0 xxxxxxxxxxxx 3 days ago 184MB -malcolmnetsec/file-monitor 6.4.0 xxxxxxxxxxxx 3 days ago 588MB -malcolmnetsec/file-upload 6.4.0 xxxxxxxxxxxx 3 days ago 259MB -malcolmnetsec/filebeat-oss 6.4.0 xxxxxxxxxxxx 3 days ago 624MB -malcolmnetsec/freq 6.4.0 xxxxxxxxxxxx 3 days ago 132MB -malcolmnetsec/htadmin 6.4.0 xxxxxxxxxxxx 3 days ago 242MB -malcolmnetsec/logstash-oss 6.4.0 xxxxxxxxxxxx 3 days ago 1.35GB -malcolmnetsec/name-map-ui 6.4.0 xxxxxxxxxxxx 3 days ago 143MB -malcolmnetsec/netbox 6.4.0 xxxxxxxxxxxx 3 days ago 1.01GB -malcolmnetsec/nginx-proxy 6.4.0 xxxxxxxxxxxx 3 days ago 121MB -malcolmnetsec/opensearch 6.4.0 xxxxxxxxxxxx 3 days ago 1.17GB -malcolmnetsec/pcap-capture 6.4.0 xxxxxxxxxxxx 3 days ago 121MB -malcolmnetsec/pcap-monitor 6.4.0 xxxxxxxxxxxx 3 days ago 213MB -malcolmnetsec/postgresql 6.4.0 xxxxxxxxxxxx 3 days ago 268MB -malcolmnetsec/redis 6.4.0 xxxxxxxxxxxx 3 days ago 34.2MB -malcolmnetsec/suricata 6.4.0 xxxxxxxxxxxx 3 days ago 278MB -malcolmnetsec/zeek 6.4.0 xxxxxxxxxxxx 3 days ago 1GB -``` - -#### Import from pre-packaged tarballs - -Once built, the `malcolm_appliance_packager.sh` script can be used to create pre-packaged Malcolm tarballs for import on another machine. See [Pre-Packaged Installation Files](#Packager) for more information. - -### Starting and stopping Malcolm - -Use the scripts in the `scripts/` directory to start and stop Malcolm, view debug logs of a currently running -instance, wipe the database and restore Malcolm to a fresh state, etc. - -### User interface - -A few minutes after starting Malcolm (probably 5 to 10 minutes for Logstash to be completely up, depending on the system), the following services will be accessible: - -* [Arkime](https://arkime.com/): [https://localhost:443](https://localhost:443) -* [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/): [https://localhost/dashboards/](https://localhost/dashboards/) or [https://localhost:5601](https://localhost:5601) -* [Capture File and Log Archive Upload (Web)](#Upload): [https://localhost/upload/](https://localhost/upload/) -* [Capture File and Log Archive Upload (SFTP)](#Upload): `sftp://@127.0.0.1:8022/files` -* [Host and Subnet Name Mapping](#HostAndSubnetNaming) Editor: [https://localhost/name-map-ui/](https://localhost/name-map-ui/) -* [NetBox](#NetBox): [https://localhost/netbox/](https://localhost/netbox/) -* [Account Management](#AuthBasicAccountManagement): [https://localhost:488](https://localhost:488) - -## Overview - -![Malcolm Network Diagram](./docs/images/malcolm_network_diagram.png) - -Malcolm processes network traffic data in the form of packet capture (PCAP) files or Zeek logs. A [sensor](#Hedgehog) (packet capture appliance) monitors network traffic mirrored to it over a SPAN port on a network switch or router, or using a network TAP device. [Zeek](https://www.zeek.org/index.html) logs and [Arkime](https://molo.ch/) sessions are generated containing important session metadata from the traffic observed, which are then securely forwarded to a Malcolm instance. Full PCAP files are optionally stored locally on the sensor device for examination later. - -Malcolm parses the network session data and enriches it with additional lookups and mappings including GeoIP mapping, hardware manufacturer lookups from [organizationally unique identifiers (OUI)](http://standards-oui.ieee.org/oui/oui.txt) in MAC addresses, assigning names to [network segments](#SegmentNaming) and [hosts](#HostNaming) based on user-defined IP address and MAC mappings, performing [TLS fingerprinting](#https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967), and many others. - -The enriched data is stored in an [OpenSearch](https://opensearch.org/) document store in a format suitable for analysis through two intuitive interfaces: OpenSearch Dashboards, a flexible data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols; and Arkime, a powerful tool for finding and identifying the network sessions comprising suspected security incidents. These tools can be accessed through a web browser from analyst workstations or for display in a security operations center (SOC). Logs can also optionally be forwarded on to another instance of Malcolm. - -![Malcolm Data Pipeline](./docs/images/malcolm_data_pipeline.png) - -For smaller networks, use at home by network security enthusiasts, or in the field for incident response engagements, Malcolm can also easily be deployed locally on an ordinary consumer workstation or laptop. Malcolm can process local artifacts such as locally-generated Zeek logs, locally-captured PCAP files, and PCAP files collected offline without the use of a dedicated sensor appliance. - -## Components - -Malcolm leverages the following excellent open source tools, among others. - -* [Arkime](https://arkime.com/) (formerly Moloch) - for PCAP file processing, browsing, searching, analysis, and carving/exporting; Arkime itself consists of two parts: - * [capture](https://github.com/arkime/arkime/tree/master/capture) - a tool for traffic capture, as well as offline PCAP parsing and metadata insertion into OpenSearch - * [viewer](https://github.com/arkime/arkime/tree/master/viewer) - a browser-based interface for data visualization -* [OpenSearch](https://opensearch.org/) - a search and analytics engine for indexing and querying network traffic session metadata -* [Logstash](https://www.elastic.co/products/logstash) and [Filebeat](https://www.elastic.co/products/beats/filebeat) - for ingesting and parsing [Zeek](https://www.zeek.org/index.html) [Log Files](https://docs.zeek.org/en/stable/script-reference/log-files.html) and ingesting them into OpenSearch in a format that Arkime understands in the same way it natively understands PCAP data -* [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) - for creating additional ad-hoc visualizations and dashboards beyond that which is provided by Arkime viewer -* [Zeek](https://www.zeek.org/index.html) - a network analysis framework and IDS -* [Suricata](https://suricata.io/) - an IDS and threat detection engine -* [Yara](https://github.com/VirusTotal/yara) - a tool used to identify and classify malware samples -* [Capa](https://github.com/fireeye/capa) - a tool for detecting capabilities in executable files -* [ClamAV](https://www.clamav.net/) - an antivirus engine for scanning files extracted by Zeek -* [CyberChef](https://github.com/gchq/CyberChef) - a "swiss-army knife" data conversion tool -* [jQuery File Upload](https://github.com/blueimp/jQuery-File-Upload) - for uploading PCAP files and Zeek logs for processing -* [List.js](https://github.com/javve/list.js) - for the [host and subnet name mapping](#HostAndSubnetNaming) interface -* [Docker](https://www.docker.com/) and [Docker Compose](https://docs.docker.com/compose/) - for simple, reproducible deployment of the Malcolm appliance across environments and to coordinate communication between its various components -* [NetBox](https://netbox.dev/) - a suite for modeling and documenting modern networks -* [PostgreSQL](https://www.postgresql.org/) - a relational database for persisting NetBox's data -* [Redis](https://redis.io/) - an in-memory data store for caching NetBox session information -* [Nginx](https://nginx.org/) - for HTTPS and reverse proxying Malcolm components -* [nginx-auth-ldap](https://github.com/kvspb/nginx-auth-ldap) - an LDAP authentication module for nginx -* [Fluent Bit](https://fluentbit.io/) - for forwarding metrics to Malcolm from [network sensors](#Hedgehog) (packet capture appliances) -* [Mark Baggett](https://github.com/MarkBaggett)'s [freq](https://github.com/MarkBaggett/freq) - a tool for calculating entropy of strings -* [Florian Roth](https://github.com/Neo23x0)'s [Signature-Base](https://github.com/Neo23x0/signature-base) Yara ruleset -* These Zeek plugins: - * some of Amazon.com, Inc.'s [ICS protocol](https://github.com/amzn?q=zeek) analyzers - * Andrew Klaus's [Sniffpass](https://github.com/cybera/zeek-sniffpass) plugin for detecting cleartext passwords in HTTP POST requests - * Andrew Klaus's [zeek-httpattacks](https://github.com/precurse/zeek-httpattacks) plugin for detecting noncompliant HTTP requests - * ICS protocol analyzers for Zeek published by [DHS CISA](https://github.com/cisagov/ICSNPP) and [Idaho National Lab](https://github.com/idaholab/ICSNPP) - * Corelight's ["bad neighbor" (CVE-2020-16898)](https://github.com/corelight/CVE-2020-16898) plugin - * Corelight's ["Log4Shell" (CVE-2021-44228)](https://github.com/corelight/cve-2021-44228) plugin - * Corelight's ["OMIGOD" (CVE-2021-38647)](https://github.com/corelight/CVE-2021-38647) plugin - * Corelight's [Apache HTTP server 2.4.49-2.4.50 path traversal/RCE vulnerability (CVE-2021-41773)](https://github.com/corelight/CVE-2021-41773) plugin - * Corelight's [bro-xor-exe](https://github.com/corelight/bro-xor-exe-plugin) plugin - * Corelight's [callstranger-detector](https://github.com/corelight/callstranger-detector) plugin - * Corelight's [community ID](https://github.com/corelight/zeek-community-id) flow hashing plugin - * Corelight's [DCE/RPC remote code execution vulnerability (CVE-2022-26809)](https://github.com/corelight/cve-2022-26809) plugin - * Corelight's [HTTP More Filenames](https://github.com/corelight/http-more-files-names) plugin - * Corelight's [HTTP protocol stack vulnerability (CVE-2021-31166)](https://github.com/corelight/CVE-2021-31166) plugin - * Corelight's [pingback](https://github.com/corelight/pingback) plugin - * Corelight's [ripple20](https://github.com/corelight/ripple20) plugin - * Corelight's [SIGred](https://github.com/corelight/SIGred) plugin - * Corelight's [VMware Workspace ONE Access and Identity Manager RCE vulnerability (CVE-2022-22954)](https://github.com/corelight/cve-2022-22954) plugin - * Corelight's [Zerologon](https://github.com/corelight/zerologon) plugin - * Corelight's [Microsoft Excel privilege escalation detection (CVE-2021-42292)](https://github.com/corelight/CVE-2021-42292) plugin - * J-Gras' [Zeek::AF_Packet](https://github.com/J-Gras/zeek-af_packet-plugin) plugin - * Johanna Amann's [CVE-2020-0601](https://github.com/0xxon/cve-2020-0601) ECC certificate validation plugin and [CVE-2020-13777](https://github.com/0xxon/cve-2020-13777) GnuTLS unencrypted session ticket detection plugin - * Lexi Brent's [EternalSafety](https://github.com/0xl3x1/zeek-EternalSafety) plugin - * MITRE Cyber Analytics Repository's [Bro/Zeek ATT&CK®-Based Analytics (BZAR)](https://github.com/mitre-attack/car/tree/master/implementations) script - * Salesforce's [gQUIC](https://github.com/salesforce/GQUIC_Protocol_Analyzer) analyzer - * Salesforce's [HASSH](https://github.com/salesforce/hassh) SSH fingerprinting plugin - * Salesforce's [JA3](https://github.com/salesforce/ja3) TLS fingerprinting plugin - * Zeek's [Spicy](https://github.com/zeek/spicy) plugin framework -* [GeoLite2](https://dev.maxmind.com/geoip/geoip2/geolite2/) - Malcolm includes GeoLite2 data created by [MaxMind](https://www.maxmind.com) - -![Malcolm Components](./docs/images/malcolm_components.png) - -## Supported Protocols - -Malcolm uses [Zeek](https://docs.zeek.org/en/stable/script-reference/proto-analyzers.html) and [Arkime](https://github.com/arkime/arkime/tree/master/capture/parsers) to analyze network traffic. These tools provide varying degrees of visibility into traffic transmitted over the following network protocols: - -| Traffic | Wiki | Organization/Specification | Arkime | Zeek | -|---|:---:|:---:|:---:|:---:| -|Internet layer|[🔗](https://en.wikipedia.org/wiki/Internet_layer)|[🔗](https://tools.ietf.org/html/rfc791)|[✓](https://github.com/arkime/arkime/blob/master/capture/packet.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/conn/main.zeek.html#type-Conn::Info)| -|Border Gateway Protocol (BGP)|[🔗](https://en.wikipedia.org/wiki/Border_Gateway_Protocol)|[🔗](https://tools.ietf.org/html/rfc2283)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/bgp.c)|| -|Building Automation and Control (BACnet)|[🔗](https://en.wikipedia.org/wiki/BACnet)|[🔗](http://www.bacnet.org/)||[✓](https://github.com/cisagov/icsnpp-bacnet)| -|Bristol Standard Asynchronous Protocol (BSAP)|[🔗](https://en.wikipedia.org/wiki/Bristol_Standard_Asynchronous_Protocol)|[🔗](http://www.documentation.emersonprocess.com/groups/public/documents/specification_sheets/d301321x012.pdf)[🔗](http://www.documentation.emersonprocess.com/groups/public/documents/instruction_manuals/d301401x012.pdf)||[✓](https://github.com/cisagov/icsnpp-bsap)| -|Distributed Computing Environment / Remote Procedure Calls (DCE/RPC)|[🔗](https://en.wikipedia.org/wiki/DCE/RPC)|[🔗](https://pubs.opengroup.org/onlinepubs/009629399/toc.pdf)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/dce-rpc/main.zeek.html#type-DCE_RPC::Info)| -|Dynamic Host Configuration Protocol (DHCP)|[🔗](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol)|[🔗](https://tools.ietf.org/html/rfc2131)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/dhcp.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/dhcp/main.zeek.html#type-DHCP::Info)| -|Distributed Network Protocol 3 (DNP3)|[🔗](https://en.wikipedia.org/wiki/DNP3)|[🔗](https://www.dnp.org)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/dnp3/main.zeek.html#type-DNP3::Info)[✓](https://github.com/cisagov/icsnpp-dnp3)| -|Domain Name System (DNS)|[🔗](https://en.wikipedia.org/wiki/Domain_Name_System)|[🔗](https://tools.ietf.org/html/rfc1035)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/dns.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/dns/main.zeek.html#type-DNS::Info)| -|EtherCAT|[🔗](https://en.wikipedia.org/wiki/EtherCAT)|[🔗](https://www.ethercat.org/en/downloads/downloads_A02E436C7A97479F9261FDFA8A6D71E5.htm)||[✓](https://github.com/cisagov/icsnpp-ethercat)| -|EtherNet/IP / Common Industrial Protocol (CIP)|[🔗](https://en.wikipedia.org/wiki/EtherNet/IP) [🔗](https://en.wikipedia.org/wiki/Common_Industrial_Protocol)|[🔗](https://www.odva.org/Technology-Standards/EtherNet-IP/Overview)||[✓](https://github.com/cisagov/icsnpp-enip)| -|FTP (File Transfer Protocol)|[🔗](https://en.wikipedia.org/wiki/File_Transfer_Protocol)|[🔗](https://tools.ietf.org/html/rfc959)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/ftp/info.zeek.html#type-FTP::Info)| -|GENISYS||[🔗](https://manualzz.com/doc/6363274/genisys-2000---ansaldo-sts---product-support#93)[🔗](https://gitlab.com/wireshark/wireshark/-/issues/3422)||[✓](https://github.com/cisagov/icsnpp-genisys)| -|Google Quick UDP Internet Connections (gQUIC)|[🔗](https://en.wikipedia.org/wiki/QUIC#Google_QUIC_(gQUIC))|[🔗](https://www.chromium.org/quic)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/quic.c)|[✓](https://github.com/salesforce/GQUIC_Protocol_Analyzer/blob/master/scripts/Salesforce/GQUIC/main.bro)| -|Hypertext Transfer Protocol (HTTP)|[🔗](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol)|[🔗](https://tools.ietf.org/html/rfc7230)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/http.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/http/main.zeek.html#type-HTTP::Info)| -|IPsec|[🔗](https://en.wikipedia.org/wiki/IPsec)|[🔗](https://zeek.org/2021/04/20/zeeks-ipsec-protocol-analyzer/)||[✓](https://github.com/corelight/zeek-spicy-ipsec)| -|Internet Relay Chat (IRC)|[🔗](https://en.wikipedia.org/wiki/Internet_Relay_Chat)|[🔗](https://tools.ietf.org/html/rfc1459)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/irc.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/irc/main.zeek.html#type-IRC::Info)| -|Lightweight Directory Access Protocol (LDAP)|[🔗](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol)|[🔗](https://tools.ietf.org/html/rfc4511)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/ldap.c)|[✓](https://github.com/zeek/spicy-ldap)| -|Kerberos|[🔗](https://en.wikipedia.org/wiki/Kerberos_(protocol))|[🔗](https://tools.ietf.org/html/rfc4120)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/krb5.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/krb/main.zeek.html#type-KRB::Info)| -|Modbus|[🔗](https://en.wikipedia.org/wiki/Modbus)|[🔗](http://www.modbus.org/)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/modbus/main.zeek.html#type-Modbus::Info)[✓](https://github.com/cisagov/icsnpp-modbus)| -|MQ Telemetry Transport (MQTT)|[🔗](https://en.wikipedia.org/wiki/MQTT)|[🔗](https://mqtt.org/)||[✓](https://docs.zeek.org/en/stable/scripts/policy/protocols/mqtt/main.zeek.html)| -|MySQL|[🔗](https://en.wikipedia.org/wiki/MySQL)|[🔗](https://dev.mysql.com/doc/internals/en/client-server-protocol.html)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/mysql.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/mysql/main.zeek.html#type-MySQL::Info)| -|NT Lan Manager (NTLM)|[🔗](https://en.wikipedia.org/wiki/NT_LAN_Manager)|[🔗](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b38c36ed-2804-4868-a9ff-8dd3182128e4?redirectedfrom=MSDN)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/ntlm/main.zeek.html#type-NTLM::Info)| -|Network Time Protocol (NTP)|[🔗](https://en.wikipedia.org/wiki/Network_Time_Protocol)|[🔗](http://www.ntp.org)||[✓](https://docs.zeek.org/en/latest/scripts/base/protocols/ntp/main.zeek.html#type-NTP::Info)| -|Oracle|[🔗](https://en.wikipedia.org/wiki/Oracle_Net_Services)|[🔗](https://docs.oracle.com/cd/E11882_01/network.112/e41945/layers.htm#NETAG004)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/oracle.c)|| -|Open Platform Communications Unified Architecture (OPC UA) Binary|[🔗](https://en.wikipedia.org/wiki/OPC_Unified_Architecture)|[🔗](https://opcfoundation.org/developer-tools/specifications-unified-architecture)||[✓](https://github.com/cisagov/icsnpp-opcua-binary)| -|Open Shortest Path First (OSPF)|[🔗](https://en.wikipedia.org/wiki/Open_Shortest_Path_First)|[🔗](https://datatracker.ietf.org/wg/ospf/charter/)[🔗](https://datatracker.ietf.org/doc/html/rfc2328)[🔗](https://datatracker.ietf.org/doc/html/rfc5340)||[✓](https://github.com/corelight/zeek-spicy-ospf)| -|OpenVPN|[🔗](https://en.wikipedia.org/wiki/OpenVPN)|[🔗](https://openvpn.net/community-resources/openvpn-protocol/)[🔗](https://zeek.org/2021/03/16/a-zeek-openvpn-protocol-analyzer/)||[✓](https://github.com/corelight/zeek-spicy-openvpn)| -|PostgreSQL|[🔗](https://en.wikipedia.org/wiki/PostgreSQL)|[🔗](https://www.postgresql.org/)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/postgresql.c)|| -|Process Field Net (PROFINET)|[🔗](https://en.wikipedia.org/wiki/PROFINET)|[🔗](https://us.profinet.com/technology/profinet/)||[✓](https://github.com/amzn/zeek-plugin-profinet/blob/master/scripts/main.zeek)| -|Remote Authentication Dial-In User Service (RADIUS)|[🔗](https://en.wikipedia.org/wiki/RADIUS)|[🔗](https://tools.ietf.org/html/rfc2865)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/radius.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/radius/main.zeek.html#type-RADIUS::Info)| -|Remote Desktop Protocol (RDP)|[🔗](https://en.wikipedia.org/wiki/Remote_Desktop_Protocol)|[🔗](https://docs.microsoft.com/en-us/windows/win32/termserv/remote-desktop-protocol?redirectedfrom=MSDN)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/rdp/main.zeek.html#type-RDP::Info)| -|Remote Framebuffer (RFB)|[🔗](https://en.wikipedia.org/wiki/RFB_protocol)|[🔗](https://tools.ietf.org/html/rfc6143)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/rfb/main.zeek.html#type-RFB::Info)| -|S7comm / Connection Oriented Transport Protocol (COTP)|[🔗](https://wiki.wireshark.org/S7comm) [🔗](https://wiki.wireshark.org/COTP)|[🔗](https://support.industry.siemens.com/cs/document/26483647/what-properties-advantages-and-special-features-does-the-s7-protocol-offer-?dti=0&lc=en-WW) [🔗](https://www.ietf.org/rfc/rfc0905.txt)||[✓](https://github.com/cisagov/icsnpp-s7comm)| -|Secure Shell (SSH)|[🔗](https://en.wikipedia.org/wiki/Secure_Shell)|[🔗](https://tools.ietf.org/html/rfc4253)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/ssh.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/ssh/main.zeek.html#type-SSH::Info)| -|Secure Sockets Layer (SSL) / Transport Layer Security (TLS)|[🔗](https://en.wikipedia.org/wiki/Transport_Layer_Security)|[🔗](https://tools.ietf.org/html/rfc5246)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/socks.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/ssl/main.zeek.html#type-SSL::Info)| -|Session Initiation Protocol (SIP)|[🔗](https://en.wikipedia.org/wiki/Session_Initiation_Protocol)|[🔗](https://tools.ietf.org/html/rfc3261)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/sip/main.zeek.html#type-SIP::Info)| -|Server Message Block (SMB) / Common Internet File System (CIFS)|[🔗](https://en.wikipedia.org/wiki/Server_Message_Block)|[🔗](https://docs.microsoft.com/en-us/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/smb.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html)| -|Simple Mail Transfer Protocol (SMTP)|[🔗](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol)|[🔗](https://tools.ietf.org/html/rfc5321)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/smtp.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/smtp/main.zeek.html#type-SMTP::Info)| -|Simple Network Management Protocol (SNMP)|[🔗](https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol)|[🔗](https://tools.ietf.org/html/rfc2578)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/smtp.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/snmp/main.zeek.html#type-SNMP::Info)| -|SOCKS|[🔗](https://en.wikipedia.org/wiki/SOCKS)|[🔗](https://tools.ietf.org/html/rfc1928)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/socks.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/socks/main.zeek.html#type-SOCKS::Info)| -|STUN (Session Traversal Utilities for NAT)|[🔗](https://en.wikipedia.org/wiki/STUN)|[🔗](https://datatracker.ietf.org/doc/html/rfc3489)|[✓](https://github.com/arkime/arkime/blob/main/capture/parsers/misc.c#L147)|[✓](https://github.com/corelight/zeek-spicy-stun)| -|Syslog|[🔗](https://en.wikipedia.org/wiki/Syslog)|[🔗](https://tools.ietf.org/html/rfc5424)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/tls.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/syslog/main.zeek.html#type-Syslog::Info)| -|Tabular Data Stream (TDS)|[🔗](https://en.wikipedia.org/wiki/Tabular_Data_Stream)|[🔗](https://www.freetds.org/tds.html) [🔗](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-tds/b46a581a-39de-4745-b076-ec4dbb7d13ec)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/tds.c)|[✓](https://github.com/amzn/zeek-plugin-tds/blob/master/scripts/main.zeek)| -|Telnet / remote shell (rsh) / remote login (rlogin)|[🔗](https://en.wikipedia.org/wiki/Telnet)[🔗](https://en.wikipedia.org/wiki/Berkeley_r-commands)|[🔗](https://tools.ietf.org/html/rfc854)[🔗](https://tools.ietf.org/html/rfc1282)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/misc.c#L336)|[✓](https://docs.zeek.org/en/current/scripts/base/bif/plugins/Zeek_Login.events.bif.zeek.html)[❋](https://github.com/idaholab/Malcolm/blob/main/zeek/config/login.zeek)| -|TFTP (Trivial File Transfer Protocol)|[🔗](https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol)|[🔗](https://tools.ietf.org/html/rfc1350)||[✓](https://github.com/zeek/spicy-analyzers/blob/main/analyzer/protocol/tftp/tftp.zeek)| -|WireGuard|[🔗](https://en.wikipedia.org/wiki/WireGuard)|[🔗](https://www.wireguard.com/protocol/)[🔗](https://www.wireguard.com/papers/wireguard.pdf)||[✓](https://github.com/corelight/zeek-spicy-wireguard)| -|various tunnel protocols (e.g., GTP, GRE, Teredo, AYIYA, IP-in-IP, etc.)|[🔗](https://en.wikipedia.org/wiki/Tunneling_protocol)||[✓](https://github.com/arkime/arkime/blob/master/capture/packet.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/frameworks/tunnels/main.zeek.html#type-Tunnel::Info)| - -Additionally, Zeek is able to detect and, where possible, log the type, vendor and version of [various](https://docs.zeek.org/en/stable/scripts/base/frameworks/software/main.zeek.html#type-Software::Type) other [software protocols](https://en.wikipedia.org/wiki/Application_layer). - -As part of its network traffic analysis, Zeek can extract and analyze files transferred across the protocols it understands. In addition to generating logs for transferred files, deeper analysis is done into the following file types: - -* [Portable executable](https://docs.zeek.org/en/stable/scripts/base/files/pe/main.zeek.html#type-PE::Info) files -* [X.509](https://docs.zeek.org/en/stable/scripts/base/files/x509/main.zeek.html#type-X509::Info) certificates - -See [automatic file extraction and scanning](#ZeekFileExtraction) for additional features related to file scanning. - -See [Zeek log integration](#ArkimeZeek) for more information on how Malcolm integrates [Arkime sessions and Zeek logs](#ZeekArkimeFlowCorrelation) for analysis. - -## Development - -Checking out the [Malcolm source code](https://github.com/idaholab/Malcolm/tree/main) results in the following subdirectories in your `malcolm/` working copy: - -* `api` - code and configuration for the `api` container which provides a REST API to query Malcolm -* `arkime` - code and configuration for the `arkime` container which processes PCAP files using `capture` and which serves the Viewer application -* `arkime-logs` - an initially empty directory to which the `arkime` container will write some debug log files -* `arkime-raw` - an initially empty directory to which the `arkime` container will write captured PCAP files; as Arkime as employed by Malcolm is currently used for processing previously-captured PCAP files, this directory is currently unused -* `Dockerfiles` - a directory containing build instructions for Malcolm's docker images -* `docs` - a directory containing instructions and documentation -* `opensearch` - an initially empty directory where the OpenSearch database instance will reside -* `opensearch-backup` - an initially empty directory for storing OpenSearch [index snapshots](#IndexManagement) -* `filebeat` - code and configuration for the `filebeat` container which ingests Zeek logs and forwards them to the `logstash` container -* `file-monitor` - code and configuration for the `file-monitor` container which can scan files extracted by Zeek -* `file-upload` - code and configuration for the `upload` container which serves a web browser-based upload form for uploading PCAP files and Zeek logs, and which serves an SFTP share as an alternate method for upload -* `freq-server` - code and configuration for the `freq` container used for calculating entropy of strings -* `htadmin` - configuration for the `htadmin` user account management container -* `dashboards` - code and configuration for the `dashboards` container for creating additional ad-hoc visualizations and dashboards beyond that which is provided by Arkime Viewer -* `logstash` - code and configuration for the `logstash` container which parses Zeek logs and forwards them to the `opensearch` container -* `malcolm-iso` - code and configuration for building an [installer ISO](#ISO) for a minimal Debian-based Linux installation for running Malcolm -* `name-map-ui` - code and configuration for the `name-map-ui` container which provides the [host and subnet name mapping](#HostAndSubnetNaming) interface -* `netbox` - code and configuration for the `netbox`, `netbox-postgres`, `netbox-redis` and `netbox-redis-cache` containers which provide asset management capabilities -* `nginx` - configuration for the `nginx` reverse proxy container -* `pcap` - an initially empty directory for PCAP files to be uploaded, processed, and stored -* `pcap-capture` - code and configuration for the `pcap-capture` container which can capture network traffic -* `pcap-monitor` - code and configuration for the `pcap-monitor` container which watches for new or uploaded PCAP files notifies the other services to process them -* `scripts` - control scripts for starting, stopping, restarting, etc. Malcolm -* `sensor-iso` - code and configuration for building a [Hedgehog Linux](#Hedgehog) ISO -* `shared` - miscellaneous code used by various Malcolm components -* `suricata` - code and configuration for the `suricata` container which handles PCAP processing using Suricata -* `suricata-logs` - an initially empty directory for Suricata logs to be uploaded, processed, and stored -* `zeek` - code and configuration for the `zeek` container which handles PCAP processing using Zeek -* `zeek-logs` - an initially empty directory for Zeek logs to be uploaded, processed, and stored - -and the following files of special note: - -* `auth.env` - the script `./scripts/auth_setup` prompts the user for the administrator credentials used by the Malcolm appliance, and `auth.env` is the environment file where those values are stored -* `cidr-map.txt` - specify custom IP address to network segment mapping -* `host-map.txt` - specify custom IP and/or MAC address to host mapping -* `net-map.json` - an alternative to `cidr-map.txt` and `host-map.txt`, mapping hosts and network segments to their names in a JSON-formatted file -* `docker-compose.yml` - the configuration file used by `docker-compose` to build, start, and stop an instance of the Malcolm appliance -* `docker-compose-standalone.yml` - similar to `docker-compose.yml`, only used for the ["packaged"](#Packager) installation of Malcolm - -### Building from source - -Building the Malcolm docker images from scratch requires internet access to pull source files for its components. Once internet access is available, execute the following command to build all of the Docker images used by the Malcolm appliance: - -``` -$ ./scripts/build.sh -``` - -Then, go take a walk or something since it will be a while. When you're done, you can run `docker images` and see you have fresh images for: - -* `malcolmnetsec/api` (based on `python:3-slim`) -* `malcolmnetsec/arkime` (based on `debian:11-slim`) -* `malcolmnetsec/dashboards-helper` (based on `alpine:3.16`) -* `malcolmnetsec/dashboards` (based on `opensearchproject/opensearch-dashboards`) -* `malcolmnetsec/file-monitor` (based on `debian:11-slim`) -* `malcolmnetsec/file-upload` (based on `debian:11-slim`) -* `malcolmnetsec/filebeat-oss` (based on `docker.elastic.co/beats/filebeat-oss`) -* `malcolmnetsec/freq` (based on `debian:11-slim`) -* `malcolmnetsec/htadmin` (based on `debian:11-slim`) -* `malcolmnetsec/logstash-oss` (based on `opensearchproject/logstash-oss-with-opensearch-output-plugin`) -* `malcolmnetsec/name-map-ui` (based on `alpine:3.16`) -* `malcolmnetsec/netbox` (based on `netboxcommunity/netbox:latest`) -* `malcolmnetsec/nginx-proxy` (based on `alpine:3.16`) -* `malcolmnetsec/opensearch` (based on `opensearchproject/opensearch`) -* `malcolmnetsec/pcap-capture` (based on `debian:11-slim`) -* `malcolmnetsec/pcap-monitor` (based on `debian:11-slim`) -* `malcolmnetsec/postgresql` (based on `postgres:14-alpine`) -* `malcolmnetsec/redis` (based on `redis:7-alpine`) -* `malcolmnetsec/suricata` (based on `debian:11-slim`) -* `malcolmnetsec/zeek` (based on `debian:11-slim`) - -Alternately, if you have forked Malcolm on GitHub, [workflow files](./.github/workflows/) are provided which contain instructions for GitHub to build the docker images and [sensor](#Hedgehog) and [Malcolm](#ISO) installer ISOs. The resulting images are named according to the pattern `ghcr.io/owner/malcolmnetsec/image:branch` (e.g., if you've forked Malcolm with the github user `romeogdetlevjr`, the `arkime` container built for the `main` would be named `ghcr.io/romeogdetlevjr/malcolmnetsec/arkime:main`). To run your local instance of Malcolm using these images instead of the official ones, you'll need to edit your `docker-compose.yml` file(s) and replace the `image:` tags according to this new pattern, or use the bash helper script `./shared/bin/github_image_helper.sh` to pull and re-tag the images. - -## Pre-Packaged installation files - -### Creating pre-packaged installation files - -`scripts/malcolm_appliance_packager.sh` can be run to package up the configuration files (and, if necessary, the Docker images) which can be copied to a network share or USB drive for distribution to non-networked machines. For example: - -``` -$ ./scripts/malcolm_appliance_packager.sh -You must set a username and password for Malcolm, and self-signed X.509 certificates will be generated - -Store administrator username/password for local Malcolm access? (Y/n): y - -Administrator username: analyst -analyst password: -analyst password (again): - -(Re)generate self-signed certificates for HTTPS access (Y/n): y - -(Re)generate self-signed certificates for a remote log forwarder (Y/n): y - -Store username/password for primary remote OpenSearch instance? (y/N): n - -Store username/password for secondary remote OpenSearch instance? (y/N): n - -Store username/password for email alert sender account? (y/N): n - -(Re)generate internal passwords for NetBox (Y/n): y - -Packaged Malcolm to "/home/user/tmp/malcolm_20190513_101117_f0d052c.tar.gz" - -Do you need to package docker images also [y/N]? y -This might take a few minutes... - -Packaged Malcolm docker images to "/home/user/tmp/malcolm_20190513_101117_f0d052c_images.tar.gz" - - -To install Malcolm: - 1. Run install.py - 2. Follow the prompts - -To start, stop, restart, etc. Malcolm: - Use the control scripts in the "scripts/" directory: - - start (start Malcolm) - - stop (stop Malcolm) - - restart (restart Malcolm) - - logs (monitor Malcolm logs) - - wipe (stop Malcolm and clear its database) - - auth_setup (change authentication-related settings) - -A minute or so after starting Malcolm, the following services will be accessible: - - Arkime: https://localhost/ - - OpenSearch Dashboards: https://localhost/dashboards/ - - PCAP upload (web): https://localhost/upload/ - - PCAP upload (sftp): sftp://USERNAME@127.0.0.1:8022/files/ - - Host and subnet name mapping editor: https://localhost/name-map-ui/ - - NetBox: https://localhost/netbox/ - - Account management: https://localhost:488/ -``` - -The above example will result in the following artifacts for distribution as explained in the script's output: - -``` -$ ls -lh -total 2.0G --rwxr-xr-x 1 user user 61k May 13 11:32 install.py --rw-r--r-- 1 user user 2.0G May 13 11:37 malcolm_20190513_101117_f0d052c_images.tar.gz --rw-r--r-- 1 user user 683 May 13 11:37 malcolm_20190513_101117_f0d052c.README.txt --rw-r--r-- 1 user user 183k May 13 11:32 malcolm_20190513_101117_f0d052c.tar.gz -``` - -### Installing from pre-packaged installation files - -If you have obtained pre-packaged installation files to install Malcolm on a non-networked machine via an internal network share or on a USB key, you likely have the following files: - -* `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.README.txt` - This readme file contains a minimal set up instructions for extracting the contents of the other tarballs and running the Malcolm appliance. -* `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` - This tarball contains the configuration files and directory configuration used by an instance of Malcolm. It can be extracted via `tar -xf malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` upon which a directory will be created (named similarly to the tarball) containing the directories and configuration files. Alternatively, `install.py` can accept this filename as an argument and handle its extraction and initial configuration for you. -* `malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz` - This tarball contains the Docker images used by Malcolm. It can be imported manually via `docker load -i malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz` -* `install.py` - This install script can load the Docker images and extract Malcolm configuration files from the aforementioned tarballs and do some initial configuration for you. - -Run `install.py malcolm_XXXXXXXX_XXXXXX_XXXXXXX.tar.gz` and follow the prompts. If you do not already have Docker and Docker Compose installed, the `install.py` script will help you install them. - -## Preparing your system - -### Recommended system requirements - -Malcolm runs on top of [Docker](https://www.docker.com/) which runs on recent releases of Linux, Apple macOS and Microsoft Windows 10. - -To quote the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/guide/current/hardware.html), "If there is one resource that you will run out of first, it will likely be memory." The same is true for Malcolm: you will want at least 16 gigabytes of RAM to run Malcolm comfortably. For processing large volumes of traffic, I'd recommend at a bare minimum a dedicated server with 16 cores and 16 gigabytes of RAM. Malcolm can run on less, but more is better. You're going to want as much hard drive space as possible, of course, as the amount of PCAP data you're able to analyze and store will be limited by your hard drive. - -Arkime's wiki has a couple of documents ([here](https://github.com/arkime/arkime#hardware-requirements) and [here](https://github.com/arkime/arkime/wiki/FAQ#what-kind-of-capture-machines-should-we-buy) and [here](https://github.com/arkime/arkime/wiki/FAQ#how-many-elasticsearch-nodes-or-machines-do-i-need) and a [calculator here](https://molo.ch/#estimators)) which may be helpful, although not everything in those documents will apply to a Docker-based setup like Malcolm. - -### System configuration and tuning - -If you already have Docker and Docker Compose installed, the `install.py` script can still help you tune system configuration and `docker-compose.yml` parameters for Malcolm. To run it in "configuration only" mode, bypassing the steps to install Docker and Docker Compose, run it like this: -``` -./scripts/install.py --configure -``` - -Although `install.py` will attempt to automate many of the following configuration and tuning parameters, they are nonetheless listed in the following sections for reference: - -#### `docker-compose.yml` parameters - -Edit `docker-compose.yml` and search for the `OPENSEARCH_JAVA_OPTS` key. Edit the `-Xms4g -Xmx4g` values, replacing `4g` with a number that is half of your total system memory, or just under 32 gigabytes, whichever is less. So, for example, if I had 64 gigabytes of memory I would edit those values to be `-Xms31g -Xmx31g`. This indicates how much memory can be allocated to the OpenSearch heaps. For a pleasant experience, I would suggest not using a value under 10 gigabytes. Similar values can be modified for Logstash with `LS_JAVA_OPTS`, where using 3 or 4 gigabytes is recommended. - -Various other environment variables inside of `docker-compose.yml` can be tweaked to control aspects of how Malcolm behaves, particularly with regards to processing PCAP files and Zeek logs. The environment variables of particular interest are located near the top of that file under **Commonly tweaked configuration options**, which include: - -* `ARKIME_ANALYZE_PCAP_THREADS` – the number of threads available to Arkime for analyzing PCAP files (default `1`) -* `AUTO_TAG` – if set to `true`, Malcolm will automatically create Arkime sessions and Zeek logs with tags based on the filename, as described in [Tagging](#Tagging) (default `true`) -* `BEATS_SSL` – if set to `true`, Logstash will use require encrypted communications for any external [Beats](https://www.elastic.co/guide/en/logstash/current/plugins-inputs-beats.html)-based forwarders from which it will accept logs (default `true`) -* `CONNECTION_SECONDS_SEVERITY_THRESHOLD` - when [severity scoring](#Severity) is enabled, this variable indicates the duration threshold (in seconds) for assigning severity to long connections (default `3600`) -* `EXTRACTED_FILE_CAPA_VERBOSE` – if set to `true`, all Capa rule hits will be logged; otherwise (`false`) only [MITRE ATT&CK® technique](https://attack.mitre.org/techniques) classifications will be logged -* `EXTRACTED_FILE_ENABLE_CAPA` – if set to `true`, [Zeek-extracted files](#ZeekFileExtraction) that are determined to be PE (portable executable) files will be scanned with [Capa](https://github.com/fireeye/capa) -* `EXTRACTED_FILE_ENABLE_CLAMAV` – if set to `true`, [Zeek-extracted files](#ZeekFileExtraction) will be scanned with [ClamAV](https://www.clamav.net/) -* `EXTRACTED_FILE_ENABLE_YARA` – if set to `true`, [Zeek-extracted files](#ZeekFileExtraction) will be scanned with [Yara](https://github.com/VirusTotal/yara) -* `EXTRACTED_FILE_HTTP_SERVER_ENABLE` – if set to `true`, the directory containing [Zeek-extracted files](#ZeekFileExtraction) will be served over HTTP at `./extracted-files/` (e.g., [https://localhost/extracted-files/](https://localhost/extracted-files/) if you are connecting locally) -* `EXTRACTED_FILE_HTTP_SERVER_ENCRYPT` – if set to `true`, those Zeek-extracted files will be AES-256-CBC-encrypted in an `openssl enc`-compatible format (e.g., `openssl enc -aes-256-cbc -d -in example.exe.encrypted -out example.exe`) -* `EXTRACTED_FILE_HTTP_SERVER_KEY` – specifies the AES-256-CBC decryption password for encrypted Zeek-extracted files; used in conjunction with `EXTRACTED_FILE_HTTP_SERVER_ENCRYPT` -* `EXTRACTED_FILE_IGNORE_EXISTING` – if set to `true`, files extant in `./zeek-logs/extract_files/` directory will be ignored on startup rather than scanned -* `EXTRACTED_FILE_PRESERVATION` – determines behavior for preservation of [Zeek-extracted files](#ZeekFileExtraction) -* `EXTRACTED_FILE_UPDATE_RULES` – if set to `true`, file scanner engines (e.g., ClamAV, Capa, Yara) will periodically update their rule definitions -* `EXTRACTED_FILE_YARA_CUSTOM_ONLY` – if set to `true`, Malcolm will bypass the default [Yara ruleset](https://github.com/Neo23x0/signature-base) and use only user-defined rules in `./yara/rules` -* `FREQ_LOOKUP` - if set to `true`, domain names (from DNS queries and SSL server names) will be assigned entropy scores as calculated by [`freq`](https://github.com/MarkBaggett/freq) (default `false`) -* `FREQ_SEVERITY_THRESHOLD` - when [severity scoring](#Severity) is enabled, this variable indicates the entropy threshold for assigning severity to events with entropy scores calculated by [`freq`](https://github.com/MarkBaggett/freq); a lower value will only assign severity scores to fewer domain names with higher entropy (e.g., `2.0` for `NQZHTFHRMYMTVBQJE.COM`), while a higher value will assign severity scores to more domain names with lower entropy (e.g., `7.5` for `naturallanguagedomain.example.org`) (default `2.0`) -* `LOGSTASH_OUI_LOOKUP` – if set to `true`, Logstash will map MAC addresses to vendors for all source and destination MAC addresses when analyzing Zeek logs (default `true`) -* `LOGSTASH_REVERSE_DNS` – if set to `true`, Logstash will perform a reverse DNS lookup for all external source and destination IP address values when analyzing Zeek logs (default `false`) -* `LOGSTASH_SEVERITY_SCORING` - if set to `true`, Logstash will perform [severity scoring](#Severity) when analyzing Zeek logs (default `true`) -* `MANAGE_PCAP_FILES` – if set to `true`, all PCAP files imported into Malcolm will be marked as available for deletion by Arkime if available storage space becomes too low (default `false`) -* `MAXMIND_GEOIP_DB_LICENSE_KEY` - Malcolm uses MaxMind's free GeoLite2 databases for GeoIP lookups. As of December 30, 2019, these databases are [no longer available](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/) for download via a public URL. Instead, they must be downloaded using a MaxMind license key (available without charge [from MaxMind](https://www.maxmind.com/en/geolite2/signup)). The license key can be specified here for GeoIP database downloads during build- and run-time. -* `OPENSEARCH_LOCAL` - if set to `true`, Malcolm will use its own internal [OpenSearch instance](#OpenSearchInstance) (default `true`) -* `OPENSEARCH_URL` - when using Malcolm's internal OpenSearch instance (i.e., `OPENSEARCH_LOCAL` is `true`) this should be `http://opensearch:9200`, otherwise this value specifies the primary remote instance URL in the format `protocol://host:port` (default `http://opensearch:9200`) -* `OPENSEARCH_SSL_CERTIFICATE_VERIFICATION` - if set to `true`, connections to the primary remote OpenSearch instance will require full TLS certificate validation (this may fail if using self-signed certificates) (default `false`) -* `OPENSEARCH_SECONDARY` - if set to `true`, Malcolm will forward logs to a secondary remote OpenSearch instance in addition to the primary (local or remote) OpenSearch instance (default `false`) -* `OPENSEARCH_SECONDARY_URL` - when forwarding to a secondary remote OpenSearch instance (i.e., `OPENSEARCH_SECONDARY` is `true`) this value specifies the secondary remote instance URL in the format `protocol://host:port` -* `OPENSEARCH_SECONDARY_SSL_CERTIFICATE_VERIFICATION` - if set to `true`, connections to the secondary remote OpenSearch instance will require full TLS certificate validation (this may fail if using self-signed certificates) (default `false`) -* `NETBOX_DISABLED` - if set to `true`, Malcolm will **not** start [NetBox](#NetBox) and manage a [NetBox](#NetBox) instance (default `true`) -* `NETBOX_CRON` - if set to `true`, network traffic metadata will periodically be queried and used to populate Malcolm's [NetBox](#NetBox) instance -* `NGINX_BASIC_AUTH` - if set to `true`, use [TLS-encrypted HTTP basic](#AuthBasicAccountManagement) authentication (default); if set to `false`, use [Lightweight Directory Access Protocol (LDAP)](#AuthLDAP) authentication -* `NGINX_LOG_ACCESS_AND_ERRORS` - if set to `true`, all access to Malcolm via its [web interfaces](#UserInterfaceURLs) will be logged to OpenSearch (default `false`) -* `NGINX_SSL` - if set to `true`, require HTTPS connections to Malcolm's `nginx-proxy` container (default); if set to `false`, use unencrypted HTTP connections (using unsecured HTTP connections is **NOT** recommended unless you are running Malcolm behind another reverse proxy like Traefik, Caddy, etc.) -* `PCAP_ENABLE_NETSNIFF` – if set to `true`, Malcolm will capture network traffic on the local network interface(s) indicated in `PCAP_IFACE` using [netsniff-ng](http://netsniff-ng.org/) -* `PCAP_ENABLE_TCPDUMP` – if set to `true`, Malcolm will capture network traffic on the local network interface(s) indicated in `PCAP_IFACE` using [tcpdump](https://www.tcpdump.org/); there is no reason to enable *both* `PCAP_ENABLE_NETSNIFF` and `PCAP_ENABLE_TCPDUMP` -* `PCAP_FILTER` – specifies a tcpdump-style filter expression for local packet capture; leave blank to capture all traffic -* `PCAP_IFACE` – used to specify the network interface(s) for local packet capture if `PCAP_ENABLE_NETSNIFF`, `PCAP_ENABLE_TCPDUMP`, `ZEEK_LIVE_CAPTURE` or `SURICATA_LIVE_CAPTURE` are enabled; for multiple interfaces, separate the interface names with a comma (e.g., `'enp0s25'` or `'enp10s0,enp11s0'`) -* `PCAP_IFACE_TWEAK` - if set to `true`, Malcolm will [use `ethtool`](shared/bin/nic-capture-setup.sh) to disable NIC hardware offloading features and adjust ring buffer sizes for capture interface(s); this should be `true` if the interface(s) are being used for capture only, `false` if they are being used for management/communication -* `PCAP_ROTATE_MEGABYTES` – used to specify how large a locally-captured PCAP file can become (in megabytes) before it is closed for processing and a new PCAP file created -* `PCAP_ROTATE_MINUTES` – used to specify a time interval (in minutes) after which a locally-captured PCAP file will be closed for processing and a new PCAP file created -* `pipeline.workers`, `pipeline.batch.size` and `pipeline.batch.delay` - these settings are used to tune the performance and resource utilization of the the `logstash` container; see [Tuning and Profiling Logstash Performance](https://www.elastic.co/guide/en/logstash/current/tuning-logstash.html), [`logstash.yml`](https://www.elastic.co/guide/en/logstash/current/logstash-settings-file.html) and [Multiple Pipelines](https://www.elastic.co/guide/en/logstash/current/multiple-pipelines.html) -* `PUID` and `PGID` - Docker runs all of its containers as the privileged `root` user by default. For better security, Malcolm immediately drops to non-privileged user accounts for executing internal processes wherever possible. The `PUID` (**p**rocess **u**ser **ID**) and `PGID` (**p**rocess **g**roup **ID**) environment variables allow Malcolm to map internal non-privileged user accounts to a corresponding [user account](https://en.wikipedia.org/wiki/User_identifier) on the host. -* `SENSITIVE_COUNTRY_CODES` - when [severity scoring](#Severity) is enabled, this variable defines a comma-separated list of sensitive countries (using [ISO 3166-1 alpha-2 codes](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Current_codes)) (default `'AM,AZ,BY,CN,CU,DZ,GE,HK,IL,IN,IQ,IR,KG,KP,KZ,LY,MD,MO,PK,RU,SD,SS,SY,TJ,TM,TW,UA,UZ'`, taken from the U.S. Department of Energy Sensitive Country List) -* `SURICATA_AUTO_ANALYZE_PCAP_FILES` – if set to `true`, all PCAP files imported into Malcolm will automatically be analyzed by Suricata, and the resulting logs will also be imported (default `false`) -* `SURICATA_AUTO_ANALYZE_PCAP_THREADS` – the number of threads available to Malcolm for analyzing Suricata logs (default `1`) -* `SURICATA_CUSTOM_RULES_ONLY` – if set to `true`, Malcolm will bypass the default [Suricata ruleset](https://github.com/OISF/suricata/tree/master/rules) and use only user-defined rules (`./suricata/rules/*.rules`). -* `SURICATA_UPDATE_RULES` – if set to `true`, Suricata signatures will periodically be updated (default `false`) -* `SURICATA_LIVE_CAPTURE` - if set to `true`, Suricata will monitor live traffic on the local interface(s) defined by `PCAP_FILTER` -* `SURICATA_ROTATED_PCAP` - if set to `true`, Suricata can analyze captured PCAP files captured by `netsniff-ng` or `tcpdump` (see `PCAP_ENABLE_NETSNIFF` and `PCAP_ENABLE_TCPDUMP`, as well as `SURICATA_AUTO_ANALYZE_PCAP_FILES`); if `SURICATA_LIVE_CAPTURE` is `true`, this should be false, otherwise Suricata will see duplicate traffic -* `SURICATA_…` - the [`suricata` container entrypoint script](shared/bin/suricata_config_populate.py) can use **many** more environment variables to tweak [suricata.yaml](https://github.com/OISF/suricata/blob/master/suricata.yaml.in); in that script, `DEFAULT_VARS` defines those variables (albeit without the `SURICATA_` prefix you must add to each for use) -* `TOTAL_MEGABYTES_SEVERITY_THRESHOLD` - when [severity scoring](#Severity) is enabled, this variable indicates the size threshold (in megabytes) for assigning severity to large connections or file transfers (default `1000`) -* `VTOT_API2_KEY` – used to specify a [VirusTotal Public API v.20](https://www.virustotal.com/en/documentation/public-api/) key, which, if specified, will be used to submit hashes of [Zeek-extracted files](#ZeekFileExtraction) to VirusTotal -* `ZEEK_AUTO_ANALYZE_PCAP_FILES` – if set to `true`, all PCAP files imported into Malcolm will automatically be analyzed by Zeek, and the resulting logs will also be imported (default `false`) -* `ZEEK_AUTO_ANALYZE_PCAP_THREADS` – the number of threads available to Malcolm for analyzing Zeek logs (default `1`) -* `ZEEK_DISABLE_…` - if set to any non-blank value, each of these variables can be used to disable a certain Zeek function when it analyzes PCAP files (for example, setting `ZEEK_DISABLE_LOG_PASSWORDS` to `true` to disable logging of cleartext passwords) -* `ZEEK_DISABLE_BEST_GUESS_ICS` - see ["Best Guess" Fingerprinting for ICS Protocols](#ICSBestGuess) -* `ZEEK_EXTRACTOR_MODE` – determines the file extraction behavior for file transfers detected by Zeek; see [Automatic file extraction and scanning](#ZeekFileExtraction) for more details -* `ZEEK_INTEL_FEED_SINCE` - when querying a [TAXII](#ZeekIntelSTIX) or [MISP](#ZeekIntelMISP) feed, only process threat indicators that have been created or modified since the time represented by this value; it may be either a fixed date/time (`01/01/2021`) or relative interval (`30 days ago`) -* `ZEEK_INTEL_ITEM_EXPIRATION` - specifies the value for Zeek's [`Intel::item_expiration`](https://docs.zeek.org/en/current/scripts/base/frameworks/intel/main.zeek.html#id-Intel::item_expiration) timeout as used by the [Zeek Intelligence Framework](#ZeekIntel) (default `-1min`, which disables item expiration) -* `ZEEK_INTEL_REFRESH_CRON_EXPRESSION` - specifies a [cron expression](https://en.wikipedia.org/wiki/Cron#CRON_expression) indicating the refresh interval for generating the [Zeek Intelligence Framework](#ZeekIntel) files (defaults to empty, which disables automatic refresh) -* `ZEEK_LIVE_CAPTURE` - if set to `true`, Zeek will monitor live traffic on the local interface(s) defined by `PCAP_FILTER` -* `ZEEK_ROTATED_PCAP` - if set to `true`, Zeek can analyze captured PCAP files captured by `netsniff-ng` or `tcpdump` (see `PCAP_ENABLE_NETSNIFF` and `PCAP_ENABLE_TCPDUMP`, as well as `ZEEK_AUTO_ANALYZE_PCAP_FILES`); if `ZEEK_LIVE_CAPTURE` is `true`, this should be false, otherwise Zeek will see duplicate traffic - -#### Linux host system configuration - -##### Installing Docker - -Docker installation instructions vary slightly by distribution. Please follow the links below to docker.com to find the instructions specific to your distribution: - -* [Ubuntu](https://docs.docker.com/install/linux/docker-ce/ubuntu/) -* [Debian](https://docs.docker.com/install/linux/docker-ce/debian/) -* [Fedora](https://docs.docker.com/install/linux/docker-ce/fedora/) -* [CentOS](https://docs.docker.com/install/linux/docker-ce/centos/) -* [Binaries](https://docs.docker.com/install/linux/docker-ce/binaries/) - -After installing Docker, because Malcolm should be run as a non-root user, add your user to the `docker` group with something like: -``` -$ sudo usermod -aG docker yourusername -``` - -Following this, either reboot or log out then log back in. - -Docker starts automatically on DEB-based distributions. On RPM-based distributions, you need to start it manually or enable it using the appropriate `systemctl` or `service` command(s). - -You can test docker by running `docker info`, or (assuming you have internet access), `docker run --rm hello-world`. - -##### Installing docker-compose - -Please follow [this link](https://docs.docker.com/compose/install/) on docker.com for instructions on installing docker-compose. - -##### Operating system configuration - -The host system (ie., the one running Docker) will need to be configured for the [best possible OpenSearch performance](https://www.elastic.co/guide/en/elasticsearch/reference/master/system-config.html). Here are a few suggestions for Linux hosts (these may vary from distribution to distribution): - -* Append the following lines to `/etc/sysctl.conf`: - -``` -# the maximum number of open file handles -fs.file-max=2097152 - -# increase maximums for inotify watches -fs.inotify.max_user_watches=131072 -fs.inotify.max_queued_events=131072 -fs.inotify.max_user_instances=512 - -# the maximum number of memory map areas a process may have -vm.max_map_count=262144 - -# decrease "swappiness" (swapping out runtime memory vs. dropping pages) -vm.swappiness=1 - -# the maximum number of incoming connections -net.core.somaxconn=65535 - -# the % of system memory fillable with "dirty" pages before flushing -vm.dirty_background_ratio=40 - -# maximum % of dirty system memory before committing everything -vm.dirty_ratio=80 -``` - -* Depending on your distribution, create **either** the file `/etc/security/limits.d/limits.conf` containing: - -``` -# the maximum number of open file handles -* soft nofile 65535 -* hard nofile 65535 -# do not limit the size of memory that can be locked -* soft memlock unlimited -* hard memlock unlimited -``` - -**OR** the file `/etc/systemd/system.conf.d/limits.conf` containing: - -``` -[Manager] -# the maximum number of open file handles -DefaultLimitNOFILE=65535:65535 -# do not limit the size of memory that can be locked -DefaultLimitMEMLOCK=infinity -``` - -* Change the readahead value for the disk where the OpenSearch data will be stored. There are a few ways to do this. For example, you could add this line to `/etc/rc.local` (replacing `/dev/sda` with your disk block descriptor): - -``` -# change disk read-adhead value (# of blocks) -blockdev --setra 512 /dev/sda -``` - -* Change the I/O scheduler to `deadline` or `noop`. Again, this can be done in a variety of ways. The simplest is to add `elevator=deadline` to the arguments in `GRUB_CMDLINE_LINUX` in `/etc/default/grub`, then running `sudo update-grub2` - -* If you are planning on using very large data sets, consider formatting the drive containing the `opensearch` volume as XFS. - -After making all of these changes, do a reboot for good measure! - -#### macOS host system configuration - -##### Automatic installation using `install.py` - -The `install.py` script will attempt to guide you through the installation of Docker and Docker Compose if they are not present. If that works for you, you can skip ahead to **Configure docker daemon option** in this section. - -##### Install Homebrew - -The easiest way to install and maintain docker on Mac is using the [Homebrew cask](https://brew.sh). Execute the following in a terminal. - -``` -$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" -$ brew install cask -$ brew tap homebrew/cask-versions -``` - -##### Install docker-edge - -``` -$ brew cask install docker-edge -``` -This will install the latest version of docker and docker-compose. It can be upgraded later using `brew` as well: -``` -$ brew cask upgrade --no-quarantine docker-edge -``` -You can now run docker from the Applications folder. - -##### Configure docker daemon option - -Some changes should be made for performance ([this link](http://markshust.com/2018/01/30/performance-tuning-docker-mac) gives a good succinct overview). - -* **Resource allocation** - For a good experience, you likely need at least a quad-core MacBook Pro with 16GB RAM and an SSD. I have run Malcolm on an older 2013 MacBook Pro with 8GB of RAM, but the more the better. Go in your system tray and select **Docker** → **Preferences** → **Advanced**. Set the resources available to docker to at least 4 CPUs and 8GB of RAM (>= 16GB is preferable). - -* **Volume mount performance** - You can speed up performance of volume mounts by removing unused paths from **Docker** → **Preferences** → **File Sharing**. For example, if you're only going to be mounting volumes under your home directory, you could share `/Users` but remove other paths. - -After making these changes, right click on the Docker 🐋 icon in the system tray and select **Restart**. - -#### Windows host system configuration - -#### Installing and configuring Docker Desktop for Windows - -Installing and configuring [Docker to run under Windows](https://docs.docker.com/desktop/windows/wsl/) must be done manually, rather than through the `install.py` script as is done for Linux and macOS. - -1. Be running Windows 10, version 1903 or higher -1. Prepare your system and [install WSL](https://docs.microsoft.com/en-us/windows/wsl/install) and a Linux distribution by running `wsl --install -d Debian` in PowerShell as Administrator (these instructions are tested with Debian, but may work with other distributions) -1. Install Docker Desktop for Windows either by downloading the installer from the [official Docker site](https://hub.docker.com/editions/community/docker-ce-desktop-windows) or installing it through [chocolatey](https://chocolatey.org/packages/docker-desktop). -1. Follow the [Docker Desktop WSL 2 backend](https://docs.docker.com/desktop/windows/wsl/) instructions to finish configuration and review best practices -1. Reboot -1. Open the WSL distribution's terminal and run run `docker info` to make sure Docker is running - -#### Finish Malcolm's configuration - -Once Docker is installed, configured and running as described in the previous section, run [`./scripts/install.py --configure`](#ConfigAndTuning) to finish configuration of the local Malcolm installation. Malcolm will be controlled and run from within your WSL distribution's terminal environment. - -## Running Malcolm - -### OpenSearch instances - -Malcolm's default standalone configuration is to use a local [OpenSearch](https://opensearch.org/) instance in a Docker container to index and search network traffic metadata. OpenSearch can also run as a [cluster](https://opensearch.org/docs/latest/opensearch/cluster/) with instances distributed across multiple nodes with dedicated [roles](https://opensearch.org/docs/latest/opensearch/cluster/#nodes) like cluster manager, data node, ingest node, etc. - -As the permutations of OpenSearch cluster configurations are numerous, it is beyond Malcolm's scope to set up multi-node clusters. However, Malcolm can be configured to use a remote OpenSearch cluster rather than its own internal instance. - -The `OPENSEARCH_…` [environment variables in `docker-compose.yml`](#DockerComposeYml) control whether Malcolm uses its own local OpenSearch instance or a remote OpenSearch instance as its primary data store. The configuration portion of Malcolm install script ([`./scripts/install.py --configure`](#ConfigAndTuning)) can help you configure these options. - -For example, to use the default standalone configuration, answer `Y` when prompted `Should Malcolm use and maintain its own OpenSearch instance?`. - -Or, to use a remote OpenSearch cluster: - -``` -… -Should Malcolm use and maintain its own OpenSearch instance? (Y/n): n - -Enter primary remote OpenSearch connection URL (e.g., https://192.168.1.123:9200): https://192.168.1.123:9200 - -Require SSL certificate validation for communication with primary OpenSearch instance? (y/N): n - -You must run auth_setup after install.py to store OpenSearch connection credentials. -… -``` - -Whether the primary OpenSearch instance is a locally maintained single-node instance or is a remote cluster, Malcolm can be configured additionally forward logs to a secondary remote OpenSearch instance. The `OPENSEARCH_SECONDARY_…` [environment variables in `docker-compose.yml`](#DockerComposeYml) control this behavior. Configuration of a remote secondary OpenSearch instance is similar to that of a remote primary OpenSearch instance: - - -``` -… -Forward Logstash logs to a secondary remote OpenSearch instance? (y/N): y - -Enter secondary remote OpenSearch connection URL (e.g., https://192.168.1.123:9200): https://192.168.1.124:9200 - -Require SSL certificate validation for communication with secondary OpenSearch instance? (y/N): n - -You must run auth_setup after install.py to store OpenSearch connection credentials. -… -``` - -#### Authentication and authorization for remote OpenSearch clusters - -In addition to setting the environment variables in [`docker-compose.yml`](#DockerComposeYml) as described above, you must provide Malcolm with credentials for it to be able to communicate with remote OpenSearch instances. These credentials are stored in the Malcolm installation directory as `.opensearch.primary.curlrc` and `.opensearch.secondary.curlrc` for the primary and secondary OpenSearch connections, respectively, and are bind mounted into the Docker containers which need to communicate with OpenSearch. These [cURL-formatted](https://everything.curl.dev/cmdline/configfile) config files can be generated for you by the [`auth_setup`](#AuthSetup) script as illustrated: - -``` -$ ./scripts/auth_setup - -… - -Store username/password for primary remote OpenSearch instance? (y/N): y - -OpenSearch username: servicedb -servicedb password: -servicedb password (again): - -Require SSL certificate validation for OpenSearch communication? (Y/n): n - -Store username/password for secondary remote OpenSearch instance? (y/N): y - -OpenSearch username: remotedb -remotedb password: -remotedb password (again): - -Require SSL certificate validation for OpenSearch communication? (Y/n): n - -… -``` - -These files are created with permissions such that only the user account running Malcolm can access them: - -``` -$ ls -la .opensearch.*.curlrc --rw------- 1 user user 36 Aug 22 14:17 .opensearch.primary.curlrc --rw------- 1 user user 35 Aug 22 14:18 .opensearch.secondary.curlrc -``` - -One caveat with Malcolm using a remote OpenSearch cluster as its primary document store is that the accounts used to access Malcolm's [web interfaces](#UserInterfaceURLs), particularly [OpenSearch Dashboards](#Dashboards), are in some instance passed directly through to OpenSearch itself. For this reason, both Malcolm and the remote primary OpenSearch instance must have the same account information. The easiest way to accomplish this is to use an Active Directory/LDAP server that both [Malcolm](#AuthLDAP) and [OpenSearch](https://opensearch.org/docs/latest/security-plugin/configuration/ldap/) use as a common authentication backend. - -See the OpenSearch documentation on [access control](https://opensearch.org/docs/latest/security-plugin/access-control/index/) for more information. - -### Configure authentication - -Malcolm requires authentication to access the [user interface](#UserInterfaceURLs). [Nginx](https://nginx.org/) can authenticate users with either local TLS-encrypted HTTP basic authentication or using a remote Lightweight Directory Access Protocol (LDAP) authentication server. - -With the local basic authentication method, user accounts are managed by Malcolm and can be created, modified, and deleted using a [user management web interface](#AccountManagement). This method is suitable in instances where accounts and credentials do not need to be synced across many Malcolm installations. - -LDAP authentication are managed on a remote directory service, such as a [Microsoft Active Directory Domain Services](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview) or [OpenLDAP](https://www.openldap.org/). - -Malcolm's authentication method is defined in the `x-auth-variables` section near the top of the [`docker-compose.yml`](#DockerComposeYml) file with the `NGINX_BASIC_AUTH` environment variable: `true` for local TLS-encrypted HTTP basic authentication, `false` for LDAP authentication. - -In either case, you **must** run `./scripts/auth_setup` before starting Malcolm for the first time in order to: - -* define the local Malcolm administrator account username and password (although these credentials will only be used for basic authentication, not LDAP authentication) -* specify whether or not to (re)generate the self-signed certificates used for HTTPS access - * key and certificate files are located in the `nginx/certs/` directory -* specify whether or not to (re)generate the self-signed certificates used by a remote log forwarder (see the `BEATS_SSL` environment variable above) - * certificate authority, certificate, and key files for Malcolm's Logstash instance are located in the `logstash/certs/` directory - * certificate authority, certificate, and key files to be copied to and used by the remote log forwarder are located in the `filebeat/certs/` directory; if using [Hedgehog Linux](#Hedgehog), these certificates should be copied to the `/opt/sensor/sensor_ctl/logstash-client-certificates` directory on the sensor -* specify whether or not to [store the username/password](https://opensearch.org/docs/latest/monitoring-plugins/alerting/monitors/#authenticate-sender-account) for [email alert senders](https://opensearch.org/docs/latest/monitoring-plugins/alerting/monitors/#create-destinations) - * these parameters are stored securely in the OpenSearch keystore file `opensearch/opensearch.keystore` - -##### Local account management - -[`auth_setup`](#AuthSetup) is used to define the username and password for the administrator account. Once Malcolm is running, the administrator account can be used to manage other user accounts via a **Malcolm User Management** page served over HTTPS on port 488 (e.g., [https://localhost:488](https://localhost:488) if you are connecting locally). - -Malcolm user accounts can be used to access the [interfaces](#UserInterfaceURLs) of all of its [components](#Components), including Arkime. Arkime uses its own internal database of user accounts, so when a Malcolm user account logs in to Arkime for the first time Malcolm creates a corresponding Arkime user account automatically. This being the case, it is *not* recommended to use the Arkime **Users** settings page or change the password via the **Password** form under the Arkime **Settings** page, as those settings would not be consistently used across Malcolm. - -Users may change their passwords via the **Malcolm User Management** page by clicking **User Self Service**. A forgotten password can also be reset via an emailed link, though this requires SMTP server settings to be specified in `htadmin/config.ini` in the Malcolm installation directory. - -#### Lightweight Directory Access Protocol (LDAP) authentication - -The [nginx-auth-ldap](https://github.com/kvspb/nginx-auth-ldap) module serves as the interface between Malcolm's [Nginx](https://nginx.org/) web server and a remote LDAP server. When you run [`auth_setup`](#AuthSetup) for the first time, a sample LDAP configuration file is created at `nginx/nginx_ldap.conf`. - -``` -# This is a sample configuration for the ldap_server section of nginx.conf. -# Yours will vary depending on how your Active Directory/LDAP server is configured. -# See https://github.com/kvspb/nginx-auth-ldap#available-config-parameters for options. - -ldap_server ad_server { - url "ldap://ds.example.com:3268/DC=ds,DC=example,DC=com?sAMAccountName?sub?(objectClass=person)"; - - binddn "bind_dn"; - binddn_passwd "bind_dn_password"; - - group_attribute member; - group_attribute_is_dn on; - require group "CN=Malcolm,CN=Users,DC=ds,DC=example,DC=com"; - require valid_user; - satisfy all; -} - -auth_ldap_cache_enabled on; -auth_ldap_cache_expiration_time 10000; -auth_ldap_cache_size 1000; -``` - -This file is mounted into the `nginx` container when Malcolm is started to provide connection information for the LDAP server. - -The contents of `nginx_ldap.conf` will vary depending on how the LDAP server is configured. Some of the [avaiable parameters](https://github.com/kvspb/nginx-auth-ldap#available-config-parameters) in that file include: - -* **`url`** - the `ldap://` or `ldaps://` connection URL for the remote LDAP server, which has the [following syntax](https://www.ietf.org/rfc/rfc2255.txt): `ldap[s]://:/???` -* **`binddn`** and **`binddn_password`** - the account credentials used to query the LDAP directory -* **`group_attribute`** - the group attribute name which contains the member object (e.g., `member` or `memberUid`) -* **`group_attribute_is_dn`** - whether or not to search for the user's full distinguished name as the value in the group's member attribute -* **`require`** and **`satisfy`** - `require user`, `require group` and `require valid_user` can be used in conjunction with `satisfy any` or `satisfy all` to limit the users that are allowed to access the Malcolm instance - -Before starting Malcolm, edit `nginx/nginx_ldap.conf` according to the specifics of your LDAP server and directory tree structure. Using a LDAP search tool such as [`ldapsearch`](https://www.openldap.org/software/man.cgi?query=ldapsearch) in Linux or [`dsquery`](https://social.technet.microsoft.com/wiki/contents/articles/2195.active-directory-dsquery-commands.aspx) in Windows may be of help as you formulate the configuration. Your changes should be made within the curly braces of the `ldap_server ad_server { … }` section. You can troubleshoot configuration file syntax errors and LDAP connection or credentials issues by running `./scripts/logs` (or `docker-compose logs nginx`) and examining the output of the `nginx` container. - -The **Malcolm User Management** page described above is not available when using LDAP authentication. - -##### LDAP connection security - -Authentication over LDAP can be done using one of three ways, [two of which](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/8e73932f-70cf-46d6-88b1-8d9f86235e81) offer data confidentiality protection: - -* **StartTLS** - the [standard extension](https://tools.ietf.org/html/rfc2830) to the LDAP protocol to establish an encrypted SSL/TLS connection within an already established LDAP connection -* **LDAPS** - a commonly used (though unofficial and considered deprecated) method in which SSL negotiation takes place before any commands are sent from the client to the server -* **Unencrypted** (cleartext) (***not recommended***) - -In addition to the `NGINX_BASIC_AUTH` environment variable being set to `false` in the `x-auth-variables` section near the top of the [`docker-compose.yml`](#DockerComposeYml) file, the `NGINX_LDAP_TLS_STUNNEL` and `NGINX_LDAP_TLS_STUNNEL` environment variables are used in conjunction with the values in `nginx/nginx_ldap.conf` to define the LDAP connection security level. Use the following combinations of values to achieve the connection security methods above, respectively: - -* **StartTLS** - - `NGINX_LDAP_TLS_STUNNEL` set to `true` in [`docker-compose.yml`](#DockerComposeYml) - - `url` should begin with `ldap://` and its port should be either the default LDAP port (389) or the default Global Catalog port (3268) in `nginx/nginx_ldap.conf` -* **LDAPS** - - `NGINX_LDAP_TLS_STUNNEL` set to `false` in [`docker-compose.yml`](#DockerComposeYml) - - `url` should begin with `ldaps://` and its port should be either the default LDAPS port (636) or the default LDAPS Global Catalog port (3269) in `nginx/nginx_ldap.conf` -* **Unencrypted** (clear text) (***not recommended***) - - `NGINX_LDAP_TLS_STUNNEL` set to `false` in [`docker-compose.yml`](#DockerComposeYml) - - `url` should begin with `ldap://` and its port should be either the default LDAP port (389) or the default Global Catalog port (3268) in `nginx/nginx_ldap.conf` - -For encrypted connections (whether using **StartTLS** or **LDAPS**), Malcolm will require and verify certificates when one or more trusted CA certificate files are placed in the `nginx/ca-trust/` directory. Otherwise, any certificate presented by the domain server will be accepted. - -### TLS certificates - -When you [set up authentication](#AuthSetup) for Malcolm a set of unique [self-signed](https://en.wikipedia.org/wiki/Self-signed_certificate) TLS certificates are created which are used to secure the connection between clients (e.g., your web browser) and Malcolm's browser-based interface. This is adequate for most Malcolm instances as they are often run locally or on internal networks, although your browser will most likely require you to add a security exception for the certificate the first time you connect to Malcolm. - -Another option is to generate your own certificates (or have them issued to you) and have them placed in the `nginx/certs/` directory. The certificate and key file should be named `cert.pem` and `key.pem`, respectively. - -A third possibility is to use a third-party reverse proxy (e.g., [Traefik](https://doc.traefik.io/traefik/) or [Caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy)) to handle the issuance of the certificates for you and to broker the connections between clients and Malcolm. Reverse proxies such as these often implement the [ACME](https://datatracker.ietf.org/doc/html/rfc8555) protocol for domain name authentication and can be used to request certificates from certificate authorities like [Let's Encrypt](https://letsencrypt.org/how-it-works/). In this configuration, the reverse proxy will be encrypting the connections instead of Malcolm, so you'll need to set the `NGINX_SSL` environment variable to `false` in [`docker-compose.yml`](#DockerComposeYml) (or answer `no` to the "Require encrypted HTTPS connections?" question posed by `install.py`). If you are setting `NGINX_SSL` to `false`, **make sure** you understand what you are doing and ensure that external connections cannot reach ports over which Malcolm will be communicating without encryption, including verifying your local firewall configuration. - -### Starting Malcolm - -[Docker compose](https://docs.docker.com/compose/) is used to coordinate running the Docker containers. To start Malcolm, navigate to the directory containing `docker-compose.yml` and run: -``` -$ ./scripts/start -``` -This will create the containers' virtual network and instantiate them, then leave them running in the background. The Malcolm containers may take a several minutes to start up completely. To follow the debug output for an already-running Malcolm instance, run: -``` -$ ./scripts/logs -``` -You can also use `docker stats` to monitor the resource utilization of running containers. - -### Stopping and restarting Malcolm - -You can run `./scripts/stop` to stop the docker containers and remove their virtual network. Alternatively, `./scripts/restart` will restart an instance of Malcolm. Because the data on disk is stored on the host in docker volumes, doing these operations will not result in loss of data. - -Malcolm can be configured to be automatically restarted when the Docker system daemon restart (for example, on system reboot). This behavior depends on the [value](https://docs.docker.com/config/containers/start-containers-automatically/) of the [`restart:`](https://docs.docker.com/compose/compose-file/#restart) setting for each service in the `docker-compose.yml` file. This value can be set by running [`./scripts/install.py --configure`](#ConfigAndTuning) and answering "yes" to "`Restart Malcolm upon system or Docker daemon restart?`." - -### Clearing Malcolm's data - -Run `./scripts/wipe` to stop the Malcolm instance and wipe its OpenSearch database (**including** [index snapshots and management policies](#IndexManagement) and [alerting configuration](#Alerting)). - -### Temporary read-only interface - -To temporarily set the Malcolm user interaces into a read-only configuration, run the following commands from the Malcolm installation directory. - -First, to configure [Nginx] to disable access to the upload and other interfaces for changing Malcolm settings, and to deny HTTP methods other than `GET` and `POST`: - -``` -docker-compose exec nginx-proxy bash -c "cp /etc/nginx/nginx_readonly.conf /etc/nginx/nginx.conf && nginx -s reload" -``` - -Second, to set the existing OpenSearch data store to read-only: - -``` -docker-compose exec dashboards-helper /data/opensearch_read_only.py -i _cluster -``` - -These commands must be re-run every time you restart Malcolm. - -Note that after you run these commands you may see an increase of error messages in the Malcolm containers' output as various background processes will fail due to the read-only nature of the indices. Additionally, some features such as Arkime's [Hunt](#ArkimeHunt) and [building your own visualizations and dashboards](#BuildDashboard) in OpenSearch Dashboards will not function correctly in read-only mode. - -## Capture file and log archive upload - -Malcolm serves a web browser-based upload form for uploading PCAP files and Zeek logs at [https://localhost/upload/](https://localhost/upload/) if you are connecting locally. - -![Capture File and Log Archive Upload](./docs/images/screenshots/malcolm_upload.png) - -Additionally, there is a writable `files` directory on an SFTP server served on port 8022 (e.g., `sftp://USERNAME@localhost:8022/files/` if you are connecting locally). - -The types of files supported are: - -* PCAP files (of mime type `application/vnd.tcpdump.pcap` or `application/x-pcapng`) - - PCAPNG files are *partially* supported: Zeek is able to process PCAPNG files, but not all of Arkime's packet examination features work correctly -* Zeek logs in archive files (`application/gzip`, `application/x-gzip`, `application/x-7z-compressed`, `application/x-bzip2`, `application/x-cpio`, `application/x-lzip`, `application/x-lzma`, `application/x-rar-compressed`, `application/x-tar`, `application/x-xz`, or `application/zip`) - - where the Zeek logs are found in the internal directory structure in the archive file does not matter - -Files uploaded via these methods are monitored and moved automatically to other directories for processing to begin, generally within one minute of completion of the upload. - -### Tagging - -In addition to be processed for uploading, Malcolm events will be tagged according to the components of the filenames of the PCAP files or Zeek log archives files from which the events were parsed. For example, records created from a PCAP file named `ACME_Scada_VLAN10.pcap` would be tagged with `ACME`, `Scada`, and `VLAN10`. Tags are extracted from filenames by splitting on the characters "," (comma), "-" (dash), and "_" (underscore). These tags are viewable and searchable (via the `tags` field) in Arkime and OpenSearch Dashboards. This behavior can be changed by modifying the `AUTO_TAG` [environment variable in `docker-compose.yml`](#DockerComposeYml). - -Tags may also be specified manually with the [browser-based upload form](#Upload). - -### Processing uploaded PCAPs with Zeek and Suricata - -The **Analyze with Zeek** and **Analyze with Suricata** checkboxes may be used when uploading PCAP files to cause them to be analyzed by Zeek and Suricata, respectively. This is functionally equivalent to the `ZEEK_AUTO_ANALYZE_PCAP_FILES` and `SURICATA_AUTO_ANALYZE_PCAP_FILES` environment variables [described above](#DockerComposeYml), only on a per-upload basis. Zeek can also automatically carve out files from file transfers; see [Automatic file extraction and scanning](#ZeekFileExtraction) for more details. - -## Live analysis - -### Using a network sensor appliance - -A dedicated network sensor appliance is the recommended method for capturing and analyzing live network traffic when performance and throughput is of utmost importance. [Hedgehog Linux](./sensor-iso/README.md) is a custom Debian-based operating system built to: - -* monitor network interfaces -* capture packets to PCAP files -* detect file transfers in network traffic and extract and scan those files for threats -* generate and forward Zeek and Suricata logs, Arkime sessions, and other information to [Malcolm](https://github.com/idaholab/Malcolm) - -Please see the [Hedgehog Linux README](./sensor-iso/README.md) for more information. - -### Monitoring local network interfaces - -Malcolm's `pcap-capture`, `suricata-live` and `zeek-live` containers can monitor one or more local network interfaces, specified by the `PCAP_IFACE` environment variable in [`docker-compose.yml`](#DockerComposeYml). These containers are started with additional privileges (`IPC_LOCK`, `NET_ADMIN`, `NET_RAW`, and `SYS_ADMIN`) to allow opening network interfaces in promiscuous mode for capture. - -The instances of Zeek and Suricata (in the `suricata-live` and `zeek-live` containers when the `SURICATA_LIVE_CAPTURE` and `ZEEK_LIVE_CAPTURE` environment variables in [`docker-compose.yml`](#DockerComposeYml) are set to `true`, respectively) analyze traffic on-the-fly and generate log files containing network session metadata. These log files are in turn scanned by Filebeat and forwarded to Logstash for enrichment and indexing into the OpenSearch document store. - -In contrast, the `pcap-capture` container buffers traffic to PCAP files and periodically rotates these files for processing (by Arkime's `capture` utlity in the `arkime` container) according to the thresholds defined by the `PCAP_ROTATE_MEGABYTES` and `PCAP_ROTATE_MINUTES` environment variables in [`docker-compose.yml`](#DockerComposeYml). If for some reason (e.g., a low resources environment) you also want Zeek and Suricata to process these intermediate PCAP files rather than monitoring the network interfaces directly, you can set `SURICATA_ROTATED_PCAP`/`ZEEK_ROTATED_PCAP` to `true` and `SURICATA_LIVE_CAPTURE`/`ZEEK_LIVE_CAPTURE` to false. - -These various options for monitoring traffic on local network interfaces can also be configured by running [`./scripts/install.py --configure`](#ConfigAndTuning). - -Note that currently Microsoft Windows and Apple macOS platforms run Docker inside of a virtualized environment. Live traffic capture and analysis on those platforms would require additional configuration of virtual interfaces and port forwarding in Docker which is outside of the scope of this document. - -### Manually forwarding logs from an external source - -Malcolm's Logstash instance can also be configured to accept logs from a [remote forwarder](https://www.elastic.co/products/beats/filebeat) by running [`./scripts/install.py --configure`](#ConfigAndTuning) and answering "yes" to "`Expose Logstash port to external hosts?`." Enabling encrypted transport of these logs files is discussed in [Configure authentication](#AuthSetup) and the description of the `BEATS_SSL` environment variable in the [`docker-compose.yml`](#DockerComposeYml) file. - -Configuring Filebeat to forward Zeek logs to Malcolm might look something like this example [`filebeat.yml`](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-reference-yml.html): -``` -filebeat.inputs: -- type: log - paths: - - /var/zeek/*.log - fields_under_root: true - compression_level: 0 - exclude_lines: ['^\s*#'] - scan_frequency: 10s - clean_inactive: 180m - ignore_older: 120m - close_inactive: 90m - close_renamed: true - close_removed: true - close_eof: false - clean_renamed: true - clean_removed: true - -output.logstash: - hosts: ["192.0.2.123:5044"] - ssl.enabled: true - ssl.certificate_authorities: ["/foo/bar/ca.crt"] - ssl.certificate: "/foo/bar/client.crt" - ssl.key: "/foo/bar/client.key" - ssl.supported_protocols: "TLSv1.2" - ssl.verification_mode: "none" -``` - -## Arkime - -The Arkime interface will be accessible over HTTPS on port 443 at the docker hosts IP address (e.g., [https://localhost](https://localhost) if you are connecting locally). - -### Zeek log integration - -A stock installation of Arkime extracts all of its network connection ("session") metadata ("SPI" or "Session Profile Information") from full packet capture artifacts (PCAP files). Zeek (formerly Bro) generates similar session metadata, linking network events to sessions via a connection UID. Malcolm aims to facilitate analysis of Zeek logs by mapping values from Zeek logs to the Arkime session database schema for equivalent fields, and by creating new "native" Arkime database fields for all the other Zeek log values for which there is not currently an equivalent in Arkime: - -![Zeek log session record](./docs/images/screenshots/arkime_session_zeek.png) - -In this way, when full packet capture is an option, analysis of PCAP files can be enhanced by the additional information Zeek provides. When full packet capture is not an option, similar analysis can still be performed using the same interfaces and processes using the Zeek logs alone. - -A few values of particular mention include **Data Source** (`event.provider` in OpenSearch), which can be used to distinguish from among the sources of the network traffic metadata record (e.g., `zeek` for Zeek logs and `arkime` for Arkime sessions); and, **Log Type** (`event.dataset` in OpenSearch), which corresponds to the kind of Zeek `.log` file from which the record was created. In other words, a search could be restricted to records from `conn.log` by searching `event.provider == zeek && event.dataset == conn`, or restricted to records from `weird.log` by searching `event.provider == zeek && event.dataset == weird`. - -Click the icon of the owl **🦉** in the upper-left hand corner of to access the Arkime usage documentation (accessible at [https://localhost/help](https://localhost/help) if you are connecting locally), click the **Fields** label in the navigation pane, then search for `zeek` to see a list of the other Zeek log types and fields available to Malcolm. - -![Zeek fields](./docs/images/screenshots/arkime_help_fields.png) - -The values of records created from Zeek logs can be expanded and viewed like any native Arkime session by clicking the plus **➕** icon to the left of the record in the Sessions view. However, note that when dealing with these Zeek records the full packet contents are not available, so buttons dealing with viewing and exporting PCAP information will not behave as they would for records from PCAP files. Other than that, Zeek records and their values are usable in Malcolm just like native PCAP session records. - -#### Correlating Zeek logs and Arkime sessions - -The Arkime interface displays both Zeek logs and Arkime sessions alongside each other. Using fields common to both data sources, one can [craft queries](#SearchCheatSheet) to filter results matching desired criteria. - -A few fields of particular mention that help limit returned results to those Zeek logs and Arkime session records generated from the same network connection are [Community ID](https://github.com/corelight/community-id-spec) (`network.community_id`) and Zeek's [connection UID](https://docs.zeek.org/en/stable/examples/logs/#using-uids) (`zeek.uid`), which Malcolm maps to both Arkime's `rootId` field and the [ECS](https://www.elastic.co/guide/en/ecs/current/ecs-event.html#field-event-id) `event.id` field. - -Community ID is specification for standard flow hashing [published by Corelight](https://github.com/corelight/community-id-spec) with the intent of making it easier to pivot from one dataset (e.g., Arkime sessions) to another (e.g., Zeek `conn.log` entries). In Malcolm both Arkime and [Zeek](https://github.com/corelight/zeek-community-id) populate this value, which makes it possible to filter for a specific network connection and see both data sources' results for that connection. - -The `rootId` field is used by Arkime to link session records together when a particular session has too many packets to be represented by a single session. When normalizing Zeek logs to Arkime's schema, Malcolm piggybacks on `rootId` to store Zeek's [connection UID](https://docs.zeek.org/en/stable/examples/logs/#using-uids) to crossreference entries across Zeek log types. The connection UID is also stored in `zeek.uid`. - -Filtering on community ID OR'ed with zeek UID (e.g., `network.community_id == "1:r7tGG//fXP1P0+BXH3zXETCtEFI=" || rootId == "CQcoro2z6adgtGlk42"`) is an effective way to see both the Arkime sessions and Zeek logs generated by a particular network connection. - -![Correlating Arkime sessions and Zeek logs](./docs/images/screenshots/arkime_correlate_communityid_uid.png) - -### Help - -Click the icon of the owl 🦉 in the upper-left hand corner of to access the Arkime usage documentation (accessible at [https://localhost/help](https://localhost/help) if you are connecting locally), which includes such topics as [search syntax](https://localhost/help#search), the [Sessions view](https://localhost/help#sessions), [SPIView](https://localhost/help#spiview), [SPIGraph](https://localhost/help#spigraph), and the [Connections](https://localhost/help#connections) graph. - -### Sessions - -The **Sessions** view provides low-level details of the sessions being investigated, whether they be Arkime sessions created from PCAP files or [Zeek logs mapped](#ArkimeZeek) to the Arkime session database schema. - -![Arkime's Sessions view](./docs/images/screenshots/arkime_sessions.png) - -The **Sessions** view contains many controls for filtering the sessions displayed from all sessions down to sessions of interest: - -* [search bar](https://localhost/help#search): Indicated by the magnifying glass **🔍** icon, the search bar allows defining filters on session/log metadata -* [time bounding](https://localhost/help#timebounding) controls: The **🕘**, **Start**, **End**, **Bounding**, and **Interval** fields, and the **date histogram** can be used to visually zoom and pan the time range being examined. -* search button: The **Search** button re-runs the sessions query with the filters currently specified. -* views button: Indicated by the eyeball **👁** icon, views allow overlaying additional previously-specified filters onto the current sessions filters. For convenience, Malcolm provides several Arkime preconfigured views including filtering on the `event.dataset` field. - -![Malcolm views](./docs/images/screenshots/arkime_apply_view.png) - -* map: A global map can be expanded by clicking the globe **🌎** icon. This allows filtering sessions by IP-based geolocation when possible. - -Some of these filter controls are also available on other Arkime pages (such as SPIView, SPIGraph, Connections, and Hunt). - -The number of sessions displayed per page, as well as the page currently displayed, can be specified using the paging controls underneath the time bounding controls. - -The sessions table is displayed below the filter controls. This table contains the sessions/logs matching the specified filters. - -To the left of the column headers are two buttons. The **Toggle visible columns** button, indicated by a grid **⊞** icon, allows toggling which columns are displayed in the sessions table. The **Save or load custom column configuration** button, indicated by a columns **◫** icon, allows saving the current displayed columns or loading previously-saved configurations. This is useful for customizing which columns are displayed when investigating different types of traffic. Column headers can also be clicked to sort the results in the table, and column widths may be adjusted by dragging the separators between column headers. - -Details for individual sessions/logs can be expanded by clicking the plus **➕** icon on the left of each row. Each row may contain multiple sections and controls, depending on whether the row represents a Arkime session or a [Zeek log](#ArkimeZeek). Clicking the field names and values in the details sections allows additional filters to be specified or summary lists of unique values to be exported. - -When viewing Arkime session details (ie., a session generated from a PCAP file), an additional packets section will be visible underneath the metadata sections. When the details of a session of this type are expanded, Arkime will read the packet(s) comprising the session for display here. Various controls can be used to adjust how the packet is displayed (enabling **natural** decoding and enabling **Show Images & Files** may produce visually pleasing results), and other options (including PCAP download, carving images and files, applying decoding filters, and examining payloads in [CyberChef](https://github.com/gchq/CyberChef)) are available. - -See also Arkime's usage documentation for more information on the [Sessions view](https://localhost/help#sessions). - -#### PCAP Export - -Clicking the down arrow **▼** icon to the far right of the search bar presents a list of actions including **PCAP Export** (see Arkime's [sessions help](https://localhost/help#sessions) for information on the other actions). When full PCAP sessions are displayed, the **PCAP Export** feature allows you to create a new PCAP file from the matching Arkime sessions, including controls for which sessions are included (open items, visible items, or all matching items) and whether or not to include linked segments. Click **Export PCAP** button to generate the PCAP, after which you'll be presented with a browser download dialog to save or open the file. Note that depending on the scope of the filters specified this might take a long time (or, possibly even time out). - -![Export PCAP](./docs/images/screenshots/arkime_export_pcap.png) - -See the [issues](#Issues) section of this document for an error that can occur using this feature when Zeek log sessions are displayed.View - -### SPIView - -Arkime's **SPI** (**S**ession **P**rofile **I**nformation) **View** provides a quick and easy-to-use interface for exploring session/log metrics. The SPIView page lists categories for general session metrics (e.g., protocol, source and destination IP addresses, sort and destination ports, etc.) as well as for all of various types of network traffic understood by Malcolm. These categories can be expanded and the top *n* values displayed, along with each value's cardinality, for the fields of interest they contain. - -![Arkime's SPIView](./docs/images/screenshots/arkime_spiview.png) - -Click the the plus **➕** icon to the right of a category to expand it. The values for specific fields are displayed by clicking the field description in the field list underneath the category name. The list of field names can be filtered by typing part of the field name in the *Search for fields to display in this category* text input. The **Load All** and **Unload All** buttons can be used to toggle display of all of the fields belonging to that category. Once displayed, a field's name or one of its values may be clicked to provide further actions for filtering or displaying that field or its values. Of particular interest may be the **Open [fieldname] SPI Graph** option when clicking on a field's name. This will open a new tab with the SPI Graph ([see below](#ArkimeSPIGraph)) populated with the field's top values. - -Note that because the SPIView page can potentially run many queries, SPIView limits the search domain to seven days (in other words, seven indices, as each index represents one day's worth of data). When using SPIView, you will have best results if you limit your search time frame to less than or equal to seven days. This limit can be adjusted by editing the `spiDataMaxIndices` setting in [config.ini](./etc/arkime/config.ini) and rebuilding the `malcolmnetsec/arkime` docker container. - -See also Arkime's usage documentation for more information on [SPIView](https://localhost/help#spiview). - -### SPIGraph - -Arkime's **SPI** (**S**ession **P**rofile **I**nformation) **Graph** visualizes the occurrence of some field's top *n* values over time, and (optionally) geographically. This is particularly useful for identifying trends in a particular type of communication over time: traffic using a particular protocol when seen sparsely at regular intervals on that protocol's date histogram in the SPIGraph may indicate a connection check, polling, or beaconing (for example, see the `llmnr` protocol in the screenshot below). - -![Arkime's SPIGraph](./docs/images/screenshots/arkime_spigraph.png) - -Controls can be found underneath the time bounding controls for selecting the field of interest, the number of elements to be displayed, the sort order, and a periodic refresh of the data. - -See also Arkime's usage documentation for more information on [SPIGraph](https://localhost/help#spigraph). - -### Connections - -The **Connections** page presents network communications via a force-directed graph, making it easy to visualize logical relationships between network hosts. - -![Arkime's Connections graph](./docs/images/screenshots/arkime_connections.png) - -Controls are available for specifying the query size (where smaller values will execute more quickly but may only contain an incomplete representation of the top *n* sessions, and larger values may take longer to execute but will be more complete), which fields to use as the source and destination for node values, a minimum connections threshold, and the method for determining the "weight" of the link between two nodes. As is the case with most other visualizations in Arkime, the graph is interactive: clicking on a node or the link between two nodes can be used to modify query filters, and the nodes themselves may be repositioned by dragging and dropping them. A node's color indicates whether it communicated as a source/originator, a destination/responder, or both. - -While the default source and destination fields are *Src IP* and *Dst IP:Dst Port*, the Connections view is able to use any combination of fields. For example: - -* *Src OUI* and *Dst OUI* (hardware manufacturers) -* *Src IP* and *Protocols* -* *Originating Network Segment* and *Responding Network Segment* (see [CIDR subnet to network segment name mapping](#SegmentNaming)) -* *Originating GeoIP City* and *Responding GeoIP City* - -or any other combination of these or other fields. - -See also Arkime's usage documentation for more information on the [Connections graph](https://localhost/help#connections). - -### Hunt - -Arkime's **Hunt** feature allows an analyst to search within the packets themselves (including payload data) rather than simply searching the session metadata. The search string may be specified using ASCII (with or without case sensitivity), hex codes, or regular expressions. Once a hunt job is complete, matching sessions can be viewed in the [Sessions](#ArkimeSessions) view. - -Clicking the **Create a packet search job** on the Hunt page will allow you to specify the following parameters for a new hunt job: - -* a packet search job **name** -* a **maximum number of packets** to examine per session -* the **search string** and its format (*ascii*, *ascii (case sensitive)*, *hex*, *regex*, or *hex regex*) -* whether to search **source packets**, **destination packets**, or both -* whether to search **raw** or **reassembled** packets - -Click the **➕ Create** button to begin the search. Arkime will scan the source PCAP files from which the sessions were created according to the search criteria. Note that whatever filters were specified when the hunt job is executed will apply to the hunt job as well; the number of sessions matching the current filters will be displayed above the hunt job parameters with text like "ⓘ Creating a new packet search job will search the packets of # sessions." - -![Hunt creation](./docs/images/screenshots/arkime_hunt_creation.png) - -Once a hunt job is submitted, it will be assigned a unique hunt ID (a long unique string of characters like `yuBHAGsBdljYmwGkbEMm`) and its progress will be updated periodically in the **Hunt Job Queue** with the execution percent complete, the number of matches found so far, and the other parameters with which the job was submitted. More details for the hunt job can be viewed by expanding its row with the plus **➕** icon on the left. - -![Hunt completed](./docs/images/screenshots/arkime_hunt_finished.png) - -Once the hunt job is complete (and a minute or so has passed, as the `huntId` must be added to the matching session records in the database), click the folder **📂** icon on the right side of the hunt job row to open a new [Sessions](#ArkimeSessions) tab with the search bar prepopulated to filter to sessions with packets matching the search criteria. - -![Hunt result sessions](./docs/images/screenshots/arkime_hunt_sessions.png) - -From this list of filtered sessions you can expand session details and explore packet payloads which matched the hunt search criteria. - -The hunt feature is available only for sessions created from full packet capture data, not Zeek logs. This being the case, it is a good idea to click the eyeball **👁** icon and select the **Arkime Sessions** view to exclude Zeek logs from candidate sessions prior to using the hunt feature. - -See also Arkime's usage documentation for more information on the [hunt feature](https://localhost/help#hunt). - -### Statistics - -Arkime provides several other reports which show information about the state of Arkime and the underlying OpenSearch database. - -The **Files** list displays a list of PCAP files processed by Arkime, the date and time of the earliest packet in each file, and the file size: - -![Arkime's Files list](./docs/images/screenshots/arkime_files.png) - -The **ES Indices** list (available under the **Stats** page) lists the OpenSearch indices within which log data is contained: - -![Arkime's ES indices list](./docs/images/screenshots/arkime_es_stats.png) - -The **History** view provides a historical list of queries issues to Arkime and the details of those queries: - -![Arkime's History view](./docs/images/screenshots/arkime_history.png) - -See also Arkime's usage documentation for more information on the [Files list](https://localhost/help#files), [statistics](https://localhost/help#files), and [history](https://localhost/help#history). - -### Settings - -#### General settings - -The **Settings** page can be used to tweak Arkime preferences, defined additional custom views and column configurations, tweak the color theme, and more. - -See Arkime's usage documentation for more information on [settings](https://localhost/help#settings). - -![Arkime general settings](./docs/images/screenshots/arkime_general_settings.png) - -![Arkime custom view management](./docs/images/screenshots/arkime_view_settings.png) - -## OpenSearch Dashboards - -While Arkime provides very nice visualizations, especially for network traffic, [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) (an open source general-purpose data visualization tool for OpenSearch) can be used to create custom visualizations (tables, charts, graphs, dashboards, etc.) using the same data. - -The OpenSearch Dashboards container can be accessed at [https://localhost/dashboards/](https://localhost/dashboards/) if you are connecting locally. Several preconfigured dashboards for Zeek logs are included in Malcolm's OpenSearch Dashboards configuration. - -OpenSearch Dashboards has several components for data searching and visualization: - -### Discover - -The **Discover** view enables you to view events on a record-by-record basis (similar to a *session* record in Arkime or an individual line from a Zeek log). See the official [Kibana User Guide](https://www.elastic.co/guide/en/kibana/7.10/index.html) (OpenSearch Dashboards is an open-source fork of Kibana, which is no longer open-source software) for information on using the Discover view: - -* [Discover](https://www.elastic.co/guide/en/kibana/7.10/discover.html) -* [Searching Your Data](https://www.elastic.co/guide/en/kibana/7.10/search.html) - -#### Screenshots - -![Discover view](./docs/images/screenshots/dashboards_discover.png) - -![Viewing the details of a session in Discover](./docs/images/screenshots/dashboards_discover_table.png) - -![Filtering by tags to display only sessions with public IP addresses](./docs/images/screenshots/dashboards_add_filter.png) - -![Changing the fields displayed in Discover](./docs/images/screenshots/dashboards_fields_list.png) - -![Opening a previously-saved search](./docs/images/screenshots/dashboards_open_search.png) - -### Visualizations and dashboards - -#### Prebuilt visualizations and dashboards - -Malcolm comes with dozens of prebuilt visualizations and dashboards for the network traffic represented by each of the Zeek log types. Click **Dashboard** to see a list of these dashboards. As is the case with all OpenSearch Dashboards visualizations, all of the charts, graphs, maps, and tables are interactive and can be clicked on to narrow or expand the scope of the data you are investigating. Similarly, click **Visualize** to explore the prebuilt visualizations used to build the dashboards. - -Many of Malcolm's prebuilt visualizations for Zeek logs were originally inspired by the excellent [Kibana Dashboards](https://github.com/Security-Onion-Solutions/securityonion-elastic/tree/master/kibana/dashboards) that are part of [Security Onion](https://securityonion.net/). - -##### Screenshots - -![The Security Overview highlights security-related network events](./docs/images/screenshots/dashboards_security_overview.png) - -![The ICS/IoT Security Overview dashboard displays information about ICS and IoT network traffic](./docs/images/screenshots/dashboards_ics_iot_security_overview.png) - -![The Connections dashboard displays information about the "top talkers" across all types of sessions](./docs/images/screenshots/dashboards_connections.png) - -![The HTTP dashboard displays important details about HTTP traffic](./docs/images/screenshots/dashboards_http.png) - -![There are several Connections visualizations using locations from GeoIP lookups](./docs/images/screenshots/dashboards_latlon_map.png) - -![OpenSearch Dashboards includes both coordinate and region map types](./docs/images/screenshots/dashboards_region_map.png) - -![The Suricata Alerts dashboard highlights traffic which matched Suricata signatures](./docs/images/screenshots/dashboards_suricata_alerts.png) - -![The Zeek Notices dashboard highlights things which Zeek determine are potentially bad](./docs/images/screenshots/dashboards_notices.png) - -![The Zeek Signatures dashboard displays signature hits, such as antivirus hits on files extracted from network traffic](./docs/images/screenshots/dashboards_signatures.png) - -![The Software dashboard displays the type, name, and version of software seen communicating on the network](./docs/images/screenshots/dashboards_software.png) - -![The PE (portable executables) dashboard displays information about executable files transferred over the network](./docs/images/screenshots/dashboards_portable_executables.png) - -![The SMTP dashboard highlights details about SMTP traffic](./docs/images/screenshots/dashboards_smtp.png) - -![The SSL dashboard displays information about SSL versions, certificates, and TLS JA3 fingerprints](./docs/images/screenshots/dashboards_ssl.png) - -![The files dashboard displays metrics about the files transferred over the network](./docs/images/screenshots/dashboards_files_source.png) - -![This dashboard provides insight into DNP3 (Distributed Network Protocol), a protocol used commonly in electric and water utilities](./docs/images/screenshots/dashboards_dnp3.png) - -![Modbus is a standard protocol found in many industrial control systems (ICS)](./docs/images/screenshots/dashboards_modbus.png) - -![BACnet is a communications protocol for Building Automation and Control (BAC) networks](./docs/images/screenshots/dashboards_bacnet.png) - -![EtherCAT is an Ethernet-based fieldbus system](./docs/images/screenshots/dashboards_ecat.png) - -![EtherNet/IP is an industrial network protocol that adapts the Common Industrial Protocol to standard Ethernet](./docs/images/screenshots/dashboards_ethernetip.png) - -![PROFINET is an industry technical standard for data communication over Industrial Ethernet](./docs/images/screenshots/dashboards_profinet.png) - -![S7comm is a Siemens proprietary protocol that runs between programmable logic controllers (PLCs) of the Siemens family](./docs/images/screenshots/dashboards_s7comm.png) - -#### Building your own visualizations and dashboards - -See the official [Kibana User Guide](https://www.elastic.co/guide/en/kibana/7.10/index.html) and [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) (OpenSearch Dashboards is an open-source fork of Kibana, which is no longer open-source software) documentation for information on creating your own visualizations and dashboards: - -* [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) -* [Kibana Dashboards](https://www.elastic.co/guide/en/kibana/7.10/dashboard.html) -* [TimeLine](https://www.elastic.co/guide/en/kibana/7.12/timelion.html) - -##### Screenshots - -![OpenSearch dashboards boasts many types of visualizations for displaying your data](./docs/images/screenshots/dashboards_new_visualization.png) - -## Search Queries in Arkime and OpenSearch Dashboards - -OpenSearch Dashboards supports two query syntaxes: the legacy [Lucene](https://www.elastic.co/guide/en/kibana/current/lucene-query.html) syntax and [Dashboards Query Language (DQL)](https://opensearch.org/docs/1.2/dashboards/dql/), both of which are somewhat different than Arkime's query syntax (see the help at [https://localhost/help#search](https://localhost/help#search) if you are connecting locally). The Arkime interface is for searching and visualizing both Arkime sessions and Zeek logs. The prebuilt dashboards in the OpenSearch Dashboards interface are for searching and visualizing Zeek logs, but will not include Arkime sessions. Here are some common patterns used in building search query strings for Arkime and OpenSearch Dashboards, respectively. See the links provided for further documentation. - -| | [Arkime Search String](https://localhost/help#search) | [OpenSearch Dashboards Search String (Lucene)](https://www.elastic.co/guide/en/kibana/current/lucene-query.html) | [OpenSearch Dashboards Search String (DQL)](https://www.elastic.co/guide/en/kibana/current/kuery-query.html)| -|---|:---:|:---:|:---:| -| Field exists |`event.dataset == EXISTS!`|`_exists_:event.dataset`|`event.dataset:*`| -| Field does not exist |`event.dataset != EXISTS!`|`NOT _exists_:event.dataset`|`NOT event.dataset:*`| -| Field matches a value |`port.dst == 22`|`destination.port:22`|`destination.port:22`| -| Field does not match a value |`port.dst != 22`|`NOT destination.port:22`|`NOT destination.port:22`| -| Field matches at least one of a list of values |`tags == [foo, bar]`|`tags:(foo OR bar)`|`tags:(foo or bar)`| -| Field range (inclusive) |`http.statuscode >= 200 && http.statuscode <= 300`|`http.statuscode:[200 TO 300]`|`http.statuscode >= 200 and http.statuscode <= 300`| -| Field range (exclusive) |`http.statuscode > 200 && http.statuscode < 300`|`http.statuscode:{200 TO 300}`|`http.statuscode > 200 and http.statuscode < 300`| -| Field range (mixed exclusivity) |`http.statuscode >= 200 && http.statuscode < 300`|`http.statuscode:[200 TO 300}`|`http.statuscode >= 200 and http.statuscode < 300`| -| Match all search terms (AND) |`(tags == [foo, bar]) && (http.statuscode == 401)`|`tags:(foo OR bar) AND http.statuscode:401`|`tags:(foo or bar) and http.statuscode:401`| -| Match any search terms (OR) |`(zeek.ftp.password == EXISTS!) || (zeek.http.password == EXISTS!) || (related.user == "anonymous")`|`_exists_:zeek.ftp.password OR _exists_:zeek.http.password OR related.user:"anonymous"`|`zeek.ftp.password:* or zeek.http.password:* or related.user:"anonymous"`| -| Global string search (anywhere in the document) |all Arkime search expressions are field-based|`microsoft`|`microsoft`| -| Wildcards|`host.dns == "*micro?oft*"` (`?` for single character, `*` for any characters)|`dns.host:*micro?oft*` (`?` for single character, `*` for any characters)|`dns.host:*micro*ft*` (`*` for any characters)| -| Regex |`host.http == /.*www\.f.*k\.com.*/`|`zeek.http.host:/.*www\.f.*k\.com.*/`|DQL does not support regex| -| IPv4 values |`ip == 0.0.0.0/0`|`source.ip:"0.0.0.0/0" OR destination.ip:"0.0.0.0/0"`|`source.ip:"0.0.0.0/0" OR destination.ip:"0.0.0.0/0"`| -| IPv6 values |`(ip.src == EXISTS! || ip.dst == EXISTS!) && (ip != 0.0.0.0/0)`|`(_exists_:source.ip AND NOT source.ip:"0.0.0.0/0") OR (_exists_:destination.ip AND NOT destination.ip:"0.0.0.0/0")`|`(source.ip:* and not source.ip:"0.0.0.0/0") or (destination.ip:* and not destination.ip:"0.0.0.0/0")`| -| GeoIP information available |`country == EXISTS!`|`_exists_:destination.geo OR _exists_:source.geo`|`destination.geo:* or source.geo:*`| -| Zeek log type |`event.dataset == notice`|`event.dataset:notice`|`event.dataset:notice`| -| IP CIDR Subnets |`ip.src == 172.16.0.0/12`|`source.ip:"172.16.0.0/12"`|`source.ip:"172.16.0.0/12"`| -| Search time frame |Use Arkime time bounding controls under the search bar|Use OpenSearch Dashboards time range controls in the upper right-hand corner|Use OpenSearch Dashboards time range controls in the upper right-hand corner| - -When building complex queries, it is **strongly recommended** that you enclose search terms and expressions in parentheses to control order of operations. - -As Zeek logs are ingested, Malcolm parses and normalizes the logs' fields to match Arkime's underlying OpenSearch schema. A complete list of these fields can be found in the Arkime help (accessible at [https://localhost/help#fields](https://localhost/help#fields) if you are connecting locally). - -Whenever possible, Zeek fields are mapped to existing corresponding Arkime fields: for example, the `orig_h` field in Zeek is mapped to Arkime's `source.ip` field. The original Zeek fields are also left intact. To complicate the issue, the Arkime interface uses its own aliases to reference those fields: the source IP field is referenced as `ip.src` (Arkime's alias) in Arkime and `source.ip` or `source.ip` in OpenSearch Dashboards. - -The table below shows the mapping of some of these fields. - -| Field Description |Arkime Field Alias(es)|Arkime-mapped Zeek Field(s)|Zeek Field(s)| -|---|:---:|:---:|:---:| -| [Community ID](https://github.com/corelight/community-id-spec) Flow Hash ||`network.community_id`|`network.community_id`| -| Destination IP |`ip.dst`|`destination.ip`|`destination.ip`| -| Destination MAC |`mac.dst`|`destination.mac`|`destination.mac`| -| Destination Port |`port.dst`|`destination.port`|`destination.port`| -| Duration |`session.length`|`length`|`zeek.conn.duration`| -| First Packet Time |`starttime`|`firstPacket`|`zeek.ts`, `@timestamp`| -| IP Protocol |`ip.protocol`|`ipProtocol`|`network.transport`| -| Last Packet Time |`stoptime`|`lastPacket`|| -| MIME Type |`email.bodymagic`, `http.bodymagic`|`http.bodyMagic`|`file.mime_type`, `zeek.files.mime_type`, `zeek.ftp.mime_type`, `zeek.http.orig_mime_types`, `zeek.http.resp_mime_types`, `zeek.irc.dcc_mime_type`| -| Protocol/Service |`protocols`|`protocol`|`network.transport`, `network.protocol`| -| Request Bytes |`databytes.src`, `bytes.src`|`source.bytes`, `client.bytes`|`zeek.conn.orig_bytes`, `zeek.conn.orig_ip_bytes`| -| Request Packets |`packets.src`|`source.packets`|`zeek.conn.orig_pkts`| -| Response Bytes |`databytes.dst`, `bytes.dst`|`destination.bytes`, `server.bytes`|`zeek.conn.resp_bytes`, `zeek.conn.resp_ip_bytes`| -| Response Packets |`packets.dst`|`destination.packets`|`zeek.con.resp_pkts`| -| Source IP |`ip.src`|`source.ip`|`source.ip`| -| Source MAC |`mac.src`|`source.mac`|`source.mac`| -| Source Port |`port.src`|`source.port`|`source.port`| -| Total Bytes |`databytes`, `bytes`|`totDataBytes`, `network.bytes`|| -| Total Packets |`packets`|`network.packets`|| -| Username |`user`|`user`|`related.user`| -| Zeek Connection UID|||`zeek.uid`, `event.id`| -| Zeek File UID |||`zeek.fuid`, `event.id`| -| Zeek Log Type |||`event.dataset`| - -In addition to the fields listed above, Arkime provides several special field aliases for matching any field of a particular type. While these aliases do not exist in OpenSearch Dashboards *per se*, they can be approximated as illustrated below. - -| Matches Any | Arkime Special Field Example | OpenSearch Dashboards/Zeek Equivalent Example | -|---|:---:|:---:| -| IP Address | `ip == 192.168.0.1` | `source.ip:192.168.0.1 OR destination.ip:192.168.0.1` | -| Port | `port == [80, 443, 8080, 8443]` | `source.port:(80 OR 443 OR 8080 OR 8443) OR destination.port:(80 OR 443 OR 8080 OR 8443)` | -| Country (code) | `country == [RU,CN]` | `destination.geo.country_code2:(RU OR CN) OR source.geo.country_code2:(RU OR CN) OR dns.GEO:(RU OR CN)` | -| Country (name) | | `destination.geo.country_name:(Russia OR China) OR source.geo.country_name:(Russia OR China)` | -| ASN | `asn == "*Mozilla*"` | `source.as.full:*Mozilla* OR destination.as.full:*Mozilla* OR dns.ASN:*Mozilla*` | -| Host | `host == www.microsoft.com` | `zeek.http.host:www.microsoft.com (or zeek.dhcp.host_name, zeek.dns.host, zeek.ntlm.host, smb.host, etc.)` | -| Protocol (layers >= 4) | `protocols == tls` | `protocol:tls` | -| User | `user == EXISTS! && user != anonymous` | `_exists_:user AND (NOT user:anonymous)` | - -For details on how to filter both Zeek logs and Arkime session records for a particular connection, see [Correlating Zeek logs and Arkime sessions](#ZeekArkimeFlowCorrelation). - -## Other Malcolm features - -### Automatic file extraction and scanning - -Malcolm can leverage Zeek's knowledge of network protocols to automatically detect file transfers and extract those files from PCAPs as Zeek processes them. This behavior can be enabled globally by modifying the `ZEEK_EXTRACTOR_MODE` [environment variable in `docker-compose.yml`](#DockerComposeYml), or on a per-upload basis for PCAP files uploaded via the [browser-based upload form](#Upload) when **Analyze with Zeek** is selected. - -To specify which files should be extracted, the following values are acceptable in `ZEEK_EXTRACTOR_MODE`: - -* `none`: no file extraction -* `interesting`: extraction of files with mime types of common attack vectors -* `mapped`: extraction of files with recognized mime types -* `known`: extraction of files for which any mime type can be determined -* `all`: extract all files - -Extracted files can be examined through any of the following methods: - -* submitting file hashes to [**VirusTotal**](https://www.virustotal.com/en/#search); to enable this method, specify the `VTOT_API2_KEY` [environment variable in `docker-compose.yml`](#DockerComposeYml) -* scanning files with [**ClamAV**](https://www.clamav.net/); to enable this method, set the `EXTRACTED_FILE_ENABLE_CLAMAV` [environment variable in `docker-compose.yml`](#DockerComposeYml) to `true` -* scanning files with [**Yara**](https://github.com/VirusTotal/yara); to enable this method, set the `EXTRACTED_FILE_ENABLE_YARA` [environment variable in `docker-compose.yml`](#DockerComposeYml) to `true` -* scanning PE (portable executable) files with [**Capa**](https://github.com/fireeye/capa); to enable this method, set the `EXTRACTED_FILE_ENABLE_CAPA` [environment variable in `docker-compose.yml`](#DockerComposeYml) to `true` - -Files which are flagged via any of these methods will be logged as Zeek `signatures.log` entries, and can be viewed in the **Signatures** dashboard in OpenSearch Dashboards. - -The `EXTRACTED_FILE_PRESERVATION` [environment variable in `docker-compose.yml`](#DockerComposeYml) determines the behavior for preservation of Zeek-extracted files: - -* `quarantined`: preserve only flagged files in `./zeek-logs/extract_files/quarantine` -* `all`: preserve flagged files in `./zeek-logs/extract_files/quarantine` and all other extracted files in `./zeek-logs/extract_files/preserved` -* `none`: preserve no extracted files - -The `EXTRACTED_FILE_HTTP_SERVER_…` [environment variables in `docker-compose.yml`](#DockerComposeYml) configure access to the Zeek-extracted files path through the means of a simple HTTPS directory server. Beware that Zeek-extracted files may contain malware. As such, the files may be optionally encrypted upon download. - -### Automatic host and subnet name assignment - -#### IP/MAC address to hostname mapping via `host-map.txt` - -The `host-map.txt` file in the Malcolm installation directory can be used to define names for network hosts based on IP and/or MAC addresses in Zeek logs. The default empty configuration looks like this: -``` -# IP or MAC address to host name map: -# address|host name|required tag -# -# where: -# address: comma-separated list of IPv4, IPv6, or MAC addresses -# e.g., 172.16.10.41, 02:42:45:dc:a2:96, 2001:0db8:85a3:0000:0000:8a2e:0370:7334 -# -# host name: host name to be assigned when event address(es) match -# -# required tag (optional): only check match and apply host name if the event -# contains this tag -# -``` -Each non-comment line (not beginning with a `#`), defines an address-to-name mapping for a network host. For example: -``` -127.0.0.1,127.0.1.1,::1|localhost| -192.168.10.10|office-laptop.intranet.lan| -06:46:0b:a6:16:bf|serial-host.intranet.lan|testbed -``` -Each line consists of three `|`-separated fields: address(es), hostname, and, optionally, a tag which, if specified, must belong to a log for the matching to occur. - -As Zeek logs are processed into Malcolm's OpenSearch instance, the log's source and destination IP and MAC address fields (`source.ip`, `destination.ip`, `source.mac`, and `destination.mac`, respectively) are compared against the lists of addresses in `host-map.txt`. When a match is found, a new field is added to the log: `source.hostname` or `destination.hostname`, depending on whether the matching address belongs to the originating or responding host. If the third field (the "required tag" field) is specified, a log must also contain that value in its `tags` field in addition to matching the IP or MAC address specified in order for the corresponding `_hostname` field to be added. - -`source.hostname` and `destination.hostname` may each contain multiple values. For example, if both a host's source IP address and source MAC address were matched by two different lines, `source.hostname` would contain the hostname values from both matching lines. - -#### CIDR subnet to network segment name mapping via `cidr-map.txt` - -The `cidr-map.txt` file in the Malcolm installation directory can be used to define names for network segments based on IP addresses in Zeek logs. The default empty configuration looks like this: -``` -# CIDR to network segment format: -# IP(s)|segment name|required tag -# -# where: -# IP(s): comma-separated list of CIDR-formatted network IP addresses -# e.g., 10.0.0.0/8, 169.254.0.0/16, 172.16.10.41 -# -# segment name: segment name to be assigned when event IP address(es) match -# -# required tag (optional): only check match and apply segment name if the event -# contains this tag -# -``` -Each non-comment line (not beginning with a `#`), defines an subnet-to-name mapping for a network host. For example: -``` -192.168.50.0/24,192.168.40.0/24,10.0.0.0/8|corporate| -192.168.100.0/24|control| -192.168.200.0/24|dmz| -172.16.0.0/12|virtualized|testbed -``` -Each line consists of three `|`-separated fields: CIDR-formatted subnet IP range(s), subnet name, and, optionally, a tag which, if specified, must belong to a log for the matching to occur. - -As Zeek logs are processed into Malcolm's OpenSearch instance, the log's source and destination IP address fields (`source.ip` and `destination.ip`, respectively) are compared against the lists of addresses in `cidr-map.txt`. When a match is found, a new field is added to the log: `source.segment` or `destination.segment`, depending on whether the matching address belongs to the originating or responding host. If the third field (the "required tag" field) is specified, a log must also contain that value in its `tags` field in addition to its IP address falling within the subnet specified in order for the corresponding `_segment` field to be added. - -`source.segment` and `destination.segment` may each contain multiple values. For example, if `cidr-map.txt` specifies multiple overlapping subnets on different lines, `source.segment` would contain the hostname values from both matching lines if `source.ip` belonged to both subnets. - -If both `source.segment` and `destination.segment` are added to a log, and if they contain different values, the tag `cross_segment` will be added to the log's `tags` field for convenient identification of cross-segment traffic. This traffic could be easily visualized using Arkime's **Connections** graph, by setting the **Src:** value to **Originating Network Segment** and the **Dst:** value to **Responding Network Segment**: - -![Cross-segment traffic in Connections](./docs/images/screenshots/arkime_connections_segments.png) - -#### Defining hostname and CIDR subnet names interface - -As an alternative to manually editing `cidr-map.txt` and `host-map.txt`, a **Host and Subnet Name Mapping** editor is available at [https://localhost/name-map-ui/](https://localhost/name-map-ui/) if you are connecting locally. Upon loading, the editor is populated from `cidr-map.txt`, `host-map.txt` and `net-map.json`. - -This editor provides the following controls: - -* 🔎 **Search mappings** - narrow the list of visible items using a search filter -* **Type**, **Address**, **Name** and **Tag** *(column headings)* - sort the list of items by clicking a column header -* 📝 *(per item)* - modify the selected item -* 🚫 *(per item)* - remove the selected item -* 🖳 **host** / 🖧 **segment**, **Address**, **Name**, **Tag (optional)** and 💾 - save the item with these values (either adding a new item or updating the item being modified) -* 📥 **Import** - clear the list and replace it with the contents of an uploaded `net-map.json` file -* 📤 **Export** - format and download the list as a `net-map.json` file -* 💾 **Save Mappings** - format and store `net-map.json` in the Malcolm directory (replacing the existing `net-map.json` file) -* 🔁 **Restart Logstash** - restart log ingestion, parsing and enrichment - -![Host and Subnet Name Mapping Editor](./docs/images/screenshots/malcolm_name_map_ui.png) - -#### Applying mapping changes - -When changes are made to either `cidr-map.txt`, `host-map.txt` or `net-map.json`, Malcolm's Logstash container must be restarted. The easiest way to do this is to restart malcolm via `restart` (see [Stopping and restarting Malcolm](#StopAndRestart)) or by clicking the 🔁 **Restart Logstash** button in the [name mapping interface](#NameMapUI) interface. - -Restarting Logstash may take several minutes, after which log ingestion will be resumed. - -### OpenSearch index management - -Malcolm releases prior to v6.2.0 used environment variables to configure OpenSearch [Index State Management](https://opensearch.org/docs/latest/im-plugin/ism/index/) [policies](https://opensearch.org/docs/latest/im-plugin/ism/policies/). - -Since then, OpenSearch Dashboards has developed and released plugins with UIs for [Index State Management](https://opensearch.org/docs/latest/im-plugin/ism/index/) and [Snapshot Management](https://opensearch.org/docs/latest/opensearch/snapshots/sm-dashboards/). Because these plugins provide a more comprehensive and user-friendly interfaces for these features, the old environment variable-based configuration code has been removed from Malcolm, with the exception of the code that uses `OPENSEARCH_INDEX_SIZE_PRUNE_LIMIT` and `OPENSEARCH_INDEX_SIZE_PRUNE_NAME_SORT` which deals with deleting the oldest network session metadata indices when the database exceeds a certain size. - -Note that OpenSearch index state management and snapshot management only deals with disk space consumed by OpenSearch indices: it does not have anything to do with PCAP file storage. The `MANAGE_PCAP_FILES` environment variable in the [`docker-compose.yml`](#DockerComposeYml) file can be used to allow Arkime to prune old PCAP files based on available disk space. - -### Event severity scoring - -As Zeek logs are parsed and enriched prior to indexing, a severity score up to `100` (a higher score indicating a more severe event) can be assigned when one or more of the following conditions are met: - -* cross-segment network traffic (if [network subnets were defined](#HostAndSubnetNaming)) -* connection origination and destination (e.g., inbound, outbound, external, internal) -* traffic to or from sensitive countries - - The comma-separated list of countries (by [ISO 3166-1 alpha-2 code](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Current_codes)) can be customized by setting the `SENSITIVE_COUNTRY_CODES` environment variable in [`docker-compose.yml`](#DockerComposeYml). -* domain names (from DNS queries and SSL server names) with high entropy as calculated by [freq](https://github.com/MarkBaggett/freq) - - The entropy threshold for this condition to trigger can be adjusted by setting the `FREQ_SEVERITY_THRESHOLD` environment variable in [`docker-compose.yml`](#DockerComposeYml). A lower value will only assign severity scores to fewer domain names with higher entropy (e.g., `2.0` for `NQZHTFHRMYMTVBQJE.COM`), while a higher value will assign severity scores to more domain names with lower entropy (e.g., `7.5` for `naturallanguagedomain.example.org`). -* file transfers (categorized by mime type) -* `notice.log`, [`intel.log`](#ZeekIntel) and `weird.log` entries, including those generated by Zeek plugins detecting vulnerabilities (see the list of Zeek plugins under [Components](#Components)) -* detection of cleartext passwords -* use of insecure or outdated protocols -* tunneled traffic or use of VPN protocols -* rejected or aborted connections -* common network services communicating over non-standard ports -* file scanning engine hits on [extracted files](#ZeekFileExtraction) -* large connection or file transfer - - The size (in megabytes) threshold for this condition to trigger can be adjusted by setting the `TOTAL_MEGABYTES_SEVERITY_THRESHOLD` environment variable in [`docker-compose.yml`](#DockerComposeYml). -* long connection duration - - The duration (in seconds) threshold for this condition to trigger can be adjusted by setting the `CONNECTION_SECONDS_SEVERITY_THRESHOLD` environment variable in [`docker-compose.yml`](#DockerComposeYml). - -As this [feature](https://github.com/idaholab/Malcolm/issues/19) is improved it's expected that additional categories will be identified and implemented for severity scoring. - -When a Zeek log satisfies more than one of these conditions its severity scores will be summed, with a maximum score of `100`. A Zeek log's severity score is indexed in the `event.severity` field and the conditions which contributed to its score are indexed in `event.severity_tags`. - -![The Severity dashboard](./docs/images/screenshots/dashboards_severity.png) - -#### Customizing event severity scoring - -These categories' severity scores can be customized by editing `logstash/maps/malcolm_severity.yaml`: - -* Each category can be assigned a number between `1` and `100` for severity scoring. -* Any category may be disabled by assigning it a score of `0`. -* A severity score can be assigned for any [supported protocol](#Protocols) by adding an entry with the key formatted like `"PROTOCOL_XYZ"`, where `XYZ` is the uppercased value of the protocol as stored in the `network.protocol` field. For example, to assign a score of `40` to Zeek logs generated for SSH traffic, you could add the following line to `malcolm_severity.yaml`: - -``` -"PROTOCOL_SSH": 40 -``` - -Restart Logstash after modifying `malcolm_severity.yaml` for the changes to take effect. The [hostname and CIDR subnet names interface](#NameMapUI) provides a convenient button for restarting Logstash. - -Severity scoring can be disabled globally by setting the `LOGSTASH_SEVERITY_SCORING` environment variable to `false` in the [`docker-compose.yml`](#DockerComposeYml) file and [restarting Malcolm](#StopAndRestart). - -### Zeek Intelligence Framework - -To quote Zeek's [Intelligence Framework](https://docs.zeek.org/en/master/frameworks/intel.html) documentation, "The goals of Zeek’s Intelligence Framework are to consume intelligence data, make it available for matching, and provide infrastructure to improve performance and memory utilization. Data in the Intelligence Framework is an atomic piece of intelligence such as an IP address or an e-mail address. This atomic data will be packed with metadata such as a freeform source field, a freeform descriptive field, and a URL which might lead to more information about the specific item." Zeek [intelligence](https://docs.zeek.org/en/master/scripts/base/frameworks/intel/main.zeek.html) [indicator types](https://docs.zeek.org/en/master/scripts/base/frameworks/intel/main.zeek.html#type-Intel::Type) include IP addresses, URLs, file names, hashes, email addresses, and more. - -Malcolm doesn't come bundled with intelligence files from any particular feed, but they can be easily included into your local instance. On [startup](shared/bin/zeek_intel_setup.sh), Malcolm's `malcolmnetsec/zeek` docker container enumerates the subdirectories under `./zeek/intel` (which is [bind mounted](https://docs.docker.com/storage/bind-mounts/) into the container's runtime) and configures Zeek so that those intelligence files will be automatically included in its local policy. Subdirectories under `./zeek/intel` which contain their own `__load__.zeek` file will be `@load`-ed as-is, while subdirectories containing "loose" intelligence files will be [loaded](https://docs.zeek.org/en/master/frameworks/intel.html#loading-intelligence) automatically with a `redef Intel::read_files` directive. - -Note that Malcolm does not manage updates for these intelligence files. You should use the update mechanism suggested by your feeds' maintainers to keep them up to date, or use a [TAXII](#ZeekIntelSTIX) or [MISP](#ZeekIntelMISP) feed as described below. - -Adding and deleting intelligence files under this directory will take effect upon [restarting Malcolm](#StopAndRestart). Alternately, you can use the `ZEEK_INTEL_REFRESH_CRON_EXPRESSION` environment variable containing a [cron expression](https://en.wikipedia.org/wiki/Cron#CRON_expression) to specify the interval at which the intel files should be refreshed. It can also be done manually without restarting Malcolm by running the following command from the Malcolm installation directory: - -``` -docker-compose exec --user $(id -u) zeek /usr/local/bin/entrypoint.sh true -``` - -For a public example of Zeek intelligence files, see Critical Path Security's [repository](https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds) which aggregates data from various other threat feeds into Zeek's format. - -#### STIX™ and TAXII™ - -In addition to loading Zeek intelligence files, on startup Malcolm will [automatically generate](shared/bin/zeek_intel_from_threat_feed.py) a Zeek intelligence file for all [Structured Threat Information Expression (STIX™)](https://oasis-open.github.io/cti-documentation/stix/intro.html) [v2.0](https://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part1-stix-core.html)/[v2.1](https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html) JSON files found under `./zeek/intel/STIX`. - -Additionally, if a special text file named `.stix_input.txt` is found in `./zeek/intel/STIX`, that file will be read and processed as a list of [TAXII™](https://oasis-open.github.io/cti-documentation/taxii/intro.html) [2.0](http://docs.oasis-open.org/cti/taxii/v2.0/cs01/taxii-v2.0-cs01.html)/[2.1](https://docs.oasis-open.org/cti/taxii/v2.1/csprd02/taxii-v2.1-csprd02.html) feeds, one per line, according to the following format (the username and password are optional): - -``` -taxii|version|discovery_url|collection_name|username|password -``` - -For example: - -``` -taxii|2.0|http://example.org/taxii/|IP Blocklist|guest|guest -taxii|2.1|https://example.com/taxii/api2/|URL Blocklist -… -``` - -Malcolm will attempt to query the TAXII feed(s) for `indicator` STIX objects and convert them to the Zeek intelligence format as described above. There are publicly available TAXII 2.x-compatible services provided by a number of organizations including [Anomali Labs](https://www.anomali.com/resources/limo) and [MITRE](https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/attck%E2%84%A2-content-available-in-stix%E2%84%A2-20-via), or you may choose from several open-source offerings to roll your own TAXII 2 server (e.g., [oasis-open/cti-taxii-server](https://github.com/oasis-open/cti-taxii-server), [freetaxii/server](https://github.com/freetaxii/server), [StephenOTT/TAXII-Server](https://github.com/StephenOTT/TAXII-Server), etc.). - -Note that only **indicators** of [**cyber-observable objects**](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_mlbmudhl16lr) matched with the **equals (`=`)** [comparison operator](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_t11hn314cr7w) against a **single value** can be expressed as Zeek intelligence items. More complex STIX indicators will be silently ignored. - -#### MISP - -In addition to loading Zeek intelligence files, on startup Malcolm will [automatically generate](shared/bin/zeek_intel_from_threat_feed.py) a Zeek intelligence file for all [Malware Information Sharing Platform (MISP)](https://www.misp-project.org/datamodels/) JSON files found under `./zeek/intel/MISP`. - -Additionally, if a special text file named `.misp_input.txt` is found in `./zeek/intel/MISP`, that file will be read and processed as a list of [MISP feed](https://misp.gitbooks.io/misp-book/content/managing-feeds/#feeds) URLs, one per line, according to the following format (the authentication key is optional): - -``` -misp|manifest_url|auth_key -``` - -For example: - -``` -misp|https://example.com/data/feed-osint/manifest.json|df97338db644c64fbfd90f3e03ba8870 -… -``` - -Malcolm will attempt to connect to the MISP feed(s) and retrieve [`Attribute`](https://www.misp-standard.org/rfc/misp-standard-core.html#name-attribute) objects of MISP events and convert them to the Zeek intelligence format as described above. There are publicly available [MISP feeds](https://www.misp-project.org/feeds/) and [communities](https://www.misp-project.org/communities/), or you may [run your own MISP instance](https://www.misp-project.org/2019/09/25/hostev-vs-own-misp.html/). - -Note that only a subset of MISP [attribute types](https://www.misp-project.org/datamodels/#attribute-categories-vs-types) can be expressed with the Zeek intelligence [indicator types](https://docs.zeek.org/en/master/scripts/base/frameworks/intel/main.zeek.html#type-Intel::Type). MISP attributes with other types will be silently ignored. - -### Anomaly Detection - -Malcolm uses the Anomaly Detection plugins for [OpenSearch](https://github.com/opensearch-project/anomaly-detection) and [OpenSearch Dashboards](https://github.com/opensearch-project/anomaly-detection-dashboards-plugin) to identify anomalous log data in near real-time using the [Random Cut Forest](https://api.semanticscholar.org/CorpusID:927435) (RCF) algorithm. This can be paired with [Alerting](#Alerting) to automatically notify when anomalies are found. See [Anomaly detection](https://opensearch.org/docs/latest/monitoring-plugins/ad/index/) in the OpenSearch documentation for usage instructions on how to create detectors for any of the many fields Malcolm supports. - -A fresh installation of Malcolm configures [several detectors](dashboards/anomaly_detectors) for detecting anomalous network traffic: - -* **network_protocol** - Detects anomalies based on application protocol (`network.protocol`) -* **action_result_user** - Detects anomalies in action (`event.action`), result (`event.result`) and user (`related.user`) within application protocols (`network.protocol`) -* **file_mime_type** - Detects anomalies based on transferred file type (`file.mime_type`) -* **total_bytes** - Detects anomalies based on traffic size (sum of `network.bytes`) - -These detectors are disabled by default, but may be enabled for anomaly detection over streaming or [historical data](https://aws.amazon.com/about-aws/whats-new/2022/01/amazon-opensearch-service-elasticsearch-anomaly-detection/). - -### Alerting - -Malcolm uses the Alerting plugins for [OpenSearch](https://github.com/opensearch-project/alerting) and [OpenSearch Dashboards](https://github.com/opensearch-project/alerting-dashboards-plugin). See [Alerting](https://opensearch.org/docs/latest/monitoring-plugins/alerting/index/) in the OpenSearch documentation for usage instructions. - -A fresh installation of Malcolm configures an example [custom webhook destination](https://opensearch.org/docs/latest/monitoring-plugins/alerting/monitors/#create-destinations) named **Malcolm API Loopback Webhook** that directs the triggered alerts back into the [Malcolm API](#API) to be reindexed as a session record with `event.dataset` set to `alerting`. The corresponding monitor **Malcolm API Loopback Monitor** is disabled by default, as you'll likely want to configure the trigger conditions to suit your needs. These examples are provided to illustrate how triggers and monitors can interact with a custom webhook to process alerts. - -#### Email Sender Accounts - -When using an email account to send alerts, you must [authenticate each sender account](https://opensearch.org/docs/latest/monitoring-plugins/alerting/monitors/#authenticate-sender-account) before you can send an email. The [`auth_setup`](#AuthSetup) script can be used to securely store the email account credentials: - -``` -./scripts/auth_setup - -Store administrator username/password for local Malcolm access? (Y/n): n - -(Re)generate self-signed certificates for HTTPS access (Y/n): n - -(Re)generate self-signed certificates for a remote log forwarder (Y/n): n - -Store username/password for primary remote OpenSearch instance? (y/N): n - -Store username/password for secondary remote OpenSearch instance? (y/N): n - -Store username/password for email alert sender account? (y/N): y - -Email account username: analyst@example.org -analyst@example.org password: -analyst@example.org password (again): -Email alert sender account variables stored: opensearch.alerting.destination.email.destination_alpha.password, opensearch.alerting.destination.email.destination_alpha.username - -(Re)generate internal passwords for NetBox (Y/n): n -``` - -This action should only be performed while Malcolm is [stopped](#StopAndRestart): otherwise the credentials will not be stored correctly. - -### "Best Guess" Fingerprinting for ICS Protocols - -There are many ICS (industrial control systems) protocols. While Malcolm's collection of [protocol parsers](#Protocols) includes a number of them, many, particularly those that are proprietary or less common, are unlikely to be supported with a full parser in the foreseeable future. - -In an effort to help identify more ICS traffic, Malcolm can use "best guess" method based on transport protocol (e.g., TCP or UDP) and port(s) to categorize potential traffic communicating over some ICS protocols without full parser support. This feature involves a [mapping table](https://github.com/idaholab/Malcolm/blob/master/zeek/config/guess_ics_map.txt) and a [Zeek script](https://github.com/idaholab/Malcolm/blob/master/zeek/config/guess.zeek) to look up the transport protocol and destination and/or source port to make a best guess at whether a connection belongs to one of those protocols. These potential ICS communications are categorized by vendor where possible. - -Naturally, these lookups could produce false positives, so these connections are displayed in their own dashboard (the **Best Guess** dashboard found under the **ICS** section of Malcolm's [OpenSearch Dashboards](#DashboardsVisualizations) navigation pane). Values such as IP addresses, ports, or UID can be used to [pivot to other dashboards](#ZeekArkimeFlowCorrelation) to investigate further. - -![](./docs/images/screenshots/dashboards_bestguess.png) - -This feature is disabled by default, but it can be enabled by clearing (setting to `''`) the value of the `ZEEK_DISABLE_BEST_GUESS_ICS` environment variable in [`docker-compose.yml`](#DockerComposeYml). - -### Asset Management with NetBox - -Malcolm provides an instance of [NetBox](https://netbox.dev/), an open-source "solution for modeling and documenting modern networks." The NetBox web interface is available at at [https://localhost/netbox/](https://localhost/netbox/) if you are connecting locally. - -The design of a potentially deeper integration between Malcolm and Netbox is a work in progress. The purpose of an asset management system is to document the intended state of a network: were Malcolm to actively and agressively populate NetBox with the live network state, a network configuration fault could result in an incorrect documented configuration. The Malcolm development team is investigating what data, if any, should automatically flow to NetBox based on traffic observed (enabled via the `NETBOX_CRON` [environment variable in `docker-compose.yml`](#DockerComposeYml)), and what NetBox inventory data could be used, if any, to enrich Malcolm's network traffic metadata. Well-considered suggestions in this area [are welcome](mailto:malcolm@inl.gov?subject=NetBox). - -Please see the [NetBox page on GitHub](https://github.com/netbox-community/netbox), its [documentation](https://docs.netbox.dev/en/stable/) and its [public demo](https://demo.netbox.dev/) for more information. - -### CyberChef - -Malcolm provides an instance of [CyberChef](https://github.com/gchq/CyberChef), the "Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis." CyberChef is available at at [https://localhost/cyberchef.html](https://localhost/cyberchef.html) if you are connecting locally. - -Arkime's [Sessions](#ArkimeSessions) view has built-in CyberChef integration for Arkime sessions with full PCAP payloads available: expanding a session and opening the **Packet Options** drop-down menu in its payload section will provide options for **Open src packets with CyberChef** and **Open dst packets with CyberChef**. - -### API - -Malcolm provides a [REST API](./api/project/__init__.py) that can be used to programatically query some aspects of Malcolm's status and data. Malcolm's API is not to be confused with the [Viewer API](https://arkime.com/apiv3) provided by Arkime, although there may be some overlap in functionality. - -#### Ping - -`GET` - /mapi/ping - -Returns `pong` (for a simple "up" check). - -Example output: - -```json -{"ping":"pong"} -``` - -#### Version Information - -`GET` - /mapi/version - -Returns version information about Malcolm and version/[health](https://opensearch.org/docs/latest/opensearch/rest-api/cluster-health/) information about the underlying OpenSearch instance. - -
-Example output: - -```json -{ - "built": "2022-01-18T16:10:39Z", - "opensearch": { - "cluster_name": "docker-cluster", - "cluster_uuid": "TcSiEaOgTdO_l1IivYz2gA", - "name": "opensearch", - "tagline": "The OpenSearch Project: https://opensearch.org/", - "version": { - "build_date": "2021-12-21T01:36:21.407473Z", - "build_hash": "8a529d77c7432bc45b005ac1c4ba3b2741b57d4a", - "build_snapshot": false, - "build_type": "tar", - "lucene_version": "8.10.1", - "minimum_index_compatibility_version": "6.0.0-beta1", - "minimum_wire_compatibility_version": "6.8.0", - "number": "7.10.2" - } - }, - "opensearch_health": { - "active_primary_shards": 29, - "active_shards": 29, - "active_shards_percent_as_number": 82.85714285714286, - "cluster_name": "docker-cluster", - "delayed_unassigned_shards": 0, - "discovered_master": true, - "initializing_shards": 0, - "number_of_data_nodes": 1, - "number_of_in_flight_fetch": 0, - "number_of_nodes": 1, - "number_of_pending_tasks": 0, - "relocating_shards": 0, - "status": "yellow", - "task_max_waiting_in_queue_millis": 0, - "timed_out": false, - "unassigned_shards": 6 - }, - "sha": "8ddbbf4", - "version": "5.2.0" -} -``` -
- -#### Fields - -`GET` - /mapi/fields - -Returns the (very long) list of fields known to Malcolm, comprised of data from Arkime's [`fields` table](https://arkime.com/apiv3#fields-api), the Malcolm [OpenSearch template](./dashboards/templates/malcolm_template.json) and the OpenSearch Dashboards index pattern API. - -
-Example output: - -```json -{ - "fields": { - "@timestamp": { - "type": "date" - }, -… - "zeek.x509.san_uri": { - "description": "Subject Alternative Name URI", - "type": "string" - }, - "zeek.x509.san_uri.text": { - "type": "string" - } - }, - "total": 2005 -} -``` -
- - -#### Indices - -`GET` - /mapi/indices - -Lists [information related to the underlying OpenSearch indices](https://opensearch.org/docs/latest/opensearch/rest-api/cat/cat-indices/), similar to Arkime's [esindices](https://arkime.com/apiv3#esindices-api) API. - -
-Example output: - -```json - -{ - "indices": [ -… - { - "docs.count": "2268613", - "docs.deleted": "0", - "health": "green", - "index": "arkime_sessions3-210301", - "pri": "1", - "pri.store.size": "1.8gb", - "rep": "0", - "status": "open", - "store.size": "1.8gb", - "uuid": "w-4Q0ofBTdWO9KqeIIAAWg" - }, -… - ] -} -``` -
- -#### Field Aggregations - -`GET` or `POST` - /mapi/agg/`` - -Executes an OpenSearch [bucket aggregation](https://opensearch.org/docs/latest/opensearch/bucket-agg/) query for the requested fields across all of Malcolm's indexed network traffic metadata. - -Parameters: - -* `fieldname` (URL parameter) - the name(s) of the field(s) to be queried (comma-separated if multiple fields) (default: `event.provider`) -* `limit` (query parameter) - the maximum number of records to return at each level of aggregation (default: 500) -* `from` (query parameter) - the time frame ([`gte`](https://opensearch.org/docs/latest/opensearch/query-dsl/term/#range)) for the beginning of the search based on the session's `firstPacket` field value in a format supported by the [dateparser](https://github.com/scrapinghub/dateparser) library (default: "1 day ago") -* `to` (query parameter) - the time frame ([`lte`](https://opensearch.org/docs/latest/opensearch/query-dsl/term/#range)) for the beginning of the search based on the session's `firstPacket` field value in a format supported by the [dateparser](https://github.com/scrapinghub/dateparser) library (default: "now") -* `filter` (query parameter) - field filters formatted as a JSON dictionary - -The `from`, `to`, and `filter` parameters can be used to further restrict the range of documents returned. The `filter` dictionary should be formatted such that its keys are field names and its values are the values for which to filter. A field name may be prepended with a `!` to negate the filter (e.g., `{"event.provider":"zeek"}` vs. `{"!event.provider":"zeek"}`). Filtering for value `null` implies "is not set" or "does not exist" (e.g., `{"event.dataset":null}` means "the field `event.dataset` is `null`/is not set" while `{"!event.dataset":null}` means "the field `event.dataset` is not `null`/is set"). - -Examples of `filter` parameter: - -* `{"!network.transport":"icmp"}` - `network.transport` is not `icmp` -* `{"network.direction":["inbound","outbound"]}` - `network.direction` is either `inbound` or `outbound` -* `{"event.provider":"zeek","event.dataset":["conn","dns"]}` - "`event.provider` is `zeek` and `event.dataset` is either `conn` or `dns`" -* `{"!event.dataset":null}` - "`event.dataset` is set (is not `null`)" - -See [Examples](#APIExamples) for more examples of `filter` and corresponding output. - -#### Document Lookup - -`GET` or `POST` - /mapi/document - -Executes an OpenSearch [query](https://opensearch.org/docs/latest/opensearch/bucket-agg/) query for the matching documents across all of Malcolm's indexed network traffic metadata. - -Parameters: - -* `limit` (query parameter) - the maximum number of documents to return (default: 500) -* `from` (query parameter) - the time frame ([`gte`](https://opensearch.org/docs/latest/opensearch/query-dsl/term/#range)) for the beginning of the search based on the session's `firstPacket` field value in a format supported by the [dateparser](https://github.com/scrapinghub/dateparser) library (default: the UNIX epoch) -* `to` (query parameter) - the time frame ([`lte`](https://opensearch.org/docs/latest/opensearch/query-dsl/term/#range)) for the beginning of the search based on the session's `firstPacket` field value in a format supported by the [dateparser](https://github.com/scrapinghub/dateparser) library (default: "now") -* `filter` (query parameter) - field filters formatted as a JSON dictionary (see **Field Aggregations** for examples) - -
-Example cURL command and output: - -``` -$ curl -k -u username -L -XPOST -H 'Content-Type: application/json' \ - 'https://localhost/mapi/document' \ - -d '{"limit": 10, filter":{"zeek.uid":"CYeji2z7CKmPRGyga"}}' -``` - -```json -{ - "filter": { - "zeek.uid": "CYeji2z7CKmPRGyga" - }, - "range": [ - 0, - 1643056677 - ], - "results": [ - { - "_id": "220124-CYeji2z7CKmPRGyga-http-7677", - "_index": "arkime_sessions3-220124", - "_score": 0.0, - "_source": { - "@timestamp": "2022-01-24T20:31:01.846Z", - "@version": "1", - "agent": { - "hostname": "filebeat", - "id": "bc25716b-8fe7-4de6-a357-65c7d3c15c33", - "name": "filebeat", - "type": "filebeat", - "version": "7.10.2" - }, - "client": { - "bytes": 0 - }, - "destination": { - "as": { - "full": "AS54113 Fastly" - }, - "geo": { - "city_name": "Seattle", - "continent_code": "NA", - "country_code2": "US", - "country_code3": "US", - "country_iso_code": "US", - "country_name": "United States", - "dma_code": 819, - "ip": "151.101.54.132", - "latitude": 47.6092, - "location": { - "lat": 47.6092, - "lon": -122.3314 - }, - "longitude": -122.3314, - "postal_code": "98111", - "region_code": "WA", - "region_name": "Washington", - "timezone": "America/Los_Angeles" - }, - "ip": "151.101.54.132", - "port": 80 - }, - "ecs": { - "version": "1.6.0" - }, - "event": { - "action": [ - "GET" - ], - "category": [ - "web", - "network" - ], -… -``` -
- -#### Examples - -Some security-related API examples: - -
-Protocols - -``` -/mapi/agg/network.type,network.transport,network.protocol,network.protocol_version -``` - -```json -{ - "fields": [ - "network.type", - "network.transport", - "network.protocol", - "network.protocol_version" - ], - "filter": null, - "range": [ - 1970, - 1643067256 - ], - "urls": [ - "/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" - ], - "values": { - "buckets": [ - { - "doc_count": 442240, - "key": "ipv4", - "values": { - "buckets": [ - { - "doc_count": 279538, - "key": "udp", - "values": { - "buckets": [ - { - "doc_count": 266527, - "key": "bacnet", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 12365, - "key": "dns", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 78, - "key": "dhcp", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 44, - "key": "ntp", - "values": { - "buckets": [ - { - "doc_count": 22, - "key": "4" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 3, - "key": "enip", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 2, - "key": "krb", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "syslog", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 30824, - "key": "tcp", - "values": { - "buckets": [ - { - "doc_count": 7097, - "key": "smb", - "values": { - "buckets": [ - { - "doc_count": 4244, - "key": "1" - }, - { - "doc_count": 1438, - "key": "2" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1792, - "key": "http", - "values": { - "buckets": [ - { - "doc_count": 829, - "key": "1.0" - }, - { - "doc_count": 230, - "key": "1.1" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1280, - "key": "dce_rpc", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 857, - "key": "s7comm", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 426, - "key": "ntlm", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 378, - "key": "gssapi", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 146, - "key": "tds", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 125, - "key": "ssl", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 91, - "key": "tls", - "values": { - "buckets": [ - { - "doc_count": 48, - "key": "TLSv13" - }, - { - "doc_count": 28, - "key": "TLSv12" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 29, - "key": "ssh", - "values": { - "buckets": [ - { - "doc_count": 18, - "key": "2" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 26, - "key": "modbus", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 17, - "key": "iso_cotp", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 8, - "key": "enip", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 6, - "key": "rdp", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 4, - "key": "ftp", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 4, - "key": "krb", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 4, - "key": "rfb", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 3, - "key": "ldap", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 2, - "key": "telnet", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 848, - "key": "icmp", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1573, - "key": "ipv6", - "values": { - "buckets": [ - { - "doc_count": 1486, - "key": "udp", - "values": { - "buckets": [ - { - "doc_count": 1433, - "key": "dns", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 80, - "key": "icmp", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } -} -``` -
-
-Software - -``` -/mapi/agg/zeek.software.name,zeek.software.unparsed_version -``` - -```json -{ - "fields": [ - "zeek.software.name", - "zeek.software.unparsed_version" - ], - "filter": null, - "range": [ - 1970, - 1643067759 - ], - "urls": [ - "/dashboards/app/dashboards#/view/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" - ], - "values": { - "buckets": [ - { - "doc_count": 6, - "key": "Chrome", - "values": { - "buckets": [ - { - "doc_count": 2, - "key": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" - }, - { - "doc_count": 1, - "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" - }, - { - "doc_count": 1, - "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" - }, - { - "doc_count": 1, - "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" - }, - { - "doc_count": 1, - "key": "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.36 Safari/525.19" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 6, - "key": "Nmap-SSH", - "values": { - "buckets": [ - { - "doc_count": 3, - "key": "Nmap-SSH1-Hostkey" - }, - { - "doc_count": 3, - "key": "Nmap-SSH2-Hostkey" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 5, - "key": "MSIE", - "values": { - "buckets": [ - { - "doc_count": 2, - "key": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" - }, - { - "doc_count": 1, - "key": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E)" - }, - { - "doc_count": 1, - "key": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" - }, - { - "doc_count": 1, - "key": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 4, - "key": "Firefox", - "values": { - "buckets": [ - { - "doc_count": 2, - "key": "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" - }, - { - "doc_count": 1, - "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:34.0) Gecko/20100101 Firefox/34.0" - }, - { - "doc_count": 1, - "key": "Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 3, - "key": "ECS (sec", - "values": { - "buckets": [ - { - "doc_count": 2, - "key": "ECS (sec/96EE)" - }, - { - "doc_count": 1, - "key": "ECS (sec/97A6)" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 3, - "key": "NmapNSE", - "values": { - "buckets": [ - { - "doc_count": 3, - "key": "NmapNSE_1.0" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 2, - "key": "", - "values": { - "buckets": [ - { - "doc_count": 2, - "key": "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 2, - "key": "Microsoft-Windows", - "values": { - "buckets": [ - { - "doc_count": 2, - "key": "Microsoft-Windows/6.1 UPnP/1.0 Windows-Media-Player-DMS/12.0.7601.17514 DLNADOC/1.50" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 2, - "key": "Microsoft-Windows-NT", - "values": { - "buckets": [ - { - "doc_count": 2, - "key": "Microsoft-Windows-NT/5.1 UPnP/1.0 UPnP-Device-Host/1.0 Microsoft-HTTPAPI/2.0" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 2, - "key": "SimpleHTTP", - "values": { - "buckets": [ - { - "doc_count": 2, - "key": "SimpleHTTP/0.6 Python/2.7.17" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 2, - "key": "Windows-Media-Player-DMS", - "values": { - "buckets": [ - { - "doc_count": 2, - "key": "Windows-Media-Player-DMS/12.0.7601.17514" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "A-B WWW", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "A-B WWW/0.1" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "CONF-CTR-NAE1", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "CONF-CTR-NAE1" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "ClearSCADA", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "ClearSCADA/6.72.4644.1" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "GoAhead-Webs", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "GoAhead-Webs" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "MSFT", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "MSFT 5.0" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "Microsoft-IIS", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "Microsoft-IIS/7.5" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "Microsoft-WebDAV-MiniRedir", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "Microsoft-WebDAV-MiniRedir/6.1.7601" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "Python-urllib", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "Python-urllib/2.7" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "Schneider-WEB/V", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "Schneider-WEB/V2.1.4" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "Version", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "Version_1.0" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "nginx", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "nginx" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "sublime-license-check", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "sublime-license-check/3.0" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } -} -``` -
-
-User agent - -``` -/mapi/agg/user_agent.original -``` - -```json -{ - "fields": [ - "user_agent.original" - ], - "filter": null, - "range": [ - 1970, - 1643067845 - ], - "values": { - "buckets": [ - { - "doc_count": 230, - "key": "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" - }, - { - "doc_count": 142, - "key": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" - }, - { - "doc_count": 114, - "key": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" - }, - { - "doc_count": 50, - "key": "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" - }, - { - "doc_count": 48, - "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" - }, - { - "doc_count": 43, - "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" - }, - { - "doc_count": 33, - "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:34.0) Gecko/20100101 Firefox/34.0" - }, - { - "doc_count": 17, - "key": "Python-urllib/2.7" - }, - { - "doc_count": 12, - "key": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" - }, - { - "doc_count": 9, - "key": "Microsoft-Windows/6.1 UPnP/1.0 Windows-Media-Player-DMS/12.0.7601.17514 DLNADOC/1.50" - }, - { - "doc_count": 9, - "key": "Windows-Media-Player-DMS/12.0.7601.17514" - }, - { - "doc_count": 8, - "key": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" - }, - { - "doc_count": 5, - "key": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" - }, - { - "doc_count": 5, - "key": "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.36 Safari/525.19" - }, - { - "doc_count": 3, - "key": "Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0" - }, - { - "doc_count": 2, - "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" - }, - { - "doc_count": 1, - "key": "Microsoft-WebDAV-MiniRedir/6.1.7601" - }, - { - "doc_count": 1, - "key": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E)" - }, - { - "doc_count": 1, - "key": "sublime-license-check/3.0" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } -} -``` -
-
-External traffic (outbound/inbound) - -``` -$ curl -k -u username -L -XPOST -H 'Content-Type: application/json' \ - 'https://localhost/mapi/agg/network.protocol' \ - -d '{"filter":{"network.direction":["inbound","outbound"]}}' -``` - -```json -{ - "fields": [ - "network.protocol" - ], - "filter": { - "network.direction": [ - "inbound", - "outbound" - ] - }, - "range": [ - 1970, - 1643068000 - ], - "urls": [ - "/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" - ], - "values": { - "buckets": [ - { - "doc_count": 202597, - "key": "bacnet" - }, - { - "doc_count": 129, - "key": "tls" - }, - { - "doc_count": 128, - "key": "ssl" - }, - { - "doc_count": 33, - "key": "http" - }, - { - "doc_count": 33, - "key": "ntp" - }, - { - "doc_count": 20, - "key": "dns" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } -} -``` -
-
-Cross-segment traffic - -``` -$ curl -k -u username -L -XPOST -H 'Content-Type: application/json' \ - 'https://localhost/mapi/agg/source.segment,destination.segment,network.protocol' \ - -d '{"filter":{"tags":"cross_segment"}}' -``` - -```json -{ - "fields": [ - "source.segment", - "destination.segment", - "network.protocol" - ], - "filter": { - "tags": "cross_segment" - }, - "range": [ - 1970, - 1643068080 - ], - "urls": [ - "/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" - ], - "values": { - "buckets": [ - { - "doc_count": 6893, - "key": "Corporate", - "values": { - "buckets": [ - { - "doc_count": 6893, - "key": "OT", - "values": { - "buckets": [ - { - "doc_count": 891, - "key": "enip" - }, - { - "doc_count": 889, - "key": "cip" - }, - { - "doc_count": 202, - "key": "http" - }, - { - "doc_count": 146, - "key": "modbus" - }, - { - "doc_count": 1, - "key": "ftp" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 189, - "key": "OT", - "values": { - "buckets": [ - { - "doc_count": 138, - "key": "Corporate", - "values": { - "buckets": [ - { - "doc_count": 128, - "key": "http" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 51, - "key": "DMZ", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 28, - "key": "Battery Network", - "values": { - "buckets": [ - { - "doc_count": 25, - "key": "Combined Cycle BOP", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 3, - "key": "Solar Panel Network", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 20, - "key": "Combined Cycle BOP", - "values": { - "buckets": [ - { - "doc_count": 11, - "key": "Battery Network", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 9, - "key": "Solar Panel Network", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "Solar Panel Network", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "Combined Cycle BOP", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } -} -``` -
-
-Plaintext password - -``` -$ curl -k -u username -L -XPOST -H 'Content-Type: application/json' \ - 'https://localhost/mapi/agg/network.protocol' \ - -d '{"filter":{"!related.password":null}}' -``` - -```json -{ - "fields": [ - "network.protocol" - ], - "filter": { - "!related.password": null - }, - "range": [ - 1970, - 1643068162 - ], - "urls": [ - "/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" - ], - "values": { - "buckets": [ - { - "doc_count": 20, - "key": "http" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } -} -``` -
-
-Insecure/outdated protocols - -``` -$ curl -k -u username -L -XPOST -H 'Content-Type: application/json' \ - 'https://localhost/mapi/agg/network.protocol,network.protocol_version' \ - -d '{"filter":{"event.severity_tags":"Insecure or outdated protocol"}}' -``` - -```json -{ - "fields": [ - "network.protocol", - "network.protocol_version" - ], - "filter": { - "event.severity_tags": "Insecure or outdated protocol" - }, - "range": [ - 1970, - 1643068248 - ], - "urls": [ - "/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" - ], - "values": { - "buckets": [ - { - "doc_count": 4244, - "key": "smb", - "values": { - "buckets": [ - { - "doc_count": 4244, - "key": "1" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 2, - "key": "ftp", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 2, - "key": "rdp", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "5.1" - }, - { - "doc_count": 1, - "key": "5.2" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 2, - "key": "telnet", - "values": { - "buckets": [], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } -} -``` -
-
-Notice categories - -``` -/mapi/agg/zeek.notice.category,zeek.notice.sub_category -``` - -```json -{ - "fields": [ - "zeek.notice.category", - "zeek.notice.sub_category" - ], - "filter": null, - "range": [ - 1970, - 1643068300 - ], - "urls": [ - "/dashboards/app/dashboards#/view/f1f09567-fc7f-450b-a341-19d2f2bb468b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))", - "/dashboards/app/dashboards#/view/95479950-41f2-11ea-88fa-7151df485405?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" - ], - "values": { - "buckets": [ - { - "doc_count": 100, - "key": "ATTACK", - "values": { - "buckets": [ - { - "doc_count": 42, - "key": "Lateral_Movement_Extracted_File" - }, - { - "doc_count": 30, - "key": "Lateral_Movement" - }, - { - "doc_count": 17, - "key": "Discovery" - }, - { - "doc_count": 5, - "key": "Execution" - }, - { - "doc_count": 5, - "key": "Lateral_Movement_Multiple_Attempts" - }, - { - "doc_count": 1, - "key": "Lateral_Movement_and_Execution" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 14, - "key": "EternalSafety", - "values": { - "buckets": [ - { - "doc_count": 11, - "key": "EternalSynergy" - }, - { - "doc_count": 3, - "key": "ViolationPidMid" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 6, - "key": "Scan", - "values": { - "buckets": [ - { - "doc_count": 6, - "key": "Port_Scan" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - }, - { - "doc_count": 1, - "key": "Ripple20", - "values": { - "buckets": [ - { - "doc_count": 1, - "key": "Treck_TCP_observed" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } -} -``` -
-
-Severity tags - -``` -/mapi/agg/event.severity_tags -``` - -```json -{ - "fields": [ - "event.severity_tags" - ], - "filter": null, - "range": [ - 1970, - 1643068363 - ], - "urls": [ - "/dashboards/app/dashboards#/view/d2dd0180-06b1-11ec-8c6b-353266ade330?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))", - "/dashboards/app/dashboards#/view/95479950-41f2-11ea-88fa-7151df485405?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" - ], - "values": { - "buckets": [ - { - "doc_count": 160180, - "key": "Outbound traffic" - }, - { - "doc_count": 43059, - "key": "Inbound traffic" - }, - { - "doc_count": 11091, - "key": "Connection attempt rejected" - }, - { - "doc_count": 8967, - "key": "Connection attempt, no reply" - }, - { - "doc_count": 7131, - "key": "Cross-segment traffic" - }, - { - "doc_count": 4250, - "key": "Insecure or outdated protocol" - }, - { - "doc_count": 2219, - "key": "External traffic" - }, - { - "doc_count": 1985, - "key": "Sensitive country" - }, - { - "doc_count": 760, - "key": "Weird" - }, - { - "doc_count": 537, - "key": "Connection aborted (originator)" - }, - { - "doc_count": 474, - "key": "Connection aborted (responder)" - }, - { - "doc_count": 206, - "key": "File transfer (high concern)" - }, - { - "doc_count": 100, - "key": "MITRE ATT&CK framework technique" - }, - { - "doc_count": 66, - "key": "Service on non-standard port" - }, - { - "doc_count": 64, - "key": "Signature (capa)" - }, - { - "doc_count": 30, - "key": "Signature (YARA)" - }, - { - "doc_count": 25, - "key": "Signature (ClamAV)" - }, - { - "doc_count": 20, - "key": "Cleartext password" - }, - { - "doc_count": 19, - "key": "Long connection" - }, - { - "doc_count": 15, - "key": "Notice (vulnerability)" - }, - { - "doc_count": 13, - "key": "File transfer (medium concern)" - }, - { - "doc_count": 6, - "key": "Notice (scan)" - }, - { - "doc_count": 1, - "key": "High volume connection" - } - ], - "doc_count_error_upper_bound": 0, - "sum_other_doc_count": 0 - } -} -``` -
- -#### Event Logging - -`POST` - /mapi/event - -A webhook that accepts alert data to be reindexed into OpenSearch as session records for viewing in Malcolm's [dashboards](#Dashboards). See [Alerting](#Alerting) for more details and an example of how this API is used. - -
-Example input: - -```json - -{ - "alert": { - "monitor": { - "name": "Malcolm API Loopback Monitor" - }, - "trigger": { - "name": "Malcolm API Loopback Trigger", - "severity": 4 - }, - "period": { - "start": "2022-03-08T18:03:30.576Z", - "end": "2022-03-08T18:04:30.576Z" - }, - "results": [ - { - "_shards": { - "total": 5, - "failed": 0, - "successful": 5, - "skipped": 0 - }, - "hits": { - "hits": [], - "total": { - "value": 697, - "relation": "eq" - }, - "max_score": null - }, - "took": 1, - "timed_out": false - } - ], - "body": "", - "alert": "PLauan8BaL6eY1yCu9Xj", - "error": "" - } -} -``` -
- -
-Example output: - -```json - -{ - "_index": "arkime_sessions3-220308", - "_type": "_doc", - "_id": "220308-PLauan8BaL6eY1yCu9Xj", - "_version": 4, - "result": "updated", - "_shards": { - "total": 1, - "successful": 1, - "failed": 0 - }, - "_seq_no": 9045, - "_primary_term": 1 -} -``` -
- -## Ingesting Third-Party Logs - -Malcolm uses [OpenSearch](https://opensearch.org/) and [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) for data storage, search and visualization, and [Logstash](https://www.elastic.co/logstash/) for log processing. Because these tools are data agnostic, Malcolm can be configured to accept various host logs and other third-party logs sent from log forwaders such as [Fluent Bit](https://fluentbit.io/) and [Beats](https://www.elastic.co/beats/). Some examples of the types of logs these forwarders might send include: - -* System resource utilization metrics (CPU, memory, disk, network, etc.) -* System temperatures -* Linux system logs -* Windows event logs -* Process or service health status -* Logs appended to textual log files (e.g., `tail`-ing a log file) -* The output of an external script or program -* Messages in the form of MQTT control packets -* many more… - -Refer to [**Forwarding Third-Party Logs to Malcolm**](./scripts/third-party-logs/README.md) for more information. - -## Malcolm installer ISO - -Malcolm's Docker-based deployment model makes Malcolm able to run on a variety of platforms. However, in some circumstances (for example, as a long-running appliance as part of a security operations center, or inside of a virtual machine) it may be desirable to install Malcolm as a dedicated standalone installation. - -Malcolm can be packaged into an installer ISO based on the current [stable release](https://wiki.debian.org/DebianStable) of [Debian](https://www.debian.org/). This [customized Debian installation](https://wiki.debian.org/DebianLive) is preconfigured with the bare minimum software needed to run Malcolm. - -### Generating the ISO - -Official downloads of the Malcolm installer ISO are not provided: however, it can be built easily on an internet-connected Linux host with Vagrant: - -* [Vagrant](https://www.vagrantup.com/) - - [`vagrant-reload`](https://github.com/aidanns/vagrant-reload) plugin - - [`vagrant-sshfs`](https://github.com/dustymabe/vagrant-sshfs) plugin - - [`bento/debian-11`](https://app.vagrantup.com/bento/boxes/debian-11) Vagrant box - -The build should work with either the [VirtualBox](https://www.virtualbox.org/) provider or the [libvirt](https://libvirt.org/) provider: - -* [VirtualBox](https://www.virtualbox.org/) [provider](https://www.vagrantup.com/docs/providers/virtualbox) - - [`vagrant-vbguest`](https://github.com/dotless-de/vagrant-vbguest) plugin -* [libvirt](https://libvirt.org/) - - [`vagrant-libvirt`](https://github.com/vagrant-libvirt/vagrant-libvirt) provider plugin - - [`vagrant-mutate`](https://github.com/sciurus/vagrant-mutate) plugin to convert [`bento/debian-11`](https://app.vagrantup.com/bento/boxes/debian-11) Vagrant box to `libvirt` format - -To perform a clean build the Malcolm installer ISO, navigate to your local Malcolm working copy and run: - -``` -$ ./malcolm-iso/build_via_vagrant.sh -f -… -Starting build machine... -Bringing machine 'default' up with 'virtualbox' provider... -… -``` - -Building the ISO may take 30 minutes or more depending on your system. As the build finishes, you will see the following message indicating success: - -``` -… -Finished, created "/malcolm-build/malcolm-iso/malcolm-6.4.0.iso" -… -``` - -By default, Malcolm's Docker images are not packaged with the installer ISO, assuming instead that you will pull the [latest images](https://hub.docker.com/u/malcolmnetsec) with a `docker-compose pull` command as described in the [Quick start](#QuickStart) section. If you wish to build an ISO with the latest Malcolm images included, follow the directions to create [pre-packaged installation files](#Packager), which include a tarball with a name like `malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz`. Then, pass that images tarball to the ISO build script with a `-d`, like this: - -``` -$ ./malcolm-iso/build_via_vagrant.sh -f -d malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz -… -``` - -A system installed from the resulting ISO will load the Malcolm Docker images upon first boot. This method is desirable when the ISO is to be installed in an "air gapped" environment or for distribution to non-networked machines. - -Alternately, if you have forked Malcolm on GitHub, [workflow files](./.github/workflows/) are provided which contain instructions for GitHub to build the docker images and [sensor](#Hedgehog) and [Malcolm](#ISO) installer ISOs, specifically [`malcolm-iso-build-docker-wrap-push-ghcr.yml`](./.github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml) for the Malcolm ISO. You'll need to run the workflows to build and push your fork's Malcolm docker images before building the ISO. The resulting ISO file is wrapped in a Docker image that provides an HTTP server from which the ISO may be downloaded. - -### Installation - -The installer is designed to require as little user input as possible. For this reason, there are NO user prompts and confirmations about partitioning and reformatting hard disks for use by the operating system. The installer assumes that all non-removable storage media (eg., SSD, HDD, NVMe, etc.) are available for use and ⛔🆘😭💀 ***will partition and format them without warning*** 💀😭🆘⛔. - -The installer will ask for several pieces of information prior to installing the Malcolm base operating system: - -* Hostname -* Domain name -* Root password – (optional) a password for the privileged root account which is rarely needed -* User name: the name for the non-privileged service account user account under which the Malcolm runs -* User password – a password for the non-privileged sensor account -* Encryption password (optional) – if the encrypted installation option was selected at boot time, the encryption password must be entered every time the system boots - -At the end of the installation process, you will be prompted with a few self-explanatory yes/no questions: - -* **Disable IPv6?** -* **Automatically login to the GUI session?** -* **Should the GUI session be locked due to inactivity?** -* **Display the [Standard Mandatory DoD Notice and Consent Banner](https://www.stigviewer.com/stig/application_security_and_development/2018-12-24/finding/V-69349)?** *(only applies when installed on U.S. government information systems)* - -Following these prompts, the installer will reboot and the Malcolm base operating system will boot. - -### Setup - -When the system boots for the first time, the Malcolm Docker images will load if the installer was built with pre-packaged installation files as described above. Wait for this operation to continue (the progress dialog will disappear when they have finished loading) before continuing the setup. - -Open a terminal (click the red terminal 🗔 icon next to the Debian swirl logo 🍥 menu button in the menu bar). At this point, setup is similar to the steps described in the [Quick start](#QuickStart) section. Navigate to the Malcolm directory (`cd ~/Malcolm`) and run [`auth_setup`](#AuthSetup) to configure authentication. If the ISO didn't have pre-packaged Malcolm images, or if you'd like to retrieve the latest updates, run `docker-compose pull`. Finalize your configuration by running `scripts/install.py --configure` and follow the prompts as illustrated in the [installation example](#InstallationExample). - -Once Malcolm is configured, you can [start Malcolm](#Starting) via the command line or by clicking the circular yellow Malcolm icon in the menu bar. - -### Time synchronization - -If you wish to set up time synchronization via [NTP](http://www.ntp.org/) or `htpdate`, open a terminal and run `sudo configure-interfaces.py`. Select **Continue**, then choose **Time Sync**. Here you can configure the operating system to keep its time synchronized with either an NTP server (using the NTP protocol), another Malcolm instance, or another HTTP/HTTPS server. On the next dialog, choose the time synchronization method you wish to configure. - -If **htpdate** is selected, you will be prompted to enter the IP address or hostname and port of an HTTP/HTTPS server (for a Malcolm instance, port `9200` may be used) and the time synchronization check frequency in minutes. A test connection will be made to determine if the time can be retrieved from the server. - -If *ntpdate* is selected, you will be prompted to enter the IP address or hostname of the NTP server. - -Upon configuring time synchronization, a "Time synchronization configured successfully!" message will be displayed. - -### Hardening - -The Malcolm aggregator base operating system uses the [harbian-audit](https://github.com/hardenedlinux/harbian-audit) benchmarks which target the following guidelines for establishing a secure configuration posture: - -* [CIS Debian Linux 9/10 Benchmark](https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/) -* [DISA STIG (Security Technical Implementation Guides) for RHEL 7](https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/) v2r5 Ubuntu v1r2 [adapted](https://github.com/hardenedlinux/STIG-OS-mirror/blob/master/redhat-STIG-DOCs/U_Red_Hat_Enterprise_Linux_7_V2R5_STIG.zip) for a Debian operating system -* Additional recommendations from [cisecurity.org](https://www.cisecurity.org/) - -#### Compliance Exceptions - -[Currently](https://github.com/hardenedlinux/harbian-audit/tree/master/bin/hardening) there are 274 checks to determine compliance with the [harbian-audit](https://github.com/hardenedlinux/harbian-audit) benchmark. - -The Malcolm aggregator base operating system claims exceptions from the recommendations in this benchmark in the following categories: - -**1.1 Install Updates, Patches and Additional Security Software** - When the the Malcolm aggregator appliance software is built, all of the latest applicable security patches and updates are included in it. How future updates are to be handled is still in design. - -**1.3 Enable verify the signature of local packages** - As the base distribution is not using embedded signatures, `debsig-verify` would reject all packages (see comment in `/etc/dpkg/dpkg.cfg`). Enabling it after installation would disallow any future updates. - -**2.14 Add nodev option to /run/shm Partition**, **2.15 Add nosuid Option to /run/shm Partition**, **2.16 Add noexec Option to /run/shm Partition** - The Malcolm aggregator base operating system does not mount `/run/shm` as a separate partition, so these recommendations do not apply. - -**2.19 Disable Mounting of freevxfs Filesystems**, **2.20 Disable Mounting of jffs2 Filesystems**, **2.21 Disable Mounting of hfs Filesystems**, **2.22 Disable Mounting of hfsplus Filesystems**, **2.23 Disable Mounting of squashfs Filesystems**, **2.24 Disable Mounting of udf Filesystems** - The Malcolm aggregator base operating system is not compiling a custom Linux kernel, so these filesystems are inherently supported as they are part Debian Linux's default kernel. - -**3.3 Set Boot Loader Password** - As maximizing availability is a system requirement, Malcolm should restart automatically without user intervention to ensured uninterrupted service. A boot loader password is not enabled. - -**4.8 Disable USB Devices** - The ability to ingest data (such as PCAP files) from a mounted USB mass storage device is a requirement of the system. - -**6.1 Ensure the X Window system is not installed**, **6.2 Ensure Avahi Server is not enabled**, **6.3 Ensure print server is not enabled** - An X Windows session is provided for displaying dashboards. The library packages `libavahi-common-data`, `libavahi-common3`, and `libcups2` are dependencies of some of the X components used by the Malcolm aggregator base operating system, but the `avahi` and `cups` services themselves are disabled. - -**6.17 Ensure virus scan Server is enabled**, **6.18 Ensure virus scan Server update is enabled** - As this is a network traffic analysis appliance rather than an end-user device, regular user files will not be created. A virus scan program would impact device performance and would be unnecessary. - -**7.1.1 Disable IP Forwarding**, **7.2.4 Log Suspicious Packets**, **7.2.7 Enable RFC-recommended Source Route Validation**, **7.4.1 Install TCP Wrappers** - As Malcolm may operate as a network traffic capture appliance sniffing packets on a network interface configured in promiscuous mode, these recommendations do not apply. - -**8.1.1.2 Disable System on Audit Log Full**, **8.1.1.3 Keep All Auditing Information**, **8.1.1.5 Ensure set remote_server for audit service**, **8.1.1.6 Ensure enable_krb5 set to yes for remote audit service**, **8.1.1.7 Ensure set action for audit storage volume is fulled**, **8.1.1.8 Ensure set action for network failure on remote audit service**, **8.1.1.9 Set space left for auditd service**, a few other audit-related items under section **8.1**, **8.2.4 Configure rsyslog to Send Logs to a Remote Log Host** - As maximizing availability is a system requirement, audit processing failures will be logged on the device rather than halting the system. `auditd` is set up to syslog when its local storage capacity is reached. - -**8.4.2 Implement Periodic Execution of File Integrity** - This functionality is not configured by default, but it can be configured post-install by the end user. - -Password-related recommendations under **9.2** and **10.1** - The library package `libpam-pwquality` is used in favor of `libpam-cracklib` which is what the [compliance scripts](https://github.com/hardenedlinux/harbian-audit/tree/master/bin/hardening) are looking for. Also, as an appliance running Malcolm is intended to be used as an appliance rather than a general user-facing software platform, some exceptions to password enforcement policies are claimed. - -**9.3.13 Limit Access via SSH** - The Malcolm aggregator base operating system does not create multiple regular user accounts: only `root` and an aggregator service account are used. SSH access for `root` is disabled. SSH login with a password is also disallowed: only key-based authentication is accepted. The service account accepts no keys by default. As such, the `AllowUsers`, `AllowGroups`, `DenyUsers`, and `DenyGroups` values in `sshd_config` do not apply. - -**9.4 Restrict Access to the su Command** - The Malcolm aggregator base operating system does not create multiple regular user accounts: only `root` and an aggregator service account are used. - -**10.1.6 Remove nopasswd option from the sudoers configuration** - A very limited set of operations (a single script used to run the AIDE integrity check as a non-root user) has the NOPASSWD option set to allow it to be run in the background without user intervention. - -**10.1.10 Set maxlogins for all accounts** and **10.5 Set Timeout on ttys** - The Malcolm aggregator base operating system does not create multiple regular user accounts: only `root` and an aggregator service account are used. - -**12.10 Find SUID System Executables**, **12.11 Find SGID System Executables** - The few files found by [these](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/12.10_find_suid_files.sh) [scripts](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/12.11_find_sgid_files.sh) are valid exceptions required by the Malcolm aggregator base operating system's core requirements. - -**14.1 Defense for NAT Slipstreaming** - As Malcolm may operate as a network traffic capture appliance sniffing packets on a network interface configured in promiscuous mode, this recommendation does not apply. - -Please review the notes for these additional guidelines. While not claiming an exception, the Malcolm aggregator base operating system may implement them in a manner different than is described by the [CIS Debian Linux 9/10 Benchmark](https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/) or the [hardenedlinux/harbian-audit](https://github.com/hardenedlinux/harbian-audit) audit scripts. - -**4.1 Restrict Core Dumps** - The Malcolm aggregator base operating system disables core dumps using a configuration file for `ulimit` named `/etc/security/limits.d/limits.conf`. The [audit script](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/4.1_restrict_core_dumps.sh) checking for this does not check the `limits.d` subdirectory, which is why this is incorrectly flagged as noncompliant. - -**5.4 Ensure ctrl-alt-del is disabled** - The Malcolm aggregator base operating system disables the `ctrl+alt+delete` key sequence by executing `systemctl disable ctrl-alt-del.target` during installation and the command `systemctl mask ctrl-alt-del.target` at boot time. - -**7.4.4 Create /etc/hosts.deny**, **7.7.1 Ensure Firewall is active**, **7.7.4.1 Ensure default deny firewall policy**, **7.7.4.2 Ensure loopback traffic is configured**, **7.7.4.3 Ensure default deny firewall policy**, **7.7.4.4 Ensure outbound and established connections are configured** - The Malcolm aggregator base operating system **is** configured with an appropriately locked-down software firewall (managed by "Uncomplicated Firewall" `ufw`). However, the methods outlined in the CIS benchmark recommendations do not account for this configuration. - -**8.6 Verifies integrity all packages** - The [script](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/8.7_verify_integrity_packages.sh) which verifies package integrity only "fails" because of missing (status `??5??????` displayed by the utility) language ("locale") files, which are removed as part of the Malcolm aggregator base operating system's trimming-down process. All non-locale-related system files pass intergrity checks. - -## Installation example using Ubuntu 22.04 LTS - -Here's a step-by-step example of getting [Malcolm from GitHub](https://github.com/idaholab/Malcolm/tree/main), configuring your system and your Malcolm instance, and running it on a system running Ubuntu Linux. Your mileage may vary depending on your individual system configuration, but this should be a good starting point. - -The commands in this example should be executed as a non-root user. - -You can use `git` to clone Malcolm into a local working copy, or you can download and extract the artifacts from the [latest release](https://github.com/idaholab/Malcolm/releases). - -To install Malcolm from the latest Malcolm release, browse to the [Malcolm releases page on GitHub](https://github.com/idaholab/Malcolm/releases) and download at a minimum `install.py` and the `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` file, then navigate to your downloads directory: -``` -user@host:~$ cd Downloads/ -user@host:~/Downloads$ ls -malcolm_common.py install.py malcolm_20190611_095410_ce2d8de.tar.gz -``` - -If you are obtaining Malcolm using `git` instead, run the following command to clone Malcolm into a local working copy: -``` -user@host:~$ git clone https://github.com/idaholab/Malcolm -Cloning into 'Malcolm'... -remote: Enumerating objects: 443, done. -remote: Counting objects: 100% (443/443), done. -remote: Compressing objects: 100% (310/310), done. -remote: Total 443 (delta 81), reused 441 (delta 79), pack-reused 0 -Receiving objects: 100% (443/443), 6.87 MiB | 18.86 MiB/s, done. -Resolving deltas: 100% (81/81), done. - -user@host:~$ cd Malcolm/ -``` - -Next, run the `install.py` script to configure your system. Replace `user` in this example with your local account username, and follow the prompts. Most questions have an acceptable default you can accept by pressing the `Enter` key. Depending on whether you are installing Malcolm from the release tarball or inside of a git working copy, the questions below will be slightly different, but for the most part are the same. -``` -user@host:~/Malcolm$ sudo ./scripts/install.py -Installing required packages: ['apache2-utils', 'make', 'openssl', 'python3-dialog'] - -"docker info" failed, attempt to install Docker? (Y/n): y - -Attempt to install Docker using official repositories? (Y/n): y -Installing required packages: ['apt-transport-https', 'ca-certificates', 'curl', 'gnupg-agent', 'software-properties-common'] -Installing docker packages: ['docker-ce', 'docker-ce-cli', 'containerd.io'] -Installation of docker packages apparently succeeded - -Add a non-root user to the "docker" group?: y - -Enter user account: user - -Add another non-root user to the "docker" group?: n - -"docker-compose version" failed, attempt to install docker-compose? (Y/n): y - -Install docker-compose directly from docker github? (Y/n): y -Download and installation of docker-compose apparently succeeded - -fs.file-max increases allowed maximum for file handles -fs.file-max= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y - -fs.inotify.max_user_watches increases allowed maximum for monitored files -fs.inotify.max_user_watches= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y - -fs.inotify.max_queued_events increases queue size for monitored files -fs.inotify.max_queued_events= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y - -fs.inotify.max_user_instances increases allowed maximum monitor file watchers -fs.inotify.max_user_instances= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y - -vm.max_map_count increases allowed maximum for memory segments -vm.max_map_count= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y - -net.core.somaxconn increases allowed maximum for socket connections -net.core.somaxconn= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y - -vm.swappiness adjusts the preference of the system to swap vs. drop runtime memory pages -vm.swappiness= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y - -vm.dirty_background_ratio defines the percentage of system memory fillable with "dirty" pages before flushing -vm.dirty_background_ratio= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y - -vm.dirty_ratio defines the maximum percentage of dirty system memory before committing everything -vm.dirty_ratio= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y - -/etc/security/limits.d/limits.conf increases the allowed maximums for file handles and memlocked segments -/etc/security/limits.d/limits.conf does not exist, create it? (Y/n): y -``` - -If you are configuring Malcolm from within a git working copy, `install.py` will now exit. Run `install.py` again like you did at the beginning of the example, only remove the `sudo` and add `--configure` to run `install.py` in "configuration only" mode. -``` -user@host:~/Malcolm$ ./scripts/install.py --configure -``` - -Alternately, if you are configuring Malcolm from the release tarball you will be asked if you would like to extract the contents of the tarball and to specify the installation directory and `install.py` will continue: -``` -Extract Malcolm runtime files from /home/user/Downloads/malcolm_20190611_095410_ce2d8de.tar.gz (Y/n): y - -Enter installation path for Malcolm [/home/user/Downloads/malcolm]: /home/user/Malcolm -Malcolm runtime files extracted to /home/user/Malcolm -``` - -Now that any necessary system configuration changes have been made, the local Malcolm instance will be configured: -``` -Malcolm processes will run as UID 1000 and GID 1000. Is this OK? (Y/n): y - -Should Malcolm use and maintain its own OpenSearch instance? (Y/n): y - -Forward Logstash logs to a secondary remote OpenSearch instance? (y/N): n - -Setting 10g for OpenSearch and 3g for Logstash. Is this OK? (Y/n): y - -Setting 3 workers for Logstash pipelines. Is this OK? (Y/n): y - -Restart Malcolm upon system or Docker daemon restart? (y/N): y -1: no -2: on-failure -3: always -4: unless-stopped -Select Malcolm restart behavior (unless-stopped): 4 - -Require encrypted HTTPS connections? (Y/n): y - -Will Malcolm be running behind another reverse proxy (Traefik, Caddy, etc.)? (y/N): n - -Specify external Docker network name (or leave blank for default networking) (): - -Authenticate against Lightweight Directory Access Protocol (LDAP) server? (y/N): n - -Store OpenSearch index snapshots locally in /home/user/Malcolm/opensearch-backup? (Y/n): y - -Compress OpenSearch index snapshots? (y/N): n - -Delete the oldest indices when the database exceeds a certain size? (y/N): n - -Automatically analyze all PCAP files with Suricata? (Y/n): y - -Download updated Suricata signatures periodically? (Y/n): y - -Automatically analyze all PCAP files with Zeek? (Y/n): y - -Perform reverse DNS lookup locally for source and destination IP addresses in logs? (y/N): n - -Perform hardware vendor OUI lookups for MAC addresses? (Y/n): y - -Perform string randomness scoring on some fields? (Y/n): y - -Expose OpenSearch port to external hosts? (y/N): n - -Expose Logstash port to external hosts? (y/N): n - -Expose Filebeat TCP port to external hosts? (y/N): y -1: json -2: raw -Select log format for messages sent to Filebeat TCP listener (json): 1 - -Source field to parse for messages sent to Filebeat TCP listener (message): message - -Target field under which to store decoded JSON fields for messages sent to Filebeat TCP listener (miscbeat): miscbeat - -Field to drop from events sent to Filebeat TCP listener (message): message - -Tag to apply to messages sent to Filebeat TCP listener (_malcolm_beats): _malcolm_beats - -Expose SFTP server (for PCAP upload) to external hosts? (y/N): n - -Enable file extraction with Zeek? (y/N): y -1: none -2: known -3: mapped -4: all -5: interesting -Select file extraction behavior (none): 5 -1: quarantined -2: all -3: none -Select file preservation behavior (quarantined): 1 - -Scan extracted files with ClamAV? (y/N): y - -Scan extracted files with Yara? (y/N): y - -Scan extracted PE files with Capa? (y/N): y - -Lookup extracted file hashes with VirusTotal? (y/N): n - -Download updated file scanner signatures periodically? (Y/n): y - -Should Malcolm capture live network traffic to PCAP files for analysis with Arkime? (y/N): y - -Capture packets using netsniff-ng? (Y/n): y - -Capture packets using tcpdump? (y/N): n - -Should Malcolm analyze live network traffic with Suricata? (y/N): y - -Should Malcolm analyze live network traffic with Zeek? (y/N): y - -Specify capture interface(s) (comma-separated): eth0 - -Capture filter (tcpdump-like filter expression; leave blank to capture all traffic) (): not port 5044 and not port 8005 and not port 9200 - -Disable capture interface hardware offloading and adjust ring buffer sizes? (y/N): n - -Malcolm has been installed to /home/user/Malcolm. See README.md for more information. -Scripts for starting and stopping Malcolm and changing authentication-related settings can be found in /home/user/Malcolm/scripts. -``` - -At this point you should **reboot your computer** so that the new system settings can be applied. After rebooting, log back in and return to the directory to which Malcolm was installed (or to which the git working copy was cloned). - -Now we need to [set up authentication](#AuthSetup) and generate some unique self-signed TLS certificates. You can replace `analyst` in this example with whatever username you wish to use to log in to the Malcolm web interface. -``` -user@host:~/Malcolm$ ./scripts/auth_setup - -Store administrator username/password for local Malcolm access? (Y/n): y - -Administrator username: analyst -analyst password: -analyst password (again): - -(Re)generate self-signed certificates for HTTPS access (Y/n): y - -(Re)generate self-signed certificates for a remote log forwarder (Y/n): y - -Store username/password for primary remote OpenSearch instance? (y/N): n - -Store username/password for secondary remote OpenSearch instance? (y/N): n - -Store username/password for email alert sender account? (y/N): n - -(Re)generate internal passwords for NetBox (Y/n): y -``` - -For now, rather than [build Malcolm from scratch](#Build), we'll pull images from [Docker Hub](https://hub.docker.com/u/malcolmnetsec): -``` -user@host:~/Malcolm$ docker-compose pull -Pulling api ... done -Pulling arkime ... done -Pulling dashboards ... done -Pulling dashboards-helper ... done -Pulling file-monitor ... done -Pulling filebeat ... done -Pulling freq ... done -Pulling htadmin ... done -Pulling logstash ... done -Pulling name-map-ui ... done -Pulling netbox ... done -Pulling netbox-postgresql ... done -Pulling netbox-redis ... done -Pulling nginx-proxy ... done -Pulling opensearch ... done -Pulling pcap-capture ... done -Pulling pcap-monitor ... done -Pulling suricata ... done -Pulling upload ... done -Pulling zeek ... done - -user@host:~/Malcolm$ docker images -REPOSITORY TAG IMAGE ID CREATED SIZE -malcolmnetsec/api 6.4.0 xxxxxxxxxxxx 3 days ago 158MB -malcolmnetsec/arkime 6.4.0 xxxxxxxxxxxx 3 days ago 816MB -malcolmnetsec/dashboards 6.4.0 xxxxxxxxxxxx 3 days ago 1.02GB -malcolmnetsec/dashboards-helper 6.4.0 xxxxxxxxxxxx 3 days ago 184MB -malcolmnetsec/file-monitor 6.4.0 xxxxxxxxxxxx 3 days ago 588MB -malcolmnetsec/file-upload 6.4.0 xxxxxxxxxxxx 3 days ago 259MB -malcolmnetsec/filebeat-oss 6.4.0 xxxxxxxxxxxx 3 days ago 624MB -malcolmnetsec/freq 6.4.0 xxxxxxxxxxxx 3 days ago 132MB -malcolmnetsec/htadmin 6.4.0 xxxxxxxxxxxx 3 days ago 242MB -malcolmnetsec/logstash-oss 6.4.0 xxxxxxxxxxxx 3 days ago 1.35GB -malcolmnetsec/name-map-ui 6.4.0 xxxxxxxxxxxx 3 days ago 143MB -malcolmnetsec/netbox 6.4.0 xxxxxxxxxxxx 3 days ago 1.01GB -malcolmnetsec/nginx-proxy 6.4.0 xxxxxxxxxxxx 3 days ago 121MB -malcolmnetsec/opensearch 6.4.0 xxxxxxxxxxxx 3 days ago 1.17GB -malcolmnetsec/pcap-capture 6.4.0 xxxxxxxxxxxx 3 days ago 121MB -malcolmnetsec/pcap-monitor 6.4.0 xxxxxxxxxxxx 3 days ago 213MB -malcolmnetsec/postgresql 6.4.0 xxxxxxxxxxxx 3 days ago 268MB -malcolmnetsec/redis 6.4.0 xxxxxxxxxxxx 3 days ago 34.2MB -malcolmnetsec/suricata 6.4.0 xxxxxxxxxxxx 3 days ago 278MB -malcolmnetsec/zeek 6.4.0 xxxxxxxxxxxx 3 days ago 1GB -``` - -Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background. -``` -user@host:~/Malcolm$ ./scripts/start -In a few minutes, Malcolm services will be accessible via the following URLs: ------------------------------------------------------------------------------- - - Arkime: https://localhost/ - - OpenSearch Dashboards: https://localhost/dashboards/ - - PCAP upload (web): https://localhost/upload/ - - PCAP upload (sftp): sftp://username@127.0.0.1:8022/files/ - - Host and subnet name mapping editor: https://localhost/name-map-ui/ - - NetBox: https://localhost/netbox/ - - Account management: https://localhost:488/ - -NAME COMMAND SERVICE STATUS PORTS -malcolm-api-1 "/usr/local/bin/dock…" api running (starting) … -malcolm-arkime-1 "/usr/local/bin/dock…" arkime running (starting) … -malcolm-dashboards-1 "/usr/local/bin/dock…" dashboards running (starting) … -malcolm-dashboards-helper-1 "/usr/local/bin/dock…" dashboards-helper running (starting) … -malcolm-file-monitor-1 "/usr/local/bin/dock…" file-monitor running (starting) … -malcolm-filebeat-1 "/usr/local/bin/dock…" filebeat running (starting) … -malcolm-freq-1 "/usr/local/bin/dock…" freq running (starting) … -malcolm-htadmin-1 "/usr/local/bin/dock…" htadmin running (starting) … -malcolm-logstash-1 "/usr/local/bin/dock…" logstash running (starting) … -malcolm-name-map-ui-1 "/usr/local/bin/dock…" name-map-ui running (starting) … -malcolm-netbox-1 "/usr/bin/tini -- /u…" netbox running (starting) … -malcolm-netbox-postgres-1 "/usr/bin/docker-uid…" netbox-postgres running (starting) … -malcolm-netbox-redis-1 "/sbin/tini -- /usr/…" netbox-redis running (starting) … -malcolm-netbox-redis-cache-1 "/sbin/tini -- /usr/…" netbox-redis-cache running (starting) … -malcolm-nginx-proxy-1 "/usr/local/bin/dock…" nginx-proxy running (starting) … -malcolm-opensearch-1 "/usr/local/bin/dock…" opensearch running (starting) … -malcolm-pcap-capture-1 "/usr/local/bin/dock…" pcap-capture running … -malcolm-pcap-monitor-1 "/usr/local/bin/dock…" pcap-monitor running (starting) … -malcolm-suricata-1 "/usr/local/bin/dock…" suricata running (starting) … -malcolm-suricata-live-1 "/usr/local/bin/dock…" suricata-live running … -malcolm-upload-1 "/usr/local/bin/dock…" upload running (starting) … -malcolm-zeek-1 "/usr/local/bin/dock…" zeek running (starting) … -malcolm-zeek-live-1 "/usr/local/bin/dock…" zeek-live running … -… -``` - -It will take several minutes for all of Malcolm's components to start up. Logstash will take the longest, probably 3 to 5 minutes. You'll know Logstash is fully ready when you see Logstash spit out a bunch of starting up messages, ending with this: -``` -… -malcolm-logstash-1 | [2022-07-27T20:27:52,056][INFO ][logstash.agent ] Pipelines running {:count=>6, :running_pipelines=>[:"malcolm-input", :"malcolm-output", :"malcolm-beats", :"malcolm-suricata", :"malcolm-enrichment", :"malcolm-zeek"], :non_running_pipelines=>[]} -… -``` - -You can now open a web browser and navigate to one of the [Malcolm user interfaces](#UserInterfaceURLs). - -## Upgrading Malcolm - -At this time there is not an "official" upgrade procedure to get from one version of Malcolm to the next, as it may vary from platform to platform. However, the process is fairly simple can be done by following these steps: - -### Update the underlying system - -You may wish to get the official updates for the underlying system's software packages before you proceed. Consult the documentation of your operating system for how to do this. - -If you are upgrading an Malcolm instance installed from [Malcolm installation ISO](#ISOInstallation), follow scenario 2 below. Due to the Malcolm base operating system's [hardened](#Hardening) configuration, when updating the underlying system, temporarily set the umask value to Debian default (`umask 0022` in the root shell in which updates are being performed) instead of the more restrictive Malcolm default. This will allow updates to be applied with the right permissions. - -### Scenario 1: Malcolm is a GitHub clone - -If you checked out a working copy of the Malcolm repository from GitHub with a `git clone` command, here are the basic steps to performing an upgrade: - -1. stop Malcolm - * `./scripts/stop` -2. stash changes to `docker-compose.yml` and other files - * `git stash save "pre-upgrade Malcolm configuration changes"` -3. pull changes from GitHub repository - * `git pull --rebase` -4. pull new Docker images (this will take a while) - * `docker-compose pull` -5. apply saved configuration change stashed earlier - * `git stash pop` -6. if you see `Merge conflict` messages, resolve the [conflicts](https://git-scm.com/book/en/v2/Git-Branching-Basic-Branching-and-Merging#_basic_merge_conflicts) with your favorite text editor -7. you may wish to re-run `install.py --configure` as described in [System configuration and tuning](#ConfigAndTuning) in case there are any new `docker-compose.yml` parameters for Malcolm that need to be set up -8. start Malcolm - * `./scripts/start` -9. you may be prompted to [configure authentication](#AuthSetup) if there are new authentication-related files that need to be generated - * you probably do not need to re-generate self-signed certificates - -### Scenario 2: Malcolm was installed from a packaged tarball - -If you installed Malcolm from [pre-packaged installation files](https://github.com/idaholab/Malcolm#Packager), here are the basic steps to perform an upgrade: - -1. stop Malcolm - * `./scripts/stop` -2. uncompress the new pre-packaged installation files (using `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` as an example, the file and/or directory names will be different depending on the release) - * `tar xf malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` -3. backup current Malcolm scripts, configuration files and certificates - * `mkdir -p ./upgrade_backup_$(date +%Y-%m-%d)` - * `cp -r filebeat/ htadmin/ logstash/ nginx/ auth.env cidr-map.txt docker-compose.yml host-map.txt net-map.json ./scripts ./README.md ./upgrade_backup_$(date +%Y-%m-%d)/` -3. replace scripts and local documentation in your existing installation with the new ones - * `rm -rf ./scripts ./README.md` - * `cp -r ./malcolm_YYYYMMDD_HHNNSS_xxxxxxx/scripts ./malcolm_YYYYMMDD_HHNNSS_xxxxxxx/README.md ./` -4. replace (overwrite) `docker-compose.yml` file with new version - * `cp ./malcolm_YYYYMMDD_HHNNSS_xxxxxxx/docker-compose.yml ./docker-compose.yml` -5. re-run `./scripts/install.py --configure` as described in [System configuration and tuning](#ConfigAndTuning) -6. using a file comparison tool (e.g., `diff`, `meld`, `Beyond Compare`, etc.), compare `docker-compose.yml` and the `docker-compare.yml` file you backed up in step 3, and manually migrate over any customizations you wish to preserve from that file (e.g., `PCAP_FILTER`, `MAXMIND_GEOIP_DB_LICENSE_KEY`, `MANAGE_PCAP_FILES`; [anything else](#DockerComposeYml) you may have edited by hand in `docker-compose.yml` that's not prompted for in `install.py --configure`) -7. pull the new docker images (this will take a while) - * `docker-compose pull` to pull them from Docker Hub or `docker-compose load -i malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz` if you have an offline tarball of the Malcolm docker images -8. start Malcolm - * `./scripts/start` -9. you may be prompted to [configure authentication](#AuthSetup) if there are new authentication-related files that need to be generated - * you probably do not need to re-generate self-signed certificates - -### Post-upgrade - -#### Monitoring Malcolm - -If you are technically-minded, you may wish to follow the debug output provided by `./scripts/start` (or `./scripts/logs` if you need to re-open the log stream after you've closed it), although there is a lot there and it may be hard to distinguish whether or not something is okay. - -Running `docker-compose ps -a` should give you a good idea if all of Malcolm's Docker containers started up and, in some cases, may be able to indicate if the containers are "healthy" or not. - -After upgrading following one of the previous outlines, give Malcolm several minutes to get started. Once things are up and running, open one of Malcolm's [web interfaces](#UserInterfaceURLs) to verify that things are working. - -#### Loading new OpenSearch Dashboards visualizations - -Once the upgraded instance Malcolm has started up, you'll probably want to import the new dashboards and visualizations for OpenSearch Dashboards. You can signal Malcolm to load the new visualizations by opening OpenSearch Dashboards, clicking **Management** → **Index Patterns**, then selecting the `arkime_sessions3-*` index pattern and clicking the delete **🗑** button near the upper-right of the window. Confirm the **Delete index pattern?** prompt by clicking **Delete**. Close the OpenSearch Dashboards browser window. After a few minutes the missing index pattern will be detected and OpenSearch Dashboards will be signalled to load its new dashboards and visualizations. - -### Major releases - -The Malcolm project uses [semantic versioning](https://semver.org/) when choosing version numbers. If you are moving between major releases (e.g., from v4.0.1 to v5.0.0), you're likely to find that there are enough major backwards compatibility-breaking changes that upgrading may not be worth the time and trouble. A fresh install is strongly recommended between major releases. - -## Modifying or Contributing to Malcolm - -If you are interested in contributing to the Malcolm project, please read the [Malcolm Contributor Guide](./docs/contributing/README.md). - -## Forks - -[CISA](https://www.cisa.gov/) maintains the upstream source code repository for Malcolm at [https://github.com/cisagov/Malcolm](https://github.com/cisagov/Malcolm). The [Idaho National Lab](https://inl.gov/)'s fork of Malcolm, which is currently kept up-to-date with CISA's upstream development, can be found at [https://github.com/idaholab/Malcolm](https://github.com/idaholab/Malcolm). - -## Copyright - -[Malcolm](https://github.com/idaholab/Malcolm) is Copyright 2022 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the [Cybersecurity and Infrastructure Security Agency](https://www.cisa.gov/) of the [U.S. Department of Homeland Security](https://www.dhs.gov/). - -See [`License.txt`](./License.txt) for the terms of its release. - -## Other Software - -Idaho National Laboratory is a cutting edge research facility which is constantly producing high quality research and software. Feel free to take a look at our other software and scientific offerings at: - -* [Primary Technology Offerings Page](https://www.inl.gov/inl-initiatives/technology-deployment) -* [Supported Open Source Software](https://github.com/idaholab) -* [Raw Experiment Open Source Software](https://github.com/IdahoLabResearch) -* [Unsupported Open Source Software](https://github.com/IdahoLabCuttingBoard) - -## Contact information of author(s): - -[malcolm@inl.gov](mailto:malcolm@inl.gov?subject=Malcolm) - -[![Join the chat at https://gitter.im/malcolmnetsec/community](https://badges.gitter.im/malcolmnetsec/community.svg)](https://gitter.im/malcolmnetsec/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) diff --git a/docs/alerting.md b/docs/alerting.md new file mode 100644 index 000000000..0daa2bffe --- /dev/null +++ b/docs/alerting.md @@ -0,0 +1,34 @@ +### Alerting + +Malcolm uses the Alerting plugins for [OpenSearch](https://github.com/opensearch-project/alerting) and [OpenSearch Dashboards](https://github.com/opensearch-project/alerting-dashboards-plugin). See [Alerting](https://opensearch.org/docs/latest/monitoring-plugins/alerting/index/) in the OpenSearch documentation for usage instructions. + +A fresh installation of Malcolm configures an example [custom webhook destination](https://opensearch.org/docs/latest/monitoring-plugins/alerting/monitors/#create-destinations) named **Malcolm API Loopback Webhook** that directs the triggered alerts back into the [Malcolm API](#API) to be reindexed as a session record with `event.dataset` set to `alerting`. The corresponding monitor **Malcolm API Loopback Monitor** is disabled by default, as you'll likely want to configure the trigger conditions to suit your needs. These examples are provided to illustrate how triggers and monitors can interact with a custom webhook to process alerts. + +#### Email Sender Accounts + +When using an email account to send alerts, you must [authenticate each sender account](https://opensearch.org/docs/latest/monitoring-plugins/alerting/monitors/#authenticate-sender-account) before you can send an email. The [`auth_setup`](#AuthSetup) script can be used to securely store the email account credentials: + +``` +./scripts/auth_setup + +Store administrator username/password for local Malcolm access? (Y/n): n + +(Re)generate self-signed certificates for HTTPS access (Y/n): n + +(Re)generate self-signed certificates for a remote log forwarder (Y/n): n + +Store username/password for primary remote OpenSearch instance? (y/N): n + +Store username/password for secondary remote OpenSearch instance? (y/N): n + +Store username/password for email alert sender account? (y/N): y + +Email account username: analyst@example.org +analyst@example.org password: +analyst@example.org password (again): +Email alert sender account variables stored: opensearch.alerting.destination.email.destination_alpha.password, opensearch.alerting.destination.email.destination_alpha.username + +(Re)generate internal passwords for NetBox (Y/n): n +``` + +This action should only be performed while Malcolm is [stopped](#StopAndRestart): otherwise the credentials will not be stored correctly. \ No newline at end of file diff --git a/docs/anomaly-detection.md b/docs/anomaly-detection.md new file mode 100644 index 000000000..5991eafb0 --- /dev/null +++ b/docs/anomaly-detection.md @@ -0,0 +1,12 @@ +### Anomaly Detection + +Malcolm uses the Anomaly Detection plugins for [OpenSearch](https://github.com/opensearch-project/anomaly-detection) and [OpenSearch Dashboards](https://github.com/opensearch-project/anomaly-detection-dashboards-plugin) to identify anomalous log data in near real-time using the [Random Cut Forest](https://api.semanticscholar.org/CorpusID:927435) (RCF) algorithm. This can be paired with [Alerting](#Alerting) to automatically notify when anomalies are found. See [Anomaly detection](https://opensearch.org/docs/latest/monitoring-plugins/ad/index/) in the OpenSearch documentation for usage instructions on how to create detectors for any of the many fields Malcolm supports. + +A fresh installation of Malcolm configures [several detectors](dashboards/anomaly_detectors) for detecting anomalous network traffic: + +* **network_protocol** - Detects anomalies based on application protocol (`network.protocol`) +* **action_result_user** - Detects anomalies in action (`event.action`), result (`event.result`) and user (`related.user`) within application protocols (`network.protocol`) +* **file_mime_type** - Detects anomalies based on transferred file type (`file.mime_type`) +* **total_bytes** - Detects anomalies based on traffic size (sum of `network.bytes`) + +These detectors are disabled by default, but may be enabled for anomaly detection over streaming or [historical data](https://aws.amazon.com/about-aws/whats-new/2022/01/amazon-opensearch-service-elasticsearch-anomaly-detection/). \ No newline at end of file diff --git a/docs/api-aggregations.md b/docs/api-aggregations.md new file mode 100644 index 000000000..a03a0c25b --- /dev/null +++ b/docs/api-aggregations.md @@ -0,0 +1,24 @@ +#### Field Aggregations + +`GET` or `POST` - /mapi/agg/`` + +Executes an OpenSearch [bucket aggregation](https://opensearch.org/docs/latest/opensearch/bucket-agg/) query for the requested fields across all of Malcolm's indexed network traffic metadata. + +Parameters: + +* `fieldname` (URL parameter) - the name(s) of the field(s) to be queried (comma-separated if multiple fields) (default: `event.provider`) +* `limit` (query parameter) - the maximum number of records to return at each level of aggregation (default: 500) +* `from` (query parameter) - the time frame ([`gte`](https://opensearch.org/docs/latest/opensearch/query-dsl/term/#range)) for the beginning of the search based on the session's `firstPacket` field value in a format supported by the [dateparser](https://github.com/scrapinghub/dateparser) library (default: "1 day ago") +* `to` (query parameter) - the time frame ([`lte`](https://opensearch.org/docs/latest/opensearch/query-dsl/term/#range)) for the beginning of the search based on the session's `firstPacket` field value in a format supported by the [dateparser](https://github.com/scrapinghub/dateparser) library (default: "now") +* `filter` (query parameter) - field filters formatted as a JSON dictionary + +The `from`, `to`, and `filter` parameters can be used to further restrict the range of documents returned. The `filter` dictionary should be formatted such that its keys are field names and its values are the values for which to filter. A field name may be prepended with a `!` to negate the filter (e.g., `{"event.provider":"zeek"}` vs. `{"!event.provider":"zeek"}`). Filtering for value `null` implies "is not set" or "does not exist" (e.g., `{"event.dataset":null}` means "the field `event.dataset` is `null`/is not set" while `{"!event.dataset":null}` means "the field `event.dataset` is not `null`/is set"). + +Examples of `filter` parameter: + +* `{"!network.transport":"icmp"}` - `network.transport` is not `icmp` +* `{"network.direction":["inbound","outbound"]}` - `network.direction` is either `inbound` or `outbound` +* `{"event.provider":"zeek","event.dataset":["conn","dns"]}` - "`event.provider` is `zeek` and `event.dataset` is either `conn` or `dns`" +* `{"!event.dataset":null}` - "`event.dataset` is set (is not `null`)" + +See [Examples](#APIExamples) for more examples of `filter` and corresponding output. \ No newline at end of file diff --git a/docs/api-document-lookup.md b/docs/api-document-lookup.md new file mode 100644 index 000000000..3c6d8ec29 --- /dev/null +++ b/docs/api-document-lookup.md @@ -0,0 +1,90 @@ +#### Document Lookup + +`GET` or `POST` - /mapi/document + +Executes an OpenSearch [query](https://opensearch.org/docs/latest/opensearch/bucket-agg/) query for the matching documents across all of Malcolm's indexed network traffic metadata. + +Parameters: + +* `limit` (query parameter) - the maximum number of documents to return (default: 500) +* `from` (query parameter) - the time frame ([`gte`](https://opensearch.org/docs/latest/opensearch/query-dsl/term/#range)) for the beginning of the search based on the session's `firstPacket` field value in a format supported by the [dateparser](https://github.com/scrapinghub/dateparser) library (default: the UNIX epoch) +* `to` (query parameter) - the time frame ([`lte`](https://opensearch.org/docs/latest/opensearch/query-dsl/term/#range)) for the beginning of the search based on the session's `firstPacket` field value in a format supported by the [dateparser](https://github.com/scrapinghub/dateparser) library (default: "now") +* `filter` (query parameter) - field filters formatted as a JSON dictionary (see **Field Aggregations** for examples) + +
+Example cURL command and output: + +``` +$ curl -k -u username -L -XPOST -H 'Content-Type: application/json' \ + 'https://localhost/mapi/document' \ + -d '{"limit": 10, filter":{"zeek.uid":"CYeji2z7CKmPRGyga"}}' +``` + +```json +{ + "filter": { + "zeek.uid": "CYeji2z7CKmPRGyga" + }, + "range": [ + 0, + 1643056677 + ], + "results": [ + { + "_id": "220124-CYeji2z7CKmPRGyga-http-7677", + "_index": "arkime_sessions3-220124", + "_score": 0.0, + "_source": { + "@timestamp": "2022-01-24T20:31:01.846Z", + "@version": "1", + "agent": { + "hostname": "filebeat", + "id": "bc25716b-8fe7-4de6-a357-65c7d3c15c33", + "name": "filebeat", + "type": "filebeat", + "version": "7.10.2" + }, + "client": { + "bytes": 0 + }, + "destination": { + "as": { + "full": "AS54113 Fastly" + }, + "geo": { + "city_name": "Seattle", + "continent_code": "NA", + "country_code2": "US", + "country_code3": "US", + "country_iso_code": "US", + "country_name": "United States", + "dma_code": 819, + "ip": "151.101.54.132", + "latitude": 47.6092, + "location": { + "lat": 47.6092, + "lon": -122.3314 + }, + "longitude": -122.3314, + "postal_code": "98111", + "region_code": "WA", + "region_name": "Washington", + "timezone": "America/Los_Angeles" + }, + "ip": "151.101.54.132", + "port": 80 + }, + "ecs": { + "version": "1.6.0" + }, + "event": { + "action": [ + "GET" + ], + "category": [ + "web", + "network" + ], +… +``` +
diff --git a/docs/api-event-logging.md b/docs/api-event-logging.md new file mode 100644 index 000000000..2a8220d21 --- /dev/null +++ b/docs/api-event-logging.md @@ -0,0 +1,73 @@ +#### Event Logging + +`POST` - /mapi/event + +A webhook that accepts alert data to be reindexed into OpenSearch as session records for viewing in Malcolm's [dashboards](#Dashboards). See [Alerting](#Alerting) for more details and an example of how this API is used. + +
+Example input: + +```json + +{ + "alert": { + "monitor": { + "name": "Malcolm API Loopback Monitor" + }, + "trigger": { + "name": "Malcolm API Loopback Trigger", + "severity": 4 + }, + "period": { + "start": "2022-03-08T18:03:30.576Z", + "end": "2022-03-08T18:04:30.576Z" + }, + "results": [ + { + "_shards": { + "total": 5, + "failed": 0, + "successful": 5, + "skipped": 0 + }, + "hits": { + "hits": [], + "total": { + "value": 697, + "relation": "eq" + }, + "max_score": null + }, + "took": 1, + "timed_out": false + } + ], + "body": "", + "alert": "PLauan8BaL6eY1yCu9Xj", + "error": "" + } +} +``` +
+ +
+Example output: + +```json + +{ + "_index": "arkime_sessions3-220308", + "_type": "_doc", + "_id": "220308-PLauan8BaL6eY1yCu9Xj", + "_version": 4, + "result": "updated", + "_shards": { + "total": 1, + "successful": 1, + "failed": 0 + }, + "_seq_no": 9045, + "_primary_term": 1 +} +``` +
\ No newline at end of file diff --git a/docs/api-examples.md b/docs/api-examples.md new file mode 100644 index 000000000..dc5b49847 --- /dev/null +++ b/docs/api-examples.md @@ -0,0 +1,1479 @@ +#### Examples + +Some security-related API examples: + +
+Protocols + +``` +/mapi/agg/network.type,network.transport,network.protocol,network.protocol_version +``` + +```json +{ + "fields": [ + "network.type", + "network.transport", + "network.protocol", + "network.protocol_version" + ], + "filter": null, + "range": [ + 1970, + 1643067256 + ], + "urls": [ + "/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" + ], + "values": { + "buckets": [ + { + "doc_count": 442240, + "key": "ipv4", + "values": { + "buckets": [ + { + "doc_count": 279538, + "key": "udp", + "values": { + "buckets": [ + { + "doc_count": 266527, + "key": "bacnet", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 12365, + "key": "dns", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 78, + "key": "dhcp", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 44, + "key": "ntp", + "values": { + "buckets": [ + { + "doc_count": 22, + "key": "4" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 3, + "key": "enip", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 2, + "key": "krb", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "syslog", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 30824, + "key": "tcp", + "values": { + "buckets": [ + { + "doc_count": 7097, + "key": "smb", + "values": { + "buckets": [ + { + "doc_count": 4244, + "key": "1" + }, + { + "doc_count": 1438, + "key": "2" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1792, + "key": "http", + "values": { + "buckets": [ + { + "doc_count": 829, + "key": "1.0" + }, + { + "doc_count": 230, + "key": "1.1" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1280, + "key": "dce_rpc", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 857, + "key": "s7comm", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 426, + "key": "ntlm", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 378, + "key": "gssapi", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 146, + "key": "tds", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 125, + "key": "ssl", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 91, + "key": "tls", + "values": { + "buckets": [ + { + "doc_count": 48, + "key": "TLSv13" + }, + { + "doc_count": 28, + "key": "TLSv12" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 29, + "key": "ssh", + "values": { + "buckets": [ + { + "doc_count": 18, + "key": "2" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 26, + "key": "modbus", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 17, + "key": "iso_cotp", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 8, + "key": "enip", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 6, + "key": "rdp", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 4, + "key": "ftp", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 4, + "key": "krb", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 4, + "key": "rfb", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 3, + "key": "ldap", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 2, + "key": "telnet", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 848, + "key": "icmp", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1573, + "key": "ipv6", + "values": { + "buckets": [ + { + "doc_count": 1486, + "key": "udp", + "values": { + "buckets": [ + { + "doc_count": 1433, + "key": "dns", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 80, + "key": "icmp", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } +} +``` +
+
+Software + +``` +/mapi/agg/zeek.software.name,zeek.software.unparsed_version +``` + +```json +{ + "fields": [ + "zeek.software.name", + "zeek.software.unparsed_version" + ], + "filter": null, + "range": [ + 1970, + 1643067759 + ], + "urls": [ + "/dashboards/app/dashboards#/view/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" + ], + "values": { + "buckets": [ + { + "doc_count": 6, + "key": "Chrome", + "values": { + "buckets": [ + { + "doc_count": 2, + "key": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" + }, + { + "doc_count": 1, + "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" + }, + { + "doc_count": 1, + "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" + }, + { + "doc_count": 1, + "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" + }, + { + "doc_count": 1, + "key": "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.36 Safari/525.19" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 6, + "key": "Nmap-SSH", + "values": { + "buckets": [ + { + "doc_count": 3, + "key": "Nmap-SSH1-Hostkey" + }, + { + "doc_count": 3, + "key": "Nmap-SSH2-Hostkey" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 5, + "key": "MSIE", + "values": { + "buckets": [ + { + "doc_count": 2, + "key": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" + }, + { + "doc_count": 1, + "key": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E)" + }, + { + "doc_count": 1, + "key": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" + }, + { + "doc_count": 1, + "key": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 4, + "key": "Firefox", + "values": { + "buckets": [ + { + "doc_count": 2, + "key": "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" + }, + { + "doc_count": 1, + "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:34.0) Gecko/20100101 Firefox/34.0" + }, + { + "doc_count": 1, + "key": "Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 3, + "key": "ECS (sec", + "values": { + "buckets": [ + { + "doc_count": 2, + "key": "ECS (sec/96EE)" + }, + { + "doc_count": 1, + "key": "ECS (sec/97A6)" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 3, + "key": "NmapNSE", + "values": { + "buckets": [ + { + "doc_count": 3, + "key": "NmapNSE_1.0" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 2, + "key": "", + "values": { + "buckets": [ + { + "doc_count": 2, + "key": "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 2, + "key": "Microsoft-Windows", + "values": { + "buckets": [ + { + "doc_count": 2, + "key": "Microsoft-Windows/6.1 UPnP/1.0 Windows-Media-Player-DMS/12.0.7601.17514 DLNADOC/1.50" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 2, + "key": "Microsoft-Windows-NT", + "values": { + "buckets": [ + { + "doc_count": 2, + "key": "Microsoft-Windows-NT/5.1 UPnP/1.0 UPnP-Device-Host/1.0 Microsoft-HTTPAPI/2.0" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 2, + "key": "SimpleHTTP", + "values": { + "buckets": [ + { + "doc_count": 2, + "key": "SimpleHTTP/0.6 Python/2.7.17" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 2, + "key": "Windows-Media-Player-DMS", + "values": { + "buckets": [ + { + "doc_count": 2, + "key": "Windows-Media-Player-DMS/12.0.7601.17514" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "A-B WWW", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "A-B WWW/0.1" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "CONF-CTR-NAE1", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "CONF-CTR-NAE1" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "ClearSCADA", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "ClearSCADA/6.72.4644.1" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "GoAhead-Webs", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "GoAhead-Webs" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "MSFT", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "MSFT 5.0" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "Microsoft-IIS", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "Microsoft-IIS/7.5" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "Microsoft-WebDAV-MiniRedir", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "Microsoft-WebDAV-MiniRedir/6.1.7601" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "Python-urllib", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "Python-urllib/2.7" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "Schneider-WEB/V", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "Schneider-WEB/V2.1.4" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "Version", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "Version_1.0" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "nginx", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "nginx" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "sublime-license-check", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "sublime-license-check/3.0" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } +} +``` +
+
+User agent + +``` +/mapi/agg/user_agent.original +``` + +```json +{ + "fields": [ + "user_agent.original" + ], + "filter": null, + "range": [ + 1970, + 1643067845 + ], + "values": { + "buckets": [ + { + "doc_count": 230, + "key": "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" + }, + { + "doc_count": 142, + "key": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" + }, + { + "doc_count": 114, + "key": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" + }, + { + "doc_count": 50, + "key": "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" + }, + { + "doc_count": 48, + "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" + }, + { + "doc_count": 43, + "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" + }, + { + "doc_count": 33, + "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:34.0) Gecko/20100101 Firefox/34.0" + }, + { + "doc_count": 17, + "key": "Python-urllib/2.7" + }, + { + "doc_count": 12, + "key": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" + }, + { + "doc_count": 9, + "key": "Microsoft-Windows/6.1 UPnP/1.0 Windows-Media-Player-DMS/12.0.7601.17514 DLNADOC/1.50" + }, + { + "doc_count": 9, + "key": "Windows-Media-Player-DMS/12.0.7601.17514" + }, + { + "doc_count": 8, + "key": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" + }, + { + "doc_count": 5, + "key": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" + }, + { + "doc_count": 5, + "key": "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.36 Safari/525.19" + }, + { + "doc_count": 3, + "key": "Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0" + }, + { + "doc_count": 2, + "key": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" + }, + { + "doc_count": 1, + "key": "Microsoft-WebDAV-MiniRedir/6.1.7601" + }, + { + "doc_count": 1, + "key": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E)" + }, + { + "doc_count": 1, + "key": "sublime-license-check/3.0" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } +} +``` +
+
+External traffic (outbound/inbound) + +``` +$ curl -k -u username -L -XPOST -H 'Content-Type: application/json' \ + 'https://localhost/mapi/agg/network.protocol' \ + -d '{"filter":{"network.direction":["inbound","outbound"]}}' +``` + +```json +{ + "fields": [ + "network.protocol" + ], + "filter": { + "network.direction": [ + "inbound", + "outbound" + ] + }, + "range": [ + 1970, + 1643068000 + ], + "urls": [ + "/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" + ], + "values": { + "buckets": [ + { + "doc_count": 202597, + "key": "bacnet" + }, + { + "doc_count": 129, + "key": "tls" + }, + { + "doc_count": 128, + "key": "ssl" + }, + { + "doc_count": 33, + "key": "http" + }, + { + "doc_count": 33, + "key": "ntp" + }, + { + "doc_count": 20, + "key": "dns" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } +} +``` +
+
+Cross-segment traffic + +``` +$ curl -k -u username -L -XPOST -H 'Content-Type: application/json' \ + 'https://localhost/mapi/agg/source.segment,destination.segment,network.protocol' \ + -d '{"filter":{"tags":"cross_segment"}}' +``` + +```json +{ + "fields": [ + "source.segment", + "destination.segment", + "network.protocol" + ], + "filter": { + "tags": "cross_segment" + }, + "range": [ + 1970, + 1643068080 + ], + "urls": [ + "/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" + ], + "values": { + "buckets": [ + { + "doc_count": 6893, + "key": "Corporate", + "values": { + "buckets": [ + { + "doc_count": 6893, + "key": "OT", + "values": { + "buckets": [ + { + "doc_count": 891, + "key": "enip" + }, + { + "doc_count": 889, + "key": "cip" + }, + { + "doc_count": 202, + "key": "http" + }, + { + "doc_count": 146, + "key": "modbus" + }, + { + "doc_count": 1, + "key": "ftp" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 189, + "key": "OT", + "values": { + "buckets": [ + { + "doc_count": 138, + "key": "Corporate", + "values": { + "buckets": [ + { + "doc_count": 128, + "key": "http" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 51, + "key": "DMZ", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 28, + "key": "Battery Network", + "values": { + "buckets": [ + { + "doc_count": 25, + "key": "Combined Cycle BOP", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 3, + "key": "Solar Panel Network", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 20, + "key": "Combined Cycle BOP", + "values": { + "buckets": [ + { + "doc_count": 11, + "key": "Battery Network", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 9, + "key": "Solar Panel Network", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "Solar Panel Network", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "Combined Cycle BOP", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } +} +``` +
+
+Plaintext password + +``` +$ curl -k -u username -L -XPOST -H 'Content-Type: application/json' \ + 'https://localhost/mapi/agg/network.protocol' \ + -d '{"filter":{"!related.password":null}}' +``` + +```json +{ + "fields": [ + "network.protocol" + ], + "filter": { + "!related.password": null + }, + "range": [ + 1970, + 1643068162 + ], + "urls": [ + "/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" + ], + "values": { + "buckets": [ + { + "doc_count": 20, + "key": "http" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } +} +``` +
+
+Insecure/outdated protocols + +``` +$ curl -k -u username -L -XPOST -H 'Content-Type: application/json' \ + 'https://localhost/mapi/agg/network.protocol,network.protocol_version' \ + -d '{"filter":{"event.severity_tags":"Insecure or outdated protocol"}}' +``` + +```json +{ + "fields": [ + "network.protocol", + "network.protocol_version" + ], + "filter": { + "event.severity_tags": "Insecure or outdated protocol" + }, + "range": [ + 1970, + 1643068248 + ], + "urls": [ + "/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" + ], + "values": { + "buckets": [ + { + "doc_count": 4244, + "key": "smb", + "values": { + "buckets": [ + { + "doc_count": 4244, + "key": "1" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 2, + "key": "ftp", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 2, + "key": "rdp", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "5.1" + }, + { + "doc_count": 1, + "key": "5.2" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 2, + "key": "telnet", + "values": { + "buckets": [], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } +} +``` +
+
+Notice categories + +``` +/mapi/agg/zeek.notice.category,zeek.notice.sub_category +``` + +```json +{ + "fields": [ + "zeek.notice.category", + "zeek.notice.sub_category" + ], + "filter": null, + "range": [ + 1970, + 1643068300 + ], + "urls": [ + "/dashboards/app/dashboards#/view/f1f09567-fc7f-450b-a341-19d2f2bb468b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))", + "/dashboards/app/dashboards#/view/95479950-41f2-11ea-88fa-7151df485405?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" + ], + "values": { + "buckets": [ + { + "doc_count": 100, + "key": "ATTACK", + "values": { + "buckets": [ + { + "doc_count": 42, + "key": "Lateral_Movement_Extracted_File" + }, + { + "doc_count": 30, + "key": "Lateral_Movement" + }, + { + "doc_count": 17, + "key": "Discovery" + }, + { + "doc_count": 5, + "key": "Execution" + }, + { + "doc_count": 5, + "key": "Lateral_Movement_Multiple_Attempts" + }, + { + "doc_count": 1, + "key": "Lateral_Movement_and_Execution" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 14, + "key": "EternalSafety", + "values": { + "buckets": [ + { + "doc_count": 11, + "key": "EternalSynergy" + }, + { + "doc_count": 3, + "key": "ViolationPidMid" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 6, + "key": "Scan", + "values": { + "buckets": [ + { + "doc_count": 6, + "key": "Port_Scan" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + }, + { + "doc_count": 1, + "key": "Ripple20", + "values": { + "buckets": [ + { + "doc_count": 1, + "key": "Treck_TCP_observed" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } +} +``` +
+
+Severity tags + +``` +/mapi/agg/event.severity_tags +``` + +```json +{ + "fields": [ + "event.severity_tags" + ], + "filter": null, + "range": [ + 1970, + 1643068363 + ], + "urls": [ + "/dashboards/app/dashboards#/view/d2dd0180-06b1-11ec-8c6b-353266ade330?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))", + "/dashboards/app/dashboards#/view/95479950-41f2-11ea-88fa-7151df485405?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'1970-01-01T00:32:50Z',to:now))" + ], + "values": { + "buckets": [ + { + "doc_count": 160180, + "key": "Outbound traffic" + }, + { + "doc_count": 43059, + "key": "Inbound traffic" + }, + { + "doc_count": 11091, + "key": "Connection attempt rejected" + }, + { + "doc_count": 8967, + "key": "Connection attempt, no reply" + }, + { + "doc_count": 7131, + "key": "Cross-segment traffic" + }, + { + "doc_count": 4250, + "key": "Insecure or outdated protocol" + }, + { + "doc_count": 2219, + "key": "External traffic" + }, + { + "doc_count": 1985, + "key": "Sensitive country" + }, + { + "doc_count": 760, + "key": "Weird" + }, + { + "doc_count": 537, + "key": "Connection aborted (originator)" + }, + { + "doc_count": 474, + "key": "Connection aborted (responder)" + }, + { + "doc_count": 206, + "key": "File transfer (high concern)" + }, + { + "doc_count": 100, + "key": "MITRE ATT&CK framework technique" + }, + { + "doc_count": 66, + "key": "Service on non-standard port" + }, + { + "doc_count": 64, + "key": "Signature (capa)" + }, + { + "doc_count": 30, + "key": "Signature (YARA)" + }, + { + "doc_count": 25, + "key": "Signature (ClamAV)" + }, + { + "doc_count": 20, + "key": "Cleartext password" + }, + { + "doc_count": 19, + "key": "Long connection" + }, + { + "doc_count": 15, + "key": "Notice (vulnerability)" + }, + { + "doc_count": 13, + "key": "File transfer (medium concern)" + }, + { + "doc_count": 6, + "key": "Notice (scan)" + }, + { + "doc_count": 1, + "key": "High volume connection" + } + ], + "doc_count_error_upper_bound": 0, + "sum_other_doc_count": 0 + } +} +``` +
\ No newline at end of file diff --git a/docs/api-fields.md b/docs/api-fields.md new file mode 100644 index 000000000..52634c2b9 --- /dev/null +++ b/docs/api-fields.md @@ -0,0 +1,28 @@ +#### Fields + +`GET` - /mapi/fields + +Returns the (very long) list of fields known to Malcolm, comprised of data from Arkime's [`fields` table](https://arkime.com/apiv3#fields-api), the Malcolm [OpenSearch template](./dashboards/templates/malcolm_template.json) and the OpenSearch Dashboards index pattern API. + +
+Example output: + +```json +{ + "fields": { + "@timestamp": { + "type": "date" + }, +… + "zeek.x509.san_uri": { + "description": "Subject Alternative Name URI", + "type": "string" + }, + "zeek.x509.san_uri.text": { + "type": "string" + } + }, + "total": 2005 +} +``` +
diff --git a/docs/api-indices.md b/docs/api-indices.md new file mode 100644 index 000000000..1756e37fe --- /dev/null +++ b/docs/api-indices.md @@ -0,0 +1,31 @@ +#### Indices + +`GET` - /mapi/indices + +Lists [information related to the underlying OpenSearch indices](https://opensearch.org/docs/latest/opensearch/rest-api/cat/cat-indices/), similar to Arkime's [esindices](https://arkime.com/apiv3#esindices-api) API. + +
+Example output: + +```json + +{ + "indices": [ +… + { + "docs.count": "2268613", + "docs.deleted": "0", + "health": "green", + "index": "arkime_sessions3-210301", + "pri": "1", + "pri.store.size": "1.8gb", + "rep": "0", + "status": "open", + "store.size": "1.8gb", + "uuid": "w-4Q0ofBTdWO9KqeIIAAWg" + }, +… + ] +} +``` +
\ No newline at end of file diff --git a/docs/api-ping.md b/docs/api-ping.md new file mode 100644 index 000000000..f6d88fa84 --- /dev/null +++ b/docs/api-ping.md @@ -0,0 +1,11 @@ +#### Ping + +`GET` - /mapi/ping + +Returns `pong` (for a simple "up" check). + +Example output: + +```json +{"ping":"pong"} +``` \ No newline at end of file diff --git a/docs/api-version.md b/docs/api-version.md new file mode 100644 index 000000000..8b7946097 --- /dev/null +++ b/docs/api-version.md @@ -0,0 +1,51 @@ +#### Version Information + +`GET` - /mapi/version + +Returns version information about Malcolm and version/[health](https://opensearch.org/docs/latest/opensearch/rest-api/cluster-health/) information about the underlying OpenSearch instance. + +
+Example output: + +```json +{ + "built": "2022-01-18T16:10:39Z", + "opensearch": { + "cluster_name": "docker-cluster", + "cluster_uuid": "TcSiEaOgTdO_l1IivYz2gA", + "name": "opensearch", + "tagline": "The OpenSearch Project: https://opensearch.org/", + "version": { + "build_date": "2021-12-21T01:36:21.407473Z", + "build_hash": "8a529d77c7432bc45b005ac1c4ba3b2741b57d4a", + "build_snapshot": false, + "build_type": "tar", + "lucene_version": "8.10.1", + "minimum_index_compatibility_version": "6.0.0-beta1", + "minimum_wire_compatibility_version": "6.8.0", + "number": "7.10.2" + } + }, + "opensearch_health": { + "active_primary_shards": 29, + "active_shards": 29, + "active_shards_percent_as_number": 82.85714285714286, + "cluster_name": "docker-cluster", + "delayed_unassigned_shards": 0, + "discovered_master": true, + "initializing_shards": 0, + "number_of_data_nodes": 1, + "number_of_in_flight_fetch": 0, + "number_of_nodes": 1, + "number_of_pending_tasks": 0, + "relocating_shards": 0, + "status": "yellow", + "task_max_waiting_in_queue_millis": 0, + "timed_out": false, + "unassigned_shards": 6 + }, + "sha": "8ddbbf4", + "version": "5.2.0" +} +``` +
\ No newline at end of file diff --git a/docs/api.md b/docs/api.md new file mode 100644 index 000000000..b635754c9 --- /dev/null +++ b/docs/api.md @@ -0,0 +1,3 @@ +### API + +Malcolm provides a [REST API](./api/project/__init__.py) that can be used to programatically query some aspects of Malcolm's status and data. Malcolm's API is not to be confused with the [Viewer API](https://arkime.com/apiv3) provided by Arkime, although there may be some overlap in functionality. diff --git a/docs/arkime.md b/docs/arkime.md new file mode 100644 index 000000000..2dcf5cc04 --- /dev/null +++ b/docs/arkime.md @@ -0,0 +1,177 @@ +## Arkime + +The Arkime interface will be accessible over HTTPS on port 443 at the docker hosts IP address (e.g., [https://localhost](https://localhost) if you are connecting locally). + +### Zeek log integration + +A stock installation of Arkime extracts all of its network connection ("session") metadata ("SPI" or "Session Profile Information") from full packet capture artifacts (PCAP files). Zeek (formerly Bro) generates similar session metadata, linking network events to sessions via a connection UID. Malcolm aims to facilitate analysis of Zeek logs by mapping values from Zeek logs to the Arkime session database schema for equivalent fields, and by creating new "native" Arkime database fields for all the other Zeek log values for which there is not currently an equivalent in Arkime: + +![Zeek log session record](./images/screenshots/arkime_session_zeek.png) + +In this way, when full packet capture is an option, analysis of PCAP files can be enhanced by the additional information Zeek provides. When full packet capture is not an option, similar analysis can still be performed using the same interfaces and processes using the Zeek logs alone. + +A few values of particular mention include **Data Source** (`event.provider` in OpenSearch), which can be used to distinguish from among the sources of the network traffic metadata record (e.g., `zeek` for Zeek logs and `arkime` for Arkime sessions); and, **Log Type** (`event.dataset` in OpenSearch), which corresponds to the kind of Zeek `.log` file from which the record was created. In other words, a search could be restricted to records from `conn.log` by searching `event.provider == zeek && event.dataset == conn`, or restricted to records from `weird.log` by searching `event.provider == zeek && event.dataset == weird`. + +Click the icon of the owl **🦉** in the upper-left hand corner of to access the Arkime usage documentation (accessible at [https://localhost/help](https://localhost/help) if you are connecting locally), click the **Fields** label in the navigation pane, then search for `zeek` to see a list of the other Zeek log types and fields available to Malcolm. + +![Zeek fields](./images/screenshots/arkime_help_fields.png) + +The values of records created from Zeek logs can be expanded and viewed like any native Arkime session by clicking the plus **➕** icon to the left of the record in the Sessions view. However, note that when dealing with these Zeek records the full packet contents are not available, so buttons dealing with viewing and exporting PCAP information will not behave as they would for records from PCAP files. Other than that, Zeek records and their values are usable in Malcolm just like native PCAP session records. + +#### Correlating Zeek logs and Arkime sessions + +The Arkime interface displays both Zeek logs and Arkime sessions alongside each other. Using fields common to both data sources, one can [craft queries](#SearchCheatSheet) to filter results matching desired criteria. + +A few fields of particular mention that help limit returned results to those Zeek logs and Arkime session records generated from the same network connection are [Community ID](https://github.com/corelight/community-id-spec) (`network.community_id`) and Zeek's [connection UID](https://docs.zeek.org/en/stable/examples/logs/#using-uids) (`zeek.uid`), which Malcolm maps to both Arkime's `rootId` field and the [ECS](https://www.elastic.co/guide/en/ecs/current/ecs-event.html#field-event-id) `event.id` field. + +Community ID is specification for standard flow hashing [published by Corelight](https://github.com/corelight/community-id-spec) with the intent of making it easier to pivot from one dataset (e.g., Arkime sessions) to another (e.g., Zeek `conn.log` entries). In Malcolm both Arkime and [Zeek](https://github.com/corelight/zeek-community-id) populate this value, which makes it possible to filter for a specific network connection and see both data sources' results for that connection. + +The `rootId` field is used by Arkime to link session records together when a particular session has too many packets to be represented by a single session. When normalizing Zeek logs to Arkime's schema, Malcolm piggybacks on `rootId` to store Zeek's [connection UID](https://docs.zeek.org/en/stable/examples/logs/#using-uids) to crossreference entries across Zeek log types. The connection UID is also stored in `zeek.uid`. + +Filtering on community ID OR'ed with zeek UID (e.g., `network.community_id == "1:r7tGG//fXP1P0+BXH3zXETCtEFI=" || rootId == "CQcoro2z6adgtGlk42"`) is an effective way to see both the Arkime sessions and Zeek logs generated by a particular network connection. + +![Correlating Arkime sessions and Zeek logs](./images/screenshots/arkime_correlate_communityid_uid.png) + +### Help + +Click the icon of the owl 🦉 in the upper-left hand corner of to access the Arkime usage documentation (accessible at [https://localhost/help](https://localhost/help) if you are connecting locally), which includes such topics as [search syntax](https://localhost/help#search), the [Sessions view](https://localhost/help#sessions), [SPIView](https://localhost/help#spiview), [SPIGraph](https://localhost/help#spigraph), and the [Connections](https://localhost/help#connections) graph. + +### Sessions + +The **Sessions** view provides low-level details of the sessions being investigated, whether they be Arkime sessions created from PCAP files or [Zeek logs mapped](#ArkimeZeek) to the Arkime session database schema. + +![Arkime's Sessions view](./images/screenshots/arkime_sessions.png) + +The **Sessions** view contains many controls for filtering the sessions displayed from all sessions down to sessions of interest: + +* [search bar](https://localhost/help#search): Indicated by the magnifying glass **🔍** icon, the search bar allows defining filters on session/log metadata +* [time bounding](https://localhost/help#timebounding) controls: The **🕘**, **Start**, **End**, **Bounding**, and **Interval** fields, and the **date histogram** can be used to visually zoom and pan the time range being examined. +* search button: The **Search** button re-runs the sessions query with the filters currently specified. +* views button: Indicated by the eyeball **👁** icon, views allow overlaying additional previously-specified filters onto the current sessions filters. For convenience, Malcolm provides several Arkime preconfigured views including filtering on the `event.dataset` field. + +![Malcolm views](./images/screenshots/arkime_apply_view.png) + +* map: A global map can be expanded by clicking the globe **🌎** icon. This allows filtering sessions by IP-based geolocation when possible. + +Some of these filter controls are also available on other Arkime pages (such as SPIView, SPIGraph, Connections, and Hunt). + +The number of sessions displayed per page, as well as the page currently displayed, can be specified using the paging controls underneath the time bounding controls. + +The sessions table is displayed below the filter controls. This table contains the sessions/logs matching the specified filters. + +To the left of the column headers are two buttons. The **Toggle visible columns** button, indicated by a grid **⊞** icon, allows toggling which columns are displayed in the sessions table. The **Save or load custom column configuration** button, indicated by a columns **◫** icon, allows saving the current displayed columns or loading previously-saved configurations. This is useful for customizing which columns are displayed when investigating different types of traffic. Column headers can also be clicked to sort the results in the table, and column widths may be adjusted by dragging the separators between column headers. + +Details for individual sessions/logs can be expanded by clicking the plus **➕** icon on the left of each row. Each row may contain multiple sections and controls, depending on whether the row represents a Arkime session or a [Zeek log](#ArkimeZeek). Clicking the field names and values in the details sections allows additional filters to be specified or summary lists of unique values to be exported. + +When viewing Arkime session details (ie., a session generated from a PCAP file), an additional packets section will be visible underneath the metadata sections. When the details of a session of this type are expanded, Arkime will read the packet(s) comprising the session for display here. Various controls can be used to adjust how the packet is displayed (enabling **natural** decoding and enabling **Show Images & Files** may produce visually pleasing results), and other options (including PCAP download, carving images and files, applying decoding filters, and examining payloads in [CyberChef](https://github.com/gchq/CyberChef)) are available. + +See also Arkime's usage documentation for more information on the [Sessions view](https://localhost/help#sessions). + +#### PCAP Export + +Clicking the down arrow **▼** icon to the far right of the search bar presents a list of actions including **PCAP Export** (see Arkime's [sessions help](https://localhost/help#sessions) for information on the other actions). When full PCAP sessions are displayed, the **PCAP Export** feature allows you to create a new PCAP file from the matching Arkime sessions, including controls for which sessions are included (open items, visible items, or all matching items) and whether or not to include linked segments. Click **Export PCAP** button to generate the PCAP, after which you'll be presented with a browser download dialog to save or open the file. Note that depending on the scope of the filters specified this might take a long time (or, possibly even time out). + +![Export PCAP](./images/screenshots/arkime_export_pcap.png) + +See the [issues](#Issues) section of this document for an error that can occur using this feature when Zeek log sessions are displayed.View + +### SPIView + +Arkime's **SPI** (**S**ession **P**rofile **I**nformation) **View** provides a quick and easy-to-use interface for exploring session/log metrics. The SPIView page lists categories for general session metrics (e.g., protocol, source and destination IP addresses, sort and destination ports, etc.) as well as for all of various types of network traffic understood by Malcolm. These categories can be expanded and the top *n* values displayed, along with each value's cardinality, for the fields of interest they contain. + +![Arkime's SPIView](./images/screenshots/arkime_spiview.png) + +Click the the plus **➕** icon to the right of a category to expand it. The values for specific fields are displayed by clicking the field description in the field list underneath the category name. The list of field names can be filtered by typing part of the field name in the *Search for fields to display in this category* text input. The **Load All** and **Unload All** buttons can be used to toggle display of all of the fields belonging to that category. Once displayed, a field's name or one of its values may be clicked to provide further actions for filtering or displaying that field or its values. Of particular interest may be the **Open [fieldname] SPI Graph** option when clicking on a field's name. This will open a new tab with the SPI Graph ([see below](#ArkimeSPIGraph)) populated with the field's top values. + +Note that because the SPIView page can potentially run many queries, SPIView limits the search domain to seven days (in other words, seven indices, as each index represents one day's worth of data). When using SPIView, you will have best results if you limit your search time frame to less than or equal to seven days. This limit can be adjusted by editing the `spiDataMaxIndices` setting in [config.ini](./etc/arkime/config.ini) and rebuilding the `malcolmnetsec/arkime` docker container. + +See also Arkime's usage documentation for more information on [SPIView](https://localhost/help#spiview). + +### SPIGraph + +Arkime's **SPI** (**S**ession **P**rofile **I**nformation) **Graph** visualizes the occurrence of some field's top *n* values over time, and (optionally) geographically. This is particularly useful for identifying trends in a particular type of communication over time: traffic using a particular protocol when seen sparsely at regular intervals on that protocol's date histogram in the SPIGraph may indicate a connection check, polling, or beaconing (for example, see the `llmnr` protocol in the screenshot below). + +![Arkime's SPIGraph](./images/screenshots/arkime_spigraph.png) + +Controls can be found underneath the time bounding controls for selecting the field of interest, the number of elements to be displayed, the sort order, and a periodic refresh of the data. + +See also Arkime's usage documentation for more information on [SPIGraph](https://localhost/help#spigraph). + +### Connections + +The **Connections** page presents network communications via a force-directed graph, making it easy to visualize logical relationships between network hosts. + +![Arkime's Connections graph](./images/screenshots/arkime_connections.png) + +Controls are available for specifying the query size (where smaller values will execute more quickly but may only contain an incomplete representation of the top *n* sessions, and larger values may take longer to execute but will be more complete), which fields to use as the source and destination for node values, a minimum connections threshold, and the method for determining the "weight" of the link between two nodes. As is the case with most other visualizations in Arkime, the graph is interactive: clicking on a node or the link between two nodes can be used to modify query filters, and the nodes themselves may be repositioned by dragging and dropping them. A node's color indicates whether it communicated as a source/originator, a destination/responder, or both. + +While the default source and destination fields are *Src IP* and *Dst IP:Dst Port*, the Connections view is able to use any combination of fields. For example: + +* *Src OUI* and *Dst OUI* (hardware manufacturers) +* *Src IP* and *Protocols* +* *Originating Network Segment* and *Responding Network Segment* (see [CIDR subnet to network segment name mapping](#SegmentNaming)) +* *Originating GeoIP City* and *Responding GeoIP City* + +or any other combination of these or other fields. + +See also Arkime's usage documentation for more information on the [Connections graph](https://localhost/help#connections). + +### Hunt + +Arkime's **Hunt** feature allows an analyst to search within the packets themselves (including payload data) rather than simply searching the session metadata. The search string may be specified using ASCII (with or without case sensitivity), hex codes, or regular expressions. Once a hunt job is complete, matching sessions can be viewed in the [Sessions](#ArkimeSessions) view. + +Clicking the **Create a packet search job** on the Hunt page will allow you to specify the following parameters for a new hunt job: + +* a packet search job **name** +* a **maximum number of packets** to examine per session +* the **search string** and its format (*ascii*, *ascii (case sensitive)*, *hex*, *regex*, or *hex regex*) +* whether to search **source packets**, **destination packets**, or both +* whether to search **raw** or **reassembled** packets + +Click the **➕ Create** button to begin the search. Arkime will scan the source PCAP files from which the sessions were created according to the search criteria. Note that whatever filters were specified when the hunt job is executed will apply to the hunt job as well; the number of sessions matching the current filters will be displayed above the hunt job parameters with text like "ⓘ Creating a new packet search job will search the packets of # sessions." + +![Hunt creation](./images/screenshots/arkime_hunt_creation.png) + +Once a hunt job is submitted, it will be assigned a unique hunt ID (a long unique string of characters like `yuBHAGsBdljYmwGkbEMm`) and its progress will be updated periodically in the **Hunt Job Queue** with the execution percent complete, the number of matches found so far, and the other parameters with which the job was submitted. More details for the hunt job can be viewed by expanding its row with the plus **➕** icon on the left. + +![Hunt completed](./images/screenshots/arkime_hunt_finished.png) + +Once the hunt job is complete (and a minute or so has passed, as the `huntId` must be added to the matching session records in the database), click the folder **📂** icon on the right side of the hunt job row to open a new [Sessions](#ArkimeSessions) tab with the search bar prepopulated to filter to sessions with packets matching the search criteria. + +![Hunt result sessions](./images/screenshots/arkime_hunt_sessions.png) + +From this list of filtered sessions you can expand session details and explore packet payloads which matched the hunt search criteria. + +The hunt feature is available only for sessions created from full packet capture data, not Zeek logs. This being the case, it is a good idea to click the eyeball **👁** icon and select the **Arkime Sessions** view to exclude Zeek logs from candidate sessions prior to using the hunt feature. + +See also Arkime's usage documentation for more information on the [hunt feature](https://localhost/help#hunt). + +### Statistics + +Arkime provides several other reports which show information about the state of Arkime and the underlying OpenSearch database. + +The **Files** list displays a list of PCAP files processed by Arkime, the date and time of the earliest packet in each file, and the file size: + +![Arkime's Files list](./images/screenshots/arkime_files.png) + +The **ES Indices** list (available under the **Stats** page) lists the OpenSearch indices within which log data is contained: + +![Arkime's ES indices list](./images/screenshots/arkime_es_stats.png) + +The **History** view provides a historical list of queries issues to Arkime and the details of those queries: + +![Arkime's History view](./images/screenshots/arkime_history.png) + +See also Arkime's usage documentation for more information on the [Files list](https://localhost/help#files), [statistics](https://localhost/help#files), and [history](https://localhost/help#history). + +### Settings + +#### General settings + +The **Settings** page can be used to tweak Arkime preferences, defined additional custom views and column configurations, tweak the color theme, and more. + +See Arkime's usage documentation for more information on [settings](https://localhost/help#settings). + +![Arkime general settings](./images/screenshots/arkime_general_settings.png) + +![Arkime custom view management](./images/screenshots/arkime_view_settings.png) \ No newline at end of file diff --git a/docs/components.md b/docs/components.md new file mode 100644 index 000000000..b67e914e1 --- /dev/null +++ b/docs/components.md @@ -0,0 +1,59 @@ +## Components + +Malcolm leverages the following excellent open source tools, among others. + +* [Arkime](https://arkime.com/) (formerly Moloch) - for PCAP file processing, browsing, searching, analysis, and carving/exporting; Arkime itself consists of two parts: + * [capture](https://github.com/arkime/arkime/tree/master/capture) - a tool for traffic capture, as well as offline PCAP parsing and metadata insertion into OpenSearch + * [viewer](https://github.com/arkime/arkime/tree/master/viewer) - a browser-based interface for data visualization +* [OpenSearch](https://opensearch.org/) - a search and analytics engine for indexing and querying network traffic session metadata +* [Logstash](https://www.elastic.co/products/logstash) and [Filebeat](https://www.elastic.co/products/beats/filebeat) - for ingesting and parsing [Zeek](https://www.zeek.org/index.html) [Log Files](https://docs.zeek.org/en/stable/script-reference/log-files.html) and ingesting them into OpenSearch in a format that Arkime understands in the same way it natively understands PCAP data +* [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) - for creating additional ad-hoc visualizations and dashboards beyond that which is provided by Arkime viewer +* [Zeek](https://www.zeek.org/index.html) - a network analysis framework and IDS +* [Suricata](https://suricata.io/) - an IDS and threat detection engine +* [Yara](https://github.com/VirusTotal/yara) - a tool used to identify and classify malware samples +* [Capa](https://github.com/fireeye/capa) - a tool for detecting capabilities in executable files +* [ClamAV](https://www.clamav.net/) - an antivirus engine for scanning files extracted by Zeek +* [CyberChef](https://github.com/gchq/CyberChef) - a "swiss-army knife" data conversion tool +* [jQuery File Upload](https://github.com/blueimp/jQuery-File-Upload) - for uploading PCAP files and Zeek logs for processing +* [List.js](https://github.com/javve/list.js) - for the [host and subnet name mapping](#HostAndSubnetNaming) interface +* [Docker](https://www.docker.com/) and [Docker Compose](https://docs.docker.com/compose/) - for simple, reproducible deployment of the Malcolm appliance across environments and to coordinate communication between its various components +* [NetBox](https://netbox.dev/) - a suite for modeling and documenting modern networks +* [PostgreSQL](https://www.postgresql.org/) - a relational database for persisting NetBox's data +* [Redis](https://redis.io/) - an in-memory data store for caching NetBox session information +* [Nginx](https://nginx.org/) - for HTTPS and reverse proxying Malcolm components +* [nginx-auth-ldap](https://github.com/kvspb/nginx-auth-ldap) - an LDAP authentication module for nginx +* [Fluent Bit](https://fluentbit.io/) - for forwarding metrics to Malcolm from [network sensors](#Hedgehog) (packet capture appliances) +* [Mark Baggett](https://github.com/MarkBaggett)'s [freq](https://github.com/MarkBaggett/freq) - a tool for calculating entropy of strings +* [Florian Roth](https://github.com/Neo23x0)'s [Signature-Base](https://github.com/Neo23x0/signature-base) Yara ruleset +* These Zeek plugins: + * some of Amazon.com, Inc.'s [ICS protocol](https://github.com/amzn?q=zeek) analyzers + * Andrew Klaus's [Sniffpass](https://github.com/cybera/zeek-sniffpass) plugin for detecting cleartext passwords in HTTP POST requests + * Andrew Klaus's [zeek-httpattacks](https://github.com/precurse/zeek-httpattacks) plugin for detecting noncompliant HTTP requests + * ICS protocol analyzers for Zeek published by [DHS CISA](https://github.com/cisagov/ICSNPP) and [Idaho National Lab](https://github.com/idaholab/ICSNPP) + * Corelight's ["bad neighbor" (CVE-2020-16898)](https://github.com/corelight/CVE-2020-16898) plugin + * Corelight's ["Log4Shell" (CVE-2021-44228)](https://github.com/corelight/cve-2021-44228) plugin + * Corelight's ["OMIGOD" (CVE-2021-38647)](https://github.com/corelight/CVE-2021-38647) plugin + * Corelight's [Apache HTTP server 2.4.49-2.4.50 path traversal/RCE vulnerability (CVE-2021-41773)](https://github.com/corelight/CVE-2021-41773) plugin + * Corelight's [bro-xor-exe](https://github.com/corelight/bro-xor-exe-plugin) plugin + * Corelight's [callstranger-detector](https://github.com/corelight/callstranger-detector) plugin + * Corelight's [community ID](https://github.com/corelight/zeek-community-id) flow hashing plugin + * Corelight's [DCE/RPC remote code execution vulnerability (CVE-2022-26809)](https://github.com/corelight/cve-2022-26809) plugin + * Corelight's [HTTP More Filenames](https://github.com/corelight/http-more-files-names) plugin + * Corelight's [HTTP protocol stack vulnerability (CVE-2021-31166)](https://github.com/corelight/CVE-2021-31166) plugin + * Corelight's [pingback](https://github.com/corelight/pingback) plugin + * Corelight's [ripple20](https://github.com/corelight/ripple20) plugin + * Corelight's [SIGred](https://github.com/corelight/SIGred) plugin + * Corelight's [VMware Workspace ONE Access and Identity Manager RCE vulnerability (CVE-2022-22954)](https://github.com/corelight/cve-2022-22954) plugin + * Corelight's [Zerologon](https://github.com/corelight/zerologon) plugin + * Corelight's [Microsoft Excel privilege escalation detection (CVE-2021-42292)](https://github.com/corelight/CVE-2021-42292) plugin + * J-Gras' [Zeek::AF_Packet](https://github.com/J-Gras/zeek-af_packet-plugin) plugin + * Johanna Amann's [CVE-2020-0601](https://github.com/0xxon/cve-2020-0601) ECC certificate validation plugin and [CVE-2020-13777](https://github.com/0xxon/cve-2020-13777) GnuTLS unencrypted session ticket detection plugin + * Lexi Brent's [EternalSafety](https://github.com/0xl3x1/zeek-EternalSafety) plugin + * MITRE Cyber Analytics Repository's [Bro/Zeek ATT&CK®-Based Analytics (BZAR)](https://github.com/mitre-attack/car/tree/master/implementations) script + * Salesforce's [gQUIC](https://github.com/salesforce/GQUIC_Protocol_Analyzer) analyzer + * Salesforce's [HASSH](https://github.com/salesforce/hassh) SSH fingerprinting plugin + * Salesforce's [JA3](https://github.com/salesforce/ja3) TLS fingerprinting plugin + * Zeek's [Spicy](https://github.com/zeek/spicy) plugin framework +* [GeoLite2](https://dev.maxmind.com/geoip/geoip2/geolite2/) - Malcolm includes GeoLite2 data created by [MaxMind](https://www.maxmind.com) + +![Malcolm Components](./images/malcolm_components.png) \ No newline at end of file diff --git a/docs/contributing/README.md b/docs/contributing.md similarity index 100% rename from docs/contributing/README.md rename to docs/contributing.md diff --git a/docs/cyberchef.md b/docs/cyberchef.md new file mode 100644 index 000000000..6fae108d8 --- /dev/null +++ b/docs/cyberchef.md @@ -0,0 +1,5 @@ +### CyberChef + +Malcolm provides an instance of [CyberChef](https://github.com/gchq/CyberChef), the "Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis." CyberChef is available at at [https://localhost/cyberchef.html](https://localhost/cyberchef.html) if you are connecting locally. + +Arkime's [Sessions](#ArkimeSessions) view has built-in CyberChef integration for Arkime sessions with full PCAP payloads available: expanding a session and opening the **Packet Options** drop-down menu in its payload section will provide options for **Open src packets with CyberChef** and **Open dst packets with CyberChef**. \ No newline at end of file diff --git a/docs/dashboards.md b/docs/dashboards.md new file mode 100644 index 000000000..079412bc5 --- /dev/null +++ b/docs/dashboards.md @@ -0,0 +1,90 @@ +## OpenSearch Dashboards + +While Arkime provides very nice visualizations, especially for network traffic, [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) (an open source general-purpose data visualization tool for OpenSearch) can be used to create custom visualizations (tables, charts, graphs, dashboards, etc.) using the same data. + +The OpenSearch Dashboards container can be accessed at [https://localhost/dashboards/](https://localhost/dashboards/) if you are connecting locally. Several preconfigured dashboards for Zeek logs are included in Malcolm's OpenSearch Dashboards configuration. + +OpenSearch Dashboards has several components for data searching and visualization: + +### Discover + +The **Discover** view enables you to view events on a record-by-record basis (similar to a *session* record in Arkime or an individual line from a Zeek log). See the official [Kibana User Guide](https://www.elastic.co/guide/en/kibana/7.10/index.html) (OpenSearch Dashboards is an open-source fork of Kibana, which is no longer open-source software) for information on using the Discover view: + +* [Discover](https://www.elastic.co/guide/en/kibana/7.10/discover.html) +* [Searching Your Data](https://www.elastic.co/guide/en/kibana/7.10/search.html) + +#### Screenshots + +![Discover view](./images/screenshots/dashboards_discover.png) + +![Viewing the details of a session in Discover](./images/screenshots/dashboards_discover_table.png) + +![Filtering by tags to display only sessions with public IP addresses](./images/screenshots/dashboards_add_filter.png) + +![Changing the fields displayed in Discover](./images/screenshots/dashboards_fields_list.png) + +![Opening a previously-saved search](./images/screenshots/dashboards_open_search.png) + +### Visualizations and dashboards + +#### Prebuilt visualizations and dashboards + +Malcolm comes with dozens of prebuilt visualizations and dashboards for the network traffic represented by each of the Zeek log types. Click **Dashboard** to see a list of these dashboards. As is the case with all OpenSearch Dashboards visualizations, all of the charts, graphs, maps, and tables are interactive and can be clicked on to narrow or expand the scope of the data you are investigating. Similarly, click **Visualize** to explore the prebuilt visualizations used to build the dashboards. + +Many of Malcolm's prebuilt visualizations for Zeek logs were originally inspired by the excellent [Kibana Dashboards](https://github.com/Security-Onion-Solutions/securityonion-elastic/tree/master/kibana/dashboards) that are part of [Security Onion](https://securityonion.net/). + +##### Screenshots + +![The Security Overview highlights security-related network events](./images/screenshots/dashboards_security_overview.png) + +![The ICS/IoT Security Overview dashboard displays information about ICS and IoT network traffic](./images/screenshots/dashboards_ics_iot_security_overview.png) + +![The Connections dashboard displays information about the "top talkers" across all types of sessions](./images/screenshots/dashboards_connections.png) + +![The HTTP dashboard displays important details about HTTP traffic](./images/screenshots/dashboards_http.png) + +![There are several Connections visualizations using locations from GeoIP lookups](./images/screenshots/dashboards_latlon_map.png) + +![OpenSearch Dashboards includes both coordinate and region map types](./images/screenshots/dashboards_region_map.png) + +![The Suricata Alerts dashboard highlights traffic which matched Suricata signatures](./images/screenshots/dashboards_suricata_alerts.png) + +![The Zeek Notices dashboard highlights things which Zeek determine are potentially bad](./images/screenshots/dashboards_notices.png) + +![The Zeek Signatures dashboard displays signature hits, such as antivirus hits on files extracted from network traffic](./images/screenshots/dashboards_signatures.png) + +![The Software dashboard displays the type, name, and version of software seen communicating on the network](./images/screenshots/dashboards_software.png) + +![The PE (portable executables) dashboard displays information about executable files transferred over the network](./images/screenshots/dashboards_portable_executables.png) + +![The SMTP dashboard highlights details about SMTP traffic](./images/screenshots/dashboards_smtp.png) + +![The SSL dashboard displays information about SSL versions, certificates, and TLS JA3 fingerprints](./images/screenshots/dashboards_ssl.png) + +![The files dashboard displays metrics about the files transferred over the network](./images/screenshots/dashboards_files_source.png) + +![This dashboard provides insight into DNP3 (Distributed Network Protocol), a protocol used commonly in electric and water utilities](./images/screenshots/dashboards_dnp3.png) + +![Modbus is a standard protocol found in many industrial control systems (ICS)](./images/screenshots/dashboards_modbus.png) + +![BACnet is a communications protocol for Building Automation and Control (BAC) networks](./images/screenshots/dashboards_bacnet.png) + +![EtherCAT is an Ethernet-based fieldbus system](./images/screenshots/dashboards_ecat.png) + +![EtherNet/IP is an industrial network protocol that adapts the Common Industrial Protocol to standard Ethernet](./images/screenshots/dashboards_ethernetip.png) + +![PROFINET is an industry technical standard for data communication over Industrial Ethernet](./images/screenshots/dashboards_profinet.png) + +![S7comm is a Siemens proprietary protocol that runs between programmable logic controllers (PLCs) of the Siemens family](./images/screenshots/dashboards_s7comm.png) + +#### Building your own visualizations and dashboards + +See the official [Kibana User Guide](https://www.elastic.co/guide/en/kibana/7.10/index.html) and [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) (OpenSearch Dashboards is an open-source fork of Kibana, which is no longer open-source software) documentation for information on creating your own visualizations and dashboards: + +* [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) +* [Kibana Dashboards](https://www.elastic.co/guide/en/kibana/7.10/dashboard.html) +* [TimeLine](https://www.elastic.co/guide/en/kibana/7.12/timelion.html) + +##### Screenshots + +![OpenSearch dashboards boasts many types of visualizations for displaying your data](./images/screenshots/dashboards_new_visualization.png) \ No newline at end of file diff --git a/docs/development.md b/docs/development.md new file mode 100644 index 000000000..1fd8773b6 --- /dev/null +++ b/docs/development.md @@ -0,0 +1,156 @@ +## Development + +Checking out the [Malcolm source code](https://github.com/idaholab/Malcolm/tree/main) results in the following subdirectories in your `malcolm/` working copy: + +* `api` - code and configuration for the `api` container which provides a REST API to query Malcolm +* `arkime` - code and configuration for the `arkime` container which processes PCAP files using `capture` and which serves the Viewer application +* `arkime-logs` - an initially empty directory to which the `arkime` container will write some debug log files +* `arkime-raw` - an initially empty directory to which the `arkime` container will write captured PCAP files; as Arkime as employed by Malcolm is currently used for processing previously-captured PCAP files, this directory is currently unused +* `Dockerfiles` - a directory containing build instructions for Malcolm's docker images +* `docs` - a directory containing instructions and documentation +* `opensearch` - an initially empty directory where the OpenSearch database instance will reside +* `opensearch-backup` - an initially empty directory for storing OpenSearch [index snapshots](#IndexManagement) +* `filebeat` - code and configuration for the `filebeat` container which ingests Zeek logs and forwards them to the `logstash` container +* `file-monitor` - code and configuration for the `file-monitor` container which can scan files extracted by Zeek +* `file-upload` - code and configuration for the `upload` container which serves a web browser-based upload form for uploading PCAP files and Zeek logs, and which serves an SFTP share as an alternate method for upload +* `freq-server` - code and configuration for the `freq` container used for calculating entropy of strings +* `htadmin` - configuration for the `htadmin` user account management container +* `dashboards` - code and configuration for the `dashboards` container for creating additional ad-hoc visualizations and dashboards beyond that which is provided by Arkime Viewer +* `logstash` - code and configuration for the `logstash` container which parses Zeek logs and forwards them to the `opensearch` container +* `malcolm-iso` - code and configuration for building an [installer ISO](#ISO) for a minimal Debian-based Linux installation for running Malcolm +* `name-map-ui` - code and configuration for the `name-map-ui` container which provides the [host and subnet name mapping](#HostAndSubnetNaming) interface +* `netbox` - code and configuration for the `netbox`, `netbox-postgres`, `netbox-redis` and `netbox-redis-cache` containers which provide asset management capabilities +* `nginx` - configuration for the `nginx` reverse proxy container +* `pcap` - an initially empty directory for PCAP files to be uploaded, processed, and stored +* `pcap-capture` - code and configuration for the `pcap-capture` container which can capture network traffic +* `pcap-monitor` - code and configuration for the `pcap-monitor` container which watches for new or uploaded PCAP files notifies the other services to process them +* `scripts` - control scripts for starting, stopping, restarting, etc. Malcolm +* `sensor-iso` - code and configuration for building a [Hedgehog Linux](#Hedgehog) ISO +* `shared` - miscellaneous code used by various Malcolm components +* `suricata` - code and configuration for the `suricata` container which handles PCAP processing using Suricata +* `suricata-logs` - an initially empty directory for Suricata logs to be uploaded, processed, and stored +* `zeek` - code and configuration for the `zeek` container which handles PCAP processing using Zeek +* `zeek-logs` - an initially empty directory for Zeek logs to be uploaded, processed, and stored + +and the following files of special note: + +* `auth.env` - the script `./scripts/auth_setup` prompts the user for the administrator credentials used by the Malcolm appliance, and `auth.env` is the environment file where those values are stored +* `cidr-map.txt` - specify custom IP address to network segment mapping +* `host-map.txt` - specify custom IP and/or MAC address to host mapping +* `net-map.json` - an alternative to `cidr-map.txt` and `host-map.txt`, mapping hosts and network segments to their names in a JSON-formatted file +* `docker-compose.yml` - the configuration file used by `docker-compose` to build, start, and stop an instance of the Malcolm appliance +* `docker-compose-standalone.yml` - similar to `docker-compose.yml`, only used for the ["packaged"](#Packager) installation of Malcolm + +### Building from source + +Building the Malcolm docker images from scratch requires internet access to pull source files for its components. Once internet access is available, execute the following command to build all of the Docker images used by the Malcolm appliance: + +``` +$ ./scripts/build.sh +``` + +Then, go take a walk or something since it will be a while. When you're done, you can run `docker images` and see you have fresh images for: + +* `malcolmnetsec/api` (based on `python:3-slim`) +* `malcolmnetsec/arkime` (based on `debian:11-slim`) +* `malcolmnetsec/dashboards-helper` (based on `alpine:3.16`) +* `malcolmnetsec/dashboards` (based on `opensearchproject/opensearch-dashboards`) +* `malcolmnetsec/file-monitor` (based on `debian:11-slim`) +* `malcolmnetsec/file-upload` (based on `debian:11-slim`) +* `malcolmnetsec/filebeat-oss` (based on `docker.elastic.co/beats/filebeat-oss`) +* `malcolmnetsec/freq` (based on `debian:11-slim`) +* `malcolmnetsec/htadmin` (based on `debian:11-slim`) +* `malcolmnetsec/logstash-oss` (based on `opensearchproject/logstash-oss-with-opensearch-output-plugin`) +* `malcolmnetsec/name-map-ui` (based on `alpine:3.16`) +* `malcolmnetsec/netbox` (based on `netboxcommunity/netbox:latest`) +* `malcolmnetsec/nginx-proxy` (based on `alpine:3.16`) +* `malcolmnetsec/opensearch` (based on `opensearchproject/opensearch`) +* `malcolmnetsec/pcap-capture` (based on `debian:11-slim`) +* `malcolmnetsec/pcap-monitor` (based on `debian:11-slim`) +* `malcolmnetsec/postgresql` (based on `postgres:14-alpine`) +* `malcolmnetsec/redis` (based on `redis:7-alpine`) +* `malcolmnetsec/suricata` (based on `debian:11-slim`) +* `malcolmnetsec/zeek` (based on `debian:11-slim`) + +Alternately, if you have forked Malcolm on GitHub, [workflow files](./.github/workflows/) are provided which contain instructions for GitHub to build the docker images and [sensor](#Hedgehog) and [Malcolm](#ISO) installer ISOs. The resulting images are named according to the pattern `ghcr.io/owner/malcolmnetsec/image:branch` (e.g., if you've forked Malcolm with the github user `romeogdetlevjr`, the `arkime` container built for the `main` would be named `ghcr.io/romeogdetlevjr/malcolmnetsec/arkime:main`). To run your local instance of Malcolm using these images instead of the official ones, you'll need to edit your `docker-compose.yml` file(s) and replace the `image:` tags according to this new pattern, or use the bash helper script `./shared/bin/github_image_helper.sh` to pull and re-tag the images. + +## Pre-Packaged installation files + +### Creating pre-packaged installation files + +`scripts/malcolm_appliance_packager.sh` can be run to package up the configuration files (and, if necessary, the Docker images) which can be copied to a network share or USB drive for distribution to non-networked machines. For example: + +``` +$ ./scripts/malcolm_appliance_packager.sh +You must set a username and password for Malcolm, and self-signed X.509 certificates will be generated + +Store administrator username/password for local Malcolm access? (Y/n): y + +Administrator username: analyst +analyst password: +analyst password (again): + +(Re)generate self-signed certificates for HTTPS access (Y/n): y + +(Re)generate self-signed certificates for a remote log forwarder (Y/n): y + +Store username/password for primary remote OpenSearch instance? (y/N): n + +Store username/password for secondary remote OpenSearch instance? (y/N): n + +Store username/password for email alert sender account? (y/N): n + +(Re)generate internal passwords for NetBox (Y/n): y + +Packaged Malcolm to "/home/user/tmp/malcolm_20190513_101117_f0d052c.tar.gz" + +Do you need to package docker images also [y/N]? y +This might take a few minutes... + +Packaged Malcolm docker images to "/home/user/tmp/malcolm_20190513_101117_f0d052c_images.tar.gz" + + +To install Malcolm: + 1. Run install.py + 2. Follow the prompts + +To start, stop, restart, etc. Malcolm: + Use the control scripts in the "scripts/" directory: + - start (start Malcolm) + - stop (stop Malcolm) + - restart (restart Malcolm) + - logs (monitor Malcolm logs) + - wipe (stop Malcolm and clear its database) + - auth_setup (change authentication-related settings) + +A minute or so after starting Malcolm, the following services will be accessible: + - Arkime: https://localhost/ + - OpenSearch Dashboards: https://localhost/dashboards/ + - PCAP upload (web): https://localhost/upload/ + - PCAP upload (sftp): sftp://USERNAME@127.0.0.1:8022/files/ + - Host and subnet name mapping editor: https://localhost/name-map-ui/ + - NetBox: https://localhost/netbox/ + - Account management: https://localhost:488/ +``` + +The above example will result in the following artifacts for distribution as explained in the script's output: + +``` +$ ls -lh +total 2.0G +-rwxr-xr-x 1 user user 61k May 13 11:32 install.py +-rw-r--r-- 1 user user 2.0G May 13 11:37 malcolm_20190513_101117_f0d052c_images.tar.gz +-rw-r--r-- 1 user user 683 May 13 11:37 malcolm_20190513_101117_f0d052c.README.txt +-rw-r--r-- 1 user user 183k May 13 11:32 malcolm_20190513_101117_f0d052c.tar.gz +``` + +### Installing from pre-packaged installation files + +If you have obtained pre-packaged installation files to install Malcolm on a non-networked machine via an internal network share or on a USB key, you likely have the following files: + +* `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.README.txt` - This readme file contains a minimal set up instructions for extracting the contents of the other tarballs and running the Malcolm appliance. +* `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` - This tarball contains the configuration files and directory configuration used by an instance of Malcolm. It can be extracted via `tar -xf malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` upon which a directory will be created (named similarly to the tarball) containing the directories and configuration files. Alternatively, `install.py` can accept this filename as an argument and handle its extraction and initial configuration for you. +* `malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz` - This tarball contains the Docker images used by Malcolm. It can be imported manually via `docker load -i malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz` +* `install.py` - This install script can load the Docker images and extract Malcolm configuration files from the aforementioned tarballs and do some initial configuration for you. + +Run `install.py malcolm_XXXXXXXX_XXXXXX_XXXXXXX.tar.gz` and follow the prompts. If you do not already have Docker and Docker Compose installed, the `install.py` script will help you install them. \ No newline at end of file diff --git a/docs/web/download.md b/docs/download.md similarity index 100% rename from docs/web/download.md rename to docs/download.md diff --git a/docs/file-scanning.md b/docs/file-scanning.md new file mode 100644 index 000000000..d51926db9 --- /dev/null +++ b/docs/file-scanning.md @@ -0,0 +1,28 @@ +### Automatic file extraction and scanning + +Malcolm can leverage Zeek's knowledge of network protocols to automatically detect file transfers and extract those files from PCAPs as Zeek processes them. This behavior can be enabled globally by modifying the `ZEEK_EXTRACTOR_MODE` [environment variable in `docker-compose.yml`](#DockerComposeYml), or on a per-upload basis for PCAP files uploaded via the [browser-based upload form](#Upload) when **Analyze with Zeek** is selected. + +To specify which files should be extracted, the following values are acceptable in `ZEEK_EXTRACTOR_MODE`: + +* `none`: no file extraction +* `interesting`: extraction of files with mime types of common attack vectors +* `mapped`: extraction of files with recognized mime types +* `known`: extraction of files for which any mime type can be determined +* `all`: extract all files + +Extracted files can be examined through any of the following methods: + +* submitting file hashes to [**VirusTotal**](https://www.virustotal.com/en/#search); to enable this method, specify the `VTOT_API2_KEY` [environment variable in `docker-compose.yml`](#DockerComposeYml) +* scanning files with [**ClamAV**](https://www.clamav.net/); to enable this method, set the `EXTRACTED_FILE_ENABLE_CLAMAV` [environment variable in `docker-compose.yml`](#DockerComposeYml) to `true` +* scanning files with [**Yara**](https://github.com/VirusTotal/yara); to enable this method, set the `EXTRACTED_FILE_ENABLE_YARA` [environment variable in `docker-compose.yml`](#DockerComposeYml) to `true` +* scanning PE (portable executable) files with [**Capa**](https://github.com/fireeye/capa); to enable this method, set the `EXTRACTED_FILE_ENABLE_CAPA` [environment variable in `docker-compose.yml`](#DockerComposeYml) to `true` + +Files which are flagged via any of these methods will be logged as Zeek `signatures.log` entries, and can be viewed in the **Signatures** dashboard in OpenSearch Dashboards. + +The `EXTRACTED_FILE_PRESERVATION` [environment variable in `docker-compose.yml`](#DockerComposeYml) determines the behavior for preservation of Zeek-extracted files: + +* `quarantined`: preserve only flagged files in `./zeek-logs/extract_files/quarantine` +* `all`: preserve flagged files in `./zeek-logs/extract_files/quarantine` and all other extracted files in `./zeek-logs/extract_files/preserved` +* `none`: preserve no extracted files + +The `EXTRACTED_FILE_HTTP_SERVER_…` [environment variables in `docker-compose.yml`](#DockerComposeYml) configure access to the Zeek-extracted files path through the means of a simple HTTPS directory server. Beware that Zeek-extracted files may contain malware. As such, the files may be optionally encrypted upon download. \ No newline at end of file diff --git a/docs/hardening.md b/docs/hardening.md new file mode 100644 index 000000000..32e21cf3b --- /dev/null +++ b/docs/hardening.md @@ -0,0 +1,59 @@ +### Hardening + +The Malcolm aggregator base operating system uses the [harbian-audit](https://github.com/hardenedlinux/harbian-audit) benchmarks which target the following guidelines for establishing a secure configuration posture: + +* [CIS Debian Linux 9/10 Benchmark](https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/) +* [DISA STIG (Security Technical Implementation Guides) for RHEL 7](https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/) v2r5 Ubuntu v1r2 [adapted](https://github.com/hardenedlinux/STIG-OS-mirror/blob/master/redhat-STIG-DOCs/U_Red_Hat_Enterprise_Linux_7_V2R5_STIG.zip) for a Debian operating system +* Additional recommendations from [cisecurity.org](https://www.cisecurity.org/) + +#### Compliance Exceptions + +[Currently](https://github.com/hardenedlinux/harbian-audit/tree/master/bin/hardening) there are 274 checks to determine compliance with the [harbian-audit](https://github.com/hardenedlinux/harbian-audit) benchmark. + +The Malcolm aggregator base operating system claims exceptions from the recommendations in this benchmark in the following categories: + +**1.1 Install Updates, Patches and Additional Security Software** - When the the Malcolm aggregator appliance software is built, all of the latest applicable security patches and updates are included in it. How future updates are to be handled is still in design. + +**1.3 Enable verify the signature of local packages** - As the base distribution is not using embedded signatures, `debsig-verify` would reject all packages (see comment in `/etc/dpkg/dpkg.cfg`). Enabling it after installation would disallow any future updates. + +**2.14 Add nodev option to /run/shm Partition**, **2.15 Add nosuid Option to /run/shm Partition**, **2.16 Add noexec Option to /run/shm Partition** - The Malcolm aggregator base operating system does not mount `/run/shm` as a separate partition, so these recommendations do not apply. + +**2.19 Disable Mounting of freevxfs Filesystems**, **2.20 Disable Mounting of jffs2 Filesystems**, **2.21 Disable Mounting of hfs Filesystems**, **2.22 Disable Mounting of hfsplus Filesystems**, **2.23 Disable Mounting of squashfs Filesystems**, **2.24 Disable Mounting of udf Filesystems** - The Malcolm aggregator base operating system is not compiling a custom Linux kernel, so these filesystems are inherently supported as they are part Debian Linux's default kernel. + +**3.3 Set Boot Loader Password** - As maximizing availability is a system requirement, Malcolm should restart automatically without user intervention to ensured uninterrupted service. A boot loader password is not enabled. + +**4.8 Disable USB Devices** - The ability to ingest data (such as PCAP files) from a mounted USB mass storage device is a requirement of the system. + +**6.1 Ensure the X Window system is not installed**, **6.2 Ensure Avahi Server is not enabled**, **6.3 Ensure print server is not enabled** - An X Windows session is provided for displaying dashboards. The library packages `libavahi-common-data`, `libavahi-common3`, and `libcups2` are dependencies of some of the X components used by the Malcolm aggregator base operating system, but the `avahi` and `cups` services themselves are disabled. + +**6.17 Ensure virus scan Server is enabled**, **6.18 Ensure virus scan Server update is enabled** - As this is a network traffic analysis appliance rather than an end-user device, regular user files will not be created. A virus scan program would impact device performance and would be unnecessary. + +**7.1.1 Disable IP Forwarding**, **7.2.4 Log Suspicious Packets**, **7.2.7 Enable RFC-recommended Source Route Validation**, **7.4.1 Install TCP Wrappers** - As Malcolm may operate as a network traffic capture appliance sniffing packets on a network interface configured in promiscuous mode, these recommendations do not apply. + +**8.1.1.2 Disable System on Audit Log Full**, **8.1.1.3 Keep All Auditing Information**, **8.1.1.5 Ensure set remote_server for audit service**, **8.1.1.6 Ensure enable_krb5 set to yes for remote audit service**, **8.1.1.7 Ensure set action for audit storage volume is fulled**, **8.1.1.8 Ensure set action for network failure on remote audit service**, **8.1.1.9 Set space left for auditd service**, a few other audit-related items under section **8.1**, **8.2.4 Configure rsyslog to Send Logs to a Remote Log Host** - As maximizing availability is a system requirement, audit processing failures will be logged on the device rather than halting the system. `auditd` is set up to syslog when its local storage capacity is reached. + +**8.4.2 Implement Periodic Execution of File Integrity** - This functionality is not configured by default, but it can be configured post-install by the end user. + +Password-related recommendations under **9.2** and **10.1** - The library package `libpam-pwquality` is used in favor of `libpam-cracklib` which is what the [compliance scripts](https://github.com/hardenedlinux/harbian-audit/tree/master/bin/hardening) are looking for. Also, as an appliance running Malcolm is intended to be used as an appliance rather than a general user-facing software platform, some exceptions to password enforcement policies are claimed. + +**9.3.13 Limit Access via SSH** - The Malcolm aggregator base operating system does not create multiple regular user accounts: only `root` and an aggregator service account are used. SSH access for `root` is disabled. SSH login with a password is also disallowed: only key-based authentication is accepted. The service account accepts no keys by default. As such, the `AllowUsers`, `AllowGroups`, `DenyUsers`, and `DenyGroups` values in `sshd_config` do not apply. + +**9.4 Restrict Access to the su Command** - The Malcolm aggregator base operating system does not create multiple regular user accounts: only `root` and an aggregator service account are used. + +**10.1.6 Remove nopasswd option from the sudoers configuration** - A very limited set of operations (a single script used to run the AIDE integrity check as a non-root user) has the NOPASSWD option set to allow it to be run in the background without user intervention. + +**10.1.10 Set maxlogins for all accounts** and **10.5 Set Timeout on ttys** - The Malcolm aggregator base operating system does not create multiple regular user accounts: only `root` and an aggregator service account are used. + +**12.10 Find SUID System Executables**, **12.11 Find SGID System Executables** - The few files found by [these](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/12.10_find_suid_files.sh) [scripts](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/12.11_find_sgid_files.sh) are valid exceptions required by the Malcolm aggregator base operating system's core requirements. + +**14.1 Defense for NAT Slipstreaming** - As Malcolm may operate as a network traffic capture appliance sniffing packets on a network interface configured in promiscuous mode, this recommendation does not apply. + +Please review the notes for these additional guidelines. While not claiming an exception, the Malcolm aggregator base operating system may implement them in a manner different than is described by the [CIS Debian Linux 9/10 Benchmark](https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/) or the [hardenedlinux/harbian-audit](https://github.com/hardenedlinux/harbian-audit) audit scripts. + +**4.1 Restrict Core Dumps** - The Malcolm aggregator base operating system disables core dumps using a configuration file for `ulimit` named `/etc/security/limits.d/limits.conf`. The [audit script](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/4.1_restrict_core_dumps.sh) checking for this does not check the `limits.d` subdirectory, which is why this is incorrectly flagged as noncompliant. + +**5.4 Ensure ctrl-alt-del is disabled** - The Malcolm aggregator base operating system disables the `ctrl+alt+delete` key sequence by executing `systemctl disable ctrl-alt-del.target` during installation and the command `systemctl mask ctrl-alt-del.target` at boot time. + +**7.4.4 Create /etc/hosts.deny**, **7.7.1 Ensure Firewall is active**, **7.7.4.1 Ensure default deny firewall policy**, **7.7.4.2 Ensure loopback traffic is configured**, **7.7.4.3 Ensure default deny firewall policy**, **7.7.4.4 Ensure outbound and established connections are configured** - The Malcolm aggregator base operating system **is** configured with an appropriately locked-down software firewall (managed by "Uncomplicated Firewall" `ufw`). However, the methods outlined in the CIS benchmark recommendations do not account for this configuration. + +**8.6 Verifies integrity all packages** - The [script](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/8.7_verify_integrity_packages.sh) which verifies package integrity only "fails" because of missing (status `??5??????` displayed by the utility) language ("locale") files, which are removed as part of the Malcolm aggregator base operating system's trimming-down process. All non-locale-related system files pass intergrity checks. diff --git a/docs/hedgehog-boot.md b/docs/hedgehog-boot.md new file mode 100644 index 000000000..b189cd1ef --- /dev/null +++ b/docs/hedgehog-boot.md @@ -0,0 +1,17 @@ +# Boot + +Each time the sensor boots, a grub boot menu will be shown briefly, after which the sensor will proceed to load. + +## Kiosk mode + +![Kiosk mode sensor menu: resource statistics](./docs/images/kiosk_mode_sensor_menu.png) + +The sensor automatically logs in as the sensor user account and runs in **kiosk mode**, which is intended to show an at-a-glance view of the its resource utilization. Clicking the **☰** icon in allows you to switch between the resource statistics view and the services view. + +![Kiosk mode sensor menu: services](./docs/images/kiosk_mode_services_menu.png) + +The kiosk's services screen (designed with large clickable labels for small portable touch screens) can be used to start and stop essential services, get a status report of the currently running services, and clean all captured data from the sensor. + +!["Clean Sensor" confirmation prompt before deleting sensor data](./docs/images/kiosk_mode_wipe_prompt.png) + +!["Sensor Status" report from the kiosk services menu](./docs/images/kiosk_mode_status.png) \ No newline at end of file diff --git a/docs/hedgehog-config.md b/docs/hedgehog-config.md new file mode 100644 index 000000000..e7dbdba9e --- /dev/null +++ b/docs/hedgehog-config.md @@ -0,0 +1,262 @@ +# Configuration + +Kiosk mode can be exited by connecting an external USB keyboard and pressing **Alt+F4**, upon which the *sensor* user's desktop is shown. + +![Sensor login session desktop](./docs/images/desktop.png) + +Several icons are available in the top menu bar: + +* **Terminal** - opens a command prompt in a terminal emulator +* **Browser** - opens a web browser +* **Kiosk** – returns the sensor to kiosk mode +* **README** – displays this document +* **Sensor status** – displays a list with the status of each sensor service +* **Configure capture and forwarding** – opens a dialog for configuring the sensor's capture and forwarding services, as well as specifying which services should autostart upon boot +* **Configure interfaces and hostname** – opens a dialog for configuring the sensor's network interfaces and setting the sensor's hostname +* **Restart sensor services** - stops and restarts all of the [autostart services](#ConfigAutostart) + +## Interfaces, hostname, and time synchronization + +### Hostname + +The first step of sensor configuration is to configure the network interfaces and sensor hostname. Clicking the **Configure Interfaces and Hostname** toolbar icon (or, if you are at a command line prompt, running `configure-interfaces`) will prompt you for the root password you created during installation, after which the configuration welcome screen is shown. Select **Continue** to proceed. + +You may next select whether to configure the network interfaces, hostname, or time synchronization. + +![Selection to configure network interfaces, hostname, or time synchronization](./docs/images/root_config_mode.png) + +Selecting **Hostname**, you will be presented with a summary of the current sensor identification information, after which you may specify a new sensor hostname. This name will be used to tag all events forwarded from this sensor in the events' **host.name** field. + +![Specifying a new sensor hostname](./docs/images/hostname_setting.png) + +### Interfaces + +Returning to the configuration mode selection, choose **Interface**. You will be prompted if you would like help identifying network interfaces. If you select **Yes**, you will be prompted to select a network interface, after which that interface's link LED will blink for 10 seconds to help you in its identification. This network interface identification aid will continue to prompt you to identify further network interfaces until you select **No**. + +You will be presented with a list of interfaces to configure as the sensor management interface. This is the interface the sensor itself will use to communicate with the network in order to, for example, forward captured logs to an aggregate server. In order to do so, the management interface must be assigned an IP address. This is generally **not** the interface used for capturing data. Select the interface to which you wish to assign an IP address. The interfaces are listed by name and MAC address and the associated link speed is also displayed if it can be determined. For interfaces without a connected network cable, generally a `-1` will be displayed instead of the interface speed. + +![Management interface selection](./docs/images/select_iface.png) + +Depending on the configuration of your network, you may now specify how the management interface will be assigned an IP address. In order to communicate with an event aggregator over the management interface, either **static** or **dhcp** must be selected. + +![Interface address source](./docs/images/iface_mode.png) + +If you select static, you will be prompted to enter the IP address, netmask, and gateway to assign to the management interface. + +![Static IP configuration](./docs/images/iface_static.png) + +In either case, upon selecting **OK** the network interface will be brought down, configured, and brought back up, and the result of the operation will be displayed. You may choose **Quit** upon returning to the configuration tool's welcome screen. + +### Time synchronization + +Returning to the configuration mode selection, choose **Time Sync**. Here you can configure the sensor to keep its time synchronized with either an NTP server (using the NTP protocol) or a local [Malcolm](https://github.com/idaholab/Malcolm) aggregator or another HTTP/HTTPS server. On the next dialog, choose the time synchronization method you wish to configure. + +![Time synchronization method](./docs/images/time_sync_mode.png) + +If **htpdate** is selected, you will be prompted to enter the IP address or hostname and port of an HTTP/HTTPS server (for a Malcolm instance, port `9200` may be used) and the time synchronization check frequency in minutes. A test connection will be made to determine if the time can be retrieved from the server. + +![*htpdate* configuration](./docs/images/htpdate_setup.png) + +If *ntpdate* is selected, you will be prompted to enter the IP address or hostname of the NTP server. + +![NTP configuration](./docs/images/ntp_host.png) + +Upon configuring time synchronization, a "Time synchronization configured successfully!" message will be displayed, after which you will be returned to the welcome screen. + +## Capture, forwarding, and autostart services + +Clicking the **Configure Capture and Forwarding** toolbar icon (or, if you are at a command prompt, running `configure-capture`) will launch the configuration tool for capture and forwarding. The root password is not required as it was for the interface and hostname configuration, as sensor services are run under the non-privileged sensor account. Select **Continue** to proceed. You may select from a list of configuration options. + +![Select configuration mode](./docs/images/capture_config_main.png) + +### Capture + +Choose **Configure Capture** to configure parameters related to traffic capture and local analysis. You will be prompted if you would like help identifying network interfaces. If you select **Yes**, you will be prompted to select a network interface, after which that interface's link LED will blink for 10 seconds to help you in its identification. This network interface identification aid will continue to prompt you to identify further network interfaces until you select **No**. + +You will be presented with a list of network interfaces and prompted to select one or more capture interfaces. An interface used to capture traffic is generally a different interface than the one selected previously as the management interface, and each capture interface should be connected to a network tap or span port for traffic monitoring. Capture interfaces are usually not assigned an IP address as they are only used to passively “listen” to the traffic on the wire. The interfaces are listed by name and MAC address and the associated link speed is also displayed if it can be determined. For interfaces without a connected network cable, generally a `-1` will be displayed instead of the interface speed. + +![Select capture interfaces](./docs/images/capture_iface_select.png) + +Upon choosing the capture interfaces and selecting OK, you may optionally provide a capture filter. This filter will be used to limit what traffic the PCAP service ([`tcpdump`](https://www.tcpdump.org/)) and the traffic analysis services ([`zeek`](https://www.zeek.org/) and [`suricata`](https://suricata.io/)) will see. Capture filters are specified using [Berkeley Packet Filter (BPF)](http://biot.com/capstats/bpf.html) syntax. Clicking **OK** will attempt to validate the capture filter, if specified, and will present a warning if the filter is invalid. + +![Specify capture filters](./docs/images/capture_filter.png) + +Next you must specify the paths where captured PCAP files and logs will be stored locally on the sensor. If the installation worked as expected, these paths should be prepopulated to reflect paths on the volumes formatted at install time for the purpose storing these artifacts. Usually these paths will exist on separate storage volumes. Enabling the PCAP and log pruning autostart services (see the section on autostart services below) will enable monitoring of these paths to ensure that their contents do not consume more than 90% of their respective volumes' space. Choose **OK** to continue. + +![Specify capture paths](./docs/images/capture_paths.png) + +#### Automatic file extraction and scanning + +Hedgehog Linux can leverage Zeek's knowledge of network protocols to automatically detect file transfers and extract those files from network traffic as Zeek sees them. + +To specify which files should be extracted, specify the Zeek file carving mode: + +![Zeek file carving mode](./docs/images/zeek_file_carve_mode.png) + +If you're not sure what to choose, either of **mapped (except common plain text files)** (if you want to carve and scan almost all files) or **interesting** (if you only want to carve and scan files with [mime types of common attack vectors](./interface/sensor_ctl/zeek/extractor_override.interesting.zeek)) is probably a good choice. + +Next, specify which carved files to preserve (saved on the sensor under `/capture/bro/capture/extract_files/quarantine` by default). In order to not consume all of the sensor's available storage space, the oldest preserved files will be pruned along with the oldest Zeek logs as described below with **AUTOSTART_PRUNE_ZEEK** in the [autostart services](#ConfigAutostart) section. + +You'll be prompted to specify which engine(s) to use to analyze extracted files. Extracted files can be examined through any of three methods: + +![File scanners](./docs/images/zeek_file_carve_scanners.png) + +* scanning files with [**ClamAV**](https://www.clamav.net/); to enable this method, select **ZEEK_FILE_SCAN_CLAMAV** when specifying scanners for Zeek-carved files +* submitting file hashes to [**VirusTotal**](https://www.virustotal.com/en/#search); to enable this method, select **ZEEK_FILE_SCAN_VTOT** when specifying scanners for Zeek-carved files, then manually edit `/opt/sensor/sensor_ctl/control_vars.conf` and specify your [VirusTotal API key](https://developers.virustotal.com/reference) in `VTOT_API2_KEY` +* scanning files with [**Yara**](https://github.com/VirusTotal/yara); to enable this method, select **ZEEK_FILE_SCAN_YARA** when specifying scanners for Zeek-carved files +* scanning portable executable (PE) files with [**Capa**](https://github.com/fireeye/capa); to enable this method, select **ZEEK_FILE_SCAN_CAPA** when specifying scanners for Zeek-carved files + +Files which are flagged as potentially malicious will be logged as Zeek `signatures.log` entries, and can be viewed in the **Signatures** dashboard in [OpenSearch Dashboards](https://github.com/idaholab/Malcolm#DashboardsVisualizations) when forwarded to Malcolm. + +![File quarantine](./docs/images/file_quarantine.png) + +Finally, you will be presented with the list of configuration variables that will be used for capture, including the values which you have configured up to this point in this section. Upon choosing **OK** these values will be written back out to the sensor configuration file located at `/opt/sensor/sensor_ctl/control_vars.conf`. It is not recommended that you edit this file manually. After confirming these values, you will be presented with a confirmation that these settings have been written to the configuration file, and you will be returned to the welcome screen. + +### Forwarding + +Select **Configure Forwarding** to set up forwarding logs and statistics from the sensor to an aggregator server, such as [Malcolm](https://github.com/idaholab/Malcolm). + +![Configure forwarders](./docs/images/forwarder_config.png) + +There are five forwarder services used on the sensor, each for forwarding a different type of log or sensor metric. + +### capture: Arkime session forwarding + +[capture](https://github.com/arkime/arkime/tree/master/capture) is not only used to capture PCAP files, but also the parse raw traffic into sessions and forward this session metadata to an [OpenSearch](https://opensearch.org/) database so that it can be viewed in [Arkime viewer](https://arkime.com/), whether standalone or as part of a [Malcolm](https://github.com/idaholab/Malcolm) instance. If you're using Hedgehog Linux with Malcolm, please read [Correlating Zeek logs and Arkime sessions](https://github.com/idaholab/Malcolm#ZeekArkimeFlowCorrelation) in the Malcolm documentation for more information. + +First, select the OpenSearch connection transport protocol, either **HTTPS** or **HTTP**. If the metrics are being forwarded to Malcolm, select **HTTPS** to encrypt messages from the sensor to the aggregator using TLS v1.2 using ECDHE-RSA-AES128-GCM-SHA256. If **HTTPS** is chosen, you must choose whether to enable SSL certificate verification. If you are using a self-signed certificate (such as the one automatically created during [Malcolm's configuration](https://github.com/idaholab/Malcolm#configure-authentication)), choose **None**. + +![OpenSearch connection protocol](./docs/images/opensearch_connection_protocol.png) ![OpenSearch SSL verification](./docs/images/opensearch_ssl_verification.png) + +Next, enter the **OpenSearch host** IP address (ie., the IP address of the aggregator) and port. These metrics are written to an OpenSearch database using a RESTful API, usually using port 9200. Depending on your network configuration, you may need to open this port in your firewall to allow this connection from the sensor to the aggregator. + +![OpenSearch host and port](./docs/images/arkime-capture-ip-port.png) + +You will be asked to enter authentication credentials for the sensor's connections to the aggregator's OpenSearch API. After you've entered the username and the password, the sensor will attempt a test connection to OpenSearch using the connection information provided. + +![OpenSearch username](./docs/images/opensearch_username.png) ![OpenSearch password](./docs/images/opensearch_password.png) ![Successful OpenSearch connection](./docs/images/opensearch_connection_success.png) + +Finally, you will be shown a dialog for a list of IP addresses used to populate an access control list (ACL) for hosts allowed to connect back to the sensor for retrieving session payloads from its PCAP files for display in Arkime viewer. The list will be prepopulated with the IP address entered a few screens prior to this one. + +![PCAP retrieval ACL](./docs/images/malcolm_arkime_reachback_acl.png) + +Finally, you'll be given the opportunity to review the all of the Arkime `capture` options you've specified. Selecting **OK** will cause the parameters to be saved and you will be returned to the configuration tool's welcome screen. + +![capture settings confirmation](./docs/images/arkime_confirm.png) + +### filebeat: Zeek and Suricata log forwarding + +[Filebeat](https://www.elastic.co/products/beats/filebeat) is used to forward [Zeek](https://www.zeek.org/) and [Suricata](https://suricata.io/) logs to a remote [Logstash](https://www.elastic.co/products/logstash) instance for further enrichment prior to insertion into an [OpenSearch](https://opensearch.org/) database. + +To configure filebeat, first provide the log path (the same path previously configured for log file generation). + +![Configure filebeat for log forwarding](./docs/images/filebeat_log_path.png) + +You must also provide the IP address of the Logstash instance to which the logs are to be forwarded, and the port on which Logstash is listening. These logs are forwarded using the Beats protocol, generally over port 5044. Depending on your network configuration, you may need to open this port in your firewall to allow this connection from the sensor to the aggregator. + +![Configure filebeat for log forwrading](./docs/images/filebeat_ip_port.png) + +Next you are asked whether the connection used for log forwarding should be done **unencrypted** or over **SSL**. Unencrypted communication requires less processing overhead and is simpler to configure, but the contents of the logs may be visible to anyone who is able to intercept that traffic. + +![Filebeat SSL certificate verification](./docs/images/filebeat_ssl.png) + +If **SSL** is chosen, you must choose whether to enable [SSL certificate verification](https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html). If you are using a self-signed certificate (such as the one automatically created during [Malcolm's configuration](https://github.com/idaholab/Malcolm#configure-authentication), choose **None**. + +![Unencrypted vs. SSL encryption for log forwarding](./docs/images/filebeat_ssl_verify.png) + +The last step for SSL-encrypted log forwarding is to specify the SSL certificate authority, certificate, and key files. These files must match those used by the Logstash instance receiving the logs on the aggregator. If Malcolm's `auth_setup` script was used to generate these files they would be found in the `filebeat/certs/` subdirectory of the Malcolm installation and must be manually copied to the sensor (stored under `/opt/sensor/sensor_ctl/logstash-client-certificates` or in any other path accessible to the sensor account). Specify the location of the certificate authorities file (eg., `ca.crt`), the certificate file (eg., `client.crt`), and the key file (eg., `client.key`). + +![SSL certificate files](./docs/images/filebeat_certs.png) + +The Logstash instance receiving the events must be similarly configured with matching SSL certificate and key files. Under Malcolm, the `BEATS_SSL` variable must be set to `true` in Malcolm's `docker-compose.yml` file and the SSL files must exist in the `logstash/certs/` subdirectory of the Malcolm installation. + +Once you have specified all of the filebeat parameters, you will be presented with a summary of the settings related to the forwarding of these logs. Selecting **OK** will cause the parameters to be written to filebeat's configuration keystore under `/opt/sensor/sensor_ctl/logstash-client-certificates` and you will be returned to the configuration tool's welcome screen. + +![Confirm filebeat settings](./docs/images/filebeat_confirm.png) + +### miscbeat: System metrics forwarding + +The sensor uses [Fluent Bit](https://fluentbit.io/) to gather miscellaneous system resource metrics (CPU, network I/O, disk I/O, memory utilization, temperature, etc.) and the [Beats](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html) protocol to forward these metrics to a remote [Logstash](https://www.elastic.co/products/logstash) instance for further enrichment prior to insertion into an [OpenSearch](https://opensearch.org/) database. Metrics categories can be enabled/disabled as described in the [autostart services](#ConfigAutostart) section of this document. + +This forwarder's configuration is almost identical to that of [filebeat](#filebeat) in the previous section. Select `miscbeat` from the forwarding configuration mode options and follow the same steps outlined above to set up this forwarder. + +### Autostart services + +Once the forwarders have been configured, the final step is to **Configure Autostart Services**. Choose this option from the configuration mode menu after the welcome screen of the sensor configuration tool. + +Despite configuring capture and/or forwarder services as described in previous sections, only services enabled in the autostart configuration will run when the sensor starts up. The available autostart processes are as follows (recommended services are in **bold text**): + +* **AUTOSTART_ARKIME** - [capture](#arkime-capture) PCAP engine for traffic capture, as well as traffic parsing and metadata insertion into OpenSearch for viewing in [Arkime](https://arkime.com/). If you are using Hedgehog Linux along with [Malcolm](https://github.com/idaholab/Malcolm) or another Arkime installation, this is probably the packet capture engine you want to use. +* **AUTOSTART_CLAMAV_UPDATES** - Virus database update service for ClamAV (requires sensor to be connected to the internet) +* **AUTOSTART_FILEBEAT** - [filebeat](#filebeat) Zeek and Suricata log forwarder +* **AUTOSTART_FLUENTBIT_AIDE** - [Fluent Bit](https://fluentbit.io/) agent [monitoring](https://docs.fluentbit.io/manual/pipeline/inputs/exec) [AIDE](https://aide.github.io/) file system integrity checks +* **AUTOSTART_FLUENTBIT_AUDITLOG** - [Fluent Bit](https://fluentbit.io/) agent [monitoring](https://docs.fluentbit.io/manual/pipeline/inputs/tail) [auditd](https://man7.org/linux/man-pages/man8/auditd.8.html) logs +* *AUTOSTART_FLUENTBIT_KMSG* - [Fluent Bit](https://fluentbit.io/) agent [monitoring](https://docs.fluentbit.io/manual/pipeline/inputs/kernel-logs) the Linux kernel log buffer (these are generally reflected in syslog as well, which may make this agent redundant) +* **AUTOSTART_FLUENTBIT_METRICS** - [Fluent Bit](https://fluentbit.io/) agent for collecting [various](https://docs.fluentbit.io/manual/pipeline/inputs) system resource and performance metrics +* **AUTOSTART_FLUENTBIT_SYSLOG** - [Fluent Bit](https://fluentbit.io/) agent [monitoring](https://docs.fluentbit.io/manual/pipeline/inputs/syslog) Linux syslog messages +* **AUTOSTART_FLUENTBIT_THERMAL** - [Fluent Bit](https://fluentbit.io/) agent [monitoring](https://docs.fluentbit.io/manual/pipeline/inputs/thermal) system temperatures +* **AUTOSTART_MISCBEAT** - [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html) forwarder which sends system metrics collected by [Fluent Bit](https://fluentbit.io/) to a remote Logstash instance (e.g., [Malcolm](https://github.com/idaholab/Malcolm)'s) +* *AUTOSTART_NETSNIFF* - [netsniff-ng](http://netsniff-ng.org/) PCAP engine for saving packet capture (PCAP) files +* **AUTOSTART_PRUNE_PCAP** - storage space monitor to ensure that PCAP files do not consume more than 90% of the total size of the storage volume to which PCAP files are written +* **AUTOSTART_PRUNE_ZEEK** - storage space monitor to ensure that Zeek logs do not consume more than 90% of the total size of the storage volume to which Zeek logs are written +* **AUTOSTART_SURICATA** - [Suricata](https://suricata.io/) traffic analysis engine +* **AUTOSTART_SURICATA_UPDATES** - Rule update service for Suricata (requires sensor to be connected to the internet) +* *AUTOSTART_TCPDUMP* - [tcpdump](https://www.tcpdump.org/) PCAP engine for saving packet capture (PCAP) files +* **AUTOSTART_ZEEK** - [Zeek](https://www.zeek.org/) traffic analysis engine + +Note that only one packet capture engine ([capture](https://arkime.com/), [netsniff-ng](http://netsniff-ng.org/), or [tcpdump](https://www.tcpdump.org/)) can be used. + +![Autostart services](./docs/images/autostarts.png) + +Once you have selected the autostart services, you will be prompted to confirm your selections. Doing so will cause these values to be written back out to the `/opt/sensor/sensor_ctl/control_vars.conf` configuration file. + +![Autostart services confirmation](./docs/images/autostarts_confirm.png) + +After you have completed configuring the sensor it is recommended that you reboot the sensor to ensure all new settings take effect. If rebooting is not an option, you may click the **Restart Sensor Services** menu icon in the top menu bar, or open a terminal and run: + +``` +/opt/sensor/sensor_ctl/shutdown && sleep 10 && /opt/sensor/sensor_ctl/supervisor.sh +``` + +This will cause the sensor services controller to stop, wait a few seconds, and restart. You can check the status of the sensor's processes by choosing **Sensor Status** from the sensor's kiosk mode, clicking the **Sensor Service Status** toolbar icon, or running `/opt/sensor/sensor_ctl/status` from the command line: + +``` +$ /opt/sensor/sensor_ctl/status +arkime:arkime-capture RUNNING pid 6455, uptime 0:03:17 +arkime:arkime-viewer RUNNING pid 6456, uptime 0:03:17 +beats:filebeat RUNNING pid 6457, uptime 0:03:17 +beats:miscbeat RUNNING pid 6458, uptime 0:03:17 +clamav:clamav-service RUNNING pid 6459, uptime 0:03:17 +clamav:clamav-updates RUNNING pid 6461, uptime 0:03:17 +fluentbit-auditlog RUNNING pid 6463, uptime 0:03:17 +fluentbit-kmsg STOPPED Not started +fluentbit-metrics:cpu RUNNING pid 6466, uptime 0:03:17 +fluentbit-metrics:df RUNNING pid 6471, uptime 0:03:17 +fluentbit-metrics:disk RUNNING pid 6468, uptime 0:03:17 +fluentbit-metrics:mem RUNNING pid 6472, uptime 0:03:17 +fluentbit-metrics:mem_p RUNNING pid 6473, uptime 0:03:17 +fluentbit-metrics:netif RUNNING pid 6474, uptime 0:03:17 +fluentbit-syslog RUNNING pid 6478, uptime 0:03:17 +fluentbit-thermal RUNNING pid 6480, uptime 0:03:17 +netsniff:netsniff-enp1s0 STOPPED Not started +prune:prune-pcap RUNNING pid 6484, uptime 0:03:17 +prune:prune-zeek RUNNING pid 6486, uptime 0:03:17 +supercronic RUNNING pid 6490, uptime 0:03:17 +suricata RUNNING pid 6501, uptime 0:03:17 +tcpdump:tcpdump-enp1s0 STOPPED Not started +zeek:capa RUNNING pid 6553, uptime 0:03:17 +zeek:clamav RUNNING pid 6512, uptime 0:03:17 +zeek:logger RUNNING pid 6554, uptime 0:03:17 +zeek:virustotal STOPPED Not started +zeek:watcher RUNNING pid 6510, uptime 0:03:17 +zeek:yara RUNNING pid 6548, uptime 0:03:17 +zeek:zeekctl RUNNING pid 6502, uptime 0:03:17 +``` + +### Zeek Intelligence Framework + +To quote Zeek's [Intelligence Framework](https://docs.zeek.org/en/master/frameworks/intel.html) documentation, "The goals of Zeek’s Intelligence Framework are to consume intelligence data, make it available for matching, and provide infrastructure to improve performance and memory utilization. Data in the Intelligence Framework is an atomic piece of intelligence such as an IP address or an e-mail address. This atomic data will be packed with metadata such as a freeform source field, a freeform descriptive field, and a URL which might lead to more information about the specific item." Zeek [intelligence](https://docs.zeek.org/en/master/scripts/base/frameworks/intel/main.zeek.html) [indicator types](https://docs.zeek.org/en/master/scripts/base/frameworks/intel/main.zeek.html#type-Intel::Type) include IP addresses, URLs, file names, hashes, email addresses, and more. + +Hedgehog Linux doesn't come bundled with intelligence files from any particular feed, but they can be easily included into your local instance. Before Zeek starts, Hedgehog Linux configures it such that intelligence files will be automatically included in its local policy. Subdirectories under `/opt/sensor/sensor_ctl/zeek/intel` which contain their own `__load__.zeek` file will be `@load`-ed as-is, while subdirectories containing "loose" intelligence files will be [loaded](https://docs.zeek.org/en/master/frameworks/intel.html#loading-intelligence) automatically with a `redef Intel::read_files` directive. + +Note that Hedgehog Linux does not manage updates for these intelligence files. You should use the update mechanism suggested by your feeds' maintainers to keep them up to date. Adding and deleting intelligence files under this directory will take effect upon restarting Zeek. \ No newline at end of file diff --git a/docs/hedgehog-hardening.md b/docs/hedgehog-hardening.md new file mode 100644 index 000000000..e6214a646 --- /dev/null +++ b/docs/hedgehog-hardening.md @@ -0,0 +1,59 @@ +# Appendix D - Hardening + +Hedgehog Linux uses the [harbian-audit](https://github.com/hardenedlinux/harbian-audit) benchmarks which target the following guidelines for establishing a secure configuration posture: + +* [CIS Debian Linux 9/10 Benchmark](https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/) +* [DISA STIG (Security Technical Implementation Guides) for RHEL 7](https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/) v2r5 Ubuntu v1r2 [adapted](https://github.com/hardenedlinux/STIG-OS-mirror/blob/master/redhat-STIG-DOCs/U_Red_Hat_Enterprise_Linux_7_V2R5_STIG.zip) for a Debian operating system +* Additional recommendations from [cisecurity.org](https://www.cisecurity.org/) + +## Compliance Exceptions + +[Currently](https://github.com/hardenedlinux/harbian-audit/tree/master/bin/hardening) there are 274 checks to determine compliance with the [harbian-audit](https://github.com/hardenedlinux/harbian-audit) benchmark. + +Hedgehog Linux claims exceptions from the recommendations in this benchmark in the following categories: + +**1.1 Install Updates, Patches and Additional Security Software** - When the the Malcolm aggregator appliance software is built, all of the latest applicable security patches and updates are included in it. How future updates are to be handled is still in design. + +**1.3 Enable verify the signature of local packages** - As the base distribution is not using embedded signatures, `debsig-verify` would reject all packages (see comment in `/etc/dpkg/dpkg.cfg`). Enabling it after installation would disallow any future updates. + +**2.14 Add nodev option to /run/shm Partition**, **2.15 Add nosuid Option to /run/shm Partition**, **2.16 Add noexec Option to /run/shm Partition** - Hedgehog Linux does not mount `/run/shm` as a separate partition, so these recommendations do not apply. + +**2.19 Disable Mounting of freevxfs Filesystems**, **2.20 Disable Mounting of jffs2 Filesystems**, **2.21 Disable Mounting of hfs Filesystems**, **2.22 Disable Mounting of hfsplus Filesystems**, **2.23 Disable Mounting of squashfs Filesystems**, **2.24 Disable Mounting of udf Filesystems** - Hedgehog Linux is not compiling a custom Linux kernel, so these filesystems are inherently supported as they are part Debian Linux's default kernel. + +**3.3 Set Boot Loader Password** - As maximizing availability is a system requirement, Malcolm should restart automatically without user intervention to ensured uninterrupted service. A boot loader password is not enabled. + +**4.8 Disable USB Devices** - The ability to ingest data (such as PCAP files) from a mounted USB mass storage device is a requirement of the system. + +**6.1 Ensure the X Window system is not installed**, **6.2 Ensure Avahi Server is not enabled**, **6.3 Ensure print server is not enabled** - An X Windows session is provided for displaying dashboards. The library packages `libavahi-common-data`, `libavahi-common3`, and `libcups2` are dependencies of some of the X components used by Hedgehog Linux, but the `avahi` and `cups` services themselves are disabled. + +**6.17 Ensure virus scan Server is enabled**, **6.18 Ensure virus scan Server update is enabled** - As this is a network traffic analysis appliance rather than an end-user device, regular user files will not be created. A virus scan program would impact device performance and would be unnecessary. + +**7.1.1 Disable IP Forwarding**, **7.2.4 Log Suspicious Packets**, **7.2.7 Enable RFC-recommended Source Route Validation**, **7.4.1 Install TCP Wrappers** - As Malcolm may operate as a network traffic capture appliance sniffing packets on a network interface configured in promiscuous mode, these recommendations do not apply. + +**8.1.1.2 Disable System on Audit Log Full**, **8.1.1.3 Keep All Auditing Information**, **8.1.1.5 Ensure set remote_server for audit service**, **8.1.1.6 Ensure enable_krb5 set to yes for remote audit service**, **8.1.1.7 Ensure set action for audit storage volume is fulled**, **8.1.1.8 Ensure set action for network failure on remote audit service**, **8.1.1.9 Set space left for auditd service**, a few other audit-related items under section **8.1**, **8.2.4 Configure rsyslog to Send Logs to a Remote Log Host** - As maximizing availability is a system requirement, audit processing failures will be logged on the device rather than halting the system. `auditd` is set up to syslog when its local storage capacity is reached. + +**8.4.2 Implement Periodic Execution of File Integrity** - This functionality is not configured by default, but it can be configured post-install by the end user. + +Password-related recommendations under **9.2** and **10.1** - The library package `libpam-pwquality` is used in favor of `libpam-cracklib` which is what the [compliance scripts](https://github.com/hardenedlinux/harbian-audit/tree/master/bin/hardening) are looking for. Also, as an appliance running Malcolm is intended to be used as an appliance rather than a general user-facing software platform, some exceptions to password enforcement policies are claimed. + +**9.3.13 Limit Access via SSH** - Hedgehog Linux does not create multiple regular user accounts: only `root` and a sensor service account are used. SSH access for `root` is disabled. SSH login with a password is also disallowed: only key-based authentication is accepted. The service account accepts no keys by default. As such, the `AllowUsers`, `AllowGroups`, `DenyUsers`, and `DenyGroups` values in `sshd_config` do not apply. + +**9.4 Restrict Access to the su Command** - Hedgehog Linux does not create multiple regular user accounts: only `root` and a sensor service account are used. + +**10.1.6 Remove nopasswd option from the sudoers configuration** - A very limited set of operations (a single script used to run the AIDE integrity check as a non-root user) has the NOPASSWD option set to allow it to be run in the background without user intervention. + +**10.1.10 Set maxlogins for all accounts** and **10.5 Set Timeout on ttys** - Hedgehog Linux does not create multiple regular user accounts: only `root` and a sensor service account are used. + +**12.10 Find SUID System Executables**, **12.11 Find SGID System Executables** - The few files found by [these](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/12.10_find_suid_files.sh) [scripts](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/12.11_find_sgid_files.sh) are valid exceptions required by Hedgehog Linux's core requirements. + +**14.1 Defense for NAT Slipstreaming** - As Malcolm may operate as a network traffic capture appliance sniffing packets on a network interface configured in promiscuous mode, this recommendation does not apply. + +Please review the notes for these additional guidelines. While not claiming an exception, Hedgehog Linux may implement them in a manner different than is described by the [CIS Debian Linux 9/10 Benchmark](https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/) or the [hardenedlinux/harbian-audit](https://github.com/hardenedlinux/harbian-audit) audit scripts. + +**4.1 Restrict Core Dumps** - Hedgehog Linux disables core dumps using a configuration file for `ulimit` named `/etc/security/limits.d/limits.conf`. The [audit script](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/4.1_restrict_core_dumps.sh) checking for this does not check the `limits.d` subdirectory, which is why this is incorrectly flagged as noncompliant. + +**5.4 Ensure ctrl-alt-del is disabled** - Hedgehog Linux disables the `ctrl+alt+delete` key sequence by executing `systemctl disable ctrl-alt-del.target` during installation and the command `systemctl mask ctrl-alt-del.target` at boot time. + +**7.4.4 Create /etc/hosts.deny**, **7.7.1 Ensure Firewall is active**, **7.7.4.1 Ensure default deny firewall policy**, **7.7.4.2 Ensure loopback traffic is configured**, **7.7.4.3 Ensure default deny firewall policy**, **7.7.4.4 Ensure outbound and established connections are configured** - Hedgehog Linux **is** configured with an appropriately locked-down software firewall (managed by "Uncomplicated Firewall" `ufw`). However, the methods outlined in the CIS benchmark recommendations do not account for this configuration. + +**8.6 Verifies integrity all packages** - The [script](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/8.7_verify_integrity_packages.sh) which verifies package integrity only "fails" because of missing (status `??5??????` displayed by the utility) language ("locale") files, which are removed as part of Hedgehog Linux's trimming-down process. All non-locale-related system files pass intergrity checks. \ No newline at end of file diff --git a/docs/hedgehog-installation.md b/docs/hedgehog-installation.md new file mode 100644 index 000000000..4cab7ffd8 --- /dev/null +++ b/docs/hedgehog-installation.md @@ -0,0 +1,41 @@ +# Sensor installation + +## Image boot options + +The Hedgehog Linux installation image, when provided on an optical disc, USB thumb drive, or other removable medium, can be used to install or reinstall the sensor software. + +![Sensor installation image boot menu](./docs/images/boot_options.png) + +The boot menu of the sensor installer image provides several options: + +* **Live system** and **Live system (fully in RAM)** may also be used to run the sensor in a "live USB" mode without installing any software or making any persistent configuration changes on the sensor hardware. +* **Install Hedgehog Linux** and **Install Hedgehog Linux (encrypted)** are used to [install the sensor](#Installer) onto the current system. Both selections install the same operating system and sensor software, the only difference being that the **encrypted** option encrypts the hard disks with a password (provided in a subsequent step during installation) that must be provided each time the sensor boots. There is some CPU overhead involved in an encrypted installation, so it is recommended that encrypted installations only be used for mobile installations (eg., on a sensor that may be shipped or carried for an incident response) and that the unencrypted option be used for fixed sensors in secure environments. +* **Install Hedgehog Linux (advanced configuration)** allows you to configure installation fully using all of the [Debian installer](https://www.debian.org/releases/stable/amd64/) settings and should only be selected for advanced users who know what they're doing. +* **Rescue system** is included for debugging and/or system recovery and should not be needed in most cases. + +## Installer + +The sensor installer is designed to require as little user input as possible. For this reason, there are NO user prompts and confirmations about partitioning and reformatting hard disks for use by the sensor. The installer assumes that all non-removable storage media (eg., SSD, HDD, NVMe, etc.) are available for use and ⛔🆘😭💀 ***will partition and format them without warning*** 💀😭🆘⛔. + +The installer will ask for a few pieces of information prior to installing the sensor operating system: + +* **Root password** – a password for the privileged root account which is rarely needed (only during the configuration of the sensors network interfaces and setting the sensor host name) +* **User password** – a password for the non-privileged sensor account under which the various sensor capture and forwarding services run +* **Encryption password** (optional) – if the encrypted installation option was selected at boot time, the encryption password must be entered every time the sensor boots + +Each of these passwords must be entered twice to ensure they were entered correctly. + +![Example of the installer's password prompt](./docs/images/users_and_passwords.png) + +After the passwords have been entered, the installer will proceed to format the system drive and install Hedgehog Linux. + +![Installer progress](./docs/images/installer_progress.png) + +At the end of the installation process, you will be prompted with a few self-explanatory yes/no questions: + +* **Disable IPv6?** +* **Automatically login to the GUI session?** +* **Should the GUI session be locked due to inactivity?** +* **Display the [Standard Mandatory DoD Notice and Consent Banner](https://www.stigviewer.com/stig/application_security_and_development/2018-12-24/finding/V-69349)?** *(only applies when installed on U.S. government information systems)* + +Following these prompts, the installer will reboot and Hedgehog Linux will boot. \ No newline at end of file diff --git a/docs/hedgehog-iso-build.md b/docs/hedgehog-iso-build.md new file mode 100644 index 000000000..7a8d3f5a9 --- /dev/null +++ b/docs/hedgehog-iso-build.md @@ -0,0 +1,36 @@ +# Appendix A - Generating the ISO + +Official downloads of the Hedgehog Linux installer ISO are not provided: however, it can be built easily on an internet-connected Linux host with Vagrant: + +* [Vagrant](https://www.vagrantup.com/) + - [`vagrant-reload`](https://github.com/aidanns/vagrant-reload) plugin + - [`vagrant-sshfs`](https://github.com/dustymabe/vagrant-sshfs) plugin + - [`bento/debian-11`](https://app.vagrantup.com/bento/boxes/debian-11) Vagrant box + +The build should work with either the [VirtualBox](https://www.virtualbox.org/) provider or the [libvirt](https://libvirt.org/) provider: + +* [VirtualBox](https://www.virtualbox.org/) [provider](https://www.vagrantup.com/docs/providers/virtualbox) + - [`vagrant-vbguest`](https://github.com/dotless-de/vagrant-vbguest) plugin +* [libvirt](https://libvirt.org/) + - [`vagrant-libvirt`](https://github.com/vagrant-libvirt/vagrant-libvirt) provider plugin + - [`vagrant-mutate`](https://github.com/sciurus/vagrant-mutate) plugin to convert [`bento/debian-11`](https://app.vagrantup.com/bento/boxes/debian-11) Vagrant box to `libvirt` format + +To perform a clean build the Hedgehog Linux installer ISO, navigate to your local [Malcolm](https://github.com/idaholab/Malcolm/) working copy and run: + +``` +$ ./sensor-iso/build_via_vagrant.sh -f +… +Starting build machine... +Bringing machine 'default' up with 'virtualbox' provider... +… +``` + +Building the ISO may take 90 minutes or more depending on your system. As the build finishes, you will see the following message indicating success: + +``` +… +Finished, created "/sensor-build/hedgehog-6.4.0.iso" +… +``` + +Alternately, if you have forked Malcolm on GitHub, [workflow files](../.github/workflows/) are provided which contain instructions for GitHub to build the docker images and Hedgehog and [Malcolm](https://github.com/idaholab/Malcolm) installer ISOs, specifically [`sensor-iso-build-docker-wrap-push-ghcr.yml`](../.github/workflows/sensor-iso-build-docker-wrap-push-ghcr.yml) for the Hedgehog ISO. The resulting ISO file is wrapped in a Docker image that provides an HTTP server from which the ISO may be downloaded. \ No newline at end of file diff --git a/docs/hedgehog-ssh.md b/docs/hedgehog-ssh.md new file mode 100644 index 000000000..fbe5747ab --- /dev/null +++ b/docs/hedgehog-ssh.md @@ -0,0 +1,19 @@ +# Appendix B - Configuring SSH access + +SSH access to the sensor's non-privileged sensor account is only available using secure key-based authentication which can be enabled by adding a public SSH key to the **/home/sensor/.ssh/authorized_keys** file as illustrated below: + +``` +sensor@sensor:~$ mkdir -p ~/.ssh + +sensor@sensor:~$ ssh analyst@172.16.10.48 "cat ~/.ssh/id_rsa.pub" >> ~/.ssh/authorized_keys +The authenticity of host '172.16.10.48 (172.16.10.48)' can't be established. +ECDSA key fingerprint is SHA256:... +Are you sure you want to continue connecting (yes/no)? yes +Warning: Permanently added '172.16.10.48' (ECDSA) to the list of known hosts. +analyst@172.16.10.48's password: + +sensor@sensor:~$ cat ~/.ssh/authorized_keys +ssh-rsa AAA...kff analyst@SOC +``` + +SSH access should only be configured when necessary. \ No newline at end of file diff --git a/docs/hedgehog-troubleshooting.md b/docs/hedgehog-troubleshooting.md new file mode 100644 index 000000000..7aeaa891a --- /dev/null +++ b/docs/hedgehog-troubleshooting.md @@ -0,0 +1,9 @@ +# Appendix C - Troubleshooting + +Should the sensor not function as expected, first try rebooting the device. If the behavior continues, here are a few things that may help you diagnose the problem (items which may require Linux command line use are marked with **†**) + +* Stop / start services – Using the sensor's kiosk mode, attempt a **Services Stop** followed by a **Services Start**, then check **Sensor Status** to see which service(s) may not be running correctly. +* Sensor configuration file – See `/opt/sensor/sensor_ctl/control_vars.conf` for sensor service settings. It is not recommended to manually edit this file unless you are sure of what you are doing. +* Sensor control scripts – There are scripts under ``/opt/sensor/sensor_ctl/`` to control sensor services (eg., `shutdown`, `start`, `status`, `stop`, etc.) +* Sensor debug logs – Log files under `/opt/sensor/sensor_ctl/log/` may contain clues to processes that are not working correctly. If you can determine which service is failing, you can attempt to reconfigure it using the instructions in the Configure Capture and Forwarding section of this document. +* `sensorwatch` script – Running `sensorwatch` on the command line will display the most recently modified PCAP and Zeek log files in their respective directories, how much storage space they are consuming, and the amount of used/free space on the volumes containing those files. \ No newline at end of file diff --git a/docs/hedgehog-upgrade.md b/docs/hedgehog-upgrade.md new file mode 100644 index 000000000..301a5d459 --- /dev/null +++ b/docs/hedgehog-upgrade.md @@ -0,0 +1,330 @@ +# Appendix E - Upgrades + +At this time there is not an "official" upgrade procedure to get from one release of Hedgehog Linux to the next. Upgrading the underlying operating system packages is generally straightforward, but not all of the Hedgehog Linux components are packaged into .deb archives yet as they should be, so for now it's a manual (and kind of nasty) process to Frankenstein an upgrade into existance. The author of this project intends to remedy this at some future point when time and resources allow. + +If possible, it would save you **a lot** of trouble to just [re-ISO](#Installation) your Hedgehog installation and start fresh, backing up the files (in `/opt/sensor/sensor_ctl`) first and reconfiguring or restoring them as needed afterwards. + +However, if reinstalling the system is not an option, here is the basic process for doing a manual upgrade of Hedgehog Linux. It should be understood that this process is very likely to break your system, and there is **no** guarantee of any kind that any of this will work, or that these instructions are even complete or any support whatsoever regarding them. Really, it will be **much** easier if you re-ISO your installation. But for the brave among you, here you go. ⛔🆘😭💀 + +## Prerequisites + +* A good understanding of the Linux command line +* An existing installation of Hedgehog Linux **with internet access** +* A copy of the Hedgehog Linux [ISO](#ISOBuild) for the version approximating the one you're upgrading to (i.e., the latest version), **and** + - Either a separate VM with that ISO installed **OR** + - A separate Linux workstation where you can manually mount that ISO to pull stuff off of it + +## Upgrade + +1. Obtain a root shell + - `su -` + +2. Temporarily set the umask value to Debian default instead of the more restrictive Hedgehog Linux default. This will allow updates to be applied with the right permissions. + - `umask 0022` + +3. Create backups of some files + - `cp /etc/apt/sources.list /etc/apt/sources.list.bak` + +4. Set up alternate package sources, if needed + - In an offline/airgapped scenario, you could use [apt-mirror](https://apt-mirror.github.io) to mirror Debian repos and [bandersnatch](https://github.com/pypa/bandersnatch/) to mirror PyPI sources, or [combine them](https://github.com/mmguero/espejo) with Docker. If you were to do this, you'd probably want to make the following changes (and **revert them after the upgrade**): + + create `/etc/apt/apt.conf.d/80ssl-exceptions` to ignore self-signed certificate warnings from using your apt-mirror +``` +Acquire::https { + Verify-Peer "false"; + Verify-Host "false"; +} +``` + + + modify `/etc/apt/source.list` to point to your apt-mirror: + +``` +deb https://XXXXXX:443/debian buster main contrib non-free +deb https://XXXXXX:443/debian-security buster/updates main contrib non-free +deb https://XXXXXX:443/debian buster-updates main contrib non-free +deb https://XXXXXX:443/debian buster-backports main contrib non-free +``` + +5. Update underlying system packages with `apt-get` + - `apt-get update && apt-get dist-upgrade` + +6. If there were [new system deb packages added](https://github.com/idaholab/Malcolm/tree/main/sensor-iso/config/package-lists) to this release of Hedgehog Linux (you might have to [manually compare](https://github.com/idaholab/Malcolm/commits/main/sensor-iso/config/package-lists) on GitHub), install them. If you're not sure, of course, you could just install everything, like this (although you may have to tweak some version numbers or something if the base distribution of your Hedgehog branch is different than `main`; in this example I'm not jumping between Debian releases, just upgrading within a release): +``` +$ for LIST in apps desktopmanager net system; do curl -L -J -O https://raw.github.com/idaholab/Malcolm/main/sensor-iso/config/package-lists/$LIST.list.chroot; done +... +$ apt-get install $(cat *.list.chroot) +``` + +7. Update underlying python packages with `python3 -m pip` + * `apt-get install -y build-essential git-core pkg-config python3-dev` + * `python3 -m pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1 | xargs -r -n1 python3 -m pip install -U` + - if this fails for some reason, you may need to reinstall pip first with `python3 -m pip install --force -U pip` + - some *very* old builds of Hedgehog Linux had separate Python 3.5 and 3.7 installations: in this case, you'd need to do this for both `python3 -m pip` and `python3.7 -m pip` (or whatever `python3.x` you have) + * If there were [new python packages](https://raw.githubusercontent.com/idaholab/Malcolm/master/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot) added to this release of Hedgehog Linux (you might have to [manually compare](https://github.com/idaholab/Malcolm/blame/main/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot) on GitHub), install them. If you are using a PyPI mirror, replace `XXXXXX` here with your mirror's IP. The `colorama` package is used here as an example, your package list might vary. + - `python3 -m pip install --no-compile --no-cache-dir --force-reinstall --upgrade --index-url=https://XXXXXX:443/pypi/simple --trusted-host=XXXXXX:443 colorama` + +8. Okay, **now** things start to get a little bit ugly. You're going to need access to the ISO of the release of Hedgehog Linux you're upgrading to, as we're going to grab some packages off of it. On another Linux system, [build it](#ISOBuild). + +9. Use a disk image mounter to mount the ISO, **or** if you want to just install the ISO in a VM and grab the files we need off of it, that's fine too. But I'll go through the example as if I've mounted the ISO. + +10. Navigate to the `/live/` directory, and mount the `filesystem.squashfs` file + - `sudo mount filesystem.squashfs /media/squash -t squashfs -o loop` + - **OR** + - `squashfuse filesystem.squashfs /home/user/media/squash` + +11. Very recent builds of Hedgehog Linux keep some build artifacts in `/opt/hedgehog_install_artifacts/`. You're going to want to grab those files and throw them in a temporary directory on the system you're upgrading, via SSH or whatever means you devise. +``` +root@hedgehog:/tmp# scp -r user@otherbox:/media/squash/opt/hedgehog_install_artifacts/ ./ +user@otherbox's password: +filebeat-tweaked-7.6.2-amd64.deb 100% 13MB 65.9MB/s 00:00 +arkime_2.2.3-1_amd64.deb 100% 113MB 32.2MB/s 00:03 +netsniff-ng_0.6.6-1_amd64.deb 100% 330KB 52.1MB/s 00:00 +zeek_3.0.20-1_amd64.deb 100% 26MB 63.1MB/s 00:00 +``` + +12. Blow away the old `zeek` package, we're going to start clean with that one particularly. The others should be fine to upgrade in place. +``` +root@hedgehog:/opt# apt-get --purge remove zeek +Reading package lists... Done +Building dependency tree +Reading state information... Done +The following packages will be REMOVED: + zeek* +0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. +After this operation, 160 MB disk space will be freed. +Do you want to continue? [Y/n] y +(Reading database ... 118490 files and directories currently installed.) +Removing zeek (3.0.20-1) ... +dpkg: warning: while removing zeek, directory '/opt/zeek/spool' not empty so not removed +dpkg: warning: while removing zeek, directory '/opt/zeek/share/zeek/site' not empty so not removed +dpkg: warning: while removing zeek, directory '/opt/zeek/lib' not empty so not removed +dpkg: warning: while removing zeek, directory '/opt/zeek/bin' not empty so not removed +root@hedgehog:/opt# rm -rf /opt/zeek* +``` + +13. Install the new .deb files. You're going to have some warnings, but that's okay. +``` +root@hedgehog:/tmp# dpkg -i hedgehog_install_artifacts/*.deb +(Reading database ... 118149 files and directories currently installed.) +Preparing to unpack .../filebeat-tweaked-7.6.2-amd64.deb ... +Unpacking filebeat (7.6.2) over (6.8.4) ... +dpkg: warning: unable to delete old directory '/usr/share/filebeat/kibana/6/dashboard': Directory not empty +dpkg: warning: unable to delete old directory '/usr/share/filebeat/kibana/6': Directory not empty +Preparing to unpack .../arkime_2.2.3-1_amd64.deb ... +Unpacking arkime (2.2.3-1) over (2.0.1-1) ... +Preparing to unpack .../netsniff-ng_0.6.6-1_amd64.deb ... +Unpacking netsniff-ng (0.6.6-1) over (0.6.6-1) ... +Preparing to unpack .../zeek_3.0.20-1_amd64.deb ... +Unpacking zeek (3.0.20-1) over (3.0.0-1) ... +Setting up filebeat (7.6.2) ... +Installing new version of [...] +[...] +Setting up arkime (2.2.3-1) ... +READ /opt/arkime/README.txt and RUN /opt/arkime/bin/Configure +Setting up netsniff-ng (0.6.6-1) ... +Setting up zeek (3.0.20-1) ... +Processing triggers for systemd (232-25+deb9u12) ... +Processing triggers for man-db (2.7.6.1-2) ... +``` + +14. Fix anything that might need fixing as far as the deb package requirements go + - `apt-get -f install` + +15. We just installed a Zeek .deb, but the third-part plugins packages and local config weren't part of that package. So we're going to `rsync` those from the other box where we have the ISO and `filesystem.squashfs` mounted as well: +``` +root@hedgehog:/tmp# rsync -a user@otherbox:/media/squash/opt/zeek/ /opt/zeek +user@otherbox's password: + +root@hedgehog:/tmp# ls -l /opt/zeek/share/zeek/site/ +total 52 +lrwxrwxrwx 1 root root 13 May 6 21:52 bzar -> packages/bzar +lrwxrwxrwx 1 root root 22 May 6 21:50 cve-2020-0601 -> packages/cve-2020-0601 +-rw-r--r-- 1 root root 2031 Apr 30 16:02 extractor.zeek +-rw-r--r-- 1 root root 39134 May 1 14:20 extractor_params.zeek +lrwxrwxrwx 1 root root 14 May 6 21:52 hassh -> packages/hassh +lrwxrwxrwx 1 root root 12 May 6 21:52 ja3 -> packages/ja3 +-rw-rw-r-- 1 root root 2005 May 6 21:54 local.zeek +drwxr-xr-x 13 root root 4096 May 6 21:52 packages +lrwxrwxrwx 1 root root 27 May 6 21:52 zeek-EternalSafety -> packages/zeek-EternalSafety +lrwxrwxrwx 1 root root 26 May 6 21:52 zeek-community-id -> packages/zeek-community-id +lrwxrwxrwx 1 root root 27 May 6 21:51 zeek-plugin-bacnet -> packages/zeek-plugin-bacnet +lrwxrwxrwx 1 root root 25 May 6 21:51 zeek-plugin-enip -> packages/zeek-plugin-enip +lrwxrwxrwx 1 root root 29 May 6 21:51 zeek-plugin-profinet -> packages/zeek-plugin-profinet +lrwxrwxrwx 1 root root 27 May 6 21:52 zeek-plugin-s7comm -> packages/zeek-plugin-s7comm +lrwxrwxrwx 1 root root 24 May 6 21:52 zeek-plugin-tds -> packages/zeek-plugin-tds +``` + +16. The `zeekctl` component of zeek doesn't like being run by an unprivileged user unless the whole directory is owned by that user. As Hedgehog Linux runs everything it can as an unprivileged user, we're going to reset zeek to a "clean" state after each reboot. Zeek's config files will get regenerated when Zeek itself is started. So, now make a complete backup of `/opt/zeek` as it's going to have its ownership changed during runtime: +``` +root@hedgehog:/tmp# rsync -a /opt/zeek/ /opt/zeek.orig + +root@hedgehog:/tmp# chown -R sensor:sensor /opt/zeek/* + +root@hedgehog:/tmp# chown -R root:root /opt/zeek.orig/* + +root@hedgehog:/tmp# ls -l /opt/ | grep zeek +drwxr-xr-x 8 root root 4096 May 8 15:48 zeek +drwxr-xr-x 8 root root 4096 May 8 15:48 zeek.orig +``` + +17. Grab other new scripts and stuff from our mount of the ISO using `rsync`: +``` +root@hedgehog:/tmp# rsync -a user@otherbox:/media/squash/usr/local/bin/ /usr/local/bin +user@otherbox's password: + +root@hedgehog:/tmp# ls -l /usr/local/bin/ | tail +lrwxrwxrwx 1 root root 18 May 8 14:34 zeek -> /opt/zeek/bin/zeek +-rwxr-xr-x 1 root staff 10349 Oct 29 2019 zeek_carve_logger.py +-rwxr-xr-x 1 root staff 10467 Oct 29 2019 zeek_carve_scanner.py +-rw-r--r-- 1 root staff 25756 Oct 29 2019 zeek_carve_utils.py +-rwxr-xr-x 1 root staff 8787 Oct 29 2019 zeek_carve_watcher.py +-rwxr-xr-x 1 root staff 4883 May 4 17:39 zeek_install_plugins.sh + +root@hedgehog:/tmp# rsync -a user@otherbox:/media/squash/opt/yara-rules/ /opt/yara-rules +user@otherbox's password: + +root@hedgehog:/tmp# rsync -a user@otherbox:/media/squash/opt/capa-rules/ /opt/capa-rules +user@otherbox's password: + +root@hedgehog:/tmp# ls -l /opt/ | grep '\-rules' +drwxr-xr-x 8 root root 4096 May 8 15:48 capa-rules +drwxr-xr-x 8 root root 24576 May 8 15:48 yara-rules + +root@hedgehog:/tmp# for BEAT in filebeat; do rsync -a user@otherbox:/media/squash/usr/share/$BEAT/kibana/ /usr/share/$BEAT/kibana; done +user@otherbox's password: +user@otherbox's password: + +root@hedgehog:/tmp# rsync -avP --delete user@otherbox:/media/squash/etc/audit/rules.d/ /etc/audit/rules.d/ +user@otherbox's password: + +root@hedgehog:/tmp# rsync -avP --delete user@otherbox:/media/squash/etc/sudoers.d/ /etc/sudoers.d/ +user@otherbox's password: + +root@hedgehog:/tmp# chmod 400 /etc/sudoers.d/* +``` + +18. Set capabilities and symlinks for network capture programs to be used by the unprivileged user: + +commands: + +``` +chown root:netdev /usr/sbin/netsniff-ng && \ + setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip CAP_SYS_ADMIN+eip' /usr/sbin/netsniff-ng +chown root:netdev /opt/zeek/bin/zeek && \ + setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip' /opt/zeek/bin/zeek +chown root:netdev /sbin/ethtool && \ + setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /sbin/ethtool +chown root:netdev /opt/zeek/bin/capstats && \ + setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /opt/zeek/bin/capstats +chown root:netdev /usr/bin/tcpdump && \ + setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump +chown root:netdev /opt/arkime/bin/capture && \ + setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip' /opt/arkime/bin/capture + +ln -s -f /opt/zeek/bin/zeek /usr/local/bin/ +ln -s -f /usr/sbin/netsniff-ng /usr/local/bin/ +ln -s -f /usr/bin/tcpdump /usr/local/bin/ +ln -s -f /opt/arkime/bin/capture /usr/local/bin/ +ln -s -f /opt/arkime/bin/npm /usr/local/bin +ln -s -f /opt/arkime/bin/node /usr/local/bin +ln -s -f /opt/arkime/bin/npx /usr/local/bin +``` + +example: + +``` +root@hedgehog:/tmp# chown root:netdev /usr/sbin/netsniff-ng && \ +> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip CAP_SYS_ADMIN+eip' /usr/sbin/netsniff-ng +root@hedgehog:/tmp# chown root:netdev /opt/zeek/bin/zeek && \ +> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip' /opt/zeek/bin/zeek +root@hedgehog:/tmp# chown root:netdev /sbin/ethtool && \ +> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /sbin/ethtool +root@hedgehog:/tmp# chown root:netdev /opt/zeek/bin/capstats && \ +> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /opt/zeek/bin/capstats +root@hedgehog:/tmp# chown root:netdev /usr/bin/tcpdump && \ +> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump +root@hedgehog:/tmp# chown root:netdev /opt/arkime/bin/capture && \ +> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip' /opt/arkime/bin/capture +root@hedgehog:/tmp# ln -s -f /opt/zeek/bin/zeek /usr/local/bin/ +root@hedgehog:/tmp# ln -s -f /usr/sbin/netsniff-ng /usr/local/bin/ +root@hedgehog:/tmp# ln -s -f /usr/bin/tcpdump /usr/local/bin/ +root@hedgehog:/tmp# ln -s -f /opt/arkime/bin/capture /usr/local/bin/ +root@hedgehog:/tmp# ln -s -f /opt/arkime/bin/npm /usr/local/bin +root@hedgehog:/tmp# ln -s -f /opt/arkime/bin/node /usr/local/bin +root@hedgehog:/tmp# ln -s -f /opt/arkime/bin/npx /usr/local/bin +``` + +19. Back up unprivileged user sensor-specific config and scripts: + - `mv /opt/sensor/ /opt/sensor_upgrade_backup_$(date +%Y-%m-%d)` + +20. Grab unprivileged user sensor-specific config and scripts from our mount of the ISO using `rsync` and change its ownership to the unprivileged user: +``` +root@hedgehog:/tmp# rsync -av user@otherbox:/media/squash/opt/sensor /opt/ +user@otherbox's password: +receiving incremental file list +created directory ./opt +sensor/ +[...] + +sent 1,244 bytes received 1,646,409 bytes 470,758.00 bytes/sec +total size is 1,641,629 speedup is 1.00 + +root@hedgehog:/tmp# chown -R sensor:sensor /opt/sensor* + +root@hedgehog:/tmp# ls -l /opt/ | grep sensor +drwxr-xr-x 4 sensor sensor 4096 May 6 22:00 sensor +drwxr-x--- 4 sensor sensor 4096 May 8 14:33 sensor_upgrade_backup_2020-05-08 +``` + +21. Leave the root shell and `cd` to `/opt` +``` +root@hedgehog:~# exit +logout + +sensor@hedgehog:~$ whoami +sensor + +sensor@hedgehog:~$ cd /opt +``` + +22. Compare the old and new `control_vars.conf` files +``` +sensor@hedgehog:opt$ diff sensor_upgrade_backup_2020-05-08/sensor_ctl/control_vars.conf sensor/sensor_ctl/control_vars.conf +1,2c1,2 +< export CAPTURE_INTERFACE=enp0s3 +< export CAPTURE_FILTER="not port 5044 and not port 5601 and not port 8005 and not port 9200 and not port 9600" +--- +> export CAPTURE_INTERFACE=xxxx +> export CAPTURE_FILTER="" +4c4 +[...] +``` + +Examine the differences. If there aren't any new `export` variables, then you're probably safe to just replace the default version of `control_vars.conf` with the backed-up version: + +``` +sensor@hedgehog:opt$ cp sensor_upgrade_backup_2020-05-08/sensor_ctl/control_vars.conf sensor/sensor_ctl/control_vars.conf +cp: overwrite 'sensor/sensor_ctl/control_vars.conf'? y +``` + +If there are major differences or new variables, continue on to the next step, in a minute you'll need to run `capture-config` to configure from scratch anyway. + +23. Restore certificates/keystores for forwarders from the backup `sensor_ctl` path to the new one +``` +sensor@hedgehog:opt$ for BEAT in filebeat miscbeat; do cp /opt/sensor_upgrade_backup_2020-05-08/sensor_ctl/$BEAT/data/* /opt/sensor/sensor_ctl/$BEAT/data/; done + +sensor@hedgehog:opt$ cp /opt/sensor_upgrade_backup_2020-05-07/sensor_ctl/filebeat/{ca.crt,client.crt,client.key} /opt/sensor/sensor_ctl/logstash-client-certificates/ +``` + +24. Despite what we just did, you may consider running `capture-config` to re-configure [capture, forwarding, and autostart services](#ConfigUser) from scratch anyway. You can use the backed-up version of `control_vars.conf` to refer back to as a basis for things you might want to restore (e.g., `CAPTURE_INTERFACE`, `CAPTURE_FILTER`, `PCAP_PATH`, `ZEEK_LOG_PATH`, your autostart settings, etc.). + +25. Once you feel confident you've completed all of these steps, issue a reboot on the Hedgehog + +## Post-upgrade + +Once the Hedgehog has come back up, check to make sure everything is working: + +* `/opt/sensor/sensor_ctl/status` should return `RUNNING` for the things you set to autorun (no `FATAL` errors) +* `sensorwatch` should show current writes to Zeek log files and PCAP files (depending on your configuration) +* `tail -f /opt/sensor/sensor_ctl/log/*` should show no egregious errors +* `zeek --version`, `zeek -N local` and `capture --version` ought to run and print out version information as expected +* if you are forwarding to a [Malcolm](https://github.com/idaholab/Malcolm) aggregator, you should start seeing data momentarily \ No newline at end of file diff --git a/docs/hedgehog.md b/docs/hedgehog.md new file mode 100644 index 000000000..e2d008adf --- /dev/null +++ b/docs/hedgehog.md @@ -0,0 +1,52 @@ +# Hedgehog Linux +## Network Traffic Capture Appliance + +![](./docs/logo/hedgehog-color-w-text.png) + +Hedgehog Linux is a Debian-based operating system built to + +* monitor network interfaces +* capture packets to PCAP files +* detect file transfers in network traffic and extract and scan those files for threats +* generate and forward Zeek logs, Arkime sessions and other information to [Malcolm](https://github.com/idaholab/Malcolm) + +![sensor-iso-build-docker-wrap-push-ghcr](https://github.com/idaholab/Malcolm/workflows/sensor-iso-build-docker-wrap-push-ghcr/badge.svg) + +### Table of Contents + +* [Sensor installation](#Installation) + - [Image boot options](#BootOptions) + - [Installer](#Installer) +* [Boot](#Boot) + - [Kiosk mode](#KioskMode) +* [Configuration](#Configuration) + - [Interfaces, hostname, and time synchronization](#ConfigRoot) + + [Hostname](#ConfigHostname) + + [Interfaces](#ConfigIface) + + [Time synchronization](#ConfigTime) + - [Capture, forwarding, and autostart services](#ConfigUser) + + [Capture](#ConfigCapture) + * [Automatic file extraction and scanning](#ZeekFileExtraction) + + [Forwarding](#ConfigForwarding) + * [arkime-capture](#arkime-capture): Arkime session forwarding + * [filebeat](#filebeat): Zeek and Suricata log forwarding + * [miscbeat](#miscbeat): System metrics forwarding + + [Autostart services](#ConfigAutostart) ++ [Zeek Intelligence Framework](#ZeekIntel) +* [Appendix A - Generating the ISO](#ISOBuild) +* [Appendix B - Configuring SSH access](#ConfigSSH) +* [Appendix C - Troubleshooting](#Troubleshooting) +* [Appendix D - Hardening](#Hardening) + - [Compliance exceptions](#ComplianceExceptions) +* [Appendix E - Upgrades](#UpgradePlan) +* [Copyright](#Footer) + +# Copyright + +Hedgehog Linux - part of [Malcolm](https://github.com/idaholab/Malcolm) - is Copyright 2022 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security. + +See [`License.txt`](https://raw.githubusercontent.com/idaholab/Malcolm/main/License.txt) for the terms of its release. + +### Contact information of author(s): + +[malcolm@inl.gov](mailto:malcolm@inl.gov?subject=Network%20sensor%20development) diff --git a/docs/host-and-subnet-mapping.md b/docs/host-and-subnet-mapping.md new file mode 100644 index 000000000..9426fca57 --- /dev/null +++ b/docs/host-and-subnet-mapping.md @@ -0,0 +1,88 @@ +### Automatic host and subnet name assignment + +#### IP/MAC address to hostname mapping via `host-map.txt` + +The `host-map.txt` file in the Malcolm installation directory can be used to define names for network hosts based on IP and/or MAC addresses in Zeek logs. The default empty configuration looks like this: +``` +# IP or MAC address to host name map: +# address|host name|required tag +# +# where: +# address: comma-separated list of IPv4, IPv6, or MAC addresses +# e.g., 172.16.10.41, 02:42:45:dc:a2:96, 2001:0db8:85a3:0000:0000:8a2e:0370:7334 +# +# host name: host name to be assigned when event address(es) match +# +# required tag (optional): only check match and apply host name if the event +# contains this tag +# +``` +Each non-comment line (not beginning with a `#`), defines an address-to-name mapping for a network host. For example: +``` +127.0.0.1,127.0.1.1,::1|localhost| +192.168.10.10|office-laptop.intranet.lan| +06:46:0b:a6:16:bf|serial-host.intranet.lan|testbed +``` +Each line consists of three `|`-separated fields: address(es), hostname, and, optionally, a tag which, if specified, must belong to a log for the matching to occur. + +As Zeek logs are processed into Malcolm's OpenSearch instance, the log's source and destination IP and MAC address fields (`source.ip`, `destination.ip`, `source.mac`, and `destination.mac`, respectively) are compared against the lists of addresses in `host-map.txt`. When a match is found, a new field is added to the log: `source.hostname` or `destination.hostname`, depending on whether the matching address belongs to the originating or responding host. If the third field (the "required tag" field) is specified, a log must also contain that value in its `tags` field in addition to matching the IP or MAC address specified in order for the corresponding `_hostname` field to be added. + +`source.hostname` and `destination.hostname` may each contain multiple values. For example, if both a host's source IP address and source MAC address were matched by two different lines, `source.hostname` would contain the hostname values from both matching lines. + +#### CIDR subnet to network segment name mapping via `cidr-map.txt` + +The `cidr-map.txt` file in the Malcolm installation directory can be used to define names for network segments based on IP addresses in Zeek logs. The default empty configuration looks like this: +``` +# CIDR to network segment format: +# IP(s)|segment name|required tag +# +# where: +# IP(s): comma-separated list of CIDR-formatted network IP addresses +# e.g., 10.0.0.0/8, 169.254.0.0/16, 172.16.10.41 +# +# segment name: segment name to be assigned when event IP address(es) match +# +# required tag (optional): only check match and apply segment name if the event +# contains this tag +# +``` +Each non-comment line (not beginning with a `#`), defines an subnet-to-name mapping for a network host. For example: +``` +192.168.50.0/24,192.168.40.0/24,10.0.0.0/8|corporate| +192.168.100.0/24|control| +192.168.200.0/24|dmz| +172.16.0.0/12|virtualized|testbed +``` +Each line consists of three `|`-separated fields: CIDR-formatted subnet IP range(s), subnet name, and, optionally, a tag which, if specified, must belong to a log for the matching to occur. + +As Zeek logs are processed into Malcolm's OpenSearch instance, the log's source and destination IP address fields (`source.ip` and `destination.ip`, respectively) are compared against the lists of addresses in `cidr-map.txt`. When a match is found, a new field is added to the log: `source.segment` or `destination.segment`, depending on whether the matching address belongs to the originating or responding host. If the third field (the "required tag" field) is specified, a log must also contain that value in its `tags` field in addition to its IP address falling within the subnet specified in order for the corresponding `_segment` field to be added. + +`source.segment` and `destination.segment` may each contain multiple values. For example, if `cidr-map.txt` specifies multiple overlapping subnets on different lines, `source.segment` would contain the hostname values from both matching lines if `source.ip` belonged to both subnets. + +If both `source.segment` and `destination.segment` are added to a log, and if they contain different values, the tag `cross_segment` will be added to the log's `tags` field for convenient identification of cross-segment traffic. This traffic could be easily visualized using Arkime's **Connections** graph, by setting the **Src:** value to **Originating Network Segment** and the **Dst:** value to **Responding Network Segment**: + +![Cross-segment traffic in Connections](./images/screenshots/arkime_connections_segments.png) + +#### Defining hostname and CIDR subnet names interface + +As an alternative to manually editing `cidr-map.txt` and `host-map.txt`, a **Host and Subnet Name Mapping** editor is available at [https://localhost/name-map-ui/](https://localhost/name-map-ui/) if you are connecting locally. Upon loading, the editor is populated from `cidr-map.txt`, `host-map.txt` and `net-map.json`. + +This editor provides the following controls: + +* 🔎 **Search mappings** - narrow the list of visible items using a search filter +* **Type**, **Address**, **Name** and **Tag** *(column headings)* - sort the list of items by clicking a column header +* 📝 *(per item)* - modify the selected item +* 🚫 *(per item)* - remove the selected item +* 🖳 **host** / 🖧 **segment**, **Address**, **Name**, **Tag (optional)** and 💾 - save the item with these values (either adding a new item or updating the item being modified) +* 📥 **Import** - clear the list and replace it with the contents of an uploaded `net-map.json` file +* 📤 **Export** - format and download the list as a `net-map.json` file +* 💾 **Save Mappings** - format and store `net-map.json` in the Malcolm directory (replacing the existing `net-map.json` file) +* 🔁 **Restart Logstash** - restart log ingestion, parsing and enrichment + +![Host and Subnet Name Mapping Editor](./images/screenshots/malcolm_name_map_ui.png) + +#### Applying mapping changes + +When changes are made to either `cidr-map.txt`, `host-map.txt` or `net-map.json`, Malcolm's Logstash container must be restarted. The easiest way to do this is to restart malcolm via `restart` (see [Stopping and restarting Malcolm](#StopAndRestart)) or by clicking the 🔁 **Restart Logstash** button in the [name mapping interface](#NameMapUI) interface. + +Restarting Logstash may take several minutes, after which log ingestion will be resumed. \ No newline at end of file diff --git a/docs/ics-best-guess.md b/docs/ics-best-guess.md new file mode 100644 index 000000000..c7da9a924 --- /dev/null +++ b/docs/ics-best-guess.md @@ -0,0 +1,11 @@ +### "Best Guess" Fingerprinting for ICS Protocols + +There are many ICS (industrial control systems) protocols. While Malcolm's collection of [protocol parsers](#Protocols) includes a number of them, many, particularly those that are proprietary or less common, are unlikely to be supported with a full parser in the foreseeable future. + +In an effort to help identify more ICS traffic, Malcolm can use "best guess" method based on transport protocol (e.g., TCP or UDP) and port(s) to categorize potential traffic communicating over some ICS protocols without full parser support. This feature involves a [mapping table](https://github.com/idaholab/Malcolm/blob/master/zeek/config/guess_ics_map.txt) and a [Zeek script](https://github.com/idaholab/Malcolm/blob/master/zeek/config/guess.zeek) to look up the transport protocol and destination and/or source port to make a best guess at whether a connection belongs to one of those protocols. These potential ICS communications are categorized by vendor where possible. + +Naturally, these lookups could produce false positives, so these connections are displayed in their own dashboard (the **Best Guess** dashboard found under the **ICS** section of Malcolm's [OpenSearch Dashboards](#DashboardsVisualizations) navigation pane). Values such as IP addresses, ports, or UID can be used to [pivot to other dashboards](#ZeekArkimeFlowCorrelation) to investigate further. + +![](./images/screenshots/dashboards_bestguess.png) + +This feature is disabled by default, but it can be enabled by clearing (setting to `''`) the value of the `ZEEK_DISABLE_BEST_GUESS_ICS` environment variable in [`docker-compose.yml`](#DockerComposeYml). \ No newline at end of file diff --git a/docs/images/hedgehog/images/arkime-capture-ip-port.jpg b/docs/images/hedgehog/images/arkime-capture-ip-port.jpg new file mode 100644 index 0000000000000000000000000000000000000000..8e2536437b7e398abf5a07d152a241bd2c70508f GIT binary patch literal 28943 zcmeFZ1yo$kwl3O1gC=N#2WebF;{-x*XtZ%BL4!+xpdlf+)6lrPy99y-4IVUDAVBaW zxI^<6zvbWeoPF*)XPkTQyKn63vDTVhGHcFRvsP7qRn^zi*Iz+*p)&F^pj)?Yf#iS> z=z59xr?k731qdWB&kDK?0)enWpj&95TLAS01t9;R+ko#Vw@^W-z%vlI2m$&g&&@@C z3;nleI6zbULB|0!^B;KtHX!a>C?GuGnF?GGfF=f>#lU41^m|>c0R0KLZvXZH1pAHS zpHEqNCDjKIPVR@C5C~BIAp|1)kYAXa_W?JbFfX?-FE5b$R^~5>fZ{j0{2}`dt3UP7 z08;+cgCB@T{X<3!ARgmyG|3|T|@*V0O5Ceum5h@8_|KB*K;6A z&}|G1Obqnfn3$MYShulpiScl8aB#^8iS7_nk<(C9kyBDWVBlnWK*vr`Ny#k0!v2t( zmzS4@Nk~)>BEreT3%Ox(3kwSi7YFw~9^QQjEhR1FKOL^yK?Ju!8n*yt=|Ct1w@?Xg zU3YAuA4t?jcNut0oc*w{N$=e!BL_1wF|)Ap^6?7@3JFU}Nz2H} z$wSpOG_|yKboETl%q=XRTUozwadms??&0~?KOitDI3yGv8;6KbNK8u3&dJToFDNW3 zuCA%At8aMM*woS4)!ozkv9Et@d}4Cy^YqN@((=l;)wT7F&8@xtgTtfalhd>F8@+Dy z{4@Nn*#Dpx0iYKO8X77Z=8ayrP+kHTDghcgEjI?CI1KZd6A>Nc&23_dn5?P~SoAz< zyCf#gqu8Vjyi4G{8`XZ(?Ejr&e*Y!S{!;9hUb7%v)LTH~p%Q?^K%3rNOJ7(op7<@V z4GSPb2Dn8Ie&~zshCDYuSh};exT1P0fRxrZF7Xv^6W#N(dQ05({I-Onz9{l-i;Z6C zq&&mI8t)RdW|lsZfCC5VO?x?a`TQE>uOM*^%DC;ze+?o>xXQ*l%3)%65zZ50_y~KA zrAc+=DpWRgR1>_XQrSSa{9*0Ob20EO%7o@rs+Q|)H|W4&FXtCKtIg7!qOK>cV;>}s zK&Tl7fW%y%n;}`A-V!oM(^t^!m#-$T38rt?tc-c!jy?d9Zl4lL469?9Q zY>jqP9D`vQEs?K`xUWGdl;ijX49-Tf?ACz<2$Ojlgfh?k!DZobomkS}Y6b#7Y;nbG${x1608$J1-SO+p0v$a~2MD(9ykJly$<1>HYdQ*4Rw zQ`>q6%}`rUuAOc`Wvc#VkOky)^|i=euij|H<;R%4h<<#Y)W7TzUh(f*)y61Pv`l5q z*WFpRD&`t=J3inV^!P5)4$15LOJbYRzr=w2t>UO(9LqeJ|1?+6->g0QcaD4&($rH0 z2V%`a^wS^zsWx>RIkOW;%ab4mFS5T`>TgV^T8O>$G6s>m-=a+EfBDD%;BKF@qiodA zG8QOfzMK6`724hOfT+{mFu=FULjRJvH_3fOrK-w{-qiL1Ar@+Qy4(ZLD;q@l+vSMC zshxZeWo^b45#M^Y=&|*9_gqM$2?a`vA|ox7_0EgH7SfdD>EjHHYtY9MnKoWK0G9+`$A{0Y77uOd;8fx;;_g-hm)lsLXsiCC=$b_iFAwFiyI#EVQ2 zTE8SP8X}#&GG2fBWwq&4ok3T6*g$rfvi2k{NXM`V78w%0Z zQNt~2<9OriOwMlR;4i78LqcV0^Kawk{9&Ts6|_8q}>Zp^Em{CF5Y5Yc1na zliC}g1a2rL-Q`E)pDlmqI&GXiOWF@ZyKsr!q-Cw#`%=&x3wa%IDZZj?o7*knkFL?aieR} zB2@mlEy<+I_T2MM2GiyF&{@GXh(z`mY0y%#C>PIYsO8;9V1@A&{}S~z{~=n;=?k56 z`@C{PYZELkPCXVQ73ucg|pIhbku7 zrrV0v3Ow7s^yL1t{UedfHt5Lck&^TNM#xY5WK;@4GuGRnm}u_4k3B3`YFhT&PmcRH zbq??R)nvaKulYi2ijP7`K;>P-WC52j%2vDOBXK4QS!dZ-lTp_oEUm_CkT{tyEt15k zeHgl#4Gsx6Ocu2qiADNYT#jFZLUVqR6^uYnEit$TWrnv!UxTp4mRLWFZP0Ul6YI!0 z_EFw2)(^7q9QkFPzZuF%>F;$B`*vuS`+kx!{^%P(GjsGP^L+jh&y@EW;Q0?&YSVx9 zQ9Dr&JgVR%Hwl09(lmUn>16x#&Z+^zs>#{O2R~R|S>)qBP3Seq7kWPLyJ6BuMRBFr zw&M%kZe_c=V%v7Q24#hQb8$F=T!UJ!*h8WI#4xD}Q>(c(})}}T-C2osxAcFyuxdV4<2urAc{G5{) zaU)wvZ=Gbd=4qCJS)<&ZL|O{l)HSE;_nE-K1b^$O7cPbA z=X;z#d*QeQg3=uOZ{yTc_dTnA=)I#^AhrXpTgeVTjWFULnW@stp3Sc_!MP(RGlQJj zD4lse6g>5He^vY2?KPCeQLI@^@8Qi21nv9$z04Iy?m^R+%Ash?7j;d$KHJ8q7oA6i zn!Z_HCKnDM=0jtg--Zh6hzJz$Rx%W}3nXfU+#+P|8BcZeOvUdg zwDIK3cxGzHQM2>X1dD;HlWe5^4$0y*=;@}|!HUf_=vB}u?CNdqHE1NF;_94c$xwlC zyk%x>841M3lDy<*2b8G@! zb`H4gGFVbQ(z@-)-76bbL>`MFzw5JyKO?|c?_1Z5FX@v7u24DJcBX-;#t;SaP5k1? zcddNPlb~&xo15;1{E4LsFc$glMs6$~;?-Y++DxK;Ril?kvp`dJ|K>(L<}(e9q6xs5 zw-#{?dNSZ}am)<#o)yti(~H{jk{$ZGo9KV?_l7b>dmD(FAg^Ve!+(MSNHhwLJP^z zqGWY>+W>G%z+G6FOT+G={_dkt=378+X2AZr*{}bKJZK{_UeGg|Z)vR&e8#z0lM}NV zHFBmkVI^F>su&vkP1`d2tFJo@FqV;aw)Jel>RIH9T9Y|J4ZH7imX_B`&Yqe-+>X5{ z%)Ia{woKPZECk5f`#>x6*kkV6ScL*5JP|I--{O0707w3fiG0DuF)+N?^V znIPt3@(~_im{tAvu_Sr%q&s_F6Q4Vq9#t1jYVvdZQMJ7Ei{vms1i%#nz>+W6qq~~~ z!wUr4MMXDIynok}jc!G)vAz!OK${o+h&ezb9HflzG!OD6$0%{udom>riq5Vf?LmFm zw{jKjbwrF09qwrbxB(tR5_OgLf*~s9WdL2qGeM33hDo1xzBm&b1BqjCVGT^`owEwdr$w zixRGOHVvn_mUA+QF8RGI-}X@x*S8OtSBiR+Wk8J2zWVND8FAwm70yY~`60KMd!^)) zo?PB4^-<{ZTsDH_*Ay1Ee>D_D*6s;fVyyd27fz|w+In4slDIB+#ZEru3??AmX)ZRj zhud~zZ59tHCfas6Re*Usp`91&h|%6*qXvMNaW7dA=|p~seIke zIo_7>={=@XVD5;;-vW$OEkHU7Fu;=wNvw|=nYA6XUxOAUqW+N8SQwaFD^>V@a!|Vl zwKt0OMEwJk{(Fx@55U);bWG$qiLxPozlWY~ZI~{DY5dCwEHU-aU7CN${%`8E;;X^5 zY~1mkK7V<2i~Sn3GX@M_fB)jnbjdJ#a)oikb%_)E+i#u}BcQ)80uq=VsTI?n3*1ZT4`g-ipha_?!?6bwc+Xk3+|6Q5bHLpr}j;QSBKHv2> z*Pzw_>Ob{wbp>86|47aT zeo&F-yTtgpZ9|~Q_p3q1itIlySjEYZ_J9L#cGPQ-54Omkx_NK^8}p0(0~6-|6JA67 zOVYE?|3Onlsy5Dg>uAaIMz7#{ANRbNe1oj}_-7~7#2JEKz?dB>?CnD>tf`#{&*PuL6EFwxZLR zHvs-m;Jb(t%KRA#BomrWu{FZbbgXy!G@#Uzv&reMZ6Cw4spx?V=9l$Vq=R#j7x zkyn%ka6tgm%d|DMdx7>41hTVtaaNO+cmP0D4=~q27$AHQ2>?~%J~MscD6Xoi_$N^I zZ=c6gH<%v?G|q9u>))pThcS3&<}XYEfb9X0>xrqOvkO2!1!(@4E{->JB0v+HK7VEg z(4_#)?hFVB(9<{ZCco3)Z)nTk=o`EhMC`1gCJE?v1GGM{{2OiZH`?^MvmKC!7s$h4 zW@iuZN74D6HoKv{Z)iJPS3tJk!i|Qw=JuNEz>@*EC_%Cyd5{uF74!gP0&)defowr8 zAP(SZ55&9xsR8K{|D-(mZ{<~iQYJttE08HrLJH&nvI9N)tvu+a4S+mA_+{G{7CZp{ z3xr#^5+D%z!u9n57zDzM1%a-judgq%uCK4M0Zexu1ZubcRo)>J1QI*~;-i1XF=T*1 zcl<%1`mSGbCJ7)=Ll6jbf5!2d^RwUTxq*LCEC6(TzW@Zn(*=Qu0FWA6|986qX*cPh zoX;ST24E}2ArL4j83baq1b7?#6TNRB_P^}*ALjYPe!tv&hVlgU7676Ci6c`1jt}6%06O_sK*K=CybWNgSO6TWe-~&d07u5d#>7WQ zMZp9z{SL>vZ2)JGIEr)?OD#YwB(iNLqj9VG-Q#2m-7@WTTP}=cSZ^2BHhWPxgxFA zcV|DNvV0#~50nl@HU2y`vKQ^TTyqs@qx@3aKGg5U|Kc7O!Mlvq;rx>&yN5i^VM1XE z!SgD^mg-)+^@(JS(y848UG_}tJVh<1`ii*o*~2EQ%K}6PNfQf~9QhdbFiURdJ&KUC z!7YbZq~oXp%r%LP?h(INfn)V1B~EwHpjl@5)eGU2#eka{+1EIY=$*ub(v)^OW}jND zlKxA8e_7yP7Wlu?0?)(qbsrfT9kB_R9ZQ-XWt^v3>WzFRlg#i)EqyrB>3_<7g<3LN zyLfx_S?*+s?(w6ano1X(BCO^Vr?JcMpF<5Bs|F6qnYUVwD7_0b05GTJD0n6A^BwND z>&hRaUTR-%aUr}^f1pc9@W{^$(n6uy$!0YWdOFBgWlD_4j=d)CqdF`1kvM75PkFTj zd&K_&0fBmma|1!aU*$aq+s^8L)%&F8B$Adf3lk3FK zZOKc@#SP@~`8!A8!71>9F+>AZHiY-^001%?{JcoWOxeoc6 z?dLV9I+Zi&U>cbgY`yn0{VB-7N0x?VQf!*b$3$?IuXFI}*?2Ymm&t38aM-HR#G}W) zy#+@AgrG#fj_tDVoS^sFjbE#!bZz|-oe9^eb0@grPiEHt6DnPquWu(4tI%R;-Ze^_YZpIV6Ai+^ZDKUF$46YU@Qv)kJ2=l_}UM{(t;+A1uuW$44p6u)?xtU~XT8o0(+9NvN-dmcx*az8gk)i&okaJ6Gi0d_!)E-t0wa z6bbJ@e2IMM_t-KqmH1papZgF5q<>cBTr|(#8Cp^Q;Lr58= za_HncBz`Vw6tA)|yDHFGD3>edLc?r(tgB$G?;Wi<uE~-)Z%AeN*V62roTYVeRQe@uaMAn3_f%*_c_rNLMmm{w}>*mF*r6jA4%<=_?NU zhmpFF1cc!|KEgLz1#_dJYmoAu7!2E3bh8yoO1?RuB0QTHH1C&tkd2SR5@J7}-DKf=YxL!ovzMd9(3V!*K+5%e$ zVKIrcgn2z)hd8ZNyn&X}IukCA{|M#ns=LuS!a?sUjL)>1x01;6%`urK-Z>s_s?H|9 zV8ymNRk3}`J=H-NPpOb=^I2and^9=39}c@DV8PZh$9|8~ZF2g~&f4(SMfzNUz~ef@ zFd6;3tYJR!YWv|KV@|gGc}WB&R)Z?nAnjpVf_qM!KBlXnZ(3ZQ%3W($y|e+_$w*B2x9QR!)B*+^?RT zyH2i{It*c0j!UjoEM@-gFQ$v#HPBxkmK^e=ME%D`_X}B%b7!jrY*s=Yb-V5S!Fu?t zd|rxKPB*Kb+^5`?c1t$Y2h#kzSr7hG9>!%p*78BbNu)Wx*xQ4pn;LxkJMR(A(^W$=Jce{4!*;uo8XbHj%_31Q|{kHkPdkyoDns@8YG(`w$bQ%mfDQA67vR7`B zS5OuVU+K<)SuzKo3}BUgp1NN-;ry(c(D@C$C12b7VjGR`ytXbPABTA|PJo4e({jsa zyY3HreF;b!FdiS3rrCDa+33ILF1;GkV0m%$gXWRkrwN3G#X70QD+he0l&D+5KIID3 zGwL57YaXqf|T znCh)`;&b?$iqS=q5&ZJaw%fY1QU%6CL&Mq&+l}v5+EOBq1&LXk8kxg2zR$zw-5$lA zgXvZ?g>1(bN5aRCkv{V5gc0&jS8cl9GVBm==?%Ast)EJ0F{qJ6WV6Z_+s{YN*AYDj!LG|gu!+E5savN&r8CW8c-zd z*B+&TJM>bg;Hlr%;7&Y4+8{&-RVTHn8C_~_9JIwr{Xrx4+8eNc&(y@WW=IjdlqB6F ze}>_c?3;Ddv|Yy`0v&F6)pxex=_K^xx)BErmf9($z(~>eIm*$xNk!@-+gr*E20{@9 zf=EA+Tbjgl_ZXk^3QjVy5o~J6!N zH*X$pnfLPXk^8e81}NyOy|^1h8M$m^8ziAG_aU*htlAqp9D$ z?Rgp`|JFy^o=@E{momwAO_upo*2_p7j4e*eqDJy2If7B96spD`^D48@1U%hvB*q#i zHB*@XE3qK~^4IBib%VsuRvH3P!qu_Q>I4@wzCmgV*WV3CO z>NFGjJff6<|E-gSReSKq2%Q~=q@-mW(luQ3%^9%*KKOJadr6&E~UIM)35+!dq4@+rFQ! zm>9zY1sjs(4E#=j#jbwe56Hclt*HD9->RYQJ2~gb$f^ma{WSF}zmqBYhzQ4n`;T3| z2Y)C*y58$=DRlF`21TiC=^~S5hl#(-E#H8=|GfcQMpX<4Vs$Z2{~elGZLeCe9#}@x zW3-1fKK6F1;_8#6)E{Et6!+@$T^0L!4RZf}Bs=cYHobNfGghk9$&cmO_q^YKZ-*%j-r%0yg%eE)| zN1xh{&8++6YVd3r;jA+>dfAENkb@CH%3x+@A+9TVF9}B=t9mPXhW(2Z<8wRauHcxU zTldCHu;_vx(F6{W3BP~wM!0y7yrzAIs zY9ohZj~xq4Wbca0<$BkB@ok#A22E`(4}8nqrqgg&^QeJw61~q(oh@hzX+LxFqA>*L>NCZ<;tK z&q)LUQ!|=L$@B2g(Q`9LQl8Xt1{e|;`^;H4NV)Mejjc?Yf(!1rM+q?^Sa6hqt&kdC z-^@Fn6t)l6Z>ta#6%ba_^Cso)wGa6FgXV^Wtr^oKhA@+}p}_|#8)BIt^|A+Jh<9}`9>Q3dEUps(qOVf&X$m0>JhGz`>f;dCnF+6~Iyw$w`lc=rbz%K`tcP`i!ZAAh4 zDZ48!wky1C{)q_x0cY;ic%h!$VE9-zgr1WSWXiFf9pzHPcg`Ci98C0W+;~{LfbW=+ zf1a+_KSW*>iAq@bVSeE6qtvZFhlS+)m2XQPFz2g0Dq8ZsqFg>KXEo&tZjAh~zO`ka z(U`BY&5uKq1thwmNOGv&oaeG#indKEeC!Yoy9ULMfsN~quduXyI*Zefv!p82c8W#J zG)WIM3ddt_g^=*o?1e-I@a-NbhDTB25EAEpa-kwM8HiLX(<&`8RJ%97b%7(7Yb7j& zMaiB2Wki!i?}xt)ds?_X5`B3FwE8FxoQ)c^*l-6viA8EqJecm58A9 zrXG*vsAjwrjQ&xlE{tfQE_8I$QzANru_Hw{zL@RuezAd&=OmVmHj_SLt_)^Pygo@S zDXSdlQ6m4<>)RBDv3UGm{ONpbCa*M|o>BtGl3~$`^n#7jSh9qo4X5CY`g~f~92@&= z7FYj)+Y$Mt-(b+)0=&Meuf672Dp<)AQ#8j*+)yq5QDS)?_C9FQPaTAp!suaqbZ)O2 zRxt7~Kul_DSglTJv^uakfofvD|J-D%&kxv=roSY&jB*~A#ReAv9a3@ zskbvMw=d(82h*I1(rI28JA6V|7?S7iG-(J;h?MGe^Jgb$V#m-<7>lq>47N1dwBbvp(CtGLz65XUkQQAh z+g0o7oYtiN{5rz&LRhXCLx^Bj{ZK4yrwkmqXX5S{HdbpNlwCeUAQirYXD+2MX+sjD zFh(?PHVrdOvd(ThWlg|0s*}*0?3-G3+t$zv5IT~L9v#n0w;pq+KI40n@X5T{yj6f< z1CKy1KGuA|UEA7y^kwq6OMY}L`9LJU#tDsr4!6m zpZwI+Pu514bNC9-V#pGEp`Vgj!%$?ZNtv{sYk`f%_IVM)F@znlFbbP84dsqb^~NJD z^&N5!1o@8u^#rHtB;KNj_x-->+9r{u1i#dy8=`}T5AL>yQKPcE=6&KNcBao|uakOf zl3glS*uaytlDjEq(FvxP)@gu93>=xDpTrre@uNX~)Ly9;@d=y5lm*DM3%zYtERBB{Vj?})_%be6-6evIkU5_&`zTLSxg)K~ zl4CLbi$2jP-u55vq4K+X;EfB}UmkBwrw6l7g&pf=?@*KFp934_ep2K+e>wXxStWW` zx9r~c8tDZQ9;G8-+u6K;;_CZ@xe^o42Q_+JGZtaZ?iMNANTPT4Ndqs}8??F(#Vu-$ ztB3Bn?+yukzGQOz!V|wUVqX@r;WzZW%{-ZNZz4$OsZkie+UsKF zvgxVZJRCsQ{Qcu_nHUxxJPaMo)a?6kzjp0yrs@U}lYIOrJ)~Kol|i{q;LsvAPmM)& zAc-iuP0gTnrL=b>vNU@A%!{V{C6bwFLY`9m->h{UbZSMdaJgTDxGo+GPA7cJisV>> z-+R#Vt!+PJ*SFctGiS4P@%szU&JAQ+PO0nPmM2XOM0)O|J)(PPeGN*J-mkEx$`D%_ zKacm#k2wf-fNanvH3nnqX4^x{g!vUAQ85K;^V(c=b&N9}26ObLZj#Te=CJaY%57%Z zGR{R_9)@4p;5jT^{iK-odqj_JIqT6pQzYuD$I}0O4l2U+F46yO^9swX(`1Bf{!&=5 z9fZfV6i>!7B`pP+snq|$XH5&7CsQgEqhQ^l_4ei1r{V>ht^ihs`n&x@apVSk6cJer z{_#$Qh_aZSW!jku1E1%IgX!F{$z_Cljg)mP#FUvDNtq*2Y%s40qKk{O=>XV_lW~&5)ac@+EzK9|A%V&ifuwRTXPpOZRlt{=l&-ts(Wa z#p0wU?_|&Fz=HC%c*%~OGNjHsv2&Ad&p4r{zrh$Snmc=zKl_qh-B&+3nRCH6yLz=tI~v;`uzzf?E^|*Z5LH zK#k$5X(4lZlyqp_4Z%`?7=0wsV=|N4_I>lF&q5)0@ukvu0@S>D^;McmMZaf=tob)c z(b&)z*BU1UUO1UJ2e$TbISTzE{qz{|VYYliPEKg40=8C|7d@oLLDT%9>PDDc5*6gW z4V_eJLP_hQGkJZ9WOXVZt>i`uDMxzz_n3U*D;1@MIW_y`!_I;0rB+;>b2 z8N(zp88)r=m!up5cbwK`>3kUDt5^0X-4nOjm|nW}#-Y?cCvJIMpajp8vucQjGgL2u zy9wj1=;_2RfCDTDr5L)1@gc1Mb<0V9dluR3p%k&~H&ie${K)cAYktl$R>Omrl2YV& zuU-s}uL&P`L{>aubZSS0Iy!aT>!4d&psY=*96Q9-@L=8R2;OX%detR517FVBd~T^E z69}GevvEtr&DNXPARZ9b{9y}&csUDsCh5&{xS zLLyQKBe9=#=Z59@De`>o(=>HA`%LcvEwO&lOsoDQh}v^K7Mdb2E^k&FukScfN6Pj= zkYL5Hl6z#lHjUIM4nYk2{)SGjp0iuy)Q!4@^sQXv8*bX5{^Fwd*3=M!nC+=IRt@nf zuO>A=I6ijZw*R2;gEq04eeE;%f!-K&2m+(6?j>3j5eQEOF#Z1`n6|I0OrA)&~-e2>z~tYLZ4Sqmt0)=V*OlB#g{9>}*wB zVT(T{jWumAb5`%LAK2-Ax48d)>mW@d-pG~3u0aW7sX&M^n*pwX(mt|AyE%|M`dkAo zjl;-*Ib!$APhQiQ$FT~!PG{E5Dy{O>Y&!i~usogZ=)@nRN1v^uc+K+i@>3bulj+;z z>X`djdcAy!7HAFW^B!c5sznDMCAG3fHOwpFzae4u?3gPABG{BWYWMlo;nMscIzfsyhjJz|?|C$naao4^8=3ltd!z*2Zcx&NXzR zUwgf#*RUAh{A84(l|aqQuWIeFi4Vr36%#6gE&wMI9ML>U+!o$Fh?}#hQ7)2{-!}VB zcH1Kxat%^;#vMSm7tVbUs!z5dw5p{S9Fk3z(#aSD?FY`;hNnoV$ynqJv2*h*J;ba; z9aZA31KZfKs@)+@if7C?J_ix3Oj^O$2lBczsAi(EYT`O5>761R!$;HMi^@&}Nv55z zQFKtLbl?5hcB)T%XEU*-M+3{tQ;G}3vM^wX)s1IDcECtpqG;$k7Q9~$T?soY}GW7#i5(-x=?6*O7Yw2JL&MY$o zIk6Rt8k@cyIOi^Z|7P>}ukgw#|6>_vV)596Ax%;2A&u(b8nYbKc*1_ zmFj6}aM#KqTAA16J%Ouawu5wWp}gy12rODNlH)L~{+nA4_U5W8HguZ@H-V z4nB=vs*1a!p4xrFTDiWxuUg7=!?}YSxuaUl<#*frfAG%g2-KC z0bpr~o?b)_I1?E+CQm3VS+mmK%VR)~Ap8J{EG%jvWz^{Rt|z(%C0~PfuR-Tb9b#9$ zBG_}l=H$Hi_P&86@n);z62zpWP}imvc2tE0ksXJbZsTgy!m|z?6F#eCb7p6{RQQ*s zw1yG`FLF$k)0c7sne0u7MVt4$Y@}-nDIQHEg=IDj@cr~WLIt##(Y^LoziSYsyVelV zCyUj`F_uoglq!b*tM@p2C}$(UQn{Ydiu%>nPSRU zdgX*@I62>{>=dI${n~jLK?N>F5@dJFY!pw~)nzzm|1^6yleJ;ItP<$@(sFuXt$AT3 zPIOE%WA*#1#>LZ26&SEP?|JyUO{3hXF< z-cTkXNrZ>yOopJ&4qOJ~Tr3YskVEC7b~J;A-M@(BO0*~&aaz~ISWoiRa$x&0j6v9g z`4VZ$p>dD1>p2 zynO+^NDaZ-guYUXleZnVU{R2pnvAqog7OiN#gJZ3N=Z-+`u$`toeX2-Up1;?oh+Ki zF6J>%htac2jFaV2*guF*ps=!G$a5!kVlsfV@6z4vtCOGg*3VuzgH>uOI@c%{PqCLw zLGKoKq9sncEj2GwNX1pB5?Ua#bo*q;e&ilVnz0IG2={1O*O!HP6=SG8ozq4T8uIhz z)267IHZ>0O4-mp@V?BRj!P2e!7-jtAcN{|G4AqvY!t)B8jpHw84?cUpFXOKj#sQYv z?@==2wP35uhWYzy z_t}SFvu*h(s&3k&cVlt6)bGr6^AV)Z;S;`?{3I~~M0F~47}A?@`sLr_yRTFmGWAJn zawH4H!$_>W^vw%MzavD(rb-W7KEmJ1V9`NDRPJg?i8mJ-Dt@Wj39mMY@80C}U&V+} zF07q@UiC$>U^Z}nETQfj*QMB-Kx-Zij~X+Dg_^C*sNAX8s;hrY;BqHw7Y09(ES7w15FdDOoT)y;(=kr?OZHMGo4m$)(ZI9@T zU(W_qPrdt@Y*w11d!!I4Z8aw!&oI6P*ENUW-RV~MpUWL1oQ(^3FhVG9f?y&%8!is1 z5?^PSXwEcn6D8bl+%M4bH0*S!Jc!Bp;5SEL;1S1ihgar9iJ`J!xN)sr)Zk%ek{{)$c2iPZuVcD<6x%ay|rXy5&$uYT;e^TD_6 zVG>V%4ZWypX8m959MI=>my9jGaEd0bQs>!FaIV>Ww9`A-X6I`j=eTk_8Qf)mxyzZH zz-kt{RcTkgNjj2keE3*BvnWoKp&C4p%Uc^=DGNrV5!gtz?b$cYoiOQ^LBNiNq~Z6^ z#2bGW=TfkK`J5D_tQbJZ>a3ma`AEq$xx&9jZOY6{$8pCbLsCv5K^PpvNvs>=pbtMX z>WrJTHs_L62$EM@m&PMi&wbcb>%?|i+1cn;(p6Sd!xNi49yb_1)X0nwa$%XISmkJ5 zl>7U0QflkF51;E0> zlC15Kt&*MihkIHa8Jg31)x}>}7n>lPnz@<`u*GMy5PWZpnp|nCqukZ9YB0lIuiywO z$3ATtN;kxi{C>=M&-8ml1N9Is!>3J83zx(xz3l$IEZI=v5SXdPY?}Rr>cn|I7QT@N zYgka);~ZOca}Cm5xK<-0f}lwHfQ^rtIz4oTmDv*xmO7=hZ{gM0m-ra(9`18*3CEa z)s`1zDW(yc3B|2xQnNQ1il2K2CTZQTRhHEwwoAA2M&(gH7BrzHQH^KltSo!Zsk&f- zTI@E@)StXPPVH)E)5qIntu|$`R2aU;mmK9web*ING6TNNnWY#buYnaagV1oRuj?$5 z58t;GN=x6Tvg<0t@aSKVhritI1eIn*5f37C;+jabzDN_VNmY;)7Z&>`_`5fG5Fo(eiVB|*${FGs)!B!VZ_?uOQh7l%u?`!v;An2VD`!q6dcA6?Djk{rkg zNW}!TG;w7css*0vlOzh@31^7TA~+B|Zy8$h})^^I6fgH2BwI&HZ=-XPlV5Q0TY@joI4nDi| zNC{VM|0IR?>#JKS@3&&y)(a!HNJk2;wBl!lm)_>KiZ)e$T303$Ja*rltfzE>A%ulp z1z3j*^FHZ9p^}-&)-2%-^UK09EL4r(-`ueYQ?4%1=bslDgFvgqlf3Cf1Qk#h3BMjT z*$Lxq${FIX_&b{v^(-ixmYDaXNrcEbHBdnGZJ@#7ak2DVxdi%-mb7z?kL$`jl_a7R zf@qaA;~T8+Kobv>AXBx3#0AE#P$%Fw6ueu%OG^4RYjGfCLQhn9A?HaZY-MAYB_=tD zB=v|(-@KOaZt5yo;jTP^iG_u)Q1Ak-CTDxyMgs9bb}Xrxd>tm~VJ;sG4l{Ihw|rMP zyH-_BZDrCtxHATxbi-f=PR{-cFNoZRi;nFiYv|R;qm&Hn@P^F$y&M{8faRA0c(!iA zS|`>1g6PucGA`-T1%%05n~UN#2*Y$KB+GS}oM!iFTnMVBmabe0-T)z6!$gvO=cJw0 zr)+%PmhQ`YGsB+Ns87l3*(*tqFphXW_xgSf&4us9g<-oAqHU&IN%fp$pOxs+x2*Xf zx=K!)mFbFb-E}qti76{BrnXl7#fP=CZsBPt3ZWb!@6GhZFj%Q8wj)qtsUV7V6%s9!o86}=5a#>8qp&B0}{Tk#%lOr&LiK^oJE^0L8``b4KZS%4l zL&xIn~Z5)NFA= z*_*~zRhsfC%KFNNVn~DzJ>ipOJ+70Gsk5hgvqZ@{d4dds0WpTeMIZEPeaXCf&wOY0 zdOTi1iT|69621O+dtUqEq|k&u=}PH1&6LHH+(87@;Fy+ap*a*<2_vJ%ka8y@!)rn- zv{YM#Mo^J5!(L$*KFyOQZY1c%Ka@89(1SI}k$_&pcQ2_B>6b6XgN!~mOc}M>05!yuZXKp(su$D=N55Tog!XF&P z@(H@fAJYi=Fo1s$EOtJ$2}k8ip! z*NWu`%7Y3FhAMyLu!;zWn?DJ*PpN1ut5<^SLUhT#y2tFq#Ka3mK@g9$3gfoGC}uc% z@R)9tW=$BlQ;)U3ir)6bTW0`wh=aJO#>RKEm@bFD8TxUKKk@xIyJwayYmNr==#0pW zgsNd79DoBk`8`aO-Xrm`jP8@gknJXnN%B{SXYwUSknq1{`4i5CM^`tQDk!vQ5pKH!{h*ZaWS_6X~m8x{X4%Qln%uLX=v zp2+161B)E>rE+}Hj`tg^)5eU&W>d}*nIVF^Gv+=w2AglJQ9mg3J2zi-dm5Wl{NzEj+&tDFhS^DOw^|RHB2C zj{~1SGqI1%QIAmBt5-zqTCRTF^mAJi$#}mA?}QM&dW(uahitCIlBTkg*s^jNXBYJ7 z%_q);Kun}_fvQUToPO0|bp}eIR@LY@ONMeTvRX;EXkLhB5`n8x2PP~q8#Rc!K zkRK`a!bdZ*0(?eYsdob9q6~oa`l?J>JZ*9i)6X}*899!=-5AH9Hr*JRM6_m>yQ-C2 z($3@44sLel=Vu}VV)#Q>3b%bKT+{3Hk!=rmK5d#g&cWZ!+oY`Od8fB>7ggnyWzQ_O zb`+L?T|xV?FhOR}7EBnTZwdB>|3a$GOVZuzAw~PhRHZtN0|cZU$(_?>oyy=FROQLZ z*o_Yy`k+%`XT8V51|o~yi&pD887W7el5xQJVsjSnjp+0HL+wCEg@d1DF#gP-MlFzt z696))!AMq#{=Fd5t!yS#(>mLplz8pTE_E(L{k$C5pB?A%26xP2=IRC%dSBQ7XK@`^D5rkH#Q zu#c2mO)>ah{N@Y)_j;bb5M@Ge&(XI56g<2t>tfl-odW_?_BQ-3UFJd_Y%AcPHiYGJ zs`*Hj@2v$bG30<@kAWrPk#WpvGen7l*K>E}QwX1GOSezne3L|d%MQWSqdX~IU4#S9 zmYrbWi@>RSs82P?6osJfdX%x=J)pQe&p{?eoZS7&{jlt#r(4U13jyVxSY;ovRa0X-X`Jt;Bxiz$zfnEKkX>j%*wL@p){#P4Xwb{8IVb)P+_wDcHe?e@SI*7-$<&?;?aQ z0h=!CR%%{0D>&GLof6HQUd9;Xyq62Ny}vvWZSK!p7fEWOH z<2plYK;zWs2w3x;P@CjpRWF9-PhLQEkG;#IYol1RF>Vzk9=9M~XGrXtKJH%AUg!2{ z)wG0Y_m347oh^cAh^Ms@g<<;Rs3p-H*D|VV^Zahj4fni3{C_rfZczJ0-28nM$7CV| z*H~A~>(kg|p%n`~bo}LU7bq=4GrX-u!cM`!`gGBYHQl8jpQ@zV18uwm@f ze~a^iMP;E??~XkDf?!|Zw?}iGsC3YMzarRr+_VxlM&7bI2zhqq&>Nn2&7j> zF)KSPZp`u{aZ~1l1T!kpV9_B-c=VP`nHFR82u@eC=-(>*lEi(3%HJ z#QdaFxe0W*)j66{iuvX5F+Powtg$DXc3fV;5!OZMv1?+wbbMahN55%TBxW447BHjx zU-Pfq~l4+w;$Qi0ticr&gG+0>eTM4y{q=#Rj0bnuj=&m{Ph|@tSql24}d@*KoRu; zuGhgla{dms0HCDA4&VR)fCm5|3;=|pjL=ZzAM{t$cQg<>fR0KdQIQly-|*Z-Y7pjc zX*`Oi`GZbJ(eOWbP}Kkk5E?*;O7l^X7e#|nX$>kmME%~@OBDSM6>)z1pcMP9#=oQr zN@|)=UTy>rH!m+ro`;uLlt)k$!4E|Ui1PD^@{6FjLB)U52qk`F%OASmRP`4->`*0t zu|p7*kN$^_Sg3rgKhflW&^Pvi(06_$KkpMAi)9bKqzBj02&Dhodk5<5749Z z#6*pQo1ySW0HL8{U}9n8;Nsz<7+Q&MJcW*ifsToZfq~+Fj4B5(NH9qm5K>rVS{B$a z4=`^?N(m05bYm~M_T(2PK1$7iF0!<&yrQzIx~8eQrM0cS zqqD2;b^pNN(D2CU)bz~k-23^3#r2KNt?ixNk9+&aC#PS}&cA*C@$<&68$16JemCqt z*hPY}3k?GU9RvHuE)bd@Dx#BMU@{=ENTsx}Ej-9zydgMX>6DVjUR*{#?Jwk(o|AYK zO#JK2$2X?^X4!wwu+aZ4%l>NE-|Sih2+%>O&O;{wB!In^A}j~WT)FbGMn&sX=-8tv zk=mj!q4q_mqZ${NP8w3zKuVy-HPC>6Ssm0$(qJ9JXzOkMoM)FQ>2*oH-Tj)hZ#nS} z(r;w$ToJ30T?Hsz13?M&f2%;zv9>j?O1k;S0|dH+;Bu^`lU7S~p=@yX5f$T1{Mos{ zz163uhzq!{+^z3Y{2D*DS$|#e2le41gWj@9d_JzPzC$WPf|qO}-ncY<`^CdqLxCz+ zrUX*H&Jpw-x&L@98yY= zH7oS|D`BL{&I1WT%3+eBi^}SQvz;V2gCE&}a9{Zcm(X0+%agRLYk*o}9b-~rH@)cF z_qo}l*Go&dFwMg$7(wAZTl}KA5;L{?1~Hbl-Zna+VyP0hx`LGNHU85|W?00nDgjd{?t0!zXtej*$@qn|JekEKdH6Q@hWz4 z15Ri7{FN7a*jtG#ERZpI7OD4_}SFUXW?xy9WMh#N;)A!xD21 zh?iXhuLj$+4@bV)R>WlcnS1Jq=xX&N#!-*ki<}NV&aHw z{E^kUH}|i`*jFKZ1cS#ny{_|{L7kaYr}w+zJFDF9yjNHza5+=ueA7!mTL#*_@Dx~h zq}`GELABjJ&q2sv-0sRK_H>1J$0UU{cd0Sn9rK}~ssgWO#*zpE?7W;g)csN7>7Zb7hMCUlt1*G;*R8O@@3Fn2(w4xPq3ukZh(GLpHv<H7!G>34f!gVvzzi)6!U7zps`{~L9ZLL!2WdMcf+ zQ#;J{0KC^1}yH9($0K7QC7?rzD9 z3sp#_DdhXmes}+Uo_nr&a_BcqY#NE^3r)-}4%VahPn3rzn}iWqNu#WxqqMtATt93p z3s2lrf4GZAnASxotsEt`fS$yTWS$(~_ra5doD4@ND}B7x?q$Gj=N)4#{)wpOwS@@w zQ`B4-%%x@c%I($Y)yLiO-d_tnX7fYa#*}1T{P&E+jMW;%oBVq(tI%f2^Dt*$kKi!3 zb+@mEC#4fzMe$$M=7dkyzYNe;w4V@u8)UkfR1Z8r)*7ntpF1&q)Rs0hkGIBx(gw!U z57xZ{$$>R*BKmFqG}q&TO2z|~MwO^VAyE8->Szn$?e{a49pm}aTFRp<_pWUuIN;Mk{dA6a&Fxg7&PO(gJ}V zu{%Zm<5pjgvzPA`OAlk|+8Xa(c<5>GoMpQiaO_|*jzUl0xAEK!GH&!`N!c)=loLzJ z?nx9Dev2)BUQ^>E!~XbJ$l&GLLpxeeiJxc8WF~pFk6=rb`Waz7c-^`PV3SeYYc=OQ zZ>&!;xn!CCn<`Ccz~Eg((t-BS`S&b)EJ^D}E#Wo>9)l7Dx_FCO$yiLM&%TS3?+yCz zs{y8MxeCo#QqYtzo-u1;z8-O(J)@n#*U)6irFfM{o@B2HrOhSCfsTn_nd=%UM}Sz~ z6OAwHjY|!_SLF4QVEurJtQX;-YjPbMya7M0z8+{Q`FLDRg}S40V<&&`->js&8}xIw zRu0OxssS@Df~)L&0U5?n-F-`U*MW1ZE3h`BAjrGhS8$3qV0i1H%jNzN7|@dYml3q{ ziXv!>%;g$*5Oksb{F~g~o%Q<>$97jzf*;PlT>~u#Z@urQUXd?^Ua|A^2N4$jD82@U zU!W$6_n23D7}Zsuv#Tz1h(- zi2eON|COKJG49Ir771z=O!;;6!T!?3t1{*S{VCq+9QB}l;jnUWZP6;}3fB0fBOr~BUUxZZX=)G^ZuL0x9 z_{JFgga*mwyM(q)`$KrNw>t12y%6HwoNicIU14{UdctkE+?Cz-1)%f){No+wJ{*~h z3D%PQSMj#fKX%*42mjE!X4!W(N(mIcEPT$rbs4u9^vnIhwx)`O|9xA1j7-k%GGVKZ zl$1jp`Ut~!IJa+4f5-lYe_1QTcu{)R;Be_YCxHjQ&-5OO?>Q=IMcqEk&w5p z1&-U}+b`0woU#;=7-(ben3|{+OP1UjK zrM0hON&Hd$U2tL1h_;{)m4~|vak+QL+1XzdR@zj#UN9Z2wSRVY-l*FO@_y3F#eX=e zet|2;t?*6ZK>p^Uh=I(y@n7k~U5M#V+hEdI)1*&HbID!YLYP#-Tc}C*Z@iL!7X0si zx$W?u^t=RlFSS~mVbRwK)KBQd^NX81`#Le9zJ$-1M8Ztqn1tRbgM?@$#u z=@`9lc-urbpV&RfhxNO@fWri@OR1tVml5AnWXI?4hWE))ZbPlhzU^y#DZQegj0pP3 zCh_ZM+9d}E@5Es2=BsrJe}k*gv}@o)wM1Xi-wPnei2gMT;nBlYlLD^N$Z;AN4UtG9x0qCotP{}&#Ej2|81WM>1OpVyB3hXr^>u{kz5!$bQ9u|InfehoxKtUvgPhk6`(f^s!p9&ciot^>?QiNIMN zy$T~~qUuHXs%%vn@ToYUtZn_P$lC+cYvAvU*SZGq@%vtV1s7fYQn~^gI?T_jv7E`c z&Mp;oEJNr!PohSz|^RV!FuLc7f2EGOzeE7Lk-m-=_nUp)1H#v4!f=2DHLPVp{R zc>lM$up^dkbq6U5BDMJy8mx==qy`%irn48`|zS`UbHC zz@EC=GAP?_ph~FSpJ>ZJ(N^}JE+`&;6c3ZNiz}*rG{fI%>l^yf4ejFWgVOD{aAP5X zjjNsxDrG`NT0j9%0@MIa018+FK7a$@40r=vsMHme;{|A=%BBAcdFtQfHBnNQC@BZP z3MC;6xB)JJ#c%S!O&_3mP~mUB^|IwdA*iSTB9I0E%+>4bQ)U3bP6L2n$=BBxCD+%# zkSJ7i831}*|0eHN3;@DssQl!=we)k)y?4}$jeGdS-C|{|L13*qL0I;B7+FPdoh21wG^d4+<^B)D??~)dG$V8n3WWR%5=)C3_-Hqn<&7(T z513dO*f{8DH#n^}F{+-wfmPR-&n@(Ku9c;A4h6ij^5b{-*{%>0%zo<60aVU4IdX>S_)4JG|cgQ!X|vCy$G za8RY9Bq#tI4Zy<#p<(@@76^qrV%z|~{92xqSY+fBQrbEt$VOhPCYXgs$odADvG=e#pmVd0?Njr{r%)cZQN-*BM25j!m=9xSnIZx9Fe316M^Umz|*^$rl^PkgJ zMGA~syT^(g_`kJ$=2kg-BH$@TLw6E5#8)fW9*}m#Qg~jlJ@Vw~V1t5{)k_Wk9Ut4d z&%BSzrdOwbuV(nr*>B`C?L^(;%8o`$Zs4L{7W2hv2Ac+q zjg22zpL>ZmJNf0@n{xQeBlwyn%WgILl9Rw&=y z<_s|-xhLwl&47r-8nxx|P411~&2VlM4+JHx?c&GH`p2|YCrGR^1|Dxh+9=6u`3NZr zp3r{}c{=w64yH?4cGjU+-HMiuiFY^)2GC)QlS}W%e_FI__0s!@5hWeYdT7iDeG4qR zXTG_gaBjfi;FkDJ@lo&4EX`qgnb-=$DK@>XTT^E8XYZ&n+Q(WiM~!7(OwsdroXKCX zIS~Du_1_-&f71hcTLO5!F&%vq885lcbv9}gF?3@1b^O`cF~K9fh~SGvY-l z&hf{P%K1-W#&5cZ5AQbX4M=FNoQ)2-2Sv+jUvS?~$y@_+t&cX# zFCNp9T-5m9y}eMgQB>vnb8Bgkw!awy86qQ<*R9V@i!Lq;nY$F>PV$L@Zc%54sqG-VuOaL$>6HmyH+p^%~m72Gv z_I7TkMzwz!meA6hb+nm`_T@@33x61|2CBd6A>&c810Ghvdu|w@Wm?J?>3qj zZeISBSI)rmmDjum2AqZ!DMS|=$EafqM&a=f zNm3dfa5qb_sST||WoWC{wvXchDq^BlJw6-PCTX?)VCr@J=lR~4%g5y{t>7G~fk5T$BKJ2x)KLsB&IdPrQ zThh5_ZAa2z!g7WdBRMK0TAf}Ck{y`nrL|@s=c9hJLSlR1t+w(|-B_t-nJZLe$@fTK z|3iu*5uPBdf_y+0Prnb%0>H%R4#qRzG9PtlF@x#bQ7728#$@K-w{n7u5S>XFl-7t- znhdMo20De}Yb;WOvj&g0gmaqO{a12JY>l)NiYp&Yg@S+0go@!MoLF62&- zf9&yK*~s99s9Nygfbi4u(1U698oh0jygFYTvFeaa6Q&y}xGf2KtPT{rwP#xEPf#QH%m&Pe;32W>^w~I@B4z!?ETokC1ICs5 ztscM1-6a=%_it&YWO72by>eBOqL5egTqfFBm$Q~rXv{MtBX5(#| z*niw;S3Bd-FAFjjEjF~qS z6f;(jhL_c*LsI!X+n#9W?^O>GV?+&rh(W_%v_OD|irS&sI(m)o;{oUdTkcds;Va&4 z$MA5OHU)!FY1$2-%VxV(I{H>RU;L3EnQE_h_={ubUI`y^*bhzr35l1r&^Wm)VL@_X zb90PQ3!a!BNgOJkHFxw_W9#m|=@~KG6YmpIrW3*s&tQ%nHq6xPVW}*Sd*p;wk|RkW z%I4?*jx`2f@&L>K#zf@v(Cxmteuqmo{@sy+LgP(N<%6fxTM3!6WhU`lSqSCS3RpOU ztfCcQ9dOIubm5qLi9EE_f*T$fouonZIg#Y8exg_Un3P(d{Gz9M51R1pULt7}8Uz(7 z8;FqJn5})x@r2Y7%X~{Z;KKIsLp|OP-$=HCikMNaib4{^H(WB_Q0~n1wa!G}2W(ORdoNQ)CIH@Lh{7GLC&kvW$LrYgjM2DCi$;{S|u|rrsd{WN8OD1Uk zz_=~qg-ef_)^Mlup!B)}Ow{50V3*9;$-r$<2?P=4SZbvC)kx}P#GiLJ35n2c` zxwcQkJuRALOZ<6;V@1F65M!MnhUrP$X{Ujy?L?~e-l)eXu=VU{o-eE!nXIL_!2)+d z^vJl|QQ_q@-KSI@F#ce4ruA4P-h7cQuGPloLyPr_Mfk%XHJC=`42iCZrnGBjeY%p{ zB0~UOYX<)ci*qWSd~932qLEma(q`6F1(>F6Zq+}mG7fMYUQ@}5uA82z`)hy4)h z@32)<397nXVHQ(3R74J+j&8;C=Gu~eX&hOlIK10L86F+#|d?AK{& z&1m4ZxU8wc&elo|E-ED)hiZf1PYnE7DIE6g>dGVJ_#L&J-f0NMLNRs5;FAQy3hNg+ z@8v5O+QQnLZ9a5rz1|`^=Ffg+wii3!fiA2`%<$a-Yi(pa^z>*;0LG$H!IhUudK_Zo zwd5AEWgRQoY}3m}3}*2ts04U?10>lHE~JP%G#m5J7)i3bnIh5@h;(dIMnmIp=kECu z0@=t{{V$<0}atFoahCJV2zRj0l0Y zrFl%3AifbNO`#Dy@bP8X8M&E$g&8Eua)Epr5o?|CAnLX14~Azt5DXdnC`L*_hwQnm zK%Ut=Ug^j9?zPHop2s#c&3cD?gY^Y9l04bb4K;FVGUgS;XxW~aBm^53&IcwXE8k=t z#F&?bJVc;qGX@(~#82gT*zxhW!K=6~;3*MVB6qs-Ve5bh(-DWNf+7DuV| z{8q_^RdnI^+@k~Nc6c4UY}r-BzR_D7w809`FdXIhI06|3$c$ihA~X&$mgUxQ_kMv1 zx`itfwK;r94cEM9=OGy^R}N^$O1sPnz_C5fE{ecc1*{txL2 z=kM{q8nu6OJy=5j{;bv{i(@u+q2kq3gDc_>6UuvC9Bq29CA?d50&Oc}@0B+>eI!y^ z_|^XbD0s{y@zum&Li9oVWG{VJrPbt7ZUfuT$j=RG&-Db<%GZ9rPIt1Xsb)#Ub@%5W zCs)sAmokj03IfMcK{d;G)_^{(VJiWL)~~504v+IZp3TP4yf9H-j|}s0W4;~z_HBIH z04;e>exJ((C3qC-D#zA#LPCq%Xrza5VsbM1djEY!^C1R3wCauT;=WQ9F|qyuC>6Kx^B3!FJp_K&cDyj+yEIFH&6YqpM5iq|SQs!oDbWdsWh!s}aGVH>c&_XFv$)E3zn`dmX)7W+{9ljuo#KX6t^w;nZ)$Q=*SA8q zS(aU|fjF9gsbi<0^QJ{T;d=HLE|x~kse)(kz8lXU&uxW?dAhJXr4n^!;n|Y2p4Q{T zL!!4z^(12elAe^JEMGF4olPicyuU6)RLo~#*5nW&FPX|EKWif9L@U^q!RlBfWYLKj zGKD~ZKA)&-BQ<0($7+0JfrP-Nx%Li&i}H{PGCnN%1LLGV+gQphaS!bPs5czZfuE1f zqa#?r^!!tfi(>cJbN9@FA_3DM z+POA#{$|P!D&Nknq7@H#3Dj$6^V>x=5^G`56q*da>c4ZOC!&t6z&c)DJLyN?c!L*5se zA=ScXbX6sZ8yqd`icRmsV^7glU3(V%{Rcc58x4K5|6`M?L)Wj0XM{&_?4ndHjPs$) zg9asc{S8#gY$!w{(Q9-d1Quk`Cp^J+0AuW+?a8x-gM@P56d1Ec zIdg-u-Aj7bai`W}bVO6mFS6dQ8q5K>Xg zVop6^DJ<3UzR}7=8iGfPlFHk}xYc8X;=LCmp-&hlK5XHQXGY9B*%8`W7G#8`q`MYK zwelCYIize%^)^?WVNHtvQW|epMCEBb)v;lpc(UHl=hBp+dPeXRY&0m#$QWoNcvFNH zTeMM>N!CoY;fhWK7qhqnjm5T@|3FjOePb>hshzD`)Epkv`H#U7tz9}d*jjAHI z+;u7IeL#q%a#nHgQY`t&V+McuxEx6|b_-%99j0~b9*q$6WCCFVLL2{_(5bAc3&Bl` zT2i5hZ5gi#u{Ktf?~)W1QL)AfbA*V5FXeNyrAscy>bPvdgvl(+btoFC=Z>ga%U$U1 z$rHIm^FIDSrGUqxhvTu>d^W4P6b(azL4oo8l$sh4f0s;J;-&c8Cms{ z8?b04ag7;qmo77?E+g6|m+Lmbg<$lyfG{X%i!jNAL7)-&7ck37(!r^`S6n8A^r|k8 zd7BT}jCvyZNh7@{-+)ut47;S{@WlOa^VKbp76f2rnE6OpA(N`=s=kkr?Mz2rnkIkw zwBj3&H&j0Qw#ULl2gQ1Rg8r$?eDKsLMT~7(cc=%jOhvpKLlMKODtYgQOJSk<&Q7@fqly+DbS&@)Q=QN=PM(%a}BT5GX6 z=;q6rtgz^$goR-bTgww8w3q2BO#$8}WSK5|5_InB;;C}}c`1UE`><_Sct)Rs86WW$ z8Lon(-7+SKAPL&J%4R2TkjKoZ=Q5I)lF^pVaWC2bqJl-P#{)+#VbUF2^NJ_ZU6Z88 zT45MnKc|tCPBEqO*SDT>FVN9g8#$mlB65s|#p?PXAl6I%^`d3jJL?E|bih)PLf zx~YccI-~U_*gb8y>3D2izXBGM{%O=D+x5{Ww7i^0_m{0GS{q*8sjj8i@xKNPO@(66 zGY>*tN8!uXughxWRalsI+{mys(OG-E-rCBiAd1^sf*wBQAlgglre566#iq~^R;cfj zYr;-4s-CDMmtpq|E*7@}jY;uD_7Jl*tC3L%uwLZl)h$Uor)OzcL^3l5TLH|1s#?JJ za10Cy_nD_BsRBHKC9_Y$<+68p`I+b#9?I6FNoiKc?yx1g1Y7x+^K1ezC?Gr>>{Y7} z1NYNEuNrNdahk&-JbS_ANnqkXe`eOsG3oq1b$5e!SBY5<7DpWR+&4xM#;|ptU#k3b z`MJyBYkelyGZ&6XYQll%=?@tt?(u4X-3`#ZaNC7Vb>JbL;EJVTS$CEJ_UzW^x%Q7Q zo^sgD<4BJ`;}Gg)gm26CY~547nSA;zae}w`k^?=dde&q>?0KWFwVyp}Rn|5h@p3o* z#(S#SPJQPSuHSn&8*PovMsQ9Zk2@3E_if_KQCqf0rVv>tj=@aP`>CRGRoq-T@UQi2 zd{GqRXSZ`iwLzWz@g)Yfs-Js2$UuS$DS-scw{<7tP^SsG*f_$}8z4&?dzl{2t9+B~ z#?CWPljc3Xbvo2pc5m7WQeks z4Hr`iM{0RkiZmxqem~gVGPHwOf`Np9u)@Wk1>(8r!^~VFG|=w4aO!O1Y9(x1S5dC* zc{Dl%vtIS_uT;$o;W_pXi?VuvNUg>daShlDljRWRXJPMdT)Mc#tqFHBvUVA~{D>l>N)rMQJ`pZ=MpIo)Oba$3Mt|hJLG=4lEHvs>V z@q5p*`lpS7TdZm(cb#j65~j_%ws@7xN+kPHxFw_lv;~F2(9k6vXPYUinygm@kCrNQ zQb0)3Z67EP|hX;XcF}RCzw)+Ke+`pO23WXZElF}q+=LVtX${R znAGgN1@2Ah4a>F-yYb)O?RntIKYK)G@wH;%8W0?9sx;zexkO5|bv!_hzv}k8KTkgp zVZ7XVzfON#;Mc=fUm~wO4b&#hni{As%FEs?35aW*aiu+w^i+TQiRC-S!5+gkfLwg( zG4<o7}n=H{X7d=C%oKh$U}D9nDTv7QOas_^e^2vVR;$6Rq!vjU;4r@ zap#2)Z&ccHENiiPit9cm;#ljf?>^ZKJ|gU(-3l=GQn@AUl)2myjm*5fbk5Q0f!n&K z8R8a>9g+;0&t_-O-9x>{gSooJeDU>laTfwFtRYn$uR?e&SZ5cDgPouk9hTkT7f|FcZaW@JY^W5_4%eMa1eNvATt*OJQ zl-MUL2Xeu3%u6+TWWvCjYy~{}77y|EvF?occ16jWvGtDBms#7sjq%6q>gr@ zqKXNzMc_A(H4HQ>vGA4bA@OrfdBh9OJ;fnDtt@N4j`K(PVp2bqVM*6Oz^DaV&?f;G z=4k=6FwD9`#y!jpBh^OtA62eqP3ky4+60>{P$Ffj?J+isjq*w7azPablUSbAeaZmF zu_GQ&%S{oC<_;O!3-(2ytVj2{>xD;j&C446GgH-NK@?6elmuo-4i~et2}FMNswiev zA(*x|EU4r5a^&M_!0sHPrq#sQ*FZ-fNX7JVHMEz75nj8qWvknpi*X1e1bW_priaWB?J`B=)v!`e%MzonFw=TGuCn zM&P8^TJqd!re#7SB+zK!YF|~=iBt~@-)LT83ctT8$8!BtbGh3(pLoBFYEV^@Hl6QH zw)SgCyH7UAut7C#+7cGNZVjhMHx^A_*WN!I+Y7EIiy`0&f7O;d6xJ6@Z0E~(;1v0Y^9k$0Z zq8nzZTE*F%cZk*^WFqfIZr~g(iVy`1a7tK~Z`c`DvSGug6*JM2646~EIG5oi(L z4tkjzY4hLM{QbW*M{bnVwufd?W zNur0X_a&E%9cmY?&`OWZGg8Z5BLZo+b7pj2R5*X>QNT^!K&xTWlm%owH{XgpReCR2?nO>BvPBFpwu1!^CU znLt%#P%|``5PigM)2$36wp3Lv#@5Ydsz`4-#Tc)IC>&4Z8G~ zv{_L0y?CtMUEhsckzMk>+`8{gg$ zuEJbzl4_>JpvBqhvBYn|Kxe#~LZ3%Bx({REjGG=_*b`CXk^j){Ql0Up+&=r`TXs*V zw0F3ShinX7>;y^|GOSRPtm7iIn!GROP&=oox;Q*IsL-h<&c4XgXIq^IgW*OehcayM zXznoH*B-AAEc;%x*R2vpY@~Ay)HAd-BBC`t#Vz_QS&wD>Y}MWriB2SVW^mLnxbJbj zs4;HYpSN-jucZi&2{o_Qe?2qoou+%q8zLNA(h5*I` zY65<(9^k(|@ z$rmt4B~>xlO!6@R3=CfP9ma(vZ5Mk6o7r01B?E2mPCb|J(*;NUhqT$_WF!x+0X6S? z!kdFTfcWVcS~;I!M&`2PWG&WSv*iNIMySeagw#N*-EQF{yeKgFH2tOV!(xdM!-x;1knEu1H05TnTUrR5`dhy)G zQ9WgfRnb7IF#|)n$q|5nwA8Y*D*=)XbD07gCq3Rm!iW_rY<#lf_Mekl1Uc{xsB&Xo zJIu0}_>m@0I=b-i=G`3X!I&$!(aijN@8)O@TV;!y@l>NyFLs$uB|U9;RC>Q6rVREc zxNTzsZ`14?_p@a`<^_73bI&<5N(B-1JjDQOeL);6|4P%~Y_D72qnhuT>g%Y=GO6&A zViBQtX-f$U+ad=1Y+3et1YBi9Y?7eGIWkAUvd2kwKmv=K(#9Nh$t_Q#HlLjpmwRRb zenKI3o36oPPe>F?w-P^KlO6Y3M$WBelWp`Ik<=ll5#`Ly0xzi-iY%`I4F)d%%J&(E z^IDh@)fh*_XrWfnbyZh35`Zu)KYN=&WqXi+Y%n8p);5Kaak0g0J!6e2m)0hpCY=Ys zl6_P`Yj;&@$X-zYg~#imk#{v8!N8As>0wcO?z|K&*Jpy7AZb_7qWkb#Z^*8Zj$pRZ z%zNWpBZY@bWzV$gsk+oHEphYG>0K#m$dK?7kY`rTG^UPXpSnrg(XgFBhUiu%^8t^? z^kdEGr5E8k3Mp6#D&!|>uG5>33^U>gjKLQT+Cf(K9Pv%O{``y41g2>A;M@1nXW`B1lmQ&m81|lniZr( z(*TigQojVbdA%AgIyPv94Vq8O2ifRuCi7mSZih)W4JB);mYfH>3ja_QA8gKf!L~6l z6X&_q?J6khV{3B!ah#QVVk0-xc|KfR*`Wddn4lQzq4I_ngGxc4PX6GrOfHM%9i~r# z2ag1r?+siPN*f<*Jmpw;hQ!C$#$AMBVhl?4WiM;P02*u&#He)En+QHc*}rgocU971 zG^C}$sgJ5Iwr-4TGnJ25*t6*X2Y@ak(O}3>?MU=?Dp~+1B5op@xfWabQk^wQ zE0h0H$9vg~mPy$N{>2*P?niq!(uyabOw}GOVz&6?&6d_eZ`H=O@WIIE4__kpQ!QMo z-G=DCT9q;Cf`dQSl}ci&dX`xc$I{}Y^cTZ~MZCu3%Z*DcIu9`a8;6_zFFj1bKH=LE z?YYjDopPtgvDR;CL2Eq0v`}|Zd183v8e1^7Lz5OULGWzMv%XILtI6*Cob6t+DSdI1 zVXOQGaz*u#cVJ3cUkESO{C%r2Bo#b(%Yh70)jYeB;r#M5rBcF3eManatpKE@DFjB06lgifM@2njJj4A5esIhn~+Mf%maDESyqn1t(`pE!>;r=EDGgpX9w zl4FZ047DhxwB58sv0J@41SxH`W z#k^ZX`u${YVhZNg6ZiB94Xne0HMjflaS4#NaH8qpSZjI+HX3bX%IHr{X#F@-6PJkY zb}`kkz{ic^HoFgYc9!$HAoN%+)na6!rvy@RPytdl%U9RD++|`(`aYsr3A2f1#S9za zKt9z|DyKzT;mMA@0Yu93b!X!QZ(&I1Ob2Gli@sYC@#DO5D;aO|VfpyhEKV#{sm8Iv z8I;IY)~SdF)jWjzVw&!$NY8RP_f9DGt0?nsiiLXmdF*=--N&m?+=I-+gK3yF*TaA) z@$+Cpm4yelc37ypMG0Mm-fD9THsnQavz-8p!J@&gGH`jQciS+SEuy%4=Wa1 z^aaox)`*y#y^?nUHX`fS9?=hIXr7zek-H&Z_kPNqKjE^Qe;KS~`%NZPEJJa>ipk8A zIGnwh=2=b;sm377Su-ERGgMezL z@jf2!L$1mZv&|WI2nj){zer zveb21sCqf#qIen7^GKYh;9@9p0J>e zVYvp2eHe#|F{Y=-3I_-H-Y0UhQ>NN$dD_IabVY0K8h)F*e~7GrWr~REm{*5b*$e6k z*&@yFVd9BV7^MwO;iHa;DyX)QS1MQ5089mu~hi^Io?#OY$|CG85(cla8l9t^HRx(0@2j>mjsF@~gG) z7lq5OrLOayD^B*g?a?#KHixGNv#38H5IRlma*aL8aDThP#d3e4dLyaYIrk@es&9~o zP!H<^rCYx!W=|8dj=s7pe5#)R8faS^`=q4%Ak7WT<=JWLVkVFra#;*iU3mB|eBUx=9HxsVZ4< z2*$Ptbw(nTk&3Q0y{65cPO_J-S&lNi9Dea{Xpm;LRJvBC1OZ>2nLHuA{Z!=1bUDLr2w&o$Yrye|wxeSIa@>c>6AuSzv$mRix(NT{T$fpR z5kn^lPd?IeQ+yOkMI@tb`KDgB(e^2Pg<~eeP({g?IjuI`{x4>cc z<`S|PowW$08!l<1SX@r?*}b=6ZEgpJp7KgQ%NosTkEcvBIZ5xCQt`ma(LKI1YnW5I z$AqB)!nqr+FS*_ta_Bm4cqM=HiE|%ZT;+z{c)nmZN* z*ifRyi2@y5xS4*}4!z@RGciY%5nIlqFZo6VRn;`z-afQ+P~Nx#+4G8Qrh5$PSRxsB z7+nU~5-3?s`o6v}k!brmdq_9weaA@^UZWw+vrllak}!t*y*i3^3Cz~9%(ILJFmCLm zP>*E1m8!6*h$VctX_Hg)~{nS`izMiCA_&qJf}3e zt+%K|+#@@Nh4B5v?RlGqKe-1WW?#-)zGO}?ph)}uRk<0FYh zGV@+oI=b7N(G_Tz^O%C~j%9T!?y$zuEt`%PRi8hiYYs9!P32W-*m#_u_bGL`(LCj3 zZ6rjpiYBR-JrL*)SA`IRUYn}DrP!?_uRNPz+hU@vKcK9lG!Z#d&U5lbo!55#nI`jvhs2LOb1h4_G%wEo;WbKdr!~~C40~Bb!v`$8AHafd&hg+xrAA0 zxJPl~Bq$@NZ4!81&awX;e*Rz0Uw>PAvr+ecQHz?&v%6ekA1$!%$UBL?T3mk;CwO(V z5@;SoLGI+a{jkx5|NR;2PvH7!evFt2$@z|U*nP@OyW>1_tT5B2_82tsFJEVf{Z#V5 z+WYFLw!1am1oz?&h2Wk*acF~EaJLqB_rg~Q9^3*1cPLIF#oOWz#odZS3lwTpXm94s znmKc3zB6;~+`GQH>#py=tYq(BervD2-@V^wKkxIHdwe2#oq>MXYh3m)Ta5FN4JaG9 zpjTJ<6mU(!AH&`v-#Khnpgo>c-@@n{R3gPw`zidd1csBDULLZz`6z9fY`{h7c3FH*Yjh@6)I zfQKztTlB+x7;Wy*`A)##D%qJPNU4H5njM?dSa}#AMdx)%tu$`HZEvuaKv>;AoihRJ z4x^nQ{1L?r_Tgjkqfw0Pbds_2*~X;vx7BZ2n8sQ_}n09v`SMnjb}i)w&*;$`~Rgzx+315n7HWe7&%$y6e0h3FmVG@K! zBhy{u{yoK53lKs`aOLOXt@=&hmEpGFk(SQ+cmi`8>mi0g(*$o^z@c(|`Z%hNa7u5F z9_-6|+@70c)+!`K`54IH#5mbQuX)Fy6ebN{ zkonT(m^jvQ*ZlLrB(_!5ncL$JU21+RE`-&l?r^+=xlPYXHflI76}_4_ggHf{ph3}s zpZhosgHZ(r^041e5(Z2O_W=^SHsDt0V?HEaeF=a!#Z&Q~_pA&Xgv1t^AdOR7Pc)K3 zTtDrom)A+0lsaXS;ozt2OH1+QDL>dk;DsBT*YWg&1V7GCi@&`0F28K@;aTV7 z!Hz|*tG89sc>_%(r`n?wN76ht06dKFfiZ+r1=Y@)>n2|$bz%LvYG5+CZ97-6HD`Pw zN-r&*hx-X*4%Pjl199l2_xdK;Y`H zm}HaC03{bZeCcbG`$Scn-L?@EXW*Up-xA0-8}p;h+C?Q!w{xU$N{Ly-Xyz4OD4a{> z`q1G3NBr%cK5xj;wf=lmsx4u+z0*@#F_Uj;-EfU#U62AFIKgKw&435nkoHQ)56>u% zCh&y`FQhzcG@DdqJ1c6i^ea`Nl{lnfUEsw)Un5lX5g{1(OVVsM{~tNp{WUaF6a8V( zdSmU%)6??|jzG@7yHZ}frE^b9Yy=M-)e||XY<#fFW5;%V7#PvRM?=%uoPmnx=tD22 zF#QUd9c*g2#Li1EK4ify_U|vHYm<@!7i=CkiF?Sj|jp=@*?Zu+lT>$Ak zvR<39IarI18DM)`~nmN(EI5V^K zoNjZ_ZlphKscY5EQDIYu`7!&UN{I1@*cix1l-SLWhSn*s^ST4?|70lW7a(J$2%=>& zGR+V~G!Q>9I|+zpgQr6&$<;OXnMt#lv0VTJ^PqcHFORc|3|}@`KC4tMc;100KU_L- z#@`0&A}O=tuhlF*7{wv2Mf!0uJA}CwP%vt}j;4$-6FHU<-LVur>7?e+!gF=@y@q!u zT@hzMsATL65+3`3oA1VMTs(f zAQrJOZeaH<>C*P$x931?#|f+UhGgTu^St$TjUML%X{ifS5Wy9R0yw>35s0}bC6k`# zD_Gaa;lw?ELisLlp`fS%J1LexQAed=XcDwE;3Pf&rq1wE#?Dw%j|x!0bsq|VDrQl* z_tzL65q(@Fm{v|{@jhz*o~1n^li_wmO(&vCd#qjq8Zy$(EJ(Jl1LT7ANztgJhoq8F z%kHH>jr_G9P7ZbrmuFtPhA&AqOY2NhX(?FZ_^Z{h43IdziZ>&DOZoQte$Ez6 z)jUN#`KpTfGwn5DV^>^cHNTniyK_h9Y9KI*A(?gdHb~_@C9*vP+)zS1B-bmyU-Q2{ z75x1a=#R>LQk>9^&7N`@u^s&!n%r#~c$`Mx3Chn4tGf)TA_nlN+YcV&y<0Y#uF-%5 z29ai8%0JDNspYbjjVE|(_5Rs2-Qsq-JB2JZ)(TXhKq^>4rg|(DnHo13j%$uq$r?GS zmzjM0#z6R@9i1{$3{hxneeG?X?>fPJ2+$BMoiir#<+~2&gI7!f3sblQESwJ9z0UeA zf+l8fxSC{N?!WS+w(1TGlFCe>6UKE&-LRA6l4A3P;Xl?*8Q#RyV^ledyC7l^+e6)K z;*^^ui$5VjBa;`27m0`Uy&j9Hml~JAuO>J3EnGH`_qJ zq`dAm73=qr?A|J;A3f1)S5`h#Wa-8>QphSWGrldthJv*BY6_~@6rRE~$&E=6Rf;cs ziWk0`1uS(XP+!oraMlslu;EO&2wTw;pm?E}ih~WbvJwD5Bf_vEN5?cV`Xso2RJBYr z#x4b?Mmjsu;|J-Uy$g*Ws_GZusegl=hxtP#jRD4`&V3$4_TIXFtvV#dE>GoYQ$H0@ zv)l^2l>y{M^`kYhuvnh^qfZ3k3-y${u{~Za`a%UVYj)5tO`9%-BhMtsADzO*z( z+LQ#@oMYB|zWJ<^? zemlHzH6Oe)75#>e=*s%(jQ^*1 zCazkqJW~{1pYW0pI&Jw*m7qn>ckVmR&H5nV{(NJ;GEU@RLg=oNJ%}ZnTdZh(mV2&)RPZ=SDvi^0desu|Z!{AEG^ zrWoyqr$4_YBi%ty6L~+prt+PzLxH7*MOhyPBsw{b2N`ttlTU2Qk3!t7=3>Rr^leV3 zkqQf6h{>q5aVGq|Defjiv9UPdKt`w2XF*1)4eNg7h6}BB*EmAHU~TbiWlEn>!YDWo zpK_lKganT_9fmi9%`s8!k^97QJ!i&K(rahEgX`sZy_kBycpO_4543m62FyI54`4o* zqFx=_Pk#e(?4g`p76^Ku<4BHFerJ$5^_rcsvO*ZkPdlN*50UzY73#<2+E=q~!_rxQ zZ%w#mts_AD10Z{xfH+#kO2*?M1Q5R+b;cGB<(Ldr9UY;sg?JJ-O6oyXAL?i3!p^Jn zwK&i4%Y7FOUARj-*;AoBatJuJfBK!R{PsEDELs1-jih1893O|Ydq18v^i@)MTa7<0 z1?+!Ra#K5!>k9v-Y}MtzMgBQP`nZOff!nnq3d@gNM|Rl^kq&15TBI0%G2=?%cWOOM zK1PpG_qB+=5~nhPmupfVNZKY!1AhTt;P1Irwh(3*#RDjK6JXepcewDk{sBtE?`%-G z9A@_kTfP~3`~nm>nj1FcQibc^-LMjwbK2SJY4*6YH_+&1)odc*l>hU^qZ_3NX@TmK zrZrQN+xdCN^Za7oZ#m=5rP4gkU#Nb=3jCP<3oz&TNa{3vM-38y8YroFvT%S~~; z1n}*X&%o-F&=;zT;`N+2Gn#}QkfeDM5GP->t1^+*EwQgES8Gnj&rus5)Cy5&m zaklM&p5fGJ(~;4dgA&wG1l(oPk7fCO0p7j07B4bT897~A|Dl{g`)OwUpnL#}(<5?2 z7$F>isFE2!P)i3Kgz+0zzi(aXunc@o6Nk1Ag5Y^^?R+s$%6Foo zCq}PIdJ8L=4QY!}35bQv)gq$@5twA1IH^6LGsK`o9^Cn;Tpm{ zBuKwLW47U+f+=sVICuD8)Sp(Wqz+6YU%p|~Nj~TXGPljsj8d4Jg7Sh0j=8asP`RF{ z>;*ANknIN{7q|KOG#Xcm5C-f{z464*I3oln6&X(D$$krD)hbn%55t2#(bDAp(%M*` z=xva5jOl1$sRnC;f7-kmk{)!NU+yHY9wIe`Rq6LpPuJ-WiYwVEf7 zwqrw#4)%$~_&~#4L9MbX*T##|Y6MqEHUxc8WHQzR7QVa$R4g*5Ykl2czFb2~(bD7{ z(m`Q=CE2=y+Ek^DHGgvkw==yQ7pBkN;c>tPoKdV2gXqg-$n?pmdWxa(RtW&Dua+~m zc-et$&V$?G_Z9BY(QmzCzUmQoeR1?{{CTmShsU^-r)^5xg^9_}l3s71 z=P^x-N;Z)aczQc6(5{^+d=8D5NpE#eiZ3EE;eRJr`JsI?OqQZZSC4X3)xGqm9&&x4a%n+r9+0*;r z0?sM!vgxVz>26388#Avj_-1Nn>Zu2EY*s%b3ZDZ~62R|VoYzAj4fbkVw3YLhcAjC? z6hrx3QgvC*e8K^`YhB7?o}2Luz|rCKs%r7HzSI{0sCK{z!Wk7@x&1RAzi0C0LRzlo zPDFsR1o9Cxw}8BQD)nop#i5P(`!HM~naNj9UT+OHt?@cYUsKVxHGd&|5t@%@I=&Y< zh2{O-V1WaCu}>3JXqTE_G&fJj>1B^JqMon;>Je|CafV4(`v~Gk^&Iu=JAdo%K3|gw z+7d5LKy1-a^D@}-DUV=LKSn`IL2Rs0iqerlN$;Vkliu7kClY=Bx7nsRy6}t`O+yrp zlB+TlisOUDb`L!^kn%#%oII#fWew|qiPKqUYV8}(8}3K*`U-r#2Jy(j2@Eq*v`m=T z?l)SKje?{MEEKLi#4mr9;@u`E#qs3im4ThT*@)|t)yo57%8~16znf#~i8VfIo!V4} zaVXpa5r>~6heYSb?|=U}lo-+wQ1upTdY$9BGP4FKKZe;Ek1rXEIY!piHS>LrHwWuw zCAQl1@=0Q%u#_8elLi1#j_5_GG?9%Pg1w9o^ga<70ekO!5 z$2eR@x3|1Gfa4^8F2OzuA@-(no>h8>f#XF+xB+Jn9c zRm=fLzwza0?IW}FXXT$ zp#`Tx)-~X=ZqhLvn(*9s%f6;nEpFtn-E3bjez@-I*%I1=yEdrP&s?M7qad26Jd?M; z|CA76y*fStqJQnk1AEAsLON|Gpg1)=dGg_V+(}nMQutf+!Ev1J5Q-klK#ta^Ah@y& zr=Es_G7={d2(Kc+Q+&a3gH~dJeZN@gY9wxYw}^aKANn~m$0;gpP2Pwye42LbT$-GQ zARrqCC8-`Hl=Ejo9gAZUEq0HoBxG9Q%7%p-XSsLp@Wrum+JL!ylf93~+`>juJmuEs>C4?c4jB<5*G!MU&y1P=XEYHjTeQx-UJ z%^RYP-m9xUPI?@9Ze0UJyBq1!p)#sQRv`A(+V$!--@DrxuXbx;Ckwk-jXdFQoT)`x z9q9AX&qE&m61)^WroN)?d7=P9O+7I?A{#v{IKY`bH30E4&%6M_yq!C|eyOt$y1WM( z_m|4i(b$Cf?XJo>xyqnF1x12(xG zCjyfC*s){07%+9iu!rH`MYOTwi((6B*?M7N*}%u%pR5Y42E}zn8|vvlGN6t0_c$vQ zyyT#4D5)?Vo-yW%baDzB6VUmV8Q*^=wfw_&v}kF33ctZ#c(F~^>M0H^I_E4-vy6nE z{4QEL-o=1>pa)pFEZ;tFTtWZEJ$b{%={9&?_@R_}C-pGDoFh^+mR-{yKwS+WLB!t= zbgIpKEhQw-c1{TF0-?0j$DezYliuMFJ^hBL_8_Q)cN-0>lcE92kYaOY1Gl`{oK`cQ z;~^;CNG5>d{8U>y;=8M(qU>B4mZG&r@Kog{R&&^11&z}~mdMS^Jztg5`aX)CeS0Ud z*9`SVe9l#q70dD)+!qF}g!YWeRRTvR+AqA8-e~HvVU2OuVl0Sw0SCQ(VChO@u*IcT zu7;rOv+oQVW}~$-DK1W=#;MuCtbFZM)C0NSMQabb*wwI0=I$h78n-(^9Nf8*!ooM& z4-d>ihRk*KeDh>@kSUNMFQ!sjJW}e?{X)V_ijSb=Fmnf$KgK_ zM|$Z!?)eR-x$?29e$cVh23tVRM7$X29Q0euVu^6g{ed`2IoG@W8GUi8O#wME3q8VX zVcYD!Oj(u!G$9q)js!s?{Hj_Ri8fT!hG3+oEhXxoSZ28yxD*)X7=A$h#}r4fMl_0~ zB376XR{=`8p&2mKnSMxm+z->|^#;T~-V_kZn-mt+_v zNx1BffxZMekkA1qrN$78dEJ@qQ=FSf<=zTmu}&WRVAdM)!`-@o)QprU1h7?wj2=wj z|JnsG|Cury$Njq>qmG^MlMnX=ZuHH}>W8F56l*2;_TZ7)nb%iv--EuTPQ;UH3FR2U z*q2B2q0EIDM|4=yW{KDfyhKE&Pw}uTeWU>JbgeXQz9N}PIYw7;#PWLPb5iOzlMGdn zQyE(ie0p*d<2G4L@uli)$ru1~UQj*2;lw{tx3q=aHZFKfyO>oo%<&;_s9WP9$;OPp zsc`aiHJiA7lz(!nZ=qk+(K31a4AOi#CW?~WAs5C-K8|)nFAT5WV~@r%vV2;b34@G* zA1aK2sq?F~glYcc3G^TM<_|-OVw+3_r|YX*@0=go&0~~c^cxE!p#z&UMV#i!MV{N5a5tuL;=_sE zk~9IZhuXSZ425w2d+YMIhv7WIBq7C$WXCe&zG-_`v>IFlgb3=bDEK)*5(XeAj z8_|Q8LiH{Q;sk_J`sPvxeTF}-HtP~#xQ0oc;7*TKT;`xf#9V2ScZyCYnM?;U&Wph( ztTdMTYC~L4$!PT*`^SllQ%NUmDHBNUOF%M2Mrd492xV47V|~GKxeL7GOncv=J4#v# ztk-Mw=l%GL?kDs4PToK!JQ$W91qnf%zscO=duxFmfw8!c&a`hT^Dl%>>it+flN|5tRT7C? z8>SQg0uWAd@hQs&sMUS-H`ny};JE2BcheB*ftuF4K2eRvm9Gx1}=WHLVM zw*HG>P7*A4{&tSxS?4$fm%MD<%wcv`5WXH&sEfbPR-FO05tdJvi?V z$Fijj4n;_S@{rf6KA65g60qraAt`MA+_gq3uTA2SQIn*kTwuM;+PlM*td6KXjj5Qt zymDm~#dHGCT3*k=&Q6TD&M|x*3BTgsVx>pP3Q?d=DCVy-kQaR}@Axjvh6D~sK_yXywV&Hm z{R2Ve-{%y6GCTg6*+FPcRuHk%K*?Gl(+Q& zL>UmAEyiB}^(Nl$nUrr9-mW3R0~@jJiOI>3N}%eYUOcu#6Gi_k3BBvDu0^!y92k#{ zj(oQe@xXpJV{b;g#d!Op@{y!~V&Z37czh~`iIzkNJkciuAZZatk#alQv6ukEat$#t zrh-@srr?y-kq2eY6$u-H`O}HvYyk3!ra)-WO&7#R8i?m-j=NM=X54FD6U5Y;n>-W{ zjoJrq5}>_y-_}jl?D>Og^!kg+TFSZBZR$&&PKRx=OfA>%W@`@X$Cj`A;Z89}2l>W| zx?k#xRlX$h3mH!!W3}!pjZ z{=O^mj_D&L^)ZQ^N4wF-UjW#19^JKP9cyk@94K0ETB~VfyN)TohAF<;=~eebz)m3; z*lC}tgbw4M*1u0k0Y(Owt}B0?e{H?`4rx6QXKa|TIG$=dmUjAB*|mtPj5N??X;^?G zIHe;@6p{9lp>kQB20KTPOdf^%TI<~UvIiir%ZjuKx)>^OsG&Z zTg6D|2w+6*?&rga%B9D>6n9+cyR?XgEJQ!&3r!42*LhOlkqZPwxAOtP>~pZU4E~6q z1R}ljD=43gvqG))MQ96`;FgrpJm^zH?|huq3%Sx@QYLbEG_}zk-s&w*KmB*$Li}RY zM*qhkAws4{TGeZhPS3cOByo;ZdPA> z@+AHedj6nVjlX|2{oeps{s8%|FQ;#R#Qkh2*=jO4KV4Y)N_uPlphqiS_tAmmCx@Ts z!WiGb^qr-w@955ePd}9+Omr{i-~8F^&jI-#nIS2<4LOAtwaVq2g#c5J`nd2@SJBVYy3|j!99CwTv)aBVyadX8Q;#@lZ!QdYi%`bRNrFb z*#K{fKKq+3GeNt8Aw#hyd+q&zk zdl+8C&${!Tj?7z;Y^%*35Bu#1mxCW~#TvK6!o+L3Yl2!IRbAKT2hGSHe@<01FY@}Z zvDPTRB>Vg?9cI=>fBQK%-nLi##R6u*XWb~GUY=CVljTZV?vccHS|)3v&3Y%<%Af2p za~w9xSwCjjkBs<^6l05Fxu;lYn_V#MSmK_oUt@@HyFdygB<)S_$W0Ra-evfibY-Js zh4Av**iAB>QFrc=0uKL3W0}GJej}OTX#8 zzzm5iL{fw&iC3G<)^SIhMOfXf{Q7u!?nIOK{eK>nZ!GicyIfSUM<9cJj_ncD9Sle! z`_BWt(hj+NfcEoDJ!*WkXbpW?GHAU*r|Xog*@P%jRuJST2I)x{va7WmkvKEIEji^@ zAG#tjC=?b^sdhuGh?OtAboO`8xQ>IQ*d8T|nrr-K@D?t_Xn41ClU7z zm0y7GBg+A(@Z>jFFw3S9pH&%we7ny6CF7R7Ho6pAG;9P_?UqKfhmk*}6R$fEQo?-WWggAs;}Lo1za8 zu^jb0Vn<_@T(#4*`UQG5fN?|ZZ;>TO>*D1b1MCNoa>+~ z5FcDxvkb6{9Z5ceUyS1-cJg<3#s9%wnbdp>pTj}La`w)1O2W-vM*s1TagEuO%!6}< zo~)|EP<$-*PO+;Mg}DhxGB+fqhNh0MS=3W(SohO6x7HVCj9?=j)`Eqi`tMpL;^Dih zUh~R=->;V~7CDB7ay|x_hHgn(x_*9I&W+7rg$Fg-D-`wSc7HzJ$cV*&sIHk^(W=8#JM8cEk%KGLdp9FGs9%8gUamc%CT=_LcW-@+rp-KP zrKx@atnaxNEho%fG+WSdG6dAAQ?qKdBRy>bxSLKjM;}f|8E`cDoKA zQBHp4VQH>1w-?#V!War-6DHX@<3d6Plx=}^r^&`q-bh|)gr9C!_fuY5exnlO85 zHq>JFlg}jR4k64K_6xw5*0}_EBXd`F#P>IDfw+2LY?3i-UH{YfZJ~tnc|!_AQL@!X z=@Nr%Za~oE7=;0y*=+{(#-Vtcl;SWb;4#60fN3^w1z~h`eoLUKT@Q*t3>%UyfpgPJfYf6gUBD#yiX}Yb{oA z4sMulDfbDX5%dY4nS3&^qM%dCq&qi?f4GfU4sP}-0#p0&{} z-&C4JU+On{0?(~{(_#rwH=`gpTPZJqi(JBg!{WD+`2Jm=dwVyUjaDulDVM(h-51{^ zwMA9sk=HqQh3rE3>xX?Z=+y_5A0lcb?rB?;yZ&&>LvIUtYO~k*dv2?51ygF4iii?#;SyI6<6*cov)`my0c#+YPVi5-TVS% z)js$!^;z;~Xz;?v`;X3o{Xd02IQ+;m>;}YTTm0ZbF_zo=BPLwV_jE_<#kaKFZ$(@0 z-#&RYdHg%w4$gFc0mS4}egTS$KHlEJwB5XYl=f973*&P8+CJjA<}Ytk^Pjv-_6ODP z#d4IJ7fla7MLY@B!fxID@+z{!FQFvpg1znMCH-h_N48t*sJg5rke;CRXUrj(-l$pEKuQ7SjI< ztD{W#)P4SgJqyl`x)-&}dxi$msjK5V;CdHeK(FjWUuhwyKlb2n zmE@oOLrU`VFQzSC)mTK>y^8B;5{6&7I$|8*5Zzts`pTsq)k^rTB=j?nO{wN#8L5~w zS<32R(vTrV6NmQkZzEqcFzJ*?;x2cxxJki|(M8JahP+dN+G}s8o-f9)zqs>dVMM7+*do=IJXF zfu1>jDT0J}xHU}Cm==ZB`~uiAt*CWX%oVE{`&SiU^xcSfa6!}@yP zB7AGsqcn~CBk5nL&(1cT75>^@rn`e-HgN93zUTmS$7 literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/arkime_confirm.png b/docs/images/hedgehog/images/arkime_confirm.png similarity index 100% rename from sensor-iso/docs/images/arkime_confirm.png rename to docs/images/hedgehog/images/arkime_confirm.png diff --git a/docs/images/hedgehog/images/autostarts.jpg b/docs/images/hedgehog/images/autostarts.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a690502e860a09e4d33dc8d76c7a4331631f29ba GIT binary patch literal 83989 zcmeFZ1y~)+vM@ThCIo`J1}DKaSa5<{aCi3r!GpUKg1Zw4?iSqL-3jix-XeRSv$M~Y z_kO$Yeeb)?*K2CJtGlaerl+gAs{qY_R)7~0BH|(d1Ox;i2L1y;tBlaXA5Dz_KwO*# zfCm5o5da{d0SGXZ2L6Hg6J7_ykPuJ+6u8_UoYBDW6V6k{g@E~W4F$t^f5Nd~nCed) zNHEL@0SP<MG?696EA<#KL6C)pYT(+|KNiS3`6}%BPuln0OeNS(u(W zfj~e&Kt@8we)bHTi3Fd7>3=wZS^-peFh%oF5TpPkDg+cN1gH}r0@Dcteh;2rg+CJn zBos6ZEF3%nA`%#(>cx|!pdg{4U|^u3!PxHLdH@;~291PK0QRMvE*z;XI+J%)20WQy zc^iiO=rK97o}CW@A|@6#4lczjN-Am^7FITP4oDl?k<<<4g?Gs-R;D`E;^ao@A!WSx-FGy%; zC}_ARz91l-!5In_8is@s7EM47PS^G&DU&xmx?ogBc^d*5v-~lJp4})SCOOM0#mN(E zzc~AU#+c9l6lecr>@U9N0Awf#@WX>b1^9r74i7vK@HyasZ`afKl+CmM?Ol!Wf_{#* zXL}6@$gg>n1ObL6eOoGC!S9nIhG4%fdJh8cuKjruDkK%-vdS@Zfn-e3ew(}Do@l`xMonew*3jrjYG z(&9}Pxgk>)rS}hV6$Bnhy4Uzo-}>rxe9uWEN>v`M+u$a5FFCZYl|jG-CJ5;DeC&(( z{ib1Yd&F~@G_nqg(u&vTwSSa^tc{yDQ5A|=uPN(p3J?Dx0`IpTAyQfHE>ky}+CFR=%wZa>ARut8hvvd* zH99~R|IpK$G^kfdT!IdP84{51KDk@Yk@=4plbg_KOjD@D{JD=E)*nSiBzeltZ)%}3vqI6XF<|in#GLCu92byg>I7EwXf$y zQ?mWCAZmI(_(O>Hy#eqUdAG@MNK5`E?a|*E=YKgW`ybbeA?)P;&dlFQ`Fo|ASm+=z zTDDnUeVzV|jx5xEPct-93)WJT0XGM&Nm3puMN?FskaKDWQ&bS%x=wS%-d;1&CC{wRUkMj)y!*c-GVSEW5B7 zeJJi7?C+8%0Rd7H@jUM0rTTiEGL)Ao15zX=opSXBP@Ckn9IYV0fY4sa>Hsfi~wJ$>9dWE0q8))m`EEo-ILJN z4LfE9yji}@WEu~fH0Jf_^jo(vyvv&t*q_E$c$^T`(I3~Rn;cX@0CoQvs+GEf-4~gd z4ID8V<}SXjqL91vDA+ZDhQYp-=PG6C9ZHi8`ZSPHH#S0yyX3A%^SB%D0kd>vl)H_7sY zjvM{ojXaJxFLYX_z9-qa(qds57SYM6_7?P#oAp~UbwZpaJLpdncxX@MNC_B5MU%sP z*6rHr`UrQt5-c5?z^@R(Ag7qs9JT4k6Gx~AM`_Ce4FVeOPZZP^@ILGHpvJD`ij(cP zX0KAzPQ=Wl22ZxMvA<@4 zlBN6-p0P?2^~>R?8hik|N18W1*+=BP%baDjo3CU;2Mtd5GxOoDheMw6)HNtZ z34)xmII5opF1nU{PvM}N@s_f~(9M{8w+i&}&Gez-fO5E#-uptl5IoM;pT~NXS4tIK z5^q$9PZpkSr(Nb7w$CkpL!j5=FF=YU$8H@S^b++Hq+*&aNc^cIz7ZPM?Zm-%B>%b6 zo8K)X?G3Ny1R6hp(vR-K)@Q_L3WbA=M2!#=%}Fp^;$XUEzsKVOD^zoeZ$t_!3h}Y$ zQ3)kYZ>QqMpg5y$e#B5<_>o(l&MBLm){fmpgcYJ|EwA>zkgsAUf-a~PI*oQ4pD5vQ zyIIl0D7r@7w#Qz zbfK;FU$|_;TW=LqdQ>-zqgm=~d!8d`Jf9^@o(Q#o9FxQTkZ3Kh;^YeX_WI!c*#RJW zs=jF%()tr`d0(EsQ4ZeLVNYKkJ-V@gY<^dczAEcehywzeF_1wLe#m7%adBQa-hi34 z9z7%Wp7vX|j>~5oEa3K5ZtESbdSg^&X!nLrZ5#f|**pfePY;%y6Yt044%e6(6PzLD z5yjDxOc!njEWFt)LLE*@;`Qm0=Zg%88-wOZo#iY#neL;z^S5ImALDAEfwSSMc+SD_?VE-U&l+uP9jX|oH?6?vEAO}L~lo^@v^ zUw8KvjFd)yO@-_n?PlIeFNxFF!Jd1SX}9|>ARr6I^}q$|2j7L7%!6Yi2pIKATEOYt zSw6W2>(>JyfKfdz;I~CUrN;LWb!*Kt@HdUAt`u)IZE2EkG2-T}GwaqmU&QPEjM;!k zG#sqkSP zw>r$X8EYZ*H4uqdM+@uLyGn;E%`x(-dP=7lJk9EGk@JCsUrrw$753llm`dNy&dcn+ z>^3GAXo_)8DzzPl;D3x={>H0Kfo=ai8s&8ZdH8x2qoqNdKs+f*QXX;#iIbPxZLn!o z@|POAM9yAl0uaEf;^PX@wyTNtc+!7L@1ClI(b#JELBfjcI-K)?=G)k;lAIw7+0cmF zMnPM*h40No2z24-;06k#4j+{j`-%7TzS57lxoq+2zQr@x%?ib1H=?HL+wqXcW7Z85 z8W*Pb+vH*^URfMB{Eu-&v+pBp8Ma`R+I_^ju{Y#!Ma}6>#pGF?@g(2i;E7%g3h9{U z)~4X7sxsn0ItjJA0GERqSZuul~cBMMWqT1KPDaSwWI z2LZ;6M;c#spSyRt zG)(Y-gaP#nm*mZPrv{&~3UOR7kHzNKff-IliaqiDq&jQxywHXoA1?NGp)PwuyHlel<; zIUAO@*EfM5nHY=7U|Hgxb^ZzN6feGrhi`e%vX( zUb3KC0`|T&9u}j}JiwsYi^7_Y49_5^S97gst+B=khldQ6yYJB*L4nvUYQ9C-bjLt=*8zHxwY&C-#O!lU-Stfe!9`c0~PtBY!! z1`ISr7sSuEdpP8EcT&A7q#V=U-I^`$Q{DGI%x=Y-Y|dA+0hT?KUY;c)(@df~qlG98 z6hmT^JjNx0i@PIv<@gEVpUUV@32fW9>FYc*SkV?WR^CLGpEVn{@=+n%h9Vn7)fLGv zu^7EUCm8hy0o}2lYJp~GekvwiQwh2&p;U`8sSh+`gL>VC_vjY#YL@x-NnIvVaJ$u zoKeE2JqEKUZn~AmJ`lJ3T+s@!;q_9I3<;?;m8gDUHQ#!92?98aWSJLSQf;)O`og{t z@Zp*-Na9zBy!cd<*fu-_;B224XullEt6oRVHLm{A5obAHUg;a*p0%sAURQUAxod0? z9rKUAwC`z^wq4IXaoL2*9b(I$%NLS) zh@_-Aasu@xUIAb%pT-y&-FVS~#>BB!Cl$h&*ivaM8~W;Wovw2OqhH6(4(}{i#@-xb z#7C^nS^G`$^K^XU1wRYVdRO_5Z+i*G1F!g_3S{U?CvO5ddDz6QM007lL(DOo(4-)UwofGf9|wd2e>8ejDP36I3-6D8Y6!-<29O$ zhGn9~#C5(a`%pbP#fc1kGmBrijRS0_<(2SI6wE??H|Uh(A711*k_$Y)CoA$(85(Q^ z?9!uld(fjb72rHc+xgPS^Fzpyi`m~Go#A`DEtmV6sGsx!M|Fn5K)+@Sdsv#en}9}a zi7nci_%QMt10ES1;Od5`YpzS)bI3Ext0LEX*VKY2IpWEPKl@`d;(Px3fClk;BpB)kq`v&;(yw&S_{={ZRSB5||tqQYy*+4x(} zDNhT><`&d$kS-fM>C!4{5;ou{&DM=L2t1MH@TgPT^(2^)s@VhUW!Nm7{@=PEHhJcc+W}^^f-bqQZav^hrPnNh#?iY3A-`tWsfy`Ke!r z5*&nW=*c+F?fHG-O~#fCo&Q7bq(QtKCcz6#oh)*E+q6!PIJ-hmV*&qFZym)*7vlAM z7**jJZ%JnT2FK#f{*l_{{Jnq9C^JN~#*nqN+Y-vh`X$euHmwFN;S-q$ZF$vJTUKtZGUuDv%4!VgfLl}rVn$Psrf?;+Gk_s zY9+YD+1QyalL0kSs9@8NEcwNJAn)f`4iKOhFf#Vlb>EUNTQ$5lj^9+kn$duq0S-WR zyv%*@+C1HB-8M1UjbE@I<~awO3n5}&gNQG;igdr(WbpI#C0Q7}vh3|Z6PIV&_E?<` zhr^#11_6zB^F1|}Du^vD+*2|*W8Bg?gJ_?&qVVkQEu(-v%|oL14a22*j(sHvoVBip zhUH|MRoeC4Jqiw;8Eo0$&oDfLAU8;6m*)zNnog}edRVjEkYL$@6n=>;=8ZsQeFDFwo89vOM zIKI0un)?PzW5~Ijuzivrx*R{uQ+~4C|1ej8{}*(s{I!OLZ`Kt{mGVfvlH8v_08L+q z^;-@CTIFAARUwkI8^xD+czIRcv6H9~XjO^rGR-X30ShUFt}>^LnX!gkKB&qV5vuJ~x<1mf=Q5%mNZe@*iGdq*$M&kQorxzc)TbfjG zzoz|jB6LhFqR;#D6w04JU9z$kUkpLf1GWn zNy$q4y0HWM)@?GdLqn3s83{cI&nwIL8|OxvS{ePs$lLaJ=pOHBWRSdgHJ6&3$`$a= zOxVql7oGf+8W*A!b3!z;c7^);LUc(8@W)aW%-F`Ek?F z*ah)aWZ>J72n5G&gj#a8IBG2|S`U_OWZt{*mW|1ehlgrnsGmJK7G|`3`HpOCFN(9O z{hBUFl$)cR4&o&Ho1F12m0x)aqsv14Wjz2Cf49S%oc{J@ma;-#bFjX?_q^Tm zOf2c^_}z?{Zvz4FXSRHu+)rnB|J;9l_S>G-nQdBk!o|o>@Hqnl@~{0?T6#z5iVD;C zA!U_@kC#F}hCa3Dgu5DStmm;7{Hfe8Ksg}IPt0|j@u;=kg$_0`r5n%!q1-N^6^`)(!fzMY-#=R{N>SPLRa9MBJC zO7*sz>0WO*%|9gl#;!Ar`_(6>L@Eiz=<@7Ao~5WrK}ateU!&)T%5_`^zsc%TmU6- z>xwGZ?-0q-GkQ4Z7o-Q_!R;D8Ny^nrp1E)kW5a|MR-UXsUrj^JJD?>~iFO$59EoSL zJ|6j;4_BOa&;Q60J9lRtm;LD}-%-YmeC5u&B6Vs~0kl$q1=}=f4wg_l zGFv>W*R`Q3o!c}ne4348Y2_AQd5v$|8o19|s=2p!rTh9t=-o1e(igtke2yYK_#D=9 zcz%UGb4Wru@zp`$^+0WRA4l7LPXX4?AYQ>Vj@MsCL-et4({fm0LVcEzCSXEHyjwT) z`G%Wtopj6W#yW5xW=7o66}-T%4Zscz>xNjLKL?%7+w0*|43znUx`)*jtGj?)i1Tx@ zv*MChrVb%2ilm3IjKF<=iZ5KU_841P2d zwVp~@pY6?g0X3^-x6Q9Tso0{c?x{$Gzv~`lntxaJ71Vt>Qt%%6h#u?GwrK6Xo&Pl( zE{{Fic@|_&p5Ohp6V>ti$wcFV@yX_c12_0YtNk5#ag|Ry49+vOMvfo*LE_`6{zZM0 z+v}C!4DaWcK5q-h>V?h7qb5-m?3wWaU?WD=)uSZ0!)o_cmO-)c7q2@BeE+CKLX-@Q zq0FV8$;z77@BAkj7Q|6W$U-xlRc&kUJF1;+&+|(ic3w4Op}kkOc$Vb^JBf?}-ZYwG z=Uw|^>~88`ALP$fhPCh2MOch_g3q0yFZk%aP2Zh zSlxNDUFLX4vYaH62|sQSidLb9Hu##C*ZN_KC$XV1f1^+ez=wFC!LeMgO{wY2|LG@z zY}H2a;BHp2&m~+LBQ}>3Pi`a9s}!*amF)hENlHPy);Y>i5(5Q+|9v0!%VpRc5%Hyg zJgO?a=~jIlww z;#>*KiWtEa&oXR5V;L8P={g)&?JcQ{H`*LAi#L+N(%m5T>bUMIysa7X!lt)qiso+o^ z*EK-&Ors*D^)8;ylV>f3KDfu*`8fsCr~as+kKOCaJ6Us*wRS>2+?EMaysOc*ts2I8 z+FEgM(G{zg)+O5hS~W<5{);A!h!yxqo^QD&wo#3*5fI9Fz0((~Yq0<(M=ayoaa#oIW zEW>nHOYw??(sI;wSOOIhwD?yzi?>tGLCDnWK}qh-ve9UF{vsm07Hcs3G$O)a|)@PnioF_=2&P2vP?*s~+sFhA_?s}oEmU|XcQ{$FB4R%}3 zQL4Zvy0nkzzu#cQTw0pDT|BmwurO~VL~Wf`#YV{(#LOPJU4&Wj1WtYywKal%4sh(= z7l|I=LdPsh;i}PS!gty>nq;!g(?p6O$VGmR^6g=r2cKa62V zcxoSS$1cBTC}z1{4Td5PO0s?hqr5=iwV-Hxc<|_$mrLKsrIcUKWouL~!)W-Sv%C}E zm=iCEXZtO>+jM5`S6!SwRdwp!xFFH!}q;m zm}#sR9F%O_taJo?1GGdj{=VJ;L(d0{xm^KQd-Yp{@ia}RagQM~bthHKHxTr(+!b7< z&*3uQrfNJZ9F}k4=D>~uabW+LcqCd$k0J z&d*?T8X+^Y1R08}_ z@MmSfmFT|6lY~Yf{-@9h^?yu==YhL1$EfcwBa9r#SsK z8C(xRHA&2?K$m1&+9^-e?nbx zVhV+O*@s8dQXaw*p*a{}zdV#{$}rOsqXglySQZFr6>~J1Y8;o_WR=2?8ttFB%`7_t zJ>0!}=&;=MIgZr+Jw~<2ULM4iSSQM7{ao7k_hn&+7wZV`$f>-mlL+%sQ}=XetXRco z7W(24{?@rLhZQ?4*z_`5Z9YJojg2vtJ#2OZ1U#34esnDVO)$R;NdXFzVmf~LYM2&n zG+}nr8ft3+t46cQ{Y1viU4C!x6e+5?cbyiOD?{P5lu49xv7wqzV)_j1N04Uf$qIHQ z%KsgPjH@@pqlb*3Kx0*vmoFJFg}iFrZ@>>nVa=1h8S@;jY)JyUSt+{w1$rd~2MonL zy64i%Egy{1(KMvCfy;H;<9i~=> z@P0pUDt`NyGTqcjbR5C{@?P*VrC58H*LubZnb(T_zR*5&J)bu>x8!(F~Rebm3F9lVW`?zW!N(E#fP0c&Nqh-r5xL|{)i z(SPYF?;*_k;l`5@ydvv^-A+BU2R!|VNgY{*D`Q{lS9u z_@jF4s(HL`NdzyByg3Tr+>Ky{{{@%Dv%TX)o!bGVw0}W0`Im(RvNB_m=aT2(F@=}?H{ zuwIiC`FA-$d5{3>Sl8Iy*3dV0h-KT<;I~=M!xF3x0~i0MP9e z<==sMdkViGHvSFP`wiANv9ko@uz+#M4J@s|{X>5E12%YqKRv;g7LH)rex)Z4kqxbs z6u?(JO&mk zo05vXQ*6Z;CN>!php@b&p{=*CUvx}-c1}Au4rGm)Jt~7-P+8BxvGUl?r@U>Hg5{mT z=kKeTS?l0Y@WI1B(E#!EJpM>e!@$D8J<%Y73Z~&H;spT)?ume>s2%VvDmc6a20T3M zOHx~JbWEmq`cH8nKAG*Ks~BX0@^)*-a0(|Zta=sX%+X`^puYuX>`C0I-MGr31;z?x zQlL@=2}zLtZ@PIcQ?wegTkyZJ!**WNw4(-j&pW7o=SMZxjB@>V>Hk0FfTg@=$wwq}f+DO{;_NOMP?i*}&Yb83_C?tVuP)MTTl2=~j%`Q7 zH?5+e=0});w1K4&sHG`7T~0E-JDf;+9Da;Sy3G@5Ik0svdk9{w9)2*t=M`{tcPkqB zHB*{ItjDe%>dJiTudO!EHwiNY^Y@y`=N*1*hOra=aBI)KvD!cUCs|gPMe3 zySF&bkc)nYkjR4N1RSm{tzexW`36ygkoJpxX$;r}iQwmx(2-7Q5XW-pw2qVWpZjB# z=5mFFn*~3-8;17Zgq*_~V-X)Q#F*#I`^iD_v-zAs-HP>gD7m|V*FH!M?BEyD`= z;ScS{VCc8?A<4%F5_6y01$f!3**@mtUig(_YM^n%;fRERy z4~vlF)EDWily{~>OgR9vkhby~u7K@i4!l^ed^kX475H^bp~YrCbepGqHIvMW?evMB z49#Hi9zLhQx_|c@EzjY-_uW5r&%gz3TNxLf_L%)Eijww0v&o<)BKl)k{H_1QxfsU) z{KgsC+wAEY(P~;#9g8>3gIEh3%OABIMTT-y-;sya@eFU(8*i*D-tK~cTfFP4s%_XY z5MaNu+^hQ#C3>Is@}|hhw^{SGrrR*JCi}Zli$k6rl8LR)b(}OUY?~){JE& z?y?s?R!}w7YEIik^>p)De{i+R`$nP6*K%La!Mi9{<}0Pmcy;caqWQA*o*|+E@ekUB zSA3xot6RlplcQBsy}Hl({Rz~f18^gw=T{jVK2vafSa4YhZm_mwNS~FhBFwDZ>$;}M zubst&db3ry*ASp-@Eu`*(O=W0hLfZ!a_q9K4#pHN?gNqrt0+>5ooaGjIY)jko@g+)|zUpc1SfB?0^pXw7KR!U2ddmiXrQ;qy%w}c=d2S?BHA@4wWUon68-QcTP ztZemXY&O|`Ig3BYa3szKa1)?(B#<;EMi#hM&$YPs>liCvr5f&An3LyAvzzPEgq{UO zYuHx2jHMSQj-!N*WS$k2ei1*Ya-msak9)e=Dni<@&D+vYp5IX*J~P?!H9zEgOwEqxoAT14L@xOq zwd0Ru;>fAdI?Z(C7DuB|+1kOZDd-{{%&H^jd6}*b?%b zq5V2p2+e7RIUg|_DZw}gWnb+t^~WFiC%;r)d?557ldc}OrfB+k(YmJ!A+S_7Za`(7 z-b^>{B%zHmj1usY6=4;*!9WwA<*Sw}pDxvlq_nZJOf^^D^*m&2nr=t0u!WO%ZcdTr z(Ni|hT$S63Gj<-hrhF#)&ivN43dW^A_tR%|iOdJW=+vHYpK6d7)Nn_ME`-D)>1MEW z!<`4R6Fe@Q1ZgRwAaeSxIzilsMy`qac^a zoj;p9$YMEj`pTOgfN1fB?NV{V+*p8|A`de=rM#oax{gwZoKVq}Go#|*;f=%S`0?|w zv+qOFes4vGmLdwzH4j6w4%x2RP7A*t$=7!ea&8m#RL9-CI?vi@pPoKTY0|d4mAc;k zZsqLRko29kS3qru=u_Bs2ycL<=mu@N@el~$X1jRaFfl!K+dQ;RG-EZ}?{xTRCUx4J z&q;|=Yj0fclBQ!;f|8e&r!F~CplF_n3u`{6=@UmnF}{d?1dkxjAqIX8A!MZ%^)n%& zM{OELwl|Ifw0s|(9V0k$KgHiH*JSV9V&3w$guC;p{@mp?O^s;?^X|3yD7hoc zfOsx&7BQ-@5p4b8tlKzskzLik=p3)vbi{#xa42HSjqgludNC7;hJI=ucQyYanAPd~ z$egoEnDkxzZcSn--hva_@tgM)=LIw-l`kOG#l`#Dy(yF|+xsxeBFIE%t5T+wHH}Q( zN^uqmIe7?OkU}KO`*CF7%oXS7bO)b&t}ZTtKMZg!sl$|aR3G9N9XqvFe)cZE>bZXe zDM6{6wT!s~h3rO7`>aCPre^=n&ZQNC&4HRf&zt!j^f;|GWDvkdr$Jh$S$rwQnw71d z;-uLi*R5V%YZroi!Df(6jW8E`zFM*MvKHB^q&6yU0)sm2Z7$)8``83{6Sp!%8H<&a zyd$F>alMH%f=F`H$EwLW zaT%eN$YqglE5tEgoI2s|bp=folJqMQf`X9zV%Wg*5Bb7Bs=pdSRI5w8;6{t`;@w1j zF)kH{IWHkGwE2QDW|c*FC@@x7wc12XmNoXlk?F*)ZXu`pO;(VZd8Rjdnd=u_`V0Yh`chrkz;}Zt!Y~Hf&oie4_QcJ3k38RPCp7Tl9 zv}OK>+R}1+==85DCgsiz{ZwW#d#8!c^COdjkTQ2uUEjyASH_+f3BqbP;?St^<8T&0 z?o@gN;(njuR(Ct>y>HL$2-bZ2g4Ot&Q}xwi%#9x%N6z>tl(HL~xwZQ&U!wefSO2$I z{#Rayi4c#PiE-nu07~DvW~kSV{>cfXN*Pk360s1rx^?}k5(2&O5^-KO(Kgh&KQJb* z+u}#|v@Iv-CB&!}dqRyXQQ!*;KA2?utHwTz!WJ?5y4Vx$hWD+7=#F35TxoPszDhIJ z1M}VR!L;!xk>;f*+Scv6y?c+~3(cghvA}<8fM(nJP9&o^avAsA6b?=zHcZO>FK_FJ z*^gbmty}g9PU%y0^+Sy6L{Um+xl$nON#Oc6lA-m{rP3qFUH_V|_hes>Pl(QH(jiV$ zu<5vEH*Lw&s)0A~_UQX{0{a+|%KEuV;m>KdSm8ZpkA#+k!A}^|9nP=ws4fsO$U+IT zSKJE5dDZ=tt@4$Y3WFOuRnbU}?-cq2??QQhB$^s_`C|%3i@p)SfmRHY-KkW2 z8+4iaT#cywtzC?*>m;t4@>x+W@6Ui2ezb3OM{6-&Mr!Z_$>{5((uM5wo-nWRg&TzH zinO{EC>p|gQ9DeZvp5aA)5u6@$PW!zNFbs`e$In&U-w$@wqK2rR=*DE{7R;9h$866 zwNN`KnS5UQx#1ZD#|usQU;(wDRt|y{ssl)v**GQIZ0p;3x$-U+t;{8IGVxi4>IZ6G zQl&FEg8{=I1)H9Y0fasgn48m46hb~l*l+zK$JjM|)4b`Cb{)70!yX7(hC^`+^rM}) zuYL9H`As&qs*UZxsW>y#5MS0on$LI>(1a~|>bYXz=d}$$X?{0dt0FRR3jcKXPU&Qw zC81z=6vwWo#Qkj8HkZzM%8_6&Atw{>c?OCuoU2>TrLpbtR<)^X8f{X_D2snWlx?ag z$-*~9$7UJ)c0q)8*7cSq3+rbZGqp374(1PSREgS7LhUR2h!U_Xk;Qh$P9JHNzl`!y z7p34?EfBLUCZ9INcdm&vb164&+ezQY*J@t8o72)TIejJWG5b-G`gOM$6BY&$5BPYp zWdP-l_4~$oSdsYxfMP_9k`;K!6aTzEW8%p6 zT5Ak`_yn55jK_39ipdn`c}&%~;Ap(>D9?quVp|m|W;boP2U&Dj#|i5Uigu~<-Dj`4 zWrNDI45`mK+HXURIS2`FiW_vgW?^{bDz&;+j1x!oXJ-~VSRyFp^m8Q`d?&CtYmDdX zhSYoOx)iSm3tW(az431!xuatuU}+hqvVy79^en&Olb`h9-5p}SO;aF`MkQ$`vF&G$ z9yfUqaQe#B7g+EAX|{quI~7%XYYZDYtTk#rlu!u#zY7qT=M-%^dqdXD)qr-9?BnSz z$jQutsKZd!joQ=^E>)}TxkJxawm8MscL<+q98pZe{!%e#D zD>)?yU<&8mbeqRarCg79TEj9IbqjBXaN(9V#q;M#(f@LVQW#Kpf$gZKr*>pdAIU(+ za~?n%Q|k;5Ue>n}Ies1`4S(PH7VHn-vD6O0HTrfqvj&$IZed}?SGC4itz^6{C>wF8 zN;+aPNI!gT<5J8Md6Q} zac=n;15HD1^6G<8gLDylNL=}1XiBo}I(u?(JRh&2OSpf=w~9CKI3gt075aUavb&WK zqK4U>pDhGTnjD}kp=Q2j-?qMj%O-hUIb*xve@Po1(@#8|A>Z@tlj0hi|Av%*4KAUi zJeK4}^m{Gw0rNK9ax>cdL16>mSN5y5eH!BY`D^dI8E9>fuSmXM4r-MKC()>8>kAJi zb0T?LyH8T@8Gkw{@0>AkNq&r%!m*38kHN4%st>b6j&nv3XH-PX^2*Ww4wc4b$$;4^H$LB|Agv{7}bR$ zZ}WCyH;ul%h+UE9NJ%(rT6wl6Fb<&>+ceTn?~o28YML;5%hGIB2_u`OvDk$goh zTz2QM3_7Q~gJ7jh2Y9-7t}FqnwgOUYu^2E+Rq5FWJ%``JM^I=8WNBFi8JbrY^W>^Z zE)H{>c6-?Zr|Tj^(Z$^ZF!ykR<6|3{*4hQ+?I4I(LcM2|xqx(rw!#8UKIVbxtV36` zGs2xjc~;FO#ol%Ko295%JPBF~CG-djV$Tc_5SExw=a~EZo%(}LYPn{5DKWl7e~oZ< zy+zjEBOJ*s_B+e9HTA;W|LqeyR7=gygFQ`NBa#pzz*OS-a8&)cW>So>S(7vhHw za*}Fib!PSZ80Wm!kpzR;qvQR71A=DU>AW%r=4NN41gL&(*M3&w_*b3dI`f~f7De+2 z8~I?@t!oppkX)y733obt5wYbZq?x1Sgw^JZnyK-EBC38I4e4puC$Pa zp4z5LwUbuq!D3J&M>2}qcI?~j1iUO2Wh76-!>X#`9O{J3loY|d1+mr?)cYxpon_4|`B2dJ+k={#<7cX)b7#^L62W&$HB+fUak&0RxB$x!5%_?rWvi03_&hHcu z;Do1)z?pwK=>DM>l3r3hJ5}VDBh_iQgz{;3o~IEZ&H5PV5FL+UedS2>y9KxW0B{q3rEm&M4+Wv zHq}qNFf`x=`8osmur%Kgr~19VcHLZaPPgfxTdr`vMR)gtPE&ZQ`og3?V&v!0K{w}O zsN5k-j$s?L*5Tr%4VM_4Wh{@?BP0`T{NgLx(uCnF8nWSTt4eOlq(wz z<-5I0f{A#Px}V^xz>FS~)`-~1pp{a+V4dEGw|&1;+J(B_?aCE3x+)astZ^#s*8V+s zcSra1!yN6S|PZ_u7;6v49@an^P{Do(qjhD<(axr}2Zt6tII z5RALJ6Q%9BCYwaq54`~%e$9B3db1Cz;fKvghf|N-39yx@y7^JK4Qu3hg;sKNbjDd? zMzFPPd@4Zwt!%vIpDAa}! z@5@Min82aarHnWozmIPi``bPcY2&XkH1i1ibaQK1;Tl@e(oz$kdMe(*8Rz_TzMDXD z@~iEr(4c$0$A52HQcUhh93E!INpthF=)gdEU|x;d3`cgRcq{5&r53NUzezX5xGA#! zB}Ln22KR+}5Z6bs1fy6A=$o+|G%lX=I%{Jqmyd22nSBGuaq;IjyD9g|{RQP*?AjyO zn}$W-cJUs3Gs5tcb7a*&*5^Mur(^gO7jX9l;T%tGYK`U=H>99gglMC##w)9xpDQS+ zmLz<4e-n{1SaO8FmQ$#ch>-oSQj|?E;+B-t#<2R&$*T)6=PkZi z1VB*HTINub@V^l2!P%k_F+?2QU6lD0)&Z|Jtk_#K6o1fE6tk#F?bY)xNa7OmtWZKi zu)IzZh#IzXfgfsPr{bYl>)?^mTd6MT3)Yd09o<#*U!c!bDEWRyuxImW5Mdz)h;C}* zZ0oG6RfKXR6EM@1vzwe7m)sL~y3v=B3=Aym^sl}9>cOSeK9+|Soifuy#xVqE2#*O( ztWsDQHyZ7qhepz-fmUIB0;?dj(f`HXTYj|_ zzw4V&v`}dAmH@@wDK5p`o!~AZDekmDaVNODI|M?o7I%l>w73Q+P@q8j9nQ?GS?9%X z)|xl7&WoA9AX&*y_WnH2eOn)KcgAW`TKXDb@g$_ALNypTO`o8w~Yhtz#-rxPGDq6 zrN+BU{x0P^AqUYK_ZwR-^p&Opv|s0@k&GvY^$?M_tq6gD0J8S0Nne0urO3u>uv1T( zMi%}z!pG3)_s})aiTOJr2-j-vn-Zt>f2E6T`s?9pf!feY$_aK$m3hX{6@T0IR+N}3 zke?xDntSvRWc=4qj57N~Q8)xpklC|L%~V&oX!Nq#P63=T3w;t~%99x8bVVgDc_^&T!icP6JywAthGPPMSK|1-nB4-TW-vefs9BjhNT4P_fs z*^f{BbyijPZ`DJbSbIP0G~8uSPc7xnkjm$bpCFKeFSwxgkcL>T35_5EB=z*tzQJ6sQoc zG`Hws5&quk-yLKwKwx`VJvY9OQd%}f6-UbHBM7H3vVvWNROC z;okh0d_>oLC~|}!)x@Q)#F@wV{uzLo)AKi%qucom_=hj4zoms={F?+$x@n!QVX5xK+QOO9PSZ1>qu}4>G;VtNcadmRam;hvw-6c5=0+*=L|Ja z^`7v7lBgRhtSh7gS==oaSu6V{K1;3C7@QTWs4a`+8P`LM=>G{BRyGQf{I>D|2VPHH zo531dGOH?PVms9oA7Ci6TL4B!o6yvO9C+>)r_= zw?yNTn-!4@_G_F_VB~17SN;;U(;)$7wTzwT3@!R&o8wu>ZjM7H6(@w&ZwskCe%H&o zf#WKBXP{F3&heE&ldtHY2U~v@qPa7736H*UK&30??R*LT3db z*w&wIdMvBTRomrYeemkl_A;})Ve&MhB(AH{OyQJ*tRtq54r+|Kt zV_??kcLap1bN4-1K^RxEzSR~FgI}MnIYUo=W zv=Q~v-c^x2uJ_?eZw>jEIkm$wKm2Vb1i0Hpt-676OpCea6Q-ZD>@(43%Qn!kyz=!q zL--%GuvWas1u+{=Q#U2SoQ2@tt(&Xz{ulxZLpyHq$?kIOWEcmgo!za~-?b4P6)iQr zFeQ?AXklC)xOXm%1o8`gF(J0tgVg-moMM%FX7zfFo^+-<>l8blT}lo;m=gf!tK7CX+bMd?^9lgq-H`L`@+!w0mPGZ|?&2Jt*N-W9Gl z%#=uVo&95)x`|r4|4Vk#B{)@16cGQT{NmBm63hE?bK-dXzs?W4IMpIFCtfod+XlHc zWWF^e_3j@?2EfK>hlfD7`+D_=NZrOv}a? zpD?D~M_m*vPXATVu6-4i5xKb832=?*emr4dOz%D^@Y=gR&jY3>P8JwYbaErM&3Bf9 zcYH}9LZ)fXztkUXWsauH2gyo^iDBm|3~bu8iN7!n@{{qfYhfofMu!uXIQQAU3u~E% z^p9dRCHY@0N+YZWnfNP9I#aOll64KCCe|rqvnd^46HmI8=JX|#GWJBe-at%~9Ho8= zH`eKSHQLNCEoi^ZIq{LF^ZM3}J^$f%8UN2WGvTBdU^+^S007=#(+zaOWOd6ai(#M4nbHreqPx*H|(Mx(WqzgjiyPzxV+xyfcV06X z{Aa66EqKL(ixN78so}F>F4x>C9R?H0vm=?v6f4KP{7pPReMWcN+;%4OP-`&61036- z;OYgs6q&l-<=Tho9ylYpb-Cdaazzp+3jO}4F-Y^e}o(vAAioectzPPyI3PVF zf}}zqBlp=WVIlFhO>bkm97-kr%{o-YZ^DVvPhtV5b~%Gl4j-Z?;`s1bm8}^e=#mj~ zpS6OJ0rizwb^?6gKWvbnW-mx#Z%&Ys@-L_Wav+>C3p|%qVuAAJut##WNs#vSRAwIJ zXP-AtAiHi;k!t%s+lcjH&WvdrU7gqLvr?gpmOPhQ`kiwi$&htL5j0DQ!*m^Uhl28b zr0N3qlH{g4_GP31Q5H8pT$lwq-hwSqc-2TR7QNp316{J@CwOA7hob-5cvbo=M7C); z2X0`bWBN&_jfz^&J|ufT>oocak|tCV=7FcOKU(;B5pbjT{lRE%`b?PiE9h`~V!Ark zP;)IhH@1J!smVoT4SGm9>!Ro;oEqkyI6fx-VEq1rW@^j9irC0r zt^U})s|U7ED1zd>;P4}b-pNFenpYepN=1KrYX#Dhr@05ZZJI7n3XqM*;uLr)xdCH=W!t}A2Pptu%mBTtm7;VALw82sR9^lK~r@-~0xf>8?e4Kf2v@Vt2t$+lj z((`K6aK`A-Bjy?RKViPeFWR&1M3Iq+%f4il1Ag)QiA=FA{gi(*!^EqrI$ozq9b%^B z-_m0w)#EMO0~GvVnpgr^vR6NPh)5I43=c0YqHBqO;AEp%GGja0fjKJlAydpGM9fI$ zKR-BlDE(aCF_s9~5Toa#TYT<%-HNqEMv`6oSY0RXUIuf zmyBv1F?KpB$zWSGVv4&wwDDp*H*v9oiqd9slc!M2-w zd0FHee-xnCZx3UX#v3M-FW|@zR}{dP>2(}XXmE1$l8G`BC#gq#`j8JjweGZF7F>45-IaiEU%_{5@VTT zT4!LQ1Tg_*Rgm^E@OpIGe43`Xs@_aCnqhFY9<{V*wzk>J4si5+UW;*+br4hW?8>^Z z87KW%K!=Msc#cw|>qGRFm`clfT3BYvzZO}&$@9yULITV2qR0$o^-U}KDQE1T=fYwp zMpYRqtF%ezI0Ej4U9sPmMS9ZyTblHLX8iTyuU}GSoe|)veZxJ@PN_mH@;iqvK*r?d z7={Q{i<5vtP1C7UrUu}>=_YF4mDi3p+tjgRPS2GCi<=YHR?bHIb;>Mi#umFQ{w&k% zrlEWOVWzI4&(lRMg(ms=(tBQ|&PnZxC(cW&rmdyL=T$ROX@?Qt8GlIZ{A6Guh!wGp z)xRLDscav^HKE78MeQoGHVbsO3JZJ9k2}LB%NbIuAj=NhVsy@;k_jD9AymFT*nKkz z0-4yc5WY$0k;o{TC}W`-aFIMgdh3Jp^a_>Zo}Mw-p3#7hrcz_6u1$pHiT$3_fAhX? zp?k`R$AzutYk*Z7j_A%--%zD)_{QRO6$Jgk_}QqhJua`rv*moz4$8Tz8ZrKuYUz#a z_4x)fT}_}nq7W3|s@QZMR2(P#l~yS_d_m?q)O?UV4KiDYCCiBJSDzm=jlpc_zA*C|MNuE)mKgF4vL;DIN(x?JF13+ z;N|ndA5Jz#*}#vQF_Sp%Vr<$mHS?C&4rFNxzZ*#`I=hRJH(t-``DK5h%Ry;u8Lw~DC+e=(P*s^Z=Q3sW$MwT_uQA<14B3A2jCH_g{;gD9cZG;V|@(v1sQbr<7vn)CL{XC(vi zoHh6Ku)w^#)^#27NvMB52Gx4pr_mo#Wc)__tb+~C&HI&Ku%>|hYn#cIg$aULC*E9` zozu%Nbu-)fS5dEn#ap`zktvym)hoMFl`J@|C#sXtZoxHDwXk;=% zKp1Ok2`$2tzkp{AwrhvhZfKT#_TzJPDB&2_K5$HP0d&qklv&hOBHoczGTb&_L31)E zJ5p8#ZDnO^Bqs}0n%x)jM$=|z`P`VR^J>*Qd4ab+)4qH;fc8#b@{Q=QYUp>2Zze3O z#0#)aB{*H6&CEtM`D~&M2IbjRPs?2u&-#7vd+p{5vlhW+Muq^luT360Xn9v6D$ib? z>9O|I;{@a6ZJNJ7at4o%az!dRQDpo+FqknD{bZNHEcvK?@}g`R51NO}jCbhIIwIGx z+P99cA^y2td_Vf^p`Gl$-UvT!29DrmGkI)S63`49#-gK?Vn-)Ajq| zUm=uS$d3TIkmcAZeZ&7n5=Xw|e`Z!@=$HR@-DT#_|8?SMa>@<#wIFw%2%KkZiaK-C zEgue6@5GUfM*(qlRnEqhCH@et%hmAYNo|+MMG@J{H`U(=vg=o~+le*x2bd6wC1=FO z>XwyT_Y7dkpcUL=ElYF4Ix!yCb~2yrE5}fa`7c6i&SGoQ|G519XriT9zH0zi?@xDX zKdESFZm{rYPHzP?MYG4Rk~&jbGX?7pkH6YE@(p3%-(+v+5#pJ~*2bz!^>| zwlMn!RWh!Y_RBu$*l93p z#@&HuvcY<_PLMQpLFqV;kx)pquC3wCqJqF*A~!Akh_aBW48@#WseeydybTn~_I=4~ z`sp8(&#CqZ#Yy>?$&(nv6xuf;|s& zmX9OLR=nvq7nIfh;a;@DbxGC#M zizn^)RUs339e`XKmt*nAiS{oO7WW1}pIu}wsShJ#0WDvaTOU;0jS_p96c^pzBiyln zP)d%=ll@uS=``f)LU+s*J7TSH1qfbvVnp(#oLea9I{=Y_4P0k=BLNeQB;U1FF~+koiAV8m)jdiT7z<_Fg$+i%4?b%)R3CGa%YvZeOEoUua>Z#F=^2Tt zwcpGquhg%wkU=jZ2~+YA-@{u8B2hBHFT}MP764pdaNsi~Tq+~S&D`=5&$`ki8R!Kv zQR0We;|i54TfP@uPyQE+*Bi|`q7_a} zB3+ypPoj`N+*BVCz!iPvnUhslW&QGUp`T%o=z^1M;0>31i!qy3qPf?%G z_W?r2>k$>Y1b?a5?l^^68fL~2r^=UWW+Ismd9S^)JWH)^{8Zhi7+DYVEwKBCm81{f z9P-AQa&$?|5ZRlUGvqzACyu(!1V>t&Ep-{x6P^$-@4Dcr?$@g@^x|RpbxDvf=zo1G zJ?IhZe|1ST_>|uHf4^h+A9^T#8miDp+@<_iG1R=0MDOg~zlMQ@DT3ciRm&>Np_a(+JHRW3lyftj?t({nU=}htR+LmoA^SoRC=yu#*A%M)`M7gBa z%uE$D>R7Rg74S8cg4tD}N=~$2C-v#8+^%>C0NG!%2Ohg9-sx5_Zc!_2uAbw}=U1yP z?#8k9E51;CCjUIDg|~`KJv#N-bTU2Q!jfHjnYd#)*Y?O=3SDX-dY`tUhqUCAO>IK) z%BP%3wgWFkw}B7>Wr0&F?W^fTR9tqE_6J z%7|*E-drL1*-i~z=6gd*cemzm2$c*8kumb!pbQ1oNc!JxDt3zNUF94Ap?lBO*s6s4 zOEh=4t@?y4cT1kI!MO6Op;PdN&D$~Y0PQOujGxo)M!f3pLts1Gw%$6Ne(pH^R4eyRQFY(tmFyZ5| zN?{}pj4qi2R?yw(A3O~~Yddn9aipO9cAE#0Ox&5qcWdj_IwNb?b@xos<|u}4GJ*`@ zT*2@6buPUo+9eTNwB;%yw4>6r_u?))P!I06!9)6s@&s{F-Ks(d|gxbjH zV1xEDFIkc?D_LkrOtN(}ks(Ji5|E228!rK3<>b(fk4$VN48SZG!L{4*!ak;v#mKbg z)ETGmzdSAtNk~qpEMGZnU`=%!O5gTl*!z7G$I2JR#h248arLJA?dmKun7q^dQuN^S zk}dD(ORS1rGuVX@F>i>>yQ3CydT}iDyLH#jqHwG#f^o?ZN7#K$y=`F-{jDK42<%z& z6LASV{+ep6WVF5jaU)EU%)exona05m$jLe%B^5D^e@zL5!SXouh;dhI|ziWhYBdZ!Rn9O$gcihuNu5^p< zURK*n%)e5%W=Li|F12pWL%&dJxUCw;P4SGLPfIQ$ztUBfjLJSMb*}L1GS&)J(g1jP zhWs*FNukk`xo>R0c9|w$3xj?>s{3SHDq_LuU)wh2*QL?Fx0?Wq5IdO{ZMqbWtsyu)nEH;SwRm zx!3t6#o!1_{AFhspDF~X)7avAE%w&olmNnt!c{wFXX%SaD(R`u#Z1!rlIcij3K3FV zm>C4MJpX}o%cw%#WRgQ(n;76+#BT=d*Tq?vc)qj>&bTNfh-N^FEC9?T_7B5fe=&Y|bU8Bx;i){9B>f+s zX{p6>yoNA7mx0N1n(=>T%3k+N{IPwh@alPJd2?D#Sv&`V?bkmpC z|K-MnQ|x;F2RhpwZwCfyO7};BRYoiJ>waDk{-z0c*u7E+G@tXRn0ALVa=G}knl0z4 z{F`mZhyj|>v8jfo$;KkAb_iq9TK0=R_B61483qOwY!ZfI*S4_N80}9PHE^PS`S=oT z7!1@o=c~NvpNMH6Gjn&9g9wOZ&ac{w1lY#Xsp0UY?#ze_%32>5fMAR ziG4n^>(5J_6`tv7A#WqMKV;9uk_((i-g&IyyS1*t;yb+>*H5f$)MJtzzYKw5F^aPV zyt`5D;Go7}19ofcvY0*mTcxno6MTbau}XF0OssI=qP++MCfa-+?&x^nYk_~C#THAe zGDlC?F_KJHDSm){nVeWBja!F@er?M*U3CFxhzj?JyS15GCIUjMsLh1R>{?Ep4(HzE zX{ywZovf?rkCkJeN82!HYySIPPbOX&IybD4b8Y2C3pqC=;N}wcf%up_SWvO-NF*ZO zy;RKxMvoh!y*(p4H2S?bEV`T3AwtE%>mSjjvNZXgWEU-rTiApB_3M>3AZ&5ss+c#b z6v5%yhsIN?GQDxTn`!R~j+)ZZ9}iL-6y{nMM{?z@>{NOoDJW*33zr80wwB3j1KSgm zOx=In+i1CE&2+DzpZ#2ooa#5*UIvTOBNM*k16Iq>3t#mwtwODHhVT3s?=}jd$fKj} zk((xuwaHh#*Yz7OLd{yzIk>0@EeMbD5@)c$VBu}BMuB-UR#&c@z~Kl}SPa}t7(z7z zO5&+-S#n#r6?7+jWdNinw+y?UE^5iIwYVr?pqfeS_5-nFPX-Q54TQYQi-1|gr_JUZ zz;T-~k9#b>zeK0CB9u0gthxPQ{-us?G{2$#OtG!M;G1|xz`Ljezb*e;8t-}6RRH;P zV8PW~w8N&C1s8~#$yN?Xy*hhbGZPfs@r9l!?<*zcoTugi!xx7z56vIHW;W}*T3!ZK z_YG|(Xjb-E6i4LCDPy!1&1o(NPu72E9izV)R(Wh|Z1J?0zO}bsqe=USBy-fg({x9d z%UXxL`}NbPUM{)#Jrc&=R`ZB&$HiZC44RAq1}tC%*AEu21R$h?m%lxb89ND(rX*-T_o$W_0OJTvE`Zv~G$>rU#kEzMCLObS4JI68D20*BdltiTw zpaEGrj>GWIwTBsDKq3}cP7Aj_&@B#)3tBS~ejE{q=z8%cit=eYz(wi7)=H#6c^X?Z z@jqxmSB(~;N+z!~+y`yRKV4EKe!J{Ge(N?yhk@&l_(zwu@Xr8l0z~QlrpfbPA=(gN zV&h@c2s2lf{%#chn%Zxjzr^X-(aHU-qRG)GM1aAZ;-4L+Qh`E=)EM$W?e=~s*W3f7 z>s`X%x0`c&3E7u^)y?bl#F&PqE%9mX zYqGlh9{$g-03H96pD3%cV^lS|PU6;N%zi=a=&iwdV@HO=(zzjz!YnwtGseh1mqi#= zHq)Q74{|Ks=>YBPjfGyp4|*tFsd=WmFure1v_*AyTC()Khd|<;4@k~&Uy1BL zXj`8~xjMT~?EZuHG#+OiL%13=SKB5OS=*ZM-P9H#9RxS4*G;;sD(YiJdsepiD zz7EhZ;2dQf`m%oBy1v+2dD)3e3;#uOy*AM1^`LF`uf+iqZ6Vt& z8VD8I#@I*%Lk;F-@}Bj>KR8@~f4UXwf^HV-jtR&k#Bv<<#R#HOx@w#^Ap@ zsYUj8r8mm0pa1N7d1w!jo$=U7R(5`l`O54F9&2Kf7^+}vqW4nVBrQ2BJgywCa)X(+ zgyt-~%toOl8ZKNh5L-8c`5K@6mNQ-62ET)z0E#x0 z8;EyhCDEUQz`xe}f9&3hbOG@$20&1i@dXXs$(9idu0Q5(5~>01dyatC`1n~n9r@W? zj`pni_DymBt|7!XaAI^-Dh*{xIhc-)b;5o`yuQfpyiej%oLvRciPc-BpgkABd|D|; zShWbReFCM`t1*iY@fESNzm?;ROwMCl#!Fm`uVpCkCme@#Dnjv0uxcIm{$xKZzXc*h$1&r1Mg3#0uCW4956Omv-NIr zAOiVf1&v^Q#TD%ZviV0~`t;|B`8(m<6rnXU_x4%j&UH3Wmp8e!tMiO%S|b3qu37_? zs-ZCH#ok;t`>Vky=#gCx-tgYMB*(WGn*t*gTu4WYU3p<5YcFDD^^@|4=fx$c)5F-a zt^8A>1l)X28)_Mol{n<6_}?q^Ut7UWaE}svqG{w@w!%nt%Q*T;ap~(dj06F3#X{fy z^vK`*T7hETvA}#9Jq?XFj(OlSE9StjMDHoPO%FRymFOlO6Hs5Q)%AcR?4YY=#d32kL!9?{#j zW$c^H^jbZn;&xhpvVJ8cVPhw|s3g*ZKggT8-B+C*ze`Tex~qR2i&IwM4Rz{POP5_+ z_a22=tnj)AeR3ONJSmDH<$xFMFsIg~!pRSZ<+LJjF~@HMsC?tKSIVMlOazH@k$vjxIp^pJas`q7cI?V^FL?`L}D!J^ed=5QvsqwjB(ilcO}2KczEoL zRDJ{w;<|O?EIcT5Fm^t&Wtf$1(1BBw>NiJPFrbnFSZ0y~M<+MI3uYQh7m>lVH`!d1 z5Hv!uS5B@@bZIQmWk%GM!+7}x-awShJ%26PMik%l^bniIfOSc@B9#2z5!QOTpr{tz zSJy@jH8+^_|5CQ&hIFTz?D{kx6Ueh2DC(8DsFAi z$lo5eH~G6B2oJ@z?0WD&_j%=!TQWyWwwMaV5$@;L>SJ?jZLZn6B3RWR2!xV{-U?sd z>kbY;4WpMVaUcV)_|hP!YoxXShkg%M*+vGUVNG_^edpn>dk0#c3RP8YzrC+@0|$KX zdm9`=K5Mag+qo<*mDSM==l@i_+<9wup2MJSQBkw)*`8U(ie|LXS zQhRSeawZ=7CxU-gZ~DnY=&<{rOV9*U%QitY@vc|Ak}mnYa1~fr%4?4*&+pWNz1rG8 zC30}<;nR{s5Yg!D$g7B6eCl!gEAeB6mhs8qSac4v?{j!#`w5jjiJ!$_L<>Fe4B3Uh z!VeK9mI4~3_9MZ)5mq*U<;?8VD$eK1JB;F$E~ZSyC#tFtVo?v&4A{;qp~BhzLna}) zWUl?M2X?_o4{8BU)2wHt8al(EX=2|a_=i__=bWp&+C;Z$NADW(?mI)blGyP0>Mn?K z*%Y18IsLbhH>VaiH%&(OBItA6f=|cQ&Hx-Ne-Ou$F4o2dPD$vB8GS2xW@yr$uYV5O zI$MMAQ~qkp5UH|?XaJcuD4CP138gM{1}}YdY8M)a)0}T9=Q6&umrrJI6IZNg!k&Cg zLccN$OT@GF%eDRIu2bS9$@ap7+Z`M$pRqj86l}c^5nNJ7Il+vq%Ml>?u__U@S2b0r z0T@hx1Rq|T8gXe;Bij5--(^fFq=_QTk~Niw-TxU>urs4!(nn)G}#&8Bml1M-(uR#iTt0MD(@5kZ9|H%rqW zj8nPR*TWNIpwz~?I={t3$KJc<$iYsE0t-eQ&Zgxogxa90l>R^@0zn|C>*!odJ-o71 zV2)^$w<3&bPP_4Yi^b@P-8^Kj^Qyu}9Of+%h*V*-&fp`-U8UsA2xMv*ARTB^JTldt zh#ilOO>>8;Fs6t&H$ZSSUKauL6>y|FE z>L=0$)NNOGX4A+cmLenYt_P+{Z`4lT_x;mKG9`MTv-PPht2rUNhy2y?Udx z99%ev=uLk3_P(UY$N>TSUzszisjPmpU~Fn;Uv03rddoKa);HLqA5D23wN_xJv|)YA zxnSmuT-1ee^0tsdMZ<7M>C0TA6aW$0re6p0#arY@mYLTn^`GfV)E0B_gKm&~?E&Ff z)2Xe&>CIora`%mxX|KW1$I*EdHcg*dnL;tp1R_R(MCfjkdOZh)948LT(zXdst z9Rm!PJJ4t*rQa(NZTNFid&^aCAfamJHj3@<4LX~IiT~QC&@9(N&MPb4xeq-rH>s-_ zE1Ui{z80IS^E_q&RYa6>;gtBFv{!$1q3238qIyzd0z~bAnrOb6UEIAyZ|fa%K9tRU zsoER(cG^us^4i3wFQEm`uhgk0;rk3<$w+H6BGQ>gvt&d)%^atS+Y>Sa_soN*dd64( z%GJGki@sE8b?M8*Li5Vdyk3b^8#cIZC8DyMEPS`Y87Nhu!bmR{B)gm8$W$@+5QY-6 zPbczz^{3TN?3)Drx2ZDTmw-?P_*;pX!+&JoU{%{OsT6}q7e zp3ys+#UNODEjceWG`?WLYd}Bs*r2m^UB#GROVx{%Kr>`5 zu}iGxv4tS_!RQkTzM}_1ZcSrARou%)J6jft@rG}x_F4Klj2s5X zOho;9vXu7>16HX<(ySap zPTxZ?H>}1ny`p4VGEZpVD^zfB<$|PS>o9nw#U zy!cV2+2^816{4^87}oBfl->_K861DtyrzUf*^+yslkN7~W}DP#rfO0&`zo~eGUeus zeEj~UPH;PTrpq+VuX7zOJ+zpY`f=th2i|EDaybo`yX3c7$;p*{$1g?M zjJR!@7quvo+pY1@-5E4Q<9{1PvJvQ&@QY0~FCV}(Pw)qH8(z2ichRc}XEL06&t%*<#3(mn`S}||sqdEwJHw;T_>_G)`n{HP)S8I<;NydsDl{!Gv zm@0@4uv5y!z1{q!>I+@bGF#Z)b{zfxhgsbey5gPhr%PoEsz2)bz=|^JSj3OA&0e3wOZ&M)Moo z)@R;MOfM>>K17?kpscMIJ2u0Qc6QcC=`Vjp5gBOiG+Q@Zk>$#ij9a1;2HHi88k+0kWsAixLrW{@(~51-covmD|J5cZVQ|0N%UqX1F{kR+Xr(GOuv(!8;4j%>ZAX@Y3?$ZH}J;0dv5it_~QS! z^X!4)w0CC5?1yr&Wzw8QZL8Uu4n@_}gT=EkT=3G!l3=4Z?|;9M@&=@ao>!{>fsmPW z78?cBaM5(OPjw&V%Q?2U&QIjKWWI~M!@O{Jt!8`2hz?cach?n^ExDZQ>IT2Gh5vBX zttTmxu>s7LiA}`fIm3#o*wX8CJCmIFxtjYW4yGO9c=Ie4x(|VY>hYffho1MI3r1OY^8G0_=T{Y4 zl$p~vF?@TSSNYCPnmf`UR%Oj!$%%6X7N+fHS_yr~VHJ`3EXIw%uH{*q|Db8#MhM#R zd?j(V1pyX!Ma+;e!SA`ii^$bFtTd_MS+J{NBD71_Td&?=VHS z@!ly?z18lA>bmE}#}D})iRn?uBH2(GiO~HY7kCrgvxz02Tb$0BrX<8)AFwaWU?97&5Rs1~kmDAm(O6WNbx?kTAY6C)P!yAT%TEyV+gmxldP`Ux3OA z&<2w4aJ;F;^QFw|qX?D6@aD!JVsQ{-m%N(cc%{HxyV3Ua4+Z6;Nw4z|annPH6bGp} z7Px)7&5Vm3!jN&p_L{UUm6Z*kc^;JXMdH!r3heKgsC2~Y4~8J->O1iq(H z=-h8GG%h~kE_H2HNb+9ipM2Pa7|C280b}&+#k+7tP#1nDSE$eJCKd-ic4$PwxG#op zH#cgg@|Q*c!1D!y3y4^P;pXFOt!kSS?lyR>qS@yt2VaQj^x4&;aXquacDc7;8|{xS z=&H9Ad#L0MdCSj#4Nb$rqch6MRL=JJF973cU%yT=;Gkk#g}mj~sAf68TzxtyUP^{# zKt1-pFeT)=2G-xwG{gy-6Vo?{0rl`y4D|yWPBDY)4D!XRkAKMD9w-ZcRWU9 z5HAFCmuSrU2IjYQ+;OQ}AA1|cB{S!hE0uM{{0$gz!MK9y8e)c|sS*9<2SCz8^qodvPi-TBD4lPcFR6cgT zP2Z?J;d6Sof%#Mkf#-*72OFYn8ppMd?Z@q16*cPZO!8)S=;#DDcJWwy9PHm`c&Kdz z7pKyp1BArO7{?@^fp#r;CUMkMP&1-W^7x)h?vC;;!$obD>v^)MIeACG5kgAN9^HS& z!!0N{EO9L{_(R$dLSh4OoR6ybf<;h7ke!MXK)(h`Z)oRpl{D3vUZe*3n%TDpP-m^S ze(RFBzO4nSc6-%Tz)MuVePPN^yJzvbTSSNK7X?Nw{BQ~G0cKUKdt@P!M&v(45SL?t z@!1)JjxKy_=O8Ny5m4MNS0^WtgckDo35|8Zb3#XxRd)pW!>0N-XO5w*WAY#kbvihf zj63i|#k16K_T`4Yup{-ufC|j2B4VzWQ(-Mn-cpKu%)Y85!@l))ICG0Wt z)YX_rYh}-OEm-r$WJ_m#^Xosfy*9gcs!)YNG7YUN z*vQ$7A3d&>$9GIy5_d^%`i_`5)AsS{PNJ=d1Yl1t~=&oun4El zyvp*+iqG^P#@DLUFaOE=zfwy20t6EsG6%X%dZp7@o2*gfp=RR#gO;=6vjSQ(doHT* zGY#*2>{yQ-+{`)X5Ntfd2sAxuFxYPV@79(7nS|c|PqY62H0%GjY1Ud74GllIWvL05 z#=6IoEiFQDh>qcz5g|L%(e4uzsA1+FU7JE{6sxH*t{_r!9lADQJmILru2asKqnzFBeLKx@iYKHLw4e(iLNM5FjVU0JsMS89aMoY$T-3hlkhv*m7e3&`-TIT9CYbSsQ`H+(%`WNQ8C;uwSh?>dD~O}usU zrpVD(>ek-|?tE+JiRWSV#Xt6`=@PhLBqbmiat7SuNTp2DfrC2CS(wLR3gHNX3XT&X zJT#f~wH2x=n2e*sj&B!h8f^nTlZmS)Px1JD6kSlveS=UvnEmvS1T1e)xbd*yL0tDV zHk{Idz9W$&aV01S;7a@J&Mo8s@FWzv4_cJ7IPNUMh75g{$Lhx}LbiD0x3l~-nXjq_ zui~jCesL)M*BHJ#peIO;!4@HB_HXI?sEf#z4z-49C2#UZeXy4Vsjx_>zxAqz5%J2N zF`P;Ii1;d%%}*O$MT<93>7H_WGYMnBnCj=@2eI3?ibl=PT(&L@F^G?2-S%j)-?|9@ ztLM@^5DJL`yXSt*C-s(Si-5euGHo7xjm@DOnFuYx8RN*q$C|1i@mQ&;s){sh4l!B9 z|FP5SQv0u_Ntj0OO?@KoRgTpK@D3+)eRTp7__s}5DlxGMk?0vpAzp9&TgOOGPZJ}A zTnO;{qk>Ia%~6%IaO5t%q2|qqZY*DcG5g_a>@~}qnAh5xGyzZKH;S?|TWe1+AlSKv z@z}@uBMrwVrn_-!ylLGP72W8OFKEcy$s+r}f@OfQ{f|JbT64n_>E#a=hf@1hp3$Ca zl#%*Q?u$#6*6}5pG%9XIRo7>G%0m#itx_!ZGiTBB$KJcfCl|$$gOv;NoStxY>OATC zs#QI>V%YmN@THCH(zRSX);+esD$tws#w{Z>$?P0E4^f}xP@N3eUf>{U6#S}rLSW+4 zsT#viR^QHbk?|}yMtt*`SDd_J5J3&u*O!)5Ml{;ysYMK-z`k`}OM(K*2OUCFLSj#( z0Os!AiR%J`@pVkO?%paCIhB!W#0$M=ug*K_-BnXEQ~Cm_wiJn-c(VW4aQ@XNxb zPQ`d0A@U`S+$up&%JQC%Gz8Vk!R*21^$^Em)#lAFJv(RhepN?>iqE9EnVr}2m5E(- zHCQ^L7;zxDaIMRo6MK*PJ0)3RHRyd*SN?~40vJZpb*THoe=pHHu^=`d)?ZOShyy@d zx8%}vxz?X_;MEIJreLfy3fA#Y@cCM~-3+#IjSf?b%Q^XK+M1XE@K3jUk1(t(3cc*D zklmR*eMM`TFm=a1WyHbg%84ctci?f3H-Y7`5j}s{5?Mx?n2u|>7vXyuxYLc0!x)X< z?85@#;3U zYkLgHKruxH0GIDLA4LxTgSOD{U-Q}Lsew3m@pfeP=T$N4VF90x_ z1xZJ#d&@?tR;=SX&`;71CUrt&q|k%}!o3xd-Pt$g*^2o$|T z?+LcaEe|BmXvhf}T-Ix$!!Q5)Qz)gfo-PwD*^s58Zc%Z8-$o#zs87xX8@sbzEROmUcXTROJ@yXLTUU!eFiK*r`^ta02HvDMyA2?#)R#c zf5XZ(FopF0a$3xAq6f9_oKPpsW0DmQ?$Q>RA(mKKqN*}7e63%%B{bT+UII3-1t7KF zAi!4(1~1kfyVp61GX*r8JyN_oM7hn#B;x7tsY7ZJjBh>;x3g4-1!P3;bAl)-sco~V zSL5pV!aoNkU1^KL^3A&ctUGVzoNA&dlwna!a<(zbsZviG~e1!jas^BYFb1(25d z%RO+X_hbVGCM-gm@y8QlmI@74UuugNKfFMb2-O(@YtGcfXLncM@_-v{JTG;OG%p!W z071;Rqd`cHUCM&T7i0r_UJBWujy5(TGOo6pBjv-0MCrY|C$a#ed0plEhYgKD<)QF6 zk_p{f?X}oQ!F$ew4uF}1II`0)e=!qeQC0A_N+~;l4?3uskEg9>{EmH8i*NVBaMBwF zyVg@&-fZ6Ks{0a`QHyb0nIl?Y>L`Vz0Hj4{fWqqFrk<2UwQBR=Q)liHQ#BsZc+5N> zN5;LYIuHF}mRKWwijbdR8%~jfhSB#+l3`Sgu(%BeqftuDUpNM<+!`Yny(fDi9OeYyGsyUK17A{W+r`)Dzjgk_lH{U3Z-K#%TLQfgzST%u^$YWpc zgl5Je`}VwzRD=rZ?X=P+S+Srzq$u%Cpfpq|U_Ftdz5XgC1zrFBJTSr{Kq;vLAdfH- zW>W0T)+kpOGQ=Gw{P*4eOV6ssx=;e|$;NR5vgySHfCS?IrT>~*Npu)MV?P*WX2)}3 zI;B5cl^WDG3U?mhi__~7Rzt3Rs$f^f1nZ2uectqcl)Q) zNl%6jh;IjlDS@>sVyo^lC+0Ozg`Mvvs7%W(*`vWO#C-=<56+d)Z|&|`wRXcEk;0dB z)zu=AQ}o3$;g~QT|5n2}&qKnwP4snc6jve2C5%UDf=p#r=HL$vhI7!i$eK~4eqM{jlH)Diu3Un zEg=vbg1bv_cMa~^csGy`T)J@xmH@#mKmr6!aCaJq;O^2$H}39`5J+wxnVEa*oSLb5 znEKzT`aSXrUww4%z1Lbqh@{;2B;UxKz?>j%1u_inn>zCQs&bB1D#pH#yb%1SF}Y0S z0P3FR_chB6cp}s4&AG-}yziAv*Qrf)X`O zD4Ljw`Rd;G*_=%&8ZZCbcQtaEVVc&oRc@{%(H4&Hsdy{zZh_DWiei!aoH(+g0nN5! zr9#crr(*2k-L*j%0EsFG9zo`$2j+~VnbSj6#&eAd;wI@3-qQQZMJ!<0NO_SnuIzV9 z%9h&5HAlI$GMh_PfxXVqlL_%dH^5j@+v8|QB; z79BjKE1kX3G8Jj1q&rLr=ab%-PQl(!oP0B{uR$gqx2$h&)19QcojzPv;hNGYI`eic zdbn!vOQ<{a@IZjC`X(jA%_YkB#ETX0{z5=**9nZBpIdaL$TRDSOnMwOIc^8(i>A=_ z!c8)l|DBcl7hxX%u*d(f$N#X${|kFu`1qw;i+nLRLGYvZhl+Z5XyyI|La}CySMA;2E3)L*KP6CfHuLiS#Tg6h-)}dy4|-PHqx}$a zHML10+hd#N+Y6+7RP9mBsyG!O^VQmXT>kh{cOLDjWb$->syW9Y&VEAN2;{bAwMM=A zHl>N$1o*wQgA&L;W6;ra3lJ~^V#*CM;}*E{}1cSoO==TvP8YI|IM9#pR^ z$rcGSnU6DrEvSC_}n@&kTQS z5^iBJqPf7i?<<>gTp)D_5^%a(tHjX-4bLE#R(Sj-yUg(UR+&!yZh2glO(w?gEYOdz z#@q3d4<>tASJe0X=?QM&dfvi`W{bPFa87PzfMKdHyX3EPG99t8v{Dk9tknDcv_EG~ zqCxH;8r`6lvvYGpaINzouwAd7r?RjqnKwU*IH_Q`1lhxWu+Ce78e-z{uJspcE6=;QUb1M4CP^(L=r2c1>NQ|GYE_EJ;^5_+1>Zs{$0 zsFEib@gc&1-1(+r2p`DkD0Vs8zGF)jB=?T z4TTJfnd?eD*_k5Mr)OKEmI@x}-{SS*WppZ*_U zpu(nD<6w@fnY1d^{lWS%S({V%t#j{_@{m-kP@^D#?CT^jpNiuv5R-zHr zQ<7o>fva+D#8kinfYTKQY^ zK0O~HnHaAMd>pdGu6Am4NCAFDGTI0`bGZKZwO1%OG*j2hV?(H1-_nVz%W7@3t7*A4OOml~%~;{yBv@ zJSKj4k~&f?^)?gH>1?mT71`}PBsNpJli&nw%N1Lq<*E8sp>wj{*|E|GMW5y^P)sto z&kpoO*XNs=JW!`{8Knx*nOV#7MA4~hsi<%Q0JUqIVc$da0-qg!CkI-hKAn1K{Slhm zxjWJgm0$2xG1h#9zW-KPQUJIthZkFGHiCQ%P0behWxk{jbis_t=JQ`EDyB60^yMaf zaMhLc+PC$t9x{Qg<}G$!H+V{de!RcEd!Q8a#z-&l(%u{Wi3hPq0l|!bswt0e2TIDx zyMqb&b1f^pIziwD(T{*{jB8sW?f#lLpBXt*k^u5U&Jn>vDHIER8a$GbByqCBm^(it z7od2BS;?OxAU;*`-8#KjTw;k5KeUxDHzbzJ#bKPCl9>`o0?K^9A5 z(P%Oe1n#ZibGKihb}5HZ`bB9%OqQWPr1)%}1Fvr*|=#H8ftA$#|xjQI1&UVCee~p3MGt8D$~Q#1V_vb=pGO&{E_w8 zZ6(BJ8{X3alAfc-RtfcnS`219w6k)p*Ap%`eE_DO*=A59^p%6qsuCECMf93mUvY$X z9vl7oq$=}X%$&A_zZqfpO;*+R%&eJaZ)ox7?*9CI_ z4%K+F+37TYb-et<2I3yFN-1!bc!6m7=$1gg%Z&4Q>S4)Exf;?img7xoD2AVT-x}IS zIegF0TrSLuJi#Qt)3xagg2g!x<_PQ#ZfsZew-o6Pd)q0aXt1LpPxf`b;v19_i49B) zzgXaoE;-Up?99pFjx3)Si)++Uxr1{IN4RzfwdyiKA14@zHP9Vshkh=Ua_p4^HD1L@ zo`_LUl~$C++7F4?pSnccjyP4{ugD@GkLGvd*GL7C> zws+gC?p<*JhnRx0jNF($8$^j}D{$AT0`V@O$#Qwd*+bKAhmaaog4K_uOTNmlN5n_J z^&%3_M(~H+RfCw>I(mX@(Gd3V*-s9b`Z);tKC{_X)_l-1yXXAbi7W4`#IO(7Ccu)I zgL1Y%j7oYR>*coHo+suMbCsI6^?xGYzhoe@gCf^si$8vH-0m8ESlRqj!u#{Xap4(G z1n18fmBTNH9chWzbRJpi8ioM(E&ozhhrac{C`O*uv0^e`v(3io_jYFd9li;4H* z_aBM)23=Q&UR}T6b%wPiPEi1sXwn5lcCeo>YpfK^u&GnZM7?UYQXR|B)ijTzao@Bq z_T`?bE{jPe!lWV3$~EVWBFu%TgsuJNLcr6pDl{&_Jn>yz?bD1ptLH_>#Ae;SdEBR4 zxP#wS%o(3TR%6BtIe(13XR)+$&aAu-^Gbsb#LHMn9JK zm@LCKohB;+6mwGf#R4OIB66v>W7|HYo}1Z9Xk!`R-!1l;48~@>(HV|89$J94wjXu% zE0ca4=+|gSd@ReeE8(sk;N`qQJVwzDx;O;1{3yDm{~r8n z5BDBxX7wYd$AeL2Q#|Jn6xORtPdS|Vq6p|st!Pz0r3Ed&i^Wb5dH+?W#;%8iR!AN6 zhMIddOuH;iI;eH|_=T#|kY`TkvO0TuV2;;1yT^{RX_ z{+0g$zrX(4I8ukOc|E_>Bu%uV!`A|mfAc*`oP($lJgKY7LF6pqjZ8#pD%(Ug8(FyO zKp?_MZb_CAEiAlk3s%Wq%kGOIfKn#j3H@WkjS1*gHVeG?uO&YCz1`+A>d)#cZEu(DelUb`0<%5rDAl{wyHVZ{7{5e1 zq9MqMKbO#%$=-gmv*#w2u$5~Y;_Z=Ag}ek8)}%V-k9cE`Mrr(O^9Y&A=t)XzrKl=X>R zyNM|AI;7G#VfiKyBYcxyG=SXpTM zs85%VT>PF>Xef$`8R3>PT&CY|)l|k44fpddvaw$$2oy9X`azFEz(=!C*FeC%dtsLB z4W;Y^x5q0{vAb!~>vjiGO>*sFf4m^iw%~!3vwb39+=M))FD+`>4oPwNQPx!A!$JOB z5*HiPQ9V3LBrEcJIAUgNu8U|}^$mPH5iJORUa4YZXn&ry3TC&*l0S7tK_Chr`fFY1 zi9ic=r+`i15Fr#c|Pbc~BszrCNdj2)c{ z3!MQIYyr?!>3h*qo*5ll=YAhS^jqh4G215r#8eE+FBJP4U&_RKh4N)*yVpgSi*sd~ z4vRfu^;e~Cf7L8V;lU|_Di51kv-EX8)#}b#~NoK>g)YNh( z*6{8dOo-Hv31{7kf%hK9$CU6mr0C(JX`t4oU0k*rniIFxP>OG%@8^%h?~W#mGt&Bd z`G-qMRF9YY_*~d6!3Am&TFzY*V=58fg2eA+zLW;{I-Bc>d?cY%-@%b`Tyot< z37k3ZEEfu6wb&9VV&!<=@g?Pj^BhjAX-LP8E^8A!DRruy1J;;~T79dO7O5 z8JX$BrO(dp8T#Ao(!_C{PJ$1d<7J)q3sDNb-H0vy1JG@O^v5=`) zG0+nOW%9#aX>hqZ=_L@s_ufx+jp+CO+M_FJNHegtk5@S1NNZ#zJ{vFlYNXOW z(|rRMe~KluC6gJOfSeX)rxhJVI=d^Bnn%Z#VuGqESDJWn2@|9l?nkW~8wzU;RH);| zbE(Q#>crEE7q_s|9bD7=5+oB^`Kcu1Bgqo-Sue1U8Juuu@AUj{9^=>l`50F&+xRzF zyojYqs1$4E`bJ@+c>vq=kx=X^%)XN2%FTC)v=*0K8Bhb!)xD+ivRF&ShBnT};1%gH zWU#rQRQ^S2d*QSvEhDO0cZS|b3q>B=?AH>~`pkG4MIZPR!G1gWbZgRZp=zQvhORiH z(E=?nlmb%rK89z*G|T_f9{3OD{}1N>59a?5=Kl}o|NjN%&q1BL`fSrKeKD_rCC_@1 z=8%xA4w=B7vaX7yDvb2Kg)r}+L2kpU#WYCj;+7av^2eLy<9c?-67bW$rSyAVN6X{5 zM}1Bh`eBJ@sPPhk7Z`)m))!@a&=J)?=vu!QNBsP0)0VrvwbZS=Q;@2RfdyhM2s6rQ z-SI@8=EyUW*50Bg!xDT9{k5-rzN0PVke<=6*ohOP-#6YC6~|i+e?@*7bk8@8&$YbJ z^@rit>G$3bE?ek4ksMUQr6@3?nyW=?3DFz=y}*DT$=(t`!FnI2wz$!hd9;;Y;|y{N)?M1H-KL{) z2I&6+TCgd5sxL|3mepJHmefHDy+T`8-wJJKF4d%yHdEK)`XLxn8nsjASAB|$1w7#w zuYE9kQ(0J$ZRjgzWQJv4a3xA4F!qN2lFgQ%n()2mwiWX&arD2JrT!%izBu!;%07d` z_NH8+fR;9e_Y^t}AJk^W3L)_1Y{;aLutKs5iPBQ_ij5}R`*iP|eDA4AiaB5VopWqz zBhu*1n@)Sy6#BUx{kr?4?B(78`9mI=lFC6=b@see0bs4>vKj#8`Fc(|7*bkljaN^t z=w4#MB@Ga&O!VJDg8W_T&zk3%s|%vqWT_SH!^v&4=z4?#3a1 z(#^Ic!|`};t{lTvX?%6gw`)X?bJ`o}8mXXCQ|rP66lS<@P{g^dYf*54L&0aJk`EMG zh&6~Z+{t4Qt^|skv~yDLRh&FKuJw`>J(>e^m8(CLTG}J6*Op$lB1sFQ_NmPti+J z*jy<~zUT_0KYm33mVstc4VFG*EL7BD9>N#C@)u?AmSk=SfDpnhJ#(Uy*)7UqYDVu% z>`HEA8elC7`d!t1HYGeI`!Fn)pk*&g*{;S?oXwj*==fa_%l%F<*`ao&lBX)pLVwr? zgfIZ46;<>ah8x5eib1tjc&tnWiB|q{AB88*`uRq!kNC z598W($tCdyGl8RFiG+hgQH&5_smJ-D{~ierF;ZWON4eAJY<+|o;^Kt?q?Op7|4uAX zI%Ag0Ogz>w$1-n0Pi2=$6r;8EtFTU*B@a7Pe>L||$(Qn-n1+(&;fG4DXloguU>!of zQ|AdT5=L~H5Qb?C`lD@5a?|X2yZXpL+OfORT7Q0vZD)Sro^jex1$O%rm=1^KHae4M zzP%(VQQ}?;o#mx85zH=(1;F%Fw+`su`lDU9>FJQEKQjpQdqOsHa|GgSnmk;`)v{l3 z;`k5HZM@;&C{6O%5dC_p*}#$gqw#qowI6Vd@_Px<*V-Mg`D%k3NOppAvb{3`-Q1S* zCY{`96P+m4!O!tx;dNvAH(>|9Q*rG`EAslZ>F(iig;qMBsUhP;@~GLn8x05>R9(A? zjBdkLs%oO5(aT`S!ExU--Faaghyr}VL?+oc=Pdo$=Rw^0cxO`gHhIEn8*HzlmAr;;D90^E>)_5|*=JK_2a#T~C*$7-hO zYH)JF;agQb&|@@o>pK*XLZIKuvBk;5+pR0aNLPu~@v>K&V}f8nW<|v0idE8g)YrO4 zff$&qrKrQkPIpz7Ji$hK|Auyxjw$F#Uk<}_uYZ+Y^Q4W1i!o{?%nH(}gVfjZpz6Qo zk~}@OtKO9tMeM24kOUt7FwVG8V?l~A$ba(qai$|DBIIM-!qgn-RbFVy-0W#$xp$I3 zkEYdh@7Bz5^={UW$n1h9#1hi!?jFeQsL#YHuUOWqcn1{c8l2g@+h-MU_K34TJk6^! zM@)FX=nt%d(2NRnnWT-v->qN0rkhK1s4UQJf8o=?#({SeN1O6JZx#6`qdO9@@uk@F)LAnC+p~Gu|1ndT8`??%{T!R7caE27)YSwebEZ%F!spQqa$- zcL-@4(lWO&=%rk`*ufukc%3M4M4&m}3_7G(<VFJLiI40hcd* zBPw0R?GRNvGd}j*zPfGI+Dp7VFFk?LD6Jpv&4HiP#ZHHWhi%e%jHId^HrUo8GwnLH zoVFm0m_;?BIQG$VBug>$mQXDSZZN3_jP5zsg)KMx8SGtCl?9*I*JBEr>_`Vhom^P1 zJd(>7XUceljV?NWw2zDnhNjG6u@>l%J%Iv4B#@_V-19* zo0%y8n`r)jXVyM{=0vaY!gKm5=J-oi9ISM9wmHYL=iXK#oYVZ6AfdZ7J8TODeWQem z*vFvNyG#|A8K3@*L;$NjV;aYOp9nXe;;i;#R^HN$ z+redV(3=G<+Rt_C{WLV0Xlm@D4bnMb?X5non9yMotA4CQBgpY@lIhZ2If6ITr&)Sr zrN3Dkz4lkAYd%pGcIv*59!pbkInNDD5VYxPC_QuSgwGdF`+I|4c*hR%{%A4fx&@-g4bu*%DunqUs7P20rbVu zBW%(?HuL}+Cu1&kEDqqlo2X4E`>7{Q?8Ks%vry!Dk>3uq_q?2b_G()#SxD<{tT#{N zy_7;yOX;s&_NPB@J}g&#V=n}QtTs>r1yO=&)jW1;eHI8xynq_KJ~7lw!6rxD2(8;R zd_O{%wc0=UoUw3@Jr{wnCb;um6)=d@WRA-XMH`2%Km#-A#mqs^9T6kU3et|H= zRCfnFdHq1JV!(d0mE_>KvLPFMHj>>J_Y-z-46$L(t%UqLaWt91IQq%KJ*q-~sW>_z z18@58trP8XtCOBrgJ7-UH<%_lAA1mAvfl}s`$B0A6z535A)D-p^6TsFbtexQ ztVuEWm$-@M*=bp7N4Sm4X+|pZ!g~`*M~@e=NL)Cnn-zkdhbTTG^2=(=s_K{Tk(agr}yz4Ot$( zvX$cDI8VDewdZ;*c{HIC(CFOC%$lCc zP?qxY);FZIsU{W#>@E`_{@_G{UHbV2_n9DA*a8nWp+jFxyH%oik zJ)@-=g`(eRhcsVpL$-_i+Evefp%56mFVR4yLTR*+T-O};PPrv#-m%u?%k?2?`=&+T zn!8g5Qn&+RuVs5ens+{_mD5^@8~^H*whrh$S)2=9bpcMJ;!}$g&K}#_Pmpm3G!tu3 zNS}6%kpN?5+f`Q~cP=|)Dcc*Yx_c)+rQw_AXcFu)k8}_1r8%#PFw~Id)|CBQ%HOL-WUX>J`3EM{F zRqw2PS8)qa(EX(yp3UA3_grv19vC^^trloorE@l7J}I;aL4|H*2 zp4+h0oSWrofi(W9d@(Fi-1Rs49fEe_omo7x^5W#2%gsl(j4rmivAX2fwOi zCGDus)QJl`2!Ds(_)OspLoyfvll{h{Tb$JOGNs2|eNp!4Ha@wbR!j|Ldq{WJD~itG zEtCpC7t|OMc3i@3h3Wh$vV)TWCewk!-{MG7KDgoNB;HJxSz7tuW_15Glfaqd3Rn1K z%)D5ji!4totjy!9o4f8k`DjXViaZso7dsh?5f{?1+&(y+CLMe?z%?UcJ;;i;0#FDvT*$y=L~y84{U_OdMKT>Ue>Rt+aC zE&PlXqdq+RoC@odYInEYuKy>3&eisF>~fgSPc_Sh&`@*6mWB%6mlQsnCpQDWUi# zuH(DREw)juOGk`_?$&hLWhQBnymhJtBjczAbDyjjK6*4Gv~eRkT?}7%TlYlZak8;f z4VUIufrVd_CiD-jY~9Ui&lZ231l~#GX5}p!QyRg`}L&LhQ9e1ARFRP%B%?cGiyWZI|dTY*hb{e>}PGLgORatBlm+_j6P4?7YY z6EVBDY~Y!yg6(=U$VHTxdsTy{nAC5gZiAF|1- zO(Jv8vZ*0_d3Zw2bfBXn>tGJxedvU_?u#ILpH}*X1gMqK&uUlR6=)@IpLCVqv`o*u z=pEHMFT`!YmB@CU*L*1qR@&ck_WY%uq3(hhvAk=6#Ly?n9d5G)Ln$w&sCw0}i5+fs zUlk;x1vFM@PTM2CyaRI95u8nIZIsolMGILfDSQ`;XGg}o)F4PDfc|#Ov^dr$g}{5n zwNYZon|G;;{EMF36q@TKF6j;}M<4lwrx)=<-ms#4A}Lnc*n^5<2P$#}wdQ6*W4jfY=cl$EY{ zjL^nM^1M{?qgfCBiOUfgaS}+!az^zX+R7(J$MT`pTd=@+z8u$$!kA(5=2@+AD!ab{ ziySrde+}pw=&6W`W-bSc&td&qwf+#<^vmSe#BfRkqFBQy`PKK{6*g-#G`}~4(t&%` z6RkX+0*$`ZD1AYRCYv|LzGF5^8`~={e^wO-ANzRM@*PUeNRH&;K-( z?E?voqgm1f*0n*F!e>((O}oWHUE-e)_Sc%p3Y!4`F^Bq(ZTf!>rI0`TYhKNB$J`xN zuL}9o4>Z64-lk=tWrAn=CU8xFVhCe$lJK}u{3sbo)aUcXU^0h}BlGE9y;ddXw+qC~ z1x-mu&w8JcZcTZT#h>lRZ}{pTr#!bQRZ*D+rW;v6eH&*VQY^d7=4Q8;xi6Wj<@VMS z(`y^c26jq(g|H@tk!^EEGs5rO3&xtqT0h9yK`lQp6~$c>+nFD*3?VpxHdP2Qb<#Cn z=yF)}wwyTVVlnrjcO?(MUGkZKk~+hSXv-Xam95f)$1MGhm`HZf470%@!5TlBs8@VC zp7s33T3VTT&x9rFMAE5Ff93IV1~0zCIyco83&biBf7Kx-(}2cyJ!i6EPkw`8bzBv^ zXma$`H_Psf2ls7(9z>!S*15Te;SoCK_}jlKHaJIvb=I(RvVZoBy!N4z#KcJGrRFrx zvB&%qDLgH2J}Kz9p%}k&Y+(elfl09dSH#ea`E@q_A;&r_G0m#pa~~@M+(*Q|Q9ouV z^NzXpnC`vU*j8R^&8~P!z{5uE{0$=L*q={AiC20ZmCf&1G_C*;m$Lol0=Yvz~Z&)1`ZyZc{^ zfJJZl;@t!(G*V0y^5h8h6==;vuH*p+H>KbV2 zRnSU<<`x?(wGFrziNjYD^dxT^so}4G+)wpv>LEPmFPBz{BAd;V|FTnfHK_LP&Sb%4 zxa3ont)4^yh4{0f_Z8?giVnAs)tylZ?U3r{#DkwM zq~6{H#iD#(Cs>$FWt$_m!8#y^BPEd6*F_ai-O~bJahqIeVJo7YPK61Ry`!Nw$LeiP zO9w}@W||)n_iO`XV9d^s%?z%K737n|(^6$6jRe^dHP=956UrmFuBx)j)TIjypE|jg%+nLd8QdPdHr~ZxWoZv1jUR=up!Rxj{+$MpT=KFnItOBNM zbKWsa_i)N$si`ljnoQU&tB&EEVwOCc^!GK%dXq2ujM)kmTK)V?Z^SjDTv_%FKI?0L z=nqi>x!NBMg@s3BMQub5c}mGyiO@3xK-0bd2^!+ME|F4ZXL46l-0{0p{-%Bv^~4?aFO9tNBvA9;*#mEU*o4ce(CxZEzokWy z-LwTOpGM67z(%n!+o@f?ZMZk(!M`<0s>nz|6kd;MInmV0t+PyZsMwY*gG)%V)-i}B zqi8;4FEG{!Q$}=hucwCn0?$*o=@tj{ap9M7#1bAKgCPzDruK-tZ_OG92N~*Il>3&8 z&+g_uc9M`_LdL<@Wc`vf>)$Q2fod78L~$4g()>0GDk|X@w4?l zC1Dv|jYbXM3FBviGnnk!oGY$GS;y$A+7*e&iV^FgyJE&I4rp{xb+KTWmezHT*16MiOKQHm+v=W}#}zoqzacMJtDhjizqONwz>Xb$ghaUP+|O6oy#L@6}T9 ztq?W%H{tz%?LPf$z!u<^BYWgZE$YtcXq8pwLbM-YSEW*r-`QC)J34F@|V9TH6fnwVO*&g@zYHhI({Ob534FbWTDxg+PE-g1g3{bUodrNtvo;s zcisX^Mz|rf&r|D~rstfT3d8eI*f{Az2zsmp*#`HG4??JUD7Ydx|C{&omw%ZKkAvd4 zKUnr{%ldB9c07n#R&ZVn6_~VwGpwsl)xG;!A(PiQ3Z&fTxb(1g4*6{Tktuu>E;|^T zWo^dkVOLbesew-KydxJ#Daz_#+qPfivzHDFwiCn60$4=fL|TElHNPar+*2WZQ=SOLL9=@DJ;b zl^!P}cBwPai3TseAGYr*y4u79WV`pjBa@`}JF`RkEPnGX$oS+89X?yWCBMUO*&oJZ z^#ym9YG0^5pLchjr?#wz`FqRie|6MpU5{v~R$uT)hXicy>nyWH5wC2QGk;u`4QKC? z@xgTH&}1G&44lXD2PB)#_CE5B`83?~iQ(J0&AX+&QD{LXWMX^{c6oOQar_*p_Log6 zm+NQ5NfX`N#pTX$IFHSZT)P8@M;scQvy2~%4%|sMJ=Z!D-E^O|mfFeuiZ6soWn!06 z4viEv{&YDv4Xc)llC1ng_H3b_27g7_p4!>v+1pr_mPgODRsB;<<8hL;-#&E)bw`{l z`@{rv@{)-cwSA3w89n)14;HqjRJ00Bs@WBurxc$VA-yD6DYXPRDZ(i-KK8EuuNi>! zV;@YiKZz2o7(k!QU1|^|vV|i3L#DjHxp94NDaeb^Qt~}D_Tis_6D!6ZA%nxNLgoo% z(v!?Ro&~z|COWLwGO*U(A=f}}=-+@2S zk^3BF0jzi;BsxF|)0~{6S}5D;a_eL^q$K29e^JITV_PfYX+CVn^{6(uNQjT%)e$dy zE56nM(ED;~DWiVNos`^8wJTpv0f@AoLqMU(eCcy9E?P9;$$fHqry2JID7OBduu`!2 z6|s^RNZA}ixL(`STq$JxxlMhi$w@%e;9_H#dJDyP;_mm;B3ujL@s6ub{f~gufCbnX z&*15#u#g3`py+^E$P#F9tLztHU9>#AATWyMqH5|<`{Q{^z|w}hHF_?JrDw;{u}UnQ z{7|NIMw|1XmnijG_au3(`?QE}GPBxLiLQF}or|3?Ohpf=agFfoa*hj*Fd$-z0Z>Sk z3Pn$N$0F@^J1;^OoE%vz2zVJWj=jJ}QzoN9Ox@W)GfVaQb>91*_Tbh5PHb~0Cm@bd zMB;oYec!l=RJpn1`ogI2Vlu5_2N_-&M2t7Wg=gfyypR9E-~Peh{=wh=U*T{0M_B2c z9m=r-)yMmRgR}Wo2WTa3>Yga9FWN1i(m()+sxh}I%3l_*t|eAwb@cDzvsD| zvIC~PX325cCOmSTgxe%F!Q4zLsG4l-=`zV%7)_kVAVYj(9VI>j+&FkJ)XctEKm%Q% zt^e&*j|~xD3HHTa~b{ z`zb7sJnnRhEx(p^HYY}5LFeHKAU@^K3~o8c3J24Qp7PRx-Skgy;QHEv!`7(HH_hJ? z|LkVjYcbe`0dzX)*4dVz>jisbKei94Tm|bJ7HEB<_|Cb99R0hJ7&j=w!rwDYn5j8n?n`? zK9Y+*`W#R=&!y~nlu1AiTT#^Dl!;;dkmKs(G27Na;~`!T4zwT%Ho_rumG{Qtkp6+A1o!7!bWZh;@i;_HwJ8GavvM7}Ixvw= zJU?SLnR4@Vfr5qvlofx)2hmeU*~sH-fmUFjV6TS8qj2e*XA)@kQ5%^jr00z|-OX;T zaDlDmd2u*^p3;W^qZDZcbo#f*46pTSdS^EBhzk!q#WmFyN(?Zqs?^M^JU&v+kPDe6*`1J+c97XS932MDC0mL?b+I zcVU*(0i@!5VQJmm$>fB1Pz3~H?T<6yTQ<(M&sfVnH<}{xalfzDYJp3YSa=3mmFr3w zOXbG@Y<3_sz-xJ^or{Y|cpBBN+Zl9XD2X8wx>- zi@bGp?Th^tM9yl-tI7|8Y!eP@z-OaA*D_#u#kPjMd3;_%flE^!W78Kc0s6sqCpx<< zI2lVf$bF3F3tQ7nl##&5yU-%+ze|z~OZd;wYUNlQ6GWU|OSdc)?7?AXpm0I!ORrjf zu-1(mN->w&V6{k0?QK?IaoRvJ)8C>R{B9Dqs+lM^E$Yz2qj>H_w^8a^*RfoUIbdUa zH5x(6cln%4qX$C~6|)DqAN`!{-gm}T{2xh7<@a;JKKpbwCc{q9(lY#F7A`CenGiNf ziHpqf(OBO`OhxQ%zxOUAd0$hM!wEKjaq5gGxY(7ZgW%lB@u?k!B1Q4pbOmSw!+sUm z3D+%Ml#}$PVwdJ0BQ^L#3*jNA z-j#NBgnX@BwgQn~%Ct{{!o@TPX_3fa@B0NK)!#{|V^*44%hvxEY`r_!oNpD9R+O7Q z;A4}eKhIg+mWwo+=b)D~=dwol5V z*HpTt;6qUXDR&>=`v2ru^M{uddGOwU?X>Ra5Ci()0(9lxvFCcg@45L6cv$7sCnB5C zgN&tM8p}2VzsyP%CrTC2kEvMSNo65TNq(VXhK zM)$jF@Ko5Lqo`;^dT$)a0<&-kvKDl?K43gO3|}qb^_=TePmYAK$Wn;e4knqTv5IXv zso-LnnJl~`kbV(cz9*U1&+Ee*Xo+-*nLC&N@A`=ocq-}g{U(L0wH0!FbAJJif zt#AO6?y_y2M2g^wz^12_jRh}QMEiKTP=E9lr?07M{t3;niQh@#2*@Y zL$*xPu`~hSiwN_p%_KhNhw!vIzBqS@eSMksjlEgvyF&R%YM0d~N*}xZac&LlH*QNiu6%FVaxBb~LIicTUa4vB=#EU&EON~gn{ ztOiT{)V7zl38*$x0D`sBRctk}<9vgGM2*j=RSIPm-DL{%)rg3TPy*^DNj9zD)fCiP zHi~V1xWm0}NXRip$f>CPSg9JDq4spCr8G+Q!7w_?q8Y_e^VEaL7^fxX8#J=VOKhHI zz2;sw*8FPb#O(jYFE#x%t*qvB~>k-Sms{hZ?B z8PGJlAmpUbo=+J)Px7PFMMd{;!`ma-zGI0Fi>5vGqgI^GYF19#`}8R6pPyK&RTTln zCiz0CAsEun{TH5m1QXxw@eyERkJDR2W_`Rc`+s&b#w8$PKla`6npBAjJ(g-S9h_+* zF640!X1$taTXvU0G}hNf#zNnS>hQ;WCU4^$#3agAMI#2TcN!lhbH6U`h}Hh|yvBBu zvjD5(CZ&^h6n@L4AzR`011rAPRfiV1BYpKwC=PuBP+!}x_H~_W*s}NRJJ2>M36Ccp z+NK6H{*Gfml<%fIMVe!3Xz3r@*jXBSKp>r;AVY_ATU5v%0`J%5$eVodDn2|)cx8L+ z5UDs5c}lQQ`bcIH9g)7#ab3z&;=I_tA3Y?zT|-Yj8rndAaqYf=;lKo@C}0zL*;>`h zqafvGTKi01of0jHY|6Paf#S9E9R<7Ppk1fj!lovan`qSoOZ``Vdu2t>*8XIhW#+|1 z_CA$%aHl-G`xx7nNn=|r%6M>&(3aPP^Zs%*x%a`bHXJ1G&y(+Aq|zeB&&YwqHtB|6 zZAto7K)6cFgUTJ(Y@B*lnrwVdB%Vw^T#ha-p>;Ixi@QK0TkiKGir4bH4{i5Eb zVWJWCJ&Q-mzbH}}*_MX-v%*BcNB=^3ENjN2zbJleQ$|euny?X>>5?i(*5Gbu4r~|B z7o4OEacu>iNHlic7`6{d%P$k_6z9S%e|7BY)ndA;pzs@NPC0|;*)S7S<$g)^3C%s; zH*Ci2N5wyt>irps||a45J|32Ns}|>{s@hohxmgT24Ro@`+UIshv6{GEI|d`E;-a_5@sFUpSB zA?MNl@=dV!C)O78gf96HqFq`8nYmnTxn&9DR4woixR3Krcgu#ir-v=R+?GQH_F{%2 z8)9O3;GGXACT0${(o)R7Xvfk6q_5ZNMo0=PlLSMT@dMLzG$8L)8=HD#?3%R<@sLaOM|ualTkV*_#paQ9N)}OHlftK1A@ij zf(*aKM$~*78gg->FJU^_KiLxV76{nV?HvqrP5+{Z7*)E~b&>Z^(>d6R%t>=Y!o{FY zj#`c1i=YL3XOgdV{&a1xOHLt%0y@A|i#W|O(A8de)#%vl^3&_jjYHe(T}M4u&a3~s z?AI#iVb-NLt8hIkSqn?XAGpQKKMD?M0OH``NpS}%s_(=3F?lDZVB}7*&G*_b&g(s# zj>zDpjHrs{ilU-H+E}6=NPc8B%zwkz=(CqMZm@oAUjB{FqOLQYL7AKB&qYpPnzmo8 zjl7YOK%_Z7lZ0V48C@BbiJHt6T`KE3D=KnFXKK*5N}s?atcWY5lem$=nM$Q6k$-Lm zOuOVGa~u5vrGwXF@2Fx3_=_mA;J3fLzg*0`om^cZSixJ#aX8P2!mWH>i$arHyM*$* z%BJg{JNpT@=*&%=8Qj>i4bH0?*cWOnv}SVf^I4M2&b)PMN;PH;HsWgt!f&r`eaKXI z-WAq_w;Z=`@Q{!CWWqgT=Q)!Vm#iH<8lRJfmoZ2uAeZ>k+~~$a-PbGx_8aGmmL?jE zi6)T}wsLV1dp%C`L^ITZaiwget(yYG-i@Mev8~fSAMWG6>c4c|VcF zT+i8wBzTzh&};P-!mSiQS1@eD&mm(!_sNzP?V|MwYw1{eTc2*mS zzbIVY|5JgFGa^!flP)hM>}kj_@1BT3N6n|OGMoqTO!ITD8V!Mv^g`{h6Rv`HA;aO5 z35A9}Hhw(O)9d^xa>RU$>v{?NGyPtg7N*OtH5Nj5?Lv-rTQpH4j?!t{XF2fD_4NE_ zMLpv_b}n2F2K)6PJI!CLlz6|tb=W58tMo(LJ%{U>K(+kF&O0x&Wdl}^wwJkMRquUg zET`+vT@$IA^~jz-F_qY=rsKn%jm8%r#)c0m!p;{GgGc_N^u;bgX3A_1C z#`EddMzzyhuT>_hWE;fy-kE@a{_|WDkOB#%;sc?bbeN_(e3c_Kds{+c!c_~(3(HQXI`4$TMzbFjl%^<@+OMg*r zA2`l0uGL18PD-k{_`0AHTjA-EyCf;@WQi-I6Ai$@NYP(-kvfm5bPY~cTU&@J;a`=D z__#&YDGO3QwJi@RU&vwzN|+c?N4U^xaSEk@)j2s9ZnbALzk3_A>(W$wDq zNZB9QWWcsIV@GZ3mCo2*oK9%J2;WUfMf(<6%JEgf`XQdwKO=BimNp}TQ+2rhwaX7)KVbLQJK zHMQ%j^L{_xe_dT&Pv7#~vaah|Yf01<8+5DEHbnH{by(qYI*)iUD$44q3=i7KV&X@C zDM0gD^_}x`_|FU(-|jy|LnNp(<=S4OlqN`!u6RLT5s#)x?zV|N15g0{g&`qfq|HE&FvBRy|Es{dT&Oe!21Bew4?^*R}W z14bSu4)WyJ<{w%1aAa$e*;rk43R0S%y(BjWghKZY6tQ@e&6JP1)X!kB|_uC>~XQGRXk zCi1|C4zl-SDk)wni5MXTTzdJuOh%E}7)tpgtXH2eFv;qXg6_!_sPAQl1{FSk=Zm7| zT#&SaOl!BIRhivJQ%r0g&?@O^(zl{y_I=!*sXo0hyMySv!`}ePHcA1=1#kfYk)pxf zLC(l|k+q}h=H0jsJ!oGId~u#?bUW65;o!3tEGH4-=4>jXoLdOCcqlpP!l*=c&x|Wo zYh9!(^jO8QV;Kk>{>+4-Khr+lyiaktR(!#9J4Cn*bU$Mku$lq}!F9A3=0F7u3J=x< zMB8rEw?9bXC1h3lyGQSmVU-u^s7y+~S}_paecD3XG>$uGdp=O&BSJ3#XvTZ!)^5l^ zIyFN69R2+w*CvRrONtr1)9O{Wv9n;fKE00TC2k95*Y!+qG9I%p!`|MF%*k{~<+H)S zz;51H11v~WC)z_ak&y1|Z`&rHEqNUt2~JrWoVQ*rtbjbDXgMTB8wSI$RP~%lXXX+E z`PWpkMnOsfqKdAOQd|L6L)eO5G|B*yXpyeOx)W_nlZ1WH$2FRCRASXYA${+3KV;WG z30x~3hbcgE9DlDGsDbX`OmOD}SN}-z767z4530@JEr%?}&iEG|6xX?!b@~dFW`=J5 zOES;%Nr^SqwDtk0UjfV2PX6DxJeoL=A7G7})wh0jx;8r0a8^|-1Aea&T7jpB7kna) zlY2$H`2}>6bG>pOmd)dQyk(hoOd~(P+I<306o^TxGaQB1Mnm7e{9%f>NHF~TL#4qe z4-r;^*gx0={*|!z*NV13CMgGX-$8MoWIN$xAV=g_or?6#N#*B6OeRs10x{9Jm|W_G%K*r zagc*U!w+G%ACWJoqMNbh^CC)YRl}DZbVg?$f`BdT3Zx;6W_ER!9=UxSh9QOgMc_f$ zRM$faCC5Ag*|-EVV&e5U6cSjHhYSyTi{NxkCkOGs>b4h}_0`495)S=lb#5i=T-NW+ z=jNf+nk395%x;nbN~A`X%96(_qpf5)@D82Rvx6X);br?JH{hYRc`knEY>Ewut^duB z)76>ar8&^Wi-*g$I+Gpquk4IIV#>&L+cUl`*8McoMGbj>UfTqn;4IANNNkF1-`H}R zk_^maB`oF*v~DR)E{-p>r)A~Wc%$QoiT3yyJ;|q$iMc_HKjgYErvdZ@3)yOw(nChF z9QN3@y4)UA?w?S=xeL=Q7*4g@jRUjN_RQftnV1U);A0%6bm{6aru5Fvv3#x|YHpmC z)iHVCu&`T)JWyWVrZ=(*sdq{(aAIz{iy8g3WOqX1;;<&YUlO~I$D+%aHX?~I3>NSr zpw4+eQ4iR+O|QKyQFbJNq4=llpoO)Ox}&**D$}37=Yj<4j)i`m>=*adtY`31r$Whq z7F)B6%#8%P)j1)1o^FJ@iFMk>!Qbm6s)h)KW^4vHcAe_<(MPhZY31V&_9#~2O{>KN zHP;9;k7PtNK;o1Fiv;CjU(D^INeTiseBx=U-Qm)8*%K1Z3;R(&y--RFxh6}VuiX@= z9@saACTj*IOioV*cpu1_OOgT!mp{Lw1c?}GdDc(yGhVJ)7V%<;4RovLNdU@dcajr#`*J-)marO7Ov+d z1AR+e6q*HzmaxpHy-oxR#6t&ZUP+dr)7z;~o$NtksIQ!kHr5(U>|(}y!(%$XCY&!d zG)I;LxZqnK$+R#dt2v~eBmS)Ii?t<$$Z>Z1Hl1Wn_BGYoJJjU0v02?s0}R;vH8o}Y z__+yM5ZQXuM|yM@VXY%qrbore9L6uI39)Nxx|j3U6QGe1BkzT0tH;j;MnZe?9ph0i zwYj(9m3Dy?Y|Lj$(=V&%$=bxzPS!Qckng9Os(Q$Yuq-^b^OuU{B(I&nE&P%fC-4!lLD?s{q&uqGXVw7{HS+7a9+0TQGuin_kM~Mz&l@Y)-!AV30WKF-tU=r{q`Vv+S2Fr$O@NEuYm7Xl)^+^%!i~jA`%oucY ztZ>TkE)p&IJ?6Y=f|&n71<3`|nr=Ei(uQoKvB+FqP?cE~>ErLEu=w0Szz1pyi*JR* z@k~+$PC~~#*pxsaRk}rfUD$b|n_Xu#rKR!nPAmdi(f?vKNmx(eXEym2f5_&TZ`S z*S`_7Wu(9#y@P*ezt9IB)Wg*}peQ!TXI+BV9*}OrnnT=Lj&NLEDb$dS>fVkFU2OV+ zGhLEhP4Lv`l&Y*4b`3uZ-N=Hi{J9$3+<;B}^mm{GgEBc60B>^{@;SSj;)t`!uU+hy zj#X!INxb3%;8!6cXo)(>t8E0qTDw1Ch6Ff6J`7C)Gc#yG1^KI+x_yv#VylJg$+G!x zB}21&T>4rN=8kYJb149CiIipShj1vmal7lIo;vWWxZ;eO+9l)RwV~}T4b;H~m%A&#b=$4xUhW%UP8dI+`MC;pR4CAvw0!QA&BLU_6$6G1)XAbD{{t21+?^u>;gSiup*d*pcjzJt?N}?Eup}f76tN!NU>wYD+3#rqBu4sptI9MW*pIK zqBkJhsyyBee$F%(sSd52obOKW3mq~)i}K+p;>uC)SffN#UZc{w>zQI*KqQq7q(2cU zM^UspxYpG_xVVOC@3_;U*$cr7k*25Bb1Ed7jw;X78~f{CoEJ~$WQEFFsLOx#1)2LQ zB-J&qZ%$50_kF=bt{EImG&Gs(-))j#m{xxZYA1r2t@k3cOGCvRzGPh9IE5>BUb_{T zgkV$6wFyiOiAN;zrlDJsT(XF#JGkIwyj%Xr7Is}SgpTQt3F(t<8+Hg^{l(;#%831u zB%;32e7ePc%6T*iqaE$%GM16Wq$UdL0i|jC5>{F{S#w(y?t-z23Xc@McLcJY98;aB zXTS=HSh>djxK-Vz%GtJ8(LDi{yFcG9QcIilS598Pc%Fm)L`x;~g4?4cVBpo0Qs~>y z1ql_RG7uOH=KeOfIMJM6TNHb-;a45m=NlCll@OG8<=efnD!46;KU zjrzpc*q>Z$z4P|3+)h;Ggd`+#9Yl>TN}T6Sf9)I6wbz#Bzg9bWzwr1#cjz$@zQ-K= z%~7#pH3`8B>j(R$(o19>Z~VU&hbPdHI6DAN24nqA_z#|a<9Y>_)P(x?ok8Ah2pR$K2Fsx#SvzA8j-Jgk0$c2b&rK4 z9t?qO_#@Zp4(>8qbP*9;`H%A_I|AkF$9Q{3-hKEDSg2v#$~JwNpWIoIN)q;5qf1CF zGQN$&W{EBF%Uh(Tw(O*;MVFqW4#o#>Og|BBV6F}i)4_eH7sxt_2+xj)!lie(=W8YT zX>IMM|Anw+OWM_|MPZEtq*rP%_C`x*3{9Mm&aK@%w-(vCR1oBH`>{p*iShO3dD)YX z%0037nn>WZ_K)^8XQM}YBvUDgPSeY{kDR%Yf$x>2bi6Dfu0r2&k<~CS8l}o(qI((2 z=*Ntq{UJ0C+Ci--c5t5J-YejZ5v zgHxJf_JfBA3#VAwy6}Ub=j^Zo-6M_s{sAjidh4%fANksjG$Uv~*a$;RN8eQ(=Hs^nrWQ#7 znf!y?X?UMjNseu_UfVd>O|T7_aI*J3e+Dk^lsLt5FoGF4#<>7Ju|#x(lElMYpJkyL zY0V*M)#(DC1^;<*U4yOMRdK6$tb!3IN+)NemYX2cbOR?^|4gxdNn+wxwE| z+o<_(?bf26!PgyNi`-sR4b3Xxd|EzFSz#wgZKCgMn3*x>hWgvAZ(>_?W`4~s=mzVV za%>t%kI=u-IL`#DPMrpLH!ifpwwU_hxN(8ZU9lIzeh+ZR)|+tGX8@!WZ|olDOZS@nJc`r%u2zHKbb z2OXi)+|9wUlf{wB%nqG%TDFk^-R(TOi zb2>erTH4`CEUL59aJhyOPzW6p3v^>Gy9Jh^@^P%d^qgH&jct7R zS4`M+W_^3JKAp(-lzNO8GgN{J17>JX=@TE&T<%UenX*rGcTXm2f5!{#;rh;yYdYeP z)#ai`5-6a9EYmEY`3RKaVHl+OSeq~VJb(B>e|4a}hMV*28H5v_N>Jm7(J%Q*o`d;s z+QrMU_BvE`bGv@m#a>Oxc>6zd20Ze-@|A-1hFwZ%9(r$=<6CeY^9>R{PQ{g*2q^BQJsu~n1nAXU@xecvi?B|;GKqozxHq6 z_g}V3EudlVOk6Kau*HRuf-G5hD?WTcPkwxltEqZ1p=wmc@+*?bex0vKIiuI2gu(Bz zyJ0nnVs^_IDkpu`*!5zNLGGM|QVVrSL>J%b*OrlErn%spv+BKM?g7A#)*ij!Az~0` ziHP$>Z7oakeJHEwz@L05=0TrOkL&m1y3LVjVaziL>|AmC+l`DH^SW}zaHoJPu6qc( z3A~YL`ZiAP=b*}t1Wl)j+k8JHmUT!2|I`@NCAUi3s2OUIdHf zQNf#{5hiUEC2D0P26ri85F%gsqL{p*DsJTIZ$R^y)+!=)fGG!(}k2czH0)F;Z2kU2T>PW*}Wy0(;H9RGqH+f$+VE zi5)SY;x0Zd99?2)UvKgtT}VT7Q0jL(A-S$)698J#&*FpOiBU5rTHE#RPn>O#cA!Rt{&V^-U}oWK|Y?^_?3q+wvLLz z2y%2GEh&n~xGaX7^sf{AiYbG1Cf| ztbt9bC_RHPzEAJuUEh!0m~JDwRz- za+el2@71t##^TQ(ab{|g=kI1$xgV2+T@;#mvH{aGE!dw9NxP__Uh7w4Ju}~HUz2J_ zAI_?%Zpfq#&`SNl^yQ0gg{Uwc!nGu*jC%?FGO)+D-hbvf^knR_97qKd%#N+0Iu_CP z+1Ca8m~7mqQ=;*2)zQRflb&K-{n)MG<(KmAu6u!z~SXA$LAk7MlElF54i zkpWh%84sV%cTSj?VUSDZAMY5ci`Z4-;{`lBeh8;3FZA>0T@b}Gkd>x&=7Hkp>y|p- z$UR|!F;YX-G?XHTdRp$pDux6TaC;c)w5dX(!{3LYF;V0%V|>tpt2hwZ_xoKN59-+*6Fv!)(aPEzf9{e!PqkLY*n2CAYwZ=Dv!Y1Oep z*D27%yF4A1`oiK8U{Z#x+{z-5F?2`yO%|n$4*&9qvWTBSves4T6h4oqZE71t+RNX=;43W}Ss2FVv zd9B}=hb9yKvQL_U!lXv5Iavm4XE`^Kv;(6nBRSyMFl{G&El#b2TY>KZ=$v{3rV}Yp z$w`+HMu~e>F>SP8Z}Mq zG@th&kL8sN@6m6-zLql(M}p>b?Aik3QA8w=1^9&v@6)};tlo?EWh)8}vzYw+k(L%Z zY^K07gqih@8Hb!OWK6pdclC$Xwn}c#Xo3YPu z(X?g5xSd#v=bA5nrcb$ohYdBfXL7GPQSU|sXI0S-oWnM8RH#sJ(fHt6> zn={XOw$ry6FZs=U^FeQ)3MnI#hFqK6tF@9Jk+)zFQHS>9dDReRJAO+c(mFGza!CY3 zUQ`JouGJg8tBsm#qr&G)+q$Jloy_WFa25>q&O0X=NdyEsmuxQ+EFq_ z4rO$+diDcB#b|FGh_Pc+t2SAmZ1kkmE8HFLXCBWq6S%(jLFV379vhTop6%VmmL{y0 z%cxz(Y;&?*#oK-X&dz4u9^M6eCZ*PhT&LcCFqsK`2j=&_rOYcLXjU0aprzG+r37I1 zTX?K~F1>4Vi`s?s)3%(H#4MfK{r>M#HQh{Izb)aIMdWRa?gtKH(SFGkKBAq zOtGVmN^V$FWcibcmFBMRz0+O%I}AA(jZCsdy3r=R4D;u!t#Cfrr#tAkJGCi?jSvQy zJau|NLF0VyrHicELyoEHK31;AA`Wf8m?YUK)Rz66mnhZnA|05jD@KR`Tbd*za?@^Qq%dD8!ZV4YXnGJ$K)-ep$Mci)2w{+Us$l$?=-KAPw-I9fx07vVPU z4bLYI8=ZOmd<4y>gO~jHCSL$DZ`9sv#-fi)DQ(+#pD%ABTl&;vtFlJFp0rPR>!-ej zI3lUEZQQ@eGUDg9%W9$eY6xgpL^p525o8Bv7O~Ji!O7`S5n(=(XIKd#@mVoaLT4-k zora5_Va`KbOe%wu(P@okLUo$K{GF!nVhf~|ln(m(J-@z zgKm`zLydrULu9YTl=9w|=eKr03xFrVE6+bVr1VIc9c=Os`oL(ZJ_M1Qjr2eYRs#H=H-=ZPDXN)ro*%z^hjen|{>OlgUB4 zR7iP)ego`Ja#7{J%dz;+IIbBu1QDvBkuzX0=9}>IPQI}wr?(nixh$A%QE3c}vVMpD zPuHx6wj2ytkzrBWck7ytU!aIF-JVkw&ditVmgy##69RrSLjv^rbE{d~Nx->+>Fdzw zQHYRHm8?=i0fr0!8&|JbMIln`bF8KH$D@ZffH@3!-o4B#NzFQb6(1!_r|95a*lD0W zaNh8nu)ah1HSzIpK-yo}CYXC8;>$MKk5t~LwN})Tf`H@9K|G`R$s`6owVa> z6B$+Tg_k!n_^|9x8ROrgn`H{VRDF82R(=|2N^{@Uv772xbcYNJf~cW-<>@G9+k;!d zU{jsjvPBE#6PR|12%LsjQOQHcqTIzo1dW>~B~^0>_mw9`qcAb#Q>{+o4vaT0kYa_0 z_7U>gdmRUxrZ~kf@=y~n#nU>=T7Ep24cyf%?bI6UOi#{X?g8&cA%Z|*Adcki=&W)Z zQ(O{RLpUX0``!DrQ!hj3cOUjj%4Spf`E6O9JRTd4AUZn6dqDP6N}!N=dKHFYR^r9^ zpxuX_GZ&hy!uIq5<5MDTz#^>JFjTO$vy&I%r*U;g#5gQ-0LMgJqgeo(do_%#ba*Ed zPQ&gb^r0)SJhK5awuQ^Qz<4Efl|LW zm_3-|Sq>vBU#TK1S3>aTDD3HRv@~E|*`H`x134kAhixQjgqZ%1sw{ZNF(d8Re=J$V ztgjU2&NlE^%1o(fR!QlcgNaBW6>i)z&Rya-T`U4Ad~=@2oKGi4`Ye0hF(O~sbGY7< z(Kt0ZsNf&J!(Dsv29vbs{W3u%y5zky>E%)}Fs;J^@PI{-^idTbX%t$-jk9#C!x9A< ztJA^WM($kWG=Ji7Yn;nc!Y~%iKCVpKs?10LV^B#VE7!l#1uQ&LQH4kcUvjO8jZB|Arnp zI;;w(Kw}vqyX$&?c_=c?jET``lHx_=Z@X034*E9-|% z3yYBn169~sSN9C*J;UHiLk>NqTtlz4&;A*D8Qga~3@mGG9FKWp=gy1z0EjdMb{No& z&Z1a@YzVk2JEd!ZU!Ncip*P5-4fr;!=~GDqg~L_U7)&MgL~RGY-eL>%bFrZ5!C-rr z97#liNi3t{4ilxW7OL^Pp*NFyVf_Y5jqP+)n>dToC3WUr1QC9yDbibM`?MP&=|Xm! z(CJomCT0;Px&#`P->NryDesWCbrNyI4|Cp3goMKPyuN)tZb9Omxxkpu3Q!NTNEUwwQRHHMWLZo$|+TJvfkXWxrY#xJHS@x4n@uTD(GYz4b zs=SbiYD-BilraU=&x;i@Yv^>QvR|q)^W?RK-WEq49Jhb|sAuR6WJUM~e0HM4?H#28 zWJBHlMf{08Z;-~p#K}wlY`kzVdWJQ3MrQ${#Ey%F9e|4+@RbG&g~z=KWRBO>knIUN z6X%>WxFD+8FPL(%lvRrXtt9klgi%S2t$NyohQ`V@}@{5KxL&uQc zfTBQs3#pc^VxOF?v*mrm>mu8o>l$y*DgGeg%+4^@ zW5R`r^aA^r0D3^mp4Bpk&FreVcuk`#_A$jTO(D)~#+fFB@21^~>l{laId5LhrGKrB zl^hkQFMN)c*93~xcFiZTq=-ct%#Hh*nn|Fs_(yZZg_+u1Z5^099eUY9kn|zMyLkr= z+T0O(>fCr?I*XM3S61!)!v*^8Z5y_b&6hQ)xs8QVH1~ze8aHP-6oCEbBJn<38oe~I z@C^FjfX^*@Geer68~bISiQ^5_%Lp~yo!RUQ6_dD&-WFsYF(xTK|~rt%Q~ z4G4O6sTremUX_zi+1*oQ(T$E;Xc2ygKNK%@^5(W3VfP!LZcWF#-swT3d%C8p!*d1d z5)XV5dug}anzr=T1P*IFh_{i?q!)AMvZ>%4^o$AY%E7a;+>0x%v#j1j_MvKamVv`~ z(|;k88JuY?9~4avEE~RbLTMrnt-oNYIoPZAtL5hu?iV4eTmUNXV`lLM3C2$gjQ6Hb zbBy+QTD!-{o96X>!yDOG_D45tL2DUIBZ!)Nofi!a^f;c+#x0guKWFX;s#SN3oxiRK zXHK~%613Ud{t^xyTG4N$WnYo@sAG>+q*y}6pLDYekF7h4NEY!+jqNlgRU5SSyI*0m z#BT6ZCZ9Ypd0P{zjg7ERj>tQYSyLSx58e3N>7CN)Md2UUu z4Pu^%16%%8Rc%W)TxgZTfrO|9uiz1yOA{8jA2m8-V||-Uir;>IHs(7czKQ4D2w?d} z%F13x>)N0dM8TQ4}8HloAm0uVv?&dk7HV2 zR8gjycRnG*t8vIRbK8u2V77^*5LFhKEj=%^0KjdX@Z_0BSi<>bXywgEBfknJ)^aed z+p~DM76+#Yx33R;5TQ-@pyx&GVNUu|G8R>2yimK(uCgT4PcTt4TjG3K9Qzv}6 zy=&r4u`{c8k;FBGn_ML<2aU17EkuU>(kvKvcVHp5tI2YG*h#_(7(KNz~7^6aE9+Lb3DXimP*!q;_g_J`}=c! zK47|QgfGjTa(HT#lrGyxuuNb=UKP=~4i*pll5^nMYV?c&Q<3B0bEgRd3*G&(QbU(d zy*#rq)WUSUq-K#{J%<>F#XLVIcu85G>KcpOe#pyrqA};Ah&cd1K@4|#i0g8Us1My6 z)U;KsMa%BVdx-MzJVfHkWyR;QNC1^p;_YSj>6$mDgM7!bS7qwz^aoloQv8R91~les z)E6eQ9g)|28&v(e(wWS@B$3fiF;&jLGu@6p=>AY1b-&F#SJG@IOOTf%MM>sdjrEx;fBp4V>vxA7qG~XQDL&Y5kuW$3maR9nmc3F3kDM~?`glS>y zMT5d=P>Mx^{ZRXm9C*^xecT^WRwJAnMNadp&hwQnrkc|l1z7OwBN0mt@{~RIh`3Rm z-vEXz|Kwp$?GHJ=F)-F%a}4f74FrMmRermZXT((B&0?x?kVoR&1@nSN zow<$B{gsJ#RW|D)3Sr%KUXG~e!APGt*T;e2mi9P3)-F~B%Yrru?Nr=e{#bgb09n{v zZm=4ydL3)geWh#rp+k@cmud2)lY%EeBCtec5cf#-mPL%#B*rB2BIL3A=n>bG=`a+iw8eUGqkR3_k61Olb)uv+O4H)d7Gike%VE z^b<`GeXi#WKh>b)T?(9$^Lb4z3K$1=$x>-{g=thNr)6}6$9l-Sk^pn&(YMi*N|AUg zv8^xMBq`<}RiFq;IC%ITc(6QWbiU=#n~m_hKXRXl?}EwN+bnGaiBDv$Qga)oQWaT} zC%(B02G8(g6+z%WP;`&r z(I#US8@8iJh0c*V(W|FQ93>5Lb?gSfS?CLVFsnA%PRBT* zqi)_i?o{h@)`KY1P)c@%;qH)M9ik3Ydv-LDiIs*N*;{! z*r?{*hpE++Kkt1J+mEt4#c&zvZhTiNHq4^=Oo zC_Dj<&f;vfNK!hIuvL&lc<+7=Lss;5;|?q4Dl}F1LD@&wF&?HImH>NzZ?*Jta7w5~ zabW41mj9u~Dfid$Phl>D9ahN5Rp$=BMFwGVWCsC{coxEbPphkNjg=L&K7!ZKU=Urm zB!xpTPdMu(XFVt4iqbmgu}aKDd(DR4IDWKhX#Bq5tA$E@YLPno!|OgQrpE``NU;z; zg=hSTULjtuI-9nl~&!OdaQ{*@#SGI+F4ueqnI@8RbGM>b;n&RDFFo93-VTJ zV0c$<*qZc?d>Kd05VTGga_SWMnJqfNru(^#t06hi$ZFKvnw+GD>66_W!@wIYc3sHE zeu!!r0|utDTrouEYV>_=r1s%-gmeE^rd--k-uP<|wdHovSYyEBXx2f%uE#RE09ZTg zwz8_NAj{?8(6fVsn#|kgr8c zN}uvrhToL($LfvnZ&|F&uL^pbXRC2L?{97>r+D@p+a8Wht9|~~wZZ*-9cHWX3}EL@ zd7LRqDRo5Uq@g4b>AQ0Sw?U+53XKRjtd<1l%s+7+xD7YC-}YB`->sxh)Rc!_Lgzi~ z>whGHLo=Dk(<>G$^I@<|tTG4Anbe0)*Qml=)M#-+*0XGqZS_Jjd;^7sc|$$i}bOt3APo46Zp(Z_JsumL}Y&VDE%I zdXH_q*GXo~Znf(2(4LU*F(P{Zwf!s&;a7YRf}5La)u+xorA*tA;lGHm{bT6=52XW&w7*Z}GfmR|q_Tji) z$wn^8OD2na;udk=Rrlfbhr67OYN+X2Ip1*|WEu@@wLG>I6}i9kTon0E#x%^fdGV|y zYM@|6m6qXeA8F*z@417f-ufc=$yB!RTOjrE_GNtE3$K=4?Keq^o%zzK`}fYPy}#!PNfRBj@My;}3{5OhdIh~`__ar2%$i)fmZeg;pdeC2yt(q%o3+cc$~W1BJl6HH zWmyK7hNmNkB5?goaW5CdFS*q1XT?9SnWmh9sj^gO#4U1*=NrwKyUPtp6Y=hW82|P- z`p-{;LQ>H)?G8mJcEJ#bVjN6@&EQn2t)yv@fM1#9FzQpW?tM)e^+~2hth?mf&GX&r zt*Ejakq`$j$}?{f3HP!g2P<)d+-?x=2QMZs9NdJQgg}!@&$>s3ICITuwN4sBkf_Tt zPaW+SMU}hZK3xtgd(jiPa6a$?y{D73kbca4y|SCR5P=_ z`a3Si*gaZ_1lWkZtelm#*aC^)0>9)~FBwYxOX`CdbwmHgzb}Fe5phNV^>KA4%!~Hl zfP5df+xoq0>fPp%6}?4iFT6x4q-qi0Z2q+Tr7Ni~|87N-jmfNp`uvS7zhbEG5m z@O|$tUhkcp=JDW>)Gh2*m+eA5bEvfNZf3!DqtY9Zedpu%D{eh`De4Av4Kq9_+?byH z4FDeUoG79=4M&bdVm+$`@qPn9EgA#2Q-Vlj=Dyd)oz;zb*wr2Sv0|cyzsNp(2jNp+ zkgBVCTi&=hBw{n>Bhq>&^Y=egI{{kz)Lf)q73`<5ZC<|V6V}eSujGO)7MtDeWPm`5 z=glWRoVV2yzkUNAUC|G4w7oe;o!PX^tNyi4%QwZ~=+x)k>n<|js~ zVz&>!4v);fNj&9X&+?ZZYSWc%t;+j9Cyf93F2N}ETu8%iV*XPUmEKN=SfJbT#@IFO zS=7>R0DVvC*W2fn4gVd}{VSn6^7#&qdKZ~u37uXkHxB2(PwG17dRZK(-t$>nC?y}H zYv~w6alSmqMktR!cqH_R|F(eC(>GUS3cjvoQdY{s)&>32K=#3mk6n)7BKY>M`u^5y zL#47STdTKE(|&|Tj2Bxnby(AWpwxaO*h}0x%#>f?StUuvVb>6N_|t%SC?cwZq!O3A zYEr`~#QE6+Xkd;WL~O#e1!@2XoF-%YOUWjtsBHAoCs_h$xT$X*Pvb?@sn;U`)pN*aKy}EZ9ZLy`z0N$ zJAv3rE@UB~_s2tgMIT0CfG|W~ALdS}4u!oa&P{WBQS|B}wJGW`6oK@W?PNQ{ z`zkJ^xR=D;QdxH?r?CzBXC*1_!QA}PIkuYiWK45yq1qzJaP+5jbMoaT0l6f?WKnn~ zudwnQB3Xt2Ytu*EGxPJKP8aIkw0O>}$;%Se`p9K!iQQe*>zLE!U9>jFpq~!(7)DdS z`c@=yd1x*hh4pSEPNRf8P2c%EA9Rh7>ay*ULh9^r{KH=t!eNLh({mqNE8Y~MNQeUw(}d5F()e6ql_5SkI!2gueQmkxa;9}1 z82#%;QQ3U*KG|M87#}51QwmgWl@;xy?+T^*uHy=G%K4elp-*k!f}D4I>wNz6IcVF~ znJ|BH>)tgYgP*%!=GB6Lbr)<(;*v2TL%4ipx^5c3>3O-k_hQ~bvmWBLrY3mJpzF;5Y1YJLt)dL$ij>3C`V>ef`Q2I&-bTy-7VcuAZd8w$-vNXj z3Xd{7q~u;MRU(EmMa9NYNfo<}l_3-Ygvs8N-s-`nwT} z+9e#|nq&qW^e66OaOqarr~5sEksmV%B{J21f)BGC9d(Dx$C=xj6l?Plgy1 z*(z5@l!4xcO`6}b`JhrRnaYC>3>EI}w*Cn(c=N1E;h#V-W>gcAIe;&PO zQH_&!X!aS_tXG%coK*SNYL{D2-{FB!$tg9|k(#S}pRum6ICHALgBfngV_6@dzC*jy zfST!HK5sCI#rLf}?`;?K>XSy3vBAezkLV$-QUH_%Wjvz~mn78(tck3_2KO$+BNZT$e72Gq)9`tgbby%n@AT zHB}G3O+No%Mb?Q84~LiD>pjv97MZCTuQ${N#E`GMr}i+3TR8B;k6c@NL&)^C;5R^iXT!_}WzaaHs*K?)GZhph>GKnJAKzy6Tis#( zISuOPyY_x9JIS8aj?fFC^8sckldAK*c7NtHj&1?lYmX9%Nune+*y{9AgIYqVtj4&K zyLf!D71@aAF?~|;$59bP!i|XKxSEldAQgrH@uzO+1MkuH53l_8!Nh(UP!zDAG6O>! zLOp=W{4O)%>}J-mQoqssrI99^X$l^WoKf6{aSq2i<7SxQ5U$D9bjiIiH;t=9kj~L( z2qe&a##P@GF`F1-NCY+>Jf6c{&YlA~j&)Oq4sD=?9P*dXkehEVCbUI}(8&!8o)o3P zNg)!lI^jJbG#RFuIG&ripLwi$pQLBritV2B(S>|Dxk^AJESJmt6>46gddCR3?(nvt z3uA@M5Ss1XZ(h%uZxh9`@(rHSvO%Mg1qs5*w&=<31zsx2UTRx{NvS4BYn)IjTewsW z1tvR0O1INaj z_g7%nP|QohUH&&R+q(wk_GE{WjfI4}RYqtug|f;j8hy%WjE^7kxHQk^jeVM&qifs+ zQR7b(bEVoJCho?9?GB`CV2L^qY7CHaAA_zdJw=AsZvYx=81OqM!Gs*unk^jo>1+-k zWkk5kq;ZZEb1^0RQfQ{zpypl+|&^V5_wtjbt)*?Z$1p zvSP)zs(x$H_S@N3I-GD;ULmWUR?j91>9EM5I+7k7NP3H(_rj6K3)ft}w8 zHA27q5xcrbR?e0KKp344{GiMYO}(z22O0Dy5eH0SW{Mm;U>gRqoHWMfA_$n?r|}^~MaQr*Fo+8+L6+QWt+Z zcB=GkiR9k8OfP2gw5)7@&5IlLk-0uBZ4tKh>6*ZkqyK&vcebeO?YZz95SCAssQBTQ zezzI+>#FHDfasG1bH<;4{O3^r>z8Xl2p-5UIpYdnOm$I~O9ndGcJPqNJKUR#Gvrm} z1?5WXdermiDahJC9Dc9-H7_Y$`0r~7@t>_B=imX3?!&*JAH{jiz>VpFzhE(e6NAkC zl*P@E+2lklCJAYN0rGMm12mXKjUh-czOTS_b;y;J;(3*L<&oP18NI2 z7BIdR4CHJioy*+H+unBZ!;U^l2>-n$3{!A_<3HQ+x0(5KJpP;B4^53-d8@+O;KF<$ zj*BSv9Uz=(LXuX}XdK>z0<2Uz-D2d7I)u~U5 z_vgqjtMcU2;JbDD;JYkm6!l$5h6p=UedYhTjQ!^U%zq9&{QbKBZx7-73xK-7M!?C= z*6qNEL2y25&XJ_@%a`*5a?B0qU@6b$yeTqJxlP5QC^}x7hogr{pOFnO8*tOxW$F7h z(QVo-$@Q+>&>PT&Po2$G$KIVtw)_A7c6%cVcGEJKVRs`EwUrV08(<+Kc~|e2v)_Dp zL7yf(vU*LQ<%1X*YbndHys>S#?c01-eR&tMWq9szYP(yIB8)n?uSIwJ^O5%>{O4Hy z`4av2t{!;3q1>;Cv&_?j%4u$&OBe{%(Cu)txNb1qi+EF2dH&NFwrk~W5qjbrGr%fn#&MCIR=uKnNUD1Ck-{ueC`{ks4F literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/autostarts.png b/docs/images/hedgehog/images/autostarts.png similarity index 100% rename from sensor-iso/docs/images/autostarts.png rename to docs/images/hedgehog/images/autostarts.png diff --git a/docs/images/hedgehog/images/autostarts_confirm.jpg b/docs/images/hedgehog/images/autostarts_confirm.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c60dc250552ffbcd65c2a7ae99c756fc9a0a46e3 GIT binary patch literal 77503 zcmeFZ1yo$gw=aAeYn-3~g3|;iL4#|6210O$;2xxLNzeoW!QI{6odChzU4ugc1P{Sp zXJ-C)X6~DN-}ks(lY)baoyH1@``|R4kzMs2a10Kjq$w&bp5D0+6KfwJL zK`Ti&OEUnFkzoQ*0RTV;01y%Yf>SNsK0&Sg8jzvUq@*f zc||G?Huk4%931fePdPaFpYrgtb5XH#^KPGmM1hy1{Dmg`gZ`y22;p}b1>x-x{-7TVz$@VCcX{vsIC&c($= zNzW(5%OS|d$;I)D2?z}h4HE;C7z>M-gPM$*}#MI2(!qUpo$=Su#&E3QQ-TQ#R4?)3E(J`@c@d=4ZS=l+cdHDr}MOD=` zwRQCkjZL3BySjUN`}zkaCa0!nX6NP?zN~L-Zf)=E?(H9+oSvOuT>iNF`Ae@~dj2c@ zuGqiR3m2{z0umA;68M*1AOu%{;h@L%kmVQ{|C{eXRTdv{ztO^>M>K}mN5yGZBBYT53z492BnEd@sI!O zf`}Abj^^w;YWCCgjoS<|tZj+i)ymejSi{iWnyy}1Ob5nCXd>Q~TBFg0>0UX|Zj?=? zXq3xZDayBM^U^<(*~{D&!MwXDy!+VsRPKs7&&GncxI0 z7~4zkp{C+osJpl#^?Cbo@I2J*3svGX;k8Dx?+^3K$*nW9d^jk!kDZB)Ka3m`hJ)7H z?d9xP=7^~PSnozsG4s9#sl?sImU-AV%_~UH=1Oy&pU;Nv%cpNS+zH3VMTu8mf4W=p zLke@WdO2(U67^)z_KVw91)t%F)XEwEDo?bXV7-PMCzk?E_k#gHsW0`Gg0457FdZ&M zL?|l>XkLaG6X?6#^p@SpzMGI29(f*jkRQ+^6(K_*2Ssv|=;fn2ojUc`BZq5f2rHB; zTB4gkT~ncY-my!JWZ<$9yLr=FF6OViZ$HYtoxCN-(Zhz5L<nHn)z8yzllW~5C6lq^zUSScP1#)Yo#ghAGMi?xRiZo5=EDt-Yxk2qSYnSH zZxj+C9nbRN+qF9nv3)8Sdfj?lBPrf&hb&XTG?NhyQYt2Q#13EGO-{= z?KfpYL-Y^vk6x^OJuXUi~^3g6%ystZkO@O0d7rOi-)RQkKUe3=_ zWTu7b;N%{_)jgve$VpqlC}=7EV4Nhl^E#N=eAh}F*de{vxJG}ig_LH^JaC*s8G~Dc zdRk9URv?I*7El8#kiBGy`o`e%JWX?9NTm>BPV!SdmH-q{A3bP;JXEPCxvdb16CtAt zrsP49zHD~B$Z2S5(>&6qrcOn}{cI$Fu=%E=?xvT7cW07Jy_*2^E?zsTG$=B)QveMK z#mohhro`goc5^T~Os!iUupVJrQM!FxcG z&UClU!!GL{(Ej$>n@D6<0#o|?{C?ZN-FgiW21p91pS$yh^Liowy7C^NFB>^TbhP9G z4S5+6u<-l1@m?18cvI-liha2U-UTaJU*K!g4G1JGkeHE(W6$;BM1GCp&Hq%6>8L;! zq5CAFIW-v5V25}oWg|HMNnk{A$+OoVzCzq!ZD>?_Yj_@8AaI=mO4*X-p8cit$iie6 z!-fDlp4jE)UF^_nw4zShZc<53=$5a1O5Oyb?N2;@v*_zrbUJxa7#}94<)B0Uh={zz zf+?h>k3a56<0J}VQN`w3zM$kaa!eRGik@uMPFIlgwa;@=OH+-!_->!+HsX13YXSOL zrqxoBb@fh;Oc^|X;!Dkxcn0xf@)Q!YgCr86ZLssqa4;b9g2~^amh9f}*^$pRoYubx z{)ouGm5qKlH{u{gX*Z@G!u~e4jQrUP^Y|gAhDTnC0_hjt+CY?CpK(j@bkM0OQb8}7 z$4}SZv7c(t^F{h#KC%|^7Y5JHklDZiAgGBp}W)~8i z2le)Y$W8>Fs-dTQGB<}@^mvn+_Qb-Rw^{1@)aBIc?3QkN?XTyTX9dp+j#`B5T#jRi zI&d#PGs4xldh-N5F^?bqZ%f13RFwUy!JFQ9Jzut}0Qau}Bi>@759OCDkdi-CAhHYe zN`49d5}7XR#Mupd5Ql~bUCgF6q3o&39qT%k?fHru`M6tcOKVv-%5iikm3M9CeGH{( zJ#Nc~5g9X6Bm|jD$XyM{ELgrXO`4$9Lm9{lX87N7k#_Hm?~{Ar>w>~9()2=ZiFY5~ zJ#g2Wa}SKk18(tMc2|_#Pp(bxfvl*iGyT?Q&dqd zf6kiW|ERocA~q5U7*+dWep#z?1gGRs~Gnl#gAvncrxYZ}pwUt&Yb%xjmN z;@{)-D(#l3>!;{qK?#w)zteuQ4@N?t;!T+Jqc+m;gG(rp3>*1DX5910jrrD!FH&M; zVHpPOq<)_6@vh{T;SxF(6r1yfb}C=JsUPtol$6)oRqO z=)*b(Vdb3T5ol>Be-AU-QO>oXVvzX&$9odJU;$76ZsU%U)nQND=2fe1+sC&HMPN%4 z84SeJ@J1i7M98rYsa@LXO3-0$s!{Twq_dcB?Mp8;vJ(ps=_>!EZfil>voP*3Mb#@) zt)P9keQfD7La`FI@;4&px$@=^t3uM3qcpxJWo}F|*Bzc})k2Fu;^b7LB7*%8B{;bdqx{c5)$5YeBj_1Cb2E?b@6e2(#6+S^EhQ&U(veqfL+(zIe}!cn0`KNwkQ=WG_lU*I8rphdx8E8 zOmDS$+P4cD)+T)(ew!3M-@ZPxcLjoKy2w;uUOb91UgUPY7S|lfJ1iQsY90r5&>Fm^ z5UyD)Rr{8zyiVL%Bc%}cQuu_8kD~m}QIx>utWL+XD{aF5L;;cKRNToxZ0q{KmB+C+%{NnR2l02ovV-GZ zXRDHTwe#=pSiH*uh{L~BPka4ojM{!He#E(96_WB(1NZyrkyZL(?@d~>T(VPBUEGSe z3p7`U94aLF@;8H3qVpa=BVjDp88)lOF{g<}xq1axWouX*BZcWm7PQx{F*F!wPG?U=RV9N!t z0c=bWiM6QLt|Tu`wx);c?a4sV5OGC2@zsX~50BtD=03W*$;}5qeV2_cPCR?{=?^wW zwNmQoS2E^7Pt1dPhhABTFjXJ4ubpVMF_jX)B;|I9YJ3ZC;?O|t+`O`%7x&l+ zd%KH(+9F}eOkUAdQnzjs$`pjke$@Ud-#_Hma=5f>#>nmUo4%X5byF6CVm?Linhto^ z(ztf=LCe$q_ta4U>9VPKu3&3sy{b&twx2r0%B|@)?Am0|=fX74xB4KKFH52{_=#{Rd%Q{>d;@q_k%?UD>0b;iQEwH-@RfAFqB)FzdzWLX+T6F_EQffq z(MY^=Hq0Z$!HK_^m+7#g;+K+VU^q(oBy)FuJ&EfhU85f^SCO%#9lbq`d@Av#IaNI` zZNV@g4=dB`u-k#OS?IIV(kzjnvMox9@7!EZRawPFzBF`+fL5YuqUs(WSRn8@douXPMFvSN zbkLen9pH>%Zdii3oi#ZElu>D^!pOqMx&B{mlbovg zVKU4@=1f(y-JG!6o;QEB?9J+{lT5@9KWHgQv%vmpxuD&Mz{r#(Y;C%P<-2eT2HtDA z;CY^z+6sLYKT=3?Z8b5uJ%b@(DyTx%j>k4VW|-uQ#7qnmj|6v1ZL?RY9;HcCW?kp_ z*+YqiLM`+`#;wuno1$CPiPa=Kviat- z7U4)otdXd0%6C+nI;Uorfb}2MOHc7_!iN)=Y!>oEyDsUI0L^c5){gtgaNF>^Bq_2B zm}vq(ax6T>xZI;0IrL0j`}K>st#2+Hcy*Aj*MUFWuIGz54 z5=HYO2Jm8}T&ucVM&0^LnMdgjs2n`^kGzh*Uj5GE#hZbmvm38|5xr=}gQrs>d*|qb z`i`D4ghE>_>UwDhirq@l+lCwf=rECY*hk}X;*>iESgt=Jr( zua~N;Ftp)wO2{Dz??$Tva%_7=b$}9HKVqRxndSo_Y-GjIGTK?Qpq0%<67;v1ykh7n zr|{R>AwK%!{BD~a%Q*0G>yy^!fd_d0qq?W*-!rhVq;S1W>9T}p99lL*fc7+LFJ|@| zA(px*F-YVV)q~HSq3w1(cOnbQuw};sZSATNr{%bE8d;Mdi9(2viK4<*$_($rPPO-J zrZMzKCu^olw#wlt7LQ(ZlB|+kDGo@%(hpCt=tiDt^fAifID&Rx=7YCnQ)?bt6?;P#BCT@!~CS@bUAQNN|E3NPh#K#Tk ze?H9?MhP6-k6%2K>cr#>2~IIT-nw<7p!@;-9N48I^da#e(v)bHlOOFFvPG~D=dOfV zsY1bu7|bn?mxNlC*-y-9^ZjW4ODiH9gr6Yi1}^vnj}!mesABa=w3m#5$z#nPrf%Li zNvboqt>x-&ppcM*Xfg5>7Ora?4S!O72rK88!IL9^l_wncvk_-7wPTB3Ibb`uZIDgo zOqH{4v_+}b(=2X@5{Dj&GNB3a88Ch%iuh`Wew*u89pRfN@WJ5G5M}o%?&Yb9&`82P zVC_yMN^Qus^(9i22?UPxZwC{AWS`*nvmTT%BY0g9>-j(;Mutj2h?H!f-M=oBFUY_= z>4xBoH2yH*Ep8BB*ZmoteA~|# z^Tbky6^8?FnwyNngbEN)1;qr9Thc_)qH=-#i8(GPdZpx>r^xTDZlN9fZeU)Le2fFJZ>99Abyxz(REO=O zvKD$Y^0KZ7-nGK6=EK0VIL;a;oQm+~Q{&^@`eeD-Nkq;?A>k0v}G|7Q456S z&yRH6*^I(u%+y9YXd@K7_-=fDswou@RxKJq^0q>tgRuyr?wB~VTbK%YpZOy-*rdK% zVjlJ&@Zr)1_ExGyc*V*t=uv4c4&p`+e0;_(=qJDAhq2Z8`bfxe#)pjC5~&&zS=2NV zS@N1hvoPZEx5xlus^dxCLbh{0sc}V_2`JemK2A(dL#TbQ&b~ayvC(HvZ7Q{pbfDXh6sO?=^`a7QEJ$Au^2P0+=c#VcK zJHDt=0D}}M&c(y#h;o?CvNe43l>Yd<$YD>?52>Uc(%ReM|#+s5!hQ35DuN z{-+42hx{ivxxyaoIGh@ttV=J#cjSz5FSXu=dY7-dihJdT;#T$**V9Kz!%c zyJGU0DYvZ;j33?jNPZV+a=<}x%+nfnbR_LF&P5ukYKxPhm_M;b#v;$$~x zJhqrIriGem_Bk!Je}US90mqcfvtsW?m9-g^+-1JgGuFMIOsHBQ0AJV<}zf6OID!1O(CR-h8-UQv|z6 z?>1wZlLK{zx*jABJp=)3-+%1&aPaMAV^W%UCUT7K3~w7eS-w&=z6Z!}tyBHwramnq zO?-a%ZEUeiM_}1c?(so+uiC;(=^<=h?&{pVvAHFEe(i4Tt54!ZC@NMzUEt=m>g0xv zww|PqnVWHtT6D~U?k45idmvW=J03=u8zN#Alr(4;w<1IGnZx0k2al(k+%4O>^>)+y z1f1ITA)niG<&^VwL=N-Wa9N8@Z=Q=IGE)q_?OPF(5&Hzz@w( zD~lOI^WXqm4@MmBpZsrDZ+e5nA~1N!bWD$9;-j)uiFZ@T@x^VTs<*yd|n^5KEcQGSb-L~ zi9u0nla_divh6sG(Wr8YZnEZe6pZAul{|)J62Bu~Wqmi278*RH~&g!nGLm`?e z2<%b4jR(UzHf(%$w9T=x`7azQ^00;aSVZ{SBmr~b_-!3`9HuIa@*14wdtg$56P*5v zQ)$_vXWJ6B;bc8>u&U@ydqRjV*>T6{%dA?940QfiDNV0&h;4?xktDM?h`+ykEaX!> zrS#usrNncVmX^%oT+)aioFQ^||7F8uK`k`Pkf~TYq{1+=`!Aj!vL%nLAJxLH(H9A& zwrP3=qN^02Qz+H!VMiLawnsLHPb%%-Q$IIBVefE|rWf=LnKDhj_%>!zdSNkpVCGhs*&!6w7?Jm024*llsbT#56exr>%CtQO^d zvPo%TA!1|*eu^>G8pT`2NxhXt>4Ik6>;!1=1EUR32|8>^_WC>@Ya#o zr7$09qA*AILMY?84Qo*eUdgbfb9}U0fp#k%8f1hR2GJuK`EXLt+U2&^g`?FE_>X*k zler)*-A_*&vk}%pQJZg4wJhgO{Z*bu!C9SSk0NAme}2GXm=*gdjafR=XG z;FiY-ZVy)OH6TIE^O0_`SnKjxXXi|42RL+PkSY-yOeM}Bh|@x!Vm1maPX}RkFoc{J z6fS>=I8qn znJz=g=?3(hYv$ms<&M2HX7K^n#u^#Zcb(LICVXrDVH}`dG81e8^n$|dqvjyP+MyA= zP1FF0k!a_!pO<0B`DI~d+UIfFTAxll#<|L#2DPi;4Mg8l1mPNxLoh=QNRmMDZ~1Rq zpvATSZif^&e)5l-pHu(1Q(87ee{6i~^t8(xE3No1zT5<&{TUrsGc=|cqkJ&fUswMx z#=(qPb)rolJ_jy|5F&2JU$%ZY^qwfh2z>0tU~$;I$_$L_KwL{XJ}DOpx-5KrH`J7N zC{o|O1NAjgOLUd4h)!{#O1q1VNuzA7tF~5sz|ZoK=lIGX13@p47qW(ewRBOcGc0VG zb~~6aYJu$t7EjRaE!|j6# zq=rVSWh+M-^^)K6A#RZr-2?NNR?oj@2Cog$vXRRcRr?2m%U|5I?6i5LUA}Bc!xCqB zCvjk#&BnoFqc{(Qe8(ZlK#i82FrFg(G=a5PR70Jsyq~$;p?m7z8u-RHxZWIQGNJp3 zIibuXN`XgGMy>Aq!+Kj}6P?{>ZfGz5MEZqxW66I|JE{F@<+%6$7z9hi-f<-jd* zU)F;jH!QtRz~*6qOC=A`bQ*AHJJLSqMx$2MT#l(KirbQY?zPn6s3!8!?M&$}Koo;F{acIk1h>wvG{{;}HT$wz*)6IZ(0t)=};C*~i5vmDS!k z#F(#TOu-*g(J_Ii7>H^4^l;a5#BP#ugq&Imwy>~BoK_dNPMNx z3TW3?R)oBuG3C&OZf&Zge{*$s#)bn9w@R3o`Xs7ls?Q|;HGWB^gP5)g=4VYaDfOw= z`g1f*?NBs-pO-O_DO(0MFLfiyzQ9F8+(T%cnS1C^CHFb{Gk%v#bSe0 zHP@p2(KBe}v6pI>s?FZ2Jzp`tRr~`5r%-ELC?S-_IBp556x!mzw-fHM&BKYE*MDIt z|0511PBQfQK-G(9KDkmN?qSkM=0d|-sfVnyO7pJv6Ly+ZV656y4J1rQKbae*-iuB& z$qp5nO0r5*sGYVP^h4bj@s~1@ACOfMvPt>~K%v;V1wuE5 z`4Nx@iy!^$5$cm^pjxn1bKMZphVEA-M~xh`d{QPw9O5+MUWET6(ohpE0D{*`kerupRCX5GD4?M5gyJd#bz|ys zr7LnDgL}M^o|Rm?Of(^6sWtj-B34F*8hH4f9l#Flo2f z+0iAQQwCvyt_x=SNVD<{==}4Vs*845CUSxwRQqI`goMszfMTeHDe_X&!>JUpK%V^U zSO$~X4pZDL=7r3Ht2g%Q#ak;qj`O2$>h7!yEAm6-_++tEk+a`NH$+LY?k+G|HRYXO z-@TBsV7Hc1lk+-e8q+esSu!@L%%v`mqcmgnDue=OLJQWdZhLt^sUmmU~ z(3(j4s2PwyoqH6p{!*In^TsM)Y4G6PjO(*I$*TH!cjQeb2%^2My}bl8&frWeH?zMd zdG+G+5@Q+SAT1wEP1uQd^(p}aAA_H8QQ{**9ZC}6(}hA$dD&lJFw4TmmR%QYKhcNs z@RO_^BDvQQ7byF$YyN-3dav~*Y#og{(N$_+EuObeND`+1m)HGZnQz+xjDq!%=z({K zQk*IwcY>evBfi6a|s?S0tV!P#WOJ zg-L=mc&{qMbsxANsP+av4h9D>XVMVozkl(8plGn7@=6rRFXxP8*kajoRA7apugDDg zdDDqOW@j-HzNrhU$@e4nf6*^cIfwMFa{1JbTw2K0m|Un(`zy5ZS~FJvwTV1zyOXA1 z4urI6>;vlNu1O9+|FR+H&)mPAUBP~6U=Lh(0`_j)LMzE|XJTZ@onm7oaa94GDl(FR zAK&7VYXP!f)Qow^lhGs(CX#GnNF>7NY7w^IGkp(FHw|eY>8d zfC=aBCr8xnC4<1ht);wS-|w6!^@ILBFBwhvnPTcwXB1dh$QA{#@B7|hY@ zyQr+Ya8t*7irl}JS{lW_cB(SKdX}&P&C;CEK#nC$s5ZbR6#E7in@iWuwf-`< z9<0PwVhVSRhIqSvh~f}W<2*@&jjiVgK8I$%CpBxp9o^n`R`%K>CPw@!ij&r<;K!FA zM?{5UuF5vI)RBxX1O@x5wASWcM%%A7FrkwVWd=xKhMbO(kroog^G=yG#%Tsuy+~B+ zpq`iAbh;AX_~e)*HIeT$IkFpPtyo|}c9T&^#faos{~Vv}Wq*j<$|aP4V|nIio+#TilzeDiylEBp^`z-qJ`ctoWhCOc)PdC^~9;0I2$sH>8o#vHN*vNR!aukA(n zH@rwrekNSNw>?5vyBp_k6Y7^0G=ZGM4%IEqvl%((M zDqv%h-0F5K=A&>fiwtZ?DR%B?M9yw;RM*3Cq6vrPXZh_J!^tSzAYT=43=PxAr=Q<` z-sF60a$>W>=Vi)<3JGrvfwfhBW9qt4Al+w1a(%Sz9Kcbw%2ZWghV-5NllSLZbxj$NwCy z`yafpw*2D@Ytolbf5s;{{#v5i%KU$Y9>Klkx_KRcET>@lVz;u3PW9&M`bpt&@~QxL zkRU>4l|AoQE&cD6Wg@%e4{vWozG%FW%>UtcadEPO!EorbNAl|Fp}+NOphCcRMB0mY zPj~i)I_Vy``Qg23aS!|`I=58m{R%>dc|SOR`e3EM2iA8-lR3>_tMX)bJ0bEL8P(-O^EHOv4v3 z;6c0~mkk%;?_c*+Yi$s__-pnAlN7alsFz;8Yv`vHJO?&}KUXRS*2yeJziM+;PTA?t zJ=(hmfcl4BkNR^pvnIwjjo+&|$Ov~5PW*7yPS&b#a6j-G`QBfV_tL{WWfu9N|M~8g zh7G$3x?^SD3(7KL(j!6sqy|5inFo+uzn&ruxVsyxEmZIY1B2J$s@v{Bc6^(6!$MXt z^C-VxB4qqCDC)U<7sC=P%2Q>(r0EUbD&5ggJVP^5ut%Ar9}f5=14&*AC20Fiw=H{} zB`W&WA>W-_e(7zp9GRReC`uCZ1BArD(GLvkxG5^$d+|DMoGp$@Zn2vm%1wMzUSE3br8tHsdMVIj-DOn=U$ZIj-!hluzT1f@ za`XZVkx4TtRvxbC!Dr>oqW7AB_py^Z9LjWhYI6_x9NYulvqMuF@dK{9Kg|c>ae(Q` zb~j+VJGO8(c*L-mP1|?!wjWJbNx^*LJCnlyDHElEhr)>`NB6+a_ToJNg6EIff93ee zEGta0@oY36zBeVpv-$&j^+u24FC3juxd|NJkLJCB`x39N>h6JdmwRA+_wO9b6AQ9q z*xqt(t=A$jkGb~A#>A08vSNR41#`5d76~h)r`irZ-4a4}~Sn6{s zNi+O^bV&A@KgtajYuRiz`9KPkg4@M9h%u$U?@}dvfsfEWhK8oA=%+B zy`-~#W34QURRNtchOE}O@@&DWZ>o3wwRc~=S5>`D7VZJ(wxc43lGgW6wj{5$E^)pk z>mSzNo=acImtX4K{mcp$g4c*0m@kP`*?2dtUQSca^RzA7UGE1oToAOyf@{<5|95uT zbINzB6f2gWd$jj7m{#HE*wvr@!HtN5$P!a*w{KbC`*e|!Qr7) z;B5c}zy=86FkwtXV@G>2Ma36?U{wF%a53`>ZwmmEtiO2uLxcaU2+PFO(HIVHrGhsS zHMVzfg3|_Yn#a}2{uiA9rwNQL3{Bv437lqefC~tx=YEwN{Z4=TMVtRd|H3*01P-do z5^&vqft;z#|3Vx6g*LWuuz|PXg13Q~*x17PBWV6koBX2R{Gx4MJHuuBE&b9E)6`Z? z1%8CUGZ`Qa$N=(yB0vQg0nUIW@EULeSm8%oc!?vR46hge5Bih-)?X3c%Lv}f5-^7M zcn;VBHh|%8{efTC0Nw_k{v2CJGfp`68lFIy;sAiWa({nH2LRw`0Jx2~zrW7BzrW3b z(4Tyc=(bY2mr+M_J$6Izn$k7^cuko zj!Zwv2LLQB0KkU>#L;zrA2)d2uX-SR764S?WA$Pf01}e`;ITQJx9)$SHyjfF=eYf+ zZT=X)-!R;W2*1*=Z$x-PLP7eK;J|KV6gZ?C9Ss!?4IL8)6CDE^0}Txe7YiHb!2{d} z=$Lr;cn|R5^n>3p+`oDvBB8=NKEOc3fS3MXrr$8!pb}6EA_xv&{uhRu96s^kV*QEW zhF=&IBrpOZD%vlIx84H)4&a7E+>ua-k>QAEB=GM@Xj}k{M~zRzPCzK8gi6G1ST#XH z%khj?SyfHL91h8T9~~2yomW#kKD`Oy6o>gfBvv=douuQ6tTcI-xq&9(;vW^81!qt8 z8+QB`*!tI%_$~e7{|oRAuNC?Qvj)M%K>;Dbr9g()gK**1aP&AbmzYE4I1!CuCO#pD zlCla6Mcg-wz&Nr4{AHb%yXyP#{omluQ%M)qgFQYLDF4NOH8$p>{9`vl3b$WKcWvZ* z7Ng2S4s`2_g-xd^C2Kd#GedzftpB1vQrh|O)5<(A3iC^M(w}X+w?98g&qRN3D|n{u z9xvs#@hakt+ZYzeVqrARIrE1{`t@h-v4!N&dOAIlg+@E|H-kmO5t$QRL^F#vgsih5 zW=m#X5b-g1#(5(J=Q*#t=RF`pd1`jY76p!PJA+3m^VqHLQT%-|-mRgy zVUjC6O8bV55vHW|nA$=uCM8Ieg7V8x5FWQ zJe`=YMw<Cl+8{X|J1DF7FEO&eW6v?d03FwVnxHWjexSrLWh>*^_yF)1P8 zlTth4?Kx;L%I$QMcY|;Ag#|W)bN(ajx^;E`wVVj}PdB83NUWC5JV#c1ofILA`)_3; zZk!8|(Uoz08HJ>8_G?MdqU7t7oC>)1i4@%m=tPf&v-hV!FKhf_O1pAOj-m7u9gM=o&y_BQs>uC^ z;j2RhX!a$L5 zz7H&hHu-G4q_faa%t`UT2lx@=dz3KyL`9SUw_xnjkWHJHK@Li@3(Kaa_{ z)@gyd5HeQDQp_`_tq6ixsb^x=6Xk-Kp~y1e0&pj-BB7Pq&%(&NrVSm=Qd`iUs2*OvZ+ zzC{$D?+O&@htt;_QyNEBHvUN}##uZcD3pn}Ul>u5tco+_e2ns=rZ_=~`G*m3&=|23 ze{yXw7gP0Fztb#TMPMwRCe+<8GYta`f{cUcC*78fVnk*$qL(yLMju?^=)W&~=R@7I zv^C!l3saJ9NLdSi@b(roC~D7E6OT8LDhd;g$tf@icY}wbT2{q0tShU#<=}@&PYHP- zMpC&&h^&fwQTHrEb!_P@75fAfz(lfE5hbelofqQy^Qmd(ObQcLLo5LW6B^(8Tj}WxROftx9O|w@D6b-zj(+vr z0&vdyV#4pYE=?0ALG^1c@BY5D;t+e%7FF-wb&}^rzx1wzK{M*qx|t4>RC>w9&V0+q z8dg~kd8V~B)v)qv6d3j0ugR^47Y5GF3Tl;W?|};(GEcWAuO_d|wvXkr$0!rGX;T;c zA`Fdp6i1Em&=y-6H4CNmf)krPth$;D){vY61b+JIvf)8n{eyBI7v}|8XUIuD9K7rA zcUpBA=R!CuPm;4zesGig>{Y-U-~ViB4Cg!aq;zpz%YMbzekMVw7~r?;Q5tKZ8_zoY z+D^Lm(KP&LA56)+t4_H!6x+XnKJ3dbDMxlx^9c3DRyx^qXyN1`?2LDb8?x@0z? zRqt^ny7=Qrg}O=U)XZ2}!=!X9H`gD;Px$qb^=pv9_fgb8(nWaXsmjTQYC4*-7M*Kj zt;&fPzj=kKoF!+7SyJT}kNz<HpxoM@@ zVGc17Xv#q(^sdH$`#WKbTyE;=DC>DVx6lg1f}+vT{b-{<0hV0GYH0V z4J;1y4#cdQWu!!vSSQ7tJsteCp~rKZ`)Z}>ZKs+M=D>M5;ee{STA=wlS=ZqCeyKB>%Q_cd;839@gIaV~F#zvRkuybeS{ z=1&$a{`S@Z^J7`6-2zkdipz4essfYo)WsHcPXde%x`o?|w=cRG*`81S6hpREroG|Y zB$4x1izSz-WRyWYA|c~S&!NhQTfCBrN#=tE@yM>2G)BeGK04Cq5Od|im$KE&Iz$&M z+Sk;qF6WIB(XQjAm&0E1$Z<)9pT5dCZgC)ht@~wVpiC6>wEVSl#T=~Y7c=tpb1Tf$ zE^n2)Sf_WVarmUF_n1CRQgKa&)-tXv8}2A)KsVp9@+wgw8><(7-ei@VSv(kycUbZK z2wQSF9yOAPVD!n!jH-ib3Vt_L3dEYVCQ1_8QL23{WP44co9?>E z6UtZAio*OIqDm!YgJ<Pc5*#|}|+fPh*ZRB4SsOt{rH;1n9N-^zN8u-D=e94Vi# zl)q3$TC^egAz)g;J*IO2??HHMY0KJiFTU^O^Mw~2?{z*hVb8XS<|jn5%D&tld9P$8 z_mU5Vo9>BV4%f*eWoR&k3bjlhR3Y4zf0pEo9?|SIx$sAH(~0w1SFLk?-TbVEq_;)m zlER2z(6I@8*2f6euwv;T2H6l(?crCsQVY?ff_;Zwah-M*KM58~c_VUI(TN!qg;1#? z#AeVfmxC)xtRy?U)EIe8(FqpbE_0B{u9k>s zj3$B2xiS$`v7oR06r`bC6O#Ha8k!9@&Ea$E(=?$l(PXA%+lg#d(m-|$k4Nuqu-TBJ zbTphb!QiI1+7;6#YnsLCqcwvww;47<)J4w=uN};!;CC$#c|quXmN_mhokvdeqF>f2PMbouq#!P7V-dFQgTLS!9@a=u zV;)4_Siu-eKKY5}kQ*LnS#zctI!4(vr=_AeWODkyhLPzOUY5=Jsy(>sjQJ>{~cYgou?CkDuX6N0R z`{%uL?!9y7oX_`s$`_OW#fL^CLnC~KFzF9ZbA!W4JKg$`-pWXh>+y9iy>Ub))yO=-JvblB~sQ)H0dBsnmJ?{~#1jqLG+a>5}v=$-#3eM3j`V$`8UMKfTIkDr(H>h}BTT0Yg+Er~pm4t3&(BcG-xP)uBq4oE_4YTaEX#;02h5V zk-%dkW^6A$-+Mo`?NU8P1Rhf?74h+$@-%7rh5SQimiKeHwVgHi&X}5F1(1fk3k|*Y%gUKu(o#|cW$(JV+ zzgb;}9prxf3LaSNBoy$?M`h3aRt=|+?$vi3uxT2F**02^!jw& z_@0vUbb`A0-mkEmKk|R)x-nCY-Y%?i`G@I-Ob)a@4{{ruI+bmU<2b+l%H?xVM)6V5&yX=3EO*a=P9cp~LczPA)TGTAZzbsL7|#NAB~9n0aToKjL?#R;ku%4D96_+?iHF33Fp z^j^>_;~yId*QRV!gPpusn3b*%YV@CwT-~1yB;bHwB%EvD3K1IdyWuKzE+#c%H{wm} zQOsp)F>HG>!vuEra`4WoKe2uza&$CQ38R>xnNa8|CcCIRVrno@G`OnV-B>x7O=y;XnQx{ZrT*u6J)0>i~(@DnF+KyiI%#~4o zX7Nn^&G#309#;UB4wO;q)uy6GmwCU+j;XvC7l? z?APe5I*@#_Dsh7gy0c;X89sCt4YePpyfjSYZP?({a0$Ea0SS4l(xFs%Tf0+ZufqcUgev8|;zr2o4S zB_a)vwv4TvuA%nW(&)#R-r2rs z%HwT^t0X&Gum_zA*G1x5-@S>-)sv|P<;{u}Ejb#`RQr0gLYQ(fWt;~Repan4Mbyb#NzjSc-?%H(*l})I?M3H(tV;dr_uLgb~u9>p2zzH5V&(?pX z;oQqyykUmJ81dfwikwNuaHm7Qd%F5kmOyHanh_PIBE-U(1;bD!Jn6o8#0S&@myQw} zJw{z>e{-_}Tff4?{Pl2jIb08O-iS|jFcZIpb+jsp2IVaGOq9Es0$5=;g zmYIW1tiKHVes5(T7PwcbW5rX5azecpC6>W9(7ZD@>x%dBX*5m(z zRaWNp=a;L|7&G_mKR+SmE3gvj)SSlqGkv7s2sux6ynksJmj?~-2NcZO#(}-O9iu_?t zYkXXlKv>DPB3{64UdVS(&)`5ap8(Wi&_pJk1gWw|viuxsfH$8QpGgDZ@@xgNrp_#z zrU0)v&oj=HVF35imO_!PRTNY`xc3*6cCn|0z}^$IugT`hT=TPOhE1>c9J`gM88oxv zJur0kR$RFrD2y^RLxFiCL2XdX!!%DvIogL?I;=J5{diG z$86Y|1+!+nnuxF}$zy7$H%gN)W98$GPeOKlY_y2BHBGnu0EutHY3(z-0ngItasNe- z+Kc^Bm{8^*y1%H0y8Im!dl2ohj54+irP^!3sb#xM&(7HE`={ZIGDwU~ZZl2`dCBkY z581qQOVU?vNZzu%3o73J&@^1Lu(RTcWEh~q4|qpFcbJQkDqes)fCp8dL^=>=p3K#>ACwHFk4S6GpC zU>jh=E6*Cr_qF{JvP==1C%v5Wv0gk&Iy)}&jn)#bZECCOpg@gL=yfx}3Z=mdpc^?z zWi#d!$zI-wgZDCTA^d6pCl6nI*END;L-7h4581Be zkRCa2e25nwXn?8wf@>W(bBz6LqlVd>hd`Fp2pH!RF3rEm-nxpY!pnzgMk_oqjOKcY zIv%bG1Ab;zb@G3pA8hE8LG4xWs=!X?Bd^l;wIQ>ITiTi^Ik%PvOVuke+2nLqlGvI{Yn%SWtGB0q4* z8}pJlS30XdbzdbozEdlNqGDp=X=n#dDt zc&=npVI39Ndu-W9_7kOMfVs#m?T}I#e)Mw)j>g5Xg1|P!A@-bmw=N?3Luezqy3M?q zSqO}>VI57A#Ie_q!IH0ir}-nvQn)=*z*9vdLX<*ZEUC+|tqgilvmyOzn1{9p-3OyQ z|EE-Tr5fe8_Cf^&td1bMumlX)Y!haw;T|4}H&0+p^@mWT_gOr3-2@X zNYXf9Gm3%yOKvKjL(eb!prm8DaAz!Uqgb^$m6w&HVW$rpP3a1|-TsyfU_ru4PznhWG>Te7ib_cBIh zx8f!wvamdXzn>UkTvLX5c*#4JsS!wQh}&?BTtJYkA8?-Qy!E3A=UHY`dkDOC2L353 z4v$Ly686)ON-6NJG9n?fOmoMad#$Ute4u)brGju2YnS*+*{zKyLmHrnt@e-vR zv_BMX61GM8BHopD3i62XBrkjK{@Pb;uBWP>1qEx7mF8lH!*jXz@h6r+h43z?revM!a2~P`fMnpL62AW zFM&!7R#4kE;#%jkr(kC_Sy&jEBrc)Q2?6%9cS~%o6FV7h*-H_(IOp);%$qhS26#fx z?n&TuHMBm2r9s$#s}>d7UIcM}gD@0~CD1cdff)LUR6C-*62!_sand>^PS ziDhXeU$>_pIo4jE)S*6vqOBeZSd_CpY%04SN6Z{Ge`aHR#rER&47)Pt)`xdOdc$L} z@7esX9D>~jiZy6!(}r3{vBj0I>sJanJnEo4!61>0BAWdL7^6Y7@bSmB0>m0^bHpEU zDY$lL8A!Y^O{^(RRzMJFW$$OJ0t-&$9hfvLDFY-cWX@bAG*hEaI)V>0WmbGIe6D>m z^~C6h)A6G2BKl{2QEwE7Cjy7=&GlvG#@By#=F;^mZR^JX?os?ge|4n<>aTg_uC@jG z**)eTY7sO`xk;BGwr^!*i7KP}se->v=-qH*Xi+A)ls|2v*8!*{6q&N&d8(6@FN!Oj4nNF>+rtVp}ie zLn}kU!IK(gtU_&z*J(h6d%MkdGGSny1FLw2ol?178;9HF$6*wh##m3)0$@A}W|e&H z!=tF0B8a?_yjbawt-dA(m~tM3Y*MzSJTV=DFbg(6P@E^-o@?>Ty`Q5VSz=ac`cOpV z+5gE**T(BU7!PV#u^D~82|JvecvlQ__!yMdOQn-Rm7TPyNne*J$u+#6Py$Y|q*#`! zxO?#@(0Y!5g1NlYZ#i_I5$efpnKMQ|tQH<>2puS_J#}LhOWFWO1ZbyNM!R(wb{_>; zxA4Kg0=f0{^Tj3qXr-^Ho%VpSw{DnCUAKmq+I0^D&XGJftwck-X?Ckf!$>MwhNKnQ zlX#_iLY^(IXhCx7Clqczpk=WkRf$iLwK%kjcCqp$TD5OfJcZ!KeA11#J{dJM)y$z) z(YQkSHKRo7xBxVsp;arDy`VkaN1fY$;2`(GHZiNTK092%T8BGjZ%mbcex?@4OE+}i zlGD~sfB)4*5y=Ygb1O$lls%!neGQxx)ic-^H5%315OUi)znoWDIzni#sfBaCOIWXb zdNqH1I9~QT87aN^`1!-?q)6yW7(dtzo5V`Waqo1xENsMyNUkdVKfC-g7S+z#P>(k5 ze|hAZpIDO>!24i9B2*>#wuN=RoD-kbr5Z4_DOn1c2LUjQNLbh=?&-o2+ z`QLBx-m+zzs1b8*-&(7=0?C8Kl8M0lq1C(}q6-P0%1lE<{^HvB^v)~ZuGTbg&7^V5 zOY?ikNTaAR&n*Es6~|U2JFaM;iH(1Ef~oW&3C&^uA+j_@NH2{_cF$NmTYTG8_A5?xf~B!O08y#Z*orzJn*RM~I5!9AiW>dbD`l zS0xz^yO6P!E++j+auqH7RQmwI;WFTh_fT6zO|*!n8xY+UE`Wc4O)+!YVK7Pt*|srbJcSB#S~X6RS1`3wZ=GcF z6~aeEG-<-%NCp9t-RcI+FVlanuLI@{s9U8NmwtRP3X5;*K1JP-*`*=X07^BTXv54O zo=k4BYiq6IVs)shdKWPWE3)HzrJmJCN-dPovB1ij?2D;Fag_&fQ5@5GnHiaa9R6SG8t!P7Dvxk#m17Q8aT)Qbc~u?)r35u5^t}a<=a8%ksd4l-0o)e zyydmcZELo|Xn-18I|q=Y<6KBB!X7-JtRRoOGpA!>ij{1Fi9P|f&2KZ0w8syr;GW~m zk`WbCF)xbB78H8KgLH-iG<_ipgk3<>yYxEkO5!)8fy}3s9wD|%eP{x zz|&5u1!lS3upE@7gk{y2IU^?@`ITQ{A`?k`m(|uBlHI)@?7RG==@oml!$e!*WD8fZ z{D6wSV?n|-)Y_lcIBC-bRH3K_FaZF5rZ6@YRfsU>8Gag_J+HyFoW!U*XcQ`#rdr?G zW$$+waTy>aHR0)=aa$Og6wv2q&x2kh7ul~UcLl8BEXI#fA;N<#;)93GE>paTJV@6O z2Yz=kJqXP&?EP}BU+#q@rHb5xXG zEAB%Q_|tO=oRAp|0S*qagRGk1=h6)w&+>$I_o(PNKhbMg6O#JI>l*Y#9cX`g8XH3M_em16A2iYruLSV;{vy=;BTU$myp{uT zmdnz&WF89+IYPN#WkF(4S^zzH^|S)gJeCMvr#Gj@hjRfuoI!118>kK0digv(`>KY! zo=b*`MFjB+Sm6{JMQcnEXYT~IMsn01=6JQEk#xh+3IId?p3D_=Bk7JmsJP(ABN=p3Ia#S=jW(h*xv zW>ZLa{C;?!DvtTHaltG_|L3~H|AM*!escV=`6wr1h2WYn%;FwR8&B8Zn$1*LHa*gp zzX4uzA^8QbmoWw5Stw$}48oj;iV7 zzy4`7Y~px-$8}Z8*-+;Vq*365`ZN!HJ7HnTp{IYlA;77Ov6lL=o{-HNt)>|I6_4F~ z8$KFN;OmP7l4;`4c;!(9F7VuV>LDLJvnQ#d?F2>ch6hjaaffv)5(URoE%`_sV1G{Q zX7S90r6(^IRy=H55)4)|HZdmImAAzR4VSw=X<3SmEqm?DJKto_<-TpI~5{CWLEdE%N^g;J*Y%DEdZU9N4<(IR%r%|7jcm z!}YvlBe-vLIHHX6yyZJ&jzuR!A$jUpXvz*VYavS-eR7^PeTwhO@}g0*>*?{xCC}D* z^vnVyUGo0N8hipjt>-0JJfx_H*4$W;ytoWLoHD?ksMr2d##6s+eqC9D6d5nzdb;9D zP68mTY@`P7-53%KXmxDv#*@2pmd?JOw!y!*$!?u0?%kHS;(>tC&v)9A$hb^S&;5|N zC}-bC7&^1+So}5Pv4cdx!&=()LI{9{Ry@o%6BM_p)R+{2)J6-XC^B9yLoerj4~L7* z*Qac?^tURlHH#J{h)JcbGwQ=oUE@sjOewe* z0fwaWJ^+)3D>LP9Ta>UPR{|>#iv}vIdsE197~r|5YSnrJ`|j=UbIz9C%1tJ8|3%0> z!G=GGMbFwUY~90-hW+~IRzty8+oskuQOX-Q_t3tayv~4!f#%6<7wf)EHjXp#bmT-I|;4*5`>ds{brf z${3j9QbX@dJ(d`8A#qMcYADz&muoN0$w2a)Y-WlgGh@a-O^2mh`(K0+KB0&F0a~s! zhx_u=uqZjo-laP6ODFMf`G!Iv(93cBt9ZBMrsv}RGJ*`4jyM#Xg+^n-;|MKa&Ht)%A?G~`1Xjg$;^sT zsG6iWDd268{1kVCG&R$qR_`!c_=5tgQw4A5|3|C+uZW=k0($4Rl)H`M^-5JE+QBk? zg*G>U`xfDxBN0BwG2B>!XIZf_h%jHOP^|cnpnEXPahN<>j4d4-&&8btl@9LBw19VN zdW)vTYq~;g$FjeBu)?xq_C1O@{2>t4jBa<>%FfpL`@V%FEtyTnMM>#<0S#9|=C)Za*Y%;?RXT ziO?vvRaoocUo44rzdk&`yFleYPr}{$aWWEYA?e&0)|7qSn6^7J>1#l3bD|e_z>j!v zI*bYKgt8tcUZ=h)|L70WiTAmihkkZT-Q^u^^wnExXbqFKfsxBtx9DMmTuKM>LpY>* z1>QBjS-q3HOidSqjL-m< zzrR++Sp*->?ZZ)x%cH>^Uq>DdfjVc9GK=)M0r`#FR6qF{%Gbyf{`m|$@MpMF#@kkN z9s22!IEb;4(TiB6@=#$oVb3z|m!(IlEBOvwS;s1>N#ruetfl?hB@iK}B{0>!mli!- zI1yy>#XzH$s!xawtv5jm)ebtX1|s~^nxKCY78qiVfm3C$s~rdT>UM75kFCer%s1kQ zxD>+75(lKDk;aVFl24@8r*iiC4(E_-`BZ)jp{G*$UlPfk+TK=6@g*_;mXaRz0v|>_ zP(xVjQWgs71N1@as>CJ7n+^#GEW29Ef&{MKFSp6C#^$bph@3B%X!|KU4(#&DNs9x+a3$DTwFJuLI5paUhU}7+VKfmF1`FiR8eglu8*^ z^@0c30lTu8&EX_|JV<_Y%;jjFRoCdwFte_*kJEUew&ur>uKH(FM8m~qciBYg`w9XH z%OLFN*|VZ^0x4ra?+}Q4!d8uqb;UXfa1rckUYCsTak)eN7kfJ1@ZDfCdHYWm{J%gNFpvf>Q%mL)T8eZ2`q9!|>V`l7T?D6K$uK1et(@c+ z(EW*z(#<1rZO$l3eY+d6@1hBfS7ekCpQ`+z+J*D2wv6L=BMot*&OMW4VPQA?L98fa zsc0!SrS=;w1$TfNXMKN318CEU=+aPGf08Yo$rSkm4>ELdYmoTc9F8_JvYfe>`XB?* za?pgGt4Kq>9(7`49f|qH{W9jYXH!ZpJ@>^vp8g)|;Zk3gQJPBXE93j2MK*0%4Z)1P_!9Uh3ZQ{9fr8g@c?kN$e*U({$kU1oW%ZD zXja9b^`|{ZqBdkioDlwc6dSiiz9-~Eq+)e#pUr_|A{lo}-$PxHs9}_Wi&2rwq)>Wq z8`)!w#4NQLZ?V2hNBE0bhYqrm*H)+Y^~I5v0cE4yD2;xAuqE}HqOG0DFH=Ny*c_;% z0bA)77On&3_XopsUnFfjBUMd$P2E+N9s2HIMGQg9+g01Hi8;i9x_|0Fn448nwTcue zQh9nhtD8r9r~(4`WE|ldu)3Z>6djXru&Jq-i`~nhGoczG`Ie z+1+6JA_Ju_Cc5gZjI70l+N2X|oJl>bJ3FWj2+Z(=p((r&iw9Ocz9rayXVRSRnnv5I zr6zkojWwfoNy;nlmS`OQm>SMbs?B7YI?SYFSQzI*4}Kyhhr+unF5hLC)Wfx(`4gg3 zt!yEN=p^={Hxy>vrG?%Hvj)5c)AUT2HB%%MKDMZx7KY_l4OaK~QoNb!0<_(NfxbX|M&rJrQ4QZry8|X>&E_X{6 zF*~P5h?s>>1D{`= zKzrF?x@1Xp4i}*xWVj^in_v*;Jkk-i00_3n%Dwy!d}F~~I5Nc&w5jxSH<86n@qHLl*1@=!aD!qz6r7?7tjU=ppvvSQ7))V~8di(d`qy0xL*1%Z3j3Zzr z(GgnoUR;^I)*@(-xtxm^{*xQ7t&oTg{gI5_;8# zUNVE^0NN0+Yi9dkgtK_{B|KH&paOOAz4`JFGocdZ6^OLUNu@2JVZ3}J+yqi$*XBYP zD%juWakx2_E1`2d?m*`(c$LbimK6<~JL@}?iP`Fld^}}jLa%ZNonPc3a>DLZ6E3fd zyE@LhhFwhW2>hs>12C`nW&sHFl)_Cg+UGFaw2QDfiif$Q=I`UBH*V$ITSsApd+M4c zKbC(etMhU6>UshPYJps;FyK&IFuGPVDC6@W&t>eB>j*27c8}**A(My zXyOgq3Ed!p484jm%=<@;v8K?}JL9m@)Fsv;`xj)|%mKkSXiQO3iVKZzMmS_SNgxWR z0L*i(vcDF1qi{e8Uh65^(HyrlCaS>hVB%i0C&!CRFq!WgT%r~@&ghyp7wRKQRKCS9 zKymVMQ0MK^$ojt|%hfH1mYCO3li}cZH2GNFtN8f#!jVBYxE+D;PGd70Xqs8}7rF!S$x+b5GYIuq7wmoq?O$-{KVGsJmV0q(io$3>{twbEl`tLwpg0}tQmOH`Z-x{z?He^i{?v;xcqKq!`4|p%UWTo9|UpEi4z!?;=GV*x2ie$# z=0MLMq$!70LXua~?*H!f3MtM1HbEmY1kEyieEu+hc-i+e7l&V`D13d3lO8+pJf-9z zNs6l4khjxZykq2!Rsa|6O394q`Jjm&PUEJNBg*jBxNvU`rX;@ZgEL6C5|x*r6=o;PCp!yPhZR6NU+BTN-wk;W zI9I%9O*w6EB`vY5`C#RBDcDp3b``fUOKzjGkj=F1cUsD-WkjRj{>}HtU6nZA40bl) zS+iwl-Gt{f%Lbx7hihOjD&f8Ide@`6Im$SYSfGSI33cD?@u}88e^Rx-g z70NDS{@QmY)jWY16JTrpplNKF4&}wA>0P8HQUtX^ZxoopwJU#F1Z2O9I+EXH*Eo^| z34fKYppEYLSIp8k)zh>~%sPr2zmkY6r4Nv)d#=vK?z_?GKHh~V27=REiF>zU*Ot(d zN)49GAS2-nTK>|ud=NL8WWFl*OUvkxk;RtfRP^UL%k=ZA{HRYD@=?@*)`LK1i)YZJ z4O5xok81irS{Gg=*pzv?0=;h)4*;tj-{Jjg6O=~Am%x4A<$Z-+fuzMp>Z`Wu&YY(e9jDcVMemLWy zVVQFAhiyJ%muH1b9yTUi%`i?GWmXF&UZiHZApc*?c*%HS2J_qWALro2hsiN1da`;L z_YRB$w8#Uxy8u{IgQn6%mT3;F82(D4i{E0&2MYNWFrd2(m=*sAN$7t;>3=K6rrg6M z&B8_{7Ylq3@~YHw2Th9l8{is@Bt7N%X=v{0k{9y$IJ~38JR3P)sSFaxUX?7OVHJJm z7IMVdIoxpPcKHt2htZ zVP~`wdN2QvwyU$l&p9AA`V2lp1Mp~0YQ~FFr1mpOEpSW|dX1el8f%vRDbN?CwO>iB zG%(N$8t*>Hh6t;kjox-#qV`IVDBx{}Fum+(Aq39XNRHZY2*m3=9>2He-_K5O%CFDb z%6b=zZ^}Iz>6yS_G9>vnd=JJ=yR4e;YN+p@pvqH*P8tmkR@u&!gE)HjZ90uirP7`(k7*jCm*s!>& z;aRAit97NbYiNvtQuvE9X#b}R#qq^G1WPXZEYf^2H+P%cP*q{?aeu#H9v$*wY*1wh zn$I9*+woD-$5dndXb%7ICu91^d^7}1f~dz<(C7ZRm}RkJj5T+1g81_WgowT>bgBQgMqy+jy#8Y&B#rzEXm9nGB;X{+^f~udB41Q3UAS@*LUH9n2 zpwtpbVX~`$vHfjKj(&V#nG#*YMEbb1XehO@Tpf+?w>p(6;^LHSjZ&DONEx<>MjC!7mR3WXb| z&-_p~1~Y@n)D5ZBW?7up~CD{JU^6 z#oc~#{9`ER@zNOZs!FTQ{0p2xo!g<`Q6JbjECvxXh9>F1G8twQ7NJ&ForX_EE0&{# zlT8X?$BQONq+=>Sv=IEgzfV!Ba(hHK-R5{uohUJRPkxYu(=H%NlBJoz={Ef$@R{>e z@Ab1D!&dX9%e->bGMjH+oyxx?E@K7aZ4;Tf!=dd{%h!&>*88m5cx;~QJrh=i+>&9b$pT`A0&Cij+J8yZV zW#h9yPTYX=I!J8k;^wwz7XYQZF}!E5?kokTCRhpz(KBelv_hsCh5YW^3%x^0uZ;r9 zrWDtT>VDu*Hd5ONI3Vx%AGHtv1*(UZh9B)NawW{D_Wn#_2UP**daH%4&7#|T2?k&B zz>zrO5XnUt4+e^L>K}6$6vmWYHIM~S%7|ou4YFvx&>?42{$BQc?bMM1*it7VRU@zE zBNkJmfSs!AyIbyJ;j;x+@awj-1K=BdzuqTxis{_OKP`=&5_C+4lZgxtj>`ZJAilLpe!0A5 z-Urc$$Z;=Dl}-A7Qf8pmI!k&Mk+fN`(;C+BD`z(~O^Df32IIM?O!KD|Gv2;wF3QT# z`(CM8Us42iC?)jHq�UlIgyxPq!u$SWicv9;slN=BRTFYBb3Rc!sR_d=3@(^Oj-Z?;;h3GFuSJKvHS zAO@b`vm=6D->IDG)%-46{dq1?#f+=yM0otq$tx-c@f=MbcLjqt%pzEP8ugt;en1?L z0=PGlG@(nT;<~z!i_RMr6Nc(-$P8}1ikri;6)qPkb+B##I= zKE=FXGft@5ejG3OV!vvfef4*ZY0aOy0@Gsn{ZNUv^Rk(1I)DWv?cSaRMF1^pX@OrJ z7+!zQ?@^WVo*Z-7G;Hdx-=Ek5LmEg%-clESpay$4=04#p)ub0X6ZW%f!F%5*0zSN_ZmDze>E75Tb*p}xyG<5O;hrVzh{WlXR5_St7m~B znb5IPdM}ZMDlj%wyyHX6c@F1fJ4YAt{8!j$IAZ|_u9%%2^GjII;WkJqK#U)`QD-KT z?eq3r@@js$z~dN%+$#QTezWb)F>Gt0vpb@X)8E3`FQ1N^R~KkwJ4ffWKfF5*MnQjE z+t$vdJ>=gOuTq9$Lx*}OpGztqJG24CREA^Ig9@7F#1e9h(`fd*_O*<(x0k5WOcFAn zWC8iQ(AnS(8s0nvYpdYYLfYZlQ9B{w#shV0flWJROVkTMtQ2DeWViqwCd8~u&sEHd zNqbHRDM`6o75hTjrMW_TWuG%vbxF6^L z#9X!WYuI@S`wn)eVqp9ysO7+EkD;w@-ZD7*p>)>R=wDM-Pl;SN5lSUiZY4FL+7tuTadWMfXrwqLy%_mDP92KK zDp@U8FLSL*U0i&7ms8Zi=JsQ}3p!Gf94p!?sraiITOMs+;Sn_Q=Dn*GYKd4x#xr1! z>%-d5eJ+D@9hVB-+kNMNbQXPOwqd=KWXN2DfadmzRJ~$*=~f+}Ywe22-_WyDKU@gi zi@x9g_JPW1ep1OEt*VN$CzYK==2S?YKlCcp?gWxmzoo|-fqVhXu<#^ACtG<658Bro zKXX1u=#emK!;-7+A%iPHDl2SGM^$&n_ZljZxaBw^j|=Ts9bRIlWKH3~C?)|-JkXq@ z%+%3pX=~U*uvM)cxGx#-rqY;_im%mjmbgnt%(p=G9BRdMbq6Kc#-`(W6nce{%pUx% z+-s}A(l)EC#fdwAeQIbR`9(_|LW}AqHiAkCNi$=%IsoVlEo<%%78|Az$F+Id|3?D4 zs-0`zBS=c4_rljv8qMjSyL+-ZW3|0)Igq6_`Ar9HRaExYW>F2AiNwO+48wu&C<5`!=aE_=yb*vsYaI)mePAs9S$?X(%kdiE>sGRmC_mq5!K|UDhKh$= z_93>%*hGQhHq?#NxJ=9az3gVFvAZY)yXZc07GW0lT`3l_xd7NAl_|9|y%;{(yiTI}vaX0n_en`wAWw)9}Fi*XiXC3{^ zS}j8s4Osr3MdR0B+_XO8opZb>$vUb=PRLYTDYacEk2?Glx`JcutC~SqU7(I3Lx44Yn>J`@)y!7_nfAW%{s@XZC#Yjh7 zPoJAM*LOuDFC}^DbzS$;Ei?0>uBkJ{){6@!HyVOby1RjxXXkF;M{G25FL$#W_S@;i2D&kR-I{$nB73rBR_A1Og&)KK}z%>_j|1xf_*fm@0dizEMFsf z()vzi<%ETE;~KjG^v5!7O}JI-J(fe(1-@at1VvGOb2(*yy|vKo-(5FRut5&;7z?by zc=a@>b^7Hz@U$4CLp3&b>sbD#^ZHF1@xLSsFk>?hM9}+=^!`}IWM56xoL;Dcp(I5J zb})VH$2x0%42WV^S;49Hv3LGmA^$Cn=T^M#cyq*FhEA5RMfts5$h1n*&f$E!=d=p99{Of7{P;5sc zp^d|kj?!VZ<^2gQj%9g%9eUthNoi2o$e>8QvS4uXh=t`_0!JGT`Xj^qo(qRHppz1dD$NBa*)F@xFt+uDGI5< ziy1klq*0zzs)n%oz{2U{dDtE2xdJ9zYZU(s9=ol~B3T}co}qbkMhCfdb)jzu4WDk7 z8}LB4DdIXDiQS-U3A4V1E=B9ss~rHG?c4cj6JG;N@#QVzFrZ+ai%3bdOIBunFa>>R)6?i`OT_uUC*RBq#J z%J_AOTM+6TQ9DfFlfE5+F)Vcu-f*o<`05^-BmOETnrvR*&)9J+hY>2oR->_dlke>$9&6ehb- zf74OP-bqp24I;SfVcLVVx|)6E^C11tn^6ocyuw|69AIDo(0_Hq{yET?Sa=CrFjRzi z_eqdJ9N7MR%FxUGT^XJV+RZ|ZT36_%2&SceW-P7I(i?nST5bO$xOz)UtRv9RgL2l} z+{Gu%@}n97xsf41=xFTo_1m%XNG*iV+mG?vIgd*vl%`Q&Wp)3eX1&V7V`fuE({1v3@>djx6E%3 zs035-IF?{$of|iVAxG1^w&3ib>f8$#mq9)5ly`fBO?#1~l8z;Q9$15c;1`k)q3vn1 zHYQoLc8*N5j7^^@8H3<~_PGgpjHNJU;TsTOc>4Jqczn#O=+>|Hu2?gbAOE$pZx+6# z`fFyU2VnF}&k*_=md6I@;j&-bc7L#LjOxG~HMyK?YSs*w_4$Hq%6}JSlyxpUPdXNo z=r}8oFYxVy4f@2~j#kC$eBHztZT2Z;u?3RQl`NRUPU-JvqJ7c?`{NXe1WN@X?!mf( zR_{3GM*!L9u9YIduAlhR>>PinlGCmxO;sZ=l5 ziRG&h9#Hw_Mqj$c+ok*m0rilSqtyFsPmvvd3`|48Y$1g*E~B+l3Jx|U4NHzn31cLi zkq(jyD!CPL=W{*j_9<5Gj~M5<&+RDbf-; z2#628*ARM#1QMF`DoB+M(xoZVyHW%d_1XLmcIIvS-`&~S-+$+w_l(I22buZi{@$O@ zbzM_$Tzo6He&V95Z#+R~JZhh0#TY|ExuRDB3+ltc^A zsrVDqO+$i>j=jr%Ad?Gs6JHS!OPKj07xf5vgm3b(_Rg#v)In+~;_K~WZt77Z$wUWh zCSP!(Zy1+?_oTsE^~$uuEq}U@t;e_2Ke;iYpgHjVbVvECyd1_pFqI*^xvj3r%Omyc z6O$o=z;>KtEo<+CPo?6QI}0_V?%QoG*Jcix_DbQ97ybjcOY@oX^Etoq*J2H${ummf z$O~O&4loC^e$mBWAGT_192iyPwpDCPL?m-}WAjPCd(>3V^i+!1Eb^*cdusVoOe)6G z7@6)Pf4Y~KVex6vSjCxpFMLnc6`M_>(iD{N)+0|>iE6sbUq2(SxI#WuhU98BvS+Qp z(d7kyH6E=zHm(Lh$dUzo;oiQ@cr-+I)3OmL9kdlRByalTk9&pE)=BcRp$(_F3Fe#2 zWF<+!%b>(@k%p&;fao6FVnHiz-qC*=CqskC+&|-tVuR+tki5VaH_VK{by-Ciho7@^ zv{?e~7&w&u+siR&%D52BeRZ>$KfHgKF5CBhE@hQ$Absvi?Qx&Xc3(gLoD|@X`e8p| zgz$Ua*<2yKhe8I8d?hb)Qw>~*`F!x#7pg@~SCs5(hVOIN?Jmo6G5k;E-S(r9rBC5W zFLrNE(}rkpfcBQ$ro0YU;t-Xq-){NKctzuVzbCfRYXH>j3iZ5PtvIdK;oL7j(`fXN z6uvQRsRZ+Bk&cp)Td=$A zT)v|`PTm3TsJ-sN%H*YHa>5(d88^@j0=G4$`1|WD#4M6-of@e0SPBWrr#I~m1 zUOlL3^-%mhwe#Ielpwj0L*JJe#j8ENmsvN}j1A29g+A&pyQA3}Dw$C%1W{_#Bdt&!H-+J3dTaszzyBIdVZ* z<4*}D_n^l+)*7__?-)dQvhG<0|9UC)c@fq$L$z?hmAQK89p|v7vsnaxJyWGugK*Xs zH=cFNZ>CAr{0y`jHR0V*P{bCJ&|djfz`f&Ww?6ipmd>J}8wJR^iEElO!YTsL4xrIr zpvB3rK)09j33dap9GHS$Yh>&Kj3=ge)OV>CAd7p+Egr?cvY~H0-*1Jvz4!GX@m$k zY(gFfMt2VxTn=7!u=oK}X{{DPOcVvwtoL%(Al*ns)PV)o=>UM6Ca)bu zqpZfQo7z7PX{}`FAzDf%+TcL4EaM(}Awmr1XQ#Fx`vw?9ZgJpCm?F0ClpF#$(sh=u zp1yydBi-sEaWY(JHZ0Oguj@Yh+2(tj^)4?N4?cD8-HStuOos@sdC}ahq~l`SqrPo$ z6be!Nh`&i~{knm#rpZe%ZPdzgn2gqspI_c+jC{k*dJ5&n9B|7M~7xmr}){pa*g&yZwS-YOh3Re&6h2XY)y9W*N|ps55G1nQs}_*39#jX~Tr zhh}nrU#f)Qn(>-e=OM+HQg;)jf-GTJZ5C6JCho;o6NOY6vbb7KNCE3MXIq#0S zK*0pGSM(LhXnh z_L+3|rrf#qxn*~Jy&Fx1+7q4943%Xb#*gM+T7p@(^*CyAe7Cwk9{*b5U7Ccp*&`yG zS}@Vh^*o*%rW+O-fxB5h8x#Kl^>`y<*OJQD*lN-Z>rifRN0pUV;_FggG)vQ8I zZ1bX~G3%+D&hNYy&G0A~V_w5$m)TU^-O`2q{TO+KE850g^w#L(!s{A5fh;0(A!0Kv zpOY~OQc)eQ=c>atb5D0J!gI`Q_PPy!sm{Rjyf86JaJ>+6Fq}z8{6-fC z(rJ9h{%tes3lp(~XYEcOGk*H@+T_3;e;N$0x&|kX1UCayXFehItZ3qm*cOKc7}MWN zc-;qcY0!_dmKk!OZqzo{IYwdO{xxV4Oq#`v-X?`U z)hN0r?w>n(7M$y6ALu@)8%4vHHwKe)QYqsr`(DEm2oUT;O=CKbg^p^xor9qG?jzSuO^{fO?L z&NhD<+I$vrA(?nX*AOMB@=^+q*^-t3T}P;u5@q7)TCatpH2v2DBA%9wSU(|ux?6cp z1f{-B1INMajwjW@pNDBGJ}kNmnF?(nf+F{*P?C9Yg%X>H$g60H*%=vIajmWXmVk}E zPLZFYUv#~_*Ug1#-+$2fKpjXhROlrgI6FznG4l?t1Yhj!yY!@UJpQE?N0i-7N*%D(1Pn}lE5a3Uno6hT40h_Ntny=hl* zId0w@)er6Xk@#xaxC0x2A{*&e>R8w3_bhTJ43i3?<-f>8x}yth^3sgKvO0RRM+qB;Xl# zhs0Jn*DSv|`+CjhS{Ih~6!~%24;3jqFUnFuG~44mm{c}nrl6@lFeprdcC{FWrU^h?eqklLXdv zI=Q%uFlBTH-aH4wzZZ+D^QYaNN3`gyPqfQvM5yN&;MBqpZLWUKl|^iH?2+9ErL;GB zwIPt(9}%f6IC`zm3JP=UMsI~0MU-{sOYu8#oG`g7)Dg^^=qRqf;V>GoRnr6 ztW>oG3Sq4mm4O+$u>i(wo99amujeo|J7-2}^hVJ*g;8P9QG4rEmq|eF@^43qenLE# zicIVjL8Ma4xU^y^ka)2yx@f^wJgSkWAP=6O(AY45QcT;P?>;ewLekn@R)w7aKtgOa zOWkHFHVdLO*>e{Bg$yhNX1KB!lrYj<~Wwb@VY1IHl8?x>msUd|17z^j0Y||G6 zA>a9?g-qTmS*4hHbCQ!W!hG~oXVdig!tuL}7W6M2kTyy_EA*Jb37!=%6-6=XErlgO z-`@-HaTv;b<^F3prDW%Rn?T2GtQouslqD2(Ls^}S>sbN2WwQ)AH{zv>k=Yl6DqOuK z9&YpMtvGcmOJw%~u))Z)Evlkc+&le!(bdAfXAXNrm&D!rBPGkx<27TvPS{Ih+z7#p z%PkN2z|9qAm8Wt0b}IE0cZ7nXNgf058@cVQwiQjU(!LJhBF+B8nOy^IiBo`k-Rh;S z)f~oQowtJZ&xj&CH!ymeF{3K^Q}^rZj_pP_31I~Oo(G6F?!7I8u2u|}b)0isenk;k z2Foswz5HaQG5RlW<*85h&Hc|hAx%Kc?;knVRbnw*jVL8pWXrOZy+BPb{=e_xqc~9=B^*inv>F!|^TP!zs8Sw;~s_nGgcHF7D)x4)9+^PD( zMMkm1Zn$yH8a{6r+wJPNFszrxF7o}<7xOns#Sll0Y&q6I8sLBBC%ZhdT9&bpi^8nur8vUZF>P~RHxIRtl>1+2pO)|_aNb97s3Cc;mvX(JN$v0W} z5YbT0!n*n~U8!ss*@Km1zlvLSz>E$+J!1d>KBRHSn2uaOwc@it=G^WCP+@~9+%pvu zN^(=zWPoWns{V_$({9J58F7)XbWUIv8FxIPd24qog(@w5Nhu}U2WV#OS(04rJK=)e zirYi@H{{XluNZ2(p4aco9R+RJR+V_!7>t0_y)^WnV{CVtL;+xST_@&VFbQdm>5*2@ zq0NJL|L)NL&yX>*nZk1@w1^D0MA=&z$F>Q@Gvn3;3JCFFnyk3)%rFnFP?DZmd?2}9 z(ljCwKVt)R)B;R$^D2jtY_e0%7xV2rX^~N(ZC5=n(b2+WG*ncI5cS8UXgH*^N9eZK zJ{ggKOCD}bDuR`dR`z!|&pg$*zkzL5z%>jH{aj!jR8e`Z_e?+6*7Z~6jEPyPDd8NL zk1%;4yyuk+Jnfr-c#8WhmSe@An!I+ScT`3EG+0x6Ma%HV<@@=P3GB@46Wlb?;pb@; zE#!6pMPDV`S#&==0hlWVlD5p{(`ZpLyXyt8|!Kp@7D5I@uwy1iChxEBDg5o5~ zPgo-iGLLAIPCW+Eeeqn52YEtX%?!7(8N})LepH<9zNu>iGos~W6i#ShV&&3{+6KbC z!ZqVwkl#@M%6*yZNr4eblI`bI97{kx!xAfGuJ;QMR68Je*c?f$biq6(pR`) zfuL!iQQ$p;)3(9%LyyLh$V!d+!Qx_1vp_-WQ{@=L4o#-#21OKkTqYo?yYYPp3}JDV zN)2QTQ5P(S#NJ%c;|M*l)kvq_?(_E5;YLP5tpRg5umdM>CVxv%74&s7H03`DXQxYX zsK17!taclXzxJ9l;dRGJr4O%T9qB9LPERL&zPK>rZ{Z)gH+3ZK2TU)AdoG(D@^NU! z^b1>8QWmQ`%FNxP7k@a>h2eC{3S6m;=CFxj=0Z;-psyVo5g=hdT>H*0bJ7 zZ@ZS)ZE@xcEUf$z|m;ayLwSOCziOK9r4bW!~jzMHbA_|IH=I}lQ>LmRP zK%OwUiDSh=s1Gzoo!CLZpW*cRCsv47LDBJS0INGI!I%g)D| z_LiaqXp)39bxm<&cDF_O=ts?@3a&-texN5kPM8SHJ2APZRf;aifF;E$qdz@Sdg3uH z?240chPV|C&7H+Q{;*ZR>uO%}Trl8mHx+MGRKEmwl4|;z#mr%2+1eI@%05T+i2& zyecn|o7}INfRql6rm99Fq)%m96J6I+GPuH~CeffAg9ieQxz2%8Rx zfSn-z{+F8BGJc6xjy%(H%S<2EO1c|qqSg@}HC}u1@G{2j36g3;%Lt6*dFLLNVS+hn zCWAw<;PV5E3j}`PZ<0E~pddU+^L^;5vEk9G!wb6VLWW->@_&;Y`I!}MNxgk46o3eZ zzsDo0tGK!3-}3wze{Vi@91XWB9u%ly}dMBVPVRsWzD9zLNt zZug#P=M3#$6E$#D_-T46w)r>7K-GM$Zl3$791b^+pai=MIzPqH;HkJrbUMuKgH1f8%2l5`?k4kv}#$Pc$pRUCOE*C`KXS-fAXE z$zUVchIB3%e4lB$UEex@djh%bt!xK-W&oc*b20eYTUorF?_g16i-K7{x z2BN}o3qH$n=B%gX3+M^`H4u4rQ=Wu0#h7EuWBhGzMoEt0U!Gj6$P9x|`mJS}P}ckW zwz587+TQ+Q`)eGUSS(nsOw+NeU(#ceHuhmxv!kF{C_})~OsS~^hJQF|*u9(Ir?q=l zTqFqGqU!naJd{f}I%6Q-R|w5JoJG++Hzr$jBe!clXY%6Mn84CpUNZusi@c1ZF{bm` z9q?~A*FUrkd+IvcF5FtXkxQ#~4BF@@EL$BDBfIp>PNLADrydPYb*xhx`J04^Ayg5K z)}Wa%LvrjauT`zMHfFF4Jsa|FYt|?q$u8dk38t&T^!*pGpHZso0;HL`Hk;-;OY-VX z?45(xmY0v#4vg+pdd%6TCfYZq0-4}v5_>=|VWVGej7&*xDq1tb60pN+*T z>v5Bk>&Cyn(VXGlb=MjU6}F_C5Qb2gfxEGZNB)l8qnZ^B$28ZWQM@j9A?jpjAk$j{ z;b_GKB28Cy6Imr$Wm92u$0PTEo{fY2`{$9+)&W84y-`K%&9&15Z(qVQJ<6+_#J+jd zh^JM(SjB4Tsw4q(pilfgfu;_aUkftx4jEzmlgX;jAZW%Bd9s^%EHz+}3sl?0|1Z}h zTJU3~pv20){fn&<(;sdHaA7Z0pynu26djlz)=QpLElG?)AqOhSF zXm#!`W;bb`_=u)U71d?DRkaDOlFRZG6g-J=sI|%J1w*SaHplV3$h+ps$vm`l5(;UQ zAr&o`HCeKz@YI2;11W3Ghm!;Z)(Bmm3WkPMN7aDU1PXb=3fm@=T9_gfxe8FTzkb@O znLOAEfxEgwPaLlhGnOFAOygkL_e%L*iQm7?SVVBGbv1r$cFBbAjj*^XL_ZzUoaCu{ zMxc3$>nVPNGr;a<8q)iuW7^XwnOn`C)f}whJ2>t@+P0t>CdsY&#vw}}P@qkGI}brC zZ6H~Y(<=|6P4F z1+s*MX(kx57Ck2IozEWT{BjSp^43MD)KMkX^H>NouobCoqBnX2c zp*-P=dwEuLdf7_a&(yK=&X6!zfl-ZQ=7S-^g42}7`~1xmjAHlr)~?WoH|dmm^aEbb zJ!_bQ^|9%_xEt`jM zO|{;wsl(G{+Bbb0gr#vcc?xZQ==hn(Bd~s>uz;%frs>?rQYIz(spFCI<+%tX&tL;q zPAoDVaALgXv7`4y70S(i3q*O7XWb<(RA+xj%owDI53iwioR}T#N{cEJ-Hyi z!lYp(p;SZZWTI&0dMWp%b$EsZjG*Vz=Jk2rNy9O9iN-y8vm?@xj9wtI;wG8Bwuu!R zGoXBlZ4ELR)Q9hXWy_?cNxpNRI7yHnxeGKIwe&?lnlm5!H1`ic60e^JMMe`a)G}mV zK;EoeT_*~O!fBVukfZN@bCla+6(+f7c?BqF1ut-mGjNBE#phfe>8fz?-M&1u=eb7> z)nx%>$SLhzoH?_JNFiaGRAc6^EE?c&idnJiiUSSDh4(h4LdB`rs2)KVw$r(zoO;-%OsGX@5Bsa%6gUns;FXB$6&#Zru)gY?uX&>I=T{ zH;Drr0R{p$yuIoDYz@$i(*J81s0?5{leUAd#KT$y!9Q&$ikWxFNvGLTJScq8w4&{3 z2-F48$tvF0c?lL+dD`F9vNKViZ_?6re|P~e0gTeotW9GRH@2%^23k)uC7d)} zVE~wc4z%8SG(N?lKN(o=jblD*su(hD`Nl{V)ro@DK;S|cs#j3z*2f{D{t1uS&MW=; zGtfabgGHRQ>rY8!?xmV;xM!~PRX5r^OAv02gV|c~LkOb?XY>LNh?4B}X>cb%Va5#weE1kIJ2_0^BJe}lJ`ufZS_v>8M}921-5)PH_H-@hi-xv zx~qSZ*95Mbtt|zZg4n*XFJnfz-XDcMkj!-%jPmzp;?%PQgMk1p3UNOUBtaz8w!YC7 zUvB)x>iCB@;$U{Y6%;HsIey0`u&xxNGej{HUi*cF!PlX%Jwuh0pIBnJ@*dXtXox!K z<{~VD4wB5h+p@^nwA|mYMB4`P0yYQhmaSkgV}7#dHW{M&rLU5#WvVvLQasHAEQfe) zy?Oc#sM~8zmXa~j#!)~lkh&KhM|MHRJZl*UAQueyU*bQ35UGuOQmtnxsv16esNNq$C<#KTRvN{9^|}_v5N3&bRrNOs^s{zpvu-!4=hW*HNJDvj zGep-91qAbdy#IypjgBh#+7orvlDXF*a%hHp;3rEqST!{&Zfi%C*!)8i2=$;uWO!{v zc|u|pjECS5yXZ5)V`%i(%h;;u)3TW*^q`95vOY&1`eg}kY6C8#ZqcbUghYt;`+;;h zBaGA)m2vKAS?1-c6nrC3?NxZ?_)|CS5m#deMNCay55%~>5OfRlj#^CsYYs7_%8|I` zqt$-N34ldB`-XdDA}r~%6_Q7%)X(|KvT%|8WHZ@oku(Md0Igj@)n6m<=yZzkc=ACL z1F;)&qGrD0V9?jZdco4 zMP5d2TW5|xZo}^wC1&qAwr~hkRlWeed?$%Z4@+{pXUV5Nd(ZicB6AaHqQ1=-_PBhd z+S&v+Csdg_zQAGr;3FO20@$h%KQ%!ROdFnM3W^mdTKZ6Q0Wllzt5sa_cJVNohxvtW zTQmrqRlhxYv+3m_qhJJ8)jN1mYu8Rzuz>kkvQ;bvB?bHYHPKCBg@YqA?e`) zPdDEVf8ry%Qtz-L^$-*Z+A!riBvh8qWZc2Z{1Da$2>ASPCQp5Ru`7S^9M&G*3$D1n zTb&Ddi)>bRqPmf_E`gOvMk=1cv0FDJ8Q%OO zcdqv|DoG8y8gOJgT)t>Op2U^_io{Q}utjA(vD;|a70ad#8%lW`IQ)(-+nAPG$;)%_ zPTuAG8a-`iH+FSf0fccVm3qc6f%!yoMl(Wtc58S@#7lmpp#iPlH?nelGQQ#@q9aF9 zcrohm;{CoU3(+gkFA_n6D&w*N#_bAJT+8zL*g7iUH+AaH+i@x14ShdrE5F- zdaqttLFAjVu>ONI>+)CV8Aw~=Pj94nnrTZ5+fF&GW=!L4J7Xo=b|c)0z%2l|kM2IN z?tbE|cvj>Cq`$2PVbZ%hJntv^R9)C$MRcU4N{)66>b;l7W5b$NC7dL=WRt}~EXe~% z=f>3d=_-En&l2KPjHA8tj)LpOAQQ7s-U5BE<3ol7(;p6pr*^z_7}6B2n+DjL^g?$e zGDPxeU6QI(BNY7?3@ecn_0Q&NYd;!vJxJ#rO-Xw?CjJ=Nn|W=xZ{d6+kdw)fAv(J; zjh(sGX=Ulo?DUpx%SBLn8WUEs0#V-!;z^ZHJK%_GE_tT!blET-;j}2?$_kXOM81-a zok{1?D$0_!g2(U$5mVX6M5W5W{g&TVKK+ebR#~D`H_G*;D5UXCI4wBGQQM6T=n3VW zeSk9M8)>9|vBUdn{9HkM1#)gAK65~kU)tOOz?Bn7^;FV~Iej3N`kkTFhHw5B%OTWR ztV0_$Q)#n!q*xs+S-_V;AswWUv?94_(86|>Fg6w{ou7KcsDz)O=qD(yl{_Zrf>Pod z4PimWG^iEk_CQ%k%5fqF$V9VHe&3Ho z7G6gJbbs*^eBowcCghOCWZ@PtxxL&(V$uiiQ;kb@9%oK7s|<(P7%-6B9kB)(b!T}?5k zu4tDX255-?a|FdszB1Jq$vhu#*%m_xfEh30m@25>s7M zYsu*Y+3Ez!Zk%E9Wz@qoy&May#hC_AvZ7C|&66miz}mT6N~Pr&RJT&cOAo2F0-kJr zVGT9p;O|h@n}cLVxGy!?S+cbCts?-47k|Zy&(!rk`J>ignsTMse*t{mY7`)d96Yx- zP7;k{362|iRt3~nA2ulQ%0&*WZ>G2aInU^ssQ1JDDqS$ctGAnf?|1OQE0br|VYyix ze_W@Mw`O*qW@cvAo#!Ly)jfB~Xz5HLOji4|a;_oVR@qe_;I81ny1q?5$R_TMaJDCT zhWC#`dHK_+G85h$i~3e2?*o6o=Uynh>@t21VcK60Owwaov$@0N{#6)e$YLpfcj|>} z2cnO<3o5p}subm?6XCVsxHRMJC;v?IS!(OTMF0yEw#5b}{e0=F zB1^liV*Su35YF;-qwtnqU-13ENe)c`OanXKovjqVakiIhY2b8c;%%Tt8X`}&Y=vsA zO4yD@Q`wAx^-dgToV;P2P#U0{?h{RtPI%Ry!xlaS7Uw4X%)&{Da7$j4(sVeqP~jkG z*D~&XeC-F*)*yH+KWh(xeQMpm1>DHgP;PMJc z%l3GfMRbo<*}RJ+Uw4nEko2kDMN4xFB7M$RS#MY|Ne7oB-cq>TRtvH9x}$~nc7j!% z6G*?;C;BQzvoK|N3O}YEnR;cBq zclG4Z6tey#>M3{jaYDDzlCmpY<_*OAnu+t?Yxk1D@PSL-qYriWgprO-<%O7W7!A2a z^u{}rP^IrbN)o@l1O0KB5tl9h)LvcFj_<+0?>mSiEL7-5Ik10rjHSqfGIDtd10NGD_yQL_ zlZI7+n%-_LYN?umhWQ41bHu*V>mhqUWjMw-I{2_R4uYT(Pjd0jYdW4uPv^N(nOlj? zbvtU_O%@3vxWkV}-a{Vf+AUb3TQ}Lznda$*bnQ`O>m)ilY7(Zmc-hf%ujX29UGwNy z2`0$z((e#sFzeP5h`T`kXVN+DaR#_2y{~D=02d~KrUGR#e;p!Y2AZj))jNVBhUZR4 z^uI!g?Wp2!_oZvQUV6$ruzZ@B;ejGo`tTdlB8pXF+Y8ey*Rs|hLDGlMSn6ly`JyA+ ztf6>~^8q33F3~9XEYpxoY;mcTlkNk4?PS@Ujw6Qeqif;F>%|F(J(`)PM%xCfY7M5@ z!&Iec7}C^NnGj#FEiO-Te66woQ|bh(GjoH=#Rm(eW>)E(LqdOrM?l@%xS?S-F*>6` z&$DcGX4P2}P)l!sN>N6p1#Y%xUAO0O!?o}5^Up@G%42bU+At0%@!c^YM9*R)b4IdT zvsT91z=`q6U#_69<+f~t-VK*x?675nK0cP;_^fa=G+)8{fC1GR${=1xjtZODEDCsO?#SJGyp)2M>xMQSAT zh7Jo_lHRv(Acy+nnB4M&*-l7q^%IGyBm;t4I-P-j{Pl@+bodI4i*-e|xEKNf^W@v> zi#-Jcd`^(fE(j22xzgzlf$b=vP}kwT@tG_F-Yv*4JiJ##RB>xV9n;GbI@ywX28;MI zkFu=0Rswxzmq-U1ru_yw7u&Fr1OdMkqV`9@QKGRaEsxwEc#hvwp%RkRNimsa)A^41C;+XBLizr3oyrU}#iKjP}fZw!< z7}=@3jS|rmc$vg;aTXK>VeL7Rb(!dKkUu}fkUEfMkS_Ai?h`44b+p4$aGYk>C&KLd zAi?Co*Rd(*;sB$qo6aeZE}w%FeGE+1K!J#XZ~OQ;Ht3@m6FgN_&|cY^$i%B8Uc*wd zAJU6Icq$T(-t5GmaYofALUAmP?;F zX|L7^0XxF^qF7bOhNpg@I(m*N;4DiceTKEJcbHr)WaGaS{bLCmkwjd=ww3_?kC(9F zILrVm`--`wjOy0f{`q4lY|~bI*Ty{jcCNcdX~;V1T$R=xW|L*_FY$^;Nn5qcb-eIH zInJC}S70U3qY~f(Mq=8Ap51iO;Yqx#{F_9`_iz>^g-tl|w54B{&DixFuhlDhJ|o9b zrP_*;V{OXXkRUE147{Oq4wl5cf#nOynxqu~Adf>=I`bYVube;M(F$P@|J@5%$k%Ad zC_%Jq2{CR^@f@=3jZP4%F|#XUG|k3qbd_-)3)A5I_Ka7PRvU4=bv!~<+YX`LlFC8P z71tCM_~&X++^di#yCreLqWh3=E5){yNuE`Z6vPtK#snJ?*=&Tsqu-|{-X^&y>>!N) zO+s3F9wiuB9?95~7HskDTQ3_w&D(JB z7Pa5udK+RY$M@eM0t1r>KHoc<)6=|toBtXjz=8N)ecrJ*<{NHq9YY?|4?fFLHf#qb z40%y#OSohXU-j>c{Y~kgzk37c^v;9t(siE?TQekY ztjfEGjlE`lxe&s!g(2v?Xau-h-+S1JP+-lefgL|`p|wUVNA7CyH~g|B4@rM5Os%mn z^IjdsnE)ArCFvh%Pv^HjIDGY|-TyMFWty-krE2_p;f%A;UN=bj5vHN`gY2&Fa3Bqs ziq|$pgVGjgoF9{;w)@z_9eLcIx+(2?T+;5ltSDb3tYwyY<-w?#s_PoraPC4Dd3H3V zUgK4y;ThpFwY-v?X4K|(dN`keK5R3mW)jfOU%OkX{7SuL8E#y+tn1w1GmNhyd|mKj zqwnf&{BmCjnh;`Kg_?Pw79=%3f6`>SsmunaVdZQ{^)A#DNJ~uQ+*@8};`3)pYR=pq z@-^Oo)x_I==Gd(Em&l9nXC<4>;33qGlW-m>$;b_*_}t}A0wIfwzpR9`H=I~cd7+e& zKgJ-6m@d4;*D~Mx4t!?f>&w~xV>Ox#Ne?GJ(IS)Xxd?=7bDVb|f2x$Uw;1SD_RIVT zSYgU82R_-bNj}Op1gw9WU~3Bx+)UAbt|EhN)KC1q`hjIMdH)k*07s|&%yN*3&K|>> zy9fdABpKLl0 zIQ@Fw->=Lv^moD4>N}2Ux}fb@v2B^7vCw>FjldhE?<5(j)U?Ony1NFkdxz|5B*p=S z9gPr{YJR-h0@#dzP$Cd9Lp2`_;7aqjr&?x^VH)E*jqQniGzfO}fjXw8e5)3Y4+@$j zrdOmp=HHrP%WJf%Om9M3Hlwga|MBi?1HGp`6^|Dy@;X9)-M#;7 z_H?(QyliW;8(T#+@@>=XE{5lXE((!3ubLD59xxhW!(kVnE+)Ux1tx~|9vzpn0hns$ zfhk5omJSFlboyl(?~GK0Efrlgk z#A1!Wiwo5vIzC?xc4o1vX9fCB&Bkr}UM^>d+vBa}ve7m$ve1n50W_15=ALQ|Z$z`q zPp192n$l)c#5M*eIe=jU!^7b>&W9>v^$s`GPKk+=w}{eNmZLzKyD-Fn--O?-K)TEi zlyA<$RBkiGrx^XENBQ93BI{*rGa~k_f?&SbL+lU8i}SIN;LVg^;FMuE#|=qh7t3xe zKijhp~dOhoOe4z1i_eDoc~I90goHcQtJN6>b0Vohu`- zyF8qnOp5CVH~G~(kvoMnA{|kY_!4apB@HFn{g+&%Q)*sE(^Jjsg)cV8xV#P~Lw{Kt zC=GNh-|0Cs;-P1#{+}lG{s~fj2GL-ilWfT=dV(kwLFo~aV7v=wChDA_PUY>QV}T&A z%(>`u4ke+nDE`E#AW6S5jjy4&>^z zJYSu8JRyxOo}1UnQ5;*# zu5_k1Pj-6DnzgsG)B_-~OAr4h`MRXr?e+11^sunljir^gdL`|db{JQir@ahUbPU_F z3n`V_Hxfm(0eZF@rhNM><efIlpJ%wXL>aXH#D?fy)O$L(a1Mr9soYSIpdq_^Xv8iVL%jF zzTf@rfl8;$VP7=CY|i_ZZ(okFnkSG45YnL*kPBz>Nx5AkU((a!k^SK0t=`vr3Ko=q zY#%?m=7RV>8L_O*JVFZ&Qx0UN?XHLx_YZNODuac(OyLl*>ipWXf!0~we%8O zoxwHdUVuppjtQFp8uG`0WXOMvEUuns>*fDJFmG)uhuys|^7SVE>s+mXNy%P_SFViM z7dRmc=k#C^wl7ZS)IH^4LCCHl93XiG;}_V}c^8dFt-dieGn{?v@E%W5j-Ow0*H7s7 zy%#jxgmf7Cc;A~iZ8afD(@@Ehv$wh5UhL~@G9Y|WN5Tgg9>`giD(~6y)%fn*GrjkP zp0g40Vd8)x)+OHOH!DL8jW};ELhQxIJDGNp+>bd|3iGcSYriN2sw{j%#%!zXBJjLh z9sB~-SXzH|9v)d(C`A%9d@nAkdo?flPvv+k&gMd=Kb70W0}hn>fbKiP#4r(R*o?R> z`@$Q%*7*5h*l=&(>-(b1O)NI&Tc1ovj+*_=?JHR_ODJqDvg@9}P>P(#tjSscJ9a^; zn4sK(8S7n>O4A{!mr-ahIESE@UBz?p3*>=%Pve@+F>DOsEj#}K~-lF$m z*73G_)5nfdIoEP&*C3%f9_6_>Lmkau+c~;9>S6#=(bK&QZcBbv0kk`MYt4Ua6sPeK zH&tu$CLH&GnL$4;^<}{~o;&x31(gwcr>Y#ALAe6H|9T?uZ~Tk@_Xh-w(5B-9$*Nlw zv*;-E?OH#*n!)yM24GVQc*l^EjF*?6n#A{JZFLJzEp$nxGs6gLVqK2l<%_yCk!l-Z zp2McWd+|33eMPRHnEWU8HLKYDS#xFqW^WN;9aBtKhj;9#=nyYQP_cA#Q;HxzIjJ76 zW(Ah>r%wUc2arsOoOo`X6-BiYK&LcH6bCs&Y^_n!EyE@#*$pZyHZ&;>m@MeRp!$6{ zh<^6N#kFgRYrSD6-tYMU;fn$c-R}K_93WN;^Jx(#Z?dyFlMfY_9@x?1x-48-Zn0T1 zg=jK=!cQP+-zwtZX{wN1b%5w)16wnI1pOkMBIv)hcivG=y=%S)=~Y4CCsnEtARtvh zKq*o}4*{erJwTAqs~}RONKHh#Kmr5^HFOZA7wLrFq$q@e(2C$llD>p&kEa55HxFR|1s7BngQ#QvQ7szTKJ1QdYSH5_$_l+VbwR3IvI z!Jjm_43{kvnkoW{w%u$+H_{}`43$>kYCoLHFk3#Nn^9`u}Ja$lH{3tM4sj)$?|kms+nzeO_kMV#aoO)Wp4$Z^O3%dUTm15ZMH(8 zsD9w&s-KhJjX~imT{*~%=5wTlbHGX6u@dB`SqcE%_1zCDzQjs-lj+n~#2Wh+*|PF} zXejyq?$iTQb*4qgJTY}o60W80&dVtMqIWes%ym`BoH;Nz-+Q2oE$=MaE<~qpr1^6 zfsl(=3g*nj7^J6vq!PNED4#JP?+iaPCQl9vb|m)bKqYvub3|56?$O!B!}VJMQZAY~ z#_%T~4KsFrv8rmWC5YEl&Hhy; ziAOk%cph>s-X1j#rW`#3R9Qs=^KD8a)A6AE*2shZw1EFl$o3LehSzscD@nSIyUdQ@ zJ&rJssE?0h0-fuA_sGq)e7PlK%0)JF&3_PNQg9uZc>_6=vob()#4??43y^mLjP%hB zt8I;>Ms4$OC4kckj5$68JGC2_sqAJ~@7brd40l$&Zdfo7E%|QPi@~Cl8n^DfHxvw; zClOK!Ct-LZ1i2oaN!L|ifh(IqVjgrhswLii#2wa}pueCo)|w?pxuH)rL^M^4$X;h2COpYEgrw@e z!w+^l9SNU&9G2dFY4gVT4(;zl{Oy4}qskBIy;}Lf%v|@wNoP*4sSy>cx24LqT+Fg= z;u=S^YT>12&S6p+Z%#W5Oc0?G>lah6}akp|ccr73h`P8xZ^U{x*dc5}P43Eo8 z-;VmK8`Aq|;YAQo?ykseeq#>Y)Y@1*tUx7IlG1m9^;Mq_!nIHdFX$w=SkCFkP#^NX zvmBr83_5YAJKWL*Zz>HsSY@)WqtM}aK7oXOz8+WMs!9*u$mO<~PiTR_44%)J_YSG& zWiJww4%3@o4usAa{4#u}t=TP>kQjp}ICd$4 zyGX$!a96G!D?tfzsK(V8Qed&<5s=o_Fg&y21+&vYQewW9vb~Y|qruo+DkYhgI~&Y` zzEW3IJmA+=Ef!h-A)&dtBI_lA$Q*N52hy@y<+)Asq3uNiAbng`1s25_ULB-7KZFRV znsi_3J6dyPT1#Sp7o5+6HB$U%1^e=NRGfQcW2b0-L|N%weQQo_vi*o~H%a5qiuz)tYw# zUJhEv+ehNnkdu#ZsavU!Bgrd~!c??heyakYDAhR(bC`?8K(~qN$znWi_DDGxepN^ogzIdU})(uY!y6TBt>N{XH zHR3UJCubq{MFj8Zxr=Np_#Ay7t>Rakz2hW`BruHPhl6U419r>6pN6y8URxy%d)q<# zvY=4}WE6+7sA=?8@DUu}%Rvpy5Vxf1L`E2U=#&m*>exyYa>GN-w-6Nwi)6N3Kv5}G zX}S$y$eXcVQSDL8VtCVA&x+&@OYG`&d5=eed%3BA)P0)=@hXW1SK{b1Z%4i|T?PoI zhomr=Pica#E*g1Big9Q_?z;RaZE~$w9E6#oOor=kK>O(u6P6;s8o3UF)*+J!M6T1? zHJFOJvBjrfH^hgqwbn1q_1W+EyFi8_Ta}m6ZYh`An__`9n>q~6G&G;2nbu_{H+;8m zXAYlEvj#NFI76n5g3%{XE=vzwh z_axkKL|e6EVpIE~>Gdq<=O?QTUO@q2iQui4HOOG>qdp`XqAWqfHj~6gH~iiDxnODJ zkJy(O1bsFuk|U!@cE2@C3OpC5>5{M)U0g58M^6dr@(D^ORT%6GGt9`1%7elvW_7R& zM8MQ}oLP#CDGL0iFGX9b&BX@V*tKF39PCY*kxrs}B z+gMDi(2b~exAoEcfZ%CfC%gaCRgjj+Wrhe>(Y^iY*+s5yB zOKJ@-F`7PaN-ba1t)4p7fMXjrbZ7XTKrr;l>|QA^8Wg*c)Py<_IZC4e+VNiRb^BZE9 zBm-=q+KbN*pT+>%kWXiT<@>d6)` zMo&4oO`n>K2-mAw5H-l)5GLf65Dq=w99LV{z|yHZ*_5kIdP%L!zw=oL35cqR1jH*R z74B4J1%wv6YE#bfHs)|3cdhU50z#Dk1qdQ+w;u?;nZ=zvK~D{L zZ2nzpO@26_&Wwl(!Sw796C=*&ZrxcNg$(gu^Yv;s8#A-vs&wkHVC{A_j`yI(H9KD{ z&8uiPlN;f8So?Ze4-b46^&bDAoqGP=(pjKd|9UxMz*+rl#cIE5^s@wmC|O1AhAB_X z!uM_hBDYNO`P$W3DXgez)E!C{-$2P-?qAt4fs?>fIVD)0aT{O~P^B`b!2bg>JW~BO z38T{$^+F(ZTPp!^#H?o(niAaPV?8ta5$rZ_vS<_l&|qg=OI+NO4`-<#L0qWj!m%p!Wx)6D3A^pYM;XFbmpdf_2&sg1c7!o(EI zK<)tH<;S-sci1Q*2WmkC$h^On6CnPzhQ88N7>nYu$$q+zlAltozE0-t0K+Af0c11l zFNv4ZgOQ0(g%oFP%TGQUweU4yY!oU3!Ny@BYcKgU<9%G0?woH*TG=fU;T}N^fn_f$ zb+b$*FmXep-)R5Y{MvaYs9o+d&kea)*p{7M1EANxWwQC}?2_Js4^7nDY;vNfES|FibwnF#t9R3p8nn!U6s!lb;=)_xQkr zi2f64Y1tUqdrm=^-dTpF+NqStjZ*8X3Hj;7t>c`|lh-a!Vcw4Kq^tmV4Inme9FC}} zKN?71mGEp3e{*}ipCS-kr>jdQ$W#%NZsPYhIXC}=r^}z5f&by00kp6myNkaPP`VVC zY>&XuS|YhS1+0oIN#Cor=&76K>wOWj$w*=BkTd#D?t**Pn7JjEY*%jk>Iy4oxDazV*O0d;_-vZd-CYPPw$f!)>OyGLf?jJGv|LM z`jGg~m_`o`=(WMV(Czwdnj`HCyi70sE9CE77-OB!WBh{HeM>i(!)MB zc^tnsA8}YhXQL_{))TF4$dzMr(WUu^?gMnGlBH$P64WEX{;=a;VOG}F z<_3lQd8)@=c^p|fNQrxh6F3-wY(^u77#hl}7-Q4~6cxVBm>EJ|QHKbTd3(_%Otgs2$V`hg zGKg9^YNi<{9c3dvJEBvs&tVN3=XC6Y^#;X^?vpBEQN;%=$RWmIFaH+JI+VfprF?e&fmm8<9|kwpI}-eC+k*uSR^dPR1op9{ZrWnnaCn zrY-P#htD&aFDPUTYyrhLuTUzbrRA1xMST;=B6{L^CZwez{!ULC)$1?KwWn|h^K7l{&b)8&?(E$}Pv*0(>3VmQ z0QrnZ`pGZkSgb0+_MR9~J!$1s`5FkZk@kB!4ONe;*6&FLmPF~e<_5Y%7^`*7E#r^# zI7LKjQr7jNmQnSMngz&^6&z&hg!3*U-Ng&AE5Tf|m>8Nu%`BP(7Uj)GTv=E=i$O!3{#rc3g_S+(_U2_n^v7|9R1JHzN^~>?q7F>KGDtcw3WfY z=WKRN9ps%GxCM$@u(QF8&lR|dpaHG5FPsez5gee_ zZk#S!N1(|gRfO>wC0uK|vtofzTm`5p$i^Hw_8?JR!|UybZ5_R;LRT6f9Ij(;&onGB zNvZYPH(GG}Nf^+4t}1vv!@g+bjmc`Y&NFbNW$GT=vroG!>v1Fk@m;OVq!t=zzRtRo@;-t z|K-kdeX;4zNBzh(|6_p2C&fT5u#b;l*C#qbv6X?27Kh$yFSQXrkD)dUn5T zr3qAi1<22l@2C0dmpk}+Mz07AN^2rardpekLW^!z%RABGf%?2TZ?bp;#OK4^8^}R^ zLaKC|arx?MgWIh6dD^i_{N`8_BqL&9D+3f#b9hD1#8G*Y?L>zguYh{ z0I@Hc`y6WO_4C@MrUPmrSA$vM z0$)b*_t@qCl~nT|zjGIt)g+M@eqc7=Tvs{lMPaDINNycM-(T*Yv}rjp9e)5U=@#3E za6=wx3;H|J9}jGqfWXe548cECCmsEu)@WbzkH*`X<}2@SZ;b@WcCBib=J`i9JQnIf zZ~l-OIDV%v-L=l-8qd)TUJIr6U@%D93*>GhfWeDpA`fA+d2n*nF}wO?$l1}wp|?cn zC;{NN+}h@vp75ZuPiW zXTMH(ug9oJtLuk)VDn-}?+L4b7(p>vB}@yg2Y4YW(^%!?9zNJM^{M?;abIiVXmd3= zpX^+W=C5~T81okrw@Ptat1SNWoP)LvkJQmKUWzg$)20ycDg-o{z6gLP_fSqIsj=^y zT^R4omMppI{;{;y%KZ)|HoB8#lcqX`@{%(T_geB2gG%-|pv*VogBZt8oB=__3dWwL z0!ko62WeBFynb-gr?C$&&UhaGiqgX>#5jwoV|-p13-nx5n*mH9b4)FXnRnW%Lg<&T zEY*?z<*F#{LhcS=2giJ!L`=;tZr5e21Ye$)y{{P+o99_w zRTmDItWf$n=dn4TX(nCw8h%4>?0#w%LnFF1DisoCntKJFn_?&}iXKOCEEpXSwn>a64 z#rUb4879ZL*a-H*x0IW*PfNzrk`E)PQr|0bRGaq~-ndw3y5~@((j{lcuM9Gq;VuoZ z)SFz)GKIxcSZ;%-F*E|)KF{;l@CCBW(&^vz8oWH3{C+TJYIZC&t?LvU3ykbNlK(Zv z2e;$yZT6lg%d`_ctvr*<(&ew5m-2({f7J5Hx?h6{l-@=p*jR-*G9DTzk^%)HDT;>b zDoK%_t1C?8dTO-2wu+Wg9G#t3<+n4;(S5<&!xeg76}LpEx4-b~s(XXr-+8ayR@wmB z=kOkhb9NZjRo-RHxnDYO9>&29YU7bv4_Bc^nGSW~x4@Q9q9FMOXzndRRv^3aWR|D2 zz#RS-zeih~PSN!Ccee@A+j+6&LMp}>wBZBpqGD-VZy^d@0=Nz-0?_C;e@m`e(rrQP zmBCpi&t@lDHEj&LV3`=nhf7nx7iTY?qRu9D-fwI9i_L&=qB+!CwNF-*jUcA!Zn1fbyCswH!jPw;3`~)=VzeK%TDuz`P!-b) zzaxmD=%ta$Hwnxh#~}rsxnCPm2$E1XSkyA@V!d%e&*|M*%#r?zp4WXWO zQWp&|aH0+I?_lU}u;+|y2eLyzpp7zUnrfD3?XkZs(7w11$OS|vcLd9 z@xtf0uAU;ZRpuTck!AIQmQu}b_c6`@3}suqC_C$m7lZp=HqiGVRgjZ{PO1BU6(|3B;l@cYF)BM zs;&YRPbCrHKJ~w?zPZe!71Co+0MQ$~Nl~&?+oZfgyd+8_vQ!6=Yq8mGWsM6a9}X>; zk_s%x8UG%u@V^G-{1bAFV2^n!zxSEV{<>}tbmxD;KygZ`ucrsW)^c)#Ue<%ANsXvG zuP5fUYyezNViOrvR&4fznV5PJRuTUKr@P1HzJ+s0hW3)dY~!azV7TlS4f0R}3jO{K_CYwT+`MdO7Ib z4a~npW+wu*)j86-#N#;h;>lAxQ{}RQGWXPnYwg;+V1&gS=ucep)b;z>3v`N! zTM3@nO@#&cvOm3aCJ8akE&3W4s1mW*0m< z&a=viW~yvF`Bl`>cGNKdHDlucS%n8MF9l=)8tEy7aHh2OrjL=w(MjauxkDD6FJ;%M z^POy7_z1nPZjc@+eOFTL@8a8W7b5xq2(9n|J%6lHq>do7IsL|6Wj3YM@vQld`+Vc_ zQeKt+;?wMgk!EzfC`4;8;*unGNacI-596yg$7B!D&CV`MiOk~E``ypk%l2dy8mDxq z)v3xz$2}-SIjb#;#$l+D0$6vo+0EeFZipTF!fsLD4o;ZzvvnmOtIo-2fOfYzQe4J# z^%v}t#OS1JylLkf)L#^@b%r)9t5UyvqrRN69dsIv`s%81Uq^R+0el-i>yGgpHjW3b zqLyUG9QRMM&nuu4D*-Yp*&>EmSZgXlso8wk>6(!~*?1lx2}CwN(&3hAAmi2~v>W@O z&TYV~7@}u5&I9i^56kKTzlAS!g}4@~gmWYasp)iNB8_ba<<37OcU$Bt(FdEKDPrb4 zP0WX6Hs6uxJsUUWd$?&tA4sc(wQ??G%FtNlEGo7tomy#zQ8bB~>SKY%yCPQU=ty-) zW0%_Qc*Pr46*+E^I+q4_3+@vgJmTeG3p>vYpZybE4fFb-hWY+3nT$^YSy~Tr!sgNZUNo%k0m^0 zyf~6@itH0{%w%I_ylGR}-h~-a(tbU|)LBT!g((+fcge|1l3r`B_UXf$aJppVoq3FM z`WthkAPKk~wZ=?CLeRTrL^S%fsR4#2v@mX!^}b#P(>;EL?kXFM{pj)9-leYl#Xjez z%=@s6jVTP?pfZ}7u1RFn24-6kmtB9&ru2>g&R%C1&Isi4?Jv(!8!QSg?vvo$o<`) z3x7C-*c}E>hg`ir#VzZl1}vleFPh~4wPF4rfJKd$Lg|z?%-!C|wewYGHoRMQ?9s2l z^TPkMweXlcWl-!CN`LhZMDA;qn6I}_l!#le*p3Z`?JAb#buudd3@A5}P@c+l<%$i{dTqUCaFr)iL^TSF{;ly_ zXy4c5xL#7DXW`Rr*Kw8Q((se9ZjOV!<-`8${IXs9Ko3KU@uh|1j5Ru~nXvEJtKHL= zBr8l+vC~Vi7SU~@iY}!7ldZ{7@R;x1uli03j&Gw>MK{i(|I4)W?;Y?@XvO>w_x<6` zx=ADid$7!tqg66g03=)|ZT^;JS|xs}nfweuo);o{l!s=sR&Cwq(BmB0>dM#*IA*o7 z+bM~Wq$P|f20hF)crGocw2#gX8-(|uw5`ibUwEcd$)eJug7OJ9@a^4dberAY6GUsJ z4Qf3!e5}8zZNWCX1h3&l*(OX1gf3=y{VK|EpF$vXD?Yef_ptv^Xech6_9NCO{9_eo zZ^s=E4s7`(V)Z=Pnp5}*)F4l(iE{bviTb-aej=L*w=Dyw|_?^(p%8SPcZSCkh*%EDyHiO1Ulka^pfPVwF8u(Y_SdS-K~0-H2<#t{In2x?@nQKW*$U41}v) zRQ28H3?x0D3~kl4^~J!3Fq7H-`t5tl%8iiR>m#^yToTtIpucm<_O9Of%FyDPl{wO` z#pvtNU0GWoR{R3UGIX?$+4=H#2ox|{hP*;utxBz$^7Y&C*N7R;W3EK3_7w5u`~dH( z`eNnmRO5%%zsC8vma1P?AD({}t6F;oN-|=RFx`2AvzUCtQ$fu5$qUTO4YqI5=2^qV z{M({3p!@AXw`|qZJ*r14Z=Z3zq_32p9ipP5OBQ>@T$Id5D_m{hhs9!5rE6+I4%Q(; zr3_AI;hA+__7c?|`%2|MK@F}3vg+mK#n(qscv0l_3>dC%IFt6$YY3#K@9qw$==#!;DYc_V}ew~>tXxG z)~@j#-=Ki43M-ZE{eftc&Ead;dHVwaX|r1%+B`Y}RLYTL{gZOdN+q@(EsYN*h+;C9 zYyv%p`b_+R4ix^uA^K2xat##OZ?iE=P$J`*UT&j2I&3iZ(6i#Lac@<) zP>2^5qNAdsbYBVEu~I8(xm#p~U)xvfV>@!{Wcp-$W;%|o!=V&X!-5J(!nys(?Plx( z^8yI%*t>&6dew`P8qg-pw=y{8gEBo*mxajaXE1~6`4X?T_1_C24A`eqj&_n3rCtW^ zK(!eImAUmS?iSiGwEM#@{Ghv0;KcKbOOm^eK5th<>wcaDnITz)vV(F=E>uqoYGJ`` zmL|}z9zFY_Mp}i!!YV^6cLjVt*)`_5tkV`^n!oQ`MHP0$-jW}>vH+mozhYzJ&5T+L zOhI`J-b3Ac6EJ%ell)2AB7Y1QblYjTQQp4s$HIsB1VG{!r(J(Ke3r|HE&1B}`F zz6X?8BpRwvD%=8t%rh89E52+8ciWGD?qVRVl_#9m$)E9yt;gG8Y~B2AGii(7ymx+^ zOC$dHGi&aaa(b>~e^sZ%FTZws(Vq`7<`F%_XV{nYOOkrmklmo#HgWIeh!2vU^Mrej z4c{IvdH8&67aP&^@;v($)APWi-V>h4Es;`BJ$+L`&1 zgmB%zo7{CS8Jk#JeMv@9WyOUWORwGT4K8>-aWYZ@;GCvd@ix^urZ3z2$6a zA7l zBag-vLg~^>#g7NYezNtc|&I+k`H;kNw95JM8KDp-EyL0C^q3x1oXR5R5khBA=? z*dC3xRD;Z_=YwjKPE=AV1cUJA+%(rQxJ7kqb!$WKRAy;i1)fuae|j$NKg6ehc!7ZT z-?t;OEDpQL?|O^E%)NF4hd)VoITVhGg;&b5pvgZrpn|a43S+iUkz*dK5^P>WUuRbVwc_dTbk-(zES&_WuFt)X}!A7 zie1M*wc?#Gn1AIBcPtF;8q%@S+1)!8ZkSg5TL|5MYpwQwKL7W7tmQntmw}F(gNL!9 zqvEcFscR{r&L!HtkJO)idb#_H*YaNB;Ux)%aH{+IyVmh}s(8WpX~gu=VN!qgo$9@3 zP8V^*7p0{L7v+hL2q!w>BUSrj73E^7fBW5?E%p@IC-(DK2G6f%o*Nm7dt!*t#S!of?wiaa-xEqsTbBDS4KkZ}R75|D5E1?2;N&4wVO1 zL-Tuov5g(BihpMXXBr$PkJazDarnJD{W`djuSnzxBo%P`Shis5<=leAY(D)Lpjd#1 z`8n3+C^2QQy>!HMV`MM*>;7F~=C{f<@O*_)MwvDL_aQZxBpHuwlllaw&(UhbkD*^- zP+WX$!FkF9VshNSFm_2|c}a32_bs39lBD{g^LI+ox0~mZL>j?d#Q!}l`_=wD;`owe zQ<)fT_0Bs_02!Ag7XoiJl=LOf?u-qtSle{eI%YC!!8ezcq@=p^&J_+r-RIYH{rgFolszkeNY zw9PZ^wGfy0D~Q;=i-O=pVxP!#d-3Rs+1PW5rtUb0B-e&f--}$wDy_2mcb{|!8KY;L z(*Jph>0b&lQ*xIif$sOhJHC##=RlvlTEhFgt}ZossG5zxo7LHS`PX~8|2{+e`_GaV z-2V}f_ha!My+>Pp;4qJSNHI2i8LMco;p;JD6#19>6q%*j-fp^?mFFwKQcj3QGM{a| zBS2J;r~KGsOtOuLlY|B1a7Cl0n1(#1JHHF;0~Rv%?$U~sw@>P6pIp!zx&1Jj>6~r) z)-dz+V)Fdy(GSIoC%(VW3m)(D?3~S>om|N0-(0Y-UdiA1^yA*x{0Yy*K>;?R`pE|L z<2m~5eCI&*&*6X0%%6+k&)eg_Hxfwiu=x+NVQKY_4uJK1O>9;3_0cg`j2?tE%(r;n zJ%9OWbh1qWgj(_2E;#hI3qVg!cC`Yk<+CTwJD$kG!%Hik3FM!Js z9k34I$dRJ}QN{r{96x8P?E`lN0Ki~zz-a*B=XvBf;0PlHIL=7^HT|CP_2`jffMbj+ zig9usIq_$nCyX@rU(-(+>FbOt)WzGg3cu z|GMge_3vJlkp|wBRs_i01S%;5Wt4BqUA?KGEGw@J0{%U3jAFldyUD2G7jI`7_mBOR zhm(x^C;u+Z_IJD;Ir60flh%oPb4}*IOo#6QOs4@ik1&K4032mHa*XN7VH1F# z!RLu1f6`w>VSGP&?D&b3r%siR=>+pN;H{G^ zMvqPjpjl;}#blip)GYnLX570h1hRF1e&#GY#}!U4VG+^mV&bxL@(PMd%D1(&b#(85 zAtt6~<`(xXVRrToj!w>SgvS$4FK-`TzZWlGy$%iu4U3J7Pe@Ek#-wEDOl8i4JCuwDvL%J9Cg zg+9^cb;!~2J6C!PaCG7!U>vYwxPMgm5KvFub3T@uU2VAao2tnn;J47ACB|bejsJNW zGF^N>Ib_A?;*He~0a>_!*xBhrfNs*vZo{?Nh?NKTGdNa=pOSN_x%O%ep5N61dS(p| z0WV!!HE!(bO>O(3Ie3Gb4m_>rA{VS2HXBwI%T5b1Jy$XQ{f^L4bo-CuvP-A7I_Tah zyz&k)-S@sn$EEG`H8!d%9?yIW1q)3_IN^_PsDDg+rC^e66SQ|M>fT5ro6f@=$=|w9 z)k$azT=j~i8ETsT?muvElzAnmre?0JT(OZIm=+NiRX@9JnzNZ>Qgu)$2%_bee5_ZXe~b6&s0%eEii)Ulh}=;He-YEkf$qnQ7FCnEF>P+@cbzF!&oIo7PPemd!3 z*Kp;Ji~rrvUHDBXB}A8ovU&E!@2!`H>im?Ven3%i(`TOrzcJixEJ6AEdE(>y zy!U>m_z0S;4r&dfe^)**JO-==}Xz&g1-uQmGo8_2k%UmZ@RG@W++ zZ9?hXagELQMQ{#d-B2)CVAPxcYBBAb?*_nY$?$?d!}+3g0GBtfY^WWe_8XY}wFmdf zk}d(ULk9s944XZ{Z(nf;$n_AtpnLS>tvz=c5GDTpyyM(!G>VnY zgF|S_-XEQLP{-Hn736lWZ&$c-Z@2jn@bs*DJMs{qz7jNcw5+Q;j{^mcQ|w8Is+#4` z4D1`IrU5S{o@0Kmw_Ey(x9cxu`~Okda&N@v_9_EYrh^C{r76#KMwO+U8<|9M-8C~2 zg;n=^D=nan^}GVnvG0%UY`!Iqtu1lvFJJ$+s=6)u_TFE3FMdhLiYcbGf!Au4k7Vp$ z=gX#=Z1#D7yd2l@ZeQ=x$B-@shoE<_B74fLf_iFgHs9y`s!Jk$*E=+5wl`?$*@5iq zLqJmwq2SWiX@>cf^70Q#HO!9Q*!^PkL(g@4GyGtSt$V++X>9Fl!{&QN4)vi4*X?zi z-7i6rfG0M8)2Z&SViqbt##n-SvJU}c$M&3eT|*oG+Rl;Qf7BQEmxi9|Gc*v+(C?*{ zoW*((Mki@A`s>uzr&HR$SYZ9Pq8<&%6@|T>8~e)|EzuQQsRscZ2V4A;zwvVX;^3dj zxKD7?Cyr(a1DxChEUwl0x&A%(B{#Pc?`>tBi%=MB39K3YUG9J>s7+`0VDJziCPCwp z8Vaer6g#|BBC*8~@EZ5huG3y_32ax0vnLU>5ck{pD4DX^cDjPowep1?o1p$b5|0II z*qyrSE;O}b-duY-kYy=CK}}n9@R3r7lR9qs!1RdaANxa&pFA>aMAaH#Z|AC_M^M|( zc0cnfQ(x8II(q!$i#MRr1j2;-xvN6wFRg8TIu2|N89sfM`4785k5&U>C{xeQD_+nV zdNj|)2csGPg(u2?R<`s5t57oa_=fBej>IvI@47;hQUh_+%;i5?Mm0-fWw^h;{^Axe z-^F_5o(@AYV?e9^7|bm4*_-6w+Z2_iXkpinCdJ;4l^nne&Mtfp5$_(liyp-g`k>Db za5(rE)OhUZPx|?Jj6ugw9{))UD0$)}14N!ZbNbAgv*$0JKYQ-txie=jFkQHK>GEZ! z%V*CsvoK#~VWcnri5h>FJa+svqu}LpXU;M1{uk*lsPX-A2AX03reCO$n*nW)GVs+e z$jG=JKXL3QW@JDw-OB*LiKEAloMCW$;@EKpTKokmnV4BvPqQ(A;WhJIs(^)aB6ded=}iLN(tXt^D`zCH;6)S`F?N5(sEC`$5(6*|2=>*{X72umHeNtfuj?V zaPz`aGkMP6Y?bfJhtAQie|j^~7Sb0lwt3lr3k;TH_K=P3&49(FeO|Va^wc43CP(+% zpUpJDD6$#fH>t0{H~$VUZ2hVn#B@ae85gn7>}hf+5xKCGxGrz83T%Luk=GBU*r zTM>_cTohe*PQZu{BG4o3kdfdJ{-_Ez2W^6h zHnmKWT_04=$QKRCRiB(y`S_WhDW2TWq*)fnud}Kar!iC=bqM&h_8ru=YTx+Orh#vb zKh1aFfFFZ?Q6bLv!4wIW0vD%k5)%twfu0XD&wkfcj+jPdSg!_e0 zb6f$EFdttxBS?1?vwG4r?+Icktj+*?yKy(e-a?oVa`|pwS9M}B=X z!Rnaa&`Npi!qVTIr6#9^xb8dCq#nG6_Kv~z861Y;Uli9Z8beN`l7EdhOI}^GK(^>pIjVq(ld~d9d1%T9K z8N(z$-O%-dm#O7l2eq@0o$T78CQ^Kp?mAn!fTwctqN6$t(jC>2pqE>w(B*D^v+abg z7vDDzH}7R(VW~>aWMNriS(Lne=BJG@!$0}9Xil!g*nWMqxzX;Sc?pSC`Xl-fFhk%n zwwb{S)s%A^*Le^YdNPTwJG%j&+(8F?F@czhnbLxm*%_im(8rn)9K96uEke!!0I14= znH799(|>*UN>tK?Y(GzktdL@vfSmBzfF_pLvBvsZX1UL!)ljNnG{ zP%3%DTH)kMxTxun6-~^atV<*tSImX>%{y83E%>FIL&C++UpR+^ ztHvh??Y8}--L@w4qJGDUNa&4!D5_YWo?|82)k9TkKT=F}SW~X5Xk9i^$117>LX?f@ zuM?-lwXMeSaZitF1!Wr6_7HV_f0)heBymu8f>@BQfmG#?HF%$)zC_i09SQbbIZxp{ z@jp9`*P>6Xwwk)w_=fB|%12}7Yf%>_*$wa&l?BEOcK}buBB?C+zV1qV|Aul=0=p@v zp=K)Q=T*U~ybOmvE_OP_S43b55qw&i!b4V!v_D`Q(~-@H=HHYwE9gPh+l0|^KiB}6yE zWUP4e1abZuJB!LYu04Y-hX7bJitnPMIBbkdLbmA1hM}3`&XRKx)Lg{LD`XMK0s^uW zhkb85+Raw#)+cJ1*PPQ~T42H~)D729VPnfX-9=L>l;U#l6l~kz6e>50;UP7~{zz%^ zjwJ7sW)VtthQY1P(elt3YOD*)V3R$yyO6Davu>#piE<)B3yOLR&KTNRi(GPH^d~1GC?v>cfHp-xIVb0 zaQw_f9THn!((Cp71R12FwvXZsj@V)HnA36yA5b^HZql;LQmfU9Pp@TNb}781 zX+8v#JUmcP6S6|%Uc11;EUcX#lBD(77#72)jqoU{rL;Sv&jvUq2x|}9Gst1s{`%@7 z`;l04?=(Wg^9XZv4et2pMRsiA~o?WyV0xnx{(^u&0Pwxg{Sa-pJilYF_#1%-B%yl0&xtt4TeS2kK790C?KHVy$rtx1=t ztF~XpE=oJe_*6vQ;F1F|MguIo&AE4!>&99XH5+y-2ph*h3o4)xM2qM^7VI#Q5lpN|uA6+;%BGlj}l`$kE3=zaED z_CIuTd^c-}g*dE6b}IPK7QUvYVYpuu#f7TWKw zU9IpG&E97+fe;N6*+{8n+>t}Rk5jM%mf1LKDLKz+g-b!2c`g0!Bx_2)fyH?<;Hqm29`H}aa#&g!T{}4D5S8}JUJvv86VpV zu9Lv%8$spljq!4tEs#GaYsPSAvzl+Kr$re#2 z)QK_+G{0bY#p^~X(R^wM4`>6C+!xrU>z*tYty#tUJ?o0HnuR)k(D#wXQ&)OY`d zu&At9_N{ARxs>yL*?L;RA|GA|uROhzJE{O=8naq_mmUZk$n;&r&-zsstSIiyP1wX3 zsO2S)%Agb}xseGH?mpBYPf9*jtJ&5QMjk7O@5r+Dj`W&HTt8(~a0~Uoy38O}kdUpp z7J$$sPT6Cn~kYPI$Yhl{`!;_tLq z7Cj89KONSxXo(phYBl@!(B<|t7L^xOgG@JJvKS8*b(QOfDBl`FWus(xqj858=GBog5%>il4G=iErt=f2Dc}6eR^@ zLNtrXk2sl!>*v|_-b*(Zaiu|ObSiaF3&r|PT%IPG_N7)zt~@`ouBN+lPgR(9BpYFA zQhK-SvjvPPuuD?n;U^(FR#q`AG&QRwrWw%+(riFOblGO1+dKI$51Z#WaPN!0%teLU zr&|b%NU=x6RBPKxspUDAf(E#UA-V6Yyr>RjiD1*PURs_G9&_Yr3h2 z1-nD-^T)BSOfy>LYAao{tbyzzD&4zF6@|scyI7W zXw{8y^->Hb=6jGNo_*(0KE}CH#yc3%}-rk-BJ&K9OpA^+#s#jFSqqH zjxOOGl70y2P=`k+I^oJvFIZQPWN9273HQ>y)oDDEPk)Vbkav7(A8PaoZbH~qlEb%z zio81+=hlAbdX+~aT&|Tp>Ht2w7P7`~u(CAUn6s;EaKhKDlU%`>ksN{(Gy*TFt&H{p zt-KEb9%i*<9mQmvi~dHe>u=#ERQyc|O)nH34DC@3zhU3jw$`IQPyCwOPh3c*BSDP8U+m1FgrTm$v3aG2*#RopNraJb_U*)*58I#GFpDWflC`}1cTr9@iKN+4 ze}vBgVZPQtL)j;3$|M?&MLv#`4cGVfA;1S%Snv!x=>;5Bu)CUEIbLS&G0h4P)?VOJp-6{s%gx1`~m zoJkDotc1@@7xSGGFO3$mo3ObkZcf9b!o-y1qIp_o3utwoKu~ON!z&i#7++jq-a1=%F5JS;%kmzyGrrA^)rTrLPYl5wF{r0Yk@T_|b`g=pF! z?FaK?V~rRi{~G5kR!KivZABOAV&fCKZ~J6sO-&-QyVjwd#@=74HyQ_AWRWHLWh*F$ zj#eu7&w9pUA?ads<@PlKTEVOfJ<8>8{`S9O_KQw>Tt+^yf&YQL{>T&*oaxfPizj*1v6kzK5Z zTT^x44&lM}FNJDC8lXK5pd&ODR(JbNr;U{0;v=7P;zVmSiu%;tE;jRE)CTt*vlf2$ zx<1wZy=Ou0(*0wlx*~>NL6-S`UwFfmWck|T|E1G^4XJ-w)c=JJh40w(ZTq1so>571sg6{o`e?&1Rn9}*Dmm`l(l>_C5ThAV z{x10ta6i08;7G@N#!TS(;+C@vkxQFH`vEJB17U%y0WEUyy2L z3BABZHu1fspx%7SggMHrE#jM#IY~-f(>T&{k>RZ{oLnJoYe%L7VT=H!k?Dhx{ra01 z`54~r*f6`(a(jEj4*t~c%VoYVM^2=S0C$FK(0Jv7o3^^C*V4~Qov*KaLm@fjZiuTi z$8chtmjuY=CmajOE8Iz4R2)h#oCCqFQY`AbE?4D%v8O92u$N40vKQ}_9Z~!fSs&+$ zL}4IF&}Zrf)C~;c)fp~U!a!_eNs5PnjN$mr`EqmZZ_^o$T95vc{m(N09UrGIP3s-R z1esmuU;BOe5Fiyafm%HTpbo~aoVvtl|H$`qpe_5Uv3=7Q`yYKSxdEm)45R6|Mm0B!p-;8ME zMjYCa^=N%}yNaZW-b+tE=^zB7F+!o7!QQ2|cb?f>eG;b4n%P7`LORQ5TRlT%`V)LPcV)aSDvmmnprTy`ZGZD&-%A|4i_lfh5VW7uGB^14z)?nc16ekLM=h3%;w8#tU zSZsc%k&I3-D|eKDkrXUK@A$w| zUme-cyHLsds0USj>1J1ef?aRAU$MWov1)_E$|!ybyc2B^WTJPBqvi8*vl*Yr&Y3xC zrEqgN=|cJdOYIKVunf5j$(^!}UUUxkQ9p^^fhc8s*ds zg3`jcwX4UEL|A!egJikt$NuA|WvhU5@okT_f|+uGd@2{>kTR6hvGLc$+G1k`7}OS0 zcI0`ERh}`HdetzFxbFzd($sk+;W_noVJ59DB5n(+TttiUS8~F{Twz2S95M44c0)oy z37AFoRpSLF%%hhvH3GN4XC-p#;q+s|81~FttvWlbLk269En%sB9xb}&wJg%<1Oi#=&s)|RLNXIZoM6C0> zo!^MiD$93+)08%Tuw5(|U}M*^FV=&EX(fom;(M>BhCR1(e0NU9;rPS_J%ijC_M-l| z=>F-UNHERl1+(hl`L9OK4jZ+v6AGn7@kXPPA>>Y7Uv`INGwlY#TssM?iQfFfTAw>U zG`AOvGevjnA@SnvO=6F)&7PBGzJoEkPRY?U=f3h!9rhRbJCgPV4hrsS%pMs(_&-i= z9kXNR+6j>Z{Lm6E-cu1IXH^BIKFjdB><3oXkJ8F7m=_Tugw ztv-c~lU5igOQ*V65uF!P5t6Af&0TWUSQcN|fr^3ox6~3V&Hf5h3Npvze*f`vs29#g zb40lb-fPw2hSi<1Lr*7Crdp9VklB3Oe?;`@^2>mkK^K>7n_`Z(RsNw@*j>=TmB5tb z)DyM9>_CvrjhwaeUg1VN!r~KlwH)n>S8wuka^-x6J^&&HUhW>X!sD_kt`E!!C*KfC z^H8|j=_!8ul4I?ZGkilzN(&MiE35bi3ELfm>>sQ*fsYtci}e_93!a^xR1wGWnR<3U z$?59PF)@$=T~41(sz@MyUn9)Ca8ruE^MmDz=WEZuOcI}oj-PXEauXlc#@f}j$&5hW zG!B+1ad8Fc=@~I++eco!uE3*}4I^E-XX8IGHDbQOr&&-MfUQe~F`P9WdCF~l>JR@(Wo?OtEPgP*v<|d#e@y@>3 z3LU$Se(XNfUf(be;i zJ*@SI;i=S_k^cNoW%OyvRq4}&*qJ^-Kt2xa>$}w)%pV1;uJ0|r4 zzxZ)=uz5X^Wr63KjtD~T`JTC*5)v{DX6{n@qt6)xe(je)bG20bV4eTK%u$SBMktW< zv$Y0|=%d+%nXf-6?of2cje3rGE0z zSiqz?For9Zu7<^U3#-k>0EW@kJ7r=&^pD=(Z3*TKBYZ&h{JubAzZ;59Dg5Bs zngTL6kbfPKW=zE}8yaCae9ll1we9{LO;=>+22SwJRnED=qdpBzD%js#Z@mkV%}5;b zWx4Ad01-Kd^e>jx87vZgXmQXszH|s+%Vh)|a~;v`V6U+^S{w?(CZzCi>W`Rmt{`{5>da^U@TFB)*0ncr>LbJl{5B<5mV zE_a>Gpf!-{d*{t&t}VPRa$4ci_YQ(M!H{^}u>35Go4%YJYezwqr?izc3&iM}e%41B z2kPItluTQ&V4&60serdIX&)gV=VR zaoP48b!A5i2K&!{vq=99-}P=R8u;xd(QZIUy|=@Q07>>dVR}spV#$qogOqW)8ZmM! zM;3!He^k{Qq|m-_D&J@yPcsO1iwsOn6VL7rqN`6(xp;zA$mK&6OFS4H?DkLfn@1YA zjSm62HZ;hoy)UX7oiCuDOc55Bel zFI(@>+V~)-!N-~Yru$~q(+01Yw_dS*HEmDO%7e;xhCm%n*CPM;)DeXKU=>+SU^~m5U=-|G?dz!yv5q`?0EEr z+3)0l!;KR3CyX0K)(9~lg<=OPI{MOwV_~LRxhZ8PnLQ;q3g(6-5w?y)dZp4OSX7c1 zX+Rc2Pr!l|C1GLlyc^K_vY4A4RV*P<;C2Y*N;GfS6Gys3E|c(eP2)jk|R8M^UoQxo<6=95jzLX%1G zVUi0h$5UpiT6T7Bi4YROjX)={zT$$?1!Xb0tK<;InoWRBk*C8in1chv3bhb+aUM&D z3E26K1@7;5x|qY^MZ4k)$yuRc;;$;*4Fm;6AND*`PU3IaxLs6D89D^)3WJS;rXpT$ zl~L6slGw6oM6IT#?;@hLP^fR{k3>c^r7A9>(SnAkVDslHe(Moe13 zl)d182=P>#u(cx_63c-=^lvR>6DpA4W7s(}qtpuOy#gm{Ew%a*>i285U*vg`2&7P--}C5MCekSn z_;^lV5?4Xpj^tB8>PBI)uiK^UAx85070(#~m~S$^HO6EvuZOR9Rmw%0D`?1N*Br2o zE~?W)Gi?PQKlq!SeE6H7%D;N|)Gxz466891Z^XUvfzF9eXf)Hs)H8utaf|_S;B-je zYnsrIsA;V61+551gfOBL=D~PLXchUP*0!A{-@gH|USpaNu}!Fi8sJQnM{z&nf+tBi z=$$4;72jLwcS6}!LSr4Xp{Cfr+yP;oSFu+NP(`2WuB(a0#mw(X zONk|k+?lIIi6}VFErNVgmP{jC&1OxDC%qy+Tv>!Cha3VlHh-8K-H5QRo_Foat~Hr8 znu`;z6PEp4J@K2S@zg8s*JE!77v&u-6S2aK=w|pejT`B$U$mv#Yb}atSnnklgKPn{ znV?*hlM#!gdAaL3mB7`Og+#9To6<0QpO7b?^)|#zJ3LTTjL>&^yvU$(ZtNR`kRx0; z#~emY41t=hNMFq0j&X)bu&I!EIg>UC)LgsL~L|F}G9AViLT zB{b9}F36xI!E65PFej}01QAvdlAN60)U+8I8VyvZ^xN8ciV=BqT58eByC4FJN>9IQ92G<9Ptv zAa9`lUAT7$Cd_;UsGJUE1be%h6b5@@p(jeZoXl6P1?P8}Ra7L1u7nqcjUM+a!&R^a^66UZl$xl* zA+zGi0z0=ZxXTta>;Bd(+9=NLR`vDXFVcE%hx~Hx=Dr{HCCXPazic;VC5ZXvfCOZu z97eBB?+mcK%3K~)o>^gnhfTHzXpx(sT@ucbT~1a@gQUOoA1lj$ZqjSjWxvw}nJV4@ zvW$v|HuQ@K*ansYS@=Y_pok}_x0)Wiyc!~lX)vq{1kG4ZWwP!vGwl6PmFTj-%ol}v7wU%epa>Sj6?~a ziOm&*8L#O$YT3g&Yu(=klA6Yy_T&xT)oQ_Pt5$7{7~$q12wl*_vVZpn_`VkrrE%{$ z=E-kCBO11;|7#3Miqp|~1g#RX^c~Ihrg$&j_lna-h5|pX_?>8hKyQ%} zk{(zmn}ONs_jKM25#;HiZnqxv(TYr(cfHEh$BHa`eAnBh8{>PKOyZt<>oNA!{B#;D_@&8(5p1CxCe(6hGg0CG+X16z?o`31+j$>t z@Q^%{RL_qBa@R;;`F5I6{0k#N5Lk+DZDzPT(eW#eqof?!1&D{Ni%zx_xCeSr`SAm_P=6;|ivMC#`)W_PVIzUWzC;D( zSN!ylz$hwXJE<$}mIB8LA{DsfsZ+6TiGE;m>FvJSOGRoZNcb99ehm`x=N^i-C+L4{ zM?WXURFtiw)cp;wxy!|QFeBo6uyvr|@gb%`xS{Gik%*AZ%Ihy@tcYX`z>s+RxEHBp z+_CdB?JQ~&0)k{Zm5pHM7fGiwv4EJkhsiqADg8+0S5CiX1$KJ+ui4{xhk@jTC(IyaarEOg*t)Z35C#G9FDKt>>)G^W9fuZT5p1={(EVS9t8~82w*CgEZO&a-FyVdQq>2nbM*Z};oU9>A)& z5J!9OVTM~#_>gpz{}ODp0_(SX%f(h&e8e568TwQ+Y+c;GBilrT+o4GWB<|bt$=N|m zZwQHy@-y~>l9(_|@Ah_f0>olBQW-6H4Zs-z`k;4FBPLAB!<(a|Ix*||PmKmmWLN=3 zoaWVKEP~0wkRBN~!2V_~K zG0D$m26Wj{SqM+dS%9E>@#c;qc7v9`WN)s({TgC`Uqj*{@2{bD?3ez3{{_-+UaSGC zG>t+u@{atf;{D&c=5HA0Use4CwEyqxilx-J(xmF!{Yypt_A4wxwpea-*BKqc4G7p< zC?x!y(1WI9?W&|hKxj?pe$DRFhdio`#q_Bv$)54JxS$Q=OPgoDsIiDw+EYsTX7z_3 zS5JKDqq3csx;a&m@X0)w`JJBTo7`FiGB1TP5lWFu97LcjV)n5UYuoI(%au&*jdkB? z>5jQAc*d4Jef<(-zeuL!hF1mm737`$rG~kUeT}a9gx5u^;;e}OX&ndSDiPcnic0w?I&CO!(a3(B?o9wmhEPz!tB$k^8A)8F>^iO zx@><`!|Ece84g^v3z;iM_q+P0=uDbSs8bJu7SH8YR`5U4=R3iUH>ng?6EAK}&Y#JT z<2FI#U*?&P+t0J)_gMMH>fgDQAMq&;dI)&-#jmxmpWKn%`7cjrQgY> z1_^Cq9NIXa`Fd3}6Wv>5ur@2TfOj%*$cvY675hHYn|9gc8*56gHsnG3`Ht7^Sq5*x zI>}S0oAF%JT>8WDFSoZVFWorxs$+wDqHgx2Mp7KTA{~W-wZtFYpTHp za57bEv=pB?&QiZJS^5%D^~JK=R0`)Rrb1H~$`~QQP|;mo*Yfn45zH05dnXp2q$)&K z(8s6pBQ~nwfxWF93d+FM99Be(T-xW^8~4dWp3Mf;dn@_#U&CShJ`;A+#h?AMYl<2F zgD|j`xi%u7qMXCWmMcaUndJMS=5;mQvqq!TMc!$mv6I}6-N9HcDUGLWiF4qUyQG9c z`L%h6i*;vRkiU5%!moAQZ%K8a2+h30f0Pv#Z|kydXAfvB+|`>;*(f*o- zA!@-&Q+e}x$7;110r$>PYlD1TFr;!cd|$Xb?<3~Vl`hlQvWewYay z=2re8>bU+By?=dM*jFub(Q0qjp||+LLP}*$+JofCh-}JQZ=-s@U%BK4Vjr9MV0$~F z7CKyVzh}98jJ@>H{^#7K*`C?rq?JX2?@~QIMT)JNJ90C#WN1#h)HuO1(z33a^H#&W znVBtHbN7QYh0?6ACl~BqPyCov#r{ESMj|L$4uS@bh|boBtuI6_icYRR%+qLmIJc)Q zu#t+`54uz+EFk)T*Ke5o#1$6#8Izp)q-m+(so?@WaA%M1%I0T~V=6MPFOkY2utcb_ zex)0L!>>FPW4b6|lBPSIbV7*?VcneWI&rmgP%dh=@r!K_G_W+V?qTDVMIWN|Kxq4b z;zZDJMESumUF=}WP%Cf~qDHrM;_vq^;aVi@y7UZnx@#r0*18VXE_OkwrDyZklMPG- zZbf^Q;XEFw-;T|EM7r4y!a8it#NwSuvC%dc;T&ITSwmwftvDGcMCPxj5v0@iF z8q60C0Z}4uE+uGQ8CP@Sl8x*^5NeHotmif95v116lHyzaA~ZpQU?FFi%gbJtj4j-YN?RN>)`a zHZ?PTVXJ&Id6$9?W9EaR)`>dC?b#M(I)=^%=)+NVr}zILNm-%a>Wj+u+q$ZG z#JVV~!MBxXR1Rh>%Kfz`9D%Ontv%A@8m0S{NE~0ew|*t!6W&zWb4_jLkxstm3&Wa+ zczZaG&^q=gLEGUxRs=jo35(&B!|E2}q%kEg!lM(w^;Ro$EbwBzv1p&DZ2<|rQ5kDw z)mY>3m%cId>Y`;xs=kxayB$Q}s9ojS+W0JFKy{6L5QDB=XsT&lsoshbwET`*_(7Vd z6CAlE4R!aOnQHrZs=v$x7D~b zVvMQl6K`C3fz%CyI$}oJdZFYY-~r=5Kc3C3?%+;Q13WY)Jxut`C6(ui7Jl^s3m)A4 zlR?e0#skf~!1}d)%v=A6fBECtPVjCUw!E4ujay z&jGJweOO^wgW>%3f*L;CoRn-RQokjS8DsJ)F5e(W4LJjryLK`gq^W=7{j!=}zsyt* zWE%IOQErp~9$B03=ir9(>P%F(=CPSjA?+&_Nut?G){WFle0?%r@PF*gJ zizmy+hOFm@e|gg}W@JBXF7t>YT;+U=McO;&nx#j;rM?xkI)`YV48nb-ik=GXDuby@ z(j|Bo{r70Y7G5KTLtc?fiE+qg!Dig*%3d7mAnHlW=E9AGMrz8E?m8-H#M^3Y!mFefLLn4Kohp7+V~x2|Lxe!cOeaz9ewfZ#K zCX$2SX7=%b^y1Gwx(;EDL*D@zw@b#Mmg}r&K52nZR&KQ6_^1&2pa`5j<@*YZS}Y=J z!k((1ZCk2LaCD`C(G;q6e&l`)tMm;L4x3N{A6yiRe&U#E2LeIqr#pEd_hMLg9TZ-&szK`z>&BBhhb!yB;5 z;ye*|n8I>4vSxBr!EZB?E)rB+)3aStLh-PISKavbs0l#|KUse7k3K)co87Dy{T+RK zXTu)ho0tO%A|kZ_pL)TX)ej`v+^edsCKy=e87$GnKbmC>ShNUpew<=FH3d z96`%A^LUn%4mm65chzxmFRZAk*7oBSuqG`En(p3TlhW*huqm)B_Os(bjiC7zI`i@D z1BM10d;Wo$wAbINmRCzdEwCTVu;wmz#YydPVkIU8&bWhfu{@Sya6gFxHL&sda3L;t z)wZ?oanvenT+4c~DEEcAD8}xOQ7LeP4`XMZT>G6!sKFt?Pjtw7fu2~G=l?w@_y_bo zU25`vVZZGVF{MlMsIzC3R25WtLHOE}&@P=}AtoFwelo;WeN7H8whw(3M6b6v75aj0 zTLJ630({byC*Wr%FJWV~lphjWQKO{=-EumCgl8oG$fQ^jB$aE2E7A&Uf=RojHzioa ziiW<1${CGAZ$CyGko8U`aT{TwS=Tk+VDaU0`LQiS)qc?gH@k!@F70_23yjy23VC3C zmX4}zlc zIuqTul<5;Si(EZFVg$jl;ezClYSQFP3CBeZ-A>2^!B)_-;!euEvY(@jNk!cZvYy&d zxiH{U$y!&UMiw0l=rl*Q3(H<#zx*?|7hy0 zbPgg*5{#TrtmL4%KHc2%ai46p&L1-)=s93o^>rqGgtw41nC;ME<;XFf_-%ZCB$)ww zQEPh*!2?SkW`!269bJ^goR@D)&pxlIFExL;b0z4H z84<@u9D?oQ6#6?f11EulKtdoqhATq*ZQsCZv2cpl8e=bPmA!#XKb zL*hlShIpNl6r?N1gp1e&ZNb$d{1N`G)uagtc-R)|9=CR_OM)NS$}7$?|2O@MrOlOR zf*;uDO2;VW550UYyI`D#zA!uLND|h-zZnmttyZZ*uavacNd$$4=OKYCRL)Y^&RBq! zmOhCtAmH@zJ{u{|&yF4hwxqAO+Pt;QYOUnMKS(4sngq<7w%iR_?^7qsZw=yoI+ro` zb-`fE$5}7~&DcmO4U5bSv3XEi#XTIqyd;{Vh)iFzvd;{Ta%o6eVf?O}QKK`-s$cok z-&|ear51W%tH9^_Sod@Wk?7_FNmmeN4}U7}WF zv!~6)QS-F45$1#!Z%Xo6chWFmS-HD`S_&BmWph0(u?zUquzRkWX$BBkMX=GFrAUx@ z1_wvFYQ*r|q;+4BZz~(o+!cuL)YBsC;|e5HLQ*!gQ00oPG{n3_!|Xox^)uI@yTIZn zXFZDg3A+eSmgc6!mr7A%{rCC6K@w~_Les8(I@0@qs?;H1z zn=u#z7}+~3Yp=bZ=b6u(bAg2hOP)@9Ygb~B6eAVWZlugWfhwF`AdH#8o&#TY2bsklm3)z(8Nl@Qo5UWPe^j}8{Dk+d9 zD~$)K!3tn6X(fv9N5v&fJjH$};LR0A)dMX%ch+938s=1{dpl-KLw~*@tFjYsdRLym z+35TldeYHvGT_0Udt=cF<5jiKvIBDcNS*WQ zPiMX})jAc3y(Y`?_NRht9UPTdk5J9Z#mZDd<>zywOr*2kWkI@}NSe`Wcq30rNveLy zTga2os>sf{_kq}2=X^06$1eNWt!TyzG%$56*SFGtG>PqW1jXQccnn?fyxhSN@zlQ1rvE?9;J58`Ia{G7a%AKuy9`fufT zGWBux!-Cc(Z3BI@jaX@ck;(L$Hz&qd8rzKHl-4)b0rK;PH-j>Q6*EwZC9k&&b~ZgX zr*@GUDpw#)@UENBLT2mM7DDoLjXS+|;|!+0wtq{WsI1EOb3IydStaI8Pm&?om>hO8 zDzeQdzq)nKX8|~W_o%G!<+T@-ZPTrdZJX~*gw?XSg->=jTgFE-t6#4!e=7L2`~F+# z-j%S7t<|^RnLJiCzU7C_-r4#1tRn~25@<}mWuw?YU^V|Bu$p3Kp=;y2BcQ4~MYGjR z;m7gH!51E+!H1*r4b3t&c0%&HwkB^;dY@Rybu8!wEN|Y7Yock+4vpT-c&z-ng6DH_ z$WrAjLi#(C>s>@3r%flZ=jd5=IZ$O^{L{?Vg6Ef3qph}rrcO0Kj8C%Z){m&z1xR+s zcSi&T*$P~F_o_5Zc8gg2zP=jTZrbZ+XT_*>SFQ8$NnF@hNQ5+!8kWUKi*{Xip2%30 zzLXh$)G9i0_H~@+$V>8#hYg|}JZPCViSCRHEmBFYWWi@?54p0T_JOn z82b_($2Xsw3M%QF5}Ea)HXHZdxs0!F(EsX7s)Wb73hXw{K9jpLs*GhAC7l=9YjRRw z@u!n5!1#-u9HudHh|FrV@nWyk^|yU#*c!@WkqBFnaiGF{ZhmoC_T*k*TXEFBU#L`u1aHWqGd?9L1Ml|Rq7IzbXtrYMui0Usq?}Ih6t##$qB#vV8t$BuZV}^5;XV467c~lIVez5 z_Imj%t_@ZBy(jsjq*WgjoMddZsqmz!3PjRZC0TeOGneCFq?p9bg|A&J3p153E#tBa zM=MP)poI~jma;+quPPGAJ~V|lwt{PDt;T?hNU z3(*=upjrIW>76yyuy2?Szf^z+5g zn9AiYwcusMRF#z9_?rZS>$zca@C=Hi9L;L=k!YoDCl^wG8d&JsGd!UlDy0&2}_zN|PU zn}eHxL#D9>qcS2lqM+59awjzv*ZifY_l^BPA;lC?W^e0XDJCx$S7xe}Ak zZL?iTTJm~iair)Khb(thnU@Q3H3K2u`IH~vlD9in?89)DQq7(WSmXHOx}A}zb?^cM zPW_Kx%pdMBoMRFXGgwWMg8MPIG^_tR+SAzR6WPb^>N%s?)YH*eVaP(RQTHfL1hWqA z{u|f}c|z1=d1M_Uv{X+hN4er1(p#gTxp|`imckRN?Q<86Y|6pMt$9W&Q?V)cp8Ohd z-r6i&pip2elm(1DeNnC%5CxJF0*cnpV@T4%jGI2qU>dG(%``BQfButmfA=<%cKMwD z>EFoDg=<%=Gs>@}wD(x8QXIyqYM8!%WIxkQPu)>?0}s9@u|9pJHRrPEh%8vb6?et0>aOPRZfd{r_v^EIY zC{zr+PM$Q?$DOUw64OO!2mO6y&Lln-;sJFU{s?RoHOlc4(TkxtXvZK(z#oq1NuyGsF!d;<6qJw7}`rPTM>) zw5xB+ih_Wn7!t)usQfru-2I6Cy9_d`l39Xc91j^Shxf zYcp-r;}uqw0}McA^W0;{(i7LuN-^@K=;-JXT?3cs=nrgbEC__NcSXX3mmsN?@=3sC zQd$rCGCycEw_zu3BvYh*LS)xRiLKoS2o&lbPRVypiw6X!wh5m4JR$J#5ps6v($xrjV7vb_9WCsSjvS7wZdSAkiFmcAvq@`yZLv97N4e1?K_d+sWROS3fMun}v4f zBjI51U-kk zd43%vX@D^=z7Xy;8OZAj(E}EvE#ZAOx?hTEbE8ra(hwGR(oY`LhLlp2Np=;%P#cb` zy|vN~I&|z22G6Vo!RkBOs-Z7_`gp$l>4K?Zji{)Lxh>G#I6gj};kwy(#F7esZCB9d z8;foI02|4ZGY&wPAZL=-Bc)Lq!9(P)*)R{75?(#-Qn=@}O9GQb!gPV_xX6f2^vF1O zsrf1wf4!YeG};IXRsAo50+vMPGY(Grr-CCwthbaTOEe>%zN_aKDUa^Xn2H4tGQ3Eo zgvVJ zvK@mQnb=b?#OKO!5ka)AF8@jWyb0E~=Jmx54AM^{u5`N?mReqWvcKegSKDQOgYrX` zWQp^q(N?4Grgf_r6rdgD8b2)Q7n?XGOKexh5v2IQN|Kp|G5Y$!r^yE^++T+ZhR?r? z!}qHT`|!-Ua81B$?1MOROr(+h>pSB(LN%@xkVx<^D_%OtqKOorP8A1bI?GKQ`6S zj8D46wrVAI{>HTwKe1QY(^=ldLgx-$)`3^ut}ZO^M(Wc+tddLhX+$vC93?6V0`bIZ zlJWT&9T|^NlVV~FwhG6jqvM_SuWj-Q9Awj<_w9Xs4(S`#4%3#{-6M{X?WTB&KfH`w zmO|c)QzF95Ye0x%h3@F+XWbEe_R6wnPk24j#~a4B2juDM7pZ9Ng@)9+nv^20efjy| z%M1V4+n@F46+Fmdz=#X!ve<*6r;%U!>U1I!#mpP*jaZ)|`!e7Ktq!Az%D9PM&A#Z? z0Q11xa|Ig0BTPR>dQXa|soZMRIaX{p(rdO;I4=2tZZ^2rK%>KgNMww)=&+C(dmJOW z4ea$Dss7i)FN}E>pK@X77YAd0moj~3CFi{v9GlCS`v(D|OZOV9y|ZkH_1D<$y%&9l-Y_tO;z5tMT-}k$5{)c3MpK$Bj1fwz5~AV zIYVY89zu9gg7-qmd~)gul~G)cX!s{J6gNE(9g!AGWk3!ip;A>%TP{gy4bMf?*A5B{#aZG{zy~Qe=f%V|5X1NhyOn?S4Y*B zxO7Wx()##{&5AwWFU;dkqFYe*dEn&Y4Kr*(aQxT4qj5p5-5 zi|RsT(s&Lf!8j`8HJZFw8*YyhfRzNDQAoQbM%W039a(t4{3IQRXD(ARR3v@LFliS} zwJz*n9*s^jvMN4#awB*zhcH{*l|eD}#xdN#$qW9G-ODNk2rh)dF5V9#t7 zP9xgG+vC?`?wnGhr4cy^7~O68`N z-et-|qk_P}1$j#{VB$T0a8VDNtb%2rEO}EOMd=(IN{xm22!ZGdLK_E$Z<&Te!v)HW zvwlx@F3qV9Q)Oa6FwWe+hatY6(3b1fxBa@P*GIjlU)H&3k*f>xFxdgM?>Fs|RufVZdvJ z5n1Ma(f$~@-Q;%aR>dYk*cy5ky|P`tA#a{(243cDc&Pl0s-hL7V@~T@208O3O^H2s zS=ZCe5oUeub4BxtMH}p@d|87D_OeO#M{Ww&d1`y&*O=tbE%>9Kz0GJfvsBTC%9XlN zaHE#_&Ahfq-)1dkqI7X6pjhE@_OgfZ%<_zR7Lr@(#X6c!J$g<{#IR2eV60g$Ycm5~ zT^Bc2t9o9SBkuY>_p;~=9V=xqB;s7EL&7f4n~d%9L!5}M*IYA7_S6a5b*R97;B+Rd zJ^z#(ZPA|f(t;_(8Vucjgtx}z162_pO18OqnV&5lu=MPx1Ql5)%c3;t9bsj+EU;mB z2yUOZrIjB>a7z_Uc`ZEs;`Fp3tw_o9OC}hoQYS(>T3T*P=}Y?-|6X&TRe`$4oXGoN z(8dO)mDj@KyRzOZ(|pedyE~fV#JD=c(w$M-3jo+@mVUppjvFqSR^!E9dKHk8H<>Ht zwflz5r~I2Qtu$XA$B((&cuA&sPmQ89V=T@Kd6m+=INxQ_&319})7JQQ0o}VC9U3NGkATjK3w6_Qgia1OPK6X{6vKVH7DLFZjdpOI4pr zZJu;_y=pkyw#&*hsmHcbg{LS5C45*7C9h~sX9}yG%Fc1in9Et)cUNg|=8hSZQ}zn|3Ug{RMMhVd-weMvx#gb#xfK1b+hH@gBo~)` z0_az{$R_ZtP3Y8)-{TmlG2k(}N6#@zr+jGb(loWg6;<4idC{zXRpyCTigj7DwA&b*NWzs)`^e6V(Qsij z;Hh&NVlSyPfFW#qj(5MMe%y)j?e4{Hi4^q{(dRvbCno^@S9%A zli1?XEQU)#*y-tvCG|+w{9$=6VD7ecS&=A-)5odZ2)>0mxy#*HnIMjZBOVS{HDB( zPxt=hUO7Iv6>`02N(n2CmP9u2^^#*q_?x8o`-FFdT0yp()s)7UxQTIe9XPSW{^Y8+ zo|)SfwSMMx6EN%zZe|D25&$PEtoh(mEdd9 zJ`1Yp(o+xRsxKa)-&{K!QE za{8skRO<^PU}}px#<~2yzmS0akpDWhNyZ*#(j5b zQ3eIt{8)l$$=8}w=fi!ieS@dcdKg`p(HXr@DS{?`s51RGV&;vK5(&*p4eaYZY3_i- zxl{8zKr{F9cqN#xjr&xMOmK(er@RMBUm`1vORLfkMM1Gn+!zbb>^Lo~9C<+&`Mbq8+ zRO@!~Q%cgsDsWv{nc0cjqH6A%sX^*_GQBnt59<(z-zhX%TKMyKdAH@E%>kb<+-`3m zVQ_IV=}j;|BvR9y=5!H}0W$QRu~BQNR1*{2zRJjp_B}QQ4~^R8wfcseDzATM`h040 zcJCQmnO4iqxZ=AW6SD^%j{&*|tW^R2j%ddPT=Ri)fUO12R$+zmz*#R#|6RK1GOf2K zZ2>L0g#3}9C~?baKe+SP=916oY=KSb^Uf2`)QgnTwGp!gu*6L+Nk7gi2czIau6x5i z<7uJ*nJ{>USNDF6+fn`J)%z)Juf9n$JlyGuhb*6dX;}r|g*`caa_Eb*eqi6H{3|he z9X?hCo%0`G`^??tz051;>c-p{o@v<0l(($7P~(v|R(nfeTcs;GD6@J`lQy?a#ay53{`bzH9&xF#ITJM1 ziQpl`V14=x9Cv&bV8wRJ zFp6)C^lgM;kAguQI;!U;W7v6OMyC;kvmNP=wxL}p1&P7WvA-kWaa;Al*)URyOMtMs zc^w9-J5SMmsJdOK-rd$*c4pOI3sx-EQv!g#)3X**ti$I)uCTgNV6bGA4>a7!6c3-) zu~y3FyN13Iqg#i%^yuksHKmD2*9>w?+m*V`uan;dx1^P(Is=?8#9(>XYkFqQ8#v33 z7klZpNHHrEy)2(yv#83b3~c5sU$@9>c5%1*OdS`vlX*6WBec3t7+vg%HA-x5*8`=v zxTKvy?T)e+P+px}nr(W1lzx5N;2|U^K8&00(!{Xw8Mps>Q5)~lqoOMkR57SeK zV2T>{{K;+(?(!E&*Ak-!M@o}FvVT44Km$j|$Dqj|7+1q^QNRvsl0jxGX~c&d70b0z=%bC4uJgU#(`hgZ)gGTXW!tQ%g_41u7uh$ z&I@`wQZ!~z!f5QuF=-SXT9Z}`c6w13zGt5;tjnKpSxJ+(qHgO-h1%$O3%56X_7SHp6%!I9kq3f+KTTr&j( zrvi)@p>$Ep1bG&Y6DdZOeWgvSx`>jCqk4X|ev(R+gGNg1EL|*Wu2v4NI?E7v*_QLK z%VBK!9Tm5d&Gi4a|IQ&>@`r;{b!9?WGxbVroJ#>T*p9~u zG?uNPSm<6V4dDfu6~e=_03RHrHhrF=;`f zQov&>0vBxjNsAUz;y=OuV&gx+e&oNv+XwIP`~W}UouX|SG{K~cQOAD*?8{)#kNs{I z;X(JpJsIX9zv1h(Kk@Zb+rLB0{{r#1pLG8L@$1rS5P+gkvlU-tx;V_Gj~3aKMN~!q z&;hf+G1m2S;#w!VizrlSo!U@C$>MkcHJ zb>e1-Gw!F1>(GQrB4wotRNlabuTn5>p#K4_TiN~>jGDRY;BBSz@^rSrFFa{90iBx; zZt5U2wiH0aacP~J%Uk6!x}lxAPRYkqSVlcy@h`&WE98$TNkyQbK+geaj7MeiuptP6 zGQ+-^wxftjd;~+`=Ve_dU)FwdPl0~2mxiU{GWn;FJOOZxLaE8bS(5wZ<&2!M1QevG zPmT%Iz$^x-__sIbhLUU z5m2oeLoKII`ZTxHt-wO+L~1XbOOu)b{?_*s$rsDBjP84x2YJRrHcboiD zb~YdTok<_b%6WrR*_MTR|9*NENbWjW?U5s0i*KY4 z=Rf6I-o1i!s?coy*sIW|KwGm3j#BeGp(Pp(sVZPk$K6*{j7~8bb|_J{Z)Fb;ohGFO zNDKGHh-jmj4ibjRuV4)jm>)3e}xtub{bmm#v5#<0| z$mUyD&t4#fWj2Arf7WsEh$Unp+^}+}d^r1es2O88sm4MotG7&{i%OQhvKGkW1{Nua zg3;2)dw)Gb=^L4T&{}GM?Bq#Cr!-ALcsS?Tt4A=!=vts~H}$x}J}%k$KM4JQ(PCwq zNiE~@Oh#RUEA965b%0dHyNZl^UytR;*K@8KTU}KBLNfv?iIPH$fa~Cp0igp&{~`i2 z$QL}A2X~kmj`nL7AeyB+nV%*23st7@z()GZ1f!G|i2y?-HG(#-Y^28hqD(fGRe}ML z{bjqRL)=4dP!E6nxRI5nT`V*}vVVr8B7J9hHR-ZZoJq{n@nyF9A+j;9%Wht%q?@D& zKBg2xk1<``i2S%=(|HP&aJ{gWI*HRe7HmI4_o=a`cA$K8jHkUqKeJ`0Ieob|`S`E- z8L{U4sgSa4u|{tR;jOxidRmdO+)<%Dz1(@L@fpF+25<)&P&1seRA#!axw+o0x+crd zZpYrXLT!suY*P0en^=CDZu-3zrXb=>e z))agF60YSy-8W?8Y7cux#ucEE>SEZ0@*x9n20(Q_;1Krn+?RYF8h3(LlN;ru+jw%n zVR@&!NWipl6m`w;N-ricJ!1z6I8f&(q9J6raV~eAPZ~F|QirtTT|skWx5gEM5gW?% zv^GOZ)oC9OD;L$q6(N0xp#Rwt_e8}5fTIa}->*JqZ>*%ZH4f(XZZ26k58$oq4qu>H zo}EhK-yH^QKf$q8M2$3=rL^EhA8IN6cj?ig+<~W+ang*-gSA&wKh2FA40QJ?uRRx{ z+f?7e8w-H>iEBPH(JP?;a_M&6M3l+IP79>gdn(2_E@QUBY!RIGf+Io2BDxITWuDX` znK(~{T=*z9R;)lP?&Ifr^jP@3wBLy(v2-5`^@|>c_pu__WLu*eLTM&#f{sMd^a`gF zK;SWu8AqHbb7N#c2XJOtBXOTxFG%(rqe�_(4DweI7|RYh9q_#YXOK_{bEz;nXV+ zG8Nf(VIoxgtzP)3^S7e6M_OnmA$NB|GgZURg}nc?->(og`uXmM!2Gp){H+~tyL15S z5#O0sW>GOz!TGyGZe_RkOxqd44%3aDXPd9GSOm{_tU?k(8j;jzF8-WvkY-~2RYobt zu{F1OX%+&S_M%egU|Zct)iU-Pv@H9zaEs-Ii&dtG1f-q3P3d@6p~ITvV39e#?mRFr zOn2+5H?pYUKWq=ZicNNY;(6Ifn?S$&fldbP$G6l)JB;6!2uacw z3Kxa6^t133G@=?waw~M_IW?S$G|Si3Kjih4u>%L>*Pzv%B< zxu{j*WBOO=BwbzHWb5S9rVx6?v=ELCg5hEYqS zaRB87Yyg{by7W#;@~tP2l{?*6+~fO2rZT()xzzLcVCAZF^a7|-X@s5B!`#Q?XsLtXn!x^6Kfv5~X081#B@qh_jBxM`|Nd0~K^l6hLlM!!f1 z#-jbQ5=L}yhTDubXXjD3V4AqcUYlbw#W>^abvIq*U*6Tgf zE9`A_Ra8goT|dGR?(h4+I&eX#*3{o>qLN~RG%_JC+qIkE!22a|uIo;gS)XF}!%X@+ zWc!=Z1gO8%`HF$p}-NDm@U50JCP)Zo+_Y^z84?Cbr;Xyqf` zb!LUV4KI<|=FnZmk%@$dxNZvwd!T=sk!U5=WhZXJ3VzW40-?9ie*JpI`5BGV1SKA* zVVr0)B#FmWMoZKr$F+dFo!BmQwTU*l2?7+uj2PcHe}TN7{ot?#T}ip1&^FWZa;i~s zDf^-`Qi0$u&jl$wq1BF$63M187g?cKMpCtOIUcjeI2nY)Eu;cNEGw^;PLpWGU4@n2eIU8@At5__iId5XaeD}%UNqV!Zyc{jsGM2xXX zY3dIf5!r=HXS}38riU;$3r~a_HRa6D?E8NzSGe%_U1ktH6{r!~9^{VF#H34v8+7{G zaPiI%{Ai;|=N!}ddwd$uEIqH(nid8y^TUoFb)O^9BzF!;ukpZWJP^S08#Xy%X{byz z}?}$K3pz^Gkj=l}6v%Zm~ zRR;29g1&V9hOw!p#>~nlh16Ysl~ONWK6ojg z?tPDlc_ozZW>RAbMJ-|>#&LMn_vQH)*WW<(YszJ&hF8sI9dWWn>3xzOzo74Cy9a-a zz~PemF#T$R^(Ob;zU2DORHGX5ov8zPWncdus^OJo3(|D8y6DLO1EQ4QDtjd zZvAk%e>w4FfI*lIPcw-r+@2m)x-|Amek-7e6qe|_VEUvlMmwPu?{gk3y~BN}K*$A!cMXSYSE+9aIyig-TYmL`gw02LORE|ys zjPuye{B0h8f~3=zly??W9txO}!cP;5FC?usDeR#nwg-9P%36iNJ_qGa`m>;;v#vYk z$fH;|qbab)t`97c%M)bXT+Cd_2*x5JRR~7W)?mk8g4?ss(tjH9nbdD*(*`= z1QDBw%VQ%FU*D}}*qBHzILWGiro^X$egKG0<||y48qZh1eQA_Vd8rHbuCR2Pu6|dc()OFix_X01dIU?H=w^|Sh;vQsrX%U9{${U6`-1z zT?x6k9B?Y0bZH@btY9*-!VF{l+|n-feHcEvdgOznQ=aTpCfdB9e$f`9=Y6uD__-&I zjJm5lQtb9R=fT7>Qgyj%jY;a!WLK$uI$5H_H6WiZe`#z;&C7L7N*^0*XXMwF6{47X z-yCWa2O{S|Qn+2MB>;}5c{iWOi^a*_-mI|PMV}jNm{w|*9OFy4mR3iu9@P^N$uu4b zDj!N==&;22Oa6mGh3T)lMUVb9T;tC`I{m+o`yh*cgE7vi^p^thzmdWcPW(=HPT>}R zpXJB!kKFMdP!PIAAiw`M)#NNxW+qjMjCRR_#@ZpAl*VDgN*7rP(!?A*h={mvU7qZ& zitL5ep6otzf%dwq)Z*e}c0T>&_P}?_CZt|NhBtRanGo18IyyRz;Wf?ddB#=A-Z^^u zse7J=x9yGQYZD9usewXbn@q3RP$RkSuGE>jfTiRU6-lSpnoGT<{MZSdSr1|&4RK=# z3p>9e1@klXqNa(awCph#(d-!Jg$KEH6_=j;dXPo-RIn3}m+fLZ@{~bh8+^)`bYBE_ z4D2mZ!uagy8X=i`x5~#>((u0B9E-mby$iuJK{D!}%Yecn-#Az+l;HOL*2{2xj(ZGJ z_@933U&1T?dF@;>{goNdtOqP(`9Vdj7cmH}@hZ!b31wPiP5j29sfJexv8xEWxvTZV43r3OB9Hf2W$VX3WdZ)f zQk;p2`N;G8i_0kYs}2^zqy-j3Gnu`)_G)T@Y3?=S7_AqGyQgw<7^r8yGPsKO6 zWK5ov&h1ZF;w)81?_0>?!7K+`X!(h?r93n1W+O9@{$9%}ecq2a8 zo_$x!9(9~gY$s12?p22rf;br5tXqjAbgI*Xwav<=KKU5EK@qh~sG(R(yjiKc=tmXU zytVn@rjh1II-V7^ae+UMxg}2YW%SOCaL?^{#UR^bvDkcsa~8{W zK0q&;zLer`yB$kpP<~1E1dALp!lLMEqVLLLlvQayx*l3K?L^#gLQNaN;xiw%*>;}y z1qGJuLfrY(a6`i$!=J0m(%`1?i>aw9v9BAPE~Tj&&Z&^-3c?8$Aa#CdmV>Z z=$nKFV^=E-b@(!l?`5iNTHd_F@>J&RjEQ^NC@}NcvG`fZyTunS+1D@gXz8_v)EsfF zFsgZ|!CzXY;yEHYbdi>rqFB^a$3ab%GM`Qy`?%FaY$xFu9q_1t1JAt>k-GSKC&xmw zV(oOv=nN6&f-rSHFY>VL@sy>SbZ&&nlh(1}XxTSsioww|#4i$S_7!G!1l`WW*wSB* zCj9DF=j++Qk`TM^RECW(4~JYbW% zG$5F>KtA=INxqBzdYj=Aku~1-ok{s6i`D<&oydT>{|8^5-=NP{&TX6j`khJj^y!b| z-^4cLb~e^N-1Gd=VHJ2?d*uPdguyd0yfQ6*Z}*RZoY2VbFR^=~qTW{}-?}=r-1Cm^ z9!z>u9U0UzFlmh%klm~4+dO&W&jtEF&icRc%U^2(|8I=w-+jiRsE@esOoq=0X{SFw z54@Z4?1M_s-G;j!@rR=BG2Xv>1iJ_H_V`B7{x+w1l>G0`@W1lE|J&*j{66u20AzE? Ai~s-t literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/boot_options.png b/docs/images/hedgehog/images/boot_options.png similarity index 100% rename from sensor-iso/docs/images/boot_options.png rename to docs/images/hedgehog/images/boot_options.png diff --git a/docs/images/hedgehog/images/capture_config_main.jpg b/docs/images/hedgehog/images/capture_config_main.jpg new file mode 100644 index 0000000000000000000000000000000000000000..9bb58573f82eb2c1f60a75e2bb67edfa192e8b28 GIT binary patch literal 28574 zcmeFZcT`i~w=atNMFmBrN)eFW5|FMGQKTh6kkCwM(t?zLAVr#dEg%FC2~E0?gb+eN zO6WzUH<1K_bft$X9i%o^YpmCpFSD_;U1L8zzxGcjXa0Hf++P<@U%YmS>C)-l|011y zW?;R@aCj#D+!%I5mq*}ba>|HpVB`t zcu_>bCz(rBQAPV@Ia$duxAY5>*aP2$U#I=@o$@>LPjCN0|MYwQ0^@1py;J$loIQK~ zJk!5@^FL3WHnRRD#KZh$i_wRUM9IiKqSoiH#dta5_px`Io3pVoO zQNG~`WdCrMkyPaw_5aayrP`_P+RO=q(BPq}yUo!1wcE{tcgOk6Uwl^k^=|n=;^AAX z-{XX5b`R>OFNYrZAx#e$mLk#K5^po|M&lPj8w%pO`_!p0V z>FU$J#?`;($N!lv(Vyj`#Bq()dsJ>+=eG&Ag_x_D(-TMr$Uz}-jIgj`r&zX*Zcdc< zo*Jdafj~YlLQnt}m)~lemJ0g7%+|DWY7#J!XT;D7`SXm6OxcS)49jgQe@4q@nBWN*!?~mpO_DuiKe@pq)&4m3v;-1!gq;co-?^7vrx6awwrG% zNgWpI-^;FcJ|Cf#Y_PySbouY^_zeR8+2CLAc{z?PL_V6>D4f&I>B9OkEk)jYVzzJo z?xp6_j(>Ia|C+8OIjp~KACG)3U%Ld3hOEZPBEcFcqz`>^&o!^I0(eEoNndj(QAEV* zcbZF!Biyp~=HY$R3-;m@hN?n=@1;K~>_7Ma5&8KpC~mJX$86oj#`VKT1_t=8@~{56 zJKI_#*KR4{Khyq*{p=~a-fH$I6{V&z|7AH$v9a*NjWIv%+pjJgzgQt7RnlM3YY66u z8JYXI0r4t+S(zzNQMclL6nj0{lH$2Ss_wjX!1lq*$TcG<6>5lV8vuhTE@?bG?g|R) z(Qd87D^kWFTY*q7<#eOld(gsZ7k8=LUk~WkuK$ zeax%{+N)KG5*Nr`6UHyi@&~UiRdl^^d*U!JqL$BZ_~z|H5@#g_lnn+YBw)7_7UlUI zaW!*wLr;H<1(wL{DIFW3|8X|Xb?%#D_*}#v81r?Dk5XY0#;z^szSwPnkFYwSQk(q@ z6;2htZQj^Q$5zxxcG&Kis0!5$Fo2WX78BJ$AcCXb+>s>)K|=)(=F!Ke&?H zmI(r0(vG5F(-3-kHqOq{Nj7}3$?1}@Nt7g8>fIJL20_`|qd?MpCYVp#7z~XU23_Y# z+l$h{e$2!!C&#y(o|dwlj`dv0U5$8Og1k=|5x%dhi5< zaEHd5va%u&j$&erBnjtJ>6N*OmBL+dYKmqK2JSjR7Y#{jl+GtU%m50ufXwp`G0*a7 zLli8Zp9ebBpeo&1) zZ7jr-+_V)GjZ!ae?2f_T-v1J8_$D_J4>nDn=BNaAjTxJ;=lXDZK(O#~!LaRm?DMR!Pm>(=);)1xh*@G-hG}feqXT{!gCLhGeTGR^dJeWb2|D{ii1UOOE6mz zKrzrDHXSsoRX#S!{;lxK9U0*^i zvf!-qrrG;f)uveNY_8PcJ8HQ zY>aWUMo;zD#d_^0Vt-(Up@kr=Bqx50jovz+K+X(0q1`uPsJ9E$l!f7Z@mB`Qg8Hz< z;DecyjX{OfR$XXeu@+l)bGKz;TQ@-H3eGsU0?pxyes;_zV((!y+8BqN<~x-*0|mDl1+LQK5ezC#|5x8co*Bgx@{4ycSx(Le47A$`DzPzsSAs< zD7ZDmZ%tvllIi|9eiwe3i=IH#m>9pj0od%>+}esiqMKQpjdsg;j@JO2WPMZ6pm$mGVHV%8Q>6TH3X*d056bnu^Bu^z=No zDx7|mYsviWp^axoqMqV{2au+ZMaj3a|TX=c563<<^>)kbGyXM?; zdoUT!v3?2Y2B?LCLULZ~@cXr&xl3-v{1u1oOWjyfNx#%JCnsK2;E-X;FSIxHE2>Iu=(umld zrz0W0suyR~rJk75vC(>wMoCFI-?Y;#Oyi8S?Y?>qHI#wKsTC^?yCXxo4{;=EKfaxG zYn8gnlAN+)nqkeV$dseUP^$>D?2n;12+AV8L9BP4H7dsK?YP5`s&hsU2~pOk6Ae~! zY0KP>t4}rp%4zCQ!|G+rm*!;_apjP4V>)JmVko%*yS9U4F-$`Dd%Sf@LiTx z>~VXFT8!&T$GE8%ijLIk4`0>2MAJPA$aK$#tJ0x~ zCk!ml#5I}7O7?1;OS=n&%xL$tn5Ln$QHpUjqupgG@n|NAMAwV6mO{NZ}-MvTA2_4HmfW)K%>pr|Kk zFGTV?!A#krq%3KSvyL_tf-h?e{kaIi@dn-2qpt^}f_7a!i+0C$T6o8gf_|rQz4RB3 z0ap-2zudnKRI|9w|Hix88|ae%W&tP(nR8Rn=;_&uRDOH!K&pb@2 zPvB^}<(kSWyA64%to5~3O|GT@u2zeGI)FWaWy5VyNG?&96Q0uyEy|aQ1CMF z5QrQyOipil*7T$9{5Jm5xNb!j$)9}JP?B~wiv`LF|@4VE6Zro>-Uiw;V z+iRygcz&v6G&yehVNQl_Qe>+59m#=|al4cXga#M#C^nQV(gQ51?bbkOsNbj!axN1!yOlS9;mk+D zjNT2V`*NNs^Gkvd<_6w!tQW)?n$iidgao>PYtA*&fER|)rj{~>c~16DDKxCcKz|Q- z9n;D~Mt3R?w{zB=gmg;@N|Hl=Jwl6-u8Zz-^5{)b5N`#vALeA^$uHxoRr(^Hh17<9fTF_>`s2&=f0$WQ3TFf z_}wbVCXn%NdEMBQ?y33@~LEXU__Np=)I~_*TJ?Af*W~?YeS*75u#LKeRr!d1un2o#%p9|6fltAfO={f>p~h!DN0T`T&C3TR$Z zt*XO5K2^gS*<&dIwSm&b8Fu>~72{PE)TZ%M=V7NIz50Fy;gjqi(n9wJ#NY0Qfk`D! zbObCypx(z;JQL9zhRq@1F~Y#076GgnV`;bbS|O&Z-`>~tcqUi%NUAk7qbb_D=C@bO zGjo||S{12`z?gJ35t;*aMk&&j&3cT2;~j;5CtXG(M*6WjIz_DwI`mqTab(?7ui;|Q z@VLDXJi{zbcTLP=*S0QPP8m^>C_ebK@~uVLLZy{oVFF*(J7IeHw8oomhaa7ymA@pv zKT$pnba+`L(iX2To;n9741{5ss?=jpetDy@3JeEPD%iSodl+z#?%`5yEFNmh?IFBe z!HyV^zp~)2o-h%kX2#coHF0Z6H%~P-jbkk6i5dl8h7-95lSjG%Rkqf5RcjkZ5gW3U zq=NbDS!-cSUN*p;vAVUXIX1I-SVy@>l}odwjvJus<-@QaD@K1$tEnfHRq`Ok^4xmj zK&IK~s7;X$TcV|fyY#4dMxga*!&*oY)r|;mEi|77UqOEZiXmy%>bnvlt2%x^<0@yX ze5|*n#{)3Jiz){M%Tyt<@$-z13=ofsF-}Uj1D(X`p$W@&R9-2_E5e9rWhO$_<_l9h zVUGwBL7=*->w;)EqAc=oXRJKji5?MD6}q}nbzqKzGBt>g3 z(}0#(qFM4CPq$*15et5)Hf%tCjxa&w5_12x52Tr~r+`!X!vGiTd8XbT)DcLo!jf3n z6;%>(XhQ|XZaFRsFoh8PPU@gPrOJP3@8H94EP;~DSq283Fsy{^%{UUdIo)aQn{y4Y zl2RjLuNTHFw>>3^I&T1prdPkdUsMryQCUm|Y>`qX?-iTHV(nVE#Y>MlqIdXCgLtuO|^i;3iYOykbKOGWm%Nh#q?jL8IP(E=)V z_+w9*NDui^aP(L62_LVWUx0F(6l?x+qhdv$B-b067A4~$qx%6N7USu67jHk%L$`9! zRXJb0eVA*O0CL0`zaJ4*XB9<{jf++0j{zuPTAY3w9?)Y)u(XhYlpj|GRB4Rb6faX7 z(hym8r*ix_>P8;jVR-XJY+&_$}%#%idu|D5sWo6~k z(b3UP>xNCx#N`Jkp9xDz|1TD%vk6wehunjKPeW{Pnm5o?Gi%xfS)RY78(WQx^O)|M zB3Gn@4OAe!hku*l9k%e(kHze5C#)(T&?tMXrack}Q6g)IMzrvKeyzP6njyb|qe`E)VH z$Mol*)P`4T;FCnB+#Q>KjCoR)C?HM(jZOq~nPNlR8cqumn^}8&4p|>C9KcuekbHkuvY#AypoV^s=mC`5WVJ#XNx^Gr15d z^m4qu0w^uCb^WTDp5yNyjMmptuQDCZFH-`8`whMO+&H%EWFStrMiegqVS@zjNsW?_ zDr6_(Sbw(F5h5<+9{p95RwL?+7PY|gNWo^@gsFY<6$`<)3p=Njin(H?ZZAo2l<*%9 zZVWd#+ip=WEPRWI{S6o7iz1+KnxLg&v*cpzFV8_NX+>jKwW7jiUCYfw0X5kC%(6sM zX*W(vA{pinKVK{ihyEgzYenn8w=co3Q@kG>3AY+vz(|`BpsGlBI34M}4mNC5RqD~Z zWb{iCVCn!= zMo9$~!AN|8_J1;nhC)V4&8GvmW!mev{bZwCrax`8PDyCmkj)W^K@~^yE?x)rK32^& zKT0gBibIOSv{y;cTq;79f37%Lp};o-B$*9W{mNC5tKkeX6$p-M>!Yir_J6PizUsdn zJg`7ZHn`K;?@JewqeB;FPt!9?x}+8EblFJRdZI;=tD29Q-5+BREdK}>0<5eJn?-z2 zJa}MV)cfLljU02L-xeAxRomSuI-jirhj5|eMRo~2#}1$9Z*` zvRkJ+99Sp2+4Gq~Ne6X0*x-m&Bb%WqGy{U_fgVMaHf8P=lADU`=rtnX54158E4Ou? zSmNUi6%+1y7KE^yRZDDNp(U`7?32_t0A78q!WhZlG@pk51Mk|XLwc7 zY5u?!&v^c(wu$MEtfSm_P5R`nrCN2oJ!)*^ncxWLi=$*57+g_h%P|MC#PJ9e3&~Ng z>RP@d;WFOd*MqR9>TRIil##}+88GZn5VD_w^2;U341(H6MzVYN!N-6VGeqC6i-Fm6N9GM>6itILrjv4a~s z*0NJi;jT=aY9n2179m!Ffn{aLdC#&wpI^^++a9rgNDCMX^t-rWiL6`;yy4I53|rvM z@YhLp$!XAtH$8kHa?fo|H%v0=SDp(5o0|boFCIfmwvs23>$-fZjpZ;u3myG2*ORwP zaxNg2k6o-HG$8Z53&$lQ#VW3tTQYYe1xM=RRky24#!^-1kV~)bKT26P2&`0|688F& zEK%#(9%1@)N)JjwP)&FWXb1$12fOXF2z2eN5YM0rBssaD`X61^B2HUjygZJEMOUQS zXmKf{%45a7>E@D;KMl;rx0qYF>%%1L(ILtu*1T3HeP(C z1{6SL=`4IQhA4BWx){gYE5{?J(G68pSdS}=%-phP|6>=Ye@y6vHb?w*BL3hn92H569n$yUQeLs0FTe z0j~fiOLlDgFbiS@P$Yh9L)9y;x(Hw6)Amn&^sepY;AllCVkPZaJHudcZ`kA53=$(}l4h%he-s$6&c;lx^~ zD&ad{Y#q$z-j&SXnlI8N3P4Yx!6G0YG5FEy3!!-}gCp*(m^1bR%*Ewcmp$`LLU5h(j-+G4+`v#ifD*w5|njmv{Fod*s?|Yk{jHJUO zMVRy_{l**JO#=?nYDFN>EpMa86*&LrX2k0<$U!%}*H(t>>;a_I1T#^Qk?+QyAY?w> z>t9q3N2fw@tk-*V!vCo`C*xeUez`9?pHhT(_&)#_LKNsV# zOuzeDZk(6R87;D5Kz0}Y-oXEvt|^1v($TaxyZnh`mNzle+&tr5VXWYG{$^9i!T$3x zORm(#byPiqsMn8rF*xbwH8>tNzR$zkFz?Y6XbZ_-!rkFHRGPRfiC1~z3wagpn@H&x z>(hD;-`l<_rxUD&U07&f<#BMAYUY#bbO+sT?L2^XEds4af;@W)xtCQJKaLxWZWXIr zkn7X~c9F_q4OZCFgS+E?R;Ss9f>XQg{{a;yx)}xHLZe@6iU_Z#ap|a8DxQf+{qs7q ztt}}_>}{sawq0Rj3aE=_QoF0XB50SSq^FRCO~UmL+pD^{x-^bSu8TL2z~_EIT|lhS0@*j`l7h-^5<&^3(1r2fW4ex8yBC_f)a%GHCu zj%&&@6yGG5eVcQ|aJW&jjEv#mQArYiWugNEDop}|#A$e_O|yF=SGMrzKp{zGHs1UW zA=8!1Lmh1>ZVP&`?PiJq3HK?bZUTVn(XFP`C5i-Q$pT}4N!nd4d;E^=>265Oix&8( zL~_Q6#TyLd_GL(H@^ii5{*=n9vcVL1cjPFtv3GXjpukkHWz3?YP?cXTS-j5sGvWp+ zW~N!%heb#)8L-Wo#^XLc&D(^j_Vg0G|3?$I;DCo`F(;D;Z!dwQYD6i&CO_?#ZWpwJ zhH@?QVzOAwXVG=TFRqU~o*fHFG74&ziX9&aQX0`cD+*FRKl>3=S)sIHl!8$Z6(}1h ziY*6p1aoYuq>zqt+%%MaCyT&wK_IiIDRq#iL88TjCF!+YyBdYtzqi(F@8}gd6TUJV zD?3vIo31v*1w~dh2#>a>6fdE?=nRX#1ItCdUx5Re+O~t)&U$4U-L2UVFu_3!t8zxc z{6IcT?(tNdx-Lv5Z)(h91JW(lDqsu#x@Kr2E!u9#&xb@lzgJP{5w}r*mgJ9b@D9*Ta z`j+|hYJ)aWqpP5Wiqy&fo(zbtKm;LNFbQebd0a8UwlBAG!2Rvt+a7RAXQ>|e(Wxg4 zc)#sLC{nk^aAvzCVZAJ`4aR>dN^(FsJiLUVla7kxzf9l zRUh!SX6~XhL%sQvNCLCs*x;e~FD|$!0!9}o&A|CQFVe#DKD+vW(Tr7kz|Cw&q-a{o ztc+%DZbzd8xY=9tYgny9#UEMM{G{zt$3_$?>xFAuZeAHYd2&|7dyg;@i76q)v% zyTUJps|2g;!%No&wW^|bp-r6?ry&cY@ZU6HhhEF=%Jk$%n2G_lm*&udE7gfqrNn)g zY;gB}LTZ$2uvK)M(|Rx;MMH(TfPO7apHh{hW-+OxhU!mnrD z5fhVXTcyEU%WT`-blNi&KJ~#xSMvwdOS^ zI|tI5LFM`^v34q>_MTcMSzSi)>FMs!wN!uCG}fYcg>~2W3lrJF>M>M-w}yHP3*prm zNWZ0VL3I^pXkuBXkA9+|AUHDnd2R7;3(>VI@ez~8q1vj;ahncfvhDS5N*4!10ltjd zcww-}D07f+rs;$CA?0s8ls;|L7mfZ!xjsM=?tc#cS#k?Fsem6$bz5>THmF{Fhd));^aQTL0Sp{}~ox zGaVmUe{Uf+dV`)6tllsXY~*?^LgX3JO=IhQeYY6VlnW8$vMyl9 zZq$AMj^i{krB{_qidI@3M~e(>QU~3Bx{1$AiE)quCJeoMC_CZH>yfIVn8yU}9DO&_ zT`HSMLoa~Y|ThLC{r+S826QHIZsPHM1wFXW%?|YwWrFkcb z5msTAx$4#RI}^-Hz*1kU$#h`WJh#*QD8@bh$EES7?Eyla$NI1TFQB)2yySyh4$554 z!M^wjsu&2I5}9|0$Gu-xQDX%7K>ZT^N-e-C?zGDwVJ+xNm3mSp;J+NH5rEGC!Bi1tmrZIUnB*+5E zq@Bs}5j*MzUlQG29FeVZr!{Y8^|<~Lc4-@|@9u(G!_6!yC4xJyO3**puSQ;3Ph3} z7AHZjtd9!&A9}o8{O=HE;r9Q>p~?xC(FYn1O8e>)e9uuEOq-7zb}eM#4R&Y#PC8E>3Shet)zn}n$oK9P6BYE=r3{@(a^EOqtNbH0$73_+@&DuEz10 zXlZJeTDew8x{Y)OxIG_wPCp zx&Gfc3jK#L{>}V9-b(CWDfv|govVKv)W*HPvoM0$IWu%Q(D6pjj9OFViedT&|Nl_% zzk|o$FCO!eWj#7FoF2>aI~TAx`1o-IX18k@3Li6O;g9^{_%m;27D4Owwvk0v`!k{4&2qI2eIkX^Re6{# z-NFsZHDZ7;fnr7874WSHNr+-yVC^q&MOqxFwk&@dP0r!lXK%an{6Diw|38cvPV*g4 zKKRZ(K6;*~?{l>3CcWXU5KLoL^j$J$J}Ma;orBKgU$N<#L^CIuj131;B{*z=*peYM#O5itV$(6B(LS zR|?UgH22+_v}(Ntt2B-Q{as_^~*oAc&N#Xpaa;-*B!Ma{lf7^61V5(sujUp2v}NR1ysdo}^W*|C`zncEd9JqcN{UnzuG97!;E zcde}BPg8oX;-fssxQK9w#l@9cOvt1Vx@S8jIHo;YJBt;dQ(%dAEtnQBo6t*+;BI5< zhJj_gmQNU7e_IHSH>-10g%jAMKzQKZH(|Y39Q%?T17Hzap77vdl*Qk1!Q6M$uAMME zgNc&@J)VZ3O3^rLcCfO`@p#5)@^M%jSLCKCLB*MH1y^bMFcCY|Cz|4}QLZ?}vscjN zU-}eP=krcKM;G@NC%!>fL0kJ*{r^}O0P}@jxNr6bo0QE~mXxghO zg@q0ynG!|W5L57YC#f~_uNxlP50gA;ZYrbQ!6Ey6+#csYdvu@AunWWI>(r=Lh?-}Q z3#}>1`E}~%G%5C!Pwhu`1D2P{*{ExRLo;@K~ND;CX@)zS&Z<1qE*$wO{9 z^*t?+5fXO4ZS|u6S+DF@VIa7*7}rZ7o+S~$q5TO%&5uXDejJ3hEf+x#K#6NeIUi?# zm;Wr>GAV3qC1ojecN4&gvR1BJOk^vHNar+!P9SBJ(D4RG^qHX9oR~QQFRuDewReja zR)#D?j0%6#m%hi@(kBzHR4nb-`Y%|HiVpX@p~eZpilTvhk!3?Ue+=bzg~D05=^APT zRN!EuNnnFVxEOcRZ)NkRUEfU0_6hc1%9v;Ma?Z}jv(cvzcVgLd@2(pmF@g`gU= za9Q-#RU(x38tNCjsTFfq?ppI#$N5+aE6(nlRGo~BgsbC0b6X_i5N@ryXmxkwgrQyJ z>uCJF*P#TIMoS$dhbIkjoc<7zryMe^2`8sLFTX4Fj9oREn+BlK3V9DIMP1{aHEIWD*q^K2E)S4w(%K1A<+QPWg z!ycHn_S5#OABPWF#2Ck?H+&kYY?VNB%egd#%f3{nc~o26pc!gZiI~o1mUoMsFw6u$ zLX{DuE5uf}tPV!qBL4flZ;$9Xg(7*u$RMJzOKs%OX1(=?8VrX%(fhEEiUHARQq69#uJ zv7f;x!;k;dGH^!NYVX?dn^S2XrGQT1JO8`kLL%3+dOx_)jpF}+KM*_}QhiRn=W}~S zWtxDpZaYUY4^8A7;-oMJ!NtZ2$^AlyYku!LVWCSgELE6|FECIWlr)p7Q3fE(%ulneb7mlW z$BD?0+o5$)3vOhjMdg9&`u=YAvzdpF4cz@r_gHg8(|Lon-$%?&ixS`)`%xBp+^BxP z1%h&e40+c8Rfai_x40ouW&-vQk(EiUt`DFyR{7L-A zQOJFDcft~lD*K@qZGbZyGy5c!AOZ|d%7=k3pD?5)Tq4VJ5@pOYJQ^ykBbd!6DufeP zbxNIUwWDUa0B@xpUS~?}R?Up<%#{Ib^y8CwH6r<*HsB zR?RA_ThqLeZ)TSi-Dfr}YZ(4{BOOH2>VzS*KMWDM)qE07LyA{A3e5@Mz)%!2@B$A$ ziH5Bm@J(@38Sw!@=$JM)(E9A=H9d=9RqiSxnKbDm*$e}N>;nZ$x0bn08l&Z!9ojR% z@85C_^P&@{g%xQ!FBDjL$wJpJc4BvJQZIIajS-cB0)`mqji{(A(A+{r{d67`HYE1g zc{YKWCSHM9lxlEoTs`bkV}@r56b}A!@zVcIHxF=Z{6cleQ*Y1z!;-|t70w$2h>wXq zzImh@WNZjq0;biKyf=5#Rmv;cnQ206oANBoj6kWeKweR_uoAEDRCf#@B7c_0_Owb7 zU0tv^qOSEyT?q^b-DTDh-^x%i(N?>p(g(wvhBF=7XfKyq%&!^OuaQ@#HznT*B=Jvk zGRDZ*!hpqMC9G>Wo-?yKM*P{;@ zo5EjTIH<$!tE40xR9%J1{o8Ees2x1ol}IPAZra?nZMEgRzC4Uw2`pLi^jB0^q_ zDHF4N_@P8f%`^W}2mxERTUWL2l6F;}375i#jul#wnJ-$|9Q@%h_30|7%Gh#_Z`1G! z09xo*>sHw_68oqN=KQ9144kXcN)=x~~JQh_Lz@+$x=#uk-yTJ!?w z=xzg$J=6S^2K$dr4d7qkFiS@BoZDAd>xO6b11AV-vJ$c61lPmvhYi+O&8`wDGPbs% zX&i{GM|d!`69P6o9ojR36EWu@M+D;FR-^o0s)z zZ??M`Y-X`jrDq;CU>yQBK(i!9Hl5MhCI?6HpX;}OojPzR><$l^a@s24vOeGQJmSAl zgMf9suwTxiDV1=-05anQ#wx5zor>lWJ|gT{{YcBs9CSs#@d`kH90`}!3B*=V+jC-e zJ?u*7-IVamez?_dPh%S);H9|CD_$WLvl5(2=WTbpCfn_BAG7S*aCq%y5TV*fK7op38pt$ zYWCLI$uApMX!WC&!UmOV!`^(eurPvkml1cya8C2kwS&3$~+N84H{TMQKZ|lsEj*U*^~&baJlNH2iXlJeQLt;gXP~~ z041CrvWExp;B9D=@H}E7w-3Rp%3@~g(+29LPC6TO?8Qtg3>BH3*1ANpPWiC<){~(S zTGy_uqdP4{m^)ZuuohWozw9VkW%0ts&~{j{)3Bf?jG$+Hvx1VS5o7A!J=cMl@_WIX zxy~%##To;vFWFtcMR1boO1=Yz)eJ8Wf8JHkt~o+i7e=Tb^f0ZK^M|BsPBDRm0c9QA zJnM77{(sWfbdWUz@F0orsTfoON*pwdh2}4FFd!dzb9nzqBkuv~)yLu(V zv`hM7WG3vitOh=yn-gn|d%zUes(%U0OHd6AsZ2iZ&?^>x$1_z3IqqHYK&*Hknq)w# z{5pz~q%jse*CrkhHHuPIi)Vg?V`ES2h(d!~=r?59IMl$h(x7ECTJ7{E@aOvNG>cew z@hKXzjTU~F@yBzCGIwd);Ox5X+FAr_M=CT}c=Qz3@%gmwDLcsJPQ_2;&wDTchX)id!}>pBgK@Ys>I=@d1{tkIG&F3) zMtD1kcN+pu7~&1*r`DPM{Nb#hX*7HYe80&4ulMy!i@t)C!D1dz4VC* zNU*I-b)V|FFoO@(o$xGEfp4KH2RC{51wn|0wMBM$;nmmswSlS@p) zhj91smk44Dwn{ zS>NKiVzY<-1hm}EUaUdbh@dDFAli9tHEwL=!Q5smi=E_RD%xC!& zI-;W0#-@db*3Zi-t-~MW;SDuiLnq074jyOc^)FDmf~*0R$b<4JYK;e*mk6dWRod)I z^BrJ~^ch_kk7Ue5LO7dIy(3BFWvOdU-{$WSCZbv>03l=+cu9_(>r0P$DaayQvWCbVegw_OWtmWi4&Z+Pf<7J zqm#P;D$aVFVk;g18%9)z?|2H41cvX|64>a2ovAvg%i!@lG`7_AKp;ioA-tCtUbenC zbXeWiidnx!dK<~6%zr0;nbv6^7cau6?L+#L%y@gGS95eV9@RU32TG_QI?uMFW;NM5 zeLk+?{Y;={A6*M#fC%a4CyVZ!GLFkL*y&8N#ctgm*WxtXobanS(W=uHS4KNPg!R=F z=Pxgq(I`I$#6@MEoF|b zNUU@p8qP{nt6iZY`z_3a8_kTP0o8O4z0sr2Y(xEc%QB6{1^FOyUxr5lW>I~%UCu!)qqu6$!pwN+q1cmJsLQTM6Jr~F6>Yf{RT1mHPW0Z zS8kx;-0V*n zV19EJAX69($DM+@Gkty!MF}JghLQS{1^u}uC}`2w&c8}Nn;aqS@-E!lvido@t#vUy zC429~kxXmKmvRB2Ctv%RXm3XcPP1nBK2vheSudo%R`_JkX|iZ1xv-gYp>*rppMo3D zeEKh*^5cGa?AdGrb`GbQw;DQKu0!2pV7TUy1h(kZPrFBI)~V(^Zzb?RX3E+f5KH!u zn}c`9Mx<{EMd#DatxS%eS(_%mYP0J95#{)sGMLHhM(X8Uvbw@c9`nnpFAg4a(Y=k- zAsRpEDeF&j2Z=E$3+U)#%b{gGDG`xBiWc{X#QH! zm@qZ54>?1DEu&D4%Lyt8PNoZ+>6zV|_U6t6`Hc6+=_2UrPR5jyBmL573VB^={Elb| z8HZSD8K6H|RLalK=yvoLdvRf#D4aB4@QEr6%M(3b_}J^#GuG25vfI>LvVS-whLZvN zW`H-|6(42ppnr3W*?4WHR86Kd-#oe^vfVMbUA=CA>iVH=(0z|mtkDhFJYn#OyJ7z8 zZ3>SVg1XkxWOkJ|*}-BZZe>?~uv=F7g(Ct?8cZLfrSiI^Qc_0YhQd$-N|0b*POOWA zQs$@kPa|&EjjK@WOrG_WM}N`hSi1v~Wt#PGLQpxMjk3r7l+9qqKwqfKxcH*5kpfVo z&HksoclRaI)}5Uc&&21G2Vr_l6)OcZC9STB`(tgb4x$(qT`A?zZFJD?=m|sfM1n)5 zWv@c2dDxuT7k}urWqm*MkpYZGG)ypRovE)DNdhTlfaj zx}S}iAUd$6+F9OtI?ZvK)SyIBSl1DP%<$cpsTp91g1G<3lhwa?YTyK;rs7HY3& zBE3t`$GNv-KvI&#L6>wsl?)w%dLAEW_E0P#R7XMn_P(Q2!7uLlKo`WZ3yNFvI~tvo zRVluq=Q7|GM`{q00EuUbuBW_E;Fb?2DJp&8PX(|3^77fLC%lq_Y z6}7HyX}Vf(v$a%|h#|_!BrmO*FGq}W)OzLd>b21qf zRuwOaXt=ok>DX{wVUf4L%H66bXGvEnFCPy{8tShoy#g^NdD!*6Oeh|GNE{t($9Bga zit&DUp_qO}M4@9lO;Eu8TI*LQ{2Q7nh=4S%lw0-6DPM#I{p@VrEy1Fx=IhlNLnmL4vLkhjg1%=Y%@{=3H1I^>36j z+?*+qu<}4rWr*{LF*`I^&p8;jz9a;uaPq?}37itZDl2=hzlu0SK+xB2fYoeQlFCRv zRmxWin9-*U7&DKkZxE}+rGS+M+ngm!-VyC8Jk%xl;G>+CoZr8GedEFzShPAi(qZ&y zppC%x#H6pFD?&(0+d6E+atfr;{j4Jf7!(?+Bi9EWOnyEk!rf*VZ0+5y(5op3$+`or z^9jl5^zPWf!*9_Coh{#C9wtk%ep5+$3(Zq<&50H}VfdKWn2_Zz8(HMUHz~TaDV}|n zV^J@^+)KJ^El}8n`7PVz>#;qEM&+(o{;>S)xhJ%6?ku-!93E4asNAfpo~gVnP>)%^snFd2m`9e!UT*KP4FaqkUY2-{Zk4eAM4F;8>i8SC-H`&%!3U#C2mJi*d?>9TdFL}6tzMzrv)2P?-B^i z6cRUfgiLbrntAi-R@QYrC{i_KQc=S6r2yfqu9_)NxfofgzIsEUTVcNq$Xk{RRdyh& zrE>eJ-8S(G5d}2gYg3>j5sjX$3g2~?))ob#8`G5hC03|ZBUg9w z2}5Vx1IEjm65x!WwTb5smkW}3WD*3*Ey8389{#Bl;0zxyAPy`HLO9OJfcma8@|dB> zMU+607cA-FXZ@>Y*x1>Oy1J2rjk^RDTeTQvg^%9~a7j{NFJ5d~`~8C0*iN3%`8LN) zy+k4kPk_qTjmm^T#%HLX%`j$mEVz)7eP4~?QmF)-SHHBf!TK(8GKefm6*Sa1VR$PG zIE0~QafJhsMblg>NJIlMw976YUo^`D5?`eR*u;b5(#{jb+7TAgD2E}Y!4@g4YSV;& z!Zug}!bZn2ofncXz?LGWl^v89pDzMQvhi`lQ zKFyn2TNS+guF1J~C(PulI1b+^t_5Cq`Q+Ii^p7KYwKkzzn$EEGc^20|d9AP`z0AcPVrB7#6n5Fr>K^xmsL=x*lh*&X-Hp85Ue z?3v&0p7s6pJ>PfFz3<#}-#zcP4-L=zQ6DvvFJ*}IRZ^O~Qvah~oeGDOXuiz^pIg#g z@6~%rsZQ~Z4~7NfufJI^KMOVXjnyE2s<9)bN00%u)J07%}SzPTF1QAPE5aW zcTw=JuyoU@`tSdP(a+(49P(5M?%?_o$2XS$O{NrKlaeOP+D++8WD0 zImz{BZpc@(-%j~ofR=ovpFi{YO_%>?bcr=`4xrLMTDa$a#>^8@(fQ{D(5}DE~F(w7*v z8a!d$KT=a29&A#Q=Clq)5qz!Zf_)9q~QZ z!f|e6-0UQ@t@;Z~N&DiHEwJXc=V5sVf;Qe1tkswP)m|KKeUzZP9HqBK3>ZSF%&1$m zhy>xI7uNU27aGEsy7rx(9zui|qMgtrp0)O8zD|1$QN)OH;eDl}zA0V%*u##`VAmKe zg;~MAqw;fQA|>rnlrJpRyPSWGDEFkxMTA^}#z{2R@G0HVeFkl;7Z37C6*nmAU@kJ~ zY0EQlR&|mszNiC^N@l`+X&Z?B@`wJH2i6o@Z_(}hh(3QTf2E>f`h)t8Z!0Iz=QVBa zJ)$llz}txXT4iA0nB-ASIq3Tr5i)DRd)bdojLq)dj7ps#|2%*=^@j+5U61gd|2C1crU@SPjtz7tL9fD5eM(1}BdTC@1=cYzgqfZW1mN zge};xbIvbOUb9jQh6AvAhV?Lc#cM0jDoAC)G7+VczpUn7y*j%6+5<;?(c_)^3biNf zg#Vf$eDnCf`7gAUb%DPQJ6OOF<(S4 zbI96H-{@_qU)6X`rME4%>2cTY^g4%4VaNz(GtzKA@x*$y$68O0bf`nNQ3zr{|QzDOyt^p#GE zkp=iD7bu5fyf0LF?JreQHr54@o4T8e#uN9I-nnRBECB;iP6nnhCgz)w+SRu0JE<#~ zjp+84uFXfs&Gc^F_M)1G3Z$RIFY1Cj$|dEyk6I(1xP9 zFcaA{wQ7LI<_+5Om3btQ8P6O22%W~9+VJrBg1=W|*wSDIViJP(H>;yc>qd(7eMsrh^% z)AGEKo!h|YKVA3f6wBD>1wD59)us|bMbx=9F)L|mdK`z0Pv|Zu(WIv5CxVKUVNrZS zn+wM18rT4okWvM@ndd^V@dqm#OZ4Eaie;P_utoUl4fa~({tRl{_$hQjwo@Ye;O$Ha zEVy_Hn>AdoNQT_s-bYWXREkhn25Pmo-G~mk*e-lWFCB#g{;ctVK2**Z_M(hhlYg6CtkEr9#|$`Ewz6|)XrF#bGs z2hxa~g}OEZ2Z$w`K&xMtoiih{-kIOTT0SN5gdznI1~-_^VZHjES+6h0NZSG}NC2Sx zD&Z*lg1EMcVYvD$`PzdoEWC=fatf=*YR2qTu_Z7=G&$n6gub@r5jH5rS;c3xZgq zV#T)tLtUfABz2a@}RC6;%EM3V+sM80UM}b$8mE_ayTMJE}DV&085&e@*7h%Jn z<(x+vZQ?SDM4OW8D%%TjD+A8k-^H>tecCdbmOIh$1iziJ8jh zMeekL6+gDB=P!+hO>c~15@H(WRY#!o{X=}(Fj9y5PR4XO3n#=uF0c{u8wx{M!H6lh zk|#l`m4_3?HcfuL&)rMyd+UN9)!F;k&(xIH89?mt0H4mK*I!st`j05JCr-x4?P>$l5Zj{1p zpvoQimgusg$V{TWkUcv%Uwxq64otRT2IVq>xQT3Iob`;QSCu|!tRs*{;n68f zZa%kX%ND`(@val`BDKE?DP1S6?Wt9IV#~(1i5=>R?0P+8@b@ z43&StQJ-Z4i<_g;KydmK8Hey2RaG~)yt$AfueIGVL5VU{gu&vT*+cA0t20^#g2-Z1 zbDN~9aNxiI!(mHV2e}27bvYZF=aDgyHL6=tA*DX=JQ!|}!aI~h8>qsw@66{Pl1P={ zr!mN)4%CfapA91X$VHGt=}?(!X94hLoh&g&tMN(uSC+_-AdR_Yf~{ zfe4zH+tQmv8u?&S)hFa0r6WLI~8_9-pqBC~qk6usF6fGdc6Q z8rrUlZl;ZZ*mO<#B0sX&v4X-waWa$QQtm7S)plRq;YWNAVl6f+xYC-=A_^ippgvOHz3l6J)snSo=F&q{?-aD%`rm71kE0v2Si#o`yE*Jw7yBj#gpzs8#5Wh{mYd3jDS3qu= zsYlA!dq&wS**e;$4!W`jU2iV$C>UVKvh542;zIcZ(BwE(4c=UfL}fR?BhiawCEaWg z%uCxYFyBVy2Y2S&y6+*gia3Eg8k)7vGDnZ_O~CF`_thM$^&NwLK9eIAx`*j?{e=4| zWZ|S34XDbhPk+MN>yAy)A}f-?xGRgfF_)U=po4p_qf{pkhM)D~-WPh?4e5Y|$x{w8 zxAlU1eflWdk`~;I z0l|)B{bvYKEwYXRgN3ViJH<`B#3=A5#vl<-46{ziGa=g3Z8lRjm+#FLXV)BuLb#$a?r%&9Y0e_#H|0 zlu6TtaZHY6$%v?dM#8N^thaizt&Y%9vl0uu*b;Hu8Y!+ z=H!%^mJae~h>{;t6lP}nj*#byBx&iZBiRgHMO}l~L*fQl@3$?Hs`jW&W~cTpqT9I% zqLub^jBpbAiW%f!4Hu5%6-FC%SE5`uZwCw_#HZ9Rw}?ReqvyHy9xUDrUp3p$PCw)o z+MXmqIoPhWXJ$I>=|{bYpbGC(k7j57Dp9=Z6)w#%3co@ILPXQs8*O*(0(*{lvN;N! zdy%l=Ru*q4RnuLgFZO>+xKoP|@1fr)OuDqKhm*Ez1V zR=p&LxtQaR_6gZSgKoJ|SrUs6c+Z|2ezr3*D1Lf#t#0hHx^Df|^~M^YV7|%t+JE!(j`)1>Yy{)f(ic01z*FNk5~H*0AkMt zVKZ`!DI{q{W{X?H`huX2JnIR57%F!-mp--Rw-eD*0#FgJ#_r~-)rlrXi!VKgIn4lc z^|-eQB6CS92WgdIQqdTWSW#OIiGw!T#dwsjrLg5~7>$sp#h4J@q5k zAA;b2^*H(6=RY7=<!MH_0Xjl$2jS#guQ=7v{$urs&G%R*ON|ovvSH?dVfo8pOfcB>k=?4ygC2RD zuvJ@FUgweMx08R<`8R9%OK&K85fCT$z$EN!yMP^Sw+_&aK?6`}@C0z45a4n5RtQA6 r2S;T>*e2WejNOee<2&i^Zl2*S?sw$ZiTL^RFTZndfARf+mmv z0V0?0S?}KW&hMSI?!E7i^ZvMJ_gdXuU8`!>s;=6*>a+K*zsrBO0En8BsuBPKVF0Z6 z7w~rtkOwd^{-J;FnD>MQ#`=eF!C-7K9xgsU9xfgpJ|PJqJ^?WS9v%^th?oQdfkN;J zNy$hdWcTloe<}g}QxX#k_r4&60FU7Q>;ESG?E#>;zyU}Z69fe?pdd^r=CR zEi9{VXyl)oRyv2rFC?O)Yv7wv+|bz6yuf5FAmE2Suw>`HPP%(u|FHb; z{O+IkNh~ln&V8mb6ad|K6czyvCJ2oEZw&7ni^)jJhb60HjSVJ)3wn8n7S_*DQ1a{Q zB^NQtHINI~hV^cL!(mR@ITw;o?XxMK{ksYfV%~FsVnP9Fpn~(%b?;C?4X#5Pou*L4 z0%eQ&|CF%c{J0Q7?H5hSd6Uz=vHcaAVNgN7?OK{56N|vu%^IVB$9s?wd>r$cmEbTN zoUv*uu|*l4B$C?15LdGGl4RybCH7?w!d9Tpjbr7+q4y!i3%jqYOVVE-;lFq~*d4cc zCH(p#@U8y;$eP=+7+L|uEdchmnWb+eKs7Tk>_v(lj;6XEX2VlNkmh72l*C zevFU8pk|-ve8svmu8}$rxZkOSfw~3$h3-F+gJ-W*;>C7y3xa*s*Mh~8Mj+v1C zpH^AbgbeCKO;pW6QJMR9nMVR7^n6o{ixNGWb3>>456F!a5d{>9-iiIN5qy}$gc!sS z|KM@_tN1U|e_lVF7kyvsC0+2L<#{&x53g_8m2#H8qMvKuzo~%^>4KalR!iN77iLCN zqMzngmLHCe*Y8{_1vuSc2P`4F2CLf6oYaLur!(GCl*!4X?zy#i44POIm{QCj-iydB z5N!<7O{)PXh*wfA)!5R?jTMde801_-Z&?2*3wwuqC0*-x18iH#lNxQ;J)#WLCPQWs z+BkM-1Ccg#M{}CJrMIsW&$?o3bsE6yt(WeW+UVXWBZ?j~2hyGGH(Eu}Wp=BNdKYwf zp<-l6=H=W$j2vF}fdC@w1R=VFHic{V%}3eka_kZWji@6D;(l~Zs`~BBi)T{(Lyf8x z$YDXI1Flek&{UZnK+lEr%fsh%Aqw)m6C#V$L`q_(qa~P&3OCOj8orOV)%bg0C2Uda z+z>wNE3arxA~k|f<_>p&i5CpHS4<1gd&$HH_VsM%abwS0Upu5~2KH7b38`X*VI3gl z41Uv)%!9@RxVX5)-yr1$uo!}?f9A`hUI;J|oE|2xke>dUK!n0eu}}#2 zMkL+>$fB5|A47s5^dHu-I223k#e1X%RPMs+MVPE%m*F@khJM!nrmMLPCVgd1K8`oj`dnRN1)uAZvvZ9O%6cq^F;vo+E6G%uQ3AGqru9PL$)N$55$VJWVh7DH;vsa zGg*bQ2^*|didt=BtE2?Q3}}miv`6qInjEBh==&Ote!P@g`##Roed!ho}5}ofC^L`j{Q@JZFd}L?iYv(OwjYCVqN`K@m2)oM-i5hxtXX zZccJt(zD+1D^Bsc|7ZzQNZq@dL&D+yc5_8PC!1pQ1w&@0-f|mcytI?a0=;2j=1${q zIAWiXe8X9`rNwaNkmz&~SUQ*Mf@!_nX$jr>a9kOS+QG6HpE_^$$+RH(L-H3``3wAf zZ@c;R?A4Eo=n}M$?*UXGE^&h3#&u)?wLX8a9EQ4^tCe9=oU61j%KRGW721)X= ziY&5HZ0%8?Yc%xo zX*873OoiL#eJdBqGlVv8%P;*hEqH}z6g5(006P9dHsC9i{z%+`R$nkmBQu1!XEEi8 z$%hra-tRiMoH%{MI9d%VM3nPFIaOphN-(s#V>V0&EQ>p#M{57>7wOSo;Q9CIy92Xd zh^`w3HFTKsSq3Q0e$(V1be7Vu^D3ss+ZmlCi znes}maia70*xf%6UQG)^=2;l~vd4!=al=-v}RmW##5K8vA0VMG9)R z-Y9%+!r{BKDo%Z&O7X%))w@bI-Cbwl+zH_ESj&euEZ#fmT~RpbQby}_1*uG=)3Afn z_E7~}ik$)_LYZ9+pLz!i0^LCEQs5JjyfBiu0{5I!VQ4M)0Sk!R^yXaWxpz_5=&%6r z1aaH6RYU)P(v;1b>9RBa)e$N^S!Z@~f(o8I#(*V5=pz;=m!-q*AHfEa(QscmNJ;<+ z9aBFfusfoO49Dbu;vbv=(=BD*-vT!>iw@*QVEFH1yq7!ZvfQ3UrUbaf+oFG|d3rD$ zo7nQS(Z-g{C+Fee+BYoP9EkzSun8=A@#fIxN~hWh(Z}x8b+HA;?tMJ)U)wkwn-+@M zDmU`DOJt)do(-zuRXNCN32#2d_Y$A+bInBv%9Y}andvH>-V6OgZ`=(CaYU`r&P$d^HhAThYi+W6~CZO?jspB9>Nut8YmoYItwv?Zs< zibUTlCACv*fN4F{Ia8fEIo4i*FhyBgB{@WmZbbXR(~QPGKl(|?cI#o?RNHQE{RF`- zcScXm$HV4TU-8dr$aQ5l#j6|#&-~fOtuwLG+$~d=sV;2?xH;FaGGDLlFyoyZ-HyLN zIm~Mzt8r88V(~0#C_!4qijv5eNdA&NbQ|W8UMM^8MSop$e3kWSzpnB+Nu6a&LI=yU zr-32+E?4civkyKq1unYnEqbIr&uY%ujP8=4P|6 zI0U-Epp7NBG8?q2UO_-eIJU&ywz2VEOgmr>Rq8jgN!Ieq0fx?w&hvW+R#^c%^~05h zF_MKo>hu!U&M}gq4pH8sPP_O{Eu~5ozn6SZ24peq1Z9LpBhopx%c>5^tNE`Oc?munq|7zD$&t=z_C}(Rr)WR`dDZ@Lq*+1*~;(Jbk(*( zbIr5pUw(ZzTx*veM@Q25;f>~PhUFCww7Rx>`68%P*gDKyeAN`l#BF=7Kf z&&O=YeHKuAoyvSw76xCdS9iZ>%i>tmcx=!prn{Fd>iIE#Lqh_>-)Ym8L;YL+~_2qW}Nm?-2N=%Q4^AD>#``t#*mtcfIy^CL5I zyM!*k8f$&491J3(!7tH^n28iyu&N58ViT7co_1nEW{0%WX&+7ea=Sjz^ND*Ke*oQZ zRnoDxrwm!lAdJatU3(EQsd&~2Zh2rv=uW3g6E50sUgOBTCTgMw?NwoH8Bx|g=2N2q zZ%x0nf-}h+R%mo=JFvwmG@nD$#AbyF8$h^``u*q9M3ejUb1xd`aGa<4^%p`vRPreKN2qxP2McOkT z9OThXw&_bM4rsomnRdwDDz4IJ8!5`@FzxGr=;O8N zqmX-@SZs5zPs;_!7`DQzPyVK9+1G+He}NY_?_C|nLz-;J!=g0Lmn-22)nBQZ z{YhyAC4}4ZD7+-V8H90hwkc%q$N+;Hei!KW$?G~IUu8==@{dlKNpm~1H1rF1H7268 zb`kKNsoZC8!IwsEGha-@OBA)NR0`jA!N@?e!E=7bxoM+jNFNKg7tCafws;Q0o>>>j6uqK<*!b?5vO%s_X8n# zz-9b|eDcWqQ-_C<`0e$6J@*N$f6dT>9ZfA{iuQaTo*LCA;eQ(1)L2|D_3Y;g zMN`wNes&4u`?- z(?LvaxS52O!X88|bLYXxuCml-%zSt^mx%Z-We2IA~AHnA#&hN=#ACu@ki z8^fWVw_hpi*<(Z&ZoC8sa9vsAsr%O;eX5}6_;FFOJRc4CAbf<_>S{`C`!;U{h)n>` z8h4h|qWKD=?M(iacwYL?XtIntqJ?$_nWG;;TqCYu(?|OxzO5f6+q4FH2B;$bjMd|Z zdjQSRoBCsTnl0GTY-QM>g?C!1iKk)*8GrVkWd}&B&&K?&h5ljEeHEQ}x&P%IIHp+n z4E(B(=HW=WU83ZUPK|Nf7pFBRLtRpDuXFl>?o?8#88WQd*;;!tNIxn^GT}p#U}CCf zcwPoAYj^F7e!hI2pyV%NDc?2A_DhvWzD8l>Ojb1dUjWF@ft^b_pu2t2-;vzH50_zi_L?HyplwEc(rE4hZ57(|P?z}Bm9gI!uO0@vW;<0^Lp3_dBFavPL9aHTG_O*A8qFb#p@ zYllNtRXgvmnwoIN&LWAZG`3rX)_g8QGd+Tvce#%`-7d6qfta{3=jZ)>!>u-hrF*ax zqMS0kl4OveH@g~Lh;*HP|N3v*7_U^4Z&f;qlZ3M_kM3mSofd6p~%NwkldBAI{o zK)s3j>Kb#$6nc@l%G;zW3_+@05uBD2ZP}X{@j~mPOw1Ae2=9Frq$(1sx)rp!pzQ>DUlJ#pEgBkvKBbW0XD~VA= zD~Y4hNaZ_RRV8gs_&6iG5PmeWP;4H;7V_5R;oe5ai(E!sV~6d6kqsYA$HeYa1}uz^ z-|s?>Q8alk35Ib|vX&?+_lE2in*=&W>ik7sD1QO~tc1$MQSX!9Lu@X5QFjZsu3$cq z{koWw=sOp^k^`aXu5*2`(D!wcPftw;zr1kU<06Q020PSH!Bh|*4HUFum2g}`g%En= z8rmC!m{h!kA@Uhjl?UB<0he)(Fc}ae7wxRc`})q z&sK=4vbAEF8?g63b72@A%Qm@ys8|CVRUO8|TKTWFipzLYB=Qe)o-#EWj&E-ds|G7A zPX7hyyjM`UyHjh*TkVL&j36>m=R3&9IsU_;QmpvMiUCps_gD{dqOxQLIXxPf23Cnk zHx$1mf%Jes=j;HlMN`xZ@c&h^%1~je5?I0^)cYRx+S}js6`U;b7*ukYM1CNC ze<}Zx-$--N5_LBE-Q`>~xLBk~GPc3>3qgt+{NzuV$H%-Nl~<$gPenh!dg5sHiuHe3 z55*s_we zwo_O0OQ7wP#$KoS9H3o29;sk*HE1JrGFg(uw2Qogmt%X>CG zS~qpj2LgT*HYXzmK+@1G62f*k;!~C=&o=XjETV0uE;bP!VE3h7AeSP0aHvaOqnF#& zF#rKd*im_lhi~g|jn&!Mfx0UFqC%M&PAZV8aGuMy8l6;Rp#6A0hY8;XTev_Jmz;lA z;^>_S1FMc#MvA%k#1ms?48=sGLd6_BZbc`IK*kfvoOq5PHc{d2O6$wY;Bk*pw>(!9 zSHmEwxLmXph$uU4Q9TdI(T#P)WCpVx@q%qI!1&8GMw#zT3maYbg`#=jBtN6k9I^VZ z#mNsHoOk_b02(?%!szHpr>q~61nLGg4XzW%1g_o=fO%esi(XWdVn+ zTYf&^mJFqc5a6XQY{ZO40RRr;jf-2krh{VJMK32ftlMIlo{Q!EyFt{J~+ zQ^1_?O?3$>Vn~r-rDB#c7a%q5P5I2<7oysqwt}gk=MkfU$DD0C1p`>cA{6@IhzD9~ z@lATW*#a!XK`@d!0FczENIKA`p!bG|;4xpPcy55y%^IC1iVPEUWC+Eg5i)GJe}QH> z{X+SgDtzySPK13iPYDr7{8CkfPhHu?I59Cx%@(msK^P5}5l+?!E<_nR=L)v5TC(D; z@bGl6rP4UI*%S=xrMbt%e8R*{$iVO!e>Pv=pR4X3UHR#ZkMfgIM3bD5e?$ufqAZ5X zPo`9wh=GInV{f$@PmF(Pe)`d>xol`-I0_5{wKwr8{JUkZ65&7u4d=?Ss9O*DDdKs1F zqp~a;{vt{@T|>z7TGGdSu|+}vi=klMEx~owjG$H)oo_*zcQnRwGR8(}o@h08iM^%hXV6M2qT2;O&BKvJeN9lX$So;E{K&JKREuuuMAhDwa!Wc7(O;p ztJ|#q^m7w#DmxoFY~dS0Y{cXYFr-AV`?*kH8R-)9o71rSRDB#iAJaTJjPaWc@EnmYSRoT=)Z3ws?(fa8 zC^=f`a`(-k%*So~w$)QUq@~c70QL8W@=sR84%}5w0 zE08TacuzomQkrUB-rL4-uHEE}zrNd7Dq2#G^3bH$fdU5TBwD1^x5tbEqFl3FotEv8^!!R9U$L8w8> zEGt$S1pnq4vh9C7a7n6UqJnB)p4!>PYHpO?9tlm+2==a9J%qSZ)i<$AdfO+6p-Cm;Uv-)7zNd?#*|xGXh?QGv zD`ViZ%Z(^xGEUctSCk>6@+{x`YzJn*T6`YM^e$C07luZMETVXRH@-Cqkww5T{UW18 z1wm8Dq>W(l#+Cs1I7a|wLD3|B1efIC#Lr%JE>yr=(SVFm^|u`Oy93-U z1YC0D;chgG?0C#QtHR&|hI{L{t{!Pt66IQX^0A)QS_iL-W-@rl%Z;?PzB7M}rr`94 zd=X|P*3r=zqmE>s(uJtWQEMPX0sHY$9q!+js;#`54WXpZW!6|(l3r;n_=WJjDCwbG ztJ1fy&-nVRt0XwRE7|K?N_1u^j%vGSh|H~mw~kE-?7^K>nH+uAg~2oBLw@;2ngl}; z*vZNReEpjcH?WwY60qH&-jKnWBC zC2VuGRr6%NY9dHl#<(!Ya;#3BXSGS7skEph_&!goaV<#r9j4`aL`H30s-Nb_yW)56~4e5+1r^}ua9Q$oCg94R)ami&ld*YHl2i{!fpFL0RB z3Sby4WZ>JjdHUh*EXn=#ggLTnxRQ-RNF{~oe)DIzjXyPlWcd>(T?L)lB4}^_wpZ3q z$wn-NpP-B#7XsDp)5WDrQsz%Qst8ZB&0o)!e_}!^N%2N9Cws|ZOXUbm68p&zYIrS} zK1UF5=!#f!o$EK3`_0P7>b7QuDp)enPz1q@u{1kT5K)S|r^w>hiE-`0CcamNTDj)D9_ztc>;Ff^liWv4uu z+6BhB3j>9Q=ou=}u~u(UK9K~oJhF(9wd5Zt|iTj-5|v)<|`QhF&wHrTOU|xpx?4oYGlIUaS>c znjt10DMF5wKZ_hk>+SbcMksw{ox@u;tnYQ8>UQwcOVHAMb^kQ^RZ|BNNM=2GqWx6( zCF`(7%8}U__vqbAjT+foZiHzv8QKjo%ki$@00i)+5$Ztr6neAd#hd0tRk3_ju-vi| zKZAD^W2>k$PJDakZCJZ^hPcX@3@C)utQ{l?(*)In#~%A0tEh{|a2=u$xj`G4>1wgG zu`nwJ7It7w3d4Q1+0k&;lUpm9lE>EK)jAU6%hyyeGbRS3QvI%rAr7K5?&VA@owQf* zK#Z=+3TK%#{f6l@&r*Z-H1{6MjNNvlO?pu$TScgzxHE+;8@Yn$KJQ=PSpv1-QIvU8 z195i%yTk{l`9{;Jvi)TV`ot+*iC11`uEV5p4(-Nq%h&p;!sWI}Ad2e(0ZqdgYGIs7vyU6Y&G(?roN`GljpGX8dMwOab=ITL4)YT~^0{N>&Kh4vCbLCA^rH zjEsFIYcI!p;o*Dq`}Mn%uXGV!JTv1cV&1D3pC{Zy!L#_Y znG5`{wVJ`PRPl!D6Y~8PW`<(kCFetf{yX+s$r?qRP~9XgEk2-6hNobYW}iNtjH^Pc zoGi3=hK~=Gr-Tsc%dv{$TO@Xk)FZ`3Ep@u$GuW(Noa-feEEzxbFJ^s6-cIy{@0st% zS*C;RS+liOL!np$19>u9MLvApNfVy7E_Q@dg-&%7 zBkNTAwAPoGRu*ICU$cc?ifpz9h|!(s;kNdckK)Ut^%d}~ReEUS5rE#Wq3Tv_4o3yB z>00xe`Ac@%@J7#Zh>vl(g~4Z4IK7)${fCx2Gy2m;x3GxqPR-xXtS_4#Q|2^rm6l}p z((|@Q-3B{?SSVM*#7_N-yg^cDxvfWMddjd@nkHAhnq|VN>IAmF;u=E=c)GJCc^s*a z#-#eI-g>_rg8Ps`YK_%Btjiu*80lrmsH{*2mL-_G<4Pz(B?|T1W&FT0MZp6Aj?~Jo zn32kM(G~spK?f$*?_S;a(^aaIqt!?$`|rC|cf*9Wl&C1L^@*CQ{H-@_V=J1x0p7`A zw@Q^T1bp;#79Ig%S0JX1r$O6^7xct&Xi}Uo^n{a?6gF^%S0>LRwkB4iq(E8VcNWtX zCSPp}2W0$Z4p1Am$rF`_Le(X-+s@44fq7P^{C=-f*`3$Vc-xmEx~ns(*2iItn|Zly zv=VM@YVMrOZHY;!EzAN9y(HzpuhSgq-b>D)AE$1E?*TeDuT+X%$@%eBQ6p}eVBpYovb<@+Fh$lStpvA!lrK@SgS(!z_N05Zq9Q_pl37agK zTJ1TtB!%rPdr^`F59<>U6B zrk-^bV^1CUzueh;&@r=a^#cEFD}6+B%)5Ai)3hm5Z_^Y;OzFGb8|(8{SBdlA6JLbzR=$%lWm%R6WJ-TOpkGvrsWtd^Jw`Qb-p&fKWud+@LZg}NgF#Chd7&x4_M zQ||CG%SSS%^;II7f7)$((*!U|Ka0K%Umcn^ie;s5v;=RwV6V2_7DPGt5*BAacjU_4_1>}PSyKeWd|Xo2Z*f0$GaGwC zyYBlnVz_9JoKlCCXi&;I%a($VG)E;GFPs-TmX;S*!E7?YeI$z7-k40h%noPZf~||y z9*68FFHI%S7mFrXnR^?}(JNbfnCoKs;pWR% zNslI61$&B)ntGFVaK%e7c!-N&;iNq9V`4;&xW`C~o$G=1NP<;de0%@iM{{+ocB{`WQ^yEDT?9i9Z^9-^7NGDUGIjCBw)BNi)2_)lW4Wx5 zuEfys6oI(BNbv#@*T^t|<31a!!LgfWWaKUn>8FgG9P4!Sm9F!AH5np~+0Kl*R8c8R z2X@GlPRd4t_y*mD&?cz8vF9MM9@Ndd9SP3E@S{YLm2VQh=5Q}Nx|AQ#3nV(@B0{Y8 zey~*7Zy@Un9y;yKNq#-Cz&74@l1kI6`SU51LeE41wr;4R3=eZ+*0h6;^FcN#vQcc= z^a+Ff3=OI*Q%90Jpmia(nL+J&p=$GWIxFxtSXcv{u*=;-V=_%=QRtBOB@SRR~vD$Q#C4t{JHh1iFQN#c$s7j{2oPC3nB-;au{~J6)n7nj}S?q3C(<1@X1H#| z`*;{Xbua8~bD3=aEJQeP!jI~?y%i92-hG?@X9SUe9Y=ybbNu5u)s627@S zxu7{cHYKlUYk!>B$FuI!F3&WwTcl>?J2-A_y^tQTX45D-dT_R%6W&MVup;Bno})uD zG-06brJ$V9$v@R>{PC#>vHqv?8;m&|cCvc+`QUI@tH}i~qSK+B=foye>I5d1 z+DKQ^)>tJZZ(N+pp^kne4MGOgpgjnhH^4WKej!7HY7gh7Z7G$vD5^U7eopk+c>UzF zPIA5Os!d#i_$%ON0OsAR{CKcC3FrK7w+ zi|>cG0PL{6#sZ^EyF}a`9#*fc+S7-_7=$HImNHlJrH^ZC5m&hLg5yl$*>`)5~}p{w_#vE@lJ%vsJVm%0>3~uu-Io^u` zC?269;r4i3#c@dC+ZopjYVY;Q{w!W#9U44UTE;G(pEwCI#}S;`$E4dG$&{8J-?R{<5ph ziS6RsNZnu9L0&6)It5YKEq$b7PE%a@jkQrIevxz!<*asl4gJZV>iMH(@rJ5hphJ0t zv%5{`?B6`6oixmg=Hxe9-23+CLS}x{ssA{hX`*6H`WNWdPjqCz^FO*P zY`hUTcU!trkyxE*r$;-wThuj7(Y~5z9=ui0G_`9fr3y!mHzitA#aHHLH@5VA1znhdoas!se_A{^cA?! zk)k{G%-2~To=+U-F2+26)(_6SxFQ&z0(C^5${Nsf@~oHO&{=DkM&mVNhsg7>^2m>x z6wH+fW(Rc0EX6u<*F!fcIr5eGR_*d;q8_)k>gd^O$t641yx|$C9AY-eFXO=lyJdwa zywet#cnx8Xz*+%9NJh1Jh@69jY4Qw#8_2V0T_6)oI3;h=Y1X~rI=Hdm#_KREdpS(G zQFVczKxMFFr`apZr>&6{;VtSm#yTOe6Y>V;s2j-TWm~OeYX>1&P7)t6b{_h8wNCxP z^63k8>dcMA5>Rc^S2h7T@;-T0N=2v(_})+3V4+y@+Iyy_fzQ zCEJY=1Sc9^p z)XGc%r0lWvTXL)*O!4tv+c*Xr0XkTSWBLF66T7SSt{0lE9zu~fqWtE=-KRVKg_RYBg16KjlfhQb_tGgZtEqJ7JGl-bb#rP^zM@pSJx^$x-u4OJt|$#sY`gP zk>rn1ax!P$L^%ME7%DUw3K0#>%bqL)*6{Un#veGhY{;GaR31Hyr2a(mYVFB;JQ2eI zNj<@2r0qLz=0l}XHVnpoOj-Q-yYN_q@UMQUg%>X7;j%%ULx;_wi*`e1!j-5$hJ~)! z5tltVLxs*+Pf<@3&QYa8Y^(H(-<0YFLS(+Ivx~m0AT@JrmXIU6Ri$I()8ZhuV%Zof zkAxP-UUFLn0J4&w%cIf9T^W{JoZejBwT+%pPTej#4xhXN`rDGjf{FhK3-vjPyrAQW zn?=tjYgmivLYHGS;1&od6ys=@w#Rz+wK8ssGBR4A+k0WNVFz1Y!v)B@w{9r=Kie1L zI-ttSpY@ZlSXd&CA6s$zoc27~;^AYB6f#%(zd)TKHIZs>;H3R}4?ztlg?dlT``v2C zYGFxX-dQe&Qy(0R>=1+5xg=*k;E-A*(aLLguInD}yfb@fD{=-WG447kM_P&JF_lO2 zZ89eomH0*cOIYTAl2w)b5iQd}DYED|u?4pw#RI+s$14zHD~JgkKs?>&^8;Ra;aApD zI|pV&38G*9jKcVe*V6nl(fW$ls(0CHTWW~h663n>z&|3&G!UIdQ|=n%Q%o5S;uuY< zh}1M7f-#fP<6~q+U@71r_wp?I!0%Xf%MUO-e83LG->^_Cu4;>0SIxD>YVU*=*Ohbw z{3=&R(&B?+m#xnD{{mXuzK10t(u(o6!Zo%7lR^Y;A64G5H&gv$(Xs_k^8pN(tr7e+ z{w=3H)&sw^uVkUNO{=q5>y`97N9610ua}2K_V&9SJcJ3$4h)(z6c%cjtXG9Ko08?e zYu#+`gwmm?;C9K{bD)~zY`pbLIzExYwEoX@Asc0Cu4U4mB z%JVWIVBjEEVu}yC5-tH7YvG|8x11dQQF69)Vq>DVy6ZGK-pirN_2oUGEkZ9Rmc!0F z(PSScLzqfN!dpqgLDv9aCNTokg}zvRp%P?%lVtRK`(??BY~> zcj_M*tFk5jDb`6$V^=}?notkVhs^?VQHFFND$C&OWlzY`J$WN7K5?cKy+$^5!zDNEE}3=cvK5_7U69pIb>H z+qFYgrs5e%s>On4407!V1&v8vM)Hr~2RfpemL?ak-RJVv>bMhq1SVEXuaqh<7BT8pRhP*v)r*D1}CBtGS_VO4GOR0qAk5tkJP#J~;4w8lGj><@P zmjvndyw;>EvQGp;rWT4NE`h97*s@nCREwPa5p8D^ESkPKD$1g74aTg|haA|6$RY>g z?QmYUDDQW&weQL#AW_0OcZnRfXOj4@18}}DH!XL+4HVci%I6;u4$o+|NlT4wX0$W! zFgUqAp<^R5gxjx_>G9~nlNTm>tM}-8CBp+3^a~f_%x!2@9`f;!;#|PYuQ?yO7-u8Q zLFLN_2FyOZL23zT0 zhJ{Fv1lcL!-HN{e(6T;zDx%`5cq9LSKt3WcAxalr70t!ysY0c$q1vD;Mme1#mY0@% z2pWX3o%a;UA7lhMKTN4E82$?=(NU3GqA8!OaMAp~kyOLOu z2RVLHt(Uv=^6s?oeb7YK9$3FYJ-Lp6>yV{7use%-z^KyrtF<$~{7`(f+C%(tOYD1R zmOwQ{9-OYk@WqqYQ~M{}EfDdB1O*DN55N>(Dq&93W;;03zs0=NjYuYP`VK#q`Qi0g zaq%m6{Uh>;>#pS8uk|Lg(sfRYF2WMoH{V*HHF9vW|NFxNwBxN#HKWpnr@y*YYEI(s zc={@TuB94v_*4~Or1MjsA$xDESy7#LX?x*Mx#y7DA-ZagVdb&AB`b-q!&OwWq2>#a zx2l50+mD*7WbfHYZn&!s=sgclPDpn5md}HWC7PaxbsVQ!?)>9xq*&a@O}$3D;psL| zyXR0dZ=#zw8f%YbpnsIZ$FBC^=MJbNmB-R_;=Adm^ctrlCm^7wovv$oamW1GXi97P zzv|Y1=f1Q+x)RGWRkLX~FPRb__dqZACY>4B@nXkpEAPXwK0ACgLXnXRntX^33yvV( zX6;Nv4w*hVMSYFAcxc~T{V!)JkTX$B=vnV+Hr}mqr25FAb2gwqk6&Myv>t6N%)g|- zacJ|d(b1g{`sw$olI}dE-Gk%Du>X@BqnQ2;ny$iKgVd)o<|+RRk%4K77_PCpDUpFC z#H5>~@vG87^dt~VcELrR#@BR}%pB7yWqC!)02z4^jApO9H0qh!)p4kQU}9Gn57`aA z%xX#=l4lya)LPp2icy75SMT22Z%6#<2l~k_JEn`8Ur&dmvgKwb-mlj%cU3Jkm1Fer z+U&M;QVCH7`x3^bJh#;&}J6#EsK1n_nztzf8>&cOWv6iG!FQk9wOh4=z{0d z{)^@RM#pkIFV=>`+dXvkOL-wOAyyD52(kyg-#L-IVD6X}I@55t|ap zRoP!)EGOr>wVBl+RP%`KKR7ESwx&y*6)8c&q@OTnRxmP&v{{mT$`kqadroS;Z{!f!a6rR>2?@1y>=sRp6 z<9xXt^koKsLXnMnH!rXY6LWaTW?*U|uM~GA!pnL>u`0x8+Q{Akm$^$XZ}1X$jorl>tgnZFSoG9E9eadah^&pxfx-s_=n(NISCH(ns44YXWhEQp3ZOuy5 z=;v(fvF|mb* zhnFK(-s}fxct-<+mz`Vq3xH(VtIb9_PT)N-(Ya}@u6Zh>1 z%c7~01QhiKeSXMEISie)%z4fqd620(IkGaE5%hbn~WVZ{P7FDkh22CilVkD{g0b1A?;G#2O8;MHmqN?zU zU-YPo=i48F<5VB?>JjsW>}f@S&`<8PUV()O4R=1y4RecjlWl_=ugCFm+|xGY=fx3o z*o2dPqX+{s?NTyOPZT_Y0q)jwANiG0bV0ywQ1;*2JMW;V(rke@L4qU+k{Tp8&?2b` zO;V61Lz6RzSQmt9&OZfm-sTm|I>^&HyVFH9Ng_n{R;fgJRr0VG z*5LPD@#Dkhp1#r{_V*GNA=xneE+aoVu`~5|+P=oXC-;G6jB2JT6)t^@*hmOa;D(!H z!c9gQdE@d|3XuoNlotivO8$(B-#x;shAWIui}z?eN+HWw`SzAP|H~vauh|DE!=wUa|Q>?CY za4RoK=S#h-v(M9HTJV@%@;CW}8Qg<-Pj}y$2%a0Ex9RU{E3Gre$DO~G+|*YTeQUc< zF4MjYoZm+nKrc`w;^IP|rLq|J?j1ulb$ul~P84N>kCYZd@iK@xkZuT5ImeNUzPIvy zKKB|I4tYh_)pAEgN^b|MV%M7DOLhKB-2HdofG_NV!r~GjY!P;xqjvk&A83EU2NWEV zJ`vPk=7N5rc-}OJ5ZM{2usrm!&9F~}Di6Y0RUi{pBeSLF}Nt@yqyGrKxBU(g?z)NOlu zGu(edN2sagehJuLsuMDz`7Yy-p+q+t@3O`40QLUN zycRXNKBGPf$%6~8ta;W;Km=*x>+o3@(axHxb)kARh4AvH$dD>Jv&|a4_|>Z7MT<9e&B-OBEkQLiCmUvhmd!YXxnjQKcf9oSRn7=3$A68y}SXJQ!|f z6{J|p)}o>*oIpyaid99&H2P%Qj*DOEmzg1s8Uoik%I%3rqpPhB^WyDc%u)RyR^pn~ zV4QY&_+uhF+l9x>PslhC8qL8Eqf8;f`NQwu{xCqx`EB6Dz0Ku`*Vj8Ez*g>lxR&aN}J8+sPs*)o>KTpSO~-KWr@ z4SoTz1oR10ux{$S7nz+}XcvKRL=GUrTX#zuGz?|XB2J%iaQGztIQunTWn2j&jIF^~ zfMat?ygNQwD2y6trRbZ=_+tE8oZzS&hZ!C#ybl)vqT1>#o5XsqfHu2tQ94Tc8-ly? zu4nPnz)Eq$TF>@!>t#&hJ;0l8K^`%T8vcn)9Z&UgO>@- zBcB36Kdf|VByYK|Qmt}fvEvYlZ5^7ok|G|o?wK)#fcck{%v@s!Pkj_}i#F2Mn23Ro zN0m-1C`__@Sr@y=CW8ZNnbp3XjJT08xOvOYe@PhBvg=OLe)S?09~YE~E7K~g6TWnP zfx<^FYQQ+98x;N%*5~r$`v z+Fnx0V1O(>B(jhfNnx=eeq{5lE;VI&_pIk4Hdibu>fO}0xO0ZP2rlY~%CErh!hy4@ z+`p_#f!}Hybld9t>d2EVgUt9elDsjh4fVeS2(=Y(4;ALSA75A_6*W;Ru>X+fS%903 zZLo?nA^7cCv0|Vjr|OqV$GaX>C}J139TL0n~Aq0L=rxmKOhHOIXFdUzLUtEYB4F z*Gj{`#D{c}<}!3|HOw&BP18l{(c;exh$cjVV~tkVM6s2GeX(>cQ|&tAUfly;q^?|Q zqeB-?tb}rIrdRzbGO=_gFuQ|8CTGBKruriD`{u>;JP37CKWvt-uPoECBtJLc>=-Eq8TV;&i*%pu5tVjYCRw0Z#m2qh(e zeBaPCnr~z~tKK`(VQ~2p&}f@&>7zs-mXe%$2^djc6M93#UP<7~6pvT2=m`tgFY}rw z3NheS1qr5_rww}I#s|7?nANX1HgV&-`-WXmj(SfQj^aq8VyPY)QSIgoAiwWJ(rhWV zzYPy$3w)wnsf*YuXiP@aw4`=2XG_9QDTsBJ)SIS0Cp@F6XW`#U!N}y@+84Qp58q<(!R=Mv($I3E(pc4om+ui zsB&9+VxfMQkF5pAckzts5t^U`TNCpRO;C|@lH%t^GyBRwG0M`0Dd z935f@JLA*X+1CJj>9VC98FUVrDQv2F5Fx)VO0s3lgtthRKMZ5fGf4T|IHWp&iMP9z zddbPE0;MiOP3y%>0AgZXF?k4t;@N`Bro#VrhAMD-sCJ_(41B}pN9NR&8Q8_-Ln=I9 z*^(88)bZknWJGv(q(1`doZHh1ulZ{x>79eDpBR^z|9W!ek2`dK_5>PZ8xRqrV^gB< zX*#4X4j8r}cU*3Rl~>TXO}ZQoOetOs08h4HLg|{yd@?E3yn>P9^Bg|X&E@VN3TScL zp5s1}kE0GaN#uX4-V2}GpW@egf05-<%$9@8Qsl$=JE!ISU!sYm&U zwkOAmq`{9Y(Zh}%XeZl&HqDlSAGQ|YOF+!0?*_TOdj(S5K%V~?zkjUMF z1n1n(@70NYzfij+>sfg}J`S64PwdSjC!adV_d8x$itqb`1MXijko3%hUV0G2%vtav zuy2>`Yg4;XWY3xFIfQSP4=x;#6P2$?ZdT!u+ zN_F~DU@|MRFEXU+m#scWtHX!i6}f9}e|FcGAL6i#^`q#Vj`tcej4 zVUBaI`^8R+(TdEKsV!}}PrIiuQqus^_9q|1uTRt)1sw@9MI=CQu8cIIzG|n=f(j_~ znqh941YTB@Q97JK+zafWYsCBDdBGmWO$X`k&rN-&p>{k zUBVSG01l6$mWywdgoAuz+ZKZ+4II-h@`lia!5nsN$^&mTR+DnOvX$PdaYRw0cLTIn zG%~8=eD$bjwg(N2^6~0;!=&1H4%S|6q4PzadOlbt8-)`#&H`=MaIkn z$hF%f?yVK;l9=@?E}ZR4Lv35*2E&*WkSP1EzuS%-NGhPn;0A?|lF;~N` zB+46^y&AaB$I`c^Bqi{#0+??ZE&})^fv}$__&o0QtE=d}td z^xj;B-eRf2FK7QB?bVuD26^AJ<}5#VAC{lBld?}HU#K^$xuXnH-=*&o1e6l+FXJo% z*eujOLOVL@yjAr|^+Fjxy6m+BcFgQjJ0#6b4g!o>le~cblQ}2y=)0;?+GnY+o8R0f zcj9ZQ)u(~3r&(DV!5$I%q8WN_5f{z#mEd`qZXNfM&QN1e+pbGNO zP}L}PZQkG#rxon;-Glk85=2+|CN>N4u^luz-Jpy#bdz#i#XLUxz3z)1 zDM7#&)17g{D<)eE*|@aY7!=Zrj>#Owo$%16%Fu^-4MB*)G4a;j%yT;wMYFL!;!)1E zK>vx9oz^(Ti6Uh$^-u_*1fhQW51xs(Fr&vV?k^(VbcOki59+HtifK>>(#xtR5|s?< z^-2)Z1miS-v;4UjHSRck0I5jWdaBf58`NUwc{}%Lj`~B|nGBp6)oRjd>*#=}CXK0B zF%rv{ZM-a^)QD&StFVdkA9-Q$TV+rvJ1FVCdfbuE~NHkJLt=&sLoH}Lr z3G%?TKIPMO7uwi@0#y5!+f7d4ed5kEW>hsLrLNFj>lUSGiS!=^^lBs|NQXPXkU?bg z>$YQ|mGcew*9)w`?R3Jb$paL8wV_<`!&>s#xw|&3>wD1WDz;#XG`WM|$GFvMN9J*9 z5+|=)FtP1>>H7;|P>-NCxXw=fN54a1T-gS2DYp<_LJ`fNxhxA??Q7Az3Vw#vY*?MR zmho3;fSnm_6Rl0lb&_{tU|YG0f*Vx01h7%7Ncw!7WUVwQ^0@UtI@`XS^EZt2V~pq;q9l-zyv8; zPNtCwrlrwI|EMAV5hy5w?kPVL1MX`(E8CH88hl$x#ti#J=C;Nv700_LijBPnr0WR+ z^UR8Saw%KpF{a_>&RqY+LNF;!+v!w*leW?Z-w%%hW7oC9h=qtQ~WnI{YR%QMlkI{SB!~{+|U?e&qO%GwW;4R)6UwFjU2=jtxL2948{*gO&Eoc;6Lm8 zRXMr*s+`>XJIl!|FIHE2G_U%vO^^0>H_qJu&VPRwbAI!${PzR1{1csj?@tp7X9vH^ z8&v=P8M>=qT4+nFo)S}(r+>NC_*~Rm3>%T0{-#}q>#G0!Cc@&Lxzj(s+<%@H{VmDA zPI_K>CDGhb7C3CjH5YhOke-V0D}tsc_LQ)&xhAl)yliu~{5OkDzj!lOjV}Krdq(rG zTIv6~&q_r>FhjPyP-_mP8yak`C_oR8m+55gV4N5|l4SI{Cb^$Lx}or+z^P4X)M=~Y zy>iFEdH>`wg>w+y$&Odq@CowiliZlM2A}GWhI8BfxwWuwMvza6C7&OBaT_~)R2pER z{_Tt~-{5-Jh`0tyBSDjGUE209`#CKe_-7UVPfKOn$= zYC?nHAr;Y)5Rf3h{uj%8Hvj`3$N)tK4a5LIVE~~qfbabP5&#eYp#=m2{#${CgMkM^ zfuIo}myOW@02pY>;Fphs zu#a)()!Fy2Nqo(#k3X!oaW1QlSSnSsNn#>yO8!IbKVJKf*8X!F{NGF->dYOMEH@OJ zEH9c{)o&h}?||A1drjJ;cYvqQ%Hdx|yPMx74kqU@=eBRiEhgW`r3v|BY2)K}?R@`PF|`-` z4gkMGE$=uGLXop0nZl91bj|)^D!+__#fl?1_us;MRukKo@HT87_?v{mhmpO^bp5kP zOwaj)V2$qXJ3uBhGjz%p_pxg>pZVMWaaBRgq6z8y*JI`X8N~l+BtAsRu?Ex0a$6cU z9C_d45b?%9`TKuD;(tW=57YmvzYy=!{`^!lS59M z_?vJSx-@jy3gDH9uV0H_9I+u=+#-Y7cXf26^l9-oO3*-aHov}oiDWX98OJQg!t=t% zA&%+`lagQVwikhgIBS{b>nM^0H}^{&H!3;Qsu+rXmaiNvc+DSuD5DT-3H-i;-JrZS4wzyN%h% zq}=re7imR~r%6Bd@7Abadw$}fTnP>X6J-qIX8mL#RQ|j0^BsVc^XzuSH&Fj`;i~P4 z+2Nj9;Os~3>ryA2M#J;(WD!)92!98!*d9yZC zArs6F-=w-N5BiFEsJrYcxLBa+rq36=20G=;W-v=#i63{G(^U~}3^yVd&lG6mdey3= z4lS9Ik3=Jb;XjAE4OH12;bwj&Ug)1KP!r7}7f^DY@Y&beye_^QOuRPx=w`5}Ml$4a zEY{2Oq``opQP|}=(p`-*z8%)~a@}Jb2Jei2AWzPaiVTmUZBI5i-^Y9CqNAVI88#~9 zxK+wN$AiL+BzlS}4Ni`%Vuq%_&6`WS*aA*OC^V_~;MSkZ(uTenh1ORMFH0~C=|)Gd z1gMawB`f^`oghd7piIz|NoT6?Wes!WyqL&%|{P43-~8H)0Zt{5bwKg^U^aMd%{IF04d?UdTv+%{|Lus^4jH&+*q zYw=6Ib`DFBLn0kJ%6y~mG)bl8(d;{-R40UqtT zTIMXTe0pBi)KQGtPlG+aFVnFl7y$08v&tE)hID*89OvP6dVUv#mN0)xH2n6Q6EqeQ z7M^telQ}5fui9z24WnJ>^Y&B}Iv?DnBtNInv!3_6a1k~sJ&~3b=9j1XMY`gkED3&3 zN=Z(b#%*dhe&spt)_E>%W+h?n>hm~RdZY_(I*}_**QwOkjYBECK=LOx+bEtUqi zyB5!8nP7vu(-7hKnu5iUe7mD_ONnM zfw^)$T6$jsleTrX7re<7?Y(2v?B)5z=S}R7&8Ym*2!;yri63OF>B_EP*Ze5@6*GY{ zyrXSv3aL!>^+4}oDj?u1TRgM_4T}qY?vPrkFeZ71H9RPdW+smYgwU8|X6Pj7F*d5- z)PHPDO(wRAYF|2n+tlCw!3~IknTC}|u~$wMnd)Cg-ykH1Pq$kTQEF+(hMydrMUL`t zh(;+M>feie%FT|LOyJ+dfhImwpcZF0t(!MJ?9s|h9+WayWwS7Zcx)P7RMXJQqd@>) zFF{csm>m9XUF4jd!A*lt5B<2fq>8~<)bNwzb@`naaWX>_JZXl`Z|JuC!w}90IdeGH z51gbCrVOs9cstsW&n@Y*Jhz2#sDQYmG+#-n9<2^yQT_Q{EH#z%F2*If<*q=+e0tp& zc!olAa^s}jv?srs?e9jc3{XZ`h8*ED{$sc7zmG@fNxs#ow!dXDVVQV`Zbjr2a;i3G zSYdfPC)v6lYi-Fh*&Nz4lRMBwu`Qg=G?>!oXyJ*}#Fb^?h*QV1IB$;u=%7sA0fl5` zVtLaY0xpE4?%6m)ud99`r9R}d%?8Rm*-5*MMQWxM2C1`IpZ2=q4pv^j4 zt#4MhgJX{SY}D(Jbn+aTKC-X$MIZ3;vr{Ul$kI-1>~6P(#o+fEbz_@|eJ=Y2R%MKC z@43Gkzwjp?4;Ztmi)dt-x)>YT>K7*3*Aq@%EO)|k)@sf~P59+)Wme%ty2-ddzp;3B zz6a{fEmR{UH=9#B{97*1A+p8ll7$`~qrwp_G@|aHkG_HB7)>($|#BN(zW|oY&*gJEC*NLHmu#mVkx6 zsgl}gTmi6Q;6x`~1VfjO)1YawqdCtG5#Q1C`fKgZN(3{*UxG->g0kn;?D25LMm6fe z#j}*tul1ws>T}98pC45V-!YSvE^h1=`YlDx8_dV0K}?6j`eUCv#8 zoz%Yg?BrJ*CQESccd~sak<~d@TyW*dNsY)Gw|04?*O^LCy8~=&s&rKPqv34;6yNpS zjC#t?27~jH<0e+kg?i8OT`%j48GbfI_-x(P?vo~8WeV3=80`kq#``ZRrLx%&}G0EF(Q{28ZDOYY{`$9*%o{?UA? z{e(ry0d!0&=_u-JFKyDHRF)3~3=HB3#b#^wwq~qQh#oJ{DJh8CcY-`R4x42~3$3{V z*vpsNh?JuiwFO-yG9^*OPHE(eX9P^58h?LXdk{%6NG4rxVFno~H)hCQwi5E_54q%@ ztNaPf7YGdD2ZSQP+g@S-tH3(;<^pTFat5bGCl;&=Z zHg(|U;0MmHtb}12I;%m|DdxYvrn{6JYqQlZTA5%|MUL?(C~Qw={DDE$kuC8X#{ZVq zBWh{O8yafeJE0@dArB+T4qFIYa|(`JM;@*T;HXN@l29RR@$0`j?r3$$%m;-APz^(2 z4B%vyrrcLrxka8B54qXOb^Rz;#^OFLDJ5|IFzG_DB6G*yLJps*N{1sD+#Q;OU#e70 z7V*Q9&#Gf0E_X`0>;71K&5x3WLiwV^-+tF%uobnKfrzYr26ICiFp(#B=b>^TPfJ~8 zp|ix5gnu=Y#sRG}J9}ELCKNbk&NhgHVNa4VX#)JN^0-{KSbegb9*ya-Dc$lpAs;jl zsW(wsAQM^;Y{3ogufYQA7$o9zzRNAHn>viO|$upRXdHlhKkUX zMJg$+1r`BV5n8QXR-flAa@Tv-A zABfk|5$vR@(_;<}DE)Wh*?wkvzU_$5_T|u}iG!fW@lm@gGPJu^R*sbIjl^4YcryLJ z;Gs+JN;6ag-vNq_{c05L74=wPI3m=;CPIGy(5t;_&EOhAIIN}MjL@{WOu%eAmt~lxZG)H$QOBWvkLCxqgj(*3nO>w=ra}5ek8h!}2aMI-Zum1b5Fra=1RCE@-VkJJYCw;~E z`?Xo|AxhKzXJ!5KdIRlQ_d7t?(&16MYdNYqm}QZ{TXGk?CNO{O&GZQK)TX{L@Oj$7 z%=63S54kG$*Q_^M*~=dzdL4}?EDzsB)<&QGuWY=)NcY^{S6N>Znto+JX`fcze~Cz` zStc#Lw1lkRVFbT*(JdtrvWT3^^ct{X{b^boZZkO1SWD7EWGbAq%*eBM&P0imR>a;W zhf)R(iK2qwpp`wH{QJqQ&PvHqpRST~%X_H1KxW2`b}eakxv#pb#?O`w&P>HK3Q_4iM5%-bJDUinn;n;& z<-aW|Kb~Y|_%ue?aV|uB45r@y;toB(nkFna%!ow8G{0IqN=dEM+2DSAT7q`yQoCdl zZ8;rchO!hQUKqM=7^Z9Uv^|8x7r=PI#5@6ViZ`5mL#BIvM(`3@S9NfmQzy`!PQgyE zM>EM@JsM#QC<=se;nF*a#bO8s@+OHb0N5fae2Fz!`{GRKI?qhIr+b{-wRfln{GjFx z>$Ps8xpXaf0UluhPW(N9{C59f1+AOq!Y0qlx#Vn>yv%Gumhnp9DjN9+&B77SIy|F_ ziwe6eb~%2V?;u_9daRR{p$kV1X+TywPl%8e`JL|yh=iI14VjsQ208Z{i&f&0Dh`A} zWm(snQxxACWW9Dh;lLIJwo8*xm7~Fl`4BjM4Mq?fZHA_SrRe?*q*su$KcWcF7&q1p zE0`HeUyZD`NtdY4tKG%L|I}Bi-f2j6WL9nCx5;JMj6|OVUfs5UpJ`lR9#zq1H<}xi zlbe8vi8~RKE6*1igoes%)%Qym&@e8I0*aC`ObfjFY*&8`fjpEw%aAPH| zbfg4NEtwd7Xv1v!N!EHmB>m{{pF|?$k2W5DST*(-TmPsiU_8+}Pcr_?zNPRf?xb0* zg33{Bv|@tP+LXGwy_bY!oqVeC1 zqTsCFo6mUKPq3kZ!Rpn$ppY5q_iju}!g|nY>mMVbn#>nR)iGAW*Z^Hg$XOk%kD)gs5T!77w7Px*8eP&CYURbpvJD}`;8%(Y`k$k%N>ue+fp=hv0?Lu zI=9~m%Ul1~Z&`yiUQV7+a=yvA80lV%ph!CAT*oSB{da(aQfzB~B}v7P5o*q7I`Ra^ za)(iPzrbo3l^Cks4K{XfA(u>IfEXOU@~w;P7b%spthTQ410+SF6fr53glP_JL6?@sef4hE#E?wp0ayGEzqU`C=S>vHpEUBlhx^3}j}KQ!-#DN78j}AQN3=$c?txE55G$rLW-?~Y zmDhVtgVuGK%@`2>l;{f}S3(Zm zW~clRS2g9LC!q`l`}FW~x7|>~t6);5?ZGtbzM>J4;w+0klKJTXy*uQux-$aZaJE>aw_i6KgH7`C-RhI5+^rs!ZgO-HqjN}?3`2{`-6wlHRT3pb9Q^3?! zmck0GC+>H^8X{rsR?Z<)z*<(%`bJw8&JPbBk9Pp-M#lG+jr~$pJ`|I`#ft6yY#Botb*D|Ra7=~^q1W_Nz#`P4dD>N!vT#tU?Ur##2AM>Mct zI@W}`c?do)7LqItzGM=~AY|=BQZu&^4e$_h8OuHWoDh7z&Qe##QZ-iBe=yPMT*E36 zXWryCeXaG8MVLij(5n}BZoyni>-v{?pOy!19a5JxxSRn=q!Y(!6gfv_q8uYiwu6+vs|FZlQGP z{m?}+cfaqs_dx4%cA;=!Pxt)RH@=az*#JH}T~jVPEG7J8@O!FZky~(u#_P86kLskl zodPoQEAfM3^oI)F6%VVaHT8FZ@s{Az#n*;rw51D!-&-3#v-86yKei9fH`)Z`GfhhD z=)bj2RtyB?M5G>HiMfrho^(2g7WJHayovUE|FKzEEbs~{XihxL#ZqZlQ=My|!3#wC zA*9z6FVB^pWWta(OIMylZ%iQ0YJ`>OOhCTdSeNF&Fv7=R#tb#60}mn^$dm{PZOzCe z#y2S(pXnt@7ACrwwiR9qkL+=*K3STJ;9h9H_7I9{i`9{$J3=b}*PomqDOtafexXgDP>0+fo(Jq=em^h97*$)mvgdB{punz{>YU13;8Wn z|585J`7zF^qQ#9pyPIv0r!| ze0nbQ+ZntodWF{NTjlJhQ?%aU;7DY;sK^z7R)8ZDlP-p&r>Wa`@2mDN`%H26@Q_ z*KBA-co2VIq@S}K5{ia(;{r6kqImVh5}&Nw4rm!jLo0rf(@4wQNnvN>H||`zcF*{6 ziLR9wfHR-40}=|niJ=EAV4-Ch|M(<|GVS9vIp5f@${!K1>D|g`xi`CA5_+s!B;94% zvE^1&MY7*9R6(~}#qeJZPiwTxz5_IUWFP72Z_F4vX=Q%=6KK}|cc6JXryjV7B>JUS z{%^mXE8CA+)zvRJgDaaQvMUbVEEB8M)%5oP-XDAZy4;xAH1A&?^MCcempM59rTnvP z7k5*09xp(5q5ErX+g9MoYgXg;htVm0huT-Yj^OS)NpHz*+-~~Qi6@En(ity2YfYWe z-v2eR_5Utx&#)Bs^W?JZC+Og_T#;t~&y@4Iw>|ZZoKwcX%}fX{tY4;ei2h( zcEZhSsJE!iS6a>e^NQb{8eXS9F}nw6+;HUrt6u<3K*j<^#h2bdX7 z;>~=_hxaYQ7QeJ{#G^q;&MJUZuV_R7@XNYVh7u1#W+bZ>%{+K#{c|x^Q>Y)rz>F=L5Y2pld8#b% zMj5O7Pf*9})IRCNMpVnCkpNxjCsM~I6YM<*u56}PsthF&1Y;^{70o<)1{$s`@I0U5 z@zai-NElk~y`}H{GsI%w^Ye~tH#G@dy(5L+9ov`m^x{whG*3Nxp`vMT9soX?D%Mk} z+y)*9;`N465KX{JF7WReH3kxdjOpYCT)n8{1=&CS7J?Ymr4FIM)jQi-%=dny3)}wI zyZP7R2F?6paQ&esD^ZLTjaQc~+zEn9Jt-(hje!EeuoygttCzI&3z+Y9pFw|x@Xr$q znfB%s^7esPIDaB@Y&FD;4p;%BcR#1*OvtN3My;J0J6GjMFvAxat}N_zp2j}H-x1<; zGbk+KvuVIPz#TI*=pQx~_5mw-U=Or^I!+F;SdlXc4p?d7<~T9>lqh!fX~*Fw#}iz= zhl#!Svcf1O8e}L_2Y4aC@xMunF++nP81;MZ0V@R!LOmx&0+yjaARSQ37d;Y8Cl~C5 zShSF$f%RDtBq3^mH}rw1thg*6FJKc7QHlN^F~UOsBStJ9@g81?*V+9LAYKRjY(o$e zfoNofqZz_>T_EIN9fug$7PIw1fHDZ~ShHm)JxLv#yV70*R@!Qt1BFyJ6VIc}T@ z!5wjlQAH3F{ij3MZ4jBQk{jN!W;KX?f$%R?rnn`YKquXTSm?#Ttuv>B3Lt6#v3`cA zOjT_Lspk?Yhz=W~s%>cCKVn44$luO{cs)%h5aM;fmyN)Dihneowgw?${-kE2*%?E1mhf? z)hktDm68m?f1WP(8O=Nt%>iP;EE#ZtCkLerQ3Dh{8AN4e<(5I)4?(?&i24vQ0)77x zW8lP$UJVM7sO~_s@ytid;X&yp^M%i0x$(v-u|a6$Kp_D1I1c{;iB@_NGB_iN(AJLE z1cdY}Nm%;7P4l$>n&v;ecG>4#5>}tR1GFvfS}YY;{Qmk+Z(Sw)tR>P%{#vPaA2Z<8 zEKk-g9UM z>Eir1uJkRKu)cmv!Fe(i35z5WCXP`g$~_4B1GdmCtM;goIBSv1G8b)akarZ2y_a9n6)VR)LC z7@mXgsH^Fd*=$w1=?+f)$>TUy5;BFL-vRtf8jbwWT$-@a^<+2}2m$?jC*k-q_TH0z zx!}K0GEXpbw(0Z@JN9(7QC`Mz_1&I16ejqNN|b4T1~gG}L>r3evqL;eJ0OpMk`6b8^G2LVC(fh^Owap}1F*YhSvXw=IX>Tm9o@bV z>xToxn)9R>JNKO|;oX92qNJ73U68a6^r|Uzafg&_-HJ8>%<9xo3!{p;@)3`-xZHXX z5MvVt1M?Pm{zv0yU2T;QzeC|+dLZoZ2hP=5=DH#7f&fCXQl_}70(ZqBF=_273SGtA z`cz39K1$!)u;;VHyu=|AA&_Lr0gz0-sXdyA1wj=<6n(Wg4yAN@mL02Ts*q;RAyVC* zk#ByIH7uupH;fGZgm(x@P3sWg9|xiQeYc42_q|;VGR&Vo2CU9Q zJAxN8g{?eja-<)ac*7_2iLX{{#1bBV@b}(rt`^Z-Y&h0@v0^3}l5Mvg>MV9g zpc2<$4W3Q04C@DgBx}BqSgw%DE3LMD?&LV8XrynP+`k#2Xd8(Iy}Tq~=uI1XVlq9C z-dQJCh#V*C*nlrI>lD=GxvvMmXSkulVxSs^)lti_@_hzDH9T?cchZjX4^$X(ovix$OYV zV#`M#{LU~cus5ReQn>sEwrMWyKBKAscSz@x!D3eAR@rHgW{Zyk?_zF%H9Vt8BRvh3Z;$Tx6cd ze6O5vNgmiwHBhdUU1E(p>WY&*?jFbr7*FOtxf5&fIpbK5*JD!z=U6;!3-+hZhT7 z_mzf15|?nAqGgIpY52H9h?tKJ7p;XWnXw|czl^jnC3%atu`!wQ#ZnMaGBcYg0 z5jU&F2qTrsCFT0+;sC?;P)u2FXgN$yAS#ZTT_uCyjC8artlyclTrhymL^hPL8*2%= z8uwKYRi^@fFOjdOzEv9f@hF!E4>R6wy1t-t;CG%<*6K;zoX4Fui7WCMzWLWy{@nlk!sMcPi(2m;&By; z#gP`V?>?jRP3)#PASvXDJMgPvwu*zPw#7tKMumhh5f^3CG~+$n;ZSR-OTZzVAt*yW zi(e!j11u_27XH|X>mt@gHjIyJ$z&}PQ_p>Xqp1n;+4wf zxI?4#QbrQoA18@%ut7u*K;IJ9Ok}D}0U?w9vdZ} z%A|<&<11#qm_GY6FY4zmR{! zt}F_ak3GRB&6A9if6X|%fcx5G6p(1|uIEI^^4+WlnhQB;0FArnRpuD+_>1j+cr(Az zs&lC_W|$Y660vLL!XH3-2YyS2(4xb9;uM2W$+yN|KaeWj#_Y$1Xk2uQ?#pat{R#&HXTrIL#$I>F4W(5vMTg>|10zP_oHg6YG z9Fl*q)5H_4@Ml-&v7}Mcb54}B7Bb$?+k?NHN^nSS?943?X`;-fXy`+0AZ4)H80lV= z-oVSyvQ{q=$=Xl?d*I%9J^Vfi-Qw;(4#A3H$*6{cI+&|%N;i;O{ASOOkeFTC%!J9i z|4A&6u0d}iN#41bh8F>D32<8>pS%5grp!8$Aaq{H(I#(gj9ADqLZL|0N2AYru7ig- z_sE`D$KTHOvRUU${U>T)5SbpTwSZn36Q86faqDmi`9gGqJlr7 z=$xt=pNWimz^;2RT}4A$Hw+h+K@6Heg*+^Qx7-=MEfAGH(HU}>VUn}8%}Vxk#n+GW z@Y<1AI?7zQDWN4%US-v_`cIqix+2yF^fwK`F3#C~zbJ4jj!I*qdBnU-nR_Odny<58 zz%VbX>8Cpv4B=(#soXamsn2_e*`)POoVwbrywHzf>eYERyZk?^G)UtG8pjW+jslX@ zQ{gg@NR3H2ZZ6z}n*2DM?mt)Y%f zv}7godQo~^?AQn;FrXm}>JlVO@^VFL#MR=h`(!696m=Imt}I8dV2o-}0P@=5Df#Gp zFA)a`dOOL`LcfhNq^G|rjp~)suA;*?Y0vjgQWQtY%&&3~+F4yPSB&s=xpi+o6$mq2 zhtJD@$!gj#P)eETqHw5XC~;$$m4`{oRqJCwSfmdOf(lVJ6$P%TlpUs%sdOL7`)yp; zu@c7YLqeC(+80_;Ul!;xh7_0PwP}-YT}6;SV+mR~a>p5>5LG${__@dWivuYDhd{E9 zeHo(>G0S%Vhjh|MSK0Jg;dO=MEpI4B4@REJMIQ!zauPt4l&?7#>@(5jX2G*`|783r zc3~w>t=F3MC~ML;(glC4s7$^e0ZwSQ4e=Ds1X!?Q$N&o8No%#`lSCpd6k#d{+fNOO z2)+*YA)Q>Lt8Vh_o&e7==t!q9^1FsBRjNiF`II&kBZ^Xu*%UT**dVHUryqK-l1$yN z-Q8|?9Z7^gJh2qEZSbP+7_zN7R$VjXj@k*U%7DewP8TbE9*4&E+L?@UhP?YoB_B(H z3-ZOwDl~`;CU(R)94a}P{i=O2m2%lAmdq|4-B#`0aqKZi%4J$dJ%anOgqsh%ehV%w zrp#5ca~T+Y5*`EZ0K2tnvRli<%5oIcZI_r1|6;nFUkYgjQr=J8`s+M@k*IL%1p-k8 zx^RwK9oi@dV`L2O+H=qEnNbl6PgKNl!|0rl{bbybl`zOyQ4C{A>2stmwjMtSd%HC4 zMIRg`w4QrvVd<;#Q0c;}6sk{99qd|hfhM9#aOBA43u3!}L&p}0&}B9xSz3_0lRMoF5MuVgprgn6|5e%g#WvFCGqqIxG&h@^c zVHY0?&TwZ8?ERjvSyeBUzxzCD4E0~Max%BA`7o97PBru7msx-xMUUO>=)eA)JRhGRzg?dvCrko$CRcH z@xPa$y5GJk8K6M2d4CLE{=oWw$mK2h#dAP-Qy_k%U#4&K5wT>aQVb;bo6&V zgGqSIoyg=n-~{K_U(+bMAF+KN^KS!c{Xe21S{Zr=+_UN3ic4H0OVjW~1-bCXh8O{H ztx%7?ap6}Sq8N~H_Q2rEbE&TE`VTM!bI+!3y1+PI7tRcESFA5KQvkr2(DmFNq13Hd zr67l|k~dVdRrR&Y+-#SXe-()2&&?!R@yt<}ZHk{{(?PMkP_hp@1F^+$XX^0lue05k` zWUtO03W4KZp>H0o$3=rk(Kj_83Y2{|xa&~WGbksbQ`wXVi`UEGQ&}mEWIYrwe^69D z$)QfJfS;4boR?h0c^&x%J=B<+0Y?vRK~+(FR?{B}NvIqF37?;0dVH!pYMKTMYeE}I z2G$Saved?!++bY~DEkMw@4Rzm_pm#>Lhn!~vqXq=qG_#cy}+5?Uxn&Y{a15m%P>$z zxM_W-Pu<$kbrtF}*W$04KKxShY9xCxn6PQB(thfth8E<%KMD1UaAis&WN=4Kls6ig zOieHff#T&QszI7<_(oCBwoLpXnmLKv$eOKx3DvT6TGx=6a-Iw{+Qin!9 zIs5q*9MHW34s-vQnv1*$h>mb>M1L&~|Y%jHp4=Eexr zg_mw&fZ=QsS#yR=rC=0dglN3@dOd++)ANtBhBB)i{YalC9 z>>D5|U<8zXz%E{J( zjiK0P|FO(?j7JbK8!Hsm-Xaal|6-ms89gjB3K9!(*|chg<_@8ipGZ`Fq0uY_xZe?* zf|i$p-vPLt1~I~QKbEJCqMNc)oF_lLGN{fTr;?c-+{P&1dcTbsG?ptWoLBq`wd~N3 z7Pj(k+OoONmt>S{twTW|HilvxvfMvzg+Vn=6q2EVj)pFEsrYKPSU7bpE(yL4HJ8k} zZ-Ay1Mun?>BeFvlgd8>siK{xvyqw&!>TX(X6_e>Uh|_o#o#1Y1L_HufUQVC$)`$Hg zL+*zD;iv`na-b}*v*DDA1`6=JhwT)Htm#3ZX5`+zAfD} zMrVkVg1&oGOiJk2I%z+SONTglvtg!b-^Mf$6+q#PAwc<_wr3pto6XlM?k!?<(L%zX zUUDnx;lY8EoSCNHUdweR7RmY&C$5*0#u8n!J^P02GTl9cAkbbTJo zA|RQ8^;~88C~y5eN{@>h2~qji!U5Tj*TrZO`t_;}CPqw;zr~~+l7&ogADGt-CR*$f zik!(3W=18@^i7!DE(ZK}TRc;dN(uUH`yl^@EHzF6F-?(76`%ykvSX zK&87{60G~BeY6o@Kb#n{JZyXjr8;U<+w4BJi2SrcD&APm|Y;SMYUv$*> zw0C^XpXLi{^`r_wYVQ6cDOQN0H{rtk{<$V~73>WBVAm8t_ae|EAYBm)mJl#2&Hd4( z$BtjT74yl7+Z0w(X#$eMInI#Y-#JJW@`e`yz6fMobF+AWwjwIm!Ket@S+G4YZnlJR zjLT?H7Q#xQQ3OB^sw)k{=#`6Bs2u2%Z5+qpO`bLMSUSZEVeXZ=A}yDn*E&ReeS+EHHH)Qkxbst+s4%Kycv^U-x3tjI*v#!=Vc>os*`7+IHfT zL5R&q^xZ36tW=6hkWDOM9rdmIW1Yk=u-yZQ8teuDRP%p6Nd~KhaZcK821wXgQx~H? zrt$wO&J_p!0zr+=%xZfxf2z{1KABdo_1m-D-zqNXhhe>rq!FsXmyH^PMiu=Kz82wP zwa2>P#Ee?JG|R&8J41NK+J80bNw-7zTcvswW%Pl&#{Sp|6%b>2yh$NKOeBAopyh@W z92hUy%dyIQK^|k0;j9C8w}7R9SGA*;GX~Dl*PeP|J5qP6_Rm(H!SeUt9)VF@&>7+- z(a%~SX(Jl1Ogfy`shD;ti8=RS1%NBcLoPr-J0nd{U2xl7fI_AYX7$&u7+#p zU7@&?EwARUuDxFo)EscKzIbIZc9o(Fgd10d<|_mzqTbJc^EhXH>Akbr`zUgdJ!gY@ z56}Q=ua~^N>5A$?sPO2-zPwa|E;X&NTXmCINQWK-m6+!XKnB1_#mgn3LyMu{ zHl0TKMweWpAefdh?$T>MdvLnfF^$5iCnOf`;fVJD9HETqMDU?M%lwjwVLVex^%Hum zkb3FW@e0$e#ew1H)$0}ZQIb?HguBkZlRRN+w9*i>a+UA}9wj()8;jP4H&JFos-77y;P3YSHTj|hV|%SDw9Ugtm5SKr8*MpFyTO-<9LOqFp?Ea8zE z9RHJ8HiKtkmFn35;HOwC+6Nd=_}o+!dbgHS!iay~nU3DrsU{!Qcb zWd&&BxrZp!RXi#sM5nMg_pWJSUbj5OX3(@F7%23c-ZvM~b(N@(oOjU6wJ-IattAk? z*)?meaO5;?i*BiQ(p{CxW()dJ(mf*)E|@aS^iD(>?Pvu>DqTG^q>4?7o~kV3F~}9N z7SFcE|2gw$-_#yswqVWIi3xu~p@?yMSKvW|)dB?76j_srl4~%o32V0E^43&GYCZcSrU%5@^A7_aC(vj!D zMZt>bHVo!v1W*qwZk}UM0zzo(Z``RouwFGks+7m;Ilu-tJ1N}yCMP2e5pFaeUv-3+ z+?DJsZRaCbrN&91uA~H)#4%Kfg)592Gipe!QHs1|Igq0K8TCX*ZcNgKvu4TXFO@C| zTY4r|sYzAZ+%s}5Do{?VQ0j;Iq`{dnR6tL6xg|ei(3P>EOqts<2#jJZ@gkMlaO$~P z?e$M$S50$P3CZ_0mMU$t%=}rQBFYkb<0K)dOk^UlZo_jrci$yNlXIOlEW&YjVyHto zXf{Xj?SQUuB7a{0FGP+fg(>6F#;gp@FwdA_V7DGhxq%Onz|;4TccSn5fBR9gQa zhVL1=@@=_v2UX=7FvnC4;`PqCce@}QV^%q^hE}jJuOR z%tXFexCZf=VaK|{Wl*Mm{qQ>FizQ-yN<(+giREBf>wl+(u~7Bb z)8VJoJB!qC#@H7W4PayI3&{mx5m{R$4)Jco!O)BKEdxHx<|&^SuTRchKhm=W7X%QM zL8fXuYbSvMkD?7CW8v}1WM{()f(VQI!g_!nCe0lP+j)iEvj{m_{s3@}j<`NZm{#|u zOxr4y)9>5Zv6~9BHjes|`U({6{-yR6CmfqV0-+tlPOCe1T-F8m$Z3B54&$eM0d~DuvGr zL^7%Ia;P_Xn&zFyOmT29j_V#;xwD6M8@1vhf^#XTx;LY_~dvwPWatvW*4jl4T6LD~lv2q=I3&AU6+?Go#12hBj~(mpntoz4&$%N~e&o zu;dVom302ZF&b#@*ZavNiTixQ7QH-+ZFpZ$B|qHPO4ESU&5h zg+umK-rCI=6W_Tm$ZMf~WJkp($+ijyO3{UZV}$1rkSv1q*nY1|baAh76||m7F4V_* zS)idM;phKCxfdGXvIZ9b?-JT{7z7g#GdOD6!e?LfOWL70L@(I>D@R>7YVHgHA z*5N6>3am-|m{K2|mZ5GpP1T`~A{Kx$F{{IiF$BQU#ZaURr;Jtze^Rz~JiC4UQo@Kg zO|N`s)(LX{&p5aT`HjJ;8Y(NPKsZ*6ED=5JK)jL%GPm;^w*RcogkHMZE@R4%enZWB zt~N%4Y#trza_NXn)Up?#BVD&X057_=-!(Via-ow@ZIu>WfZMHh?aSkgq2s_)wD5v= z!3cu?n7g^@E4k>_?fUvFN$ue%`6{@ox=nUrooOXTpOSaN{D$SfhlR`A$V@2Tr6J%V zfP&)}K@W8U@VxmQNzwv(pOngihUVNvM?k*Mjd_;E z51DAdu1-0?7Kq+Px3~(%C7^MeKj5d!jb-ioljgyAgQUy?W(kbuQy=c=YaR{UK`nj2 zVDmf|&VjW0*!~0X`H5T;&K4WJ>TvpNpK^4r)avHJ724LMg$&KnuNvrn;o>>c+sYy> zpUcKhke37Ad@7IOkZ_m`7<`+);TU^@Gcv|=g<>u*i!wCB- zICTk!y88@s_PkoJH}@{Tsp#K{$@Vte#vkR=Guv1D-x!x2$47psomyuw&W4_wUrH^0 zr_n3UQ(IjK*@_flwmbPKY+MsFnGTQ_N;ZwsXRsKiq%5RIL|PT%|9|~ltZ2>cO#$)# zC&94&BJ<~on>N9hrSzWqQ|g`QXea-qyjwlP^f)AD;h_m@IKlxd`V0GKc9g(FAud}*v9)UTVf(FApq;6#Phh2n& ztMVbLn%b!7k2GFC_%j+VgUhHS<6Y+Y&0R^-hVAAh##8zbU)gh@7eUq(5fLqH-<>yG zu^w4QvlN@zQSFTz!qAX^vWwv2Sq2F26$mg*kx+#QUAdTE;R+hFy(vcI_G4cQWlrT! z3+pIZhoa~A(QEM+lVVwv@uEZbnf&v;gt>9@YB=%<2lR68J?_Be`WUPEDhI8w#WX5UY)!XUo6IInpWAdA?L zoSJvu;NmD>f;H*jqM9WQms{}Na3KJI1O@;Q76AxgbZ$?6Q`NXVQ)QMdmFY!d9cUx^ zX6s#i-4ZMh>VF9*EX{DRfoWga0=A#@Kw*L-IhRQhD|NmtsMgFIl$#Y{PeQ9jzGr{Y@;EF%HORP^Yk{9Op z_-*xjlI1U#A6H*xAf=v9LJR)@IsKs-Wok4h*Dq(=n96Yv<)H)LwhRmAh7% zi4vD4Yj!4oTPC1hCzN~4*KwyB4_O&M>6@CL6X|Aco+_vqICZK!G&Q|(s_++a1|BKz zDW(W|!Q~1&X0_i|GKr=0Bv=vH1niK?&w^mu8h)liYh?h=FZfM^KKeBT)e|AyFxuso0U}!l|aq=Ty{*#JVU4CCjEwUeP%#7 zt>IVlEIDmQ@s0hw$6jdeQfzSU84fp#D8J+a!?wHcGHBiXJ@4XQ-nM%2kSOC_hRtTy zmLU0=Q^Z1A4$?R0==3OkIF4=Dkaf+q3_s$9VT-fQ!s?&mrSr2ZBpTYFWM-w!H`=x; zE+tCg_M{Sa$2a6ZGBTq={7ix(X4lhL{E}_$fKkq^sd5HX;~ESTN@HkxPodxF3Z|AQ zL$FZi)_7h@? zg1jj+K9O3SX}@nLS`43jRYi3k>1F=`qWU3~J6y??dd=paOoNodT;zmpCpJ~p7;Si2dgVUUSHf4t&moW}UjtJ2 zE$d=(!~$rY*%#Nkuu&}&)4NvcU8{qqV~t0*@zcr;P*;wz;GKc-w}dGimwGEQ0YCw2 z*xp;2oIep(TqXNUx4b`hWjqubtr8?DfObjQ8+S&X722V*-ns6teJC2PW2nPzgxcwg z40o`@n^$o8=G16)sJ}^1&5*1$N_bO9TBrlups4h2lrFB`%l8+%wxQy0=0y!}@8T2d zVWY>+_#^ZaMg!#JZ=4sJI__4xag%XZG)C1^tK%8Xy82XRU0du`RQmH{LR2*ZGKAQ& zVLV(;4&;R(Wf7>nQ15B>$3VM+ zcsh50@cm~Dz*0-$*JhB=QqT8rZ;|vGB)>nS8yBP9oL_Op^}Yzow!0BbkB~pMJx;WX zQqmBb)NEW4@&=Uje2}?YWyY;*?>D-nC*4SzgifHI<)z(*FN47B+16?#y9 z($l{Y7!OO3yKCkn(X8_zNu=W zhJY6bhR+G3H%^$oKe}*a0g4UQeoIm?YCV(*BM(sJ;9Mg_`DpcGH_nrt`Lw0cn`}&@ z1#Q1uPFOv#SM-sI_3zSs{gMQojrF-bZjhhz^3R6zRf|VQN0`*~U&czkipV!MWBA01 zeTP7VfU2i`bR<-}&kNs*$$tv`9UkP!zYtVHJC{}!Odp11&7qa^|fww)oW92|?op9I{#y-ieOQ6+b#Vr}la?lt-r zK(_h#)~ZufKr_T1HDqp~>M7FXaWTnIFOq4ce3z?MhZwT&iRL-d;(?L6XPD`J&jb$f zL@V5H62&oP!u^j3!jM{_=!wg;d9mnU_9}v`+S#iH^uQmRB{v9J%qca@p3xePJ=BYu+xon)aCVEQmbnV^98~P9FhSgUCkV_wj(VTmd&>j$_|`SbM!0Yd33x`EY2^j-1(_i&G+! zz42J3zFexYF%VJBNT}SbDtxF0CkFoIq+o&Kh5V%>!>y;pOSLa5>4W%Q4e=?X?16b@ zs#QlS5s-4B9F;1(iyo1ohWJQ-t+xJMmH-Vmq9jRAQQw;&S~5JTbPV0WmiyMo%9x{w z0dln`HRmr|kBr}ahSsd>gL^J>`fD7g#g~4+>5$j4rd)sUDdaqq+xV*9SwA%L4VI%X zg}jD~kLpD$WQ{-gjx1(S!iI=Oxt!B0nH#wG<7<4WnbV+zPKkMwhS$iF2RzQf6RB44 zYBs$8{r$_ByQOEqPXzJ#opuOZU8NoQPtE~lQKu^E^KFM{@_<>NE_xX7vK<&sDFk-3 z8V3N*M0WU>c>{)~;Qjb6_)X}3q~nYqd+(0iL^YCWAp^EbTt&j|=jnE}Lrkxd#btAX zo?r~GK+?vA`a~5@Mzy@ArRHjJge6uuKtUAj_@$ifrx1jE?klaw2k${XB-&^GeX@v5 zj?yDblLxAt(Z6e|vS>y?rsD(=Evv^`&T11)Lct0`Q2S4?KMxL(+i)XNsAbi>N5{}t z=tSPyKR_R~lOfQ)Kj113C7Uzskgikv^@VOa2OB2aao&9tI1N&hDi&ZezuKVmKg;P z_jC;TclaTTM#r!$Qo3HPa}Z(~=iN&di-~#dKR`XPXWD&`Wp9e>`%ky>oQ*34nDBVl zK#2yyjIxC4@gC#Wa{PII6$E5z^v_!_+EHLkH%*aDF)TD&-al>dPd}vMV^@s6$)?}P zJ#Z~y(?RP#{gEy!xPDt3+@btfdxLM7+3B2@e|7WG?hU+xp))vKa!*Rle~{+yKLD)B zA4__!t&ME_Md&x{quu0FhHOsV=li7lo4ktmbB8QfLk}DxQGP2;k{Z2`cTSw8x58xw zs$mnAn3T5RO)z`jK6+HcjPVUI%2&6i;O5(^vXk2pQB4L#iICrq6IMtg?3u1!Qo$WT zd7rvCM|Hl4_Px|R!EZdbFZ9W?YGhv^(mhru7GH<_8+9Mu^a%bkbzUT@FXX7EQ(y^D z$=VXxBRYjA+E!X*m$5<)9dn=~6$QfztNlMpN$()>|F z^?Slo-u_SqVXo*BkfEM4`pe}mZh3N6voDxMQ)u9y5wMyBHoJU_Fxv7C1+Rmt9 zzQjsbDmp|KgunZ&Np~!_*R(>6KI`-ZPC)1d9aBwJ<;U~eC6t|@czs>w(5SwXG--hAfX9xbo=DO2E=6}+^qUltvUPF3a{tYMTI%OLy#OBq_DWH0TU~uANO2MJB!&p!YMl%-QS%ymkUu9=uVy@T z4oE@<4>*-UDE(V#A5|5Yn_;H)>J9Biv@J&(6Nam5SfDLI_fx*mIK6zD+Q6S%j;X<} zUjO#tuh;g1T4}oAqzBt9@sa%c8DVv@K2kY_E&`iym_e_E-5NN3N8wK|@=Gu9=_tydaZ3o>!>avTC!Wg!!PKifzx@xA3%7yU2KT z-E~N6C@0)Ph|K!EgWavrJ9Q1QebKbJ98_wK96>kq*f8@YvPU|~fGrR9N=CY0)4$FN z@Kk*i;o}ZcReUMavg@dUX)5|^2LS?6HGo_n zipbUy-j=EL#9+`l%_%XWtU{ahs`B!z@~kOEIm2Rg!>WWWHwb}l(=b`&wBz-*kzKX% z=1*1$A#=pQ1(!RO>8X zMr(go(lZK#;`7s79IsJXl*A@86OLr>#0~8BJ%_Z`&kng(WbK<}r)2gCf&~DA0OT74 zYhN6dwGD&m<@r^&wbG?|g`LC6jHSa$8#S|Hiyy5!g>-vapR>N1$6Ewy>e}x&Wbh4j zCStA0%G%hWS}T7g*yy;jHZ^_KdQE7m5y#d+hBn5B9!JcZ4r>>Y9x}I8*?X9%NS>s_9S6-l+`%O|u55|)LCLDP#lv8AK- z4xM+SCok~fZ}>;HE{w{^nF3LZ{O6QWdV?uqx_m>?!ir*u%NL3naC@R?QBccxIT%@1 zhSrS{uqQqt6)o~rJo+f)kKvZ4s^F8|vC3^)%X)jZ+z_8>wgwqrh+_hnDh9XDLJd(8 zX&Tb-qU-9yjeKz?G*)b1;tDJzO~wI$jcXM0t*~XJSI%{+ce$$m@9bdth^C8R^8t%1 z{>At!=IaB>iB1GFd00~$CT2Xlb)_|_+z8(74iex$m%Bn5Ym$5T>{q_)F}t$3ih~mXl$#?Z;Gp^@1wKHNK#O3%IzHzo>jpI`KF=y*2Qb z8FdVLELik+t*E&U(Ci+Q4`$wR3rFNCHh8&Ft_q|r_#((GBx$F%scCA``rJ{T#Zk%n zP`1igjLk^sBrE2Yn!P2rguC$;j*yH1phR`p3TJ9%lsN~Cp+Ql93{%YmKs#hq3iOJm zCLM3Dx2W%fb<2}Hww65^X*g#|#l)yP+!S5=yJa4x?ytzl(aGpCSry@?kA@|7}~GhVs5z&gPXuUnU9eXZEmVshW0M4sGbUMWfttQ z;kOgnrEiLh^zlifSxL)9!y72VoL#N&KVA*#b>)k-lkv-tKS7zHJPL)I@zx*kkOXO$3C}?jo&HYLZ_-qr>;XWjpk{TD0WOHSy^O<(H$%?UN7}Kl_ zRKW_Uv|t4QvgN=?M3g0I2fcMuj^0(*;xm+`MR$C<@_!wd7X8$%NOoN_Y7gt4$GHiK*TM*zZh{U>$NY5kQyxYO?YA*Et zq-#hfUOF{hWQ1KCY*u&js5KY=575kycQVX97lOfFHf7T1l}r25LZF8#NA*B z8*=XR{`sE$n5LzDy&>0r z)r#5aB(E{|9wV@dw2waLhMpomyf2Yr?t|ZIKS3|Br2U#=_8y*mYE4n<5c0j9wV>F+ zF3YJlQrUTHL;w4c>&&zWmrXvO-X)BdMMhRwpHH6-cdR^Q=<;;Y2@wvt{k6;zz*ib+ zjc=v!!2f8AosR{hh2sN@U5hqEIh_m01=WYk2yE~tiBoX7H+nuYkclJ`Thv76O?r{Y z>(r)Tu~RUz^=0F7^8ye=evb-W@k2HW{{dQ;r5%i%L9G0wl*{p=N0R$*MX65~e{e`v zbjntc>toZo8wq#fX@99lSr{p-u3`RCoPy6cM8wyb9hc=N>2WYJo?uD2C{afzze60? zj2@v(FRIKdh}Z{cm`g3H-Bubt`Z@dfaOR(p>S<}r?XuK-^D|GID|$UYZV%r8tzwg&v!SO7wBpB38MIN37xa7fxo@8x?tN>y(e$q)t> z9a=Jg0vokL4F~^>&EZ)#FKP-GsvxR`={GZ}-5RClPW^=86e6i{hs9`AXr1q*xJ#;) z4D+m8S6WFJ>khw0J~A&YQL{m)irP^l{2DFPud_}e4a-DULb^`B2(mnkjxFgiX*6Ap z$1|slAxayQV`l|3B_oPfh$oaS-}5%b1qaK#{Ri-`j?E=9elUkz9Rnbm-f+M}gD0EG z%&o@O)L>72B=s={^+IQ+xNbnee4=HhtxzTJ?YB)u#E{926~Z*ad44-SXd(03fXxvg zZ&larAAs2dLCaOR@uxa;8Z z&ppItp$|{p>U*qlfLJv%JT0@gd1b7WKyQQ_iZ;D71cR#DT`$@j1|x>IES|WHYPo6$ z>#hRJ*jK>9jnmF`9^cUtkhSkxVGy7}; zi$FSfZonE!I#9u@M})l5ZukiR)o7lc9@P1(cK(iO_$$QD zU7&Vq>fy8BC&$F3vJ`H*S_h5Cwt$0gR8)!_AhU@h0D`vuirA9gDw`||FBAYk16OsH zP?np^(d%-`s3^Ulz&FH^h#G$>k!S^Z5);Pe`)@7QZIs!VR z1)#nfDgg)|X*P2yRQg0%&s-3YqQd8sR1W8rbCzFjRI5$1>?G~HmG{w<8=AogO1@~y zoLpL@OYW>$938RR@}%OnjIVwLOEGXY0*OZRv1`p?JmX6 zB%X?>04Xf0j#}bK-HfMM`8sRlc(-J(#p0Q0Zn+@gtsFW%_|WLCRZFv<4Lm^7$h);`TGF#P86}MI{r+?JPu4SQ;vg zi#hlm!c|V3|Cz^L4&uN@BxRjz#&TZ$R~b(X5JU1tOl;9)2*3lg?0bFj6?&M9(IhbF z>>G1C*Iswf7)gV6xjK7Zlcvhb@}Nw}itzl=3dgSHiFx*EY3>4X0>h$N?W*w|wVGt; zq#HdV8#B;A3!ho#9buT(2^B~$K0f=*t=+H5%Xbl;uTd>Vku3@lj7Qi&iTG{&gizXw zJ^FLO0dl6$&01@tqoKT((@Nw$MMzGj?FNN2q^R@%Oe$zpA4%gET&I8Jr5(!QvvlPo zb_zHCQ}U3r8yv@1)zM+zMjo)IYLs*4Qgff-jDcEfDo&s7Pu~=+Vy~K~Sgt0QOa~SR z;CwPODmn@@46#3?ns&*)=H?H|-D=6*^3k=JE1QvYV_L{rjje!4GDftg@&V^HQ zjV?)dZLUIJ7m)Q*|CDv3qkAx+|6U{g|M3ET{cm1Cq*pKC|GreQs$Z|{z<<1eo6^U? z|G^75jHlD7kSaR_?5JhK)#FUS13$}ppaspJ=34v%D26`j|I$^{tP^-){&4#xW;d@|)+jNE!TSTDht$BJ^@+l}UX$D0`Zg zs|S+nndvw~9*%=f>?x(7XVr6VwNS;g2oc;|?ZbDXCHV}ab6_2LUs{`M4FB??>@##m z1K*IKK$X~mRwr)CVoOHrhzMOL8EAT-D2jQw_hTf(GuAqHA-z4z5g!0hO4T$AV+zJ$ zmdK^Bi(#P9$yZ4zNw+Cwy7E4vpTPzoDo^;McP20mAuseu_L!JBO9 zDm$*=mz$LC)Gs{H%GNS?44DF^LUmydKl;u%E6b%Q0D8p=@Od4XB;x2I`6*^?d%cUh zB!7HyZ0CmC7l_w>!>`A>SB<6<92R@Jg}lAd2;p)aSqH%@TmOK$HtG}vENUw&JqZ}S zN!2XR=;`T&LMOS3Oq^U2;qgNX_LymiD0zS|P$q?%&IobaMf6=Omr<8)9NLL|e58L! zbIIXU=Ri?H)n-gkl7+>8j`vm-Eq?hSRR*vP=efzemoY1hmwo6=S0 zLEhZALH%vzHb54ipM0H@q`_*QY9bUb)+;Z*x6?h*6%p&%2|_&bpFODhvW@#CdLva^ z7H)V;^~ViTq3QAm+0giQdh@>NM)`~P@xJ6;E{*=oUszbv4|oH?D)fjnup%9}Qya%n z(n%HHRr$_OQaWd%xMFf?qTz{ppKlt4u1C3!ZnkGXrZJOi*qD;lVsI}HThxw5(>f7b zE!jJoJ%uKV%GqF4)cK0RObRy3uTH=PT9n8+^-X<$ z!yOwFkHS^q9p`x}FM}MKF3>s}=8$V63{gJC3)pn@?<_4S>uZdTi7*&8jxU*(GV_kS zH;WNNkqZ--i(K&ozwc2E+axy(kue0%Wr}o(C{fq8Q8^k+Syt3r=lTnCDw?|nW$@Ik zXH-9e$om~n7tQK%i764jPbCy`+oy80TiDLPt;;RwDe%P5JSWQcDM(oZmS#o*FX50L zO>h>kLJ#i7j3l^gZZXV_k>i)9NK%o?r;53d`!1++z&2Z!TZ&cH^R0Z;exgvz)w4sE zP!~ppa7~n@DQlsKc$G5q1)+~sa({~CcR3#D1OLN zEk-wZed`h;9!}TOFPfX&o_~6j4xuk8kp(T3iI$v(UT`K6?4iBkGx&vr|iDR zql=PgsUUU4vf;HWA6c$Mc-qJp5epv-*-2S!iV^w%J(f7ElouX*DtjOu#oM5?xYBpW z26d2BG>B|`4(M8NBVKE*Z$EcUfw2jtq$umb#&dx5jO>%enFIC!TeE>~~NRa}Rgy9x&;qL0JM^e?z!Oof{3wC?PV1D9PwuII}Q z_~$8TZG@#EZEU<%dIZck#L9E9RO1U}-t`ou=c=s9++ox&nb`MiWX>F-NI$!m=#Oa} zhi4KO5c?HzAN7Z|Yk#Eorttk#WZhYQ&IPapB3~P3;r>j7 zTsd>eCwO>lW<$$C+mdXHg807pqdq6cRY6I?ssU?#-7swI%#_l0K=+37%|lVsN(kI( z_|&#twN0D*i+FN61ASz1ql@J7-;lqB*5R1RN%=uA0H)EpdYRokYEdFxtF@+XwOG#% zQJzWsjj#E0$C_hX&+@0vk@g2%;{L6x2buKY(wO`KaQ8=ZE&L9`6w}k{Woe6Fmtn;K zTM-LhF&t)4TzsxgXFE{{R(;x6L9CMYoD32{{_ukyUI<__Gsyf#@FgPBdAZ&+H)<4i)jf zUrFF_-W^q*_5>s=*mX?BQN+1i(UQ{Q8nB9eRrVzxEuLSa#r5i_^NS5Y6^X>>G*nH~ zYhh3i2*Q?G3^pfqFP(E+Gs<3Jxgt;!^D;QWCFITSQ=fR9x&@~eMh?POX$O8*#fg?= zhgqY#BIT3CB@UJ<;sUnW-cD5+;@LGwjtFtNq}1O6sE*YqdfMFHoGtD7Svi}2f}CVh zsLuRWX4PAfsqo4K1IrJV#b#bxMiw(akWl9UtOrG?`eh0+{ACws^rGv{xT5WOMQ!{- z{Dk=$bwTYA3t$!pmEzPGO8~K0U3~=Oo=+m%xCVF5nb68NceWtM{WZeVty?WzA9Gqw$#3>xcYgQ&bQKMJjd?|kWt0ffU4-tdJvC=YU0-r zr=@&%6+~MjV-@vQr*>wSOW|Q4YTu5B==sNZ^OaO`n|SIHf*acB#dykD4D!>Ju00~@ zQLYp#^FPw#XGqI7X@RI~UD=9p-Fn(;#9p!6DsO4h%T*IdhlK$_=r&G1s~6mJgPnAL z>X>sDfm(>Pr&VYl_KVTl@S>{MGQE5$8A9QnsOu-_8?D+jN3SwTl=Mpt_x;BO)jz_I zD76xa;{hjE020fx8V4`Pd_7;LzZephxJ?)?-dz7 z+IzTyEVp0Ot|(>RcyO92E*XGIw^bf&GwL~JOeVe!ibtsTqeE${9qX68YP~UIcqHji zR2#4;y5BB-`54h7Or0-LZe1*U2e7h{g?lo~kh}pi=Yxo>$aLh~Q3^pAvt!IRw28Of ze?VfnlA|>#D{sU-nmD=l7$5#{uyE;oC@RUNBnGK=n5tN?eN@BU(MAO9AS)E9mNiv% zW_0SyIU(TC=8qgH6D(qGLR)78e4hxXt|O=bR}FZ)EJ1N6d*oLYxVgpYOTXE^he4wY7rPpx}-X3MR+@7eu3Gh4y2Ea7~JgMxCi-30rQ`Z(hi>KS9|M^T#w zcDcs1yeKwZJ%48L)}xZ}mz#~NugZPRLF(AN82L6n(P0zv55^;*{wJ-QxUxyb$^}V! z6ckfeIv*IzY+l2#^Qqg+SfiH9dap^@lXoty!NsMK$#*Vpy6I@oXBEeFuBB7vblE`> zMoiZ~$*5?0_m=%dZ(dvdmJVO>zp2R@Uv`3}ebA(@YN=bDy6ZoVulZruzD$29q;Bv4 zx4V_k5Po#r=!?U%p)Av3BNWr1N7dFz$4uVAl4Q5*`Vr8XR}#ic6=H6x7T#5Y?<+~? z09ljCHsuiGRmy99DioFxpE?n2=QmV`>``lK6yN_ue$>btH6B!KL3DLf-p-W{4#cTyIUCDq=-&(uzp0p#^Pj#S zQSJs%gg)XT7&(}89NONmJkiD%xt{o!iOYfcWgAFSd6iojRsF zG>;`(gFX#hj?3_E&8x7LhLAa3)-wl+^dFLx=I#%qE1w)lbUhzq1Pi`sJb3>H%91~~ z|1I&Q2}8ui*-4yF>-r+6daFHV>OQs5CU(7i^ozBcjDe$BNv z(tu$vzO!Q2^AGR?(@UnR4W|(V-Jc2Xr#WkC11rxTWTWIZYK)Z}d}TZg*mC+OPCMUu zp-?*weQ%WY`2jOG=CwSdcmwMzY*x4gRr~`uxC?YEcEx&C2PDRIxyAg{Z*p4G`LaXu zUa)KBgmpDBTiD@&NsoVH30eqE#$rMqdw)r}Uv3m?UZ%b5EPx*{4N3sWADIdPWR^I# zk<8(4$8D@Mf%OG=fa?{n_R5bGp^j&d&L{CP_&yB_vu_(A;@T-@#WtCU5moGQ31)}F z130pTeT)bQmk4F=FprmrPP#Y>o5zx6X#4R6X>sk7h_+Y1yTXMtOqrRp*c9q@j$(;L ziDwLj`bg=O+G!(P8oky{q`e?qm*=SuZl`BDW8?9yHwSK+i$lnG>`c0}RA?i7Q17EWi$DCDVym~#pnQ(q)5LP z0Keq`iuK;PN3Nml4puk&2(g1g=^bj^S!A;}86d>sx0vr>)^f(}gqN?&hZQ!ai( z$dyCBi=@Fjj_RCqc#)aHO-6@*{sZY#GHwwGLa8z>T}8fv(M z6YU3S%xemc=j@6&dW(l|t}V-VJKo2al1G`GUtah^K}|<@Vr1J%!(ZLb zR{sGwgk@Xb{WMzJB%6{rul<#^xhg|9kycT)dj*=vL24Ys$>FCM>Gw4+FBl zjTe^qd|ajyCapMucm6O|tQ&IBep8wL8nwQq9~ar+uEbBBjXxz{a`2c^ke{Cx8wt(K z>MeW(q0mqLo*^e4S8FS2T95JVwAnUFr%~E2^5JJF)M1F02x_Z8{858Kzlp8(8YN~$ z+fm@fy6P$qFOGYXQTjIAM{RM1`q*?aS_??I`&P(5fA*Pd%uNIDc3^0^AfMm9s#IcfjUJ|5Ag7R&f7CR_EiSC0WiKy zj(=eK1rr0GIYR&hUjyN$aQ2Be(PWja%ZJI&h9n^s#OZswDF*)lfx7BDuQSoQe2Cv; z;_wkJ;^G37%5hl%+0MS?Fz3_dy7>^{L&t?Pa?2rix^gZ=x3@4_%(~hU9}~UQ-TL~e z9Z|%qTa<8vq28RKDJL6X6^{rgA-a2b0hzS$mr}nMPvVF%Wxz33KuPkbTG$RBrn&6{ zHBWv~xj*1yUX*I+#<=F#XoRME@7$eHj+!AB^0|c~Ruy)Z-(AXCX9!tHT2wk%HLZP~ zfe+St(XtZxo#njs0(ME3LDG&;tfY zM^#qho%v+ykT^_|1+n{6(*0$@5^k-#1y4A>hLkg&o{WjAN16t$yKZl;E6D{%9u_L& zsq#k|$e+HOMV=^^>@H+}CW{N?s6^}IWC%wJ+Yg}Jloi7;tbAHciFZMZB`7QEYng_j z)H9f)c|~Kol*Eb}DqA`@_FTxI21FoaZ!{QWVgJ1KTu~PC4cL@P?%ohIFq$b^a2e8Z z0CVW!Id*{61#g(K@&=fBp-C2~ZyaycODRg?4_=2I05tUkU+w?E7S1JXU9GOOm@qDE zfaJq&l^XS1tQ?pipdQs;%)^O)w@tuj);Bm?{;i?|VlL5da9k zPRIBMGAWc)>4b>g=L@{7TD;14j{boQfr)m)bt>*jV8y^J%FW*z=DYQWB2CQ`?BgBv z&($C=-+lP_t>z{j?Jq;O*#pf?6c-u5A+Bs?jNcj29d}MBaLlKdo zDQ1!hI&`-75q96QJ2VKgE__<5@E8AmOn&aJRw2o=Ew=F4hBWB_Baevs^y&`LmOen8 z7x`y0Qc)1h&vL9pKAoDW4oy`R+6DWf91#@e5QfYr71UJ2KQyF%+w3q`RvdEBKF(w$ zQ%>L84EsE;;cw{m{qJsk;+1QeZO;eijNkCl!1VPv&*m-}skv`Tvv>5ZcUrA~$Y(8k zypBl-Ht6Rwx*r)u1o&XwJ{V^)P{gM+@vQ3K3!?C!P78Ud@O-PfB6j>s9oTzT##1nD zR_0D2(v&8m6pyB`2R&lhQO(DFtrcNl@(u#ukUZ?5>X3_}4 z9VpnN#$(N(ERo9QY&Unq0P_woV6K4m8Q*7K#+tQSgCb&xfKuu)TB(Si5pNw}$?D4O z5fCEkp6kkj-iSSk9FomN89)Zv5tUBwb;>IgAB1`c3{lSPRwnZB&Ryb!miuk)B1u;A z)Z3G!4_0M)NlswpF*l_XsJlkwL?MmRCCIRnSdf;Tw|NY-2v< zKP3~N-f<`$?a6M6=T)9`Xl_>A1)%Q;ahzSpes>H(=Z?tS`(z;2r9;1Ld|v2Hn>t?m zrntS53BU)fQnJ7TSQL^1>ass3)#>E>;jT0^G=~@2$S}MgRZYkzbP!6HUER(3JVS}G zC}pE@spipIgW>9N2Woj_3vos*YW|8X;G9@_CAj>Xj9o{WkeS!4mDvqkh4hpZ7xsL>&CG2iL z0s*Hd*P9Zbnr z!$6?Y!GGdzYgoXeoUca@)7yGF1#<|HTBAWP_~C9DPWcq-e8%ZpMtq;wL2JHEMo_Pl zFHnjB6_vwZXM+V%(7H2&MrbC#G)l$i?nrN}*dgcdf!oe?opaYU%277nd^pdAxQ<}M zt}p}b6wN$^_Z3K5CMG^ua_w|SiuNZdzgC4==$O?P{eEG;_EQk3bNbvWkJ=~YK6G8b zo>u16>n&(=D7wCW95jFO{COC#>hJy`IO&pJf9jL>qqIPmSZ$VTli$wa{->{^!hZV* zujOE1^-&wKSjwds?314otj9GZqx*_<_dcs};X=LVuKub8a~VhxU&HSod1oFQ_oj8u z(JAh=Q)O2eKTP=urpPuMkeKfBARY0N%&3QB3wI-(>X+##l%#HcH5YFuYD(`?qK}iA&k1TwfRM%kkqx`A`v?2|!NN+}fviKA_F~tK@P~m;~ zQH!rt(C^mk^2+aRCZ(m!g=VsM8RE_B8SSi_tDNRa=*-aUa%HtRG(@vaq1`{z3^FS& z9n%{!p2*|fajD4Y`36&p1p(FHLF5bFxbs%ak*Lf8q-OtLhU~G$-f{V|m_^TckmDW; z)roY+Iq*@+ZB4xRv|Kht$_7Lr8{5+%w~cbRLd zUGrDI=v6w(kK)LzdEsfV!x_-SNW~pv?u4pVs^)z~?A*@B@2gfN zJ2am0kYP<;%oaI_{YrcHw~nsP*-PR%3ruj4xVOMHm+%?u7VyYXx4sr17_+!KLcU+F zzY*Ve42pzvRJHU;{fc051Qs89VR~$$GZ&!p;=34jZ-j9joItQa4xqZ)>wU^_aI&3e zt*|=NGi#r{Ty*(en$fImlNbJKSRyl~V+-Ra#p6?yR1qpKqc#*^Cv%Qc_)(i2bl?Qc z+-eot4KFJx#hN-VOY+wye`K|6w|2y_HR2U!I;fSq%4^ea*6SKO_{7|)nvO7_L4lrJ zuC|B5OBh3&tfXEHAf*s;5?h6t=a)s~px!PYPBM@3P5|A0;~M0;BBqq-+}{2sj>X@z zFjZ6^5S2er8J~0r>GyYBt25cx?q7Tk^kJc|u(HHULLW_>(xtV5Uugk#vP;?t#iIJW zNoYxjXzX=r6lN@$)sJKxks-tNT;bdNrQbiMpKX4|1-C}w%5)^}pi3wumpz3dRVKS` zg|c==O`Q64jBgy-q8bgEBo~Td|6kO-RaYEP*QHy9ySoK=|U@(#Dk>np~u=lO$>ZgE_uJInB z2^uAZo&UCh{ZCpC`itwuIpS5Y!YO{}4Vctz}ZkF5H22mV$6Q-sCy-y$qp z>sF!P%)1w=Yf9wjq%vhcEIbO&{QI(hBmLg4Jv;d5EY{rn>YE&^anBo_zZn$|pY0p0 zHt)!vUuZ1`FKYawBNV%*ZV9pLJj*LfLIpOe9eb$>22VsJD8NE(&cl`ft1PXNejR8 z3Zz~wij$u+5)}8RJap*^m=Lc+FXFr1mLTx?vP;w*xuF;@K4St9iLGTP@6CO;m}bWGFcx!;p>l4ifAB9tXE z#WG=|m=9n|vUiDTmyKJN6Q@VWSAd7c1}4x{E{F*uKE?;WhtJ@>qnV{TFA-g^%v2%o zyTf7~r#Nn4DzC6VCX*!m;S-l-q61RA63@i3O|9Svg^denQsVU~)~=1VCvK?=ca4GY zkeGAnf!-p^1D1suOdLps$4KWZd%Mlm2`Xd0)zW0MCC?6qiusgT$| z&;3Z-%%p7&DxefG*iI=#A0@WOL9*Pyy80#4>=vSJkTEEZoHch!BtwkiVvCbF(B2ea z?%}?)&+LBeZ`UmXFaX_TJ~mZ|RLSF6M)vn{^Isxm!9jKNG*=jwjsV`s9w z_-i+}gtz?$zhqkYO|kBrZMIdGi&mRPM~6O1rsB4KR^3Gf!x9?8FvXao*5`45zkRh@ z^(nLq+h_KnmTtQf(RS5F8MIz6Hy=_yK_QXf3``wU?wsSAw(HFrxwsJHi-W7nu?Mkz zoKsjTBU}U2=`^hNenPSyOdd7Pv1)t`XSp)ZV|7U<2rMtLo5c%skl1Bas#IAfjUA(p z%wh#d$NX0M=++XRv0>!>7>*mNBXYjf+cIdV_AHpazdrK3 zG?nVT3pA8Yzrw={dl_Knb50Fp%>-#Y6MA~TV>BYSL_kLZDcBt6(WSCBR9i9L)dF~a z_WZ*59wV>^fsXsAwRjinQY!1-&Oc+3Y&+kC@xHN(6gK2FvV?7EBhJE19t`1o2aIn) zNE}W0m?TC$hF0b_m;JEH{`s^~pum zdUdSr-bb_s9c&290m}Fez2C&pp_g-ZRC$HQvn~y{Iy#onYfg{L+7qh*)vzz&nTN_6vnvSEXClSFZj!tVW zl4gs^+tqw*Q}_1AvJa`J#hT2xx*OGGWTg{%TpE(F@tY#IrP%NntRDA6uh6(x33Z>Q zLphUznNdNrcUi!Dly^#Nv<&0y$@~ zL~uhp)jG)y{5Ewmvejjdnmk#NuHjEjQkYf78C#@wO4F`5BkoG*zBnBm6l%eWnzS0BV*ejUbY!M+kMkm__6_Bx;&7vIxW?-lo+S$dJjr^U4v~QzP^+rW%(bnIf5Ue>vYn9t?tuh~^c(dc`h`2KD1Q=2^Iijm&E{S zp?ve-#)dpW!1>DGWj+&D=5i3W(D$zJK*rpXztp*~fMEn;H;mU>3<<3nt|eu_=;fAo z)n-@XWG2z_nt5>Z21f<$Dy1}hK*}!egD@01k_J7a5(Ond&~<+_aMR*=a1~+=+Y9nB z=M3pa#IJE#uHeClM^qj;(+@IM|FACO%3kj@v4t{(Sri@yc~R}U&cumHa#lO>=%o5V z2~Y;KXCpDUi6+8uX+5#U)6uBlfpJsw=;jC|2;bk)oY%v2tZ z9558RjiVm`%$kGfAU;1zmMKZM2fOzaNS`{r#CJ&ixN!arQM_kOj34os7HgnL_LCml$p2s^o&x86V2diR{N0R?c**U;8K(+0b+Xhi0 z)dHM!xQY)brba09wMXl?mWDRgQU%pOQph8DN)_uz2b4NeIAxZjYT5PE2ndM|E5?2n zga+PGWf5({6dzAT%krh=9mMdEO=u@A$ZR3=p}f}q-V!@If2c@LUxx1Th;tbqA0Ust zs@$Qx**tE6CNn0%(3!$b3<(w+0WnDpW8`d9oV^LoAr=rMR^Z^;F#iG#+%LJ7i-w_H zYc3ItgtVyU2YCB^X_0`)97-4dAwGT3y6;><*BTc1Ini zkcxBqNgDV}A?dLL)%D}7)x5uzVV);fn3S)5i!662f52<@6Ag%KWo27=rC(Suup~LN zY!~*vpovDo^=<{fChf_~>-Dr5xA}-jW?Hrz$&SKQU0<4ZH0zP}0G5MRo?W4mUEtzg zDKexQ3zpaDA><7iOP&kMd$>*cL^V6F5!h}}Z>AV+wO<`p5G)9DAG;Xo1&TJueDP5W zop8~9ccifhS-hFFz~jx0d%P{IUcsQ(YeX%@K9aSqO@-=MQ(&RL5KYW!o&wIAD+J9! ziw>sCv-)EK%|YnWldIILnWwTJIb!`K%Utv1^Rdx;JI8(}FKI|4J!HgrsNo7j*0J9w zL%jMOA9^}iapA`O+*2W zc~;aWLXWgUy*G92H$&VbBNyo6Ltyc^=LWLm0Wo2EbO_^-%lWpsXfy$#?@KzSjFU^% zrzASIghT8AW~|Cm&P-(}fT5!@G&ve{!`!I^yBVe;%=+NgINAufO7k$J3z6K1PFpOh zf$g@nzji|~cF~?V8i`Ci#%)e`9zr03me+Z)?|d&48#G;Sj5&M_-1RCMKFKNpVh?IX zer9NA&XCLIJJqaEEj`7Xd`faqOZ`DF@@VT8Htaw{f?yr2-#H=j_PlCM$_F zEtc859lB(mqNKl(AExPE*LA)$lB0ibIea+s)elHgs6B#*Pl9-eU%pY}3Y`?<%Cow+ zw*M%RTlsd~)xgc8s=z}7*5rc3M|6pGQ0)ls33(I-Qp-ete;udzkB|tJ}bcE3~bxF!-(Y@%^xuKqzuU3pG)kZck4mS zR)p!;OkA?3@b?Ghu${%2p0UhPz5^X6W43}cK)QJjNU|*j%w8vR29nC4_*~>}q1w>% zw;Or;j_Z1%x`ERp6J^Y083Gthlwgf+H8wxWpm-QGEtAfPpO}!wV~3Q6D;d%T*>`M~ zKc8DYmb;9Srb3GkOz6Ff0TRzouUCWr~n$ctN5BY82OYyWk`nW z=Q7v;y1uP?Ya*@}t*fC{zX%th%4-h$6pj;p%b z(LIA)z4*?X*+0~tojkNusUl5pW5>^a06?(~$^YI^@h*54GVAXZPA>kUBvvoN$Y zKPFO6j3<^kSYTAXwyfkcdv7Z8VWU} z-AXZBCERbckc>8Gx6QX(5_B>npOXKuX~ZEJJ>gUsb(51x^|p4!4t);_l{$9s{vTjC zfm7wP^1qW-syh3|hh7IM@7OC$95KNg`^Cp@_SCs~A)U1UbRN=D||H_zwB zs{~J%xmuZ0PN1iTm=y6kHTr}*wj{~`5D-d;bH9YVv~h*o4_VPTLoomp0rK%U5>9Mg za!jc}$n~+S%y`V$MHOKSq=cg{WY(tmPabP6O_xXI*UuiR+@$`B;{M9zsiZjRwo)mm zKp=l6Iwj5l%(G}=xUGY}x2V{81yF?KA?*$;N|}A}Ih!HZf3rz>?DaP3BQ$(ks>(2- z9dz4CO=4l5MN)%XjE~N75M3G;Aia^)N>d*80j2pW(NyqLyeQtf#Cy5^W(sh-c=PZu zG)x8Hq3dBR6X+rdTkTG2cf=0t3rNWk9Jgd~d;6Ux)T8FsA7^(C;_>e-Do`nKN?vPy zvvfJl9WrfB^W|&EZl2rHKrk?$>JwlX@Rpu&T5q>Psj>Y0+3h-jSK;r+Uk=rflu5 zoHl}5XckXa1c!;j1D2OKghLIwnWc$sIc zH^oa|A2$lHrTrTT$_3CnEbqY=gq}W5i zXn58fFUxpnn|4$_G8$Cz5^V5-uKlk(k)iW!T7a4bB)K|g#(8{pM`(;oS;c=H$XDmk=CHM027Z9F7#SrS|&`_c)*W}n~tgR;%uoWQF1At2!j0QU%K^{qM;A83sxys?k1l7v4sy0W$qrB z36yF;+K3N);mudd_rK4L(i~MuEY%jYL{7XbOp!oS-lLX}Tnki|?!!$bIMcbznvTXzk>ce)%UzD3KmoYOS-qG)DgelajnzH{)3CY)_~ha+&zEam?s56PzCezciyZeSnIS$ZUL!+s zW?xcYb`<~~BRxF}a*X23qGJ46iPRk52YgUQ+bPqviAgo+_JE{7W$EYL`u6dOgmb;E z!7iqGtu1oEGu4#wM}&KQvh)(I-ck|u-$fo5m}>XCvY^I<%MH9b6#MN?@DNlSD3HOi zA|M}_;*H!I#@Wx&#j#lOUbJ%49pxGa7fs^7GoT4~8W%Qw%v_6eU+kcssE#k6_(bzXu-)D?5@(AN$P z$45?Y;6qNeJ(eYirSlCeFa1)OrwDqDY$TZj=WY?~cnST}eRcj@nYm7-P%T+A z3?JTAo5LlgdTjYVHNN%f;3c$Ho@<#fE-?U9$wczvhmv5SvI8y#p;HnTHrGTqL8+K- zC?H{KJYJT$Z5)TQTS<^j4A8^f%287J?MfeE2f7?YRk4kN>mb8Ufu=^~D+U1>QE=(D z5P458PCXr4_v%t;#%u02jpdcfhN784!9*`kEQ=cT;s8>=SD)k!JXwH9H9fRyz{e*{ zP=)K>@;?ARS2?bq{6tt}u4YcDl8l5q?Sc$n2-RB^!_eo-HI>O)!Uv&Cay4TQ!^@xi zE+_}uwHRueej`JthL$un)drQ!tT&O%Y~0@9Z3sux;7TO2Q1hYBLb2lvMi-H~egHGRsglxI8P zibRNw?6eq^Wa25y zU~vY&tQc>#>0gY(?Z(y;4&IxKJmI#Mqd#URkymqu##wiXF3=WNk#N|m_Y}Egr&J~s zNB0PKY9C-kS&z7q8wQ|_!Z_2&_@tISD%?wA2BQLEuydED0TXRNmKnR!dCIyEX*CYPl_B-oCbPkFzT@$!k z7^l;78^t_+*D?Yh+XrM+J73o|!~HxHR!DchoOV%!jXO$gY4S0(+4lBXwW6W&6S=VE z-08DR@M_Jad(Ft@K#B#ckDih<^m5~C;2~Ox!ki;dRsr|S-`~rK=^%2eU{X#v-q3P6 z?k;i<*ZTQGOq$12y)pcB^oLxyg6p{qoz*dOVfUh_o2j3m2Z?fitiZ* zeA!XN4^dEhh8fJP1IgOJ%F!$z+&a*k8tv2S$v%5Clbr^{sxn4Hp4HgbaQy^}odvoT ztQpmt5Q@nf-zP&AU9yXQ!m}TeS~;8+y7%(b35)x^#IY#%sd=kYq5hc?qVY5G{3M~! zgXUv{5~J4Bq~%do{X(22ZogOPfsT|^!>#<~Qy=Q4Z1GjgYHx~Nd1)4xsBfe!nZ3DI zbzTLq{St><@N^GKEe8_*mK#AV}CT8A#)(uJ(q~y>KLn#r<`#7naY`v z=5q8i=LmMIH3HIkvEbz^{j%P9*Pd@CmZHYs=v=4;8W{-E&-Y#^U&;pceF>U1D|70| za3V#;^s4^DR@apLLH&rnp;=YXQSXeq=92+6u!E7Qz-vZ@XiZ9}=;kLCULwUy#cEQj zd`pF@D6q388yO;h&ile7yu;ShJ;%q$4Y2RE=GfYQO1mP5-PVx665Yac@Fpnn`xuK$qGBaB5x zZ6UZBVfXh#2i+FTHN*lFNntSuT^%qn3{UkQjWn9Ly>J`&t$Ia@TfVD8+dsgi(dQ59 zf2sF)JtRG!&@?|DIF#-NNG1skmm>Egx!0bHY2F^p)=Hxmhqw z7^PHs#hL~N9W?sW1d^91Lk;Y83o@CaP6}u>+l4t=3F|w-!UMGOJ>?*0-(wU~C+ejq zHx3IEzp|Q!VCIkB*^wj2D5RdQt)zd5>)Ng08`(nneZ3%1J@Y#^wo6Dis3B!Td5yjs zES#bz4SapZ&N5oaQiwk%Z! z){cP&!2x79QA;f48f4_?8eM1@O9nl-Qch>Rf3r@D-n~|f;A4{YSA5I`RT-gt&D(cK zH5wqn;^d`I3{OFo7pw%Fi1-{AT7=O7CPC==@_w5DXXMD5Z%lsXD40gMMcG7^X80l8 z9*1p>yy?1ROW9wx7>^*5vw(Mhi=-lDVPwzl&2gmaf^r&ZbBYBxSj@FC9O|XE`mlZp zbb1PYT!T8kFd7AB%2exUw1d5Ky9mrRCEGZX_2X73BO|xUJ8Ei`TS>ehY7E7j@G$4> z(se)D=V%uJ=E=JfOmD=uj4(RYN);Owr&IQt2^C{y`C=nOk_30?w+fG%-1^}apD+4_ zp!<{b4Fbfxq`YIS4-b*8A;-~?Yb#EDgy1y7kzt@y^bd8r>Z2%8b0BNd=g#uu%x>ZK z-|e*B?acHBxm^LITJH?dtre^D?Nz28=`WEnXQ#z>rl>=2*Ahy(_PG`-I*QU9~WgG#5$OWlYD$S@|^3) zt+(m5MF^BDuaat7OIg5z9us$>k~@tScD0|0_EWpRdo41nqd<7oS?`hfTr;cx;3gLj z!?2O7ltDyze}G8JlUX;U>mTb;@@7U+<0u4}eD~+D6_v zjaKc)OE}j7YHbTw9*nxJ;&l{_CKXy?XO0gBZjo~L)eDc`Ux4tTFL+b_pMNplZ2XTX z#@oRV_WvbFmiUh#`PI?$i<&riCCKS%S`I#~_+|$Gmh8p*`7ZxY+~$exAKR+dH(bdr zeL6YKyU^G9ZI%`WmuUAU(Z9bPPOW)O?k@WGKU`!@Z&{VTAZ$i>dK;_x&^qd%pY5DJ zW3K#?a{YCkRn)y}_t+JN8+n#;|6za!YOt1nlN~x7_Tu z{)g)Qw+BvxT%lJ?n_gGz@I1y^?z*YFuDdNgkG4dQ5|53c!BTnkm9XP|6CUE%Aq5GD zPYlXqxX=`}(I4FbHsQylE4wve>x?@o25e>p+YnZ!65~SA2 zR;|Rns)}>5%dhs1k{Vpv>HXk%A+e6$!0fPR&p^b_{QbOB#rS0xBW;ADtd3mRhd!Oq zr-t6HG%w)Z~Y)7Yfl(L zX*pNxBGKex>O33j#pKiK?51%bdYe?TpQ}STiIOPE2l8#|tRTbzwygbCN=f0H2-^ST zRV{!ka{9?If?aU+qt|&Ww}Fe@lQ2_=)?0+S#t^wXBTn$c?mz1($%x52Uo(gH7w!f-73P1!9-JKT8d5 z2A~*ztvFW6s86=`8?!1cunz{Xl^e`X<@GUj-^c{HU$`MOI&_spE#L2yCCa0Ba7a0g zP#v+7=NpZj&Hrn?aR{>l*K4iur=5IG)##3OUU8zG%R2`utLJ8IdYV$K14WnYBnIvc zImywcQHmb_x`J?dfyd}ypR&Zf+&mleO)f7v`fnjvBu;j_nzR=I2QEy)?&}y}iA6FE zf5C)G`5(j8asL2Lr0pr1mDQ{gqOsHwRr0jQG+}wh-J{ESdS)($0t7hWXVYj^W zl7jv4z3)ErkKWUArp_Z?B}M=}CC)1K60_(bri?rce$M>rvLib~3Flc-|9we2V#w)0wPkBK%1&<%`6|R+u7O>Nb zqZ%MyLvA4ZErSQCqxhOBG1$_rf&6$Ged`2!fL;Hn|W>coL zG>w>}pis!mNF|$-g8+kiwjkd1iZgfE_I!U+2#XbyDqX8sqz9oybCL#dt+hE5Z70iS z*(Nqns0SbyXdqT6GN^A2wunu5sCTtst_wv~*jPs;h;Hf95qSzqA&NvoKUg4%fdrlb zp3lMkL6e1GJc>A3r*P{P!yegR`b3}REbcpOm^r?SpZY4c2Ku&35&3Ic!%Xe%gj_^bJ25b-2p&xZFit4RqEty^L zLNR~ER8kE^&w&eeXyyRJ5pB6x+EL^uUY9h~26rNSFrHiF4%Vtxu1R`uFFIZmOI2sA za4hb4#HyU?W3*F!&dN_W6?3fSq}G`kQ_aG48kU9E1vED-pCnwaI zN~*IqN#vUz{J9yCxO_>ZzZTi!FoY)vmU@pqU3sZkFhM$PzXVVxLBar}sql*<+g8NT zw2YE(95r}TrNqtbOUq}JQ#66pa@}f$%EwYM=Z6cZXwWg4g6V0=V~y^UCfY2)b0vzTYDS6zlctYS|ZP#UIqm#UpL@RC$sd_3* zNmK5%1piuNhhb{i)x67Recu%3_x_U>di-_cEd}{0AN;sGMQjsultEWHo2*C7XauDA zP{K{U7jx7>xuovlmLJO4BNc2<>^r#AF=*YCj>w;Q)&HRB!L!We5{eu1+<&>{O^1=y zIXy-HrGOzRQlgUgYX0KqvQlKAyw`AOwmx+c&uCDm*E7*VjOy3!Yf}o-9H|h#L;E!M zZSBGIORy49JN1l$u0$Knou#zHo;@WD%UKQGC(C-V0e$9{F11Tfl{}G zc>c^);eY--+>A`;hPaR$G+D9#yevc3BBF)ddrGuxdb*EH;iTO1>ZTmDWoy1w% zcI^y0wOl}b5LldGE1G&roM1a|LjzuGH4qB&bViuNga;3>-^Y=0St_2{G^QjL=F}5m zze_<8Mi2*hFOw{@xa}wQS$kCB6cdKt$m0CuJ4`ADjI-7jr(=?c#=)ks+%O(T2f-8H z=t)Yxg_tCwIk^Ae&2hK_pwl&PSt)kplMJpLjo<-`k*-Gv%RXq{M~jwn=Ep@i_1r41 z^X#KmICdXEpmgB*+0ua|bP~ln4zTiL?oUgRMAzRRVob8lL`Y1lYtytQ#kh&} zKwwerG=^xP>Cmh4#Ut&=I-S(3uxX*NMD32`1H(G8^lFa8U)>*MRFd3o?vC9yo%~O1 zELUfr?X9dIE>(X-=Todm@I^_gkTWjm^fUIh;0^oJ#SGk1O~-l2nijpk?%v#0ftP2b zZXm?s&rB_aSJ(@+sgn?*OAHUn5HIO-Lae;b$~EMM`Hpm1Ui4 zxK!ipg+mKqn2~)446bf)q(J`|g^G}Brob_*7FjvfAFNhgMv zaU$w*PEopMr+2OGtWphXEVY-Msng*364l1b{?FURn;eK1e=EKh2yz^3&(A)LpVn3Q z_jw`*B3b@L;W8^Gbs=6zK5f{BB&X$$nSZ5H`vIG5*B56=bcIfwKa$W>Vc>C!-IhQS z-vC{64g3YQzEVi$3fFm2D+&9GdJ+MY%ANwb#f#t>w~~v0cP7%^6W(#}(K=(Pb1+|M z2`%&8TJ_nf%r)dL7-BC~L((HIRmnPviULo(IFx+~&>cMClg&-##gx}$++usQPLfm<>36>c0hg!96WCksv?ICSJTrl zOP!B}#5!MV&o8FV+7972+f8fC=G8)_yjrY@BXjfmI7jlP=#KLPha2NB&bwC!w_%sH z20z=Y-kdkeR7IGPpR?H4n~&jrb&e{?vQVBV{UP}3xl&M-AMlsqT%X6=*@sLrpxzO6 zw8f`(^mM0`=ojQDF@SWZ%T3=SIOyWn?<*)O7&XD8V$w)KITNoCWsJ|Vi(=^~EHpUs zuAHt)IJ>LQTRFO~oProzM0z_2EETOT4cVvvE4avqT6t!p{F+h7IU~!ea)n6TqJptD z6N)aORak5n7>A}tc`@J2OWpC2>0EI+fo)mVJqZ8qWa2u=L6OVEDPU))Qz(}46R zdFTIYcV2f`_rJRHJE#8u;{Pw*dG-X@BA?Uj%d~pz{rbqo0R2hoAE5ii&1W0o^6`7i zLsmA?kA2DAo`4D-cOOdkhas7BdDlVH*13(ZdcdnTT4)BRq`-$R5y=a(le@D}>(5=i zy%Dxf)oN;d=;)SnPXpPWr~=9dE(uO&k+h!qu|AGgajy*1&tceNqv8OwdvAa>vL4*) ze>1C9_)trcp+CL-2k0UFqHO3zFp_Q;ylx^Cj}b^f=$LvHn*mPfw_e#_0ug}imyBeJ z*tzwq?L0V=zww*kQ)$!qx%SPv`4V79(n|?B1xJ~eNJ3TbZr?I$b8bn|M%&RneL383 z-B~sC0|r_z9(Q|Xb`@(NLph0As3{_t0(-bB>Go3c`d=Q5_++De5*2xR_B>{=(iJ@n z$43Cff+%S^YOMGNIG7wZsdkaH&9cQHK*@!Q0URZBUJkVk#FV5=aOk zW9Fh}E5`sjVVUH}=Rvfi2q&Vj*DAPg>asJV^x9oEE>QBlX?@dD==sU^@5yhn(1#Fgmowqk zcgPbxQTnQ2ywi^Iy}7amM@{N{@vV7)wDmc3JTugU&wgR#Qaf2Qo2Ri%J99g`juSc& z?bI9~N&Bsu2X;~KcNXDH#;EWq?%^$j_o=q&g(rBcZ^>3cUBp2ci(*cz7uYFc^r<8r z3dJ+pUYpSS`CdBLWz(Dw$@{2D;f0qsVDA~YjMslaP4~C7ea*YVtnH)YkzAY*-QyqE z+a*|Rswi$BF1-R%B{+G(v~1HL%BJ)44c*6^#%zxZBWcg&5nGo~-mthU=AmrN_nB0* z4WHw)7#lQO|08V!=dt>|euCFL&C_GGF)eNw|BC$tQH$>>KYAtjfy7jhwm3d~r6Das zCV$$1=xKBX-CVgj^(>XBux(@G)@%V8_0Ge$wf1ggY4UrrhwYiep~fyUtu96y7@xUdvBS}rf~ z9Yzf<4gto=5rdiwaSn;=#;+r&^9>y`+hx>Tnh#8d0|jGiIy2R-vE2o6a`CRdSXn(t z<~ZM5$l2E)v7sW@><|h?_X3Z}YbOVL{ct-vxus^iO!^yl?sEDL|Jjw=xS_Go;&KCKzpR`_C_DA zx=q*uh|FFbX&xk7aXo?2V?2I{}A<4NDF0P#s{a<1}{{FLJNERo(K+N{g>)JrG4 zNf6YZOTZs^uBVnfevBGQDpWm`&*oNFJA=MzjHz|N6In$=9G0zjOp_)W!%5xSM^QRo z<_5-M11OE8lZQtGtySi#lVXMYX!)SWBy=nI;(n!d;^qJ9IbNF#Aw^~{p z=K;F~F;gNEp`>Sq{uyTDy7ev#Y1;%&$)$^}t5p*#!v@x$DyaTgfgi4Co%a_Dr?wXt z2ie}9*?biaRh;(~yd1sQ%HGQ}VfZCOQ*M1X%BCL|3;OWzZh*8#TnL5sq*b;`?fpnk z*Hg+-_oo7*Cp9L?*GXc1-LL*|Le|#)kgv`9B&OxAP=~Y{)o}&}dbF1fMNgX9AmYo( zv|5X)Q&dksyr!6= z@9qnKS3f?>)s(usy&!6)*oetgKW1E~Wh0X|n%UlGT5)vM`#S!%$3V6jwJA_s5x`z2BwzFv6mB9bD~LcwlJ2} z#cFut;98RhOO*fMw<*SD&amx}CR-{uFX77}c9gddz**E_yBMme*SfIje7g|blX9Xs z+hP3HTQse^qJ*l`iq?3}m@5!!f=StHLR#L zmgA)>A!M~}3i@%P+QRAdyy(Q4#kpAY)p(N0uA>+m!d;qvIMvvEqBRC({Vz`%!W{rW zm1O$|$P9K+&j1~7p9nj)mqM(s<1=cXTv7BizsqyOX<2fbzfP^>UBOYQDdgAg$HCpx?YzQ=?B@Nzn2UIMS7>T2Gwo^KzO(-B(H!;C@7OzI(cE5*7TUs zqioLB0vdBAN@P!!RIinP(B@BnzGTC_k+^Xj2I6ms1>{Ewfous#lmklv zyk=>~H+b1Md-q449u^pU%o<3*R#t(_>Zup1J-@V4ki(QxyeBk{-~=UIIhV`x49hiZ zDZTI`3DwZ168-+IL;GE7e(TI2IVRrj2sWX`U!gaWHhk}D#S-Q|_UUB5UdEsu6)+wF zvngq!hq+4k+`}UFHLm0O>1pS%Hhn_Z!QQ`10b;rB+kJks=ba((GRi$_mB@}tb0TQ5 zlQSNoSCNhV!4Q(dY&6TDhq-J2uocU3o$L^II41`I^6x<rOFw-t|U2^E!M=? z#mHn-k*XfEJM0>sAJlj>{C_1mvN@Vc@D++!eo^_dj_M*h zm_nS@*U(Th(_D5cM@h}0U-M7}v4QR1oKyW07NUN_2sJwVUYYRk0N+@@AhZbljeYuX zUh|%dES~~`h=hbwer>OcH)dt|t>5bsKjph``!0Adc4)=1TpoYHG1O(&bC?qI^Bm__ zc!6G`OhE5fy=DEdp16Cqj7yl_=ug?xouECLR`QiV3Qa;;^Odh=IE^~qYP7HJn{3AV zZ9$ysgRpzhu3N7*p7V~Aq}w8e009*#{nW*rO}=1cf_I?zhA5}iY08xZ0&dho=5tKst1h`vr!;+lW?%b30`I;_3+jqt2PjL5jL^w@wNQTkr3@2I?5;{n*aGM zSMJBB=vNWnC5LH9+~V&p5<~CW8f$ng+Uuu_I0Y42eaS)M6Dkv8rjuCl@j;c$Ccer5 zlI7jjA!-nELOmyyh--H$o*!)9yccR=o|%Z4phw4LcJ7dff^&M*(4!O4h*1FMPNEpq zchQYrzDP%FVjj+TwH5@cv&l%4E#HWowFkr_unB${Vi+gXZiwg!G8081TB@y4MinEw z<8Upi(Wsq23zfP65Sy_?L-(KofB(>73qW_nklS9I^DL?T(bFtVF@Ca^R&(cF>VY-s zS3ji52%?P6uUDO6S2IC13v0Mjo2wm&wqzaQC}^)X**CBqZ^}(tfGEW%P2E!Qdz&u) zxxs{i82;s`OEen;21f4HW$*ZTg?Y{CmIK*L=c0VrAhJHhJP+qdrxN39kAC|H&1(

3Z#NjoX0N0m%IL~dfR^P3(4>SMihEUzDp?D zik$nAeHnN~WF6quan>DossZ{IH|v@1v=XW7C7?HW4!RRnmHhk@WknwSuTdlBnNHwW zND1v=W?s0q_cf~fXy}SSufF^9nGw$)lPd;GL*G2x0l9CdEHVO-92Au zj{X6da$EAJ)W-+6f?q&F~nV-3S-zvjXLyknA<{rS^)I z1D5`Hbs?QQf!y5rGX~8~`Aem)k$noL3`$vDJ{X3*lwa${t03J8f!H$R3?C(a+_2oq z-t3!Pb&2Aom!!Es0TH(+wh8@ZXlEWWl?zUN>v6QLN0lb_Z!U?~5 zKZnwu6zLa%GI}`@xzmf^mR!_F!M1%WIrll^!ouYfZwYO@u~2v?YFKIogJpsulzNN- z+J!eetY30yPHC0(x&rXfL!T{v#7fO7gm!!+7;BoJJhe*f_Stm~m^ttT3A;@As-W4H zIeC@K{!b z5;yn$=gS*X=+F9*@F|CALgG$3ri7B#z|ZrX2_dY?=hR=odv%}jUx$9w`D4{x@a3{s zE?4gxo5R5`Zk}&rpn#w5{cR4deN#NlSpN@uZy6QWwyld6?(VL^65K5mP`JAj+}$Mv zcL`3R!Ciy9y9IZGy99z0$gQ>ZUi<9V&b{aDcF#NK-XE|2Rhwgev-dIj&^~(qRGB<} z?lT3z@e%SwW`G4{$#S{pmY>m^28Qa%!pl+8*-%jRvAnzlAM&mfMM+b0Kg-3oyvrc< zq9N|(LMf8M&B%v^BAOh+PHs7a-;jdZLq1r#R>wYBcpJbX!yLeynWl~2i2O-8N*)#W z4Aw_qcucO8)X>03dm(B3Hvps_p(s%w9{ZREg>Fh4Hf0@B2pnQa%TNr1a9IIK(S?>0 zf=zw{_UJUr_7?fH> zB2lB0SBzyI`z>-!mf^$p`7x@5<1vq@jJOZ0OqivSbC8f`q#l6?1gj+yBm3U~+K;8H z4$IHvBe=FL+{@>A z{>k&?_R{;ynwLMvo@>(AtB=VU(>vAA-K)~w^$loy6<#@U$&yZNYUdl{EXrsn_LyX$ zqqQb+LPpcE*U?sw?0Y!^VUufm3dy!wH^c|oNCAhK(xx);q}PihymfJL2xPIVz$_LD zHsYIrhk$Bk#%}-QQ+SpK!kjzL@h`8@(}ymPw%M#78d|3&p1ut^?@j8jdg0VNJNC7V z+BwAb9Mx>w3UpH5H#4?So*>eS&IP4vz!@_{f>btuZ4@huUw_sq8$9}Gp%L>yaw<4Z zYxF07qw)@ef_@ka*b^rc*ll3maw;IwS8@Fs%o`a2dwik6zFd=MyrCcY`4G9Kn>$UH zYi!xo`va-qeG^%JL}C4xrh{mEfw2_YeiIOTI6c33uG^FpR6_N|^fIAA*@vTLc}2_q zY$C*ZUHx6!K#L%s8v+f3n4!iv@BWqCq&Z@^NdEzk(jjdt8`}#qGn}R@JZ{AM?oi&% zc}!>~#vtfCH6C$fBw#)?Oco-V4!P_sUx`syBEMvioRM@Ot&d^+=67jPSn0P4%wXyN@_3n6QU z=B^;xi}vt?H*w~^u6uMz+;HU*0#4HBA0#=%8D}6NAFq1lMerGl7jqMZ7C#L*?&Qys zx^zW;I$%+fO0~MmC=u;LQ9#0#5sOG3V3+6u{_*>mr-zZy>OXyYV}|K~$e$a;f>=j@ z-09b@h6eGMNs{tfJX*OUh_Mjl!^B!=mOIBbIvllKV<*Z%qv_^xw@N4lV)b~67(wpP zU>&I@4`BhIh+Vn%+{F!vXJ}J^+TUQ=e zweN~8MJB*T)zVg8$s@?G0Qk{Cuq7-&@i$ng0pV7Nni=G>bAu{)M>}td9Y{KCFk}aG zhkl5D3$?{-tRoca=tP_>k(Dy&nRg_PBo#a69^7AYSo65u;Lew_#c|KCi137OkrrM| zG*M>n$qfJ(J#WLp_5h67kX*=Yov*o~QmisIm?ZLcS@ZRg05^?w2^G>*-|Pxr>a~rB z-pw50;AHyUgD!X@v?=~RG!{&}uJu2rIJkHivL@!NXFOM=##YMB?raa9N}EDka0a&E z@Z}>6^{R(}6ywo>07cbXO!OJ#8oAMOyoz=VC2W*6p7Bas1TFz?ehUCSP~+hIo!Ze0 zRg1TsQX$ta7CXUg-_yG@{6gFPamTN1#$NUp5v}-zUMv31_@K?m=$7JDlfYm~{+Q5H zR8RwM9S^EEX-0g&x>I?YmHdT497m$T1qB+4CCTXdKNW6rgAs~4eAE2@u5iOok)|K7 z=IDPa{Pz*;=D^>6``757eL?B(<^DEh@QUaB2`ub4}JX%7EM&o9VIFlrvZ z%i=xRl(HTd>kw&Z#k{xfSBJ?-$>7>cmLGO`&|$y4wl@XI4epJiSun`6&}!ii@*#TU zzv=oe$^9M6y|LY+pj3SzN*LZpiYI9S+i%R&|J0-Q*bU1;?=rmlPBOcfIOsRPzDjef z7zRnMk#@o%SIvD$K#K;Uwzge#A8e;+0-F9hmqpSa|^teh(Cm1{0+b~)B{|5X138DwtEyahcgr577ZLkpoe9z z@(nhpM$Gtr6!tsu6TI~a=X`d=IMDU}qv~Wolw>KK&{e#9K|ug6rVuua6x4?fWH1)0 zU92UQN6IBEI|T3_ujtl&l2h$bvHvJZ$z4s09y^Mu5L~nd-#YrY%&r_8<{)JP#f{E><%m zM_C|xl6N);l|1$8LRC;OI=WezY=pgm3pC3@y_=fimhM11V!|ygi@@gy;zdLn-$|n* zy@9I26H36JcYF+UUqqis0?Y{bSv&O~KN zRm|ZtKCtF09jQ(sRI#qP;C2CMBV{(X0BNX(Wt?+J)?rderj5PMcl@PHCNxQCEJqUv zyqs?CdxmgBVQ9(eO>gIO*_jKzv7jQb-9%EN(JMO^H7XZ4AD9qI+cWeeJH4-d{KTqh zoCSt7V`n;R4|?nUR})ZHzT6 zj47ME7*)odTtOFF-Y7eg5@kpr;WbFz+Shg&`@57EAmP}_>7?6dylG!j#e!-BmN7@`2npzok4*&uJ znZHm;=bwaQ!enTpxMcMRSG$r`iU-RZnxKlpj@Y+_qdNH-viGCtp+d4#}1OEnui4fZRkgqgU4;4ZoDF&HF;Zj;Rm1*^{z-f zit#H-7YfkrBPLME@rh%9p~WtJ>0jC`nd{c7bp3NEDap!Ci{8umdyo6uy!z)-DCzIz zO8!((@y`(_{-~>tc3An_?6=v4JW_+WtaU|NjjXpbE}qO2XBEkV(#U0~Kq{1m2Sy;u zswlJi>U(*zlt6TDGquzK(fI2ni&m^XuYID@81|`BGW&)6>$Tf2vO)Y8-u|mgir*>D zD>-jB+;6}`jiJi-+++VSi00~F=h_-vM5HJN6?L0_j!zzp!e@T(pmCoh7Ei$LTHOkj zS?#I6Pz5b#1TkC!4(Z!<@*3C)qr_4~72~wzT;|xAuvpCM_UBg;(-;m3)Gc(=9c3Qv z>@vWgfL~jzxZf1G?H>m{uM~ab)Lxzj$@cxY1JiK2<|FV2q;fralCH(@8I`DDol^|! zA1>@)DO3O~Dx`ZbVHb@9c%fRHG@5W86=pDedxc?QQ=^NiJ$MLI-#bD3jP%e#mwn93L)_GrOZUpIg9a!0e}`bzc0T5#CB-Gk^Sci z-A$n!P7TNV`(*-+JeIEe7ll(vJ2V05?AW=a9Qm_K8XCs#Fi3aj=Vc}6%h^B`mLm!3 z+o4?|PIxv#Oza3kxj-!9rQd*fn@3UckI*=+Gx6($D!0U(ZPDnb_iX#PDJ zU220d5&pTq6DQbYp?c9FlKgF9L^=*)d>^I#5Ec{;VIk>5o*{~@X;V|*HNv=YCfeSK zxv_&=esw2HW~SzFbd&z7R$bLl&?rq(J24Tsw7?VEl~7ZMTTq>XWB~Ix3Gn=#o+Rqp zbG-ajF*Z+)OdKn~;ax_xZLC1IG;VO&zO6W;X7Sk$n22hUlF*uPwZ%?Yo{r0f**O0y zIS_XIx_8$h4J85~*88C%VKK&9?57;`2sjPQCs^RXQ1TrF^o(q?UnMsLSJ%Aq7h8MF z>}v>7hWpV&CG!k@ig*a%okkfu++|WP+j~K1N!(Rg`rc_q#V=rQs*mwTkzxHQ6jPFU zC!AKNP%H{*;_4ebx&;1JD=iibE-wQg4q@P==Ud3>Mv69BQ5a5rlY(q$qr3e_MN#>= z0*)n>To`Yy06mo+H6k!fKjLnkljD$y{Cwpwd+bvFHr$XW0NzkQU*F;^NH5JHleey6 zgM?piL%k4MA$zFTom@c8rv&G#ml_hX6R*^3)*DWvql6XCj4@^-_f~7~#4?d+7TeKIz)N0{IF&rfI%6*#k67^&kwIG@ zs^c%&0Ub*L+k8bDbvJjs?(bQsU@&NE$e=c#?w7&kMU4N3sA95FG+ zwo`AtH+Phu9el}DXLbDn_6kw)F?AOsr6xWijS5ct1Q^ZI)ZUwRY0CUdu+ef|3|Kq#5}kT|Pu64BFxo)u0||m}P1>UaLS* z0yObbY9hSzycwH90LM7iY@|~HY`C}G+kQq(_#AI5oI3&CTg8kx0&KMX0*ITsDH%R8 z8|__G>lYim`EzR`Po(mKh~2tm3HYt$Eys>XWYS%N#mr=9%oA$DVPpM!ldn5yEMn0{ z;yxzTe`uF`76aKaiLN*s?4&u*_mJ`D>3=_v03@+)WC)eaz7n7N} z?OvO5sjK?M>5LY4=Jh4&l^$K)Vyw~WD;SLp)c`SFhQlcRFaf2M3%bl1=(HsVHD@OP zB|R1tj61_)Y{p`@*>*;+t8C$b^zlMC2}xtC0o`^kCNPL^%|+rPzgOB`3D}X&4#U?a z?#NJ)eDUMX^E?8({H!HqXNpS&_5vmw)5cW%OrHD{huA}R1G|GmGH_ub|pHhDZB+ z(qS04-i>bYt$OaYiKNEyowO3K6vkl+k;j%_IYLHE<69MG&cFLMU@tG1yHLzl$Q5uX zP(q)wL*@$Cy8s27ReMCwmQW(w1lg-rd=1wKP|P*|S*Y~faykB%cVL}#E|$EOh3NTd zBEw@<)-0=q5$F_{WS}0CA>VK8Nx5EzN8^T;E{y=;lRUWd;E45EZc@&_!&mjdfT4NP%4S+Le}X0;`IGa$`Pyo|dBCY>xKJ2b;j!tDvnx~T=7Jt?l@O|%t| z4xv-^p~So>1IC9%sihySsZVrt?MvIL;UNi_h&|khBTIqG6kR9VVrD`bm^LcPLR+~v zXH)eOaenYZj@2!<@;UWp|4-10315}=t%UcosWkVL;h0bur|WX?eB9Q9!kUqk#7v=^c66Wtv8 ze1C><>aBLTHF+YXKzgb2uVsd;XG68{36fBC2h0)| z2o~{72u^0R4jO7yh>WDDbW^)XPVfu?Q1yBkH$&TZeoRX4S~$x6D+Fd*@Mz#?Xw=XN9_?iZkR)g)Wj58C>he&SgXpjs(NNj(M~@yW|C^>B{N@o_ONcsSuE*hTy6=z zV=;cCCYzenh+57ikq4NQB+ILyA`4&5ENYRY%G8`a ze-b^j3E{8FP_%Z`50?RnDQIbteHsP91M@5x=E^G;QuRk?3Ct6srok=*gjCyokBav0 z3TTZtQE|rhl3apZr>Wm0gZf}U@Vr>0l%I}QsGi6ttn+ExYX^`qW=2`aJbX5&j#p?y z4BvU44e#;4%ADek0=3@i+v%>_W7$o*mbcCg7cQRO>GiM-Q54iw@Y&e1k#F^xwmFhI z)cLrY9ZQU&AK&Gk2EMx=@G{G+MKPWa$Znw%g_BT+h9EiUQZ zQMo#&P$AifyA-5hAEs>nZ_1)YUeG&OEr91~iBG+E{n^0AnK9ORsto8&p7BLH+-95p6c5n%9S`S6HnCcb(lGSEG1v(_fh@u22vquTnu7ZW!W!*W| zF^ZYwb}sM;`6bP5sk4DQFb=3wmY9fPb45znJfXaE!7@GJekS_AiWMIbc%i7dlHzu} z^yEuQlB$eN^TKR~t-cmTSV@-RsTd4h=*SW>q*2XP3uxFU87$i<{~U91&jNb0V5KGi zM%xt=I#@iumEFXqgq0=p7^rIl>#Sbe7JXH34d#c@i9Nnt`#*&PE z1c^$D&y$q<_2o?%7AxmEzHzXawt%r(9B}#UPk$q2?mM1wHn0ES^)zW`ZbhHpr`M@l z6tj0HQ#IN!2!w=w2DVbzR(-U~ZK#=Kv^PE$7lhOMG4UbQ@cluQ_BDDkD_dUy!2r3A zIxI>n7w|X|lxr@4xVRfiB0@ajF>Cu82ZJJq2)$h}#oo^&uH0X4RyvEW>j_}6(^U3l zR0+GDa;_f;M>-1dM1;j5zL%+PXkD>?7_HI~6>|)>k^CV`2#_so@5`!+Q|1BuN*-&^ z1F#{wAiZpr#Zb`wl*66F79Z>#8`+17WS)>?*eL39`ckeXXg-TN(2k|;W`(*(b^%W~ zxA{O{RwUg(zBN1I!8t>~(bP^-H0^Squ(5z!7-C7w8#D?oyVxV41V^1<%0dM|L19(# zRl@UH%~?QBzE%y-9;Gp8_nCuszFnKoD164C+rxyOnyLWJSLqQu0K@q#pl0Qw!>%Q> z2X2W{Q?->B_lGNf5_fD)8uOae5PxyGFPqQe#QV^qECIAhk13D1el$vb4S~7fgJ;vX z&rxhdWj4qd&d`oiMS5pD&M;>@AJ!nkW2(lyuB$z)pXQz!V7@~NNB}VzgMCcO##?yJVA-hE2>5#t z&p*L#G4iC_1CiWMFl9P`{KP)&@RmjFsm9KA4{_S?F4Q@y=dfgpLUN|JDgH-0CnNeD z{EA)D1(X*Y=dn7bxZYtlgPyQf`o95g$X|1z9@;$6T!l*W6jP^%>cS@Zw4kWzs_-+y zxYJEpm;A&o>;fo)`Uz}SQ-G(iGQR<3ftPyGAE*pt|Lwdeh@wfCLTVG!NBsMbe`2^- z{FC8c>haTt$R@YJ%InwZQS12s^18R_egjN++6cR~%g!mHcI__Jiq4w12oBD* zv~ZtAJ5#oP1Na{~8rQBpZ?aiCpWnFLEtPg}T%kC=JwfTMI@w}fUb*aZ|D?Fu<-2cL z-MswDV%TrwQ_xxP1H}mU_TX26p}JKkO5@uqb7S>&&WPA(;lxP)^Uk@o&-Q=BZ5xaH z8Ml4+XWVuPaV!p%a7i6N+WVRb@EhM(o-bnX8*s2p*`7Z89 zE$!^Yv788+yfpH=S8;@6_WKPm>SP#yZFJ=ytoL8|(f-I{dB-An_NngIe79l)tKK`2 zCaLISoL2hlS|utlxS13Fh>}G`bz|> z?)r}IFk~l`oht)xUcCWp=%Ysu713j|5?vvk*oPRj2}{%sZE3o7#QQDY>dlG#U+?jfPY|g; zy;14V`*Hi}WU;7!1HZA@o9F6Vh#5+%4Bay>-U9!~8-YR`csTYGXo{au)nU`0Mh4E7 zj65pD10g&v9FzbQeRzvYFtz6doF`m!N5QqJwZE0Op!Te{gQ}z|VxsY+TVuapuZBTQ z-yvqI*=ibIqiHlhoOTtlx$n^^@WNai857w(Brl%)8)|sGSesY4H+R$u*#5IRM#1(e zFP1{Ckc5Rn4GVyOz{%NF@rQ;%>pp8LxvJ^$xp0~Ge3iVoyc$&g9hwzdboQ8n$&nJK z6J&oWKdn8^7d-b!fAP&OB*dSaYm=^72q`7HL%wdrk#qxqU=?oksKnf)IJWjl?tC(# zZgbTuwq%5$^;fah`&e1?q78!7K!s{6R6A@*`5}5!-Y6_bHFqJG!%a#&mS(TW*Q)`|0gx zo7|3THe%E5G`?-r8Z6>XzmAeyLq^bf=}f=^0Un52nb)Sj0i?eHyGk@3Rl<#RZ0o7i zId;|45pEXNrfsag8Rpg0TLUA(aEjG}V*>LVG8ge%qK(3c!Rpa~gX&S9m)=KOb zrRkbBY#!e;F%?aaF{ND`7y^U;@N@<|hUM)YzViGA3>nJUe|*2W{9verC%S#}{R`$< zH8E+8Z-#FKO&Pr47`sv;dV^&0O~iIDzyAe37XZd*sSQ<$S%JMZwBE0QZ~8+t$FQsYM>&mDYx zK{(q?NuKqV!thQP{--!+M|9a$7I%+Y9yhC{zDxi4-#^N9xe$!#Es0<)3nX!~bm#gqb3 zblen8iTw(1ENI`CG=gpcI#N}-NI@(a84_R%@BsI(Qqx>YC1>(+Chf;qxHfne?y`7f zWXdc8hyfjw2H6d#9ND~0y1gm+ddB@9799$|dax4z#OLSQ0VOi6?a4>nv-)Y{4oL?= ztH+e7!zqG|V2oqlU>;G$rR3+VEYDxj6E2}EPmUwai?ZoKeZPR=+O#$8WTw;Oz^R~#?1ZCDskV$K+J>+hhaDVu3b4;Cj$e!N4clRE7zmjr zyJ#?QpKj7N<8C47+ZMW(ybxfUoegr5BKM4iAfjfgjx*q7>{P%J7>%oeJr3m6B|r2+e@*eKTz+6}1< z4Q}XR7CyYZZ1Slus+6D~4`dagw&@_CN3)|R3E?J7mu4#XD%wQeP^s$77Kr#C)M^Fy%gyBu^M}-6Eb12Lz@H7LD;kW*Jl*qF5nDJ!%wiR7M%7M6O zU9=}1Noz{xaE!(&%AJB@caF8ehB;5Tu+QJf8FnrTYr-^l6Q`+vcENq}_K;;_;dQ`6 zrPKC|$fOqh3X?G9!p-|ARZl)Utd1#aXU-059>CE9&<085Q!?WxM3shp`@gS z;q_Lk-&|t9HLrG1MbQ_v0zkonc;G*L)tz0Yl(ac}DKTsvn78XlPj~2!?ILL~96toL zRL_^qv^s*}_6sGbbCE0PdU8SIS(qWzxvB)zG(iFIAgKnBO(R(8_Oj2 z1~4)`TX=lm$?0@pa1IT}aUDP7v*}hw^%y_i8%Uf&0cG8NsTde~@KmDXb9w?md+Gu|iB>o1If^CT&?(?#qAb}EDn1^nRldHT? ze_*^(5ZXN!@~z1E7$tWq7KNJh=b!*VNH;E7tVdy<%n}!u6xNifSN4VY43p{l%jqD> z^GxHy_VF=9zym;UbH6k4xT0jO4(WfJv-F`nK%0{v=CYED+?pYzDM357tfdB;qcahDfZq`|-p$>d|(p-L&pQ_{)zFntys;vghN40ED}Nqv;5 z*F9)$G-~Ya*>?*^0t90tCKW$Gq6OKW1+BNqZD#EFf>u(G+`m8FlB8-*%{s7FB0eH! ziZRZ+@{2OAQ|mC?B2BPXsRy_tB$v89Z}WV~^LfaN<@UH3t%;xadQ&(In%oiPcbFrO zOg*(t&mnPA?JgJYj$O3qW5C>=J;P2Z7fFeURw7E`jaHZ4h*7w>53hGL z(c5|9IjU`2FVXU~%WU`HqJ@`(gWX=uY+*Gq2DuJf{(v8#r~w?pW7Is*=5ewq;=dq-)-h1sQa!x`23 zc11zb75a!p!;tRRwe&c1wddPY@y{CT)oYb&_I zfH@8TGxcNSE;!9cOMAeGrGTz%onf)c1SbHrFao z>0zAK?{x8n5;&{5b^xl_9Rk>q$fgU@#VoqDh%A{? zpXNP=s58qnu$KUcM@Oiim--D(V}Z4NGYfPIrjAW<`$Y93>~t?b;v|?KhJIqbK}KK$ zL_ozrQzi7=lAiS08$<`96MDiQEae|xB+}9SV5TIjm7VvP^pT8J0-bt9UPkAzdG@a7 zZX)YGzxMj5q`lZQPBCY`)`Wf^Rel{D_WQgjk};hGdxDK8P|H_yU+3#o8nchOJE&3*hvyF>qKsKtyOWdqkYO;c@T78#$W&S3+UBjmolZp*H zy}P_JBwf}eb;2jI(t9d1-dA!zQGu8Y`)Y*Z0OPY^d-b7n;phh9#hnje9+PR}fg=P! zrLhx<8vLO^uu&V`xq!Tl&sgu~D&8PVfxd&o+SuY{Nd4DhjVw<$7rlTGXo5k=l*^_X z;D+(WA+MQ7kvPdpwG7QZAY4~QaNtBX^(|bZb5V8m3Nt3lj5WQd&f8J6{u=DXC)Eg$ z&dZccDqYM+vLByCxa*P?MCoHn&#z|XUGy=cW45FOKPP8$)l*eiqu&^mqFV_#xrU=$ zLD}Th^Q00T6w&oEyDF?5wTKc3KAiTNSH)88tWLg@v2XWn=|g+EjuDyN#ocSwp)Sn( zz`;wezvWV#H=rpeJB(brQY8{epYktOHB_nT#-}HLP=!`J4{D%4uh;ex@ef zAQUHqD;Zf2&9CLO(uli=SeYEB#v~oZ|>i*acfH-)uD761P21ncq5nB4jPGL_mO=b9_pfm2lN?gO-+|ao; zo7?_lFA`5EXY*S;YUB#UYD!ZqE@?3%0HE~<;zu!iRHnY0(g_&vYJ>+5%}0>nblJYhVl+6NX)6sn;}vvZj< z)Zg3-?~$ ztzSpa<~CBqWw{^8ewD2NJ<*tHrUwU23yy$|&IpI0J~YPEo)Q2RMc51KuNh-*{d(mk zFwdr#cu0U`8`x@v*3qv$6xO6K6SU)_EI=s4Lzh&0qaajSOhzZMe$3(qW6cKW5L@+m zoV`JUY!YtkUyTocQM{Pv-S}-I6bkXrhCyyjreGHq9YYqI8%~?~~)5@FL(Z zj3qe#bK>*y+~ZN?W=W2jzv7o^km9Y-Ul?V7VUV5v14Hlc7%aa3(yKUs2^W$5@8w_- zT>Qu9oB#fK{rkVZ`X9dfAF81L5AAU}9sgE05v~8*+W(szEth|3Pw%t&_ZoElk1Fop zUj3hF|8FWdZ~mpd;y)Vj@IR`!e|z;mY{1=rXrKL814`T}=Po0k6HmWndu55B`lNYDO*9pI0Us{habXw+c;1}uD6eMOf2m@ZorIs2tq z={{D=!@simX}y8|tj9g*+w_kl|2h%_)DM;Fcb^BHn>@>A@AQ74{Pd`(i1N$b9Q)y) z^($TX{88{pF>UiDvDMdh{=>yXXmiRf+}7f)6Tz9o{kA|iz5NH_>-r_VGk*eB<62>r z&6x+dT4bM}pHym?xC}#AQx?D0{@3XEPu2I|)xe(rVy@Bu#s)?j`=fy)egjzlngDeE zHUaqOHt_zZxo(C3MXuZb0u%nH=KZ6qRC%SnRzIcvQ2o<0p_u&A=HFq{UjJg=y||wz zVgd7nA}-RW@H$}c#{Q{JZB+zsXl1iRZpE>Ob#k@3n(;2!_igX1>$SOU^WNpLzz5$u z+5Phx760}f{7tQSf?&Oco)2~H-$PD*WjB7jADcFCtoxa;z z)@QLi$Yt3&7BZD%17aHMOy`A3x*{`)(5z}_~58bo*^wgYda9yl7rO|O9%O;eM zAC6UU5{S-&z7ssDOHBXuFmfd3uGca8g^Btf7!m&-;(u1EWlz%AsCn=;1&bdmXPNoR zzX+s%{g)j7BF4Y}(*G~4Y{dW3nqAstV_^nH&-$K_FU^G&VHsrz|8BICQ;TgQ}HmDy3JUO}NWO_PucI&nWA1#`udm65OYAo)yK!A*O{{Pvr zuKqte)+zfQ>TwM#>?a0yvN+toH)u5|PIKndVRGIaXCaNf6mC%mntEL;7n@A7CWvD}-e{)x~?{9!)m8++T?LqU1;Mw=6x%}CG+$efYi|n5K7nGs@r&`GRJLcT8EzBK+&FNLv z)zk(puMF$0qK?bUl}T_gmx|$`1}T$ja-TkfYQ#ec!y(}*Br-O-SF5K(ZGZ;}rM+(tCSR$YmNmio zV_)V6xW{&lg~9jV9L>E%rasA6dHl+Lp_jY-G^*d(c*1)BQEYAODd>l-PYcQ&ukVlS z4@pfmIgdK0Rd*uMX|>DbrI%K}pqJr{idRCPsxhf-=>UJ({mQHVGeh4sIcC0STf1sY~g=8kSi!wns zGvuUEUoUF`p#}k6v&zn~!_+a^B1i@SgFbfEwg?OWj~__O?zj?dX&`~-B(EY5OR(Di6=_@Squ@rt|yFR|IJf&*)Du8W0uCYLhg%?e@C!H5Q zp=Km?1?Sz(INoV6CD3cP9RaJVl zo0=KpyMtF$96vl)5gsmh0d4H$U#4;zJE5^r`so3Bl(q~A=o1`>;@?OzTbA>1F^&8U z;PKxR{_1~CpZH$i*kcgWzwXLyEri)rigr_FK3WD~4wro0@6wP4l}aMdxv*{Rho3`W z)i^L;ruKG}_5ht$-yI6Vpc5&Anfg->@xHiJ&*hD~(}rbCaH3Px7V_HF7>9yz5$Zk- zzY27`Iw~P>6v~Mb9=ZF0z<%+1`vrx0TtY?iDo;wqQIRZM|#cu z5ldekqIv7}Az}G_Dr}HqK)M^=L1f7AK7&HOV(&VYb+UwfN3`510vjv>S3??q4<9^# zDs0&vAp z14Lw&5;W%m)NK}+jjRIbHXm|2@vZ03-7>+yJntD6iYl+?FwA#0GRRJ;(9RJ%7yjRCcO#yeYO%Z6?(hlfMXi z%kN-eQo_zzNQA|+joGuC3lHL4<*O>HvdtN`Sq%4$S^)3a4uuYOhu{9v6#Lfcc)D^` zoNq#f-8lAeE}m1~xtedrGsmRw_2s4Dq5o>05n6j`zR8%H*B0kekLkwn#BQM&hO<1833b_{@=+;tq<>$v3)-MsflkzU23A=8yW;-?Nxicnh{gxdUJ#mjE zFk#-UA7w=q8#9GqgJH_#p@~qFKL$}PR;m|ThqWASQ(lpJU3`brG6!BC9O)Xx!4J24 z&B#^gF8{B$@D+w{egi7HihkiFKXRmezQm6gYGQ{1On>x8$Xz@<* z2ld8bRNRc3rWSg9LNiMZNH2-G*8{tXc11v1igZB3Xe*rMV>)BV+kKJ8`Y}|`#2nC$ z$HAnB?t>55CPpA;Vo=2?p+mZ5lOX?E>1L1!LX~pXYPXr~RIbN!)>u+iVQra;n>YCnqKsbI1__>x7gRgPjE^KAxhc)}-nw zJIYnPw003cMJh5WQr7Tf!O@M-2JJb)jxZ$52!xPj!>Iw>(H5RvEg{#F)V?;cCOy2P zV`A5%+MlSj9=Bn?W$J3ASDil6um=viO{Vis!u0Wuxv(o#pQuhLCAqr#i2d|x>Og;G zYLdo-jX)tSQAP&1;SwnXryu9p^U@ClOSF;{Boq)7^Uk|5y_aQpHK4F=^X z$QpJw?)zq9ZQ=E_iNP9AC4#Ly3Q3AGW-(&Pm6x}Tlk7v)5` zMqUB9T8;fQ`+r)ey^~n5(oLJ-SUf+pA5xTP!RV@ww~<03xjN@Vw44ymQ}*MTzX|(N z(H@jZe&F*)oaP38JhZ{=EW+~VD5y(6PM61>p}tR|6nG_C!#BhMnl{uXaa8HSFTNK( zx64VA4=3{y6^Q3mxNs~K4XkvHz;_Dbb?mUhAZ!dx+pvF|p59nwU(xm(;LE5N1fboJ&8hSf6Fd>Z?Gt z8&08)54$a9zuAW%KxefTX^|!*p`jqKRNqYMy4+R`0>_zSQie$rl8IPl9RMWSnV@`x90q z`)gKk9?U6l)X)&+F)vZWp^GXCEJq z8S$#n#5|G6nD(Yg>)*nrVXD7&s44d+T3(~S#SN!htXr~mBh#l38lSQx4xSZ&jac>P`5}0wnFEH_<;BM!XPx$l?^=EQtC#n97wJB z&?ExZJRM1H&aTUZyT*NUE{?>f1Py3-VG9+S%!wAGUlrDJfeN&Vl$aq5@PHx)Hvk5k zrvA<@3x_80w;41{g2mde|Ir9e2SVv@Dn^U|_?63g{04-nR+vabr;9jzxg@SW`wh@> z?B3E0c}cs13jEd!1qEfzLrDc;ujXmv``aDhowK#AqvyXb_!s_r7X1Hvo0)%FXZ-~r zp?k&pVsOj4l~ppDT>kL+`X48YU;aE<{7>(;hkIrwa+1eN#gXLoVx6HdDDOFK9uHGe zhnklu2w2VcZhurm=&Ih@s@xPPG=7}GD94wVn6j!>CW^^4sTzSf|6VVgzN-HUtYKiR z6`GGuz?m1h)5@DVYo%Kq)(!cLki`s!5MT>uCLTgadWv(ywtj}z?|KBU6f^*PPmBev zB0gd8=_%)n9|>nr3U?J_N3@b-v>31|<`&KxcMbEyi3x?14dCXu!3fL91_d|d(iEi0) zWU0N#otnGTe+93!*EI{D(VJr-1W(~lm}Eh4M_oUwA%Vo5AQ)HeqGvO!lt#B~*$p5O zhytZ5R5#?4nB?CfCGVwt03sV9`BYvIVba$i!a9)k|EV`Aq<|XXHUvl^<_WCy21^K15#J|X zMb9>t*K+P~zD5N19->&VD+*v(?6nS;K`>e%7!Ml|jB`vjAF$#oH3dZed4~8W42uX1 zM@R`4so)C&d1#eyzP!+c6lyq+W#v|(Tlb-T$;bu>^-fR$x9lPrA(JysijZ%~=ZaYg zX8Lxkl;-~Ll?bVvcl7$*o2-H@L=ePTooq#`a4{3-7o&g`dskyb#W zf3zfF2^m7Yi~jCB1Y;e7@zDW-;SoV7EKhHbg#nS@23Oh-p&o?L3@JfC(|eCn48;Jk zhCoz|vdCZa3tVD9eEYU#;aGxKS^zyh;4hP67Dp}gkZ%<$Q*n_`0x<5486pfJ!q9m@ zEQBQ7>FE!>5g-MUhxn|7Gm}i;7vqeAlwhXt?|+KK`|^759Cn7BC886yo10S48!jz*w@RKq?gV5+)t zer3z2K;Z+QTlfAs|3vQW-QJz=6RkBmY=AMDEbKBUQ|D#hTrLgHw5MYt z9P<{v$lJ30%~_RMoEf(?CUDG3-N6N1#Kge&oq-|n9PrNLD=RkkF1v87gXv&hMwrMH zg8MvHp6y*bYwog-+KxBN&8ugudvNZG_m0_Xr}_j<@trDc(B9?LX52S_+Rht$r#2tA z2{~fqA-GcPyWr87!*6-~1b1reV%x?4NTmJH_W1hS_gyyumu!Ys?%rH~>7(_})$+F^ z-f#ca{weg_?!v7{-pVS>s@TB_EMe27|9|wOp|7*AK@3n$BxCz37~|6Sh4mOq^TwM_kc zlv3@bI8%GzxhktS+V8q3{BF|6l|Rz|#&-U_)-k_idawUs`&V!L-)(UjwPrNX25m|U zowub>eQk`>_xV2)_5v?JxySe7efi3>QlBjU?92c6Zc_F3qTsJLkKLPb;z`%$MFi(p zfekNF=OgcbwH*G>Fb6nb@MCRU{Hgmv`P=OHV&ALRX5KsbqjgQ`=c8{X(P%{kO3RP% z)uO=GvPRo-;0-aK`Wf!=@4Nf%iH-8U{Nm4>x3ufs$07tue_P7vZWdu| zXx;J1V)bup*)LqnmPJmKI`;8Oh1T(d;dh?{uPg11D+iw@r*|HFoScnl?Y%1fA6JkM zqGOFOpV$4*6!}0Ym}bB9Z};TS%z5%=PrS;9(C?Km_CF3rI-G9Qw9#-IO(Bqj8b|X2 zE%U;(y2B5Fm$56oPA>kt?R$PDD1uY=2Pg~xlitYt5e<47nYPe n&6K6kCNw7R_ODd-z$cHAK3hpXSo`WLcN6Y$2wKQ=|GxvTO;wX16HU3IGK>|Lj?m#*Ifgis|_B>)5h0V=2u zaJ@lsTk(;DEdZ#hask)?06+i$1O`ATM2d!jzvCfP8V!UFprhgl)J2TKH#9dFH3;Lk zI2MIze#ZzD=J=fk)eIm2LIdzoaW?7_L}5}?j6_`y&;Qj|CkjuYF6`evD8_zk@sC(p zRYQwGkWYZ0Pf!q5pI=Z=l3!F(K$t;5L{dmxl3xf#4a)zEBUJSpS$^mJrl~*VFhiC6 zA%`d`AN_Y8F;V%Lf5T+I;~RNFX#e8z9*Q3Acf3M|DnNyQ@q7Ju&EBw%qP$)O=IJqg7^4@gavOJ0pZ}_;Njv?;^R{aGSV^%{!fSNZh#0IFax24WdhKMKwbV9 z#U}=89^6cY-vbB@9gKmAg^dHjMG-U+-e?LP4UCR~0S2R}15xDwmqgE$!oLLj zZ{#9E$%O_6ql2+-(?96ev|BfOt8@ZCCUC2>@T@i06cUMYVgpB0BNAD;E|w|6*T^9?L(&ixWao| zSo=n1Uuu}Hf&AFK?;nEVoPIDQZWwr6o?Y2Cm%NUrnxXK;TZ<=<;zrhRRXM7%&wVUY z%8GWO_4~yg*|o#WetAy6rTjN+`l2Ivi-IUS`&PDRAm`vmfrNL@l7K${ld7v0Wf6A(CqVvU%qM zd*m8;s{CX6AE`y_#TSJQ!n@(7LmvMut33A0D*E_=w)|K8o#UOS%Uh*TCQPMF01MZ-u0afij0n8J3eB>8ua& z=kXoUZ2GK%Ke?v*2cQ29*OuR>nA)7edaeB4%nE<=q6B9kK#L!D2ZItx16^CbVZAI{ z+PnrfOcbvHSt{wH;cI|e`X8x-fi?D$Uhm0uIw|}3&l2ViNgC4?<_7edw~qhEI4~wJ z0}m*;Zb$uWm7qnR{3tCck6gvT|CoeJHjEYP^JgRM|4t0&WS)#=24`AY+RgMu_tL}J z!o&SE^gl(|`X|r-OdW)O&~Rrk40%!ElK&|r;VWshszk%vXvALHk8PLdJLO@Y0+-cc>LjD_;;uOek7C`m0PRcvh)OMTat5fbM?E z2mLFa*AL{?u-^-+=Typ~t^}tlj(6HVlKK{}tl3y};9L;a zAL=f^?elBb!0669L_(I^#lrsXLOo9{TMW2rVEe^~P!Mj&;%Z)p|9sXf=|&?K?4P3T z{LTc?-IsTDM(8@YsFiJW+;LL62D8n>_% zvVU6EnL?U0ddSm?pc@+$gzHO5k?QOv8Sb2g?j5TV3-%~2+M<4pu~zDWHh8~$|MhF_ zsg7P^i3In6s9LsFk?q_HjKoB^|D~-~E8vl!$z{*8K%><1Zk)1?$0IL2$sfcg0ckOMM9Rb7+T*U)hck53t(ngJkppe~2Xc7~w9jHc zC0J+=6d5TqN!((aQ86UgNREGep$C0bDf{9@@>(4_3y2-+_KUUi_BD`~l`smG3OCyh za(|-Yr!4DY-#p39EbxuSLpK<7hQ1G9RSp0A&^JkL+$&z-SAzj+2~7R*4kq3%B~ukG!LRhcV>Leac3$1BTV0DvRV5%T*NydxJ)5*p^D5(=OKNz- zx6FJzirZ>Sz46 zdeU0Oqg;QFg&Lz()?y~gF=wpcCr|Y6UIRF8&$~W-+&WH5_)9&ACy=hutBofHeoC{u z9_``ZtRZw+v_V88bW%ao;lc^0p{fRG?@QNgJdP5+?HdMtNqh7!xj3$YuvdNS-@bXA zt17>&{8jt;mJ`9w9!HJY74gxnpvgBw+pP3|QJ;|orCj!%z5EuL~V~(J#X4EGn8GA1eqF(nXojzgj{Q*s(Vi{299FY-r7!^x=cokfu=L zOg+!*$F^yxn`B#?-WSv(%}IIbSez+8{4GHoyEv){*0WW5>*11gj%jZhknLSY{N*-5u4~|tH{~GL4nwdk z`1WRbQ`PLwzUyZ_9VAuMn(VNYrq_=-wXz3fbGKpRyvdA1>9Xds2be-hwhJdi*%c|u)YSE}%sz#aBX!tG5Jh|RiTrA3raC0kOMv1pjplOB9^D9je1QK`# zK|`O|0o9$)_-47t*PVkA=y*aCIQLTuD{rqyAu26hu7Qd;S6NHQc8i6khi%rO7^zR(`C^HM9~QhdP$djC(P z`^NG#D~&56eb`%lLuWAOuJ17qSBbBKr!_G>>^%FvMCip-HOB zv>tP*x95qzGBq?iua8p5`NRsok2QZb^za%m+Odvu$(?Z0AlKLxgvzZlaOCIoNsWL5 z1r{oX?8yO^X+D;8)ud~{T5;`F$j&WVGy%1ho_)9eGJWF4+0V8-?H8fs?}n?M`m2l% zXnxSboIM?|b4q&#@1h_wPERv8p|!q(&yBe7wEN6yq_SD$dG<@G5ulWa($sCXoG&fYlmL?@|*H6=8Kj~ z^iS77r;}M#&CaKbLGG)-E4#L)ErIdzYWp2<4Sat?|7QuwcQZy;2>C&mV)N~&aljm2=a*w4dLku8{Cvfb>A z%WOzJ_Yk*OW{^G;>1(}z>*hPl)yQ`F$|8No7?+GHK+6;=Abo`?HEBfU%u&8up z+j3iQhB>0g4up8PQkC8^T1o5Wd4J?z;8|cR{!{d zej*`l>dG7V-@myTl2rDEv>V|?>KYF>UXcvv-=g{tM_~Gw*5p}Eg#S5jcF=2+kH0VY ze&+wdg1;zh@;x;E9w#}b@e@L+$098sA6x_XD6W291N-_?L7QW93u)a^<>djWC!tTF z*T8zvrQ^N7;r@C@E_%VB^Y>lf*HJf4!e20$t+3!5YAc_Mdkq9$1E=NxNTBIW%r>HV zbc^6uYJN?2522U#_NGtpH~Xvp-<#szQ~IFPWw)L!Dtc>kXe`fp&PcoS8#~3T&YzD1 zJX$=4wql>A_>JdXJ-T!G9ksJ7`U@5gNSLxN@fq1X=jU(`>SnIp6VOpI87x(Ve8BIf z4Sw20pCSG0i`mbkYoJ>BFDT102fL5j|9|TVI_kP=y8RafG~l0ew|yUDSK*vT?P0w< zI-l+Mn?nAs9AKiYwJUV0sl!v%)4C5!4t6W6RA2~r3d?hv5As)sP{b80siHIAv&)-l z{Lk7T{P6j+_1YWc#2pKj(GYY>Q_@O`?jh-i^Ch$`w>$+XE+nYN;;O_?jxJ!ie=+$t ze$oE@IQ%aT-+x-|UeIR3uW+8A{p6q>_?w;eJrq+tE7-#9TcS>-v6zdPv3zLYWwZo}jkk8irSsO{f{m zeKGxKNRS2Uy9lS{PqXt) z)Y^mUhTbT_vgH@+)s4mD&C%tha8R!q%ASDt4s{33>IF3%27QXYY7DYlxdtZ5F6}SE ze&%1yJt6D*AC*OUj{PmxLeWz7KiEg@82^xKKJO21me0Dr4Fnn8FSx&Rzv=dX+uvA6 zJ=y+EsH$t=4}Shs!zs>p+0*hf?!U9I{5QEo?0#3S@*helf6#ubTDi{n??WN|mspk3 zzw;ygyAA^70;dB1&mNOOsjIR;B(&blRLy;lpIT`It=9hc`vzY7`!K4J63Jjkp*>q9 zYr^BHn9OL9Y}yiEX1-p&-b8z;Dlc!QrSm{ZRb3HfM@HFz^PR0+yukbb;Nt4-siQ2% zfHG+^V0{EI0Rn&wW!lEGu<~-3)zVV`!?60_$7c&SHevvn<-KX^zc2r{Ir!E#UREfB zECY&4#>(B(8->kLSk%wk{RXF_FsYTjg*6ISp)ijpia``!y2-cv7e2VbcE8~p`#eDE z3Dc2B$#!FyXR!Mlw)`8mviEdB(FmhxSgc)KQSGA{{0m#(;D8(K;_QRs?YD3vA)bvZ zTo)Cype|ZK8Bhf@04;z4umpSn2f!Kd26$1iD=Nne&_R{U{U`OQf2*&Bs%43)reuCIR{r0MPCFSADm901!V#<-hnVk0lQPZiN9rbN^p?mT3Uc@*Dstm)$KqEq?3g#$AAB zi}I!%mjM92Apnq|oEi}0f9VZXc2f=%Edl@xr7QI}0FaRh0Bm-swoU#Mxo=!Df9mbu z()_N!-~0~fXgA^J8yywEnBbd$azg$c^LSMiu`G zm}p=OENpZT4$6G5M+g95Fd7Jt00R$%4n}z#ZmjnJ1||^}F(Wn!DFvkfTpv*~Gs`5a ztpn4uNlH#Fo}1q!BNr5FWEK(;w?O$6!s{EF07AKfFmbVd6Z(b-gfg~+i5W4-1+)taF-gdTWp%7P>!vrD1a&PuLN;NE zGo*4~nCp9lM7+LYS%zN!!$Loocxaav2?7|vKrkU1AcOsXGjt17rhhyu{ek-_V~1xp z|3{vqvS)EeSm(2^DmR~74Q1s7|3ADMl{2SqsOcD3)sK8&1L zFgTz79Q>7WKb8eQx9ib*GW&E`NWK>^e%E*edg?5R(6Unt0|=DS*wX$rhw4mRwKC?;L$9EL_~OH08OyN=cE39OO`jK zNHrjX72*yejzqXw;D3q4aK`|Ua;1$B(g)7VZl!Nm{TP6%7hKqo;zh6!NC?w{;4mN0 zYOhd(uiVDFp#_tt*F7d>g$;~yR^q#v5Q%;gB8tGm!xaN2p7x;EU9}vNx^6vD^alE z7?$Gb;{5cAa$OuO&S1=Q$}1$o?_1D$+gvLPw=M3jJth-d&X$Vw`A%wYttwNln!~-1x+BL;k z-~qW${MaFG#WG?iG60-WOB=-rU`uSKg5^7fNzhbPf)Ebz54BAiD-Nwr66CNUQ+{X? ziIBl#AV=pwlk^Mr8&ZI>yeBiC>_;Qh+bph0t}vc4)90e@JMWff%^yX zx~1)9cmU>Nref#fME1<35ye1Q@_hZgnFevWK6!nqb7uM^U5&~4442YNME}CvWF7|z zV*|F_-Z+jR$Kvs^_BZH^A6wRNrfQO@U!?jfn%avf5{Xzqm$D4R_XW|5CV9u5GI9_n z`L=kEDkcSIOy*j*bp?|ROwB4-f+0m)WjESVk^l}s83WPKNqlUvvsu2E2*|0zCeunD zaOSA8s|YW@?{ytEF0XWcFAEm{2@q)UhbRrUVu$ys%QXwIsd|v9%F{+6t7P1q(^a(f zJNj8SCG>WU#X}v>(O$i`z4&aA`@3xKArMkNMk|nl+{Ilv0j?J>Nk~@8%5Q0?$yus` z-?=jt=q?@iL+V##p74|k$a5I0tTz)XyfEJ}(N58Ccsv)EBYi)m;{^o6Kl@FE&ZrHP zjS+x)0a+ZNFtKht?ZYr=Ga64acwW_*WWGO=ItkIL1 z1DVvR1c!=H#cY=LSX-k#OxKr%8JY#2A*a2OcECY2!2G&MUEPAogO!Ubi2)NX_X7O; z6lVgRDw3##79vT*@xM_zgMdIHwBYn!0934Cek-axvmb+4tBkQFR=XAD4Ry!R`fE2M z-UsuZ|COg5Pa=_ar>fjiMVG{e^A%AFkLV2gDi9YQvHY;laGpbwOj}ouk2v#_cAP_l zPLr+@TvbE*1FgsDX2k}|8rE|^*5%tX&H#QI@%_YtzvSuQ*{m_zEJPmXAPu^rrec#&PyjkFaGTw zq+$IkpsP*!mra7WZXNF?w!|!$f5E}f;*kF=ziLq@FZF@xn=Dl=>r8V#!t@&J)A_+q z5+IpL1kf^t?vCBM9o}6+f+m+ruRT9;Z?Uw>8t)TFL-O$GGrJ13VbUQiKV4&yQFed> zpkCy_sbWmGWYw+!_g4_~pS;|Fl#wL%AHU=ok+>_U9sbzm1@<#pw6ONe)YtXj){PF1 zk}i13L@gM?pNW~y!3jthp_YyFnG?3jlGYAw?F{O@Ra1nE%eKJhR<2z$|IcWQ#AhJ) z{xb62cC=@6{hKj0w^hh8n#$hYe&|q;xM-pgj-H{I6`HAN0oSDj=e)qV2ArvpH3(LB zdB&)D5jyykw{wrgFQl6ytB!zNscA#;qOIPxtSp*@fC3aJbaPdlMlnptzJoeCx_#Ib zvrEFJPjxHA-MybB-*zTgWu`ZK_!+N5^BeN_FM^}}-wnTHW1wn1CwLz0s&Q3O67H7Q6ik~!v@=F*ji!T&9dJD^`Qlk=K z$H;2(!xeT;$tI?ivBqeEfhitcmZ;gbzGI~a#{A@)Y>m`0`Qf5^{4+mv`Y1R?>$^%F ztV`UoG_*3+ZL4VZamB%_&gSmO@KH9j(tJWqNgf8e;R58#@^Cd`v&r%m(WaqP;`5Vu zQ!zw|eD>i=RU+Jx;SNM68|O@EfM`^7`bl`p`{?rN5)~u-;@J+2K8!u&Oja6R>!vpi zJQy;@X0+m12-8QW&1ceyqzq*e6#zW5n)IIY5KTqA?OuMxxj^&Mhqu&bhAqtfE7({~ z`izS-o)kZ@#nNoJoPmp^4j=2Y12tVSVoLqvOqBYCNk`#h9tQ#Q4{a2Vhs0IUC9e-G zDZ!<KayiC0s6&F5t`z|bv29e$qPoL>KXRsxwz?sVwU1cSpnEa#z>JT(h zyaJb<*6lP)IeURercINJ9g-_SJBNuUB$L%$%G-+~uWh8<>{d0q>iwD~N6kzQ9}=V+ z_p=WtZFJI3`|#RDHqj|R5XzKxFyhd2e5FE0o_Y z3U;q6xzDO(GT%QfL5+ETN!C6c3u{gZ!2D&1-uwrAqvDqq9n6&x? zOv!SCL2}2)d{;10D8V{I@ZB~?Fm`$`qX(swo;efsBra>!+Uw#q%}UAJx({1&$qd^F z=H=$%vmp^!ys7+^*&ien25^&&(LM;s0BGF4y@-3<@AL0RRCYE#qpR=iVy$vYy-+s4 zWQiX_+1RCG>IAQWuj^N>EF07e=Dv7_+`>&3+!eMfMU-MCdr8A47=-Uf#mT|GY!B>M zsAS3r0h&nslOs2W=o!9EWmOBw66+;isoveJvd{P$Dx^808E&2mcgXq zf+euFDh$4Mttldomf|=<(=9p|o_^~44^%B)o!dZ5^re-ISQS6(?YE#@q)1=WfD&<# zqHt54fJ`^_$1m}b5ydUe96pyV-)ulF@(PX z;)-6k%*n}k%K{uVILhUAbbZwL-<~uFTy#})59vNG^zLB3gg%(X2mCPR< zYDwsY^ZXzf0BeiOkzlrUvvL|eZLm?%jhgb|?3F9ettiz+yGzVg$e3ygu;Y7Z6N*#9 zh)CGVEQxftbzotVT)Zi?LD9*(#NQy%`L;%Ein^o7M&lOy?Bcz-7$?3Nj=K~xb?Qm% znxAfsP)Rv=8%JhNKQ3>FkftxrncmTXJ=zw@Q_Yh0;Vv^o_P~d+ghZeNUZLgd-yCf@ zl_i{A`-KNMkdZH-C%MUsu)7y4Ny+Zp|%daJPydq>8$ z^AELD(eLWL&u#aZQW&$M-CE(qcM-)Fxx+(TiCLaCzU$FV9iQFnf0?3jmm&YEAc)VS zw#}oqUENGVLYww7$><9}>I&u{Ey`yq&RQyXpoG!H$tR0>n)T~;6^F=rrLv@IM`4UB zC*eZ`-~4DWB)h}_tS-|Eic7x}@bY0y-%daerwiw4ds2|Po;UHWMDunpPVWq4)El!G z!)G$T@G9bJh_pESN7F>j`GE+FDDU23xgm(`hg2t~^2%?8XNewKla#{>5LV~|5#i}! zGJOmpLWu<;Ne84P2_dHp03*R!+Li@m)r9`&Q!$42TZ7G=n5{>pZ6p#dv^!@s7M?D$J$KQ$?#EtCqU^! zY*H_Fqv^k~;+K&o{b`LtkMhxaT4JDfiFFB`4$Qqk)I5tS{3;v7aCw*SikJQf`^`wl zal+$H4lCowO`3Z@Xfma&-{T*ZZyib6{R(&M7mL@8pdH9L`Qq{V{WT!z=M$iHfN~7x z-T90&1pxs9P|qj=Edh0MLc&&T z88k#O2Wbhwfe{P{12UwgNvbBq>S5zd7NY>g?E{brD5S7_8IGgbSX#oxSC1DW!&Cz< zg~{w?$byK2F&b!H3R(3$uwU4TGTs#UTYuu)Hfb9D;P zHLwR<0022Q`T>eHlo^Um&;e2CF>V1gTYOIN1!_>eb0k57(JBz{(J%r2hrKj?K%k&Q zHk6%ForQLw^qTG1M&H0z7{)1;LzLixpyUAd4S|+Il8QQK zsg51(;3#?PcO{e%Wyb0RTp_sG@*J5fE^8ei7)W(iL%n?i;#`#8g1hvj;HNnx|7LJB zSdv;*57OLRoB?WQl(Cf%o~=MtNEn5{&X6hLFaXfHL4?0C z`MdGdgAaLYt`a9G{~D+;y3??(lQQKY{E*|$2l_Ib^?{!AOn`MEZlE*Ir~-o6}_-r{-On-k?m zD0?e+lO)4b>oqHTz9U!omJ)s`-vd7FP=~_IJ-$pCrtMKCHX`Sm(BNPIV@Ms!M$GbM z6|HJhvU%I{L8L;j6R~J_rFeXGn@RE}Vb}tTONgEaov~*ddp{#imC9d~awGX@A&4Uv1RDI@n8u{A7}mdNag=3BUv0^|rY`{Q16O)yuw>a+X^V-$&^ zF^6X>>#fzOe#MsiukLQt{$I-c-(#whu*S1YAh@32Yx|lk6c!xn)@V&o zDDTc^KAOM7|FF*;JNQXI2>5^HZpKCgp3VpTXp;WX)&c9>BS>;14f!|z7{1KWbt!eY zV}vKDKJp`n!!>Xa?q-{H4hBPyreiOeN`vTfV}wFk}Ul(+R502?XotI zrjKgjUWVf+MOUfKew}!s!*q$Rc8o)_cHI!|P7Wp4&IRG+tT^*li|DJpqPwE?Wxem* zGGfL=`8o%VX-eIdhg@C!=H>sDpT3<%VP<)b{|9|RmZ9#3o7lMLo0!_VfQa2}qOYr2 zrl(qOsw%#;WPOyd9avoIl=q&%{&D!G=Azto0rtcA%{STx%l!j0#&$b!fbYk}K$wsd zR{-zF^LWELpR+qJ-U@}@zw71HiKJ>uxljHrV2Ed_{U^n+Yeo+}U0c&S9B*Yb5BG7W zRjRXTV9Wt!F*`w769ceym(K9PIVU&UET!~<$2;La{DcARFcK{x2M}~Uo$!6>fbSh z{C~4PBr80qjGCsmge1`_AQ3esDbP2ZySTa>+x5GogbOp0X!3+4M1sLq*l8RNtw!8& zB>ANpB~=<<#Ypz{0x#kBlA-n|OTw-z>ObD#HI(7^^u}-$++_|X-F;C)G?w4Xz$EaX zJ+gRLXN-vGJ4>S?k z>TJoJR*$z3EF?Ht9*VOg?nDAi&q16DJvERL&i;HhP8pX~YLm!l= zs_o{((@MDL8%rtBW1-jGsUkGsc12f`tiTv27TW?5tWGAgAlt^Z_BI`p-L0s)=85E6(3_b+RHBY|8euMM4xT+4(6}NE$GdWtUbc5EQtYD2HyWEOa}TJ(-f*7EikdFi zkRY1rqD$*_>}gnJ8G(F8FB4Y^qWCek)g1%!sS93&TAU;M_dAWr-wn+QCXAg^TpSde z=pZfG4O8hBXH#BVnYTlN^hX>ngb3M4QoTg*lEcRyR1wgmi`BPq#@aMszCeq-<-7WI zR&>$925Y`nmAay6Ma8U3w%Aw-3+}`z1*bq+O-2LTRdWn03RJOm+zcmei>-7fr^@DV zsu1JZO>k{IWT;&Jei-pby5n8mSIylG+wbniIb|jdR=!Sya*(_ruwzN{I@NGm8q{9Vx?6jMhxReF?VEi%}oXYy` z=#)KO8zX(4LaruTTVlAd#W822^@5Jo+Gtuz3?z|Sy@qY06JO;^d|Ww8%9GHpfCcL! zKSnk!d`U?sQh*c$lkHU71|8I(KWZ>UJu7V{ZbG*#W4C=ru15FcS{>z`~uK~&~U0xF#<+bnh zUYdEiaan5WBWc-#@4ja}QF_D17v9Tdo8RYWkfU!&F~94?IXTV6VrY@Wk-yKXg>kP8 zH(lXulmYc}u&4`pOmjzxQCtNNg44{i`7C`m*8Lg~CO_K zqdzD-K%7+gMyR{kwpVYz;(sv@H_P^BB&zrlQCucq@R^OMYOy(h&U&`q)3w^4n zs*(cdjObgG-7vCdim60&i)jr>X7p}iytJWFBB^dV4opm`6fwDoS7&27K{5pj%OX~J zxorwgcB>ca+O5>RYZp}=gu97+#0s?X9s57kx1Z=~#B8rnl@}Ibjka>+T495P<1YtM z-cLS}*)a-3L)1C^J#9`Qp+X9L);l9DIjS6z$I^2B_A};{{uH;Ybwy_!9}q9(-NSi4 zeWW4?*9M<#lj#x)G|hZ$wZUgDT84F^Pi_GT=KNhrq_t@%kxw z>T>Q}n!2gyT_yfjD$(q;{wbq3@Lo1!Y9A^{gD!2RT(vH9ilwI)G(H0nc(1t8MoEFx zR)=)xS81y`dNB2St=HXZ>jcJn0k3uHb;~dG4ZfRZWc%~S(SKTKUuH$jAGoM`>6|Dl zf0p?&qrqjzUjCK3BrX5gjM1siP}E&U(6!VR=$8rAo-${YRg9(oW$`vHuCsFO!q-TR zz;hJoEh2pNgDFs*n^m+ap;nuf`bD0IDSdM?BXomT@HN^xkq1Gih!|hSYwfT)Vb)FTeYys0_gnV_S+EIS(1Y6xf8LbQI(&+7qG-crx$HZGkK;O}er>!?5)52Q5GH>U;!^MCOg*Ul3cA8A*Gpq24CXsdoKsODhMh z7|IFL-dOJw8+qU$)sO&;l!F5;!ig5VNP`iv;!Fx3ZQ3{Bf)@`zA$#L{f3MI%UEqRD z_oYsmlZ|A2YC9SKtQ567FY2X7`MK5;6T!lL#bniAGuF?7g^LGxs)nN@xLC$(x4Q*# zyi8s#9Ovf%< z<$^d{yN8P%FT1lWZ9rb#(K=aHFKMnANlK0ZG&9amSeAOAQ_2YM0Ik89JnL$vc~gnL!k}TQ7OA+iqjC*o2sPaxc&ktp|sW6)QxM-_o{bgY-R6fV_`O7wT7GEO4`HvL@ej2A@aX4#s~ zo{KcS`Z)dM2&1vLDolm{TZa^qMvnxtNU%3ZZ09vNESlMpK01Eh{!sxBmc~G29jgeH z$5F0FS=w4~!#8c1NF#ak%)=#M^JDPz7l`&sacIUERm)>O2DT*~GQ9eHG%FxOw;Vkm zor4fv{SFrkL!4c>KxmMjei4W|>!F=OXBOW8emFvXc>~7f(!cV4)sQP#OXL*;hc9br zyR~d1Q<6$2+w@&4tz>`hUFo8$6qO3+96Qs61JBHJA@Xa$c6FnRcs~3^1)EOAivqYV ziNEP=cvg|P`9^4Tp{TYXG9!|W<9jz|>(eEs-eCsecO>vwWVBvk1@~j8Mh8qyn}c+< z;?OtDrAP&Jn0WN3UuEW|`xK2BxRJ4yNo0hPLgVEQ2YG~S^8rbvwutru?fO|&uMCG& ztx=|6CS9gBJqC8q7is838mu%%UrEA9Fu5$Ay}F-_+zqOFe7|8%T66y=!B6_*VeV?1 z$>l4{uL{ENJLe27=r! zDNtvsPRkUl!<36k^nwB)b$L{~B?)HJ2sp=d+uq}a$Hj*@k*%s1ybB~O)=|#Ik>9<3reWMsOie<+w1-S-jMa?o+>XssIW-2n3ra;cP28gurI zrbbXqa?ZUYejoz1_r~ZP)-~ZTk0g{erbNGz%|}0r{3OOcSK{nbnxdjS@F6N)rN<7P z$R#!~qmfGx-heAWa=gn%`ne(smI`NDZgtk59ia^|a*>GCP)}4Wh-T0RH`M{+_N|d| zCr4&VWC39pwSg-yha~7J?C7g@1S@RxW}R%a+p1p)O`kk7EsAWPAZ+ceEjX&39J{yt zli7b5&1j(|?aWNnZP|6rd0{|wuKD5AY8|~q#tFa9JUP5U`MdgMAw#0Ypct#lbi6$z zT9H3}RP!3xWgAtqgN&Jq8K}PKsUgIYzys(aBSKn_R+gF%5Y3sp4#gjo6?mFxqw^GZ z&(jW?PYP7+VTyX=?_ZWb7V1C8bvQLNsZZ;&5r53b(=PMYE?SB_v;ahwb~hYLJewGO zd-^P83c$dwSb)TrK_|8q9eLU;h^FKzGIPph&NeJ#wzwf{vzjo@n4@~f`3_IK{h+IA zU*bdOqT*BmjVvQZa5#9Ft#yr$v2dZ$q%8RmS9alvqSG6_w=TUkN8L1%A?%WBM{M?Gx@1rs1UNJw+j<-m*M=_!;Z{2$!S)(Tn))h*dXc+^OKy~FP|~VQ zHUl9T&IT_>WJZ5td8oJp8$wrsr&w1EP^fFoz3af+uBhP8;3yEpjmqq^imNTID22^( zT=m^@6+3%!cjmPk>fBIhKxVEJS7~9BZ8e*AS%H9AW^IyrglEbC(gA|gNw-M{i10KU zohly>5N6~gy_qOmRae)^62KF?Jr(}bpEtpNWL|Hkxsq2c9v0rKZKb^ST4_~-gB5bn z5m}$!PvKoEruxBKZIswSfosq7a7=(!6}wRet)bQKZI>C6Ix>vM^+7Iu}tJ*v9{5aX`F*p z78Wxl1xIHCx~YV7k9$-h4~Sms)>5TowmT3tNArz4^{Q2nI1w8tGjw?ijI-F z^XsvlTM~YHiBrQQMguI#2(Nr? zZurnxVpCyPzCWgO+~#e0lvrEsW|XpQ7#C*E#6E&MyJa07!8<14n$kC&@>+KP`7GP0 zM*N2an3-rBLQ!zvh~S9<9>7F5rbwHnea3E33GYD7juuO1Wlc%K+KV&Mxm68Oxl!bn zkhC+dv&z6ZzJ(HhK?M@e;f#2o>FOzlDaExGrN1#LM)RM83+PO zULTu1QT*u<#BQL|W2+|EexfNrt>;r=yX<6a>Qfa(ecvBv-U2CTXf(F|DszS;Y!4>} zWM6-X^yB2mP~>$p!we>WT_qu8LxeBZx^8AWoKW9ZZ8fvWv)Qk&FphfJIfu<9pnT;J z?xlBJ{A7$C_3sPMl!s&-P$%X8{F(g!$99Xwj>PGnRS_)%G0Vg zv_?iA0bm&>SSs(-eB*FZ242tmR@1uNMl8=oUdZW7Y@ljwj7_IXhJ>P?Az=mdj*v3N zvGhd@YtcQoKD%$F^=#kLuAv4;lV-?}7C&rj=sXQZ!v+!Y_=x7{h0T`-=CPzUW>3}<6ABDpLO~U*! zrcRw!hP3ls{(>RTCFh#uD`@975z57;`&QO9u{)ot+N0^P@GFI$xvEp-qj|<6dtb7u zf`+y&hq}y+q}X%`Q}jaQPAQvY1)FE71iTFzQ0RrJ6C5AO4A(=e(C~?|*PUAnMW!)r zH&BJk%@`c*s;ZTa5nBDx+LgIcS98 zxaorwxWNFHvx3#jVMvsXXRToX;g`HCO{=_A2ayV{#?`CuFDkBR?y~x)(rS;i$d)r5?nZMLVQ#M+1Lb!3NCO_TN;PwqyALL}2A z{1!9|qmC;fh1y4JHgvhrH6*hPOQoEXi`g=y`#BK@O{2w>7^w3_drIe|=_2K>sU#`# zZBJ}vvi;YyOszTN${0P0LJK|i0)31=BVy_y-8XR6spHJXA=mm!hTX@7Xs0!L!5Q5+ z)#+q(K>`X2o)3G;*JDTpb0p_;)OIQPgwFatJ0Itv^JYl1&om zU-u`Rus}(dvY6#TG4jnf{_Yoi(o9HY9PW!f*yC*>X6_1q&G5_`&0W&SqT?O&Pxn(; zeIe=dDygNn_qg6JATw1^|9J(eY`1;FS;kH*qk3>Ml4=6>Op0nH$;Q^=3g=Hg#0J*9 zO~BsRc(%ID+Q=c8<@>ji?!x2~x3+2U3sX{GiwCN_iss^}V&UR(INvzob2OpskCsiO zhmn3BqTz%%hkLRbbqjUJ`8I>;EEHpJ! zo9`9zyrC&26LO1^NA7Z}u%_pie1VNZ4r~VGJU$wVr7gzETZLqFX9~^;Q?VeJt|pOt zD>t=|c$=_R#_8_H`5}|@;i4vu07v=Db_)wViajG;M3&e|iM;-VN!8oz3gIka@B!NP zMd`0hS@)j|a^+se8qsu1$Z8uGJsnHS_NOX&9~f;1k~55k9&Gb4|z8uBk`?#$Ej7q+#R}c z*|c~wUT{BR2#l{Tgh|Du4wo{ml3ks=vUKGmprMmpWLyxjoVEQV`o(ywL+ceQqKa_ zDVrv?m{)HH3X(TK?o!M!Cl>2*Bw~yjAJtlklz9Fy)?CKoAS#EQtL}-b{ig5=n|~?@ zOdY?J7pnJ$B-nD9M}Qwqu;_*&lH7-2jl@MGc7 z$2wBP1jc7CK0AKYr!UUW8NvzG$J4qyO8{`FHUt@sdKIV*a4%RR(-c;u7KL<{DlqyH z@s9Va<`i1;d5P)EgB@K3r>baL91WNtfdO5=LVn*`plmc-spvdXRcrLvb#;hU=hUB8 zv+z`F2uYsLyAXAS7#@3qlQnu z`LZ2h9BeLaJr{x7zTq3y9}B!$q|pG`F40c74aB!shN*C(P)8Z-{sGJ4E7_2 zWB;GR@eZrxpEtcUw1{;6?EnzI>b1BAvP;}N{4{S3xpdA8gXd+BO9J!XN3pZVB^8=+ zY+e$DLl6UY`da6?jH_n`T>i8>4V~TVxLayjd2gGG64!qMV6H_BY38OSkaaB}1pm0l z(djbp-;oO#_uqvyy|y|Qy7rYtX>V=_{~)!~2ro}WwOpz~mW$5EK^}iY(ImMN|F0E2 z6EBNO@V*foau@7k7K(?{_s6QiQ0W?>Ly|9wsr?P;2F^*k` zWD2#(X8hWatL~7mXbJ6zkATte$XzgZtoF0mdF%rkHofB;Px}PuxZlpw^@&o4sapR8 z(66yT@Otn**S^wu3~!PknQK*^JjgGF?7PPH71nFmjP0`!`I~eRlHA5@T^DLk{`S`T9#?eh{3v$AFY( zMXJeDqsfvaszfBkvkN0^Zv~U=0i=es>Es&MX*?)-Ld{oXZ93Eh&DTM6^!`{E{}d*q zU#)Dvv;HdlQ|<(VH)`tzGaaQvB-^bWAPEtIL(}Efq_vb(0yB!&aXDOuIQZb_a!!oI zqvL12Xbm`9AE#A=@%QbHseZ2xzlAB=iS+9_p_tFLgIY*qucC1wyi+ZMu;26A)PNba zCSqxqho+7kp%Bgkkl5#@R;1><7p&V3Y#UWe7bm!`PTz=-ax+J@q@E!2@=njrINUILmhgYC=4@z>=0_|!SKXXk|FmaYPD zWiFJ!^(+`$ZLTOx{-WS12{SdYkV3-eOuBSzyi+8X1C6yzv|-@pOvsMc^{s!Rr8q5g zUt|EWO?uru(pp`g9exnmmNc0-o6(#+DmqrMsAran^f`{MGs==-hk2m}_)Rw;egjBCf;| z9W}_0|0{iUB&{OQ<0ab*CjKb7Yxsj@QFB@2x9J^iI~T9plEx*GF!(cgE*Tk~`K5~< z>IpC{?)VJ%@(T3t1ZvT9pp!(2NjUC2mV*EbvMCReVocUJN=00brf}~?3fMGcPL$0j zlzfP;V|>LAgPE>c-?|C73{`oHo%M@5Kk)i;^uRPfwlFO}Ki@s>`EY|6dj0cu{^rq? z$ZV`HvNsB|yEEDF+dw$~7}a`~ZhW~Cfoq})z#enZi7tUMiN~w*D!R}WbCwVV5+Yt6 z-_v+KRBI``qbd8TA_o2>L|s6@q$gbrGUA_KWmXWoYu6K5x!or!+RY9%nxBrgrw~wd zQ5zL@3)CO-USzs-Qvn1wsqirU-bbp!)<;>9mJ3vlf9VGx_l6I`GbZq*2+vM^Q_~RN zq5$(s%XEiI6a3VKp5B#h6I0op80BP*QB>S5gpP2fb3xul$|W4g0VyJrJ+Yt6s?;#Z z#@{wQMDL4=Q+^t%xnx}s>@@O*Lu%HuVQ#$Yk4X4o0q!1OBi>fL_?Kq(F zpn~7VWPy9|NYzxAWSW|rGzY=Ps84}*P<5gVnTu9NyQdtk>8dC2O8aHfrgbz68Pp2G z4TPkmLIesXir7gcr3s+Q(V zDU$Hvu_B$0g@1pHYqECu-f>r{tGN!-`1#2Tnsk)BFM`FcQdLGcAa@!wAW*000uBJm zy(c4rkyli=ymUvlKcJ3#d&c@q1H3(tZxW>s2^LqF8tOLr1~ijLr1n4!CXqEhmuy=o zjFsd27wR)(1}R(;O$IDQ)%nPo`c#;K;T6;ET(e}4JYzkoCaly9k=w-rV4iR$Fa4Si*c7()st*W==|Mqj>D{O`ZnoCn6c2J44!HVle;3c=XRyc z{Kv+|&|__H*2wS7BwRKlaG0;~c2zAt745k zt_yu}V`xj-plUuYo|aHEA)%{Id7qT6pqcD3$5_7bSoLJcHP~QykQ!f+n${SrgIiy^ z;=p#gW1dxvQ}$HWX&Lk=Ck_EcWHHOQZL~!j3e8xW@4W%m8t)6*%P{G~Wlh-n>LG3R z(~JNf1r=dZ5_fXPs)3bC5XD=s?ga+rBB7Cc)Y<4u^&1$g-hDSk6T=v3!)JEZrk4Um z3JI%zgN~)peJ1D9MP?F5{4Fi4#z4iIWGKKPGE=}|o+QRfnRb_;<0iRjqG2Ey$K9MvUU$ZMHxu;?hzQI0{#9Qs`mg}u>FY`|iaog|mSgrGFmd?$4j_5?t zQ!@tJKBX4evf#=iuh$&Rtojg$pF`=lrq`Sf#QU=FCkZ`R&43Jl{-B1@70 z0G3GgBJaNUs0WPls(q{RlpZN<{)|PjIOb3L#A(&uEPW!H^u-I|KVi)d0!c4th`+Vh zr#0`^%0!Z;W#9>kuOwpT97*|EQLoY>6Q2=BhhtrW;G-33GttOgmwKM9bDq19Z8bB2_qOxMvvp+zG4MLzSI{_L{2Q` zP|xx`*zhZw24pD3fe3uh*SpYeAsng&Rfr>(@TGPlqbBi^t-l9_=?>qvxNS3SHo%81 z0DeGAx{Gj1)CEn=sKQUn8l{!lP1!--Xl?ZAlBTo&8IJzZ9p=p9!ah^9#=$dZ(ljix z(X`R$>Gq$(o6Ox@u7EeiMFa&Fr3<+E)s3(cCH(R7ie~AFtLfgO*|>IoMQI)7PGKF4 zGg~JjT+D2A69X^FXz$FHtad3AZUB>hykANFx$%YgqWD4^X8~=u6Mi_DI{H1>Yllg!2nFf%({Qjg~^(4%tWR-sLfxSlQ|# zLxdzjv}SN-+;~}z^-_Cj2lPRQ?R>e1{dLP9&|`rFnTHqR-CNuya?5;5@PthWehb#ScdCEf1N6pfi|snJj(xVJnxQsn2lNpaTSgVH+j z5`5U0+3cj9hKl|s5tb7Cx5&`2uJ+v8HUf6pehof2-91_}g~KOSkebB+e)nY~3jE% zER`uM1TnSI@BIW&+~4Sb9|3Sl{UP+y&?ZcrOsVy)b&$^iZz$)=Iqj#h)I55?u-I3# zt6447wv@l#_Wy|ANMPJjP<_WtVJa5xP=0fAG6|@dN8X1BKy4(C3b!8q`5~nJ&ibuQ z)9CH*;}}0~gNspg$5b0L555sqF&}Dr8LTA-4}Md>JU57cVAeK2vL*0elUVw9|K;Cn zssE;|`d_@IV%g07O}8TTs}zj`Lv6X_qdDb6{2r!EPV=od+xWh`6F+(?7j9TQ&&)wJs2~c zcES5BJvf}{PpTtI0T6EB;-E0yU5vuqIjt6FVini{NtFgg*46&>@V!aO5UjN|0 zbZa@Uqmy)(Vn>e7My@;Iih!^^%S^EALq(r8heE{R8id%2#ltb+%Xs|akv)koz!u*- zs0DO;KKmrzG*7gFXQSx>if0Km_l1vkI*Q@Ii8bkndKa3n4Ihf_h_Y$$KDQD?&IJ}0 z@#s6f%*d|BJ_}wMQV+GJeCNOhE$}22M^ZuM=#vemEdiNTCgJxJ1Y9>F#$(KwYM4;ECF+UYRUK1=!lvWBo%!VTLa3EK0$M1Mg_hCH)8?UKBDVOys4c1|=lj6!xLS}Pqx$8RwvchE zHIv_mrjB@T=$E5J3J(p+6G>F>Dfxq36rZ4r=CX#EwS0(3GX6{Rs7XA(WcQ%q%$Tb3 z-WqS4D4AVl6cAST^b!O@ZUK_`-w2`pO9L6WSTSUkJsfP}vfVBIwA6l`gz>{C7XfOc&-Bjl z-s_xx%WkZ4rSU*LrAhzNc>C~bl+@++8=ngO7SBfjJt~(VbuS$(WYq3Rr4P!`vU zop#4vtJEfY@ybutbxP>aex@Gnb>9RnBNjd8x-TTX)MQWi-#h!KL*H8R({U2~NgqFMWH zFOaldjwG@eg~WF+N7+=H;T%f(HP~NBz=+&#;r#Qp@GH%?LeT^)go%gVseh!WOgnBDbzq8(kvP^J)_TA0Gi2HuXcAL1R@Imi z6)kEb>6(x4N0&52rKWhB;rTv}Fg5ZQ(Zu8?&o^z2`SxwN&iV#KChEh5-yq4CHP95I z4z7KawV`6uana7b1DvQbvfl(CILs@{+VT=4r@-+Mqo;#ll&ACTlJn^;w~wtYG?coS z_LK0SnV`L}()OG*{mabBoidothlwi!)ADRxq9&o{H*96UxHfR0bLejryK%6Gl@&OK zt%y&rTNHRb*8N)+<(>=EBLCrmz4NA59VI9TZrTVg2hP`EkV|9Jb3WG}B zVv(}sPL=FP07JCqUL=>%=p!+!p#2-)8*E@?t|vy}TlZ{So_we4luYhZWb zV<42FXyfL^(w4yN(|IxQ)0*D|+7Ii?rCNi-SD0j975=cPJ6wIR>)o7B`N!KYCacUo zN%|NxHuN zUCiRsm_N~S=d@$Ybe#GyqVJzP=~Dd%8dvm(T-FovAyTHk+JmxWo$*p8xDx)-QC7Bg zE3gUWF|AzffhMTxo!X*-pd}YLS`jI63UL>k`6A;{)~aFW=NHl|`9UgnfvB!wh?i-s zO+4q=Zyp%3s5?9oNN|;#P>u6+60^>;c7kzig4G{i8t||MM=~ZiRmOTQ9T^lj<6y}j zVR&40P5xuOBac!K-0c|OuSn?ojPr=94+Z!;F*(kuhswQZa7(LJD zw(_Uzle@c_`bi)i^BYvYZu4TY*T{remywj-N#uRcaWU}kPctpg72Cj?v=FVFN`qpX zyq)#N%>@B*xF?c<8F$9jqrLJ1HNRYepE>SJw-&$P_@K5IJFAHK(Yxvz0%H_;9sX+T0?LQR?vw>3n^5+X#7c&DjSv`D}6H_fBq)j5h$_v_vO}q4&?ct zOQsRe=~T~;niQf_ELRQUQKN(ID+8n#>+d}gwj|=VFpUFeF<{Y7ymf&Is(3a*ytuWJ zezvtgXK=q;AVaxs_p=}8yO}QsTxQ3*^dn#DLwK{4a~4%=LsFG9*COs7&9%l4 zT^+uc`Y=w=P@0w^se=>)_S72YbK1~yAvRR1b2eN#@%7#n&9s49^BpDCV&2W z&b@bZzwRF6zSrI3%sq;lWvk|_sR}1Mlopo~2Vh`e07>W%cv!|85pyv$ z0stu~dH@Lk02Ba#fdgQmoH{&|{lf#W0Pq9`_Avr{p#dApKh}8+L@@Bb<6tOH{D=Pz zEKkD+g>`)>9)*}pB^0yvb(0tfG zG9p0p5&ntC`@=u#3-jbJ83myApZwuN9u@JNV= zh{(uDD5$t-s864w5@O?E;F1!NlaUgUkWf%F(@{KUq#_}C!Tpl)6)Oh^2RR+DAP<`W zGdl;{<3(VQk&#iKq7tB?5wKB`P_q3`(?bh@g#?7bK$U$CJi&s2#e#Wg1IVFr!b8`= z<5KuTFi&9N;1Lj!kWrpOD^y}Wjuh+@I9PaiI5=o+4`?|6hXs#K$tr??qx2E+xh*c+ zmxweZsyAgn@RWxSsoC}Hypd6!;S&%N(a_SpcuCK}$;HjX%P0C)Ok6@zN?Ju#OqPshPclqm#3XtDDc)Z@zy10fCWG-=kw<19?S60{7H#UE5Z66(h-AS-}IMa|3NP- zs9sOt;9%hpAN7KH;tUP2Sa9%^tO(d5N{AnAah|h%LBf3#kyiEtnTlQc5Kqr;808r? z$1=^)qiVl3`yW%x`+rHZe^cxqdd&c+urSccgT(@bffI95X*5wqNO|CJg4DX?cXoR3 zwmp*7P{|?%>~`+2ELINMG74X;3})HtxQ_i50B*AAHqczJu`}8jT9t{xd#pwR5}&KU zbCIK7@YN%$NDclVvD!$G4Q<2F%w{Ze9mR8jz=x4t9b?7QX z_$%jTF6#0DkhZ?1u9M~h51Yz|JXx_bK-;Xos716MjnIkC+D>`;$=R(A)sx7QcK;Wy zw?hC9nzswRf`BtYhGNiibt@%8SiUJ*vDr^f_W*%P8{`MTWeMXoyL8Wu8J%%ji)r1c zxki-91jwT~IbS}A&=Kem=|Y*WvsZ7hw7KT?ryH$A6C!r^UsZ^FQdp1#MuMH(=~U6y z(tRd?nAO9=;RVxv# zd;oqoR`oI$x$C?wcpfO2fd1C}0r;KFy`S*83A<7k!*%B%@t^!FrF2(>ctL(#82IAc zgcqyiuT;hj2xDJ({XMSI?vNdo?q4a1a|rpIS5NtijOo-h@#eo$VSmIkP?D$+=?Y?- zr;e-urf9*{5#M0ZIxAIvOG`YXQ*WwIX}X8@^E*9W-4plmfKM{|v|;8(2{uy85y|@! z3*ls+!$h=}LI%Y+3g8N-knAO>MI%VrFZ0`zct+9@NrG(@iZ~nOJ{YKLvuap>aJ%zj z*?c$rYqA{k8Ee$`xbQ8NTd_FPJD;I7y;w%EUhEr}gz<%EmO@NrKDBR_cm)TAdy=^W z3bO)61lf4vz$B>Q3@No0H5DFFZAy*XD4qjUYa(K}>faLY@k(zj$J+IiGXn(LUtz@C zF6Op7IFk{LT9F|iq)qm>MNr1}e#_FH!)WwL85~k)@h&uOuCEV7T9CkunThlt%u(4F za}sWN8*txUVnL;Mh5tgW9EpmiZjB5v=aW&H<%ytVOhQJ`(X)uGttw0@gSxl`DM?|A zYSvsueryB<>5YP-u}^}lXv&V7^_sP9?hVbHlN4kg?knY-7^pi$TG$G%21l*L@W#}b z7@Hv4`Ve;7z!&*1UZe*C|0(1!S}jG3Q`ku2O>W&Ia62LMFTh7kQUY6NnQP&RlB;=6 zNyZ4(j^rr1rZHOr9bC#&lnPWMRRa8}KLnHocMW5|kPE2Rrtwk*q&Gf4_~E9N8n+ht zQb9JU*gURg7(Tckb?fHGmC}GuGQq@zwS5Sw%G?Rys)go{jOUscH`B?LtZ4a^WYRZt)nOBT@{ z(}Y>eUaQMiaI|@M9u_#+=rQio39?H{2(Ne$AusnlI|1l;O9YQ+oq&FKnl*}9YABBq)w% z5*i8*+ubQ2NRu7jHsXL|w!ydIy>eT60Q^{&FeA-CF_gZNo&#$|t)(y?cBz}>tJ)-P zdf%%ZMmb#loXi`Xs0f~hX4-e>x`(NDNLUJfYm1yWaSMz6j)aiYMV&i%-8!~<$QfJW z;{I;T(y~7$#TlC<9((0ZOW5W$^J`ed(cB{Q8-jh7^-xjZDhQd8WP+Q0V%gkMi$fB6gU~JG6xq| ze$vg(UvjY`)6id8Z!zqo2zC~jWOwDzz^{;lubXY#e^03r?la0MeJ8E44ZR=LP+#Ox z`f3Ki*>oK9-s2H+x=fnzwf%XM*zCIl}lWQ?b0P5(KBZH!5J~9?do9l#m_IW3d;kc!;g`m6R#j1j=CrO(`-Ge_S1=vItzt{nEuXd zG7)XsPSs{kh~^xa!*3 zN@Y^Q)P!8dW-Jb{TG6@wa|@k#ROve7Da(YW?QwToz|Jp;Mia%}C+adm`VRo(TF)KE^E$6x27W_t z;zoG}_nnk@O3$k$lzwf#J>vdn_OPA(>)>(dtz>Kprt=**-*|Si7w4dt_0CS@e30|| z+IXQcFCo6?vnI`mbIH|LaX+YgyF8a{M{1KnG-dTSG`(LOJ5-H>Z&vYklqJi=N4T7F zyIZL5-_!~dY`=O+kZ~-M6e$v6(^d0>YG?GMSUM)Qk?Pq&0WX~8=MM4Z;5&Msx&838 zI}dvNu~L*%i?jSF-PRKxikhV`&;~_ZdjLGuUq$ z+b>`uL8$hDn(iVEma62S8Z~+1P%%M3)<&2QfUk~0VAGsZ^RG5WEP89)NtpZg0chNL z9YRaNB5%&7#=@ed_ARdTmlu&K#Vcx5MfiGFB5~ZaYt>#NUW>!V{M>jAxY3E#_3n=0 z9Z3wT%35=o=wxMXdZgLs`zqlQ3LTXiZK1HnGNUp$HRM!jEo4p8*Aq0(&zhe)&fYN( zT=(y-YsSSWW`?W2f-??tn~`U*H;U*nBZ@L3)7ddM;j-$CAe-Bq1e--GxSKM4J8Mr` zLM~b}Nkaefed#_uHD5>cpO@1!3#NqqV;Wv91np>~b&s>uKcS6Kvi}0!9CAze_05!L%5!+8 zjdjb3RiccEa(4goMvykwKzDr6(pw{5I+AfY74=y8FGj4-3tp*dSjUGAIjk3NNhs!A@}A)Ng2a^rN? zbmHjc1E5JsHwW_oOyVXL#(k?lDk^{bbKx1A{yLityN-F`4$gwMKvb7@=1u2BdR?O{ zsXn8)0$yU?Zb*h!(wF`ZYwI=s2}|*W^ z$Rf6!=1xgX70`MSy&<;cl`n`;)32qDL?k;iTZWZ5KJ=jX-OCxeNJS$kMkef+JorwH zl>+K!p4vZIS-}8dnNP~P z;U1NCZ32ukKEzxHe*xQXVrU2g+Uf{EN%#9^0z*uwzgIG&f z`}Lj$HuX(DvA{*)jTgSQghQA$`ZTPey!msJ;Jnf%aXU6%+|swDYd$f8Tb$0eq;vtF zOli}r-1nZy5LkTo%v{aMQkl5bb#>2~5_3nv_j4j3k2~FY&-T2V+G1{(7f(}#cv<~^ zE4!ueI*)Dt_-a60PQ9_&+z);-r%}U^Vk6_bw;1yCk+(a}5S!+r=Q=!ZUP)e$n<=`q z^HWYg!`>3jvs zYtolb$y4*nX}cDMC=d(jPVz@~%sTJng^9Y2S2FrZav9CNEP_9kkq@MxS1H1*dsYVZ z3(CVodm`l!qEfpV!WQhOZla=Tc1B0EGEZCtzZBKaVpe*W0d?@Rzlh-~!u(Ts;^UK0 z%Ip*hGuWt}9_`(}{K|%xT)G1ON;jgshyPmL%|c|%2&@Got1jME7vd`#);1KYRQt1< zGq_M*Dsw^Rg9E9lUC{T1lb40t+p5PHppFHp4uwti+snP5X#)ybv|op*V{A*WkP#On z-bcM1u2m-q9A_lJbR)`h!A;%VAcK0EUkEQZqSA7(ByCmSyO?T_|1x&)+Dh5J60lzk zw0}R>Do~0vBksQ(_(aTn*4$=xc1y9~?Hg3t_iQTQj-nrh)37{Jt0DJ82BSa@7Jp||~5-^Djr$Gww09R)YyITP9* z0QQcff>;zA_F2yAXC-DF{*k=;8j`ZsIQwg>LpJuZ9-!%>^{;b=Xo2Zz0|EnHI^S!l zEZYq}xZ*IrQNi&a6sNcGBC^*UD09swgfqSjOwtgwEqKq_uur#05}r>}JbL`XfJn=(Y?PMO zeU^$WMHdLuvJ!_5Pn-+Wa?*0hWAW=;`4w$^Le0we47F+Q(V6XfS~ zW;wExfL|J@uk14Da#D2PY_ zt@T>p#?ArCe}M8_&JH$@d>oX=)i?QQ0ObpzJfj^{Kqx=;n6LL2zx&7=|K=YtWdPSs zRaq3O+anfBVf;_L-aqmBCU%z4IvmhC)CQJT(Ca^W_ZM&Q$bWj|EiD|Ovi+t<4N(oP z)Ks7`H8hX_5`YvS2Pgs*fF9rom;x4n1Hc50t)MyffHJiF&3~gk(eL((&{lfTR;GYH zw8dM%8n6UD{%#LE&H=Ozl>RZc_D1Ybj2lWYsBZuOe&ONaga!Z*qX6J8{Ndpy?cw1r z9g17e0YHn@KiXTT0szk$G(Y?wdDJNYfbkUos@ndMrxyzV)qVg#Fm3bE?&I%%9wF{0 zM$jFA;~W4$dk+9OP#_*f^RID(mOYjO8Iu5@3LPuiegKG1003HJ=(V-}8+t!(BmCRA z{dep98Nc6HIqZ{1di)CuB{&4QM}h+A@CZ=o90eH(85so?0~O^d`cq_NG%Pf93`|Tc zOcYdX9BfP+D3AFYD}QVW3x@=4i1`%xDKz(gl73_5umHR|EDRJT{u?VNgD(8P!1Bkj z_)Tz7%=j;?9Ev%cVFFO39QHSSj_?!(1&Xi(j|nUUY)V8{91$g?=O1lxpFzQLJgTU) z;br7E%4Ow0@Yy-J_3Z2&ydx_JsJT>BH5|XEk8tpas;Ni+9349(q@gwV8Us0^)AxDt zR^pwrZ${+`v@epsvF-ni+e1r*AA5cR{2n{_CkRiVpz&{T8;aS(*KyL(XBuXH=@oN7N%K_T`Ze{|;upA{y4KU(AjK4~j6UMu>0e5D4|YegHOM z`wsC-e3p2?LZk9TQKtTLJ2S$Y3SJWZN5TY4pNL8Aj;{2gA?^B}6~ZTl=l(l_c#y4| z{-bd;$ZU2VM_IffD!F0C)nMxWr|4w?;lS1G;noq$UgBhTuf?r}_eU&5P*)Kt*uK*+ zP;4`%{w(Fjz3(*az48z9+e**s_u8y}TW2;S@m%|i3x{*7!K;F?p>9H%^4G2Cc@G$2qdOMXgV!h%szqWEe z0D<*M137`p_H9-(&R895XRNgcPq@|=NdWox}8%6d@|N5Ib0D4)R~G?$>s zLrus7V0xbNE?}(BF*Nk0gX>#D(=9Wz-dQ=g$hav3r;ez~RD-BP?U#X9&fUbL_}w7$ z1jj0x{;EaEE%T=8v59$_kDQk0+ieNe1eg4TYiZv>oR#RbK6?Y} zx+RbZ9QLa>%dD(?;QcaIlQ|BglDs|LAJu!5&Xr2@Tk%=bXckyw;?vBTJe+&zzzQ3? z&$jB+u}-bKfFsWI_KpR_5ry9*;XwX6!B}zJrJqT^s-6xOk=m8EGoD^BC7Y~E&~)b6(A>oyaa4jLKZ(N*>Z_hvOa7#nR)e9#$?QK=2F;((8nP3Jd1!HDzn-7vZs2y}8DLK`RC3CI1R;c#}_v-Dwdq&ao z8A?8>m0n9&URig~y+P;|G7h7P+lh{1Tjj$ud*7EcC$-ib1qI@5jR@{C`Oyi4{9tQQ zEL2n-CY4OxJp|WBl;)YD(QNU~yGfPg`vllAJco#!Nl-6%VZ+s?)-km@ge0nXrZyYb zIEzfWsm}q5t+Q&Gx^JVtn$(kg;;V*+E78#q`TQW07&@mlkJvCSehe$|*IgpL6ck%q ze41mk->5lHN%_XkIL2A4OpJVo6))FATAA#%2>qTQQG_DB;Juz9nl&_-xQQk?jaD6G zm4iEqTMJoQs_Yl=#;{TRAR^SCb1)N{JG8Y!<1vzn)T}Mxz&d5~?N+XOT@?$_T4yc*uL5E0iPRsDYka@$ZUboO`^_x%FRmf(uPlFjFTAB1yLekovyrz4>%}thg zh7EmePwb^ulH%c_VZ>yoj|hf*IQpE)5uL|Ut*MhT%AxKy)9V^J&m_8*ksnEpw^5ar z(`GJDCi-p&1Ca##HQ?^zrfyp6n>Mci?{FtMTB?4A0!~25@1dfBE1%QqsnMo_(U1GU z$`eVgU%KZ6eM{Q%6GJOI5Z=hiw1WRtu7=rNvIwK91o%lX#B)3Ex{ zAvT9=%-AISp+8b@NhA_(G43h!R*w%kj=2*0G~Gj!^^4p+?JxYj)E|IW4A>tlCmlLx zK|0Ze>U1SC_Vy09>B7PVznVhK=h+P=@Z1!nmDGOZSd&X9G)<}!Yy`|Lx{h%8v{qHd z4aTi~`F2fyD|U~t>>|8`PTY368)v;juoub@iwol2VkhP1x>fg&Z^`p}Taof`p=Iy(+W6 z=mN?wPq?_=E+Iv1`c@$NM12Vhyz}$ZAgxId*S5QJ7trERx9b!(o|ti-?gZ7jiO-Rn zW~P5Gm&%=0D%&&VVGa56BNLJ$0PBqrewUK`BeWrIHPdO#!6RVhaHIj^=k0hOmNkaI z4U&U#;3m3^)2|yuq1im6E^G8A-K{^xx#B})ZH(C-!vG}W>73+MOENE z{9XMfrnF46cpoh-zgGE&s#M2wha!vzpj`T@VtUh~Z0}nhi_YNWJk9%|5N%B{DW<$r zxF1xshQ#`ZC$Lh8#O2c@q_Ox?jcu_UVTpdetvYlo>Nm;enh!vV*Y;hGzsscmkq$D+ zGfyH0d6S047(F9nTb#XvcX4B4`Z3S>_8HGL#T(8knjD|zIltfLd>f62Pmh#OV=nn! zdV_Fk*pD1<)~B1M*g=jOzqFP|hxi#of1XEQ-=Npzy@%lR(E;%h8UMFVKVb}l9neGt z>-!xnEY5)VEus)v373GlMaHeeo@?ulrnVuSpD~ukLp*L3Qu&T(+UMErN={i7ilC1=%iR*{(XY4?oT7CNvXz9&ZHoIKz9m1~CQ%%XOUEsjaMYmSF})3vL$_AaYKI-Myg zlW8$TQFlEd-79C-++>F~pxiw?LInrIyVZ9&Yc}cUX1G&jb2@Z+p`#N=`6jf@xE=Q? zY>pT|0HMR%m$&F7we}~Q0b8Wp%?A&F-~v%I$0?Qh&1uACP+rx5Kyv;p2LMC6e=G+DUFf6f6LnwO443@Qa)Ksr$k?1vZjYJOKv94Zt*W5ARm*uZv3no`f8Tv9Dq?iP^GL8sxMMks(Pi}z48fobksy@sviJ*&3he%Uu6iYkMCNf@C6S55Ol|~g^NApK{+Cn ztaN5JKPsQ1b9N^bTdpPivR}uj$O55(t%{PAgUJ>x#+i3jU*7hB2eujktpxJyOV*ad zox;$>`(Ko0!>xw7RWrYe$MN>6I%!0G;;C|gP7YsT(p^H>4l85=k>in!MUQWg2Dg+M zV;K+HZbr=83h1tSv`4gO?S2&oPQ|BQBb&X=B4wZrIJ{AxydXm0Ss%vMY0S zIJmn-O76*&a>Jr zGGrE-Fr_=DQ`2ElY*-;bD->;&8$D9{J+jv(-9p)#j+xo_z5kp%NXxb3wd@XA?5~N4 zsQ15+K0-z(wl2RqNxgi*Ec{)U!%kcP6rb6LEx}>9Pm{`l-=R<0fVtuk!+bI8tm7a^ zn!TkfBd49qbTrYfz(3W!ic>uw&avFTSy7HHt`qs*WXoVIp*A5_VV0A#axc3~#JQ$Z zVrh{1?yRLteDx{uK1^4nxbS5hrGmMP`Cik|^`eI%sl-TelxkRp{Pd?+o8-2aH!K9} zIT7LE{OEP2vuZtC6Qm+c4RZDsbEiYuN%&UY$a$F-bFjg@{a>*qJenF(b)g$X>^XJT z$~rr4&enx>AVxm=cc#U(wj_Ab5V14sNUp}L_CdH9oX@+qpFyI1*PU6pxt!G8a!fhN zqLwA26XttzoD2q$U|;DTNu6^)o|-ClhAtEPP;P{^Lm%_qGUuk*x|6hDd)(63AhSIY z>(DBC*M$xRg5;*%FFEMeg2~~L93HPmFXolTZahP(7tAfOv>BQgPg>cR4^64&sZaO` zR(KMru1@I#W)46i^&D}wtTDT;YZGQxRaB@z^0dkA^#mRV=(Ox9sNcy< zH9VV4Q;dB`2TrtAbjK32r=|sE)}~FX>my+VTq><#p?i@i7$mChy5dYA7Nw~dr&%-= za#F>`7p@f9MmZTpkqN6$r*S^yS7FT07>M_cK!&7P()HJ zetD8xPaDo)UPKcsnR5GJV4tUmaO`PlP*zD!dPdIo3HCYn8Q6?)8`6|jn5ca)`__P$ z=u&eVZv#G=v|gctfJ4f=6shaZ(FY*;p5?OOlHuDuL%$CTR^<4l{ls%OP*YinRLX^f zw)3K#DnnJ;@yey2 znXc4?sj8M0 z!b^gsjRroCekLk!Bsgz@7;RF{0&SB^iB`y^%^Sde-T_#3aMX_jtcRvj^kX`Jyv;Ii0B2qu*9R`OPZ!;*0_@tbdBEV04H%lOV8t$kP<&#a{l z3P-7}=!P$Z{hIw<4wk`OJo`^(AP#ZhG86C->)xH7TWhVCHmCl}J_puz8D0W*NTjEW zF8yNbJ+Wz!Cdoh}tuuLc%9zW+t;q^cD4A*Np=!2NSb}9gxu?#%+iG^Q8`nK;Z8;Cs z@ye(s(@pox7>T6XeLCu>o#-=j&`24mBb~hcWTU%nt;(XJ9%N+XvEkm!nZ0LQrnP0w z6_}%hwdS)WxcXh6=hmH+FZ9tNPAH$Xs)zM* zwr~46Rrh4=RqUMLvwKVrh7qfH(|H63!Tap=e(TUsw>bK|sqP@Hi#5(&TY!*+{}{oB zpK)7hWnn^Rm`m8C;LiIB`Z`W51sPG0V`rcV6=leb>u%uvjJ|Kvf$)ldGYBhfX}e&Y zk9GV;LuSkB)#S)_K(aO!*<#n^rlzQqx8Pop(@FQi>;VHij$ov|)q$eB^486IOx=hH zUnrWPKsci6j;q;o;u*~YaebIoFi0N5kki^>bW>{Ej2=v#2bR)8fCaCtAm%VwGDsku5S;Xw=zzKxZAPlva1v_Q};+5Nuox;olJWFlHkA)hE=Q(kML!ctH*0>YVr zMqo+;({jn&pn(?~RL%8%p&mL7CG}u*VsZ=}kf@qngZ2R%n|b?0d7b2JWmsPFNKDvk zE%_%W{AsDz7&&CKq)I~|^+a*4y=Q2eW~mgzVjdZI2#KUsQG>mLrP+R9$Eaey2cX!^ zoBzJHmP^F|0$8A{bTGA#)la zL7v)$gp^)A#7m5lPGFB*F07uIdNnr`M5)He}6T?@6wtQ|0&lc^S_-lQYP zB{Rs~=hK`R$UX(-FKds=iT4VMjc|#nQKn|+*-!nH0ig~zoAd_o+k)AXP!UVa!>pRh z=JQN*9ek^rRYnKJ_39*CGb+ZbOi5mCbUaTDvT*6TsK!ZQwC4~qRmGIfuA6`H%WUs^ zEPd{aeHiazFmKXSJ}hZ1m`bGeygnk_#ubU%ab9+tbD;NGV$IIHsEVm?;xCJ|m`(On z3!w5R3u?VpUnk*guzSe8WQ%%9UZX_GsN8U6-G$=VyLTOLXDwo1Cd*Qp_7X0~TF#8X zpmo6PdXvRY%nZI&lhaN=bKL%+qD20UW1{ZLRF{f9x!A!9F8H&JOP2_-qM4jn0du6z zncDrTYfT@~Gy^l9va0;yu&?(;`VOGJ3s(@x z_7k)jpDEw(iQBIO?}2(IM$5A*@yfesEzp=g3-ET@gk<^}?|Q%fi7Ypnko(Tc%}KN2 zWMn=)Jv-0gz#)>zP4*I#bAZl5j$iV_>WS?tOpS=2%#NjTI(>HWuv^{PhrHadp9$vL zpCBa>@dJ~5+)u<`^9UGF)HQ3HyBDn#C~2LA9GCBC%U<*4Z|$>7DGBn&FW1p^ZQ}EO z18=GmgG)!N=(t!{Z~ zN+>W8uJV&)6KNHlPM=$Ff94h2%BLPAe?A#}<+^~Z-4oM0?&6a3dPC8qEt6mS?4nQS zmMh!JieZ^eehBIN{6t9D)>U#aL_P1PEIxyejLf>HF4f#uQR%o?B@TMG#H}BE(TT(v z41IHW$yDCySyOgyidr?vmH*lVY;eT=#{Q~eh4jh_ec%1q$ILBdEGoxfgid#x${@N# zf3IVcdw6b=-#$Tq9s;R}#R|r@a~1j4C^}g*(kWUET0{T~?!8%N8D_0_5@4FOtzYP1 z1-qw?Y0NV_OT4*B?#M118RNL}EA5s~g`6*7wOSli#Rqn$sN;1~A z4p^L{OX^Z|91)N6nk8;VyC>(4D=&l^w#n&KJi{(>qDpGl&G%c?3Jy3U2+TC4&#}=3 z*j`EKq1$1!3nY6CGUz%e^j0fe$u6GNJ^%-Q>R;2{{S=xbKcVq}p5wxTf{6@%v=|p& zgTtM%7&pzEzk*!P1<$*NVxCr&G@a_y1x}l!CoJ0*fs4T^XdH|VkpfZdNur=h64di0 z27*J7BNU2HNpFAEw@r8N8HRa%lIs;McP+e7@5*;mcLlnEijVOh#b5s?@jYC}gnP2@ z$PX0gbnSa4=l<;iVELxa=#tvAO-1O(4T+~-jen_RzcY|_ug3lB0dRx%09J3>oJKn-LEWK4PFHmKLCZw zUI#I*ue|E-J%f*-sJHX&9T`R*3(=0`HbZvQn1kZbd|_q9Y{8aJi#GgQ7S?V;CTi@- z%2scQrx2U(5G$G)9y3`hn&N+(gOb0N*ngO#dF#n}ksSr-Bv-7P9=u%7I}>W!#sGOe zP66a1s#j&(!()sLx+Mpl184=hn4Gcen_NLt=s}g6(Vo!-1tx{OvkOJHQRq6)iOy*N zgHlv>_EXPt9#;W_f~!EKP|n{yfYrgru4WzzC3QX%DUXYwNO0|V>^eo)5wS@4_aXqf zcmGR*e~p3bzt(}N<#Wb|7Gj`53u)Y*Ee1#9RKiP(lc~)2a|uh98Johxz%_#dhx&VUTbNdS2P$3_^r1&hM*MzfL<5~ZnG_Q_wOpvQ1mTxDEd5i*mtyhYH z6?$F?G|1TYbHb6|i~H%mP|f2hmVZY+7n7F)j3uQvgbp3PuSH@ORWt{)#4Jw2#$V`? z3!E6le`*-5@BLNT-G963t{m=>!`C38U&8VLJOHK19)-HSB{Sq2+a+e`j{M?4wad%wF{(3o&t={kIoD5$Fb(ri6Z zVNPq3k7x#aMSqrZscRy9vbx4b=q=9K;d*donDc0RB%8+eQP%X>f54SQW={PwlHcxt zE7OLwIY%q;Wugs2%oirG;HeExIF3K~ubOl-3&jDEFzv@0BvySoXPH*I!z{88&iZUY zzEMFwNY~bj)A8(>aoo@wWiEn*{>_!WT4C%a&TLC|wkvyq(OQQds;k;z*~s&tbwn-)_WeR6^2c0S>{{VH#XsKKN5{ z55O(icdxrnsNq~uZy3<^nl53Dnm2Fu!I(-q-y(f|WyYWK0APZRS(gmqzT%v4vEJWhd)lp+F9pLGsO(>!4y311+g!Wvu7$-0)Oconn$WfHGq`Y7 zhukBe$Eqt!y17oEDVY`wyuZ?m0XH#vQTr#t`VG>NeRC)wbU8qeXxE$|r*s^= zGN5F@-fWT3N;F=&MF+!*nze-UvQ8t@(e-v%yPxv*=^aZ}#)rvy{c&#TCYgET z%$(F<`zhqNo7G^~Q_@(l%j`iW&mf-Vsb3-J0q{07_J3xm!=6x4d)PsQFFXFULi zp<7TFA}7B0;D$_}u5RN2K#(Y-I2evi0cX^E9lhMJySeX->)u~{FYI$NwbJs=#0|?J zwsr4xCNRJ6_SRK5rP0XVAmxmm*IKB=Xt)km)M0yM_Su)=32k00Q)b+%e1bf^Zt6%) z0w7X~SKwHKHy*P8E>~|Xhszj$FX5-VO{xFRBK>cX@ENXypDgm&T^|E6XPjQw7Uq8@ zFx#T-&MD5eg+G)Yay4zC2o(WB-)zR>*-a{U$l6A7vdmZ;HCq?^xQh*qD5`9uc(4>? znrm`_>j$Q?9O8I!k4f0lnzpE{n-H1JHTt@}FYC`g?Zy>_)o;n~1jYTOw$BpFGU`3X z4xI`kH*@8wStlNPWwrQqK~Z@m#ngcf#Bkpn@ku6XxWxH@NN-j2_VQ&wr$E*2>Bs)= zOUvmiG_%S%>sV=i8gQUl&&{{D4iLytX`NJd#E(LK5HGX6Kj0R9x}is9chT1-zJ8;- z%YRFLEj+!_DN@4cW0BE#MxV{fo)hi;uCPAwE;~`cB2)vZTPyRdYaTE>xe1% zW6Y=iBmmLy*{kJX)?D`^ys)(=HJBAi% zH8ZktoMRZ`gywB|RK0JaRpdij-M5J4tM#|I#%QMhJQ zKSpI#T}4viawBc^z9;I3#)z^D=vrn1LVh^B)sz22VQe5ki)pNr{Ggs@INAzPV1w{I zKKXrViua}!%J6Y-a?ShDk(-JPLH8|T2top1P8MHN%$W?a54|4HsUm%HE0yMg5qxd% z;Q}sHBl5J8PTdbYo*-X%iWj3xb$T+zE@@(IQ6#g622aXbHYnNqEp&mkD)LBii&*_| z&W32hucC`6D%jJuB3Mv>YLR zC;w=%^;^R#5Al5EXRy|@tm&;knDCqekAd!45ps62i(|0DKW3IV;>r(t^yN%VdMp)9 zBJiF2W}x$(`-KS}MDIsR)E>Ap+b7vc33fA-7^^)VY36yo4Eq)R|Gr2NQ)uPO1%=I* zpNL2#|1t6|0+L=n5A^=$8yrLAmx31OV8x;`Q?k^MGh(ZT7=@+UOIOUvQEUNeR|&mN zn5~#3o)4cj1Zq~992pHd38|Ftefjjqi1F3x+;iL_vca30oTPQc-*}w3#i>nbx%Dsm zc}>ZR7*=O!EAl?o1{7{<^Z6ein1X9Tjmdlrxz|N@IfkkeU2y8x-2B!f1%@^TtOj;4 zw(xCE=31X(jz;W23~0&~?qVNrug{2cXL<|x1~yC1&W_!S_V-w0($iIDuNd{+SwjfW zOqKvZSMPhUZLh{ykzPcuy^P%BXAA#75W5Jma~ST&)U~MFUak~_`15xgk#-XobOb1E z!QrE|YmlReUzyXi4&O~FnfRU7P+>!bZwpd5D*73}k12M%j?bF)l}E72Dq^2zG6nZ> zVv0{|%{WEcg9U0p0bApGZjKU>q2laq`*RmR=X7XtAqrxek|2-{+oavA%*Ckf$$V^@aYjrinRd7XM=zicb>uaUAp2boc#z{>W$b_zcl#?W5mc&Fp(P4FK>@k35*I%w_FWmBu6-#WRymY(J}G{j zF+K5e&3+~K6RNNQckhuhPvRSKcTpLaUs9>2nCguK$6d>2Jc*nnZ)-uJ-*u;!X6&ZX zk$DMzZjs2kwc55x6hzi&ZtpqDXA}h)6z=1@&9D&rxy>*Ue>Ked{UwCfzyn|x$)x({ zvxq;DXC2hdoU9an>%d*USMm0YF8|tIer`9`{41-{TtPgXFEY*1%;6*%NSpoY49=A$ zu}#0RT((VsaLcrt9rHTsZu-85`~i5CKn(rQ5A8P^7~i7q%2y8$_E>zqzB$hbXWpr7 zW%~~&vuq1SsjOUa4%EifRSi&Lsl=_a%%0n?HWMEB{A$#qir%i)}Dr;Yn9KEFai((HIePMV*7Md++; zsPsBlEH9+^+0P$wzDo$MXUFm$7rc$rAF8B9bvBmBBs*M{E&8T;CyspM5)aUkj^T|h z_RI?-B{1WM_vhTtd+e`S*v@BGKYfUSeC8qh#v2v?tauDGbh%0hOK6=?=9JzwJZp?? z*P>v7GrRIEd#J+1n(6#~*$UF(>mP8=m&Nu*w0(mkqY~7P-v_6h-CM`yy`q9!suYFB}Z>Ln-9gb&fWcDyp1jluWPP{45MCY{=d% zbFoiM_F5*RR3x5 z{~_)zfa3VxZBYmW2_75F%5x~6(}*K~JH^>pw3ed}9mZI!xD1DrU}e18j`;8iih zL#HnHI->tyI%hg=L8(w#2C|_EZGBTy`Jq1P+E$%J0M%2TruMt;7@wUc2m99Y&(8eT zy&t+W2kl2^QS!=vFjRsD0r3%{{IUGWyg^i=hO3QWUUO4-6C{VfAw+>;GW2|_0`3+K zEW-YD)Qck*oMDIJ*X&X5xAnEf^)6F`)lx&@j)r;tVcF zX=o0k({AT-XEk6?T$F*7lng?ve*=tBQm$21pBim7SpTd=1Ji#2m*^S2f8h6OmMF=v zV-I~`O%Y+Fb2hzdZIbWwTC4a0AzStR?GRbUa&vN@+7rNdKD4;L(c=^h zfGO{5SFx1492>q3sq=W%12%CvLt?il{ml9HTPl`3G@dB7ccgxQXO_Ept{n-LJhWFp zyPonsi@)U0qPeM$OJ6Kb1gNnwyq4G%{~?|=5UjjIBEbU-`hZ+YXy&Ev)0hRn2rPKk zeGp=wBQD;_Oy5vQ!E>#pAVx9hl~xo$~%I>dR1z8+swf*_v9MJF<)rJ-nuwW!7ch!t+ zcb=({4hfi^a4!D+okuTBaDXEA_?Gh@ES8_WLrLp5A>Ave7^+_uoVWW828v8Hko}!+ z`&J zaxbVwhZ!g8MVO!-RV+X5Zp>|+=3*Xt)~rsTGS>4wK3nFb>#h*0&%-XtE&^x!)MUx+ zTSYUJuM;;hhzGJHUmo9qolJ`JNztTu)juOrI!&jR$2vi{t>Z<1!&3Vmif!3+IW?rV z)qRgAucO0r`0SFGZ_G>n&5(8mv(NS?6$RI(;YE$f*cIu&Sq{phB{8H!a_qFTri_N` z0I$FLOw>KItR7cgG=EBfr{DLQ=!rk@UF*`KDzZ$Jy@?W>e7`9#EMa4{-?EO6zT(T9 zdS9Gn9UnnV{E5zmZZS4?id*#ELR6voZ`G4e3@&IHevN*p&|pfhaat+N`ANwspLuQT z(qpA$D1%jLM?`i}FR;`3+V_TvDj`(OW#1~^es=p^8@6ST|>vj?1Y7$hy7}g z)AAj^b!EDk?7Np&5R!%||8_?S{0YCCFI$+wxs8ds*42>7!pe6KJ*JI9fg-sZGX2NO zU!g7zUJvKH*!fzcUNb6(Pr+2_&08#6G?m(J*{?#!8s$2N{(k>n(#&gefZ zC8md!U?RN`3%^aP!$4oOdAHpDWg!|=KBwO@Z;E<%XTfe$Q&U(d!BI#jKk`0lQxG>9 z+cMa4Cb>1m#IwGF$8@N!s}~kf21eiG%~LKxWPa()T^gb)1?Ei^l+F2J-j|?sr$XC; zR>NBtBYja+&R!`lOe}Iu+5alO)nTRs(e2oHdJG2BPN3HPPi&fUQ?2WG6 z8V;5AWLQ{NN5(f$3(lnvP_CVaT3owYh*w;X3VxEq^~y|)SqJ?QKtAYfMgKa;o7vD^PIH;jL6;k^wcJ|pPG z*(k3cBNVPe+3Grh3yGVeHlT*?sha*)P{G=E@u=FHLs?|7IA@6s zB1n$dw;bt-0C%>99B}8)0xk-65p+XdDWZc{s3dfo{{-J)yXuWkXTE^+q?wvzSdwEW z`D4wzFD9<9WG0yLvNf+_cOMKfqtU;=2N)GyAKT z_#$@H?_)E~k0}g|=2qEx4&;)G7F!xqRmlq+_B?uWsIFe_CirSDD`#)) z#dCkfW!vdSOWu>RZt;_zbU1{p+-~lpPwA5odx-u%X*7qijm`ek6H9a^`ThFsb4qnC&h+xS zo(bs%iB%PL#1RVoQnuu3EU}E(pd5LAQr32R{~M9*Eu@New3elXuP7~~($r7${H@jT z($81AUk`2D_xHHb`o6yYw^?r&73<0(IbUO3O1XR;{a<>Ezg;g6pkNvvczdF|QU<+@ ztwQAOG|gq*E3KRR-IIj1>1tl6GF>dWjF|DO1G8v`y3x+#*5&PessMg1$#KOH(Giol z6#LTJZUve!YHNnr`*k>MG~r&9c7_#Wq&+2lRA_X(2(y?S9I|=y`&9%MJ1s}>)OVls z?(q6cN62?Gcj~0ZT0{@~5hAKe^TXDXe9~(MM8Y^h(_+$J-W)ekni=`^4IZr+ciSxk3~i5+`BZ})Ure(_JnM!}DPZ^?Z)pYrvgCAQ6z zl9MI2E!`=oyrl$&(Y!A*Diz647+I;2L5r4Yv{I-geTuzCNnY6Nr49T9i>OEmti&K! z%U_)=I4murew8|xu{yu(GK?+$!Qz(ET67k<{C3aG-9;3}tNuRr+|3*30Dt&?wE&L}_si|3=_(RKCIGjM?AJk+WfyPCOMNqY zcF^@}F}L*^7cQ7H9yhCWMNyD|zLABGVX~637C7W%r#anAQZi-`X1^Od>s&-5_5Eh% zlxrEIC9oX=_)BSnG{H@gGR2c6Yzl;AS@#e~2WUnc5Y7_ie(|KrJzdC3y&)W3HAe`?s^y-fNIQ(YmS41e-!SwyU=*aMTI zoE$$BdrspZ+9@Ix;dAI)@}K0y=AjkM8277 z8PRd&W=orm=NNH1ibF|O6y|n-UI+N$aW^Pyq(6|WCX|Ug`g=x+SF^^F;)6@B5FN)@ z-0bSQS)TIGbSVddK6GzI?x@8+3e&Nv&XQU7)MrT8jenNIvX%CQSzD&4zeDwAo4tLF zm>*pcYdoz4@KWN%In9qcXeA=!nD<`_tlpv=xC)}fB+5$xGfNp#duzM4R*ZJ><@HD1 zx{?Lza7yI6AqdI96yNZm)V4*#f-2)T;lw}nkTELut~OG3;@{F)4(}W_c;Ehur|=)k z@om`sR1L;*R<7iKbvR_r=zH908jxk-Jmpxs{z}~q5bCQ(nr4HRr404i-;GrHj!hIiN zD~Y{=IHCL9SCHGo^9S(VlnL6X7~-LG>mF9Zmp0(uqe9K=?)my?Kp+0Has(G=L$sgx zPixLDR^!LD@DDe_H+gcut*D(xQkc+GkiiN$GHGqK!mRk!wpmAb%eke@+T2iN;E~1m zK=l3kd2EY^hRBpYENzZ~Ujcs7FmFf-UTM5i7mPRkRc^tvLN>DqO*Y=i@CtH_K|VtN z^@)^gwCRFVx%kch3H1kWCTYQ-;JdHT+Yb)>Msw&7MT%D=T(*inQ-5}60;Pwu8}he%gG(1|t6@IXB4NxWNYh9E zVAZ?4SbVIRHSbg9i`Zk*x{We=x9_}}EY3(NCVni)xB#^O!K6ZIlI$E0*DZwY%F>tc+$04;^_73=a`kAyl4uben5AI3F0l zMK!Z^`_$L7%#UW(IhbCDx`o>c4FU4qmlSel0Z3xcPQ&GyZf8Wx1fz4NE;i1{|2^jV z@7Tk#op@}PeE%(7c!1ITs`V}=#CFEUQFkWyOVP+IByys&Tg`Yk-nNkbvG7-CGRD4G zR)4(^F({W#?A?Y;{#t}L_2>Pdi=R$Ef}Fw?f+Wz<4dI{1+ozAYoLPx|qCV};j3==R z^`o0#M$&B9gosi;ZTg?RHUl9mc6#IynQ-FuW|N*%+lT?y2sXRc*WZgTGu(-q8KfEv zmk0CF-OdZT?|`aZ@A?u2MaHItP&#I%NoXIo;Q*iC#G)1c$9UInTN>|~ZY=hGbA^u913n;b_pS>umCcFDWa%a$2 z^5FoSsL>L}okVdwd)?=>t^KsjkD{0qN%B~wSRc4WGP4TR^S1YBqTOcjiiq3rrJqLC zv??zEh-YHOrg+&Z%b`oP0OZG5YsE#;kEd!dn%GBr4l`R&EkYrch}DrMH&OQEK$66+ zD;xr`i>pWkA^SC1j-FGdaPh}_*FX;WWYdYlLwR@V=~x5yW=I$1l)J8xGV`#4`FT3I zeOaR|L0l(0XWBQv5UZF$Zz_7*YJNI8d7lGw#&n+)Mf#E&+a*G}p&H_WiHy|OH>^k_ zLZWzUZV@9B7Y!j5imk-Q*4Djxv&+S`0+|bpo%}C=Wvzw=Z3D?qAE@J*IT~J6mKXfi z)?z?DTBaDWI2~MR8e9#da7-{IboN{e*bc62nU~4s_&CWb@u{QOzAyUuJC3+FivU90 zREf(!^&aZoKwn5wqMgWhwy4B>0X?@4Q~&8k^?x(Y{-1mD58o~=kp|8ctp^7|Wqx#z zByub=28FZE2(cW88#8z$CC?=lo&RWWHf|IVoDv)SKEWv)4-TZ^FCtJ?#ZY4w_$pVg;@Pmx(X zb|4w#)3v?``0^SH!nzIx@E&qT{aJl6zL^xPZd)4s86F-NB6(?4Sz32>Tw;FvQAyJk zx=>F=tBOW!EUN#qV9&gm#%5Dlr1+M;wp;|fYUR)1a2u-+D{xb{Je5Qg7<_2uddvT? z8vLu)%i_gxfh+>L=zDSf_N|(UjEtxfjE+ecAk>;p2}nDe#pWknBK#qd56q{~Hg@nb z^->D69^db&@-14-D}#XtW>;&5=J>5^E;)-j21GduG3K%;O{Y3h&mQe^6~-05bnEgu zQjl`k=5Fn~KlOl_sw50q2>gq`6fDYQrPzjISv0>4bs7<6E10RNl}6rX_skpb<5i^J z3Oq1R5rrc~+uwl@nzvDqVI6NmSZ?cai9->uM<7|zv_EUfInP22w}x5YWuvU~2vcp3@&Mdp-na@Z|tMO$X{!D1h77FOO} zRKR5>Y4NqP`QlFP05$*kTy5F?7RWnMpAJ_Z-c107rq0oAW={B~QBWp^BrB+r2(N7= zn@yP{-+zFG@;)$Xo80|_gwK;!aq{f#(01x&CR;%jA4lEpr?8v&;6sUG;WiMrJS9Hdfl_O-Jx(J zQIYY0uBlv{=p|^ZD&+0r^95|C1Vyxs|2L8LwMT{(zIBtIe_UTjhQ?mjdE}K!{ZcA< zitbcMmN&}v|2FvB3lg>0u(ouiC)4kk`0zrrIPcBPeg*sBPAXa7gc>9O^I;*3OWj!u zI=#)n{D9hL)}&8EDrN3c(lgjcLthRa(GEDWID$kt>BV?(-Z3l*FkM5i>f{ulS^0tlq*`oe^ew+%P9vTvxsXi-wDxR6xciexXhh?P|YsraP|{F>&GwUetM?88Q5;Ga4Pg8{5oP$oRzg^XB7S_O*4N zTzLMJ;V3wgMs$*beDfCJ0O!+8=RyCJ?Ol-Ac5s8_qM|H!zx^kmTz=)^?ykt-!T5us zV8P(u)2qP1Mlf@<)2z|qvU^rcJW3&;b=E#9)sguy1^?7^y-O^9qr{OZI4sx$Et50Q zXE(-J#|PUFna`q`L%y@YC&#Vx^zjbyma_A%q+I{2LI_v{!I#JS?D`PDH_G=Xn-BP} zZbjUR&OTzK%cZ(2a=$2)E<*f(#PD#hiC=9YVT0Sd(jpCA{3Y$Tw`1S`RgJi7g@H=L zROex2I+wB|m154Ce8#APrJCj^Zv(di78ArYt^&{U6P0ML?VT)^*U*wDxqplFFPg_zL<#}TT0ih@RQ34B~~QOb6du2fR% zXl?2KuC{2bfnOMD)HLwJXf`UtF^r#U_IXr4`OiOP*V{hEuK*qa0`!A;YS`+gJOIQ| z7Q|3Y!0Z3YaQ}O|l9wUHtgIAKkrA&7b+AT>O6fh9J!SO2Wc}pC9b zr+d}z@Sb!yAZLhh;-!yc zrQ*XH_QKC6fj`)YRN9 z42bO$<0GP$x#RJAa_fIM$mqPUYFFL~w_Yxu*S9FK?LG@2y)jZwOZq`W>)5_dT?THN z3dsS4ZLa948kCe^cbyk08aBc8CwP`gr=@DJqxx|jKQWQut<7}G1xJM`-V9UhHYZlP zQQY;)r}LkA1F+PsNZ|FxqR>%PeF@C zys1~np5sf)+UH8e#}nh?ing|rJLK-k^%o_M?=(p)66y}D)U7N99Ee0I_t8o3%JksO zm}w!*T$~Br3H|X8?hqXD?#@-?6;|WbLpGufH8r!Mo z635~}Ni-aw^X@fHS(INK;zX4%fu4uK`Pxd|ec2N@YW}^^=|w_$XL>Wa-+8`M7>c z_B6jhlv4OsrF1GUp>?-*vOA%8*1*Expc~jzUt0%Nw(*(Qk1y} zo&~b7&ngVDNH462B($%g;^-mtS@nl>e8RU|+g{vFzWUC=>4>~*QaAnEnv1y$rnO;K zElQQ@7pVFIqx}c)jM!?$-r+X8kgz&%-L`Fo`>-^DD5D;`(|oZ+P#mO=O-~}RTsLR} znayaAzdpRppyzaGE$9b!vrk_$YD2jc{Ol(74U`M#5cMh~weR+bLiTvv$1B?mnw?)% z<1MULCC%cst5D*nEt~yBtn#W@TpXLChMW%fSJrzLgN;-%ptttLFD>6F^@Xzidc-KI zyU4gXKBdz|vUEVb=75FKKCb`T?Uwsl;xZxbdec>}bJzG%@SWs(E(Fu|SXgEk|9d3+ zZ>#}hrKM8Zf}G&3NF(y${Fy{ZT4ICI7`0E2YHj1!z02dCM480rIzgMP4Z{7G-Z%Fa zJ%#(!4Tl9GFU0XrXgWjkRRN^-DYSRy?>>+9BkiflF8<$Uujhb$_xk>iO zUCrGHcYN&Gvh3zfS6f{`86%4v_*eD31!Bp+NJiu)=&HSp?M_Hf&or0&X{m=EFD=WHcg?n>tit~luSs)fa(k-^GqU3hfkiLjcYbQ8#jfFV@L+UY3y3P zz(6-5M2Kx;k`3{dtMs%0(T7)g27b<2Q1+Vg>*MGKGTHqcmp62dl5VSoerUwE zLEC@h;e@spIzlZUKa(oIwAQIqVDoOjZhMk+84HjYR1MT}n1HIrlMOFR)tw7NmRx}7 z$&)oc~(AB^kql@}zrVO~NG?JUlq6GQc^D&y-1z(z?$0)9kfZjC$8^LcUDE zHZ_Acnd}Hz>mE*;5H?*_z4lfCkC!rOY)}3OfYlK+hD40JZ{zhCzB-Xw71DlDlc^QS zjl*z!pZYrSr5s1c=nE5am=Iw4M5BZiO)d_3RmKu2=z9wa6>e9x#bVwh$aA%YzLe>q z8gxhve6VF&9~8dHAqFB711<+-d&4K zef7Xi%8pARC^8$jY`n3#qT8?eSR=E%nU`tS+SPZB&yL9~+GFoQHQsD#QqdL|4a@x0lCt*O4;aZI1Y4aeOaMY8S^nT@H$l zcd!)i$@qWo{YiHw-uE0xelK=Dn&hpQTQ!4x!>~ugUU87d-{M~GoxjlR-b>Z{!CghXL&HmCD zq_Pil=I=KbW=tNhgqaG^$te)1@+{dt^Xrzr7AkmGYJ{8d^YZGIJF5D3VRJnK>Qfha{Jh z$n+K5(;kUj5`brdg9k=Y7k3sYF=nciC=v%gEUU9AQylE<2$F1U+}ZzP0jT~CPI{*8 zBbE^2d+}}T!lg|NR7BihoyEGI-;_eko-WUx(ew7)=eBjk(%r*|9WwndwaUk>|2C;k zRNMYTer4CZ3ZRZOWRfv$&?sAUhuO6)r$DxHdW9US;E@15Gvkd|9>k8IP4Eypn}D7; zK?E zAUtf3E+m9F8p*6ycFe>RRCmm5Um48G-Xpeee_Wav6-#QV;)hsP9G66ij63gVA4eLu za3V7fjnmUuyb zShY3PyvoD)((z*x$+wt!8gC_3cpdB86i;=21>%tcV20-;N{};#1p2Cc=j{}`M2-e$ zKy)`6%6XUjo-Ux!fCdgzq3kYxU)-$RddxAz(M6_cD85F*nh_gB^%TtJhc$b=BoBy=~yeAKknBK4Y1OM<6S~q8MX21GueIe|lK&_XhX~ ziS?ntLATv)AYBZfp4r98@NI-yRH5{=Vwg&fG%o#m4QWc$=o4@w<@x)>Kb+AFKZU!# z(4<q-LLu}du!lxHE82d$_vp|i9Wcs9rlo}p)C z%9bggT(3(CC9>HFo$xla&2G4V_|@iqjX6tTlDv#I4V-g`}->Z>kX_mM6Rt*sNP8@U(oU@^UZvs zxk@fnUBmk}towWTePtb|$J5^~H=F{LO#BkCbH%Hjf`b|1ZVlg*K9+>nX!Y&6j#UJPABE=N#M4AWKa>qV81rB>1d8+*Cb8Zmd zEC=gsG5=^J)I!3fnlFHndUaEj!>9VS&)#k%ti*c- z9RR!PdY>G)b~OT8&w)&?BRLuqY~WI{GL_v4u%u82Fcbj_!?&3?9b7`ye^y&*Xzuf` zuMFgT%CKNT?EZzgDSdQEYMT7@+^J|1#+^~6W-@s2Rx9ci_um-*MK3Q1Xt<*M7!N{CnKYB4X`K?Lpw>CTzRDQWp)aP3M

d;{cW?bgO_f8h37Fc zB)$Q9#Snkc?^t)J%hR_&R!!Dze6cNOAZZ~3H$-6^v-Vw78$|`uF^;cmHzlUl7aqRk zfSJu36CVJcSElrQ@I_(#4li0jO7V^dL}F0pd)4wCG(m<5rlVaU4BkxIUWJ7vM>mCZ z*Zsrqv+ZmYTKc~eAK2HnL4T-WDR-j;-Q(EJOD-YC24XcV1Vs5d4BrhSC24IW1A6Jx>IH1= zG8@>2eUhdqjh7GnNVNX-&wrgam&v_I5>vk~JoYz(=H!_juBcl%cPt&xT5Kk7inq_g zg)$!i{N&9!!+QsS5w@V!O``2S)p7gW*6vdD(YPI^&DXgyoJSIh`d7>a=gIrtX)au1 zG9kCHrF9dg$4WnW04$n{xO#J=!$0stlh)e>{1uuSQ;g@7cYKk9adXPs-fh_j@jJS2a)X?BRQ4{WLc-gzV>Bw;p` zCFEh51ZTGjz6d(lTln9P7b16FO^%STW0g%tsAO$1hf&(h609Y@ppzIRC)bBW5Hj6y z4q(80gQR7zYxc>Q!SoRm17Tb~j>>fH^lb^7XOrHF3a$H_?o{A}C*oj*P~DM>bIZ^c zN=DC->ZG3OCX1pAZhAH_4g=o&W{}yAg$+Mb1h%{ns4ba5{#gdp&_+2T>@A7r=&(R~ zjK(H}8O!L~1WhJXFKG}jmYjjCBo7#C;*w4_q4yMlA?2{{ipp>>ku<1X(c8V}Dl&K< zI}DyoaK0o_gs(TI^$yfCeLSLVWNJ04$f!~-j&BGt-oZ(hDjN|P(?aEH>nuev@9y$X z*^k28B(lw1;a}#(bS*^5eSBhHCKKN9p$ocgkP3S5hO5npoU0f2UcPJ+8gsZM`#Q`* zy!LUqNJ$K$R!%|B$VbMp8!4mDxVLIW^K&BklKYt&RefrEyFIScp*f=K?RfHQ4qUP2 z&vr{h(Auw@3A<4FY+DX|)ghp97!u!|ep`M=a<@XGQ-92S)Gb}A;OP8MbbA4x`oJZ1 z655T-D34$CCJzYX)s9?e_m=v!2;GT~QGP^fE)_{*pX<(JzBl}M z^tngeF+qSY{bqIEQO0$ZKxVUe!0rfcU{|0PdS#yR#j}lZp>S~>*Bu82tw5*0hROtB zbFmh>C-E0TL%iy$TR~(Z)L#hBfbahRxOtR`+r6AvSy6iLVxO)}6Dq3mQ-~8^$+JVb zhBj0saGFWXYE4IoJYQeF&MHN-v>b#JzZf)6@qR-jhLXP#Nc~Q>If6U-)(hzE zbt?aYHyjD*WLt}eVgxrld=f)7ytW?M{hpwum%2>$P=XxBZ>N6`xfi-~21yOb$Avm} znQI7j2fkTvva^m|MEo%O_=y(kKw~@piAG6FYnLLw7`fb={5*tp>o_g9RKVxk+iwm2 zJDg<|zNe}$mmf(ZGHXKee9KUJfxrT0lx{{=r3e(f9S=cYyz3-SlCm6!1Pb?p}V7mGim(`GEL!&iLW4^*>lW zg&^9F)6=`6W7;d|KUg`K5n+?;{sMF8R7%Rq)59Ypw6+~|ZsoXu>U*D>8e=(FLlIqv z!@l0ge&5R$KOh7A&H}jYGB^tL@b!M#I>9bc_8!A)JU%EPJ*oV)eA{@|cl)0>*>^tW zD_+w~W)Kw24=os+i3oAE$}J2kU}P{RNF2QS019V;+%e>IMq;JU^aIXTF#sSwS2if%(uS?p;UpRc}_n6QPWdwve)US#Ckb6vj2TeI&{ z`LT802H4L|)uhg5(iiV({lod#lk8WY2~>PL8Q!+jWatP0&Atm(sD&vU_1Yp#cg7IB z{xD=)y@W}{k^dca#U=>{QB4HskgE_@_z0ck0UP|bRT#MCKVr6%Q#be($>EV@)4~wz z=Y25L@>MB(sHF+VG@jf)!c)tZG;At~#K5wZC+O^MgTNa9T!)n3)|kcoc5pQPbe3@2xwc z2}q>G>l#$-#P(b%D0bK!%D~%b>aOPrm5NJ3kD~kpTY4JzME}A1>ggxh_C^wi3mWGvA6TB}p7aek+(H@seE+rFsU2&&%MtX zNVo(a%PeW~pz&uJJs`0y%H0j~t4y(#D{_!UOo4p*MZpEbf^GfNfp5xIoWwJCGp!R+ z?Ogbb`G)xc4Y2W6akK~o)CJvK;w`t(+;7wNMekPMDkvK6IT|dv>$u3~!dZz4VYb<;Vw-6Lk2fVfw zvckm4WFh^>0w4kk42|#G7DQV#K=#gIq4AYe(p1l?vk@XZW@SjJ@txmWaC&KZw@#;J zZB-e>sN)j4GWQGVo!-zvo~` z;r1GShtz1r*Dsk7HkQl?n}hPU+84rV5>8y(=VW&IDwE(!!rlO!O)SXARCQ==@=ZNW z+^;u~9w{G1j}i}~?lMWiYDt;78L%CZ=r7xL`h6v}6hUF9rETp+Od ztW*j|uA03sX}GGpjQBB)jc=ay!gc4z5plESH&?FpbF)2S9*OIH9rWwoU4zRf?zKse zrOnFd1Ly{+c60ag;oPJiabylRVJ$l_f8V2W5~}MbS?}QAI!=zT3=s)~+ip&E?q;<6 zu!UN-HknW3*Abqw!@NZU@kt$jRS~O)6}K|wpG2k&^yoF39{eV!yu17-oD0y~n0)QT zRr0PR*#F5Rk-HUb19HJZLf0aky?S9&t{NnNNpKfZ%cRmx*RCa}fTFK0xFH*gYK2}E z2)h>B=^!KtG}?azGM`#HXA=e|6*M~8o+*4tZytvctWM+YrkL}UxJhHeR z#CSy_Qk=&7HD!%qKJgS}&9hWrvd)_K5H>WO_!IKUgiQLc1#p;yJs-3xf>d)A*Z-@A*dGHpbWW=U zuC8_926uMguLcekE6u*Dvb*t-ON`WGj9|NbP4V$cm4%8bXo&4pJ~5`FERs+@9Z$oP z;WhnM@nX-*1sUXd@;_Kqig@p69e=T>$H1MPwn?{Fx~5S+BtPF80)f;N%?W$zcpFr- zLObJI?W~zhCK

%wj>s#a`Ap{z3Y#teFeUE(F)yxHB0a529jWqr;Y=x-ltA*5=#G z&8pD;GxYMh0f;RycA2kF`@BX3+zy{0_FRh$@4cygvc{31{GCzNQwDR(M{p;J*@q(E zf|*%+^7j7y!pnZY!eJEo2g|s|C-pSl^TXFJY;l8wg{g zJ*#$vWoi0uk)OKE-EncNwIprAc@B6qo9$8S?E;Hi)b?=w3FaC_H&kVJxVjyqOS36{ z43CUp-O2TxA#ry{W@URC#qx(FY^f#3Vm?;}BWo-aDrUOn;H^fr0|v4;`^8Hy2OsTr zpLmhjGT^D_E2!j}tv8z5tW?fly)@-X@mEDWOx)Yzaii88oe3`P z)Prjs#WXw4XmWo_e<_CE#p%Ef<^^XLC|>$En40=MJr|vs{x_~A{~Z}jW_U5BZ{XDJ z<(NJnT#{U9nxMvRyTa%YouQKcQ(43N+olA4Z!az%VkU5>(E)^!U6VX6zVy&*^=o_M zWG0<$hF(=sQc)eD>th4|ybhUqR*cu$pZ@v>Plys5c%YstY3wy*=Km9{jV-Gx@Ph^L zm+H}w=z=HKCQtWIH*ivO;K!N7+my(Oou^B1Yhf?)fM>;L44$%=lTsZ+-Z9A%4o_2G z<*(tkRHrYy9ouD|kI-hm z{`D|PO+qG;$2XdKEw-_+mmL_i!2C>OT;^wQDPOC${RV@w#4OXX0HBd?DMb3NaB`xM z$Xr-U8tdNP{`F@D2ZMkA*;hp$wmj}SMttM`%SARq`&}rzL8%SE?`U-pJM3lU|U7~@XY|P+@ zJy2O;Q}l-z`~}ft^$nknYi%$Af2Ug&G1>5x_=`RDj_DaoXB_+J2L4{w6bOErW+L#8 z%JA%9%$`ak6iv&1T z*(FUf`XmR+k9~u~$0BCE4YS>*;3y^mHYcnU4vP8}_6A{DF`Ccw|=|6tjw13TSZ*g)ONDhCF&uXMtbb> zbt89kv(nkMWR2iMx~f=^>A1*k!x#64$8(eE&tKzQ*1J_eYgVuB`uOQil4(jzmmnDg zVaPM-(YIVedxM?)e@=fqaTdvYtpDzjmh2_xWA@ajn5VBthU{p21>@E;ri!0v5QczB zNy#edM&m|@NP(&NQ!qArB7m~O=}$J1v}_UUp=WrU3cT!NovfMcxZhH}(tZ-~r3Y>? zU#W`!DP97qEi?Qi>&4yaF$Q3Zvyh2OC4G9@Jua{^H6gEHIF9z|4Apz1GHbffr_l5E zNf`Sh)6iIM(c^}+W^w%Y%rB)g>Ff&C9G0)2V(q?2isn~aOZSwrmv2h2vFP+-d5q^# z=D30{M@3I4;Gjx(si+{pm$B^s_JyBFzWpvi`ohnvIcz#{oEhvp=dd-2bNQsqflYod z<|^SZcC7J29XrvG-}u~|GxB`R_-@zu9E$Gr!VEYnp2g!M5A^c3`S*9rR{8@AkxLc>QQFoZy+!l1-;>4;L0k zia=7ocbzYQWc8OQ0G;l%^06-t5Q`oyZzeweB1>=XTo``| zEW7&1w0X&8uk~>Qa0HgOPtlY*tR|R(+vOf2j&=J-5I;`Cu*o^pit$u{_NS*&+y;8g z;t&x$g+dF?*v_wh+S-VmNfCS)!-(zLt=Km8R{k{pMX$--#ohB`%zi)EuSS0u=4W{z z`q%f`N!mXDU`Yj%J#5ISf4D7L4ESnwMx=tNr^7!SQ*P>ET!<%EaWDs_%>H_)^9%Fb z8z_uy-UJnw-nxp+N)|w1!Eb|@IN=fOzWgM+<7v^hqB2u|57+cwQS>W582*FRa*AVa zS>4LnI>(TZlwvP~*f%nxw7QDo$eePL1BeUG%u0YL1XnR@@>zb7|C(j9U}n_J`LWx# zdB|`7yOwV~O>Lz;xQ8**&p=VjH!)09qj%DleemYGMT+UFGpKsKODWKjv%}j%w`b)R zVY@2xi}!P%I~(z4Wf1a1S$_}VRW)49f^sg&+yEMvbhNzygk=cIn>??upGsmM0M2{FVj23n}{dYA%7nK(U^ z9x@qK-hxybE-pFa8Y>b0K@A$EX;*|$X!)slyINKe87HtSLK{bdS=x(cfI_(Xm&!_+ z;$~d#+({`6Uch}7c9z+CiRCix>`sonxJ^@$lf)X*$EeGp&B$s(Ru+bb=p zYB@k;O-w3QeXEBjC7wcdcBL`Yhvn&W%lcYhF?s&(fO*-;HX<<%ykzJSCsf|0Y47vA zL(5mNq zM~gFJzUmdNh9n_yw3JcRZuRU%GZLvkKRdk0d8_6TPdOBWbWdy@7?||(4}|V)cmJs@ zyK8kjTS674&--5GeWga+v8YO#=+1@&=(t{g&Met>Jg`i;4G|TUuMhR@%{Kf7BmUM@ zpDfJS=1G>T-T&vLJB;g&{jW9{g`724LTZ`G;t|IOkR2Bc-l_N_*u&}zcVLEj8ej*eiCx&=2s2_&93HLiq(Nb zO297|SCEPq=X&tP6QDR~pO5URRPwVDlhy<{^5z(3DpIM;wLNpatQgt*}bSau?o z^IHoW4N8{5jR9~O|27jpS`CjCqrJL&;(4%&hE){?r~u9IH(S*aXZbMw56<2)sI9nd z_k}{Cf|OERTdc*31rHR81()JhoDhP$wa^wT2@u@fU4m8oKPARwj$*{o85T z`>t7|peEn7wdR}F$J+tWwoQous)S0`kZI}y@~b*Ffu%-`RPzf;L!&{zYECgg*b{{D z6_<~@M08KIu84>iP3CMpcMh2n?o`o52bM(DY)^*g5kcsz{EDq{!1^)1m*^E&ec*aJ znE|%tGALNjh}CM2PLd0i+xS_o+)mZYBd}lh^~_0Wy!IsFyfq}rRvH|*nDC$&qNLzgzHl48H&Uo zb|#ypF^O^P4H5IwxhJN*9;;jESv(a$!hg3~FXd~r+?ee=G{@~Rk!&vW|FjLOGO+#& zNun{}Ztm&e@v!5B=yh+rrsR#L#;N`@gb5Vd26>(lOKcW(M9U zF(R)=BKrqNDiyQU#*v3hYaR??p2c&6b8}GX23(o(QQqWKk^4AKu+wI=XZ}*3el;&0 zr=K{$bUrY1@rBpd=hl`BbmCG8pac-~sZ^OrOYaKaan;bPGAi?OIFjf5O_h+|}(`%SS@LK2g~t<&BwqC{2|&pe8+ zck=xVR(^Yhz1|I3& zr^A+5Ft_>ynYbI*!hPirfV5&&zdli~{R=k{u9k|5AgMkA^xCtKDun!u9FN$kf^Wp| z!CYN8bxmh_sIBTWO^LQ`78@P6(!LmqP*Io0BxSqf_JJ%$CAZD&Bc5?|m`Bv7WA3K= z8{-`etVg}YDY&RCxAk-0Or&i5rN6MW;WHJJ_YncoKl%~y0~#wUFDhxU9`+Om%=U8o zo>>O-+FeRI$7k&mqva=2r@~4t%~%mmFg1OMbMit-S%5%nUAW85-)D|vv!ykC_+Q<& z=Y-lfIP948=M)CjD+LI-`}^{wB}Ao=qY+Dl zYAko|$yBr+hXO$?9^E2{7r_zp3Dko4S(8eXpulW-43lp9yQv52Iv5~WUkCF@FYB7pgG#+PE)k8n>ZWTLvQHkm#VOQ*ftA-$5L zYnGw%`Rk?{F~T7n^6xQi5i+mjhUFm6?Pn6gsVdk{+WX%jV?L%dQjP??%s+67wWIgn z4xCKHjrgns!iB#wmQ~z5W1&sY;J7EQ5&ZE}i$f1r>1*U; zLonJ#3ZGYeAwy;ab8;cu>bLm-=VL;LZP>4iU!iyH^&$mBfXGwL0mYqyLV@oNB$|^h z=g3z<11}AFjwNU!9O4#%z?!no9JB1aB&MHu>npXyHJQf3W%;-7{^Kqu^tohxyjTB+ zF-H6k0~z8oLi(tP4uGm|O+tgC!yian|6!Pad$haL^>cmn@+MUDG8x}HjE}vVzz1vF z77+f%YMfW0|THMBoaqy&@2KS{*hWRoy2}U+*@gGM0B;7{J{Xn$4pE2$k+m)X| z>fU7p`nP}j(YSMUC02A_{upd50=rq?KRz+$6GLWPUhX|K1SZad)Nr}M*9KFl+w4H-D<7$i3v5GqFr5G{mOT$E~7>|O(M+-hsZlZdsI%b(i zxA4aS!$KP|t-o|bN*ff62^!+3-BrMsotL4N?b7(nO}Pn|eR-*i8u}(Rlas1qU>e3W znN%D10p*veYuI+yb`GPsFNr(W(`5W`#4Up)?_^!m^1fV!asY}KZWSIJ>K6)1tKZb> zu(C;vj4QfE_P6tU@?g+9@F?Q|Z24MhU)p}D_4qnrGzv7Gte)$S(}08)MSDHUKX)Y@ zr~h?W%%_YNeK=a0*jfyCn6ldm(tm%VO~O_pYZ2yJilj-7jhWO7|GX>WRyHmWnxwfo zrrKY~+HZA$pwM%oCfudpcqK<4Ah}pX3RBP^vYu#6aXnz0vdh|OXntD=kS4EMV54v- z%dXLV&kt`e{qj@X>B?m^4}gFbUILOHXB zu8@q_wSp&c$UYCgtZKrQ_B^s}s)m;;8BgbUcum0xB)59fee2GEBX}-Rd8g%yQW^5} zE&4M5E&vT)eA-_Va%(ruK{mc>W)|vEV66N#Kn4lJ9ODjJ#H|CZo{VG&g2h5EjAo6- z$=H4k|MlFZc6VR;nw?t~uxDPYtv*qckW(&ne%5xa2*VC1wmiGHdUJaH5bhs7yX7mr zYgxZLoa0xzOPY~*myo)TX zkIDV{-;AdJvn>h4-73`wVI_I+19MiipxVNgfMbC>jzFkgH;Hk;3?yfac`_&3Q?NDU zglsr>Mn9~~Im})@qp&hdRawZr92_Zh5t z)3sY9xL?i}PpEO1Ch|-Ppz3tvW!e)15N>7|WQ5f(5|x<7molBDMLB618hzwB1QEae&gkNqan}1}Wl}hj5 zYYnGLWB>jXN3cxMSLM40ncgiozT-> z`Y&I)|6zD$f6pIXaN9tf`n@PJR?;9!!j24Q)P*udmW5$%2RFcFYh(getFI(tGd=Xy zk!^1%y>9FE$d7f2d&LH^iPj>=}k64OS)XG!I-V{k+RPgTifoP0$`%|BX`Te* z`}BbAs8W?*+2+{3YNMc=7n2Jf3_;UH?lN<_6%{+eo79NuUo~P^MFh`2$9fBFeE+s3 z54*OtOVd2K7IPt=5zyiP_e{bCZcTw(nHhZ{UE22OO7wOT^E-9ehm2p9HL@F#F*3tH z#JhS`RT4^HQ9G$xJ1C?w+B@aLH01w`<09syTC9G5dxwUHU40Y$htWlM%kk~8 z7o8cI zZMzj-O$~|WR!}4_2jrb&*ys9w%0q%J_5FX~iN%!oSz2-z;M)6Fvx)x9( zytKxU^mkgfS~mA~c$wWuydEjOk#^tZ$yP^lrRQ0=^EW#; ztdDP!1I|xy=!k)N9dlNfpm6r3YdLuGANVp`ivV7S^>Bu8iw6PO@*yFAPY+tgZkqaGwGXsDkg_ z&a`hpNI|(A+D!wyW=$yCq9qH`<>KaOz+#!k43bb*R&iIl#s((fQ)OhQE%X$^Wtv+Q zm_{0|ZiMS(T)b9z1FN?4hpiAp(@Gj7VPu>*Be`NB+s>^PV!ZvJ^s+r zr3iQGH`3XUM4+9rEV|dzP14?w?G4xPO8$n&K3^F$XhqmFgS{DeOZc}j$xeW-_X}d8 zgDO1$cX)P>8KKm9z~Q*qSUy9r4)io@I=Zmo)mB?_>na2W31{SN8@l>cj7|#^XL3?L zz9@orXL=MuzeGt>H3@iNP|&S+Z}P1`hqt&pY$`gnyllL8%z##?X(eri=5XPZ$pQXf z%{xg`@d32yi*~WU_1SE;U?(aP3QUUK(DM2cNCNQ>1%=8r9!ehR7O!zjmN94|G9l#L ztj7EOa+#*~ZKH~om%V0AbqO{}ZHd7^ifXkQh;Jm6RsBqn8Ids@7F#Kp`iz4RFg$nFHPmT}9+o{FdLxypue|rheE4J^%JZhEW8L1(?q zWOFCpVox*Xi|s`o8Ks@cZ8{4Mvy$`D#K~F?*Nk&tF=T1%a_)xMBHOQfb=YsTjhf)_TG{J7v~y%u4B#!R4WcU_`SP`4Zw~)+aW!XJ z=FTFpv|-P^ej(2SZz2vyZr3K%y%M)UOQd5SmT{Ln6&Mx4y9v&Z57|XiV?u%t_r3J@ zO>DF4cmHARmld7o7{)wsHSR8c@J=tPQ?f7eQJiDbyZ&$$tKN#EW7N)UG*qF`OHoTS zRBG(2z(3UNbl1dxG741zSGnw|@;sQ9)Lux|G{AcRqA^%Fv5nhy2+O{g2Hip%LUjag z9Y=uDD{cGVbicRvP8iC@w%zSb4xDqXU4iqut{S-wPRlv2UlREXOShbg&7BvLlt@0= zihvEa0AoWP!FK$jb$l2qXpyh*gyKP3IB|(o26)+YDa*K^x{FB}IU1{^Qo@mWkawOk zzQ?W&`NjJqj1z)B@xuBk6``?OWatx*)FZU}RPdB`Oc5$EQ`$vL~;cs?Uym zZ6mxF#eO`$fW-uWNBtq9nZXwsCUC$N`m-kxTqcl}J@>9@DO`6lwRf&jX{W?09}1Km z)ho421;Qq#8u5J%CSzB2q@;&mqhzUJkYVcWrQ-!U$$D8L-FP&muD;tkA$X#D5hwqW zU{@xgdDoC~Dcfc3sOY>T7qV!VP-DoNQ`Z6)>@4+xy7HQF9xqG>FI@KOt+<`OfipLR zOzbcOm(~`b@-FQzS;>YA&xeDG8-7c7C=_MFPhB((*9ucF^liKibm@s?C@7p|gUPLI zf0ejVMMw@CF&vLD-+JBhMv1Sc8c&a{d1>b*T4~(Ljh+8#*-|mD(AwS7Q>+qpf41`& ztuyl@%N$|v@B|GdgAIc{A?|{%NrR@F7pUwxGdh9N)V`^2mLs z6HP$F$+v=rB^V!oP66?(pfF9B8qufc!w{=3we5LjaQOVMB1#ADJ2)~MYLVFKY-edu z(mG>bC_p2(Co0?_Su^;+q*hYks!$r`CsTyf7GV5g#@ZP*wuQ30%0I1P=&@^UWtVn~xS-7Jn?b%`|+ z8df#v5i_6xSED6;>PrJU+*pw6r9fQ}+4oED1P2^65vzm1_*E~CXh12>c*WRD+vgbYW z=IF;|;C1f-lgV|ba=9L(gejiS&5f827tFfSmR0XAN@Q36O_Ek0(=u=c_P3Z=BZRwy z)O~5?R(-03Rh6e|-uaFb5Mas@gMz2F{DOLlJHZ1NBeNsgF0bQ23jo@j@v8<7usvc2 zTv$HUr-2tea> zAAoO}UGa%x%5eZlk|pKj4oxg)kf{@0;O{Y-EXib+I*h znunc?z|s5?1~|ZM3Ot*y3~q@JBg26My+1J4xEx~6dP}Sy>slI;Fh4gRO(v~P71!&m z;y~hySi}!}Xg^BRjJ2pBDGiSQaVlChlgTvx1%;u{(8~!75>1bEsPlb6`aoVME;N!D z;9I(->zw(qAVOF!2phh>mK}m$3{{kj%~hTLhoS!bi(Btcy9n{O&6P>7IA4|Hn#?d< zq)$#PG6aNwWf?Pkrqvkis=)A3@Xl^4jJ31{ejs&&;obddeauR(GS^Z;_2`Mg)>?oC zM~8?Bb>tts3yrp!;jN9^_kfAX@LSosg{QI_)^&303;Bq7(3dUQLyImcXq?zOV3J)SXo3Mbd3pH9{uhf~%3W)OpY*K`w$f_~2qnZ6D zWIAzjaWuMbqU#sKy}y&L7a7h?qk6Bl(7t}Jl7sx{-kHl+Yar@l`N4kPN`7SzalH4i zU&Kto;oKX(XaUyvi;{mB-R-z(($TgQI;(Vz8@W-SFUV3{#^X#y=7;xN91Lk6`6Mn> z!edhj5o|!9ejR~0qs$-7b>d;C^jURD9fvnm{30E9vP=?h5kZ*#e_n`T$Ts#rvp3Uw zbn=w&fxfo-@$lG}#>v3q)#2Ly1fDId&&WVFOBG3%;Ky~P*M%i@FlQ&`ww%G#!?TS4+SU+9iqP>qpP&X$BRZlEpBY!Vh0cTPvh}0q zYd*$*#K@i-LA1u8UV~DKF1HuHArFaOpnn*Gx89GfbO*+1r|3!8tax@Sy0i4xo(f$G zqT{F@(IauozNN9-x98C=gnK}&0_Z8fo*e!jH>%0a1-ckWw9AG3dktTxx>cAKdwH+K zm;0e3DK@I1yR2}eN!B{8@($ffP7R&p4NZ}q(uel#J1381FV544JNDr{ow2^gBY3?a zPGonHHm)6Z{B6yis8*aT2(X261W!FQx3Vx52_K9nxuum92Io^og~#%#bb ztc6(DSI(BksH^A@*Y3wbFh^=7?h!(-?z_1vB0A5wtv?U?4^s5!so{fjHodIW4l|`( zO=+KA%HK5E57Alu_8%mrb@-3=4h{U1!9gjh5!nsF@Mmj0n>F%F@0i_pr}um%EXGm*G@@y$ zI19V%2n}eh?!pI4!bZ)>_$K-I%v5GfCh?iCkmMyNa(QQSyH@+WRY5o^A4($`xbi?%cAjH|Xaz|GeNoq#SciVG6$PFEVSm(kobn(>k?%L{u0pS2Jny^n?`T%&q!wOD2PgdcCXJY-=Hn#ZFoERN3xdnZ(lZ zYEn;oFXH;738hV2(K6Vs9_2xJL&V@A{ znor++8ObfR%bMc84T(9wz<_LxGE(xFU`YM zL2g2cb~lA(r^79m!of=++n271Y^Z9@D~*MZwJ*F$`rk8dNjE{!mZ|h7tERI%vY0! zjvGq&m1K?c@0QW#Mk$WYaByo*$}`49zi~N_KIIXuCKLX;wuM-sib^p-tJa~E%hOQP z;?BW2zP%#XAW7k~alZ)gQr3m}_RBb>4>s)DHXwFnOjBDds&4#%(l_#&uk6; z!WM=VkwJV3xY*uS+8#cY*nPR%U@=7-uw5Fjy)*p#LS8It*SO?DL&a}m&SJVTWw@gj z%Bu?iGKT#+SncMT3B13%M>zU;azK{^D6dfbIS0@=fd|^Ii4ylQacda<0j6KItD7DW zz@M`7moYJ*WlZNv!tklI_3^HWtsh&hD4);?|0g{E4!808@!Bo`%yr>$v`T^HoPo*Z!3OaOxDSQIjuLhR zPZiGwT^C&L1o--RN4WRs#`NRtcaEf8E_3!=_=RqH{hEYpSipBbkDAq#oJk^v zWXyt*rQUi}mCh7)`>8X+i5rW#Y-h5qV+FqtQAEp+eY8`}zB>XME;zLn+rGLt@|7o3 zdMVnnWTQ4FCs4bp4&}M90jkg6gnI(Ii zu?!orvtpj_7+%;Qa11>U zDVF(%A%0N9K(j-v1AF{7dm8&|+EA?QGCF-%T>BsMN(j}cg=RAk*VV07!nq3qPm8%IjxdJEGHrsAV1tj*s+|1z|1fsM}WM(L33B*8|NCi_kRv4tGS^AJ2KY zxswl3U+vBg@ebx22Pjs(JgrupZujnh)K$kfzAjfqLHfc16JB)IVu)QD_Y0e`(uN?7 zlJlB8#H_ZO0zd2DcdYTICi!OOXuq9Gpn~$j5H^O#u*ekH1GWpu`;b!vsFu0Fe_*L* zkvO+fvfPHJOuGtr;fs&c=;jsJkL&H4zz=*Hr`0DOXvxF;7#;Z}SLoh=I6l=| zIHRq&mGlvrTR_oPJW!`q%2vCp2y2f6p(fMXA2XNFA2ekOckaYsq9v(Uz|z8{>m@TV zgc5B*92k(%U8d)->VV8KH|J%S+G;gtnw`1Noz1n*?&-{XaVr#j^}VIa*`3Y5t(Wf? zS|=#ZsFnCk{L*NuCX zxs0pX)w!@p&5e?tDZUjho&799p5)^o{-y$xEujL&NdS?u8*I7ase}IaLQv<{L@_t8vYtDQ<95ie^pV9!PN;?azJHwqr(sb!I<<2IUYXjh z$N8Yt>KZobyw;i}>4SL)YEDJ+PTcw>4Z2>g+)gm}LGmHgl^C5h1uHeMTa!b=IU*{` zFy}w@;{ICxm5^k#tZhf<%pcb~Fm)dMUn=SYp1= z51)7zZJ3~5mC?bAmEP|GE2x0Y)MeT)cUczJ&MBO|$137n_2$mK7sFxJ!jOYaNb?-d zfRcUp%)$clG*!m$b6UHv`14gW;1<(*w%_3bI!#L?b@a0F5{{aKM~^Q+%aieVWcUF4 zH?LYH(tdSyYR4X58Iw54n{fX=;~Rj^dJ@ zR;Y~iwPe5@ep_)~9BPlC0^@aweCiy?Y5G_T72cN*R!77!0UH9te&!jT5e@ zj{%OJi@*<}Nw1)gssZl^QvTujP)hA;Sld@0hbkV#0{0p>to8o3xH3!8ZU8h4de5V# zk+7%NwzfdK%`Z>{)x}(M^oPF*c}qLwk{Dpxr)(A#;CwrY(60jzp7CcO%4@Id9(jTn z2S{vR0mfdftPW4&0v(HsAWO4ZZ9NXf_}Fa|G7pDyqtCGmi?#Z-uQlpR86z;XK(-9o zMS1u!hmN?otoX@xE?fx)XpqNkBr#O;bqH3?A%WmXCW2W@d1V^IL3URaQos_|eZL1s z&D8d(P3f$s{Owe#Z~0{jav|y+M}sGaJ;wABw8r`Mc|E$!Io2i5|i%n(jZ*&8It5RFk5Er)h7}H z+Yaygvls9vB?Hq?`{x}8o&}5ziMs2#WsvU!jO1+Z=QU+le=sT$fVZAX*%X?Ud7}{- zRQi2$LSJkTPJ_5%k$-zCSSCTQ52tb`$H^CadvM3pI(tAGc111{Ti7dfszv&Wa8F$k zGfxK|$7osnNqiuHFLGfP^LT;l%G1K8vf?9q!*r#|v9nKZ`%BAKrTLoMF3sgUl%aUigEG0qZ>n{MYG^4=ZoT&|KHGne}1O zQA_riEYY9jJz;A+&;DZfnovJk$mD5=U$$S=8`x{5=YSc{X!z5Rpw_4Rjz<4+1*ws4BOQ6mMq z!vq}fOrGw|SX(gmJ(0c$*c%7)FGyze3)C9hDZOd1PXey?V?$LoqDHjh@P;1s1tmZj z)tZncq4ZdLUFF40FnagqhlqX%4+&XmsZyitKsWQP|O! z?`$aXySP@X%Xjw|PI0uvP4M1FzA9M#1{a9Ij~ef`i1M74*Kxcd$^f#9&y>v`6Zd-v z)e!&>MKCZ{iEga$d0~Kn-?5W1D9S{N(-T5?p*OhE9Y=dE*%p1P-{SA}g%@vaWXZCWAC z>k0Rlei6GQ9V!Opy@k6jrMZx`l*Z4APnGb7LsbR7ksM-dP`{F#DnbZw-~QRHg$)WF zNEe`6oQ)&-0L%1xqtX~DbPE>X^kqW9-@gI$+_@ZsI*rM+LT5s%va-s%nYp0kj=Q<6!r}x8eAO-4s1TO#1UR}j_F7UkZQyYWrP^%DbN?{< zZUe{g!MCCpe9pj(Dt-a-O>R&tSmZlnY^qbX&0M8SNs$mTH|76&uNkoZ5B9~6{N0a= z$R5y9`A*3<^ZOX5{EWPMS=@1xG*`a;W#TI-bnF6n_<8Rcre$2I+@fyD+DSwCo^mRL zAXT_`$i(_S^+47ldxF3HJUHj%;DWy4c`N@Gbb-=$+N6W}dkK_ushO06bbm`z4d<~h z{lYGD{5D)qxA^qStV^^@<&sTj7z9kE!4-%XAmQlp6NB>kp)v-OC6tI;_lSKcllh&m z-qYNlGz73+0o4XqO`y99aw!8v0#L$Bg#gCASo+5hSSiGb1~|%?7wQuwE!J~Nri-gs zYBq+lMTcj*_`3O=+C@2PI9_`&gBZZ;m9KUPNrQb1T$a9f=wmBEM6!c#Q}{olKL6L( z7w862==-h7iwk=SR{&Y#F{cCFL`&JvX-`YvjAd*;mhpk}k6*uk|3M=S02(L<6h7O8 ztrM8T2(W!5)FGrWc}4rieq>qIQesO88{ghP3??n=6c~kn&)V|Z!*ak)vTUGP-!vWQ z5iZb9JVlFD#3z~87G&HgWd9Dh zK7Ua|Is4XJlE0r9S-OZ26D81Y?BH4-;=hipH30lpJQ#(vTIpH!aP&wGZZ8LHsmbpn zmvICyZ%F1tj`OGa>BfpyE{gg;98}KQ7%MpVAFB{?_$b>wbGR^09?;i9>C0*l_ciYt z%bnYVM9;BOrjOF-@jLpW?f*%SE;7e)|U~} zXw-ujK>AUBqj+kpE;|0VOwQRq3^ieUwVWb+*H=C@vnjFSqMhsa+TYZS5hsL%wa-N_ z_H-Y^W74qKQhKb|aDP%V^f1&j4EYpzT1>fIb`LD&Was2tBc6pMO2Db7&PJBMH!o2I z2*R1)p$DXPlxf6_QqAK#dHYxKV&M+yp)&q~DRs_%vVDFX0{Fj!%Q)o^F3Lg^7_@?( z`|jLdrr#EQ1@N_*mp{}zPTr)7wA%-rtnAS)l_jP9KnkOZg=AWnM4Vmi! zKl{kH|5;b#bIRDZ;KYTlb6I_Met3;s<9>S;MQ-HcGl`!gXzU6MDAAk z=||KJYk0;TH@@G9`rr!k5v;1!SO0P2lj2$Csd{JF9W0!12=Ny@m7`REa6Q1WPmAF- z6aO%tXLG$$!Tp8Mf42LB7Sm3i!HTAX+iV0FO(wQ6g%=eNFs(VHzQDIdy=v5f_WK@; z93Ih!j%lKXw+^{u&z8s32=dNs+uh#-Mitop-cP`=)-ex2&R3bJNHsXNKf|0(|MI7H$H{_PEBifU`)9a#&*IAw1I8_0n z&6?UQZs|CZYopJv-yxqYwhG!2_{7Xy-}t)!cPHM3k{Oj*Mg}TCPE{77zToA#L{6gS zl-fsfed-aSXwI#u3xx6#jnlSI&{;g+*KRD0*nwxYx?-v6`uK*{mq-!RW2{yz9DGwStO4`4?i$wud5UzjZ2jUWun@nIaEYOL=w zrB^uQ(y&}T$<$ri68KvUq=1E2S-x_u+#Z2{4Z$)PU7#YiO`b|fjijsWJ{scX9cQ>y zxJ8U%W@5!l4b{fFG1#VRpsjstn3#g1Q2t?>k~Gbx3Du*ec} zMLPHi@4>^Map-@ZP`4-Px6rYTzfKfCgo#J3fc+@c7%h2*3Mi|E%DG zaa2_Yyb7xo+$+FhGqoGnIi3cN)lpXvAU2Iw})_}q;t3$P07y796U-31_@W?zF1>rkOkTbAuHfLT1r^!8b z>(6mORqnUf8w5B*r<=)l-K*USQ7N?LHu_JctCaNS9mfgysSJ4gZ)h}`T0#>Y*^idq znpaA$h%z6tB=6o&HkpN_xF1ax9oB|Qja+$tL$lrTK9-*k7+TN!rpBJ+9{_Ay`||iM zx+hIa5>p*|3-k4LL5eiZ@Xi2ITeBHiil>VX&URzG|1jJYMd#xaytS)Zm4%@mQL`k| zkEuHY$zJf^`8>uH8n(awVZ`{s&Rel|7;AarFKbQQ6!>9vZ3d@HV||^R924 z3&EY`uDc2pXi&V9r?Rh?BzxhmIDarn3gnOmQDl}xOLK@;Tw7G(1lgH~FS5~2HHkY* z=nN1mIN4b;vrHyO^3`%~>BX)!^kmt^iGv>-Y}!#eNZR=6${l^t+ayKbcayexzJF{d zRb)SdK8~|8(ym)2k|8z`SFe@zQ^q5k740+X@A+Vtpz@u=P%+A-l2Mnv&&KxL=lbeP zkn|v#Db$WvQO;8+6_{;1qfQNl{5up;qxRAbP4D@>U(f4tFOqt)H$5p}ALm!GH@O*9 zpx0=8N2o0=k+7Oa#ShucEGqRsLU`F+_Halsm2PrB>-hYvoxI1!*`jy}TG|>_B7ms! ztZB8JN|HTCWg1d!Pg(%P<RaT5 z%Ba%iO04V0_Zc!Mq){2@QLe1l5v5qh|5n}@WpkLbo=O8v7$1JtZ0MMcRL_N1#h_jV*IjEi zkb8$INZ%zq(@+BCD^O#2bom0r=_RQ|3wXM;aT}Z+IT^K-4HwU7`fl_txRRgR5kii79D4@s?Hj+dx#^8=P|lfD8w zvG7)HfQ%g%YXwF>x{gR${q?AG$hjHG(sUbUk#q)5fE{H{n z;;m@ZHHd}8Xtd@w(w20LKdij>eYc}hqN)$4=at`x*za20Q^d&iAp|x;Q~wqCT-hh@NeHOQG^qBx2b7ulVXpy zP)O+981Ld%vth>AV?U*PjvMgl*a1}uO_8BPy%8IdDU_;2sc&pr7-v-ShH@RljB+Xs z8_?BBy%FIGho&V$!7xst8t71-@}8~^FjiQl47n`L*X6EqZd8#zXe<|x%T%_AABZcOm-*nZRGi4ZeMctPz>lt6jN)p9LejLA(T(>q zbcBNPD4(z8rR{c70~1QG2&Z}HGNow38T~oBki9~i9dp|#U&h+bko68ot&HB<+LmCW zsOiE&Z7bh-nj5r5U*CCLbL@eCCtP-aQ4E#XKa0A<*UFo4$5g;SlB?BT0vM8)-HKxI zNX?Xl%_Cv>an2zp&vBi#EU)?+rAFkgrdkgN=cX4rNA`bBEAabYLU%^gO1;Rk8wl2o z6{cS_lHki^peCk2OG8}?Q}f5WnZZ<84^u%_5QB$0=UR^SB#ZcvgoB5aNG8Hv>-(gWjdMHC5s!vTftlvp-krmJs5P7M7M3Jfj?Z|7%VD|Gm2;w6w|X zDk^<5EIJ|``S?5Nz*zf_m9C{2{F>!NEXFv)`@b4zuMVevLoWjrpmT8HM6e8XPgrz2p^oNb`m4Fc-htMAb8zyu_JaUjUV`qBOVYE%jnPnmu7+hJV3O|KA-8ocf%+?LsHPq@qb50>#JC4g##x2c&P&7o}zvS8}bxpM7z8 zV;4cIr3lh;^ z2$mRv=;$E2su|); zR^-F+^yKD-wR~$G{yr`4yXdLr>y`Sp!9xc87uI4?O3rU1h__NDXR+YkPjT6Tx1FoA?c!4nJyvpNq3&GO7*4o}RoES(_A#fp zfY#TU0xp%_Ffc9~UcWxp6)rEr_YD=Z)D1b__mlZw(Y7TnZ}WIW@D7QX)giPiYvj-E z5pQLT{N^RLhHwrO`TH?2Ft^`O$$k3u-A7Bt8h!<(>z1gmRd4L*u}zg{tdV5lZnL7N zZ&7{Lekws=y(EFx|E!xbR=~mJ?^ASi8?1x2PC~@{8NH{MXC_0#r~Tv5=`YB!R)z{` z6Z3Hb494^{S$2frlkwnr8S<$^28?&~(+doCItyl%Y-)UeAK=cLp~1KQR0^Jd)pQs+ zDK1ovoA-Mqessk&CXe+=a87HvL!-kA6+C(Zzk|BJ$jpTrJ7b)RPDCqs@O<}~*yn^K zj#8eJs!%ch%?8YzN(>r)*bVVs@}MqZ`~1Z+$ANnz$oWsid8Q``wBbo3fD3T z8+qkA4Y02!V~4&?CqGQ9OG18g64&nQ9L0Mp!tOOpyL}4}2z(ya(>S1~ybe8# zo^BaQ6qi|q#i?)KzR>Sc*xQGtlfL|U8)*0$m^0STYLiA3C}^l-ptGGlL%A(s_9=2O zwq)}gKU81w(N0|7#xCB*FLF{7vZ$7E!CakFKDW&`>6ez#sBSdRNGJPKW8r6otTdyV zy3F;xM1%UKH1dclbV6&)F5*9%|A(=+fNHb*(!Oc&7PsP3ptxJ`Qrz9GG)032_aen1 zxI>C-fC9m-K=I=4?(SCle0l!Q%zX3CJMXMvE$(~g&dP#AxKH-p=lrfK(&q@aNTG3K zzKE;UTW(p=0LtM$vW&8x()m>E^JAe$Z!^yeVKl4;bQOH8|VG-| zE?3-*7x!T8R+H)zMzbyBPsWGz<*v*p3EIt*@;Qag?H5V+)v+a0Q@iCS#$|9O4UWf7 zd2=@Qy9)hqO?hKQ7KnivFE7R=ZM@WauoMcxo2d;DNiPrA7hHUMpEUXM_KL?FnA^#k zlIcyQ7|HMh+8I^Vpi_gyRvc@jEiFVb=n5B%KE_t>41}H1O>$4xHHE42oq$iU3;A~% zmFGnw?pfHUU5rnX2JQ2qEx{QNE5zcT<6DYJKCTNS^1le=MpFLRZ@b(Du;ptGr!t?Z z$}>43|Ilk*nj=o~6^(;?5sMQ=q1hbYs>kMOaj|WjB>JbJP4>JwzTl6uHrYEyyxDo|OB++c!_phXH8xtL8&iNKc$ z$(n6XfZN(%Ncxk5*CZxF&)mKj-`@PZpn0zISbl1CCID+KEqf~V8?J7(8W*(;PUjF8 z9>Nh++gam6h2ym6LM|lp4PZ`7)LpDwpL<}kXOw(>YWI~fm4nz6YR&9av%AA>-O-VI z=$dJx(UjoPmjaTfR@ta!=2Px_NYe9_{JKB2=b7)yri73rr)T@1!9D5CaB%>(Kqc*} zc!|hPK+B5L8&kK3l6Ko>w@_^gDP>CRx`AEc>-Zn@Uv-Y(31Q2pivs z_>;gep{P%C!1C&}#;neA-k~_Zd;PdSc}r!c%QP$7=J_vQR!gF#L$o*CtabmONJ=#al>MpZBqj$QV?JIi%0`>KrD-4q~eA`G! zNaKiaBqY?y`Y5?P#GxR-2n z2T?k#w77PHYG+hF&q z#qbDd17f8>SR{q9yvL^40-BySLecmDJilZ>b$nq-_~hUm&BHN`mWgt;`a{Qj|I=Gr zivj_slCU=-q*?WW5$Usu=ob-#r;2QDMc}^j67(1+dasUm4x%9|znIZO^{g-5|Z)osYuu}~v7F4PP7LMR`FSMz+O+&#-vmtwz}+4U{&pCX`) zO5%jq?i`ZQu8(XiDi2}r;{8bHS8~I^t&W?DD`2gpmLA=Hqnj|>_5z<_iH>P1jWmPP z>BZs+#;_C92a$OHccItEC2nRkp&NBPvJ{>?m7cBH+lkiQCG6U!bP~kg-tH3(Q`ED6 z#xq6L7O&ew5IZ83srZxi%8KhJbo7=E*5dceju=B{@DR5k8U1@wWF%CM5ULVaOn|NJ za?ikSrd{MWO-;6)RQ)#y;Y`=;O&3L`M8zx9PXd!vzU=?m%H=;|WM&L%({Vh{9K4oj zbIp^`)5W3uN8q0%HA%BKjXh_BKlP6$ric#DA9n(Z&i)~Lj2Y}x!i32w=R8prWAoR! zxywuU1ag~yB8esj$M`bX_&MR&9!m`{bH0BsMZV)$*fKFJWr~qVCWj$8D!~Rd(HT)J z+5)pL)_Cot3FpD#k9x)_?2wDMiFz%VlF7fQ|3boRqo(N^Ll>$p9FxbP!P>|OH|WTk zq@`UKi7isz^#8N+W{+${8a?Yv%9H+H8?a~dLQD>Dgjk&Q9NPjQ#9vPSu(n4`Pp$zfMD6e9!u+MD z8ft}R7AQC04}QH=N3@MK)r5X*(titomOQpvuczpL^~7MM3TBP z¨mQTH5aREzt}D+rN%DI@^vN8+^SQFJWs(7M+p^iLYABCLU<&7U;f3MXG+JwSJa z5Tf`km~>Pns$S8_iF zM!G{-6_pfq@G3bGXY7499RINtDw7m1)g=+N@3n6OZb6V zIJx9e6IQP7Kk|`UrlM%d-OwFj`_YpnGtxfH$gJi|d=E8%Ezo zZT{1-_6t2)(5DJF99)Y*v2qquZ4TgXL#dNM-Vj5E07pljz5S?2O@%rB6E8hRkI7XB z7*B)RPV=#7r3_42&cM?lp$c#k*f43rKtMhb0s&kaCh!6ZEo^~(JOhZOMmA99Bo<_g zl7)q1htcFkI>#u9p^E**GYq&Lk)qC^h4tcFCe|t;npZd0cV!0a<#lF3d}aRcemWGQ zvZ5>Dg9+zS(+HxF5*1$%im4!M{Y8KwWh~!YnEr)eRFubeFe#%T_n<0$`!PhgyL?6m z(4d7dgNO&Bsc8Ut??0o*YrM0`M#sVb7?mFO2Ja;%JQ$Fb6qCm;S4TnwF!jF5Y zkNHBW>vDVxG7buh$l!OXAH7|FN=eq&4<@|&ic+cyUG+eSq zOB*S-G%Ekh7g8!H(`e}VcBmS7c%J?efA(g+q|!{h-UD}v`9rDMcEgvA&==zJA1O*m zB=VnB4wZYw<;t=B^LuRX?6B0HIKi}urd>$h_!nkWZB<(p9Y5RYCUb~po=v9s><*=+ za~plR~y=k$QC{t&s9Nhv_Nrn zH`TJr1=s#PTE;h~!8>03HM&!1A|k>I#@gBxzm~GmFalmIVs3j5f`D+lrK6>S$`d;y z0f%Q1VSmwM<7v>1V0vNMYzx6)8DbxYDf~}Ti>YPQiF2_tICKPL;l`68tr%N7)P43| z3R(N7p3tNf{oF*^n8BLjBqMt5yYEq5CDlG>rHjZVQ+9Pa93;>BE@cI!+1f*&62@F@ z*RZfxC&#T4C1;_Z>iCEwztvnE@!fy2tS#Bs`}!9Wc&5L6#;3d=r>^)AefwRIfV}bAkZQc7eZ;819oU1P+SW#3MywU?I8Ild+7)&6Q(R7}U752BiG zEoLR|P9>?2905zjo6!F2$2(J2hm^~ovthNY@@NX4EfQu(t|qQERbIxD%Cet)>>C`D zh$Hu}Xl$Obi$$E~IGhUj-8a`vZR*#mh^A{M{F$Rj7j)Su6zR)>z%>R{kkOuyFD99N z+-b`ud@+Id0Ae*0nWpP`t2F&+Hz)rNcKA)z?dH$MN2|i(DNo;Nc*>=gB3Yu~ed2o- z3bsY@`4tUH_1D>8;zpZq6A>dMCj_y1&nW_ql@pJi#%4FSVH5l!eYHkZLL|k_>L_=f zee3-lB+^)|Kmxom0%R0Zb%x0^+cEqY4}cg8r7DwAWJWUNZC$0q z*n)UkeR1(2@!SX75sSPkxSptDr^$^f)lHJY{>esQMo}q9d5gA*yKnzz-rCQ8Hto#% zh>XZ5pL*d>^sa=@D~xIL;bn`}8a5SrQL`fSnv3qo_16tKvW`tU6d=1Ymcr81OqY8K ze%^a9AgqNh8v;&b%78h6#R<1&g_@vobcdYbh2wALkCT0#l2u6IeW@)tt z-)%zXWW7#|A6`E~_mg-wZ7=r7+*4^OQ>ap$^XxdK?0TjOqG~uJk$G_R-2G!jQMLH= zuFRHgyD*WD!Qp}-P)krB?pxE63xK|1-ehx}kSxfyiuQ<<8~-zu*{HYwELvIZ^CWGP zNd+|Iz{!f%HYo}AZQXJPt|4R^Olu-BtRq=~p1^E8)ql73YWSB-gKCasO`1k29HF?T z13GcYyC&w$n&GoK?6XsPOfPgFjF$&|{zUFAJ^%Mx*40P8M=6BE_e;Mx-`Zb$Ypyuo z5{>J#TG8}Pmio0GvqO3|skN0+aXt3greFi7XXj|RUctnW4v_@w${fHv#m zXi(^z?ETD67O(Mh=FOkRn(N>Yxp}urS#?cwUx$X4sM`8^Vjhhd;iNI=N5ykG$h-Pc zi_qA2JZa&Ifk~P5S*|`d*)@hak8jtWlLbx~i^u%OGqV(L$b+v+4U2%^6lX_7En3>F zSiNP=yN%mEH@wIC{L&LhCg*decW|dLVtVM~zr>+@44P&W=+qi15oidTO%o^MceZ2W z%xYHGG_~i7mr-6~z^|37{Xlv}xJv4p{c(%u=Unk7(DveJ3d|ie9cSsgr<^xUlo?*( z&zGcSYm=XPRQ#!Zn0V;zb74Oz6l0?_A@4^Ez|!|S&WkOPVy}*Rf*DuYCz&=?5BGoa z!vEoj(bfGDQ?LBN!Ba#znIU}g*I=f6g@WXCy|O9?Nt|rt^vNA|c?VljZQ>4cNI`jM z5`UaL(wEABzSQVh4(jRx!lp&7#eZV~1bp(DMoOyi`xL-IKk?7W3_FK8wA^i6sW{rn zqgY^5l3XPc4BnDI#rv1PAi3q`kt5ER#x|8sE$`oVU z5<5#qqP5iJDWWaB_@shXN`_CxxO(oty%u}t4fBA0zt2{a4E2|{^>GNE9~RF~UH%~{ zK#FtU+WZWrG=FbvUHm(1Rdm&3GsW5a8|BNNXw6WZ#+yW@j!Am;jsn{sEaOlxl3W1PI ztgmuvs}G2sv(1kRHqE#Zul|GqGZa5}lSh&Nuac38r^IW!X6MK-x|Wp|W)6aSkf+0PJA% z&%HpyL6aXOE~&%<{S|4RZjN1-4f_CkXjOuOOxBJ#zU2r3mhTjs zohTn;ioYsmu6ompk4tBLHauU%ykaB{6aKczPqHWBy@9guI(r-kN#@g+w(job+&P8* znx7XjTf4DzCYE=CO~|_vc3n6wg=h+j1Iqz7O^#$N)?e}F5L&&->5A%1p0{n*-&yH_ zDswHg{dEbD_Xt4@3ws#?`9aI%F#fccm>5hyOuDkShQG>m5}(+NYABTecYoLnuwti> zooCZC5Hq;(Gdcfw@xc_kfhTZHmNE5^psy~T=uJEVbq{7A0|ji80u!p3##jf!^=0wF zu13PA@gFFYKQ_|S>4FN2U3dEZ-WK+&DZlSidi%cQmqjx(ccv?~XDf9m+N(4;98No{ zFq;VOW;55PCv~1eblx@OTkl!926-HvcTmVE+8>UI32aHby}xYcu4)Lw9Otm&bWwJH znjQBY^XD!t4O)@WNurWDEN%1Vj^5YK#^Y(Rx?p}el%n1uD>QHpSUo%s|twA48On;%r%C<$c@2rQD{Rb)urYST26} zwtmKwka;NnG*%5HT3es%_+qtDi)&){Xb0mOCA=@RXl!? zRV_Jgcm$24s-=yuIGxXF#0cCjC0`TP{$rAPM<#U<`D7T3Jp%RxI!H|DL6^|#c z8y7_t3FWyo#EUB5_~U!D&6x_21kX`PChqWaKr62l78T2K{ZKC*5hU3G!q@8?2GGtN zyPa)rm7#&7yi_E!IDCg{hS9zCy)6}mQ%7@h9nbWP-h+_thuMMIwA8VAeohFC?5K{i;nq7s z6afdRZY}G*ohX@n7Cu^2I`L6jDDfGYTcXiv`66ACL&)#{^j;^xEWeEC6klsn_t;I- zJ|2!4YxtsaqjFR}^}dp?MPK`@5juau*D|Ml2ePLgr{Xz8m-Eptbf?j}4hwC*{*wt} zT+GtEp3Tzs7m4o0h2)3XGMD=?9p9N!{BqzT8%1K$j=HWdu4#XEo8GENY>Pw$JJ0#g zd2lX05#ciS*%P35>)NTfQ9xdx8FPMAZT{piJ3m-w$o6AYN)=Z)H3hN>8ZR!VXfI?M zvDKpF4n!@gH^GO1zz=*17OfTZZ(cfRPFCBM`;$nN9t_LsVsFXoF0z@`kjrfU#$Wx@ z)Rfk^kj9TYmBabUt*c)}35X^pvgc0oq7?R<8+U?e7-=^$cW{Vs{18V)l>-%X)o`rVJ1^Xm;SmhKvYA z;PPhzI{x^kf{J3=!`P#?ZRKo^x>B(;?@bhQKCHB!cNmpOS1Z%tZ6PRnV`<~Nzz-np z?sat;usa>?!T@it&X{-3DiW+KTou&1G zWE^SuJXlmEB#!D@2oxg)&Zsibk~;J6E7UvyF#l&Gk8vbtq(L7^b*+BAAb<|;D_)R-xFXOQ{J zjykeZt*k8;Ukh0#cD zzk};0I&NwFNo1!Gq7mqFZLv{%L3mGBJ~?-MOC@rnP33@%&3Cm#6cHGU+jG zrgwuF(#-KFPQ3BFv!vlBT|ABSqGU;!+I3(r>G8bX{rnGg=fP5;MWG<<02&x$(IU4H z7b~iMRn?)6{zMl*C7!-}V6DzXVP06-BRLo$^pFgF9sccF>b&fDYWA9@cqZ_qP9pmo zz}gjjpV(~NL=1kcrfA?dEwd)0bb`M6i>i(0_N`3fm4+O^bGjjg>)++6wV zSIKt5p<84$E|04;AU{s!zGABLUzdkwU)xW+|5n6)`4UT46Z4=b@HPSBv`GXl6q8mp zrLpMj(%F4y371j~3?5ytHMz9? zZA=eQ3-Lx^+-za|Hk`8p)}pFu-3A~Zz~u1YX+jRh{mJRp@u=Kk4>mPw&q+L7r={&> z6w^`~g#Ix5@m}&}o1Z?q8mp}!qM$wL;UpdA;oBc-hity8>4o4>%Oe`S;LIe*N>TJI zmm#cBS&?Y<&-iX@whz~yFnE+b3F7jv?N1Q{9{v-f9Yt5>;h0eK9~&hI1OgR+y-h*1U{!SPpIq(O7{j z`(qsEW;{supzvcg6H3#tLvXohEs3glo6rTG@An2VY@K+dbya{I){$hC70Ak{e0}t; zIIe3mnyp1eU@MO;2c?rff>~n33K0*ZJJjY(W=6n-JAc;X$h}+9=TNDht zuVU;^k=df}>4cL9`$)=YhgQ6yb#h|iA^2danb$V$HFa+(2$!zc=zZU z8+emFB^Vh;8_9WumfDefPV#E!EPGqmw(8k9eBWa5_KxFUfIq&n!t!my@hwA8x@cax zJRvrQmf1_$voEPN4Cc2jHk!w(%Q3(A&~5K+M=WShDDwpd=unii>S?!vB7{%6lioTP z#^fx$V8yOPv9~~?BvN$K;RI5o;pikM&yC@c9T$hzjLuPR=k{xdQzEaRSheZ>SCRYE2GYETEvtra3Z4YVw3+2QZgub&E;5B zE;qUHjam+^mCkqZFLi*HqCv>E0I6C?N>xP6$yT$5?QZO^^uCRRqwUfhRY$jUq~98j zWh@wu-D+aVf?23oBXpH0$U_dI4HJFy^9ZHOh!ip~^2P##da#Ei7Wg=Km~LyCnO0Yc zh78oFfFay6A10m0@c9y69WpoXFNM$>`}Z$&!-DG6R$a;q{TVNHzt&7a;RRCa!0I=I zVGkUH2Ht=egbo1+Co{`zVITUrphFdTpvz4)rSN&3ODJXdUy()05~o zl7`2RpQ6GbOUhKlsQk`SucZwsC<4dd?1KynU1mkZ6Y%j%t&RRM+(1Sa?q~iFDqoC7 zYsw#C5Miz!gEqP;A+z^5mpW1A&+ghHJ;RT^c3B1es&G7_`jGa#61Ne$MtMrjKC{zW zXzYUcNboM&rKxz9Ev$@QhE$$-U*EOQ1g+2LHh}{>9LsMJZ^8cChu5Tu^EbDxi zTCot7`6{Oxr(A+1RQ+{eh|eqLC_s#vb3=4>nS;3jA;qtaz{P z^6fKyVLu^WsaDTJJ>u#>FQQMLd}-9YA#Wz1FZ&26)tScMeJviNFT7(ILkm;2?dpFOJk+ZGpaX>#XMYemMV&m=rhu%jFy`>Flol zt8#kDZs>;x@kwE30e2mh#JtHpVb&85S%n`8qdeP$R#P8=K-Umo(b^CP$0%*BmEZhA zV#JIT^Ep_B{QkuckEJ4*c^3}qag@z%engaMA+65zfU|S950W2&NOxCPQuc5zSE0|A zf^-ddnCKneI(qWL9S7(yP=(}fFIG?#N&AE6g1WK&RSBVjLD>)aKMSNm*kGK17nk~= z`m;h%r{Hp;I_0~OI<2M8w#(<_6Ng%s?~Ix0qUhQHq7u@BQndw!}W&&)cA73Wp9=h$3UG%Cpk*JAqul-67c0#w^S7mLESka7$eI z#hcL6UM+~m6wBTFx+afDzY`r;4%K~GDkp^+L~B=`MS*4n5I>Ka9f7|z@D}@++e@j1 zgma2#omnbKRY{o}M2Tjr=%}Wiq2pvzrpyy^&Wc^nF4~N}PS4TKZ)o*eO(%nNFZ49o zIY6Q8op{ZquqOU6bggcggH6o63LPa;XOb%i%7&G2*QXOy4CNvUN4wn$E%L+Y=sEn4 z`{Mr&s1^S2YyZs^Lj?fCO?LuJjt@hPVP=XPk2NX>rY>aPpq`NN^6J*{k6Pcv&6=NTRXpB?k5peRV3GwBNMZ*KmL@yD{CtFT>6 z(zK_e*gG|o1@~fpE`ZKGJR?Cv%FUivyr!`=0{KkKhvC{yq({p9TIZtnK)nSslZsg8 zWBS_pSi(Igz$?l+u4iSK#BK)y0egDjDHaAQ&9#1HY`Qd0{`0n~TG^lR(oasnCRI4Q zFQj$FReyI)I6{>sG?g-GjWvQ-kx_~rSaX*f&WQE$!$E{^yQZE9Gn4B_(mPSyx21bW zrNzNTXCP$*Tt8M86`FXHQ(qzq1e1@1^WG3K0h+MKkOUnKDJk0$o9J3Iz#T|6faUnd z3^CiZdpi`-;T+em%BiFaK{%LOBPb-(sd$^Gdw(Gfly(#s%gYHieMGp^6|{skcKZh1 zprWzWV^a;$*S)wOP{_d%EXHJ^*}(G}c&Nm-pAs8^C&4K_WIsn_ghWVUC6na?-#P;$ zgaHFmZ<(ps0g3#((n*GAm5*#gOi-&=xLU=8KbhT zi33EhO*VCa4%gr|@9WmKU{^FlYK zX8jMx8$~&Je!$5|3aXfp{IEC6vI#kkCzelc9Lq-!q@nUSo+~j{THUaCg|jQEqMS2| zAV>8?R+N*JhaPVXo=65qat%F)ReTQ0a*m>bZ6Q>2Rhz;@Jx9;APy$ndj?{NJ6xnwO z>HQ^jd|M7=Nfc5E$fhUSHf@8Q{|GV-KmKl!7gGPhf}j8tRYr~R$GI*c%eHTqH7$T4 z+N#hEaNZ}iy(1_ombT#kKlo4~5B_@s@jsu@XG~FNChR!Kh^q`;4Q+lBy!2+@19sv_ z>^z!dkC8cFj(PcVFS$=m&P{m!do5*Kua;dh?J=h+N-V#UaXHxWg_ltV9 zP3SLFtPuWI^2zk{ro{7?G7**ds$wP)CpSqY9o1;ra(~+|iT!yc^XlT7t&UZb1f58}XVLhWSxp$VTBTPGsS49ZwPgRU0N_XnE%fj8VY7id zGOi-T3x4*K0L0rDU5HOT{ry3fS*7G}BbHgV%8DzCtRv=dYtOlz{UT^DJB1w`Y1oen zdp3=;a1`eXb|t>s+K4DSM=T#LI?PnPP5i{W2W(Y9_@>^PTZeBRWw!e$A2}~DMa0Uu zy9grM7e_SFPOvDChZC{5^h>kSbm-`nVYQ-zO?j{2^GZ(WL-i)$H(>AV`5W8Mf+CH> z9nkQAmG|g}->thJD0!{H9KvEKy0$h&nV&Y|c_S7BK9r^f1d2~==hl+Pp$I2t1Dt~`I|=~o z$=R152-f)TYmk>8nTHLXLjx0Eyn^u)j=o)`4A|Cd9$TY(aew_P=3KbaBKD{25*=EL z;#XZj06>_AQKm&HiK`tdHk|ja!f{Rl#3_OlqZL7s-_l63^WE#Z@2c6m=V z4)Xi(*_obnJ->n9RgiZ!1}G7r5F2Fg0(gT3>=a8T$elMCp9DjPaEe2Jet2!#C(53f z{9BQF&c!)I-t>KcQ*-R1ymM7wxsrDQr6wdMFGc)BVd#U}E>@5TYoB@&yeuN)X^jpH6HwmTrjtY|k+uX&!|!WJ{!V@kxV4?TdYW>G(^Vao!HPf@FWXnazIWE2yGi!n1^57 zX)F>YUkGJT#N%r-pU(y&sQyTn*m(FB9h%J{CIGn>tAi8`ts8SMfSs+ zPM7*GmG*pG-NQ``ttp?Wr8L#WDbI?_Vkd^l7I&fRRk(gCMnX7aaz_siy{SvXzmnSo z5}~FvW7C|;9WBaZX=r~T5u4=^)u z;&r&KA&*gei9$F{4#Qqvi|dcLpAOpl4_X`nCdVxayY!c*lA5L$qZ?OObE&6AZZ3F8 z4C}OyZ}Oj6AycY2uxX-=nJIpW)Hg8^2J$%c5Aru$(R~*tSLX){m-kilP;a({0K-x{wlrRz@p3K}w>>qfnv!dX@Q{En2u8&qz8IxrMc&g2+_Xtqmm$QM*s2{N?VLh)-qtijIPwMu_^2idS{g zPH05NafW6gJT%G8sIfvMU`b128h?1Jxn%sr>^Oid_551<>u^9ltQlL{JnujOvQovN zpRWF5B8_MLx6!(!o*wVL6Mi&I-??GEDat)_INhC}AZH}9sN^`c8Vezn<$Y6iJfWq+ z==eh#hwogIVj#&50+ka%UIm{3_Bp~HQOK1^-H<_IoH zsUDRAI4e>_&om7xEY6EPA@B;y*3Ud?f@(N^sbA9>ppNuTEq*~)Qq@%jJUUHqJk#N( zXa5D00SQP%kZcX=UAwn!@#vmCs7V6!U88E8D^R zabU6EwL$f{LH*3!B5Rb@T~1$Q<@A;|!|UXf5M4uyLP`rXxNHl;2^=L{#sJevB7$yu ziYyMBj5V6V9^`*gB*-VPN}<3>>GQ5n8=0DihT%66fsOr)YnzkftPjJ$zU_&|6u-Sw z`=O3%v9#Reac2x|4rvrd_UXMQ-Y$#`$C2A>N7o|J!-1}cIzpgs5PwhXZM+KROTHgc z!j-7a+xfgQ$O;}Bsu1ooFPuYqesC*m)q>w!Vexn?M+%5<*~*(=9)ZVY$b{R=FOVwo z2n?Z98bn2ajv01}6fxE(B?l zWNy!}ZBZ=o+d`B3Z2=5#1;<5bf4rb%kGUA2e2=hL#JENK)~ji$-2>!6XBKYhLr)qL zma@c35?JyVWr*#?4>%i5LHjBEZE!#*z>2H(@m~!HoX#R~mf0NZS+`6=sU>55mvT@c zIN|AS@VhOyTG4wL85w|y0SS|q{qvxS?rxn>o0bq)A@I*@C!2!;`x>)rw)uD3 zU~#EOkt^@xfXS_0+Z%I)uc74$<6lTQ*OGtgO8-LIm>L7#CjFW^{BmvRtN3NlANMaL z*rDXT+tvJY;T8WQoP6sZ(4Oxmm{m1h&!ns?_$tC#jg#g#2MA@Z0^sxg>r{ z`k>w(>c;rQGP5K8JzN*8vZeHzmC@-M;vp z^rSC3l?4;o90u&|Uy_#_MX^S**yX#q^li=w^u+6Ap$m_fd{mBN#a8Y+G_2i<_5`}u_!d>$>RFTaQS1MnJp`f zI0YBK?=W28T=?fY_EzI6l1Z&|V?V{|)!zAX6EIVxXEk%TId6nEm>1*9%z6w_gkYdI z4Po3g9QpV05c?AmV^L+XTl@%M{ae9{oXp2I&$1j+^Jo|MGv?HhB5ZGSwfAqbV)Q{f zl}6;r`bJ{slS6B?jr!~Fn&+4d-S0@sX0%a$<)2uy*)DM06?LWdjiZe(y=~f#0pI$Des)4*v;j2@ z9Os7W%gjgex=@Pd?p1_}(lp5qi21M~D;raMRZFsN&Bo%u7ElQ~v%Mt6sHz>l2Fp>f zLoY~QDY3`%#;3gjXMd$2e;VFy=$j9m_X2C7OX`RzTynd7A)u!1IgZvq{cp7#y-tenlX4OI>N0zs_h2w_eq- zPUL7}7bC#4{1^!v?wG`acNLOx2PgjOYsI;e3M*zVwD_@s2AldWb|+CDa}r@s=7IaO zl!tT+bh#<|Sk7BNE*j_(V25?Ct)1O^AtjLrg$SL_V`9X@)jpD&zSZ+uzMMh@ zl1f4;A$>>Nexa3cnoSdhNpwtCfHQ>YyzRVO#@r&e?VLq|G4@Ft$XBxg6z-0vZ{KOd z;$TAw3ErcPQuuPLNxnGGIOuDB`g_I}maK3Ur>;YS*23#`8oW?Z-)JD2jYbp zQM`{neWj#KHWfQFS~wy8(5NAi$TZs{txf5Y`t%F9l!oMwX@f97NfE5x0|$iOeEl!! z_Wvp!M?#bzj3`YGZ|tD9Cn+v}Aw|B9yFx83DuHtrF}7%HccvaJB|K<#-g5X+emnU# zK3yduuPfA%)g1TdI_Z|}+~rHd7wJ_0^tIx8BELb4CZRo*i)SS@w*JD*v|P99va}Io zjV0Z~#42O4s=M_40XLMtkjR>;+CSW$`&r)G?z9EGQSpA4!&G;WVjdOUv!k%HUo{bM`Y`-mN~A|loXjOEC^(2yU-u{d+mV!jHMZ{Q)W#MMJ+_jI~1&t9}!U0QJkEH_*YNar^rd{-xY(Yi+_nQy3 z*$uC^%@yJrV}2m_|MFlfa#8X0uI}mgX(w3nXk0nyRqZHC;=Wt-rgBzBRPq7%z;s*XSt4ZpPst&vtE?%j@n}?Ip(j|(3`3)&(s?v3UM`=ivMse zb5_yCQW?49EE|)|##GGS zq+EPybRh0+X;d?zrnWJEe_tTkOAv|a{IFi{PmKoD#%yjig{<3T%Ah2#hUtK3x6vs>-TQ5oL{O)U$%MBgk*ja_4H}ky!=;QHdivl1dCqk`v8(U(NR= zSb^z9MfXKatF?+`gvo2_d>~_66c(k#!Mw+7H@IIJt;Wp@>HRc2YcMx+g_ST!1c}lU zjsr%UOma(6b(uY%RUH33gNf^0Ydsfo2vX^nvaJ_q9{jlvTP0T+2`9q^AM+)2-$NPu zC!6+&G&8p!4TRNgR}z>4FM69F{!0jB5pTLh7QhA%vDoP*QII@0hydI&-X z7?%w3f^r+FOO+XFzf00?VMOWvS~!Ti$GtYN3CBe(sX+$ z-}9prqcv2OReQN|^Q^H(3FeL3?0uJdOZNK507EI0j0w^*cQA(^C#X%suMO z`XJTND-p^>?w42uQ*8i*f$9rQ5(UV)f@HWGL0P(KNFxm;ZR+?{e_DA6y&*li>sTh{ zwFJHTWq2=vF~0gH-e&M;r_ZX33L5kgI-lVmSvlSLu}FUmy*93?8kYMIQIXy4{C+2=bZ#-F7W!|md``p8Prd>Z+Gp&ot{H#xC60x&b8~I-n$(m~zBVNb$ZAJGpL&O*> z#%YrC`X!#h9iTC>G=!m$s+3+~Pc)8!ltyh0&g&8d*M{SKK_O*~=s)AOL>a>Uk``l$ z>3~Y%vFG^VZDq0WlL_tMdRPn=Vx35ql=QeXi)MEr1{Njpu8FF@#a{0fFwQx!GYib*`}@CeN}Nd&UdpdL zamnhlu^^YPHE-{9wEER{7-5gPg*I`Fj_^w@cCz$I!Jb z)_#lM$JOHsgFQ35pRM5%~zj0-Ceq2j^n1!C8pK6kB7ZxSs zbMUL95B@?`gsFQ85EKazGZLB%DcR(KAPTX0x!+7sqI!L$@bMQiY-K1<{z8&oaLSuZ z4;4^6VF!{);_uej$>y-6PJ5^3O}=puyF83&GjefWNEe^Fx;AkztXPQSaJmDXc!ENq zMfG}*X)+hf$UWhC)OIpQbsmLg0$c`@Myqie-?gS4g6j)Xt;2sCKfSSA%PMRW=24UA zfaD;0D0p}-Epzg+UrGerVnA&9PA$G(ArDNCX`)m97IP$q{UXpYx>Oe0gz;b9{ohlY z3qJ-oNqkj%?17E@wBOnxb}kjZi?aSm@TDH`@Vi~_z|nAOEb9%wtGs7reb)$%Eebwj z-W5~IrHyo}pD<%ylQzZkQ~xb>Lqq)T?L?W;B1kl>QEmUpEGyBljEW&qiQAlx40+tb z3Le$y*D$!!j#vltml{{vKWy<;Rhv4~8sm4Q&Hy_!1$d(RmoFm9ki#;c)f&578Qqc<>YsXK}bWJ8Jj1pgB zW@{=L{CIKKJM_tTgheEUH&dgnrhTOML%01V{ ziQ-n8EFs}anC)^|%{(&E9L?J0%7D?5;gs;D(MAj>M(See=R2dnkeZk|O7n0zQiaaX z;4d+GPfCgwCxyIeXIkodJolu=Mo^ENx_3_iKXl|vGpT+D?&2f%NvjS`kU34#Nt~rq zD{Inc!5Z&fy(TWj`iS)w7Z^BfBCt?oQ)*Pzg)`~8{(QzW2A4uq!^cL5({;9YdL)`; z>}g9O`ScVtF_3^)*!9?a6!;(oGEyzs^VBJXU73XKvZ=Nv;TB_|;~zLFtvv)M;1nE> zNEn`!bC$&8aXHQgq!KemmPs#0MROPAX8BTMVwf3`4l>%qzv6FSs2QAU$bD6B`Ywdx zAqBRS66TQ7w0wKO<|U3RE9!Q9N5h+R@rKC(7i{n)0^a@jq zNcVY$>4lP1s=m}tQO*dxInAk?mSx4~<7*-tJ(8d8V*}Y*a0ZwUs?>c!(X`TT?ya2D z@|&SniFP1p*YksqAGUzb$X*~cG`h!VB`kqS*ODE5J%40T)E5|QD4WyoLsI&Lv?=Zr zrrdn1yBN@^{yZC<;X_hW_6blrH&+1d!*3-Kl1ReS^;@=&qlQwuMI3OyUTiK}mJ>2+ zZ0hz5AAK8gHRC?mI=!M6BEI}fJwyR>&us+TTPNmiodM7#GEV2lD2~fCjOvEm!sWozAgB-)Y<<%UxtQ^nQ2;;n}0OXme}Y4 zS=RK?^_&44JsNbx@AVBD!J9!X>J#=S2at!9R-_CKpZ+w|K$X)b@?BK@u{a@CJ>Dfh zza2tqO5z88#Xr_>Fzicg0jsQ}b5a6@r>Ow8PW$4{%RRX)!T9l|e!JD+tM}jN7TV0S zyDg6gva-&WI}>B=Em9k088a9OkzTXJ`ZT+uaPxsLmxeP!EK~&;HeydS&z84$R?~J* z&TOD(d;16TiVR4!0&T|Z1qaCc4q3wdSw?y&p=s*D^|Psm!5nQIrN3>Oxpli#t-(P{ zq4&s#xy;fODSB$0ll=#ztp!c%)W$?YnlEk5l(*Yo`M*Hc#@u3O=A~A(8Rf{iI!(;? zX{%eObl-byW2{y{OaYPrXHgQr;3qv2d)Sg|<-bu5_VltjPUmjfYq(wJ=C#`t`DuX& z;*FnpHInn+E=H%rK8_ANq)heNpIT{rUUJMb^6oU}nX2#W$H^VulEHGaV?8%>9q0}g=B z=rVEYj;HucxuxUl?;mP{!>q>=CzQWcCkA(J{PtF|G`?KeR|GOJ?=f9pz9oSbR8~L? zIzQxrEB11XZyc23a)~NBX!LrzBT*R<;(#(nJ$><0rYo$3#5>&bpF_Lg=Ah5UO>>&q$Jgwr&%p z`74@>=ot481&o{kF>(2D4h*Rq{rb%?#_EqGtuKJX6NrXbJ-J&{ z{wJHSU(M+ZaIUVOZr+l~?T1_5zs*Ik2|icAK^(Uoh2a%mhsV1yU|PY4qVNH?`AM3a z;)RsB1YHEgudu}@lJQ+FnA!_JQBX?wTGu_1*unJGQwW|H{hEnpgnA(pi;F2J=>v3& zX}bpACoW6zE%^^aD;Nb=5%)D47*+%!q5zaILEHF*Yphl9tpjLC5C$X--1ec;Qja2O zT$2%^SfTeHB|^m%RayPEhy)$ttoefX=~cB^CGi7p3+iQc>ULJ`SQQ0LMX~TdF{jod zJae^44bMPm^zdTlh=-A|bp`LcwMgAmwfN)3Qw$QS zR&EpsP#;^?smAd<`$aKT!*J`~CpbHS5(2P^spYhpDGE_yVv`Xw_-FL?zE4i@Sm7#9 zO5E%>TY3WImho?=ai-w4s%r_$mhMhvzRpO}owK(rmYc7Eirq;~-6sT&3d*b~^c{PO z5?&$&ZMwZTL8>+e;m|lSKDkrB1g<;US7>5PAFQx`Hhg{kcZ~NRe44*~U?u;{&Hvs+ zIUOEB+0M7bs__C~`pH|~>%N8=LaUj6o$N_>c{Bp zabJ3-xNQd^IM+~Ek31r8oSc7Pwzya&XmZYPh51+&e)iWvkj1E`*+-(9do^OG5w5am z7(#z_OFK$lWL-5EY}9RanK^nS#a_1GY!;b({rb#AtJi!@MCN8p=EYahbiig8{4FUn zD@{qmGLO^$lL^GeMvnw5_hL(n|47#c%?9lHZKR9*(DLS@INC!yl{u9u!#HoN`ug+^ zGPx(%ngR0-I`yP->lZV37ML5^gEAy-Z;7!9>!lJng%64uKRuq;Bou(reRvpA!#k`w z<|efKsg9($y@xY;iucjX60;R}ODU{-%+m?!uMa(7*(OL95KCt?v=U-09zCP1;T{dI zazzipK~pv0G~G0I4=tO~U0Kvn;@S3)<~XRPpE+cwqi_T$tXJvzYZsK2m)o5exwE!P za)|0aBmDSOS>*dI*Y~2)f)+CnL}7p#1W-gv6^cJfPodl09Eg;j6ElJ{!gWvm*F8M* z^sLo;LugtVfGh#;l&LkOj%+YnUfw&5y3w|Qe*HWWGaWQW5KLXB`(&^ea&eOwq?1>RcU^=o|BD!*%E zG5KlYG)4Er&{spI4-biodG?lKfcz*@(d4(;^y$xd&`^;y9WKX0N_U{ALnuRMn;d-q zMcK+#Es!bY@EsK@VL^u5r2xVz@v_%)uzi+J(B)wZx7o~u*_{Ryd#;T8ZU65 zQt8O#kYJh|C8PG$Y*7AUoy^}R5$DAFDb9nD6E-w-KMJ~|f8l^TJc6^WB@nadfc&cq&NfH(PfvtBLKX`mQSxn-x<2_Cf~6OZO=z!vkLL~z896p@ zhtoDpl+Y38&3JY=>WnWGOLk17EvmqHk~KL zegg_-ikUaG=gNFBW>uTKp~U0`8IF@$Bnex?6E4#CIS6X$axipnBC#?U~Zl#0UrkI{rG^Yrd_UMkGMClO!+#;pPX9TyS5bK>!Xk_~Ito*M? z{u&r-y{xk6ePP*wVi(mOK4w^Q6_BKrQ?uL}?0gE_aZIf-&~u$_O0ECQ>gHJgAvLBZ zRzhBAR%~92U|W}h*_Lm1GTAR z1Ja1+ZpknglTO1W-4k}T6l#jBlgJ7EMhahDJ#Vjd@e_mTI#Fu*G`RwNa0zxg)Yc{M z*hICP+H(!HDL9M`eNHg63C2lM!ggb!%sLY&ZjtG7P%&%BzMw#^VtgUf0|^nVLF|4F z%(IxKW@(R)LV_rG!JjPs2JaD@MG8J~0rJ|tZz|d`UQi0!X{=+~j-zULS zV6Zqu5x*4-4yGsFb9r|ret%GE zmG5;nK*(M?+}z3ky?4N7}q8p*?RnUN~Wj$DQ8BjpI6hQic7I5S-F{f z#r2s%6%&~1+igz-p@Wre@Dp-*bg;!dSaMtfg9Rk_-Tr-4jEK_Ys)mLj($V|QOa0gW zC>hIDt0d;nl*6J$mhZepe#42*tVtgb0oC%|Y1~JH!yk^p=MQi7%2P7}T9pEFJm5bC zCd{qNo5dGART~a{Z97BgFizIH6#R^~VRK&_OC|ZVs6O8-aq_!}=dj9&JOmV6<4HIqqW}BggHvi%|D|2Ddz_h7wmrFyc z;;brQ5Vyl2)+6Y=ji}EMMq4f^wbhv4dKgGB{Umk|5Ai-$V?G4Kh5PA_gK_sp)9J9W z^?z*xKreTg;Gnz0UN-`>$vTzAdj1A z8sC=fb?Kvzv`;#g6_l+J9eL@hUk^!4*flrtOJ&@N!gHU6Os-7d3z>w{smux!N{7%$ zm^^IP=xqA@s?0v0`xTydEqs7@-%lO+e$Xm!)8H!n=lqp?-eN&`*e^3Z3C;8vHKLzl z+=?;FbCm$^Zp-4@E0-BQu=DlE%e+@tF9qJ`c-6+d39<8nyzHslK3SnXB+D1SSYRrP z{|YS$wEq2S?~+$t3?X{yQ%i=Ve<~p9pRxa){`q3crJm=U-=*#jZ}AU`k?E=aVUC3R z8e2s^h4g6%=e#?BJSr`})cmpNSK*_X+Lxm?l|>FBY3RvAwz z?WVo+x~VP8JgGHv$jqu%=8o>Pku(~H&<9Wbw%zQZb!tp|fFna-89*c}x$T&TqD;99 zUyDzoTOe5(;J3Vq1D|Z?6-T^{iBYFyuE0kE?LdI4hDXzsrV*pY&;@G0-INI@;wtT8 zQXG}uLU34#|Gvnlzkux9tU&VKxOoV(p`oLhCQI+}ASj!&*?6!0vnOC3xCMCjbnMO* zML;Kc71Lkm)AU;dgU!zRy-}D0gB68pCUsL+Q|jy7SE$TIXg8leGt=t_E~EBm3Z>vJ zD8Z;dee$95p0J@z-D227^-N=)l$Fq+*nBk-*U~hGE{J}<2%Lm>5~sCYQy5W<=8$6h z(tn~lVEo8J?w*oZHjgFV7#SBCwo5j-HmSaeLZ#uBzx1-eaO+xm0~pb$thI^v2j$sw zb?QhIcQ*VjG;s#>v~g-EcBT!aODMAWhOKJ6B4c1xCg26vHI;*VOvz|MqV6Z znNd2O9=TdvyCx&wTqtrO#e_<$!zGc)cpGn?^S)keXUby|fG-eYTwP6j0Q`91g7hQ) zL{ub0`?HSNNGPjt>3Gc8rSYpu9#4fF^=1s=dN#9&(@HXe-!AU%%JG1Y!Rz zCf8}NrWnBqZFLDuj;qZz@+RJvtCr?`#;ulvbcIlmG|3V>Po zUw_Q{(T_tie2xD!rf6Y@A^(XMC^;X?I`130|F%=;@eU?tl+gAkeTC6e-+sI$RS(rR zwwO;T{59))vzYxVEq=hM{OMV}?(yrGlduiFD>^Nt9^a2lXyJP*W?!*6kE@D%Flc4ncH|4+_TqfWri|Z3IHIk?}rRTT3+w)q_WD%Kc8HS zMSf^Aw#!g;Zw`K5P^6y$6yO^^MQ`lCm%j4##T{~4(~HaLsR_BAI;pVFVb`n?#?m}( zxhGJy4CJg}TOA%?p^O+G9;K$=fw-Y=9qqUX%-Nba2q3M1oCECPmHM^t%)+vOuZA)j z_QA~D7~Ib4!u9jGeSvmF}XAdAb${ z!M3{F)6LEWE#{R~t+)oSb|(}Lm6mRI5^1UC+SzB4c28te0QgXrE(iQQc@pZ|xzSR`UXS6e#=oJQpx8 z6orKk#-^{HI}aH{>POd2SO0fG{{Kh?>yUKWwuLX~zXlggx75R)wYB@~Nx zqg4F1#wWwG>F|vM`*vu1Z9>|IP(`sz!edfk3#-UTR8R9ml=rm#Gfs@DpLXtrqwN#d~Yyx_`&{rA%>`-9fes@lIT(+$#@j z!?sKFP!k6d*r7_BSvuWW(5i=&MDwsr>g%P`-tU$a#W5!>5zh%!Es^B^SZrHpX#$k@ zEcF(47G#NE8HhBfuww0OQiB@$pX46|)u-z&FrQPe^(J0OD^8r6RwtO{R=Crqxi#y0 z``msfb5q8ze&meA-B~=0`KYkbS@+}PY_dYr_+h5|D!Yc?4IOh?*X+oRW5|R>tAVV? z7jO^$jc1*tZQIB%xf7AI?;hjD%(}#0OTHyb6S~g9HKV-X(}$+DtOVM2smGl?*f*IG|YHmixmi zY4yvI>*L6VG;>;@oVX@+3Y>xJ>tdrOjPfBPq&DJaYsitw^$?}nV6c`>NLCwaE-^4J z9Hr3glM;UkevV+v7%eH?ZVG7chW;=|NV-Ti*1#`8o8>7*ztSWGryXdXC zL^f@Pj@9El;huS#;06`4VAai}@4l`xNqEHbE$-}Mzl`-A+^C0L1lKt5lbe@4u%UgJ z*l6Jp9=l#$P$m)8D-$pg1vXdt7lOE_aFh%6$~Sv*P+9@SWO)AY1eIFTdH}bNJ`UB^ z$rHZ~J<~aIfJCR~(CQ)n_UFxkIvk4avgj!+*U{JWm$kLVo^YBaF7{+P6b>0DLylCymw?giy*6unxe1`XoC7-FV3t3rf$p zS=OO~oktgwooC82q{7w%S>Fs{!0eqFGU|g#^=eththXJn`+s^WxS8ku5KcxSTrKX) z#^1v#S9!CRm-ABSKk>jC= z3glpQrB3jo9PM6dXN!K5tf932B7clgHCkGUew2TugJGl~FDJE~8AEnEzRic&s73h# zWf;hk7C%1V`Qg)3$>&3xQ;=s*4^}sjk|f|gF;cLWO++=tUIPxp4b3C=$IL${ET70v znK4;yLso{ll8)aQ3#f3AE(+By;h^n;Wi8K)z#dwb0vn4!!_v_{EX~ z9v&dl*&J&X=(*=;a!RYEpM7dC4*cAF>LT8cpL7zA^^7t?(L&Qp?qzEvZ22o&-AzPr z)Za||0!xj8zjzZ|EA98>>_hSqbR~98%oP)UE&K_wBqkKT36w;3JbjC&qTJGQwaok> z>>1boKN8N>M!jdH>%D$x>3NR_O6{~_I{XHfIv&-(O!g7!z}4Z;llUyjC)#9ruRMWL zHJ27I_^io(%6qixj#F28CfIZOxAwFl!y&UoVdlaQ;e(F20d6@#DrMEo!{;63gZ)fS zS=bSsD6Dp4{NL5&?wHy6`APRL%s(7ToTOHCn*RFQ#Qn8|Toj6rDe;L6{>IEg;^QKH zNog6Vg}9%RD^TN+P=P3@o|NkIa*I+71X=!Rulff?YioOR6~)+OtjAkGGBs}r5eap@ecA+C!4Sux!fp1_=JT%SE>0r*z+4s z8fv+4sd&LFs`y2N}G~SmcSs!_u~20n9;-YPo0LQ93YuhO3#*Yc)^y zu+Wh-IK6m&gpyMz1m)*{I%dybmX>aIIjUs-GUAx-ee(~h413|n?8teGtlo0_8c!E} z=#3#4CLeqGA=Vz6!d%+58jAj>fF?(x$Z}ap8oeCJ-~KxN$}BSsdRi z)X4A;3K6f}T69qqp^FI^MUwdCX4Ra{G|jt43IC;E68{CXBU}Hm44G28{EI-YNYCqe z32x{g6miqt0DhPF`Ls3%sc^U@Pn(A#!0iqqNE5cIWzGgg;!N;WAA?Y(c zpHN_z0{rIUaeBN5(ke>z9|%shrvvTa^B?!3N4=?c_~W5?*{h75q;`=nKdKKc>#Xa- zmGLsh=UV}Hr9vvMZVO9g@klh8N|YAWDC0^w?Sfj!ZDv|!KXPH)G5W^(X$|L~bxiIu zr?Z+`PlP2Q$aHn^3HdLjoT0V+2))0RVWJz~oAn%!hrLw>93h=m+o8j^?EIuFR@3I= z4k76WFq?BmVZK&zE~gB-Dy|?gZ^(+7bYxT>|3wKf2l`lPJC>07?9p1<~l7~o)O&=GApuY$PO>&y&cRlJh zBB-65pu)t_twPxsyFdG+bJ8aVpvyG=&eQ?t?mor-ww0}LDpF0m3ZSNK(GvrFWvxf+ z#0SkwLh^Kxz}=iBQvsV6qm>-o&E0<^^2d9$FCYDSgW&OY*U@>sGLfw4Y=^7%4djuK zcK2<*BFFIEbO&g#v5zVl1eKF*Z9dGUs!a^A=B88cSDG2;Sf*(8w#@ zePyL$U#|A6Zcjqr+DRU>SB-v0u0LJwtHf*L$S-Y$#m~H|+yX{Fwr!7&fua|K=JO!SUV!_GcIp^U0z;?-kLG zKs#0v(3TuTS#wNU#WGgPviF9mSUq6dpY%mR_8Gf|Eyjp;^=l&4j%ZI(yL<)yPUH19X+UuiX zLsPr?^-%orP02)1M57b}KLK25tEqB^_!@!fq%gEKQP)qikm&>H3?;Tqt1mG_CVAHk zulDkiu`hXoRTZv5QmG^a5|jf^_?KDBp2+T=NPck52( z9+s`HdwwFj0~r${Hh`h?68?m^aZ`v$*`P!LjseAmDron5tbGED!xlkI0D z-yx0?7huLcK^aE~O{zkF3YQDo9~5J-VTIG%Wn6r3QMOT$q0_)AEwIH^^S5o1!~71T zg?ZZ^tsu3YfrIG3tx0T|=#zQ!@4uQjr{i(A+`1LEu7o?cy#c`f>-Lj3-ie*-TG+5lJh17lKCYoHo{CD3q zPQ9zSvhjs*3Ptoa>a-!P>ilWC>Qh#hyylBN4sf-8q{<15aWTy<}g~RRH1{-`u(zaOlaJ`D@lM z8hRaX=@>LD+k8nbvAq>?n>yTDz?fiB*@QTblEX~hJ5~2-&?ZMka!C;06gER$mVMzN z?-rw3XhQ%95r9SpyYIw=Bo7ka0hC!IGwxHOYSZ zGh@Oh9cB#kxH_7b*oZRw z&*f#}74q|}-I8f%W^V~9OiU%IM^1Ncx%|lcWx&afeioJC8A39Sc2wYdhXfP%K=Dc* z{*_@PDR)Y7rea`?^tE?VT>+7GP+t0&f=xpSQyUh*bDM+)Lkj(Zzc?yv+^w;`yU^)V z9lkHL04yg+-bN`osR54UsC66S3v4HO-ZN~G&h28T?Ncnp_YTdfABV>gkIzj?n|RyW z8U1tuMuw}rJW3>fLk}4a%W2nEUOMp~B34}8yKlRnG^3ID*nOhqbdc|8lKUi#Eu(ta z1yc-2b6FiN)&`NBbWop%rY>J-@Q1=c`c+`AocDCDDi_N6iZo~B7+b#RZZHvU9 z=_3!!I*B9$Dg+euAgC0#`6IWlxZV1}a>CyqMYNP5#mOL0&yJ8_^A|+6hn5X-|0bSM zoCjFV6`ykDnoUroD)KhJ7A~6weJ}T1 zdqXGN^rewUCk}WA;Yn@Chyv{`k!)%bz>A+bE%WT4bUS ziv6L!)wTnH?@u<-NwZ8qRC$=Ed-~kg>Bz(HjV1HK+?=%5-fM+%JOk*8zp zD)W9CVk@~L@w4WT>Fbx6ik^j}Bui@d1E=b+=9bm$0}2K&!qOlpfRe}>ktO#Cz53|5 zof!e`kR{0>983ccRwS3g%6w^k%J@l60(*5UKA|8|7R^j4{)8s`~9~T3W|55+)k6T*c zOikUqVXaKE*G!@qd|S6i;RNFk3XG2V=M99%KEzmjX(<=-Leoy&!x#Ho7igkS{Ly=0 z!dk=M-mznA#<+L4~Gy_+`qb*v3FZCE@F~o{Uao)Z0qj-NVwr)s04QlXzuH zLbSpTQdmXyts>X`A%08B(E4lU>&!p+EDS1<`%c|nF|DflEX zXfCzBs3@YEH<8G<;rpnBRar*8brW$vS+u^RvlB9ZWUx`%+NX?^b=Gt1zd_urN{3Xu ze$8d`C5({X_G?9ej;DAu6)F=b^}wruk=Y|2L)N*|=-CCKpSgv%(S%Z&isIOHt`31w3)4FpHt zwVH$wtsPfYU;#<6WR&Dj`0z{1Q;#b*)9SlT&lh{`oxc?g4X{=5qE<0^XgTciuASOw zzYrC!55;1g0z$0jC0xaUcBR(VZG@)a`ZoTDHn%W_%5xb}N-^A6C!~1ehy8qI*Yix^ z@oumlv2`gp&KZQcwHHpzlAfza!fMaxE;UR1uFQwOlj0H>(TajYn`>9`GG8pLlkMYR zSf|M@IGEjWN%Rw09{xQy&^REi@f0YM+3157L#v`j5ch^$kf!SsWg+*H>BjJbmiBbr z6%#EYe;A5?_Uvi6lc#K_IHqAt9EgqkQ@Y2b2N+NX;~!{4D$qIO#C)5ONL2WglD2gQ zjQH+pl6(6qrk7CDn$qwXDvmXVkt~K~5lSpqMt@(;5!Y1Z*gYvhpGGS?;Px79LTl(p zU&bQOgVi-dN6K4wXZ3IU=|4OEGY5@GVQS{2x+G#}kspL6nYsakn@i>}|H4fA+OYU) zp@fi>?e~R!%~05*TObOv2r6?1>1|C%;a8CEN)b=Y;G$P~6{l0Tjt<2Nb_f>*!4NjyM<^J=1Oy zjsv}Ne071sn4=VXA#3V7Z_m0O zG+ZMza(4bkO>K5+#jU$-*n_e2c*ble_psLNz$zfQ)d|v!h)JaIhmBlvlQUCW5V34p z&6l_rV&_l~@DH1z0`66&Z{sJZY>e}!qqzr6KJE(~;vZA{?TdIE>!fi933OB1*TZ19 z973Wr%cIf8ksHNjDJY4je^6f3RZJoUc9c$}$ddIshNqhNuJ3P@7;qqj8@(Xhih*Yu zLwwR~yaJz*c`^kec7&XNvVoI5bLo_xc3cpJ9eTR^g~pZ)yk!UtDE&phC9b5DbjH&OZ)NlQYS)=MK5SnLTo@u#tI*_Of5r@yk*RZ8deK0yC>Ytogx6R=j z!_O(}ON(Om1x^+l|DiMcfd!WCUGiDI$q5}SZg0xHGP1ImgR_?NfR??3Ug40^*)J}$ z!OqSTxxkcyQB5baRLIjZk!I`Jy{T{Qr5ojo{(FR}SV%tGO$A4{QAApS|EHFcvkpzN zW}X*L*})!qlyzd3oVc_0jfSr{?y)g$RJ1A3ii=)1@jTlXsAT?X2p;-y%Co!{3U1Vq zI*)6MgB(VmYb(9IYQW0GdCj&?dqBy?8*8|*0Y#eyCOb4X`KfQ!11qcJ;RFLyhEy?& zoHSRWHriBg$=|6e={h*NQTW~3Jf|Ao%s5?10qf}w$z3HPU2>f0OWY`#wk8W$bXs$@ zY%`_ChVN%cD87Gn1aib^wPG>RXQ^_wI?K4dQGnIDqF*#{pz}yX?`Zp_iR@XR=MRrS z-25iIF>d7159dYj>wfn2|qD#fi3_)u?a2I z;|W1{2sKvF4)FZN|H~NWe-CEX>?X+ut! z&}aXWOs_i=!!d$y#V44o0ML4)@H@+ss~mNOA3-hP%bRLCW;JCXkqd}FJb>!@IzbQiyrX&A?Y$u|{(G$UXcV@PuW>oO_9pCg{6-uFy3P-*MX^gCWzrj1!pF9son zmhcjsxJCt*-YA)*i=hZKvQ50%+>J~YNyYXwpjdKnn@XHYg-eJ&6=1b~f=HR50Xre< zNg|asmDY&FxQE5pd30vS-(;afnEMc0tPtERg@BjJbUIDzo-pNP8~CLBFWb<5Q{Yh{ zPb9*85$#sG_?^OqXrt@yb|1}*eDZv>0^kpd*CGZlU4$d3tykJ#9d zZlE!azJAQwi90S?lZ`>`ZFbuuHg`2mtKm0F)-T5NBHgYT zQ@5Yro#hL;Y>A0)VCt|t4j7C51SYE_Z5-KeZHDQv03J}>vpKke;-l)A9*E^~D^u=L zUP}Nj){h4xz92W9n%Gs1xN(dkcUXE7C@Ki>j8B!WOx^S<081jUlt7M3G8 z&Jcd6RoEu;Kh3=UiyZVXt$#8}|JnGLFJA%mCG0npsa0OaV55bI+}4Ohaq2Uy+8YnQ z;N~fZZ6$ZjM`fN}8WX4t=|HKOsZAoF8ZITX!5MWKTXB)3R}+~j*y%Kf4I9w~Wq@0o zR~>Y)N!$+Kbfv!2C*tf_K8`F6!Ln3q&xl?~J++vw{W42v0W$Qw;IPjT`T5q)(f*^Y zf6T%j%_qRI{NsvJ5bitI2~UVhhkn6US;dQ_$WV!IfcCE#UiQCu8|8J=vxLX5xlA=HL#YUB)tij^m9g(YF&#k_%pt}4j%hKbygxAtq|>ER8k5ejfZoCnf| zE0?h?=|b%z;G!p{>>q~c&HsL@+#F1nX@uVJu}OSoym9i#R^FNUHJqO{2>E)LT;40{8V zxH``!D`NmF2%o2kQc70hLPQ6HPmC2&D!QkglX||~EZ65>8#QPu9G@UfF5vW%w=PZl0Y*i3qt?#K(dTTo3CHWyih}Z(9lT{LC=|K z@QK?uN+k*XH!LF`)7Aj>Eq*3l2~AkuB=x1G5YYr*z%`qQ7G`}Z;puLE2c_9prbJwD z>Kj3~r}$wDNTo}iZ!Gv8D6hj@0rYZsk)~LiVW>5+TO^9Z z)}S_yc$Xm2^}Q2aWeZSNo=j{Q;CsY_Xj}jXgOceyXu2Nx5X+?Y9rXR(`0Q+Ppl3;3 z&X^rAe%VwUa1D(A*<3iy5v^GsxR$brn#$h~90+A&g_^@mnq<(4be|qn(5(yxiEF7x zzU%I_*a0$6kw2L`lN`a9{-FV14Pj$vq|z{!oRq7Gfyh`_@V`XRJwKl)Q;+VU23?y` zj_W;T-&jlZyBq<_vM(oXgRQx^xAD*NyZZNNdflY4IShSv25@mjEGbs9<0@EWb>WD; zj)OW5W3Jis>N$$%XIze(~aGW4o`7 zi1X796&%aVFLf>K1?V_ZuL}=P;tswP-vv4qdI3{(8xKMe&Wgg2Stn3VMyZSf|?_$qzR+ z4qZO%r;~e8I?mloy!hwb>DUffxlj*jP@8$Cb@knxaZHT5$zOV+=qA-BcHF7nHDbiC zZ)H$a#!Ax~*?DF5b8AF9<>hm0OlPK)%)jTFkwV^U4?mEnfJZ0HjefmL{#AVJgyeet z)NCd@>wIJ4G?ubbQY0w;bwg_Ky`aJ9)^Vr2>CriZ{$8U!w6_+GZB`%=A(JRYY`<3q z5`7MC5_YZe%#|f0jt-X1-o&xO7Ul+-#V^Q*^A?KO%Z4?k3>yUK-_6PmL)H;&Sxy|` zje?E}s=A5{?@K&o8zzz29`{+@dsCVrkB-5XDyH@}s0~IOTIIKC(m^ZDj(jy?;3X&NUwB z4w1b1rT+}FduUI6u#0MtZp*V0pJ`y4In6{7MZ%i)L%`9q91f)5bQs>HSn9p)*Bokxjr6DB($JOhEx4_DbW|xe?DCb`sag#US zcLqbjZdC$`4Zz+FU_sj(DLDDisqe&k^Hc7k+RTiIc&v5hSL89u%(pv20`h_tv;dg2 zKQ6(TAYG{JBQ8NWx39-GS+(s)qD}-oTw|_#*>v@F0s4pDm!d+g)41_ux{!!%wCoB2 z9nDQQAe|898Z8!GEIw}-s|P+$T+@9QeLeWKh9;Zf1*Y#heUqL77M43O(%y`LF_h?i zGQPj{E1OO*_T|$v$tlCZ8s_453dxHwPv@jl`ls%BLJB8oZwY#RADfe!tgHFA+BtBQ zsR0Nu5?t=Rp+zL>QTSk?4QXcL@DHkD;o|E|)@}54Rn}XSIvTan#Q+sHR!_8)qETVu zz-%$W(0mx9Rq~6qE&91p(gi$Y&)u?~OmR14z(_~STl05}gy>6CdR?B`r8hW1t54Iq zRo;XmO^ovg9iT7Vnq0WP4L^ZvZys;g`rL(%rli{zDRHoL&??inF<*ys=kjR_zQOyr z1A0Iz5&uEayw40et?+98gChU-htPOQ%P7!2KM^VQ~NS zp>E5+2Mhl(%Y=>1F%3=@^-<&-Ss57fzYwzy*o{xiiW(U-<|DM&9zeUr22xE!SqBgk@0 zz{rg~@LKuR5V4{#uU{=g_!hl^vf?*2p46W0UR>~x7X0_5Os@x}Pvhfb;^X5{t5Nfb z=*bb@e-+E1bACIVxA>C0<69k@mdlbZegO!ftrTf`BWkalBZ;LQsJbSsH+5%QnCVck zA-xIJgW)g*8Ly7fk%!87k@^E%?&6YW~$bwJlj|$ zll5E`b$gGrL-4qz5D4P@mc8lCTfLFV5p5(%LW0MjRn7!DGG^vUxOhD6X}UM1 zb!Kq8STA%lEVFw?#KLeRu984Drd{Dmyf0zHD{`Z@D6uK=nk0Ah%}jBI@zlvhA!i2L z`z2Sx-zvCzItnO(rXGq|FvHX(YK|33#vX}OuMQhXd4ii`6xR3hBDhw@hxQA`j!Xrr zc*whb*bSNG8#@YXhA{vJGxJwxJTyvr7u=!6HwB21vOGqGc_H6Rg8)Fak(1?jLh*52 zgeZX}k5?20GrE81gw#eSfk}!AHL@!F7lE;4gJ-drD@yrs#vb`TCTU$1N z^-u`wdYieGsWU&%5MCkGBqA(9Z$cwL*}3n-mM2=IX9R(W!f#>OFj?c3Zg8gDp<`z; zw=luD*cMDkv|e9laB^2Utut3&?$CJH+J5Q$0thKO!Ll1hiisP)08!EhY(FCyF6aakVH5BH;kXnH;Urt5bN(E@p^D)$2Q#Uavncs3vf)4r55 zAaOI?diyMln9#NNsvk8Ga|fD~{h}V44r_k2#8f^Q^}}NAz#fa)BJk9Z4$5D6quav8 z2iPHLFG<>4^Wn?S9ErN~FNt)QfKq7L*eIL;#DE6%g=ulOWdaJyXsi^#VA&}t9*o2?z7g!-%xG{X1Y1;rcf#39?lo9;u#14V&=luix;~rr)s;bTHzPLoOYX4mE_VX&c~DbMRKxyBIDJS$pui*&Ox>$|KHsZo6n3gV?wLot|E^d02c<7Y=2|rb6!Qlq_^Xln%pVlb+Sgxq zIcEQ$tPkeh7ySfi-XGt=I(q1?jt>;V4_a!bFYl-(Xi7L|rCwEhiDi7|u8fm_uJCF> zDJAK{0-b;+;w+bu#bK$PHDLZydg3$r9Pn@d`M<9JiyQ@tuQIiSwr?x~zee?E z&5B#5(w^ng)L!a#*8t2us;JLM=ha*rEE^=wnbxvLjEt`-|pS+{crc~m`6|Byw}~+Q(fIv^(jKzD}%_H4+}+4 zo?u8E#f4vp2-c7@=78{g(Y4;)t2^ZU7|)%=mI=&UBeIBm4lJ0wBMIHE=Vod-x^fpY z)t`iH1k&YSgjYK`%;nn7p8BnhaOu|eS)$*T#8d9}y(f;^tV#3zq~dnku`KYI@zK_Z z&Uxk<{*DZ3$UzO+^@^oUil8gC)Rv-JutvyU<$T??%VUhE2yk`uMKFCRjIQ8<&Y4GQ zRPt(Pn`a~;eKlKCF>L9Boy|6UHCBLN`ZNCrYfXOh9gvo)Wy=!^-UNYXc1mQc%X8?3 zKhrCkNZRLZ?;A_!?^Y-Q^QcBZS>p(hdp@ub3goGJIW>P%1h|_)ah~b}K*W3DY-^nT zy^+WxY2OoS<=B0RJpv%=ZEsr}{2c3$H1?EcSaSjYs!QDa<-Yi>0^bgk@Mo#j=3H~x z9%r68lDPkMo)qd;t9a+tPTtw7_0$o^(n3(^26dJG=emj)5nf+JTh*p+L=q0naRp8p zf3K7d@^x+axLuHP(KBg#)b$y;9#n*jdF4P+Y*}pLdOkf8?iFRNuAeQ4Q@7o&gN9b7v$l=~|4xqzqN!ogj&c?TtHd5u-ie1pXR+4+`x#Uu& zHt!^r8OtQ5NI;V~L{I{K5n(Qd{E!-1Tk90wR`FleiZT1*Lj=patM9x98t@!)Z8 z^t;r_88g-_6KLe^YRDWEK9X-~72~$wlGy(4#XD|6hJpU1C%B2~9_k*N1+}kpM0bPR zdUoGhFjGdeBWOF1(L+}))ohK7W)S-#;%>=k$;PIfEL`bdEO&^eS*A^(t`FP6R~LpE z%#>Lw)xxeWKfx6vma0aR(l{I5!wm0bUV(e}+Dbw`(aRp1UMnFoWzw<=cQb6kUNSil z<@|ABlnUk<4MY&;XLA&C%wR_6<3;@7OTk6dt|WtH0X5WP6xuOVd($493HUQ^D;;4R zCv7}C$70FvDD=nJKhAmk_Gd1)t~nj;Sc2oR0?Df=EVuF* zh(HL%0o>=n$VfwR2wlq9DGSF^6oL7YUw9vPqhKiV3DQw0W2U_?Dw>d*C`z7qBGjQ? zEdDEMn1Y$YQ5dm6Vq14ah!k zgTjrkHa3z^*;p3_=3SG6!%@fmOe3CzAe0QG0oYBCE6Sj^{0AY{L0-x62TvR1%#JLB zDiRn*a8|Hz8S&tZj2i;}b0mse)|0g9gaI?*Xf9A*JRC_f8NT2;vO$^7=nQKpdhg+p z_IhvUe2d=C+ol3iilsE-;8!sz2F$5FAwMVnr+IqvaxuzLuxPG!ihFz zmZi{PD z0_etQ-Y{R>(5Qj*RV-KAEUeGI7*q=xVT(cwKN=M{2zdSS`B7l$Cm3ske1&@TMvx** zLl+Ov-RN6ImcH~<0Ed=IalGOmkZqYQnr%X{@%rge+s=rIb_e5lK9{Fh?TdU9WhNA- ztYvG)h?(vaGYKn~org%w-M3pc=_MW!%w97dY6#Ui#}}wtiORZ0ND^JWpZeYl5r}=> zHg}wrW<*Nf3Ek3YxBDUZP20|{fZ)Zt!yl0EG|g7xdgJ+}SKtQez*fV9>d#{wcd@jh z33Cpz1=9;NJ?LcA!JF6qzDvFsdZJb#$Ey3vih&P`np5bngOqLg9)MEH zLRB zgZPS_)DrQTn`dX6s=6j7)WtpfhEs)q?lfV=667SxDnJ}wr0D~%AeIl|V-QuM8=pTJ zLS!ww^eJ5nF4)(fT`4ooE|xBB?#JsvGd+2wJZRHjb2iMbSiS`x-9Stv*2siA(9uzy zC?n}~SaJPS+fcotJfdDZjEM}ln=;9p)@OrIXdrpI8M?Y60ZFUafL7FQ>*+yRvMQXH z4F~5K!G^*#Go8MT;;)j-`q{{*&np^9(oU|3sG1RtR3IT_mXm23sZlU2oQbKm%xm7^ zy}!4CvTR=EB6kq+dgeH)2eHNqcsXrjZ5)qQOO5=exg2|2Oeg*6d zuHq6b+;FY)n%Q<}4 z!0*aDOM$2;&!AYoE2mw=4iM=twDDp@0t-`fg5z9%(nBXv3j;S|5v>+7>9pVz8J$zh zoE$Hiyxd3^(H@k*IQ)w;e$T&cj!~KfOEilbr+G_8(W*KxD7j0adNKT_v20E& z$X0)8qJZ|~nR9VGGt76pA>`oAeBK~SgJlaB68>55J?>w;TUy%R57RVf8bg0TiaPHb z>>fP*WWzg#<=3v98*~DgKRX8P@P?*~{{p2o>Q~p;3+2k{{B+a|0Jv*qgF|tyn}YCA zkFYy(Nt%snyZOV#n)xoV1|2)m<15}}L2!nHr3^c&A|>z=Bk=6{;@KZF0hF#6xiU*`=nPQMxw zh_f`(Q2AO@=IAIPrnD5!Pv%c+=F+L(yu00bd_dw(NU;FVKvp{OPbYV?yV5Np-0VF< z8l*F-7CGp6IPc%{iFcv8+jQb+-lCdNFLOv+gjXJHTdui1P)q;hAdOQMvYhu!dq?4} zwJ7&#D4%$fgOH8N%-HjbPyJI{jrqL8F8h;1;u||hJVjFvEBEpF(7nsv)pl90T-k$l z3k(&E@y4~cW$xy8e4`s+bkvEYVulk`?@fB|HcO-Ux-aRSc-p7-6lOPQO~s7KK~Heg zU;I99D{Ta)QfQX*gxm#^#~3BLt1F%6KWg_)x*qta=W_>|rJAZ;`6p@49xGQ}5uUae z9ZNVuWurY{tvUXnBlH3=PiC@L?g&XFM8ArPn0xw^-bKU5#G?;a@k%$*vsh)8v{m*_ z4=pDTV&4cPMA1* zQ>Wbb?M#J#n~$YUWpQjj4Wjev+@!FsS^woh#B(1sv@r+q!2v+p<{@^%t5v~rmyD`^Tw}TM=?N*Vfe}G_t>6#|{do@v`aY>v*hhQS zOWwE^3SifI2mVZ=k)Fr?X+9_IZUCvt#rv#|!YK1eH3Vp3KOwn(QLm^=8pe@iagQi<;+-^_8#E?OF zl&klTmC>Z6{P}i0DvmkC=)RMClz8eAl?9Q+VxO{+y|N4MIIY)}K^l}3pN8^NIJp_4 zL;S-0ri`SB;U@MJ=SvNz>RXOO+Z$~cBm7vNJXYg;ysN(IZ%5o5cCX-*hS{hm0NFNsQL`^MyQ0xH;O?dX>!J<%z8QWnRj=$Z8S(lpO^S0GEh zv_tLY2?Ff>SDn$usi6g>bEA5czvR-#UO_G%M_WMN=V8xS>r6)>8*QB_nKBO?HFl@J zwi@KVgMpdtiR(H+w%wjZKwAfxg%spt>&nHu1Q3zSD~E;jrR9BR{>pDf`6(53A~8t1 z2NlH^`8;t~0bRv72S0^~Gyb)>qL-+Q;WC~rGR?cE)1dAZq~T)l6oSErj0vsXPFVaH zRU1cXL}FSKy#OLp2j>j{3Li#jCp}DS)HgS9T>BmwABM{2X6>G!N%Sk0huN{}za#@b7?!BAaf>yPC zYo7ffl&BIf^h!Vtdu4L86QoOyawq0Tn@kk8K?uVLaR+T64K^^Ormat0O%(TaoxWu8RD*w(E+}pkMe(d3g0u= zA@mzXj5~|$2WgYlAsV*^Kj;@XI~z&)`S?X74Gl(U!aH?tvqtu+v#?d2%UVo-jG^R_ z#v54rDOk}hdW+n+?)Q$>-4^Ri!Dr6Kx8bJKWpm!M%_8)9ux8$$b@*}aR?gS;vGD;? zubMNO3h9}f@`q+?YcX9#*ZJZnhgqiSy8Muz3_UGf9i`Z7`xc)HBu<_!vQot^%6q@!j*f96g@W z?!&e;)wn@R8f2^<7CnYw;Y|+mcTMFtiq98Xc8s0~x(*-&E=s^k?7p-@hMej^4leO&auO!-2gN|`UVfycxV!^EsX^u8^ZVUl*cl*cq$2HZz zDt`R@9Le|NSm46oMsT+Y;&9~M8jzO1lh9cwcyak+K8ecVu7P9}adDw2)}>EA+wvl9 zI$~E_StL!Aj{=05GS4(_-|F<(tgqtr0_(nYTu&0rJNR9|^e#o%PPOA=(U#e2l!m00 z=D;ww|C7zkRkG^3&6Q+M^8v;)xs)3Wn**}VJ@881Cu4UxrB4vMY@xUYUGuso^^mOG zHo*4oWsFtC}N?B+JfiZ0tYBl08bu&%CXR%;(%|5ol98 z?p_z<&GXg~(r%e@j}rK1a1f^dRuth5b|2DHEc~$J(C@?mvc#mYR=Og6;q_!QWJ>~K z5Yb?N#FbiOVKi^oqWY#qQ169g+mCYnpI=_tWdEdym@&y%nUH7rc%2X6->~|>yeD)2 z#_4ggqOm%CG_&^yWJlqpbHJhQnux5ewC6Z+LG=gpn^|5 z)(M;+MKm-RZrh$VjWb%GnB!cI*=D%gz0S*$>~>#-5>@3fe;hQytY4trJ>272*#f|K zhx@dqm30SqM91~Arf(oatmq?K5usX>GKrz__yW1ACX+_0t^x63_AM*wh{BbaH%3utYmcREz+=!-a%i2Lpp|ld;RIZ%55|^&? zpYzpbS%)w9neg_)U`v8YgUADX9}#b*uX8{yFX<(;M?xbLcd9V4<>Dm)Z*bz=NmP^( zZy#N|MOWi-hpbX=Euy>YOTeg^Z=j!IFnlsp$0g9eTDuJ|Y&)Fx;kM$4-IYTfB!jV_ z@z_HWA3rrhV?z|P97#T}BVSAnJ1i5WE%dpV{2ppr;+$_#pr@ri_?qsZUIH&4 zvd=*;U_W78wv{pEP+(e-5ZQcdkr}b{>_I=|8}g-LiYj0KOk{BK-jk^MOSFzl4Tg;@ zQiL`~cH-}q3tSJ9th>;=#7$EQjna;`Vx;cGvSjsG;j%AeB1dHr!V%DdQcWQXa-0G0vtc5>#W~0kC%Tr zQ_t0WzmfeS56Bksl=uS*aX9$>_@6dF0e-S^9V6BPc(eWA+3Bq6zZ~-(%}X3a}mRK|)MrvY=>N3K1QevQIiP3c&5r`U)fDs+<_fF%>7hsWVjqI2F z+vb3#*_+2_pDIru2(AB{#slO6W%2*EChEVs-0`2f|NnG{|NdDOI&Oc*R4Y5V^7L1@ zm!~eeKha9A^fQr7VHSwXX^4{s+@h}?2+#Mjli}N&+p&-AP8wA%{vT_14yu&U*H9|k zUX=6*iaq6yTaOw2nwjxwQUI_x(3y$2Z9t9(xoltYa2+~!wp5>1l@!fg-wHdQM_;Xo z{#MQB1UOaXCL5UBck9f8_hC|R+=ed-za2hRBjD3lI*NUrbWc(Qt2a!~H|5sIy^HI| zI_n~;MtB#cT7`V}TI!_T$NC~V;mIsTpccsd*{`8`rT@VW8Q@lpy>-M(#P$~1dJrDzyX$&jSaZ1sBFWr9``gc@&~ zd2pD(sHp7AIG)9Zr8BT65o({c8G=!dbB>v$R1kk1IRL4~6%{yUA&W zG_?kMSgInR3t^o1uiS=4*i~mSUiD5xhqlEck2DNLp_ZO=cs8~ki^$2Xf&IWIj90}f z>`Su5QnBWA^C(*s`OTXasU5qAS6!F=1bJL%@@AJF`&5Qi;8EPwue&`>eBb{X8wk8Q zuC<>RT=lx7uJg=0t*)zIt#c<4og$IP66a$^UO=9BFSs`$G~_tM%Xe9R7~`-rB>b!I znp?afry+s6wOk^X?GH!^cz)_`3i(x-(>M(eP|QJ;x|^DIKl_cnP+b*#p>#^CfZl)J z+nLNbZ!t@OnWNkG%d(V{9N&5SWYf-7BU!^s-4bM9sbvT3@*F(3=BuQ^ESyeS?lJMI%^IQmtqB!}&PYD*cgNorxLN?kIzq9dR3a`iv+! zP5V7JzmL1>04}@})(J~6_P1P5cajR3v*jR4Yxhfgl%eJN3T>^fMEzPEno}~bXUnnf zVtb^L1B^pEWwOB$?DQ*hL$aZAz!u+B$kD^RFOw(}{tcdKzRyL|2$wul9%ixe-jV-o z*04G>zTpP|O^Op}H{Z}yU63`J)0o&Y!e#4H<4xwOlcu2?Rkic>y~yTGrQln;QSN|< z{Xh<2ykY8Y_RDeO50IE4;uKj^n&=MO+XuZiYjwBr^yaOBp`=hg)!Ms>1|c{ z#kmyzJt0gd?Nw$~5n10Z`W^`|(9oo;MqhQ|Up=BwQRs_&Bi={?b>6?z@~fy-)`&p+ zUgqu6UF0v>YZgx6+v0LprCIVvNNxU|N;wVV$M0VnhrIm*G6?Jkrkb9x>D24oOQavb zj|xZ{478P@yTB~Y2Y*Kov2a#^6O=5PeEw{Rg|S3TS6a!H5C8G`riQYHp|w*@C=9EBChBj(>esqv z(y8jj3eXGX5w@g56|GT`;rG)t_11p}*Ww!yCo*?B&>X@voixMv_Ckr+FNeT*HMk9% zyt@uAfX=+H{udqN@Vp{%GnbSaps5$N+D*BAksv*fmOk;=`a8yL7^oefQhxq91LniO8+kN8b@PtpeUh1NQK3=?SaUzGIw+jld) z&&4`|(**k}foDy`sk`YZb$)CAoOvGn0X3{czU&L@y+4HK-ycS%_B;;$rj`1SnLl=2 z-Zw}o;U2ZjIp2-V<^MV;fBfZZLUWWbjeO5_W&G&wY5mw<`3LklPaplB;b+j}NC4yy zC}-9152zOY{&~hjU#JU&pZayFCNMsHvx%yID8Z#{z?-(@(bDPG= zMUgxs4U866ZX90^Nh?N(XhA@^mq?Ox^GbwLryCn{5E;{Lc-+)2DV5NDG3sOP;_ zF4SH(Li=Ac;~4f{y(_(UJawe2!3KkP!>J+O{*$in z;B!C8AM@2#WJUYqsIpGYyWG11j3T)V(In1%e;P*HF;QgJ5k`s-4u4vNwqg&ieC(rK z9iI-xU)r}EgFq4OPolbixoo*XmX0TX#Bs8NIZm*d@!kuQKT7pKkg5#)Dj8|9#ilfR zjt)X?hOC4}e0$YuvW2=pjn^&3S08vRo0?`40=l0!ic)Z2!DzQli^+m-La3MopchIm zpo`n8;!m?jBr5h)v=Ova96@}_d)olVB(TfhJmU>$7R?>Jc4~^Z0g>lF98!2i$y%*k zWC>KQ`B{f#;qBs3+iT4}cTY8bE*`^3j-Z+{EVkGPDjDJHI=}Bk2~*^x&1W)N;*xc7 zPi?isUunXA8PinSUC9X-*_H7+y3w6}Kuyv0mWfbHr;)FK#KZ&-!}v}_yR}K(3hMWB z*m)D(s#G@OhgJnz#eW~zOkWR6_W*(>z`}t2yXnu+J>6Y(ZbE=25lt10{+t@YAUBVN z3ZkW@ciyFXVwO^T>u6K{?xhqRUd1;$!a8`Vop;zbkl3Ys^3LR$3FO81%ABaTk!$BpZ67_ z)p^a5GTD9Oer5#e+(a!!hzzrb@7!&IL~dkUywKdDOOe|)3R+=e7oo_}5M3Kr(P#9s znq=(sn}D67cD^oMQppBZMQoVJZ&*QFSb`vaqQv4!M5gRGZ>m7-xhP^xSwUYp;zmwB zOPOX7*pc@{Zl|+X1#B+RRx;kmAb5=D{~-s5O`4i4GgOjOFCJB^-4QjEZXO=J^xt#> z2nt@h9o;WSPk=02IC9LGXUwf71C}hN?aZy63MM^OZl+f$?P}(lnkkHohTCH(UM_6M z*wCd&s=*j+_ysfFgSflFiA1$_qfW2*`UiFk8$EQYT9#MW)s5O6E3DfM*vVDBN{IM` zRG!g%vB?p^#iSR`=|IM25z%wgWAHN^GKf1)JD;rmWP2#Fu4VqtqT=}a5UY$bRbCz? zsW~Gug5W6j2-n^C%h7JPH6tUmM=jE7vF5eU>yLV;qVpHKionFwX%I&pqlS#~PjeUjHIJ(*w zt;TxYRiFyA01yq%yFF5&s6Diih{93e7TdjlUT>NqwmI_8lPf&M?z*ss&(IG z@$)w~mqvhriRu^l@e^-_+mLzhHP<07U&m)w%Fj$F?+)0-Qu%*yR4xl>l5x2Vb858r zP4EEwjaA;NCQ^0HA>RDvp5GQ+{N9;2Jzz`Byj`z}G8?7Y6atbnX7n@T z56(qP>yerktCx`O)pMDU=ByV7hHOykqc{NQiYQ~@lH!7GFM#n6X!(uTH|`f19#L_X-vh(<7NeugnHHyc z0l{J$WDqXXT&lOf3fc}>Q_Jx2wj_Hl-YHNna4uU|pP3r{t3^T3$@9=J(T`mS%nC$%(J=Wx|6=L-Vw448%zTucEgW)v`OG8Y%UT`c?m_j5%gf&WPi(Z%w%*u}qwA6cBzP=N%BFPF_)mL`ZRPdt zVvD#9P_=zrkxT)1h=YbCZJAVwhK-?%wq9LvU}7fnP~*Ijr}eAzX(W#Oj8*lfadff{ z8XKFY>|sy?q9GYQnEzykc}rr*M$b;ehoxTKOy$&G&a$yO2XYY|TfV`iKp>|<&Lw`Q zviYr{IIYj7+)_>O*M&`4`%yL99&ff!c2P@yZumkSedHU=UyUZkfk20pqA(K6rg}i7sQA6-Bh$dbHIIGe@RCa#BdqU}6Q^q&0{CsK@xtX*R}JO|9bm zNDKdAu3als6<&NXbK00v-xi#Z^~oQl?P%!%k$gfJk3bLKYv#5e9TmS!$hzb^YR{ZA z%e;b}&K>iU>Qq!C8?JhEU59F!R8)mixwb6tmRFWk;C0_^kEWt2&^&Ey2LvT5`$k6X zxuRdWOf|C1DzBa4nI1l{ffhxaIk~`JH|rL~mp7K90x1$sS6# z+rcM{j$|M2O~`xFgb<6quW9!zmp5ro_5PxJFa+mnq9O@ZlI2Xf!og{4(U4WMZBDbo zEo<8Lr4;tN|LD!qmys}WUk8L^)21($3s3Z_xI3p`M3(8PHnqIev5mjUa8#a0wFpIQuCL7%I)RL)uk$h<6Y?w>xl^Js$V>ePi%wy*V;w@p+r{{ z*;PjFALJ5ZXAepW(a@)xZjGWwlz>Bb2~rf)kxw5`CWm{$-?lOOn+UoZFNRmY-Y463 z;f7BN;Gd+djU7{X53zjS5c#P`!k|`NvQB-mvcvYt(Nvz-e%!#<)SkO3jal^Pg^&$Z z(~&6pR$U;h>zC@%&zj?w5dq?`1R`u$f+C=J-1OE`lj(5eg=35Vtkr55_PPM}pg?*J zkF3Y4fV7PELvuXUC5D<~MRQK71eIA%=gh1r13l|{?lC!vKZ&2J>2~pCCC3krEy8JC zAw3$Q)D{WbY%jk8Cz;;EL!SsZWr<_o+lQ4%ngOaW`j?!eFJ1*u7}+!cBAs{pj3ok2 z;L1hvjOWh_3SB3V@bh4#^P|H)nWy5L262NY6_s0sWl(Whq~hd*0DYf04`{ac7&36V z;aHk}3Lq9=A52W>58TZb)W_LST*Sm~$x<120vJ~13gy<7cGqhDRE`WO0_X^+k`py9>H6Ctw_e(X=(349cr^l;PyCSITOk zA$;|mDq13Tu^&~ohhG+`TquLMlW-Da{c4(?IO?PAK;?Ao+U0wS!-ZIPh;466x+`7j z1h`m&D!MZ1l*uy}-x#KbJvo6usDgKhgJZu80*B!JCx&*}#B`S~ABq z^Nd66TR+syl)Tu{*qd%cYlpZ5w#H>~E$flg%#=*?jg2#Hp{|cPF1qS<_(=P(Y|;iv zH{DFqDC4}B4hu%S5#gv5Pfx02UbkLr^l?~%SU-$|da41cncCkB`^fBa^y2UaqY#-(9liFaUn58?q=omM+}*AXN(SipAON~o$P90D^`6l zHybMS1LH#RQ!Jmxv%OpE`PUXeS{F}S1|svX#Q$Z8YP^ba@YX7xR7`Zqn8L=2hf;%7 zG{Y^^;d3;@c~X9o!CK}rhwVLpI?$)-)VgV5o7-+yLHAakYQPq$D8tz3w&_|?`^xMwao9r+ef{$)T|#XGcT+QsG! zkUPWI6F2~C84 zl9(f>KOTmuC`hctWAw2L=8#e=sb?#s?v8V4Pg6vQgKJn_L}lA=N4%{iQecKbt0TSu znq%Cs!_xV)OLm8)YdQ3<3U3WF)*;M>X>SL77+GV_8-EcqiSclf>AW6ry;M%}d5z&n zD$Fp1>MLU_av@FrQ$`!`5<)NPr*+;fQA72E!joCMUBKZap z_A2lL&QP%$p=y&Ioky%{{$A6f^ivs=vhdY;Su%1FX;1=ak0fY+aKIP(A z%yBr0+bK~Bf)KqNBA5kTZkl15^o|%Da0Y4vE?o5K?hQHKxz9n0a>( zM{2Q#UYrnDg$EZ3R`S88GQnoyIZf8SRYZZht;bh#q_tB|C?u z09s(VMN(8F$5=m>81jr9oWPVfw3z(8+E0RaCtLkTbXq0R)^u!*P!f4Kg;nMphB*{l-xTn73I!op% z`Z%yTXdjJ!j$vEzr2|FLa8k-DK1~5v96e#FAvxD@`#l9Tcn(mHQRK$WPfm8w(pGz(@M{AStpEbrUUdjnS z{L`X;+9ltvxV?NpFMbkxmb_@$kvaYI$-6#->-$8niHkH2O1pQmAJ@-~U;je@{?dT% zL)KCKNO2q{OVj)W=L5rxgCAyNm<^lZlm>gR-75O869n|Iuxhwxxp2TKV!UJ{DjoKI zrsOW-B_$;TN7ZV4or!KCj5}DHb`)X4mwWB9_D001dGMP}jlnwX3yrOB;;C;?L07Nj zr4h8WUl=ej!OD85qavG(Y36wGxUlhLl@}(lPqOIAOp{j~^(^#K=ukVu{ooMRk&arg zH$w#=Q3Ll(UB|&onVkL!rrb|W$Ck#iZlU}pxJ%mP$V=#+0w1Wa^TkVE)<*3zro9x^ zesUdq5i(Ko+;`WMJB|EuP@O_&z;~yrSk;{EN}a-jj}*MC*ZA>^M2w9|@Ah7(7$w3A znj%1)b1{-{W7+j($OCv`r+DA1TX34_P4zEYu zaEX{>c$%#bc8O^LfG(0?mSgISZO|X@!u}2T?f?8n?DYI424l$ofXMZqmagK& znQ5F$uS7qRw0;sfX)~@$ZEx17vfLg~qz(tn3&1LORNc#Y#P+}m_4f>unF+YJ9NEI1 zX*z*kd9iziiX(r#h~cuBa*U`Y*gYX6_NR&64o+Vd=o0W`(yS8U)(v1x4)^2ZAQbd| z)6ZIX`!I6RaBn)1b$UAAun)B%yGpN~Nv{OAA$#{AyP<9Udt?WD9R+)kG6wB51Z{`N zyK{P4gyAXuGV8K)DIU&Fy2vkB5{04aN|e(rtrII{434?6j+3K=7FBfYACSmnQ?{_O z8?+Tu%-O-|Zr8?=fpvy3qguI{{^rWEwKr;@zWdx+~DGC+RZ`OPWdTX2R@Dt-$O@{tyNhoP(;W8ewREk?<#a`U6%?|J7PJMW z5HKJWi*pXEf?=I!Ys38%mOJn&lU|&yh;BTnn9JNT3P|0 zX)SZO`A~qqRv@M4&|2EFa~TIVcp_RaE(L{8I6g#VrU`NbhLNG~pP8VFDH2PdPm* zi&dKLwprWt0m~E&jFa0UcJqNJq2&8x5M8Txh1{<1sFVILSr;TE;E0ohw&0)hn12h} zYFL@3)1M$2e9Fy^+Twogh077Y(mVpDJyXC)W@|Fnpj=!j8>{bpp~l-6uHPUhP=lPn z#QX}%{le=tDd%x+gOt62oMi(&oxk(F`b{dNwv=yswOjp%ce!H82f8#H@;oE39(=65 z-L%Is+#7{x1y2}-_@DVThU_AvK1dmYaq^U{mDcGgWuh=`?M6uUXB&=I+Omz{fAWCY zhTVgLxl32uqKb)TCUKn*^~%zv{zdxJz2F|Q-o5X=dyNE*)02~t1(v92&x|JFy|*BRFAy?sa^E_mohMco)O!0=Y?_hQwEyEP;? z)iR!^%A-4}V5-22s_^LH&rtA+`9@mthljcR+;=LmtX{*X3pQel_&);3P5e`tQ2R8G z*qU?}=b|iYwXtMC&s{+;=V4a9r<|4b1lJ0!^I9gg0n0+p1msO7+YlT?^sLWlv;;4n zS`)-RUCh!>fBm3kf~g2a1+?j9Rrx>=kPBZ-@mt!9h>(j%EuG*Yc?-WG5sZHBv zZPP*9mk-ynD)jKR@32<N8iV=C2azLG)|;f@C9123OaE^2=?>~ zfBc6X;r~gL04|h3HH* z$dwMez7@|kwqSyc%Z6oQ2tTuSNw_l{-yLdyi;TQg7D0}}d&3|Z>`^9W-Y96aw3_h< zGkV^0TPNqTev)qR^(0BgD=);AA6e;W^MF)o^N=dd<(o!t#I~kOm@4w4qePDhmtpmR znZ2IFoMG9}FzqeGZpuZd8L*G6I?IkZKHThNtk?aOL5s3K3B@_R2toC$=Q;sW2gG zdd#}xg&Rt2Lm@o4v%a$Nrn2bPLjz#}H-C#<}| z+|(t_tf;5a>e;$-erMT2qXQPoNw3iOQ}HRR(a)N&W$|fI<&6Sa;itWHu;31Hf{>XM z2$~`tYQJ!soK`C+B4eE;k-eXToE8h-Zt0(K3Gry@U){@s$ljfVoVgEb3&81*67h_4 z?ux$OPm$u>zSQ4Fl7ke3D*(KlFyi}39Y&Xs2kR7KhA;(EbQ~o;0l4=`MPrzO4l2o=~NI^f+a?JW=2f}Ld$yO+>>rr&+atuSZS!9K@wE90Qq75FQbWjk0s?8jXge35+ zK>djgkO8D=X_0fcaKZI7SD&g@6kNm^ zC^?g`64U!us-Mwczlxg1SWKU$y8h;*3#YdrRFKQ$=d0+-9WIv#+%e^-M!Q#Y9~4UG zmU(oqj?eawo2UI!@+V1JXfNhg zB-QvU^%{R4@p!x?fmqOu5g?}t3lbTwdENo8kyTSnK@-CmRFdhHZfPjWl-CDCg<{xe zLDoTGKTR9AMRaV+M20a582_* ztP_yKQ&KYAmqiWJm}tSQG0{)5UhpZ%u&da<2UWy6XM<5a+AaABp4XErg9fn|#QDQ~E$P=o zz26Oj$2gY3=!q}4wrWpff|Cz|TMMjy6*%4gTj<0}E?EK4yuV@0Keq&e?PXTV1o&U- zwiOIeI-tH)L6452s-BUZh5d*hRKPK4vBv8ChW6vL(v^?OWyhN6cx{n$wd^)4O;<1E zV%yWIq&7O=8>sW}8v+L@FI}}Yq#w0*0y+2zI+l&KrMen9@Md3%1cQ$niOv}VCvAeP==menx znmwkGYJ-YT`rnpW&tTN$>=A&O1j~N`(viuDU7~!rGPDKv1AlS4qd4*Z6RY( zP`(_K8~w&9MBu}c3{?sR>cP8zpIZOV@1%|3pavF2qXVIcUL@Dk)N%W<)rs`%4s7|} zveM;zI_e-U`8O0Xa!kvIIV;VEBH#->9z7oOw|3csHk?6EPIuYJZdNl8{HwJd7wUBW zk&LxjQ6BT@k@yRhHF2ZTij;=mN#P9IWt(0b6#$nOg7)vM*)u@DItx9}aXE7j;q`lj zq{Q&UE6(rVodrA#1f;C;2feR&Bq{}ckCowGXCH^UDkztNfuI-dy1?1y<)ieSof5&yB{G50gn@jnJ6)2zDyymt(Us8(WwZ)SpfCCKd{E{>$EJcw#!va; zm39gtf}L-Se6WXu57yygt4{x!7aWu&&@|n8p`%*Zz#PZtJh-V&-@DH)(W2r((&yPQ zX~ylHwNJ6+bAaX26pOtw>9rG@_xskoVDo{7TFtZTSi;iTQ^aVgo}XK|`i0O?QSJ3F zN=CP4(I09Jt2i(ssiYKbg=J|9n>E5vD(0ECj7YeTogTBf zI8y3eOSt)SJhLZJa5NQ+6INR<6-GEZ6yF3eRo74iaE!jbz-aqQYw62|_pu(LlT%P} z60)OlAWEw0<{l2wdZsO0+Hd($4%pFExkYm{=qO~#fA{`>VmAL{Wpq?VQ-&5Xb~#%* zo0Dqz(Sx1`IW<&(8wc^GNX^kDF%mfs!B(ukBIq)ThKT(|eb}j{(r{w*uhqBdl8-mN z6;!y2W1Mu18F-QH#BmaT0FMM`YOa)h(^~AkX=hHqVMr}w3f#^KQy7T9H&l)2ysiG} z?Rrz|g&^2>aOL_c_!!}j-r9ev==Gpaj<9jf@rvk4R-|2}T-rRq(G%mX;a<@tTD_3L zX*g9@m}%QQy|C2KJTb0e9@9&<7BqIPsL3Aii$XqXq#l_vlDE`UwTx1k&a*JQ^ z0xnY*z6XqkzfnrjZ|bq5FzHp=m9fg53$`KGlb7yIriX(Vy=1huG}*)AQCnqVYlI4@ zZBT$cD>@t(E&(VlcQpy$0hlJ!=4EGf7w0$WpU?+;j!6-kU+%AI4t2i1A9;NHKJ^k= zQ`9`ur*zuJ{1yrbRwW~US$J-~&o%EPx+}bX^Sk&!Qsa>2X0+=MC?)du2htsX)rYx1 zAf6=}VW~?dL~y)*@Yke#VgkkdmtoY>g@ve~Ud${_IA*Yj+|1!IaN_*r$o!|L)V)yM zvP=G8`I40N{MQS`#qGSQ^|Sc7N2~W``hDkhd*6}9#1yf_t&AD2TS&%!JEcAn0R)jnX)?z| zJdwy&sQEl3+yJzlr;XcNIZIleMQISwutQGP+id>arpZ<23I&k^oVB3tkULv_vb0 zlfrbKDA_te(M!{Fan$L0$zr0b4Zn}E`4F#J{Z+i^GA||fgdvS%j|c^AwMPJwLB(b- ztiq-!Y8T-O_%V4q!zRu?lo%8gvZr)AZg3;;fJ2lKePZu$+@|078Zz|QFu@d%xl`9L z#9_Bf1}js<{g4_nFY&Zmu^1;nW#;7*%&j~Fn$P551nzTP;DgEd63Z%%ihzOTs~+0_ zuf4Yni=%7PMLPik!3n|LEkJ@hAvgpG!Gb5jA-HQJ!QF#fa0}45ySo$It#RwdcIAC% zf7hHjv-dgQp1J1QKc>36ySjSS>guYc&-2{(O>W>@ul>@EUy(6=IF5JVc|}r~$@n6h zeZ<%fAM|-xL4eqgZG#rYfu20VsgAolRrJ4XtDoRO21Fi1*28leD)f2Ebj{l9fViY5 z$-tBWq?QoM$hoi5m+wbGkg=~zgVksoxI{ndkY3ju%Vm^$Wc|c|j=DLiU#8r6R1|M` zsQ>cqXg7lBOZ1FCnR5bDOROg=rN9p2;>!Y!Hsc^KuQ$Cn;^V}n)ogrWe7>)xQ5%_+ z2$gY65L1x~%<;Lf`L)!_$i}q2Q$D=>@irsmU4dXRBl#X`o*bLMni(S!61Jzx;q^VV zuyrK=A?BXfADkH3)ciw43d^+h*z*yz@(X~&rn5ZgpL5=o{~*{-=atMHaSV@o1YJ7- zRI%k4cl-BiOcP_b{9ePC6bzTKx7&J=H@4u4uXmBbkD#R1ty}T!9oSZXyAtdB5?_=I z+Dbm|u+M|3N}r#eNGRlgSifSWJG|D=RwA=1s%waJLHyV@W{7adK>p+gOdGp$H$QkrIPpMJrTR9&^WaJ=QR0jnvuz7fSL*U)E`MksT`ah|-0(dD|-E_0}O zx<~b@YsmCSiqCmzwB6%~rNbI%Q}b=_b?j^=KP@`CYICNNmPed3Xj{h5hRj*k446!* zjzBAV+GFIFg`5UWb7|~p)hz`AtIbADw0PS3t0k8;hSn0r9Al+$zS z<*z^{8eB_K!-c*vSP6G2JgMjw&QX%I82l6%;11OD4tWh&^drbrW9QBSR(%V04h?~2 zZH8H-p7cNx`Bp*vbRH&&N*WWw2#w2yIptH10rTkI{J*$U@@O{FN#KCYEAMxGT6?23 z>DuDSNdFYaT4@W4s-Eu_pcspkrMq%ctm$e`l#>VwU8m!%f=JE7y<8*f+kpd{eCOg& zJ<%VpwA+7;4st#hV)dlkT9VmoN)t(s4%lCqJ3tu3@~;^F9dVbTcE)#v)<5L9y!>sh z1vi}3rU{c>ZfxmAvw4W=QKGrux2!0uFnp^7b-2%_2*ZiK#`lw^q>c3Rf`@V`5n}5Z zH}SEJD~~Z~7?13ck{7>o*my>xIox*jPNV_4dj_%B%Aa2vSLs*FWs8hIBzjp*X|(dJ z$@Q*xxvBn+M7fC*CZBeruQk|Rw8v~}o|{wRbE1S6N*lg`X+|!=9%w$ykT5>I`Qt~L z{G?}E4|lFKEcOxfbNbSQ1a^Mq#%G;&A?ZnDv1@LscQ!NCbrTwBLy9tbpr709dcb|{ zzRgSQ3K1D4CW;OiR<@76+3GN^y|mP46QT$VI;c(OGv^XWnV-N{kyXiMn@IY^!Bpf8 zg!qC^!zg~}c|2ecFB2U=U+MerH4JtgFfo^2+JBg7yD{F3$N+l}03#t(6^ZaO%nb+c=ECL03@M5m` z=y@!o5ihfNl{u}6{$?j?)Ux6cfLSJLX-rOa*jx#DRqTtftZnvw<4M-zeto)7r8$*N zPQasE=D(+yIWvqGoiMIl6`3nH;k;3201m%f!8=|P5@o=UGTDWw?*rfTCLyb^hp*W zR#NqbT|bB1h&+IN0nCj(3DQOXwbo0ENs1|SPcXWE$1=E)8eem<5gWK!&LuyTLV!uLcLB4J7INRp^wofG2wghWxt)xKHoOmEWl_n?Kn;)FBr^p{whOU0}@ zxBL%_E2{e>Df?;Se|FTj6i(SXyUE8F)nBTf4X*KbL)~TDMx*tThb@T{%MwZt3N0<+ zEg>>~7PXR;q*2e2PjsLm&f_CPi`5Mgi&Q_< z-wO9DH6h0)d|?s^=OZuJ?PMc$(ee-Ac+*kTvt_6i!rfxVfr*&@f)1m8m8CkKbYgk0 zxkPSRO~s7iI|05WswEG^U(Fn=$n)PH%N;uE#Z(;#>TkMl&^hu3&D)ZuV6OenXm;mZ z&BxJ`zjCbpdRl1PdgQj(dzak$Py_yY3P7c89wy=Scc^sQ0z{dX1gP$5WWuKD2~vYZ zj8ap#*^*;R&dCQ?aC_-uIxE@Gi#iyz*( ztyj6{!ZlNqsw_p5SNB@2r|mVdj*JZj24FBgYhmzxZIZ4xIelI=8FNqWb9kDY6|$sJ z%uM~v^(WWVW@Kg0hAjn$?L!D$1jCoQD%t%i&9{sAa}@IEBgK;vB$lSpkEun?@V|vzYY#x0n=I> zow?RuxjQCo4-Th?9Ft1%%uM!vn8A%1yYln9DQ^yW1mQ=!T!uHtr<(@5=tIDFG}YiF ziYtFFa8GNBe(kkOU28H9{P|C_a*g@p>G9`O)d4pOHhr9e6{3{SVbQx)YotO({rs#8 ztqnF)+ci7m7f1tZvVSxwX62~!bHgY4&Ns(6GwK9|wf4wn2F z{4~B^@=%-kd=ci&A2Z8MPCF%9P^^xDUTo{4=@Q(Mz+sRy&`yXl0{fGia%N8 zoHCXU<8g9Dkc(Ywc_BVzY6Nz=n67hrv5ij;BJo3K$1kQm9m%p+ggYwMnayRwVgyOK zOVKVhs%>X1t;XP-Z$2$H$+a#>)oIjeJ1p_%SOk%CjhvDTMIvCp>{>AHtQJ=Sn#uXs z^MP|FX8ELj*&Lpj{7e8qk#n)}zv&YUgPn+tc6+811efDQuB+|!#&BrZoLQTevMMPl zix=%>V|dDkbIT$?`OqtRH@u}633^UbaWuom4<_`in3I1%xXDK`dLTe(9tZd$x$cJd zeCMziN3KZr?o5$uIldAP!GPgyJwtu zbAX|bM5fKF{1GxW6}iRToN^t5Jjl|&b|+-ZpUt`;Fqlqk|NA4n_?+t(7@sf8q>nq( zE6X4L5Fa>kc&dF2F<7maMe^-MzlausCx+g?}O2W zDc)KPdNo5DS`u)Tlo9-xnFebK7u`R@{5HJ+;RFv|mj-)j*@%;iuY*JeHroORIjfC( z`TNW+-lf&vJA9b>&nfvR66|l_qN>7 zJ2FQ!2yFLn%STV@JbKJGu3ai7)5o#O3U>EOFDjIkJNiER_(WIaJSioYzltyUNL_sh zufV}6a8<86=;A?x%vc~*GS4%mYQ8#a3P6s4g6wP$qFSW!*2e?RBT23G%Gned5?sw! z9P$gQ@89~a!*4x>S$1`?pAql{9%G&fw~QX>MPhAO_DI&}Xies!S0%cCPp<&GH`d;S zJ^au=8KMJ-z}`VUxM z{>2KT7UmFv{<)u#=OQjF&q|41cwo`tg)<^XJA%#IKknXtY!K!ZN04L6H{*Qe`N?fN ztk~}_>u8T+D6h?#xtcLw7%j2_EKd@0Y zcK1ag$#Ii=E2z$}Wk*Rw-pUapZ?zuUx0r&_&O_q+jTdpw>iMrl+%I+X-OnuoQ2K82 zy3AN><`oUIzh~(B=$T!cvzuO0*Zj`1@o-S)?u>E@`<|jy&kMOukgKC9&i54Z3k>rJ z8JQ2B^e>E%Gs{5eA??LhUndXR??5fZ+8L(F>{%_VVS>Qv{mgn)-u+<8`oOP%mb%pW zgy$7b>RH+BH=nE=|G2L<11-g9C@czuJ8={$w*dOs-Q4;dKsEhrRaygY(FiPA{5-9(%cF#ES z7Uu$>vzFKsodMr(b>4{vJc110oR}T%StbmSa3k^z8gYKk&9|D%F{9-&;oI46=E}95 zVfi#A{!>Do8w=+u&H&6fmyX=@C6yw|-u7WsXKO*fuDglvf5?i;zc_E@~7C>+tFAW7Q%>8Vp!zlVJya&TUb zd#Hd0ScytRFD!ZgvJ$oaWhI*W%St2ypzUM+Scw4syuYS-LQNXOnC0{1CB#zos~FqO zZ5iGMw)YnEtK$FzjHt6B!B)abnZ2syWW!3%4pstwf8?gs4m=TzmlQ$lcwrs%puKf+ zc+yG>8!dq=+#i*=K7wL1_UgTQJArztatL<;Ct?X)#quTeKfGEQnLhWhzNbhT?S|92 z^K?>-v8z$#xaS3bzeA9v7*TI}L6dNPrT0QWe)dRxfutLK=6AfHNnU}~JdG_Sp9$ZZ zXYoWm3pd1y?%)UDksJnpwMql;ma@Y~A3;q`D{FVWw^XC68&_6`TISt(pJS3cts)|r zbeo}HXbB96Hse?D(OqahZ79sd=MSt4Jj@8btsfz+DWhJ=U}*p zopO=q3_x^q@%D`<&;gyFtO%|+QrwX@fRje=pSFr;z|?Q$m%s`7_y!^tr&w|D+U&{} ztEBnV^O$i?ku}b?doi!tP6iKFu;{YBG~zKS-?7;TQHHs+2#HA`a436v{j@b9BPEhx z0sB5VD`?oWfR&s^8|}$?I~xPcx7Sy~>ikL(x2ajQ(2?__Da+=ViA#>VlrUNQy+nC& z&w@qgvcde`puo=-2@8$&71o265pG=0k2-tek%6p)?tuwfr+&ap{(%MR!kWLnAQGvB zb}s+BTIYSrd)=IDe>|m-`YB$%z zI?v>&4-pa7a$ADDi5QC#vMnXl-VRVVM~(T(0Uqgp9ZL4kZ-bD!Kpb)y)nuGz^L1fO z*CL_HPo<81vl>@@{=L=j<>gcQKQJN0PvO-gwzg~xv^n{PA@sNm!JAXYle=k+K!e?a z^7qP`VBFQQ;#9G;T95$bwXO z=5_@3YS|H8Z}Hb&XB+5Ao1U)Ff`-e50x@r-#CQ&{K_9*`&eiZgKmB9(zq4TvPY5I6 zXy5_(G#)|w%)N>cacK_rTj>_s4h!9C2K6jj1l9SdvdxIDct~Z0sD}nt_5&;od}<)M z_Xv?pPdi+Xeio(Jr9`o|4dktSycI!rSpEUNR{dk>E&vSOmpD`1-YzAhp?RBA>xaM#$eV)|L6UK10152x5eTJe8y6gim|G4)JnHHAmU3XJ}l z?rd~Ebcdel(LI<0M1xSQw3MC13U}cZ>N?YTR(i3G-{zzfE5ec2$zGa^B3oBNG_Ulr z7)s>FJGC7rv-iD{n)fYvK2O#X6|%jYc%FT-?cl`-^6d~iAEm%1$Pe%IxT%hCe7%`H7KIQ$y%4%5bK3syXe8{udM@hV3@@0DFpt4u6P3??C~ zUx?9NN?RYA0f=Q~C`!%a*UuD-hwtTjWT7>_d%7-#1+SM`ii+s-?Q^=$>bC%^eE&vN zQxdDYV!7aKW9rbT^SCakMbd6uG#1^jw`SyKaYZ-+_#-;e*X$EFQlDBd^*_1SSy&}s zSpx0EK6hE1CmHBjO^ld|;`5%fCrGU>496YEy(g1h>s#e62N>JErz{0WFsHI^_pCxL zwS?q86J&CdH5=!(2#qbvkc%`e2I~y&AG`2#329m_p5B)w_T+<(f;zM4*bmL7iTHIzjGZE^){(OgPVb@ zQGV9Ed*kEDd~*u>IwZtW+?uPN&wb&Pl49K_a;63ShD~9gmDuI3w0U{{=b@-N*A`OX zo~R6*RF5duYN?lYhr;c)Nrb{DDV)cUkzd1kR`jdt(aeRxelZ%<|xDauwDON2JCg0rN6Bi!|MfXD<+k3gSeEB4GiY8_+`sYmjnJF9`0XFYl=A{$IH&{w-sWXtW=zVVX3WmoN2AzSFRp1_@z^|9+yB)mSk${4(K9JbPW-{QCzkQMs=z`}8$NFi=(`+2G&$e?F2 z!<&|(-pj;in2>X3a(=bbO1`V58j;TsTZ|&)K6YP7NyA-4ZISJK(P4Ta0ma;qgOJ%7 z3q3ZrdKj7JNFOce#I<>QE{|K}nC!+ZX~}5*qADMcOyp;ok?x2I+KvD!iIP;(QEKC>EMVBXt z&$l@RMZ|weZDjXA>H;8!ak}{(?YIbUVL7;h`ao!xZ(|Dz(_f)oB!lSgUp%_(&LivC zh)l{-IYxDPQW9C~Eu{zM<_x3TOHKRfbfI6J=LZ(6@f5@dnaIBe*+ws|R5+LMMI0-< z>2iJ-0JZhGo!4OK@1=ZTQIQ+8mmAF~fh>XN244T>MaUAYt@wLmqDYFnvqzcH5G^c9!ueH^S=Y^3MP%nU0%Z+o^uA1lRI`o3O4^ zo*!_pF&M1H)dIp(TW_kp>FoAoU23f|`>D;m=H7|O=Q16394i6_Va?nf(jyARJ;mHT zGX3}ctk<8u7SOEZrme+5?jmhZiO?=?_!fmEyoe4CuP0fp=cfX>JE__tKWG#}w0?Kz z{U*t))7dloF&?vLYyqNh)vS>NG=;`_f{tLw+Jj0Z*OE-hc_tKcKdI17I>#V2hNeEuhb@0p-%gJ_WaGV z?a122cEUbS^fUw-Gw{K%3=NB9{)N~3A)iTm@8n%rZ!23Kun0?fs-*REW)&GG##Tn5$e9Mg zqyE$9LYRb1CrZnT1g@u6(w& zk2_;G48oFUmI|%Rp&NP=RaJXVGEc6*+qF`ld$%xzk7`LTZLZ&T_OTMU-I5I?LoI)F ztH@Kv@M0-%dWxN+t#9;y(+Hhy5~@xrIiip^^{O-rS5d$d?kHlh90Z9FEfe=PPDcn) zBs#*=3A!q5af%g7;DqNh_i*{^9!l5!$o+v-kM}BJx8_}`I@0(`_=hVA* zzP(dTk#rl1eS?)OaG-Boe?UL0Y2|R~GgV?Z;=cy9Sdi(FM%+LkJhnDoW56j*VFwGpkK<*+(<LUE4kb<=ck^Df_oPzmE$*??5CT0G2$WXcQ(Bg;BLy zB_lqyx`b-aCA* zo@8Mqy={pB9#SIV9gjpEwS(Gk+y}MXb!Er0b(#BIb@q%uT`8;-MOK?&ZiB-qr75M4 zAf!=60p2@Ysc?X0a6DH?d^efPB?ECh2i(qOrjNUt%+;x)jqyq`!6d-v^e9?0K4fSl zt6Sj{%tH4QpRL#F%}KK@aky}_u2c$IQ`8jUL8i@bP8)y`mH;IOW72{T4GaCNrotxy?@+)$DRcWeBab|I&0_DBQ@Qa09;*s{!^*xzjzQ&D zLu$&kT}9cu*LkAPdNr4zt-I0~ILmtVh%YZx$0t>K=CXWz!c5mnO$iY;pWfo&e427{ z`^r6jHmk{PDN;P6A`+ngBEsJ{fdHYikG8&ZTT$dKd;d*>%R1*#b572VajP(#?|u3~ zdp=#8-;#uhQBMtiK)3FPo{08Jz9;aR?3sv(X7xc$6~3-Zjy};&SJ9DJp7b-txk`M8 zkQb;86IUNrnXN7C1haC*h{P+Q?IyChvd?oWy}ip4wPk_a=mR8mKeP!x>su8~GiNo0 zGN=Ja8(G(XnFpVB>5-zhLO%)U#6~cpSyGW5pm>bg_r4u*oPW2v+THzwg7Mtr5q-e{G z9beYsz!ND>w2pxinpsBS33Aszx=1i^>P5|OfbM+EE{Y4j=xq0!-PtDR z_g|Y+ky7|)dtz@A7#HJw;J!B%ZzBuOr)6RtZ7svfb9mgHS^{$QS%HTA!5Oa6a- z3ySsTXJnXsI~Q<`-Uv&`Moa^0q!j;_&6hcT$?u|=8mUm)3{`chkFkRzA~KfrJkk{N z*2`h#D<^ONv2uW(3;Uv|Oc5!LcY@Q1gT5dLA*wdGNO+wG=-%}W4M+hd8>)2=Y~IM% zKI?AZiD4P*GCN)N6}yj?dm48bR2HI>s(XWQKU>e%=Vrh91}f19Tb&Fpg0q{6(^2EXpo%Ti1tj2EXaw_4gHpu#f&X+mQu7> zmgXiT2IQPne%Z8#!Q*$57NMKKGsWdX`Q^%qm@d%N0Pny*5YyclM;0tF-(N4bFi1N5 zV*J*u0~$eXP&^(&{UtX>(}+Jt8XyV(Zr30oAjodto2P;n5I^owrMw3@v;6BA7g?&nn_1U}TVq0@L_NnZMB8=HYN ze_8Ti2r?Z_T`SG=sSm3#X2OnduTuyx2dQVBwS07J^16$~27JHc(IbmzbC*uO(_M0b zv@5(S|K4^r(y^UD@YL29MPzr&&Bcm(ksG#mul;8fOkOSy<(e4MffTN6e=b~opz@Tv z8NDsM*9%(rT%*@FOR?%)-P4LWX1&A!)O-q0i{L8o@}x);v=X=ZVn-uE=-7?=0Mj!H zGJe5jVbb#vkxzP<3|;3Y5uf%bq)C&YE|a76qi8#P4r(aT7=?AzmmJs}*qm{)Du~x_ zsW6I=i`X4)vgSIz&HJYCe9=w8#-S%FFyE@xP+4T^M2Ae&7$b+(+RM<;3>mVjPs&T? zjD?yzU9spxst0(g6VrH=IK8(nCK62U2~1$K^Z8*5B5n_nfLZD?VDf&FC#}iMym@5@ zqxYPxbptTk8CGu_%#ZA|n?l9((e_Gs>R8)1$T=5{qObyu{jTvk*+Vy*EJ)2lZSm7b z>5GdC>s0$Sw3TTmht^@V?v*>Z+j1}-$bxIBU}Cz7=iKcp>c$ZIc*Hn{w=inCf(qt{ zK@J&Nb;=JWH6N9Vw&GNus-eFm?q2#&sBvN($vA||f4bOeY+9=u=6_gO|IG%Y9;kl} zQ8SN&6st0CA?VW+1`vJMk8GSXSGz)v!A8L820(RzRm?DQp~DO19dU{!b=+tE>UCL~%Q`)dEMM()hFmFdjWGv21ux8Y$kJQNs8@KX_uYfl5B`%)RZ+4uS-w+U+hV z6{42STA8k5zI@w<>_GTi6Fr77$7$zDY(%^6dq>^(QgaqokSV&-IH5%J@T^ZIgK9s2 zSH78Y5bcWtOemt}O);|_m93wcLY;Y--kf%{Vk-H+vfpQH?-r6=A+W)B{m66_W)6dX%<;x!luDnj8vwYxFB|ZQ5t=kDTlbj4=$+Q}w!Kt{ z%ywW`XmEAdD-|ACQ$Vj$RT0n%>6H;*1M|0!HrA3Q?$%jh1-4?~L!2WjuME0nd+R-* zb>$;XQ2<7`IEPMRJa)fmw_l~mOc%(JEgX=c(4p7_G?r>TRK#L8Ri7&It0UDj?{d5| zRdM~mn?V~cQ?{{R=I{J+tbl=RM$*pn1Mdr;7@xWfuJK$B&kw-*p)Qj9D+Vjw{0M-s zW|&rNkKNB}dm%JE*J#^gSLV&%Rlr6Pn^~q*6cA6u(7<3cFB~_Xi|G+B$P^}KLtm2q@2N-5n zDPu{9+xI=ylNRp&B#l)4lb+C=l*e0WAm&$F<%H^IZg1Ak7p+tXzymRadG=%LbRZNd zMI#AV>n%M=lF2Rt(Bbi&37)9{i|H%`uC-pMY`>1RU?R!LR#|Ixr2>(Gj}0N~g;pfzz!2zHAK7m5T$${-Vn>e6p-qa9MTFqlhfj(^v2sNj zV!CbDYA+e+6c0d0zK2GdamsCo_)#eq4U5c{IvyYPv#|?E3ou1wpN13!dG40~yf}Vf zI|q+nQcT$0ve0o)S=W#sCy0sZY){#*;V`S6rt*b zTcc%pjix=?048+u;{{;Qxj|Z1-JNXK&~^6UX3k=1CCD{TUL5yMf~oJYa9-y-4udKpZV^ujz@8cU&eiliA<7q7) zoY^I8NP+oLR;$13g$28?=uCqX#m{A~ElVMqrbgb1R$g98&w~U-0v^VtgI6Ph8ckec z%f+Mf!Tw?w61o5^I~h}0r64;St|eFO|K35BYhp@?v!?gudp7r_UC?IySNci35-W8; zXCi&aut}5NNO*r*LyYBjb4j89c>VAQ2ZDFsn)%IfXzqr-WAdzYNjX@#un zu~Cf=cM08yM#p?ad8Jlu<4~b{i3Y6lr?o{3Hw=Z|1d8wQF`& zxhFRsq-UKtw?CfePHk>p&CF9?{4HC2veyO@(UXpBIgJ_)EQ7i*yGBLQ>T>R4f$K>X zZ3(L{g)Cu}jKGaU_4~&316LvexBv#lIK& z|4;2hoJ%Gld3&Md`oQ>6oyvlSedpIlDr3!sv2kzwq`#!LpFDdWp&Kcg zWR73anELcZ45ZK7+mAF7Q0sK0cc>uI<0n$Xd;69&I*!D=*pD(y@(I!nf{2(+DX(B6 z@uYpdxz75!&bq8{zwWId%A3K>3Wo&lAS$trpYQw_qsn%Wxa5{))!af6-5O zRTERsW>$R0ky))a=IysTlKcpAk&lECA0GgqEYZH-=Wc~}g&y0jB4Sg zA_bM^wmAY!7E=mYcv8s$xNFw)b#*=~$g|^K8RXXN?X&c?1@2!Lf2`|yibA%t?avkR zO2=!*&xChQ5y2cMN@0cqNA&K#TUdCGm3WO-Hvlei$&A1<} zR$6W^H+9wcw)}S8uDIM0GgXXV;hxEL*W@E;XS`ek>EUaJ^LyKywMBP%AcB3+jS0?~sOIUH1aM6>dK` z^G!J{=~k@EWy?Qv7LQkz46iz;ZT%0Zl+`>LC;ouj?hHfnI1t@NdCjPkbNEF3c z6KaMPpAGU?oGETpE{6drM{Z&7HgI@S?ESX;)-?rdL=Qxya=UY%9rCjJopk8U?2QBLOUXR{PJ*Bi1kRqkO7)bB zlKMRxS%MLPuT2p%fSZkd5)=LOyU8#YQzKbyCeV>R&7C_J!?XNPs7H0Qn5Je&ctomy zV?2?>#LNtI?A~QJ#{o6sμ&!%nB{fpN6;%n(RJNYC$Lp7Z+9x9Bf_J~~I^vSzJn zd@%}3l{t1%sTvpct|T^2l8)f3e&)<<31aOtEksJmx$iQ*5sYT$j6l8H)8z*Q5+N%W zp3)bot>S?X8KP!x#dnFr;TL~Z1DjPN9BT(ZSdWu{fE0~}queW?Qb z2t);nM zl<#U-Atcj_#efi{7Mwh?#$EOcPO-piq~}+;C@;04OOBQ4!A=XFM?1c$U2oU+1Vfr# z;WKpS*>|@C)F|1U)_$hyi8a|QZnZxXTsXFn{Pw{Al~}g;)pGk49mN{gD#bG3pL?Fr}#Gs2HB=HZ)ataZX?5ZJv8-X2N_ zQ`;=wnTFi}VdR8biXE>|zDZ)oYh_ETwXF%#Ug$;z<-Pl+njwK78&5CxwwFk2#>Y@v z_up#8{vV8_p0M&G$Gy<}hz02P4mOd`{Xql*Q)x=8w*Vs1BHzG0?wS0$p--Eb(_b7v ze_;jzeuBSvfY`)dHZs&Y=+f3MnWBUMOd)>`Mf-*Q`O6BuN4&0ChI6~bzht)fCrqR+ zvu)?ay1Ge8UR=M5R9M`24jq@787*^>Apk5l%q*}&O^otQ0T?)dxe_K7p6uK>a&k0Jje3&C7oT4UzTU#XDb?kJ)5wGW^|$Z^Z)z^PNpJ3I1lODTj(!OfrS^ ziqa#f%9803bo8efdmgr4+}w&!TW_}5B2Rlf4~%z`^V=zKp(G5PV1HJSYj_I+N0jC!b zVUh*A=+ouHT6D75kNucluUtfLEmk(T?;LB#XM-au*zx=INt8s={l>n6D~)RJfWLj1 z+WbI7@t^<}ou5Vb;*+`ZW4NVN1t+)P;{nmak05%lvHA^X*BUw4kpS;YE-PkY4i%|@ zV|zcX=d^zSNL*$YY(bU3-MF*qXBv_z530WzbozN;1$zDn?7DW&6G6Km6%n}cA{vg} z&Vc0?#fNckr|$_&bebPX1^a23 zmvcFLY|!7N8${=pnYEh{QkIWeDA6Y*z6i-%|1*=w%ArGYe#uo}D`NKgy`@fu8m^R_ z>3Cg{DNrWDySYr+=rBlPrGBXYCrpOlzD11aMPbL45e<*S!+U`xDc&2qnwga>erJfE z$ahVfnGJxAEuNx{{Y%AB-oc=IMwpUl2&4Hp5*CDlf{ge%Ge>JCj2r0#2R8PX_=gjO zetM}7c2C4q@%s*Wx6=Zi+EjwznMG)>VtQ*xC{zeYNH)UQDrRqKhW}=X|9s;6(~YwF z4=N?UVG7kJo?d!N0DoG;efPan$g}EcJO}%3Z2Mnmp-W*IbZ`;k*jS&bh{wrQHpI=;Gy628;~r-m>rkughI}-vbSjT$}6GDDgYV zv1M|SBVAU4vX{?wQA{|nuZ;iZRgp+uUAXo7;#P=yyPI>E1&BP<APY*S*Z`Me-*L5)ART(UI0o`(~$s+`|_Sw!Q>=$M3!9eCZj=q3qwf zjEnn=?o%%>Z~^F+RiUwqy9w*Y<~x}BN$ROEHyf_+QD<&5-ZZha+QdFfvo1^m-WUUL|C+G)6D%@lO}xyVqAPg?Kl@*_ydjlFoS>6P9J@qNw%SlWYY@m$G7 za5_D6xa<;l2{8hH;Kgpi{N`G^p(ugD5uu)!U`RRxgHnRvo0z+^)}Nl@iSPEGRhCJU zsM+F7bM^-gh@Fyy(Tm$`RXPn1&PMIYV006g*KZ{)OO0zQrDi`Y>WIY9Y?Z`Ckc(hG zfRit7GSFUTgey)go1434ZG>*}{Y?|j%;7Oj!1!mIQH=3T=|3Oh_rE#<6=KxpmKpOe zV|#Dk2qMC_22S5K)c`k-*xOZEgnpzC*x1TP3yTjZG%sXF+%rdU21R7p?ER!<#X`My zjAUQZ#DmZ?4aiMFCNaLNuYJE8Au01v2eC3R0_DToH`547%AJzbxdRQzM@tGnTe7oq zDB?izGDUmOT~at=Qdwp}>$Aj{i?xx>*nU_%w0oWC*94Q|*q%;Ji8%@TwYVeAgPPbQ zNY#Arfu+m6cXzh8{$bbZCwQPhbU$3_RF7s^RD5G8XL?C(dSPKaiq@6VTGmZD_ zBT&S~wg%~)l^%6d?O}JN7JyAU=xg&$yY+Vmk>>Sko9;UmRhk7mgd;A@t6VFM+B=n?>&WrRjU~*rSjIoeMsXb8zLQJH zy7zJ1+79_s3$BHQ&=vw;ZS*JQtRsrLD;c6X@dxKgUIgtCQ7c{Pdiv7zO<^bk$A|gF zitz#hu6sqSEzkYFjUfy13Vm5R<7+=_)2rLCyJPng{?Zz31*9hh(*L!v0EAF~Z@ppt zUlq@Pem`0^`OOVwbd*n&PxLl!m~gQkEwSbC>n| znVlcoyJylxs02V1EXuK~>i{ZcvEKF$xhbQL?&21Rl=NqqPaCXc_d}B_y+3bp=3+9& z3LY0T>6?CqCoX3SsMZ4wFBfse>gfFdeeX@C%svIwt-2#`H0fm2BY@Rp8=eV?jvF%s zjzw}Hy8NF>tWbA#6E=_(kQ?{C0ii(C57_R-nSClBiJoV@_jh0{_?x7!fRgDoOH|&U zLxDFxDlVeunSDSW$Ak)~N8|vdiYYJeG#7v@On%8`-Ym{~sSu#O!Zh`v&J`dXet{$& zXhf@8=ayOf_kjwiz^`ghDLi{;%7H5uy^9E-a-e^&_WyIUW%#L z)mEauP_py(qm}l>){pX?ZNdZ$_<^TN~|9u7i`wIN`75MKf@SlDKupa0C2aa`| AC;$Ke literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/desktop.png b/docs/images/hedgehog/images/desktop.png similarity index 100% rename from sensor-iso/docs/images/desktop.png rename to docs/images/hedgehog/images/desktop.png diff --git a/docs/images/hedgehog/images/file_quarantine.jpg b/docs/images/hedgehog/images/file_quarantine.jpg new file mode 100644 index 0000000000000000000000000000000000000000..5a324e6f9774a353c4cc542264d3b2c8afead03d GIT binary patch literal 40316 zcmeFZ1ymi&wkW!AcXxujyC(QTg9mqaw-87OZowUb2M_M~qdO+2`N; z&b@z(_s9Ql+*;lAoF!ALW>ZnJ_#XU{;1;$hKc?TzX!u~;5xtB{;J0g zW`Yd9eg>Z$U>F;G{Q^Goz$g44KRPh~ZVL-g}0LZ{{!a)3y{-z2ThlGNLfrW!dKtuvps73$PQ&5o5P%tpi z(BM*Ea5(@P0|xUI`x{s+Wg|EWCv1+7G1>5xVwIgZDifzvoW{h9_7>mL~WF*!9oGdnlG09sq$*xcIQ+1=Ye zJHNQRy1u!+yZ@!vFFpT}{-)W#=!F5+3lbU{3L5U0UJ#HTzZA!ShIz#fi}^+w&d3Ri zg5x7RwpdJdWhVk9r^+dgvGW8XE)~}r_1Q1g{?P2drr4+dN1FYq*gy3G0g#~}z=H>c z0T2bW=iE{V>&Se%s>tM|qcx1?>!d9AEq(z!GKRG8Qqn%%k!|R-p;CFu4#7RF-eYN0 z>q*7l*}X!E$ZSD#0X12#m(bT_sitDnHxx|t`E@mfKY!xzTa9_<`VHm=A$^NlQVjM$ zx`_G^pJg4ffki)Lw^lutFFkwU$FAR%WfJiM2z0`Gf;N2tv{OD>{sptClAF(C!8JO^ z#7{gHm@bevVU4)lDI?P0kYiaiEB?zLXgR7^{C!TT4TP>XLnFFBRfHdZMye=jcvoy zO5sJWi+9%OpNvF*BmNggecM-}8ANH*&#u1q^%rp83+LBf0BgFEFMu}$q9+3{07B8f zV8^_?MUT6GF!;yFqy1&9$3GBv!7ApHlU)t?MSA=}dG0PIz!`qm@_yN28_h_ma^v~c z#GLqa;tVY(6uxh-({$EpY3ls#$8Xf-jW$G->^#cp0mn0AAU)>X*YPFbH2 zN)*k|gkNA+-8IcdE)i!Z>Z(27R1xZCO#^)&v|u@bDruU) z$WeOGc79)aoD_y4MB1>)WBko)atuWHOGgwlp4R&>92j#h+z%!|* z%K)NM`HrhZz2VyYx!kLpOaBX6%E2%Umm=+e}mmT!!@& z*N4*4#>cT*yc=9^=MtssSfawDZPD{@TOM0=`Fh%03wD#15(*h#i#Fy1o)`$2Ff|*@ zW960bBjZf~$d?-xG~c7c-wUCljP!3&ll`e)nQ)-NmY);pEXhO-NSBrK$FN+}5mj+k zf8h&2yR;Mj)AB3iQEU_D={f%2G!R{5KD~K-9J>Qbe=m8gI7YKU-Cc;54dbp?X8QcP z_$#q9_NGO&{S5U?G^m`yJtjf*o36`%=;ZhIKO3qPhH?SPV@(sca-&baV;a8QojJg} zK~W2K(XeA!v78{{(=gvs+wsu-1b?CsC-X`CmBo9(lf}ReQF)Vg@BSCS=lbr|iwn`; zmC2n~f7ZM~0(Cd>8YqUYB?=F>nTwcpFi6Wg9RXp}U|J_K*@MWD4V^mlQ8~v^uY&)L zO8a!>7SEVvfPxo*$d0{Jvu*NNK2sb0xKT`QtWTiZK73r5eplgnd&7rGlF`Jl?VK~I z0KvmBpCnr>f2#a|9uUcJ+N;#9c}Pd-47zJ>(S+cdV3)j{#>+FE{H4XUtVJzp>#LKzzIpVf5km>o3P{*pW9%lO=m64lc;N8iz;3{v3(sn`9;$M8{eA z<}=|!((4|N5$;)6Yj_vdy%X&lAf+4d9A8!ux_ZtI@|*i?Fj9gi^#X{t5?y`%)a+=` zE6qcDYf*nI`Yg%FdW-k`d8UZ=(O3M^VNdG=c$SHg9eRd&0c3Mq1784SZ=ZKk>h?h9iyVH>pjih2Axw1Eih4iogNn6=Oq9AwFNaYgCw-@WSwfH) zEtJJ*=NxSt;PSdulc^^5@dYrv;+#|+reu@uH}Ce*4T~l008%LGEs%^lO8UbL)itOY zZOPJ(05cTtCg#)w>tNSO@B1jM_k+sh`^e?q52D*NPB!J^D$gyV^hhF8AVPupmqFG53qQ0M z4`Ot?&Uc5;`r#7QguGV!-nl3R&8bEo_SWE;AV;kpPyk?;$1T1M9PH^4U*n-5F?n#n za#)0>e9(2|42bSfrK)T*VUtTlTyvD~_rM<@HgbkI^q!NRP1|iJyWqG6x>;~i7c`iK z4^4#i(O6OGojv~Ch-%k%+e$2PDOd&-d@|u^Qx53w80hobX9qRqS7q5?InlfTnAJHM zi7^hQgd2M~hy;6^g0$?l5;S+zzXa04iL&q$h~z|oB5s?fipEvB0gTO z8ZjAFM8nY}?4wHdIi9Nd_fFvaO)#y@p?5fJP| z1&7HTnM?S8I85F&xrru^JDN*%z@xcKHHg0ZloMNJfw7K)rqSXllp)0ABqh|38b&C7 z6K$Y9`;KL!stzr;(v?(4dRvM;5Q==Kk)XfTbuMw$T4v6jN4DIt$Cdx+ZEbCL_{aEH zd8jF0GLwIv^(#(iGAK|@j^kiw9J>Ue$WXlz5?RZ&FqE&%l#MyqfAdJ6=zd>=t1QhE zbUs?;6-k>yM(f0Xu>1OvF*~;JEORZe`}yJ+f*-0 zU$aHC+ZRCcQ(|+v#H{!9sT{&&VI-+(yq9zDG#y+;5kXO2-E_E~-MFb)gYzbk$s(PV z#QS~W1=zs+w3Gg5>qEV?splrnblX;hl zh2Im}DSSVdKOxpTNE54l4`!Qz4f2@(*_TvoUquUS5>c;7oXipss%rW^aBqLIr`l~( z)C&_YF6PL5%jel<^hwzJLaz*4NG)>@d?z4=>B)lB9B=}gfEc0v+Z=Bg$K=Dluev_b z58d?7rh);+l;-9%Qpz*IXDLCY`_u5dTI1c-vm@Gv7r?m2T+hiJ{*mZG7wh&+c&=Z6 zP1XtcrAM!Ubv-u?>ydNuk?aLPk&yI=^a2pGo{oDK$-d{kENzE-0Sx4uy#OG=G*W9b zd8~5X3?X;OqZ-StS9_95cnVJ`_$NTy3qi7sBpvQ|ifDIN`Hj*psKc8w2qMe-V?(=s z0wM1g702!!&e~a4w#fyZ~6UA9wG3(RS4F3=@ke z(h*!~hR5PTe54H}Y9~qK&#v#=f-kb0Lm5$WGS2VGMx()bZj?l7Cr4&YY^BclGw+hf zWBSkvTlIetk^aRNFr2#b@WTkFJBY(+>T|zsR4aX~co7yGFbbb#Qf6T93*3~jjn3Ak zXa?CY=1_cZylO);>fxv9HWE)VMdIg;r$wf)M%d4T4a0>sy+O;Fsjbu@= z3_9&CM8XDKrk|`^m~Nhg9?$j|0r?Anq4Cd(5J}fM$!mfLUW7Zt{6;stJ0!w%i7TgG z>&tZx$$Sh_PBoDHH#kNAtS`I3lDI9-i5v25F_usG7RUZieO>+Su>b6fudow}|5Ww& z0%(Iak($|u!aXIJH*j##-X^|NmtWB^ZZlp0lq7{uo|2ECN>_*5>$s;Ez%HZBfB4WU zKg2sz9tnLWIC}p5No1$N8t?+xRH=FaeDvE@&`}@JxsAOtpMHkf#a5OyeWxsm4fyYz zD!j|0vf5H$SzrG*?RNg}cDp1*%(=$M^7>)fZ^e2MB-$pb-TmA9uytdJAEtgOD669t z&W>!Atc*zdrvE@8r;5pa;_2*uqQ>w2hZ+za#Nw}Psb5)BmS2CXsaDIID$KHXv?R?I z8OGlS(GQn;Q6}9Z@@lI5eem>6-8k@F9NAFnZfc-9dJ2fU@l9*nC_TF5%Ug-d7sNL5F|OA} z2aUl1ORP{`Z2^xb`XqWbGWTKQs$fEQJGbti=rkUloc&q02K6W`99afH>yNJcqk5%* zz6{gz6qmS_$!Dn{0Egn6lYZGRHcq%P?^8G`zMJ|JZ8N6tL`i!CW`Aq6HS27TNteup zPt`6yFm_Q=xk9;=3|V(*kIWD4>+=?-^_LL2me03ORyA*-eiLNkHR?afq)7q<|ELrD zSjkSt4s{$=c#)sy(DWf5VqFx=>kOw5{{`?mJi7O{H>tWdTEBsQs~3Pih96I<9?`RK z-V4C*9`U%-4~KX@%m4ZW{<{IZR^={~E5S2QnL#ahwWlC@vgjA+6_mCiEG;*+UiFDc zBZ^!sNrN_4iO=Xj{iKclAaRaVTYIm^kSvw=1+c#Fgzwec*qX)=X*oz&Hm3QYW^g(6 z{8WFdeEqF`ukh)?;j{ugg9g@D_>C2$ft>=I;6}UunsJbnkfwW$_D>1OtizvE{Z{M1 zYfA9r`c}vL=JDRD{pMKdnI-x!Sd<2yaKMqW-;~nB_3D~5DCY%Gkacs^-qqswjJwhb zej!eEczTF?0fguNE1nQIrqjqX=U%lqOvU~qA0OK2iyvaQ2-fLcpWQJk9|4CZ#0vn) zK_9#>Q{a7m0(&%i!TyZDX3X@d26r9O;t#ocN2M4Q?4h@4d>Oz=^IC~mx{nAO^F!KI z@u!N~>)^l36xa9t*Vg|xa?|~(94=9j#}5I@Rx~xzAB1Sv&eC<3kWanhQkUv&d~__! z)-mDNUxy*GcR)eadeJ^IxB5K$a;-kx(1IVf(tkzO=@tF38tD22Dd$CI@SeE9J|w$m zY~Nzmd$3V_SbSszuTIwN4puMrzzc`fM$y|Q(Z8Zm8iJXfe~#nVr5LmO?vL63yqgf2AC#2{kUUx~Bi;-}d0dkFK5X|5TCgPkYpiegSkX&b9AM zDS&lw_B(U+`zz}Fz47ojv-@X{{d;YF;QncM(f>4JPq4f2e>FbRj7YzAZ=Ox^b=Fme z=uR5=288=}4HMdEO+90$$OEqN8z`55yX$k$&_Y-qf#1rmHXZvJ`Y0iBUO6HN4_*~< z{rPCChIv$TS@#RFQfDmVXDPTKlv0f_M5L?Gc8r+Gi-I5QT}FQa7=w*NIPE<50ax_y za5Vv2!$2edu^@A$(DAu9`q_tfOZuA0?_!~yfi8D{x;6s!wIv?+h?!OZuo3DHUjF~@v%ZV;gd479+B^dm7BBGThFM!OEJ7q~SFq`b7 zeGjyMQ1Sb_BspOsWpa1oi_^z{lKHzNlGwi5N$0`!MN5B@`MW4#boaHaTWAid4ga9> zr#{M8)&@UF|G%V8@p67KNNS)|hgN7pQkPCOphcOZgrAYe?`7d{kq#)xU+LFhC~$&? zh5nVm;SU&CaNq+G0UiMX5g82`5eXFu0RaUA1r-e)9RnQ^850W=9SaPj{}Ji<)e;IC z9^4Qe2>}V5``=7|i*(#TVnacIo&5iZbP$8XF_6Dv0{@6}001!X(6De&kiX&}y69jO zEI2eO3K9ey6co&#aS#m5SCd%ScAeZgRvk?JP#3qN1zU`dP}$uZhoDQ?bSK;VI9L#=(^uE4m#d zeQtgurp)(0S^v`$|K28?AKzzJGoqCbO%&ID$kNEwaasAi#nQ|JrO+^h+5j2}InK`i zmhgQ3#oSavIt2p*Scr~`xJ5!l)|kcjH1EC?4t6)PUa?rje>m8FOfV#w+(yTMz{%RB zeY&`7KA{ZUDr~rG&v$)HziDUPE)$l%`dkrZaD%@#YE#IFDxZA1(afTARMicy8r85K zN-qXq%}tQmMZw${!rvLm;^dF3J$X(zK~<(b*DFVHo|)>_s*?0-PFwY`3}jkB;9E7s zU2{;Dk6LJDCl(RdviLQYW6WVWwY2r?NB*@M-whNwJ9HKBef$omIA`}X%$Q!a7}kMn z3<{y9tc$vgZZ0-nGGCyU?qWWclS0JMp4G-ZIYYeX_El&8BJ^z*#CnT;Nn(7nN&mBFr%Dc@ zCA@za=5VuB{YW$ER$e7_a+R)E4TYFW5z;tqzM38I%!u^Giqu}NM|OPn==SMJr{L9e4NX@lfS1N8LEDm%iU@g9j2U7h@gN3&tZQY(G50EcEvEV z>*|xS+x~_VIvGU z#tg)AoVoSXH4PH7RAp2-loXsy=fchM-i#_-3<7c0R+Pt`Ub{0mMRmE(EZodJ$`RYfLb&;UGAn_h>M%A_NCVs6r0w44NJ-D5+@F6t_tB_TsrkM2*m6|gZZ^~QK~v@=`cnQ>4xR2Jr2i*rnV@`6n$f|aGB2aa)NaYTI19Eyqf1VO3@i0qXt zkNqiuE+b+`MY5(CLJ#g+x`iYXLKx=^yP=fMY3q@;Lmp4=EW|`0&DuW2WO}I84#${q zN&w9HcKwY+7JYP2ZZkRGro4Bjs6T@Y1_byH{jVIjF;SwG@~`ih)n5P@6EqKRP-SbM zl?Ap`!Uu2U%p8Sy6>6_SHN2eUTPw-hOiXfX0t-5Q4v#}aJBSM{1vO*mOmeNGys8O| z{iqcL8k&6ec8QjW6u(=shBmg~MdvX2j_iab*4h_8$+qKSFFaDR*i2_4z+}oOCr&cm z4Frve?}ghHgMM&lF>`*irG2YULYZ4S%`{r1@Lj@2P&#Z^yivEQ`U(04(B{YMyXn|c zb3?{^S)LV_d9(F6Q~2%qd&1e!^9C{hi0jrHJ!QI!qp%jnKt^>I2|Q4$3^ie7Adl&` zL@c*O-dJ+=O(1vb99!^DoOs>sX`7VvpN+622DF6dU+3%Wsk!}hP9%LX-6S0%mD9|s zeySZD#=bSp9c*PGPc%36%9Ik$YisAb@5WE-rdWR+`S}a5n{K}4Ge^KX&^r^n_v9Nj z5)e@?1m$i)CkwumRms)k6UKPzqr`0}u&Uk${iGYPYg;8@rvzJBS|v0ppK0g6MARL5o*qwIgXF%K!7?{B?aljD-)3~ zJBL>c_kbs%sO)OY5ex@h^tAPFf;rS6FkY6Z9DJ)7q84IipJ8AM<)PYQIZ<-)-b51| zAR1H55ROqN%CDtdYz&rQ8TFPk%UMUQx@4wL*h2mK$Qi@S`5-| zO0G;FdXGz%mq>jZ}jrK(`z-rK+_ALg?(b5+g1htWAJ5@6ya%umz`>n zi(L`3uG((RZAet$pb0gzz*`BerUm9|p}GUaguAfe8ljcLs2r&f?FnylN48CW!|60wtA(;Iqzg`_95 zP{b47nj^Qoz1t*=PjtY*Ty!0l{&Vmvm$&grY0Tz$9kSlncIUN>eqe~!kQy9WXcE7S zWrI{i`?ICYxq8X9Pu<7kA-xwsDD=}$^j24VM$r^^C78l(nC5(^1LvnkC*#ZNqS}xq zD{h2Bk11!vi2`WzWixoKYxO=pJQtDfB9@LDo{)U?%?CBm#-7TqMOnWP8EyqsG5<6n zw@_s}r=YqpD;LCmPHBm8sATQ;$?JkH8k=fX&Fpre#BzdxQJKVq?-p6R=M)G0Awxpd zAjYb+=;|o~fsib+@n8hd8%Q1rWSrT|RgmuCqAD8N6m0SWdCDS<#-h`5vZ%wQ)Z6_G zm4#_g=wxw>4TtBZhCc6=Bu!du%b@nTY$(0fP7JATAEgmYUp4)vxFK?QMM`9$eQU8s z3xP~K+mUyg)5KoLseXO?TZUdx%!X6v9>(OWE8Z!W7l7d!w_sn5_2Vl3*eCG%xKJ^3 zAP~SZO?rM)wwS|ma9ts9!Y&YB9P5>{YK(l?D%yJ9qeyU|U)wA&+{&IADOaMBR-~+K z+|Y1lYNIMAO=$VWTDI=nAZ@kAq;Sht@=$mCouXguy{P!T7Nt=)`v$=`JiriN;oxsMW69(aS&fq3|kzKaXKQi=&s zB=1K!A$?OW(HEbNQ;1`LH_T479{WDrQ&O~Rdx4|3TTkujGSk{rpX=_y`9x-!psO{h zkxN$L=mVy?^R=G)dse*+9Y@XUyW;e@dXMTlQ+dzjwPqPd*fnT6d>0T_oWATKGfx_Mz@UWl5zwa z2L)myff`75 zdFzonvgaE(G=e^jR%@v^mfL(o$|F9)LLhP9T zuy(Wx4l##b(-Sejx?eU}_gL3x>b%cqT_f|?mX;W4e_dv{JjhTjUO48Rf#4wSEN?3C zZImE}aFH7$6(@0ch?11%Y%&jPyQ?_Go0^M);FP9*a0QN_)Xw@5`L%pg- z=(7zrkk@NbYtf&AcC8!jidRqOEWO1@0hFmCP zpx>wIg{#34sW@PYsaK+Sr**5!z>oON@c2$jHTLZ8+wblK1NuMkwCr3M*0@QXW|0Qr zdfwpQmN`K0@hmJS&WMGF%r;pcNxBxt7u!L~Tc>xc(w5=iG_p_42F9?eM#k(bN|=?r zs`Q<0D&(S$`RqekL;f*JpgNhx%+p8F1V)!ZCZ%@@R;m;&-VlDe)wbVG#}9X{H?P%3 z-;E*P+No7JDwwEZ3bV@1+_{uLa*E?&dLOy_d!kHbtf)mQMipH~{Id590pYlIbACD+)oO#K)AL2s*56G|QQH(a zdk1fH72`OlN@Gf|O-;plR0uRmI1**Z_S+Vs@kN{%xdXC*<@nt_F94Le^>M@o+lQG2;P?5n;JN$NHw4oPsu z+pL7p@b2}J=IjqfiB?~ z5c=zW60Kn@j^ZQ!2pq>E3JW}W0>bYi%KnrpSJfo7c8@y2xUpAdUem=1MSWLN0>t+1 z^0I?7DL;m%WzEQPm~{zEEeB~#Mof~Fu^0W3uY;s0K`#K+mcfkFiaI0ZF?X}>Di{2Z z3#ay85{iOupb`4wgay}v+a5Xdg(mO!XOk=6-kP>+n$z=1jF9Z&@wJ}RO4(B;Fqe40DTeFFs!c*z)E~snela6L zZCvSMxd2k+&7!40tUptpFJZxjouRvVYL<~x+o4xsPUwnQ)#}<)oxY5fOKwmr%Q?hD z76Z(b-Ylg0sEgajtvZbJiy*DpGq%crq|Y_uUoMwRSo-MnqTpTZYqUfD`Au?vTVdw*9OXJ>|TcS z&D`tgRCaY$ZW8kyVw4+^iw!TFpmkiL@hVeul<7@J6j*1Hq?Z9ck_G1R6X#`bDy3 zdDea3)S!d7)tVyk77%*vW!C$+CsFjKj(g*E_5Yf4hS0MG{d;ZQ`(OY+PsPuRnU>~vP&VLZ&iHd4V3Uvpps?j3XvSPIrWSwwHATX^}@KJ zuiQ>)S-K+0q|{txcj1z|;xD^&fZLU%a`J2(BQt#YXHJwXE0$73-MdVMj!uwO0Z`Hp2*Qs{EK0uJq%8 zS9iB)hyHeWlAsu>+{R z@K6oEuUR)^+b1nic!`-C+s_G8=PoOc?Wr|aWV4uU{C-O&!TjavrA~o?c}6dQreV1| zRkG(nc}#w2Bo7S9p{F=L%G1UDg%95xyleAC@TON7wWfGjo;Ny$|11&sTLJz5I^SNy z?!v|xh8;ALtG02v;H#{$1K7|K0Ln)4^TlUzOnPl4PL$QXvzcc=)ClUNaDhV;b7wWn zoRXbhyp)fqeYU~9?ir#)ZAj8kZ%exD{=B|=I3`#TFjaABsi9?~B%=EuNa4;*WIf5- zHoQ1z>;xrLO=%oiupl-_e39ea@hqo#E&nsR+o8nlKKo>UHvZN?)w6wsNtD9~1}FvE-Lkxh+QV zZ_4?=5oWLzOKHWVpp396?Ga8ds>g4l!}m6lsh599tekQ($qMPF>@>CZprt$#B;{r|;I+#qsvxMT1xu|%laCZJxKnM5!# zQxf|bCx1NGE_tTRQMmp@oS^%d_X6my$avmn&MlMt5r-6yeH49MfOjP_BJMVL0#bYO zi!ZZJdICOYh3FajvO6*SXZsa0bMLz}`&l0%9Cx^<5~A3?*F=ckXodPQfcO0@(0`I9 z|7gEX_bn1N5SVL7?R}S|7|xQfRa*V})5c+bcL+$iTVTUGkEL@)h56djlL%$sArVk7hTW?f%ZjXFbaAd@+7STjROn8hP^F1$OSK4qsggC;2u9RFhF?$t zAzg1Gq{EK&;6|7ucuT&oxs5DgqE}qeP=49u*Z%onLd^aB1B)K&=K{+KUtV)k=_SY+ zZ*I)OJS~hgrs*B|Xsb;i(8(6;JLx#v_2qIEB&DC?W>9k>oE-)p*>I9M@7fZ_dobGN z1e73h6{!}f2ORZ{hV4oRmA_G zTQ%H1-Pa9tzPsm?Ty%}pVYMFCMndYN`of7qE^)}wqV4xZ!xu|jTDvrHLO(g?OPK)N)`eyx6?S2{BqHCX;Ak)i7Md?Z2=Wwa= zK`Nz|(Jhy{IYAXAA%(Te5otGiiiJ*h#a`foHxcL<3!TZNI z{rLSYDOIl8Di!T-Z>dz>vU@RswrPcTUDO2TT2uqkqCUcSwCz2!RvGL{;&VBD0$-i1 z3iT2`*8ou)V5SI+-{>DG(Tp%s9;vM;bRZ=1fBj@qrRbC?4il{2rK7l9N2mS}jrjxX z28Es*|NDfD(^hOm^>{wD7pBWV?Zr-(P7In<_||B`l*WT(VrQ-cN1!V3ggX@)3eTT8 z)&z5vWrA9HeAZe+TO&;&=Y$U#DR0w6d8q#w#$rALZPcI!zZTK%L(cSG1mA%|`ASSr zs1+rLSOGyS{1}TfCDRzw#k>%q&!dV3ZB0OFT`Dpc=yXytC#49w_t+G2_mm314=0s1 zu9Y5GZZqIgctfmB;qu{KUr{vonz^Ab$9BCX&X4@tRPi|+g?;&Vg$k-W-Cxg@bmb@p zhU-#d%u-y!!P`P_6RgIsAM9cSgEPz$N_|#GVXyUhaMPu}A|&%gI#pWYYSZ!5de6}m z^5R+4mb?S+$hHW7l&2#XuDu#^DN-x?hFqbE(wvj`Tq_fIU zQkH1@ciVVRB!!*QJ33G}3p#IPu*f%IX4uj6Z00Uq{mKE{zUrdctKTL!A1T6QzR986qu@%&>u&f@m;6rt((0^s-cx9 z>QOzUo;$HGAwoaQp?kQ1w4!~oaJ zXX>J_lb(_n7~sNsJMfu5O@S8uN8fX3)r*Sfnx)DlM?Cw`J>rN!M3_$$sH$6%T^sSHMww-SL z!NPI``{kWhC>wlwC!g$YvR{x!;MW=?mQeFo{urmLE;Qe|&({N8{7OBX0y zsP#%)PB_(l@7bhLK(;oWBcyDkM#YHai`kqMfg)pap{bdZMg_O;(jEqty9=$bLF#&Z zDNZem>?nmO9J+SF;s!cbTfEG$*AWH{C)bI?pEpn|o)7Lvo z+c-F6833|ra;JGkc5K56&D0?r3v@kUk(|0Q*PNli;(k;trwS@Vm6i}VaD+T2y3Jsp zS#UtD1GMKFMu(@6e}jrI#a}{}qYt{Y;+|Jaro!z(AP=ZG`;v_WgQwBcq(P+ZwxF`5 z_SVMBO+avZjsnw-@T#g>Ia5Y4XVN0mRCi-?gdSHrv1tUN?6^U|`3Lu4pn?s`kKt_j z*d6>&lk;c&YQRfIR;*Jr?#1#42zuo5hq@G0xN<8=xtha~*WT96ntNU8>B4#x6n~4XIp;gK7$<%bhRpT=RW=^5cy@&H-E4&LG*(hRhk7 zW)a=J6@2!MxAh@~kRjcG7$TKOvnAvAYN=(T!6%UFxF7AS9obdsh-mUR3qM+>tqF8% zM*_!GS}S-aFbYERCatbV6m9FA1%~^w;h3!zCO%%_Lp`7tSj$@z=D4JDs=DupnRV)a zoirEJOCT)M{Wt}$948)o$yH~?&6BiUcwt*6p+7xvK3u)?O1&bU>#)|EjYpCb^$1|0 zH=C}9sG)#)pg^PMlJl$=D`Cw-N$%^|>li%m&Uq~53!6l!m2D-`6>`o&0!2(ZzP+hY zUdF5JRq)suu#G2P$(EYrq^-i*+;?j{n@#aGOwD5kX3$=gZtB~l%$r0Y)e$!V_yaSW zqr{u>@*!qKk9|HYEPP}dr6{B+v#PMmRsG!Z$`~42tZyhjYMb`K7RDMUVG4_0>@xO) z5k388+z2Yl^ubD8MO3n~AtN+Wk}*eMcW5-hRHR#Gq_^52H;Fq9`PS`muXkUVsHGd` z8ARY3C`ga7tpQAa!vWGwP6G|@z9ck@3fb|Nb#Dy4IO8`dt;RGEi<|hT>1T@G_VzE4?eoWN5uRyNDlqT79Rg0* zV*`Oc+wZ%rp_7rccVHnmzUciZ8Xr-}uXgIvr<3q*wSGJEu2=}n?x~mL~Z6)Ot+)*dOdqdS+i!xx~(zTdjC?Fce^Ke8< zNs52AxXz*h)fP+OtDmj=Et8J{;*m|)L7GH;g?Ft~1}>vRJqu15jYP0US(r4QShQ5! zSh>m|?fgw(ZQ0e~B|m7oTaO*)C;XykXV zTlG*+Y9^|Kjouo{e4=n9Pd{BOd!u<8J6mS~;@nxsT&X=CC?7O0Sbp`M(b`U1ZJ~dS zQ=}Pa@vU+Ae4&29d=jT*xEP=mawPA1{m z5Hth1Xn4))38b1aJgYeWkD7o2a)cWzWBJ-NLL@DpARo zOn0K;mQ+Jv$;(vC_2W%nLsL${*h~*;<`3txvzVR44VtmC@iz^h3nK3^q(oMvQS2pB zpi!N;)B|>ouzcV(+@_IF0sLe`=P5$U%`Qhlgz+r8jhGRuc%8#(;GJ2ly+AFgg;8?R zLJ<n?1nb1F8D;uVRbDB4@-mr_2rsHNnjUh^=xM{>S}pXS68bzlByrjvn? z1mhh5Og?f~v#xc9lYb?pfGRgWxsW#vGDyuDsj9{BQKcN>7)uXgexF@vR-*i|iay!H z5=!8>W_|Zvm1UB)6-RCc-uYoHrLq$N)IkvA0lcF?RBB+f%POxV4`c2AU_E323uGRR zkGx?1bVKVmDRU`_1gb%;7;~+|gmyW>%NnL(mZm`#Se6wlW=i{I36n~(peTP(U9cYU zPfHBm5Jyx}RpwcqpPIBi4Kaqs%oDK4=DB^*?~sVlb1Be!?H#pd$N zmPsh&)x;c8V_cXrPT?FZlsXi>Hi07uIXgR7n=hIwvov8yhK^L_ix8r<&yRagi&oBL zU`&KZEs!K_bAcG6Q1gS)PAC{JKVM2bzsqh?YCC5*I?XUw;;A?z>dwk#7@hbo1&V;O zijzI+YJW;>Y%EoUux|ymX`VTJ^^W-STBEmdUWx{<1hej@%28@s<*HeJzd8j9KlJ*C61ca4h|+{=tNgY{E{HO?0$C5yP|*|a%SYHT7d zT5UhaHjePyE)JWeGo^nuE2tGP`wF)Of_@yquk$0uNpNM{W8W0eouI8U=I*Xy-_2zm zh7S+EPQ&?8w#>Y6{z^J|iur98AIoVY0Z(XN?wfBR7ob??6n7Z|ak(^w{Av77h~5HS zsPA(gd{_D|xdBWgHNq=X4)9i##2?*rD)8?FjuRye#^rBgA0&_i|K_7`dI~d!8?>&t zjSA%j!8@zFoP$3lL~ZkUNUn>j#bc0Xd8=9{+LUZC{lJYfN84_tdiAVQ+hlM>d;j5; z+sDh^o|6CULkaKb0|W!&_G9+$^f^ThzOJrGwim#%IrU=^c&m+R0Rr(SnC6h2uUw3y z5yxmt_)dDhwj!wkI8B0|7m66Z0Dmr9Y5C|WWSYKTD0JX^fGHk&yGRGxGXd1Db~(X~ zAM3)zHWNtIW)>&`qT#rnP0(O+xEbV7nx-&G?9g(>i^PUQd$y%xLmG!TC#ErE{ zFgf(e<(!bbJHxv|gX^glXY=+)eL2#oiZCV@N`g|?QEIF?=Hv4c^9fR};ltT0CTFb^ z7wM~}p3Wfzi8z!p(S_zJq-P4nrhi;Hn>O)$VI%v%S&S39E2y2`En5;UG+q3#ZE=#) zAH^4?>Az?LI7aIoDi~+wW;*eyW)bz*ZkI|;91f?DvxrUGi?L%G1d1@H_}!8+qh)&= zMRV;Fy3sdA+4v_5mq}5(dW$C5Zzj}ex?yN1Xs8t`e@%kU5Z;B1@kb`rFS;C^8Wnf@4L66sTGL>fK212Wg0kJ1|fwnU&Kw z!tS;z;*rZFCbOm1b|kf0`64A=&o#r(w%SK{1sHr?o(`D>{|}etW46msv{_B6WF33V zb351t49fISDzn7*+Y%DW!++{fgp8SG?5tTdE{5pY3Qg$8&h8fwk@X_Mu&)63M@t?xw<`nXcE5E5f2#zyL&q%{Yl z!O7Q<2 z;Po2%nRti}4|0NYFx{f7t{WRwX|W7JUxy$tCf^`@GO}@%H{KIwm?&`L?{;I>bFZz4 zvf2=sDfu+?W_PG=#9){AUg=SIj}W9-53+x%N~7-`Y;=@(5W74)?3-+fobs^Z$l^Vm z!Esr5XmnVrJWAJO{P56lynwq-E7l0gAT<+KiL9nEtx$;t|A&{D#IBjb)p@;W_l!-Q znzo3_`EMZpraDdbVc+pJuTSholu+sVSB%)M3%PmwR;2dgL;2N3ea0s5S;J)?D$C?1 zJWSqs&|jN~k}9ygn!}C@+3=B{-hqBkPcI=IlUKD3qWnQBw^#nw(kUk^k8p9s#kx5K z_Hhd;9gngjMQ!0|mQlFk2=ZeSlAMko1^MuDKSn&gyHnyy!KymaN}!=I2B?O9Vw-Kt zaD}>+>Vg+2HDN`y?Q5^&dro-Y5-^FojAK5L_~7Wru8{^>lRYs{_V42F4n0vMLYzkt zeUmC-MX2_wr=h_hg@vs9GjNd+Hz{&PfJlR|2-`h1&XhvObfbcBf*lhlb<&C|=4(w# z692_c^(#SxTL<$=X%CP7bwc~c!JjVpL)Ix6&LQNysRFb8C+(C9Vp|bM8u(U+iU!lmg-aVO$N0K zZJczI4MKR?{I-(?(J-T#Mdb?QE&Ym@H%wA}shHqJgKoK2^=@AP>sx%qcor}t3Lie0 z&f#cOsasXxJva80rhk)8h`821s=qQ&#L4${bljFJ^Vxcd)sWgx`qD2Ivmc}eMcjS~ zr{(58R&yNtH0$>pgX!Fb)Vh6q<%PXkT;w9A&`mmlbCa2i3BX?G{i_q=%h7qBUrGlc zREGGMA|KDK~9 z6%flb*^!+0A>W)?^d@go%2JZ-B>%9Yh9D!&4nN^-qAGCt@DU~tw_g+#xXU;g=-`hq z^Tc87-+Pnj`H07;#rWgiJ*HmlQDBufapkzbcK?`O&<@FlS(q5IZj;ta!EA)n17{pq z=!>L+smI7#gL1NapHz{RPY20*nY*L-F)%5C?{@9UpiX97X_Sgmyog8rsGkS1f{V?# zwMseAm5G^l4g-3wEOntIN?4Hm$k$O9)JU)2If+5lFe=8%@#wJ#9cGVur{qMg4;zL9 zaq2zs3BaMzJlgf8&^Y#P6l03-$OMQINc`@ZH97lAOAx2<0a==4{3eo3V`8MWcos)V zspcKFTNDQfHYpu@K|cMt&f%(Ay%4GXrW-rvO}hZVx(L>y-zYHd#Mo}Osggf-Ygu?= zPb{I^k<;$4jh-ME_WflM>$c>kl`J%el)kiwo5*Ff02lpblaT&r$sVyc>V*riYn>8i zK4Gy5cDh6Bnyrq}k3{mlTP=yG5@LFuiZ=DxHeHtLf%=}7{KjOh-j%YOTG6#!_d*&p zgG*;P+tI6&d&n8d?!{VUv6d8Zy;=W;zqffO@!nQ)O3X9?rs4ert@bJ~86=F5g!9Bs zxfS}%Wl;A@&<`HNilDHKW4k+)aKYb#AR%OYp9JL{eAoqXMuQa62$<(}q131js@D@f>I9+5Y}aMJ*W^uKK5QOW7A|HqXtcO+lCy5vyz`n$*HJc- z!p+`Rp-fdn!&vhZgfo4pHM zekUxWfjpg|1Ek}xX9(j0!NVW3Kqlh)%jQUedT4%fidyEF8nI{Tr&~qTIPR#I1N!dV zX3Tq^WmzJR_i)y$T;!8M%l+PN%zUNC;-A)wY65K#rk&MNAM=!zs6>l#14T1UehFF_ z=nJtT_CZQD3$Esu35HoJ(F8R^lFH8|h77Q<3Xxx%6+qjKr;w=-dsbF3xjmvRvi*J~U1mv4zKP+l zEoux5G0IVXwhNk&_iK)&#d%_Uol9AZ(Dn&~E@gVwzJ9#pNH51}=nRLux}V z`LG}TC8s?+C`aP>EQ~uHd7quR$tNOWdBO#Nf=2}qJWktSZ~}m%*eM1D-Y5?!7T;1a9kYs88m!K;40kF zJU7^8QCn_diL-(>Cc=n#{iZ?5wS&>zp*`78`SFO8uv; z8zL8)+dCFa0HGGc`;97266^+kI|4$4#ws(f9mwgRsa z9j(CE%H=D;wFZXvS{|lkLsfh%phHh^$}uU79X~;a9RXcp;TitgP`jk`gr<{@|B9pO)J{hOA-N4O|+LF5w(iP8@Fo8 zqRF*Z?5DN7q61%5*IOuM>G3Tt2$73nteU8efrBG-1-Rt~+pIS$cYn6>SY%Z|8Gr6eox@J90vNbeeA!XgKKrhSzh_>KeWE!+#Pl z(CeP!jW(~A)Bu8^aM!A^>V)w%_H6J^DFzkLnC^1%IPA02)-OH@A2BPH0Z= zTVAC;;G|D-sPn}iPS-|K^FqbYaMy`jbWd;@2XmQ5^f!he43KULth$Rt->Gw0elIPV zBUwK&dw*4)&CZ^32%Ds~$;8B|Wa`4F`~KO+eQ)2(1MtEizcGb(l14+JmFB4X6ided zn|cka%)n2>g_Wu=4R{>IRxOdo zwq~(A@se<5lR}1)w3w30*@#DTyfterJ!gH-DbT5<;gg}fe)|^)3b|%tYI4r#m)|S6 zpbbAfKebU6f00ROJ37;;G)8#pLQIEZ#BDeLU_iX%}Zg}T1p-z_= z3~zlVbpN4q--8y~CLlbKpoG&9y3P>PnuKY4IWjcqs*$ngJyHH8x^rZ}w?)fdPVCJ> zZRiF$Y^IWVlIQy*^W;Yw8oInAxWA8IRzA+keTvK#hikKf^UbFuHsWcV;S^o$6g$ip z`}Ugt1_wEt9byl9?ZVi3{SDKbCo?WXmh7+1axVO0dfBZj;y|!Un7vo%4=N4+y=JR5 zbd6NS%&P{nJ=368=h=9s=7VfjBydBtTFFF%mo?Y#X!w~O(WMo2h66P`QcgtluS*hAVTPbACp$lB@}R=FvrHJ%riylobCQWAbR^j~l*{EJ`ytRT^LG3QY zhpH?_CZwG{vfS1aqXLg6v6a2oEEo40nCg-*F=_A8$G=7YGWh)&ND{r@OlCgPeB`I2 z-t>symNxqO`=%&3seG`ASAxk7il8qVlL-~^QamOPpRd#*S}>h##(v20!vu8CmeCXTA-w?@wQ5wB`Ai2sWF9BYh%S4a4AmFSQR-ipiCE zsd+!WPrFtJ8okTf^sGEWa^Bs{_TH8*mASUbT&w5Reow1L|Hdenn>oR&dR)TC3cd{q z{v?<6;k&pwBp@N{>bdsFWWe`Z*vxFOvHH)Q-x%)kw7c&;-VKtICq>*I3OwD>48CUN zSKTJ!T~#J8HEb^xi%c~kNk(~BC~=ZOvTBe(=K=W?7bF#xZPWYu;YmS2b0-2pWtaHD z9HjN&HwHWDgD*}|XUl0)__lU;3nG%O&V0X#GAYYmUVUQMrFj`Xg8p!uHZ2&ETITs% z^`;i8ofK0p{Mg7iJQJAo@TnSi#&>~C>l+_E38{O(lzf74C<2Ft-jZGm=jqr@2TWOi zHK|ugbuuyT0O=e5hjGhByoiG z^@@>3DJ;yo6cP;lABK#=Jm~j%`mM6#jJJVxO687Pq^{GTCzXvN6C^WC^kOv` zuYtsn@{vk76>EV>xlz&NegzBZR7o4D_`aTAp&I#Ws$Jl&Rk3qp)r7qe|88h3NcI_P ze5d+E+2}i7fsj1vo#VfVur}>oA21oETk|mS`9R-OCE%nGCu#HbIf!L~b(_}~p1FCb zh9HGqOaKz>`6I;V(Lw$hA~kmoS^}r2SgDoNFQi5}S6a?CJeC(W*kduM2~?q-wXy*lM^5SCOqch;nOkKfcyEo-JVTXhmn1z8&pMds)uot zw>CSQA9$UW8=p#OcjwPq7?h2(o)4vCDv7nSQYD+JGblVMrh-Gz!0c;gU{m+LoX-fq^9n1#Pm@J@M&nwJ*t0tkBBd81|vgwoVanZoG!+8LcFcn$p0=v66U| z?7&oZK%m!hrU=7gH&7*}^&k+*qmKB~3r=!YFe^&h?EoMmR^GZ-Kt z@uQyA6z#-$8U!Zlb_2vAj_B=qmDTrO``px#fmi0_H1qLYLWCMXf%45Uy2%U0WL{p92 z&&CXv2N|*7h91>z@&b2?z)g}nm68Z*sGv}Tb_tPb>P(qS6UPcVB2yT#ZRS(NyfUBh zeWA>uZWeV9{>jY3-8@D{08-?b_mR<0?NgimvZ15Mp;4S^M)=eXFpu7(+#xnm!@aR= z1Yl?rSc~uK?n?My?m(8oeD*;YrvPsB#l4 zH7Z01%e?AI1x*_Dcz&KZ3p0PO``L-H*I4EkC-U9J^C+()pt%!pQe8jWeQH2WM>f7DTHDrolj6}SRF6&FZwaUdOb+%L8Kd8N<>)kis0{5 zX@_o`T3OES4`&Y&BzJU?as*{WdD(~KfXMOL7CJnmklE}7cy4R+F%@G(rmeNmx4C$f z&k;991it~+gY@_g(T#W7GZn;Kbu6>%t*$^g+T2lHArYn!BPgUE8QaVtkVH9_X}pQ9 zTfoA>V^oIzRpx`O^3B7^sHct3hQY>LczCKq42vaUtFS?mUvRxh@a8(QeRL^9Z;|le5_2HbMTz&bh}heF&C!4O$ls_AlU zj1>SC!#_P+p;L0ABmb0-a^g|d1G-isd*h{tN0-l$&hTsA=(OA-^D8aipwYk;+m0mf z76`LQH@o0H{^l5JI**up!nipsp)i3~2YC8au|y_nI11n&V|AfXCn>|NHwi1h$ka}@ zX}|>1cvy(l=~vrf#;m+e5tPGU*lEISQ>vIPkW<@Wn#ewC)KvUD!l`Sg@jC|lPdZP!GukhMJbb6f6v2{%} z9f&|w*tV~_ix}~qXkR)aGyXu!7Lp7W2YU~tON24bqutz+%{6J2%q%elQ4F*Kz2vaA ziE_;b#^IzlSrY;h+rb<93tEZSEuu6Pp9y-f*^{2u^U+acmcgjVc=w|d;&GXSj&$pL*E$4tM zh&8PZB@re*X}p8mtPeqgS9A_>YNEq&xbB>K1_7STWO~wT&&9WQ*S<4`@Xr(8!PPLy zYLC$bR1pvM-aG^q#U|)hTZ>pJg6L)oJao-BU}RnfW~EYIS?8=B@sBm@;oD&(bZX5h zfRrWguolO}97W8unWG6~v#gnVJNH|b%+N<$I;{cE@ZCEeTGg;TPaMOJNr}in_-;Vw zoSp+_AqM3qJ37|$T)Z_fN~q?0=i!tms2G#Dswg$R)MQ<%GE}&!qF-hNg}_3rYLYmC zS-walDZN7vU)gHrE_^GN1e;CZXy?sIAEgN)4J6y>vss@MVU0h}VEI8LqG_yc`F$K0 zP-H}j3l@XclM&K9ky=KFte+3Ca^t4-7 zI)YWys=GBMU=_1Fob?cjO!~~zxUz9fXcMm5=`MKNkII%C>r5EDW^?ZwQ$F#J(X5k3 zqw?}efNz|JPIKM-acFc&|CK+ntxoAg?R4(OR3Km^QjNxxioQ5S-2)PditLiiZVPwr z7fkJ1cJjO9o8oxy=V6A|i-L+9|>NMhE%7 z<0_oZ5G(p-S&hJ(cNvKp%wpEVN5xK|N0gKTukVj4a!!}H@x+2yut;cyhD@JPyqyqi zFirk3>nirT+cGE-O=wIx0m5W?WSN+(poYT}#hTVZNQrPs2Yq|pE>ZufqRY${OyB;WNSy?jH+rSWZ>-8Y7#h-8{Ln`RGVsiAriIt(_ z>G8hL*+DiHe>BgJ3~#M+mrNYHvM=JHAp5-LyLefqoo3xVjy@o$EGYVoHYTFoPDTk6n(+}JU@dWGiG$KDl1 zPIKNqw%z(UR<99hi!4*eR^G9Pipxrgjw z1)(AZ#3wUOG*p^OYnxU@%NdMal6g9M$7VackYWeX6{HD5`9MNlW6+nM1J50 zvCgsnxRV+KR-GZr>Mu$&2Cy-aVwQAn69qm$g=&Ai>85iuA%Az=-+W8+!ZdR3`u&zj z*_yZ$I4)95xw{>>)8^PBX(PU*%ePmqLg!MaSzWr!$;0FzsKx<@%q?)lw!P)V;K(Fo z=-7&9i~v5gd8lM-3mi6*8OnAs%Fe{33c(R1?6`R>gnS^%_hxt-?ueKW!NJX z(_XCd4BaWPARi6D%L$9~UI??pqQ=W6L4l`LR|(a+M?QS>K*Ik1I9(xleP!{yXbknn zYrx<;iJp^wJ3+jH#UnET=PT)eWfQ^5@je$33Iy|1%h~xLn3zJYLkWCJjK`g6S0H@H z=1$p{@a51WBse~nbr;u;Rr*=pqyFwMto*;;{{7cj`3lMp0I&2pC9wf%%`XKS0r6ZOzmWq}vqN4zW8^D4hYh;b+u zCqevS0!z(3@zoL-?OW|6M(sp^_NUbHq`#43tXypBI~f7bfkC@WD<)i_67X%Ub%#@1 z5vo$`aXjzcOnrwtRNA;YpA9C_B@3es?Za*XcKpcec~d-9EI|N1N{tHN^N}l&y<&N< zbrC3aHlsdE10{`)Qgv@4chu8trn>u3rYs(~^0^DgKOJ*3X+51kp z=tq)(L6%S5oFMn43apZehfTPY+H2XJ7my>?%*nM}f>tU1F6;b#+CK%B{S@QbygbR{ zH7Z2ERi^Y>g`=Gb@!H?uo^TcJn)v6Ws^LpDN5kQlp zkRV?h8`uXZ1pSR6EwVABM@#pzn`$n0W0!@2zrY3WJgdIiG{4Pd?sLOuJS&onGFm8g z)Hd~s-jlwG;$bxSSWs{>L#?_~)es9z&-fZ0oB`z~6oYx%TMCthsGg3O@{^;P>;E^z z(f?*nEDDhz?wDyZ;>&jGJO|1CN8DLqFo?mG#$~3_9ZI_}_-=W;ShMD-`K#`vZOGTS z_6w-o_nhf%&_+!H^Lw4>(cK%Oa{ZsrbxKuOB<673nDx=-i#vQKrsR3M>bw@i$#$$N zG=|s{*V;u|dqGUYKc8@urVV{{eDD=;Z}Yu`osyD0Vy98rsvaY4TmYR%UWqwT3UXde zVE$TCFbfl$PZ8No8LNZVjnxBf%v?&An`4B`0TwTRW9;brOxH5En=3DrL(5&NRr|8+ zE94gg#4qE_xo~6d-6aR8p9G}Y9DF~+4`|iV>2Pzt^ z=Njc81|%K31=U=w3gt@r-SQxSFZe3HaAxAv>voBD=Y&e@la}6x7dE?>7dM%%YsdC^ zv4`fO#lUrgYLyL=#G|Xgc-nEhK(^G~?9(ISsD0eb*IG zsV$w;c!Kf(n^GA_fsa5xAM!sLP73TKYUU|fo`=PjA7#F^dh;8DFMBKgl`-dRnInXwGk3~%EB!Kl?q**3 zFd~)OtBR^G9cSMl(|NCe+6{8*hLOaGY0`cEIrJ_oLt0bOz<~cNfsEla$i!-0& zm)<(TsFkp4SacQMnh;`;+P-u$rd)8E;T<|U0FYN-d-SsJ@fAijrVSU1ajMC`8>DpH z)k~%N)<&Jyll&bO`<+bR`)b=zLa0INh0Vjm*iyrFvI&=Ezzk(N-gLGZ%bj@1eVguV zRvV#bEsr0<10kB^UtTY&OyCcd?>eX*fS=0u}n4UL|R4ieP4H z9vTw1VFr4Nf;6Uea&U#%;vDr%o=a-0pDu%|p5i{PW(u2HKeEc-^gYe4E!`hB$)lfZ?YUA0$`h|jMUFP$`ra)?2Ikpy2s4sOHRN;0uV^Q) z#U^aQl!Bl22#spVJU>-kDvqwCMC3RjWu;<_`y&t62ouOq3;)hov`D)m@M_qijC1ZYTE^%y> zP2$>XV@fhlD@~K#o93#lkQpdqu7tki8B!xQ^~2ILo3|ze!hW29;#%F}*alYn##peX zfp=U1TGjLB(FVPu9TFEAG85ngK7gJcc7j&U4|qG{Un1$-4dS%3+zL~7SP^`ruxwQ; z2a5-lXW?mp;SmW0?$PEAmcA=Mra#UNtj)kfDEkQ1WnIZ7#oWzq@aYwOP(eiWwn(PF zA$R@0)=4CMyus`2atqn1lRxsR2Bqf~&y_EYh-4LY0GwAhLUZfE9H`Tra77Nd_2u!s zH*6<~N7n#L_6D!WQN6!{v1|_X<~B<48*Sqz!vk%WHKzSwEzVJ5dd4b2)yu2ha*V#>YrtI)+iEu{Xl`4ZIXVuSSN1w%$7R@~>Fsca#$q zeP}(5FQrx(PrJ554JX|3cLaAyDpnFa|lDRME?$K?9G@ZAr5uB4J871|TAurXFs$#NaxOD9oQQbafzV;9OX>ZSD zO4cN-+KIauq`i5%{{}PXFHU{_&RZ~Xu)NTw#xao~`M*T_3JhIvMl!HgbZtrkJ~=Rr z7*39A|B}4?^u>Bva@Mq*zfB&rcza+Ktba5sW}170)Lyt$pWhFj&D;MOHjgz!K~i-m zQziE`Z~T)V?NeTvq468;((S#@%U}`51Gy^JK#$)TtwV&KW)gq$nda)4z2_afI*R|o zFkhly!}SZCbTD1~Y_po*>$3p7g{X})u#q=HbA*=z6&VL85@h1RrYzhKG>rc_bj9Zy zt1#+rB(=rxx$Qks)PV8V*x*X@P7NpG1sfEQKJ@(+dFoGc0XU8Y({IE{T0q{jKEvh>){PQ$1k!k z_RZwjWxkGGR%+|sSaENq-wcX-X6}y;Q5yf9=H&mlnsV_!GpOMoZtnl;!G9vi=l!X6t+Q1rs}S|7MJ3 zsML*LX+ir7m|jNeO$gijV2|OG{Z)Kok(q0_N&;xzGO8wTwO-o)<%5S>Ubj0*TQjYc z%uc00coOJyx_e0f__F_bZRQalS=JKp)5c%5r83pmz!uU(FG1qMxulmX7=Kb58bm^^ z=vTzdvuvKiqI|GvXCFU|=GZHn^RC8Nz4UN-oj9mW=QADi|qz59*9bK7=@ zwGqqFxKl9Pzas`YNeNmNZg^FbJsg^Ax-H`GnbJv6cr2-r-HDnB_|mU6n65Mu6`3JWSF4<$byG6~nj9ba zaZe~UBReg1li?)zE}Q!FE~Pp>_(twGM(J%#=V!SeV!_^qommXuClB*}JvhhGyA#v9 z3cj$AJY=}Gcz&U6H}tFFYVVHt>izUiS+w*nyYC+@Fq3e)3d{tKCiK&DcZ$c2iqnBF$ZQbqnxMy z(o6oQmD3ZYl@Bu|bBMe1#%N7QcHBc0`)*^z>Z~8ThF!G^;)o~4L9AKT72uZF#{hU~ zY3_4RBjn#DRQ{}`^5+ZmKXY?~{nsV9T1%A(VidZ*NGT*(bQGGPng`Ujd5<5qX|Tj9 zjR7~OLLd!G8lv2joT`wOSn!O93 zMJ`2PMuGZFqTdu~=+1HLsV#7^CPDMF_%M=lU%gY`Tehj0hLq=hjLJ2_@k-CsI=V)m8-z)As-NGJ@kQrTet{l1c zg-`O|mh$fTYf;Vwq7@bC$;J%On zB&+K-@Md;R1qx}+dDkqJ_=z}_Oj|X8L-+CG?!^;0I)xTO`*VDUG7prp7}3Rfjh@qp zl_Q`ob+c9Svb}N)^+3_8PtmbVaCaS3O>SSLkb$oG&x;|4Y#jxis3FL3;;w+e;yh(v7?D;e6&e-8OkBS*1pqk6#2 zEm|SER5@8o0>qObW4qyondW)xHgoL5AU^LXInmJ6L}OSL)zhn3f8N&zyD&E9n&t5p zyo_z2+N!eI3dbEdlQT}Gm1}i9P`>{?%1v-fcp+QVSIATuF~S0!adC2<2fLt)o}SUl zaa1?CG=6@Ml&UksqI}s9nTYQfHs?^uD#aNzgzArFZCkfYY}eVDU;B^U1$jYKI?{Ep zK+K>3+~7)K8kh;OIh-cL1lpYzqiMaSz%J`6kgjxFV1QKwhCONGo!F#&V;KL(5g%LF z{Hxy>*NeEj=VP~fId9YBK56wwlUY0IpjX^E1jg%;R8`3hdT^w)D~aYsRT4aV9kDqV=~FWxTn$6o6Fk!;DiM&-8<*@ z8{PTNlmQ>R0BETw~8I=XrW}fGtyZk}Y3aaLs~=YY)F1L;*VsS5n9HJl#^T z_p8-RYg+W+2XNbBB$$dkg*R`%S=8AP_iI0eIM7&lFhF|~9zPDU%Am=gj0vB7RBQe- zJv!wb=1#M-&%t<$t8g#aE>A6vSJ2G8({EURf>kU3GA5Koxr#<+>zqlQMqR>pkBO=e=#`4S-Z#;%D$4_* z$tI$++9YEcjjR*F4%XqV5&h;lkn>IEm!WW^y8};lk$EkPz|Yw8a$4bz!LUXHaCU9tebsN0fnc$rjIgr)= zjbVag;#O|_*Ut=N{<(p4e`B`TpnGC$AF%mUUj{fWX@$O(8Vp_rJE`Dwf4*U!$@M22 z&lCOFeQ+sIT=iZm=USuYV>=~j>cq2S2(O4uty3GS+1j3Xqsd+Dis6b0s-ID;)&gzE z-*Zef}w)Ny!y>n3eJ>iYiGb*08ML}5?tWka@V)JkUm zg^hsWWtE^I)tSwX2^M2^Q)V=xxX5e1B)PxQJxv=4-+wxJplxjD@9(=ibBZ4_u?W8s&A9s$U^Q3~ot4l!aE0bpQovhVa zcpNn|dQb8-hFPb&D%Jh<7vcnO6F(%N94s1d>Ob$X+0o@Ljs{xW)6SXM5c+d%&U4It zK1*wn{q#1|TVi&sl;Qyuppb1`^6ZY=)7eIq8=$fuohg+x=WN*Mxg=aEJ?neJ_Y^?W zeXS)Z=k@x7&$2%>zW8F@5&K2M>t8oeCqaLjccZ2eP#N2zw|+2pfA(GlPa)KIbyH^M zTO}nWN&motX@d;P<<@(Y5jopxr{cAAW@Im_PIZs^5#o*Z>-dkA_m1oazrK+JE1eex zL8pT$_Fq1-_}BJ@4=Mh}P~w3EMr)e*nD9f(xs#~g_uDppPsvSzs2!z35j%OJc8p(i z93om}CLhMeEm%nmLABm_D*&|MH*VV}dki;7N4^b>%p=C?=V&YFCDfO# zWM(5<)UifyDCd8+i_QUE4+=Zi`8qLTyflDv(h2iAz+d~bNP>{{_ZvE}r z;inG8geWS8%aGGrD{|V^xy`mpqrRuJW5Cj>(`vU&kC|RpTtFLK`8e`2(mH9^%rAo~ z&#YYkth)7=l1j%ns!at$?79x_O9LE{Y@m8kAk@_am2C{LmTL^Cyoc?m)9ha-2Eut#@n&&6{? zqd}7deqtiI+_D%xE|`o4XG#rn80z0>kuid);?at66X@0P*o6`9k?-ddSkFAhgN}fD% zX8-Q@$5BiY?mgQ00wonshfV^qm;de+Qt-S?*Qz4;+z{HBc~zk zRd_Xv$)xGDPrmioUiOgAKU#2B!x@Xm^|h=IT#q`uf7lH8i_ATs|nv`P@1{I zitI$IWD}XkXWQ;t((ilpoVj&tf{Qy!ohY?xTwO?znR(gHhSxDEq=%UT@6Q}$o}y~2 z{~HeS|7+c5wcvlxh4}n;=0e=fb0HsO#fMo63ZU2V( z|A!p&e{rbtU!a}xneRWvnX;ZOta&ou3N#(l^QN*-N`j+TCX_fD!TZbQnIdl+e`9<^ zLa8V7PxKHWPqcL|TKsRMviiVtH#FaVv`7E&>TKw0bpsU~yPjXY6br4q65IIt^2vUH zeX!elj^gs#;n|lLSkKR1^nLuoiN2V)-RO~wXlh^BU;Ri}`}tEu=c+#PIOnD>#QU++ z%i5W?4mykJuEznbr5YBLpB44g3w T&rwm8eGmet5!tl(z4X5TiRA`J literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/file_quarantine.png b/docs/images/hedgehog/images/file_quarantine.png similarity index 100% rename from sensor-iso/docs/images/file_quarantine.png rename to docs/images/hedgehog/images/file_quarantine.png diff --git a/docs/images/hedgehog/images/filebeat_certs.jpg b/docs/images/hedgehog/images/filebeat_certs.jpg new file mode 100644 index 0000000000000000000000000000000000000000..ceb85018fd89c080bcfef336c8571297f34f9725 GIT binary patch literal 49177 zcmeFZ1yoo`mo9p62`&MGyN2NI?(P!Y-614F0|X21?oMzE!QDM*f;$9vcqjdLPj}CK zGjHx)cka4ty)M?_?5f&TwfC-F_ECqYZ%;n}G#LqL2>=2D0+0fKfTvY#b8$~Aa{!Q* zrUT#s06+u)2xtHTq>>>)@^^Xyj6*^|0Z`yO2z)R=`WMfy=LH1JZ|`uB#{Zp;18JJy zdBAD_W(Y_C8GNUK4+}_Rf$tLVu?qfITVFwX9DLw^`vC>}t;RpzlG5@@BrJ@~OpGin zV0k7M79J)J9%eQYW_BJnb{-aXkQ*ZFPl>?dzjXOs_Fq-~p@$Nf^M@WBU^>+AGQxuC zuz#Vkf2V)x3jz5r8Tmkd$lqzQUkZTXU-CZv)v~`t2RWY>0Z{-R78VW`1|AL$4gmok z5eW+!>DekWHaxjV zRR^}p#7_!VV`qN^#OFA;crPfasA*{F*w{HZxwv^m#l$5frKDw4)zmdKwX}6iOwG(K zEUm0vT;1F~JiXoo1bzq#4*3`w6B`$wkeHO5l9QX4Ur<<7TvAbJXLs-9^z8iN^6L8L_LpA2^!y|IOR;~a7dogHBs4S> zG~6$}ARs-!2MQe;hLjl=Ls%Kk$O)5-#Sb1!Bs#mQ1A&}X( zOXyYP_Rh;6UO8yqWUdem5=KWq0q_!jPk=z-<730ELA}pnx5R4WWIU7Qh6r$h5tVn=J^#)j9xEAAceSr)54pGmiOtpr={nu ztp-~@p58R>5^#SN{cn2co+}^jJprtDUGt*VOoD&2_upgRb3Xl>PM|vfu}%+I-oFg^ z^HS*`9Q9g+4fW7E9NW)I<;>@GPRd98%si99NdX~>v@e|Ni`N;Oy2z#42 z(H{mNhx$uL{;gAQX)Z5(k{?zNvgdJ$e+F6-pY8b^?>_+%e~UOwNH&z-j~%0$q4c*u z0fFQ~Pe7*X6X0WTZ~6DA&HGUP|2Et8TnBW$U=NCRdD&XSFhF$fz#Os%vG;C&jDGs9 z^Kb^ns#a5Lg|(!Ci_~iZ63wn@jf;o zHZ*%A2*rq%l-I(FCesI`UJfH^aNl_EN0#uqCVUT-m9xk9S*ayz8sVZqR`JR0=}ZIr@hCjS>UT) zV$giA+d?1H<|P62O@%+Q!#uBF_8GJEIR;&Nt!UBZ3E*4BEcL+52jLA?i8DUrW0ErDVyO_L3}8Xd)$E9MB%!u)`{SNh|B0 zXbU8|7=7aBdII*nryxfcEB_D|-@a|TR`6=)2{=)IeF~d!h{u?~jSVl}$G6S@m>Dl- zo8qOHT5Vwc93sgCsT+Ol?fTEGXN!LpQcJb>`LhCg+8Muu!zBdSGz=C2Ta>Tsk2i(o zdA`Lg8%0htRcEfp3sD${%}+qaI5;EaJ^?+-^&37zznh?>RBIWd`!&*Hf#A z^bEh>)F`crFT)ZtEhUbbmm($KpC=957y|C`uHXr1N_b_@`IZtqxpv7 z>k1N&+zl4$zn|kwwH<@q*E8`@Zu0~PgPwIue6R0>Ze8yrB`{Y&-x!|>Be_if0gm6P zBhSu2-Vm5vSKe&?8J3o2czzggGj&@ATtgq=$ zz&q4O#zx+Bm0oqTU`43_GFnosCnYL3M9)FgMomPNH$O}w z;~vXi9qQW^uDL$}3$tzik&Nz%+HmQ4hP;Q$UOiFSeJog4?z8i%(C0fi3c~Vv@*8{I?D#AS$usZYH}c{S zdE>n_3B_to;q~3j4d+Z^5im%0Muo$@D3o?fDjU+3-=dSgbosDw!$*KBmyzKg9Ha@q zRqfQ8xW3`>vP8GI%X-06An?;8fqYD)(A}aY;6ybZ?GwWvO z@2FK;rO`Y**dHW>l;C^$U1aw*p8%_y%HD00zx9fx7(po>A+fJo&iZZ2S=>x*PlSd% z6PsTi!zKW@nI3kWRk5G5D)e8qqD&azJdoCvz3Fac7fDO&IC!o>-bfK6p zs^D<_l=uX=w^sJ~oYH@P0_JL-fF0@Aw4i(U4Lt!ZI!1z_5&QQ@S5E-4Pk&{h&m5^j zx}i-Dg}Ww-%ppPiLh@LH+|*n4CxGl%H|u@SzT@-2lx>x!B{A}s{8?_Iy8gZ(>RQ=A zF?87;??;A)38I;vQ_ZV}hL-ngLrG;8-i>)pG<-c)ek3q1xwEX#k#JHBU4lP+G($x7-{yCFx2|1}cB7o}`Fc&JMn$S7BKhj`zdgRN5 z@8Q?iFqz?6^sLmZF?RTHVEvwM+Fe_OSd5$$!UEwhQp#kC|ga5c(LpWFEJ zOU*K0my+3FGY!W{{fx1+UUb^qzO#ZQPvfIKZVWqPb8T2$FL>6uaqpDl2pJxO3%(m8 z{N_0W(S+dF(`A+Kdu{QKVmusPSy4NwzyrhznKE8;>{jltF4ekm^VA`!H>L4IZqewo ziBRM8>e^?_&+rx`9tQ0gx{zefH!v5{Uj{pxeU_%Mo#7 zn0ghREF-Pz5-6yS;tqtHb{ZC_#0l-~nI0tTg+&Axg}T=YYcuX0r7~e#cp_n* zKXH9or^byF>$2Mnl5G$unpE9y2)aBI9w(vCT(`tDW4EKVOslx@sP}I)a~IESe@z~G zo5uk#_h>x=+03W&-+AGNN1f$eCwfgnsISzJ=J>r-WAuV0h{6h%?;}nAgZbn2+nuQ4yj_xFUp6UvVI$(f#g?Jad!Grjdn;s`bJ z5lVDUGZ%~Bikx~Ipzk9Wci~)yR|J{qVK8;Mxjs_Nyn0#I9pOIfv7!=fUuY=ENo}?9 zW5au$eM0paogLK`ON8eDM>An0e-G{z_QvdMvKi_o1edZAXf29?@byn}F0WJb`=_ip zoNI$5Jki6V{kw~{3hIf}JWLAJ)xI@-a+2Whp~N1wX8ctFR@@u|dT7NKlwX>;FY#}A z=Ca-%SSr$&nvB@)omgoxj?NNqyp>Wu%sXWCOn4NH;{FsK=;cL&TNhfWD*RUoVQ&w5 zxS07h{B#aGY6?JjlrTA z@uPU^3AhT4jol;I^sxC{-}qeFEZlp5lX&YB@Zc@@7#P2nB6$C{?XGSH>?h{RpR7x@ z$O?mk$lt`~W~=(EB04tkh`#lgW-h*Qd;*esQ^9?-Cb;#hBq&2*Tda=`3G);ZH zdXl?$AsGMAacHzmEb_Nj|7$X^y?b4F+SbTl#+$pNc-YGO7{KH3@L=#r7qzcrgG6W| zN4}yCZg@(!$Ntjf9n0CHC+O~7_m;Pk`M=^B+v?5uC&qGhpoI z_%AI!4u1i6s)E-)!A=mURJ}1+BAO+fIH$f`0hejvbk4`eN^t8h`S+*+{}W*T+GmXT z-qR<7cs?=ntnUdRB3_rA+4G^l3s~rC76^P?oNC))1-GH!XMXMc{~j&fZu|c<0O&Iw z53sJ^?`}Z@5dSsu_Ug}GXY=_}5Y6KI$|KbO8@vD0Uwz@L_g{@J_@^6|PCsg1!PN!3 zzC(CuDD)Y(kOxmnrN0gke~)U8`TWJ^e{qH12EcFqpDkDqLLf-HZC4jykN++5U+DgW zuPoCCjC`+(pl2BJquSL?BE=~-K3#sw_kslvg2b;L4@Lj%0d^1h+Kd%u5(S)~ETWHOSA>qM`;$DvA=)a^fH!31W#^wkCEi&`bbeXYcB)A}K-w zLSrOwTL3J80$_s>DUy+ii=(iTlH4Bv-T(N$oc)D00>ISEUv>SD`TuDOvZNFGO;u=1?e)7W^e`t1nF+b?{S#Nscs@n2{YOJ_TfhYjSRFtxJ>>xb0(7j62Be*25IvvmVy`z`#^5XsD5 zT@`#&fDZv62}lF-fD%9g7z1vA6<`av0x!Y0J(%JGsDSw*|3Uc|zm-=4OBsWutN;_R zgc#re*a1erl?Q(H0muV}KW*z`&I;nrV1Pgp0RWhlr>8SY0Dy}HfQP83r@QQ@r-vL6 zOI`wicKbieJ7fU>*9Dj!^=BGICIFxY0ziHDpJ~R40MHN&0J!sxM$SgRwet&hhBOCJ z`O`uGK-LBTOb{GL)cu#;z`S4iK<*p>sDZYU8v(KU6ab*I0PEKK5A+7%@IUSLpYr@} zzu)j{D9B&o*Ka5=K*K`+3LvNr0}I00hzRfq2#83iNQlo+o*^J0qa&lBqM@OqAtGU5 zVxVDyG}>?Y^{HTGk-vTr& z3>-WZBm@Eo1M8uI9R=ots5=r26eJAzCyHO_HUJBUjzNlvg^h#DoIeFmCj1MLj!l?k zVOKVDkIAc^n4VdCPR_w8VdUcap|-9YLBzsooq|=xEt--_)US$7)i|IAtepTHzrQv9 zN7JBdfYtwMAIz2d4Pl0a2JHh40S%(;zvZGslfqy;XNJWj6IM3K&Y8egQ8jX^T3y3p zVH0)s^N;SpG0p9SBNs8Q{z*aU5_7`-^f%DAK%2|LdyVno9yxFo1$F6a>_LXsa+w_j z;~Jf}GXh*JMjDz7^m=z07$awHk_5|kglqOqX zFAYB1u;Dgo0K?h*>jYFnQDXU-uEAYidmF(K##lx4pwbTs`DPYvsn<;G^@doGzPpc| zK2w6L-^9dn1D&Vm{}zUcp%7^d*2m$%L(<^CD{8g!S#stu0-&I_k0e0 zDIcj24NB$#^#ki8;lqgI7q+`kGmnLe9b>Hzf&nOSQX?E0mj z1<9>RIN7Ot{%FVhs3Pa@0uOhGWsT7U!;8Ajtg$7-xSeTa_cQWqb#e*7|NQ$_ zYopo-m3;pb5CWCooM^9&&tiAza>aeAGK|Y>fXhHXAQI6^cHv%V`AX_RszIunM+l%A z82lJd$}A+R>}IYP2o1;>LWSw}w~n>wJ}>hgl&4AJJQnwmBAg=UiEy5w?vE2f$~D85 z%hSs)YLO!UEaVl;!&NJPq-PCL^oq|o&f%ji)6pXNEQv-b@B5RUOj`0vkpU{T2|5y? zah_qab=CqrEbiWl-1vFqZR77Q1~1oMJ+q%ApJH=j_$l@71np2vudtEf-2k;1)erF+ zIn=zqF=6ByOJsHW(wKQTbbI>hxyF~&=qk$h*vuTWgp2G+Nqdodh)HT>?O71ckXURV z;hMRx=u{LoSUTKSE;nPAOQuFOVGPP!=j$vdG!^t|^W-R{v1H6pqlLtrk$j<;`{^(o zoH(oGznqj1QBC`{zPuWs$Gu&%L%ScvD|<#F%sp5Ip19S*uw)bb7|SlL2s-m6d07~> z$(a@UV*L`Dxb!6$e#jZiJQpt+o;5Y3A*NK;%2#TN>%q8etv5<=dr|4cDQH)wP-~wn zAi?bgdqkcZzi^mGwp4B4ovINZ8nYX>O|r`b5ekVHq<2TNHr{k%w-%r4DhrJXHCXrF zecRn1!|~`F-XIJb6iwu{TxzzEoZk5sX%Q=Ow&e2klW#_?#kY@T}|BkMI3A6IPKW#FLsF#eq{e#%kvFy{W%cg*go@8+M@ zUT@i^+(HZx3Vu_(wYcZKOIh`_x*{%pP{<6(^uG0pE#7$d+3n8cezk(|n8)4l)iW>r z=E>AL0tT9Vc7iRgJ;0oTZUB#&!=MN`9kZqhso1D?f~kQzkQE@_e0pf6bEV=FhdCPQlj!hznRS_nR9S2dZ!gum|4= zY6W(S1k()1+)Ut4g*Eq%0vXrTwP~W^NYOCO zT>$qiZi}Q1eCy(k0cPBd4~wj@lPh%xv{qe#X?oF1_0ByMs^k{^6|Q|Aj>+9?V!;fd zl*6K|uuBCTEBzJ`OX=U%cB)QTc>3R0pM(s2_5f;nrN5FA_=_MG7-{Jy^*rxLg8bSc zeB}E9yKMX-4qxHLUL(_pZYb4v`o3Xi_RVhQ5xv4EKqp-a?nC}@>P#bNeAPAjvv{5UBqD=xbO?D&YV@!QzLp)bHmo_X#xoqM)-);c7DHy;Mph=Nn~%^!?QrPBGUORcfi6XDbZhfkWkz+$ zBoQ5Ul}=ikrINFIh*(4edLMZsghfec@x2S4rESytib1grEo$yeeKAI$C7!~EsD{^gr-E-PNf z(fO2BNt8w2NO|^HR%-ZNxl$g|?sm7KjGQQuSw36@zP5nYlG$90vP4*vPz>A5{vQhY?5P3Sn@dpZZjNS!0gWb<(m%E{m0yc=d z`i96Rr7@c5vU>#LX~ z+rwZNQWICra)~BYTL^)KMW?~a5!l3(>DJj&SgEVPR?o-`tgXbAO?o+}Tvg2}w)ZNQ zKH#IA2wI@N{WumW5;YpKUlg##jvQlbTS|5=Kslet+aj=UxIh|kZce0!!z4whDU&1O zn-jvV7O1E!zlfGM#&jqHgP1UrLZ0@ey?6QfD82qCRBOI>sP5dxyLcRfC0?{p46x*PZg9*N^-jbOAjhh+B=y2i~TLG*^!P$BB+%K#j+qxys=AQl3 zZaA~wXD2RE(H+$*%a=8O0bVLS3cA^-NcC^COy{4-9g@50TA;}L|E;NL(tye7CvsjhLKn~J9vY08To8LpA+W&{HxA~6FzzV zOUp;fBlCgEEQ08%hrlPGz^ALNsRAb`)9JQtdiR?9s;%&bCqr@(&Y)g!^u_ARS)u70 ze`NRY0vf$U`EQ-ejfa+vckh*Pr&YZj8sAi>B(XW0B#ZEieH|DG1)#sdAm^s*QpEQU zr*`1ZZ9)#5^M7A(-H1*45pHwpXL?I?e8}T0VdBqRIS3QGTrvCT zajKBQoQwR$eU`RBaLb)STJ%4~{xQivUh;qaz)Aj$C11Rd?uw}vL>5TmHw^{&`UN*C zfw$AMV%UZMkIzD2yygLaw&^si8DUm z>X}kAqh+Jt+k%bhO8tV6ig(FzzD5vChsb`JTxxkMKNP&^@d#Qt#=bY$m-#QwXJacN zn$3)x?2w>VbNCa?!#U>g5Bkc0k_?7Y#h9zB#s!ifgqxrUDWN!_AHhJ}s$%s(VF?L| zGNEmuWeHlsKwxuA^<86+KUv`7?&xlv*3SA>K2>|K*%>_gN$?}>1?yU`2`P*dj5-w{EFD+$;!#M4a83Xr7T=TsedG< zcBk{Fx$ow)hmvi%tORXl)guYYHEEnYvJ^&SA2XC>jB(*eAs{4~(161e4eDNbhe;n4hc?(cf-e?cZ8=gG@r*DH-?-&)5hf|VVDY?aDj8im8Ay6FAmaJ+L z?^eb_d`@e^YC4{P*bRO!Exwhvq&+c<(^yL$?=cC-T!;8yG$7TPH88#{;qWrhj2N3g zdG(-@QHXy|UFvOMK!0wa>Qi*G>HU~--f+)um$vWShDm&3aHn|sHX#1^)_d~%&nXL@ zmE&$7@cLNo6F}Y1{rU+gY<&q{x8`suKf0Iv?`96JZcRW%w+-w0JYYKRQiQHHX$-9@ zwP8oK!~$+3`I<^f0|x5j_2x>~OcU?(xq1||sA88cPTjxTOStoS{hP45ziH9;p!qm; zpGoq&!ff-S4J{|cGd_oc1E(mzcar=sBcT5uW=uXn;@fq&w))LM1WTR(@HT4f24(F* ze*8O%I95J-=bDRAguHJtRM-keTQoS1!(!GkKkiKkJ#-mU-^!hX*XH+TtV^(dz8u*| z_-c2@j_P$Zkm^7CMr%J7KBK3Z$FNG-{eFNzii`xdzaQ94g15L0%E|EiU{Vlw&yomB>D83@O3DNp6U~Y2afmm4T^?X;5ddtE8cN zCS07y%)xb%(Gx(cP=3KAKd-;w9kcSC+@owz_EJp$Cwlpo1(S|)0GzRs@K9o~Jf&C< zCKjTRDCuw(8J-7ZRhNiLDK)&Ne5GdhV)ql!@3}-sGuLgoD}k}Jl%lY=H!`&|+<6M# z_*8tO`}ktyH``eLuQ}p7>Urm!LON-qiAa}7aauDMbYe#+r=qun_4bt(-SJNVJvT1{ zk%||&^nGF)sQAqp<4(BJpd;SFVQNzjIQxF`J+w|Yhukzbg zi+}SW^54fax!tA8BifR(Be8GG_rQ#-F}GEI?~I)+OpWw@)*-&rVb&`f>~|2|lko~H zm-0tD_ah^OPXN_BK|EQ6b6uN3=C7@XWs|LS*oW_9-)Zu^Q;N#0+kc#YmGUOTSn2{A zE8Ort*63%!{A2xKIpJ!W{3DrQMx%lMNL#9hcF}`M%!>1-8J#ZE+#-1Q(Uo(I(sc>@ z&a~~>Rrd+o)qL)CVpA&BS6^pI#Y@b`Ct=ew75Pu+8=!ob)NvS@KXMM^4B`b&ex1WV1sCqhlnCO>;~v;2~?D)`)u`BsIMy@^M_oVUKoLc27(DIm{Ic1;|MH z55_9g#*xGu=a4CpL<=!tWk;D~>6Jw-=^V6;JyJaZyByo#W%n7)3uV5ov62|;G$s2L zgXce+S5kyI(e_Ij&kqx5@USzomi)gfOBw~{^K8?gx;9KMe)@cg_?)F9 z4EIV?zBAmpRJ>Yfhzd?z97~;TdVrjPQV3pIz^E2l$Qi&5Z5ifkAbu`3OI9EJCAKj- z6E?csZ5^ne9o*K||&eW4?9*28Vbf zkL`3QCwAHwnmpB<7;_dg=&(F2%n&<*ZZT`(8G=ps*E7jp^JM+IYcIQ}k!|?gqm?E2 zgrTqY9a)`itc{jNK8s1R^D6cK!1Eos;r&pl!s=ZNWVqW{x%dJ z(WEp;`-Mh?nIp0!NoZiTLnbKVyS|(BK1QVkSlDZi9PPKB@1HmtJK}RqetjQ9qRc(b z8Utl2BR|0}0Z{aB$n zkR*n*JrFcoa)ZX(8r3Rd4&p&?%y&A!!14DGI!iBMST{rnN9QS7@{W&Ui38(mDq;n+ zoccm==;&wwrYSq(Wc$mRX6vpnp?Gb%byxaWkI7VS{ngpkVjGqWm%VY~|! ze5MVVDKuB4eZ=kQ;8a~`Ve)6HDx#le!Hs@gakE>O7^e)fFyhc{7~k}2NvNX|$=yrR zSeX!7?B83Lgf>%c7mzNTvEZJV(#)Y9;ZA;uNMWI{4ugUsA;t3xP1yUkMv`^Nu|rMJ zRfhp(;zI7RBY1E$#q!2k&iRD3R57*YMw=rkvKe|D0odV_&6-geTq#+)z*QzPG+wFhec zi+(*6@jX?S=)73z8nrZl;>IB)U?>XbHJ9dPlQZ|Hu zPqswJVJ(gyI{F$*g?2)k6_3SVd=e3%nPnUoR1+WO7emO83LG zsjDmp^ZN5u*wP~z?9R~0>t!s+G&igsNNYwR5~%cY>@Q)}W1({}hxW^i8=F)Wjl3`O ztm#Q99VBZ!Q=a+7;lRBWS5-EY%U=rQWZ9i66LUe1#!9(}8R-oj;1Y{OQ!12K@#{B^ zG&Bw|hr||<=l(Q8k*TlsdX|ilN_-*q=!&DdfLVt&&Lx^~Tt+m+6d=RHa`*LVea)MU z)YQ8;2d}MQqVMRIO_39%rdHQMDW!x|jrRTJIegNyyoDITw5|*hY&*T!b?D7ZMI+=? zcB&i;_gnOw{bV+&Xt6D+95QGU2pPO9L;zw5G1+wfnUi9dY_tt$l^btei;#0I1x45? z3HL_!1WO-eq^>hMqo^vS*Efb}V(?=(vz|Wt%9q!g)HqBds>7vpz5K9t*jOH7ah5Op zTpM4n!y%g}`t;7?R%DYIn zC!%MF=Yw1HtL+P3M7|Kb5;ypnS9y1IKQ@h{>;#@ z8k}-a_ZcXpb7t`2DP#$@rCiBtb<@BC;l5eu8ISJk)`0=RsT)Os}z$Y1n1?P?Z1i9Z1!JUMM^8()g+EuI|b826Z?!kW3r zFrF7<3(<`X<42*(bwf!VAO&(?+N@S3l~iD>*m0&*&omSt_g|d%!JQL9V*hk@3}1cL zt7qES#}-?gHCv)`VLwoQ^H#{H{<(mSjjjSi2V2B|IW1#Zk`yDX_y9Z^9NnAREi$Mi zlo7uum#yN^?w-+{4CVB4v&ITk;hoU&E+b0OM4f=tjN0lLMYc)@2abb=m72hW0s_7I z0QZQsEUIJd3_4Bp8kP#&q7v@+3=v34en?Kpt@S1u?}kfF@O4`0%InvkIY+6!&7FVV^|Dy(iUrwI%HItU9i7rQG=uHP9=A&QAxcc%N$v zbavqdC5ZW9!Q+@Zow_Q-2->}JeVc`=hnt9Zgud-N57;lsBfCzj-8{?n&FgF{9xHBK z$U5)?6QBjy4Q2xuVK#mo?!d8>$G}m`t98Ts=L6hgtjxlqSnTFdpT%H5E8@TQlu>;zU(v)-E2L>MUqMyokUh?{MsJs+rg>MQEEYFSq?ydPYDR*ju9}r7Rj5lw~?#sU7(X=Z&cn}Xd?7Zf-$r-UhKz69| z%}m7ondq0GyL^MZ_p@loqo?m6_QHI`zq*mWN%?x8@TV z1n4oAd1BM2^JdB-mg%$3#mK`u$Foa$)N++&brd<`XHu=d6RVg0eEynvNy{?$haLsi zMYmMpvq6$m?Jg@eJ*)!4iDn^^m_VwIAx7}i6ZZ&<;@7PVqU*Zh_T{E24dutfXH0Ki zNvyl7+`@3FmlspB(+;v@#h-=0FIE1&zb$YOMvszvxWp^7QKO#e74j*KL-_~4IuRC-EE^J=!OjIC}h8&P!~6d4{aC55o3 zh8_`#f{3wKXo5GSfe1u;zeq~ZN4hmecfQl<7*w`dcI!dlE{HCQsXx=DvbJ_OAYa?; z;ocGEgOXGxo_ghz&WcCyiC$h)}GGBjjCOf2V(NudOZnH6+W|1#H&m9!0 z7BqL-xDS4+im#qm@K5znt-=r5(^J1xzwi;%un28%^FP`NOR)Oz60cfJAvNT5u!%(h zNud4qY*v}kD+Ji!hBX?~P@|Vf%h_8#pEos0h?%HkcHI|+&BbRopyD+pjKYQl^yM4U4^9t^NeD zSM<{hu}Yb7O9e#&4HIIdbO~*1t0$!LwL0C2%Z%FO;1FMBa%)cQ>#*Dp?PcmH99m7% z+&1h*adGM~19jdlw-a}S!5W0=cC!6ry3h2(QZ7}dgk*NbV45k$PV$%ftb>LO;o)80 zf5uIqt9uh2PFYmP-r5FfxuZ{*%T#B*X2o;7ixN6gN;z8o1h`ymwwy(s4s`7M;2q2A z=)=#_FxxMY=nS?xrb6fqP?;PJVTlV}ijXE(F9`flW00ULz(|)`Zg^)N(^_%$vR5aC zUiioP(JMH82|7AHowU4c_t-a+in^KfE$+B?)+_>j2caRMiCx#1KTbB@{}it+86x?% z&GJT{tiY=XlEef;F$uOTIHgjLXBGs4 z7)?0RCU~fL1R|rdauV^2spUs{dgt8dM)#KH1>Ij8kJOAO*W2@P`ZnkZle$WfNn6f) zJmZ!MQeu&xM2r+?4kjIjGS~L7fg@I*ELKFPE-z+C(O4dy*j1D;Gz#lntJUYR4=tCr z>2!9M9x&q?a&h1-pS?&&){DN(5qUpXd1w07YR~H<`83-9(HlLIMI?D3%C>1vc~9%` zfWcCBMe->r9OpABrM7IH8C7$1DB{Epf3oLc4J9;m^MtUOT#9+W7$DRXs;f1NHG7CpGl$~gijsxEes_VSKxf)e0*1xJymOVm;1;z&&ILAR=%c@U&E`##J?ko# zrx&2EE}%2bYB%M$3@2s&?nRrv{9?aWkK~WdPk2s`&)M+9K1jMiRpd|5RP3k?n?$ol z9YGh$A-RN58DhBi&evMIrI(3^(U$j{ELklVSfo|UDH2HHXJ2yid{FA1%1AFDmE^0L zA4_o4J;N|$45zAjg%?O|;qN9Hp$3y0W)mr1VmA$m_-0BTyI*W1tCuDz9|DcJ27TCC zE#-L=)oPcG%C_C}@DkJxPnD14-y33`1GaupLZ(tvC_N_>Qkp61DkZ@*=e0}~=?l!j z)~=p7VLnodl^gdi`02S~wD3x0S@7ryn2r|G0{>^vNYQ#J3Hky=tacdY%O$>=m$L6R zOJSg6J(FRct52yGxk*(eAjQu#<96}{q_GZVF6Y{{glU~bcG0u2EO=W`6Kqb?pI>1o zOG!1oNutg}geGCkzGCqOOjWFaerNzTW%TN~z@Z**gYC9VYp9NuTbvZWU!Hk};L;=n z1SA>(og;}k#DNf;`2xqcx-h8T5JB@69C7Ao=j3Q5L>Dx%0;FJa@K0vWM2=`^M`}>8 z6-4v(wa#Yi z3T`jBEpNIw;Sq-NZl4QnC}kOf+RUQ}XR?dfVcNvR)UBdtC~T99hUX~XKi8zz7sdCs zf!aaCgoob)2t^oQ)9;@sgsNv(;A)VO<2p4 z)~IX`ds@V6+P%mr;SQlfR>?4SEdUy>P8}0l1ZC7YiGS3nNE-^md^IB1kfC|D(|IQ# zT5T|I%jv8;aF4c`reLeNkA$FaxYH3?gv_?ja+^{9_<0o-V|(2yBXy#ftY!pJKaE>D zIxP;#jJje%9nzxf5~uJaUZzCloNPl>Rp_UVAtILbdj?BR9K^^iIDOe1W&QEuq&_kW z(j^3iB;0K@xps=fh#Jf3eO|3FVrMQk?zwGyue`Ft$ue zP=6LA70q^(MY=={RbTnU2lsbtH<~rOLkybI@i_7r$(~`7(uql>oboDpSsu_x%EKHe zM%AJ6&-Ch}0_8r)v-p8GhiHXZ08~dhh=}-lBdU!xDvEjg(I07q({ECE0BKawvIw!l#BkFFFDtU2 z*a7@=1>!|6FCu1+5)~R2NU9XOWm#U&6bce}tYYlWLg-L{uX_?I%3>G~-@#L+Zv%x; z=lS5Ij7V>pze;CTv!zFA$+%lmuRu^AS58JYbD%3)(-!wceNTw{D3x15|jnNMWBjV1*^Adcr;kVZmV;*L^!&s;x_jRnx6DavJ1U z8VK2QT@@e3&q+QQ&Z9wVa)Et+=QDdAJW>R4LdAZfpv32vBjkDiEU<}{*R|4?`+;tb1QXoG#*Le0YtSPbU7DAVHrThPmC2QAk%?sc7~6g zPVKsgQSsyII$JL%ahTTL1%64nMND0THbZ=?gpr(a%f?ZESmzEacVSd0o_UXUj#Ql5 zHtnazxEv=a2>C^e+OIz%jBk-?RO0F0#=pF2+gM3NaH>10t@<{k7SHMCnV-q}rug;f zn1FvC#v~~NX3N3Wdlb%+Os>7f`uaNZ(qh{NBD!vM^{>(8LtpD2JiuLx zbDzsv&zVQJBi3~4yB}tLgGF_Q%S8-DutIK}WH?%fN3*R2gfB4W{KsY&uQCb*19?QH zm2dgI%4L`HaeI&R_ws#)la2|PneQeaKVl-2P_Ea2=ZCuu|1lDM(&Y!=khI7Ak2u?&sy3f01js`;;>DV{R+1q9x z=3e=(5=Bqc#uKnj%3OXiUif;)k!sMiZE4*4VB*l;Kph@!iVd@b?uzLsS_YLwACu1n zakf~*ab}@v04IrV&%)dG%1Iu-laMmU?J-PcVf1KMnsaJUQBWH>fnio$Bu0^FT6rWD^5LSnV(sf z?7S{OrvG!lV{C+EwX}8Y?ME$6dCeC{u#9!^Lfq9Dab9<+*0rCpXyg^1vA1w0TBQ

WHCnFAik}I!6LLcgSMQC1t7}#CgYF* z3wps9Gr0lT*jTw2`m+vRp_TBi@m4d%Jc({(*$la98k;SztZOb}@Jy&kC52(W^cpoI zhmLDut1#K4ATEiL%Hd2j17E6OiS z%1bB8?d+#cr+XR1tBpor?3N^KhqUA6g6(5+{D$#x2XHsh<;0-hg#>eb5?Ih^AMaLt zo#%3YCpB?TIhjHiJn{dq_m)9zet)}fa49auTil)EQc58}kYWk$PH=Z9?(SABcyM

#}5g|^WC4*xUHp4t1%v*pD;`#dw}d6&7fl1bLAxxe>!t?T++*KJO;>ywhA zeHDw)@B9gTG--mY4#WkyakIOdovKl)(L#xcU3ct)K~@wr>?CWVIq9wydyPtQppz}# zRv9oUZB(PokWf7^ul?(!?~%{c1Cwj=@o1(dTZ?VJ-Ruu^x`}33S3b za#lG;R=nm*+oE-tL1r13cI4Og?axAHuIn;wqTD77iFlhDNPI`WR?V&FQV8Lskvmt)sc zolz^V-#@SY&t^m56+*uE2K8iMv%|-uU%{h|BQ93cAq|7I1o0Urn1L?u9h0=)hbJs0 z=#aO4=CWnJ;BQG)!A7;aUsQj_LihMR&TtOeLfR025N~%@@5oGIV-Z-mjsgLzNK9oB z?=Q)($WvylwNmw5WC&H#s$oU~is`8UG~D65P8mrg37j|cknE$&O)mQjhL|DvYY6Ow zIZX|C!o8r?-j?05+!^VMOuC{9o9uLmmrrpFXH6uY^Ke8mqF~D%b?}5SUB*TPv^kK0 zu^lP{H(X#XrphN&ClXJNX>rOx0mCxNTIRmLE0gUN?4}S^Xb#lbBcRc@;7Our~Yd5613vOPJn%Ay7dCztKcm9gte za$RNJ@tw4|n&sU+DlQi5Agkp+kr0Pp-Ip(NvJ>j2YE+p$GnD^TY#BcA%>Ap_qC9(n z0I2QuJ15$eqYCbUADGBtZaD~paYz+X!KMhbg0!m3?5eYQwI{+nVdVDJBR@gRgv;cI zXS&D`^Cc`2v?FgcBj|{xE5_1xXYfkex`0~nd)jGKi*f(3?(3L&E^^NmhoQVRiImU;s-0M|u9@KcBg+NM z_1D%y7dJSOneD>=A3(dxVNqpHn)H7FdFEG2OBu~BCaPVhjez0p_%5TD2`Lg)BmFYA zPudz^crsL9q-4MQ_-+A}k*Ux?g}Z~?q>=Q%Hbzisw{Ih0gD=sQN{od>qH0*ox~_PQ zUmV-!P+&TR_9c-_88#ql%8)y{wcj9JYxbs=h=F#3w-)<&g4{qvU_@K~G<@dED8aY< zcR~-Ik>Gj|Tfr(=OAQ)F;vq;;m>JcS{(+IkC@RH|@h0{`lo44fPd6$oNUW;vm5vy_ zXw4Wzr8#@W>D8$@^xt+@L37!dgzi}CIDoW%l=yBxxz7SE1 zt+EEMQrt6byW-Uko1d$CTJA0 zpf`gp#y-%`CT`Q%zXzSUbh z`JMRWba@QU%4g=C?^24%&QyRsk&toYHEsS|Iknb44XSgprM_u=srnp3dN)Qw6WS&gnYD;sNNonkj8#F8B2>(|bi`o0+^^^gS5f zH{(JlMC_Sh6{AjqH5of$^RwC0V}euI`8@Kx<*n-#MY4}EZ{4IP&+bGeElCvzh6G9C zY}7GMLA13FYqFHf99Vo5Kp zi4cnaD!v}HWAUd=vq8JB1TZSSMVof!J7(B@|B}1bo$pvumxoqaO=x}c&=}V^Wcbcb zL5~^}a|_6DuBYJ<^Yd>SQ4tZmNs`q7$wn`wRDnfVw8hgk@}?WVX{QWg;)kJp@-C^B zBq^Mxll^y`&;)PoQK&c)d;*bUQD+8tP=?KotaeV%iYm>d*0i44HQyF(#bZ?&NqlLx~7G;I02wyq=R`pE0!BWX7iM0?K{s-Myt6J#+>nrQqrD z-tCTjqCMrd+RbG4`<|xk1;CAqL<=n|0-}gmrdWwPO>jwh8RY2C7C5mZr5+4Ft=N2a zgIL$0wzqM{k%lh^wy|Xx46yz>`qUzrAAkQN-^nD+Z6$EGffV#^U8PNklpeyU zAdfnTZa+B8YQ$MMSlf)ec(@!Y zHdflt4mz{lHdGmQF1Uyi^H^M`bHzE>pqM~M0?*7A51IlPrysl7gASp4HK?vqBC}yq zpJmbM>R~bfZ*>!2N*IqfNttu8^@!~sfOB64^HT&ZO=Ss>vQ9ybF_(n1 zfS*f3{bEb=(=_cr0LvFY_3SO#B!2l-vCpUb#+GEN#ZG8_%uu7SkkAnaNe$At6Ro8j zG<;A2mhYu4r#H`--WrWpCw!w*<-vvPIK#!DlWy)B_FQe$*)8_|El;_x_?ixRL7dE^ zBLL>5i(dOffjvqmMhy0x$y^N?S-L?H{Uqea6kGcfaXGDhcS|0~)sx<6^fznjJNvig z{{WV&RT2`sUJLf9>;5V1c0U=_|H(bV5(l<+kG37j0ylElb2=uQ2`l zxrO2KK%Z;xKz)E1yJF$Ud!TV~zL%mhe!f=Of^$-#{aJ6PX6P|HqaO^EnEH&(5f6s$ z-u0m(qo^21-smK#o+xbM2*%l@8+CXQaHWMwB&E?z1(|J&ybY~b>&7O-QL?$l`$S75i z9hQ_AB$|NI-o@$p>PEQKUASxyu77p~dcCPtDB;1r+G7fr(z^Kuqnu4**@FoKCgpNR~=`>l)vFDk?NkaR3rk4Q?$ z_t`dv*bMd$6q2pCD$8BLk876}o(kN+w9m(!_&~Q-TbbP6gNxQIA1v3iGMfb46lRtBX}mmBQkfqq|-;T4DJ~Wk%U&Ju|+Z2l1vDmV5jMk+%YFlNsMrPv1J@ z?GPN~$x$6E*kXt|+wzA#Z$N0$bsgxxl+ms~9_C_mM1E>x(h8)2y;u0Gq+821%c}y( z&!CXEe)HYM`#gC=5`*E09)3bo^vF!JF*F4?%R@sG!$^4lQJB+}-`R{4n@ogI44-T7 zNZlh*49afH77&aS$EO-{psbU|?d(;g;Jm1DTXyd&tVb@_e>d4k<$j_D+GW>dgI61KsRwS@?6oq%sDoXgRo+{t`Mty@tnI~42Tar-JE)}IG#Xn-&#DCBkXe3F!!VKZt(G5k zM)D($7N~G~LQ!&@h}LO;#8brT8TelqU#h@bT;3h~o%9-f27)-)IFxS{T)dA233w9t zSmvlFqnLZV2#!pCd)vLw)FCjnFrN6Z@o}7|*lbz=Ap#~hQmNRien#p24FV#rsTnLz z7Axc2E3W+9oZhS))CNAcQbxyZdxZlQI~ACPOj21s!a9sj|Cm0yz>%)32XKzDq{(~9o5+8)+7 z|CUl%S?b+6bD1v%s$l;mYO~y`PiGx@C&XP`#VQg8z_k1a@C~)0bhA*rTI7PYWv=+^ z4qQTW)cgoU9MwmuTm>Wdf%{mQ(U)2>xUO5=E zU8nxm%xJk+$0V{#Wx4z`eFh9q+&1R;>lu^l(wT5fmF=EXE~Xd!0{}IDs4yx0>LqS3 zy?Q|C+JJ_)qCk@$?laAPm!c_;{bd;7K?YD|l$4kEPFi0nqxkTeokOI}CBNTCI*~!l z;wPU9DW_|~va!k-Cl3s(5B8~{Jkr*zTxy@ZkI7@(Dm=hf99%~#Yi0{*ig9Iysbk_J zFy5g?4IQD>ejT4JIHGo4(U?`g|I_U*d}oVM^?W|exqCxvRNG!X4xYOA?(u>2Oa?dy zzWbJLf|Zule}#VW1u6x#Zvr7^eQZbX{abV1R8R$QNB3L;@Rr8=yr>0MdcBIgr$-Xl zFiJ*r;N{R8gElePq?f2D>Ez4j+?YSWs%g%2|oW>|J>eE}z;b(Ji{ovI5wsSoz zpTsLmJ=K$n3ZiiPAUklf2F!wdhwHSyy}pXe2h)PvK1WGr0k8^axyz&`?0fx&m;xnO z-S>vG0-(T1b|{q4OcENUzmJAodm}*JpE$M@x7oE4-0?*hWS4-I_38x{xb=v6p<*L4 zf4@B6qx~G-`6>7t^?kVx^JZYnj*|epUO0&b|NLojQ@CIOh*iWs1|?cL*BZHz$-k}u z$tYp2&;0&O*4`6&Gl0%gc050#oxfZyt!_k1?c&k4&2scfAU$nkUr0PIonl4>%^H6VM6H=vW?T0lD_bkSzjjVq_u_UCDm8* zr(bJ7%gdd{amA8+%bc!bGId6UQ^7n6q!sQlwyAMuBpI^rd72Buft(@u^@d~XR_iA{ zmdl+Muvh`wUv)B3iAx-KvPv^a)uZww(Ha#qvixTV^e#-Tybp{#9&BiKo7HlN@y$gd z5S%lnIA=sIo;ig*WfTFj&JYZLK06tt5d`3uX{;Zzj#*51grIXDbA1SQ=|@k1()Ei< z&v|cZar)mKN_Z?5=_l#mCerkD@@IJ^O4`h-(!mfjqXRsQmwI|!)MlRX(O4_4Tq%Z1 zm36B0nkq6IJcjJZVTgdHSV+vd8}ah*?|(Xs(8GbLv+Hb5yhToiHO-Nz?0ku^cgR^( zH;!=g0ORliq``=O7MS~Dk$7Vl3;Uo`jt9R_^tE+2Z(dJDpP}I9_r=Pdq5#3Feh6E^ zplLh)gSU}ux&TEhnWdrEPh|n;!)^VAu*MEB8fp#s?z1GD+YP{hOE2M_^uC}XjiI*a zfhF91pfIYRXSyW9YmVwwxg|_DLE_w$zBuKGBLySQ-Kx~g9h;NUXarpqP5xJ8@{4#v z-e1vKZL?dKaWAqqm_|l@G{(T`q3-BtG4$XmPlPd|8xJ=o)B$BqBazfFGO{TmoYcZt zMD+)vbr4x^RUqw;AGf(P0HQA@E4Bn!=NxPv;Mw)|#VMFJ4F}NS`E|xd4CM*@*o!V&k+^=ot^S9mAe?a;zy#f8Hcyn9D;s-GFy!b(!^bxl5E_9U6{9_A@PI_eXwtj0gLBRBNzMg?qs%Ha4xS z>@RErSq6>+8-@79F517WUEI`)OeeOe>An^72|oc8Zw z#0bPkHi`t|MCnTKdt6RbV2>v-RW*8MWy{QF4BAJFC>Yr*=hdN0U9XR29Kb^TON}_w zJl&9?U*i$Jzjdr*hcxV*0)tF= z|LjS<#UpfgL}8RPKHK_!MS8epG=84Qw&&v}vjU#l4Dr33)#8FgC>8^N7_S|Y=}21* zisa<^?$y$EadBVx3N1p%t@TZXkWy8LZu~yfp*`JU{-_t+qI}n?ahYIhV)GB6!-dk9 z%+kOhR?vx@);dxv6?1G!j`kNIUtmsPS}H;saps+bqg^7Qow?cIb7m`qo@?^) z@6yZrLkE^^;GMD9d%ctj`h4jLJQ|R(bd@y%K;EJr2UFIHf6G1g*Gd zt|K!a{4<-4v3rqXvt#OGG}Id%2UH@G`=-um+KMSJcXJ5R=rI|5_~&}sTaUjPak(us z=eIRO`hKg2E4daG2EE>Y;^BC16m>Hdr45}myCFc}+4$;NU-(x+@A4XtX1vInTG7r; z<`FWoJLkbAG`_E8kknU!x3o9&^UWp9Wh^y?e`^MwxA-U9%Eio8l(h>^=hJH0*V-T; zing{k9+#>6ldhLsuY3g!Rx_T+kRez+pErJs-WP6bsv2)dBRn7ZEK_bhmMhEJ_QcMD z?4i!c(=GGQ*F7=tX!yu>T=_|m(}Nl`$f)CTZe4zO(=hC_&PE^TYnFk2bF{{^NReiX zt>003ZAtN<89Sltd#SL7_@NJE>+S~6X$v%M=RW+$1jOcd)QJi}^-?FKj$1-ES(!~? zUssX$EYIhTupsERh@AF~I?I?>H+!#;fb+4e>>w(Jh<&WL{iPGkh-`BiB(&_kj0|WX z>3l`35%tPfnjso&-*pqqA+~P#Noc<^V7L5Ut0Mvc?1cAwF8>!`iH$ z0VzfF{Li-d`ucDAaqa3M_uETFE~^&1*6U?%ETV4w5Mu_t>2Ad!Dh!Heu@&7?F{8Ev zo&LV0T(dg<;!?%MeC8v*sthaf=(9|dx3q7)N9{S9iY3oy_V9C;8`7uRVCJGK8y@d4 zftT)eP(DN79cQD7KC-K|pJP9**au;)5CUp+=xO5sRHcCv1l4Hb}Gjqf> zZxkwF?_gedj%;9iOsx=8i(c?_0Fv2K&50oOL0pnOa+9`Sz8j6#tw>$>wrz0yWlS~fPtApUqEW`g(P=E&{QeRHbvl+d!a<^QrS=ich7KB zd%)Ox*iCs0>iq6H-)V^jI&n6xWU-8P1n5_bOVwQk+|^RnLJ8`pyW-L`)TlU-!jWjW z3u=b>dI0RGOdXC0L4GH|^pA7uNnLVKM4Qd+z33&d2up77O`@nSA=!fWtZR~=^g>$T z0e@uECKCH)!a|L%&9BNgT(ZzfT~zDkNaou5&vy)?->E%3n^ybzJO6@2=Z6{CjFvs zkfipB5fEnUWDjjG%xsPaZDdQzTyd*K_VdKFliZucM==VwYLVh76=1V7I_2dbPpGnx z0+Q-IY&QWgJm%{kEbMb>8{Qp~Ke875y`wURwJS}c|JVWfwY9vLlT~@3>%X=?eHX}y z_83zai;LH9Vgw%(3))!6#(+DYd%7 z?XF3y^8Jfo&I}#P!2Ey%)^2Oo?dCD{uOq8^XE=^hJ$3c35_cFf9X!j`XLKmY9t764 zXf)j~t!VdtH;)_Qh(q>HK7iNfxb~gCy}7`Z5I;sZ5r|O#K3#BifOH7@Kn|aSWv2C4 zzY=3%xBxd-7}!kKF2P>t=dW`+=`9NgVR9&no&YhFa61nGg!BKgYJrCdJ8HDNuOhik zUMFN?BE_L%>zBW3CD#u7vbb0EeX}m&vn>PotUKR9W7sD2C&LvBv7*<#Vl)WH+2->6 zqPvi54GAS9Q@lwX%gd9dyvf=>iaN0FvNPN*2itRo`1%2)1|AMzx0 z)xWV+x`{1QsS83O8u{T6WsyAflZ|3HQm^-ZXO!|u)rlw{Y_V+PeX*nmAq{uqEnHR& zRkyTXcMSjZ12RfW0*mtXz6!X%W13!|Wv)(KxL)`YRU4j|?$Zy0*M0Btp2@XYUB)7e zbG!j=eE#$8%-gd!-r5?k%ec^$pLT@5f+ptvkZ1y3I^x++fnUotIVs)+6*sx}uhk7Wk>V{d`B>1BtB2sOR8nj$tl!X;a)VEgVCpJSm?BkVO)A8d6KPxU4FEME+IBUDRPgdkN zZwH;ZANE@(QBaoIK-%lDX}s0SgfH#B+DK*0?_=P~dK z5-SSZZ>&LOsD&O%t*WIK8DwGviC+by%10s>bD~P79hA9a)S6I2Oux3xh$PmCHHZG_LcuzCqAO1EZso!9+i6MsfPH`-} zppc$_FM&lpxZyq_ih7XZqbL#8+$D9;Urc>V>}DTDgKWQZ{0=vin;ZxA`JSlBmD)i2 zJ_@pG+ylkx87diw>F8;Ib!DFKy;;UhuPmG}TvXL<5<8KLVd0e5jPa6;AZ&8738{30$om6UsR~F%Us#L((VP~Ak)f^$Qh@=-B~+RKs*7Zyss(rS>UC}FoC6X z@bU;#D|B%+D5f(#h*zIJ$WkZ~=NZ|Hc-#w#<3U!%Mo0!pAaq8CT6jvD>lfr%r(+wk zPInCrsd^Ua-N(D#du#;=7KKt7QWna5Sn26YuyJE(aV-gK*+k^X4Xxc>axootdl;G= z);pp=(so>l6l0hhBcraHGxMrzmm9?&2gmr64AAJ;I*MS-%M(X}4>n8&D~9b&3upcM zk0Z0)++}42GVUBivIJG-9|u8PMOTuRA|6Z%~UvrpI#=l-9M&Gv2a%`(=7Rc?i^D-#7ffs;w zT?KE&g*X6tp@6R2{7=s*vA=DSM|bV!UPNaWuwghBE|+#)J<)pe5z3Wwtt9>^<1J{( zZmcxRqV4THpqt{eqCSc>3xm1Nb6Dxu;Nn^^i$Qgw_{rXDoFGK3gpW^*99xWp~KzZ-CbAW4!cdKIPcZzkgHJ_(<)lrv{z&uJ}R8ucJxRA+R$;$_hgX> zzfeVi3HL+ljZsTGvox>5hMoYI)hwI-*DrKQ*2^25o>u-KO2yb>FL@szj3UjI1$GE4 zf>m0k)ch#Z1cs5{WGG8i_QZ2t2;tZhBgWz;g21SY0O>#Y24}Z|+?Wi@o;rTYrujbK z{d<+4z)QmGH-{ud?el(9am%_m2O0R>G^k` zf#$F0tOhc@oMRbTF2Z>aTVwBO8f9#;DmO)hGPXYBP8QFfWXqE44X3I*DUlsY_z@H% z1_9!L2f3zWIM)YdZS|FGiI(QsjSCyo*JVdx`G$Ll@5jemP|hF8Qhg0!lzA&(c&;yz zT)t&(+oR+r^a_ZL=lnx-`N!gHI|6^d_FJb0aeE`?+CQ%ZdmEf)zaID1IZMBe(dj&* zg$JG9pS0he3ZXWEEY?`oUPE(%T%wXAxV)NNkze?l!EeyNRZqP-CiA$o)znroI|1)n zOIWh6nvx73YB$z;ubZ!JiJLI#A26x`x^C5yFG1asBgBlLkAPh) zBmt_{i9mokUJDW4Ep5#zoFj5*E*{PW`r4L1?IXzb9?g`L&fl%Ouffxh|FNm&s#nD; z;$x~AynAhpguz5a=JF4nIKAUCK02N0Ls0Y?T*{`fBx<+KLmQfVKrz=7QtQ_iH4lcK zomtlgd-Zv^Tx^;*KH}6XbAw)(02e`a<}0e-Q)3V!@(?BW3sOTb4ppX{05t5CK$}z; z9vdCi>6x=XeC_vg-|^?DA)PFy_zV}P)3famH%u)2eU}7nFRORsFU4SKU||jYb%Wdv z&fj>{v#uDbvP5`sjI7f(UTN(Tl&aJtIzE%Ow)t(pvUJZmKD^)tvdo9I2T5i=IvO;U zVdShm^ctsIjZR$7W$AaTC?fa1n;AY{jEl&<0ZV(GP}}zJi{~AFOf{F`R=_gOXgLG$wTi=_q7U1T?|p@ zWk6tp0p=km(HxQBaahr3Px(r6oKI)Gv*r^HuD^A0;;KhAGq;=8HiDkrFpii^gam@+ zj(s)H+Ns-16*MKCR;1v!Q0=??iddrf(z;)0S^A%uvJdsQW@F_W`K zAj@gZYQd#Mq)zoNn2`(#Y}W5x{(2CQ6(LFGLZJs)`Rm|49(-_2Mw$C4SAiFazeIsl z(7^ZGr^#+12&~mSStlNodegzuzpx!(u!20>bmSq0=vnK#xOlCcnLG^Ge6O@KD`MH! z*pYVH80=vI3-T=Kuj7wSMc&KH*U*+0M{Qf6wW5pPLk`(MJN)Upr_(Zl`5o=ke2A5j z&=CuU26gcOt%2spiIsYi?d&-B7bEX0@`zQ?Y~y9TgGM78aAK;>BUAFL*UGh&dxnXW zD?>gCi!orCq1q=|lTwCEm=jO6R@r0sa*gitP#%8WIUImrO_#6NMmP-2AAg6+JRFzUKal4PrXEbUVOwWEmroL79 zEvz?A)*OT%_(96H(b7@MAg9p@Mq9U>H#6_ZyUbo?u1PkxK?#7}E7ElVte;_h>hWVA zD8iyx>mLF(mbO1qKD}}MS*=moWf%fygmCL|t!jA3>(j7bH>(?T3XOkcPaoM=*Un~2 zA<;Nc#YM|96q@VNnO_}Es0NQ!v}!{jP~8pB2KQBj(C6X24DNLwpXV^n7As{V+);Kz zdzE_7S3zzKXGLgwV5u!OeTYSA49bHRSABC0$8GoGH(^C zYaPQS_sy08|L~FiyP=nJys26;#(n_3G92&_we%J@79FFWHg(LDjW6Z-$x+q&Y_sLa zB;n+wJ&oEa$7KY#;u|B*F!|Kxhb{J^v(7KizfYa6*@i&&L|!W_jhG+kyG%`;N!=bz z-wMA!bY?2*O!n5w^sXr+2WfvCB+w)xLL-w$7b0*aMrp7i(T>aT5kh1b(Zp}XU(%Xy z8Xs7hrq7Dr>^qGmEGH>6g|mS5&FM2n7Z{xnWl_;S^_VzI(n#?#CJH<0cLdzAc=)`C zO!ODFx$=d%%%q@U-q5;`=rMPM-VQ&*y1pcR5$jOl{=sb~mPs2bD^I{egm`AI7nySG z_$HU1x${BS4*%#I|5cC)H%;6X_A|Wj%I+w;W#;>sQxv%{Jo`k)nC1>&@_MDSEh?zK zz#u-=JZGvE(URa<-QAMc*dJ}_|>fhj|Y(Nt@&_z zC+{pY^%T%g;OU7=l(Xkfkm{w7l0s?YTjgJ*c-R&?af8`Rk59f|1o-#$B+x1-s3bwt z1A?s(+)qaauYcc#+@jY}Yo7}bp!Xpr!ydtJNBWNc#_NvFm86m0_l0b*+|3hjL6)qW`(kty1KskPEpGtg&aZQ1u)r4qjrj!!!T3%?s0 zc&YiMoc=0EYQvtw*%h%cGT``R+H;wM5X|h{yMkHgo>qH4<2w8JL%Ph4I;vVRr^~726Qd{#EGP&phT1WM>eZ-v$kDl! zc0tol30t0YT3X|!e4&Wvikisu+;}RB7Gt>v0cv~-<4_eDNob+K#M*2Aj0Hbp8$CGQ z+nDT_UX7ww=bUoqDEsj~t-WmJy=?YOVGt_yOC3_wu!;%!L8eA`ys(lUy?mk`8tOU3 z(7;GQ*VG3VmJZ6OS#AEDxJEP7SaSBH%`C$}zDsOQlW%|pKS}y-wP_vZWijyxjg?JN z9Ha;>qo{xl>{aH?x+wSyv0^P9Y1jb@Kf%6*^@a^fqx&>xFDz(;*>5w6FWeH3<;yrO zFI$sqYO`CMnDV~9kB1nzI;PZGvN<29Hdj>4(VpFQGy#VidE_Q2#&&769hMHMB<#4OM=~J!>I$|UQxQC zerlx`EXK^*qW&d__o?)xPI#eM++BYLQGOe-TZr|(;*Ajg!C+IL^%FLiI^MnH)g;*VCiq+W)zZ}_Y(3acF(tcBH2h{{`;tjp-N}{ zm9g9?K8kmmFyKQ=VAcNOjLoADrKe-#Pyc!tD64JdDDPy`>bm0gvms96QM5B3wmz$N zxy4QfA_Dc2l1@jJRZvAl3^msqS=~H=jvj=#KEdPVqvF(qVHP+S=%i(Sk_hOlFro{T zq0%Wn%*(9XG}QMH?ww4hgadzu-8{k1NN(~2a5mA{1T>PUL>UkHFV$jFJ|>ozWGNDH zyq9XX?x0BLQo$?3brRK7u2vRx_TIk97Yvd}t3TkVXrl$EgPx|wI!6LlkOfVRQ@o7t zgJe3GbmbIyCgq$taR)83HRAw|gW^++C?*wHFCbY=#NxFaZBAc3Z}W(@gO;ifrFEFq&UaRK%QP4YJNr(g@l zq2?NbR9;1XN-xaK?+;KHoU)Se`~q7J(^(%Np1O!$PF3fqVToSv9{MbmMV!(umy!G% z&t?tyIyDj^;8CT^L8^Y3SMsw_)q{BMt&fdmir;UMEIz;%`9iN({z~`eZ^&bQ&U#Lu z0eD$OlBL$R&;LPh)lKZgQX;9f9w=%Jcb*=UD|z`X4N@~_TJ9NRL2z#@0N9+xBtkvK zYaIVxOX?EOX@Av83G5>n-+kh zJJM5b2V43AR`MCBxfS;uUJiiy6n2dZ`L%PD=^m4_VV&>gZZG%Q4Su-{Ty=iWVtoD1 z(`CxNuMcwbmjBgdn^Wb36?li&w?bFC@t!F8W78&icg^vFB~fmUN(v!=z^6-mz9_iK zn@Tx}SyHXG3(r1ByVJW9kXy|;>}5m$SC$=WF{r&oDFxmvM;l0FBY16E5ryb_lhr8V zLotj#mxmER*NN$OUSm%YKk^O9>1ooss0LL`-zfZ}(5OPFNKz@0t59ood;K)g(%@*9 z;F!?Mz!zb&Yh;9jkTe#1z;=;)(f4J9q)J0z=YX?w*fLkrjnWDiJE4=X61jY0Q=y!dH!QRoO9yNXBf> ziwHoMJwn(<5&&f-A#e1>ey?>Krvf?K?yO+cX%g#FF_?Ecvc23gX^K1hEc(Dx8N9Ch zX#e%)hFt|)Ja&g2m8+wgCub0#ucWEZ;(}!pWe575e#MX@Srm! zr5n1O^@PxSh=z+>Flhar^D6uY5Hz-sHCjhuN$B6yc1ihC zlhnKP=DJB0-bUn^pH7cKBJPTFXi25|{UV}o5gQwjKVDhZbXyGsm$9+Wh%3(sLvOk6 z{2RXb3ytkC;l>rDC6q3JM0`3VI|i2_eM4p+zR9iHyKk90D>rxHiy;*(v)%JEM(g)+ zLd((0*CV|1ZAE)pRvQ#a6_x6YIsI>3m;GRlSAlaPi6Cc%xjz8|4^)b8IjZ#%oDorW(y zv9c0xE2Em3E4)LYjbX|mFjVB6i630jIpNfS!710oW?1{w@4J8GH2$m-U)p1%(+6FM zwSR(p3ibi62us~wU5>u6f0NpA;U?J=6d!KoL#QJXRjftng@YZq{OSah1Grt8vDLZe<9EQ?l{Tw?*OuLu!!Z@XwKTH$yJ?mScI*2W$c5@g@M>m6QAjs^T;Bf8(0)J{ zdK@SB>U8vB&!|1H|1^+PKr~@fdlj3}~2Xe?{#hWQAzM=~t-|oy==iMuv^Nq(98Ob&G0~ z(6Q>QJ_}Y0n4XnTGS6Z({T#CKGeIkB*Ly~^PB+#aY_Wi@lowYpXw3Q1)3!W}QGB23 zpwRC(D`oFXn&V~rAo=s9%Ui31r0fko650Kj8OI2!E(6`qkD9i8(&+>7bmKBEb(n|#(06rJYeR<-083W>bMg#d;$D($w#%9?KSom|&WhaBn+=Q&TS6iwNUHWA-bvoxTfYX} zf2{tAZ|YP=3sj<7N6+(J%SP`o?v6_xuC6f`!_Gi|k*Zc?L$r})2%TG$5b+1XC^ypb zSA0N|Wj???%dkjg(~Juj6YHAQk#pvDH;aQ$$=MvmSF0>BjeSYrFYnEWO?U(tP8y=tR8@$muzWqGq~yI)_@DtOl+dKUpzKhtzFdrxBiS_Z2DC zJ2mFb{qn7+Kai=fHWEKO8k990)OmVAtxru`ba z8Wq#F4%$S3w^Nuzm)hYOHK2?pufhW^=4T0ZT=So?ylU(vJ%2wI??26mWlH^Dv#oD` z9RCA2#4%~lc*J)Z;`5L?r&zE4%W|c7XV5Pag!dos@PhFQ{BOxK*zVW!6zC4uxARWS zdJ^p9-u3gGRW$(mXH`e2>`)Hig5W?DZLJKLdZB4CRKt@ms#?t$$BarWNG6DyQPKzi z2m)}?*8f*C1ySm)170--JE-j=3QKyVg1eInIED%0;o3Q>mR4W@ngB6vD1d7XHjK{% zEU=e@r73flbpQZ z`)B%s`tS9ByH3bt);s%kS6s*}IaZqa3SO~r@<9ce9QvQb|8r*kKV1ZB(Sx*{9pzft zp&eVm{`VTp2L;pnVAj%DwekZ!bRiTX+UOi$)A9~x3Y-ErT}{T8vh5#0wXaXwrT0@K((8Q0us5t2^pg&$GX9yh?0cyy)6QNAV%GK&dPy^e< zwF*@#^86G%o?@e7hZfTc%=6{~ZbXEA$4iwytpE52;Fvul{Xu})KMWVhAFSN?Q`_+$ zfT1-c>3a4VL{9vA&WLZwW_zZmZYj80*+tyFIg=*`dU5&>pqu6>t=k#*PqS&{%H~YEsjN6tlSV^2RCUQJ*qhSZ~5}6u_PUAUvNv&lz+a!CNYVf`-ewz)CwfNCmEk z=kTrXJuZ)b;;Yt7Wikr!@4P+u!I47!Z`V{qzrNn8m--b1vcl~A`@`*M`c#`JL@ zS;kZ=7p4AfpON49-x(A5Zhubq=CYS6WTDAdx~~HJVS;G?`DOn(Xa5J528zPQl?Qzo zE~);M8)+5hAsVJ3?(1I~#Q%yM_-_(-#qyuzL!?~?F!Do0E?YEz!&rI`rlxe-%^Nyu z{~o&(flfNP?k9sOu3~rXuUZsu_&h|^f&lwT|7!`n&oICLje&dr!_Bh)*YlgY9<5Y= zO-BC4AlBKXXVK`MCqO?N$5-5HI+)iF|0T`N{OpC+m*Y`(?WZeaN$y@4t%ZwSJE1o&Mh$(fbVa z{2!;5v-^mMn>!VX9d34BCY~@Z0?(7ayH^xiaZGOz3$Pz*lX(+*_c@A$kMD7CF4=GK zdGtb#oW1Q<7JQAQkP>MvCY9eTeyM&-PC`;&)zm!-!=x$vWmx&RzxDnd|0e!l-l&+d z|Ddpy9P@ql#oT!?M%w35NkUSammiyse3gIWC)~())J&W_2WOzKXEK1Ko2IC2i?*Eo zmqw2Rol$Ws7+ZCot`$jXB1B} zvTn1vIJDNH`nMV$OZxq|D!w&ru>3UbXN#@upLspfhgcK7LraqgY5a6I_tWP=c=&qp z@~!Ug!nas556|&WY}yl#W@q=~zdjpDZh4+3Ysmihf6Bj>o;&1?IsTBBMdF;VR9b9k zd#Z7n7YmFI)gCu=28C=w?yxj^!W%{9AHY_BV)0!jw@fljj$^8l;}rHBOttmE@~a>z zZAiVH)5}mZO26aOG`GyT>d~Lm$>wF>u;0X8oGjDc8zHBqb=ePTHpKj7_&JyX@@P`w zQneMIXW<|Ra9J&H{C4XN6j;Dkt8Oq|u_8cTFya_U(N|H2wncisI~b9(5jI~l43Lb? z3`T?n^$4NHMhIOVm_Ray7sohtPLJrI15<)Ff3b+AM5!bKemD+@%b$oJF5WNiF@%X) zud(KZ}}YlOzts*|U=O|8H< zSo@&mC&zM{W8)YG>aJO3b8jCPpsO?QlUCjkkPX*QM)uAuPS@z~g-wK63u?}2>-mVp zVErO2A6*j1@Y={5R+lQ!=ar_;SGbhhpp6V&n7M|>juuO-+S(0 zCYP0*h{@qh)s_F~DovjfIQHIt40uBqw6uqT(&SXYp3uL$MlwB6n%zagt0JpJhFBpN zqKylye9{_bNI9q~``x$A+n-uQ;*wmkMDb@@_!s=FbsH9*#K;ww_x0Aqv}JR)?K~tV zt>e1r6@ht4UcXt({iP;THJLY4CH)r`rM73CiN)D>0GBq zEawgUMXYA-y$bzr)(y7>f*1B7ZxDK85EpaWs7 z$dpZ;B8$Xf!{Fd^MS}gZ9fp#^N#;v^Ir?y#) z-#g#A=X2sXSawlxkn~D8zS7kejjRkHIc(K6Q|m<)^!iKl%04~xF5uN*6fbqhRSqqd zNOw;mobD$%2vzMqtv4Hi^d)1l@+wJsC)3j$c`y5fM=B>r-jFyh&Ix2|M$Uck9463R z@!C>a=cFX1?#3cGEcg$33-f*rGZnec8~=km*2FXo=W9mND|esPR6HWu9j0NtWBE=~Z^vQb5Bj5~OkrpOn(o-hwbzeHZ~wroy?t5Q5$T4yTly76056)!M+BqiT zhmIXn=8U3IYYk0nK&`|?-k**lxAksfYM)0GvZWp)!evq^CPFQ-0zs-Vty`GK#e^0& zEp>oW(0IefCxR0-Ii?c;#${xc7luDs`Eu^vMa~u1GeyMr=gHXl}FbHxD4mDZ3z1W-39&I-WwevW{Kfm z1kyCk0_~9LnZ)RCa4llAwJXx7AY{|?ngz*WG{Ri&D7*1H{HeeQxJ=!vxParhkh0)` z7)r0E2h&*m@T~WWHV$TO)JBrjqW3f#pYN)Be-9YQ&>tN!w@oU z(+&mMaW`SX5($AqE`C;?s1Ngy<>?QKv|1SYmj2~)y3Tp1j8!VDLWyW<3t2jEV(q=4 z^x}HpGFY&eobVG5tGyCzAkI&iu`n9{a>Ebd?3J$WTNj6-0sS8O_Fb~Yl_;pQg5Fnu z^>hlb2Ybo+EkDlsj~wRT+Wk5} z7$-gb5A@;+_~omV1Np3UYi$!bRlgXNZUfWbj+6`2HQ1d!oP6)tKv`5EM#W;lu=Sz? zzSxFT3@()T@fjw8DPfb4;<8c4CKqq32?59=ywmAKe&<4g3h)W10`81peyyTylCU5C z$)IdGHG9-!vZT7dzN^OIgdE*cTpH6x4zo9r&~2}hH#*M49XzzEyrN)P0qlt#P6;8` zE(ZxjU7JIS6lgGEmlboOix*{@oHLLk=E}V=gx2JA_glyQf_i@qlSaT`;?5<{N40RI zrhjzO$$W=kdEUl2`NQ{Ik=@+w;(Xhd11YTcx0zSRba)w#UD?>1spCRTrn^DSw&VE> z$j>RWr|WPOrsn1gZ?{*D7pm>*Qt66jLrQbJ+?cx(8C{G=NmDXq8Yh}S_%JuoPGBt& zeL!j^LSW$x7CSD2qUhh{nP4|g#_L;L_tzEG4Q{FDFqmheIj09YNQj7YU`%7RcgZzK z8c}+_^k;tYj&Nk`4LxLUp*$B$m%|6-Ff9(;O!Tdm5)fmWzsoxkddtcx7mt_EeHNIj z*QS4+!^o*|0tE`h_-4{(o<`~!vZ~d58jzoD8JP_cO7`4>FpS?RNVE`?-GkIp&zT+% z?Gd=6&0^13R_WvTJ|ygy68@lY{gwGh#3PC%Zxn#1(CBYX)vbpF$tTCS1qN)3U)O@#D(t7FYENBieqGNO*J zWn&k;%ORIJiF~EN?C8P69770P$%Y# z<>Lpd9J;kA@&ucBH-gWdvsW?a!uTxt+Rn(mWF-DkrbVL5ZQ|}?)Xnv85U+?01N5lQ zN(;FZ-IupF&YuGB=t$KbnR0ja^%OCg-<7`fnOemjgG+lAf#8oX#n6u{+zK(@=wWODMhVo|8s(@dYPuc=G;&aPb}jp`Ntdz$WRW}Bw7?t8hJj)C0ez=|NLo%|Km zP)l1BTme$pLu1dMsZ=NmYlZE}AYQmq$!yWj&N-BF?ZiJ>tgC(MgT?u9tQG3XW@!Zo)Xj^ypNsFTK zf~fvVR#qvkXnq#r{Ro%apMY@w*uM1IdV)Us0Ux|I?Qi^QVW*i|0lnq*4s~mBruFSE zve6LS-7Po-4;FOe65NB!MuGQApo!`DDN4AzltaHcl>%Uqs;0(9j-XJR-!zB;=qZq2%~)r-u#z3l-3Zg9%Foz+=H7V8K0f z1LQD1kzjW4%M^Z3aPSC-NXRItXy_O)gu17{G=%_g4F|vSV-8E>|)3` z%7!RZU|bHrxLj0f@v2TdmGK`moJNlRXz2I^ghbD1>F604nYdnZ^YHTVOT3bll9rJL zsj8`KXliNe7@L@ynOj&|IXSzyy1jFM9}pN6916zKN`GwWB^^MJ~?e9Cg$0w&}KhG~NudaW|^-In_ z(%%I8KjgxK$pw#yh=7RlOD;HgH&{l%LPVluN5&RYMll5AP;vO7;)=)RR&}CLbE^En zGjbe9$EV?1r9J*7+HaEmdxH7@k0krMV1LTB06ao~gLNJP79avZe`E)rl`BfZv;0CI<<%8f^Kz^Wb%rlKw~L|LI1@$0*&}&x65CgxSZf$iC}metfSiMKY%gn_dRD z;vm}2OpLweRrWI3C}~{!1AwaG_W%f+-#-8%m*f9@J5zREEiVNPkwk-7kl^fE8rQOq zZJ}kHC~!E4(X5|}6p$@fo{F>xCH@y8@l-ihqaK<@eTXL{S&s*g&Ez-KaRyOoNGtnx z?TU1fNBv2I`d_Jq^Q}aP?1vYRIb)9S=y@*;roPrY!3DR(1;3B;M;7aqo~&&BlM3g* zqM~fi3rXe_ev{3#k%dBj=beN-r+{GBo*K4Pn>F7n+|YUZ{rsm->fP%8>O9c{@FU2A z{B+Cb==1@IBLBx5i#vZ6_tp=UBS~X=k=~h>l93(#uh05i@7njb32#4xf964_@69hl zYC=rR9)K@+IX+{l4?z3aJ(tfv+`MdjmWYVI=;ed%^(XHL|BCl(hTmDsohSS!X8!5M zeq0(-dOLRX#Po50#{&?^EcyUsb3On**|!$|d~59;{<|qLxJse?OH;br@-TP8&@H4>+$@SYYw&O-Jgs%!W&(5?U#_9+C zZ3N>3@W$X;Bala@l+Cn0lGOJA-Q9LEx-Gl17}glxr@uP;=kxYKV6H-+XZ>bWjuKFG+#iYBhlXx+f89j5_@)TFR?m@)cF694N7KMmoWg1RMrO!dr zNnHs<226?+P2{=%bdlxmL1-B5tP1w_e6n_bB;+ymG#$r<#lVK6J-Mvk*!U!&^K84M zPj7o7zxjsCFSU*YDJn6ExGLE|QJg*Iycqr+TOB?JTG_Oy4K?yPVgK0x-*%nw+W9+G zMvD{Dj<@DFb7!}fRfMLpwjUd$;)b$tZyPAypWi78*KxVplHA*;XEhLeS-=U8gPZN= z!)U8AzQJYx=)Cp%BoI;B6BdczXc7xgEW&XJ#9iVGU3*N$YuBc?zw>?C;e9lO9QVU@WY4PDthaB4QOV`PfX>`Yz0O+ zZ(|;S;^|F7B@P7?RXG{-A;DV&lu@nd7C0#VN%2U}WPUE|Iln!$!GxRNxJaj25>WGK zRQAOmb{ys%6XkfKaMo`5;f1gSF3o8`T%;>(CVu|DP7=`ITttQ3rDx#O@(3C~0F_s2 z;5ToYg5!samaimC;`yDRFI~d{-@5*2y-x(&L(upqqz?eeB=)XGgVw@Q643`c;egzo zmFwwG48X_m|Bw*~dVEe;cFBM4iQI?1|4~kGXR;!uzqi(Yh41p@`e*h7@T&ElM#O!! zeNIIS`LS{^^`*^u<)6l;4I%Io_CO`LFlMO2YB<~(=)>p}x(2JapgjOogFdsG_en-e z2Rhg#B{f?wDg8-&iHUBnXS8D0hNhYf;MpqE>MtAA+)iZ~NlY-C+s-)@JSOZ@ZI=A$ zvzsZoNq9zPNfk*icji>r8EpHKDAiA+iDIMOvQuF8$kTU@O!dv(^fL|g>tQeZN?QNd zN+8M34sCLsHE3=yo#%EWR`!f=FS>|C?Vz!IlVgtA@PiF`H_tZ`hFkZ^IyOB}NquoceTtYuuC zv};euA)K-4Ak?`t)`UZ++qNXL>sJteskEy#bhzcGw>h5?cyHTrM4zc?$m>e5rzqQV zJ~`o53+f+*+lwRvuPkH=>TWnRWrVsVRJl{f%KZF}daZ<9fF~-Y4E5R%c_fQM9S|+j z^#IH&k79MnTl};PWD%XuPM~JI-(lRpSVqo= zxjpS_eSg+dLu>D0W5jZOZAzL-_ zVr=kBe+>24!J_f#Tek&qTfQ7R5iM!lZQVW!Fz<2<9vhJ5{WEmaN;OD_n zMXL!HJy|0%gpzf?<;(TG?5<6xfoE8hRLdj)LVoA@e)6jm6Ycy^G4NDYF{OCmn#_v< z{s1q-pIVTOt-yE-zBIY-y5=M`Yp_o4}dn$S55sVm&ILJx7;3@ej*#%ir28^ zVWM1=4N=-Pn^0KiexH)Kal;YZv3>4ZUY+ zl`Hr`b@`a$?xd8QYm4`5G>_N5qtkL6)}CfdsOS;r&eU;)8@#iWA4uuq2t4A%|aMVHXVQ zY-vPEI?Z@{B`>|a@slOk@``r&hB9D^@NjeSw4^XN-867!u#MA8uXf@I!L?x^D0n8 zLRxXSUX0K<={E^byalL%#?G;w7^~o|6WVAgTd8+Hy6r3o0fZoGUlbK&3;69L(W?Wj zP>*yR1^nUXIP^u|a#&PuIuU63?4h$Ybzn*Uwk+thg->4y!`MFcrt%`fe&fjSw}6if;V|S{8);chF9gpXZ+LT^CYbpPU`B0xmYH*CXSk9fZFY*z2G!5L z$f3mTsu{fjTO74m<$L^61$0Y~FA9HV15E-gPXrI_*u~Bb=2`(1=lR zlj+312q1}Jad`l~z8eEov*lWBI9y>xw!!tU3kfH#a!GzcBLE*{S;D>69{4~TjEaIZ z_M~sJmB?#YW6s!ZSjHx9^C#KWS}jA)qj}V2?w$RE`A}Z+=brZnKXRJl)%Q*3d$mj+ zfX7bJZOe`2ObqZLV_S^Yrij9Cd_@*TUfdf*anR9rJOdM=osyx5P44t<>ZmCp(bF15 zMrb%el1PlBGw#)CYezWwUU2C#(#EJr%fAn=kpzq`EAJ&UCGK0zAAs@a`gk87fU@-O z%uAk{uw`mA_W{tac>unrRHBdj%)CCsn+>>UdeQBJnKk`Q@d{t{zN!7J)FBL!CX-L> zWcI>Pab%1-ix*F|Bm0D<=+4Dw=MA@4DU0;6>F%57enbU2_-Lc85o!gP zwhtkEDn2CScGil*Q|1f495T_52^4Mc4I9iOKcA2BqC}qI(PT84btgaS1jPd+SqcKj zd$W78pR8xn_zdc3pfaNyk=4=Qfdi%acgbVQQ5&`XYwC(E;>PtJ*{5;4Om`WL?gvGV z?s*;tDsOdd(rwVm*=rJ}OdL_Svsy)h!@z-3pItQ;kJ-9aCGC@t%Yv0Ig$3N;lOI=j;L1IET>>x-#H3p=i;!#C-B!hr-uCgE`*wIg`x}z zpUaV-B|HFLX_I)tR(b=6lIR1yW4UMc87rq>6i0k|WBA&)1GCd$J44U)bB~p)E0K%& zy#0&z(-WVg8olLSsoU?@0)Nnz{-aeJ_(tgH_BQ)wfBf%_=KA@@&)ojN_%G>7SH(Kz zeLwp9qsg3n#?VAw!nR^peSbV#dj7~~djqyZGm9~%*p_bHO_QwuthOZS5=6KVAB3{Y zsea%oU~WuYP}~+~aD)3k2#> zSN)svsqUL-@(V|wrr*Dly{fz%-{!gfk#K5oT$$nhABbC=b3AtTdO`!1NA=*Q*dS9g z7jhbrN_H)I8pVR1qv9u~#GRE_3A#G{PZe_>dQFSZ+s|y#McBvOi!9{DWbk*b{wE#! zKT!Pm^4~j0aO(lc!uGble|Z}7XYbT3KLBF`4?x=pS+Ce=OkT?$SX}NS4}c)e?d+}f zHu;}ebnJHajZvC(@t&;X#DLFSOFVfAY>;;XhMd{W;K&)^FuHwJi~9I=|%14vrk*<8=2fb5A(po8vJKj z2?+xw6-6moc}bXe80Oi{u`#xFLVN)Lwsy{rD$?QU<(-j)*krP2QVC1 z`ct<~W}L7n04%{h5(faJ<%fq;S^z*v0D!yLhliWohljh5Fwg!X0Cd>>+1@?}0C<1G z%47d5qsazfP+UxLq$bELcl=!<&%e@pkQHB;;`f55m1S#k54G8Y5o=hm_()K;4yTqnL@+o zmJSH2?G{%76T+ekezX#CbX+fANf|pj=T+CKYPk3Z!l)Df7R30chyNmvf`kmK6u^RU z1_z)ZBO)Qf|B86P>;?-~3yWf?j^pBqDaXYlarspta~L{S<5Rs zQ+)dQLRz)TTCk;+K6j%=wN1e>rkchh@#wX5W=Io%W`y?U=8n)4+O*6Q zr$nzf>cyh>R)YIN<5T-OW6z(ULea<7VWUektUq9jNiFOHWb0a;E zEi~v>m^a$BM5@qJc5-r-74oMvs;w`{T*<}uIRh&i+;nZk26&DW6q9!0SrwcdutD&IfA&ZuU7O1=zO*2fjL*f zN#K&ON@@HAv4XF&w;zTLGE~?a7bW5S#I9KjvP(%MU?G2Qn8)aQ<+ID8G0S#u1NZlI z1t(1+P;v_$=8yY{=t%H>qB%+oxc@sqz%Y4o-veMQGVBA@JoG_&0FEAjV;FnFlV`U`p?k#^+dac7^-CpH9)9WHNU3N-6eDA$QY`Zm0nT5B7h{6V&$|1Y9{>GUs? z`hR^y#eEWCDC2qBf7Zt}$U&kp=G+23)(s5-ry~_@N@Mo9TkJ3CfW~{Qn252eXrc@2 zqE#J+>wGq=9)P*AQ}Xla8~aY5n+M?5=T7A1CG3!h^#hRd04ToDJk0(8n?j$AA5h<^ z8)rAW9SoT;pm0MDnio`O603D|q zYB)cdZ}-ePbyt?!%WsbKyfm6KaSDg)d+$%~5gt^xmjjOS+%$Aqs&c7z{a9?v^NWZD zD#^hU_-Z+*(3a@C-BE#E>|2%Oq0Rfd0I`0Xulp5C^j&6hHW6{IXe#GSXz>$xBg8n> z69MfC->lSMKMyFCuR%H8$DT|Xgg}t?B0xIp^*dnJ#Bv!5249&|w?o`PCX1;3^v6B{ zrkX^qk>>2xOXgyW12O1Mio9P@jMNh2MNtYLfF}yq^73F-{YhK1ZWnl5!mXbcA+bYp zd+JF%_>1v@^}CbpkHZBD;C%AFk_VLQReg|2*D~9_WQ9-}KW#AM)|wrlrA&9KNs~`X z@(#sJ=uh}g>~f}7QmX5+{F7R-s}oZDnm*LSD5B|=FPCQ~iJsXC-oa$!1tk4`M|vfXImG}u$WC2&D> z*^-BrS|jSx)}MJ2$vkGK<1BG0Qu0Vl%8$*x5i9$lIa}fS{WMQ!Losq{APfx7E1wF{ zm-BQ_q{*DZ84!qD>bGAJivka@@A0qL9e6>$=xK##U7N^Cm=>1^Fm5_hN4z~_5<=+$ z#SurCDwrm-zvziQ!EkT%TNO}aNVr{{T9Q26-N)+Sv0;*I=tky|?Gk45i$8p#rlSk|VI7!|! z@pXP^#B52KKM-58&GAR>i25|FruVdIMyh(6)v34kWY4B&uEm(SZ84j*JfiMrv&U1N zMEa*2HxZVmo4EcS zw3RUySveZC#{UvcRV$-SYZSrv-O8RWaHQcs1EIe1F$N4B4~r8XOWi^TldC*HK7X z^Gf+w&1Z}mCnkdurVXola)TRE{pb{qLOeUIOeV%gSM}uS((m=j6BjDw`?Ms6{8*m^ zPf2}a_7jvPmAX6o@L}yuRi2eX)^JO2pW!w)%3*?sB1-UdPg2Vf5+n1PZ~15s28ulh z@5eK>V^$QO85^mkI30Ff(%tcQO$u!<&C(wW^;F+JtzS|GTPSRgup%aAHkFp3V&P8;UbfZKSg04mjYnk^5Z+MxSLZ_N0N>HhF?aWv0LeI~I;6%NN~0z36(fC@q1> zw4G$&z+NGYL(Qa1vNMF-tB{1@M<69SO>IRusD92L(+d1yEslG4GRma8=DQMg#j!;| z>}$EbV}=Iqjr?4QMzkJ3!(pP+9ohO1m;Ch?uNFFaL^^F7aR`ID*sFWnWEmepGczVk z%1X~fZL(fvi$W_u7QEJ3@XpDx8m%(sSGS9#Uo6`?c8DVrWWcG2>Oz0qMEty=4vFzm zo?}57r7mJtQW-cS-Yg#c5{D!tNNo6IF^>?^l?-rFznM5gDvO8LiLK46U4fmyLlp>^ zEC8h!>pBe8XoFv%@hzjQ>7H3sy=idLJ4q&sgj(xF*l~rxCvEv6L){Lgrb1U#{4xB19fmi{^_fKhrP39lkv)?9Xw7qF< zU|ZDDnI(nwk4=GGXDoLS@xg_D*%XW|;<<{n|Ax-fm$Fx))DS8mhPbYcsD{ zN0PSkZQPWD4ywIaFUAD!)F>F$~Ok+D0|<4ZQ1Ja2!F0p{`R4-EmB7(!$A}U@428S8HcU`6o_2 zAGvhjV+Cl`1+{IDP8L$*|J~t#K3($6%d@RHQrjs4_of-iu%EpGllK}VBJThSTN2I= zn5^SA<4NxE(KxH%Dtg;L6=~S`NRYZ=qGA{+ccPBkj|76gk%ZaYiJZ>4p~qQG@&F)r z7xq9*`J$4?ncN-#ZX@Td54w3?5RjS}wRif3{X`s&Aclnb!jP|J>%^GZz=?p3wwwFw zs(B&4|BXWOSeR6*pDB@`_xYqqwrHA%E= zkk>hKS?VLzeWX(44{a^0!S^8}a^j<{a^)EJ>6J~MkC+dr(zI?Th3vGQl{68~wA>)K zHaeS)eV8|^7-(!nJza3>=vZ+)96SZq$_JoliXE1!NR4Y(GX&{Wav!|4Em{kSKqkbV zy(|0Sko6%y0sAVb_g(bT)UP?VfLf2@HTc|c1U3ok?Ptp=&`K5@wBrGulT|3jv*luO z|D8>xe_Vw~$!pQOnWhII-?c7g%m1C=z#VnXw%CdLH&ug}vEIdIdUQV9Z|U|`d&}04 zl0AM~1M7Q|ZQ=?X_HzfzGk&3$J_C`j-FsSe*Kdw0itbFk7Y;9y8%Kwhg!D)wG&a|F z&@%XsT$AD@j9!oGj+EAJgpjGkyV^<@)2~*R{}6K1p0vIe}+`cfH=tTp_|KHt61z0Rp8Nb&L0do`S#D z9ZY_zpL1UPiATk%);_TOK00AtYol56a0y(cLn)EbGdj+MC70V8u4G^fw-m0hi6rX0 zH)Zd%Zb^bS%(N6I`?Yi{zNb!~Ra+iIXmA-CpVQLqBDm_#%9=_`Sp>I{WEX@Dhj^f2 zZPmXjbHH3Hof2o5MF1Yr&5RIx&(B)J&JNE)Qz2qjuNR;EG^ofSJ~jjwH=p*6$L^+} z3f?~Ul0#hBH{M4!*swR?ep{lj*4OV}r=Am;F_{Xl$D}fe+MJgab7SKTpF(Yef0{@3 z%XQmf%8a~dX**8)qW%ETCOMkoXJ{!{St|&WM4mcMeCe{XrL4U=q^Z~4`8+pqDUX{r zld2swq2UwBJEJv(ZEI=N1K$-5VN74)ZF5gx1TUek?Wmx;*NUs4yD{OhmrsDkK8Uw* z23oqTLSN1p9YgD?y{12mlX$DX4prn@YsU3o8`Ri!r==)uF9OB&YJMTsnFSji*~d7A zPZci2`>tUzF~?=f2nW^fs??ItZ#sYU*QXWp!}sm;OcS!ZCc$rX_lY(qCqdJ|B=m9u_8 ziv*Gg)dbuDg>N>lridKQbvs)3(kVtf9<*zMsf{EzE!t9x$AM?&4Xo(c;&NhdWEhyx zm*@-RA>Fb_Q9D|rHKyf@`zZnBOvlzUJ5>i`BDm+uLw2;Y>9P_uxIRbdV(7&7vMZ5f zteM&x?W49SjPKJ6Yu0o(TJaJ0(l!O5AXV^0@#6y89=K{aWi;Z0Mhdr?yukcpaWfU= zFl#DK`4F;Zy|M&$W6Q{cwyC?0Dn<^C^>W5~r8??*@ddb7h*?8M(x9sLXa4U#Z7Uv) zTF_+~&JH`u9lngyADW>(fDnS#-4AQ;d`2bq1-^sj{rhSK7%zdX)r^C4z{rcm& zW1IE|$lA;R4n^t{g@9+EMOPy3KCmwB|M9SVRHUDm4(Ulil(#h2BDg#As%2e7w;b0%d>|bVIy*v0iHEO3p`RTaX`Aml^1jPxyy@;agM6KeAUBj*G z5ipeqo8$r$UF|40OE5N)7|4QjNrUV>O(}Putyyl%x0Y*tIb~_n$24ncxAbGao|)Yl{(yntylojF8A$rDU#L#K?4C5(Bdy+a_6z?AwNGGGKDpsa3BY9h0%eGghv0RS#>Y(+pCPo>g@Z)Y zCVmzPcbtaJL=Vxa9 zw3mp_5$tvmUUg?_7>>^x_zH?I|N2ps+N)GmS0nCA+`FYVZg8ySUB!HmzU|ZFGFLAM z1y1>MG26oBNGKJy#u|1?n1j>pyo#%R@}1PVn+{k5JVaOZ=A%(VvZ7_nrvau__!0J$ zyb{(Pqv1l*A4!LTQ-ivSMR5WQ$f7H;rJT`M0Um~%L^e_{`^cJnG^@9BwaW=SoClPT zb<>9nF0z7k(R2tI!89DJTmGtB7e9%&sBbiT!s1s?&6ny1b*fUa3EuUtb@{Fa7hGz~ z6Li`pK(fRK#n2W{)^`@-1ksLNkPiua%`FEUBe^f$2RL<7&g;s{87JU(ck|Y@b@hW} zE%;N2k*w#5YsC|}ao6!skg`uKY#=#vAlwzqa*KI^qt6@VP1o<=TbW#I5#Daw^Q=At0YkXJ>!gA?`7v44I#iVfq7ni!`h zj3MIjxJ$)9Tso80-v1gX^>#n8>|jK&snkfdsw8ETI(#fg>m&P}kT@IRl^;04y=gc$ z6)VD?6_oV=n63Hy3hDf9#+fK|a;(Bs$J;-pZL!>ssI?hzi*Qw%O7AJ*U7%X9DL;0{ z*k8f&Uy{WDSf7_Ofx?sOziC`Z=3yWBZB!b~YD@+%5zsEGD$R>awtlG-p*l?J5hZbB z1{0T5E$9DKSW6-JuHwY_dC7ME+~H8!aWEI^co~}(xmihY+(aua|EhLFJ@NBynwA59 z1=Cu>f+MNh!mGn@0{OKO{>hM?#1Ai?r)bR;tU>AQ#_?g_LLtB6`M_45+^Lg{yNf>I ztGHvsuNHO66f@mxH|rUq`1A41mc-)$Tgk33q+y17sj*pJn8^Bi^g60JK!}o}`3Px| z17ezS6CIl5GCL2Ax57dQ$}=LNEh*9cfhY+7V1tUj`_~n=UItrqRF!x&!46Pj%}y!K z-MFQ0x(Hu)mGs%#QKVdroMa}{D2I0>i%~C88fwRqi$*Icv`R_e+;BniYGh&9PSg4Q zMe<^$W`i4%>JdI+l@W&5?q&?z80)O8TWxgVOrUFtC@Q6;EkJ;q)l6EUjL7nVw+3TI zcddnO-PogdyNebStt&ZxI6!`pEK8rpJueu%q+$j7vhv>ww&YvK?5Zk>xKy<7kd_-? zGUEKb_}@gMSJ)Cv(f`^GS~}N-t_}O2aGJvv+HH>izsg`%d@=6mKV{JCQtZLHhbrpNQ+hN|#xS{hE(Z(cP5~ z<9oWizXjE_m~;NOgK9|BdOj*?emCW?PdQ``tjR|Zf4Dnc!}b}?m8U-EE3>WcSpT@VVkMuw9NM}y*r>VoTCHcEBoAW{k*anX|k15o6JV*4K~?s4H}kNfoJ;pF6XpTfX0Jo@{*aWUw>znw&vYPc_WiEyE_cOSPf zBa(*p?PUAcxpy}M*lFbby%dSHQAHe0PP9ex8&!;3#nn%3v#UoZIwFy0agFQ8i8AEN6iwE3~<|YxV3AcKlgX4IlbMqYGkJ)jTK1P$Ex!Ey$9_4G+zb zT%iOScH9DY9)w7qzZLSGOfe_CaRoPqCOXox@CiBpSYe%^jYy0sl~9%B_7i`|H};es zic;G~-kMpT39cc=Vk#a;E4X&%{fpDFH$MgWcV~!4O>*Ht^x>Y!SaY5TB|A6P+V5x> zuGskO#!iHc8aE0`EBUSdBOUrAlJZRunsOjpMx;2HAqMAp;X|l3W{WBu`KyfFcN%j zU}>c$1A8HjA8-z;P0aWIm^*2>qSF;_Qn{X@y`cSeYX2@BX{$5%i*I*2Ud4~KX2nOg zMF@iuayp4acD#ky*fNX$qGajpb?hj}JR2vG`s;Rs&USXn2+#e8@NYh?m~Et5I`XSEkPS# zUn|`_GfkYrdb%2ENtapl=A@aoH|+@9vbwdS@_I?q2F=wj_xRzOL(_bO?-&t>F-n3dOZKMPFv1!C8kx{(Cn%&7g z%qrJt5_d2}V)xt^n{2lVlJ91NL{A(~ms@j8Di`6^W7lYV+^k+tnpdkALbIb z!z!m5c_xeC!}W8{ey40$ZDOIstp8B!aok4Qc!F-W_tE>u2D5P1YudK5Aj(&Z_r7w5 ziKRu7C0!7m8UleA4iUQhAu25ASF`f4vDEX%^l1w9{f_;6YKKgjB{4hJpXX6$>>Y@vzf-i&D|OL@QerS+bG|(k?_RPM%y=ZaUcx3%W51_3Z}1)Gc7WM zWqWxESk5Ou$=&9%C2w(BQ&CcrhOn~Fn#9(k4rbCI0(5ZDV}+i(dZqQNs=iX!fwoDA zt!$fU>L;xE2*e`vT6W=OwS^0CPq)h&>1oTxiOmz9FsOH1TDl;H(dM&&OzxQsu^y^< zPs4OPDv5+N7x~@=^bG>+L>6pp6-8{%Z@ec8xBgT-^BkR{b>uHQ2_g+4%p<98(38TJ zyUkKu$T~Z|$P-?1%W2*sTzy-S%NFSj*~8abq3Q8v$(RCDsRS8R$MIX1cF({&Dyd1l z;@-sA#?`(sH-_Rp7>%{q4ozbajWsZr@)?HRowK#8}p;x0ee)IcHB* z9WG=sxNRYlGc>pw3YpZ28F`w8840z#}h6l`7pn{xHPGQT2ga44jRoq~m*?-)|ZAoP+cUK|^gh zl*}F}ph_TGls55|9n~gAjMZq4d_brb(m3}^qxteB{QmP9D*mv~Xk1#cOh&@(g270%qYH!E@bo<0eD2>Ck=^N9OBTnFZpociTj?M zQ_@`iY1XIv*50NOWQH?j2OVsj zo30FXsOw<-x}?BSUkok+g!E#i@?(u|xu<#*+hCohVCblUb4p}K71gRkaKmd+FGmxu z?v&KWArXr@8V4~v{+)A~eH1v3p-}_)C5EttGieit9eQdj8D}}b_PPh(;_~*G?vZA) z%2bd7{bz?5b~!jS8Q3rsbmPx3;-Rg4?|V9LXB)i}NUuRnDcfJUD@JW$!z)PY?{l*Q zCnUsRIKETX`@JrUt81w2JhbVwXf|}F*k&x9>?Bns-H_4!N9cYaQrTk=8Y%L|!FSk} zp!!`+bxR(9cCqYa%VX2zg)?1-*5P#Lz>V5s-jfB>L~dxgZKLIvf+SL3V$2bl(9-yK z6YX}>EnVEO4b;ARx_Z`WvQz^olgh@8whHrwT5z_UZ9(r)kRmH3O_@#Rz~X@hIJB8< zk=m+0uep$*C2WYaaql3HF3!-iBZx{4YrT$zW23DTf4kq=IL0p*aZ+H0}lThT4OShWZ`$@Vgl`x`);- zt~+76_^!PhbmLF5M)N(N^FamL3y>=P%laOv2u?gRcb&TZv}7^j$ao3!{Or>xNEWi7 zv`|so<*>$@GOnelS1F2&(AX&~EvaG=ht|F<(m0X5R6vSreY`-kN%TByi-_rAz|r4(s|&D z#zcDC=-#3h8s12E7^_|QX>*3;6LJ>au{mUMuA0ZC>5YO2_qVQS*6Dhve6L|gVJ9o^ z$ASh|Vz~Z8$w(ukfov4II#s0;LLE2!0h_w{L+!AJ8X-+y75oq3;X!umws`f`NsNdE z%oK^`0&!Ex!;;Cp{f-Bs1J1;JX-mtKHf_fKH?|FfMi_&3AgbJr(`bYpH8)&%T-bOL zTN%-Oodg?Bm=T2so3?AQ`a|~h(DaHP!(P1*J4brtAYw_RBe{4*+O*`cO-w zc1Puu$1zHk$*b4CrF`zj!WmLm&90-g`{b6%Yho`~*E`JmTWRva0P#f?R}JYjv4&~f z@bGqpJQ@K|-yodm-wqcVTW9k{zyaPv*pjs<-C8JX+j+5&8H^8A53(9E%^J75%{ydU zI8a)xaHR<2NFoiaH*i-?X^vn-h>t0dcG7J>P{ilf&fXQ69iDF?bw&O08MUmLHa$^V z-*M}D{T(PxF4P4sFgVc{SEXh^y0FVAG-`HDuQ{bSHOn#%%97^TEYw)Hj>Qqiw)ByY zqA3-mqZJtojrsv|emazo3E1{_pPJO6Et?dPgeG1+F3XEu_(XnFEi?bIU$HmmenXqr9@3}KW0%a|ovKpxE*vb{S3a=4!z?gx) zz5t$U;Y6za&NH^;B(0N7(ZOm$s|K+K{6majIQBP>3-adr>|JMSbIM2uzHu||HCsWt zaWi;H!}#)9b}3v*zmT@x7^TN_KI%7|u5ZmyBpm>yBhg?%XzknXXb%gDpk(w`T?HnP zegy@uq1#ip4?)1HoL}(5+JsVUc|&zJ&nQj8Y%v_Csp@C57r5e{s@}wzP4gQ!iMbm5 zFN$Z=m)6OrNk+S$Um)pi_V_m-WuvNE*pvvBsh7EzQ`q)js4v`MXH<{i)tU0>W)76q zP}by8hE5TmSvw6EH0QDA7YOC*TB+c5B;s)?f!=%KMiv)(ixnh86K`zyNZJ;Ub;}E% zgs%_RAJarhd@!0P_R#}JnGZ0)= z7IiDi`*7>(qXiS|SYH9aq7AT+KRPwvIeKbVZ6(LO@!IYblbg9kpi6L_iCuS}r36jr zli-H^wU_|;0wazzzN>k#&S|rr2kXw2Z1C`93d%D>S$MJNlQ$9yjqplz*gA!d4@QW zDAr}0d^>uOQGHvW*zzR|?tCggS!L0MKOfgOOYBuk`Gqnma)-;3M{$9AE1?>3>)Kw- zZnCAR3kqnPK*gX9*nMoce)OqVC=6cs$`N&h50f)w3iA1=CwxsS)3qm`#t!yEns)$k;N`-#?a^RH1_; zU_6$N(cu`v>>_G^C12_?%D*;X63B(7{96ome_%nmkjNnAunk61k37sBZxo&T-kX7SUFly6LUcwkz}*i=Z#k zHxhD9KF(!O0TG#!Bvq?!XYWsmn)i=gs?@>S7vhUA`C@ zWjW^_%7}q=QTPH0K;qMF9cKhAEuq03tvhEP6}rUSe)0M?5Gf-%gk9g_P3(2ri8URU zCtTm=80Ajmdi3A7><%mJ>bx@J=d>O=grtZ3tfZ*rjMt5`X?+FZ|DuyIfnA$Z+%Pc{ zgxHV+!p)L+>qdIck^iA~?d*QIQ7f^F&R&o++ZU*{*=G0@>0!WA`Jvi#S=er1I5|%41~3TW>niW18 z@vyL6o)zZ2A(m6DVERIeh5>4sek!^f_q_y1)mmVDE-Sq%%AmlMfaK$8+?(vs2q%?_ zaP!1>p~_m8aLG_oH8+(+^hD9cv;0l)D{;+7-Q^9!!ZUo9-f~rGaZDghN?Fy6Y_Gl< zG?3^V<22l41LlPg$m}8mkC{6}YyU#PIBdW^-X@vvQ15`7V5Tz&9dxyypIA$(qrAY9 z%M2D1I3q=#ajY!}c-ocqS)W5bdWR3k&K<9-Ubk3G#*A8ae_dK(yAgFUVMjNb{IzWQ zVr^G{?MQPysHLqdMgKUW_Cs;N%Nz565>7(##KNwqe#>r0F`dgYAO}}!!#Q7JmvP#2 zqPGH4&%x|%8K+$VKeLo({3GLSh4U*`IT?qhiOVuZyQk}(xO}CRt}`4U)x$J$I_Pux z<3)}gcR#CcLD+vFsnd!5Qt*ncrp6@XsnU0q@K`ZhiLkvN(+leyDpy96a!Bb<8dob@ zIktMvh8z!=jKetS`DmV=%qU^U$_R>rQ~)#pvy?M&cwrKcUlZx}@p_Tl;-|a!bz_lK zlunwY&wDIrXesNe2YDFh7#Iz$7G3C@DrRmNhj1p5*;_tJSvm|=&fZLwTDumR=xKB) zz74@$gI5}QT|k3JwmR#mu#q4;xE4?OGI))9k(}I`q_&;*`-n^u4V!p;5&HkxH}a{i zd!29koU^Y>n7BNUz2dw3R{J@q=TwRdnLUb2s~_Xb-6e1AN6)_HcXKY~Gr-NSpbQau z+hUSRI^jsSc)}cF15xsi9hOR%?~TqJbHr+-pMa1ErzP+-T3&E=tZqHmIfTD(sb1W# zXxJwXsL7;n(n1;r;OCNbNESXCw2fixWtUP9LAmgzAbRc(Ue!b@yKlVXMfQ;!$G z)uhZn)`(o#o@TxE2h}T)^5Ancrqhwsj>%UO(`5)5r+PQ9L*#a zo`{7eC`b`0(tAK!C;^mCLJyq)N|%yA=!k`0r3Dg701-lyA~gwJdRKZ&=uJvMMX_KR z&Y5*)&AFL5-&*HJkb% z0TQy?dz9p1wG&m9 z>~@A}#Lrkkw_;_^8?|CQH`zDwT%kw6*&Q!tgG5zEw>W=1=nrCq2XA{K*|l6N5gx@Z z6jwDM&KDn(qIV+msHGCegVJ{-xl3D8OQmEAzh&QbiIlh-?MqgS|dtHBLr*YZOPtkj4kLUe4(*dC^{+edRXTNZ@>%F|%VT~*N z`uFB3oxT(aS)_D`blEN$Y$|k2uVtws>CU)+%UoALZiS2B&f(MYUc>H1qf+Jog69m- zGI-gBJp&c{MOvW+Uq>${2{#Z1G5(^Kat9kc1NW|`1hqKcJMxkFgaH^fmIuI}hcE2xwP`|5o|zLInHo|e+`xLj^K&x3>+=6DmD`=h6XFRc)4!RioA zq09T!P1)q-!H=+m|1a*STdom3ze{P0_a0FWt~h8cJmC;jUH@(EMAb-wcnP*}F^(qg zf13ZCl0?o@ctdW4Cy~&(1UEf{TslL!TK8{)ecI9i5G4cA^;0kxwZzfD zw8Qkz*gXseX_PLNRgG+V%x=vlp?#$59L3CtFRK!5q+%&nI{akqp)?05`5GfJ>r3M3 z+RBUDul8`f(uWe(k6pU1m&Zw1{=J;Q##-4mA`}d`Wh0h|jh1!@8laeVxi9I!jw@88 znZ%#5f1qIxtNr2noPLZ{1?DO~{>%^*!SWx~X6t0=$+@KM7E&QgQNj)2JtCK4RE~6rW~f_J zWFEKw5U3NRO17m|eP~f-szWS}RlYSgjXNQ7S>s)le+oAptD-BFQ?XFr8)JH!;eA)z zbU;aj$d*3r>S2w1y?yTbufzwYLU`57osgs|n4P~0fxBxUFf-L>+^FydepzrL-7mfZ zaDsre3U{KynWC6PGf2-Sz$=5aYn$;i;rTg1qjLS*Pl~szL-->;KUrjdJp2i-W9=ji z(Fzwj-v2Lmx6aDkOt;o7c+BwF!j<%T8__CYQR$8gYlDUZbgrb1Jz~NIi+W?_90cET z)Etl0h7Dx?&X;-_D&)P5BV{5CebU#*@i?@aWtkLOswj$&F@C5klUcb)Vi#Gs*QGF< zcc#|MmMl`B?V^3pDSBpvSY>_%E&lE82SabsMpF-{CM0e9Yc(@hw`HE)NuXTKE4G+Q zAOPZbvq{Aj@v&KYaXbT6K30Yxp8P!$!m;9nzMAjM!UamaonKg`7zIeqJ67Z#n`V-( zcI^e>8zd|rp)%rXsS2YGGD69hXD>G#LS4#VJBy-vho#vQTwFQkrM_RSQWH^U=tV7u zGr@q?8DOqR@Zznmp|;Flspgk$^>bC+?Q^I0>$M|U)qP$Epl;PI0T__*Nq%+^9 zxwTige@~}+S@VsGh!w_`lIofHWxism2%D*=+e#d|iz)gL11qLh0hkb$T1Q@Bce>uq zjonTZ2qjD)tL>a*>{hbuKc@)(RIs~!Y%n(hCJ2x*3wL|+;9!ZcDu|tgojUacF2?j{ z-U6bmpIr~RC$##GY$#ey2U20?0NI#NQq|20hXE^e2G^B0)Zb(u7P&;oMbl3Mg@Roz z+Q7|&o?J?3A5JM_T|b5xriBgYqGLmnI<`mH$D&TvbaxtfRh&-4J6*ce%_dVEE<60z zE~Ln{RYTvG{k(8`xxdOh8luJCOdUe=Msv;oh8fdE@F+PyE*@dyJ0d;5yRpTo>MLhB zV$t}UjwNS_Dip%f)Gt<~fuyIpJX5#9wyAjQS5=|yJ?_7T3kEhxw_DB>Q7bP31nk|{ zzii>R((utNM!{Y6jYZ(L>HVIfcRQzibKRhQKd zo_%2yBA5O9Ke^_1zKF8QBMFLbndq0_7FLQfbVTQH%j-^)6Ym{FaCM~6EWWx`UV2Q1 z4QFEx>vEV-Fik!|d=ZiK(qkiZOq6rl=2M{|C*pp1q4WZ>sctP8K?%tMf`bWAVl~{9 z?KnHm01Spc*rlZjga#0+B+6u>oxe*#e_~hape}%yY3Ex8ugfZ{@H%>TmL{gDY(y-d zumA<$hOu~T(#8?`1n&NA{_uf~?M)4FuyG^wcjs^K5AhDQOFVx_Gm?c*(44!yi_UfQ zS^~;Nh4JTccc*Jt<(a)YUsYiM#$&}!vbS@~Zy_63N^*}Nt)|bUb)d_eEwxcRUO{EL zy26tBzd=V&W(QrAvV8FBS6}+wZQ1(Zcm+-3mt{0nEoMLQShkqZetwF-FgwqCK7DiT zXOd~BcL+bWH|P4hq4kxL5ly7yn+3_9b`2_O6pc$AEEB&^dfskZI70`UZOvE05P0{4 zTHZHf$2h;7g0y&$@A^`!vKw8yiqnkId~HewwpVc94kTe_P@g;fEq7-BIu~^fsumDL zLT|1d!zlh~(H^6y`}Tlr zfz9I?J;CcoB~azJSrBzPuA8B2#YQX4*TYnG*{?62T2!hW?t&_V6#i;`Aw6Wd!G`+^ zH6bzYvo4D>Vz=(J2G9O}Aw2}Jjlqn2$#bRU5yFkS`M_SyHML^N&BbK~*6+k&sRUA6 zjgb{t36bhF!!Z9M0EtE1h*hn+*TLM8w!OKavC1|qZtzGBx^MCuyD}Tug=1`M7)?q+ zerVn^lV)z z0jlwTnSQp&r}vG`ai56=e}6>){{5q5tHlike*HxALf136TJ?C>^1X(QbAoqX1cYmI zcEm(Kx$GEZOx8vK1Q9yn2?10fKca3}D%g2y{EJhp(Gh#TwwzDNinpsS4tN zR>tRp;#faDpn1e}K>nJ;{I24}SSBu(x%a4ql8@P(19q z0=3Ggl@H3IZ;dDNlJf<)m{{cbF%CKYA=AiG&M1VoV?{j8@8iXG;zr-su+O0HCw424 z5|1B)b&kRJ?~XN$S@Z2Q-7y;6Du=IH$PBaC!zCpl0<~h|P_}w{>n-@%ajnjPC2pnd z)WOjDL^b`cK!R_-^p9_7K)ZVsvVAn!K4<7d_7`ThS>h&G-0%I;<={&ruvjCjTZkvG z5)bNJgBs+ottFcb@i!*fNE#j1SL90@cnhBzsc_pEknxfzsa4(mQO`G0L)IHm>CPV zVbqa-;x;d-hpcVFs{BM)LQG97x&2*rs?LeXqV0S6Y*OgvvXt57C(ZS2%1XGLtWvFv5xivl%bth6 zZw5}B>qsjh%S7l(u)7el{aY=Y&P z*Waub9(*k{?v>`$P*3Pud4Frfi#;!3dYWvQs&FnTja=gQ?TAYq!lmol4S9G&MHY$A z%XjStzEDyprZED2&8DA?SN3G!YM9w_vyG*$@sOnT19c6Q#Cuuh5S`_(_sE(;;>u+O z%(Ki_--a{=)JQ2Qc;3s&(($I=;zpe9puH`k92+zGq|aiCH*X-Wt-R3ht`!l}Txk&% z3KZ{f`2oBVKqEW(uCgc#5ce>8)lUog8cLzU{N{j9W z4%WUO4HuUd|4~caJ-^goPV+4Ca`zN;&T72z+y2f6?ty#1+0_R#Uyfteo1@3n z-^`Z2i-uTydUDk^Wldb(pr@_@od%L}v6#wK%&1`dd@H?~9RV@0HT9*_cVFV2Y5qr* z&5KQ~YU&^uk2wn2A$?0W!g|T+87_gvT6vyEUu&7dTxfZ)6hB|=5l-qR?(!tO>pV$$hzpPu zdr*$d*|w1sY;z!AlM3bcZ5>gXUpeAFGCSUX;LAb7VNTW${~@m2ug@Yv(rBy=b)PLD z2#g{yDbhv!hsOC|s@2-Fa^fd(*;m97*C0xK!tX-X>PUX}m5G~}kK@7d2=%b;2Mx}0 zeho-kW7A5lW*8=?9f z_>^m<@JN|)&I7ReJ0O}^c6UmP^%)mbwzVv;+%=Damwu%?%Q>}zP$M$$DzWiK)G7b6 zSh|;XY$EOhVNpet(WARkRy^`{M`nF_7xG2s+e2SwY`(N=O{1&F={h6SEZs1w&@kBWBOVzI>h_Um5n+eQn#G8P0GPLt@(G%}cm zUKsmvt|*{N$VkcRCsucskJ++Bxl$_|Dq!pK^qOrY6BCli1(u;dTdy8Jy_mvBMUZ#ekXmzyGwtgrnHM=x(0@Nux&B$W=Ci?iaNw(n}yL} zD~*G8xc;jNfIYYV8Pb93eP@JKto`v>U^r46{`x(leZa?k{gT8b%}A;h5!|>D z!gfV`MY6?#vSeLuK!myLc|V5==^%G4V~2g-2~=R+QZYqfXed|ew0=ps17G}LO|^k@ zcy!RY@T`H#HU7LB@|V41S>BkG54mGgb1ah1UdZz7m_3DtwU4#q4qA?~-=cwhlwC?- zi>>0dr9u%FW<=}O{Qkai&$|T?Gr}Ek+9tH@O67gRO;)D9TG{Rr!+h)wKk&w7Wk^C?AggbIfYnSeKH6Y(b#=uic4OQHJ7* z0ZyJ57+n1!Y|vX+G+ADG<}s1&6-TFwHMV7rox7(a`CDTFR^w4{g6$Jc9_zy-CSVxO zZ=e&UddXn)c(e=z96I?)Nw<_c*8sghh#1~ykMZ#`<4spQb2joa1sl>E1k>@n8I~{r zDOlC>_?XMG(GApp>d@P$$ZtWuJn&OGd~WKiJ#~^byG__==hTtD_4X*Nxp*B}A9C7m zK1;F7BigP=O(-`yx~{dD_QBJK5c?<&=Q;~X?Eo&|kILPwnS2#tu&`*SkRP#1zKzzh z<_Tj4Nyhp-3(upWB>?gICLR??fwI(t^~JBMwFQxxyThtg?2H(7n>TGze*MPocm858 zt>8;*Ud?ntv(eI`(pJ8Ei1SwnR%H{FPt9!2E`f?L(uDWhIo2h1qIQAmn$OO!*{JFn zjLA3jTr{yW%MGoXdmOwVkJ%?#pgH%|pc!n#ys=QFewK`Jg|`;`E=E7{gE0{yM$FdN z_=c0u-wK~x6U*4*$&a+Civ`A_=q`aS?MVi?vs>aQwi?ys1^_T?gLo8vd!<#n6G7BQ z-I0r6eH~ZJ@9bD=jE=tXpoI#J>c zvRj&MUC1;y=b}=+81^*Vlv_Z!{RuA7`#^WTatB4M`_26Nv03T0qR$AYp495D{D{T>$LupU1&YdrC_ zu)|Mk`Vca6!{Uqw0<}??v=`RpPtHMNV;ZxV!G;4!Ue_e+^B0@1LEm{P`?9hFh{gF8 z;~qcd=9>Ab3`O7=-CX1EN{aHj)?_hSG#P3cA{2UgGG=8SD}PJ31faT5ZWnZ#W-C`g ze#P%0p>6$B+`=UL_|nDME{;l*yDikJz(Z-&K}zs;5$*j2*yqLXx47Q^qbh~YVIL3s zF6<$U>_tl;lv`GQ`7E?YZo;&7zQ?K=IX9mm)DF;E45D*SFEh1De8_OSl$6?-cSB*; z6UTnX`nUCoTii8N2#D=7jq8QqLYf6tGcE1M`8lAy+2bL^GJcC4bWb_0YI{1}=`Zg4 zq_b1N%Rm!&jS9w{#bzTNQ_4Z2;552GpWx+O+ntf36JS1sDMZKUld=YnagRmv3rF&> z9b(+^=t=??l3pfoW9iy##ztTcwl7`a8S4_ZWMhuY%3s`e?t_f(d1H$mn1cqV8;%}a zyu63syc|;!_2;fJ(BoqZzSzvUzr%j-eIYzfJ*N!D9$zjO7ma6czKWB2LZ^j#eNJ0E z{=e2i#hQxz1M#LgZdv#v*i!RC;a1Pihken%$K4lR>ZJwggn@!0kvflC#QSIE96w(5 zSv`B(x3=B<;^CGI_VWwWhyCyIi*Jpd3l;z2oxVS3t#VF4{N+;IdU5L~<^IXoPs1t2 zyXdLEi|1NBjx_G&!I{-F%Y<^qMLAk)ySVBT&Mf{P76v>qpy;*7tJ`VVFBf^~usLJg zXCI{;K-e9?SonOB#IrUXglJLAC=@v?GY-Z%b}sL4FY}fX085bLY@x zP&9n#k?}=D46{g37=n-;tg&&zUe{GOpTz2jzNZN&(Z`Vq0~yU1srIwJ3qCjE!q7FO zU9;0m3#T7#(Mu)s>2@BZ1e6cCd#a*}bGRX3-pdSi{qtWw8948r{m#1D>7iO$@v}BE zPT#}**GQO8mOFBb3Y9>zy&$J>rH^p6LK(Gf(-Pi7e_;At9oG|hTGnQmhfDV8lA;ps z8`n);ddhaLcYgPmwP?_rimKbOq(A4}U0ZeqhSyBpZ>c%uA+v<@jM^}LA7N^fC2I2> zU&UB2v|(89Sz{#FauJQ3H&RLG-UfE~hztZQ2=)+rsdYHzH_N=};T4t)i53WDhNrF6 zXy3O=Pr5NC67v-v;kqY!!7(?+b&GUo*du35Oq=6M6tX)O?KR=vP%IJ@KC=CKPblpd zv0u;pURF_ufiwhSD;f1@I;!rz8U*`TuRXXbA~ihaEv*KEADr<50PZUN%&$I zL!N986wRuHZEL6mQnhgqc;b8bu30Ev(L1xqo%y-i;(>{nw?N5zHZLE&AB^(rFo<1# z7}`q+4Y5X3gJdUpg^n!gAR&&fG@LGOOFHM=g>Vl&V>wl+AG0d#$I~t-S8=mfJf)6L z2gGO7RX{BD>L93Kl!h3n|7b{RyrDo7{7PfBK!j(BIe%oWNktl#0_6!em19U}pN{{% z3Zp&|VA}F&6L421T*D}3HAUIG?%G@vbzIbb+0CCP@Bk?m?B!cEd28ZXuD*QzibFN0 z)v-5w+kfB~`ajmS`fp$OpIYD4+RioM$`etQ`wba;YNS=l?NF>Jq+mr5NShK(J7+vQ zS+q*ZT~{9KxtDat-e9)~Pt!%CueQKL$fKLDwVx&1i?7p?zuy3tePGF*ua%#PU||SR zzdu+zEXRqlV43dY>lzWR2!YTPMVGNwcY+G>t5^#SVUg7q`)vn7$8DHPyXqZoZ-uf( zwCX7L*0L~zU{D;=WSzG|?@w>>A!31PIqypio+xEh&?LMgTtAs57-;}|W3Zy{_F64b z)Ga-dp7ygKh#b(ocyS_Hpy|F=w-FOOZ7kkJzT3X~b?g?=B)iUU6z%@{h!=2 zL=7MQV#+=>4L{b%vfhh)@390=*D#(|?~=Fh;Ky%|XoC&k3U@i?Th}X@nF{;T?GIB{ zy=k$#m!h{9MEp2KxZK*_znsqXHdW}gYPri=A~WL*uKrqj3#X^ zH~MN#1SK#yvnBb%g0E9i{a!TV=b_>Oegxu-hNw}PF~`P{ODR_QD|fDlU9hRCoY~DY z;2$ipku3Kgu_?cN^Z)eEp|SX~IVi^B);wjmq&9zR`0vE|N6=$s)l(y&)3aG%?Dr~f zsvCcdFICuwH@A%?{a1rIDCQrPmYB-qf2}daBxADSBM%TETt%m!%mOYJY1P~ub~E!7 z;fiRJ(W7~`hCl6QfszJhnr7RYe15Z0nxp^iKT7>yuD$43(x>$Wu0Ga4Q3(}B7H{%A zCXi^%V5H|y<4I3JlL03OVjBPFPyJul{dXUribLPTEAO@~Jp7tA-|&0VlqTms?$vqQ zKdKA;rKdyNUG{*m{MKBP^?y{$xeqsAFj}2;-*|zV`t#ytm*2o&!}}GhTrQomKTt7W zBMkmgS=sI#ueAU0T}b_Hx_43E=$6@$(V2a2qkry7VYnK^gL%2|!>jcGh=uX?3%g%e z!%pXTyTFiR15%C9k_v9Er!xz0y7wJ&{j<^6c8~V&Xj6}7c_~)VCQ!Wk0-UZwfuiRbue#8$ug0{nJUZY*1AFhd7 z?R*R-#A}Ba^7!=Wn!jF&c%oL*Pqk7GBB`;E3!D95Y`t-y>)@jMCSva>ciSL4ZK{Qb zIO;q{>3;C#*%hnzKXBnfL9WL4!hX&_Q>1CJrRTz9^ps4+C zX1SfQCUa-!VQP8PR6@~{ld6pc>-yC|VOn}~HH-CoX?^QFrlutOu^xVt*>-C9(!6Gl zw^M;*z;ENlDYRc9B5PTCa0c%CL$+NK@xa#)jBUj8dzz= zU>W&aT$c1iz8J;r1-?p8{sxM^;nXrX13N@0W~>QsS(Lh@yXSsuT{7&jy`7(U43X5* zW{PYPzHx0h@YLIkT*KUIQ0uCIs&nAenNTRY&LcEf$1B~u&FAzvJYeCPMJ=!_?&O| z?o{y^8QCF^ko=l<*x-~p5$P>)lnMV1+C-Lmuc>Fks6r2ta@mXAE!C}4PVsn zj5xSK()TEndJo_EnBOIVBUWG4iR7nCwP=3$HuCb8q?d*4xrvmF7(skMI7x0b8z0`5 zq3^Zy`mKVbKLd`^HAh@Y?M0$(Y>~h1`wI5s@9px0b}p8_>&~`^k0QT^^3vimSU16R z5}@#vON&AKHk^4$*|{G3yZmnNo6Rj6iHB`{E>_D{NqJd3A;x(AVCTvYGC2Z=nrf`9 zV6Z9A?`3yI%%;HlwC&|<;B%8(Ss&QPB+6xmZ9c$DjvQE?MhCcc;S0E7x5Rh8Rd zEcHG*eEmmdE$p!{u(aB|=qfBb|Bp&pMF$pxjm{*vEfmlc{&MWA=(8*Ea)F=T4nNwm zd>iiP-Q+RA(h)MBVMs#T1YF;!-l=0_+{KD<7CvNWjF6Y#P1;C)3;T%O0dYYca9qbS_( z!6&7ctqoi-&7sRH1a>mSk<2uqsVn*%l7r$-DEyz3KjYOP7* zml>Cl$upu6zVAT7T#QdJQpmUSJI;E1NzIyKF;e&AJ?HwFjeVeSXUAOrR3kmq^Zssv zGAcydiy{0$RwK;DK6hY5?E3Up`1ExdwxQ2_FhcVIVCDo`+bHdFnbz5xvf>;kJWw^n zl8r`R!4V-5v7nBUOw5gU^4D5M&r z_%5m0NxfP%N{)%Yl0#>4F2#co1QR6LCLW0NdVN#Q{UH8jU;B-)*ly7TDDdOc)vEvU z&?A6hhXZa29Qgg2~N#}QhBbPZLNXz z@^N->jtH#^cXOWHZ~ItZY^=zVJ3g800ivgHGr)#7+ObzqkaXiC*AS!9tQxzcmm({2 zj2AgEsQfkAKoR#YOIuW)e{>$aaWkfp+d8Yi$|=A)!&KWiw{iN@x69^ycERi<=>@;x zMqkO~;uK#SL4rTifHsAxpST$v1w}#8MKDIZ2%0P9X@863fQt&kB6Peak8iMcl-SL( z=9%e}!x3Ymj9>N8u9FI&<)))MwmzqThn{M(xGcRd?Hg&}@_0gtcJN)jk|dku8-K_^ zFz~{4E>;-^J8!d(CfvIjF52!oCCjFuGuFgAs`yZDOfC#xWjlc%OW77#_(v5MdHzKd z$mu*#;r|6Xb!n#Y%uFb%AE}1x*Wub}k(8MK?og^e{O#IF%zB{jMaqh3E<_d~uY(j# zJ4KrTjikrnb>ei7(NdL#vs65EwU#;#3ueGFrcHI`aFJcW&k4bmKB)~}k zLuhs$;Oyni!giL7P&)I6CW^?~?RLe#{p4ES=Lpj~bAcTs$7omqnQGE&z~~XcsLUH_ z9B?sDW`xv{?|grSSj1Qs+D1CEuF7d|&eo6fOWUrJk@*VqqLYB8A5q=1-F(BF=c>=w zx97&WQ&ttw6t1C^<5w{41W()+(tU}O4EhVtRwR-x`2M^T#hUVp0R4l6sq?Q6N?*KU zvN~_qDW-i;eUj(rhUQ0iG-iGZGU=@|4>#xL`Oy_zIT>ICS$PF|gysN72^hJN_}h9Z z(|6ouLL{Iow$H9Mz8=45?;S6GHPSWaxHwjc)ObJrk<0EWth_YTbUx#sAD!zb;y_ym zJWXZ!?h8GbjZct~1x#O;k{iDhJ+~~>2+or=oQ3(%YztK%_V@F5{_Su$KZS|#Ih5?D0-FIobDnSAm;PPzH^>usm#dj%Iw zxyS>fi*;{F zD>^hVEFGYgR(UC`1E-wBT3^~^AQ-Lhg!}MEG`Y6m(AxBt+(^T?y;U0v61WIPIK~GL zgn~`(<(%_v2i)ShBnekbv~LwF0x{ubFBmrqmOzT$s9d|WV!V=PLkT5GP$-zxPlHqE z98isoXYdNH>k6ZJmJBg{p$SP$LG8dkG#Q=9{eC57M@c*JtM619v#*m%^iym6a?Fff z%7LD{<9mO8fkcl^h8-8Zsb*$ILri`k*hR^*1@Ob7@TXDYNb15&>8q`a6W6})HwiD~ z5P8nUPCn5OagwJwMCV{^rAE@f3f<`2`Ur!_c^Dl`y}e3}C1!#T$Cg1yDn6XAaShZx zc9s5KX)7)MZ2TMV;iER)7W=!cb%1j6SF7eN14#?bAzpt~)TK+hVxVs%*Lq8%Sy3j5 z@ddC&Lvovn%Q9d4sfRCw zKHQ-TBFJLxnCWgGsd%Ne3&j=dS?=@kUAo7#mK-8OX-v2~k*1EIWId}0W_RDbR=j`W zjTIU*I$tiqkA32i+Z?&+UNa2;^hy6?acR`!ulDKE6r4ZGtUEikTeQvY^PyGOiKq8e z&@knmh*qI@fLVr(IEaS+AzZ?=ABlqZ| z1|PCLXn5a!01#hF5EhQCi+S!tdjBzWU+}rkCzHLUmLaA-K)_MRkGCst<@xL=6B?Ge z!(2l>qsjE}j}AM~-w08SuH$hwR>%VnOL%7O)=@Qf)P)ee4_7 z@-90yK_0(@4!c>m@gG5ZfyhKMrU5ehJ1^BdE5%7>-pJ{ejlrkd$zzP2gw?L<xiQ}KFoDDtdVV!P#zpb2o4%PU)X$$qx%J32BO z_f;tBg7VG!>i<5Vqm-@Dj(>d2*WWLTj3lrQssMLepI+PRd42E1XQjUqEhhT>l&FxH zB#bR>-5D}N+HpwsTgq#!1m<{Wm@|K@3N~u3_rLdj&u$xqf;k<4$%v40bEwX;4Kz^X z>-Q_2yJ=dMeO`$bQ{0m2-g^NzFAA@;65>~WT@u0RPDma5_iY|Hgt8uoMhtnp-qq>@ zj`>Wz^dxYVV$)TYOX0td#XzZNhxNu`TyyGxQAOAL$%A(OIWHeHrlj^VN0Vt51hkF7 z;Ta!;ItNPIT_@J-Lqw6oSI8xT0lK3~#<$)`dlyCAImOzEXcNfA0v5E527b9#o#;z< zvj-Bl-g8GW1=t7&?bJ6}U2!BRIz#?%Rfhi`#{Az6W9GG5=bDVVnLt`V00Ie76E8w? zQQ>Gn^5kkovu@D`7d;4H$)9NzN=;hLM2E5FBMv1HTznYVj@?~n4mZUZ*pu^3C#-gIW1TNi%do^9HJ2z@lO^tc6LbOdW{UXrTtxgN<0Q0^7tkHQNhO~+ z$ugGj*1m+;;*Di5t#;4pkcP4DSl7HReRw1181c=!-mP56#(C>{v^eSu7j!fmW*7y^ zs;8n@2Xu*>NK82>l9^5-M?bYPpCF8%JN66!J#w}?2$moH`Gf$H5A(y0lq>v04wkWv zS$kp$R6iK%{iZp%P9YHkrf-|YKU$55ZPuQxAtz6!%OoTPdWv^X0eNwC-y#OzX4r+O zMZ^L#NPn3&qhQi4{4K8^OK4eAPZ9Z8GrKK~5fH*tN0sQ6J z4|G=<9w>egr4knRX3D!A#5P|tY9vHOiqr5iGq?(---Lu7w#ba%duqbYm}LLifT?zu zGS%l3{-XRGhgSa5eG2e~exR7+CMGglEt?((r+o;-D;HpXij24x?Yy6He&&1I4EMHZ z6l|zDSH@E^%0ghh)vY-R_mqU#NZsL4J@g;5!Z@Ay*K!mzoL6J4AEs62h(OD;N6Bie z2h_<_P?qKZ+DqCSO*xsy3AvAC0}kWLzs~)oxV0@YY;vD_=TUAZpt9Sdb4bV*VTYSf ziZh_J0!_CJO<3-=Dqa6IljCsw{1!_eJVd=qE`z#%DA8~lqcUpspwt4z@M|hnQr7=Xll7B~vDDON$`{I;5N;z9eIaju?>sQ3osBwwXWS$q3O& zzv?vzUG9yxHoqO}Lb;Iqv~H>d>S^U; z?(L?9097WmOfW#8;g9@hYva3suH76mW{a9@l23YD;I*t>uz>}Z_J}azeT2PgNIojU zB0`%m2eCMJtaeREL}5e!Hem#4$o*Y91j}&vs5egd=@}Ga&r~Z$VK+k)iwl1-#klRb z1MvT&_?WFVS!Fkv`lQHFRKT#&S=JXXm(9G6WC?FmT6z|qfK zc)e3o`_uEkYAn-v;q3t~fE&V2C?UB$wi{X~&3{z20zU6@bs$qm;XpNysWkF2hVFI* z?+s6)CbGrAxn%L8?|#5eO0tE7U&S3mX%{2CDG&?56W{T3_c|tR%tJq!<+oA~x$?w~ zgy*`ZR>Z{NxMIZ%!-zQePy4s>1=Nht`n~*D*^cnGDys}c%v6E_lemCH$}7HWFO6&ydEtr`7QvCICd&;ta$*0!o2vU@Y5ek|VEzwLq5NFImh zv4Pt#ma*k5Uit{QOl^sKeQ|3_b3s|1w)t3y)1gGU>l2vgAcbHQUOliJaz7A$7MJg` zDoY)0~2oAZ=hwYb4DO{+YxNeaVa)=mx@E-GE_9=mvYz>$=Y zWV+il>*lCg_NjlBgC6Od(9-C1{@GHQ(trnXoB^H%XxYjw`*U7xyn?vLP0)YLzgJf3X}c9{L1WpAB{IdyO1Nk#>VKMjL-baL6!M_vkn+<*;nI=6Vv2 zdMDBT6d?I2kEARbAk=jInzW;T^J;$gN=*)o|EcyXxP^Mj%`ea#Gw3-2h^vmiVaY$l&k9laL-hb0T~i+{aT&$^7tntuu*xeuTGRI}Nxv)0@8 zbmt!s!bgws}zS+f`dEtHxlI89qAp6iq+ zNfRPv=nsqz5^e1Rv6@T$>ifxP6IAGN#3d%*Gd z&xlOf>m^(Cs!Ot-XJ9Byx@>T^{(&_Kk7J=)d-lfZ0+?S_$ah?mbp?JY&AHGqw=!?E z@U(lnawg0!7kKge&z1>cUW*5*w2D`70xLL^381H1$}M z-%qHSwTNg-$0{>7hL4xqktbWcfbEGUy@^?tkQ&ha)})>+blMe z!V_36cG0yE(DP|DX&QhKih7aH#3X#@On~e-5$6vHZ!L;GV3R4iE!IGLCc=0$?^sPS~mic?9Mtbm= ztH-3A;lxEIR_EO_Gqwxv)~(IK(B$=Q0oPUW=K;#qA8ZN@3TG`Y%S|sdfhcXij!Smf zn;xS?NL!k^-3>4QQMup^WAMqFvk)Htn=NADq(~r_?Pv#!%Z$>IG`lgp33j3+ej+jE z9~Y<-X>a(po734#+BY&a`*mA1OVR02szJWJ>w(BMMfM&+&Mfq5&Dqa!b@srJDUNWX zwjv3w*>maaRKj9u(!rDOzDc#)0}UQtFF}KMI+TP*PI9tomb31x|05=pB|$tA$0!4jQAz5=290^f39ON zxo}^_!Q4rzBh<8XbKxAlI)!pFr#}Sz{33N|8QjO>#BZXCvZtUR1e=>DJhM-ivw+R1 z{{fo50`wPCQ1p?f%hT?9wM;@oz~?(1th$suq%=?^KH~W}fX;?#20qj?orz{e;Ws|W zS8_c4vaiD8m_?W3-jH3KemOB~Vyf$pf#j^ymAYc?7XVbu@V;_AYTwKe9Eg6pWA_V zsWY4y-XaOlDv##zJKPLmOcSQt!jr6)A#NMLydL)=+v^m)+gEvYHyx^`g-1~6(Hq16 zsQT?4=y*a;qxg=D!K1sw$?i&#OAha@6*%EcJ4qaVz$GTKTS%iD-lD&1i0Vqs_b*gD zzf!9rC_cf;F1Ou3a3J+UirwrO#N71LCdLOhM=$Y&%Z+&>pHb~@n3K*>5RX9wXVQhQ zZ<7auV@Xl(X4$?|1 z#wH+gwDgV8j>4KpoRso(0hpGK3*YQF06MwYt^k7nH-;SnnsuCi#%_-Kw}YNUaolKG zjT?SXyw8>sDTSZTH=yYC1(c{hRqSxt3>BJ?AOPIQuVuml2y#T=*^UQbi5VqA4IQtx zduH%ya;yNAI!*UOZCdYLa=UC$jzX8S%1&8d>o;3o>Nms3oqVG$T)=@7;;!=(@1-2gd)rCo8$fO5ay|H2H}LgIJtc=nHp1d0FT|Yvyz0GSO!7nBrk;T!$>+D%q8rZ+pn4xc9s1aRRAS{;u;LVi zYH#I*S#34ICoPos_!qZsip29dTH*R4<{5U$C{e#@wL&}cx5INuJ6&^ngjFR+s3L?C z`+m;g$#XKWBn-_`e6Jx)`a>J#3Vq|UO1?~hB#aZ@iK`L1 zDkl1P5gCmOjyMm66PTaQ3Z91PX6?mI6@q~KgLZb=bycnQpgSIqC#M?`%|VHBH- zG&ny&&lvjIPPcpX!nLz@;26esQ_e6+$$m5gO{kDx26tid;-3E`W3y~${kKo8$;RmPg#&UDZ`nm($gf3w( zH~1~*ESr6?yAlojSa!4W8SW)oY>)+_h>)eT$wns!y3 zf@UUGoXZ`sfd5uX?t-cby<}IUj0_Lp<*u!pt`xqHW1r)Cme~c1lGK9 zg7Gzk)Hl&(gYnJw!FmQ3LgI9A<6_BXlc8p+n<2G3Fa5}wlDc!Mt#_>`VO)2*4g?&f zPU}|QCcZ{D+l9vpH|&19qV}Yy>v7G1)$~cr`<)uqh?ho=(f_Ej+P7|N0>B#58KDm^ z1XzsO-`1WdATCA?8G7#6$9NBY{bl`vS+bB@$8gdf!WuUgJk8PvhD7q4C^z#_E3H@w zNPBsN+DkjZLwag#J9C6$ltjn4) z4Ht~OMFek2S|$J5LcMk6ajYUz@@gC)vuQn#Daw8$AOyQ6J@`sY=S5_GR8UncXWw&z7ullBy)u+x(`Z&=mSMG9cmd|# zUXsfmZc!C3-}h>;l^v@y4(!kj*ymMjH770KVQ@C73gCfLu^doQp;;pES7u-O64bJw zoI|Cy_IiNuS5HPR-Sd5U?UoqQSNY^|1-GFAV>ESAAbgmr8fh>%znDC)=GCd(eqfpM zY$_LjnZLcT6V7M!@|^p?Us1z+{B9`oOQ(tTqA%0fzm;fP5NFd3UZ~`VE{9B4GbQa9?!-q z24KB94U+Dt3JmV?DW69*ml>mO2-SRs>K%}8UQ!J4*q0f2G$1F5(PjS0VWj#wt!<`* zWnjd7mT>a{zn7HiX2@Z~m1tT}au#d-=!!srx`(IB~vRJu`V*y!#Q1LN#>o%7&4IQiuN;9TeN?rqn% z?$7;w-=FvE4QEvafOOQ18c>qJ8^?vwGG*9_GWs_E9 zX-m>Gr}fzylW(YH`l)gH zhP*;)x3*2G#!dO7x)n-M*JZUN1=;ZOtHUf}Ju`Y2vYhk8M9-veCV(J8 zoVZ@MxAwj7sxzjSp=3y_-w#Y|bjKC^Bcb}}BwZ(2m;q-6YT3AO*QpfUR+{j!QJ)O@ z5I29h;?#&(^0AKJfB9`-Z^630`uwmeONc?dN>bBYi9=VT&<%!<%D|M8vHU7%kGP$d zL@!%rCDRyQww2zJZY`cgZQd@49D^T9vuj~x*K=Sovs9DopCGS^=#VpNz&q8Zx2doh zD|17MX+feEw3PH|@HmI;Y9HUoOXR$ztU8pWY)pvm(Ba+5+zs|EHY-T(+SO>Ch+57Z z9Ba?!@G3MCym1{r#0G_4H4g|`LP2He_>F{Dhg2BRn!8HjLyIkmT9by9#9-*fN~P zOqm5VxD`b@rS!hVW;#8J>u6Y&YI^XyiT!~uW`Ek!5*e4W&PoVbgSLo$Up4IuXys=J z+}r@W%oL@lf>CHvRO!i=*ZS{xmaJYhLVOQe%H|QukzbZIyzFL2`B(9j@K6exj5C_H z7H(C=*G+K-tH&VuukK^4W)~t^kA~0k%5s<2)LX_AIItE+AOEgq@yPC-M#h1Kg-qhp z7RU}W_&8#@1lVHRd0dE1F6hmW?4@#`J@@lI?_ib1hh_%3M1^58+e;Lz>q6Y$TvQM# z4kL1xDFvP@&ct@^!4+uB<=k7l2W#b{ul|JQ+#E>2^yt#Gvxxl;?jTM%&8XT*;=0W& z!%OzoOk$X>|B_4|W6P>Vr%GO04^;SM|ijra%|3Oy6iSg&P9Bkm9|=t zqyBQKR31ER2QY6Pu#41&Sgl+0;gFzToHk4#mTx+H$t_OU>`M)5EqNo`LM^3i&-84Xh?ap|-cwx~H9R#&49HRh2_4`IyE4^v0G*dIyvu&BYYgZ*M-_xQkX4Q?d3pg4#2(GEADewEJdV3#XYA-ZQMSlv>IFRbWzK9UT@trWHMAH>_9{iIR0mUOFAoGoHNv1CYW#G2d{#cp-&5iQgvjv3GT zrSO?L=`LB)qGbpOW62a#dMWZehs^YWuu2d&SeGl%7utJjo?Q_YhZPYwwajn7Z`VXN zv@u^tQ#sFCshu2q4!P-HBg-LPEX-kKu^0#lgvqgmd58MWEqL{WIwvhaxY|{G0Fyz+Y9wkE4-J z6)z2rg3gwrT5h}Q3e$vDg;Ot4TWzHPlJ@}7^KUh>LxHg@cl=npTo~&z9bUxd*;vuE z-l-ADflOdh!ZuUxzT~>SgXVp3Pn5Fa{?wz}nKmtqBm;0(tMAcj2<%XDx|Rm<8O5A) z1XCX|vD+|y5(GL0FqPL@4TkGTw>EmoDa?fup@ay0bkY_`M`A~T15Wgtr*X^y=D#Op z8upMmnqTk^!Pp97*3zD#%S782IDAVx)RY0LghO(Z7bJ>l^-QsygSQMGLF|Yl4 znd&rFnaZOyCkb#%(cbIN$~X1gze^TX@X?*?znV?`=78FIj0k3_{=s6fRWq7Kc3oXN z09U%(xc;R`EwtH2$NMrRn$K68kB+z~nq!JZT1y9EaG0%b% zLRH?;Y+zPlo=R5^S}qN3neXeXTUgTHjh^Y7O?U9GMQ<5NhHA(u_~fG6Vas}v?Lk38 zHfpx6Betf{)zoQD4??*^8^2^;^omHno6fVI01+45pKbqkyMc-J@R|0OMZE>!>=Jmr zwnf>p&4ig72-LZm&BZZJWM7t6rFT)jAvEZ2dm~$QVlh%mCrLapnI&Zl^lYAPa@sd+ zbBuSj=aV~Eb@F0)SXS=DzWg=ySlP^?s&V7~X!OeY_p|Cp_k6L=f#1FL>H_x7-14X$ zVsIde*!2)3;F#$p7#lRERd)5F%&J9BEF!4S(J@lr_bxfOt( z%wT3puYGWO(r{pUFLqhKZvK)*vg5_vTNQr>ORuOt8Rh*~kj^})p$yIS1hGf)z`EeP z;&+<`9FW+-KmOMKeRZ?u?wr!=RB*&bZxez>@$t@PhCtnhqvDBUhmP4PLEOmyf;MyF zv3Gx|U0vXUT(E2taQEuRSZCMSMq6fjks5_^f+~aMb~&Pj*eSk3bu_3Yb$!KH*}&n% z-e}i!l>IOMVI~XLo5#qK@#>YN}Gwuo;v)@Vr=#wDz7jPWJO)bKavkD>;@}v z8iuUetQ-crqd;~wjfPxp147&RN_ZQ`um2J@YALgrJt*}u<5Wnf0lBZO_x^$^LlB&t zWS-HcBD2o}f( z%xd21o+?xqN(NmWX+5Xpsvu!r(Tz>&hfqJcY!aS21n><=L8gWC@#qQL*vUnk&$3Lt zdd=mnd|qob@J=kCFluI0Fo&RNCK}?FtlRx?g{{xqq@>C&cZTKWu~efCBniV%5?O?L zvU-Fg_ttU)wYDUE$@qvDRj`ZMNi+x-PC&-|W}RFd#($&dcW#tMbOQqu?b8w%8Ewik& zQ$ntz*h4-&=h{1liD;(bw?q_xm zF~4p!(kb%!A6MTq)}t;22DEQy7sRXce@tBW3R+l5<2dJYXZlcJ)Q&>)i`2?>Y;x!fep&h7BJ z>`Hk@uO8_5U00=X4*+s^4$EHTg;tfMC#|MK_~h!lZ3ML*KDcE;cn@#_nRup>CB$#oRBnD~o)I`i>oKTVJa*72PO`~qrOjnd@d>jx9GnlE>jNAlq*8qAP;uWkE?zrI>}IjFM2;+kw=MKFp?H3) zcvgzlRXJw_idA^n1gHnyExq+~3Cl4kzMwPm+k{)ie^M_Q&X~L5HI9k1<~I>XSd_CL zei@8<;+OCyW-ZLxQk8;`+_@=RvTl(t^IBiZ_BeE;(J_03Ux@3i_wWodjdsWLnduNP zQzrmqyqS)y)FHk;@J+Fo$fr@-CNO@6Sx?>jOE*(^2D)YtF@106s&I#Md`59Psuq*K zG7<2l6ak2o<@HFFlr-^v-thi=kRmk3f&SQMQ+JSPOBvfCY{o2!>Ye6rWRnzD2~&`J zKiLeNSzM8_*q%mgTjN^-C|250ua@hpW=qynWgd`quBmTlkF@of3Wfv38~lpZM*{ar zBZ)0qlQsJKX&rq)56Cg7W`8)j2bQURb9OXs(j0g+aIm@|dZmr`8$?a)z<$9^?QdUN z+(>YhhizZOQ~Gla9{YC~b~H#b63f9HaCy49Vyo~L8Au~Lu-#j>W(=%xC;}0$-w)W~ zZ^pW1IS)t47@o!%Gzsx0J}mnVrG&csgOn9P`iE-!P=w^ugyRPe?c)>YFx6qMI_Wx) ztgf&ao!Lxl+OWZ;3iS!I_}Xer;Bo21{_6ok%T4AHxb8LJ3LA~#VBCgArLr0BDBY>2AH zZx)D&tviUM^f*QBV74XH6l8Wdr9|_c_v^vev}C7N&`_f%dbArJ@2h<8Ykp=6IRJ=d zO0Ry7nKlYRsK_nn=sP!b2Yvm`^Ct=-c6LG*TVsgJF%qS(yQ}XwJLtR^%BOs8(n2OG z?DHxe4Rq#%P49pj>9Z}!Dp+VF^3bTVMF$?yGOfnXVc4-?UjkA)s`$0wKBTjtpg;JPimHlQP2ZTPaBDIsOS)k3n*h1%oT3-R z=?aQDNJkIAeoQF7F~KbVS3ZQjaYfN&^f<2j4U*=dM_x5^j6)ZHBnpyj2^hS$U#`aM zdc@#*^EDhjJ2iwBwvkg;v!n|hy4gmoy#_yA+XYPW`&-%l?%Dkuq=svq5u$o&I0hyD zkwh|Q1O|6zE*Ta~)hu~-ekg*nK!d)xUIvP}amM_qV(wC=^x097$r0Ky4p$wPg1Pgpdd--(1Dj zj1?q~=vRoH-QyP3Im##FA|=md?zxCE)?95T>Ghp`8qkG^=xMae8Cug!dc-^t zTA$wgwOtiIj*GF|L}gK!P^m3(y`GN8GBShKqdzyJ4ql9{?UN#Go%qwYa;o)v7W^|0 zEmAN9NL+~0Fm!79AP!`rm@MG)WMIIYNiPWPwpTD5ONJyZhu5`xn9D|}1b^*VjGOm{fZ#QzI zV|#Jd=LZ&w)7EmrNi(f1`1W(#BcLwiPbzGvmL&ZR#m*SYMEUDS-Soaw?dE|SakdTC z!JgmAH{|oKH2*A1xPXCoYBT8=Iwxf*n{=>&>lQbcbWO%Z>J6>$NEjYv9Na5=`db_p{!W7!MaS_!h?+f zu{D+5M$wa6%$L*k7~8u=R}MPtd0Z$Ia(;5%DY%O{+~BL;d#R5ullKQt@f*SH{2MmM zay#shSz5_!ATTDBl_AjnI2!2At;-jUAR+k1mN?E5(hM7|gOK!8BYzqK^QD|AyIT!# z1Sr^5Y910^Vua?R+mE%pIZZDa3AN>HQFIq7D z8e}RZElNFI$j*_gySj6G>iN{{!=o$?TiK)iR~LPU8~uGL2UU+RYQZ+c|44G4G)en; zLMkcCkOhYQFifH_cSQ1I_XZ73CcBc)p*_InNz!}#AZH-ji}CYC72q}YCGpyxXk-2V z-xQ^I0j_$Fu}Z;R29Ea z(pB{6Lwmp0ZM96uY1mU?C;rnwTljaG`Q+|!jLGnNsnl)&Q7Yq9;*0h@Ax9@-jdi2n z-gpQ749k&*L3r@b9kuHzQo)~~(;d;T7QslGTjdU|D@A*IM3z>(noMah#TUU4+v=oN z)@+^R{RdPw??K!A{NNkP>OWAgP(jCX0!}S<6^o5n)90#z;;C;t+H1SMlKz1BOHD)T zM&nr<4oC7$^+l4d2tIprj-E;xH&WJuXE>PBgXk9Tnqx8hCwms_4$78`L=yA=PsRNI z78TQW#J9{x2V?t`wm17-;1DZtJ|#B*C)vXWrk=p9oZ23l{R zvswkNK?1K-o6Hx=oqLQt|MH}>{8p!9x5M3yX*Qj|+CPSaJF7B*g< zN3D)gO6uMXdG+$Lrus&rAxr!(zW#w)y^hJqFB?91FshiKcGJg$5T7hlxj^e8!*~{U zV>sx2T7FbQZ+R}&*n`R*GP1c4gC1Hd(E)(JW z&#_Lq=v0G*muc~<>U)1|J4TzwbhC)WfnNRA#c~ww?{*0n@CPuJxp+f;|m_kzBD*dKJ{ zg4o7@GI9aY*F2JG#KO3JPRaWcZzATJ^_pd-vf-Q^MJw~xhCTlzqDAqHTb!i7k`}`< zrE4*mH@foP$&o=pIF>iG$=El`J@Kwtlh@B!%e)ua+zEGvy`P@$h$m$f(Q;g+R5#PBeeRattS5@W(JoejqvKfiCW9ey22)NNj5KPqt#0#SR0dHJ zIlZ0Aid&6xGV=N&kq7rI(2k31@^L7)n3-?{9I~tj1JR-o((R=^&XlKi*lNf=wVO)r zTH^eB=X0r1X=Jc-kV>~-E`5POI8NTY|5-`h#_nS>p`bfRnFoewCxdN0*DL0EE5F8& zZ84f4Vb4v*euMLMqAM4`*tP$F0b-Z^(Qfu*@t8Xj9*yTRghyh1P&qA=H-M7$k}OW~!aF z{}rB45yV7D4f0o>9QyOEMU)DIRYB`esRE&gJ+1H*N?zC}K(5(L=9b*!ZdfZLTXe5v z<3N`V=nlRhf6}?8`cl=aQ1hKC{zFNIj7!@|?%VSDv9GY9rUaVCXYMiWlz}WZJ|HLm z$P7Vx+&+kH>{K*0ZTkn3X_P_gch!`O2RNS1>}OIv2NzsDIJN6jB=Wda^E2t*)k*H! z6*Z%R$_c2syJ?uFGVYvTHug9=>5I{tviVQ|fRXrXrb-Ecyg~!)g9BEH@$=Q(p4hXL z%$3Nimls#Qm5GDSG8;yi)EFfqgL?pCCHYT@l1$ z>6_*@Agv2r^w-Szc%SL2FrYd5Rt6JV^N>kZ0LMTc&d)EOxyAap+jTQ}?aKu~`1@=y zGIMt4VI>Fzs9@>d!f|NheU$c0Eg-c=Pp5XjV-V#{2~=W}56mozs@8|Xy>B*n@n(sI z7T}J${(zd4b$y4v-6iea8jQ$v&D4FEqq99Kz0=$?TX3~WI!%keTxoxi9-Fgjr_>m> zLDOU7@Vi&Ic>$2#7{lz7jlVHNds^sB3=ax#?|k^*D5-5{7J&b4F)THK;tLv7Dhb>Z z)G(;*x#=J*;KB@-KMWzdswmpcR}8)haldnW_jdEFSh0+HOf)CfWjw+pkUdg|-C#Mj z;fK(4cRz?~@a;lotHpsz7gan3B=M=n)3?F5UMcz$A181o56tFW+4ljsiO9m0ibAy# z_{HjGXqvE|McPLJc5VpwO{ccE25&xq+oj2R#0|fd8_MvTjlNJwTU;(+aIP4RNq9~B z=vq(Sc#T4xNe61jlmTnFb-yWbkSPuer_9-u`<)<2lze5{?u;RJD|T)>ZpxlNb88_F zz(i62NM%d=wR(CCWyY-gcp*V*wm-k;rH9&5xLc_g1oXqv-VF8j4mQ7Y;HW9d-^hLW;`&`d1Nc&vYBnl;RK!0GBe z&UQiO@%m;O_0%x}o+}nFGma5gWZu}ovj6o?{zsDSFi(85I@U!k!me7$ZdCdKW$|Je zG+!9d92vNM*-M%|dMPVuTLlZyJ$2tv#hR~Fs6XA(xstgcF1m7cTqNa9$Iv0P;f;g` zCjM9U@_!v3DAd>WGk@tzNWrzNj^V(n>V&O+p(S?!!`=LMQ6^=(&G0nltBq&&xq3K@WNW2P1`$-1VomIiovVpIBb_5lirkz)#oW^| zzQL_)O$n%YC3l%Srgdr|E0a=o5{o}iNXy(E&LCraU<(~iWv(|K*1DU7YNqXasruBW z39#!wA8?aw#6iE+$vPu*kAXm${aa^Tk>GPf30I0@kiB&r;ze27H^{K!75tYvjlgGv z7#kV(&!exuI9vM+-2r$VHBP5jq!hmY5NJ$1kHBgirUQy}NGCK1%epy-I4jURP3YO- zcp)k5B9_JubjC3bp&_*K;5Q{T#K`b0n%CB5EQW;+@|HwKn61=-N?OnG9qOprd9kCF z!5lyYj_^z6KNc(N6Aj{^bhbH>_hL75PJXp8kkuHSo^qxF;#OgbdGa+J09e`7w zm#p&=?%^v&%k#$Z9x#1 z&V4-!j)#Ca3^s||>yA*^LY%9FuPy8lZF;!9{AMdk_q8wF*8C}S1}&DA)~F_^ZSv+f zxsMJ$M9=IiLxscrJ*R1r^Nqv}IXx3C%<``d?#)dK->@0(bop|t_?RJ6lA7}7Bc(5O z1;VCDS|gf-TI8MmDb$u_C=Ke!iD*S>{1QH7`D7(!47E{-$jW}QRi~1R6jISKnnx&Y zJC@8YeeYENbXMK$Nvn~wAesfr52ZluG*3GAdL1bnZWS=VXcW zy2pZW#MqYJ$}G{vJ)9b$QsO%`iI^{Zy{0mq=o;AVUUO~jLnGH_eYo)GDJ)Lx1cXr% zD3_YtkZM-c%wlLEy|?-G>7!#XX^oR~H$PNPNvWq6cc2i^E7mmFFhnUru+3j|QX0Js zQuxU1y*pp9Z*~enCJr*luYBuszWP9S6^>2(E%}jbt&7lZ_v7fJ!Qa2>m2K>29Us`n zVB1G=n=A)?4{_F}r_RNjz)v>>fqaKW6iS?(PkV_so&XDTxuom2oM)2SbQYL~DZoU3Ntyp|&kLV%hui`fTFFuf&M+ishzo2HGfUAAP*0m#JGSV#%6pz=E!yySA??5yyYCQd&A zKH>)uEipU!>(#e6E`fb=4NtF#eDX)`cm>VFAH;HD!&xM@|-0;6a5}UZIY5>=tpP+9S^Ki$`#o*zPXKM7%zG%S*+T>0j%dm;ZxjM#h`HY!Pp(I!!)o@zU zz_is=?diQ}t|epF?F`&OoYUX4&&}c~EiVEcQSU$6%$)oJ!fm{3KINdT#XzOF2?WCn z%}a<>R!9VLDSh;r#$p}vu-cT*RIXTVssi#7UrcA9o>rIsC_>6*K}jE@L<31Y;V>2 zcg9?H_v4uBn{iWMwToPbN!U)=yYZ)g& zAS8)z5CJlYG<$%Lr6PBj&0hHmY(+GM$RE{gMl>KLvQJN!37Umt$UN8-JPfngpd9!R zeZZuA+mj{pV$7Q-H)bhdK2Vqs^x-kw|5nnq_VbQ8uDU#0fjDxUca3*9e+IQCl7CO> z^jj$V=s7jdhZAb`Qv7CTpd*!zS+F=dg|8UO{al3h3mI<;Ah&4{vDOLcSoFOfNZ9XB z9t23W&vVA(t$HnSldQf$nS<~s?#(!Acj33RUzI=V!Ukp>-wPVvKJNdvA?kaH1A3XK?NajF=NKxG;uA)wj zcAp05?XSnKw!4RSg_l2-$g`Wh6Kl$2Qg&EIo#nR1vXX7H-*Uu^CM&PMmuH9qDrE?wNN!g0mnl2AMMk6NYge9pK-Rp# zd$jBIOYJ6Uhl61YcWt~u4k}gejLCGMrv)P!UujFe9W5xX+*@gx zE6${1j!{45tHY02EuiurVrD48^I z|!iB(jtn@H@3yAHYc%SwRhPd$!Ov3K7+kEJ&&9FMw+`j9Y5%0QZ~ z1H%R`r?#CxeuAt-9~gv3>@e1{Qb#8bRi~MT-KK70kH0>WWlOP!3i(8IPcsAg%3FR= zJ{%0wW0=A2GKgl=G@bRTsH-JjK=6}Zi2@+{?E0LY3w&3&^pvTk&hWL9d8u72Rl z!KhVThT6b+UclnGI31?Kj`h(3ckHgNR#+x}UlqD}h$41yw$T|(kB9}*cZGbnj#L@?X>8==5pSy z$@|voBa1qmejd9|#UnT+bQ_NZfXRPR`~2RqBhYHId(ckxmQToM39dtlU!b3Q)!>My zR)U_do2ijOH=IYX;_VMo8n}xQo)OZ_pgp|Iu27hK?`tz`_yyx|s z)t}*bnYTfM-lF=x)K>M9#OI=!4u?xkkwh!AObI8K$_G<79o{OXotb_NHTwxXl*_J`FF?CPJ&ud%{6lateS;{it zn8&`S&`9C(W9=6xYU9*^<=`+GYQy3G+b$VVi@GZ!z+9`|)P zsY~}pm#eNg%Z@}^e#}itYn?a$c$^beJN|pj{pJp-jAzPhbPiw7dI?5p;C0q(+I$GP77O-&rw3^?*{7SfI}iVZYMOanMYLz=5r zXhbVpukO(?(kn%*?wQu2g?QoHBWaC+D==&t<1H@#WX%McDNyeT3uMgt!{%IQ_1(G! z-cQSkzatMk^@<`VwuCtytSnZO+RR5^T)x2rCL0P|MCtO^yut4K#N2#W>x&vzSy|88o&|UF5#Zlu%L4-HD14-HTugwE!|Ewlh!<3;*l zRJXEmu@~+1iEpO2{T#&(IB=t+kp7YlYV?% zuiTJ7ei~`xPYfqcTmKG~sG+O-y44#^Iov3ktSe|{V(kucYk~?pr@!tkT3fl751T9Z^;f*ULl{Ml<|n8h`HC4|vkV8!k1ptNySP&=C`aC)B<3A!`dC>sS0UA$ zzI=0Nkkl<2l}rE}Qpf=yhXZLKN*~#%N6j&X>eGzBs8yKfJX$SgQoC(>Vst`g@@apx z-s}9Domrj0sw3xxU>Qo`K$OKM&g;2mVIMx2G>uyV-OxO-@Zd4+7l=_n4obJfr6bwn z10uDS!}8FWpNT5>WTVyN;w?ZbT_3LvwLCna-TAC3W$DukBFM9NN zjW>nQ@0poD!T(2Kjn>0bx6U$!>iO*=`D(ah)uNa69mrPU6x22BUM7@o$zN(iH$1Zg*v!2Sf%YAuN>S>DS^+C}j^5o$s+wI^ z-8N5AZ{H3KMb-aAzM2_iwyP|;n~zszJ7Tp1x86c4zoNG60eu2H$(LU1?`UPPa-=a= z+e^x_f8*y#;i)t(Nx=_#OJvd2#m{Gug#=bg_lKnsO9I<$z3Ukq0~xUy-iB;JT&2BI zem`X(uq;?Xj*9gg)fbHxdI~R(y1og7sjcINo3_L@5AB?`feA{`8+glvMI)a>HI;^o zL6f_Nk!AZ9A91=*sB0EzEi;_v;%2Xpa#t8;9<8{iBIvJ~Rq%Z#R_e2JGV;+$pTJ!l zQ!Sp!GL$_=IhWL(SaZ>zb5WZXo=i2?)n1lI*}JWEjNRXG8)EgDcErdE%p0zPIQP=R z$Qqy0LNUukvaDt|iat@y=+ZJ_+0-*&8!kIJ9dU;c`c%o4^r`ctQHd<*hG+ziS^T;T zOju}3ecKr{<<-{f6uFS+-(V2a>#l9+zQ0jRQ~vT-isE+*$G{e4wjemv`)~0ePN&Ja zLBE7A=zQbx+X=mtRdqF*rUk#Cn?&lV8gw`0vRbmEB~;b>hDB&gvUwU0cGUdpo1b>8 zm1_^ocm=1p0j7O4X=GL^AMHb)a_ji^pl3QC@Un2h7i;)=&IdajpOX_-DVZ=1y0NY2 z{z*P*Fdt=7#H0vMJ2e~q6z$uc+4s`!gQf9Xm+|g4Yf+1e$-;g(OsY~;C%c?96GLj0 z!s&HkOtJ6`{pHB@ar2qaVENNe7q-W=PVx5J;NcT!0ja;PNZjE>OvNDvPd1xUid_Iv z>*%7nZVvhLO$PQEciYeASVvDUsfQoQfx?F4>3-!{oE@k!*yfMY*wPDK#N$-nz@y=Gx&J zQ)4Oimp4Y6*q7oMxfg*Ii)HO@c6D}JUHwHXf}`xH^+HR>41}QyN?ouwDrx{oI#5ma1>^i-#;7#IYB)Wp0=tpBJEmjKTZhot!lZWCdCNHtfGyllce|i3d zHMDv85V`pzdpd#lXz(pJ=11FVy7BynW=kHX=!y@8|43-(#AG#u1}j#0rk9;5I3Ja{wn zpA8(1#AjDR5oV?J`?*FwigiNkDE3Xola{z8rnG+eK>b$Vj2_bTsyz`WyQHGk(E6RC z{GBHrL&a`E&=^tIF$w)gqWjgvEpP_<%!zgQ^JX!0aO$nC{_JvI=suQhUoVB=nP5;! z34;iyK${wogv*;9<~Y1E0Cn4#;oxm&D&z?3i`Q>!xUb*v1C=jGKCUZXOiehd-)kUv zc`{YWR%^HId`zp;;a^Btb|Q$&Uyry>{??)#Lb&fv<{0cBsjxrUu2X8%S)n4_k(L=e zY>O^~>K!D_3AE_F^B8662BW(U$hvw=E7@%V(CIOQnpc_#l45f>KU%mu0ga43KNpei zIaa9lYj78Ts)cdo=hBMG7(AREMVa)_H6JsW(5*+NM^%3aw=Ivmn_Z~jXYrw0*FLFB zGSb%BrGbS)kl+0gIeYTi0@1Bc5>C^E4d4%ama}1~ItS1q{hy^YRtLwFtl=0_tVd2b zZ*7g?c(^5(f(@=5fT6c1-+uuqot(}PcX{-t?%P-I5kxE=c^#WFBdvWI>2vhZ-eg^7 zCimB)GW<3vKzN@ggHHN6ZMrc?fr9m)y}ot>aM}?)Euc7aUvM%Ia`cZRKI()JiY3b2 z%E+x)U4 z&dO89g(+50$Qh&)#dKe1{?M|IBgtyO83zV8X}5N`^^Y8X%?SsY01~YZKdmd46Vr}E zf2FOcMF)>ajw@j5x2@B4p2a+}NqpvwN%{5Tq#Kj%jk+RvC&L%fssbWvimN|}$8G@n z6X?h7(k>ZT&%h4r6YTu_#u;Fu5j|n=O{*MtY3d43cw+`L|Acn3RPJOw9+`3Bv*k=> z-nIlhzgviprKOE0zYPD+c{po*W}8Qk$j#%qpN07>IoNE_$C-~Ro`bc${xVI^Gs;7> zq%^y@vSO{{sVBHU^`J`2D{ldb_G8ZEk7Py`fpG#H7?+r<;pSy?W;#B!5RZCkCCC9p z;=7~;1;D0Ww0l8K{cUJnvCu^7zVvhr|N+R-rEO`1u0ODqvyAh$_72r6WnfG2HwX|VYf!U|C1DPr!^1O@f%Lk9O8&7!m zA^WSA^)NwU@_3zn@&Mj@C_=5x`^e?ISC@c=HNX67XRXJ~+cz6ga~?JvC5(;na=b78 z!~#;ZWL>FUM_Lz8=B%^P?YwC$d!D*dt~_iy5J7+OCh&AK=w=o}(BI5q^7c-9-nJFT zEGiS{_OzukAlLC&e1sxDNd$vFAbl70I6&5#M1-p3s1tKFcL4&>lji2W+xUioiG_5Mi8O-1*_EQo z^SbeW|CPuAi5kDV(sPcnzc||-uSq-WWL}o9`0(*Dx1FaqGNh22b`5ioFuS^H#~Vyj zk^PV6O+gEsJua_m_g*9KL^5YOcw7%S54~WTB!51!id~dz=fnY11?)u0}F1E&Q;z0jLM5@E_LT)}d4n)humh{emeTD;W12+#U6F3ubYP-V-xL zyvxS>LZ)L(Nk6aSePT*SQ5tsy-g@l-S=n_?IBpPWjIKNa{N<6d?X&*$963pp@@!Up zM)u-s*WllbxFw;={U_YA|43d8isNS87`oFIG(WSJ**Xuqnu?+8f3bXiDEL<9g9;Uy z(m#^z#TG_e6LVRhZ9p2W)1U&)hx@|~wk<=aaEVu`xAlHh+NkG2XGqtX@X4erVyb9} z@c8nFt+e=-%7sGX(60s0doSqSQvLgj9!{klal0o0#bsGiAU5e`1cPPYV8P&F-mW@H z`gA?M(-4k?C`#SK^@-&3Pb&#<^i%IQ&pngMw8-;(a9#Ad8*S{x9pNfN$8+U*Dil$R zChhKzoBolwW3j!fgR6BqYc1QKchjfbf2QR;DOPfx))mbp^^5DQxrdD4o}=)13?vWZ zW>+JIe{#eMdLAr8LlJ0TBwK)>b;-mm@Eh;qib|CXFEPh@bh3aRzu~1Oy6S zAmF`$os*>OagrAwv?xwhuNDx)03%^2+w@$anC?5?KRR7BfjQ0rYxpPSJ> z1ffME$XxTnOTeeD{rgP88Hj=%yoc0E(ErA*;IeOEoUz$Mw$6xsT9CK_2c7ZA$D&zs z>3ihJD0B?nrVA#noWi<)buB0DRr3c{yqo>~b|CvWC>Ar&zo_om0O%><_F`MJ%l%T? zw#p4vB9+B^JdL_Tz_|ru%65?29(fq$G1aT9*74KVd4xUdflt-VHxwYYbV6LH{Sy;s3=< z`G51#|7^;uplupuuOHvwlV@?(-f^*JP6_F^OJm|Oo5qWLXDbd}OV?DykT~*tLHzWO zdS-={Xc~qZ8;dZtb@&`xGePeLT`lDsfWo!Chpp?T_h-sNydBlxgXKSFT5oGejX2s^ zIkPVCH6IVFUVJet$p|d>!{Dbp-1fr}VrO_t z9f)vqE_MZH#sOPg!<#-b&zvKROUrcbD8<}oaQ3034$uKq9HtAT-a1S@y`jd*=N6i5 zkw=UFwz&Fzb%r1TZ_`1`;a`6bUCwa~q@2tc|7lXwP!KQ^CS;QWetX29XUYlGz?`6e z!BXtkQml;IwglLJ9Gv8;g=ePIs+xzTu&RTozb=Er1zf;$`+vmEk z>wUdnvV=bqk#845m+mb9>Yo~jY)U5Qf+n0%W(<+Qy~(RybJH!c1%RWh*V4EzMBlBw zX&ElHu{a4)>xAu=AXXAPb%fJmP-rH1jf&tT#-=^Vpj{&_+jqv@@lWvEi&iUaDBLjY zXFwo7#v*7uw?X-mvQEF71M2$@H-ycAGg5*N=0cm*d;!ehSljqMX$bVTTJ)hnqsMFR zNYtz=T5?|_qb3!&Al~72&e-%_!Y9(KasW3CV--W4ye=i2s`@cvgR!#k*+UC&J~#o+Hcz zVa`oL6L50);!6@Gvp~&M3dEwKW};eCS3HXPJ?ec8GWZ>=yaIm$oa8{b;jEnOjnJ)D zt~XmAOmmBXM0S-$#x=$^41m^>Sn&x3c}S+^WmUQTgKjrv2caFcQ!Mj3BRnTu%xtO8 zqMpvjJ0Mor8`Sg^tW{YFu?bbPQ17z(7hrj#7f+(Q?C0pXBwfH|0IqqQ!-2Xrd2p~P zp372t0rxN_H~ipPBe^yZGhC69p^hk9-D_QhdhwZex zSb$A^piMR9mJhioY2q6gNSs}Xb{1FYRUb50Bqi^O$(X(q0*`V=W%vvxu9qHv=1O3qB}c0jW?2)BxivaCaGg|V-P zathN`aqx6jfV}K19)T?0i2=jb-$Ks6#b*o#b?i_lLhPQHBs74C^dAE^xk)VgvqS?e zavbY=@+~PiABV2?<&pfCi1n|pi<)oM_ZjgZoyH`us zneJO}P5W1zHmv{RAUatGMqG&+&tFO3XsDdt2>)t({EPqQ(;GTdhI|JfTp%+fRZAsV_^H?AOv9J^QTLK$6On@Kr#Val`fP z{u44|$(8uE__3I0?W>!nC)4EuVMlxUDh)hemVX#s-4njZr-GokseKQBE2n|~V$_~j z0<*ju%>`zm4&MEu33yEwwrzpJ6^+rR;Eh+x<|SllFhZDMk3xVGRrg&Y$%NL8M)7V1 znX|a5VWIYylPxm-nA>0S2i$u zjQEo<@hv4^#{Qm$7f$D<&riz~zl^_P2qV)^##9`Pz7{S5u0-W*J0Uue_MnZkcepr@ z+TjJmfYogt1ai-cbPi^pVL}EOpo%G#=Vg8fflW07_`yR~lA9Da^+yDIs%2UFj%1_@ zG!vRkFT6f!Id#kiG7TvD*+h*n-*x?J`y^7%2;&ZOsQiPM@0hHwtLSRf#=Ymx*|7v} z(;O@NF!$nF`sQh-vB{N~;!Lo`UetAEKQ1J6Xv@H=m^F^>*p$_wH+Fs8C%~;3_kQ0` z!VC;0Is#=LfX5=uq~*_Rg40Q#(Sh!Rk`vG4jdS^Z?k;Xe?c9_t&bY;|IDd6!ikox$ z5z8}2>r0;<*xA&%&)7Wq(~I{gs13q5SLsFe)At7m{Bbmxr~8+f8HV(PJ|j&zLAaCrhN z=0KMW@WGTrY>0PpASiagrVF-7DjW8k5832C%T;>68N49s%JKe#{T!d}exZ?AVibpB zN&T6#Z3ny9UuX(HsmknkXhz9)m+mfVTasXlaF#V z>m$6wbYESLsyH<*q1~&eHo88Iwnr%GxpRhhm#v6sT2*ePBzdZT3iS+^!O8$-(z6wV zTYW4XF{tt(>CTnT zyBa|XG?M&uT%O3bE`X^&7^Qk)W%rxct@ma`cpK+m5}UF1i(H6s_PTU1+VZV-zJc9IL|9p7f$5sp1(=dB{U2 zFGKk7NDJ%&*H4UW*o@yNS{xi)U+O`eV;_iyqiA)*hLC)w`x+A(}c%%&OJ5SW+oo`q@+#r2XC&&1U@L8JM~KiYgs>^ z(`m6MM-JwdBy?##E_&ik4I>)K`O%W!L^2bfuBveo7%SEG!95&^C5J0l(OA>2YG}R5%{% z12k|V7kXGL^My85<0fQdFJZbsQTceEWIakeGe7l(JC?@i++8V_!NR;=4Xs>PKZnk4 zBXIQ34Nm^R9{-Xu3F_-vR{Qv=)kbIcPo5{+J0coArr@T|SUSZLF=tzKd$xH;4Nhwu zPC-sxzXoZbs;hgQlooS>YSino+W-pi^_?nF6F!!zWrJK^0+ZZ9aalw6<8P_F6iRHM zOg!ZigiINhl%(qrt2!1s_zVloG?+~CL-%3P6V}z!&%FY-jAT(naS9gCPlj9B^7e3}lyZgF9clB3wZyCJ5b)qRs_~^E- z=Xt#r5?tuNuV)UvAWehWg$qyH0WaRLpXlm+t@9O7Nr8`xtMPyAR57ZlVKTylB_rVAPujc&>7$g5I@M>cZz1LDE@KNzLc62MMT605G! zK5V!792=1al@A)mDGLBNY;N6$BtDzUpGzRNjqIimoO#5<{1VRhMj_1LbvbZtIh&|_FU@N%^V|_p5CH{RN9(F5pz_BJUQy#FfjSi zZA+YKSz-*jn7l@nJMBON5RuvS6@<06`+yMuYGQ<>T} zqXDCPfS&H)v4jV(=C{SJf*Rq9YYK2RpC_CwXOSO9BZ9^Ny2n+)HRM;kf9zM718PY-_jKi?U0qlBWl)n)I^=cJl0Sz_tDM< zn?4Y=V8If5-|fUptqcQ=?b)K5oy~NONY{SQQ=Tr=o39XQGmv(D9H;hrBuTnVx_Di! z)%!iv?&%K3YJ?kstL_CO?_-dtr2ynPXktH>qTYJE#(a&N`^EZ=PxFv`kXymmP6*7A zN7V>xs*|xvuC_agmsV3UD?&rW`U22~YpZfO_8-u#Sn_=Tdze?_@q*$&p$V5J1#`8) zZ0my>2GV=YvZGMiHG+*x%LaOH&oWx$U{HUYb;A(y6tU!h%Q4an&2V>VsH@6j%}Iq7 zg7T4Bg2g8+2LzT)v^X|Zp_?SR2VWM9M^bp%BZQiOkd@d;At4RL5P6b>)g zJrln=(3`iG;>>H1m;DEV6m`4*SinIQqv5eQfJg^Cqm^|ap@(Yv(s zmsOiFC!Tl>r%09JOmfeV%;tmi1po&5kGhOvvn2h}jv{tSG>h~u-3O*5%UjrXlj)kLP zV?cRXkuqkWq+ZNf)43;N1$C+X^7R)B!5aPa)Jh8`{R+|&BwOe)D9eyi+XlQ}KTTY@_{oeQ!aVgAi)wP>KEtnOyhMPr2c)SS=+CJ445Tm8SwTA$f(zEc zzU>BYMOk;D$I~7Nf4Ixp#pzeVi+$I+T3}h4@gZMopUIt_R$E=z??5fV3f4$1yWZZ{ zCqGs*IsYg$148m^08`kB;~A!0GGt-4A8#kt9KCxt^HH|>rbNeVJ)kEp z1v%%4ugxqL1e&fPLlab<4Dx+fKp!I+7yWS;+pGO}#j5=~%9d85$?S0kVBN7s6%y^j1z7+q449PSCw0(>O|-^u%Q z%Uja5VOk`=pnphx{=k`8Qvdkv3(<;Qd3qup8&j{11yK0vUCX4M$#1w{LQ^u5wZ_*y(oHoE zI7H`I2{p8G>Np9P!tWn~BCrW+0|V-2KXwIb3B!tZApOay$%T9C!m6Of=wtr0nI*Eiq#DvuWm$df=e1&G9?(|VNjT`Al#v(xH)@-%nqxk|86dAW+))pscb!bY zF$y)d7a7iIt>K&H84&F_8TdfQx>(=dZ&XN%RQ29oI0`a-M@x)?QM!hbak;qC_3&nJ1eXnPTlwoh|zU8L!1{U8{#F6+msJh}sydTKbblJ+4|<#G9AFxh_5= z;?(2g^kDuh4oFRgWU$}5wbXf1x57- zk63rEWgybxwTJS~Y|PH;3%gDk;_=Jt_ZmX{qUF=;uNqBqfS5zG58k?~AuoK1?4GR{ z1>saf4`sbi3_j-C+f|J8H%UHN);+mdg8Lhx4w*z+n?)QrEWQ;@v7Yc`a{>f$&bKx4 zZ>Tu%(R1~!16Hoon}XAg)Em$Qfyx&+%QF(yhr<3ua%KiN-Np{`1(~T~Albz9QQ1@{ zPov$8Md-OZqD#!df`XAq5pGZq9DmfQmBXG;rYEJwaVm{RZGTR=j@UkVYxW1vy?I_( zV}R8X-1b5#(+PpL(dYv7f;22^)Qomk7+0HOGt@EwrVX!2kk~H)5Mzej9g(AkxqKofr7+a~G+u!y4rUyxSF~ z8RAd*eFGme^dI<;QB8DTu>s}xjKnn zheiy8w#M58yXsN*O~Ay#=gID&U!0Ok8?$ei zFcqE!mQ~7;9szm9<;E&aE5-wg$c=$K5;J=l|{QLUJ ze{Ui9{{aG4UCbw$mbLV#H@%f~p9!cM&0V1iAgg z4#smKy>{ zSP%HBA^))jTrPNYM2u^b9{s$3Cb6gO`1nm{%o_u z`A|1`PZx?QX7Q94o~Ez)X19oUxhJkhoAdL08A=ZqQ1_a#@`nh2)5tF1!B3&A2xD)O z1?)Idk-2B_4#ygaXvx>V62DHi)8IVhvRP+4a)XM$Ra9zOY(Hp6NiAx>0FfK_aY~_x zBn>~>@Hay=Io+r1dD7Cl2dFW->d*(zChUrG?wh>+u_3ktqCm4}mk)G2ws6mwrYN9g z(vMYFbdG5iwm|G)G$Q1q!nN0Vw|psC*PhpJv8f+L^3FGpu zhz4hCIPxsLEYH8yQok(z)N1Bkb=g5K=lH0^{`^HGt+`T4s=PUqtFA(C$?is^lHpkE zn5l9hwjwz9xTK~oE=r*ew$DYBa5=fCy~syTJ`Td&CFmYiIAE(GAcqP`?8&s{#A{h*134ua<@ zcA#`KwE{H*<48I+j$b=cv48OBhE_Y0XCCP29z9rhH}5_uOD(o0dc(^%bVRfid&5T2 zww1NNqp1lquQLK9V{0_?_#4w8B9XJ1)T#Le?5M;(-qc^FyX{0E)7#An+RVW?HWP)wVyO$xd*?1RB!}Yl7u+EvQW?(6gcD zgdb3_Rrh?+G;CdfWqdESKJPHf&o3xS-hJCa)m1@A0Kxh0;Rq{ZAg|+oI{!JoE@6?^ zRaR1J@D{jUmnxDdE-sh2r4+N!MV_C1M0D3&{}pOz)WG9`w}A_d|7Y#bVv=t!QV5b8 z7=x&u)}^lVzG?r& zzC#ix>E9DV{H8)^cY%g_&io{4H^lf1=Zzxcco-4gUlZfnre05v#6D{_p+e$}#b}wN z{ZQI{{C#P+R-YG=cTYj;LZk{ip#W9xcoU6qIUel02`6xjB^luU@2|t7Turv(Hv|a_ zhPI7S;Bj-39>q5U0Epb%k3O7Td*3;Eh)f7M@}XH;nKPVCP_tFLh6Qe5xzojIFwvBFV(I(Y!3-F3nNw5w|^1shAfq|q?>4lyM;);EgcWzgZc zFz*Ul2`eDU7MObY%gj*IX46MRr%^dzksUY{rCe)S^EPy?GggFXF`0ZP%{km%q0|df zH~w6J-94u%@s`{P+Y?_*>vGy6+Z>C<_w5mt7j`Sz%^ptSn6Wp9Z7wKg4O!1EP`xV- zO=@PmV|LG~aaH$-#>b}Ic*a=pL}<#K4l!R?>$Xq1WRrjPk#HlkkrT{~ROMjY!A+={ z{9sAtOP0kk`g?7K*RidG6fVRT&juNb)icbfUy@A*2OCh$|H1p3^IO5@h5hZsr2pW)e9yaFGIwJK#H1+7%kZ< zPeJ|NW7rx_l^m3q4S2%$xy0%d$|WkcmoOWfA`*o0?JT!Gh~Vq3^nD?&?PO z^>fw>>Ur)~kdy! z@lxBzlKtthelL8J`uUl#j^4^&O21vW?JuM#Xba#ElE1AE>K{CtU4U}j$w#Uk;JK7hF^2(MdTh`_;2? zfZ8=P8mB_=dMKPI^I1y^B-SaGlUSkQN6QRgBRbcRKfqcIBFPP%q%89!>Df;$tJ#?N z)sR2XVJxVDBf4NAz^xl9iS38&lGNsSC5o)Qmd*kFc_l*kE zARuN)RU@$)?6qS^U0?iNTQVS4Jv_Y`g2`uEHUkOnNrd}UP<@JgseZwXSh-sFSj ze0XH4L&d`i01>qdHmE2;={aizo2sKs11k^~6rw^u4(~!ew(JB*TYuk*XN*G{py1{T zh|aP;yv&il9{c14xU}Zc5GE#aGim`AHKYM+5}`YwHSqznkZl)91NE z!UYh(FOfwUj6OVh zy1X4M|RX29eh zJZdoc5g#>GKtH#+jSz5kWrB(@a-!S1<G+LM6yXAR2MGs+v#~blFmJZZA4Xb2CM$U{`rUp7tRQlbLEQ6TeC+t&=7TeAdFIM& zJ!`?w+;3zpCCO5tZ~t*O``1}8;LXub9U$V$$0wiZCNZsvjgnYpZPl$8hLwkW=1jja zjkU;K0Mi<$IX8UyJ+0MQYj+TOso2cIDOaVYy98CQ(DoMAe{`g4H)H%jlP;*`@jLMJXA~5il-c!+S9hmcdWo^&xeB3P^#OG z^{Q^6p(C6s@v3?lyR7d{wxU2y3(1;tfu0`^-qTNLc%}EcH_7=v0~f^8CNIG5;&;PU zxjjS3r6wkc6b~ECjt$CxKNulPv`)K6=7UBryhA|}@)jzO^I45%XjVHUsEv{bEFmFx zI5;`DAw6G>iufYxO3n5zAR|kqbAs+aj|^}9bZq!)U00&C*2w5iS(B~b#Sxa!Fu

  • v)?iaJWPM~J6#O2s@aC~os>Vqp$lCQ*KQ#68BXP$*;z2(6;oc`CeUj zM@;i2RA&Y}2N#;}Pjz#YhoW@pi{h~qnl%v_!K`4k&CC@6Me9I^U?Z1`e`*K&SNlUx zgM8uNN$sQo9=W>6R_6;)Y?xDu$CvLPt6l*!?qyXMxuAEJQLY9AS=8b^>$CBRl8cIlu@JkbLcJB#JgUJ_b*6`J6dUGc6*#*2Kh#wO``mab zxWO5HEeg4PmFl}=Wkv3zq||;*^K()NHLrS0BGgkXeE0q2H8PS)H17g+o))m6>yq&B zRd4%4dQM6_&8nr&CBjO?r5l^sga$VtLKF@yfJu$;af5ark{Wt|X9)nGSCBnI56c)L z$dif>>OG{w3W@J@LT4 zKMtF2FWoAT?z9d^9OSdkk)kIQaQC2=VC{b59kuz2u908j0(zd;8C;3Yg=b<&1O7t{ z#{XEw=`yAmuz4SQfTF}b!F-FSp&RSYUcBN)nLB*mnv@Q=z79#hKs{#?nVy4wS?`fw zz2EL6KQ9XgxO{e_tT9k=qbf;VvI3CtA#R6bVWz)6lpHF-p5Ig4Ulg+`AWt@=la%9I zUYm1mCYunmo*&aJ8n zIV-{E-4WBVgs4z{zT00$vWP|C)sxBtRe zy&W@qkMlV!?uMc?y{TI=UWQ~8ioNj2#jy6uD`*oC<3Na`?x9S8vnIm%(7oN#Z6)7>nFPQ*#$RZ|0o&n$5@k~;{G64C5xl7@Ixg_zhQ5Ukps z_-zJu8Fep#B7L5gT0auW~rADINs_VQ*6<&q2 z+Fs7RuIK;{=PD8C7qw>1A5oSIzewK$H4w>>43XdP0X_iDqo9=Fj%wE{&sYn zyfVVP?x>-mS)GoeI2gv_eGB(hUFDnjzJw>+}$Q2|mO9Rz)@s3+ts?1s7SxDH+wGkM=7 z4sOhdE*h_xPxFM}r|uW|CxVtXtvKFo!e7L}Q+m|hrxpa`GpvM$O7G?l`y|9hxKz$~ zd%5%`b_Fd7WXe;U!+61Wxr5)`mECV$Mi`<~Q6SHP?caIW;+jbek6- zJ63ugPIbF`>CVLj!2xv5hDq(_$aL^Kjb2ye6N{TuVwsXJFDrO;IbEJT zn&Tme{pfwW*(pJ6MG+{Xm-lpaq?)l|hSPc`@dKWPi8_cfS8|lHK=PBk?7^*?;#Ae4 zP*Zoyc8pq2wEf*i5_lF3^Ur3RgVnHyW2;?* zC4}aX=WQQ%b5vKv?zkvVvDw(L1JqLlPejLM);Hvk2+Z zsWC;D%;r(`+N3!R?MxeEex>M;vV@~dF_*|?Z-**SBKhEfyS!mPI~afQ-s*R*S`laZ zn8z9&tO|l@h_e^7 z5nJt>#|!;yNlqb9ABT~`SuyM_={hfzxpSsF7Sbs^covF*u-=y^zXgf|;^AZO%8k5} z3xU*Rh?))jLCF9)Bc>{tl5wi}8oDykt`SR1Qe5PJ z#>wKj1+abb4>poZVLJN%y~OjcO<&A-xBY|Y&%gQq&pPz~ez*RwgRI28 z{*8mKXWPv&E7g z9!q39HFo2Xb;>UVh&5LEHR3l}^`lVQl6mv_A*l23AJlmG&yW3cK>oQx{@OJE7w(0g z;;Yku@;_B?v`TAACR(kBf)*n0<|D0Eq?`!_`sQx!6;y?J6$dRO5 zfo)U0&RK&o8u88z>Zt>kcXBi!1p=(Hk5m`f{lg`Fooh?BVAGf7W&8OWPgq;_ATCzANABKX@krc{jg)_uf1i_=BhGEVCP%e=4&dTe6tj zeN)DMw0+H7{0FZ!p!yG9#Pwg@hLtZ8a9P=g7e&5NkAIiP_7?s9``oAZYH!fLbqvc0 zW?l|Rf;4kJI4*>4rOMJ0LnVt9{0^&lErP@(8AC5m4l1)y7lF%kG4L2clO+3xIF6r5wq7i1dv8MP!03ZMm)}$QR*VpMOP-Y9O4X>#o?Y3H zviuVN+paH(iu4P;f{7meyr|fNXq)4bxr(v2x8-m3S48qgHR#0WI`RZ2nl|!!hbQ80 z^ye2MrRji5;kIs8DU9Uvj?Et`-@Gl8cglP|IxTY~Q!M)Fw0GRM(5-EtSx;E1r#n`=);2uWv#~q$ zI300ern_1qAF1{x2(E`SwYrJib^a9MCH>N9+_8F)ua`D;iHR(5XJhK-dAVcV?CaxR zy0q}+7a}+~hOzN?=FzG0Gj`#Gfb@MNajj~SXt_4*8s8W9qSy;K&F)Q{aIds#YTnbLv# zAEFzF%+)t{8y{O_DJHX_YY=0ph*pX!jwHCFF+%x?91N}eiPWW%ln*Rr*_pkBEzwE|}9bIcPk0dV8bf^~64W>$8 z%w1)*_E2rUxs9Y1lQXwkAG^rt@7@eV;?{P+sMu()+Z%NL`3cit6qu0u-0+3h4$S>0 zW986UB^!NCA!g;dOG9T^;rDan!>Wm0TF2_x@bzT+l{}i8{)`2RM2q2HS~5?PqZAO4 z4xniFg;x8(CaH5RMSp=!vulNAN~ZUn`;DUK$9567b!@fby<$HBPo}>YC{4x^;1^L+ z%mlr3m^``Ty7hTz_xV=cOX`pHY2iJdexJh_aeMFWOAk3jg4&OZUOD=+^O=(h%LZ!mh-ESCSy z^mhO0ZrNusE%<1YCzzw#yG&h;5lHw`!jl2W2>fjN2k%!=mzQ+lkLk~dqP&>LSGa^5 z)0@D;1jf0p3+(8*>yo6gURT@oaM?^o#5#@FlXug6}z872Ls-1d2~mDl?o^!V(h zqcc-oSCd5wfG~#C{533WT4zfMnfpJ5!msS*8p zW#dAJ&~@~Yqm*U>T^dXa*`M_w7&A9t?H84hU7n_OmRSWd2)$3gmnc=)8hJI6poIgA zZNqwwzwLqB#7nMf4OeAM{D(Y!8zd|l)=jp7)eF&B7~%!lNlJDCyX>cQ8TVW4C~7V}%&Pqd_I-$w+iuquF0#&9 zzP#&B($tZu8I#b6KhwYU&>krPwc&GD*-5_2v~Q2fH+roPemd2|pZ4_NHOyL&Yjs%= zUTh-mr^KI7z2kFBviogYD448tl|pi5CGcQlsqxA`XMFpGOyT(J>a?+S#B*yQ`nJ{C zUVGa=ct2?ljw6%PCjDjG-WVxmtjuWC;oJ2o)f1&8Jn?3bAE(5)-4cf@x{j%!$<;`xbGtr=;w>AFH(pT^tc{K#jhqqiXL-*XYJWf*!(V5AJXWT0&{l@2+KQh^B!P`#^p*&ho7!Gf9wZ3M7h9Cl+0Y(UCe~bEGIaY<&#`&TNH^@q z$o%U*3bMJK*Q6ws0bL{!GB?sehr6n@M(4tF%n1j91e|CwH+Kr-dpQ+i$_Iid`f6eg z?JuztX3rV>XZKX(#LO^U`IUf<(losR4PTv&j_V4B5#@Bw-Zp;(*^7e zP?C00X4Tt9@K^9R?+jhmg$kPpzw91wH{eU!pwJbpY(~!tN@{@Af!JdZjS-Hp#`GIZ z_B|ewV+#6*JJ7$I{J)<3|8+N-|FT%aw7~9-*Ev)0s%pGvgL){g;g6LMR=~=scuRIc z!T+74FJEoRcJdC2hUV`isHIO)~22smvd|QkCz< zhkx+OMVU`V$7PNKjDH8>H?t{C4gM*ls1-F>(>M?UMiT+`4ibUc=- zJ*O3ui8`nxky!~0*%cxy90Mo$tVaLA`|ZBfO7i)&pr@H?)NxwuO={<{5w3EZdG~pJ zs&bQnpthYw!H>kcGNi$dA7ipS;(M8Ytl7$V0Luk1MJI3CGyTg*f(k5DKa?U_j7n0( z8wb`XMK5r?rGMG`pbnNF^AX*>u5Tg87dX`uxK>a;V`QV!WDi%1k$o*h)%che$|b4L zND?9}PjPv#BmMKr!{8m$?Puu?pR1FR@S2Zq9o+n1j#E<`ukF{yalbjCEWZ6LUMSkY zVqKI;ui5iy+a9cBv8DT_p8W@3(va5$C-?pp9!O5Z&6g_XbZ?Y;sf0Z%# z4?7Z9N!W`hk(1=L;O4r9+Kc@Z7J04Y{>(@P%p@XZJG6t?9L;o)=C+M zi!8d2S2B#Y;@?JZV#*r=ckOrDRA|$Eg0K#1jTUYh4@x}n$e9ALgHe7q_ty*(28#(k ze|}7Zt%>1-5O6ick zLHj*@xQ$eJF|471o|KT?ZcoDV#4~$U~O`UK0RFbWB7ckEA)VeJra&R zf2c*^pT}5bd-l_@+LQ&eOm1M?jR?))h=~BG;vw;{zh8@+!rnU2?~h0#FalPT@}GY2 z#8l76w{~0Ltv75!ZYbmc|5Mk&e-i@z*L7iDv*<_*_M{Wb8+>tJq!_kl$?8v7^!2{| zA9&3O9nMF*>J=QFgHm5*Zj)X7w0K~(`TTu9t3uS#YDK|`?ouS8*A33{Zfq{ae(c6X zNXEc^3HCW~z;F&Z%1`sDRKyiM)3y$%<;?om_w?;Gq^fKJiicZQt^VL877iu*yz08v z%kb}M`GW`0O5;CnkNBMjyo~X?0c8lAuD_=^Rfe3?onI9I?P>?_aqmQ94nz-ssk`($ zBtOuZqD5hymyQ$v`G@};(tj?Re{PHa=S~{KQ)9jIIj)oqn*9{!;d~3hWa1AzxL^kK znP;B~F7fTdv4L)UQ{ug~Ah8`K3!6etE;EYXYJc#WKmQCo^Xktz(#+zjw5LGJoE1L4 z_|$3W|G9H%tuFB8>XVG4K;-E5dFbqC%>a(<^Q?>=<;->*_xQoyIYTU)bTYAy@c!5b zf%*bmE2|nW_7Sc%FncE9N@aO|!*?Tt-}AYqwyDA1=*OGbg&p6G&xp@?y#ic9LeXz} zk-h6WngM#%f%U7Gr{f1LehHr%d?lq(MjN)fj3(n=87j--bZMot9>nZ%8mQS4j<=Fj z=boZ7<2&<^d*%}VV=?NIf0L5mJ-zsHOI5_Ji%*5+m)u@{y05EdL!y0!Qk`nyo2O5n z?6BGKV)*c4yGe{7!Mqub3!yXES* z56@3qe7sKUcHKYq2d1YNb#`wvs$|@ z4x#C4e52b)-9KWwh+s8@EAjvh(``%Zzr2?J7ij-G8nw0@qc&#C=XxBY>=?(}!_ zw`i6AoPHbYNEEdli!_DB@{a%S%GQ7CAFjq{fB61WSN{5s)6f3IKiT}N_Te_|%krH- z2k~T@ozA(=yjl0-{0JGRxtUrDHPRFBUb!Ccy(;Th&9*H&+=71{@xOa^@imiM8aFRK zHI!d+#%hma(pMe+)yg+xVsEefRQT<<+wZ*1XHH-97l_#F&HU=bx8U8Sc7Ap@UXFBEn z`7rlQb0KCsZ+mTXW^c+z*6u4C?AG+BT5k`2^7w6Ed+xQ$nN=qraf`1^sEw36Ri3x} zOKmF)J&XQ{8%J9OffHhxX1*1WrGzPfx) ziS?+nM?-rwk&I@^(UN4e+#aoNMr%ou+9auGyIq%QudFlOq^zf2r=2@xsdM3WC-#HU o7hgqfYu7mMzW5k$9gvdhoUe23Cdh##<%>Qo!04yjLnE(I) literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/filebeat_confirm.png b/docs/images/hedgehog/images/filebeat_confirm.png similarity index 100% rename from sensor-iso/docs/images/filebeat_confirm.png rename to docs/images/hedgehog/images/filebeat_confirm.png diff --git a/docs/images/hedgehog/images/filebeat_ip_port.jpg b/docs/images/hedgehog/images/filebeat_ip_port.jpg new file mode 100644 index 0000000000000000000000000000000000000000..61a8a567b8c157783dc924561afae84da2f1ad71 GIT binary patch literal 29801 zcmeFZ2RK|^+b}wWL*UkPSHK0RCPWiJLP7%2 zCjJ3VrWobH_njR800=}FKmh;%r~m*GG5`q?(jp~-zroGKds31!fHTDS8S!Eu!lz|U zFIE!rU*c#Y%=R0cNQ4D{D?>yBkR%}m&=BJc;w43d8Hq8DcsYmtO6x5V?jv3lzx)vy z`vv3gu@*$nkV{Hj@~XI$6tVtQDJjLPa*C2NT#~YiGBS!X(!|mvFaP9-Sp8I%-*`Vo z^}8G<#GK#dkRzs_`Hjc3#PqX&12g>wpUO)@`YVr0#PX!S!P^YP3}X0|-;=-9>?!NS zk|*N;4FJX2v**r|Q=B_@j*^ms>O3ROd1~tOEDRUv7_YE$a$I3$XXgTn3vls>^0KoF zUK0|%Dk&o)!zrMkEH9-bE-fQ5{*AR#?NMt=4j1tk?Vu|U;@Q%#*AB|Ae-PDVy79Yo9r zkkOMfa7(J4y$G{D$K%N;^(a1@f>*ulJrlhDJ5buj>oFx2^QFrytbF_efJRi*%`8Pr*e^y`Vp@)^kn4Rl4lvzVCSqoFY-t|qF_{y z&n|mU$tw;2&Sc}&PsI$Bnc~|x73~+v{_hF)_`fCDAA0Q4S>}xgEd-!<0ai!o`y{=F|ND)-P#_P@S>D_T& z-G=P4W)W0NmeugCUe1dXKxklINWjci&N0&(`e-HgWAy-{#_J)aidzVsZrs`6+}MvV zt{g8;`*S-rN58Xs5=|NyL}R^^*4W*n9HY{D=}=@s`e20f1?TUi>(XA-p8$gNJs-dQ zne8jjdNYT6XpY6OiR^i6Z1K>s14nC?E%oojVt<;}IsPb7Rb0frc3R_!uyLG3-Mj#3 z0Uy1LV$kCnr+?aMt_+y%Kc(07Y2cf6$cKgj)dtVK{u2Pz58dOPwguz@vfA+DK{B6u z%l@N>5ca?`1gsu>Vodf{O2TzhUf@H0#RHCjKq89CUs0R@{t1T#U*)7zb)$D* zR?XlfF;26h!)~I0ZDM~A()wLgUm4i%{CG|NCbrM-jExw9|9@Q9KPB>kvUSerd)bWQ zxjDhn+n$fo=3Fa&zVO+tb36Z#!DFNM$eU?lEa+Q`+tfR@8%vhS7cXF$Sd{e@w~-zY zr-1yXtUdC{kP+BnsIPZ8iB@U>*OU&s_XubH(yhPEGs;jp*WY{mcxb_tLn=3Vj;8IL{QEqzRpknHv@P(wqpzmQhYS3R)emp5d<%$l|B{>R9X_kcRbcau z0kAMWmXY=puJ}^x%lNZ_NA0V_aTKNo@*UydwFHz{VY^Jecl$l8>U8X4w-VrHpO4Br zspFy_8`Cm{1MM8E3~pQi4wtBJaxx4UI`TDTm zAzxbl?#QQWH*B{K;}t(>E6vFF?v#Xvrhn=fj{LlO{2Qg%Dzy`Ua>DU`iN_TqGZZjB z_u<*3zG?PV>P-EczHI}8k-aB?r}-upfd{gOac@Hs7APPK^5Sf zTi`5-=@$ioNFmIWH)r&5{^EP zznmR#(O7#e@4Vx@G}bWYQSX2p%Sh81xC$s=I1N5-UFp0Eo3W^ ztrGx(NYdm4@PkN}wczVA#DeN(ICwNOcDF!vp*&>LI0#3#_buzkkbm2uz<%lBX3YuU zt-(*?utIrUbOKPqp8(bqj%AK>Ze|q^D08kFhVDBX`WsXq;Eb;c^lF}cI28dm@AH#8?Q`0VA+Gc z=gqnkaI;h_x}V2<>ZaW_PN9it&eqZ+6pz}bk;uTK7U6Lo05jj^rH6u~F{@)5_sSYx z#VeJs?akfjb@SdMG%43BikkGi@%T!z`E~0{Y3d_j(mCF9OWJXwx5;9RX;WWP?LR0~ z$+{!s=??+AOv!(x&m3}i8m^fQQ!iK~7av%iTHz!?U*sRg{{ zSdg&7YG||A#WlbWllS?T9KGyHnd3iPp@vZqO0a@)`uBOy6<9Ps_TODtF`6_MW?lbbk*2+5G{l57i9k=oVhZ*T_qA7~t=T8f1O- zPk2AvQ&xG(VJ zum_aM^y)bx30O;8+>OboIq-I5Fx zyr+=$N0v;;2Wm`6uR`PcQc1e=b`J4>g((CbRvu=HCiaO-AYy0r4w)R#I^?PoINVA< zK2BSz&VtHiK~>63_fm<-q$*44J~K}o77i{S!@P13lOk(T2$ph zu+M2(K1M)2F->z|b&mkMLH$Rv*IT}!9d|iryGqn&^EOsgaeWqW<~zrHWxn2EiZDMM zX6k7Adtv|T7c*B}4&c?5Tel4q!Fpdzb+hnp%XM$@`Afa`YG7|EK3oRerd9B`zr7!i zG;Zolhb15vL9UvRs=jY>S$96h^@V*82IfQ+z+`{qO;?GYhZFIInrgyqn4l!#*VF&b_Qv9++V*QOK`v@T5tV$Kb%5XO&CBNL+b632KZMUp%jFsVkm&mRQ z&*ePxoL@>k{nM+xyOQx)t)*Ii>@{>$&-gU`NRkeZf(qzu|DY*Ia_=`OaxoA8WaaOY zm3pTu&Jx_)PXJj>fzfm)O2L>fTf9-E$50Gh&+BjNUel zojxITMc0z!!N+`cK|~bvihe|F-nNcF^sXWYW!SJPzT`0}@+s!loHPdE-do%%|T8_Ww~M|tAf_mr<4 z(;Lv80D3bf6SJm}yOK!f;RsiE_ChL0r_Ikh3fn(Q+5W8t;fb?&0ndUKx7h!V8lRh7 z&m8@;wQ^P^PXPC<4z?$!ECv2f?!|v#!s}J-s_5<-)WMD{lSNgYDO!WVnYwWcNkfpw02xv zw}^P|8TsUw(c9NrH8R?hv&o@BL$>%D8Oudab}GSA=iDLmeBN+D)PdZ{v43!7h{G7s z+9ZY}g_V<3=fHuGA9UZwiR-id{-bnP;#}2;6wDblIyUAY1U3C*6~SHO6F}0r%B;J` zJypaWW`*Y*t!~`v+QCGgB2!xx_^evt9;U8e}PXu zmjFgDW4H!Uwo{iSm*d~SHh%-#I(fMh%g7MR0PWm8i15U51+W450-OPE03U!DG4>#)cmv?XeD(iDeb!&<8xm{T z5NkODY>72MfI9$pfb}o+0jF(1EJF-`>ekyqn&?R-29opY008-ylannz0N`8#0B{s{ za&nM;a&m+rdPhG40Pj5htbgYv03g3ZOpp6B4VVQ0&^-kJs+<2zvq=E}YQg}3%cFO# zy{vzsbLvPXbs+kgH}e4i8Z!XkBGKJTW&W$)h>a6}lZ~wN;Z~FViBYTGQG@SmPAqKLuWT%1XrX@d1bkI^!QczM-ou@lbMNLah zNl8ObLrZtz0{sQ5^9&amE?gwS7k=@`p4L1=MnSB2ftr$^H|IJ;NnqQ^G|? zCT>JR@_?ioDye^n;xdnHV!1rb+b6V&nO90$&bk74P2I%z9wprKaeSrBqbEd^?8Huc z>ID9c+G%u(^6WWs3SzD*{V#XK8xm4-@?Q#_=F&58$M=&nF-yYWMvOdaD8ku`QZm+_ zUS*Gr6J%|&%io_<_nz9|J^4GA<=~U5j5n1o6&Gu~eF8CBfOo?vWe5KRX^}GB?TN>; zvStzEwROtRuOhwF^JdY{BK5UDTf({m;m+5%aW8>*HjMBuu5C!1@`4xCjHB z8JKFKC9W#|+bT0Scw!^Ix0Qphn_lB2yCdZI{qvz+eWxf+B z)4^?3wk}wi(}`8F;px*D?fmT;2j%ZP8i;Mv9+ca=viz1CaVFP=?ZNXMs|&bC1X-H5 zS^=fuh#O0+&n9^rOq+#Y`ow75iT_eG&19&knO)Pqj@Y0oxWa2VKI@138EQ-$U*NuZ zedvKY?%ZDp|I*=q#%!LD_>S%-{pbnFXRhLznpb=>?2$YE*(JrF%2gdLXIy6tKm5??1po&aj|L-UUjji}(n`HlVtqOhFgK1&9@b zMt3JI@<=oBSRlBK+ZzIn3YeQNaqu*d5(ZTC<`)K8XUF}ddDO0>`TXM@%zV+DFJq+y zu_obq_faVUW~=?Yw@NI0eBk_OM(5>>ey#hxN)fcIm55BOMOE1GOU&B256oPjl0_MF=iGvIgVHp_z;`;Ok6$gJ1HX)d~9H`Fm$) zMvV9|?$w*=0$I=X;-$tq6d@`wGgQKUb8WRYxX`hDJ;35St`c_z9s$q$keb?WPgsuW z*6ElvN5*_KD8w=(<}R|JXF;Vu%P$nF!(4)MrZqXb@b&JRZ=Gm|&<`-RIjW$fKAyY9J~etIL?xlZL?=kt2p6J{eIYNdQEEcp#_on}S*roMk_ zBG{tI)9}OL?fl8%#Ck%$VU^JK&u`bn2%%QGEo#nsOK3e<^_cBz)ONlsy7^jYh7>$sDTtb&NDgj0>*ymtBY(GMk2zQ0^ zvsxm|KcW!tQ`ew5uI z!BtD(!dSWKm@ErDJtxwDS5kOLr@hen^_>G&LOSycpD!{Ic4-=xBJwmW} zwBt}#j!HH~WPL>8VeJNKOL@wb`nMaHep3l)Yv~2K_piZAGN|t8_6EnrUm8h+DLl2o z)*5?OEZ}R&JD`C%A7y4hCwp>e-5BEx2+N#yK_BZP)g7UHI|lKY$;nLc+LcCMqxhTE zB8mHN$P2Y~3#1GWpl}0T9_0DI@lWUnutEf)q(pmpJdCNE3pFc>n6B%mtt2OI z8{zKfO$5lwF6uz12NL&+5`7ayM6@+2ndzxEiP9ngRZF?`ER|KufV?%jGpjHSLE%tM_73& zPS$!7C6RtEWJs6(&uN=dA2P-R?|!M8onhu*WpDb+rV8@DD#>16>iub$rSv#o}owGEzLWo z&HT;N3eVPD!3c@Xwxc_rWPO1>{wx=Yf{dS2*m-OZPnmxT3tKh&0qm@@+_1r)pC(w{ zlYW)L!}e@LB{AI}m~O`EQ`t@+j$Pdm4U9q+F2kKTD{Wz>_u}ER;XW%S0cOds=ksnR z7Q!NcI$fX)xjo$|rEQ-Evq+JNY!yBu1|g;ZT8Y*-3On~wH13V-iObZZjscHr7{YuhfM3M9M0U6~(9OblNS)D-@&DzaTq= z9l=UydJ$kgs2l<;=hjKa8K+10d}$)MD-Jq!<3}v=AsX)4{8%wfLU?$1U3d4@)uF*^&$6k%kY%Wg0VYVbZ;9tH)D-Bo_yJtW zaLULq;RsKoIb1!mFc)Xc@+#ffZ<+QrA);*zN(0phH+jSnPoHUL#sQz@ro4RnTPJyw z-xw2A)<&jqgh{=W!EC_NSRhCFWu;&)N)Iny!K+q~lx9$%Q3^7AR??&ceIO_o6zexs zdUGf0Uish%SCuP$i-NYVX6+TOWEsY;Tx?ph#}ex;DV4X`<|zT$6k(ec`UTfP%`22q z3~!?%SKgQk$6hVy&G0kI=S)cY7{Q+I?9^A~fW4F>vye;q^<|f(4{Opj28ji6#iV}P zBtNb2K`kMOOusdwwG6y!_O#As`Zv;#f zZucl(<@8FcK96PKHBR@}=HC<@)RPMk;t}2C;aTApE_A!k*80dY%*zO7{Dc+LqytB3 zXBh-vY_{{~a94RM8nwe=##tok4iD7?{WnK8lIBJzU0)Gp$iowW(0wb%R;q>Wq(fPXRbh|+)%;9M=$N?PBq3$jwD2QzSz3TttSUzP*ZJ)_n;ydS@ z1ogL{gIGUyT?xjEi=4p&je(9^aXtNw3g3K?P!{n&S)s)S5Yf)`FGnVV$vM%fF-Sz{|U^hzrb`7HW4qsjW zi_l-H``^+SQrLWDg$DC7Ugu~&LdYoA>k4`aTj&Hg6 zj+6MF^BQ$aqJfQH1)Fcgi?8`VTo=nr#Qy|klt4Oqbh2u+1pR^*Jq4n`RhKI0Y zN%5BAje(puR4qO{Zkh*&Gg)@XpvoHIJReB4cqkg86u`!*{IT1VVB=0!Bl1eO?av%J zmB1INrMZ8l|D}gtEam?Qd+6!EQQY!+(RlnBwFgES&MVELlMAZMZe}1rd8B!i63u2E z%=TL=IHz;)&8s0# zzlKc6^=`dZ&s(RmDdS#9Z^-~U*O(+;N8nHds1#p3JQwX?`S$HAy-xLY>C4%ECU}=1 zW~RzP>7vg`soOU_deoDfedSZw&5P8HlSEPD;w-?#j3JC!oUF*3BzU^&B?%FDR3Ln% zzfku2^N|$Y2r69%_8107ZG82NSZj={QGmD@(oRRILxK31Xk^d))a04vSbZ4}2lvo7 z>MCQ!+IKZ(_?85{XWwMoJ=K=Kx5XB_-BwB<@wq76v=qw#HaBW=QMLjv0pozc8+rG&#KX4aZc#-B}q`1wC1J;T_ z7{5mT;7cAO3XJw0-6R8h5Ntb7G$&3QvtpF5uvI8 z3-N+xN}t8#2Ji=GYTxSN6k%txR`>0tg_pVU4xoe;rT1)xMH)ikKVNu{U#eSlE$Md` zmcE8?;n zg*1n-R_ey`w(F$py=TtVmC+Zhjr9BG(z6Oe(`LaRM(FZHa5qRHl#}SS2&v`It(+>u zJ9_w>MT&HI!~`FS7=ub)NkqXGvq8{05C1wYt&2wgajW9=MXy}g z)KIN3L9E8*=_uF*+l7{K%+q`rJ13TS1Fn8k;(>>&G;S$imE(m$D z|Ah)n!{;sszAWRXk&)rJf`X{vqs5fl*wKT#SI%B{Dq~`<1Q{bHb`fvh2XPnCDY%X? z?|l2lk{UrH(T;DAZqh4}7H46T%#>?KRh1_#Y$hPLujAFJdBzKAdBN~hX zun$!2WB7M&-koa2v_MCe-ZN+NN3l`Pq)#8cp0jAw6uDPw_(=cxp)0nXW=lTY8rbDY z2Z}~nIHJ+$EHiY>J$+IgXQyZv9HzVmf5()gyBiUc^J#&{WJnx(pG_{ywVt`X{M8Iy zX&U%!kq?p&fe;#F0G3o96c@JnI}7v9hNCnS?T3-)_EAb<-Mo3cdb&-fvauEB#^vFa zP=Q$DhQ9olpP+Hp?;dWu)K+2B#t=}vY15+mzN#>vDxF)wrZ6Lp$~CF5r#(!Lnt{D; zj2Ft#8u|gAHV;69$mSY+8JI_KHLvOD37h<213|yMmbKOF7zYVoK5CH z<{<_@6>Mgn7x>Y@d6sbbLJ_6acL)75y!p^x4#5@rW+D4*PtPHrj+j(|8e>QHWZMhv z*P!s7`bV#hV@zc_IYbSAvoS@b-)xL6G*>SzeEa;-S^JT=Et%P~EeU}{6N@YaW4AY^ z9i0k_XzlSJ{Y{LAio2AUx-)omo&u6rCpYphG)?wUDyQ1cMu5YYg57AFLgqFAgyC zUw*Y%#+rx#K}8zp!@8DeZu)mw_SKX+-tKPJb`A!6fE-xeJ<)gDN252YK}qtE_U`fn z)q@JfN>QM8zfIQ=7oNTVSA)A_TpIT6Um4d67NdqW)=csd-0KfMBNsir#LOyZ2U4x) z2Sev)lOrnmwC#mD6g3^O#C@Srt1jQ?tfjTfP_k>LU&IjbqxLHEk?p|V)WF%#OE|x` zWEg?XEDhVK3FfeSF!y?gBzR>;*)p?BYN1hV`qmcyqKi=pn#C)3TDP*YqCJA&epz}m z-=;Ywfn>(Z8k=1%%|e5lyjR>HjxS}JF^W37?{fR^hm>FMNEWM^ zL+aTyj-MD1xA4C7#0zcpH(m=KTtr!k&}|qHE>Un!7VS!euF}Z5qaC2j;)8vq&!=CWXQF8!Gp!p#4GU1Vp?6{u)<_Q(#Esjlm00=7!i@u- zAhemBMIzC0z-!5m)8tY$9KgF3eA#BGK`k@~Sgs(~@X0lbCHms75^^x2s2uC%)S1OS zdR|h_sD}^u0SSkXi>5n_(Y(#Y3X68{cYhdK6tuqkwyDl2@YbcO)}l;d$9|jsoLY+% z%Fd`~VONl!J2~8Bo-VzN0}ngsz@wzQ=Q>su5ve!k}iXp zC?mUY>KW}haty@gkKRyB;mvhZs%1#p`!OLYxR%_LxQHRDQv zvoxQRXa(^E%oa6LQ0Rc<{%%G$_a!XpxKgrO3^S+ zjbR$6jxZtbQ*xCGAy<`e(Py|PFNF_cgyV%3t+K*VDpi~>!IwmM{6*{f`TTRYG^09|qIkQbN(q|am&S!*#Zy;`EaUyO3u~2omon~q zE^uW+A(<}F*;{rUirQwZl@-#aV^H1jhI4{*P%6$M$Mb0~2bZsr>#voV7Wq>)!T23um1y z`L2W@#!BvBr3N;l9lBkj){F$UOPTYB=Ju7mt>_)p@Y@ZBGp;@N5iDaWboUeHa~WR8 zi5U*c%%?oUETpfqH~S_UR~A~VHAraa4M`%w_jW`GrJ*K)k+*!y_|F)(na6OuB9rrn zK~qJ^Jyzp{ZF*lC6nlm|{CFyU;%z}Ss&Gng{B79d6M&PQjpmOMABie>)Xrq%vd##8 zIch&DxWXNF;ofK4FbJ0M5*3+dr7^1CEg4E6HmHt{GLHm|o=Vm&-{C=dv*rHKM;sDy zK>V(&$Qc`SU<GBL#e@__G%G<1Y((@Di?3HXp{Uez>&0VrJ;P?jK>nLW@S$8y z$E=m!VoOv~D6mG;8Gykq<0NIXLPAc%_BxkG-{)(~NY!~RyGavx(-(vh%f<2Y+kAMl zkvCfHH2CSJoGF>h^{5v&UZ{LQ9mE-LETw%yO7TL9_>%p1W`i-z0^ClYHY^u(c@ZND z^s7+9O8;GD2qYr+aZ4E0xL=hUZvAaRp%-RdgVI?x=3Y{daXl@NyYOd{0@ zmkt79UxQHkI^A`#eP&sP?dYf+2W~mKMpqavF=u?LR>?!`z1_FV&!g6o5U$9o2L^d8 z(oy#@vd|#((@}TeC0g-!4T~dl zY>P|!SUn6M!9j^l-xl@)PH-OZ1QrigE~M!unq98L_phfssD#vOFI$$e7WvUNMyRW} zm!-3ywoSgf4D3m!J}WkAHc1z<(i#^0%{E=TtoNv491n1VE(Bib-kpVE@eWWN$~~aWX#X@qG)-;Z^x>+%K(V@*6ihcO>If zEJUCtABI#~#bZocRy;<$LfyYA7A6T@VA2h)YpEB_$A>aQ546(YRhMAJ30cQs!{RMN z8#96J720?(PS$c*(d9ScZ%zNi~3$<)_yeL;<5^%r$H0-yx2@)h+7kCwlj7=4z4htJPs>~&5 zN}$5Bs^F5}T{70$D6I=O0G<+rC)>gwtiGytT3#C6D1@%br&2k-VSaHr=4 zd(q8Kj$IyT6uY=#)n6NCM*IR{ho!N8@~FZp$@baLEAr2|9>+&>PRVor(5pCHyHHsF zAuD}&skq;hns#+Ra1kW(EZZRrOmcY&(XY!4SCOcMTV>*c+j8^Ll$}dk zMv+OcE3>I*JJzfc29Vk#9kXT&iz{UAU;}L6#eJ#86lcR?+)jsLI(&CB_2J;sbyF3!kt4v{CI(jPxE&Q{V83s!>8B4}e z-yP8(>_vT84D*JIwtjsxMTC&QV4hrWD|0E@ z{RE)(P2@$VSyux2ei6Ra<2qgWbRS0QS}i!Yr*V~=3gQfmZtno0O$PiaswAt$g}#`I z9eIz->dN9jgzBU-U-!U|g&dIH3Lnq^NW+lmDl4R!y9s)O%8j43vjY=bESpKMKnVDE zk4|S0U#hR1-D$-2BJhqLEHYj9NT+Ui)k?JPx~o6E0SyNx^KzK zc`fXjx)9iqRf97x0<|!F+j+_1i+v^{X!2xaY#HKaEO=dPytMIA;p(B(OA}AzbiS!5 z4ojNg2K!RfiD7RF(8!2#I>t-bqfvw9FxDUoP;l8QC_RubbzYf$L5$wn_XJ>&{SvY$ zegz#7XjXK@-c<4js)MA-TTsz+n%kxg}nMT%ZG{ zHG+xvRsW0b|}wc$@$^l8{b#nxXcgUccx4r=;*T zalHZBDKN*YO$%xJe0||ba|#GY#G=EPp5+T*>7Y<@Mihth%|_Dd!Wfam6rbLT%>Ze& z>gy&IG?CE(!?Wg8b1wJ&JiwNMd1#J8%)@j3Q;i4pRgH_ULi%njBs9ui+_W0YG7eNe zrV}D=CgeOYEQ>Ze{b=jo22v2+`q06p#sR}b;B&5rfN3l2xkbd&#&;o!ZzL*a;7Ol7 zuf8!fco}q{f3%wQQRABC;VfrIW2Iz%Fj8Q;F~^&>+zCLkEFI$4c;L_|+(z?V(UV<` zocFTohr6n4>5hA!xsCind2D>K0VW>T#aGIanD!)B{S?0TA+zVL?z0W_?RyO4&I7#S zMml(vmo69tV<`9M;a2`HjI74{iPR2Rp5usl5t+pe9Go+ZPprCnaJ;1OsaOS^!zY|D zRxSnE*@@%92sS`>nx5?}hZcoQ__ZLT?hJ{<8sWse3`#)4E<$->wwon|G=+Aq>M<=0 z6cNJh4J;Wsr64tpnP*IOM_W;TvR~n=kxz7y-wWLvKpC}_v+Z-U3LWeT>Iz^x47@|= zfYOtEILJ{P%13IMXG?qc!&Hq#>5{~@*CR(l=a~&Gyg=4;wzWXpJf@H?UBo``Qy;KY zj4>@XQA)bKZt7NKB1P!qBv(thHNMZ+$Q2@GI++F!AySFkZDuJnZml|JwcXH24qpDg zAlEyhLrcr_#>O1{6>naVey` zb&BLi8G{Z8-hK*WgxLM}&r-yGD9^#fbnGuOUC0?&^F`z~6%s~<13<}U(!N5lB|df> z+!4(}&yxDA_M*RVXjzmTZdkCb;YIqDMR#*8P0M(+O3mJfTLb;T#YHsz{#Nf$%1z>f z`vZfLi(?3pi?oZ$NftkQb@N{3y|`sBq$k+pVmd0z$8V2{B7nHN5CuAMQIW%p8S43l zLNPpNqK!&~gG_9twR>uEuFfaKpnQy>u=rV!KmC69(<&!*tijMx7`?cXVu6`l(^bJD zUtLI8M;q|!=VVUz-571POQW)tC=&~R2Z~B$f${4nPGdhRyKf|gk9>wI%c%=4V$>h$ zrp;EO6l{G*l9$I^@lYTG9I_0|bZ`g)8)GlrAMBh$ZZt-^P zDP_y+vk*r(TToa3Zp98wjz-{iven&)4KY_s%6Btwzwk%hOL1|Q4bM7uudrrq`~kwd z3kL}q;GugnJ#UWrp?GbKapb3Tk1GXR4=_v$hCRSrW$4U^dSWwqbqz~b`G8V1d9anf zrP%vHv1eSdSy+oJeG_X}s6XSEJX%!5nTvLgwJ$Ntx8<3*`&tibO+0aam%tR}isu`# zR}fISI};8qKQP;24k=aDSAUIEwro4tY3Pjd3%z!E>+MiAnSYQ;Wbwlh9#Ih3ROFb? z7>qpuc(3~eans`6Z*DB^4hhpZjAk6EZF!`Q!weThayxBNrfG)u=+|ZfvJ3{LqRndk z$vhy_T0{v*@5kEP#_y)8t0_)N32qd6Za2kE#V&^rB8RF4t3VcOI=D)sIiHzvQ-_P) z75rn{1yvD4n6#O=C3oq|sk2?z80_#oC|A*#0A(j>(f!Sf=d?sw5+k1@T=*o+S5giW z4GwNi@Mgc@WuS(OV2}t`dNzl2!u~kEv+}1$VZK&@Gl1mF{X55Nt9SNAIkzt;%&zx< z4pVmXhd6peo^*yxhaC@!+A{9`UCaKfoA@&aJHajM+k}v@=6zTFu*RD}?vK zyRYE{`Vr?T@l4!G+Yz!Pv0i+_^HnAp!UZ*!>O*g@5YNIfS*ZIob?LfWFYHr^gIupu z$P#ymdo7Lm)Z}5PME**jq&n@qK9)$$tE-8)wz=j8%5P5=<<1NU~9N!k;@tcdr7+ubmC^zwD4 zZnxdAW7MVH@wmU?gLYhc@SaHO=qlY2P-3-)SD97D36>T{d)@8o2ZjMXna5BzbsZk4 zb{%mWVtDv7>5LMDcQP)&h?b43jJpY>iGk6JgFv6dGbzFb)lR=a{hlk)W!2G2ii-L+n&g7HeY3OhoAPr^^US*u5b3M zG99s{`X<}}(81CV8cqP?vU?_{-?4;GQ(R3+D&p9Bi3{b)SA20i#NY~_^14+ap^5tZ zEHM*7tu{NO-JKXppKKqOh$OWy(?j2QIID<%uQKa@hpjNhSc9hSX&U?%n$cubGlGR> z-dWZmr$^I_US#{M)eFhd{-b>P$GOja+8niZGp4B?eN6qfcs!7yW~eZ5Yj3543#y zhQXmXbq>$%>3ld)krlFNyGY$awtsH2a{bHb;jFaJosVjV=?5CDesh>$k^O5|SNI6#ExhvK z{)ewJLI=jrr*DFsk?!z3#}V}B zMC1S8pJ@JdXFCI*RE3ydqFX~($2cTd2H4RWB;GP%G1AH#yCoWTc;p@}0IOjt_OJ)SSI6fxqrOv|at* zYVToBg{`G=_l>G-i$MoIY1$B>4h$TgqNCO#=Z`YRY`@%W?=9jk?S(YQJzu(yi!9U| zF9liUUmQ+ObsGdm_jI+bYbZ%lfBk1gb3P7A@J0#5=M()W+7%~&uOtWmT2{OA$0@XBHZ3$6yD#!bUy z*yp7OLh%*aO^%8Vq2rnTnZf9N&2fqKhOxkXe_{8AHJMeg9CoWYGaz z_-a6ClV0tZW^_)Ho-xims(Vw#3?Eg!pv(JJLEE`v#Y_VmpvJaLD+p5?XFIdrs z7epraBL@-STDP&v@EQcQGBU~e>qNSF39=ZD-*)15F|P23QGQTnEYy41W0sk0##Nc< z?|5u>!G7unP6KNEeLFKPbAW2Z0AyO^3PuvoIHe-sGU)y8GX`E~_rOK3WX2#|$Z85r zW`=%B#p@)Ii}Wq`nHz{eAl(Bfls(#UBnxvyCyEY}uL)=B!VKq4ymEp(@q<|ug6AoG z#jjTH_v#Mk@bWP`#s^6AbZ<(_lAxN#XD*hp+N?#oGSBMh$qHCwq&w~}$Tzw48`aqb zkQEI(yhFdR z+;ih*36hES#diEF5gDAfD5O{u*C;s)>@X;lEQb^wwnr-wPaF*Ox2Qhz{FZBsdv~?D zJ8;VjXRn`1*x!CKj(fT=|#MVL^f#k{nuqgx`-4Q$uQ`*>RIlTH9q4i=9{y)1daVKhSqn}zpZ z-(mMFF{qggdqUf9ZJxxD5~G(ljzUL%>k;GiC4S%OtQllKXg^5Y8(8ptzS1G=1u7L4 zD{UOzV*A3qIv$r;Yf_NaDYSSGz1tGT6z6R1&ckbxw4W+OJM**?F$7KzO>(|aGWKW) zC^JXv0JCT9ahQEj*B4}G<*Fl-8@{#Dd-hUA+F45%b+7Y1si?bziwKU72lNHwlH%)p zLv=k&2zZL&QUljd&nXoebEe^xx|QUrqWdATud&O2oKE!F_t#U1HtYZG0Yc@vVcTIZ z+(8wVHS5NGQ*!QABx$#vp{1mym1VNYJ2@PJT)X#MMQojt!8e!alSf(!!pCdJ)N2lL zJ~B`7zKP#4v%Ze~%SlFk(N=$KMlvWb*|9r#RS0aO#U#krMtX+;}655OHA$0Yx4rOuc|Z^%E%8C z@Nqkl~|>J=^$ey!2|;k7S;=g783`Fl9d z3;W%f=ID0qS#;F(qoMDr{!ZHB$9`yT)0Bv*QA?{9m&Ald^(J+_qNo&!>@s%Y`j1Cw0hu%X?GT0$*r2>xm9&{=H)rdoYZAC?MqLyewN@SzTef&3@BjU0>-mE%-Gc|mjXq|1E!*1uh|*>NS?nq6Of_Mg`2@O7NI&)`~rt z`NF;WeoZ}~24unEWm8VI@h7Ur)y!HO&YjD-Ic?8Qp_CJg+zPMXjq3G|y0%1erB@(u z74WmPv^1?P@02>+uat4+)t&tC$6rU+x?>Tqd&08kZ|3tK`E=;=jxL2!$H|GuPm$s)keWL{$|R7nfKU7wy)MBD)Kp zZ#Y44>C2XEf8p)DCDr%bB@SFIvK6ZgR@R0L#G5YfynSq!?R(`O)0lqOc_AmtZq8f0 zG3IP)#bZCiqdV0MrN#2iqW#quwY|PHY0}v(^8Z0Dq_(v{wT@2qGQTVq0SEr zx4+oY->GrjHZ<(-e}+~Qo>M1MzljY@Fd?N5)^9?rZ}EBMOP{mHiJ9K9-= zyt|B41vOpgFISa+&En#FBxGGDp>cNLfvGFs_kZ-c4?Ld!SEkJQTk;<@<{$qZaCeLQ zN#mb?S2oFMz9gwNMU-MjyT-}SHejMd2nATz>O zZF5!IXnU(?rqHFwx2#-lUGjY8DIS(-AIQ&DeDi1Ki+BBk=Uk)mLYAKN<38|Jb<3X0 z2v5$ADSoEEKPqKiYu$SOz2G6kZDIa1Z!BN3fBmw`=%#0;*-p2ffA4t6J9YB2GR>D# zztX4f&`S>6qPwoXqEFyvq+NQ_yosYqM?+vV1V%$(Gz4fF0=0`0|4NB$OEXo=T-z@6 z%G2A;Ez{<-{pJ_1#1*PdHJP-Nww_xZDqd9)e_)Z`tQlQL+n#u7X;u9A&!9RZ$GwlJ MT82DD^8arF00m1Ey8r+H literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/filebeat_ip_port.png b/docs/images/hedgehog/images/filebeat_ip_port.png similarity index 100% rename from sensor-iso/docs/images/filebeat_ip_port.png rename to docs/images/hedgehog/images/filebeat_ip_port.png diff --git a/docs/images/hedgehog/images/filebeat_log_path.jpg b/docs/images/hedgehog/images/filebeat_log_path.jpg new file mode 100644 index 0000000000000000000000000000000000000000..34ff4436d812f2be798e57d8fb2c90149fd2d6fd GIT binary patch literal 24463 zcmeIa1z4QR(jYtp2_6OuPH+!F1Hls9VbBoV-GhYyA-KC+a3{eD5)#}A?k)-L4m10b zbI#2<*Y>;j-|z0fyQk-Q>6-4Y>Zxa- zO+X+iDMk=72n0d}f#488Z~%mJ2LOMCOMvfp;NU^<7i)atSFp#Ru#U z*&aP)X9w^fv9mvU#QlVg^8p*z6Hd-2>|8)=xOYD}0?=<|`IYxuQoqTe1l0T{2RBd- z|0|D3KsnOyV7y=9TY2H`{K6wY(EiS^uqZZA0i<8}h5cT$x2yv#VKX2R5Hb?dT_i;0 zyLa!Rpdh27<6@wrp`jCEd*J0VOjP2?_mU2Ifa>oSdBGbi4vQ z?EDWoIN5KBz@ea^prfG^U|E!I<>h{XV*Uvv7Feo@WCN?fUAu%aAD?2AQFTbF$sG_o}x~8`7 zV|`0&TYE=mS9j0w$mrPk#N^cU((=mc+WNQe8=D7*N5?0pXXh7}w{qRe`CIx$u)mTE z49Il{0RbN2?yX#KcU*u69*lrU!G?tW402cB9*2_M8yQzPDzp3x3KfUaKAwTY5Gp=3 z=Mv4qt!O_a`>zT1_TQ51FM|D)YZ`iltu{ywT{=Sb6XtNS@#*~ zXC#JqPFFWCVSM%a_C;uK%PWlR9t;#E-3vv8fik(wWL(zzA58Pt#k>wnx8J!?8?zWy zrH)PCD-5L|Q_akPfsk!{U?4#h7|2WW+6)Href$gt%0PgDnoFTvb`~EJR2Uvm@9>hp zj7Q}-kCMSSk|Amk?IBYp7%Zo{RP&t9KN4zuZ;IKK`_Cy^ZJvH1os`7GEvI?)hNE*y zK0!H{^eQ{n*Nc_HF@CF^><1x%R6fdtYl`}N*XMLMH?{}aP^`JT(APLnXzlrU>Y1Qw ziWVb>z6;`a3+@KH3XH@k3T(%bR2azbCwjm?Kp*?)^gN4?n@?&j2pR43pu88nu*E({ zjxjanocKb+#QQagn!@YBy?cNth5uX>8v!NWbgpn-%nez&sIYvKy|v)xpUCZhR3WEV z3-LP`Xz;Dq!Z-{>G@TV;t$dL&Pc}dr74px!sTTW-P*nGSr-z|GqFGu53sfttd%3#v zIE%CX1L4QVaNR93`k?!#cH5!4=OQo3FZLC#E*DlLeuq$6M1MLalytMSy);G8yzl>A z=x8zH?4-FP;&%v|Dv+HbFOI9$sn!ZMuisf6`R@>F3bJQZpr&U5l>tTuFwh?~AoM#N zYsf#=TlZ_KcVdLjBNOm3K_oEHi@Abbp_OUfvwMd>X}diRE-9_Ld8O$td0i)*i5C5; zKwt~M?6pX9`a=6iC)wO571JnaS4j%W{Q68^3~?>^^Lt&4z|i3UO%l99p4x{2mFGfG zF(%gY`%vGp{3kE=?(u{;qrN@g*w9G-!z`NZ`B2}p-~^sr`3k2aX1gpimUaw9VDqYs z1m(?w9M~eXfH`EYQFV$+SlXpF`;p3Lf{STRggC3wTLb!CDB&dc?K*KB3t9ktAzqX* zP0jG`h8Ya6 zJ|f6{S&Y1Ql84~G{57wYnT9Q_!JkcTL4Q5T<;yzWv?dkxE7dr?9zywNgh=s`xHTJ% zUY)gQRWCO-o@#SBuWYy4!V@f)4L!w;G%tUHv)u!4OVByr!Ew@wCp5j&{H;;<>}z4c zJ7muZYZypi83y{~M{ZdI1En8$EeLB#Pyp&pJ9SEX_>70a5@ zHI2e=_?5`u{QYyiHZzg6m>#OZZ(bxXVIVWlAGE&SRC(nLNGx&!g|@Uu*2A%RHWY=uHe7LWIQB*u!oDZBYQ zIew>`I(~_gf&GFZFhY?AVg6?-;wAy)0`>OfhQyZd8tf#jd-W%$r$TY$YK1qPLYCwk z97R{!wby4M&`aE(Dq5pE@GQ2qnqdE~udg<(JJ2<#Ae{{Zp^@ocBIVyeg_h*>8JiN8 zgPb->r)F>do@VV9_RH5`pm!Et3oB4uua?dPs5h{Zc}1KnU&h%i1m7QLIOEHxp79!V zZQje2_-)L~h@trW&BquDSJz%G5$DejVW6*ELVE`=5UOCVX6>@i7VcHrtfLr{b-1YW zv2yamUuR+7#suwQ$ME;E5l$)E*>8lPm6Loeug1KLj~n;UNoulr19$dCUj#DEPv1N(sH~y6Ry!GJnx=oP^IAQlT9tcKo__r&5OF1 zIBIcimYhL2p~cySWNoPZ`(D?vW+2Y0~V$6+&R8hxe(hF?~#oYP(tiqM% zUwMT)#2G?u930;w4}J|Do}5CXpMuAqmC*T&4tJ^AzjL#4G1S!D==G$lBD7w+WISss zGI0MHYMT+*CpmITcwkq=c#`)boE=1X{iaxR=Bo23+uh3*`Vx-BtX#ajprrs+@NJs> z{KC9Y8u4xIJEWn1{0&p`Tz+q-LW?#Vb0VULO`v9NY68LL1T@yGjRUFm)3+9$TM=ap zIn~lze524mz@d$K3O%^~{)4*B0UlAM*IN#iZXXLj%VHo9=nMG z3=vD#QoGr8(1}1Pk{!DoO+!p!pKI+$S@m;2r4+1GZeH}65?x*2FTFm@$yfH%Hr8;c zne5g{wb_ts+Rw}MB8loRY6JIRW6zMg@O1V=hsqj$NNj7nM?R3;HmdD~K-NP?=eA@m zd_j$45xF*6$Y5PtY-78;sqiA6{GNrKJe{2UOg}2_$0|armxKNNFRy;;?NhnZ_$>z# zj>#FVm%b4ehNGFGnnjBqDSU|!gcbS+;ZF)iT3@Bwi(p&CZ+?hY#!q{4a901iqdx6- zQj{xSN_q~^k<4R#vZgohFY3^{OLapYHDI4MUo8T~YXxi;;YWxDY|d;Wnisi=~$r1 zm{LPVs~?Ys_tOn%5f zpY!(=_KO--9vgb(6wPsy+l;YD*uy|%!!S^tSKK3hzGe06a7P$uf}r^rtT8Qd?dJ8l z-|Si%(8qw+<;s2NTP8k97$}1EoUrWr-hrS5H`AhkZR?ZyBC zLM!UJZOORS)hFjFmxPL5(uWr9V-)c+{oObprg>52)aa12Qb)!r=qIcXD`&ly==Wiu z8+0`o=D^3{bs72vwap=?>2KwfkarUK*)%anj`jcJv zvuheMa^N>Z@B$PDqC1DcKqwLcFwl2{T42s}L-7`cOfsOZQZUeKBEf#4>-`w$Ij1{= zGp5t*+1?+z$%bM_0CVkYyDhN T9d_WZ56N3z$&65Y+d*{RYt$=1ich5cApFQ`A0 z*VT2#lEfeTSATQ!TkD@(Z|6?(PB<&!8mCJeN&3ha(Tf8?R@?oX7deBj)K z?X`duVf^sRKtuY?U#Sw%E^Cl?pHrKQ(at!XWF>_DORQxcZ|u>Hmh2ee$0; z2wOg+0-0V*C05#>heQ~BrMEoL)dXn?_RJ1CH*sIQTT!mZF*;AXzhsb2n4dWdFh}eA^ZSvo;I@L*o-YVg)AqB>AOQrb4FG`%rtI_`^ndho>zKS_0{CqY^FbgC4ZvFq zxKB|vf6*IIcUuq2o&bSV0A0!UgFs2iAP}u7KwIk{$bIYl{fplIX`5g5_rt>pf9E#c z{)Gn;0usV)0^FX6NPxo=6$Kdu1r_}sIw~3_8VU*q7z6Vj78V!_6&)J~8w&@3v3__s zZ!zH!kO4$2G!!(T^j}QBcsNV$;K0KH&b{9}oTPx^-}&JSyw$~zgoKQMco*<$q5zIU zZ7dK70samW3OWV~5)$BD0|xIG2PhaD7f;o67zdw#f-O2ecLn)Ap^AD;cHYqF*eWGE z_cL*bzN52`Uu7E#71v`4wTh|{S`JY|dv6+H5hdelF$1T!0C{3y0^j!jYtOeC9MTw!`W(&_o|wrq6Qo-i{)Vn##2Il;utgJy&lk$){WuO z>ZElu`Bdl`@4##`yB}@$#}?<#m~6Bp+p)e3=5252v!NR{<#@Ry$8*14 zjAVIk{qYYL>~1-r{F8w{HSnhf{yQ{~)W=fMb~&(WyTh&CbKZH*tZOh?BXo4%&$Ihb z+ojocx2s~@H6xSTvSI$L+2M7#Rxa)OMZI#q(8uYtCQnmV(h*?CN6gryJ2yRbSr)rr zlYV#XT1Lo}UpN2oMZyD3<95!~7Ls^BA{BMsMq}WdOrKp>nQpJf5h{e&uV_b5OxQsl zyk5YAt{S>>uia6F1c|Z3K4AG{5hgsIAy4ap*4SOR;PO=c^D+ycH|@^{9$l+*J^O4> zVoKo2l>Bay?N37gm+Ayg*G?(6)ZJrlEVuQT|a6#W$nE5iqhC2_dD@K{md$+2Lho9jVkO9 zZtt}Pvs&}tD?X3+9B^$`SgkrD9|r64H!rhEXd9==+9UjKhyMQv3bS;cFqn~x*nuS}vNX%%&P<@ajMv00lWaQSn zuUyXjzAkj|bOQq!g~u*ovnp z+SFOsuX6I1#t$3&K1Wj{%%#qfB3m){M(}+~8BuVR2jkiC;YE$70 z2@SBWu-3d2PD5aE>S|#%`j(wAGQ4AA4OG$gam)e>IxyD<-AAW{-nB=164Asa*QCrI8=q`6Ca%iN*aQD0!s8 zj%Z_qQhcR~oZ0BK6GZfjQD;B{qf_GF#4g_ksHgZLXf_9x;NqM>my|Og4Tj7o78gU&})X}j?1!H?)!l-y1 zJguh|DLTnxoT@?sdHUeEcg2$o)JC}VR`MdEjnYE>c?=AcnwT`!1*2y3(zPRQTI}Ll z)dA72#dZ!!kz)s3Yfst`=EGHpbp5;|rY1w^E2&!w^HW7!sjHJRpPMt|NQdrG;OKn2 zo6&?~Wjlt4;6cOYlaI$`pyudm6(A(rK{y^{ogB6}3l*tfu{3 zjEz3!rJR_yh+>RDLBst={(*r3s(ea$<{wy6ag^B@CR4aa%^^wj9|HGPG$(9(Dpp;^ z_%+rvEMqLCN^-^!;?o&kR_G)223oit1>A}IT(ypdU}rYfEnY&^s_a4(E9M3!j01lm zJ1PrB`4?BXJ7623LYb$REL>2?P>kR(;;8CikHXcHE8TrVt9x!CVzk7e7(4fN^U$^g zcSNeE_JW>WLdSS3nm<0?I1?$kmxmiYc!G1yam9B)88V{)zX_$us7z-axnSY%JoZ%| zWIYdsOlX)YYjVavlh2KEa7#hBCUM6U5#@Z1W^K+{NC(X^5$3`Yp_hKxoPGE*nEjJ? zva*9So0*zA9rwzdIsF%NR#B@CKRx_=6*5v>dU4R33&yO-Kr@k#=r8DNC3kLz>zo zX{cOw0q#H3_2)wF-kXAf?49w}cHTFSM_Uw%sPi#AmB) zWl8z)A>__BKhrMXZiBn8FjG`pvb%C7<0cf9NSU@cm)#Y~;N429tZZCYXZ$s%G`Y=M z9!-`shTOX_9$FV&hv36{4HaQLGIJIp)hF>;aV6PB>O_S(;qAh)E$UKYeH5f76f_mw z+c*zPS09|xmg)31R^i|Dd_lNCE8l3o9XNi?Wxs;KT zAT~z6E2Lj8I@+A>VPn{1^tc=`L?7>k)@8=gdI2sK~E$r-T6Ev+8ztfC-{2<7Uelqq-3{$qyNWB=; z7uXkkR1d|$x}29OvMTO}IJTih}RUMJ~Cx`0@q}Z@A()j0Zx86WwdM+O0wx1Q8Xy*{G>;9d$B5_ z6p;1t>MRqkFd;@i-m6C(ANgN04-*O0QE3v)@Y7lmC!|==Fn{2d>5AKV&(ua)7blV2 zQ_-Iv$5`0oW2Ka%%DG8ym6aZo@&PRONs2B-i>=8&HmPPhuzQv|*;O{QOPZ;OqJsq5 zv-v7MHohmDiPs2WUPCY-gNyKC)VAV=CfzF{T8tGArrjoKjik7>rY3tLQN@)5=XOd) z6t3sN(|H!`E^53;D^V5aB-)AmvfYZlBM(_x*+qOU`Dw_&g<_4GUw8-XT>1umE0gmK zY16xkQNx8-IhR$gbK)kTDR7)?SfV?7=@Rag0V;$l!Q9W7=LTl$EDNpejT^YK>|&Qk?59E(p< z%Fn7F7HIjuGJhBpU-%7og&BuInKgG6$0ZlJF*e}wu#2{9!057;+`oK`qQGCdjIFwt zHKMylO31PEKwC`fItK=-d|wR%A#r~`ORQ4Tulqdz6}qYSsd9IePdoiQmi+yWathN` zjAzEnC!a6%rI=wLh)}CgWivK?Q`NrU`(=$Q-sKyi=#f4zNwL?!9d=+lsZ+cYTN~i( z`CpXakZZ|DbKiO3Cj-B3zISJs-`QmRwnlf8=JEcVt>$iHdsYla2hwT4nKI%@hI8ih z_F3Dz8!wC0Dc#wW9B)1-$jOK+R8jTG7i(3pa~fjd_WsUbhv@@ujg} z!Ywp?RTyJI<5GcdeD-77#iYEF)|0_uxA~g2zP*7KhXBmV<8+tOkB)ptA5t@0OK#}W zwrsQpuD9vv?Y4xZzP*}B;ArMU=^^|3xYbc=;`LskeH{hVD}5^Ek({W9-k zB$tvD%Av0_B_kmpI|^E>{uzPJ0pXs0Rq-eGI^pahqW&-SLp-u6L3Fs!MN`iDKJod& zZ>Cx^$ynG^S1-Jc5jfFqwRc~<_Y^tK-t4d*pIweQI7XhfeB_&s1uDJjpHbn)MrhKO61_V3W3mhHT z)fb9KLT3AQ#pXepNRSe)dUW6(73&EW@-c?ngXFLIW)Ase!Lg}L-7zL|i##=vF_76f zZTlqZv+$*drC-)N($l|;MoYauMUM5)dt@a}QHx$9N->H(EKSKl$rrJLD4~K8`Q{HR zFPw^X-gK!&a`ne*3dvC!6TIA($0(?Q$S$h>t9;VzRGKE)94`ia2mP14qKq^IIq1p> zLLZ%|H|Y#ps9rEtQ>exo6U?Gp7ZA`E6?U!eiOz~yggDktOXq~=n&8dy9aMZ9AiP#X z0=MDh?nFv_h+B`-iMfzGmk?&9kYY=u)lYisz~WT=q8S=N%~?q9?faZNlSv_(7OCVi zm!&IpQoaJhBjMu{L&4g-++aXlFdO@A^*vY6dwz*(h4M#eo3XXD@bjZAWo%&QuZ+F(euy)GU@!uL~^__CL4w?Tx!zH>`jk*DIWK(u=XPoM^Cggj#KeV z)NIRQtZ7(zK#paiJBo-((Ti+Z46M<-5fK{cP2Ycp%#I(VqwJAgV1Ui>#lxs%5btgm zRa94(a-F4Q<`RlOEC{PD1uNw_v1Vq?u>w(gp8}d-pfF!(iE*0ae(gcE7a=;2(-3Z)>#SE0F) z{!*-=Fc4QG+SEq|t}i;4;B>0qn^W4m1vZ6f&Y?jT*w`O52R~KS%$UUs6UA4Pwux%u zUnC`RO?5NGswMjr3U!wV%YfJ8y5@qsd0$m+Mg{nkE~izwy$JW#Vp67^e(SGMw=zKN zib2Tc5QauYqhtI@!f7Qn`eo>dB7Gzi48%02soiyX+;A0P(6NRqDfV3StK+8pWl@25 zago}rQl+(Oa*z~X7#*{3V?+~X9C7q`W88Wbs?A;x;(qg~5cc zGm^pLtJVAOxdI2lI}JGSTWL!1tHU3(OJe=BBph-heO<`M?l{{>Yb&ZJw=tKK$yrY( z61(zQZTf`e(yAs~IuphB8a($=N_*ogo$fIV$*t+tKb5A=lvYP<(`CS5k#rDw)c4t_ zDh|)7T8Zw}#w%it*fpeg@%SE+tE0&iYmkCD1{-&>{#raMBUc_bcI+)E)9FKSeOR}G zv-HvP$j)EafH&-kv39nZcf($RuO;U^#9z(O|5G*-@E*v%N*-6dss9mz`6BrT#CUT zFM!w^Q(a3ay0!Nnn^{h)y?0aQ&FB{o)42lY27v>5A>HYGZuK+T8^P~R-p4J`8qh2+ ze=k!{YKXh}qK9r<<*8%)r58~27O_=*c9aEdg!EyesZ$EOqQVIv(V7(K;URY#Z+ zE4kQWk}FRj$Z3A2&_J*>WJUI+w$dlZie>$CmM3~E+58eWno%#D@1eI zmZI0INtM|HH22#K+Tozc=aM~4CXXKp?3`R-8K3a5x*5{Hx32&~lGyL>Mst-_QuDS~ ze38$?&oowyz23o2TZ7)BeSMJyrPJfWrRc)f9J@6}5Y`GGVU(O04DMK>=u{fY6T3vpffsK_^(UFj5(}1h zC?kR_k_ya?WZ#h*5FyFScF!qg4(FBznvysX5K|ese(IQhhYA=o=nO~XPj04qTGC4@R?&`QFY{9Yr5pp!lqp_;pl^06PpFe-Mn zhzyC*Lt32D6065fE8>g4uM?w()D@&i*l{;PFICTjw(UXfYXg-T3P9T>GInoag zz(8|4xoX@&h@^g@)rA3k(4N4(>xu6Y^+^U)Sy`5K$sX&Z?-ybUUtUEqKC7<{GqFuE zSwE;ZuirX5_t@$b);5k;LZtA@3Nz7`+kV`ePBkuZa5K@UYt4mA~$HA#9H zN9bY#iOMu&`S9ELQCjkh$$YQGv9hJ36L7`d&-CY9;A|7(1<-JP0xP1#A$ns~62CBd`B%FzkaL>kl>L>~hosdGZDKU8(17&H`>~V|FoEa@>SvLG zOa>YT9t);2DygKXy{K@JAxg+3w<=z&8p*1ITKy2yg!z!;3dCeuOiW|Y!&1qmuz$zX zT1WX*f;vszKJx3>YYdZZG0tPbR{z;@=6PvL!&5#mkJOh7ZlPC8qcM8RUx&sQm%pEL z`G{KYoo38K&n!>)!Q)HsvPx>v%dClq#tP>KcD)v_U**un=PE1WmO!zM@kqtQN0e%5 z-`CW{_T;%rx3*HAiZ(K%^}fB?bL~)~#+ARrfr2#r1drH!df~D2j*)a^RN`|aVzJjm z6}>=ksZf;^!XW1ORa-Z!WDZXts8w#-Br=nx37 zZ%Pz<^}1MjhRDYf>T0`V?(1+pU`TAP8kg$ySi|vHYce;At(+sa0n49QGZ8t2<1^I@ z`PHN(!YI4NJSg0_2^Ab!oFM~d?+`e+cxu*hI!w6T0E-EsOf~K72~D^xMhbA^RuL`A zPW}WLvKf6;b-5U=(3Ub0O%;8iPlP*vXeS#O{hHd9R;ybspi}>OC}%JIYI3Q3A?Z!o zo@Wy@zn*d=>#OzCtWrx}LT4bD(DCfKy&D2^S<3t32Gy?agx-Sh-+khq@|e9)=5!j% z0>9-<$`u`op5@13{}{bc*ZGPtZ)y1}8}Fb67`z3g590N3Qa|E-WL1fH4~@_<%1@o{ zf^jrG`38kfSyW6H@7ar4Rq72sNaJW>mjo#%Q3952qf6AsMjOJU#f9boALpCa-iMW- zJ`={i$K`3y%-(&p%w-C96fcPrktzBCr?Sphk0V< zy90ch{CvE>G&y6mrZyvn%0g3b?p+QTca{s%!Sl_ebb3vI%iqgpA1`EkqvoNtgcHvL0jDP5 zKM20PBISXBHXY0_y}tL$$vdCzJyDJ9qSVWcbzqj;^UIJ^aIW(RX9EN&<$)X8Fcy+%GB0gK?Mj6F$^1^Jjz?8#mvZvU25l{#@wD$`guwBJGuXV`O_m zv|jmGx0<_D8wd#fxE>g;dpz_yJilb;MTTxZC5NF?>Kxuq$=4be0or$DKI!60`?94~ zHFa}w)ICXDwuFmOdU0of^Z6h`B_B`UVCZ?9dGdS|Tf50VW+?ebp6YMJD^Gr7F*7LI|>lSFISnb+(FKlCboeV<}M zs~Alk1=gpjkRo04l{)K`Rt)68iOD1iswf!F63{6sigyVjYdNo8sYoWpanJW;F`1ymN#O zu7+4+Qp{D+_svp*vAMZHqefLN{$UVuuR@wq)n0s2LvR~QuIumjxqBP?=laJZl=rU! z2a{MEpT<&m{%`$NpA!0PaoTK_F03jgh#6aTW>pt&5jo7#l&K64j6$xd^2ovL+)7Ch zf>dDC+Ro{+lrx^Ea` zBeVbEkaxkW({li~pJdw)2oh7*Q5!G{9(>*&-?-BR9r5s}&_}E?zS} zwS;Y;WZGCMu)=Z`5YIOqPxTc;Z0Uh2Si7)jQ++#Sd6)|FT*co2yqUr6!5xO60P!hT zVEAVJ4tO98E#5bRWD(gH(mQB*evKac#Qfs8qIXf z36DiIS~Z_AT6&o(#_oRi#eUxFACYBN>#zSh6zw=XtMdg7j`O=5{kWblF>`LOB`)@L zrn0u)G!5fa7A0p|ts7@3p^vV%D>%)#)5c15EPtdra_7y5H)=3FoumPlLadgA^4K0| zhSb38-Mxeg<3ysQn4YoHfjt;#1i3yKJ^Zk$H?(FNzlPJ9_WxD9U0lV>yZROwW+zL*34CN{YqUNg#_Beaoq1~o#+uR>8*NfLHTOzIs3`3 z{dS}2H#d8x`p6+K`Vpq4UwuH{qh9q`77E`3ZyTygyrfyLh@&)p zy$ulc8I5;`E^b71e+e%ntG|sebo*h7o3Dc7eVXu7&G|y#GjPpx0{e{?L(28-AoI0X zCLR4x0uqxp2C_P}*&ka!llj6Ff~w%re&FSaGQ%mSc)wow)Ja{7C3TSR|Fj@T;|yGb zJ|kh^u9EPG<}47~H*p#HKYPvM*o{^##;dCuxjS{e$*v7iSTdwo|2l+4P%KMQk3?u` zj}|1e_NIoEgSsl4osu&;w98+Wkw$OB_1DO-0PH_wy#8N|gFB7=&b4{QBJ&9LB>+X)It!h z&a^AJ`T_Gz>VaoQw`KMsRRSq?)ic4I!m%VmZWD3!j4t}k;KKn=!YBIEVA2hprw-mR zd8C=(`MA})^nVuqsgVCxW8jrgQ8kuSjyHUvbb_Hu7dK#nThg|;HdNlvhKD6D(&%et z%_3U8#6lZg7k)%Vxj+%aT>Q0NdgCu%Oe^m_ivM+Y=5PM}N&8or$YOQSTo(B6RTCEy z;<8tg_aW*+3_{ymJ6>PHJ_xL{;3nEUdR!$`pU7HrRgF1e`ibW5)|JY74|H`Qe-875 zV4{-DeYJy645HCo^j(3$M;vEwVkJfcNTW0n z^@;DvjK}bbX4Z>;NY2x^Ga|k#gq{#v)zY{bddd~ukJ7|I$+;c0pxVK!Xg{eI6{r?P z%UvdCE3v7%Th^H&9DXXV;BCW2`&pQ~yr7DxX1HWFMHzw*j)!nYTQGi9ReL#BNajyc zKmToH!`GPnLA1=Wg-@X&jbaH=ylgofrddl!Am1M40tAdVkz{M9;3mlaeYLVBD$}K`Lxuol~Jy8kCp?wJ~$iWcgQR-MO)C2 zH;U7M)fL^tj%>I$vA1NTzgE!DNbz-bouh|775F)*`&*@trsv(-YG%y2SSZCAf-wQTFR^6bNvXOLC1tTpQ(snb!>l#KWU;6Zec;tIhh!T>th|fW zwl?ggam`KXFcYI?DIT4^AUZd9?VD{qFGb)j2dO)QFwokE8AcQHz-SXS2NuWmkIL&Y z5WKkA%I0lPmHsltxR*=pgq*`vWKOw)t&m5ot;9R|esU=VQp_Q%3um2~omg$rnqdi} zj)}bJ>3LJxRO2g(8!A*gxi*y7)cU0e(P}4Wg!3*59qOs*L2Kn2YkUw=CXNjHJh?@y zeh$>5?ts>YyGBab=3-|FC~?3Z+HV=pmB+2?IF1p)sI z9VyGm2o29M!BU#e^0>$7U?35~d*62ilRh-$t_j4-sOj({Z5HIJO)s#xK%nEIme>i! zDL2EFhP&rG7f&rq!Mnl z6SWJ`v=fv0>fV()R?hWX4GS|Bw<`#H@U(D1E*JB(40}RrCQ3rvv!^6D6Shk<<3ZB4 zt{-fa9!Z|vc;6{{_|7-yDSzFxwzVAdd+DxW<3j>Q!ED+WYN|x?D{n_e1>P}=iD;+{ z$GpNv4M`J`5FJ#-Z^_JBdN-cix=kpw}c%TE!VRku+;7o(%R<}!r2?;Czg8b zkY(ZG;p9TD6w%8rEuKBRjqrqX)&e6>3Dr_^ghe=u$}vvKX#8br!EmvvN?dXQAAaeo zLVqc~7^RGpFRAf;HgB^PBFe;`G|s3hi`LKLV20LHacP#Dt-b*3Z#}&vJ>y#}bt{a< zGExk3C0(OF?5FwmNjh4@9Y%n211vo+qp3nYnx3B0Z5&{pR5#= z)%d?NJrFXyWty zB%*?Y2dptYOdWer4Fw{_sgwPkCGgwsyo*3F3 z{tC@PzmTv{U;C1mBMwSK70Z3Y;wG*Z(ynOkzCrL9D9B|t7{Jw=MLe(izCNQ=IeiTB ztQt=r$9Rr$qNs}L`sk^KsCHMWS91n?<<;XV9(S?K&7e6hK7H&&$&P%sN~uFCwN>e* z(Ns<tx?Aogh zac+dRv_}_ki&0X!+(D*sYtL89eB{Jfiq<6)Iml+)<1xvR%am<$J-fOe1Dg!l8Pdh< zQ}L}7<`Re*m)1Oy1Y}_KL{rush4ZEWEsVv=(u4-nmM4a3SKyEm*ob!dv4f`vH=VwY zzYbOthk!?|TC_<%Y7TYL6xL{dl+8T>KNyv;*C%Z=688cVU~BY|=8QYI(u)(v4u3c( z;qm#e^Pw$PB-L;DE@nJ>74_txe@DrqE1q1OYRJIN77g zb!-NH_&{vUV4kz*F8(z(p$)b2Eme@--&s2TgMoa1r}y7hkbg1%Z#$G!IN7V<&|5uu zV#pdNQATCtw2_LsGR55&_X>N)=0lbmIHy~@l9H1B3*Z(EKi*^R5n~stK6{$wMt*;T z?FnUhG|T&XM4YbkW-0%`5~C2yU2oAtLDpgYEG9zA>8p1T{)mv{M6=)y$(m2!aTTbR zZ)l1BMEX+^|94tMzqYE#iyd8=0S1P+tf8G}1B;Y2Ludw3!7@SC>!Z_QNQF^R^g$B# zNrbw41e94!vtq_}e~5jK9Fp>1fp-_VDtvo6*r2%M?7pn%*<3Ae^?q0G(&OtE{DvR( zCO(~YnyJI!sVURiYu#%b)^aONx(myeW}}OT4GWESxrO)nWk*uDZU)`wngk`}?WLc=5vIiV%rT6Mt-F9L!6W@eZ0%uK8uPJ%=s#p13=gud7L=inY z+9k^`92*sE+CN*97500QHtA&_CL~z$gzn+Yl-m(Y6glb!*gmJf&Rv@xpyF#g-PS@H z+Dx5Tni)qGVsLY=3>-KRXt)peE6KONP~`ZN;Ga7D(`^2nDgT=n2ky~QCZYJjB|}3! zZf?!i7PTIq`eXVK*KjBf#Yohu>$cjHHck#qWAgb78u>MT_RwtnfDo>`NF!s~v(22d TFDcv@7ysEB{cqNh!>0ZRXbB6| literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/filebeat_log_path.png b/docs/images/hedgehog/images/filebeat_log_path.png similarity index 100% rename from sensor-iso/docs/images/filebeat_log_path.png rename to docs/images/hedgehog/images/filebeat_log_path.png diff --git a/docs/images/hedgehog/images/filebeat_ssl.jpg b/docs/images/hedgehog/images/filebeat_ssl.jpg new file mode 100644 index 0000000000000000000000000000000000000000..850624495ddc42befebe14f72266a9a42529df37 GIT binary patch literal 34375 zcmeFZ1yo$iwl2K78*L=G1a}JrcXxM}BzSO#V8Pwp3GNac0t85K4esui1QH0&>+G}7 z+56o0zc=oC;~)RH;~%$rRM+gPSygk^s!s7;jAulZ_4S+x(Ko<4^9yh6+ zrQTRs0DznvBY*?|02BZ~Z~zEKy@Gv#{-nEMzri2~0D+~Uu!setfAjo~PeJg1q|q>% z=ubKsM$`Yv1BTITATWRiOS55-9Y*88(h69#3j0T2A7S(tSVa2c0~73z7XO*b$SJ9k zv$L?Vvaqwm>a()5^RsgEvvHEMaq)9<@w0NlxIuY;Nd&9@TbDm&|J~F-^@xI%{8JBZ zSU%)W84+Ol2!Eq-|D=EG3j+T`MnM=q_)nUJ5>@~U|B(0b?<4zLbQtI3G9UpUAs`?k zz#}0dA|fLrK~ZtgP*G4&39+!B;E+5eBPDrCOiWJALPt*djEb0;o`>NXD;p;#Cm9`| z5HGtR3kN6r??yn#$jGQDs03(e1nd;V6zu=U;jtUQL;|8fFl8wLFeV6s33}`W$Y659 z!{)*7sqkk2fgy142#83?P!t$L6UOh6f`H*5@bGYOFm7L1IRJ+Vk43>IhJdYRj7aH( z!yb^3k3=P2*MqA*`JI}>#5oWdiib}?_>_j0j-G*$lZ%^&mycgUQc7AzR!&|+Q%hS% zS5M#6%-q8AwUxDttDC#W8&9vG;E>R;@QBF7q~w&;wDgS3g2JNWlG3vBiu#7erskH` zwhx~^_xAM<3=R!XP0!5E%`Yr2ZEkJv?C$L!93GvW|M+=v`RnTX=C@wI_55e}hhqOh zFHD$TU^qAk9O7@iKwuA8gkZwKQ?MamiK!tPJ7H6@2O!~yC*;@lAX9Ouf5$a(o`m92 zb8ga{{Z{P{&Hi(W1^!=Y_AkZ$(rXDog@9le4}uAZ0M!Lo)<29w^_a~A@Mxhvb5ylo zp3Xc1A>NgK6Mbp-myf`mlFc12VSOj!gV&Q?quQZ|S&#X?nGhM=x;}*`$YR`{@9vmZ z4IbV;>-yI62yDIn50$+vVKvC;Znfg(E1&vmXYBcXuXS^{zN&u&KCV9k5rq%9U#lMh z5xkebmLGvLuETe9x0*ihPSq}sdM@-WGai9YowHs0TO$v*eh;*9S2`bB?(X#b)*T*! z-uaT>jOTt$GV_&)vsSs5j{x+S_9O5v>iO;IBXE@|viag@{l}U4BjDTh2w=a+_|5xU zo)=YQS|$HU$u)hw-v77Y{{=?8A~P+Bi{!aV>ZND3K5tzs6`NqZK-opDjsRQ#$voFq z1hpTkwH3Y6(0g;2pi~VV6+&$dxeK!iGIBqW2Fpt^XdroXnf${H)jLia-ghfu6ehwu^b-#@FETcYX>Al=lJ zc|DhatLRfo+#;BZczkTQSA6WNJbqZHYl&_KU%27F;ept?muRFuj&btCSoOU-RMyaK z2;wiKq|-5(c-}uXTfFohcSZE}2!YTy09XDcy5i022K=5DF=}VQaAm!5g$-81or{Sp zf19DQB`N3TZ>&Gk5s*N1aNC0JzbX!^mX#_#n}Vv4)U4+8tp0Xd>Ye=hH1YMe7%4LPuqWSX3+Yc#zVDkh)#-7Gb)&{RLX``F@%}hnAHQ%YUrks}Q zZDD^V>PsSA(z@J_zPOh0(+4KCbwrQEvt`NNbIsIm@;%G;^W%?)a4Y%arkM z#5NXcHoWfW%c2@(vx6!)Kxo{z`39^I=M^XIF_ZgwQog-+53A<3HKvYYOCjV?Ut14 z*_PVWLA>Lj!)%wx8qVuErYApZ*=^K96Qw3H&QIxT5j(|%M^ z+7WM{-_wKp`l}sqV`fJ^;|&V=HvE^pHtT|>n{=By0#En?MQ_pP2*`t?e+u_L9rMN9 ziM)KyN2QRSDU?uY2loizO*uZ9#(ldsG5E2)ZT(#%j)2oI_ZpF>fZObSQ>ySJy<*@h z@`jtBD`YP1w0SY!bL6&J%iasGe|>_o(i#tIRc=p$UAiAXprvFpbbu;huut4o^!c-5 zxkcj^DV;d7V|g$}(rIgM_J)@#{KB_W^Hx^s?m=XNo*t?)#C)oc{AxCSHs0?V6!t)O zqQq`JJqMl@?p~}-?O1y}T8VNP@yh|ua^GV2n~dt3Z%LB1Z(BTVVix*egV7|^xLpjy zh{g535(Zn3V>q&ViVSDoWEb2&+ipU8o?1U#q6LqW$V=82{WSAoww40Zw%L_$C8@82 zY_4qOb(~O4XMQFnWsIisWD;Y-o&4g)BkDMF2M3f$BAe2cM&(=?qRFfm&8nW577%j zja%g(58i&;g?CIEin$6=?p6jai2aU;#=5vIg?Rk))#3e7kogyFsoQZ>#g`PiT6wS&%sRtws*h1dGY-Ro-_6 z4zqV9J=dALji+xP2nr0+I8@NHr{ectr!kWb&^^G33HN_kl*Cy3EYPNBcK<1M;!gLD z``uhnsU9g>5#p~GDl241k3jp+%NiFA#vf{(csvKSI39TQ{h?Co5(rQ)%b*`7B{N(C zBL>OMf$*6xDN3lRFnWpM0ZYOQA;x0^-DSNYqCTiW*G+e~o$c8~tue|@kgSP4TF4$ZoJBlz>(unHGW z!N)Z%Wp>cdjkj9Nz1 z`^SpV`ON6Kw6mhfx}`cPZ1z;t(S_xNU*4uda@G7bm)!OI0zE|RrdCuX{BN~P;tA;V z+v8-C)KifnJwIwXmBlFfa@*qDQ(jm zQ`ua!(dbB!;m%h$Uzc}Y5~YiclvECcqRakNU5XEe8W76$UiPt9^UQG8QgKV~2@&ps+%y2$<&QtF@b_ITuXA6cc&(-%xDG`sV~c=nmd9o;5V{fL)-3 zVKM_EIe_KIQV){ii){(a(A6SMQRV$5r$ldOe$@}Ld3O7>qiHgtHB_&lxkU^++qnW~ z`fnv)7!2%|3=EkMAPTu$lsz3ECbHrHBZZAFkS2p@vbXkTX;6tg)NyLbH@LQTX_wV<;CbYPYfyo{`-pWxs}Z|D&~mi>cGI zgg&h6)bZi&fyQ!s6}5G~37?s{%hb!fa0=O;?OlTHsdQ{L)d@G;x@dV_&sa=Zb!oZo zArd~JBWqFE9SZ!8xI=G_A0+QR9v1x$lmS3hD#j+cLsHjP`WCH8M^i?_FUb3UU%gN8s2(Mkp6 zC{)zu*P~~T8wG4f@e(cgAjYEbI<3cwopW>R@*h8hB9j`3N=R;7p*6BjG$U2g9_bb~ zV?W8&feu&zckE6#U*HL!)flK|9-8|0A7KTz$bKsGLH#a#>1$1-U@$jll4xKNix6v` z{R*DC{^YBI;}hZg586eU)g3x7Eh)t%qp;a)w2VSUe@iaOUtIMKTFAzM4E5>yF?#AS z^97!Xh{G;_$aYS#9<93!SsxFi`~xG7<11j8Mp7>u`d3q7pfO-BNzkB$4ab~W2hoX zcPSf?wiJDauajea`EMc*2jMV05%TJ@R~DAXyAe`poDprKXY9&8r3p(^7LqK>5pyFb zivX`76t2tRoLR@--Y&#ru2bNmC+r;DTc8Q`43ZCXxhXgaG~)+L^qD4K`d78MYwcG; zd4H7^&Yzft6pvOE@b0P}h`G6hP#wL2Sue*g?n~Jk-)i=g6TJFf;dv*QhgxmYzh$Rv zRnVNUSk+Nxt_@IUMZo4DqTbgnvG(He?yoo7 zNLr`vA(!?Bu95eSwCoBfqYL@fT3gMYrlLfcVdb|lQj3Qadrmh4C2PA1A937VgZ_k? zuYgu80ZmMCgH|{yt@(9BKD$c;o{+N;xka`rX-8q^Q-TR`qj}4i3g=k>5WK z;m*S=gB~QcG6AN4Tl7CH?R2<30+est9|7C0pVTG(-!qpdyS8T^f%S*LIwl9{M<7n; z5%9Z#e(iY#aQ1p10o03^p)lKa*ZUDLLVO6cX{h1Y?7H)O@d(U|Jpy@|C&$Du&x))h zu3nd-g)P?XXA{`vCUp<%i|WgZTC&cIl^>Y`SHZCP4>)E z>l8&>m}*2(Jj#h@u<7onknQjKxnC!1qIEM0FNVS6R$cxA^R;EybvN z{C2bGsm})B119pS6_9B&`xz_&Ir4RXwnprD;k;L>@F+3tmNQygmb#g5_LCFab;}^7 zFGfz+k7=4CNSanOP$G0CX)*hq{Hb4!Ez>3RNeCA^krq>1k2JBE_)EkZ8G;Swqu<@` zJYX$+8qk}eNmM$CEo)Otfydb(U40FoY(%C-z>`(}@ozwS4PD99)Y@)pH-dvfFT{mp)B2}%knR-jgfuz}gQEJf^O z{A=)dVZlJz2z3lcX%;+c#NVp`)CWK{};S)kca$@;re7d{sWdRnt2D6+)H)lvt+iae1EB);$XK*_&NY?0+qknlQ6XrytASHlsq3o`>R_C@sP$m2zMg+Hdm z6-#R~LZ;!EB5$XuacANd$P=ycY41d)cyD@yqK15wL0P*Gp&VEA9%M3)Lmzh5p zjwW2IeYyftk(>pbX7=(tsos6QF`vZTeX-i|WMhQI^R!PuZKjs;Vv}obB;+JMqIm3?G83E!a){0$phL4=dyRduehc$&<9gBk)u@StK-k^tB9)WKMw)U?lU!NaKZ{GLa z+oaEwyO_eSR_YJ7hQy6WbQ>S|#^{y)(NfIk+o+o_a2A{_#0B3Vpt`}*S72rSi@z5_ zyr#t|{lR4eiqIs-hpmUkKPviDvPt(TNEg+L%gFl*{4JkKcaosKAaGTdV2mz>(5Qr~ z-z8eJJ?t0$Md2S@Ak0u&=u=J#FK}U``|QKPac<7x?O(;fSOvj*wbow)oUsv8j$?b+ancpUOj8tB(;b|n{I`k-^Z$OecSD7b=83k=*sget5M*3#YYYf)hYlF>1lgN^ zI$T}&{emqlRq}tWOzrRe`uOTZJ`3smhovX_-;L1${5z|sst-@0gJ)dTW0zsfO_`~! z317%j@vp*M^e@u3NQAdFCM_D9%=OaC)qDL}yD!M(hm#tof3R4ey*@vcM{ZmUMl182 zM!k+Aw59kt)b9r^zJ$4P_dDMGTCDkS-19*7Q8)GIe9eI#BV^Y^^ym1>tizSg&A{Ey zMwqP(o2R|=4NreoS0(Jrrzjj`jQN)MU4NsyzqGOWq@xqm+uV;et%#*TY&(GdiJScG zn@X5N`6BN6&b+>e0r+(uh_B3VP3n;)a}YN&XJBi~+%{7=KDO18Y} zWkro#O+;lEMzjPM3g2teL^70~8S z=Xm>hs=d=ehJDd)TAQzi)Z9w{J~|+o3E-PhJiD4h`qH6r8By#~JV+B`$~IV(r*!~6 zJ$<3?qOlj;I4ynJpfauH>L$-KS$i~q_^@u5#Eaa5+ zX?lZN0@Ps6@2)wK{o>O5JBJ6_PV?|WJAK~!6y*V~f3;Bg!4}(Eg8=Ul7*5|F(L*tw zD3Nx$nj5%dx;K6B()U~MhdJe~$7+M_WK0sPt9LN2^O%xT0;r}1T;#P54df{LQxuLe zX0J@<_C_RQm(Ju@q`wm5q20-}Rws(W3_}bY&W3jh2^@yckh{$m)4zndy*^OjzOKs?Ejo7l%RKQVVd_~+!m#EV8 zB1@?uXUC&O>6{{FRhlsQlG?3oJjr^j?Q{EeCCjBt;xMZSNKas8jXjJ?#qY}DiU!$7 z!w$C*EB&Qw*;i9bEk>M;b7kZSQT~~C-xIp+r>I*p3QaNCzXLxIbfWi4`AKpY0zD@= z4K6#Jac$X#2!DTQ0P3<=caDsWB6qq9XPGd)52b)U4M-^IGHhIi1(tyQh2fA z{qdF&r}cAlLG3Ur^wCb_9$rLVlD8@DXzXiCUlqdjwbf8R_wY(;KQp8E=_}=G(WX?j@<7E$ z>P9=MYVLQb(%~O>Z@bOz+Qxa0BLk<6+B#lH`krU~@}WNOfuL-3fu~bSv`b7a ztnXjvt1jQ#lJ^F7vH$tE@oxcJ>tHJl>LG~YF97i z#;DaPa<65dMQnuy7lVr_4KC}(ITHPU!@>@PPdOA4?76F~PN>3b1agyS@z;KH!B#`0Y2f++X83zi&Gg_~y4C(slnJa;HS} z7x|{;Z=KM?j=l1?US6NtJpyl~h^tt*ll0$zykLF=P$YW0ek?6N z+(n9PzJ8PT;BDZyo*=`7k~{r(wf{|A9{$n9U~MNt5J9%_7q{+Ofq$D|nzMr5H8xLe=kT3HU!?<^Cct;G z_!!_58n!*w0!>gO+6XyrX^&i73w>y(N zN{@hG5$rHm$qh&C0_hQ8^|ia?^P_aQ-le-ge|=61o1^M}>$D#t>2HGl(uJFEiM#%6 zkJIyC-QxI)i;R*P_{P2*%zE&Ydjxzk1tYrlli&Rssws#R&L`V@QvGq@`Cpxp{@MS$ zniQF8+z-ULb1!xab+^sLB|gNkIKl*P~G)hv@Go2{n=IFzdApnFZ{2f zsqG=skoD$F`TCb=cigv;bFsJ@Y3yd2HTy)mkBg66;P-M85-(NNRixz|LGJWyHy0FbQ(RJpchf2XJ9<8B}9a7e_HwRmFdTHU8)Ha_%?o1OTR) zf4B8Nm;Y~b(9FzTOkp4oau}DWsiU(ijD7{9xjkGRf79tO8prgtu^Ei6g3-^MVFJSF zh2Qxm|DaEP)0ThGzcD`mj|bJztJXtqfK8s+rfA^VLa4kcJ{FL!MgvT z&3@B9ziB&LH<)aHgx?yXn%iq>z*1^hBnD&vIY0?e1;_ytzzwhhYynq*8J60^a$Ep) zSh@KBqW;rA>Z`(PnZRmU0j97Tl7ItX2N?fRANYL@U_7w!*VwvPaKJD~umD082LSlB z$HyNu0DzbT0Qd2akGJ`ckM{*IT+s>ubld+`-yshGcrRf2@qgt}zXO0L!2r(pa%aKH(1&4a-eV?05oA^r8ouv z8JPe;YYA)H@PDB<3>x*(FfpL0SlCz?*f1L74=mH~nh-c7SVasJWE5EL|6%wCmZ=-` z3Ic+`c>alHB7seOm{@-ynE(I|0Ui+yK|=lwbyCEDT_^|`gop$WMF0?BK$<@gK>z|K zA{GTUKAWaa(i9FZC68EY<1~_*d&(ppI|r9B44hQoKtLs~<&;d#scsTb$L*Zo1Z$1x zH)0Cb+3#WhGl0MdztKdnLZ08?A`k=#1t!m*JRlfq2aW=ZO-)@Rp>7f$0S6b4om0#? zaSGd*GCux$V~SLyF=AS7y%Q*yJyXIC!`AsqN;lMHjwy+t47!uUwhguthXiKL14GN#-Wi*9*T{g{`Z?g^Rtt4SIMW4+re83I&P& z=Sj%Ea{0}8I}Eia>mzo&$p8Gy!W~r)si*IS_B*=16t8bNYN8H)`2$slB0Eez5?-_X zn+L`}45@wBYH!MYUgCIbEzgISNlv-fAt4n9ricMg&PPsadF`?yruPZaKW=yOY|FnF z+@_dc@hG{o(nicS2WcrmCLs4!Zp!IqZ6>74Y9p{$GvdOqHz-&yJQE15vS%iE)BVU;Mx zi*^12|FuUzB2I70Z&3Rx^rFJ;^Ow(it+KbBFE7-uKGI)$KLXQfzhE}GZPPyLitGiF z4HJ)Mt<9?V$B1bxyeH$aRI&GRz1_Qv=*oeS=YqL1;EZ6DToEI)t+Y1AMSB;&g{m6K zs`<2NM(mN(oo!8@1jB4aLVB=?Ks`k-gb?GPTt+^%)cmveVskvwDvzP0^o&$@(0qA; zU_3z)_QoeL&5B8yh@L;cBz=-+$ZNTfHoN5nj%o)LnW2&l4Ytv-Av|zkFr0)7KcZZdg4n`t%Q87eR6MQH5;$v1COV@;iB8Ga1@@a=<^rOBAu7LMgJq zn5EKK!H1>yEB$A2s9{%jz>>*)(!u)hzWw@gwt5^ZrHnON7>kv<)C))ZepEQKYy3m9 zL4S?}9fY3%cNV4X+t>FJ@@yI?Hb=8mf`5^sGsab8l5T#8kf zx^L^PJT+!F0q*!Dh?GP~kU>Tt`Yr*#I!AA{UzmpWlDgtGhC&x3K?w%A z-OtwTu%~KyQeiVWLanAn<{P!?_$MaVyJo~K@p6(&bd5@#8ld;$8zsb9puq53gyh#+ z1UVveIf653DpaQH8W36vca0!xm7)(ABiB6mi`%R!@bc< zsWu`a8;frGU@XSQeUc>{Zc24BM*kx+9k(fQD!kLuj;P**60Xj|L^_sCmNvdqAb8Y? zLEgvI9^gfKaCFrgveUvUeyC%JYW?m_Sbu_=k+yk>ElU@*N*W?(qLt=1hL3Ss(v(2PZ`i-qS1=&TuHtBz6m9If#}| z(mnPIDdBL0C5^KBQj#-+>!|)ES1=Da^?)49x{^MNoUxJ?nn3N}$3t(g*vA^tjKc%i zk2@9=>y~E{t%S^Q^ZOL(2OI5R{V-`QBT&RL!U>_EcMXqR97Go)TUJlkY@#(%Z+WI6 zsbr%cz<+A)PRQ|*N-}{K&Levdf(|qJ;2FZGzJL-6N?XmCc|WSpFqzSf;8i&f3Apx5 zYvC|5VW2zfm z7;J>@64k%SiW{C6Gstgjzyt0j07MY{u{!197ZQE{oE%Nnbq?Pu%Xw0AUY6e!!&|?c zN5ISP5io-xo-NmO#u`6PWW<@Y+itfJK~z@Ty;19HNuIU!OhzJTZW#j$%7kQ=nAPi* z+Lz705anF?ut4H%xc^^-!KW4$BW4b4(b4AtSV&M{UJf zcHQ&&Imca&yl@=rjZ+Ox`7%ZqVTyUJBJ_lN*fr_=tGv_>X`WKSy_4*N(lA(DgO-NX zi+~l0DAq-9_(iX5`HGr)56JtlbSHaiUaQCRsXE)alMP8-fg7nhG<%52Vz$jxIE06H6bM%P%zLbLt>*5&Wv1$CspOxB*#AXUW0#e1e06Pf z4i|RLiN8{IBuSe8*;=5faY^U~&B7#WsLgQ_6Rx9xlbE17xSIgv$k?Q)FlB9J)qYAbXzlYImyR16m(8<@@5q3bRpr*<~rpWcPh8 zN4xlehGzQ~5$PC(Aocau=o@KeBW<)7@4>>3i51B^B9sYGqk+LJZg7g8tTz#d zUe%^cQSHX5z?(`>x_APrB}%{&HLG1p%K#&Px{Z2VmF_0k>9ooOb^=sY{mS@6hr!V6 z8=t4dQWD!4Ie5B3~yA9jrU8Y46d zF-XH|{;9UB=AN*z>S@3=s~9ZRv*hga@ypIE?FRVv-F#^?KAX9u#73158r}sNq*Y1NIwz`W4eRG{|_{243gFZN)V96C9zL z?vq^0+^-6p5h%7NA@tg}QlhGhyWGe;=o>4B;UOei2wrJIq*?7|B_)f4AN<(Bvz4N8 znTaiN=%-qeTDwFU9P!!ZvVa&Qg&lx~J|{+JOO%qaNN9C}Ft{$Be{W!ZQR|{G+@gCH zD;Q%j(u%9WX9R*Lj!-5I&qj;K7=S7ei*wm%)sCc^su(J8cf_%gxKi(#&^IqW?fq2R zWI~o?NCcXt59kJV4R_fTX}Q@!dK(qu)0{<3b!84=%As4%=gylJTl(nY3wp8_{!%z8 z?#W@a>P7H!th`7Sjw`u99#v!%Zusbs4s-6sU2~fNSN&$s9&>Zm0{yd5KPId?LwHUZ z()57dJaWU>(~m2fDr_&?nyR)0%$|P^&mDN+;h?lPysd^a7GcOpB;Hs`5Vy-K3CMp9k?{c@)G)RbGDZzJ?}*k(P8gYNs3o%$tj{|L~(!X z_^E!;ih@i%_x2)9Sxn0WcrM+-_$!nABqM>+&WYs{}dwMJI5VArpQfpjG_Dpzdto7+BEb(;? zWJC`3T4LPK#!99H6Z1PWtOUTD;-OQrdjY3UMXS29izyK*f-lER5?hPRIBV9sD7fJD zG`r=egwENVY2hO^YIY{*JwZ?vNS@5Nnq|g;CD$WC@CrV zW{!CtPu=Ygd#*^~=D10C#E=XhQ|~zw>HbKL)5UxlnYH;_X8lu{;aHyRqFIW1*ZB+B ziCbUR4f2bC*_SfUlQyx{55H-UMQ%-~{mpWm$2Sy06}AbE{?K()eCDHe0s|_PKL4ur zuxK+**qU&J(Vx2+LDQR3xl3uqrI&L>sZQXYr;(gB`U(}FmKzEtr|qfBDfyJU@i|G; z7M^myB*KN8gURTqZt5sNlC>wNyYCHRji-CPhoDXtQo8F9w;cL=kMe+mKk+u&hHZ zv001>@` znc||t%Am%=6ghuP5GgOHdrKAj0A^LQwZM0gxk!~`(s~4oNnqSAcIp-Mu_+?Zr)Vl_ zB#VmjqY@sF;wbwcG*u&^utkoNKV{4?tg%$qG8(SYajf$PG_}kX&2hM)szcF&P|z0u z*Pu*3)FKZD4z6T@nRjnZam3R`dPqPM9y@@K3)MLZ5o5`C*m6kJnHWx#ols-t4=Hfq zJP8rlFuxX?t& zWYa{($h+p8q!~Ii{c;9&MvLcgK;wm|;y%Iip@KZz$gSC`E&rY z3J)1K`+@}*rA9#3KC9fyT^&nnLM;d3Rs2O2s?ezhrl!xcT;$)5SJQ~_uot20bp%7GW+_hcq;h6Dnqb+Q*(AqSez~!Z(dg7IAgTz)m%-Hq{EJ|BO}g z+2AV&x2L-bgVT#Frpa4ZY&U9HJBS|2;)UaymK6}4gGb;INVo1<`VM<9bk8lhfs#ts zYSbpnVrm-Y1OGLD zpD+0<=(xTnMy7wN<3&MYEUvY=np%W9n?d$gqB!94V62eyi7Mgg=Lec!OkTrl_M~t1 zZ!>;Wbrxe|Maf+4v|Lo{t4yTQGnaE#}HBuc_K20phESA$Tqv%G=6P2gx78Ui) zqtKHPrZ%_HHYwsfnhgqQFfWyA8gOYcr)*e`nPAjZP7KAu-1<}ybFGD~m=#G8pz3~# zZBgaqX1rm%r#WLJGF^G46|YW{p&5;|^;VVX*;fXdImYKWyL0sP>M3lya;-A21A5^A zfU$x*B2qGlva`G_t+>=?jR(@N)Ocm4_WH>D^EBrhb38ybOmmM<`4s~yu`}VOKL*rN zE^TGlVBWjs7hWX0@~%<$i2gUykFq4`51Qn&&9hplH>MpbK}3Qcrm@ys*{?ZLGi4&? znLgk)Hdc({1VkkwOwbSuDAA$tc|i#&t6adM=Y}}3bIu@>*QhjSKK|+A>m%PsEW;uS}$00cg zeDi7|>!*~Z4wZxy>0*r$)J$^>N6PY8usIL@T|SG50GArIigTaO=Oefg1$DixkZiGJ z%#`e~h_=}<{s~mgu;D2^3UbB_$%-lBEEyj$YO5gTxDs)W|}S$sK?%`2d)pN zW8_W(35pu1&=O2cwzDbQSQ)B>aT~m{;b?@;9tw;r9LRlYLM#oY)`@}_+Uc=AIk9l z<7#n_pSf9%1*vJXUhmiRmH8dJLIw_+!3F77{pQ5C4QI$WGmfHse5M2vZ>P*cdL-ou zfYJ=c=mF&S; zAOqQ6Q=~>RmUBGAFkJ^6J1u!+mLwc2^c~-z$vhO2)XqQYN3e%`QH`<1x1A*DIH}D* zf}2fnm!HB1*RJR!QbLO{m=)_H|K3$a7msU}a_YriL%#V-wr+0ci%13fcwh%8VUrXE z-fSOlPfIS1(wkYl+O(&?ptMH{Rkzh1pkLf}ewOf^4>f*+T=4Dta(ysdNP?M23w9HA zHLq4)7EWHWS5+cjS%4ppwF!|zEN?dgEK+t1U1g6cSyfXn5jv#^F?LM$pF6 zx6ChDQB?l65Tl!%0_M3_?C$GX;O1(=JHlFP$Tu}z_YZ2W)-B3Z21G^0!~-0C{KLKU zHa}I`?c=bzuO%Ab8J#rE+OWoi#iOFOd_njRpL24C(i5 zjZ1?(y2R9{1lqlNT%yj14Bc7&-Ga`L>}iHW9H|6?!MSfM!#r`eN%O%mpRr`l zSU%gHS#WweFZ$DA{f60acV3bT^Q*+X0A7So_VlOEMeWc@i0QNRLNMQn!5L6ySqvsn ztJ7n04yrQ9s-nUUA^Q138Ty?Zqb?n z!wtQdabmPzQNaZ4A>aUIKA=0+3tX++JyO(9W4Y!lmL<`l2H5QeD;AU|K#&83Re2+T zPgE_ugW)heh?E-7SJJgNTTWgREONCtyqV&oP9<5-IZVzI^zC}tTxqvKug3@}=dsh) zJfPgADtosdUkYOL+Yw4ewEOGa1uEH9)2?yS)N|&9n|NOL)u(Nq%*ZR?vP5TVwr0ks zY}<2KNu7vJ$xrS1onBX7$^nViPv>i4OfHt(3%0A8XBT8&w&z^mo#TF_=ydwiuRc=w zQ1KGKk95NC#`$5F>@>AwGb@6iADpac+zpsnWBdqeuX*^WG39+^E-Nl-$m8OnsLNxW zPr^>#;!5uvMJR!5%53Bz(bEkix=fzWv3r zqakK5=O%y3wxiB1CPo1lii*R7gxt!mT5dMutK4=PwesCEC!{ey$!yiVK1sF4s43pj zrA(uU1zU@A83dH?zljJ-2BCxc=}RKl=$P$=?y~RwZS+r~V=T^h?PsvGxy+-@Ln<4P zllh2Cpp-Q9h%}9ej-ZzB%d*o?L(MKy4COuEk?J448S`f zYPy_Boz+WFb}IRS%CvT2`IGyK1C1riO2nuqbckJz4vDtHLg20DzzW!j_EUKh`WIBB z*@91jMRr0n?H_mB_D*DKm#Z!aOys49YpuH?$O(=}*cf9-=n*wTSTVXy=v7&f(#RUgWlwg8a0Lnjuu#!wnvs%Oi3SL9%1^Blx|6fvh-VY^@qNk&fK>%`c=B}?{BDbLZH zL5Q|jk}%O_ZDO|i@%cGHp_Jmq6n!ftIzE%XCXxiGcT3z^8U#KgjzdXofOhO;O{j5+ zHSXo*Tjwr2kQw*Gb{jrJ<|#gO_5}kHPI%;WH*7uMZOw!*w>agDUpg*x_dZLY%}-aP zPA`!eOLSI8+L1>jCxAQxr?0*#7VwGti zoS_30)BcqVtuNgs;)+7_5y9boUN%A;~z2@nJ;ut1K|q&9T>` z4JJk~N`)g6auB^S3j<-L6~>ymgqmEmXgGM|9)&MSh3us3pQmx;#amaD=n_^ebVR^K z#v`{@W=&ymvl27*Gwh>%8D7T6%QIBt38rdO@I}6L)~u5MNtvovP)<^4DQIvlrjk>G zs(9XY2r(^cdMY1;rJO{A`Q{*{2&;KTmNg;Rq9P&0t}_FW)c`>=105s_K>n=Zp^zAw z;B>uciy%H}Cec?p=coGAV?il=QUliX$&nQTv4X6kz~Do7r3kBDv{FRnJaNiBnvH@S zSEjKOyX$Vl++|fTzZHEr#+BmNXlH(yCx4?Ch7kf02L#44rXXh+cpc1o51+Ix_3<~G z8ryjX!(23HsQ5;ocY1Je_?%I2%8|f@K^xtaUL_F6l##tUXCe9+`+B=MJsOS&;J!C%MODS2TQ z=mUG$7E)gFzIp4<@&0dp5!6dn~Gk}V1I zrhu|{Q{@S%4n-12y8P_c=bu3sEJNdc33|t*;0*~xHTe`P=+v0E2w5?9L714RNa52= zvia-YhXwN!sr8<3R}}M$i9D%;6<*Tp5L1)Wu!-)A4wrTmklTf!`hV{}D{w{A99*3v z)>_3T!7H4f3=4CQI@q^G7q6OijWmhx+l4wmDR99N?PEnEc%!Ktl8^9x+U=Wx$T_?6 zLmP(mW!hL%AVh&2R0_Yko)*3Ds{VO zXpIp>oT-y+vdCTvZjj;U{^SZDnL;6IzC?wG>}k7yi>ja}bw6)C!nlG8RYuwd#FSV`pc(`-hJ^EQ^bW0|`6PdY%w+xE*L-nJVS$q71nJ z%mZLtQihVRFhvVl#o4H>bnH~`njzdf(JZ>ysOJ8SOGevbP)aarK{2L6Dt$z~U0%&f zy6@ANnMO9XOvSI~VE&;m$oK|>{WgRG-x-rh{&1i1HjDjj@jWMa1zmy|E z+4sRNi9HZ(%m9UlLF#~UNE}dh28S{{9re+!CADKH8?&-oQA+yAR*NHkSB)cnfta9_ zLXi-J8is+fsm0G977>;{tyzO&)YQr6q1^eV=g9e4i86DN*W$1RrsD3-B%_2sCJSo1 zfAS}UaqDum8Pzni1-oa{^1_0n!K01KfqV&x@i=Yfqv9ZJmYHzLL2;Z`26nB!wDcLxdVvioBpOWma3o7G?;x6#KZCY=bl(y?>o?60rF#j@ z3z@=bRf*w*ygy^r<3Fh>Q4;K7;UFQXDw3;Vpjy;Bm(#m1e^9xmKWun|a z$@0LE9a(q`a(u!eMXF2&4c2@iI|0R9KXt5=>`)h{!BWc8&!W~Y$-UM|_KN-=pg2g> zl7W2mS?-RnKz;J5VM2WGQA)le88EZ7wT17=QqD%I!~W6&>wmQO-9b%$>$;(LBy^+* z0YV5xiu4wG3mAG=y7XS8X+U~!p$3oup(7x@C`b(`Dov_%=_m;J6BTdv{PxT~ckbEu z>~rtzJ#%Ju{>mR~ec#OceQSO1dfw-GUN{CJNF75#(aJiGhASuf)5^)%s+n>R?epbCR= z`2kd{7-CBtUuJFr#J<-EvK}A@+O5Ege}oZ%V4B%E<;{6Xu%YU zPOh?&qU2w(Mdni4uXwRaYV6fO@D&)Q%cln=r5mfQJ#?4J2Re<=`dnlNH9t?bSCNZs zjXlYXt_fwVAPgb8vMXhRarS6f3Qp4eYYzS|-J#XesOp@%T@B|ywl-0aJC_OG4BJj# zX!ss9#fQ){5vJmlKw}{_ro-I?1Brk%mmK(ZEup@x1Fy?1u&0N=8>Ci3U1xjuc< zXcV7q6PPlK>jmak%bC#UY7;6Ft7eaAerSB(G2A~yhbj!vPpg?@`AW-Lxt8rUr}6r! zAc~p0jD#mv2f+}|i=^Aqycs_(KUb5lNKMQm{4gx|)n-<@n{Eh~nqszR6M`OWp$7;U z<4&YAEWi@lGmtwr82i$FjPYIzGFY^hKkz<^TCd1^KSg`I@V(IrvWb!`u&qIursdKD z0LOPjqHbwCoYiaP8i_f4QDBvK9$Am|-Cn^pt;R-xD+O}fyEfB z1QQgY{KoTfQ6fP|VUalzL9Z2Hy;XguHxxIa6EI?g|7;KsCl@48LyT6t0P2a((Ct17 z<0YFO*$=IG+}yj9(@^O1Qrf&6o!E1kV$M|&uIyy1tt{FLo+Bt^CcdehDa`hHVwAKnE z#ar?zD`9L3{yB_D;}}efP9US6dZCzL0>?vS(r8STr)m4(Aw)O!XhHWCy|g!4@Pr<; z@_PL9#Cy=*vG|B84OZUq(Oox=kdrCWy7bJ&ULitMed}?4C$lDNJz@Cf$3m3p>8@KL z5JD>k+Hn5H8Wkt1eGRR;?{7l*)kfr9dfVFI;2T51aBK_4MnV%*;{+~)1PD&lsA0L; z2!I@b+yE6j+{5hZJx@4A!?|e8AiVIf&}o350#~&&nhj0hDSnibJs$8ttSoo28RIo0 zaFa5tt?sI%uj$7{!*iL_y&)Cn#XisNX=uan>lyht20pOhz!*@BmDZk4jGR{1STBkA zP5OqffKNSAS2GO6`m@L(r;Gs2sDx3T7_O2aGwIt2lxo{Osy%c$PjM;HCeA8CHznqM zL;!3WutT}DMoUo@(Hm%53IA6$DA9`~J;_EBo+e$Ykd@XZs@Udw@RHe4m<>^gCr6cv z04k3MC8rZmFapQYM?YD9)ryc1|SKN?~wur z9)Rg{i3b@y*yXFGtQu<{wD&em>OB&(9p_;cf0ZrN1FEaXW%^~u^Gtxad74Lo1nX=Y zW?D^&<_Toh4L~ujhh0bd>HJHdr_(Z$EgMmx+&$&F6B&FhIhz0n&Rx-WJh2OaHxeFS zm{frC5b4WbZ)5_7^ai?~Pm}Calw|R9fD3az7LG&E`!yy=az?#JnRx7*Mk0tZXY1LA zI@Q;PE7BYnFH+T2Bl#YNBo|J=)X`z$s=-uU0JNTiDDlWX!MGkX7W!u1ZL&v?Gp3{R zC&+@AK}WSG+kmi|JBt!uoTR7=q#H1a9;hSG(9fdYtWP5^oTF(H%aQO;%3DHvQ^@|( z886%!PsmaVF!)0dR+n5UI3gKM9W+5YMzF~y+XfBl`A}fqN>A}fXXQakJX++XfGC9w zX`?NAKQo3KdX~UlXnN*I7ZUwM7OPXsU>=-h;{pDf+QAK8Q|{zJ`CS@i>#+41A857~fRwhZfN>}o0_2ArVfl(6Nj z6<*}Pwi?Dv$Q2@mNBi)rLG`bzft&)r8gl-R)i8$}jjhdX31&l`T?Rlh>A##wZ^ahr zNM(Uwj!+EjDS;+Gtx5b0StU{QIJvXztVf(-RnK3zJ^$KD>%2M5vzn`j)=9_FkB>d8 zKs%FR{P!DjhOHaA=NaKEKzdHK8W1bbDqL9K&wB zU#2*5=AmHv%o_7NMs$O)lQ=d(3{6X{0!0uOCp!1}7*7cvS@E|m`Tux>@Jqo0Y?gRP zfj`nCE6Z;}6O&(LVC*IUR|*Mi8%MRM0z{7A{?FI#6)poZ0pm>~IGqPmsex$npe2r& zr*tq32t>l!4IsEoH16tv=*-JfO`WuWg%6ctq1B}s!5lqj#?W@sfjUPubesW6m@3UH zkP&?l8J8l^UB0!oy@t9;!ivsSS$21M?rkxqDIbP>-DZIW1cJ4$46DbxV zE1Cm*c+8C3G+eYkbP8Mqe4M+$@l!+XZZB1Hd{3^vCwtK8h6I3Xag$@W-;w_`vrx!erQd8g&Q-)GeD|5+^Mu~4~I^ttwB$4^5MuqdK=1SN@c0H;HHl~SE6M)&l!BDOC z<{`%-y!OhmX$YawdJu4&Zjxr1!YbFH{aH>b0?gC@25y z&PH_uE77tO!R5kyGxEh#AIj#hJ9 z_;$PHeuVbt%{i&e+-%C>^6qm_Zlk9W}xEeRy9QSXsOe2J~++095Ax1{le8uvjkUHrwI|oU{%Fs=o61+ z3)KB%;SL<6KDyXc_oRN$)bV+v`4<(7EK0)>s%ia#RDl!USH?0QJ+}ZJmfRU{_69)- zx4Gcdh?N3lVy-sp&57Cu-DGaNJkp9Pxd=h0Jc1#iUv+|V)|yK-^{n0OVd5yLv(9?A zCMXkzairbM;Gk8**3=(CULRa}?evuvQJYlK+;Tj_HBJ_&nwhX(+{E$$Ajo1cBwa)H z0oz`!?Pk2Tu?QRcNG!YMToKl7GFjB_K13Wzo$`RsbVrm@PBt2kLQwDCR0*#(1i^^Lz7@|ggBEjHHld6fYHDyWefiFAwFLf$BXyd zbFZknyra+^WTL_QF1$YPvkpSmE2OqK=l$SoyhN;-lw()6;^8i%P*zc>f~$3S68MvZ z^lDOOXRdBzKO3a?Qw_98C^;Q4fh_U%3(26IZ4^~}V2 zv$zdLFVx_s>z;Af9gQc^VqD=>Fv_fq?C7^SiS{tUY|op-BFFqM7hBryTqE9Twl~xU z=yqnSE@8tj_^8W^LCz%HAT0uMnc`gO5WgGx(KyEu>RfELt*=+{{Iceen|!xuX0b;g zq#CTDSl(J}%2`Nstg!+hmf#tyRL!j`C};jYW2fV{izu+-^{u~E(-1ASqN`xV#ETAN zm6AnC@cCI{;jwh*$^6nAgHQ0=cwE#I__zm6e$7{DTc$#<(PhtU#ZysqPn2k{|BjWc zrUN{d*Gz_SC6V-0Ttnu8+g7T9fcZ^V@8ibc6&AC!Q2ov%`}P;^3_4O?7uqCv2{X_@ zSyLTUP__VGF?Qlj-Ab+nN9*(mTg*qbZSG`sH|~uYg&wA~#GDzXr!W8qb9LzaYH|cA za%?xc00So8KiBI@>`18NV-$0{L^(D3Z^@+l&ud3NHbb^B5Vio;h< zw@%%8|Jeavc%CA2PTx;d_agniz$6-W3~&b3*Me;AcxAf4Ja(zP3-&Lzf*kvkI;t86Rx zKspP|*s}Gs1o`kLD>gS(8Oe9Fp4MtQf&y8q5W47S4IO)eQDQxwqnk*r2`#wP*+LTY zTbr|F{z)0rI)*S>KDkgv4G9y*5xPrq@*8wdW#N-Uu#v9(F22RFu@3OgO0Q)ts4!f@ zi4_Kr;O2PL!;f&XTFaAMcGvGuTcd2Cii~O1h|JHfiU!b06fW74BkeWBGwbmTbd-|7 zyepnSqH!uJ@{-#tIJ(u~0l{omV$mlZCc73BfJVY{S4H0<5zApcWIIc~7@`3n*6<^+ z%>8iL(dQn#5rnfwd_aTVvUTb9+GTsc-37|?n`(A3ZbAt{DGZS7js;4noD{vvIysvn zoV(r>ZduX#oxGCGWSrxPK^2k&7(DD#_ z8kZP^7m*7;*~M`OtIOi_90=&%QlCGF!*lGd3$Kfi(K1RD-dc^4{&0yD`xSs$&}jfB zOG1{q;1z(4i&5`sgKbeP+03^OC&k^--R#;oy%y#S0)d2?vxp(ZyO_gkBC zeObjzJT^r_CgcNhf-9WKFG!3GOz09wDE3ao^$78pZY4fd9d(-{9EPo3;tSI!pv681 zd|`UL+Xr{{m%{YA#t0-43Hb8%!w@!23T=9rJ{zT6P-wWC_=5Z1gs?iKSo#c7(=uUu zLdOFK$qwvZlNO3NLhWgu$y=9P?cUAr+n^6$B!2C37qUVw3U8TaMiNGz?MQ^tJ8_fU z{$RmBU0Em14+TQU!_*ya&c+hp*Pvb-D)2iTRc5fhbM}j#qe6 z*TdbSU(I(po-BKa?!}r!P?#qv`hZxu;5$SB@(5zd=o|LPIP;o4>MFb#?q9pLVuO;t zM#yEIpY6AUUu`LV-4*H)7K$rYX0ofP^Nnn%Wc0@s6f&TxjYL08I#>)Og`nuRw4 z9#u&7osZ76+|~(Fy_lZh5t2Hve@fnMHO&Vi1KyfixVV#cacraq)otT6>N@f?DoJ}V zv?NR`pe2a$?pA*kPz^YrmAT$x_fNPi@FYDraBhYcZE$@bwrdfM)$i64laUnE)k>q2 zIH;M8Ltq>$5e$MY>Xq1OWXAU}0FbhUSN=|k0KH7fukf~{$DCw}rx}^RLn*eJ9Ss`- z=D_hfWAsx8dPd?A0vZ0&R2u$5?xZUq8~+U~oK;`D+j%deiq_e-(s@?U@Yi56$OPZ6 zBX>kB%AQ+^NcRDic(V|F(W^zj&82y&)rJOPoN@O@?VhxUsZMcA5Yq*0(!e2B9h?|F zE#{zlTh|{wf0r@o#274$^Pf3}pLv??S8m^)-L{Ul;;^ujP;lk55*yvZLs-Mq900)3 z#k}rjl6u|O=r!@)XvpON8Mnu!rhFpag6M<3OI zA0P>$xW=?l!!n`%R;3oa;n=Hr$L9fBeQkqJ%rzAr!S`ym zYv>Y0VHgA`o`^M0hO0<-7bNc;A#qQ}u&ssh*rIW*xj#4Zyi_BgA;yCfPlQlsPc{-9 zCv>tGbNnH$b?O-R(QGK?fgO$i%ecaOqW2cv8J}Q*>0ET_CJ(z`YlhLY8q?I%g`xp{ zG-Gj2rTpKdqa004Jbs8M1k1khtRpcFRmOrJ3YG z>5^$tiF*zl(hfXWX@}s=rJhoFmK2IF*OSacDFZ=9QE1XkV8&#amDEen1~(z-0SKO) zX?K8uS2Ba=O`O|(F3X}Hg%A~GW2j{kw0tIA6m zm#WCoj{-qjbRQUiZo~}KZR}lNl#jOTn+j#Nd^x*E)s=WGrPQH$^2iTYciH$k@FszZ zu@QMyVWB+%3+6h*Bw5UFkc?pUX-E zYOe=pg9CE%;}O(>Pf2)S%<#|xSb@y0ABXwN;fO-3oe~@QrRlve3b6xG!xdpwjP>}TK*;RIOA}gQP;U%qmXrT8cebac+2O8 zD}YSp6v5a}kn$K<(ed1hkM>C%TS|+@#uGlXS&0$2`T{>RPE@I&0edk1oSn1<@|2MT zbpL~0?WOhlA6?0~Fw1Yswuc!_{jeVCo}tlpB6ZRsCVd22r!Os$Zrs9fYeu85)Z$?;j%8W;+@`R>D~TVWWOzy1E^Yi~&{4*rp+d|b`$%@)tC{rm7xMO` zcOG)@!BNSBYH{iMuqKb?*glDg8BY7 z-_Fu97c;b3SJ4@t)+POL17j=SYyWqq>ys&CkIY4R&#R=zn{R#*KZ6}StH{TFNvaL{ zR+};6|DfhNf$KTmdMdN=l;$v{i7Wn=)GIB!zb665Ct+2)*QljXA48nY+wvyKu9T4H zQmHvX#PRYE=vnnZ&E)ZVvg3fQMH{IEGvE9a$g-AEWws~FNqt?U=RI`q!jj&U5z53< z;u0^Kym6X=RXMWI{$-Arsdq=-dh{Xw+jrTYsv&cEJFg$7Mv4ChIQFOtH$ZMzkEX8Vk(yln!^cQeIJJ!wZm z53_(1@dkXup9qob#0!uu5J8!n#Yl7S#HlAc>u!#IMEUu#YlGL0yD(0s>z&HhE%@Vw zri`n`>nN|%8!tVFB7T-J46}G!`Ph#AF*bASQmEp({&Cq|vbFY&{%h?-(WTav?u`E! zt-sF7ptEat=?=X0A1itn;UPt z5q9(N-Mkj6TT1z&B$7__L1n5|GjQzDXOe)Y_gsLZoW%TH)$|^ zzK53x0>Gn^$Wc$1RujbiN%*sH*JtOEHt+<2tm36g=(ZTXnz8s;8yrY4-_3T*SBW&B zsX!kzGLVP_t-o(lmE4w%r{-4qX@T4CR$~#=n==<2t=F4OyIcO=AN|ZIt+>L&^f#a{ z&zChM?^m&>9W!d#)mHk=&-Q#VN;!XU1vaqPn#0T#%TQ4K3#bera&wkYVtTeTF@NFx zz}LZ@ZQ(b7PfS;U+Kky_X8DKmFr%>Wu8SubJ3J|3PM_M!a+X5#bMH-~%bXPizMm7Y zmUE}M(nF^&1&*{k$b4ltHjt}fNIC`ttlqmj7lA4>@9}vx)@Tu7xz;GcR~}}bjVgJb z6O@`~4)-Y16P0@PjPI(S*HbjJdn$_EoyCc@ZgIN`!e7z={S7$jogi)CjWk|e;-@{1fo~4UbEE zH^Vdl6`!1kHOkAh)3shm`a&Q%@}Oe5jp)y-;=P0YRME8;X^`_b$J#PyOOG$#E|yg) zwuV$CA7hNNT4g+g(egq2y$Li+Ok8C2mFcEp1#3lY91)Ltju3xTbARX^94(P4b7Ei& z%j}`=Oow86yzRh#Kdx$rX1IZe|2B0MOlV1%n z6!Kb%OG`043RON6^`|vZ)vOPBkv&1z`wfspUHV=uk^E%;5<+b|)p-yb81Z6HO?1V0 z?YXGrh#Xv}Sw0{^*mTJ4^AZ`&4p0V`^zx4Mx+(D+t;cnm^M`^ZFQq6`LUB5!QcOAi zIMymJBa?{<6C^|lWY9IRCHIuy<6fJsdC9`Ws4Kqpz@|T6=A&O*EIvl^7zI_n9CZN* zIWm3g0YG-2mM?mC+4^%t3o41tU0ri*YE|=L{abmUk!p+e_KmhGI`TE<aiXLkTAhr{?-891Kx2uuUKHMfI?bkYdxVP+?hC+Sv3rh9# zk(Iywnbci+-eOs3uBs~4xn3aouC8%Wi&Xe}UYMLn^*4#P_ZvcK8Ob#h$q++1w9{A; z>cn#Zz~Wu&%k!vICbUSoX3TE@|LX&5JKvDjKoq*}H{c>N(RSV=^nr}_Dya!?TE*r;gFmJS_SlrHaeU58Fi?RgTzww&2ju-b0f=cFAs((sn<>Eo- z+WG9eQvTOdzX4jdji>_^90h-J?^rX-FLa-1-nJ?FQsV2SH#RH)`I&B* z*s!RUWDIhK6sqs~awP6n$Tk{&o}rzdpTcP|`vs<;m?Wi2pGheH>eQ}ToSK1}IZgcWJ+!uPOx4dAuT5Dis zqXzVb3QMpLx_fol2|S966}`;Yd82CNqGoU^RoCNCJ5d)L*3pfJFTE=h{79&O0HlK~ zFhiA1V#yg_M`l)W7QZ$lSpxey?{DVMp~D(xPo{h_dN>{miJo^ImtWfA{)@-=_nvoZ zf4$dXRF0_C;k}8T0v&MSG;fTWuoGQ1HM`ID7*RAA&#+Pq)6m2IbC-i#W8R)*oNW4q zlTHp%y_2F-^mjMEv-ATyE_A(pW4k}QQB^LSJ%eQCx@{5U)ggV1U>jLW%Tf9_t%Z-hULqnDwzdq@WVG_K=wH0~{I)};ZV^!h3 zai&uN?Dj_tV8_H<~ zm+P@`Ol9j!oM0{AH#VlW7t6-$?*4qCX|pcm5mBW3kb4?w20w@~-h=OmdT%v*cC*%K zYRP3a+ALe&^LFv}I24p#p8hCO5Emq|AkynII0k<+*4-Y4NI`k6$3D!2@J=v}E;f%y z`|)%>RoRs@-Q<^@hTvG4Gfnc%#vmeKV6jlAPh#-vR(pW)1J`%@37>L_Dj%L!sX}^8 zJPJOzDUcby@252x$F#;R*i|lZluje_562VJVZ@|WsuROA*$Y^4lfEY1SjuSY4qxz5 z9saOQH$X?JcDhcG^%gKfAU)IyYWp!I3oJfu}^rpESu!i8EuE}a`>oGTBP-FOc( zI-egbkgm2}dLFnG+qp8qm!svSIqkzJ2&>vL7taB5Q^dxOlBtxGqSHtz$@Z=*fA+6@ z`Xf+cBo;NlsVRH;Ip@p@+&i#WXiRz(ZqpSGzPbXaBE0Ii3>YyxxNmvA)F}w!=tP>zObMe{Nzfz8gPvHM?-@HG^3esQq9N%sIKsGXLu0Ju>eYR^G z6?{OpRCqtdyw~WgB5hYtO2?~2>X*jLQ`hSli>JXB?t{fdOrL3Z;m}9 zfA#be{nJ=4{3<|Rc{joOW4EPDUa}uCNx=)9`c4G7y?7|tk3OB+IMG>_0v3hZWpZ1g z%n)A^T=kP}mqv8epH?R(HfUY3Sj`g_B% zqq5MY$Q~Dc9Sp~qTeZ{W-QHtmJBg}FBU-06la?O>tCwY>g~rp6guh)HUhB@NUU1BK z^a%GYs(KP@+Lp}oIwUzn#remJnVp$`-}rxOs8btzt8a$6DJi0=9G06im~;>diF>0{X<%KT3)^&`<*+6Fh)-(8bKXXJY*)1&2D9o}by&d^v2|h$F$X#AHIW_OsX}X| zJg7a_%dsf+P-1x!IVRm~hi|&^@Ggy_P~d#t#dpqMVRPxbuLC_v z@Vzl&zs$VqRC4#dpY`w2|BlJO-;;mFYM4?TY(u(*c+FaF%g59tV+iHw0G9y2b*76e km5QStY22cf^i1&BuiMUTx8%P?lw5jDzvr9AlKo!%Uk-|%KmY&$ literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/filebeat_ssl.png b/docs/images/hedgehog/images/filebeat_ssl.png similarity index 100% rename from sensor-iso/docs/images/filebeat_ssl.png rename to docs/images/hedgehog/images/filebeat_ssl.png diff --git a/docs/images/hedgehog/images/filebeat_ssl_verify.jpg b/docs/images/hedgehog/images/filebeat_ssl_verify.jpg new file mode 100644 index 0000000000000000000000000000000000000000..9097178c484408fa5b3cc8e4a58db9525bad1b91 GIT binary patch literal 14493 zcmeHubyOYCwq_sP?cf&l;N;*I+%-5sgG-QLK@x(y1%e$cxLXJwAlShV?(UiZfk1*Y z{NBBDXa0Hf=FNKR&a5?e_gcNWtGd43wY$2y_TFDV%s;FH1S$&33IGU%1h71Az{3(C z3m_x?C4cRa9|Z*s3>olIsrlqz#k-n3?c-O2tmk%pa(cW4S)b7WDp1h z{6o;tQBX0Ek^ZVxCjbD{$D2mQLB&EvMt!^lgoKQO3ZS7A5|Pj+gLUcmOIg3KH^Px*jhkq(|XFB_fs9(oUQ}0~3=l@atH(xd(l$on+*d$@^m2 z^^-3+e*^uL$)oOJ5x_xyY(t1l2uK2D97m2j2XZP5T11h_a{0`JtWp2@lb0~mKz%Q^ zg)wfba21=@@UvHZY=)JI7)F=<3+wT=iVWZHky}kQDH5+O8-O{v7GvlAhl`SaJKH%^CADqgy!G1O z%)E)V32W8L#9!d`AE`VlaQDu#_@J>utrOs;_POa5pT!O2`9ec>y^F@LSe}EWg6P-B zY^kJ23Qm&NgExY8jd6pkZsFo$o^I-Qy}aEkr6UnP(j{$Yy(U`3Mxp&BF7a#~&BZT_ z8z?^CC9(Wi99C^`=$P`|sdfsn06kp$Eof9DrK>wt*o(ZInpcV8&8Y+>iGyjw z$m4uLW^;!#kr87_rtUhRBsb^ohC@(1e!;JW!OuJbtC!2? zw3~FRwUIk>$IT$=hC4-8m+7FA3UA8|m&)>ydxK5%=HJ zQq>7rW0b*uhB}j~J<_WLA9-=>b{6>)lx;o^_m_r2VJ!jE99*a){mu$m16z?l6gBr{ zUXp4j^))25(c|-LP1Z{b+?RG*A{lD(GsZK8lnK<@agZ_8HJ+ZSo3eMg z?0L%Rvmt`NN-Yut)I-h?)@>0y8RVTxta@P+yBi9c@Q8L?n&{VgOJ2*v?0^59#!!T2 zIpvY)^Ger!q5Be-!i$w6#ZV}iRBXW-ufQ4@nCu;ROlda$qpzUNn;G6DydoKlAM`@8 zwMy<7$>^2IDRY)?RvshH1=P!Or$Upl;zhU=<0mt^(J$jKc^8N7PiRVyLu<>#T5m}m zthb&s__z-Uk{#q5u)M-bOJ!GpCYNLKO`{UB1>&a4(9v&K;w3QI<{d-waG9U|N-He+ zV(CwBJwX)Nmgc$exfsucDWTF;UEB`oyYOW+#bv+iac)_HYUteXTxEe_4I{%5X_Zm2 zO`7Q&AgVC^@qzTw^s)jNk@4$TU9R@&?CK6~NpeHy^43{Q^5eSEOnFkADrN>uR)I^2c61EfE@GZsa9z7o3mqfIBr?tPQ-S4xz(tfb6|e29^nX@Z-q#-w&67SABDhS&0LQR=8WfProV{5 z2uJyXxNkhBKg1&<`@a!kd>`F*n(@($bHQw|E}I_Dcy+LYvZw^OLE}$pMBUd|T|H4 zp*xT1Oi76ct&I1L?esA@eaL7Z4+v=ttwCBS@OP^d(oX@k0W!oC|1OZ;ZY!NI zPyNbn(}r!CiCHvVC0|wXS`prwgyD=`&BI0-)A6?8UC{C~qt|8v^7Mv0T9BS0V!0uR zx)e~H0NqATee;FRJhn%K2Z2{4H*6%8RT86Ps1fX*5yI2l9GAR0M>?B~N0&iirG%xS zlaU={!za#6T-|{-7LB?yJ5Fpw99f&P91sluDEuR@wZHSaY?cCH8ru4rit?~||F-wBb^uW-(_ zJgt2I_^@N*6R^v~g$rY<0qtmukQ_%Iom1Bbz;d>s`%tsZGT>UoR?;-!`bP^=b+A?|R`({E-JVT9y1ASZiE(@7C08;cV`-K&N|v==z?d)354#ZYOBbye~m)4vQR1Dz~9xEDY^6Ctpc zBEu^D*<>6!YqvfM5l~9CD&=AQ8kU|iY?Fnq=*OoY{tQOE2d0kB#jQK!bh$>O3y1;7gT*KgON6p!`%RYs^TPi!(2n5h(2InA&RTpXc`3#9)u)MjWkQOwvm&76xoAZB zbe3rWu`>0Mu!J@0sCw{wQ~*}wkhPmtB;PFC?n9rsBtgAKT%p)BNW=o$Q zR~touvhB6 z9+rWU^iJ{a)KB~!VpTiImg`3*Lw{ZO6!WP!r`g>Z?zw;YuD$qgaTyt&kRO@&y@F%6 zOYBLnWtub3BJZy^0sJtK}3$bwFTIegVl(7aE3`w zR69m@J~*s5v^xy zJxrq43?8Y`37ADTdLg*=xCPQMq=UKHBwlbrHp$y143^pU+y!V*3xo5p|0e&Wd;sr+ z{kDph<^sPw=Nw{J*v0s;SPM#aT$FNa#;KUm5Y|vpzO1>hLN7L=!HO-I*JstxQ8oh6 z1>@l{?WHH?79xIe(5`n23dxnn7uSdt!HteTdR3CQKX1nKMCcInZeM9a@`*i>0=1qn zD_}RL32YV>n`iZ1{TcGi+L4D9#5p*3Mp4)iCH{nc)6Ui(z3BOEkO?cJ%T5bT3e(b~ zkc`n{sD!bqV-ZN}POJ4oZD5#+a0(kOr}ALJB)wg&cMTo$o-J{5( ziBYyv^D&NbuTH4jk0WJufhB z{A!AHIVj-A%rxceC9X%OdOIlJ$yF1A;X;!5i4QN?>Q`#!iSIL*;!Ieq(zGI0>kGTIt#n@2ep$fbvodmt1C zQ}sx*^vNwZH&3)F1(gf_XnQMf>_L0aGd~P}_|fRjsgv}9)okz)o%ABS%Y;vg4d017{6+roTA)slxH< z^Lw6mt6-s0i+5H*goBclz0G@gm_pBj?5*S0N6_K z3?LQ$u@Y{^e9jv~6+J#_#|(zwayRkVqEfxxHoftr`pS{d-m6_)ia`wL5g;$VE}H|Y*??%2M~JY(PS=QM10;OVJu{r zW!IqGHAQ2S>*YZy=H6h7wv3lpDRze4>e$9?dFH1qdZ#di$tD8<#{^|{QAs~pQQF=j4Irr05s9dMMFUm)K#3&t)zGG`tqf1?kIh9S zeMhgB->RL6{wsnPbf2NRAofdT`Oi1l9g5Yoth0A5HcQ`3dm1v7y$K4r^>vc9%!!SQ zU7?xci}m4o*WWmcX;C2EfO5XfHD(gW&94#aWjk0>S;sdi&<)5dtgXqJe97kgM+oY2 zX;BXYuS<{>v5LGe@#H`{F)w#=vN(_I*Mt*dK%+cUVpIM1}iAA3g}cDbzV1@kiA}|FO&8rnjBQ4 z06*KtL{|2nq!}iRptSQWVYAIDVH=bB=FM5=#2owHt-U3myCQYfOjn0LgXby6$EUF} zK`I`}2QZcQbg1BBCTJkq-E{CVOFsL;sKP{Uz2$O zO!tmV@2f#q`8@X~M&DGoV_ zRwaZ2_^mF=c622TrzLy;;OKuz0_QF z#n!SwMy6TPz?|KzHl~kqhBAbN8EnHQ#fy|2NY(FUm2E})A}IecLUQU#hq&AfT4!P^ z1Z8Ha4LZCIq>I8Wyj&B2+>XU!kBIH1y;(Vsr=$Zmv+W?E;BAmRUs14O6u|Z!^&$%Y_`7=Jj9IT5`&*_b(|i6kuPO}=NwTT ztRGIQ$$r+oK3$2+2|D(jxKjrpn-WSl1Ex#!~ zDlZ&5E}lr(I~JYtnzRAi4|x2cacFhmjjFd6xrwh|sZW<%gXx8iX|L)XN6DTuLM;CMYjw#OSKmTyUc_=XGAuZFlNn4PCCA5#XU5qnaaiZ7 zkHR5eI}$s-5p6FevQ*^udHY3z(~+kTfm>LgVf3Cr&K*7FVsZPbiBN?-R5Oa?dz2z3 zq3n|jPf$FP>*)zAhTe2%7X!5J)Tv*jR+@iGXL`Zh@Q$F5rMvgk^iUBG< z*$0&S4}iDZ(OgN!5AhiB0{4kwXYqo@?1O6^_=(b-;!W!Zm#jI9ABIO%NvVtP6rIJU z&P$?J6RSV`@upo7sqUGtdrTv7)&GuP^sa8~QS*Y4q1Qn+3#grL=#w+izcYALAM7g> zuJ4#^y3IlmyUVDAlVWi18HSahbr^m_Pu>L7CyCWwk{H4Cuk+F`!@Zv?#g5G~b<4_I<^3?B)4UOCUZcU* z*4JDs4J)O@469_k0NIe6olZzxqb7! zQ&=^`k0p5jk|QQ^Hk~#!QvAq6Ho~)4*LmEv8kaGJOwil27{8Q>_0Pd`a66;vljCFY zugAYkBWmsHUCi)|9gb+~Po7VHVtK3ZRdQwdo#$>VzU7$xa#rKiqL{;KPSG=s^El6d z*5=;_BVM$Rik1JPl@q zlj53{?8Op7GY!TO*lgn!8@<4fLdPDif9j0rmG1AOi3R3S3Mjg~&^ zdOxnMJ%kk{`@QleE@iHkXa#pJBpv$?tS12osPZvcpWrnpMB1XOpsFK%qI~bb5}G7< z13xyjBP^i1`Z`KQOeign!?Zp9-0b{p8ja{=#Y{|BRhEk&S2m&Fab*(ye3&0zVtkWQ z5+W>wwzR(FEG$biQrA$dxje4S?Pwz;uo*O!tL-&MT$Jh5n%$e3x=K%A0DVI}W4oWi z10W?Uig7q-+TDmHMB0Wv2$R%7orLi3`N9->8cLGR@DL*_P!=WQ1hgl+-E2xM_odmmt5s2 zmZ#4WYNw^LZ5B{%eh;bJ;(D{?EWB;Kj1tIgfK_aL0W0LeEzsW>h61NP-;Ehmz*};+ zRj$rYYpxyuRmZ&GOV{+PPngGfsXJ_{)J_onSkxI$)e^#{MUo+|Sb0)Sq4!SF>2lqg z)IIuAB;WXqvDiX!_VM#dKZWIEdMf!@Pz+q4=^96wX!TqgJ7=#jdh#==1qKSZs;jtf zO2`ldLZIQYFu<1L^-%5u(Bl*See6mS?AWX^ue*gdbPYn@F?%hLvRt8J^D z^dd&$tJc1lG$Yj}-Ev5t{~0Wwj{ZK`!=#4=llal;ShW4Z&hbxPRaN*W2$g;QjkeON ziu#0`vt){P$4^~3Q^$ZF_P!727hBUd9dgQxO98tbtHqVTJKg-SYE-YXy zYD47cb!!)KGOXLnf$CSiF?|E@RJ2yg6(LKVUfo=K<&<}|Eh-k*D~J~NaqS1-lt)T& z&_L~pRlWIMq;MRkWT~g={f6Owo(YFdHEw%2W7cl7$&`M^GIt7xR=OU^vPtM8mFSHh zH?8U9<$G5X=w~8^yF!}kd-C-eY4pw)x$@l(80eSj#d$+?CV#eRMGJZxr9&@WKW#7) ziJ7ptdhBaN2ikh78|QUK5vSFgVu3R}taxorcXfzPwEn~`3@v;lSLN`it>Y$j>>6YT zt5Brtsnx1SS|b=Jf(FcI3cYth_j#%t$j&}2Vd$aIAFmq?H>LgPd-dXmDBvVn_DpoTNYdmG2p}Q@~yGl;n8_$ zuUt0$;`$aP&bdrA`lsJTskaXLkT*XAi--r0eDfi1w-zDjNjY+=xxmZD^&16nq%mQY zm2^RkFVZG1v!pheQSYk|3oA=>kue6F{5X_VymTMsH-gkH$IIf4wCWwuT<}EspQ~%x)B4yg;=1+heOj@b5xXNP7b*p-9?|2TDJ0O@^xGQ1P3Xp7Dc)6h$u?3 z@V0JJOuAnvEQG@qmn_rZu7F6Ntt|hjO?gmw^WJo?@%LW}`Xp6@#JE;lp9Hs8nzaP? zShEJgEs+@L09u~WT1tut3r~*WEK_ANt=A$92N;@fa^ z_>!GJUx3bdY)?oP=TF&Vvey+qFY;rTv)TMucwm#Ehrd z+tD#eXcKJLikfmKA7p8~xtyAOZLACHY*XKcm85sv;x??G&q3ztsbfe$ZxF8yHKpUiMJML<@?f_-jR&AvARoO#;hA~qqMH8nf8QsfDtBxn1Smw@+&V~P*>7oZ)zi)piMY&^^ zXY~czkMA#|Uc9GwwnUNJ=6|zq?A(TFF>yOF=^dvg8ySS76BMcg#juqOi1oj1*cprI z8!KVpH$jPyDa*Vu|BRv8!#n|b>u4DNOSFo*no^~=bABrI2RB_FnBZ9I*eKsx!R<4* zq@FebW{FR-oC?4Iyr#YF_JD5TIMyP|)e$Hso@TWR_TMSJ?(Lu!ZP`cZ4=r1@ZH)iX z(2x8S?mX;uE!I*J#f`f+!M65Q6E7iMrZ5qZLihLGWh_)^=yxF4kR?j+Jb-!sI5*}z zrp`NIx;Iq26xCj=j$q0TuT2+f;0kvq!sK^ZfM{fSGcd6x7YWwcLxWVP;JI3a!<-fG zD^F7+RJ6GTM%a%gzUTQ?h7cjEmOxSYMl<cP9mQ)Ts{8ZHVY){V=7(O?C*Rml% z6MVTz!vn?|3V*qamqUJMdhWP{M-jS^;JJGiyQEJ1X^LdyxUk;LPvd=X`E-@aUvtPm zF#r)|X+|k+nMFi;(S3B|b+nSQp*A8zu<4$#4G@Z`QCR0*@r`j^jCVDwaAQYXNdq65 z4G++HD9Ju9SVg#m)5DnnyXQX-^lJXW0VP@bI|+1m`@fh4+EG;!z1X;|S4*p1I!hCc zLm=9f5w6bE83x9%MskX#*aj%BkSg4c@ap9~?aVecrUaHkyU?gC8rOmOaufM$QA6QO zU!|Ae$)vcoL3fjKr#ZREv?Qe{G9{YFcuyIi$V2nEm@D$CG+}O-rxP5*t)kQTX{RI3 zsIqJH`5Cr}4#hTNKQ+o;>)St=vm7&jqt4pw{Xff{{Ypolv6P_I_=|)@%%?H3PHrd? z6CpQ%!U~fDP~2JV5&*mHa)i(5-;Abw!Dm{k2`6_BUkXIF9Q*rl{CC*Tnz80Lke*ZZ zx(7gTsBme#8giR2`K|e7_ee*pw{h;h9=chJdt+&tE#>{n%S+h+5%!TTv*r`Ft5=&A z$CYc)OZLHOb6yArZ{6Gaf<(@KT7)nxwcsNoxsF!}G{vZ~gqnZ>b| z0GI05w%}}zWc*;!}?Y!`Z3J~H!msgo-9Z-i(T2+<)^6E z#QA^tkz+!0`z4#W+}Y3ZJiz*T{bVP3zevY%>t(?W%N%+DXNf#}=Kp9W%BH(`Ik$g5 zc+s^s%r>D?JlEHu`1^S^-o2qlw4UHMfosVx?_IsmhCH>)8cu5_?vlQTbfoJ1OWA*s z8I4+_#mHQKPy9U7FUp}DVS}ZU;c2#Hi)fbB`-dcfi1<)C`=AWW063XX(05#kQ_pQ~ zhw$#A`<~SKZt3d^`dR7Mi{X?8c~$7#@52Y6o9b#%-v#TU-}m{j0T};{?NvmVzWRHR zZpu~QiyJ!&o2;|dW-D70VK+!YcX|dJb)YO$B7mZir}%8@3B=ImTltH3z@lqWQEhHZ zE?SVbXA+EtqdoX%Ar%f7kB%uxR8{JPk|b^IL%2Aqr)$;Sog1&jO7%#|;a5Xx+ZnH} zcE=KlEFX1X`~$7=oWsBy5FJW}AR$6ZacEu0h4SYH9{!@M6Fn(MhBR-U_?|E&S@~d? z`I4DM4+;T`;cKJk81Y!XHSb*2B_PeWs%eVkETM|1&*s{jAvs_T=D}ESH)HT8$JJ%< z^QaP{?LN#6!mj56CoY&J@Tn+wE0mv+>m?a~noy=T9pEiI!9H@XIwS9vf*nrzH%(w& z&lrT+cH57-_%AcuxYf)*5mFQXGW)%r;ioQ~27&%hstLlMW}r)F=`n+p>&|?o^AKqnQUF zROr{o%4L%8@n<=y)ezdlkze@1l^NGaWsm=`M6*P_{G4#l*)j08@@GX^6GDQz)d#(@ zb;w_)s$%c(Z;Xon{GTpt|G_l>nCd7H4xCt;x7N0uu^GjSwqTb7W1xkc3_Q#1u4rQp zA{9@p3Z2}Fx%*I~2lRvYLqVLohTS#4QBGt!Ha;xq#ydB9asSR98XI<6DewxN z2e)HA0O680B8?04t&83)Ty;s3eupzS0X`_YE?OAX_4uJkL*pp-`* z3yt*(EaHRfOhkyjsvNd)Hc40k@hZkBf3*ZyHnZuq*|F9Ht|bG;4ye`gK%=xqFN J){s3c{5Q^xVwV5_ literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/filebeat_ssl_verify.png b/docs/images/hedgehog/images/filebeat_ssl_verify.png similarity index 100% rename from sensor-iso/docs/images/filebeat_ssl_verify.png rename to docs/images/hedgehog/images/filebeat_ssl_verify.png diff --git a/docs/images/hedgehog/images/forwarder_config.jpg b/docs/images/hedgehog/images/forwarder_config.jpg new file mode 100644 index 0000000000000000000000000000000000000000..4b1d95c5ed97d67e8cd8a69f8699a8e4b328e446 GIT binary patch literal 54489 zcmeFZ1y~)+mOt8f(BQ${-Q5!0g1ZEFcS|4y5AN>n?u6j(?!hIvOMtg??m0L2%*>tn z&wT%xH}8F?Hbt*pRjZcts;cf^SMTTf=WhVAl$fL#00ssINPs@T^E%p&sGGS707y#G z051RlfCB(9NB|5(!9sw@-|1`6cW^KW08|77fHEqG{@Lbd#sP!+?HCH8aet>{K{VCx zZNNb^GZ;942s);MG7E@C2OWz+**x%Xvc7=maZrBo+XtlBZ$18T6ql5hCt_h>W@2Dr z0r4}ju<$T(@G!FxF|+fqa)bUrt-&&XX#`^bY0K}r|Lp1yI}|`Qf7rnRDu?)8M`%zv z^gqxTztcbM1q1(^j(ni@;J?#ZsGtf^`kTJb|LEDDs)JfSF9E{93utHo^K-HAF|e|+ z{Okk_78Vu(9svsx5sQTwkC^2@ou0n}C@%m7Fp#k%05}R51Pa)5H$Vu|6ABauKSSa7 z1O^TP2?Y)F0u~M))SwRer>7vmAt9ikAR$4m--GG_NE9ekV&>P-XbSo;B=+bmAEUBf zkiMzvz)+kxC1W*k@P&oLe1(OLLry_SMNPxT&cVsW%_A%#Dkd%=DW#;WqN=8@p=oGj zY+`C=ZsF+U?BeR??(xabKOitDI3zkIHZDFPF)2AaCpRy@ps=X8x~8_SzM-+HxwEUg zr?;bJXLoP^;OzY3^6L8L_U`_tT|e#oBmK>=e_+lCmnEVi-6~z+sZHt&^Yq zH0?Lb{?82a{V!Secf)?!wFn?UfPqdP1PUMstem#{*Otk>4mdu>G}lN(CDR|@%q)wz zeSJxI_igRwYVTC;M@anI$-py^rJ4}sR)H1nth|!MiQ3bAIreth38T$o21AmZvdN#v z&Q3Om^9lJq%#$1E@w-{8CT^m1fgLVFU32>A#{^DPn(g4P z9eTVFy{u2{84V>r#!eU)gsWM9@#XyLY)Znmo{+j+jWE(BZoV|htge+mDkQMqpjf7`nqZ#PdW z7jeO7;Dx}aXMhj)>8XwI^wXZ;MMwL|_qo@izk11d2K)$LKLhEA&w#h?FSmZr%#N^C zyUSQ57{rendj|e(mB$stfAh;rW2FAwXW;J+{RhYFQT?*q@frBL78C!doD;gj(ZMso z`p^Y(F!wX?>+JqXy=FM7>nrc1$MwUk1-xhA@2~uD@`mVb4dE^gHl6b#?EW#BYne)mM~@i1`tYQ>a!}@H<$S%jlDCTDo8eHM_sN?QB=S1J88;qoPy-YjQ2?C2D?|H17ce+f_q;X`ja`e z{47JU1X=B<$N9?r7ThFiZbEC_Q)>@7?_PiItPOIN4$bf8{?W;A8juzFiHr$~*${#(xU$;mbUf`1^Q#+gg663@`hOPXdvE_JjXkjv2KB1B#)(jS> zZgP5Q6Ig*SzAI;q*+YRkpik^J_voI~%T4+zy^AnSjw9HLC`7{A*eYL>l`rY5;+u$+ zaC>q7m)lQY&K#ys9^dzf&Y3v#vb6-*86jj?5tVml-dySThk&G$Gnt8E`XI3W3AIIZXmc)xMC2*dw&st2)rIXg!(XF1bO>ZFyFi^wo$jt*v1^_@r+ zmXaZLIN!IVTrihi8}1u^ehcC3d2LOt!Rr{w9lbc#riD~gcY%c;PZdu{pG8^^FoGNb>q-stJf|5WSC3Rp;nYb*pSZOm&)Lrc>3-iI(iGllxX{DAy_gVA*T$^SVznnr1O?v;BrM(z=iW%3G|i=#Mv0RL8sa2!6`%V zC3;~y%n+mntZ+G0G}AW)Qro(ttV%^bnMAI zXLll3qldhF2l1(7DJPza?0G|5J@w})J9T%fd@Zub6zvV&la zF%4GvnU~8J!{+FFS|c-6a8B78Ydc{G-c(-)&--c9E)PSBE(Cw?W)m-`zKQ~L$ML6k z-%pS<(|V@JJ@=A!>(l3b;EI||mUHdg*uAufhyoHKG}NB~P2)8GHa}zfnYg!Hru3ms zcgr z=YYDId-+4+KAYyp%kdjV$Y-Fx$olC=#yy6$<}*-id%yP#+@qAf`zIB7?{2HF4D(JI zg_60`Hkl!Dl^9VE#^b|2~%%Nj+Rn_~iC}3UhVSA&CJVtTqyf8zMbDzidJXyAxkT zB2y{_Qk|RouCZf3LrE2r*1u7e6*_`WouKV4@F+-ABMK-n=>+Svo({gFVGYZHG%Vmt zeL@dIJX7wTD8gC^{dOOo5$+Aw0&2%`1J_RWxe=O>6%VhH^s>KDv_7AN##X**?ZWz@ zX>|Fe4V1Zp5PCfAdJQWvSZs#sRP5C z2Z_ne8!oh&*;jRMQVtS#w9%qriZ;>&R~Q; z_zE3N)9qN-d!-+hzs++ueg59@NR~kR`h$v zrTwcO)$k>y^TfKrU^pL6PtHvI9t#B_4E>OOqZPK0E=N6T(odlu_y|YK6hr}W=Ns>% z-_~sVPfx;S&wvi${oKUdJJ+X0$|pbCT`a*Zp0z8`g-n@k;1k(Uuk$Xc+#n%jPQRS{m1tGmban*PB^Ga1sIBH+2{ml5FPx_ng$B*B|V9Kxw zVvRgh$pc`@un206JQSk#g`ocpTFEHNAS_q^ypZmLuMhrjoQ`Fi)`<4a8e(E%1~zdf zwrJ+p6Ye$iofMolW?ESLkCx(6=DD+5MLmZjsV_B|_$}d{rE1 zC9m{f=21xzqE=4F*6aV$M;U>M-|XvE4(ViMB(y{(6o`bF&3?ti%oW8&=6w16PVw&a z8F~JW!IH#kSlFe3X9*!)l{j&;tbP50o%KEX+t^L6CQdZH3Jr#9Ym_$s59=_#W&Fts!F851(?`hi z_LGlK=mkdvme z|Ff@uUH|WvAQ~Av8iIf&B2X(KLpuj25UmHIIb5CWe$t5`8r{%L-v~sPf@nGikb)q3 z{%5(t-{`}iwCQj3Pn;1zcTiRo2HEx#U?ejA2io8tXhSmxYfu|DP#ZEMYa3Ai;Oc*) zjegQzKWS?#XOM2crJoie7~7~QfsSOLj0cDVl7K8A4-f$cfHPnYSOHD|J?LlyDsco9 zLG^F`2|vzn{PG|!0}z)vUs&>;O992wE?AHzI8NV1>v5c1cvYi0H9W% zpD)M(044?i9wVQhAF`gGAG1MN<}v_$wfV(wn+X71SD^C9Uu9$&0PxZe0P4Gcl^G-e zKtmt^U@h3`JLvx==O^q5ZURDu&kFzmQ3C+bK;SH#*5CXFs{2_F*(0HDJ+G$=^0X%pRl5+zN53tr|Q~HOnd(~WNeB~AIT|L z{i13*gbf_BazK6Kf`tBA@^77kq=PEo{De0l02oMUSV%BPP%}`}fF%D0+bTs(pkusN zfW{+O&3czVTr^eg zYwl_8K$6%z#B3505Z*6hdBmEk|B9NAye)$%R699TRg2CG)4)}nQ@k0^jaIsi&TafI zLCLgA`*eHY67TOd)T{A)W?n;uhiZJ>4)0;064NF|CXNFM;9T<}a0porcrnJ1v@>3J zm{2-7I(cUG`KIj~_680&hxa&kB~XsrX#}s}tq|)J^$vF^IRq^Y@CRU<9JRB5()o5P|br4AiGf zWiY$TJZY87J;^H}ec!j^fHZ)_WHmhP~6>-vLcpnoKq4X=WduBA&j* zW#tKUX`M@7o6ICE7Cjk1Y< zQ#l*G7=X^KkIaq4>tRY$LJ!~wLI)s-(V+EJrA;)jS(VhTip<3-z2D3AEKz zB=bX`0Atb9=MY2PjSLnMp6Zd0@eCdyF}SQb+L4fy(@{Vf!Ka|*)R~%|B|h@v-|Yu^|2^GF(VeB~2^4)A8p|Ix&4kZC?5yQIxgR^M; zW>miZfk}LAHl}6r?VIU{2peCU8EB<#Hxp`XerA|_^eI|rI6ULwuh_UYgGu5qAt|FL zjCH7Vk%jpdx)qP!?hne&g+-EfV~DcLyurhuOvyEfh3t6-az&&Qx6_2x$yv+cQBLpo zJeccO&LF4`5wbX2xY1SRMUu?76ca@phFOs}M#I=!jrz$QwJh089&vry#U^P_R4p+k z4aDJ1^p>YM-0|)rpUg}I%)jX8V-aa%h3RQp6#9>Oz7{Et%vC}2B#NdWD$1qafo6JP z4u(X0@li(LW47!uHkXWnF8qWMdUl00o`@F^{^Go*96a$JBZ0!-hB{&<% zme?-jxaK%61-xFQz=}(kA(_d!szorGqW$zDfz&K~e2fSTFObGB#f_4}<&6skD%Qo+ zd1#J$W|WG~P#_cuEU;ax%;aO7=mXrlC>!#AMD)KhmeSg7-YlPYWhzP$IfreN8R@tB z3W<>KLBt&d{f2voSShg4XxC;n-hY*$bGn%%AIjG!rflPk{RS=E9qba)$+6#IEQ0v1 za7wFJ^1R~nE39*wfe@bws8^`K76o{$Y`piqGK5_Hc}k$OvBr&oYE9dP^B^gn+q#|3 zL@-jZ`SC7CxESNg5(vdIfsYBPD5}e54~yS<2C6i)gEcA`v6LwjCYCpqy`r>JWw2wx znDOblIY2f9VyL~urlep+VOAaQY8-$VllFll>A~4NDU#=#flhh~=YCEwX{50UQlYG#E3ju1ELI zOqrHNyA5={#VvnR7+r*iB>F;c7(ofT0}N~!k_K$)zxSE~iWFH8muc!YuWvls*|;gd z{boCkk#25K>g088O05z@#RQ2ZRvyAUC%zBF#ay1Pr=wW3KTouz8^t8M#gcpxCv^ws znZ)GclWTg$gXF_^PIq1VybFPRfgbCw2r>|0^su|w^`T9tH()!bxsY;VOpdPxKlQba zY4#0!xj@2x{&twoQM>2x?&T4V(}#$?jd;fk$F-N>oX>?ah+V}eYKq<{<_o>aest@2bYVq>Z^Kp}ykW*)?eSjKaVsyIRCsB?tW zvaQLp2Cbs3B8rMPkfexDvO}Cr5*aHV^4ZERF!*CNopb;{ABr`<4L6t{tSb^44@s8c zYY`;+DfzG9idg>KN(g-?pCj#+>+2)qH>Qj_1}iJiP?;rMtwVQQzA1cm!rGbs@UPdF1Lj$Xa z70M=#+`)y;Ix;HjZLWq^-0al4?*1Iym|bA3+?2}97E3w{8?4i8XR-s8AmKNOtio#c zvDOFD5tzU$y=EIc5#hB^@XM!P*K*;IX@#re7%riNiVRgqjFd=`Uxv*GYmQ?c8>29K z$TUk75hvBcI%B@RGnw-1YUO_h#FsykTdnTe(-dW^(W)MGsQIdVv}f4KLV}AFk^tfC zcMDdd?><8hHI(TIaIbN)#lrTmXRRl*c(mv*kG^}5FBcgljs$Hv(A0x?1_A{|721tS z>}#_Od2XCOf4-hUXQ)3)2%&Yux`nsrq>=?&yn9$5SSp5`P?nL!XY+d@kGewvS8HDt zIVAdR&>oi*J|80>&dt+Bllez6eKJ)`ZVa?ESylt8PoX{a3`3L@xD9^_4d%6+FXg6l zr(ZgPHbM?DgLrtk8RdxK5=TP@O=GbWf?}NVU{Dem3KPtVPVY^Fp%AL*baQe3VJAn_ZN++yPs_^XLDX8k z6TR5|yqel1$Nt$<;U=XP{ahYSQc2oe(0x=?fGt~7u#gPwi!&p3>h)~Ck>p;KDLOZI zvPoiPQjD5K_BGfB)J$U~m&!PPB1C+W$TiPiDCA2O?<30Y#^t@@jm7xakm1?I%-Vj$ za3qFUN}z{6Fjzs;^jjGMuVB!_Iv-Sb%u!f8{g*7+Tjtk=I_aUB4><>Jh!~;}GZ*Nm z#e;BP@zsh|TUuM5(SEcSm4<{m3CP&z&MPnRJ!i``+}fDsH6(F0r}C?X>3@=hJqoBD9Z%Uh)Fu6$%K}-KOrYm(zZ@X|P#nc0L1> z-k|LdJco}c4=4N2fMLpIAZU-yyHnkg8t&=||BTr0!Z(-RH;`qB)Ymv`(eG+FO25p= zT`;Z?L{Q)Izg(hyB&!H_BNQQ>M*jT{awFSVg_X>1xB!eQz}*T5yvj;HFV9>O$Algh zW9_rOnK%nec}C%9dnPPJnNf7E{MX1-L9dALk;nLa^9HJXr~aEg^KabXQe%C*T?okN zVG!_(DWM-`9eYVnII4U03`E@Xw^=FO7xvNbM3+SBp0;0RoO_S92#S1oxc8plc_e;l zpZoEu_;A$f-@VJu8T{~4_nELY7D_UjveRIR0#<=)f4 z(Wmwr>cg-ct<87h*K$_)k4bVy);Mc8_kz`)dMAg2o}^~8w{sJZF-tJsCQ1vqVhz1t zA`a8%c^_EP`xn{2uwQx`U3aW4#9oU{l$}-NJW$pnJq;K9CG0OZ{uLnC#(#~oe>H4A5~A|)L4OY}cv}q1L-XQ)egZ}h75ZV-CAX14_(pOjeh1sN_@fXNTs--P zHYVn4V!LH}!bY3*1&!F!DdJHWW+Xclh{UXT$%q2J^99|2u!%aSJTV1|A5ez-!p6uXvYP9+4riV@5x zw?u!IKt3HE5f>M-!S8NF4?iGAFQdq?6}1;4iM8ed%|#z2@*W_quPgT8R*mbXr__xu zVp}%Y4wj@pqBG9h^sgMi=aiCnHhk+*;@R0bmNM|_m!?{}1#6zCpqt9z&$IBhF4_qS z=Y3rS2F?6&?R^Em8^Nzve`7r0Oi1U&yhEF_p!LJUBjf!^SIQIV|NmH&jP>)$I}B1$ zZxCB29$b!Al9EEsSdcdyA_GwX;!td(Ob^E~{fVXx=@V9784c-n6C=L&C zxtg{I#z<;yczF&2_xummxE#H^jfmFzOMKvYBmXF&0E zs+NXd{f+Do)B}-UK|J&L`^<@&{vS=M|2*{nor$=gukv(Sg2uni85VFr1D#v|w9EEL z;lTgcz5*18G2fx;A2l3w-U|Mj2Q!pT+HOH(=6_d^a>i5Opyx4{J>&vQQX~^!grC-2 z3W{I-wjjxsVy+%GG2|8r(mar0C`TsNRB*sC1mls3GwcD(RPAC~h}x(Myp3a54@@URxh z`9sR%Z^KhS{nl_;O}x6{_VV`{@xS>b=NFIM@8|Wu&hjB+2n`X9BP9NDQem@y1lI?& z3BIrm`HN=(D3qcfiR#~7|C}ns2fy??;%peVrMZ_73~$MHRf}gEDKOWg7jV&MD-a63 zI4TBBvYYI((*e5M2?_TW@tQ85J}3KCw%RpE{j%iB`*(#4{u@mBCFZ}=VgEO!7KORlbRgmpNk7;&FgDw1gzci zwmei_V^4~jW2YqftU)-yaQ$4mbqMGoIV{{CxAHVzuprDsks0Ew22n6X`#mhBs#cBKzQltF<)?{5Uw>su13_h?!7O#^$euBdGK@NL%O9At#Th>vc#yT&$S!AyT5!da0wx9h6pPzYxZci zQv!NZrHp6Zqg=9RQj)T&Nc3o>$#%)D%WxeDS7Jbud6c2Rv53TXWL8D&VS$)i${J!z zp80|*(Gj6~IIDpeWtSi9GG=m3x@^zfGHBetCN?%&g?&3rWTQdL3t|luDMBk`bD929ODBR0N<;G~l&y-Qd;T^kmUGq~; zOlOsOYcbL=hlF$R>zvPDyOXyMXZDDGZ9eyIBF{29#vDy*(MydHRTI(RRvvWErv~F^ znn0o(>ARS7_w;-(J~c$EHRxmv+gVb;j{QhSl2gaATT*w@?Mgt8qimXGF`Y-9pXwa1 zT4H@?$Sa82VWqc&&09-qYO1Xr;L@t(ZVF|!j#`lI>boY?EEyCqL3M<(L6~9sDgV9T zWpqG%nV}&L4N3`*fY2`Ysep4Q zUl|5&Shk(KC2?)q&T5OE?_wdxl1CWR3SL2^kv?V##3%^2fhOf3fV7L^AEZsgkAztDPiQ&$?R!eMUA_Od}-=R}Ot3 zhhhDBb`OzD$U&1V5w9b90KzZ{6dLp%6kcODq!3H_n%FZiEzQ0+(w@s>fRr%FFOGpN zjrLaBK(duzb=H+4#+~nT7=&7@siDPmovM;GeTtyWQAclICwX2K{!xq@FPjHbnCg2f zmq3yNNJS#7*USim6!;_oo({t<88ZuUaiF*@W~_rk2(iO zXA=_XeDB{c&Rm*+qbBFUpT%HXdu8c13dh9MP*=&y3RD)_nJt|z5L>S^B z6KyZufM=jcQ?>Qdzi!ZPTWrx4eXB?%H@(6yOW`}$E|z&|>Cxzk=E=l^84U(?ee401 zq@|eF52cV!Z|FB|Oesj%LaQZ0vzx1j$v6r@)0}8>RR361mPXbr+l9@VmH9#yBZK%7B7s-5+FILB+;cUoH9ZYDbPh}ihp);xC64oWj0MqMi^ zYHYi(=EXuf;AJmo%5X~V^rUP?*gL;T6?=#}Kr-#c9DAY-L+I@Yme<>QA8^Fg*R(hK zQSbO~G=vZ6cTpQZXc;$nblzg^?crL)nN8WKr_sCC+4cpDtgUV6mA2p_DR&mQ#d$Sl zpjh%22hFnWLmw*$6#y55JfumXBvyU;4#2Quh3zDvBtLOP9{MBRcvRle_`MoU$cLdh zdvBG}QnKjI#q(86L|$C@S2=m!Zrjx!jo}=Jay?c*yjtO*KKWk9E!gz0k(t`{ixx4M z-S)l^Fqs)Z0srW)601cvOau;=t;-A=Wu~9@1s~r`E}}^&j7O*8ILDDI=1IP({kFA= zPK@K8EQdWCzg_d;aRoo~$d>Bu8TBB}VpWK}9Patj!ab??H`&Ccmm9~PDzTA*7PH^D zQyRg*(DGfv-fEvO7@QuaX2x?NI#*T($i!8m~BHC9h_1FWVvMGWL5 z);XMSBr<{!1XiY!36VYu3YBr3>+E$bn@UYffY!{=;;M_$c8RviBt~3oWqdv6$SP#Z zci77D`m}xe!01;m1iA*uNVlbFj6zd73#%fbP{yfX#hs|@kv^Eg9m< zsBmnyQ8hKt$&I9EovMfHBrdHvC!?zpM?Ir3oto-m%FE}P^nGv1jV9`o$ApxYeZ<#+ z^}Go~4PDvl1O$ch`5PpPNPUX!&+*-MC1EFd*-4>^KAejJW;<5hE=Q%DmkbQGrRH)f zd6<*to7iVdSM62NlVv!Vs73fj=P|vksUL7dC|-(aRnOZ8(bU8>q6gJGh@ZBOru$Ol;75p= zP?V}*1sw|M;%{jJEQ&iJId-$5CW)XYgSOMxWQ8ZMX2VNd{mZb~8a6$2y$P9Wohd!x zy;>zrH=Ei?@vYX=F$`2mI`xnIo_1}cN8f1ti2p{efi6KYCFFoMNyd=t;4hW_a5SYX^_z$V z_lIn8PB4-0J%ioMt`cH`w4m!omuEv|WES2XW7`Hw<6Hko&&Wli$-`?`J1D2X_D9Y@B~jP%*9Ge%t!pVW4~Kw$VaE?ye{20**=Jzu$Xr6I%_|k7w)HS3R|8Duane{`q$pbnNRS>G77-Exxa#Lp zbnjg}6ifBuTc=USX5L}iD%OULgmF?_8J4bcwtvlZ=j_o`gE}K7Sb3a-r*Rp>2z4a5 z`Xb3eBZfv%nTCRvC`>e*DZe?7v2WfSSGd$GE2c0wXnrz!6I{`!ZO*bOH%`&MlvYo#ScF>CDUJ#6n*)|ODKd;+;K==fQ+;$}b#fSb zRq@tE26Sr@4$olNuyb)k8-3!LOij-nr^Xz{VwWO+8obwabItb#6_;;UDoWaW$7J$f zm4oxi!6uoEa2*LHER?6>_7oB(slIV=qSR;*%CCU)iQ+{)UHbxw`7 z>sNW}GP#=kiFLMrl%h#3^utw40fMST4}!nylYWRpB7$~(fN=WC$M$Te&=X_DG#O4j z{oG0O9|SAu6zP%GVa0yyab;;?`LhDF`lSY%b?<2gKJWGzEp+)!Y7BI-WD8>feaM#| zg+#nBD|B;Hi9qXe{0Zx*uVS>Ko7iq|C`LnR(CpBnJSWM~vY=#%n!WI)0}1&rvvRD+U5ZBA^8eRpgE|K3$aDX}g3zUU^G;-LBYvQ`BlxuwCX zZ-&X|BELL65?LY*Q^o~bYN&o8p0NJ;oR)&b7av7dBk?W}Y9{M1ed{bDW299Tdy5qZ zkgv#xM6fB~6(%Mpbdod(X>$IJbYtUWp_xn+d@Sp-i!Q>IpVS(PeDpA!qr0kO#g(!wbqw!+%^k~@^t zKaiXv<$Q3N?vPq7>oU8sW^+N%=}nmgwle9240*lQ8pE>wbS98Bt}VP)86I+$-Jo68SEc`M(@ z?58;?%iKeQF~i9t<8@73{J4Y3%CV(gep`kcYWaGTmdpKzEbn&10op5ulV6ClQH=5+Q*F)5xF~rncwoUN~3oF<-MdOjs)@NXM-SoW2t+Gw^dNFa9(_;kGp) z%;@XxsH|kNSnKo@N3q>~Wf|y7QZbHcFV#RTY_BZ=116tt1}4M`hBC?g=|l*I@1nK6 z%u{uCL6pj(bx44gYaX<7R6ndPkJrNayQPW7eATxnN*G-^n}T%%8!G_^=NxUJx+wSd zS;T4Ww9fv*WTH0!l2&k7HfbV&YqqU~&r&!YM;muU%~sWdCCiy`_BB4#nHVRQU_^P< z>wI=31AGX>XO<;_eQ`zNbJ8I?-nTAdBKOAY7qQ&{6fnpjzk&f_8YLkQAk^UX)>)W) z`b)(qhNR|{&X(pr;bLx|S&bp$i%u6N+c3M08nm~p4ttpZnlCm*uL3#oE{jO4)x}Zw z`K(}%@5xEvUdd!DKx~NyG9lu1w?Nj#=O>mQQmrV4%%;ZLT|{6!R0K1(H9(hi-lgE%{RWdEIVT4?;2FW(RM0|wH2RGKrH|Tc zad_J%j)50xnJp(S+zD=CDXhELJu8!f8jt}4MTE~GXG&7##NUVe^{%uj~Z`dzAQVCTokMsLbmc% z0skc{$2NECBYl$xhuTNiykd>%3fR2E9x2@GU6YkBH}Nkum&7}F(DN{_>+?=~S2D5~ zfh;SHP|4&V|D+bfG_ZHc7!Q=PL(hN#i78&fq=ZN>vk>b9c)-LwhAgw{Mp`MQBD3Yf ztStYXR{gD)^xlD!sXbN40Dq%-*&4pT8dT+mz=Njo@-RZzH40U}WAUhH2_yoAZ_`c^0#((ZTVvxjS3J!NObwmMMn++$XL? z&T>5QL6Q1++m_Kjrj zCEv2Ia0>ka5Xde*LH00&aoLx7mL*AAGhNrtF$(r)y}OS|?cVxt{V_DtRhQXgfACH8 z;Z{BaP)zl2Rfj_D-S`_7UpF7cYltmPpm0lAkH`cm5wZjaO0W#E1T6cBIjL+vMfzEe zycVYCzjHg&vh#ne%gfD^;u+QAtF$7dq2u&3Ne!pbmX_dA*mT?L&#&qumh#PP}Ht`JuoDYP*fQj{=%CU$to5KYPmRgp&T&WiCs9^T>Nj~^2Cm5xnLw0su%s{#b# zO7NCQj3rOdt6f2~6D}2Rvj|u;O!A%ds9=5ii=vdM%zT3V9^fOx4KP?MoXxFy8Wepk z9hV|zY=1Df22D0JR$$48R^F5)J@RoUd~X;y7&Y=wp+~Qcp}26>^0W}m+D?|hXHph& z6`2)khT=j;Op<|!+^%5|^%^W32Om*z4x88v^N8c7p&cFf10 zzm_+Q5fGL~J@wgkF`(i5kiBjd(=z}+-Eosx6vR-@jOmJ0NGg$&joT#Jgid9WB`)H~ z>?fNTAleU~xT~e+nhV1qIt@swWQUe=J<}6Je1CQUV~{D+-j(IKDHZj zL3>gGPL_a!hP(9>W_XYfI)ZV6iaq2o5j6Nm$#?_oGo%r%6-M2~QtOnE_;M`^S~mgFuw`c=pDrP%7X*(vr|1{@xzy!Oj7N~&o@av2qpBFUCwwQ$%sJDdbK zg0^dza5ihNmcEoowZ`N64&D|?5)FPq&ECjUO>JP?O16(S&kGF5_#`)wL7jqN&(|~lZFL7237@uxXK2^oSt%ZYI0^%h1=p_CN~!SrWZSZ zF~V2FlTTWHQZ4@aF-}voXOr8ne$&y@H3}uMPnl#YP#iY*#R}EsrUV$|4UlVa??BfZZ#a=Sic2RQ=V>-<1RNwL5Bk0|tYV|%C$eCm^b2h-)R+gFK7?6LU(&vQ z!!cRao(5M-T`ZML^IA%Ic12@{fzf6qO3NEkmq%KHQ$e*sDRjGZW0Q{By{t)lP`1x- z!?}lLL(eW+mkrO%XjTBKlYSCB77lo07On-KxI;ohLb_i*CNkP5s?j-B_sCHGzBrDQ zy0!j%b@*hVN?)J8FUDEyV5g+yl7ag)R8!i7gTy!rB23-eF3Vx**3%v$R?28N`7|6U zdLWU7#grk)MB(KuA=e8;3lDL_EPkqqi;0G-oFY2DUUMmWz9P|E_WL`wiTIASy@P{| zFwVH$R{`mlPf%g4>CB?KD6U~u9}7O}QejYQRW{(GU~~xee=9^Xu=?tN;Ky=ltbO%P z-F6a-aB2i zuNXt*bQfnImT{dSth==jcM(voAHK0@!T?-B;fbkiBE1`ErjfuFpm~1s9(m&W(zar6 z?d`^KU7ZyCK8;d$UA$qFC}nK?6`pZj{Fc>Zdvg&F8>O&fEREQQVdEOy9~T>--+Yw~ zw4oi@Xd5jXvDUg(e#A0&SK`uqUDmk&iiIjaGX%FVvBd!q*ZMj(52=&-dBj-O4%OwHa* zsX@!!~t4HkX)?7WbAA`Gn+9|?MI%4&!RiD-6Sm2$9a>`(J8$4fvkb+)L^ zVlWoNm_2C$7fKJprN>7^-k2B@l*?}3-+O$?&rc|!(|Kd5RBN6s+LdqKGMetu}hN~Bm42B4WY+dzmq zghboNWjo;^%ze>w;t?&sA}fz-O=@+6d3r8S5q1!Jv@|w0M)F9D^XbKWbyHhy_ECYb zZi;(%_A0?)sop)~zzFxZItra-j*r#}NIT)h_FH-`<|s@S%l_z70xKxv_$`je9LpCK zFj86y)%Ua(?AtnGg1Qb$F*b@Zv(cTSE1%)v;q8yj29%3nNAuXBx0~q5tLQ&p?pS-A zM@USsDnhkJ*XbG4aiB8flN@87M6J??HV5yKw5O9(y-Z2;`G1%@%da-uDBTAwUfgMM z2v&jzD-v8oa4YWa))pudq!bAuI0Q)X;!bh55~O%>inc(#rSHi*v(B8gW}PqdZSo&H zlD+q{@9X+qRF0XaE{dV=e#r`l2Ajy5=+eHhu~&48ly@}$#jG3er>k>e_1P`0&;1&G z88UA6me`BbEr=JXSftT(#3aT+r$krnNZ{TES$A#Q^nTNk@v_t8MUP3Ebr)hE`-EWV zjl%Stj`2!%jJU5Q(~&K7)yhy(&7^rmdN#& z8kJJ64H_10HFEV@l4&bX?r(nP->j|@^ICJ2fWC+>Tb-k zg9A`;2S?9{gk!?mSTBONdzINDdY4fs8bwcu%*aq3t0;L^u#r3dG8fw$dQgvivzh@a z`UfzF>3JPdt?(Qj;s4m|uw^Ze>e1d^Pk%Sd;g^-u2c6K06QhRClYncwB7I)dF|f)Y zOYFS@HnNAGtUCi2-{+cHZ6DkR0w+lS$Ve*nU0v4n1a{7c$sC9bjCSqey&-OJW3_D( z=x{F9s}f33`$q7S@p1(K*e>vh>trAU5K$^|?%zdzJQYH=1mps1rnIP@=rMQnRUHpd zu!ZTin3(a@7S2oaVt>35_<=e{f5BDh(62!@CG7!=)g$E|7V?#NJu%V*ZPBgZX)zS&d;@VCjpr&sz@Wy?@Fq#+dtT zl^JSR@4{Et2H#d5058f&LaUTWE&hs3@5}`q+uD!9-?TnhK6rKAx$oMQI2UnN_w)%zma7Jm&B-vsP?PFV&`HQ|&GBT1HO!kc;D_Q@QKUF=xzgoj~+6W^|WxNBK2CF%^E7P=V!crX6= z!(hu8TH+<&P=!tCPimpdB@h|F4#Yu+H)_xcVsD||uhNZ@XbUtyx7wQ!3!G|m^fdU?&G|W&Zw>F) zZ2{tonfA0;&rCKl^ZL?LguZ59c($)NjZGl20wy(( z@wROYs+{3e^QzMM2+iU zx3Vq!Wj)`xsqdO}EPGF+3`AI>m_{WN;Sb!L%1R;S6InqU3@64>%DJxg;krS3} zrF$>J>UwK*u!)qWJN7(}{!ZmF%%#gZ-{T7Ssoe2Y<~p<4KGMc+tsfk&G)upr1TZDf z#QPHF!s41~CaA7uGxd~VhqJ^q^x);si4tWNQS+*8kNzl@9Lv>}NF1?p^t9vnIt&Zn z$z;Yi59;Z=E;v;P{ir~nVMoUtb2&Rr@_d;WM-V+*S$)-A(ymuO0bY5ZA^H1YFB_

    JRgExz-8eT_wZB?j?o_MFXc4j6OjWdI- z@+g`p5|g{w&^u}X(awT?yUAevT~!)6_In^a>;cXCSa$8=iX)Nm8!ypz(TH>351%JK zatZeY<(Mkv`)AaRk7Rc~L9o7$$=!_+&Dt&<2Kw{AJ7=3dw>3By{q`JFRcy86VfK>Vc`l|)Q6}{djgK1 z_Bm!gt6lEsTI^`45wv*K@wLR2AQLjMpcM{jgn& zZH+><<9(s8(|<$9#}Z$dS1C**996Lq8G#oAv@0GvZ=o`_e4YMdjxnkAm&q9qWQ5^N zNep97A}|`C1i&aDpgI;ntmbpey4+oX7OOR_lRuZ#Q8ZKlz5KudU#qauHckMJ=ZxAs zH~Vq&TqYE<_2YP$TaD3(*mkZXS}Hn`dvfy={mz@Y60g^2PJA}4IpxflpU2=iZI7vW zX|5pja%h;Lf-_DS_-lx|CYrfRH!a)W#>ajgPyfKNa_n5OTaKK4EO{pdFv#{RI2JUNdar}#v4 z`LU&b5K&E?AC8*ZuVs!kSlrA(=wgnc;>5Vs_~K03BVvSLSZ!2GIv1(8Zyn%X^zl5f`})_y0;%zmvQNXj9T zD&@@8U?1w0Z!iRM@Ce4{adM3&Q_rewss6gXeWOtOtxeeU4g172bY!FC;fUZ?NBC;n zks*Bv4vL(%-pWQb`zU9eT~H`>XjkQNO!+ePa~{99&?%B2Jc=xRb!tF9;9^E`)^|Ya zNk2!WjA@TfByfUF=EN^7$K#X8-ztg$Sr+%tpZPRxnfsaEtn(cH%Bbw7^RZ}3?0k|{ zQb17PMGg4nDuZ0Sy?I!eT4N%wjHxXC&`GgxeLcT@KJ%L?;cBlw_r9Cu^a@hu`SUA> zKp=(J7|`Qq%7rk}qu$30q>ULS!s=WBnfIZza5k>ni8Rhh0#35E=7tI%Eked?Z0B`s%Ut{}wm6 z$}`8h9b1phGqFVL#gQ9C@bBD?sz^^Wv)6`JPkyw5Beb0v*4=oLKki1o%Y5nbwN`Lk zMTsl5@z{xkG=m?Dw5CWb*`>GUhbR071W=_NNOtS%a*d=nYeiX+-u z-$Li#m&T=@6(4O|n1_@+L0EYpaigvP$CjS1qwvbc)-_!7t&;~+@0KinEO$47o^~Cb z$l!(=3;be##-v!3K?i2sr8Cq~(ihwr^_+7}N4ieLXX_sT-CN>MW1G(w z+4u%>Tx{Sg@T~^~X-+ER5g{so)Q0R>Vr54Z96;=(fL~{geAV!zO<`8Yow-QHeaL6a zK)y5N^eI`V<$9@`P2m2w%y-?*r)_G+a7Q+*jHa|;3qYlRmd0S`*Q3{>qDn1mFVsd5iDpfOtX4=tdocC zz4QA#lvxdrjhjOGY&fp}Jt*eW)8xCSd!z}q?uKPp-#mM`)>0R>^)@@BC1;-9p6&-d zTgmk3?}EVDwLSWJ`=9ToihKwXY`BRy=>Z9g>>c!k!8Ewv1Nkq$pXxneroSPsub8AZ z|AZBoH8j@FEqpBaA=pP(&z$Z%5}n__;=6Y_OqB^-lJFjugEC;{Ttb$`;GXpAUt_OH zNJ!jG`??o9my223E0T}+5Pw#&-~w{W3xTTeYqw>|B1_5y2g0Ldq`vNWOinB zs|$1YwZixDP-w%ZHRFYA06UNG$*xNX6`%|bFEX^FW8YHqxdE`pl3RMI4b#+_%L;|^ z-Q#G@*t)uzxcr^(s8FL@42G`6XCo(ZM}Don%vVL0y^KAVHr`|pxb8`dxeHH8b`+PL z8PFqW{Ci1LSq@owzL$YxNiON!?O2SoHfzmlw*=%Sn1j=xzP{rhZVbNa^~{IVV51s7 zK_fl=rc8MH++g?F9Q!b2Zv@8`Gf3I5kGd`vnDLLXus~xpfS{_=Qwy%_(C}WAz0q!2 z%+zMwq$uFJR}dEoaLYmDFCAmx z=;Q)JaENW!%zHaYk(UeR?H#ENCa`cIP{{{4!E!6P)HU#$WDGi^$FdSRk)^FG$$}k8 zY#QuxlmY4KB`hNU{fK5Fj1#4nv6g4$DzOHioPII?-L=?wYImm?iU@ty7MOlgdgdh* zo|^3bOCbH^tnY+bq61d%)F%4gJa~&SJaDi(_(<4 zYKwxPCoZX;1m>p*nD*}wEtRliFp2_vQXE*4rJK{0;IaG*QZXQ8B#(`@{$rR15h~RX zFkx+&2?OmS54l8k(H@(9Q7NM*)Un8LK6oE7&$nDK#Uvr+<&s)kQA(o$%Zybnl^bLeYRyTv(R)l;dP1_` ztI2RSUaXsnqu+0fy5$|zR*6B~nupkGZ~Ls3d#=L1bJ2#>4f@6Ju~N_p`62XcI870`_H2G7-7mnw1@ zo4!pbui_@QpY2soFva>{fmY|we`Hz{D{m}sVT%$bsmdZza0Z@Y3F;saMC+5vV;p`^ zw}19JwNFO-NZ5NIa!96GhuV} zv&wyzGG?t|A|*N^r%j4NzH|hn&<8vjPAu*pzpTC#Wi#`E}lnrY0-laj~ zgM8iH^YUlk+n707&uUKeKTDhaf``u};o1~3It;K)Ae8%YR;M*DU8Po!u#NfioI)Vm z?$Azdht2*i}~Q9orqoaB0SOq70Q%lBM| z_w)BpMl)`>AdnH0JB4s-guS`N?)%cg$&DpH0jI@~Gw_lt5q-L|5Q;uEB@LCYm=OHv z_t7{*!*g#o-FfP4??+)@le;f$^uOiNc44Xn+ddCG8QFF7hHU&7o)XVwEP8SN!QP+# zwXp)f5@~MjHVr5>*H(QE4TOrTQ!B(c|EN>s%&FzGdW4of8+pru&$p<%QS_`peXP?}hg_u!YQ?uu3Dd=ymV9Sq0~?g)2kfYs*5zgIq|j z3S5murj4;1T*k<8mhCVnn`pm1wbfVc$BitK5>kZ-9ujz(ro&Up<^9?OoIsM9OwE&h zgLqQLlrJ|sC}a~g;ImCx|2}Z`Ftzw5E%Bh!6b{v|#t6uqXH7sL1a29~9mQH(>xDs= zyQgU#TTcr^K9IL$F*4>%q?ce!m$pq6oIe)9C>0aXidHFFV&eY+uREu(_P`RGpLL6z zrxJ66>EHVuoe9DRgp%Ir*YFl38@~o6#1a};%D9USvJbNM2EeBzmPSpsV1AA5Hd!?mB2$3^pHwG!Tq?iVYyxq4y{`b@a2cz$ovoR3ip*UeX{wj5 z$dR49SbS51cA+4ejf;-G3cFZ8@B`PDmfAsW6LA`aR7KSKNY&*H{!}#!CP3tWMy+pn|a-lem5xdJ7n8Hlo=u` z_hnuctg=~KDUtk+Qi*Wzc#)dDBbHQ)ho5_Q%#AuCndEe3yudu?T=imnbZ~Ib?q>Go zto{rA36KRySM5@~h=7Z|x}wQt?Q^!CKBOIC&v)Ut%}++IRiAIYEk{ZXM%{>W{#+e{22n#s|Qjk&a^3qJ=8fqBvyPAy8-`Qbr zSvDig$N%(f)rKs>y)GA*jC3?|5WUUj9hP2=R_xfaI!^aNvz-z%9mo}EyN|w$5~xCem}9JWSvQhtuQ6~ z2IQs9yG3W$qM}L%$25;7Q5(N?jHO^na$reh4``9_v996I>-UdQd775BN+HGYfrB+6 z=tfwWJ|fWUTUr84sK78+CM|%VP$HJbk&ak3lhTeaJ@YnuF6@9e^o^(}^TtwXq2ZQS z;naKRR2fiplhq-UtYI_i1Q9SQs1HSc1LsJ)yJ~OXF0LHM7uW0C26CCIWy| zs^TbJJPeDwK1C^Vhj(J3sl;kl1fieU;wVz&-K0HJsgNlI1!jYn!1}6qf{1-~2QUc< zw4MUhYr%4G1$XGxobN(6ywG5^Yz-pq#MzGM2#N?3O{bGI7I;Xd4A9(A>P4D7b{`&o zVoAmmKOdtO$E;3)hL7E-DKMU<0prid+LbEC#_0TITGEhoZgo-$R@YgXM8ifpmJMs) zy8f+kzAf{E@!+i2=^1X#EJ{48ej)R%*|}ID?wWZ8%rPe~45CYl2vLD}v94$BI~6<6 z3R{s94q#r9zwvW_gqqL^7i(mFok`6{zOl zlPCgE5aCWR2r}XBnSZ{T==)S{bKDP6-FRahM7~87+V>tmFL0ZhlYNRgc$UhEG~F0L zO|Ac1opU}gH`Cc>pA1GF9L%`g4HBZhG34&#A6`q9htlCOKxwQ@_<6a$OmjQaLtx4( z3X;xji*?K!j*k6$kbX7fxwPXHOvVSFC45 z?+0qJBG0T?6S7aqNwJ2C`YYXgV?1QTP5JI_6174=6p0;enY;>-OeO$s_8FnQnZ47# za}nsLJRdM07_Y1GHYm2}CDph#ouq?AtW&M)q|2DGApIyOoBl{ACu_RT3VS-)ROgH zrxIQXbD`@so!yp=-&H5@VCONJkXq=@?65 zFa~;tW254EXFd$ZP7?mIj$(ZfhBRY+BgZ13<^<(uF~qz0x!M}`8FQa=Sva_t<6Vyq znHx7cWjbJi$1j!zF$i{%rlct143xUPUsYyrMb{ioXhS=R3dvz>&e zO!898Coa-Z+~CbuO%U+&kTi>3yhY?`J{v{6GC(Zna4X5DcM`(mkGZJ9u%J*PW5DD% zkT9MTH)~F62v*WfwR%kFUm71FWD;Jv8bf?$baW6j9va^m59ieMF6--QdE-xJ`n8o1J8c>H zOuEdfX62m{b;1e`K!j3Fo zhx*%N>Ah-zBXZ;7x1Ihe5$_sw_szIoS~-K~%@xzh)8!)yzhl(oIc})7Sb~HuHB!+k zjqEBSg|DubqF)lx6`Bmo?KK_WoGDL~-K`ieF&;z3i4kA~_9*Q(P-ip4po_{ey_{4HO%67)o!%`>oNxEvM*eE*@CTUTM< z=1N$VfP7&7i6dE{LovRA3!bB0fmEDf3ByOnuI&f1ClIPYAdf9$a4--v9P~~z)CSRC z?_?v51d9&fds!Nc7w9U_2Xl07zRM?aS90{xSLwB?G2*U!fpOcFC(TvEQ+J4UMcO`* z#WdNS3Yzy;1ruHqv7bbbEc|h^i3Top)@T|;8(eL-vv@leZG|{NmlQ_BYjw~mh0F() zCV3)rm3WyKR6MPpvwshE+dQm>%wm z21>6~fRA*iWLaU;1e=K@1qq?_L);#yVIn&A;2FQ!@t~Y(9{-f&_Ie-9$Y5)U@cjTv z8!HNS86S^{)W%3AvP#o%XZllWYEFJ)4gg(7R@V(>%f`syh#bU`Z+v*V>9W0KJgw0F z==~!qGy1J%ErY2x7zf4ZPcegdBFd!Au|g}?=J<{FDqf68``e+g%^~v8QPmtewlIc_ zBR-WuR(W}OAc`=gbynRSQ&)@<7#-Z#=ucVtZqUl(GqiEm)WH{8>;7DBuV)@&Ef$wU zOH+`j53ryi@GMk%z`5Xp$=*<(iW>!ohY{Ui|C*e(I99qfV8`A%gN4wf2%B10-Bwt< zwIL)apj<6oD>>Vpk zpKtW6#3NiC6*}G7^_52yWHw-tX)1yDIa}M`&mMtdAs=}O^&zqH$^plCW4U^f*IYcV zD>_n_X}-=cn}I-}D3Q}ZbbyY3H<-F4g6xV@9>`nZw7|)&<6@F&l$ntUKXzp84RjGf zg$A%}#T@SII3B$U)|#8?M)3R$PvhRJmNPbm@}N!Wg$7~F8~FG59W$w{+(i9Tm<8-m zVn1zec6)g)qBYOej(5(gi#AuRg~mb_g?P|T+|@!^srmP`xZ!Mi>GvG<+(?JyPX{eG zvCp>ceG%RfC5J~9BYKOFNrUcge0ZE0EvmfCnI14M=td+C2f$sVEz&ReX#G4)Y>|fzJ+;Fre9VoL z(*QSKA{Z@c%a^07V!Dw@>GOK!0WsSLPpGcc2b;28Uhp2+gMwNU%%SC2Gd@NxEGLE- zN_$F;j!EUoN@_q^twIa8OVEYn6- zM-H=+k)YI5t%qGiPZmSdo1xa&Y#5{U2ZvtY-Nc@K&Z(4_y<`(X*<}ut92^| z$6T#Tuwv8$KFy0J5C?E(U5~wqisi{ARA(A1wxVGuyqb;KK%J% z*A zfh>70qXz%EoLs$08aLvYI`DhEQ#9`%YGE{i7&K4u0)#b|?Y%+#N z1k-evU719Arr#jCPa+%3>b%kjf zH~WV#)8`}Wohaez%w}AL3=YaDQWe0xP%$f#YpTd7*M8i4@3$K}mKRaM6g9Tlk($nB zIjM=(Vj@Q%0}6B5Pz>S>xO$UH`S&x01IOdH>m4x5A+{j5K>U>+mqv1@>(+Q+BwMJK zD`Su$yzGXz$N*NYVQgDnb84oB!str^aOlG%bsh+C{p7{T~T=ZR5{#u^z%0m!d|J zN(bN!rW6IG&4p3z2ziU7(~AF(AB0nrsQ36>esM-Xf@I+{6URT(_eriz`t+~Nwl#QU z=|czs@}@S)sGlTa=LZ-c!UgF-!pv|qJ}4PZlm1@6LVnf|m#P8+i!9KT&`XR0^0diSar zHSl|&GXB|?qmV5v9Q8Qvx#gcdvnu=CNH1)*|L%?N6AwE+^l5Epn}DHcd%nh)tG|_} zuR_@|Ju;lD>S$d-b2D>}iG<|lsY_~g z7`m5FiWiZ8#MjHS8A(G%3n9+SknLF0UwGkaE9V@h@}c<+U6L z69;6Z+*3^0yyxmx;cVX?s;W^FaS^TjXxF4+MacAR9`Mb?^WCuFc`YLegTv@b1eS{m z?P`pXP;*#-tWyo$J*lk;^)|=)F~Ds8$R3O_mIoT{lNmq1d&aNUo<96vK}q88U#`XpSLKbA7IdvOxz<{5!+*Z+L&z4v?QYWo4X*y*dgBgRMBwx`6AZcdpH z70LBd#%MuYkVH`Egp=|^ef`&dqfe+GxiWGg3<@LZO)ZbaqSOe130fk_kH4{cwYRxo z>@9!$4t@}6`o-w?&Kh!BUGbIAk6S_ql?9n3iL5jp5Ab~lp`#WXCOI)T_H{}6w%a-P z0SXGY6)j3=V>xm`(pbGnfh^+KFWDHPY?Wa7w^0tZu>=mN;9H1Ljn5RA-!?Bd-?KPN zY_o)$cOiFcgW$U-T9{p8mK4KXh#I(R|_@pxGtTZRl~Wv*CWv zL1lIyss3F>(3gY#hRiXxYRRuHS333#v->3wkd{L%oFvLK zi6qP7@|ApBVT8>v!%b%QIc;Z5cKnjaEklqj3J>jDk+<_|R%%3DK*8yItG{W{Blm5n zq-VPvO|VviG_1Q}(Q@>!&Xe5}iJ0<`HO%yA zO<_Dl=s%GHYlzMgHMs=>Q_BTvK+5jsXR9!XaZiwPdyv)jd+81 zXE#Lo?FDKxRJcd&D%qcSmrQW7`m02Th2EzSQ{4M|2zF8M#Kn?~+vW8p{djhK*F;Gg zAmg=S@yjifwyZT|37i3}&Y~w^lQ_i7y!XI~1uEL**q@}+Ho7&3nvTMIL8tTBWqU(( zM^4@YP;G+JbtO?}!$qeg;O5nPjM2;^gIs(4XVLqEY5guN6|C-)9A?=>ZA)4z$AUli ziDnhIZmG$19Crn>HJahf&m+J=)AM}}7$)D7Mnv>s9tfZ%%7ssIvEUYCwTS6VKm3z1 z8l#NLH{6E5<+Ps`Q5P(fxe=^xp0@pxKmsGlu%dc?A+_S|F}3y$hfZ_$;}s<(A7^Mg z$P(mXuRBaV-1qMX=xb?1p5h@tXoz2DWhp(!(Tvix(+aK=Q)7N}`K+HGWzK7Vchx0&1Td*Eraxdu zexEMVi+TJVVfj`kxRT{4KUI|m@b8_ys4(znnOgloEB>$ z$G|+|bXgw+rsJW^Dj2_I?vUFya#?ls;WoDi;VSCcIua~IOj-KX^^SrhS6a#$AMJ4K zPP`@+Es-<>^e|6$AP?00^}oQv+XqEmvXw;n;MHYjq3*?ky;IteOhak4K;75Xw?K*4ZoR%_(k z^`j=PWl%Wxzf19>I)v(|fJP)@5#x9iBOXu#YE-IaR&pjy{O8A<=p_AgpCX?bdRMMPHf6Wn9*-`c8Z#ZWKSv;liuzqrMZn_+ zx|$R9i@iUI=W?HQeD~7G1yc0%@GHjwwB}_}D12V{Y0!M3#N*hW@oQS;{1pX$`&y;3 zQq}^(e+wCO6iPjQ94r_|#p&!qfPO5#L_sZb-rn%uzvRH+P&d7E2F-h{49VE6j`u36 zgoQpTz~>WW9{V?hN|zh#Zn7#vIMxmiV>mtDUx&VRLo_j#9EC|Jj3c@ zA?-gN4U#q1e0j7;NjFs3PVX4dN-p9y)x<&{K7_=Zgl&CkYinJvKt?W~^&bf41nhkC zt;Cl#cuzxvhIdiptchAd1oZJS>73klJoMdvjsXYM|AtTvvD(l!-4Kf=9Io8rk1Ly& zxrr5N^A;GUauQVLC#DQZXSq;#VT&65Lwzg>{xe*2T@CvipA)Q!I7G1qvZpNN670#+DjT@v+`+-R zzT&RS?#`)i$fmBLV|^w2b-Fy|^1Yw!pur&wOeo8cj~b7ofE#>BfQ(#Xj@H`M8c`UF z{xzD?yFGy!v!c%k?lgcJ*Q6La!SNCR5XG$@@!6IUIjifXUjTkm?R)Jr55<}ik*cN1*QpgiIjLT}r+kj4LR*f}O zx-@Oc-o5lx^5zKH5pSj{eZGy;x$;s~yCYqJ354qZ(b&rQztiR1oQ#q)PAi05{T^qe zzq+L-ySwoqi)D8*mWzeotBi>MxBC$b(}1GJN33hHa0ZYyATV(0zw3b!_;__gm6y=F;>Z zfW+P6$D98v>iIW_QcX$qzb97Not5FFKUrykuUs7*Hzgc;hxirSaGPPov|$fwN6x<)3IY0ynnJi><1U6GI9kHa^a2JWBKB?d)u( zS5)Y%Dr-b}-ji95r+laO^#eXd21~9L!c?WA)uTEeGL?L%K{10eZ+}Tz2N!WZzl^4x zU6uHw_z!@f@=KwPjjhKFe7v^sAHe4V9n4Nc+kv9U2w!)1+iVLsSjZFHDoOE>ReLVgC zj%v$%;_>5ea9n?ER*+#TfBN<%KDh%m`@GrB=0v9N#=}omjjzeRVT&U*boi24+--LE zojTKNETENz8TP>(AK0^PDzyucwX_-kaAs@tCA7o$azKkl>Gnlcuh?rlve(^A{)i~$7TBB&*o48v@rdx}zhFUIE zo511d_NYy+?fFKBPwi`8zX~%gbAu__m-(lA*W%l%wJSw6-QK)8<6*md0_0Lde_(l4 zVL)0Aes?G_Uu1XfledDI>qn)39~m(%z|_tXy+XN+Sl$PXAL4j)MU^p1Z-;s$R3E_Pw)3O{O+(a-= z*b03X9p+9{Bm}F{r7^Pbvu||i>+l`=;6J2nJyDVo%G@OfooSUenC66KcqYMPT{GRl zmz4P@xz2sPuQ|9h>-n1yK}+ic{u3qGZ>zVtRhGJsz(|R=4{rmVTIlsm%9go`n(SIg zD&Jl$L$|32Cn5L#Hk2tmw~H(=d31WD6w15leP7P%@A%gjPaqZ5`&gYL=SL5>n%)=q z{l6nLwDZdbP{dxy7RTE-Tb<|YCDJMr`0-~l0fn)8pf%QLWQKF={HA%@$PCvdgoSM| zPnXyvQL@u`t8{b^|{5Tw) zfE#aY1{|XWf1b)_O}CI%hnIz#QM9E(fs^>oE-cJ%)2nw@#eLjqvNb2hCAl6PTGGA? zTbqyL@#Adj_jAxULS|$lFw|m^hxp2=Z|*98pxEuY7B#;%)94a^jG$%$Olk{_Z)S$2 zYO^X~9URQ)_0=;9rVzTSG!)-rUBLS0<1E96L7<3QroQ50uq>&9M-}rVn|l53$42sM zG+ZPjBb%*;L7UJNA3?-LkP_n2=@4;PvG=h%c4U^UFE2SKn2BnA|4|Y+b-~onf-=K2 z1BiwRI(Y(^w5!G1o{%X-TF#FX3f4}%%|7<{6#IV%(4^1YIW<0^>uOG zlwa)K%wwZDD55es?&U<}x_W$cBJbUNqtO zh(oOPPuh`sHWY45QtrTKT|F~O;gh|(Oy)HWzQGV#?&xMi6E_#yZFH3;8SQVjGY_?|W~b#7CaP-C ziJ0D~1e+d#JDmV{ZRyY%ke1g7#hiUoxc`3p8+bV10QWDJKDx;RR;AQ8bBuRpP~|fq zFARtdqCUM!6g)zzXR@Yw4Mxu@3(9063Pvte6V>)oDs=`keHWN_#>s_I1wFSj z*Ygy_?B#5x65Kl!>F6jb{e{`ccm^pL$gq;}XCkN<%$1%s)^TDFQT}|8$>wL~={UnH zI_5M@p6$)(10Lz>Kcewu;7+K>_YTN<$t;A{A(7E1Tjx2#sQx|>w4KHgKTb?O=kSbP zwqHy|Y{?Ig!rJXSpACP5-eUcEa$V?*KdGG6vUt*?VVQ*ElM_7uvum ztMHhyv&p6J!Zo})blwDqC6(yi3fG)4Q!3JYiFnuBWkC$^Vp4*&=*q*P`H5!@X~2Fj zuuj6uRc}YMg<8{diqY+7J*%GSQf1zc3C1Vl7HI(PAlN| z(tqKMBy|U6oh#F6V`{Z%9|i#v3Z4bTEo8+k&JIEQ73sQ$)Kt7Km`1{x#O;u?7i6j3 zUcDp?F7!^_sWlW9ltT>nR7OpQPzV{^0fmyphqljJaUJ4F!?U~=HswC&xXQRKdHjC> zYw45o)I{^7VqwQL5(35r0wBU*Jn@q}Y7@)(;mNLL0-ZG<_tn9l^#YpwPGTpo;MuRZ zGf*Ngg2l?}O-(f>^MXtX^&a6dSmnHh zTV=7uz0;A91R}U}o35$|?q>CEbFd2@?vI=zxfqxeR#RRM)sb1xB3&Q**(GYKo}-TF z{6fR;IiXYJ#PKY)lds-76gonTGGk3Y%{k`-v`K<+t{CVQGh7`d3H; z9u}D+Ng`dS@gNH|;V==!%`Ai>V< z>_jn>kZwxI+iIH`8GLKk*pXq(U&6&3F*m*vF)G$8Z|37?Zx7332XWz#!&_f)(;iiZ z4KdnZ1o6_scj7UxCiU8xCG4n6^gHTFr(N8+51PX^qV80{fSm{(b$Ox}K zn?;ENJ(U%_z=@Tyd8(i!P4{b7bR5Rwzyqikx~!7?8&fn~a$P`m^*?*nNNw66HW-*7KOu}Op$tkb zk^Hd8Pd!af~Z@zAnI# z{mh=$C8AVgRbpbgan{O1-?XXxQpfcQ`1=(4Dk8zDR(46~n~{`Hjju5aaS&k22vtH8#$% z-%+ZqVyn;eXjZXJehVU#mTy;5@(e;Ub#-JpW9jAQA>b20!r&{b>NzbT?lqFu;xQA%5dleN8NVQDr^t^M))YT&9wNu)QX7KfrefxN zcyEa^x2|HUyh97+Y)^bM6w1VHH)Tu%GRUXk25^;_Jz`xa4@0ZpMmYKB@Z4FH>X|!{I*D$h`FW+c0 z&k>p#bqt1V7TXQ2Rih0l0A}AEf4@QTuR-Y!IT;jgCbAVU&Xo)aqvxdLv@v-M?<0zr z6$X=RZEEdgeit@;A>3LLQd2LKWR`0ci!!yRVDX+O)|I7wbR-5AE-y0M+D04Dr?h|V z@hix!F;RdqSL0~XWcZjxnG^^;ma_YZ^uqFfWL}r8t@-cGXB!{h7cvuynopK%OXk@fyBydy_APJ_W|v_0*%hoL!mr|u`kMa zJb70^c#1D1@pUp%R0tGf0Wyht-nJ2J;3gqLs$l#~_tg2k%{)NT~i#d)FBi zRkCiID3SyuH8et#B#GoGNeN2M+5`asNp_PnDj-6WGc=8Y5}FK3j*5VQ1d*r`mE0hR zWDxKkXLOwL&di&)-gEA~>+-KxpLOb-+Uu*Ys=l*p?{jFim=MrT2wzC=T}uaoh)57{ z;^OvK$8uTx*ne_*_#1pFzdv~LlP%isP~?6~oFiU(X<@vT5_4ua4zT-`f(f8JTBy}` z>?q|C_i@ffDLi<+>oUcVu)^>xB{I_D7-Wc(J3|8|q!>AJFV^jRoE3;$Rhygz1S0mo z@Cz^LcOPoNw$k(>syfsSGp^LRZUDPFvI!f>GU6&WzaOJyK#FEH7rZ4zErdfs>hF>_ zg}p573MhH&wkCX7R4z2(9LHE42_&)S1HR|3?mqN zS4%Yy<}H__s5{jUoT6a!!Hw-=*NDYqtmeP=1~-p6m^R40MJ-!wmESBQzf)|Y^!XTT zuaYYPX&_IoRqt_}2yo2(7$ScwyhP2iRzea}`EREl{yhsAzm0{jJ^iu&vVZlS&0ArQ z)>b&*a;&vW2FQ+AGC>MkBuEXe$#OAs;l+?(zE+JgWb*sec~V6Q`>i^J`@dLsnCg;t% z+_jSRxSYngf3CH8zn#h4=^U2>bV*dIio$Lh(9hKO8Mu&)(;dVgXzjeTnU9{hsr3;u zktOH3`w0}dVVcsN6v4NbW5oP8^Ao6=!`4pg!O&jZeoBS)X8z5T8}sYlU+al}u8q6U z6ZZmRk<5`OyFJ~h`3q8|qs{yq+J8WI_yN8DwXHD~^%u(^{cS41UjDmK{ad`Czw<@1 z9?$>5eg1>d_pj!1lNvm=AKvn1RUWGxH5m~}BxoO3LL>Be{BgAlJt!#A6xIlJ8bR?vWM9HR|U!sBWPh#XJ&bzwaglW+T5$>K#P2KJA%8L>2gN#lL={;2scoZ``dr+Fj zV@0+eA}+p>@IjBoF-x-MabZqa3f^I3hnO9P#vctQG7V38)rT#qxTb?kqAY`h11q}W zF7d1t4%x@puLNGbP(#Z^K?WM5mVLr>ip|Qr)EBJxrsNd!^UJ`}IeJ&7!3J=(yzu|O zq5Aa#_74_wIP!j(KHe9vaMXA`AL+6vYOV^8ck4dRGv+LbL}Q?eO(YTtc`_5Q@_{$y$g%{!J5&Y`(CfOHPoYFo?lm5Tkuwzi^ly?57l z*34R(7YTamPH5%sSWbEh8Xa^@eRj-dzTx*0aLhLO_;7kRh1atqnqm318%t50?0C$L zDVc73BMC|hP?w_O#dZ*0gbEAsnp<)33m@{ni^IzGd3{kkV)dRkN0KH2jbUjcY7^rI z`nGzy@hcZLgrl76IyCMMMaC?Wv&5&m#3n1{R$Ua;<01+TgMY{{2XR;W@8U}=wq`od z-);?0Lg)C5)fRV9#RaSmq;)TM|+={g%st=sQJrCd#jUWYGZTxDO~ zQ2D9yNjj%fRBj%N)cN^1s04prEF)itAc%rAWVXae>ZF3!`A)^A`nz6ju%{LkbTyTk zx6|>59j`VUU`<(ad2=+SBHzl?nKdK&kADNJtU&wk)4*0DkbAv%F@nP5b~q zc+2-a=+A!e=^kg&0So!B2OXWG|3+YUyM*7(FEXJ3&IAbPbS* z+p^$u=Wn%?$Y>m8pdhyxQ$Yrr<8U#`q!7*B6(Di{Y5!a@?m1Rvu0mxv=QKl@54ljw z+H25Q144#Y38g9ukqfqSk(TSHO6FF&Qg(zDG2cr~Am^aMa=HYBNs_lOXE-!p52gll=ouNauT(XRAKS3$@kF~|P2-PhDT_tL zvJI+YGp*XuTs(wKtQ1+4fYO{fh#W@Pu>dz=qL*?MY-;u$UbDGv1~W*iZGJvrQ6LHE zS7|E2Jn2U09|&~SmNVx-04~jTj$Zeg-a0m_t8}FF(S=VSLlZ!J*I@Zk4@s>i=0?7; z2Ox+i0VRVV$o-1y*k;ej~Z&!guz=# z@yhWO#XujdL{}ZvczSCq*3%YMDtNv1%P+KDGwCt`KehOFAdi+_=+BG@(;|y8N&_Iv1>4-Cl#l zEkM4*8SQ|UF7aK1`l;WH&w859=ujU}J<$qvyP123a?#UXes!emVW7^O)ClxXH`# zk3Pg#@L)Ag-LtE7(IUjsG5KIC92BEUfA-o;45jl`gb}wI?u*K07+8XvX{Szx#J`B< zhLyj_ap}DvJSZig+cS;RR*9s_9H=w#mYsNqfZ0ZM}E46ZZQfQKUBCAJ{1nNXcNUHz}zYZ1CC`oiw z1+F>{<|X0yV7*rs#Ba!dv7*C2B_W}c9i^IIY!Sm$t0JhFa#c#1m9Xa^U@9wa1!^@+ zqpS26lhpTx{~xY6^_R*)M>@oF;-XkhJR_ExTCa|>d0!CMqU0&2!%GO`u}mNZA^pjf zNmnUJ_eCdO?;6-R!Zjl@`C7SU!k<`$IkZVKV&j3_ zUVn6ev269FkMYxwV?zc%miU~RIJX8|9{uR>Q7<|`%Y^UxvsJTppU1B6RZ{0wBUja) zZrij!YcY)>O%oT3(`0<)h7OIUwHDODAs(t*k5|MJQ&rYw%xM}=aXro1#;kNDlyfW{ z%}>B&a@1h@_ag!yX;dGSzcJ~URP@g7(1DsQdZxa~rl9C05I@C28gz~YQc77OOE(^= zSL!1srZ&&m)4R_kqr7&fdX8-7Y4V@<4oM;npA*s*QzyxB1mQGwwz1wHYL`EEUR|ee7$kke zd?)wlb9gFzvLxBlQMouPLrLkwfNe?yRw!7BH3K@AfQKYQ5#Tf#^;Xyb>bt3xfb=#z zgGk(IAdE9fA;y;a9P2crn2(q?=eEHuxJV& zTk`F258R1pdK8zk;JYBjrm+GSb`&!BEUT_R5VwSu*n1LZhc~;c>LTk9txAsf@lMyH zIfECVX=mXeGQKiM*-oo}$6s0$|5RlDo?H3@>fJ%1#P9T2?b!)g^N9imxsO0`ty`gM zWIt8EOT5g>cQQ8LiA)UgxWm8@0VBU&Uk?Vyg@i#%wqO!1^l3!1#=b7P(8}qF-I~(U zE4#<}dIk|u^rvKP8|ui!H&pE(#x@h=bkkK?U=H#$422|qX^=a=RfUu`UF7muaO!Th z=%x0zf&H`LBMSGEHA9V=eVOSiFtN(kpXi_una+L0CbR-~g18Aw(tz)M7o3G-o zgmEn-W9`5fi6{clVHj;Pz7};bfnZR(EXiu`-pqSufOMWYGW1j~KTPd^JTbuMg}@d- z6f4qYUE)2KW>NX29e0Qn+YQ<|1tX+EAdsS>2goofHYmr&NDzh)YT5@swBcY3bBS-# z1!moJVlT@+(USKb2U0t7?h{TntB*pwN8r`5v$avwD{Wa0X5&kHZp(Gcqz4yYc#I&} zy^FIr1gi+Cw4d>YSL%=}P@ypCwzxXv0u*CnWcI2FZ%=|b(PC^8&$yLlgrmtNxcdp> zhY8cEG7T>)&X7Z#^e`kR%gJOpM6IWVLcU!_m#%`(g+QpWfzOukv_dst-lX@Nqln#} zSZxO6v|tMBgSFqb5di!lU-|w?J;TfAxSXZ}?+Ukmqk$97%POD|h;HPTe*=~LK;6tbngX?fO{l_PeXo>owIVistms+v?7|N3S#GKbM z|7!`>`Miv$xT%WMlw8wSP)DGzSfKMoVGfkTfU2|hpQ}25Uh0c;hOwpp8q&#^a_paJQvc__J(T+>X@0Q5rC=4w7IjN-4Zb>C zE2|`&VIc8#*7OXI4*U~nvX+sut~yL7Vpwgmr(1!bt561YckuF3*_*Z*)1ymOXD+x} zYAd+%9=m$dUAnU87IUH-Q{`MJ|22Ceert<&Ez3C`uU9Nri*Hqqe&Fbi{L;X{@`x1ci(I;Q#aTOEPdOsb_a1d^m&@)eZM8>{rA z-z&Ix_^OAf9>(h7usTduhk5nCWVR}6C?Mo>tBPl51S-lkocMj6;b(3+(hu2-4Zzpd c1$27i)HVh6i*zex<20tar{5RO3V(Y257fBQPyhe` literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/forwarder_config.png b/docs/images/hedgehog/images/forwarder_config.png similarity index 100% rename from sensor-iso/docs/images/forwarder_config.png rename to docs/images/hedgehog/images/forwarder_config.png diff --git a/docs/images/hedgehog/images/hedgehog-color-w-text.jpg b/docs/images/hedgehog/images/hedgehog-color-w-text.jpg new file mode 100644 index 0000000000000000000000000000000000000000..f095934ef3ee042c3edc6fa413b45255a9ca86fb GIT binary patch literal 34741 zcmdqIbzGEP*C;$lOG`f65{*#4@e&nliuOP zzdwTZyCpgX&Rs)dJY2lHyZ@JP`vX9NgLaB`ijGDCxJQD9PJ(vZ0ie4Z31!Mwa+8zpPX?uLhY=6R1btt53=^j_Ta`$PPyFUN5 zV*m!`J#;KI?7N3zBzF(d?s~$;#z4bF`(rupu1GK+@jj5&a3z#|z7=36)bAN{T|2|5Wt3UFL-*Y^K0z@B*4uff3>$lA*Z#kYJoX1qoE z4nU{KF%y~u$BDdr;c7S2Jlm)VgeA!8R0;`K-%om+7t2&?z>&Oiz?59x-R54;0WTFf zM>2FE*#t+osvXJQ9j-+hfQp%U#Utki4E$bm+tEI+x||2vJJ2>pmW%nE2H&uKf{C2F zUO05YjVCq)Goo6Fd>LpKXd_(d+YC4BUI&T>l2Jw0E6aTNgSqbtDu{pdq$ilt7-?vM zG?E)z-U;(zWBx=D(Z~%^SQkB6uhmjbdE)DqJ>b=$Hn0mtMedS5>nP#;yZ!&PrirWY zmA4=9p!P-jN%;oUKc60CexEm*xRQ=YWcIfHv3`yHWWgz&MwLal*Y>9?Lv1A`TtdLS z4D8c4uE&;%PmwzUm(g!CpJ?z2YdZHEw~k?a5}9hOZxuvjBQ?oXaH4U7cm}q#s|mfh z&MOwQYLDXCikw)i+Dn5J$AcG$-nuu%C-4PV(}dTbpE^Sk-3dbNy?Gs1P0X<|N_kUGs=%TnT`}MhG^6$wKwM?(ys<@_ zQ%ZeeEx7safW4GrNflO=kvF=jkSyZr)lKI2y#F25I<7IS>Lb|gEs|!sOElo4u04y2 z_@+=48G&vVFv_7(3OSTJC#E{KC9A(1H}z%cs!Kb(n>!gta8bs7;Y~AnllQd`1>_a!~2Yh5K39`Ys)d=q=!gK{7r06MPUjeI4LG zmvR~}wl0FrlUwjwVnM}w9hFh-jvce&o-CfsnI6U3@K)QPd=9e_DECD!VOJhIN2gV} zyLCxn=At6iYK?=v8$3#6A(WPaw3%yWvlyGWdOG`*J)bQ|Wpq%DzAv;(ILFm2wXV)4 zN%$ev54`P*YJI1bNU1k0OtVvOO`bSuemV7Z(P<2t^;BD!mFSn5piy<8J(4>%Q{|{n z#lISjQGccUe4UzHuJ)ZpfAi_dYzE=M(IM*5=E`ZU_}jb-h+5XT(83enf?)Jd1qfxToUoW8Vt(*hC1@}C}g z^ODji_eNeSg)Ptzz~<&Qn(Z%x7fhHgG910}bG%lz7MA^0JD?eq8Qbsb7a#oqCA>{` z&{|p8KfLhfsG-LBzS`OMRxCzxi2Q8pg*GUqNoUm94f*y!=s-Y+hBqzWz7D8fB2fZO(xP>@3fhmLV>A>HEMEx>mAO_7E^?NdSYtYMr-BF^Yh&wRqvp0rl%ocD*v-2y^SP}i^AMcFqO&o=Dj5N9K^hx9N^9o{OIUyS9IU!PI z9es|h4{C;HvRX{I0^^pkT{yyrOyb?|x4-RHyG^a6dh9MpJ{Zryx5=I|lqeKvK9Dyp z>aFn%}lyUjG6}y9+Mkl+oxO@A!drCaH%DfbevKwERf%|sNn2Hs6?UazK zNq#hH?`kr8#;hD%4e&{(p6ihZ3PM3 zEvP};^uq!wR!;fV#Muv;6%I?jO)!4qXMAcR>G?Q!@W?2q24*r;c|~VKAlR3bJ*peL zF)DUuay1~ygrJ=aAYQpRySN5!*dnA3TqLv9O=LaN3oWZ)@9GiFvkhZlCGP?U3bD5_ zazErfpGLQFGdk}I)T{^c4*0fZE+>mEPr>UgA-a;{aaXkbQR1Cf9YAOIqW5T6Vy_Up zl0{V$GmaA~g_(tpcr*K7FGTW+jESDf%N9xE`$V`#F*`nJJ1td0+0!PgHe5Rzzzn~k zK&YYET1ZSdZ$iqhEf`-p6j4zb=GxL&1_=6$!R$A3jK zo5qlRK)v>A43t9p*xlOP6F2TBzNH~v>K1(+0Y>UQZx@VXqfW_7>n;UF=v8(>IqUUgqbED1%pc&cPrz9I)dy6}pg)rPM9%jZ+K&3D>Z=FM?sfLSr7=n#e=O)bfI^8mn zHf(ykfJ%aUDcrsm#k;3hGk4$_-}U0&J)EIcTcbBCAfFN`GqT4v0u9hixfoDhci~YW zQIk#LPA0_d%iaFg{cro5<8755Vz=2Ex`hiZ46~8pP*&I^()dh>vq>ltc>i+IShwA~ z+rNB^M=>Y2YKjJPmQ?+nJ61tl9D$Ra?uDYmV_##hr68yS$P$~WM=EiXQW@n)R6Hoz zgYp_~lXB0%&)fW7U(sJ^#HPA4L*rkN75i$t5a;Q^s}M;;+hita-2=sq5ycn<&nTH? zS#0vlP5_Q6@{pR0|dPY4}Z?R7>@VpbAfzZK?sYBM6eX>?Dny$aulc zX8{pY*Wv7%&pB-RKU%>wI~N zDM!o-mD7yXfWEEZB_CCB%H-|%yS4oj2x(iHRBW}gGOy&7g*>O^Kn2O%nG(BsUvB)B(jNug0;VK(jjXEM1#)K%Z0ndvr#cTKWwN4& zAxqB)K~#uK$!%gRJ|ffHt&gBz$m|^7t<>vVKv!>rihmToe3aCJh%Vb>0!^e;t@f4A zrD}2UX+&Vy;g-DiOcyo0#euuar^)IVV4a=rVC={+Du*AP9$jrzmT{?hgioUEqjZ`P z7G-=~_y4myqgQVm`m(`S$IZCNYAh?|a0CfCXDho0@F$ zuGg2sRbz!VpsMf2n&aF|DuK#{96JYsw1h;FWzVEzyoss3jY*P^&m<9ccN*?%fV|PbuBcD=po1ETOvG zvXGRt{_rr}*Ju+F&n}3-CBrDk;+5}T)TbmrO|N{PbzHdE+x$51S2$nCb^xR<;PNy@ z1uG>h)*(V|SMAEW6l@RI2rd@SqVUJSb^fJHPi(5}*Srv0w}6FokkiKaCVaHd8))Dj z?)*370cdHzW(h_LW$uK3dD!lIyn@8ImkF05D|Q+>{g_reo$>K>PbK=N)@b^wIv;kY zl-^A3TG|Scps$dkuKjQBzu$MAU*=yu0@`3p(_<<?a^X8&ZF|Nf^&-v~-8Gg}-SUY{&Aqci*9GW7*&-!Pa{LbX7H5PE!b z)AM)Ba?;(8t9PF1X+fRMvdep+d{Yq4qO^|HJ+#U=}w`t^1U<$Lh54U zmUagW*h`)G&<;W5{^cnV?c7gNS|m$m<8%OKL-wQJ<7I3t0o$P(d>d(Y$9flDY+iem}x=o6u+3mBDe}bS-VCUEJPVF}~~DpCrfnw2w?! zCK#B|UA(CZ;P!j&WP@|>)svO(swjpRm(veAx81$jzWd(-zDuQ~OpI3~k0M`^QM~`N z@xPWBW#H;l(IRI~plE{Jqx51)4d%D@zD!v1&uTk_pVcC?g#8~*fD52LDnCVPK?o|o zsmdjais+h(uC9tmv=WFM0R1c8_JXLWJjZnApJMb*#nGeWx)qs%^t%#-)8C=RypmC^_u~rSQ!y&F_&{t+=d9%)n*ahbV(+=eFmpdF- zzW`S^oHNDVZBzf1lgH`yrG)eBqc8rLmMYy#=FrDZz6z3z8{q9Y-X?pFt4Sy5u6=I( zOBZ$~BFS3-!%`eOtJi`77-eGv@;SV78$u_mGpkgMzcMk8*AJpd2FN4VeEP**YgRQR zG7DD&*W}dY132wd=q7?Y=xiX zbz>(ySyxe)kLHzNNIu(s7xd~{YfN+8!Ie2L56Y@N#~5$XwcPVdgr?(wKe*ba2eZTP zYq6eQle~UZa`>kXIS14G-Wp#&{RckAVV<)opvrbf#=aV`ARe0(P(jFq8<4hIE(D*f zPYXwQz3(~IJf-@DEXXxLkp5I>a~NMg^@hB;7W}=CF4F+Rx2@YPQPWx3F3moSf5XZk z1irmEvROw_NB@ETC1dtkd{Tny0v!#tDxEY>UO-i69-IuKSH*#EAo0YnY)NT1JUG=C zw6R+7l{J<5#HJ>sePPtsXwcNEopOs#ccB#N*nAgWTX^*(bm1-S_`3Xiqg4yIQ~KqSQD_Qlv)epJOSt51k_GPqPda9&89)xAr+wa8n*q|k$6*vTnM5i3xyXMl zJZY$DDXOnn_8Dz#ZM6h^%|eJ2QFXx`9512jAEdWyAXbQLTUilC2KMj z3IQ4+`&#umxW?n@qs%v_qgaW^LX%GdPs6*$>IAxqYr$aur$p}Btx2GH?^?Kc+mey& zXFkhR*TEEnKfQg+Gfd)o{oQ!7LLzGRQNJpgLPeN3Gr zPUAIBZ$?PPNqF1%G#T9AkIgMsTeH&FT~Hv7^qxpHZ}ySE1qoDEZ?y*DmF)hq6ByoY zSv2^qK{RTdL5u3sSo6M{+i};JVVj?B0sxosHR)>E+LOiw^@Rf10-`i&8rJ-Lb4+DP zrda%gqljI|Ro?JSfX}Q^XFbz;JJ@w!YoWA+QZ&q7!Y44y;HmA+W9m>i-%Q4%sCQ!h z;;b1e$2%`Je~no*XC^%sk-NS|X&$i;blQ{jQBTy%D*Q)A4wU|SmNqU8_K}bWC(9)o z(`e8bV+WuyLHR$+;m|WKzw`OXDqq+VC19QReU9#ME`+Omkw^C!!DVDIg?cJTm|jGx zIovxao`Kh`zbH;C6`=81+DvAA$9d?@!9}AqHwxcOc~wy@IRDI;TGY*Maq8MH+>Zyo z@l?cVNYZ(f-H7_Pkw9pI({qG#^kRn{-R`^INc4N!eXetQOQeQ9joO`(ffp-(qb&`T zQyGq=3F>a5Eu$K6>@5dg!RDW`6(zc`hF1D9yWU)CW_m_Wy3(i(wVf@$3p|`jtAKiR zmpV?Y3}XDGL+_Gix~ZW5rFx}QIK2bA1!SoQjG7e<-vYMGd{8@uI{SBv;l7K6U6+U< zxZR%Vyf_Mx7cfUM&Fj@vk9ijFp;#bdZD`yBh9!DC_Uf4&R@J&=ea!oGNo?y3*<*_( z7*?-oeaU*J;HRnHmR=bPOb5W4H%TIGj`>{AcJK(gx?c%f)@k;t9HlNxWV>H!iw?iB zFl2M+%p9E`)AgWP$gL=GKTwSUU|hZYzOEbK-@U?d3)q=?`{abjf@}Rr z*ff67zyqRJ3K}+q3Tcge?NuB`wvCvMi-_^@MGm_|1cyM?%W(~#)v#})RP?=ObdtjJ z1`DxmzYfAf6PalvFRHy=ToLqB8j5kd>a!;m@jvwBRqKQxU8`U)zcS~9^V;a^f^ZhO z1|UUw*ZCP#Ug5bdXlHK@aq&`pHF0UsJa47mRUXWgP%~S%KWzObq1$dRJa>bRhIw?n zis||>C)9LOR9H^(B5GDtnDZ9UH+n5thPCle@XS$s))i=b4H&@;Q>~fn8iY$vVi(bc2Wr?Rs z{eXU;e|^l++#R1(K*c+B#2p9=?*=#1byj>1q{Ntn+sh)$x& zq|(F2J_QlzXgan3v{twMl?;T9y+HA3gOUE27sbQG=^2~be2r}khZFA z+Nb?ye9$iZ{z1mSCRn!%>a!}z%+m$<5*`xp#8&a(`-FZvO zi=1au>|1mDBu+hx_D&afr#bJBH8xpTLHe3UUW;@VR7=V}$@5*gLhHHKj&N<(xm<(vsZ@c972L4m zVhwisXh>ZiMc-`5glxAhI!Ng~$&bigN;R>p9vt^htYe+>l+Wf@`t z7+!2{zOnJvR5=(jvlYzpXtXsvjoc|ywdKGNDlDX;!#|tU6sd00O%*AIIBhMjJ6qug z^_*!r+io7goAzqPof@r+&6ttjT?!rTZx%>#=^V>N-p}%0v9;103-U8|^Rer^W zbm@A`c`TGKaeS-Z7knQtKeXI6|8x<-mb}*ETruk^pYmS#*pSaQx1yQVP30&11ayjR zX=ZjxBBr9UlgW%WlE`vK8j>t0jp4!=h{OIMr|%CpgXkOcyVnW_B^c=bf|I6;_Byu! z?UCMg6EcFl>;TQ#4W~#b>M#M@56|Jgk4m(G!kBr)Ws&0ciKu~fy56vORE&YK>3P$} zkh2JL#sj5B_X--9kiL63T`RMU4T!$v^i6)Pm+bW7I+ce~piQRm5~2|A+Qa3A0;KndJW2&KhelgE!1 zcek92ZClwm4U`w0L!1ep>929KElMpG4R}N1n+q##+E$!B@{u=~)}4W-R{PQBPbsri8R!cktqofMV0CP%^u&3=qPeJeLd zP>-t`jwxSa=uYBHttj&OX1k|j-g6OWdd*tI(UorBdg9KgpM=fvvHld~CifPA?PphL z_W{3wzjyCE>S!C*nYlp1rF>_}J+8F)?Ra$TNQlT3*s4C!Ux}`NHh^71^F1U{A6{W= z13iIye&q40n$|DMaIBMUXY#ITUu|w71pVGvRn^68UU%b4WG3E>!4bjm;-TV_z%0ca zjHq1LyjPJ$+;@O#@3{pSA&m^$SE|){=^Mj5@uDdl( zKYm>Evg`EktkndIc7l;&sdhT5Qe@i4TYH1X~83+&D0O3l;tdqOG5arII&_GIMF<-8!G|O|FldCkM-=5}Q$1?LO_~I$ zp151Z=8lc7d&1wCuj}UaU+Yjec4Mj)-`R)(XD|R|e0G9{tCDxw!w3~6$1r~Ehu8!9w z2(R}p3u;$LeD$(=CXhiGW(+A=!V_MjxQoad-ZajUmw13nNdoKyrsV0Qrx--(Fob-$;3&ss1SpEX!*kK%Z@Gr}&LW#(3pEQm zTyzd4!I{)}%EC+9Q=cjk%ve5bsl>CPe4-o_1>EgHT#5()|n{fe6|AXqI8z}LAS3?)dIq_wNt)o0Yy>dHf?ut zZ?G?w=u4I1>jR~`eLgD&+@7ZahKx3NHeC=Y&pnN3&6FYMm-cdSPK^RxO*@Ax1`!oy z%h&rF3nMNq9>rdW&fU-`-n2^v&drp4;M?ndf9PI&1&qB84#3#cYa<-+V!$>E$O1{# z*&M2MzGeImFNjcFyDB)fyiO@g+YDs-h?S7^MjEZNuiTZNmlPf8;bXsXg#mxtNUGAS0kn)PP zVdn#3R9=N{r){k6ry%vhfXV}+9574@m$ zyl(+lgE!{L6C;HGG~3Sm6iN$EXsF@L*xfdM2R5nn^Yh)^iz9i#>Phyw=Na|dM0HdJ z7$&jhrP!Un*EOZ&))_1zWDAAQzARhiQ)Ya)>U@mi+%+Ar8;|)Fvyf|G^+URxE~)V0 zE*B~xYgPyEDE({2{G=3VWQl<;Bgbo=A(xT>N(xp$SKMDbjk)ez`640MF)b>1fH3PW6rcL z2QI%D@TfoC?E9}(a3JwlX%P;g3Yo<+1HtljIY1?P5 zDfz)#CTLyIOV-UxIyeG3>EZ-_N_Q!^1>n#lb@uP{h;j9XL}%5kn*uOQc#RM1eyZSP zl&jg8={2u#H9%HObd5D)YU4D?V?X4P_oCs*w?CctKS!&A3ec~TalkA+(-Du>5ZO$w z{kZY9ow1eshX}-^?U;8sXi$A6xvT*UiLpsgJkH27bCFBn`PNU79=R3h#r_SN8}GFl ztQ*qJ>_7;Cdk5mIOP`p@goeu%h}|4eM%Jh=W5$RSjsV#O+V)MN zz+(u-24@i{`#?v&NWk48F;TI@CiC;E$h++Toke-12GX?8gR>%bkX|2_*Fb9060cC4 zP!L|Q5G*YgB|IEt{8oMjrg`o1#dyZ^r;b6t596Ju8iZEtRxFyl)b?Xa_XlpEy3|gF zxxQ(0zFlXG^KgZ-D*nW{qPhl6Ry-?(1e6vo9|$cE4UJs6dNr**2YFnY^|{j4n08EZ z*u}9{m`lIfo?}>jvEU4|kS0xvo41`wN@Fcw6XG!8P}0m24>ur>CHX^UW9H4S{+x5D zOdjSxqJt+^Bq0``9T8R())JaGS-pfKtI!C8P zvyKuDjzwZ;#8h<`=VTqZ#Qh><3ug|P_{sm132szbirN9gT7j`ZLzg|t!VUh1T~V}x zIYZ9$`cx+db2?$o*Rb_f(YMZhbC*JvZ-6nQRml>`4ojL4_N~}4j$LIh)t58fkCvyP zs`ONn;3}ZOpup%w;-f@x5_-)-*M2XX@{<-n&QCRS8XAQRX7I;)MpKq4dslE5i<8FHlie)U)*fc_f5`A zP<`=hz3$BQE)}RKW(hjihUMeI)!+PAlz>>ZdyJ)lG@w>C`IFJlZ;`a?uWue987wAa zQcgZZQ2FxD#+glmR8@fuhgZt|NFL{XNXlpNY)6?>sPY>TxQG0No)4;tqG9pFZ{v!Q z5ouVeqYFvnf`8nIBXb4X_DFJx=r30I4B9kD7Ey#2*K(*W*`5hP!)~50n-_mleCN;f zUGckgkMWR-YuJh6zQ$s#vZ_sev_3B}u}jd0e-1n7Eq^_*KlSxRkyJRQ^OXw2Nupr8)Y;x7*PqaxHlms>^& z*9?ka+-ZREukgr_rC{(I=`6uCefx#4^700ceiWl;(FY*kMj-+qWtMHi-}C0w(*r2o zE^YxCQOR5K#itpk$L<$pYT=m%|9GLILPcBzSMO0*7Z-{9cRtyG=X*?VTcq4rUwpFK zVaX0K_h(-$9hV7nxy=`-GvpnrmSMH}icKj})nf~HF?O67;p5MvF1 zwtR2a5M|E5qOK@b1p!w4-o2PwWz|MVt(FtWhlVh%P7Z4R`MO&`KZ=VocYcMR&|!L| zR+s1bn7UrkQ#y1-d$H?FqIb5~7sa5Vk=b;Q?9!YkrhgKOu@;7H1{`(qfHtVN%R2?o zF{OITOYK~vw~UZG5|5*H5s)d-OUB)2sH`!0R|_1*Wn-1pg$KhnM4thA=Kf6#5R7BBK;oVz=}aD!rQbmy>d=+2gKjCzvs&jGmS7aJX~ zf7bdpCStij6Ew3rEwD~}=i(}))&H1jjzZ$Sx=K8aUo~EMns$-Zp!TyKD!~-jefl=l z$4$J!U7R&iW%%o)x@oKw?p29f^6XMYydN@}39r!TUqAl)O4!wKGhX7`pi?V`6>(6B z3>ao4HXM}Cn0ug3dJVJubgdUnLPtNCyI>9f`*eZWWm*CXS#yRY%Ou~W4bb7pM`q35 z^h6mMd~8^IN}1vdNTiqZ>VEX}M5^TMqLAQC%7{^oSwDNE8j-C1T6Qrx!EY1iH%ONn zox_Ldni|zJPoH2)be*XNPw7nfjA+(H913QwHMtCV6NY3cCJMB~i0N)uj~*h1>0_CZ z_d^s+8;u;BhKt6pO1IPzmOm;A|txhd54QR@# zLb)N;9U~^;=jK%t)h@5=`>7=TD=_>w$_^f~mKZV_W!19f9X2#d7>=ao_{tQQKp z^G=i-<-|A(>_>e#3aN9q6&IH}csjd9JNMRBv>$}@N~J$fU1$`OR&Q!7lT50fcz(l` zxs@I`zy0o)mQ*1;bbfgYI}k-t9@PG0WEsu3Y6!xAWrU=Ar046%1%5U2Z^QsHm<#QW zO3=tal9$$hX4cL>@jNlT$EJA0fK_+8?d^uRkb1a>%$rc>MqDb5%NNhtc}tAV;?jci z=dbSPR|&jq6;p^#?Jit_s?m!#l$Nr3Em9ouPMVnrIy8@y;*^n9S9PgTJqyPV7!zgi znG|aF$0RAy)rLep1u2S)YHI6M9N=>)?>EEuG>q8b)$A zEcxJ7aIgKijsC0E^R>apwKWh%~}ZNVLvGd5Z!%SJL(MsHdvlT zU{cI0)B5Wt$-^3=FU=ok?G0PoVtv=1?vdBPSAnQc;Tqb6&NY-zi|%^LJRTYneNuvU zb}k=1+4YM56i_q#pnnBl@;bJS!R*v^Wa+#=6$3#4p`xJ?gbQ&&xCcxED=xZR8BVMSo0?-)Tkc5eafRizD58#p=B z7U%RcwA;v6dgX2cu_3}y&TY}E{&=3q%>@%v4$r+{O z=2I|77WdpJW6?fLjaRxd>?Ghv?;oSMAy0fMlP}nKOb2sY2#;Go{i&pvl@$oNm|v4D z2N?xyOK0uY(CJ)jKvFh3hThjFZ&sZ7rkh_|Y(+$G3{Ti{H#AM?(PqZLXxh-ZxG zVkUFNPyH{Ob_vG8Jg0wFVexxcM>Yj9tnZlJ5=tMJ*?q5e24n{W@=l= z-XpO%0-R=|w7p}vZLIpF@cG3Ozex`+{bsyS0YKqEyC%DJYU|W}Pu}1{a2+;U)laT8 z@|T4EyBYwcF%+D|8CQ#%_G>w(KfLax!SiQwjfnBa{En3ZEF3o$Tr}ccZ83mHH!M`4 zl%~kthT_liOX6pP%4d?N)#I04pVXnJ%SnVCP|gmZB99Fp2e`ox=VKYdEJ#UaDHUEj zgXg-Ohe>233YKmGLP6JC7Ye_U)c50^(-KfMu!EOxg;*!fS)`OtE9tr;JX0AcMYf>n z_g^{@FxXTL2hiOGB!&?e9&_o4;6+Ik)Pug+rJLpIPeE z$$LW5SdjbW>id3U`@C+E<*$iUpHQft-sA*1tS?B}DJLdf_g8oq|NhApML}dk&eW*w zA_Li(pg;^Rh@JW4^17%HMd}Ui$XyI61yM3s9H@^F#3lW)N`nBH@1Yt8{Ld=uSwyp} z#=8wUH|s>c4Kjw{2a3N~{Ir3Fjq!eBtrY{>UYk6pxiXa|qI(f_4Ki3L_jTEGIlotJ zHDS?tSv>jn;^-Gh&AvIs-9%ZYG@;R*C=`O8E4df(6t=3rcHGe?SThmTPgAA3*H0ng zXZ&;R6x7B4lcH?L^`=+W|iCsq&E+IlCdFahq)UozU$CrBhpb)(f zSY(7?5zSn)<=3n&QDr;O$F8OAp2%69TpjGI8f2xU=r+QhZc zng9j`7lsnjkg0GxUtvolw<~HgE1L6cy@6p}$F%|pHp(To)~4lk_i;WAXO4fqRIeD? zUUJ$(>de+fLi))Zk{xs*-8ewH;=Ugrr@mD^_eSYOH|78b~FJ2wQhtALu zNmfjezt!yRB(Gc`4aqiU=k1LS8qH#?UpLPh_&i<&1TU9?2kdQ&UA;QX&VCio-xxSe zT`e97_8qvyHYI~Zu%MBa)FQl*4+(770RV3QbC|M6$t1mvze^M+{lAE692_BzDjfoH z?(w-o1mZE&r?-$ngUKjFX>$NoU3ana6>Z;S>0S;bv$(@G?fhorE~!H9Vd8-yctzk3 zMLtz$#C5KJmq!a_|1=ylm+Bi8cx=I1G*dn0`GEyleHv3gHtRr`H_S`c9{F8*_pC%K zy!CNIQq&+mo=2@#i!*-ur6ak20Qr+b>JQrpRM8l58up%Sd+_n261XRp-)1k2}9VVB>dqyR7 zmMAK?IP}o~Bsi|#8t?6ui#XFVYmdzf!_I`s=Aa8AsV^l^LzYp+!U-f27 zI-5C?U*2L9ad*r1r+1l=V9TuD49_}M#%%taK-8ypU}&J8k~Y1qJ?m;Fe&DTZ)o)kT zoReyp_`i_u&r6Pl(|wHxfKAfQsv>htzRLy-;!zw0 zN>Mw0U!wkBO!^l>qdqI8C2Nr5AZqBd)snlQZ4*ox9jw)Z-LVyW`TW@1WtARMaV?h4 z6Fl?AyW?O##)qkZ~N)IXS{C6kopBXTyTBdvHkE!8qtOsfPKL15*QVG9c=k$eeaaTYK0ShW8> z1-p4MEj1d{7&av&*(}yW^pMWE_lI{iTa%QYD3`3ux#y)2;`oX-`ppS^KYnhZ1+OF% z#@-;Bi~A^9$hs7CO_aDpIdZg~YuJep>u6wy^UxKZdc@m(_&sNa8ag_YwnBF5`yep; z8&7=amy4{z*Y}Rc$s@P2dJ~HsIo2Ftgz=wby{0*>RpnXbpN}W5Nn&oDMpb3zPdMY& zuC$MLnxq&2e+u6M+y}b&p3ae}KpwWXO;x`Z@J3rMA~yc|w>JN``pU{hX}M=+tL~J5 z>Zz2O^qmb3Iar3}Vj{=rxLhBPUgSm+jmGvwNtZJe$IY-cgYeTM1#4b{7SgB}6Qv1Rm2%A5LuT zCWPloxO^wv$J*H}ixQu{4%C3|iQn5&7*ia^1p$1$Uw$XfmS2vXQB&9lO&xfQE|sk1 z#*cbUN@2`e#qD2+jtt924)73JGQ0YLyo8@)c1yTUH<=3ljD$xi!jYsZ*AlzU(>j`z|UdfqW=ICWL`A>^ zE)=^@gor_OH!@w1KejkX`VZxR2GbKc;ElS*HJvoGRX*7EoYYvcWEx>9AA*k0Dg~Sy zXO<=%%h|c)a<4+S##^;gB&yUUL&4CAe%Ik~mSx-m zn1n9l0vr~(eEZAH3eRN6k|y*d6y1yRyfH_H4VWXGv6;A>8JDx+HeY(1Dj<}Be}pmq zy};d{bCfKdlN439%q)iW{W?~n{;VuqE@vnYB<)Fc|DkJ0&z2#50UBx{{dKI^TG*2D z#qH28Hv)-QYY1bJ*K@jfP(K8bps&6vbxnIm!}w4VW9wm$iD^P4$ep)(_|03^9av{c zXKXQ&g9Z0%;rklx*iH@fP=a{Mkn-rBm3GD={lsdIqM-+?o{=l4W}h^B*u=saQU=1Z zmQ^Kp(5D?eWCrZs^lQEsS}-}SP9rbIWHX_MZ%?~XN*rT+sm2)cn331l~;(k28a2=QG3!4?3J2os&i=WO#yoAIHGl4r9jwcVGjZ`x3b z^GKUA&u%6AsmjI{q)pS5GUCOzuYHDn-t^S7qBTt_ROoY?B?50P4TK^*U`LV?n$Ekf z@?48$V`JkQTJrMp=#K&^g5_ywf@`vVU;^LRi}h0_B`um|9{yLn`ri?YGqwEk?GiDk zNuTsBbw`*Hqo3@{lb(ko)cg?{54_O^V&tDhmXJXwnv!N$r)?#WEeD$$^EC@|-*dB~ z7bYv`F9(Xh<=UcE)QSf?ckH>lMpd|8o~S_vbEwDRX_J*>cj>GD8<2)A18*(@*L$+Nw965xe!<1c3;|g8x6j^-cN@D)prD1PkpmVzweZzo1BG!q@^5-eF4;Fo4onH(`~NKpCI=UedZV$8BB> z#C}&_{^>HY;ODn+LsY_JD6hFszGzfZSg8c=9y7B_r&J;;Heh0CTgf2leO^;$0Jkpn z44s`FlgRNrd7-KO3SlxkahK1g@FXcc5h0w8h1P%ZX=A;zG>c0_cT6^ya`WR)R--}d ze3IQXDf5YHzj+Np997zZ6{avX;Y*2qTd9YZtn8}7!Aieu7gDX#QG0s<5Q&tfZfX0m zgaWRs;MeLu^oXgn6)>Wy=!<`##TX4|$XbSIMG3JFOJVgba@OC)VcQMIx zQkiv2B6(p9dInVZ#I(IxOT+%PFE4d3PmT7$e%7)hKF_nN$&=;C`V$e3)L{_JNaZ5) zE;8a)BmU1;{!f_Q^zt=a)P7*emPfD1tp?~vhut=oeh@~g*MZ5;EP`3@NduSjZXc)8 z63}mEG1|H;U!@Z4A z$&<;5V{eEd?Uvw-_ypTb9dIED?3&Y}$XQgrnRa&P&$gT7o1EzB z6Z*VJN(K6vUA!&rnk)zCqHr4-6IoB&*t3M9dJuGU+0_Is9J(Rnz8 zefnJx>RV|EOsCTcHl?npgC4Y+j*IUiw=z=Gj=^AS+A-kz{<}%EumAMKd_J(>-@%C* z^f(MUnQuDM{StLmVr}$Yv2xzhB3nDj6t8Jx22Eh zC&BY8zfC@@kYD5yI?8lG(%V{!Yz4`Mxrgk+As$Q+-!o+k%R~R-{Q&0a0lpy{mvo--z_4^xk__*mOt)1SCMB^d9LQ zq(*9lP$WPC1PGx+Xn_#kxcBos-#OoRo^!_d#{1(P@BJh9nn}ihJ8P|3t~uwm1m)3& z)Fveb>6$D%p6He=D!ETmb153HucLm(ZCK$HyUk&9*U1SR27{HAg>!Vs+gmWt17DGZ z<|6+Rx569HR|+?&((-ygIeUq&+u&pzB^%tuwt4j0hrtmn4;>ft@*^Gv1^M}VbY8cT zTC`vL)lkFv4WK6@q442%2iStroU!0Zu-3-#EnO*d3*m`9PHLvu+2i>)xE{F8cWiQu z_$FM%w8zW!1_(Wo5)AP!O;4sQ0_rc}kyCZ%UE6weU2ZD7HF7V0?pJ6ojAU+8=iCT? zj%H8y^uFi;RJKAYm1Ld+3Ig{|B(M!W4Ra=vzk+wUKGFl3>fl0xkx%4m9#Bxx+NNq` zDh1!hJ8L85!_M2tvQ~1O)X>kk6P=hkTsY8Hf!CQwVNilfdCNa@RJ?y9So_o&uwYWw z;&0Nd#1*k~H~TYuTT@Qq8Z|h%J}SPiHz^}&-5{7%U2dv;krCzy27?t4Y#>8bT>*yP z!gUVzD!Hl+IgV%SohH8QRi^z(CmKDzBYA%V3;*s_g6k{#JI4~b`B7N`Ylb#nfu?S# zsmTW9+>!cC`^v$RTY%Z)mA>7@0*9Rwv+NTk8NC3`y`7ox8KhJJGWWm;tk;`Jej!3IoKi;n$2>Q2h{6vudOYOhW&Z z(s#C4pLh=Fk=Um6$=^o);yL)fcH|b0TOv=N8frY$8K$Cswe4SrKh^RjAL*}7uG@;$ zrFmQPe&`#+eUQ_p`nD@|A=5&$*E%pz4#Mr;zHTlF^L0N>@EHudS#mF(^WK7vI>LYj z{F0jXjRPxgrD=AWPjF=~$r0`U)SxJW;v3M-t>h@bno*x6W0ak|nc?Ew;Z?JhfZwcF4|qkU~C&g&ALw%=1{3Npy> zZW5TE`kiV~=T4+*i#qv6FkMc3gUW_T{H}M1-q^SktBH#ItuG|1@d~*jxw~8R3ZEC> zvK!qsSQ8($>`s8zl}^ik!9mIB~FQeB!!f(!wHaEZpq7=TB^n_($oR7_oioqw=!18QAo%P+RZ z?Q&X*Aqw`ft1w&hf(E@_@q+xb29DtGd=a{vdH*J@&0EeIXL*(bDLrVSX zoIWK?irQM)aWGFAO>3SqH_t1I$b|N<{yYSi;&XcEdanl#CM1|iweu^PsZkX;52iOd zqiR?wIGga}V0FLQS=WQ&Qsktx9a2WHj^0iVLR*rfWvv2JD9U6+NTjO7v2=K2av(`U@(j~t9uc+qf;Ki2%@nyOCTH(n$tGApX% zAI~%Z>koMi{Qn$w35wr}UUk^a8Wlf{s$A!~REp^uxe{$#nmN6NU*r@HzuFfFVAr{0 z(3;5~-&W=mC|c_-%;X?vb2kS`4QD3hmu#?i} zo*44@mC1I8XzIKOwL3V`YpN)Y8@U5GOwoBaKu;rCIP8Z!Z7HviYzf&Hr&PXk@GwY5 zZPKS9+*Io-9gi4?m*Xnc;&xRauc8IrFJ5Hp{|TzcEhc}NZd+<$c*|RRs4=Hh?V7*m zDz_y!EUn0hp-{?H?Yh*0+Yx7SIkE-y88aW-xb`UZ@E0i!vvQpmeJ=)-*)6|C{mC%h z?X`3D9Iy;Vo&&x(jt6B0igYYz#5w2u59}x|F>lGEhja)qdHr}DBdX;jBcWt0FE1G? z!0_B`)dCHE?4pC~upyiTeX$eP-@2zfaPZgUK)s=1Er3i5!_oi^UcOo~GB;kh*L zWkN?ye|Okq)%Qk2ZY}Yb^HUG=K2_P697UD7-EOcj34Qd4&j2~|(8*Zb{0*I;vz4`4 zzc5Sxo$EIPe=A%S+ zglT9aoWnFvbtkZ#r*7=BRjs#cJRdr;XORl!k1#8O$r(JD z-d}s{q6vhu$0QQ0I<7FSyR3YQR55oIlW8Axj~X@2v=m(|E@0OZe3RKEl=N9j{7*BA)Zp!cJ-^h-;??;ozM;*!X z9hbHeYD-YH&u40#Ni`jR@e9xRzw)9lwo1=6cy`e(Bt=Rj$)Vpn?i*FG$#5aRMfG7_ zmZpKsppckF1>XhjS;_+QAmW&2H*6)qfvNzllW^Q)S)lTZ3tJ6-eQcwLkeJ`tAFj>4Zk!a9@|#>9#O zjS@_Iyx*s8@y|AE9y_D@)nX63XTfGaDMRB}>yLi#DVvLOU3y;+Ht7$}FNHOafn&NK z#Fcx0x1;e+xl9+97T&pUBraCB*LSLo?!{dlT^Ki*>Sx=ORcMgaF&3zmAi5g-#6tzD z#g{8R7XjDlY>2Rc$<)i>kJvVX_TKW~^n(KIQqPpoQHb|+Ox8Dw!5@$|jKILz@(ofvAPYKJE3 z*ERppp0;)fHrsp32YvOtYO$F^fmRH|A(4aaecMwT@EE^xyk5J_`KZck%jKVc_21r~ zVUQT%nXo{5%(WM(2e$~Igs`kBixrAt8#-YApjzJYi!x*#ZF_ zc>9rC%~^gtxjmA@eB9UB z2ZK;M%R7W+&6Kx?yHy`s$eFS!?J>HKoCB7e){d!*8=wOmk{1so2t--a3SzNBAoE<% z4Ez@>M{NjiO(Ho9!zC`$c=Ra8;jBJ%F(*TIHU)`P%+`JUcCP`!w+IqaRcy1^A=Asm zpP0?&HOt~wn||z+AS~6gJ_h(BMrCf(r~;_JJD7HE9`=VHdl(jsNJF7j>dzZg> zbVuFb-U-lqVQ$+eNSj{0$5c^zXX|D7@B9Ay7rD@CWZSp@dYth6Ile9bW_yqvm%ymZv^L_!KOk6Q$|29oASu!PqCl-qar|wxRsb~=Kgxb%;1qp zsltz-)-dlqeNTj;j^XADZZLI{64lj$jOL^cQn0H^K0Kb0q+LM7rDGMO?UPxHk%Y|kN zavB3)BSPJ4Lw>a1wX;#dvU?8ften13<7%>YW6Z17^piLm9P}6#%ya9*G+%9$c`{Mx zSiH8GGH&JHELm+x?R`P|A{A~_*VBR{LDgjD7DACxnBj-@m_a>U6w!Olnu~je-Brjt zmi9skU#Fh3=E#qd*vyw(@AVP*+c*I z4{W9tzMRxz0&KrQP^XI=ohJT9zs++Fcv4Hw$U6r#a3Lma&m`5(l1XPqSzA*^>z~s# zWI0syyJYKkQ*Us8i%b#4LBA-E@0hXji^lBCv~)7-c0FDy9}&_cJqkkIF7ti;QU9w9 zYpy@d&xIkz0ULOTB-ldYlee_U3}azNQXxZ54)N78!QgBMrhqt^A%;xJ(N9_qu2gNM zm$D5%$ZhPgiEMQNzVW+|p#4+|7d49O)KUp%DD~hut{1-Bq@zze*7LD$VdF> zjt^2i^(39?o&yT;iq(qHvI`}C^>gw9buzxN=weQZZ#W7g=Y(5enOeH;VBJ0hv0tZ^X(x@Q9uv^T{CXu(&Ir<9sx2Qpr8sm+bGD>S{P3?i7t3m0^ zM2Nvmi2M?Pohln3r=|d)v#I#>*itt|1e>&C`gox|xKBn^+Qd)3qUuKv98FWUrpnAh zFBk*8`@SE};hl`=^p$bD8hJ~3g``IcHNOvyT!7z@4!=dAa4|65rB@Aq`s{28y7Gzw zR;```HsOQ=b#hid`8zqRc3O1%40zVAgLs|m2?<)x6zU})byF?^!NhOZYF%V(3*x9oKh&QTX#XYJ|A$R1dtw11&xR|$ z#^9TEHbA&F62AoQrGDSf8CPEkx`5AVo$#Ll)sO3z7H(@M*BZJ%JlUEGV=QQOWtUZd!=cFtMC*ZkiWmKpiWB%-IiWVMV1qVjcudTsSytaqOT0jKIMx_ zVpSkN^OvaeoOG4vUfNi(O3Q?NC=$xbC@Fh1$IEEyuy8S2m4RwGH9{js6y)FJNj&Z= z;yubgwEnp)>goDI!(9y}AJ>j{LRF}0i1T)4>x;cDKwhWf*7i)E59DuWfVEfFXhOkl zWPTuXMSW?F#sTmgz`W3M>lVTB*o`jnXdhXZO0F3R2&9etf<{hZRcC; zPO_@_`a=5{8ZTPM)TfVGZhXn2a@|bpVs=c+2X0QY6JqHIb@UVa?9_7r%W+ww1SdL> zLLb$~6uO4zNT1O6P3Puz%D_a!Iovy&EVguzw@{QO-uughsQPsc zGLDg)A4!>Wv_-gGIML>#U5>bN$#BP9%pNh*piX$Ya64ca+TfP9QeUaRW3uWbq;ESn zEPEZaz$$eZ$|F=GVKNVw79QhJFiY!J>v#K5EEJqtQo3#niLV>?kRod{i5LADtj0dD zBr%=~<&9o4GniCI@*zEMJ*NkkSGP}}HWq)oOcJlqMNwK=T!A~R1+-|~U zb%mp@d7T3@@lF+P^&r4YUoQN*GE&TcPk*;ngu$!|(|_!; zJ&+*`ZrF~3Q6Pqjj*Q`$3kMl{#6s}Ox~VPFmvNGK(L1IpDUfx6PVW0*StTFjBvcH; zzA2YJt17|__DKHwL@l!3(d}MAo;1*CrYr38wH43ZP;pmw~c!oAL@J*-EBIGVYec@{HxdNoAR@P%&o5D6T#$k%o7PB#TV=SX1%h zNn?X^-PV@(Xs@`g+m!Qcg8*}B=rhNNbLa-ShE!n>^T`E;Cs^1Y_$nD zUM=I9m49>8w77RjeN)Ml?Xi4hhRUE0)1>D1%&~OSVo*uWY51k8yfUXP6Dy3lxd=G$ z)85esDxR0~GQj|IOZxs0l#>OamEz#D`k=0-4;EEy%MP8{nr$I)a+ac?ZF%o({{!7+ zF4jMGVdJVFLw?k07XMfI>EHeLj|LAh5T&E8eyzAkrpSWzUTI25CldpfPZ<`Fl=FIDK9cgts(~MCqzWoIIOUM5der{1AIE#nN@f zj)nceGY$Q-bHJsz`l+&xvZwEP@&(al~od3QAeJu<*W*c38Yj+Mv;GvuGXFdW-L)$ zb#fA=Pq3=AjMDymEZ{zS46sbbkV&!s2B#?{ZT0s+L}t+;Cts+-W{9T?{R|7OoM4DU z@u{UcZV|gAf3MX}Kh^Ocxv>e2pmJ?|9Zg3>)<4-G%+peAPD<`Mlqd-!hvQ_0ZyAKx3CgH#9K$!N7DpY&5cYkFwvQSc?$!B)FC~CRjE~gU!Vo8A zM0n@ej-r0JlxM3V&rFyn-`v&1$O*lXFlzRL*Mtlf!ZzvA5Ls7lGt|pfJPMm}C6eXpA+~fRIe}{_ z79{wk`quy@SN~ixh=M&dM8AaJc(olrAFlFh_f&bY5Q*8-+im%KU@hUltdTKndeoJ0 z7(R&^TmgMMvn91VzQBdqkB6azTPvid@O&doa+dow6s~$tpjxm)_%My(20g}WtI-}W zLJV0(d7J~rkb^6gN0x-*kV)ZPvu*Y>!{%FZ_6G{9MqoC@xWn>uz|WTLCLc4={Qy$C zSK9)npeSSHk2&l)z@&~mVA;wjiK0h<2K3GR33>ziDBMSWO9yi!mx+pxilb3V!Py|g z*hqLJ_Js9>S^wL8a`dRY~ELY2Ldm-WQt^Vw(8Ps$$T5t1gBY!ms@ zMv4s~?@7aTt21L}iNRZpLO_))eT{>PaCv=^;d@@Lf zmn(Gib_ATKG9^N-#5m(xtSXz7_d7K%=I-RqmBu6;+HuE1JLk3#>ujk_ReD5GCb|Wl z=wt2Rl97-KnF*~d{oF_80pyeYlQXj`38a%HK?c^y20T}gWA!4d51m2{6Bx%jU!hDZ z9!9HveTjY(BSyS2_%kHdVohw?r+#BOsbDKqK})6Fj6mA*8 zYA#fC$ycf(er_v9H@Z1d4>-3bu~`U9H`es0@!4%i8gj|LShW;Z*8F>8$cfxZ;0&*w z0>cv4+tJ$*=aP0JkW-vno>#3eQ<-k0OsIdEfHLhvbLPoE$4ha_V!It%U0e5j*x5Kr zqUVZd0+-hQrJU+QKOY2;a7$Bgd2_jC)*0u01Lq^pS1V7ht;Cugz42&~cI=mn4k|^{ zmnJEM4L6%+jGA}Vi9{;e%?b8<80zYoIo|(V0RmqAY0UksPqodL=s6|M$8n-jO6iDm z6zfnkNRw6c+K-c`+kWw8Q63ZA$JM=%EtYu35AFaAq9DCkcehg#`@u1%_V}S7Td@Dh zeG^d)S#{Ipf|ReX)&AJ!9yE=veV_PSVDjc2ejvw}96IUp5dy#KWuT7_cxd~{H+TAe z2~4)y(ew9zE4(Xa-W0uOZuprNXzduAfNfXkOZ`}P#|=dLY!uM+S@E@@B&{GKOqKeLulx4yj5`N||74SCX@xk_wCoeBylf-qkNJ7} zRxf@77lY1U%CD;1{;=4a4@hCO1X6jwRLAAK;pJ#+$^Q8`L0 zx_!n&?1Cqd(?b?CDn_`xHV)1euRzR$P`6!6t87dY3gtgr@P6v^RHmu~~sn=4K%LRt~n@WyQH**jejdYHKj_ zi{!5@+D32c2j=npJ~eM=wdnnxQ0)Pzwg)zj!_s{|akC$+E4Z~N73K)Bz~zGwVAhr? zgJyMp0XIjHm0aB}ud7Swu#LUfv%v}kGm*Iw3aPkcR$wIy!A~OP;A&yXSIU7X4^lgd z?5=osa&{=husFig4Mr}M0EcT2A)(eQh=?`r8maq%2O#j<60rl$f_fQ@0q$`m{8rLB z+wONPyz+6SI9T0TBuMtOEv0UP!fXWp+0Zg`l8qdli z8jL+9)`iosy%}{!Wh&LfhO~V+EzP3|Px0#Sw_nb?D>xU-H)l(Epq`lA^WTQr$k5#= z?u}v0WYr0R|$lI|+YMVh8u10WK zL}g3+oPka5`%{1caib=CiCVEjoNhaWKkSQlZst3Yy1VUpG0%Fal{WE%ojxa=qH5*V z<6clsoNDgkKDbwO4|;16xak73F8JJt9GT?2xw?Gu!V*jb*PAX0cYr=Lvqn(PYtT?` zFB7W0^~ce{5zAdrtYo~}Q&t78Mwpj994Kp8s~p(Y?h=5l3s!z!I6E^}ec)f{TU}C9 z55B-K`y(KraW;_a2BLVWNkO!vw|LmNS9X&vT*x}XNdz~@0Q5&mkaZt9f#YRj*GlYs z^pxjUS@eyphie1*1d<90I1UY?&vPZ_jY$EA6ofexM9X1UD)hC-C z{<$1UG?lv}%}h zG&jC(Py12vrZ~h%E@z|v8bP%W7EuKf@XM7wJtS88WLx}nX4!kOi^WtwBWIK=j@D5q z#1)5%&HxgDpUF9;|8(HB~zi-_;b6-vP(p_Nk|F zqrS~TA_?MFO}HBOMRNsEJa*7x#1Vz*DHuQ4Pwg6rH~ICO3kLIClnTC9Uua?>s}Ffq zTWMnQ>rUc#PmiarYM`kQp!;Ckw(;$zLRz$zHoIQEMvpsI;E9unH5Bdu3d)@FJ#qSH z=KUE{MG%uNN}7AV5fE0R1JY1O?K0fJZu){b46Zqrm|EQP+dcf8m1e2pIUbQ4QTZsg z?Y6{j&(1<}c4Cxj-xH)nQ611fDK9r8eyPx0)hV^r^*V0~(F1v~(P&z*5F997wD=vv z)EE#&qgB#h(9bG@ASxr*gbQ0O*()`e8j(lebLY!}kOGpR*j`IiC$2M}x`atiXE_L?NN@Z!F zPfcqZoQFUmNWb*mrr)K3lALQYqxAj!@`A<0C(=>H>kf~&uJ5u}ZOXxSIeWJR8oC48 zrBQF-DaRGe`J0cwy0SIRb$xgDoBDpJ8YxD{nmoN`;z2FcC?6sR+b0D(^?FZ*yZE1G ze3C+s-T=2BZ~GU_tv`-ip)q$Z=$xmYr{(MBVR*kUc!)jrBZ=pn4NqbN>VFOT3+fA< z27SeCl{JCtu~`qT+0EE`o?L!OEyXR@yll46R&8Ce$)?$N4rs>E;_l0!M{9@NN*YWY z3MOb>yu|xtjDGIW1(;{BbGcnPnR*BpWSa1TBy&lM^tm#WEYIB_D5c31|J&5=fB4{8 z3ewPp*_XTnMeNLUHx*>c0@sGka~JxYaaI-SJT{(j?>e3^GeGLlSc;CJd%@GSJ~c$=7iOG zroMOFWcZmGcZNMXs_^nKV~X3*>>-~6wzp1eH|?MeP1REx@*zo{cVzcGvFz19ypyNo zET0cjUqmkE>}jIH9nJxv8(()qSa88Ze@pmKEzQ?I1`YN3joDp=gJ(SeyF6*`!M*&F zwR=$o+qcS5$o{96Ta|5Sr!AoUmEu%EH<9S~(YTp+qMK%PWr}ETQ{jZz@s-m)Q=47u z@qZRH{K}F4`-|Fc#;c-sqP`jPAl~n{+k1VD4GLyY=T8l0rC||gt=_fuR)ZlDn`3?- zo3s4tD3$$Ajt^Fn8nMnsE7IMV)X05)C(k)$O~2gxOdqkvi`I2F9&hQiiUXrIi>kWW z^MhbMz2CSTz9A+XOgAsBNK{Bb6?bObqys_ST1CTLty`B1+LTuJCM3Z39SL}~B)qop!RG9kzqIj^howk9 zmag`|0gjI$fBL@KN6n%rA$oyaQF*{dYSF~<*a^j(dnnGig|<%aYo1Y)rSX{Tqws~u zdm|`EN2M#sgZan>Rv}HH24dL2+;9%7a8TKP`P^xCa_t`|$N2zhq2!gPs_D{iZBs$Z zpGdc23Ap{>Fv%3_9RqIS2{-ecY3R7ny#*s>h2K@z`eXtE2&}j?7?O#O|1Yyt{~O*+-z2BiJH_#5dW9;f$XW|*S+MOU)MQ64RWusJFx9)V zN-j6(kOigeK%CWo394Aw{zQwWnWLj1EN2J|ZSxP=!S?noP!RQRG;|O1;JN)K))>bm zB5{z8Hy@tgZ-T{SyCa5K^y3$Pt*p!LnvOD?`n<}o#l?2Oc6B4$3DI7jg8<^gWd3h1bYZVvXCjfq14kmb@5_e_Xz@-nQG zRn0z=G+CTKNlb3t6R zEZiFwX1P2Gn?5<-am@(eqsnj8>}FluxxlWpe%E>M+Y{BYRvoBt+4XF?-L-87+~8W& zTzP{jhiaa=Lw->pg8ugdGwK90X{q4ng@~fT!UlUmzqA*w3R?0MaKT>9!I1*}+WGXQ zRZi$LAb*VO^{fT-07aPr&!m>$g^bTJMW3u|If}4(uVmzpVvHRt?sK~{V~fifO`Nbh zwl+To?<7@wDyzBCxBm8Z0`H#JzX}r(-JsNNn5w0YqWz)PEV+5I23bB+!D-@^kQYzX zOD?*46S}SvzVW(tM*Ff-YE11@-PrY@Jk~H{J8_AaCPybDr*$X1t;-k->aGwEyFJ9@ z*04Qoe{Q)2fuSRs!e>xH!MO9vP5vSI8s52bMKS2MuDLNSYcU0AUC7xOS+IT*)OdUe z@+e57S27mU9wZ9aQ41(Mb;roxY>A#&dvs0OX~Gw-YQgJ`vR+Q%Sli?Na#)r*pIN4(=4`<2O57eqq@V&6oRAI9%3c@>mZmJC_el9a zHP!qlfk|Q{T+x@@qv)KWau`mqISQGYr6E|(5qujWmz(J`&jDNVPFQk#$1!Oc1`JxG zppn15R@eQt%r7EcA8m`JF|Hu&Y&%DiBA%|LcYk~05$aZoi(DE8PVI|r`fN|TcEP~u z4Y@_mMPWm3?GUV9$^CS^yDQ_f_&aYIu0CbwrjGSmxfS-%C1ZSO8D{4PG~J#Z?WssP ziOWvg7#ST5Jx!i4dq+_N?Ue@yOl{oaeIIJIE-|ooEqtK6Eea~|4@#`>%+LO~&In4a zL!|ulsYz+G;$AADAf}vEWU&8{2!-m_t7D=LiXo|v4pDsfiE}{sF4qfFovkEvdPRAA ztNvIUx~1oB_2a~N}6f)5f zA{6O*oc|&$|4Kv11pM0yI+s{%&FN^ht~Is2*|vF1-(W zm%Sv8?pSo0i)O}0<<|q?Y}C8n(1rE^<+zN++Ug7s?##!WSA@S&(~qnCmlXwp3w2r zFZ8e13f+~-eyA`XM4i?GrVNg|8bm)~P55)$pRDqkh-_bM!;%Xj;k;Aq2l@o!qqKph zFO*tpD~v~Zoq>wwGubZ??)0XPw*=}Q!B5qgOW6C;sJAstrVFhWskL3}UyAG2=N`-7 z1&QcHYfmmmr8Hc`!UX1ltsq54lvTaZ!vc~yAIx9M_va=k&as18Z5>BfS>5ppPeb!y zv#Of4z%e>q>O02|IJ|QmRK!DAPlLrem3{8~2_LZk=sHI^J0}=*fC8_2_=)UgE^{KB zGJ-Mu6wV!Q^qv_`YAGcs#gJ80B4@c@b7*95A>hC1mH$6+X_&Ja5{q;QnPER#6t14U zBxIO&o&z*Ey^4jxAL^6QI<1CxvnEYP%#L|Py|2MgYC2so?aa^q&LXwW zhgFj;B{h5()4(}3GLo0ow74$BE^XLLDM*<}ZQ6;O4tafwhKL#`X`jtJXDLY&K*y0b zYe{&hQ&x8erF8V>K36GaRiL*?3C{>cp}mx>j+Pu*qf&aU47aDxpXU9XLXnD&h|XO$ zz0{uk9{E~Mm4ydjrXytQ(hHo1vEU~IMd83{_ggSyb3YAp*fadmwSmTO)U74Of^Y`J z9cqCOGE_qZg#dF%7M&1t5y=~;xV^Jpd+fP0%M~AjJ0o+1Iu<-QP^q09t*fjAD#!#{ z-#HrYQ@T2GMS)tbW}jUO7!95cZ4Pq)>T!?}d9-2i;Gth4UO}N(Sinn(`wLi7WaC$n z8qLeKD`qx5lYWp&^Bv|NCOrh`wnAZmZ*G%%<0BJA&*2*#@7!4|6_kcdOry zaDUBmkwO?kIh8nQ3Vs$E((cv$x7E9_;J*ef`J;r6IjrR51BH3=*{_}x0j(TLg>7@# zfMTnm62*Ql?L{5^MmpMy=Jx53#hoQ8dOXN>K1ii#4Q=6*l08raPpN(c#U8+4hrOK) z=~E;!yH}iDq9~2js>!f;%rU%QRp>7KicnG+30XuO>TocJUOeLo9ITk9`0XI+*UX9^ zOV0uBd}#g;!|Q@LAydinhV14+Q=@kgI`s$1qibuT+-AW$$83pS-qBPFz4o1ZFXYYr zx0g@L1N0ZcrQ4XnBdrEW%?Y%_+a^=2Pt6}O)P3}lF9K68OMeJ$W5lqIVsu~jgR-Yu zel{+iXxQi56iLH6b$?g=qlsByc=ba#n=2nR=f{6(6)^oc_W!F@5dTrDT&k)!F+#1* z6${;HmWfZl!C>RSF>40m42sy!%lO1!Hjm;`(rL9xDhvwdhGTXJKC^tPtB&|RUkK#; z?h#3Dls2@CF0V1(>5Zw%3!H?UtUR`vIh#GW4RWB{D~<{7pN1{N2%9I5j?){qjb+72 zRisnnwyzUygVTllRh`_~YmOAI$9U`sJ3?sz#DIh-Z_&Uuh8*3;f^-J)n*_~;+vuS) z^ci11sU3omMC0*p)M28!HL0<#M#8&Gx991{Jwlp%`O%WOs4#*~_<+T35-0K~KA5b& z;2lqKg#O({aggd5p*n*ezGzq@L%j&s((J~3i{dS=$CUvJFuD|XX?xeh-NR$SV}mj# zu??M~l|@ zms<3XXdx2fF)iNJ&!mq(mqF;uy7TLB0-Nn5PSRqoSl9$;a%yw7 zPZuu{vm@Qw{ZuZNx-_YWfE{16zb}oJ07WR?7}k1`>kjk>zTAU7qXY&f8Jq5f{61+~ z)!-#dJznm6&a#=8&7{1Zn1X(5&M~}+v>7vHbVWD-Q#TG}%yoW8E{%=I%s@ux6cAQr zW;Nj7jZxIb_?G*S=xChB zY-^Z?17Jrwun)= zp6(QUZBXBtqoFdRqcW6Nxseu|{vP2+{VZju#D9@pQs59)i>R+r9T8xJ2vX(f4HGmKf*_-|X$n>I2z&&*Iy_+M^3MMD}bgcyr+v!+Z`qvCv%R z%7fmH*RNiU{&@BJ#ZQ|jO$3j~Y-_-8VXdWZd_7g`jwaS|6yAu}o}72JY@JP%`_K=p z3SY-wd1B&O?;Tj^dlI%41;l0ucsG8-bw?9$NCnncKFKjiL*&TB_KDZ-%dtLT4Nh=4 zeK<13yF&6egr2Q$p3absIPDgCrN`(ymMizdyESRARYu&6#YXqYA9!3S(Pzfts0(M= zvujD8+bJKK<$7(@TRU*j%xHck`**LKd~P;gCWmv~$PCjf`QrysX$&t`oxpd)c&PW^ zzmfWW+04X*b%2D7q=7 xjPvytT}%D$-6zK^oWjrisYr_$DBaR)g}jBIC8b~gZvvtJ6cznnFL0et|1UeoW{nzFaX{25Ad`Mhy!4l zzuI5F!Osl>2l=ZZz`?=7AtE3lAtE3mBB7w8AR(h6BO;<=qN1T=U|?b(p3_4pkI0KkG_KyYvX3nz+u8;QDEb|V2_`o6jjmCoJPRK zC*V+4Q;*A=nZ={xWUW$a#OF-aqC<{Xo~W%Biz z0P!>BXX?-G@AUto00#??@cdK`699pqnT7xl3yS~)1_1cy*aA~c=hY+pkO2IwAGdGo@|h=wO_!cLcrC#v3Hd`SMht_^V;S|*SW6d;49CCWF~}4Z%eQC)~eH2eHqt>_3I9ot}10Rf4rZavwTX92QpbEFVD=NGJ7cCgxLw4 z17jAN6GG8BJ<2~fK(wb59;KX93j$FnHfOfX9};NW#eU03$Wkg}g~dzc&|uO-|KS5} zJG_h=+&)yy8Et)^IsI%WVc!zleHu|JAPR;QQ-UuvyuE;EqVYtZLMMWzP@Jm9N)NY< zF1V+4y6A=~;8OeHUkwW22>KjPJf16A?C5WdgK@&ovrdW{{DCTz^O>?ry4repHPU%*8K;>mAM7kyS-khQ|kOhd%_7d@A(M zI+0Y8#w=(ccU=`mUjFQKnd?WopR{6%c-@vXkY+Ubbt+m9abjGzDSq`AFEy0Ufb zoy_e>h1=`-Q-#-({F?zs!ks=cWA}>M?Q}!02M9BMoK`NSdxg9F_fBzXH<>jb6l1-k zxCQr@-_`M5;p~UN7d-)>D>~kb*XB20sQ--=!#5OkPNw4Ghdt*2y;OASFZ^(4b6rT9lYZWLMYbW7_h&u7|Gb|+^7d!{{Lu&h zf6~{rl3sP^v0+)<@VBtePk>45!_aZ)l;29JFT8KCo1tHu>b>|Ca$dqM)&s$RfCv9a zr1)K`>W4g?n?hfBL;1cfQKS9jb`QZ;C9Ik(S%yx_Fcx5m|A2CyD!n@zR{7`cvS^D$)>B~hozn4E?H`-7it}>p0Z2c=L zn(-8MkaRwuY0Dgigg7OM82>S-ayZ+&?r!wO-ONV?!;ZxD+QPLwN*CDs`iFd> zD+=u7m%9z848MvI(!2avI;<4iq$T!{Z|&}6eU8NF*xrpeEUA81!Q>Bo)b*YE;uQ`3 zGuR)VJ&OkOd*J$OPzoKN01KwT5pLs;U^$g|IdX}(6*pA>4KW-!qfP)J43+}deZHf7 zr0w`%!6{y5$6A_oxAl|Y;1yD8ceV;2?yw9r+(=Ss$eDnA?;}QzX1d#5?EMgZI9SOq zTJz<#;J1~`MjyI|;f4*515FM1yIJ90VWno7cQG#~WB=1w#NT|+mvT?Qq~8;eX!j6A z@dOOUwy_G{zZSpv@~bjH{M4)CqhFmD(I~ND4kgqB2L&)21P7pmf{3qB-}Ak5`y=gt zG{paIMJP%3>Wavj=6x{?YmNJzM@*0#8LQwYSkxk3aEUK1$|?N@2bDhvLo8UL`6WHk zH(7@U3|XNk;QXKoPGQQMcsG2oe6&fwK&IQ2&x~7@4Q&MhpN)I=)jIU?BWRXu?#~>})GNSLU_2m<=w0^!|?bfx7 zgh9SHLC5R4_0uoiEbj{atb9jGZ~c;A!X7w$FZ=$0^u4BXkn=(M@%-vm+2GVvU z1^gdT-~S?5_)ov4LMi;(!hd_HsBQT0!!PW8;fdB4_wO({m4yfb)60?WBed1#q29HJ$tcR*bZ9VS z1vLX|X11`J)8v5zdU}@X=bzkO>GQOTj;?x(9ZLGjcKkz#^M9Ik8|M=s`2;*_H(aBH zJ^_@nKO4WFU!nK=t+m6V*Bw1#KF%K4JOLv~SM-l3bvwg%rKH(n|96=3Pf+&XhmKGj zp-v5!|x{siLeabhkXuXYMDH#$R2vBs`X!kN&l6eBwGXM3N;=)&<(=}M@b<-(m zY2oB>o^yI=qC_9N6uBV|UZ?*}cl(R$;xS)PlvT8zaKgy3pT&}Hgo_?|$d?(`>iPYV zg?vn}gcI}oU%Gzveh78G84vk)td+ZuhOIBMJKAeHeloR>caVR(qPpvu-<9;P`>d30 zmFCQ-t7%cOc=&d04{C)hu!TmG{tB8(3)KaQ9Mh|uYwat^@hPDw0YINls93PT-r0xd z-*1e8sQw{=b)|$T>+u}sxsWL8#8B*4oPZ#1mygum)UPtW9_VuhRW8w>bIvyL_jnm~ z9utRvsJ8?|H7$H7hEAobv;;TF*Ka?%b5}e8t{yB5Dq{wTq&`_F*NqLoWh2sOe@#|t z5T~1^=B2e94ABO0yoTI1%~+cC&|w+&p*FHt;iII1BXegppyn($A{O*c8SoOdP7wsl zc?O!V1+s5M!`<>~rMAAXl4P6erzSWr%!zqOju;nk(8b%3oZ5cK;sXaB$53W)%f;}b zhh`KoI8%J`cPiTuC>M}xdQatwLHt30@(z>{UE7$iQF?+;SF7b=GoZkUbVHA?K>p#X0bB@+Q^m%PXBs+(6k+9$+;kk;Vp`lzv+gx@8=|~ zeOdq3axqo{GHNW&GMsZr!53#-0z*!pj$Vrb%jgf-`lsPAAH1p^Nfx29kTnddb=5B- zbW*qJ;u@+kK!mre9;Et#T7oRe+NRv7zk;~x7^Bx!*F!loF2j>^%!4xus9{U%VxXl+ z`4cNB50JDo)_~Cn(}tR?I0=8Qy!6(3vkG@ds>jrpWvRQ$Y*l|ttB^$JcD-v}RyVAZ z>-ctEWiFxItS;IHxWH3U&`hPWfW5hO2KL`{oHS z?aG)xW%pFpx>VTdTa6cVZw5T>;jV6-kMi!`Mj5YH+fuEV*fq%X4)@1WiRCb2D5xoe zF;+@)L{@9vaX6H)O>Nk&!|f|oMj_Cd1(*Y(kI?pdpqvBiddi`GliW5?8p~YCF*c5tfp3MkK81JMmQcvT+n!(D!a%sr?hqV# zhtv9)E3Y#bfoQeNY1hR>p00{-K1Hoo+N9KtxY<7ekjLjZu_ci!k-@)WM0QcLW7K5L zumfQ96q-TR=3RtFpNmzxS}Hk2Fbnbq`h0X!qaV%QMv-pUzb^Pvk1g*Z7xt4lr-YH# zBroSJ2#J=Vo;Wua@Q?S@@C>a_Bv?q)<7K0ITMH(#6@`!mPQ?-5i_;4&W(Ac)qh3Jt z+zpP&{r;ErTq$}drNe*@3pME>-ntVJpLFwrdf=>0sryE{M_J7Tc1#He-bCaIH-vWl zFlTIZ*EmMh-V__6Ns`+rGOz)Q62+;}^J#{W?}&K9y^Do*!2M2dRnk6E*3eRX+dMdq zs(rrhR|#vS^~2oRMDsUG-Iq$CVX+GMzrgQBB)dp3UBinCpt5i{{@o1FU;aB%T^NJ2 zRpq$Wn=5zlZC~qk$lyHSMZwy&z4I7VYl^ zmb32s_DW5#AP)T*o80I)bi<%7*o}FCQWOP>wteMxn&KpH{s4#j6<< z<^Ih9>Q^G*SI)#Yv2&`_*ccW@gohpG--AzO^$tAT7f)9&l$MMHnb>ocIL|+6e0UhO z!V^V=y3o6!QO(p;Ny`}>pWnW`(bQnc{|x$?%coUK%KI6+S)GBn@AeeUbKP+t*~)6# zaUCi5rTc0FP))2^KX3Fv1nX6U~jXT-$z`Eh;WEk%(xII z6>XWh2TgBXcV_Ji3Xs zP*?YxW!sF!dK+UzRka=O;`-eJw2>u|HHmdmo&|MiAR_Q3$>xs}7m8N=cAnIo8J)`?z&^!#m&`8-LA>588d{1ccLl|IU5@-2MC>9EGvf+d{GiM zv8XASeBBVXJ5%&<`Ek$mdP0RN?wM!Gy=BJg$+k4qGLcn;}Ivhj4r`3sZ6= zcb}Y8c~5^|&iWuai0HPjDe57Wy^$L|AEeyHP@?M4*BTp4$J|1l&jwbMI{myy<{;(<=Kh-@gb0afR~>u{NYt_3EdMjA)@CL zok8bHGInwwt-+y2)SiLUd*yrBAPH%Jb^yTaM3}RWM$=dCm7i;!x(l>6-)kq-Qy#90 zj*794Er)Wwhl8G3ri_gJqKwW{ruR>7k)p#!^PKyH%BRuRW)X30x!mHoxK^wb^Nw}2 zoT{qnj(2I#p2|6-!EMUgh@K&ZM40&l%E?qT!z)B3bz^>5HMvln_v9ey{DKlkj~VBSZ=UALkq(r`69`V^rC07QghU?8r@Y0>8J&v zL=Gb1r6l#D0opd&IYKoARzm>wV;|Oc42TDQ!3rfUilG)CHQFBtYpWJt^m0%^ zQi^IgzZHAgU2kM>k0|sm3%jUk1-Ig8ws@gveZV$t0bN4N8nIl3q5fSRPbP z+3CW(-3{U?I3vNsr%Oe&=7pnJ5 zs1jmomq2B+Y@--_-lS|O)&#dDB4|<}o-C0=#}oA}=h|35SipZ?Dzw>IFpV3JLGWT-sc}JWl@4u99!a1Qcwiv^5*9Qgj1ZrrruxE6BDc zo;(q#u1N8jjG19fxuhl^EVoIa`X)!fj%?A{f`WsC_$x(zjnQ2Vtlrm(B>vPhMj{fCG{!a7J8&l+2bRw&I@*z;VFyDmiZV=$xV&vRqeJ1yqfI zV%@QgB}n8?Jt3EsRulZ&)x;908ft&Dh*m3*tzbK)#PsY-!?&cNchy`eCxC7lsVtDbFq+51;# zc0DM3zjmn|Kyv~P!535&amq(}v9HPE&+*bXjds3#D#BH!4;LMw{!FuZx+@~5%jN*Kl=p(V1&n4G5O=o4ZO zC6xH-P%i=IrOrfJ=PbWu*2qYTsG5zgJ@p7NdC7hnfTb2HC-Q;=wKtG4hWSQ}j@CWR zk_a~ggAtB@pT5Yb#m!wwVME`p;3Y<-62?A9auSye$zqlRzXKi-jq!RzNO9F{nk?yD zV5l3;10pylb-IKXenUcqEky~gaHk$I)E;tIGhp|;N%J*2lva6Nm*^Tyop|exesRxO z%@}=k?65H~sh$?>#H_RHFK~7r%-CYc*%*pfm*<8Ri@rGzhrAg|u!EHN8Hb&LvR*VE8B@0x*6` zO^~ELhWtWEUbAOea%U1Cke+q-4_K3LX-N1iSo8z0E~j6|cZ{7CQFAB41Zhen0vyVS zFXE33l~wwi*B;Lk4F4# z)(UgBIK?>xhBVDe^Wd8c+GQ|Cpv;y}ISx~2T#RY}` zf?OIdLlunD+B@WckW#h!1i}QFI0b4n@@UcJlNd*?t(^2(AD&vByx#8wrkFKLM6z4c zsIrY$1f^C#v_B>5PN4>mNEOS+Om!0T#F)yayypx<2=gbtlYqcS+GuWXl`N&wm?WdwZkbQ|-X8dJFVG!pxvzgn;~zFX6MJ!zj2n!iA`25NgN5?fG1I8S z(FQJuuO^K8AsEtoU^BKQ00wTTnr3-GKvns(Z-2{62MK{SI!Da%O`S4T7oxh2%t3Zv zGNQveTeuR|QZ;qg^=Pfb_+gq>^r2*Ns0X|Oe8>kk3x8s9xyYk(>e?3wOlk%V>c{Bi zF_RkU0zcB*N_PEh)Z+FcL1N8v{3gjFop1wzFc7vItqlTd2%dQc> zsY;^+u)}7j*{&ajZoFLNd7*7OH%r4ZB6(VF$wa~LiL^1t;*oFvW@`mLJ-qak2T2sQ zi9te+QV*V#kUvh7hLei^!{H>qN$Vbrpo5vxNtsIt0!3d;rSuC$4~dl3uf8uUEUT;X z&Qg$#G^!_lK>Xk166lj8+l zUXs8#DG4XBdr@)&g$l|GBLDp(G~5p+i=o-Wk>Z3Vej->FMgqOh_QzYvq|{iR1mqoR zAs0r}Ic1kscS>b;j56CtVND@yf`^-NNSu3+A3=+zwjvQ;9H%WLmn9e7Z5)Qb2yDTU z;?~I$XXwPs9I`1|Mo+IHVsW)WgU6Q^537st=w2EHdUp*Q-m_MHtAq}`vprc3WP~k} zmVxNdSh+NKkf#=4LPl#i;!(u#MF0sjBi4;Uw>hn6?;9YDmakx@4s^$d|F~q2*BCS? zvw$$yI|N|x9HHH`YKseBOY23V{X95SVx4WGeIaR>&hTE1>IF`Ex-9)pZe)(w#bB6! z7+_DR!s5d-^WI-)fTW7l&^_8+H}`!S3u!lFDs$7Q7LRN79*IA+?Tl-w><3{7M_%nm zyI>;*r$V?P_^DD-iBDY^+Cpk!c`(lyG~5^OUodE~=Z^T1Mh*VflpDvoHQXle^Fc`2 zA*r4!&O@R92AV$+q9Aop)gj}Zy`q#p&%NCUmJ3OIsahs4dk`GX3_X4mI>v@)u$4|s zw(`ts5nHirR!Qf@6R>x&qVAzmhx!(k-uxtcGA8CrG{T+?{|62EE(N(GgrcT!yMWq2 z08o9_0e}Yczt@*6`Y3tUEg~Y{X;+trw-RO$N8DkMWVdToEFTT*$^<@5#lnV#u@*(+ zF=mOZ;dj+TWvSB9m_+89YZ$ohv|F+(Jnl^NYr2#g>l0-2yxG@TEzhpoNsjl#)wecH z9X^^TXS5Je#A%i`QKo07Nac5e&6Ie>ZIxg>zSFa^9D?t3!Y@PADR5W|Rgtld?0V_*R!5^QaZa=h+^a3a zZ(tdjj-!x*gPpga%9b9?7_f;r)F>jt8D0)BR;jzC$`C!o!Fjx^?b~D`m03w{sSdTD z7eRXh{MXtm^c6ELe3%S%@LXh4;G7NyoAzC(4JlI#`DN9R7}C{wx5mB%Dh-;hSkp&o za(=F!0xg+?rd=`LHziN%TW=-6V25?Jx=p=Bgm zy-|qe7>^^*NiKk12l%^(XBn~s5+VhC;)G;SGpdtVPdV;>v!1lK!`nD_9(r_wT8AaAE~IDK}laB!2;br-**j00vMl zgKM1_`DrZAQfndLrf!+gU{N&xE&tN_s)f?FFl)M-@-LiQH@MyoFjn;N(q~gb@>bX8 z(*$LWLC|nf2Buu6GWLa>MAt@$%hpzJV+{g33!Bl7uO@%nM`WQO#oN$&`&->*%NGOfk&xC=y=Z8jm-8IpT;-uA}Ne_iJOg!5x=5?w>x? z{SCP4J3n5%Zr+N!gs3Q>A3x-z9oR_Tg8D<2AVjn}+h7 z%szXA0kZl%EyM!HY1o=Hcp9G{o9)@{w5Am83!(aIRzdnd3*hO`5nF*vcz+f4=GtM` zIYviiiu9j|gX2MW$2B8$12SD8>zL#C7Y^1U9;<9)Thb7jnmj zXr&;fOUm4jd@amQ*r`vzZqTybaR{xfw)}_2E%j)3%N@Jq*(qzYPxLXWe9mzEG8tJ$ zF#ZVsrXtxF8d}~HWePdDA}2#^eDZV25o$SbbM4;ZX~@R2YWe?Bk=*|jL3*yGW1;bU z0?2)0{2Kfcwbc8|pMVxM2Lru%l`;AVx_3_iSN*T6xi39T1_RT6#+y$7-6igR8}4<6 z!`OY7TYszU6~liyfTvR@$fQ~}67JKV&R{K33_uL~mz^^K12>!^?O^qwy%3p0;u;_y+p6 zE&1@Nv`dZrcQz1`wMj>+syMs)M(snZ-c2GaYg*R4@m!l`qZv~sst^!RO0R?l|Mw3&Ro}OIJ--~ibX1O%)y9cBsD;8-8 z#^1=K>*4p&=PgcIr-QAey0M}~z@>bHq53XU{7lm&u2!zUzK%WU2_{|%czV@_RNA5~ z!aX7*Yq`$8mT%A=2vm*`2#?z>{h zx_yy^`s*BQcy==_O|w>YRk6*9|Dl?PjD1msF7b#`b zIBi;Hvo01N+rC@L*TT`$6zCa-{ISAR0f|eUy6g2|kwpB8I8Oc$1iAP5FswxRVHx#x zthAs57Qzy>bmL60S17+teE?>4Z?q>-*VkmEMfk#MOx{tJ!BnMFs%<+H(Ue>)0!mCH zZEj(lB#pqmJHJ{d* zfK|?t(X0W=i`U~MQBG{0D-MK5Ra%w_BLs!)j%75)Y2#fh;?8f#mDDE7<%fwyQ(SI3 zC9sut!GP&=@ZmzEzt~PzooI^L%8E`C9tQ1(Qo`m0stpIvQ>sV)Dv-*^UWHdKacEi< zsn1HQ!PuGCZuvbQlzDZ05l+I6I47LjauqVJHZn}FlDvn_=z{MKuLZy(?e|WjcXgmD zYMN80>D6+f)&t0=ZHYgvF~bWD3O)e{t7+_ltO{c>C10)T>VJ<HJtaQp3vfDQg)C{O2yIY~<@i*8;%GY=>;^-(m$StWDZf2G(aJC zSk!vfVs#3cnszW$W>E5T-XIe;+_F#pzr5Qb!%dViqX5ia(sCV|O?M6lD@qrRWiuWIRx2Nl zfM)gSV6ihg7`{mk8yYRaEuV`lpo9`z49N9`1TB}dzpYAy3tBN8IH(J0nys-?nmGmC z=C;ZV)`fgfUtkHe>g3#UI={8Irdxdi3gZSIOA08{tZU+ozCs8VISU@r z>VNf7N+g|3@f=p1wp@Ei9OT#eENZCvq`j{WpfFl0SgZ*f!cC9(gxG*MoP+4>H`xza z9K165EbkRribmK;iVEYs?ctS$hVHcRHsfA_^>b7QY(^no`f8+ECBnw2-k{4ZZ&3gq zAEmwi)CjdIu}ott4n4j|ZooLN=Q(va*TSk!f5XSREKljxm0JH3NuAI|@1botq1O*b zFr5u<#(2LQ3(utA%Fy3sETN^l5Hv8A&Bt0x$f{tRBB*mP_(#dZT?=F4`LX2F z_pRn4Y^u3$7}Z9P0<(_l+F|>B?f9&lY>$OiPF`5lXTPY=)G?3KKYH7&>?~v(cub&< z0T~vR7X=eH|LbI zCeE?cRa2(hjH0TnDwM=Z<}20TzwD&L=>DQJ=w{{&#`p?AGevJAIS+V~FFl=opB zHlTEFtzfNw#M^l#ydJ<4q;tUYVclevaV4g$DoBx@xf^_yxw=I|%D=o-Y=m-f5nLY--$159m*>JIJT?{CGz+eugGJAbN3IOTU?};I)Gsl~9!&o;9_|cja zI`p~s;Wz40op>qFSNBR3upW|4=_(yn{Ig;2T^5k?4Gk*Iyj zu+Ih!fC3G|$Gq6bm9=1@k~=ccU(xB>W)X(<%3zH2T$ot9|0bLp+NYyWFsaLIE|Zt* zFV_vl<%r`S$-okUefoDTEB|T z1n!z$qPKrHSUpKpEDUb7MFfjS$`MV14?UcLR59U8D*;)2yI-=DSL%AJ9l6kPx}vuT zSx%`wp-<6ig>H$a;=ARIxhu=?mu+<%eahj7dGwcqfo5z>@z*zSSe}yT$l&mAak%t? z$f^s}DTF`$(J)uZ#|kC0iic*+DT4AQAS5VQ8y2j00LQ#QpUgp`aN$#i?43wbT1$xE_zf>F3D1ksKT(rOWKZKYJxtDxn5%_ zep+-qN=zMJyF}BM6f}&%tKB0HN5kQlAQr@d`xrifUafA2Hx7U{PYa%xgMpk zeBst7-Rd?7rAoFGjcj$>MC1?J#&4%@d5*gUl<17jQ@?uVq_0kJnQH9II6-=4;(+u5 zm@hCY2%%xTxXx<0K(deOsuJ*5T=@yecjky!#!2`4y|8xus_`r_4V}oL+G;GuQ*@2j zXVsknDOoSr762%}jHu1;xbAJy*4oV?JPgtdp$8k#;>ZX2goyq(y%2#N4 z0lE3JlG6T!M9*HqW80E#?9{S}5;K$IwQGd#`(=dMBxcpxcdY8^(0KMZ#zQ1Q6%>3x zPPKTplYT#G%1UU#Mz?dMg13Fx$dB>D)>&g#3QbX;6nhKjtBpjaZxUYmBRK^ib|nYj6zm3K$#6r76&WiP89B z-~$Otr;A^jS+`FU!En*hiYOctM6BD=nD5zXs9sxR$(_J1ro-Lxz)hfq%UZ~=$`H{h zoz{}}CyXug<)u-jNP@Vgcq#mqL{h-M^eaekXcPlm`Bc$HT~ENVr_;&q+tYp&+YaPX zwL_tr&~&o}CoegSu&^?)bf%s>(Qy6Rs3F`|h3cIo;b?>G5((CtNm-$BQ7 zY9G&ISM(FGBV&+6@<^I}^X+cFGyA&jUAOR38>-)}^J6~QYGP~3J2w+Fr=E%ubLI$@ z(M6rM4?-U!+wf}AdU{6dlLQB+`8n(Qntm0CJ_NXXI;gzLpldPYJ4FnUstR86UDkTFxIY zN`iNUljrcqwha5gY3hrspBPRrjm_|h zG5&OXLxC2=3cx3_vQfT*Cnx62;Eau1aCzBWXb^y*n1M_u8* zaZ(UEbbT~jcvLC+nkwqO?8sws@M6MxB{2f}D(6r=d}!GsJbi$?NCk1w5KT^G86GOZ zM$TVcuq{{5wX-O{9?!E~)zC^3EHA?79A{OuA9Z<5y6-`9Wc)(0l22D`19qxzkCmxF zTSkVqGOVZ{Q2|0nuDnEt!Dtl?^po#6Q@+C`C1jY+nPjmYJ(6K{qS87fvN37{xsJo>l+36nb@^D>X;idqWVH`BK&_g(fZ zj_dcIjS)o^T=KALt#W3V`>=9U;%^NZ)@Y-KlQ9yX1OPZ6$PjqpKCrY3D3zL(f(T`w~-;t#P@aJf}`r-_kE6tYc}~ zlI}}ot~vJ0Y<_Y^YXl;y&2$t)G#Vt8B3M~BQYxmmhE}gqOh3~v$;AQ!^H$zA++Tba z^B&m_&cfgwVO~-(^oOp74=|5bW0Jd3o%Q=umNc%@@8H@C#~m?FfUM&lP?M8jaeE^{^9pX|&QU3Oh3LW16B^ zd32&;d0ELJ3~yr*UO-(k`OuPP(TY`BQumuWPYLOVI-OQB;W@?D5s1Cc$=rV0sRu_d#wXupnq6+y11K<_Zi(fM9>yZSbXkRk398)Di z5{|9BX;FdTnrn2rtm1}?J5tY!PnK39=eR^8FNY7mO@4k;inZt%;}9k&TyZvA<;v9+ zbRO9;sjPL-Hb#(ta+;`uNu3)lfssT4M}jM93rK3QBF@pI5G#dzEcHjv|e`ShDyv6^)yH-1DZ-;nV(Kz@rDf~vB&t4K?TJ69Rj(R;M?FE zr-{GdTAQZg84EObXb5gmXWPBe>)3C@uvIolME)&ZaQ1ezqRREgr;dbXjy)%*cmMcxzb~C>}iB-Fx z=sCe%S_yJaON`&NE7Hh|6{(7}`KHvmdBQXxH+X{-A|h}a%;#@C?mYQccdsE`s(2V~abEXnIt}Dh9T> zGs1RR&?InLNC_YanQ*1swv3GH(|T!xr?XkR!E((Z!@NbSL31>2K-|fMS#nsEwUcF= z-YGf|LDef>(cmU>V&Vjd!1lx6rtbL*B8NKf+i|QAo%aqgqh^xV4xMjxxM58NQkNHwu%eo3DB}=QSHny1?qXAniop?V5Fbbf z_M>2u!;LF28_m-~8Wpkj1$^yztmss&xk(gpoT%-rK6lTB-Pkl}5i;1ZgteV6YiHDW zQ6VO~7qOdfu@9HH#K)0idwo>qa5l%F_arw7#oX4{O3lUE)(UfhQrluTUO#8>rAD%f zILmWPkdw4+SMwB&u{YSa@r1s&U$O2YT#n#uU^Z28E#k+C`a0KrNWezH6TcmYD{es| zs`a9-(fzWX*+#dUaHXcZQ|HdUfyLzljjK1bF?pGllh|JVw0b!I#HRtjvFSVVCC%;H z^01JOzye>b@@Nx(SR46@+#oaFsF;hvMLRZc=gruoW`?UyCl#U|KN^+=5Rc9$N0JyDPXI z9+q;wF87)ftt7Mso`Bo@hK`EbM*^K|p|raf=(obrm9GyfYma>$_K+*Mw=|1oDX*9o z#%|B*p8(rOOzQ{1ySLZ+??&#sJYS0Y`B?ZJX!>OMiheng`W0F^9RADZ|D^(#@EFY7 z&DI3P${Ag+l+?m5KijQv8z-{|Dkk|0J#Jf5)n5F#oa8Ylp{si6^{t0M$|4MPG=Ysb)Yu5a}&C-8(4duVF(IDjs$aw;u0OsX8IPoVShQ>?J z#6#>XCLnrs?tXAx7fbWApTlna#p)hZ8;Foky|OUpej5 z<+mNltc~+fgZzJ93x4f(3+Go%wno~)$h7*eB8qEpJ%isuJ~@UL5uX^Bq;|*_86i^A zKr%C}YYE#ysg0_{~9C9(0{VrBn z!H<|<&foUN$c8PNNS#f;w6WhB`z13Bf0U)Xf4)u}^FockE35HDwFFwn8df^KX5k`6 zqRRe3l>}2M4TT&ID@wetH&@f;Ev37^cNpXY60{|)F=h=Beha5f{U4=={?IBQT!$Y6 z8smK$QDsSI8Ah+MND(<)MoCe}wpc4a01e0Ae)IE7+*@oxX0B5~-gviE{boUXksG;8 zpqTJ)H@8Z{-{=$FSmV(>uj`Z6h;!Q8!OK^bG!23c_NxO#PM^ub^Mm-_lX);d+D_gV zc*m@w)cmTE+8y~Tim0GQ8C1i1u)MeSW(O)d%#x(;Dl0|9pazmr&9e=VGwk0&2qi6Z zb5k3TtT^VbAc+E^Zg|CvzMId*PA{S0@+(0llwZJ3W7}pj@QaryCr2x=S9IGCAAvq* z31b)r_2&n@7L~IW74Ak92BHqCS`VnU#HD(JUq1Ky4>r(q-2Cl_I~rSk;bwy+PIk_b zS4KmZq1J)4(jEosU>Gym*HS1u;3%63L%$l&Rv)-62L3F9nUt?oPAlyibkjI&b@DHQ zs9fzcj*wSB7YMWKlO%LhRs_BW&^~>b&^QfkjnZxnn=)H%2Cf%Weqfv9kIjPmzz%*HMMbz;6{B+9AS<5TM zsq~E=H~o!Q)BiTPLe7g-ch4{R{9PeOEuHU6j>*heztqq0x70~{f7BilmmHuLu@9wJ zCt|%7hXy5d;)pJJVqg*nRD=9Se~6P{X8apHo1E8#0mPY8G1II+Bp7vq2N?z``;!q8);+qJJt7b1~%y?DrL(z{tuC78T&uVuJ0DV1zAF` zZJWxQB-2WE(~-ya?M(>S*KVmoAf4bD!wa{)hM#MgH)LW{Jv@#F;`Y9ow{C3MMKHi%G z(vY=V6f^urS*$=ML#T?RALZg`TL;hgDn1}~3pjQE@}o&fKx;pSKpc8v8~0n+t9lkU zX(J3k_#B=+jtV?&#C{zEVo<0vI!EBPS&u7Vk{TN<-L^s*PO>UJ;?% zP?KL-?TtE@7RG4G-GdX8Rp2u=)%j>#oQFnC36Y%J8TJ`WqiW4=v5W%4fza`+%MUq) zv8e3ouSvpePg+5n&Jyln9WXeNnDpUjJZF&!%?0If2mDNf)Tw1V`wXH~L4oNqRU+M# zo33BHC_xGxBfH@Q(#AtcgctJJ<(#ednXuC!z`haTa~81}9_8#Db1 zYSwKSt9UtE_)m`D?qZd!ys2N7xQEl+2KcM;Nz{4~R$=|I|Bb!34r=rJ_kAM}+?@c$ z9f~_`@IZm$4#l0|R$3a|-L+_Nic5jwE-g|lxD>YvrKNK7-RJHzzq|L{Gw0m7GiT<^ z`8&yzN7l2}`pEnJnu#3RJjLsRYhsj=QxHL=5h>D!(?x&!WYmQM^LKt10}n_1qz`d7 zriS@%|9{yy{o_6Uza*kjdE>9K9#)iw40;KZFZCIx8{B=(-U6M2@MyHyrVp^2ghNFv zFlDIJYDY%{L6j${YRekrccjU=ksp1ql>l=@*I=xCB-+_Pg$ZgXX7(45{0=>2>9$^{ zE@sD_!1|elN~Lj6S~HxJhmyP67B|%k!oAlzHZaslIhZxVbnHz|+yu))5vxkxIx);< zzko?=Pcj*qIw%e2r>!6a{v9omuMz;=c zTN(?Ukx@WblM>KVyv4@X8Ll}$#+j!FL)`b?}7b{JhN+(5aQQh_FKN061D&_VK zkNnxlAcF>U2pVi=pBmnl61&_OAv`2OR~a2}*R-vp9lyaZbwz~BCMF%QR<7Qw>5)~A z%F+;r+V1=o56dRJ=p9Tt^7N}`Fh7Eue9JG^>veeSMDTcH zhPe>kwf0X7rDexummY0LdJovE#a`Fi2t?NpmV_`P=!oN26F!!Gsi9*3z8FQoh*z}| zTDpDdZ+)JV8JVfheQ>}SZ!siWP+^~?#7X?rdsKmnAdCVK9b~Yp?f@~Yy2z2yUL$5H zZxz&oLn(9y$I?HR`7@^Ji!sBZ;@Xqjkt4Y*nP+cqy8&^dGO#zr=EM^mlM zBnNTb%1BhPm#@H zjVRzuBY~S*L&C*}uJ+A`B5PBg#!M;;7l}TiDt5Sc*4R8F_%;J^;5Sq~jMK|hyqjYQ z3{qY3!84xWPw_Z(_fxBMGtcKuXXT*c%mHxcYkVUn!W`;ctBw~$A4Vg=vIDc$bHCRH z(=YTz@EKFMAsgIz+NS)JYQR(gDWQ@5+e$fcvk1|*sw7*$_e4bp5)ABgQ+P(wF3WGU zUn@I!jBk27&qCjj3j{LOE>@CtsEp$Txa@C=c9y3mhNkOzpIcx>V$y7Blq`!Iib!if zH*+dh8L%*g-u7`ww1;E5br;?eS=VJ>>>i75hDNvJM#;oFu}!FieAz>M0+j}HR<6}w zr;hj_#){!wX{-m`uA3rK`Zifa@wBB~UL3^W8*GOYwTy6Pra08%K(Xet4)wdnLJHW| zsL@el;DAr`W-5*!zm|N*t_PkxWd_oo$m*$rl&YZ*?&p+vLfo2Qo3lrYnONO-ECWIe zeEqb4p3uZu-zr(yCAbQK?_#|(Y6{*I!JLNls{QA%t_5lk(**8O2Cg+v_-tJ3pM>ZE z&1)}I-g=m_?|hzSE~{d#>GE;7t)`v(jBmmdSpot9#EZ##vo!oTef8PH&c`_|Bxh** z61Sfpk1?D#=vQB}pRtxe#NsI268mxE%z4p%3mT@*J2cwmSDkg-__UIZAODy$z;Ng= znqsaIR#pbL?1D`tLWW`Nwqq$TjurW4ms7OL!l(GIg_RBZ(W(S3X|@)ae5a8#$|rF2 zn^(tMf%{PBncZ>-^P;g#bF^)G5^UUWBT4~Afj{)376bum5)6P-v>fdZXGOF2%ExT# zV2KgPgfn9Hxr7YDA5}3VbonlAgYzR9`GL6rFVcX99@f!>K9&x&tL3i%{8TpVkzNBN zWn&TL$U3%xhU`Sm03ZmmBbgxXT3N*~zCbg}Qsojc&lb?JQ>R|prI8rip@+8)l@RTR zJ#}6CIMZpiXgR0M;^E}RP*bvX9j$9fD8=h=1fV0kfhdC?qZ*X%H(C0nZYu6{&F?D_ zgV!N=cLFvwb8C~8Z$=!?YeDWT&}#dXq8JdACH0i_{VzyagzsWy*B;K9a%f2d(|LRH zjl%X{fYhI~jrwGI*ojg3Q>Lv*%5v2KE6aOolrZ+`#qt2R4KZs?yd9;%ol-HYRIO1R z?F%If8RixU((w?OG&E%ASG#+Xvow_YTzdv@DfeKa=!TQ)1#d$HL&#IZwvzySGqTda z@pnFZkG2(jid280Gg%6G%Z_kpr67y(4h&&UQWM5rE>%YFX!9n}=YW_tj9Q1Tj5zoi<2@5~4KKIO_1N2cLwnxFrzuOgQdg$8W-9#{ z7ne?K3iKL@S_p$FhgsY`wrPXfrRLE~0ojWMmpwzkW!p4?kD9w?(2VBnV!+h^laaZl zcl$OM0*V<+veCTjz4;Ht2E{UOmnJob7=qd3<9Vz#e8PUoM+pTMvBH&P7s#-zf)` zHLzz*_uJ7^D*O@wI?MC{@RA8Vft+#EDhn4bYf8J=@@mR=TPG>O{nFNVv95tu6~!vZ zCl=4xY}nYr??yk!8bXG{qq{HUapN*I?b(b1CG1emkqVPQNf4mqm1a4T47ek&lsaK- zSAa46q8mt4=vaH)P4BhVHMrX38{yoaA#pf+JMs}d{*~`G=ridpR#7E>I(w(Nt8E%F zeFJlVKzfo82)R0)Sw%@Eg5tr!9su561M7JxOm>5vB0Y|! z;fq7j(v@WRli!4Pa?eLp+lQI7RvjhP^eD!^V-JPklD%c--Fy40U3xp9BKbj|bEh+B z;M84DTIYuO&zz9yULJ9B>LbH8-k}4Hn`$!Uuy|Y=X{;sgm~ddkm4vTugrJ)cDyQu` z;f8v((%=qV(=l@cALLP`qtPw>Bm)j7uGfCCXZ@O4dkbDV4fHpx%dWw^J<@`e^%Jq4 z!7SsrJ4NA{_yBFs5*TL)gd6VwcpTq~y4~IQZbc9&Wsv~PmV9}P1wD4J9a|a^$Kg?ph#zv6B}qe$=TueI)-Ky~od&d?~$IWLn>oWfurJX#9(V#9h;*}E%L zX02`Z0o(_Hp3-!N+m-L}w>T*11FWV2v}ypW$vcy4)BHGxbz)COuC{`q7HvR^{Xp}@ zB1l3Qm^a%5x1fZxEnAiDVYq$b8um*g(jNs?B;D>#fIDKFfFw{Kyeb-)ou9PWQu;_X zM5BhvNH;)v`E@A{!%akyirH3z8*5pV^{6P&h?}882rr%c3RD3Cu-fJz4TNOLg=W1^ zRFpXX4A%nJ&r5)^Rkp3u&W}lV_@!kDEN83a!!>jF`;0OYw8|vM3Z;SxPkEviT~Lmx zvmf0@yO#rU`SV?h9F)UlpLF5BK)eSqEVto~_z?S#^XTC9hH2QfIF1FJx6Cz(VZZ2* zOI-ip3oRC=X)ka0F`w61)82ra5GF@9uRkM1XNl4d`LuaiIi^x7zn~luQv3!{W3;oF ztNs!$;$N;ca#8r>Nsp2`MHkU@Y1^u|2bPHu01=}n$kz1sC~4_3#r$%vzT(`hBKB(johvX}x_U;E*-8 zlO?i@nHd~GECQmtF+O=0Q-A)rB+Bu0xi@)lulHF6PyAMf*k-8!6SF}7rPShs*NEh$ z?Iq))qiEUc_uy|2-^~7!G~HtRhuvWJu1>>oA&qP15I!)_28KSGzc zOa8-d__rT%Nn+$XK`9t?gG^tb&GK@=!V_5b2m&Fbi=>@lYTMnWw{&) z2Hi01U$iHOK{uctKiXuh>BpcOgf~@#9$?T7(Py$F!5DOdX6Vbevih$u=mxvDiPw)Y z=mw(Yz}SD#4Y|MW{Q^*bFzAMHf4ZGe47veYe?|5WibD9u?eT@yZw!he`BZe^HwH!V ze=g_$Je~jVgH1=~q2rj#UqFk-X`4-sU#kQu%Vg1fyn|X$tBwx`k5c`9BEW0Z|ECk3 z{)1yPsrVAmv(_h041xUej4=qB1w-yu*k*rb<6Qr*?pJy#m(y0@ZzZzfnhYbxABptBj z32r+#a&h1l=k1IfMOiGz$pX^2yrL}Udt5n|ZYxjxP9-*G7@p6g#N4QH*j@P;MQIOM z@oTFo14+ZJ!FFCw0O^|QOLHtj)^ z>Y%GhvzY^xFcA=c*>u{!V4@4LDI!=x<%>+y2Ot)a%RNgH2FW;!Q^ z-$NUJjd4qv_%K6sB3GH&MoPR%$1MZ*OvY@5V-!~aQbI@Rk`@5?2I$9~liaS?fb;p{ z2y&+6s@XeY)JtV>V*4$J1N&(J%bo{EQT6(x{pV#KRVJL}k?1s~Xl-|P9&T{kjx0<%v?w;^{^~6Vv zvv^EYkx1HaK6%UdqTn5@7FqjImyot6QW?cfLq`fAG=5xx_q(VoIwN3$a|AEq5%iL| z;Tk|_S^~R83YWG%Jywog4yZTJUv07Ji}#sYYq}BM(ad>zaTz?+baw<{azFQhJ&f${9Jr zw?7FoPbEJUmJ;q7(nv`S4oDR0a~}|ejVZQ|wJla93{yz+ybS;-%xtm;=4ftmmPxjM5j^z=DFt=S4DtTyA{Dw=!lS=A4pzSQT1>{!g}BlFJ+X zE`v_KbC1tWTe^w_5~iziw;z1?^a;eyz8;DL&<}218BTya;r>vKCU=;BF)mH)a(NuR zg+*3-Hsav#v>23qNGgUjA+{M8<_wHo?ZFNb>)g~Zt+VK~tIj!A2PHz={qVS0kJ5$k zxq#fCBgghVc9+2UA`tfcK3~L@T6`&&339b#FKNZ$=7cMXY z&x?+JOWN!%@Nvb8_z1WcoXP08lPbtawAJEynHNjcT96IjGi7&Sq`;~3tu|R9>Sn>N zT(6jf1RSullN%;`iL3v-cL9Ic4{0}jUfCBbtfuF?CD*BW&$l00q-)8GBW zpov%H${V$EfKLYAGYtDU9>Xa?anwQr9#mFnRct=T(RZso+@}_mTN$Q?VG{|XBXgN- z9aA~d2eB9j3DR{P7G>cT;}ZI*HlF!DN&SowAC=MZ zqNjpFFY*xu&&&mc1?3tb=M$HIinj$G5%`F^M{riRx)zVQ* zfft6(gtzYHW#{IsMCG4Iv;7!CT;#qSn2ndEBU(TYl6W)#p&*uBr+Qb$1#8qnReq&~2)3IQDBDgHsLdE{Y?Cae3r<30SG*C_7-H4mqU|$Qnp`N(P{B4oQmJ zyw1JOV61xHXms}A>&V@}HNkO*f7z2r#Ddv8b|HBjM3c6Hc%+P$^swV$&YONH-za>oVM|+_^x+>B3q#Z27P)Ei``MP*QzJf_KD#sEZODCJ96a9ZA2Z zZ)G@zL1+`qmeshnhKKp639XpMc6^NGRT3fr6@)dPIRW_FF6|5&*{Zo8`#Q-6mEO5q;oS z4Uo@b`0=aaWhw63c@1F!W~#4Hu}mG#pwbWXDIrNDWXrE0)?B!+a(quD@tVp-dh}VZ znCy#?@EL6o9$5-ysR^kqF3)(JIjM9WRsmLx*Dn*i7YsBEQvQb1g-0|QzBTIzqWb~) z65eR!hXMYF44$7}Xrw%STF-8um8UU*WDh^fT4vB=pe~ znvj-(V6va&vUvCwqIv#*0mqN4nSl26^KCP^6>hfda9e4(27mfM+F+-Ypu{(B1Q*E( z358=FNaP$T8y(T)4wc}^D0sA%w@-#iNN;qZ>fLw`*bFZD9+B(R!|*YTig^oClGuVN z+2;{;RPN)_HS%nop7BVq>12viziEgoyIERITy$p%K3N5mU6XzlxBUgG#RMakjY%w?87q|pEKHNE32g>Lu z`MbFpB=N?+oNEv6_8Z#Vq8qM}EBy+u#mJFyB$Lgb#Rpq%b`kUe_$qe z?tsqteRyd(|KY{siq}ZJJvdzt&dB)b3j>cYD6Vdk5fzNGb>CE(624g<)sz_zx5md3 z!MGpe<|1hc?Pa>WN(KFubVnx9-=pv3UX>x~c|Kd4`K^Yi{r;$FW`y16jK0=^i)rmP zd`&b;-l$L#R3QdWRqNXg2!DsldJibe)M;diJ{DCr5ep>)kRUIZsZ`sdQ};!lr0lWh zCFSRC;Aj0}LVkLad$0Cjwqi-5WUnRtGJ}OoR&V#qARc*3oltYm+v%#)RPzc zRCPsZzQo;x?NDwSY9w;BdQ{A|`2_rOp>OpffifG#g*!JwC_YyR3h7@8Cv{03DEp?B zu#>6|f|0RdT`D~SWzd=5XT_Y3+V|TXXK^2koZl6y9)-9mOXa!)a3^?2*}CE2YW(V) z;8#21{G5f^X8uXlyM=%=WY^)j8|O~CqV4m!i1bi2Lqe7Jaea#kL-b;9neF~pB3dm; zM~4)wK&@^|uhzp|n@ikpwp?YVlfo7ND%Tqje>xJJx`BDoZtjL^VKOyXohr#wAKUkJ zlRX(dM%y(WylNj&$hYT{-(f~51B8lU$~XuSkhsrx>9x3CHUEY+8wA*=+D*wP%%vD} z>YsjT$h2KJ)jv>?>nO`{;B4x8zGmc7#HEoe;tywu$PLJeL#iQP7%Bn*7%yKzt)5Bw z3JljxkiO^z+gCtZ8pIBIvlm|9py6-7)vYr(_v@Kx!W3Ycruw9uZq4uk0 z`~yw@6IS<>ANnaJ4@0w+*B*SXdH}Qf%^%nD_)z;1vhSxUh5f6k!k561uPvMte*sxi zKSAG5?6olM&Ai@Uv9A^|?IHggA5Z|>6=ZYX{|?ATJ8~PvfN?W^#W_BTx%fXTwWEIl zG0vf)Kl@(LKXCi_i|uz^=zq@y8NBKJ_e_vZCw7LTB?|uCu$(}|{xQ1^D~Q%`M$rAs@qVtf85Z zHs{CZ?@!e)_!t`!?3+Va*r(G&>`#rEmXP|b};+!ZGijr zqKi>Rq2c|oQs;OVKeq?Z!kLdcT|tOegL60J$AKlr^D2Du0IR(1fSFbV#4N>BO8>zi z2n&S3gjTMU5eXvi17(UnoGwP2IWYM6@Cw1_;*#rmIksqjgAHxOjyS4JjJ)Om{<~`Z zA3X%)v-KeQdIF9i~+=!)+UW(<1j-@tH^G zX8j#ctD<6&Q{z+8iK)p71FLF*2~NK}7_36aJ0lY?1_0XwutH^OoPD3*HZQq%fiV*V zph7AJC&IgQ{h`EFzw2;TOa0pFa?@f!CVvEkS;zI`B370PfZMtU*Ea465&#&0fa)zQ z{^%5E|9;0y4>nEffOZI~C#WuUm8Zva3B=|};M%3T-lV&+7K4FpG2EF#3{u#bG=lU> z=#r;GH`J!vQ79oX-a6C3!q><>m5VdO@ij5I<8eS8L|RRin_xV5~cBAB_Ru8 zqItxjk!WCA0Wz6yP`PFnP?#vQGESpFP=4Q+6#>ZlCf-!9s{Rfd8M%sk#P!^TL2Or8 zct;KtpSXyIka_tN*`d#=!9_Z{^|m~;#6EG_?wKXhN~QKMGr(W%sFz|jAayqwj5k-HB+!c}>!o+kBp$Y1+)>)}(yp& zZR>LWYHIH{!gHpj^zqID$qgr&CHk*MctC1M~r{pt;lPQ`mN%JM4@ z%0y?U-VHO~Fy*p0%xqnH+ll97gcoz72F#=iAI`=wtpMsbvP%id?u(IQ1#L`VpOml` z{%O;p%Zmh6YL-9?8p8;zf}&>+BH6j|`uB}z&bv9$nbhIuLGPjb!=fZtuoMpSs%58e z-(uONjiPu!w*#`Xt9Qi?1FL7C$>f{laIpL*1ebRLTwzxqo&INI?tfd{sMC92r9PVI zNB2+j^X?n{1#H$zz7ce*am-Z7z{p+l%|m{kJ>AWEV|UWu?DZFr@dN+MR{Xto=chl` zZ}+V@o@bUl)Wh_;6rXwCzTc&Ov)JF(@9^;#21*qERr33C;Gd|#wUq<9KNYWnp8u+T z6Y%fT^S>;s33_L8?!F0&Pcprk*7WQA;$3M^D2IF^xY*j1m10BVJ1FiCURCLTb+vuf z-E*_}$AKe6bMxudvAl2_R{|n!#5^ysg{Mv3KR#ZAGmT6+J}d)B!ILH&?+%0kq?Ys` zb*Iu}GelQ{f-6WOIdv9ZGK~Ue%Y)>B4|rE1fX$aijB9MK)TY+VY=>?sE2>mJzjqpv zCVp1X!Ay&3 zoda!VJ{4bLj4}*8-fq23YDck~@=bQRG41+2ZNqVy%8M)y+mRwAen&N#5K?2ab?XXb z8}zp^ScZNTps;PhSMhC6#QeIH@S!_yjNpV`vH9%lqtMi}Ay4Tk>31M{GCWkzPox&B@Bv&gvF{mBPjGmcUC&(U(Sj zdfnDeOBy{NT(_3lL32 zn)k(`AmsM2Lm|pNX$DH+2>anAu4r8kjc}XH;-DiTHG8X-*$(~=U+@iQf;*Ao+@zy* zhyq!N!U6(?5P0?$g^0`T>ZvtDYv4t&b!x~gcngwjHg43V2$quSP{08P+>~WX$(pin z>&z0xx{cc$1w!)a-EkcnJp$=ItSYdc;ge9ADnDAwT_G2zi=(D#itBn8q0*+#SDj;2 zsGx05WTIq2j@RsW)7GMq8B2;*847`wc}YQb1eM;L05Gf-zazrAK2B1*yKMIoZX8Y3t8>ZM*bV-flH=(!HzO=eB^+?MFC z;L~@z4Zh{q;US)=k4C)@88sK54w?J^{wz92UXI{7a_6CH)PcbO!!|{l}@C;lg#06m~9LsHKS#)N5R3anGQd< zBz*2~x8$LvxK!r(!f)kT5Ns+R7&H};VX@wz99p1YAc9G}fwTEQEGby`FW~2FiVHdM zEHhDW-i8Z4^7p#-A4z+*CRd3oc0pO&pG(Wj9{n}GIbD-1EWTKxxoH?DNtN0+b4$@Y z6EOX3?hA=P4^l#p_mN^HK&j`R-PHr?8~d8?)Cd$H{=(D*?&<=+E6N$zL)!WUkOgq{)lJHtJH85kYSb=3`opZlG=USJ&|GQD$>~d{Ys{LSHSWy_5eGd8CrHY3K?Ps?iZ#oqrIPu7SI2|&Ed@V~Dyi;|}b z6KYbEKS!e%!hO5tNb#Zv%>?kGGn84H9ybQ-dHaHpzPrY ze!q%=~R+R}C zQ0Jk_+fi_8ZB+zjlSncEgF)K(Nk(+6n_jhX+I>fOQ~WU|@C=j5Dt6Bl7L+^~oboH^ zAPI|b&TCmCtDZI$TF}e!IOOtXjSC+8qRKT@rbB{TgZd~Wf@B*3yCnToZ4Fsp4ukqH zZ2^jhJ0QJOtK-s(vSJ_1)KhpKQxOGN`RL~x3kSKhTzz;x$o3XtoaQR2i+~OIlT%ut zAcGV7q(q%RO@R}Rbq0yT4ravz%stmLvRcgQ+cr&gx}F!rn7ckgN_<2%FNaVgGL-rJ z(JfiMeNEP8HX^7lU;`T69AU}Bb-4Y05VQ3 zg%njHYx5_XWQ1&;boEf?$3{>>eLm*ADRQ*($^;p^)Uo23LH@+p+_=f$*y}x3pcWju z7=MUS2mDv^O#w3JSF+RF_t+1wh2Iz_`~?ty_~rEN`JKtD|3>QT-~MCKU!(Tj;SI0x z*1s19{^f8gHG;X-?Jv`ebTgA&y^SC?N^xo2mqOet5GDrYM>6k--;bz{iT;>MG(6EQ z?&(jhpNxC5b+a_-#bnCGX*!MAaPad*x zZ;4|Y1~q3*Ei zI3W6CH3M3FDGI)hC${sHaKxLzI<{I1VqnvgXCM+7>%G`SeDikN+J$QHu{fPP)JOf^ z{`1!BU}BOea`r%;sh=UHUx3m(gJ^&d*c7{LqsZxTZ_m+5X zhh(6^1WF>fy7C&5{)ojm*W$Z;>5D1z&ZtWf-TrV?m&$%LcjXLmewhlaB<@K!KQ1i* zoecHv^3~U!p>$J8Ah15Q8T^@qhuwkXw59fo*!l_KdgKCSxBqa;C1&N9W!Nsxr&F*+ zN@%}jaaDR5?U{+#^I?@wgPkz*ahCgZO4VYM5_4GO4I+Ju!BR*U-NprxzC=MNoViWm zzCUEdg96{);3Zevw8ixzJ*iR>>RzCQE4*RoRJ*zK0i!HOb>R=v*p4F_cjxSi!?62z zh+2?sDpmyunTsXlF}%__*x0NdK{1hr(9!?Hsrj8z%8m1kJ|&R-sBK)eu18uFaYVp0 zt(ac0oUpl+v?z)#Eta1BwKet*?OjxIc;-SbAw{Nbx~n6xSk3GuIEs&T9SFE-bmx~T z;%y{nQjisCdn?czw!pblpm74^ z{xq!Cm}6q}cY~9e505I`(uY@^j)RnUV;(D2W{NgaGTZ?R7aLO@wO59DYj_;;*>eKi z3IlTm0D(Dpvf(*hdS$L7d2XsFejB#{k9U-YXKb%bZa2i=MV*W2O9~8aF}6*29pIOX z8S*6B;j4$~=^XMpp?8q>qZ7nZYt2?Y+{sCWnjS>h%X#7MavBXM`ZWeytT;5%4ZZFZ zkMRsm(c5|#qk^)8->c-(lQKIMGI#gUSvDTb$K*1u6?z~=+w(_Q_!eOi)k@;7Fk2$w zDy@}9K@J;(&~I=V)UuxG=fH(qOk8}J8S)A^h6kD z$IK%@TLVu>ObyE@#6rhE!ZE^U@QpId2!Cl58_2#M5ysvYHmnpZD$C!2djH3qr=T;7 zP);eY_?K$-+SsYjRF62ZnBSD%NpG}2-;YlAo0{BC>X-+qTWD4v*_g+1U5QtC5~q^5hslaJJ!{TS3GP}< z;0<;udVhGus@!W_P{B~A`=Uj$c(dyvQZX6^*bpr|a4SwF4rO@I_f&W9Xc2Vd3u&z{o?h?L+ow-=5*G2a2ZHyKO1yAFW?@==(7gz;{<;`yN3dpN8+6ZfJd~ zn7HVzCmdwDBZq4+3Gl}zDUoh#giqlM3Gf<>J86pgcEiyVl_TPxANfi{{v36b2~LLi zLv5%}I@n)U^mf5zbxBQv{c*#Q`PLAYfK0geWK5u;gJ##fe?a26Fc39dPG58|hsI^M zblsWP%`CJg#gi#W=a&LX(n!$r^rU}Vl6LOnzfGDzi%3S4Xd7}7#+Mdkn(($nu2$Ql zSmM%;7&M?Qbik9BoQZDLZPQ?jiwxU|t6s(&PIl~>^<-K>!(kND@^!bD#D;C)*kj#fB4^djP$7{`Bjn#|ykR!*BNMt!}@Xllq}wKJ{aj%UuzvVm$DT6?3MdR?VFPOMN^M1zmPUz($nvl*y7QsSjwjr#R$ zgsnh0&s*%IUyY&fk`c`IYfUXUwbrsYN=^SZAMZitbWDg6@{+}%ar)2Cppb^&&EEIV z7^V)QI@q+0Vr#JtF3I^mz7R=1|GZO-<;9S@4<0Lvkk(d{#7M`se-XJMZ+tDBS{*W% zgRHAfUt|vVSUgu6tbE56zQ1txUN^h1+!j$cj7It3Taf+A%VkEU-ps}3yCF17Sba0c zHXh*A0T_IrOS>-2C{t*qoO7(f8N?(rM1z_dT&i@C?hkU>sA=N%#5&5&H$BZJE&r

    $ubFAw{DIxG{skZ~9u7@)N#=h60o7Z*-Hny`y42eJe_TAS&Ke#^8}+52 z{)`U)d3wP2{yE=;%yz+#@Ux_#tW&+%K8;(^(2$0H^y5gge(gUCzjKT+BxE5gf)Cr< zrrSTMww<1(I{i%hy?ge#tZ#k1TIWA{S_p)M9-kV2{q=I-Nayl6W2DxYzd*JALv=|P z=?Ikuey4ONp0+hZu2PDQUe0B)E0JdM01PXDR`1J{Xa?)Dd<7j&x4I?03)C+}=bQSE zu9IBlnGE%80#w0l3^yq1(H@;>=Dh|dPb^C+5P;v|Tzi_>;YKRPYELj1qgDRA`auun zW>6QGX>5UNxn+#cPVPePT6Jy!0ud6M?#0Kwn|O+tya=PzA;h;IV@BELqR8X03cLUS zAaaBz^h>5kL-snE8(m%(1XH{Re&F{X6nz=#tgNh@wujPg-k&{vk)m{F4ape^hQ+Xj+=jGJ;}T9hRY)X zo)j(;hAKqVlLaKYtISIWbXZOnKTWG)Nd3f(f+3VB3jp{aIxw*h+uj&&gS3fD59mkn#; zmo~N5$(Z;w42kHIsy7vI293>J3JF9_KWQy~3B~G=HMtgvBsGXe;Nmvy+$pt*?p*Bu zlrmN^i*7f|vJ$*jfHHSCKBi7Su{f{bS@0k$hs)XHkbHj--dJ8DvCf9Sfk?=`$v(*U zX(n^@OObG_A?5^8QNSirH*)- zzLu4AX_L0yze@o7%;$slJ-V9C8G0mZES8xV8_lc5lo*VujrrO?RyuZP>EPJ|F8Nv z-yfDg`Vfa+m#P!jHC3`)&J?%-d_uogQK6S!^_b-5sZEa*qK)VD+SAV*1p{Jqq7-mM ztroFS3iOz8A{2jMfH@9J0Y{N|6e~GvT&m;nBBboNt1-ZrI}1D7bivjy*5cye2jwD& z7R$E>+Ja3+HeguGumiLuoLE*S4T)`93~zY6*&|WLN}TE*VoxhlPVu2G*hn<#(`87u z$HrIPQmWLnfb?YZ7KTHy0F)k0>?IjFtuhR2NUF}M9m&Yqbt53ch3t!T)q8!pu|o0| z7i?X?^jpwLh1-LxQ%g*=?Dk0^;bQP+Z&`@+kbrc}lcc;=o*UA+K<^10{OI1Ma0#cs zfV=!V_q(b0>2%Wac_v$*WQDGZf?V*^DxVWwScu6MOey*$sA;^-<|o@mRRl8cvT0Rtg6!so{!M9s*8?(6YYGU9RnuXuA(xt5!OPuz^GBfN zT=IHj)d+NsMn+9nx1a>3G#*(zq1x&b2dzFv!muNJRHbNxMeKVzh($Qa_H|V@;%sOp z&S#6FeVO*0Oyh(hxcTK-vl4;`eW)_2?0_sAT!g=#2K8E`w@`T!>%5o0kTt$2GtxGW z%6?GMT_+qLRp!VOK?mgi1`#%NZ$7+`iIr21_=z-FZOvd^Ah7|&U9$()hh%8xZ3ymv zB7e)Z$GN}$<)KHpvAQHNDH%|hiYG%v4Jd^8^%_V#ym7lKtJ|_jzqMdJGuW+z zqfqa^uhelPquRvoV&gD#uU+mSP>pufLpYpzw-DJ+T@0sJA3CIZ5oBaa<$!dBVORk0 z;0`p%c5SbY4~X3gZCpTKe8_05t!&k(WVM%5xPhQ05JppFEkC63O9}I)AUsGI?0F>b z8|RQGmZf@lE~)Jw`$}#dTCF$e0~tP>*fnaKFbdWl$cB?C4>Gelt|57F^)ith3;^$0 zSF0nD0+J2p+tl-gz;svMkBGje8{dQg3d|s}y zbY|L}kkH-?uy~a%Fz9UZ^CRu4S_MRh=uK`Oj{OYNK$Bp@Gr6omAY$!1dqX?m6s;Ka zrmP{$fuUL@kzD}*kF8aPW3xmK+1~8v#d_0kE}hbU?AGUqB*w~P&**`Z*FXmkidVeC7Ld9eTHr*5?RAdleY`i!o7tG}*ETy-%Sj|NXc7IzLymk=|nI6r^&Iue&( zAem*YeUBhO^(}Xh|0DH-dxwFf5rDl{xXO|3@Pgqt-mlIfErB}AY^sYbTI5NJ;?tiVEC~apsY0=_3z-s8^eN;PV;Sq_)mPnXO#rGo^%0|rX-IF_D)YGG z?7fpMI?Ir+{&aFXyTC)c-{Y()aZS-GM(0LxlmmWOMigJoTRNcq3~TivC&xgvT7Vb5 z4O_;r_;+G&Piudt4mDEEOC%Qe$X3IPYymq~&2}4#^?LO$CcjRcuiK!b33MNcU)fc1{MT1OPjJ zEs?5jahSjnkkMIjB&Is;knzrlYPPy_roGS3QuosF;y%C!ismuJh3id8x$aC>_$`X4 zYANtaiIj0+%{;<|JXx_cJZU9~$GG9sZ#())isqh&kyT9g<%r|F?O;rH&LLOo!LBTK zFJ2|>YHw=1Y=F4PlhhDzijy}X# z8CS5H@_=$dU2Fs(6NwM`3;1Z@Zumx{5GIY17-qU?g$zlUz$Nn@_mmnnRsht%dF4Z& z0=Cd>fSj3c)y3rso5sUASRERpMxr>0Drzb?E_XbixijNxy>uip1_`eK4Ey5hhuodq zC!eFT@0abOd*FT)l_;ux4rlMm7UXQkG=znNvjEj9-XlC;vn5`vjMt+u&ERMx z*$qG{d!W67yiKojP}L*P;7!Hv#;m0K<|4@(W@$IcOeM*}uYz);z`)oSls#S`i^~l; zXGX0Cj$sGSzko=4rUiD!d>Ax%xcH~dz_tL_D`*SZsyH+-ozkJQ!FY5aNVX3zud`H? zKb;q?ZhEPZ;fUWb88&sFdY!2mj!(N+o$6%`iosvVVrX=b+!nPjV$S|VDyb>)87_jq zNdBv=uE0HVU`0Y75|qZStbkNJZ}+XM{7)G`Gu97(0(1Ir@t^J3S-qk8!-(f&^_GI_Pqz5>X_S+;z10HrK*;`FubE z@RL#!gJjc4jEBVFNYUnj<>X zct}lO;xABUX4x3F;@a+NEhYUBAJu_17qYcX;GjNxD~ssDjP}BFv)fOParKr*%b_mC zHt@rZYEhqrCsKzqy6Y{NW~z!oCG2Z3K$_{DILx-d<=p+3g+-{K{M6-%fxl8sN`#Wy z0P(l`=Vsn3AK$QGWXFfpKI-8bMa}Vs_yB9ka859Q7$!5|ie0>N;g-LznJ}I{(ciE$_zz=F zuV5-D=-QLP<4kW4af?#tmrxnyc!FXs>Rdf|ZV#B4a7`jk9`e|akzwvi(D|csVTGYw zS-69S4$FL8EWWWAWou$JNRKlBh}~AW&2>xobQ(hDR6&`pV&?!QFWxIAur}e{Obpp; zf-sHjd!f9nN3kRkC8I5(n=UsSzA<-Um|d{@>Kv8xaSnN4l1u%*3CE<9AIX*doKO=*E&pR0%^0Yx@*t+H%(I2aDDniFG4K%#_D z?wgXwv-!mRf=-;%Yep?~4-E^E3S{VB{41AX(Oc^jdJ*A}>e}nH8m} z3kaVHBitDU0)d=}SUe(`%pQH`aP~k3*=>Ss?6M?M;_n^Og~$4OGhE2bRt-0;%{%gH z#1AMrhj}-%wA-N|Py?QrO#mP64g!#QlG)+1<#sN7k#6H%keHsH9%olfuAT?Z_z%^} zUT)En5S~4wD2O+U6$(gL>zok3Ax*TmRF(3|-jdMCiPXWs%Mf7E12W?*B==x#$w6zx z%H;;2Gtsj^XWzM3V5w^K$hRlkP42oC6H#Q@+CzN3v-O7-^Y z5M(~~nf6{+NQ!p>>4cRJt1}ea1i8^h6z_Djv?eaz-0>K!cyIU+>uOL<%6F;=^>7Dc z_(U0qKItfA1^9$%B+>L^%S!^%!}?>Y-h-6!lu6m{JVoOTK&z#4LK8t-Dgq_{J<;*pc?Yn3p( zJ)*&d40)B^eVc0d@nIvejpE7gz?i6P$%&L_L}UuhdVkE*V&OgD2Z9Q1oM9|4fSPJ2=o@SPmZwfv4n2huP7#q zRR7$GI-{|UQQc-VR{u{NS@f4I=;4feHA6Dj7&fBR=)=bi?(pZ%>}}gyyw*4Qf6IRJeK>ru>Y*y?``Fy~{n^La zKITt9*nSVK94dsi{*QZ5DVvv^p;>nZS>-8Yp4JPUc~X|LXB1Fz=A~+8U-pz=Xfo6R zP{11i92HjOrEryit=al2rm96Kd8KOJ6SzpAOR_(r^JpcMed8{o`!6zxs@yqRK7NYe z=zig+#^Cx(sk$}PVot#sv`gJEX! zVu1TbJYB#$3!N*@_?Z_$Ei;9&1;<`&9^)Af;Vw6tw20j{*=bhsDdnvZrIX9fv298d{;~l&T;NQs7JIem7x=I<9x8NX~7b3(Lyg5OQ zS6(%%n}HGUNTG4x?6{LIL?ccc&z3R0f8K%!$VT{WVOe@Oh!|Fp-(c2+vH4-re$7uQ zTT1=f#c0~#G*#p}IbB(#{9)TtNxrBNSlmVBb2^2`qXOq$g6!s zSGoAK)S}qdd0{Bnkf6G$_Om!@jT8RDQarEeEzi2(!k@NT2ZNc01Uz?!fk^^;lJQqk zN6|RWNxIF>{^c-v70i!#7s%s>sHaP(1DDD8mpGw7gU}Bq7BU|@OorDj*CU@C$M*jD z1IFHdu3bhRaqWO{W3R)8ci`JcP3VvwR!zeceChP3Zd%K3Dl~4Vyi|8uYsdzd#SY{gOl+L<>hVS`1-Pzi=u~d^un<=|H6j>Z{_&+;{PvPm34xvZNMf*E(5UOFR1!9FIn2&wB(Te!Sa(Z_c!` zD>YHJ;FzFq;$6p>)jEfHvgKXMh0-J~R-lO1n<*YcQ>g1x&rK3xEe=PdUo2tG2^BWg zvp8jJEgbbyE-|3I$6yu)%~_4q6z%ADpS(fQ8Rjp!+e1;szW0C?m4*w1MJadi+FY8t}-=bf}sPreNAI zQi{EwgwFsf$SdqHj_EgihoTa4E9d#GDmD=`bF-DmF2vOm* z0@3v2z?G2N)V5sbuJTH@aL|uHzv_=wO9vgd`P&2@MHDO#sb)T6Kjz)*Zc`9U%>9(fHg)*6U`8rhU(X-g6|a3aF4Cta|M zC|wQM1hQI<4Caj$n_AD1;4Kn`^4KL9=komAl2FxX@#TaK9<**KisGoS5FWClg_r@@ zT=CT|I5GeLApi$(y;Lo+9Qs~+*8L5vCA-IKvwE~GLkw+|*!4=vZvz(iq3nAX+Dubk zEjA(DT6M85ZsO6G5JM3f0A3ZC;*Xc%?XZ0N}?EU-Bk$38~fNKxbiI6s@! zFJ_<>ZCc-7K5=d$C236lcIWneqPQ$~n)PBW7vqZ#889}xlU-R>i)Cy86ZD2cGpKSB z0Wg#P8Ij}Ixg0y^jhYboteh(eD~#~Cy~tO+&s}h}+%Y{iRdM`6S0|?6hhA@P{Gj*H*`QI8YR@c={yh-X1_$Nx4XA+1;TZI;kdVxhz182$$!c+cr5`2-Vk zYNHx**?IVWR<_1d((h!*OF$Hg*aqsstCIU!`ei!kV^NP0!;S!LdAJ&Ce|=E-dJf5K z$`46h5&Z_0N1S^B9&*llQosU_b~w?$+2KlAH09sAgWe za@#39Hix(W0OBs*j*S}1B@-Up+S`Vr&WAqw@0Rie)v;J(LULnav!~YNX+=SKw8UvR z*b?u9;{jYZg(ws}SU}GaOlTXWAf72AvWBqM8*8J{IJV(VfOdGH@BC)KK#E?EY&?r znZ2UU(I^gY)gicWxYT*rUOr7tmZQ+0com=FfpM9EX&4+!$;pwtaPGmdrp3W9Y-BC& z=_>$$ZbHvs1X;d(x_2T)mpRnZb>!9b?xVT+`dcsOQlh3?pFN$xCgtqzHCe6#Truc4 zh>~O=7L^o8T`mBW4@0g5NG#UxJ|;tHcGxBJf7>WTS6FcvTo4xJXgw%iixW5O3Re9k zKYvp@p=_MmE_h*>SY~yQnUG?2YtK$6ZXyhz9y}kxxCvF)1Gd@uB0H=5o|$QuXes=@ zAW>#Mdo{zlRc(wPdeULhSoTH6YpY@Adw5CRXFGcK-m<_=kJV<$WmEdYQ|*N+m3HHB zR9<*OI8bJ7-HJp|m4k%-YG2QwCm*upv0~r*ftU7#f#uDHvZ{P~-FW_5UFggGd9m~D zI!cRuKh4n&RHr*c&@FzoKIa3|Bhr~q76|4K&la!(fa?08J8U{}Q&HtdJzLGJ;*WD$ zl)+HPp84Di!xbv-datBqNY_I{$!$5vZPd;EC*|N_$zu8ViPd=Y0#BSCKg1gdCc%8~ z6pf2?`2|U4Ejlq%OWOYjKw=OqbLYp$p0K*^$*^(w%B&r0zt_G1k%!btZj1ETtz;1k z)S&cmd`2Gs#FrVx+Ht`!i1Px#Y3H5u2_&ptxnJokyMfh`%dm0b>mRa3o8CVcGdlAG zqV)QM>(`fY{}TXtZHyXhBa_mUzBK_y|KIACq>Tsp6A9g%0T+INulGc!^WK}6R_ui+ z7I#&ZO#83GIsr~`Xd8=g4-;?Va82s*`(bXb#2-*$SBcpvw+k3~Uy=Ia@{Z!h#W|h+ z4>|6cp-PSjHV>+a#dR@?upX!&>d?SKD$hk{9$C$2m00DH;lh28RA z8v|$e^H+LL9PznPC;e9{?Fn?BT!vt?5JFzjiUu25i1)sm;9K^)9 z^vQj-3z1n`^;Uz$b+nzgE6Aa-v4*En$0(B<;Y&Zk(ep^@CC~u?0H4SVrkc>zwDzBP zS^a3_&)>#7y5-`L6`1%l!$q^p#bzzUoy%vwxW_m+Tg;B>nteu-WZHLe3VUtM^A?%; zHO0rlK|6#w_5kK|_;Z@37X)=GGo@p#%^(1e;+$o8D zRi9yjmP`W&s|>CQe2Ghejd1LC`b;RZv>ZP3kLOD7R>$GHnB=+&0vLGBl80zMdV`D; z?5>+0yuwt5!x8#+?!)2uivWj5*P}n&t(h-3)R^hiTza1f(~)x&hd~dQm$7Rv7WSp-UbVEWDw>cs9%Z=%#BrY*gV;?l@MUd5a{@Qf%yf*rL&L6) zi|*>mm2iPBb6mq)hU?9S3iX8{TC1rcD~9Yk-ys91+RWpU{ZowG2MVPll3$i+Wv>fotUyy@>@wE=<4TV5M@Btye>J&bszoWf{OX&J zx9jFtkAQaesnVoEaUHqm8nzjNq#pF_DazWUF{II6^sY71Vg|*|Nm0;?EYWY@qzXP^ zPg39M)~;mxZlnhSmOuI0U2`~?<`{VmSfmKoZ!0l$>#o5tk=*twc1IEdV zamJ%@YXU9oWe3wRwYpqkL(PoG{{XICjeXwn(OEKVa%BchTwR%I{*M&Fe_@sUFDx|w ztK#@Co=+OvqEPhbEC1Vb^1lAjUQ7NzF!}5EOJ}>*5C0AYdQ43HU+wf&FN6QjcKZLg zPNeYRgDdyB=n-8N?W~sgd(ssUw;$YrtoaeDc$-(y$Y&N8BnNBH>$6l4Q!+{;F~Ka) z*4Z}CrAz40XqNy3t_?O)^NpZgl$3W_0{4De43wVJzf3@#L){3k>#n*)7u$hdh^ z3Ut^*|_ki&)oTqzj@+&mX8B}XOo?&Q}RYuI9XR89w|5pix>m| z>EDG@1HfVODOAv@#0x9|#Z_hzWH zdx!Bq+^ynbX^hL$5&)b59LIKhL?btMjDfGpB29kzu#)|kgJVkg>%LkQm*#|%P3#;) zVzylQ>KxzM#3m>9T?K3#L=y&TkKi2w0+@J1MIYsL*mBaF@%$&KbtgK7?x}_QYTbXP z+s9Sr7zMs;7t++gw`*2uzMZ8tclJ5Vafw&r8jb>JVOS3&6zD&R@a9DS3ve!S7}GGV zN^B>V>`sL?X~?^L!i;oZ@rSM|-f~T43#$CiZ{89(qCo4$gw0UM(igDZgCjgzqlvBZ zwi$FWa~Im0!T%3nR9?D@A?2=nUqMj8`y)Gc#B6R(Oh3Kctc&J_mZP;Jj&-g{4gCm+xMD0e3j!1 zHVRhqx97e8TD?{HQ5N#@h3&W^EHjv~ipEskO8>F;ZIBOaqK6vj2;0Hqq-N|nLKuFk zUZHKgOThb6$1D7~IDEkz-Ldpy^h?SW)xGLE#cch5d=LNY^^E^`F8pt5B>L}?sB62u z$@E5E>jRDN;1JOm8TW3F@EZ+F*&!kB&R~NllOAN`wOjaYD9nBkFsI(e>pM5n9LIgA zkclk}L_~I%*$Eg~Dtw)Z^0-lJl09c9d(dr5LpnAUnkc=Yn5>-NN8NtSyAhntl_33y+B#9bPiZa0ui(m(Z^^T#Q<9dU zlV=%n@2z7U4%7`X$v3fz)nklzB$l3iDV=loWpDB-giO@dR4$c*Ytk=i;h&My@{fY+`6#~K@!O3JD_ zyqewfY95<%QkNS0yj&-|4vZT((_c9VU~J56src03AArLWI^A1JioDrix#SGR}wtu?he-oE<1w&*%_2SNKYq7}OxD#F&r>M%Ti<9@~i*#jZf((Da(YwnY5QB7aqBn(c7Gl1Aq80F4j9G$Py zY35j$=vGcR?`o#LTPhs_>&ooFmG@ZC0wQ8BB@HSA-M_IvnVdC_@~E-&E2VcW zse49`+h1;kbBI;!1|p=-7LWocw)-SS^Q`s7&iLW1`y76>8Q6o=%vMZB_Mqu_#ueq!{R1ub2sD! z8Ae#b@FrZ)fc*0mt>T&)>Q)&*JgnIz13CSvYlf#M)m%v{YHo)t`CA3TmyH{4Ru zO~gUy$@2qQu=8VVw2epecT`qI`}gk&8%|CTcU-V`xDa;%r2} z)tMi+XtRs8C{qmJhWP7o88F*PvEoO>zVat_u25fmjaUh~pgo6?htpqcv_DmzyF1Pt ztyv9x^`Rx%_Zh==s?Z7RVMJzlmp#d*UzFWA!Q*I$)B`YX5G77xLF?KRfRw8WmBoCM z`|eFV0mjXu%(8eU(enBxk7@Gh)L4!bl`w+EJcAXZLR+SoRcAa*r9ULng%j|LpZ_*D zHPA1j0@-xtF(O*_&f%r~T6YNaP5m=EeSZ&|`EK5B%hh*w=a#Aso+8c3(6Ev~H6NAq zTy-Yoywo6dYiSZi6kTiIs5_Cq!Rn(8kBc7KA4; z>I2lBU#K2iZRQ_)?!1Yk6AJ&VUA@m!dTS07?-yeWh9>=7Yc<(E)j%>ii+wcTM9L8z zLwGI7eDXT-yyPHqh`b~4ZbKnt9M2Z9xaeBdqvv(PfYa>U;?;9PrD~_|9O_4V9xE8U zaC^~IZ7I2hPvN3yN%?zGgTAhR7NVd+=|Pv>q)H9dAz#Gc)C+@SiBpZzoBw?5D}b6GNx^_rmZR25ht1O?dP;ST{V9vobl>iX5`{F4l!xuaYaP!P)g32Bb~8 zsvc|UtP5Vg-D(3x!}LMfmXB?rojq>lA-ZirN-A)zE?jQ4Hci}j*IkJsMq{4mw6w5&!uvW|nqusLVY zH3!-$)j`K!=8K;VBE3*IT9u{aa92-8s7!85Bgb6x7$IdYbG=#K)0AB~+kg>Na6yYN z9e?QUviyF%S>97ai#ipHg~EiLrv50G>oh4hhxBXSes}PcU91-VIlUIucGt09qENz<#)@8-}aO7?+kQ=xrye;rva#Nh1qYw zh^L(Hql%S`Tnhn^4-NEY?ruQu%Y4==k9wL(eR~4O(p}*O6<(*W%oh#13xRxvn*rYy zb}NW4AOc_a&?(TPRIj2xLY^3hY{{jZNgz8L;gS72oeH(@~{LOWQYo=YpY{)odku!RM`#48~62=G75`yYNW$_%j^#JZ@$(R#tuui zvX!kLKI_vdsja11E|ESMK4E$otTq@&VDU&xv+HP1fK>^CpjXkp0*)apb@=r16Q{BA zKLFlR&z<7jh_gjE`Z_1CGZK>mnDSb~SKVaO62BpHVG_ycvYwxK8@^Xr8+hbPtj?@B zBtoiS`S*h)KtVzrqJGSsD8uG#O{8hELpElcY*_#L-miqpVg}PP%GkdLV|Y{TPA9Gy zJM|XN7GYgKQw|TG@(2~ySo#D>94VO^N)U&s*W;#>#_o7o9ZZDnV2IYKLek99flrig zeckC5+jB<~1oicKeR+s>PR$ywa;bZhY6uLER_J`bwbZRaLn&opNy_64ILTj0EyUs= z_Eh>HM@3G2RcubXV!9+t3R7SPH>IT8!d@U8xVML!bXXQ_FRYVqg>@~xEL)@xJ1m?&x$m|Sea%U1HF`gMZX}j7f0<)0 zJ034>iN07me$)B#Dz#5?wKx1R71g?3Cp&1KCh7mgTfQ;CLUH-3GaHpR z2t#KeUWYIS2wT`Li{9Mdw0{8nEkFFGFHV4xpm{C%TdhAI(MxFI_R|0V0smk8 z21c%?d}13&&BvCqT!j%ag)!EVR1Vp$(0Jcm7rV#d%BWxra2T#s>%yL|A64v5d=&gR zNU$n+QcE|J|$~oDb)%hpNA){xcSQI5VIGui`@r zmxAKOqJE*(4y$f#^jjr@AqxHZ!e7Wmj8_;N#OemMlOA))QmSXw&nLR)-38kCFa`%7 z$i^p_(@Q)wEZrj5;xVU4ddhdeY;7GAk>d0r*YUqzHn;3MTaPvEgJ80t3Cx!8-4}j* zj3z_GrbV~8&_HU}_fHW-zUr?JJK6mMwTc}_*HiNhx(DkOE1;`ToMGd8jO5wi=kRi{ z0059D5sU4!;9Te6o-C2l;EA@`E;@+pvr6mtgvGc_bo&cUHg2^gbsWy7jX7uA<+M3; zw~h!UVasY@(2p<^6Ac1hq79ru93>9jG0t;=H6-%#NgE*P+}{~CyUVL;F87IvX|FbU zPt^Rr;YlbIU((lB@W`c;vC7y|_hctp1DIoNS(yQ%Rzh7h+{TakK`O1^o~ogbr0{#T z#`*lnXTWL_M5Fb-DxqE9{T>OG{tf2Incfzboc|OK-B>QPRv%?e$Y>-iA|?6=j>H6D z&;YAfh>I`P*Opf_a{W5QdT*au-z=XziR*E#bqbhF&FXWX(p^pJ^f-y6X??|;f{Ue~ zqkhH%Y#{(V#&ncwyu7ZLmsYv8h=*fPk`yUCH!zCstZnoS~S_2zzvz}XXpid!?lk~8tJsFH>M5**Ku%|wV7JK zaqEv~!q~Mac8|Ot1F$_-6jnO>{uI2B73_Bj&5#ePnEbo(vR#YfsdjCpX>N#l=J&D> zZl-Y~><>pl%{I?7xMN&aN#T=t_;`;iVPXQhU-`VGf^<=$+?hm}Y8@zEk{9tRt2ptN z3X+ON+jRTl&%wjV)lRMoJH6$pDsXu&-_C9=Cvo#=qxBI3zI~cGoWOW1IVN^YM{js{ zkAFaWraxG7ZT*O*2gd=m;2wBw%EB(MjrBu7`?Q~L z)rJ6VUJ*qvJ3GO-z=pFv84VjjHVZ=C&6b&M$v{vy*FtUG_eS`h`LG7yN;uxm zE812~&3rc9>pp9`x8)1f(_brTNJ6@0*Zw+8>aH$@g1%38g`lbRfrVX7Z7{-fD1$c7C=5QsRV?r+H$ko{ZIOV#k| zcD6Tj$sdzV>XCSD`ssWDx6UxonyE+KB1BWN+M6t^$Kt9`@l#(x|y89GKTcW-vN% zi$9;&VWS&db&Do|(%(xd79HkgNY0>wu!x#D8r?m3Y1gP%ay}G$nELOSGDtDgZO@h2 zh#HRO#iiz2bMMf?AqJLDP)EE;*@PGz0+4EZD8fsE6oJ@}cDl`R2L(iqy{@C385D@= zeio<|@Dpuw*xJgt(7PD4u$rc0REy@07Y&#h5{=ih!}HegA=#59A=w154AmE%Ki*TC zoBON;i$%|8X)pT9S3eWS4JA|ueY88jeU#go3?)jX7APNH=qeNT&ZH1muX7vVP+ zJgH@k>(Z#^ijyb1Dep3|IZ?)%6UW+s>7SI~Pd)}w$mGIiSAWc6ec?=!-zU&@uD8km z%24V?_X+4PO3W_&!ta*o$ZOB7X2JB#bG<9ZXFaPloX~hg%xbqdw%Mzx*g)CaKp{#% z0xT4#vKvcYRKTXA%H5D(bl4qfZ%wKZ#xeY4o3}`{u<-&@Zfzf$$0I6+Y5kYt zp*gEj#Q?XsG6=IFhev!;M&QonA6@12F>SHy2~}p`Xe8z0LF|d;Mv2K5y-w-#_uT0D z*57{D2CxriMa-5ay1eh1T|*ANeo%qPojN*zDrES0kA`stCpVQ-vNGfv09b5o)L(e3 z-Jx*s#fny=sUvMo7*Gju_CcQEWVc|@Yc>XBz=EQF2f4Zt+UFC$+7POxAMSqdO8FyD zgjE>p=jxTSTHS8R3`fET7%1+CKeeO<2Dwlss| zASU?=6hA@yX5_PgPrct4*_sImEE$U(Y*E3wqt+2+A)HLXqQnf{7?y~3;TGHto0)q* z_gSMP&~7kOI_j`~?XTY@Y>_f+>+Z+Crv>My2jU_x+3B7bSw;6{N*g~kbMhCK#ciw2 zHxhzAz#$5L;G*+l*gj*S1vp`tMt^Qr!b7Z*x3hUm}pe8#k^7WpQ7pYd9 z(^ta`QBSS3PNWmobw(OnYO{7_vxPpXmz%qa!lbNn3_ZeKu-}Jeu(=d%tR~X;%9U16?ToR_QU`LKuCBm@Fh6Z({eS8-A|`P=H4OpxHvF9`>0Tz^CpTTmUc z>cO$A7X#c&t6nt_V6)=mafTfZ$&!E;s~Pw!R4;9P8K3g`%y*Zx-L2NrzV|(iDjw9m z4)=G!?j{|#Ob8}@bPExY|IICYr}K*J04}^@k`>RMQ|y67PQ%w1?|e$*MXGhqA(P0hj%;JI`FE$!ne`&g%I# z>q7i`D3G{0izcRQ0_YCv{pyMQMLgr*%>2gw=uFu?=SUN}Jlywum0>!{5!a|MoNtm? zrR7bQ>=k=-oKDg({60TLFt93ZVbyVU<%U)6&y#BYc7Zwc`xo*CGu2V$tPA3XNF_${ z4v7kpL^F-1LaU>L{D8IxgRc=-AUXtm5SaXlh<@~A9i^^V<=lys$$O12%=iW%9*QmP zxBKieJ3CuJ>S?q@l(w(!I^2(QulU8lK3eC^qO58|Ve@W(mDoWl4As4a-z|G z`jTJVF?Z>xQ~A=P1Hg$i-Rxz?ova}PZCNWZTo}rxjpGdND`9(uBp-cmAwIG^Xg;;| z%O7$<9w3fKR=tyG5lg(c`5*${!AvSrSHkS)UZTc^+JCjBWb^!EUfuY)2e^kbFU|4~ zz_Z!nRFd&z8In^+X1%#!=$4=)SZ~jiBgBRF&t;Y6b`Da7LVf&+-bF0R8&ugg!kYigBbJu7mEqt5Y#B^eV3A)FX-J zQdS%WXoXKAk_W9x#>rhe9ByX(m7E1|-up?aNV=Ynx_T3=ri~w3ElxbuafAaz|Hurw zP`1B_>)ZeSu*|Z-XGi7rcVolQ;3t4gQh^K1=988VJj7Da7EI#<;KoJ?)E%DE+`_%s zQx(f+C>vP`*ZZr685L14g3?wWO~b{{vfiy4ry4^w%iSso^`8~zq_Eh8rG*1GkMg@& zoxkb>4oO(q`uok(fA%|4#8s}dNt?xC;4~;R97P7!pvzq|(dAYtRSTiw&cT;WnW;-t z5FApF&2F+u+|fFCLlN%MoTbQ|Tp_-f!tyCREW*2ON6OZ0rDA;LHGb+^{v4soCd`nW z(N)_$2yuMPYUO!p7-Uje6VFw9K=<9UAtae+YY;L)&in)K?d`R`bW-_wJ(Z#B&~U56 z5=Clkx7eJz2IN-f6M<3d#9J^?~nX{07VwJ z{y%ZvRxxce_HjSkstt+4|4%LI-p-|Vp{30$WWNKn+vOpFwu(dwWa+0FQ(1DTaEVP{ zd`&4-Oq`xAtcJU3npa@PLNmc)h)*{ZPx6-cB>9nOF4eb2p%%90g*7|>S8lAUq<&1@ zk(G~gOV+z>(;=#n35Q?XscHm;G2#{QTa^G~12JOWPbUK?gpTmg*u zg{kD8%%0}X;u`|H(-^{CE2_(n5y{4NYBLtYILO!k6Uy~la69|6Zb0c`8uf43y3)9i zO(1ALFRyNv;E7KRC$m&atovi`6k#W5K^>3$+fEkxoH-#WAE%b) z8ktH|Yl@XLjy4uEGLcOOAfD041jSd;?J{vll zt0ao3{6tumCWS?JVxKQ=FB-k#GyKNwATXOm)bRJsYzH6gmvx?=5fM5SUD3$-@gPwj z??hq98e83pC=5L6n~3yUa;?@K23CoT)9t6Tzd_u_neOIs!3g$Cd_NKY@%}}9Zm=a9 zk@6bqAk<-T`V!Wv%$f^*@;cY}iz=oqtBr4IZZZV~jjz@ye>4ETA3A zOKQ=Xc~W{#@dfOmGUUoRpaSxC{St)UH9OIcOSz7&rjQk4Vd26JNx8(AiunTk86%_o zHsja%Ih7|Sp-Gz`MP0;TT9~c0v+(7MsuR5wbJ0a7$tJ>n2BoTt>h2_2=?KSoBOr%*TmYFdqD>SkYR@Jt zBFWppLB}GxGSjc)d*LCwJK%Pk(8T!5K>-)a4{z-*+6pvi#>}lyrFftr z9S6ZC%u~jJrVAW+>kkV&Oz8uJrCJbThiOm!QUP=T2!E(fkOynztf^hvpcOzIm8x-z z-!$H^`%=09jd%ZAEUTTtM17M(>SEKW4eqn3ORi^D^@+0~Lp@oYns1kc_O#9@qwXb{ z@^|w=fLN!m8r($)@fd!rcR-6YoDX$)Kk9eeL^6jdX&Q&n=()UQ{w@qh%tjEsNC}SZ&=TR`*nRZTy69MX-EF;gVx`Q)Z4x zZiRv)BgcRGu|!EnrKg$_ul~oI`L3 z@f!ewJe--?8j6q+9F}Vy#IIAVgvy)KJIq1M**sihDTTS0#@!_oy=JmY@p@8M-EZv$ z>yw*XM?zipRW3StOU3QJpW%Grp-(O1YQgweedO1pTt8U z<3CiT=N1NlX4CVCbg+dX3^sC~&A`A0v!wpcvuNL{7%jTN7P$$Fb;k;Eg+p+~HRmKajc^n0hvWM@z4M`o#r_=KnsTttj2G8;J~`r>ARh zqgQQj=!4Y5G&RK*8!shHzIat=RE_G=U6fDkj#|%(hU57#TtV&WqH02`D>DQ*3 zxp&#iqu=OmN2^hkZE00HwLHuW%g7Q(`{nkQV!JID%RDvl#Kk~Ir-a>tx8A-xvfXJd zB&+(%gYb#FAZKziCM>{Eo{{mvhH3j#U{s`d@JYi(M*~VwoY~Jkp;JkxVlp&%K(O$* zhk*y43ly2{l*gZ$8s$B_vqr{4k{>U%45yaa$*UN?2{P46nbsa;hJYYY`^*w=b zQ~mTBUT!GMxB8r@kDQ0(w}-RpFV_i^wg~D^`LbQfLnb0ac&%5EmjM|qxPSg=LO zkP3~lA&bMg(xXT)$Oib0@nRRPHI;O1KVF8Or;bfXSqSjg>l8)~BYydBKEHB8HqftP z{zSgphS}R&2vE6qR<78UMz&sVMJ-3LXqef2c4v?Olk24bH^3$_fqPjACZu5CajhiN zmY9ysy`fH^k{DQD0aCRN+Y2co!u)+K$I!KS$#d*(EVGi9qq1O_>>N+@MHX7^aymtE zs{62rjYkjuExm;BV#D@k0w1qR2ME$uRmUTfIJ;+NWgxD8X+~mE(*$=?K4jN=HPMy| zk3y6~X<51%w37oc=z{KnwVHd4`@B!u)>?R;)Lm3CA2$Tjr*9l9PK4Lzw1w~mvvA8i zr;B1??}& zZu~II`=TS`VRZ=TLvjJ&n9Mqig_TwZ#uJ^QsQb-1=Y(^z^xR`Cl+iS|L5kJ7ma~)v z3L!p5q!Pw`=Enat*k%7o?-NBIkR;BArQk&AYIaqoPtycFSiSsDksekeY%0}mAdI$y zHP>|sBHuLnEei?}Wt_wC@aWvh)Gi@0HrL$cB?2&X|Heo{yS9AwufGW@%MNaI_D+S0 z@x3?mq+@2?!Uk%ba-zt?QUE}KXt+Fi@#hCvj&j~*K=%`4+*c9qh8+=^&6wtsjE+i#}YbvocbqkrHQ`ATLY zEUxlgK|U=UqCSCoLCwL3g@s#RL5wb*q^0a!U-io~XOMKVx@glDsr zb}D9J@B_5&P4vcM;e*Jj&w*huWWf*}`{k57H&{p*CJ*){k*UH#lW(M73D^b=Hn@ww z0R0i>`5AEkDw5<#D~&Mt@U@ zf!`I$7X7wMsinz97HhQ5D~MZHfio5JN48^n=!TO&V0bZ)_?M=F+PJs_3hi&haGj^$ zGmP-#cJgnMu0FMoePe0dKK0<@)aqD zP-keO7o*@K@;wt!hjH8?mS?*OWog5B1&c?Kt*xC;s0=r#!8(5uZxX~cB15JPLv*m9 z0~`4U>U5wuO*vau9N^U$0_Sbl0jF4rij()W*x@0gGMn2tnJpR;6oBjC zh7iBkNNVpbrjqWp5zkNWEb^NiLN&Xqgvu`39@v#ES>?uwN|9^A^#>AdNc1tQfnnn~ z8iOUI>lp$|rpn^ZR(tH-R}u3hHhVUcPSEtTxgabOP2UGInfy{3n7eq_mj-J~=?;;P z&!1_O^Nxw>DdB6u0%>_uNGOYwi*tqs9(7B2HZw|!VUSsL^%t@xwkFOw8d?f0>drA` z`%}nBhf|ZT=g%W7aM?XHkm3!13BLcPuGs!D!CFpXQp?r+#~K&yNzdzU`b2hU7JQid z$mofrg>*k%!T|XlE-_#r=dftL`0l;)WfDs*`aaJ*6!5ILPqj?)|DfzG+@g--ea{(Y zfT0<>8ER;xVHi-5p$DXMK)SmTW9V*>M!G?|Ra#nFTDn0oKt*)t>^^7r+-))$qNagQ|6xM%l7ppH)9608^xXfn%!(C|V ztXqTZ)e|P6RgJ}@yO#Fe?XLDZy7gM>XE09@!IWRQ_%ce1GLk0gvdjoGh4Etddf#Y( zWyBVA?uMTH%vr316KvWAXikTV&D-XhF)-H#U~+cSvm`b33=b)Rti_mULXN@u!>7=%&zM<<*=SF5nr3i*8=~8u56De_3bv|+2 zV4y@Ov&kEFS2Vgw_p0};8T|sp9@muZyRq zMmpe>JjrXUTUH!hCp=TO(K_fjvk)VaD?<~Q5{Zc+?`d6g5q)zFvSRJ+T{7RkA&}lb zdEffH#CENxw<@Uqbz8^MsEN*0+DBBSdkc?mni_!~sQO`+FE-YGJT4;Er-o+3+>#0P znYx5am%v>{4@Xm#oZEL^zWwwO@ePB?qE} zPx5mJLR~MBN=b~fL-F&`Wb;Js8tbs@v(mh(wA8!s(AeBPk2Mby&B*@(PWoSUzgifc zV?Nbb+&I<{8)MrZ6druO3(x+^@LvbLSRSnXcmeqbaQ*c8A3)^sV%crW$1K6mLjRM3 zkbw70iY`1|g=Q*%e9ktrf;28tT^2yW@KHpn;-_npbGrEpm4!%ePtN=TYeI^pfP-fo z1U)=t-ff*cs%L&A9%}MVV+DrjYJ|JP1L{s69f0B%*Bwnlfye7+<6@`sJkuuxtr(q2 zJa{0*>01YB`kluG{t<$b&)tUu)BP{>e%H|le^9oncPMSA(%+MBPN153P?Qd9F0R4n z0YHZWP}D$bn%hk3qk(>Vgts?qjL)J%#r`?REpQbIcDbN}HP)+)7~jngG7+p+g(S?l zqy|ue#|RzNd(sx}FuA?^7iO!$z0s@@#xtdMi%-jp@^dY5o|H8&hxSBfzq`j6IWCe| ze(a!Wq4kYy*nuo=mQv}X&4p2@R<}T*@yo*PZ1m`?zgQ?gP40vA<)5MDv-j3prSf_n z)({gq^2`KN#0r>iJ-Uw0cnwF|W#)XUz9JStW_sWeL>;v#a|UVe zz0q5cOzJ#;9N_Y<{Ze^S^S!p1>v%bHr$Ckp&EpJE7WWiCO~3E<`+f)ou<@z7l#71l zrmz01iDh-(;LV2kv!O175yRTgPMIN>_k6%!&^GU_N~e!LPfVrde2n-1{=@~!UsHw> zpVZc5QBxY~8kmXa7~D%zBh# z2XQYOO3c+`6qm&psDR55ZZF{^6Ti_Xxk2;7J3LE5>I-^EMe$1i>GTDeuR-X{$})u~ zgZz#v3L{>fiJrMMdJ>GHG_&eP_jdu<=v^$Z>uPV7BQXRzKOrSIGmr|s+FB<<#1mn zv^=sqg1VNlCGczl64Jbjf#gg(}sH8@=^x;o%_Y0Fx-0CZs|)sv(e()H>?Bm@K6gFYxca+ ztDL!b$6t}>JWcKor1e#2X|0GCX0o+zgFLOEqEnt;?iX}E7o_EV2EK7Xu1aj!lz!NV z4LH%jMgl_QGuR$lFrYLO^qIg~{Y|nnxlB={?YO&-Kd`o2l!}8k87|a{tIA z5u$`Gd~L4o&qywV!|trXoy}SGZTrH0eVNqML*4__d-VzqN>FUPJ$!x}f(K)q=IIL5 z7jZ_oItkMse^&xua1+YOMkh^JNYyd;u=n}_rF*L!cjn$M@R*g&zAEV3|12!oRDMyM z(o!%|Y9`y9LMYDZTiBwQ+b@$P98LCfb!Qv=u*M?OgXxky{p;A4owSqc5Ev-Ki`C@J zea@Dj&!{ooB^jOA+Og}=8=_}ifG#W4T!;(2dXjpj8hfAd=!X72n9?^eoS8UpMLqZa z_C}hL*cU}ooWw~r5g^F)eDoo6-}e>U8v=r8`1SERy;A^_?d#40Y9{i8f%##LW@?aW z{-m}*a*3t1T_{phgpcq`#)*bPMp^{J_cbXPdp4SujX1uy;{uHa6{HwBMSE(N)(ULU&HV#ABp8i6uZp@jXq&n>&%z1?wP1`Xe#IWQ|3wnKXJL`=CQd4*i;U7=&y(nN zkwp>qD=uTHgG8aw1pV1ugIx$(mnD}8BK&WjDO+HVmn*3AD0h^vPL-}>^CYXSFmtRw z71}wkdj2Rq?+t@a>$_L*;NgY#-1Vd21bRHjUE;5&(vR@iJtqkjMW?-t3TEC8i}`E6l*n^ zln^|R$UE(E;+%dctDLDJh7SM_T0_|YwpeC>)OR0RUpq1KDqkzMp%%qZ^+HK+PLJB{ z67^m}mELZT?>yb;k5cW^M&B|Whwau><30+KF?ZwQL*}hD>PLd%h3?Q}T zG$6|2H^QU54=Dhny!AdvsY-pQiV`_)P68)&n*+&^L=w-!e-ECx#Yr_=TYlh{yqZnx z0&;t`WWMZNn{*y_Ba>_69cb?qA62~4ucvkVifY(^I(#(&=;wq+hu&SPG(b5zjqUu;5c#*nL7z8KS`0B>QW?sl!n*22_UW$Z-1yFwG&+^yKc6 z^l!;2lu()=S}@&tW9+}ifogBpsE(~WpM4Qt<#mxY;dCfI6Eg2eGhyFXV?LjDFyRK(K_Cj%%KQ&~rCzpp$GMT@(2NY}L(d zpeq_NsOapH^lRfOEaA9re?i#3{k4L$qgfZD@f7!dp=_!ua9J}T74gz+?pJ@dZ@3*$ ztsfwZ3p1{p&xYcgax(EB>;R{lUiH~J{+1ocW!yDC((`diKMmXba{M5w1KIX%QJL&fGQO{J@v*Fpu1-EF|PniX7gf47bsgRD*;9h#weNy5qPWvO+S5-6$ z%gJyr)~%!65lM?lVq+$Ju75%p=tAh9aE@uKk=>~wYw#;jBP3CyJ6UnZ1zcQ}F5Xwl z>}e4n297HHiJw`2DRdY($0aT2V0avj)`L<~^8K_0Vac}0Y|y^45&6p6gDTtE24Wr^ zu;B|iJmaMY&!Q(b{n`fFuLcIpn9DBZls9*l+8XKo=xdq(zR&adm)KT}F85-2D~ zmYnj4m}t4(_Rmq}KnVl2e}H7~=@*+)M4Z3;;v-#pRP)h90)j8T5^%SE7SBhmX=yoi zoggERUoR_nzP^`mWVqDfR95ma*?O)uNUyg1$Ie=oU3G~C#JB91eric4oazg3$B4aa zs7vnP!xW&8w83+FpPCtW4_e>7uqv`}@YL6i%%=Xr?EmH^dDsStY|b05E%P9ZS%oKW ztF}>QnEy0&hb*`LUom}}-eJY3q?i4Wy(r82L}BT4p6<%qtsC-n$~wJ;Sik<(miK;4 zq?cU+FVMCJ?3yI7+~`#P2WKz#g*S z_a$GFjiWdyy}_g+7MTN5^J?3b2}eKrWhjz0F?RA>%VqdSmM@#)LW&W0g6Ts2_?iwY ztA4jc>K`*vBan{{3^t_Nu6?@IhBKh0p$AE&!?Hd2EuHh6kC0&n)h0#bcM4Sj51LPm_z7W~CtfW{i z9-mBYyC2w|MW#CXD-~uHU|j!K`*R&*7}eZgzegFc%XxboTYj{IX{FHhbU9<5x#fwc zSalVMdxqsmTZRx_ssasE8bs=VH|&VKx!Ld-W}Gss_l(0Pbqlpi$>LU2SAOyk7z`~q z2y6;i6ETg^amu9qKJBWSeY23!$#6>ivG%IQ0uuf%Jp8!y(4CM3?^I$i5-746ZbvH= z7l{&d{cnnNy>m<_g}VG`cgL&V?2rdfd{09&9Scu7Dti~s@Ym_dwb(0)0 zHI|P0+&wMfM`#-r*)Ap37%@D&G3#m1!0T7tHzfi2k^jbu+fv9OmcL-vLGe8m3$bOX z{d=#dVO8vWfwa#YDc~Yv96Qc_aQ`END2M6S+$)}#a*Xwf0!JQs|KXSyj`_5nB$L^5 z?t#WO*Vo7*^?q?}C_Q}V9tbyEBRs&wtMf;2sz}3i$7sN-EQHXSDVL5c%}t>!3DqiI zRkdVW!oWpmf*KEz#05W%StmrqBX8^@$EMeG%r>u<78`G$48QE)Fty;KIp^k_W)s0M z`m%CQQW z_J+QiJF$e!7lB)A5lE(!^!aq2gk+6*xW>cx5 zp!V(sl;*U!xCRsu~;(*#)(8mj?EyOpM$txm@g80=l@uh>GkULHSShqS>6}3_f7w@7cFyQ|(-$i@L~De1Og{~^f1Ja zveI^(gw@7njv#_Fu`v5D?%s6@SEb1@y}gA!O4Ykb-8< zUGh1P$cDIbO6`U-Xc=7@V!U=|0XN~uUq@`PGmhPDp=YyYmmg`<3?S4efQI*Yux(fYCn9AN(k*icrRP z3d^4^UJVLAu6p6}e6sG>i=2D-$6lZ7Ki?65Zhbu_ai{+G%a31rRu}&pjDq$%DY1$; z9wM@z!U_r;_nq*a*LWmJUks;``^X5@S_9ks`qiqPXYwZr25@CP_8MZ0cq;;__!;(U zmiCq1Cq4Rei#Udk4|xJ3Yl&=!usrzb@RP@xFWDmZHh{2@LW2I z=LXf{*sJ;6Z$wYIc0n=yQTKFl9BDTV*yl_kYL~*pt8Yzus&ySoIh~d?!`RXaY6O1= zjiHFIE}J~SbtUlctU3Xg*$NKAteqG*IzpQQo81eUm(Iyq4Zhs%I%+@s)Y-_tBJ;9v zzSY8h4BXahtRXaAERbddVs`E8nB{1(0S|*fyL-4$o~R)l=;O>A3=49VN-`=UQFo@Y zlO(fM{~M#yypHhv(ej8%NF@~$WyAwP@Q+!KF%XX8f%3B3r+nNZDXZUilqs*-(@q*0 zV?60KYKak;ZPYxh+K(c(m=TIw$*47~UPDW<7E^E6k1{2bdR9)fTR$E=2UodH&WZ=eS0y&aJoZHQTd&l#SjX>lL!= z+-|_h6nZqQb3v+WN>t+N2!r)F)hj+j7owePyoS1QihqO6snDPa8xY z0PNzCW!g*R;rB(z?$j@hLJED_c0>rhXSf`f9hj~dPWa22Xy(o>1v_muYx>Auk>*mR zj);8O;4o0?>jrjAsk`6pN`d;I!Qd6X`VdOTFA|heWLu%HUBrSdsA?+=?+K&+PzLAI z)Vno4JygV02M6LCNg9mBMEVs(QG2rkO5yJlYU^@{M4Ff~s&e=6CRWjq#q)oF4yFqO z<2Tb}Ar@022_c^l$>}J19PWTGPHh+_uc+vY2O0*01zp=VHC8SE0hGEFcF*AQhE%f2 zgQU<66V@f4qL1;{)5s^b?z<)Wg6fqAW`2;PWK!Eq937q08n9!g-JkU0V!2oy?r&uH zqi5w0ZI?(;)3-$0_GHw7ZD9uoy9{+0s)+mw-ES=lVIYTb6v>O36FBZqqGP%w*}u^f z46NItzRVi|d-G6qZM|&(bn-@dV8Y;v3ZOp38f8_AK+oN*pi^Dmj2d>9rsq9 zAluNZE)4ZODL!B<-pjjHS^y0!7U&JI-YcS&TytFrP%2YrZIxl+DGv;n<}n!SP6})+ zI{vijGe|z$T+;3;zT1^V0&?AWy#l{bs0-%zp5t*VS&z7Pr`2H$D>{G2`&`=XKgm^im{Ki&=N|Mj3H5!a9f8V&8^qiC zWfs)-CNdjY z7V0F<=4G2P;IJh{;V=}bzGPm9Ggd>S3+G~DPw#1q1DAa*pGwy{KL0|*71 zJVCwLEG?5gBkP{tn(!`-xtdBV@z)8i_)IIQJ zL%*-X3DkhAxTM|w{G=#{$K8gjCbBXeLb3MTc-F8-=`>aE*-L`{hsks_o*1Ios{opvtN=i!Q zHu$xeM`M?V6wU0*o#6$25t}ezD5uI)!{abeseEhNVXN%)8Opg?P6_8e&U(bjDl>tT z2B~>__K9Hb7EHJc^I7nho65X!YExrxM5em2TT4SyeBmxJeL zN-{J3=JuY0dk5GxFgVC#tqCp_y_wu(<|>bo|Nh6|dzAkqRlkvGTo|bx) zuntEUX}}WBfVldUbz2#zlK6qr-a~*d0^=W$lhi5(?T>!0^&}V9cIZn+G1G6f6X8nu~?1@6OkH)H{i|w}b$2&6ymUW{V2%1tn+nxAYfa{2~*2cxgkv4EbZ$;3?k%a>n(h(XlUQJBBYF=2VLi zO?vp5Iwajdo5p(Puy3n)C~dvUt?t4}FQaZfPB%OzLZrd%BI+lx%RK2qs0hRKz>DVA zrsEhsZs|Q5tq7JTsoWL5V>5Ur zX8)O?7p|p!kB_(IMAodQMZFc=!Kq7~GnkQ)0~+LW@-o8;m_5q;0QN@}4O%~a@i67N z;=F1la{JY+aFSV_NZu*&*z5CdSASZ8D3Wl7a2^&cLxsBm;Vo{=_=UR3@m6B!TCY$?RMQ_^Wdlso$ASw>j_7 z`F8Y~zQs%3RT3wu8n4#lPkhKs03(d}65iqxiutCckDnY3M~+-41=e**O*z+i6UnP! zdHcNO1hST(wc>g`4%PIOAH*|bTrUu>ow@RRo~)`7r4lzu>&9npKzL*+OKrbKbYjW; zdwEz4CZA=Cl3)n&SWsu+DfX{%GNzqU==%n~?40ges@9|~qDsl|dAwhLpn-?$b{s6r zU$e{~>DnH=V)KP1VIXjRnzOG&+&bDYev%A^s9ij+tHjou0B7lbnM}DUM+fak^vr=# z=I{EdEI)F$M`+tzEIe!9mK7Ad^-pe0!jPnY%zi;A#>|kyJ=gt9t%Be*OTSoNrl6Z5 z907cvLOaEE9V|{Epq`|rnu%o%2*%sD(*t0~Q-m(>C@t{N}Or>&|S;p^9_8X5Qj=zy6sI` zvh79!*|3%(tu`ztV#l(bZLO_z`{ztiu$oYtpl0RETtW21!s zd;M7U|Ks}ce;||eL@vxcTsLD^lZ5h%cG8Vy9Y{?hEm&$~@DcL)S!QB0pP`CR21{b@ z`!zT7cGzj13t+^fGj1vg?H^I}(Z+x1wRxTIQ@8-Ajj{h;NrhJv?@Bo$nz@fqi$fdG zj8OjUcT;O>N*IGtszyR#$+OiT9aB*_)afZ?kw34rw?!_(ktc2sDKLgIS+BBue)gK$^dFZu6EI4vT2b3upG!R&Fsax(5_-P z)+M>+pH$4i>kxVU#q>B7*5EgRbpE~CouewAYmBe)o{Wm&OQ1@KaH;>2*qELy7MT1n zCX$h|f`I9wa>q_rOKI`Urp4VuW+f|y(^6)VnwcB4ZjHLMc!MT2Y0PHDeDHfmQ=P)65AFn-B+%*61tDDGrmql7|r*_PXyWL9H_!E?_ z??-=ksY!e{Ii>N!4bFY0Lh(!kUf3(XXS;A9DfUZ01zVqClapVbw2VxkW9KLaS;0E% z9I~byI_7i7^qlxLbE9-Y;ouf6!)p2J{ZwO~%(Vt$(<3i~4FVM@nadeXuB|Z?oHWTXyJyA2;b8fJ zLABE8)kI4YK4S-3s|yVmo3IPhM99DmF7}FQqv?9r5UAn8zZidG;eZHKI-KCGfd|}Z zGh?(xXg1Zho6h|}ygojXC39cYzLH`V29pYEUfeLf0-M&KylFRQ+aw!|==1#1z-_^| z_Myv@mX&1$Y_krp$>;~{@0Lb#D5sF(NZ~aKLhoqH{rw){7{evXlFLZFi#N>PrOUcR z9MXk-fweN=4T+}?2r+G6hJj9(w{+kQQI3M;(t@}7=JxVbS-MZ#oo95XI0^EmR%=uU0tVZf;Z?@-cgB6NT)4ueN0F#cdxwoMU&En8sRJV%|QXg z^+uJGP${eb04{K5-fdvfAcQMeyrRFOYiPJD?&omebnGV&lacJ&#MhnWLJDPmWpq1S zLNgBQROREVfM7~C?8Bh9#*EH*M)6kVF-RjB(2suZRfPF4 zh9Se47nkG{m~Ni!fj+c826Z)Rb?PyhFZgsUg!;M$8tc&(l+O!GqQ;BUVhw8jgi7uC z6(=a~Q^p=)^-~Y5OogGm*6E6SO~>T%uFo&Rj$B}5&9|8V*|Jmw z^MpedZhobA-R)2A6FZ6!v(0riW{Y2qzVx~f@JQBm$NhK3*0(&fE%8bGvD6}K_)G>O z6!&=w@Jq8gR9o7J;6u(O;BTZ*U4lW51sXPUxmM&O?7h#Z)S<-nmYODi5k$yGL~s3+ zgH{^5hld~ze-P{<{e?TN7!SN9ok}q84_T1>rDlqLtdH)8%Ke9mR(^iFMfD?0@{gCS zI}S{^x*k;XRjbXC3&NLPF?Jz_lD(oF1%nm+G_m^D)#?+dh?WPt5M-<>)lHtyJONiy z>_w^)^o`_; z?kOIDa+(=mhF+|qw>$O=C2@y_O(^bzOP+{|x6Ngx){>lzlbcF*_)%n1(CcNnD)+Hd zi%lWN{3RZ{9KRcKp!hd^00WlaYcow3_>e)71PdZ$`BJ;UQX#X%BpJ3Y;nPo-s`Ev4 z#I-8jkLkivVeVbeUKpXXo@mdB>-3bEZKV8HXv+t~l*D}R*@~2>`}tS{^tR6fC`W&( zEluT`EVRzRrkY^TA_r9Cj{a#yw)>^Dh9-_+r;49T(GhmDhKg%zNHWx~?kuX8Y2HHU zJRIpQQWHhdhX{?z$4hz^iQ7Tqv3_C7aUGN^{fm-qMQIao?vvJ?XaDCZ0cSMfJgtki z^T%>w^}2GQ#1p%IAaC^OTlKn#u9u1}eC0MUno~YM%5vZV2^Knb)$iS4q5U3uD^Y(! z_BI`@mV9Cs)4qrZ+)$EU2IPMEM6B~;k*}9`tz%MULQ8#G$ewG@PLDI0g`u3fKshA# z;eRAn693~9KF;r#bix2HmXiA>RVLlNo-5-(Bg|&YpB=Panz3A`xNMg{Z9HEcfuL}u zOVoS)SH6Y0AG=5eq!bUgqh}D!RP-zGsY8_ehRB)S<*e7AK`9+=VP%gxUzMdF213Bh z=&9Hw2S3zlD}R?+_EksHSb071zUObi^c;7*lPrx!c&@Jc2vxo}15H1coRA|P(X{-g z6P(6n!xSM_(f2SqH^i=9G5>{ zx?$oj+;h=3WYLUzZPrYT5}~9d%hGQ^qshw;?u}rq)AthSzXMY7I&UEZ(K;iv|Dy_E zH*?1A(JE5Lekz!fj&6GEJ%!be5{NS(`{ zZNn7?K~(^KYNjdmh^lhMb- zSqU{rN^^%*m)td=FxUd!P{;}V#N&j~EOQ=m1JmX8B9V>=20vQ`8=A63)0O8CB2&5so(BlgLb z$;4Vl9JS2G49lOWNfuTVOA~#X7p0);ev@)7QaCienNoUTO6MomX;>ynt5S;c-h8{g zmWu-UXfy=_y!#goLT9Mb2#pIiY|Glu!?tM_?OwP9bD_(<^E?*XGOjFoT1?E-PqGrU zR%sn*HQ?nm#g5dnjJDAW#7W+Id;My=b-400%ERtKLG_4v7UNm(FXBdIx5uRC?#FBy znhe!(hQxTH`Wj7#$T!#M1~JHx)Db>8x0y|aY;l`5D0nore*e7EGP;}4 zVjE=^3~3po7610I&&akihi}KQpOgn^h_-V=20ab<@r-l+kLh4Xe;;Nq6njWmutzX`ofj9@V|p&#(_6LNLmDm1F&zZEXk_OEN3K%eQ z7+Q;$8v3zU;6z;jkOBk%CSJ9Zwq4P<%wCi6vaOanY__NudOlpBzE>3+V5y==2&n}) z?_{FA@qIR%q8w7KxXs=CizAqbn09M`BaX}7i9s$3v#+3Vy zIVB9lBDYcG+;zg=o;S7ca-4?}ozXhM*TVG(%x1nbN%AX}{%|1W>K3QRsoo_WnG$J~ z6{-*D^%jfl+-A0e$eZWN`c`Ng#HSR*bcvWGy^vMjx9_bx$_0`>y7a3logBsws`gL8 zj+2ukeqHJf$rme%SBdkpU|VV#l_4}}0E6t$IyK~VqE;cJGUJ1n=Cg#>amZdH3(0D& zWZR=pP8zEP8av{EE!BhZ62Atf6?#eLvrBOWx=zVRA#{WtEjN^s1FbK`l~K#U7az?* zY8MR}1;*z^E|;kE7tFXI$AOoClclgeNZ+QiVp(kMJQ#1?87S%o4Rk3{Ov@^5qFZ06)T%P; zW4>D#Hirz$hoa^Kl4p_>nR_VOq&KEkEx0n`TH1+hokMB32R74BHP#7IWXdmgjL?j= zC6R+HwfR{<*<>_;lWVX+cWFGf5)3fKum4E3easx8$nDL%EEy$(gFG|$O53%yNizR+ z12v`7=;Zh1#4YzeXFYtiDYVt#Dld5RXds8xNuZCjPW}OW`!4{uKVv`8RgB+nPht01 z3#t=_W$NDo5U0uGC|{P`!?la|;-v)0(?Z9SL>OS+&Y;IVU=7_h|FW}(BTf5zpHCb- z{Va(F?uSdpCfKN3R_7fj$Y1csqH6^_KBaEJ`#+b`ZmZPD)JAECSaa1m+=2^l)F0t#3-rwHJ7 z2`U%SRY5jkjRF))MUxIypZnbNi(Zx70&J3b-NtrDJvE)yX)20!2As1>Q$5<1?&zOu z%6hRhN&LP$fL+_(={zS}$Dx7+c2gv-p+c+Pd`XVVVj zEl`lJ!`QZoc&s;ENRDX$Cmh?skOM*ZLGpiRSzR2EARnILHugiVTE*RRNh^;wx*Dsw ziB)RjDJ_UBR!_r-i6${!iKmZeMrDSLfhduH^ba*r5y4nyEd#Zwrcpd`sv%VLYj23+SnSVdb{`E+LIUU+!c7;l{oDLs zh!jq2B_8i$3+8mc_iQ42`_5YYTcUfo_col_a+h*M7DDO&raQUVaD zVqH-3Mu7|6*@yFqaN62o9P-Kir7~?J zt5c0Z>C2|UP;a+};BNyH_lwr7%=|TLbjlnwUs3@zxY4rc3bI-s(tWj}h_z3vr(F(i zZl8RvpO|c@6MPYmjhfTXFSuE7nL3*D_ipX?I_zfFfFDlWITbFxeB0rxHBC}pe-TvM z_^XEqj?(l0A<^b3pMz^zpgx4LL;9Ix8Z(((7V6nV5YicMhBCQFC!sJ?%?78ADo#^( z%nh)++mtKh#OrVT^D)Hbo$;G{Eirt{kn(oU$S0BGf2CFK=!>;y}MPniL9HK|C{e9I4-0Z%6lHEK_?e|`9ai7jauGQwUQQ8^b~jm zMkvaMh>#66md3uc<-Vx;ZTR-q8);Pg>JQzz0dD2&#!}xyDZD6r{`USMmx0+~)+@*T z!RCR?p~|BNGDb>bF~I`zExo8gJz4KD0KUJZbc5=fi-@uIX)nV`b4B(8&wNFRhUI%A zTkgewvgR#ziA!6K_JQ_r#WE68?}}lLZnsT+&a9=!Yyn5~+!}_iWN?d!YklQL??e zEra3r*B_QNXlt=t&k5Vz48qcxGzTuVaQZL99f|Q+%ZDQAlx|-(EO13hi+Hb;#52d> z>25!uG*K~0A0;S?bCBpS2)}E2G-AR>TdUsnOi`Bfa5I(AUw9I8dZw>9F;a7$-aVlK zucQ?YZi@vpqtM>oM?B>6sQUtMX>{27LP!4r{)(2-y0-CF{{tM6n4u>|{JCnS$KH6l zgw)MgM!Lat@dGxhzZd6FzJjR92NME-?6iE6i)C0lsbjW&0eY$+0FcMoYR%|MN+6Wu zT>~8!IsNi`Z;nOn`0A_3AiI^S2K#vD@09*TR4QZK)-;BEnIRANd^)f(l)z~%^sZLT z#=)~Lh79KQrgO}cU2cS%z#0kn6%)~Jz*b{c-m2?6`^`?Tnd6b!OIO;2gFP+`!oDn$ zxFlb&lX(G30sd4jyQGNM&ee$|^a-^OWUYH5Gqq4@!uI8((&b8103E@6YujJ8sg85E z0D?}*1yvsR+J{>TQj2`~FEO!kDvE=q>!}+ye30c2 zX^$XotiByVxx)0w$Z=$(hxsMB=}Yka*A}i-`1hE}gUd-+>5NuJi+hXr7e(gG47e4c z9GPq06yObj-=oil{4x!OZS)v5Ci}zMWGk*I7 zTXl@of8EqLHYKmn99*++wWkU;*rCpqqBHUB68)*vh5~m3cg$=B=&jE-hA;!jDrx6U zYob1vHrfgTinXTwu=#0^T{Eh{xK!acPHWe1!hqF1@~2Zqun;ja+<0S#uK?qAg7`nc zuF+WX0eDo@i;Zho-juvgi$%~*^t<~U8Y?aBDk+VNi(yS@W$1URjq5J57r z!i5D|J)ytzo>eVxTh=sQAxrPe3(tDyh>V|U;AaJIzXu)=@?&GeA^;5RC;A!r2GECP zsKk=~OXp&9wJU}0mv>|Zs|snBNxuz>3+VEYYNnwc&N#Z z<8+aah}f`B&x>o8WDxRp?H0#J^~YhATnFI;yE%`QdGUtMc92=~(q;S^%`%?j3A&hTW+b2kHV@(jP_)jcq zuOEbH$@dYFulg&UmLIn$8hE$Y&kJJ)K`qMJgRg6&{*c{fY;8@4fLeWxXF)Mx>Oe&)JURGQek2 z(knIE;aLKb{9E>9o0N0U_QyKLkjqwS8#Xe<%j+_0d8P=p6NGj_wg9%VR2?Dao6G72 z!cs!?HV7y|1Zwhb7+t@Og_5zs9hYA4lxn30r$~*mAekbpO<~*fI#K1u`JO|Ar69rE z)GFqCe0f(5Qc47`o#rvaMEVKo@yR3FLv3o_se{TMWD%V}EC^)vhou8Z0qhl8D|Yi` z^9m`LbPeW2bI{a4~T^8UAXY>Mt^- z%-iPHhY#{3jsNU1fLr)z{lrF#{Dv`@?{62Na1U;(>^ho z1I8hoh=2S&OzU{0dP-XFL;RG9jvSy0wrTr``VVbt>MZ=@Di&TNmcub#wljtsmfuzf?b{(X9FU7_vTa}f540a_wl#U?*4ryJ{A;nt>!EQZ-l_K>?a1)V=eL+5#p~a3+jARv4nEU~-3y@9_v&MKxj?G8 zWMBclUW1!iwB3L(a7J9}q^m=a~Zwq7YKXcfNM zV8O1plouZ2Dyn&6q+_M6TEn^VUIRR_fvU{`DpKB~h}g*l3?cxOkE5y z`yzGu4aGXK7yNzDu~_Se>Hh$$t{pkyER&y8RgT;MIg}9Oa^si}4d&Y%$Mpt*0oRpT zi{rKx56Y#r+qA*GbH`rt_le_0sNRk}<{g1`K!L!Q`1&t@@*{rYRpQ7)1iM&zVCu(= zDzmKPrXleK5Eife5xvISj~Zfv#Ero;uJZl~TWA+smHcJN!gG5UkWH!| z8{D3CR?U%E1L1JiSS>4LI4L}lrs>du&R_OKSP9? zfJK4&@i{lEaN7y)&tl2oBjU#7n^D#gR=zbWRm4=i`8daMZ>7gcP(qdELrGbtru@+w zU-WmvbUq5`8Ytzb$=opM+jKjPbb*#fNA!X*1WE(4VW5oQU#!seX8SXe<(8Yk{1MTv z^l+oSs>zOSD1tn2RGX9$+xEAasGviRzLs*Foqf?DIOVTmpZ zQT;#ps)=4}w{nYqI1Eit^ZvHhd?AyO-f_R;j0Vq1-+cF|48N^gM$$2D&ZX_a50+X! z;NF2?Hg#S!ut8enq&N5j`y^WCjsF~3-3cUMZJt5K|B+T#U)l;@tqX166(Rw?-U&EoivK_Kw8aI#$Hob!JSmmDSei=J^G0AtSkt&51|1d` z(wg_xVmL3HkYzjLlXKLQYvu7#M7aE!wwmj&a;?J}**47<0#&_1PeptXaj-Y><@>Nc zt;``Gu!O0NaD3^ugrlEbKyioS4#lBR z3GVJ%+@VNtDDKkY7AV>lN+?t)EtSdpe(xu1)|#2`->jMZP1dur&U4N_dq4Z$*DXM? zAd^-FN<%&%7fUC7SG#m3bWxDBz$v2XL$k4~8*3|$$XQ{#`DvC+>`Lefc*Ii{k06s< z?de117tt7-P%k(4Hr(vPS4>@T;kO>iET8;Ej3FuxFG&v^2Ye&(U$cr`9Lu>!pA;hR zC^6!$9b0lZ?xR145n;JQR{um*gD93_kDya2Rd+{msr#@I>!Onp@PqhxO}1#JRcEQv z(`$5Wc$zMc`Xf1o6OI{G{qxnP16iLo{Cn{O`UX{Vi*|t1%|0clYi8i z|Cf4sW+}(^8*;AGUo%Y>xaq`oXpHUC&M66KNeuZ@bfJ3GROBguT4bePvVB-gP21u4 zEksXB4%>T`x28yzEE995iH1s&-HQ3wsM8svyRgsB_^(mwzXxizSEvZioF zxM~Nb3j8KkigsLNr137i)7G@)lfDXr(R1j696vKt46iX$D!SEXy%{;iwIx-jZA_vR zM-_r>PGcQ}xKfH#c}k6@e|^-uML z$$qay!e{qN+zAFAO^YRQrpTGc#5HCbpd8=NltN)czU&ZivR+QhdujOxUoTC(T>@Ai zZ?u_j=j2(Aqf*1;iFq=H%{f;^Tm$AOfjq)t{`X2|EK9ZiDHgrSH(XtQRh(}m4BqUj z)6Y_SS?1uHPq6LF*49y6YALBhM-)7AK?>L?D?{AbbyRM3FP&O|$velNz$}6~YBT1s z9`1t7d_>0#++mX2*{YA#K!D?Ojg?$k)RHHi6OA>aPjnRqb^t*+4r>3kg;CP++ql;JK4;kdmxD{iBH1|xp@uqGmkjq> zGX8HNL8l^tU?$mGdy*&&IK_XYx-gkvat?v@_^2$So?@i>sqF@xN|1Fh)UxyX4}EW& ztx4gu4mKmbHh)bEAYeDr9)tn_Bm^K}(oqoKiMtR4ZinnvR+ZVkFNkEG%JCCUC}Y64 zE=9zVQUz1pAVI7NP!MHEpM=M%7*>dE9xCaVEaH%?05&6R@B! zknoRrl}3C;JH2Qs_ETh7! z^G^)-NQ%5ol1d`B63RI6&{t0(I;Yn@6uAW0@ctb^*E5nJ}Mh5Kbu%T%)-HB>5>_>n`|cbR|VMBHQ4m*Am0gr_G;^Pz$j2w?%s zPO5TaWL~EYB3=t;F2|8=08mdtd?5x!F$Gy)rMX>0XfaP{Dm7{htzpXIL?H&>398(! z<2jR;J;&y%G24sWk=z)1oS+Sy<#Vr6kf1ovV*r^q+iJVu)?9=+EghJ(we*{jg0q$e zFKUQ5W>A*X>FRIkOSdq*(PcrYDqLSNR^m7?g* z>z>}mmBG!kp+6OO1fG!ePsFeva=Qjqz-)!R!dIUP+nb%+uSWSg4+}whG5aPiDex)& z<~Jf=sI<{KXh58!2p~{Ru_t>;dnx`zllxLU`Gc5!MQOz9J#U?da9GQI|o%Sp} zwJ4Jz_|ON}I8^XYLQ%lb6B{LBV*9)bTI^Z6^Rl|Hgb0L`7w?CBH;_i(_tyflJ|pbY zGc8D8awfmp==c zA0@6&lQ&LH?t{B;OIy<$)dQP0?e?fJPVyeRl1j4-q3fN^)zfXg!W+{uClGoaJ}j-z zeTaM#fh;lbr+`dW)?K3P868@NjqMMu$O!xSh(gky= z_Uuemc%$dQt{lq5Lr*}rAeR9^Go9n;>EhU)k&ps-e*vID?)-5sGj6*+Fis7RB*wlZ zWQ%*rov$DIQik`tKo&kJf{0lTMs5p8!vOWedYJHRo3rf31Fu+=NoJmcYs;S0Z||0- z8}=FWn)P^->wQ(h_Ysq+shT~w6X4o<0)(L62i!;k7LtgPSvt?W$@lCYr_RJ$uafa!%3?w6-!NXS!9`R#=>xgO% z-)GBR?kK=pr5c;a>GuZR?7Cv-t!=|;q12NQV4>`o@u3>W)+jfClO`aCDf?FG1ocoK`y2eHu5;{Fb_p)rE0P&ynGGC}fL3&^t=5YAo@eN`tx4J;AqW- z(Qm8%XLqr_*ZIF0{a5}1re!~mpO0w$I<&tM!dVm5oYK)R^1oZlLl+?W9zQ~sz_FDN z`4^=!C5XJD@QfDCU_&BWo}NSDaB+HQa;@UteWR3DFR|I5)CCHZ1I%J@`R}(TwK+dx|BI!%$=!chs_*Up?=964agWW=M@!KL znstth@C6!Irvx%K&N#dj0~enx{Bb-gav<(W0GmK^x+0$@Hj*taR8)7HlG|o#%R=C= zD~Wj;Z9VrmK|QXz6`Zrw?1ZJfD7$#5 zzofrRuAdqIZ1bZG&u(JOOtw+h-3dcFIQ~5i3Nv))*z={#mt?_-)ELh;cWPhgNqebm zr%%RE`nber7qFLXV3zL+$04a_);3uV4!eHq+R619^&g@?^r|;c+q14-zTkN+jom3x z5BlYGSQO}6XL}dFbI)V6YmBRxx?s76{WW;6;-!!}l4o3QUZqnwxP03oU>DiuUBlDA zhY#hiQ}@=j1pszlQHQt{QPm+A^haMl+k>jHoT4ofMZzz8A|V2%S52)#u zYVCUTVS@k5O#agw{TF>#!W)Bj!q;SW;r3148rL~+(Y&U-PEHaa)hwJCVEzk4o4@uS zs3=Fh*&%G8q}*s@8ua(y4*JR(+-9rzP9+hp(NMaRzFP<8yNFbThpdn|$cZ^`Oe_#8 zV7IE?e0K?)LSqkw07HUv&Wp;pMc zM3)Zx-4!~^T4w^+d%s`b1~p(MYqTqlruPApg3om5a=?pv?#AC-j!lEdxQbQ=8CHbsSbA&}DsXq3A^kKQ{--h>e; zAvHDbr0Q~>Nk{s~DFz#NIRkm!WAI?#?%34%RF|i4ydvj4`HD4&-+5+FHPqggnxlo2 znVgcaY=F^)Wtev8RDp8mL#WP7Kx+z@>Q1ZkB7_}uL!LaD(D`WssqJo!dhR-+ z#%ci+Z1^X>0GjPh*!b|d45g1eQ4QDSKPLp$L?_us`b52yap`4Z;m=2f#@b*|^4;vH< zB5wOOecyP10(X0>B}K_~a{UF~u4L{GLeC1tH|2~vu}o%}=@OiVVzwC|lDr`YI{fHc z_;3I&9|a?<>{+1F{S-ABm4{VWaiSIb3m_jP-2%D~J%tz;RJTLI#0etL^-jN3FHTi9 ze~F>=I_9T@!W0-Blan21aiV&Q*HNKK8hB>B z2TJs$ZvX(G0n@1{0stWqcrY>b&dJa$mt_pn~5|mgU z|If&a6v$J>Mcz0{v9x`?JB}XII}U6aL@3oIX5CDsL)GoTpCMDL+=h9IVGj2Yv|T!H zD)r6cnP5nmvJ4(vOP^{1U+XqKLACVQW&A&iGQF>*Yz02WCUoO9?ii5*P6_is&Z!<3ld@^>!oMrN=c-WCRxd7c6oH=7wb(GPVuWC##_Gun&q!k0wyddKn(YC^B$Wx=AZqbgKtKxufDcG>WxHpSvMF3$ zW8%n2v~9M`E3QblTVp-=Yny-2N+JydYWMI@bD88~-9ievhLi>C0Mv5na`gLe+*jGQ z8onVb*fZ*%maR`LuZkPoWb~^VJjYd`tzETQVcgqP@26miX$YdGkJB8yXwiRM$sur;>=dwy_>T)|RPwJX1|&V-zF%eaT6HV! z%yBm^F}EqNGUH=hih5`?Khq|=qFPmDYd))8pS?o$*?G_I|Kaglj9Lx~GW&$PDg5LQ z{q{3k?r7E-y|4DnWBlw!0#CJ?D6c=J`32#(kB?**k+hSXYnzOaCF&AtX5^W6*fdR( zA$#>Ys)(?#r(09K@_qVF^0wUl6bzR9@Fm`*F${ReQkTgbbT`sWnxpB!LanV-je?70 znn|qo%l$k!98SI6Ld3~c6d1Q!q&?-|td_tcu4}2=A7XdfT_#l;~)O6SEoYE{B(8$1}< z>aet-^q zfGczsaD|Q_SQQSGA2xdMa$0*t@Ge9;@$Vr8Up-<^@TQ~wNXu^!9;>XFtg7kYCp{W8 zF2cN%zb=&izpXEmc~BjlL^k~A`2_39vLZms9r1-fbPUtsB*h0cog6Hw^1DjT$3dT7 zpWxnPV&pA*si2y!z|ixoWUlzw zxq85M_Bx4zv-x+GAKE#~F*!1PQ|C{Hc_uS4gqxXJPuPaQDUC7i1W76XIxVTofCv4u ze`5Q<)}U#-%XvpSnMwzr8p>PXmPLA>4h-l4djQ@)ABuOr8TD&1ajvKyK{}kFN}{IC zy{X%d53z5LbLf2=o}aI>uIEavv}{H)?Cc2w|;%Q(fxe-SM=jgh^IA{ zU!IFv`@Wg*D!iP7`e3H^DD%-0dnM-xPx6P6;>`5|B&7 zSx7p8xO+I4=Zgf6j7z*a2W_9^4V(9hSK#zP!Y4D$Vea;LjN}e5Y%uZ{1y4J_I2as7T-JZzIau&>Bclv`XYS#rm|`QD z6q9OP=tLl&!ZAlEg0B@9j_MB`6XMWYuKszXts=i+M#3=AS)57jRADA4Uo1?9 zTDHu<8;D86TO*wxbXI%c9?<;3y3OsbfFDdzOpAF#knob9_;QGN-Q$G(UL}I}1BL#+ zR{3F#-rA6SMF&UhU{-Y#%Ry0VK<80<>@CnK6}4i{~K zi;2*W@9iOG;ErypfF8#4jaM=BW#263xf8K$2`W?F!8O7*6dN6F+$kzcpS|?GvWSg_ zCfOQz15n*~I9Gf5R_j;kv+C4(nRv~?%steDKQp?YvK2J5=f#V7gxCy%hwr6kUXLEvWyteCyS6STJh?12=xdq;uUOn|n1oeb#R zk*bJ2Y~=%q0t>oQ^;8KffdutIR{-?dN z6w&+&feMGXlRKZr_{9*6o)@MCh1#+dMO5(($4YkTEX+4f-E?w2-ZOH(Q-?fVcV5@@ zwwAmX`elT&;nT)n!0UCpf52dHt;B=vvOsNU1JAaYpe`L4MLH?&N)MAwh0u-jKCeij zbBI05Lb@-rY=2K#9`!s8xnFt@ZS*R70EeP-9>|bPCSoq?oEM+8Zf0^L`R2qb@JK2R zW+m=g(1be2Fs2LER;uQU<5E0-CO=NOsdsfTuh?tlJI-idSs;ruF-y>{-EzkfvdPFP`TKnv?nZTL#fhvE{YSS3$;L~u**yMM@~J$5r!=B6OKFQ& zXjTDf;pJ4%mSX?%wiv+}y%=ibW6>!>ipgOyAE=ztU!Z;e)YK+(B#--6!1KqW;c zcI$A4p*S(lgszqTeOSZneM2>a7 zbSKJ-(+4QcM+$RCpOM6W4tuAljHQ`FL8MbD; z_w3(wHR2++_YsGBNuFwTbb7mFj!^``s1P+kdJ%%6D@!>2igKn}vAx82m2P)~xj!l} zN|O)LSYF2^@6m_^1;wSv*9y_njs(3BA+7>=@YVIM2Sfv|Vkx^F~+}s>mylq*u#DwCC*TsQ!N(sNw zgMZvj{{kmC;o^(GfPmr4CWBta!SgV8_OskBy-sTHLId?JU7it@t+CuZI_*Kvb$V^|)GEEMCi~W{ zG{M($O1ER*@qYlq|C``8v4$o2*C&?ek5v8w;T_M?KYY44`9*)v^zQA%8>?r$&k>k! z|6ximyD^Y}Go}A`rS5-g{dl+q=bJylxr0}v5BD5wUNZh+E4zMu`t73SFW|BIi|cp8 z^TA&|&ka(~XKjpL_P3tW@lgL$EW9S)rWesKdG!~#g`dQ$Lw@laM)87IAm%yjjuByX zWVE6RWlI?3mdEpux5qx8^sSsn87a)(_4WEG?46wJZ|Tr;_?ekfU}gf3B(@iPkJ|1Q zR3;?yZq)l}0Q3P1d8qPu`58q@*`dqEOXgbJI`rw9Gnd`n+_dL$l*f;6jjslk`+rlah3xDLoG&Qevi73AqwjJYV&=sLsOTew{n9vd}Oj;*L@-w!w9+;x0_8kYSId( zkuX3L?t2@F6GGyuIXPJYSyMHUOxKmCIPvneBNIf5F|$*}syj5L9=tH()el1a1uWG* zo>n|fy~5nc$Y_5LjgkXE$FjkRr-kZ2v>D1$SP!j`3s>H^!*W#<0=SIZ^f-Am?VduJQ zkC;Hc=MLLa*2a-cf-qAOeh{x{7AXNBT8LL7+gPM+MF!8bT}0=l;7;JC6{Tz`@tIg1 z&%id=nzorV&3Tm$bb4mP=gS>Z@akW0Dyvxn%DZsX5!M`gYbuA(DB8$v@U`u zMCdxkv)foB-oP(K7?N|)*kbtIK?exktgvu&T5zb=l(gUC{qo@e7J7z?+1n!=neckz zi`y~&MAZAMmi8hOXm_(&EE}F(+cKKg?x{1t*`X@0T=N`>!SzYW3f*W5^eRWS`}8@S zUFh-^tqR4dPtOWU_YI0Ow4RAtR^~xeg8(E5*LiqNI+{f>l(1M)?=~tj|K9tXOXQ8N zb#$^)#{0Op48McxJw?jg^_y-?P2O6&$;S7*PfIn}eMg+lI}hm=Cn5C!{L1ST!AwXy zew;>G*5vC+LZE=%sntNcLXlfR&c0_?W~Y&<66rT{J7nP_if5{dy5&&M=r1y1ryl&< zf4-|-i7{_}zbD~FM~#i-^V*+Ng_U9&@`w)< zi9yTU3!MII4#Mf-qiDm0u+-%FuVj8!nl=ej!|bbp44E`aJL0A&UwySgA{;T1_|Z<+ zzO7h^lnJbE`O0pm=hdg6wiF5NGOTtO*Qel#gwQgr_0Vjk0E$gFw{Hz{SeA9_l5T%q zlj-JqeraSi4L1U&**~FImPt1RfJd?lXI4WB#d`WQeO%dcxv`7dQ#Bg$B33N2<_mns z;al}7feb%Vme`Qib2HkQAi+;&UD;el(+l`<)%9BWcSvoY)}xpJ>7xo9dDO;#xy&Rl z;yYn_+o~VCC=5$$|57u&yC93*k?v310J&+ceJ*#k-$sxj%xlUq|~kPOLqRG0@$2%j{gw zTel_cvU8XE!WKMh8C(!dn-jNP|Da3pkb$E3SW3DmnowN~KLW(GYfyww^m5$dwU?r> zdkb$7E3J=e$7X}4+7~X(r9w7?0ba0shUAv`N!KSUcIpmu$;#eDzp>#{w(;i?O*Jg^ zKlT=rVNH5E_TI?&dc0Y0k%OZNIn>5&e2LM}l^EuQ((`nN;=7%MSQz1rll{yfno_@* znwPK>Kk;(g^-P;yoUe%`&uGdZmWNoD-}WA~$wB)DC-S;U`J<(6@%9If40AR47dWcz z=-)-#oL741=Lt+#W_48+sZVStVTtZqYNWRgCHTE24eu;g0fz_i>+wZ)6D8|1u<2%- zlH7t8=UZ4a?7~iHeRRq!T25Z2$@wL+Ic=&o%V>h`*njSWM)dcRG_{N!6BBOP4&`zb z-8!ia^Xu;NTgaSOBTA>?W#lpbH%x*4zl!Gn)^N@LHH0i8T#0nzFe_VyB}qxE#!WcOQ6p7TjRQ>UPmgF_!@WjdKXQvR)34r=V9Z}n&8}#1Z~c0s-K*qt zsn&&^71{ZG&epi3olkoI*hvn-fQRUH0h6?k2ED;3-!g$JlIm0fF>x##nqn{6+N$Q~ zz8H819s+n5V4azu*XRn*JO`C=kz*tB%k4#pNV>`0eg8(EX)QdIcnq*#1USM&R#jre zOD52gL6WdfCc#<_r^Pnfsct)a6?Drvm9H3Hm7lv!P2LIz(j8af1Qmba_?5?6NyNI zl#>AfR;d!0TY>r}cOC|56#^!NpP72hTCI1P#1-$+I2?FG<69S9W=@{qcO){}@&D8$ zd{gBz$6ng1f$eST{H&F=4euLub>Z2PV`qYxtk(B-Jl_fk$n=Ir+?9r=wN~h$T?<&y zaf7}rh+*Knh|miih;`88JJS^KUK;P9k5W%g*qs(`SC+x61xK7Gpgz<9-Hb|OeMg5i zx5e5f=iOIc^5gS4=%P~@xBfXS%XUDpC&Y#HfjU)T3*GW`;h&R`xsRM>*8I*0AEPCj zc)bftkh(TEdDcmuIwyz|B4p8_W6{+7wA4SS5OdZl&MAUtzGPdWvr>4Lb9@G&>|&5v zbb6tkp5AeURjB^jea_IPn3ioi>0U5To{t(6=k<<&frtce4+Dp7DnLNEgBW@F)>WRwRjhx+V^&uO+LF*mbFaBB+N&4#<=6L*NGjw|ZJOdd` zMe`SD=%)~+&M8;t@wo%*iaH>{((nzPR7K%Ej+GH})X*QQj*qF z=r(Sgtw9=;RegkrfIe2xMI$dcla^K?roH?+?@fb=yYIlQa9Iu%+2G{CcLGry&K7lt$;LD4+kl(5lp>hkOqizg-c<_{sZELbu(G0Ab0fGOw{8E5hFXob}o9<6z9^^QM68M-1xcdUT5j zc#jxTtAKlF?{HLFms4*#3QYgZeEd`G)0#Nnw?1J66H|=h6y-&ke$sjE7LF8eh_RfM zo5|^qXB;Zi(-}eSqNc{P4AZmw8NTGJ`=rCBgwlt3S^^2tVAl9J)vR((IZ7_0%5%-| z0u(WA3vqA0b*j4Zf_FlrHJ^4M%y$L;BjKxV7&k`_JgH0 z3By@TtEu&**OZc` zD`Z<>%6Ux?##;Za_pi0=e>Lh${dc3jkYE2Y>O08>zhuuDqhJ8>3zQc4;Mqz*XCzjJ$#EVngxgIU-N>A zjyA4GqeB}XUI)b<-fLJNF1s3dIC5{R>*HTwHuoF6y2p-L&?7)xL87G5q&pX4iTU{=)Y0?R{AKS) zK?*wN^sa-z{CuoJnAUI$dVq{@+hFNYh!xG{lMNPWHMm8p- zt05=y0!L65k_W((2B!evuO`{`y#uQHTiMxy_L+WN@s|?6jT9M*Iy#%hDRMB`ykDE@6Un7CfS6+p9@$YFfqfw z<5jxSQ3tSZ3#|#}9Cwc>i};8TQp1kfT{qYHohZ<9!Uw8M?=F!34nEjzLj)$}zK8{x ziju+7#yR1nCD~Xcy}EFTS5bt68$R93B(2r0jK zR{wS;N+&JOv|610a70D6rY~hnKbUKJ{D*{aacD>cD;B;deZCM|P$XF*ITc)#}7~V>FO^OsZ+)Vn`^|J~g49r$Y|*2tO#2 z@Ky*>kMQ(oxJDXIYIvX?nldQa7zh$;luRkLIy3JQgw%URr}<~=>(x^`5vWbF-Aw6U z;8*Qm_?l2AjP!Y`q)CIHDh6eg-rDg~`%KK|hObgw0(fk6pL=l&Z&DC3-mR69=UHKz z^WL48{c8-~U%QXk)u(85l16IW)tgNDiRm<_OO2uc{NYGmTPit}{{f@wwtfx{ z+T|)vK6gqUOwk3C7jbB2V|$}QO{u50cVInf>Jvj#EN6&;jOnl>OVt4yQFmWCoYJ5xc>qVe>%QMR7JjN zV^vI!>^rAQvP#IVAV}GSJ4CC-k4+I*3_^J!pcpyTgZc~|4vj(-pnyx8D7f?jNUx4{ z%vLhgMl>@g&EF(zjiAx#mRj$^0{H5JJu{XPvL6$E8hCkRT~r$Zr;X6ju*V8$C&%2S ziSeJ5@fdac3?t46I>BqyR%$JJZ-CO~Jt4Vpz-vr{1?GGJq362n$ zI!XGgJJYgeaR8`igmOs+c?Sk@M}VM!;u1*2LL8^B;3NvHoKDm#sK^#6bQb@x<@{)u zI~*uBiu}#pdF1u6eB1gg-O{>^H#5|)Hjlrc`sg!BTqf{voG~0VIu`OvZ#2yS{1<52 zjP>@rxyWP{o;bB$^2a>8@hh3j7oJeY;V=);ESL;Y1MS%v2}$tolMGJ`$gM|uSY&)i zOJRE71uq2(aUGprIaYg5yt%Z!CGD-ZUy#ewX5sQk-NkOJrk<{T9BYf%-G}Ty7LcuD z3YV zB*`$V8mHgI8yz?H6$z;&m!;ZM8xg5PBv(AhSZ&R@QK53_QL+5_fSDv%=*eJDO^q`| zjr@LtW<4qm`vWFR#G9d+Rt~zo2;gDtsHh>U@ov>W&Ed)gNUBON}7mp&?}wRTn`Xk^L=0e*4@QFv=dG?iBkq30`cg zKC#Gq*`ZnhIh#l4LtQo34@0PUoO+gX)L%Wn<=`z)+m%=y@n8#WEaCx$!!dbx5VWF4 zz&rA^F-XWMI+Z8Sog`0TkA&43*tc_XkIbHx=3J7B&)dO)CA=%%y3rCiKh(azYia~C zNRivV5_^!T*&aOxkXMuEr{pIAtkDv*N)D6BI(&XG89j1TkY$~Oi z&gaA(&x(In-H5zA{$tzEST^{oeekQ$tA#=6>u+2)qwB|ru#Qx{GTgtj$ieFB{#t`B zxAyXJ*mHU<%{E{a4%^K~vvb8Y&-F?eM(8CdF?(=~f0B{DTbPh>A-bc&hnta>HHhqT zx4NOt4+-9yd*I-QlC{dPzapiaU-KAXHJFPv07N_@oOKO|&*?)ci23XTwP)*Xk-x}| zhLBKZyagb%!R>cx>pb96E$D+Ye(LX@^jSKT!Hbo$IM8rHMm{FgxS+a4qDWD!<0a(b zI~r?Je(2X#Oy&w*3^M%OMhM7}BF3sHH4H@sW=K>C7PQmG^<=V+eh9svd*nJR_x_=a zz>@P~eXC-At>8A4a6RqAEQ`AaW1K{f_SVltK3?=Msn;G1457Q;h2#0v*KC~afuz1V z@HG%ls%j_)$45bVE@KGW$CS`5ugBVcI8s*)Q6Ab8M{auvE!ow@IT2YZQU#)iKN0C~ z21eGfq=&lW-?3ivlGPHYF-9pM5WHH!3S)(+{#tU)oxNC+}4QApP!S5!#Y}>D)v}krRfY8MCr^$l`YHj zU>q@2Q3B~~Jww+BYW^7iBwR>M@~^|7AAqE_8_;l730+Tr4l#z}$ZNOV0BP6WaZIE(@*{>B4>x%tc;2)MNb2 z#L08&0LVM1dEr;XHe`UKZ1~xdu2o5>RhbNKR@#l(d~ad(B-v~a9Vu2Z$(E0_C;;P3 zB#TiR3`Bc1UnjnwuumioDAg&tbRzUHZ%#kQXxmrw;%|_rMwT=)PqOzGpnr%jN(j6C z;f;N69aQI$h!X%&`uw3$|Egzk_U9-C&D;cfT$x{B+{(Kitub@&z9bw|w+KQN%7K7* z7?OaNIM4*zm1A3Pms_$S=PZIhcI{;`+9UJ%*$VL`Ev?(En1T^o*OM)i-9n5^=L>5I z(`EjO>|ihMV`Jl4aau^LUk`yjF<-vAd8&9Q$R7XZow<)p zk5lM&D6if6H->s+<;sc0Ibxo(6<)^gIsX)rmoIe*^(CqG&57!N(FJ|;wAucJNH3%n zRV}(Fn=M97%gTnJZhEUBK{X@cLcO$sM?-?)RG2CCJ*rn4Ih*&=6qeIq{ZvB`+GxDi zxL)#Puk((O=5z?!>3prxx{m3$i3fjpniagLTuq>b(;!9SfV4;ffwVNkiW@2Iw5*(3gJDa3O=7aV}Am{AzBK5vbkOH47N!aG3!}1#NBwI&wSP% zi>B~Emh1%IWpQ4L4l<@i_C2^BNsB0`%R4y&@D-s{q6a;fC~{#J!(h#b-+RME9W}lT zyPYG!}x~J_p0jS0!Bpx$K+fS4M;t9#4B9YKk5oq z?L=%?RMCGRd(omObYh>kZtvb=7VpC8fCxlj+d+wAs72A;8@beE&A9Mkt!TKVYiUD*v&xZv3%qqVRZJwCK|8r=BjhrTx&-P&dGc;P#&{$Xg5+Ye+ z?Lj9R6<2hND$qfhdVb4NHGMRY6zt9HaN`=bQ>$&#=^%V_D`CC&1&5f#QwtV5R{5XI zMN5w=9d}wR)BT*W2|BgawZ0F0S49qSj#xe*=0?|;l{&rtuWl_00U2lIA!H@e7OTEB znpM36n`#>XBl{PCV#%a`<%f)hSB@b+vvPgba7_`oKxl)n~ z-@BV;GxRGEwpf`)jl^- z6wWnc0*0?TX{LvBLY9-==dHXRDjDh+3owTzH$SE!Wi&C2MLdU|@t(W;8TS@K;o zt)>ILjGs3^$s-Hw?Il3h-D!9$Ooefr)V7c|fdO*m0u2Sl%_$^1p ztMhx=z8@fsmGh{I&BuHXitsVLu!iiUx-06R;~c?Ea32E{9k><%K$XvfOR?33BnR5? z%&`h=!kCQhV=yY*cF^&hWGt}$ZC53i(IfU#WrT?c%Y2ccZ%gf?_re5#$U*!Nv8~a@ zbSyiAKn(M|+lnO9ikc4|Ys!tAx4^^lEk{>t)}-UdDV&(QMD}C7Qb9-YJtDRI6!&z^ zh1BHw3nv9HK~w3IT~ zXF}`{7X+7|x_htXyJCy}0@b=d_Ie79l(PjZ{sL`brII)q+g@p*haG4xe1+N4hZ#0C zU|m$$95%SsA~=bVN?`^2Im-d$p1IB!w{a0TO_(5mj;OVnDBd;bAqb|R0m6@N5C6UA znlZ^Rak0*jOF5MxqgiOPZfD*6DDL)%;r$Z1#EulP{`$Twzc)lA-C{wpeEs6KBJiMi zxH=cA@1!@+^=UDU+Bs1Y{9IgGkSJDeQ{;^;?u21qn#i>`dfhU{d2MOBCy%k(5i6=9 z5@LYLuh$YOaKFR6pF#CbTD^h!(!{R3%H62Qt~pFak>qV#z$c3ci^+jtB5_Y1zWY?$!lWZ-O{Eb$X09n`28@tDeY?N#g3P0p%7d&X?sIGnhByOT7%y zHZ>A%0=PfZ&ZMQpkbHMZ*-Dbp`3CNk4wLty-403Ny?KY0E+h-;zLot>L0F<6kJUKm z_lkKK|5^i`@NKWk^WX}0lPP5oJwbTS>cSV=5h!U0EioOeM;c$%6?H6BAo;U7pwPUk z{O5QQwmWeq!cXt`MGG1>*dg!M7mJ(ekTy16^BzaudoL(b-_!0he5sHTwi-DIjHHyKdJI| zHZ@Y-1f3AMza{0Po$3z=_v)njz%3-$}CG$X?*Bp0w#Cs$_0*r?;)I z{P@FwT@kP}@jd$%eJzO^=?R*iG34>-p(Mf0yiis0S5^}#lcWGVx5;E*Gbr_^u)Nf+ zd=s#&TDHF-E7DIk?up>UZyodKRjWvS@U zPjyOqf}OGViz^~}JoY4no&Ia9HnA%8`jWOD7LJ*Rn!gC_FbX7kfOF{oW` zfZU7T`;+2P5e|ki>Ubxf^tgF8t3g)LKVu zU4P=3meHGkq_Wg^*B$)#sZrwHlLxAU4{f`>`)`zUeJU%SrPRN>^!t1N`XkH5t3O=h z&*6hXBR`YGPPEkDa+v-DY@vUD|6vK;==-Ua8oVBLmvGJM;($>e?YlTGeV->(I?&b? znc7J4!eplGI>I<|_;|okOPpsiNA)inSXN!dkQd;jMYv|Y%%Hd=mK1}@kJPUJeLgcw z8~v>ZQ(bP<{RhBi{1MQ1g(e$$XY?^L`nToB-A8D%zZm%E#z$KqM`Zb z&3G3(){Feoh;&v?$?yT3%R8Z-^?Y+GmAQ2bdXdqchP?eXyR zrJebe=%y(!cJqcAI-6i96L&F$Uv5Pv~z>P=D;hClC%)$%$_V>k&r04A~## z&)LEi6%ZgRkl|!s9|tS_>dl-_X*lFJJx}?l_BS&`{bHpvb4i@hd3rTa#dOp|z`;AB ztOR$5UfM2=H$+zu_bSGVIg01j5pPeMd|0>G)l9S0eK}bw`~zFtl_MM-R6A$=)=1}V zJnS+hO9(1HADY3%6!=Qe=8@+3$(hq_nf+&a3e}-s25*AsusL-lS$be{rvNK2=~_b% zFabt*gdI&K3w_dTsQ+m4&|5L4P!`8?wUV5gG_rpG&E&*dJxBeaqwy$7yxqQ_ewj&~ z#kvG{m-7W|$CI0Y$YIAV>fENzIZb83VE~v%Jl)^()!%KK*E?##^^uihEK)u3n(49= z;Z(j{BT3vH3T>d|%a-V{GtC+2T(EE$$O$0|b0)R{&U0U3$4*G?w+}1fF^fy4dCfUs zfNqwzjR{?(x3V2ZL2_T(yNu`IH|hm~nrD;i?Ku0r_Jtw&2|CGb5$?NHY!dz&wC;|4 z)N#b#;B58|G|K?qa{#xUXKn+tL$S`N_EC5np|b?E9Yg(d{a?-k3S(zw3$L>vNy>+^ zxRp}Ifn58%xcZnV#A}>mJRm4gn~GY~9A7)z3n<3O8>cuTtxTKHK4Z)k3Vx-niX`M6 zO%rEa&lHoowVzUUqJp<|WSe9aV&wJ{<_QAvxGzJ?3&$Fc@_*YI4&)>z*XXB!lQ*hE zg)lKL0*}OQs^Z@U{AMm+QJf_YDdX8#tpe4RRk1kht@?>)Voi!sTVQvu^8 z9}oS}>hZ@0}fst}vUV&__+qZsscW z&NC4%D}LFzczI`|9=n}MG8$~MPDNbE`L_)XC1Txe6XaUX=(@G0<(rUAqgk@aJ@vA( z%^upYVvk~jRrZIFuyYJze=)r?tW?|+#R4*^Q*H_bOmesx=a}!bB2O2c^V>NP6nSPV zFH76yi8LLJ7!?HG)Rpm0j;z#CdZFidLvsA_R3>sd3Eu-Uo~gqIJpKWMr0_(|fAx7! zTn5XJu40Tv_%ae-HHYUIa$B4d>ZbyTN1ee`yS)yklJ?&`hoGr%?S@)}b29=4B|Fs6 z_zpq@p`cwGX$iw4~mBXtj5ZN1fUUD3ZeRBl3cwFKai=4=vIT+knkD~WHmsVv$$($f#wYC1H z(s3yC%E;&wx4NrF&Kh$OSsD-w4|8!*#z}MUJ0nN0J+MheN^kvzlM%${_s`Zf}HrwL4u>oE+Y49S15Ct`yz z@gxh;1TZ|Jk92a*+#|&|#s1iA)`C1Y7O4tmwqa@)X#3uFOIkB-QcqjD=YLNK5LFTEo~x0Xvu{Hj)DmU1E&_Da8Eom2x<)HU7{wlCt)SiqT1b(a%&p z;UnPIF7U6M&eBNj%QeIE1L|YhF3w{27Skp$7rQ&;eKA38u>MahYPFov*V(7)8lkM+ zSe_&$#(0iL1>r^J%okWpLYzlfwYl5|HOo{P#SKha>I5EC*{Ge4Rt|l4MX`|wYc|l) zQWtzgqk#TBB=YST|GVLuutQ!4=2&WO3|s_D2ZS-|Ve`*bO(yCjaC{RQ*<)Vz-ypC1 z;w_U`FSfN4#JDRBsj86T@-u8cqsT|6uz9cA@)9c&Yu`(WNH87{(?D)`Np_rBPKr8x8_LZ6adN*Qq>!Wtc zE5WIHj>gX4l50oq9A44SK5?N1E73KRhhYMx~J3no5QdGO57hfd2*?B zfucI~owf=|4(3CCp%Uw^v61bsPvd+|<9@t3JzEq%&${!;=*ED>t{ownNx}U37K#Sa zguVSR5?Bl@(YimJoh=2WuQOq0*gc(XI@_fp2)SGVNGzIGSUKxhb$_EmqQC&Cs%Trk zPAlV8N_!b{?v<7=%im#q`g~;kkJL1LNV>zu*v*jsc;fK;TxBDt7=q9kR@np(xqpD0 zE!P-#C2S{b(PsRsFojqOD?byv+oM5R9g&;gmN$&Yhud=@D|@sr?ji?zrz*ud58lse z7~A!OIff;OIYv1><*=m=A_lu1`ze_BvJJ^k1*)FV#}=TU#QqV6&)U;xMKd;3z*9pX zJsao_UdD2%H969el=_VtkEl{HGkXXVaD>ISWw8TCfrT|Q30Ie% z%jq25k40HhRWEseCMLLmos3n{Gq9f~)-R?eH+8c%&m(Gwc5RbQK@8N(!n!gE6V_f| ziLgV3>SS}YmH;t30n38m+~CBwCMU9VAW}fo$oaBAxml-=4shk($4@9EpmT_lY?mDR zGW|Ao?0Lo_+FCc%TTf2+c|fWw zy<>Xw&#?0Ui+|vw!S@TiQm4#c{Q3nrNBw@AZ~7R1U8ul|cqZXwA_7GRy?Pz}|MX77 zauPG3j(_i!D8S^A->8Kp_o*n&iP9j6(?z_U-^ufQGCT1L=Q`X|s2(KFk(|?O^R{C1 z=Og+p<@96vWAhrd>K3LqBwofd8U?E;+e8{(uK>qAj#Y@#PgjeFuNS8Cl@m5RUp}~D zL(7Nz=Ja8i?aJ#Z5{I*X3h&{4o-mqgJE9!}yo+J5em%${G(}nx2*Tc_@AeCcajfWl zrqru0)tz^q*h3F?_luH<6}4$B`eqr=7mrQ#pzXsIHQ;CVwxKP*4tdx$V&g?%T`2o9 z6N>$0q5v!Apj^5wYj8aQ1w?r>nPC^M~0aqsg}i6C4#w8Xl(?6oa0Y z*Fz+Gw$_FOSobv})e;tz5rR%!zM(QFHT`qa!)CAUj&du#`tq&e1>sTgeSVIbuu-fW*{EF#(g7@4J|$K&65bTVv4l@Dw#p?=3e?(B+e>_{|1Kw2l3e8(2Tu~I z;Y!`&BDNMM#6AAgUB1P)Q0qsW#(1QGdR{QR@$^Z)7O5?J11Z9$g6ecx1DAK3x!-Ch zlMs(X$aV$yWwGM=e%+8VF5P93jG|~myGUG&aC2%Talc6&B;T67>c34DEHw;vF7ZYt zhE6FkqotqYlz3TTr*DP=*W+}Z-f}MbwvY_EcVUl?kj5Fv7AWh&C)HWS_yh=5O#<>dqEmKaGBtYoR^f78}DNhqBnAYXY>oZazVU|nb9JCL($G< zQ<~FwzlA9WwbIre4cKya4QaII$S9uQ6_(D(S$?@?>2!#g|CN2Gm8PQ#aEX(Ro#Vc# zIG6$J;65Vc#_lN{B3DEhl8B@1&Wpm&qP3`>XwJSxA;C!qjxj ziVep5U(oy0;a-LNc^cX(qs0IsqnQ*BR%iVi92PdW&0+6+jb&!60%Y0B#-KJs&JrC) zfwlJz)6MCfPhMJgi8%PAai)0cVtp$Rte(h)@YX;QNo<)CUxtMc9JnM>-s+Y6%dCI& z@(99<^u7>jQVv9~lyU#MhH;9?} z^w|7pP%(*>KSJobTH5p;#_)F^$TZ^jGaMqHD50nMDxU(IV+@*T6rj}n*u)L3n4jI9 zziMQV?L;@6plOm4Cf5);Xswqf@wfa5XR${6<+>fGu$(YhdHWj+8N+v;<;@6zf&Ovzd}mdn5kIt;qv z8n7ElY^VpkF}tJ#tYpB``t04w!!j9xGE?9Zb~SLjeRtSVn@-33v@q?obtoYs`U3$& z(36_nv@fcznG0`%3XCxjjNj?)FA|pI&W7V6RVeuMfFU5CUzBJnG;jmjb~WrEGI!7^ zER9_OmmU|~CRdsK*eqGAT6LQEwgoSg37cI~y}y88#Zcqvyuaas&#BAGtw3{69ztHk zEJ6>zUz5Q^fipW>#0mwJ3NTj|H@6bM`dBo|fRH)y#C{j}lg~P)Jl5WkSOV&c^AM*- zgi3KPsr%mlCl|iW+&sFMIRhP4Fd#3$>IN9e5Xp0;Jq>F0DY%`Lhn?E zA0AN%l1P={)7!~*g?e}0l0j}Gj> zbw8bc>(aV;wd(mU8L=qb-?~%q51?OC?dC`1=Jx1_dyUCZYZMAdW zE~46B=4F}ppMfM2a;x$xwwCbkv&aGlrzC%G8JQJ;FjNe-CK8o*u=xuwn92KWAQ#d14u)t&KHAK~I zz1HYpsr@_6K#W#>pfViQsojAg`QV568q!o}?ebc$*XHj*iRovbqMzf|Gv)}3x%MfA zkU0hA+jd;(^Tp!77Q0=_CmxwgN)fM#?D$1kNel_wSjRHR%a5Rtp0LfA7RHK2^$(TM zEXLIF84g8hnnsI9bg(9qON_~A#O!re&5B)p_jVa)CXlwHYDSaWIyZj`dcb95?LY@n|9e4j=pl8QVa9aae>XJyMbxCV<)TTx`xQPh!-gmHzEm!!31eR34t za#Y0~3SUtiKyDVl4l>O-*NI}l;@4x5cGo92;0NtpyyRqS3B`sBAy~0pY;#%N<4>1rc3;HG58>slR^w&fs0xWm?*SB1*YJ=C z7dbHRX}N~D0pD&Od@b&&y(X>MG+v=VWl;t_11bhF!X>Y6InE-L)jGVz8Y^jA79uJM z+ECn$Jd-HT@vL_vvPDV8OFyFxsOkS>VTwbvvSEiaC|sV2fKSFIt%)q?-F0|I(;^5m zdgNUiLd-ce*IkfU*4|ga#y{z!?XcTjV)ml##GZySh6TkSHUW_5j(H<$7fhqbC6UIu zG$jSV>&J6!w-0IJ(U+;s)hwDqORz(qNOH+luCBGW_Emo~;uq2O0AJXOKzDr5b}UHD zy5I{Q>T2e=kaQv`;n>j6jOCO}>T|(4`8&$wv-rJTGtr7Jy<8Hd;-sXa{WGFF`%bGh zC1bx?7vNsgvI&jIwH-%sNZkk74#uh{rVQ2_B?0UXxG{JekH_c9fur%_QZ_uo=>=As zrMjHT0ogecSQCqh{<&cXp|(X}pl!#{kgKHOv)JQFKaxH7Qi27+8?6i>X%uROy|ZG< zZR9~OQ8b~)yO2gsQ@zr>Rr#&5%0ED%j9R(UQSv%L+4Io3V8%DrD*bCRu};oU`<&Kp z$n6T_kH$Jo#;W`(VAK;Rc`SD-LJ{0?g(OQp#|76jUBO#CZS)lr9(1^a4PU@!+j;n~ zyZkdm%d?NBsg}lGZt?6Hx+`y;jQ_I>DVv8@vGBN>lmU(b8>N1j#YshRh*!}&$ z4Su=$Msf55+ap{-;CBmk^yEzk^qzNq8kE(IKKpWaUT1wlJZ4JRnTw~B#x6!KY8O&t zHIWrSkgx2H-lHc<%gm$a*=YTBiClq^;^|~LFBCogL0n^O&reZ>XE*apbc61&y7WfJ zX&Ngxu%hiOx(Q@E>kUZlX^!JIw>uVr9n9~ha05qclR(08cx{a3oRq{7O4D5h-4Zy1 zDHz{jX+%`AqX%NO-Q{nyPoJ)~r%g*A1U^5qBG7kLnIJP_a#rXjFkugTL0z35A$=b) zV2#@8HCWVbd1YC_bty%gunbNO$nSDX^Xkk~oi5sVzB$DlR2CwI<-3L#FY#=93DRmZ z{QUxJnh!r^x_D7T`dGFRQJSHMo|Im`iK)1NTlI19`;(F6zT)m%9O^J z&HMz;CgU}pcV`nKj|7&DZv#$ivkc=-nSMe?=G#BJ(A3WgmbJHCEE=<-Wy-b93Pj4- z!q6)Q((?U6Orj&%{zNt*!Rh&=pT0jAD;T+3Qo)jw$nE7a@b(Sz+ICdn3P7I6a$W~@ zC&=a+`fHa>oFqT?Q)o@H!}7k+fF+xV5*2~~nCIOZCo|xR=(uiBk5D&camJIWVMOeW zX;87V{9Yz!f^8`y@FJ+deSfcBLY=SHeLAfD19!^C@JO3OQz``|{YjZFy&5}!odGx^ zhyUHkU9i@5`K{sCJ*`;tY!{^j+IhbsK<$03-REg_v%B)lo2SH4>oSLm(tzjUew$uE z14RXLObrPltPXG^d>w(;S)Ha<9MIwI)qzNsXO?H#$@sFvt2cHg55o5ZBw-QachuN9 zyx+39E<10j!g<6ORO-{~GIsjShg>7O{UB932CH}!S3+GEpW;;cd(tE2&Q@GpguXRpy6&25guBUCUD{81YyJu@^ULvfzBC-m zGt(XSeY&vTpHCI*^b^;nWUm-Q&yo^OB+4E&=-0!_9#M}3j1V!5N7dYU`P6u^TmI?# zDsq&#-jNEowkobae59J8E*_Dy_OghI2~149aaxya;w;-zw^Zjq&D-)sv+RA>F!RmF zETO8#;}L-M+M|0l)1@}0VO}L;6r)sVd+UgKKt>+%mW5$awA46L8}OGLcBk(5hvj7^ zU~&D(tRdf6+DqA>8U5@4W#;&3W#f0Wq_A!j^@yYuOy(5%GLTpQbe+$1p6&}QHuCjO z?qbc{?+ZbyQPpLysV+F$>RmPB?!6dkeknc9Bcz+M-b|{&gnQr*9#ToSYvOl&GHV&k+NoB&|` zawj$Fxl@woJbmZ>w53v@9BlDCvJGoJMe$o?s*1w35^kzAl~A7Z{3D!U!5!A-1V0eiok^-#M|b($Zn z=+0=+LmKE-{bDmeP3e+HN+jOfD-MQUGnjP0%cL5uT2SncRBT>I0e)12LofV zX!}2Va32+>ZR|sH_f!)h^cz4)PMU9;@ZYKPq2jGiArbKbi|-@!8ns6(l-LqgYD3bo z)4>5)V0JvL&}b}n8pj3kkhfYMm+oBeoEH+JY$g&acsklXG&QJwO)`AK#J4YhP!_8S0Jh7d@6egbb^04H@%e1%B} zKPZ;V`P^7K^3oX$SiR(g6r#W&uGedeakH)+4j}j@yhF3p7dK;*diIn!6sBS%Ajw{1 z^Hh#qkwVDvBi_%bdIgMHOHKKrTWF6J@C;=C4?wPCwqB_XcXmeObOc00f9iuuoGmtk zH^!yK9;Z%oeqNVy_AH;wbgtoHuB4;}$`VH72?lBlk`9&XMIuTKS}mMJUBbAVrJof{@L@}IXl6!dpnleZi!f9pQcnY; zU!|m0K#{XPHBhsguR3<~_WH2r8v2t@7Jr^(jhPu5p7%(y-)>_me{&RJ+%n+6P1+5v zJ;CYJ%Y&}+CoV)=dGs%WII(_$IhF?+rjTcyd+3RyggbA7!lRtNxYBR>gI-EAQ=^El zQx9$JVbM!0T!O{W&_Xzs$3$-kG=%@nJ-eS~s&P4X`hae>o)jU0O+JyEl>)P?%)9Oy z7oZ6E=NLy!#~xwV?C8^H>e(F}s2Ew2J90XKmI_D5O7GjCc)!KA^a9lhPNfYPYE#I7 zRULzDR^erqwMF&-u$e{Gjm5v-Xn4-Mr#-Jo%{KC)8MeWVL4!U2(osP{7o9%k4>>M` zY&lpd5%KOfY-G| z?6Fe10h1lc^7zf0?JLduB|qFX@ie!4{sC}_6iYJg!m|(a=`ZMnB{CF=ya4RxcCd09 zd=6BA=OF#ap3{OW>_6UYAS_)4DIPR$7^F;*mjcdoYc>+j*TyNYon^)?1Y{ak2uw(5 zT-jO`9>k992ms|fKjk|_cj3GD0Y(-s)79~{=1#XAq<29q!AFHZ&A(UETARR5m$5e( zuOD`=&9Bv&r(NF6n zE6Gdmu|Ksgf4Sx=7eStwrid(~mTlPCQRzGA$cObW?{?s?N?$|&$h^bVTAUoSd02iF z`(f7qsn(Czj~a~rKt9e$JhAz2fSUL^)^Sqt9&vpAT+((%1#w%f4a-knP2?^MCA%}Y zike{EA7r2=)DB+n<*h4|0`Av4nU)euD;F)rE}&P>#|p#`Ph->syNXjGonNIKQt^k2 zyeTMmRPhx>J4YHP=j(tuX0vuZSpr3M0MXTcM-kAn5fVqHjdMOD6t;2tvP2y_R^3#;Sqq5}Q_R9^J4V3Z-g zf6Koo-Of`)d>1gcP-+LU=vL3{>Nd@IwTO+|$}>c4t28Dlp1e}F{>z}al}eraTENvT z-5w{tcTl0jbJ@&Sv#-+VXdGr#E2_b9S*6EA72J>PP-}`YHW9}y&f>&&PBs4rh{u>n z*cxFt!pkF{f}b${;TW0|w6mD*VLBC$370i8WCBeos5~L{Sz#dv4gA88LX5N={;j*$ ze4dj{T=6*I`0GrKZAl}ZU%cN>Ap$!RoofPukmZnv`Ms*WYqx6oIgzBrE#jqnCQ>6} zx#p^H(KWEShgn?D+WmyYPR9;hrMyzm#ILE2X+IrtD8~kXA%H1o6ciZdEjvd@l^`G# zc{1Aay3yHZWEd7ymzWuu*9ksXZ3>T$^Jhc%q{@yzo=JV-MFG(tIOb`(8j2K@iEz!E zqj?qHzu4e*lo%rk`3fP$J-XZJeoGO~n*KfW5nvueHb+}?$T8bEI-jQudpj3oajX1% zx#oA@X=lGJ%F#Yn3&y;aENQX7X#10E56f_r?QZNFc zUb5Txd1@BJzEVVose0KcEiwwEjn@U~Tk}M)@DIgjV@(LZ^?gU@+Z5Vy9Cd7{PZokpWN`Oc?#t9*9C*bid4U``6nDQ3v(A7*&MUlij^@^SQGas~)6aKX#6&-qc3aCh1a1whpm}duO}I$5)QV6El&nnZ zHHCyp-C$f$k3+=!OIP=$(>GBS%W`C#%g=__K-0(mG#ZPplULh{bBnb~2OT^4qSD$& zbqDI9(h7pG1>U0UU3m~x`KiJOR^DII{08(Q%bB-|GkHg&O{OV_COV1aCeI|+k&2@( z8+3}};_%^?)cBSIcd;Q9XwIreZkPJ@IGu-DIM7mxvsPj`- ziYJln3bzpX%7|{g>}$6;yZN$UruLJLKyIArg9v~w0h0l!R zG8`@F>Dgocu7Ah9{zG}n5;W;=pOc|!N%MaeXq@5|er;L)1FZ183r%?4^Pl^*1A~7* z8eJvb)<0k(tHZx)&$|TzbwAzwH$<4gOW%{3QZ}zmkz8LcK-$aAT!DjLBu%K&%ZlXE z8FHKna8aBMD=^{{1;F15#v7LXmd@HG2zO}RG8s7d3BrKP6OdNVFp04`5reUiP?|c1 zLMZ5n+V)nv>d+>w@M&=|wNv>OB^$z*RVAu|vCL(1LYUd%un+)fzIM2DWAo^*laGcX`$f+69n^=nxC=8nryYJv7ismoATfm))&t=VVU(t&;LhbyM?n*oIK65Xq<2c7EWUO>^6mG0+^P;J+tOtRK z%y6C61a3%FXMa}DyPi)-^xwkSH3DfwE|!9z zjtG~C8il5Y9Ed&V)=lDhiS^D?1Lf|!sk&Kda~6CBJga|zO>4&}$HxjOo{6Du38@>+ zP-@&tn{DpXm{)fkLGIGA0^bx$nJBwzy_65fD*hg;3SoY!B1yYeTuKMYFtDw?Q>R1N!xx+NV@2&zwN72 zb!mw|*}%;;B;&|asLA!7dEe{=*;T}~32Da4-Xls1;RK8a(=kWvPCCyA@xHxbaqTB% zm(c85Z{qu3&ea`9KB)(o2nw_=f9`C)*%GJPES;`RrNQAvkBdW?EV-9}Dze&R4(2ZN zB9VIj*8}u4zxr)Qe?r!-uegj>-R|9Ly5CLUlYwAXqMSO90^=6RK`ChSx~kbJB+5|y zI`bCAOoJ`S-J%jfj=(^21^X${LUvxvd?bnWnENpHgp$L=&jcSKEZv3$w{KzQUM!FG zi~&&kM5W3X>}e^x5yzU13?=%K*_q8gNjunRj&s_y3FKl|5kg5$%kSroN$1+2K-8y-`Iw|yfLjA6!Sg2k2T#lrBVfov@wX!(*g zT~GeL``GVm_T&+UNoegFeOsrIP;NAk+XV#TJ+u43;Rr;aV#APujo+>5hf z2EKojh*cZ=IGty9a6HJaJuukj8XF-)I&h{g+f8};!AK}EHUI^Z}jub6xD__Sg ztq%X<)VnR4o7#-cozwZ4^~o+FEl)rQbsiNtsJ?YMkrYJj9GcO#7fTd1(EC&Ikj%3B`@&QBM2uFI`eLqeXEOSBpnLosS0zCzsca7s0o7a&Y0rZ7tj(i`wIbSjSgqzU}*?%AI ztr*w{B+oPCg`|I#-r_W9(pdwCga)%-asM0wfp^aeVK(3GXsOO zq2HHAkhwn4G&GvkdsItAVyLP?Yeub61)rLi?kTwiBf49Yc|yl^dDL}OALDqAC(3#5 z?W;lNtF;SQzif^9dHnW$0{p(VS=_(Pm-ldJmUjEBGrMWQUhIa^@W9hEVd1N#sBoz{ zl$?^-8^X?c5Xg3b3dk11LnRR*+w!WtY!t8~Z;w*ok*n0|9-mYiq>w>ef@46V{I54>&o1`kvgJ% zAQR8;oyK!PokkjojV9gD&^D)EORSL5igyEc#!ywKo@Fx<^F~pP>ji#oR!2iZIK>+A z=Dqv`iHSBAvxD~b3p#e;kkX52l}-e|!$w`VrD`<=H+i(vi|Q109GJQ}Ajwi{LHt8= zzBHFnazK~V8po@!tRrznISKJkxFf-EDVJJ`HNGl0n|i2*sASXB zlJHHjG?>?gfQe%_pTr9Em}n_Oj#sbhn!(fzTlHWP5~wt1mkcy=4ssR$@OHKALFns6 z3_b$u345@ks-P+pmo^&7I+8KHE>)Jtk)sF{o0DV<(U!}>4(8qK4ijDjwAbh>oi2pA|LHIjo>6{?)6Z*yu>I_A4?K0tm4Bn93$CN)|Pa<@v2$kt~ zM}bb2Dc{vIb2Tc54#BDZ7+zHMlPBVl`7SpF1#}Yl4B(T#PoU*nSJ96U2DRK{6*7bU3p?;HnNHg}0{_5urT~BOPPMR1F!&y^&!AIBkxh<=Vh5aKVdWD_`8WL_ zN%p4dnM&KT*F!dtnemUk^qMM+X(popP1Ev0odwS?)N}3D@Od3vbYo&d5L6+)*9~1i zOk!$I6H}honeBB}&->Ea!!Mt4YMt5tdgO6NXE8a$1r9t&~5PP)bMM zxQIWbLMp6uhcHCsRpcmJB6C}TWOL;<+font9EaUmeK+mm;c&%=%_*EUZ`!lEAX#5? zZy8lDl~tK&c+ss`gZt_*WR-b>o3J9KlLRXaXN>7uX-8Yg6ZD)~R~nD`(L;MQ>x}-V z4XcsKtFGJvt|i3p^9g96Y}W2`GTg}k=fgj}{eCJY4PeFALxT6VX=8Ow)OO7<{YV{= z6j7{l%Gx2EAykytQ-ko6n{;05nZ(C~z4gxcK8JKYs!gWz0hOj1p0zlv$8^}6oa_FP z{amGbl5V&kZ7ou(IN+!kMY$)V(%QA1=^9`SaY?w~LMp0CQ(E{oHV$A;X31X37h4-= z9j(fbf%I~|OkxQ!mzV7AM4XEu&IdcN#NLrV`?{kszJwyJwKhp;sPJ2tFe+`+JY1*N zv6z>a7zOK)^OoRo!=>W@oZNPR0WcO@T)ndRu_#Ql)CwxME2FV%n)eduHikEJsx-de z7u;=)*lwbvT51`~9y2Di&xdn27w|-;4sBrBR3j@`8;aLtJqH@Sy(yfj{sC;?53D9m zN`^nW4R}%S49f0k{M(KJFXK$Suo_Ft?g#S-*{o7#Qz`O?!Uof-yqVR^v-eTL7J^mM z!s?Xns$78pGX$^*^sUv3L0mK$hXCN0s=B9o1rSIuuBYvuHw3|JKmBfFZr84s$@&Af zX-xOyjYm%Q0A4p6r0V0ypfG3G#p-RM5wx{;P<;Ga5Zmn9TuFTs?x1pOWp9yC5@3F- z$Y8Fv%Td?n36GQ+C-bZbS3p^hq@W28jzoUBdy}F_mUGDPW~bsaG5}G&Xe4V|8!`;P zS(WjQDPDbeo|052rJa(1OBJ0OWQ-GPEO&IGX(80@B-^k zwSme>S;g+vdn`RbK*xeMTjcq>=9_sAoh+ewctMZ(WA`*;Gqj|nHO4SLCa~eFt5wgy zB~wlDhQbfkAHno>n2L%ilg7}bbK)^6rtie=7K2$7mLg-ufTM0&?!q~4vOa$!xYRSd zdtWwtXTBG-hJRXPT3*WGwdPmT>5#%$g?xr-B39T0MV<~ zY~{<$2`^4Ig(aY6E>~SAm0o+48YvT`Gz^eAA?E$o>!2k|i+uk8n(k1;Bh5vtdsUoS z8xjjC19EaH`Xd8{GCe#5J&%giehTwdVaQv_*sr|}PZPY=NsmSmvyA50Yd!*qOK+76 zI;MpylN;-ru~)L)mR1>E0ijx+o$kiwG#V=yv&3ACqo4QQ^@7mhq2nd3^5N&_Qyjhe z$jmtpBe4gov83JSxO9~y%%46znLP13Wsk_ay>^p-5vvGe;Dm^TVDE{H8Ux-~X|ooW z3ntRE)aD=G(YwAe{c<@~Z&V($GZJ-|YJN$A@(XKw{C}cunW|ks$o*#j2f!F-`5S8! z%rMyHs;!>RhVon;TFt%(XZYn={qrcp-lU3$;lT&31HR9%`Oq@kdB4KW5&|+#bz^$f zZbgHG>igE8N0|0$KFs~iGP=Rkxh;vmY;T)v-_vY6zDjnyPx-rhc2m;3_P>K)>%Z0R zD==1SHB>iFDI2;M{$%$Dh98u;TOK)+yuGzJuC!z7U(kedhWa+rWwx|RjP)5J)|PWbGuAm3 z(-j@!+w@W;EeCglur)a#bId->NUD{8w{&L4JRc|}r zIsQUnaJnPl;9|kXT1k91Rka^v!ys;ea|?kFNdS%n6|fk9K*o9JnlDFRVTtUbW?k1+ z8}-^Zn*6~<{W}h_T<-ZsQxeFN@_xt+FXx`jo+u7NHAyZaope5Cbhc>9aY^Tq2bU?}%DV>r7Kq z6sJ_Q!aHN3J>^MMkLTAVQpsK=0Z!>KM~_gK&6^KHx1cI3l7(0&+BXWKcUo3k{vggt zqSq%qML$ee+Ht3Nmwt?YCLqM7QM<-2+D`v0FiA*)CmEkgg8%;Yi5!0Cd2n(0fRuDX z_#b7jxJ_DN^xDq+7OS26tG-KnUMMrK&Gn2@rE`^TV0{#!sB2vUGG5U>BfCL|8u zM4m^1qg4#0>G?BGo8l2Uslf~>rNP?VKG49;>{tD?%lKyEfoauv+VRjKxy?yaiad5U zpr&l6T%U$V0UsbJ2|yF&M(7kxv`Vz8(lO@6^q93<67htawp5D-0G!;H@}^rQR&n4N zKU`goK3IB@mI{o|cUpYYc|D(Qw~MpMPQPKNuN}$W?T@zuj!6$7z{Ru@Izw4!dhb~W z8^8K7)%{W$R9`t+uk*WFv@fl?wT%f_{qEo|l$AnI;quK_A;X6^2dw3k<@rX0UXlP9 z;3$P!WF(FU{2mnA6FL5{OBFor*07%?`*#pObc*RdS>XOj^y@r3VMqQS8`}^S<)MT( z3KC|S8skGnx%MyJzs25VxesKM=4XjniDMIc^nO`vA=V5VBd9^@+#L&gak^UlL! zCJteaF%);9#m=%4lx18`y9YklV67zx-I1(O0`|Q$v^{)a6l#7>!k;?catN|#2l#rM1-h#x-|GnrA(BHxE*yY|0Esaq$X8ah2|hb{REQ|lIRiQkl^))Y|634iHVf5 znu!c>#rX8^`XwvgS{MvZ@e9s=+c3jPln^0BN|=$u065B3d|XmObSzl&2IXu&N`CmG zY0e*b$=ehsrO|w1bBAvmCP;=MnfAPHF|(qll}r1j=f?Hxw{$q&u8+f>K>ju# zDk|4hj9PLyNcA@$mW(!Kd>TE0U&O_CFY+9g({t zK9ny_p<_=&-CS+n7A(Vu&96~buKd$8lc_p@mR2&zX!9r{{M9_sM(8Z<< zcD~`4xL0GEQA2RDIP5Hzs?(*Tm&j6dtp~2DrAw33%+cWuq+%XL!LhQHr2x~m>d^*b zpY>BdDP+sC4Hb@OuK(uuD3ANo(ke3EXXv%IoGltnN}y;c?-$={T>Sw`jkCl?V#9HebI z4f;>(^&jO(3$__0&K{nFdX6iFBmktr{_s(d^AeSHaYqik-^*92R68VB$1z^nw zawg=U@G{>Rw?9l`N?mE55$GN8r3!-A`ppKyN=1cI?UZ25d(!$NUej#d&3#yqisVgN zc#9K`-OdHAd6<=qqPs59`UFH`?|jV4J5IX1!BrxK1KvJ{^!x&r4o}kWUwym0=I61% ztM>Y#yO!7T@V(mOy$K67vqmM6X!n)FeszO<<^guyuFD(SSecxQixYaB-;jrx562xEx7-`DMbVugCM@V*YlftP7+f^kkxZyM8LRDOt+CD zK1hfNf}qT+Q;-_7L$F!?{w*3-obWv;&!mM+xG^!_hkZBjmHHmnMh@=>Q(8~&_3p#Wa2l+X4GF`U! zzImhhxFcjfS$x1Q9=ps;o^IY`r{>36Cv`!q?9Ea~si5%{cW1m`+EB>m3%eOSz@slx z!#d}1Lzz4zID7?0gXhb5j%F129PCH+6`K6)!&jq!(nK;YXaRo2?9Bm4OTbKd*xP7 zDfJmt^S3o%zCT!p=5%`Ds13rC8r5W#Z;od?O4vyqxfVkOL{^o&8%`c3r`Q6sOP}t( zdQKPSC$KNBES}=mHs?{j#EyfoFm_WwpdpRYLo0b9U{kT2G}!>b*&w=xyttcY2gi$8 ze@d<80)0@|(bx`Cd%v7aoc1+_I%pK~uwd=9E9_P&-}oOnDjz0Cr81(C|6Fq-dKGHj z>CXGj^^E)E_iLh)I8)F;j58PO4t9q730OM{b%2k(4@8Ch2#I=8grw(k$cNH|$NL!I znZmZjJ{GTTew#3(RL`&!(guhOl zPCh(XQ_WJS6pd;WX_H7JHW~TNx8={^6Am&+uOh7f-&EDT;LRRM(of(bA+ zJm8S<=-1gQ2Hk=eU@>yJ`F2eBHgH3;J|R*opMOu)68+;tL_fZ!d5WK&!zvAy{sxQ5*Gk7Un&r*8Nv!12Z ziuVko>()lj8R8_`WpfTFmW|U=zb8xzDaL(545lXmVMm|rQcvbgh+g!B50SGOar0L` zo5w+bw|`(zD*GRMSvnmrRJwP=3?q8FbnFsS91%hyb(un-3lkv#6*e+~Gc^{RA@;u~B_ef%-P*jwXOY+jtlfI5R%Xw&%Xtfq(6kbT~xWn0Wi~)DUAu z0>F5lVWF@UitFog-Ivv$a=Hm5FAJyDa`8Dn_v=LZ13P=U8kE0}2mEYH>T|lI+teBVnGoCE$F~UR@?lTH-uLCQp4` zV@u8J%Y65Xk;BFIk~Z1EM8CfSm5A#v(b_d#VfJLB9HA1}vH)(&mtMrA1A`COlDhPw z4wBH%f7`8^n+<3%s^tI5ZH$MRKAO3?d+2}phs1Sp?;l_g`JCae zIcac&kpmn^Z0u#~G4Go2JJUJ9Lh9AZetk!+bR{3LUl++&JR_;X^RA1G&)ENky|;{t zE7;aWyK#rc-Q9va1b2524h=L;Lm-gG8+VuB?ruqNhu}_d5*#8xASAc6q6UlXBnM?jA zDVPJu>6n_tm$^^k-sZmrCxha}Rd7a421aX)NVFL?JjK0fd(Pjr5?*rI6gIAU+AK(y zuCwUUg3>&)S4$(he3=5>5rtltExCoaR;2vvqQr4pCqqLi1lszy#P^;!7??ifbw=RQ zwcd&dIkskV<=YMR;i;Z_$LR#To$-J--0>DBLXY25AQT?jg;Upg@v8-8Y#6Mk1Y?Jc zrI8#YTiv2S6veUuS1sKavE@C8$AZAK_qW>W*S~JFU%Bpz}=)9r%X58T?pKf zGA4#By=JQCtv9P8XtXnq(zi{`YcV3j1c-6U=EVq%a~7Z|Dwea+5$MD5s|-Zj7w6`( zLJ9;DYdL>d>F_4aZt+Y$o=B4P>K{Zz`csdY>-DJ+&WYC%ugKu+LrNi$590u)zW}T{ z*E8A`H5E9M&8zrZR?n2ojASp#l(EoUSW-YB4{~3*p|MmUvY}gU;+5a0Q%BowHq$L{u9=CZl^)@6sV32F&SYwg?D#YKs|2b9}to@zbnpU}?x z&219p5+k_;?=z{?vU!)h`%S-kC~t8uzo;`?X!usb(eF{Nc|b3Yid;}>*rP`mu@{Jh z9C1lU_6iFjyM*B3d7TOossLnP5~6n1Z|OBvaz-pL12^TE_VB|;J!?88EA>9*&t5av z$CjG2;$|HuT~zYXFlacl%kd6lb`b-LDL{Zj-PP=@=;!^MQ1aZuElEg2=C%Uz^oP@k zO-nmcuwc z0WRXl*imRc3Ctfp6i@;V)QZNsFO2C$(%*IBc=Le0uK=%NT{b&|l!+=8lFj0fguKG# zr_$rs*Jz44i)yBK`AFj@`*7Kr`jVAQw57X_qxh7BX1v!8n_0!+003qjwMueabA#>z zxH=>SQ}W@h(UN>l{jCm|9(T>?SE5dL{^@MGFbNHH#b_`G^=yyHXJZ%MeURZ9IUpbw zOTR$2*gYBWDXFi8Sl}>;Ft_Pj6hRJ+<`OjHSN0 zgY3c{?)+Kufr8FucYkW-OnFhCogq8Fe*jq$6aX2=gt3VuJ-|aV*xKT;nOj!s2;dEd z*G2EbM$IzuPDcqs?4PMS=|;X&XI7|-zTATXNZ>}kU=j~GU(ZDu8~+V(%X@FFocl)8 zeYZQH;p>uctw_$Mtohj7^0TZlbW#3yT!g&LZ-e|gHWKv|UPEfk85Uj56!;Z8 z5gL0m3ZL+%OPoKa?dKqOB1s&AHGpsnBhI#mWkF*QWQ5NTyYz9JaA}v)J=MRoTHPbA&5%QH-33!GJ`Jc$6>SwmUn@0uOnV&8WH7 zMtQ)}bTME$I-H)S#!%vwcINijiIleGaan*0s}a zsrgG<05HRP=zf{Y5VbUyF0h++Z#{`st7+IZCv9a%GAco@W6p~^-Y6XwY*V1CgLzB--E+m)R!`^`+(#M$Nny^wwdq~An1v$bt(f9yxVigJk z;Qm4VyF3Yr2C8hn+0xaU`^t*JGaQ!m>cq<`#U67>tGt^?D}L89FODQ7^_s-~QiB^Y z$N@RwZ9`48;W0U@DRMV~Rkl{N_IFV;sh+Upb*n6q2-JbO9h`M{3;8w^!&3yd`fKiO zXL%Kg$4y;o%^Va@u7y+vP%c=clgbgP2>`I+F#-+LDm!vJWe=1GKWfG5#>r-1^z4Zi z4tLnjo>yjVwRv1l24^Zdm~l;ThuIghOEs|?$qB>~5r~gOBLfj0^%Mhm=pr?^GI{5B+hFb*h}{z07)1D@Q6Gz_q2~}N*E*eR`~W10j7=G1 zv_Zou7(m6jC8&F!7U#ztd4GNs}< z9wA!-jfhJpk3;+aU|6|mlKc&QgX}5bmt&Nr>+VyB^3UU0f9^$itN&lXcMZ?CR^Z

    Q|RB?+12Dn^@z2(sxg z>#sFJV$RlEZ_JFO@=OU;{ilaeF4K?0CC}{da=%EfNGF?QWO+I6)^jXi@?MYbUOIUc zA9>DzE%glE*$?|?E=MG>tOSI(JW>Btrhb$ZobRkLAno^6?li@Swv6yBEAbs!qHY2= zZ=FNVJ@}DXIHvgoV2w1pTEUz!C^TT>G&iy^BzU*0-(aGYQ=Lxl^;L3A-vcCLU&bw& zC#U@YSKZXyl#L$@GR!A3k6>;~jz1#oEh6Qg9j#VaGP9+>cs8 zWb=5k_r<>*g4EVEB}%Maxxz8`OxeHM8h=|dv83am%31s4^{OmJ0HFeUZBlJ*1d@Qw z(rf8H7iZc*3c3?@M>O`Cr`|+$b-%MoC1sNqRBi#N`9c_EFIeTM`uxY7c2x z{{nv2z)>;8I2y$0D)uq5tI8k2>t;P1Juz%jGA4>&|G@-Lo;feRQ}vygwaXd#xA^9p zte60Qg?d;Xnp5%YBC=eG->3EprB7yF^SIvRjun0`pBB&C7gyCsAD&@$i$p`JXb$^# zzoqW~<_i1%)qsYLeH)JD3a;9M4{AJ1_io#p$iNNSxk9%VwuJ@JQS2BRTf~%allv6- zC^4=D{YL66I15Sc>(-F3C{XsZkM_My}vwO;Ng@QVUpVa)CZm(Ne# zd7-kV7$aDr;=U!6LvP~#F6nR9(SO^tDSP(}h4+2pPCJeXsLyg2 z!G4gz=1cM5CK*S(25Dr*DivziuC_~sKxRB$BMW81AH*85I+hxn*X=Z{RqYNbGTr+b*dAe9&Sp&Tnr4*T3^J%UZ>Fo{I&;(bFh8B1 zF}PgG$M1R@npaI7TxV}P>ghp70O6YngRQ9<&nFNynx7w|jb@}%tI~|5Gwxol7NA|-h zhVFJb1bT%A0oRbqw5x3tmm@>x3Gdx3jf=l2{D@7Q0KjCsDWD3rM_=k$^a_C z06u%Yv}};L>*ugyEuf|Z2i@e9EnRh*8An;k6P7^NB#2dDvj` z>YOCsv%mEsoMLDz11XX-18z8e6j5R$XpST%K=HPLZG0}uGCZ@TR|0`v#t`a{k?xoT zz1L}mi;&UA;5D@k+HV`DLP;BV{`PYHS^E0lo|oQpJv;?2WSP7Guj26lb%jzZ66lPmB-aTrD zgj?4Yw}}Rqx-6ZZO4mig><*L*b*M*&p9B-=Ef&rQy-)%`0K~x`H+SKSYCBq>U4jiL z-&r?g|MiijTOYP2OI>wenj5fK5PoU;SRxYOAy({Ss_#9Qb!FWU#a-}@_Q}J^l<|$y z6=>KMHc3~8bMb-$_`(-&Y7_dga!`{5k^9X^(OYbHG{$^*2iZ7ijpZJ4NqH&O68-2Q z*4tvbstwjG`E+TTZVZqM=RG5d$bMu#?AiSEYCl~pqrP3iaqL@RP`~DQsf0rqRWXFFp+I z_y|2!>jbeYr*m;tt+Dz53?N4u=}^a z@Y5^9w0a8n`v&cZ2q>cTSAA5BDd%G?1HL4Y3lT-uKCYG!iD*VCo;}hz^)eA)M5bV0 z>cYD0AqCl!7QLDi>la*N$kif?BAa76oJ4aRw2WkXA&6X-(PZn%uY@{ z7@?o{z`Byy%p+BH_QosQ&nU;f_^XqV5be(y4sqcb)*kM+k0v8N4M9RJIsAqh%H+r? z>NGu9yL_KCnEyRnKq>fmcLIE5fWTZa!9qGy^rBsd->Ig8nXUQQXl$Q1& zafRn&I__C|8>_g=mA`HK$um6d&XmaU|S{QjF)UsmaOyw=vl9AH#$U|)& zl&wEk*xTVx@7Uf)MOBvAEUTCe?LLxAXXAgUt49AOeSk)|IA-z`7rh4ncpnq~^v$Ep zQXNzMSML5Ar9=Zl6ytRQ=e=(Eb_4tAJ)bOzQunK~sanWZGxxm{)g&@`0nd_=8#(<> z`4C~KiKu?b-El{LR71NxRFlM=qM1pYm5gMg%R@j3j240{@k}PV>RlyM%CnBvuo6qL zGw!RH{ld{-R|vK?RskbRF*ekUjwR2QXFWAa7#sO_L4H9u z+D;K_WVMVwnaYG9uh3YQmb@}lkZDP+NI37z!?j`+9@5j*s|NydJ?XgE5d@I64kl(g zfTYkVVo%#tVAGtwifXYOVmX%8>|o7)$j@Y0hDd7e&jYP#VP{8oEef)G8(yE*%8*jTEQ%Pjcxj74Bc>}V^@Hugp z3$s!&*Kq{-bM@%2#`S*+l$w(Ko>h+~L^P9rxLb3MNF}Vb#VGIwz>l63M2YwQxiH+H zC9)#hq=flPL3Q~$7EpLEm&Y~8AcD||I^(0Pf^@!@n5>{$f`C{e`oW3-fnZ3`*OJtiqUyD3xbe z@ynd9uW(7W5NnV4oCNXVQzjIDADDC7hzZravk#?tF@U^ zHc4d0T*y4=If6H3?lqWxkQ%K+gV>M`m+#LzJ6ufT(r#0xy{y(vjepwrv>sasg>;>w zvqe*LI0d12Dzv%~{R1GQhQq?(z&ALS(Ek=Ki3bZ$uzK0s$FF-=HRzuG-1xOOVV`1I z$BP)G!+D+kXlj)?hzQ5>=~y}GBQ=k@`-z@%HWVGe9FQONdPU-%v|wH(>*hG@db2rmU=gqIUD!L?FZ&iq z_fB1yrPK0q&$bi+92|_&8(uiYS%e^%PhauTI1Gialt}p8%@^{s5ES0cYEIYW40E3||5$mpg(+DRyT|M><}yC=C{>;Va>z z1InCNH2;zU0lgt8p?kn062ZCBJ4Ac8Wb!h>Q_^Grv!-B@M=c_3(WkTojX}jU z_kM4SKSU9_*w+M`qUNVD4Ttvs>c_(0cyaqj&Y}6*GjC;abV2c$2M%jO`>i*f0QLnq zLyqqIa$pmUgN(#}cAi;JQxU&8w9$P<4GldpGAEFVj z^^ixlU*9lb3lh&o?aITNL_RJFthvI@z;4%qOebwH7g5E6rf~wke?2+>uRZcRJ1+j1 z4*Tz-h>F7#z&Cw`Cjuv!z)4ncnj4&G2q)XZ>CQGTJT~_f@$lhFi*$a{nRRu2pVXYq zguCD;QPqz92PuL@_uc}Ti%|or?b8k3F2N4G{c1&BXHuXbz=+w zBnL~4fEuE)D0>a4rq& z(ulvD`=VfAM%s0kEA2FGJ3W?$ue%JG-2p)}(OEgj3!&M{qvhou*8;m14W5-q<|-`8 zV8sf>3Db0Me#4*rYhUPo*VSkmiFGSZjfC8$pqQHPOmUctoeySlm_7X>B$!Q->bXZ$ zWMkg>f%_|$FDishXUh;&SsT$bFa)-U4;Hj@hHUGj#UI1cOz+wwmwlZ)RVR;&xAZ*| z2?h@`t}V^#93xR-j(Qs34rtz+^2|6ppZ5KXrEURbFGND4GSUdBHRC;yAECDmLGm{k z-^9KNdu>&Tq^y=TuiJ165O9|2du zx*%P^nKQotgik+!lSzOU;Os9y;pg|+Q#g0w+)uc4;llX~G?!>;X)e*w&|YS|OiRZ= zM?*u;M9;u@t%o)Hx;KIdo=g(fE`Q>Ld^a=oQ{*-U}ix=sB_J4|W z=9jbQ&R@95#7wz#m4)>hJFkgZ3I<1(R)m=nher5h;EqlT zn%)9}#x-)uuTDvFpZ4{$!{7CIO7i@La~Ch2*8Y0R+nFJ7Z^`uHD=`}`Z< z+<&tDr?mf6l0QxI&zaW#sxi#qu(rkNW%kbdZ&9~&*XMkLW%Xqg0n%T z+%0-06<*M%e-ivthW|5a^NzLF`v#-rKE9A@w$Nblf}(pcM=6a1c}pat4II;k9YOps zh=!1h)F{0?HYSIzUE}sx=;R2av-#n5*F^>OONabR8J^0-uNwY3osC<+0nP-iD{bc( zAD;j0oN(JH?slB2D^+*z)3Kiv-JagVr5^{OK7+etb+3W8&MT)@^uH9&T*B|K)u^vo zULVtEvw?69B-!O+3p|vr`R)DS-k%)2iagpm} znG3q%cG+~LeWFEbEiT7jj%+=@=(nP#RI67t6>m}05y&!@glms_1DDlAs0q{?W^H64 z1MJ1%-Z(ZQV2ENeMPLQkTLI=wj(CpBD`2@gPI$=Pc*|VuW zxucS4h2Q7(GfHI(`G)KAny@hHQ(8$%yI0_ws6PqKbrDE*&ULiRAT#`sBCwiQLN$wU{kX?T@hsRnGzvn8Rtn#rG0kvOSH`!AxpWVZ?T4jI-2vfS5p+N zD99@l%yB6_jr|Dp!!G-rtZ;1E&UAq%{CdKeB@$$s8KVn&2l_bal4$VYxsAK09!j!C zGDc_V*Jz)6)85`f0{sGOj+0R^6BLpyWdTgamI&$1%iPMAl#e$C6%yq}jIEZVdcGN( zpokQ5=DUJtJB=t)2^znH23W3JuA{8zKyPzoRU*^p*opLGe_!{ z=e#8efs>{=bpl2@HCZO1NEtq|Ec6L3BjaXNT%ryl!(Q6(3Acp1V17UFXzkes)}rIZ zwdzFL^@58hfaIY7yF+P6Q)Z9`r-)hDfw&N1@>$w+_j%(L=2GcQ_mW~w7!JqDAPR!P z@>SC?$;lkpVatLcF&fQ>)t-w968@&CKWgAOIGmrhCa!>kKu>Pq;VSr{>U;m|?N4^o zG6XLb-B-w32^e=kr$I6zmWKAX;V`@oN}jX3of+PRdqoSrnl2#U z^hOzYHK>^dAQfU!nA_vrUT>Fh z+kD!EFU!@WL~ga;zJj%JMEZqvGAWC2bC@&*iPas=AA%Xlb_?lY?R8!d%jOA>1!Eh6 z=ovI5MR!YtnmL`bMJ4H}5L)nBIp%9i&T3w~c^0RsfL;aF*aOK^X_YRNCpyktLZj_# z=&0o?@aDNN4+K#pV`{&sn+ucei?Xdfwn7t)XoM)pG$29M3sqQxOpENlt!b{b8r)q9 zt2Z{_ejMx%Df?u=_r>sFN=Cpq2Flc)$Z22Wv*oV+NhUlmMMB1C<9b}7DhnE7;_Ht~ zkef8C)+~Vtx7;?P1-tT?q?okSi)w#caiTAZy=--j2RRbhQCCb^em$8bDx1vIhBkG2 zIl=8T{bM#NuKQwg23sh?NjLqhnEh)0%3YUfu?VWIRjT&besa}gYxp`2mC)z=NG($E zBCGAl+E+q-&Z~zO6d=9whDLBckt%f6UYGcC(mN0+kQ*pAq*^^cf2)48yUY@f90QZ_ z#_hNwByUf=nU-&P=}^7<`>dhj1cXxcqbc@SpGj73#W!>Bo(o+SCj`w{Je9l!hG97! zIEpc$BBUxra)5qf60(EVUvaWyC)MwMKKXNJ18YL2LG{NC6I0-7Xa>lvKHC4|mm#a2 zHFBW0Pom>(&RV0mAEJZ2kXR>(>a&3j6MQ$pt&+}Q-FxNHJf3$UWT zBsB97{?V1AgU+E|r`6;QugNk4wM#2iN&Z5T52sdiKTaUSBFZa$-tbwXJX1Pv+8yzm zMK?0bH`ubqpAaWw3QLuTqehKC&ahkKhaPdhUC^^~$z;U4GTT~HijY|pZ)7U*ooKwQ zNmQ?AwqM388P0A)5`ooTH`OP39&98+EXxYZc6fzd!6_D0b1KWjpNny6<2cK%i#@;r zNd&RWJRGsl{bJEYv@1`2reI=5P!9x#B-mvekz-8%ssJSN!u^tLKX^eP9RtCxi*GO& zpi@IeQ(_+P3UGRnvc*iwDW5NO?~}Yf^@CS*Z+=in4cW-Diq!?WzRphPlr@wyBF>Ix zkE5!fj_6+fxP8@EP9Xce%yvU)`EY^bA+dW|XpGJ`Es_=J=3#8^I>d^rmig%x)ag}o z|8xsNSeE|g7Tl2u1o`GDPAU+$x+Xy)qaiRpX^ualquJLa<)MW74WAEUrVFJS?yZim zU_R#@O({&-;8c=hEzG4Wsf?`cs`?fTPhQaPk(4AGCd29{-{)NYjJr-?@yo|~eEh82 z|3DOot7U7JNA8w#z<*fPE^n21i4tQ*T7mep!4`IjtWpxis(A;Ia-+`#GK!<3;)VF!Df8^I`%A&fd+aOoB>d4Mgs;{-siX}o#}!yB-POq)L<2s2422QO&4 z7<&Oh$ceicW}a>_m^w_qFE&*u#74;4=w=NryDSqnn(_mC0vOU`jy`eR>hpJYO!MFlB zoZGQ4S=U8^=NbzY?TFM)2HhzJBQ22zt_I8Nt`}oGwMO}sdhWqnK*Vp#u%`} zu`C|=83z}hz_xNt7eSXNx{LMq&~1)Xvo6~f56v`>^rU_f*uxV*gCx|sLrOTjz=fdr zVOu_O!nH7R!aO^Zgkf&MZxh=3v9X7y!tT5v$M;8_$A52a2 z08_{gX5KzI`i(;7NfKh{Iz%{4%=0+PgDPwmL&>QpRlmxN;Cg~B;8)`tA}{oiLi^&d zM4h2sW#PqKmd=aebOv4?Oo8@UHcm!|cv9J5bhO;H4{zq~CMstyRIp}HDAL52yO9V* z*sKq9Q5%FbQmulq*c1;)V9VTaZqp`~1rg&zpJp<>C#^JlBuB|?AZWi3o=W{uSb4~f z_EvMwhvI#wR2x={37XnF)eQU><{gL8(5oG_=x5g8BbE}q1rCX_>F~0$q9bK%!ee*e zLOC7rMS|N1)>n<|@ahOMD7g&QwCZ>H<|hb)6fj(rDN8%zeU$ewOfFZ;#eH5M<#GqR z)734M!apdh8vcqd1CDXn)`eAD#T!D~nwO=H>HHL!`lkV~Y&UA%9DY>gY#ZhVJ&dBt3RnfvoZgon=IwIj& z_ig4&Tl}&tug%t-Pz10TNj}zhd<{JM##v{>s#pJxE3DHP_n{u=|G>KKzCmY}$K}-q zhRH{qFW&>Z3r2vbxY7Bjt@v}P#r@OrH~ZTboi*dt;mi#Xe%7z)5`AgNyOztlEhSV; z*3E1#Ot(sBwyd#uUIau zH?2p3t^5e0x|*R@CxEnBd^t{=(o$nsilKUL1fdNmzi4eq#B4NfOL7UdL(`HzFDIkl zyA#?(>P`)KfuElV#h9{?mbpB#Z}U3t*hRkX1n{A|xFt5X#CsB5V9CsU4BbMh z4|l(Ob@TV}0!`p?;D%BC*u@(1`E+teb#J!!_E^-7K$o|p%ir`?bQQ5-(KoBS#+HRo z0I_B}H-pc9vUZZXx*Of?wE6G`?VkN>-;Sg|zW;v^b@M4jB6I$UTZPr&ogr+0?aMoM zy42^C;Mxx`O1>Tz!AuUwun*X}fiZYq_rRS4g_#}m30Lc?-QN($@i4`ueD*O2;Jf{( zyLqY|AF@zrD;N?iGZSkZQAcl7$nU!uUvS4A*9|gFTujZ)5ZH$#8A9|2$i^){OoB?3 zN62rC9c*kBR$qrbh!?;uqlr=9#;Yh)^)5A z8Fo=O?izN;*w;qZY_%(6(IzI~SiQ+R33Q7XYJ2_cnicI^y-h(f1xd80@Kk}i|Ui1N8>;2*N9P^{7 zTuvnXJL%iV-M4cl_a|%23`&E6)#kvsC~uZ--r+ia1BZMZXT0d-wR{^JNzHw5d^zMD z6|%TrI?7_SGGSWjSJ-DoYu;lTphx3aoH`{pn}vsP3Kf@(PqXS5UYL|$C2>tFp4UYJ zYiNmj?yK5i*LC>vXlnU8p`6Y8*GNiE^J+30Hy!piwuDL`5R)ar6994cbibQ9VQL}x zab0FX??;2ERYD_6cHV4lXbrQATD)&t&_$CYsb2|5*P+!DK%U#4Y|L+IQFW|a#|Vc^ zx!AQWpG0^Q)+ucg+5V#{4*l6b$+cT?S2az+CqmE3eyk72c8GDz%d$!N%y@H_jVH70 zY9&Jv2uLhp!j}!daL2YM^LldBlLy@=p(K$iFblZrE!3&|Sr59ZI_!&AOzcK|apvcI z0!q(HIGjW`)ioOVrk<%Y`zdgp&Hh=VGgUu%QmIqH+qv@N8dlb`=v+6|3`$lPb{ z_eglgIYHVr4<=wb?R4>-K;7}gq{E61*wupE)j) zY=Jt-98CM?#k0cP-3~k?)DlEX)qGJ!;l47v(FTZ~Hyz(hN5tw?j1%fna;6E_tVR#M z^et)IjyZp$?FUyCUI*2(KD@HkO+%J}b){`ap!m0(y0lb15LA)&QR%9CMy`f~Gi#xB z3FL1?CxsGGY6-;-JC+I$^5t5yJ3sm0FO7>l>FVX*kgMqm-1@M5!A^eVN&EDN0rR|q znT&Fo(KfFGB_^<-kcx*I3YdV8b|DOA8U?OUfwIM8^E9&C9{(F!`u;a;a3 zJaQB5n8Vx^Euwk4iGI*~v*`Z%IuDB%gtG=m+HLYQux1zMkel)ecl9Wp#E+MNbtIzi zr#mV&K2R`a9Tk1^^#0h(``c{2Cc1*PRwZgO{NzRTH-*ovvpgg`NUnW5Y4+9fJ~#nH zq7e-P+vvT0Tag;}_5Io9Z_ehhdLC=w8*ZWXR~$bmFoRytUIA*kQf*8tTr6IAxZZEl zb#|m1s`Cn1q*Fg;XUpRjOUDK80W<7Onu_z3PF#q^m>*TSo&QjarS%M$EmO z)oJjv-X^GsUOVTy$Zdz3{$h9ActMeSTqamjB>r^bDVro~kj3ltJFYpj%u~9s%h}lB z8W>7=60Ubw+Q2R@spjKG*;eTTcI;evB?j9d-K3YmGU_H?rdWx(<7id4dRGUf*GVK(Qk_ozJA;-y59a3B-tDLJ;h0wr4=xr;y6;*y z92@`OTEA8+rjW~RETVW$tyfv4nq|(y?pi(svr5@Ya!lz5g0^mq9dxjr0Mea!lAZ;x zG8uiL$TqsWJCqE#Kf0~Z7mC#Dhgy2wu#pC6xh}39 zYwU2>ec}4Y03)0cAqB>4s8nF6?b0onas28r?B@<}#{q0$GN` zXhSD#Kt{$DB8&K(GXG(5bsuu578fJ356l z#b%raVB9bvur6`YcRf9ipA3Lj{lef1qm`ST`n4VRhzW8rvB)o&9Df-4bL*XwhWQVh zb|cL`lw0U#^$bs)l2*%zA_`OeBi*5wB=S5KueS{zyo-K<>*A2$R{He1o(;cTOre5Shb;NgL6T%sIvk>i~lw?XB@pUyQ>WX+L+spA%q^X#R&DqATw5k!+X9h}v7Cpc+S z*O|%1qt3qVy~{?7fRjS6nnA(b3GE1G(TLwUAv=;$qTR ziFBrvwi@dt3Rhv=Wc&oT@5qhTTGY$Kl{S#R=>GVAu_vcWMDQ#FVQ+9=|fG^ZAYIXGA^E5Y~f z9|m2%=OH;^ylP4a4PL`HFIwf`;!H=JD|6K*-ZbxGk-deby5k9;i=uP_&P%uh0jFF< z$W#ZN;-iR)Z%W1+EoNT>LV~)yABmgk9)+w91Zk$ISlcryn3x1 zUwW5MN1;Furya}hc4s3&rcQU&SAQp#&-<-0AOB#AYN9xs;YQrYow~6NAKGS2@8pkN z5-cIA1+-T;HXb==%580?HfWUW)S~rTQVCRB{)m1@!R=R3iF(6ik*?7|u2+pI8OOec z2L1{g$RqlW&}k>r^gX!nr?xB<klR8Lp$ zOoiEKh{=m(yUS$Xz8UYLQH&_?&MRe}@GVdX0+-Z;xL4rE@ z+M!SmN1f!PUUyf}IJKp!?wz8QuZUT zs(i@eRIiMTMn#fcw#n@5w+uNJt6I;IRSO=EKJmh~$u(lw$g&{!D26M6bIRgkW?WRX zyD~YdudC`_uh0f>ibd$YS@m=8xDx<_)Vg&KxEDx*4I$*G<>s3YiUJ+&zHEI_dB3`# zcN(<|K~h!^9hY5C0Bs&<=;$I6v8A%*>qFKMWwXrRmA!|t7->CNd$he!9vP45{jIKi zA?C1yywgl~eOlK*0e%8#)ovi^GFe`R6~XwRV9iyQYAR+bJ*^0X>5+F2luX`Ysz^FE z44}0qnwlnO6=WAkuIiL3n{hV5tqPwMtUixWWEl%y;)D^Go8*S?kG)>p%8DE>(2Cck z9O3t7c>Q+NTok=It0Lj=yozIJWZIq&!u~lgBlt zMI)xIDxNhM?b|NB>}@189GveD29pTqOHUmB>uQhP zFM|x@h3^ymtOrv-S(2F<5(>5c5%jedS}{;XEK=7YGg`P{Vd46ZLaLOKYCd~=gHhX@ zK(5-_+0GP%(!AxlFRA?daRorzsR3@oYDtTUL(QXDH#4qu9npBmtBwj*6xhl8SMv)F?T_gi1Pr6MU%RCEftT^jZ;!!z>&icd1)D1cI!A zC=qCCBd%HCOW#jh=k66*B1U%>cZg|9BNE6jaNo^gk1sCIAK&9QGn}(4F~W7dh!olB zsWC5wy?kvTkOm1g2o)IBMH!AaF(2&vuw|1g<9D-DQap7zQ-(|{@rA_FWvI>3RJaYPXAv#+R7bZ$b#Zu-|?cYxw8PfLf!`U$)}v?gqwfwTN+5rg!|_n3Dw?>zV}>EnXw(yV}%-C z$^~mib?anY!-UD@qD`{B?=D0#2&#+Sy07CX=e#ULb-*xRp&)}9VX~)J zl&dOZVz6+gzMDzEd$NBkN*5W6)@WB{rmD+T#cc^x84=TIYLfz9wXHDCWAj8s>L9D< zpTm%5`zE0n>ZUIv%j}NYw>{8a#?60gf7ZwgK?W3Er zyU67|M_j8QwmN&y@q42{%xU%rrsCtq*c6N$kb&}#XSoprHcinagTb-<{Ni0*TA)%H zW7NnE@v1&Y=yer+R3Tbl^9mXaL(lW^Now*sPWsskq+L2ZO@jU%gu#D&qvrXQGrD5w zq;T<0=}L1;6<5@EMuG`LtBK?|PY@0B9s5re?~P6XY!%DD9$ai`9IzJNxQZT}T2yD< z?7qJe&-*`~0duCGsclzbv6i9qw>u^YbymRe3J1lEqs}{XMfwGebzxH_$+K^QN@URS ze2Qtr+@WN9kc>K@zC{jd-bUI!{j{-=xmcT*Oq4Sh+;sk z^(2qf%4U3p_%L=ME&4#+hN_rRA@emgwx-!XAyceG4Ua16t&*Qew0<3~SiyKP2yP5`gxK2x@jBL9ZT{Z~YW|6_R3 zxOBe|GxBta2Yq*qzA-14$3!j&Ts_FQ)0p?#xw_DEcGAHi@EhFM*uuiP)ir4$v}2+H z3`@v#ef=RGwfnBGi!C4x@uNIWQ%npi%bdtUeb zK_;Z_D7j~8!24%Z{hY7ki@)>!%ksO>1Ed+1?s)P+`1ib=&X%T$;YD@N(H`SA%anM5JM>VlUJiO>jTbQLi+} zfHk04$A@-{yM+1c--%}nFy%%U56&;;3F#b!SJAoBJx0u%j=GQ3%dLQSU4_LeiN*ms z7&6x1Ovh$CWoQXl1d4=OSRk>lBMq)cmk0#V8yee}N#N{roT)#qH>OQYj(3cdD#X1D z8~FQ!{Qjyb{rouP>0aT)31IURou0n^l*#X_|62Z6IShYe;1k=Zs{S$!Ju|ppFwD+#(nkw$isJAKN=gF4~*9H%6Y>R(yO{@+@EJ(D* zR1N&hK)>}i^!*7S!>NNiIO||g)PozI=6iao=3V&qapaF)^;>i6A4UTpUbAJ@KhMcr zmde}FSVVk{yy19U-D45S>X37K^2N*c$qC@prep@=lnxcY<-(?v@ZvuY;XJ2XI%3>U zdt%!;(OkBb_Ng7=^z&E^yN$+jXkYalgL?mw6Q-5{*sFZqHNf#x`~`yNJ$ubEovF`~ zcGF=0whFn-E7}3rzDDeWl)*Zy1Pe?D`Q3;Jj_|;YxGZaGgi0}ggDh1Z>vj{I1H1k9 zQ=*qPv=}!yv7IhgOSs%3N3gSdS|xoafG=P^E*0*tY4cx9{U7EdZ&@VrlzVm)7B?jL zO%JWN(;O0Ah6VH8s9GM4VK@PtQezw%!NlQox^W56hxIBiq}}pAZP)48{5tovnP{Lg zD_hQ`89`A^&?S(dsCZOV6(8?M_gd3HGSmdgICSo>y!_nONinvu!&Q$4-?0crU{Z9<<9o~ z)y>~o$iEf;)! zh=I0G)1MER4rN2G6mvD505mlmJzH4MK5AapTkrp_`O;(W=+aR}^Cc7dnbQU5Mz!K6 z+NTX4cKCN4fAHQ@3_1=A>H81{yzn{ned0vcm+)WzB=)Dw{xj78nkxhg4RA{(4A(@7C&-YJf#{ zl9C133^|X^odCYN9EUN!d?MDjFdH&-Tl{F?!6)nWG=>-CYj0ZuxL;G1mMoUbb0-*_qqRIjR1g2gP>ybiyItJC7S)*)SZogQm-rN5#=~$rY=e!@0$0h}0!bhQ-Vmu$-Rf4YV|!AUps4f&{-W9gnm)f< zC+LvUp!7}*blbvk$W$7fCl%Tsp%z&o++AI0{J=p8`Gb-YYi8E#U*o=O?Bs}UsBnvK zFAa9I=advIFFGG-GI^C%H>&$BdY$*y5?K<0lE+;*VOr*fg$Vy z>uvB_V8xS~LMp#e>eAi(mKjrjg|XQjmU5g8Ny)AA&eIMjt|tG@@yu82^P{e-O|Y4O zH%k&L`w|@{5=lWfOAWdMb9}&30aK@#UmYBq|zi+KFU{KbsMiEz(s*Et*f;|D(ZnnF-)6w0g_J3kE8&9j2h>tIX zqUgBf5eCJ$nkE|mWHF)RMyYG};Yzoy)TyN;&$ePU6Sw&d-4tUF6)vrL=3eorv;qmf zzSwkee>T!?;y&q-F`QyHHCnV^_#8XPk*K)%f@&^abqsY}5fM?TAqW&G&(6iWvKQ&; zb_=-nyw8HeX?aHULa-?^CJIGzMP0o;x)WlMloP;N%8eZB1d#>YmNMk*!XrXv^yGL0 zDJCPUz{lfZ?vP6DsR=u;I2HBS2#fD)YG_ar@+36k?Q8@+ZNUM{KUQVL6ea3Ba5ziW z19xdDyiP%eC<)Yh1ft0N++py_O^;wRm92+E;F3Wek*pab_=pUncz!;I71$(-!4Z)b zgR$4^J_u_R^j;a)+%E`l=KW5Hk$nUPyQ-9U@}j(fUZiJLP~?nQ+K&|2~xeR6563u~a^MNbm}>x`_xDcU7(H zyrK5^bn}eg@JKWX!8{1m*GJO{(}z3@{azEQdGWnE>!QzB4d?8%kR|Ca759LbV=sTRhbzmBuZ(pAz3d1e=97JXL3yDh5RuBV>ClYRcU@NA@xK0PW63MZ+pP zH>`ASD$D8ucm`@v>r;vh><=(5?YFb6DK#;y4hy}SX3Sa=%Fo^2JK-|p9ny4qbPgfv zHzaC~nH(m#^QSf(%x%9}yHfK~a9!)x77vo&$fc$+<8hLdYafg{lkCfrCq)#KLt*T%>?_5=w*jNzv7eyrfu-;wLv$o@k`@&Wf+)ZgD7jCaKVLC}T0K zr%4+wzK1!wpq#QY8FuiH=>T<L^<>%qCcLx9ItX-kIzzj>W0+fYTKUcWhd;XP#+G zR6RYOb-}@;WK1BY>@qCTj*r{DN_)w`)wq9!$z9)8ASkf9Ylksqe(4*1h|j&$@QDep z8sCOVy?E>J$F@b?e8OB!V(cX$f1T@DtZ1 zn&OKv*$@rMMc4VF^mP4Wvo+qfrN&rbca^*t0>%JN!l&L!t6hJs+&F!j!7!<$x0oZH z!{Qp#5^Gpyt#mDEKECVkN_Niw1dwlajUKO%;yCT(0k;;|knNGNe$NNxOvw*1;Oke` z>B-)fgt4IA3yH!pL-4A4vp^{tK_tQ4UyV36W#ZeXS}d(wN1#n(E0-9w$~TC}s$}Ia zRg`u?frc#8`>?WD7k=t6T5nah%XT2mQ>;s(%qKLJT)0Sh+`P!rf553jOZAx^(0C`^a)yO~WDB@Gi6pMQk&6I1Kovjru_v0D= zon()Xutp3_IwUGPSZp&l*1+Q!KPsYW~pq&Z}%^{jX;=#IxlBYa%cF%~ zE#GwcrtY^nqv7bjZ4KeELmfAda!$rI9~0`FflcTZ%xuBwf&313ZMHmp_XNOoYshZi zS>nU!hDR_cD`d!jQj4WqmN2~?*V2#J5Ndhr?)cnD60vofB@hk5yFRwi$f?;wE+6vP ze5fb6gFAXmAqxg$@ashe@ldJp!7>YMN8A4JS|CB@V@&U1zRGHmB(OiM7o3{kgTXP= z337xCSVq~`W>wd8FFBX^b<}@p2Oh&XfUwl6*aQ4HUiqJ;%s#t05e3CsEg& zHBwiU?=fBHe9gOrJ-E8%6Hjs)$Ts%aD7P-fi5Z~QgBTgSx|$QKOdpl# zS+Pz|6N{8i7xM0${$uZctITx*`%cH*n@~J?jUmKJeni{OG&YsaBns`0+ z_vH!luNQ9nCDyt4-)Wv_8-li+pLp-LL0!(fLMxG95Jp%1a&59^Nc|>@#h=~%Da?PU z-~ZRDau;YZX3!nO5*rh8eRSg>Sn?@6Y;HvK)-{qEpZ0kYMo2C_^*}mDR-TE;-m>V$ z{Z!zcMFpk(wKm2kc^g;Xz=ECp#6OZz;qK=0*4<6xZPBR5YT?I-Z-V2+51qZIrWG@w z!b0SNEndA`gbzc|?A?eDQr-LxDIElmny9T_4WV#Sc0mCl(U4P}kCWf9VCeDAcz469 zfn;6mZJ9ZcV^*p%kdojdnU^y4M1SJW(`0iW$X-XR+si3rZI$gjTD)(c^GGu-kI_kt zT?I5TBxn}rD^=(0a)+&-u+qmrx1!={?vq1Yx$Q6;kvgS!6n1TF8q@>)P6H27}k6*i)rILznjAZ z9g;OaUyuz2y{@b6kSBU&ryVNrz}{S6JX`*N<^(W1a&+m&uiwowdfSfjeGrG)Ka&~6 zd8Dxbz}XAUJFI%&^_pLH#@>FY;(56#W2LLEKQB56^Ot?;55N6EFYAw^o%v64&~5?% z?D8jom!%plYDX7T5xp6cj~&(r4Rr?Gen6%QFLo#V_~V`ZQOy4&jPpmy{MYdqPbU5w DV)873 literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/htpdate_freq.png b/docs/images/hedgehog/images/htpdate_freq.png similarity index 100% rename from sensor-iso/docs/images/htpdate_freq.png rename to docs/images/hedgehog/images/htpdate_freq.png diff --git a/docs/images/hedgehog/images/htpdate_host.jpg b/docs/images/hedgehog/images/htpdate_host.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c7571f4bf04d3e861474247e2d19dced83f8971f GIT binary patch literal 28328 zcmeFZ2T)tfvM7oJ*d${x!32ZJh-fm#7&aLR1eVAmZ8DM&$z&6bZNPvCCJ0P6K_nqC zAcBb-FgY2KOwJi>vN7>KP|;9P zP~M{?C#R;RzDINaKJ9%9D!K=B_a9t8-~TI+8-IQC*6q93FW#plr@YSnFQ%(MNNDep zwB1y@b%U1VChd(|v^TE4kUS!}L2~ofjq616?}_ZrZPL59Zr&ijE;hbTLPC1;=Iy)J zeIz5jL4IB5#?4!|Ny+Ze(lHqm={XGy6B02a517TFM)66bce$ixl_B001ae6k>zAG( zl~oLk4<%GybMv@+4NLLz*?PQ*%Pt?f2F!Nd;0@A$X!Y-a?_QT`T=($Cjazrg$Zy^z zy&m?zHA{QzHYXi}xH3dPZiw^&J=8j$kxN3#-Q#sRk*tDS`c1Y<%fjy79j2E&k~XcX zZ*#6DNvLjJkB;^hEr}9I(VePH%YPr@fB)TN?oP3xL{$_$g}p->V}NX}aY!s6v5vSO zxrvr4jEd#vlIUy5(~z1g6hR65%M-n!@M4<`4nlOSTB}TQmj(j&NQull4ELndQKs2W zbDG^TLu_i}SC(YuwlQkjS5(#TgKcG+RR#BVGS6n$g4KXdn|ha}77vz^wnyoc7jYbJ zlGw9ACCSxi3{yVrl3YUyXODV0M$m&oL=9rn0D`(&Ns`_ zreV*XR-JJv&O2%!p9VShc?(s4S772S?h~KrFPotKc}w1^X81tSw%nq|ef~4Gk#)=f zDyS>AmYI0bl$CPuC~~Jhmb42|N#*?#d8`)r$3XJV;rZZ)KRciGC+7bon?D)$PigbN zRaC}6PK;j&7_D;Yf1DaIp|9P_sn|?;$4tekEjz~z!QNJLjMu8%UsgZ5cSUlDZ^SRI z0nC8iD+*?=2Hxofx~8VzX1Q7A@+yo%!OqxD9r#~JNC=8lbI-@-_Oe2JotmLnBtlh} zS<}&3s;{;cn;m?565FUWCBudz-78^OUa{Qe;H<=XKZi`of<(4m>`%Ljh1uz5+wbu7n`1twIKG z=Ti>mdm^SM&fTCz2`-+*Vg&)!r&|lL2N^n7B%dlzB5n;eYo0}2`W#1eUVi*pc#iwt z^VrKFoP>l@b-w>#26aWke4-hKJ`&rnx7xVqnmCkgYTG(?d<8oHqVz56fKj0+VPtq}!gDiu4r;qoGm(U-M`EP1oChRj}`7 z%!IpdPma=IUQ{EY+{S$6dI;>p+;j&!`CQQb1;9w1rOtsiLbxgYBxFLgdKmY0eX_Jp zy?b~)GnGd@Oe@4Sr}w6^*Y71!<`&R2YzkCPkuS4{Z?O&F@55_Lp4}-A>BjbkWHpnPmSofOoZx* z0q%!J38SQ8cEhLGc-+x2Xx{kYQk!@0*X4X&|&YPo+RoMIc~&gc_cjZBU!*iMuN|_gF6;a7EJb*$@v%(1fj@e#~GS zxiC*mEA7lKHmY)oOzjrQ_WtZu&fB>oe{o~Il#a38Qi26mDcr54kAyK=;RO|9dw5&p zpkSrLg6Hyb_pzpO!xu}vntx0iAnq4Q{gMVng=j`lW4Z!Iv)WMv+9HtBh?<5?f8LTk z(^Dt)Zz@LdFJh9^gtzq_4$>ZlS4+?6g-R#H-NU{p$gZtm?Uj&_s>SAN#Y!baC})jG zJW9+pRNx^L6o3I0#kIxbx~+qzOqx{sV}t zuSm>71Y_P0D4+Pxj0%!Hfh@GyNPMkFJj-{%YWSrWsUHf|)`q**@#p_|#A>r$5)ZFi zvWP$+t#Qqs_R+^fFqllLL2IVs9hoh``tHY`$XQk;P+7*e-Qc))A6#ZO+|8qBa(xVN zNBq`(HWK&4sEIQ1ISSoCF|1~Lhpqe93|Zd|p|*-DAP+9o8;ftuug^P`=vcAA3s0fy zY{9XAB;Wful=QA8ZLMzVQgSzznrYK&#k+a-z(dwKW4f`MRr=P3gcZu^nIyWdH@Hq6x|ZKTVyx^lwR?2~HOMC*3&BT4P|2{x zsL4QqATH=T{bhIF6!yqUVWMX8{n8%Yv9SY`f|*f(IbQr^qu@&woIU44^X&xumOS!z`@@`YPyEOx(aL}78qXQd$B#TgmScw z49!iHUSJ%F-|hA&=!qD3IF)EtNsTZ(8;hlQDLbQldazeek<2P%lrtXzH8N#Ki&Q3$ z*optBcKP8IjXut1oC{e_#~$f|11XcdBggjO$UB=g@l7VDxb^jwBhGUEo_D)4c^QJp zxCp5(VQv3ssX{hf%h`1F8s_ls+?TQI!h`F~$yipinOVlBFB$R4Egf=7=$v3WwBUrs z?shVs{d4DH`i5RuZio84P-`2n8K%3olI-TrGXCaHFUDMCrpu@ti1F!t5!&5+c2=v4 zl6`}cU#ba&ZJ*Rex=O=|kp1`xwaujb3GWU@mjkc8-qYfVp~k9qV+#cuHujp8O7rsX zu-mMlB41yci0c%5#%dEbabGy|=>gA8M&jL}#U@-75RUyNbt zjt`=wDz?E!gkXit9uAlc6n$1;?^Z8k|DGQ=%zeA(Y29~OK+U7>zvuw8guXZ4%O&Ss z5e&fd3qB3Xkt=_|lnBN}_ z|14FsW6%3Y?2)vA0ao1K)O%py-dN9$o-waNAcn0-gk?ixs+btZUym5ERiRu`a(5vsZdI!T|y-G@nj z|HVWTU|}n5Qaee=4BOvf3wj0}BdQx!xM!?FJmIFrc%jis=n2G7w#aakH>oj8KSKG7 zJUs|sW;?X$Sq-6+=9)JcE0QpH_u?}d0+mIQOxd!>XqrlI=l3BEF=-+I99=0kR(}p_ zttu5!khX_#38z*zXb=U_yyGZCxS%gTdR$!}^}0L9EZM@Q-J!F_Y19Z1=cptzQ&?>9 z6wfjiQUr%W^E3Jq{R9#b+=E*COzEdvPkW?662O9Nnd@09GAI9`jmeA6g1g--vP_!z zp^mDPQOM}lo@jQA6@XHo%55bpgnEWEjq%Mp_~E3&2^#!7M}`OA?NIaHUx@)B#nZ3e z;m>LS$Q<<_=-_Q;i@vFSk#p_F%>%k9 zwVdhi9XSmiU`eicHm8rDT3`01x${}kqj@)Q3SXwDb188Z#|6BY#hF}vy%tsduZ2B3 ziTrRBrK`=8;#~_ELc3G6cB7OO69DskHTXz`#eRrfVj*X&Sn*tz>YQ>DKuf9oi&K{**Gd`|x%Fpsss#;o_5Elr5=Nad0WGHkuHLf64r5jFe?P!?oK$ za52(Z#>DGOoGgb_yrs%e+!e|G+R@!Qz8%zzr)lTbR@pDU39K!t-W3Vgsei&1$=fB; z$GX^DhIs=V6tQpmIZHdiu6puOzzJ1wR30JmW9<4#5!WK4Ydmy4kC@Nc+!P$h+bgw1 z^mM5;4Q%d;4|o)0E1Y%qjN>w_oE2bmaV~wBGn#HzV;tThNO1 zf#@8o$pj)yY%TtZWQ!%xo-4W*pB7_DV@vHV%4wLbpHhpPrHdLdiHtdh${i+EM=ugj zJxu-NDk$&7`FwtAYgx8&4nus~>$D0ZJvkk(_hJ*My&@qKvkK$bG_TFxzoZS!*PQ2} zObYI^>PB8_G!6bT50X*(%*=6jE-hd2Dbp;Cv2!iCWCo7~2f~cE?AyQS7_cIhLo`usFwbiVl0ljpt%evp(y=lg zo%r_qQqpk^W@pqH2^~^NN}s`EO9erIO`v*7y7!8$MgAPQ=u~E4zn954_2|t_aP5m} zhZ;JGhq4OtMhNR=8Hc$Ljo0k(UI|kNH6a7Sr!BZ<;?n$j&SveqZ?L}Izqw``V^8f0I$jWGPK^-Fl)rTo7PSHqT% z=v_VIZH{!xS+RIHDhPBs!i7aaB9|O(9myx;H36FZy7%g&PYHW}l(}stxR2#d{fzsg z>i3z*vg{sgkm0ut0}EqvsjiS^{TMYhCn8+f7fjd9XC7d)^CmQ{qAMsjve;zB=wVGx znb4Rk2oW-ilXb}=61~uP4qd48S8(gP-_-sF8z?B)Sed-vRduq25 zV5e)~l3}qU%*mL#7j5s*gzr&O``yZ@`PLUoN9w#ODZ!m84Z@V5y-bang^WP zv2%KWfe8ek(m=08>VRm9&O>fV`5 zb3C2qH1G^_mtCR#wUu*`6n*m9<|wuTBEm09iRG!J4zdXTsUCQEFYU0bNqZ&OH&r+D zr_*`wb}x_rjc&&Of)-9DENCeD;j`{=QMpa&%QZge2YZpUAI!9@XbG{XT%J5atYjB@ zlk^P)#`LSMNo0JHU82X|?Q&8Mp=7L+{~3ZPT~U-MsOVX$5tsxvgeAeHIfZ();vEuG z;@CCdVui1*VMuHM9Oi~AXn(iGlUZW?*7u>;nbCMXcMaV}^@djxvsDPHI7DWdlky-u zNkc8T*}*`I z3g-n!A$eb%J&nD-V^FaP{`(z2Z6inLr} ze5_J|BrW3tTljo6f=^r26xyEFLek!1ztyjP ztBH7^G_89UEeFwt4n!D#yJz_fi1XZS_f@(j2yXl>Mg4N8H+y(4?}WZ{{+@?Hm7~E0O>`-{Y!sx-`C6x@m0rO+;dm zxLMewX+U2DA5xhyGOC+LGsW+2Q}%;PuDrb~lGKZ-U?vC$WK8aQML$Iob|+M{qoOcz zLJA?0rS@9yg9g+_y`W-PjCPM%gdE6g^`V(2@=C%7(OUcaAA}hgBgeOLnpt?7UZ3{M;z)Ogb@^`NzjicbPCZ{_Qo7gia2WHIYc*t<_9qIhOi zwWU(uV^;Ejk|3R~SZ=B05fw&;{5s8V(4_{gh0JU|g9wRy1Qx@z%Ui(F!l(=>Jvt6P=|Ae%%6 zu0orsq!pIoT+NSWyOBJ1>ny3u?qV|$kRlC)X=VUz8YvB?eq?yhB1tCH0&#!l1BHjJjY1*A_3RQV9{jA!|_@*emhN7bkuiKcr}7s zN=PiP;t9Gt$=uBo(L@6}dHzcEC^!D__l-q@QhshnGjdASTM@OkHsxi;BVkihg7ATuA>UjT89zKUE)Yb3as4n-46i4#u}KXlgk= z2!e2A)`?9x&7qUTOwM@eh#vEGQ0*tZ{QF z$QI`mz})l--@K%BcXucVdufckQ2NZO820m9U{K!=xYdVuXAdrIIx&*<;$QA-x}Z;| z34AU2WA_TTdlK}TS)R+sN_<>QvzyY!Np-;6Ku}jHQyf>n{rki;25Hzl;aAS_F-y(N z?d5VvDWzVjn5#7|@T-JL;W%kQKU2-8(WZ4~VFTow;Z^k1H^iJLRg$1|3;aNRXIt8} zj!c_@N{}MKUG*(}*9!C->(6VL;?N&ry2r zX;m@Q%p`1CehlKxTWRskOR_HOExTMVYkEB#g!$PWQ1;^iaCmlyBPB4!F7~&lTwhNl z1AdwXcLdQcA#~_F@9%p z<0f{yyrk68X4%Z>qCJ(@zsS87MK6i1Va$+6LZpf|B!~1x@Kg?!M1_6@zpSl?2PLO6 zrtGtZrSdZROqGv(eGQr&5?!lxEqkM$3|~GSr(safWzmOZ+1g|fjV#`w%#N38Q2mO- zXjta*W*HfX`720)I~H&c;3DF$rk>0Wl9XVjTsDSRcNs*n;AQHDc&j5CwKaxsZeDLQ zGs#9_rJ87cYsv+&B{ThON@w_=0 zmRMnQl!+Uj;JiI!keihGZRj}*a!XiIZr-XCoWAB%xFDQFI2|pZ_L>0a+y8oLqoBZ3 zV!QzR1UTw=+-ufXOmO%Ron1hc1s{1*Mv>Dk2%;7kRFu?JWj`KG7h(z(_iTTjIR2&C z)55+uDya$_tI=rAT;1B!xB(-;hs)%jE3yu>MlFf97nR!N#iw%1vhh9{e+$Xf%z>$Q z1O%ABqTJ?mM9FoMVR^yYkMyiab33Uh^H!b-02kAZGD#6)U zuyz^J(|7cZa%vdO6aexRk>Ujzn zl3$#fs+{*oW^z<~U;T;j2IJpp91X}8E9Ie?Kk{hW>D6v4JVDu+-+>kJ>gwQ!dd$OE zx*GW2M61U`LjY=~elJfu*07~}n8Y&4s&sm;ixkLnOq;f^o3!jRKT|zi2sgh>e2-y% zDa%BHMf1+d!!}Qb=#XQKeR0U~#^DE#BD+KH?#f*U)RSoX4f!1I!7GyWj@s!Re4TtR z!3-qE3>=GzrBCyxhhz|q(X5T9frja@*ka6+Vyp#YGVJTfIZt6V_7>fA0c_;N^N9X# zZ&7Pl$v50R{V9uqBdRzjEPA$1kLY8FaJNc2cW`J_w-+3r$*XI) zkoSvF=+^pL>wUJIs?zd=ZL<(g75qzlV|m9pwIuoSXoIs&1MeJ0HcXYYsz8}7jR`%MS5nT)mCC6UA!$$E>OlKGr9miemjvv~8sPZ=L4tG>xpMZZJ6 z*x3+%vUIpcJ$cBJ8vcG6ySD7Jsn8dpe)MqM6MR-yT|sDo!R!YJqYk@4#d|R`g%eh# zh}IrrM=LD?VAOn;nrYm!bogcU#su4E|0xL+8a+Sd&vQ*Ehzx?kvaGR=T`6+YAGlFC z198ZTR7+1tW(+o2a~-NK-*`qC&8u)&u0U>{ewrvPV*?Lr)IZb4Hzs~ei$Y?`m=)8&|UMp^-2Z=^N!vuqqn2*RB*o-07`#-gC<9ul?B8NI-FKsO&{$DJ`#3Gy6&r$ zh%f`L(#Q>Lx0R*~YN9uoxb*V$O0@R!i3)xClo+e>#`t4r8Vtjp z42@$*fUG)9vPtL$mkEdc%oUSpoZiN-0UeqbZ-}-6@6$$QE@$xsqWa8tfTB5`V~VgQDitG z)~hNyy1`zch+kbZm$CfR_DixUV^taCMAzJCyWU24eY+pWm#j0t)^bl3Vf9)yT-h!O zEvhI&w>TJ%!1~t2{?JzF&zdzQD^3!3|+eyj!DV5n)ptvJE#WpH=j8)ZGPG0>AbIew}WO#j^o-+yyX@OAu@lNOVnH| zMIXat7gx|@irs32^jgux_&(`hURNYD3_rihyAqpziD51l;qtF$au38Rh2z%m@W438 zTr;;^PX=2Rq^yd9G1oh*dfzn$vm1{&tSX;P8n1F*ez_v~P`;w`z0dvj{mAA)i=t!L z{JF(rgT^H34PAH&N8?y5Y5AG}kiK_3RC5EKkgPJ&P#_su$ zTNo2&a(9n5^s43D#Y|xWmJ7cATsaMaroiSM9`!gE5ms$4N|CjU%6CFPP9!B;3oz2qwvzA_2REl+Csu;IRG4; zwu?Z?`zkO>`S+&>h<_G%Xs=W8cvytBh#2_G(A$M|i-XpWl&O7Em?7Q^A%!E(ik9tQ>v#;kk|Dm{ zI}m$*_2LMzAD{+C;kg9@>uj8hM)vHdb<}5_m@is`&{c&!EtUH~X}qXZESY0m08~1e zc`quhy~OnarurS<6b$3uvNc|W5Z@Ng2w{lt5C`&?QRBiYOvHQt_@|Wh*UTF|QUSlU znBDvSCB$OL)fmU{t14AtaC=0}z^>gJ)Fc^13xqt4^V5^K(0I<}^X%w!#XI!vn-IhF za=b@Q!vllMH4a<9dh;LE)nh%ThN%Wvf#Y!tSp^{3BH zb~7hUvjFctNX9*=z5F%c0(RQ8XfsU%Ndu@PDd_1?LgkVp^r?BE}yqBm(&*q~Zu2T9T3yi8_hMb-tZ};Xkcahr z*65n_r^l%-DV_}Y0tBzQ8Nc*OT9~U-8lRdSyq8;&yKgYcZaUjPG$C}2S2~xA0Qvym zyKJvN-$vPEd^}KNr3QH9!sTYrn1i+2HqgAzUa(QOJU#GEiz$@hd36Ib9Rb{qmxuYK zIOGb)UW8a=2Zj#wO+qlGa@S^e?fj4`Xzc_4j4_{(?|X>B(c*EOkl9{7@4HA7e8{zz z?)UbfRIPM()F$A%O5DGAI$d{OQ9GE zoKcawVeXQ?=r7;TW;5K@_DR^g*OJ(!8S9BuESq*~tE;;C!y?VaIA?tChC9a8PcCmX!BkT0Aw?62XW6K*`R_B#*RG6HQu`=cn`941onJ-r zJuWru3okJCpyOn9at}=%Zs|vG^Q2_4r!ZfUd_|n9tPy3?Ml-6=Vc;|u>7G)-7=pQg zqi5jihId6e%Ag{@a03Lz7aLnhjhwe_!`l!d_3GKPNh?AAC3S71NcS$6iVO)DA)-j$ zQiaF`NtIl>Q158+MD34_&Wi3wrZ2?FkEIE5Yqo9OH==OqXDV%dD3hE4ASZ&)%5I215rx_-fcnav_ zT{T$U{DVjfUR5;Aoq;!{-=YWvVoZe7P*~N+ix%{|dnlo%=Y!$G(=Jye_6mJH9s(P` zA7-g^n=0t0IK*&Wn|0&RGu)1T)t|h5%u{=cR*Y4_^7^J|Z*Rd-(4ILah90jEhL7gw zt(iXrtG9#jODLkt1btd5)d^;7we%S@#Q?hjfPgC{xI~2`G_$r?!aWW5hjT}JW+A4` zqSS_G&o_5=WyTtLeT>)VN(^wui5XJT>IqrbPafPpC(kDoZDl)#}2Ms^v0=J#{mKQ1TA>dNIKuD5vq=XaWH z<{S51EFW8VkH*xi7aBFn&@ZVQv0>_Y^|D7<6og!PMdEygE2V^b578Djm7lJaSi!>X zV&O;hw){05CbbI~l)W_-+Y)S}6VR!73#HSE<}?DA`Dv0l=5^V$uP5vC}3q2z}?`{wbgf{>eu4(~rbL!`mD6^NH1m=sz|dfWDr8 zx1?%VK+FvEFavF4(xsqP6Igh*cZ|f?PnPvOsrbAi>ulnWIA^&QI>7%YIhaKMg3*@Bof#LlB#A+kIw~#>m?%`4NpD zw*8p_4_D^@Df#?c=IZAY>33e*(fU6S80*yNAD)JsM14JLj8sbwG%o)##UV#J#hstK zs}toI+}JuG`>L{o(LDj@FM)_Jc%xu5yJ9cY_k-!Izr?U=k=WC(JYS@c+EZ7&p^iKI zth7d>xG_aK94|AWpVoV48i%nzWWK-11Z~bHHha%&#__3< zu`Wm`@M#Rgc^wi954sK(`W{>!U9(dk}p@l>_*3)|FUD?U28jdf%2ELeg&2c1lQ2; zAlIO9?LqH4gCqKtP$OaIqW-DfkgUd${>3J9((D1z2g!>6K3qA~Rsv1TG_XlP$;%r; zL_Ta~GqqF65=15q8+}do9kgq{Yh=n$!tqy(@}-eM}PIUB*Rc{j*| z01B+RP|Ii1sZHsXKCd#~0X^+k$Bbl3A$coX0QF%OdB}#<&Bpn1KS|4M>US2%*#KRu zzr{*BT>g=-?=Y7%{WS4p@Y97Qt1e*+0A*9jRAw>IFlAQx|iJ7rx-{qanmZsHR*~^H@Xt^J1DF2@}$?+LIXl>lfKS}ZWQfrpmtdmzUNLHvFO6Lvq%|JQyd`<3FqK}Fi z6cNi+l=}pdk?b*a8LCro>k5+!lJ0Cxji^b?z$fVzDi|g1uY`J8M=R#rdvks2rT^XH z$#xIn%z4M|tF5eRfhg=_-S8!?fJ_=U^aX*LRshW<(<><^@L{sYBET^!e~IUK2q%FoXAgK$4H z=I^KEaZm#jnxhZ-)h^#K*5s zB#UqIy~ogeW8r5pXkBEhb`~(1Im9t30c{TiIs}`hP*F~sZ`5nY)=FKrHqzj{UG zO-|+4;)QgZABELzF`JrdbRZw*W%hq~PNOXKFih)T&vj7m&=rYTHzNkKCSfgty!t34 zp=Gmc7vmJVFoKi|@4dKQ-I%60*p^gRqRT5&L((%+Elb~pQCPAlCMtL@1y_|fTV}(3 z%cB#oSFIxA>4AvPruZ^?!q7N%`Svq#frq(|gV-~#Nzc=RD$P;l*KP(7=4$#XIDPVi z4s0q=Jx9$HPP@0qXgJw1yY{l;bBnCumRvER3cGmj<@Us1!h(Z119-JjuWcsR4L*8N z6(8wpu!1ivmWn^FDmM7i*0c6AXt5bZF~<7>RAug>P;1Pr&Hqspsr#T?(swvX1JTtt z9LJ(lp~xk_vt74^O)PPqH1arx<#q?*+7@!n@H#;ejmM&iO%`Rzh0nB|3}Hp~swD=A zhz+%bmIZZ?z6#Hsi0W5zxi@EnHp7pe&`JU!wh{w3<|`^DwEvDP4&h)I z4UgZMG8%YRk>N2~R3L#e%GHG#GrKA-F!NFX>GZfn6~dcd$GMf`H;J=P+(NnOGt;H6 zNCL?cjw~*p*8LbdsEKYYPAqt;5+k=jp9(Ze_16EAudzH&&dz$i2%Gy^s5JOnN7EU; zpy#r0Iwj{s*fAjE9_17dV=pWE!%AsmP~ECbCK;!# ztq$n!9_qljlxF6(J)k@nSeR3o4z!Lv=UU5S%G~xTN`DU!%HirVV}b2$4u$n_|&($5|f_GA~p7|Y}4*K3if(z=B_e6 zxM$j$0zjZ)2S&HJDW~n`6pL;1ze3}GcK`=Dxfq#(hA5kj?15%?Ep+EUzv(H&_Re}bO_j{xQLReh2Gyc#5BI^i z`k4spo=5u@hg}X#*PICibYMBJyWYr*JX?PxyI~cO+;h1nmGS)h(68i)B(1|+@gg*D zWe2@#&K(!nS;R(~dv<~gesVj0ojs!|o5(occ4UvH)zVi}8%pl%a#zT7+6-Na^U*LCBUtTBBxlM#=XpS+__%9LVJ;JSN)$qBH(_NWiMW$Umaz%Q+- zW0d+FBaXMd3j@ix6v=Al;84;Adkjgv$+tFSW+Zx=_KcdHhri!Jh3_%HzWH%3B+6CG zZ76^7`q&3GbE}fe^e950Bnp}AQ)de7#3z990CmIRMdwq&j)ChCzUs*00qOkw8MqY{ z2OaTU7^7FWZ@GTF znK*lckJf=Kui53D#J_$vl;7 z4;}ZInRTfS_{xmr@RkW5YAZ_iZjctxrO4z=8=Bf1?uwRf-`V=+!iatDw>EGZc}S0J1_PL-&d{w z2THjM?nZmJ-zz?<(usw97A5o8O-vQGjX$_n)_v_)!A~?aG}CZ;v=^KVLh5GHhBYdS zyQhN9H|@2RP{Tjk^nUrq`A3~)-QOcivoXvY#mmK^7E4DK^#$eW%mc^!^HZLR*x4n< zGvP2-{g7P5Jx`YMvdQ$sHdN(eKKMx zBSSHe4mq)&-LaGa-j5}reBAXf2o=KuI(}H&S zh;5)-UqZ?Qe9hhmNI`dIK!BA=X7*%}sVop$>pZSm1?QZ^$-{U}Mumgqtjil{rXQ(8 zF%c%A@SZxMs&Iq11@x-LgXY+p1y&d)4i{c2d3v`Y^oYD7+0?5S$@W<+r-jmY*{nt6 zp7iM`-JQKi()t(vS>a02HPs<}V_6nBC!=;vixj&7WJX zo}|;Qt6S6l#oR&7QiZ+Qb;!sl!Fvom(ZAvDiQ9v5+#1{#JFb3W1kL+c1vC^3t6Bh) z`iXb_&<PK1rhs4jWy(?F8NTcN37Vq^if;6+Queo-xA*h=HR>9_PwbuM>a)_s3{($ z9^q8&`9iy#`_RhcdRpPNy-`F5`#Ad#3)eF465Vt-Qd<4l?Pchq%owIvSLj^)$ilK` z$TzJ%7CiG^X16P%TBQw6KV*uhK1owI$ZE3)FQ3cZH-OQ_Udg2<$Z6COP z#>%R8I;HTSHHIajqYB2zA{4_z;^UBbW)IF@7FliJhC^85ut{-_9i|t|Z-ygu65J7@ zQ58tJEpq{yuWqNWK@|e~_nqrTc}rFlC-&?Pv8&gz`x{a7h+0ja>p^_RzRQ@UV$X@X zbw~ctVM2vLox15siT$eYZuYEd*TD8aPz9&4C>^ZoG`EKBjv(VsAW=lVkrCMbepNlr z7b-jz5MCjiq0-Am%Z5`Bo>7o0rJ*U!qO%8{A)15agS$pXg<1DA%=0Xd8(VaWr^Nx0 zxdzu;I8$3qt8t(Zy3GG$if?UBeugJl_bmelriizLm076P{dpTdoc*Q*LfoOHF! zHx0_DJiBkN(RoOM5*^;~T#=+a6*$@FT4ZJvH1f`{Tc3*NcstoVi!C8~qU%7=%Gwnn z`TUBa#C42E(Hk5d0OQy3jQb{c!&igg@Pa{N2L4O-mF&$2Os&$7YP))6h;LjMneF3v zDupXf+PHc^1IFG{fo8aC&#&>-jq!yMP7#tro zN9h($Np1&dmY9`6X7Wmt+6dK|03k^ruW0>(1dy4hA!1Qd-2Xs(#2#QRGrS9yKll7v zV|_)EpKc%?+4e|kNS7@6-lw1)!scO!q0Qb=Xtw)7E*-D*Vq7^mPA6nOw!U z8kY}y&iTd{^p30hs*cP0t9n;fKD9V%mECgH%&KIwmzTE76w8SzQGPFH{;X&^yV_!n zw(8nPueWB!yT%Jzo!yfu+s$JWH~rW=mY>UJB`z^KoteAslBbhUq^hQ#l9JLV0WUwl z^`3%VU4dPT+;22FAf;tElS!~geo=wlmD~2$9&#;SV%)i3qyK!Y_?s>HM^B5dsh!lB zX;~1fsX8P3)9e2XyR_dgD7nA1_EWs}?<1E=zVCK_7M~WWe1Xpc|8b#P)}L|y+xeft zF!|KXyTGA6xa}wmCVlw%(`;psW3SKT4TA%#z1TP>p?H)aN1!L+uW;kHWjFtA=LnTm zoa6h`rLOA5{?x^FdJ%h*-%RoLJl*utQ|EB}^!UFQ<7=6h{ndUy>1X^swaLr(-m*9P zZFEwup~!XNhqRyXw*6=5`J;T;_1E;DvFpG5dy?}@`hMcq-^RO_uROVBd*<0)EBbZY zC9;xL+`bftP4iQj=9P10a#-rJR&^tt6Q?^WL;c>gWc_<{yZ7x?jd|~dLpOBs#^0S? zxOdl5;kyq*Hv}N$xYjl`hksAIlb^TJ<$FbFj)>I$-DZ!gOTE;0A6lKT;OgI-+of-> z3bef^8qLbK{@vLf_wELDzWcE1hK6ZX1wsDPG zHX4kh2?UtWK2B}j>a}R$_PC>~53S@=`B5s|_FH7x?aC9Eq$ga|^*Q7`%T92Kod?zShZAip1ReX2kIyBXo7k{#=P8Xww7sj7Nqe7PN*K2z1x9=HsrXU8Xr z>96O`{dXw5I_y%(#pP`C`wsoR^-+86s%>pkw?A~c`JX}J$J{ev`$K`7-scqmYrj+d z`O$viT=={dlB_NNj_=Qp)+t}&K3`@dZ?x@W$K&`#-~5B7-*cb;)zIqBGMgle>o4|B zzOwZDgjY#MGZ6C5D?3glA5-qF>%M906<^7>Oj)yEqR;e~e#%$P+9y^sdPcQ^f^jsM zMw7(A<(!#5kIjr@C7zbJ?#{a*vSYH6gR3RSa+Alovoi~ibDWtIb>7=N^!U6;!NS_o zV_I4rZLb_!U4#g2F#$H87+v`#Z50T%qexf4L|{I-0cfOlZq)V47`}DyU$p()mx}#I z(qC^cixD?m9ra$j@sfUtEyNII``F!^9_;Le8ouzw+RuCC^gl}edV6;|>zS-;yH7nR z>AuVFnm_l&$NG-**Yn=&&`S>6dM})LN!*Jn?V9)Q-GAKbc9*9fESB23?$ZugrSHxc zqn}sV#6L3rdV9AX_l&D+%cmZADZWdt>%R5HNBpLru*9 literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/htpdate_host.png b/docs/images/hedgehog/images/htpdate_host.png similarity index 100% rename from sensor-iso/docs/images/htpdate_host.png rename to docs/images/hedgehog/images/htpdate_host.png diff --git a/docs/images/hedgehog/images/htpdate_setup.jpg b/docs/images/hedgehog/images/htpdate_setup.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b95d0967a522c86042070a46491f6d12d94277c7 GIT binary patch literal 80843 zcmeFZ1yGyc*De~|-L;eimqKtY4nd2hBuI+|5{d*Zw50`#d$6L#f=dfQiWJ)7POug& z?ohNsaBK)WP^GJf zboBHL^pw<$OpNqQ*PrSCxd_2OBZ-K~uLsgoQBYmC{y!{#x&aL2fJG7j5di~$kb!`R zf#6RMfCoSTAS5EVE`Wa*QZix^av}=Cf4ZIM0RWO~u_-CYNU2E32*`;51cXGyB&1{v zj5nv4nAzB^tna3!Ldvh3%?^etccVyy!bU9EGwtw+whJVsO^kdUHjtnUgm@hZ#4E_YC^^D9;-~KXfNDc9u@PNQh1r+>lZiNaQGn(?bH># z95&DUi4<;86o&vG?(PCIcqAY-_I8{OVCUTZjL_gTxcsb3B%42*8p z%z-YIdEXXwW65$|h-O~v4L$25!l^Y-y;utI1czQ(3~R}?~p9-TrvpNv#m{NoCXmoI{OH*&|{6en{HystfPKfDIsT3d<5hu6SMmB0V1DE}IG z|3jSYUeqVA^=sg@u{*wZNPQ3?TVrdstbPr=(BUB7Yv6sq9r6d@?slzCPV=EB*U0-< z`oC-ck0Srooc~pKt!PoVcYeqXeCWu|>F=apGdn9@0jaDUu| zzlGbox}AP2c%aMNExD(Hd`+_Wf5fln<9~TyVXTvG_cp>m@E6aOX;#yB!_CvV>3gdu zRLwOW^5rpX#$tL2KcNV-B?Y-53(Taud^w$rp;f30FN|S-;0f!}gYx@@`?_}w7@`zX zROISe5RGj!R^|wyd;ZmKv3){*hxPNN56E7QQ_+6-N|znb7&?Vp+73r6_8dKFy0S`q z<`x<4cojX8-G!X@I(w&>=M*K-P%lxuqRi^(EiAYskg>F&ZW%SB)DyV>>XPxQI<=ml#JV5~~PxR3ZFydD^vVEL* z4IR69<#Acb1^Cw;$o##5zfa&lwfe6L{eQcO#VP*)!jt%I(?v5rC^vdZs!0N;c#SM> z$W_u5&K5(sKzhNT(~*J3^8}ol=<9jW=6Lun8ek{;V%}!&l&3gR!OAZez!W?Axe~pb z#o^0K^mu>bciN?!{_wwT-PgRP3$|~MwSKgGHv4(@yY3GFth}7_lxY4BplUNj>E}JS z3wyJ*y=cDF8L=Z?Udr>`e}5qtE|9G7rQor6`#C)JZ==}J-v#+kWr&OXG8!wAa0^@e zZLB%1{*{i0W~y7~Mri6@C*6%-+rNoUP^%%@7tr4~zlh}?=F#+u^~G|ow@5tsYMNEv z+S%o-fGupg>0r1hz-nk14+|k{z@2V}_ghWYT5wC#ugByQ1P`fZqi|AIWuM4!Xxsma z9rgYlQx5-)HUEa-f60TtoXY=RR1>^Cmk4b*Rt#x9Qn?pmS?umL?)`DheYaNF3=>VG zpOcQ6c1SH49nPe3HP=gopu4rB2>m1DS_I)W2XdnFfJ1KR)Vtj6wuK*VpLp5T1g<3O z8^4DS53Ja`C3n|d=m^cu+XImzFhssWN*Z`%c*N~xUc%!lw)T5VpZ@^rZ{S*%$#s_L zewk!(3E+t$V9q|CFzn)gw_$$>%L)WjoW z2CtHD3*WbUP$uE^ZJEbSAD8Vy&=A@dxSM~i2tWmU7d%{ zKR-_0-XHl@pm7lz{VVtn;Mq@jt3%2Y>#mr`l6wV9hu$Hi z$)#N=>&vIYwswgZf)9ThHg(wF*c_GrcO437Zp3>Io*7*v?7+l*)GHte(1f?#`QzJq)#Y^SJRs=sND&tS9v@*!SLj z>GJT=OGxN&^}+A^9sR&30R^`S+vo3oq5lJLdfH+0-Q3~OIp)r@81nyDHST4#;sSJ5 zU3m}xoZl)##85RB1l_zXBXdr_yzx~ob4U{XjC*CIsn%1naoR%%L-)?-W%7>Q1re^~ z_=e4{*o`{x3tF-Fp}oipuf@B&jBH(WzN zA!0@-*#iBFQ}8Xt*{06vn&U^(fYdi`4X>NTUMF>@&|Vn8f|`LAFW(PdEb3X0C1|*k z$Y%+@WXN*b)lnF|wB{jKBNhQ=Fb?Ws;$iH2>SU4JI>%Ieh_}sS8G#W@--Nwnmu@3d!tSP{xmvfSBiN8524btGbPsB??VzDLURpr zmXyowoH(t`B5uM33fD$m8Ykrn(@TpWrkRZrj=E)UjqTG79{gIPwqN%VBv2Hv95uy| zniJ9Uy9Im!^+ocT-ke~%(xphjN?X2i;{;9NL&0vO*CkvJVcnMiiO|uU6^|2xCvLdH9b!W5NN+)-HECFe9 z`Z`0Wt(2{Y-ofGRQJVT8gqrqMc$Y7z=HPAJI~k&WZ0;Vt+T74A+-qOv7{0q zyWzx183lXF0N0iCtI_%A#FKkC6jsC}eaO>1UEyYFtDa~50DPiUI2I-%3LX{IPfbl> z4FJDO1qCrM(uI+klWua{ISA+LNt%3^x<;<7m+_|FI=9eVl%?NsFf;D4o2x|3pkV=8 z7*c@`H&5kEh&SiR>@s)9(o- zoitEGrh=>T7D|E{V_>wT71wZ^q&vMgqwp}iyD+MNP4&Q{mp zn4xmWgFPR8#~N$XSQn?wwDs*RkEy@>B*S;If^c&DTApb^>`u-EMh$+Ef)zX~)a?n^ zP+SCE8ZbH`*6OX!EKEMrQ?NVSe+VJeovY#WG~6v;&#Q*JF34l`vb~k=BA8<)F)xyi zOPe8{p13R;P#XAjy5yIm9*uI*TxO=`)aCfY?D4P!y zDX5tMJ6{&YeA7q{m6JKVkph>jVyOV7x1XPxiH;6Z&8g0jg+zV@D5}RHMQgR!5x5fm z%4fiDDG)L!lVsHs^d0%aBHp*TJqj~pJ}+RJ(!yL?B>*XHzCvVh1nXpoDDlElF$oC` zv$S5uni(|y1N=81&1~N`E*p5snkHGcPmVV>i29^@@}pu2`rPdgV9%UwpBbHaOgV_)c%&Ck7lL}@? zUT>ztC9|n#r4%wqbhOGe`=QDD-He1+iShllkL``Sfn(L_W%$0_(1RMwN)nA$B(F-+ zMwM(%o@~RYNhyPfp$ooAI9X@VC5wVmcAuYZ%MP5gpEoJcrt#vaHHDgkc)0>4s~veL zNWgBg{q~!b6SZArg8#09gwt&Crz~B#H6iMzm0dJTnrnouJKPR$TZuO{4aVqo2{@R- zIPmeoTTN?Q7@d5_-ttxDXZ(&1uea=My!ps9rgg5J%h>nU&qU)gG7@p^zUMs)A;&$O z5+YXNasI+nrTs~($ah9@69O*fe*R~3*qYNb6nmcCky(IY&@^p@WXBSRg7;*|NFNTq z+gv^&fmE*di>N;$dZV|0aRBop^AtBNU)waLZtDo)vT#y>luM-fS|&8_mwMcv)_YV` z&9BCITbcpILphymmd=H^p?jRPiZNLRnl@ogE1x7`{o*;#R%oTw+3c&~=}w+(%m*V1 zwM)zgzI96AXwwYE#38j?B9vOPn2gNJY28c*Q~eqww2A}sSr+H*&$L3;wmRP;Y`M*o zV%oSFb)tNHWOLUg&jfcs3Bs){S-5I#)R`A~&sF-LS8;(^A^y2qHXt#zTgvzn3C3Xw zXRjvtc;^SBt*)v}rO*256N*_ zT9IlwslBezpDg=UMOAtR1scu0T#CVlW&$4LcY2MRYssu)Bm&KxqYPx0rPSHQGYGJ- z#B5rm+JrN@|DB`V-OW#;g2Hyq7k3|7NKmT2kUe;TbUC!ngzk@Tm1bwlBNkj-v) z4D{9Nv%-`PC4B~e@@=FYs))TSOn}Y^lFjcTw2&-Er zJW4r3Ti6;GHKO`#VU5UUXD%3o6g@1LtAK6q%0s4gWb_Pj^b}W8^Abt&YWB zvI3W;6?a!?tQHcv6Uq4pCi5&n%7_wvenW#Zu!OUKWeO+$L%K0}whRCuH6cDWr=pC31k|L0?F4*aARQ?H8c9zx zM_@)EWxf#N00UxFb}|v^3IAGkra)W1ls|jyNr#=&X4nH~0rf90$|UwhcQaUWp2xXl zU(G!4Pr8zdpQ=Y`D%<4vf^`?WPYuLMmFl9 ziXl&#OmNsF2Zvw#*e0zKO~v|8uqLOAiXd4qzY28?XP**$I;2U9v0~=C|DJ66hiYi? z2gBX-ugUtdij6SwbN{q5cdb~C?|Seab8odYHZt}HyE1GK7b%{ZX2{(R0x}Y(ND~SM z-6J%1x8-VQu7qX`8skhOY^!IgrEg?Ys>wwyE?MAHj3AX>H-%O61P~>ljkHmnV1}7A z^KlQ|LqNfr!Arth#|*-2oPAb;+l*un0lz!$JCvTo(=tNrLeg+=a5Hc71$1(rV=v8A zaZrdwT0y;5LYHQ|Qc)Q}p6VaK!nEurRgd_jweWuvpHw7MKh5QI`xX4Mae%je;+jLc z{pCjdT`D|XRm%xom?a%aa(4WqOSxMs1DxuZCzW?UoJKYctXN#1=vQ<5WSJ1qGyKo2 zEcaGr&Vas8=nfww9hclgSzLCB*p0z{r2SOC=|>l#FdooyKHi|JHeTB0I&=9{%E3AH zZQJ;bF#AKXZ{$y3-(D7fTu~o*O;y;Ptp7l-$vKdUIq_^FXIbnltw?h-e<~Y&F_>y) zLV@yvtQyA6{AHl2*{m??O!Y=~*b}4Eu(@=I2WAKEGu=Id2`mhbZwap z4hA8j)gnp)hNBP=?s-i<&^)I>F#TzTdDx7t5s)*ihsNaEXA7VgqTxf{4K-1ird5!V zH_i4B(3q1X;&!u`pZ^wbS=o87#O|`ey=gy0#g8{?aV>p#a?x;^DY71J{eXQoYBcMY9=JX4 z)>ArI=^YRHG?6#7)`Opf%}Wy+U2^zkIkq6sg49eschg|jQ8<76Vn0_Oug#ux=!^HR z_gx))2q*nh9)s-bPB>LS4mC{Uz)A7(30Pu~0htiX3(>%L?I$7SaSBg38$Bl<+ml)m zD?eY9e6w~r$DNKCGUX3)zPrsKyl{=0q3FyQ=bG=Pw}aQ5?>wOPAzq*NYWp!K&=dh{ zm^xN9drYlD@^$HLCLK!Op0AM8gN=^g!?%|AqogZfhWad&IT$zWSQkD*qyDKOdPJ$Al3;lLJBPc zjaO6E7sIvzmmFOrSzKHw1@1>764B08uWf24)9h0jO(4=7VeB)7I_vXPc=J|6Lx}KP zF(L#cqn_%iAGJKYu~IK=q`^7RF$nPJbf%3;XwNgsW&cG)D^tNfDd=PA!FnA3#8%o% z@zruvxz#=+e}{{ge#%sw=WM!b#i*E8Ja{_TZI|VdMzrj(9RZmQzy8-lz1B^oB>F83 z`QeSS)Q@-9>5q<6pmM(FC!xPj#Muzuo^!rS{!9f)1%{L3=NnH?+3kLYFVD$7wS0D( zCtGt~c~%-bVfxu@rvxLd*QM38r%=1?^sOqT2fCqU!~z=3zUd_*;u+ca1}o8ul>q4& z!4M%MQK$rQpVC_ucAS9jv_Q2SulFZXO*_sR&cQS3AzPo+$DpYZNpWXzoZ(C}sc z;C*SG`c5O?YQv;}@KjzneJR$Yb_1t}$77of2dVf4w)AQm2q)m{#)C*ksW(%^JpAi1 zY<+Jmct|4GICmq;bQsC!NOgZ)NXS##KP>SXZsls*Nv~byT&?J}N{22!+3A~)!F=%K zc41tA>@M0v5 z0fhx1`+ZmGREFpv8A7#So&5&mA7LU|csGH#ozq>1KA! zz(#ULE4;Bx^HXZxguosT8=K!~-16l4aJ0Kme24dM4DP}DgZYduPm{t=M)|Og8|nTb zzU65KcJfyBm*oYrp(dou;SHdQGqi}rEyX0y?@oF5Qh1NQjo8n-ggtxf6Y0CvA~EF? zeE$z1m8mtr4&5DCKh-+F&$_o1IQFnE{jRy^!KS6%7W+f%t4JZ{Nm&M=P%}J@0geEC3O=9iBEq- zsY*E+3$wC2nGD996wf7%M3b&m^eIUTHreWw$ID1Cs}9+kZZ!gBzykF;!@ybjmj-xZ zD>aW-9S?6DQjsb09%0uE-md$v@N#ZCzwa~o?zRwgZ*Y_@osH66WhKx}NF)2l#TE;%1>g3rK$N~0gSuMW1+7NS6WfMIKUUK|CG5`3cWye_kKcK- zH!a54EqdVbV`^yz~2Q}f?#>W^vKlAIIIpLHm$1e6KEVxOrH5HFLg@=()|?J6>o-EV^&w>o)=jeYK^juSxT zy4%X%obiHKy{|Tj<}Zt>(Qr1>7IN-=4`N%Jk;8aO!bXZ-v?T21yd(pKUX zfc=v_L3aFA-fq|uBV-yBG)85Ar(e(*e{qbwgoIjV{Y)F{9wec(8k~(D_rD)9me%muWwq-Wi8S z=@!=(ggz4t_>i+ghgGL?$bZnTBG!-hVOZvNTRMZ+fRp)CV?RcF@i)P8&BCq9o#ia5 z402mVX6-F=D4(EYuRY0P)h4zb<}%-!xt&MR4@fN)@)gpOnlkHW2{>&iW|RU*J`nh@ zqYV9#%umT-vO6me&{O9CFe*kgSbW5`9 z_CF6+62B-2JjFuhPv6bVY^@#0=3YVfyo5DNpmlpD?}#3@cvy1Q6#ZH-3e~n?MZt}9 za3+%SI1WVpS2ML>Rw31Rm1+Wky1^tof%k>6V~k==Ey6m`V&X(*(Q)dV4)0pYiIBm7b49;|4#tvNO1hBvYd;_U_`f61&HT4i#+BgpCx+O@<7KfWf;l1G9QU8n6~pC5D*{V>0o)UVoN8%Nj3Po z;ygE-`NfFU#%qrJFXgegqtbHof=m=}WKd6kdsaEHs%XYRgttf`$ldNr4a`nsKFf4+ zyZDpiW{XXc9oxo_Qhvv(nGan>xBRtQ5DIyS^9D$E`LL%era=w1nVOmicM}{n&F*0v zk6+aLqV=(Qwn@3LyD6fFTqVQX$A&%K%4mT~1e$BH8`V+pwi1toeAJ&#Mm!F_#Xfg zqj6bE^v&BQZ_03F(%|AF_vGT`JM}?=g;g(UJkNr46Bq8mfqEsh1wt?2b%K5GnrX>v zYnqENdpnOyq$z-lfM;RZ9t?C-Hoi?$KeL;VGrIrq-iq(< zMW18JjCXEMkGU9&eccBuwDUCs?Z7XL2S5ypk!k(h(}u2OnR^a~;|{JVmT@c&nkkp0 z0~6X2QPP2YJv*`bp_ebbNa|>LN(4p~O{Zh0eeMMLl?t0&YKDhQJ7UgAbs60FPy0IS;@_qfxELFBuuDs%++QqBv!3ZA z_{5;_i+%(hJIKEq@$dzS*{jTH-!zMwyXCOEB(yHGC4CCjS>UQu7x_;$gGxtrX-G)T z>0rotvbk&hO+L#(Vh04^fDkfQ^3FMYFRbT2dG@T!GgSeYp&>L)3xAy=2LzsR&;-e< zVe7hU3R7G}?~#3(J!!6|jA+pT$rv;{sp&TH2u-YZGVF>4n{rwp++_<(nlLfRg5wj; ze2?;71^U0%(IAh?$jRn~guhZ)*AUdx`~bZ9J+-FaI7@V5SCsN44h1AmUB`WD431`H)7y|j#_y?NUd)=PxB|Lfeoo#P$ID0ChZ1)|!^T0Vb*zw8yhX|j^c>g{z zqY&GmbFShaSr6tZYo&uH*dsZ$1YZsDLy#@G;D>o|>tdHR<3!?G7Z(=?biH{LHna96 z1nqN3Qj6sIWm~r2lhQ2G0iM#EY~V}UW+Pg9@)bVO>8aCCk>J5;&1U3hEp@%;)G^U zdU2_*BJG&) z-I`dBOg~UNM|N7vLChrcYOZ+OAHZ)>{7dD=+mqRwFFLiTY(Q)TvwRwYzu4Tvo?(Ox zO9*I#2{}!=v%`qGj8j0}Qf2Fm1JzX8bRPNJ`EG-gV~otv>3vInN{F&?&|OjdB7V>DcU6$ZcttQ1sg$HP!Cb9^D=ET%~MEbuz`I z##G1oRK^woDk|dPU%02#5=d2C2J#87ribYy+IlHJcL~khWTJuA@%*BARLs&Y-LbBK z#TbvO+j@v+r0$K2CnR`SD#@e#$N1hpc34vgXASA}u&kn{vQgEDcw^GTU(IL3;@tMy zqT0MjYF&Z#;>4&<1e-fg&xmiBMI_{jchugP+M1P`@kkbIiwMmQ(7q7|_I`hLg{wI) zm|Z~51WnT1SEmbB*O4&(soKH&@T?f7ubkGOgH^*)tEtefK!*;NgYI?z& z)oR)$4%Ih?{10i=G`<`^TH+e+E=+fd{~cPsx`nmnnc`%vVBBfpVemfl;iI+1_c`p(o`Znm9ME+IpLp!!0S9B zk6AenQoKhY2B6HP*xo?$>s2#SK8+itYDb)pAnra?q`j!ij+Sx%Mg{#)#c%q=LYMG? zvw5wE)!;a;5skodFmNuxlV!mC__LUnFdLUi9&-$*oLs4XN>`IfSYJMLwl1V+Q}HrQ zsQbPO0KTgj4AV8D5O`N8wK7=FT=jmU4D*0tD$m2AWA3{yL$I>LYOjCc6iAn6693b>fk}~>KtkI@9d$jUm0)9Y~=>NeR60oh$w;NdTWIDB+ihPU3tI7 zmg^)NGzgTQfd|f}L($b58|F20PTRPo&ja6T<9>yt=Ph#15iQ%1pHkR2d!$L{Ot-CT zPGK$GFAN$=y(%O|=Q6k#Ok)dDw@m6`45_a5;sfH_xleqLJ7&X{xgn>9zXC02uIfQw zT^LT_B==_+H~WmLj^7@@P2hPyIc=@7nLZ)(Oy#qJoD5mA%YpJ|BQeQP*oI)(R^?ks zbg(*yIME1;d~C&!`%mcK(}kMfCT#f_{wtVxiB^!Nzf;(&kKgjqDVNJsDFRN3fM5j^ zxjU{;bUY*&5|aG$I{a@WyPrWHSh^3W^W*^aBZn7A4mo=hqt2^QZN}HM-rLoF*QtQk z3iM`c%nt0gudN|I{I)_`^_`D3pAS-%bmR*2T>um(k&zKKU;7OFVu|hu(am+#j&7=d zF1MiA51iB;*jp0Z&`?V3x5x&o0U_-h!ULz*-W?FA<{~$`K`04}B90)_!di#VNla<> z01^0D7X?2ax%mKwH!=Jx3~X&8+t$pZG$K#N8y_~PY0X-Q z;FX?23SW0cjtvXF-_on=WlbGZb-BMbr_%WhN5@;;{yxddC$NRE+Rxk-rXV*AX+h4v)#ckCmM@s^IbPoSy)A8V8U1a@lY?Wo0ErA4 zXqc(F$n-N=LLCJy4xcFDEbu{QP)NGoZq*{bS)#;i1> zYY;EUjllNl1hM3~V6&{|&&hF+YqCpxxBJX_jYGTIk2n-_C| zg2onT1CeYd>tv6jxK$QnC-jJyUvn19s_0vNQ`sq4^O~jQb7~Ozw(Vh6HMu6OS1*_* zU+70%_nNrAg%W(I_t5I1V_O~V+I!OW!}tQ0hTQfNUsO9vOvqzopmb3|a4 zp^#|32HRdFj%t}uW>*s1XXZq-tE|ZDGqONNR)`hi?~4@ z`|qUV_8~qgIM6u`H-XZuNEAqwP#$;C09nbL^FK;>$CE{0VNc^6^TUs4jhgqPy1qsH zEgp#`t-{eT??tBHmSeeu>C^6qBEEOI%;Yk?QU#iJgz;DoRv0JF$VRRX?V-`pC@Du< zr%Vt{w3$HS_5nPcI2x#_*0Ne-0PJeGc;(D4AqTUpk3FCh7cJ5;keh};JPJwFa z>VyqQ5NU3Lw4XuRcuO-1ry%59;=s`!v$@JKwEQNy_sq+^jq+%WD!5Es5UPx@X$3p z^^XS%xK}ia_lY&e$=4H$z))D@#-?XEg`%&mf z8%PIL#Gfr%h=v)vk2mb)LQ`|wP^QRn2!%O=Fb-!17PaKwl%IJ)>vboeU+4;z8zy>T zCTD*BT0+YC*I_>T@hwU(<@qM%9z_%L{ZWfOYZ83nUHh2yDeN$$QYDAgNN(SPIla;V zR58pi!vu+{U_ko}0oHVklc_$xi(eHjaBuS-lycU5(bc!6^9=3ahu&IGo4~XQ!~3 zfgNZz3l;kYy{x`b>nU&*xvktS{lT+@v_0&r{g4Q)YJOiuts8R=5%g58-C3>02REwG zsL9Gd&CxArq*B}#+u+G!S9WaVON1vt4mw5i;sn-heI_M|Oy498=4s6@x8SO!pAYM% zIn?$Vncn8tRr0|sTJbf?_-qV#NWcnQvt9HHw3!Mx1ik_UpDz3XT;6o?pemF8`_+;fVo9eifwou2HpKRs?RN2LGa9|ek*GV77F$oEavxeePA=68G^|A*}k6yK2 zt}rA-R63QNSVtAUcYb>c(u;rnfyTocy>>bidC`uaZ1%7yx3mPye3>4m=`z6#qb!oN zcmhOZ3kL;5C}G*ciJ)TXdZb{6)MY9yBTor?m+=6QS`&8AZCyLs;XqD|lp#H23n%aN zJTO{o_l21(vZ%0jGTQoZq!=sv3O_KK#z)&ky2iv$=Q1}Na^0oZ0j09K4}2*6wj8#x!mi3+xsek^3*K*JR@rIHYd;hWGOt#-drSu zi3-k~IgqFvqK5))IXe`2a>*%=fvFJQZ_ggPe;_y!lOd{_dm5c`l+wX5!Lt4`-CjbBrx> zB5PGrbL{25>&?fCf;g!!kPKV8hQ@N*2JIqmG+bqW+`8TI%6zOB!#;dGmU6EKN}>de%a=KpW+`p^l%9(A-VM zmXNQ9V=Kh{`gHiD6%sBs>Wj+wzU=0zGrq z1j(yXbgZJ8q-Y9-u^PwK_$RbSxZ2Bg=&D||wXLHyDSuB0C{4ZqdhRp3tNN)Rsvw8! z_9*{2EFRXcbdT?#_1zRrHZf}2$;@?6jQhVeaszFzwMbt3_cd}fi(OQ84Ebfq+mwNa zVm^7gL?X)VwJcmvz*!glt?OeJV2LRdcEgwANTzG&^Q~!`lOXC8ycr%u`-R}wqdFNj zV_Sxkst42}(J_ioy{$zhrdvo__;QjUQTjKVr=utKE6l~uGs8iQ4dx!#89%~~tU3OP ztG!vt9XyW}aN*=H*w!j#^h&-+(6#PJke+=ce=GEgMXX}&fig|yY1vM*7|!*L2z`mg zif44W;S+?;Jf}{OomS#C18dyT=a$OqbbX5ZI^XG#s3-dc8v$sQ6R{})=H9mBidE;V z@9BHvkogvbKSH2(eG~7NObbJd(ke3q=@&C6N;y*+Cg3Th6_}btvH#2hj+^r-(wG;7 z3p(2{>YhBN51`lGo6bSadXk6l#NsJpSI~Gl34yL8=KX?YvF21q2U_#HCcdT9Gun>A z{wd2jIff>OYHE5I83^ArJkvEbexB<}7+vKo`1^$a7YSzY~m-=H#zaTpfm_-A7QJY>X6ub)U3Pe301OxK7Jah{7`skYjMzDu{y3;T5t;tn6iy zZ!PkgM9biG?bx(`VFA=LbW(YX`6STPjJK1;7!MCyBws|b%kD)xz+q%&ws{5PZL$I$ z`6i>SDw6uE0}=JdEH0FlcSda5L<4&(FonvQ)pFSchM^?|IuG zn+V1SnU-?E*;&W>-tl08^OT^wz=<~*ma&yD4vnEX^lRJ@#Z%i!`9;HFh)Xa+PscSS zUfW(T6DEBgrnr$gAhQ@?JP@CORBO6{kt3rqB_mY%9KTLAOG3rWXW^sFDr(1s%CM=K zGM6{ndp-N51vZJA|e^G5xOrvSe?n< zgRS`O((te8JHC+8y*0#Y@3a1^(Zk_15d&QZN`Fks$A%9pB+a z+%067^RhiPme7Dbj7gME9^!b{sZ3U-Tpr#;XY-aUKlN}4{Ka`?@z0;jY@NQ#r5ZT+7CE9$y`na|GNnH7 z<*Pd8SJvH6Ki>rx=>6DN4J8S})qlSEyXX2O>h)=H=X^hXk=4g|#5yUTCF)W<>p@>_ zTYG!<_!wl&NitiE|32Qc63;)7)yCkKx)WQ1;q9O4t)p!>g`_S?lktd-q3;LDl`@3J z(my%@IToSnRmtr3m&=1JYK9rNO*|_$Z?@-Wq`l^GZSXcJr=QA!STN>IxV#im!ZbyK zZRTVEcJ@H7HBC;PShg4p3s}PgAXGK+QTaZG&hafx-+htC2kI4Sw`lXjXLy+(X<4jf zaf&hzgCezp!*%>!f>`15Rb3()X7ml^v0} z8>hZ_Sw*k*Yf^3`8902ipgQ|X8#U=|T>>I%OvA{%0}v@Jvns>%au=*F3S3f~GBQ2^ z^^&UQSC6=cnk#2!mtG&(y8g)Xb;Q}m_z7%eWO^%>Ey%H=#A8ychh~Elpxqvy?rA20 zKcnBD5Z#MCz1zrOh#wkblUF$*{>l83ruNNj;0@cre3Mz8EPbqQ_>Yg~l}(BZNW(JoiEio(^iekd9Gi7B-t zbpDuvUIMgix8-$ssKDegryS{+FAYKL36S49#L{%o%XD+ICXGgCKJ85?QbZ@j;fW@K zKeu4-JnNXP{?23s)sGIb*2VT2pS(7tRC})iZPeaY zw!SFzTs9N|e^l1dIIQmwyvOW5SjO=Oz*+md#o)Am$jUmWwA}{VnUwacV^xRc^SXH= z;m3lDE|-Wi-C~>JBP;AQw1^aH$)&v zF}N@AI`MCyYeP?3-#+P+AJ6AGvKu#jKbD>tWBj9O4uKaA4^!_;$Gmu=K9G53!d;d# zf$nR8;`fb=V&wQvr}QvXvU?+qH|0WRY^{qg+l7h34%F84|?fOY? zhr^2;haS93RKH8ZHT3D@Z0#Xpv1um`6)ienW4$@cAdKyZ9jX19?#ZQ++FUG<`rWn? zbz7?6AWReYGM<1?b~wI%2Ce)BCVJ0m+HH9-dyA=IpAXr}AY!}!1F|AW2vj%w;#_r0;9(v;qjj&y-g zrAP}TKGYs2+^6OP(_K5UyLq zCo!EpOa#XA4RQ$7M|v2`;4T#(X+HE7PEhk$1q2zw^{MuU>#(~Cc4jw8&W6qcjQFMG zOyV8%ue4u7jTT*FpCj7In3)?H19lT;8ywp<0|kcFVT116KfUEa8&wM{Hee415SHvV zW0f;&ugLpTGzz~1)@~WoqMU6_G z;DjYp#1Ybwan8_=8IUfd$lHKZ2?nM6`_w6n(C;*3(oQ482?)kmht9T}h$BtP!wua) zpXsx?S2ZSwr`{i!Xl!z6v(8Oi!$8RBVINN2?ilEZi9`yNMh zQ@l7`64E!Zk)5`~vEBrDsN9kpyBABm)N1z?6Mf`(7G5=GUEX+8mM@E;wfae{1gUT0 zuoRBQdwmsU4_No6O;W;Ot)6RM(=xqx557^-_K*}UJk8t(H|CwNO}nLq`RO`=7B*cGw#gaTFNYLN`nF*GP-Ni=$|fC|kg|^R(~Qqw zCE2;H{sT!N)OMR|wD{w(uN?_VUzddf*h8W{%X85%6VBID_BIR z#ej=-5EbX=WUU)yKZ%xJOLyeu4ARV5WN=~-#yJ~cxy#B3)NdY$Najq4EZo_!HJQG> zOZZ5;j^DMQ42vtT;_b(i{8Bcs-k*QFknd113;eW6X93z&IvAIXLQU;HMmfIxMjGUs z(j$|#SaXUD^w&9TWgg%~tQ2!AqhGG2Qe`><=E(%oxSb2-8;gr{8)+8DO+nnFy0$Ts zs_E&Ee?DCBc&S&fp&a@RPX3-^v*~Lgoy_fLyCR7ntq&dDLTaP`>(0$`A6efoa% zdMwPV=mFKPm*efy+U-V;C#GfWW~tC*YF#WGXN{V}?JyWwfMehVfLWEYlk43~Cv6ym*WG1>9(A1yV6t+8?PDsGQ6uy4vD6&7ilIXzxt~ zi$DQ=^YwuC3L*k1TfS~;leGZJy$A)h#*-xH>xsDqbyh^SS{-cZp59+Y@KLC?cM0<3 z@9^9Tl8>}>jn}vW*tx4jin!T-5FI_*|4wwA_}?2xk@iO5?U3o$nlk_2&&E#@55OId zk_4-O7m2d|TqbKFEe6OvOS?+?#s^E0ZHf6Ph zyUfooVADP}d7oxHa=e<59p9#@2-9D$swxxzpy;YhMb@9IZ3^MjFW1+k zuV(`$ueaM;s|&;r9NR^rZ^mXP`iWxuR5kO}Ua-gnjcT1sluWU2dHe56{5}FW5ZnJ| zS|VHGFZ=cWEWcWv+I*}~{11V<6S94J69(P&!j2EBU#&wO9^Nv$W%k1V>XDNxzV ze7YH4{6>pX5bxo>0OFTzqk0Xgi$G8j#9bM+Ezt1EefjG z$GVOJN(SAwP(53H@{#zbc~8PZO%j3R3$+)Lz+kbs*f$*yA6DHVGw8RLD(eAEn*A@bXpY2>5#=0hd+4ab_~kYar^K$suzsq5R3`nbegCG3b{`{a?? zQ;U1#2R7uZg%i$4=6s!@KhOjI$t+{Mn(A)uN?tT0}9D+;Q{?7hb%v zmf)Na6d!7L-ZzJf+Sjf3I+p4dPOi2z^G|SCG)&tosYld`KaM%ZE8|-U z>+5-CnOM4fZ<*mBJ53Pga)z}BaJrhc&zOL_F%~ahN6n#W#QIt#Q?HYvq3%=ai{#~s z14>v1=^cMK{Z`8JY7wdtb+p2pT3KoAVv^)pIZaj+hn>({RjI2I*WW95>Wu66`^u=l znBw%4eK6>oF2utnC9-RXVL}@;F=!*lCPxjKqRcqQ2QAZ;;jJ(E5Ek%uYVl|J6p+lD z1M|$Vo%VqXuf%mlNFo|ofOCvGroJo0{CglHkpd7ZKQ4h~*@sm3gCjwlsYyOS3HT&6 zpI)`zYVT(U=VExoekb2A88)M)UE{*R9;MflOjmVs`QO=r>85w3_Dvvu|`Bs5gmrnxU^y5R#qq)oPnn^R82(I7t%LOxp2xRj+3O zvX8h5GVN8}sDACQ|AOVf$Ct|B)$FiHBvx)#`1Uy|L)TGH%D4G4nhh3tMk79&$y(k< z5~+!0NiHxjvhmLFw9-R+aR=wIB8o@`PVdJ<8U!{4yfa}-i>ecm6H}jW3Ue|OnSt_1 zn@2dAU$$5RT1l+$<5Wb*7OIzWId-R*q%!sLm88{-FbnDALJX5Z8e{^ot8qJ$`PHlo zqE~tJwl)a_jOHU=FjJSwo!g0$E9@_Nqhm@b?5!m$$Y>qx$sTevkeG}3ba%&yH0?Cm zM9?JdA?`G6^y!pUWfF>^tDcf5FyFI}n4eU^=MhWmkvUL$ySQm)quzmMgCE7drmS+* z-iuY@CJ99iZQ>d-#z|9{hwbG>Nlus5+cjPx+Sec-(xai>U<@pog37)$EON|DdROT_ zpFTg&$$go+tFi`fAHu2H3I{_EProfn29<0Xz%~!r2HK_&E`l*Xdq(;GLohd|ppSK`m;#R)R)K#w2aSMwGPuKl z`V54b{VtxBPqO)KlPwTm9FVNdB~65Yx29fip0`@gf6h4Y|LC+=XZrs0hjb6^!5_iG z#d)l&S=N;IUk!s^bMe|bQD_fAA7weoS0HBas=4+;!kyHAsOAj*->SKpWMML4sV^=z zIxGeDqlFggcNMNVccEG3uOs6Fx!cz8led9-1^sV2yL)2)!!xOR9c$gd~#kmJzJPs*fpI9L0n7kPOCgIwU0_N8?e;~ z{Qmj*j}{l>nkfLH=I7mUj$YQq?;SLmWV^KJ2V|DGy{6ZCmL*Ofqwh3Tj)rW-Xfs;VFU=xRV9KFice&Zb!YvrduSS(^Xi_WLwvCB=I#v7axs$#%!=c<) zXSGw>+!6KsgGc>?061;QaHZosu^>&Ra^P-zJi%Fei1*F6G}+m4B{n6Radj3rwHFS3 zpJR7h;IuYGH1sbu2bj3T6x%p3Q@T-!52!Xx^ar>k2B@6!KtS8g3_TDaojk|V-rzca z98yumo>}OnCz#&Nxjn&o&lnTul>K79JLkbqLx=Z&2>P7@G`G!_#HUsDS7*OcGomK7 zTEh&>KWlh44MWdeHYesBHwT^$XFN;w5Qzs2Ybi~-Ce}f`|BOYe6F%ZSjXWWmCyi#!ORM($~l!I%x)3_O^6xR0+b*QdXZeDdFpzm$>dX%U_es=7&8b{Pe!s> zvg%b0eC!XuMf;HH-abl5VVB-=&g_7dmA!(UC2k%Yf2(tK^fVN-(!KK)IP zr--tslr@qEvvzUTMYlJj+$6I#{*s~}{oKj1hC1{)!ttOC25XA_ih$^&7ZgryD=Sg$ z>7N=}Je~(zUMnd+k>vtA7YFJ#d~ca*s7M%)-SuGL1igY6S%>T3^e~%=fC?x}tr!QR z=b1jn$eR{(MT1VRD(sh}=kbjsx*Pn<;my2psN#G+1%08Z2uuE4T;jI#Qp8DeTL~$z z7=S@XcMhwfmT0#v5+XNJi(0#!A;g^N-@bJ~ndBQ%ITawj()o;5VeYN^sn17${v=VB z2j*D+af2BCmxFOgx871?C#+b0%l_uWi=+~I-KN*p)^IT;Tr3473ZyKUeP9E2dTp3j zNM7=ILa@_BsKeGelHe9~{Vm;kHJp%pqYnLx0P%Z^ z_F6!=)x_C}LBuJo2g+V<=omL7)zhfj63JccXd0FaO;Ukw(39EAR{tTGBIC8YKv~*9 zoHyiQy6^T5T~x5d#s}yaHAJ_4VcysGVDeXHGf44xXA zD*vOhcp%s0M`ebKN<5K)O4F)ozyw5CGDk@rh1aq$M2wE8*i>3fUG6@}Uog8UX_8^h z`Sop@2Av+7HR~}8_#&&E&GGS}9oej|jA2Pc@&iKb8`Gx`5P*RN2K^_qykhUs&2diY z6>j?4)hZFu7CU)c0(H|8{BqT3V5y||WJz-<%C}0cJ!+q;_(OalAM#+sI_~#}{R4fU zpNVFbmYNym9F*=@BeM*)0ZDQcXVdxP#Jrr;%}wu(lxle^U>zx#Cc}z0Of8`7X>Hi= zpDDrTC9^sHD=zY~3$L+Hlk~7Uk1kwH!4cr@`!Xqx=Wp}e5^|`Zp(C`|FFdSa z$;jT0r@27oto=PEE6qdiv z;J>i(ia%}f*myqNca!t9#!f4}>#M-L9iF-5w+jCOZLR6M?>_bqZj3{rX~R{^XNM?r zqMV;bln4Z1i#<<|Ua3?1vGX8^(>upnZHF)mrQwtrZ-1cX5#UgL^T${8E5(0Ov;X_1 zm6&F6Z#H)cOD=s`;{E%HY@}R5ZR#AH6qBkM81+$sQ6swq;t&$NF||?)6b7Z1i51S9lMP} zoCiJitNGp8{{7&8hvCq!OlSBNeYjM2X{3O|Xi$JMp3?sQt98}@Cq6~i{^yfyqo_-QyIpO(b=<#{F2wzhqzivP>wmh4|NooRTyOpm zu)bygo&B3WKuF~EWf8FcXx&i&(exkYc6ipyX|}M#QF6)uEPfOZRn4Qhk8*0$)Xm9n zp%eQX+u}xUBlc`z$}{wu!jRB6n1&eK`an zGRehGr3d{(Ky(o?{8)I}I`I#|FT$7-LK4mFF357&W-8Nd?}WSQH|+jDJ&mRo#XA#? zdMwtK=C^uuIJFksPb9Ul^}=cz9D{O9b^S-9LsoJr;RoWgK&!`rGKF0|7A0b!DfSnX z%?7F5a;t&`4vOtUnh#t_Sqd@i0^ve5F$?1Fr*pB1z}jI>yY#{cADDmKtOJZRIVJr~ zI{jV6;J3YU6-eAvPZlheEHC;fEK4X-k5BF_PW(dPX%uq#ymex$Po?SG+sd$5iKJ}K z3RMsnjkUiOyGVuodYpFcqzB)0lbiLU#a1;J=&RF9^Rl2KJ_<7CmlvUB4KDFC!hGZl z4bwN&vmwJ>8l_G2peB1UF4V(ftOMR43d=!{mJPP5>C8kUf?Y1|LMREpQNv_Q;23R5 zr5B&}NIYJ=ulfaV>8`NZ7uI)@C;*R@_X3k?3OEG2b>o8lNXc#tSF`>h=(|eEyk>J_ zg6-<4y*}0BXY2x>d@j$#_;TD?C>wm)KKq%wZQeS>E(KZEi$YD~i$#N`w(A+GqAZqAmk&2bI+`YkCw4n4-ml zL~dGpTjPuWDmCP&^Dl1V1m%>tT`dp1nzbxU%YbF?FXZ461DRJhM>?+9zhwcEX_&tS z4HQ2Wua{5Y6gPp%Y*$ z)2#xzg?T(7&j9K7ZrXnti0(5`R|40e@exWV4bgfykwnF5Qa&MPFa*?_`hfh0Kl zH0)>CYv`SVQ|-Ah3-ZJggAJ8a%~CtQIX>O%JPcRH5yl}R?ckHL)c!l*JG@Nf*=yV9 z$JbwvV9kA3)xMX!q3!W+qCH@B-+XB9Hgkt-Dpw>wIi$%1-^c6-vzw|ES;LM%^s)Tf z1r4TLz;QG@T!z(}GBPl5x}kCbZSjR^7r;s4(`~TBkeVF1azBDDty#VHiQGlH5@%Lu zvUfwmQi?Y@x)+s&uW79t{YebFrmy?Lz-*6M4-VJKW!*8TJDM^z9eg~FQrNgo-3^Za z745oES9u|ETf?VX6Zf@d0nL{EE#I3ZW5I?O(kWqAJ)Tx^%~U(_UQno>BsdV;*NPVV zg2w$k|3fg_9GqIgKYA~^=a+>zT5fdZxid7mjOJiGcvQb!L^E=lxiZBj9e+>Oq^GCH zt6oG!GKRO&j5Z=hp~a@Z-eL8|2Mu3UZ|>;^|LUxra{2N*=C|1IfYHAV@5>Q|4d1V` z|Iv+N!soxgopZbVA>d#7jqS6#5c@THapQ0Mip8H>oSj0RJ{r&MeK$rj`1@V!Z&22| zfwRuqe{c0~gP^(g+qnHYF|O~#?nmy)t-ork4*w9K>>eGpf7{RUR47o0`9tuYKK1Gk zf!9@{)E|Q6Z||(vYOd+8?5+uhI=3!6*VF%P7$0+szES>O|4Ow{Uj0plueQqKd@o~1 zO0*M)nwlHrd6!*|f4oG^^!hus3+`t0h>dzg1dgn(%-%Je-~X$+et(2m%-%l34CvQC z7R`Qi{GA@R{htcR-v0}yXRKpWX;k=E$Eh+W!Q1N2C>0fu0$6*RqUar9=PE_bB4^nw zvP65mR_5gF=DL>5J1*o*NfRwQeBxXnu3he9GbJP!YwfXfc&9(Z{kH~3wYIa6%0$T# zl-b8O(3Lw|0oA`Zu|SOcKesWHpCs9VTrIjx@CqAv%t`zpV7@qUOm7|%h~}(}!D)cf z$&tL$n;J+Zfs3iVqv>|LC2AQiwVufq8?bDYqu{o}S!!_uMvzSXord6cA_s@|7QM}; z2HB8B+uCI>HfnD@zbKep87)@xn&A?w}B_W#NM8nzSF$q=w7(c zI5mH6cYJ44nsKl4$1mz7TxUS|CFS*M-$2xv1Cvr{L4(t-lpBSqAyM%GA8B+kLb0>|1QbJVsbIqw(GwJ^&=1mzv&@2w^3Oh`qX1vnq^zxit>MMLUTL-e&k zyV}5@Hc~5Qzj63JPFG@13*6t%gJj7AC*R>tZ6&CNq?dp1U3IcZYKcMgh;qTmOV@^9 zHj^?$a{vT63pXu-`}^%Gv?dWUnKieAmp|Z2=Z2^m11Z~WND$li@@RhZ1d>XDI!OP7|coG(?QWeNGz66Q|zchv{hv6mr?d-r}N9N3tFdMUSUg z!bHDVJRuYOaihdt%DW&=xtomB<_*3Lqwh-p=Iq{E2C+?rBWi0+To= zt)c7C_2-3F|Da7Jm1RsZYBiw;}`yknBI;DXupBJtq|%uP6#7%&%hpkRg`V3F;X=7&YznQZ7)KKr zJ$2dY<cPc&PgQeiN6~P_X330ai=K%3sgj(>iGDw_>I@QjHVU{A10_n>E9tLJjB4 zRN59rMPsn|6elJJ2!d|EPeN0rZ?E%pJ>pEWXQgmXEEv)n;{+MIsbg=RNl_4d4lMEO zx*Q>9-|2}WZ8{KQA~LjG&oqf>2{B1h-}ak`2m+NW?x62;dc)a|>U7g7)Q2=a6`$3t ziprz6G-Q%~n%GQ-Ru5>r#YcB8{% z`yJ>~tN{IYzZ0WeK|j^sj~;fQe^LG+zynb$I)~yKi*rAocJ4M?#J!`Py*AdLd>6yz zKl^S;WMzbZA~}vtDdN6xRMn) zHRwHPe<&ldMqX~!pOJg{4C9_FIefQzG|?vAKVE8=j%JtMD~+7)-HJj<_I31~{7bny zjt5Kl!t0CYTN_@8)P;KAeAViRH<;+vRwA_h0>#S-_|S+RD_7cxL{ja#9b?zLbR*RRuQ66QmXV6{3+CGyFF+HJ>A^U0Llwdk!K`V*>IkEyNFRljYKc!W^; zS`q{So^z&2lD`QB+RX9d06pvUPPY@u@3w3seXI?E~sm z4gS@n;U7WR;||`dFN^rmVhEp|mTVT@n|#OU&*ot2U!ng!H_)t1#%y-!er2nK#u1a& z!F#ZWZ5?NlY($-c;)4PM2h+i%BNhLh`J)+BEy`P{Nrq){jP{sNbN?-%{bbIdO zg>|qP6iRFyk0adHa}?696V1#feQ^^Mb6bEWD!y?pTNk}2n|Sl;bs+lncL}pEU+Upv z3>pV)7n7W_Ap$rEk0)q7Us&31`$=PcRjuIwC8^g2{~ggy!&m0h_GdxO&hN`MR-_{# z+KxX3o2E8C=uYMTsPLF+<{xV(m5m8ctw+f*<(rmg?Zz!(BQ28AWG4}~Fjk$Me+WD* ztnM`0@O9UT&^PnK78R6Jikyul+4on8Vt{97xEAV&ufMuxk78}6n`Ud zV0PJfj{d+JJ*SSz;g-n=41>8x59qk#!Poq4-IKz4quruW5ho9`WP21V*?G5OR9m@c ze$cnR{Y(Lpv(tM1(?8ZbUUbRr6gXt#w(41X6rZB$IdCw0q+p*H<0d~Ud6&=E_9>f- z6#zCAW%{%KB)w`PA1&A^LL#UMsJF>a7Km2m_D)f;s}^Oso-*kRlm182>a#q?3)2piM$w>z^-e(+cH zL)hmN3)n7~1&hh9GJ}H*XTL;km=D4)GblA{R1{z1GD6^RUa%-gJl`5hZ)>+HDjVXO zUVf-kS3AhGO~%@~-OGF|gK?nKPwZB(t!J1RP8hS=v0~?5nV0mht>{{AT(%?={F0V! z?in*R7v)xIxctoJja-v9> zge2qlTT(LiiyTW4X*S>&x87o&-2}?T%`7;DzJYNkO^wcEpb6}Q@jih$~Yay zB=xtz!_xG~^E&27YO!iExUB&0JUpG1n=Ap-Y>1h)t*r@rnQ;H1hGKw~%F;6flM{!C z|7^q4`t_65rsdLgtj5{V-2p$&OTFsw4dO*t$;tG!AAEgGToeEFVEJoPHDT+A@1q8< z%TmfbaG8|zAA&H2hCc+wa-N7k1W)nz7_KcJ-*f+Wv;X*tzT)Z|KC~+7Ox?Op41e&; z>hkr)%Z$zud_XVrzsIgHtA1gnzjaNU%|JY%SRGf3mgs<%1N0oFx+UV{zG(OYZR?Zcq{{yI6Jie2gTExG(2i$NW|@-Hr3-#?6DaF`%C zeQ2b5`+?7XR|&4%w=I-&QhmV;l7GCXryk~@%>~;}I-eT~TvAY~(c2&v_lj~~oseko_v+p|5RSQAr(VBAo@e{zcy$ zzi8+9=A3V*$4Tot@sB2c!W#WpaI*;VV!hZ>YNG(+r?QHbPB}#di;j-K{2|p474d@? zjHI5me+ZVO9x%9nTtZt4UsnxWG_3=2iQxJt}WtvF?fN+=HinV|`{X_|7#o+fn&VWv-59qNy$r8|F?J3DU=muyg!e8^35IP)f`)`Wnj?pfeTfJk6-$+AjBuY1{V zVpC5oqOL+vojv9amu`u&KWt}6V(D;mHCNC!=qS1JXHL7VjO=@Lj6tz{gxh<2+U@W0 zT%$D}r6PwHs`-%INA%DpE3(;8<*ca+kKrcv@(PhYYmFprbQ$4FW(+El3#C(u0}blZ zK+`5(9a9Bdu;r7DC3;W$8qIeePx0)~T8Pupl0IM5_{?5rUXB~=f`>4Jg^PT7qD=h4e#$!3*e*1L-qem`EN6G9 zWBaTA+huM6)UE4ni{cm`m93QxnSJI6Ml(`8J(}m~Aidr(O9aKqu-pw()o3l2HR_{7 zXUHK|yDDs^C1qe0@t9X?x(%VCQSQOqZCP!>oZIO%1)y~A7+BI|gY-{f*?DX>4_}VV zx6Zc56_>5|sSfGgd*<$%k{UaWbxOrM%)c?zXso`3#Ihvc94%)&PK%h1wt*xk>K!Q} z*ddOsNW@i&Wqzl)VR7DWb5Z!`4N13;%z-_if)PDmc-#lJH4H{^X(;b2F+9ZJIQiw2 zFl==plKT|N-OM#~VrD58IUbjF%|MQuxr!H|DOUN(CX(}STyJJrDwe#M$N+wyZX($qJk9A(zc6+ikkcxhZbTpf_?bFM|%`2lAHhz zJN0TkeJb}WSgw%pBM&}O&KwD?iA6lsH+pDFi^=e_mElXq*sGS7yL4mW)`n zGEP;zH%tU#+6ti$_!`*iH)tEZ2q~}_QoQ|!4>BJO{@|iCUi*FNs@!OY8fN|3fY;T5 zsI;Cmi~+L3R;OF~MNl@gKL(XA8&Oa4lhjnhk;M5DMV7F-Opq;l|A})XY{Y?AH1W&p zfrx3g&x@g-iF=z251JwmU!FcP4fSle>OG9|lSSj=W)+BDfrCee5{i(A;hEO9*7^O> z9QXoZyTZ*$j85q|2d5OX78SAj?*iJdlDzddd12{+sc~oWrEU*SzIsNV2rqs~uY}T- zD7qdv0ZN2q3RO)9;^uNoL0QK{K}SY*Ei@oeyvd7N^%R{zKu0z*|5)JliW@&IKA6=y z+wKI9>JFE{>K2_z2Y5`i9*!xL0-KvbRrkr}8#^9XReRScIX-z|$f@QRmL=16vqb7s zZ7_5*E0<$BW>hx%dL^jwn}DIoI1gWG+)S98-SZc8kM7V&v}F5AdGxVoU(~X!{%DGv zB&mFAk!#v0q#?uwIdsCMoH9<(JGnP7x^TN#7hzp$-LafS5{1azY_1KTyGrA_F_^jN z>Kpqm408;pnSThVkHljgz|l;5;!L^iBZS$iJ#mg-L+I}6O__=yG;z+gl|66Jy?pVD zTKas|Pr}JbXX6C>9md=^a}wc3QHDqsZyzAhD-TH`p(lryX}=RS+q~8nJQQVUri|-H zDopO%$!iBX%sucl?yEQTf3VriRt)mzSVkiwt^a9W_}`sy2r=OVxBL*{hQ)2a zi2p+nQhWzU6w~i{oArsc!0CsPe%miaP_!<<{sbzZ5zP3u%{RKTxupRuCns**j#q!j z4|%8Lx#{*6AQGpY9!(^kJ015Z64dWY$-A~%Z?NorYhAA4OOp%xnHh7~l3a@~eQcXd z)qdNS^2ocbQIh#3KX*3FRUipNpQ2i=gXUo%gfDt?e8^Itgw)*EA?kYMH@+m!Z1rKG z(+fgjB3Y#6;ed*{Dp_@6?8=a)(i zAPZ!O@rpi4u5W%dXnUBSzf_IGUD2e>qa`LPUTUK2hKU^=GmPdEQwl)H1gTV61D;Bf zk#teA@0z7ANbDrWry^p>e+Sf+PDZ#hSo^5T=|NG%tlgsi4+@0PUn3XTz21guQxv@dNZt*HynXhm3_r%#6_v>!D7!jBiZbaLW@|n?YViHiJCL*^$ir1qk zo^HcRhkfp}eyXi3;iQpJGDZ>rNJ1#^I+m%Sfj*-+z=4sFM#GeNMT42;x%0wtuWvMnCHqW%vl(p{}GJkzLus~a{#^u)0FmyJ*KF%~znIaY|0_G zqy2$LO6{a38*O`gWXO;<>CM_cC4zI?+Gb^f_3~v$MRi%My}iSTXe>1A^!@l8cRR_a z#h8!kj8CSqZ~<|CEF3w-em_==A+>O7O*@42V-mz~FQ|x+FH0HWDeEqZ<>f2@yD1S5 z=(*t|7>l=|@agpq)t7EE0of2ycL$kES|#kD_ptG)54Ch3fRa4%<}>c^gq)sbhJB$H zlruK2cd&Ti^b{~t!*p>aw;?`&I`;H=H z1$Ry13S5LM!df7KXwHn7dK$E{Rbey1oPq-~HDKS2M=EP8J z`;?}b=D`~ceKcQeG}+?9wujw(qNvbiNzU$?Eie?GaWa7{tfz>mcc9;OonfD<9QgLO zIg#*@dxQ)JsROmV)&_&7pM=ELN6Cg?qJX{0!UjXyZho?D`-c7PCE*gbp0*VC9msk; z3qp>E6g=~XKm_g3=%e6NHUeYj=C~W(MgXmxwlJ*0)J6noUQfKeQPLzVBiOlud~M7( zL(SZ{Hd58vI!UDmFL&IM^TUEAaMjaE3E}g8EM=+PbF|slt=+awI8O zwpRGcTm}D9EsdyUtFzl!0@hAYm3A-ytXqS6o+mbgalc(Ftj`*wW?XE0zghZoQ6j|b zgt;!hdMwbegf;AY$MN=LGPXzlO42I*`{$H-=vEf1sQ=iXeh};5xaf6z+rg0uK!+g!AR0+*1r&FF)U5UJ`w$wep8E43UVdH4hjS#x%@RQyO zNsrbxwzdn)yy4UC<`%eKq_jjm-my&fXi#Uq=BPdHs}8QNL!B~^_DvxA1;*7ce_)|y zI53Rkgumu3jl8Ykw=a{O?^xe{`#U|f-HXEyl%qgV>C$Bm_!nm4P_lQlHJ5hpS^{OL zs&pTjJ(vB@&tG#*d6kZkza=j^g(T)n^_}wY?m-;jXi?E?Yfg#@4k}jiJIa;4sP(7G zL3*a(a#RA)Cz8`zHTNp~b<%>V-pIaBtl1z55x$<5+yY=@bRe_HK9gz`uNy8HT2!lX zd+y5^#M&q3nB&;i@)T*eK}7BN>ZMhN%2(FW-4El`l@E$knxw0c+_#b{U`VT?(A0Sg;v(g`#3A3Cy z2zEl30>5-gku_=rAG+#-qb8^hKbrp`V1MBYd;u3L)?E|u_?GP#d_v%LqwLl0sYkBM zV7z`cY!Xpe+7A$6H>1gQ!SIi$>!EB_{!-sni;z>!v7W}N)u?;wJanRsyS9oN;3FmF zEh#J=0|DY!j~;IiJW6o!&jw;r3A;16laqmDhAk#XYN2UK*pq|BwOJ{X;u4&nB*~Y3EMgaJ}Z*oGc zG=Uia!KT}}WAtetAilTU1&4zIM|vj|Fty5`xjW=ZuFBji1=oi}FKB6ZWQ+{?qSf-A zti!mtndMR~%)%L?x){KV(9QaE&WKpBoUOl`f>aCxWR*d zpS%yFq0X?=so8sFjasdmm7l@bu6Uh@g)pq@rcqS?pqyQ$%6&2%RnW75c1XCY0_~Ps zh(E9F^1Hf%>x2{1PAuXoH^DZSN0@V{t!v{@Sp0t5P&W5#$6<-qs9eflI#Y;8-L6U2a`(q1b8!1w>R5P@I8k1-hwMr}cn-$D@ z-|vZ32HpGK@}tBAdgF~%b89x;8bQ$gSg!?l1fQvvYqVa0nvBMWO}(5K30-M=<}Z6) z`y;ubMW8|BZF+w3QMb^S-o5T49Y3Q29VHsmB}q8yf=-HXW$rS*R2hO2g7PE=POpGb z12A~u?~puB71XuLvn}aOGaC&U16w`~2#FWd*a9Cva}Ew_AQD#ZYJ1YS>u9u1=i)Gd z5MYQcbKd?j>rI$1Dh3`4(zOLzdp}AWGLsvANcx4ZjVSE7f9B6UJ)|MO!F8F#fI%|0 zVMm+qRag;LlC7b@?-b)DX`Jq@0gQ4t@EKI873~kfqyV+XK+GYlzoGrHGuOj-5jR#|LA=bqPtu(gw&A zkS$Y%KV1G1@o|TCcuDfCQl==~ZiZKP+ptwHR;Rd|vshMI2j&q5;zEH)%ea%)VbSc9 zN+Vp~wwUqdO`Y}1KxJ1(=czp3zJ`M@kpXEKA~!BDZt3=d5l$C?f*Wlh{k28KIK~I@ zx%yP8rl!pP$o-bXy|9(CXZEDnn>)G8erMTxb8;+5@@7YsqHY_?MbjhP{CyCf$gEP| zq+$V!iHI0F#ydLoFpX`xS$n*0Rb5Z?f^+8J3>(G^o2HSCLUFX zVan(Qx1Nm4T*~Tw7ZCVS#ItdReNK1Sd1@Rd+3>B!_W4Jr4x>=V)$Ia-|77C%-wj&O ziBb4%WcmCz93PR6^9Gp*JZmoQDVR@YU?w+tXE&7?5xY40l)a83nJdLKDkCxMN2dTz zvuSA=7z{+=@$iG9^sn^BZQPuS=@!~4q+35TfkbY54HR{p&2?9MyVU{`tW_`A&$EeE zs@Cw41P#}OpYDzU^&E|#;lQh=(Zr=EDPdGeSntOBD)TiiQE@%3JG_)<(FkhewZyh-@88i9xtB~@Fb zX#UASBBV*Tk(M58pza8t;Na23h=De(eN7Kwp+qeGbHLkzjN6AIBFg-H6EcTJ-&MZpZ zUZ9bbe#&z?05!3ZT%~2iNpCxt`IP4-l=gUjO*ebLNOiScwSse0N_LXyU3PHN(BcBF zf)tXtC?fGR+xpZ!W|=AP>Lr8RxjTwd*A$lGiVyF`n6>%wGoq8sm2wo<&!88<6|&0& zBhxx(nTlxdxzn6R*~^fs0q-`8@#lcHQRK&fNUv zYG*G^m$x74^q{-g&Q=4$oPbV**cJ4_`_F{TP3|WHzOk3Il0zBYzomKh6xyE3SSsPu zbOCbUTU`QF!{>$pKL(cbCY_qv-|A{YhC>%0Wfgv5BRVm)i0@j?9Jp|i(C=%nwndt= zIEcL&jUl+!dgGhS_fxTiopj%18#a=vR$^${v0PLySO8l75;;YE+K{Yo1h2gT@;9N1 z8ZlF4T;5Dm{*=n$42ap9h|drC?Jk$;21z)tXLe!oFwYDPF8!{mCiWrRUzlRDTh~Z3 z!W;vL?j0I|X&G;-C247Lnu4fI4XQc*lBCnZQQNnD*KA#54O^{aAouSC-}us!E_TK> zqWID#ot(<%WZ#4WEIYrh8ac^S_VX2fQro2}#N@yPT_2It6+JX^+jxlc9{vZb_Yc-f z!#`MO@~F7Vs61^Ds zU!6a^LI$l*FXtZ0W`C05UHGemA)p%NE0YDp;{>W;ex(ewh-2Y1~zW_Q-pOfk>!Lp>^BoHlX0N``Mv*d?v>D3O7$Oy z7@p8s(}%0}*81DWV&$zBn8PpL51$=(RJU#)Vhnpltj+1HCt%~J;W%jLF1gS22?SrEKccNuEP34XW|GyC&z_e$1RCxCUWHpB-! zqc#r)o95NZCzurYBLJB)ziSyPFccc)+H|Dut$}D3xNcm3lo}Y(zIv6AGQ!6N7 zm$R=0Czv`Khp#ThGtJG$RXde*zwvTCwP*#Mn>fCnunNw`tsRm#tGr3<^{jem?CAdD zML(p~$vB)!Ah0FQai~gvjZ3K`a;1c=3Apaj|wuaiI6k?gP0`@8l_e z$00YP?TMS%uF&wWo)u0nDx;e_rYh3RC(k0O{rwc&3_^Rn#HVsJO#MJ;_`Xy&n_h@p zCIG3H#Tb5Nt4m&A(x33GZGm#dU*4GW4m*q18F(lS_C4->lacyUDC{^@;%ll-Wr^TWd5TYSY zQgpn^mlzSMdtt^cGM3s+Z+qagbkTmU_1>s34qLTe=h;eRxJ8N4iNEbQ*}|0drEXo?8&&srd?36U z2)ht3;{x7=P_{9c<(Mq`nz6=;9qsyvqy&>8v^{4lIAG=ejrwf-&DVerST&k4m6MAJ zM7~uOrn-8P8V#t3Mvs9E!mauORY)L2J{xYIQ*ZpNeEwGW-K*9p>Huc7QJy zl_NG5O76?mTE!CZq?h4Z&W!?Qa6*4pyyQB|BU*_*a0V6*a7nTOm5l_NBr#-RsW3f8 ztwf+4m=EXWrMV99iz#J^QjN^hBXybQ)`lfJ%}wn3o-CnfD|*KkA&T({xmUs6VAe=aZO5&x*KpuCf1k!!QU6@c@V@w)(c|GmNiW<^ z_0)udLTCfVQgvpJO#U)nHC>TIP)GKyYlC(%Y8?+dX z+0>)MvEIt(3f(_>Y1#VnK=ZQj#guZP5~qg7^UI{lipb{TJn}qFPMb9%I-hu`Ts;*H zN|R@1@4?(7>llRc*I6o+?z%njk%iwX`?8n}OQUDOoQrXaW`=FGB1|JUP$NO0KDo$F zn@ho=kUu2=P8ByM!8f&o!F;+=XE9<=se2$)Zm!U`Yd(xOTuI|J z2YS`>%xWY&UW8SUF@a2<3%t!INao<5sHTQ9M@X~ZqoOg z4756~z3z+5)BPCn<((dW_a5k{y{acyiA&8jR%~58Z%|yVj-rYY-#d7|%h6NU2ueE~ ziFR6g{awmQn8HK&6>>Ws*U3tzzgM3&MbgQ{n1bf%M1qQ=r*9_f%K)<0icXrT!D|)| zZZ@&4TlF(ADx1wNq}hJMl#Vz0rdqMD(uIW6N%ILz^D#&3j9M`=ch*6V`AhBG zTZdV0vTl282^ZQitUr^oxtVJ4yH47zoW9t{AOB$K<@}tXL)1T+Ui_-Ft!TyuBRs1bbG{W=h)ixv!@GbT1ijDS{7SLKg={KZ|9=6cvp$ zjH+ziswqxtC!!a_Yw(YtG8vF-rVlg|;$)f{aTpR0b8g2NZGwGqf(vF=nK{99UjO+e&FG~52ddotw`ccfA8y6ziMOBWULWp+O>$f z$ZeF7S$%g``j`C`dNw~}xqeD=@b!)S`S@+euYtor=r0QA-<7F*yQjgqvp#ZaH=j+8 z)9yA|nK!zmUu;lwt3Je-u0(|XV2Snr!P-mtB>3?W_{Q1JJpkJ1d^6t1lv3{L7u@eT z?w7Q=C?lisYh_wZ_HsL?>Wt_>BvZgS=onXQ3G1X)pSG&Hy!1{eCnpR5T+-oT;9w!JYXo(C)mdt+cebQq5ynP5FH4 z90{3ONrF8Hv3MQ{@;DzlGYV2d>7=&`CwJwkMF=q~H`rOs3;C@g8otUrH6=;oMQ&T(fy=5x&T1ua$q?HKv-9Pf zrJvr-mzHM}Gl-v#9l0zngp6_^A?O+Yjj6x_!kEHdqJ6d5;HqW zf5$z!CSfubsy6tgv_bc9>S6uy>)%H5JZ4o@;Jm40(99DdavR+WqiE0@g9_?vJAoZf z0ia70G7jPZITJnqgEcG!HSW2+#4gu=!IHv+OBs=+PO>H@$JY3w%C*?0A<{Sq$YQ{a zP{5L5bcK3bl6Yo0cMtj+(GJ(HVUo;kV*BD?t{Wjh+8=4i+f0`RcKt-rQB?=g55c293=?lqIj&rQu#p7thNI(zmpYKoIL**5zIfE&Ci%;v+j%yp;)C`&h z6UFG2WoaPPDlJsAn&6ZHjUzv?NQ=0iaLl}q=~uQ8JJqwj$RDkQ$>u8?mpVy5e~DZr z4ZDXBSIxtT{%Vq-@w@#%(gjRbprWuM>e6|^1ft~N=D)*3u>HZBaHwA}wJqRAk3i=@ z$vbVbEkm;bp36U7tgyYG(PQCZxB6$!MZB!hZPj@h{K6F~;-HxBu{$ ze7jFLYkCv)u{TEwYE8r!$r7KNJ_Y+{#7!H;mp%X_owp#wSihq)5HAsa1G0Lr6L&OzZ4S z?-p-QzjBP(-JpboYxQ2Hg0$dFfuj3nShg_u>38Kt0?j5s#Ckuzj8#MMS`3;r4F)3W zen;&6$?oT;2TlxvGl&OK%+&i~gV$l46F~EF02jFw&oqAWH$3e;yAFMIoqzo2XM?^) zNm){BrCPMlJ1HgJAdW$gr93|Ar1R(cv$^1MEF%8vY5yNzWD*lwbK|bBaV{^AU=bA6tFR}Eje za6Z}MN-e7GBJHUC{rC>ah^OQ{c=J17SMh6XiYu<4 zy@{zbCv#G7i7Dysxp2=D3mWhUfmC#~O%+xKmJGfLBgNs55>?1bRq%7FM#j}I;|x5C zCMNT1+%Dz$bAEKRpUjj=Pidl&x%*Hjmig_6KP`xEGPEuBA^B#wZJ`OFNy^;@e-%;V2v*?48IM-zah)|8V%# z(X!HF;$`do5CCWv#jxX8_0qV?xr68P9hcc5 zz z@OI;xW4u_@KMDYL1pc^Bb~O;2V_u=3hA2+S23RRyzqTL#>1=H)k@clU`F+iT_uf5; z0)2<)N^k}@rt8--c5+7r6GP2EPzImMUsjC5dAn|7P7 zm0ly6qN>WdgIxMCn6c&W*t#v^XRpZ?ls@pk|2-&DaI!ShQMKE8ceRys6d%`NJMOu> z>>FWprE!g2i#ZS^E--l}{yo%e(Bxi+hD04-#oDV##mAe%9ZUCs2l|75vR zq>-SrGI}hh=G|s7rVrN3-1t;%srBru4{-v}hg0Wg=}dVoN4bcZSO&F|I0p!*Z-{C4 zF~;9H3u`RePD5xoo?m$MlQ;8^6cGy6CF_qqozk;@?>ed!OthYq1*w^p#`I(Q1H%?S zFjbLMH5aQ-04*ZrbzXF5kFqkD^j(Oq^Rv)NEHd0bSe`*cc`v2MI6=VYX-Qb*AG>OP z>L&*+H5_Lw$aOhTiJFo-Ni9w^K$sP~h&85CDG%pV%KD_FwS%;1lN4qY2S{=5B`M%J z<0&v9BbPo`1mm2V{}kM-ojcT-)=6nOcrFZ;kW{XUPMX%v=TyzTR&SgVl^r=}VEl#b zs=m*xAh)4>B4zC!DwO5wst4uT8}aWa^_bJ1+_zuXuD3DsV;RSod$-M|h<@BlIxt>- zE#NG%zy@Nx@9fiyV#rM?q_G~zZiwD=j!~JvsMp%p@b7| z;HpA?-kztQk>bUaUoYJdnwoJjgJ5^_;T%32v;8ah3d{FKyU(|(_h1pLfH`#q4SVQTyC8s}xm=k-+IjJjFSX)h5R^*m{c zAq(W@rIF(7qN#`mf-;>|;g~rm{TX%%^kD%=q%6JDm4Gy6qJ~vzNjLZrTM!`qTr!%? zl~?lBdS`~F@7IBLmKC58Yx0KnPn9ag$lDD-639X4W{?+zfGh`h$Uu$F-6RY@lLU*iEr#m zwTpy-*zT<8xwLP}n~0~4Xrp-J*mi4X=lPc$zQf%-7g_l6S(u7YOk z>Ef~&temC&b;JM3kYj*7a?w<;3>kUh#gT(l#V9;f%JiZ#ZPTBg61L+#JDLhI%ANNz z3)y3TuQhl)`=wAkiwu3}hu1z5o9&Wr#1lUQGc@KX7W*-kF*)HgcR>dJac=~HE{5P2 zsd9!V;E=ct0-8hirQjQ&_s=BX(x}OjuCN2(F|LK{J`* zj69ddcTr= z*z}>^Zk^^HpX^p%Xe+d_6c4{KsxtL*I;DFa2aI`4Dx*gY;!u+l6W~mI%n4}(!5OvU zH3!SCyLLQ(BMSp0zez^-R0xZwENK_)tga3huE&p*)6}}?9UX??*FTHv+P|0sMc#*r zv#RWhiq64AM@GiS92|s<^DB-@U+_+A8$uA6^$>!^|MuPM9z~YNpkI=6&7xG1SsL8ntzhjxd3X12*_XU5jD55Qme-Zt` z%6UEebw|x~`uSRr<)vAznta^R@5=H6`97)-FF$;v|GrDJKZLr4{i8(w z50-KX2{R79B+cI&=KqYp|M@lgKjstvH*Un%en^!zYF6``tZm{6vP`LQQmnmbU#sAx4A5eX?2CM-^MglV5)x;Uc|ihp6Mx}GYI|>3mhPgPxSocVA3X3^GR%nnVg4ti5>K|U&{45XVbU7;)fn~9pjLlC*1ZV@X_7( zsHwL%r`i+yiFZhuC#vPCRWvj88ByNAY+Y2``10Zdcf?MhO1WxC{JRwFnj^S($0NTj zLd!BIson|F6+}HXgxOa!(Mz2`JiU{ol<3}=q@jZWkM91Q^k4_9iRS`68C#T6H?+<_ z{djgr>@{8%!mi-ui~|}D&@>&R%`ibX@+W%}4IY2sU9TZ(Gt7#A@43Ou$o7MyP03`X z^WfNYi001I?CMf)Q7)IJBO^vv=H;#OK{-(iik8R3U}$L=4wL*Y}qA`FcWC< z02-q%BGJ#h7e0gKR3$uSxwW<8sU~$uHI%D zve(*`G?Az)Sz&O#|@=9`Za8NF5#qoZEuHPIAxT*dp$6H+Rj zGCcSy7AvPnYOZ!~>>&+tF~McMfl_66!4r$$x1PLMJW(Y3q1zL zw|s5rGNY<#&KwMm_fdG+7Ce+)zlk;@6)N%>UkU3fI!U$l(T2m%6AK9k5o1@Pt4b66 z_zb|4v5c)-gZ=W9G$L(un&Hyu2^8S)mJwlB?4VMG2#oB7Xcyd~R}a4cJJ_B*eFSGG zQ~vyMsB>Gw$f>QLtB;6fZ7W@B-RF=M^-lDFP^Z1qqY>ew~(_n=UyZbaS(n_b|4nPkx_*`u0|aGw;?W2=rb%ogroK+g_Dj2 zdZUb02seO+LNYUB(PIx-g!C^{^9{>~+T%s#aV>=C5E@^+s5hA%Lj@h3R%2siXw z62&2LUH5Q}Ip=vpp=h-DQkc<49fOnTCc12oNUj=42)T`^K$)_X{Nq3tgdxrHqg?ijZt? zA2T*S74Klw*jR1^yL=AlWAag5Gy`PJq*jXCqfom!w&mstj=U0~EG9FUk(_q7F)sdC zq25@XVTFgSg_^%d%=~AZO!JiT3*s(R_|@@O&;A5&t!!YvKHNCa@S-n%$hZWObXxAR zUp4`T?;xgz*=75xMSrU3vs^$MdGV(-L#b5D0oT}JU;Iv>bS?YRp9z54fF_^ai{AW?S~CR4WWutxIvuloKo{l#NxQlmRBos# zGiQ;}sbB&j?O{vrSWiXDu6=K5cR5cwzp~3EN9(~m3#AAr1!%c4OjK{nzRXPW%At;F z8A4L>L-6HF8Bx19C{_IV6a7M!QRg^i+gTAVFyKM(q&JV8XRU5aee6=aSCJsfXL|di znNfQowA>>)$E61_4#>!qL{v45t1$d{%k7f@an$wy{Eh^RJJk|0j>do=s^@jtsqtR8tE~%BQV0FPTGRfs5)5aJ+dp1ExqZlK;{J5^Q4z&U+cj(tiGh;%@H&g`BX zCN+ZS2n-APKJ%Vq)cw1aH6Bbd%NzGg^Kf_EN!r_4XNSIm7gxowYHsurCcbJC&Z3;s zYIh2Rt&HLoa7psVi5<+M7STpKUpCA>27X*&`xz;!+a_EQ!eq2hdtA4~ujU%>9q>)ZB^8KnUCiQoVRtEjc2Gf;C4f=%U9fjP zst`!vvAfU4VFCW)J^0(tkM-kl84q+=)WpJr@2nK$u1EHzYI|PE_3*{E7`A_FqrC_W zt8SCHlMvvU&$52fhR6z-XI3;+g(=yA068&~hkEfeU*;DM4N5O6u!KHhvEVjeGYE^B zHR=Vpzy!-LpjkCjS~x+1bVO1c4f|j0&0;%+zEb7!NEpfOrBZ3e{i;a2m(K1ycowJL zc!u@~=~A+px`GJMR6H!yt8sG!ANhSM?W1jCbS-wU7ZC6=Z>xPsMD|2?p2Vv^ zeRMzQvh0d=Ex}=-THkS5pSy9RMXOq^tPe^eF>~=_bZ~j%Z7GKsLIdGY$S!B0(>Tm$ z)+ano7oVYxxB0WPa;!?(rhaCq?9>2vOm4SMIzNwWeyw=!GEu*9xn;$?KmVI^_FiQ~ z*ecNk|O2S_^b`%`h!y~CbYLU+b6`zmxp8H;gK;jP)` zclWo64%YTEf|R=M!}oc-+n2oewE9zqlH621`YsXCNQ5YxY<&Dc1D5nM|_TLQm@r9UaAVFZAduA+t=AQ&Vi9z>tQ6(OA*vQk6(#jw^Fb}@;)PJqJnAy^w&|m%}%cddBcqGXAnH`1=cz%73u!R zs)ABUBV;6bRhQ7IQ2U)KdKp0H*1PwZ}O? zbA68UFr~^0Vg0S~PAoF}5xqq8K&x;z>DEE!-{c39!Eau&jluMNc)h z5~qwxn)|!UMCY;*5q3Frmsz3@RjZ9V^7QA8-%Wq(i&0!Df)@+yL{PS-l=qV8(4`O2+<&LM z1e`*5h8fr+i^_R4qCY5XNw_>lyO0Iv{B{{-*As~OF4=DlxpHJoiLMg#cb|FY{>VR6 zE%p*!b$F%y+dnG$-2{CqZBm6ScZwscPov_B<~y0D_7nz&jQh$65S%tdFBV;&5TZ3a z{0i4I&v(!x*%xP9ko>j8yw#xG_D2dVtj`$riYD(!`BIwsH?y2yChW^ist&!H8hX`a z1$^2JQmP0xIRL|fD1XEJ9{mE&5ciY&yEy|M@VnUqpK5}#ZjQpnSM$05>)QXy zYYyHgjDdv}@(qP1N6yMactN`tN8c=hJJO#y8Yo4RpDBaMa$;XAvM;?)5MQADaJcYj(EB zetQDb*n2R|r3n1foY9CclTd=4hK z(PpCBF)$t4t3>`HsE{ya;-n-WIgj+8agJ^laaFWkBDa^9e$mTsb&CX)#97 z*@s8~zyso7mjmoTl)Dk_5UP8V-K6Thl@>xEtN*wY}mMu%=4_})dRxk}<%GER)W8Bx!jCSQ4PbNie>2#JP z6*Ytd<$1b6FuA}8(d%~tu3-fET-coZN4;dD&wAd(^Dh~Vlm#axAltjb^%oHvq zzaydfWmIot`j8(c9+juBVd`%9YmbVZrv=%dsNcNo!l%HPlFI`Ez*!vvoC!%0bGcn2 zOIXQ2v{&Hq>^iz05B(kr+{DwZS3&Ab6w1uTjdP;3OL&NqF7~KwSe<{3;ELpxJuyU&|Sl263OECK-3{bwEa&>#0UNppCE@jVUA6^g^xUvthVd z9KyTNrv>r08S)gv5n&gwFXJVLW^MjXxW2aC5R2D~%6cua?Aq~x{KrJo1+!(HV8pOF zLA9W@QfynrM6ss8Ld15)m(hZ+_*D(d=<|_=aUj)BTl}zlt6K1ldXMWfr5t*)U7wZK zfNE8`O(QN!N5lP?l380&oFR%zx+YG##JHPltGwUbUZ8nBExU<3MXi#*H&d%U4hCh@ z-gJs<+WYK%AYvjbQSRvNkCqy%9E|Bvt$z}Tu~D+F_waU=6PVhKa+2ssGu+yJnHt;- z=;8TnI-sdjXBP%2Z!~t$kR55DE|MP7sVob90(jsrIXdraQ<6Ur1TKnVSrEZ9_x`%d zu3;n+MYcE3u$an+YKCzKl#L;;1GI$CQLZlSx4JH3O%7lVXLi|P;|5}F@ezafXM|At zH&qFWhBIu@X)E5>WRAMWl0w_P@h|*fMy0xksq-0`TJ~+C5Lhn9-N|r-LzNxV`ZrCGd|poW~~$* z@hgmOS#$?6G0g(qDrL*mhi}jdMNt1wo{OGr8hM)cCF8voWK^^X`wY}xBzAQ(c)2{P=MxX3~mdfe1%8(bv0kWWgd*TuS z50T2y*I~9E z`fb#qL77_n&6~vF$AXVF*agH8Qvom_Z82zEXy`sJu)~ojRJ}*tgY8**2Tnm{H?GyH z8PfuT5GOfa7(r&qFGaX=AE{Kf*DH98m&CUERt=TsyQ{S}9(HjciXfp^hgL0v$e~)T zQny+nV|2)VgR7HNeeQ|M(Cob;>$@DhHS+Rfy-uV4VT*xMqcuI)DPY-qwr)}_knb=) z%@`d5a?Oir@KR7MaP#H}Xu{7fnKaHc4bPd&*;r#?9GHH<=+0w!&L5N=ZJXUz)a--v zjIL*|htIGHX;UUda{I5&#r|^(*ZspVgCfM{Q`m|LD!E755p^p@7$w3tT}$>~Op5>I z&>Jd>Hx3m%>%si#_A`9_M-I;3DPXq%)-Vu-(Z9=^DgG{Rw)_|J=7s;Uy!mg9SDPqv z{V?^>FN5kO-<8QOo=M5(jj_}Cop)Kj$XXtkj6`uBwW>SzJ=v%MUlRMUY}m|ppWSeC z^n^*u_EUo<@Uc#*_5_|2W0Xyl;j728kIE_7NGsl>*QG9Zpu7)W$ZbGJ9Zf zfCe2td6z}AFf?~t>mu>=>=_-|Q{ukX3jbcLJ+EW4z_%Wg6{$0(4ZCW2s!(0~atuR! zF)0u_EXvM7$*Qsk6xo(m{lIxu8nJ15md{QA( zls@af(*4|X^~I8tzM#zZYuXkx%v^6#`|;Dq(XK|TE~=^JJd?jN9w3_>s+y3E0JzUgw>^25}X6U4do zRF97z<7#BYXlCh|yiA0c1q#gkm{+d#(%$vZfB&v z`>LNnNk)lt9;YzX^_ghbwI=IJNrKs5( z98$2lqTwM_ywkO#DpM26KZ6-DViLsDXKJB7k`39M+tO?BSNG_sw6C@2wKCKE-~rU0 zrE3W6SzM06JFB-ZL}6#}|nD{b%vX{uVkF*$SbCUh}R!WpEV zGqCHSPz|ZIndw!Qd(P0qQaAD`@qNDSFNYG^-U^{=vdpZRKeB z{G^=0L?e3XOQuEH#>-{N+6C^S>S%Jq!Xa&KprkL+lnY^A3T-6PA%HP{nE%5I-MeEh z*=19#cT-%fJ=H%;#Ynni!dGNusSm^z@%rsVs9yRl$94@~NNgCEq`_HZ2NDNm;}hBM z9tklhk<+mZxJq-eO7VyOM;+LIVq~@|`}*Zc6|lqEki@u>t;$dC6Qyouk12x*v!O)Zxi%yTqJMMr)vlr1{2im@<8oat!F1;CT~!I6^=<#ujU zLIHTo_xzm*+z)zKgz@+#xI)GbDLsaWeW`u%$1T(;bj1*E*|@2|$VO%!lS0F_d34U2@`))}+WWwOzAX{A6a8kV znXgAf@z~yM70_@bj~TZrm4D5N@{ciLIXrnWWL;6&=zkQBU253IVnnWzYE|JIXVzB)=?q#bw$3ZG*ku#G{PI#&#^# z)kjY?J=u#4^$DAoo}^!87H;6Ug$54$Sr=>;?=%xzY;n+|YPD}wUs=cEIryd%o z;;;zZMq$D+oN79UwaS-K$~!3=DavYF#Q=vwIb~&sz{n=@>YBJQtk$vGmG`n6Ppn@W zzaMmR>S@55pK}?ec<7QD_Q6fJbZMxZDTVj~Qn^>sFg!Jy!T}WrE)5#E3J{>H5JfqG zTyV#vVo5LGNFynw$kw5kxVQA3IO-n&h{8QCc zgy-|DCP!o$g_XsUF`ekpR9?KQx6+TAO+;KH9%<(*7B=z>8y7_S4RO3Lrb3p0coZJQ$W4sE;k!A7 z59}VOmVIm+b96si1SN_(w-9HH66)~@yg-w!=>jzre!6|b$Y8j3H+QynnI*f0?kuMkO<*E* z#cYMDZjcprZ6@iUOf7w8!6h)&)%dBw#?r1@`T?);^1XW2)gd4f-J6v9xN&$Gs2?34 zC(5oD0}!&(@40U7aCB$GgnWQ&{&5mc`=)X;~l> zyZwQ(CERrx0i{V!9!qzNLIQ^O`j;Hx!NZBrndH6SCkFu?16x%BbyJ#7cooeej zw+`TKrfP18p|g?tMc=3&8LPO6KAiI0Kf}KIQ-OX0CwgZ?>^TVFV4nl#O5a(<|C|>P zH~JCB<}?(KjH8t|akUejdB!>^Nsj&quzUv(<*@H-s=(yMC$4HcQra7vHSvl$)hv6{ zU$l-ghdtlA$h0o>fIvZTBtkt#EvL)BnqR(gW&ms3ZXfe5d*W(c ztB3o4|F{SC4xr%+`}w(~;ENxP2<^7uD~%MCcUoa1(X6r()GkXO#K*2r!I3vgi15@y zVMbh(PSvoA{%2*~2zNjldOcczk>aH~K5W{y3|uzho+dt;&9)<}wT_p~l1xSIFwo#U zbL;aVa^6RcDrQK)9K|%pfx}kru&Li-sIIk80c3A*n2jIwmJL6HZROZ*)u- zGV#mvi;eiXLj4y7Mvrzt5}g)ZdZZY=&>qiUM&W<@{hzDU`d9JLe;4(~ZP*`wnuY6k zc7iu4=uYI1mYTOq+hrsFV9Be1?Mrjhe=UU6cMUcR!kZ*UQ57B*{Qlc6CEn6L9U@`P5+FPCdAzNqIb+OoFXZzB4h-=6x+d?bs> zulIOHBdPf2RK{L-x=7nK=v_|0>l@E;hD8CS?Qn`23uR+6^oGi`LZ`eK~)2j7qDuet`BBEhgVHkTBgG?U9e41 zL+_t`?8(BG!u_IgK}(_1W}0&JSC9-p5L?jMGrAuj{jptsgY25ef6*fNuP34{*=u+5 zbzxb&>lg8`YA7mp<%nVhVtglC&8gg%xqCET-RgwTiSB4JruNwtA@kY<7y13I$K^|B z*?d~4AWzdk2*#^A2*%{SvJ2P&<=)v5`h9z`xVG_Z(sPNp^56D!fvm{ym(bkHosjWI zfghB9cmBcp7$RUMr2e$xYtK`BE!lt1>UFvWT@_nW4AIX2kE443dUL9b&HJ)jZ&QJxv(Bc1X~l8Z%5ljm^{8jka(dU={h%zjx8qVJK3sy=TeCtp*U1fxO63)Gx62%P z!-EQlfrKWm5ho18c0^8|Gg9K6CXbi9`|&(G>*e4!q4Xv0ib)pSV+OFSn&7b{WBAOQ zHWvMgp+-i#HbLS}qlKrnp4s4kYws(g;>xyliIN0D8WLQCySs(}1%*}c;3T*^1PG9j z#w`?1L2!4e!XX5!LV|1I?(TZ4PfNPbIDKE=^Uk~PjC(T%Ken;fuDRBldrkYkKGpLe z>Qty;e{Uq0h@_S*Wlvw+;@)J^QG-GuAZd$o`{tt+m=%w6f?{Ey zT(u+OLx70B7|m*~5-**a^K&r|rT3L{x0=gpE4()??K|Y&R7=-BCZdub-We`BbEQR5 z44P#XYB4#o$p)JBYphUS8lo`Xc3bh?F>Fi6^6F}OI#lCk=8r9J(A2jOkYSW}Zj+QD zrQ+`8nhGdvn%`n-A?|sn^I1%q4U$6HSkiWs@$yKAM}IV>)x?*9QHwdo9G=T04U_^8 z9x1eP2@iom!qIX2b(tp4Mb*|1MC{4y662~2q_#qYDDm|p*Bzgft*QADt^t(z;;Sa; z2nWKVdr#<;(}s42<5eo@jis}IUXBq4ky%^E;$0rptK`Wjs&s#!#XL1Lq+Ul)haDoa zI1j&|WGGYXgT7QX3zuu)31lAdz(K&${M%Z?1qG|$xkhswj>}WAkkW>Y8$cq>^HMgM zGYUewCZ?H}Y)k-B)dFB1OA!;wM2@dK#8FtJpYG0k9_LrZaz8Mo4)J(vPgJBdwxzsD z^oeZR*Fdh^y3?~Gi8cGq3nWk_Oac{DOEVb!U^YAqSS5@_)xB8~sn?|SSQ}^MXNJA9 znjR8(_Rd+Jtc$1EaHWv-<3iDk1q-wXhXR!)GV2SEqlgq~Nhw}C$h0tTylP3{aeee^ zsPJaSa4y^M*ay~h&Ig$ieqiSAeeoDY8d~!`Xtr=?4+_gKooOgb+%LX?JGdyxbsFV? z|Gda53)|z>CAQ`qkEd8r*inqDd-eXq`+&AIbL&bgL;07{W>A9Kj)XaCiR>r$wh8n1 zd%wsdsJ$~9g;>~RI@J{-$|xCEw~4dWeZOWOW_`5Jx)4H7)Z@#4FqFn8(+V8S2M|9w zHhwk0WX?Eki08e@kC7d70OJk`iGSXyh% z+mD{+TiLlrvsEjM6wl5xCJMHnMwhOc83CWIwwf~_*1TOW78Pi)bD`KvCh73tUN<~9 z=GJPbWWdf{0$uzMS3ONq1%gZuV&$hp)>tmZYO0DcJ_Y+vVPkK3G$`jDFvDG%o^|!nn4g-{;@{>+)&;zP#{P&Hh)f|GzFr{I-%&U$x)=JwYdZrOf#9 zl}h%=+7(k4JQ8H1Itibg+9VmiFW1Xr0f#OK>4oF-MZH|QPa$|0$AR>whXz-SXx5Bf zOpieaj)#Fhk=mUA7ZJRUGE*VHQA@0aRJf_5`@TzB0=PGlv#WnVla?VC!b8W|L&dRS zHQWKqm(aG#Gp{1feIF@U)4r;h8Z;-`E$fRf3jgXP9xLAxe3pK%O_2;E89hhm_HA8> zXS>sIa�^I%L`YREo~a){}*F+LP`?zVV`dpyz5UHpR`NZW@RbK=D~oIvY)sam>{| z**klhIMTmt8|vWjHudF`gu+ljvWt9CCe4#wmSF?_D4dTii)B%nL)dEwM!rW}g8)gd z_ouZ3mgI~`H=Xjx?T2MNL&WU5KwZs;^MQWT~sSl|GWojlTN?N?1#}k3K1>V!KZRIp% zSP+e-KuCk-LutX?l64o6%$K*+#|f;qmdQWzzV~4xdRuG4T~L7m(ew@N;Ia#Zg!W~v zU(h{YIp@PFSsQCX>Xl-*An~=sJ0y<476EyW>G{J=3Wx4MG~M&L#GdWG&9s54m#Sqw z5|G_$Py|hpp{q4R-66Q(4@|K1c0T13tFFoVN`1FJj8ya>-Gkrl{iROa6raZ8b!w*v z0u!(^(=*&Gm@f&hA~a%oGAe*Wg_`g1(dKWwh+02dt+tUlNYtp!n2pSflEQn}qTB8j z&x8PllF)Ep#X`hG?~p_KdFeSa{Mi?437RKck@KamipydPA{gf#Kv-s z)*yQq4tv?qXZB$$1)%C8KdaM`YB6%G&X=N;V} z7OZM!q@K=sMtWtcymu$1K1z{V9@7J{_0*esn6-0jq3l()y9NWxkd;59im)d0=%hYn z4~TM5Iy0t>d2bM)8FG}upb8aev`_tP7JrTAF^nNpmfMSUK19;*^qCy_RU=YkaZ%^X z1V>iAi+onSv#JItS6y3^R-AWy5KM_;wB)gX*Awh}5eWRB{r+$l`W8X<`2SKs8Sd(qi~lF>a{UnmtUEZh&SY%A=n}tw#Mw;$U!S z9ea(7SP2|xt`bTXkbZmxKoUWNgy6XKfTW#S$d7YSihiwq5&aA+fdT69Qsn)j2Gj$MRu@o8dvN!{OHGNB3W zygg*2Fhc4XPrECKq7|5Oxc4MXZ3nqfysBT(R8>5PRWi>vTVHh zCa+e1d3g3yGW@u)mCNz8Vf$DS#pBy=+SE9Ld2l6Nf5iYv?mqUev8TI2RRUgBnP%^a zZ12iXT-nxM4g`uF#P8T1Hvim}$@0GE^j0Fu9L?zY;9W$xdJ*n%p~5Ey*}6t^ngdj5ozOwYwvUrf86=TBp9e8MUSvWCoy5xi-1LAgOETvz0># z4j(aes82;e1qUJ{qw(cu(AqZTY7NW15aJakuWfgu>4}((|L__5{U_;<$7)xP#W?xs zdas7zTW35+nQWGO(Orwlxnj+8`0OWKZ;!RT<<$&I@O7>>&<&r-4n027_6^oWxdpwO1 z!Od`yC;j5niB4cDXi-`4$Kx*x3J<&)BL?Xj@F~qyPF2HFMRuwmKTqz+aK69o3s3mo z*uPe0mg}8KWZ?7R786EX?v*X<>^i$q{V2&ox{v-*iIEw`krrL>U?s8$))zS)wL_IV zwO??NLCJR?itDjY#`$tM#G~RjCNnE5HLwKba>c+;W{Ln59$nXVX6e;by0|_^TSr@d z$lcSC)JwXJuVIzxjpqGFjSO0Ep@;Y=pyjj58PLW4RnavXr{GkA_pR}3w7f-kfeU@p zLtT*46?^nK%CqsN-Jic$QJvrS-apD?`CB$X%9};25mdmp5E-+;f(rQ7SK_%!{uJ=d z%%0YP0;jZ&8q~LQ_{U4s1Aw&m_6yzVq(gpdSU2 z)3B1IzU?_te(Q5R>AW(!y0lB_9FLJR2?P%nYX-{tlp0-ca#P<^sQ1$v?F;xk$I)L} zRc`27DuxpX#s8`&ci6CA#dyF|Y1n12i26)zfLhY5B?R2qhR=&;k{()*?vto~?JB!q z-8qV83^e6nh1`7|YEu@tgD08J94a%QnefC&s!)I|jfl5Fd4bpst3rrAto`c49jHm^ zUS>$-Gs$@mP)i}_j_DVrPWyEr(#F&^F5!4V; z8TE)U{Gv5+qIsUul#Xs?K8p^jeWa(pq;E>8wI5|`y{yx9TD&;qGlhc>m8z-lv3@cZ zS`yH*+x2cdY8-=l)r`3!B=~Z^3#A@|9az%)dZeuyOC8MN+0+YHJMR>hIJ0iA;9ERk zaZyyO#H;D$41Q)-Uxi7_vCXLt3FhVVc)UvwQ5yb5Ff2cFGcnO7&+LaE#G^CDS|R*S zQxzZ)YrEQdKEX6}+;!3s5%GlXGHO>J_Y?pN4H=2ZvTdXfnFOIfcX3 z(<#~Uf0zxZbIqa%wP3NEr6t$piPl(GzgiU;Onp?-RXHCOmA(&LsHn)CW8=Uk64z9`I|~KANS#18gJhv=?QvUBS#D@UAlEkg}&GL`3%ph%cOvi|)HolfJau z+GsNV((J*S%n1=CC3f_RP!yEs+4cuH1bDgZ@fa1Ouv3?chne@k8ZUb8Vr`OV`{VZtjyJ-6Bm^cu zw%fQyGs-dDLa+=39hbBB!?m_&Vo+`9XwA511XE1E5*0kWT@qsZtq&!iIfmKI2G z9RTX6=!#_11z#njqs5?yrXN`j439t^N6`2<+=YGrjDIgPX$(T`& zsh^Tk7(tsDrHLx8VkLQKnN@K?p__!RH(3;T@-B|3U*$)P@|1NXv`_4Zd*9E#OX7dZ zEKu_dAMtHg`yzXAe^kw>Z`9R&RRKa7lcm)m2hfsiX(tix3ZzN2Mcx!b7*9X~UYb%H;e_p>O~kW~wINXn6D8Qk z?He=PZ06cTT1|PWe#PMJti)nmeXn0hqeRbx7~!D=2ZM%D(_uhat19}JAevhbv2du{Eqvx^1&}A^x;cGJG4(w( zHQF0(?x|Qf_?T19KMKbnhWL}2#Elo?u}?1+3#?vNGaW5IP+cFuy~he?UHAJyC{-da z(|#w{Y>`$oxGZjt80{k~_y&HDMVMM06AGO->PwMkY^LCIh+M9PE-KsJOe0=0T39;b z4AXkFp4^+Ee|ZB%J4{Gz%yIf0K>3Uk5bamYJW&3Talpe!CIW{ikl&?1l>fxAOGDZ? zypq^0*#>E{zgHm8WHRP5+sgl&Fu6o0VcpA%@-yXDwRUrrFuorPg9Gs8nE;`{VlGav z)#@S@%*?c2Yeh1XSXD10GEMAtxP^8-F?5t(uurX<0&u%~;h}`qXt_fxhMJPpJH!Z4 zwie7kSy%OUj*>q{OaHY@#d1@}xQ)h<(BQUOQ0g-;tvCxcMPs`j69cRKm_${SUXblZDXdhQ1u2994%96dHEH#=~}Imhuu< zppA|z;2@`ETBuy8LoPwkL09W-2Cunrf5xZugOG`8xXZb5L#74yVirXw;NdOc%WAHu z4VVX$`JfZFAXfQk_FEG>X{4=R=NOi{wL^B^F{IV@pgY(WzVng?grSc<&bm0ybd6>| zSy3Ujk(<}UTz)YOI{4TRb5JX4iaeK~G+{%>nsY9Mh`@aF++yWj$cGH<`*zG$>1Ku= zzUyC_%(Ys)J)b_)*AHsSBSu4=bNYO{?`Sg^FV4Sm!tE5fW8wE%pwdDBZO*z4hoQFPu-VASKV@DI{JvAa1|w;(PV z9rxR%o6<9qKdAEF=&n^Z{@(F-QU9AvuGBY(S)uo%{(grZqCNE&uQYOOJ-5kQ%ZUbh zJuC4StNN8SpFR*V(X*;M{b9?Uw;f9*19Z{Ip!4-5#V878=Rw&wRPoB+P{sHDF{=2V zxQ9~s*8xnyn2b(Txf0n?r`#v!YlaD!T$wyR16uX>nGeH8(tDOprNRT>&EI;A>D*kg zg6h4YZMLAoRqkEnD2GUJ!Y&);Mgc_{FiQcp73@>WktXTBzPT+ZCo3Eh)Al}RTDaaA z+mZ_I;XzJ6E})pg>}Xy=j12BFqg+9EpV27kD^X$1!9d_+JKhcsnF125L<7Sms{-!T zd_uqq&!>DnJL^)oIMzKL(VJ&7>~+o2wHhr!+^)=5Gr~D9>CWWeK-An}f=)@M?E1Q= zN?DB0(7$Y7vT2)UDh^p%GtOzz!{{n*g5FS1rvmMeEqp9VIC@Xz#jBjh8Rw!ByKzjS z$ruS_FKMOYnGRRh2Stgm(GWw`fYw!!6bEfZV7b>pA%%8oBWV?G^0X6dS(+$# zeOhJ6YzlrVFN^|i1}Z-RbM*t`QOP4@n&gQF6|nSGeq|TA3WB&s4YS%dwN-(FoDpF; z0M-4f5GQ?apH*SOCL)E@0KBA2K%VMqpGiFfY(;~_sV$E>jA}|5NNY4F*YC~%_YYq5 zQp?pss3TsW6W4TcPG@io)lJn)(>Zu@Xu|Rwdg=1k18cXE_`ee9)$qS@UitV3f6(up z=gJ!4d+1--R;Opazm+|5-Pus4(XN{7)U5->jLx`8og6X;8pU`)O&G z_elJ?@cXsPM`tK~k5BB=kxP4Z`vnE%>!md)^sT;FT7>T@X8Ncyz7%I-y`qnrL3Xy?RthzxUD zWO#Z&6uxtK1-^{c7`te4`wBQ)7xud2T2Van^r{8r0xsQ4s~<<<{QiC*z8&K_&SJ>s z4wrZ}%BQOsgW`@3C+1s?6>I7;xziC0R9x_Yu01vm!myt7L-W2xBHO$fGzjATf$XwF zIjM5nQ3;I%tuNSHgjEdZDhwu$2vpN#F1Beurgd&H)5$m8uTBO$ z(2hhRV&v4-c){8+M>sdQ!1o?jk6rnV|Vc17pEmhz#EP3AA@slTYvf;|kc z(HLKOZ+UG>Kv#~(RWH05bfz@UA}>UrI!k}x>v66;=qVExLFI%Q4;^{4>p4a=)bxXqug^zx7*V)zo0*1Ky%Qmf+ z_9-rrRS=K({b*23$2>e>*Su_Bj*2GLOpFGoL>Lhf0|2;%M*}e?={0VQGW1?XZe1wE zC1zX7-2d$Iz)8&Lyz#LKq2lnz$L}_ttau@gy=c2QlL{&5zCCO#r1ebkR*6dLIo;$5 zguTP1;$0%TLAJyZsCJk4Rn(^W4SuX9MgNUt*Ey?ZhVlNJcBDQ@kH$o|TgLoUpc%Jk zgzgBEmw8SHmScYJ_PdaOntwk{DXlsX)Y?Ph#x54bT-&LJnh!VGxdJEQ1Ap+V(qu<%nu`aNv`fQuzPTud;wX*Imbd>Z{21RzKzS2)5Np<8e z^d8>8|8a%GLP_I+rFJ^2aYhmq^ByPXu-3(b#GSMr#Uc5=0-Ee=God^zo>Y=h7o-ru$0a z(932n>3hT9Me%)Bd|x2nb;bV|wW-Z$&3K2@7m&?S1;G+g4&4z#SGa> z@kAgRYIr9n7Zv=X%}6v}JzB7vIj>i|SJHR(<*|y33MN@=!z}1=4WLHs)QxmEx6g%K zxo4FGuYD7i{BmvUc;Kp6q&4J8~#COK0k+*><8cgZlcJ*b2;;H6TNC z7|%hIhes2e86nFcSjC^ja@FVP*hjCIQ#+SB`&-*amC8Ux68qvT4CK^(k7o#*3~(a< zyuLhsWgX7Zd+;Rid$<2vg&aLEM6m0U`#_2}Gbr}QDu;1x9I8g0sCir7H11ps*%+gY zc$77>#>tK#0?YabzNlV#t$pub>e>5?7W04gu^`XiSh$eCvT()zVaNIdwvxm=)9U~I zuL=I-M^p08X`}z<|N2jq-+I&Gof%ZZ;1kdXEqtcrVX7M8uNI?6Np)}YD+h*?Vzz`; ze!W4MZ#eF1Q82?=TC&xY!28M&5pD+bcxw1XhZrdNDfBh8p;;FeWPn3Q!iGIoXgOZ63GL_B ze?K(M*gh}hwJ&w6ydFxru?gEKw?B=g?#5lO}EEm|9mFL&Ce_YmHGl zuZjQbbY0)GjcscQA?sS^2`{5=B@m%NSjVR@^~(n&Wg=>AN!<6x3u?TQ{#RvNEgkj3j_qFn{7+-IArs@`w7<9 zqd_hhvaGv(Nq(|yQ|Qf1qN(kaS&EA*EHw!>8Dk^HX|frMQnj~#dwtBG-#+sD%YT>r O_i6KQyI}8JkNpRT5=+Sd literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/htpdate_setup.png b/docs/images/hedgehog/images/htpdate_setup.png similarity index 100% rename from sensor-iso/docs/images/htpdate_setup.png rename to docs/images/hedgehog/images/htpdate_setup.png diff --git a/docs/images/hedgehog/images/htpdate_test.jpg b/docs/images/hedgehog/images/htpdate_test.jpg new file mode 100644 index 0000000000000000000000000000000000000000..6b7160f3b7c10187de9031c4cca844b0c5566f7c GIT binary patch literal 30653 zcmeFZbx<5Z)Gs>AF0k0b;-1Bwz+#I9TU^3o2^!p8gM{EL8r&f`EEe38;4ZI~Od!}ltXL?$y`*fe*k)D6+|Mmb1Ej3Lw00hDVcy2G?-xi<( zfbsr={^Jh5B?tlJKL|=dfKNaKB_<|<5)l!Tl9LjXz(|OQ$lzo!ataDK1u-cl6(t4L zZJOdgDgpgRNiYO@Tabc;h~)O||3msW0KlQZIw%_qf&+MP5Eu^nHv+H#AmFxJAQ13h zL_i3^#{&~V|0DYW1pwgRb{tGZhEITpPX+)WJTL?wAb=B6Qn69fi$dwxl^$eOEiTa@ zC8RJ0Mkaxot?etc95#ObV#-cFk%zX?oLrLWZQ>{uw4sAJ{j31j1fPsNUmEL)(V6*n;SO)qaD zpjIB_5VN(5%Gm$d+IAqJ;+I)5w0KR(8QuPG6Ck}Ue_I$1C;&Kt&9&SrIBx=4iycFW z%|e%R{SSF~6cpgNa0hoUBk0m?D(v|9zT2m+!Jro$&Q>+S*Ln?`9A9`A_5L)<{qH$) zDP6X5zIMAW9c;MyyYb`w|JB6*8mL=d`(GUO|HpL^_UNgaXzZ&dl=BEm za9vx@bw_^4BLQwlT{Rhl_69)daK_Is@#^cHv+DXMg!}4>MUt_(1?}~UF!P}NRNOhOsGf%wJgub20a<~t*~O{^twaB z`lZ;|G^N0pxObI3Aw+1u> zLDewsPW72^ulxQsTyn&v>STwZPq{9U-CN@v_QiLjg#8gSx>05OW&hPotg zTl=Uu_M9S!8~U`0Q4~+Dmax=_`g&*N@S=H8B8}Fve6+<(TSE&Mx_#_$; z_9UyC?7^OAkSr3CS9C$tDtF_4%98s9+sR3lb(yRO3}NtQ?(7Z9L|e=J#LBnYPR=#TlHapmYY@Jd)f+r7K@h~p((E`wtY1{ z&**nL79)#1jyEi~(7!O>p0F0Px_Y<6ItN+n-Us|3DXBXzI@073s!7BKz4-@hKm9ZR z4;b~8yZSRf`!_qc@NNIq-#Sf?`{8d|FdxwGe$i5QUQ3+<;G(^IW*5xaQ}+zZ-E4*l z#EKO!m>x_leOBmRroPrmn3B9+?_Bx3M#P)6Z2y=1(T~Y+s zCeDQm^@cfwiyrmpRh*dDRyaZN%FEEO^oTQNQtlJLn$;9$Oug-V2p96Fs-0HCBL}A& zeB6v|v)zd9SwJep@P9g3F)#RIXDwz!;wz^1#N|;Sqq$eQ?*59cCw+NRHnj#w^xk1Y zqBSb3zdxXYetdO=v#ro=tG)q!zZa&0RAQ&GI5o7(dq++q!V*l#ZCm85{0}+;6C~C@>7%YP!TEiFfSYDO2)vGUzQGZy$2`- zg%`nbYQIbh#MJLy6B1COcfXTHcEj0yi>I^|YTB-QgT(*tzHF*_z@J{_Uobu0o z$B(u(@8l$;bf-)s#_+{J2nuu^-!+{w?j|v_5PVuKNh|i<=rn|YNLcWnhuGn(;9n-J zTL?al*=D}UFo~7FpVdp(^M!rIf8V*@Y?>o(CK1<7GKoT4!af0eW4g$4tFU3LHK}8T zwp+WI#5T-})McHiFrIS%cim6EU$d61nIrTg``MF2OdGLpDNJCwcMQ~g7xJ|f^tU^* z&|}@j^OIs`^0vGYMM;vHQiRmrO#^&}Y$`VKazi~{)l(9#n8{KK?yC`K(g#Yi16w+J zqX1W-2H{V)>n`SmedA#?mD@>IXG$Me$fJ;m6W6c3&_&imj>oI+$E%*1VPfuOJrsle z<=lT~HV}_hy13y@lBwR#pU(^XsBT`ysskLYC`C9)dgbT#TmxEqhU_MDzrHpr-zKy2 zY)x0ocq-8*TI5`nr?{Ff5yptog4~=&R2S0uF;YScdirZyzVG$Rg3d(tD$Fmce*os? z+O%M!b@t4n&7bCbTJeYOH%ay;hn9!gNiBJ^qk8v6gUQ(FcfcKa{%O3btX&#=-872$ zpOh%3B5Y1LHaSen4=(Q|NXzfRX_JatS&EQGwd)J~?cubj=q44NNB6$4Tww#`G`$5? z*Q8+&e@Xh<$EJo=_|_ixY!R#J6QfW-UNE`y?S=sdjpehgFiS9E+A6<+Jr3S3Lyz{! zsc}U`r{GQzs^?6#?Hy~O=IM)p{`Qv(+z-|)(2sj`_h~XT2{A|BtyOAwKcZo`+U)wK`g+xwA#@5^~yf;zP0H7Oz#&Q(;k(UZcAz$nUUz)y>77^$q8;p0}l!`z9=Vz1HP!{B}H(Vgxt#kTKvmF-oawk%Phq`^6f4 zp5_#WuBTANL|G@zH^7<@Z;evU7aB|w^A-xj_4X3XzC3^F89%pmf10M^X~3$0Eh2LT zYowRPWLviP4+tYgFe&yameSDAlEJd|xyCXz3nvACewZoD$X1uGTC2%anSeWE6&8^x zX3MOD#Vh7zjjx|JCoIz;7Y#;Cf8?Y)QYa2gC(xi%di4(QT$~8@@d_trg0T^g`<3g zvW^I2eHHG1i~9Tn;qg!;cOotPLQb{8Uu<@%PJKTBRd^omS7LT*wb)ph?3gAqs?(S& zmE}-;D66OB>D7r`qix@k#0lfNyJH*Ac)ZNVUSXPhD23N6C$R`yEYY89G+A;46cjJ9 zu*rNrx&|1ga=!WpfP9*kGCI?=`7p!zp^|m3rv2xn61>!>3|Wl%_azgTbVuj$3l6`-td1jXnZOC#8*4#)H=4zr-E}< z`T?%?%Qi0vbta7@E~<;vDnDSFv0-I^1jo4r_LNr<8nGX>EaYnBbS&7go9VdAny98e zZkSU1qEgsJ6{1>U!OZ!T+SS6d@9%rP)#V+nP6t-r9iB^}cgX5e7EY~#7}ep*2|v8h z@AdWjFyJxQ#GU}RNDij@M?uG3hPXKj$Z--8N9f>#Q^xbuP(-5tsZSu~uQ6{DbsLgs z1|f|W{T^;R#EZpY@s8*6(oJXF^LmudS)>UW)Z6^leABOeq^Sml0e;FZ*3mzQ|>aBkT|C3Hkig?@yjzuGksXXtE zA_>Vu6JNy_y0G>Ysa~=0loL!Vu7u7myF73!*)4U?Ym3q2chd7)Ule3hdnt|0j2mlB!5E8zVfOC)f~EtNf44qB=e zIWpsPRjBk9+WFGiw=u{`_5hCYS1#I=^&AZ<%ISjJIeW<9c9W zhg$C;|3i>^+J!vn{1$Ow|2BpwuY?3_oFrRAYcJ8|IpHb6~p^LkXHrNZNPjOLfiGYLt36vQ6ae{%y-> ztZK!rd8I7&m38UnjwqiHv&xp9aMwFo|D;2>a-9{wYlDprgi;iJfTCi`0nWWVY6FJ z(ET>AMtV7r-I$nvA3f}BBX$%!5dqlyl_Va_vRvbitiGOX6rFhGzk1O8U~x=lxyGDm zw`BtAMR8D7C$N?V}qE;dW`9Ql;+#qXonMDK?K?&>}KLQJjoVX=?# zXLwfCBxUalxOxRm;3CY7m(N~3&JIxq8J)oHZNTjG0T)iUd7A^Ii7+RqO=#&KP&NBE z_aRbpnnXU-qt^$cY$&4IGPiw63LpqH(KE(SPrFR&0gm*ERJEpWGF5s3<5gV(4zw$M z0%VEFc!eZP>GPH+jz3Rs3jTOiOKQ96sf}|g$H(XJ$A%@ocwnr~G=(pcZ&zdtrvON= z<`ESoR%ZA25h)|gDz_rlSnv;1Qel3}9{LG&Q9`=-R5}=+7o?~VYrG>p+Gw0iy-B|v z^~QAbiPJ+-&oU2s@rw1AzV+kK$hlJ9x;!xU0~HJcfW52%YXC3x%+Q0*vXO$|!@Ruf zKj4F<`88@%_8%ZT+SJt^ec!{>zk1Jl#dZJH-&DPlqsy%;5ZF6SCMv@sMrDB4m$A=P zx^Y;h{F`X2?ic=-WhZ(Y8&8@AE8&ty;#4^G7M<@TI(=vJDI?O|^&clne$%5#_P7-X zy_wsRu_^lW*40QVmdeasO@ph3F_iPHQd zPnSi7Lkzrj;sE_b!eO&-=d3CPv1pp~{s|9Mj{*FOJ(1UwZGlZAJ(_!x)F3TSR0P2V zx;#~ck+e@c~j4VDZ}f(pd7; znK-HFWWbY|z-PvFtfFX}hYJ)TOWVO#Cm`hU+Ec}BVVDMQzPv*$c854j<@vXIeg`8- z9d@}nKbTm=92gW)`Ppn%7k~kZcOX)sbU?JChVtKy!^EoM5Z_%veWX%~j^;Dmtt=8A}>w`0a zLIs^i$Zu3`jV7U0rtQXw!l-z%T7F;VqpjkKOm3x#I2Gm?q;y;neZ@8UA3!=jbbpj( zi469eGkpXrKdl|=@}#&nD$O$Gn3)?(O`H^5(?|*DyM+>&N(K~T;9EO0lzfWuu8Ij5rSeMG=^?5%%Ey<=xgQp|Q^P%FwQcyar*$+7sQyrUfIkdN2!v zl125$WCrjN;IlDRHPW;H1MX(FQy6f$TK1B{y!KS;XG3i$-cnRoiP^%n<2Ok(HK7a2 zw=Md`2>0*@j3NCAoENayU8kXWtvBcK1MU8kuTq!pCV6h$)6_Ao_o?I7S0C}e!k`|Z z14Ko5L~Xt;gBUhp%0^$u?nuW5E`q(OH}P4#Yw#n;;bZbIKjTV#u=u5Kxb#0DR48M( zQ@n1pomuc4#^sF}!dpJLQkrgtpcPe-QRmE1rGdv>08B}}d)cP?S9Hl=9J{`gOYnv7gv`xAv$cZd_`V_%kE z>FxoODRm58R8e+776hVM6zA%KT8Nr8WU6-L5uDTFk9AG2zLz7!9$_E?;~FHaNW%*N^lJOOqG~9*aPt+2|W$EgRZ&x0^|sY6I3n49q7tO`m!f7Pn{wEN2TIi~3PtTgjaD z`L|_L8%gdfnHuKn?zeYKUc|i_h~xc6xBq-N%j_QW{ZV=mO11tkbMMc$yH(Fr6W~-l z&_%An&6#SW=l(c4J>!Rw#ijgpWmy1es)+SiFy=~vk9PEY;B|<0>J0x_V`m!W)G3v zq1Hs-frhKXf>TEb3^Ko>)YX~m;kc~O2O-hdiguDCw44PSzzPmJ#A1P$Kq(U}HRHRxwIhm|fhl*n;4)U7zqmhhK5)Wqrvu zi9v|mJcpK1L?vdZUpdhhPbI3<6Tu8AMR-eI+|0Soqu$Oj4;Gri-c2jSw(1YgwgFS@ z-_l?CT^^MGjIC)ilzFl{HAl;*I#KC(cSrl4_wjIG^&RM>7d~lg9u?pNvw#tDBpacK zznHlNC_%=Yh#+JbQNNOIE?uOv=vc1VwX_8TPt3Z#Z?j<>Mv&uxBHDQy*Xq9ANTtyq zfurtIEPJ*`k6R?)O`0`7$iJL5hz`G4?RXx?(c-_=`B}aOGPc>Z@%iEUk=9PDoCW<^N?%x6D zgq!(~X6r4gzbMa~lu7W@WLCch-ThoF@((D=-IsstS#>teTBiIzB&a|Yn*05I$GvHbJB8SK7*5x1y4dIY`(^SD1ip^)Jrz3o5d#!tRy^U znQ~9&jYJV6@>6lNU?_bYZ`$Yp@Lef&E}*R1CkHIg>{r`q24eOB4+U&Er7|RABVR?Ulsp*5ucUlIgh|&AV=< zV>7?m)#Tc{CT~T@n7{Vi5$gwmD6^?(?5MmCne=S!*oq7)$Ry|N=~Ket1KHHOn=xu? zd*|0zm}0gSrn+yT$f>}QBF93_npvulS|mSNrp7KFF`g%>kC7}yONCnf*ZQf68>n{fio4P4Az^Oedwl#A2JDH(gm7LZLQz$P zNCV+H$ea~yOfNkqeK}bve$B4#+cqzG(y`G^i2@V8^s0j!oAvNK-3sEW5F-qU)-Wad z{w^NFm4ZI#G1lK!Veq>Wu`dMxecm{T-&|vb(jvZ0E^L&soUdm%W&D^}U`yR^!*=~L zx8t>Pqgh?H#rx{gZL=Up++B~Y3`&?z9oHEzO;5TzUN4$LpT;N-j$+obEcJZSr&7%4 z|2ffrqQy_?Ef3r4WU_M$_RP0ZWIp?3+PitKU*L}Ob%)08Sbj2$@5NPow zOMN$4%|Jy>`S2_?%oG*qH_A`DG|Yn}#IuaKKc=JGwV_Mf+aiR=exIJotA=IGtfM14 zTKmbL^}iFnn<}D8QVt<~Xf1WJ8Q(19TUMUJ2YXTIS4s}R0oJKEOG1yUe^KtO%OoWe z?MTWDvMWzMJ2g+tOONT@+|waDHL0k@v3=kz?Kd;!t=tcqt1!x@q2yDgHqSa{L!VID zLrz2@6#>8IoxHk^s`W3{2?uA9VW77u;6;Mrd#$oL@Xiw1dGj z(=2G(;(n-cy|F>N;9XSw8uLywqRq+Mk}frfNvojB8$&&lcLk?_gX!{sD-ba6p-muZ z$J*lg1GrNW6IhW-NKouCy1^Ml`xa}wveT&5*57!dPsX*46uijdj8?l?G&aS5<4jCl zd*qAH9|uqoVHw!E9n1WU9pWaj7|^TrV}5tIvhv(D zgR3zx{bKYk*M@fIzD5D_f|mG9d@t}MVwsXJhO{(QG@8g;dJZWe>{4J;EEoiTAw9>A zm>E%0D|}6-PT=@{{TU8f4-zX|I#uv-l z{>X)jkFvfb#moW{0~3DH9=MT6h|~AT_6f->_ny&oLZToFkmPrG_bG{oo2$-~`FkfD z26(QFsst_*mB|G}X%_9$F{Q1cuyFHeJi|*AG){{~Ze!@Mu@X-r%06YxdYe+vSb9L) zjt5U^*_P)?rK3b+?CX#LiyNvp7=gN=z^!tzaKlP2Jbqiy05QjhXy0?dZl-VB)Nh8kl?LKsf>!PvQg~W78I0f zqu+fH`AY9`qqx$Xp-ZwJ>cS(l2;v|DNM>6K-gtSl&_-+}4GKXri!9!^&cFKbe)9M* z0KFx3@uXE-x84`&yx&TkyquUaccd>;zwZu7)E|1N5MwhhXhMdYeG{0a#w#56cN(lc z`$8(RR`tewkGyUQ7(;MvkrbINw0+EMKcXXIF)ny%FO>IAcB3kFN^RZCr$614nntAV zSh;co7otc6Kn}t_ZM#zgis}-R^@^=89YyBw7#H444~|`jO7xJt^*vZ>U{NmI6~0g% zUm+bLeM;3P8PNhZ6%LJCZKW?buydW5#c@-$v1h31W?;%~Q8EtZe7PYJIz$7Cr8Y-$ zb(P3Q#jo^ElAGx-YGNeXM#qCAJ6skk@92Ck+045KniKB2=!z+h^!v~gOgm=+@X+IY zX|K7;i%!*fAd}3c-SX5Cfu8RUi$Z4yOXiFr#Bo`lIptmlNnmAo_=FgaWwUHgX7y#f z>CImk4Kax}cOU05t-*e;v9x$R@`yXK3+jthmR=?uG}NdJDZJk27=ei7cM1|rqyeNB zfn<7wCe&x`HlcOIPVEwdYkzXR)0=T4n-U}?K2qT4zw@FCubp=}FAU`6`h~eSv7yAC ze_et*f+;GKf~oaA(+hh%yV=iLA_2VH=~e!!Zv;-|+H z3)fvfd1>wN5WlcZ{Z-Cu1fG=%t*e2FiBM)c);1BFC{W`C_#pS19u>bK~O)?wY6&+(|vXOIYPV-KSocal+v3dbaR%U{{za*PG@O;OVYCP3!D7n)RsKGu*YvRp0r>-g*b6$xk zFHJOuRBgP@yVd9HfPee97=sc3&#&yDoibeHl!4XIOnUr5)KBkM&6|IF0521%kK5(Yu zCZudm_EU?~&i(aJwiK6=)$^j|mWJ&0s&_y6R=P7x&IK{Xm8H^%;vjY#d`jxJ?oxfc z)O}KzD+7M2a0>*G#P;kEys7%?r{W0}>z<8w?tN>-j+2-r`Dwb-I<~MBOmxKVxIQO* z#z3G!1ufc2$7^aK+ZOl+;DVynA4@OkaC1Ps%?~rQqs2|3Z@g z<%QdWXBEcJd|Np&CW*Bw#bB(xh8+bu3L)2up*WsUtJ;$o5uezsU9{lDVl3@Cx$lyp za-+HybX{mrBwd=SAY`3?E_~{C0%dy;fbP1N7^OM_EOL|ys;RTBXG9HzS&&sZqj{w1sGvl2^h;y3>7ZDTW zHnI_qdAfCL4jnugtLbFvlTbc6>0d-2f9I=AcK3VlGa|P@Ng&LSUteB}fb8cL>fp)e z4PcGMJ3E^nbAt;1y0H+lrcMQ(iIZcE75u2h>(VHtvOY(0TFC0BwaiTx3D6JwLTm99 zeyR8v!LL7nnvAt#mmhw^KDocBu1KslMAkrMQcc}`uD2sg>VNwi&|N&HQVaM z|5h~a6mmOx)n7ORSe_WQpIrXo$;wOW$a);WQo+NTCQV2d5!syBWEi&ujkp5lq@A+O zRU&Pmlptx$?gkJV)k1P|UPil( zw5JSoikTUaHmn+kt5dP`qzd_`uBPAV;B#_WIUo7y#wS6Fe%_jqpWCh2L@6R^dG1=s z01m$)&?n09y!au#dWg>-nT%XrBqa=6;yF-x_IHh8{oK&!sp$&%bqry9kWHr>-ct?X zv&SwS+N{m89#8B2THIr5+b}m64cuPpttlCXuuDLr%klI<128v6^#W>EPcwcz0`G7A z(ar1aBikBt(`o;JMVV#>lwp)_PDkeMBDbJ*?CLL_8ixjwecqjW-5fRC>m82I`f~L( zdjgGCs6at10nl{q?x8#Vr`^GX&#d>Bw4jlgR1pb@*^IzEhDTg^Jw6;C<;#C=FWHQY zUVbq_nHwrKTwcw^-rC5C$>mCLz+G62M9rwC91{Fhh^d#*b8OIfuxKN`*2Dz!7I9?8CQHl#Ddd#gq5E0lX!WW|s;>!Fa>JvF@ z%P@xtOw^;WIAHm8myDdYe^aeOYSMX)*qCpXMG%3vQBH~VX@RhI@7l>li*LCgg3)2gDa=iG@CTH(g zeH|Mqg=>u26r0rRH-QH**5+_ZyYGeRE%>%{>YjzZYb{3#P7imG`mUM<6hBZUE;< zY_!YhL`y+fw|WrSs_E0*9IJj<>k^;Z#6#6F2kN&5HGN~E=`t1izaOgjpJ~gu)9?9u z18s{=ma$!2oV8ulP8uGk-i6;p&J9tY-s;3-DxE3uMjm1=BTm+C79XZ$F*}TUxK>$B zZ|4sJvAMwobMzzb8c|4YJp;QBy&w!NFRD<4J)?)T}1G+0e!IY6*P- zX`l|bS194WU*R|rqU4~GQ`(4^ISx!cm`1@I5kIXA715_a$0iA%-OzV=aj?&GUQ+A$ zGo%}EI?RD4BK)w_J*=ki0b^zj7P!LO{O{AKQ5`ek{8r!M-&`E zC<+Vk9;X64uIBe&*y6n1GkjBjzmmyun;u$BE%5S~u!NI26i1K*lE`bMn#?7p??Nc>ju0;-sw`^;Qek&!$QB6WKz>m?G#M+Y*&Osp3rzo7aAj;CVtWr+fvk&WA zt1nGTz!!}`NQ208VkoRj5edW+I6vAE{CEk`U{wwt*h+KpG?za6vEK}Ub61G65gjQ7 z8h$Sb5x*J9R!SFB07oh~c2$7q zYsStuiS7Bmh27I;WM$xoDypdMNoZ6=*-d*C1_TDM){1_KDY}6*Xs=8>$;sy3N<0fQ zF@}_!=T+Z@6OyLhbY(eb{aGWY4+a6w51wV9Eude$2TsWTlx>u3rY)Y{So?Rnedj-* zm!5ogxpHl4(DqSZRpZ7_hhu6_kBFp(Q-hi^P0w0*pL8!)G@c~_!#Yrx0g4`P9SY}! zy=efktC_IW+)b@&xL1Dm$=kl?*^{l&c#M)p2ADTOQgpbzwCS>(?UR#)6W$`YLC^d< zugfUPi{a{^6YRScN%%`g?79p_bp7(pnagL-JM#ypo^KC}jO6^(?s)RfF9zHl^p5Wn za*L(0P_$?K%{X3Z+9YMTmqQ;1MgHWPgp>R14 zvCjpI?5s0jhG?MXNI~nUAFjPsdTMkYaHE^vcm3$(;jvYNc_CR(O;mnDbC>}O{tPEL zU-B2)NLN%p!q1C0J~l#+eUjP>q{0%CHa_i zL+JrUU+@e;eFh#ht#qxke0p#@xuH*H;ZH@e@1&`OzU-$q%|2y%qW&o&@=W@ZO@qi_ zEDQ~Z8M_oY$_V0xIs%Nd2`jq|dyGunSDdg3&f*A-t%8;M#>OL$dIP=r&eiPPej^Mm z+^t8z3ckP>JI-QRjfbbKLX9T2x!o&ZZVwFQK1dF8z@%4VMp$_$0FO0?Jby#Kx`*-B z$#Z<{sE7IMT;V|KwecttQ_<7f=#xqlz zbr}sqqrydF3B{^i6@tAJ11u35!tdR&JZi!~skE#F|3RU&N*tyAXtvuG;zgi7LZM{H zSl;^I)!qN{1^mwxF`wT0Z_(Jlh}phdWzz6QS-B?+wtMf-ub4St2QsJR?(SjfM?|%Y z@S~FE=Ff5|h^sL3&b4uP>6!{^TJfe=+w&7}dfDKCd>^6xtWSq>e_&eg#(A{?RfwEg zYC8P^wNz~5U@Kcl6`Aiyw0KW5simCuo;V?$BVQ$}>UNeQK201-yyi8jG2S1q$11LC zHxTUEIezTk#FuH9ZY0oa70E9yxO}{9T!rU+s5H*V9HoZ00C&aADX~O06UzO$k_}#I zFYz{cD!ZB~=lJKmKta;Et>Anh74ERZ#XiO^KhscAx!LBJu;$$xH%O^d%5Fy=rU>9k zjQd4Hx|>wYtW?Z|ajB=4O0B|tg`c=#@1BKS?=1esK;REa0~m=gyn>)Z#52Lwi|YMy zgY*?x@e<}JOm)@R>g`Lpd2@(YqQ~=?J5fCjuSkOb$UKj6i>&@Bbl?9E@v-yU7f$dm zj}T+SXo-$I1rPcaDZY(Wts^5GHO!cdm)$PnP@0)Qz1`=LTYdGw^mFTrlY@ICrwUa{ zOXn`~W9kEqG4I**)cyhOUQDYCU6nOXMJV)Q;QL%;;;nMhZdyL#t*;MNL{LDL)@`v+ zC+Yon1}^$;Au~wDmJwFX=OJs&LZUd|&rwV!6-6?_&UDi-0Lo0dCHG*JI{v{4Wq?rF zkR_e@W4Il0qEAB_*13K`RUb5WGxyjDX(lJ)2(jL;mDD$v*;mhse zDUImY)DgfY&1Y*pza1 zU1j?y7NFkvjKw3;BihksS$=8i*6yHrh0xU9fLEDw#Pg>ii%!XJU;6lmyDvCNtVA-i zPtok)lXFQ``Zbm_)LkxxCx35T6h3S)xuSYF!uxncD?b7}CRb0e>_Pn5?RDLFdkGcf ztIk(pMVq>*tT<1*O;k>r>@tTAO-ye`vaq)BQBHT6?Vc5UCi6JCY5cxry0x=mURi_= zjy&?u0A<8YxZnSL30KGe+*HIp4cj#SDUO zH6qHCymUu;kN+VM~vU}Fx`0xyD`c9sG_4zlL-#;McbN)ZT zsAQnADr2l5Wv*UD0qbw^^qBQHx)vd_*%(Up)_dd4OwERv2V>(jq;IilhGMf^D4YE( ztDHD7%6vp8XpYi!;K8!<__5i?}rFE--d6c5X8Rz9@~H5!z$( zXA~J|xQjaT8scKMmhO_=+i8ygdc3zMqsz2}{NO6wVOV=DLk}s1oSxL+r@XIl6y8Si z-MHv4a&+WSCmveyiBpD;x#ltEkIjo6(mV)-Tu1qMXk3*idIIY=zN|~?Gd7^7hjpqg zs#Q7aGYM|8e2Mm?Q+)VT>S?=2#M9($EjY=qDTG7m_`X&plsgQt46!U;krA@-S4Cl- zU$AG87s+IHuzk^)t6cG&NQlgfvgWcxQ|iR5ym5aY-yxC6RH{)S9?n8$nKaOkT0^#eo3K+m{&;v z(OE}4n7!&v#Y(xWij2MZ*X|osV$qnW8KGL5^~~5&oyo)#nR9B=yog8*SslRd(`DmN zT?cgrRFaoudg7rAB27ak>adqwe9&FYxu1fQB}!3hwSfulanIo5<)pKOF`xg@B1z0C zjdw*8Q6NzeHkVoc)ki>Kwfl3;)vVyTZCL1{sMq{Yp}O&1=+j3e3OO*=v){|RWm-Qd zKiO_nF#Xco(bnY(oY9@AB8Oze6MVvI@+VBZGsN51qW}$uD-t#D$(KENGbZW$dCPZk zwf8C1!Qj*7df^Mps1Bz@30LDlv@QI5LM7k+TNs1u>=QAm#{(O4jqB1i#Mv{yN|Wtc zL{Ti(I=a!&&^LqXd2d+5d#bl5{Q8*uzC1K^+G%&pJ=zw!l)R&Ably|eIQvNXsQ*gS z+?Uv3SGC-rffmXBz=QR3YO(_{W`JMi(D~O#zC`Bp0@+axBXl1XD`6vI z%DSs)daiEe&+cZ5vy~P00A6JZ67#Pm#g=rp(9Dx%F_+ToZKr6O4~3>!zR7vQM|SKU zvE>jwZ;@Ey8*%-|3%k}g;#++*$Z^`a@9YwT#8tnqag~OYWCrj4WURGO2gZ9N`(Dmj ztQKq*5*JYZKziXKhxF-_XG^N#avx^Qy#9OL`hhBkR;>tSuXu50jV7mo1E zemLe@U@0e533*E={?KxqT`H}nmvkj_YwWV8@eIc|9mb%l+>#&O+|ZDbg2iP&NJKDO z5RVFfB!y=AY?%4S;#qBT&2y4A(2wbO3GsxxzKAz*q(Ye~9h~N>TPL}u(QH@*)cwDT zSP1&RywLmnS8*ZNKC4hQVR$k#I((n`)=~)=bL!+_u@Tl}MX9pR^NX@1etDM(om=h( zdk?qOc}r$qv~_rJNKh{4bUe38vAn0pj!LXOet=0W;GiXI{ zu~D}qXw9a-UZQG)H?jA+%H#61OS>=IWMQEm5#83E5}1*|V&|dF$AU0)iErKt{KOho zZ{@L`x8sFUr{IikUF+v3#A8<9r+loVvGpXQla8QaU9x|}qbImZ8KZHdm0s^C%);wf z>QP>b$5$x#59np3_!?nb%XtX?h`!1IK5)cLwx%h$F(bpqzSBSRzMQahEe-gkedUs2 z{;@Ta0%X-OUk>1oAcQ;=q_9u{wMD;?V6V>~X z%4reVo?@+K#Eu>L1udDWykMHmdR0bCdbDla1^X24v2WIFosjF@5`l&)$BPaC*k=;} z9=luw#FZ$DU=cXb0c{!=EFOY?B|VQC^9vYg%g1)@$RiD?a1Hek(y07f@KtTd(FGZx z?@va^{qU=g%QzKrT;Pcr_n3Q8J|jmfSzSXxNJ;b)uk71c^+U&mj8wC$ZadhN;zAS4 zkgAOLetl)4s?H-&Z`IgRCOa1;lwO4$ftphy3mZTN`D?o5uLoYFJ2cSt%&>nH`alF< zmqki9dZz9aJUs4i`(<)ooNsw1znWQCnCiP#$*r6ftH6MUtGj3cfWht0NuY=AZXu4$3eA2_oG+5@bHUOg{Ct`=Ypj?osmemu~0 zBgFv>hND(F+u&&QBbFOxV|=m`)16$A@+rNfit7?aR`i$lZAK0@Qc*`fa<0`cn$hAS zs+-DzUfobIo_5=KJ8Sn{ewTBL?O}x=v%|`R80E{2?j97>egI%8M=-xP7$@v3=^|nl zIs6BZ{c3B)u{DOy=@gll?#qAeT2N>Crsg8cpx{%ir3Zg^Em`*KE-w#?LJ`IVcXwuR%*R-rMC0~2^`Hq-hzh+74a zQ$Z9sVvuo)5Iuc>RV9*`!t9%&beDW|!gTCaSq&AwQu_2$(DSG*)=!<-RhsK6l7%ZS zDm4jfodeama@#U+porxt@8PY93phd0*y+yJI;SsEc{2PK+vh13IPzLRiyp$MUR%d1nZX^$HQK{V5LM~$RB!W%0BGqiJrKRQ>pCOz(SY4rab+UL`P0Px;x8xX|D=u`EKV zsxx{)#;Hm&1LpP4v)`?p!US=j{E58+CdDIpWDDPh)K%QQRP6Bot7ciXA|=Eo;5ejt zZG|Eva6g+K?!p*pl|~Xp5vhBzdm@PX&~9c8H2jQka8Wg<6S;dgxF5?HC!m_W^;0a> z3HqYsQ8@>Z9O#UBu8054lH`M7l8Fl=>@vaE;qEFKvo520C$02rJ>7W4GnCO0IBm+4 z*MpZxiwkJjiTzwB@e#jyBuWfM^}CYNo&h85hI`qC^l^Ywk~-wE15sq3EX|y}3Lfa+ zv0Po54Zyi5!<|n?pZeSj%Nm}!G`8kHFY4!vfy7dfLx07icpalEaPQ_D_PK`3+4sx8 zcSc=4YI{1;Xk5BVT@X@J8I(>R%5C|IpuGHzp_Eo&N_K<#%To&-i(Ik5`xP`{b|PXy zu+)S??)5OpD0>8yzLapvmYpNL5hr3$uNMDMK0|X(m;JZmc@&a1NjU|PE2dE^=+eCp z{%XZQ=*iak$)0QA0li<&Ls1jIL>D7F`= z&My6~dG+1M+yAY-vkr#hn>fQhP)b2Xx^gdthUTf|3{SNi0@;+8w8YGA* zwK^5RX$xUnFs*jvma%gwi1dX;BhHdDyp>i{UKgx_5c+#0h{IU}p~zzwm{;i;q&}8=|trdoor}AHoX`)-*^>BF(ma|tzjy$dmqCdkBw&X z%>fLE+=Y{q>I^shROqE%@8An=!5%+jUL#Ra$5dn?j~o2?{1}74C?JgTd-~Sg_Ta|_ z%{E{W(G>RQrY5(|=^diz^UjGt9*2&sx@U&7=hcQBRmOn4dw?q1x#;L^o%M{+`*9RY zGj&%Oby)P}`CPq;isf}O(`uj7;s73htaJ&rzSxoAq?J~Sv_QX&DrI$Atx@U=uB8e*X$4Q-O>ELdIjZNp#OMN?w&ak{nk8Yz zylZbogSffqO+r7 zEmFRXE&k0@lBXFkwOCW3%+1eNybxNqLQpDmoC5B~6rJ8odnPg0fES-cq9(u%N=2FB z{Dxt0>nfcWuZ}U@jyQ|q}uDu{#EjLf!iog#pP`5`*g^248VuxC$g`Jg{_iUUy zf`;P6;wFzuUDZm)aAG&IkozWj0vjHdZ@(?MjCS4pnkdXShq@VkpnJqS=G~pmU6$nm z`-rH|Bfkd>eRsP2I0@{x4A4-=6Yo|{1K!&4`zaN)QHN2?xY7ZA2MU~J%i8(jutVD; zW_V@B0Z(Q6Yu7CeDVH3kliwa;bQgeoz>3PFvxa-Xdh97x@;yLv@-pa#oPz5kmflfNwOy(&e0GvJh?&3yh@-$N|?Th7l`ah!G{TEU+` zso|Rg(QrN5!l%}>?!LmaQ$6EN8GkJrbte$eLS|mZ8kV<7F0S*>vB$&*^8#GZhGnF) zv6|<4Jh8z^;3bOQNx;sVQzIzO1#H)xVeDb)o|0MKM3Kl1`K6lr9aZJX3tL6Y6^q}w z)l~erwpo3^js(_K`rWJ_IM(55u4BV9Wi6%lyOwNAqAeXOJqVA9f`X8nkacnVA z>8$82QGEJX)3x%BZPtcyl9jy4JX{k=owa%-9C^}IDvkwk- zxUQ5HPa=EtV=w?r9A_i*7@xz5%hYu&WF*)4Z~PsSgy)jn10e7sqZj9wXKD;x6CO? z^7?g-HE;?X*#z94Z`YW6w2p;J!RlVR;ghgTW!FARIEJKQDhI?t3iY*ORw>8SS>d5> z0N_M@@u`8*F@60p5q;W*MCbc?M+*ZK6ITSnm^udht-{T$;GE1|!+Z%PGmZddg5&jN zDHs+($}BPiuwVj8SW9d$Y@2B$_ecO3)CI=)W#jK9f&3x>&*UPe4BWigdgLQdmz<)~ zk>3a@_fnLW6=7Iu%Z~C| zsPVId;m00iiraoYzwbabO3>B5Db0>xhD=@3Fi^73a)<$u6Ihn^0sw#eqWx7_dX>lc z&YzpEr^&F!B>~F2JMjk;#^)txYPS&72vP;c*sQT(F|Ess3l;M!&v1q2$zn4lCi$BU zo$l!5Z^}07KUCHosIk`H*!k=5{z1_)TdGbACTH%eIxN)ixj30M)i!5E?ee!u<$f`O zTV4SzyO4?TGQbpTo?_dl1i+t^)G<%}Hu!ug^%Zs>LATd~j~}~yIa%%!nDW>)j`EgI zFnZ<|&>LkqCQ;4JTd{gfND{pB- zpK7j{|Crei(~U6y>}lA@F~W+Q21HBfj_Y>DP^1ZVf$pSt3Q>(uv*pi(LoPbU?NR~x zd*UIzI7@t+S0#iR`u3I7aH9P%cW0DqxV&5&*IY)qQBpTBj_$#J1CWqT#Q}r~m)Lla zmTtPD$`>fMK7(7?3tgYhI!&OUzl`gB@aNqeoZMiJ`yRnMCBPHPtU8jTd5B&Eov-$;kyM4?Ga zECK70i?6@ZSbT)dJ3#TH{6In7l-Fe<`9M{PNeA$67GIfVZWlM+=_!Y|Tst)2nKNjS z5T$0J_K3rSNiYzU8|aVy^!)U*DwTQM5XpNZ%Nvaqw$m^uuv+Qp|r#BPl2@Y7<;LQlRrLdzLP7`5>jx6aoVyJ zD3&UvsR|b;=xE-J%YuREiZtzwso%i_SlDse)2=yIS#>XPYnaT0hk}bS%|b4~khGp9 zA!_yzsVDP!2Eg}Am1ZC~A#JkEYijAyi5nyk+jT*fDt` z2J(kmQ|=IzTRn7Qr%w7F>fVFaaznctgkA5?NX{C&Tq9-=JsnJtp%cb1N7`TfDhvs! zyugWIesO9~Wf$RChy@D)S5L_G23&q&y~5J)qi2Jyr0@80jY4hgNGPu?EZQPjy7HPbrlx+2B*A=3<1r+4rHz&IF9MKEB zjEilbpsymBS%G-AVCmG7M=Z|+C7!t9H9-$p@^@$)lTYVMUrn$57+wE>a*Gw}?>=`|YP&77O~spdGi8Celb|bvGDH9ysPbJMEf> zdRiU6CP*0MQm@Z}_G|i3)y;~f*F0WagK-_ zV;U?RClqGEq+_-{`XEujPb|52B860tOXV0II@yx8-<^YD-Xw0~kOgUq5D=DH%kzv7f0rJH?hn zMB#64rTsO#iv&OawP5$*W3#vrSQnz1zK|lk`D>w=&hCw$V1--896n!q@NBWJYWfXE z*O}D~MwP@L&L2(}u~TIwZWsAYD|DI#$;gy`MaDBq@t}n}H(DW-0@Qg9K zk>O!I?;MKdh?JNulKsp&Rk-=nUV=tpQk{~$++dtZ-n&IWNsa`W-90lnGB<-iVSZr2 zJ^0;nyne2Qqh9(hl=a76W&y)Usi{M10S_7dAsCD{Wcl7k+E^huEwS*6hJBQLmKOyo zXXA~YhOap>Xq~A^V=Z3~U8_t6s=DOUlNs*sqU$qzr16}4VrwYRO6aM->3Tr-=>e^% zEdiU(PO#mgFXzkt72OZx7QWCKsMi9dhvX_@T>D49qNuqr!{wLl(l179Ic~HPQkN|! zl~(bOsi^0>hmfYAM_edJjQRPg=h;{go7CqrjC~) zkC_ZAQ8E3m^4%WqmbNyNBq^$4bfaTF^xF@VXk~0|8l(=-Ju8(lalHI#(2)9jeg-aE zzKJ;ru0?*YkTh%9)FX4GMZ7YZ&h*1~|aCnOMGjkYaB+JhOxPU8OQz2EXjfEYC=3HSV`e9%dYQ*Y8Mf zFaM-R-WC^<$SV=y|45i+1Hd-v!m7d0|L46@T%}kvrtZx9N)Cug@FO#f!?W;uA%oR2 zC8Iru8k;m2X&4!C{_1tg*C$Uig0)=Ywjz^=G_EA18RYnD28y`riqv&Xi&5d9B7`Abg901mdKL98Evb4UZcxR6QkoCRa zANwRhEpj@SY;oGjNFEZXAPxe|s}=;gtqMnhI!Y|-q*er$U9*tMa5pZS^B+Q7o29sD zk-5PV!~UdiO_jw!{+143Ip&@fna*$Uxu@CypAJu&4r?c>W(%QGu)-Tn(_mXvj^!10 ztq(TN>9UiJ50n&!*#jDza=3+flo=rj%B8Hiimbo@B3T>}8RTDNXGbgfhNFHUdyVPU zi*0P&%Qy?mkOEdx9lZ z=HIQXe7(DjFh!u-dVvoNxw!oCVnGBt%EgIT-7!6^idcYEGotslJ?RwOPA`oVK*WQ% z4QEo75m8F+2Fps}FVGmhyoQhoGmBKW45IGK8ty`bL5#_ZI(UgVxU?dR1(KvsHKDib z0TLuh13do0OFmc_SPk3UEx!??lF%^i9ze_$mJ?dFeruD2E(Jyab_LPUjVYKSb2e|H z-IMDM{{AB&zHLFFz5tRrD1Sj@=Lus?f`*HFA;t`thlqtf4hbMg zkBTg)P1LH#GN4dTnix6jO$wSko}n^g()*3_yU8%x2;w__#=PgDdiJ}V?FBgwlR9BD zZ0y`{Bl#B6Z}&9o(5imWw;yWN&x3yT>_Jf7XRdfTNw@w^vn$h>$=f zI}S(^V)p!{uzXd3&a`D6Z!sRFXefOqV3!&IMWLf5oQLKjO4Ln7foho;J3b&W8fD2J6@LEM8+@%9wjnD5o&%#St~o;qaau&VE0B0q846x04US;;F$)lZ zRuVh{5irS941HKH4ILzw&4}Dp4uu?|EK?lyX5ht_6b*g*kf`j6mFbVPnW`&45r)tY zj~6K<+33yWw^!AB8pDZTm%*GODK$aAU=?@PXjk_DsRj#4A~r1}UqZGMjf6eV8C%uy zK|4kb{G48-=-0@a2LeSr^8||yFfdH;6g#MXy&9WoErg?^eplP2E!98}+hTx*YnpJv zv{b{sOe}mzJG+;A5=^v`5c}%GSK`7WB{yNGjcQA9Yj_o5G)64sKruvSlq^R4t*N?T z+`mb*g*czxJ=!&skgH#~2=_sxwi*5o6fY}T1xR<$ z)D}ZS(^6Cgo-kVqsnREuxoElMxC(|Jk)#fzo3b!;{0!GbknHeg9PQvXsz6-<@ay~~ zNQt5R+k6gKBiTed3N7&ExF!A&Re||F=Dy!5mESw@XfrG&RbJETz;ypAwO1M*@nkMq z0nMiBTJ#tsmWt>i{x0My1lZbBcC$CmX5eD%?yTm|+A`5c75OyJs#LQb3wN_DXA-ID zMSS8*h2Z|-MUvBCKBVn|^^tpQ0~m%$WUSrjxDwhR@nBQJ_Rt!O z?ZmQpdJ^uKnm!UQqdpmeELm~foNW=4~`7( zFLX`G)eBTCa5bGI3rtL8ZQ^(pEjGc(oV55n%& z;uJr*H%r7PzFW=X?fxyy_y5XvA>8!obJ7cs@h?yQL{2y@p>!8d&9<6&q@??ZXUO}n%x5ig+{`cJ0_=fD?ZuFO7EeK zx-L0=gW2=e+dPpSIoRPHE=OtqjHEZ+#sh5m(=#BA(vzb~v8&}IxDhfqF(3)1Hv{v8 z`Cn;gDth{C=;a(Eu%Di>&u72tvv?_{fa*<{PB@-RO7QiNq!kGP0Ax!1!$JOw6m?ul{A`}sa*=erVkm*)s1%wX)JShVltJ;WWikT_6KN& zZxv2p*S#n`7r5rEHvV`dNp^No{p@94u`&piN-{ITB>>Zcj~ z`ehcd3AH2DMM|S~%L+f73|dZv>oG5+-`x1MJIb#u#_pqP_zTl4x0fpJ0cllrU2e#d zf=A4jV;LD-f9y#gabKQr>9+(a>_u=DVrtQs#2EXVp$QU6`#+YEj@ziolND^tIGX=n z+@DBVs}KdG$arS=8})h_8X!F24;Wko8X2;@N#a%~*g=adY4xX<3Vl6~5q)!Dyl!uF zw`K&EFaH{&ZAJ9exHeBiSTUcKK2-=5iUv%Qkp7aX5j^uglh*|hgAw<#m-(EOV=^+D z&}*Gnh=l$ZhIO}8@24627{`vbr-lchHpc-y4P4hKhB)mqGR0Ck2W;Y%2)IAs2^JcI zoJ)+mZI60qR)7-;;nu68_6VvvFkVe$+8ZSlR5mAq`Vb?i!TchPoPU0=7P5l(fb~?~ z?N4f10yw$UNaVTYVFA#|3K$esRziq;g`th?0)d#kGwpr9(nJ)pbdhh~sk+;BmK_=4 zAb~_6EN|k7tkQ0`zWf1B%7NtpCrhEj30~utFZY1*d0{QFQKS%D+Ff2p0(m{WpO?lA+%hCQja%>|f`{%m(T2|S^}>!LMjkJ}T`d`G znZOxl5?|)z;yV88(}rvw$@83s#88AO1#{JMMIt&ORG-K7Lj*B!+?Ke@;Szh(=)v2B4 z&iI0x)kUi&&z>)gt^DMWf^`Q#)kEIzz*-8`*Fo{e?9_WU{~X)~FH z6tV}b@9qa__xUr(z})E|Hi?Q=!cJ!0E-pdK)fem~#6{zW5gRl#VnI%w6JA&uE1IOP zO-Y!)muR=8o|;=i-pAoLybVt!j*}P(NF*s~9-w8YX_oNPMpnLklYSXrDbs`PK*Gz! zsV}Er@x^W0^oWNZ@sVm^@T`~k<>KM%$<1OA!sSZnX_2q?Uf2`VQ>}K4Pe1q(&#WUh~Uod^U zn&HY5Lrferz>eQ{(bq;Tdhv9pnghY3kknyheC*zJ6f>;nrC3(#*mu%UaU5aN8fAU= z4XN4a*D4BJ;g{q}?AiGF(^L@d#PwcGz1Xpo=dLXM_`8b-yq_J5YQ3S7Zfu&ZRu^L; zo%>Up5sJ48I+kr{Zy58~rKUqb2bg-Jf@%SzQ2TgKMwV`4*On1)_94UQ?u_FrH8T)= z3gZ*mT*#h#K&(SKwUC-Kr`a;=36=l6Dg}%|lA;eifh$=VhvnaCPGq*2b3-6F#k$yp zkNRBMge9(!-G52f=8&h>udc(~&_Kg&iO673;u|8dkrGB87h{0S0%48IRGaGg`e_wQ zCWkTmCl?SdEkICW%3%~h&5D7$it&aN@5~S};r=W^o4`wTc#UE+S?^=2#+`5mDOb#%r>bV}#%h=wr-DrPYrFqV9m z8Q?qUkxPrD*Sv%gc@%xMExJ@-d&|m7)CWLOPs~|MSGTfP%ROSY;vzN26s2<1rpj6>imdkRK(;YsImCa0mje$vdb?d66@iEEQE((97F4%X9KTwDfrjKOOXj z>+H?$;48}re7-WEzJhZ!6cqHQr9kfiJZz_$>ErtU+spP3Jn8?g(d9pT@Ly)^&2N15 zqsFKo9VfB`J5(xFgm?o)^%pQm3Q=~~nDh4Vb$ycRKR^9HGzU7I)MBi&^KD+JCU^Va zWd>dmM@gGV8b>d3L>9Xa)c4Z8iSm2q8V}zyo%#0J1-h6Hi9cGLR}J<_tHs*?`Q50$ zFYC_77Axdc2~N{y)Ep0&}+{T%^K zB|f6XukhV{=HXC_$b8MFpdHN&BYymqKnt)YA)&cNFF^Q5WLV9{-F8U4{+RsvcSo^| zDB2%PJis28eZGos#vN2MNS*ejt*$qxA_ID(!p>Ew7v#sEmrkKOsvs}dzLpNI-HiBt zZ6z{-L>>+1Wg+$DXsG}^&B#EJ;5@NMVv?g3Cn*f-e|C$ce|s#Asj?~?A*?J14I8Uk za@{fpL+$l;p7?Sb&NFBtJUf7o8?cFBlEQj2iw4=Hoolem*%`Y{amtCXIFCa!hDc%(SYy0 zz}6Z_sLJJb>H8fW&&Hm}kP8c~ZtL%$T_)g_FLfJ9W-n-n3)4&UNJ8 ze1|H=jD?82mr*K<`q~}e@|nsFR#dQh7NZX)pj3{ILK0IYvlRv$Vwc=eLKDc-Z{FN)Lvz6bn1Qd_-4}l_WA6e0?z@hWaeWYo(X!*Bql1H@K{sq zqmu0fmQNQZeC^t_1~UfCvkyU~$N3rj_BT zkJGJIA%*HilJ)7{t?^zj*>9F%OFceUjIvsB9_dFzyPD;0S#Iq89EA^UMObt`=r2w; z$Kh1W!Wl|3I20p7FN;k$<%t~iutmU$-f5lgmGE-AIm@a;TsVb??5EO%3RE^a-hQ$p zb1P2T>uCIHJIyENNf_{*7r!>X*o1gyYeg=}ejs@KK~beoc=Yuqq-#~_=tqSYs$>CO zR=D;pX!%_3UA2Q(Y#QnjMd<@<7pcnPIWC)b$iN0^HSd;pC-V+arf0YddaZU37;euT z7m?iRlr84tsJY+!0Lm!6giu^YF`>liBFG z*AlkOiq~9zn&r**I&)RU7jD8$oKs^_lCtrVPrhTo9@nw~^o@wcF)*-NGd!rSWi|Aq zipB^nGd`_RTviT^b9{_OQCVCaBOd`T$L}bgmz9k#*#FpSY(Ywy2)nSFcb*wh-`8_jiGS=bPRXfS@1SV_9-*c?Fq$@nW%*m zmK~hH!!Gb%X0s>4Ugmx=pSh6S)$?<95#K*{x$WCExvo;!bZs{ImFNUD`6AN(YNw0I z?OTHDT`a|u1u$vzp}t!Ro3}Kv5)tJbZ17i&)~&)lpnp=@ugk>wUvJsu`S|4OP1l@o z;yoZDJM!p={X(QUkcePEX=p7YQFCSUQ?JrNPi>v1o zmau4idlZtwH^QYZ|l`gtRXdJ_``I*(?U~8hs z5Z<_o%yQ>XiC_q%^Ak2O)@^NBewv;tx^SF;Xw-s$nF1blW-d z__hAm4&TkSEGrMWhj_#I4~O@E8}YW5I{OnFINN#DcjS)nfU9|uhSt7CnYhu#@B$dd zz+X&5e8!oitMX>~?FDIsVuVu!5$`+~Ikb53e(ZlnO?_wkI!)VKy}eRnAI@e>yB*6e z78-X>_Hg|0E}4HD&s=U~rO)zspZ+5Mno4?6D+Au&Pg)u4E|>I4TK+wryVGK7py$+) z%}L@9TVgX+$7NEGYOCltt>y$#@^phz{Wd8#lfDcuJ$f8d1L#1z5ewS~m`2I-WO_w0=Ky6LT??^>_3v9|Z zs`CGS8uky3ME=iFtPfEVxtfpPQcBlD$nkUZwe@+}ZGl$Z4TG1H{BKtHt>Tp4fQiE2 fEU)}SxANDQmi-6FtN-{(|8C0huOYUDEZN*Z-p1H*em!dFM76*`3>W?vUMkaF6Wn{kwPW zkW-M~fAH`j#Y3`tl#eJMKDul_{7cA{zc{a5zkSL0@a~-O~>&Vf8F_`|_ue745nS?|{)nP_X&i?4=qGBQqvp@;ItSjL$ zi^GS=J86RQCXSze{<@U;^s=ujH~y|e0O0DCf023n^6Kl$!Tr_6^?Nt2-u!E1|I#DH zbxOt?eCmsr{e+ORLzr{Ik&dt<1~pL7SX=M-fi>Fu5FSp2}*RIJy%8j-Qp2 zL!`cs&{pmtqRC}(d;H%XR7%7esr^I|8c7OHn)hyb7;BMzp?=S#u4#PhJT{; zPu1}G=X&^0SdBo#w#xQme1}A)Y8hT!h(~rsnUIcAvwj{a#K>ZfNRQwNZK-AK zcjpRinC3%=S)tKwyQtdoEx{_M2MXcO`7^Jlm{kCYZQmqzV*bT8^Om98o*3NI^;7cd$u6@@wZck)H8++u?E^}$$X287XXj0KgypjMJOtsbUEDk zv7qcJE;Hd2$aCv&@?P2hQ`&zKZi2M>l$rKBhQ_>PHHDqKM{33ifeWI2z3pnr-_Lc# zp6k%dOiS*JpwFlMU7N)RRA;x1>f3`$*pf6k{lST#wd>eu50Y1|4gn^2xqS+>1O^rl z%Zb-r*DBmGob#<@4f*vzD`MWz98R&g@cdsC%+MDY;Su7sXk}RNhliS9>Hz0yos|SW zZ28U6*$8tOMX?|)enqK}<94oALM$VUrR+Y7lFfDzu*H7+wF;KMQ!z57pNWZCfS-w~ z%1LuNfAWN@Y!j?sREp3WEz&(2aY6yNWI%UI+VMd=GRUFD2lDn`N;$W_^bN$DLu3`=8oK&b4`)l4*(E2Q$R|3y1ORS^$GB-& z(+ar`gf>LCm$h-U>IQ*@YxQpuEa})gwwWY%m_~c!^59lJe6}4kI}qO3q&jt8VXFsT z5JT44+AZI&=R6q~0Q#7q7VyFXRJ@GiTZ&@joCoOXE`dNOox@@bd|$k>(6BynoIFF| zPxQ}a4a{{f0It@)nV<`RV_C-p+5fsnmof1srq%fYvmRSKc`3Z4OxCisPk=i-dg&;% zbd|AWBvCfMvjKuuhOzp6V<1 zQNbsEmg))4?Jrw)nE9!~&ENtVYd|lrez?`R)o82b6nm!u&(M5=+wuUHSBvLTodb0u zE#(@2HIp71RGOU;5^xO}P!s{|NEcozP7fGErDrP;Xd1F&u<@pBmhdnRRpF4FG>}cg zj=_2QXgg?*IUz>-u|yp$2Z*O1f$q=WuXfX0{Qhwy@>N|VtG^NfMB>ijZ_^SEbIMQ8 z&W{R9goTkARfnRjAxR{wepQPe-toC?x=C*ve7Zr|AuB%fNZB=N%Q4{0b|Wv!FjvLk z^oh9S6HL9!J^4(kfM6?Ly7e6w?jTQ2WDLu$rz1Z}fsbWjmTFE79;50boROL{Z zX~mHH%zS?ojq=5zKt-cqCfSGbXc!vgCx0?CZuoZ(FK=T-~u@Fwmh_x&W z+|hPTVEe&7H*dUc>CjcSuS#07KO-zPbNO(j#fF)*EWUBj>9-_c#VaVi7t&4c8-=O!npW3w`|d<$8cn_ zkYL{ccab`cIanw?u$w12cuBI$Ia3VQz~Q2raOhE7?Q{2iWq!L0^9|1XQdYh~=g(4W zk8}4%$KL-|eM%Bwe=y;cmDias{V#G_#4$m9QN7e`K)y50Z1qc172Q^6v|gh6oe zT~?)ZY;Z)^=E{*})gI3vBwv7nJ~2jdyChX&Z)15(@v#fId_{fjq~*8HciTqoo;g?@ z=c;oKPi|6zsjMSMGZT{_QV=7iLfOiy>l&IvMm5eI(cz#C)f)=HuUB<0h|~xfPjK$I z^zTNe=q_RUc2Mg@Wk*qUhyg=qk`yjbOY(I&5w13`xv_CaAIz1XwR^-oe zxmTGAl~!(Nj;U7TM3NR=t-)uloE(-)2jNVb%x|+0)kME<7XXSsI!3{ir@sd1gFi*% z-kVm>)mUP5?axs$@mtGCp`{^gBDOQYcc;j6Y`lnS1$WTqoO)H9cmkiS;DHXZw#>bVWwlKrv_(=t!~ur=3`L+jYz z7l7e#PN6n(-8-l@J;)>1MuJ;_3;e5Iq_?piK#uhV|#d5yJ(zO!t)IzG?3l-ox| z7%!Zv@`Y&Gg=`7}$>G4SJ?PMPUy*~rAU}%~`M5B#wl`Su0vGr6$s(LejXQ_P=D?$9 z%A6UnHK#!30m({6xMGCTnG+|THb-Co#)6Mg`TX*vD!JaLjeM->h zvb#~dPv%!Sd9^1#B{J66omD)1a z>XXxF1C?lwKtdsPnnrJE^#qx?ne|NV8LIeW4$Ss$PJzz=Py_F}?&;zK6+B+kS#hMQ z6j0${qm432%=*%cmG`2Nn@=cS8c}{?kCjb#Moqwn1iFad&JC=>OX1cYk_rfTvRH02 zXVJLn?-a9*j?p@5+i%0oBB~M!N9p4|swqJy`rM^+JLVh`<{oY|+2&gg-L-A|)1J3u z|GT~g8FcQ|Cg(51@4kd;-uix1gXyTd4fl?3RS`Du#YZjXtCM=zBkX~Ku*g7;kM=&R z(aL2c5OCvQ`|UwoS#1FBc>C6WbD9zDeIjtP@b$N`7uwK*K1R){a#QOFe(~o>1${c4 zsj2TF6;f(W!`fj%p%m5bnB?r`IhoP-n=U@-t@;zAD1l+0-s|Aeg<+tWcyRxKS4$(i zM6-fPk4+-~fX5L{BUT<;#dh5F@=v0RM460@C78bS)VKl{3*7xpuZl=HXG+(J~{yCz;%vy<4&d-i}bMAN%DXFY{GD&C!hU47f4SbV@Nx&i1wG zw?%kxOS@DiL80xavR9J?*9~3l#ny)tMIA>5+#BXCjUL~FH(g?&(5*A zwls0xQQ&NSthHi3R+*NO>@>PdYLLrIf-axp4C!yp5uz%@}PBxCEdpEmZ z&U&tvf@Ot@e+^qz0nIpUP(Zf>jH+dmEL(Y?>D0&cM{VRg?2Q@44u$y>hRZFmq5XEyt zI&-cR6`f<`vB6mW+LkxOOuMFJqvUABQK2nWIit@c38Ez}$V%S)Oc+bR^k$UM59Xoe z5ZMq|=&^D~$9`M{OdpK!LXXwn&K*=$^BOprq_L(oLGWnT1?v@OS>Y+rHId?8Y+U?{ z(%On@7XXL1A}T`UygyXj+bsrvw$rqFRwv?C!~-h(?nNh{vsaV8@pBimIXmyPFWeSU zJrbY%Mu4f+0h>OH+De$|I_ zn5+r1YY4+qP;NdG@<6^uIZqx!=xaC(Yq5#hLc~O#RuT z)93v#_39My&UBHFFSp`iZyD%l%y_x}7DtT1{>(AybhThpq3J)3{VW3GUAf{Wm#Z4O zXO>hU9`c1=Gu^B=DkGV{eV*^_Uy#0rOIUyO(Gxh&-IUZ z%(qku!qXE%c;kMN_y0AMJ04r@Aoc1+s{gJD16%=nXG!093*CRPAM1bUX%jLAGjjis z`travd9T!0?B00dO0=(_&tg;4afw>nc|(Vk>F-Nvwdc_1J2VG9#5#kQ+o^YCa*jg}is{=Lnx?T8!KB%11l1g1|adaTySBWMm|! zo|&?(u^VNt;}cj@6{dUk)y#NCk0$jSuk8%{0$@q^wtVPD=3>Zb`9K}%CY(p;C-RtS ze_hCK|3gej*gv`cZ$o3j@KwSh=;NddNg(>xzy60=o(g$N1`e!pbX9WzQ z7S09|g{gffp?08p*U0&*CcO@_>YzicL067ID14Fx+7Mc0T%J1nv zt{A|v#Oj7XS0RscsDYSADkljd^$%+SPiy~e^mOC2;j0$AwKGrJ?Z?wS^0)Akd=o+i zq^-mHZ(HM`=dojwW#lBqgbn(CgF>A5*>LyL`}%(}{1c`Bp=#_5@~{|YIUry}e0)3w1xkP_rK?Gn2Zm+A9K;+@hYLJl#nMNjPI`Mong0L) z?gcUoY4_9|TT#m^JIMa|kK5lAZh5sCT>y@CV$OThI6Rd>&9+RJ7U0~t$ubqmi}y~n za!^?^!(kL7<0GAEOnQ;-YP!?}&Uc&T-o2UJMIO`XBs zP#XmW9gU8R=HWNej~$rT2^1Sy1Cti?udYn=XA@g z-3Hy(Q3{SO<4EF+nRpfG6Up#^b2h>ZNb>kCuLn3=Y)TSQuX0eHU4en-B`~6Ms zj8N1nJ^~;3K1sjpDCfMJ*GCw-$C=+ip zHA*|?DaWnoqUnOh>?tkUMmD=g=OwTT?qU#Vs8Y22TCLG#Wa7lr>uLsPZI^+BTgcYd zAkCnG05GcLbky**2H}M}nfnk#sIJ}?k)k+n*Eh6N8PnTiLXLOV6FuPU_r%g?BC@3J zi<^o(o+e;5$Y;&NfC*rZc7Z!|H_zz! zx5*uWYNmQ)&NVGrm_|}GCDKeM9TV%l?)q5k9m&-|XtX!$Fov>DGl`L<%F~Z+ zPs5m@!2-}AAe&rA^}HlVqDwy+v6{dgULYOO;R7o>o~P`|1c@P8%Jlv$SoyGOrCH)*y!b< zx1Y=iOKN&#G)SqvX}ejVSLVQ{9y<0q@{h&*>Pl9-Yz{%wqPZhkCgyg~)BSk?;ZhO0 z*R-<9k3H~p>rk15L^Tyqb6&%UyN#5)mWx3SFVs_JzRvK+be=bV@y4A!^XCmvFYMw=!!FMtnL^_J!>4hsO z#;@*}3%QRMz-wDEymy~iuCEu|1#=Zxom3Kt9ht>xuNlawaqiW4&5^^{FF%aWlwwHC3(`^eOl2MmgQx~2c+bD)xmr zRz1PH)EFGdCz;<&p%AUiCWaJ;r6jqGtqm&HTUkRH949mty^}b~pl?+^Z{@fIhXy|? zdYi_0U$74$nS%0I0;xcI`F-G-iu0bl~|>mzRj+2w;QPAOU{vFEXeQa);OM2QMlfzuP4?xFC+3j` z)pG;+k3lLp(r&!Vh`K(QqvHB6DXbOqFj6R6EOM2fnOF43=-c2po2SWa$kr_RO-I+d zR>OINkvRA1!ssQO0SlqA?;&3*XLTq_uBvEG%==|%d^Po?=YWB4 z?~emhf@ps6fzm>C*>2||+B!kUr*`yA{;9RnXd56 zr&G{ab=#UM_|iE1LS?~Sm<`1AXe`Xr6Apxi)(^gw;}aJ9!*pOBNzpEGskJU)D z?Q8bHB9ajznZg7&HAgrzG=3@eA62c(~~J&1`%L(wgrx=NwjAf8Bn zhC8Oeb08s*HUspolc}AXCIMRD6JR{7?xF?M)@zeUO`l5P^3`*(%bnPjMovI9v-4i+ zmKW1Y^tC0azQ~ct(NI;jhKLIQXR$(*Xp2kd1cK%;xhw%|(ch z4O9A@ZALy}rVhI2eZT(UcUGa^_d3F1IXNog+}5l@s@X9Ad!1#lPY9k@!X&UA$Y%(Y z0O<&L{>WOKYU^#N{BF+7Bq2qU4-&S7cD30cpXURvTm%K`}|?F7iHxkMRj6ZqEwNrHQ~^!XPnxi zB-|z*q|BupW-3RBpG!yb3uaZyhe}IO1d#|caGnI`(RQ!Q1RdXyyfQ)#kV z1V;%=0ZOB9}WS!C)z_LTUP%B09rnr zxxBx7IYUj&W-4|7Rcza*-&%fk?=ApHcf-#aEj5j-w1ITH58RNGx)wWMI!9_N6n7NY zLv8GGHBSpxmFovpFMZv+8?%KQe0J~2p?k9rI5wk>afY#LiY|pU5C)kl7Kd-b@2)hw zbF0o^xB%d?4cF)?W7B_)xlUht=?~@wX&=$ePuLGCd?vSIaTZ0S$eH>I8y-H(AK0{D zAZ+CnYZ^xrqx;agrU%j)$N3{Y?sOM`FQvR6tE6OMjj9M1oP1kiy(&z_pl|0}iOPtG zuj^-D|AX;t+g_er)m?ur$5^N4aMA>B+x&#ftX{{F?H=0H+?OG7f#&qZrnNN+g!?f1 zgvNQmM%Y(4-=;_d?)g*1WmB@u6!lb^d@wU8q!lLYfpXcb4LI&-tWqTwufUbXv{5_~ zdl9Bann)-zyWjFFb&WB@N%nh&L0gXgS{$;E zCKgo8JW4z{%zV!2%E=4-fAkjkXDllSAe+=ny?8Qn^ip-DtcIsvxiL%`j|<1V(H9oi zK{?D?0(Y1qTDjYS9IRf-?Y5VG569~Zz%!Ezz*QfbTsT=JDx0g^u*pInJes|fS#2V` zMn4Jts<^1qywtw-0BdS>}D5-L|fyaNstM$8Ql=c&qik zXH4tM(B#FHQ4Asy>bH%FqekUzW~D(lqn}vAf*>rBs9{9>X?@(V!PT|K-;IVhgo%qe zJojJ3h=@T2FxIUQKDb)Ij!8*r)7?iQ0X@Gs4qM8XfKN*!ewMkJ9VfFshJR0~3K!(8 ziGWlv4Oj`7w__4Q@{-J9S&rnEmXQe&LhKPj&J^VS_h|h^pT%fAD6{H~VOQXb2+`Yf)~t!QhZ~Ln(8r$e&k~zjssFYmg^@@aP9s z{S>j`^k~vERkj#zY(Y@`N()R;(&zaLGdTKi3xWALyYs5vu zLDc&`^R3S@;seawo4*HA&JG5UKNh|hQ>-pilWi014ypb7^7m(!>J(YS_Me*7BTQqJ z|E7W?Q3QKx>%*WaQYW~y*r02fG-~kev7R$>C>K`L_YFCkvyrvPt&A*QJz**~s*m-6 zJ$5a35f$Q;2rU+ta|8qVX4x^x_gY!Z)9Fk9QoH6xn=u8>ny1P{mYF9Io^_F$b;8i^ z<2q=ZjoCdxYxRs-tb`6^B&M?5@x9G%j>%f(LbRWrc_xh07MAcDl`k;s*DAPUD{qeA z0Cywfy-*dXcD{SUP1)oz8WscS>Vll{+{&pR`Mj3DN;$)s5`2uqHr8#A_ZAP5g42J4 zC*`H?PX?8VJ@RfD32=f~aKy8Lr0zo%yHhYeMyan*^l!Z+Q}~4JAcN2X=)?tpnSqY` zIcG7t1Isl(?mT|r+d4cs-1`|;Xq+56cuyi;E5o9gNe_~%P72L<(<_X$8Py>|)M>%1 z+#Tme1tX)p)UWSy-v>4~mVmT2JS6tg^YSkMuemH|z8_{cQz-H$>7l%IdJiQwpmR>4 zjhqwrwK02!53*^MAtew;T!*~+;C+ER@W|{^a5d2bFXxfBPjRm^@pJQ3wB=B=zGyC& zp}@HHqzdiTK?w@KMlrabX%2XNy{&9w+_OmHi4$D4WcAgyZ{nxO&B4S+56QH|7OdWk zzkgUEkW|_!Ci)F--eu7P2AVBA-H1d*ysg-4yQ+hO0^uNwmOp*q6tiJfr-`HG)FHn90svpX4qglh;qI!+Ui#u zpPJdIST-RN9QxLDrwKeB5OPKaYSznNqz_5HqG{(nfhd#MX);;u*bIjb$j96M)FUN}HqLq5`uuNDc z)=S1Orgp!syy+L$bc}zQ(2uivdfhqB5b5xbeo9VkW34P$0T}dU7+ZW~YKOuTHFBx! zPnwHW!ZRRSg3e}5dmMe?NckZ#H|LXEX^je!=>0C7L&V=rvMqGD*f4V-d%d64iT3D@ zif}PA8=c{i9ymR;H1OH0&O(nBkVRDL{t<@-W!#651|_N*D$<3Nqz zXvd?-;vsz5cK?`}u>)c5@nO7536NK699boQFjeJ|SIOJK_R0BW-S=N1PKxgWocQz{QGfJhr>`FU^@jE ztmOzB9MPCq8{8}G9dn-xu<2jd&XX|y9imlh-W;Q=|7srIVahn6Wf`g@IgpOMOvLEF z0LVTb){hGITYP7C=-{@iHIS%pdjZ&4_wslS z!*G?9<$%+NJlMFjf`cf&cf|sE?kL*SdrmDa`P5P4M+GOTq@mx=dwK8cN59QAhz=YJ)t~ZumEBO%G%bqnO%3)#tI0zJ>F5J@ z_M5+ln2*N^y7I6+2>6=De%JJ6}>7er66i z#jT0IKLF?H?uzeFvEpggkoZT7=GGjL(AL3cvJpaTq*-jQfaE^gJLhMfL@wEC43fAN zgdZxMPt_Pw@iApC;dq02))P`9T246bFVk7+m1;LIzvg~sqgz%|Y~N!w9Oh7ut6|jW zb^o8!9yF%1)5Ck#J$Qv`WWA(Kk;1s!Ky5BA?ata`jb!m? zGcnOtXqTt0wR}_OvSmRY_}9`~m0U?_oL;Eq7~9*q<@BFRUr8|K&{6FY{!SM8NDR1R zAbytD==^oLP2etw&S>mU7dsKF-2SC)dx`sh zbQ){y=J;9Raui6;jQ?->z!F5l?CBxb-K0)=XY?M>fUW z6S{u7q$Y8|MUuINTKTQVIB#KmnQJQdU?q3a;7o|@TZU-b%m4ZpJTHgi9p0Ix-N&h= zjSSi(e!LghTX73Nt>@^{tP2#(gpG)_MO}J8^q#r`Eee@_ad}&rkm^LIP{U-N3ih_H zeH80~!Qg;pSJ}_WQ!lApSh9`kGX=jH4t-NtQ79fr>tWV`?!-*&WG2f0vXXBXj?wv! zzuhxzgd@}$A%wE6mY7@FiqGq_(o4hH?vfEXiH@krZr7rt3qZvJb;_d$fm<%fMn%xs zGdnNeaq>pho}X5N3YnUDxhfdL7LxY&RrWyz#5@{uuiK*Gg{3xWIKI+3N2R2$%hSnR z1>#PoIe=&qGgzZ__`O&4p>SF*X)n3_2H;4e+*j>iFhZr6CM;|3+H>Gbp zG3@pk2Qr0|7L8Er~m9u)psT;Y?t`Yb`c~Tq!95d74 zenJx>R+&uS_Vq_xS1cP7NC=axV2YHCj*i5bnkz=`(tYvQ^Wh=raSlYOWw(|b0Plgw z96N8boV7lg3N!?e{m|ky`8^i9rbcGpriHcDb6ldFQT!SubaT4+j|8#n(_yG`B#<&p z{B}p+Hvf~S()~?cDbEH9BnF^bY^GyLS_22d@aE{)0)`?>~)l+FtmJma!!CS|uV~9F!O4;F1Z(Ldp*9u#YA1?1}c5 zW+5teQcSF-df#;9oD7pf+qqjx=P+!T2$C5C03YJf~t&i&T5JO13Rh%6^26u@#&7@ zY7~p?AyGgSI5WM7GMnJ)FFGHCB<=6w>ePI7keL;DjnZ@@zh9~lvLxGq!I1N%3jEUI zo|OH>c>R;<&pf4x^quHFPA8@!8(j-(mD16S=(NFELM-L7Qef=&5U6D7HPYL~zDzNA z%$V(jn?#r%l! z86{oUDJKi~2pt~OBJ4p+rNh~QE|&VdMfMtLviw@oT6M54{lH-|XUGHbdy_DS)|~Mg zb?n{rv^?ur+50#BkARp|AcH=chNFP;o?4=k~LN*jK}M46f)b9 z-dsEZ$OwV9LNNK-#z8Fdv9E%rTvLS8Gjaw~ev_*5^Ac4K_pQ3 zFVJ|JJW=&mmWT9P@msa2NU%4l;a3)DpLhLg!*fz(QY}20a z5oUxcrVxq)L4~Oy;rU9$$Q(8d1mj4_? zq)JV`MmSZwe6i%;(D?V(;QzA|&KVM=sl=1!{}-lutvHjaM8hKH&0BxN?{DVg|4IhW z#(HmwPaN?*He8O9f$P9Q11rog8d9GJ4y?|`&(F`y3`#eSB8j#(Hfg2zPZUdU7yg`@ zCSp}N3LM4x{7f$kZX>T9FCWv^smNw!hqJ!{aPY?5`jLCb=jVCfX59moNUvaJ-iHE< z&)55FOS=~s6N}$FM$AWyKOUZhXCE03$A8XCx(pK0PPUp%7*8D2$F8(I*O+44gVgbo z!dFZ@qosXam1g8@eq0OuvEiXCa{++D>PUh>Ua)`pTEj~KfVy@iQyYnSHuBlRbSOs% zd0>@OI2oqwvbdq(`gP2&t{ul3+7n@A*{vMLFx76^(-%6WNFHGCkxdL6PsYzYEjDzj z^c>Z4^J3{X8i@<#VYZqQu8Z#XXE!3!M^C5Y==n3IBC7|ZOH@a6yf)G};Y%8(+B~28 zRo^#Up4sCN{8(TC?`HZo$s^K+adOImYU*=+V=I^HhJJg9BpU?;*3bnJcP}k-**r|K z{gvJSv?RA33r!$CzFxmIVh5gwTk_f{NmU%x+W2ANF)l&%Il(-zO4Q=OVcc?z60Cl} z-i~R&Wx3qTf8dS7$RJ*Y3Jlg3e?MVPpfup;u4_-xLC|xywSd;MjlbAG;w** zAjj%2A9cD`vHKK^$k|o}xliixbCIY=_41lnKbWf~QLmuJEHN29G1}|BHwM8e%9eOW zYCFQiDo1gTmyh!{d_VM>;A(V2oZoyU<*=mu(ZI!@fiwv2`K8tF^pPh@kguyhH8EQ0 zjXFLkhCa6=Cg)NE5(j+oqRq1*Dv~@j)EsrvsqqYZxx5)*XgrB&+>=JM&s-K;9jy68 z=#X3qN;XTcEp9FU%|M3*Pqlze@p!1<;cA*^}PLT;G8{uDNCciKVY%ql+ zENf2e3~*))M)w?%FwRmCM6}BRWs4Rgot0lUpF2 z#C9*SUTdFh_VE>bOkIBkX;8%dH5uNFGyZLXu2#!dn$aE)*OF}v;}Cck>`iPH^rI(E zgH6ppGOJU}n|*1^g>f}o*J`fq3Z8>ULaYn}4V~u5_iqUu*>j%wwf2;= z#X8kIq=~+H0WEv&n~%Qa#)BFCH`eK#y{yLTIZHk}^esnQvVQ;#^wYed%utW4j5qAp zfg?Kz$^!}ek*Idz8l~w>&dpvan_X+ic00E!C^Jpcb2|45tMxsdO9)PC4hCm)_@J{4 zZsY9{5rcE`!ukuWTPVWz~1!Va?j;=in~x%%S|89 z(=}uw0Jqgjn86EJ+ ziUJBJUJX+X1LNeZxJ6NnfvbYaRDvWZ3l2EX#Kc6MGzU|4aY*6y4h$mExZA%T(UpL;?1bi9mnwVR;3j z&T+!M$J)V`Q&-DUMRHU%ArQSp!A?+a*=Y#c5{5>%Dyie-6tLj=sE$DR-6nM$ z!ZwSjT~UgugT42pY&-SNa><%M(CJ*-C^~tj>uOfOx@dI)&=+gA20n>2J4ml2d?y7K zvyxz8rI%^k(djIqr}M_y;ye!eUg!FT^`qNr*<1ywC(C<70W)7ISRLJ? z0&R?vYv($Jhw=v*6<&w8iEG$^)DvW#qo-SkboVQ0kDO%UVJtm7oD(vWDaL*s9mRSbzh(mj`r=Y2p&>*6KjG-lSN<Yu zRz^oJ?(Gg+D-$Z)E={#EFNj6K6fGbVSM&(4x>xumqr^dnmskcdJk`0cCNFbf(N4`C zSh6gal^r)A``aO-Wl}@s#3nQv$7UP;6Va2{*k9Z>0~WzeBt2STn@OX88>F*DoU!vc zzd89JXt*TdjFF9+y9lF+`6gLLC)>%E5|nFq=HvKS*8&8gvbJ`6Z;D2FtsT=n5#B9y z!hM6QwwBfz61#sLeIKw<{1cWSrXsqZC~lUKI?n*{^q#u_L`IY$RgC9g-CU(Ly5+I1 zn$y{psH2gTWD8@#03v`x^$$kZ&d-6gA?(`1c|$xIFbg z?al?D;Fe;JRia@6weH!wx!rFogEdyk_GiV|+qJNkb6OT?ezNJ9h&gjrP~XVw(zE+_ z2{*veD9%T>sG*vH6T?M_S_rd_>tzzYkC81Q6G{#*VK}ShhpHU2&l=uxU8^Wf2Fp#~*{?}Tg(m#g zFkM-ynP34S5JZSW@p7YSL4;ye6EkltK?Usar1sxv-c|@ssY|U_1-RvgI+^(F4nqIk zV*dBdYfQKH26lOU68zOQp1%1CfEjW=_yDIo`*enz@_C-fbU+nn@P|c@)OhB5RBG32 z5%c3YhE9e`zQS6(#&%tyzypNnrAXd7baQoM&8`sd&=<+fUuw%SK87XF2AlTSz0X%8 zn*vAvyhZV0Vmr?F9E0;ESV9beykq z>wZnw6t$-*5_b43S{LWqBXwGJ+8xJg?`G4jSeZl@=k(W1Z^UnWBs@Rc)REr^?tR

    90=W&NLbMqs$Xxd>?~BfG&gw_%iP}S6lMRE!OtQXib=Jcg#Ns%A zLLbQ?$J>-6;D|LEgH|9(LtJfm<4SK=?wKYydREmK6oec^hjBWTzQv(Pwuko8_anfX za{U9)K!-P;;CI7ntWn*PtzxE%ghn`PQDRocj&xPk4#zZy>6V99xvr|>5{v`*ti=o( z)FN4|8|HYYM<*h^qo}2O;Q3jFPg~g!$#`Fu#$PR5a1605ljGa5L%tVm>R}o=Ys)OJw+qI3{y!Q zC2=NDa1pQY4M-mv+R-k3S({Y0zkc8?YUfoRQ&sie&bJO~y$wIK^d96Mm7R*BH1i>1 ziIabNG`O15r06*I=e4Gec_};-cK7oYX5VCImancTY#GIs zx!{%Z1)iDDfQVm9fS{~)W*E33o?@<;pQ;FUS<16M;u#@I1B!xV2*~3`h@#Gi+fhPs zp&BD7%q&Yw-}akmG}zQs0m9S~S}8X+ON#QuPpnMrPu1*rE6oMN;C;GhCuLh>70m8T zn*Uza|NirTmD*po`_rY#%xEvutO{Jvzf82Yy(XZW^Csg5vW(6sW9*d-W4d4oWnEj$ zWioU8Wmb#^dfo}S1nR8$*;}hzqKQ92W3|pYB8-LC}I4!>b1la|0-+JLY*L(`~ ze)Uf5(*=M>W?Fap?v)OPBZmtB<>bS+_b>A{+9M7zhaZ19-8$FvZ76G?x%M}ae|-O^ z#Q!}wN|`9=-qp=7|H+czTq^xZvXhKySTPm+=L>%_zzyK`*F$O}-eDP%0qxXM5w8Q- zfBNS8YvUxh!I9Hh0av?x_0!%H?2{+U12SAEk6!FWUE0E{Cr8{~9lDdRVP_uK+PqoL zv$f|=)W>b?V4u6!Tc28n#r?eo|A*TDu#BGn&?x@?=6}>a^Y?xHN810e%7FjKApZW| zf9lZRqw)XS{!i*qGx{=MFi;K^VA zpU>OrX=iGO3bdxlrg*&ZCi@<{%CN?Jw`X^RwmkjU)-~x5>uVA#Hs_9XRU$*|=ay%^ zVPSh#sWE3kah|O|F5}!l*uuNMwX!vz&O{!U3n zCDogtCU@S4o-=>Yj9M)Kwd}Aa8bkooaJUS@+?m`Q=KZZ6;ZXsTA=1bx6bdTv+ME37 zeebDl5AM(QnMZE58*ZHrqH2fD^$f4{8T=z=!U}$$x|Q9xJB(upd@<2c!LxM%czkHG z$c5c3JheY%2;ZOTy!=Xy!%yU^?dT0*nu8eI=Xxc_W)(NX97I@i`QnuEi>s8BWpE{M zR_hEuHxV(b;NcPa4yFGgXyh^3iEQ<^DF|gExT@rFg@iuP3&hh`hwvpYwKUF^^?OvE z0NF1YEu+-8Eqvwqy~-muIJz>|EWMlq^XUt^U9z)!H^ibtG9~l#u$AcBnVff9WT9m$ z{g4M!+=Jd-iP$ym2KQl$eJAU-Atuu!Rb6QO&6H57I%>|WR;7WyhPj)bd|6``gTy(W@I~|C>mDIXSaJ3LDCFp+C%v?B@w!>`>8Aj&& zwqLu?R6C0lo*QiM$m^N0eQm@kd->XyU!<6sd51hnlCnuNIEnLBW)8ASXnhB&F-qWQ z{bi4~R!GoRi~oBZ9e95pZrDDZ++zG2jtpB70n#5UW$rRGKlt0Fzrnv#^=s9%l+SuZ zW~zl+X`<0lvP=p|Ksr`>ii_Wc`}V^<=KA!RwFvuC@1vrc1$PVv>$J*o4c$LcWN%L= zKtk4b2d9(Qs_CQtIzC;}i{+98c`~LP>dHKEZ_RkhRLn8LCiM6=5z9n{0@3|H?Ob~} zTiM?BwbN-!t3^?_c3e_LL@VM}ttmp2NL`B7ebB@uMX9@D+Nx;~>Jl0uJw@C}Re~T) ztCWVSxJyx?)cqQwb@?*$opa`S=KL||JI{0e>;7Xudp&#Y{oBvl@BXc|-goWShWH`k z+N{5>HyL@|V@Rb+0L_Mqihug`QDv zcO=1~(mfeHT$=3TxB=}(JQZ&N*_w`Df^ET=3QA@$FL|j2MMdyM!jt*xU>{!fTyL?Y zjQ7bo|AeuakO?zfo|({Tv6BeMj*9miliG`$O;&QaO8z?nS$AWr+J~$jtkcBmlGr<p2r&+H1U2( zFC2jrt?Q6yU{~Ma3Rj-2$dQv<+_!&VJMI@zo(x(}1{zlDxk*Z7OfHT#2_Kqq)@7m) zUbJ1qB*vGes4?MsxfY`fN8F+=Rrw(Nc?*e`u$_*Y;DD?Mi>*cQitbIC$Y~22u+BVC zMxtyk3_3}4IF?7!u4rPb@)1+ms`{20JX$b!^iVm$lzebcpxwp=y4VADovM1VNWaQ= zh3M!4pXZK$>a1SudTAYd@1Yi3o0FnCNCzflRDygS7p3`fXWn8nZk7#dYU!qd6~SOd zb-7=tn2iUNtE%PFDLBeqHfavSaCBxbqTCFw5g*>rbLnR?95!oYM*Kh8&kMe4T`p(} zww9)Q*j`hQ54wL@iI{exDs7v7R21J%nPM62y8X(#OeJ+cJTrcaj^Awga)Feozd-o; z2Cx&pRi4K}M03}AaD;QhUc*2Ch9HrnZMf^Y z?+Yk1$kAahJZp=;KyQ7F<7_P<%{m)G#=C?JISpyZdfC*;+vH!e&&tTKzfOaBtAP!* z!$t1et-;B*LN%!Rh0tcRJpn7o$yeD0tm_!(u|l~qZnkPbrYOMeLC=j+*@#IYMu`YB z&D>Zm7%vs$p#P|y=G$&!FNJ#Ewvo`Cj3dc_Nau&xwgdI+>g_z5%VxMjejTYirVE_= zF#dWu+5Ghe$RSO9E5!bJt@Tv}kF@L;V7Oh}h8NlX?v^Lj;~jZ9rBvKouQt%zm8)TT zdYdAtK6EDW)k6bMAQA`h|9`=SiU7n(%2vP*kX~}?$ zSEe@oFOW*RA)&4^nxm3?0{F8QK@RmUbFMi_hDTO3B%COhjUg{YF4c_&4I(Y> zAzE))-7|l9N*0Yryhp{chQ)|#;C2-Sg<-V&s9ep10rt}mbS%tW-rr-V`%|cU&RA?; zBg(bNO5^OBE5xMW+Leic_rrJsK;&8hK`C`8-zl@}30cU7c7~Wb+TWxHqTm)5)of9W zEA^mb^G{u04Q!^#Uf=3P-&_S%F|{-Gbgt!6(e|H<8d{ydH>yg4>GElb+E@Td)sDtn z+9KsD{f^JyF#7xU-;&S&aew}NvM$`kVH4UGlESuIur3M+-)gw+uDd4yAa||@Q4g)( z>9(_9pNu&^-yqUr*&Mbc2a)+i8+I8G%VDpp_OC>PK#rSg%kuC(jkn)VK6_OI5(?oK zUz>R+Q|W+5Jf3-x2TX?gTrNt`Se?%7(9a6qK&nGk$+U7MzU;!!7F*i%_S9|lcpVdZIBO{e5nOPJUn%b(>*e(dul zVu$X$t`X!qqt}|X(8Hk*m?(^Q&ir{XTw0S##1SJqYP0RHii5A42?FoDIwq1>Gx;Wz3e?2M$ z@e!jozG6H3mV)(Js6Sh;wmkN1yrkpmNN4wusP2K$^j|mLf5{BTv{hcrreB(f`H{T! z<1m%5j_~`y@P0fSZ&Yvw05XP0nk1&0Qu7eN^vFZ21{+i7=Q!GSs#bWP#~F^ptIi>f znKjlLmgJ;n^onI_CuZnUDZ3Q86rjDO;3$c#Ev1D*7`EgRtC!kIL1rg)kOmV7GxG$5 zx8K$OpQPJly^7^74Mu*-m@I>sYu>U-s(==r9j9h9EFOlZC*9E9~J1Ouz7=UCS~6XGB??uSAT*v}LW3z&e|6 z)V_{Qe2K)Z-Eh5i=2>u8Isq&e4xrlPHByNt>Dpcj{!pd-DYI#?!52-57aC%mQ*-pl zMZOkcR!a(<;O8NwM#S#yPYz)^{=>fTI9ql+WuG~ur)OWOrJl%>q%tbeR~nFOY66`$ zc-Y<~gM1Y+IuI2R+4iO*D_g62vgVXsgNrVw`5P?-fgE7Sr4XOcA%f0SAUa* zMCDri@IC^X!slll!Mrt*+-)SQPbc!?00&OtRl=6w19O#(nld81H{xb#$jF0z(955i zK*mUsi}EdJdwl|$H{K3M-!W+Tm6#|F_*~B1-Pyzfdx8NBexEv4JrQ#DkJR@2(SJ>d z{8OBNyZ9fb^yYT#8>yEF@78Q<38yuH(yAt3=Zt*E*HK(&@i9IBqyXPFPB(uQ-Xx9K zt-bIP-zwL%VyD>@RH^i8!L701)rg{D02Q;0aCDxb9_|#nu9LK8Q8a(z!%o@=k94xa zJ3zwNYEXs#Rk?n};9Mt2q0Q&Q0Ug7eo6*W~Qsme6N6mgJn4TvsykxgRFM_3$ST;B6*cQ!0SIbm*DPSD4_A%cFhOuqXc&K99hA0+zbxio=fi^>{xY#0mr2k3L!%yhZfQ=n=NIjs@t6TAP@d z@csH?XCh2cwY!l=?*AouzCX&miBbZTm`TUw=H1pSIMI&S1wiL! zHd@g`0(5!9kiZ`@p0>cVCQDOO$Qg0=lMKcgJww5BPwpDVuV_ukOnpe*2$R`)=u+-4 zHK8<8&Zv3K;ZEQpKQiiHYP^;u-B{Kas-(zb#ttlu9*+J2mHa;;kbj;&Quz_o+7Ljw zD_Ii;;N8nGI50Sn1X;SjvGiTjam_bB*GsRoGL~INK4x;hzp*Uo;i5axD8z0M-Tskz zYTrEOjr8Wr$k6+)kEA?)b;gBFxbQUmmJuuafnnc5ers4hd?29`iX6GI!zb9)+qI>) zhl8G)MBuEp)XA?DVZc;QBGv?M<=K;(Jn>!X2kU8l)xY#D<#&p=YoGCjM#Jr~J%Rm+ z%k_H#g*&c$0%`fnk$VDFpLVAY={D#8+kNMsEB+-N%fCQ6i%a`{d{S?Yl1H5JT7@fg zA%JTg$sGBz;R~usJo<7(xN3 zfWrTNhyG&`&_8B^aS8uUgpv@E{O$cuwm*FUj1brd#eqRE00#yF!$5zA00aO6{%#8d z0{(l$CBVZ66B6P4W7r4^0C<0Qjt?Owz{kS{0{{pIjEe{06Tm2_Sm2a2!fA7atO`cP zCZ?(B8S@Kt;*$CXz7frsMG;X6q+d%LHJhS$Kr$`6p+AaY_Dq2!xCC50ihl3&y2j5yn%{H-uACu_C=glT(`J@I}OYsKpfx z!it(d60jMi_RoK^^)23ER}vi<{Ido?!2dE420Q?2N?1z|Uvtrs(x3bsZuLT~6+0N; zm*-@R)q^pH;Hohng6MzBSzwMaZ)!ro=0Y@6W}`;_OGI)ca^sF%Po=x$pnEHIx<-v3 zvUl&)*u_``dR*R*`R7mtuUX*KCvu}*ll=AW#9|-wm@Qq8L}jTPo{0>^)jg#}sq~6~ z%e~{g4BNoe+>$vmxmcgFSI=glUvxQKHoH51aB*bi?;jptD<#_IRUzMt4#^q*my!Q+ z*S`YqztHu+(|r;bv&68=MqP9NInoNX-mX1S+uY=q6q8hx9dAeE^Y_OP2HOCcI3_ps z_SeneWyV(gE8_s;6n1Ms7&H#uF_WYwoCTABX5iTc&@G0rsd;_jmVOY&0^?7R2$ zGw)fuHy`s@&+Ah}rzsb6z_??S|6c#Ud?N6e^0&6fAK)kC)y}Nt+TFd%+lwm_i}jDK z_YL<=^TltBuP}eDSRmrx3oN}~e?Zv!uQ`3*X3wz~AKh<7*=6mbf?HBGCp)gUE zW&ne-41w=M{{Z68s!anr+Tvfm?6@jFD^1fWVR?Uf@1*O51MWN)_%l()qf0}1O$70K zZzi`sMPK5-F8u$JdsGq&Y(`FF9^oI^M-183-IL`y36G$fw~_Ye^rFaRqb!FEdWDcn z8E8i8w1-Euo%i@fwj)=DN819Dup(=7FS6~JWLO^e7LlJ0yy^Fx#M?_w%@DYRB8rpGEckSzWRc9a_pJlDIXy>oXJ8s~dwX zFUE`L>boY(>482)b|s>CoT6a)sZ~d2Iw0D9o?&ieoX82nOH_b(*WfcBbdGD7-N^uy}!?Ol4Y4JY!rF-Tf`7Rc4=%N*wJ_j zTmwGr`=ArvizA7T>xdFPy3~c{_z&xfDnks8@aRtQu~k!VRrPWaj}&cUyBJ+iDK5|_ zqb&dQGwEP@f+Rs#HZ4Zul%42gD84PBy6A$RoDPm?)b_LYU8Sq%k_vY#o^UzU&F|uP zb4>ddKe^s2UlPZFK|wvmQ6w8D0!9G}5oH__VQgIRri@fQ%i`jpfSdziT>L`jz;9%^ zF92WgMl{ukQ!l*9>K#<24fUQ;0V_4`&Ae{Yv8M-th2d#6A>0O+heEEkOCf8x;3(3Q zq0lrG7pOoUOZ(VXm1A;Q#`QnZSpk(kqkst^~?L#Chrm>)7iS2_}JyDQf`#{a{_J`BS!%IGLG zR=e2{*Ae(s%U#xEkFDL2Wl;VKDhj{t?`M`AsY!t4IA5wC!O zOex`I-Ie3yYM+Amr9C5q>Lc1u_{)@xD|{n5aRKMVjUBpMDSEp{uS9J1a0;1u>;dM= zfUtWbHRkIh^t%!mQuA<8X?xLxVB*-L&~BN*nC0}9=vh%=;fTYx9K!SOF%3U+R(nes z8WW@4`v+AhoOc|QsdF_)GXgsN*F}!d@?Yie+)5 zMh;zmR!>{qy0dH1;pm}m`P6K|@y;h-t$Xaj_ps8TYWO_y283z2Bw3WJM9q-TkSi#0 zjmpB#rf~ zpGXI^`yqA7G0%}cqnNKTLva-auPwp5;#fk$Gp0}EKD8b>VyEpF1P|>t-v0s2^=D9~ zSeg1i!2U@0ZEdksqNCKSgx9K0hD1-Hv5pNiMpCAVRVldFG5$2|Ea7?~GyzW!k`^sU z;((uuA5UmJXCrjw%(rXz0&ahW6BKTdUNIy0i?r=mGqR=*-9QW=6`!A#wHYZYomNiuFmLl3o z%eVvMy&}N=n1s#FYKpS5Jf&f%_AMQ*ygcMth!0av_3R zq(5g3s~5*#g?Y|)NP;q(E8-o(6A5ZRFw7pnQv*ZtmE*&2@ z$u`Io39C?#!i^~~&)U`d^(A2_QzBQC9pW<-x(*MS+NXAPCrdeh^+Nd%5dWEefx!?C z_q1tvy32kgMxpQmaz=r7Yp$e6Nt~_cU*(|9DIsqgr3wRpDf~7*am=K}#tegoh(AOX z%!cmCs3VYR6qEwE3JKSf&u9f=SBDrBKPChVcuo=@k1~$;uqG@jIF8_)QdGv4@kStI z`*4f0e4Wgy{{XD7A%B2Cxb#7R#Yj`mJAg;q1Eec+%ZnVSjN*B>9E3(v1 zKT_X{PupTMVO8QXI?cN)Ur*_hGg$u-joQ z+r(%n(WhCRQ+nUuSVt7bdWkp^A_({g0`ON>xa{-9Bb{*G5iO&!8^UH*S|d;L?gx8_ z@=4CNVQ)^jOPnjv27JcE-b*>rrM3v|F*;5hE-2&m!J9grvc+#SgmKt5B@J4)Q81mI zFmWjwcgZEMq;(pRMaQ5Erb_Mc7UX?Dc<@2>wA)=Jm)Fs?H#|uiW<-eO*(l7hlFO0doUQZ z(U|G`Q~uM^;C$m_#}OG7hnawVqY9ohFP}7U1OTOoMqBNeXM5kgU}Dq?Idj2zXfbSZ z#pk7@=ay&~I@nCz1dm^-O=v~Lz^CgZCDvCzMVY6n*6TfswY{EJuQHMuWevl}$i9Nqow>GNEcV}!YyLF|tIRJiGw>9FKaprmPI>Msoy~~T5nr|=lEQ1*K%-8o#pXa|Q zdcBZ%MgEwVuUr3=l9zX`|A}S!(cArou_|nvcK~mW=P64>v=4=F*aH!9-sus3ZL;fz z95H6+X6qu(p9qpWvbO*3=b$g}l^SQ~?Mm^k zg3Ep{&|)LM^;S$0k>#RI7CNj$s|yOra)LngAE280#3r`GKazj{va-{k!(q`xSBF~I<4y$9(3{6RP|`vmWctwrG4``gN*dNtG})>vR*YPOc8;KC89#u3aft;MNH4F z3~dcNxNQ*X^o!ZlRDP!oM^zuuhoBCS0T|wAuEJq z4l&@UCr(&eUd-d26Z^*l{fje#-CRavzrvbDYRf)JLOn8})Klk5F8p$jsCv@!EY9UG zXPP45zpu-LT$UJj-nLO3g7RIBN-z1Gonr*ce_ok5 z!!TR9mR@Z^m$2cpF?CnMKu z3>oyg9?R?Ai%n^pq*fDditEMAOMmxTvrM^M7|`^B3Pt4)zNvE@jV$#N|N@3&pd=>WNrfWUD3({-N! z)UK0hsU@;$WuX2Et&u%K+$Sq^Drb68!I;?4m24$)!~U~`Wev9e=2N#`Hu)2;75N_4 zAWl_gI+=m1^YeQK5%Fe(vdU5Y=mD~(sAA){5m24FGgt|AiFAMU4)*OYmo8`7h2|r@ z0l!opO?f!2GBF+`M9It7gudt92w@ZkM7xbodjTdJPR=`eQSWbbD# zIfum{r`==|uaCEl-qeP7Q@?%4gC|)bk3S17byhmdrT68c@g?H(WG&P$EFpGo1bRY9!3nDzLdpG<ZS&yCnj!V=JnzJYZaLk3!UNr5$5ZyCSGVJu zJZXI#!hW=U?t@+?yjDL&Et4Hi2+B+H*gVMS{Lan!d{JZp$o^ymgjBSJI`1Z-y4QAT z-^IgxB}l?}#OY(;3F57H3-xXcX0L|Zc;ZbyF;ugNpcRIFYm!&JgJ8(&M|U%9hB!3lJt4|WI&;Rl)_QLoKLE`=Cqv) zl<~kuEKGPsRUhh`-n!dGUU;;rV^(Dg=j)l{Zu8jXWxg}25gRm2nRm*96-=e=8;Q9K-WB!lB;2*e4$P!cgi~>C#w;4j>DzI&70e+-IyLwDl>Dk}Q}c8Y6TdPJxYU)0!g-l( zlVbA-9v_DopLaCXz3iZi*xr^uY%doPfsnek)iNHnzZaylMMRTvIZ4v>O(A1fFKImL zv{8yD&p}e3c{SJh%^62V1g|N4OckH=rc-1Mfq44l2j~OIe#A-K6JQJVM#4k-?lJnn z*yJ?bw%7deS=x_0BnbyaFY_|WVlO<*rPmkZv3%c8)#6zLYWSXgps?T8-cWdiP#wTs z9*909$pSPg)XAQjbmv$*KEZj+b+5iJ4Agg)9K%I8?k?QldP0Fr5}En3C*n(M9UelP z;%lz4(s^j6ADK7};ytl+*ymg2M6DrAUD$KIb+nU#B|A!8x->wiBhaHkby2@WBL^$M zS(u#IvkZ7G3MXn_ontoK8L4%nY`nfcnpc(CrYabotm{ETwJVrBH_7s>l0M`JyGHhW zR|Be&g*A;0coqFbVUS39ZqwJU<$IJPTsc9k3bQ;3=0{CI)G`Su)x`kd&Sp?cyy)o~ zHT^Mv!k6$*yp~HF^OvYq!c27W>k+~Jz({AmG-FoSI8lQTX#PR59S#3g-A`lHwykx& z;r0!$p%A4Uh!b;?-94d4&oiE3;bk>OJ+|CU6x$ev%OiJ*290NYH^hJMS6hE(_q*f>+%L4uh!E|sp7Yh6|CP( zxSj2iWQNmkzV?v)PCJtG`-+5n;XN}0v-lY=_40XU8;QhEuB3bUDqLP-l^aurHfw4^ zI5HBdwdplz`Z+7v&AWm6aJJf~HET^(|4d{Xm?oZ++dp1^TW)4Ng8Fr)-}=LUH&sX{R8}ad}{GOj!*w3yf*7D*o(sm ztnwARD3uTJG^00YBNtG(kWuDK^hLk1Z~X{`20&Vx1;(TYxr-zGUi1xp#T#_9^6)TA zPWN@wRv^riPbi&;=J(mhAplfV0Kj()P$m#!?Bo5C+ZQvn7cxs~{alMwGPa{#K+XO4 zmnuDqJvqp{{hR?T>_W&eR-KhdO6|eNN_iMg?pH_gyQo396nKlP$3Dn7G(~kl%{%5) z8XcKb{jZK`qM*^%b{K}ab;%U|a7UB9Bi5c^4%KuJC-?OZzgtii_A_tpMrCi2`DqgR z5F>RaypH=_tls5&Xjp<+jIF(WM0If{jZHLf%|vfx-lvfJiLPw5Ls zEWFY$Ka`Brw+$yqn<#YN->){|KTR*FXgqq*D3|=w<99aFl&<}2o$BJjG>YFv+4LU4 zkpBAtwy!vET1sA!B~H9&?jZ3TTKJxr)80+@#KN=4K*(2bAw&jhBX^|HC>jJoEjCbk)R?c2=dkVytFx-7yETG zpUdhMbZ#-=1k5J0VBuZsBD>Ksk6*&PCC6!xND?vY-jx~a@Qizgz48z6-LnH(0BR@DPqAawFh6N+z|0lj zx@3gY$9MJ*eE~N7@xJ1Dv<=Cg4smh}XXyBQtuV^De(Z`a3FnV0;a1o{f`rf?H&D0R zI1D#A?x^AwdR7wPc%M`%m*&nRSgny2C1Hz?11-w(9OJ`Nqfh5w%>N)8lG^qa-+Fhs)nj#y&Y%}| z`N}x7CilgMfV$Wd&sSzXBNHZz9DftS42`^Jqv4dXtHwUuXChBs;Eo1pTe_Q~D-#6s z5xu8qoKi{2y*5Xa)>p*tUekRKb;06#t;s%vjq}`}JdNCOcnjqeEG}Y6-!r2ZDkbyOe#7HrRT65weEWGX3svD>44QuIdP|)Pjb2 zZBf{=y{~`fohGsEf*$2FbfnC3MtmUK%D3s7Yictjg0Cj9G}zLFT!sJIU$J6tF@8Ft`zmu|V7k{_zdEuf=Q$=PIQllRS@ zSQxfl*kDyCP?n00a)KlzYtrpgRXK8|XQZxvcvR{1hzbF&v2x2ZS*-NRsK5qx`xGEh zzrMH{zu~J^s}sC6ibuKjb%%B+3bd3Ncwy#e^vy*aRYHBJp!YxFeiKbI++t=HcOwv9 zaw7jd3c(-v%!tU_h9sDiYPf=STgX=&olt$-@{2J5-SEma9~^!TkxC!QCH*z&EHAyz zqY3-mKv(J^QH+}34pk5e*wq7J3!d6b8}s)`)R{o))z99n%6WO8Y1RuC=^TB)1W+3Z zFAA?U%Oz89mb%N?epfeZ@+V=VP;XViadXao-Nq9Nn-l@k00LdhusVgy1A207e8h_lL}CIrU+ zqK$_bu#MW8XnN;nZT<*TPpO zU+p9({o8M52Lv9y#Jn|LynRq9Q1`Fw>YJIjdb6i$-(NMPQ*Bm$A*QCcoocz{nl8O0 zF`(DkyVue3DxSjJDDY^F_5ddM>t|G11lIq?CLkhEt{oA*^48J)Om)w1@yno_vZl1H zOit~WSgm}}?7cC&H0AE!?v?XqXBT}JOK6&0@0Em{w4L|_I*KVsF!F^mUXwL3$4)3r zh}IB%P@|p&_#I`~fc1p3mf=`9e34UTWg|Ea5f=gBPUcZN4*2bM$O0QKAZ7HI|}8#NC^QP%t;mcGf3^Vv&W#o3U0xC zQ-;3)hznHSd#xF}xb*wRHo}_&Tr^1R+0zK+esnmx`R8;G9W? z1dPlZMA>ES>yaJE_ua+R-tY|U)yl1KQlL4preE&(2 zvNk6S*YB8YMfqvxkZK}l5!nlN2bttT5sw||>n~OIZ7591>QIH}NOF8ogn6zlMw`N; zh(H7(;*bo{-@^H;GMhGdbR_d#Dk11|BEL+d9{s!dJ|UTIr`bEL9E4*_vsU90iSDVR zh4MbzF_hJUxF8(R6et@L5{>_C6>Y2^(j}68(f7~_v_YAtT~I%z9hefVnfjm7O#I({ zM|b-@UOFiJ67SwO!TVW*W7&O62C*L&r32Hh&eL4wz%AphO>%S(7mYGzrbubBYP5Jk z*xRd``&Bcyj6>Q6a|;U&N|3xv>oPFRAbHqN(_V>vaiaBKL;rht!=1VeOZU{fE@{d7 zEqrbOWftfi)OtFp#-MQ@eyt`)cd}Vv5iS+2z2u-g6C0%=KejKF)_+ClyTJOrm{;@D zuh8?jpMlqt#2wRbdtD_O1l?ThG+8^h@3W$R!6x4Cv)B(U4GW?_l7A!54pahN;= z?ailqu{k<-Kk4}8>B&p)H&qj=h;KhVg7nE<^E9#Df!@~-OJ$gTbUohitoBKM_2T|| zL7LK91qJ4EbK^PugzVMt`pmBkr+KBw_la#sWzd_dp*q?2Kqlq?vi85`$>upxua@cf z&t%qVvA9yD4i-|ZLp*)JKO}AdV+6t7Evl$8-ZY)H1m^2#%Nt8n&c>j@q<(|5umE$+ zDy#RfPOY1Rdh)marwkfOf_eR2S&5Mnm zPpY=d?buc;UKJwWI)=e6wuopY#_ggf#$rT&04-s}-kW%@${!!32MNJOIjN+RdW%hW zu(}Df5HT0F`@c3`-L4O1-G8FP*JG#P{Rg{+#rooQF;5w1}i%FyJp%sKiQU#1KT+XdPB+7 zJqGvGr5O_HZ8R9)zGz8%`K`{hX>nsx7DCe@*|QsrTQJs~Y?N*tEAq_0 zD%O-Pb{NV77~zD*N+;opjQtf*xWRmR^cqYYPs(L&%dN=xyc=97|m_Xq1mB zW(QMJzAMaEpaQc}mUQ4M%i|P_2nr&70>i;zH{um&?83cl9a%X_KFm&F8dE}X9m_u*jj-} z^hA1cJFPCOPN6R6w__}>CV&ovF&$Um3u3#Rg;{v$>$BK^WJ2`dA!xk9;}-pg)vj4AbD+Ks}Numm=%0B zdQ?|KTHNAiZPAx0*S_mLKKC6GO!J`Z+99gFb%9^k&RpY`F)Cy(&XHNI$7>zEFmz^> z@bOX<=D{x**XF=>DQsKnYZ5j`QyYRiyrlj0ke%X;%xfyRNZ%e~)!LjcQ?_%?KAsi$ zZIIU7?9-@ zIE+?hGPC;VR(%0fwrk@EHd?m=4UY6N(1r`9E*JTOT>< z@t-;cl&>4qRufSyr)LtsFM=eDU(&8WY;GXshSBnf#J2hR7 z$G^F|C!T4WdpOs0$*xjd{n4dE#s*Mi+#HCB*Js+G%G9txI5gj{fiMDGMrY>~b>~rW zWo6gBvT^}iHh4o0LC1X$HDZoU=-XHgS1N3a0xV5fp#~MceRo|6(^Efb7uzTw&OQwp z#)*zHKZQ0(q!-SYIEzhAt74!`hxlWnE8>FXi^Y*G>MIOxWeOPHdvObL%MMfC>#Xcf zoRG-a5fX6~ud3E7(O3F6epr`9HkB4?+l4p`MRd~PL%Cgi?hvLfhVM}sTJjEcY1w)` zaw+yxQcRPingw&tErv=)ZOhFPvj+KYbzST2Rms`wXx(LeQ6rAv$wSTK&J9c7U+D9S z6?5p{0-c9tv`zvHnXjxO-8tdhl~F}-T3_g_pl41`W^5WJ7w@yhP3K&tZy_LqbGh|X zpk-Cf1eG8ETqfROTYBbDgJX5qJ3c+eZfCgBSxa%&-)8uMo9`gWxcP8MkAF-0SkZbI zC)|~r0M`b}P3Qsne0g%hprT9h?yv`g?Ju-fkHfZ0k5>5wft6PAQic`FvRfIf;Kqk{ z#bi`uqwH;&`((YW%>qJN{aOskY-6Le)sDt|8eZgnQzb~SHJuPJBF*VOPLwlL`{sZ(1+(z&v-h}Vweohp5^Xc~PkAjL{*dJ!~u^%(%DPx%85zoDUe_Y60 zNWW90SlYm}a%b#q`%CS{n)vmfOC_$K58E=tiunq_yWAgkU_V12o6o%^P&@EUvchZM zb$vEEZMpg11^Q2a|C>O+4I??y(mq!IQ|6b_gDR%OJ8z6k149awHbvh>u{s2$22x-* zA?%Fb`%fcu!FL)JbNY-*`biy1zhI^UYUkVdF=!s;_w!Z5*)3Wq=XTP*5xrr*;uD@K zIc0zXfc94^lTNQ)9XL{B{Vh9X_ECqKN4s>ot!i6Ux=8^jK`uuD=Ru5Hc#3Btiv>%_8$F2fM}Aj~C5d!GJG- z^>@6x>~sDShsXFn-6EG*fNZh6=RELPcy4bz-cZ|Qr}=27hPm1$lZ>kQKh%?lrou9c z2Icw}SESN_gK35F!rDBLVMOjxl+;6RW#c_{ZtP3{)lTS88h!Cq{WKF9Raa)eFvxfL zsq2Wd3HZpLrM;%P&b-7kKSP$Brl;-TUzzgs5dW`2XOfw0{b>zCReXUL>oR;0fynff zKM7OFd*vkSzXmtaj$oypE1F4_*6rA7SqlmjtC=StS{}f>I+ubR zpt!MZsig+xa+Qt+B@S8Wq75pHoA{UNHAdmel?3_B)=`AbNIz6GMYW@>f3Cs_nKTOK z5&>JyMHO>-$iWCanl9-0TwOmWzvy;=cQ{Gp>M4)FVS>D2=1d|{std`ln5RUb?`J^u zg8|_@jQuZvKlFXI?|oukeRV-rEh1oZ;T--4C^H|sk*i!g$a%_uM7H+LxN4Z+m-Z6Z zdxQ}gtWy5W>WCMOzrZnd5)B+|%+xuurqXGw;GfYYi^wVujrTz)mn64bAsS$C5;G`t z#nx6d&!j)@o0IP@v8G~k>$#-1_B)1_JvE{Q2{KEM!9ySV4PPf z5~*j&&Y>bUVGxI8iRUnE1x*cR_@6lc6sR5?NulcFekn%|u|Sy8_k( zsuBET_{TK#%$s34=eY2&+a7P*={zKnV++U9?@dLc6ramO>tq+2YyhsHOj=rK;0j!X zKY1l7wKZ*5IdN-S>C93pCWhpqlWSV3DtlhkWZ_;rx8!TQFgaLoipJZA2)020++^(9 zn@?f4{p+6+>Dx7eC6aB!bZoOa*~IoNSoHy6V&$Q~j6JUJl(HKCDDSXc^E&^RyZ10# zB6|sYd49+!I^{F--eN30f#&L<`#_7eP7!8(igGEDdWL5 zlYNJlr-N34daZ{>8R7b2(V=J@lzeK4Pzc~i7oGaz*J_|+YtFo@1XjI0qSGHMyd=I; z9bj8kf;o(>aFCH%n}~|z{g^iCv9;=d6(uvabt9o-m6kbn~^}N;Ow@_J{u+YsNmboPV zZBCOL2#}r=Mqi9bxP2A)%a=cnT8txUH+z@|ZD&fMUAtXbSayRtUnl9S6c%7s+4c+;un_zccV40#$H7yZVO zov=?nOV-wBbPw)rK)u_Vy(&?3sm4zcBqI2JLvW&dna}y1;!QEL0cGbt@Ze&zEN581 z_1myzF)lC%hO-x>qa-g#bFen_G6SyCW&JbHO>y>cz{={RaJiQS6~1p8^VV;!f-Mj~ zH3BYX%v(1Y#5VX@tvR*DbN@aTZaI!f7du9ls9$vsc{vIu*tzdCm~cD^=<1Tbp@*~x z4|MbnNbR4itPJgQdLgPue{XElaOCBGvit*>(y#RhMm_c3B2YCy{blleTITI@XAAzD zwTvR?a?5GFy6my+(TWDf_nLAB(Sz^u0){@lK{x?ftK7 zoD*GZskP*?Zzgp8g9Uz*5q6!eKF(9w)L*JRpp==QGbYWRK?=V*f*m!O*O7us47RI{ z{7rKbMKn^EOs6%AF9K~7$2Ssxop|oESiQtBQNB-mn*KF$=jFne2bZtshy6?=-XxW( z-`bp=C4P-6JuLl8dQova`Q3M;@~iuYL!_1C`>j?6(@b$pQyI+aBNI&RC1K(Q@sF8= zZ!!<~o`r1-yoDPc-gn*lXI0tkzgLyD7QGSAf1?t(x_nCaOZ^WZ^yPDLckADXYo6n` z#l^$x*8XoDv5j9f-7KnU=VY`W_k6rm6c2M}W$PajEl%3@&x2LFRi_kljRo@J3ntxl zRq{Q^N8Y`sSXUZ6B^X*6wIdhN=KWKNBTdM=TI|i_Za~=X@dwgCXY*()x3)FpuOh$4 zJ{lq^oyG5-nYf$RZyyP#@GMZysZ$z;3)byQhd9zDpw_C|5{j;ApT8eNaj~qEn9O`N zE*p?_L3pW$V)_=|3Ue_O@=ubso{~zIs8;v1lqLYTTF(b@GT&?zGWTijq77$yYzVjgkE&;FRhEM4J*l-uG$p@*n z(^n-e9%O~@S-aw>M7cR|A<=w4ID|q@#(c(b)%=YIc1Wd@tXCiu0jiygXtOH!9tv@& ztgf~1TmxkJ{EqNW>)3#%F7+W>MiVJE;6&cNNgj4Th?27ysMM#(66LHrfF41rU4<8N zpAHgruSW!qvFYP0M?$=U!&U7c+RS#FP1z%LTD>`^dZ_}oaLkpYY!$0_y4&1Z%wlro zc)i^IYW~TTl0(EUk4kdP2KBd&r_PtrQxb(Uko98-A7GqyON>o_Ck`G4qS3ubw(Yh}4kw;T|Fb--D^;vocUI(||jg5PKK|#oF zSjdTUrlugT_R>#@zlIat@Mz(qE46iEiwIHtPY%~$wGy#M@v#!BrYNmBaj=q>a+oCm zk5`zWymcHr7ahFbR8bh&B{rz++J^ZHhWm_4@u;;^&KRVPZcefM0jAwn1Tu2X-C`WD zStB3M^P5)Me^tD*U{e&oc5Zu1NJ#1%{zNocNFH}b+RYd*m?Yffh6%X^-=$}7v*Qx< z^C%gq{5V+|CMzwjuA{20^d*}>qPFkBj|Rc_E|^u?pGp>3o!-FcNm8xWo0m$?D2X2d zWE6#%9!6vjEi;_pf)W3TU@#Y?@nnm>^^M^1&+k8G?nrz1tVb7CJHwc{&-5rc9YBk- zH3FLxmID4&rYL%qVoQ+|`mx0E$BM@Ygv*>q`?{t1{=H@%{47x6IIaWQx5*1xz_3E2 z(&}X`8s89ju~(YvJcq$iuiiJ1*0zy}5XO}RDG7rB;#}+M-h52%G@0MHs2>#H`p2Re zb>v)^PDZzi>XI){XFHzI{AWgM3g$3*99v-6B$L(4d8Su$jXjx-urj^LJ|yIr7%>dw zS2EoDUK23mDw8E{`&HE%CP$JruicDom1`5)(RO%o*CBp{Zq_#4sl=g%+xsnIl7&8p z^WT6sC6*+my8wQIw!1Q}p$~mM0d!Ze&;5m5$KIt^1-?g!m2Tlb0GIK932?9fkASQG z|2^PL^Xoz-{A$JD!iBvj+Is|777ticG}wnzG?I#KsgQRzl(+R6Cs;E609m4+1-cYl zX%@vSNL)ZczM@$OYreO0cP3T@0)j;a(yi8RYHk@p{_Q?*rE=Fws`Mu~{ftC3Y1onm z3<;)KW*@a!F@mF7`xnYjABt@;hZEG^%}G~TyBuap?PU5n|9(ud;}76`pXV+272gM@ zfj>ai>C4RrWwFN%M9*3NUuHk5Cl4pPHYRM-XGwrx8r-W=t7bO%M}L6Vyxs>Y1M29< zTdvw?T*&%y*QGB$}bC}drELj_5>W{w3^1R5txC!7u%Qk+6kp=<#Aus z62l|Gq1wa-(fi&!0N?|Kgan!pNa@!(c{8p#7MNXGs97b6o|+?J`#EtuhaOZ%(>Td+GwvHj3jeL))5M3)voZs$;teL*o<#L7 zMmQ2FD+osjWXIyyDMyLWkC(|QLGnwgAd@67+H5=*n41T&OMH%5Fxjj=T~=JVkDQSe zXBMN#9-i_jl=)^gCeV|3qxz6Ok^J7ELE1>55}}{!6ezxHQC>3CnL=tv*T8Ci{Fn_A`8LdJ^KF^(L5Q+2Z#Mi`TPfuDwA;B2hSeFt4B^}`|nJBvvnyt+^0w@$cRlt8)q+A$BDnL{96a3O;QVAOkMzH z^^KN$2&vFxO5FM_-4}+AvUlFu$l9q3$6Na$93Cx6X@04ZJinJDE?p|2zP3XP%fjoX zaj2nh{vZ5325&djg_iC`FaP1+^a&G;Vv&bHi)7T^-IP_|9f;;e0;GzvL!t;~_x9zt zMQ27W@9GRvJ!Nx%6Uiny@Z7Vrb!#U3c?-os#Z4o_vfF`ObqWH4Y23cl0}f-_u!yq_ zt%%fvM`NzMq3_}>sLhOB2xC=#pGOHnrGywigB^N&?;HfRQ7~whXfawTcXX(H_7YA! zXsPomcqdY)!{$`IZcW|DfEkwDLNTuhxOrvRQq>$R8b zd2Y~h-ZkeON-aSOEA<#$d4yE$O}Axj5bLs<`g*pDzhw`D#qMW95$ou~of>{Ni%M&Y zWPx*h)388ayi)7?vMMZ^9D9W201_`@{d8U$coB{N@%^Lj8Yv4rDAupd(=|K#Y&mDA z^L`@7r{9Pkj-NeuXo@*+eCeCf={}Ywd19PYRCU?00dS(T^h$b{jrdiVPq;5YD5@R_ zCi49Q(4rMt=^Umr(>-gyu95H>`c}0-={c{WTHcA1KEK**`vB7rF9wCkHfe?=zMWq=Y>=`d%MdU&&3buOW)5}WjF46n zz!z2yjCLw`zV;@*%w*CwHXQaOv_VAP;>Emalgq60%Va%b4}O)FliSFUUt-n|^#q{AtH&dx#!Cj^+h4sqBj?zJ4%erPpD#aqy6zh_no zpb+1wc|&<)fTW?nP^y{9r`gi}kcFwwc?Q_rB`|j`OhNY1hN&^!E+Ua7S;NhT)1unW! z4YnG3{hwpN|K*=!;E%?@g2QuylcXL)(vXS=Hu0ib9F86HSss)@E)8I)Gb^!-W}uHY zo;5!1#)r2Pq>77&(6sQzuz_MudRi0G5*y9;hPU#8)6ZnAYW2$OoIqcm=vv%lQ!?dr z6T0$2K#;bNC$1g`ujO&Vta0)p5U@Sddl1wSha!|a#jqkv)q4)eP3S*X&DPe{Zn98t z;Z6S=;Aiv`L+|+sdcWWfjrH5DA7bcCCEf>x9&H}gv;0-OM(8$ zvVexDfV6h)drs&(E?}kjROZxPziqqUx_AY((~2NNh1ZVPc>}vN2gjsPB>o6&k4{px za7pn|6_13^sT+R3Rn|gO4zaZ3jR))&^_(ms7ICd`n9HF_O+RkRhIyQT(JBlIN(7KZ zt9}72Gypydv3E-MhcoJRf!9r2F-ow-qyp-<`HL*1CX*yKQrxbpIa>A39+9r#Ohjfh z3E$~&z=e>`3)9jOOF{g}IVjd3TI(KDu(}3e0BzlOjK2*K|Ay%#C*!4J#5bSXYqbph z23g|RPO`_kP!oDW#ER4s3A>-TrZ^JMBwkkTG)$6lUgu>}BIlx9=EPJ`ovGI@-^BQg zFG-GUBQ-NCHM)^=LlR9Fs>Do5Ct|Iw2%nURMw^4NRv2`_QIX>zK%_L82@|=@qWDQm z(1E)?lMOQpMTx0OY@YuJ+X9 z+a}IKnl1yUXWoWJnqR(v6|-@yy`5+KEiFLAZniH0x9hWQ}4c<6-{R_4pT7HVzSXm z@9~Kw8{uWHu8|Iz;EkZ&joi%jJ}TjMo(tiW=~i|>8_tUn0o7mp-EKj~L|2Ktbu2-> zyQ3|l2bLAqO*1b7{Y{AQ2HT4@{aa5z8 zeBdPUsXzbfW$(?`HHle$Z!Z#4kafiKNG+|jqclP;LPs5P5s^`N{uBv-7{HYjpRh&| zD#NpCYR%SUIM)k7>h2<9z~C_-Sn+#y^97rmWa|xm^+ssaAVJvIiwZ>D(L<)$vAE~K z#aqsjn}vpVfAPWM#YZnu<-VqAbNkm5xiZHRZ|}G6wH@1j1B%n{o|*{1Oq;$tR?okF z{^{ZTp`y7nl1s-syiS<~6$!IHX6ZKoZ>{C2eQ8rzZI#O^jkB4`wV?deq!;=mTnTl1 z>$zuv1|`Xk@yL<24Iw5a*8DbOT%3}j z;&|6$RHxR2@{ZrNXM5OEp{{CT^lGb~Iww$*H-#^l5s7=k2ow#jpRGPK=i7fQ_{0Z~ z=kb!+KxZ0DXFUydmSod~&+9WK50b1b$}#6^wRpcY*FYFlM?LE-L8lzb@^yG$Q1POX z7<9%M`GPHp;fVlrevAX$O|kEZo1AH{JEU9-{4B|F6Wq|0_{){~eAwkcnkNCV6 z4wmjlS3SI0D+g(z=1~7VJj<#pQr1+L{uXKMFdgIdE&83p%?t$|kW89|QFzW$S`7Qo z?y5m;n>$Hb`$Rw9QE?UU=g

    RqYIMj`(QJ3v~ZXiAa~5>ncSGS-+?3_kb?noZK^LNLm^Pr$OZ(5<_~0UKk1 zXu+NcEl%|HR>uJtTN)C;C%(n0sd@%?%YZ=VDblGu#b5&ZF*LHdpyO-0@r{y>xJaBq z)(+C8u~!O<(c4B#ZfA2zbW-d{f?LtibE>p1##9zx7g%-brSl=)ZCun1eV*+_=iScW zKP3F)kc=aa>J?&qg2qhjb$XV`xcqc+NEWkZy8dghWORzXIqxsUNmjLxaFbUFI?G=1 z2y@U^-7~JlfFcCyx2vg5&_CzcMt{6zubiu9F4$+*`S7KTCE2!3ddWpGGKdpOn##Dx*n#2Kc#_ZWn ztBULFVce2H9>RhJcWbLzM+T2ln8BZi;;~zOD9LjS@Gyb5 zNS8FJYoB8DgQjANpuG4LEDQ4@F@r8fY+uzRr z`!}UfCz5!63P(3;U5FA|8VGFo&qXvvzMK9*yJd4H; z%$oEJvowl5byVw}FbwX|s^H1slAvasy^|m& z0YcpZ@4Gl96xX@UIF~rtv5Sa+jh%2U%9kkXS}5}?H% z^GkgK8GJ4qJLO9>q?)t&+wmxovAB2sUs*DWxxHVRm%XR8Wx0{~^EX;CF;J6m$V_T#s zJj=TUzCGY?4EswG9+r!#=hw`e>t!Fv1ZAF)R{cbyul9yMadzUWi_vUChCE+$CfN#l1 zgK|dqBK;FqjijV$_pt=v4`41;rtky8vHUgD7MZJds2lEAvTfECV#!C153U#aiHCw6Zb=@RYM+JubxNk~T;y>aREy}%pCbM^MU!BMw-r#mVziiF4Bg~BbDYRus!sipCS>d^ zsbq4t1=$$Hl?{Pqj=5?*nXkm+*9)%b6wrEI;VjDUF|7u~M|&k`WY$kRbA2l*k8OQ} zi$s3&j9sBe?k7$0+C>`vFznLef4bcN@Rpyv3Z)6 z-S}?l;H$w+)AQ3xw3iK1$B@1u^|JY9{ zJY$8up^}K7@>YF_sNc(&&jce($Q8PQZhERAgCDU}!b(r%lMr5wk8$zt8)P>5{E`(1 zKsIhN!y#c4)n!r(auG5Re4cgJHZk$ly*;>oBGSqGE70jq5G-?gLOIop^f_hM!M23@ zDd&=0Nef?Gn-rBKAalJ0>D190CFycUNC#n5P502&(N*^6RsO_Ew6P%wF5gAP;JT)? zd_7IiT`Os6&MTI8PTfg_@bS$Q_L-h7S#2wHOeAzcv z&znO9KPg2JhVOSM3KV~uiW_fN}Cib)unP=LlJgAjU4KU7T;9(Hsd< zWk-t2g1`_&2oH?WuH3qGW%`rP#`;ke{p*nF$tif3)-FiTHfrZhk3jaUE9#)^sxBnd z-8g)wAC7c|aVhK?dMvbtZ}X5Fh6-X~Y?}`~B@!aiD0!+UFG4rMV8CHd+A|FS14!Iw zRZ9~knDW8>RE~wJ8zdPHlv17d{j0{;M{R*3*!kQ`d~p1w9Zj^@>?+s_a<-prz*)5eVZ!U5qw=L&bzpAHAnh>cbQnTFxy4Fcx|_+ zr_Xxqr-{u+FX3U{D|}c?K;n#tjd85ci1wm0T@!7=WuGNXFN zkhwie3Gn%S_2BdCG!t9*P9JDH;h2g(YlBP%&vxU2&LtB=#U)c_={eTa=QX){vLwT- zq=%qprFLlSdF`;jua3W)$D{m`qF8VtZYDo-eb+e3wIE>!f6i)Ndde2n52SfMWZ?y8 zRAwFpakO2#x1<`pgDK);MilkMa>5v|LTLp{p{2+QKELCloR5i{;WjA~LCaa7nPe6u ze^air^DQ@|YjI4~4v#DmWksgEmKhLMhCU z6wB@U?=6uj;CZ+|%qGI`P34oxS^P z_*IASrG`XRyUVLxek}2n(tL1#p}k7Ncv$AgW6*WB)V2Qdj=rSePECgt>%N$!FH4om z!wFGCU#E84o^N*4zy!-X)Ex?;0Xndq+Ow)smb22%i@EkqwO^>98FR=c3TQNgbr9Qu zW-*FLkh+yY*Ra(WfC4-`RFP=hV@(!E!;EA(!>V-)WLw+*>X;H~PK{+%?Y3abfbE_y zd%{zl!WPfnF>z;veQ2U3Yr&)~uAq05+b2=6^a;NYp>XFk) zkYt$oDtwAO;gJtfdPpN^61b8dxYmimTenrOf}#T=>;n%E5J4&mMxT|;3V2Ji$@p~) zg>z`Kk(!^CkW~Qi@YQg33s}Qer(VR6*?rqP%N%!KDgS=rAM`ktaThFGgl?SuI>x__ zO@hQ@9Osi^<@O*cMphm1rB;iiNuk>U)f6j#ISVn6mz`JX#C(FQ=_{quRgef9ML_yQ z+!G-({Jk8q7kS6xyBVb`Wt>s2>ZL0lc#>j_p_%ClO4(7i)x%lfG8kXO$zH@g?rke< zlR0?<|IiX)w6H&B0aBPhBYBPrjkkW*GI=1#hFVo!^>htGO&ru=wl%VXq&@F7Hr!=g z!cTmc%~DCnx};0mhmaCJaG3~$gyT|(j4R!QX3uDo0!ZRMG#NjivY~^0^!$3xBhuM% z&Zd9oH-@?m^-ojgHE%w=VQr0U^p>PisGDYv*`V8CwXSWD>Qz@pHXizdb&37d2vl=V z6H|3mJ$Zr#Z`L+@vL~^=PXgj%6l#Lmuii+t>&XuXq`te&?w02IJGSaKC$NlJ^8K_` z!|iJBfs)o9b)pNmLDtee!CXTYi|{+UF$f*El9`XgJ}yd2zlSG%jaj9WBdos&UGLN} z_Y!g%?~^hPqG+U#n)rrjqFC&pJ?9sd#s_={8X-TSG}bl*I0 zc)~P)CQ~*|l`;H5{c|OO(tw(JrpTTy-ZL&04tGn941W>R8m-ZXz$}rg1du)Zsr)yF z?a-4Y4jF9ik!b9>HB$1RN^8OLEsVS8hW20mCFLlq2Tev5OA`vmPEq&z{Ld^GGK-)3IxwV4 zsAgYNVQ8=lFxVRXOJ?P2s1y(#N{h)*#z}}z+K9`pLAf&6u^`X7+gD6cw|)9vyHs$t z5g<>~AxPKD>gh1HM@en!$vl1>Jc!_P-TJY{Ayk)3;^yfB=qaI8!+D~?0XTjk#z(Ce z@p@g5eU=W)*NuIIQ&nk`vsEo@915S%kjXokn2Og@#YJX>mR+^A)r#We23ZSTFX~hA zxK6;*>tk>|M7@aBBFlKu^ln8+hC<=5<8VlKBTEgT2FDc-T`%so+V5y@?lLkg)LMh9Sro72Of24Ttjh$=dj zaH$>r6_mIR(BHs~hwP@3McBFEW6-_o`{%#e4d(*UZO3CTybrcSawG?_p;UW>Lixo$ zlCzHP<8~(_upZpfP(bGDX)NA4m(lpq4ocr7Xrkh>L6#i4U4T+M8n4>+oF43=`uz6d zv%GnmTGn71Nj)P4Vr5ucHxHl^%O(ZZ3Zl0^<6FSPsl{Cj1 z%fh1-Z`+&o*f!vom@yJSV4+w0I3#=i#VBiM>7X(PpvpfXSn}Z3u54TIs1!#drz66V z$|Jy69UdGW_0gycg0J!>pX?*H;yg8&t<%5Y^}U9^F(jRI;00nv`fUd?3}>apkv|h! z)j&E?*q_>dpfK8#dF(Y(H67lEwxP&zb;AJv6Q0`O+|G#uKMBu;vE$;lP!3k098D3f z$oovCJ+TlG8CbL^XrCqZa~NnNPycKyf9g!VhpMy4E#czTSBpjxq;fDMd2+M zqS&uDcakg2WAm%`5y@5NI9;9tA!2)DAJJ-LFefb5rzu`FS!p384gks$U!^)#-ay(0R(XBe0V$0s$k^?Q3GLSudo(_|nmLha z%>D3HIxJh=Sq*8@#gi8vd>*YML~_w^UK?7lH(VY#ej-g8$QGMcw~~ijD}XSi{o4Qm zE-uk+rkJFOxsBFlLBU?FN^C5lj}T3ua&rTlRe=IR;-Hd^;9WDhh7l+&h@B`PG4**m#=a`xe9U`uwmLJXlw4F~ zslE~C=AD1jDzu8d&8_CRZ$4Sg$T2*2Go*i14i@)#yVBzu!`#mkk^|y(-xpiB(T+wY zuUybFDa=cJO=z;Nad^67IBVD19;a`&n9#Zd6oTl2s7qp|GJ5cyw*AXKTZ4GVK}+fT zCktuXQPN*9VV*yfI#4rtS+jVn+mAFu^x3y{Y||enT>jA^>mc|wZpS0mAu+0WgoZjR z)d%9e7wAyd^krd6kzXMdP`_XNilYd?BoH%-o#~F#4?q1N2v4t`1sR63znO_`_fB$j}?a7M} za8`5R=knRi0Z%MVimXY=<%wpc^8x?yWsy)?xQ88&jk8AFal0uer&J(AJ1qV#OujeF z+;ce$4PhfIYsR5~pONBtt@1WKtVim}hde}}nGM!j$2?1zHsVv|H0IKn_}z(r!W=5G zg$pehJX$8uPn9ai3F8YcDh$RS0=BR4VGsf6$~CW=;Y+Vhc4(ZKvKrWaF1)*F)XNsN zT5kC^PD8`UH}S@LLiIe6A4(bs-sXfrV2tcTZzQ;YP1W2hQzk;Om=fH$|KRhM>$!Q4 z!w?N)sE?gu*oey&&<`7#LIAvO3HUMgc6l}P93sdpDRV_;RjI)DI0mFCA7<}7Ry@}2 z9nDo=XxEcL+s>=JI^Y;O$eA=R7pq~rBhh)C-JNGgVo8)Okgy1lQ=rrZ-26TCX;`?M zK0V2{K3+B5z@~~dLi5dc?}nV^$4!@zH-!5@Qv6tTO>Y1o{xCSKk;xg=*XeLlIwd{! z3SljvF)8PCR%C|P9&BnzQVP<|Hb^tYuf1fk0qBPg0s|$4sowXpd6r*@o&+~NAkz)T z9zVC;>1Gyf^pCOJP4&J0b-OpAGL~e8D1kXkJLPN0;~O2AN8{N(4$!na>2p<_<_yy? zJ~v|9*36oQaS~r<^~iA1i#7ZR9|(17Ye^#A`cgtINbz2vJmf)5)p>tNcYd^k9-Xd= zh5?ais!WUbN|^l^>OSg)=b03vRjWYshbNkCrIrBpBPgFRwgwELu%32wD|Q%2C!pPm z){H4}7oDn#MmW9d4(w0NH@#XEPj;lA{dEcT$N7Jj9rZ!@bNj(Zp@*6MR&^q_RnD1> zFW017WMT=dH+?E9&IekCJ?PVXz3RO!1 zS!;Npuf(=Ikpd5s%9Bn!fA)=`J8B<)__|5!QNUu$iO#FX&*a{GV^CJ1A!e?A*YV(J z>%4F3mg$YZH~js@rSn$-C1s7Q7e1)$%$^ZzfBtm;^EZan2kXGCi@z@1JUygWE^`SM zzVzn}|G&~<0NQcn^~`-!aBZ$?q&H!3l2o{L@l7gGuU!>#(q=>31cdU*Hq zDc^;@M2C~{hy3f;W?cHXw}v%#;W9JxVFP|xCYsxqN_D(dK|=u@9a>QPTfeu^Cicj3 zffuLmTjFnbXopo|nEUlF&%dy=&vS?Huj5o0UesV;TL(#f zz03rATX&=GG`;rtlI~nVt(s^~v(-&G0x;$!GUkJSYNIMR}IkJbIO4eA^=0!7&8NNk+a%63MXUGh0_R5D1AO7)7c^Ab2|j^aZ+~&j zI)X+$O?lLMota)&FnZ;7GuwB6>)Pp#!WK+q?~TFmBy?_?9O_D$%f0&pU&CfDT?(8syl^h|wWY&EYt-goW^?J(tL28v zA^sb~Q>$7wHw*56{5gHB!m-tmc+S1|MCfes9TM>f})Cy zVKN(z#$qX~8g01}ij~@~$|ly|7&HePo;DfA!sv{sP<(N!XUbQPd6>X4kcww#d<8P`#mc(L_W$QFq($-iRB%}*CsoQds3mhCC0?btm?#Wi z15Fu2vq#3g3C~){a-5sY2kkG$4b*>Q2!AEE!_vENdUn`(_8{_bnjS@GYFW7^(;%YL z7|^VI_b7DfMA-jSMQgTJ_C-LW|Hp<`;&atnr#913AM&G$S~eSY{S{{4$((Baty3jG z%ZD$cr)5%+ozan{6?|3b-Q~`3}}Ku+iI@t zPhx_u{Q3_O|J~L9_-g5fQSO(ZI`Is5YfKX_#kJAgpO_PdeiTRegp8RE=qS%P3*m&N zXiK#2boeOI<4Hk+vS6gfirP?O$&1j@rVUzg>zur@Y(lK-Z46Psr_dy>WVkGxW0v_QR?AKZ7A0_}t2Pr4d56llq;5nel(4<( z4O~XX4T9rSV(@c|@hKYHei!Q9Cq-&wwuP<|#fn}uf+Msm6zBO{ZmSt@qBrGHyT~uq z=|r^~G0(;kI(7s0cyl_99fWeA-eMo;42Mz$tsfK)jjcwms@u8=UUmifwL~@7hL^Fb zqqxSEbk6um!WKf>*6!8tKKL?J{{&f*EZYzm02JDIq)1oL+pKH%YVHW2JqL8@r2xM% zq);~sHEyD0e`Tl@9_KD9d_AS!ew}@$XhAj9Y=J1IxbXJ4Cn=`bPcv4M$i^1Wnl8M} zb$?$*+gj4jc#*#gIM0Ctt$~Lt%|^>UTRG0Av7^MpvBlUfAep>IIpK&TG<+EEzKIEb zRi(ep?5Mk)muu*Zw7N**o8_j8tGxGaR`!2!$Ji6KjVq=V`}*p&+|=)cL?~q0#tyaE zQ9PL*2AlugjI&*?*^*mo%^Q5K2^!TrD#3Y#kp>G{jS11;7}`pbD(EaMY;F;AwszIV z;hYbplk;e$qjt69vWh36gQ%eV0>2aP@hQ&k@!knZ7PGtk)-cl`xtvq&5}2V$dy9^+ zZhS)UfKzmW8&5PFpTsy~XDZo|Uyp(Wtkp}``u4f3rk*&dqbiz%qykXR`&6F%xPFK8 z&U3)vLn|`ZI~2@l5fj^q-D(cfNoN78&Bv3FcCjx7fZ&eqrWAEcKn)U_ljgZr>MwF= z`;B3SH{-5h3=O>QP`p1|d@g<^$*wWP^x5u^U<+r(_nW9dx4HgX?GtvImU|i5;fcnl zbYclSB0TD4&E2EXX^PuUWY;M9M8$eMHPL9(i^Kw`SQtL{#`2pIeQ3}Qed~FWm}MND zuqcRUhF4CG$}LHBbn%SI70seo>Gd9{Wsy4f2v~gh;Mi1WQbwh*u88sjAF~mkrv?eS%9`7&a#pc9gr|ZDer@!jpF=daS z&(+(+%WGjK=%V38>j!UN#)WxQVW;HB+4tZPmKd{d3~`i59&H{1N;Up{(vk5gtbkB< z*fa>1iDgd|-tkr-cRF=Dcsm;ba&r2|Jh0tDw1Y8^5}cKk@>+ig7xcqHD|#6Zw!DAunyzZR}VI#gsPY~PI<{Yf@i8B-dYJqIRNnl zEza7v19@%yp~*-r2uKUV9=~8tL*WViZU}hyDxj)%e@(~;HAyg!yL6}@;88#`bG2MF zh{v^7b_>(Y<|g!FGsL^WVU2b@wnDNipyq?J>wyn}FG=v>*|HU%;J>+If49@WUi?cL ze*U%@`tL;et|896FdXUxt#DRQrd7?z&ZAxwF7$tC)90t9!lH?e^sFAd)-3nKl@G$s zQ7PZYvhV$TW;!9mc@^bwJ+yuXFX$mqZ_!^2+8Xb@UoiTz&E43}jAfN|Iqqpvt+Cpo zhBxobHdTVBR3l~cy${{ zeYvz4s`@@~Rz7gs0{XD><;L-Su{d9-=J79du^1ZSL9qDP!d5aXINWS180%e&-}}%Y zeHKi*pr!7EBBf?Utur%vH5jeg5@(gRrK9D?#)bw_NnzpD!?{xT=7kiTM)3_r+a?#m zD&G}#=&dX)?W;#JEI+wvezW3blxpLi+uZ5p zi!HhbkIg?#_vZ`w>?htxp*m@VR@w%BYQKdAgMh>zu;N@?-NN0?_F^P!NnLhq?v?it z9Hz!`qAZdA=_#$>CCx5^CC%(|nX$&6MWa;*-pN^Sx9lD_RKc$;b+truhF#2x_xLfW zwB*xkI(yV4ok&1at2*2}GCIj2oXlU9B>+2v(Z0;gzRO}0l43dJvH7X>@0MDhXTU$q zqD0g6$K4=a+-@7`8_^*P*T&GfbTkbhG_bg9C*xJzMJM0T2<;5X4w@X|C{{#Q1XRq$ zu21BLtxWWm)6-syTETh{(jvlVsLW^7p=GBmOn}4mbAM5>SDEuz!I87}*MJ`|WzTv{ zQ8mw7Qk`W_-mj25K^+n=J0^xGX&{TdZpA*qsXfIxw>C|xjdnzh)@28;SM*qKW5wOx zuRnH2s6{{4H7=iJLPw0>kX^$MEw|~xSTkIFZUT=MGLGs$#U;8YnS5hF(CZqsChVlV zK%C6x(0Q9S&#JEPm|8mVrg?P7#7o@v29!WEYD*H;W27CqT)-euM^v-D_pU7vB`UGN zNv-gls5O|S*M0Ag6&bPbvtES?RcaL#~Z;eOr4ef)U;ea&gJNZxY= zz{;O(!pLEDSeavtB{YewSUtKMy#2rn47xlp(}Oam<1}F@Gh8CC@5*J(t(m~hG~SPRUhz<|-S_A7Wbd01e%tWLkaWUVyruAID2~xqn&Wk{{-{!F$i&-{ z^00^h=qg2Qgk694EX#0T-(kkfiY&s_>ZEW{KDEeK<#yF|q${hM)ri2r8E*72c?7K! zTy*coXT7Yol zuYl$9lp?dK5X+e#C2W2Wqyp8N&`p8&q1k?cHDK%w<2Q1i!3>% zJY}_)^wZGL+;?sy-id>%4Rsr5+2P@f>$J;$Ulu7gzmJBc`TZKE zh5h(TP1R%3>g%Ro@BEwAsFq)=?zuMCmWw*~=xkmvR=hYe7Adv&+1K;6Y!;%mm`qk@sp!RZr#!^ib4^xtaIEX#Q+uc6nNCTo{rDn|VU)v$3 zubzaQz=s}D^S2L%6zK^e1+Svo>%`?JE^PE2rA{-7btHcJZ>_NY)5e$oYan8Jk}1fn z1W7q^j2AoNhu`B3PJn0^aZ79w4mQQI`q*#ZB;@2!5V}Hk&cijzye*drtIs|z_k%Jw zlTUR$I~^@dRED?%pPk2kK7}mQg~axcq`p;54IU+5ZC^ZYeEx3P>_L+V`YRI4`{a@Yv+imQKPscUGawHE$KhV)&id?!DmY zn|ZDQJw9U^dFxE*%^|Tffbmc1 z|J41TmhmOAtVHMx8Uv;2sT)7cPE1ecS!;S2+8Aj z|NHLU-Fo|WU)5T@x;<4>Gu?eopL4qVe7pN|`ulhF?=}EWNlsA?00bfdAkQDb-!*^? z02%3@^v^f)a{{4){z>Sls3@oy=$M!o=olE7*tpo3SYRv+3>R7n@q&F{Oyr5@b=F|2HOG*7a$ICAytzRl&=^5M-(ywLh(a0zxYwI1_ zboI<1^4#!0t^co@M+PCGpaRj*pGy_+0YKzuo1vpUTkGGdJ=exZ1`*J5qey8IzM#{x za1TyK<>B*aoSP@2moDPhwhZ~))OUqO%)l#?;`z-g^}1M>@h<{^jr?zv_y7q&)ys3I z{bQ&SohCt48nl=ZpC$T#?mv3<=^h^4H-Ve(9&1_+F4?VbeVFO@m+3-^6l9`;@aZGg zSUgN0w z9l4mh(Qzs``8&12S5M5Mx$AtUvf_VX=jn4=yT$umt#8BNI%57u+w0=o^Uo(eqwf{} zvz`C6+kcLO|C~Sn=?^?l{wMdN>Ham@ls@(|T3;R*=qSCd3Jye&#tYo|r!F?Sd91{a z-Q(`i+P4tS8+9^{mU~j9mbQX3NPcW2Ya(?KR2reYr56c(L;Bv$I{)#6H=Yy|2T{hY%BR&~xyYypA8MN89PEEowGPnDpUZOb=={q*6OS)~WJc()FHr(j3;Gy_@K-;YBcTLxVl;m*m@8(MRPJ{XtN3XjoBv-62@4s& z3FK=(@cs8V{5LAO&k|hasIxwi(|Liqm=?xA$VIjPcVzf)aQII_|F>rU|IVVax~Hhk z2?^q*zw!>IwBpjbw70fn5f?ZEfrO0KMmaLH1<-UyI94XHpOXa7Zlx#H|c zNpi)-;p{47#hIYVv5juc^$wHroAQD#1#FP1FtHNqMGz@@l--2sRoq7C-E%@rKp~pO&6l|U&1{X)^h&A&*G9juV8~)UT!19uidvEWSYP#zoz26+ zht+q>C1-+fYJ8LLIc2bh=hA(0&^ya1chfx^UtFeW%9w-XQCP#|0Z0-wIErcy%T1xI ziw?{%nu3_V+m_=t!d1x~DZ{tTh5xdPY`00s)70kgL;aKUn!_&{0Z#8{PWD%wajkv3 zo}CI({`wZn3LBp(Rtp<^AMYWfjn~P{tbEs7Z`1 zz3pMnVjhr=V~Jd~%fL(Mo^e7(Pvqwp%wS8@4EhMQ>_6izf5nV_Yngab(~aN5C&$Bc z(sAzM`o(U(ZD(lxr|MUhYhTS$m2!>KSi5kP6s}+uR9~)9`cB94x+XF{y4T8^j(&BHsoZHpA64ph+sP zaBMr0+RO5Iw!hB)tiVX9DF$YxFxY+(c|Eq&`RQ$qJ-vrX3iqqk-fqWDOYik00o^`R z%&ysXjh!qNMovdfz`0B$X3UDHAm3p`mA&Y;cBy%unkzGpx7J30t{`@!HV3`e_e28J zP#RR_DfjQWA7hP<;e|iz23ta{6j@1NCgOUk#G}P@8eTq=L)^p*GCp7nO>TVF-a=8bFUU!OKOD~6hzeJtqvoWFMpY*#?O4U_DzYQmRrJX}(;%NzSVw3p`c)%$YQH@FN>(zEo&CskQ8$+_v zaDRSkokTKwG2hyjpqkji@@NP==gjm@bAs1j$_wf!laA?Pd{iZS%{z$yT0Zy%k0QnZ zDI~_`;!gDDbU^BejLgT5>{5hU++)sien&)_|1V$#XVbKXx{}kC<&np9zlI2*q$)5> zlmkx{^H-rh#DhWgcx;g_xS@oC&HxB+Qc2(+wXYYvVaN=mG*T&>o8-PVJ}x7sp{&US z41{p1fu1Ih8d~qPR(S?=Q>PQYu34UzuZmv6WWgTy!{5s(bp2Q(MJim9HMDUCHnFb| z=QQ>k0-1!-i)%@VCN1q48@vR}QR#Ah7Tr2g7j1=?gQFd-|INK(TIHv>+8}hN{fNiZ;8pwO)ueo)v;GfG$Im-`11Z5hf z9HQxq&yBEy;p0=E9K4yyuqz=_n_S3<(1Zo2si#v&!4`7{kb*1g~%3c5Uwq25!nKnX&KCNrI zRmo8<|9GeoJJg=_?i1Lm@k_q6STYZ`T2->H?G$#2^{DGA3U5I!K@d6-YD4LQ*71~2 zyj3nJlk3D~FhGtD*=yQX5_GrS?6d@wluSG`__Dc707yp zU)j&G7tVXno=A>5?q=oQsX^0s)YE=?-4+;pR1LOkhcojNduR9e|J+MrVF`kmQrby% zh0D??+-nrR|H?6+a57ych${vBYz#v8Q6TvlHE~qq==*IBSf^Ff0-Sklr zk1u(SBR2wHJeJeLiGRV$ptjsioSQe`v!x9SdhFZR7J}A+=Vq+Ylo;qBb$iG#_X0~= zRi;lO_Vz`(l9&C#;aF$}-mG%8@E$ocYZel-N=_=9ZcVBoS=@mF0GMGjjU;CKLS4mM z$@VfI{we@5!CvQW9Ok$`!C)OC^?3>se4jpNLa3sGWS!0$G?u1hiR%SIZL)V!lB)qH zu+s+vLd4^u|G^W+OfJmp0}Va zX869F;HM@yG@L(^r4PcdW+6+l5n;GM3Mm3fLVW;NkYjSo{&dI4EBK5No0wPAIDp0} zRW3EnyAi88&VIIugHSP&gGVKg*L|7c$-G@laY87lJ@43K^5@A(-s5IuJE}<}toTsp zsPJ=bdjnCDt`>$8OlSB!hKU8R(t6I1BjPPbvgpbb{{f8!D4J`45jVJ}^2rsKj;%e9 zX`XAhR3;Q6kGDd~Oiv)m_NP|Ay0Vi$;ex4f)S)%~INR4N7mMk#e8peDptW{<*Ox0= zjg`$tPgt9~^_*2wVDDRYe@>o;__h~0Z2J2Vmz(j;werM1Z>eHJaHg zNfJ*DTHjXQWP0suqL#OsZ9+nf_>Sj_@q*)EA<>O|#g7R^G)PrLq+H(}Q|qJs8CP@+ z#EF@#NrCq?_zO-oMj?VDI0^OuH5p2G5NUZDhWzGQYZU+B&T+U%E>H+M|&8!NhHmU4WZ z?D8q@1dX36RP@eP9A!vP>9*?Nko{KeH(AIC zi{wi*K;q3CUy4P(44l$Y1e-^Xt%jQLE+VbiCDZIvtc0cvh^sl2IBe(>GM1Jf7L$$h zik00y=%ip#wmyv6`A6$CiG1YTOIn=NkMeMcV;$ zee0VZ+3c^h>G{#DKzco!tr^>_9Qh+x3R9kH-{=xkgoh?9S_|x8MMU_Ul(ZM%PI=Fg z=7Py##5H>obd}->swZbLQd7)~5 zzJR?yEXeBkG~50c@Xd$nFQCgs`0S=4Fd5OQaOzVivAEW$;&rEBJl)&iHYryU9k z;%$qlxxN!ODI`lx8esHu8bS=8!`W4Z=Dj)gUkxjWwUda=J7ca+FtH^!!FcSBv3^MP z*#EEwa0Ap+Elc<_$KBdLJgP9lBdosx;1O5$be^cz0E@Tdt^rkZ)E8aI6k#cI9OpE_ z$)k$lwqM&!#P1wr%vv8Rv;@3E2-vYb&bdmf0Q>8d-+Hfc1MAi`yj%3Oe5^?)WDug5 zpQI~4sfeMUiG=Xb+=ix1>agkj`{w8WbPJ=`RrVJ!@TKhcLfXUUbhF(*5`hIj$m`Gk z0vzn_+U?ahg8%HyZY?qW1*8bHk_66aZ%PoCf888W-f-*XoI=#sv)+aV)b#yXxUq5a zJ-R#=dDH!y(eZYrp=V&{#isru3F^OKhS<05D33Ya_tT%2*7RrIzq(z1ELfUoSfv`h z^!tspiXz_rMYCSVzJtV3kKmedC%|Rf;N>9WYk)Q{nI(%)h`A6(Od$ge49KxP<`)zN zMk9s1iIcK+%DviJ_jByFB@_BZDKu|_HeSG_~PpEqP!WCP#qIsf8*cxES)A`jXblalT z|e9oJk537hVc$?~a zTAN>tKxr*lyK^EP*0xs^Gi@4{o}B=&trE&gv%_O??cLR*Wm=|4S*y7Us*D2nPS@5ZWwUMLaR4S8#DC`db{PC%>-6CF;sfJ1PTIQW@8zo}hL_SclGIZmFNN~A>eRwZWdiK5_x=ChjAZkdESzXFZtD{LrO7wcc zMJNI*iHbj2EPaiGCECe7O5|GrWJ+>TL5#<&?UKDfu2r_LJ+7BM;LR5v#>NqTi8f;R zN|=4!dOv?!U-U}5^JNW^Jpxlz5FCN;al8wW~TLvpmHMYwM?P}4Iy;5 z!x&Mhs7bioxJ#AwtJ9<9_F}5>?f7uNndi)Jr zP=n*$qTb8<%Z$YRx_8>$C!XXKo$QMQ{yydr9Sp#Fpvf*3OzUuNi?iW zG>eL;jhQ_vex&&4+4Z#Gb~kpQZ%UKl*Iw(==Mykblt) z^k#&X9^!GQ>O_nw!Dz=4*1H@%{-~7+&XZxPmTs$UlVx(ZPl6OC6=+yu{WT3+)a$g< z9FS$^M-xEe{mj96(-aIA+ znuMz8++}?!ue{A%R=%4*8OPq4wNW%#_@7gBWVKTLqUt|KmGnf1I!JM?t+_+48WUK} zL8siEDxK5q`|CxovV*U9@I`;Dz^!?vj9Unjb+WB29L@601Wg<(jd9Ov5(1^asa{FI za&x>XfhsImuI5_8lH1}vVwwnA#NJCxFT^9Q!<(x}KDn#I_OHieLU9#bLi^`df~egR zLlJg9FZi>Zc*7t&3-N)4Z-aBOI|nJ?yb*Q8PzCgg z7AYDstx5}SZEU<^dTou$U9I?lM6*;_)ZCypUuYsYI%WOA_?wjncWbwZS)HX~Uf&EZ z3}U^95rrnLH@S?pq-rAKU*q$oYQ|A7k=;Q;?aF$rYtUx!+l0C7fTS>iM@S`8We#hB zLkhQyC?*YTbeYI~-s)&Se0msso3h-}FBlqLp&^z3k`36xqG`qdL3P6je1YOp*m_8RpzHB9yHMAEZ$%0kRW;6_F&;5MEiSL#`Cl{04%3ul}#^5Ry7)~*PwU*cPi3E^)UsjDp3+*x$hd@(& zR->7)(33#r$av6R4K9EclK6O$x75 zmD``B!v$02yz_k8;vB8iUqu`o4L{ci>YfqNKOaR3a>pev$s#dX&}0IhgCHR2L1587 zW8;(aj*cqBY~jJ^^OweUvdcfo6cIr+0rc{hnWV9YO7+}rc?KkO3klf@t$yt`+9xq1 z8b{UZqdyFo#Tt;p4WKZ!SstOKYDn2Zwa;ryq`O3~n56Eb_lQG{1H(pptJ=OUkf7m36~}L4TBSKF z^rXTdj6tZ50L%n+E?sqFD&Qmpt18KAY49X%T}FL}Bg9gKwtcdi|0q`3$AIftvjMj* zJU*}l<{YH*Ga8@b;QDtye|u_x*$~DA=cT|*kD_-I3{&JJb~uk;A1S2t;J$fU?OiXD zHYu2q1DflpH**o+S>vP_o@F0+yqJCQi_W;*dMpV0?nA(Bg7P0bG&}hBxPY7un!XGC z+}N1$h5H;gUH%vM@Ai{dO-EvQiROietoxcY71g{zg&Jd#j0h{(#csP2wXd^%o~nFL z-&8qTT*FMnJL16aO^!IoWm!{NwQ?(&tL2W}jZP9Q!1ZJNPec5)@ z*}ZI+b6JqZ5X4}}!dEn>#ni$p>ytzdw{Y!U6ZM_^sO`X;o5E|j;p&v_F#=|?!s|6+v%V;qL&OxQWTeie#aGE?> zKu~!^l6jM#E6QYZV2nj9(@J)G-h{1Q=4df_-o((6q~g??{L#J%^AO&xA{2YgIn5FU z$#gO2j$e^5koOS+m#S>PRv%`GULA09+j`Cm$Q&_=&VARDtBL2&h3L1;sSj+3Siizi z$m;#w6Q_x{p6Oy`^}V2$HW>KrnPK2R4F4NqLroHyL=7Zm>U|neWyqeXA7$~e#$uLP z|4lp?>F5b`TK;JWY!7E=VrQC5@9`COEuxXh0adGpqTdASVJ@W z&o-sce->|G=l4!j@N;({lWshBhp$!8a}&sWzb&Kk;sjcso;+_N+vB`PvqmQFhw#y! z`-q9PkBU5*cjO<2kK)?$K5aPAU81)qsme^;EMn@jpRLT9M|VMzU~oJaKA z!&3~;EskelB-Srgw<qmzn6kJ{40dCttRPBd(&3#$&+czySw=r7q|8&lTMuAvxK|EUiKjE zwVZwOeYw~opEB=H`Y}~|s~-6yxdf#;y`09mTqf6eA3aB+67esd0S?VuiZ{Pielfba z!0&Q?x4ty`_gGZ}XDGSZF2GhlW_XcB`Mzn0o`4g7iUgd#3S>}$lDx5;lO^5MV z(4zppBat30IxHPKH4cLMc)X)_8IC@2azt!P%P#|u;DoJ2A#e)@NU;rqnVX8eL(As2 zKXcDBXm^Bo?pz&uacfi5P3*8#jt=JAip3B?v!>M}Vduc1iJnbPeq(H>cYa#^J;0hf zHdE@9K?i1&#}7)@3DY3Nr-^PO6~qOu1@~Up`VpczJCm1qPeUiIAzpeR7E4rxv--nl%sCAFO4V*(uG} z+dQg;*pP;S0wXXMf&ST^iqC);lPuD{jh!R{(yF zj3_D&WK&zOm&45+Z8RQ2?kQe4GrZgLUb8;YGsm0ofj29nos9c=-bRAR_CNQ>DBO7! ziA@@XZ;_5M*{Y>js8P6~y&h2!O2jM`(e*Go14-B>1}LE)o0KLwS(7~Ig-vQ7yJ#Hr zHiW@ilFP=Bm^@j|El)C{0SRDhEN*-m<6eqv7AH+%6^Y~$@p_j8gj14?o!Ese=XEL& zw6t1sXK+|BRxWDQO*vb7QX%)PVAIn;LJ;FDe;*Bguf8g4(^2Sae~;!WaPV8RZ|$D&no$xk{jMqSgKu4!9_kZP55{E4 z!ptPyXR%(3v*?o?=r7(kf_!Ta5+3oCV!+tSB?S;BbEnLt($=}ZZtR~M98408DD5TS zow6z6*Bk!0z;N?EcTR3a%%SY9;V2^kjaF19w$u(9OHi8f1~MShr>qlo-rcTL&aY7p zBId3zFf84Va8-M;XB{dm1&UP1=CVGb^LoQhyTrn7zwm2AzIE5eKz^Leg9)KYz;Mh< z*ElD{A`RJRxlmab#KpEl?k}xUS?IUMJ80<_5<-%oE3uKh6EC?+S=f~5KIQi_8U4Dv zyO!+d@1WJh3MGR!@m4rx4kM*SGng^q6QXqi$nfz1_?1+@@c~&hHfvW9#W}TMD{k&& z;aiL!+x*Oos7*J2=q`OFkOWW;F}#egi(Un|8pfcHiaEOU%2HtH@n8ZIq-X+(xSWBl z%dUR`HcMIa{W1#VA)bWXl_}^9k}pyJ0y+@tM?0VpFB&{>ibpa{^rUs;?G`JN>d7mr zELHo~5~F!vOz?V>nN2fH@E`{dyK0(6OlKcJm{chGzHyv5k11y8+<{;?l4@sr?m&Id z@0BBb-pNEx%?E!A^hc85!!7ZE!K;*iIaoa&v7%aqPP6@ve7;POOK03|Q8v?JwMbG5 za=A3a5>KvwpT>9^7FfD1> zkaoNPE%lT=Q8?nxVYS0qj+0asDW;u54wbC2@8=9BWK;#|I1O1mkfNiMZ=1`k!VqOqX=^|< z2+Yk5BKRO(Rq72ay|pAj3naiegH2nb8{R{EdB0fIj;*2Ihq>{x_!*2Hv!u|IUmyFP zD?}Wkm~TzxSR^DXy|V^MN@r}HDAG$F~k-9W>yXhiuDuPGb+U;_$4MBj7>G?rPhsV1~R^DU`3iO1H-qEXsm98*6ce zbQR=Po@>k<*sksF5P49*zz^(cuoml2b zDv`qb`uNe&IJSWhFgDq)UOkHlqNcJ(F9p|+tFXwhjVMPqTL?)^|4WfpbjcAlI&2mLI^#VXr%9kd$ZC3!rjd?CK|42L` zzI=kJJ7=ev9UuH{hWu|y;`R2Mr9c1K@XPa~K1MAV8&2)Q1pP{_7&TrFQQ%d)7-Ol@ z<~c+rl|aouKg1giRV9JVaCKSrfuHepZJB=id_j-;eZ0QUhvv4&^=9Ua-Vg5fb|-a%kAX}R_Om| zDBsJvw_UmtOa;HleGj`A{sJ<+m0k}x{RKo9fa=cMsD6CN7;^sSl96o9%AQI1w;GZ& zmp<3EloIldY*=Jg2XUO3m1iq5R(Vx=M=)HEn5Tgh8!3|{2#w0{=ZVStq7n2;h@`te zN)SIB9Y1O2MK?Xo(U-Bt3s&duSPMNwogCW7?2tTs4IP+2DV3_+eke9q2<>WHZF71@ z+1y(LSlh&&%}1?K4QmqXqyEsL7?YTAjZWwucPH!;7dZ5OcW$HTjon*8y@O5UdmlT% zU@$j5`!4)b%K7qIj}xkK!{_804b)_ipr^vR>J>9FKZeQ$SSa1EDT-|KRJnKyS-bpcV1SNWX%Wy9z#d*vvP-x>itV&C7Ee8{1r{I ztnojW634(wVx>111;(4T{nJzhB*$lq;J4E~SxRT+I3#0R@t0aF~D7HDSOGlK7b}wMw0vPhK}xxlRD$E~6!#HA2Th zGz=K!x{VtXvySPVJpjtc?aP{U6so5$&kUF*zKh+vgf59r&I4?(o9-51tp}R?`moreR7;%;S=`Wy$PI-Ek zN^{tcL`Pnp!kRRso1Z=8u5)ywenE}^6c#bA9a)-M;u44khp!Kew%FG zl$^j$7K4{eMU$!DEAO%L48D&n5wEC?kJ-Xn%t~Fcg)||&!Ivdi?53h_m zQFm^j^9Y^qVrr(_<_F`#_|!42ouH=*i?auvItrMuJpZqpSO7mFD_V?I&2gFt+|OS{g*gfF^n>_oL+lX-l3;J33K0tlYjCy zF`DzXWJ1kV`?jejrRpZTLTs$q0S`WCk=AX>aZ1|w`hN4p58ru2gy(t_x)?F=`3&AG zlc6{yD+cyb2RrDtoF$UGSEl2I>-khooq$6i!HBlQ2i^T&`F{w<2?^5%N5|xyOiUKx zU##5urz(v$n@IbY1q0QrJn!Ocn;u@LEFZEq8DHLTdCQ)~hsjI9IM9(ZO9_0W(_1Ml zs2toibbth&#jN1nT<+*9i1absl2RpgFzJfi7ip9MH6qGCnM>C(6pP)2l4chG!|OK_ zOghVcjuJx`2{m^>KlXE!`;<@sI$D?FTX!{2I_wbYI_jJH>GD)R)xFU}a_^%{R=JU( z+Ex=&PbIWxd6gM%TZ#I3+3iepz&DUjO`3H-zSQYTud3hjlkSf@UGR@j1~wmb$R)3b#Hlf|?)$6TrTV*l$5q>LJ$c%cnH``)=1-4FuF?HG z+lp&@G49`bG6|^N-eHYI;)M*CxST9k>FkZnSIU!H=GjvHawqJUCw4qfsBu$`BkOKC z4(+=niVY~`i#}r$ttj{qb2OdVY*FSbzGU5#pWR_i(I3lYXpN+3haUw=_y`qFjR`Y> z(I-K}hq3t?nZB&9wRS3avk{d%U!OE5yUcdUeEPhQ>^Qvrx$|O6wl}6FUjjyz7I1<0 z!Mrm{kAyyJvD}|iRB5lJ!je8)B%kf@P0r>%VV8$D3OJ!?CdHK-Em*ayq>VNdTQI&< zK$YI$r#~t(p^z-o&q%8Xm#sk*b~GJPqc$em;YK=3Ajgfm{Z^+~wDx=QPA|v7y%`ig zqtBo55x#^3zU+CbF+uwR`@&7rZs%eB?}8;o+gXS}Ahv_K>IV++r>qD7YPr$uEb4bC z_{L~F)rnwS+-~whDB68S5<6?1-;5IM*nJ%^<+L>4sn^7NJvuZXh2QVUNr;{uQUvTJ zlD`hukq|2M#Xt~tXyRX|s@&9n%!-@FrX84Zf=$sW!P3U;Ikn@3#>U7ayWH_2s~`Y`S|O0i+&nW zmsRUSbe+bNn~P$s-Wj^Bs|nNj(Db)mn|bxO%Auv>s}%r3B*~O8qR&h~AjGN(jP`ZW z?e`KI6vnS?LZvb-HPjmyjDu=k#c4bq^V9Sf>tsGtlBcp{REVTgxpG)?rPd#<0oTnt zy>bOHhYF1Zz6+Gfe9Jw>wJO;(-KviY*ZYd|fE6TjS|W}gWF`?p=8ig^m1}yPr539b zl5U@(iyG{NvPhx$0QiYc>zr9xH+hImCd6*B-(=fk3r{&N1PE}|lf4wI@MUH=mwixMMDF+dm*~tG<1u!YM^Mk+-ni(OhUif zD+Y;CdL;f59y>QSaz3Z*UWZjD4uySNQsJM{T2B~MFNB@KM|+Hv zY!qn)TS-Eh4)ZszFQ*i^VvWsb^pi`dpIi#2?OOb`*EkxT#up17@wWZ~a=E`^&0cIJ zez}*!Y@^)3rJL`Mb)dy{Zu9?$y=Q_sq$P!*@Jr-xh>FUT>`a3IqR@98=JxARUC{va za?Q;IqL3fFj{smzh^bdN8#!OdcW^zsmw-@9$K%5!3T*C0zRXeQxyn+VOuhwADC+D( zn%AL*#`8%aIsP@rTOq5Sd2+#vt5r6%5Agy|!&5GvIhMPeYc57zsXegvkuNWNpK&jr z2m0k#MQFDs{fPLdgZ)i36jS?~rZV5K+Zaj5E$x*UW5q2>R4oqS@_M~j(eiCTE}|VR zHzB|wl4&m)3%YZ4YgUcv%%WzC_yF?$z%!J*h~$?ZKajr;?4XD(+FHQFwTS0qKoRvu z>i-LP%)jHV7aF|KyNYuqc`=bi^q^Jd_|+F`zRz30w63>pT8%~thg?^;rBfk%K6-zz zA;OvtBO$lhyGqXKvN33ILb(}gp}uWgbdoEK;zGltrtPAUi`iKY2pn1ht7unCM1^-y z@V4ZRj$l@npG9@h6UHbrCgHIKp>CV+ko`KPRxon#Sn~2zF1#c=EQoN#m3xpzB+o`5 z2^}Y6;n*G5=d|usp9retujv6VYGmPJ1#zk`N>#_>0fpae2nqHi)x;YzaRy;D{2$!3 znYxv*gZi|Y{tzxuLfXUt>uvb;F|C7@6l&>jLrjAdH)$(g-)8v)^yQsWj3v1^u|2f& zjfrzNxkL|Z#FbGgA_&m}DCpKlG{Qy7gwd__*R{c5RPGqzO>@k?CB);~miKxKFc2lE zIm=-lfC@z)m$OHxRcOUR+&}WqUJjZ!lTnsN@yHd*Ihv0Biu_VmKdpfqLucGK%hh%l zc?)|r=^@DNxsH-XocqqaO8g`tmQs4I)-Q7Lam1Z8sCVIFA>mMX+;LF1!-rb$<3_?f z_M&g>!|PM>>X%wCHs+_C!qVH>A35&*{mlq)c0Sox4dnZG)ciOhMpF$dMw6ujCR4d+ zvI4^KRZtthX7S|Jc=$5yM%k`JM05Du!=}|}qk_hLq)qwhf=N zIF-=sP_^ETmGwV0s$ZfSle%{}+TwROsvd9b$FN*LDw-CPEk}`T_L%0fLTo4oM6WL{ zu?2jXjMwyC)j2*UXL*K8Lq@Pa_j92hAe+bQv{@v=Yvc+UGsyw70Ef`{iUc|n)8s)c z-V#0OIx+EjGm27~P!6+uKG(^EEhY314 z$|yscrgi#d%Y&Zs`j;U2Q%*6iTD9T?f}N|QDE{_!sW{P6LIn)b=K zZb0I%r-u)dj-5?UWd)o2MG`(}kFhczbaMVEAXZHuW!3$D>*d%5P;z?r0D1%+JKz-v zoQqFrkLpY5bz3DprN@DHSLrotX3x_XH_F)mjfM&NzuwKkezHe$;e2=ae{gA$==R`V zu3fYE$h6ATX=$gbo$o{MLXUWT;_uGt|2=+U`_J*-EA~F?uOA)bmpbZ54O3eng$}3~ zLPU{&q%=y}{w!ggS1!QL3QC7%LocS;a1%(6;TroPrEPZ>1QWI)XGwS0h*aV zGb*vHUmWcn5J7=Jvt*za=JavCf zr%<{!*&p5#d%F4j{l za0+D`S(8oXlSgUj6jSvM?}NeL@2dzJZ)=H=YW1y%DbZ6bF^j!YWvdj#H-_+#0ARm^ z7VJ+S0({sSXWm}R;pR%2;S%+{SBD(K1C1+Q1R)Mf)k zrf=)#OMJ)8gm)S?cebwwc(aEKn9))bQEuZ}*!^@M{1L4?t8`~v9WGhr$-3YJFbV+K zSHAOd(U(H);rhJF-SE=Wi^HA4m%!u7kU!ocBkCo!bIXFyXHL8(V`GIL{xEcsKvTiSQV_@@g-BNrf9fevTZfmKVFCRsLN$8~gTE-;QNkikgGMa72okbkPR`T)%-d{F%zWF^7LjJ98TGzfqS-~#F_ z8!_U`-cWs8K*zH1I62$@MBzGyD`mhT&pv0pr>03|y+I?zyN7A9Dm)6f`eq>10Oy|* z2}Ypvh{lnvTi8xonv9LwLBNK$WQn9^0d`t^p&FLfnoVwNBKvXik{EOfV{)JHoTFo$ zk$SV@wD6R)VFCcjl1m&r151k<<0W2(Bi}6M9)3zvt2Lzrs6A>I2+$>>K#noHCoe7C zdz5mF%is6siqRjPWbkpo=s}WX96|H!8wOQdMi@9X>c|*=&rRVZxl{iZ`$z@Hk zS72(wO3tzPC*inVh!cKfy7Svd`0el?@>dTAluKI!BhMXXvUo;lo)R~`UK?ODnNCnHi_=>8LLx?uL#S=W zjcn>Yr@<+k)=H91WvvC3afAx?6KiRTW>UE}Fi4lJm-QS7pjrz;2Q2an3!#=uivGH| z*3ur~R(AUWxglgM$FqW!-?x{EC{Jm=@Fj+_#jV=7Fo#wpVYzLo24IL;~-*+AqKKC)c1wP;ZOUH}4O_9G|3 z`b6E0@V$#e(RasP2tZbI0Qki;TYq=F`Mkl?mh6M_!A z(2qmP-5yuT+(DLLtz&b8Ln(h9GKj-uOLnaN4KoR zsCDFYI+{{+5t!0=g($3&|MudlmxA3(VCJl6u#!&(`r(qN%U8U_(QHmGr0YB?>u4dj znk+YmVS~ns1d*w&QLKq~31;J2PJzf-sZH-^dS;`end-RMk(0S1c;i>hhT@)`SB>yz z$mE>4zNnHefd_I}pK75bxB3V`1MfmV-DEt@jm@Uq(u*0NN$BS_A$5$Mu#&2`V7`h> zn2IARKH($W>eiAcJaqxKfY-d{U5I7Ep3FVewz(yLMA5Y7eDoI(IvoJ7I`PQzNG;bM zXlj(6R#QV?5!zitl-`ghOE+JvwAPUY48KOelYQhD>@s{wWwp76L}1C_DiEe<6lTuV zqY6M+ryl}hRW5NJSDmWm0Nkp*lISpzH>Yt`%455z^x(i@a1Ra>9pnRpn)7Vl(sEET zrF<#NTJy|^t(mNgQnb!&clPIUO%5wX8J9Zr!5hKD`3+DF8g@`FQ=Kk5Nx_I`qER~z zMt%n#teOij)?N-JtX0W8%bj#HL~FZ=rSRncTCtJQjWY7@@Q?UniD^n)0Kytcl)RlsK4~BZtRKcX_^| z2bCbpTOggsu2le2;}XSkIi}~>h}kUROC!TR!aAQx^9j$DdX<}M3UrHux*z<-#Z~oo zl90ihZGFMMQfJ|n72Pzid8k%JPwq>vK65018_u@$)u^cCY;6T{;miF%hLb2K22=sxwoaCeqLZM9*aPYCW>EKuA@aR`(aibJ3TD+DR- z!JYCHcPQ?(XmC%0Q{3GNQlPlikovQ{@9xg*hn?B|u(LC}pU=m0=DP3mm)~VtlBitd z8&Ir!a;S@+#u=Py=RsTN}yIAwZx{qf|f*+#g0*(8?!ByD(R+@fYiqb)EMcS$YV70v2 zOlTyg(9DMW3`D%+k+k-5cLi-zbHmi}DPY7_`BjEl(8uWf9mGbad`|MgiDY(h$|6!C z8tZ^0a~z2dk1JMFeTj{7)||JfrPj2elfh#m=M{_Hr51Avj|n!5?1emQMDBI}QW*V1 zdYklvC9?OaIrme742&_FrJ2=WHkd`UAzY7F9aco6SC!~Otr-~uq=EJ4r3Dm%(AtW> zmsf=P4hrL#hxI}e2&o)3xMaauA{A3!0#d5LobU4BZ*$%sYDbh$Z_|e@7a18a_6YLE z@clpEm_}>fQ~Ke*CM_i;4cJS+jC;d=siAXqnzK03<$%(+i!~q*h~a(S6XXxut}YHt z_@3~|D&Y@gNw^V-nesbbX%UA^16VaRRb{;nse$7_1}OeW|DBjr)!p+$!GkMq?xQ!q zMtA?Qi&*e|wZY;PAkMw5jTTMF@g`6x6NR#G55gw(C$c~yaQuEiC!N>sLk8>pNsSyo zJlRuFujBmBsC4)I?cuveY@ZyJ&Sr}W7Lj7A4X5Zr-^4Kz%EIbD!_ait0PdSBidB~J zcN{n{wz7JR^wQs^5PV-AN7#ej^8++LQ2WCdgXrT+?C5lqS)-ygKl8~kDP#@sWU5JU zC6KBv3D8#xSd#+#0m5T)9k~hyJ$9_Rr76^Smsa<-bWgf3jbw`2wMe-Z;fS#jfn!~^ z0bWg!W~uCbppE`e9L6?J8&5@DGE+MA49He;qCp)<50yioNhroeSatme<*wKLUqEy4 zzW|N@!A+a^f7eZG%3ZD7_IR|3-HGYu6TNPDCaatwew&owGu{pFe8HYpO07@#yqyzJ zN&9eHcavkaJzBNDuUd4v#nj|E#aPRgtyDaR%MlQ8J0@B=a$Um-L4ey1 zS#l@Nf}ei}n>YCFjBqc|6wib(CAOjy{q}azvzbuXqr%H1$MwsHE#}LVo&vW-#2m3F zd(2MNQ9ndNktfYH*D0>rm^{Wc_0L&U7)BkB# zn4;Ik&a9iaTW{CMWpr&BKTV1I3wWGJ#PTpyb7m>Y9MGiVJWt4!sV z7VF-(Q>>VdJk#2|L#p3|K5V-s;4{=WobtQ1;?GjF3|m9rLYq_rV)9Wfq0EXj(-&@$ z>!%M1c#B^Y%pg@36CxGRk7Wf?i^Pyb{w_Kl@#y?IzJ*1-9L+-54^GDdlzh}*Z=otV z`_Mvw!b;zDZ1<;tfE9th71vjGogZ0NcnRiqgv0gCT1R*-6z7%!uvX2 z|E;n)CNjx+E_s72)S!S*juL5Q9q`SA3kk^yL62SKn;agnU?eE;Gy6TwS{g&6m}{nb zT_(Sn9L(`-o38{nBRDCH)8HTRnjH-VM3n7uYO?t4)F`1!E?W*h0b=MARS9mZzHEe) z$fehe!R=F$`Q^|N7=N>rbXB;Em><+IOxAL1b%Y+bwlsWS*YLIYvKikyl&TCvdy^c! zLOn2qyK9Eh?gd&`MEe<$MRwW#D1#);iInvl4KrvS!(ucI2Q2d!mZ@|7FUqkwkZ+x^q` z`~3S6Kh>0&_ijHVNgjaGOx2OdS{NbLquFI!TR4I?M(oDlA=kdR; zONFV&WD+iJKJv3ZSH~V#h~X<=;~UDY1znr2N7t6Bmbe7^Qw8Uic%EciuG&9f8jBJ# z@UB6);4ITFmkn)%_~;>q+cVTtuV(n8?p3k8UVCT>h1gL1EG*nffxIK(5NDK*BT zndQ49%(c}SmLhoK7+5@1&z*#Rm{A(6-1OvAR-qp^^61;-2m%h6NJ2RT#a%quPeV2MQRg$wJ|kdfZUi@gnNuV1AX^nBwARg()SI#+|c(>uuO|0q&Eh z8%~h$uHUyLpc+$Niyh|YpQ2K4EWCxRzv(=zvdzxU&d@DzHc#d;ft{jiQ39liywg|? zzyWD#GW%jHQaSY2&dX6?vHJ6Cn*RCK^!Kc>{9oKGC_PBvjcxbbmSHugmh|sV6~_VA znQ^zDDR>d!1b)#UZ(;Gn>w!|Tnn}S@TPXKhw<>nuJ|8~<)kzP6b^BQYuze&Rm`M6^ z4)W)nI!YjrYasqA2(^*FvvdwZ-K4Oq6+Y_*iAC(5ykFNP(ZIZNCHBfc)U#Y z4*_0~44qgD5^ky-jc>+%$pgwe1uMaB4B7aT@+1DFG1c?qvO<~`WF=j3W+&7DQon@m zJg!Jk58(S{z%i@!5yD9N^`WoTygvm6hg`~N#W>3z1;26jFl(Z_BRVST&7~ZA5A0<# z7geM*-=x+=MiTh7uCO36&KCDb$A&Ieb!IbN>~T-*N)e?tFkQEW`q9W7>xU+h1bVlv zn=Qfi?W)D#FTtQY+6!_&6a}#*E?v{y6LS6x7Pc|6!1xtsLGzt0XUjHP%_#KXX{xnj8D*#4jHay~_Rw6_xw_ahrki#%LV=Jw8K=54eK|FiP>{cSGvL@UefrO-y|P z2^OC06`qRw7w{EY-fZ}|P$Sc+Cp$V3i|lsG!EX9|NJ%8Z`5bPR*e^&yZ{~!Q#VayD8xA-;m|x6$=**^LgO>{y1B+^0F>!`$77$MVfPE&_961YF zql|BS&V)Xb&v*}9y$QI!Z{;ix_df%KGtoZ*sFWR#O4YX!Bp|G+gwCOgIk3${W&!&I1v@+kA8K0y?G=p}b*Z~k75?(L3gAFj8@Eg~TrPid7d zd4p~5OzK=;7B=fo`5D(AtxUZ_1A>6-EvK_Pxv<&%NrfoAkJ&2P4aS+SKk_ZJo~c`Q z2TOOhg~xuB5upF?bG@UZQm=8b+X24dk8lrkkko6N^BN`kqlB2G@>eX@$b`1EQ#!fT zd__71Q}Cop;;^#mW#{iQuZ6j5{aHsfr$)uaqcy(Be1*_@0JwMX$DhRw1C3`i*4o<} z^rwoo)ACo3a9v+ucdw$=>3%8=y-l>Et62=~{}@||XZ~vt5lUhrge}$~g4f!-snM$V zOgVc0P(tC^THTraDYvL|&(*jZ=T*{_p4szW>kF{}$H$8kSmozIh8{^iRHGon&7}hu z)(}d3?9u$}#dGiAx5skr9R$?Ab&43b_<|R@5d&E@?T>;Yzu*or0kGTZ4cyAZ%J%KQ zjG@AB*L>wy2FfOg_L$@Xa z4Bm&;{0H(;)oTn9?in^oI==bn#b6?ljc2?WooV!X_7C88LT?w0sUgIi-H*MSe=V~7 zK4X-#fokIK^#^9G%V$c69rX78!sbfy5rX0!RoX`4Jt)LGG-r*bvJB2GKO&vMwkU!d z;9jJ~L@IeS8M5|?SbQL~pMEoL^y7ZLGX`^oTT5_w+7syhu-oOXR{1evO{7+F^>(&; zi0ZX+aZLZd*PSUi?BcPBY!=&GHTKm=1$$p#DRb~`MrntP-fYHapGTiP|lmQOiRpw>X3Hi;S^mL8u6 zY_-_Mb4`KthB1-@lc_kIc!vqYeSw|1dVk}Iq}gPFZjaV9bz;HdqgvFY zUnJI2OeiD};*5~xcd!4EY`sSyPT2(YWvs08`MifG4(ss4P{xWS25FOgpl~2{lNW20 z`<(uJc7a&}u{#~*yhm=TATg~yvcaSI!w=_}6uUyGRsu3|~FTKZ7cv6^vKZL93J}RRGC|*v=9OEnAkSqQi zTvGrO{gubCC@wM^Q4tvhMvGkebh~w3+`{)y7npWXT<#N51ssQA~pULh1s`%>{pbPbhj=ZAq`{_y( z0FK0YWd2U4F$%%~8y2l8j?G0}6&Vxv@G7YR=$>CfCUf?w)NI__y`;|UmG8z@sv~a& zIZgImy^OgD@y|%2VGatv+P&FNDE#Rm0S&!TSYOduqQ_6Xy6m0hG@@@C1N!DMO_uEh z7x;1=043T$^<7zDSyQ9wj3CG9O_QgqAJ=>u<=g7ZPahO`ie(4@5&*vM0&q!ZZdEVWx#GAAg`}j{1B#MHt`ll$rKdS0Aw( z*dV%;Cr#ypnAGJpd`s8tpp9K%=T3Y0_vUH=SNPHyUga?bS4$4y5M1(AhqUC+FnhaB zMmC9%Fq3#qg?!nV?o`;2jDDNE5+5jp)ly|DyFGGm6`_+m7*Xnua;DVi;(Dy{fu#j= zd%L|U^TDA(g_wu&!4gMLazyaXs~oP%Oe=OFSwRk4YLexcC+EEt{{qg!Dz7&^^*Wz_ zo%*o+{%_SmeOTApP0F{2(xSE6i~pJDrd%<0ueyCzoFDSi88LI^2(cSjGtzfHE`-Vm z2rygIUIFC1adKM^8A1ZWbW4VGlOfD7JfHk1)?(_QglOcsh^tIp5s*bI`FrYR=)RHm ztF6K-O9&f#)_Wuz8>vXVJg*(r<;s=8VP!uI)x$GPGvrLPz9La_z1fcWvu)>f_MB=Y znR=1fOM-aH`*-VtA-WrlMhVK4>sX^F2$iXwdgz|GQB=+UWVPLP`(OYriTvD=^@cc$ z$3vks@l490hf<)zNIRXBP>z07EKAQuz<$U~X7HxL*Iaq=D_JTXA0J^FAQJ%K$>@;{ zXcQ?ZW0q6r#It=)s|nEJ8P(QuoA~O{dVFPGw%&a)N}C&s{-E2z^OcV=DXoyy1|-B` z0eFKKPN=HEOv94U4f&Gw&nyly0P(Yt@0Mkg{o!TS_j9$<%523v5#&U@&_xj_w9%OP z)y+YY^he+OMjDglA0Bc#uRK<{nZYOY;?pF2ygPzYBGrGBrvM_==%p*QSHL{}*(=ke+9{v@4!YxZgq}M$@?QEZy$Ia<|`iZYF=km38 z_i6>}==3-?FCV*UDKbGL@PncVcU}gSd$XHCN1sSvML)?WST}{t4|P4tS@0g*KZ;yh z@SaZ3rM2Kw@=n9Ec!}7OiZgbGINQZ@SuA9Mzx&xM4`mG&Z7;qm{M2dg<8je_F~Nw< z3fCSI2|mykWdjC8h7%Y8wiHHzCHkkeYa@3p+6VpCj%p7Y+YgA3l%SRUWM%#mhmh;a+>@Pv$KTMz6w2HdlLqW3l|~Y&PGneUO-X3+WD9?4cxiSsqdrw06b@2RVm<*} z?)23k{E!_xBaf|>?7kRotTDYVd#i>2mCGN2LJq^Ug)Yb`#+IQcANV#8a_Q}M;GQ2F&WnGx&NY1h z)fwsiM_*rQ)W;w%R-a-PAlz(3AHA2(aVI<#mK*9hVN>>Pg4rH@9b#JIP>~^-hd<23 zEnldPEA>rLPgWsoW8+|rd;A?Bkq{wSbl8;g^x*E5uC8|7B=fMOTV*W;L~cE)C6U5W zGvn2Qnip;UvpmBAa)DyS5dd(;`p=ty+b4z9@5zcRnP5cJlFR`hLS-&ZXp$p>YS8n45Y&|4p># zl=12E(1{0%o#E%tO*T(m^G14aMoALyR<)0C{Xzx~(xQDw&Z+(pC^;yc9S^2{2nBhfFAg<|K7338jkt!1fsF_{G$RjsdlPcoBzGe=c-L zKg>ddWLb$Pm&8iu?>fuK3PM*Ol;E|ynit8XVx7W~24E(m(yQ`28&o@!cw99Xbln2e zbc_8*V1JnuGyqA?-~hOP+3v>0ijPUKy$dmA9hbMyA3U9v`21$NdStuWFR>v$KAqHN zEmZ4Y!16DhQ|wN$#$U70pSiD>f9JgR!2Gd$H8%4iMAX}q#f8;tW7c0{nn|^4=Y2RF zdQ@g@fANQ70^I!-uIpgJ5qgM6)d#3-^E7u;&#Zn=#~QT)#h{q{&TNP<6(`S(`!N19 z+B4Pb!IaDP`0#*OxCgY>6yi+rE09MG9sqE;IUTjS0f0vfTEuO9-En=F zsXG<$zGM5`fa0U0y*UiFiEPZVkI#A)JB##R02gU|)*?w%BQ;EPprc>LZscMcU671m z2*g=bkr6z>?9Dr9Ps9x19l2>3()2fpJc^ZzZY5>J=M3#TcR8P;dD) z)m`I)H+p=*#0m|C_Kx|~FdnseR}SYpk0jhOnSiLg%S9uBkn;?5$_;C zUN0Pvj~GwctlPyrZ4uW%>CD-PuSq09cNTYq&dcmC}1rjAhv%`s7$%$ty;oM`-Ww*ak{U;q!N+!HdvX838o;SdMH66rc5Lu zTQ6v}u~;@K8fp`3o_CU$+_uAYKmE0HHyBMKPq!->>=7X`E>a1x?j|z^%&W&@^a?2P z=pW+IsxUh$8X6k*OI^g|-?lIEN$tcGVgPEulo9~cVxxDqnwM%st9AcX^5pZ}W@uUI zpnO$4&T|&K>@kiXbhisRdXn%sA5YW4jS;o${nf~KD0D-JPfH(CxxzVk|r97&+ z?1!kYqG5TG)^>ffMyiEmO_-ZWM2V{mS;3|1l%wqFTh~W5GVS~nhM_*aoznk^igz`P z-VPn$EMS@jXtjwg`iUzLi4k43H4P2*W-@?^WuTkuvLW>T41A|odeV*fr+VBu@YC+I zx!;pp57LcGFc=m|79)V%T{4%fH$jNhPvK`GWW_TFVL{r5dGH8ZmacbQW*w4*1W*1Z z$M*A)^5G>Uhn+ELTaJN^_D6q9_b+%q;^^3u*yrQJ2k;yKXtiR1U2Qo)cxio+=r9Ki z<|JWF!gIi3-z$<(*1~cRsx~a~|A9ti^6R?9o7|CmjcP$up&24I^qkp({o#6o0!lQn z?(m=^c~*&gsJA9O*o7w?5yHE`;{Z*Ej%WB7nDk-l5g*~D{XmWc4q7GX=vS${Nk2@(@L!fzeKDK>Z(W1<45v=l1h$QGP|tvgqZ_2L-=1k7x{a12)Q|+ z%N^Hzv+xo*8!>fTjufBtbS{$25vS5hba8C0g?yD@gG^Rbr{--sO~cQM4T(_+ zO_)EOVCUYBgNa}KiUQi_z zc`9MK0@s(3^_s_V#M~q)e=_)dBl#g@PrtG1&l9MROG@wuy3^zsQ2rGr{keRwURmsh zpl0c2^I)F<5;F%Cme%kvCnWM31&`n#>eB<+4)tRNqkTBj$aP;heORs+mdV6 z4k;puBVt;5lsG0+aGmq*uybE;;e)`NrW#;Q*l)h&Cgp)1$qpmdF^NQ;qv$az% zPm_l2jdKjb7->Z;>H8heD#~rsQl?dSJHnsQOAzitW!x+gt7R^o7gAeGqGHNL2iGVc z9-0cKcti6o!mE;(UIKIl&8h^uyI4(r_IHt4Ldx)^c$xzPH~(uBmJigdg

    sY${OqL{qKzNq~k`Gu1q=|*VhSL%iBa%F5vo3}c~LOp%z+!-x%lHHNPRlxM$`OGm;RW&wp`s9Gn>0POhU-m%WE+wd*nz8M7&Gfny9`JK zFoOE{gu9+Bhlp>aI_~F7FXo$B`gbw?+KMENdJ>o6#daWN7}gY56eqSE=$H-n%GMia z?e1yp8Zu&nYV~GVh3f_$NiI%-lU-`EPuruC z^e2qtmGnpJZjhWN3$dam{@Bm!f!#fP+$_fO_|#_5)LtMtFw4r6A=X&lCpLV{Ppwl$ zz=YcJEzgvh2J$7DK;Dq!4u8h+VX^U|o~Vja(e)-vU+|m#v8?tDMOx2jWS|MHlhiGJ zhYaWJxASr_36c+QOygrqAm_`{1*Mtm?ow^)V6ZoPGB$_*?4IQ=L-EvPrv5ZNVWF$G zd0E(oVr%Gt0`ND$2SC}U@x~W`s&v+y2gk)GsqKm z|Ap8rqsmzxS95h<_IzP1Yjlnu5|2ugs<(ifUn#Fuww&z9-n%s zk-Mv16$6i!>$Z7*@7*55bQ!K3jVm%0Kho|5TXk;Pzze;nl0#`CexN}EGL}glM6U95 zkr^^3dS3TjGkVQaYgG$122xB)>D44`MNojVY#qOhurqnFOd`^lvMXz!jQB3qXHVPO zs)j6+hzRZi*Wz=2k6qWra8Y{ur82)%Hc){gUxB?OKyKqGRvmn-!JE@r<#a7J*wwRi zgWExruhRQsk2E-Q;I|sI&bsl{7lWC>sC-ja<}TZQexy~9`d9DbD(5~X?Y)S_1ESH} z9-6$Z&hW8&)DfLZSPTxw=HCBw>20pby0bVR`-z^FZgKn@(9^#AQp)uE2)E~dacZ^+ z^X}zTTQ{K1$u=s%-pSSpja6tp?lRp#LGkodS3zKYz+Wdx#W_2DyFbg;n0Ac$MBkS- zo*MjPi#Tm_tKH9UL_|0wi_5$WkM0+(*h$;nthw>}!#KiZM41Plb5k98jUZSvns{3j z2%^*ARRc03fl(BLLVM`jeIoZJbfI`i)qNP$AzUX$B$+CzyX)>J!ljdQPWex<8k-61 zWoo0KOeFdsNRny_(Yv(5XbqOVgx4^a3bD*U^i4GFuY1wqmzeHQ<_EEKV$UecJ~`3g zsCx4Zc?p)pY0&vlaqtfQkd*9*#v`gi_K}O_CzKvI4?z}$9U;2PPS*1&M75*}MTt$= zRzVRapl!AY$&7t47zvip7MJK7!aMpQo^d{;w!`WwyYPfJv=kS&{kfIoJ|$XL?IZ{_ z0(rm2yb?yXhgoVJS+6*wDXhaQTP#FYgoJ`AE2)qzDa%5&PD`!17!+TL4qXUECl}sZ zj+e;z#!hLg@3MYs&_1%&LX?q_!NwU~4sIz|H7H~vo}?4V4p7|Vjb%Cs^$p=D?d_gi z54T!#T{6e(0(4ns^o?YOgjNJ-;7@)eVy3p*V8#i@b}jvz$nY;ax~3qDHK1ut)d5(z zO)JP3UoTX5kjA7OuG>NtSS$+{4)78VjPw>h%KPG{He9f*o7O~%zS@ICrsgI;yL})^ z;%`*;DI}0H+bVX8h1$L<`S{Ioe5OG`RJNYfZ6)zWCiU3SckrruF)V|Zkn$#6#`L>{ z?Ufw)`aS^=M*uEAc42C*N>Ioa)5sRg&={kZ70KZ zT3bU1tmB(pv|g4jYE~;*r>R4FJmMZr4UCr{tV|P&gNFPz(b80#;jyor4G>`!nS)6p#|cO7>?#_T}0g!lf9JxyQ6p zc>qsWko4{SW%7@NJ{2J=%^CK*nN#+oSJZME@sy-Q$(HB|B3+n#4}~0CxKg~7c)!c_ zqq2RbWx#i@$4*h;^8L#<-~B#J+m=`1l*uOWp;qzE#$!?DpB(#^E(HqhT2J|naS6Q~ zpz>%U)kQQ$61cK+nXr`(=x(A3zq7<7M0#AHiFBITdsus|R49#8VjI3$DMg?=6(1e@ zpxZLNNyk>}2isY27+echvitI}u#+5WsSUNT2=AI}5X{1MMK34bs!w%N7<5CO+f!s9 zAh~T3tcAU^u+3|Crq_-=Kk)jFEjeI_w6kDL0)1obj|rZ=P`Gf^_cM{k*Pq2M$K$T+ z6$G*=?OH%Ux>`!$wes`4s#Ge|n_x9QrHtjIw42&=8it*z7KU0pffYD~4|Bz+m}ZZk zZ$l}oJx+TDu2yctEmsV#h(|VsJ5m+kTDemd+qqKek&wZc1b(Ly?Na-ivRcplVe1o| z(KyHhdBSS7I*)XB#v|0Ntl&f~wmznzOt>JwibhR2^VzDQkaFO_l==@d?mLp&a@{PJ zpDJtQTl!O2-~?BO6WL{ax3RL6p-6mm+7)tlRF${ola>DEpsbLbjPT*u!nJ;#eNhYZ zM+r<+5Yv-AWPu}t+OE^#OFptKOWv@&qAn~HS4HR>8Ux$u?wu0OMR#j`>XIw=72_kZ zOX|~zTqw1vkpFBz2*6MKX~)>TD{;pw`1*cKljWvYK^+_R{Q-g;#&)gyZ5Khk8>4H zBz!yfCe2`|;mIuquf>|HNgb(#T$u`bGBP8C0pUtO07iBZ)g{PF2tM;QNN6rBd^w( z7Fik``CDmlt&Qb#__C{#HTq_Bbn%G*fPL!k7Lj3CeeZFLyBm@nBV!sA+pM8tCR!=| zC;)247diY^qC;+v;-3G3_tcTDOY9@Pb-Go4H%mtp$$hnam2zJ$&5Un$(0ssprxU71 z`+3@BO8dGDBU>t<_-kRwi57uS@MAFkSxJ4V5a^2f@F@4rZB&%q#J&gJGfLPeME%*` zzr%iVKYsO#?lIE^_VbnC<5P9X@a7{(QUB?A-#>`x{vAC0{}kHLzl9<3hmWO`x^;)L zNP7M4AdSQ|E5L8Y$<%mmY9K|JCVaDD$*)dhB7(=SzZ*v|_8+N_pB+E=EA+Ctdb-VR(9lL_B$XgpRulA;={MDGW41Wg#=PUMgD9oIe8c_o&tKd=1%(@KLAJeHoa zH7M?N(h%Oc57fz5-91WFDf`o**!Myo!RVyaBD z{bDPYH6DZs0^0<-5$Bz+dwQq0865Yg1s$Hhq$hsC4q1d+H zBlW}r&{s8qQ{xbWugdI3BVM6me1ydl%$iLtLZ?8_RH`zv+Pkh@Cg|1jsb|5M1q~-Zt41m zP#7Nv*BhFyPiE-H7+y7e^SLjxGv=^10vrfuai9|;uGGw?=ssV=00ExXo`U>@JmRZI zWIjv+4{t{W{>sMTd}T(=A*43}H!-eENsNPZ#1t#CU{ywAq=4P2iYDaOS1UN~QiD6a zzSPe&?9O5G?#!uG&LPr9wdU=LtV+JkLLKC%+>Q^1A&%r7uUezX-N*TxU|pkh1JT{I z#%7I*+cRlJvMUtfYbJ8Y#3;N&3Y_2JoT?JPVp^@3QR=C_5BHKx+Kti#PYzT?j~rIl zfLA{`pE=X^=GXcbh!$U#U?M|PdMS7Y)HXTGM~-AKUK=AK6BG19MT)3G!!-Jk$rewC zaE)|=DwoIlWUrl!i_ErR@5l!2e|X0&81^_Bd7dmq6Jm%h9u|5X0SE%%Op}Eu0SB*3 zZf3No#GpQ7L30vs+mcEyq_}$k;t|i+5cZxs(XfDs(Pjtll~RT3{k9}UZB6Yc_fd^h zKA2?dUWXfQuLc#>QHX#;A?Ts#(hc&7W{IO9tSmd$b2x{zTS?!l<%tK{3nv2R8(yc=HfgU)SRwFsO_G)~OK!_u1r# zH1Z%+;Yh53zM)Tqd-8&(QT6dR=-$q-{@twiPgb`5U2ny@J=kzW``1m>JlmMgt^V=W ztd(_Vu@$)Rnd)-@WiYKf2|p7pWxIJ9{8AcLLR zzA+>z&Ei>TsADv5RqRfWEL5j2Iu&?52oRw~n?j~Vo8X+?o#m=G66&8a+p2|Jj5`mASyWNe zk6dkuHqc!-cRvrWg~Mpkjf=*#2!MVO5|eWPVO*=pSMI7;KP-rPTH?aSJCMXRm)S|1 zKqFj5%KcWQG`5=7qKH1y;60IpIV2C1YGy{O^**cb?-`*Rv7rv<5ixFD>$y2Z(O54Y zk>#|-hO&J;m#;sZpQ8G4_*O_2mwZ~YJD_;)<&2%c?$S^=~{87LP`(V`Cv36Yz4WIlof4M0G*>-z-Ig~=13Oq z>Zj-nJ>tUjzWi|TkzK0Se^rQDs3;s+;zX1YE~{UTMNLO1*Q+^$#&fuquS2~qoWft} zr<^eb5=n9MaDR8af%1^k*5_d4M=?Kit32Ui+d+2Sa(`;q`JtoWl>>i-V8igH#c_rM z;dXpBq_2v)vcor6EE=9>II{N=XInU$!UN;IBYB|9=yR&Kr9!n~)xoa#NQ)xpi=mJ< zb=w!>IgLkl?BeCg`IXnj6UNlg-0C>8xNmvTynGqEZ+-|j>sljz^2?lrC z3PHdOxUK>t;TN^##@_&P1x2*VpIr)H>Q;Ti?)xjRAfDVOS^TN2uqglwKb^5ZuMOErm#0mkDRC(YsJlt(1#nadm-B*yBJ zOI~=XX$>MpmZekX)Xe%v`$n-p)E0!sF790+bB^yxhA(xRIKS#G8dju=An>xH zI-e8qq$y%DdTLs>Fiq!Zs6k5bOl0#Mf~Ga9Hd=uc&l z;OXI8eE&w>%^>en<$YP-NzehdulT%|>8l`2`;E3x=!Pl7LFZBi3?3!KL&Wx&CLAT= zokC?nv;1&2Qe2Pn71m}o?srDeu=k-TeB6h^qS)mHQiSIGBqcLdGUmtFAC3(v!SjIX z%IahqKJm{)kv6nI`u@yAP!QDx5oUx~2vj#tlJ!hlamiI&#(ZBTY*t7H1t;9(wcWwd zD*=eX-~HO_pA4h=yWajV5c#{e>>pKE{s)s+LZb)Ck~78mDri^h0#{Mvy5Z%mus+sV z0B@uw0e}bzhn75&c%}EElGLlgsV457`f;u?^@D*nLNnUwjl)HN)$RJXixGEi;-w$+ z+YiIvyT9(F>=v^&p4SZDCm)4;9%V&z1lJA)3(F4-7GhxN^1D~0%)vF&v9gY$K zUe&)gs%8(#GNbsFyZEw2^jBT>Oh4$8z)y*~w@~k&*1~0f_V?e#p0Dz~yG;muMC15L z9Tc11b3G$;V{oGSsbB}suz0K?W-E;bG7&ghS{Klw0Bi(kV|s|~O$}cCU*dHX3~rV& zi9Y?THfwYhev96-Pp9LFR1c3= zj|kg?|8@3dg2AVw_K5PC2LdYMbJOd6Rq@@{52&Nd9Yh-h-RdOYoI|JA?7CXHpZt)8 zYWMpu=fAkggmS5Lzx?a<+1N>E>Y)m#VtSozMC!gJ$lHJ3{HMYGpPj^^<^AHgZ zIQ+P1gjZ~_A7K8QP>}y%KKuu1xU$){#-zv;Iq)&&SLDz8gNHTAZcg=X-!QLCegmlM zT`1Rx%+-F7{07KN=n8`tTfIYXng2Zer%nEJi2sJ8futTIGfIX>NsBCkUMCs?<0Fj3 y=SRX@pP#P8b>~RQ+;}4JNy_zEGrA$oZpM>b0Z`Li+aD~!|0c2eZ`>jMz4$MF6f*Gu literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/iface_static.png b/docs/images/hedgehog/images/iface_static.png similarity index 100% rename from sensor-iso/docs/images/iface_static.png rename to docs/images/hedgehog/images/iface_static.png diff --git a/docs/images/hedgehog/images/installer_progress.jpg b/docs/images/hedgehog/images/installer_progress.jpg new file mode 100644 index 0000000000000000000000000000000000000000..20083997fc3fb211ea39c8538d5cd2f02305a385 GIT binary patch literal 23568 zcmeHu3pmtU+xH|2<&=~|$aX4}$f2C3*f}I@iN-m``M8rq#$h^4l!hTSL`ae_4uhda zD9R9Wn2cePoM{XuV;tu6&fdHC-Fsi(_rBlW&-Yy4cRlaxKiB2@U+cftz1F(j>%Q-` z*6+t5a=rjW&zf7A1Ga7B0jP3+01gRY2H4K?%k#_M?c9fV2k$Qr|BfAeI|TRz1qJv8 z1O#`B>=xW5yh}hpNK8mrL{wBvRB-nm@jasA+;`Dmglzkz<#t|vZbQ*s0=u}SfAitI z28i(k3V8wBw}}CG#I|i0+s1hdkO6E1@ND0<4eUr9^%v@%zM zELSqmc5at{5YNAzmv0--P66&`12OK0?K^q7ljGsz<<x-=SEDRyyvz^UXMC1hAVclt*m47yt;UXr&gN`n`w$o^SHj%Y2|E zja;~6mWktCy4(Zznh5>M&6jOsI{}Vq-#TBsbH4n&cz=T1_|na5YPeXRPu{2(?-(Ly zD~C_+YOefw?agZm@T;0IEhjf`R&w#hkVm)1E}n?{@U&Rz}H8Z~Qtd5`SQulVO+2q=av~ zCK2Ko-Pz&3dL_A87*H-doq0K>W^(_6v09_g)X}X0Z)teTB>qW@PWLQyE~l(G2Q_c5 z^hQnBx5U4quF&LNP_%8UjhM~}cxJ0V{3VCIlzD1 zV<(l`vBVuO)H>!JdYi3mj;dQ&t-r5Itg!7QT0K!o7DMQJ6(e-Z#^=D2gaGh}OV93s zKgOcA;H_Y^6+O4|ldXiRCgQ(HS=(lAeytGYCiSkn$Mk!g+y=ehYs1jKF6BpDP5SBz z5(h972XF1z1G?jdfrseyk1%?5U0afpLG35T-eJ$4xc5rGDSUb=m0)cM5?XTIh*gZb z_kplIj==V?9QCQiT>HG*l66ntS%Y$EtKz?sdUmApbdI}+Bbn2hplFY$rQugYheO&u z>jr8%hlWO!ua_2mo9nMAv5x#Y=a>HVvFQ<4>D?~HU=x!0aD?<-t%$kOagyM82}Jv9 zhdXTaE?P>&O!khrH5OYHtXriuljDGgC6;++Gh4NoxDt@LM}aH^Y687qFrQcx7^1ek za8C;fiD=a-u|00;JY6Bx66p&cg>(sLkO>~?6u4w(iNL$k++*dwa0+s&m6h~1{mYr4 z+aL7sL8^+OISkpPp-AkC+i)|kKD2Ko*G813uquH~=%7&+Df25sn~jiFGL@aDI8-tt zn|S;nC$FFA)A~Hd;-3!Ti@x_ z++I5}7~Xo_N5evT&#l1GSS(o8iI{tWGOU#`GIhc(DA-U?(Jd?+zIH1pqkLGhRUUY| z)fl{cT;C&OePf?ale_&66fKSNBfkLrMJYPiw8Ed~=Q^Q}VOIBh$G9Y7lsq zFFUGu-qJ>d=xk?uq|E8P;}stMdN&!Z-O)->ycb=_8Hz{2@TeJFaOGRSA}m!`#{}mN zmc4S(GIJ@hEWkVX7W=^szW7QHNZ779-Jw4q2=PJ|=w<26nK-$;{Wf@ApE1~js8bu#EJh!)^z&=D<-IR`6yQO5c6O;g%Zwa~!dw zUkcS8tcwT;cHwHmh9K{#**oLhf}hal0OS!f%97T`$u3$*S>JN&rx3Horvpx8;l;dB zMUn<2YMvnLC5*mZqvRhHl_994RMmRt(ukcY)Shk*TPYKxNL5rlUqPVfpf}wJU@x{v zKrBk!99V{wXZvvgp4}~DCA~N*Gx4l;myB>-AKXjQv6w57Bx!zj)Wk5ZPzqwRGCFW9 zcgCX{<`RjAO?>RhcC2ZS?uzhAZ1cAK`3KC8{xX3W@r?SOgtWF`tb1%_$QYQUHy7LU z?Dkc!|J?iy95wD5w$LIO?1g~Vsz|VAh$3CVMVn4v%@LcIG!2`Niz_5JH$r-+rlyaL z;EiPXWYNCGDXa=Hoj7f2zqfUwPwm9ka-JRcxJ?MTf0A!VHmtM9Q%0b&dBr^@aB@{b z&GFVrFn>I49zP?Rydq!lwlCQ--mE0j1k9XDMbMyDG_6hS{n;GR5`jV^zj@o(S(w7G zsui^IKE6GmtvRg4@2a`8mn1#X;Ym{AJ_r2Wpa(S%++N=}lC`6o>r`YJuf@@4L9Q)&~EHSAD8S}ksFR{@c~P=2V!Y~(_J3^)u`w7&oD@mY;6!3*t+0t z^i1OP;e|1R4{$81YA!h`^=#c!_?T=HHQ8=<=4xA&=VXZ|&XNrT z0%g@L=1r2x<*ms}jIojuU<}9<6rG?`OQ+M|eq;eiOib6nap*ZO&81Zv`)3kJ5-4LY zXkNCypvL9Kffr3PXq*J*ICbr&%s9;e=K&`K1%M@qp<%VUy~j4OnRZl>w8cC_zupp$ zCEOYl8or2gVCQWb0IfNIhyYV4Mlg?BaaLZdL@+&T0ZNZTfE-|P&0tA8{zz8k{mAsE z3OfB-?{Y{!<(^Ic2shWL?sRE{Ti?2qtGRs439z`!?cTge@sA6>UZi!XupED0M z#aIq5z`aBY-g?QQlYY*vvSh~7U?xDZ`3BtIep!5X#ZqO95h z%HloQG5WX;zOC_Tkd;6oL#{cZj#<@A7l>y2ej3461%<@mZVdb(05S)l5o0Vel$eEzOT>L*8>}VfE=4jE4V#Zs*2zQDQ#k?I6Fs3d zj#X$B9pk$E*m;*&JFL(p#v?4dbFg0JgJJYJpXisu;v+d9T5k`@JX19KFQ(#C>X&e! z;PhrngdLCq1D|&;hS&5+n$df$8?cr!P!bGpC%l+Zs-%*Gg$mW;4R;Jg3_6N z1{R?u3&_XGM>S(nm*0h+VQ~SP1q9G+FRxL`*kWU|hHWlTuUk z;n1ZKy}K0j6ICnW&vjmJyiZg%f2=>>baPpnJ&X#m>`rK}IaABmIj- zum`@Z$KCw6naikOKwsa;5@f8aQwD{Mu9o@S@a>y9Sve22W37VuDg)c;AH1!J4AoQ$ zt8pHA9lllZUsFBawhp*_F{|49g|-#4EWPW$T|VRC~wOg7XljVvY4cA9mxylpBOgL?yS%ubk+}F7gN%IY-%C& zHeWW~6C&R4#SRd!M{$LQ4aaMqzmR zSIw@FRL6F|PH1^ATtnafy8azo$3MfZd>N|bY9 z8ah`mNKTQ)!bidT=ZC87(()jyT~)KQE36jz-S;WC`-@1nu=G-rRN|C^jtT{iMgnEW z!cjhOUwE7W4&?`r;{dLhC|~ER-Ie)6)cZ^e$o5i4)8yyGv*Ra-sjvkbf0q?3!ur=gOC@0Cq-o@*D&7xz7qIjNC@w+YD&%@*5Z2H{ou z`IFW7FyC6C@jm&PYs6IW(y1gugQs&rTDdzoQf?)|$gfJo2+KV}(a!1`fe9k4?qRy1c%5B2<>Rit>kXmYqEGsg6Xzh!}^a_1*?L5@oZ z9F>YM!GRJDn6zG&!QRl=02c4q>CIS0fg=9)fcBD@NCh3`+=-{kWDQlgg7D{z^+nj3 znt0z#m%xh5&|01!EW=O1(q!%!86Iq=sXl3A_Q{B$66Qol2xRhc>R>P`?E3%S)(`!E zF?Ie0DYZa5T^uI!`7MEz3cVwUz>^_rQRqwPSx|?jGwMp4(df-Il@VQ5sBn$`5;`rX zZC7{227p)zM)QKg znxb@5byf+ey?|y>{#cgxO!=Klr$bt&I`Sf(_J6+i)$ymouX=l4*y<^I8Hzg-UM&{& zKQU@=3r-F8V2*TyCA;m5MP9Bc$Yn4s7;Ff%0mL?dCRWTRHi!4)=1P#_)`a8MlB;A5 zFiD_DI0L3QD&Px?E7VcoPy9@5*GkjO4C(28srR*Bh7?Z@Hms_rvh^?8R;JoijTf2c zdA8XWbVJzr9v^xqt77sOm$*5?c>a3TX2D=&atw(9?X?}l&>?K7am&dVZce}a%|^u_ zH4gmrVQBWgxc6gjq@yy+?zY6lvl^t;jB4=V}M;3=1u`Xoi+OWb2c{`Fm$VM&? zLR;rL2{$Y|5eg(xmpjiBQ-h2#hpeRYs~7Am>QPlsmut0$?Gfja_FC0`1&~b|8T&>dM%09Vu z9aUWRuo-wM< z@j&N*a8=G=IiihZBwRsm&RTh81IY4-f?weP;QnmT3RHX`yr@J+Q3EWWZ6ib_%X0v|96&w9b5(WFzEs)S zHw#t!Q;xhCv+tg^6_c&V&t8~ZpI;A)*}qZHO`7@0HhUe$0f=z`zD%2h`YsD96kk=c z1{K;7j^O}e7S}Ae4%HK}I$yAM1?tWLykUuuGB+8F%|s3WXZv}vrJqTg-`MyXrnv%q z*w9nTOujbCR%Car=P*K%hzYL4_q1DNOYa=v02Wmmr+p30eoR6Q#x4* zEEW(tSrQ)OImd=XGMTIT|A&!nr$9#;P5sPBu8p!F{;b|1=rYudKE-ZkvkO|N_=d(R z8r0YzF%eRqLIIGr!#Fj@O!$^#cGr zgbD;%<<^l*->m^}Y52PtZ<)l_ zqTBKkTYh*eaBPL<|M9uRrrU-?>|aYy`Ml({J&tix;fPGyn~lZ4mlMl749nAI!@KsX zK{5O68zCg8`uyQ5L4nQ6@M4CsOa^6_vUTag9JW!v;4-hTW?9-;ch92$TkQjf#GaI0 zcj6xLKWEvL(`eJ14}D6UhastI_4_-P4|qo&n4HsyP4$b|CaKa2ZYfjt_tH zj(bCr@PK+2_(gu4dt%E0=(H@!uYU)XoBiG#_!}(O_c_*@MK#%af&JB2`)e3_HkX1!Ymh{@u z5ZMVrTqsIZa_=Sw&>C~ZK78}h1BYSDkU?4#?fk+nT{53eK>f`R&Q2-(Wktnx<3>11 z<{9DVbw~I&Gd`z0oPE$tzN9CU?$tV-V8@E#0M4;4_~*x}uh~g8PVzgj26_d2b1d15 z=}7HPr6ylkZR?)aV+Gjb<{{~uE(2^u5yUD70A=DBC-wiGmK1UNyGz#E;skB6uC{1m zTSUD7Im|(k7QqSfU(T@qb^`y8Hu%$B#>wm2n$kJ|0AIx)ZaD1UJ~;W0O8?vKc!WX{ z8{T^kWQwdIPwbuH?RXW?2LSBD{9by}V$X#sVMmp&dKhWjk4rOMmz7`g1Y^X>OS<-A zMt5YLVm4WT{G-&4ywLA7McjjCBqTQlfZ=E>vV6^s2aoRVGXl`hepV|3Ap%mP~ zS7eW<*}{+~XjY~RZkz&I5anKT-KNiG#P^Q>v|eSf5$<5mDo9$9TNvVE0|Tp>Baw4M z%%~{nAt}OrM`5Q82ruZ6_o-AhSIv?;H7W0o$zS%(>8K=AqQlK@L3R~uil|8 z)E~pRr!p;acm4R&hx#B|8`vg&{OVhE)Qe0WSCKbAJfK)skCKjDma7e|&@k^v|9q#C zc_eE(0f!IPrH2AWh?*arhMZG{3iX}s7nBIf$WoGVmzp8MP*D4>4Kd_0y(|`|s8yXe z@@^QD;T|o6ijXUk?i+N~g?OQ#b^QFwTY}(bb^S>4myEOYr=Tzj@&&@Vo`6*Ju?+ul zC~;rcx8})tOb$cuTJ*7#sW(_>LZh<#M#Q5Y$hF#dI|t>}eyS;Yu~J=hsBSa~Cm&Su zDB`$`z$nT+*I8o73yV|us#PH(Lfvtd7&{c|wGq>k2pW}X)=%XCK801Zz)1@nz#T?{ zod~0)hJa`MWbpieK}5Fyoo8?C!pOw1uF8+Qj&?4~$sNDzuzoU!CtPeo4`G&CC1#R` zY~NRoZn?eU6_6r+_pDm7dVCX)#$K(1<`0f!;olCQ@y-@`QPbmdF^b-(U-%Zh>{?ij z$qSLyfSOSvh0Y(Ii9nb%X;xu;yOd`u_^bDH5gt5x#)FwZ5KB?p<05nyeS!W4ex7#X znEWugkw?AnGhX8QxRt+p1lTo@C|X2utDe~vTmK~Y^z2v~Q?=os8}o5`CS3Nn7w=zdaPY65GTem1=!whtnY&jmFS)Nxvku4aPo;Vs53VC# zt(xHg!pj>52~4aWw00X?e3;Q@mvf{C*Az3BMJrzR(0_NerxNcq(UQw*t{l7Q`fYBQ z-7R#X)_n2@A3s;Td%45`=LhkvtW-WT#N)eC>^~?EJ*u%4httnF~Z(#(? z(CUQV!K=0xuzk7yFggOMp>z9^OTBwVQ^Uyf6uFc%9e$DxsoLA`Py$hI|J%@L)HQml zAGYVNsYReeu^xOgCDHd(_Q1Q^ag!XrydBazo_b%cQcX14M=pjOcTf2SvWac9iB2>? zoM@lhuE;!5&3rkH*xT5;akD#Tb1~G&cJ(tPCn_?83nR`lPcBC1fY-Y1)a`xLttZTB3`sDRP*FjaF2Ral(+C38Z5 zqjFFKh&H6vTI1#V^E1hPIufF8RswP5?k+TQOnQC4d!kAIY~i~Ure3JaknH73(~x6x zfPjhjfh7I5NBtvrGsLz!k*!Y~Jq0679@_UAWGafr=vR zxXVXo6ZQe_<>QR&$or+gGj_Q~c< z=%=f>Z*!4xOeo(LjCj$pKrNTQP5&oPX>^CUrJk zi&U^#F^Dzt=KvluL#yr(1K41ej1BPRdH@G7C!)py!&`{+EkOPj4PlFX@!ySdvW#AU z+zqUXp_BbFNcgVHseY}6e&X5=dZhMu^)kI#79 zZ#(0iWB&mk6P)~x3B#`a0t!RcevH2D9yrT`(2g&C1xf4QRblkSe&*EH+m;Tt>|kpx z{Hyqb%2O(5Ce5#L@BM|ic;$aQ6aBj_zXOy3(juCuwM)!g+QkFEp>|V;eueGkdpa+^ z+0dW+6O!`VW^c4eXN%dNFuPfVxavfk%|AhbjhbsmZ+;8!`x9VydNqGRJ~J`tk0@2U z@4f#CUL2d?-?(#Xtng1D;4ZQ;5vaoY6Q*rzkiP=Ie??SpY4TTu{BJn&Et~v>O7I(c zerw_U&KcNpLBBI4ww(FzgqE#{^9v8?H>~hh?EaN8_1`cHIy9wz(tG)7Aani&9 literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/installer_progress.png b/docs/images/hedgehog/images/installer_progress.png similarity index 100% rename from sensor-iso/docs/images/installer_progress.png rename to docs/images/hedgehog/images/installer_progress.png diff --git a/docs/images/hedgehog/images/kiosk_mode_sensor_menu.jpg b/docs/images/hedgehog/images/kiosk_mode_sensor_menu.jpg new file mode 100644 index 0000000000000000000000000000000000000000..e08d59838f53452094e94b7a79def349746923d5 GIT binary patch literal 65157 zcmeFZ2UwHYx-g2P*wH}YD1_rLd?^W}N+t#6fYz3Xjjt#`fe zx81k>GvD`ydIoxYyLNrYC%5zC+vf6JsyLYZVd-wcu?cckXfA4|)2M-?D zf8fBu!$%JvJapvHfdc}90!NO1|GnV%2M-?;I`+NLPWt;_Ub5?#mb>@t-)Z>$p#z6@ za{q(Z_8UII{k!@0@a^6u$oHM#uHAyWw%_wf^6ldLZuhR8i|?-&|K8nu_U->}*MXg4 zm+$#@I^MNsx4<6$ef&GH^7HNbZucI3!M*#A3H`WV1tu&a1-fE(>t13`amNTi^!&}^ z(nyP>1E;UTeecGrsyPNEsB2uqJWqaEQrdMwMiXpq>4f#~mXk-|^UB_`Kk7Xo)O7Cj zBk?N)zrgWVDE`vV-hKObN(}^e?SS#!uDyr&`Sx zgCmeP6B0Xw0aCtq&tHA{_M`Mp@0g-}_wdCdr?H=8uHDb++UD>b-n}zk!QFy_w7?87zeR) z0>iojYdP3G$@;n^-;A2zOaVHgzKz!eovKb+_$!70E9)Dsg(K1#j_%woX zS#xNIK%z#Mnw66{X4y7Fi>r2;x2U8rB>=M1pu|F2_te1)(h2$?N~0Z%`M6n5z+zNk z5-y~=u+7(YvMu`-E6_k}u2-J!MM@>0(!RkZZ^yWkU8Ku=pN1IOdMs_c$o5R00s)-) zC)1g{aCp;ufxM$Pha&zS2=fyhT)S2qKkCZ>#FgN?f zDva~(0X{y~-LL>MDW8^7&h!wg%s0(vJG}1*P9$h>su4HW7>hHbuw;9CP;Pbo+PY!P50u z=o5&DJC58IBIPO=mC+^@8oy{};u`ZWW_iiApVTEOgKGZHdXas4cY8_&7!8feqU&1j zD5>e_*z08QQN}NzOG+NS=fSwNJBq%Z1XK+ zq1BcFh3JlMf3dlnV*4OBw5G(RD=g2<;EBmz!sKTR$1Hs>1=s=t0d5v=CyAEik=e-h z^W*Fby!MXIwxrI5GBrOo?L&W&sg??|f&fgbwUq-PFVwkGXwr}GO0K=#QAOR;pw>*z zk=l|<>U8@19u_*E_G*9#)J`BDN1dvaopW}|$soTG-Pu&gv@7)SWWu2f$8F;?}g>V{(Kf zT3WhP(w=gnW=9l}xY2jPU7Xq8(pGApzp($Z5W@0|yBp0UtZG8M{H3$5Sc3W$F~Vnn z*ti$qd}^ki)C0I-mv1^v+70gtwMYM1U@(dh0x>dzgYf!~Fz(iKM z=}R|r*vu{Nsf}nsXRo{xJJBEpGB+-{q4+y+5HwbyLuH_M4 zXwVauiJ@+UgDSvvpT;7S`Yrn=Am%wqtrkuPSy5?qu%I(^=pdw_@QKehpKB&%5G3v( z7r#V@Crt0qG zdp-IP{Mh*k*b`l571q7>-lUX5_BgP|#8j%@q-TkjG>D)7V)T4)ehREVaq6opI%i>! zpGVV0&zF1kZjnc`JWSW!>O)@?BGDywDkWl2nNsfFgnV*WcgkF>5(2Q`--8d->ui@CzMe5iWv|t$r<^-uwI1Po0~dRSs*<`_Pfw-QglTr~!MD62TfdmFOo<0~`H3&O||3 zV2K@^jCN)W@>n;^IV1|ou3A<8l(1QW&0Kq6m>^6maes6pKgV&fX(s;xR7jz8m{q~! zNSc#rVNL$eVF1$;lPwU-_CzH+*~e?|I(7PNWpV78>}@{g)!xn4?6&MxUpJ?1z5;KD z4eRWUELR=5$rt}(1<%KKs8+d0+04B;Aek-Z@{WAQqhZpwZot*V_p2TXy$1C$gZYO4?#djDw`y$!YaWmz!~)={$5m zRbOHE$}{WiJWidJJM}{@Vp#xP{;EzHn>0BQ%&^;(K`5!8A*2y*PZbW~Vz>Eh!Z#_) zEwG=f9p#@uE{xUaY%*Hf(U^%cn@T(8*K6ob9I8=0&ufBHHf#ViMbrj-PFrt0*?^nE zBBBc*r`<Wi~{J5P^k{%2Fp4--~(x`&uy{9mHc}a*v1c4Br zR8qH^bIVro@nP=}_>oXwdUMiL%UGt0Jw)Q33W*Y)UL)uN_W4wALI5e=SmZOsp zw>3I-E|nlRM022TPQlzNm0qIViD_4ILs%8L(N7I>7f5DS7sxbonnYCWAlfH0Xin3e zE^LAH?Y*#dR0GKzVo#T@i;ZfQ1%2y(G8yzatzE)@#Zh|2+(aKYt;`L7wOFV(cif%# zs@Lr?R0emqAjU*uxqEsUoCcVsS(NG1H^|)x`|FP!=DV@LoMKYiV%R?EhQgQ z0D}sD%z&y*tyX+$F@8TLq4i4Dlk*m2Ufgr6i|az`StU1vLT>H6QkcE}Jt9(Ynrg1D z4oYtt2b;L%?7UGvr#LNo;rfJZ3C}w7R;?;>9f+q1MG*?Z+fN>kih45j$llUZ+>Y5{ ztt5gTO6}q#C|#UV%3DJPWy^@$@+KS=&5BODtf}21t`aN`#6igKjav~db-^E7W4CxL z_4y$>q_2EK;!7It_LKxLUnQ%l;F?DOCE;rH# z&U-ktfhAO*2>?54`^F6wOwn(pt-1@Zk);(w6vf1eXJuRB4S)Q-OT zuPP${jmGsI`_`vhm&)H0oQd9om;e2NcT|2U_O=+kT4P9de|89&So>^!_*h!<%h!;9 zzuj)Vwb8~(hv-8GfF#0YC391eYjdH7F4hk}3IF>I1;mFR%dUix06?OX*SCc8^aZ)nxV3QONHGG4;3H=ckYreCBmsGp$UX-==^SXHeA ztZNdfff`Q7_dl+57Ql}P0ZT6>1Bp0#A(4J5BJq;aSVSzq(bSz%FyR)8lH zuZfjVl=OX*w?CD#t$3n_9O$y)T+WNEzh$E|4>D1*^gv5@jNW`JYBLiK@-$ng7S^vluf9D60O&Ni5 zM&X)55eHxM=I!Fwaz)J#o3?EF+V+!Tj8101J|DMYin6{Aoc4w$ z#L9-GHsK8Aj2opfw5_#? z^L}EaN}U1lsRJ%xEkH2jZsn@Zo=kCvfavGO#D(-oq|R<9qQ$#wLNazejMe}<^@YVd z6CbU|ExZ+8edu~+sRS|)fpnH7h8<&0ud|0Sr%RW+yF1G+8T~wAzdCV_5sV#A6=>SH zgxj$GoFhL^0zmOuR42yiCB@=aBk^phO7gC&PI=qGPuxk}* zbs80&jqJ!el^#aB;-1J$<*&_VAIDK2YPs~-4kEs$RV;`pZg9Dz48klch=Hu3GaAHt z1>gY{wXU&?w~TJx{V^}}IyF#^62D;k8G|t+tM)xNie+=UG~1-n#W68)#^r$r?tIN>iypMu zg9|w0zLBMGvLHnt0FP3&Dh07mzpR~E85IyKMk##UH>3D&G zQxZT#uBd@Howljmso-Vj?i*$c@9MbG`PLMIyvBc8h4EvIR#dh`Od5t^OOj3rYC|?@ zXoBDD_m70=eAn64?+HU{#dj;%H`pf@D0_{iKL|VutTm^UYa{`JKJNy&6jb!~3{ikD z2=V3p<0R6K+IY}!JEeK@eVg?pCB+}}Ithk}A-?#FY?}|{=wO?vF_M{gd0!H!BUwryp<1Ak`XvE8wTq)hp5X!Jn&SRF$qpJlv|0e;4u75%CQ^ zpW(jU54YY(Xsq&$RKMCMuzBZ#_x!GZdEws3PjN=Jv!uyy*DVc@0_S(3i;9}jcVQP7 zqm7$y4DWyv^M44k->|XkWvEj^uNFC|`k2Tu z<2$yBC*|+=e0knNKg5rFhpBFc0T`v*e62SZqO)O0z(wEssvc(t1zh*XtoL=;q^t4) zuj~{vL@jDXkGzy9GU5kgYh@QS;*0gBK*;lH#uMi=U%2ZZ?kv-<6&mWZsg|OXiFFg= zN%O`GQWhJ$boV3QfyW|=uTjuCj``5n(`oW!57C)w#~P)^_VxfB$)b-vZ>Y4+H|utr@cxfG#}!#xz_gnlALu{_s8yte6HU$u@$JJijVJk$qa?Ml!d1~s_5re z7>lz)QC{RZUIGUf5leK4WRiIAf$W+WPAp5WWJsjf_wSz&A(nX$Z%@S-W9<5+u{d&? zG5)OL3&EfH`ogMc+MycywK3MwdHHeB@sGK&1=y|=O*ds+LB`5!%6V@>%VJ2~rWLsk ztz${AG{1sB4#XkACiHRk?CeBVX~WHbK+Z22-(A|~8%^8%b^RPfxcplkWs#%8Z+~4z zKWHuP#a7zN^VHG)$S{A~Xn+n#Q90Slz7pyr7DGeMgQck3e7@S=o2_%%Un{M)`2zUS zFn3RAF1nLVQRB5WTNmXvLVa@+a7afoUK<03)R50!bV|5;oFCU!B9P}mCEYHX{|vWv zlSpqw8n_d20F%MhBAac#>wu=1;24APJo3HkF40Ym((&Y8mByZ!$F0H#Ds@UWgD5|R znLqE)*yvVKo*OUcx{%NoMds?{9|ScH`PX#VC^6@*z#ta8%boAx<@8UZ`z9HJu!vFt zAEmO`cu%JrHb1@Y3%E(~LI9w{_s9v&aJBR0z%(?c7M*y8)EIilv1*=z60_#YOu;>d z5gesY3N|u!VOjVr5rq^1NJw9-F&Qs+3H9QdmD=WpS+7iqiIu_vJr06_cfcTW#5>Qw90jLRxaogMJsmVDbf`kM#fW8{^ZlKkQ-8$i)JcuJW4=?7aMkuNqDQ4SOntMB*4<4E3zFbP@}8dj54bT% zphmd0`q!HagIkjuCWD}};@H3lY*hEq;EEBjfF35ts6i6NhjsHO>P`x<@ZrT?KkkpU1^C=NBd)w7WFBHJ|H$D0O*3 zqx$|^ian5Nu8`G@E?)46hH0KT70_hO70~$%wo&p!2Bv!MpM5AJj5KRDpJfJKl3fHf zjmHVw($7at>NK_r-q3X}wcO|&>*A6pUm9t<_fItkS4hHyc%&kkM zyU#I)QhrSV?a|q2Fwk>-O@?gkdP%m7-ag9oTt;cB=Ol(G)yS#sZ#)H&>G12cQu4?R zNbz*a;#~OBe1m%xahjy8!C_6Off10Y=SU>-=wmuV=7VCPbKJrGFLU#-x03HEnyg^0 zr{0;@4u!@cEwtqD3xsVxGx|AkT-KO@M+&l4KVQ+*8^{^ss-0yKX(c%ZG3L-dpiHwPlNTk?P2zV;;hSW-_g_~bkWO*}Kom0!OO}_4w z=XrjcFERIBrVvbU$5CO>7%w%Jh4^vhbcAz%L4YzzJJZWwzF$TU5It{oaDA5lUb~m! zAphy2zMmtXbs{fW_Y+M(nVq_TKbzZ!V7+6QoNI+7&hZO!((G_1ER zUUqznaoS3(Xrdw3c!8ktOunnD+pJQGbnm+Tsm3=Ef!7 zb9$Lr$YfNR^)z|$97m9S*zgQFFPX~rTL^^?p_3XV&M;8Uf-ND5IH?!m&2B|&dG-0_ z$kwaL0WC9QCGd}2o3{|8^^|dfvuu-MNab~^UZKp54i-1T?mNz^<tsfGz879XrU>+P=q-zA_hx&TosukBi7%>MjXt6v* zfFMlu`BbauGx1V+Z)$fy%)vhSoUW!Mq_9AKq-}l6bjtq8Mkz|J)rmtA^}2^17%z}D zuj-9BJ+y<|By6bsRG7`oRPa*2?v^fnymk7M!C~4^IBa?#$4uW#F0w^{^)Ty2XqjOn z&ux~_>XV$;%Lku`J>T(0?x${DmI{*S7hD+h>2- zF2GyQ|Hh%ad|urq9JTpnMXv1tZo0HEBl_}XU7(k8djI>K`dhg&A>6&WGrCw#9V7dy z-D-|f%)?DP=s}KLg;s(HL?MkibZh}66iCv#Gy1H@At1hxDzce_j#+KCv4f(?tfATL z8?*Z*fuQyfLNM^W&Xgw1w%hou+T=@fEtW~!s&4rOH!o2XG-t*}0IG9sR;gM1CPV5? zf1uFO_?VssUcKxRenC_8M2(urfiPk)GE}ou?X~(nr9^#UH!nA<{TLzC;c({^$VU)WzPJV z;WSkNzql%pZ%x;6$uFlm*A42$=a#wO_Nl(BK3-@y-?aJ#>NqKfnFA|yguob{dbJ&6 zH_Zi-Y(Yq!x(PIioGhsWx+a$v)nJ?6dN(j5sw615Sa3=yj9m6fQoFRS+y7*x2SB@6 zYdE5yK+k|lBu>Qm*NpfOE5<7hE{Y|r_)U*>z^}f2F`Mb$%`ymCC|98C-Zv|4b+T{h z+va=UqV5I*h^9OwMFu~ZbD5qYgG8@y9xW`BDQ&Ja!Q&LJ6{-WdPaf+)B@t-G^Q8V@ z!nb%#yZJ_N2JyhpOFvl9)USnCxo6$sUay>Cwfd9CpyZLCdv0`JIxspERzw>N0Z0tc z+aNWcA&8|1JRged^)MEPf-lVDY!xP0+Qy+#UZ1=5$XWXO3K{is<3u80hFZ?yb$Zt4 z5Gp8iI2YtXB$u#JVs1GjWaA{^n7EMOwesAwH2d4JLhC;YZEAXShd??snp>G7)M4k8 z3VF0x_s79&Hb$n(>-qK?6Hg`66VAH*I7y3Q9!as`?Rawq>Z!Np^=)3kB$&QwAbp(l z4mwv{5M-)x``EmWE?pw{o!&g!0&=Wga*6AJaT2A*;(#Xvs|Vu1doFtY(JuYZRQwMR z?|$WBM+=#^WgM+WCsVcz+;&p$8$PFlijhuI>7FmgO^7}dO9H9(Aeya^3VFCdroqXH zCPterxp0#F!s!na$-jB{H>>{NE%)yNs&BEvqHR<5a^2=+Vs#NoP;8p`Qp{65dP5wd z9$q|zer|smh3Ia#f-5;AXvywFGp9pRfK!?nay5>8_sPHM=?{lP3RW zbFZ+x2;cXs&0X@86JXmiMF#z@xg*Cgg;?COdPCR8<;FMaVvk*(HI(WLGX$gXm zDzNZ+UiqT}=o1tqp5MIw)UxWH|HAv&=%jL?@5g z%g?%jR=UVxbqi`>SEzCOKy9Ylsye@NLBp|=zMV{q8|bhr`gx^v`r09CNJbONMU(0m z(?dxTv?XRol3({W06Iz^a?9pAI?-9}iYYGr=?0i&o7iIfL!93NwMXw;WefHdH8%R^ z>f<|Jn21cTN99lzmnx5^u9dQ-l_`}xI7vCI*+CyXRe(hnb$KCb>VXu|;OsL|m1e3` zIPg^ZRj$Z;^;hfSS;GNn>O6DwUV>IIY5wRv5etxzqSXmlYZQ@T3_=R}z9vTBVaZTbssw4toHnqsRS+A3LtnZz7yW9Y4-r!B!vMt@NO3{X+;o0n%_6wN&wL|P<;HoS92Z3(#FE4Tw`#7Fe)h-Xfh$wb^kMzU1y#H*{3P2m z-I|)PGUP1nWo|}S3R$EleV(rde`HXyJim=`Au;sSre|n{^CCFuyDhu zd6#`%pE`L_;YH5}x^76a_L?uMVw>+%*uqmLkuYq7*0mCWhXjTMz5c36b@;)gSD7&5 z9#C%F)O_-tx~4ldI`CxyzB5{)LsKiG*Vp1;cHiM2mX$w%!n?E#+@My}MXc=tQjGAS zHW{o(e`46MW?2UkEI>K?bc0P$l_>JQyag>h_Y`zT_2!#3K0eZ^GY;e4uYqpxDCCf0|vu^#k8W%x%oC+e=`uZfAzR%-RoZ^Fi7SQY%^WH!3mx zGhtgxl9IY?{fIu^n@34k@BCgU{y4Y(Zc;tH|Hbd?{bTx{ZLOY3-TBALzsuQmD&mvz zR^cy}tBZeTxtc4<#G^8kX4fS>bLPZNeP1GLt`AO6I3*s9)7$1VpqUtEq>x}R7(j}- z8E7E+Y;e)L$0F;oRsaQVBzjG`3?@x7kWEv-%A3MayK)^!sVBv{ zEWOmo6ELaZ?5r5=te10U(BLp}C0CDeGOGT|b@F&XVDFjAD?T53Y)oQi=FOK)49g;z!C_dr(qL??-IR(wsUnKJ0%-@`n6aQGhG_ND<7Xu)%icvONxk@@ zL|ft_Qhl6gj+eGOZLBZdyFYpaxCA!29(DH|frrjjF61P6#umX~?vzW(dYg|>rF5s5 zXd4!D*`6NkMHdW`+7X(j@tXm!m-9Q)uQ&@ddxV`Tz?Hymyy-i}q;xT?k2L7)L~G-&Cb0Pu=_zC4lN+* z)x%V-@|v}Qh89LHe-3ik)6$%SoU@hsJei6N&=Y4i=i2GG+^6(EY+Cj8{2=BvC1r$- z!xdXMF$bIuC*Z;Q3Yv0?u8kQ${F4iBERbDXzm0u4ZTWp?g9pODDi;lGu@`tlQ-l5r zk){0%2dtIG&_7)EcD9Xrp6l>7oeQGe0-s!gu` zb@BY`0@u(ic3)0$r?p#hme}#x+bv@{vtJ2AgI<6+R@Vp*>W<&a|97Ym#{AqBhq6qnr@uijR<>tl{z46%U|MGK8XOfh>vZMN7NOjEoa z?NiCgD2@@Lu_RW%bQ7zyln_2jecjOkS7$@b9y6D*l4(A@&Z7QEp+hZlqRL#a`o(m? z-Xt;Q&qzs+P+8=MUhrTKva|Y3qu_ZKC7D4^v(=3{_iNSBs=6l%%(>m3t%RA7c>Dy5-Z7GEJO_rj z^*QH&-EH=Em-&+>x`V~d7$3TjrUxN#gByeMZ&l$5tTz#A;K_Pfq5ZTIrq%&MB}#`% z&?22XuV-x@oGmL@MT=zLlQVBLiF#ZYGWk&uAW>VdD4pJlL=wfsA$|6-b}8kaEC5?W zVJIb^Vkl0P?AfdD;E{wRvg56O)+84?VoYp!h#`nwN6OKITz|qS_u5&CaphYXqZx7a zC8sAn^rit<`JXE(t><2U>aGxI4o|Ee7{lX|qcap@y4Nlyv`ZLc;6jvd z-PQWwW+@Nt{sD(l*BS}Pjug*D>gjbuu;Z9~ot`2ZW-Lo684<$^j7?qE>$E07Gf+DD zb7_mu6W0KqlW{R=Wn|QIyWX7C`R0eLGb}PO)&AxMMgTWJH?%MAHL)WQN1SsSIZu1Y zlwByMC4JSq9-TC3OK(LqjkMYV2>`?Ve#KrTNYKl!Rg?vycYy4an-^J$F_MliKt-U) zyQXz4irQkePcg5(TrDbI-&!jd$#jWI8 z=RS+sa@1qCG&;GN;6B4%{+@vpuM7Q(PB}Af>y&OA6%+mXC7i4GPDxDKuuna&glejs z^MRAp_7F$DZ3e^{K3sG;fXhf4+Wi$Tr>=P}72?wr-1RCm&CM>|vMjN4A98rw0!eo* zu`K;2s8wd@2ewxo*0>WzoK)7lDKUg1Q!jtuDAz2b<||pAeKZooez{V|`o^H!!mIOI z8@I?*y@HtbU9HFvp#;n@im(J+cv5lOoJ-XZ;hYGwc3wCDbhzGMo+#l$rCBxLvK9KmZf z*u@-K50%j#t}!5?e0A~+d*+PezFm@35HNI^Xq}z|;f0Rd@CV`IX(PBT_i}jymUCu2dS7(2A zHAkwnZngI1Z1e5eKdz&x00agbp>DfiDDpp+zdLp|{;~d{k69&yTR%ir8%TROG|o`X z%WG^*3LaOiRpTi#BEJ1w)~26s1Y|cIkG@vgD)UqBM>nN)vus9Rb|izCnNexkzqNnA zmV&gGj^z4f4kZ+59U|->PaiZm4`(v~x)g+3;MsMa5o=W2Id%9* z@W=^7pIhd^sm2tSi(ijf?9y?|0uC3S;i*Nqb(tBE+=!%(LIfGDbOSGYoH*aan*xGh zSg8@%W$Ns0vfFZSr>$DLTIDqwOsCYXv2V64*9_k<**2xSf+9u{iNn2T74Pc(BUAAG zv&HcL5cR(bQGX-)?+$VQV;h~nugI>I`q^=)d+W>U-PjiSjO1vpOx5@*-L~j0&?(|T zE38mY2PTMwQ69AIH{2ivi_O`zl@+kuSZx`U4;lyS*>KcpR@WK`Bt1Ygkq%sAx1dG> zVLP5GT^Ao(YF$TBlsN&69Cd?|LrEYAt`=}IiEiGsvJiwi9UrgAYK7Q~g_Bqf?6y&| zGho+2sFLJ1AHMoJI#lbSwbm?8+QCQ%#T^eB#htk6G}Je+T7)SwrcQQ$WWjN9<#6s% zy;cMI=1W`koFehq#GR8?IM6m5!Oi`ix~Eu5k(!yHDKUIBs1Ix*>qCsW)1;j%+v%Yt zTU!EsGQShGYH&NCO`&-&%dkU?2YsY_}lq11|>``?KkP0)_v^`M%Ip&PkGjT_j<*H7{P_3`_a&n@WAJ6b;FN_C8?{h<5Flnjx+LS~bXv3Romu^X(cJ0!j&}I`!q=d3(^93E zCJkiIZjf=NXSb5^*%K{Dl%{nt9y?h~I3J6-Po22@;!mcCe|C_0^l0!2aozYt!d$EtY)HS^V%*+WLs{kTl7D>hHA41c*WYakzzh>bWYDs-U+ zzv8r{EOZ9*;(vpB{*Ss&{VA#cH1qFHR{z1R^?!O#{ik63Y3Bbq#90?)DL(qu^-N&& z&-Lfu02b4z7J>eH4v2)F{~c1!reEq$&f_4Rk;>VImRxWhGidgfxnAr1LjJuNGKIO2 zyCgrkpq&?6oJwB3y#n^%=9Al-1J}bzp?Ozlb#$P@u) zI18VzR0TZ3vklA^?VK1fi=C&Ti!fBF;X{+9LUI~i2* z?c!6v9;+&8S>GEp+eoULGnvJqp@%4vCcTskZB|avR0}yZuVpH-{-V?foGO)9+7ciD zC6Ru1Nq$K{pFvM1q_I1TldYullCLMVg+_hh#5n~fIoAnMNzXKLi)J`Dj@zwruKb(` zH!zEk(C_Py)V`qRosb2NKb?4F7@cHOMS7?qKLXrkl~>-;m_tjkc!wj0Wb$7$^FDiD zA|9zZ^JD~5q~8jckF!HROUv(CeZ&)m_GKF2#J2g0wDHQ)uP;sC%j~*s)#RBjg%yIdih_OWzQ- zLy)A{hfO-)jhf)=>OSSfEgd_Zc*TmOe13qY-k8ximvZNozUd>?GAzgw%nzC3?_v1?2`H zGfle`Lk=gkm{=VND=Ipd`b~%Y;_Ba6=y!=fxE}vbn^bwMxieE-=>ACS2*xc>v{>T^ zDb_)J4H;IQvM5kGyzzE*D$WI+`Sa@yC7(Z^J~@HX%J)ITaxRZ%$}!((d_h))B2 zFPTVSQ@R#dCh5?;5*imDD&YIXc+#Dwi;@l7^qm-ccN|l)khL2G05~_%#14fivO%Du z*GC_UC=5%dki@zt$-WNNXs8#ZmmK3x*ohgAidt%E4&Ye?SCo6nqOt@9>zs>1itN<} z+t8qOF6@epNkzheJ}Ndu^fP1*Vq%!7f8>z^VW0p`>gWY@SRmd{>h65i;$0#&~ zMc?lCMU>R>CZOv#(VfGCApFY??iy5N&dY1ss|%Bw7L9X}6OzpCwe^iV(pGql^r2T6 z<%W}Wy67aKTZlim$b9iTs{KCs&-SqYPbf(7C}VmeA>Le*jNvfm`jb4y8``jc)rf>! zFL+{Z5NjQWDoiXn^QdXb0#lvKwjW=ZP#K{bv%zD67&crLpkI}ifjqSsozm@PV}k36 zX&WimUj^x_6Wd&HqZi({e`St+b@{Q$lok5rFGJaVx|DtHyu53Eg1X7zmyA{5>DVTM zHKivFVw|5OTr29vP=yK!snmpZ^+xY#S27SUg?a*B3F&Js{yi@Kn*IY$e#_)1H;y)h z{p!b?Sv<58Y5ds2NaB2MeAS7Undu!+@x&ueiOH}C83+W7Kp-Ge%}a zSu#2P$NV@5sthmseoY~3?fR6oeMNJUAWYNg%u8_(2D^VQr{YGXxSCBvdaFLD6^o>y zfO@8QOzPtw0vAu+qXB%UBq7<2|3>ywJ8`AG`T?7rqgE(XOH0Q}D( zb($VmJ&jJF6CY>XG;^IwiPvI`%Q^S9Q(xwn52?{{6Oyu1yIidan(3tCKI&k@jC1i~J* zH?wJ*Z?F{Ym0Q|j<1PssRDPJ`jIhWNj7~~g#NcI@@-LOM8XsKVsGNNqxrGx$^^rL7 z2qW{tSem|pV*EAnfq621iosd1{Ft#Qh5x}z*S4p-#}4R~9O7J~K*cWXd^zj9i3IW} zhRg&xaaOk!cOt)ba5KW!S;!VO%G9aLD%m;8DxLd*n%2s z2~>bQjD?FXDxz6JdazEehrx7P6_c&&xVTYLLn)E` z1P;)z-uz;GvzVvXNK<+>y;-J?FFVtPxeu#LUs*m_WgtqsUD67}EL73!H2q&EvpoW5 z2N+5*vbTF3Z`&}oQfKjnr|YDbo=k~(F4Rq-)IugvQJd-Ub<7A|t!(AnTcIkk+#f$g zP3U=!8Bwr}<|pEjx+QzZlEteo@I+ZNEV z%ayerkXcLVz_FB5o%RM>O7>Kn@XyVLpO|nhJBf%@d_*Z@i#`y4*%Rz_pNvG06jxQl8BbPVSEJ#|P$bZuaEn+w8MQi=Sk&VfXTInM7arz#eI6@J zN2;FSz5jYK7WvAPZsLiao?La2l{>l37jkOw$ivNz8Ew4xGH%S9{T97{rE*(nOoh+-FW$7 zxH?Q}p78ZZ%EC}X<*;e@^w#}e-kQPMwU^c5>o)z+CCRgcmGL1}*`$umeTCeG#Dz!K z!Z(-8i_^!o99SVzYhk+Zob{s)<%4p6ACF&kz$#>6Jv{$^hV%bt>M$m@xCU;okz6;g z?lr^UAV7Q%9G{Do%NY3lb~RW4+UkOPyyn@;BtL0Y?L9g3ZpuHvt!s$PW{y@o9f~7; zdnWpu&uHMyo?rY-{%(HV+22>q=i70X2i7E2DWl2xhNuf7xQWB=ufJquj1glmu4*6J z%p^yJJ_4>v>P zHs9y2sHe?w7q)B#9(k8A+%KwA;1F_&N(>&W^6u%;9$iSt--Q$XS0xZ)_b<>7MvjME z>Q>#_>0TBU>XCuSR>`XPxR`s&_1!uH!|m$_dgDS<drU4j90c`>nl}ho!=EAG*>+-Gc5lN)9V!v zvywBPmvG@Ekt7}%QRDO$LxTwd8q!X0^Szr3vDM2@?42zk#xcocG+}CM+%%=xSWi{; zNqke&N`DETx(EIl0zgw|1{jiB=*2|`X8ZUnx(RG8qya!3=cBWJv9idFue2l_5)}}Xj zD`AzChB|ifFF0z*|8I`7f5R)^Y2SE1**_~mZjqgWcSPi7#_Yth2>eMb%YWMKHiO<@ zDBASM%t{HFa-gp^zQgRzjQtY`*a8Rw_$GndCm&d}Hg)-zAOe*}`z@|%5!Q|nM8V$z zMjB%F68ZS9Tl+1%sQwgQQ)H`rQDEpS#;nTg=#cEOK$b<~a_apaT5knQos`Qq}4t%=gWt zyal-wF*LE!5a|5F_dg5l<9#bznxl>Iaz5WnJ0anVpmhgRgoK21h~pJy^RJ&!}Ghr*;bC;BHC5`I^2RL zuOe(|$t{}C96{U;`Z@zJ&X9M0W$0?FL7DQ(jZcK8M3!IF_hYDv`M1PS2j(~^QdyW0 zv|q-28kpclE-|`NC(cUj*Q&g*Qj>YGO@w$#WiC-cFy(1Da33+>!>=R08P@m={j@l@ z*4M`>r6@B9rke(!0D+fOdA3o~E2&I-1tn!%YElNaWT_DgsFr6YhN1^NPMi+OzsK{Z z33WodL{Hy0Z+z7$94vc}rKSliXYkrczSy-%2`0Hi3X z@Td?Udu!#smz74%`Xz+bkdfRZBjRMnMPmH^l2oR9y(2*0XW^|~={u@IXy~dkR68fU zxHCCYL#Xe=hZ#jNibF;884KP$#+s#qDJYO8b4;X)v4)Du{8EI3{wl@)Z-&#&b1A8` zq=YUDN?^GIfCRd#f4b**yVzQvqZ5x^?=VO3g96z8-UZWotLLU13^)1?roSPv1AgeX zD_LoXv8*h}K#3u9maY9TUMHOCgT+u|Z5Y%j(Nz4-6mtgS$oN?-Q?9r3*>+hK-CN;X z7WWX~VJb{*`zdtENjk4?uJGW2gibBFbg5IPhH_+*oxslWB4FydxxQ2H=FT`T-ucc^ z#Iw@TkBlQ!y#@!7%8my4|BOS9$GgQkMp$L(K^N(oc7Yi*dk#9j#M(If$g?8Zr zJl7triMRu7*UyQPez z0??ctV+i$yk;LXiC~uT6&*%t_j0Q{Rkn$9-9KKi6R9fnzT4FILZ0n^c)cX8`Um`25 zd@ZmzWZ;uP@QrJ{fgHUnK=mH%-KVC$w}?X$=XOOKwyO%q2Jx|?JvS0knYjKrk$duA zS=!FAX&pAt-c)MGRZ3pXvfO0^2*DSw!_GbAQD%=0h;6&XG$cyqbk)4S51gu8MkbiMKo#f1YcxdK?gA0zcWNOPQePcUOQyNf zIdV(pj^e2@TteFIYwlavXl zGIPgltZM4(q(X~p-lPC3?5rPz`~-Ov+{f&;Qvg&(jO zl|*;Im+o&;uD9nVImkNXo40Ad%WSI>h%rqlI=5r^ag1_hMZy7PibshG=EHlSl{f|jwI8GzPUpw(f9<}t8CZs% zbdIEyl5R_!nwE26ZQkNaJZvg;M`jdHOMWv1924+Xu5p?eB zv1$Yw-BIGU)UPB>NVOZ8v3M2Ykcc9(Ta$cX2ib@VDFQ8^z;Y70-~gSI@V?md@P1SI zyus`|UWG{Xv2NWTPEbTyqeD+C=OZX(e%da_2!!YavACjoQZjEJXM%8Hz^hlB%xkPv zwFM~i=ODRTNk&V-ihD<&Qr`P;e!s-D2M(PPR_5 zlfNU>IypX$ZsMy=u-H{ELP<&Y!UN1L+D1}LcmqnJ2kO(vx;K8xz+%I$9P4Y7J~vqL zazG0z?Lu>;Gn|UYLNdQ&2bZTG`stsR6@TS0wS4Nw&La<#Djj_kmKz?3mz3o9=v^bC z$xsA#^6Z1;wr|NCJ(IZrg$6`ArP1;r$i;L%4_)q)V&BL%)_ODF0fN_m5;z)p#mUk% z2FWV|0g74;NdsEARSun({sb;nB-!Kq)2_HX}W z7y<%+GL7Hv{(=AD2cVO>c}0Fyb>ihw1FWB7_V;8seJHpcp?+bdBvvajkkP?EmUQ@H zG4boS);}GO+NY3%W674)_ZfuIY3m2jF+)&txS-T6+ah6PC&bu&Fc?6@KK8sY9pNP) za0Iw=br!EUDo0>y6DhdyVsc-g$WKiklzbr(S3aeiSUqy+LYP@ML zLo+S*T5|^y*hQ!&-Ie}$%6Zqmv=mQbtaDPo{38kbb^YWRu`O#a6dC-q#^%}u)lEdW zisYf7&WF{29QUbLP7zT;Iv}TnyRv~FpnFYWz3c6}S~1udndTvoi~{7yJU@a7pW4~P z!-Jiw1Xcf~!~XukpL*?2-SzMP{`XJ+dM9)9&tUD}zwnRie}!m1`W38XrN+E8%&v#m z^h`3Fb;7!I43p~UzjT@5r&CPC*fj<0oUfNjZVCet5-qgAFJw<9?pd2-UVg0DH4dc@ zSlijbNPPY#Y~*oM8C0(g{{eME5F4T2U6>yHWvu27F++R{AAcpPpv}gWW?I;^r?#|l zGbW^k7J*iHDFzX{iW7dSGQ1bCzu?xa3YoM*87Hg99lij!2CZlJpS`a49 zxajzqusfLBo0qHn^ltmEpfZw7-Ho< zs^V92?p+IA%L+}?rx@{C^uSru#s@|CFc7CC2c&dhEllG~rqLewtgD}G7e`1q=HuwK z#RWt!G1~0gi1@RA?8e{Ae`%C=)6BgeOjj{%chBJnr|d)MR>KId6L-c?Ys4i(!**i% z8AGU(2{7EO@c~P_(%J3_(!kVDBcLBJ{c_t!0V-_sTBjm@99I9(g$>d@1GM@%J6I6s z%YrQAUhAJtyl&F!Gs~1nPH3OSC$wdli$BeM6C7(op#73eahVjFj)ATQzP;Mlre|r9 zc<=in1Z_#L;~tfe$Am(K{&sjbc($P^REMyzeVw)Yz!U)=w9^<8g3r_{Xd8SeUTU85 z^%*90w4+Pk$U4mU+KVy8MHyG^kY6z{Rhb9E`t21%tzmsIa5;F8$6%)~xr^oi0GKHJ zY>Qi;Hll~1K3XmAbR%c?0EER&s;3IlM1VZu>EdTK>i ze~hl-SSk=)?G#`gVG$~>JuJhU1_JpZYPKmohtHsecnY9NVvs;iFhlyj6EH z;%o_-L^hm{IyVUkn{i>oBtFEGp(nijbc(oE4|*8(mOb>YQF5re?{3E$`Ot;CD}9kC zbT4!ib=$bZ3WS0(rrg`UtR%~Tz3m-1-Zt4w+OluT99#4V=;xD4*c2sfKdnj06 zCQSQdeZnKvOTSym=j)%d3IC9sc|OP9!dVT6t(mh_yR^m1?+xn%UwR|EJV1q|O36Z@ ze3&zF>9RZ>y5cm%Ox@}{Sh{8IT^CycQx|2~AqY7c=SCkIZ8c1}iUJZQqyS-Gbv*J@ z@fgOt4L8>q`W!I2;%r2iinf9Qb*(HauZ`Xrb4^7uC5&7a|ku&(DP9REn)cc__VY2Js=2a z)WAqbmY?*O_+vHq>F~-|1G6@`abIL*)LoaC4b~Z&nB%%L9eGGa5s|-TL)Dv}=8o|p zQew9bvY*>{`&|)hLp0hydyy;Y8wJY?Xwe%fx0whYkUE49O*TH@y&`zLj}Hta`QPXp z2q!7{fPe~qjtDvXA#1Us8XZwU?aUn@g3xird-N0{)F}x&?4Q^l#`P(Z_vATKy{<=J zz~#2KO~g8$M5O`hKRkF?Bdus6g7F6Anhno@&CMId2M_12OK$}PBrjZ#itVra znqf1#(t#yCCL2{w_!6M+m}<0_Y^@4zJFh{zlE%kDTwRrH!Jje~y#5tTFzP9%F0o%$ zN)6zbF4F0;rf%mj;L5OG`0kEk{v4>ZdahdG>t~jt_|v^~D{-cpLpp?KYz~%GsogHO zErPf9-EF94%v&KIH(76*1%MzvmM8G=6}z*3NVTK@7i)l$!NUBW!2QIRH$FcRpG(q< zd*=%O&ee_Qb9GPr^wHwv-&x5~q)k1)W0?vKopxYxM;YP^7|e=Tcn_HRJruk=l0CP} zx$G3uIEpAAsJpvFH#P+a5i=;Bv|vhfGE57$+)jYu=m<5%VR;wr>GCGpcxbK-1-cV3 zdM^jUPq1nxq{KB`zLK|csmjJ_%ft%}7#!Z1Bo&Z_+By=xR(+-vNBc;Pt37&q?i7+( z&z*N>_M6PKoqS9#1_rZ1kIbG{7*vRhgST%r^&m44dNDoEi|)E_sdr0L^VJKWDasA4 zTcz(q4BqqljIwqfNoTBZ=u8J~lkr*3nUErC?^T;i==xl-K4WEUtbLzeT*HqCtqKu{ z3sb8MO6^`nXmwelmj>;_`cz5RqUYwwbM9FkYxb82J7o3!w^dGGSH3R!!R%V@hFybd zilXqIg0A;&>$loUR6ZOrv0?7P{rR)xwOY#CW}crf_ZHSLI5vt=5m$L56Z5jXUps)h z7H5ph>73(<>ZGT8v*B5fi$cWb)!ba<^48YA&@+~4JYa8Ghh!d8FJ>_O-?csrZS8=V z%jc{bO9kll^7j&fNmk|$zktxJy$Ub2W&p%EfH23$lgia(>S4_MAr?tIr?rQ`FqTdW zmv4Mie&*7-pFa=x@1=iQoqZ;nIZ52Jwg<{|1ccZ^ng>h~Poc~{B7P#p?Vbo^XI&N* zhkBHmw^#!wt@0+KDJi{>5kv_oo993(lxB88cb14EbCjG!^J?^95{>kM7d|S>AYtOf z*RSI+%FjO%`NwltAI<3fP2pH(W2%@Gx>~(alQTmy3=V$(qviQG&b(+pXWmzjw~YCg zrGpw+MW$*k8588ag&b%Qx1(j}trv`%8GG-Zt~k2qBs+%&%ud+FCO&KBdRpQ!ZWiUi z`oxI5?v1*t9-P6MZ`lpn6e{d+s>YUfg2XI0H2v5ksdCxos-8E5!i<$}epN2_;fHe` zZ0aH9DF$VZ3M6T`ATL^P^IS;X&|dh3ZL`CDo0oDj9Q~fGD2U$lt?)KEnjyP)Jizjd z`JGP!53I%Fg19-qyVmXS~PGH6H0{EM^PEPmsQ@xLG#Z5V6$%^^c&tP-8 zfN0Hk*-wA*}eu^Y`CAX`0RO(y2ooKmQZwsTedMOnf?LeKYhE9?L%~g?7GcNTI2yfqMq84L=0>K!egl21rOq>hcAX zUBWY;?VlRw#WZMsBxx@$VX9^MS{gFx<+A0fvB60o>hb9}FX=|PWfh~L_XjZp8ph_P zhBN)W>T>R>%Foc8;xG-3`~xLAk&FDO)WeW3#l6U2` z;aS%YnJ9JYM=E8Cn83*T^6}?!{YU9fQ`aBntZ|g2pKRYVNgA9NzEwM?5PnUjiV105 zP(GH4yfy<^GWvMpB!9gFAg=x`!_u`!-ghO+n%oPIyX-JeUR7H(kLf)N^>VaWC$>n> zSbvfA3+$bJvGguG1w$%n=t{fBJ$Tty&aE5ga-vp{BSzCB&?lk#iZu% zXH^^jREucPD^p-pp0B2dL)xrC;zwnYt_@`>fyz9f;Ix$1TF6&QTxHP(6)cqGGO*rq zxV&E@pqghp73Hv{?Li}s$*SCSI`rM$rJ^2#1GgzQlBcVhpUjQJKktGkV>wnk;}D>7a5aj?@$&8XB}+q;ZzR9Uco z=!X;chyhX*@PRBRyAyD_{m7hJ(%UN8mtirw;R&jD8#66`u4r$rw!cG?a5#e^swvS9 zLZKibR%`9()hqe4-vx|{qb?7Y3=3BDb2@dLj|>N@Uz@pBI&)Vej~}-3$-J$;CIowy zdYc?IC)zXa4Rd_zNHywSNo)bn?K(r(8t9YWcM(6KAlG^0QOf<-dEpuWDV(V8i=$8d z7HyjbVg@=otJo@GLTQFY|gllj2 z*00Vj?BG38-|)*(bEys=Jklb4Rj5Mh8apvNL`1CF9jc`z@!;;ID<}I-$2Mupz^fJF zq60a*u3_8$Y=2{FcM;Afhy31E6Z-DwEN6h8@CSl6`*g3k1>$6?nCK<$Gmo&Gd?3i$ z%P(X1N%tnvY=WSfpg|*-)a@ z@iZ}}&s0ibLVRL|f7KN6m4p1vfeW&CJ<*Ny{XY-NdnTT9w|i$~LP#;IqeTTa9?T5N z>npr9_G+Jk;Pgk|=%XxuYI-s*I`z`5T&R!m7{iC}a4nf3a0b+>$`Hue$C;05bar#A z;qw>1_=qi%gkIf*@&N;Aw!;_y(b^kD`XulzkHuG;wZ9VA>SM6^D9hkO68AZOCaBWb zx%cdoK=%G4JJNLld}(Aq!A}CG%RUKA|9HP}t)wbyx_@=F+Y6qWaW7{Q`R*h3iR;k5 z2)<$juV`dO?zT8Im_1EmGDMhR_I>t>}?b!wmK^OZ#8 zd|)qATC)(rhV%2^-4{4eyYS2hHRGCtp%-0ojLLY@IRW`mI{Y0mS!)DS*lYFL0>Gz@ zyU8&RSju#IU*w~>E&ZgFH2R?gSFisqGYXWHz)9E)_^K(HTZ22!2Cu zRgVY20w7X~AX!XD{R(goEe)@)d~j#K#M!g^Uuhg@Jxf%0+ex#wo!0g!0$&*E;s7Q! z+liB!P(vukVn1^RJ>sDa>9 z5a2JT3T}ti>sFV+jJO?U z)dG-sE1!ldh$pe(r36aai=#8;=Ur2@J_-EvHx)}Y!)^irv(zDtS&SN?gyfMhQ0P4L zOHZr$hJa$}3gc8D~kCa%T)X~5!Am;t$#R{`j7Kv{^N-4f3vN> zRrxb${NQwVwR>q8#tv$Z@6Ax}QKA%}vPDv!Md_6CspE;fx>8*Wc$36zG8@ zg;fpbqUs=HRD*jC z)jV)m7NwxnD35#Nw>tdW%b!f*4}eeVoTCU)jp~-J?bM?X`u16@<$zkE%LUuz0s^Bu zO};z3k2%j*I(2CPIt&)h6E$mjV>KQs!GVc%d&T4Sch*ScGwIaO@@s6gVN=$W7S|EG zD-=93El0G+5hz-WRkb9eKi2E(8CP|dAfJL($L89(fKb~`HNv8SC(}~*D#H@!QAWC1 zsr{XFX2^rD5QG*gR0yp5^X=`u-tn!Mni~$lzG>6(zn5@$F{`*4Ww9Sq`4_O^4~J;V&3?_IBz%?d!DnC?e%o&?C?A ze?k`>zfJ>*2g@R^^4Of~;UhvAGd)YmgozH2m5G6%+LlB;Ae9hT8 z&gyWCppp}o;%mLilyC?Suzz-frfD>)kak9Na!bQ}U{EN2JHx2IqO3qHi}~?6 z5{8TxL11yq^vrgAZY?)VL)#m-7J;WiBlQzYMb_l2R@Hu8A=?k$M?n>R~1|wLFJyu*xCAAQbyvcj0t&PAXZ94fp z0;{6=5*!d#T*f#SWlDu;Q(8!KuBFA<@c0UIadC-91`;U?wx0z0*e?rCNr%JBha0Gz zIkcJ>3J1VfdS_?j2;J@=gB_1kK$>s$TAi)`93p371g`{Homt05rwOl2-dEJ`nfew@ zj8DLT82U4}P~L^s;DhfoY8VJ${ak>7% z@6i$3+zbw74E`!b3qDZf#6*xB;>ivdQb4~j8sN^-fP*t2C8cJ~NY^{-*5CaCfDMBD z^1Z)z-ah}cMfN}o&MUhU;C*6?0I6yyg#Sq3HzY)$O0hXnO0ey|)o?Nk8>*pb5rm$N zFARPCX8pZRrd|SHvpaWj>pnSdrzS{iR8)7cpuKTpmFTs%S?U|tDMR8VOum<27b&f6 z4$z3~XvlNF*iVbj(s#ww7tc~g*FFjC(}+6;j?Z(|np8=671#oEcoo(_zU{fa3|n*l z?pR>xvf{h3#+}!oXBU^`dK95ffEnk$9!a7xB&KCSSLNpD)4>dp^X=Q z*h0U`LiSeciB}Oj)bsh7CQow45wwyv+(wkcWG{_hh#GlYj#2#^W1*u*AQ5`a?(4{5+nyW5U04sWJ}2(UetlPxksj50ff5 zTV5P*SzGLRo95=0Ge=s^M2S3K*$l+rZyoI?t(E(s=q`yy1*PcHg&YqLZ=%W&gzwo- z-0$(XS7@LxbLntgoyNI0P`$|A*}^lgb~PtDlB**B&T6ao^4g5&ST=ir62sR?B%pc|EYTy> zo-`ew2VBxo*m2pLXz-`!Y&uqVg$_sNc-6FQ+Xop8Gf(9;drufVldO7Q-s9)3J}Q_K zCg|p}I*2Bg_Y4?RSbu!=k-KDl_z0nDcff31K9tMDc+ZoUwNGRe2LKVMu!?qzn>IC#iyag$1u+TLv_c%<@f?V@}>qD%9vSEmZPgEe{dpa0O#fASi? z-TCZ1?%Wjd9GZTsSf|rS9=`Rh{5hf&QZ43dvw$D%tfrcZQgr#X;Bqan8@kx3y~1?3 z^|P^TEYSmirAI)4AST3mbvz*%>@`Z^iteb@qD!-0L%N|Ly&(D9R8eC`<4M1-2`ly8 z^Qql|eh@Dn(|7P?tmT#IB7ZiHwRg(S2V@cEi1jMi(urBV;DOA`>yL}UQ{H?MNTq~^ zLwB+Ue)QFzqE&Gl5powM?y;|D8#Eg!a^h}2f4&Lh%dH4efkABSs=?YD_dF}uPCDQUlEz+bD^<6uWU{4Qst?8MtguLk@CB{ zZRb1a&xh~DZm?q~_KpN#-$eS4bnmJL-D_N&+DqFpqL9+2YK#mL9b~qu^uz<^Uluja z3o57!l`0@rkxws7^NF&TSyMuB8QXF1>k!R2-E=6F{`@?1!}{wsvhx8&$7lL*EFgI+ zqEWI^L4ZAWJ3!mLr(B&hH|>fsP+xwz2TX!33VmPhRac0Fya`_`UWyAS92#J?urKa> z#+Hiy4n_MfF|4t>1HP08O?BL*-u|_#!w5j$^LM2;dkd~QP2h&+yEl0t!#IiZktk@R zM$LgZHkNp|Cu$$@l`6}-w$~)Dma2_{HM4h89;91yPsJ=X4!oyP`yi3$8Z0cro6l_5 zq^<6WA*o<}yBd{KKW{%B($klruy!k+maD>}6fAlHvA)15ZBV;-;l2KDXPun^FPzTD zSKDb`MTwm+^P&hu&)P+epN`6fJo6near-2|J?cH=cyxOoOihn#KRejkifbs$AophO^y`? za;ZT@fkh{`5DC24{{XRTzRt__yt-Fe69A7)k%PYg>UQr<<3xC#ln=bcY(OqTXMO z8ExCxQ6UpOJKp`hEw*ns-~?Y5JMm)}(;jiIaId4Xs3eM8-W12*H}1h_DLRwijM%$J z`}rSp9k+yZhb(^vCH{^WhWuvJt9*t${+dNRvd=P6yI~18w z=nU`#8#S5bHOZk+xyYz}B~~J~!-{ID7Zha_3ot3vI8_uIy#39%LwVf>nH$=7(ySb; zqSq6z&z;(B6!Ae2qbvMf3=-B|E8$~dF^%?_y6Zk=%wz3^8Bpl4(86?EO+*;#`BWV+ zj(eNuh+SOQxofZtg36C|R-dj!Z<*hwpy=a7Tynvxh{YpiOxBKBwlQEv9@7yS=lwb= zokgC-mG&|5lMi7+DzNQl9o^?ImUJK2tUGQgcn5%kvmY*(CY^ZGthtxARVtz_`cpM0 z+m*!9Lz)$hBuGjo83%4I0aIYe4Q_zUk_0m#x~xt`ET%FGr;Q_3?VVj(c2Tk7Lk@ME ztxMkern#V3wP`bN3_Dd>g-t3Ft|~8sbTyTBSqov$^NRu?Z}{YDF9rsQKeVhp2cWG| zgEOu7H{Co81Px)~#jTQMW>IPrD0RvC|unhs9gfD_V3HTbpcw}_ob(t(4*=r7RU%?(vhClNCh03b%sNc!?S7>)Ja}#2QH4N&L*e zBFFy^qs>D)cB@l+B1qM5M@xC>D@*dyWq6>;w6zv(=JvvhSZ+?InkbKzi-exY@ucYW z-S6To^xzwyB;@O$Qw@^f%^xoO8eHZzkpX-Oy+2J=qhVio;fH0D87v(}nmqS!-R90_ z4};IFFb~6uiW8tBLLz0OVIc6!9ma;D&0Nus^tttX)n)(JY9LrDJ;DXBgA0*t=!)U< z?neP@pf#34P_;KuVXYk%$&gcdfs0Gn@_eyXJ%wRnL3ixa4#PH)(@4jzv$Fj4FYdLI zS-x|jb2{{sz~92Qh2O0n=Y{Yo3H*tryRzD!1PG{HXSvl}Txz1D2uR2_!ZJwsC4U9B zG{K9hCS6%jh_Bu}tL9&C$oCG`{j4%RcjT2e)ixG`xd4HLU-t8_uPfwY$?CT|Idv$# zJ$K=$`K+Z^uUaZZW+N}08hYczj6}`WY(_Gpw)F-lH;+H<6-OjgH{i@IU6@|+?Ut6u z6p{{xecZm3bZt03^>Th;g4QZ=QL53*N9&w{&lDA`y0?qw zWaFNn?}O}hhKw4dyFeD{F>CtWjYe|o{(ax)#PkUbSbyA&XwDmzSVgq6YY={N_GY9k z#EHlRGUmaCLwtSTxw|^5aj#by33-QTtT+GIu91 zHVHMe)||1YapX-z%W#b3A_nw!H?A;X^7cx|fI+ot&BxkU*Jk~`*~MsL(*60J?Kp{3 zMFq6oijwDvP0J^L`H&j{m8wkI7YAI^%$%CtIHc^v7GinVq4; z`FaOT2JW;xjKTMeZ9*lF3~a9LY5LT-V=Ql3YGxjYt12P7ip{+4Qc-e1<#;Q>; z^d{TaiC9>CtbrI$BoHII>6($Ax7n-F+5KKz%Xth)>3a@EHsXyjjI*>Du^zYA$3K_H zsIJBC^hHvmm6sbA8rb;8qwp{mr7Gq>yPC&|-=EfX#Ewe8_{i@)4ctN}O&*@DjLXOsMHMveDl@4nfBzYIylX?K3-%2h_ z{KsI|Xc4Fr&ZOYr^A}3>#MroY?(rgDCY-H4YQc0YZwkwrry=3@KdmdkIJwX*4vn;NiE- z(0R{QKpotZMA<}1`sQw261p^LbG|UV=lx=xQMqfM5pJpnV(}`FC`XYEQIgEl`G9Cl z>L)4iOk9VPvZ(eM24qbHOFgxLq9b96+hpNs+)nH5sPupX&BkD4m1SozN# z+Fx2#lP+qXXOsp4#x(~07+s4E_z_EZ+Dhq0>rsm;iz0T#`2uimBErj<^Q@g;=KkVZ^I#Vv_JlQ|^61hm_|I%T)v9 z0mD^mZE2-VYslvHo*O+A0a7n$Snxj-Qyp{e+2ry@`YG>o*4SA%M0uXmKIXGk{A0kmxA0*VK;gB})@ zrqZ80RiC@Ult8Z|+h2cxwezJ{r{fFrEQe`d)DBqRCXxj=b4t zglVrI7Se(67aVm8PKBQYMEG;XD3!G_v3~L;d4+dvQO9#=^-LE3Q5EU&41rY)BBbIH za%kbGDNl1M2a$Z9HQh3ookx|(tT8?~%u?;9*ROww-u=0s8B*b=IA?e7pwPI=PKK8Jo4rp0Fpt8`Wxbvw z1Apbe(wEjqpnMNjY0>z*&7N`Los38YkuKG(4z(!SM!|yqua!6BGZx*S_W5O@#;;2D ze?BSCWNs@s<<&z6=Zo>F*d$<*F}OX|h_v@0Efqh_rz^1!2eiZs zbC}UWF`+2N6fO&=Rn>gjMN0F^JL2cV$wPC_@N}O5Ua3xYm+^=7dI=n=PJ3W4>6K=^ z;PdY$A}hL<>Of=$FrjyOCR;`L;fIOB@_80hkgQXRJo%`;kE0+HN3&C`%H8dD^e3j~ zU?r#JC2406{Pe&XwZQtG_I$HoI;m#vTY`M)Wb#X%fe%=| zO)P1^!(AuR>w}D|Yce`PpA8@mF!w|6ZK=&&~ON_TAAcTg8PEcWb17z|4!0u8YL{ z=PAmyo{OG+G2@JE2g!x4fV!=RSvo^2ttd7KlIIi*Dih{SA$57rck>Fj*l`(Hc^~gj0y#~i!i`u8AYw8(rmVdYrdB$k zm+){#@v^*3lZ6wRdaP>oSdR&{YXldgW(XB}vw)SiKjR+)1woaw+ue08?G~Clmy#4i zg|7mvJ@3=y;i*a^n(JAkQxFF&6={RRk&39w#|TTGa(s24<22s3*Vg>}MH6Cy_@t41 zkFXZ|m8Y(2p<>C;9U0tFtkzyqaCnnq(4TEaHz9{kT6}z`-fyo#?t}oa6 z^z|zOTFzQZ3Q#HA&{|1TE;uLz%L%)QmnoPLA!nAJ9UGQoG$zV8T$go)&nSV(qDK(R zR?&RXzeC8itqwOXj&lFL^u)a<%6PJG3at|ggtU8}OXu!ei&2QhmC@c>UMkfqI5|s3n6v~=j=6@XfC8u9 zJlxTmqH)@9ma0)23s{!nIr;XccIThIkRnC|Bz|9RXfcy1l=m?ynx6SZ_Es#fqrv?y zBa2eAZXF7I6>xKe8-@Gu?Cz*bA3q3Ypwlq|S(Tq=3-UP~S7a_E` zF6vMipTOt?9Nj1!8FERw92L8W2jm(@7V{$WUo}M}#%*d9-`yD|<`tujwrEyn=qDBC z#pO`sb5Cm3MMmHc1S6({_uP6>c4Dd;qIInZ17D*ELBYB`$BqnJo+9}8D5|Qi1eH~1 zmLbuctZWHD@`yw0jI@XlD40OZ0)~ZyAcAe`NaFWZzDDrkm=_;gOj-j}ZS;}R^|Cy* zN+L}&8$py6Mh-zn9rk1JCJ1r1vaP+>wT(ilCefqVv-!I5@x<1gb*c8L_K5R9C-33? zc^Of8w$)C>MNwXbHe0HgpgY-#K6$ULsvPu4om$H+Ht&=MSn~>L)j9N&63O?(?$tz! zDs_mvB}M{PE4U6wTwtx!C7&CAFo)lZf7ToLOvzqQIj9KRL`YRv7jBm6_2_T_@9{~R z>%)9*q!4(4@L*O~@RZau#+=@drVbf%1SOSHcd|>ht+v(=Ng5`bC!_!svx$7%;awPj zX*kn*gtAOMGSm@brdezH4f1>pQ&jSFb3~pbPj*^s(SK56i+1x~j0OrPYJoi~mR!?s9B_-X5o8Wht@>zMUvMminuK!IvN%(* z40*X2%yIat^YAT3%{S)*js4vc4k9AJqu!^}?#zm7o6^q2bH{{J+83@1N#@Bz|E9(h zyS(e`n+oacYt)=geK+Slf4V>oZ`Uih5*-lYxWycO2_Py4X92IOp5r2^kYI;o~liX5&r>8NS$48F{`Q(^B!DR5#Njs z)+%dW0+2Amr{aV8mrMfTa;=tE+<5>l@{tTod8Sp1`A=X#a^FaD!i@a0(jFcjWqBT<*C{+Gm_TK*5-!0=0*Zql$uhUS^j~+h? z1^;8W_jzhLSdd72Ykzk2JZ7Z|>a9?c(qayk9&8&Qt)h%ti4U$qjA$D^X&(UPXKVm) zW?YR-OeI(M*s+W{Rj9}Z``MXmQ#|UZzmU7#$#Ph+qOszVzY6I^@DFBJ5rP+IIpv_% zst=IC2`Zx((yt7^Ukqg=2D^)OaykBGN?J<0QG6whd2eotHw$`?6^tYK;n>b!o>!Jm zY5Tdz*euKW=S_QMDheYM#MsXbtvbZmy6;#rHnw#z4`$r^sy#!&d>nSHg8JZq;x?3| zaff2)FIEd>KO);g`s%L0&xz~$=)!y+CMQVba$TPk8PULGA!xFp^Dkt3$GN3F&#sQx zu6owl5zl!y_Pz%=mfA~w5}4F(1BYptB*$J`)2bsoP6fMa?K^bwg=0*{wm)q+AL?5< z>{{dwY%j<^PO81`(r_F`6>+iEgYxC-xGn(X&17rGszQ)-#qZ+j}@$8LFz3=yu_O+7XPLs{^6Zy;ACW{EUY_<*|Bs zPQieEfL#`$DpTP~L;=c(rdfv1u6iI|6Ve9a6C*j9l|iPnFP&DKN>4@Xmk|sVdGy-1 z`scLE+-a?zp35z++Y(G5a2k!~<3!|t{(~L;Ui_=MND-wz^P_JOqY~EJ11+x3FqTw+ zB)iJRh4t1UH3M9kAhDSViuKRL`V^B=AL!l)X04;@!&MvjLJtJ?BA_VWHH|)itOa7+ zPz_FxXcBd8wO!?3x86MWBSE#Ph}d8()%ODIdT#)13cl8cIGF;oQEN;0(WohIz?Q4x)ZVu$V2)&1 zW>nOyVvyr0b78V+5wo96!WXY07OWn)KaLbZqqSjJ_l9oUL1=vD0dvFxKGMOpt$ zZ~!&wULv14rV41QClp;r8hmVDjW_DN5@gRT;Cc{BaNFkbrC}w$4?YPzoR_g29F@}B zbRC@LQNvT(9!?#)*z`4W&7Mo2K_H=(9o|Wa7*PN!6i%7Ai(avFVn7qFtwMlMV`_Y9 z|9(Bau)bjLpm?<`=tb>Tv;i{pOtvrP;5{16SZd}aaNiOdJL<<| z>7vc4!tbj(jv>L7VPznmBT<49^6ZY~Yo8_3hQk8}ZJ$w2lH?Vyz7EUS8dm??p>v#G zTBO=Ptuff9w+v`9Td>=U{Hub);z@zuP|7f=i z5J7@Q0xG~c?gDoPQf*8L->0j+wY?%z$@k&Yh0e2uqLxe z8O4?viPtGSYgSnB?gTz|JU6zb{M8zWTp`5)bKAGSlTc>(5zB?WPfO&rijK}y>~9Hz z%E@ZoxZVL-Q1_qV0^%D^B`ZgNmul}74yTk^{#e`%>BuP^GlLl54Y!6ycr)BeP24EN zR~7b*nxv3o-W<(6!t5$u+oGD*8M)8y=ih%1Gg*PdG!1&|WK8D3j-w`MDtvE?d+LGn z;qBiE#G6?y=je6xR!^h-lpz?W>A4X z*TDn_p4rMIe~`vJ1v^ho^PgU97PWu?U`T&%Nxyw&=N%3gS@su_5Taxz{GLxYRWUu1 z^HD4T&0A~qd*auxGA{lSNxwoAPymPmru9ebOTR)CxNuzg`VGIQeo1%&dt4W_F??!vYoMykPvAc2j|9Gb0!Yec~%fwLr-L+~RqC?anY;c5`$wBhOT^(Cw z&;$0AAn5b+S*0reT(IlYiSU0WU%v}`kUn}9K8oQgv|I<4AvYvKb z+N#f>VAU6YZJQ$hXq$haAspND-?Ytd*@^*@whf&Y3nGae?ytk^2ome{hPr{XGb0eu ziywr1Zn`Be_B>2C=}GQ{CoM;ZAQLA^BGG0o=_I_hiMs>oZKB*rgg*z@C&k-?R4+Ui z0?YRDbV??!0c8eb7orTD@q)DO9&1UC*MMe6YFbspKk|eI>9gughMEJD%1_T#urO4z z%ywz!FvO%k%+AZ@a7vyka!mUKw}5mU56%D67^(8u+x>K4$^C3TxWs4`*}3Y~x7j|A zn;0B^=gNkdd?4VOm3 zsu!Iv?)|-+{Bw``W;|iXt>R8Na+wRPXZFcxz!YLo)|?bAX(NL!k53I01TbSK2!#Me z)m$m+oTsvqSs$w$0d9JBHm2u9XUm@U>>{O1hqw4P>$dsQ5ZS4UV8ibo>D|15vk#9F zfBVmc{XOMN$f4g-zc`Y4`n%}YuirAg=e==}DAYCXPn4mi)3T6A(w(HRHD;@ibJ?NN zQQwoJ<{+E$4k(^W{BRxshfE9^w!RB5)uIX@?U*jD=djnFzgmuW<=|(OJ|w*odGCEr zB}6F#wL2#o>40(5JlLOtj<6a6e?^IH@ z3u90;mol$g?plPngiwv}T$YZ7Je(C(v6HF>1+L3=I%efb60}`Rb%cuZ<%Vo*c+?*a zqH~lX9H^3q;UmtJF&H)W%6X`xu9GCPsc0_1|Tg;_1Wm@~rr8Fbku*ZfcX&^P2#02lQ$Tcq-!IDTN zo#u}Al*wZ(87xAx-FUK7qdC067sg?%LBIV-8^W$3o_9wjbJ4|-218U!EH6lkc$=M}ubAynN~>5B4k z-Xk2>Y?^-o5!#(?zY~_^*PG}T4tKz$>cY?^7pyZ0y1~Lq&9yN7QR{sA8Vp=bxe2U8 zxsHpNCw~>h?XMwTe>&(4#}tj+DS;v}ChoAF9-T(9sgYZi+SYC(z}`M(cfo zhzLpu=V+eed^;HrgSD#bkxmw+75I)f$+Ft*N^z8s%=hTGA2Xi$4j(Fco)4d=_V=Fq zSrFpZJs#fM^SyeJ2e@A)4#_)|+wCK*mOow_jZ1|NC4nKz2r5UKIjOws@pCf4KJa2D z#_X2w)i+E(VG%mLwo&Q_)3c6bTWvBr@kw)ofHzdE3Br9a{1NCZ?C7^z#J9S`lcE7< z?(ksQOs1wR3S*sppFlVvJ{qSf#nVIowH^G#HQ4vM#R1a3mpG9vv$w#gJC7D_2uGig z8(jtr1Nbx;g}SbM=80ZO54F=LTy2_%B~F=xnmHFuDZq|*5?y3nV@yn%6)6B)92lS$ zG=YH+hB}&02qFQJ+aUEB*lq^I<4V7h*(8V#CjknkP4VbzI(5s}cf#A4)3sW?HxYo% z6Ff=^Zxk`_vM-bE@fGXtoKkhQ^V@sZN&9+IZ{-!I3HNzWutaTnS) z=-TCLN)+Ly^rSBkKRWWKPBuIc4CvH6C+rB*mYV4-fOI;Z4(UxnT|JJ6T1xhq#aw7w z>*Hg_M9cC=f&?G`B$%^R{R<{z--d+KF{-ogRa{)9*r`mX=4NW`T(gVxrM=3CHarCS z39abU!J#evU}^Z;G)tOn>O*&stBvt77%%l3Jgy!p9J1eHTqCrJrwybTDUf$J@J#*D z*IzB=Urw9<=#@u|mcHwXLCjS(piDWf&A14(v0aK6Lq(Qu1I8J&&@_2{L`ydaT>-^1 zdFrRK9mPeEn-SH><%H9um5O$R0CD|7%gO0#E0TDJpZpEns$JiSZaXXg4rU@;9-CA1K7(Lo8!V@l>5s zu&LgNaf%i88kVu3C!PV0%*f2BfaHs|yO0Z+>V0XN^|?0e;&?vh=xDPD#OF0fcWAgF zW+qeWc`3U8kU4kajE6}KGZLeBJgQS;)JHwSIucx+?Z)up@LmADKYKW1Go3l~SZ(&Q z-8R2-Y_$2ZMsf;sm8Wt~PRPD@)=nIi8pRL0weh5!v4>{NjrP>kiw|1B$lwS7+HkxwrwVkE2ry18vs#v zfLFXj%BVUQuKm(Npj2MAC61VN$=f{G*Sts5J@5MbQ5KapIfZ`b=T|Lb105PVmTjQ! zzO^qcF$d<$Xxz!Zaq!01YV|ME#2@p+>1UI>v(DxY1mH^ZMH-95RZ-1*+-#2NPre23 zbZaxAi`7x_`ueQRArN9%Cn{Q|v?x_sJv)_FO+lfGk$g zVIihwZ*7SK&LVF;)Q&H9hse5uZYWIEDFa2D-CnT98-prH%5D{ z`VEnzI&0!7r^J)z0x5Zlav-A-|KTM71}MZ0@NbQIW>aWSzHNk}8DnH+QF$@Q~h z=8v7PEq?-HR@A4rudQ?J(ll$n34cTLI<%K+SoG4zFKtdCJuW|AR5dKxOC3M55WzKF zU*E_oeOMI=*dD!u2{=lA2tXl_-Q7`5FSS)1z&^h!XyYT?d=fU@q#$04&=_a9b(>7I zi$~=;CN|D{it|_V(y=UlNpr*85{*X`-+^jaXd^D*Ubj1plIx{-hWY3_y|2~smkaIR zB)%Y*o37wp;ddLLb%-r(8eexRRHh>mi$oMmCaVIe%vzwD11jE_po8MQrmBj0F{QYq zG(u|+NLQbzKrHtHjfB>yk3fpgblCDtd}d3JFeqXiSIe4v47i)6RBfAdomnots{AVs z;sK0shD+kG@jzi*A`u9?m;r*;?32da)?s%e02tO~09JGPy9HGe8guz|?hOxK=?*T} zrtF10Rd~+BP*JYNP*wNGjiF6=ffe~&*OyA2sZFgy(X$5I61na}+omQHiY>7)qz*tv z93xbfeD&$ql<{r6jnjAl>=)Ayz`m~0Vt=^Leif{mAnY?jmI!MS1Y0hpa$ZkOiV9-X z7xbMd>hgu;_9go`SNamo&*+1HxUC4M$oizaNz-x8+`iO9?I(?BU0v5aE7uE953X~p znh_$NcbN%=M1+eEBcyLeJg4V0Gp66%G64Wh9uA+?a%Cm9*!IESWHZZbJ61D0u2YmL zm7N=x_$@xO?X@&~VheX0zHUJpQ-^y_97NoCKI0soq%pPoMo$}M;P?h@jy$*6nS(Yv z77?r3!E>b{jmsj64vDCNnLjenp>Uk)(h0YYmn|W*9bzuUKAJ+1e(w?r;c0-M6 z1-wuw?*?$v^qh(xWN1fD-sj75Hrvkx{*C%6)7A{L>8D}D`-_GKlW$2wh6i#?5CV#{ zW-DI>mKQWioQ_t=#iDk1mN`xtZ+0Wr2GTPacBP#Os1p#b9Ul7iSe=LE#mHA~8bNd3 z$3X_YWT}-q{JNSFN3wiN!rApDU>5{GMvPkLxI^Bk>k;juzay~QkZ$CXOIFP}brA+J z1#-mbQ|~;^j#r$-Yt`KnP<&*fj<({v*Ht<+FP~LEy)M8C<`N7$c;{_s!VC*1M<-Fo zObqT^`5NHsxAz50kyle3ojc0>i|af{)<@9?#b%qtd)c+E;o3YPpi!?S)@}_33Af1- z8tFwz{Sp4J-gjXaS;yXPpwC(bHq#+grXW5g+x>PK>$=6A>R?YoA}4*dHE~wyMP%vV z5+)?EPe{he)MA5?^aCb1#~IcRuQ`?mz^-VlUsFq%1FW5aguC`NH*>MW#OUr-DLZ*z@-H*j+^9+uuLKU z3+0buX=vsBp)q=&u1LSkrvJdTEPs0Dz5{xyGtRc#SWU$sn6EeOnApi|b0W(yG3B^*wa1yOhxO{ret%t(X60V*5?xkNJ(WN1T5E zYGGfv92SCXiKzF4LZS5u9?`0|yA2mCD$@n3p7KP$zcDG@G0(1OlbD!=nildDQ3soX zn51X}Qq>0|V%qhv;FC9c+#E#MrPDmcgh&~aLSi8fI) zoGj|Q{K*>tr()_~_{?Ueerhg2arYHA)rk%(Tc3cmp5}R!U=jI@JA(Q8M{mx#lpKqi!e&BgeEv34OdXgC5Z9Rz~$ARIy~C9aogdPk}U;jRgA`p9BDNMcxsQ zwLm|!nAb5Jk@`1%ZvhyT^YyZd z0$3aGu`6X$&M{_pJ3P-84iWlc)w~`Y=|*)j=ex7@477SK!4+H4qC)B>>IP4r7^mjS z2KBe4+QX3dX}J(6yyiA;#AKA9P7oDLbNk2vX=FOyW`dnLI8Tmpb$@2lr#-GJ9|k6@ z;?Hb@d#VcxrJ|MX`*Q+iDl2*dfXT_zB>jw?@zsqUVj8OAxW1R<*jTdrKEBsqHv|0l z^kJ&(ue#__@z) zZEM#)`Y4$GVoZ@*yUNA9c9lM?)u8c3p zvmLU6z?w>MEf6jQnd8b%Am)tA_Wq(`OnSlG_oliY&xo;hAt{CNiT0g(R^G-ZF7S~O z)Q8$GmeiX_hq@2%WLth_OZgD|ZplmYObOxROqFKUs`5&91#`!H$M@xffUSk))X_Cn ziz9X_LGh1PrZ(8O`v?8UF0)*YrIu{Dt|{ca`^=WSL){{*TCTdkusA0fZ0fLNHeI;o zrGuVmvXoVVYpTDwhzmq-#&VshSnIKzoL_ctkJ|6ctmK7t5(oA=qB|3sc*m@6Gw~eq z9p$}}nl1v$%?|+*61L8-be1oT677cS6Q)yxVXvfs@v-A_dIbeIt%&?DO2&&~f74oi zLFb9hS;M z(!1eC*=Uu`x`CzfW*?zy--?c~zEzDI9ztIjXnK@6J#o?~C3knQ?`JmR#AMzoXQuzh zo$0c7JHD(c%ytT^YU1&SwPcr`fX9QZ_9ZXZmhTc;UVQhI?ey9tdtpwB{amDlWMY-& zR13d#X&liLI!Jr|4@6}g7*3%#C0j|FeA*KqSbYz6i%_O2E5x2zExs=hqv5fG~@1|>g@c2Gx5EGxm})CcD%kg zMZ#l_S}|3YQTcs^pcCNMrC#Slq{sqWxnu#_W#L^CY^OkC(`ToJ)2a8hL<8q>*VEDT zSsy7b+AlsWPfUz1-22Ke`Yq|p0pyPwd;Y&B22F?SX2vp4D0wo6mROy`yNB>aNQ$Ds ztqKT?Cu~%`jRSEeI`9PB4*;CvaqO{9*h?YK7ps~Q#fhP#A0)T3J<&KjOBNdnoP`SnsX4vf5`huZ<+Y zSq8vM=q*3E_U&?f(_naD7qFosi_N{B#<<_jq1U-ZM}KA$R`KX;611u*Z2lV>Xa0SX9Pn8}w6@&XIj=FOmQHMqJpapA67sqLbZ(=D?2q;12CK!4!4lv2Q??@E##wT78W`+ zAM2{bz~RWI%83Q^;n3XbH7&+?cyb^CqfZ8%Y|QHB7CXf!m1Sj#5JKOsJ;r3V11D3f+7kJSz{wN> zGyz(K!OSV7|A~%wv&$2d10m%gZ9{zSpq-bW8`TJ_tqNF;;ZOFezCra68C(dy$3lqg zLeFX+1-Mf&+6f>;bHo@vE8JpsS)NjPZUlx;qvJLD;q^<}$Oh<``I0-Tg)bJe|C4i4 z*Q&lLNwV}-lVL*%it>(_8L6PDD~Qi&1|l+A?>^+3%)#EAta*NDNm-7`bNFMS^0p8} z^3&+Rs~8UBX254UO7n~;MHX^Gse-%Bna*GGA4dL~@jq&4w>pm3GRJy9+?2 z!~ua3_$mG%@F*Ea2LrBXr;HgnDx5Gwen}aFI0pj0zCP1@0yM(G*-UxrN@k`P2AqvN#H-8*`3I7}0b|id@{Wt*^Y#<23Z#R zeVl7dqqe*nyz;%aR!c=*H$8^Q?2bSWY4+#*+b*WjKD1SF25R= zO=Q@zOR2G(ZC8_|C|9`{U#}u*yoHy)_2d>vAnShliw9pBM!q#eMF~_~?)W~fExdov zM|27eqU0+(lxYUOA7~f1H)WGoa*d(KAtE#7-1OVC zR%a6|(43DbNda%T!qtbDRBPib7=f5&9a8k=@E_{kkfVJ z-J_!~IBtBUdcWN2|0eLKiQW?z8CqaSpHIDW+2*4H#Op}EZ%TX5yolEp`@+jd>(W1u zuY*?>zSn$H@Tkq3(Qd0$@;;}dcg^4F4&Ua-o~ZJvorq$7ZKJ4}vWk4gX?ZWPoGqQ} zZY40s-oye$3mT1fUFA^O0|}X)i5CuM8G4!rDCGzhl@!z2nXO?&!IYeDzgfT?v^a5g z`CW3Y>qx_=dh-d($s|HMUEd;+p_u<6Rw$EX_m-UHr7(7D8Kihwwwjm~wShBS@KjWL znuf9pxdYQ%?lSRbN-u;iJTi2omSKuLQ(#EPa@Ts%d;rMv^5xaH>#va)$8wiZ`{L*$ zkyL-1gr>JI4|z8UR*BHL0%WVPWUuY%2GNzx#LcZ+Pe%CZFcq;()kRg7Unm_@?1e$` zn4v1%M{#|r&6mRKEaE4pbYYSgG3Sg8t9=t{!@7GfteM+TW17$54Py&RKlRL&I{Srm z+e(Kr6eHV*R;BE{<-t(HermF39Y!&K|#|x*CKC!6@mo+XmHMN^E zK3pAI)wCQsP2M>={A9Bsj*wwDZuojrR8-Y=;^p_gEdGEyK3QvO{#L)=r#73MyquJ} zhkwBXyFD_UI>NplS?=vH4fnU+K9cX|-s61ts8>Zt@9G0eK#=_SrH^A-WYhJ>OaC*k zQ#<{vFY{4$2duQkmM61vsYPbirYDYu|0!<2<(i1PLD7N$5r~fdRGl=y&}a0qBTzrno5{WcE!#2V11>+#zS(Pdp(`qMHD|?2z^K(Zxw9ccIR9;BlS<+ z;4ik;Ka8vZlOv_{$Ioo#545V5Ayq5N54GKgLJF6dDB(gqm_5_Vj*6F_$j8}912PeN za?5PHQT&DeeX>{)T3_pgJ-1I%tKKS4!_a6^SEu+8P3uRT5JJ1=7Cmf&adEutq~0#B zOHs<)ulwEAr}XJg(X@(wHH7%Hd8Jjs@n>Xpw-2jT>8aFMN*INdmm4%{@}eba_GZi{ z%!6wU@Q2Tpjr#{c=iu*{nyDMRTGBj5qP>=$Ffp+REPi0%#NDBHf!;pNZ=*^kU+HcU z5*N!9vz78skF`Hujyct^X&lgbxSMN7W^(L#<5E%p6fhQc$z{$~828VnzRt1~x4byv ztt_7iP^n+-NuBcB`NYqEnW-7@X70s<*lXGFwfB`%B~IsiI=bKxgdx0#X>xI2Ta#5N zB~*}kGK?9ls0dZwDhS@y<(OD^)wfs<7jIxjV>NkMv)Yjb5UFj>B)ujfQk+(7i$G&o z(m)svE#>``Lx~9Bdzuyvu)vSY%q*J7?+PVFj|A8FXiXh^yo{dxfMsMo zJqMgOB4N|2*jokmwu-$QVUuw~Id1Z9wq@SA04HMvYY1kMjwYSX8mO2^C;9*f($TR~LIY=@j zHz1ffd`?Eh!-si#eJVnLUs}qOaK2c|ezz3dtS(|MaZy+pk2mVK=M2YIz@^57E060@ z31ijb&%;RF=Cq3?>WH5ZIDDCDC%39{W)XKj*_zZ*D(Y=KA}VT5MR=dND2iv?rG&SL z3&wKtJ`>p09g$|j0J+chn(_rqVcO-5ULZW3zY6d<(2v7@Q1R{Dw23ld%_3>hTujqk6XCI_{W_Q~;=$SH0 zn>UdG3#%U!9(1;iWc1ESTcOOMZnd^7=w|my$NG9zvw)?Sj)Uh<1);OhG=ZMPRvfOt zbsl?ay(pOVzPDG`z6+FJ9n3j|Nm{D*|opV>TG zkQnDwOdq2k`HtHEsP>ir7>7bbDVk8_HFj9eKWzQpZv{K#*+L&!+D8qUQsHMhQX;w$ zNLjt2Oq_x71&BB3eWJfTK`&LYIVD8#YB4j5=w0magvLS@_8RioU9R@)8uR5nJ*8|w zlVYAC2C%!1W%|5dZ>V^T?&nJ6G%1Z^UB;S9LF7j4sNfd6^v6kx>#(ZefC7c;XE+^~ zt}1(hvB~k_Vrg){uLF(1S<|HI%IcGJDKp3T&@hZvN?MBgx&whWPhOaV8fM;k`rB{* z$K_kAM?xO5l2vJzo$6pTu=AQ45?>}hJ_3b)JRR{)Z%b+v(`G&^#lfYOYdb4=bqWW;;1G-F@ZE4ns(=}$J&g&eJe#2fdjG08J$Y+ zdJ9z#QK!XbQ1CZP%!x8%x$5j89Cpx!UC0UN==15}&I@emrLGn4e7~~kjR=a{0&oQaZDBIMbl?Weg&(as{=;jv%~-A9y><|i+v)jS^b!|!GF`G-#~7x2E%U8xWi zoN?w33bhK$%p27EfcK_)WhJ<`s)!K9pHud`&*e-y?yFy}%a6Q@G49PV<(H6`Lt#RX zX&M?m)(SoLVJucYsm5xZ!F|NQ0w!L7F%Gv)0a0?yjGoV#Y1_Bz3h$AL-_*#UVtJ3* zckyZ2uuSmhOZ2exoHp*WoMhyH#%mdo=r^qo(g?5Ud_G}H$OaUaeR@ALW?2?^Oqj%u z9FcNIyM?2n72&&!<4k6+_V5sZQ+FRY$eaJ}f!Wl#PBTc)te2f!j$mOK3~NE|a#za{ zo7}_^5xT;%AjQYBJXF0gkJtkt^HN^;%Li|$tJr>>ANemnWPd8u$7NRT`4z zeEl{-@1a`Lr)=l1+YJS_TQSS>^I8oL%1J?_TXGWt=G@7JuJ0X@KRY4)JLnj)QC$W_ zIk#*WrF|8=%ek|8ay3)yP4+fgGxEU25(Dq*=$ox8%tFWc!J@Gt0=1v(P+`RhGL_yh zl?<}Zd|KRk9sh9+KQEM51h^+nR3*wQH^mys$}A5UEICYxx|Et?^+k&Er<$Lv(mY2a zA0XJlAUT@|UcrI#+LXEajj>nb^*EjIQHk$DF6n z+xT;G6PuS;6_?C&`Q~lh4P2{5ZYkg1;O7=w-r!eN zLVD972Ci+Hp!&NBT08i}iIq!nI|q(5PTeW#_Y+=7f);eK2PC+>{dwsTfOo!B{6WiK zt**Xn>fBubkj`Z5DnhVHOjS|-nDwu{3rzn?lq3$U7Uc^kF$AUq@f4+A;ZfE~xtycHVGr9qL z9*nA(V=hInwvwhos$La;xVoX?nEGbJY)$C$Pw(D4EX7x1H1%Y6Y^v@b>6A9#Y3Lk& z`P2FlZeGLmibb^2&D=%Ft)u>bl;^kNK>jYxuXXcN`?*yhkn;|;5}|3x54H{$ipUBT zjNslrktJl1Vari-?9AYM3?+&&}Sv(B=}tgxBR9efx{joe@BA9b&4Ei(Y| zPOa>4A$dH3?Tcl`?@jdU*Doxuf7(+2Yqs;>p8cm4?T`OWjMq2E;h=w!*q$*p7A&!} z`LO~~GajkF6TPDWoW(5w_>VBrLPPxVp{yMWK-BspFK}?q)SlxU-R+aQK~^Q+z31|q zOceWcz;yab=%?>047W`P9ha`i1AOe1$Ni#>`<5>+8~duSv;E)n6kNCX!Mr{P2Ity&4dpn0A>(^dM4pK!^x{}^7QJYo|M6+>h7WK zeLtkE_SN?hHg@V_r3$Jf94ck5S9e(=qab^3J)vBvMi~11) z7yN(T_y5b=dvm*0S=z$q+?-wBSHH76X=0J>53aU3Y{K^BX}4;PHvc&{mwCJDcUFop zAji6TEbmwCJUh?$TYLZ1a#}2^j8?HiF%?aWs>nm3$u}WBdF$K@aWWB#pJ4CYX2u^rnTQG7qC1eCef*b6Co%-WI*uD^h+iyV zENb%5xy2&7ftbHkGk|9$Fbir85VxzjWf#IV*qVZf@=O$Mnugy||$5TmqIf zIrh5yq7L6Gl%Es-`sQTau-+X7-^8Ii2uw{s=xer#>z8WHSVzAs!zgsiFzOXVYMYQAJl?*M-q6lF;{JsQ466d7MtA@0@aS32uJ#%6EIc9&rbOtIFnZe0U&;*N=4 zZQX9^QgIp#!N5>RLRQS1E=3eBnnJGO*R}c7dv!O!e+<7 z5%j|>c+q}~QB;H0IE4rr;mo!%W2T%rw;|{p7ZEzmTmD1z;_YV{nT(eQD{%KI@cO=J zSvX|`)|dk`a58B-|Fn4`+XpnopD^9rvaf69Bf2XlX;#;~t)LYOv*gL6OvMqn%YNoj zwd7H3AI~dmyw@C2G1OX2*|>?7^vQxttR6nQhDrc zQn1^HZ&dhK!w7m>e6Q5HuaL&tIxIo*udm7YBakCQZd#k*e;o-Pl zE3DW7g)nChC!9bbED2NPy+e*;VDk|G{6rPHS^WIK^z|Zn0G#{c$PRrvV1x47Q_L8M zp*J`lt!+Lb(w)Qu%2n-QK}e~6r4R4TDmk0z?L1Co@QcU(h+*U{Zix*ZpRW$^jSVP2 zI#(fv=geGbyq)5=FtJwt0++=z^_o7@358_X0-Ibh(y_-zwKnz`}Wmow(Oi#?H znj8-IGhd5+K2IImx^yEOlo4n<6BA{l z2QkGCRd;<2D==qf4f8Mc&by4Gx>$TtTq;1UZp@(V${pX~;0wv_^;f2gBTD_FRK->- zv&(umzb~N`>Dsw_d0}1V&EfjnJG>VNau)!=ew7bF(~L13t$Ay1y}HVzJ+hYypP8ho|?lH=>YSC4z_i+hw?1u6K&U>yW@0d z<0bu+5n5W3Ywn04XUDAP3?4bF2snV7n7e~_`~Gix82|j&m;U4Xe`u1r@{bpO^}`q5 sRbQ3(JMnJ~{H=k%HSo6v{?@>MUIRXCH8=kAZ~gm?|KDlg`_Fy<59?Wg5dZ)H literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/kiosk_mode_sensor_menu.png b/docs/images/hedgehog/images/kiosk_mode_sensor_menu.png similarity index 100% rename from sensor-iso/docs/images/kiosk_mode_sensor_menu.png rename to docs/images/hedgehog/images/kiosk_mode_sensor_menu.png diff --git a/docs/images/hedgehog/images/kiosk_mode_services_menu.jpg b/docs/images/hedgehog/images/kiosk_mode_services_menu.jpg new file mode 100644 index 0000000000000000000000000000000000000000..4cd2dc52531c19214d34c6713381f75e54efffa9 GIT binary patch literal 74087 zcmeFZcUY5IyEhtjbVeO@GJs0c5u^x$Zw#TAQ4>%g#E?b{j6^^ZiV&LA8D~^F0@6a$ zpaBvRqy$VNFeAN736VZ@2u+kw1-|(1v(M+uIoEZrZ-4tef9(COT-TH5dDdN4x!3Pr z_1Sy3_b1>xbJH89fPMS+160I6z}_I>8sNbG&*Ag+fH-`0=&R4+n?r{V9yW=;5Q{ zxBrV_?{@(3n*)Ha00;H~0sDdb4gmM<)d9``_5lE2@7pK7{(IQ>)xkqwe{*>Mfg|F0 zo9_T(&HKLEe@y&JoP_;f1NQAdAf^C*{k;T8^4vFvPbuhLu}0%=JxS@7(n0!^vwKcn zMg{!#;9YT`4}2qz zMF7RIV!iuLd{+CFxa2&_rE%XY5|N?&xD!8Q$0PIV7X*WU?|Ivx!^>v7Gb zv?8E|-%k+@jFe%0Bt=|Co3rk;irmN3AMXite3u##djNFq9^f}Ys9Tz2Z&2|bU_jcq z+uvXh@In0gO-*!v=lkI&go-<)yZEwQ9IpCB$&Jr?uhc%U5!nVMaqPHyMP5RG)^4?u zk*5RCVVny(>tP|y4hU%JwvArZAF0CnXoNvRKQa4`IbY~CBR7#{E+Be@nKo1O7wXXhX&T*4i!ZO6t7C~cZI{nD`A=iI z6w14;XC?g`!FH!5By{aH)mTZ#G;t~E7z$f)n+%j;K?5@BllVq|(V3GX$srcQr$f3b z{CB>`;<31AzRq`etrB_(ht`}yIl6V77p@)cKZ(qC)-xs%bM7DYx`60b>!X{oKL*AJ zmr9c4;(Z|$x*A*JUR9X$)Rrd>F42MRAN(3qzM3Ygpee+FGTJ)NNa*GR^|H*Y^iSSc zdh_$Y*5VI^y*u`ZxNfOmns@M>=>f`H?HR@MubgJ*UKB)oNt(Z8yX5G2DPrQGP&9vO zemd$Foz90e>@?GSx^jOF6WUv_y=R4tYtPEUv*+4z3K?`2$@j5*%ZbxD4%0!UPLmP0 zo%R6FkHu}5KH39pwR&;#SNOp*fA)ts@lWjm>fEa+Cc6zowb%ObdHUisJh-Vp zBdhqzMs%h>26YYvoPoh=^Te~-Iu`dx8gEv_2VpEz(-DOIQG9k+M77w?odIhD$S?z zUq}|?sCTEF8^Jo2m3V$H#a~qDuFZ%Rvf7c2S%`}j1KPBtrKFA+k2zsF)gXEstzcgM@k8ZPc&8Tbh>C|;hgVPtbl2xlG`e|X| z+zB2(b zI1V#xT#3X7@aV1rTiS*EEYsz{p>}YKGx(3&jp?IzcN<<~i)D-Kj{epUY0(zEiA?#f zA@M5fw)b@V)G*(k$`UGb)u`Jdt{0IQ{i@;IZ*k8e+(eN4Vz>djePFv_1{h5S8cC03 z`HaQeVn28=q#FaWOLy|7`)K?Zf@3e3+;*vpzQ*Q)7f_8NKd-K&>wFJyv?Hrpgkb-M)|6&g}v$84u!~aR&XU|3!Psh4yTWq_@AdV=k&=lmk%;uj|o%i8I)`#@= zfFXC6XhogUhzM-|ZTZKAk=MS0mpL#mc$%3exF}}ZD%vs4h?K@U{IGwQ9e?_P?&!S1 z4oFXA#LIqU)xV${IYb{>wpt=(5ll8_9^H4A>Gb0WMwT#vF-(+@M52Ykpq-!Q&WEIQ z_-^qr=w_59>U6vnDO}VJA1KCW@zHH<8?N_SU6<@!(&4|}?g{L13?RV*%hqoPPn|ONwu7Yt>rw9ex1N?c%%j4CI z3@J^0hrSMySVKx~O{tSOgzd}yhrUK#DL>k94wu-&A5teSYO6AoiWAEiz$DALbf$-= zDO(Y4-$$<^nmaQDj3}B~<3pc>KR=X&AWAAslNiC#Mf?CYdLeZP1F^)!!ciD-G~wa0 zW=7aQit-ONRjezUJ?hecet(PI!L6W;wCK*O+nOoBRrbY`ZJL2azSK)P2J@H}b!x+6 z_~}N(w=c@rTzSWlY^(UJM%&^Dt$Gj!30<~Yu&jeQC_AgruqiPbP1=u2N=(>$ZkHz|BNalx+7`P-q;BkV5a99oADg!?vgKw{#SxJ3>F5&ep6!vMZFi5Vp6d zx)LMZNCrEq1pXl*2a@}K`wl5L(c@Vxk<;cnU+V_|fNx{&42EqboPFBhd(r+> zt19!N4Ra5mX+Nx0o~Slod%L76VMwq|r$_Z>B?2{sJtznq-B#E6%gec~=QZ94(@Z3B zSa@g5YDbSk_(MWMB0;OIFvGR)@=$4M=gk?U-Gvo__kgOWWU~eQ>dtC#wRUB3m_x5G z2jf7G>N6jX)~H*Z$qB{|EbRcA97lt$q@8i)hcgL1V_$x9^6@?i*T;IMB=ax zDJq%;(`AuQ=VZUjh$lu0QDwf@4i>}7&OKo6Ug!YK#*>y^Aka{ z&iCAcSA%!wzwGQ^8)kxg=&?KWlW?*O>3@WHo zEs^9)wY9Yc!LcK}f*#ECGGYuG2ZF$WpsILKMh4wSq7fL0W^RWy7fi5waRgoVzzX5M zeu%$t%-fG$zL2n+W@mI-6J(t1u;-!u&P=xsq zsF`MZR3o&_k~!e{eDd+T(s`+CPm3)3i0(@%m}BI8+jH5jW}v1?D9)(0imqAMYUTF4 zpGKq=f4T?i^^AjSLr$vIsm(F{V0#lme;8LeD ztQzwJC=n~;Y2G4KVK0%UK&*kI`EPuHSmT5}LB=T{lS z88cB)QL(EHKGUYh%3VRO{CksKgZahuN(*-n&3r5h)m?q?fnu~Szo3qA$~0e-iF2$% z<>!%^t8Pk0NYaHqesOj`-JJr8MM<_Byo!v9b=HfJD@c_aUyL8$)Kq~Xu5TIA)b5bZ zs>_v{zEi$oTZ{HpP~&Lfk;4w<(^d>0JX&CMR710y_q=y0Fa{du70qCurgEYvg^^ixx%j80Q0_z7N6fq$N){zTIUulFn(HNE^<`*j1B;JpNb1-hWy7 zU6@~@xs306b8nsNn)vYD*JcS#KgypmIS23y`t;kr|M08d#bVC=A->3+-UFEatP9$W z1KcI-$N>Iq+|t_jN5blz1HYb~ef#wxldh-7zm3TIkI+S5k=XI@4i|6-zwO@ruQN+fBm~}{<91AOL!FGm8E&xOO=s^#&;JuMzRrNNcGLkcvCKB#zVt~TPS~=;HOJ7R*;i*T$E$%EQ!kSp<4fmVx*=oerm{~`R z9SihstFuq2+|qSx#SF~l!Ms#BIUKOO1c;M>b?fU_w7+}vOF;m@G0%l2JnlOo9I1Jj zl^q;`6AEVMojw(odK}J(NnDG-1#e36@Mw}}+d8OkT9K+8_;J22m@@RRZt2d?Uy8aN z-U#XO*bvS}7qE#G8duG_ox0;{Ky2%I&LXsL)?VMd&co->AQ<~BgpZt|gl~GTgOzNB zJ0j`FFU0@=pvv36dw^BKIT+ND3!8`gIi{Sl3p?6Zvx!nERVLsp&8#9Wc<%v}Pm%KI zVMbaV3e1gMLw|05!YEKf$y<>e<`DT;iGO?gVd+ON0U@ES!)V)SU|Oq+x#bcOICUa9 z9A#qX@A&A$?CoTkuD|hUC6t0^a?fqe88;v1dgQ*H-QEM}g}Hoi+hV?0-2-IU%Vj99 zeaZ8~>!16N*M{GVSlR<@9^zE)0eZwNdB1(C2s7Im-569R#eerDy?EYrobY5 z%xuKvhf6Z{lW)JI7k86A`{h4^AMZA=y|PSg-npDm^C5Lzoc^BA=})u2Vc#@-*7h$t z{>m?Y`o`d~Ec@NWM{q*8V2u-Zi4>mUG`x9ja`Z`OUpDU9C$9AQhVmc(%63d~A$D`7 zDV&Qaz3P>zvZ`+^9=$o)hGy(C+`~+!v5m?%s(${0<(o@CXkU9dn&Y%xvwMZ*DK>=N zJ;3akiAFAR4-mMk-AtMI?F;hHw|Dxir`~bke;fU_1wuw>p4vSzhFiOL% zhu_@P5m#5fxVkhS-T*QGW()_eZz~$#`*4<(yzn@a*1U5(p+*c2PRbGV0Vl*}N=b8) z_fKEw*?+X@*y9DAnY7*IJ-}m9X2gz3&6X~r)vY&Tcn=U)>iTNz3+m6eGX4FDo!{+@ z?E&Q8t$n?f8z>5lNHi&qVDAAG?RyeSc%?sl$ssLU(m9iRW=pu+42l~VeI{5BzuRSu zGQqGNAAMBy8hcR<|B_sM-!Pmw3f4QZkW2cl*(0|{Rc!qiyd#t&nEK)j_?M@=j_VR7 z{YA&$1ONcPa`y4?@g`v1^~DHMdiPr8T*}Vq6Jxlzy4=Op)%q;Sk_7!5SGRa*pA-6M z{`vNK<+;*`YvSsf5~Vfg3Mk|1Gf#1ZBFe0#Pb4^GSj1b0L1cc zyu^oo(b@Hg36Bhx?vG#60|19A0&bJ*OoAdBwT*t+%^%*uk4_@yM;9ZS`c@}BycYg~ zJ%>ye$eS~b)!dp=OF}^9tpCnvmKNekC*M=tTv}vbxqB!7O}rTW0^2&SZL187UA9+Q zZ4oz@7W>iW+<7Z;`thD(eDe#t{TCg7O`iDazX`qx2I8~X{&%gbX)>dCQy+aqJ>2qn#dDs`it7Dw7K;tAOzu0{tfEt z>c(_dFudI0@~b(3dFvgsQM+k&B?jHQg2ArndKZv0WxPyhSoB`ZB!7kcR#fK75Y=<< zwJMcr;}_XQdDons)fl=N9lFp?IcTTqd)548nc{I>{OIKZhD)`bz8xu4Ub&*8!tY@Y zMPrhvC!WKef&P8%>w#;TiZB>mT6zZp^H-@_TFnM1J zwcw*)xJ7#)Dy^JyLttCwC8E136jp)_$_y*1boca5=)@WSs(Yn)kWj=PaX(2ZEV*{M zfkjG@zUY}4(@W3x2*Fvovtp>!XA^iXlg~r@Y^*p#CGmmFt^55}}Ui0mv@ucvh;;GhQ$Z{J_YrK#$H)aV9 zG$h2kQS!VQZzeL`^%n2jr)q7SB}N}fUnug&?6->PJ}Y-r-THiz>1@0iv5y1POQw0c zE(*bjuGtCcnOZ}zdh4kGPl%@x;{~P25?&BZ9fJFL&xE^EiIMri1!Eu_St4?J%Nh46 zL}dWmA#~R~WsuTm@??zpS}-tZ$}YKk_6=q@@spVuV}K>V>-bM%+gmh8*&r~u5e$lb zzwMS3qVDv3z@FqP@Z!$%~(QH94&m`U* zRk&zg?3|YuupJ^$Q8FwSs8>p1cvXlCyRlBFtwn4nyMPCetjbT1_Uh4VP!7ofMbXIe zZ5tSl$1CiW$Pw~zE^1_j_fSJg2@X?&*`a@*Ou9{w|F)^Gs+g39my7AmHV89+Ks@l#&@{Wsq&-U4FmhPzf2Kh0$t9VvP7UQM4iy2#t`l3i5U8_pepudeXP= zrYSr;V(9qCF(Ss{oWGrYzmoiAWAh+(m#gi0nD_Y+4Cc}$jBgbN<9(NwwK5S8Y%$dH z48b8;e1D6AD$H!O)>s8G$)8*L3Ld7YOG_+7=_9>ZZc zVwKbFdXO(yA)1ym?(>FTNmbF!$hjA5s=HP0c|bGSJ;Wj}zZzq0ZRgSd^_Bem;D#3e zNB0P1BsZ|Bu&S!vf&Q9r-c`U6EJLjn6pHS>WF>oh9v-x}9zNwt(HQLY62HzKT52QE zRO0W=fII9&C=}8jrQzbxNx3&N=aRU@?+i)9_!h@uFz7dJ?Whc2^)&S=harw0-3<)x z5HGq+B0qx!!K-OGBkR!`g8k-p1!C?=*dE|XWlge4U-qT^Puv0X5!2bN=D&4K{|PSt z^KxbA=V4ak*^I1^wHkJtdx-sN%kFZ^S>;c(@N!|*iK(~E$`GoGr?y4=7UStVrc|X& z3Vi99lEHL%uGKseoh^y+^?|yEwq|R_pje!~@(LlV_#g;^pkEdRy>#*sKB3n1lNM8s zdwqb}T5dQNt}ayp{iFt2L*uW~bM?7Z#~E&dK2ZR@5_g~Onjx~h`s4jxz*p^W27Su= zZg_Lwia`vP|NW83Y`IuI5QXIcQE0SN;ms5@AG*XpomP>D2)W_wF-mo(>($lOH6l*u z7$(&@{s1t3dhsO(EIZDrsnVyAFknUwQjTxmAe&C; zZ7Zr7PmA$1jE=j_escLuRtM3P3q__bdckkVhF;n1dnXlx*}t!QRoD$2{>i!cZS)$IXwEz3X-c9I z7NZ>IwY9tZd;Qy8b9jCmL@J#i0G)V{Cf$75tofut!VoJV3X)ikPO>UO*nv)6ePYK6 zoJE1xOdaivGMNKlt=R>>FCk|Uj5R`DFrN<#W6{lJvn5wkK$=O{487tOoSxZD!mdJ4 zT2^YY<|8{XTv9S|2MkAcC@U))zf0?*wFglvyYcfHkjFO#%d6&vKargahVW-=gJ}s} z!D%qOWKkDJs~#n%lH5I=fOKt_iAfbkt9LA-B!F1G@q1SKKF!FoKW+Q2LDSR^oeJYv z>$TM7#1CtAF_J0XAUfrlzScU+R3vHHNKv}?{GC0@$-CHHOQ4Ayqeasb9H4K~$ZY&Y zc0#421{*DfoU1u#sTpm$)55emCUyM{9LDaz4#Sr`ckVa}x&)cVjS zHEeXPD~p3x@VA z*li+*LT5!~>;XP$N9?kdo68plaol(<+^=MsZaL zDHu!7h^?FWZJYplLq0(RrA?-Ll9z1S2Z+*BaktWZfNiOe>Bf>KW=NP7>}o}^Ly1A( z%;AM$CiC68>ss_=7rH^^NnPW8XR^c@_b9|e8dHKGrmP`^>kL|X)*cH16D6HBnuqeCasuB`ws%Lh|$ z-gI^3?% zCdA6gi+h*FPRJHXTm*4SSJ>lud1Oqqz+01vofDpeZ$EL!Ebo-=T$wKK z@vI6+w#Rmrkxvmv+QyYtLJaz8gaBu9>*uxE25ZHKH-S-rt9dM~$tw zom_uB1j^9lqeVW$vw!+EO~w_&?gx}0=Vg|?m6xjATj#2K9H|-@S1v89&5H0L7fcq0 z5brE5%x_=91T!Rj>BN{Pb^KNFM$A`H(Un2dpd6zkd@retNv#c<*20HhmFnh~i=I7y z)nnx1FZt0cFMTzo@FKAY7Hqc3puO(2E5dUm?MI^vGU^cb-4-X#5)?xSo*H2?a7p1@ z%?s8767IJ`QDaC)jYP6?fZ3yYx}6Z~?J|!mz5N>dCn`waV(I1?i#TnUCn5~Qy0-7# z%&)PNeP|f`bOXboAlvOlyG9YtY5^6QWwmPAVF=2})w(3AvRatS!w@~XTs3;ogT=)7PgV#a7j# zPJD0;1SkRPlS1XQwW)M+6%eeKlCo(0M}K8N7}F{<_>w&v-$LU~0L8nf>R`ym-}pvy zR0ZAXIOR^}Mhfo^o=IVFo>}1#Iuw1`@sa#T$YyHG?7XhAjP{Gi@v=>{o?O-;nH_ zknBT7N~KBB!y0}~{ceR1r0^Gct!nIoM$O1c3+cIr*9F$j}97lRxva*oLVe?7jilCBt$^U0>Dv^CiR%O4(JnuFlWcz^rx=8*?ly>`;5&i>L9=m=#Wor_ylU zE$us61(=Y5=;>l?l+3a_fBZsW8C(*M^agf;^b%@vSMT{>E4}Ehm8Ln+1=AiU_%8C2 zeWS#{Had&}rcXsu$z5;R0f@AL_gPhyAw0EAgoYCQ``#|9227@1B0agD6;(a#Z&kjM zx@FM&j#q`dXnA)=dhX%TLOhc|@I2j1R0wpX6prM}_Ijg0HCDmyEsJ5f3J%^1X>OUe zFIpCpZ&us0xdAt%oJ>iH9hrH(3RH#`OkD8O8)-$Hp<*V#Pt)5}x6#T_H@8Fft2s#a zqe8}Q&u@C|DXv~(kLI{wY02j}SOywS(_LNlm2S4V7fB!NaoJe4IUgTi`p1o%8$};1 zw>S!Ze6?A{8@I8Fft5MM=n=RBeNp0S;CM`mEmd{K(zoMY=kd$Dfwfi2_O|*Bt5hEh zUD8432zbcIkJ|hs;-J&jp_?2y@}fDVLO$|o!_>s z(an2P%}m!AK>uar04q+2KNo^P*wCjJP#{nXxwE$6E_-0`D8fKtjjOf#jzgp?O5$Tm zFpy~w+FPK-mjE_$q9$q|9j$Kk?BBiAf6C>}f-dwdpMEQYq{1u+$xtjzLXTBO1e(%m znS(8i*RRW=oJx46-GC?3Y&7G&%ga0E+bXX91cK|FU&#>Pav6?kt7`}1z8Psy2-Ta& zn2L-G=Jr|RhLjo4*jGI7!(c8KPb99?Q55dPCw2ty7;(_O>J7p|(`{Z|YFE=Le1r69JR)0Ak_QmTjRyquL^;rEdF{dpM2 zDJYSYA4-qR5?z+nSN6gHI|GWFU;7_`1qM9W(&$jjJVn*5^BEp%@Byy1)m`Nz)Q0}y zQ&bi3YwBSBQ?89r)!oyh`kIpxoWy@EEh}ejBwOq2tu7GnXlw``j9y)vpXZw@D}&Or zI?XQRSmxZ1!`5|?47>|ycf^%+fvVZ#OJw=*KyU~qu79FRw{e8#slOgr5Bj8XqG3r& zd)^^^N`Bh4yJeP(!JF%Kn~S`nMKGu{i6zv5zWvC@VJI2{R3F(A6OWcgI^HYKWlqb$ z0Orso#&6$1S3)rNBLt&66OYWX`LkT;z4@?Ly=2I74D}(-4`Jai`Jpm6@Oi27{Oz=l zIem1ISSr!Jy_H)?8+LGe5)`!g?kHt3kFPPT{ZM2ts#`*VSM!5|U>I_G)Kt#R4(TQJ zWGA23HHSVWy|(VZ+hRv7@?}vUULQ{>_ZY+65y9n3*_|m`Gu*7U3M#)fb)GHG=;`6C zAYDXpX8z)E8dGqGoq4Hbp4O2{A(o-LKoWg<0W)&Wf#a^P-jBJV2>qDtTN}ZIQ!+%{ z6*9M|6*6)}eiHL25SD7{{lU?0ZV$jAom_J0wx1`*L;UK348g|&Mt*f-2??-wka}I# z8re59VuLV;u?k<9SiZT&Bgbv@or-fPJz_s{&6URRY+>aTs!^IIQ{)focSIK|loTwP z7Yr{#4B08-#mY*r!ggd<2f61Bc-ncZsJBO7<9M{_9j|~54-vuaH=^lL)VPf{j8?-v z%R09cIr~xwPLC_$xg(|a4=+Ld8`OW*>@8o)NMa{4^bHr|tl@Q-5jX^n!Jrr{N=U_4 zTR*EXADq=VWu)pMUr1fV4<{GaU~@<;_0RnV37~{*NHj;4-!HWw@p8e2?X zA$EXHr1jsphLY?IxkbT&7oud-d@!$5Ah2~><`V%aynq$AU^epOFM&%z+s5fMuw^G150+Dlb`1>jO>a9t>RvwCKkY+yZO^>BX zc%lXIywXgeV>OhIY6Uw84B&QsRRs)IWF!SRL|dFs@qaxYsv93V?HWNJ@#BWQVEeC6 zz-lGM3r!7A_tGDs}oP~V}Rfs;CJ+ErA2z%H)>}Yi^pEDCj-m}ge^x%X%_K0 zcWxEVM+c4Y7Du8Ipre6~1@uDtnZ)O8!D3y5LP17)huGzz)`M`p{+G(~J?}8_l|14O zBLxG4EZ0L&@XkCu#EPI**XVB;WZ9{7Nw(SLEfo#IWIk*v75;lzI% zc>Z74rs4Pq!;N(TZtX^_SKrR@8s5i;Q6Dn4nDkYXjBA0%G(Oz<3q9bF_Cow-MpMM? zZ3ktG+q)TNqnj2Xo8TSy?yZPc=5ywxS3=QWRs5A70QgG2>Da)6&t^tr4Qbn6BP8D&oXD2v#aO_={LXahy=1j={ zjV?8ac9E(cbp5@gfl#hJScGFbVTGKTqByO%<;14mVInCHS&&U+6za1>%IifsdLZzQCP%Zk(_YT&BS_VuWlvGuF6*StIy9q>F7Omc*m#TWOs z>e{AVqd~G|M$+^mKh^$J{H9&%`ArjQXp9T3Jc2*&^U8c`Je=q?U$t2k?B0%07jV~> zzjanHvJ4OmRI%ese0Y7#9`777FUK%Xx>M7HSXO?Fj-ClHfMl;d>@xo4d%Mj+>~O`M*Y$%4A^zl|Re=2UTBl;mfIB%8_1=*_1r z^_YHYP?X?Vn(BVcm_w5)nhy^C&^&+XbSAMV19ic=bg&1LWTs>wlXydJwnNlZu;hV8 z2UDpZRj?K6EDl|~I}ukEn7(N_r!!qN1n@7wD9gH-vjtB&Hq~NJ}tMK7Is&W*yA=?4z=uXw~ zi47uj8lTl45nxWP4rDJHr&2uN95&|l3Z0Sr?zB}cCC9zS@9;2Y~qZj28dmOB}^R&k%g3^*At z9y2rNM(JK~r)^gsORr5TxaY~DKYver|E=)MCV@(rY!4J265NHFzt&JMKCk5p zmU!cA!%QfjaB<3H574HhpgkCfFU2iKS+~ddNM5X_>7vT1lA8`=zrR0NCcqa=RkqvX z{KH7p{1mOk5*?pNzOTQx<_9Y2*>XR2v96v10-tW{2txdt43 zwDWlZ$+6weX$xwC`^J?1U=QoOVY01S9z6;}Nc?cOtJs;8f9&)KGh`8GZIt4r!6#C5 z5xMb%rQH+X2xDNRD+T?jTD%I@IJt&0&LwNL@p(Y4hVWPv0wLFNGm}JS37!sALE;jt zrJtrft$yYZ9s8g}?=_T2Hl@$=_{9lU6vNBJjZY>C0wCg2iiTOIo<0ezQ9?&-4=XtkrXOcne3 zL}^;<-h9W@C~DM{CBF(Z=L{D97IpCDp~N-Q(2tWQc$NNhI`HHz`Lhu-mx`(__W+pk z>fDd&gyi!hzkh+NU!8g^d+wcg=cOI-7KtAO+Tue|5fQ6*b5lDD{<(KT_IA6^n^Ve1 z(|2KlAyT!~T&}7eNh9R7*O{3!5Z7HEgSEt+;}>^7s?J%r$;fg8f#zKUlm&~B!OB3L z%0+>hAt5}=?a7DtejB$ubH2U2Q{k!Hg^IsPkY18L14G;~yF7@JC(jBCCw!MLS|~u8 zHbi`++%O8$<#*`46CLGueLTIE@rSA5HFt@=p@$f&)#_~fQl4WF3r%qG4_Y$xXjlUOm_Y_kJC$^wP72ogyGI0iIDAq zd8!mAT)h%r5DT^JWEwrIxYOscZD7n7?{*jX7Gy8HXAyuc#_@Wq8|R28+m0+ZknN?a z|Ih@bjQOp%94wr>dqdv58`IOoH08*G?G|kcqDJ)S6cH`jVW0-4< zL4CY&lAr#L7CtW|SXpg|mC>Lg1+{Vxm5`90I1-2D|MdJ}BdK=9=3-x_(ul!0su{gi zNMuNJ<3da6I)yUBy{7B}N-@Mp1qYPuA!b3X#H&{`DN`ebb8L8wtbUyxn>dND6T2x) z0|Z&ZCF0{&y$_ zj-@C@B~}DBBco?>5rYY{uXudZho6WZg6BD9!37+x`VOIb+!6>oBjXkvl9B)D(FKZU z<;_2A;~Y?5M_*W>*v*F-xX<$wjZ=eYgwss29Iwrmjbo(Xxm>E6Fexq++J&9zY9r5P zZE`QKSMp!bHQl`fF2b-EI8bL!q}a}0Mb`CzDS>5G86%Bnz$wf})8(f{kIpr)*1pE8 zUjAloy<4B1pCtWLFjpt9QZAap@%PG(Fh9BGUC&jk#OOtr^u$}9Y#!7umw{WwAW1A_ z@P#StLR}YFtHTFNNI2bi_FIk1{XdIa=KtD8B;w_iL|wP;r<=d7ih|^KE4@Q zP*=A{XG?0bn=1-ud(_tpYs0{`FxX685+Gl zCfHT+^`r-Dwd}N`-XE{+4dPZ=hw=xjVIlA5_W%+cZN8C=OZar*#@DxmhIq$9W8&hd zLe+-<9w2Hclb92CxrU7Xbl|1vjAk)97ZR|X==e$OC+e2qY=mis6NetY?_F@hDI6U^ z;RQAohs#Hd2PzNb=UEmH@l5~=MrJV#{(t+tl{mSa>;!M0c~eSaE`Qymv3k=_Qv;4E z4WhcTAG39Grm4#Gf++e&^wm9p%UrQNzYF7MX?DiP_^?;53hw~v4)=MFQ}3J?66!ro zFQ6-cy$WL6>YzSjYvod}<2b7WKYZbF{-3x11@;4W1eAT!3Gfz;7|#}6P^;zrX8pHp z_8sp}`{hj69)P^FY>JgkJ8a*Sr26yUi2m~UUtxQxtloh5G=G1MAZVNV@;T%967c$8 z@(4I!W8mueRfyS6=X#a2jkSZ4x59PmUrGM=( zy7Ccs>z-6@ZQf@%R9|%$uMcL5;V^&2Z|mtMDIbPed!410^%75nw zb9+DgPdIGZk#WwMritNj?i1d)z?isjNug}RFG7rlF5z(?1Q`{2;N|MBW-j_HB;Zt{ z?I(Q`F&LKCn5O4*3aiCn7;y?g|8Jf%pA!{2?rfWFaK$5Hsr>~p-f84NfLk1Oj-m_{ z%JGWCvm|sngG$C&j}J=@<_AR9-OGS$r#3|Q+VmhLk#dDJ1qHBp`ZO}$Fubo)BIM^U zY*f6_T^~N+QMcmoETC!=9y`F=k^K(hX0>h|1W9J_3hz9 zIV#cP^QC8-vt0Ri=1iW*h5rJRH#rqJxih?22Vd05roCo6Jr}WEhl@m9XYik~m&!xb zuaxQVj?|xAFUf9k&)1z2&%#J&g_TaX_!^}Zd}*8jj~S9lZJ_HO06(!5{U)i%;1%qA z+!~kFfBTgKb8Svj3jL(C^Wb^$37qpJsrI;2bG}rCu%B#nXX*pRmj7 z>%(e_BDh1WGZ#KAWfRTaH*s27! z*|DHRk$>gQ*9`g4;?n1-kN&vxs-?lG(1$h$|HU6hc5I>%_5An-{aUbjKC19)W5e37 zkFR-hCo?cE6;m$eO`dDEp4jFKG>+BGd%?qIH6=4pw_XvUk`j}b#RZ$GV&%)X(a7qY z5RCzK9;x5MGrR2panxYkmJ)|fbjB84pIKhfLCP#*q@)1(*hSxAxD&~5Vbl1*@~b}r z;wwz%wUSYw=tL^0gUG=w_5?xylZXMf)NKDUmT5){^B*4>vj4%a;&fh^uNgv;mvrN((rpdX>oeCyH*`YkuvGQ{ zUB|!U$Qc|vCi_@?<>W={YFUv|$Dn6wbk$>%pHq@SiERZfzuk^Q`{p4_smrtRL-3g& zEC`v{YW`?Gt$A^w{H^vJ&O0GIF?w-;=+>&9tFD$4hsG+1R|L?|t^yX{LHrGn&qm%a zwJ)Q^N3Gh<3_mi8ivUJwsvogPkNSHT>;KLAnceaB4=U*Qk8IA~E_kp~O3Mw5I+~(o zR(VefB0i;tL@^$pyuYx!9auGZN%|q;nqx%(T1n+fIrDtH-&^jfi^YE3-pcbsJf^8m z2n;QR{#fbq4vz7sCv^rjGuiJ^HqTx{+)91qzd|Yw^cQx0)O*=BT~)Boz`rhGBV}nn zWBNl@ z3QE>%CBOf1jT5;sS(s7^Eg0q}mY0GX=GI z+EPKJq;N4)FvR2-8CjXX6Mk@4ok_iOL9S^c^dGgdnVfo@zMif+Bd{y*40FV(04BsqWffcK0=(qHHUJM0~IBly{%Ol%C6McSJRy>{2~6A z3)_8nqRz8MgPS!YqZom*ov-JGN3+D1NBY{M_4kB3;uX8y^*ph`{l=WUA^GE9P4cf# z`@Z%)z{3}f?l;N`-`E~`8T;Z`t}1=7YPw`#`9}QU$~<#vasVr^IJp1Ek#CQOqzgDb zt+F9ApxMZ1)-tZ(gqA(5o}?MTlVi7D^W$|{I2}Aj3X(b&ucPP?AGf6^Pv=2bo_nMD zGW4$&&$vAra#tfQZi-K5QsUZOEZ+*C8)M`&)4ZYhE;^$(^7Zd&Wu6DVZ7NRDU5q(j zDG*q9*W0Y2(4|nD=Qss*44pg2jpq8Al{t0%s6xN&;gz&3b)RvrqSmhfYV-LcSM2W< z=4lH=UTgC`mB=HQ;yYOTs_C3YxP@K6(2dhm(n$bD3Z*k7Tj=qaE{9dD$e+et`mmpY ze?q{vJ~>HBg?T)Gg>nD=c@9f=It|mMV>4xDfDyta(t%z#;;TQrn!mI*gSQ(NJu@%p zdnQZcz88)3SXDdxyg67pgk84(;F+&n-p60kw@N_R%O!cymRQ3?`fTO`KVqkO_32sN z((SMKDSll;h4ROa>6qsfs{deO{5{j2}-^L!Y*!Dhdnl5MavH5>@zPI2!O44Vko=tR!WqLiJHm;>=4EBJP^jty(bY=6VX9wu zjHQmJrdnJ0H#4;?i=qCCbag_U8qlwcfYa02%-6X0^sISXvV5h(Tv6pw5jSmlU4}N^4WyJFsJCs{# zr&UpO1KD#j;JvOnC2xbWv@|DRarY@HyFY@tC7esUSazAOzTqR#uRfn2!rkso4)Mno z2D4XGfy_1^S&x699ef!^7crpo?~RGG>HW@*2r+h&gL|0z+}~5e-@Ys;PM#>6?3-n{ z7oKA#CSgo_ufOnR$Iy%ISdrYY6V7{pdype>0cHvI@&;bGd4GkTyM2B+g^5KD@Su>v zmQ3CttH&{fk*{=Ma)Br5iI+N18e)zf%DY{Dlj#v^o@&5k#qkEJPSr65H`RUzOrP+o z&1tBKtVxr4pwtHaI|ONy*|}r9vIy47I_%aBto)Eda_dM_y7===HVq1#4&T|xsCLYc z&#hg9!rnY2Wgo)173Sq9K5j=I^Fu`Iohj&JcbMIY$M`BJu*BcmnK;mE8=wLyrLG@G zxc?9K-UO`U{ z$dCX*gCrz@AVU}pl*%Bp0YaF9BJ&K&pdfmWUswOF)!$m*?f!e+``>jti$!+eJ^SpF z^X}*D{SMEYDmk~&WQu158bhYoh^|mzu={0a`rNr zp>Yv(oYZ69of#9MkgrH%3a+e8?RFXe%{6fETAkO-sSG2Rf*sX@l%!O7F?0iB_ z-{>TV5%qieFWpBGqP90{nh zcJkC52fmbRAB+|FJwsMANsP2u) zAzdT$#C2m?502^$d;Sowe~0;0FNl9`-lty_OqQ>-Rh|g#t>*erJh`Q5qHxo#kh8c%~2E9s(#U18F}M!hY4pYywY4$rCU?xv;iZ}l1AW&FxInhTnVritkgDN}?<&KZU9 zj2F3?i0MC@r;JCVHYNkwiwBA$Zk$)RD>~GBp))w5`Hsr@-wMvYs#_be<^-u~i=yxx zZ4hKlMobMl)Sqjc?_c|E<T&rGXmL^i_rW*4+(-wZNyz=Nk zA5@a@g|T~I3Qy9DEN7$gQ;4^8G(q;W{X;dH0pfznp3#7+eSx&e2r{pxn8mi$s={9B zLaWgdM=(s3EM-3E#W59=9ACc(!}-{U_Myco9xtjSmsre*N-bosaSy1hx$r)r^HB;f z3A=TFsj1Odq7@@)2=k(m8iQ%seOJ6R&#%XX*mh*dwHet_$2gE|8j1$UFe6Vhzrs!CtLaZ!Ew8V%=KwCeAHzvwwuqq)~Pe>Wv5pG#y!zzw2~T zClGU6&*ILi<_2bgfyQ%wb#Ih%=4J)O!xC-k;@&P0SbN zYYAvu_);GLfuNce9svS#W-g+{RzbTZc^O%-NC#0IU6?B#V!oSlCfEm^tTp8 zgOreFnH#5dFm>TCeK`?oFl!>FMe2fY$j_ zbMo7<&{`vOK*(9;G!urQGstx&XQRlY^{INi7{@spzf1AK;y~Ddc=hm$=lAZ`#OIJy zKgw_4^N%)jCos-~AE^?}D19RA7x!K0l#vl7;crvBaLnUYm&1$=nMd-ImX~ zc%rIIXIH&+=PI1`iTxgl{rv*Lq4B2l)HAv6jSh+wm)V9s5j0ebf7{d80+hwHxl%j0 zKyreiE?0CVCuyE2Jok)jmFgbZcltm%iP)K%h`MRhMOYyHM|rA<>Z;Wa%kWNIOcJw>Gi4Y;6j1RMa0Fyz!y*Y z%Z^SkD;)}l9((N^DKm*Xk{;j{izJKxMHda}o?%dYGyItWHFTV7yD+=@etZAPO2h%_c}$H31ULPBspvAb(|o6$xp0(gp-r* zE{Q&-a`}BnUp(;h%ivd?%>NlTeCYQfihRf+h%*9hN}uDX&bB*$Yw_&8&^IxWiW`tO z&^OgZntEuBKe-D&DbFo>x9fl;dxwx*tG)O9y`?dkpLXqf)$i2fsi}Uuq~HdV#xR8H zgFz~aiJ^W|HQc_!LJpbyxxc2SpC*vq&Lq?6drpKvrKJ*+3TbNYeREb;tH)F>0H^-z z>ysj-^3$K1=f9oa9!&&>aHuNf#DC>n{!QQ?-hrsKgNu>nSH9c`*&bgeK0I^F;0ojR z$6|_Vi&;@Yi)!=bJ3{O8QW>S`e?KE2`CarUz4bj;&CA~HI{0oENKNxBt4a3b9{%}t z;BOyyu;*T6$NeuilDG4giD&NJtv)|$mGWm6j*pM{3*ne4YpBNuw;>%ci7xyZ_~!fd zZNBGuZwq{rqb*+n!}N_JsF*M}2v>Y$js9r;@PAt4GON-xRRh~E>_PIo`@1>(I`+F= ze)+4ohBxoEyy+jb{AmSeC{u6H#H_S@+m!bPw|I5Q^6YPk1qX9hmMkJ*3rnxsv@ZYA z`u+d3#*|?Yo3D#XS|eeuZY01Si)yb9*Jo-1zPHB?f4bqHVPo9=RW||y##Ce6cY@`$ zv+w6^kh|r8ucsB*N%W76T$#%rl&q$l`&;X$|HB$T7op1fU06RF2s7N{6}xv-oCCB( zKwOjX)n?|qUDp6Dcm2Pm<@}+}6}7>ZINPp5)1Vq*K63Fw4B|V2u1*)wiC2Zx|%~XGj_B z>c4tpsq<}Jiv-x@xe_juKkOekmHdO@Gb?ICmP=O!Gi?u3$F!plLI3i>5dN_VNDiY!OWaw2 zNjWdSGV)FIxjvk+PS6n!)b&a^!$RzvATXnxCWw8rh7mmkECrI@M>tS5PCZ*6KwfH#@rjNAebXbQ@Gf<4edZ)pr%?K*ollwL>FwX(7~=%l>AUE#LCp?zS}fIplr@{D+#w4L5* zoRAK;M{}52lTtapd4QdzGb7vA!{$+8<*gCMSkk~$wa{ypM}mU~AqpehCQQ21YTuba zlXbj{u0Cvcdvpyn%t6)nNK4)`N`l`~z+w<3$q~g9Nh2Ul9=$+9-?X%uKToUWnql;1 zyMf@y*Fi=;2fND@-?C0}=@jO;BY{4*WvlzR==`7}kcc4UI+ZM=RJ^vStc$5UYCI>% z3PS-UPUoj}+p((*_4@+0Gnwmfdy#CXWHA4xCv`rz3uLBFH_m!kUuVf!s?RE!#D=^; zkK;q0y+w|^+cm#-7rU{k;@vsdi~8E4&fGUfD(98jgN-xNWrd3k==I^c+~61`; z8fK4>_CCq0&0e1kf*0g?zK{33g`h~!qjM1cekB{(7H7RHu7u8qP;kbxC5FbhS-sFA zJ*0vBjn)%R=d!tKavD~^#=($wQWQgL)61`lx-2bm)tS){s947ed@iU%^HNM~KBB=Fnz zHTTT&Bv1U7WZary5weiI#emCx%YjFn+$fAb2;z(;JDMnXMc_9a(5%K0f! zE$dEC(L7qiiwjt|qCI#yVwpyJD+lmjS{HR?m&)%73Tse?c#Z_pWT?%ggUAe38Y635 zNlIA`T{<{hBv-AgpAHd8eJ7|p84QVgD|q?)=7eAXADn5<@C=)W=T|#BKbdeL z4{Go)K3SFh@%crob-Yu`Ql*2w9@IIkN_5z{o)uXgUqu>gi=JM5Wd{{S?C27L7WbAo zk(vHAP`JS?%e>2v)QC1h2&~q+UU2E?@U*~vUj?coGn(wuM(`JFP3#$CGG{;)VEe|T zM5=-UVL)VsR`sKWs^KQqYs;k`sxizg(ewT@eq29)g5C%@NaV7iHxi#k*5ZJqTvWkQ zX5Um+rd1@wsb#LYE8QvBZP7XFcb7hhjCo6cF*_Ow*2Ecs?aCK&mu!DW_sO^#903eABw{3H~N|ztwf7s;BXcf zA2b)_nGlPk`r?i5Th5>UlKxzV zdP)C^U2fYTGAQq^uz#3!j(L4fgnJumOu_Nn$YOq{cfRx49!YBz{b=`f4DX2(j~s?@ zM%YhjF+)H=iYgk7j%sXt=ppy}%qllGaEtLevL3bcmnIk_w(Fck^*i~R4pI^+rMWqu zzAh|+A%=JYD83HT2$zaa{;VBZeo83e>>xy;lTK1VJaLY7h?GndNQz1wQzTvtuhVSN z1c+(mMI-8r(oqdT)BcjAi$u~1nzL;S8YisU& z3|N1dhmX$*q0(5%2SL&ZZ!o?vUBdwAKG!R z84mZ}mggU!B5jkqgQF#}Ml4O<`+2Gs>)<;?`JqN?0fFuYVteNzfz2{|ZXtQFp zK&z6*IzrR*(>@lXa7N9o`qc~nRXJky?y_VUPV5S7FS>33kv z)TE^!r8_+=Y*Eo~w0DTJ^LV#QN7`WAIeenBn0xd7=;3_{jibFVLRBqa3^VgOll`)$ zMwlb0+xrw78RQ#72$XjXqgyty(D-r!psmKIP{u2QSV{ecI{MCdV_S!n-u6w33=InW*|0NIOPM_Y+|YjZMJR{Jq(IprSW2p=uc!779F8 z^`C1%hUAhb0J<~K-=XGG^K9uLJ7uMplGB9d!xJfC&`|h#` z8Iu-n)yqqXL~AC7<_JmxvXPtyuXQIwHrZENQB}2&#Jc&_5{ph$v1{%IaVt%sNj47K zvF4TTwuL_V)@3-~Uh`y<>omkkf5Zyq6ajT!1#k@pN19E)DkvN@!EX`6g$kwiz4{$! zb#;JQ{c_$OiU-l@l7R5sZwajbcpL0@H zS2^lG%gUE)f#mCkICT*UoEJ~-deX31wd|fHfT@>juq1X~uVr&IZeaZ<1&MI)ju_%G@c+iuVp&!F=8)(ta<+^FZ zZM4)$eV*0~jC9>mO5WR*xBGXG0!gyWIuvojoomccH}o|d2iuFKjOkL&Hp=@l#%~Vs zkO7fPn~wXlI(j;xGFp8}F6Rlq7ZbI#IBF+Q`p)xKQ@J*`JhRC8kKXNCOcC7X6Bo04 zv$Ek}dmBCdPP3>ejT_&*cD?7Zn@k?J{;d{ZI^-kP%lg%nU*FAb<3WXm*@cpRi2fX2 zK9`8&a~2Wyjz25ub(At0wID$Q0)c>_u~_!FP*K&$hNgPRmC~_L9q6MJQ9mBWNxjj! z`37;V#Xy2+wxZ*t)~{h!{h^>bS3`tF4^XE9nt}YrHlODs^odv2K3Zg;fnB<$bX`s1?V$H(00>9-Ok` z!A9RD^=N5}QcC5?0I#Ij3Knj4903Q2NO}alt}Hujf=nn=Rn2Tw>et!B_x_3i|0b8% zw}0TtA8-FJ#PS^bcmxN2SfoZtEvjrJr-)71@?zE|!ga$KvT7^?gl@1;{nQh|skqO|v@wBCa8(#HY=+GhqH**x_ zCQBv~3Fe1vF(iDd4dlK^zRZS~Qp}sA|iWc=TFn!gV@Ccv*xC~fuGN9@GAzSax6eP!!^`)dAv zn*a69e8Ft&=N03QDfbqB`O`<&`R5N`X<_H zOM-s))B?&@2s2ghYYfR<*oN;L5oI6yxT8Hqf&8VozS9n&b6g?co3(Y{H*)U#T3&#M zEYg@h{|e!3vl2q*oMI*w6EzcUz8<$f-)i7e|6wP`Ze!mz`_@RG#OcK^-7G123vkHi zy)tIC=|(_Jh^kQz?{=+7TBh}W=~I&FM9yW6D>Sr3XLotc-2SkaUAvB)E%RA&Zl-ZL zhD?7T894vluIaZ9cV0xG;0_EDU8?2{q5SpP+=yr>2tj5Tb#1Ole*E0TBkvW`f9w7Yz9=@rW1wn|5n|rG%E`)mHeiy;pl$H8IAF!A*TK3hBfIjC zN3zRJ0Uwj*v&m$vo95&4Ds0}51jZ_Cn_~sKGc|r)_U#6et+GAl%E-7uLo6mSXnZIh z_b6JawdH^GoE%^dj=peR6Kv%KbLzK8*J6iUoXYu6K9C0tvwMOTe5X_6THda9#5vU$1N0l1 zJL_MpC!gJ>{yyb!;{#!!`N=Qa>c-<&E3cM?KTXRk+EN*v&h?7*?tR-Y_%?5KohUYdgoDAqmWhzp|PfE__A20W856vX7=KGL=YTe z<*Ovs<>v5cVC@Zq=dN&YpfcJGVs6F{Q`4GHDg91?kf%0MQJ91SILfUi*Qh&|@Lmqb zubj;XOM%VsV^Uqd)e{d#hf`QgtvXhX6j-W_9@b`&c8E4_@`=}jZ`zqp$~cPOx0~xg zG7oBeweApxhCP<3E^E6_PBisec?tFj_K>HZ^ud{YkSv0Jr5Y&8^ES2BTony?qH>2e#F=E7gSc+6JG?cTh znpvx~TM~A+wi<;$X>4+|#s|d9%IdGEVIv(RR%!yx=h@5*-c1aGcHR#5bPC7FjKpzx#d95ssZb2Qc{w#I#PA#OF%GuO9XXp&lb@4*Ei4yVQ` z&8iiHaN)2#PM~KyA;NHHXB~)q49$H@GSlQrT5q(!`qlNx?2UDqh<13^xH3B{Z+vg` z^FM0c=)_iD85q5a-L}GZ_XWo-5WOa01Wx^$*IMkHd)cT>c*vjY!F-Ia@8jJ4D>YtX zusf{9LyD)ldOJ_oV%tz@Y=APL`!&GhsbBR|6W@5kF!9008b=f%W&QBjo z@7ndl+g3`{)5W}nT*Ha!d5fEyHPgsEBv2uT|0_JDH)r*u2kSmDI?s3`n8#XpA>ZPH znrN8WUaQnAFkJ@L9Js*m9!gTyu6;GfqGV(o?$qx-H%>9&=4@)sBw0D|5njc6d+o&_ z7>Js##nB{jco*7g?ym%79!k5ELCRVn&!lu`_FGL5zJk|NhFUZ>F(@UyoC#s=Oy_}L zP|g9lW()IS?{-}*g0-$hok}jx^*TECCwMM{C_no2-J(&x@8&Fa?S{%-HHBbza zKm-|0f~gb`xI2|5FkjTWiGVpb=@X=7nmmTfv$~BEtyXeC^#iw)4?iqT4EvBIFnrzYKlN=Wx-1A{lhDZW~L3a#sw;yVnvOZ2NW_< zE!o&-0|77WL)CE-y;wJv-|BZCk*rKJiM}_#mkdVQ{Pw(mA!G8O(m`8tx7`6{8=DKs z=b{|b=qPH`X#oa)wNB>8-%-@FVm zFUS{0Sk0mA+A6lpT{5QXz5{}U`xiRwr;NJPB8#jV8&}6SbyeST9obd+{V+q#8i5q( z2wjTWfyGEG?{R5gt|BkqTRgbxfzoYjIPmaz_4taYMClgd&_!VgP7Sk;GiIMi4Sh2? zx~j0JY^QA_gE@_Qd*{T^9+$$BIcV-ib9ZhhGY^E9daXQ2FTXb5!%nA1eD~Hcrs*!_N zNJ@U7nsuis+^w7dmkq1I^DkIXy=F9$a;U22N4dRFpv)^G!rWASgNrKe@y^={felJ# zSOlXi3aQIzZ91X5bkV=P$)ObXyB0d*z*6xYMo^1)3Q8x z675ksd@{Db*qwLo6g$t1_MTQ8^)=okW{6g$BZN3!Q^j8WrEPuNok&;`$+Xz9FDpNo1#;bllWyubrjsC~RQ!4a{KkxpY68`37AFd${d83=$b7)I(K4VHR= z3ii@R^59*Pw$pIg;jAor*7#TO&Y4}G%{n?dA&puC^p)+&~t@)4jh z8dmMq!_h8)6Nekw*@nye+}?5Gj$Fd+_jg1T%YQRH8dn=!-b`@Fk7>p9Y|e$$bGDa( zJ%PWQb(i?t_fmhnfZ&y*b)|W9+ijKY7SL@4i;`PY*!EXW92YlaSavQf$sa7u~?7&z_&DX>Lhv{wV((P3wfk+ss% zXtV10bR(Aj{8ndi+vS8EdhQaC9ClUowg&Ks_h!gJ}Sb4Sx93~A00nBnKgsZiGd91Iet6LgZy-ffYUJU zI8Re>e%Z)#@Jq%ZAdd1lPuIa(2|_8fiN;|)lIdvS9UqJF^VeSw@~Q(=lE%<@)s_-j zj#`lIabK?Fv`1WW57C@^7JjDO%bow2ocBt%#I1(K3zRVZIlyIDusz-Df_6+dIPVoW zD>fi%>TH^*c#q+a)e=rhUHk3>+S6$OseU~7jTFTbCy4&>|dRbY!QG2sC`>8L%6EbLjCS*X!KQbW$;iRya8Lt zF#~}tQ|VEHZ~sfD_Nxqnx)pZHchZ<|a&~;5yxlaLdpY+uZ{r?0)Fh1lvDt;V0H3z# zT<_bVpLLyUzn{6I5|`1`$BJFp@>+xy8hMmy87-Y9G%i;d>t17P@(c#Eo$Ssuwi<;( zB5Z;LvRqcN%tr5=p1)pi9Kd?%3o_G4e)?cMu1Nsn6iE_$-#gn*Zl1mr)bE@AvOBWO z_5=kfSZ>zEO&cQt7YAz|0oOHmT9jvj5ym@`hE)vahZ+AwC?p1;)k!5K2gdjr@fA1b z&0nYsyD!d(n1#2Q>>I}7oRl)Zk%8QKG=!KoqZ_{M?N-3_tMdLT=Q*01_zG})sm68a zon8>=F$;Nza#|8e<%qpvFHHyFu{$QYZ|CSz4?$8E zdqe6J-+XD^-UFpoZ0B}*`X)}r4R-lvUbkkohsp=IbN5oliZjYMCbRx3(#oU@jV^Z+ z!)UyuVJ?F!YnaB4_DXtq^Ipkj}h>OANZ(&yk3RtJ z;xZhOUs{|Wx?@badg(PQC$=pE$uGW*&1iNzy}1@!le)U4bn=8u_)?0ox$yU9NSEUw zj@F$;?$A(YU_GB$KTTIv&Fa1>(`a=+d>CwZw}j`;s-2`#sV&3cGh3aNu)BRIUBi}% zZoBKLx&E43RM@_g&$#kUmw0$7Us!W~c;;0uxA`t-*kq396d6PSNW4RiHiJlGlFMTf zpCg0rCVspTrxB5HR>!#6OU0;=@kd|H14Y%frvl?g!1(b)z3BUJ#ESn6gT-Q@?OW{B zeqdod?iY^ot+|;nlWx3+`}z)owvO18K}f$R0RvG1zkOcaY13>2QLgz=c;6-h4r<0? zqa4&A_T8%w@qXC>9cBBNPJWdWOPMNlo?3>AZRhf7%;d!B?^`;n(`xmDmJ(wstgK+t zu&-hHmFp%6nZ?2|gE{IZ>r&V%6ULU77yIDSl|JX)W3Wi`G!Ys+rcjYy?rS zVc*Z*Pg{n4JCmk2f-9^8cC0s-S_+n&#YFBhblGOKfU7$}uu=HPT=icQ{=;8DD6~N~ z`l^9J@KBua_`|KTWgx)MW~5-yRjjw~w}t8BZF*6+GC4!I zfs$J?UAepfSd0tpP9nfKfQWk$G@qY_a6Gi2pzXn8*%F|{i6PpQMx2^i`G`oWMKSDA z!7oGZcI&vnxkabLhG4sob2Q3cH*_RD1cs)vL^0~t;EJsmky)G_@PDf6q7CF2y z6n_Q+KR1ppZ6o!2&KWpl_zP@2m?KWo`XaGE;1!LAIxjo+ytG2QY#7j4L{ZE-5@HW^ zUatWt=d-wx7RhwqZwin@m7tp=2L6Hd&jO2Xo+x+c5!wcW5Keb>s9l#RNku7AhXr9` zMDI(dLdju|n2bs+MWA~)5UU4=BD&T+!4E@7+tc|Osz%eJ3E5{6*33F&h(191bA&}P zY7SEgkA2$6evP}||E0yO@T=75o&<$}he8hQlghhH0#4AQ^%#qy@ zWs5U`b8~&o#E~ULh>iVpj1+0s)o;BPSffD_B7#I-Z#rEmQub@sAZkbWDc6It<$;Ah5V74J zQ#WXE8737KBzHdh?&a@v!!88`+|X+E<{k@u+@gKgIn-|gigL1p&i^vH;NE3r2s_|$N@}cswFv*D2m4CeKiJ~ zyT>aq;_Y=v_SY$|mCVbQp}wuh>p=a3($S(sE1JJrn4zawmBW}5S*rSm1fjM_N!<7224x4F`x@|^Z1tNEsyMgM` z+lI^H*}A17P)1HhOI&Ol#cy-1hwWm+=WLvIAsx!EfJsc^15vxVa@xEk3r&FeS$4S> zl(${oZ8W(SwWd)Xk$KvSNnV~RA~+))7FxdEja6m&~cyul!CTvnLH0P!R5y(>TPc5z4I6i`=T9i`bIVw0@ z)Yh4>lS~YkFRZibrLl9GTq$5vzHjCY4bYPo=)8GcA3pqLP$7M)u(6jqCM9sZ`2a-n z+$;+I%g{lavP1{g;ezsE$@R*052x?Uzwf$LsvFP)w@y7b>H};D<%EN ztem2l^;$RT;FHVyAMQ||Ei^4f-3sRmPePg*Op{uFjeyga*rvJp!}Ve{YHb38Id>$E zpFbpTx>+U&oK+ z>~QC1uPt03j#)Zx^Ya?flzi5HnB$4dMcBe2+L!PQ+~d-sz?c--GDw@?#j>g&DZTE_ zU^#yq0n359CN0jDOY1kTj3-*H+1tN--aOooANSd4u%IqW@d>3<{?=zUf8uW5rwNzfw?gew8$3 zq&%Cw&qIx!F3;K2f{-}>MawU`FtC-ynhj#FJ@6<1K$_mrts634-qg}{K)k`Ko64!R&*>~aIIjVC-m zY|@Y(^v$_pL_Gt$?EE}(4AX4mEQ_|6{XGMzO*Ati#EY{!`X zxdqn-3{tE~Tk2>Ek(LHE7_)A^9gJsnrjzUvv2Gfet}jQvpS81|ixJHFx-ExqEKYF`P8IenigU{^U7*Rzg5wUNGIu{gS^&q6(QO%9RX)UC>{N?+j|8E=F@OE zj@D>AmDGrdETkCCCi*6S?{U`lYS~P`d(~l8O&S3k0-|>Lckf?w)Z14%=-*x#3d>?b z)7&a={t^ebfd+AIM4t$d?sz2>o}09Gwwhutu%+Mg_vg?U6M;j0!mGAo9z3r34HPU5 zCQ&KUZG~CWGTmQS${p4l;B~QzoeYA5uo$UkH8V^u_*qBD_93cn$rlmW9s_pVL;pE6 ze}Z)BP6gBhu4J};(H1;WnEM8r`4TOTNX8R#MGWR2F} zD`)yvC@H?Z7a+%znXPc)*~6TJVXlclEnO=sjFQ=u`sJKP0}N0K_vGLxRNdVCz%Sq2 zZn$#CpHk^|h{n7|M+QIAsw34l2+ifEO`%XIQp0IBe~_kx+JVgG%Plo^07$KGwMv?% zz)94VkehU_-#lQol4IN#2L(PavN^)T}Asf&N9wDiD7Dc|4im&Aa-ASA`K?Pk~-*&0e;_JVl<}|@6#?)~|4N&~c zGtvb3-TtBS(5W3m!7nfE2%ZbuzqGOsK{y_fpV^{sYFX^b!GzBYyCOe(*m$_D3z|L_CV_Ey#~%=z*3pM zEJA>7bO*@3IaVRlW7I1zlI}jM>K_eq*-5+jdLcJs`Xm%$mTF40)ntp3#%ho# zL;4y{Yv$Jo4?EkdakcuZhqb3odqL7>Q?!sHd6m9OduP|=vrTUyjkSWV0wK?R`t1x6`cBQ)@f4ovbCd1m}X`mHt^1{&dl%RBy z;{g+AK^?n#N#+0y;#FlFF|W5lALRPGRpI<3l5yv0Q&CWpY44+(d#~(hqw>nwPf#_X zT3wr`T7-$f3e_yCdxGN``4Se>`eJK-Nv5siDwsmjF19?SeUg0M1#+)l_It2^sAWtX zC@fruLZ>`Ehx?v3#MM=n2Q4l6cORi)erfrX} znYQx@0ex~;e%2^m*b>`NY<)5wAbp?Lczf7tSKSR4or>SIFOh`WGJ=*MQu?sNZApA+ z_8=dtI=Ud#f46H=x;YGK%r!$3K}T*D#AtCVOG6hrJ7+jrEB2vHW~CHLPPeT3c+OY| z%r8i@e6PF~J|Yz9Y%uFO|0{na?H9F8HLIIeUhBnB5rV+iUBXwC>PMQ#$1}rBdj*ha zW{6TZO>H@5SU9JyJr8(VFj932rOHu>-6|Gw6FWh@tGNBRce|3GMSb3{acLFmcsYZ) zvejQHcYe_6w^9rmT#t{L=8lj!s?1utXc1;!cUWguXDOn?YKqPM)d8TLY*9JrGilw` zfSL!&^AR?|ATlAU1CuxvwuzRT+D!%Tz2EK)Paa;r1-VuBr2h#LLQua3P|lS&Y#B1+ zi(>#PJBuWzfN=S)hjkE<71ACkkh<3R`gP+gb)$#N9t8_^AuvcMSXx?INm}J0=Fy?r zLH-p>rAo=O!TJsfrh2qcz0%R!BRW;E0^~iNf9&=ssR*gz^0F#j3JEi&emOK02$5|j zH%}q}&TI(Gl{6jSh_N`@))pDW*a>&wZLI5eAb@~<K{sL_{HYoGgtdc#E z62Bwmv=~ejxp0`=yrFHEu3vEC$ZTVv8iv+rPVAA!PNQ)UT@h`3x&5oMjX+6ICqsk` z!Lf6Ir~LUSsN0zIhNGigMNL;&dKX~46Ct8GG)sfgpPc`_(L4AOUpMi@fwuX}uYn@L zEFWI^QphV$z{lRwD2^Cfn&&OM+~=P?Ue4bs;ni-231H4ITY3`TQ~T>gY*}S8Zd$7zLB}g{_UbS)nv;DvKoy`Fye2xVDnmBCm}o2af|Ktl z@!-r9=GtcS`Nc>U3&txKt0w20_QIT`g*gtG2U*V=QG=P94KDdMgixShL_A0RictqT zuJw80@W#4q-tkIFK$h--%3l<#`g_OMWY+b1C}nrZq9PiQ&0UxR5kn;o>$O3%;>F-# zXm+0`AE(J2LC9D+YH<>S?K|v67QDnC$Gw`eD>;nGK@Mk%%EKBrULBS?LdJ-DbBfJA z^C!HK2J?N23k$0ao?5)=OLI02KThO~~sIF%@tyk0s~R z&8F$m;nDp+CSE$+td=*P(SZv%tN*)Zs5VZtHs_D#y2}swBMQZ8zIfFACM$>4&QN?m zO*6eGaGybuLpB1d%`&E#@~vJ>lg6g9G7J$6LFgJze-jIMhsOl=ErVI((tD)u?`No%K;WZ-a+nluG_}tOD%%v* zAp$#xcdX2eJv=^U-AbF9?1Xi0%`^SFR8=+U@f6G8qqjs3gCU%{8%}l>-9BkY+i_~u zF7A>j1by$6`LgY^!ZAYLy0S!+)LL7scfb35WhZ%FU_bb7S3x8io4W*Zw(mk0U7iLd zI)1J>h-5QFPK37w)s2X{hyK9IC}(xD8`MNt2=?oIydk(TtW*6)Eno7hnZ80#@!}bR4V-_HBVnBlJ`rI z-)Us1U~UOv?R#Vr0g{puN~z$LQI*+01WAQHyqBXe@#V5efBkUuL`{8Zufgsx#*GtU z3J;T%CnL!vp)<6a@NYINbF+HH1wBI}m- z%}XG9n3*q_q9iqi>D}M<6A-lb#fE)Y^SfOD>Gh@A1`SKMHA_La$^ESc)=rUX4kc$g z9uWHb>ylne`^jn5;oa9dlZUi}2z#${pY;fP>;3Oa3evkI7%9(M2talmp{n&NiNI+; z9HF4R&eiWkI4lA68`sz~H)7b?{R@G1NIj8Eufhm6M8%ruQzL0IXrD;~ZyrF7<@i?A zIkqmv$X-$MuH3e45iY`4P04|oLUrFI`I1LU1w(O;VFTP}kxzYJZJBf8G(uoyTPHep z9wA;~{&wWSVSrUc#fIZAHzi#x?AZ%=CY4-i+xqoD_KCpOw+Ev?28F78^#Z2tkZ8y-Xpeo|;lGr?5@^u)HXz_>#SY`_ z^>v@8b#Iev?8+iEM-wbE1s7jIZZv*;j!!t-_}AU{cfz0gCNAY#Z>F{sEccDaA~r`i z^Ot(cl5%-JeQ*FkNd_ihEX~q3EH^2b7fI{Ej@wFK7g`n(RYtnLI1~QO2eLr(pK^)* z_sl&XcKEMlunt>@4ca&SQzGRTHeUV~uzaLuM9aeEy`E}L(O|>H9v=5MO92c73S6wK zszxP7>}1~Q^USUS%FM&Nuvyggj?)W^N|Xh1 z`bYYv4R2_^GB*vbFpG^7c>`F~EI9NdeXQU;7EvcQcF1u67TruP8R7z1G$3Z!gGclm z04ypuqdzTm1hDAIDi92C1;8TtHQO68H!|O2(O-L2sv1(ZXuy>KScLH+ebarp=PiIm z9WP?ynk)eKbeuMKKZXq*i`!^4q9;5UubZb;C zzyY}Z&n3RUi_eh(Uai=cm@^yKu`P=-F72@85`S0uyu#y;g5Lx#c zMRE&{m7X}5{37XdgqhO2UAGLYjFM0i0zg%;37^r0xa%5}E2RX{R@;fHA$fa{?txzU zcJ$IvPFS}zC=Y)3gZr3~`#0^V`H#;1|7BVwWXD#IXdieazT};1l%CPr^VWM-MdJb# z);#jsl5q7#-)L|25WYP+E_K6`j5r3j`hxeE}zDS3fbCx}VD=zjTT}CvY zC;WUsfAvIBc72NSR6Zp1eNh4E++?BWpmfPs_y{Ov9baj2@_9QvBtO<(b1wuTna3tL z9$MC}0L11+pLRA!{`^~0a#KwE?Q4Qyq|DtG_M*$?#Xe+X5z^rQV((4hn!5JAZ(7@W zoQoJxCM^g^5ELOmkik|45duaCks;7BlR%ImfDBq~MF>+t#xSS>0!c`aAs~rBtIVSz z34uVMGEWJL1O!Ci-E&TRZ+rUQ=broA=Xvh?yf+{H?6t!FueJBi+H38-*8l(gS*8V! zr;KAxW*8Q8FA4A>P}CJLO%PA4G zM5hQ5;}qFbP|>csi;WP*+k6u!F_~_VWib^4>A2hZkYgB_`_BaTUX`3 zuN#Uh(%4(9QOR%zcba<-2L{Voc}5 z*!k(8edh_Z%L%&Th*&zh-V%$aQ0b}HZM<0CRb;#^$sbtFk+Xa{c1$LK?Jhur^S*Id zI0jdLBgyEj$RNFGF~rFypYnXWZmlhmoaIjCCY!8vDdcEg%XjK**F0vZzx(^rd4ufIjDCXLS2NjS0&H3sn~SSxUkRWTT}nK%J^Bew*}3ivRJa`LrAhB)E}|upEQwf1K`6yRQjx6LoKt9ww;n z9*wW>mlWUjjki?QJgiZAc!fc`DXt99R!-uL6U(o8Y+raTZj2}7bOkmIx&@Yy(_EjR zD*$e&&*`O0%0oRe4WLoVv~^Uckhh4i-0S;6${+c(U1$r-^Uxjre!Y7Zc?CNqzU&lc zeKN%7m93)&h%zDvQv~oxV4VuWCwDzsX$XCTy329jXa#43980n7lWyUI5niU$OMK#D zlA^15V%3T<4<7L`m@l~8n_!Yu z$E`0d_g0(7z)r%fx|qZKrtlaB7LTt&hMf3vRJMft(6^>}`{WO5^f$p_ZT2a*BwL+} zSFI?Ga9K!_v@{&v&6ETZ@4ieMJ%^U#4rETh5c*_S*Qh(bP&=)wisNNFtc{9cV)cO?PP1sdOqv!1X z>WXqeWHNrpT@(q$6#Xk{fjx>?t41Y-HNYW0GHL44 zIGF-*+9R+VI8;?eu6ooBM45B37_c9nsZk>bjX;}risUIxHdT<1v7Gqo31Vg}Xf|Q$ zh{Mayt;-2^L+4>p2v;g`p3L3d)o5U_-944k8BAwE40CRSr(C~>LHPIR8#(~szsy_V ztC|^{6E|nkb$9|1;&xxwPgh#Srs!aDNpABvnqFAPscQYy*{(z$zd9D_jvwx!vO#qR zsi|N&C!T&fYG!e1rt>dfW=%m5l1OGy8Xpq8%YBOyu%sIC81i(;N@bDjAWu25&)G3$ zf|Oa@k>M&n_lz5tQd*hjuS@Mh$Wto5z08??+xm*nkE{Jsi8z8js|w!Y0+w(OBa~)E2*Et($HI&^!*=ztPPfq| z4>SZ}Ziry#$*v#EE7NQYWnd^K4*_8CcfQtX^w9QxKpbCnLo^2uwcJCvDB26d8s(W# zcm%?mE!V+p`Reu}>r^`}cP|Fkqf&nr>Ab)ums8WAe!K`+JDA8qEG}L!H9y(m{j@ykW)$jPnJ1f_FT0tpg!Ga|0ku}Lx-TSYkWo|5T z!z6|`Sl##vLb>O)!;)>=A8G5Bozp$R=SJO-AQ{Tnm1&m-0~LoDlv$RA$M%hz3B<;j zj0-g6c+fgEyh_fNrlhn>J`IPk5TzYKuOecz6^M%j+}j^BD|=sU$A79l)S^|(0btnc z3_YYpXZZ)IO=UWJVjFyWu|=m<2Acd>-Uj9>H} zVir30{vh?w4`HhtHR{GT%0s$|^zcHaib^=*isq60;^WsJ5$3+k9$5@nnD)_gx`>jQ zOtYpyXyF+G)ok~~L@MPMXum`jmDCqh(e(Vjz^CEr`7k1lQGHtXJe9m+jb+4e$jJ5w zmkvWlEm|wCa;_}3o#x8jv;ScXpzv^0E_p?yhtG@)t>!z_$yJ`F(A$V7)3OR*HRKCzEWGN>vm-~izq#IO-vQG8bI>t5ZhuHc2>#zCaxSSAinA=K<{+c~V# zQgsU%ShXQ7xD|Ur{q%?qG@~9l#orEQ*NLsV>ky&+8I)CPEO@@j<1F~XucQ8dRtJ2$ zXn4BOQ-xYFB8i_gBEz#96tvk{$h}e2Y)^&4g-0I8XTjJeVXUB`{Sn&ztZAvcD2t1< z*M{MqgPMlR=nJ|~?o}t4!a}qdf$k~|vVy*5bkkuG?5J<=3w(37!>Uo|$h;qr)0O;}{2(S|=(`fX=a%tA%6@I@{n)tHmFuU;#MJ0Z%?W+^@yAq?y2zj0e$ z9Yr~JIOsdrJQ#F+tW|o6pY&uVOh=p+6Y`M;>RX?BTZo#hR{FTvm0-L=xS#9dUV;mp zp50eQ$NN>ws-LD5ywJPhI;RpyR7vnpk5>(mi@Jp~Y`B4$;&69A1V{t_GK6fbarRcW!WQnq==x}9d6fPe1k8A_OGzjyEaNna-$ z#bC^ng8m3m_(t9kX>y*v_%SW}U765+TdC?uyx6t!Tye%R#mDWyq9Hm%x<`vp2;nrd z5itcNsL6e?Cq~u>k&5)TdC?%(G$+~jBuL->VH$YO@vFY~_fK{*_Gw60UD}9pO{DSq zc-^<7uPtwW+WZD(gSuVAR4BfXTknoWYi?*>n;#*)i7L`i*5;+MQk?@*onq9Pp8{dI z$~Uk-YQ4Uk=S-w*e{)B}smH{`Htt2>&X))XhCD8eLeRoga}YPz-#>K5yh@=rPeeYg z=Vv&%mlE1%Ib(~oluVK_c%2Ka34e>a44Nax*->z5r!zr|{OCp<-S~Qe8XcFm zIGSo%n=GT2pA6G?g?LP-`goHt9ApX3YhDy_MH|Dor%xx7GKF`~bvYocJrxRqH=&%i z({EO^&_4New6!YyxXM=}a<@Dh0`QN}-b00y3~b)hVSPyhb}k2_WMNM!8`^Wf+>$z0 zgRMN{90F#zi=>-onZ!?H+~v;I^AMIwIkEQx#YcDgjq?^ypb=_{*V{~jtvmTAi>8VT zI#Zn9ub#Og6Ok9`7}`78sS`cOxypiU`iHqDddx4ldC&J|bn+=7C+E3B7($K)L5FXAhu3II9x&2M*z%Oet9Ok+Hnt_*s0%MQb-t_(lCIj?NJJ9e*gLARWWvS@Hq* z;bt@1h1LeeL&hxUaTNS(CgQ5FqVfk_te%_e`kHOJtn;OA97ftG4C+SuAmxYvby9|I zU!Q*4?v<~!y5wI2xaZ)Wag5FMOEVv--qAd46F7S1sX;IQRfa6=yl@7F_m6f^;kJYC1gkt8<bC2n@T@f`_vVi~7;l>uBGKN~>6|K-5f> zxY!_UeH(f%x_0_!5=M+mFki&3d37$l&BQjs=~fI-#Nx;0pD7i%mzPzv495f=aO+W0 za<8l7>HTDS8s07_cf=f*UI|J?wkMZJ&-xQ`bc?y_SmVPDdjiu^Q2Vej(`d> z6-kb8vfN@zZGZds8h_dR^G~(FJNq+y0)Eu4TMMUnr0z93CE+ML1xuyOa~FXiYpE=K z7%jf5?z)@V1tbl?doDKkh`MDAXj3ay22$fSx?Hf(>d zb%&}V0ZKZTfx`dW~`dV=hURenHKBzv41A?(qH>0{gg9M?bl#XyTZq z{ohkZ5B?WRC~AswP9}{o>LRj5;gZ@#8g}uP;M6^2eIUQVnK1dp23jE{tQImD$gB+g*k!dg(Atm%uNjwDvJPFgAu==R$ljFv)V z9z$9;4Q2jrYli4rATTCV1No831#AGwK}Gn{rCBoi9GE+c5|}q&@)}XotDbF8o$Tt> z9c~n`!rj0#hrj5i>sAk1vW3c%20oVryzDIqQyrf~O8j1XteD|6sdscf-8>&hAE{d( zYO7#HYBtKLS0p#6=qWsD2fvige|hx#eyA5!ptN$zw%#q1Jz7mI@01lN#E-`yA&)uF z<{b2^8&49fnU)?q-31lnWe9{T(%qF*XyNCr_tR1-2g#_KSZctKk`Xv&Ac;xd(&wD# z+1aD>^FK&2{dCifyBmF@3?01M_4b#j72g@iN1a9>>XXn@v?q?1A#pEGCtWN}4|jhn znDGjr$~VG|2hag&5V&+cNh3{HF>YB+gd3p@<+?;Rl9KtS@`)Hcg{0l*G)LQT)YX$V zN=q5ARb9^BK%!RdlMP@xr-}|uM@?&!FP9ZW+TU*+%mB-t**Z_v*l5^@NsfKn25sL^ zoH`z*b0Ga2*htf@NKAoJ|D5~yc)v!h!p`^#yM4nx^ry^Zzs|qkp#S`f*A=Oww~UCL zQ@vQmrnWi`nbx)c_{jnMm{0OUiry9$Vsh@Bi$@i&la<*JWx>{GV@0s@8Aql}fe7DQ zAEZbnb+koqm#|rq4iD{RsLpd#czT|;7??-#H}MK}@=iD+Dq+LN)?r^3Ut7O@f5=Jf z8tBys_n^$XAQYCqz}p;m*f%17X|{7MOstv_!^|d^F88*LG$3?2&!tV3LG}CwOHsBJ zvz<8O_(95Eg@U0c<`EW>@=5uLy{-Mx{#>ei5bk(xWa|CVu*%GY-X#?3Ju@T+txl(g z`z6R;5Rg3#p6xR}lyk-e+H1t!2cIYUV355_;QHZZA3uUl@Zgg4!7PON{ zdF40#(1|Itp}OoI{E)!6Lv@5Fi%D`>U7CUI9}c!$zk{YMs8`l=E%m&@&XpnYw3thL z^*7n@Ya%(z7n0f|;{*&v_5AP~hp{$MfuQKV71hR15^gtAkOjCBB4j|8didrX4QNVl zubsV`N87aJz_Mm-ckdQ)ut^K(fV&T6D_#EK73$d-t_?Ez`bo@5+fCN?xN3jP4sp(;h%GGPubVRd#pXdTGC&HpPWeTZfD)Pk(xnAxsjLw4YKNq{h`GvuM>7*U3q*2 zrLqm@npCtEK#gpCIo4|*SZFb)3$hqE82#))f*`cFe;~BFR=ZzuG`LN9%Xl<9_|xvO zISayo3k)#Ta@Y+>7=3}9Lrym8IMV%XpXf;>-F$+SYA6( zbvPu6zT-;U+K3hs^yI*aNdr6D!zmVTRr^QQ`1Z|yx}0AzmH%0&CqVZj#dr}9(BW%5$QE4|it(0TLIOu7-RdFKAeYS(N< zFe+32iRN$zL^T|JSU;u-1VPx#M6ewROI69;T7*D?i8(uqMQn&ggdm;zB~K`-KMB2| zFK1Ii;UNlViB&DmKJ|9Q4^pXo_W}j%!McIN=W0V)l@TcfsC>E=(J;P(ACO3pd|@17 z=XiuCt*Z>mDe;C!?zk4nVHk*O<70Vk*Ivr#A|O_w&vlbJY=sTJd5lMImqfyIYVAv4 z`sat;9wTt8U1x2ym7?lDWn{^U0ZAZMnZbX8lLHaar7`pNRGp=@GP95BoZEwh|X)AV_pRHa?^( zy9`n|50Sru6jBydasJk@DDU)3gQo=eIh`eM3q%+Yb+sUmCsO?K5<9HF>Zh02 zZ3K-oVwhCQGM4Aw8{$n={oYafSbnQx%Ioa+ZnZ!D`UCv)%MDT=k9A+C#1SY7a|hN} zd>h>gR8P?A?c2@osf)K2yN~E9x8(1w5F08KwTtxB=}+9%Fmpw{Ub=~_RE+!(L*J^J zX0f!$b8>Gq)IHkz74tw*$d@fn2n3D~rBF!f{?dsvfIqk*QRNE_+nRT-N=2OIXJy%t zoEUVZV>QRNbm56;{ZhJ@Ax;#gn$c(B1ZdMZ-fV8+q4_In#~G+IRLc*mz#OqQN%u4qe?8^y1P| zky9#$vrVatRV2JE!~;4h+^pZ>-2vy|?@X(g%9yW5%Iol>hzL-`f_BZp(`T$3l0Y>% zPz6e~U>!3PFA-vx>O0{=u{U~ zzP(%5T1M6*?wvns(}hhmAR-zZ!bU(u`T650YtVWOKC(&nQb~5eRYT}gwqkV`>FEY? zUTd#ye%BuX?LoPigavHvdf@VS{SxX^HRGP}?~?V{sgt%rlr)3IW*g8QQBP7yZJ(pZ^Y+Zci+07Y-Gk07p8;zbF3jrJ2O_gVw4FC0n~g~ z^he$D-p2mVi-a6GWU6fbg;YfJyYD|@Ppy8w+d94Tg3|x=SG(qi=6_jw z`BxuhC3&d66Hn^(e_}QNa>%Cj`e;Ca=%eL-RU%Fqju!^$ z%=r9JAor6CzpL|4GZ&-(5)$+6|B8Q!(*IE5=l@ac`~Qewuln@gbFRM}58!lb=c6IzA-DZ3*AgZevr~yD+;ODtC{*B>}lvk-atX*gXH_Tc$8zEHoI6M z!)T52)<9~U@CX0*-%eAOG?XFd>q3B5Ouu{ZLF7_SAD#P(pec^pSZZ=;*&TKn)<`#)@56g+brx?BUIaznBE zBa53Ai~PdB?p?Qpv(uLjqE@T1Nh7j!yC`^=s;LnH(|hYLUY|?{r%C+*C;o>*f6Lxk z-4(ID*9@c6QYo`T$XjZ<5LMqY?!dCm#Klg4&Am()3#390ocL}3-zWAtVmu)?9xU#3 zEDs*-V~h)}#Y-E$nZv?W&U>Nq8nlu#$N!_K15m=Qo^OZkJh$}%K1hA!@V)@H%WVrb zAb8LxX>g368N9hT(YQB1=vQ&9-`5EAHr~PCZ9{C|n?6|R^jkl)0J+)w{`#yrcxQ&O zEr{2g>fB zJ@fh?HBw;xcJHk1l->{&XYr)uew4^n<4KS3`zssX;u+!^tyH;k+M zAk|>qbP%JzDOua~i`(4qKdV0*$jH6#6`21BOns0z7lz*74__~T6Ccc-xDoMy*&zOk zh*BXL8hTh}zUA-epSZ&!kEJ$(?FdvbB3+399$EDz{CD1g{^R!1-RtPwcd_Q2ANrP$52APS-@WX;iP-MJ zY}9RMS04^D;15*%LzRD8+TS|XlG&Q2t)I+C$Z0I@?pVyu^mbjN2C`|jWLZi#f!PMy#;7qM3^68g;If$!Ts zNYxsozdG_kYN750q@{Fhhx~5B4QDux(h$?Oe<0`d{$r#0TS2l0!{)V4EmI@!3ll=V zet#diJTQ0Ad$nrZ&9kX|jFxymqrN%*-$ugyc0>THni+rhI3(9|XwUmTJKXrg^P`?C z8p5(Jw)|I1S{B*4cvB3R}gkH@PiaK zJw_22AeR34-~tr!(aeuQ>SuQH>u!AuJnh3sw`n`-b0UY?txVi2gWbCe8z2CRL zuk5#6b^T8}gt8A($^&cDda=9L2rYiMjKYs+-&_^!h|Fe!EDBQ@Zx&Ddw*SAC0K(`F zaF$PPRx;l|c34My(yc zW-Ofz==rax_qk~n+&7%XwXG-loH5eVXmyR%7_>ei^<*nrn`a-VtGh{_dG^;uVz5C< z)QOhH<;TNxLk;WA1)Iy8*)1N6I(O?!T*?Q%aB`aEX2%lW@#W){OOSb-QA%aBivQ|m z0IT2zeqb3^Qk+RtW4{`ZZ(pyXQHSo)sP!vwz^4-oylMBE&;^ZtWTHq9ASoQp{c-KW z@2=BF=wQrjmEMl$lO4jvWA&`jiXGw2_S|_Hkos5kt!?5UJVO3nCkf0x6k9MQFi0wwJcAnHR1@z&d+#SSRSjZI9s&r z<)2{a^XJfX(w0qoMow4-@b>8yL2 z-Hl`0M;N{?H_aWaZK4`SwY>4XpeJKF8MPNg?h@;g{ML-7N!6$VI;ANt`QRveWkFv6 zIFO#A=Mxr5May>A(~cHeye^!KQ<~tBF1VaJ9f1by}o!MN3UmsPDOs6vX zblokklT`e|6&s#-|1|4n)n5%;;)je-@WB8z({4bXA*NSvQW_Gal1 zEzFcn8b@_*74a#dN>3@N2o4~n=};EKhtzDV&`b?+kQIQ|kz!%t2epFk)V_nB9d!U2 zGy(&&T6WY^ob?MenKNnbd~d=xO+V2Q60O#7fY!74+Lh&tuz2VE)5$Ex7y`}kxt1GW zg)OL{@L=W}91vv?9U<6~)VU;c`A6FIq!C81Layf($4w<`mhl!C#(VV<;{^~n#6DCH z=JHDXIw{S){LVt_LKqlTHaU?4F<2&~xdppNCTBSsTNxWoWo(tE3S$fTD%DqEQScrv zz%JDC^dQXkawCr*&=r)TEk9joe&P%?F)0mNUTijm{L+dv&f%>4a3b?b6~v0db`|v- z?dpCS3E-Ir)q#^a7~e_$^_I5U3h>6#)uV%y#X4s}zy`$Gz(pN1p+oKRV5%qc$+>(q zc0tT8FS6r|&4yY@!l84zM|v&IeXM*FUo42w+Q^DjeT2|U&qE}AbVdeZ(dQY||3#$R z^3iorj$hX2!eQ zZ~9GpPS@j4dmd!HxMENo+Xivx#nza1&ICIS3#Gf60bGm4EeHx(Ib0`Sz=ya}4Z*!| z{nqPg1Qq|Rhyhtv700EajN{Q@ul|JMpR$J3Rh%OlopG&H*k9Hgt^i>UTy*mcrr{M3 z#mxDwYtwh(&ejH&u_#q`R0MWQ2T$d9{xm8e2-aNP_*#Sj;Er1&B~rX%jJ&*5qF)Oo zdQk>`_*5*ZkEuc-Q&jL^dSFsoF%-bZDH=8fMHP*z)J-2MNk2w=Y^vhba}lA^^*qCo z<{c)f#Pop>$RSc!&5C`A1E_Dfu|3r3dhd;?=Pzg0AwsgB{#FuE8`dmM@K4j|Gdr}~ zoDp(N*66qK;(zITr(RR{cJxSx*L%>Wv?m->V8Rm4wIJc0)eh(2&8HrcB2w91@(}UO zStgj}S=z}%IqPTP8r#?U{g-DB7z`B;aTk-}BUx>5uYynuhoh-)^C^`M`(Gt?^VAGKrXU`|V0OmwnPy@l9-Wvbqo*gs{=BYALHXGU0ZG@^w{@{9D=PU&gYi3$wp%3n zJfylbHR24-Ck>;?2nsu$7SmW6Lt+v&r<@669wg0jUETb|yh4Z3pM92t`%rEM5+t?_ z1b26Yb|O3`!rKF06$a3GpNiz2f7~k9YK^7L_ng&+DJREZGsW5EOKIWL`OF zQcp&@2^2bDI`%3t@#{E+6J@P$+;3^p>(5QW{FztzeO5b$=wnA{u_Y)ROfl7I$>k}-HM*XEwZ|*jujRVFiqSwhdtXShhI=h;{zjW^Yudm zZ4?z1tXrE?yZOq?6vKU35(ANy7T-8Ao?ukWRvUZ;b3K(kkYbdgGXFYro%3u(s;(csvi#-1qV6RYf=LR<8z%vS zW(BFD*G~nU__E{sSG}jQu6cBXC7bou_VB9n5QNQ)p=&j#=9j=~<(FPw^61K25T49H zXNsE;{T7@X()y15+SeLktZb`gyIu#gl<2Uhja34sEwc|qU`o2RIRKAI7fOv$*ND_i zYS&X#i7{#(S?_un51~wa*8WYKFuM8bXt0Y?@`?CywxeQ|vzA}R;H83{;BW*z6(KFC zHbFFzUP{Yugac?@X!_F5=OZjXFUnGpCu)pHp){bRvD0=|(H52_(AHV-{A9&X-vwbb z1hW^1H++6nZ{Ut*E``)j)0tcw7d71eb1g|Gm&G5qsXmO+a#27?ca<=cEU9v5cqCGx zx2{ZnzxQ)?hw|>bZWl3u1}Iu%%sT`Ki$F99yz)qmiEVnR%K$mtkDSz@R#0av+aGG0 z{xu}>-TCDEzU$UQ2=`L@gUEa~vb+CeXoy&A+S>?gt-j>Sb#AzU=(xM6?N)8kX3B#P zm_;J}(2%V@Duu*)!ti^NSRPpnC2GhR0We$LG(Elc(4X$@ll@nIv;Rk?s@$*99l!J@ zRWZh^nQndclPNA2MNtB)IKL*ZpYJC%~LBU~ivIiSk)N_tviFwE7 zHcJ?z921{G9^}{;j}yIkde02KV~_QV*Kb6G^&9yvR0y`>5eT$S;3Sr(=pPdmo)Utc zdf;HD`@3;Me3>+<% zC=$U^+QMayQbE@Hy<=ta9(?kAw7zm2ezM6-nQ+^hS{DpnPc0$B9>lM>XRk6qL3)PHLq|b{yo55Yr`xw zSRFqCxs$8ho`dK3JhhIA*UzTv^Kko}CC#W-3)qmDl(NV}R%W}&v$*3`j!`i)-RdcA zM)<(O)p9)!v~b|~Ieih~G!H-#(ncef@UJ0$=)4YSYlM}m^z;5Y9o_^Oh0%%Ak+ZGH zjPDbPgmYSTd@2eMoQqgzwo!up&sR$?rkvdnOST!Pc0-asUn>&;xTRGOUR$kHKVROp zxJIIuRk|8~?_Kn?GNZHOWKxxy6Ay~^J`*Ie^Q64bd_N0l9oet>8TlEtc07Fw{up}Nk?lhKpWb`Ax)c}|+^j~DlUr(9J(6|pvy5`4eICMfvg7(HlyI^Pq# zNZAMp=Kv0GUkRGN<40`Jge<)!pr4_DH9>Z1eSl#f*yDFkVG+WUaKl|NG?? zKl+WrHyvZS?^x|+)eQ=?=jz21mTua?Ob8Q7zn3^vGNP4fzTiq}MLC9c4JDSBqZv*U z%Y-wnNQ5p7)nQ^c>7_R|aD0b7dt;pgL!`CSTl()s}JbrtIf}Jh}u%P5q+k8bz}(Rp?wF+-9vC7f?By)S2+WXE7q? zZ|&d8h(kax^os#OucKKK1viIEE~<%KoktIUR*6tLI^H^K!r80tolQp~zj`YYJt}3q z=)jhIhp%b;q1v7NRI(J#h|NVwLse8%mHd!C-pS?y+Q+1-++jI-@QaJ+0$%*YNyEierV@>wqh!p2)UBA zq|!*&aU`G%r%b$VPP|vvmq5cE>aecUT0Aq%MR1A47c+Fr@@c-&rg*=7y2F9!Bes&&q{vOj@6mZp+}`c%U5>(t?Kai~djpCh!`q}sM@G|EbFGq&zlSL#YnjP1;suNIgQ=2@<5)?w)MA-BMe}JlF`J-wfuAwooBT$6gjj`zzz_;eE1) z6KsOJwI5$~aKw;(?LrYh-oL2AzzJjJ$bBA{AAI$;F=u_L0MQouqIXHZ4pS#tpxd<~ zWR4}Zw#Ui5^tHu~8aSr;T$zie|M>Nzu7J7A0*#&w2M9BVCU>KzCO3f}zz>+M_H}~E z%%9QZxe%KhEh`c0uLgjhw#S|I*dT|}IxjIEp>W$ZWGA%r)H&w}@%4to3I zdmOASug-Raq(L8LoJ7PxIi}G{s}w+xjmmK7)0EFk-4TR>tjzj7njJ3JtMwG68iv3S zE_6(OUJ6eSWM$-~nK=G(K>FyL=13HM(DhZX+y1I&0cVa3i`MI3>uHgYU%Geac_qCt zHXv&0U*f^%B`AcPg>VT@#s_n-f&J?K>GoH-L9SKk74&?QKCD}lXy~1)XV*Jt3LQ8d zwlMjCItoeXNgAt$W&g~$_WTTji{SAfQ4Q`s~$t3Ic^*%+RR}KH!&G)MqNFNQ=gk zRLztRGg@lb2+RhFESY}8FE9z5a6MEMtUc<97Y}NBhC$iNA3Kf3y5(lvX|?XUc5W2#gH*D@ReOcRgf&TYkgtxRhv! zvzlBi^pvS%8U77iI2&uY7M~hRI`nPiQsAcL0JbVgfGYSKVlmvbV9Tt%iL?91^SHWq z#JL7!t4OEsZ=}S=;=Y~Z-X06z{j9_k+=PdZQYQi6;pSg~hhqbN@6)TRB7S;xP#A1} zs!_yy4WJq0{)%Q4``6yG9_BN@e!Cl6{~*hKeeo^8(EINbe0Bc6f5AU*qDMJ3;r@A_ z%6a<@X`Ol%baQXw+1RyeTTsnsW`^~5d@+P+Y(+%{9$%QqXRO~9_~BRhx+d!Clxp3d zi#6dj2JsXk^E6yW(aVbvF7q<&&;ZpI^yVKO6;^*fzckFLR!Tv!6zhRttmWjrm9)xd zK{yZuBD>c{jevad)m+m`1ey-Sd{8Khz<*a>X|+>tpY(&8V+C%vFfPP`NC{FU576PG zS0n%s%H}2bKjvc?3RcUc!^$Tr1_z%zC=50Xz3Ht9A@`>scX4Q*NPH%r%;~}*D)C6<| z0lS_#VycZixMu-;Y!}J-Qb!X=I0bjS*Fu3RZ6?m0u;=&<`vxH#;WI-nQ;(d>94D)i z`fj_6xD!rMu~g=Ll=0TLx#WTBfCWuzfKJxNH8j>~y=gn{b$`Zy9-B7d6q%Ux6yI!W za`}^ind0MvT4ZzZ^1E2~5CT)DNOtFR(7TPx1%hhYYigav>)Y^6tBJwMhYQ>tFj2$F z@(}2$jS3nN%56X)DyqD|q@^&Mq}?toJ{f$3gE?N3jC;@l zw%zx~0Od4K1e(+-3U_|N7@&~SY7A|6x%GLpqFj@v5Ei@UZ1N@{3s)8uN$e|GKdj;J z0(iYwUaJ!&tf4J_#V635FW`YWI}X_+GxZnVD>5qSNiVF#bjhG<1N^UKt#7UDo*z!Y z6Q*<=1ANu6P4ZDli;Mwc2{Lq4aGnM?eu_@qJ^tp0VcqUX#I#{gJbjPSlP)c^%PvJg z00Fd^NG(r1l#N9uyE&)oK(#5^*i*??_noc!Gm}Y$rpOk)(@d5A$Dm_aE$c8_Qx6#W zPLofNrmb2~aK2CE>{1jcsv$Q?If+DVp3sE+h38XGacfdbFT1E6?6mOlv+g|jE6VfJ zG-UOFH3j;(#R3hD$&L_W3SYoyqMODtL+l` zw_ID5N6;U81YjfjV%lrr+;e`a_Y0!(C5jUAOB*Ld z+>}SoYL4ZUH2vG2n+1zAFyV?U6Epd--$ZDGaDMWMfV!|0r~#WVFVC*ATI0i9XDLKU zdE%a5T>o~-tvg2Riee=PKS*uFP42mgbA|mO8Ufe~aO%5>XUWDLUB9?>@9XX6j}I4~ z`&Ra@-;1*36OB_tg~v}kwGH@rt+7IAF-)lGXy)2OEJDJ>RY?!+2Sxi1JUHGkEpho2 zRDWl7VsYh(eYY=Cy<#>%V!sIjB!RN7Xkb=*o%vS;=ZkI8rA1u|1xF+q?GhW%Rft6x zaig2BdNUin(D{jrhqkE_s(pVBPfe|9lo4K214%2onWUIpB1ePH?`H1LRb-aw(W174 zy_`#v?dl|~y;imKZh5V)|o6h<{Q0bQqAn$++u+F^&a;2v$rfLUTw5(O94 zwf6Av{a~5DkXX%Kj#+MBkkiIw* zCBF5Ga}XjTlPT2*eN=>#2mOLwgJGLehSOw=4!f*74S)Xo7nRGFL5IfKWA82rXSU>L zDH5nuQLT@`{k=MKltP?rSl-uAuvdyJYOUsk6jD^jC@NuE2Ph^xt zs^DGG4k}md4vy9qB)A>$HBBRM94tT8UPMEu6P&2!R$qSdN~;uSws<}^bpoB@WFK%l zV(hhD!x!DN-EJv;LANDuw-0B=;Bnb(Hn;C2@8HYM*+AC+)83g!HFd2EoVJ(RibD|s zq97FnBn%cqWE7_mWC$3NlK^38nUnxQW|`C$tBgTrh=3X(Kro>}0wgh_$P6M=h#&!x zIblXXz~SY-*LvUcw(GsM`qq2vu6zGFd!KdoKHvGyKEvMM_x(PIQ{ONa3`q<9R#s%T zKd;YCkCc?CaQiOO`eF&I2VOm0O7=nrK|3j)PFB-ETf)3*4Ik~&=n}HMsbS6l2yL2+ z%4KSu=YyDis_Sq1LV~z*G0|m;rToazlV-d(^T;p#HXmGWbdiL*Op>Zuy?w|&99R_( z=Rd1mo%ya$RiV&cUoh+o07&56;l1>yM>#RasomjT@59HIu#0$Ql)wLuN^4n$uv0Nc z?X9i)ay398im*mbq-z39XTYw?S8^K+Lbl}non=+dK0nZi`K{+B?qHe*q_3Dbs0TZf zY9ivxQxy}ol?LA1bZXO@3nf)QlsdjFbq$@p?cC7`>>hhNshW{5(ze|T$V^FzXqnqP zhjrn7j(;5Msng+~d%V775Fb8F=VMW9hdiO&Gdo#iVU2TXMO4l@{S`~v)3t7|{I0H9 z{&rzGqO%vzwRSw6`8CMDfSzSc@_+5Fg)uHZ>y^C4T`Q+*;mEqwQn{VB&mjDzNj4JO zmi-_sjfb^%53M}x9v$r&ZLfw>V(k+VnX@6Kro|%_Co*&T89G z^Gh?f!W-gb>1Yuzy@@V@@sNOw`RDM&uQ~`p&zDWOHRD^2G4HFVLg8rmYE8Y!3!!F$ zY?)JLCvHQ5qNZ38_&Zj1u@l+(`Dd=ZhoJ_2X>v}!khtd7H6={6s{loJEnQIuVZ4Qzhgf1QWq|<1lj= zoO1V6EU4{eD@F>DP%Snc#?(`3nLOE0{loVwy~cWsPS7m0##2F0#mbCOlyC5$mM*`QPC-fOy%=T<9|qXIx#0Q`_MA=>KlG!X|juanWO7w@@i| z{>@ib7uzJ@Y&%izAgP1 z&Gb=L2x=^QQ2X+PkN>d~YGew}Gi`9)-nzjzJG{7%9CAb;!cb4Z??=c3u-(bt?MJ%Y zH@rwA7t+FcFVS-Q&mW*G914Z`;JDjc3uU;k9^Go|helS7vn6rh$CcZYs@d!K`$r?U zhc;6W7W*+6;LSrkUu}d1Sk<||UFudHn}=aS5ukHwqWN8 z!KuEoa+uNZOY!YjXTt-P$j4C_3#zE)knosC`q(OFfY#%x_3CZ@2AHWss98Eh4S7Z) zTkc^c2wHE0%QF+XR0wZ*;V+USy1JxatttuRvI-pV=cBCw>MYR34tC)b_Nrl7qOZGaQIR=>w?k2MIX& zLV_}SAk0?|f=hmz#%~R)*SLR((P#d+u-p-^=6QtIGU1&LjhlqF4zEt8z|E(*IC2EdwBrLXu(0(+H`u{lSqi)C(MtD1P2R0%b8tKV~yvc9A2!NSAdCW z`Wwf{0@=W0hG|ewdRcNWB($Xx+O=?@0)SblQx60fhB+@}XrFT@(5>=1V-FIAO#L}` zR3#;UK^WX)tEI4ifHIlTAPk}wqL1uodl5-+OqvL5SLDa(Ao-|gmVf!B5_4}ZSpjnC znTLG%^~s9p#G*tB_kv`scm1(gze=ZjA0*QAC22*Rlk2#wAD2&VCQP+F7lQ(oijOwk z3o5b+UbU?j#$DBMAa>E#B#YiA`K^ZTRioFx5vdiEWT{0lr>$D|Rf3NnXie>|z+uaj zS^ZaCaK|gXvWBL4e+ihYPi!pVgYt|6Szq$HwA7KBa^?!%Ig!KS)$$)`h=lX*)N({As-PZ-;-DxTX1E z?;3aW#+9vyfq$tprm4sN-YVV+bC*Q39Z?70o%tnZ4B6;A%v!>8Ln`ST@TH9J@n z2JsaArCYBqJCt4c3aeYE@#5`;zcS_`-~5VQ^8$Uuoc;3@Ja)Cgu_Ye5e9)@CaHPfh zed$dj5NdqmZIpN>7XC*wu{e(0fGanNql!WI7G621y-(%Q1llhB<4g%48qoZy~O(~5%56zpPV#&`e6K8|3_E{EByo6 z_tsV3dYs}rQX2k2f;07v^$NA;!ta_AUjxtYzih5l?lajYSo|hqG~*9Cl=w0(Z0xOq zUJAeM2xngM2g^X-r)f+6sHK>-Fuu*5V|!pn?g`OEfM9L;XokT9@}0d}8pN&htZ}UN z`1 zbL$mwgWUk3N2K?yEMYF06bUhhbbpWtTa^(fWF`VSC1V*(dFNwGg!Z7g7ipgQRiW0W z(y*uOppY_+E3X5a!AJFjnws$qcFH~Mrl-Nu07SapRC?5Tj;00@hyxJ9#zS9-{jZ1U zDn2A|fiwsP50t4_eM1x6^UkP^8CG;{t%5R5zG4=?>v9g5x13+ym9L~EGh%vcrSLBC zE{IC+_Wn7t%4f!XXs9HT8q75uRebQCVEA79vS3hucB{LXQ92}&UF`sZlUs*7kP!6b zykgrLSLpRMBs9Uz>R2D2HsD5dn?H8a@k$x27`4Y(v4YO3-SV zR4789k3cF=#Inb^&K*BaL%dVlk|&rOh{nXEKK0xh7i3%lSv3i^SU=v7Mj2q{#mW)q zf=g>~OYN|X#eOWpo)$Glv#5*28UgcgF-3??g_f50-N@_!#DpS+-1kYu*vQU)ZgGN; zq*)Un4WO_J)XDQn9g~3y1;KHPI^pfN-DU^;9NvZYbM8z9HKGvK7ti8H{5+9bGc#VP zEvdRIsYvM#p#|B9I%ns$83Nd@zdsQcJ?qJ<;5qie3#e2zGcoThI?gLahsbazcVcg6ZRSgT;z6lF8TK07Q|b7#g{ zX?XX^oqa3g_&oiP?vlC6wV05}{!^Ib_-(#Q;Al!?lZjqL@Tr55zuS)@ILn zJkx%iMFo}JTF!dQoXbq|%`20Nbe`s`3sqL3*oacn>WtGXf*3reXS4`EQKVJK^7Ves zE$5gIYLfGwxv=VTlAZ;Bkg$JXxBFPIV*mBl>R6rABaA`8UHfr^{l$sP1qM9=9CkUz zdXPpfa%Z+b@w9zezK^7$Dj=&TM2;|%0NGb6f$g_{a)`OX^rmx5DvJ>y#&WAva`v_F4bJNwghmahIeZx$d)p40B>ck(G$neNeUE7x+GYM3GWiqi)A z1wmyZLb}$IVNL2jNzHa*(%W|i)sphz)0EXVe?9~Pvmtb@o7(h3VRi>(d5Uj-aO3=d z!BsiDGpX(C8iRK6yBcjL3&Y6?XLFkIiRA{Ku0`FUFwy1@h_3b(7KrW0qitfZQCSY5U2hB61@))UYH4N~fuu2ik0ST^ zB?VI-DNbi?PTLJ=DG98qP@ZkxkGf2ylojNRy)~1>!#A`#NN-WnEVe$$oQdZB`!xO3Q;aBcI2GXuJUTF^?<+^-#^*FwaCb>~-r&TbT- zX+A*CABf9YDY-X*##g{8iJ3T-G>2=`p|THJ%|8v~NJ}3$U!CIBUBtzZIhoEZJ!vkw$z7GGqM6{XY8v4ki9I#m zdi9gh+4wGFct@1$yEAp~Mht&)%g3aj`n_OrWiq|-_Ls+RzQ6n2Y~kv)k{x#>q)^}i zL5(`6$1`I+k(sb=E>-4HJ4o>iV&}I%_@!k)3|sSF4p1>lB(G9PWg@XQ)$_bf_cV&a z5L_=|s6HRyWHcF+<-|8EHB73jLzC(}m_thI!$kdorBn^WB#*t*jzhw*#xQam#~BN1jM|8&;^RmjCVd?q zGD+ro(p_85Ygnj|Z*eMg&yg@nnY6YZv3}h$NRt z_Ne(_X?)7|6>R0KuNHa2QJe)`T~85A@yRKWsdo=vYp_baIU69;8t5D@Q&I4;C6Jih z1-_e^Tn4Z2uLt7u)#$e%;_#ZFF58%Ipy+dpy+eiV4|Saa*54CFZ*3S=6`f>*r1n zN0rX(O{lX@pAp~Tl)rlzL<``^E==$bl>hs;D+NG6Kms)2AMmpAMo7}b(i{L}W$6Jp z0Ql`8paBSQ$O?Rc_*?iC9EOB|0-(U}?Z6%%;?*B%T)<(1zlD9kVOnsS-?YEev4RUh z0^dJ^JsUWT1-{3DeIeMx{qds(hkmF2`(0XA@hvGEGb;--55UI4%FD;f#>c`*%EHaZ z$->9M@fY6OepCL9x8GU(oi_w<80v34z<|@h{3VS27v3Ns|CAB!H|^iTRLo!ku=|s@ zm%nQ3H=E#;FH3+p00#pD3-byN78VvB9u5Hs3mFL!5eW|i6BUaHpM;nQpOBE0l9`5- zoRNZ%kd~W{k%g6mgM);ISCEHIfSH|x?RO>+@bK_Rh)B4|$hd4|gk)_0%kHHMK!*c! z)CL7X4nU$qK%qmt^Z_JbK3_rn;rN{R##a4jus!oS*^ix2B*Vp`l*Af`$gi z`hw#DX!KVYWUQhvm@4mK$sMuS0^{@GD8y>Iu~jF}DA|pjg5VKwUgP57Q&H2<($RBp za&hzU@`+1GN=eJe%BiVqXliNe=$e?CnOl6Yv~qTFb#wRd^a}nM5*ijB5t)#fl$`Q8 zH7z~Aps=X8q_nKOwywURv8lPGwWqhQe_(KEcw}mN=I89({KDeK=GOMk?%uEcgY%2a ztLvNFyZeXVazTJA_3!Ra$^Jzybg*2I(9lrOu)pPkfOP*YI6CwzGFBK2Q5D$tj+o?Z zfpA!2@p(1f@D%K-XV}J0lL$DJ92->UzeW2)vj3i7LH}El{X?*S%C!g}K|z2k4+k#>wnn#0#Fz_rr$&y+ny9$oRG$-kGl=!h5F-H zJVzAy|KOScJ-xZpl4NB6XtQu?Hb1{X`$)%d;ED2IDns`X$KBsX4W#-1l1{qj{hvD1 z$!`@V&|O-zI-{yb7YhaC1_DL-GqM>nD+?=+yppWS>u2Uvki9^kUI0=iVbHgN7vP7a zCq%W;r2qD-k{4jE-v0sa%ZC$B&%tgIwSq9^h72W)fs>1mOk_H*S>u%a-K2JL@fcA_ zLU?@y9d~iJQ#g`XRnSK3fPN<3o?lB+3$Zos3)F6$Cf;vNl}bBv$m7O{b*N_>W3N{@4haX8jhDEoGhadIImKfH3E9rW5+YqT zl{DZOs})&u=ovt2x+wE%6ejS*@v$Y0qpTK`5J^dsr=~NsCf=lm_9HWk`=mt|618k7 zD_wo6TKQ5Z#Rbb;8Ab7y0)gP9ilu~6NeYhlx_nQqjg`^w!{TcTxZL>q5*j=nRgnpW zbLn=qWMsz9>h`ZLmI5U%X(U##i;;cDv{mqcPwoj6O;qrNSLh3%WDNs+Ck*o@L(B|n zo`7u!j2Pe;p9~PXo~o=EDtmO7n3?18!c`=AB?b-)m84s3 z%TDdM>Bgx@VvUJK(&j?`#iR0{-#&$|zW~+m!F`O=>3YWF5hU*5Klc^fe$rdKc5?bA zD!X2Qw%#A&M$#S@8_&=ci}Y3dME#Cf@XWfr(MK1&c$% zbu25LIG)viNmB6F0=0@53ieDGYs6VHl1r-dHh)qNM<&^-{o ze6)T6V*Nu%&c3*k+&?$G0E3-9-*DuYw43ffvlMrytdJ5&cNW21%wQmoQ6M(&iuP>r zKA5BnRt7(^BQKp>Wcl|r%=qu!%)J1_U=jaKrd}-V4g8MIsACSDJllJ?B+=Z*H)c@J zRmdfImoUix;AH#-_|I7(D+wVikPGZmRsT8!z3yibs5~^z#=bAz5cfBQDgUPmlOGz! z!y}T!gN~1npHVqBC0R(dTl*w1{Z}phyJ}&;fe55`5D`Q*I-vV-Q;T{u#%p|K2K z_dS&&eCnl%+D!3Ayorx`4T09iYQ!0O=5Eq78YH^KJIJxX$O+F(X~Ke@LIt_Z7oW9! zB^Y@=9VCTJ7Mml@UPx;$iN21b?a=4b(mjEP7@J3&q*%al8Bv%ekKNs8bo6yATj=%| zJ;5>c!3k_{ZqlMWj6#*vo(6FF!<5AD`9Qp6Ep01q9Fh5`DSc%mbBlOzXI})40~_)! zWjHKplz0$}7La)%BpN@crb-=!u}KGA79P2dd!YnC(Fm+V1)r|9E50vFr4V&$>-9O^ z6LN6dBXlQdK9U*WR~E{ltkdlnnn=pi8?$|KA5c#m^a=9b4ZyKwEq>I^2&!3@I6u!6?JLJ8WCk{5h>O;EmemmNfbC1JfDzjb-71w zr!6959Wm92N+`RC1NP$+c-CF9fW%*u@=l4BQBj`|s`2m>T0EFIF*s2Tvdv289Z`*~rdhoaO$`-ztZ2LItI? zRr-D@aK=HXx9W1FI+m382oEd~~a4BZE1(iNP z8gO-4o(UL>Jf;#J4@x55<$R`mNYtXu4?y^v7qWfMdjYmRraO=DJ0IBOF66E|7fC?U z(fpw9iWi`OvYN7(4B0nt-Txj*Jl5W)o|`vT`z$80+7Ro2_L<-eF5@QLSJQ+ zaemyKf-4;DP^f$j1zp8Dm+61qIvtf>lP$VEK%x1(fF$%j<#2ys&G6fU8Z)Qom-*8A zOQjqAietp6EjKR<09Ajg@$0511S(sFKfX8-|3M%{0$hCIB9v60 z?Xc+t?-6&-<(NHly@-k}+DM}gC3M;1{D8;=ne^6LLvX2#&zCp`SOn#9KmBCFbI`0` zPOHD|X;;kBQLzsvysS2Q^)TPC;~dD9b2Y9@5~+eIBCAepDtX>C+dvANQgCNk_;H zg}`=zgU8T;V|MfPW&ll7%;l{-YuuLIEhEfn(q4ea9??V-HejGP+SGHB`0lcI2wUEL zQG^oZTW8y;Dv^|VUCf3i)4sV-4o3ZX7< z^8m6KB5j#NiZV$Th~7)`qk5`_T7&Q-HRmvac6j@k$%x)ze7!5>@9p3r6XvrOptvs0K@-SqRoiP zXGr&*l3a8|6!Fvb&{iq$0lkK;^iWnL-RCi4)f&Kdv1Ob+#@!3ViQVwrcf&SqLf|d}!hxALBN0-hwJo%z6Z=8XVZ$b2t{#Zv5010>Q{mh;{)M zg2D=Y>3s=}81n#%JbR|?2-4NoDe*V1bfD9m2ImFX$Ghb2)OT5SySnLD*51<2+6)XS zAD9~Y)UZYgIfM$hLM%m{H#X7&`H_EksNJ=HY5UcB|Jpr_(f-}YZ}d9-Q5?K#xghm$ z26elwJq#FB2c!ZD){r@;t;V5S1;wN}?YrPQ+D# z-EPhJb>wT3B~mAy288GVDorN9J|x&u=&Pglf$Ov0g7a7U#GH(s!?_)StJ{*!8yju+ z80h(;VBD_7HYp{?t^wG61&gU!>R7Xu81|YZ(!~-=G;h>)e|8a+Pa2Urv)GZUV{9cm zq|eJ2sJ6YrhU|*IvY;+z8}QsCD7TV{fNCh%KYQg3!74Za!IWu*SZmG)L0dHUn(7(eZ}vA2I>a-NG=< z6nS`N!v*aA&P8+_gYM7J0ZNm>gLzMu)1&X54(yn4q$2uEhw*D7QUhRxN{9rbxe&92 zcs{;eWVGfxx#%GeRprZe{P6>ls||rM>W7>L<;D0)VQ9~p=lY35yG3?0Hs?UujmKpA zl#{OD-3St)g`NDnY*dA-d|n&#W}2e|Di~?44+Gj|aD60Qs3Ykl3TYH$EL)?C<>#o$ zN}~EEf%CCF0eD>X@p3g^vif5Bj^RwY->Tbr>aL#2Tev9lG&6vDt#N{G0x{GPnoVxmQ@gdJ3rc|AG)0~z@C$Id3-E_ z&!J&H!=#~qpL>M&j+dg^zLeqsS?3?Cbkq$05B~SW9H);k)u5<^_JsdnWkeS){;vyg zA4BV7RHzqVC~#xq@zs+5ucExb0>|QcrNh0Rs-@K8T>%Uf#|a{3IhCS?2-7(6u(+Ke zlS?OMffu0OpU-qrS5Ed)4s_`!7IjSneLYCCzeHq3dnH3IsS#hB3(VtfnG0WOKYb@l zDf}9kr>;H6T1ByzqOnE9KE3o!ildFG3@g&~J@MGkb{*}2^F$T=t^fRCCscDSMtXX_~78mEbp8kvL|HjfA#*UT!tex*LT%4tXhg9!8!9< z01yfaU=%m8w?~h}G8I#gBkKGJ@J{3h%H9yzwh43~ggg!k5XLyq5Id`r^!^ZF8!$`6 zkTTf_Uqnb=w^-}&w@U&UWv`4OuWv82Mt>y;w^F@wK!8;NS6)o zgP;}*Lf4c7BngStz1hOi&&MGKVG{$8xtQp2byX`D64=6iKmw1Q?q83UF!gkMkI%?sIiIO%U?-_gV>TOsjTCbfKM>V&=h<_U#6QMD?l z{Ef3dDSpG!BDp=Q%`NL=h?dI8`U`;f6o%EgfJVyBuZfmjW)j*vIO$)jg*?qw+>{N8ANTfIa#jcY_E%><)rPSMy=jkviYt*%f)&-8;Vk5Qi~$g{&zzx{-v#EDOP@ z{k@HThA^9KFgg)}ei~1(UpqdWQL5g*(_iLcgf~h>6EaL&82p+GTail;n~l&ym1MlqhMfC;FJZd^g<9Jxqq@3}{982dE+fmORH0%2NQ zyPVHT&a(mdE@4`TSPtYn+HyP|HBtG|ovvSu_=XU~?jHTlG5gEE5{^qQOlLqJ5>DIY`1v>3mzuGrXTo z3mG_RFYwdE-i*FzE~{1+Kxs2IbbM`;N$l=&c<8n#m#!zXB|Gz-s7`#B%g-hN#kcwC zd^R^`>80yiFUG8M)49x4WYgFM+tT}IeOCeHj zxFbpj9T}GjBwgtCSciG;&!n4He(~d1KWCKL^o-=Cx#4iDV&q!D^5F6E{({B5t#I(S zv~6a`fi)+CCfg&Dfvs|a<>|WK%}1_a)*Er-C82W}fDoRjwgNuxdxd3AeM%X9K4aE5 z*>wWeW1_xw1`{D0);44#W<;33Tk1ma>FHaqnV{Ht><#QH-+!*E6>Zzq1V*!R=O51Jik|+;k34OtC`}o1a+}ung65a`d25cXw_1aA5 zG~MQG?>eOwI)T6Ba&W$TL=Y#k_jY78w{{3eC&*fWj*1_-*#}!m*Et&yLwpFR89MDm z1-W^Kw~Dby?q2V`zM1sgkg42ujSo6m&5g?Q`}lwg`lhs4DbE`=oY_2qkb4GC(0VnJ z<8K87HptiO=sgO_vXZJx4l%L?Q$+b=5-+1xQFG5h8ZzO_i~|=Fy!XS8^CUgrUVu+u z(5;3Uq;kwNWyw!8`2FmYFk?IiB&A_$_Esw8Z8j-7Z`;Do>fR`Q)4I-uR8-xkT5NTx zf?0QPaKe-JK|))A6^t#CYVBXp&!Tqd#Z$PPu}B<*NV*2y-YV)CXmY2S;N0TbiP8g0 zaqJ0RKD}#;d9ivirn2OLH)tVEaVP|KEHI*vz0JAssy7FEvXqb9@#L+vI&2HjbiywF z^-`Wtc!K-*CwoH{5;h@;rxG5$?+BqL2+ur^qo$}UDLX=!^;#o5mir(}P#mPIho^b> zN??)>RDCwyDUSTg<@jjIZVSur;E(hJ+Sc3u=9HS>Jb_%FF^?-S_6>A`GzohQo5#AN zyoIMPTh}elF0?~l6M*7YLsQl@zHE_QpJqu_AH{U#16fXLBT01;+M^Yhq{amzi5$bL*_jvt>1rBrKjuRfe);#SUTPOG1)m+Jwr zN8~*-Tn3xIDNO$MeYAcIJg)^Vcwa7Y`;&U4K6)kgq=Y<17yWfo_V znxdd*#Pu=6iRfoyRLqfh?`OqN)%iD?Xv7ybWvQT!iG_A8me9aHS5JLe()TUGYp>1F zuEGuSmjkl@?{+w^gImQYtd>QoO_m=i!+11JJd3h|HQyPOi~F6#8Rcp5n06i$=ZMRd zXH*+=Over15e2i}FR$An!3{W0hL;ct4JF{QX*;)y$v&>W0LR>WGA0TS-t=YBavdHl znf@+&F|3({SEq`vTW!t?w@mWP=oO?XuT^2#pL9rc;}({1qE2ngi^T4~1Sg;hTuzsG z$y`0cO)-T-_F>VSqQETMo(|)ZBm+$KDX0#Ttx{AB&GE$WB>JxRq0%;w)9=1bFP8;d zQetrRIl->(#js~aT~FYZ8P_#Ls-EXAi_q*+x^)jK^`=*&d^RD3Bug2wF~8Jf<_g(^ z&4%4r3?M-s&z`22tT9bWfK5?P*(2TdJ&ik`+Yw4u<*%S+n$g>@+J_FJg5TMZ?Fk+= zwFsOL%KxIbf1_e>AAfOpN&lI~lD}p9nm;4QS&TWSX-rjL=56Tm_e`SUSepyh?p!$J z>#XvK*UIs38{~BO$O{h5YS}{OM2^`79Mk1GU5WBHbm#z^+{Rn884S@qst&aYWv{d^ zSHn7iy;lQ>0(<@gCCQ0m4ni?0&K~kcI0WptC9=ic#p%1e@%ZN~6 zyRyxgAda~&7fr4=h~FJHu`qH>xdm2k6$|gW z`oPUlf`Lr$wTHIPlC+Z`97&NN(-#d&4U^0i06>4HvkY{4(hk2o1!j%R#8bs58%gd7Bh1M|hJ41qN(_O$4dwn2)9|&vf|X zJ#GnN*kc*VLvb6;V5VLGEl$Bohe4Dj=cMI9{!gacdx@v%fcwJwD#>uH2QPBHDWQpQ z9MoA+4DE(UJb8XhWC3K3B!HzN3HU5Mii3AY=OzC0oc>p)$=k_?{`JC7vH0%K!CEhX zl&qnwf*Ah4SP`r@FaLF)g@l;!>ufn|x^0`|BQz-zkJ;6gl}^32=UA~U)mSieC=hsg z)%5}thh1QCCJ$vx>&Qy+BJQ#b>i;$!D7HIKk(C(UgDhK@#ZTWFbf_fr3+2$^9XQLF zg-l~`MXRihXgIiYX{WsN%J%gfw~YTVd)A92caaok4ndI>C^A8E6d8DRcn;6twJTC^ zx0Jx;eY?1J`%|7NWUQu&n)YBR>=buv+ibwEL>QDOf*K~(81!qoVxs-#QU)r72=+1f zaIJyO7iD&fT9#(ngf*eocHG@Gj%Q-bGJpI&+h#=FGjjOxmRIF#@(m%&M5lt{aPrp)aN z{__OhoJ)i zgYvpxTvJl$#m%G)Z&soBgQ4Q1NZS3!oq{El8)aFOBWtCAE?B3!Mh`;NR0r@FxyKP* zJoYPc6r#_bWXuWXxRV=!&vyUe2XuA*lHhP=`_d2v0mx83I}7z;;1I;yVh_30XQC>@ zJdt=XrVT2tJFQQ%t5TTM_f(LOlf@g7X1W@848FcDGpTJ>#uR7APUR=`0SiL z1Cb|bhKRV1UIDa3VIMj7D0E0@n*T|wO$hJ?+elyI%b=nukD58>>xp$INwIzZ- zqd~+rqQ}vES%`8mM8Zo`_#rcK;%x7{Vg};U{upeGrWnWq+oykm&tej^612X6et<1< z0+wqx$VSh2RGw6Uw}n2juXq4JE` zw1k=kCvigOx6dfpq6(PU(4d-b;F$g*;j~;|@;*&q*OM&gRgDxQiCF5mUk?EV7KkG8Ig_HrJW!BjRlpkiC89q5qmNGirVEeh z?k&{Syj?+ad{N8}RvMdGj)zT$+J|MwkOx1(ibCB!8FZZ`8^`j-Yh&f_w@q%tK>RR( z=By^om8-Doc5UjSQo{yEpAmlVx!vUVlU><^ENUQ{3=_>=y1o`rRvM%LuJ#W_(B;zO zf)sZBC&OXxWHD`Fz5E~bw@#Qn`t;jliUr)w( z2EAIkw>pblxR048YtFu0Io)O*?K)YS3nLYT=y?301h~R)g@p$K=vIpBs6u)q>?Foy z42nrb7MC2n36EAzv)VOptws#Q?vEGkYnmC}q>!^_jj;&XedB#*O;2AuIk0Y!Wm=@Y zA>2XLCnLN9QRCj^B3^+fk>3-^|NdmM7kX#^4lAcgA0!XLzVZ+GGCSRa&s1Au7TE*W zEhvLtS`~Sxo22Tjm-@DEx^gjiJ{ydWn0EBAa8=b}Ek24X3J09KNUG--o=< zgm(^gVHl#AYZCNFDO68bn-{r=Q0j@|u9N733Ubag!G+#yAV1(@;*%(0qL%3)$$)mb z9(Rt9@8;cXi3udp4&vqFaN2X5jxK@axqboML67>brJwa92A18_8DL@e##<8aZ^{av#t>`^a1PrETKF$&y8v5ir8V<{GhLDAv$y~TV3xheUfT=lqN zQd}l;w&Yc74pSV3Tg5I$2zAJ9=unze7D`;9nsrDC*k-UW)hC*r?11f zhP(oPX3~E64=p-qzA36vkK8u?-$DhD+n*h^LI(f(G2G$K=Z$CkVeD zMoP^d$5Xlmy{mzteEOy#k0xX<;<qJ;MI>~vn5?Wa6EPl)KCsB22r38jU7RjvYS!YPrBq&~L< zt=P7<*xvhCT_6(Kn75+`ni>Dsx^vHlJjqVX!lAOSCS_Iu>+r=MFX8ig0aSG-xe~Q^Jx(BlEjMjvzv>u~7cN7F3gGQUrbYUvf17~2IkV48DB67P04Mpr= z6|1JLdFU=Xhm6)P-6i!jc!m6}6w>RzJeRyVjY&6kUuCaxkN<3!T@d@QPvsf=MDfFa z!c$moL}TN%x%<>8E9bkCR|S`XZpzJm$%hZHPoL6_p1mYrfLw$Nc%h94t?CcpL(Grv z3hVxZg$6IcJoXiDQ!nO@Q%o^6|^@O~v zaQ!$32musWsMzt!oo}#vQhGo9Tp%+hMTxJ!I@7R@^m}7Ll5~RDB*B$FG3}?rA zlbK!QmNOk$bLoXT9-Hx-Hv>kdt>{VUNFuQsj7DY3J>GFAWkE$T7i$dG9WIvFkXm3s zE6>E&XJ19be-={t;9H*{OF@B2EgsAIwJYjf)OwWLF&Gh~y0kQCjTTAT?W8=`A3?dD zpiEu(PcmIPA$!sL$=`(s;6y6_F5d^N+T2(9iMv-MS$~KQ)!V`DKePshf*2zHaULyD zEq?bs=T83U@&yq3{ffB#qJ43#&tl0e=j5v(&hMI^^{4`!^lqGl-?+0awN)ZaU?x*~ zN^DX5Vn|FpAt`dn=6V4V+;d-mCDdmu>m&9zH3xo@q77md1~CL63?_R}FkcwxmGIr< z3jmMP^a6-xfmiR4IZsyCp)IfKTYaLL7Nu>B-`L^@MK_A{J#P#{3G&_ci<^`!Y4;Oa z3ogj)SmLwdhh$=_G<4WyqOS!Tx(}_lP2a{o+=JnY8|1TKhzWbC|GL@>5bYuaH^*rm z`&viTvCQB*QbsRj9ede5?iI}p!Z>KP@g6UGd#LOy7oG^ooA;!k)3f9U{G9IEh$nvw zT1N5qFs97sfon=oaZ<xf08@Rim7;;~5o6$DDV6pECZVyNCUN{XN0a3vk%| zdrPvHeBh76k=8(ht?irRnEXZTl_?n(iGu?S+F?hK=xrHRHWY>gk+=Z_aoUAE(h0K zuKR7R(VfO?|0~Q-pl6cvFUlxB0vVEXOxN)CQz|G&$OqaepP?unr!?8aqEkH7P`na`A+CGzXNT_ps9Ba*2<3_GzIz|L-WX;ylWrF z%xymi3bHa?)RNn+ryD4egqKft7i!7x@BxFIgg5Q)Z@`$a&du06H4rseP-~+{5Ce&| z@Qxtr(F4ilv%eAhFFuC7iN8euMo0aH5S;cON%QY2zUc2~Gd9G`OEw(+EYgHN#Y^ML z_8>5Lc=xp8fqN;RG1uH|DdE_I!b<45n2Y3?pu8(vRpW=@kq7hYThsFkfOUGO4x)bn zvT@dKpR_o(RF!T7E1C4E5UhkIxmt5x7XCzpLqYy_zpqeW2Mq)L+ks)?uVBCcaRhic zcz6UPR3rpM6hwGbI{PGRA2imIroJ0{e^z`iDDfA8cRm|xS)#$micA!Zs>u*p?Nd3J8{ z@^7%zm)2Tue{di}iTwQn+wb*(zu}e#yj$YA1zXEr0B>*oH(Vg6&fcrAL_c=ni%hLY z;p-pUS=Rb!e<%7UIXL7JdlCiGxga@=c%IC1Rw%jW6DFB8ti1zwUnr!T;QUW{w4 zbKO6R{F7SrEUTV`n-6ABWce3C7L;?YoeT0f7@qt4mFT&|aqh|B^6okj{$QXmco+8v zQ?Vd3|FC^j8Xt3siJrf)mHq3%wQ91Po6TK%x;S)K>DPnHkLBSN5~Xy4H2#A9X>n&7 z7hk>)cBUt>C5p&nS(8`$c`b>pLRlRD2P6hmkNH14b!stCComri_;%BjFI@bDE5DhX zThy&Lz6N)XM+V37J-yfb|Dk|@)^u(KSRGiHm%sS^gI!)1&f!W4+L}bZE*dY7pcXIo zNlI>ROekV7Z3Zrs1Ay7xag^_x`{@NXgR}ekTN|N{CM@5~zps4f_^H84kZxhBFc?Fv z=HES0U^I4mjOV|3_{LFt`)X8gt;&1v1z;jdyyLyHzR!9tc=KeyA2~=CVcE=o&FVoXGLGYBE5;Ocn_`vxz4x0Q7 zV$SL}Nt~wfYdOt%s&`Xf-c z?B!2yI`x-Z>~(Ugs+zFJ%A(e=HMt2ct2B!1`m5s62`FSX!_O((kbPl6CY8P?I~~@= zRZYF!9!k;**IA(*!7l*o^ta`v?=C-Q9Skw!rv)wESA&-gV=kxeOqT|nu9>etZo5qA z%v=8wz9iyb8TFY{G_ZKJ!ArzG>xTb;`ZTC?>$Ju>t)=rnS^j%n+P)$Cm80O)7V-M_ zZmvN&xwrMUaY&k(7EZY}3{q-Xh8XsHb>pmFNR5PElTtj1{&kC{-dQaB2uuC?S1ot0 z{W+QCX+CRq_C{li7>j|JzqVnWKia*K`~N}9`~P1rI_zA*4%xzGwnr$ys$?-1RG&$1 zSabZL&)k}jt0_zHk!Il0>rgAIK`|p;rN5wF2xfOabL&m{4YO-GeY)!uh4xh1xg|08 z>k=b|6ro@Eh!)eLYoIiL>iL|<7}#4E>-hNxdS8_Xfwk;AHO$-O$EgL^Ge0b4sDxM)Ju&>d&sb1R&ho*X|>Z*Y^8RIC^zR!-I^k& zwooSAFTiB!K0X^HqjyPVf3H((Dw+cUy0WB2*sP+TCz{Hukp+SeIIZ1{cUwJDosk+( z3^=|!W2@;~E2@vzk2xwOUMmwSNc0-cO11y6Fi_Psnf`7tCXTPFYqq(dsxC%k%S?Jl z=_xklc1>{PMjEY|p5Hv1;vDaIdw)h|)a&J^MY@(- zZKcljE8LT?F{dp|zRk=>z9xE>qoiiIC^s$ZCi)4f`WdaB%yOq@{(S!UaKGqvet8on zCgyc&d-@6fpsR}0rItQzyZ~3D_gsB1z_NpITY-Me;H26? z?Bwp#ZBJ@Wd-ZC{Xyq5R`2E^o<=|P>YuJ)C6cbfSnM7q;S$*k6XO}$C^e{9Xe-VF? ztdR7z?WKm)K}-3HuEy4R3l0gv@*RPjGm_A~xp`T>Yq~j2zPOUXe!{aXJO?ZqX~QE3@UE>Uvq^f*KmFsn>6IJc+7| zqF2|91tt6ziA*XNc(tqzaWmcqJcwIIZOX;*l*!7j7e1D39?<49{luD6O62E^p}Ve* z>0cS#s9NhWrf&U^TH&n0r(wS*l_)V#Q|qRbNFbotG1c$3Vlqa(t;M$d^tx{`N4mR+COpV2VTW!T z&s;OS%cEz9!l&FMt{Mzh!UmM^sdwD%BoADw%E@ywwn_|s>K;#-7&29ErLW1>9zye? zHXiY*kSpq2;LD{4JS8fr6`~$EcJ<}&5+?u_oltlL2G_>ln7#0J z(1p?tyhr0law&@gOZHo~PqBPohRPk$o3mP#4<4KjzSeJRS-e)%Q0tg}Vn^pYu{s}9 z{?(G&5<7j>SQL{zJ8VKUN|on!X+DBFY^QJhCBHfn<0BQBZ(mlEwk8OmkoPXH8o%ea z+`Lwfw&`)W^Ql_l^<~GgSFk%M2M^UHMj3n(5)#&}(diTG+l-$nd(V{$67X(@NW{2Ghs~?KrzuoXiNTH z?q_$6vuT;Sd{^S$=>NTS+Q6+olZHLwHBN4Sh0`Gt@o)*Tk>}$06+!OSU}IBKj{o~6 zo0H@M)2CI}?Bka7-InMXubW=^lwB;9kh+j2FB>gPe)FskEtN;<^-FbkZv85CvqQCM zpVxh9hvK@eYFD{@jw~@4!XR){`$|~~kMv~e0IVaA$BvKDlB|+TGk06gTi4ZIyKfjq zswIWlwvDN&Ef-3@FST4q>~Bt+_btfV39P*(iXa-xBjUU>WwN1?Q?DVdr^bq}abQ2S zlP=wP<|_ezC-l_zMY!%{irR!FHKKEQse=~8G`r_s^4Yn`s2~2*@}hZav0$Rv)SS?4 zli-&SgzhuML$kh1$AnG|Dk|EyYrajOEW=jg6<0NBtm!wOUWK=%ZZK{-I=5D3T&XFl z4Hh1!yPo%1VqUXhC+L}`S!mW+TM8a%yM9(B*Gh`%bJzC4$+RVo(54s(OU96;%#zxq z&0kR&tbD^W+B|0XKBSFrsW_t!>n`82!nDt$WK_U;%V6NbqL%gw*PJP_ElM}PCGy%t z^QX@t6EV{ZfU6nj(~iotEM4BtU>lR)%8fs#Z;gN6cN`0zIlH%LUMpr2K@mzzdgtG{p2O3~}4I!opd4DZrbuiJ-jK}jXj+pP1n|zmHx><2lCOsEZjbFM* z97;SaOU-DqnoZ5(*vb+%vt4OO-buAAzSgv=cIQ;&kkl)Ste-NsDlwJH;kL1z8`wgr zP{^&Bu%+43s3jFm&~=gaBaJHL(^Yo32_yrm69U${-p>6rrvK!Ktu%)_!TkPY>qNg- zjboY*JRoJYO0{wAS01tw%UbD<&7}V)6U%}0iv3d|*j(1U0Jc*N&1SGZXkYtXocMpL zezp8KeEY#6-}Q|5;tQ0h&BF)&7hw9$_7Wy|Y0(8biFV>AkyI`hmd?0bLooKc==9QK zt_81s@DB`a!{=Jmq+NTUs@yd&B+SiNmzV5Bo8k&XY%c>)YP8HhC4Nz9sO#RtU4GTl zVBDF(?~)o>V8om(F;G#pHh#b*j^``-{W&5u{kT|dGG)tgiP(c{6n=sKshbq}S>}4i zjvV}%-&BKkMOp`W+Sr>DV~QAKb8>-rMb^5r@K}a7WkgaLDSN?mWm&u_hv>viYU6J# zk?Xr4P%s2>iXb$|&q0dQ>AxT}d`PbxGNB=IFN1st)?m8&dlo}GF- z4niFhw1hRR9Tq;($?7LbhxVCJ$?^vsq>IUCkO!8K%=KiuYn%pHki(^_gH8!i3<9_kW;`JNOmSh8Z+aA%fII14Y@Tjl7 z%8;lI9E%tWn)?I^2}-N391HoWso`6iAjjxF4M~l;C(JLb=n4|bpJl?M{bAt7Y9+pT zl4^t0DCMRnNydeXrAU&4{=Ovg9_KileRDMO*$){ zT((PfQUc3Cs{`4Mp{5<%2tnr`=WHn&R^F;*pAjav0QWTZ8MeB#;c4YOJCVEe*GnAQ zRp80Oowd%quJYO2uW9yzKc!}`MrzkqgIt$}m!vV)^NLJHuElo9CYja-W!0CHAktm0 z6W`>uSEj&*v7hOf25Vgmg-n*mUCC&EX^Y@Cqn8^4vD;70H=N`WW*i|whu-J9a)GMY zHKa*#GH33@9O-oF`7K)?C!;&cjI||KD)ZsR?pJs3@9~RoxU)a^J zSYBH-$^K+KB&v*6(Q*pJAx~;9^CQ5(#w|UOmvco>GxT}<=y`cqq{%eLH^vY;em*a+ zV*b;gE1Su(*yUQGZ_E#$3%{y#tav{&^=@j>ik;;wg@=1|mOIrX@ za?3JQQ}lIA1-izHITsk}{oaJH8Z|{j^0jb(`N@H6v};6(&3FyR_!`#noVBKN=|WwL z$oJQA!*}m#kt5*YWsuLemf)ZQq)7;Q&X;y)4R)i)w-lrGckdQ!43@ZQd^YDSaMCSH zaMC^Mrw_EOXELXD4Qz&I_ji=;5?>XQ*Y+auVPTK4En=)OO>t8Rxm|W7{n@G%pSJMA zt0E7p?`U+5$y39#1>ITE@j*yj?2HMV$^C6y`eti&)PkR~QYL(x#!sRn-IOUV3n7JU z8!Vd?`lK@Tje@axL#aP~exs%}-hwTuR%jd9{G`YEQ2&rH$=5c+!+E47IV7is9%~+R zAK6n_`-1?QTvXH*Km}e!hXs}^5igI|kvv}uwRzsWw_4UK-ovuQEaESXrPL@s5QaD2 z`X>9GRrgv$O|OV0>9!v3!kC?|p1*OWk7}Ei%n-IcD>ksK>icUN-2!VIOrC*t+fz;J z`_{w4eomQ$4-!Ui!m!uZ?_nl9~ERRAqne7t=*kM4YX5I%7K7 zt(IGryNyi{*0`Ee{EPkV?~g<>kKnCWQu^90f$*~@{@ zQU|P%M(ziu97S0F2eYRPWB(H#l9kCSX_H@N*V4Z({k%66lvlM*<;`X_OaDU?;eWF8 z`^^HZs?eeT4t3M>zy$a}N2-1yc51NV_OtVofd}*6s&bon2xfKQMDm9}HlO=6vJWOR z6(}k1>(*UvsT1*)g!M1qu&a^THZK-%sTP(}7{ieU381-l)OpS56;qdP#uDT@XMSdD zOEYHH>z!leoMUB`RKvtn-)H6H>g?y%5SH>ZI>%SNy3wnXUDRuRK5P-!Ky6!Gp+oWu4t`AibGU zo>L%DeZ!GcQ~Uy0Clj7I;8_2f6O3$){R?}FpgDTp^>xO%$trJbSCUA(a=)mH&iN_7 zfsE%Wb?5Fbo$3Pp8~OubtQGZVydD3V!sqBeBnti?f&Qn4{-??P?&AO5KIGDLGBxOg zWL=*8mW_`ep^Vw&NFdZgQV)f$j#>r*UK=`kDzCG6{TctK$zgF@JjZw&-%7(7DtvhN zPQy~)B!|+8gzI!|5eODxCuZ_F2pD^d&NgQL5?unZ~tRW-Il#y5N7SaNa7C z+35`CM4F{ZXAxS`&O%~Z0s^DRoWr5{vg#JZS~LJ1Gnu|>w*1>G zrS$;(dX$Ex3Y=h%XWSevNkeYdUtbsHWyOxx^yKIq=e}*Ua>>aM$|@baRsHmyQ~u{? z!VEsa8$sUiF;n^ii5p$}g#|}>IXv;UR!#LHCOQT&If%Cev3&4e<3-cD+Tu|^Z8P3h z?g%1ue4kxHH|zMJql#WT8tgC~LiIsTqwAc;u~~Zl+A{ntjZnMP4P#0<)v~CSGZUM6 z9Z9T1p*unb-3gbR0i5B;S%N4&yk(0FB2O+>m~@QdcujnV9(fVqDrz+|5&($?wKVEw=YF$D*`*Fl{?f%t)FQ*IrIAvg%j^=bK8fCANg zSEq`;rkyRX(tEFMUac5l;`}F*PO-oZ+^mN#Uc1Y5`2CC1NdsZvM^VX{4Y@ymC6*lS z$GL6}3l#-3t_06dLajl3GK;scX=3+7XLe<7vGZdxXGcx3EM=Ca6A^e{-43();4gEUEpX6P+Ah+L{i+0pID^?wB zxc+4KU=J8jhQ^HNU}Hx=D%3-cG!en#V0l}yyx#%jmh7<`56-!~MvsPkq(Yf_fe zmyd9b*m`VQ6rJBUPLe0t{C>2-1d%_4&WlQlT3gQl(&x% z#)FfE>oSQ0pjDd9>1)kG_W#cXux-?zzKp4emTa$a>m?iqNt+n+&N}Lih396nsWRpu z8=Sq1=or%j!HWYpO(8OR7-@Rzzu%y08)<84zYQGj8-9)W(KuUb>8GcF7Mgs-^06Z3 z%<@7cET>E3Ctb`%C>!=Qo#CYSVKLObuELR)qq^02b1vh+N#ob!Ky@ou1w~}{3bE3k z0v{vwH^R>twRxCK&pc`>L8jx+y?+kNq`}FRRj0E7{=-arI@!1&RqrR2E8FQL>ThVt z!VR8q*0of($&-hogjUiqe92z9#<}5br5~MNbeU{)3*7Dlka121vXjFuWj*bZ=j;Pm zm6fuE-SX<6YvlYr;iZ^z}G_0YFhMWfBLYBrwRi|&=gRb6@>V4Y#b$SS`91+e55bd8khBK{Lxc9L)pW3u4 z75jeDS-@5z(dL`GV#a4hJNLuy>`TdflK=EiHkYf(;3zqOj!$NtX+6?tGqV%K z6-l9_pVUoxpXvAneX&$C{B1GZOBP~NliohLpRqy?_J$CZ2;3&VNc~GH(U1+V9$x=A zmJ?BfxRhj-FtRdSFVd*;rv*;z0X#dV0OUeO3#l3}h~4h*wmnsJO!yi`kvOgh-2E=A zKI)!sv(squzRZBmDTxY#ho~8y5_q4Tu^Q?63;k^p)>Ik=iw$CLbxY*Z;)ML?X+~jd zo3T~(Pq0TNw^3z&?59k30sTwEHiVZlqFPWubKE`YL7nB~eyDNGB$1lY+Q*8&B$D0K zUB1F`7=$GmVCoxBAB)g4)0}6xsZ_*NWg+Y@_W}tz8oW@5r>XNh?;L&8jQXsWOCyrY z13iol7}N2OUlO47?IiAb|0Yjm1XjiOR?0^U{;1x!+o|3=FAKrkz=l}~vE zW=1lVbvu4}(|BiSLoM^wStVmhzRbEQ=*g9f*|g{#`z<$h4aCLFz9ENV?Fu!3dd0K7 zZ=PV;v&zSc^b}r5o0*LrLzwia! zq=7Bbs`Qr~=nfo1D169=@?S|aN)#k^UpYQUFJ+G|?|c<97Oe^$PDarebH|4kN}@Is zp1q1Ay&rKbPnsV7GH^Wd($S0lLgw)96pOYerfLfxZOb&szro~Nl^KA62UssYEbE}2fP+&~sER+7N zaFAS75TXi$r3WZh`gYK%|F<@oGWBu94axN?TqEx4eZN^8;?tvj!+!~4^q-tonojKZ z=w}q@R}WlKZ{#)9>Ie2&_<2qO*IHhWl^JTr^|R;-}+>@e*Jkaf0PZ`3Z`my{j= zfNwKr|43iq<>i(YPHCJ$u!Wl+d2#rC4Eg3V#91VQb)DkLZj4Zsq|h>aI`@v1aPpFh zLVXzi7@lw&RX-Y~1PND@f4j z0Ps4%zc7|Qsz`QHW zndj&dE9mxYg@Z;Qi#lZEVS?d`mdWz>H>?`M$ctrfp(8==A|>T7!3>>~j-&hB$p;Gk z3AWwA5?Ld^I7^v*EbWB9uKL^kea~nxxVri=o#IR6z3)Hmb8F%jWWhcMbM^NsLMmIQ zeOa^j43N}xa@prVu%U$|n9@r>I%(Cap(e?`Hq7dhHqJR7XQq%dq(MOcvdh9_l`IX# zIMcQ$Io}*^cwNcXGPfQhKNF7gmx7s@JyvS?&_i$(4?e&u&sbcv?KVUWY{83)aOjQJ zl5uiwJe>%mM=3(-d63`v6C4SS_WTN1J|;R zZ6tkot1;R8>UnC$^zzHFcf>$DMHFQm7Ypo%P^&ZyuN@3Gs zDFlv4MMl{L4^@P?IL?0RbAw;hEtpn{n02nOhC8TzEK23Kc}h2A&5JVQ+bM;}MESEH z8L-n_J^RHs*;R&5J>YK0d3BRAlBi|7VdOtVb1?0i_-Oqd-r=U9{1?F9hFX^`FQhL5 z7+e3eo1|G*;TDVUxVq-SwfCEN;zCP6EkHo>HpxBT3>y9ys_3{oyCjnaakS*yQo0Iy zHKaotu`=S-ZhJr2dkroO3qnyt@Kn0bPLvs}O_?brk8hy8MUP4K9A2{g%_Z^ZJ9`u zO49q~OGSYI0Fq?(myybdTwDLdxqUCr>BrUN(kP#88z`5V5ZC+}UL^!-5qX{557ED3 z=%4{C5cSs$C?s$7%1Vw#YY0Skvpjz|TAP=^G2-%WK_DgcH5m9Qv*iYK+(81u z9OyC}iK@?h{AbW(bysp~}B&3D1(ZpT<_F%8c{#R(~4rWbgbiP(?0qbyFsr zbH;!Qpb|A6U8eq~Q?FjipG$FC?c21z`c|cW8!iNKcocW=)k}t{enzPXvcM@l&?54D zp4D_h;g<(FvP~D0@j!BF(Z|7{`RJVss0~O)CqPa4%rIj|t@&_FWu#qCsK^CEcV4lqgl-UR>I5~^sWCVbp&bT92RoZ5<4`uXx( z(f&bUxH}&?!!bGrznSu0YrC7b~)_#rTgCuB-V4b|Bdli;iW@xW?Aa_P(M8!EPXs0K*CTyug!|qL*y#x@M z$DQAi7z53%z^yk~B!%*&aGk7TZEQ;0pMkBoR>}0J)u$@}qn}$}oP{P7925fXXNifn zHE3s8PL9;Xb{=WD<7mjv)7g*}nIm?5RVg2tjsn=IUH1|3J5Q3Lb|wokwmb^99U~bs zk|q@sZ}GL1c)m!IXeH168#*+BB43)|eaoDrIBp!9X69PZQmA098Akq^6fKIraizVn7z9l;0VH{(KA64y@{PeV`FnKt0j#4BWZ$JTAZG^{9zo5YOHP_waG z-NZlV<;m^9>RGNG=el|qBZ!&7ZDrF9wI+YYya{BAO}(_2Ip1wK zm|GoRoaTmNY!5^Gm~Vm3;=7Gd+Mc88Ba4H=8GI=et5eCs*1im;{vY7}Q+M5*1T>KY z9q~&cZWDM$;|&iQ{m-#sU+%Nf4*%cs!oOOy|FFWbSK5WGq>qDNDQ#+pGTvT}(!|K& z!dNH=&6!K#_Z0>CCsWA(kg93uw_fQ4V;DC)_ylRdt3u!tD&84q(a}QcyH3l`CGIbA zLT_DIQys~@PLBP)U*5Dpukz^b87;-5F@>e=rx|v3Y{Ev9oWY(7XizJoDlAEnxI@L@ zQ_08;nJYM#-U{>p33;VQ>JL7lJ-=@dY4F$TmT+Cd{h^Hq&ozT>%{g7aV4ja?P{Dd5 zap{1+DP(?s%l!UUCpIIc>O$D1^2G*yH1lb3XQWLqYBWjwUs?8DF{#3@j4msL@@*53 zS;-y52%!mKG`aouhZwmx^+HUO;%_#Za)|*`tv7}8dTJH!k=+dPub+d30PNjkkteD@ ze{zRiQgb`qGp!Hnc75|6<#>-u44TRH4#Sq34iNHoF`{B83FHfLX8JwEoSyK3!VdhL zr{pF-x@qCjg$wB{u&{??Uq?KjwFGeP9{E*sO%40*q8-9?L|-!s`(*OB>uP3m4QSucV_=c7K}4 zLHsl!Wu|;LWAl26`Vam-K8*9w{mRy@Z{dh;$1}Y1_~%An${*QDYwx*S9ry$YAav8@ zE%+D_(SPHMe2m={o;0*^R$vw5?|_*w^u2+}kR6@{-#?x-FDX&@XwBSyb4>US!VXFz!f#H=zaPY) zjf;)H#tXwUa<*?oq@B%d?&#yFTWQH#_DcS+gpb{SAeR0|qvX%$p=#lN^dk;pf5*W9 z?V=tV)W?^oN`a^!n!ZxjNJ(^6BV*G77!W3?7eVrCk6f}TP}Z) zK9*kGhqkeCwXuNQv0@b^%O+vLbOtL5)Oo;2BwHi`CjQngzILh*Qx^r^1vfF}XaCTu4y5odl#s5Q+BITopO zLq*vLTf#Z~&1gOvXE2lvCEy`_zdVmf`P+jPzNEIhVyQeSP1zRV<>2uf5 zwmv-}TVg3QjT6)+dX&lmLoP@Ipw=wuT(}!iiG_M(Rb|R8(U8nTgz? zZwvch>}#COE{cLyUX8qZI>l#+e3Fk~7Mqt_PIl{-@RQ%(xbJZR=2X0 z9}%@J*-PD!oZgwFn>=T-0;dnVBZ#g2$czd*sweOXYB-cEN_8@~u4)cR>UKxpjC=Vd zS1PC91ewvm$=f;k-^;p)gM`f^!R*ncC7+~{j6_#QPuy7*w8LrVL z35+P_7FQQxZ{X8vE=a(n?oVUR5y$mhyeDd)`nC5P6@R#q8%|!hi}|kH3|neM9LC z!lY!6Qr=#gic{bvQ6JHkP6d14!r2a~L?qyKwy_kZ>DKYTwOcV^D>pg-B6 zLE{8i^`4|aiWncZYhw_@qrM%_!U1sP@4!X9Q-i>I#j9_1HPmbdERq;AW?X#J`*t?^ zYL;nzLr>;pK{89$(`iAJ9HRA^QGb7vYSJ=oRw-3)Jmef?La<-W7q<^lHklarZ(Pcr z>cPFw-onNfsWqmgmGVx+PkJQpk6yU=y=kjGeRxP=mB+YL6skTb?|kfwcUHx)QyM}OiN7O`zai4M|5H4x9`r} z!k2NmZ9IzYR22b2K2FEOpIC&eygv(iRj5-J8fv4lECkyL_3KEI2bHzKMH)J@t&sQ2 zEI%158+X23pD)+JEX0~^(!bssfkbX}QB(31c9Ql+|1onaB-CV4xGz;M)xBT08Ab7` zET3?uuhge!fxeF%E~p7phQG&?rhmC}ufisGv&P$R59dlQ)d++>cMj_V>1(E5H2{yC z5|{|YKpjgfR3I#Hg^Z5BaGS}GDfgxRP!^di}cfUZ;;yQtDjd+kR zbQsynn$u@?0+nkzJQQZr^xF?SWID~d^JS@b=y-%i7;x|PEKfGb;LJ_ZAl_M$noERjNEPP5~i;c5g z^Y=uDRwc+HIn;vj*}>T+>m*Z|UCEGy!eLR0mX`zdO|4A>qL1kWH+yKSpX0;7O`u}s zn9OgQjS<5BT6upekr>jXO~pV1p1*Q-0!(`i?Bgj9ghR$P_bK@vJg;c^P*0 zoU3}&luk;N!V-vWb!x&7KKZ5f`J(!FbO?)5LB7hk-3NlC&Tic=}PBRp{ODQ?80L4nimh2)^Vg%sR*iC^lsw33DKhjyS+z`9xX)J}Kf>QfaY zMGq-I!40?}hnO877Rha^3rV0i=FBL`znnk9{s#<1EQs zQP^P_gq{r*Ox`bwZXJx!5c0QKE#j~Mx2QJx+T;B`QYRG}YK@q?6>T`^vkm(ibfd&}_bRn5d zfZGhT{UOxpVDGDDcWVx2UHi4atFg#XdQcYTO;$j1B!I)j=r~%(&*={O$z zo7rb?Ynde%TX;_m>MnRb)#(vE_SMCJP6xn|9I#1u38?c~mU>ZbDj^A#6KfG?$xxCY zrfVLxmgJ>HFRfTup_o*ChrU8Mj879lyZ?46(sM*yzZea@cbPzQ5f@)iJyzy2Q)(7f zf)9UmzwBeD!{*@B{VKov-3zmzAfNaci_B?vNt?R-YG(Z!-9@B6TDk4Vc)}8dajC#r z9N!DXdQ*dmQr@nhG=OjJ-h2M#a~t^?*d$I@w8CLsK3!{Y&1q-pi1TA#fB5zHzCwyy z`dMElZDV+(bz^Iq2IZ;P0YbXZu+>7yRt%K}gqpjRNR8bivvEPR9Gk-fl(tIV+e@6W zqiGi1CR1ePJ4Sq3U7ULhi&X#3$A^xjOd%WlRd@?CkgzVdJ}qC%N3P?CV`O)ii32I& zbpWKRM0|xKWGFwTSF-Hnd}h~BDWAt8J4p%QE5FvRhgW~~eJUAxy>|pMJ6TPz+Evf@ zM>lq+b#kKRukEc6P|;TA(;twqph=<2&?MvjOcGk()!eKPGd-X4u0~C?#&EPg-UwCx z-d!@zw}$Ko=tw5y+qs?~3=MmL$v3s|c9T@W^-9JvxsvEm$&p-kcJq>1gB!V>65fdYz>jHoFZ&LgQjSiQHvwg@ zNN)5r=c;KrbtkTM8fvK_$W7d0r$TgJCVH$;;GOOFT+{d(yJB zU*g)w`1D)(sE=bTs1l@Ca6LTs40W3$+|5FVuZa7wudtQ5EztpKG&}mJbv64O^Mak|(LHpb@}R^Onbq4k!I2c13d;~=Y*Mma8*)VS?p*Jb ze!o{r)Uui|7;KqpI*hAGIrvc)ot?LhJ0?SgRiVN%_x-4oA)^l*wQEuqJWSfRyX32_ zi-O;8Bwr*g`wJ8%MD;~dL{n(%N@(wVXjcDTrfmN^i%*SEXD_pXCCfTr3>P4a#Rid1 zI;$A$d2k|RG-E47yIa^@s@1wjK9oV=s_LOt8t=qH%k517DuHXhB}F!z>U(!n5@}^E zIx6lqw<#!GTObb1*T?@)B|-y(bIG*Lp9 zhZkJGIp=6Bc;SQ0_v0jFTpfPWyp&4kcw<`aB&IT_NXmY-?FoP?XGVj#y||D^J>y=r z&_QKao42X}7{GOB2idL|Kl1NRtN*kPQ!+5kvJFJN>n_Ww*@x!*9D2{Ib1>|(dz>Bj z_`_Qq*Ty$8d^BS^szg}_(lXQKR5#5ajaMhlhE{4;Bl{e!XR1nCmH+MxLo&t^=rlaw zhb8!4+@Pyn94~WUYUNVSCOH975&Kh%te!Sb{sUPgB(&O{VUx3!0nPbLuO6vh*nec* zQVeC=*R?2`_-dEXNmkGOhG`$HPJr4$Nj<=jMEw{$f>dJ8GSugN9wBQ%8qOeiP`S+M z-Pj0+tw3NI-}x}q%A2=kR~6%>{;0cTy^sDZ81|=iZc{}leHxHHty>555QX}SdT(Nh zG!iht;TMV&cM6}DS_RKcTQ6}N^Zay89s^S)jfi*qHl}Uw z_xGv~-PsV{Mm&ywkF1^%kaRL8(O-fpW2!(d?pTjNm3=(*v!4oieuR{Ynom_SlErZ( zBSXs!xZX*xYN|!VyAGELAuGl#?;rXbUi~q%mtzVwigI#o-;zgeKdnt}Vy<+2ls(xd zC*OOUXq#eC?MXBYRU8!i^IY4G5|E2Fo*d7Ts1iaC`qm553x);KRueIMsCW^pP_h4- zbjzuLXCTBzQ;hTN0=hL}-A%wZ2_=0aO0Y9i6|>fK)6M!aDlWPkk((m8z|0)6C}ZlP z@t}o1OGxTdiLuJq$(8ryI)uX-hif)j*BYcg`^kPp0vQJFYk{b_z}f9-k1Y;zKJ92k z_Y)$hZM{Xw6VU6ZU+Qy38u-r}KFTsT;lNdvXG#(O5Xo7;@gE(9=1$(R{1Hk(UFkxN zfr1%_WKo+^5t zr3@)v=pjB9^m*P}2qNyt06wJxblfYb8RwA!((o0`BsMW{)^ameqOga}c(X5Q z?B0r3y|Ta0?lCWzPUl*SbPEx<^)Z&rznY9m>iWsW(7s|>O8b~&inmNyM*V@qMjMC9 zwh7ZMboR+Df~DgKqpdqH-b$lR=98*oA%XUYd1K`4c$0T_`nqhkN?P8-XSMzj;1>8m z*5Y1%IwpRrt4VhHcd-^ja_Dfkw;ou^^&O zNgH!eU2G(y><>mIvYRym6vcL*0v^~0;Yj64HuQ$rlI~4BvH8<11wld)$kQKLg4r|5 z8-rlVkLeo96S-g?jYci?sIkZdWRk3m#vCH z49Sc9t%Yd$szAEU^t_B|aQv(J_XJB`wyElc+!lBzUJnE_f^njot*)5b()xlUZ>zxzqrRJ zq*KH@oOF`&9eW5PBX~q&cBR1o?$6OSNN^61@pD!EVwKaH8u_{D<1?qsWPr736=!y;qf@hHg zp)cb|=nKiP;~0*H=Z-ILMdPJRk8rsj%A&0g6q6w)XgTmAwV)LhrM-I8@1f|LgXs7# zrP8uq4=@&thP)#h1-U|kbaZ@2MPS3Ny$;^(N&9k{evT}E81VP)+pajSas-cW6nhgmx6gq|Hq^@rdEmWlBO%s1#?!5g)h-+ro?mqoyMk z+F6mC=fq}5bYdkzTz$V8858)1jeR6$ZRcqa{5g>b*+X(g&pyuxIC5utTFn{pE3Xn- z%c=~{C2s2$lgpbAP+*jW6=;i268+?(ZDpx$v3~v!5wpIFx$E>Sg(Ob!tjPK{`ox@D z76@iPDmL0Hc~!rE2d}R1DSGpRw2H!}s{fD!8nV9jsD$ZFs1Phd`~@DM$Vi_;p6pT4 ziS)FCos(ynQztO4qN~%)i^q@H)H zgg=jzOLED2G~5csAubcg%#WyVt^7=uuCyy$Jo~_IyvOC0FmE9}N7!&vF{=cPUe&|p zQ6P1gQX{)R*|B@EA@Q=RZ;iy~rb6ljI)XTB!*j*&V^If%4fKyV)gU(EbmA+D2k1Me zv}g1~Si$KswZSI0H!qikcx`~Y)QQXXQu|hL{-yiQC!n?!_4xT=E)Wa1=rgVof-oJHdYJd<-5#?0sl)(cpB z^@CWG#vtR^B#Q(2PR z5k)s}o76s3U}(d#2`tQAZ$AoyRoE$tw)TEeDS-25tU2teAj#`|#fK%=Jg&L$X|i7y zp$UAC)=do8!Ia@?r3(iU;i*fvpmgP5vKo<~3|Ow0`faxCD@G1$7FAAMDYm_XWpq^lL^S(kRn15=7ZGO01`AwBd26BnmV)y+aK>EpxHH>?k@X4rLW@Masr8K9 zHdLQ()3L3k#w{0Y?rqcGp#)fahJU3kpZ0QA$|inUz1M*?L1%wpbmuGB#IGJ${i>^t zWEdoO|N<=w~RcjR{%6&M**;GEp}40 ztNreHq-i5-{*g)L*FJMl;@4JEVC4(3rODXaD8gfgmcA-tCys%W71*b{%@X{`sdZ1D zD|Sf-N>)Zu8`N|$+FRhuH;A?<+C&b^RLo6*b4!Ik>o7CcM3QiJzkX)K^Je`)BY6;_ zQ&4GgJ*KAtvf2g|+Qc$6>#V8CN&&{U-i-_K+U?tZb?`@OHlHW%>3Yp*-LB+>WOER= z;SfMUSTZV%xCvNzzcN=Un4>E5@BI+c-v(bv4TdwU6I~2~6r!8)SYzI|S(Q89wf?YP(S$4d`M)+a{t_@d00*%wB z{mN?D8?heBZKe?6KY0%I^_W7Jl1NCN@HL9?578xF1xBAjMj`cT&3w~u!XYPa0%XfM znD0C#x|Csks*Hhi;+7jhCvcJ3CKwh+1y(k%zEE($24szbEgmf@_ z=&mAjVKi*#)@YIEgJIr{{fuAQzKkO;)0`b;nOh$`RDO%23~paACyK4&{IsPKK-*sV zGvI8PC&tC>z^^-4($9r_Xl5ne)~g-_6cPfnAE-|itK_FC(5YlZKc8|I^A33x;mG#; z-eG;Hg!^WH`b;pr>>yS>yk+gM8h-MfNG|pl8M5T6c!N`W%uSNYe_^158eeWN;)w5> zIrXNp6xH?D90ou>ZeD38ZuRk@AnIlw?5ME;Urni0x!IJ}Yqy|JELWU6R_;&CNlKa{ zOBcPlnGZXDE*xo4J!93)UuLNsCJeBd z@ZC=S0yElCui+;AGyCOi_ z%jPw(o=&pj0#bbRX6|HZef-wAT^uB^@x8SdU)K&}1AuZvIN2nCD*${$to)6Z`N%qS zw53((n>P0`^VWCHJtKC1_ri-+YD18Us)|YqS@wTbkJ0_prCJ$Wd`Yh!UAGBJEWx9M zgK!`S73FB64&UJ}u>#E{MKtI2FvCl)f)IUE{SP%W=n9(5Jlz{^loVl|^jJ29ENr6M zZ?wzd=Q*d=5YOnV_1xfu`i;_|?965qHtPsQ#T~QBN#S3FjGyY^Ql5ZAi5FdHQj?^X zTnzXwnaBm0NzYP9PNn<3F|2NUV=k`dAdq{7-+7K0UkEy`%HuKCS+Hrst0qW7dm>#DmF!Ntl8rrlkrRZxSt@4jlha@N`k= z2i;%#PbI@n)i&}OB${Z z6;6=hj3F@rxQ{qiJJU&iu?hxh3bCiL$MHq0*i-#(y{lLs7^*yQA$Rh%uV;8Vyf=kB zgqq#IGRjyVWG5sD;txmD4ZN^WdBnUc;4)W?6qj7LMmnHOGCK?})wsH-9Y<2ArEW}_ zE{O*~{jP7d01aoIRR}CClITXMV8(BF%3yN6g^?~dzNEP)MV04%*?+$_RIITp>p}P3UJOatqlF%+zaLSf%&Ze0Wc7zdhw-ac zfdW=|zWczI#r*5QN>9OH+LwzZN4-_(T;ZnTxKKypnMvNcjdR96Z*LA#b zyC+$lBE}`kEuHWoW4h|R<^DO1JnQ||TCEc@w>YpiP{#-lwfU zwJ*~*KpLfq0x+YEj#DMWd5=Nw>_d?d$_VOhe*gPW(&8du!qUO)_-PU#={wb6 zg`FDe+OLfOQd?ayc%$UY=MHJV<+o{h6EXDE7VIRkeIm>r=nBMO7ObBOuRie{`9AE# zG9Nnq(JP$v+512qs<)r>W4Gtc0)?ZjyDL5yof6{jg0Q3Bu7Y0uK|lkKSmJkruo%Y@ zXW7(D-C~JA*Iz!p?{VUizz3j}mtOq^^!_R{r_REZD~3A4>yY@3x05dB^L`7uZ~iiY>}E;TgP;Tvj#t(C zn(-rHxIvkvetqHOV0Yzrgro4)^GW;dHW>@}&1&w!qsN+J8;Y9w4GK($ek5*OjwB`( zklz%Yf=}AJ=EA~(S?KMb#=EZD3;t4cZ#=pMDnp*+MQ5`netI!`xY^UFWD?An(Rc$A zMr04A@$WBN($QVJq~F74u&oa<(4>I2ltx~yd8>R&<$j>H!U((Dw4BaHHI~=Sa+#UA zopa#d=czjA^QZ7Wo1Zj(Cqnitiwx)d57Bu_`8K~Aagy!qSk2IC&j`ZA-gvn;XQraE z`)R^fK8OW%Ls1BDO%=clP2{VY+y1qi&^&UPWnxTQ0dJ~t372^Cn@nu+xnkuK?>>a zqtVgLIgm`XC~htbcr#5yroH4qV?AE`9WRi@oBGO+dz{}lYysT*sC9>P6g_}GdtQgF z&*i*e9HIJN51}OoI$x-9?FX)@P5iovsV$#@nA^;nB>ow=U8>nj^IjUE>DY6L?%* zw=7gZZ}Xi5kLX1OsG(#5a3vGPF(aasX#HWeLaCa?%-Oj`@+U%$>UC)bf)b98_6x&w zHC(M|sx7DlcfMLP_g(hN0)?ei2;WpVs)}VYWTfW|ONX-#U=YqH@u=;Q@Bkjdt1>2^++qmsT`iI|LW|<|kfMOsWTi)?<1ahBs zY@(T9qj+s+@vZ?7LD||w^k~BaG+adT&>QiDEPigycXch@h@C!A?Zz_mxoe&!A>7Tn z^*%fu1AOyK>(sn>HiBkSa?oKztt44pnc9958f-#j(nw2rTJgcZU}Pr8^2$_R(x6F2U4L}zUg||pZ@*I*vgzVR z&#HS_oBgxln)hkV&a+|Z(qB5SF`%!9pytL+tor~Wwkr!HOuZ??pT0D zX1w1|YdabzA%GYJF@KOfBt9z&X^1bskSEBe;duW z>ALP#{K z7y0-Y>n8^8Q@$Xkd@;+>_izty6rLi)sd!uBfxGoK=Xt|fj%!f%Q}rpf!{{QR^)ej& zS-2lNo#xC{o^W*H>v?Dt%MiZp*P*#?@Y-oyb6oX^%VInSI7mRIq^#u5calb;Cqw)C zPG%cf(@xqLo-w}G7%mMzA6#O_dX{JRExAfg{uKZbmXDcH|FgQjwo%Jk)VDf}dQAmA zzRYir>5d~-6r*lw-i*@;uPD^!m#-3zer^Zx zP2y~afQg?SWF7PQfR|se(VBC<1Y8YE2;)!l^~bPaHY?rPuFKDbHP2U=Vnl? zd|1(*sXhT-wT40K6^F{-9yYe&LEUn91DGYS23@%lIT?TY8Zk8D3KcU}?kAhr%%fm_ z-;%`>wj@sF%v3nc@#3T~-=D6*(T!ae(Joy%|IU@l3yp6jT_G=tYG$HZR;!pEZ)~Z^ zd=MSr%m472r(l}yuKTEjgappIVtL|5~?mtrt43fn_PDVXBpzfx0)^CFLPLM=bzWV#XedPvQ-`p zH<-A?sod4p((m5O&}6;iy0d83q7<1m>Y+G>q~qeIgY(;KM`JTjcjfk9ijLHD1*RE( zUNZ;@Pd@He_$JFI+#@NH^kX2~tmgujFNPNO{r+fQcJ1?|heSwB)~IXqO^QE6NbL1} zY#RGwp`^v)a31n!=gNA|+@z2@P!XiPwyL78U2$QFz(DLaS?HR)eXjW(8)Ic05-`ol z>_#xOEFW_0?LrzUk^+aE5n0z)xYAoSn_p>B$r5{b$WfKnm~K7|p zG1~|@T$(m-cSCntu)6ll)7#-j)wauiY>hQ$Hj;W`FP+6E{bRV>B1CJdusuc+zmfIv z&Xqu~TxSKtlWmbu#ZpZy76(*<#@ILTdv&HccH)NMQ6IaD$!|APTh4(Kh!mFKs|;wg z;)p9fQ-YFwb68erc{ru;zj&6!H0a-4I*xO0Xj0p}|)!~(}yDfyxwjwbfu9M!(l1}=H z4r}V%M;ZIp=km_4mI*!%M}pwAc1K^>Xr#eyis4D(y^=ncDEoFszOllm-&-N5@xk8l z_FRAQM~ld|Qe>TA^KD4@lq}iz-W|2r3rM3p(_GNi*-M|^t@ABCJLCJn`HW#F*_|%4 zAbu1|&GMuHUP$&KRZ1JVriW$#RzIA5`i;gLk=0n<3HFR&|A*)lIp)cJSdtnyU7$j; z7+f=77@Xu>fZ5WE&=}l&giklwsD)*t@#|BJWiWZp_{&=|UD}b&i66?!%j z1bHaGi<-#`9Fv@y3`bjlHK4}M5Oyy-h9tBa>P-BhGZk>rPO2u#&M;i&2pzL{y|hYj zd2NkTXcN>Wp=YE{TtQd*BMHa)n+Gz~4aXtYal0t@g%^Efb;BV_?d4qy7Q`+zE?{$J zB3ZB^=l?8ZT^}d?58B={obCVb|F&nT87;L+O01TWBKQg|5<9V1Yea30Sv6|UA|iIJ z60;N~LQB=&Rht;KYEz>|wf$Z>&+~sB|LeN${r<;s-Ok-l-k;C=^?E!X&*2a!DaBz! z=Ql}k_Zz8zkW2w6atH0YJ|CI%P;wC7FM2)ji99FZk3`2IuT9XY)4e?|v)1k)?>^LQ zKMi=EuM>cEB8K}G5RWm6ZR%HL}PJS9EOqlCA4TT z>6KB}yL`lmBRtOecMiv_UzXAFvN3WYa^S}syjP(ign}+oF0X9X|Jucwkz}d#1q|U3 zY#N=Q6VEUk%XX5etELhhp{DY}<&JBmr0j)O>zfDf`|f@cEy>Ng)XqoNO8Rqz)VM)j zu$=L+#73CHEOl~RtCQzA@gEfar3i(8KZ*0NUJ~>CG7J_}AJZ`0u9dd;2LE*XkR&(Y z;)5u9{3SNdBzAn>#Hg!ZYlT5)**g#Va4Bo`{zk%K*@oOTttZ4?^ND%np283zD^Y-d z6_RwGHK3igkblbg^K{BoLEm^<-C2r`cdwZr_d|odxriFdeZPD*G{%-+e$YgTlkdg- zpDr>)?wjZi7Pg{V_^jx2W1;;+@1iR~%AVT`%)OF;9C6Hg?-)v@j1Tio*jqTVcKnt( z@Sw3&{Mfuu>{Aw?jJUo9h=0H1CC=hP}*+r&I4~Y)xou)=_ z&@_un-E9xQHOI=$GTFF?_o^9Kujx|QyAF6!puqmlpZM&%M5m&g^@!qR)?{4Z&ETK%T)u;I8e{AB~FFg~xW^;Y(zHYI)8C1p?wXP^BQ7tX6Ee;eRn~^{@$> z2mJL(?ntu}gpl02OUyt6zn-&s^POCcX~ewh0I80H8!rn`hf#vdh{_VvPORin4QE}lj2@*^MLQn#=mLSi>f*G&;Qiv#)Ryt#7U0glK()ZyEIU zKm9Nzku9E`GzdwoOtVb6dRE#vUWm(D+-v0BS8U7xjk9-Gu$d@Pu>QIxX;3!T-S8&1 zm(Od00N@ZBh`0@LFcwcN$5>hf))fU9>>hB1b1{-*w^?zM5|@qtMC&2uuSE2}nAGYw zap zzKA##Lg;M%R*iM~Sl7&04%ODk_Qd3|H1CZK^=o|ng6&G2V+A)o(;(uXHG5aU%^l zYkb3-9L!X<3~s%J7QxywX>((=%fdz{7R<3MMXtG5yiiQ~6i2$Tri>cTa&P>KXATg{oly5y6Nr`0AWQ;b}G zJefoJ2pLTLa3ePU_aKA0f44_nar1T2-=w{OYjiKZSpCFJHN#YQw4O}pCOdp}iEC$n zPM9IuFjEhzB8lI=udVtr1}~LO7+b)reQL*TDkg+GSbANXc#0Y4#pIfE}Y{(!($Hr^Ih-f`c>7|UdN03_ky%+ z;xdnMS262&M)D1Kz^n`1zRk#NL%QF!u2(hCBfq(XFLX5rb3L_iHR#bWA$JvcNu@Hw zm{@}-HJ=15a4Us*GIgt^8K`#sdg}JdU?rh` zd!Z!);DQpE?SymK(8^TDL(vV5)k)#v9#}Hfm-oB%&i&K}7#s89r>*M&H2U**=?kok zVh3B!BG!wT5-+a*B#dc(nzY<*>jS07*vM5^B1GEu?33&T!*p=9lfJ1Nub5 zWPTo$mcDm~=I|Tc^8c{D|C#DRzNJm+tjD@~r9hBreX51$&vMvuL$Kg_*n)}UA@78O#Ol#+6fiVQP;?!B)e)E7V=Yt1{${gQ#AJSRMJ7NS6;(f zMXV5zGp69fMQ_AWA%3cBAA8GgW{oOcp2H}=QM!jnT z7oZSyI-6GX{yIL>PdC;66{;e^tqfSNW>R$|%%PVffo8vwKZ73mws0od!HG%811(xlz)jQ}6OJN)>D+n%BXuU}`54OX^owA@t$ZjQt@PmA zn~i{Lolqp!+R_NwftD#fwh*e|&kPW{9Mf9x8$A?y(T+MpK6W{M1V8A@hYLh%_Ot_u zf4=s3#`bGumNOhEwO?JZ1Voix#!6$mON;vRQ1Lg$zco4hRL&gGz}LXYh>6Z2P?Wzj z(lDJg8%||$YRYb}gfvWJ7&Ap8?V?q$x9$kk`nB*M*mp-_4ck-H!cbz+0%b?XJ4XwV zGh(inhVwIXHBvK~d4>&yM!Iq4Dj{*n&;e2YKTrzVoJGE>blgZk-%~+!wNi~CR?J92 z#tMKdme7?0yhBT{L^WU=gOoBn&hyD5y+G;Q8rK{S20jo<)8Fe|p}*knn8TXl zV{Y+sEB~LWJu{ixFe_)gXk-KBH&yy%+SHz28&Y7?z4t`S&fU$y z>|d7U=FRe1U)rP9$_FV)9p+AHySqiR@9y;nSOi;m`o3uw_3QSGIxqhzEozAN-b4rVYT}H@PoEvS3aE{MB-GQ$*E?VnScG=OSFAS_k~I%-|5=A?Aumd z6lMk%hux?d4E}bL>z-Yz?c5&t+@ofb!^RxlY3UxC$k|}f;r$Ivdf}cI;%D08PI(`P z3tY5y2@ttrACX9DN++48HTz=zrLcxpA^kG-Ij0c2#|&wU?;6uo>UvzgcyET{8rRt8 z4zL|_D%cj8dd1h+Mpy!!t$RZntoPw`p?lwX7CJ_0OZ*cdA0@ z1^QO{F+(hU8OAC1X+4QU{Xwis4U@L2y?H>PV*1n`fg-StHG6Y;e{DnXa6}R)P)`%3 zlS?B<^;%x<n51R^h(JQj7o+jCvzA?o@jlx)9QNmfm*u9QyA9pcA(1nVKig9a6%1{ zM8QHfZea=qLbgPl{qHix=C=HE{c{-Y`!8~fNpiU+T1on#9v=RU9ucRswU?sT1zH(R zoMuUBYeU{bHAs#*AHBebumOvKN(j)ch0+Osse4%5$DKPCE!SAw!*?e@ zBjXdB;a!>|2=#9LFZr83#~xno1BsTGv>xt^)&aN4z@o~*rhO01vDxMp?=`^v;U`^% z_KwayCT>?eZi_EIf1lMT@Ys7^QSESjq`j}NEJ`NKI&rEi$^L1&Np}*&8x?w4Lm*ux z_tA=nzY`#b4nKQWSQK`hpewW3pNu8|E8@LuVsqtQqcazEoVdL{`A{mjvS_<32+cJ}o|VWtsK`l?Fpl47qASwH6V z=5NB{RiF`1uVwi20qDHZPsf>yFMkb_|L|UOxl9oORUSSXtX%S{0s3Yxe8**1@*UU; z+kN8`Ol~gzCC@{Cr&+$qN@uqCV*1(jd>PvnF$t79KDacv!W|h21ud}e7RAIA!g5Q6 zz9~WI^iTtF3vRM{MYxz}Ou8G=;*sF%fX}DPFL|$7c~vmGPNPe|UDBGo&^8$af-8S=}_-}$*7xXx&22=w8XbHcMxRHFcL}pM^Px1 z9vXw1{K(W$JH5EjivJF>LcUKIaP+Fduzm)D%vK)RZP5=HQ_nzOe;i_Sy^wu9xIOkW zmu(#|rBqZ2Gw(raX718|2Q7!vu^b}mRM5@lo|&fdWrA*ynqWs%?{u@KCN{{6!Wfdi z#qlPTH4=7HOKzjuPk-GsvB95mQj>#pw~|&RGAj63#2d1|y$OxDTcKF$-hX2a@U?7q zw7@+>Kysf*9F64<4#aW~P$w}9L?0l)KZU@m|075F505uAs+ZPZbvWZO72&Wms0mo| z$l$@Hg>27r|EIp+#NLZ6svXVlT^A-Aebg4O84=wW8B?<7ewC?rR@`tUJY)Hy;XdWr zRT7*EyX#es0*RrdQjPnC)=%Hb)yK(3cRKTQ`d!L#e8ogAXg@W0btQ{K7{&;*`ij#E z9Uq5yaRkW-W};5;%Y8lEi0mIbbNWt|vX>S&-cJBMImV}>OCoh$Bt(2xn;8X)Wn5(L zHY@~-zNB``&(7j-hOxHs`*2;Om5W;O>Q4RyI5wked1$n%KQ=%A`3K!0nbWJ>|FFsvRwq=gZ8@63iZg!lW z9K9@u@=4MTKLWs#UIiiS2E(pfn-z@rG0+n0=ZyTg;}~5%q`L#g>)?N&3tOVMS1nCt z^hQn4n;uq4fj$?p-LcezZbt4+!u&mWzLa^a1}=k!_-;oyK|2N7w|>oQgL(OM~< zN#!}7Su;W$7y}`YyRTl-;-{5H>dPRnA$R)BU$w7Ibdu2U0qIuwum|Uu?sad$D+00 zNWQk(K?&QwBkPZ51&V%FU3p#$+1^5pMe`zZaryh0OHM;GTlA6_d@ z7i3}zPU<6GTqrt*kenDH)`zKTE;BpxkvqG4%vZtvAnWdjAAaVyV^KZU(n1+`8_Uy% z60z!NG5c>U=fXAyc?$yrCt~^iULeqZX^-CXpF8pFz-Xv_1{N>hY%Q#VP@NLm%kLZ4 zkRj2BRV!yn+~Ld^#b2;Cv{LpRPT29D`NP)Z=n2}04&7w5sHAtW!vjcks{5U)p~~ZU ze%1bsE^ooGdUTc}%bW*fpQTcDMj)f%T-S-rQeN_1En7dKJaFN~}Ar88A#a-d;Sf_&gmp^_wuv{ILP0gyy@#$o-Z?o3C zAFhrACw3)>{x(%EG=0uktpWl0EjoIPfhI{C?C*F#TyNmB$B`A7Sn@P*5|{zT;JDJd zmZ+amyKXO{Mx_0xP-%IDw3VxA#q|Izz&dj$aZv_8>Z3G@p(3D zdl%ACMO!AcuKijCg&EzqAkt_Q$92QwsE{jwzSAA9*RP$#(K+1liL(dzb$Uh(ystX{ z8yq$R2%(KGq%>s}%zBs;H3jcBiFTMt-_Rw}jWJo*6_n>J5C{#zk0PdU zU%-ElWh09Iv%5bpU1aQ{>-q_*y9SchN=~2#i2O@&n}O`lN>0bFVaCeuJf5z@4Y6^R z0|^*W41?3b%U42??7QpF$L!uVSGL;wRMy-!L^X2_zJB$~7Ea~_b%3Jb#V4u8MZ;r8 zYc+D1=GSlz6I^6T-TE5}!D$!;*(7FOR1fx$nDw5u7;=`f7^$2o4DE=W*U;KQ;6g+x z*VEUag7#Uf{&znCX2dI^PfdjTNNEaXljCLqP$NWyjZ-;Uk+o zu$3lV~S@2}7w8VZVe>hPMrL~Wg39xyc1Tf`i^|(&;&77?!9>V!4t*G_> ztw$#A0~5GOUgv)1dd}Q4Cu~vLhmXYTqSqfI=)V-bp+m=5%?uH$he3Cs;gRbtvU@kt z726cpazF-KM4gzAc3FhsYkNzEkTGYjOa}?(cUSyTh5;B=lUgPf?bCcZ1#iSJw69X` zU|5l(Z<&sYWh(Dfob9vy_5rvF3_`sn&r^A_$0M96xpm))Pw64YjX0;FQ4iJ7NpW&! zXcs>C{)XjjPrS2QcKy{Mu>E9k0pI8&f*tL1N)>Y~daEDnEJ4(D8q$P?>e16b1H&j$ zY9C?naJ9UsQx_SzpDWVN5rmDNa&~`Sg$zLJkS35@n4SwuOBEWl$d@a)Yx`UEpvfMTB%zy zl5kPATAH7lkGuY*=+pnna7*#AP?kqm&b0b8)GKb=rS3vUUav;RMJwHY-H5IS@OKaEz|G8$&&W;!Yk^ zhfW$qn8r;CzgoF=C6ZZ@XZhexmK}bOgT4osA^8-80jIp9|1ccUV$7HnoRol5YBw8M z(q`XzVfBG`_Rs*Gq2+H(op{g~$%f~kurgr^r0-Zb;Mube<8aPM+kYz!h*geIlZ57h zt^sl{xOp89Ogt7h?w5%S~MGz>ai zZr2o=#&G3u9%t9Cq2;cHEJKQmyMGlHh3*R81&7K8G26mKxQn2y&_z zL3!J%%IN1>-#b{RUm@@Yxjalfr_}TWbKvl&XbB@vyC7^)Li_vnHyuR=3F(V1cQ(s1 zGkq3c^lWmW8ip0XCm}dZUD|V%l9a3Db0L1(-*GoGd-OaHx`F3({@`t`;m+HHmu9&X?ynV60V z@lwGunnm(PkcN`<%xc5TP7_r*v20^uS*{rkeJveA=oHy|cx{j49fe^FaU} z%4}Hn^cTaq7D^9relxPi9gdsVmR^97wixO5_gv(x`p<(P(*XXR>{>Hfzu&I)W>)sB zG@U~4Wi!NUdRpp)C45m{5p@nL6ObGLh<@e9-S`~t>g_kK4SDc}9n^7v_3Kn{p8`vg z=Yfs)^0SEH2VQSrWmQ9Nhqp%FtWFQBhsFY}dUP|sG&B{};6ZNcthB=PPQ(nhF!UDh zpT(@sPrlQJqDbgFb-hWv5wCPlCS)^68fd3+OZ46771m&fhJ%ka@HQc@g4heodZwic zp!sf%`xThV^x6FhVXgE+Yah6dcl*I8^2|h@_YPVD_@RY-dfrya4Px${Gl`uv<_N_~ z8^JNFtV4ks{%CSZ2H4;2>Y>}aG@E~rq+D+Q892ltaN!$iK)i~4h zjSAVlKk)P=#6|4g(eH*G!xaNvs>~X$CV+Hf;^pX205k}L1vE9xa8cx6gx5@UAApb9 z`GrRv+w>DnbauW|%ibYKQk6*xb6y5e=-RyMx!N{c_ypW^02}#q_bB|^iThtvd8qkafPDOK+A;P&#@E%|qLECsAZS$=nr&0Sxu&ZV2ePN^uVNEp3AC>&M%eK6`v-w{XW4&Ht;Mc_oa^7x4#$D}1O~(R)c|*Q}Zz(P~HGO@1dt?0jx@>_N zpOa9@iYY{R^Cp>?Z7{!7;sZkxtS~iWY^xC>p>&W-RJv=wc-8TY73yMAPN{J$K&|(0P{IjqI*W>~~gmQxaE?jX|d;GLlZB z)q#;*W#`5M2HpSvDd_&gP4fRoAK-F(CRM}EVA{;~<@{XuhL3T7z>qtdl|zekyhy!C z^8D=rl>dK(@BUw2&;R-1Kg31pZ&?4lE>jyU)9BgiYno{DD6(S5e&V*S%zf@2%%*Q5 zmuj(%AuX*3UDq1h6=#J~FqSVJ*c!q3yKN6$md3wyh-$Wj`MqsvzRjmYN+CtQ9B0%q z*);NL$x%kP5_YT()_u0eul5u-Ju{1L>sZ2V41vcIh829C+k|xydUGEbYe$Kfe1H^u zKV8mRp3JVP^~m?!66rHW3p@D$b>{>Mjzpjj(D|qz%B~_6|Ij>&JbmFS?4MrpF^>J7 z6crZ?#^TxDQ7YO0&)1^Q121CoR!=t84sT;UQ~$i$Gf(56&RLOr*&xkKZs}P3=cXhR z#o>n9A!eX;hgJ8H>1*OIcTwH$)ko+!PX1m}=u{n`p_GS9BZ#w(Y2i9e`XfRQ!!00yS#IWUN`#0Z~9tl`R`vQY7-*fWVLYl|ShcC(E*t!(^Q!fv8 zkB2{(aif2@v6<~4=+UhoJv1$?xw8~m^)hST>!crjmJJ&Le}5R{ ze|TfSpQW;wpPW9>>XC$JHit;1Jif=wPS(oY0Lb!*^owW@zLD{Kjb9iH)7*8I1Ke<( zd5y?nmI1l#ABoDVlb|t^N?A9gJi7Sb40zp&|0v@*#FYMI_t?F(v2Nakv}^1~8-u07 z1xR7BDqHt4E!Qlo3|P-!;0@pxl1C5pNHa42`0 z8N!pE_eu6FJ5VTKaY*5_kMbLFVv%#0UPY_5xYWzbz%gaT?xB!iKucqva>5;x_`UuY z(^_Uto&Lez3rM;kAkDuNMV6OmAQJRg3KqW|t2t@n{NPBY`i|Xz>$&H88=uRB6TU3t zW>02th_!}dG<9<^{b-cejz?0G6jdYieZHph^k9K2b*AK@z@Q#1f7UG32M4pB4 z(>485WtKsZnj;Z*o~~Jps_#!BWh$j1G7?1~X6iA#i>0-j5GF45OTUZE)1Y_86}LZV z{mGXMkhAZpb8u3WiIz)Oh~;;MA^Wn9wm=q$KuX8>AL`yYcmh%zDqzY5*wj62TxhnA zUR%kGS6R|?QUrYOru;0q(a^lGU(cfUL9u^dZrD|4pfbZ^-*)1R@gdI|-aYZRQ}DLG zJ$jnD9Z^?Hb2ls`LPrZS?eT^?wCmtat^2TpuaBaaf+<*%(dQqJfXjC6CU9`2@brZj zM+mDXG(Bz8@;iT!yYiB!$JWnT5?GMFCvu0Qd=a~*Lm4_%y(mlxXH*G?07bXtt|Lzv z_CHb1H?{#UP3tB13XAitc|L%S$Hxh!0`AfjJO}SkF{Q!LoJINDr+W#%-+?32EFVbE za;`KkJLcYio3h~l>NizBsu^qst%qO(AzKgH{`XP&p9S-vZ`8N_ty=((g46B+LqL8b zI5SfAFKcl(c_*--3m0J(yDN#%i0oKk3lycue@WjfY7Q~k@R{J>rJWa8$TC_*Rd%lU zvjU+m=5mIuS|p6h^D*nU+kb(Epqx61>4a;raPmh!6u4L=ct~K zg$_CEtZ-YU|DD;fTW3$6E9g*BX~@-6y7|EdaZXSEc{29-CA}}vIw^9EZT~M{67AV~ z-~x`1Q}E2Gz3sA9#Z9r8x@aPf5S~S)5l6EZ!a@_KFkY3r%XpTh zmm_!Uy{^=kHYv;%#b6+33kOCLoNGl1FWrk*v4m8ul?O*q#p^fK65ZZ?V^1{b=O09kH~f5^ zxH0+hI59rp_9RzXX7YtN2R)XN)Jv9*JQ2fRz@H4&+S(sT*Z5cLFIzrB||Zl+02TG`+}xOj#KLOYA#+GFxJ+_&is7oXPs(Q8iMyFP{8 zf7?{i6-3FLVp0y1-ot1-m=pEUVLBbq!{Qu)K3qP`x|B&(Qs~w&w>r!5C zYp*KZw6~{t%xlHHG3sXUrNjq^Efft0i>meRB@Y*!ibXQy- z^ab&^U7|@S${j8aZum~9CZLd7yPS}tVD=74m|$r-Y@c-MH>NcZr3skYd7~25zQo9M zV<*Gpd+`ILCfeTdKIuV?{WZpG4DSLS%W$`5_VEO0#}qug`WTl_yWOT&8kh7=UXNLc ztN-nV-heCax1BnGSP6xGZ2^jUfJH)oyU4zMQI9l8aB1#4SQ(115d7}$nxV4mvmS60 zed`uN=fI0$oeO-?uCcAkSKfoa#R-mM^XY4f{M}Lvo@NjgSxcrmdx_{NgERl=0k7G^aMz7 z-ejOSXuldEW9(ikZLC+%7lcdw%~~P+ho4_XxTji7HKl{>3-+A?sSGKNv9B=Wl-$kW2LsYD^KZKD0-3et%*g0S?ldIS@qhN%Q2jrJ)>3=Ols6%}--P2ZWw5ZP zau#VnM$7@BaVDCg?b-iyr2R|rg1J5Wrjh=~I%oZ;^bz0TM+q!%##QR~nXPLJ5 zX@t!_!RNxq0wvDG;ow9*K&5FY^S9<=eXslN1GiNMDqoqDF@GFy6tFIDg)Y*+G%iA^ zYL3*!`Y4)t8ssF4gi`0m70cv2 zv;R;uW}d0 z4bwFD<0Z~!z#z3!LWt;vK+!$WueixO&zQo>m#YQxkP6wyPc`Fcx8C)jrhq^fv^Oye zu0(}EBzHjA0>(V~4Tc(|G=O}wQ@Q|z*nIpKt!I*XX%jck7jz-)?@MJH0vEgjL`J{K z7VO}y0dmggxnU7pZ2M~;yWFh5NS`mblA&)06GS*?ol3^~A4=!*YTfE5eNS1NFKnxM z`@PNDD+c_fhJy)lkx@NOv}iPFE(}0n&fY>jMPVm6WwUYxqmA%&95AOlTS zZJVz(9iONwd4)akW83!!{#+lOP>Nq@;!c!bAnxQqgZL^Po9Ey|iDvt_a9l;ki|4`* zK^arIxwDyui;m4r<8EJRH|x$6z4wB z0g5Hevab#NFZAU9gg-&+S_nX~Hk(FwEUVg6CT_nv8CJ5xD}gdsI)Qr1W*A(h4${q> zJM~#acT`b9VA&U@5)R-FU*@#dnfA@|+rFNxioX{2rR(aeNIxt987xFV@(J|5hipkXUm4^C+=9~d!H$Ui$5cxh z_ZRpU*^vD1Naj+pL*Gy-$jwKl3NbzN&Q-gQ>)C}Ly~n;N*m*SCw-kjK@@VpU)R_Z zF$eKg z!bJHS=6{5L3pd+6QvL0wkL%ah%q7dlI7o{P4Ot@iJ{Zbc5z2&2P(c!p*3~Th46s^I znRzK2zj}xDK+)!Z1RSjQGxId9wb2iOrIjo~XmJaAABtsYzVSH0#pmhqPLfk!eV*$b zn~nJPJz}ayXwK&^15mh0+=Fw&yMZWiw*2;rL6o6$7vG@8yVU{I?0ffN;%Lx<6i`OK z@of;_$!yg2S||R0R!RBT&)bdP~$;<_&W=SpvjF-08V2A@?vy-jZsmc}{A z?eDucSn(Aj{Vhme=R?tL#aY>YMZ}339~dGCJRds*qg89y5vKGUe;{W8SdOuz27?17 z-)SC(2(aHI){EkgZW5R#HB5qECuY8ZpF_eqi!wiMXWqZh)ZT?|ts3_Kuw~GVo>kZ{ z60M;XMlq~?@%+OmI8)TVX@C}QG&{XmQZ?54@Z6x&|3YD3KER48&`8}-x_Q~b4}h)` zC>n2m{MbHoZ9=lBF_w!Yf4$)-zv)A+>Ku>SJC8Ca-iSDM#)bGSFO&yp$=1 zZ4(!Nro_|6hN4p8O_Qsr1O&o_4Tq&8g&Rcqed-IlRS1QUAcB;0c>=2KwudKAXII+S zQjdN&pBx2{M!(5#{sJ)$Nu}ropOM z3Te?omtAkNZEkJLk`HreT+p90)*zRZ$BRO{!Ctp$VHh&yS zsiLEY;+N1eR{Jv$FdWRXYh+e2`k6Ho|L~b~`2)m7&3nR-tIm1cFLf{Z8}+RZD;Sd1 zs+?6#(R4ik_JX&4#sKlTI16dwpzZf>;-SmH#m`10&v@a66~)rG2w*z0mKK);5!+kz z)831&T!IvdVcW*EQz83xkhB(-)c;-7^B)2!?r(oGGrcff&`dX%|L8yY-pLL(&v^@n zx2{P47Q7-_cq_uNLIjFA^NiI_5D0nIno%)6k33qkIm41h@K6aWF4G1qS81enxCwcQ zS9S>Qk=@eCd-~FD7Smb!$Yan`Mi-78Iu?fWcWRMu9jWC|A6DyBgNh6H6^r_{=9@V_ zki%l8L{bH_cJOHbqNt#lcS$If7ApQ>cGb3}DMW6}B;(%tckC)0IiOxz{Y)dIuqbFO z#10kLOqus+!*4rASXWa{?|YO12y)E$SUQ1^ze5c?7Mh;zQ2*r4$X-h0BOCLl;4NHa zmPk`GdXoRodN~#<(jj3uE`MX}S5)*!gsH=;s!Brb7!L(Rwp2oE(*Z~IE=c{Vl%*e% zYD?!JH*7g13nz0c)wI(343Ung)yBgC74mg;_5gfTKlVg_M*zsN!>Y2_ZRz`c)bzz{ zl5jZ>cSqM3j^iL7jpuds+hq9}$%hISbVqr?Oibo)i!A<;&36I0Jca-{4z6-+%^A{O z0-hKb&c*uI??#-;=Wt7hTAxbtr&BE}(yUKFzTm1)ZZ@_# zi{$rYVnkry)ZnOa7@Z%C)SF}4OFsd%1+XNhs?mM@4nPC9MeJ+6=ZO*w{*S!GFy^#J za3zopcLRC-!R1VRu?~&9FgD2ndxB3DcQfY&LRneHO2Ima2!T8n8XE(=iQfBEMuh;E zIJur**#vjbPpB|!UT*TYd1{>Bi77JY>rt?$ZRRuD0DA(&! zRUP;@0Y^d>!jyqS)tCtlW0X_0bVC-ifhexRD~o|vls_fnZWU(x>w_P8T^G@QJGedCA<_A5@?5KbH1jhbRlkp#c%73t6HsUpxO)q?PbK zC>eeM!c6)zB+~;@o_e7mk%+Vwh*y9BrJDRrrokOff8MNCSccVpgJ_J{+@Jg=0v3LL zc~vRWOQH(=rAhY^d5`y(sgn$9N@nH`@?M5;Lb77?$JI^*wzT?5=z;c@j_3tF^uA*- z%+OA{=HSWa$mjca^rGdzZXAXFWK;RQM22jwztnBMbFZJh(`PwMLgW-?}S8KzMGIC-CuIfEe(_olIF(d_R9t01%a$C4fPrbX2e^gL{8 z)FGkOXP5JloV6R0vh}>HA=And4FlGc5|qGPFM;H@EYzouakRvtMdlx7K!D>VEx$*A z%|qgrXI9QDUjJsM*YwYjt#A!&AYa;g`0JbqTOHfPWJz~9-+psfVDF!cWQK1ac25Fk z4hn<&BG$dw&N9pu|N867?gb%Vy=out6m?#FO5ByGSsS@E$(G^643UPNs^ulq4W+E* z(Ae0G<~pm+rak}AQUUyKlKU@(Ymly+a=bAR&guiag<&#nxhRe1mw{xN$u)Z@dwKrl z>2r7EVRa(Dz764NjVV4EQLk&a@33Z-objVxgT|R7gI-h*N(`f+P5zW%FKgg;1W7y< zn8h;ygpRN1KB559LZrNk*D3m|Ivc*f?%djNKs7p=gE@eto3eufu4h2J3>eeC^1VDy zlFUPyEpbsAT@$dXtMnR1uYKTiBvo-+L{oBjSbBNAAKusw0VJ>3+no- zjXtPdfgWm1O8l%e@G-LdMu|`a23Hg&?G`QE-{S)jDkY+DBunB*Hw63!#Ac1uZ(K3< z#9A^S;zTP||2hVwweV%Q+^+h;*JO*ZgVz%5E)n~iNtSFTI~=*qCB>`pmAWus=h)n> zsc+(Gn@SBc$lk|qElMCUjq}7{C zl$2ouuaW}y>o0x)hJ!qc*?{tU8O7vv3Z#KkT+EM_eI6njDKBW*;q%sIX3Ei&(`@b9 zWKTNCu=_==j|h0e%}4WYm@OVJT>!*{Nj?odr;sTB>=Qqy8nWq9)}*YaDbs74xJjsL z>hWv)t*5@S|FLX3`s7-%O-qJiE&My*OQXsek9~Anlv3KmC#`RYNF<vUuZ1kVr2`jB8o%Co9_#jP zNx4hX{CwmpEum@6RU|i|AK3(?s0_x?SMY7!-&KBoA|CZL5Nl&=SQESUEGO4dm{_Yg zK(-DNX!dsuqD;2Elw4n#u5nL?s(r~We9S5jGi@Ks1y^%^XQ;=@YOv$r~y}gSk8g@A<(jwr)519M%lQXu|QL)d#QVFpbdt zW}%=l@0NTTlDLViqzKOh)%R<0k(p^du``Di$0DI|!zzU(&^{hpiQx>CcdF?l)Iw<0 zP2mW>OAyR2WPZ(T()Gw7h%AlLpQsT8~`nqJk_sQ9l<>P7Q(yL0(Vkk|G^k0((E~Sc# z*~6k4Pvy`_J|`lHxR`Xbv9@oLiT_|RX74$OTB0OwfUf<}jSx7V1Pet+lEWvJH^9c2 zMJH+GjMCl=mqJ<&mNX1x47fG3Y|RWG5Fy4PFwdn045i~L?AxL?>f&dsb7N1TBSwQLuk9Yykh zs`wS1MKunH!AV0>`S7j?ou4#pA<2|m_e%RyWgde0!*1g$4r=Piy%yLEF3t_nQcS>4 zn*VNxb&$GYr1^#mEONexJUGkyuNv4_O`ba?C+X{3B3aq1(hINrhpY0zgGTD%l_QL_ z+G7Fa=AM5kq-p#Ls!rRvvh0UZ0Y9fBXCq5>xCjOjZe2Y@4uF4 zFH=4J-HBCj>N#5*dGQ%{@AzYZ__ON7)YcH{6TuQ_`2D3!9ghvr@R7MO^K-3ki(aFr ztr|(HOLm8H^M?Gtf6zPjbr>L*jh&1`KM1x)JiQ^A`r;N&CHZfPj;ME0Yfp_+&aqpG zMNfc-Pz>x<9JbtonWm_Q;s8^`$d?M?Z{+UEW9^l@V?N}p%j*4k+J;$!Aj%*ABS0v1 zmzOzWIthMiPBRGoOQA!i z1dGe9LQ7SK641>YTrs5w8KRdo>^t&YdO57EB4+@OoFu?~x1jT-XTpTM|8_b?mr}sQ zI;f$3Y(-pH1~sUlTGYY+0%iYikmNt)PgZa8SR{Wji~hgb`^u=eo_t#f1Pv|;?ry;e zuEE_s5F8qJ%^!k$x_4nCpI zy4T?nsc6h)XDcO=q+-S0P?V5IPK0M@ZoyRUuZqbajPXD^(Y6ww?GSHKUVt%#_)3Gu z5-A+126FDew2m8(k!p)nl)QrI?-IxTSu3cLs()vWoM;HVmCuIM}BYUsCWpb(WSiP!n=vh=8F^ zE+de=cdiWkJYQ=~d!(%1HlEU=;MAI}GgPyNuCWX`(nIxii)7R*nC*^Jer|?OYJ09; zpXUoc`bSrKqMBIx7fl6Mq+`E`YAI&GmB6B#mqMgMa-mk-Y7c*I5 zs-Z0TG~1xsH0y#Kpph>WHyJJwvhMh?CkL2-AerN(9M3P<7WR;N-dw$$xfr)C6k+Xu4fN^3de+yn_^?H|SJrq-ELo{4wzrUB_X@>9C#O zr&enmM?8{xAZh@79MlYDyG}v{x<}<3L?Ku*#F*b-7*6fx{aM~sq$xU4mn`1FxiMH{ zv_w$>4OapI5TAqOr+1_Hb-RUETS*~{gg|DPu5Gk_Ih>%zCW&a9s)Vjo3paROK|*dB z#&U6o8$gyw$LtD0b*+~Q==O0)Il&g$D0bZZdi)ak<|vE5 zG{ZPfU;ml~tIe*PHMo_VIXRW4-=XoA{FDg`5h&TYQ5d4umt70H=N0`~AN zs|)btMhzCtH@2T-WEz*E>VwW z$gsLq)NkaEIH8!A{t`eKXvk-%3(?b7T*=_dcIaC7)blV7&X1E2DPf`#-AGmGsXTeh zr8un(vp99twJwLsz2Vj+-o8tsrZX$Xj*up_;*!^lcKcLZqT)~mB|)l@by3xpHH?W~ z9Pet6z8+JG0ZStR58d!_r)x^Her<$fH*&?co-~y)<_yWL-{{;gRMXpNcL*XnBu30I_0d#i;BvL{4ikPl4Lc2{^`*|c*0OV@LBqXZdjA`r;4Q-v27_CKrwawNMwu;+Z*wy z8Lv)ld5^mKp&(QL>g7c3wl2C?!&SU{}3gk^SYXmZhJq;1v~~8_=Cf2VWAN3NN#os_$}>FWeN_O*$|SN z*J6&I2fF-%i$;W+%KDdlaZAaGOGEUsckR?Et#JlRIwR?2aphG-eBsy|#3wM5fiD_5 z{`bfOeKeVeNb+W9mKHWKA9J_#Yeo}RXbnkjhQoT*%{`3ucG;!uhNI1uWiHpt zqhaR~4bomv9}oNWMYas; zk=&9Xzd-hyNNLnygfz|=|7ePxb0iV6TV0X;)$ z)ULyer@ohdhm(oM9JmZ~#t^}5Hpe_>76g$$$jQ1TsfB3$-V;ED;1+UkJ1>LPH=WcxC#Cz%9od4-^gB%y{jXy~k}Joe1(&4fDn+Us zAP3%}O=oJDOg-v@=J7=?`3t^a*OHYDmpT&bLY12gSL`A0g2*V_;M(3EZ$^`Tp}gqP zgbSEsqL>zgN_TBWykN-_E91I!yl`ccDb+k($;+mMlx2QnaXDpixtxLzmKqTsQLg)r zrh4=fgD$y}a0x+Do)vm%M$8ADqeh3|o8!d3;!xw~VN&h3{&vd? zVqh%KY@k(qTh-jorFe14aQsq^h7EH-*@khn40&7Abu2;`a7PKr zH3#I@_RP(scAXJ~+zyt5%3mLRTo!y;-cYSxx)>Xfy_V@&?e}{Xnll53NdF*f2C$7B zO7UVGO6OoFHfRUCFrm~2FiE0yoXN>4$c`l-kLRzr|8=Y8y?ML&qPZ|QBVgLW%4?%z zjHgn9)`;=CVL$(wFkqB|o;~4ND*t(Ppq!;QnTL3qOlW|5MZP99{LXbplkx3Od7sfCFY)ZJczv{OueWF6@oMC;d6{gL(Jz&$`?F{*zYT!`e;nYvF zNm0DVX}BMVyW&5R2V+Ix@3HH&^g?ir04)`8Y^lN7RLR(Ii(O&_V&V(5*?o+p^@)zu zf-~ig1A&r@$%hj2G&xHez)(b>Fha{M@Rjy3CEUBjHm?YoTvi-C*pNI|)1jO5wus9Z zO)(TgSU+tkVUHXo8(QXzm)~z+B0$4w6c&~7n&k+Q&67*#5Y^IuNs+z$I|Mh>N5PN@ zVTTy~tj#`5SC!DkZWUJ=vYYl+P%68)prkP^8NVLC3zLaX*0qMTdBK4wv3AUkuF&!G z+*x|020h)6%W&&F1&sp;Gjvq}mk(+N69Rh|ceRG)D(rncKOB2h0R&}7n!(6+H{psk z3~kUzeaUR$DAdgsa$$^Mg$AOc(#&?WA=J3XgiYPD5u1asD#{{LLj}L=c zt-0~~!m5M_UqjKDm5qfg*QW)!uLnzr387V?`Bjuaadk>u&uc;S(l-Nv2$8X%l180x z34LYfP=f^QLk{GG&Tojh8=>ibg>=cR=|DN>!QG$!+lJ2pd&mQB_jbyObVyoga* zzzSnw@RcpG$2ierUFzd2>|?7$yBiuyp!@%*;fV{BGEBU?5% z4WZadhvEx)G?I`56hRalW1+!MZKdigRQ@nHujzWBNW{j3F0b$hV16cKJtvYRWXnNZ z5Zyh8y? zevSQx;{%q*$|)x&k18I>E2JG${Wym)B31%5H>U@JRmlgLTok@3OCU;zrJ4Bi5SG9- z8)-%hl_hQ4t3xN9Y8SjG<^O9q_-`$va%`es0NE7HwF!EZX-sBetJXsOlt8cK&4 zdxgXQZ0^WT18_5z5qvYSN4Glt#5jV$y<`b*^ab!eADJ&w@{YqYo*eUAWA9kuVmlKr z0U!55BySmd@^_M>s_)h8_ynv3bVX0*Uly<>eVCZ#P!`Cv2du{mzY=Hmrv2O!UGr&# ze^-yM1MOoxH{DuYz?8aRx!@xS4Hs(K z#y}Pbfq9cRP=KK@r=N^y{aZ7WD8adOO?209YgUSVv~R`bQFrQfG!o*3a*cqm!XFCE zvw^QIl=wEJT)`z{t|&2KyF8b;BsRfD9&FBw3K#g2&GHgzqEd7LCWF~uS5lNMn<~|{ z`j<=1>KCzpb)+ygwGcLz0h3wJ#0_rbZv*&I?Ho3`V9Qi%2M-QQJ2HEI26_?pnU2(l zXKnag>e9AeGJKO?`=p^o{KIgDB{K$WjMbZd!qfYPt3`FS-$PknpjKXi91{|Dmw+qV zRrTY^6Y5;U(s^L1)!{r3H9ub(vaU1I^DMvr$UI9lsFQzT0U=kVPe$JQ`Acf=f(T>H z`u6SgxgAsEn|ARr_eH&t8XrJ6-HaE4!=U1N0o7~7a+Qja9=IcwV8&|_&N|m3ir`rh z%gt8&%D~~lO(8BW{4oYPWMWBUTWK~_n=d7P9Ye60Y;?`G$n5^~8}{(?TQ?mh_NF$DdR}WMw2M*H&a|Mv)#eh)c z42~2!v3gR&je8G|i-#PZW@&qrN z5ag1jO?`X+SxEYbiQAEa%6PA`V2)UEc;WaPvp>NJ<`9}1OL(5ODp+n3C-{|8jXiM-v=@RGDrSTjf<@xB15M}-oD-g zD;P;mFJIQ_(UvAKF)?j-1?&8V6ONSijPb}6Qq?dwo2P;K#`<0@yIj;%5MFP6m1b1SxZ+{wlId?*yUDc6x`66^Oa{;WO%%% z;wn4z)NQypVa45(d?hKbZUE$GLS?44;m$mWmF`6nQD*Cp*^f+armUToxC`bkD1H3q zNJm-Hk9d^ASoWk=uq#0|T?sTX3z^!6X(=}!6@nzEMzoS&1%4@%qnL9i`IoE-Lv}VL zBxnH0e@}FC!)(z)X(~|nPF<4U2U;E(NK+n#T4PhS-LVvKK2$lHcIwye zB^xq06fovXJEzOMXugWTs`tKEy|b`bKCq?!OES#k&>0CzN2MSqORWIWTgE1;cK^Ql z>jOV$eOatBKiis=ex(L*tl^Dx01Mga2p8nu;fqFbiob^g4<7G3K(qF_?(RXidkA2zNJ8H7&yM9y~1{Z$vO;G98<44<@tp8FI9WH2jhNLB%u zmZ7jrmXc7^Lf4m**a9<4^&jNqa~V}^N4d}dRjtNtyi=sABV!!^d`YZZ2qszUf%RO? zu~+ZX(pOFSEM~PV&oXOjB{hy%nBxJ8LbPFb5aeeR;@Y-OSNYSPrZ9%+hvs<8QX~m4UspkIlD>BL9pW7xnLQbfd zc7hY@AsDp2k4vbm(It1CE6Om#6;L&XGN4FDMO?f0+@#$6+H*rwXb-xti!F_TbB zNM>QSj_)SdCs&zK;(yWZ>ieTs;YWXZ?MRV@tBF)hgEo8lP_zXTd&w=4zB=s#+z*%= z-^DeFgOp0~-dK!Va%N?dLJsk^jz^6`n6cs;KU^vhOF8DN11Uzi9sE$o7oxC`v==Sgm1#ymYrc;|X13IJ|WP03I>r2ycrKW~)IavH#SuP0v*cP9#tt zmB1_SE2R;Tf9kN7iqKR!l1&EViHH-qpKiiez1xu?JX|)ln6GVZ*S#){=guW;kHZE5 zQ?j_I`nr^aM{VpYNhjU(1E5cK8^(=<4z^!GhBpa*NGMH%+*cW&(iN%F5R8^DOTc1GW@gi1A2)^oq`{C)ia*k0by$uM zvd%0l25&<7d)k{HWQ20!Uwl!=|2khpE)Z~cfxIFT6Cf4(_`O#r)bgivV!71Gro`Im zdh=x74#!RQ#JR^R+3r@C^`-8TdwjtCMDA0gr=DBa4rW;6RPriT9mQ`ryo?w2y5&2X zBux_57rRHL)EB~CUKN-(YTW27d4#TH=^g}L-Dtv!med6N=T#Zhe95J*@-S8Et)%Mg zF@XAKBG1{DsZ2XC%`6@#=C9F{`5AwNS{v)m11q40=ClDFs_k1Ebg1avT;f^eqoXjDhAZg~;N05QatN$Ug>i zO_#NV1`upt*_WlpZq^y6iA3$QiC)?QnAPRwbVJE$;R=Og5gX>O)QhW0v&t~!01gm{ z5%6mji;t1MJj@EE=@qWnlqk}}8^#ZFc-A(Ihi=3lJZY;$2l_+U#oFMRNpTCSdXR(2 z`2^oYEte9tDwRxcX(uHizg&G*1WXRr3~s1WNF6p8On#C-z+{X9Rohn;8TPpj(3!e6 z-E1L>QQa)cQWMm|s}$!6eLWEug@3cS=*Xf^cAu)xtMrk2=tg!W&>m1wdV}0pSolh} z4mt9&ju^$TtKt`rqy9(Nm2y|`VP>NzkFKF%Mcgl81$Z?yAxx7l+~PbLjPKU;!v*G( z`f2RK8SDzcWr4aPI%ZF)L(v1gp%ThF1`kF!_~ktslJO%Gb6M+BeaTW8k4B-_@?qfu zY|KjtwV8CFU&AM-rG{Uc@oNnKH8v{EB(7K~;B|WIG5&)0@?EfE z4NZF4P(UM;6$=MoUPC!lxs@%;fdO^pR7Bi;F1|lp61e$jMyrdsXXLN zi4_JH$l&hzVg7h{;!l-ACwlWGDzHbq4esbL228k#;It2ZH%OFE5T#W_v8M=BHSv8Z zEwd%P42R6>GmNkij5gx)8n6y0RwYLcCPsaCZ^Fjz4=!t^)13ZPqL@O|8e2Yxn}^0C zE>w(_=gc=L%TO*r0-3!^tRE@oI>z600rm|nqZz!CSNUa1vZm5IbD9sV8F9(79CfUq zsYov)c{KPu2I!>#+@82Fgcn>xC->f$yN!LO>F|vU9*(BtM#a-+rWx-fEm2`3eKlEh z8XPPKos1X62>;t;`gZ)9V!sVX*Iss@awX3BMBb)Vvc;7_X-=$(C? zGPp5TIB`3V1tJRfL^RUSf#Fqm)9fMRh9d+nvf9b`4aYhdXF0=j1x5P}XZ{=RHZ5?j zNth#M`$|@`Hc(X*gyDQ>A^uJDd#hZ)<+SEF9N9bPL z6Rgr38aYWk$UY^T1?g6FxAWJCTCHMt-yGbQ?7bIu3~^%+8!B3tS5d zF%;3&y0gkq8v0r`#7t_Gy{GkMmn|7)YJpfn8u40@5~(!Cy_waV&PvRlg%U9G(Yhe= zAkiq@cre4GdNTm@T<-taF=E8DDCJs$AKQ!ZBYlV4xph`$ZZ(Th&wq&#Fr1ritqvI8cZ0Hpln6^R5HsC~Y4)8SrzqyKbWTs`-4*iZ3n~OaAP1 z^|8MZg3bS$l1llbS?chR(U1#??-vgrsl6co~icB zQe!*1x3hK*g1!Z`FC;AvDhmfWCF!M)k`1Kl12_#`m;AH#u-M0^1vqfUiC zGQV!sRa%Z0ICPp(R|+F-SfyNV$+)V0AJ#F!Q$9edz3RJGqi zO>z*L`k=|B4a{mAOyn} z9H1_31B8B}`J`vd>;_Q?_7SLCCmV*_WBnw;S|1-ZB|dgqO{(m-pKhzuk~;z&?=Z6W z;F)wWV@A*?y@^`xMc#kJlt!hYujyvu%cZYi zuwGcbsNwe&CL@k|rt*k%EDExmSJE%9>)&D5tsjtT>ROuS!iCI*w2?_Bukj?isdn}y zz*IGUd;{0T?;fP7I|%~a=MG)Nc1yTY;M?i?c~1v5RyA1^(U}a(p_Xpzc|r;BC}rv4 z>dUqH8A7DMKM;P=TMn3MkM&t<=sUk2P_z&LwI-){y`32P55MFL9dzJ8NsoQOtiZ^j z%RbL^3fYcizVMTk8kta~n}W_#Gb6KZ0o)!X$-arHb+nK&T{MW{TmP2Ez|Ere@Yg0* z9(1;ds&K8TXsK2A;$pxFu*8An2Zvz*OF7{O_a})ZMh(V7-2x6VGRLa9RUd^dB7+`y z7CGb~iA!I&wX46*gY%Goe!f&qCcv86%UiQLjNZ*tCa+mFK0eo9AInq$LhV^4^7+QGrOW5)=fU&#>KZ}ro7UT;lgWcjk3!E5(LEu* z8pm!1JwDSumWQUOQ#`h6{(Lez>C36g_k~K%dEXw6|1gvO<7oWp>FulI{QsBzKe!iuxAIg)Etk^9L^{9pj?hHluaT&dFxYhEbp# zFJF63L6z~byO&0+dnuD=JS^ziV}Qka-r?TManQ)bgV?>;UQjac>CgAiov>GPIyk7N z=rNB)Z0|SR)^E6i7q$6r>E4^$mo*jCm#+8||4Nuw;%~U5m+-&*n*hVZgIMcD!%O^& z>I20#hToNvm{ZX4)t?I4{ikIV9f;o9XNQX>`L*9u-?}v)JUFXfUj?}j4osvW|Au3D zCTr@w&}$9j&`g#B0P37xM~+hk5utk2)?!_Ksj{;#v;o`Z;X&RDfL#_0y}>kc)#+dn zZE4k$j9F9lKa0KnO;-MIcZCNZck&pSDawC}b&b!zoe<3wG3{uFZZv#L6TJvnBGXi9 zRGAN7L3Z*up5Hn|8odh*(y24vuxuK*LM~Yw#w5A+Y=3OY@OAuc8gEJ)#cl5usyfRe@26)^??2qZx(a{ zgODeC^8|eXyn(IHCY5(W>;4QYhPPBh#NU@Q|KuS2PrgFNg1T%kf(ssU@E(s=T>LNh zi)J53JG)qfiQG;ZRtjc$4yBL1113FhO;!R`{t9%8`x-wb{OZt`){^t(ISCe=B&&LyihMZZ*rN#n%#|L$pis(iq+*S%%0F#;ZX{8}e zl(=cfP`>z$nI@KansFg)q`G~6M{PWA9AX!TbGrqn)QgyQEZdDIk?TdlR6WW z4x+9y7ih|uHm-wEP|6L~R~nXoKz|otY4~%$g47m-GY+98K^bp5B)w$~4X$ygfR~{> z-qhsOCQw&tJII9wi`gl zN!OLu)y9+I={K~Etns)63H!x z)w|`VZ8clC<^mmyoII6mzzwoiI(Wq|iXo06-Z2TQer1f^GC13jeU@juB6XvxPe!PX zdBvXiV`5wEkKu^eq^6t<**n(|s+4HS{Tm5cGV*CM_eq>rBPCxBJY4|Ee2y39GRk63VCB2h&8navY6++NId2T z7Tkuh>qdDb%7z4$wR(98YUtYnX~TD3S0k`PMA2 z9M4-*)Z935E0ldVUOigw{fQ%k*9x9dHW+WS^2pgK%gD$Hit@hMI|M;6+kHzXO}G4D zFNm}5Z#b`yE!8yp71t97*Vf@g zh3N>$`Z{>?JH-D=?nZpZaWoUlY{9rHS(aO_RC`t%b>F=BZmOg7vLwxS1U z?tHaRtTd420UKlL_=;k$MV-ugt`JPSrh{zL(?LuibK5BM%<}XpbK$^F5A*K_{+U_w zuKS#%zOMnv(%)-K6g9|0I8jaCm*PH-IO z)nT7Cj^@#nQEvsuGG{W!dO!)ZwGM0W`vx){rftn;?dR3?3B$leWFhJw_!58V$m-f^ zO#k8#G%<|!5ch_+Q-e!@Lp+JbA861T8#{t-vG1nsuuYps0W@U{%RuQl{OX%IGqb#^ z(GFv_m9`LF`fClvlpD2j=MMAG!_+tW7l)sP({e2p&@?{@986AWY4Br|kPG{I&&Wi~ z(St$m7gcV;;0lkQR^#n%Mz&hh1ooVRoRIQ}$nz6(;cTUL(HiN_gyqMVWV2LFO=4l~ z5${DR$C6aFDYOtb+?+dD$TZXHg!DPd^PCjnn!HCZG0N(0IA5Ez4W#Xbb{bkEK)h31 zviP$2Qt_$zP35+dYWVV~DvwxuB=_@^o0oz=YP5X+UUOaXZ#35vd0i5GLPXg%sX6@I zhKcbKcS7_47F)FvRA6)rTMsZ?&2Zr+@-?0RAD7i4IZD#|JofcGd9;T@Vht^UtW~qx z+}a%VrsBI>` z^HsEU9fW%7#LqeB{8-70 z$I0th$ea#x2ZL><9i;otXYmAG1YF&jv>PmRRV?FHvvfRVvw&mwQ4@mIGD)qsRG6|5+56@C$}0wwF#%#t$bln!j>9w{`COA~3y3 z4lb0ggl9aPM^iIsUlMNBLXs;Mf6%fC;f9Jf(V5OjAO@K<3)n_Be9V>eN&CgycDyT4 zR?YJp4!8A*zC1l|fH<(BG3-w>@gaM!rRgYv{&1oJD6yVWvyR~(6S0b0{PmTpN;8Xs zp%HqE@@i&q!J_7vEhYDn?OKDWu*}N^8go>f5J{;mvVj{A9%7s==JFK?C8rYd#Rz$|JLU zTJH4$zQNQ2OH1Wqe;=7Jqwra!h zJ6;{6sI!JNXs6CW)%XY~hX-u+*$eOTy408_BFBA^y<$N*(Na`7rW{N3sWkO6uA^E- zpotM!LXjh#GyLFD3brcGNV8aKRt8hAa28A37P~lH2-(*-iZQ;^p-d&%+?f-qs{^i) zOk&2#NAnlAxE6^*haIEPSs2x*Sfo%CfI-EK*s@c+yUROKWn&!u>ZKDEAj`FT5%>AD zg-mPH3{`0B0c3G2QS3r6I(q4@VU*}12T$c4%R zz$lT1c4!JApRi>MCILS;n+b~Rr^FRL_SmrR5&sj6_2;K*46931^v!7-aaEb?l8 z%?ju-|M;Y{?J36~Ab$hp!GqvqZF&w})xzgDBhIi4s>j*#_kOpE}? z=KtV_=8 zzYyCC3IzU_>a6o`jrUl8I<9=TzT_X?GyWT{0`%kz5S3cD`VBWb9Voz;M|H*>bgcL5s?oA>FfxyjOHZZ8o`F4!)$mxOvoeY`&GALV^} z3tBs_Ou9}L`!>Cez`bR-Q_<-4N9x6i+w`JXFo$wCRG;CHH7KNX1j%}+d0f}#6oGAf zdAGDa2+<@f2vV;)2Se`2s{a|&&s8MD(bfr7ix-qmzTa>Fi@eIZ7tB0HqCDy~UgM&_ z#On)qSsE7md+{dSQC~ryn}C7;QCa_dEB|Q!Si8P#%81ku?3gVIl%KDU4 zjXAgC_b++Gvpc`x&^R+zB6>HNK-3JziGqj4gK^d)OO|3t?=#r$`^*ktEt_%!v2CSl z6wT1Z7CfZoFrn*+2j(DKJIP0k)GNMVLxO=|mhbT29KwJWc=rd|&tvAAL8^!B2yS%M z_34HVP(3ijI6-r2S}17nvgQ&b$1S3ngPzOA&DyOS>FK)xdZfnQZ?rp%TOz?xg=O>6 z23GXE8;cDiH~dc-&nPdR)_FC(zu`*evcA+VgIhPt7uJ{;Co-Fk=AmN4d6V(GRz43; zVh_dw=oljvxq|U24!h$9H}=PQTN8V-mkq+tffUc|*{{R4wI|4AM<8xHReroT6BpK3 zH1~_Sf!$ayX)3RJUBSC?McalSE_FIHAFc1XA8?+ICd5p`VPv~fc(Yb*w?Xxbs_gp; zlktFtzlv)5&q0;l>-_Mat+DD_d{KJ&8YIL$F%Mf)KDFPY=csLTKI30uEowL4VCwK2 zjy_0IEGJ|4@a#9-zWX{WKXbMBfv9#v9>vNOU^4F?-Kp;1i~kGkQ3o9W literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/kiosk_mode_status.png b/docs/images/hedgehog/images/kiosk_mode_status.png similarity index 100% rename from sensor-iso/docs/images/kiosk_mode_status.png rename to docs/images/hedgehog/images/kiosk_mode_status.png diff --git a/docs/images/hedgehog/images/kiosk_mode_wipe_prompt.jpg b/docs/images/hedgehog/images/kiosk_mode_wipe_prompt.jpg new file mode 100644 index 0000000000000000000000000000000000000000..61f7ad59b0d63918e73c3d853f96929c9b65b9a1 GIT binary patch literal 33576 zcmd42cU)7;+BO`!V5KUcD7~ZfB4vvd6MC0~z*cDq0#ZURXCo*b2}zJHgb-RlAt690 zTNE%LAPF_0DAKF+Ci2Ep-gBO}Jneh`_-6fPt$SwfduFaRv({WQv)0k@(HFpFkRi|z zaO~J|fCTFR9DQZ~Y!D1{0|0Gd~DOL{us2e*g{>0zwaGDi= z`d?(8f2rHC`qbGoXU?#( zon=4Iec}AMbLaUuxh`>E=f5F%o&Vako1*d(H-%+Iu3eK1z;TXaCpeBBeE{5G)$`P` zzq-FcVTF&MIC<*ynX_!{=U57)%fIf_iQ^|voH}*#SMx@&(g7zqPH_q;+&#@@`S6Ue zFSp_!X$5CR^xnSXvFiISs`SV&nvI?J%2hsoF>wh=DQRUDRW)@D&3pO=hDP^+AZr_2 zJNpL?;KwemZtfm1xPJg5Feo@A^jS>o^A~aP3CMI58k6xVGpi6=ge%6El$KT35J|P< zy84FJ_aEBYJ3dl7Y4rYq!J*+1#@ESjQ`0lEbMp&p>l>R}+dI2^`@eAg!ub#PH)Q_{ zE)Ev1<0ns^IC>h?3QJo=1Lt z?7X7NU&YpbLHjGR{~WOB{}!_U3GAP^7=ZI9jAIvy7W7!^#?$Fvx>~M~H?6?rz*{N(}YUXM?$9*4g zC}or^J5*e%zR#xHnxU4Z{J`D|X1sC)_)Eac;K=6j_nivGA`lm8v_KIgD`RlPmXn7)qdoq4vfFc^S43{R{U zF%U8QcD|@oa5CEg|3NcM!7a-QNEN>_yIJ&eg5EM)k-zix2+&%dr`;12OQ2m^aa+ke z0tk8D+TTq*0_gE<%5{IPWxl+4S1Tu=Dk~t_uN4Y!Rl(?W`(NdY?YQ%T6rrG1-EQw9 z{#)pm%?cTyYDL6pW3#6*{dDk_(1EY@Rgbvw>0phH>mJ76J1=D`S0 zhg^qot{8a{JcXyYx&g*sei`>aB`iKmy4_}KdulXWO+e#C?P*w7z>MM(Tk^j(|@~E zShknJr#pA3dE>Ufm6ZQwcW6~FUyml;!(P0wF&QC4zj-MtfIH7TYxGi2zD~hYTzD>M z{@o2#*N4ychDr}JWSH6C)qgfn1d}Ik?eQYa_ct?+0C!a;ZRbOuY&Zs=bAaJOt{U7v zHJqM$tAB`J`B33UitYoY{7 zMyz`a+<1B|X!3Ovv4;HYHZ;CyRQ>9F!sOd8UFXz0vKCjB7Q3}Pj{qX)qK3qNlI9UJ zc`B^Njcr*(9s$4;7uNFf?*80bk1FWtGvFDIcx`FG4fwl1Hugg+!GZUChd?v?;edFP z(t)}4dh0obq+|JFH4e@-JNvnh52t?GE|a=6wP@b6$#GrRL9}xI6t#6N?18m4^A8s+ zc^^~UQ3|(QZF{vxl~7QNYHxB&$p8J|)e*p@{|J!ZyP}0O?pjRDb`U2R@6QefD?EX9ft;-k1EzC!Xc;o7QhQ zf83nd^@utj^;zZtt9$uItp!BAzqkAN=O5sX!-K>lKw?$)9HICA{=J|4H{RdaWFORB z9d-Tzh0o>l1$adiL*yjv#4n%oPSM%xFw#M<4}{q-Z5;t_MBY3CR6dPTD@89C@Mz?K z6Kf87ty!J?nb#5Ew+QQ>hgC-a9-|+!0zUgE7V>wNqjt;YN-CChjsSmjQR7(vSw$Z^ z0z~__e1GHBGIyygYJ&A_O_s2-_yZm_bE%Z|cE_$UH$DXDAD?hK~M@P*$_3M5Yyzx^$b=S%1>=B?K$l?g_XK>VR!`?zdb4bt) z>7@wgug?5)k1eoKvNt!K5*?1E2c>aIP1)Q>~cJ$uNN{n#Tw*glQC zKU}7rtkbSL@=AAaJH_}XPka6mK-W6bcH;=pMi7^~(s2oPt_DBSS3MRY=j<@lm497# z3fpoR+VO)?ru^+nKr-z2H=C~AW^78`9)$^?=h-C-|Dt;|@;8ol;`lH3>wJRcPM$vb z%dv>tsnaaV#?E$@jg9^MrSt6PE}mm!yTEbb;-$-%IWDuG=j7tN%*B!~|COWtvOIC} zEX(lnIkt1G*#DyY8%M*PWN{Z3J^2Sm6Z}ObPqOIDKNuPSaOxzBpdCBGcATBXb)c77 z5x;8AcHumWXr5uI{f+BzoZ;jW;#N3&g-`gdwLO}~qo`tO^}s(S4ORShijDWGh?v48b@`kD&%!_mK?I33^K=xF}4*#Ag6uKGnu+U40T-l~!h5_2{F z$98vj@@Ogd_ox0N%l}OJiMI0aPxEP?et;tjuRqb|4o^<~5l*2BDVh9dtpDpeBJ!6W zi-vPHV=w0yc8{L<_H8`OL_=ipFaPzN{&$N@ysY=nW04=6e}|I#S11Zf_y2d*e6{u!URsInLvTOn%ZrzW)j5Y%yRY$y-lUF;fJ8AiI6Q1aF7x}#LIUVbV2nJ4ru~!W zeVv_rV%{BrN!KvR-FmZyE(qRhg)qW!94n_>*WS$6a}Rw~bvCQmZ4zqE*%Y2!&@->G$=8h=h)UBqG+v-oUc->Yx2Kdd{L0rW8ydS&gAt0Os#f%p^ zpXbi=bySAU!2Cq=8m%cO+_AvboxrT!wp(73Jr?ri7c%F5IRS#L+^{{=d#08U>S}2$ z9Y(6}g!!|vGf1jT4{*0=r6Cr`8!jCGh}-2WHxp{q6#G4t6t3lqSZGB_gjf32dU`N` zz!9Cmw^t(Po8IB8ezUb*2p?8)yJ)J3GecSl8$U^fCzCK5MSFaF92v41ikvvGijUXe zd{(3Nvq^R17s+tTtVY)>!Bqd6rJ1}Ek^vs`_q%>-H3)Wr?&iQda0IZ5%sZ5y^NAP0 zs*}{)jirn~6mf|5>sNTGa4gyD=p_Wl_2-ll`j)@#o|bv>yN54(vbrs!dko>$VAot* z6Q-1S>wab8LSOwV*!ug`Vn*7&ehq4pMy9mMex{1Ci%BArGWm)U{X#a_(ceJ6&&FPT z9X-SI;X8Vbm}OB|xia3M<}q@IA|E*AAiUA`_xkEihSm*mmXoiX-1FE& zg>L)sAJTb%3$CJj>_xrp~-e6|I z;4SJpmC-sW40?U{#kKJWFXb5vye;N)?o<)xo07<%WhiL)J$#tqWq&jw3Z#%QRB1J^ ze!sQ|eeF&edTRQr=&F}Zw)X_~YLhah7T=!a6x85zuxd!U_{HG8B~jZv|2XM0Ghu0t z3*zuP4^}8nZ6Aew;D3q284$PArXXgPRWA@$M64Pc#0x7)ia;ch9J4-GRzTU;o&_a+ z&C`a{e3606z{-xwHdP!H{LF9BK;Ry6`};v35YjuwlhtK$HB%dG7ARSb_O+FLTq-(x4xeB(pJlId5vhVAU|)D{QcP zK$KQ;YZN6d+rTdAo2LOx*O1e~0fYRIhOud!7N|@<_aGh1cRw1?{7sVm>2?gNHHyM) z3>{1v{G2Caav_wsiB{Ke4r`>!w|Q=9C$$7j1QIgDV=vB>1*lbmu>o*!@WpzXxSTW? z(#h$Pgd^omKh&zvSG-!>=w+)Xm~Mrp2vnF=D^TeUg#ajJb{B<`x{L*iT+E3%Ytv?>OrS?C#`gLNG7K5i{ z=Nh=<`rZ1iLY?LzrV&$b%iC<>?4K>3H4KcEcbNwEEqj^ZO2}@nq5RZ)eb+Uc*az-1 ztDq_g-)@V1LKd@ac07E3dEbT>R56H?x^FL<#;f!a$7Wj!Hos5rBn)ZH1O^RAw#%{F zPNwi8JeOZ1)C?QCWymf^@)Af#Sxu1wT@z+qPUBnYWy!CX7>^mrT$X%vLmBoLwMr>k z9=;6;*t9R`K8&a8$L%$)74zdPE=maYxze|mxxsX7meEb>idanpAGj?k>F#Sh;@*#x zzm2jRX>_wa$zagXx%Kk2uZg7@Gf5LW7vf8IkgIS{RU67+rcGeJAU6@EvV`XO&;bHl zJuM!L<-Fe|Ei(48P35ihRY(2)(12>vPggCfb7`p|!-H=2u{uxCs_I2zhG9jHU^dV- z2$~`{w?c<3K>7*yh9Ej)bZyt>s$F!J>T6r6mt}(tsq+egF9*!8^Z7d8^+gq9YLU&- z7-JDj%=o=X8{RAYbqKTc5Nx*lH<2rHm`o=Jc@nlo#JoexkTZDSQ#u)!5k~)nEf1Zk zv7&YEKN!}&*FreFT{AmAq&bCR4^c%6D~T`ms(*|3D$c$eI!$OR5OqwHmd(7PfRj>@ zv`+B0hD*sY!*1<;WF+}Z0V$Gr@o}mFv?coH^5KILJD6=2+Q?|@c=WWeri-wc-g(;= zEi{EK#d1m$UDY&$mJ)Z6{U%JUc-cb=0(C`%Y(WSUW-d23OpRRVLDP77%9f1hM?6ub z;Z(0*z3ae|Kr_8c`UFYcLZN>DppQfZeB^&Uskuxru1TZ zv}s$YT~KWbwU`dXd(JT$E|m0eU=mD=_Mq?~=yD~aXgQ1hbYP>DmoGPEnvH&^3B_+c)FL~~k z#~^B;(d^04bQ*)Isw?>igPYXW)l&W^aT1=;CNFI^0YnQ4!&e$3@LYhx^vxX)MGE|%2(bbc^J{A!khFQvv-YQg{u#L1C8%PX?` zum4uRNwJ@AfVwpHd)grrY^;ifmEezxGak5l6V{dUdCUY7L@cKcE3Q_eB?k)^dTBvJ zCF7Hg_B`)`8`YiI7%^JlE?3x062y;QG#ykf(}IOPzWx&Dq4*w%wJ8-d6;n0VH;{fD z4=h3>yTb1=bH32h7lo2NcXNKwTmGbA|NPb-o-Bs6S>Naip@5G7*a*!m!Jz1^geYEi2fvZ;H>i5lw-ikihDM6P|E<|V%eI@V+;J?{9u{F%ECAO-i?0#to zFP+l0h0P4Vlnvp{jkl+teiMHlhO_%tAzFXKG^?Z&#(vAIj_T6#qn}3;!Q;FkN}H zJCleFVf*=)$r&zB@w0L9#8P(UEbEwWC2v^%u!D#7qMi*U5p+2w3so*SE-d^#k6Y=*COoo6=6k#|$9viqchqR~66y!V zsb$UJ2!Iw2*8N~q_xbyK)=HGGbHyhQRkJ7m^7{V2&dP`6f(_peko?WdwgY4A<=G8l z!J);Q+cGvKb2%?wYxWGj{DD$Oi~0P%gA)zA#7A{gcTj%>4JnsJ3;7H_ty!7dSuo~A zn@GeZ4)o+4RBJ$k7V#oA)neVDjf~o*MQh;Vy6k?V9y(YW?O5Di%E#xAEARn6d5K17 zZouuV!Yo|VZwGvpHNiT#;jT9nuNHfU*lm-6bDQgjjbd^mx!35I=ylq0#%VH9sr z7Ch0;b!_rQy8{lM*1aNehA{0iOJ$IVV(Ym-C6avK_a&bf?&Y_zOqCr3FKl|)7L5XRd8Ud$pw&5V&8;!xEYi1(1MZtbt5i)1Ta zg}aN}EZk<$++cdOnS3uhjLs$a7jNhVtb-UTL45eiJy!u8;>z>7Bqh9j5~?2?VcnIb z8pzZVow##HTow{#TdERaK2+A8^SUw{DXLDqqqWFEolHK3XDiOb`GZjUpa z!D|t;8!SGh!xmwN(0N?_1z&E-o(Q&gwSzm>mfZq`TUWU0Ba3C~bQyP>&7Pk6Dk;@# z@PX-wu?}dyUg`rF${MRv`#>}Rjp^Y2;6{Zrp!@MabBC+l>g}l8yT;>Ejq6i6(^8$F zJH%{D9Cz!q#U$uGzAwKbEpb(sHs_%{WtXdmNYFdb!}EtM2Nc z@7L{kUI`k(4pVVK@N@myPOsaMpWvoWg>eHVii?*&FLMf|XBU;4mbOp*PD^bgVlC5i zBj#U{WyAf7r$2WxF%3Y&1=R`rzUI!M;VPwooMoD+Xv3hVS_Ba)yCjGZ6+-v^143S1+z=pv{p-m!kUT8xWR_*PofVTe>cYXkyyUUKcWWqL_Duz^ZKIRr&2TKbN`&~E9Ap)%g^;EWfo<|j;NtcX6O(iyA4{h4Y@ z+QR;552OCR^mg7rNe_&9rOWy<)7%1z8GVGA;J8y;H**_VoVJ zn1H)IttJs({Rk`=JgL0orwSBb+vysMx!i23>ARk~##zqhI?~`tPs+=n)PPp?>7l51 zuH`>3-TR?YzHSZwj7+KRTwwyeE3)+~b3F)p$s?Cw@Kdq^i@x%3*EVGNn5KJ{8;jArMy%sflVVR@ z-NdR+F`H9zkTs#i?7?lXriyGyFUW<3S=VXrk)naGJ@iFAIO5cBQr>#9Z;#8cF}vbw z$dgD*(FW8!-_}d~^8glUZdul#6(0e*tmyfVsX?du@!nwP4|edE#YBXSyUG!OIQn=j zw?r-C2P9%EC?yMS!rV7?1}R6j{64Cr-|89z=BW(!{DP~pZxfqVGN4-&iUeHyrM<~kzqBbtwSs@k?oL|qP@%PH z{i@i9WrTxDwg;Hz1_ED33!3LEoQh4Trc_TyT-YDynJlaCw<&F}pj(w-VU%*65NprC z!c33urUiNh+&jNXP{_K}ddh|mA!*NNriH@kW5!m5l!gqN3QJke8owA*g9{H-A7g`Vg5Zv;XuV$g0 zDn=n%L^du&iyyfdw6iTx-YV+|?04Oyj-txPH7D+f1J4js#Em#G+>@L=t7 znX74gZi$NF^V)&i47(X>TixUUNqRM2)WzZZNl8hnX)R;%YNfV4$8!v4vZPfE!_UIh zt+s5r{*D9zohD{J#LN;1sOKVNg9#4`-i(GK;05N^HIEBg7V44IbIN`U{AH}{6@@FY ziA~wSm3jg0MyWPyn`up(S*t9N63RyuGfE4bVmu)~hMRuuW?w0|Z_UNN6{@rawBp3+ zcq{HTg7o6`_2J;u!29da2aCL#3Vul~Mvr@5T>a4gTsVesOK@^(Y&Ez`Ww4PsIDe36 z0}gSW3#|zdr?@+ssIkRk^wmGZ+8Mk+-&!anelo3Ohd;TE^DQx1>kaf#KF77{#2?GO z?yD*KQ!5@*zhM*(uLC1kTcKKJBHT2;Dn3K-9Wj|u&3RAJstC=VE+6|v zn>((Fs-@n{AvwWov7OKONgUprYF8G!ajHZqQS1y%NjY=lPqP?T*?Hmt+wZ%FPgMDS zU!cc=eZAUD)zD2#bW`W7Cd$PJgNbeB4CwAg!0c=%{tnPsI>jSdPg)5Nc=32TtC zW#%ig1=g4NW=%7N4;dHNZSagLlVPX%VcOKpGJ6X4Fc|G9&fCn%=2}*myNW>1*bP;M z6+0?yReptM8pO*_kn#O;ALrwN<(+Y)PjQ{xa4$AR2UWszcj90yfB0!bnP87G;#l5d z+T6WXEj=8F3(sbTB#P7h63pg(&`k8?^2b`A#AaL+lw{ob=7XKvK)%K$H9l!$pk*2_ zC&(%(F(c*^#4HPU>QuE>k63DHn*u@sjkL<9)Q&IK{zRTPq5aEC=4{uqVd{;Of7^)+ z`s+?4{o?)oFaM(QucAuCRiWi<)z8(1y2raolABj)&Ndk%#dqN{-i=j`lSsyW6!x8~ z(WiHJ^puCN*Ey#$9!-hSa>|SyjDxy&nqB_<*UbI{S<8WZn3Vb*xF3gjvuU}mqr0}g zD*B=O=6_)J-%L)b(@skJ4%$!Bi%e8|dLuP8Wcl_~YUO`3w|{H){|_W5PW95~2%g&F zecl@_>=}wT?Wx-_lIRX9hgcit>{{;@n`KBNJSwZehvDCH1mISJTF^$}y}2{gp$!xUw4eDaNp^c--~!V{dz9lshhp^S+ z`(~c3mG)z<JVM*pj4zZ0!X4=9NqP)rXRKbIl_9)xCWkQ`-@f$`y%z z>Ls9%-;>Ztd)X)SqOW$+p~fn%D>35DnTD+IR5CoZL0XSW4bASj;8?G4D^;htx~`TQ zy)(=sz^X#jK1VC-)3qo&R_o2(`VcjFhxHxKCZCb5^aXn7=Sgd!?s+v^9nDaXT{xFz z)kQ2k@tm24yV$37Lm>laj#DGLg*g*+Po4I?1w-e!lKtu^&U1532ej#eW5<8?1HZ49 z$Nk*F(w3#r_kFQBYB`b4MjrjKQauV{jgmA&eYCf*)|0763FzyxoF7_%rONd%4Fl&U zBcF&p85rGG!SiBmqx{|`mUpOOUl&27#AcLdC7Q;<-&&epD+`Ly9Wd-XMX@Xq&uYCq zQi1755UA`{c~9a#W`UkoWKl+!2a5{gOJAfOHcf<88;|2c)ClOpY!xXR{{r@PCp6M& zhPewVOb=ak8M$@BPJVlNANtOToWSk2qHhWByy>fxzd6HO|oQAPXZTu#d8Qy88ywDYn3912hm@p7+s^f$JXD~^wgD}tu zUq~#r7HPV^n5Npz^Wjgl6dX~^Jw+ac>&yy*xMK?>y+qwSv`P}iZD>so=u@+K5a)s` zE(cQwR-N=|0!hxaH!C_iw8|`$`BsuRo;*J9os!Al7D->aQ%gK-d{M@I>Yh56m_-?P z3HoI7qy_8?=zXcxCDCATV)NbEir7s5VBGa<#jghjyW8CC7(2D)hIw<*f&QO1El^eN zSddw7mCGi4e%%Arv>IVlEl~8s(z;sW?AAhq%CdJLrbO=@+RztVRx`hS z)3h!kR~HWrvzPOM;CHEAi!GBU_7~`}o{P)r?@Q+z7e{5>duA zm336gKkjP>2Y2@4<^ymeMM&h~^7XCS&e_}-bHC3Iq!w0pkZoOl%Gh=uP`EXLLFTox zhg#31N^p9W_14i#v10n)xPUv3zmvV0Z(;YS?=V46W_wRSl)cV&Gx}lF$Zqu+^KB>B z5xy|8OflZdcZ+V`V2w1597sQOae*o~l#xl*K{mU6!-*CdLIFf#tQhDoX8aF)KV?oE zgMy~sJOGFIQQM24(w2U9*$G|A;n>+h5$*Mcp9elCD~+3-Gtz+nI~{ghh3n@R5wYuhYd={@6n>O!-}el2kOT< zRfB+@VT={)In8RPB+GHadTr(&*4}1nN~SnS?jG??iI$g#hM4)y`wP`DhaZ$>BC954^@Y%1nemTc?Jk) zLO`r({Lc#}t5#{?M+JSZ0vD9MrD{@YgNyK2>Jl$<(jHKkdd}K0)@;RFmPt_?Zl>jt zsaTnPM~asOHg-Gr2;eSPwLgv|V|ypoPS~z=HRQYeM!ISByIo~jcvcb~UqIz3P`mc| z1yHWQ!@3xM4Jb;+pGw#DfJjQ&B8&H>Ir1osz)s2zWr=B}7BGJVh-+||zM$IZ58Vj} zfKuin3H)5sMpH`7Jn739oH_gX_6dh{@!^o*$)Yv>UWKpDBSM@`Ys~;vKk8KQ6E>0LZ?h? z418~kfxx-2SPi)y{?z&oWUP<}NC3!}bxB&7iVmoAH&rEvOynih|nECdGLoH?Z%V&a+h!Y5qh~GH~2MRCi1~6NBz>% z>0%E-vQiRx!7`5aiPj@yJ7G^ z3j`5%FU!3cc_Fn>}|I~RjbH;qxp$`U8jn&R)=heV5aH8rc0CI zRXebFV=MkWGlEUo$ zz8N%B*0W>NS^>AhTHb1Ri=ay0+1|G!H!lnZCaiktH?C-FrRh~#d)(>_tUr$B7*6d< zsJB#8olKT|*~`)Ry8C1}%{?dIqWfA+cIgd08x$?9yfgQ3VY{ieIaf~1?t3Es7D&af zwtiE5sG)Ni!Q4dD!THPm?$Wb6mn2bbJ!Ba_SQ`D^(=6ZGDWPgBddr<8lsi@5;mV$~+fv5D*X6>xgIZ%(5Pl=wSGEmg{-mg9T`D&+&$8E|}_I=M5)_4!U{AP1Q z zps$rrIZkwwwr@mm*qQ)^iP)}&65g4{I~QmkYU253^8!`M?eWE!BDD`d^&dnoADq5n zv{kS>#hcS5ys`}YBGz7QPJETLMDvsx(Do*UDKB}pS`m;IPU#>fW6=mvoI>3h(>~{2 z6R>b<+L)f*O5lIqeVh_#E&3t;`bAV-vJ~7}d@;eHfNmAxD|VLQ=0tf_jlRW`fM;*U zI5eqJuy;DfA`VmsICJ{v1_BPbCrM*CJNCm2Pj7rPCdArug)vY!z=?j+9<%)DTWMh? zhdRKhzb!> zCrx#UuT-GPLvmuSo=%Il17X^gZkFEF-POhU_OrI36Q0@!JbT0Yk8M^K4lf?mj$=NB zlBCBqEBFf~dDtBUJdH~g=V+)5AW)Subop!14#!pzO|tFQz9#xHHnC01PYr%_*aaj33M@BR3seXo8E#cjz{i#mwJQw)~8h zPZiV~i)dBq91{VBWP~~h49}HJE?6aubZ&z~?d%SDy6pBuVP6F>ygUMZC5%<5b!baZ z1og>C=)A#(goPaU;B2d8&ErpKb5uKxJc*N-M2}h zC4}L<==NZ3>!BC_7>*7S^HJPB{`ik`-XsEKNRYH%;pO#rU!C8 zz7~a(NfVQ{lrjvDms0wEAvA3*McLoAr{AYPZ?(xlm10=~`rK_>ULqlbV7eZd_3dC( zbKs&6c#}8uu@f9Ve5%&+-LY2C-|(BSR&L|7B%q*A{V-qoT33p?UTC%6Cszj}_BDm% ztWSh4(?^GEzLZ%pdDjPE_=8s#IaRp^KSC8(<|RbyrNrLSZ`rHxX0s1GD$LTbS=o;& zOGcdw#9ElD#0b?m$dxQYklZ+}5soxv)K>?Up!x=q*m+YEt*GUdgE6GjmJGG&34wdW zRyrj>$jO*iZ9K}1Iu~H&16|5i6nq6mFE%_AhIZ(unP*<~e5+P(mVS!sG7^Z}9zmiS zVoK0SGU`?~4q7gTz90o8ZP7MhiSCIQ@+5H8*z02@@+?CcgMsiJ;KocYeZq4?4whBr zXZS*ALQ?r#BY%ScdGfYb{hz*glRP*O8@Y_T+)sMwR8P7hU%=01x28MOonIri!EA!a z9RbYLS~LbCr3QRl(o?-7g!2Pda3j2%l4bm)h#DXPE_-#1nX(_C8rb!VO*XH zzRZYsVVuW+lxw~6fI4+ateCF7tI$YX6)e%8lSb+x->1_=dw zryqPqPgD zTnw@A5cxZ=MkX(>gGo~KA=#`&+BT(j8%!imd46$utH9bf9zptyx6I6FrB;x+0$t%> z4yH)b1N^@4MDTAx8K-vLHe*zY&0VVk&mUMW+i`SDeB6)uW+qQimwPOomf}jvCf9G+ z*E@x{6)Z{8Tq+!&EZ)CX2N%{jl0Tm=8g;XyDvhGgf;{uxTq}zw(cJ`wbRBo>w0mziqKwwyZ zmH1XQ(b_Hd|Iq!!vm2Znh@FI|aK2I1Z@f#H7rP>}J~8g4f2$s!^d)MdKI(CU637=!6gMV*3|)Q(lycnLHRrptP*HXpor46KKAG;WDn~Cz zx^frcvx;sZ&DNT?tM|voDwlGr3PKW${{jH4xlL><>b{d$5E^{nXY_IR2++~hn9ill zO8U>bKI@04LzFL1rM^kgyc7B5FBelL>TaIEl2^_G=9Ukl0skK()i1E}@O|eqdimHp zpSG9(4^Jn)4ni0aUl9OZ3%!$n9=~v)mo2>cB0_FYOovBhAL4~ff2W%3OXhZi1bKG> z->nG0%NO}B^tsokrz>it+vlg*&#%@$?zi6BfOw80qb$t=d9KZjarKz=h%w$<&R{mb z5)0BjlACwZmMt?^#(JkN=c;IOzHcg;ItT?yY#Knu9n7$JFwfu`P@W(rb*tEX>`}Bh zrVqAa7iRBbQV!z;+Z6Lic_w09*{7gkJe2uW{l{F!`C zifm@u>63m! zV!}qfjGQfRXHL4p+|;5AjS3T|)><&`cZ=n1NGxwXmUeJu6RQx#jk8w#YfRDgTS=_l zn|({)9c4P%o3g`6HYit}^t+*4f)PHtU@`E( zd{26xsR4|77ie%RfI!%WlDnlkQC}_Llhbk`_3GrPaJ#{=ZAc=-ND}j5U+aC{3VV&+ z62cJsp%m!V{yS&dd#kj!#8S`*Dyl2;&`W#Y{VOO zJkc`&)5%~I*19h`A>wV4AG6tVt|c9j0kenx<% zfvTK%UZ+Fig&3oU#4RDBC=z*VMOa9ajt&9&kK4C27NS)QIq=t!Z$0wTAU8sknL>&S z9&X7Z#n!WAA<0bMyKT~;1AP#%HgJDmSFjm{Mnidt>qaTEIqzM zzTxDXdM3sWU7+rlTXi4}gdCdBiOFLiKfOI82O&p*HM>#v4xD}=C`>NT8Rpd@^iQ@4V{L-JJk83=zA@*Z zh#4AHT8{AXBN3!X%r^_6k(0B!7pu)H1IT$|T@gE}GB5Gx-+mZ-Cc=zn>u3U}a!Kca1n1Kc}Zq>(O2 zcNJL_?pmIZ#OX;CDXTgc-=q(F_XXtVmjl07IEl2IB47rC`Uv#Z(HLPYpB_|9oY|rl zKGeKpHW*ee95`HygAhJSkzM^7mtsY`7qCg0uj5ir##A#sfc~>FQ$Hj=UQ16%U_BK# zG30sb<{{)IZZd4wo2D*?v(58w1Fre6w%z^j&|$E+9*{2o{H@wt>PPw`sQ z(spyk@?ht}cEl8(UNeKP>S0h2cT|@VxK0_YVabr@%1Pl=P*P@sY=1rvwjhaw<^IN3LVn$svxTm8k{3y7Qv*Mra?%%k-683+QDSm?xqdT zs#a6P16-8{g1tqs$~1JoZj!c$q+4X0Cmfu0rRsYq1tg8Ao$W8C;cjNU>6IYA>XzCq z)dPldcJojJY9J(N)2ipZyIXo=e|l)A24rT?k-QXGTQ*cnwl|wHjs4A5Zzf-k>{`48 z!$>RSTbZVN)g}{4g@qMGfO&rI`){P5S{2SUW&15tES(K)y@O`Vlu+>YiXfoair=pR z=j}aD*gHnG$kVFwV(f7)!w=vmdnWbQi@X^6ZW!cZwsD#-Z(~$&wLik9(FfRNI6<$? z2p?%+kx(^Nx8eb}6=8;nj>mj%SAKLWr4h4Z~k}P^(F(|X; z8BK;}Lvh7v8i+FvqLrGaZu%%iI_&OG1%vUlD=+wzl#;M~mZf@w)mZ@G;Z6og%3EH7$ zlQqU=(Lgi5Qn@L@tqsqJ(5xU5fpW9pYTI2oF4l)x;>4XhcP3o!Gxwn;wUTGaB}3Q$ zd~e`j3+vbio9^UTkJ=I^w}ZMRKT%m@o`~Yu*Q-|5cy3}eOx|wZXDn-xBr)#WlH|3h zJ)ykJgBY0GfiEFRxJm(?4F3U1geJC{JL^2D`;oM%))^;N6vJlHR2)8RZ23Rh`_8Dg zk}X}_ZrcqwVH+@Dpvf6b#zY&FBq1;&i)52U&N;YkFd2-Hz=&iF0wfUFfXJZ%laVn3 zfyp`NobglNnLBr_*PeCneQ(~HSu^kaI7@5m?5a9-c2#{STir3Lo3$a1&JF(8ECDH43{6vtwgPQyjgG5mJu0RK}P7!WSC-OB2BR3?INw& zzW_lGqWIWX4?f#)5&_W3iypM?XkfCCVq2>55M@BBekBXKJ-43J95$o}>vm8B{p|lcrU{siQLr3eA6P>UHQ8@u;I&P@VY|e`RqMR8OV>wd z#xqw=B(vSrDsr03zm-29;8C*_{8@Jx(NAuD%1oSG)*l4#Y^nH<#vaN4w5AHMbO08W zJ5Oqz?lxqt=_*r&-J`<@IF4JA%%i_L+#tm-RXGk_uc`Z4mtHKeCwpm|xJbk2__7}c zNP1^J3n=6h%zCMIVDKhE!p6IPcIg0CoLo_S$XO0|)k7dN2jM`onq1^&NFj5a{kf<& ze}?TRA5(q*eFvuG)6E{AN6yiBm(AP#yvhb@c0FY0j*i}UaT-_zRtJw*n=~7=#*uO> zMpdmdHu*itK?4Q&&cMK(`hauV;`3T)X$g7&nj!leqoe^&Gs8(tXBnv>!X}1teUm(p zG!`yZj^opsBd^ViaWp*-$2$OV{+3c6_3LHeiIGV=>_W8|)-6s}G`q&25(+bxD|EE& zpWDO==-LPwq@Nm?jk|%&p4?>XN-JgLi<~g(woUFVxB6WrmcE=#4kUyuEk9k`ED7l? zQ?=}J?sqYnI6WwY?H{g~I&-`kVH!g_0eCzTxc#=WRw?BPrMKfX3ier_{```H;;f;( zI}lVSoGo^3@=7D!<7@w+H@C+({r;F%|6fkcf2i)E`D+5_D+(X-OZ@qgF?@E}r}ja@ zMVrtJJNu&GF`Za2--O+I7W?rp?&)TgG4LSVKF2(3O|WrqbC8PlMoyw|>&(pFVMPyI zzU4myxVWLh{`%ZD=SW~WV)o3%J>hYg*|K}z0hzf;>xIesA+$8I{gA_hD z=qernqvL*%(sk$I2cZX|Zi$JkG7&vxub07|BKF5wT~__mH;POli=i0ue%V-a(e$(; zi>MFeOP0g7N5Co37M@?=V@GQL^#@7*Sadnun?l<0Q~Qp%Ymn<u~x0upcP@SE?)KV}_~_zSB_-;?ze+9?a>wHHm1cXTirGo&Ko${;d6XB$qouR^R+4f6gk1xNJhSYZ(L0i*H&N6ny=G zUfX!$WMW#xOjdoVg7Dp)j=+mN-%wAbu5^+0?-V!xVkHrS>c9R#^T(q9ZzX@Km;X#F z;Y}2C3fq3sVxw6&h#4YW{cz9`#Xl$Zd@;uGtc~>x^6cT)ju|q~f@s7pI`q24<-dt< z3R&#l50y3CYI!V!5AAtzwrtUIgW~T#>!SwGM^t1uhV2@SWsJsL8?X+!GZ*^n@1kv` zj_l=4&t9~kE2XRl_&%ds8J}rzG^M6`ey2EjirMmPnr!r6d^8{H^>y2?lJ0agSu}1` z)OXs|>*5Wu!E5n@Y{|oi4K)^5&U){DL0#a2jLw8Mvc8TOeo5bZ+H+l`IHf66bP*hC z&>$E>cc{JOEU>5*z_xIeeh4(x_-;3^vCx7}i8?TUPYSu4uW)--1*U z!x~=Sf5HSj?$3<$|1ErL?lV*nzQQyt;nK@{)bkMk3{kwh--W>h>#K_VqkO6^{*Ryd2JignZtwt>X`MBd2m zRn}Be-m;e7B=^woYcIHDFv50zzj6EzZS6nBC#zrC9%#e zemZ;}lk8IO(w^BwJm8o!f#7MfE}r_{YH@$pA^R>sEZty3)LHl-vBZKtqPe_qAl4N> zVtAAUfEd7`_kh3{PHTS-w!D6=o_a|xFOP@T6ckicU>~FzUjz`@&U=Tv(ozTUQ5;Sb zV&0~6hc6h5*thO)k=%xZ94f4HD@Y1iX9L)b0B;+art#L{138|3iLUJ@Ftwr5ozNE1 z3p+Lc%g|Hu79C#d@J!)5#c>oX#_!S&bh4-+&)xjqg<_WHNzWa*{uDChrq-1*4}Hr= z&(Nd$e2LIrnxpLp?&Ve``~ZgABwSp}iv8@nv!AQHFMw z=396EXSpgta3qsJ)4O@q(FV|=F2+s<&_lIo7u>GjHC$C zxXA83ytQ&CAvabb;mLaA+PcWuUDlnBp!K+8u=Zf6@ktx&_QMSe9Zt!Z1a7B}_j(Gu4qmMtu`2k8kEod%1}+`8afHN+-hrqN+FIG(XT879m>9}B=Vhey(}bc+ zCKIzVn1_dm`2bw6oGF5@+KMw?yGL=?z`IbVzF5Ymm2YVsnD%+PSQ(MrZRKD*M^p<2 zC|xtZQf}W>N0Qm-1%`mnVkwm988jqU`f)ZwfjD zGIKi(mn4bKN>;&v(CYnyj>yQ^p5Da!HF1;%uEJ3+6CL}0hSxs3`xA8BW1p7+AwIGC z>prI@r2wg8cIDbUJR`Vaz8_rjb#93n?q+C4V+fG7&?TpdUW9CmmX$@u;+gW{#QT8>5z>07Nzfz|=0Jo9f4&owtL z7DACS7NZvr2wd9F)^8QXKmOAI`tJ#@QLRw83|S@2*-jiyZo1wSi3utV*~GANpZ6>A zyIXuZlVRZW&;RAm>X&FePjB%|A@}cBB;>|jFzvka%^CbO$?Ep<&(Ho?a)p`oTcpx7 z>N^GB_4;OktCzypR^!`B7smJMfmvF4hFHnrQWn|Ffnqd`<3(JPWXkMU&9x_N3?nd| z=dnKb&$y){i7k55eTZeXbVGGhxOt{yfKb=Q#t>L8^9t48L!%z;WPlnZV`d&bjpWUp zh#$#I>YFU8*!MYA6*`$qvozUD9o(}oe){xKqTuR`pN6{v3*ybd*qe$>5>r?@gJ5Y! zwFu~?+mJ=8`aQ&~0R)1V`7%;fM>5g6c~XSi37F`88f(R&h1BL=s)7($(zB0oMIQl+ z_@V(gsIT83U-&zPz72>JJ>n9*XD8I<Qi1moiR8za$1b*eUeom{{hT--&Iu|sP3KG&QI z3{rG;FY2&Wl`$z$>x0IV-}M_QX(KQ_02?PMv zG)X(jy`A~_v?f)(Dz*CFfJV|rwJ5>u?ypf5eIV`|`Cn)6w}hd22kJHf$;7=EVa@8- zw4R~)h+dmKj5;acc7v5g0zE^BGrSa^v9Z!-_}L$9UtItOoyn89XpzwID|C72^0O<@!LQY2ZS{nv_GLaE zZ0HVM2a|mTZiQZ0s;`(+1SMClieS9$1ci#j^CUAor0o^HX1zaCOm}sRsdg@ zqLmWRtflpH`8h0QwkppQWq8*k4%nvAv166oGV{<+n>Rn9G#$;|KcN#6*9b5H38k(M zpe^nyN5Jz2tn6GMwY9;96B{EYX4D^7D`Ipu7+<@z!7$RYiQs}XQ=@I0bl1Jtt{A`= zNK7%%_s&N@7P018F8+HX&R8?v2_nMtM0#%B5U7Y*zKmqDDH0wEp* zUzfnuvKD$tu}UBg5a+f{E9o$UBb7w8b9wUIX*?hnm+E-OPhK_;51>hA>Khq_j-lp; zbiT~;4dxpkE&A*?EawvxVTn(j1}Sbuu?{@Cm_Aq5*-MQ0w4_jZo`EK_LRwuI-^%#Z z$cH)UT~#t_x!`8*Ug3Q6$$hRqx0?w2n9~k(sad%l#zra02NYvxXBRFL-?~YKb@5UE zeE$fTC;aSHtxKn{%YtcbrX5%ay__LBz+bJyso>e=tP&(Hd|XAT<44n}Wrgz-oR(pd z%!2oC)9huT4??qGecQ11rk=Y~2-c(BvJ$RtRBo1@Z$@Qu8v7=i#7C!=Z0z}~Imz+G zN+%d8dSb&+Z6`T6#}vp6&2&1*=7djA5d&j;i=3L>vm^2b##{r3%};hoK{q3AM7M02 zU-=CKx+{C9FcacN_QP{oL;nmqw7~74$$@lu+L@%rnXz z#kUpTq#@wD@jO3&Fn}Ow=#A3N1V}jQ_P%*+!-)l`%p=^KiNRe_Al&19e=Y(kv3ULP z%j`AI927_m-KW*RGJx1gtP`QA7oEpIaD3T7lQ~5HS=S#5HvS^D zSYR8cpX8y#FPw9q>Iq)404>@FS5aB#M7B*rZI zSP(UhYnF-~e9a|=Ti(<&Q{!*Z%aG)=Auwm1vRJ%6S~I+bjx1!Ps$fPle)7eqEv*#I zY}AMprTN6zn9{}Bp7$^9*ScgoKDwhB3Fks2-_w%UP)_xOBhfIOMJkRt(^%*<5Y1#hH+3h#v+dl^C}_I3ko{_N63xM)X?= zr8_O!nD@o9nsHwG4xetm?=Kf=h~jDs1F!B7g^<_zDJJ-lxDW?dYh{;0o%}q(@J~lb zw_eA1rbu9?kxn6}?T03-bZe3Z1mnw-Ipolr;wXTVvD!+PX5}x%De>v(^IV~n*<&t8 zlyPp_P8=E-43WLZ={->?7`NFWE|n-ijw$n1dG9p)c&81i0l1djjM#W>(SU8Rt<}TN zdfWSO9{_MXSv+iZ?8$a9pBAm@3$08JcCD^QuE;`9ZIjKw`r#6Ybw?W4Fnq$Kw*fD^ z8e^b`FW7Mq-%2HOhR{~>_=KoJa#z6v1)JO(qvMsevTy!noW4I=Dz_uq*ByL2c<){Ql~?kIaRd^Jd(|!Pd-CWjD{pN#c&{ zxcE*!?I~-^Z*X;#TevfKlyM1gNrGQxBsNKC?0(|l&i48`fFY{+PQm&W-)~OSZbs?e z+O*;MeBD^S&NJFxZ0k?8t^i*B6TuVfa2|I_F|lFeluEp{`pb+*{XQtzL2B!iyQyM` z2t815p2S<#_*&!rZOO+J6qo{C2Z_{p-Ib4=%7{UkSPdAsDmIb9hM!%mlY#Y+ff6Y8 zx|_?^EV5;=S3w1(U)BH^O62%%F4ER2ci2<2YuM9rRIfw!QXkvJjagzS6#e1$ZM@lrm zKhbNQUeppv&*m+O(Rf44;zkBMKkN6d$!EPX9IzZwgi9Z}cDe~qd$uCm+PM#4d&@G4OV<6G5RZl@C4aQ6=%NS@)Ap;>g$mY5}8WI z_ouladf3G`%USpI+lHpc)VsEb<uF73HCq|^PN5l^xZK?mA}KY`*HlTS%2EGL(WcTTDSJ?9S${Rf&{@>{tp_1u zT9hqUKG;Pn;#qD*$>1yD4+r61+xoCV)#ZlHbK5u6&E`BU)BJk;g1CjUSWZL@5dn=^ zkBg6Xc|YNWnj3{PhddeJSIH%K&wyIF_~lV%Ps4JHN>#}_Zyj$qq6#T%qM`MtK)18d zs2A?KZT&@O)|;udAjv}r1T6WjUp)|&6;$i?q?%+ZR-ntI`!J3s6{Pbuw*Zkm%$Wq^ z;1a+nKG=_~)3=j^oZu?@$3J=1am~P6``cw3XLP~pIrl!GVCZ|Lh2v|rzU-;hg-#}= z&Qc2tN&G;rY6jl z#%89_-jt2|)`rL(4dguwa0?4Ht{r@vl59}pj|Ywl)drl;UwChaGEhxOqwmi(7&+3x zyM+_L_Vx0kto)?3b0>cO)z5jdCU?{9r$5@iIM9s4OJuxrWCFpZ5|cGLI(pv7mzEhc zN*tKh)YN~r2$zRG+jc2Ym#|JYG6qU@&6JKvRrHkxO7vTMiyhb4A4;S(Wav%n+Y0S> z_zgP)eB(0t`0$)xVFt5ZV3~7eni2>tvr)a-MFv4rnyLMTXz7fE1GK2jY*=E~LULx% zAmadE`-?w(B1`C)2)?=(ac}ia7#F1^?~Wf(BZ@0&g`Hi50t@b}=#|AA8)Ep&Ccu>+ zp!GfmplW-sSlX9=w7379e)x?>e_`=hg58iHbiCzRg=rx$L8zuq>fSbQ8nEMAFt3<# zMPMb}*sgGiYv2ti6{6samNaZUSo`DJ8OzK&*&x|Q>Q)2fHHZ!zb8mhruN2IUPBAI8 zFjpBE<=?Hc8c8OWbkGasE7nAc@{1k00w)$s+GD9W{M9AA*t~9_!c3r zeY7zR=Z5Y}gHvN5*6ZAqGqV=dvRImQZ#M+aYnMxAsU)S(r(q853&vehtA5U0tM(ob zjN&@c2h&^oLu_PwB`QuI*wC4=i#6X)0>;L?E6t-r=0CtnY4wUZkK!z{ETy*_Zf-4J z*XL2Yr!UjlpM_BNOp5PI7q7QXS!jD?mYnM};)593b-GWRCMkw0fnfSqcE+;UekPhh z-p;&56jdK$jTcjJ?Cebocj8%+a?wl+fJz^jLCY2klVJq$^K=>iz_M0u`a)6eh%*;g zalCeNCl_uyy?-Sbtu?^lt0(@p<~ri*vNax8>fspAkkneXke zH`hm+QB>(`i&4UjTySyS;tgpqA1Ch?kb@kQk$C$XP8s=V0K?_Y#94gkm^OAOQ+ajz z+jYC!?S^?P$}#BsO<$m0xw>^|Updaq6jFIHoNcXEt9d{m+D0u-8F`16J*);Xq8S~{ zVABaRW)qU;YqhyvK#q1#w*Jr@8M~v#pRE?p?efe3U{<)h8C2UV_j;@NZu@o;?oIA2 zl~?*an4l&MD=5IieV_S)tL1QzK(PnEsv}bAU)tueBpZD(h_8UjEf3WSw{IyjFy0fDL0*^hwxVpKwbJ*iEJT$r za?aYKoN>CK#QuVVVE)7>S&CQFr0Fhu+(FrdBpT}-73YMA{z`BJFv5dAf-~1Vwys;+ zx83&8TdS7Xs6QpUj2ec?v%k4Z3Bd{8iIW%vmaoXZbs&3_65)m>#!n_w*h$2|h7{}Z zl)T6lKm5%bpA9%} zXBsl7OE{w#J`DOzrn{IG=8UO3k7+G06t&hYCpo5E?|ZDHBSXKPEQU0ufAlW9cIv1!HtDnUTXJXEU>kwW4R^2RGQDfkrhn_Wiid zJwP8LNblst0T7%L2NUz=T#a^yNzg3Tb6Ia?sz(~Mw0{QX>C>TxCqwGZ;>?A9|F{`u z&@L!%uZQLpP{v}>4C7Fc{FpTgx~Dq?mZ)9w8dt)fvM*JbUG1NhvI5>d9N#xxdT11Kw?$qwyTz?azYk$<$5)Z|Dmg~7 zD2q&PGScZtGOz~hUqd&cMZqsxI8+SiW=8Els=m^VhV+guVkB^_)4-EDtebkNN{;uGP=!aoWhXWlUIgD-z+U`nf9>C-?;r3tE`GgmD4DtX z(hW;Cz^BL9#z@9XfA86~I0j8jyP0qFYSkF77IbAm#r&s*P~JcGf$T@{3eRj+u+mi4 zoP6b&Td;+=_!o~vYT29}#gs)tGPJlFe@Ygk0+rj>$9yTr=WgwO5>XZ7Pox2fAk(6KDK!7K0+MSzoF4pV$D83p3yPlTV1)7dtAMlOHTurEf}TVqZQNLkE$1 zHRQ?1<(#Aj8Sbz+8t%tTwNE8_U8F)992Rp~LZ^c@8w8GTNfw^8Zdq+<)P!ncEF?XN zx0JRT@+@f2B2c7r%OlYvPBW!Ey%JRQ^0llZ3tf@ui>CyKi%&uK|5miuy=Nkrl-5wT z1$?Mc!}SnKdhKPTz(R4rlYcGp+g)g5k;PTL$7{f%JQE<+>@9OFki-4P!*Y!3v|#Ex zY)QnPDI;1H<58=EITF$V*cG5QY&)8xBOm58+xPS_=Sn0gmT@N11V7yc;+c)Ra>()N z8L{lyw6qka!oC0q#{Xr5mrTXyU!L@19(0G~Z_D0fXnXk0RN|x2 znivjT*KL{m3(u9# z30Lju+2Ij1H!9GH*ULDpt*$m{_Ew7%l%~v?c|jFjTSs}dty+ok_!Mh`}|1i8tBWWqgG6 z3qe2UKyjNq(!6=&qhW%jWDhN5_3a_#_~D2i`@YhLfEd*{jf={twrR$Ms8x`QZ@`3K zyK!`(!S=8h9&T~@%gmYKCbnfy>FYy;IV8n2rX7?4W=5pVeqLEYB zYph!li+b~pXTSsm+ZqN~@$?M%F9?0MoM5Mk!#SUt!5f=c5?Hn}gFLC9-dvt@8+19` zPU^mI=g`$F2&t&8>`BZhiq$Ws&a|=Y*TixSM54vg`oTA)=Davj?v6q3Ttfkv=!OT7Jr;;c)fSOK5xuXTa;R`_w&W&wB z4|cAoCTYbeoAGrCqAYF`AhR-o$@$hacM!{kS3ynABXIVn=d%x>VVm~_EATZ#j;rgE z%YHiAH=+m;&219Q(m=hwnS1mMyuwuwZ zoxv8-(1Z6;MKp)Ga7F(wsvbD738#==K&<)u$lS>Sc9l-}y_d(*lJUZQHxDf#n zOT$Hv3iE7}k4v;zt~47tb-CXvzM*FKRY5@L)39l_T*kYV4FFG_qK;CPpdIe*hp}8# z&nlev8(S{KZA)02`kD<}+{VPwvv7z@4yx3_AiA5$AsN>>YWsLN1?VhWm}IT{4gz8(`pht*x2iFCLO-j(oJd7xd{nl zmfEcars*2sOBlQ+0f6;S8X15JODJ-cKgCj5Qmi~VgA1GI0(8+;vmK4`d;@?|%S^-X zb}Jlcvn%R@b&Z7=!+9h6dn&+73q7TI0&#9!B;s`7hMI9+wbHD z#`*Nf+I3pG5}O(`s86zu1DM-P=lGtiRr!*Dn3QELPp(jDlXV;cGv3Ry3MyeOav-#J zRtbni5oY;ctPCNxKDxag5jIAh7YdxwxR_qFbRKa9t8u9lRmY^~A8xAStQr)jf6#~i z^P-)d0U|*=B#NfZYi7xv3U(C;W_gmBOx>*U0Bp+5);V%(syDtW;`IX$zbK%LEY9pZ z#c0+Jx16p+eiEpphZuaxB5_8+wBb5&*D(H+)-^3_m>GlD?L-ePz!YElvv82Qr`l0< zzTXOi#x6S6!Prc&aHBY2?{ddBOR>dOdD3h{tI5LRfx3gU-VV(B7^VH5MLlxg<4AO& zg!zDfQd+6>Z+TJd$g3BoG$ly-ZGJL1u0Bs3Nz*4UK!n&PEnWMUQur6P2S-;Dde`Cy zMlf^4)m@3K$MOj@EAv}c1arAH{RWp%Yo9!lHg}3eYVOIUIllx$k=HB^+mn{KUC&bv zycE`7qUMai^Ys?T=YZ;<`~MAIid$gqLx1;0M7E)%L8aB$y(3L8VZl_r_7NDvyDpH& z0Gz!umB#v{C(?DRPSU}z3g`xNtO?d!S6r;S9P_-6v&Hc9w1YCW!aOg4E5HM|o||0b zi=xWR9%2Qjzx;;{?k4R3#dvW$YX_lzyK!RTfd$>M_4y=35qz2#qBqlMb>t?dv8(k1 z@c7fKN(RXCrn)xtE9_W9E3I1~%}6#HX;0XZl4TvIuI5m&iB67HOW`ZOV;)@in`U-v zqNmQUvjQ+yeAV`Pe6qZaiP1UFS47CFULAD%U0{O`vLUvp^{{e0HqmDMu5(H)6A(DP zwX4sB_@bJ^Q#3_Z5sjsu)rqv1TfZ}7- z#z@IT`(FRrr5EmhP2#8K*;!`2 z;l|KYbuVDaoM_{S)rF?wnfhKx){+vnQK;?tcZzl9KK{nHWCul9!tuk?ZPvb%(D!FT zFV52r$#j>#|CU+H=I2oL<%`$%Mi0c_OcU8JEETzx0eA&`lNlHyeeLj<@YQpJxR^XCU&vu<;UtuRg7;gT<#!exL!_OFOlp=Lxf z^$Cwiw3wXM-5r_0i;7^YLkZt46ROGM?-Wtu51iSSGQN&HzDlH!dV8t-<&9hl=U*?w zD3~-T{x=~7(TKt+^hLjh@%SiQJwf;6;^Ct&it97vroI+Jd+3m4{?zr{;-bttKu%Gx z;mMcrtgyutqouW@(&L}j?EcIDGRBR+!?9hnUkA_yKU+DfTB^F-7<(96eOftY06z96 zlg~At-f-hgzNQwk@^@3K=-QQ-o>Wx7FEbQjSjQ6w9W>Ni&sAe_lxXv41}JuUX)z7xo;PSS-HdhPx^_EmQ=UqCtvaW*saZv zuVtAm0Ed!X$k3pT+1n4>4RC?NZT;BU1+#Q$ZaBPikmN$Sfe&*1{W32#yW`D*wCK_o z4iVXO3VQhWVX!&(C)hI7P$T?yC6>K$7b#Y#WxER_6oz^^2Ii;Ur57D*u8p1yiA zhEpm`Xu2ioNB>FZxGI>8;ecl-Xr^r(8N*GVn}+=2U-)}{bONE}4-EI$1mzQMt;}vc zC754X(+hE7C1W^ZBX@FsYEA$d!-X2MzG89M60ywLb^8OuA&({S@&qO_hHE*gI=j7V z_*)xfdBm+})2v|s4T#XD&|59{$(v*3t z`oi=dz*Jxd=HQQ#CIi!mefJ}_|EVvP^jWD!8i0OwDvrO2RLN7xZ+^Zk&)a7V0&_?d zL@N{kXy`P1dasbZ9xcg%Xpf#3)!x#*5uW`jx8TM5>?`G#aNtQTmorb7Y zjND&EXwK!LK6ipqjd=`KKU}MO@Yd&au}&HHri*^ zP~ua%z@^VS$Iid#bqCtT+Bj}H<~t5sRI?!dW*|S6{KX7ta{i}&xBr$cEQt_W%L5y! zs9wG`K_~;}dSx}-RC*jX79u>Ud$93MwU!APyKjB|$(dhb*`l>oU|)dgnD0RD zFun!+j+$tFMLoQ}czvQ*3RGa~@`I_&Wjn=%(36ej#=}9S<-1oI5P?{+c z=!sR*A~@`<*`8Dx)#5Z%DI;%p|I77DR(+ebc+~o*pBidZI)=cCDhtsMq^*S6Du|{d zXrV>QG59Aqr?=fcg@~MT#dV?5 z&p!Go2CH2uv>7Ts_9YW)ncXee=~s2QGaPV5;agr=uz=16SHq?Ok-aG;>{1|w&M?=6s6s?G=21^bO!h+O zpSUK^p%rg^P!dRm(cA084|9Kt>=$F-25^5;r;+(|ZgCj6h(D z=p_a$I+!MkDWMn9dzHQ+$!4?pzqgzGH*fd*-pBA8=FFX2&bf2%Y4_X_wU_z>a7jsC zQ64yQX=QrfsP)Gn!ROACr0|0Oq0FE37j)0K(aS;3&7Cj08M~@r>j)Cc~ z!1FQ)ALKbWnU9?K@frxiEI-5HAk6!79<+jQc@Vf2HF9_rKC10;V7P8OM`g`pI9x3_rsM^d33-6OK|~{-Zy`xisJd@c0Q| z>aTnD0Cg}Y^$TzxIDPWusgoy8pE`Bw%$d_?Y3R?>oI6LubeZlVJsUFzI~y}A>sQxq z^L)j5lZ%y=SM+us|zoCm3r0eMMTAgzPw|!034WKvt>~VyPq3rEYp|pgFMoTsQAg4QrnK5W1%W&c(Dsr zmLVJwTE)-x?t}uNkLUC=I9dzB-;M8&C2BtO-?X2$!kSxEt(`BR0##@V{jYBrgctfUOOZcG1w`#lqnP$61vvtfdx{$Y+Z+S`pq2dO0laR~yS=i{5xuIL@A*=NJi<72qUKZH43@>7*m4w}=a~2k53ANP)Nxc%@@Ug}^ zaVn6=uRr|vr96k5E0=Z}sX&tEZcy%9)R$K_HX@ts4^kyA#7sWc@3ZB3`_e57p6^yf zf;VgYjHt=xYEHRKUe#1r+-83$gc!<0leR7qJq%HDvxDyO9cfC|DHWF#9l^ zSowf>L;hvzwws8EVSblv@jt@z^JnL|RSQJO&L|&tPW1}q+rp&Hd2Dsb;@@`&bJ#9= z@r0l0>a3~5XDaaDj=46kxKEY26!Vauifc|ptx~vlI)3c^V4qz&IV$j-ZTkMM=~BwC zZ?Zjqe#bu-4}OG&k8&9N(dIOo1g7@x|1_>7uD-RJN{c&~O;LONO;Y+Bg_Yc%4-oo! z-@TCgev!g3(@*d5?um-9plBq^9R(Fny|AqwiozJ>2MWQ>BkZMij?*LFuGAJZJ0S&I zUy+9GIZXv3P$Xm!72w>6p#nx+6rFUVbs27Fg^{~*^x8DM$^O6}JxxdU(6vv|RDf%l z3OvCYY%KmJq2FhjYt}bo2}UZg-@a1Nwll)9f|qD+uNpV$gp*%j8w+Ono~pdx;{{v( z_9eZ>UrzkN^V}Xh$SouYJMIl%xJWh`{JUGjhm>nx8VoWgJxG5?_M=$Qy?}np{U;&Y zx(RaXei0lm!FC_sN%rRj{@{58>$99gyPUHZQn&wcAN{53?{2L*YC~|G>EE{*{EA{S zOr8pada6)?Y+5S7*ZDqUSukbkyJUa9lk^&Lz#lyYmMFrbGQwb$TU4MJj`wu^O@i(H ztk2+6WGj-i#$hUAhzN z$3u_3T4@qF_0_U5Ha2O9UJV*jy+CWbko6nnkQzKPT~6~F+Zp>K3I`dF{CKa!t;IbW zrSf9!`x%PYEZ6auM-%S0WdKJ#s6fcfUzk}B8oL*ayVJ2C-ijImDSdc6{vb`^fME9j zt9u`@d6TPSCQm)70Kh@2$T{e)Wm9G>@Ge8eUi*pf zjl{oaP~KIpg|9)9D7!)$CJ7!79m^CL_}*v?zzfRnQ-QmFRA4b*VI#^HI}L^JZ&)Sg zZqV;Cdp>f#I4^LC3Vb%l?#{LEr;c*$(5O=ZuUOucUadKHl5x%7s>Pz*d??T9sK7AN zpBF5BiV*dL(y@GT|0E9;sBGcrH@OP(^;#;h*_Z4u{Zi)Ryv2XpdWf0&hr`ByPqz!} z%el)W7wNfjqa^b$D~|f}jmV!>e0M`TOkIoG2T(_keo(xB-}IrTy1b%_9B3bbw#|1o z2wSJ)cL2cF&e>5@;oeuEs{YlfN#G=K0bl@4HX1X8)04XoAFBM-VE8|;8>9o<2LL*6 z9n|%IKL3X)=O0@*AwWapD=^nz5KkPPLHKJB7IAfcasWqzFg?P`>@f&uf$&X75J3>` zJxDkI37$KEEq{a$>`s8*QCssqNZWzI`IY6bVDn$W2rEZhFpm(J=h|aiJFxzv`ai*s z58$Tx6`Xb})Dxp}7YDCx)oh z)$0IoDhvSjUsI{OZ>iM%WYD%90D$l9{#M@pI{*+{2h(5wE$vzo09=P$J^ZM+W(`U|{ zrMXCR_S}VYXU?3bJ%8cirAxGz&eB|_yL^cbgfIPQPal*#cKkG0@Y1<6=fKoIc>HKj z9~C_=e(VTnO8(WJW&;O4=pXr&ISm{?dFsUJGslh|nA>`nz&Uo}*vV68F8yd!p8|m6 zpxFtU+gCbiFYD+hl=Vtxx9%eAkcBbghj;e%4uj~p1;h?uQp>4bYT28 zlvToDwydtciz*X-M8VIQmMI34c2eY2Ezic8ph#EJTM zrsw;<)L3;}HBa`$^oZ}&-byG$O0Cp~6ptBUHd)b-9ya$9$6CwwFm4kkvWK$bBdapr z!a~33n3~MUE~{QPJ?-?|(skYADNC{{2psl1U2IYno4TZ&*qltb10TQfsq69_(r69?4yassEGIKCpD+~aR*et zOVqs5os+#rZv2f>@@+$I8LjTD!M7yUI`%WJX87P$ z$f{(P-2-Wo*DIa1yctU|Jxe2OZwMW;^ZC)rQgj+te0;}IqM&(hczwr^-#b_+MPLas z?^Rc%2~N4DpT=|2(Ek_aqIf}bNfo)P(qutR2xJ;wzhWA%hfaw^6LU#z8Bg&Gupn?6 zoBl7E#+2W_yYo548?%37i&*zVzW9e&`kulMURE=2;cTi3O7~u#k7=visb451%a8~k z-2Kv1dn9K4QOPASdt9~t1t&(MNjRK2d~U`2?UH1{`)o-@hP%o#V{?es@>#-pg#OT& z{;&gG$8H4dMY{=nMM~D{Tr&}>Bi_cd`HMv1`bl(LoBO{JZ|Y;^7v^tKfemf?{63ja z)+|(D?aYihNLwoIM;)b&0xC5>D+Wn*ZfpjKxyCt4BpP0w3OVXw>KNP)svok> z-mB6Ppc?bE@8j8acFh%0YimUuo2&G+iXn$|@IKykz;T=ka2q~y_Qz0xIun+qK=@wt z_N!%lW{#RToz-B?LO`QU76e@l>8ZW+b=2i2l)fb+xO);*m``T<&DCayi>^Pzpcu0P#1h0?9p z33qda`|{S44SH`+Nz_Hxr4$p#(SrFg_@)8WYTy+*UxnS7T@~q(Zydli2QN6vr~J-^ zs~n5z^LI919jWEoU)xV(U;19`1-3G&pk@ei>QcyN=SH+=4KPYe+41hY==L@1J@~MC zzu6+qvHxv#9f|E;+47xb2(u2>&NJh+5wrU~FjQH;OBEBtZimJrjqp=V12;=0Nc?45 zW-i$`3WyGVzEr?=&`o{sV@>6w7RGLaFP*{~-7ji)%68&ocV2m3c8io#S%$n0R~j_D zAdx0Rq5>sZ2>00L5`Cfk8cuFb zOZLjX+1brr$tudvokT&-khd$9!;>%LqJpkC9$Y$L{UJ z(XEc6h;hp+-gKc%7X>;KiA4ewW+z+Zlt_3>yiVpK5y8<=VRxgBBcEXnXP!Q;r{1vB+-i`Mb3tCL5QMplurS2L-SUphO%aq z&_IkrrIF|Ukbe%N6MS2Zu1E4U8FD%yv;C@;Knz~}g4P>W`dePPkW~&en`cbcf)`%8 zz*aZRF}uS*BP}B*+q&jLYcbi~6qP2R-L3qbaD2sM5& z)_ApwHVEywDnU-%o+>GcmJcbDo9)p=#rOt#q;XLJr|wH}6Xm^+$g;I+GJBR(;9=I? zf*bMTLX#3NKA2}k);_;*&g;|G?b=NfOM}%AQSlf-(U~bKFp07LOwzKqP=!HN9bnQ9 zV%8fY(C*t_5=tF6@!ao;xFn>EiU{Je+%P*XnTJ)n^9zK#wG6G?9i-cfsckmf zs)>kDo1N)uH9Ny9u6@n1FJQ*RgDV#{Dn|AUtRD!pQ%^66$eLV;bq&Bbk}YI=gjIDq z>AGLh!uAjgHjfO4Z0Gs?G3K$>HNyeEhA6GmXk9tw^IQ$>IBS<{Hm7qG0?9eh5ShBZ zMYbISqUanI2rMf!xX@@b?LUdZ1v(JpIW6<<%tsPDG>fw{(rGxK)SMw=Sv^@JX$7E=*fp2MPt(XgvCc1zaK-wCG3Z+bYeG@F}gahr0e2udgl9z5h$^DzB;^t?uIo zA6PLx`XoY+@n%aSY1J!9F`-Rf!(IokBd4z+CX10>UyPXzl%@hZ2=^)-3q}VOqOj-A zB>bktFfXQjQkpN>I??z7UqRzm{-XFvE;Hd)`+cN1Wp5y8!Bu5Su2<`68WHy)4OLeN zt@B}T#xg>&1l+txsQRw#NS~Nl)rB5$B{fd9*RoodAHPH!`}gSY=-b!SHwR97)qRQR z$(x`8h4+)*-EPMe_?yS1XAVQfRWK?d3ofhnvfaY6RG=9l76s)Pj62CiCrp%Uu`eNP z2xm_{o@@$B;?`11Ft#Gi+3Ez-W%jqdFMvV1Z;oOFT}&A{bwbVL{p&b3b%le+8_whH z#GHg|_2 zUCF2}0**_wq*|0XUc6eGi%}JN-M|_te%55}N*{xA4xw_ND9Wv1*cMUZzMTh6QXEkw zO<6eSgCQa+-67g$3rU~IIu(;0%f>;G5G@}&nJq)s)@D~Yw~M?*!$70M6pcp$Z{3AL zcf;J92HiJLyysRn6VdNUc;+LX3!ws~(xHnUBq!LsJrvpQWGs3Xmye6JG%d`!Q*(Nj z{A6(_-_ticCc1krc&P7b%Kbz*PwI`BmDEd#(F(qwf;Q#zxIPcs>0K?~bWI3Cz~|aN zG{$Bx+q+i`Ci7@=>1Adz%}0mq5Z@QZ@t>VgEJ=`sd9yS(#B*{#M)0xJZEa(zXQWIeOGtNJK2|qJ zPj7UsyxVQ1Oe`6Z!z$?tt~~qjXteRHbayCf7oLUqBfV$Gb%}^Mhn{#0X#y!ffe`N> zh@VF@z3whCzD?S2A(8U6wd5gYucV#eyEY~{j3k}DzP^zl{f)7Or?dJ5P6I_*Om-u^ z+>5bAK8I-sma{kEZ-ev2gAkrEjzw1^h;jJTjaZxYWF8ucF-THf#+8hsRV{(-KOnyaQzt|`7PvW`ZZ9)`}0*w!&oJYOafUlTQZa&8)(T%(P$kk8a%a zRy=w+`bqwZXO?AhDXA=Mh6;2dHT&M$*HD9Zt<;fgK}Rf!j7>4$Na*+ek3l@g_Cb3}zp3`6nun0P9nc!mE_d8a#} zpoS^M(O$&COoU#eFRPT5M`zn>gV~6KL7%QVJ}kdf4v zD?wK<`Dvs8@k|4M^X&3FR3IUQg=N3ONlvHMx*Nv6r$PEXyg>l}U+{*Pzfne*`E#I~ z`l}VheEzewM7rlCbRh;gl8M@OT}v|!^g>MLUs+cO zMpegE7DB%Svtd_H&JWp6Wq+aJ$)_>$f0xn2?Hg)z#r&f`+1RVDECe5NcyDb&&VBBZrf(tkTT zt+f=9Z-DigRm<>1r%tCSrp^b>UNM(=DI4HRuKTW$yvzFv0=j}vOVl7W$`cz?Z9{;C(L6cp~2V}@b; zEKyv{ZAE*V;w2k41;(UOt7IhJW16&SMi*8M24LE&>gdoi7j*knUDlXf~CcIIix z`;oF+m|;)$e5|-+I)LBs>@8b|1g}mNIcQ(t*q7}q30%er zcx?@zokhQR$GN?Z*=?UPjcHu(rJ-kUS!PJpnDREs_#R_-A{BU*yOCRk8cDIi*b@eD z@#c7I%N3$Ic5S_~A8m{(uhS;dC4s^nT~6Q5RgyUNIl8$-dQXqlp2AFGRbf+D{Mm0Y z`b6>n=MIlQ>eM-!IR8$Q3araA%kbyFTV>!IyQpuAeDRrv0timW#f$4qCGwUWn*gfN@St_s+aYbd<78}*ilkWgPhZ#SbDx{_ErH z-cay!v4_dm9u1IaPPj9%3GvQ7=IJFu6NtGbg1LcBVWrO5{Ysexp-&>t&7FNPHtf?_ z-5%Z|91@M=^fc$mAgc1NpTmW>YgJ~@S4gG$nY~wK3a%WR^D1GTY9!?gS0UAR<8+yo z;`kFZbQ$!7$Dq(a6|*mK)uaiX)KTtuRN9RiP~phu;kxV-o@Xi`8!S;^-?&|1vWb2REg{VOEDUvhVO+*&2vIVO2PWuMg_=?e&2AmKHJ6bV&qc#2@nO$3FD^m2 zPciOiAdhqoZ)pcAAdz(A1ZQGG;GS%ld%Pv5)av5L5Qe(9gv~q) zPcAk~xM;uS(+*)%lyA1bIpRXGU)||Vmo_byiq^P-=1%Rl5izq3)rf}64Wl{15nF8) zcOI_15A>Q84)m(JUjk_cjn??IiqUoBN#3+_IO$Hv_Ev?B&5aMSX-RwOS5B$c>x!hs zbccy+-n*-at@UAgIc4*0@@o7_gXZPy~t&J5{=}a-z2#SKKsg@?$ zHM5bwyk9F5)=e7>-_Y$0oZ-*M-MG18KHe&|V1M))WA60rzdR&o-}B^_Cy<0m<7n?h zr*uq5#Nf@e#yANiPZ5Niv`gwJD(-Xx_d#6O>84|gR=3=nRdY;wFgJR9dEzXGW&#f# z(y1BE?sVH|sw9svSEXjU%e?wD+lH@fggIZgXsUsH#oC;7D>vR86vm6A6X)e?0+JqF z*1q)BJq>25(|(B3J*dDg6)<79%Zo*)WyJKQoi_1j9oVs)YImZcfMIaL5eYop_7A@XvYMN^4G6kWLKH zhczBFCl&n3t!3x4>gybl`7wbDkGYpq@dAvPN7h=j+GAo0RapB9MhTe!=9wG=Bx*L$ za$tNyQ1*>gK=O4zhRJ3InQVbl;h_56L6T%>;N;|vV{BAFw`+7VKj>=J_eY%n+?QL{ zX(p@+y3KBj+@g;Q%6Rw+BXsxtV_jm%5g`|ev9_YpRl!_5!fe~@3V2{9+R9NNvJ`-@#U@T_X#R*xgV0*{A1}Ayjmtz(+&Kn>ycR=>Hub?5Rz0&^xtKuPTU<5n z(`;Fbke0T>4w3fN)XSiuI3^spVWQC?iqZdB_*=sx_x(wg3D+#cx#jnCMUF#)rW(nD z7L#bl{P+Pv#|Ehoqa{?UqirT^)&t!l%&lP(5*)NuM(6?+O0PFwdvi@e%vAE_Wqw4n z@ryY<6Eut|dO;qU&uud0%5Q+`H_0S?NUk=&lfo*xzP?^)Rn{qo*KPlz%dz9go!?gn z=Tf}vb>Xeeg8}4aWGW&H4TCXnxERF`kKu~}j_n5Wz)dbZ`_a8CjrhKo;7F@hKzfj(sh1MtSi!e8bw|}x7IocDHuQ273G2T8QU4fh*wR#8(0i;%ruF;5wnS)>!t#Cq6I{)$~!Z4 zv}m_LkH(@Vi`6^mbu}ezRc?*J=M41?DYAi!rRna($F9&UOdwJo`zn#*To8aNO!G%T zqN9Ch<2@b7?(XO5EGZJWn3`-J_Tm~>P3J<{+B@OZdcwxgF}2*ftpRx{qGV`RJsCoT zg1!uae)N|iD$pdNkAUW09dE=M*?X2QrWlGz(z7hG>Z$lHjfR6l13e8~ZeiCG{7HMO)flh~oyoQBbP zW1(hwF_k(aM5%*^YDdzlDnVF9Wh9ucTg=``J^)o+_$IvSGMZ76Q{LO5g>5b#}BY)!fHW3nxCOpE5bg0uai_!Mrd%}#vgY8=^p zWAP+8x3}4eTO|n16q?mQfm75CrEj1ujZ?K$VGOM>l{#JV57{Gf&h08HKQh$)+bNnV z7Sj(EVw-!{D)|xjHRoJB^G)qcT*`Y4H};uM=XGFu`+HET^i-h04CxQ+EBUbv^qYm<0viA6a2b{iHh{TM0hK4cREAwlDbgvsRzVL5~F&Nbqt%@4U$ zfJOzaYP#Xzcrw55V|@mx>ALbYzWqkQQ=^|ApVB8yJU$&i@33G;X6`BJ9h&NO7H}P2 z{i5ZTf-Cl|qtsQx*Sg9Et3Fxk1Q|PziD4TyWi+k%OnD4XxUw7J$6v>t;K!NgPH7bn zk=a0go)Sl)$&t|PShW=K$WO%_Ld4Wf4CB< zJTVxITl#7XBU~zK-{V23#SRFdTtovmzqF;|zTki`Uo3U|>XJY4*ysk8V zBtkC_QMBB$5u(KN=&IILQ=w?wEBprhvXFjuAwM&*lmrEFK}eIu^SsjNQD?Ij>4$8l z)3_7seP=f*V!NApxG7Z^7{XW!DziNg@(8V12jYE)9;PU+ECf^d=NO`cZLJvuE_;E| zRQXy&3s>{!9OE?7pkwLoE$a0-b|95PL&Ya#3yozY;2*lauG-MzwVB z*q*S>LU?b#YAS;YLTn^NSJ3C^%Wo1bDcOy|E<2H>InNCKcepxo&KfXS6S?rf*{#bm1G~GC1BC&2Vy<%v(b?6GA{TA*3uK6hac^s@&W! zA6C<)0%2!`QV9$i+Ok-@MDCZqBs5<(BSuRH2BUO_OoeS!hN|H#n5~0tp-~Fj|cBEVPrLTXiCyxl_>(>uojA`)N(Dz9zyJ=@z6+eT86uD56z2o zX<3Bq)Dp!uniWLFoW6YhUz>tIrP2rdW&05_QTzSIwdO|2YfA^?J3lSa+eFKU%CzxVj6^&dRElmSWq2+_b zM3QJ63lTn&%~#`GyPv2VDH17$eG?PtO1xOIu=?kizW=Bf{)K0nw~kF%#JX#y^oGHB z=iZpOJ!#)=BEi#lrNwhCXKPxsN!O4s7n&&fdr1pMJ6y|E>KnQ{_m`*ue8l6n^%vJ4 z9EK${&2(vDD;iFmS@kp0sK0;9_`Zft0-?)v z{Uyh>#AOKsxlf=_PhHaS4E89=_O>jQ7#JwYo@f|svFxq6iM%nZP|-4g@wfK&>syOP z7~p5B&jshIs<%tZgwddN$`9`jd*W~u9L|SBUU0}2|6eZ=E??h}e*EU;Oj=&%t#`Dy zN#Z`(2nh%Fr4Vs&kep&Vl&(M705d!FYo^1``#z~^ZFTMu=5z7mOFyU2q9*ZkL2{f^`&wP1RN(Q^p) zg(5D<(1>$)ncV2@RWsUPF*VwSy`;qTf~;x(f>dUu(zFC4D}ORkIQ=xyp@wxJh)ua) zTK)PPl`CIfG^!P5_$Jf8q{n1}UX0I%v8$$Dr12Nc3rOJ-$NiIx>w`9ET&xYJc|2Hp zwr-)XJ<1k}{g6v2=+NowwiT93fEm9dTd%9Z=w3>DX@sBy-f?QfiWeJa1F-R(VJ^*y zk$3N2=Ij=zUb z(&s1~!_wB)YNJ265V_%iQcVy8x5|@P@m%lLCIc(_jplP)V!KpoM^GjlQHErB?QVjW z%yZu8FUR{8j&kAAI+-yU?nL2)I(>4E1-b?89xYeVzle}0h(Ps5Xld4v5go3(wfY7# zXXi$-E4WfnD@)Mo5uBRrXfjnm3-n#f?y$_9ys2{@77FTF;rCw+OxyVO^fzx1f=kH; zq)qn()QGInY?-@`u68Z9etdd}OTBL<=5wKFlTs#;i_K$HVw8uyZ`KzybwU!9aBuIz zq7-kO!^Uanp9s)@c9U0$k;jonx4h06&EYi{%8G7jh+piBDkjlcSR!;_#`vKdzJZ=M z!cBAZ$Sj7E6-`Qdw#GWv&2qZowQ6DtMy+&^-I2x~$Fm!6LYvbs$2rBRbG%kzja1XB z(at-j$?M4vsWSm9Hg3gaH8v+Lxerdx+Zt);ywJi!>a^9Md!j;w$cXkHPi0TG>&EZ; zbm$Fabx_O%wK>cE6i5vO=^AR4$lm209#ZZsy^@UATzde9Lb1C~ zakMxP%Qw)>q)q+dx36^nI(}1V9IB%!>=Gi&UKQOUdiWd05ov|*w1QIg+w_c@)o3BD z5Xxn|4uJuuLAco%8QZfu6`@QomB{rut-XJ&#nNHQFd>TTQE2(z-sGpCp&5Hi#_+z* z7ocO?tg%BvUCpX#FtxRR6NQ&;R%479*~U~B1Q~0#aYMtpBD=@F0M^@21!sL{2)qO#Uj#~?bBF9sAI0f*{^XK};TAm5yA`BLkqGqa$7oyPnm`-~&f-t#f@vt3I1{r(LOw}BP@B3Cty z2Gf2v=&DOqiJsufExMZikdDwzpHSnnQpaHV&od!$g#E^ns9%Qb&!bi3=fT=s9w584 zk+SyAYh+x{ZXrG;v_JweIgfSBwiq|y@gZ=eaxGruEOT|9U=4cP$svl~jd1!K2JQ@B z%F=nqZ7)P`mzfS^#<(;3jm#^|JlL(N&mJ5USKzX8u50P1Oc*uQ7pPyfhASxyvCFwE z%ruI#+)tCS>)GU+G?7bo^VHbUlv((`dmiZ#62 zI()~kJ}9^t5s8{m3Ncq{PRUbrAE{B8640k4&8pW;xrvX z+=urW&Rne713w)*U6N`054X-rV{6Jrzor5#>8;lt6t13?O{p^08z;cYPEI%0zuwF( zy$~8HpUdZ;q=C{FyuL1l@~Hi+({{Dm``CvhbXyq{DW5;&vAq+Qa>Qu=`-*m>N8M00 zsF?hI+q3B)HVfTvipq36bJNOD$?yH~oZP~eO#Uf_JWFIp5{GuJ+|~5(ZhkBHn)M^| z=nRs8Ar%;XaJ78Z#D84uCYpKI)P9#Gw1Om>#07CjorB;?M_c(wI4=h3T29E=JQfTuG(ZJnc_{{^ z7aFJBi^@?rd{#zb>};IGEq;G@`a2Kn+$nIV!K`zx(M#IEM)G_kxW4XG+LoH6 z7(pm#N91I}LQ1)q$nMkg9IB&KV0_tD4yw|&tD}pD(aOw_=Ql-W1}3B5Z9P=By>|Vi7iF_UFdjML3TTChJM51B;Nd0#vA!p zyP6M5qSvIhZX%JoyHmysxq(QvkqA<2adv6ejaY=<@M7kw8>(z#sO%geIJ_viqqwk+ zMcl7DcatczVedO%L%C+?rQ~mWuj>g<_e&VeLumGBtO-phf>Yk+q@~2}Y&6+x)vHN3 zrd_ZiDWR>k`ZlAM9Dz=bj!g?62u7@2Y;)>K)gwz1LyFRt?JZ42LPemKx-cIjl^!4a zosk}0Sg^DW)a#ajf^6e#y^c2FUdglQ51fr=wHTac>6i(EQ)aDg^GNBZwh-pdpWUOJiG3J!s<6kC0P;Uw~t} zypt$YVQ$4Y^?C$;q*t9VH5f>K6j7HaS`wNrvTUnuGM#;MHaZ;=&*eSQCTm6JD>zZn zpE(#L{6&=kbl%WHGsT*9*mB`MhU<^Jx?TI@FP2;!9cV2A1vJK zk|o9*3AsrKmQXwbbQ2-mR|r7?^LUrS;n8gWv{uO{ftd6+9+D0pN{pmR7u|Ey)=i+y z8=>l3W7*v15|h?RF47uw@sf~tGbNs3N<#>P_8jdupF+~Y-o>>HJWCoJtRIqCHC#-V zAQtflA_RrAnj&JD!X)WlMV|Y>@U%Lr6gfV^M&>YPYbt1lIlTUWn?z+b7t$&PB>9S=CsvidJJiErF;0Z2|@N1JK|qn z4^V-dkBmplBzSNV88tcA9qqKdIyzk{hOCIVbc0RQUrKi^$xo@qg z=?v3DC|_@2!%RV9`R5QNf#@9J7;y7|VN_fkcPhA9*HsA&M#ZlNVwx9yTsEIp4i?P6 zoNXMcMsn%;rj>&+6r2d%jM*AU;_%b;b$H>3R>Rki3jDuOJQ=Ni#}UnlVq%l#80_To ziC)bv-BZCM+S$>IQY2`3GlD4;?EM0-2q!n(5avS-jrDBIUJ*~K-fjgmU!8nAqk~C# zk5Hc)L5N64ODEO}gTdf0Fm_*0S*(8e7na5UdC{9L_QRJW_fQvCi_xZDk)1P11!ZjP zRA4(G9gLy}<9t_qyhop!9;=hv&*qTYglng~e#!Y+M)y&A1fR4YOfb0N`jpRkj`#}1 z4mQ6tj?p_yYIfdS-pXXIiVSa{OtdA#S=Ok4h5bAD#Z}6cf#D$y1|QyY|ZYnOm@} zjJH&Y_Vp(T0qp0D+_&s=C!v#qbj&0Rgy1;(qNK67TVXz~6^E(@x8itFfjA`ieW#gL z|KcH=MO~N3FdYUtjlj-VP%$EWhRs+tnCH`yl(T97NZqE)H^KkO$Rv*i^M7u){dqZ# z%Blza;5J=FsP<|A{fTnlJ~Tquh3Z87}To2byq}=^{7x_1(MsYXd)5 z^kGTZu>GbaS#Qx9O5^YYZ;q)w0l5~#KNKXcd7W)%w(5EY6)=p8QO`V8;R^lp$ol6s z9pU`zE0-Dn4_mcm(ck=YeE+;0p>(5L>=FX=Pm&xp>hFbGaq!>lY>Z&9jfqis{ARW0 zRYYro#=jFI2yH$BAIAGU^XCNGmgfuwS*d(-) zs*uZ#)abibzBH1u8kL1r-|%oUZ|n9+FwT0=a&9nc-*Ov1P_m{l=AAT$U-KEEV5`@R zx(gS-AFFh3TY?OIh{rkC^jhtV&1;plQvvJDnWS>b#Hx|O-9A{`{1il?hru3ZIybk)%7{6V~Ymv&(m{W`icTp6O60_QyAaiu?C&u^YubWNj zp)bSkZCX%)M-=tV+g`L=!|A*HURSrUNlO)1gl)@~#1<1^dnZM+c=!_TY%t3d?`kis zVf%4AmWvmra<*Kbs&I@sZ`WoY%&2fzGHx$2ec#T`LMDrSeW3QwBkG^mblf-T%J<9d zSoDkCH-{4ZP=fzE{nCdL{GZRyKO@JX1V5DE|BhXrhZ6iyg8v!(>i5-gXoHU&+Te#a z_`f$)?$8GReaz`!%XMgjAKKu*eAndPxWD(%i~g_8+uvLI(2IWPMgLC)yB|vM-#bhH zm3)U1{7`})O7O#V@P9*e_n{a4Ut!e0zwDtG{m_ek=tVzV2mc@b#@3+?{`*<-zmoIN z20ygH4{h+nNVflhuN@z*gCDMg|0|;DkCi=K2R~c~Ka55HpZ;Xb(~UOm7Czr~o5afZ z8591Wxub448lOM@z~Sxpe(cw{3I1C0Xm*75rzuPpLZ4(|3581QLj+i@PX?<`$qqr@ zjXe}{#7b~4)rxhUXH9DLD~DbXKBmC4nru&VKj<&*4SUmZHJ1)E9d^OtC^(!5e=0Aa z-40F-eOq#-_tJ>iSeq14JfW2|-ZY5zCSH>Hw{BhgV`|O6p8J1v?@G7ss7S3tE`kXD z>YKyMh~STi<}Fe0_(|-VjDy&1f#Angsl2mn!)$kB1ZI>Zd|c}uB9(VEgWnD=cQL)8 zgr~fBeTq4GnCY+!4oAV^MEDQ#g8ST=5hMp&?r+pZUn^=U#^WL#gi&eB2wWghaZ<%+ z;WfL;*z1)N@F%+%_DH$G`QkyXNR3x?&#&Ao{$)qpCb%Q+<)60!@|)ko`Wg6@3rZLw zAAF}Rd{%Cj?!E4;sIkKNx?#kk*zO!!f44QC`+@C_<3vNVvyfd7p(8RMfq>G{hL}i> zO1De)M>S0(5L<8E;zV*k0e`Y}&JJ0gJ6CsChb=-z{7didCL2@R%a;CgMdu$Wz#^ri zr}UU*Ny2G8s5q-hWaFTpa9db7p zBw$Hr3a;2O=LK8d^n`xaQLs=C7LnPnlXn^sc{X38tI<3Wf|NM>elBB~ST|fe-TIXK zvvIL?qc}biWnX~FXhU>%tra>Z+;a}O=|1t=Ol-^uv&o8v^l(ZIl$gV&8^Q#{+d2$R zt|reV_xIxtXpb3$E&2|8DVb4bS%25pS6f?)=S*P9_ussRQ_FY+Q^a@PX2j<# z0wr<|dkF(Q(F5OjfB)a)|84TW^Y=@B+xCBTf9&SSnR_bp+zGEWFTbq6%=bvWTQoq~V-(5hH@B1FSWq#P*&V^C-7MQ;0)GDO zHr~L3LH5y#{f>h~Yy#&0Y42R4l1kSAZ0Ag8rg5e+brMUPw7i=kUP`TIOt2I&15r^l zBQ(P_Q!KpXOk<@68L25MT9#-C7#fzM)zJV&z|sJ3*%)3j6{oN;H9O4ZtT}5n=kjOf ztaT1+|JvXFvA^}M_kF)_e{1dMfsRCn0zCUL*yq$tzU%gj!(fd8B%K)-=RHs?A}SMA z5iHjl-m8pGAT&goEi26cT&UJCJ~_%({`3X~DW>)%(fn2RWVB_#m1R$iG1+E}*f;kh zJ2tapY>Kn-Nn!!HEye6izya^9SGjl`s7Pg+DUz|9`!d=Zt&-=Zy`dA<^o$NLO;4`D z9qOIkP~3+-jvaH?E(HelbP6ihQ7}{-Ww+J-I333nITmZosb(}85 zj2?p2bM*&%CyfQCE;rA(J7RZk?B3y=escnu|EM4cP3<0%O@lcM%zK^bM^2G7rY|x& zK$%iyR@n{S&>gfL?$K@B1Ft|F*d-4PdaskO7?>MA7yax-zT{v-{8qSAksuc9^Q^@f zG>rk2E{KIgQHh`>fT-=Yp=1JcjQa@B?WqCl>FG6@*Dt-->6&u$1e7&G zT*7f+ot*4qKQrN^_mPj$NX5pA^A@K^PTo|ED(|hBB4sI|%@R&-dU<438vSLoS5Rb) zbbu+<=w8#s=Q%FU(i&WDM3hN-hH7Z4AS-x8D4cfAc?>(S1?*N;0Nx|Wseu@fM`$aN6!qE3&Syt~+0+S#&$sCkN;QDs- zIGiwtp*aRa4jIF@CTZ4!&sCsv;foqWdB6IagG;ggHGGVF{)>VB(2U%OPh_;5!#Ou; z(NbA))0o?sbsM`KWw>{xa8sR4+(nAdXj;^!;JtZvd+IO%wTW7s{F#*>Zn|B5Z?2?x z(h*p`d*vA_)kVX-eB)W3b~iLeH>K7!o8QEZ{)Cu5^jstM<}O4t5#PoaT;e+U?>EmE zmQmf2+x;NNos1rS@738=CNNf+?ZySGn!B*=gN-4xAP-|!ctot!?lR?;VZrsgC>nNm zb+RtA5IA=Xv2YEbgtjk)6P~8YuyNsv)Y8GJkAe0z_FJgeXn1kO?ka?tzjX?BxzmmI zhtC@IE{r?siqmV|G}6kBQi-5uy$)=Ia|w zCIba4WwoEb@k;0=VnmuNSWu)P08e95&sv}Q=C_*E2V=|sK%nFYFaNCp-dxZgOQ|8X zlML?;R5@=Q-*>QO#hPfv&Pn38CL{vu4xd95ssM%4xSieNN1>^Z&?FR!>_WTX$(AM&`G>Pq_}1rd#k)|V&8yAbDn7*@=jgR`sDou7pt=+% zsW%s^892a_ZsiyK7DD;ro8){jTuKboTl}6C1YYXyS`6$#^vpeYg;dt{a1s$I8zIA- zao^l@@Ao=ZV;Y}H*9j!Ny{Qu>6$d;&v+g@dq3L|?Qh?~^2OSI_`#)!Tloj~;e^nP4 z5ac`BCEV9#)^jAh=sHB@n3}(h;s_*0gVvRZx)w`uzIU@Z4J9GX5Pi2ESc_Y|`ni>f1E$O*yKHI`^ql=Ip!YsBsW3 zS>`^2(tu*JHFz0s2mFK$bNY3~I|J}_zobZ5CCET*f`%I@Wt_ZVbih=g2cqEM#7 z#`(|L^>2|4S16G|Ht_*rAw34XKsi(j)XT&GGoiyXZM9Ej<3q6yK_y3+G(HBE&}v=k zrcSWcu zQ7yKC>P(dx%)WB~R@K>vPR=YNa}d805zlxBgXe0a|=jmLJc0S=gOhO z2s~VK{2Hh{2losPeMF#hk3<1!DPxvt@yS=N+JE^$`Yz)=cH(VEc9!Q$*KE>1xZ16~Ku z9dtJovD{?9H_i+k17|ErYidv*ZlK$n-Jn&g`2hTbHg3i2bc$PR_c#vg#~~%^I|VV% z-ol&-aFY5Vq?sa&zFa@^!8HjZ+hAs?9Bo=#9Vxldm3%NpwC&-^#}G)=9%A<84UHU) z${k2dAY!&t#G=%Y9+xDZhI~tGEbQdDa#NT$>S+?o_d3Q2(%fV{qG%ih+L35=cbHKTPQX95EdYj|1Vm)QnV4ExJg zsO%7q#g?PTJH*sNTO^yNdO&_+UA9lz?pwe_H_hyTrb zpl+_KaiEPIi$+YBbaywNj-5$B=D^B6I!uso0~px86D}rNV3o_#JK$w)+-cT2maI9qy-(8_S$ooN;45hl0i&KjFwOk5n9u z#Gb4|_7~Azp=5qqMlgWX=H-_;q8qi-xnS#126Oy=Q4$30xHddO257*YFR`FQE8+jX=dVT}#fCYv}<=|lMyB*gf~LSa6< z{`Mx+5?kEeQg?f&O?|E|dwlXowUOiWA+&u)@YwUd&~n2NL8j{U_}S7bN^;$n%l8u79%5Ht|`_wjat) z{bWGeA_I5JUtfqL6*RsKEIsMJEBs`PkWh#-o50NrTp_~2Il9Edvb^?3{C_8hoWyyD zDY=G?OACxP)$fv*86Pjh{xao9KhJoDcEZ{SYg0m7blNVV?ZeuIL%TF<_Y&IO+JAL> zDel}8bKObJeQCvhssJ<&y-=;obKL@^7b_Nrv}3fEilg$urK XYTufff0nvygXF|^46Qrkec#^zC@~6! literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/malcolm_arkime_reachback_acl.png b/docs/images/hedgehog/images/malcolm_arkime_reachback_acl.png similarity index 100% rename from sensor-iso/docs/images/malcolm_arkime_reachback_acl.png rename to docs/images/hedgehog/images/malcolm_arkime_reachback_acl.png diff --git a/docs/images/hedgehog/images/ntp_host.jpg b/docs/images/hedgehog/images/ntp_host.jpg new file mode 100644 index 0000000000000000000000000000000000000000..6d1813e9ee396826953fba61b0e7ed006f4b573b GIT binary patch literal 19717 zcmeIabyS<(wl|sSv2okgj5}XzY?pkPp7Iz5_1xnBaEAH?XcZxd{ zZE<(|*yHT|?fuEVXWujS`QzU4&Wt=+SvJ=*pWj?-jk$iw?d0uG0HLBBL=JH8-hBY; z-3xF#1CRk=-T#aH<%)GD*blJ(B99(CzAoFG2UnF(28Bi-BXN-&=^cw2yQdTMQE`X6qKuFl!)vdf@+3~Xi zh>RSj{?73;2~f}pRZ7Yq^FZ2UagWit?E4av0La)E*|Pu8FLwBL8i0S-_C6675kLxn zerPTF{%`m9-|*@AQRLmotN(_M*`m07wmNifBnB_vf3CdgymG#gy{y=4wvZ%i=J$$Q z{ya<|ai` z|Ic~NT|rZ+J;V>vZvjAhGkZ1#sz2-eX`g=;8-DjRhlhK5WzP*c?4M>X&)z70k?q+x zY4v_dG=8d<0yk-XN-$w8K7u14+BC(OWtOg(V9B2>Cq+R?-j{q995gFTTQ#R-hP-**Cudf+%#Y`E?EQ>?ckIJ0 z;1{eCn5vDbsnyRw0dE1xNK}!etQHJ^%o(5f@v?q=TdOjV8d6FX6cNuCdBrK&oPJNWRh7oH z|DmKjLP^^8J&`hyf0>m$p6ZRyF+ZVu-ROsJvfb|Ng6%zR{lfNA4)Hm(^sFi}SXvMi zvyv+pi)j8y;uAY|aNO4~%OXbqu%V>$J7Flvs}#eeKX2K3uRo&)QNGE@mBx3~$gP zX?Ia0c_=sGRJX+AFx8Q7W0fqyUEuZ^gP59XcY8;)6Kd#4+(1&og{Gz`>4yC|u zYj2!?lrF$M*3nBGy4hrjv~Ldg4bv*09$%?0o#VDnqpLQFT!ebX()=<@bQsqkzXhza zv{GurVC$nVghyquhT8$0{XEuasX z&W^DPc!y9|rf40MCV*>q^#0D< zG!;e&7p@gK&g^TO_e}LIVOKEGLo{>qn$Dtkj-9#3d|%>JM7XR?gDyh%J9J z5Y7nPwBnn(K+9p)Ieu9*lUDL=(?Ip%Y1_t~?X7M2viYHFOTjeN47C2qnXj}G3hZ3k zQ#zEg*^@^01*XDZ3%+s2J>)-GWJ{}ZvzUt5mt+h+(sRO`>z69?&+;}9z+X<Y2M%XZg{Ivz;^0XfxnLwI+8daC0 z?ed(d)%a^G7e5)PgIN;0pZ+kbzAG@;LA9sd3%6>cdc+a-K(#R#-TUo9 z3-o^CDT#+_Ltt>odrimr`Wwpy*M$Z>=bgp~qj~Min_3F(Hm_C9U|FLfrq;A#aK9O` z4uVpp6y*6eH!c5bJQ3f}oA)&DuzSK&4XL}A1vEPyQCkwi39^c+2*rvK>cp4Oo|U*G zo80o6Z#}^kXbo??Vn5Zmn)lm)%#!|IyN;w@T8UK4eWwxSKfP}4y z<&z~_DxkYkblK0gbh^hkrHZyD>&ys!GW}$GJF3m*Q4Qy$TYy;zCxMZ?8Z#dy$p4d15nr(Y5~=M9mbE*I zw_Sl8?1eB}7#UXXIg!a+kc(xj)PdAyYS+KlvtATV$zGQMkXWm*y zqo*(pjROeQ{k{PqN35q0iF2d-WJ({&sIs>LZID^w;iG0?B;%q0X8=v;gn`@RNIC^f zGYW_~1IEkB3tb?-?D)}hmsscwJVkOsNZr=SG8yHP%68boS&G`e# zp0GRABkUy+ z8;R0N{tt8iTYzK8oD+!l89Sv?&)jc$tENo)q*lmOktvUS2e)l&ORi~m!$EWogQYaC zcAO?9a8xAIChEZnY_SSGW;Ji%qYbPhjWdQbV^>Xh(Kv>T4M(zP6bmf~txg?)Y^O5v2p` z7Nrn(t$mSYp2{&ZSyz~!ljZ@JuA2ce?O|hKI}sc-(pN4o0|Ee!DVwtvF4vklItgZ7 zmP9h8x>cb0K{gWp=SG?dFP7qvR$$RzJUy8?EPao7)?8rG^S zhN?Z)P0z7?O#1uX<=`#gv08k-&X};G4oyO!pB<3H@EFcEocL^Q<4AWQStu`IqnJxk z2QBvzTVDbj%&O9LX^_l7M1=`XjUi556y1L!Jrlg2(Ijq z_BJ-Dz&yXlGF%vYe)NN8SH{r*omn|!-iliewY37Ozi3N?@WqQC(CGf3fu3eFs#FW6 zJ3wgmkrOEI(`cmRJ^36fA*J>6RH$LwfgJDeU%>NaG)q%#k@6Qkr_F24Nslbek2&}O z!I~TuqS+f0dFww?;uSM3FPC0of7@i6%f%Bv3r^Qz8r(89!c?GPUS_=YniH{?RoMce zjY{|k+5BFCQdcIelCZIN-U-#m{7}|3(Zp_HDc> zGiQuRa9x?J;(;|?8}YTxnfj=-$q*j4VbdH3o}*+V_XnCd*4v~;G6x@6S$%zs z%N9}&I6B^Q#8mWJP7@bfL&+q}Fw%JeV^h={`L=g|tUf5Mc*OPVf)*mX6i7W&%b!Qbr}$F#g{_`Z`BP={3o z$c^RyVy#<4nZ(ZohlZ?_2fCNe2kExvSOi(})YfrDBVjxBL~||fUedf8a1N9-c|NKt z723;*8<`_)FK}8|=gd;sB?70bd%~X)W?PXG(JnDn|ImZt7Qm35b!yka4J!GtV3v1Y z0A&0~7q)ZFM@akN(!0a~|3U@gyplkK{m{ zM8t29MT)Are6mzb zJbp^mfktH9aO{IM#{*BhCv=ie=#HiE4^_U7&qQ3U6jp;SSm1m3n;&M*+A7sftTl_% zeneTvdl4aA_=G;t#A)@c1ZB}oE^thMq%^;SBn48^$$u0PzjrecwKE~D7mP5*;~{dd za#Z^GjhTny0l$FCDebxdP(1wYG`rN^NwUgOBlKlqM?RV@G`X-t_L5tUS&4aj;#ceS zxF^^+xidMaj3q~aBh=T|uju#h_ZOClglLK4lo0=9Vom&Pu{PcDi#<;`yIci1^Vjei z<)AER*T$H&z`RwZ`qR6Oa@aa9E`Km4B`J79$j@T*`$UXm`*5tJQ)qqxa?O-oXBL@I zVS#5Dl5a}pA~=i+cjM9D%2fCQ8C|biE`3NS-!iRbmO5+8VhJT;>)?*y9YILVS(DQw zy$$gdZ=bT$(b4GZs=O@mlKnp5qy+cu0nQy<%?uFu5FE|q{@r& zH?w4HXi^CwF29m#uJ<`xkE^(1y#*kouEGg?__NpbY<%-=xiYo$4067FPH2}ajU>x& zWF+aIH?>p>vv;nk8HMn3p82zL+D(|0Iv2}fM&%V*nhsEy_o&$X$WR_Tg^~;$y=qOD z?=-g1iS;6k?<$$jV0xj^+G@eY46&}=)@4G) zyjINHHwRFcftqYyG-Ahoal4Z3=U78g_zQS7>7kCsp_nAG0dHbV95%KDA3Hl_hntxK zskoAO&ymQ{%eSQ#4%$CviI7`?8^Y+PxLU8IH81={iZYf97v_bp+SP(eu4irmEx7^G zEwbv~>H}|zzh!^#$rezU(k(txeZs>-IsDq^$lYCb0m=+?12vizh*q+f`mDnX;5VHh zi6KQj2QM<^FTcdcbe>%6kGWsVog$>BxeI-g7^KvK$bVm9NqROfaT+aCT-N!VQ!xim zz0(o|mmy$U&NXO3nj6WNA@>z&YxupA{W|<~kwX%T#JzN6B8ae4vKAMEEz7A5vz6Q~ z%{eY`s|$(?7*~;3Sz?)oGd~Dp)9;ZrdbGdKfAB^r=Njlk<%3NU~sjcY+f%9-$8nNT(nO~j$j)>5dXzT zGvJyJbb&%>wrCy&*jqT`nZ1H)nBcQtAeFcDNhP|i+ewFr=`6X#P(nA37vOlNns9_@ z1$v@l*v7ahiaci>Z16iQ#khc5ojhd}ZH_us#all-wZr7DgSBVF*c)*VQ|z=eSf}mM z_1DO~IKv7MXqj(&s?x0(+Nm-%C)+&I91=@rDiV*hbzn_jFk2mch0+4#dn=dY_q@tBF39_{>73NTB*X{|l1? z#kj97&n3AjUqbb_{9c&@>zoBnok?JU&S*og|8_BT$#&*?tp zX7m1$pjzGPvc zFn`oRMhta z+0>A*x;c6F^>QzM*qGNQBKL!J3&n0!I&&FN<6qt0Eg5kk8vc36N zwf*b$o-iMLy$&r*JbSv%`*`bWL)J+o$?&;aw3j%~m7dg>K)e349w`Cu-zIwARCztk z#%r{uKkg!^W;anjyD3)%G{TM}!Ak-7%m_`HAtafaF>}la{jWFCD$=j*^vVapZPibP z)$58Lan8C@q$D7L4ZCFE=(oq8wOncSY@O7C@mj2ytnU|Yh*eFmWDq`50Y|*mOq17| z(T`oahnpW$h*zG!F=LJV_=*8U4Emp~uvt)Y-#7-c3T%rZ`vCt@g>f96QCHi_Zpr6_ zDIrvU6o^F@Rn@Y#-6w%EYLl5m$Eqfn&OS;1sp@ZL|I>i~--QLFMtxUSb(LG$ggJ)T zB9C}!f+telD%c|0>b&QjouE6?k(}b`XIZaK53=Xmqv{Hz7Vq8OC)WKH@G!ssn(h{`06Nzav0Kg~ zYR99J{pO?bQ>tHZaMM9rrH{Qn_|tzj%Lq>QOl)louGvB`8)2`)J^b4l8i`KrEk?7E zCAN4xf^5Z2H}}@HPh`s$RIH|^*up4LCL3sUki|6l2hL(G7akAZbB51{$))rLjWZOB z_)SH&s+$}3{GG~^^&css|7XENt*SiNW8tLrR0@0F13G6R#?9(_kbr3+C(yVFU zY(J!Hb$qk)PH@@Ml9?IK7Tj~dFCHG;8KD)MKkCYw&B1{>&-`7woj>})Nnbhc;nBur zV)MuwUlPVpQoz4wxhDWlN?{!6*HX-nYZzG8NJqBaJSf%lKq-A+Et9j)N588PzHyrC zbc0emoaR@XQ_Hp=U%+nxqp+@0tvWfEnf2Ygn*h@kE}b5f=VcT~S8T|<%v5W?ECu1< zypi%_I_{4@21t=?@HD@-{q{SYP%2p9ctLbl^QRKdGge6Gh9DcCI=vO9j#2-V2U*{6 z^=RCQ8C3*FT^8m9VwyIreKCWHAq}n5UXHAvOPE2Vfkq%S+tdejHkTg4O`AR)k4khw zs!ovwlszX$Hbftc=ya%r_Mgy=CCL=uMN-bSPN<9PG=-&?8){X;wr3!leyJXe5@b;I z0d<@O_Rm6n)}F}vIOV0}Vm8s%^>9~I}{@vw6hi*AAaq*BcEDG~`<-6pGa-HO6=IFv#9 zTg#-z;4`YK@#0INA9>JZ4Cp1<*+m>e)@VGz)vhvb%|C?(zXxbf|1dmr`u%7Cm~xS+ zCY}N}M@sVw>)q72n9y~sbbw33oK+jfgpLRuRB8LPY@4Gp>05q5RA#e>oNkT*u$Zme zdgPJCMPzhb&gAdJOe&b_JK`zojBX@^F4TcaakJzi+~e}ecj`jvZO7fc_b>$-=Y18mm3Sm-V%XugfA#+T+w@PWRo66_84| zB7J3MWm+LbQ9KS(cK}?h*=;)M%~DB~Lrs1|MFg~Kk{#B$D3exO6~S@`tfu$#eW=d1#pP4YHjiTC*Vhl-25GC&K>BRgz0u6nAgZ_OT z6*Ju8LUUGSh@;un`1z7cx;ebvf-;T~H)UrciA;epC7#s0ET$uzr{Fh2LCm>kV;Y~; zNfMixmDOWw0=|xyc^nhPDllEJUz|PJ0n%yxz{D51r6hzZLF3{{9?FjPK!q{IEO!0& z-^zaIx)Md^|1w4k$5UV%5D}AfxQfi37zBECxyJ@{Bv|Nrw-e2p3I~ePjXFE2>lUbt zrf=BylR-cJXp)HHWN*U^>ty}xA$uW^ExDo_*P^k%^Ja&gU2!mgy=j@BM?A3c5{k&v zGaD^jPhfer7+T3Ufi*N4zaY1uQh0p~He!HI-#xS=PzW!^F`*E zL!jy+peC^&&r2>l9|-~SDlXTQT$DVYiPFq7|61<4qt|tZr*c<`gNV0X-}nk_OQ7oH zpq|)TGa@g^4%VK)`y?OZ+Er&>M09AxjneeIbqHaq*n%u6&OwNX^b47Mn!}aeit21{ ztqW@(%c0gn9+m!O`?jB2=v1j{;8^^$$5az84lNhi|>K{}dO=fzu%YMv7| zh1bbyGlg|oC8i++b~~bVneeQ+6nX0l9M--M-5yv7XF-t2N;CA?_mg0?2qiwQQPUeVL*Z9v6WN#w&7!SH1 z%LerGpE&+g*~0QmzHF&K5VwHsA0p$UXB!LRO&cys6fGm?>RW+}_pZg7R(Fp^Uqtu( z_bm(=;wVY&5_HP)>dVd#(feB#^^x2Q5GBiII$&#%^HR-j^F|FU^paJ>-8O%L&2{}Q zEDPl=EgG6=N)(brAAu|bf>}UypHHk3-1hG(rNnM4}pT5uDNm8@=*bD6XDKw&m_&_nO+%r&F zlWB*)b{JC^!dK z-{{3~9O+FoI(Hv=QA{@N>G&czMV!l1+njJ#rcL`BI5u0GkDQBTC<8ZsDQG?lF$z8T+%ZzoM;lOr>CQL(+?mQy^ zDJ{jz8&BgmWCYfi4jFvS!Msm_Le<#&l#g4DHzr(YSm`HXI9j++l|<_F68(DCqj`$6 z6Jv-Kxm=QG^Km*VjJ(9CjOlg~P$j!Tc5h+%%1TQIO^3<7gORAX7FHKwT(in*XGG}c zaNOMYV*=mK@*;9Q&cXs+*!FnQs1ll}SQ6uruxU$et2K7wP|nj~j|kK@MF-~ct64>q z+u&7(rl(kW=5*G-&}i(6=zmaYRGT0mT|+GZNksX)2w2;?3vrd-0C>$L-tzTUMN+jDreeKsw%Hk8E*M{kWplJD5vEE8OI1?Au(B4 zAxwGx!={Kf2oP9v=jdWXZv(|DH!Pwf>OwZzBb%H#jH>m1&meAk=rHNWtNMcB6$jx2 z-h~C(ARKWO$f|}0X$lVnuZqzmNms=gl$`sE1}Lo@UMzWsgJsG%n=y7>4lP$%tvZJK zR1&_(TL2RutxjZlStuV-Kb)i9v*%~B-60ofCMU6Yz|}#EP!?O2#tPo_KJw9auk$d^ z?C$j$-@EGt?SqZ2R0AcWr5Vcru!frB3#-D8_vdZNwq{Go(danmKcf62`*vnEIh)SjKA( zI&vNcOXl8r38P-r5y!Ei4>T_<+2EOQXz7$l4{Dmgvo$F(4ysc7>o% zZg$}-Y9>%$H7a#}Qf2|Tw;|vo-+bEdtrC@BeX@ z{O9xMKPzE+<)d0s`{5ddmkATed(c9t0n1fRDvwO>;_{+j`ftdyz){#^Nq3_<&B{wNlzTrw0I#`K zIZ-SCU+;OLyxo`2pZ@IVPaFL&IKsz)Ki2B7sP9bcVHV+AH{$4-OWLVk{O;#;M+4uf zg)c;2_G}5$ZsE~*{6k1T`M(^}|G)dxJ+Q8MJb7_}M?7_deVnA)tk0LLyjqhvN|_7+ zC(Q|y`tY-o>sITj=5ks_gl*pRT%(A=mw0tim8W=9Rn52tqjt)20*hi)&FP(|=DQhZ z58Pq5fT*KeKz_$2{a#baio}Ujz0}8Bz#p_qH&P=vnd4H6UPfK9+y@;=sw{*DXwBIA zJM#OI&bz?ewVawt+BPK6#J{hd_L3^xs&;IVf z)2VV}irbeGh8p10SWq{A>o~r16LhQqf0XFyh?~W%wasg&^~5xuDuvlrfyQ*Jd``9N7ZlX=p2Y%cz~f1*tuPFtktSh0mzRoXHKv*j3P9?S%CoxniAHyane^|62Fq-)!d^b!G%V z;Qb&_R2c?VvgVDIR6Cb(yRoges}UAXSQuP{m$L{< z5KG^V9675aC?XOFDx`k(o&VL}pZk66J3d!#4xhl(ReLb*M=D|YB|0rq1_`5^dUB_Atx9njJ~PES>lnkFZ5#uB1{(a-|S$y$L65a#U#qFVZ^3n3Y_# zo1LAVKd^--UEywI5AsuCnVPy}>2d1_DOjAZzld;Gc=xk`Uj)?27ZOt9r;Y)<+cBC+ zZG))JS&f?>-rY!1YVE(@(*Ksi3i+5XWn92~gLR?Qaw#PiqaVpa5lpf|uiD#8KKP3v zwcMLOs&Aq0+4w>r`k-X8Hb_VC|0F%W`rmr}>sQg~;__ZmOcAUoxgXWzrCv_-C|D7y zF0_gujllI|w%g=YJrp=1G)1`6KU&}-@6}8-`(aDoN=C~Y;JVnZ574Z{Hv>@jA?v5lZDm0(_ST>UFRj) z*AkCzU})cT7~c@7_&_yp-iAf46`O=G)v^IUe+Ya$dkOSB{7gh4EZCC%3S3#`Hhw~F zNn|}yKH^I8>pB+pGR0079H61RsA+m~3$WtR<*L*((LS-4%}<#J2YCP&Zvok&pS)hFJY7|%3E<`_dM`dDm2F|A5T z`?3Uoa^>t$+RcQFJx^ox&=J@Q8lJmSybZXHs>@KH!>$<^KB$Y(NE{~L`v-A zjq(c~l4b!9I-R(`!v`+Zs69=_G21BUDv*D|Y=T1@PjN8!FzIYPoQiN*mo;Znk(om`gnhPOAKN{H za^E4TQJu`17||0PbJ6)b)G7|C33meiy0*sQg^b3JMq={OA#p0|xcJxfB%pU8v#T{{ z327=TL2s5na?isrBp%4YuYFx7t`nLh4;i^95#q<(LqYKJT7J(CQ4aG&tZhWBXWjkW za@OTdkFBY?I<;pjA0HD*9DT|G+Uz&|nSj4<+;0C&c7Ncq1IVvS)DRh~8m2vn+ld`dL%%sdzoPGICSqX&FfgX464_>HT)r3J|I}el3Z1alA zC|ssh`I^^X+k5n8B5yWe%oxwimicSwWI%1%+frM6Cyy&{=7$YoUZ zHL0{=Et7ZXE^lgZjRWmk>W)BzA!Zx|+t}&+?vi$6p_BVd%%0_nLStOmgS{+F_K&|q z`X5swi9LQN9A!p7rLr4%%Ma0HT}$uYf0lfGv{k=vbK^u=FTBil)qj~8VS8qk!Eqgy zC*>+S^KDbbnU%n1bjjB%?wc_+=JN5_(xYc=RHz%ytJX zFJyw<{z8R>SU43_?HRkvrben(SkK#dVbB#NqxXSEJ()#s<g{>3>OvzY!#?g`-;RlN%G7<=EOt%ySOC__^s;ESMHzeYJz3#MeF?+%@= zPp9O?y3RU!Vj$|%z)A*UW8uI z35@52xax}Ak@c$KMbWMvV-7E|OX@B&8lhB85F}B}OmKe}rl}w$daiUv(5+C#0RwxM zr|=%7$oxdaS6E?}m7omze9VVnEp>O1D7&fidY*EBuq$3|8%ZB^APK?=(Ltz-8OXfM zT12rtNoJpbOz5#H*F;!Khj2>Go4!-KWKMY3JQ_P&qTm=;$h8q(@^kOrutF* z9=g@CtQJ>2w9yL4!zJgVotpj&gW1(FlF0VcjtHI`@ZK;5L;m4W|1U{L-uQ=Gnx@Tv z_(0wpng4=u##P6%{mlwuKSLq*2^^Ab zY}Q~3gRgN^`=zQiY#9~|60hpEvA<44gt~qQU%tj&!kMsOe$Zf}UW~^&{YZ_Fr~Wk? zXxTW;0V?@J`u%6uY24Q()TEofAt$~hZI6q8C=&ds^iT8t38a6U%LMUw{QdZ0{9iqO zSl?R=x}$Xe`(<_T8thXF;XTi#zRuRJmp>$OlTTZI{-15S?goP1jM`MTzmYl`7R}gx zdZn0`clKtkO8&dR#7^#`_j%d>{;~dNg!jAuHpwfND&lKCy9JCWtoc+(?Q^7OEXue| z(PIx9)g>`3rAPn!NA;gY0{{SgWmnGU$+A2`LRc;yy``M4I!2B}6!&On!7_anHXq0^ zsPV#Xr?ZlTRRN1_YLy4fVs`#&*ef4}qm*2Xyw~2D6kH0|FYO@a6RX_LSQ#2T^-!0m z0uSLQ_U`Sook}y}A4#I;Uvdw5T_*eeM^%%Y?X)J`E_=F!-%Zzj-^Z>~=l0$ChEE0- zuvh-t>)VZ+{++Y>r1cNx_P$QkojG;9&CV}eeaucj8uYm|mREllC0HJwqgbd-5^FC1 z(8RMQW;iwT^Go3Vx?R}rY#*)BRO14LGcB*p_MWQD`=e^v(;c%XC0p~mVYQKe4)jlp z{)y2)o$3E4)6<2_(C94Zc3UY=%Q7b`VbN4;?cFcb_X@Tt*tf)SD01Y~17zdcr}EGg f+e!v<1vFO__^~m`bfv#O{ri`jzxDX=cItls+T~;5 literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/ntp_host.png b/docs/images/hedgehog/images/ntp_host.png similarity index 100% rename from sensor-iso/docs/images/ntp_host.png rename to docs/images/hedgehog/images/ntp_host.png diff --git a/docs/images/hedgehog/images/opensearch_connection_protocol.jpg b/docs/images/hedgehog/images/opensearch_connection_protocol.jpg new file mode 100644 index 0000000000000000000000000000000000000000..64bd309f4499bd2243eaf59c26a9278d745514a5 GIT binary patch literal 18924 zcmeIZ1z1&0_cy%hkUDfqcXvy7$Dt&o8{`lM$e~L>y7M3%Djg~)-I5Z5g0z52DF~c* z@u6_1mX3dJ3*|TTXZ#Hrc`2ir(RMk)gP*6|+b?^^Bu26BQ+;w#V z01XW;02=@RTmV2p2T(wY4g5j*l}-fzM@2yc(7<~XcoBp270=a0je_y>9uLwqztU+S z&G9P_Do6{WpaS^dJrBHuK$;Z1SAmyn^e?(zg7h2k!v6UO8unA-Z+A5f9eoBNK0yIK zAtA87fRK=sfS8n^2!o)gl!$dYF#TdL^3N@MWje@-Tm+N=Y)ninObl!+EG!%x zY+O82e7tMd@TiDM2ubOv>95mK)6z1q@Ub&6@i5cUa)@*C2ndRZh|sf3%1Q{y@Cl0u zT?s+K!NI}1hDV8yPbtJm%P908CuA1@!3F|RKxdf%R0s+h1O?dx(1UhjfaBn5DEyjG zP|?saFtM<4aIb+3O+;5Mg@%fbhJk^O4st&L%K>x<1~H?c0w#%pEf$jxsZeNgF*dW} zvsYw>6JJ<_?O>Qk2BBEmA5|UC%$||aA>Kd9x#!wSeGjj`j2S+Do z7gsl5KmUL`ckkT~kBE$lj){#+Nli=7$jr*lL6kf$Ei136tg3HlY-(<4ZEJts-P7CG zKQK5nIW;{q`*v=AVP*B>+WN-k*7nZVgTtfalW*To&#wHs^7FU!i(`M|7XOfG)*3Wr(P@C%t8Yyy{@MP!Bb>y>Li zJ^R1rSlIuTXTLl4hhGZ-9vTYRd1w$o4(O?`Z=L3woSl^uavqx*pz0c2`}&6ZEfR^!(+0h9bih6ObH*GbaQ+>>=7I#iSIMp5fyQrkBLQa6oLOG0H9zHvb{;!Y!XbAit(T`7K z7?SSCoynQz`P?8@RU2cXq!0#wyufC1VmB$u)P$K<<$K<|mv;pRH+gOk z%x(%f1n4Z?|JF}Ne=@qWwGdw>aXI74o*`a`=IkYeBJpFn5#`N&);ww-ofvE)JV}t#hy>IqGBZ=n4tl?JC0O;=aDWe@WAUFUcCdM}ey5 z8t?34+>hcry-)Xpx|X~aeqUtkgMbQaSC-~TWQbs1PziHo5kXYkW^I$FlD>}UE%&?D z8#vchU50@n`40|0sRnGFfp@&iPX*Ca0=;jjn#E@^goX%7jNb>gD{4fio37>N(y*xS zd9gLS$HrIO^qQ=0#7l%Nzu@$@*~4g`jJV^Y*8ZSQ2B9EL2@VaPy|Xu%OJvyDw0E>vW#RR*Hoc)`= zs7jvhbYpK7M;1d_eUlS0{2-m##5V+6(c}pbah!mG3Mq;X5?B+)x(FOZ0>!L%job4p zvS0Zo^?%n1tOloMC&IIDsYpOk^R)is)KSLt zez4VW7e?G3CQ zB_4zEYrR}p39n2{Xd&iztm&IlwK^JFXsFjwMN$NPL*KxBL$^)*b1OX>-8(8YW0_*= zGpMMpH|f$0w|aSbuID>1y6};mgoeQc`@JOUNGjT{KeDGKQCRa%v~5;krWn{2(vYBg z!J)%8%9ui&qMm5nlFQw8s;kEGHQXGhVn_eGp{#{_M9RGnv0?Y_st>1A9d|9I9##8{ z`W?85@x#oE6X@8nQBFe#`gPye0xnwR7Guu*R7;XZ%-rcLPnOoM3+@@PCEUuGe6{9f zo+T5%Z=M~kXqLBj%f5hHY?E0xpxhX$Z=aTvk8ch;PV=TiPWv;WcDX-SKx`p>s0}JzC zXs}DJR=?M|WABd3J9m%0HIb3K=oHOgf|lO9*0>{i|47ztd5dLZTB;(cMKXs(ndx$eSP22HUd}JhzyiC7k!VvN(Cp^}%%Y$asq}$50920i8o- zkJ0sSDtXWsG9tOAoFITb!z@{{4imO|sxPpj0f~S>|?iU)QTb&RJDc%j0geg1|#Vo$^J? zoBepnDal0o(YJ=wsPG7Uzt7}wpyrQdx(7^TNA&b3wC2C1{QT%{m`-hJZSjx^wQslg!-4qq7EuI z%Rg-jwJt+*r8RpQ_3s~yEY52g{X^2GH*C+L+m}vRdZA}&qBL@Q_)@D=!Q+y+UVT1= zZoG}3w9J;6LP;eSzSF6dPuA_}oo=5QG|6q2Z(Fh(+}v$O0uJN_nh)~WGno2^TPXWv z1vR`Ky!*UYYU!VBo>w;MV+01ec-kElCD<#Rb5E9*|H)EyOar~229&tL$Mq&ds8r;B5($+^ zKvqr@a3sC>g%bN|D@vNt$)Ak=zf~ER@E>;P)_RKREaH$+Fw~n3=a%mwduh-|A0$98 z1g=iu`IgFkD(*7eCT#OC>MP(VXgLe zS(c~KUrozTbFL;kp*W5@v*!``N3s$ymE(SwPAu~Mq30nMdSa92rojsvx-<&k2nt1kjxn))+6P=*ic@Za zChOiNXVN%2i>5RD&$r+!A~(F#FCM}-ARSI)KA#?GCItD@jIZ&f-kpMv3kbc>v>1QZ zk$i4Y+tl0hgQ+=Kc&T$kmsz0z{1b0VaMy_!= zBVU(zOfyFDybj;%tv_ctLO&k=;9mUYv6LUtGF#^D!^P9?4cqgZs^GgjaJAi{lneJU z`SyJh9KFH}?JaOAwkCy|HQ85x&yxvj;iju?9sv^29G$82=eRCcFK_V<3Dl;D5^NtS zs>1OK-FiBN$Ey~a(w9%fNXS!Gg;T`w;(fxk2{Lqy^d5R=Kk&$nQr%8-xPM$Kl^+(# zb~cAeMU{T<`V04hmN1Ghb@AiG!rl=M73@^iH<+I_%FT~>77w;7v)}sh{OeJr&T?OU zJXDmmLoDZVR1>o!gaRdr3Ts4Gt=6ng&V1_nVGpmPySIz+_6k-WHY8z0sFlvWvc5$u zgZyNaF{zij*!SFwa#WbETS>WVg)@fh`g;icY3r4h89ShK?ul62^Kc@osT#lI+jYwd^)4Giv-1oI}51juc zw?SGmTA-@22p}7qk&78Ws0-@;UOja_Do}`ajLTJUp>_FSPww*%_*YWz>CVmNsY@i# zf&?IzSO&1T@=il=LmH^}s+qQLieHe$0*Y!=3ae7F6`1FIbPvSc^ho4=M0DKV%#FPY=g1gm|!fzLy-{Y1k zZh(TrH1*Qb45cfw|)T@DkF?{HsTO;Am z&4fDJ`@YlVeY{t{L^)LU&n17Z62fO-{OzCi6wsz(^k?qBDp)7e`*XMcrNfI*{=60r zn*U?Ef51v=su$EkfrE=4n}q$Y8D{(q?MKt0=f8W&NAA%ZdNMKq+930PYS*zgv;TLL$b-~Y{TX84`#BJTt&nu-FIC}rxQWy!mp_V(xmOIy> z|I+G=1d2r9--+Pga}K$EpmQge)PaFg;EGePtJqWy^w;vqxZcIRJQ zmiw!2(G6n*2MSs7zcEzpFUp?}#qoswPq&ijMvB-e)z^fcJR=vxEXv?7GwHg~h24dU zKXm(pSaR>fEpT$ak3~h+bIlhgHWv6sruT!I@N}DfL+*8>OHH{Z$( za+{9}vycF;+_NHZ>6Q{~f6lEMS6FR$Y51Z^cjL~92>s!t-UvLBe(nu?TtiOqlB`69 z-lX)rc(3Y?aOdxpI4=9bFYjxdKKfEi&2iSmzfS0B)RupdfOUS9dPu*b_PZRH3ALF@ zI7gsc{y)`zqgLxwY0-G!8Ey{_Ls^#d{_h6AOR^9#ICircy1r2EEB(7ykN)su0`Ukm zUjJl9I{W=^CX@al$RvUEfkoy)baUmqvENND`CU+>OUcf3XPWH)xa;`W0fj@BkMH1- zE)y!2oPG4T&xG_e$2^m;cKgdvH}2BDgaz0A(20dk;n@KhzGp` zfG)2;>U$RffW$GFpY%r_OCbOdMgTx_&mVbqnE=od4FHt$w{2mzKlNNeN2pF9vUX4o z0QlwrKmr0>xHo@kH?Zug94L7U0LEZjX^#Rxb`FTSIfJq-|B2sM@Z9h1_AhyUZNHxw z6dLMPy81-}6FMgPRRV!23``J`!o|VH!NJ8N#KXNta193sAA(OnNJIo7!o?#dAtoXL zX`-JP)KyJ1bZoF9(KVcFVD5jIe!-v;QP|K>K=|c142ljM_#mbPA{)Oa3`}$^Y*aLy zD~QU72<#{jal^vF!$!lx0C|2QIRGXWgqVVHl7v*y*fcebj7q`KBzLEs5+$t^9v0Fh0=hJEeL%5uJBi>m{=HKp)}-51sc{h zG&B$!`^j^q5@M7*fk8~hC}?1aNkU34q5um`c{a%;R4;1lqo@>C{OUC`@-GO@46j9d z&^9^GO|F&hNZb^T#|o0ulF>|QrT7RYCJ-f6c5i&KXAd2-VDdD|60KTSZQ`mjJ2sD9 zqFuV~;?rhkVW>J^@VIAi%SgZ$83uei7rxnJaGDif>|fM@?KUht|tTQ+-i* zIx8_!*y&RyO4W$&*2dPMQo@j{294AGRLGk$k0sa#(ci7n;bit0H?)%?9nGz?#H<#S zF3Bw!B@pKzG^Yyz|+_x_BIH5sSBj&%R|F_lu#efN=5O=pc zd5dj8P4n4h3L2L@0CGV0@^ z{2P+?)&3k3Xt*(P-sCOw5Zu9j2Uotc_tY+)93X*c0h1$lPzrfG+Xje(dhK{t`Kxi2+!-xZ41E<}6LZ{e-ORdh#Hsj&5v&UUFW!PbE9H#*lBB2}SF zR0P2vYsJgb^`%P~$KUyv9ZgnY{r^B@xN#t&W>N8DH_hZ$tEbsLjjSIg%2Wd{>{9k~ z!#rmtB}8=%Bt>*>1soWYVq!e0E9)$ZHFG+b!0nsUgOXFXr8Ww1TmKadYt+IX{jga_ z0tB~ew`Rfdz)NX-=7O8p;Z%S6_ZoW%CaG^rY7c>o55eB{tp(>QIj)W%1QN<)e4aGXt zp*-GSwFsD)vo%Mpza%HDS+JZweG!y{3B^DYqQ&(=83=|SpH>M&HL8e(DI&|gUlXt8 zwb{)nSD}->mk7vl;lRQhMEKB=xMHy>wY<{g+98vX)2VqA?&+H_PeAk;9d}vYh6R5X zGS0x2W5Grr<{5GW<+M^|j!S98ZYHCz`$3F;{hk-)tTQt#-Y9K$#WG)!MOnVflQ>Hk zVf!UQXcC1kU9#E&H~S=SX`7=V&Fd2#2a$G!6mAKZT7;?0A;+2`Wf`AB!7Ka@bT=}R z*6VXLmwoMzt$J>X$MaNgNIuNiEo7;W1qc+`IF*$FEGPJlF$*p(Pcm5_v*hTh)T%|I zmL8H*KlBeJkzi2s3c6= ztf;QBn79rMb*kN4O|^l8+`%8y77t6`s`Qg8L&5LvHYo7TV!S65LYg|Urxz~)<0 zN)3!$Do@eiW^c6v+uYs0M5Q@&3kIx|tj*}O0yq)Ig39v6N!S~b9(bo56_t&~7h#<> z?g*70m8QF|hhDm6@pJ^}rI;&E(bfy3ML~cC8hDJsmB^jMo}e39*}6+HFBzXbCWFeLmx$N2{D7zS34xxP16%T1`r0CUwropEMpMqg6ozU2aeP#KZ#AK#AXt`yqcO!G|wrFJ|`|NS4ATy zgvZ){~n&oTGWZWstSNN^k+ z>B}73u&%8Y<0^kDFtW!}8T=COUx z*_2s?cCf=-_;!x6fjwnOiW6NC^Wodtq)jJ#y>15(=(N~@LiL*T=S_^b^+qkEW|)K4-%d(cZWbLRY<^>)#b91lS)Xm{00bkYl(xkQxZZLWuJP1meOB zw`gSg8LMM!i4r30nV!Dh)oEa^yK9ca7|~5?XKZmp)Ew<`CAoI^X(>5VG+)`v!pI8EU1yK0=?UUsi1?;v>h8Sk3vGJmVszL zkGw|xw1#?gb$fr9P19s4! z#YNI^dPR#@a)j=8*nSwZ`Ks7PA`zv81WL<*8+^gI#irZJY&iohV}?(krF>}T3xrwi zdb|?}l*pWzAYeghL3M0(3Nyy`EiJQ8TFI6#J3ZusO5aqbAx&1rYNuSM^C?)gOdgzP z_lT<&CN2w$_ER85R~FHHKw#)xVE&zp`{>P`?C)4KtoY%x&yAl4X7DWtlj_b7scI;P zlnam|i~t-MpE(fCW*qz`mrz$)QB!B$Q@W7oc{^mvr`}L7hD1kgBnhTeldLXHN*k`F zbXkkn91~(tt%9q#sCwim&*c0Q8JgLI--Y%oLq5ZIp>ayMAKi zOmdGpW`NO%=t=v?w)dJ$f zbosUTK4-l!rw(5CXNhIon}euQSUVr`bwBhU%L}uG0v`FB%HCbu2(_Hc0ii- zVfw@D;eRLL?QRs*XB^AOPGjsAK+WA8X}jttcDodbx`$27 z9$Il?s2WbU@6bq!ds+xd)#Qki}+eqA~!|V#eanIY0G%io}tjY^73F zw0uNo`9?3NzuD9K2GqxRi?WofG94m>%5;nHTag~&h=|(*g#bwAr>P}!$Ku<4H>dVL z?scSx4?0~_lvbE{qamEu$LyHORTWBVzry`j&1JDffiZ=J z$rTDeUh+I&QF{}G?kR-v&`Ot>q=GzJ5b*{piU14qVA3>VLO)?+)E;{~Lq;aWm8c35 zH@`>yHDWPVU#POfOtT;fGcj4+duAOq<}O#^Hv99rbPcATt8PQV{xu^axzbWNcCGRI zHq>27-}menOAnr$N_Aj8FYPCRu7(Blf1e!wbYpjB4;FaL5e$zj@G{-iJNTyLVX7^X zG7$+LD2Sc{L(4I&w;Xl5X}Uf;3O(*HmLm=iPPp$X{=#~8k<*=MTwvaiT*-VB%22A1jq)ePcW@N z!5tYiNLlUQP;jwrhYdiK?<(j;Xm4_mDdL34;~5Z9=kRiIneF_GEy!d0M+0RHa4pSC zh(%>53}X(q`BLvk`wyD~{{X^!T8V7cz36+7zLsXrKA5jwSo^l4e-0k(lzI1Lu5f)n zYOXHJm9^yB4WnAZau9|f((D?_j}i}E9&*$Os0e2HrnGfX*zo2O*14ehF~46~a0gp* z;|r6K_y%wMO9s6@j9Tp1ikz6K?u{BLVKYipU2ICBdS3?Qi3D)O5^piNwdN#?5tSrDuWFg()nf5s(DmJN!H%Qs% zzRs|&t{S9!#!{!QXq)1{H$HR?)1@vWoUQP`=1>2V_c?z54gZ~JtxJ(Hg%`{H==X+UB%8v(}G4zv@oe?Hg-tR&KXxl!g zUhcnqd!BC<@w87$ z+gl)xMf_B#+&1CEo%(D;t19|f**9l0<-136c~4GKuJ*Hd_rq{;TZLUTm!~q*X9!7T zT$Sn#5d0;n#%9^*5n-&7hvQnec7b7K$pCz4ULyjc<2cjf;NGu8Fa5})BLhn)f!u&8 zYj4C32ahvLNeDZwk0Zu03p<)&h9xVLuGZ7)Yd6GSUTs8>BrMPB(2ggIRuT_G02_$1 zPdeDER56~zihQ*S@upBge|A^O)IGu?oUdq<^P=<5&VHu1V=tH!+x zm^QAQP~kWKlg_oB-RlRLv^u77IE(ZjwfJj(G?+FGex5Eqz2v&rX7fyLcnSZRmB6Hy zDtS=31-+iyB|~~>x-_0Q+KaTIls)}(js56JrXv53lW&A<5%t;I6^8Ihy*wqUtLZ~F zNC8gQ>8f`>4K0TMW6K`rXTuO5jPrntQrR7S0*21S_l@N*G*NmezAm1meXEq02)mRH zo-8=#z#_8g_g*ksE(KPvec$_`88}@;`+t-ue1rYCcEpFY1|xyEUeQ7KnZ8T18v05ztV_2DGKQPW#p4+VDTcuo1%RBY^Gl5JmUZzU@0 zEx9PU>*3v3Z93n7A6)NedHnE#JJh*s*h1{6=Z}IMzWcqG>0N&F?yAdK39c)T)Mq>M z7e7y_jGJ{%wi4v>x-3pXYGnkssox%UJUDY{`$TbOiZbO`OLN~&v^+|d+2Zn!cc%`8 ztQ~lO=Yy0-Q;D~>YU7vw$L=;`d*8MZn>9AumRLF&jh@>vvjvn#3GSy$FE2!XS`)He zKb!DEkd=`y*KU2KQ;koe&6>BQ+lM{&$*XPWlF}mPjQecEH!Pz!sv+z4!$t*m%^h5E z>Cf8;WH@Fv-aXVAHZ-iEQ29r1=l`!)EmzMvO6h}{FAWsur#1%#uq z-1j@QksR2wojeO{0XEi15ChHcV{Ly%?A^*)BWd}(t>mLop%oE#l3XX=%dBYCzwNKjo zn?z^Yn@p--Mwf^ZvNW&@`K0W`9mCjX+tZ~_+%E|^#3(sF;#$4`e0xj*iYRD_w<5|n zel8WwfRm0gF;H9p$6`bR7Udix2V)dmjBAvV8ZmP=DzHtS@9rz8kB)|ae=2(sJnzgmsNUK?mls>&-e zV2hzhQ{$h3EDlth<|3>{RWR1|Zz{*WM+w z3v%*(>++rD&Wo$4K0@$9ObyG%KiYzi4}L|O|JvR)$E6Eq?{~Pp?BoktaU3QNd(~3R>k+gS+n-t0LIis}K{0Rq2Yc zG7ov;vtUYQ`%%YUZqlN@MrTd#7P|=QOL2U?2b!boPHm6ktxAe@YVdkOX*%^w3cDC8 z5lUGIFbc*XlPl?7GdSLxkrKAO$)d(>U`0&*0Qb3u<^+YCr;?=~LR;m&{FzI8&U#5_ z!h2N#Ms^DGgmW8J;@!2!+Sw6pZGeFDSubrgBVL!g)w)LyXNG(b1#{}o z{3Ux+(ygA5t(us)hevydQhbfwcBEJzVo1^ZK-h0YIfxX4!{`2+djfg*bPVH}A=)uI8FWFp7C`*9gD5ijgJHL^>6RjsP~d&Pte zV_QSX86`#hbdql8s(B5?5nDgQ(bkH2;Tba*q-9XeU1c5+gxw=%6vw7oRYT1t;N&yP zKp6P}@`TUPiHa)0Lz6k($j)sVJavzc1Q=SFMjhrWrijhQGo#*`=G}MZdQmeQ)2P?p z9*<|8+&fIb#b?0|S>#ID&rzvTDNZKIchtT`79kG<*1j`bC$KoOZ8E4xw5U5&&xyqq zaaIl)>8slDgu4EK`ajA37;{IA#awG{wj)m?-eupj`)G|VGhRI=)QD5Jz%^@ubpXHQ z>{Y=%@XSa}KQAR+u+IC8cO|jw+0xc*wj&lWyjVo|+7xQ634@a~me#9=l(=gN!&2^E z90#v(IJt}y^`-Alqd0aUBynEJbZMguF<6dfG7z#txbV15iE4(Yp_=as6o$)Ia--DH znD#mkZ&qMH<&c01?p1iV(yrncAmx8#a;%V@y5rw(Z~nA}u9~9+hy1XT^dV8H_$y&& z;1+QfdKt=9?3Sz^W^F8^9^##)xQ4z|1bMq9c7;cXd>6|C6(OI0M<-ja2S<`^FVsD!B4*DIs$*la z5WFzz)9`ebndt^KbFzV3PF3s=kJ_HdR|x{bV#{2w!-zKwPx2Hsxg$Bz6DF8TxL8eB z5EM5&G|w_XZvJMQ{bCAo*zs~iKB1}MEPD_`!N`oUu9Fn z@f^m-+#hCyFzhYt&_<$btH6zM89W*33x%SQfd9v}OI;mJSe-B5i_wh|rKmmx*Ctbo zr(s&z4i^%@FgS?dXcHpMVcHZNgDyP@Xa~O^p$bxNc#V@M2km&4oSdnsz^bYEg&`Xo zV6dH>oE%SOih)z>!eDOp>GkvX>byk>NLH$#zE$g0T&$en2`@wbT}DT2?Li-wbPCBa zHMSilIQWI2^26tr0gJevxx{lBc@G208>R;G+gHQ*uYEr=6H9mkYchFp#NWx&)+UCR*OB*D)GA*E!NoNr z#@8t#_;kS?e?@}xW{&EY#9XH%QU5%ciOqLMP5Q>Gr0UL6MajrGDl7dFWr$_1M~tY+Y;=%k5VyD?cO8qSD)$A=(T`-$ znD1NOdAbr|oO^1jY!F(SCRHJ#T^Wj{(T0v)If}r92*d!JPu;mw&NH(Hs0d71ZrGaU zxRs>0S5;N*X|_)gH|m}l-6|MLD%)flWnrn#ga#%P=ZbOFP5B3A@-LPXIqYxWtWu_} zTB4jC9mru(VcSZxj5X4Z05~;arbD3<_OiD24c@2hNyo&sLR}CvDhiw=*Mn zgWsQdpG}R1=wH9alp2v3wws%ySPlw?ZH8vlKVhV76(b zBGv~L4khp+R3}Wm)#-ZTjC1RH5OFtkS#?GAp_ScUMiO$EtGHjWeosL!ZhI z>{j<4@xpI@{VK3e&D5X~kb)(gnpH|VDG(bXqG>z1*x+Q-!_7+w^!5aa7@l|344U$; zE-80O1UwE`>zP^^s&eE69usGk4fKxqMaa-L0nhvU`js1WZ*YbO=osLoDzvNU2w{EU zlm|HQq%*|atT}cWyhIt6IA9ycY=d>hIEAlK$>fPqBE*0!Jd{IxO;qaH?rTo7>9Qc0 zp`}+9(rjW4oqyLZq{v{ajgZ4&!VVz_b7b@-(Bw{6x#lnbb4`t!oG8bX6?(zT{awYa z>|%hzcDUeFZvWFBd~jw?cAZZm=LsoEvs_<>jrljHC+?~5E0qq&B6*z_Q^AuTzZJM@d~!a^guE%OS%lpZHII^|UAT1dZqwnE^#EspRVmV@TrX|R zYJvWeT$@q+Z=9vRo`c}g56UB7_tWB+;L(rch6}BjEyG#QHUa9I?(2!3 za1n9v)Jj1!ywZmb*J8AV4Lr4CKQa1bBkD)mFV-;s#7Vl+BARL+x<_5mwlJ->jy=Nf z$u5h=DJe+I2*JGPO2cz1OkYr=mh(th_ukHqM^)A2!I}h7(c4@%);p{?noq5M_RimI zn*ZP3DNjrCSwEMbVtDnBhH{$4dd0vSWtFXQ_%=)V z63a^|B=bjAUZm8W9a26oI#}2nwvFF$h{6N>J_ZJ;>p4$Ww(7fG?r!&;>?ReAmm1wJ znz@*tO4yrclr7XOTT%E!X1dPnaMN$jy5cPk5hoA0aw9RH?2qMndky03o!G$J$;c9tq`VW%x7jG8Hrtn$DL$dw7 zbo<`%7^&|wEg`-VSD~^9PD#)f-9kYj8YwPNM9Yk-=?|Na(GA;6R8cw9q+nDw6QqH3 z7#MhotNpNFy>m+TWZn|KS?gYTAmjbw27ALSP67G5)<-A(J)aM_ZR%UWkJ)w02fn^M z`kwey`%CkB&)b9G@2bM}DFLJ0PD8{D?XjfVgUfap0wK5*bmsUR^U)^d zM9=QdCy@;c;j}-o`|?r^Nv}%0U3-x_mwz@YnGwHE_m$TDzPgy{HdIN8eTS3M?V8VLpTP`E*Y^VO!iLQGerq9SByxIxRH? zeyz~r06%qy-+jwAWK}O7yS(FlV3k83DI1UbTIe4}O#V@D8uecSJIPluk0)ziE**DM zTVf?0(5?K*I4CzqfIbM`B_ZF!#Kx(p_;ouLleR`!)t>cn-ACulVZ$#)%{0kwF|kYU z3I`La&6fkZYi{h>ADj5bwmj*1QC`|=1+x=%mmZt*k6tQ=I!olnW_0K zZ97XJkPppU_5Ade`u@$xw`|NN4bS(Y%^ocH|02P4+l#_7E5Tyyu$j*Go9m4E7~66u z?J&KLEMF zU?}emw*~+xloP-P000*NP|yJskeUJ`$}hSSq)}1O05mWS0V5GeU)8yaR45of(-$C3 z{fkZjY4%@rP(hj>1r@jkrZ2$=0cjF2Ee0d}`EO&r2kAjDV*mUD8T;Ae@2MhGRpTav zm;V+o1Om3d1%Zg&5*FhZyvZ*lCI}G|6as6by!wM9u=$lNzj(ju>UTK?z>?qP5C-$n ze({J2=41YeCjCWU$%}&e8;{~(ebiqx=}oWz48QS<{PWCSu@2TmP6M(4HYO$(CI&VZ z78VW;HZDHNHGDigd`cqX8zi(;^mMdTG&DDvdD(6A;u#0eT-{Kb(6r^XnEg=dK z=M@lyTy=tigM)*Qhfi_s8U=)bh5_=Q4#*DxAvQ380t(9rpc0~>5uza50D6#53{VfQ zRN+@ZK}AEyz{JAF!NmhB)Dm3H6dEcz8U_YBI#}BuEC$pZl7XdZBG9p3VTlBS{1lMDE31l&Gm^j-iQK?J$i(GE zc;}e{ZEB!SvfDqaBvoTJ`FxCJX0M5B^3TK2e~Y%AJH)R=0?p>pI~1N~M^G*ADD(nV6IZ}oM}qr0*xo|>*ri>tQ3DOlL6|Sck!2mJJgp?lA6D7Ya#*c<47cM zx99%ZG5h7vb8Gtl<>x;zKjq0C$DZS2Gn$4UY53DU%nKVRXJ#%F`}93-7qvq@ZWqwO zM1x5*^`L_%OqUAjf#2zofV9w-G{H@4YsvxXwEg?&fn6g`mrF=so%J2Od9?FnA~O1t zuj|mc88GMj+I+Du)$v09;yV&}uXr-*u8%Ve4Q+mp1ip760V;m-?{k-@^h=sUcZvRu z${Oe?5oceKz@zBBT*5$qB=9x%QizrWg_ZI03{(rIbKAE2bAe~efsu;xz<>X4?Fo-) z)#fy7LpD2x9CmGPmBxM%xOGbTgwp~o=g0Rl-|jIauyiJm1S-JU%(2SHBHqKgRKO10 znhZQ-Emv!D3Z1ysy2!2vB~_o)nMVR|$GR?>CNBLDekt&Ft?-8jTncJVGVP@IcgC9! zCOO;PIXE8n8rr*Me^We<6h;EOQkPHd$I~zF1xEVtJ(XI9*CPQJBydP{hugDbH&U6tpqd#Zd!FM@h`G;InQrpW^5*L;dc|HV zfmXKC%m*)tFV-ZhdmlO7NZ~;k`Pt@a88LSV6QD@epqOu&YG<38PUZU4t=TIw&gWWQ zS6oUnVQ{jtZ1gvCy6OJuh1@H&ZAGa}J1)7j{xzdamD^TOR;^HS$p;B?wGNYeTGmE{k{8an zQUv{B%(a_CFA-+gd>&}qd~_aoc(1nP&rdZU_U9t*?+Y6tfr+@l zbthw5uPn0W<%gg)S1==i!Py3}+SkFf@*W=D*K?Yh4qwyTFT0rkpuO>LsQjl#gh+r% zwfQU>e66J&D-J$OQNS%Tc~b#?3t7<-!~IXIAh6<#yo*DY&$dE z>E*!kww1pNVSx4`+<-yFn<<1pC{l)f;4UVHjVjM-e7?yS;~Bhc603>jDeoN}#`mM! zt0Q##-m6h3!InCmNo|%7zLR{|U@uqmS22i_a9pGgwTM=?*&po8I8$&|g}oVbT6;S* zU+ukUv}_%l>P3p;)=q|&o6{IyKJ$6Qx5PLx&5sh@?xQokCx7RX=Ejeep3Nj@>gP== zF>+b!6%=8Wv7ab9HRT^~7EvZDz#h}y7JA~~Rk%f7-!ZkqQ&wiZPeL+d^7JY6kX~2{ zH=;e(B!iR8=ygik&2Awh%yxx=7wxIq|$AR7u>Pj z|IoRhMF+vu9#SBcWJMYCcm2N3w*HSQqzY&fCqVjIpsT!xQWZ2^Z2jg z-yD!-hJTZhkCk)|-WOu4<}TmHBLP|8`K`An;KhQ;s`=A%!k9FV|F;05|bnaGb6@O`!R^MteyKEd7$Daya5AR69n zmPtNG^2!GO!&mo*Wn3pNdF&X8mqqx3m@-$v%#5M2(WVGgtoIE+jUPatTAb8G+R|t3 z#24JA7r3b*U$cyl+R4URN3=+34#_L*5_|24ai>>3dF_7s?!m;yJ^acX_PQ~%gMJ~@ z<&0)G=guYNG)_c+sz@fZGBV~`b0AlAOASloQ&jY7M&dyM6g9Yo(s_r6&Q?PvI~sot zg_Q}EB{9|Mrxy=2Wlxb?0tbyHp#c%;Kf8*MXdtCSmTcZ zkaox&K8@1r>}Y&vRI5|Ri~eFq5299Dd#KyrI)1=-&O`|W=-O+INY&H~REhVN3dge3 z?9x1oE`#}%c&`w?9V*ETH?Yp&{`Mgo5lcW99L0``@$>{%^ZoC-o ztGk-P9sG6JHZL~MeP1|EJ$uG)w8^?qh|qJIlx)^3!gD(W*Cnlyw3j%JF_k7N+eq{k zzVNrve6}j1`6lpFCy91 z@K=Dt0ZpAuaKURl2|F7SAWD;G&+6AS?5Lu$9qzD{$4zJ!@A9pop93F1ofo2Mg?Glc z32)`f7AjJA*;qxfHwoMpomPK6Zn)?dVc(+-cSFU2iG0Pl?t_IkoI+Kjhfc==XAXgK zQ{BN?=5Kek#A2({r$KubWgifOL85sV!^#c`>|Nx5=i43<7=nzK{Y}OQT2BB^VArG* z5-^1#f$VqA9TS%^SoLww@b8Gm6e?@G2#JamAHn=U4Syh`*w=$MyZJr#%>vrVvJ>!ZJXaI@y?g- zBD(oNN^DU~&6WC@$18i`mVOG>pem_JBrx{op?2&EffR07`Ku%;T!lC;sV?Um4o{oX z{fzt!9;JITh4bw)K9*w8ltsXg2i{Xt+s@s2#;uGk`HmfpsGAFRv}1IpYT=XkAylP{ z(BcJ}Lfz~1i|ZWx7fHhzOHvGXs2@m9b}og_G>trTN;TXZ#+me`WWrZm(^9c_5^A1Y zdCK;jVt*3le)nU3q2=%!*Ei`WpNcLsc%8~pP>1;XSr@^l9|igXwmTOTkdI(?Kjs2OAH6x?&bT z6pp4C!DQ?XIm%OKFMNCpiZah|k%^l1S}f?25n=7iN97mOSk1~aS;`~31;oY%(>?5$ zBB8{mqse4sUM}2T!mqo-zUvMWNG2FxCwP=eFix)K@Y?@f!YwvbK7p)94t);rW8(a3 z8&}qmMQLh|s4?7BX;Xm%y62cpqB}g+cFE5s&O;gKD44&}1E9LrVF*FG@_G6*D=+i5Y zPpgC~B*FzieKSYHt?m&jkz}+a>n<8U zw9^SK?lQg4(>yhdGe@B}@lM@y#=FP61!&9OYGmJL6vVx;BL86_$cgn?0ppkIw{h)M zQ}Y2ku_=`snTzjGi#zi_x4TbhPJXDahmqZ)xD>Lxdcnl}ciM2lD{fY} zefYbR&ZUhXCEKWK^Xy!`qm-6w8?CBpr>ew+so=M8=+)OWCF2AA;T0w-4lBlXgrPb0 zHd->p^Onz|pc0#(hj(kvdhYa4NV5ut>=Jyi1TYseA?&FA2bI;GabL6}^-Yt| zb{<7>-KXrU_pU8V-Q0cAg? zKip28J8(efBCsX;SNfPKCvU&={78M`oc;F{RgCk$akam>GnHlilBBUuW*>TFLdRO! z7_4`=2t{>}YD~_j$Qn+ebNa7Xir;L`Ec)~NvE}6ROgZ6PK^wo{_6RdHtWwyI*hmH> z`M|~bK3HzFNPhnKCV0a~fUhpo25k49=?EW3rn=bdP^&o_6q6d~@VwhIrEa6;3%okz zeu`P-;F_GRYp%5;0SWEPAEXNjdPrb$ZuT7iedDrUu~?Uq0>0vRHTW_C&dtYS@um** z{)Q4nw5C7gXPAO-z0a!y&bKO(+sKDoee&(!r1YQyA$x8&_8y) zbZWiCNghW6O@7h8#MAzWj(S~sm#fWjn|GUq-^A#xnpgCpCV|~gs--l zC9)T>`K4=>u1?u?M3QJ4hb;VVY5m!*`u}KUX&SRBfk(#Gv4Il2m_F?w+26moJLZ^e zl%4V!^+wl4q?_1ywo~b6C{KRFw@#|HZK8l}`UjXO7xqPa!V$c0@;mKGiinw8?lp*h zKo2xr30yESMFImyp!>;wuvIPL!Apd7l;Kd}^02-lrMze0xAKa>wI87GNieXb=^YZt z+5+836JF!%NPxfR$T#DKKUu&1J2r!Tk~i%%PBqtGNvf}NRW^^B?Xi~8j)kl~?eCcH zK2!Q=+l6*el6m9X`7Cu~Q<6`d83go)FJa9#scaCfsW#O{dI}DSKZyOnOqey^U~kU2 zx>J!=Ji1jNU%2V|<6W;|HsTR0nvWbmOZ^%oN_Ai%2JsK+Bu= z{Q+~B0g>Q64|n(bWndZT1xqU3-xPG#bcs|caNwCJIXz}0+~K;@u=Rt+3X1wQgG7nx z6Pk}`=Q|H1@NWx>IBJsWb@Ri`h_EmjsVNb#_b(J~y4#twPRD;}eHqe}fgdvHzK@Ag zfA5AGhRYwbCG-VeS7w!OIQ0h8)?9~Mj0RsnBP@}Pv}?D&o73xiVuX&SybJBW%!aSi zO(U7gJ6h-ZB>q=symOm7Ya@7dZa<}32tZA@OY^PNYpzA7A+R=;GF0Dj5V?Fxmi7HK zu%keDkT@P4^lLY;pYb%Ge~Y+0A#HJw3ABed9}?7n9_gM-!9PC;Nlk(l;abrB?;mov zL2Kinh3{-$1D$?q%IN}~N9yZ75{Ue(2lZp4z|#fti*JAFp9BT#xGo)ZqT;Eaoi{Hj z{`o=sB5Cf@8*~6Z!jPoqe{3UqvA5(dtp zMpsRPI*;A_^~qg=KXd)RBK*H!h4Fw~f4E!WdJ)DbQNug7hpw2S`&Nf#fqz*7<+^XV zm-wKlPePzxW^7XfBABI5t3m z;yE`x38--}@T}<#JXduS)K9eZ$`JXRZ2E7nA8CWU*nqt7gBGh$?~r^9?f=&L|27lk zwI=3Bz^KV6Lt%aZ^6CY@MuP?vygj7l%9FJH;rGhD@_R*-4}zETL$zC_{#vte$Hd&o zl!s_H{n9??RFyz=qPYYMM6lf5?wdD)hYL}Fj(_;tr8o3cUq#-{Uxs$FejM?6^?kb= zct$aw7oL$0oPUeoFHZ`W%)Y)YSz3B`zr`iJ#&b`4!(@xJU%ci1YTjhX{v+tl>mQ?UXeNH~M*mAj-Qgj{QHC$i z|K*}Rgv~4mEUI@mDYKWY59(CdG$tCBBgzAjlK^rN^)*yh_P&Oex&ri`JcvO6@dK|O zS~$3&-vR&!M|W2(MVXu6=kS|Ys{kf&9Uui^5%^{nZqCvg8uxzxDF65A@%R@_(9h&C<%v0{obN6RdUD!r9dwq#uB^u$Q~@6`caoBo?-2mLOdU(%h~fgCPC+ zD&PD!di#pD`AJ`4I{*?_9W7Z5Z}sCR~t;3!AJur0#HB|&;V`%=70wP2Oa|M01uctf;n!07FaIx z586}xY_9>fG6!410SmB&9N+{v0A@ei16OMR)&avGbL(a;0AfwRfPyar02s4K~E1_JlNA?Iwty60D&wRm>`4&7Y7>$2N(YaJ}%yM zJRF>Bgx9X$ARr(lz{MvbCL$mPX@Z}am8+I$=-6OG0z4c%F!w(he#5L(0#j%xAY9{j z%nB{2_^3b89anSlGhkw&V_>7=pj|;)^a#L(0y#&&PJoVzjdfN23;IDwM9hFq!aqz( zM$V|EqpKgEkd#|H!XyBqQ>5iJ-8?*>1y|R!P(aKOHcQMbLVE5`f~sV+&0U_xR)YP~ zfIIi+u)huYvtLY9bPOysY_L=cWDr0_$Hl_L1gGq06%-JtfsV<5K}5zcsOg$rIYbJP zmetaJVrKC)=VJ>o38PEZg3uz?9+ONg@~@B`MOd|&rhkm`4=5DBZ=&D(i!NloZ!(1= zUJpK)HfFq27pNRzwWnwiEyDW`n*Gdnj>gFf*owc5K70|aSABnR{XO4uH!tOg#o>JT zTQ9W-06^Z17X4^5Ym_e_N3_`J8s@dy7N$2ghlO?bNj&pXxy)?g`Jb8NRq2iiY*MpX z{d%ic_}4Jn&Ku4yf&$5$(umQbn?Eb=S)XR#68#^Tg<<4ow6}9ETUDad^seQ3NiuVt z&8?jPw;@^wou+3UPs5kG&2ZSL9H7b?avA8*t_TK>J^|vSlY3|1jk68|^DKQ4Y2cT5 z`Mp3^&DZ_u^abd;OHEgY^t%%pzcro9Y`-JIcCF90w;aj|X{V(S@>M6f)oW+I0l`^4 zN(Ujv_gv6Pcj#$&sK%_XiHYNmXmD1W7HD&+w=$2cDLa|wr@85s4p^_oYiT9gO0fEc zsF8)HN{JXM4^KA486FJBOROdH%JDPvjHe4CI*H<88&JxX!b|hh5A+i>4tZ%`T-c$m zY0-=~(H-}i;hy$2>wMb99?BUej*QpD(mvi{*mqzqATdlxVBug=v(pNV&{9e03PRkP ziA-!XG8C*v{ryoQV89AnC?=qp;oh~7ffcE zmuVSzKyYJ8UGRtSi>BwqnTByWkb%p)m}5CGVMjK@(BAmW1ICpZfVzx0=u<;Rc2bUl zU+?=zkE!mM?&q7R=}rZW^p;2K#wxjI4l68`#;GbRDEJhxB=ag>px54XYWqXaQ3*ro zwr-8=+>4gc=}-~CpLeA2(hW#&f$Rq32J|JJgd}Xo_}HM{&OG2gz1Qhj5W-b!h;3_Y zk-+I6VSJ|9U;1FPR)Q%nFT~;OJ|uNxabve2#VJj=>KTqtdiL@oU&ey@+0(e5>y0{P zF1umM(+@oj#o7wEk8IBK?(^dbWwelji@tbi&e21r&ywjIH|lb$T`i;}?BrIr+fG2A zDo~$(M4fS zE=j|#*AT0)Ogl}RcVf{?vy86#_N)q-Uvwk5u)cK^_?cU#3)f@fhZNS9i%;V!6Io72 zayTJWc~}#w)5zZ*k{O3wcXO5Vq!5uG@|qQuzn5xM`msnO*YvG&wow4?bg)jYu-d~F zB{+gPN-S%V#X6pul1*w^fGFsZU#^~&!QJrh8q%aiT!Jz^XyozjN$8M)*&d1kQBYhPEkER(Q< ze%DwElL<|zNp%#=>k$kxF>2{|5*1(QOIj%)I!<Q+QNrv$3QyZ#=7m@i zzvVks-wpI`oTNKjI1B%hy?YT5v~Juz`5)EIMQrhShxl;!bSRIUoE_t=rEzKsn&LxP zO^IfA^=lgcm9fn@&ipe+VVwMQWdh?cC?Por4ZOjhNcoUK zlVmCt(uX-2o7eNhssZIxu6Ts)Q|fj6lYROEv3n{G^*G9AtulH_F!KG>Y+F6WJ@)7& zAYgSwVL{xXz*aslF=?MK{T9~iKTZw+1-tErM+*EnUoo50f+aQN(YJ-%Z^>^1ZyY{y zsZ<xhI|PJ=8bJn>A^4c|x9H zPAw3Ass5p3#20=?GO)g29d=$5Eo#-)Ng%Cb<{mLZkdsTeHaCW?Ia_=Wo`&vS>7A}= z5VwRrQmn18p8;{wN>XEEp_6+V!PL*e6{M;ZT~tt*#{3`!1I$I37ehoKZl{hmg!K zNIn%^x-5N-fL!kNp0fW6qp{z3)0m|0`-aL9GHxGE4<2Gp70W%*@r1NUH7-4s-Uv^a zVEz!X&j6`?Gm(Y%SG*&U?L5WW3OTKuVM1I!vH-%a7gN(d3bUhQh!wb&UOac`fCkh! zcunR;YRq30^IxWx1ku4{#&;rnGVu*xK>1X}o((POS_$DyD!!dH)@is`WbN16M?K)P z>ese(TS@8M=D{xgXgSNw@CHPeVZ%X(J}NCJNG8C@*VCzyl#5kw(Y>Ht3;zI0xoWAv zM%gW+Gy|>N@o}8Fp@i5n8KETD?5uZg=;3fsMchdow+t?Xt{qVd5EP^8>$Zrs zQ8K?Llvz4D8pNFe%|s9$O?T~!_c&YJ?p5kiqk?tXsZ`~UEbG9vlN_P)GVWoHO{pV~> zVdf%)XZ6vmnU4`p3-1v20+K?_RN0t9@_4eb=_M+k1yzKo>aL|XF=g5b^yNs$?$a$| zP80F-ykx1`!5x{vz%J=ZXKD46$(!+@REk;cO&{NKlFSp$kaP?W$f8B)&C*hC zSjk*HO`)^x@tI(kTfTJ6R7t*vcSp@cXeX$1+mOZoIwe!Cnk7()y# zR0j;#xth3@1E^vFO6|?|rUL=C_>D zvXjon%uq|smdhi|g=X&e2(v6&Uy}qsB-%C`LdkvZzF)is%b`C1G z=}TQq9$u=K{z{ro%6&;0$~p=P z3OSHvO4-s7hl+G-Qb#6;lZ@c{a^0tMSTN z`6EhghpXv`x(Y5`%Cw9^bdG(F}xK`O5vqOQ?7M zh5K#*cbBU6RQ|1FN%%A7vJEGdkQK?NE^HEI1ym~PT_O`jRVvTZw1VOyIRtvRLkxzs zq*8E4#}P3L zy+K_!KS+OMb}^xz*HbEMPO2rOoYGi1_nGRL?`F(_vTPU|N&HqMCwDa?q*rb$!Rch=e6Z#oNY^1vx z!gqRwz8%ZRd00vm*TRKbT*CG5U)tW~p8;T!kXauFRX0*j9UTrvGbBuh~| z4n@4gr<*cbs;N}iRhoq_kU&C+L{Pd55WM)VQm0{OU7P1*Bi5k4xRNV|LTmVG%o1MT z!%fXt<{7wJor1NTLX`l7kw1Y~?OX3XgVs0Egp0#Bhs!@Fgc9WKH4d^4N4b%bvN6H0 zBlv2pgV-Y#Ui5KF+>VWN735*0N~thg8FHU`{XqXK1y@7ik)GXQcd3~4>sCHNe=}aO zOjsFfqG&MLV72l958GQ}=nS)cG=@H`?kl!_aF;fhS8i!DZ#E_yxg%#T0)r$4t^$iQ z)Q0OD*HR_e2}qohEScspJ8W;^Hmf$}&*|6p5!D*St6RslWNY`+c<&h*zJxGyOyG~# zmS`o|^^`#g3CT_zH*O}wZ&Snp06G(a#JE|(R4QFi(TgN&%7fOB=oZtxbE%=dj&^!o zdeQ2HnBJ#e!AOAPV&E(J9j3WQQZ7a{5_1)U8F;Bid;wT=r(;rurWbN9I(1a|)b>G& zo&y`258tzIpI**pW!vlzi!US-Qz|p(jpi~ka`z4_5=g5UoecP@McU1g8cI;U5j!l& zNkqw4oeh;&={7Wfzxm?Wo{c0ZHk$)lV4Jbo)!|5*5|&lVN4+IN5;mS#ulNkIqxw-N zzmi(3TU?Zor6^N^yX!#NRZT9gYX-KVCZCFk;QE{@+_>AFSmr+Eypn$>A>ye@P4X9J zD!tJq+b>Z$5(m?V^)0(rd=f>2)2Z~FHETj8c(X{&lIL;^>flDk)6?fEtO zpm$3rfw@bO;gZFYE;bwtspwzvF163HW_djo-=735*4z3u-_I5!ht!##Uza#24%B$} zBXqIop&*6u1a{O;)^N_`BhAT!i+55o11otxt-P#Uk%;lp;U2*<)_A^kbL`vuGp{R2 zb@1?TIP0DbJ(wizs$QNL;}y&4jlgLy7jDOay{mElR3?|l93NMoxp3&9T21MRt9RX` zu0VmGajZVY{MdZ2bc~>r0xm(5_bI`qJ;O~eVbeCI?kLsP1*bPY?HT2rOf%kLudv8> zuEq^M_8n16u1&%bAzGxdFKuI{Gz&-J0^EIT22L)il%@Luj1;Y|50hZBMBuUgci~?% zMWRptZs6ZD{>vDcs+z!mDJ|C8ZQ5Si$48_xHL?enLIR2}Z<7=6O{nj{=xD`1G+cAP z9E)8T>BW2eKQW6`=nK(-J<&rPQr`^ zmxFcwFfb%=Hn5AK4lmxw-F3=(p-~UQ2ivKC>}^Qfkhjuw#lcl zsu>aYwa}&#qkv33POx*j%igKWUB)Kmwr2V6l`Cu(f*me6RA75()SqftwJ% zx%1|2Nc5LSbAy+{Qms;7rIs<}!JjH7Uxa9$Riyvm6{l{eE75B!iGJmeyErm|XVFpj zqo!`^$ZqiEyK3&LlSZ%bRf>=P#A<~ud-(;oRcgzeG(Uelnj07ry9a~zh#v(^eVSiR z|L}A3{;TZ!yH}&3$XJk38G1hp=P6!jN~F3cM&igNAHM8qt<$>3q!B?k zL&Qk&eO_t=imDdpY09dIx^?p{_WY=quIEv;M^n>u`otlR_^WTThzyTy#KV;As0cc0jdw7r;xyRLNd{ z^nMw)pGsdfiOw+DQ+tgeB)7oJU<2AM7AF2CDRDXQ>^dD$*|5%rOW}qY2s#@osy{Qo zEI|U+QDw>%7}od(>$AhI$zSi(_pS$AKVBglt}o}rX!ekAn3r#$VJ+s@M$}hFPz-QK z$~W|O^}guZpD~Yzb8K)4g^MX0&|Lda?w?i6*#4CLRd!AkHe-h}_ho2pu=mza_54@e zjc9&zM_>s#C$`|rx8ZGKSP#{Ep9{lz1faRd7yq z5|F?i-P=&JwuyC|wRnT^>LZDpvqHi_H$}y%nxz33wj#H!4WHerc_9AhFPFSZlLHDSN8=G(hh{|!aNTX@pB`u%WBEM4;=|Oca`%KG4iz7db+g4eSY zA`bT_=D-P`wRhLARle5YJQ1d_lGl%>i&RT;mKPxz)$Zt@jt{G_>RJ{G$q-@z0Y4-; zo2GdQh;+!PTyw}nM{rUC8|992CK4L>`cBQ4-NdNg%+EGPFQij9&t&atO4wTQ;vEDS zG+qxWKM^UnHoRI1*R(Ox9#6xf?S=xQP>;}#Zn8(k%nmhi(M#gh6kO6zNgQJpDzhB9 zwJ%xyNrPxaQ|j%~R^8PxOQ<$l&&d3#b`g6x(YhH4A;&v!(iM6*SgfZKj0-ibGW~)f z!}^6>M-6bhJymwC-mwGU;c}J?HXr{~=>NjIzI}d?YTZV; zu|BDS5N{%7${BpbRE2PQG=V|vB`i)wh=YTBz$cZQBU&`xCnADD!q{2686$oLUEP3< zj7LuOdbuda+|y6{PuWWG4Qg?+$2u|Ye1l19$Q?b2Aj=jMYnU$xz+>yi&V0>pKFa!B zpN8b?N6S-b;&DuF!=S;d~vPEi^J7 z8CwsRk80;+>IsAr56s&O|HlqJL|b7lNoVrCpL)cBYyV4GuibLokEM~~7f=_TM5?@a z7^0RkPH8l5AYO>PpM^C(l~`2eFQ#4RY;^Gp#(phX2+l0|dBJz7x5nGi{@*Uz9S6S$ zG|Ra2T0Q(H-|8zn(?RIYKMs<{-~Qr5o%(lus1E?(0SFZTtV@5Q*u2e;2&xftNNEtT zM&u3c@Uq+zPicPqkB36J1OEIi;d1SJL`Lk__w)^AQ*>V^*42W0%N_$L&+a1uGo8Q% zIwbJABZ+8mqt1N3FD)rvv8Ey6!@l|DKkgRzhc+Due+t7F;&{#^8F}^94&K`%m}+VD z<_A6p`$GPcp^p5t_>0s8!gfWXD4NX!m0^jpnP$l~QCCPH=BeM}s=JtJU zyT;Fzj_X~|&tA@dI;URw8j-T$yB6)bET&ldCV6dU4O4x7j_;9ir^48Oqt`362r#8o(|-4M?u~DsUAt>q YEni2t>oH&UOA%FYAN+d(4LSLL09Rrq`O19QM%dx z!dKr{&%Ni|_`iGp|9kG4JZsIdXN)<xmZSdyll*`$`9(thgGN!XJ@OB@n-Z)5(;xIAewFMc>0nF51Rw=qqN8J=qhVrT zU|?ZkV&f3w;#|3cLrzG9PfSHYLrq0-{W>k<4HjB@PKN8(S%ug*xq0~c`Ds{gi3#(H z-r(csy+ne9g@uK41&0h5myDP0IvwwSIU(Ky1em}JB#>Ep0GR*@g#ZcB4A6jdqJit+ zaw+^sNXRItXy_Q2SlCy<231!tC53{Fih_oQiVC*&1?vG+0yIK8p1bHoY7a2zorrm# zL}y|$NS1vdQSbZ4$Y<*8kA+Qojf|XviJ66!jh$aWP)PWeh?KO9teiYVK|@nZTSr$< z-^|>?(#jfY{q$KtU{G*KXiRKed_rOpJUJ^nCpRy@pzvjRMP*fW&70b~ zk4?=jt)JRHxAzYW4h@ftj*ZXG%`Yr2Ew8MuZSU;v?H?Q-9iLqCb;;+?^ao>q!xsU_ z7cwd;3M$4WUr5Lv;DthfibltSPIy-hajxqoL7H5Al_7`8{01gTgIC&@pfCSLpS7{sJyuDeH&gd52rj+yK@tqC) z5(n7FhM~sgxsHod*adTBP~#3w#zlhx0+3YL>krLGJEk65H7(O(8(a+eAo+~tN=0Ym ztnu2+?zRO2@NGl@L~>^wQwA4)oQ+>=5Wt-6fP4NS0#FeAeqTD-H*fr zBuGsTClJ6k|8HY92-(13d)eP_>qAf1DtmYlK!8sXtfwXM`~U%*Dbsu_b#pvEDn|hC zW)MI~sq%Qn%sK1#+sXd@lM=rF3Qgh-y5dDjyEl(?>T1r;^k6fN2%xzS0bn0$BY=#s zo2Q!y;3#=-s_+~E^hbQZN0w^i|BH+NKhK3gdl#h?e>4wTbZDw;o4}^zW@9B<_WO=n zs=h;HO!e$F@o%LR;A)ME=s94*oO{W(aM|a-1_!FSs z#IHlZ`MRxKc8dJo-C`I)G|hqGP88RJ2A#CXDXq~jM4N9)OmjcVzOyx|q;Tslq0=K& z4(;=TO;ZuS5gnoHb+6Q+6gdAhX6NGS_kM)vX8LYYQvm|d#(A1b?e+CZmtoCrDUE`^ z!LsKt=a1RO(BQP{j+c^W zqhV9sJL4OPc4Lqv$!ZPH`L>^CT|%Y{=QpqZl4rcS#nFzn+-PyJ=}x;>1;6=PzorTx zX|ttBk-BoNR?uvsXW{@99*5fNz35YN z#M?^d1oE%UoFkte>bgrL70agMZ^Gvq-+7W_U(r3Ad(tZMdvv(S-o}CJgd!35H|Mq1MqRSG?dI!|aKw$$C?Q z`_CCKICqa#G31knlQydau2?$WrOge~8L)DWHZiCNAXjJ^&0@7&kFqaDha}uHd?lX2 zT(y0Rt%+Ks>HS$A-FH3zsEU4GwV%7?*Wp4ux^V13Nql_cen=98mra%YiQRpo$1sui zy>_{Q;~kpy325?r`w`kq42yKS35+{_Cd+EmALzafoo_rVX<5(7;O=gj%)Cb3lj&L#6%K~mGFh!PJwJy9`7}ZfU>(o&z_Q`nBlCK+7x;48VZeN(mgZ4 zIIG-@)qtwWApp!`iF%WxL$QVkz=+~qaxXk!zc%=4Zu3)eF?1UZm^D|x=h~n)7G&jl z$7REM*_m&lo_2T2uqX`d9BJ5Ys~Bp*_nHSv&eluRr-$bho19;@q0)ugPxyP^_g>~l z>X-U;dFBuMg?S#1+jOp9y*(x+jVTArJ1>{5>k~g_%?brBuk4#=LG}{s2)H0?3U}#$kv>d5jm1c_rdxM^JC)!pVf^0v^(^PI_h4lSs zr-RzcFv98%RKUUAtT$%CHq9hk!*V_x37eDhCg(q z-JnA*($1$`7N1UTr%0sO8LHakmNy|9NV~cqi`6~*;nV4RUnG8{YROb{JP}KOq&1A| zyN0=&5nV;29~j`Y&j+(1j4G_W3+7QdS5-`Hj>~*PT!Xi8DrBQ-lAC!0g~=u*#Bl+K z`-FJtzEBtC=lp>J5$FW6z#hq`HG`a?{iHd_^d2T!HhY<-o%eH$cRs2Zrjjwd=yD2% zyP*sF?sfK(vi?&Ens0&`nCdI)7Ci*dzTlXfVdUy#e)Eh@Q+xGj?1{Mf4GMxv{P>Gi zW0A{6N$S-?()AKT6D(NFJZl->)Yc~=iUM7BI@a?+`nsvA`>sTwD>t|0Z4vZ(ibp){ z#fI;kFIl?8)Zq)fQhv)?WeSe?h5?uB>&_uJ51!V&#_@6Xln`Q|dfAnp#=BAzn0QOjmmhBBLq=aVnw^=Tp*<>+mhn+ja-f|TFwe}3r`-RJV zvP+J9KrF`yV11}@kFiua_T0?Zw(}h|0%-Gto$NcFV{r_aBLLkQ{e@33vWY8aJaL*X zWr|)#_sCVFVAx$jDsN*jC)eu&_3jEkpBcEQ)gkY-Rnu!6ON8xF4N80sgIx&79azkq zW4Pg;&VdR`ga(R2XxBw&Jpy>Km5Bfzf!fvfONojb2w>%Q0c?g8)NyPc^S@->oD21` zltzY>EeRdI=4Ma)4T;)0+yepJoszmZ0u`-!O{82IO9WtPgaCRyR6)&%3shT%XnrN) z4uz(+-J5%F2G6+Eb2xs#78^G_5nmjhBPPVxZTr}i^qRJ{wt8zTXnSqTo zXPgj}W`SC4)Moynb{$K2d=0Pi9H4_0^UlK_1N=SBW344*ejL805^fP zFM`o6VN+C&O*6;%JqW-UT#%Ve-gX)5lH@nmVHz0k-; z4XV#tpTr|SJM~y3s`gWrQ5^z^gfy)yz{hvxjVdT^jt6mHjb5 z(;r>r{_=4skndA6K6)2t0E@)Z;!3<&8&&;os`~W0;4u2+Jw|FTBtLcU<>$A-m8u`p zJ*}zfsroYN&L^eok%Q`=p^i7YzGd5;)>27yTO-GB)!099u|+LnK202daRc@&efkT2 zYnn^(guaOsls2|2aqDr;a`^UmiK2x)U+a!!cwbtZ{K`X}W1d_eMK4A|QPxfoLb0+t zB+SG1FNPQfCMDA76I6+J{Tt_C?0p6L{Zq?C{H*4{<7V%9P}Qf2SC&T(WqtAYE{y!i z*z=h+wz$317+C$e4DVys4)EcgP&qls0Jn(HckV-t3w*u^z=ROCBKs~R@j|LPV}DcP zB7o%4W)ZB-^7P^zBe*OgG^N{r&T)s#MXkg%$>2!Q<8e9Co33t+|3(M&O8j@`-w;#` zDIdTBb^e-8F4%lO&B;<@dk!scJOgd`RcONSx3NM4>tR}_sHfyDPHCud8fTv_wzE57 zUnu|!Vg$g00Nz^f(ww$FCYO=8EENT-U!be0T$V+CuSNQw>w_e|kguzx}$!G1G@XKzRIn8h6 zHx^IKXP^>;!Lk(k&hyu&?j%j>BqX{#ViD1nDG^R&35R$Jww>FI+2;*3=d-x z!$QMvJ7&M01ucWSF{onp#xw}3>__asQu5f2c-`1UE<+5ycAchg_TAWzkezzLlcV}k zsl06z6Kih`hGdAlchz9(t@en7b;Lu_sQ_M|Z(i%hPv<&tE$7v$-t=o5=9u%z(HgsK z*(SaH_BF(DOMh-V6` zRy)UnQdaRRUp^L_QR(|sPvh1r*WOrnwsspl?t8kcQuaD~MI?DP?dff9)fcG&RA}xz z6Q0!!HZx;uU5=bFftH4~u!j1j1wXBLp#Zm4OD~BEK?hU!qE{FL$qOHL2U4e?c_{-% zRo*b;G=g07oJ2i%H(lSE&*`ATl3o}#NW~C_dh3JS~k=#AKn{V6sXLKtD3dsW0o4+8%D$00b6j&In zOCERV89{W+@4AVuS!-L|5cZ5&S#kK{rhS)9VYyO=br$giBf@kMh?n~ zvV-ZQwgxEzQ*~@4L+=d3uip>tH9{uJSF{kD8fsRlWQ+g6v$r9HL<&ytPfcv-`a#UPBa8m(<7Kxwalo-mdaU>Z)Y z5dUEC`jC$=;W(vqRWf8ND}0gEqq{F0=`p~tp4={Jgv9^(kR|+3g-dmiDxY&2udMt1s_gdPWKo1o3%hFzQ)}AOoy8Gyv_E2a zIlgjIS#vGCgYu3liQ#Uo%AUYD?4t{)z4kz1U;B!A;_}&RLTmG=ox(ZCO3w>1&UQid z_B{l4lq^w2ivZF+U`JRtLGz%l%bC=-{nr{?%}pLElVt@GvzA9@7k;4X+K6k&`z&jt zuRkZbPDEl;USc_I<^oyq(i-<0zU5!L$enS{;J|u1XAWlzb*$%-{hMEW}9Isq1NF4(umX{n)zYW4Z zc76MFcGiUe{3ybZKpUaWT?8Nsz8}94nt-;_Ur8Rhg#fMyHPP(u3Y{O>{7SLR;}rz( zn@Hpia%gtDzaju6rb~-y>aWDne5-f_zT_qNU^9VP?_FWP(w2Ryj(@xi9s(Z6fCmVH z?qA7^Jkond2HG#-jbEG8?*DhhS@4>Q<~PEuf0L3+#xIm*{~{z^yvX0^;)nevrP`if zDf?AOoEZOiOy4vlV7LM`xg=L#f5qAa2GUTEzO|8^YR0N2G|lUGVS$gCKl zux9<4jj?-8egi`PlHOeH$1&nh6|?XU6%%~ay)nq+OMKh>@=vs7T(2G2yBCo7Z?crA zU$n+vc;_$Jb~N`EibS+nd#Dv*eqiow=TJGNP&r=9h|d0z7mF9^94q@ah%Z@?xKj066R-607Exu5xv4FX{G@%H_97|dR)g2jpbf5M+t%O6LA zVM*&9jv}wZ4;Z<&Bkp*qtNESJ4W;LqYxNLgh&klf5Gg4WRdp3vh>{HGI|TiHFYL_h zT~N6Jz}~^tSzS(&7Ib6LVk`mZ03JXBx-)Sen7KT>tE#H>)0y^f^Mm0_zaRh%a9!g1 zxAp(91lQcc#SC=9(Soh+m_2lM1>yT3Ea>6-@Dfe}VPZ4u2j(DL48okwAb}t}dRcDz z2fT3!TYZNweX;VKldQ0P!PVnt?#r{1Se2 z3ESJbfwX;3mmK0)IB02rIU{&o2jl<h+q?;ZZ?@Av`$g!jSnsK3e>GXMbp830r_|5aw12mm!fpcQQF z;RELf-^aOh5hGiI9`v1j0KnA)03y(ljcxFU+`ziadLVlQ05m~aDRlt=JQ)C(tw7v{ ze~0f&H~gP+`-g3Q$nU$a83p+=UEWc^go=)OnLr0L8an8D#>T?L!otSE$HBgWcLfUz zmjD+J|LRqOtJpY%M1)s~K=|r+U-M;86jV&G8QVXA zNkU3SF9f=e;}WuSD=M-01nEsNUGs=>&h`DtAR*hc$S z9xgB6x>cBYc!|e^bO$<*Ju*?!!HF=MTq~ur8=aa~$;oobOszJ#HbBzEpyMG@^vOU_ z$Rl=@HFd>`E3sv-vEx5_SYR}vszo?_5@0`E30V)Eb~<~6X&Ja z*7_UEuF-hyJO+>kMab(t3}E30asi}-M@Ba%c4X2bX6`R0b*1qFXo)u((BjAo{?Jq4@GTvK(>gDC7SMl(IJ- z-Fdwcve{pHd;H0rY93s2~ggna2|sl1~rotL5U-) zC5b$$Ry6SVvxxxuI%jEi-hJKBMw+_*9ssDMGE-{YYL0r$J=GrE4Cp^^WYim-I>7Vm zeAnMFM>CjFthg)>!O(%9<5@G%VQ(T&8-WBTsaudiJWEDqwoUcJaU zH~kdPSI^UY)k&e1e_A!mP-ss?hD2Md)X<2+%zNqja8NO$T5OPv*?j}tzFHu zgSUMuoZF)5U#%1=s;Xh+an7{OA!b!+cXkNHvP_tOVyhJ~TucTZc5unXl7uARuApEm z+h`Z)u#~`-Q(0H;&2H3Up)bSQ)p$1Bt`KsAw%49Z1RcVsmwPM0D@1iQmfk!x#qiZc z!lGa_wn$NCq4E@}-|NjzuP)!g+W}J*)+Z9TFIKN~NUl}Ae@in=td)c< zkli)pAqmqnIAN-lonS;Xqs=|nv;FYN(%v_}%8LtmI-I53AtQ55C}%iGni~E2od@+z>P&rMj_gw-MY?@*zx|f!$Ou zR^CZOK`|}8f}WSYW4@Cj;1-(TgV8q;p;hbRWxhHL`oa1A1KQTv%?=RJn#?!r=3a%C zX=rTO5*ZBWG0t~|iVwP5e9p(?{kt|HH6vH9&K4fw^{0B>lzy0HUvkaBMT|cgvjf6D zSX{vw$^Ec|cLyuh*8dwE@36+sn^D_bp)huLjl+eHHSRzox;C2J-PX;X?$+9H#Yh&9 zqV(r<_*MNpQN{cRx$B;G#OcWf0__nu_?ha=RfMQ5-v_XX=tP@RjjO0h$9?XwUW|mIk+ZJKzFdt zO$)2syoT3TJfV`3x9#)s&CE1j@Yw!3u3WTchc-a6$(~$@X*P_XB0ddDR}X1l>|ytD z5VwbnM+i2%c->-AQIT&8k2E%TALC+bH(39C=;&ZDVOgE^^%iT5x7|pFyMA}V#8RKA zy0RDHffx#XuV{Rpd1{Af(=~bcKnatv71mY>b*A`5n;iLxq>+>ZKa|TxDll82qQ^^t zfiv<9$M9{4?B1O}_AX3W;e)tl{PH0ab5{#|C`Lh1`l`g|ktGC>O=Kb=p2A-bX$Cg#kKDMGp;z^6pRWA3fZ}6da7HUdMXMm7i58dyiar z9pY3YDAifH3(1LOU>IyorkC~)3UXPkQsVZDwN=U+us`Iu*=1^fxAta}X5L74-Yk~^ zeOy(M7>XKcg5H8&aC*79uZI2FX1&eS)goPU4^5k{DfOf}H8BFq4U9DP-fgDESjAz; zMRHucZO@}}{s9{$0^<9NJ=#sDJ3)7=sVi6AyavbiD4mt>qT0RWh^RZL)}D9zye}vX zkqnQq$nmm@O10pZ4#91(HM~)8T-wLQ(Hi1HQqP{ETrfp4Y$XW4!e59fdG&PaiSRSl zVRQX3dWOzsK}cbFaaf;cqNU-^#_20m8)>YKVP-?{j6%ARuO}%#W}Z{`OeiPbU0#8& zvz|CcUeQLGV9C{vziO>|Q~MOIm7jM@dn?F>=UQF>W#4m7%l>!GodaWnv(`lnL+Sc$ zJ*3MFjMmmXUzJ4aw%W=zC<2<0mrK$tsbq296eu#!a|u@GLg+j$U4??GH&=8aHWyJ_2bcL>qEvtBAdD3OTLbJ8N{0p_n?b0nt`k#5Ig<}% z0hCSMHO4Zwt!+OVjv3NbtuQFN5yrfnbAPb~Y?nf!{wVB;)96@=cCz{BsA_!qI4Bq6 zo2SDT3En%rJY0pHA=bRFgD^I2@g{3ts*G>6)MoXW$-wEB2{I&tX&_gRw3aUo?Y<0kNq#&pzNPzWs8UBt}sTYzda1@G);|V z3OBE|O*E=ecycG8IwQiVZ@Dfa8nf>~NQv;;u3j{CC}DP6Rk|Jl`5LBSlDD!u`-7&M z^RM^od1GqhM3j=lss!luUfUBzD|1mp^$kTQ`)+)a*e#%QRuT}jTX%0j?hcWznK`$4Tn<<2}={G@izXN$}p#w#_fvhcQHQH^&2X(yP?hn zcd-eOTAF-$OxATL=WYglR;O_ElBROyyA##8TH0P&c_t2DZzedY*Mh-&oC;p9U3&1G zfYK~HQOHz1ryWmf4i#-{Ls~5e4)5%s2jhJJd`hPp)q9n5+5x2IIqBxG9pGDJ6Rkjb&wT>!X- zQ}}Z~smAK9&^ymUM3i4eF^z@vaorl3l zbJy($i6TlkB*S>00H_cs*3$1dud_6+h zEs?TMaALf9tT@4IN!Ewm8Em!Nrc|k9iyuIXTcNHg8d^$qh>?fWbn*8m1v1P`E zY8FIcQqC~}OtMW@mE(GrGO@miW=WqV3W5q^XXC}guxFZuN{Z@w3i}sj6hrdIODNdB z(Xeh21;((D`fEH>PL7G?j39?wW`^qzewIDVJjJuCBc;+y)DoW#Ox~z>#?H~g&AO#x zS2m#@ldn?FZ$r-rUx-nV4-O8NR<7=qUz;aXfCW-!>?PuhM2+9h+BaUB87*H;=$*jd zOiKX+oQB88td~b&mPS!i#Cttzp;0Xg`&cIdEf1xXVbqsjsn;l|m9OSCW?HO}Z zv%J`$@ioaECkl>cYAk#L=2!Cz0+o0cicbWVwd&a`IBzGrXa;ZWvpCZ}cgn?ff~?w9 zsO5f&@G?&rO74B$_Kx#GiaOJ}P|_y#NUZ(~Lm`qTGr4HIMAnI#QdcI`h1@2)!FjKu zGG9vSz-XqXKK-zp>2&Eiiu_eC_dlp;Q%z}$p%jise6^z=3&C1)m)4*eBl8xIQ3``_ zmb++0M_WRs8AP9bhAKUkKZjh4$Xa4CdN@QeUF-PL#{=ai|EcQedCn2Q0j^Cak0R_giq-~X8HNsOFS-p zV&>V~YMvZD(&10y_^O`mrxZo z!d^MgGkZSfZlJNrvJa5%IzjasG>nY_+IA zAI9$h66PoB{-h@d`b8Vh!!tK&_eor)SdK-`X7gU{%NJTmTzO}{4#uJcJXEPkVr>4V%qE1*V5XQ8{#IyxJrn!S3 zCph74KtY(sAV4jXUeGxg>u4CCjVyaYfc;fDf*YMUM z}LN2`Y!$!%fxngu{ zLZL5B<$7g3LZD4u=1A*yfxrWuuAS~;WxJ|fpo|(F_!tKMm~IA6QU&|VBawnlwH?Z z_tNybd(4SztcavCo6|jtIBWixt7DmLy$ZYn%cEI}Z4A2~+n3liOF5o%tz+5Uv3vos zHM2mEE3$4@qca&X{wS+3(0iBbHvQy9UU6Iqn>DtjSd~c&oUBYRMJI%g81=*BoZ70W zd)AZ#kShiTw{l~R0~PhL6nO26d#8Ova_RC+8%$afoNO|b^QEKQPv!=3CRy9Ylq(xC z>OWN-xNYU4(nSCMN%~;Zx&kWi8xW-lS4lUp4zBsWQ>a15j zU|0i-Ny-or=GrGrYUMhnsP20|Xiodj8lo{} zOlph@5A?qr)ZO{)uDi=T4|**BaYC0i@r3U)tzTs#1YZ&VtX+hmM&_x5(eC}hA~a1K z3xWL62>LW#xQY|kTl>O6ifoawLUuuY(RjF}f183m79qRWUOB3bon1nwtZI`@l)-}` zCN{?Ck`exdxpFRB{RjooPB48mhf{)a*O@deDGSfuPkcScyx^Q+WJaHXt;lU#9@B9P zo`M0|5@AB0v7Xe-oDiJpy^~kM1!M1fBj>tyB=6fFUOa=5I>r#8I5zGv992AuO8UPM zAO1Cg{p!5%WCd+Kj=OP;ps8erzUNUeGyeO#|Fl!ooqxROe$@U?p1fMy7tIiLzg& z!7%${HvLe+W?L-uUVGejoJWKYQl65_7U5cL zJ2~ZNlX|DLjqle% z3ys|ZAW0MlqC5aL%ADFiQJ zAt(2hBZVToY9j6>6Uqx0@3_gCoKH8x);{E!c3@aiK->G0e0h!4BKbJMSWT5tYIBQH zF7T_nr*6_Kvu*^T;`{(-C_f+n5#Fd9!pq#j^dP~6a<@oS_^0@wk$0A__ zpg44aVf^XTYBl2o1+>qY3|ut*qf)%DfgaT>)iQ!Rt5%994=P}JW7S5u5sNkFCu}`p zIEP`dn>)7@6>?*X)U?XV$}IBKhhvBGp*|YL2;kaXT>ji!E6en%;zX+ezED*Xik^I( zeb|%3c~u7yBgjgA>}GS)M7#B2Jv{`TeRXVkrZ>vNvemtD}lYZuNG}3(H z8{p?D&|GoZUOVy2HyJMHdVg=8c2W(ykN~fMHsl5T*+vf2A+A*n7As%pu9!@bE(#c9 z_GkKMz0Sb6sy8OO%GSnjvfV~(1VY?Gi#@WchYA&=DfmZvRY%2Q&3!GB@jX9RvPsof za8Y=dWJt;3u#*{HRHrDec{3(7PUW}=)WwsC*~AE^PDkcK#1tJ5WL%q>^&{Ms!n-2r zd!-mBEaao+i`>Ga^oR51v z{?ENep$~4kuPNS7H+BEG0 zFJ3Jd&@VE+_`Il9t)WJgzg?~W8Lgp^rMR_9%RJhB*H9x8YUu;M>OMf-8YU8@8rp`KXVVKT)p31jRKUboe zUEIe4L3w(y+t+o=)gtV@jjM<(Y5%J0T7`go8RHlpF z=j@7-!gE0+Rd^8@3caq?hV0nI+#i?X_BK!8y=b@YOO=W5yxB;m)Z%dHh<*5WePN)U zptuhgT`r}YDMxsx-$bT*FdG3-&OLxM(A8dlxn2J<{*0`Cy}q!&=;fnK>3G5jvaA|~ z=L3?|@FR zZMjH0-nm{tFE{koTPxv|lj_yo{=L*7yfWqsAA(JN8U0+N6q$P3_Ne|M?gyXLKUceJ zing1<3)y(-Ipd3%YmU#EdQEZ5Bu>_t!|jLj{RJCJQeR6N#Ml&E_o4!5O!ZN{E5vq&qXgfip6<&& z^qVhMo5&x^n;gtlx?2q~xW|TWW7oOApwL6lhYI0ou}wD0t+XZJxe?}A8^*AyZWBqijq?zo-a_ATq9$(7tw zKlzHX`i<-7aNk^?W{E-x-LgfctxhLYFd|XIsR?CUeXB)bsLO5wgB>+H+)i90yV{0d z4vM{@J z2Ty23Xp7XV_f03_MIf16Dg8FvMtZr75D1iQUKBJYhRxB_le&6JnX7T?vJslZ@xb=Q zg*Q?pqq~K{FD~4?!u|~6;_EiJ8MYca|3`QrpLG&SABKZgmX5W1)9d^XuIbNDwS=GL z4I8wY41r%)dxuw%jVL}Nl@Y~z9uosy*DW)&lC#h!R%89*uk2^DW8`8$b?wmCINI>l zdyW2rn{mm0&q8hO%MYSC%t!mPB;zclEo~UUuNDfl)YZQXaj7Td$}h_)UI_%hfM8D2 zkJT8iw6i{?&#b1;^@o?f#1I(kJ?K!&7iC*X7aqY8=ye^f%a{&(-zT9|4Y!$SLY;hm1wW%Ie={K%|$YZrQ!Nna2?*`)bQg z2ks(5Q%A>6ko7SG+%2fF1%*p)>xNfyhwt`DDsRN-t+xeUokfdAagw4?UOzD%I6Y@} z($jthVa@EVg6bq>px7rbrUg_gI?o4GvGWLacXqc0@w+b6RUXLmL6+hf_i0*%Ih-qG z3`_epRBJyjvgFzX+~g~)U^OcmdXSx?ZsWI+jvc!N;6Cc`eyYmWA{d6YTli@_R@siR zTk#gToddOA;Vm}(NbL#&Vs>Fe9;nj9T@^*G+`#le7MzEb1Ns!U3eZhyzpwyOEvyhH z2AKj#gdj!XdZc&}yBTX}$$^1XHyc;Bnhk_>`%#k&uJ-dM-B`Pz2^`XZR+ayZWWpE? z&6dcRuO&PC$(!otFM-#H2A280)x0*tv-hqNua(Pu8?u-4W|CzpgKqvo)r($h2v-vq zE)g#y+*}WyAZuy10++Y=_^}8(gESVK3d77Y=$4x>)`SXm6O*iE?vibn9y~o4^uICV zcyHm&PJMEs8q$10@lvr@D9uu%GxmhsdLu+Kgah=gF-+5owlU)uFT(a?*X!K(a#0MwuClUoAT&3{p|XB7+`~ z^BKx}uefcut!EjqP~E)ZFcpa>#vIo#V%$F(zW!39r+R$QMjbMOd(Yg4Pc*^=0U+N8 zBfo#9|1m}8c*w{GjY=S-JBuHa=enO}ew@5TU~g`rt$t6Lf_e-eAK#^i&r37qb~#4< zb8OH1<&R#3bYr!IJs^_uxK8}-gZVM&BgfIL#>)Jw8lBSswRh?hnkcuPxT^Fr3MrSr zwZpuBIvHmME4|B;FwzhFLQWr4a7b0+2yVS^3A>+6`Q}T0;1!m3%+xQYEw7bvCm(7w zp~Wtu-h0SnI?5clCCoPK|9QusMVPG2?q37{pAmBl% zJvVgd-^_QjbA%{djVta_;NzvIAGS1o5YS~!SH%!;`qO%4m$^&-|H8C-|xBzogEY_nQRnaX65tin%xiGj$cnXCuu71F{t(P?N+rs zPia~wndcZ0I^hUXJ*aU$J57Djbt)7z%+adz%5hHzFLTpj@%Zr8-IN1I{9>K(Qp1^* zS5#8tQysfo&QFClrfGCb$&G6p`wT^X43F+O_Ex;in76?Nmi5LB-`3-1Pi;HSA0%0L zgMnW%57(%Nw@flz;>a5>``rJYo~P-W?y6c{J>9*k>uqkn+{^=bDhkR900II6pagz^n+37~ z`NxiS0HCbQ2A}}|fB^sqNB{yzF@S#%ey790?}!Kx00NdFU?u?RTb|oYj)45Di~?zj z-{~ZfX8D~55u|w$5CLqk%mgzZNE3l29L$cPzdh?6NPh-1+OH4Tv0obhC>52}wP^Ub zczL+^_&|9cK0YxXAu(P78eTy$0bVg)evlg>=dV2i#cyr-z3;cG{;bq3rl$10KT+B3d9Q2fwEW)fDJiGz|0@Tc+5+Z!! zT>Jujw@MJu(b2Imu}HD8N%?3gY5D%!>81m~M+1BjKx63uM0^AYKEh2mKn?a28Jq{V zQ{nf7fCxcCMnOeG$G`*`>hW$z3WA6PK}JSG0=b`q?En%!G65~GGzy`%B`Tde5nn)j zE*iZ|btkdT$Q}c~l}8{t#vKw;GIB;HW)@a90YM>Q5m7N&Ie7&|C1n*|J$(bi2S&!$ zHnw*54vtVyFK-{;$9_*<1qFwMhJ{BYBqk-NyiQF^&&w}>6&4kjz-wyj>KhuHnp?Ww zclY#u=<6RC9UGsRoci*0dSP*Cd1dv-+WN-+!Qs)*C+XcS1V805l?*_}uDFbb5ZBJz^`55sW(w0t<}$ zx2FBF?Eju&f&U}R{$ki)?V1L#APC@(2f+s3Qsa{(!6A4e;*6>6Gws@WYSi zXBp3RsJ;V z6n~QpouHk|lD`4aT-t8{slywc{aB93rmeLLF^ z1ixH?%TfyZbLtxR#HsHs1t?(_I{~g6lu9%I`5VCJ?X&l%rDK<$WYPB|wUhLzpnjZn zs$cV*YZy56L#<=#gBiQiIk&r}Ta~GgEt^@{Q|?+-ku9H~9#s$)Z>&{#|18}^ZXqdk z<%i|8M0J(rCk7S}cn*tRv4)zCTU5PES6WKTeW^;BCEMLv8yLhZy4@#$Fgjv-Il3{0 z4<+|aLukcgs1}#%<>_AWW6nbR)UFbGVZh0(-u8H_g0?k?$s%25KE)X>jkIh(mc;@o z%&VfE*qI#NuXxDF6U6E^IUJ@+X>BRWKrK5g&skCJ<@{4HlYYo9VB#_*jE7BWAVFz; zQ;K5TfO+O8yBX_l#r43}T9%%6Dc7VG3MPSvDCNAKapQ5OvGie4qhHkCnKO|yDVcjG zMU3K-6csXY2JD-ey8ClSA1gm+Tm3^io!nP6mYvL~nclF;oR+NjwmBSK@?3%H!JqHy z2}6OAyyga6UsylN8&`MAxLNLLPFQMb@`j#}1|QFpaa}V74o;m3F3vPT5&9I?2Prxa zZ0wl>amxX30d09243@l?f1mm5D^K?#uitIAA3ZV5yp(MV{N8=R_`H0Xwio?prNU(U zQWy96MZ*m+vi?wUU-w!O;Rblve>vo=P+G)gBd^5TJ2-GXR(AtrwV$rv02tLoB?4AT z!+J*|6~-;t+}G0kSDJ^Fn%LoQj1Kx1%N2N{N5)TuuN7LUOTq0F`yseLcV2J%k-YL> zcB(#azkWHfS$RplGsR_jslR@0_eC?{JnkcbI$;l8h$6C)rVO_2P>u;#wjXjaok`fU zNX4V|gqj*74ZS!e2~j#Vo2uWBcG7D~l~FyBJC! zzPQTKOLItI&d>|-H6`$zNzYKq&}kc6Xl+XQ`s`GHf`I;jfDgyl^C${x}(FW>1d~zC-6)D51v^8O9%7ncr}DSo@~&SCfj8 zGVH%vmlKmn!t@}fitfYY7ccASAl=Yx(}~o6Dv7QB*ebdpJkwc9Cgq!gA45PEbg=f} zgZ0rNUvHOB2SGLgRp=tU!k+!4%UZ}^IW5!2r~64ARJPcjv$d=Xm7<5g{Yq5RzRP4M zsvF-gQ7VQlbH4Fiufa!Yhck&du1i6d%g=1?vBbu=6mApQ;DYAx6$ic2)L2Siiss86 z;94-7)mHScYr8+J(X{C&{GkXOdV!=zS3gT z;Hmx`qf1rx(SBc_E#aL*b3gZyMtjkv$=7NvP3fv1pQb1#Oq*ql_=F(K;_$go*0CVA zm1i0_^y4Rmh~Bp;`*COm?IF?u@*-INK11#q-vF^_?VCF@H-I9{kGeIv zzM#-~14xkk1Q+1ESk#3X+vF$zvzP0OUHIs_yTOOprr=n!FH z@rYhQC;uWQgnPEuUU{m8j7h~crH;cX2d7N2IBbndOmOR-Pf%uVlX%3rRC7TI-GBcH zot~9UbRnSc$G3_{)Q2Pf=6m@T;06$Reggyp_9kn`1`UTM1s($Yh<8Qp{D@vBq{x9|egRyc|5j|y-qS&q0%YJhWONFD# z?59?5?!?<-(a{p}9Ln`%DcIRlkyeXJpc;?-R|S>Cby^<<;tQwJUMYF_(O91$=!_lz zHayx@{-5Np{JY|?^0I#?qhDP=;oiI^0tQ$welvjOca>8A&oPlb`6sij(r^mq6+s$A zAVyJYWvA1sxI0#%;jeNK8* z!cY<|PF^DnI!Mt1%!v`8%HV(k|4;1g7su_F`i`gR(-cF*^G(er4q0;8{87PY!EWTo zuU!kLdmD~*x43(@5=zlU))4n3#ixA8quJt58bwR>GR<47zdO8Rs-CKhhQS9Dkhs*~ zK*xvN`}Miy4|{UHJg?dHRD8=sx4eAizWz`(4}0iIGrdr^&D|I0hK`Kw$8DF>wujA5 z{&Zwv^Uaz9%l>bH%e8K;B85YLjEP{jn)F5k?Q=0t$MzHRxY3GZr}M_M4D-Dzf!MPZ-y7fs=-Yw^fjcPiH-LD>4X`_X1MKVf zoyK%^jowp!GzdL#CHO!YwNYS=bO$(rKVfW{Ge6_DWL&JtEO4!UeN}exbjq2Wh;8(^ zMBwdZ9bYoEI-9o8@F^LHVKec{nNrP;a>DUdI6@FUt6i*vKP4psCidvi*?XGV*=*BlD-*=g9M@8(RtDEDPd zXNaGBPv{v|5Y?ErC3JXZzpjMM#+H@g?e1q+GdnF<7ZhI|HR*$2;? z;L5tD9b=q0a(p!JrA(C+c=iERqBI&j2SW@GF54Ss{QQRJcB9Uhi07VHY+eV9`G4=e z0Tzod%%-j&h2SYU96Ti(%5$izIHfS@=99J7X6}6mVjT4r&ej&1y0eWhOTN6kjNb_v zZM;+l`5mWu$K-sbhS=_DyhjQi=2OsolDO?_euR^8ea#Fm2gT`~_BATut4r`8UFiKo z)RQk?gEy8st968Jj+tFTmI5u^;lOJe=WD zz?pK7KQr_`Zmm2=RR@pPpq~_x|L1-hQkp3#rUWe4mk1IXViTHw>ha(FPJ?-a@rpd! zbnM6$@9A@?u=zGdza3MvtrDe(zp4*WfKvZ6K~xW=GEUltrw-*yN|XsB!Sg>ViQ>N) z%R(ndW_qiHzeRBm_+!}rlR-mdYN!t!=4SiG5F!2p8ikPrPr=f2p~4Z<|EC=Vn&tnM z-8q;^|9mq3J6W_pA0px}!Dvc+hyPTKKmWt(r^l^dtb!le#FF6k85O7jHSBjoN7Vf! z|LRF;qqqxxcJx2Mjot8n# zJT-p-zASnSW3^3Zi>H758y-bA%&hm|yTw=W2FS+T?f(@$a#_0p4i}!E-L9pF67rPA zTu*T?Ip?UapK-S{+%8=3t=XD?1AGcTSqArl$3KZYa+DebO{>b~2@BdSC%bUrkw+0)+-{nmWW3bVji6KFp}{qR$AxcU4q zWUHHG_lr;=_W85dpbPUeRy07OTwaN9<*o)N&cJd_Fao+@iV53fB z4$0qZW48=IhhgdZEH5G!uDxYG$>xjuM^*j>ar=)ZFp}tyciTq&pk($Rh}|zyta@%$ zZs*U4H}C(V<_{K@{EeiisQ>3bs+?U3yS}B{#D{;FC9mQQ zhS%I;*c+oEW3`*Fz|A6Jm9ng?xt5Nmg0h-Ch4YrM~r!@#3(12W0 z)@~kNAZ-ECLcU&Zw{$8<6InZ0+JJN!NOO3A9R%qwxAj)P(Ob8){V)0!O9F^I^mJrF z+ipQ58v8%dR)3*D(>dyBKPLzDi6e~W&xnX z<*)LtIRGH?6ReN>YaK&20N@4zKtuOm>#SY_Kw~HXkbZTu^sxN(oLguM(GEoZ4vGK( z+Xw&%K>!ZJ;@sXzmD6#}NCDZyoX3(WogyxZbdD+($y8rXUt|MnXq z20Caj*t0)c@#9C335bYkd9`(Pt5FE=2uOPbB#hGWSqi$>pvuSwc6M3iF6`a>4T?0u zY25N`{SJo-+rs-`j0BbfY0+`fP`V@-b{-uah~&yS)wOL~>kk{#Iq9Yf!dDdP+29X; z8imhM&fN`jZ+>7jsu=aj+i(XLH(WPD0q9u{02N7q^OU_xbE1>gHw9SbsoL)WLwP1#M*yB#E` z;wf^EUiM|=D`*{;K?ZXE4T&&FjU9W&ze~Mc>bGWob^}aZ z_tuU|?)x`hQg)h*l!01|d1`-%eLg>zJVYwPVx6`2qv}^H;rfX?nEClAtin_{R`sQs z+);|I1O&}~KC#EtvtupvQwtyE)dyo&GqxOG1=;MTP4!Kf9?n{y=LwZ#n-@G_jtu9; zQn_$NvevzP+E26Ig+E8(s9rXr7cq6;TJ)uMqCzFzCo`s0im688e(Z>iJz3X>{Qp3u zH2glkfpf0=LiDEq{r&6dMwejl_;cmI_bkV)1P?nrDji*K zdWGX>lLiuYwJ!UIa21oT9)|8GUndw+?upUHYDt&vY+1#>N^7#-o+0Z#G!cbs{FseD za3Di`!)y3To*&p7K$I?I91Mt$APbAp*AZ&z)8}yASH+>DPg5CsxECM2Y|L<0)%GkM zMIRZ$M~UH%(D%&$;uOxSuM8*PCkZZc?IKvtY_|F$2S+0MF5;8!z=Dd^pXW|R=!nWB z+qecJ_QJ@H9di<(nK51Rkqx@niP#uN(hu#5Mm6HQd?OsS^*6Ha@vOQa@rpGN})^DJ74P!o7L+@1JEFjSK2$vitN9KvKJ%47d zq1U4~%I5EarBKBws3-HIEhkT3Nrx@GEl!ybPj8gy5JHM1@G=x{KR``VY6RajaKyj({Cm*dwg9u+n0^fUI6j zh^7g{-{To#EKLd7*( z5ozweW~)kPj+k9t8l>?=qI%lm=!{#f@%ILX z16oHN>Rm~{xi&e3=i<*Y6MRU$v=+aCnrn(#lRB!W*JUn?}`z^0aozzuI`l|0@iHvWO zN2-_TMm}x7cLNyvPit{`Zl|A*yzj(eF++R!_Bd=Z1*Zn*on!7P$`1Ln#e=# zeI3#>?@bHQuc>2uUkT`w@3au>>u&3Q>Pq-bJ0LM=MYlE{UXPt&hBc0OF+jcW?@N;1p6%H7b9y(s6tB~)+=ur{3XLq(R8ndKo&iO zrMtN98MFpfS%)JH^-@5^dM#V3XB2Uz4m>=JU&K4sMaw-guw8eVd7v#wm$a-ag0#{z zLcbVEx5{EhiSt=)Mp_zAor*zDNt)=W<_n^rpu9d2lfr=VHVoxK!xZI`{g=35$M4=W zgM&Rxw#532vt-Bu0+EGGya1A#=L7|$bWUWkg&*_zg z7z|GYpe)TSWDV;5$b<0)UCY_&$s}ay&7r5VRHm-+U9x=U(uTWOD>uLs;=Z(QKI+SI z9)ttWbGBe}7+$&~-FH!yu3pu^wdU=9-|AYok*!5@MLCf;lv(tYg>-Z++ToP67}*e8 z#EcJV9wn30G~)#kJQANjuxv&hPcO%4^xw15H%d(wAi9@_mP1FIr@Q8nD1Pv1t+;Yb zdeMHK@==lyuJOLk{?3C|he7Ro_N-)#1c;d(I^k*nV_&lkB4wKPc^8y#-?l#MV3OWs zbt)+%QhWM|e6-ENz_uR18!?a2e%d{P_fcIE4XN`8ZCt4SGtt!K6Gn;BXVuM?-1lDN zMwRO284dBcy-nyRg`tw8vjNNNc#E=lYUGxA?p%JzdM%^ro%=Ok+ff^BoTE%8oM?_m zgQYQpQD0gqqh(?wNQY*x(@$+R(?LvgnBlz!M^zTXN$6-iu)+T{>h9qaGM-PcneJ z&IWi>Ht#2155GIP9OHuZkfvj{L7gU=yLOOW`uUo#eN<&B3ssJH1C0pDer;KJ zoq64t2nv(Qz+NLtxsv56YEA&Kd|}ZBhmJy6SWT8$1ic`?R$B^}_?UQiD|ygh@JMahjz2aa?Kq`;N#6 zr|B7%Kwsr@R27{snh*{;A>0LDA0thi0EjVGn zGR&W)TO@f-e%U zL~|S13(1xLr5C#*X_$Ly>tB%kK^!N{dK}N;t;XA(dx)zooX0vYN#4(T1u4|vW!4Zs zX|1SabsGFVm4{^TMV(~|Vjf!H+aG6<&NgQ+5k=j*E<+#p1 zVRk8P62 z3SSnX8PWofaabJ!4!LBUIXa*O$vR%2zm!-GV(C}Y14;D*J{3c~INmP8t8VfbzNp|wrZV& zRJvD^sd5X9;>3x7Q~Pm8)s%|X{Lk&xy&@y8xx$D(#yd#-)(oy#0%}&Ns_7Yg2=MeQ z44G}N)L5IDg9qEz+;rF8cQ>lik>%UEuS%rl#vF6>0vIFER<(FiOV$Do20JXVHj?yv zbo2!hAFqD4E-yCfTlWjmv@Wtt&$AodiDw-(makDs*1?yeo3}!byk?{3;9 zLNr{~c429RYr9M;t)8xIm??iyHtyAe&cq^2oWQFAh(R+|bWvU-FCt(F>lEvnW3_dk z57@dkye;g^c&5eKGO5kH;a4*sHJLP5R{TpW%a2OX*HC#z>@>ZEe{lXHigG_o z>c(AhG#_Bs7v7O-i7`FxzX9yc!E1l^h8CwuO^eXCS{k53&t~+zXd%6=BK8Fgcj~lc zb>YSG4WQxR9I+mf@UMR9y==Np_`t6$2S z85}+ONTWrJGKx*;mXc~8Ux$N87GmAVUEl!fqsDaUujS}!V$62v>LmV>WQyd3lpdI8 zdL(yACacOx`|-ZohY#}lW)_1o82Dv6aq79LF!B<8wy3_@V5#|>R6PVWh@4cHHF|?H zADbJbxkf!z=wsY5sJrNtnUlm}G~y-tPxWL}sJ zduRjs2`e{aS)c4DJgJ@pex%?&QV5MOdOj=_rGxVDqb*xqPVRwkNUAq2Pg~dZ`^L=v z7BGy;Ngh6_%TY5b@|u?#sa3K2E=?g{1TDSWbVJYdVD*VvGl{@>=mJL2D}mWUUE7p6 zVkta?K1FAIeL)DKFZSNfx^~NyV6cm7@d%#F?C#=cHGK$m@P$PimBFTj+y(GiyprbovqbZDe!hG&2`^ZpD0EAhyMJGe2KzuKi(ZW(=iK1^u z#a7w3_=U}CXo0-c<_B1g&3k!U{xPkB8$emyifrok7<#yfdFFhf@^n0hQre%h-BI&N z5+sa!rE!~eSLdZW@@2ynOkzU|ho(K{dtFhR3PLx@!OU^eNr{w5;I+w%(X5{=sCecd zU8i-w!GQm>R6%2d^e0FlA;Pehv$C#=Y~vcbgs9vsaj2QlCZ32Q3xk)=G$MVW$6APj zkUSoFNeK)??}uho_ObU#`?0qNZa9uedL(-^E^bvO_R@Nxvz2=(4G{$sRHbNZi%^`GmUH@Lc&e(i0*f4aS=A z#)M&ST*TNZLbgI8-Ml(=^7hY_D7*3TAP5>3_*et9*-RGq+4^5G^YhF)@XRhxhn4o# z5?Emo_k^s;m1i- zG7!VMTeu)ohzKwf#K}oDr{-oeS=|+@Cs(mEYZ}RIE;*CeuytFd={0@eDsSGEm!PwQ z*SM7YI?G6868q?}p(Yku9=J=xMnw-;>?{GS4-R3-#-S(-_Vl#%`i7kZaMPzV*iD~| znI_nujJ>}bU+%Bk_`R%bN}|)h-i5=qW>#VPb+qF`tkPsVY-V>%@ROVQwn>NyXSZ|7 z>2<%j6rB%A+9*nVyE( zc@&n8z{mICI_>F?#98+EeChT3N>7c)_Kd6U?>0ZO_ci zNZHXr+hgl|j)vSw$y9gn@S zG@Hx8-7iH?`J^>y(4D%q(Co0#O4 zT-^J^s^yljDl;#ES5j$TeF6xv#LKh5efpcB<5c9P#8&%QpY?BWJ? zN|Yus5}?@Ves=WCR4BFikRR$V^DKB(kO^LP%kH^3;JXo!&kQZIfmDaC2|%7!>8 zY|2b``ANF~>Z@qMz&58vJ*sskJD=`nt&>Pf16UvM#niB9K#X=mSIz+c6Aw{GPai5j zN(Y%}T@O!mBQkg()+A%RL;z1506O{@(i0K z7WX_lIQ?5m4iBfWCm&c&I80?&B9To#M1&%TEst&) z>NPv81=@>2GkAn7*gT#K!rEw#5>f3~>YcKt>dj6cxI($w9Q8&{B~JJ9EWYe^VdvHJ z>JuKuOqk2(O*=gOL|C;qIW$LNS@mY=^=u$_!4LyFu@FpMmjfM^V@c>AW;reTn0~2J zGXDyD9nq45nm?2pvotPbRc2#9`C$c=pX{_REL(*s=z6y^QX;s(DB%ZN&6r#(#;yHln{awXc8 zp!1mPA%haMrWPmaoV~c*1D+?mrqZeb%X^_(EAqrxz$mo7qCm-E{B!yU;lnouiSFP( z4}S5*!wY}cR7omajla%gRv_yG74~8ck=G(J>{3%Bb3~CrIC^md+;KWr7sYtu_?dAf z|9v$6C#Sp?Hi^`a`q27p)p(L^Ck)Ds zVp~1RL3cvZXI6qo5aTGQU`yO6vAzM^%$ZUyv}U2B`pZ+a>-hyWx7W!KF{JQXDFPQu zqzJ1p`$7wz?d7iz`1v%`{U?aEGfMI%rq**lz7pueI=9Sgg|1f%QmOA*w(L+$4`()W zr3o@Hy!pi5RpF78=X|F;LJMH|9sWld`20kh8^Zuf$-=6TPpEhyGVR7-KPcs;6sd3M z-$fBppZ|r^CgP@h#!K^x>n8+ z{N1^FS}Gr?+Rj=x6*gkGF^yWFH5GGA81coVKanE0kmlK2h(t$0RW`P-%`3mir8{kHFQV9z=cSz}5fTR3 z7LW%ohGB9_{qE!aZ;ru%$TK#-?bj)aymw8`B94kkY6NVbNEw<3r10@rNLTQI!7fn` zJNl)vRQ^Q1?VeZoL+WAh%t&6w`Ce0pD0%Y%x>WMA_jhBQ{pEybOPfcZM%@4&-?ZaZ z-Da#zm8GT)%HewlcY10Gan|L62`f4ioX7dBXy~LtI6*Z{1yqf&SgKuQXGal9PM?{b ztiNiA^AL-;H>6wsl8%;n^J60*y9n}AJRuG;@hoOb zyW<=dfaMM#@Fcwi=;NjMSNb454@UBPQhfyM*kL{gEEqyRr8acNVJA~_bZ_Es_XwpIq_)(vO|TF%7P z*RkmBue1{1RSG+$OD}4RC}wJ8p1w;~4}4{KVy_|GXcKhuoGk+xrE+ID)77OPedk%GTYaap@CU5o!b z?%xk4PZ1AzoD7OLMvV`ByYI$NV?L|xH1xckI`Ah|;IB#W z8Dh5^AfRapCsOPGW`)f2(*FAJV@;i3vw~D=I6Axz3V%>1H*AZ|kDS z)M{Jemp2#c);~G9tyy-%mdw+SHLZNN1vZR%lYG0~D~FykSKm8M_vR!Wxc66fv6LuV zs(nhQ!-xG_8drsHR2BGQPGbbmDs7ILUyNzM^2rpRDUx4K)jTC^cP!EwiOPRRAN|7V zt3>$sy0H?6UhVJrz3qZqS>3zSj^lOzdGLR4sM8xMuJK7K?)#D)b#dWmyET0x*@0p* z7rl3T^5hv^(I+mnX4}^+2U`OT)nvuN#_26^ntzQ4-d>e*Oarez)kt2}x0g93T5_FH z4DLW(56q^ilSN61gKQ%HQE2oZU9tMtD})ZbmIX2IU%34EmD!cRqYtfRgH4O~Qz}9f z9oeaPtCM2J+W4$rSiJG-$UtfNGlN#_EOTttuD~xY@^Cul(7+d~Lgn^;GdNWj^|4=# zhE}KB365W+%z1}Do+#VBXE{mj^Cmg-n{(+t*|~}LB;%4n?c43p2hXQ{3_SfBD!c91 zou?kWjy4`XY@o6{ar{jKem1Pp%<7?_)4ky@-l20vw)Vmq&`X8?sQu3%{10bBg275W zCobPN`HvwX>QoXmYO93KG$Dfn)Jjvif#;I^^g@06loN6lFynQ3_3*mxtgbyK*c^IT Ty|Gi_xEbtQBg9Pd=Ij3j{CEJI literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/opensearch_ssl_verification.png b/docs/images/hedgehog/images/opensearch_ssl_verification.png similarity index 100% rename from sensor-iso/docs/images/opensearch_ssl_verification.png rename to docs/images/hedgehog/images/opensearch_ssl_verification.png diff --git a/docs/images/hedgehog/images/opensearch_username.jpg b/docs/images/hedgehog/images/opensearch_username.jpg new file mode 100644 index 0000000000000000000000000000000000000000..72170e58caddfdad7ebf30570ec62190aa497011 GIT binary patch literal 21886 zcmeIa2UwI#vM~ITK|m!)&N(APPNKj7Lmq-;kn8|M&MKfNIY>?dl9L3Zt>1^{3%E&vw*fJ*>?h6$j75HI)(?N|5>SVl*~05HIB5SWQU_yXr5Q=wt~ z_(p&*^{;R|2y^_3gAT$1Xy^bT_=(d;a@~K=KP&ejWP-tKa0v1zUcT zLjsz3whDde;K0`h>!j&Oi2qifa#aP{QyA!&7+6@Cm>~88upPi8!XjoAxP?suH^*Ue zA%#4Q$--rpefj2^*6=qLK?~PMc$dh?DJZE}+1NQaxrBs8M8(7<wfsdaA1&4%&#m2=aBqk-Nq-N*j=H(X@78O@kRoB$k z)i*T0eb?6B(b?7AGcr0hJ~8=zYIa(UC8-c`bDt6 zl8XqG3mp>^0~6;$E;Mv6Fk=v5VlfI}6W@a4n7fcLK_23g%En~9e1pd?A%;2u<=fSbMLCkOVn3tOkbpHV>hZ4@w+*dp2Mbn7T=Ux1=PE0aqxQ}GIA$7Y7W z&lGo2z~g%cDB!vEU`HdIMnM|u)(+Q=W@F!V6w!2RmC)&|G1-E;P4&_U_3$r8{@5etmW!S zXO?=QQRf0{=KevDu<4XT;iVJ0JKUR;G<00_P)SFRPCp z6k8H*#06&Tce&FFU+b@J@vL}(Wl3&kf6q3-!qzO_@xxV`9f1ztvCQe|_yUcGOhKGw zRtc1!A}i3*<*>S>j!EVMBrb73OEsER80gsQioL7XXB2|`^uGP!YwlQxn3Qb`v%OWP zHCd{@A`3R0WvIC{;O6vA@d4l1dzv^fsM~kL{^=Rn?IRbB1OFQ;o)4Fu+8&8SU12Lo zg16MiX+(9KM{hb)rhLMxCBS%%XK?yxkx41=cyT8@R(yKB>g(TMH1vwFil#$bC=i z2VABDB&NADsT|C{#R!=q2NM~HktcFXo?E3N6K@3;@6|WY#L;L%nK;wC2n=>R9y|fu zb@UjYr}c*N+C(~C=3_sRuY@H}VTb|fzGrg*?xl&bDy6btbv>^dwhb5J1U-$2J0!T$ zHiTVstw-O))U-e6jR(O{J8$ljv;mwxF;j1G`ZM2}Jj6>CzU*?|Ud;NtlcHDNe!Mq? zBL{UgRh&ANE-_*Ge#70yN&%7l5u*cQr@vXl$y*M6Gq`(v51g zF}Q)D&`S~*N5+On-aRQy8ES`vvX?b*aCS-!Z<4~Hz(v*`ms#rf-)NRO7PjyAW1PE% z6MCS+HnDSc3G=(~nqk4IPx+ZwFbYs8^+o~hW=AwQXTAlycGFMv)Q!8so@z&?#GU0K zP=Ivn_UQRF8*yU&cUe6dK@Enh)mw+(!dLxM%C!kY6AXlzgK8+=iYg-ixy5@~@~~5# z{LosZm-~V2hc~WiLr>ok=sdc73)2;M|5~QUbEAHHB$8}7jQgQv9J7;U;J}y9Qv3ae z<9W?tZ!+G>K#&_d5w?yCO^!;KOJe=jA2tL#^QY5Xq$>M84!qb{iP;I1rj;m{=p$We zv6BvXL#kBZ)Wysx*VX>Vl=^7YN*vVj9-n;HQgtZZQ>FtJX8ci#Y z-|gF8THR+8Z;pZ|g>59cy;HH3zTJuLiC&T6+U{(9@Je{b%|yIJkz9>Jn)i$&a!XnH`gMr7?%6IShv+_4eFUdU}Z%x73WVu zvZ5CIaA}sJm4UVO5=3nzb%#Yy^IK2qXg*x=jddJauH4wU!BQ1_!nf}TG;@QOu|ipn z4;G71z}@-KGB!k9PtY0i@hyoW{O%hKP9p)LH~OzOib~4d*S7hRkuo5lR9lhvAxSwo zRbI!Ydzs*)Wr3SMiG31Yu{6B3j@2J(CDzsQ13;q4?Y$*t9+PtT=SkGv-Y}S`|V4ZHMZ6h^E z<>N&>syQVA-oIHh^2v+@8b;0u6Ks5_@I2Q}mj-TpGtPmijJo z`gW*DigDA9y3yob(cN4u?E*vL+=G1n4+HvLP0{^L<>LJ+($#t*{Z1TCya71&2{I3H znDVj%xTX*j2Xy9-l?-L^n`4C{-mk^BrPe@60r)Q&O+yC-L<^&UvTrD0b-bMZumlA# z2Y}X(&NbQP_O^jA?t4(BV#!7x}{Zg$kyHunU8+|5b6E zjTnvkx}dMvL5nPjY#s29TbZl+G~=1>EpN0f$%p55s`Ody@9K zI;o@{8ci|Z{o+dyj*qTZJl}x{+;4Sb2#i+8J6)&$2jmU9W$q`E6WA-$oJv@J9)mbF zg8gGMp9khq0QwaaK%|&f=s%d=dX7nd&J;k)mTt?P(~YDi1^5(iO8DtiAr8DCp*D4q z%NW!lpXuTU|GcL=21E+12w9Gp0Im1S4~P8nlaah#ckVEz;LY59PB6@ITS9tY~f5_Qo zRlV0yGk^3NB+T|BO)dZCZ`KQ!`3`>kQwTc>xIHhYyElJ?HSIr%2|5~3egA#rp729| zDa}JKb%XSrC^Jqf4e2bMBez5khKC&z`%Lu%fmzx0{WlD1@Kv~Nn;NeB-&MQ3molDl z{e=$sz@miPv(c3XXhls;Q+)#SiR$)?9h2^>Xn2<>#~yXkqDd{L2dq2tGt_t|+D=;| zi{8Asky5mgs8W#m)>BlwOJC7BVn@Uq8b=-Fvnr8VSF&!?jjWMG5FCsYJ;t5kGH4yI z=qw=wT_w8!(V|i&?qWfp|NAXz`^1Uh_Y0LqrAl$6?CxyaAAK^TlOa#_qi&k{W*XI1 z-P`2b*|87zj?$gkbd@jKi508~z>%_T1!G(MjTM@b&GFZc&Rp)$TGU{LtXzaw%31xQVTnx$Hjz=mtgweI%& zn{DU()*L|j_fP?A(zCzNiI$)4noXYGMT^(|{ww$^m*@Za3@=gr*_`aRSg^Z?>DI>z z8GOWM#jk1gZE?jr4OugV{dB1ofm0u~^Xpn=5Tzcu2&Ej)dAuPvG_6vM=* zztFTHrYnRiA<`w*_wxRynpM-QRbv(-cgEZ|tQvUYjGB>b{S91lehJ>GI%6U#->%{H z_qu*9cY9$ntLTwE&vRQ4!d0SBa7SQ^2Zj^2Y`g8*K(oVS=V!rvl}0u|v{iY{sfI&J z5R*#kD~t1XX%7~=07U=`ePOvwlfKrDb!}WNCo;?+e%0SIaX%TD-I-m%3K?zMcbU$ zs9fJ+3V!HWzu(>vcO5)Rt#QnX%4OZ3CpBT7E4>wrn^WB@71667d9jjE2V=qg;t~=2 zJheurIxwB=_3=z6cy$xjWJ>yq&DY*S+>tSWGgT+r$B0C+!Mn{r;T|K_;fNibMbHX&j+uZ#^raf4Vj@C{B9i&0b(JdPp^yA>XGrFR3T5bo7 zW`}Y9XV~pZ^`VYWdGabQ`zdnx3xsvjo?3iseMb+~KJTmDuLsS=6q&2==j?h`F`;KsG51I zds*vV1&lY?crB5F4+e^4RNb=WJQ$Z%1TS$!$@9ANeVl#+P0vqv%t-I1~_; za{`%}SOSfA@Gfn!sHofHvhMrn6MQ9bahqhG9h!a1`MFT^lbq2%bICAi@1<+cm5&mR z6224$=)wblFP!5VKQk}r&|Jd`{zOE;I2+ulzl%&il{i;Ne@Frv znb&TTa}@jkR95^+&6-#}T$w+We^$HBf49GXV1Km)oG^arMQ|4_2a?>JvOEqp&eE0aKG?mBK)oxKF-d`MyI90k-J4*#Jvt`>PV zdIbN0&-3t>|J`6E&P?`N$Y(Lce(KV*sgfontlPl_IXy}{|kQXAX~k@IILz-c?@ z52fNX>XU+4*ZhPW&V3e=g|!P!9D4c6J}%f0Q!E5ntIF;`%ZW ztoJS5BlMTn5lue})iDVz@b7$VCU@HJc5=~B7O0M?FMkDGrA^M<-=l|C+VA6nH!OO^ z&RC@IoB!QRkD3Bdi|7?FIXN>;Ee!>jDin;vf-%(R4wgta%JZbog-u@xZuloBDx5q%g zNEg2`z=Vm7d6B?iJ{C3@#=nGzi-&iK;0nPd{LA=wc!WfRm#h$kp= zOA)T)<_Sitxf>xYvSIY(*4@- zf?7mob+FIhK{Nvk^p1B>z?TVcMHE2Zf1VKFq;>~D<8ZK9pGBSv4%3kuv#vCoCC%bX z_4nT0+DkY#T92mV6q%8xR>-4Dk&PIX2+y~&9buv=YH9v{@65{Yz$uKJa1I3+(6^*5 zK6&TWI-$5_bC~5kyR{#4GWCkXSoD85mJ9jXPEcPdy-8AzuHD&4{9CMGGRkZ>+r2U%89hxg!JnT)_$#cVz3&dT(nfGUFp`cpH} z{|!vqDHm<0sL`A%y1o|q7sJ(#hpllK&C(pnm~WG%P?r?X1c$>o(eM!+|i`BE_3 zgFe+6dPk~>CB#tX_OnM}n?SA-Hjn0KBgS}!d~{%NI_;zA6+pX`VI-kGK6Q{wX^=o; zg#k-qgfyPFEl)*?Sizer`t<%sA@|;%6rD!<+BBrpSn=iMnGbH9A`4xziH{VTRl8!n z7oq0@B*-M{Z44N^sYs})EYhZ%{V2;M8ltMLj62g!Z8sxGClP(r^$xyNp364FXEM+? zip7|`4-=X(T`tKE*NKCr_Z=!ZPx(A%w1+QNu3mSpkcq|^V~3Jk3{_7NFFzM`gI9ap z>k4Gdw}KiXN|#s*@JUN6XFL)qDEDe8F-H+Ky{)_t#D@9m1-ZU`IVs~6!O*7hbEwCa zV=3&&_GpH^lUmN@6f+;?OI8!%JE(S_v7fD>lIBnTjzzf<1j!p7*9~x}(?s&d1=olr zaI$4P?0ynt?hRciWJ`JUHNVbdWK~$1mCQiu%k*hpdr&V2EBAAxy4Ye(q7EzPM0q-l z*T#y8Y3*(v!gDm(R&OgfPBNu-R#q2+AYpN&9-g13>3TLjnwjgJ$ilARWU=|6KfmWe ziCMIxM#UC;u6km4weDHNGn2uTOeX)9Q zfJh0C>UF#(T*c(G55~z*Kw6Pa9%X?MvvF z4I|@`;qV-X*KtWC%$)E zB`9DRInO9Dotz?RJadtDisSD3=33%1HaAl{c&x3l6khN|=9GFdTD6=j6n z7w;6cdQT~=pX@$uF)KJp-zZDntEWs&*;r@fAF-$SgdESOocz;w*+D_qX~{Fz2YL6} zWQt_OUiRd*yli9CDN`<$5Qz|q&MH``4WFp-(s0aF5d>Z5L~VA~6_(nl)U@ddW#J^* zXJKu{qgqWhdYnWCb01AFi{aT#6#GOZn!YSF&6DQz zGM}5#^MO{I$oigLuuzV{UV=O#mMzt#HcztdMTQ3#Goxaf_x=Y}A$0?CNYvF=WcNqAf4Ryi?;IX6VFZ;4wz@waLp`P}Qf6 zIYr*vn(dQWynz($Q%5e(h^JInHPm50@H?tqs@^lQ5wH2kj?95l^VbCW8+f*KyR7w; znC2*CawR#w^Ta5Bo>=IZkH5ig&^h;^FFwQlW7*@H$Et16&^7e~_Xd(pDw;LNqRwS) zONn)``^5ZM8{6|0OT4)rqKrfiS3X*iyA$bTOU1)v?oChbl_lrLZWB4u1(O>YI?F_7 zb)H5PrD=1de|bP~(=*9_P3zgdx(U?fYft4hE`#TD-aXv3#Qk{6pyzKD;~!9R|LTUP z%syd--@xl#JR-Ap7Dtz95fm^p4*Jr)jb|eIDTg@?L=Br+{Z!*zA_tLMDwVr_#k1JK zl*iKIg=!r(kh#Z+{puVqwTo5kw3Pa~YEl+LbR`!_uCDT!9W5ydpRq~~j~3mtuDU5W zk-%7oyV9l6e%d*rMwFx`5P|{<<-ddz)jB?MOw)2m$6qsDhHg4nywiK)Mx~;z_(9!V z2eKM6B`UlW`fLho# zPFl=)E+>y@1$8)gBn%cJ?Js7I$`%oK&0$^qc)9owk8UsA8MNSSbxcAeL zX^+=x;|$2OZc}x=a=3YSEfL9;)+nrYs?%X8(4nF&qFXVF&3_3^ zbjqTCCQ@ieq%KW)#D65a?eUcg`Y`3&ak3-I%HbHyJW5?Si&uk2l#nd(xfM)IuR{X- zL`Kyt)I=WJ2*N)x@o0QTI}Vz0h)9#wQn1PC(YLT2y-t7g2I;7Z*6rGnJceypiUk6^ z{7A;RaB4yS=^YaUA`^klN*AqCw-!@atwiuPkO*^zXi8m2B=#^Q(7O-BLOaaOLkRJ* zVaaM#MA6~%^qz*Vai{5i zPA38zfg>GxY;=9pGxQ6p{LQ;|QLd2WDrRwZt&Oyx}z#IM&PS^wPhK1kTQdY*f_ z*vXZ6(0TPSuTeuewZGDi*(>fz-OB-uZDM=2MMI2TIjyvB5ttw92y40!opf45c7n3n zDU=$Y2bkDInDbsVJDIRf^3U`HB3eA;9miGgj_twk-1I3TeijkD+bgd4Y{+I&6XwL1 zTexds4IYB>s@c0dv-|8O~WS>8-=Be0#i>5rx0InEZv>KgAF`+-p&4^ ziik2cE=-+?+0L_SL%S@Jdd#6lXN$8Ym8CIm%(rCseMGRDmXF{9IOuF{dxUfLdEGoX3Exg;C`YC@t`nrF!hb6V!E11&wtqSrC6)Jl%;s?c z1d=%r5*it-V&Fa3s8VKDmw-L$yB;!IoIG5#n*BOpSBq7g^2+B#*J$zQ{cX=<=S*Pm zm9}2IkdTlR=*rii-Fo*(h(h@4*mTx(4Swk)+)&oCiVy0^VRl2Z-&ogU|rK~0YgzkCm zXjV>mt{O{rnzLc0y>P0BY?9|pb)t<#|xjWF5mqJe4cxH51R-p1i&ch?gt^)BzE@Z8$R%lr+>Yh2nn31V&>NaccHZ!we z*o)*wM~aIJrQZ@-8=|u?|LKih-3LU&2{NQ44SLce{&D5~;GMj*v#owhndH?oLQg)252Za#|Nr`9XADuUJGbTd;Utno#)E=jCW0#|iWS>v<(XHAx0 zIbl4c){j)f%?3yWS<~!z>C&Cx&ow!=ze`=RvdL<iullz9n? zra7v(bVusB2*z3JwPrFKXkVxr(~bnPGS2omZiE0|zY#L!VBG705RsAcNWh4Y+b zmo@IK*tu|Bfh6y+Xsz$8ZN!hb^aR&QhRi6vloGVC4vo2U>zXPVGQAr4`IF{KlZLP~ zGIb!a%4cwyDn*;?yeyh*EO$?TZ+mS6KN@lHiK;+9Z}PL;jP0=6(xb2Mt2Y(aA>uAKL!CI#K28FpgU_p2?~Vv_iN;U4j!AKL~Te47F@S_w?QMpQdv{ zvnn3ur17P&rocJwvQt2z)wVvJB(e9_{0!B&;Cb>(MXYzMyv-juGed}c)RH|1!gw}h zpSQ~fg*90dU29Tk;J5t(e*b-2X2iIz zKf%V)X$k*rsO)UYcNw8#g7%q8^Gvq)+5JIQOTj7v_m|n2Y@LU%$y9xVPx`P=O6T`&-;+&+m?pnG&A5 zb51?#{`QESgX({Y|F0{|vtlAFQbgJ&qq?V{*P58Q*J`(NSA|K47oYD53{FW&Nr$bV zk6Zov_^Mc>*gok9&XiqwwgjYL@sStT=SGbkkE7Nvon=>4sN$3FU3YTue{%iRZhxVP z^Sx&kCufzV1E*oHw)9mn@`d96{9^QvmtZtdvl5e{1H+GdjW>I4P)eB8xBaxf{|dB% zehW=W)Sxp>kR0%)L@MZYJ+;t)mb9rOee=6FTE>W2C`oWz!@T%^T z`Ge1CnvEa7i<^Hxu{KISy7pkMA`wRw!6|1cdV9lZJ0s*<_5#1~;_0hZgB3?3MgQFL z>T>VkefG~};yQJ;VvohbT5mULf2n!1=Ke7LKE%C}FP&?e%wf`8FF_9}kft({Cjd=h zVo?~(EyxuaNp+~0@QK$at9o4%5@zE?&WGfl5=n=KNvq%QTqicCg@(i*JEW8~Q6$9A zD(fS?bEEV9iR`6sk@h9|_K#Q>kj>{A4`&pPGfd2=RPW|#Ef2Wtae}Aj3~v#P=ZZmL z_~n?5F)G3OCSA9AVs44+MP|N2^^CRdt2=qA`J>O=NTPy8x;Ctp5lAr=1?~P)F*;5X zqS}$r^fYQueqRsB>wMEmt7^GuCK`6D=Agt}k);zurEf6GShsq^K`j-76e7xy+8J5L zDH-=6OJmNO%tF>{f&qaMjF$zgkLixBOMwa{%(?;$u4V`;(+CVR>=JBXNbIXUbwET6oSzkR~wpCFA zivpEsI_`m)eX>xiWh;rC`yb3XBdqKoOwOappH6J7QlZgDR1VT zvd{YYDjRX<)!@ImA2R+9J6CTNJxktyvu3Fkcg2QqGx}RT`J7J;e%TebM0)>P-G=!X zz1a=CJMJB^@gjmAjrKm^ZgCv(x{tdq-&3qD4uvxBKPd;5BFWK_^(u13S2;iu4C>KnR5c)9tJy!<^8J1oq1*(NrW5$zu{GO#OU z8x`Xpt4=%NC`_`y{7UHCWT(3q?3EQ(qgBzvu^s>m2PPHtZ03i~3H zfbf^JTeJ?5*Nl>$U~fi~CCD~z&hYW_PSE8U3oDIkeuy=)dTUPY*tke7i#HR5Z0b3)v3GiG3aC^q92si}33&NMmO{PqhbgJ=nzCfC z-LYUB#ZgwE$o-q;f)+zQ$Myi`(}wpLym|Y#*_w-7XNH>^m6JGmBiQh7-6NYF3}6KD za=AjTG3n&${<^Vp1Rji~mCT6KBS|SDB2)=Z$?=j&+Iky%VUw6e`Tp%YufzK84$r8l zR`%fGBJp_eIAL~7KOEhPzmXBFAP9N2Ex4{Sz@W++#rSV?f`jQjr}dy(t2rjM3B4+L zeR;1l)eX6XlGsIdU5&#QQb=4WggDuWB(~v{Jo{wm78VmR@3p_#VcM+cy4qyLv#AWD zfY{NfSQUw<(^aX&c5U5kHIzg#R0%*0V;A_{9V(|@+vcTJprs^el$*`er#Qlr)Q3SKOQZ12Hw=OCrABXHL8uxZ)y}Ri%?fYh~UhoB6Da@zqNY=s!50y8YP?YUcHV_2DR$vgZ5#@y3}` z+iWS0dX;|fR{lmZpR~l``8DoM?m5OY*in0wF7IX(m)VI&;)h5gmBdlS z8p=DBrZ)~-d}A#WMC%eiSw6P>&gUZgra^y!;;i?XW`*NzF$Edd&!jxm2~kAR9~#>6 zvH!;+F-6Ac_T=#^h~_a7rsD&V_FA>%oztpI0u|0%s$bJasq<$chb~naDshuy-U)`52bl{cpHqgSzt_cC@5s&H zt|~Za24AD`^LM!NPcF#385GQ--*RH>T@L)MiG4|&eB)c@!ic`FcEw(rzHgxAq)(o7 zNKf*TQNoIAWdbYqi-9c88=(juflf1({2Qv}f}a|&h(hDxcT;K)(_2QRHSTBfckeV- zU$<-Cnw9xV%Q`E;8|tLe__fZ9kni$jU2FVocRB(ojqelhU4-D3e;|{5zd=MLGGVdf zGJ$E)EVay_%4$bP4tutX0NXI`e1@&8%-oz>Qa8Sd;Xvl}uJ-AxEB}Av|M(ZFZOO|)p4Uh zWw5%XrnGsAESEdWfH)kB75d^8qjvoA`vy9mk4wSeStZwYW%0I+MXCrgbC{7C7lB6D69-&Sv-YDJm~6XMP$Su1a6>ps^k!7P3o`uXa@ zge7Fddtu9NHJWoTob&$5{SBE<5;XKZg0+e?xA|x(hDp?WjV={uTYitK9efDY`Bc5E zKd$DknkCo9=kNnjdz`LAEEZ%~xFAjaL|l(AHTkZN6u$fPYM$0PFK6 z?|?>8B!G`vslLVWExa;P5V--@74u;uqm?pQ;c71{W>z65+1K_?r)b_&oj!Obb}Q|h z+YQoTD3P$mxXzlpHjyM}K{2xRytNHmvP2b7svQX9Oq%5*=4m>PKkGVn_I;?SoYm}T z;msPXcUln9i}4Pkae9B>`>3Niwqfbp3P<#5j)Pan;r4?=16pyYK)W85f4-;x*w=&_ z&|y<5GCF3@8QLJaM&^!F&>7nk5i#Q;XvWI&ZM?8|k>>MbifT(+8dX*CX7z|p6woK~ zWgM#S!z!dlmfYH?#gMNrJ~M&>YQEsQSbwN`hR~kpsK|Lq+c}?jl*lrpRvV`^=6xS} zeux*6@r!nVRt6+vk$ zggVu^YAe}`O!VT_^d{!>73Qzve%& zE$gx|F%UKBG<3N>UR$GEj4TyfR1tY^(96x{P3bPKDQ{Z>H&48*(bm70@837ydhqrB z(WtZ^yFC2t1{sa~oDj!wa`dPmJ*nTmX=&Pr2hjy14O_{#)s*8Dk<)4X;*{&UF4r(? zYh&%T9Y4v!*bvMRh#>R3^Le%S2qPmaR;^aex+sqTXHIfL*s+|Ta&D52mXRRSxv8um z>?1TZ#lExPp+&`9iEvTQ8x0 zOzJ!MgD+3)#v4jR&bWfrQ`0;WXA2u3)nn{5!pt`&DQjZVdRX?p9UjxABytlFGLOYc zROJvd7Z6B#_Xd`k9EftBk0eD}}i?d7DY^>=ALCV{htG?R+Ftx}{qAs7?Y+ z9p{MQEW9tG0%HD7efpU|C)X|+RqXSSM%E1*v&0q@pb-PF<-&iO?0SvZNWEg|io(-a zW^MJ_MXg+pm%IvQ6soFDOpdFVzZ_lvLhIy@k)QwoOLSBrcB=$mom|{-lBLi=%0*-~ z$m)yj%b)@ADFbTz@e)HtmA;hA8i_W|d=eokr!!uveu!Ctn*7f^<$I@VlAFZo`E*bePHz!OO%atQ5kZ)SDw)?l z=Ef{+C$esb(OtDpSf&s&fKuCVM@P1>JC>Ls11q&gzomKBIM5< zLuQC-lc=Tr;epZM>-Ht$hO+cl%)ZUlnJQbwFmYNudEjeNqfHC)1Q~8K;z`)tLnX4T zlGm<6Vq;_@` z6+E}~{ovsE;K-1oZn@j1Gs8ps_EHqbSYF|Zl#Pw;i@tN00dGYjb+@*V*`o&)GrLlK z%Q~v(=aq3-RNW7apKF%cxy6TvMP4ex+S>0-ert*}`k_ zJCTP+G0N3zne9eS-&#DTCmy^@a<|n=s4=glQx)_tAz5>Ov?O52)yPTy!1UwGy+`i) zqL}fjMYlYYL&cg6<7*T1$mHObQ7qn+OXcWH1d^Gu#GmJcCEvcUM?5ty&C7n)t{gND z#au%4s0-P{sjgg3v1gXH-M&*lYf8mqGHh>DeRq;_)XuZ7uqsQ(@bOfEJLFkIr+#dPdETBk8D39bss@H2 zuQ>^_t$h|s^#oeSxv7Obmglk}Q^8)6H|MF2K2TN)d8|6`J@D^0p8nc!`?>rtd~jeo z)#h=@axWC$K!7orxk$Be+K0n{l1>pG7+I1n$jU08n^6gYFw+!ouC;B+AilM1F7!K1 zw5`D`eNHr%C_Yg%v-;5V;M+>whIt-qfqUZi>wzxiNAu5e)e(`?Tzd73cuwkyRdc25HBcTPJG=Mv~`y zb-bSyUG@FAq!%|yk?e*D_8An+-vZscw&f@4r8cdbKE>x|UQ6Om8{eWq|7g?;^a?Fp zLI0>6^p9FW|EO;NQ1M&n(VnNu0c=ND<|)l!ctKGU0ydaaX;!HbQ*;{O;=WI%<+l1I z=}X+Qoj(JOiL^revtvot6P6>Y%q|>q4R{{=ji_$F?i&gPJ812rWB*J1pQNz*NLEA+ z%-3wi^Dv2DxFN32QRYzW3)09@t!hp);{E2`wWT1cinb1&QPQt$j*IeH|L7srO#ry6 zxy1LkA%>q1PZ0ix@gxTD%@Mip`J8uMtx!LFv$@sHYJzUCbJfXgW{~XQoz6Wc{txz7 zY?t;#%QruV-!m_ku1oqV99*@1Og(w9+ul+!PB+v0o$B4x;Thq^iO=HPd%I}lr;|wY zFQdcDH#%}~uI7_VwMPQNo1AMjTT_3sz2pr-ymh7~`x literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/opensearch_username.png b/docs/images/hedgehog/images/opensearch_username.png similarity index 100% rename from sensor-iso/docs/images/opensearch_username.png rename to docs/images/hedgehog/images/opensearch_username.png diff --git a/docs/images/hedgehog/images/root_config_mode.jpg b/docs/images/hedgehog/images/root_config_mode.jpg new file mode 100644 index 0000000000000000000000000000000000000000..d4bda7b0fdd49ed4d15e1bc0cbe26a3553beada5 GIT binary patch literal 42071 zcmeFZcUY5K)Gvr#QBdM|QRiU|-TK#+uTqyz#61nCGI6$GS7XcC%~&;vq9 z=y0TmP=pW=LXl3W(h&rQ^WCr9xp$tK`Tm*t?#x+vo+QuvzI*R?uf6vA?Y+wW_4U^` zrkh|rkRH>SGiRAZPd`k*=u8ip&Yk_6{{B99O6M=0|C=sfym;Z_mCMY`S1w<9V!L&d?ezc6zbiTOcgb_-FP|2?dG*TG)2shU`t=tR z>*X`-XN}ICVP!hYdgdJKnO|*8{7h$<&YnASN=*Mo7cZT^aQWPoGiOh4LvJ!MT{wN~ ziBDEwv7Wzs;g;NelXwo(ryc_r+1Lf;6``K5FcqBHgF+7~FMa-Q_j-C$ zSOK7H{~{r$W&76{)3wu=JO#Adc@#!kW0$t83ci0@cyVZjRt`mH>9-G!08AN zM9NwH${xApg^@j-;4@)^AJ*$aUTn$-U1gzlV!rcAwF;D>Lmc$KT~F-vrXFQQ>`19t z2pIhJjBqWWmUtY0=TCK0{t@H#V4*LcCanBr&is2_ObkO`Ywg;DxCgD?9&-&BDYBg< zX||)R2j_5d6J95aGg|*N@h?pOhf)7X)Iam$9|iKikfyzEvTyNN47MO>`jI~LguP}Z zr*b(pocr2c1C=Qu6Wn zGz3R=WeUGs{=ehep;oB4tK(j4tbB@^hEHZ5PS3$|%ZMwY>+o7<3`0A(e4Fw!b?L($ z?}DxJ762b3PDTH)&*K_z>cb4Vg{5CimVLj~{M*$Fe=QpN*J%&Gh>*UdZr?j_LP)>= zT#YK=7Pp%|bM;l>CDxD+4%IEs62+3H37^xgK7dkA@GH8<-maB;sRyOUO6 z#fd^u*6~&Ci1%8&UB8$-vig28v8w)J64P4NmiSp2!Ec%K-^+an2W&CdYlBg#=?*&D z4au~f>(}|~2(O(K%=+8yiy*$n@;asPvx;@O3XWY_0NHQ9zwQT0*e?soqpOfQPVr(r zJ!D}WB=SLIt&!=wdfyOT;+`;!tlI}6yKj)C_x6MYskJFy)Cue^5uRN~>1dgu<>Cqm zfXF!`t#!uAf9l)H~GLFV)v>Y~ckjQgHhjvcM8uI)C_pV{SZzcAaY7ah-} z?C)7k3Vw2}5%?HLH32EG*1r5<7_Vc4E7HVRWFn_gLnw-exM=3)qr-uOQDjOGZM~ke za}2OtQ>JnVrw4ANyioq_Z+^+TdPl&Hd4d9RaEah&PL55^5F8siZ>Th?!=H8iW|0Xr zDxD6;WK!+S$mY zN5ij+_+xBSr*%sCQK>TgBDuy3gHw??uEJv(bHk|l$2v}FE)=NwtdLMw7%^Swp2XfH z!T;Wk<5Ht}Q31Y8(0tznBkgq4#bi;`c~xUdV={4tL&WA2RY%bjDUdAH%e!k7O_` zOepAvgpR+-G%YvrEj%$4Hz(Xf0btB>geGPbxK^NEj>QL}y&}zkVs8$e2|RN6r77xU zX);Qum%rTC)Qwt_q!tN0>NN|-{9=+$OfJAuiyo2nu`dO?`h^ZJn@dt-tOpyLFdjeK zkI(J8fHQa9CnXH_T$kN1{LS(IEIp8Wa{#%7Q|{ldd0;Ze-F0sRQHT4zgIQDcnI4=A zt?$)4RM@YOB-Q{1(j(lfAZcyRW70{&ShpWjuMya9E}LWWvC26`CRKwZ*xIUEHOhQS z_|@`An{r5TMbAGj<<;dF7?R^}N4|l_ zd3y73ViYz@WNs&ON$d*lb*GtZK%=o6C|gpyWXbeUwVsE29W~}C!L??yQ(~T{!tKk) zoO*tGusQ8)nui9DrL&GBG8aYr`15=bvfE70@mqQDEIaOkrjgi?O^K=N8%z|S0WA$Kw%-83i@zdh|qs{c4p#7RSIaiNX;vC`PZ-DAXxs8!_ zOJd6DW;~{>;@(jj=|h5f1UJ*JM5C=T){~>RVTFmgJ+#biS>rxxImCbl;Y1`?7Ge!N z14;nNx%RIuN`}>6|G98Pq@q>!%fC`LuyN^XFqeAPvnWq7XCYqjX)nfKlhViMuIQpiFo$(sgNrrYt@ClMpjDbJ5u`%aAlN?1 zzF&)OIGbZeZr8z({JrkB>WjV3ZOFZ!$}N!Oh|`@FlHZIe6A@>)^p=b%c}}dge&0Ui z8N1~%AWNvm8yxqN0C43}t~E^&QfZp?hutCtWED17S|a22C|aZ;SGkIf{qdo1MYj%L+>L_MneeuH(% zyk;lx9iZB@ln9#3!OnD=nrz?icv#}`2y8}N`c8`%n5Eox=U4vjRl$5XR<1%C+X79= ztQnBVHuK}`-X2@o$z@g2)lRob_^H6XDPg#usngR2L%CN1k?1cxuMm0d>R2H?XKZTG zYk+4PhU~v=B2ap0=!D`3*cESf1dX~`uFus9U1A!`WzL!^F56$7Iy#v%VA-XARf~{& z7O|?IU{qq&wA=A6G+r@Jb3-`sw`x{a%%g}X=~w0LW@!UeNP2Tx?*^%=>}b{LY0+oY zm6lPphxK1yef-4Ovu0juu{`jQE0EygyCPY`*_P`~9_SVzYD>0g85qW#2gA0Mc!FP5 z78B*nmp+GpbgQZ*ArdUU`P-Axm&yHCAVlMn5!JHsA>xQ9skc|i+!i?%fAO@KMJCl)0^;M} z?H)@&={%`EAuvg4E~BZKiM|5PNInLn)zX6Wn+?a4B$1p7NF)2ZTmw*QPgw77+Fi*u z_uv{@8dX?I2e4q_xk=$3yv%l2B1!4aahcKnSG$z-HVB4ZVxWC!1;_qkstso4Zk2E> z@)BvSmQ%nsx)bcB(dtr*wW@uFi!KK14oIDXn^U6kJ9&vnORwneZj}C# z*YHvd`nj&iTwX4JEZ%jGs8pQAmyWew=%Asv@RC>X_4E5Ku&NQ)28>7@PUZ0&pL{_= zzSEKMR~I!5s=Fb_j2?cXtzMQc zvVFpEHS=(f3Z_+ew=E=z+hu5CheqpZ`8YRD3)`KN@4#`^k7mH-V+wbKGL0u<`|(8F z!<-Qg6CJfXRib=dW9}G(&_~}Novsn$I_%sma#6}-2_ytZN=a}h7D0?chrp!80VP?k zO^}Jc-i=D&z#n!0S#V@x`XAu2Z7NTHwk&F?%DtV!Rd^%}sG9%m6)Dwf8*Y1IVjFZW zf6HPDu+`jSB$B!B{FCyXA{=mr{NGx=G_WdkP+YCWTM%LtKO0~?Rq}J|7n4YU$fXI? z&yw$vOn=E6!jq)aEMM=+S3qLa`9c{!n#s@=2v=8LVRUqJPZ*yWDGBP)t8kG&&Dpdt zmacdNi{p&l6iY84T*%Y2yaUOPR5#WZZ~!PTTN-P4h~F@oR8!ajraFDjF8lh%#bkCM zqu*Ms5GW{5kXPupvcaqyfeg-xC48L&mmHDP7+OHt(5*8<&%N9aJ$`s%6O)}%=P)uiLtJ9#LnbD+{hPjQCllx? zYlP$(r8}2pu>jq=HY=H`)J#e{pw?(W2r#D(9)jE=^F-<> zB|$GYNI%A7ZJtP!OfGriVZ~pl5dRMLW!`GI1Qv?|S={aK?bR7ejF~4d#;3Bre>%S) zT+pcXtkS5!Zz?7ubM4){WVzO*3yn&dK1P=GH>f5JP_JEYl{9y>nd=^2pg>xJoqnU| zHMLJM$qOd|HyqSYUC{XrW3dJcDtWUC@O7xsDC_KOAWN{Yh!^A)egP@Qz3Ix$6$?I7 zeFU5$e7{EhHvcU(<@dDo^a;If-}=dow0>gVlm`cU_QK$xL0_|8t0!4}JsSAU?K-d^w1KNC ztrR_%Wf(5ZZNRZ+w6d0c8Nr%vigZA}F+~X}rp60c^F|ohz{^y~@g7kq;wMU;<#0@+ zx;f;PD^#2yD&U#-@HJJs$$t?$6dGR=e7s;6S<~8E?(}wD*MW#Dmzv^VEC!~b3q6W@ z={rNZ;lJhUJ(c4X8GV`PI{!Gm61*!89ztv@Xl~2tjG^$|lnVH;6-VVd@8LQ^+{vw$ht2Ko0jXIg^ODbcba61<97)04IbM%4fn zqGQmWWG%j5Wo&Qa*fPbO1T0Y3m;z{#Tccx!tdE@>3FJhF`$Kso6v2LYiAk3O}ytwHx0Q`+s!( z@<>nhC)n;%4$Zbj9dHMA=~G(7pG-`eIB?WONooPeMbmGsXe86yAyhdu*#(*y7!eWC z)3eWd<-x7=M7y%dHYn5t0`++mi#EO%&_O&dzY~r0ve78Y8vA)I#HiIfexX5c=zC|W ztL@n4L2J(DgyG4^H!T&GVSVf-uW7451wO>JbM|^vr?hlQ)|8iEMrrZk8$X-LR>{5fTsW$Q8#{c_G0M4B!GqJEhPAZ%U>G?2s__Zt1 z^WFMMP{#t3)LT)CMLLeD+}ud(i+b{mKjge~3c!ijz#)X~>$XiZaSH4OXs^m{?cbSa z{I4w1|1aF*|8I=jKfU;`Gl%|{8VkciC5DrgXVS&VdNCU4^0Nt3*~O~E!PoMqemQ0Z z!CoE99i-z{l=&yWbWQIP(?knS?9YUPh+NBMD%QOs-%U@>kBRBp+mjn1$H=DTc3%#; zcIKPWf1I$rVi*yQ*Ka2Jy!B9FupX@B90GYaJ=>S>k*}cDo?8nV$c{{p{9;P9nEIX3 zkhD*JS-#B%Drg+jmj5YF7WmWi_kUSCp4kb!d?JDG*JDgk9sDK}_LqM#X*QEHBVX;q zLnM9*{w{kB!y2o7>%*%hqQ&>vNd2+|k694&R;uq5~%fs(0++%XK{JJ3{ zce>>&n$}F`L*BmJ2+a{QuF3yG)c0l`bdlO+tSFf87m4$kL}fjf`!xn+Kz#6Ka*&$nbE>^I&E=~m1Yn?F{qTmRNrtY8 zqpu@?i=940l4^X`FZ$VE<(i}VE$<;m1j5{Qi^zEdLpxH4Tf36GBTKr2j!e^cjnT_d$S6>eUM$ zr(?ZcTFQ4mu9beIqrboFZ`O>)`qu8{pNN`0A1?CfcwJ~VB7ruZV?k>U07McLu^49| zfVeR0O4FmE|>8zHgI1^Z5(XuN*j7-X?bTLxGkTpsN0tAeP0>J9`Oi7i) zP!bI}Y*g}$@Xdumg4{0K${C=(yLVtZUv8K}&$$;Pb88UffWfh1EmGsv>SegE^@`8m zNvx{kl;j?0a;ajg^!~WU51TM39NP>TC9WgcKdD}(g=vH8e1~0b&`1;~th?lV+lSeC z`L=+Q0!zg!RXiFdBGQU2;qJxq(>Rd3koQnwpUF-tN>F|hvCTJf=n+l*;4WIsi1t<| z;#4~xkF<#wtu+;6!0%>#wx;46wy?3xnIg9(cs>z8W1J{Of@d?Hv{%8^_{nrPU@X#` z?#upeNR5Mia5$1Zyl4ZkTL4werYgXVb75;gxF{*QbNh!;{Ngd?e-0{gFeeuMpm&r? z>V8J=e#98L>y`6=%zfLU>Bt=GVI=AYmeE>1g3Wduw*&^agbSYU0lkr44t;Ab64Aru z2`Z&xO@;Q^a{#QV4*JP<`w2FP*`GP-9$Neoe&R){!!M%hVz#|T@a$^|^*SDhoUt+a zv$i)Iwm>zO8zeYg#>o?;Fy3wv3Btq;8~L)Udkkge2M+zv7rq738$;e%9hzo6VQ@iK zf7)k$4k=Z&vXRCl^IEXL3esYXH7;pXJIw0_Y(@pr6|(0tEKNauG%IhSw{;EO)-J{A zq;KH1{_jkD`@yDY1e_RI)BYTuc!WXU^OjC9d;`@N=eRD-%Z!K>$_`AlWc`^bwJp7P z21Ya#xp7X%c z+9cu+xsKz41#K!cvpM#?z}Li%AHBm-<`SBXwG~!g+-Y(t}9+7hp|k~@72k> z0}1SxdEcJOpc!9 z7BEoU7}1sBYW=Kk*_8#F4(L=)!nLR_;K5`)9Yj~Z!nmb7xfLZrT!g>Dxg@Txd1qGE z_4{tvwLfDQA1H_jGjax1O=QA+f{xZI_oQUJCL~#aE@;kf;>d&WyUE|0W^Pxr)Rs6J zNve#emG6a?cJ-DL`hiDp%O9Av&s3O8S`5<~Qi#h1-pTmtm$nsId3VEG|3J0Gq^Apx zl%$gu@yFGqo~{n10S<6$v~tX&M($d%t8O373fT0mxS&>*YDNwPFqdAW10o^WMzg~v zx^M->r=MO>1pU&CFC}TX!6?LJIoTK>uMxEfZw$AkI|Usb?D2{=Ql8uCmp({(_ndjA zdP%a(Y-!Cj9r~4A3Fj4MaY$l~pK}2+dhcC{k5bqQ%PW2mECPK`2~3G&MS`f(eGuX zh1lJ;Vs6tbo!2slj8LMgf6{%P;qSaSR$q;IQuDQ$UlM+PjygRw`&hU;*fsyPjUxwP zc_Mv!F`t1#~?g(eYk{&()jrwl51`P}2t3(tH_LMweP z|B>=EF7`9!g30~*`~+i1>Zxt8y#ih5IO3t8S28ZJt>hy{(IEDtnHyeYQPtK`Bg9$T8Tjwj5WWkR93383q|$aYH$MZQH_*` z7m4oH9pS8>>^M?Ta(-XRBlg+lOPY03$t_mF?!Za~d7xgvpo9LjgN+n{OI98Jqi4MsHUDgyN$p7X{XpM%m@uy2Em5|gBu&`c_q)(Dd~=Sn;`O!(!`1z2m>g-iw+yW2}G;1jk%z)=sc0eS#0hch}6VU_5;IrI{h z6jh}Dg50g%O$QWLLXJ|9NTW;Rl#BJCYJNRHN1SC{VHvGxs8ifk%LOfhQ!W4@6O(mo z^(-?_-8|3V%0MVr)hWF;iulrXlGa}J+EMnK0gv_v(Ku7{(_x1H=sd=!9hW&w-{X4< z^u6THGvDjW#&H|pwkVUqF_NOA5Cjs^Gmy4T6cp5~r0%>!J#&+PD;+BKkcOrY8`#ny z{ZjZ&e;{{QHdN{5_HLpLZ134|$;P@6N#LAbqxf!Mwr^-eau0JP^=ZFdxS&I1nHT1r zf__oezu~^TM*#eZtqR!e7gLE+khKG5BZ1;(5NY@JtZJlLqUf<|h)+p<^X0XT>G%Zj zzB0{W25*0Lg-ZwS$w;i0=p9n4OQ!T-pn2SRLkah}W&Af38Co4c3gol%FD6K|49bNV z6c_A2^=|g7^-^j8`qV*bY5}2_?rXTiloAn_u4FblE9%S)3^5Y;gvmj5SJ&o#sA3E~ z!O3978a@Ai!FF6!hq`H6HWKeJN0_abd_HMs(K0C`?>4bM%bj_gu!Da}w2RjTL$goY?Xck_8g1Td z%#*BtXB9gF-aQC~LHhQ-_V7XCV)zs*6c~_YTYy2vU%K#JMU36!)<65d{;ZZ_~tQY~L0;=~kEh;cO9i*HG z_6ZKJ;b}V5W6Zd4)_T0xdcVhqwqO(L$nfKnOi~%Cvia)rTDAK*!Pu~jM;+3z^rS&T z^^4@TBkeudP{4dP?=@+j^M?pGD^sV|fGnw*Y%nU+WgZI23XR@|%#8cH^FGs+*lrsr zG8$tY9=4!+;ggT<>D9A9lhn;;O{~fK7Qh(rM%_v(fbblgifEm)QyO_G{l+j}uIm{u zyVEj{+3W9#n^lfo1^3=)Zr`ry6_>gPc{e!^U5U_<~6!-Hh*5{tw=gdGe7wYsHFY~qQb={b3{w28l3N^ZBf$@zlTX2;+* z3&nV)Qb;~RDe&Gz`NJAvBFjb)gOOOsm<&iA@(1XDK{^D!tv7@w8453QcS~QP(0m#b z$a`Gh&CR8BWHwEk6$2T)uC3QaJKqca*p*be;y|$hj;bhf( zV|mkpnrMp9z1LmND|KJdmrFWIPq9$4R-**xl{r+;G8-dN=cej(xlj)p3zEd))5b@6 zJ6GJ!-S&5wG}qKF7_~669F6YBwL}!g6y*=W`4*Nn>6(>{scH93$CR8BrMQx}ICENl zP6mCL5LiynlHTU!HMTv&vx|~=F;ZDct0VMH#7=GIM8E46204b`F%a`;%Z5nqKi2c- ziCdD6AH;HNhzz(}oh&XT9tq+C;1-14;iZ+Q3f#eOL^8n!C0~*%tBpksOp^Us-KMsj zas38G2BXH*Gz{hn_7FwE2}K$WcS}1_*qY+!Nte52z3mdId!=J2 z9M*U_BkP=s{!$mT{D!vh+_$-JwAD(&wD*y%RGjAZzcf5ky~jAN4$kEm7Y;Mx%-@Zq z8mmNlaCZMtQ7Ta$s??JB;-FvC6TK6Kbv2;vyfl*1y|81PV9V4Tu zl7>?cp<&$3$-)?)`UHwroAc6vMdCcfx8Q2PSlPa-T`V2{b5Gz?P!A2$ber&hs5-4h>d@pZ)eoI&2C!b76CIemwkA5jwu1{F zCb#!$XrB5&CVwD)F>wvhpJ<%jY3m=7gzmX{3F}%_OBm!g3=W10LBE*9wW?g+M+r>^ zU6glWh(G-fZ67H>R*Ph8IArW0Z)xW(Dp@diQAZ8tNMj{ zpL(kYc*eya&0wF*9baZc&o88O15l%VxS8Vd9k+~QW&Qstm{|B66Z!7#*-h~XfhhBk%S(wtc>*nNf~Q5J zX0qC2rhYMf8PdL9k&!FI7(#D$Zbd(HuQ&T)JDsJGgHO%{h7(g8^6I7wWTu2sQcZC` zV+-_`vc$wt{tTY=SiFHapgicwDy@z_x$5v zeG%tEm-x4osDbM&pE3uelGERsQQub0LAZsxwx^ogcVbhzH$=Re;s;gv<+7cOV6Co) zL~o*SKF0sEiud?a=U&n9R!D;fGlav`246;?xan=Rw9{=yKEj@K$*m*`wXCD-V$T%W~*8G0!=+}rNtEIoms`7o&aH3 zOOZC@y?j2j{_zxXIYSo=*-V6+8YBJbib>n20h1YQoNLAR1c#-4`Rj@m8D3lrx%48k zVQmL7TNvyCwqzAG5!(WtLf+NGhh0HJF<-v&T{CC)78{ANEcWnXjDkqn99$V#x@!Yn zG@Sb6*}a5VU>zpZZlrV%xB^8g${DT#0k;#U6~HNQqn5lfbtU1rg`Gd*x*oP?3w3-&{M%|yV~ z1MJ*(SM(rQNRtv0mDgZ(QK8GqO{L2v*r2W=#<}GR+4^%$)#?_M=0l?F@pFnAnH1#@ zCxjwiqejPm=t|SPi9syH`IsFE{JVP3B-8rhBt|a6 z1-2(Lb&J2)GCCBl;+E|_yuR-g4z<=vv$H3o7p128k;9{!dy*PfltG^0x1yI2H?Ei^ z7663jU8Oc05_}B2Nqan222IZ^f0)r*E?l1t^BwZ%s2iJfG+W4kVBpkWOkKH(d0i1( zQvGtZTgK#m@g06u=a*;~g}7lO_JNr=}PeyNOKrR zOFCFZTrncYk$Oj1mK(;Jgs85@f6Z|jAp0Y~rWc7>kE?l22XrJRx{XajjyBe!H=rcj}P0ci7%~&HSYCeji2`__n_Nb((}3Xm^2U zt`))D`-aE$1sYi(Xdjz>p89sXt!fJiR?v*7UI0yP#o(^-gW(TIKw^o~`I^Jx)9CcI z)K^l50%va{w4A$*D+hgTw>luenF}S6Pu>`n69w=B?}u*Rbi|}R%VVH~Q;aHyQ3@0- zwNyVsm%jcV#ovl((O5TVVlv&S^2ZDD=(bK)Nc10sPBe*uCMwUv+!@Ux4ao zY-4(>QZZ&J0KK=#6W)tg`sr9Jg+V>rX{oK-epb>6xv|OeHtr)dBO8QJvL(8jO&a&| z{C9&(E2FMTglFZ|S}BKL>ygFrhxLB5TAy9b#FVZk_gLxU$VF|QY#YE(T$SEKSJQml zT=Xu+lbURq8tYRf3NaZ-MB;AKj3f;#;gEeFVsfBN;FO(;s(5i(=6gIRw!ldekAUx! zCY&mVVWXsxl2Ugsk=p}b2@)xQi}U85L%EM~SX<{fxY0lf;aW^$5>KUObTupTH1bF% zFheN2!Y@2B=88UyRMNL!w~o+wF^yg*(P!}8{%M;!wq{Dxt;SauVGzu8gCNZ%#vlia5Ot$!>@e zd$}YsWkmYQvo*<;1hztsXo)0yy~xLg`|Avjotjx^5wJ!K_7tWFu!eqr6otY4A&3{2 zED_^>iorvH?txQMq~PPQy2A%aV80K-znF?lt$lqKtF!zqIW0Gqc!{nHE>|ax_Q$_B zh(m5ySJ{AyF(sFSO#WC_6X_TI*q=m6*xW&?b$`$jm$K`SQSs(tF9)VHv*fR^ME*6{ zLSZqrp}IgT5l{oEJ>N`H-@VZx*EcN1l|{rPf)ip3Ws0E#dD6Yxfa0c>H9DwX-PFRt zkl*ta9*(p<X+xbi*`nCouBnF|7{E!c1( z>J0Kw;?Bh-I$C$c0V3GC(KTB_ZQ4uZy$rMvpM#KJ0biB_bZx`-;fui8-Lv>Va>jDa z-PIf6THQ47$bIHC%Ud@S$d$r1`1AV7j|AlzniS1<9XE8$bE66((x2Y$xDM3&F%{gi zK|flPnb}E_I0)D=P4MP%*{gc-HEGLW|62^F_{_zdQ*lO3;)+*uE-*|@r5osRpNd_j z^Qd@d%3iU8a4M^SZtCLuu7MgUpV&laaovF^cl%*NeKkvIMQr<1uTTKA3SK;u45M{- z|Ma;K+ARHv5V0isgaN2&=WpRYdh-w$cS0djib|LO+sen);#k#asWLwd&odWF)t)o%I8J zaA$f?l9u2F;K6c!zwrTd#VwV`7}$~1v$fRayhA$Mq(KY)gN9$RVJu=@H`~50{WQ{) z98Sk^c^xAxanGN06z3_s!_!6r?wNXX*3M;eo`#Bwhx!q+i#3!&5ABTMkG zs}F+9t3=}lq zo+O=4X1rKoS-bn^{31BcDFEZ%INnWg?S+q^dFF%9ic}kt42y^HQ-9LT4T}M)biZV@ za%f!uYyEx%0R|Ehq$n)NVy`y|+x_s^%h91d>y9Fx%f9s?GGLy|vMR^WMj=%k#r zXN0N7wNyZwg1FeW`u879Ka(J4`A;aX zb=Sv^<{Y&VLZ3-Uj2XB*5D6U)yo!+a7_vqffZ7mIt)Pt@Se&`c`1Efh~lO!;RJ`@N!mVqUMtx0%r$q6 zB(0mqi{UNA zL5&u^=QA3uwnRdiqnSaOJW~S5MOsU=6d&9f!pO$^ILGznJE$u^Rlw zY^noq2_DdZLE^Rt1=!ubpeE$Q#B}jt$ff2Jf~~h*{ksn{VVCt}L$3U_lRtX0e;KUt zP&I8Q;-~jO5NFImt=;Y&hfq>_jdVQVgX{N|UrgPS8y~$U!AEmV7C$2MsFQ1VQiHi2 z;(k{<4I%iOPBV=EFETAJcixFK{Cx*ra-gr1yY|~2o5yKZ-$l)XP2A^%TMo!PeSaKj zMdr6;dW5_@)GT5AG?beA4(K+~rr~=P&L*uYC(U|A(fomu7U-EjJNp$o$V!ZhIqa*r1 z#=zx;elaQV)_GDnQ2t90H*JNVHmlnKjr!dd%`B|cN*ogD_3-iA8zc%VniEnZB0 z>i3!WYvHbLp|&G@t@8u!Zdh^XsEguGvQ?(z$&YJ(6hnw-0Z)RPMo_Re^wba(F5yxV z>W!!-G{+z3k9_7Bgw&-;52=d7-uO>7zk73OnXvsl8u7y-EVX77d3*PT>ye-~)8~IZJ|#6c?CtU_+3(h? z*A9PPco@n05hiz*BgOTrvg3pK!oRHH*=FUYYV$OcnctdSda?Y+bRX0w^j7ohR_WwQ#9rMx4*TNn{TNIbL*8;w}<-O}Sst z!8&-F6)s<_PVFT-s<=v8q8n-3$JLR4d@n93SeV5ak0KD5#x-Omg?O)(pJT)Gh&a4P zT7p$BYHJof!<@RV0$_L%s=KEqwkOWBs*tQb(*;e&bPj`BswSwe!~S_`?rs#(%+3nr z0K7&M$Xi5xM@%3)&_SZf<9q0-3I((TSM3RhNVQc03ceKPMp0E#397&7V)e70V2v&SebPmHxHA+{{KrMgHb5ho620h<(dMGEU7kvclSM#)$s{eH;W zXux3aw#cX3PQDAX$?kwp!voXbE_jCBn~QX!8=4jc)UFWLhFVnT5;4)k;bRXlaKktS zsnBASrngv8U&E;;TXtt8&_}DHWuLet48@2|&D-$GBZ2ioI0iM(S-$GyZxbFhe3me9Y?zG7XaYI>sqeavI1QpGfUzz4^}>@yx-^b6&SQ*o+<*J4r_K{R zBJA$ykT1P4kFBk?sKo_oEo4eKX=bJyLh2p6YFI9{_5J-U3T`Z~)h#F|j^caCpMi2a zS!`Bn2z~y+QnJ|N2)0^tbM=wa)#rONRXJv|dwniRhRx)eDAp zCFEgpHMazN^fHq=x^v&)wH=8o;C<-p*~&rmzO9`@!Jn-X@XdldE|PXcY(hwwy~E&f zpNu7?dBAN9@BrQF=*jgEebpeZ@!~*Leq_rF+c&w8(k-dbg1n0F9+0YISNNdY{xou< zIpG`hwv^N^rr?eRdJwizM>$P**~w8__p1@}mW<7KHs*LXu6&AvoUOv~e5b%<3*RsZ zn|jmS0zx9Xp!o@%(APy0gM_cUX?=SnWAqkj;2I}S-p_HA-cKdi@sYC6s^+ON=OCy~ z&`e}N3jS~@Ul!_c*XK=)I+~jslZN&nyTvm!Yvp0VQrmYe8T@x4>VtSK(q6{KSh*MU zwx;l0HjhU?65PK+2w{5|wj0gYW=T`Gd!CufV+haditqJt?Ug5SYhQqT_Z>@nv zIyqXSNC5xcI4^tC{_ZvF!;KkNsqKl%qXP}-6GJJN8vmO0>f-8l(3BLxZDb7JZtJ91 za+JExoTzRtLMLSgybOQZ3CAa(!-bVyhRK?wD@|rqVmmxUZcYb1Jv|{~ko_`F43_C? z8PKmfwr{!Ux`jwwbQe!O}lK+*Rn9dnlR_TbjB2lCkOD zvv8mOqs&F8<`?wO$gQ5lPq&>xy40A7YT$mghU4F0ODXBuSN_8Ade^q%Hf$BJt+{~x zK-vTa7^s8vX5gqKwY&(5g5sRzMi)51;0`1gCqb?2J?sax*N;lyupigEttmCVC6*tANKw=EulX`Jl z*UuROA1MeaV&7vFqz3g<^c-w|BOC&nXK*?plCx>6+XJ9H)qfF=YL7p z>GsR$(dQ8a1<;)Bs$50Ii&nE}b9&TIwzp7yIr>*Q1Kd;O?ctoK*}8SJBhLM1nMQIT z>>x9Ux5W4JFh)4pMaeUtV>Y++n+Y!o)ZSuQb^ z+pQiL*BvgcSR|zn!TABEF^}qeKXeTIZ|!|&P+QrSF5Pao+u2~i1{>T4L>8Ewp-q-B zV1x*g2qq&5fx!d=2D)vq$ruTQ$p$1qfWQQiLz@gDXGAhNgUJ~`^}YAqJ5x1PGxO@! zovC_#ew;cg?S0Owb=KZzueHDRtwH{V+s5oe;Tb%M>!WTPA}l#yGF~22jY{fXY?rzT z;nscLFq2x56}gCPA9-wMa2S_V+@X&6xV=!&V10ihBxZ2jC~wEk_)gW{PDA3j%Ey0%;|mGDhWfssq%U5>B4b*^P4`}li;XbIp=p!4;^4?AzU z81t9;ycE_Znp_|0MH{=W^!5H&bmCI;ovxf1PR5)kkHR*GT@uX@7m1EumV`QH@$<%P zq;H#;pL}ER`qWI)%&Xqd!RZMO!|Gt30gZMtzvQ;Xl&^n&-&UPddAUiFK&W_9!j^&v zKGm9KO%V@#m^YVPJ!FC?-JZ0SX91XxN_h`-jay^=#&3>UL{95x6f0lsiz`#iGi3af;mgUX-68(6gBn2zM-MZb%4^r#u!?&%p zDUYo3re4iV@C!mUbxF>1d~&N?!{?(bTBJVDSzEAxlc;ZQZdoOY%z4Iv%|RjWuOv|h zxNomx??rdw5;}^VT3dq$KrbXjumb((K}ga!hF8J~UEOf;;xgvENouZHcpX`@_k1)f z#RM!KY4T+*^-g(M`cMT5YGe|Jg3d}=G#*MV2y8T&h;lMP`{=|R!ku}YL|HNnIRKlp zb~lN~vom?Obd`NZ3zCJ_&gZHof@dD2L~^;pWcx$c2cPSXIWO*-jKEm^#EEzAxLzT0 zr2;;@NXXc680y3Juc(PI?ebFr>|TuXDTrcL()_y^izzw2-RD`U9{tCe;Czqtp-%PM z$~}&%wPA_wi!=IV&*!)E`uQ|G5-9fI4`wEEcG9G6R-BGE%9s$(?#4Z!33G_QBFAsF zH02@7*SsRQGH!C6kYu*yv0h~8>6^DsM~#$OaW*KVReXr`LzQkU0nLhMYV>f@quCmE z+NcYT@R->=B5;nt9|pra;9(1o7wi--d`y50W$%-*l+<%pTa>P_ItspOEVM$D{>C7r z6!@dipggc5=!2a}(W;mres7+UWM~;kP_u}wwp|rXeZ5=`9>iYj2s6$rn!;(KYI$Q# z=TUCPlL_hl#?v0YYi+I%gY}XHx4c(%B@f_689XPPNCf5pCSl`G-y|5S6@ZDYxY-M%ns==NfDeF5Gr^6Jy*JbMk(AOiDV^k}Crlhd(tJkebID z6R_LDJK}&>Zw21%nR_1OAU#JrYhjj4nw3Mu$H0D^UrM@3z-xg}Nu6|D7-PYRlu#vy zxb6=mKCUr>7{u@0`{N|Za%y;Wk!qX9^g|`!Tn6>weT9LYPjLsbl+UA*g9q>flOiwQ zUbmd#2*e46Q9*25#>5eiHzcH*Dj9FV`r6NM5N@$Q6 zMv|s27G$f52>WQByORAF-Wv)Yox{VnbVSqaIZGA|CbuzFbaPVJPaOgpW)JF!Ee*Dt zf0mZFZSlMG7^$Zhx#JAL)Y1$S!g~nVGNwxTn;%VGj0rr6x{9gS61tsr&7G$9MDwO) zt0V^#dbR0LvM!Kij=`|s3h&g0+{(JA zmv_q5YK|M&VVRG~P@vpDgKm3vqA_%Zo8zZf^@y@{#!r!!qA(I~0j{h#WwlB%JQOHs z*CJnNiBn+8@sKTTQcY?zA&=}XXeaZ;7o~s|z}}tOdT@^{*EwIRf+?M^ZA&PdXFRrS zVhlcHX+m)kv9hF7YrIYYi`T9KLnhWrJEL5SKO!jE1<&l=1v)aLK<_(FXMuq0T6$oR z$i`WG0#y%8^|tGiD7+nBxVMm^Cl1;O7|0x~4WW$02dM&|k(%=MW~Lt46Q`sLrfBG; zixz3tKU}f6r&c@NM;s#5m=TRhKO{gs@5`{RZq1Q@utmAIfmAtQoOKgicSp>o?{<$o zZ9f7@)|l>(*;INWI>L=1F|+Fxz<829MJwyGb4GJ!>)c~qoV?X ziiK0)LxvGpvsbjYxzh=>?NYl$gET#_`|CcH%LO$|7YiX)hTbgqbd}3ymO%x=SPD;E zv_pKf(A=Z+K0FsfDps=UMIw4R_B<%zy=&Urpp97p%Qf(34gS$@&kI~=>dS}mZ;NO9 zd9)++5)ItcTJ3b4m9urg%oIl3@Bwee6j=P6DpU#Hk6W3m&3E74EDBI>H`)8NA~gHv z7@&9_IaO#51)|dxuaGgh7Fhz7A_9WbW~{S9`1l_Z!Me@2yxl6;_wcEclAN#)RtqE_ z#l=FwLcfH*?DX|ApJRnJA-G6hZnMImbh(mgAI8#QpE8-}{4=EAtFv*nzQ%T3yL3a) zNzlf9@u7&4s+%dM&tu>bS%kg|jEc!pjPa4+T4H>@^U@EdIH7CjH176VUu0wz@w(HQ zCr56En?JzmzWKIp8K2V$N4fd>B<7K)-@lX274@f)n(EN%4kl^1* zsT}ofFbsyv1~bK)~FFNhx+Y9AXct{f?*lv*kli48#c?m}wG$wTwS#@&?%V|2ep z{85fsuIEf;-b&N=6`as9Y#KC-e>p1WYHzY6`HFx#&M``u3d)X+w|h^~8LID(JmgK@ zK0i_{pOB=J##pagnlK7DJ4J|5FphntU6+?bB_;iR0#g1BvYyv1av4Vtt```-tv%jGF~QW5$OyS(Z>(s;d1&HOf<=(i{?wc1<SnI zFY5fP#4TiISLKx3en!igfphp)&yrJD9OJGw;_X=Pq}A}PSR&}_`^Xqu^60g9l0;dV zbwSA3cRszGP#ymG-W$w1+Q<>=qk6Q zB-9J-N!=w&aH;7;UDyZ869HEZVrt(=ie^ZB)qmcQ5xKL+A={4~L@LnQk8&3q6!Sfe zs>7gsx*T z7!^q?5;15PBBcGKM~?*=u-dD`J`h~w$~7$7Hw&FiHhpD^$owr9dTmuA!==>a#OdmB zL~PxVpaM&P4+`4gYaj^Fh}2ZmjAegrXS*BaxF%4o8K5z=36!4!!?xU3OpH2qRU}dGVP2AqK7c7qN*b%gSC=9G84WS= zMDz4b_IE08obJFb*MRf!Lq&d3!gYSbGBL-W2Lz4eUHedC;18=9=8$Vxwpdb0fuUf> z9)W_CXe}~eds)mJMZWGoM6Ls#bwBskF)38;7&G29?k>y#UApSz5fs7HK4aE@I1T+$uaIGDc*Nl^r`Bz$ksxb8@PJ*KHn<6r6b@!Yqgqi

    RtCx*x~+5`Ly(!YzEr zU$MXXJTl6(LMMGI7gjzF>eGKq7LNoA{I3C8R9B+p z|A#m&-T%9sma2pMaxX~l_g&ZPZ&Vw%BzLoWu^)FlzpghV{zt^(J>QMb4}r7W z(!2#nZj*NVI@J{he7%juaI9v z@6v2rww=>c7_!&bm{gL}`-rS3(i=D&2<;7 z#KX*^Ie(na?8L#e;)FX@stR@uD}U-Mn*_<1wY{8La4$RUQJaV!p{353V=cgOC<#VS zvRYeKXP84>IGHA{<@(F?a4qCZCNb0%FE{WYsA`&&yt*;g4@u?8z@1V@j z6sP3Mix0ozc*9Q6Ylmk0%M-%u>(2JVX-A^_#H9cBD_Tfj5}xu8?V9x7^?0>dH@_5s zydYOb3M+iFP28Zno6aT4OsyV5OLfqSJDSL16cD`Lw==~iCgi60I9JRcZHmNeVDv9< zQM^avzIiZY$E@xL^2U>K z3{6_Bo-SyY&a48~m}oQrIICCWXB8HdZC&3`>@{Rg;|=mQUA+z;)8I3iiTF6O#rTxk zL&BOLT<8LV_7f=orS@6<8^7}}Ab;Da=~ic^WXYsdTByKe8g()~74K$&n4lOwVN&J| zJ*AMB7C@L(>ei1g>QNI>J!Lpr-IRH#$<&=pHdf1MF2!JGI>K305)Y)MV^&?0buF_F ziy6Pze$PAO{{B94uZ?~4J#qj833$!jw#8y@+)iK1$OtVl^kprUuZ)=!{WZ-*_L4vu zt@yC2jYZ9MTRcvL2PA&htpb=Wj9)Qp=gsvPlj)LzSC&68z&()9tZx*D+hqGo%(T7G z@jdgnoY!YVS$TF|4uvDf#(T-G3*EM?E*|MVdUUp|fcQM$rbArz9D7M#cNnMu!zMf6K!rTu@#Gu#+OLML|K&91K* zYAP658#qa9sOPF$zkh=Vo=z4@R4NP7@7W;@yYFR#K;4|zRL=w#x~se$%-#gZ8geXo zIo$g_6qF*b)z;gb-8*9QC#e+LT@$4RdeHLX_I~r^zklz&kbm1-$y;9lb+W>;^?Fnn zz4FOz)3N2bSWuYYr4wg~pxr8s;n084c$$PGFL0$x3E^Nq8Lj4gVRl84$Q&K|ta@-fg2u~_M1Hk#+m06-~CV@c%Ri(1b{8Mth=L>qUK zc}{7}aZ1(KyRFS_pfz{vZR17oxrpv_M`QYBe2-{P3k)saGPvN0`Yw`9&behFct~Hm>mR_0i_CAkeYlyGI#v=TuU4=o&Yx2{+ z8bq;KUWc)K@eAvlbEl*>VKr?I5>&bw7zMbOVDN(y+MlCE`}#L8tMsb0C!6?2ZCtA0 z=xtpLh0?CpBWWP59*rn7;aH)>P7GOS2u3jO>l-h>8)XWnAZD-39e>0jQVpGjIY#k$ z@QE){&ue75PEQEfWcgV}EWmLf^yrq{?B3oM^_J~MgN-Uu(s69BYRV@l!BZ`|8+9sL zB*w?#R6Wk7u`ZZ&hRqftjI}#uJM5y^cz40ZP*|BbVusW3bN#tWPp~1hdZ4}KJQ;*C zF3>f2!%UQf=Pb8bQ`Q|AlX# zR2cN)-AH!}dJN9cic|>rmX+i4M{a%8$z$*t0f-L_`V!#kTQZUyDFvkn8r_7aMYpI*qa?iCeL9Hqg2 zNAG`%>N(8?e`8#^&Yqd5Z+r0|@3e=0d&xgTp5(C31H=oA;^3NH6^}6{2MDDhQptgv zyGp)^m7Z-#k)|2*Kw}XHyyI4k(p9m68BDfhf-^3MjhRD}OI*--%b=m{3gQa4#$(!w z-Vd<9BRplfml%lSM|1p)M|VED9%=m^T$mb4mj(u;jDIK=E-z$Njg{T~(l5aoMSLY_ zU+IBMsXmq$YnBV?RC ze~C-bG7pr>HQ8pyX-Z4i|F+ZadVEBS&?K4R@1VQwH>4-G=2P7g%2^KDV8Cr=5J;>( zE`p84>~&(_3VP%JYy~TgM9WJ1I$ezJU@GTCA>x@j;j=vHX&;9vOdhFRN6MO&(_7?% zw|uYiG9_f(T%M$B(HJG<#ro_~AEiNz2BPtQ0m|%s5Y&;UUn0_86KPxKY?E-BJa(A6S5 z-WKp>K(7^WSS1hVR4u`?hAs}MdT|j_vPKg>*@7d*UaEd1sQ2~5$D;6f>A&lrrsdvBwv=lmu2Ye9D zv*%=UJ9)pX#?O=lvP<{}cf}U>3U+7gH_0Zd(tL45o1VN+vm_84eENN#I%RSLk_9=` z;05ZB3epWE!^LO)v^}n#xygjJrnvQ~M%~uVASK8%g4y-rG+r9 zVnF~EtE?u3-UXZzikgI+>c+RjCac|vF9lV&fRcxfhZwhG=+K)|2RKzkm5RU9?05g{>}kz2 zt=->H)fK(7rT5vl>h77CYe{CAW*zxKN(_U{g<%mb5-)XsSJiu1m^24f?6lcc`2^l3 z%HWc#SV%Z5U=W(bnNJFRp->$J;{SAQPi<57c9e8PHDmjqwM@(+_^6ghkIA5f!&s}o(;P>5-Nq*X9`D(yA~3# zm5|1J;6$_itRdbV65yaU%vJ1kPkG3#9STQ8XUBE-q#3m@dyVUNGP#De^S)nSP3~>! zC^LUl{Z}_G)WVdV=#STox4Ay`MSZ0UJ}$Vf&YVhjAdoi#`|lU|5g z%HVlO>b&Yc$KzYHlYF>@G1pHx(mbTaVQ}(H*!WT>Z+=NX5RZlw`b?K#o1Vs_&hk(k zx0@js>#K~f$`di-mTxNdSrA8J`<(MfMHGPoOEtb^Nk5} z9tbJE)5iR1&@Ex6H)paGozBeEEGmw*Q1RXyR4G*sY*owVx=;9qlPgDwrv*fZ+aGqM zn2?ebI-ld6cE6O;HGWBg)YLcTkYm6N3(an4kt^dIF9RZ|hD++uzhVXKkVx(9ZkN@1 z;A$zMq??u-D^ql0wiByQAivguj)jrAOd*rd&I$mV7fxy2`;|ow%uP4W?Hg1Bn&FFX zmnwT|@Tl%v^(?=>SC0Zcr=_Cu=m>d%mcXePuAr8wgcVS=(Sbh*9IZAtH+ql5o1C_F zQ_jyhcAHeW)cc89OrI(zyJk{(MJXJ*#Y~HI%@g5L5|7@%%lo^G|E%)c-^nl9dBaEO zCnXR&uQ=u5#Rzvq>7>~Fm=i)43*GPeIb%JZp-s&+=GQ~3__QPma-W-W^_x@ z>|!=cTUE`4^S;Yxc$l~NtTf(;wJZ&|0>t|kX|oYMo8J;4Go|n>4^yRkyQIIubQ(V- z^*N5Qqa%D<1;BJv;tNa@hXqJ$2TD6Hdr_c3N$oa)wMrizOK;akqjRFsO}ja2ChhnP z?U1NQ$X;TMr^s-Hu3Dh1MI|+e&!3LAh{$HDJ3dPsQ`t5qs69vR+sGUpZmKJLue00C zJfdAA>_aH~>Vcz@&p(+?$fCdLu|h>?D(Sa;gmMQUe|1gXS3?FZ0PN3i!rH2(`2X~^|#J`GXCy6$WiI`y>N z`m2!Pju{^;Q~Ii_=0S%KndiFJ(;u6pT6MkV<1;ZiDD>o7v7fZEjz_J-2O|M+&@uaR zB-0#tbJvuAJhvg&L>vjF`)^NGMx)ddv(@ zddYp#6eD_DJQJFO-lex7hSC9G%JM0sQI@SgLxU`GX6jpCi0I{QKKNp7pqpO!)}f!z z5UGD;R2C1ME{W)uiycgWu|}6}Usy(*YLq`o++pQ6U)v1KHHNr$HP>!B7R<8?CfXZ8 z90^$*w&@b~rccmseePV{H~XG#l8vy~Y>8)FOzc%Ze2Wl?ZJj+0C^=Jc!)?EQCFUt{ z!`Yc`Cc|OB$rGtXKds{OxjB*-cnss|&rD07XyA9A+f|$>2Fm0>DR}$XD@}~7@}*z5|$O&VOLxuWuJ?64$ zWrzyvA|zmn8|6Xc#zUsht$amkPH9KTOS3bd1q~P z8fF@i)6NT#9GK*<>&VhHfd_@K;=PsgP&&@?r1kreX>?4v#@F z#Z>6@o4l9h47A(4Gy(~#i1$;xZef`1N-D_F)mnrL-{o?Fu9&dUHaA*-f*wVi)$h&0 zXH7>hQ#6!5y6~x&utVm(Yu)od{p0otOyj=FkHu!il=$h?&BhP^@VHq{NdK+LzdD&q zh6ObE+SJam_(VZ^ds9gGU%yI%<(DOqS_=r|Z!&PmP@pHIq1tc&fQ|NviWbBkv^yi8VqX5K%{xK26Dyj~0Io8b&+#)0e!XPm z%ad$2b4g7bv-qQ}IN7kqaeHJ*0FEk`mb5KN&<6<6xeSl$5A_UMZF=RwXrH=SUb19E zusQ7dOY{gPVh?tGBZ#+ekybi|bu5}anJ~8SMX13}rOIsFCIF9sD>Ph5wUY+WA5SuBPPQ2;U)FuP z@9S#dYpbEw@M|afA;Y}pnykKV$00S>J1*HaYh1t!>1B?MMvP=0?6_(%%%ZZiC9fVW2gvsaNR<( zU<{kF7he$Z9z+fTGC zmxSBNi`1gw53HA@T$}GGH#oid6yfFNJ!PSxQa$f*lM}4ih{@wHi_4SW}mdkK6dr zH@WCzo?~DM7#sExS!j}CHUKY0NmJX?Yzi-NPrfi^`tahm%w-E_GF*IB>nQPfkcv)C zW`a~CAv;|b{T$DoF(KLG1PO@Wyue+wH21pHAU(TRd|Nu?Yfj$3V5T@FcJ_$X!uVss z=Zz+7W%H|O@?Mi4XIf9hg|Y9?iO=+F)R{O#G6WzQ4zS1$`*7=t9EM~( zrA?z+x#G$FJ>O6a|;#1~90Xk4~8*{&tE*EXcL2xl6hOEsjqFS~HTH(I}4 zU~N|W$x5|BC3_6P&n>jX@4Jl2?O3nAWmxSi?a~-MMu?C60XfM{$4T8AFWyC89?%qT|FohHthTiCo$x_ zSf!iQ-+yL0)xt>b5fu8lqq8G{3v9t8PDspnn|+i0jkk1Q5TtIZ5*W@um9SjzSh?-h zE-13DVEtw(s-$5yAo8~vW?QUkDkJ ziE>@4O^TYNKKNy*89l1BizVkC3a4_1;^j_0FJaX;a-RZtsH^E2Xz|l)@Gso>Z*kK! z-PZtDE~^(^bIJL=+#M-H=A7a`{NpkwNJhIUldo+-Y;_Q5Ggt{g!wiQLs5@!Zj3SOD z_<-^#p>RIfI)Jun^NkEErrWmg)AlQY*paEC-+JynjL=k(k%7wQwdCFI67lPRoK1ri z1y`xJUN7ejx3)sCEbJ)$3_&_RP%#tZ=i`M-P5U3Ry!Y$w)A<_Y&EV=15c}uVvG- zI=5CZsFo!>9zRlR@FNr?W@`;(5wPoi_q@tK;IIc$ou7-nSk6L6iWXL@veD0yw`^YR z+r};x6^2vn%((;6D^qhEqX2Q4V!k61+Wygw1M_OP@*aCi+urS)hNC6qih8C_dAuiw z7>GJ3l^a4fSAG}PP2g@B^16<~;bs30O-sq?G)n@_xz+<=X8RnS;zu&JdB@-@2*^4B z1tKOK{QEVn8n-Flp(~%Q!}3GaUucHhmyMDVU%HIgoA0?MHA$S)&SG1G0U}sFMU?xM z$6j9M$8AD0AGcp8bw5A!qFSx8~ zv=&-u##tZx0>3=Y!@49*+w=_Wk?F9N8Elxv7-fC?3Q}hKaxD^E#eEp%X-{|5WOwFRypIjgLGi3 zKik8av1rw5I|Q`4Pg1aD9bRQc;(PcF_p?r-cEXa>dCxw7Z*%5KX1+N zq{fSr?l+5@P>l{QTTQ9NH#~3#4d`V53jith*VOf93w16R##H1nAMkVL^FtP&yCAw# zHCF;T<#_grZGG}4?Tq=t0_cC*fgIIqzw|^SSN|d>D`keWoO`@kBCW0229XCe;;Mjd z?_rIYm)JfB!j(0;YHS|2Z=uCXu@4grPqL^?@&(dU4HIMT&3RS57AXrDTzXq_+#PUZ zKjy~wmQ81%a*XK7nfytcsGBwE{CHWH@E9<{zkif2ON=Ec02s`&@bsZ({%+26hQTI=(Z5o%YO9=PqITRe&H ztu_E!kS$Fu50qQg@#pj_I|I^<3^`D0Gc$;^{y2KY7T=3dvyQDm9r>7qBPI2WRngTd z6C}d~=n_5eS?!w;1a1zS77j+u)tyynj64#ld^WaViU}uHjW}ZbOg)5zj|*b4xfLkZ zKHbUM@hh(>E-LP%H}FBA91$hNP%SQV|YMj<4ld!GLt4nF=00OLRrVmwH+dn3n)a14%h*E9jck zxfH>Sk;Yq(x01_mnBNJ0YeUmWalF*<6nsBTAEKv~#AxYUXuD@cmi%}Ar6rh|esD#G zp<<0&Jl$GL`t_w$)9RJV{Orb^BRwt;ddz z3UC&0kTgD{3>APTC#(G94ONv+yZxSJY?#xAerugvR)QdaAarE_LvEFC5+!I{iMN}+ z#a)v7CZpCw%)QAepZVp-ll~*6HKP4?zi?x5e@zr&Nv!tn-0EFE#31PWd zJZNdZg1To4$uyACFzVgg%W5uhQJwZF_~f?HrfLInl#LYT9$#>?X!05T>a+H4d%=BE z_(NFk8-KTWw{BgC4gf62e=sT2e?+7?i5(U_ZL!i4BzM(Ur&U(xVm9$-2e{&nCv2)w zdKyteYeHLs)@&@UyinA<4X&9wELU~4@@r%~O+(u(J}v89q$Vu;LgNx-K~n@QD|WE6 z;;@||?l@TRa)%rSqzu6EloSUQpm`uk0xwI^F3%qV*VXSfHuPTB(`i-?kv+bORgw_v zAIe7Aqrpy@!*X&L&jsg86SP+1n!(yBY!y>9e5chuhbsrv@aSC}(rn$kR|$5!+mLv6 zcx;mhtiRTBicClqf+Z*TPR-PFxXqLo!YEM{u-r+ncyo=qTo#MZISI=&_3*ft;}ECFHtZj6(()~qJIDH!EAWX-AImV=$5AL~PQGCR4cF6Ra-%T?N3^x9 z%&f`z$a4?7dPNqbCT8SSrK$)W`7K-wpt>T%>@d^Nh+#k5+CyZ!sk;eyo32Vqmk4!> zL3^%3(WtORYGC`d-EK5@QZhs!Mil8iDYdv_?+aY74nd1}Ulv2(5*-$UZF(6lnp((? zWV0H1ZsEt1C!aay{9XK?MB~OYer?t?s`Nx*N)6j+Ug-ZKJy zTko&aWbhmH2G4(h7ypY8(EQ(ofM>6ZqsRYOh=79M$Hr%uHOIXfK`y~x&komI32ptm zKccvz79h8u5u2iKaa;Zi5g@^y_#Z?-%ltn;=KljCVE#Xd0E2e~j}nOQlWje2U1rtw z>H?ctE8pH$%F_*{BlAVIXUIm8FZYUdo{4i^3T@l&SD;nM5Sp=q0|*>{ks@sN_VbC` z(R!)7n_F0p8VLjsycD^|*s~d*lF9N)OFZU8yq%9ntSKQUb_u}uBOP6LR)S15DWn&) zpCCC#bJprU^CQY-QOxyQN70%#nDHFLoTX1|k>_)bg9~W4O0DonR=0A=>CZ{$IMYN1 zw>Z1ipBlT;Nk|NR=pT^k$g{>=5Tfb_bD$Cjsz5OUjEtUm7Bs3`9Q6nVNr;(Rjfi^rVkL4ZzNMxsWvFaLAz*>%r%`|T2gmR%>k?ymoRI0zj1YJ-F zAd>u?n#Oc})G8xl<0f&b(0pHKns)Q0d#G%rP+LV9`<2WJf0-?3Z;cat_fPWrI-<*D zo+j|b9rj0lVN=@rY*F`B)?K(d^Ym%HkR%rNL^}{5$oT4~ajx@di-?Q9tx@$o5-p-Z zR!}Z(XPAEEz4}UY^_d};FbI=TRHVU&H&0DU3`xAuq+_I2ev@>GcQ^m>fmF3WiA)9J z9Zkt7qk>9}Q|8?y%hc4M9I=?UXgE-JI-ZSo(>@HoW8(>;`AUWuo%oY{t22e}qUXLJ zYU6uSpWl+$rSmo*RX9d*ijgagaHbup=}tCWj^Dmx{q$R!udDHm!?W7tYiITGM!R@9 z3t%GJ)&ZqI?pR^pu(r+9<&k~IlSPhMwBUP6`>(mv*T1Zsg0VK{8uFi&LR)`3{sHb^ ziv?YX_tkhLJ#x9}8KwNk+Q-RWzfPK&Cn9?3xPd?1tb)pFbQSWl#AiwIJQZ2zd!^h5BuU6uXj3Bc*Zk7MO1TFU{D4Ud9^$g>CGo#J#ke1a-mLTQI;jc z?Ai@C9bVS}FwjwqGSNFZXKzfWAG(A=1W_jS{fc7pyW}rtYNd>$^u0|3l?fR4OAnOk zhVx*;HMAO^IzF+FSJGJn<0SpBF)5TWEMZ3U4U`kTKR$Qx1zF5BznC;7ShNvECUK^j z@_Tu30X36QnyB}5iN>)U7@2hS5&kWXF&DKLtR2m;vqb`$XE@t8%_mw@-}jXI?wkZL z8X1N1J0pw0l8FJ_;`L^q`>$UP%UG`|GR}7_Rv0XGg{DjSNKqfD7qd6`5EK zt%@LDqbxgz9mxAUWh?mBj$$6dd`?IXNQI%w1oqe>HzhbG5xYo9k{}u2xMZn zZl|0rj1N8=HGf%xpwb2MdC#!Rt{>6e=Y=a+PP{R{IQM%dXKV4>I0!P$9z5y|WGL!y z*@AUian2GC)@{c(JSDVB>;?V(`>@6h5>cZg_LKQ{7_s$;1PC6#P!r)DfOyz1X^&T* zWL#d;NzKDfwoT5vo@di9)_ETZ;kRxBe57c`fn9C?0KaOqT$5V(%NE%-%D$bx)Zp<)YXHUj&MciuLOI=O+d^ zNY=)TZ0V>gMKqDy^t0-0Xf`21R-+itr)%SiREqSx_c{v`-tZt#jlz?ai4Tr6swTRP zEiToqXSph@<}dJHgpa;)zW5S<*zeq9{yC{p3|Aq`*}l}tK7UM=%vN5zYL1Jz7__`F zK{bpHI38W{k|Mr-kV)%6+?~wXjo04{X(bBpCwZeKn>@oGHkDM8*d}EFahF^ ziv8{2Leu!9-om1>(EEeCe=)jQqY!6EDm8)|Z|OJt5H$$+ehzi#PyHM*$$q34ZtP}- zYNS^^aA0Qm03?z;Jut3%8D8RIrKin~MHLBhW>wBnoj%U6Hei^J`cPhEo+A+KCL5CUPw z3VR0dNrx5xSVJt-Xrz@cj78BwftGy9MHrq~LhT3L6qhXlW9Lg4=@zZvNKKXQh#)EM z01bMh1nM@;5j8w|2kuO6-VXq5*=mQ{y8HZPeG}=L-H?vGSIyCp{{YMN978dKJ@Gy4 z3*Jtx7JDpM^Tp;Lrc{Eu$m?eXQa?l%jysvj$WI%c#U!d59yo%EG1aOg5lXv4Hz?}?9#*!XFmYb~dPCiJnF(#JBQ3Om_4{)PwPItQY#uQcPI1Nc z!Pxp(o6?W~Lf4`g07~+%Nwf3jlBZ++MV$Q}FiVIvq}yYw$#1sJ5xC%Pttd*OYy;x( zL^iEXfi-`*xk_|jo0*Qshx_a{8!*JtaF-XyX5l1J<~~R0S`l3~LJ61|QF2m$5B@f` zYpnk5;YTDS?dg!w;pnRyE2E<8JLCj!tQ*!OH0FKsrC~2@I@l;{yf|nG;$O5?!vxHy zaBe929WHDrZji_U!PTMYD8vZeXQ$i_w@6C^+Q_Rnx3<4#=bW_x!YN)PWMK{)6f}9c zmdX%`6PelFD#N3K9MU(uw3EAw_(BUR0{i@#kQX!+u2Mp}R- z02R0=`f(1S)mmbf;nPLzubPZBiFFR~ePl#8`ri8#q7q>+$*WiFgfBcVHwywsZJ?u;ZNqMyZT-7GXGDw|dGRu59Y zTUmOJv^m_Tto3r@!1$wKHMWH+oKj=sJe8BCBtFDc!E_Gd-z?-H3{uPMCzb&-^?Su7 zF9bcP{s>QU-l#zmbHKt#Ww`AE4M=$+$N`L5s#bz&(NMqx9@FMC=mr6IzHRv&pO-fj z=QEIDF~d^$G)fYr|db*Sn6(=cva_MRk;I{{9$^WqZ!mZ zEp;h{6*-X7)Um#DF*+%lV?H`-sgOT$TNcI(tLPrjE3&(@zYPuVJ+6zFSO{h#;}egc zJxNUp%FOxDtW*$&5vd5M%%W+NdRzt^BCRt$K3LOQ-{*3h8&=oYgKKiS%zN`?%l0i-3l+Ymo9TI1nvtU{0zqNpjv{Eq zgQp^uL^Zl?O~G|CQ44@BVkv?!6AWRmSzIVUG25saP?Mj`o6FQ4ehFSa)bCRH? zJIX?3D`&MUB2ux^DbUx;NQh<__H{p5`P^$KAzku*HXD$f5NC~_?saIOm{eFAXH(Uxnh&HOC5XhHB`{k}R5d+iC~pYp@UUFFqL$b4 z!Kh4`_N4pP^p=`js?A9j6iM#oO@%IeK|+tI+vXIXf+ITfdR1DK@&rD zg3VPn&KngvWE)9N)7YuP_Kfi4`FKQS!DnZ1$h&9u-|3BGmjQ9S&p@r|*rLNJPWc-G zPdP6;>JSb;F>OounXA-N}n*Re&*+`b32Qq zaf@U8Rd{4^bVc39w6JJ?DzeXjPlso#3}!dr}bQWuB(Nqi$S57C?}5_el2 zA?P6ycNFJNzwAJ*<8uiKBRhY2q*4oFbw**wrtRO(s6jl}5ZahB@wf_*rY9pd8lQ2^ zn_Zt~P0=gxN#X*J)bIWnO(qit@?M4sNlDgqIusDZ4*YhFE(A2RRk;nnkKLLibCID% z(y+~jbf*@?JMzmytGL$I;L>%@HfSi`h1enOc2$D&2>G9zHWTL>CUWqlbMZN_mu|0I ztx|!1wWO|a=4V~@nfW)Cs^x-yLrI)eh3w-?%YH2b^=CdVuQ1-XkGuBsvoOgvvfC)( z^L^Gxa#LT*!iIVg$2^y;p8`Go=P8?Yj!N758Fj^5%n&_Zt60}`V?uC|KM|~znYlBH z1e!3IqzOPv!o#=Gcd}Th#Iy!l!wiLL#inX2b4!8#?85M{|}=46P>Cz~fR|d+@$AIpg9Vy(VAT<}q=fu#tg~ zaTTuaSib?=2WT`<&nw3PVTm#TZKor^C=o?cy=YH)si^vrz=mbSmSN$7#pE-ZRDv`; zg@mRUhTeH*51&kWvm*P&`p_2xnzRuud*^b)^?G!nI7W6Q`81?wkH|g>6pt(TvWDlH zZN}dw%W}*Ly`ByYno81K^WaZV)=6{pR8RY)kaLvJ&Jp^{ISPTljOm%VXTy6Y=*2QR{7QVY}#m0~XDe#|4m^ z*R#GK>k+*{rw*-c$iMY(Bm3`Fg2r|zp2Ny#ZsWa5l;*nhI#+8(^lzR10YWN125r86 zj4~*Bu9`oyZ`8LoJg+4lU5!TmYrTFNV74mORVC5&;N}0_F}ItBGvu-+xVBg$DLy7- z&Me5+K(+rlZdkDj#+7&M>+R7Nq!i>_cJuIDfv~*I=fpzgh|IF70m?OJ8^XV4A8gl! zb2({Re})`Z_a-|D2oSg$*qCE6TT-I3sJ@76Qnj=#i=HkSeK>okX>8By59n3WyW-id7(6ZUSPp8m93c9z`D zlR9Sh9t5Wp&gf*fxc#B#jc;IVJ|ZD;E)X2Yrpp36ebIYC-@3I{C^^2rUB6Xwd7nRu zIB*-` zj~_N<{q3ynNp*pm8K3jFJE@t02_g)(C`VTs{6iPNh;j4}AmvvoM@;bd zBk$IaL?@Gti}P9K!*s2wT&U=Tizj8Cjb|n?{bqF+XE%lpi{L4T52|XSSflSPI{d#W zBuXKD?vyL}sj}WmgS}Zn)O5Rxj`w`ComVSNK-FYYM(j8ns%IX63YeCVs8P$F4*P2g;VNvKO50Y|t~<<-z6W)nv1d$2sZQrz}Tx zV4)+@BlzV=9i%H@2|g7ejVuXq;_H`W$PmWdb)o`NrLYTg(?Cg80FtA;4zZS2z`q=r zYI!^0_k$g-CEH;4+)Lb?0a#m!bf8jrn(e6=WtO5YK=?eZTh%KIP}G%xM&FM@qg{Ts z!e0)iOx01|A*{Z7aP~jUX*$M0h9VI($cI_4t=+C37xX^*z@}zVGbQtrKRcu}!NFfl z-F4%b49Ui(ZSC?0y{*?u9%>#vq4ts{Z-P9gE z1&}aEcM}bqzWmyxw-6F{Sl;zcHe7;P)+!qYtQ9YDY?+0(JXScGP`a!?W!O8(1ir07 zW1y_^PN1$m^yhDEByBr6r?d*kbB&x62g$e2I>>KDpX~6uOq}V}p3U&>nPa))4Yfqb zE?a2b@gyX%kb+jJi^eIE+qKofx_w?7K_>$C!Ye!)3fg=8%D@a}Z^CyS%<4mMV4Ou- zh}Q6#t=~>JL~<0U*ev$DY>VSyVKsYO%F4q#L8VK~Ff9U?NiDmh42nODuN~z3BBkt6 zc`b(2_A8A%ea4Knybh5l)@iMS~|$rV!(%6^n_xkw7NET&WJK&ig}>RacW z;FxJ`rwrkDaTbKw$X?-CZq*_0$( zh-do(!H9h}drVHcwb5)^<>bL-u#_;6ioyV9siQaKJc#gct}B~(G}+h^$}S@f;;;3w zPM#X$+K@5tH+>=*C+pXPvU}Z#OW^rVyZ+KDT@NT70LCvN(6le{>C1ycXF~nr z{SACXm)JpnYLVOP%(%+IhZ<%UtIJ^%7n%7JC6gsSqsq}=?GeML#RL+UT0j(lxW;g~ zU=luDg3zrk!T9UJev)MLAnP|1l;S`> zVYN7I&*g&v5E{D#ZjdJWRgH;ZHDfXWZ-_=@=%ww1bjN}Z0Ph|)Fgv-8$gIiK3WmWR^UX7%l8+cdCzzSk%l=oIdNhB!A z#lC_sLe3T)EiXCBZwYS9Azv@J%$-;J&+!HYM1Rq@R1?*8(og1=j(l%3-)(D=w%Q1_ zMIi+w;w7RG3x*gxC$`>7h7)`l%1v~XA{eea*B{6lJpGf(47gwsLA1O`Bl9aWzv;|G zmvD4ZyxXc>DDh~CqDD1~h|n@vQUYNd@fd!cP8+mcLaVh4KncnkbI9_o**q67(UQLe z8WzB$h@{gmBhcZ|8Cw*4+xc(+= zNx?XqJu#yThTlzE5=wNrH>K>$nN%SV_AP?=wp`RplyT_tvxYEZ`7}gKBTramYl1J_|7cs8^dk*D8P|$pJtSP|}4EaC=)5#}HOcV*VOeGfyFU&aS}D zh1cZFOm-S_+ER*f<%z*~Py87zll;fZfxTOg@uHR)Ta^?<-mGd`MU4q(KxGy|y{Co> zR^JpPC*#CnX9|Zh1Ij()RysF-N6hH$rmF|Y?d;rl65@gAek8HRrJvP_x#iH-IAanI zTLx)*hVIyyWX)Uo5IF0NEN-gy)b~hq73(MUvDxJgvte{alhaB{zeI$)Mr-LkTge0B7^Tu%Y~6Zxj7gMGv(*&E#t~f0#xitP?;t;XabYZftg+Y z$%{Sv1C8YDRCd$VQ=lHUgR>MkaND0o31{~_LjNeP0|)2+nF@@&d?r;?-TVWT7iFC+ zmJf}ZX%!w0DtD68Zb}%!sAccyWMU_tyQ!SIP(j;b>QVW^AWwK(Op>jkzy!X?=t+%> z+L~)hOSwH$ss0OBW9-)^Ua$WsN)a&pq{Hmf6GN8Owa68fY5G%$3Jnd+KyEAyPd1Uy zbJ^spYr>Z$+JDT+gn~gjQZ_}RG#*uGWcl@F(<2KlIiYf+6uq2#j$otLE&vw&FlZT$fzYOwl#Dc10u*r=lydZ|0mBTPj0@SI&1lZdk;x)`IYO7-dONihvl2KB){|Th{oe2 zpDjJ6TLB$pGC*s(mQ7bkpNb!i*&Mnu*fQ?+XT+H?#bOfvlVo(MBK-5vytir=%~92S zn|H0#LM15Kuz|L}E@DA)*IPA&Lm{W{QE=TDKdOXip3;ROO!(W-W7G_=-^#gW%(;V1 zQ309-{X*tB#3&ZKh9EmN6Wu#l8&#dlfTOC|PW$l=%>>@n!&uUS@=%sgEwx<%+Nf4G zzFS}Y1Dpwx#YAyCIKwOKu=#Cs^A(d^;UdFcjZh$#KDB%ja1BKWDpO2u2sbnBQ8t*U zFVSr-xBF3uHj2XXQSr)%+t8Os)8LPlQ7rU9BU-56!vOr{M6s@j{L|VmH(MkrG3Tj) ztES@*JM;XfFIkYLDx5-d&M%?4v-HRp5GY`&w)WvRG067zJ{+G7zC&8DgQ<-&PLlBG(4796aT!9acvnhPgO%x{^LikM9g~|R zpP#H*jgE;8vb8zz%juTjg|s<8OAQW&0`l04_!*C6ErA2VUK57iswHl2L}zxhK8|d4 zj*imQ%wCg#ywyIfd^M9_r&Z#^cNJc!{-w91I=3@>bOKbxC^Vre-1VuPr6H4kWBkjS z&z|bb*`3PT@6BWcV4E{iDOK-ps02|Qjv_#E*<*NYNUr&$+mtY_CmM@xrAR5m-AMhP zyVyw?o!nVOrWE2Gk9-3m`y}yHE82|cks9rL4g3s!dALAgFnq zB10d>!E%;NGpn1WQCq!OD?*oRmSIb*S2XQXGLX+~dr(9Z_OR^YTw1e)%_>6xh*wJHN@9mE5;?(4Q|h?n%}!j&NLcwX%!IPpL4)+|*Y%Pz#NS z^@MfsN&HpA?<|0myBFw0G+sE5HBXRrBJP6PV=|L-{3p?GUW_zx-maai46B(|}@2`i3?Eng%hhrAo)ZkwQ6o zN;yx*uZ*T@Tgd#XO(FbXaq(J;C=!vGasUVKcWOtU#W;+ow!2AdTE#o(8?j|-8F!&1 z<-@1ND968QIkWScr4S?a(hkA_A?66xNGWvPjed-}r2&r*528cwG$r_x2+`}k?Xd?{ z86|zq*l`-P$z3!tg%MfdKh!KoSDu|YC^M`K>_BKQ&*|{SjIej$261P!&r1#6eStS7 zPsQ|b^YA7&^=R^wOHwt|C`b9cXMCnjKGSY8$_tuZ$0uXrIjc%dd$URL!VwZ5??%ux zs#jj}jD-AQ^Fk2Syp-sU_uELDAZ1jrse5{p^ry;rG2*VVI5(aqa*8PC_w7tZanhqi z#0+j?{nb>saoDXPUN3XY~tI*mgd2;n8FI{jPXFB{?OO6XHZ; zpSHT`+=;NY=``TQCL?q%DUTaI-{0O?P?h^R$+T6=7YyrbFe-_HxJi5Oow?t>*>vz5 zy|!Zy+dA&q2@sok-CdvazY}5p|FhRL|Gy1iDL;6YO+1IM+;_gdz52g}ul(23JTJI; z4eIL9CAi4N*vAUq;}oq}H%NPZ=aBNtg6IOoL1-I*<#V?(Uk4APmDr+m5CIY1Kyo(8 zOD5}k@j`q*XxN_UJDJWi8~cG88OE9Kr71$HSWO@!lOw?$K-sv%l%8vTrm?GetSP^X zTI#b?kxu*J^+*L$ZrWPM%zZs(eC~9S@cU0kGsnn05W| zyI*wv2S~O3)r6^dpawVtA-$7Iir%ygczZ>!HX9y)xwAknVY=ItWUG($xJJ|caANNs zjA8ub+=#}~9yXK^w0pg@;V~aO6F&N!I4+yOYHia9*sTG}W9@vY@S3b2`m-L!4d0qaN|J0!|0UJ8!*E8dSMn}3t|(}>(37Fj|5qJ-DEYJHy)cJ#FL z*Q%42Y!zmBjapa*ne^!Qr{aKccwQRed#U^UXIK;?_Q^uv0%m(yQcIh0WvGG36A} zjR;uDG&&$qArJXo>~GuMTwkNS%**CFSpavEJ?Equ)np_x=M3|dJ2X(qBfUUw4Rxqa+2gAUt zVJ^|*ocUf!v;qL(O*zyAe*=p`UFKm5u8z6j;4$3<2l{; zN6|4?|B_C!e1j9D$kVI~=FzTfDzfn51=kY>qU+s8!mhh9@s|ayq9b?ZX{-QP+tkI; z+*@580<@n7&{1Z4CUp6bX;ZUL)!wGaM#+}azZ`fl21d9h>MkIy{T~3l@HX4UvmM`b zG4C@$8n&c2%;=8TI483X66hvC>qfEK;hue}Jk_htzGa^q#p;+aXE-pRM9QR(MpuTH z>lr7>NflsVUZapFA&4n?<;WT$^F0iJ>cuYnyx)S)QD84YheRaNL4}q?S4(Y{2r%yt*jEb9p{N8ds(^75 zGp&h1WL%O1Cu7p-ZX{kl5FC40DqV(NNAroc@*e40gY~GuuehPkteDUKObp^c$5O~E zqo2r)+}(}a2{1_K$_da6rCVuN!33xr7`Rq49K%17mAxX46U|gS-R?`M8bj zIKwzI?0qi1srvPjS!0I>nJpinXw1w2R57&eP)1T#ysnRE(b8ON)AsDb9IpmmeZVL^ zC|vp2H~jYMct^RvdzU}R0+Ns%HD-vKuO?mRFnm<9xJg_T*j-7Lq@e8rLaY=I*KJ1Q}C|b zMuy9DYXZjaMQfCFsS(VWyh2njGE9$FDf#Bod6S+xW|O&nq&dyYiQkFn@y0Y-F0hH& zL7AP;EbcP;*22Omc^y z@UO{uXJuVOA+=}|73wu|%;lUHgU9gM-CR8X_#=t{>oRrQ0ZS*@_MBC$Ew6xr{dV;S zr;iPwGuU*K1GWr`h}>mOqGkEb49Kj#J?Kz{Ur+e zj7I>Fp?`-1k~2?kdu>se<-%$o`?Bep?8P*0sBo64V3iWTkJ&R3S}dWET9Y(VRRKT? zg;_dz{H>s(rU*TeB0&pNL+cqb0os%FAu-yI=s;7RjLEO?U#d4d#&qag@TQ67UqyDw ztHC#@n30$P)oNj+5~Ng8O;vsVk^p@wbyfgEmx#E3$*p=!x54~?^VjCwDv4xBbm3`k zSi$okVadKCdXgC3`iy^9Sjw$AWG5whYDeXgR$Ed;*`@`6o=%Rd z=A-J{0sF7(SA5j;jw0UpkJO!Lwu3_>kQ(e!DfJka^Xy%O<~ zScmg5oh~eJtpnW6oW&1b@|H@Dw`k3MNdplFta^gpx1^#763ZW>0$4%_F0~-&9X?5* zEfE|V_e04(;c{!w+ZV|Sj4nLKqvJUL>16>5@%SG>B@ zeE1yS#Omp19U48d@afEVJ5^s_ozjefOl8zO zp_t*RYYYBdvj15pm~>SK%jhA}J67U@8S^y6Eb?ne$gU{3?MSipx#IM)1_6>Ng0{}w z%h_^~Wtur+FEMU|0Mo-+)Tmy1^QC8Z=YpM)lKSQZd3`P3K` zz|9Mm4GcJ`A_>!g7JcldxUg5UtGVM?+H3%;~tYU`{FkwW&%zDl=GTu#0MJd^w= zl>hTd|4*d;Kfsph3*%wNyQrA|&BUyxUBhK~VIr!Oy%rqsVm zw{MkK2Cos^L1TOH4Vksmpt_&vk6nh#Bd_K>d;?x1KGxQ`|DpfGq4CfcUT1;0r~LUr zeq-`i=+44_?#o8(Va(X)?cXQ0{Hx3P@w%)4vF-h7H|tF1A_M+;DLi+i%uv7QyMQ15j>hX-@yi`;(7$i9`-K=a zRi^^3cn-RrH3Eo%j0@gU=OvUA7dVPZw~!U$4Dzj$1SJ#LPwNb*AMDS~+Gs zQbn_PNxmUJ=`SY8038fMkv={sCML|*ywyk!fu%gh@}%HM`plEZ*rlj4L=TTK66{6x z6YtT!emObV;xt;Wy0n8}< zNXbaFKK($`vnOqPgC3WHNlkD2baktC2mUbVGy$EMh5nFw4KBV-VGR zv8T%JRGt~b2zPwJQ|MzZDLqBiGsl^%IOPAy@@aX_jeVyf7*6-K!?z>qFD0f}NFC;T zAYGfb^WZ+aaXHxT29v~^aO~A`Tl(Xp+keShd3~oK%BFr7W%HstM2Rr_=416lNHnXQ z)Y!Og^@HI^9ius)SU~(@!9wv97((m7sBSfiy@P>jM9iy^I(Tyqvo0bO_ z2m~=v@Ywd>6HJu0rzV9}ien@tWJZ=c|2(|`#}AWgjUHhW1eL_j#?fsnZzC=?HaEU~ z%CytXiC?$f2yCz3-A_;!z=jz)Lp^$*RtCT}no_&pqCe-=nYHeTE(g7n7dR&2d|}{@ zujceH+E|eFHNTVlN?M&?pVYyb12sh5axj3ClD2&l?j~*Q2fy?#ckDpQ<$4Red<#ng zceMMfe9$<3+u2u(C@T4a8yN}zI19j{p(0on3tt-NIE-9gaWTi&NtWO3EQ%z$67T+S zYj@z>=%B`M2DK(-w7l~EAQKkTB}uA06DF+1?*A%%@yviD3ba>%VOSH@njiS}qn6`n z00k{rlVIz!vgCbT_ln|=9@@{Ux=SVCxB-5HDYrO(*%>?-qsOdNFWr{NW$)|T>#Eas z8OObn^9;iTDog8cu!sg5dTqN%<2$)hLOT8Vo9xed+%;)*JgXl{HN<+}C99`V{n}aU zkF|l^4U4Ro4Bu4SIu%q421`2MKm4qZJB?MQG4|dx(s(?rDVOW!Y(~!jv1WKug^Zv2 zC}c}kDvhB^0aeW{hxGJZF5|mg;8A)->aTApPzoN)*AqARq$q0Lad~<#f0$#{yxD(1 zIaTT1#k|LDkFfHR%2#(t`3|qwF!f`WDyiD5_kHZS(v=zG(9tCO2nwA6T6)47naGm=~z+{ZsPkEct_*R(0u zf;Df9BWie<=qo&hIK0-E)+!0~-Su-{9{pX@q-d$fu6a+G!4Z&XOCHy0B5^8 ze1Hcl=-RNhO1zP`WaY!`J}i^&2Vf$9$Z&V=sAik8d!^?sPm7DlYq~gdQDQpw;%|b{ zmE1&hD2kt`3>Ch|U_$bXWXgzNP^+z^y;WQ9xgvN^4FxgPVg@*}Ywvlo+M>QHad&RH zxO=v>?_DTTzKmbQ$EVE!9%*`(MV&`AAmXbzezW?1!8Xx}ymnWVdykHLTko?-{10$= z#`Cgv)BOC+aH3aUV*xs{q+34aTqZ+jQ>`iZSJM6-71c}iiT=Bqi{eh{+~uwI7lE~b zWwYNmwa-4iba%=9y7M@*iTn_--<$FI0_kPZz=_mf8A$W9T5aL~ge;nL3HfPL1Jk^p z%`d<;d@rXlD&tX^vrM>hzm(PD-XCdyIOvWvzhV%7%lc5-F0EM?13?jF#paaLV74S8 z9+eT?3C@4EAJ6FcsGu3N3>-`!(3xY66V2J0_v>4ve$>DNDxCvz%ZsccX^OdYpA)~>XY_phr-+=Aoj6@iRwie$5 z{k^=vi%(H+x6BDjN|RdiYr8?U{Dw)dg>7f8G+Iew!csqU%eb|4_1ZXHcDj}_4L0^m zSVt+|EB@6mv_5`qXCQ{xmMZyk7l=mR{37p=XLFMI6|$qnTdlTEos6u}4#UpDjiGL) zIfyj{8&@%NJVZM*dtg!lLP{!0jI(OilFom2+u54d+()YbyL16}Le+5YjHNQ-MQ<@m z6cR6X-UIF_F}{)jcu*z+l}DeQq{{K(OYC!=0%9b7`~+`}$MaOJm{9mFuOx_V$Z(iJ zf^#+s3@-b?&2?>K`xw{?)3Q1DCfv}FaqIaP}t)e)f z@>?&RRd}D2NS4*CG&74*1jNj5U06%}GXzr- z%zT+|{6g^;CP7zR>|JTOK?-S*Re-Sj`^#;H-%FwBbzdB6#^)3NwthVpL3CGLW}37d zI&1%ddHe&+Qe8xRj_v4>6Ywn^e5b~Tk?}1*TZ}ciJLAoS*#V?boB|z1FcQ;252DikejrqE$@{&l=0z3c+o9t@rotbVPq)oKxods`fx>7>G>jryrtwud zDgrgXi^OP{k)PE`4D;ygy?UfHB^|%0w+3Xn?YCcM8sKiBg#d%nBhtk)dduW^561(} z1s94nKA5i*?3DIYAH9NBq&{*`Fw|@qnO?)L*o-bOFJA}wtQpna@a1lBpZ&QXzsxYp zcK?E62u#xP0O>j&~FDVMapDf@f>B_ttyA)Qq1by9kse&U&+ZQ^R!) zMnvnLa$#^D;a7z<^-dq~BD_8p)A+|)GG0CY%lOW%#u_ zK~QScXb8hf^}C#OKOUDp>5vvk{>^H)zR$U&7p5M-$n8c4FQ3Rfn~;``<`vhD1C&M&{G*7KG1b??8JV^;K@u0*A=l9HYB~mf(QlQ)Mad-wx}4o zzeins3dOqNj)>%@S}z*YA%40_DnZ8a$_j?eadyS5g|%7MQ#LlxOlb%^hk~aX2Mb@` zLIGB5Y$yX!k#i5#xO?xcSM)zp^rj2H?bKpgxCXX=r8aUBtLv-O5TaPF1Y8{AiTV)% z5{TDI^74x6{%|Zk`Sqv4c{?;>{IJhvuDh(=RKV;cihAUR$)H0tvNLzC5U{7-)r30R zEcXb9S7;r(L@KX~n&X|dg4Y7xHxk7o%j&yf3M22vDA|6}b5w==Jx1c>kPK5E4edUz zUx&WVF@50?P2*+R?yzrM$dH)#5^VnfPdKR%qMyK7o3@J{^IYw5CBmHYrSPY?H zesqxVj&)XXvPM5zyeVH$9rv=!7sEq3p;xWJ?su>AXqhQELl@q_sT&G76SN z(!bOMh@QY$3_p94Oy2atKWjg#%nq9qMJ+D&s6Nj?^I-V}%rIg@#UXftCKjP2Nbs5E z4wcz$tmHE4>HJ6qA)AsT4wvjpV{~U42!j!qR`VWmuFqNeEB5RTQ)l5HAodYLq$`kF zE7zG!N(V(#ykg!kQQ7Wwk>WYp4oa+aK_Tcc*YM~B$e)tB-{x7eXz0@B1)pf2gKJ*9 z(G^V$Daah z#75m^{{Tb1Wxp5Gel?|A?EiiJ@$+|@`ip-6Cx?d)NA1m!zk74r%k2LEDdMe^ALsSA zUXz!vZ;feedh`p-AnNP6?!$s=2L3MI*}3?iT%St6>-o**e82joZ)lHV%Xoe;tTBvV2mD4|LznI7)vY&h?4)!yHoXg|cGr4w zBYOSSrQ{!g|12#ya`hj8^cA+*hP&*uj*Ty7{kaq7jKzh#5w}B>_`269Q`laraMH+y zg3+1&0g?A1gp@KdYKxv5}~vZ_VXP%S)*C+Re{k8; z3`}uv%a?YqPLLCZW-Mua%9GKQB8zrz<0-QnSX?J# zggu$ac$rmsjEk{M?l>U|hCGCi0EjF3Tg&dgqsvr(4N?x7WhK~AvxsrUBtkV#Zrj4# zHr*t>{&bz`u-nn=P~kfE*!WY^h8|JS@YuFyHhKHmVNf-k+jWMr)QO=RBm?Wbz z)&F{fleVVO8;q?P@&wfV%j10BJed+J0giy#L*(J&orTis@l4e7(Ucn~(T>V$Fwk!y5} zD{6msoF0+7K13VgMM>HZBd8Gu{}bjFuN%t0)!5Wy9^PIhYR%}5~m78Y`qsdl!P zSH>N@BT$tEK-I>R$MoYBdeWsH{Hf&|bDm52F!B(!N|-}X_G2q*x!xu5{`ucc*tQX5 zL66Y6+a3?xjuC@x)93lKdFXbx)kuL;Why@0Y*qLu;VfG;Z7Msh_FeN-$#V8kUe^@+ zd`wMP%{`TEkc!)+EkJk3pID1`oE02Y(`f3)}3VR0>4-{@}K-JQlE5F8o_?yeyO2=49#2#veD2A2Q{ zgvKGkU4jQExC99#kYKreWaiBC%*=bw_ucv4`#$#`{%iK$YgesRyJ}UfwSK?89@^d2 z0>~Q`qpta607UcI)8Z{yNIv_aCFDdRMx9HzdD4Y^Jn*5x5xe$6l2v7m8O_rORjfO< z(iE+vavcy~4d;4Pun9PpQN<`0s;}%A_qqaXh;Vkhfi9<^D|VaCSv!?6?txYWPwGem>bqCW z^^NusFqOgR$%_fG$8Wpm64c#swHrL!wPBw|2dlYuSS!&pShTEEnf0tNVo-;j zQ52fEuLj~QVi65Q9^fO&!z@Li1>62hR3;a>36_T%E`&d-Y3iS_rVS(=i1+gEZoizt zR8}_LM6utw8Im7`JRu}COBJc0%jzSzEY_kzb3J(+hmf~1qMEgdMt2ngIt6NCV+&Ku z^Yhmnri98V96VI&Te!rY;+?jq~Qa}>o0K$n$i4+d4OkB~G@X03{eis^E0_r^XYtlHYz zF888HmWG`yG}V&(!@0X#lD!pXY%+Yv3{s*o^5qcC#MZd3t?ZVwd_n@Wk} zh}w7!7jUWmK%&h^!IaKfIiLNc(wz&N(JeSkw2vPL36^iAW*bx4TJu`D*}FIgd=7&Z z+uy#>gyam@#d~mVRF#wAgTsjvkX4HY5ksIpAsx*C!BJ3ecKm=BPr3j1npdq|{CW_o zuOelY53OMOgTMr^LfR;9?Vi)! zE5;)HIp2cqSS#b$53)9H2(w*QXIWNxpNvw)EYB77l-Yp{#Edr{Nn5~gZ zcC_X=c z!KRasdqdPNi_U9v|AD|Fucn&72X=J#=M6PCdZaU5?h@&7iH>^DBEGC))MUF?I)jGb zF$Emoc~B9o6;A{wlrkzV&ek2`O*5Ap?WL}@)^4f(rNG>aJnlxp{Mzu^th|XYGtn{s zQPc4PFDTMMwx4cXt`~AVmaNRYH5j!}uEr<-oW+&rY<;PNj`TcCrKOZeEwr?0MX!pi znvCpq3RcOK=U4ZJ^aP6wQ?ED{Jv|(YL_)G%eEh8^<_|f`1pojQMMx4=uVje8=M7q% zm-@NU*3zE6hC>|A8Olb>V-?tN|Gdg^phy!@s}46+Dod2}!x&R6AY@bB6_rZ7(L&?I zCUwNxf-OJb>WzKiK0>+Mpg8|Cm1Z^A;k~Hd!)lb3mWe*uaWzh&&~8bEHb!D)r_PB> zj;;?2=TOg<(+iVKf)%8lUiTX#LE?BHX(lIQZ%d+CX-dD!A7tA`O&YeQ?b@2fnq96~ zs6a_q<-OLA0+wg|X8g;+**GBI*DZ=@`2rcuiz@YRi>70rR6V1U&7~)bN>XOWL$$XH z24rP~S<&=KRY{%rj|gN6sV?Y}xF<=Um%Q+^E^U;suB26JZRTcRBOj(hDYN3FbS9Z- zEant-LntA}875JkVco`vu|!Bs41%K4+!?mKy8dRY^@AXwU5sCk^Pnl6xiLb4hA;0j zwTgpNv+CCaY9{>Wi$4L=i~Gd;^AFeW=uvCL9{&SgiM{eKcqJZXe|W$yzk0w>xCcD> zpYnh^|Evf6LQUcq57@urC&2wLJm8PNdce;f);?}qdDiUIiRrES^uRF8Ih4`jn3P~A z*}KI3wK%;rT_N*JXK9c!qePS7XY%x|lsdZnuM{k6^rGIhbid8nJrNcafobAbw$ z&xOp#bL~9bq|(&_XFEjF(4>JH+!o-Pz8HqOA)5$Aldgc6*@GCp3m%_^-O4) zWW0V!!o0bXYEA1i4xSYDR1fc@7V5dd<KHA4(Z&usN%+jv0}+>M$hHIjiofc2<(1iXle2!$m76?vo}e49Bay;a2cm4Gw7Z}IKa%ecxnP%>%jph^GnfJ(WoGO`;Y|dF)44ZFT;UuXYO%0tiu9b%dQ|G*uG4O2%i!z{ z>5){sxi(yDRofoLH5=iR>Bq(_@41E@l7(|OPo9VMR6g+Hy!wD_4VWkR(6zW}mI0?x zQP90klWVQ|2b@ljz+C4USz(Y~qsqBx!OUUmV$zhEdab%%?JL(5b*=d}km#%=XFBr<}6SF9?e&uVS(^Ol=)BfN9fx z_wsA!_SV`Mw#GLVQO*`*yRBQz`2LYpA=$Q@gkwKcACwn=OuA(1Iq6nH+pi==_Uylq zH6|^1A_uLCVo#pP#z?9NN!p|=J|%Dke^i7aj5knGij&|ry@E7BwtMW-%~3YI4qOiiZ{(#DcUt@z+e34siH2;LwxAQP2q^Voyl0`gh|e;9jAFLuR-KMJ?03#NQe31?Ac{sBD3IDp zFiD?>ngp)13GT};kME_&z=}bsq^cvwyv6q$O0bx4)h_yEM@{;~xU_QoAs_qBbU}EX zZ)2p~WSQDvIG=h$f`8eDPX@HsxO4XSpe_4ApmA+&0j7<83f+@D)^bqLbBa>e$e@Wg z7W!;lPwO$N-p|3o!I;bcp_xpvCVNIrPgRqcNG01*5;R0CLndBkxfF8sd0=Bqt4wR- zo*}rXmf?jEmd56M3)KoiiLs6T=jEuFNehOvNu`O;-7L7r8x+bg2!Z<33$bkc=(-bI z=VX#|yH?dj-34{Ay@2g~jOer#%(~$`4B=rUBw-wf1dhk4VrG2BbC5r0x!JRW>HlH*|xU{EE9FMvGjz} zB^42K2_n$f0DLZ2>XD426dYXa9tsMN6-k26Undkd>WW5y4P(YktQG=!+6Rfd)q&(8 zp`8M+&gVJU(bK$Q4v8_fijtgllUhinyl@&m&;djTgg)GINT|M`FH6T0g56`VN_d*( z$ZluhAq9n`8)dvwl0XlIdNoIs5YfkRJ5*HKB{#bs;f>yxsKUWTCb1?Y1gATXg#?Ik z`e7y+JuFz!xy@ixKR@hhVX8DlaIQJsv)BTm_a;vWSQlE4T6A36HA*iw&rwg9K9cP( zf0L>_xl$pMIHWmU!x)H{|Bh{z^<=kDrnOO?xLKwt)lo8FYC+iPB%#oIGrJ3^5V03d z+Mx_~VZBaw+jT<|*NPM@nD(HCBLFvwkz;YaT;iom=;9TxHW5fP{>C+%-u|%mQHu-Y zBc}8dL5-&=tI_J~ihWwV!j2{B=?ptKT0Br)8CRlB5X_a{#DGTYtD5Sf-lxL6Qjv0W zN1Nm!QUogb4NEKUk52M4!((QiSQ`-*WEHGnbObcJt(r)aMiniF6aQpv_BIzAOhX>@ z&ZLB}W-w`jbzP}d6mH&oEdeZ4I-(x=UBt93n*DHnFB{DY{XPA<Ms+MLpS~rJy?RT4zb7iBVEqbpc)8q_X5H4Aj;g3n5=mHJcYFEciVk2# ztVEv771)dA0yPG!he9|;UY@LJ`mvCefSG%dRim3mNX-Dn>*tXj*wnw;7EEY%ZlHxjX2dpF5zj3nmmkMSC&y^yPv9I< zQl}%9tB`8bk)9vBgIU2xYN&6)$aR+TWHFmazkwOwX#$ACG0Lw4BM;#^vn+|P%=1gk z@SFXEL30ziI|*HaWGt)@|byCwCcWNX_taCBK=a zV9q(|tIt(tuhc|jgTk5F7@%0%qeUKi@k8zpdD_(MdHpXSW$Ws5iQYEpP!_ zOYvCaT?ysTSKSrX)i%XfI^_JbAo?@{B1xnTb7+EW`2fmlr-E_p^M)`=`>;V=7(bLn zb<3w3j_+Lkn~=5=15Qx>B!<&U`}L7Jx=v^t*mTknksHtKgXBbY`8 z1hVzLS15}Q`10GTSeJdvoB0b7{1p)BknyoJ-&e(2-8B{>5;L_m4&>&oV&!o`6|=Jm zF?OmUoMo5VmNaTz`;wI`p4KzmzOvz2Q<^Og->Ee5j-OPs z*v-vH6r`60RA2;400Rt=L=vQQE}%%~&Vv^4O?^mZ7LB`nMJawq7^R`K6}jb#$~w8} zl}@m2?6jJ6jR+EUlFBYnnzevhVEkxD$`R0|;s^#uHG_LwWDM5}e49SGjSfao8Uc&A`_B5$+aKD2 zsztKhn>z9b*bj~~g=|a6R+*H|FCr5?WmTrNRAp6?o|y5dqEI(7P%4f2fZd=JN)Tc7 z^OZuvj3g|Z0rs-vN{Cd1(FTKH5;FkV!}D5k|HS(EykbN$>L=jfVn=D>d3Vm~Dz1Wz z>nn#6f&V>jU-Xma;(`7}+_a5rsNNb2CaOnI%8{~nNr0}8YqF|up2nG(7Umo6MuheG zY!Z>s$_3(J#}u)n&MQNs#)+8czOA;*$_JS!rJT5f)b}@b0=Q7XorT4H{ z*nm7?ob#us+Sc+^DOV>;Mq^oIIP}>#lO*&l`~#mDAO`W;3o4)HYfLVUJ727jggVf- z%Vw3~o3^(gJh>hZ?)qA$<5;gH3mhb&NvTN<$G4NcnmyF@YCp;15r&LA;7D#DSS?y_ zD&ooGffxitKX&Wqlae{)Q0-w2_3eQWq1budDWf4A;@@wUF{H_WHTGuR7 z3ayxz^=cg__45^A{zZdmXLw@7t(t7wzokI_zU7Vzg4hN=!wa3KkwD%qW?x8q|J`Ty zeUAG}eeLR%puxXoUq1LP`%+@Xkn%s2eQEP&voF<#^ST^Jd}SoQbk3}TaN)sCFJ;I_ zL)v@h0D}6TfbnlY8{@xZ#%lV3nPMlnJfUj0tN@ zqZy<<6xluU^i#onnSxKTt?5ardfTc`HdBZnBZgFwakFTuYVo9SbJqSD!*ZVOe&Zr*Xvey@Vft^ih1(#k+IfE^xSeV2mtT~X*q4}uZ_Lj zV3aT}))_ws*Tw|P8QWFt{N)B6UT8Tr(rELrU-nkMBPVW~guo_Efg>gMcsR)?Je>j|G&E-`<9JQU<$zHP4(Gh<CfJ1l z-Ij@vmG6B2wS4n(YF@QOIh97rhj~mmYT84@Tl(y&5TO#|rw{5zq}dUXi&_g$xJrrA zXsi~u@e)Kk>ZPXc-u9_bVgCdIe1u)G)I1K#r`zfUA7YIcm3`_I;CAwF8xTQZ#-NomXQ zAzlqBooH5$QLhgKG3wUybc-=*KtTi<%L73v=4n44`UIuA zhZCHB&Dw#(-6@ue?}42u3tw1W11=PdTRTOdnDm(TkS8?B569ER)z$NRa@L1o9&UN* zt?h2pm1c*V_?6YMH9>1RSl@Wl;tzCu)*sk;OGm|Q(S1QkNm-?uWy0lJJZdISgUUQq zJbE^FL%$n&F#4u^;zf*u5^UYcD0<6{W4TeZmasmeCdYH#;jR$!&iQz?Qrjxz{d9k* z6IP0#Pi|4^9;+Z}Tv!NF1)Qn3fCx!ca)3hT=2cI-xGB}*XK!^Ho^yq}9R|6zD!M@j z57b^bs$d`8rS{_Ld~aq9#MK-*|~eu5$P0ZQgIH?tH|_d4p6C`tiv2?KP$&2Zx>E z;ajq=Z84_~<@;ne6WZ)`Z23R9$y8B>sJho{UI%wDr1O#aT2lfDV6-8{^-e#>Pqv$f zGDarO*$ly{48c)T{Ot<)cF&>N0@jzU4Aa*7oEFR)v{Mv##m2?S6fjw3I^-o#GAodX zvk^8~bC?x-;So2y5CqTDz(CP*5~I%sz(Nn^^A9>`avHLnaE@>KE6NKr6h#7xaNbVj z(Yn25WRtN|My8jc!jO)T^^H@#X(Kuwh{F@kX6h?oOi^Ng{PpNj>)g}|U~7w52U_k7 zd~#5mNL$HEQ8}?L$MH&EoV6lFvN*)cu-vInRhjuC8I>CXGyxF~NU0p;zEGcynzXef z*@K&*q;qOCD8bt$`59@L#{PBZ51Nn7!(6O`%{xD+U5rlWG6G!&N5FYOxXc zBcRqUWN(a+q&!|mnjH)0^@ei;kL|d(LAWYJIKzxK+~`r<@?Nwfq{2~s-0hc8XR2F( zT(&EF!hKr;$G=gb!LiE|!(2x74ra$0!)JSY-kW&4ujMowv2Jo%H(Iogw~lFry+vT{MvJk71O*Lr2yDit#m$J$Q1I7QPuM5?{Z=(_an&f*&b3Uj3c+e@Y} zP$?;?RCZPtssVx$uR7=OH=56*n@XFAvQbfaka#{ifDZjp#sPMF8LJ8#C5M0zr>h9Z zuwPZP>CVNDvLrpEH?547C=6gzluj$d*>IznBqPd|gQA3};;?A@q?r04M-bRkyyjIz zY(a-Iz`2K0+1(5t%=r}0Gfw2luLydifVrbJI)i{>d&{oj#cQb)h<_Q;yq-DgJ59Qq z4Gd#SL;n0Do)*!i87zsfJ-7}^AHu4qTdSV5iADMdNBMqn?Z267HAs_FKcr>e{zj;2 z@r^vtcGgzm!+_=&HFKju{A!REo}8BAs|L-xR+*+14>$Y)VZhJ%(WK@qc`DtcZi^_6 zRvOHE=haAct3HOMBoZw?9nE()DpBGd>1Z@<^f5D5z*)%i1y40fM!=X zVV)1s-&gcWpFlK*Tlw`<=Y#Z)a}>_mxSW(k(&V({bR$w9@PQ*jOpPg5D&izwcqz^iDH%=mi^@| z@s|5=H$W`>u}bg56SOpCW;~_(sA%HFWx!0Qk`9R#h(LuvcFXA1-zWwXc+mj>5293$ zZ<>eHD|;a}#;$3l6yGD!EpgIZbx*y7tfnArmvtZW4>(b+HxF~sUv{^WCVC|Y(TUlCC zkB*Lzzvq5f(4wpE1?e342q0(^wMQb+%P_=zm9f()?w+!cQEWCyyEq_1>)wA!bwK*#CanL)5>_XQb3*RV)xAL-4%o@b|9iHr5 zJ8k(UNkYe4R-;OEsdjQsgO#OEh^B{_ChxXy#a3X6b>CE-;lmg#_L-v@P4at6;X zr1*^_fLpd}?X5@sCr0Zj;53?97@skjt}koOyZtLW#*siLWB9tal#yUBpTgUg5=Qhn z!X{xNA~g@Loaom&F_zpHVM30Sp@>h~)NJ%!6!1b&!Vu{c%$U)}lqLmYgO-S1P6IwQ6ml;0+|BSG^ zkGLnCSa;ekKNuX$e2$65x4sxU<$w0!xZaH}`*?8WpS{de=Vto=#8784@VBFfIg6udDV zzZQ*Yw3Toj*DD2A6n6-PP%(Wg{ek^kvGez35~tYskewjqpfw7x$H;ved=JPkyO(~) z_7m{6jh^JV*112MA}o0Pwc_qmF^kxn1C5(rS#`f>(=V?gqVoO{@IOcguI#L)-D%v= zn=M&m+rQ88dB4u_v|nz%{sgk-d~9x1Bsxc>Uwp>BB8j;F&tUK_{z(kpzF%@~qJLW( ze#>hAPyf(+!xnUQS`{R~^r)unaqINUzcD8@|Hho;8uH(tiS&P_r@ukU{!-EY$8!Fc zsULd>!G1S&kejW|e~KgP&(693V3hy#$o?Hd*zi2_CxCOEd7-XzIHKpD`2Fw5+An`a z)<(UFl?l?#y;ofNXnZ55;d`r}YvWJ-(Ca<$UdXD9|7J@9PzsHc9s^Ja~nAiw@FVNul7XVKX!U1{I;TE+XuRmKi;o4-BtfAHJ>d$=Rz*Ko&y#(Kr=Ky|ys($l*WL&7Uli53{&H>LO6 z@wMUWFx{)fe!C{0`su5uXP6h>)zvY9g=>drL9n|ghO5`2*Xo(4LFk5^jh`Q$eGhL= z|AyRM_S>wq_FC%2?&%AU>Tlk27wgJ*jqmopxqlW!eJi>q0W>}MjNZ~?M-sj%CPWr= zgZvw?c*{PzuUbXgef;wdb!cYTlAp%@6k#FLC&2=pYks*wNtGTav5K#@(H{uTay8iQ zD8PGvyD0m&C-FrPObG3EBuZreS;D`#$;cC_gL!5oNIohb^bj3({&K3A>-qnZgnxd` zUk&|#Nuv&@53r@g8%nR{iu0qr$5Nzcg0gK}&Z}vbpR;G4jb!cccyGDYX?4q@Cc0O@ zKQ)=R!>!2v@O8=kyH9mfkk6CE1*3>+wf|Xbd7Ve*YOOs>_bcb-iGn1Mu~l;T)hQBz%On!f*O#gAqQ%S18K+K> z%-gqD-yXt${$Radb+{h*k(lGPHXZcs(e$-bbA`tF==$vY`-<(C&W(2#0fXbuHydd+ zSe}&;qrQ0h_Tl5zaX~xQkdZ1_vDuPzmaMBLJ{77fl6}H7gN0$+m0jRC$pFjy!YM`& zmnVo3%DAgYk

    sBZNzIAO;z9rF%(NDjNF}=%X>*@w?i8^Ak8&{s~;^T&J(UT{xr# z7YF*lUfyZI-sL(SEV$i2@xO-8%(J%{?Z@-)Yh1E^R2Uz#z|k^}AC@ma_xuSw=)8k- zA{@R@x;%O|FEkb~^N;-u$}qWyml1xGV7&2qb40oO$Zo+OUM)I%qjJ!+mM<~-FbG~# zcl|OYux;U6`~|H*UTDklQGU_-vd+}>xQ?cl$Y*1G&yhj^ElpJl57D%r%Ey)dbnf{q z`*J(Ben!Cug?=^lT9IC2Ap}vZnt0jL|IKxZ*kR<^t?1#i@&7rPKLo!8$^Y4_oLSQs zBZkBWYFppinCY#a6xeKQuJ*G7_M%N`ri(fJFc5meM5#98!Vl&o9G7kU-J#TwMo!m`0n& zOeH!M?XU{l`29PeMfB5azXtOC)lcB`aew_syu#RXRFc$vFg%={56>Tb(XgMX^tAOm z!*Y{AcD5^9eC5qKQ|P1CTjk+HX>4V^!D6xADpE<;x?KJi)mes2Iblk(kS>b|73EVf z@Nie-3$EF7+JnJjldN_t#~499Z{%^o4}l~C34w%qvqnp0wJ0TV=6&aTmMeSsK2{DU zC#g=C;mZ9h)n~00bCCo{*i(et!jpmCGq%TUUhan~z9h~{-qd;6@5V`#sN?XFgH?A9 zrtlUgsg7sa&6)7nB7N{7F`_?#GmV+*H(wy_qGtN7{wO1*N3kLBO?GFcGu4vkXm_8j zHZg^Loa8LPy-l_&2NMiznrIYN)p96`2h}kUMjy1;noCltE4Wc?#K=j3!BWEMyup&{ zZjdm52M)FemLN-zf3K%kY2PvHsl=BA*mR)*-te@och;)e#?{E1sf+VyCXNNv@jsmS zv*fz)(I7fG;tFWdm~}(#y3cuEQETyl7|0ojF!OTVJf4?vypT^WU&zFB!^Z`64>G8g zq&qxSMJ0`xMatU$# zOv6;SO~`L=+7+Sf9!19OPS!_r79TJ>KGjwPngVag|YMC-%OX!}i0vwn29{R2`c zm1!eY!FV8oOiQq?)`E-t~9kU zE8b%iq{**ai4@T!1yRa^P;I!;Y2ffFX0fS>g{LJM?qs&cp`~jxFn%s%f=K!}X>J12 z2{P?nJgXGvWs>uf@Cr-@M83sWJmC{5K0&S|;FWpLa%1Iz_Hf(Kq5V0=84if2NohU$ zDr;qyX~cvu8ZKyZbZa#t_As&cZu@a9*{iqNxAGEo?Mou>Hn%gw6Ov&1vGN<%CFNXL zXRks+vMhH9;J7csI7t2-!YKBtK{u&sqkq&_JK~JKLO>Qq=64tmQ;*E{uOfhCZVyE*(kVIAL}kCzV`5H{lJGF z@bEZaQ#R*o$q7I==un836P=6Tbwae%7IHm>4hd3A0h7Sn%IO|MK02kste*h0`OAY@!}EkNEC{SdWAsh1xgADui6F z=d{vS@NMLGmp_&nH5kH|YWeguEXFBq=#>3fdo+cp5D@!B2=Ptu-Ym9~AI;VMGzssyw49?{6Qf(~m=>-+qCQg`lIHk$L5Jg-fo-cl-_>q9YgWs!#{&`l``uh?B z`4u)!V(X8i=b&Fto@q}wvHzP-p8xGu&F+dr^!lV;z%TnaI#f_zddWWZGNw2;B2k;8 z8H{Ay*3YYqN(i9GfHfga(Xt-T6u!!BeP(K;prSaJFN9^lRE(w<`1jRGu?(KZNQRF% z<>oYH7MGDqaneBAO+;#4+gM7tAV`c^Pw+CPyQcV!D=@sKE!+BeZai~XJ<=;dvPF%2 zrfw@(DE^eW5%c8~RC`qFytl|_uGe!E^KC^*TU?IOv%~Rft6N+j*W0munH5K*qLNGF zF4o0kadp#?P4@-rX`df@P>MYD<;_b>PjF?t?8=#%Kr_RQ0~T=;-nraAxYqO97b{hn8(T?y%kN<&rEB_Oq5yx42lyKaczONQ5P52&(DYyjRblNPKALm#6N;D`HGW$M>%3W2Ww^dc1u+zgp>)H4**@;8Q4L=@ALW<(R?z!GbeH`VPDbXPL&|`QgLjjJ+ zkYBVv(f`%%Mr@i=!CIum0ncQ~hvW**N%S?g*DW=8Yn^5bY-cOK{z->lQ0cVaw8M~$Rg5z*?6RUqbAvP&X)2NLO_?? zCYvRmVi9em6g?`pRA<7*S@MEr(srB7z`G&4AbpbmWtuZDN25j#z$)Ze=V?g<&K;kK zCgus2Vm$^h7Aa$}nl0?aH@b0cg(ao-3Uyt1%s;xQ#InG?_oTOMtSAzjA`QbR0ZkJC5J-`6&X5Bd zrWb-g*LuH!(EYxP zk31wvKDewb|F94TG7?W9#0p5YO0&O8 z`@G4iW5wK8a0u2=d42*VOMF^&Q+}r%i%Nj zaRP!XXwyR9*&_ipYG8)1G_DYjcT}v4Fyo0$sNn~b8DT20KmsFSfuE()jL|}|;qYwk zz-V^!L-Kv?R!?0}b{2CXGeUMVncfN@-UOghAyOf9RDSr(g~)9!q=0+aS-ROHHO(Ret{4F*QQZvNb^DzhiwmQie06Py))x6)PJi>rUei#lS;_f$A0$1+vg#h zC$(ZeS%A9XRZSR5wtD}&da73MuD&L+R{JxwqCQ>T@GcBLI!p1}%`%Ui!#93YV-5lG z?=ZwzQXGULNqvdG!5&oK4+n796P(2??FRTrO_sh?K+~goJm}~%R`Rodl-x#fXV^?c%WLi z-EhoVL^#ml7k#M-CktJhD5;kMP+NXv7H7JhkM)oBlg1BaL#<9b6nkrAni>5Q^^6L#T1to8Eeo2xB$x*iH<3>!sNPV)8rTF`esl`bU#CA;hlyz1XBj?|7W~R~Z{vTx_Y?SdJM%j)>_a2{ zJiBeeuVtp6MZF=1l&uw<;16=TS47I9>e|oyF`(8LEmMDjo$Ex6aNHmM}zKjf|T1YU)_1^ z>T1;Dz&G#ZB$*%LJ26fqexay^VxT)fXHEyKd5gje&nAXz5EGSTxirS-PgX8 zfityv?{qryi(=ZNh%mj1!5EZ^)uzi%!vhG>6#)cCqN0KmK>YBHVdv9G^H-Z&OG@9X zs-`Ps&B{NZnuaG=ru|z7;NOqGU$4~qsX{4Jo5}$wTHv9wPY^s6+XyPh{rvBdmVg(? za0H+r0F4?8o&tc9Y6{Ta;WyU*&Uwf+J~ENmwhn!k+h}a8bBuEJIP|XKaAf{;YJJ-C zz5jRRx#KrxL6Lo&9d9bRuzza{$+U@MFD?XOob;!U=|4hUd=;IeF7oEh?9$Cx1-fqc*o(^ePpzqrU z6gxYmdvAt44JN3>8zM^Ac}jsHR-iRR!xYkdI#0Fb@VSCG)+k(ZcJ+3e@56{rI9}PEI%1dq=n)WJk$-iJ2EMU|eQO163Wb$$7lx z0#Fs9Fm2|S7%(OLVaFFb-@>@*#00=LiN6TMg?A1j+X=Tw>uDyuF|;SFvB}$m4rpjz z6Z6231$`Bvgl#dsACF=GudPc!B!}y7=qJ!pG){^HR{~z430#AYKI2t{kn4VYOt?I* zAhzos2-TO_=mJ{OJtA2gRlz#4fnPe@PKBz?>`KeBMI`&#tg#vXvDJu=S-h5=c=T+7 zHA*bY$&5!0ZgLrCUzAeSjTg@bSfiZbwygi5F^>n|9KZ!i{31{S-n$)wZKe#!%EGXgTNciju?{HVZ%Q!8<`iS}U_wfH+ z@g%eo3jYWaE~bOqD6C%yZgT9_4fv1@{t-k54}t$Rp8r2Qp5=CvxAVwSp%f)4va zQTMakGZGpxjCDyAyXefRB8(*axzV7|Z6sDYJjE=!y*@mJWP(l{4^>#Vq1}~LZt2v! zxJFqdLfO=VBqWazr~;s`;a9nNW$&S-UB1M>td;`+XU}rIh5^{Jg4y!1NOA3BVLS$~aB2q)hmBRE zgTV~{0aS`F?{*MQFTFXJNLu@l-{a^olE0>H@`6^md4l70bwJ{{lvnIY!qJO@WlrlN zCkJw?`4{r#9OVzOB%(VqaD3;x&1{lTAr(`!AKnZ=+T&do>JcVs_-W0>savmYwHiRD4^ z5;sox;+gl_YYYc3;h3JwvKm%DfwbnRYn!hYKY^wx!oQyTOD}(om%o1x#N;C$87O7v zuWy!*qEQ_O1CKl>B4_m{@b^SC_$EB^&PVpBsj>#v4jKx`z$LbSHhc{~0DeWI^Ztww zUV4`Wk2QTUYz!z-1`xc69auHG9uwKlvu7WJMkm89?56GL0U zC2m-J4EyXrkq)AZ8tw3L)jhQ!zWL;fEBtisF~>N^T7%f+bo1?I<6-+yz)XG2-B|}} z9_L}z?^p8vy6~4u{u&H_eFlHc4FA8I6K7wl@iU(^xY#bIXvLLy znpCAqZz3Y~^4^&{^ZW1K@16PGnLG2Y%$$?id#}CDUVH7e%V(W){q6b($wRQ3rW(nu zTenI0Zhj=!b0jJxcW(cO{&T%^L!@M+{~>ZRvb$sy

    YhW%>L&GnNY`ITXvs;AZkOJw$@M|4siabkt*CDhnHA$M$inMqPsp8%AzMtb>vsIKMaQ8s!9 zkXA9M;+3-T^oh@r2~EUR-c-(hBlOnY|3xwh$?aSJXXWHKxmq_*NphpCd!+ZsNXc$g z_kW6}C8c{RahK_(zAcX48u<>pv`oeYjAxKC2(7FdW8{`r{(2y3=!sUb@v3e=yqCc9 z9z-Bs&yrBzxoIZt9a<7468ycIEUW*kt^fP)bWxHxuPE~Yr-kwP%h9>E=3PZMno>-| z-$x0-r=m-uY}X|Jd?6ZrpP4c#m36nwXUsOP?0nbCrcNW)^fcz}H)lr=hwt|Y zlx5s^*KC;_786TZ)a`au@mu;&ipGBv{;QAwn!|rb!+)K@|5IO>%1juFYG}mq!ji`` zN9QjK&TH2ZCMP|gzOU^THSYKwJihxq*Ky-J{F=mR7F+FY>~739*(Zx(T49>OhM>3v zrnkY?I*so9?t7KC%~%OPs7?@V8+@=WVHM&uM;tQ@kc2^Q*F^uaQ}a zkFKlbnMf>5a`aiZ;z{+0j}yc$L}OxXAM|+@G28*znsgjlY=x2ZnM{daBr9P50UAk1 zD*=WJ^{D?_=)WrX|A`gcD#Wkrqshru0MLtIjiW_g426(6P2-0&XpnV=VRQ}!3#|oM z+6vdeYn&=DrB}F{R`jvtM1Df@TY#N+)A zd)RV)h_63Mph3duiqi*X_`V`FKZ!?&#{kspi& zXxz`~|&M|}OZX2RU)x_!)p_C7xSS74|wh&T3YRW}Z z@UUvk15IsAnK;OVzcTOPvL+1>mapiWz^x@7;1t54>Hxlrl&~3K^y?I6u2m=4>;ZkY zdu!IJF<}N$q|$3mFP<_%C*9E{*AJuXxL-Ksnvnb|{1;L6^PoLmXTaTHDc~6OJ5Nxi z_%vmKk0`9)Mc2RYwfR~nJIoiS@5)rtcv~jB;Il*GPT31A@|Siu7B&0Yn#GGbk!I7mh*ZZp+0B0D!sb7r_jz^KEjO!dH9!MJJmtoPP_-~su^s|y8i90u5$$a_cJ6G;lAboNKrAG2)USNto6ZM6sHEC!dmQ_K zb5Oh|SUw`7V{S-{O43=A@eZ?aTA9W2)5mTy)SpriHG*F5G8urhs4H3)I*o`^?G^iO zfz9>LI>pYdg=sy)TeZJm8;yOSo9(|;+*6Mn@DYf$^L*=^R2I1|lUZO5H~9BV4Z126 z9}N#aN*MUENr$##^@!&gKHe0H9-gmV#)JrO0>!TC@q-mx{wwhU6BrIAO|A0p z-W`==ze~gizrMAzd-LYGh-g@*z7(O`{R!yk1u!>CN?8`=FeBbB(><}ANRabOyI{yI z=ayt%Ny_NmQ}Sgam|Ly|h~{DhHx6BH3sxv6y4-XnjS+aI@q198aflpK493`r5XnVW z#Ji-oU8Y3+SGlE5+#R@;W|sEqbWZ>CM8aWiFYgy@6CH#fjWU*onZ2k<*m+6{>0+nJ zUqZm_{z%WJh1^@85@IR62kL@)`jg>oSOYl{3^$Oj9Z!1T9gj{8-(9 zOuK@LQpF&oqu7Eal4sr$FVtZ8s9MOuW7f91y=~d%3|pkt(z*E7KCO|HxJ#*EtIT0b zrMv30TKcV)H5qus5gJSl*iNdc&#lMsOnymB(^+n@;0C&;07lZeT`BP=s?;KWRwlbS zUmqPnBIU((P36j3f73(W)``}js&b0iw90YQ2EE_%u>w+q-$UUM`QI(PwWyo(Gu~u? zQMH2;VQG3!uvOK-$je7Z=#3w#vVWIaR4b)TTv}Eap=HG5sfpe-t>JrWi&NG4t5v$J z<6JH8OI)@X2Q-U$Mh#@~e_>9``P5zX1!^6p%^+gDRjgDtr+d1G4J-U5fq1U z40X^~Wsq}ik&((CT5B-Ejl&eY^&F`mcEwul2|s?>HErE6oqCMbL=!!8J(#76W><>cZ5DtacQGE5xk@xMa+q$>!`-|_lVGL<)w z%-Yq%ptVN%cJYFVB_+YRb;6?PiSTmPnXuuB-A}o+L9Qhn~q(G~J#z4M+i z&~@e2T&)M?Pg&ic`%&C&XNKGreVn5rFXqc{gLqNEAi@{^%{deJO^32WL0;cAkF{et z{1L{hpAh_Uy@xAjy_Q2q)$o9b2ibw}e3WD2zbZVo$Nl~-@a=jM*Xj1^nk2%0j$XgG z{O{`#pKl)R>Ec$>B7GspepeG+;f#Jb*j#$osovM>+1b&bhK;#J6q!P7x`w+&EDa?L zEvHQLajNS_VxCWz4I#7^HJC-lRpTWI2Y#%Pu@dhUYcsomLgztWb6xJ@vh$S7a zH=eVy!VqsnSu>E=_mv4~I*}*8DE7TGlb{5Zwu%V<5TSW465+3Xywv#~*aqoVPGAt+ z(X(d|?<~&b3RBhD8cmcFiR|82c005UlJIF( z1pkNN9T24SUhpoh#{tWMN76I>dYdS3aaHDX3pu~3Ow*m5CJkuQ{;qP{{N@j1U}^m1 zv&K)UldzI3@T(JF%NI%2q$|<6u>!w4@{;F~YR2>^aEu)YgyDSO_^Ur%gm>-B<@P~G ztks2V!rM()*_kzXwC0XqLY$y>sboohLcv*a=u85>^>b;6pW(zIgAgV-dpIBI>F1zF zd%V(*3J>$C0Z=+WEv=s@j_Kr2)KUWi82f!y;_O^MW)t?FF}H=$P*Dk=i$t#r2IM@bnkakvARTYYxLaS3$*V2@@e-@1 zn!_Azz?Kb4+{_To-j8}FG1ugfua!oRQ-@MjXp>e-m$Zj$wNYlVOedMdg zv=*euso`lYXtO6zR}Dn>xF^bmXGJLHk@ntrGrmNYH-&*Fj+#u^GuOtKV5S700Fiyq5Kfi4I?udxWRlqQ}Yb8(m@Q~m&=rk=;8bz3k_!oqcdxtMf>4}TGV|y z&D5lEY*U&Eyl+Ih$XJRACAxUoq=_uRHc#g+9kgUN{F!H0Q*rB_n7t8om2l6_Y~nS^ z*ps)P-VuneEYhzE+n8KjAH$NbFsF3ZAMF4ApKXC|4J57n%`&^UuRVQ+AM<@2^EQaQ zIWBYM$-g94IWuvx|2HQf1mlU9SDn`+DV1y5dxJ>jFk2H-doMGb{gbp=>?LDbvm?Ej zc04YU-wXEhegxW-mTRBvm+PcoT(=PKCpoT^ayc^>dov%{j(0x>YqA{0iCQSiKZEIy z*RgMdQze^3G8rKphNCragk$={ONqhcQ0Hx3 z){@6YldvX66trAxW8F5!&_ur|ugw;|KXT{qV+TpW*vN={=l&*vlp+cI2cF?qqHYhk zBH)_lf{5ZN^)RQl4uk04!ScrKcvX$hsY2vfpB~orOru9qv-x{fpGvqx9mG2er%ZhJ z%Y@3UTXJ)MCsx*H=fe`E{`PnPGSZ+a3{vRUUmdk_&IaW|BeYDR^-&t?o^qn&3e%4t z?3L4@K)6zmtHY}e=Mv)kLg5n{=r4?g@Njnc9Hlw6XNQ9zd*Wu<&&PZa(RjM($o0`T z_xwxG2Erd5qWEEfSm;0qmAfy%2A0m?@dJmHXp=@?!mi!S3|{{;mXv>i*h)- zXvzAs<3~y_xT|)>cf%rUvQR@Y`oh`hF(fCCaJkSP9r{d;y}mNM3{aU*wDf^#uC+iR z#`6*??=?jyaPB|%rL&QEyzmy$k#V)PHrb3Plsb2}tK*AulXl}3lZ{NX-EzP5qX}~Z zH+=x0NJzl{EyJC&%K+2`a(!mX&d92W6rB0k;@3Dm!$4~9F zchb|OvWB|0c`j)KKH$zon7iUwXX^zFzHjO_P!<-aqvc?bD)o$X(G`_p>mTziR~g45 z%2GI@;xvlp0&)or9>XP{bH&%&glu6S8N!N{7^Pa@0x^QDsfGH0xb85VKrc_%lZZGl zbT%=)cR($S_Oe@~aZ>u4q*jl39g<;s+xjv_iJO^fXprLCAkhti{r=vN4nDurv^Jq=&JdL32WOBGFnX;>?2dFS4LmCzciOg0!INZN$aN8 zRjQ1Zv!Gukkf4!ro3dHPcnKBP$Vtlf-`1u<___t7{=+?Y_{q2mGPzopf82M)E zz>vYMKsDEGsg}vedxRg;7`9w@zXRtX3kHhOxO&D)RDD$Oxz8sxNQTR-b?EG zL%kxA6xXuzCg4||foj<4aw^$~9G@Ze#z}Ixicfg;#i$6hS^=)j6cX@>l zwBGN?oV!q}6;)O@%+KP(OE>zzN*!<3-|b&!541>`vUv*eC#ubql4&XLOBG_SxVgEX zJ`%cnYWT-CF9_x|{%vEn>v=i~Gy!HUv3AQmE()5W@>S!B?fwDZ$CCe>*-X&iSL>`V zm;uOh9viyw8RgN&KN)fp2qYiq%K2cqNtYVPsOq_Fj`lFDBNv!9OIi-=xuf6Mxzf7$ zXW#Ywn;SSK)q{aXQ}-Vz#GuB4RLb=#@M6V1Cb0-mtGA_>;OL^Yn-*O`yV7Z)gcer6 z`}bjQ0Dvyo4;LvcYw%lUZ8~hWEJ?n}a@NN({87-hU-63)A82OsG@&b{%d{OKc#qz5 z`QOArEDzXvLxhqWX;+9zC?XnLhOUS`j@-o;YYQ^J|6{lv#)DtPu$9eIYPvzEB^By3 zmDW*pR-KE`9`4!Xs{T-O)o#;Cb*Scwzy?YSou7i~WB=DDx0DwnJa3`(ZNe^(Wf3i@ zzvvJmjqh*{<(Xv56F}!{3ffiVuNJBe1r7lpE&1dWmm#KV+{;-{QjVgyi%jvGl;Jr9 zUS1LXk~W%q6f}H&dcWKxYHU1C))tp&c@AmmyjkezgO|5616}(L#R8?q=ZhI6teb=l z-Rf=dF*O1zf)o!GRHz{CU!@ZME`e&NYC60Z?kXjjvA0(jY}K1Mu`IP`%$m~+%T8>i zy!@Ov(77d(BW0nEq7v#q55tS)yc>vm; z=bfFk6bPwZ0b-?jQ>Z8J1r(7U2M^1}MccwsV#-_4EnW(LebHSp3WWN zB-1y=;G#oZpDK|}6(;cPHGg1uSkDzN$%3fU&Jy4)ZWuGB{HcxtuzPfoehZO<300HL zcHrx@ea9x|HHEuh>B4{kJ4JG{p=iUm>Q8^f6py&@u^Cv%N_fP}sQPlqet#Qb73*rq zoe30PmwRPDcTEzrw}rqvuz*=S^U7CSz6acR?7!uf+UE*6A^#dY^v>T{`^z0qHFuI( z%rtwn&~zVQ>8n`py$}+63(@9F9x^E2arF%zT3q3=ke--Z+ic{p3ybQ#i;7N^9<3JiGgxp>6GQj zUu@K68Dam)fjMVhADST?uHQoU)leMzS8h;3YMDJO*j<((L7E>0s^RG)Q&WAfnfZr0 zV!a+0X(tC-4(0hH$EdhnCoI0rg)VA|yxcYVEuB9Nqst3A03`Ydne}ncM-~bBQ*E5$! zx~nlU&M}_W*KZNlyb>veUzMhF5h<;sA$8_fjsuqgn|VNa0?yJfktvSsp#Z)X{!AnD zA|qR*9PS;FAH#ND=Uk^)kNB(|<0Y{0#J03^?Gl>W;QsDaI?IZ`x#)9RZgz018!R=hk?K>sW7t~#aOAKux0n0J6Z zbVCP^5*zDxHq^D3S6lm1d9UvE*IEPuEn(ff*Sfveym#IW$@e4jsVgKl&;4yoISH^N zEwncxXugR_sj~c^t<6d9B#ZR?dPaD#m|FhZ5VxbmdUZk@@K~|?B?(E3dNrpT2~&8t zd+nC{=}7xCDJ$YN303-^w?LUdw(SbPE9!lx^1}C*sB01l+y2yrl;yDhq4fV3#n%Rq z7b7Bf{^Yw{LN}Tobhov9uu>mB{PYirnEp;r`oI4(Ku5W$G>;!IqMTGO+PqwnVMWIMm08C_W=E%@3fyxydkI(2l`8QlJ6w1C8Qwa8M0MO{=ljM|0_s$a~Je zl^pozax?9k1g0R`aag`@%^d%$+3q0;)kKiQ`j1;qt`6sJ`PU@T7u+4HyJ80oZGOMF z9kH!V_ul>(K8ZYwQ2Lhri|H9Yb0(Hw?*rs&c2jr3`Te2iJHSCDAwA-K##Yhtbbiwl z+nr%_DJ>rc2zgd#EcP)#++&S=u3W)?3}tMUQ$LwI70F_6}{%`+T2AK2jPgB-F)+fJea+X;Z(wd8hZr6O;PM$kTQ0n znmd46fXB^R)5d@<2PnodtJXh>J+_P;8P|!AVZ%krB;+|Qcoct?sTN-%%FI;Hr%JlS z(iFmA@X+ttaI-A^+G00P%Jo;OleL*NqH=}dGpJzH8&ZSM=sFta#t%FwK@mzR)`;Hd z^6}3`BiLhDl}aWT#G_*|hIiA9&jRLADqv7M7u?tZT%AcV_Lk1`a&dT+J3!atVs0E! zYZg0#2>^4cCHDO$&W6EKe9oIGAE(Y-_Ox^~%RA$|?`kZ_B zYXO8{)V;(L9~fy$@p%HR*jjuXJD_Un&6HUEQvM~igd9|dGro?}e##0bzYSIZ=kJ3hhiUb+(-Kd!$*X*^n zAkN!Rt& z5n1wLNSY3}w6kXFstW4`rqt0YSUl}WG<}g4kl^m5xaY?-=1X&L$-`-h1MuDM%suCr zSib0CxruD94o}_=K$!k!Jryytu@jVIfJmDaisR;z)F8|*b6mypC8WXtU3SzPXwX9m zdZtzJ;c7}Z5dm(~1W@_~mtu^nfBQ+2WA);&DW6U%HLXr4d5*#SG_^iI%me0@>C7aY zG{ol`!_U?PP1noEn8Exxf4S(-@OGI$%fruH42R%(TqLwq|uRe|#6KRc-X z@V<<|c(ruRdKczqjPq<6sVluyP3uHSMQtYXPYCC{_`XzvxzmgUAfxU{s`mP)@p~iZ z&5}eWHlO1~JFqgtFn~6dW12al`)GiBCdfW!ZdE&(A;l{OQX&+Hm*eU zZ}7qt#)9z1tT5{struSql;8MHqByk8T(!NN9CTJ~Ju1=NOH5jPsbFI)fxmx^zjasX zv$GT-^MRy#hwGSx3cIMFRjA@N?L5GXTQsVW8K??z6z~idL1lCeuyneqRq6s) z$U8cMP_K!`{>L$$Lljt^?$4=|kR9YrSc*hxaxNibb-s4i9IJcA>FMG!BdK3;0eSvd zCQXvkxOJ7`-ACe>$EjL4b;1>{n!p)WJ)R$?VtH6|+NoxgK$Oe`$b5$iT$89kg8;iN zyl|Mao&D$DwTf(VtH~CoYmy}|)w555HuIV6AymgQbXtBh90pw(cje_%AU2wEF)0G< zihFb+7yNd^OKxuejvhU2letT|xQu$c3Z@asl0Eth+a^jn^_u|_VpA=ZAD_TD6EAhPq;*DD{J2KQrN()S zF4}V&k%-NQf3SOL{QA3y|oOvKD4antx4A*QoL#LR1I>v z??1TYni3$mao&-;*%um6SPK(P5fRfv={ERnFm^!@hI2KnNZe?d+!t&wo;>tfHU6b& zJtP0bhEpLgCKLR`#wZad2+Xw4pL~0fpHGg#{i=^frH|MK0@$it= zlO=k}u9M}}!yWdpkDvN1gSVwB?6QATG*T(|7HIv4nYZoHhZerv0$J+Xx&PQ6y}2xb z4MGsK`kb0SpL|F0lNN40D)Evz+(%TUDimn+-P0h!Adcpn_P|GtFGMrZuQ|)_ilsNW zJUYw|1?AFBVbj!as9PSp)|lsb;xc`OoyrQJ=pK6sZ!BfPoLgTYs^C?@x}<5kHvgxs zAFIO868VYFT>99A`aN*$$|284r{wyE2$kbC2@~T3SBU)_v)SJiPeN9F#$G?FZjv%! ztr{LDT{jd@$87d7OE)KPxRv+{PU~sn0Ii+;E2JraZsA)7j@lR;lYLCLiY49H*ksU& z^ZHXwy9wbI;bVsw3$|D8eCc$w%WMQGMED1Gxiv1M$dv&ekp_u@YpqtKsd)jT8Y!Y&DVzZu`cOIVGe?MAzU4BjS(#Gh+Xj1q@Ar#^k z)7H*)Jj9*5ri_arWStsZg~D$*b3Z-&Wjf(Kdz(^pCyQ6`pALv(fRzc;jZNk3Ntj4+ zhNZG$NCi5p!LqL~%W;};!0oiT#*+o;-_gF0HNlv8kG_~N$UnylOOXuX5m^nKbu2ACa|NbS$M3M0=Ge{VivvG& z4-G3g^xHhK24~y4MZ!T27(xv0cW!TVFHub$iMr|-B}57peOh8}JqXHf`55qEHcjnQ z)5zk$g2{<>9P$z~C(}2xY?BO#%Fw32?U0faRxsn80$c(ty*@bb-(yI{dh_JsQYkgp zOlHd+TTuMou?exVqD=Ez(mpWXB2Hkj*9`Y_kP2F!&~KCSj71sCqqk2l7e|R)vO8D| zq`aaZ1xWt05dhtM0&Xzk#{@lJ7Qg8=HjfT^gw5q-sAW&a`r-*_JibS`(6N$O-J!Yss9)@9`Fe**%q!@Z&-Tt-wgWQxGrwIX55=$XgsMo_9%Y5{#DFWPUgy zENxT3830ERcumP2@>u3UuV(xQEv<%}>Tb67X<`#KOlh_4>Bv*D(F8M*^10x<#!aeq za78=^`5Z;mZ0;zEcR4B4U`GAl94mT#KBlPQOH%O?RyNhSHTi?STxodFm`y^SS9??C zuB1rPxlb(r>sZGYADO}mcUGg6C2a_3Z{AmPTvTdEQ!2IJB0@(do`dV->v`Qpv^gLk z1kJp^x6_^eu zw-)4*N}F)CKm&n5$tCWmcd^Ix&J5UMZ>#gJz0+!*(lh}GDT+nS2HCK0-6bmh6j+{p#=h8wo@qdkLNCXAZxSKXS1W~u(rcu5h5fGE8zMKq7< zS@*L*W@T_(P7HwQCtG>{VW3q!(aX9;q_(cm@ap51vCEu*qeqN3PnjEGeEYq$P?yv%SHdpNeV1<@>AV{Kv@+dlc+5C9pAoIu5iC zk5+~E4$)C6!kV|vEHqxFmB6=epx2kmyiK3}*;^{beefNirHk%WO0L^`$m#sEw&f`qkt`LhCVu_Jvq!5fu%Mr<6 z>T`dJ9t)#F+zV4v1C>5wClfX+QDB9{&#w0CkL9Vdn>JcQ7v)k73gC}+D@@kamYQdE zwq`7hD2r)UdEsv9JUmF(e{}MHvAod+)2#@1X)MhmCkpq#Xbeydr$n1f{%v4Xfz>Ba zjz0f>JZN+9wR)aZbS^HIH=)0xBuHGzYrt(rL>r$7O%TY<)2Ha{Q`azgJulWGHzPFg zn^JQ$kZE)_ff7|ZR(A?AazGOe(2=(A=La`qpuWj?#`qQ$JqKs%g_IPXL49&o{;cvN za6}Am4I490^bMVA^uBZoCY=rAcV1v_J^YVD5ei9kJ}MP>6=vTi+&Dz`H{I=;MA6%o zuboAq26s);zaI5lIAo^wvhD5}GkcLOVqBr|eV*4qO|Wcy;G* z>bG*;2P9)7l^YGfUBee~R`14Fq87VEcg}{Qn;^AvuKRh{B#bo&B?70XoV9NaVXzum z@l4Rp=lR|S9-;Vz2r(?=c{~u4hD3Y-=~#i(J;_HP(@wN?Cc;T_*e2T+Y8{4bjY$hF zL1Sv?qJ#Fl^Jm+j)0MDFLy7pl{-`0q8VC0x1Jq1Itz1pK*$5$4> z7w>BWw7E3^?5bNlXt5TnTUlcFdi>2@nOvyDUf4%b8i_4F<1ov2YvM3Ea}{tP4AsoO zh!Y);^8Pq)^`|j?C#R^#$2X@vy;!h6OQ8^zypz$Ik@v%T#VRA1%B5qD0dC;?p39>m zl?mN?etOq&;~bC%rPZz^$}KlyH#yhT&Boay!Gw`)`2h^P z;GN$gS_|_BLBq4aj-U8b26%Si5M~Rjr;Ijbf`MudXpjBip{#(MCJoO22k=hw`V2Cniz5qggUXzHc z=6E}2-_4?WZecL*@;ypAQGWM(H4-_C!0Vuf+bx`#_eu=mvh$Vs(!HOirKMHXhWbo_jp4QVIKkR6Few;UbcNr(yjVMqNJ8e8b{n2Gr{{5kL0>-MY;Je#nAft z60Hf7iqpYe`*OZMwyMVA(m;oVzl6q*sv%PYh*nd&UlpHR&d3sX4>evEJ2&oV zw(j>!&5K-8>JneX96tz2#uJ;1!Fwak4Wi!2ey^+KJ^n4yyz{2jrWSyfp_=rgsAg&oKNte=>1jtx9zMk65510;@fM#Ednr&nq_!Pr_;#Ys zAse2_3++paDzk+P;g>Td|Gqg%qhQo`M&(*N&#BGax~Cy486EL18Mr1hXx+R*`DLkO z&J{&KNA&+{+h_i1BIS~iYbw0J-G~c04@WIm`%gYhelbTaF-RD$$435a&$Kc9kz{Fa zDL(TUp(k-D4l%o2I;o-y!oS8tudMI-NuL+CxyB@@tEDmHa0YZ%85O za^*@B++^=Y$DeGzekbQwh$|RA6iCz6=#N}QO8t>DxS3gO5$6DVdZS!Jcp{O~?r)yR z%T5gw#2*@UPfZa#TK{JGuuK#Xdg%lotzT14GlxRT2YEN2b8}OacFa+}8XfYTs5KGS zG~AhhpqIfEyp8s_)+fWuPUW^ogU8lOZJi<=I4K65PlZ;Dr;A#$hxSuCH(oDHmJufK z$_J4rgD5I+7N?xA)lAin&aajf5Lf_SlUU!tU!Kp@vUl4muSVLr#VB_H9u4OYlo!H< zisIkAIPa-m?5Qu<72(Bsz$R@bC!tA*rLYI;BE@#&K+r_FIwYRo@|y$YCvm<0<~^az zS@EoF;)9nPFiEUO@mzW1ML9HAK}%EhPAZifW9?SK@JB+~w6CGg5_W~BIIE|UIgZbl zDZ_r^`M-NsceKdB?Qdi~{5u_-EGYo>4m@eYl{Hzf2A>ekz|JK!HD=b7{(A$Gjykh7 zO;GO^L-}xmY7H+@6ga=N7d|KZa0vZxy$t|Fbm5rCXDN>c&y&H-&_ySB!QlFqgtgKK<*P5c& zoEckJC}4u`>q|QDY98Qovr5c(65L4fO&<{U6pHKmNg1T`UQH)<%s$+%$7uVssx$d* z^V7Gkac2?ENe+P$U6dsEM9t&Y1DqbWNWR)CQ2iDneYwMR^ujMXl;l=moWrwu5)qo{ z?}&--huI(eom%p)m}U2_>|Bp!r(f@1uq=+f(!Y03e`V8yk!-rD?IEgd&QjpKR4+tS zkEfMMCIR`->wS?{)6-ouqmlD=TeVJ=FUhBgdn)%!1TJ|Ki?2y+Ip&+6XUDVkvwW)i zmJ`_)DPO1*XE{5rRrB@ZZ~66+QqJ6J_<&bn;FI*{Ey-LDHF@yIGR@}t^{O%a#*Gu>}CuZ~D2`&Hl+{gbP$os@*M(R>CrWgY)F zc3JWGFtZElIbNt5Ff0I-;!+)G|eG+L} zN^o~@!2OHL(%zhV9x|98@d5n>ipP!YdOgUF8v@gnrmLyRqy=(QKv zYO{e;^D1iGvX9?7<*Ej5pITe`e0%DwhRV%n%`9L&a4Nw zCu1p2L==NG+ED6ai&4~84E|%%&?Zlj?dP$DA?ShC8WHlHuy2|cf!K^_JiSa5vPOy0 z1t7QsiW-u&(Lb=%)RGKcAZ^lr= zI|ld)CM>6hh+xb&lZc}nPn}}TwD1nYTgi!LZ0H{TYZ86&YBr9CL?RvAxyO~A_2wh@ zZ$Fi5JD7j;@4W?B)HanNHveW+Z2X<%Tzy7r!~M`X_;&~413{yWNm%1%wlFyS?)Q?~ zyP^YU77R?s$XL16EX4ipo$j|3Dbqniygj}eZ6|0J`CgN3KcivH`ZB>-iqXu&2s13F zCW2ST02ENLAn)w^+2}-nt|cT~Qt7U75_emtnU<`Uy5N9Ix`MfW_uiC+UhN`fvdzw4 z|3{4++S$C&lmtC~oZnJpENkt;+QigC=FU)MA3-ZgQXMzEDVK(}<&BN>b)mWgW5{%U z=C-U7_qqS)Xs(47Qz%#C%D9)-KS}YiirUWPT;YsV9*i*$@|e7d$^ndumPMe=QASueia$Kfi#c4=1C2JdY2N4JA}Tzm z6#-Wagg(m96lQ~Z&xA{L+%eC~iL|ehTMpm$F4CzVGv@f+^*iZBcPbn0(d@AM1I8E8 zX<2Pf)oPs%BAaUh~bdKkhCy9oGFOE;3rT=|#IK z9Q_k3oHls_(WRc5ghJ`Cwm)IF^Mz7qL5yQGgmS#*<*J|HIl&spTFleMk>4XBXNXkj zpq6!8N(c(#G~Jas9H=jSXtUH{J}g*RQAQ=qIXM9{+*12oej=lXJpMq(3n2!T;lIk9 z+tq{8)2#(G4I=iwBs^!%oDNfzRidc|8`}})VdUr zy|!MZuTS1)8sm)c;$iE=A&=7{=3Qq2jI;h)YB4mtJ4cA|oH`W~o20~M!D4l2o#MCO zj&+Z|VY6kr#!R_#CxMl=>X5iHhKiug1nlQ(rv@5TL{gdyMfq9)7Uzt#ArwTbOyrkI4w$c8Vev2c3Sn;NZT#ev z*8_&xY~--KvIJ@@0EWcF=utz!AG4udD|bY~^Et7}`Y=+*l> z6`;p;`6Djq&7x6cfo}Q-934T3aPpn;rzx{x?c3U$DlY|UWbWPf!{&LG!h|L*2Cl{d zo_Od~SgA|i$f`Xp6pK8b*z!$Hhe$*u)+g!wlB&z0_}*^p^rJ0h%#f=MIOO2bqv;l3 z=telwYi+q%L3wX@=iax^oaHOHYa3p%*o-r&U9!ZOSLQFjbn}YDM9MVDMLjn^K3=)K z^b;vvWczgfYLa)Lq9Qy&iW7Z6i=<_yh<`YJb6Suw@J!Tx=2P3poLoz1{@Nl$(9t(n z5ii@z9nT*vqWrH~-Y(>c=PHgb)VWCu2|1S*ZH2t6O4Sa}P1UmI$YTwd!g3k)Tk4y6woAGR1JaM!Hgp1qj3ZZUDpe-mxS{K|UIb0P6(kUuc@?;Ou?g z-ZiGlhvz|9N1%L3T)PtacPrAb*CbfL8uM8+hnOh8NP@858hqn|t@YdkkHId7yP~{q z=FHPWb!KOeNwF-diW!rgWgu5K{!aClj$m$TzwL5Xdiz(HJs&c8XkG((oN95#kRH`O z3c7i+%n2fKf>lkfl(z7RM?2PyYFkjMPGNE>F3dK^LB5ucnxYGMjs!4HZ6}mXf<+hG zCA6WxOh|V^@p%t-dmVVjg?RqyO6Uvs(G?MzT?89OX%_Z@RCD*A3aMt@v#-!ZErwrB zf=l?*dK@^yW(;iu)yAYdd_^PqK-+3qlj&gOu6z~pc_vgsmE%Qvw>Hio)F~?}SXchv z@&>s?2S3Jjg-rwdUI;i$IcrTNEmgs8OFmu}ve)u9N>;|2<&GF3(oDe)&aV+L$QH+1 zPeFR5eS>Je^a#T}%1Ho{OL}xByFkR~CLk*Ns_2|x)XER@Bl1*B*=kW4uBw0}7VRr} zjX<8>bVLu`Qb(y;AbGi=gZgrFw3jC~RcU4*$vtvSd@-%LnRQ$C?B!Q6?ZTfI%vkp- zRC&^a`jJ}RVhS2m(Mwm!+@6U;A8-zU+*g`bm+OHG(EI~je+jM@NRQhdcxhY>GdLA@ZaPQe5r!Tqp8<4#pw%uBCY?7w+8@ z!NsLGU%rhTk*(uE6y)mr%=3#sMb5wfN+2S9#(Pv(N|)ue<@dz&#J~stj1UGwgUjp; zVQ@!xj^hzR4TBB{l}TT4O_D&_;k!2oRH{04&Ufb`u$uMo7AC_6XGuX8wytV8+CPBR zJUZ<}hx9q{zNFCAC99hva2X?F;y4Gh!)w|UC7L)iPCY(rzgS~1+$H8JKq7f2IoQk% z{B6zZVi&7_-7@P>n@L+-nTV+oiIGy#PJTci$|Nc+?yQ+s_Dtw`#U8iPVMsi`aQxs& zh_i?7z8t+t?y@e;H`vLe6Z|D7I^LvZ^|O9Wg8$E7T7?s)!Z>2#xkozYbAvc&rqRlg zp1i)d9c2nM{vlON*L?GeZr9s0sx)OE^cXhB*UX@zKvmmgr?Z7i`&4Q*D|-p4>RVQn z7$u5(sSOjSrDeJWn`NIC@R|B4QugBY3HMy(lD&>x@hRhnh>?HyB&bx=`1#;e&tq8? z(Hlu@f}4=7mOPZMNRzYq(!@qn|Wx5J`DM7dnU>w5i?=HHFbhUnEmQ$GXY{Yzc(y zK&0toi)y~MH%<-mw}M>k!w|+2PU_kn&;(w90Q#kjhX|;YT13bxu~~z=y?F3cJMQ1s zWfrRuQ#)-8(A9&FS>w=!5p0kiEdp>#7ldVzbHU}cL~4qB_BtwlE={m$ z`IqwrPD4}mOP@C)ADXN`Jhh&GM%@ziMRSR0%yEkO6Ze8>s`7T-o!D2UD~378Ijrl|-ayggMg!+n*CfBxu1U0Rz9eCHO;Rk}UHO*&2JRlu zyrf2;+MI{qZX`TjO={Cdd|*z&U4l|`~1#1 zd!PN=TjINUjq}NOQf?eoVoptu+8o3r6uVc@dIAUP4KFoXMuLdu%`kwtuNH?cH_{D-&9ab1ZV_efdYi{WY#^9|G51wAyebF)&t zpd9%uY@B&TD^mAO;hNF3lOzB(p=57cBDsVJOvlPfsqmDvRbIQjXii(BNYM*7;dz5j z+-R^cv>(ztU|MDC;HeDV32npd?eag|RVN6eO9Jj>pjZwH=|75(O;+RA+jWXNjwS>0 z!u%BDV2Y&p?sw&usjasvrs+}@y$4Q#do!{m?TBN3^qZ1)+BMaa0et&!)%=+@wr>fO zTW@9|n>N4Y&hgMUzB#cw;VPRyr4snjeV6CPp5cW9wPe2nCUqo_Io0wPramX?f1Gf- z8F2=FeJ0to=Kq=9{|4rq$bjVp5vpmBmD01i0ZglW(xSSqu%@Y9Wkb!hPJI>9$YJ>G z1-*pI4v39${#_q|ZUY`K+I+=!A1wL3A)?kJ)Wh&vioLU`O~)7?G&k|16+-Y4FBRSB zm-0K;Iby>siz>R?TtD{fB|mO1*0o#@{o<$@TQ%BJUV}Dp;)&Ry9wupKR4~K%_&aNl@up^1bC3-2C^LAH2>%^dz(15R*cOimZ9* zaHh-{4MF=7Z5*}5F(?3J_y%NXr>lzlInX71k{FaIr!6$BpVbm0qKrvZqk=k@^|GEV z=eEr$Iloar7nTSEtefPIxy$-1SCh7%#A?wR2@c7V4Di$=ak^9X9he}pda;-onu(Oc z+c(o3<)*Pt9{!J8)otP!-+UR6-`D}k-045`?zB3-niul~<6e+0QI#&8 ztEqnJZ_MS!d1U4B46Hi-QmtJ?JYOUC*&CnRf#%m~yGkvFR z0)jcC>E*2_jBvm3)YO+SH#T(j2hv=0L*ANiIR1*;%-LgYWSm#RObu6%aAhnL2+SA@ z_cZaG^&Ox6ek+#eQQonOl`=_K?83);9Z_-7=h6 zB&B{4U+i4Se!gNPbw!Gf+G-%XPA4}5`^F!y+CH2^p}J+l46;uL8IPMHDR-T3svQp8 z!PT(E$?f``f?B0&tkV11nENFbAq??8#a~ox(xovjoK?!^CD8al_bfTsIg!%r+ov_k zCbIag?5~maRZG*fzDE-L=S1|kUKJAR%nUXMC(PoIPsXN}Q?ix4-kO(5Shd@SA-*%t zs;quLqV`d_pr4de$^D&va?1Y?`pM;oe@#C*x;pK&xuGqFsV*KT85S9PzH{OCcfxgr zsoEG=%xi}H!8N&5Fs^n(JZs4I3w>f=r zrpdTUz%^kWnYw+?ikw-#qAOP-d$r08`G3Ub7g$`KDo*S|RPe|K+T?qfB-?YBv0cD* ztY=IK4S24E0Ha@J8VexMsaq}KI}!2JuAd*4nM6v;)7dgU$*s3N?vKw=P_0yow~8{) z!V|J27B`|Bk11!De_FbU`$>|!eRB0yxo5Pv|0D7b5#!p2&j*qJF+p7K-HE*vgLGi# zv1whc%H>a0X&(|*o02;YwSTEdVCrV={9clf&NXvyYRVt&eUYPb4!?5;HURi*`JLQYDT* z1%DDN?E8Tv?>15VK8VG|NUs+ie@K4sGlf4((D!hx^@qDOSJYcIJ}u5yiL$lyRND)A zK88x*JlmGUNJS)NTAPBo(1{aSr8l>Pe}Nwh9L?O8S9TossHM+&oSwpqY(7^58vOwCtRujfdnwV;SOWWXLH6 z!ntl%8)spMNm{?ScNu{TY`{n01>-5DXRsh2iNN#GM<7|6Vrc^v>Hn= z&BgpT7htylHfiMZVH-G^i;4KVQuVj%lxcbzs0=;Kb%0V*=AkTU)zKlbIaE_%V$qp% zqQF9SIa_H?q>0ex*=TQhZbrNn)}hXH>T6DYz&d~bAaXz>_w!HgXN|Mrz@^ZfKd@-= ztj_siBcSL%Hn0B%DEOcAO0tI3Z4Q@)OjidFAT^Jf#?W24BGs+F{7uyovZv`1Z@gNdgum3sR*@Roezbc)bki0!5sJJDkM3@wdJZJXQeNwMC(rm zhAS=(zenzG6Fp{xv|MLf~I;K2IR z1=16^|A;KHC4!Af;~kO9O3j&7!mE>E(X)Ivk^n{Cg z>q_7zI2EsCYRC=i7cx{0mVd%zZSH?&UvRyz`bbL+pgp!&fEBlue^hb9sK9C%phLJ5 zq#DN}h&-Hir|6dq)(A?*;V4tWKd?4Lw=^7t%92)0*U?hjaWmOIu@9@1aX>>!fo zVO7O7=R`ZKP(6Mu&hF?q|GhW;$^@?U$yYGhg-YoPwlm3GMinQ?$F1fNDigY z4~AyXIc$Cw9FcXw4ZI&G@P{uHv&=)ISdr&C;8!d;qC#865 zEyW30@0S9!n1f&-Cd?av&ualYgw%4efj}oAdWodTqPhMFjEy4>0Mxiqm6dVOQA&W0 z$waK-hSFOXtix8bMq!36X+(Hw{ zN1xX2#gKs6&9zdrjD|xH&N#P1UpVe2+iR|jX zGvw;&-H(QMatJgOkeME}Pg6RA{U0)BepiDXC1t!u95T zJ(axHJB7SM9cuifBQuctN$VVCkq($>A4}Ts*dxwe-`Br!mqt5o3rf6e(Wb%i9r5GT@DB z=3|(w)hyyWH|hIofw5&|HqKw)7)`~a$#9!&OllaecUuTZeb3+7-}%%B?yc-D`) zjeB}IX>|z|KeMPOQ@5x7Xniunarkq*>^JEw%`)h1NS-YpCB-1v-B9)`7fOw5?_Jai zcNL+>ZH=!?4ran_hvMN)-s4QQy=k&?3&}rDbxvd>#dEAO{U~?zo`76=dwo9hM%jyD zLHk;dSl1o}my!2_i)NM)c{(&kXNc5>BRB6CBX%n0jtTKAw`z@Y^uXxfA50G+Y5B)Z=d^k2+|x zQmI3+%!W5^h2C=X)H}NKLodJkPX^V)m7C@$nyM5}<$x8y2;{Sue==WJAgj~i zIK*#5n3n&M9961l&2~Zb6OX&o-(-{hC^tl;zx3AwAq}y44Sx~LzeW<;_rR-&+3DJ#0;w- zaq?x3%2(?Xu0P6Uq9AbUu20WR7x->fSO~rhO!*+!votkrX2D>1n~gGu+7679_hMi$ zQSesUxig&AY@JAx7gpMq;u{SDete8bum`P3%9E-}_e&P;_KkrQv@~{Zh6Z##h>`5Q}u3Y+Xt#l1CbPC<#6y^I%zkDoTp!`&|Cg_>v%vHO2B;+ zJ3Un@Qehu!rI4+7i>LaS(fY1T;zLkUpVgp7nXTVLs9*;~XAOLWHn@3Cq#Mgn;np^R zP>#0>ZB??~-~D(DqCa$_=2R5+Ru#)jUo>ofhf11c8T>;NFOj?~!-ynkhZfw=^O#P; zK0rpE6M1>5h*H$=NzObhoRkgrn!~?~2Cq@YQ^%1{2x{k;&s6i{f&{6lQa6|-a;C;q zcYN(n6(>&9Re@LXK2vd;v*}QUv}YjqILWGqJm_i3s~mt(My0NP`Z-t_B(yv8HNs}p zU@X2@JO-Snrm9#8{e}x-{x;<^Dh7Kt=E|S<@LKG~ka2@s3U3SIC1Ro0 z!T=*gi^BbQ*7p@Ssr1f9vpDuyv%39{jqu~Q`b7zofOPOmZd@;Sn{0Enn4@<>9L2YG zrU(g>hH>9B5|!S4m4oDapZQHgB^b{PhV#Fz7k~5`vM;8=W-$@x4xf3$iqScr%KEqZ zF%yg~s{Cnv>s(yY#by%9#F0Ms`de8&s(eQr&$W;j7rWTQP7dbor%gEW=Fj_pWp2W{ z;=W^{j|e&LhCdCZb2Po&Wx1l>3_REmVTh1=6T@erDb|q?2N@3Kfbd+<#j&wbM%}dJ zDf4%0OQme*2QWR%R5`^ALACNduzm_bDmDtR+gu^jsQ_8As>4c-MV($=fF}x4ABbP0 zuhTo$`vRMb)Z}bpJd+9s8Ua;=xwl&t64o`-eCQp7#8ifbCA?#S#g;e7ro0Rz*1aqZ0RRaC4E`Fa8l27HvP0X5xQ9;ZV)tW>? zMd?meZk3ThH0^dHc8|EgMwoEL8#g(XXewiiq^6zPt60Bhx-vTeX5#5z z;fWN08)BIoi3^MQ5;v<&P!1|p%OV{dloz+WzCBQA4H0GE{-m?al>x49k{*cfM^wfl z#bRd@VSYXoDf(%o5;^y|C3?I9dsg&rUCMPYzNdi-Xo(kDvV}}bMf4oxMlH!Ss7YXx zLAcP9i;F8cR=WBWuehBbIxn9bj@4`xiw@*`X7002vQ@K?#cC`re}&g1eKwBt9cLBF zip|vO)vvRJ%fS|#o?eC4%P60*oNV*=Fy#rLX}0)QY~H6R9m3tLtA&CscUkxG>x;Eu%QvcSG#) z1P8Y%K&FxmQNspgy&u5VLK2qpWa4(^NsDWBCHDd?f)v)jk9$b1ma>w^hDTSxTU_Wf!MOL@zSxuh)&vltK}X43!c{O&k@m8Utl+ zH&Cj^5q#PL7E2>>;H~vyn!C(s2V{#3h(u6Q3<;hSO^KW+gSknc4SR6|!7(v0GjKSZ zTS2L7W-a)QoHx!VAcA}#$?K|OKCFi8!!O~l4*6f949vR}lwDCMgHLZEn(JhJ(-#z# zy$6@o-hH6qB4Vm_lu2HB=XcQWpPxo=b~OIIG`#D_obXMeYwOZUU!95YVj$mYE&mQb z$_4CU;*rsO{g0T6!Fl7?O}kb;^1gB`o9aKpnY9NtJ1=Vcd;k8_kdD81V~PIcqrl6* zdxQU6+vmH#dwYK=@87SB|38&?y6|GZ$C^kttXRolRBn91O4BGwWziG0x&JH6)~`fk z|4_Ns7{k&L4EJ9;3hStMjzse<+Gxa9mQLq_af($87pam2V`6CAGIiE@Vi8`kX^30! zDv4n1A^kWdltQ3c@*5b0bpDt^-a+GjVLmOK)_h|NUVQ}AbmF^?$TIrB?x)hf(f#!Q zf?!JTsbQ{g$*%XwYTsqt#QHEN6$49CyGzG-;6_;vYWp6uP@4HrRS}!d>fl^GWHG_Z za%_ol*ggiHqe{z@aQm3j_p2D&naAoxQy}P@9mGGr|Mt51*<_h-(~V>DfBuWH5+~F1 zIrtk(mA$D`^V#bc{UPT>X?0=(3)hQm)c0#MP8GK>^wYck@8&_~GG81c!;hX87-;=0 zw)TgfShgSjWLXvOn~44~ooRkXVLNs~tIx)z~;BC@mUuN zT3^(9N_oYqeGaCqMfy_^<@R}0?}2hB@iQ-A`hArLsQ$GYYcCycoxXhHR&}myO5m&R z-`>RXl#0Zk6WQXZN*W=oZ2Xt+;i7!=hiQMj;kuuFXN+?kMXY6MC1Vp~Rnd%8SWGq! z3+1&fYp)wF5T+C3AU;7fRxXQJd5BUuosG=l2iBr52& zrSZ)QHfnsz0E$5Iv4JP2J72r}M@Kf?3++Wav&}pz3_%>H0NG;X3OE5j!BzV`>nK zk#ZtgE)4|`5TMK+4N4Y%SXLW%&(Ph;$0{lLvc;3`!bQIsqwT84uhe&(pl(307}ZT(KPO zQg6=@cHzAZ-|ca(F;5E=xVKeY6yErqE;G_+P`Lvz6SpzFZ@jDkmhCCZ9^$EuN74&= zi5&C`*J_cq7onSR#8NY0_U$%H*jhu46B}LO`{fV^o+YGww5Dx%C(CIfAEn>PyE7d! ze$0$A%g%w=VZHtEv~;T6lb#&3vcuD7fXy)TO~}$BE$Ztt&GCTQ6%T4t;8dCLB)?^5*aluFrXjCGh$V%O--lC z?u~h4RTj@c!bP})!ySdbIDsG|wi5W&cuu;R&#cqL+^jlle3B#!wh|ex_Y<#^kJfGG zSlRwaydN|h1%Hl<2f0s1d*x#7){N_V^9`t~0%BF;cx`gAA@RTm6fs;<{Ty;D0{|r` z?f10KbD~4BT);#L{M_8^>ag0547)u}HxoaNYVC>{GDDoxqW8;lAf#@gLbVSR zET+WzGWysXnCVz9_ymDti-qLANq*WoyS;^#+|RQ6)p!=lV@Nr4ot4=cGB;|;uUN6*J|6&7RBTEY&%q8+k| zpD=v{Dg47S!6NmMridtFr7#uu?cK`>7D~dQK_uY zm0g$S5H`D&-8o_X#W2SJ;HKrf{^+h=;coFJvUpjx!wV$?4QVF{l`!uPSWMas4~dTH zFvGrM$j{cq#&(Plhv?UA^0g_t!ptCj;gFIOyfv!;U}*lQ)-}{L2iI0vr$wAlf8v9d zJTiyzI~#hjUO)kQlWZ0nEDCZ;SVPlGLh5EW=f{nXONHJ!90D(A;&SYVZL}W+yp@+? zxL#8~BoxdF<)QqvD*$4vTQRcX;}B3gCtCdBibrI(Y>6Zb4{lMYXjt%b41;;*zHyD( zk=w;)n5*N3x}y4-DEwcOk4Lwq`v~rJQWZygP#&!Ye|n%pPPSB_#mn7aI`uR;MboyX z%m_yNo%Wo_`5Oa8Ux2n?f7k&Sh|hyn5{lzzVXB|QUO1~@Xk0StNgcx~v9m@zvP{N& zRO`$mKp)AVD0z-hH(q;W=4n<9yA)lEQbZ(gO}TVoydNg)^jcQ&9gkkJ0{78}_4zd% z1ov#W0d#9+GM$}@hY~i*K*z29f*!Ef-7eZ(U@Q1*ZNDswVZYU|UTuU$C%oN~Jqz^nx1hGlpN!X$of2tD(B6%yE8Tqd;6RQW;32{o5m{+`#@et0st?pu+-~fQ zpe>S|d%o>I*P_J&R%%KH!U_;D=n{0o&5hur)xWIMvZ6XVs1%qiQtQG>|EcCc)j3BM08qnA5`R3YW3A&k|3|EaskTR7rDJKJ*VQyb8OUE z&MNVN8so*415I-+rAuVaDjj#K5bBTLS9mFEj=o4*GAb;(w4R1kl6A;h*?L;l0y){1 zwe(D$&+7Xr$1U_!*f3$t3k^ftvhSa*D{>XEqz@6g)}eGU%v&NS>ea+IZeI_vt`U`N z&>NzOXDs0v^$al3@iIn|RQnkOSn_Exl^U`*s^_BhR9)}46jfF9Yqg3_K=Mc>u(_J< z+I_D=tdpWo+U!s{*u~pB?%&DPB>aD%&DAVy*P9*n1Y$_Ts?!C0+GC-YpZqI5`nQGu zRfaTsBvXstPwWFb4%Ry^_aF#`;qGT$UAvOusSYNT$=pBy`@w~;;Ld)2+7R)-kkA+X z;+p@(&i^Yp!9R9xh9JB0;^a8OT^isdSy1BCYnusJ*V`};K)b}jXkwbdtQQ1ns};qk zU<*xKr+PIe0$qO5&j2X>r|cegA(q+c(BUrIsMN@A4#A|u#47y5U`CpMCQDC@(8EvS z3;_>8@n&9yx@z^LXtpWpq3wuYCmegT?_0|P>s8e#) z&ev*%mKXO&i|Ef_BBr^g6%HpC?8`vkV=2JT&t(l;QPzI6dN3o{;w=Z|8}$bXO;iRm-?65?$?$ae5rV` z6fw#yE|9w>8XUZ|3^HB&X!)a6`}xfKjKW7UEDtWSm#F!O4=`qStb8LkTR8ebHh%0n z`QG{WckFK8?(DK`8cy&3ipt%q^_A6o?)O+$^epwzDOFT4vUi=awRLZw;rGuhwW8e>#hIJtg|LFv-h0YXV3ih>^bLp>iQdi3IYOy05~|f z0REdF;CdFI2EfDpgZ{YU-4H$@{vSk4NJv0PLQG0ZLQFzJN`8x+l#G&$goJ{cg7Ov> z6*UzpISnlh741!)>JK3}e{kaA6W=gWk&%$yl>RsA`V)Yf7?6sCz{8;i;8Nq@QR7^9 z0@wgJ09-tr8v^_@5fI`N5#y2I{!y(>1ppA>;u7Ffkm2D2i2i7TgNuhxKuAPQbDJ{} zOUqzr%E-heA+2I;0!M%6PozG~z~7|Ts3fAsaw z9sMDU@DFK3Hxmw5P`5;XKG28O5+0$MuB$8N8&gj_&1 zBln<++p6)IpWC@Be;h~!XDt!&NMFwY$npM>i5j2`c-6kc(s1Coq5O08-11p!1G|Nl zXD7nF(N95v7#es`ta!Me@*==A@$5+$&#K3#w8HQh>XI18jao7N;%9y9J=BaRzt|wB zQ*IFp0X3(E?4NwimmW{OTw1p}YeUSq9DTk=DRFPOw)L2MiqOZ*i=*B*L3a0^?t%~h z<1T*RlgWh~f50#qWyk3)NxRE@MAI<-j$G&d{h5ogI2)$_B}r$odRNx>TY4B{`o`=d zKhzGMqR72lbBeu~lk~iOMcR)mw9OZe`-V!d?B9evz6e80y&SEc-w5(zed7JzIbcik zBl(YyJIby{e9vaQFwH;oI->QCcFS9|PH-~l*~0eN;e!`?quv=L|1t=v_KuI29Ruh; zhw$f9_|uU7^;|&sT{4?ASQT1~rXkz~-4{X+Q>B1{&Lv;7!DwolO4Enz#t{Se`exo#gj?M)<8aKaWJ#EuJY|J#? z6fnp{J{AJ6!rfW8xvv4M0zXQ&&kB@B4nf{=&7`9rPH~%Vi&Mz2c zl{zaegn#ZW(68-GDM%XMkFbu+aEOk#v(2*rR7Z_LmPCxs^_s2$$6H~0^!K}aUv_A& zKARHHum~v1A9%TD((SkQKpo#o`H=s7TzqkU|y5aUd`u=#s@u~5QHUvjVv1Y;dVbYhb4D7U5ysH9+$j z*z8Iw@ZoYp8v){%%N$e(;l@|%(vjHzoqI$YSZP3g4RGr3t`5@>`dM5jln@;D_Z{-xPQRF9g3)ULS72FSSRju<0PvK<^cWhbskA@(yDY!pm#XPm%6YWGkkF8^ zhWpz=zXZNGF8KG-K2T6buwc({wu^7(#6V*3^ddK-d;w!cBJBI%y#`sev1mY-GVGzy!xC& zF)iX9fxaMct8*b;ZMH3cD4aOS$%^Fhr3OdNtf~7c$`LlU(efWeBkvnW62R_y1qu| zQyBk;_(2}zKxeZD=drM5mt1w4PF*S9L(G2HH_}P1qvdz`6F!uHZ#ebf5gs-o64P1t z7QII2bLW0AEQPd~t`Ier)eD-9;N_P*VAre;?Hh|Bjm_IpdGkgns2H#Nw<9}&shcp> z+{c-0%{Q8M*#_lfr0FDuQVFE;^1Y=UvK)pcA7BEKTs#E>1L5Ha_*jvkEF=FX^{y(P zrsnS!R^&OzCcuLOzI_T?p9u-VCdXN0Oz2iM%Z;I#J(pt%>zNP+k24hexHM2yovB)Sj`SelE!@FJ!U-e%<$H@uy zu^@Z=d+tj0Xqrj=7HhoygJ@g(*SGGtmm)f9 zP33P?N@~LF2`7p&^;HX+OjLS}6!@GQSFI?Qgt?ZG$+b-M!9% zQ*e#cD22rLkX)q8sjt+myz1T}bn}(^0@tNe!Q^PZkyE`l{MEBXA_Hc-9mfh1M&vXEJ6Q;nBJl;=G<{@GB!$l3Z!)%bziNhH?FE!f94>&;L3=pyXq^qeUdcn z`Ow90tceRB{uM4yFN`V<`3Vb-K^^9W&D&!=lZYyss}Snz5hO!H(M92J8W-CfX2 z4h@d0T}Tk-P1Wj|g?_PvnZu=ky*WrJ6~JKoSu@K9UNNY_Y%O%mk;7GL#w7x^%x!g^ z5=v_2lkM7H&(ioku~b#M!yvLyptSyCB&LR%H*`j>hqpFiN?SVTa5j6HkdQ@MHo+Gm z#dyBQu;|$i{3bo;>sog5`t`Grio9KSoiuTNlf#qU&z33CHCqJksjJ*E>Tz6x5*C&P zahk>{@nMt-@0`#te(G!WYEOYhhDEw$+>%tYV>t(jbZD?H3N`b-ExOO3xp(h!9%SS8 zqET-Ver;jFE+qd$y;(s%|KuS&!h}?0a3Zx|nTT5`|&dQ?UB-d_;5`r?E*U zT|wH=GGFKmW18)ls9o}CudpmJMls$FtjwJ7G0ys-vn;gO;|8>H=9s~FRYC{c>N=l# zOE)<5(xrHJQN<+|_$Obw+l)&i)QdaIM{G=O5Xf=HQf+&!N+lvHh+g0+>g^&7m1#1T z9tCDePLAr(rkR)$vj21VSYAyS~;T`#%e8}Nu*LMI7xa&Ku*GKw09oFY5 zgxyZP01Ad)ywfD=d#v_fcQJjQU*N0?m&yG!yoRX-34>tU{ais&_f# zv|wGkjKs0y&{auCphJBYLNOu2Izk{k*=how3n$3P?$>Du!3A2AQ+cw+ivwb`>6>YF zFsVPZ6x87ZF|OY3H;%FqCm0e_%5m^sV&2WwrGG z!D?+S#tU`GiC;K;s)YN@2TX21l!e}hI=B@dZ^^LAL+eDhPzH+y=>{Tl4eHA*uGnF| zY?-$;-&2294aD)Rp%bU4hndYm1g3y_Sq6CT_+1-B;}gS*^@agVKTBeup7AZ>G_GIq zoEAAxG&#*$5Xw@B!0b)bmSSE-a!p_Lb}Ey@DU-XoeQFhUn5*9ovKGLTg`qAPjm*n+u zCfmT)Ok%OA82boGCnRl?#DcQr$>$L>Oa*7+gW|6N;o~`QbYW;pvj`I!xRm=8K$ z1M%ElPv|}3v8PLSh+Dz5)6|6i)qU;WELKnEEy|{c>9CPoqUG-*krYB1)d>-Opjb;( zHGD%bJ0mt=$R8k^2K>Tuco=gEQeV@P14W>jzh*p3+i>ZjkbNZokcIJy&Le6f!=rY` zjIDYJ2CA(2yYNxAe4%8lU{RWTcDMB1Dnm3>9h7t`G_1jAzbMiJ@2dMT?JOnk(?(5^ z@0Bj8ac&R!vesUYpxy$WFnR3nhZ8m4#c_UIYIoz`|9fZsk(gWeW;xaUpW}gE-?yF_ zi`vtHX)>MCq<_#}0~}4iKR74KYVF#8cbQsb*|IBora4z^QzcIQ{2I{ne*68>V(;xo zx=P*SmnQE=hW&qD1B45=?o%aQ*_cP3J4$YBUYL1svPZH@J-J?)9&p)qSH#hG`jQR_`bZ7JY zp{5l>8!PM0>+6QdKXZSD$rq?&eOf#l8H##+`m}l@GcOa&+o0dXMU5$2%QueK>sJ1C z(F=yR?F5eIE;4I_GY1jto3dX*^+U@S=)e6CRXmCH7VqHZe{nSfRq|N9;J;Ko?w}m} zC>AE!cbOL&$ef%-H?|ckX0O6bKC_{lPxz4eCpLm4O10FD@OFrNiKfC z@&UaXb9uk7E6?e2W!_xqXMneWj%LXKCkJGLOFJm7uZ9zWF!v4@C&OGXE?~kAtCJUK1{e{btd%pT01*3_kF@{v$ z;$&IY0AVSvksIO`IT}`Gh<0lU$`$&VzAqX0_#wwJ@qyLtxh+sICPp#4jY}D8|M~Ib zmZnIk6U+(&ML7-DIg}uy$C%v?GcJhrqImLj6;p4kgRus3S&DHy$^HsLCcjmrh31xl zHhKwD6zk$`I-;uYvbPMkdb_E}-|a^8ZC49KzNDT*iQLnhbaw`>J#@)2ys ziLG+&NuNpJaTX1I8ec3wVU+*M5fQxbX{7#hTjSa^J^S79^nA?fl8Irq*G_wkT1L z2-o)Q0lZmPIV<7Ro>AM}w-SyI5W5Uuws%p3zve3Pmc|#|mVm!y(lu&!CuWdR#}Ec#?ezSu~tSd_7$jPlMLF*Tn4o3D3x={=l1MQ|KL zHdAm(_FLVWhsgLwE1o60sh3~GE7j=*MFkjpA*xg6{o@~rg#mv~jKZ@d!PkH_y;!hF z93t3qqV@w%{Nd<)LX!8Dkpg_~j*fip+!O#XP`=1_4Va~19+*#m3ahKZxKCyY7O@s1 zD@;?&)U%Qg`6cTP4XT|EK{MgWn)B|tA1^vc;iMEfzs-o*Dwns9E%ln|J;jTVQb+KC z@1dddW$vI7NJReZug(c!t=8PHB4eM>dNG=wwcFUlBPVIjZi-b@J5QmV-g{Rh*P!xv zog_xyS>c(j{*YQ(D=~sP%dKl~wOmXTcnuJHNc((^ekIz|-_5{ej=gP7z0nD#1PzK( z{ZZ6ln8JJHzd;-x05(pxaEfwiam#%x5;2LBE@gGxqz>hPlAgmIv2Us zON!(_4;N~eoP0T_)Kfp1;}dJs5mx)M4L}AM4A-A2D=x6i!?etLh8Tv?RB9j=r+KrT(2?8zVixQfxa)AEa zV75%Pk^#ylj-WHOopUll36k8B192ifaaUo^WyOw@0nl&DdWQ{8V=>I4c{>kqRG(;| zE$bIPSjwb*Hz=OyT+8VLc~2@1{k#rZUdWhK7zl!40LY^);a*i``-Esc06 z?ZnkumP&9T^9`eFx7z$vEu@2*&G%tuceI@YxG}HS(I9os;60z!A(tpR`klF!5k;$z zOm;Jw7+yu`0lzBER;-v;q>IgYaQS^6Z=76f(&55nVTl)q2cCqb<5-FoUiZ0*9_>_f zhwtAVa{84-jt+dfMC28BuAcOqyKh{oDnfa4Y7@NN^S8*uFZoX%6*G?%T1ZEAWh(s| zl69S=%)gB`jL~w0J}yZ~)#gP2vwNyUqHBLeGP*nM*wXG1-|%m#|lr49Z68F+@wkmiH~7y61-KLt_e#PNt`A7O`Rby36L^Mmw6V<^*?i#0^n8=0hNY6r3#*Zo-2CnyMTt-Vo zPChQzhfl%!a#gUE6#Nf+9ed{r_dqwkS;Jma4eAu8H1tv_xUtl3taiLQnw6cf&3w@H zGS${?G-ut+!cNJ?%wNg;eM|o^qied{8?j*P7;xQIl>^yZaQ@`9bbI1xFIZFvm7kCp9la zZhi0*-f=mLn=Z=jU%)OV2K3dENgn*gbCQhgC6Y($kG3Q<<%;FaieVPuQY23L-0h{92Fi49n<8hd7D0OFb8d=^8M6R z0PlUx!bm`Z1=wju&=lnHC@;s zqMz3ITfM`;r)gG<_JrDJ(V{hq17=?rlh3L(QT5Ir-xLaPPv^mJfUE+rCRgpyUDfY*OqGYFHXx6M$s zBttT5Qpedv@B{8aLepwVgYm);V}v{>;*bpfsYHy+d#}EFX7?1RAvMm_pgga8VwMz7 z^(@#Z3JNwr)9Cbb4~s-=&zKvfx*pefJyjaXC+n&q=iHGd#A`nbZ_}A)EFW1mNsQ9) z9vx4368XkK@N`8H+w14Y%o_hz50QEiuNR9#qo|2}fc-ExFX|Vks>!U)1;6VDN1iVV zLOP@LYE;tQjW`OGC{s&G1kSRaz%$LMR}B(J6tjEP1Nv^=_1C@2>Uv)(Re9`kEYe^4i{A`o1Z{DEm@xu>}#ZQ#ay|VfTtJqdF1y<|aZND%Z+BtJFBcysx za@7e1%{Bb;eo;!i!l$M7eeO(F_lAdICWaJt=nrmc;yZfX;v{!ESSkoT=N<#`e-JF>}!;|UE#js>c6cngZZ)kLJASvKpOu$p_e^oGTD!GOxO$`u&vT4+jt8d zzka@8!h-!#wYPa2!T)SaIED*DGS%qtc4h)zU4PVoc0k#Itd)Wo@d|7=DMb~^9LZy> zp5~MkX*#c^Aq5|;?9|i^X+~t0#}2XU z9a2&d>bg!9b)wP2qzQz*cWFv?6%PW^T3opLZKv$aMRQT$J2d>%xkV_`Jh#RW45{m_ zF@9S+5vwBnEK#+}fLf3*UJ46FJ4p^pN;1#=m;p6x1*s^N0x%Vyf@ft#I<$*O)k+?4 zSJOPW{7hOL@FZ~1%u~0mWF<~U$5_tl&|I217~+Q5WL{#ZRt6N1W|NAhEQDD+B!@OTe~nLlGv4;`LS6f z*5#LO0(07-ty*KDLW2=B9XEE&ek??8Gtf|1L60Z?(f9&eB~p65f^dllEcGJB;Kf_< z7)SIcU|lK|SQ4mCEA?Sb<5QaMq|i^sIv#EJp^nkYGHLzH#e$UknuBr3n9fOSH}Tv{ zHXBL6#)bZ^c)u$bFxVjWJx+MH z&I4Y{?@5qYriIfIzrhrD;}Q1>YLk5ZTq9G7I*hRwX4MiVBbhfg6Lr}EahH_5|0_zl zTqE(Ws7FP;-;fw(+TFX)=kwO2_eva>$zbU?Xlnn^tuY~L1@oQ;jc%{p}9`8eU-oRiSE+xvVGIqx6 zn47}6x+f|kWCv2+m?jh=1T!&tbEev4Vp`w zdh0x&Wsf7D&2{lmCi}gQ$7?CK^vuxmMS`?G;W{yjdb4s!DnH#CPP ztKZTqs@_vU&>&ZEpV}@aPX)@nCC;Es%kb*E>u!DRN_YZWpZk)@yN`1?^{B0(5;lp~ zck~0o2!&*ue;v0syf4$vm5?UR(kUA?ApCH_nyUMv7_2HobHr1q1xYkVr$ocQ$>*g2 zIQX8Lt|{1HR=q9h@vaIf(%vy{w?3HQ5}(jYAY&lko$0l?v|dE(qez{mlYYvKB`0Dl z{oo1C<^thAjkO`+7hNEb1rb|eY@v;<%yC0r_-+sGz4f(8jpg?OV?}%A_oSvhS7715Mswo^?;G}Sp=Y5DcX}oN`Sq}nopdH<)O|JA&3zXLF<~Qg+Z=(4izP}!Mxa} zzKB13Pm{J2UT7iUR!4Iblhd2P4a{)tsl5MdEpyv2K!n&oJpfC_C?=;<9o|jhnAI|D ztK!p3(L|*-=i0^D{##-!#WzZCf+Xl8UvFANq`&k zXonrefuLdkBCITfhnt*V^EcUV3LUr0$MPROihsndU&2HMJl1NefV%BPSn4inKADn) zRM1OIAM4V6FC~vZbGC_UwF{N5-dG;hijrb6Y^WOBVk`*UUB3Sjwg{*!IW@`>CEu=u zDen<;IF=k!HKG)P)fJR}AAz6E`L1AN zW^q7N;HtI{&_=3)tXdlu4nu2%e39l=e^Je2FnJkg1N^X9?-IT=T`jan6+!oFS3 z-+?RS0?Sk6R(?)~bNC_Knx1>g7SUHl=0rTK)nooeauWK_mP*k6ql&&ycZx+)s}zR_|Xm^60GK@7PDNL~XBBIUoB_jOZc z{>LR;g)PphY)|*+u9C|H#%4vDb6TuE*+P=bln0yWTx+MUj#Ske?y}Az zY!+SZj*Kl7z=nk4c~z(79KZ2jO_YCq{qvSaK+K}Vg|u;l|BS_9Tm$s8oi*3yH2|eN zsoc>PFVLFmA6I-{tel;3x_M=4H1>j1_;>#$NMM7`UYJ!iR1RnfIP$ zx8|{gYDGqnGmlthU7y#ddBqoXnnr$^j&em>No4S)@>lOKU~Q^IUzO-iWM6dej2o`) zBcAo$U$Y=U`$Xkmsb2#uuK|=-T3P3az5C@`C0DWji}`0(`UXEj%8$g48MD(&(n{P& z|0=Zpr3Qav$bJ4xU+j4j%~a34dGgImQ2X!0hi$S^epTfZDpzR%Ypr)ebpOo!4U_;& zrdR?u9+b_WmGL^qKqtx$-^)K-AFaZsK>F2Sh*qO>eI?ez=?wE^532Flq$8t$yQBN` zf6vdV=oI)*riligQCkU2WJ53sGZBpYRNfu6W{gIR*{Np@3K=ljfk5UdK0V!5!USbi zYMX{`L|O>$o$CAJs+daaAGZ)>4C#sz+su={7nB)?vvwB=t^qke%&uex4_KPr^q&9d zE^&Nx-wzX=l1|a6 z@I#Bjks<^84u99fmub}AWg6H?VYKu(T zJiF_&t7j;BD^^PLVn(lWxb>0Yadye=5;m34LWjoz5ZjbFl2++=9Sy!-sUjb~O(-gC zuK?h4l$a00$RIZDbf-rNyD8wd1LPYQ)6_LYzeOca4LU_A6l0W1Xj{h(L~&d)#obHV zb@@0YG-Dp6F~9oyLZ|cu!ZnJ>e{l7bogv`@mwsBEjN!I(AKfLg# zx3NPWk+cB{k3NO4MmTp25&S&CC52{K7 z6mPaSk8-M3T!R7oTqV10cA{>4p)=B@r;$~h@zEXYJM%M5PA8xlL{Rsui%TOf%!hCA zM_CLOFWw{QAe1x)0^3rd9>-0|--9b)85ZqR<1BjKN#c zD%XIdymFyk`jyh6Qnebc*@4Cxk{$zVi|B+LE9^*q4Nm~;K)9JmqLBHNxnX9&DQz@T zBF^t{R~l{gdB6q{wSo&@WEOkP7D?djjuXOS9bj6& zK?sA@z(vk}=gQi7y8!erIn6_5*II+3Ejn}ach$jH7hn4AOe(4<1SJHZ6RZ}VQ^qo4 zUM|SW{Ly%oOP@>L=aDTGe|Jr38!FU;~e#!`VM>%Y9b* zK`A_|SZJ3A{(vQ0m{fQQuwz*XxCRVvqUu&I<3iBCJR&v-ge?e4w2l>#kT?$7-2sr@W!0CTWomF#a;WrPz=aC+W# zDf>W{n8B;8=Ip*nk>?zD7F1Yj5u;#{VD(aMTe|cMYh9I;)P7u=`z7;pc~Gu`Dzl`` ztwiAzK4_tJ-%JvDg6yxP3eD)Ium731`#1K){!Q@XFM{$%C)n7AkS9hc`2N#r_jq0- zbI{lZvNgUJj_Zspe#yF(8Lw*fg9dl_5FU;?8=N!`VM3asRI&Q>yy8; zlmWxJqKiz|fPw?FE7HLqv-Pfej(59@F^>+zf8$`2_oJ@?V?O!cN){=a!tmFt$o(2_ zmO6pBPi%rNzlJY0BVYdgFcB!}0>e=|uc>nJ}nb%9@y?ZC0;3WBlyQX-5nXPF3wr6{B*SgMuYq8G}1i$vZwaevbCG)zkIa*Wc&Y6C1eY4!YUEoY7EX# zuIkH}PFZ~GqJPFxa^1q7KI{z1=wZiKR zPkDz!+T^bR`F9Lge{c63&TQ+6YsQa`jC_T;-)z;*H{Sa+b@Z;?*UapjWhU%8=j}8WNBlnA>0#WasNM;EaneVr<6s*FssicesLDm48$(UbbCz z#xYA!FTG4-3}69QPlk>nXme>L?vDV`m3 z_POxi>WWv!mG|f20itUkPPVMPSk#gS>7^hrPd#`up9M$ zFI4gT7-Ksdc6)uIY0XvX$uBi&XN>N`i^9C_ zRlS>@vtz3%-h_CF6m_r7!<1oa&!s|0(*PwEd?-{>H`}EZANI0zO=@<9bdO!;C6J)({awxPr*6vw|*1Un(yuyF9 UU_5ogkoG_O81mn7wOvpD0}DqCCjbBd literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/time_sync_success.png b/docs/images/hedgehog/images/time_sync_success.png similarity index 100% rename from sensor-iso/docs/images/time_sync_success.png rename to docs/images/hedgehog/images/time_sync_success.png diff --git a/docs/images/hedgehog/images/users_and_passwords.jpg b/docs/images/hedgehog/images/users_and_passwords.jpg new file mode 100644 index 0000000000000000000000000000000000000000..391a7ab8aa39f74c5157068a7699fef11a1297e0 GIT binary patch literal 91149 zcmeFa2UJtrw>KJk5s?xElo}yGKqP?l-oell5Csbzln#POM=1e8dY2v`AP6d5K^=;-Na=yCt1IeQa=v!5g)Cdd6C%{hv5xbFgdoi>4J$qAx}Mu`Y$L4>pf zM6?8_EuhOF0uT`a?gjeaFA`ERVj>E1+<&UjfIuXKxKAZMM*$+l4FeGn5)qStNNMTl z!DI{<$r-O0GePo)IiYY-MI~f>&fo~Qh`5@$)uZ6IT*5rpRh3b=cVWT(+}RKRr;i{d z$Gr_90U7RpH^K=YEMTC2IS|VDIJm{dt`1z%W4WaLIW$J#`vHR*dEPQY8`d0Jh z>z57Zo#26AZ*7wNMlCjq>N9R0m@!J9kNR~%LiWNFwa1=okK_*1I!B@t2Hjr&Gx(p` z_-AeWckUGDS6^+S&o5uPZU3dl@~)`!L9NVS^0FdPj;eOrZC)#pr^*C0wEdf)842;Y zVs`$V<@@DRv&+;Q%2R_c&5q2X8!+1*7K`qtKg6UbWM+0{*O(Wl-+ejy?!;pxXRO-S zZ1KLi@4`QW|Cx>d6W7M<$11CrGUDlW4#nn+F+PLMOW$_XEHa3x!x_XJ9%je)(NYmB zsLMAI1u~td-GWLR$Xew^ z_r=yLu)*<#!ANOgJB}~kXq8#|l2jUxq%=U3kSk%o37+YI|A4+V|b!VC+Uf6-p8guVAmbD!tRw5{^4AlA1`GN(X4L$s2B2$Vw%=k$rFIV3*k zf7!AF8;VG@8ZL^kxriRlkBOUj4Qc&aO5ed z%kC7kek;-a0qPXQ@I*8D_eza@a;Cgi(R&f5-JMjsli&64E%ABN4=4}SL)&8nN`5=l z|0uTaxqahYnVkrGhWJ%O`sEdrIL3nQrJJ_=bW&1DHOC7PHi&7Yf%mc6cQv(!LFYZI zj?}KweK5EyJCY(G$dW3rDT{;(BvkS!w>i%kftUyPr}rH6jI3np>JB^UlwLapUC5cl zrkWR)u1TWpFxIKIZ{TyO<}!wCd^^P=%aRF|m4iS1#*Ai+<}a46w^}TQAQqI)&%4K3 zu7w-1=u9fAqddd{D5Fx_2w~_xZ7LC_`wHyal2H^qBt~pyEKzM2<^8q%f|0={dRaN6x+y?ro~BaQv!_u>Ike@ALVqv(ZI&<;TFs{TC8NW=}!ax+UB9=ckW$cTQ5|H=iBH zZOko4tR43p7ahs5lTEZwZh7zfG&ZxlZT87?rCUyZZ=~bC_p)6zk@XE}#0!nzOUP&X z##XQ_vubO}T@6x>Og>NmH@xK|Lt;cyfhKlRpN%Q(_^9`eUuON|HlIertLJ%?PK2Xp zAFdd!mTjQSTqJWKP&>@0Udf}lu!2?*ZG9d4lvd<0EnSV#oJ8?nRqM%Qt5fv%9YvuI)^joPsu7wXZs@KVdcf>i;$A!b@Bv3 zf)T2#RrcuBf>y+F{aA4q)Gi{%$hxpUq%gt@vpkP%QTZIY5haqj-K)V$?a=vF^6TT$ z%4LT%tAY^iySG_Q-QWAb_xLXyDP`8oZnyc!FCN(7CYa^PDah}o|8V{(=;^f|nf{D2 zcb(R4)^xva?#nI7ZA6SVFP<&fPDnfAX11CG-;7pOhYCAUjhl&5 zCI{pZf-J&6afXo~U6aWT`4XQ)7yaY)_m?b2`$w6>+6x-2;meB>I|D=V&jxnAB2aen z-+OBvRkS4v=p6;UtZRzpWUTqnc34b<&Q7$%Pp={Qu)$rk zixH!aBMhUu=#-tGFVzzRoEx$W{`up=Iat$y2 z8Z_@j7hkvYrdl!bTbM%^Z}}D-NnoJZ-1T0Q9u;l*+3=eEmVJNmTt|)@SR$_XC9yP} zy=+wLq{Z2~*H;GXhB;H1wXT^zmkelx(gPRP{srvcG z^6`WF`}LCjnFn5Ow9$y89^JC|18ZHkeO9*UUEW3!ZwJ-s3&C4qNBWQKutmjiq+z<3 z9X92+8%pH5Dx0gRo*HzS3mkaQ02V!P&uC&dB!ONa+YoUi#1W!MAAbsZ-$Oy|!h0FK z+Ux!BcHPhK?Imh5cat*X{cwvvx~w3xEDnm-eRKDizs4`ME&G(7u&OhGYtG!@d=J$M`Y-+0d)+M=! zoI&rkv7FkKEkk)HG3<7Ds`&yc1uHU(g-r3)?2o`{ugBoM_|5<1qn=;cf6lHtX#4)r zn!cI)eooNf1x}=1EM#-5@5Y!lm;F|-P{Q)^*;sCNBJL#d>u*MuoEk3?bsYOibnLw z%(vLldBVK8EcduSbeL)HZvqyYygP`OAwg@dqBh6I#WU^{XC z-#O9kB5VzQ)jevmvODl-dA{~EjT1)Y!MUrbyi-uI*h&qp=v=yXbp#Or#l~fA_UA51Bkww8`h)hmUPHu9w<{*fU zV_1VMB3p*pqtRC+ceYC*ZfwKLY=-h>*G!#GL9D;kLd|~+`YkygM10R%!`r>TH&l--Cce4(f5fz7{&DcEbZ(S?&KhJ;WU!gM^GYrI@cYJ$iDeWZ@8h>B6u!JS<%|bCG=tzH$^TFR>GCBd&3BMSaly)-|&_q_LSC%w}zA z2=3QdBs`&1x8LWv6>6t}(0E{W># z%DqDPUtYVmbtCko!#g(|wxf`x#|x$;Aq>RlABw2hr|~YW(%uW2rM63Azq=XF+3;GL zdBO`cYFv6G(UbREKnlV>5T+1L`>aw#tIo@<;A->Rug&VzqM2m)L)BFlAm87~<=jK| zk`oU1fj14^m?8lh6Cs9^LmQnPiA~?5*pU&U3EGOAI>U0ZoO6EucXfI9IOW%3WFt6T5klFeNjpJIb z7**Hg;AhE>pwj5VEM{Q>;-;B~LW(A0vd`>6<>NWaQ>BYuEiEeMZYv_Ii@4A`K4zVe z)4%muRF=&?wFq1Ly%&y98P%?CmB5y?c=7a^r!UE5Tf7QoHgL1)t2bq;s~NgOQ(+lT zjI?%>C5q{gf;P!l)7?CY)ix*UaWWb1B(7V%VMAGD5C(-N1#Bl}A>!~K13a*x}~_EwG$%2(Js zzj>Qgm+pn94XTRTwC|gznxkz#fcM{kTXavXp^cK!7iKm@>GMj$b4wdxGI%KCV$E;!#`e~^HkngUcWZe1q0Jb?S7y0i_=$hN z?XG{BS$Nv8y@OZ1f28_Ynm$UjRT7<(ZqtfF_AjFCQZTkl&&toL`$*ssbpOWqtco}WuO`@AmuNF85Uo<69r z&-`Ad_KA}crn)Y7Jf-fZZPnZs!f@F<&11hX)$O{PJqDV(QqYyMITD__OZg1~Q+~c6<_%cxq~TZ~fm7@oz-EjgeT;SAa}1tLhBRzz=)q1!eF0^$8{T8Hsf zoKk+WMwc^ujW=E{cP5>0&NuE3xpE3BEj9H^hd05Sguhn(EJ}4dN;w6k_nd-8a(_pq zRZT@Su$V`~%=YcOCsPCm8`W1Bd$rMZu4W5FM&dR4cu~#Tu z`4m!kl!7atT2Nw3>A3QVK|~y`-QSfQ7M6WhKK-|@@QrVo5x*mF^Kdk=VXS`i^5}-3 z)8111;p@Y98`h^F-L>UY(0J>}T>G))JNfauC)Oh~XNCFA{-fwObA9p$7VMw>9m!^QwMCdED8;!PM!Zk4XuyD!U-Asv;y`AV!b@*<}L(|O@Gd=Q8g7GgxbZq0EI?^7bvzl$n zNZAX(tiY{`a;D)gS~s`g0T>e5z6jG3_}%%rEekgP#krO~Uy(IhxtDIs=@(ByF9*Nj z0(Tv~IOfyXme(nWDf*pQ4%QCs#-J+EkH!{dc7umS5Q8IEY;JV*y?Nm;b(XdM(!S8O zjmuh{C1b8+>78Y*^g@I;Ggvh4(~}p<6%VeKE}&5QVd?Eji|n7>Rt__-No;36I?sOK ziz{0mys;lSD_iWNYj9-?Le#Ag>1kkm7n^PuFR#i049X0E~Vsmi??X@oXlI7t&xjQb4a!b*_8=`Z* zz5DvkzOb~`=eqhtFSZ^7DXJ1(vX9&^N~u9R`r%qCs^p!57o~h`o*P!jY6iC~jG?W~ zp*LSy8j-wAGSs7l*@J7rnQ<&9aUxGle8PeJUAvzfTKnZEztE&A^2aQA3$(aA)4bmPy0jpIgK zkZuod{&~{p!*=1K-}F%r?sf@SZ0g>Aks;4ke7>)t_*cK%LU+jQQ1N0j?I~!~SWsSv zX@+Tr`N#MXvRCpL7g+kN{l72zU%{;X%Gn5I%9)g_IR#Pj<;s`crFJ>&lQ~AU9ov&5De@3ex?tMvlFNPV7Xy0$~Eqcdbh%ijX z^0oP(P>7S8n3PoOs3QDt^xmClGfxN>8>zA+)5v@BCR6v*!Q=M$qt~{$bMzaoeP)(s zgvGVbnvuRexb~SjEX_>^*FHn1q$OjP7ZEBddX=BY^?_Ie@Mcpp@Sw%d1 z6E7@Smpq(jTD`>5>iBvN#K9~_OQlTn4nS^umjCh&v$q}H_-%me)>g0uFZ4@1Khm8M zUo%l_BL{NJyC zK7*v|Ea~^Xm3$&Tc6To6!tskebvo1%Ub+6ieie9?6JWdOdEfjKKIc==*9(eUeL;&j z`q=-oJW)*Unq({%wf;ezWa?P8OJW)3}2&jHtN$ zwB((JhnZ`gp}W?HyNsz+tw|Txc|djrMv(IkZyiw%9&DFPsn%3K>J4@ZM7ZX03quO? zpbQL%#jV$zO;3fh8CF=yM$+SMeHz;%(_ZsVPCs&c|J7!(R>E%eaDR2aYRh$Lvyd%j zz}KYn`YY`+J@={6qVWDI>B&UD+qoex8_S{^r2QEMohSnzyHIb$KX?3jae7SQ{3;`< ziP-j>alRD&H&M6JaYR192UY9}D8>q5Uii|o%diM@nU&Oq!fos7DD(0wJ6 z`I&m@)|0XVm#FBnB>88GxdS$vztyS>N{g71({AxSqS?MoK^)>vAv}7o3cQ z=aiQ8&1$WrluD6-LUgQ(@StGztS*e#($sVV{X45pdvQp`D|3x*tbxpC#>W;_hQ}@j zbSueSF?XkzNS8j*1vVMrU^kJArnjrp2{0Kq!>(5j)}Y>f^0IRldB;ehtj<+&wd+NE z2Ri3PG7=?{)YcSANYfSiw4Y^s{MW}vB{f&o7K~6On#>+r>M!Z5Z-(WR3Br`jM3@cu zkA62zj0NdQP%6;91~@Y`0LM#MR?oGGjU}fTOq*_8xw2lvl}0$5SD}Y%LlPu3(=qD{ zTZ0IhC<*V;vScUA9u23DEN4L5^A3YCzv{pIZg=Z>?C6ULNqo7wGGURsy4XLf$61}` z*@MlCm613On40l$Dp{0-o2>N3hkqrCPot&fOAACB7FsbNI^&DOXciG6NRACb&dKeV zS5qIyk2DD0o6mGZr%bhW3zU3Gqddm#;`1G|W6e0|1d1Y2^gStB9-_?_SzWp7ng@Nd z4Z$&Q*DD7H;Mxq9g&LKbG1L_m6oo66F&-%&A28H%Yha<-al+>JA(BtqsMmLwuRmVa zEMJk!T6w=ACJ&$3VY{7amz`fwd+5pZ?eM^DA4%>Ao!o&HaYa+h-xIH9y}c@_gD~=T z%ZEHtScJByXj#vg$A4#5H59gj%@Io)aweQ-3p&48Ue^F|y82VcnBfX@Z7iLMM^acY;3xeXpn7{Vi3dHZR}hWzTdv zR-mIFCFcudk7}UHIFtm5FFxzZsdMjge`Z=lc#lge$by8JJSHd|1(I$stw-P)b@F-vy7XTgP=y{qk>^6^J!1~_H{;*xCZ?qmkLg;SHt zdBk=xf1Eo(ZTs90eyV@HtGD$XY~@M;gd-M>SqVgvq^`_Bd0{V8vr0M0OmlQ^QgM=Y zM|jc)hz=Lil2(q1!zyc|&kK@1%9-W0T}V`|F`!GKMHA?)T+Iq$`M5X#XC8RX7p>x+;Wj!=nTE+%% zybgWwMT1KuOEd8q162wOZ&ODgd3Z~R37ipRb$KS6(t@0ea~9|U7c%ECEsTxT*qr}K z^dxYk;Z6KPt4)EF0golM!9x`lj3X(ZPIf#>1Zq&qp`0MhtTzknR@DML!-7!1ix>8r z$;fjaB&0>yqlVOVR1~=xw1)``&s`sGLg=AnuPd4=P}iuue9ffXTtEHwa;fH#A@ywnw2&(P0V%WhkfRXtj)jDPcb2& zqHmnUz$us#S;TOBa?jC0k(Y&pgQDZX+(tDQ_zA5Q+{J+#_ML0JrXyB`dU9|~p!8D* z;VmnZD{0G;&*+v2(Lv;4oMjOWGcWXisK&RpzKt&~jH_LSXwpb~s@qo78FEnAC0Ir| zr7wYRBvZo3A)L)q=}ToYD`K)dxGna6seMWMrA4>fnyBd8Uw3upS=sLj`cnqi)lZ{k zQJwOshZf3i$2$qDOPwbZ$^L3iWr|>cOY+y#n*GGp$eqt`<7Jqye%9At9|q^gORdnN z7RXhbf(B~hjU7{TUKA&AAc#Zt5cjeMzk!)N{ouzgucidpqEWk!r`UDbj zAl^U)1r-G#n|k)VkJ&HcplEXejNsM0d^44dQAs+D!0}pX)r7GW&<#W}mz&SBP>yMn zzMdlO1<&oWxOplTNO-A{kUqvlPzG9nk;t%77M8UF9M{q%BoW^S~k3 zwfI5d=Fp6dy&zpkl&0nF1Wvvf231a>LafcT=YiD3oC!ozS0}Wa-e^BmVZHspwCL7K zy+Ad?*n`Myiv$zvB@IfXq8?I<51ZXPGp9t*XBlMt=gXf=q+RUi@n%M`;0^s6hJ*)n zYGwv8%TL!YLU@b2(Jzt^ZAkRVDM(0MEGwRx@CC{9-|5|Vgg!L$2vxUqjvJJsqQNmk z{2_hG4A;>xi6^D=_4nFU;%H; zWQbcy42O{nEuhtS%~gV@{4u|{elN34D|U=|-nRY5gh5vzxo&fHgqoNTe{!$TsO_1( zj-I5;L(%JXroe?_SUy_dE(ZVbr<8$DY-3EKSwGPDym8;*I1e;c?rat3B*^V;m@OBq zF17Zy%b-fHQ}6}FMPwT+dpoumw*B- zH1J86@fia&rM@If81(!<+Be_iBnM2fTe+%aBSrtIDS>q1zGKTVb^CJN9CUlya?!;A zp5`FnA$~)|P|nAXs!m3z$>mc!O?SXE!`jZ?JL)5m-nxZSaaLWrJ)Sb{DVCF~D|YJ* z&l{xVFb_|zk_AuEnd*REzjAteY20?A$c*BRfCBSa#M5j`l&TFWQp-|RA4y4(m(o2m z=N3qfQr5}J^|abj&wo6Y*)yLSGeUhT zAKSh!6PD4OTW4~0FbVv&r=s9m?;ApB7bywoB1rk>FW*LvT;7P0h$nU?#s=*VI-hPs zJgKABEUVN^4Tgog(i_Ek$kTY4z@VFid>a&kJfNFKRbyuz5M=4ouZbLgbU-R#Id6ht zXB`kM3GonOannVzDHN7npl5vHft=FuUJxPTEpH);dQyDxCb^0Z7YqgxC*qw3_gOHh>R<4Bz_wAf z0Jfs_E_ZU^hkd`f_E_kpiq7odWJ%(;ZuBi{6T_sXuYvSdM1%q7KsVSv`#d`o&$Fzc z;5w8g|7sNRmH|sJ*IniF?hdMn<3oEQsJzS`yf2uEj6-j!i)hN6GMye>(9-vbgNko$AKd1;3L{d^H zwJVy+mK>bhb<*gxq|@B>rmc9zXbVfROiTGNj;3T#3W5^VA$6dzEZ0C#R&qe{2l~mR zR(&lPm{snS+#c8Js!f!>gW!pwuXgu*z+Edmmza`>Ts)|} zr}9;yDT}a)#k*I0rqVjg#mkn1+_U%cfB!%yX*;_<$9q{sSKOCRkpqsxIV(fF- z>swpYmEkBO5-VeA8%k0ArgH(048BvOGIG9s&B3D3YDi_v`qf8&<&Nj?(NBj*P8;dN z%7XrTHtmPo$6Ca%(tKp+OszJ%HiDg4nFd?DUAme|u*(l;)zA_I&eUCIiXuu2Vu{2= zVNBTj&&i$wjQJ-*W65}F zC@I1yBH4aAln?1sL#oE#KQ_^n)xIiI*WO**8FD2`+b4N`bFm%N4x)SjY)X|r16(&o zy$x(zg2MY&o*$~BB5mhnB^K`)q1-B+b5&VD)nrzJSt;4Bmv0afv{0dh+5#tW0u!FS zY3XC!*DtOPRi~hLRbO|``y4b_;kdHdNxG+?l@R}s!1ET9KYs^B=3Fznx|VNcc7wGH zO5YJaAtn7Tc9PlU2BI70`g>dm@-XY39>KkHy`<&KP0-*E5T_fu zarX?wao8H%6S3K{m0{bAopUC6_P{sm^SIig);H}Gb5P$WQ|@yREWdbpxupHA+IrF;LU%aXzZ*s}SZv%DJRJ2K7q*l7605Bh`kN{6LoR^7>c@0(VKU*;7h z71h?e=c2WC8kZUhM#ueqmQtB!?W}U% z`%!OZ3z@zxbcS#iMM=ahWc_;b@kV&lMTS>DgKs-rPTb5tgH`S7 zpL#P}vo--vh$jNzsWQMT61B>6{V}@{90y5!*G}U51Cp?c^DH}qB*gZ=9j3h5e~V+= zd|BZQrMLG|DAK0-3YyqPIE;hSQ%n`s&3gudh zP;neg!g}?pd+QlY;?Gv7NN@&|z(O6z{A9TeV&l5h&{3dDs+Q5g4dI62S9t+#)ZBMb)Xwd%Ggm zJN4FM&*&tNI4X6P)B||?Y`B&uM6;~KgjSHbB=S( zrsHm|x7rPkSl!%#=LxoTipXxRi9YHHJv}U#R)}>h#|4feipP29v=FzQW5v6rAY25f zDa-??*Uk~rAb1p{s9t{2kn!S>L1~W8YI-=A!rCNjPS+YDfE$B~m27ZJ))&0TTgVai z%y>xZLa`+DUC}!nA7E?`F8Oo$NkxCRyYukq-qvWl)7)b3tlrJp{pYw6(*O<^dwW)5 ziqTO}eLE{Lm7(gCLc$zpC1xT*wFy^Z@+u{Nq#)-6INlZvwgm(~DE4gizHjv5vG0!k z9bigetvh$;54g(pV{12n8?JF_}TZr1T}Bc~H>`mU0f{(Z#hF@R3CbAb|k_ zjIojMKMxV~ERZbjm(o5Qe^3Iq(P$_)znAR2^LXgtS*zCR zNpJL7t2S|Y%+?Oqs?BJVl4~$MVIYlGRQrqD>-_8g<@&f|E3yv|^I`xTkJ9mBdQJYj z?lyR}8y7G09(ca4JQ)Hx-K-YwtV*JL&o_{%n49rv%!==Jp=FW=aRkhQL1hPOkfAN~ z<(o*@jm&Vz>VDY=n#vzyC#@LR*5Fzu%B3+3cNCtQl3zWSqWWkheuc8efVfG+gSd^7 zniAG-g&C)Ffi(2@)v$P7oynFGjM2*d+o#qslUmG3h8e&ERc62TV{VaI2z&*Raj z63g*uJ!;VE5k`S-7}m)$E!o4HBm_p%s3;X%Z&7bVJa_(SKRww*vdTwlCr&qKgOS=< zed~}lj%XEe@4-@#XIMrWU@*uY1D-+ntNgIj5LaP+h?L;6fd z&pLtMRqE$u{qM5+JUS6HonjzuS4=%(UbHD3!}y1`AlW1q!r3g=9qhu#Bm24q1AXuFt$r|~!(2!R5-O4LB}vwvZ? z22uCo7-Wo>W`B${)&-pVY(O>S$lcP9@K_$T9apSOL0hk+An9nOI+^md5k<*)x_Z*U z(zJEplp4OWzcbAgr3B2>-oPWI1p?%o;mFb!_;8yDCh4_px7!2n>01KAePiRRr;jFLNp^4^!OP z@#Eby<~n(>^89@NuRi0lG@c{Z`^U@;?@9irl%kYWa}Jlw8oZb)(^b>$E?i;Y6nJ|} zJGYhU$7nR7h@kIFH=#XIzRC&op^7k50Fxe2+O4QJ3CSgk{b@UYw5j}0pXDm>E#6oTnBMUp+KT=U$B6q@m_8 zFA5Q5qi2!CsYD7_>>gnLP>JmCDUtu75Auhr(*!xpby2PuZ+v7S?WtPAE%YqtG*}jD38#Y ziOA5`J_2VUW*G~mUFS8>5g+uGFh!zocd2F$+Yr={xgfW{hhWyf1dt2#N0T zx_AK%jR02=cgcgq`RAL3YlH8vaKF&x8T_W!_0}v4YZdEgL*~fKi=re?re4#R zNX7B~$C#iFU`&{H#h7uKYwwLL-=xL%7s zH+bu!psTrphBUz44*1vwn&5COdC?u}4I%XF^^~Bhe3gXZIW6ntZB|W^vCzubU?T=C zZ4%M#JOwyXyD5x?&=`-fju#hE8!%eU&=~em^|KOS0XHh>IY9QnEW9}l z2MR2V52b^!}5^ohrZlgsiEBqzZ8n1&5FgufX z01$&4C?5eZ`2{$ovV7q0p?x#Cdpv)l>f&dxci&M?>y9-t>rhvVW1y=Q+zF-lPA!~o zXdQHiS%q$jQS1@~!f63;?Q1myA;S}W1egQ{0UZAQ$Wj((YyLQ^A8;340HDa2&<&3!EScw@D~2b5sGkhWfJ@zbOk5o2oJmtX z%sI}Oheo6Nv-wSD%)|36u^m+~r8DNC(tUko-`&fEEab{CygVs@OIS!Hfnq5a@Ij2r z2doTb+?<@IDaI-m-d&C{F)HV>8sTH}(wQ}fpzEuPDBOFjG|D!1h}`Tc6lVB9_HUUZ zlUQ!HjT_R#Zm(u6So)4~#oaR%P1HKSG@>9}ZLSQ1BARfI&{9AUUWpeWYxH(Yt>4M} zf)fb1PyI?`KNARC?SDIPCJ>O0boceC`3)l$r*}L^K*p+vvcJAOLH%kky#UHDD>)P+ z&EXnn4&fGYhHH6H?+NV3HrYGb4RFv5U;-bcxuuB60gQaxO-%}1Gw^IHH2nnG6 z29y~>VGKaMOX-P^{Xuy%U`7j=x&80h=poU-0at5bQx}WN4hTe%Q>kZ6%rDbe?Lg-t z6JGH&6sT)9oT@NI1VlhZLLfvQrPqUBv<8ac(s%+Ft=a%R6KEbe(X8)Rk6y5TbvyyO zQ}Mz&&P5RFZBZsyr#5!}ZI7WiqATk~_-Bn)n7tLE72+K@2~1f`<_^$Y#e1 z0gpvPz5b^t5?S4WWMcjO;1HerF5z*N`KHBed{^>}&u0k19)J(7D|}S92P^1sHBoZt z;U4l>aK}`+Zt=?P_s^<+z98~${g9|#U!Aa`^YrjM%WCB?pVp)@SFHk}aKxktEJ%sR z!&b=?*g-W3LDN?heF{AGtW=wfvb!)_BpW)y8r zyZEaR1sbTX7f?dwLa30Q;#Yth702cIn`wW4YK)irpG>(gM7cA<>TL%V_w4@zB_3hX zG)@H$NHqRAh8Y}+NAn4&XdS37BnY_FT)(bjKX<5p?Ea#sKOss9(e|;j3mf2D-R7SO0MkQ`FpMe z9mpUfKx(%$%RzvcLV=#8n+%07uN{*J~Sxx zu>l7Y7CNIsO~8*&zjoAmoRynqj^DR#G$B6j)6j5ty-!_9vbn^wW%|eGYA6^ z0TlgCF7~KxXg?8WUv`j(bjR73otMS-gK_p{p<+8!LR6w#EpGP+kn0t0#xZ*qXSRfS zUtQzQYzdc4#Jvx3wuHG(QPD+d@)3$NKqZQQA*cchg@}Hq6a^+;C91oImgVm|1*INl z-gP+MNwu}=KPlPAx%A#GQvCa|d2&Fo3_vG@@Ps!`q4hT+8<@>D9p-Z{Nkr>N-egEH zT}$U3R0jzXe7#W!wKWYHY6@^6VnD#NX7RbblYb#72ipBKE%~ptPc#O=x@y2?)a!4? zrswg9-grR=l8VWI_cT?MP2jcs^IWZ$TZti-25I+rQw4NpBCSn{QXmf=5UAcq<_#F? z!c>SDR3^v+o4D~ohHw4&uWuQ66c~pmB;()dY5;T*-s%TLM!ES7AS8g-t^yo10d8%e zlX9k${F{$cfLJh4$^c*xQ5K+Pk`7p0Vz}Mal9W<+x#ji%<87w5>*O^f;OTNL;yzmM z;3`4Uu)=x2g%ZoAIYC|=zZhu7F$oY-Qv^6(xfzdmM&=F(KAejS0B>OuZ_VL+riW+i6zc7Q zH1WxkS80!H+6{mCu_ZG5RZ0x#{F#3|zV=~%TJina8~^*Q*%j6P!~K1io#mS#%4;wu z`1_~-g!o}4V#{!9y8rJT?D4FFr5l+}sy}aByr7Of)Xl5X_B^~bF8eupqw4Z0=4m}U>>I?J$!`w{sQ!;((boxhi%+Z2T%NvR+OHo#zBA-LM zD{&v7i|1cF=z>KEFoflY$0HtsaWqdbwXA}o_^+c*NQ=ED?=??KB~A;L|%GDavccbVE7&n{U-4OKtziWDBg^htXN0c zMQkGlrOD;xazyaH>HD-vm#g`k;S4_d3Nk)12*gmF2wb4o1xtzJGp6C}N}(!z0yLZt z@Pcub7a*is=`TEqQBT@aI_9+GJuTpigA>Q!c+&@aYGYoMkrXewx4s6K61Qn|{Mb<^-xSKPDV`utApJ?=3scQ8D16C00A4jiK{d7m^$?XUedt*M7mbO1%h zFL(h|)#0qBQNW@WSslPR#`%>1v;IG;-T($W{=bm0TH zMbpAvM21-(?~REKIAF|EYOPVkPjxEP_zVqU)_nAzDEjbFxc`-hyyv#tRj+0;s`QWZ z^gIq)HAXT9>Kdh&rS2g=^KIJ)K8^as8<4IU09MH2fN<*k3uz(?&|irRA2|ODuID$} zI_<2%`xDY-J~yU?`lLDO7Q+?BT9^CQ#H{EA@!PHnb@4toO70#K24Y$oEKpFB%pDN4 z&h`VC%ROPbUTq$C?ro*pF&b?M)8g@xJGFk?8 z=obvaXaV+b>BYPd-v(DOwXaaZUwG3zX#`MoP%Z#k8>|CBQ%0Q6`v2}{;M+0bo%~a! z0Zz!y%4%_E(DZKn`Rr)VG#Xyk?Tw!m3kGZxaz(ug${WBEl*7)3K)UEI5)HQ)g zo5d8j*{X3bN&npu+*7$b%U1OO!su9lV%Wb$kBOhkGCpAO%%%n?zu+pZ{H37@m!M+_go{s z^fn=M4t)V2zy81SmR0bdQI5};Q#mNtuD9t8@j)Vjup}^!LM~DgI=!W>*OH(Gm?A$Q zgAR)E|JvYy#1WvnDkKmvy#eRO@uvhcpcvtQ#{)qA>Ux23R{rMj1r(eEh_9yH7TbT) zQr$h9Fikoo1IxfZ+g_6&lI?Mj71Vl=^~40?R}B#InDys@F; z&jUNiI1KTfW= z;obUteT|{@;KsI1&VDF(qSvb@2{{9r?_WS&Bau7v;9-gyT!nXT(S^dcg?3yMe+ zkpNPp3sJz(35Wxtp`%EXDqSfFO({w!f|LLOVGwCjl@0+^K%_|%klv)X8)u($X7)LE z-1+t$XYaWuf2lK{0$)~n*Lt7l_h=4|?os~q-w1a921|E;B89B2kV8_}_u8+j zlJ(0BuqmLF2IcQ;h5!o@1hDmO0S^euk;-!iI&(E1yXOu;KYt!{JOtfxES}=nUh`=` z1o5bfrXGU2X%0b0fi9Ln4HEZ(;s@}+3H-V!{Hc;3ycq+3o-|51?RUNwzJSKxEUg;AFa`f&1<(%{FAVp0x>&s%nay}6%?NH)UwSW7tMK`91bw!11|*{aOm-0DL4dJLi{mz zz`g7!d}JIXfK*lSKf2`f_^weIpn?V<>wyX=^%-b%I@e#5gdiw^czLI0dlWw4%;KCW zA7S|5#XCExXeNo`>k8tT6mk|KR5`Tqj9aK8x)wO-rb<1Ji%zHW!dI@yY`4;=K%{Nn z>5GsT&@i|7hgz4f@P+4hGG2ZDP8gzho(2`mNJWq37qfrKbm#Y}0{@Rx07r5n{w)Or)f0LZ9%F+5sercj9s8 zp)SNvwE#G}gHjHt0t}FR(h0a44%~$Y4M`c0%8el(n0VrtC%`<0?|?7JrUF%xf4D^+ zPnHFH15kd`eLO%rBzQanRGx`TFaf9>Ne09-3F6qQT%;o7ZZLtG{-mM#3L#hE!uN=z z?5=zGnG$i(W0aBl)OP1hwTgiBv>;wC1w6t|zEfqBmirTL>JMLDtkT0*7TduJs<xBm`;H|aSnqyKg#r({ z1jYl87+`#!dBOd`CwNCX)A9us-;M%hzft&0X6Oqo?C3%x8TB(2MxtSi03)-mta5-Z zR2h1s2yoH{?F_)?KKC*p+-pj)LsU$dGjq-GTw9yQtexHDCq=UlP%xLvtnbCW_^9jHaqQ} zJyF^zp4j*D%fcO90OqX7;uCJZTS zdOc5JLBn4D$4>*3d9JnwHkj(-c%a9N-|Y5UUx5rsa~vIw_Eahlk;GDFyg=~x`n;vT zo0x{nxjp4Z17Xn9p@&cN^O4@K0N51#(JuOnw0{jQM{xTe&OBz!Ux>_FIqT(Eyr!P> zrK9vQ$356np;SdBT8AmN8*FwHVN-R)F8@B!8yNsqqQJ6$fOeDP7jbQ^*qx=61Kh9k zvQmSGpn<{p?T{Lu5%EJ%^V|09L(tcHrFvyRoi^OsQ4TBvK;S#jB%m_fWuSWJG@Pv# zPy_?TnYtPqdI9F%3qDQ4OA$REC$hWD=|A|KCppfA5^FdQZf5X_<7VkPvIIk&Wpx^| zl@3xEJs4-}7UPX-<4c0ADMQ}d2T~#$B74A08W4F%cyhu+h9j+jxDqr6Kv4=uK?{rB z&djW~wWg2XI3f8bF##hQ##5$2$gnV0bFcyLDB6|SQ!qps9H=6A^$Wnjj_-jVfXUIW z+n&IK3B;_82N(jMzz!BwfT9$@5EWp0NMKbrG9ua%do> zk(6pJSyFX+l2=n+vti3A#MM50AV$8))ks4>H4GycMwHW&1YG^G)Ep{cYC)X!1m6DO z38RzbnY;xGqk%r*vWpQNbY$*{6M}Y3k07sM#PM{73?#$|L08X@Tmdf3C*lFFmG{9v zSZ5CyNj3)X8)A2g8NWjw?B<&`J9ur<=!+gI9aPY5YIT%1MzCBsO+TGFNco1|XvA^;sw<4W& z%=E!vsh9fmCqGLuP|-g6Y%vmKI$=G z?ZWei|)^u-E%g4G31mM3{&F_|&) zGW!9aM%^6qCuPAVGo5jWev-H(dU~OxK%_yA6*IIoE-#F35*lJC=}iOd`jV>U*7#C6 zAJaX0E3mV}Y2jJE#fp{~HQM2K10n@IEyUNXOim?D%LX${5hH^r!%qJ3WSGj|f2&MD zRTsb&6%y>CGDVT4Xnw=8KDm~b-2x5%x^g>_IL;1CfR$52h#?de016=vNFco|Xie1& z;CdYpbO#8{=Schy3ugfyxeVlu9Hafin#4eb8aOcIzsnuEO2Uir;fB$plCupe&r2iQ zo)=`)UkOafDc9tXJ^kp8;RCc9jOoFf^xWhcDN-4_5JQDsJb3XqG#&nEbO=7m8Q=gE zT>nl6=nVA8md)$BpcSpLPNB8rRkR&7ov=Ezt9A6OLSJ`z^X0zw)HiAGz5v%f;qwz7 zF+9KGF~mTv5cVRWyfh}>jlsk8vj#84oi7V4#`cy(XT|d$b*v@7LAVk@R7lli?&0w{ zs8mm2KRci1sVquZ{j%uyl}X!n%1ph*IH-5^75pQ$F|h@orCukW4BPgHD}pw7VjO_O z0Vwdmhv4%JDZs|lw@8lf00caNV&4{jq+x&wAi$5q4RF*wt}(SjyA&Sjv|&FoTt_x1 zL~bX|Fm8jsur~M7A#D)aC~+5yp`uK&jL=7;4YB$HIe5ls>1BFa)y^Ip^!C}93#~YC zh>B`{;>okS)4%O;a0ntdGvC*G^5Gaz1sC`J)SljKfyQ26HwS0xQgWfWl+MQI`W*>h zZ|dhj`u!CP#Mn*xmfsrOdDXl0^%o zOmW)8V_CTmNPa_6<&_-8m$B(C!EJWD>r)V-gR4E4oqG9NjWP5mBF#~#Wdu^TA(VvY zLaPZ1kFYt;+Du7LRgg(uLt;N$hjyan7T{dOq+z3ZAisBI1#r+={ME55 z5-g^CMe#j5)dv~x3cEDexS zhv++ZnpHppf7LdvRxW3GjjWj)%q`T`xN6bhyq3MGJag^qf%o zjf8jVWTpFvo+JL?=F+q2>3QT}S`};~D?h8%T>E*RT-anV| zoIWQZtm`X~MQ3XTM_R^`u2Zn<=N7A+qe-W7Jd$*jo}O;V_FvdIW@6uKroAIHhq-X= z+6>a{fqck;f^HBo^rc`9jCNRh^6EEzk+3jGnnZAfsndcDqDRXLELtWI;KsXz->d~H zLBOj>2r&-y>EzWugSopM0UKe@Eo#Lyw2!^ed7QjwH3w31pzo47hih$Nq~&?6Y~HA?n!|8wrIZqGzlH$ z{;q9#43FdmmErIBo^gjeATC12=t*+{Tnqw)(KLVPC;ft$3og7=f|xrA%*rMOPl@3{ zxic8*agbXZ-+I6s3IG`26aE6?eGy_#tyod8xO-1tyhS75UF29XnoJ9x%AdogzHl*& zsv&_$jhdL4msJ=rGPy>Rgc`LSLf`&`n^+*IXr9^o0 z>Wap3-tyZsfd*HzTQTGea=Pin&io)f;(&m#U^#q1zc|q?(54SQE->63cPdavU;#e; z2)w%i0Ou@ldn7*J?a`?FV1RaMPv}ZVb*+zpeS1vL9f;MnhDT2fGrh*-g2RwFP<`g< zZg4zrZ7ud_N6u-IfJ~w@0GsM60H0S4xe_H};gE}nKfB(!Dy}#eqw%vS$CcCMYxZgE zrr?wDjQlr1Cj-*>iRjzd?~mYP5adLZ`Ltm)PSr<$Ji16>w9{!2%ltHXMm^=BtVR(% z1FD=Y>q3a0Ar_@s9!P80Vs(-BhZ~dt+rBx-zNd7k$7A989%kPwtrO@b_y>9tDGTxN z<*F3DH85|h(ZMbMNd5|w^3p6bzPq2*81xK>#e@Tj&E!cN$qc#;nHxZJaT;?(4|tye z+|?z$e_QGNZejT=-ul-Idwk0x_K0kfgf@t(r2eQG#lt5-efrvOm8sA0v}%{T?d*y)C$qtvszD!rv8ZO`9kNT?B+q08GiAbfgG zFy$;YX3~JVbWN^LQWPh+g4Ivo1f<*tp1({E^sX3K^N1Kw*NZigdJK?BfO^C&HnA!? zkL_!!t{Z=QTx!CiSG0I*W#9YmVP8(4yS~u=y=ypeh!W7|-Vz|hFHm9XzfKZM@PakF zV!a+~eX4oRj*ZA8Xl+g?{fLabM%D*92mPiTmR^~CK=(~Kd@;v; zrdGJ_n{rrBm#7@497emcy%7$xWn!D0gkQl9M~&F{so<0I(9CvOnwfd;421{$(91}rF!G+&9n0N0_o#LxfX zmkz}nm6IvIbSNxa#x9Yoed|z&w}zGDIuvA-25c%PNdZ1j3q&`4%ny$ME=r(zdz5nR zVIDr2w>*9>J$Mgtyjm{aTK0sYTIg-6N=AzNfR)fsIhIeKw}`iZVSA5k31UK_q$sZh$1TDfxGxqaQKDahp?PVzr~n&LedGo;5Jzvop*@~VnX zUo3kfce(QR-A$cjkyjjW9|{SZsGn@OoO*hQ1ChEQe8>dKi!WS_AFW$($IjAb_PfNc z9q$59nMix@T)S78;TRR2o1_%30+?RVvhbAkQ=a%W(XsNkj->Zq?>B(aHz3F3G^FyT z0>U$UiRl>;oH=m87^G)7t1S2g-|;SBsu;jp9x8w=4LVmqP5U!=wBCaH@W7Lxt8s^t z(IeC!c7KtD$G=SyZy@?63ul2C8aY|1;bh^=%4vxj$u+bBGIW!MqGo4SCZ4~F!u7l` zlcpJ7yAqoNl_@le&g!Fn*H=b-|)gOW^6)2i7 z9Era!X`8lF0^W0cS=%VevwLzjiZ8E&`2K{|xBu}wkrF?!p#Qrgv2QF!CME~Z%og;< z6=Z9b>7x&3=*o+j8!E6x4GqCDDnn7(jcNpZIY+~^hQ4{v_8Nmu5w*T895scyO!uGgTm}V zn`f<0T}sxevUXll%(R7BbjeqSm?4*7>}g(XyG0b%>gli4FE~wn7RB(w-n^h*MMKBKe#(lDk7{Y5Dx|ql9 zH8~_cZ|t4ZLDJGZ9403YVSay6@uXo3nkXSlrkzP!mrI%Ev|yNz3`OgeT7$2Y1vw?K z+-wO%VqpW;4-J>JYuIhF;a;1)6l^5F)?RM)v0z;XKwC7rt^@=WFfpNqMVpd?^T z=f{G{X)*z9ntF6wPRC-Nd}n<15QZ0FcoBvdVf7-cUWCo@zn3P2&5=-h5o#|&?L{c< z38g*Zt0-ZBMvXCEVH*ZtV$8AwpA#&~yAB z9bdx9k#KS(oE-nRo*cWuMaNWa(L`np)nKO--Xq&RNRyt zE-l`>UgSpmNI(d))7M%4 zL(m$>SqugvgcR)!!(ia{=t?lRAljmlemqsUnAI_FkRQ&gf{|GyfQuhD(ScV!CBYP7&I!q z_i7>r!;8tQW*kGJeZY!rtJ(CEY$4aOrDjqW{l8=w1|o9hf=k}MY+H|vipZqD*{#>n z%01(jX`*qwoRa>%a!t5p*&9Jt7%?*J;hTgUA11cQ>N8ggp}QWEi1ei>_*ocJpU)NtG=GD(j7^$-gR*M_=nA1mjgdsaAS1Qrs7C=v!W8~(5~#Vr@YK=>XO9hUQz1n ziG|B(pOw_PZpGSNe;v<*qg4;f;c$%$2oCj{Qj1|;2o}R*+6R{1oUEdOrh!)BNgC}Ly)*Ec*O;DIqibE43Q?`D{I0pgM4bi3`Jfpk8C0ZEkZ|Or`^~nD;<%7QP$P&mil68NNcbvC z@Lp7s-(E*$*{#AQW1S!ewQI`;-WY*>of7W5g9waLFSd`KaXj^nJ0?9LS|-9`q)TR_ ztM+REVzh1TvC9(?y+y0eWDAt4{7lvnN-~vG7|gvjLGn(0G%iEeHO`nO;HF?u$@}-` z6H^$qBUv^FBl@(sc`AACorfAg_j9t@PziZ^Yb=K#p=j386&4@Etqi5r)k9F~ezjgq zDJjkAmv8j7KgUAm^N!Ck6Eo@1eXc_pic?h!r@La5W%!&(#UJ??$Rc%_RUI!Mn5(~k ziJ2cLfxd%W=g3%uFDSaw8xAHqGj+-vVuw164ne|jYj`NCjH#PZVs76HC!PG1`8<$> z%0VnHwu0~7J>h2WM&)3}23awF7)_9)W=`_#Ls}{>BAQHdrcQVqnXc_2sC|aRDBdi| zC^u0suinrXYnI&!7fy23=0!ClQAsGw$Rres)zvCTC!kWz=h_eaH`d*ommNL_*E2F` z^r*jwtQT|V1uDDI>sz5e2N|x^O{!BryUZ8|J)sApseeMYV4dC>>Hc*vm6>UVS#*6GXI7b85jUB{;T2k9}jB-P7aN(d^b&DN6>cifIEbZ*EKN(%yXHR+yXW z@YVKa-mJxw#zOyv_U+w6kiBB_(5~M(uB|bAbc%NZNt^{tt=iP_=q#9kh(qKUB(wx1gvhqV zUOu=5eb0ZVJHtPVRk%!o**d?mwQL;8o9ropz}RC@Xx@s3M(}y`FnBUm-sZ7^R7$9Q zQ;TTlbq`k=mIo278BfAVBp9Ak7Nd7WB@&uUgY}q6X=AK}Vhx0Y;Mutud(o>qR=av; z;hrU%3-88}hai#eOaq9Yuroaq3=C6>bb~f@C&Kv)kG(qE&4@^qhpx5@W69&}w_IyI4ylONQTcjmTm44+1@LmLBxg#%@ zEw9b`ObO$7M*SRn^wI0*MEbaSWFD)B?Yb%r`S(gL1-})ff^%LEmn~;5i!EKKFD;d=NJ~KOMewKT#rlMxFqT;pJtt# zKuSs8042Uj1UfobR;ahvm4gK&uJP95u24lk)YsLoU4{GArq1&0*IhdGCy@%+itY$k zL7NoGXE#APd~PruKPymwn_*|_q6>2DA+G#VFjuvAoBZ9kTWBWIFL-gJFT( z4!urp%5~*&P_;I-9wDryGE|jo@`_^g-Un1BbU6FcAxKjccE?({!z4V`v5^TPvuwj? z*b9?@LR=9@_^mamnP`#i3HcX0xiF#=e@bzUCuc!rZDVA+ zBrn}K#w2q3Ss%PNgsy<0XjZlLHVQi8q+Xt&{3ul6A?UTvs+430k2=~8o%kgW?2Za6 z$a76}w$I0U3ba`#PsxupXG1DS6Rj1hYipNw4fl`TyX57u;I6n+Dc9N?9ska?DB7aB zzLTZ>{)=Yzo}V4suhBNfx-5iGuj+Iz^xV4Jk`ZSTt8wy7BiY5cYpH!=bZRu_hKd{$ zw%&)JJtqHC{?PZ5NO)pyI?|cd9)%RHkj<0IZRm=UPq%Lp=rj?2cV~+?A==+@ZucNw zN%hmar)Ilm(KQ8~t8NyPcTMLlJ}x<}1y5$%6iEDh+m4@$%A};p*6n1(7-yp7qc@2W zjfu!`<)c~#ycTRteRW1+IVa;F7ovyy&W#otZxr~SVzg*x1xpolU>luXPBkAWvSE06 z6-VOBk#N^-@up~Z`SECZix1$LXr0}iD!HHq_Fjc6!#t~9+Fx8Zlnz0W?QX^P{$-*( z-AQvsI(z1MoZRiDhoIU0q5aC#Ly&*f1zZjA++z)YP#12){lAg}eDHSvY>HK&C_IhgY_0rav`D z?>TQO4Nt$`npR3$`dB$Pw$`Lz!JY8+5Hz@}(XgBvy^m6>K!8p3My5Bt4jZ544YE=_jogrVjQOV=0zwmjsx$R5E$G&f$ z!-J0g{`)Vj-U&WPb=!4dYxy#tynt94kbso>xTzk39JoIEvj5!R)Nt27s;}efTak|E zg|Y>c=Gz{p_U15E{t-K#MX8@8Ccms-5BIL<3LV_!$$9g!J8Ij)R$ zzV9c75-p-g7OMPMmn1NZG*JGHo8ieSQ%V&u%@dBP5`QA|9o)#Gw-#+2Io4k>j@m79 zx5MN{Xh|43kD(JYRytrfbNT0RR$m`(&*uDlH=CLJ*CO9O?%pczJkpxJ0gGx~weSSX ztHu&rL-TT4-UwXCBtd4BhZBNK*L?1ya*g#o(+q_2N@^Iq-JEX3Vs;_m5}2ci-|tG3ng7B74fKGFPA z|HKNG(3$-^kcn|mW-b!lMUcU@yMHjn2_`m_aY^S#hyQN5JJ@|RtqF;cf`D6s_xkhWu; z`*KZZB{j#0WqFAysc3Eo7+>l%gF;W!&_JCEj_-ROa7?edf1Q=w;YIS=Eq8=>D{`O_ zd8^ns z5=|r@f;{&*6_!}T>vz7*1g)336MZRp>blU#c8djV4Mxxl51+~0-sl($nd;CaC zh069wwr3+6VS3^+pRx+k$;gM)U;5i~5f7dPBBGdM4yyc*x^ByPyK(r^L+B;9tQ%)i zj~b};Zd;#{O_!G#Yf#&6RI}~lMWAh`c}8%ivoh-gu}<)**6ZX7*T=NMFHKC>ZxR1Y zoc1v?#^AOdnQJ^>i(|4Cv#MB}I&ZwBuloU`T7{&^!9`wdAIx)CTHXtjTadHTHG#lb zE3K|Ed8uvHir>9ea>+VcX@7zn_Z2?bNhKefa3Qwykf$)|sC!SH{{md5sH zEz6|1eq;_G)f6M<+0pUQi&SBjC8D>CmzfVi&o1NM6@1=oc|Yl?P--Qsbs{DKS5?|@ zbJ$^&xOxpCdgdRCJo;WwM|d}vGRxsLMK4kU&54b$?_OQ^2pu%{=Th zo=k*Jxf*u9^j!t4q{q|FNuq?6O7$||i?eMH<64mE4-*Vw5>J}yLW$|xLaP9#ZIb3~ z8@H~6(9)~*osnkg$;*sN4hzy0PC}FEvfRoJNJztY+Xs~g9Ctw|+z@-fDSCED8`Q0x zuf{QGJA@gSm6t4M9|(W&EF;E*Wl~+!5~8OL6&6OdPux%qq_nzd{QJSou&+_~XFD~X z+dFvQM{iU^wS6l-%@?l@b4jl6`?#$PZdJH?8gh`Fd9=nE_Mzi_45jckOow`%0io;j zkSMy0PAu%vdrKllIyDu2IwPG?vY0z87k;^%&Vc%JE}UDr5_-_$eJtuOt8kU=JC$|& zUt2r9TpGrSzdU+BzEoNwV$m~n=#}14sYMuR38PO7Ex&{tBFwryVM=`~Fh=%)D#LNh zc%~dN*d2Lx*RmnYRMUVqfGU;<)N+#~fO|P++=(psmT%gJ!Ap~xU$jtgP-l6{mJ|ueK(y<3)qS7CDzuPESX6xkpaR z*bh2Nh1nG{d<8eeZ5ry>nM|08-Gx66YRgwlj<~Wz);UWJ^}DsgPs*@8f5(67iIhIO z!8pI+BoP;-n!dWgpRviDm~@E5PRKnyxhWc_s#O`Ua#n3boCFau42QG7n39cAJYgAi zldd7uzuRGtvcasl|B#>YB=vr zW?Ol={N&!xzE_(wckbs(nP%?&-?*b59>1R>b~^f&;>CT=_u?j`F}~anZs$P;sL>|; zQ%>&VLBYCdh=9djMg%g4D@|FD{{+97T3dfv{ioAS<}?LcQY-Hwxh`jO5MS z0Mi1s8-L=oYkneMxo9C+li}Wmyk=KqDL}&fim$e-mSW{-((!Ba^}jF@Hoc{Xgz1 z|B=*F#U-yPl8KtSOCV-fdg9zP%=ka}q?NzmdR@HE75j-F-2JV_GWqG1`H_g)l)uOQ z{>R_{JK1IH=bDbK_U*p|02BVj|J14y-s7*ZXu|0EPpL9t&ip4ToUl?5RtmyC^EX5+ eVSW5xy*_Go80FUg8GVR#CYnbIvtatyG&D4T zD(VBcT_%62LN|G;2W209uB00Wi(2DOo+@UJ?* zHd-{S-}W&mO!o(dqA=$lbTo4ViH1PsM=`xe`yHKKdV6oD5ZfO26xS`&ZBYQXN(E zb^)LOz{SSK!N$VH!NI}9!^J10BqAgrAfzFuAfaTSWnyHYrKi8g%Fl6+nU{s0o>P>I z_o0B0kPs7xxU?8hieFF&_^S~#JUl!?0>ZmQM0bJr>F)#ocDj8JAj1WyqoIst2B4Fn zVUVHS_5zqtdSapC;8!U8k$WFsK68Ztb)(nU*q9Z-?>Xe%f`;Z$;B-sEFvllYFl_9i?cGAbz*^aCo0?l%yL);+^!0xn7(`A^P0!4Jnwwu8HizwAOoe}URC$S|?)3t*GW>EJwdqhJOG<5J2e7Swd% zu?T|qsh+t{;8U{-Ewdf`GVM3Z{x!p1|KGCgpN9Qu*F1m_0}XZXFvtM1fUN+@e7jj0 zhQ`*mI+euW#kE}D{z^!7xRlTrZzT3lRqYeleko43w`HlN++Asz6Z?o~F-~ON=&R>` z1`YNjdP!ja^lq|s6Plp?*mKtcx92qaJ8zy}+i4T~*c%Wqz=*Z26Y_RUV%O0J`-t6| znUFd3ssKAA)3d^&`KcS*v$O%mK9wt$TsjQ)QBrC3w@jnipK143=!LVn{VZFUW*TDd zxAv3$tmKO3zuQk{>503x2RFH^D!Ys9X#EKCDR}0W)be|u;jI2Nk;^V59}AMY*>%UmS(#>XZUMNtA-8}> zYqx;TtSbi{{Y3dvC7p3J^~4+jc{p|`zTcC zI;fh&OK6*$@uyYq_9MT^9usR{ZoTV^|4aWS%*!O80_kRZPxp%=fdPu(>&Z;%O6`px zA9t0SjQ?o6-7O$gTkaN+?;i9;^G3M*mjkXhFNOR~@`i8r*W#b^{MGP@|0wKW_{#_X z&-?7j=b$>3UoQSFXnq~QC;yeH@7iwxHu1meHz2OYeh{mk0^j|`g-m~uYY6ha8DaXZ z{y)5L^}l%k@D@NCn6%LQLd4)33$Bk`HZjlq9dF{@msHE0Y`1{KpJ!L6RoQ&LWs#!( z=`$sFuy_5c!-CfIYHtCu9}KF69ZZekaqj zQ98||s}Cl5+Kmn^?3S-p-g69FbHsQH(;({?!k)UJyAmc3&E3SrkdQpJl%Xl<6~PrA!dt+Q$Ea9XoOUCQG?B2BddU#^08{R_ zB^t|TvMJivkxySqmAv1&+(gB^qaSt#K4#RX!nmkfF{aVHHp{b!@JOKz2&GV4(dFup z>;sw``Ro8COJb5-9L>+_mN(Lpx@kT0CM{kKJ-HREj=2ImTiQ20lQr@8Bl;d%dtBQE zq>W22x5C%F-vGZcWQ8$WtY}*RHft)5s*D~53>0vYUvG+3Jk-{5+cEKrZFh&--lN2P zZDobg#LDEMm!>>v&3s4IDzaA1ci7$Uc&t({FsEZD^2n3+XD@!Cu=2BqR8p@4&jEfI z7rHnRyjcQ;B67n;ySoonqz<-rv~PxMV}Wo0#_LHjhDRr7EC(ey%pWMFo>GHk4k%RVJ~&sUd{vfw=lD|c7QpL|8bZh#vWXy$a8}opJdAVO2=fFSHGGz52a;OFI{*A3#;8ruY@Wx(_;tK` zc&E$*awDyR!aG1N8Z5rW*RtHK2MnRyCi*RpaA_P~(C6lq;nok`Es~=NqhKKS#-Q07 zd$$8-k9BbG8Bt7q_|j2h@4MvBBdueXDd}4P^YiLCjMyd`430Ctev5Xu@snbXh+S4& zy*q>-yNnfy5?r-#`}2jZzMU%89Ig$~XKP&DG|+yNuvbO$wHSJ&K4p3B?=jYLwe@ln z<$c+6)#F=$Ff+S#Vwbf+Wbi$&onxVrUg~?c6baZMBctHiDhW^76!CUxcw4x?`7jz< zOpNN7#RgQ8Jn7m00PTq|jr3 zWGB{o__Ey;9d+lvL?KY;?Q^xRoKDr97q_U0O*ZQD5(=9@;LKy-{}*Ck#uy8yFlT#&H+w z1&=^HY<@`oem#wT6`AKo@exfaHiD^7P&HAtmfe6aiuhqO%hn^Rx!}HyhP8NwT$PI} zgigvbugOFdDP_!4cYCACkCs+({MmaJ$9cAikIQ()q~$C~SZ)E;k4PiY9!m{@D_^VJ z=h;_JOt7!c9?yC)-oV|RN0c*rJtRPXYnq!|z~q(vM9Zt^g35xEyyEaf z)ch$IbPEWGl8Ol0ObYtK{E89xX@WZ!1OTuk#5VyvS(Y`~e@BkGdR_b9_#3tc;r*Nq zJ5Re&+4*ub-_#RC&FSt6vK-aO5qymKF~->Le*8+2cfFF>W(qKCEdur1i)84KsvtsSwBzqM46Bin1@ zjBveQpQPgQg!h#!?ab=u?822jHcL(E$EX%jozweI^mnNC{IfUCKRSE$*`)e&4y9iz zfaxex$IEdfECa94=jq-J^DFk>)e$>GX$tro`u`yypDX#N>pCW*{&1`BjlaRU%S!KP z)BDjKg#+(oxR2jwg7Vk#q>}xqTEM`v*(=_7;-ImETfjR$3kOyQZc4AklG0L{E{9uy zltEkBS6}$Zot7bOD!X~r6Q*-xM*3So9xD7^n#BM0M|;~Y^}C}Fc9&SyR|h6zmokAv zKNtNOi*5k~EIoNgS3y69bpC=3(*j@5-uP59SvH_Tgh%Bx;4*w>_0zxHfo$F8qD&KG ze<^BO^>Kd_HAi5&Je&&p6Hl*y`J?Gid_kL06W4h%%O}mJ(ju!XIB)n11T>#O1Mz8`-mUl(PTCxjwRpmxswOxLjb_Z+0z}YB7YA>8QjC!0AK@% z0aPgJi16ui4_CRzk2U^5T>S6*)0tl!3;;06_p7b{z5Kt;A+oaec#a}G?xAWudhY7( ziNcmBEb_wB^%qV@Van%rPpwe60)=_qQ3|5)r(gNce#g7NuK6|9g`FI|P`dq=epyIp?X0hh+OwiI zdVmT51keOL2HXQY19$--07rl)fDg5IM&)<_z^HQh|3aSjH~GgXsb?rD2;ezNLJ{Bs zZ~{F2O&;*;7@+E)(x1Ndun|P@aj1kwC=UQ&eZIXtVgmqhk^zA0gxlN8g4^5cLKMfg z2mriy{!`v19{>na7$30FZUT0Gh%9fV*?9Pu-vX*3U0G4&4UD zRvwlB07S+B00oLP#5eujZ>X|g<$$7D06-7rD~%BVAR`k1V7EoJZT4T-{fqMar{DhD zI)C`@H(n0|{a5<+je$y-*qFZ(itNL}M$vruc({0Y_=F^c_yoiRcz8r)M8qVdq-3P{ zgya`?!>M1dw-`<@61qa4H?J z-c#$OPE*us?g?&~wVdMdONYd?pAjPIa_H2jV|2qEvhb58; zr_`4*P9!%9+P46$;DbuUkJ(PY&WfMx1WQg=<=>(oO^7`DKgT8vMfd*eyOXjPN3vUM zB!=ID-WeXsR&pq9;j~U3Jt&fLl}Yf~N0~!1ah<@UJXBc%!UZQf>yAi_t1(MYvP}g@ z#Ps)_=DmAzv3(0*52V2O-gu*btdy7cZkOevE-!ri`7XpD9LZ>eJO)UPmgXpI?HW zTX-Jy2{Y;-pp(Rb1*ODaqiN;o;%)jP#S2 z5x0QLuppjW0Jl~&lEkZI5$oj zyfR1;s?K;k?(K$DY^?=IZqGWCnJ^`U%A(ACQW49byOovC01ZuIDq#%mE0D;lbAC3Y zw-SFFtj!wq`JRl(jy4&hguIqTCCD%C^i4OU?4a{)rzF!Mxliy@_~%Pi z!!0sL#9O2JYg%m-GDkQ~C~G|s*uJb8Zv5g@T;wLHE3|UW+sIJXT6>+Z5$`G<1+tMx zK$BTmcoWk?(T>r&i0hY2v)s6a7*oi#CA4Q`jQ~y?Il>fL1vVkbLbZtFyo#4^0VO7K za2_`<;aq59F7RayK-{V(I~8!3io3l2!t+}txLAYhP)lObG6@ouGe6t$f?Zj45RV>r z3_RIG1H=&Tr-QIJnW>SR+Z1(?0#;+|L)>P`L(@#4KFl}!IQMXRfc)$}05^roW*>z} zLv%xoF^p~5Z2;+x7H!f(q)z^EX~Yri`uWK#(ig((8Vzd`&om&L*_G2KFd>aC>B%aQ z)kyH6b?7qO%j!H04V=ij+=?_)S94=+Aj<^X_I_;Lm&f>Z1NuLjq@E5+l*`0_?6*Qf z#=e_@Ir%c{;pSV&Tq!q}{Y2s(jF@-99r{C53Xm$iEuLaOB1bLS8SeSQ?Ua7hL&}5x zs~LUUw+E+-f7{QN=D`q-GpOvSTFN^s%o{HWwZ8a1 z$3!>(@;Yd<{3_#EgQRug!f=8bE#EP7$T7z8EN9__pvi9Z(@8`W)YHDrgDwU#1*I54 zXtQY`xcTNXsg0%C;)-Z=r9Q??i+W9!w^^ND?G;STmrp#~Bjv8w6t z#Cb*<_C5$^dCMObsNQ(3bwUA?d3p{-j>8on*{Wc#5~sS<=E?;S55XGs5>4aBRI3tsz`3!1(4z!35%Tof_*M$TA~L zBW6lKE=XWmhgI9$7cc`Zb~Y{{JpolV&R;Z#aQuKERPQ^YLj zg!7q0`Y6h=wJruxthz{h3$PR1g-EhCmP+!ra3=50^ZC)MUG{FndlfYo$^^4ob!fA6 zHwJSAfulvjFNzD2GG-&0h;R`?n}v?m5Msyq{f2GQ^)?ODw~jOPoSvsm2#s}-)NI3m zHFrUrAzH&`?iWm==Wj7OdVD9o4^bo$Lnue3;e>|iMIVB8NzTyCy-C%G@PGY zv)7GTCn;JS$)-yiYU%!h3(CRkwa4H%{IUh|UMWYKOQ=6$@LB%nS5TS^X1V;NmFykQ z1~SVm)-bUVdhK>c}y|_w4Z^+Rp0aaLt_+NTu74p2UkT^B>K1FDcG2kVk2DytT`!Q z#+dK3ncU8H*QOZ0@3^(0bA#9&B3;{QYlF(PU1JsT&Gi{lce|=VA<+?{YXUVQu}xYc z`-#%%9+-(|ZW3_)tr#g}CSZf>jy`dVhQ5XR+qj4@c1#hds$fi?L9Gy*O&uS%P-+KT zjOBAf@^Pu3Xo#`N5#*M2<$(yQMfLEO42yOjpT*dPUU5e5G{Mb63Pr}U8 zRny+$peFm|0@JaNiP%wgT<)3jL?Cdk$!WXqmFH< zNArCBZVThv$txCd>~yvB99rxViPUPgh8r{XQklsi(p)T3tZ(@0lay4e7ZX_p1NB;D zM0#>dKBt_|auX)`QK(szl<{qrHmF8HfG5QX}{BSyGEY< zTK>LAvInP>NCsxe6C$JiuU6;HD_W5vD(phYNh?FO&~P%1E8dDD)@C&p&Z~9P+U~ZM zA8s)R{YHJAY>HK%mlYB7lzv|Fg6_wH<644n1aqeSGbXT>7FmnJ?cio zrL{I?@`tZ@H|~D6TWo6E{OR-KV$9&^Amg(SkWH85;S+SY1NGRuOXl&%t*TeN54vN; zP8718VMlSkahFG}o(}sjRs0i^bNq0N6dKDlV;?vFpfsP&iFICD_vl=gaI)bEH;wDI zV0rDD)&W8k*(E5ZA|X;0P-UC^jmISBaTF+)`F}J?sSk!+q&TKs;atO)$5a}JpJ4R% zq`x1_58|JE*HCxkPS+;-h4*UeTBkDh%ps5GCtZ4=)jk02r*y6CgnrAVsMhrY%c{Tj zm+GsNpk$fI;4{-8?w`!>g@}?vVnq&#noQM@fe;<57&IbJ6QPB-2)t6+`-MgNEYqJB zx!4dh9&qjfMzCKztC6f{m=>DQf>Zr#Cm0(ZKMeL(5j8)a)U?WU!kw}yLMj@|ngQ4| z)uX)lV5x=7;E3j2iCRlyO8|NudvBP`S$Kfn4i%R(a=}e#-apE&P~NSVoZc5t4bR>U zG?iUx&&*buq?Bl@N@^SmK->Qq^VX7>uYQ4(ea?wf&Wnxh^@HyKI!JM?rbwv0pw1RE zZ(bE(hD&`dv7+Sy@%9;dC#f^BY_=qH*7#C7JqPzeBRh)2s ztVuo@Mmr&DoTCv5g~g1hz-p3Z>HzM)T0$f87`GQbuMpH|E1S6-mTcdoTvIm5=B1&f z%pejA(WbuvF{(C4Wn;wVKy-OCX*oTctU7a!ka@{m-KK|DQY+bBo0N)*_TZ@^DY85C zWMpKdqWA4IBT#EZXd!jrEGN{Y5>7)c%vANV8Drbji3f}fO-hSZR_Z;NPQdvfgiKA- znOHyfPU)REk>LWtd5><)OM)D1uhvAp zT{?{~5I>7d>Aug(7#@p0{5kLyfN|_^6;xR6aq66N*{JfLkae%@=veiq-Q?@}{5~vz zA!kn~?x~i3RKQ~sE1q-G;!IEjvgjmfW7;U?;o(D@v0lIk>OOkyZF*|gV}&7EJ%hb{ zi96cAN1nct-y)ZI)Fu^f@%e?~<)izakqr0Da}}yxBnt!cNm~`;68OjN&o<>u$c*Ef zGpnfHu}#=n82y%KhsmGF@@J#ycT^LRSaWL^Q$ay#$Pl zs3|W7$!9&fPA$6yz&x$B>qEYp_ucz_ZukH3?~lP3CqV=LXZBQ-{iLtZRxI?GhRdzq zeU;sNK

    o`0SjKoxTq{5aYr-=ejcQC}C-?^TKwcWINW;rOoW($@pT=4#%s1g_DBD zHs6Ga1Yh#$-vU&>4dy{`-nYd(0ytbp=-Zl8t1OQwKmXC@F`A<5)I=}LEal<45I1BM zKn|^4@MZ4Pb1*cCu{MaqjeRA+^{8;#7JNG9YW!pPr6O%5BVQL0akD+=DExzR!n|M( zr!+5bk`XgFTk1t0Fx~((`lOFd*lVt#yg1&d4RK6B&8Eheh82|}uNYO+uRGj~ToMAl zw)S;Rns4SDkRph*#i;6tX;FH?RT!zq`nhIA!tO-6bLiL|YY`(%mC#MKIR zt<~kq)Y!&9{#0VMUUhP(d}yGr2AKEVUb-MN%gdzLV@%3bV$4oc)J4?5FIyG5+w)3i z>Vge(i-|&%@GYpH9<|(V&GtgjC(S0aI7JH*`}}z8oZ^VJf~P9SG$J=>Hb1f9JIst< zBVv`XfgL|VivoyuI+H>ThE+5(>8!P57&5)`5mtgUY3h;}Z1w4kh4%5Pm!%d=j;}i$ zaP*rw|NQ``^X(ni9}klOLXrk>HQ>Y05H}|Tw?fV~sgaK50E;jj zsM6bIfUFvvWmnom*W?!3azd7*IC$y1r*A|oY~=b0#@24Zr|C?R%(tkk2YIQD!DX1= zEKY;#F&$5P?03X)lPf>!JO*2TzYEcBelsvYlBwSYkvN2JNs)QsLYs-Y#gSE)aY~62 z8+lrd`s^|dePW{6r+N1a)ikp8;J} zRKjWrM-_bvQCzCJkflneZP)tB(IOV9Fuh7kc93H$x!r=&yzo16Yq^i4R=QL)86J5l zEuzd07AaBV`SVt zDQKX5$JL9l3Zqpo7k(^A*KDZ^J`62?l7OI8(=TUazCYsto%ckrnI@v^{IG(>LJ_Id z#pAVn++I9vu$cX1nhE+f8_jF>m6}r~oxrTXaIGvg=sGCWTvv3sUtNpKK3?3BZ7e$|_Cg6(N8Nz)K6M_7JMENYU@ft`K_8}^_&8<_^5fx-3o~#8U$`EIFcKUk3C=Ud zl2Z8UIrwh*6CG8_7yYH<+E~?BMW9y27LwM~1$j*eDe4mHBw@~dV?mkx$TG}sfyNgN z>r1m5<-n>B?U~V@D`juj@muv(cb@xbRuWk3)hR@P6O)iuR<%GGY(>xRgpArZY{Kg$ z^^)D^8QUElHo9>WCvxYwrJ!=ImUwuY-eeM8oJOXo-*_RjE zyMiY}Z+p@pT)^4Urz|GAK&ArGWDrWR73%mEX)>Ukvr)-v`yC$vrF;GIV4iIR)QMP- zuCMqu?H8++!d#j`UZz4VMSh@y&Y~mEgcWN)| zEt^&&Vv88eXz5^t>y&srdw(P)pkjz$#( z%~Lf!%om27uoW9*pt-OY&4Md(sV2d!IR*7}W$?h!x%E}sZrE6e>a!}a*RELJnepJ1p+3KwgM6p1s@BLlq-yb3VQwiX`mw`_XEw1OolmvS3{l9r{&&J{` zTcDZ$a!5Z2DFG~*m)qxGB?VAcCYuVIvd_I7$-A3Oo~Q#|;yN_Z1K(?2ZXNg<&m~0h zW+E}sYF>~ZTiI7{eSkV_>KQmqsnNb_Px)(S*+JwRwLI!@kaB(LVqA#sn3Pqrl!F&i zj_m7xpW7GG$}NoSR$P2d1)KI8%?p<4$}h_e;$<(z8-0r-z6(|#zN5+6sCdy~G)5n* z_O>NwR%SkaQaN7zIg(L628%xXhPvqqlf6T6>GJk|`tvApG!V2|Kjf0Ze&Ik(I$}ky0Rt5B)0n0rbDEdka zXM=0r^i12BJBfb-QLre^|ECf2-)0Jbn5>iRgxAyDS%TN!ox&O^s8LLqgg#4MzF+d$ zGY8V+%O(GgA?~6f%|BQC{eWH}&ApxK-PiVwTCoX6XY>-nY@YpF;JiFdv$G}06s_Kh z=7U<0>xjBe>42h5^}qu>{fZh|Ik8OQ@nnc!LR;f!_o^^hR?4}|mZF(Eho&ViY*`I5C|bCze8Z_d9v4cO$wzo1SE!J!or8Bx>W!_yrCH&+Y~sI3GlD=I1p za)z>G8)vaJe@l@xzAQV9H4U?RWX8>-0UqTkhS#QQZV`wYXmMt;-HYUsd(mf`i~|lp zS3EKhw$G{;KZE11$1)PR2}D(DC2NU7x6|bl!fFpBVka^+S^W~0U$hG(a;Wl>5;?}L z6wYu**MC>T^iz5UJJH|ZHaL??p_xsqT(Ms9#Y4g~p^Ei9pwgd1n1;Xr5H|8IwDJq} zi{)&4sUSVyJcMwwaQ62XS)U!Z#M`b4C(G|n_cPW+W#b^i8YCrF-&Jyl6)2*fj@nH} zxZl(E*5~ptaFU2+ib7s0hLO=Wm!_JViMfH1?u^A&1U7ZRu?%~Q>2xZ=ESgX1emUA^ zlt*4oMOtC)2RmKmozrn_pHsz3jOFpSb_**F=CUq@+xbtq`9u~C5R--Ai@J%HngU0@ zUc@ZD?AyS}hDMm&ARPNk^(@sBUo0h24!XgFw2>6qPF6&riO)-3 zC1yT#t4>St=3!HH?e`;#s=JG;TDcN+NqrvBr|+rru@UWQ+D~7+TMpk9 zw1m%S|7**Gxai!j@trVEP0DW)CsJgPB*8E4z5*Z|XZG>}CTz?}M0z~8^tm*_eqd$!#g_pCaDu>;KHTkrFp8ZX9jdnc_OL#Owv~&LRoKf zrsgA!1qa8Ew5*00c4GH;1S=u;8YA%eY@Ph23k=vEbLiP~=a8K!xs@LK#wT{BCLPp< ziA=y9mUz?P?6xHwQ!23%2d8{9-<$>~L;QOCiDR|3Lyu)0p1U5e?CEH!rCKcwdH$>_ z(XuH+2y0oVnwWHNDlUJa9+=G6H_mNZnOZ4yG`t(P8oEjV;^KdS_^Pa|(vQ*5wamX- zy3VUmQVd@0iB?IQC)#aS@-YK@E*8{JX$UP3Yh%aF8HTms3yHf-C28uB!HS zvE{m8h$D7Z#%nFDGW-6?kbu_F+tQPy^pu{G6sK&0(s70Z~bn3Y}UPgOomk1VZ@D&wH z-ustB`S*&PqJdkUIeP>)r<5j7%Bpk?jj}{awfLn}VH;bu>o^0kv78}qmjXO=LohD z%bu(sVl&XlDfFv_7?TIpjA_3Rg14sy)tu3sa-BpHC`u!BcjEa^{r~_-g(2iDcGLV zK7UDC-;fTh2Xf{%%wIG)C}1mRRkTs|(Mf#DZq1SnW2<(-k!sD-_Df3KKK6(AcetA48^~0oQ zn`N6!1|zK7*k`qMT0V=J;G;1ccUR+2(u$`bpbj;O6iIN%W8$5tm7;lQczMHCz&rr~ zgjli-e4G`>R=<{{>@!urcJP{?<28!_c><3i72{_yyz-$%2C#$Yw@^)l&2BjE2xqtI zK^M26U>6x#Mg~6gHTF{H^F`5V@5M-AkaHq2aF$q;*$jm1rqvlHp(Pbsu%X|^ET1)C zO(2y)gYg)q1>?{>hVIGOjG5(|NjASV_JK2hF0GjQ36nrZ<5>>5o7Mt@Bpa;ui;&OO zksyim2BH?7J%_{ZO)fZQHaYS(7`tu68SH8qkQr!+c|vhgty6sl$2%R?=y-~*m33$) zxs%AE)5iD_Kbun}D-6Mrq{F0>c&=&*rv2W&mqiZET%XfZlEGgSrpz;;h9$@GsNo(b zevKKcIKLD6Q7`K&-Rt{wX0@_7*5>4EQ(xty?~@S;BFI-&y{1>a-=w?MdQDmsB30Gu zrp#1(c+$yj9yi9@&29-x4BJP){ZvRBRU8F1wCuo9!|M^v4CFE)kV}dferw$u(^VXr zW6(G0B-!$yMa{irl0LmpVf2%%Vkz4P;t^GVJW5;8mea5etsGnY{Zmg@u5rPciMUOqR6l%?taQJo}%}NNCuK>z*jLUTh~sP zSvj&jVi$rZ+$X=JFwz#r263G-5-P#8V5~8Jm`IWI#m$T|8XP9GUOlu?KX2tV2tD0X zU#fpSm;z_DM-fV7G%?^Dd;?B8ySbAg3!6Fkls%SC;Mp@cLMX#6BG0MLOOs2h5egrf zpbHI=R*pN5zDpxvG6hO>{vz<5ZoAD{F%#CL8cyR7&YsB68Y))uL_UXuQU37}_fq10 z&9&OFT#cAed&}K8Jn#p_*jSO6O!+`Ti-6Wt~1MBxOKO=^f)UDI` zhGm9RO_Ld>BqkATjrE+d+@Ms|k3$tPp;#;qZ91{FLtd>t(5NuEGnk5XACSiVkhW3}KaEHjU$4}eUoBD@ z%GH#mHm){a!DR(PjSU$YWFM`Qt6J(8m>0MYcl2xHqMxRZO{X<`fuh2P2P!hbRw(L= zBAFQ|$jrh5)Ql7}mDH|t?zgSc$YTpf#4zi zc!q?NQ>D>aie{N6alqtDU4j%mFrxNZgE%yUJUeE!5>5hZ;D{ppbt0`X@Zlxb#y9XN zzq62h8Mh8r&t5){OpQ|PeAbjP-Qfg0^A8cqq&B+~1N>fWc!D$%py};NMFBAb}vzN0s z8?9)H>gm(D56&{(%6np^R1D7@vKxISC4(AOf9A>gdth8VS#HsOvR}UtQNCc*sgH;_ zm4+;j2o?+?>wcIh<=8#8ufK@Wlvs$wI!`RavrA8ZgG_OuOnD07rLkrYG?V_K{r0<2 z_wG-=r6}jp)U6SitC`-w^0nZ*ixSw~3LCQ4-NmX_#G9>ET}b`%b|=L?a1y;nPAL&@ z8zLzK+~i!PL;Pso?&6G@%;88{osBD4YMT*op>fYF3{N%+Dj}BA=B`}osgNelK-eII zHjicWA^P@S*iw;iv+T{4Hx+x8L~)U^R+XHBylEjfZ|(*tWqpc5H0ez$m1y+ejeK^J zmAYGE60ScGKbwxa9W|pmPh;)>TAasR+T7P`EtO)GajK?GeA)Fq*56-&D5RQ1N!X@1 z2Dy6CO7Ts+yz6uCq+eO8p`Lthe9ItPrEV#e5*X4ThI~@oM)qK|v`|@7Sy`1?n?Za4 z^@19H7P|CH17BfH&sKf=(&992;y~XU^cc3Gj3e-*X9GX%7Vx|^64XLpHO{Wb$rbv6 zn|wvAlF*V0Skc^;|cY58?UJ{6X7x0#W50_%MSb2Z((Y2Jo%j@ z5-U+HW0j=OL6N>Q8>Yeqf-nwaTO|T96b=xuEaIA?gztmK&fEs zY#PF3O$83A^cROB!LCjAQ=^kD^DrhUiFM*w6B{NUSSEa)MegYc#A#)v{ziwj zOP;W-doJ*_N_#=B_Dkc^vl>@Ddv~sV#N5vI%_7I|Q@} z$KGn=^K)8)OgmnDW9=^M^2Q%vyTCIcVuhT_~e&qDn1OkveX|Me2n!sxZIa z9Ot(yYEEiv_U6LjlwI{z&T}#imE0^q-o{wAn6E>CFTJeJ%fV_2r|Z`K_Tk>ej1WE( zBxESDT?LOIwI@B)dM5DZL-@Qubj*hU7ai!`rC8c!#;={B>%MpCR7k-c* z&_WOlY7+=9-N4PAXQ(yIiF7py!1JEeCzbPuL)1cvmj5G!_#4O-}I1iy8d@Up zm6H#w?@*fPn=zM{-R@DN>VOwEBnAge-2^vwPy8dFJvT7*O5 z_-14X?kdMt^M$8Rjt2u<+{f*kq^Ow-E(@z7s|Iyh>l~q)?WcR~rO3cj4QPNEX-h!? zR;xyI9mK%;gUz%fEgW{D9LbJ0n8D3c0S!0N^>J|Bo`P}cl!KGvFwF#$xZwOMSHCG%MeZsFEq%_e@`R>Yo zV%>HA#B&|h&DjUcP6o2c4%0Qh^f^jpt zfo2~RnpPZ7n`CBlXC<1`!$dILv-^l1-swmRO`^2%pB90W!6k6_>mJv4PYDu0L;`zU zryQfVa~#YFo8;pqcn8^lrM=uS-fL`?+z>mT44wQ>%t92+Le;?;sf5{TL}cGTQKhFY zF)lY&_#Jsb43nIF^`aV#GXytbtK5Ro97O9vX+jmLP`dP?0F78Vi5^z!94OMc-u&!j z!F|4J+_;6C6!s|Y_zi>Sygi*`MoWtcGG(1!og-#naEH7!G*L&eQT=7L*KYA%W2u1n zv|5Qu3N;U1Z;{XT0#MD1cYqDGq!f6c%XN}OPdBmdvO!Xj`v>A~7?Qj^Yw7aIW#q!* zq<^e2>cuI(CA95glfBm5vMv{-R)6P=vRdU;-Q?0|NOZzhssooaxRAqC8(qr$?KU;2 z5mdB=Pu|4rbh*&67-+xtgFwfp`w4^IXA91hUWa!C5liMQ_m5iHjBW z&x&FzCDe*~E6WobC4a}%X`8*dCFNKbWyPpBHaD^-BNcC(q(!0@u`jA!lqd;Y)DLx6* z6Un#DkcRLJUUSh{cLGhbJFWB8!%uqz)%`c;ICp6>Y}FmvpqAIxt}8%`MT+$LX~%^z zd$01s65U4lJfCJQd_Hl|F_pn>3us_(3LlxNT@r<}D%+?TG`xVZmZ|qH*Es<5N4lKe zxfvN&fM#}xS&OHtl;M*`ZW?rI8+*w+CdfiT<{>+z(J0|tqAPh79_P7sE=l>4veAaB za*GHrE_a@qGGU`y2nle-T&Ii$+p*4e9ZOX_1=)*?sDy<(IU-M(q+;jc};-oQM;TCTi zJh9ZjN1&By?l+YjVRpr#(78E}!`&vIOxt8$HW*8GzLl^ts}dLIXdl=ID)D-2qqvw=iQ;;!)C+r!uS z3kKKo>z9n0z!k{4idU4U?ve!ZSZpZNF*PL(V?Qw|;^SDvT3wB|(oVyiL17tlpnbCp zk>4UAzY{}&^U@t(kbb}&QL6W+b{84DV|Sh`7BqG#byi6T1Ai>`1RG>fOTH}mVDKj4 zFbTS@nURYdQEOu(lM?(%68N2ZdMNeUR?TImyg*xg^*~acLG$OgCWENr)M$A3S9#Gv zZD$u6c=-o)Aa4eH2I+ag z-$-kg=O@=}HFH>xL0AbwDYco#Z`s9icb?k8Q?V3T)}Vd8NMJGDX9)Mw2;f@1j$1!W zU5K{*zleM5s5aBBeVCa}+o@27QlR)LTD-W!DMd7PsK8)0W~=Bv_Cl0g^x% zTvDJE_d*B~thl@T?`db|ob$c!`&;Y%*80}^{=f6&zPDWa+WVG`@=DFyR(+SRBnaHK zdaad<)ytImUBIdsrgXs)qJA)(PUyL-yCF^tjDBP&JI5a3*`3=7% zr2}``6e(qaRhL2He7Kd~c15A%D6Vf_KK9ZYm`nhxjn7?T8Wz*WA1-|XG$(na4sR^k z9vLW=53|Jk37#6SHq7lsdF=tR+ph(~n?UTG`y$$zzec1|aRxnL+jq0%NF66EVmB2e z+tsbtO<&<4co$G_rHLI!+_ypZj@16*=&z9jlkqD(#VdQTBbIdYgs6+ib=odH$H)3r z_+B+_XVDDdM|43e*X3i@(~>Nmw9-my0DYxPpV5x;CgLWbc|@PWN*ZXIg(k;Z^6VR5 zsj~Fe29{OqCi7^!;M}^Ynbp#`)?@tBE;rbCK4rYh;D8vDms(g!evCr&jqe$LdiuF2HD4mLecQZYTN9r5+OYwaN ztsJJlzg3m>r>bJq7PzZ9P+;YG6bDP9rFxi!>Bw<*Bw#~>M1iT23s^u`Rf7~72FPni z7Uel#fqwoeG3TkJicUv}lF8QWn^T!GTU#0bAfny`e`$|p$n}8D#POtD)tUH8E-67Mt3~O^6`4Ed=6Xt|)^~B8 zPctdE2r#0VcWLS7K*}G zWP_BxGG%u9h}lX593 z4T#Mk$T(h+Mb|S>Ex(^EPQDO0Fm(-di@pqOJ(NEJZM3VEZ1);G-?m=0P`4gF|Jv^5 zslG6OaDq8Y-ivbA1V#xYGY@+1{j>C=={npoTBkrWDMkAAKVMB)?%7O;@*$Ww660QN zTeq~wj!AArR~$}GzB9S8fUR2g=yjyl!63K`Yo?035-VhkVBa(E0{RjHOiXgXE?r#; z<;)$nz*Q}AAC9ElNH<&3x zNY_^8+h}Vf8%f1#&q~HaAXbU5kODlyZEiD6^3!7}aKyWFl{>#|jffUS)S;axB&5%H zO>Ruxv6*#|a5ZU+dqy10+GuilbSJT4y#I|!NYD)6PhNrp^@%m4E!dG5;4BJ&;hL|0 zcd6T=0{fzcu{TsT!c;3WcI<5>lH0FJb5k}d>mR=K zL@U2*I+kTqbu=EEid|0=$8lLtpe+fiyDj2k7GzK^9>{N z^Z+bB)HA|ftq#Q#k5<KLXN-m7 z%+52{ELBepJKJi7P3)$NTxpDv{SUlAx++3YQy?|IvIGEE*aY2no@(XdIrE9)iwXeX z$(6(y)B%b@7H{MxUcWz;J$cVG>UqHk(nDRcSDJfs!q(Tw_KP_9j=;?sHV(?Tlod~p zjL-^~b*$1e;0rV!kX5)0E24yJhG@4-13IY55 z%qTJDp7_>4ht!EXj^<(O*m7{-PYA2PVKul0SGA6YR&g7$0mzu~T7Gx-E3$9l@{n<7 z4*Glh!rIJt>(#@vChrA|j|B|^pdfigCfWYoSy;3Z^C#lfASE1>Kjf&%u^ISSV|>i? z`zRoOHUf+xMvlPX)D}eU9kdG&3W2|ZRKi~Rk4WA5o#h0h{^hp8AVH%>>K5hYsV;wh zfOi1M>v}2wBijER=x9BwO!x7`fX=^ssa`+%=rKdxP~p^|c)3!xHo6RY3&P_(s(Gjw zSA={j!K7jxm!oIbx=rmg?9|&QP}a5gvq1?`A<8S*`-0R9L``b3Y!;`DTcAigqE4g zN+B<9G|}@BXuy8^o95Wj;Z%vCVyy?Hs_EIYieDi-_g7+?EKqx%5EXmY$8Ax}&iZ<$ zCN~pn088<(823s`LNVXs z&Q}sqxOg<$sB&mP{Ep9}!=pd&`Sm1!HMxNTIfbrEER@w+;Q>Q++41gwP@;oA2;SA! zYP>rBL&X6~rz6<%VmzBR*N=a-7!dP!{Eh~Kw~GLj!AYdar1px8JbYjAZ`e|h`l0Th z7lf+zR_g=9;h-UUf7#(f5FLqT?!WHJ6o&5Bdh3=q(;Zp>-UL{ zZo5t4lRfkgalaNBEs9l?R5=X094<9A)QaU<;w@@Xyga|hJ5Kv}U!Q;Dx}JfYvS*%q zVtr4xofP}jo@VrLkuBfS!|SDW#JGc?$y<0o?kloYKuv;655J4aeD(yi(TYMkn%F7Edy8UHe~W6|e{T}K zUX7^)LeO6%(R>v^vECfDT5mLcH^c+VN&_AdZ1woHo?%SuJ?_BN<)lq2h{f#e`flQQ z{4E~i`MmgUZjpQ?zGR$f#Pz>DC$>+h`xrp5H~DablaIqJwS@~R1w<};L&Ds6;$fDb z_JWlo$6H95zg8^O8o;~^2?@YNxfYKXZ~)WciUjysVgkg8gO0t-N~a@*^*CF?$?}Q} zT(39L_@`%wkDEI&=oCN2fv_6^5zi_*ZX?K(ZFU%?wkWq>bK&_p1AOK#o|#;J9y`Qj zYlrp}=idb&XU_82ul?uZTm$48e?v^rpC-o`*9CRd zV z(@i>HP`T0B%Y|EZhT^RR1sh7HXb;suC0$ZMn*===%>Fo??NwM*&+)4syO~4rjuw+z zE2Mypt%3nA!2KXPa{QT%ezkHJ&Q_-_5_!nWL||}~zwUebeaiKuKT%PvQK}7iT-WT3 z5dqBEmLK#cP!hiLc%>VG1Us(ahC`QRG5z!MX zDV(pgO`~mhzbRhq zzX^+%{a>p7E0+i#=W_7Rt$OdGS_$_nz0V^YKRd2CqX_4G{%5o^zj3^K4FvXSp?N$S+_&W0m1U4M|)tzBQ1HG~J8h ztJEuLv~CXTGu#=dPpUBh%urH6@=sYZ5t(2385KQsP1UVs>kZkV6p)Qj;$kql8&!r7 zw(u5ayDa<1WPMWO0RUov#Ww=$Z8N9^oa~nbS3zyzGrU#4RwzFQJ%Aj@kF1;@wvim(iZA;$)*=y0gwDng8|txodcP*rmkme zm;4*Y7dTADaLCFCtA#-3>}y3xl6ujHMTmx_q;|6D%WsvXo?<`&DQCJ^Nwd;zwYJY5 zscJJ`t^&oueZ zNbo(MVpqZTbR_EY5m;S-#Fp0c@CUI0@ao5q?_r=5Wdl@z9$2Wp2lVmnv~e@|Uk3V@ zM%tT!l3-v5dEXp*$;$>5 zHg{jxy8UfkpJ`@ zqolsPlP5`l#DT*S8-fcv1t=Y3f5~B$wf-Vfy}a0idk@onUD+&V;4hgnQn^zxw30uM z+BP+({%*-*E3SJGtzW!>Q~^jS#FnSJf3VY(zrmyra5xsAwD6zQ=x=_SffsM@lJ9g) zAvSwtBVa2GE9kZxY{onFMcH;nJaHb1)} zy8tRee-q`u?8(eCxk_I90I6H;^SSP8opD29NBYc{V9?Wsdh!|0VHm=9@|nS6>*#Qa zwi!0C(v6|vyq@Cyc+9_3Gl1)SSF%|^FHn2uCC|t%4Q!9ofGNAz z{_2=P>qou&l%L^?xC_cwL^PEy31Z-4FEiXcE@>zADIUw3u=>$(HV9QaL;x(752YJhf=YjO8mzMihNedDjE}mzw;zxzMv$8rT ze}oU&zdk-6OL%I#{c+n?c>7y>@u<$?SjG6a3yV`|GRfUgzfBx-Tui?lrbK;3R<(w- z@x0)fEPnR81JsNoxFoFt^elLHvfn^1@`XoQ_ zsK}*=JW6AKlOSTKwLed-eKBY~>1i_3wtf+6moC@v?uN7(wZ{`T`S)?+<=0< zV9^G?-9#Aj`-M z-Tqwffb3V*>Kfi|3nrm-tuJM^w1V*-VTX-`ZAqO#-fJg$t^-CrL1jLTTHyrWPvf!rJ#hN5ny(=O$J1xJ^Pcx( zT|aF-lJUiAh;hQ~G2b)y!W+jlpKQ$`XYsy8v;wH$Hph!5*U7(zcs8zra7VYd;o1YDlWFnC zEfU*u_YbPB>9`pupAm8|$lJ@fxkJmaiZBGYh6i}d4}^8Gu@5m^I!dP$&E!{kFVQ3^ zyyegCtL`64zzb5Ys0>tAIgV9jh`NfI>IE3MuE9d#U(m2(NIJ1+*upm>+C(G6tcXKQ zhu}k`^Kkp}iPUVwhCF2T)av0r@as|@yUirr4C@F%e_eXrBBIC5Q3qCeM?l@;leDl( zcuGsfDnvSU>Yn`rDL&PO!{RkwBWsQ6rT^HR#;x__+xw1dSivN6(7A@@^VMFIx*R;t z=LML|QaAB9dc{itn`6qVYqWXrk8mMOS&A+p=6+v%L4~CzJ$^6t)0TI2uIeR=8(Z0a z&SD$>4^NJl`sYaL1qjeA2eW7#@M-LdjJWg8)EXLDz!0U!w&SwepP^jWkZa$LP|`H=*~Qo9&}4OV(&qf;tR63_-AQoA z3Oq7juHx|NTugXOA?&=Xv8Qow*GaHE%_kQr>YO!E-4qBtvmA37=Ev;Q=c-}KYKhfs zJVwJ2!oAW*@}Gw+RBZX;vh?Fpc2kg^#l9@nK{vxIUAxa^boBM8@g6dX1<8q*HX0~s zNNplpIZ$batJCs2V(brwMv}$Ayy4vg(ja9SJA}+|XxXZq!9Idnj&N_o<;-VM!eG3B zqbMFZFtr(Ok?xl!`;Zy`wTQWmWRfuZ1j(GNd;1e>!Ec!UdwV$6BGOW~$WCuRmtN)O z?Dm=TD2W1eJ@LRk>l-+N)`DiM3OfAY$5~!SC4Qm8V-NIsWSn*Z`h5oUd8NA)NcO)2p413* z12!%^d|?${eL<96&rAx!m^McW?y%s;ClY%R<+(Y(5 z?|gjn+LLOr)Yg{QzyDkNC!pul=a*fx3rCb;W_Z)5QAL2{Dv=`c)Tc5 zLmbgA-08t}OZYN}p812r=?-2oqN-ISO!v?iXXT~`&7XDYJJ33k+Lj<9$zL12SZx?t zP9$7ZybX+nAeomv4FzpIOZ2O$#0WS#3VOl?1yMS#0 zqEouf=GghIVgE_UwVl8nYU>#xoPLb=W0{x5Lyq;4+V+SMZB_^S9Df?7NfhUVt6Hjf z2K!63SAUq4(iX{0XEVr9l*$RWeEWkJXc;z)MT6apn$g|9wXT2E4;u)eMQ)^uOycb2&lwp1aqY@jm;`*Y4u7$UD>{}4yi3s*7eNugAXH?>#}4q{m>NqEzn%l#M6yf=zXIjlCRwKX(k zaVSsMF0Gf)i#qN3?NLL#>T6y}%QTE5*g)NK)&c(ZbKxN08mFarwkf)$NXL}Bs2RZ& z5g>Cf-o2CUX>luG)E^1j)^E5NMfUnnk>SmAzyd47tL=#0;>#Ut`3riEy&~diXebD^ zW0%Zmmto$p?>pHoX(Xq+iow{UyEG9R((T20waZy=7oT`?Dc8@y&Gw_66h9EtU6RgN@0;0;D3;98SJ<8eSnTz&2ovbYn5_dluh30(L`k=({yU8@Nd?J3H_` z#QT9MHG)s>j!=b#L+?~lYotE?ByMc8p)HalqgMPmpO6U`;NUS-DL|kshxME0V?TS# zmoXO*?rL`I_uD(rnpOHyxGv1kLR=IPJ#)|PGi*PvRlz>#b~c;C?D@NFv-fPVA$liZ zY`SS82^p>>RXDzX;+m8g=fniHQps%({l#>j>FDAgMoG=}A*j=&9oj;aO9ae-<6;c8 zqE#G~GdBl&P`%@9kJnu&G7uZBT%}eX6`o6tH+2XbN-V4>tcg3w>k0iTKGpFBK0)ry z=uzo9Y5L_@ywY?muP^py1paNk#+sNV+U-J18IC%OFd1ET6I9~_TCf&FC*ICQ!kvdy z2!73-E(G8L{&t)HwY{wix$5$D-$xOZrReS|?s6a9c(jp8y}tK~P%@vrP@i8$E$s9V zRaffhjH@#bF}WS&D6F>8OF||YkKHbCFxq2HAKe@*==Hpx^Gxo9gRv*AIRv=ZoFTU} zN7u9}Gz>JtvwJeMk&)#`9$u>K!>b4XTEdGsjV5+mr-^7oQV(>t5eUY!fC+E#{zSDQ zq-x(tYF}D~v8MG_8HPxrw1U zfqKjZvS_U1O|6$2Jc)mSMkUUvffQdn_rexMo`tpstuZ%`9d}FKwLAl1V=1l1efvNe z8iZ4cvrPPey5$*cs!|!af{KYfcpMTif2KpqAXFw!KH<G(GhTqA0Upu+JrrM}b_i zx`_lz?1f~y7KNAf28p+&2tAQFt>Va$6l#SVUXbj4X5(I!L*NzjO~*h7b>9m;va*Nr zvUMge@R#!euO$u2E)MR$foGlC>#_`-;jqK-m-(wG9SlmDr?N@@0a56j8+q)1=Zo(@ zvF*?YdN9YNS(b+Z82Kk^@aWSo8>>_j*OOhk(5kftk_iG5-_o);?pG?YS!?QR=f!dw zfXB>#k>2_z{M!oYA!hqwx2QgrT-W!>{#3;4!nzZn0b@;q9aYa2S(0V?nIjh0S{X=m zM7cbxSswN#thQt3a^$&8AJf<)@Ym1Ma2MVG1ljczZ2Oiu@V|3YjMNd!z5O*_q|<|r z?zBZpVa20|rfzgT8jm*EI+Um6)-@Gsy}mwi@GGlLkEUuK$8*pH_fxfd1Y zIdC@DIjqp0vLHTeH<^}Yk~@f z(URKRgjmru83hX0X5gved^rO%qjQg$ZNa_SvVOh*q^3H2C?dKn+;zzD5wT{cH7Nly z@$|lt?r-s8l)(D{MmG(WHP&U7MRIVo;t5(JGp7ud>{Z3deJjbQttu(iQcq1HNR!ns z@%FZX2`ZSHL31kds-BmzfgJPyh>zb=YskyGxBp32)i1~#cvbznYour^4BBQ0FV?di zB9ZhOsg?CiFZ>1KO5~J7AH~%x**@oE_V72J}hVI9`+^ZBE7HRR2^7)XrgRH_$X~2XaVb?{-)o& z5roz;{oVQ1%r592%^Db4Sye3UH^=_1|7Kwuu2tufvsZTwC25yeZslvA=AL*(rV(VG zWm{K!C!)^IPDdh%=FY>zZcv&$A;_D~r1&NwJCJ{7meq*cP$8=rr(cJ-?kFL^n7v885}C9Pch z@}s&2Wsa!hbef}$NsJURv9MR$+%f zIT5pU4^zu)2O`8;r3VV3=1+ZE9yxY(Dco1Fey3NP^;4Gi!|`$2Ld+BkH8_phz3P&Q zv!S;dCN@>7i;y;mjeTl6zvKw2NFj0Hwew-w(|?eHlUNBxQ4u+8bZHrjU4D=I5}uYY zx~I9cU(4J)u`omK z;^)PIcj&EE0+p18CUteE6*Sj-ud}Jq`n?rlmERBBm9(i;HWbG2d_qX=yXcyv*R3T3 zgnJ&d06gD-Y!SUE=5yVQX+Q^0-PktQ}OoI2lHt)gPf`|X3v%7@~mVFxx@c(@7TfeA~&*JdCRieSRn_-K`Jc4%`PGj1 z9T`Yn(GWrmk}O{-E+pw-JaJugLW2lie~0V)RMqa~YP)#I;pwot!2E5|)!;Rps%Mbu z&Mh_6%X5<=8sA;jwTCt70yoJkttmk|Fm>FM)!qY+$Ybo8JRebvCl@&uo6TQ}&98o1 zD$cEr0&|)VD=QU?gg*7iqQQji-)2bOeqN=LU26se4Ss({7b#~6 z`)X?n4MA0y+GS{RNlNLA$;dB{qdD@~h?W(D_g}JS3qB4Dt2bk1#@~XLP&i_0DjGsF zS~xUT2Umiiw!7My8$65k7zgpe$xw45i=y#U{@aiTT|lRiZ#kVVY-^7Qr_U5?t$Hak z7kF1aWta<;yAc9*JXd6IJ3IGm#Nat_P86hZO$#RQxN5%ea4k5cR}H*arkk=@k>Iz^ z?JGtZXKC^iy2{!8)gKjvkOKaDd8>1jJJIIBO{L{RVrDM)u$y)|pFVL0G7`S(3!FSq zW6&7msYMkHjx(iHvs#N4X()ef$r}KX;$W$?x|v>3gPF<3ei_&?Z_Em_uz#=Rqyc&Lj@9r zItSyoK+0$5H`4#SN44U(e&H$IH|)q8MMtGf$6h}OJ#NWE#Ovbd#4pU+Vwm({ zGYMKr3vxc0B6)j(S+&(Z6Yf*CI4v$L1B%s$`oB}C|#<%ORa=mA2{MthN_8n z2;2I4&?RX-{HEVzr-w5~Qdzz4o>hoJVpvoPm?9DKp#E*Vqn_q_+Jwp4O5e8jEnl$c z$sm7M>(6F3(UiHK=L9#!eV4u>lrqq@XLJL3Ec0?rtP0^iRPO&k4OI>|v;Q)I;zA70 z9mq(Dko*iQ8*kYKW4d*^?Os=NPX1m&b-_J(#ZC8#Pf{hW@RMv6^t%74lTe+Ly^)wG(w9AG`wg&;DEso%LF`)!f%oT&!31u27 z86W1+P~tf}3J2BZus0+@|m&l*gB zL1!UFXWzbv3)t*)&7a~a&=7LtOt?R-nWk3k0|}(Oys=)r-R!YCjV7F2Mzds1RhQ_- z9GL_OvJ4V4rI>J^=WG479<6H#ojzMxTs~$B99fX!l`W~f7o=}`e#u!szjx|bu5eNg z?5GTkZ2)xzC;V=?s+HeD8GXdXqdFr}XO;L^`)?2otw zokNjLV>x}&5rx`om1hURMtF4}L>Od- z6P%2E{am6xJX$g?wk?O zhGXVMgH_h{GUcmc?GVXIwJF?}>WN^by_S=B!}R2C?T@5y8JtRL+i@#Gl@(OAku{}a z5EK+aL@G1dMss?f2f4lbmH5zC>X!)#o|HL-R)u@b9cRy!IJd^5>)?VzqlK6*@Qcc9 zqcQf?#s@0zL{qs6qd6_#ezTIxzcsWyJn3k}@9RE?UKDy!qK8mSE>OuIoPXmBd(2=| zV2H*s@@Uxmr#hh3z)p2xn@ILtg?r^Q?cu4vt;(@~8SuLfn<$3~v0UfTY&SE-OmP^d zz+5i-Zt=>`lE@hxf32$8p6~Sv;Md(yLZQp`#NyC=h0#n~H(jQ^e;tx66@N0~8N^$j zdpX{dAvl%$DeV5cR`C8kGQ zDRvXf2NX~3+qUW#N&7&fndR+Qe5(9@yJIn66Zz?_bM0}~^^G6v?Ubh)f?-^dRHLd-TLt&C5PH`5OmWCi-cwZuFk9krR-`nlBZdEK?z&u}?3$fY$fPt<> zZQT2q$W2d0t+o|E8_k~6=6`)gsPm0ykvSUJb7+TY!FVd$NsI69LTbHkK`}OJ{Gwe~ zWLn|#Pd8$pz&BFU*d5sH-H%PX=pXMUy*;mNb=2OvTi=qJN8F^lm%y^R!N?DDJ{Z{? z4z&#)xgLmUCteOZ^l9FCT_3GuR8Fd4tW7WlVYsUq!_s0!IU_x=>Fgb&BkA#A>GE$w z(izo)OrXZ(gzkKYF)NRmex}gZWu%v?otplnh42_h*)|Qj78;UxoE~ocy_3U%&M?s% zYL&+Ll)vpaIEvvtz0a2n-MkgqBvkUXrn>@w17D+1uG^c+(k^*75-V(Azb%|QwFNVl zf~yu~t!ytPEXYxd?&6YJ_dQeA2D!CrEv3s?f6qe(9Wo934YF$HT#==wyEH`_=I&Y) zsdLt9EzYfJU6DC+@Ral*@r=xxvHR`75ja-9SrR3Dv1>C?c*tmPs9z^WVaXlqg;gb& znUofDCPv+J(3@!#s6WyBV&?6(bL?`==qVM{Hhvz|#tD={f1dPf)N>8&&zc3CNEo{( zXwK6q!t%ZM{KZ$_yIg|D9LIuoCN|;6E{if%T7!Zrh|KVl>gNg}maB(rF7=BB6k4W! zHPhD8-hq0*n^y$gIj&P+03KpXIPh+{n9J+F*?q}e(j2tVzveu1m|$Tj#>1~*b7aP+ zms<@+20>V5wFeVyn~fxHgYGoF^YT`W_4+K0-#03`W52^ZSPdPCK|Ef67f95B1~#a^ z!y(2>Y=3WU)mMjny6qbA#|H9_Q9bu?u~@mHTQlQ*??)Z$hP@rC*e*GRD>9=L-pY1f z`6^h+Sx?=39S7L<(C{c{ReRS>&}lI!4vOb${#$ zM8eyd1xycxYhl#0{P+ptaN?n7Vt2uI_Yi-^J^_C&yYf?}`KL*@SV$$CiI=~qQ)$6O zn#ZlD`?>ULo7L z#qa{R(bf|^_kLhWbtCY>R<(hb|A4PV?biO1X1eqF*5#wUBGpHdVVQ;qAK<*R@J#RN zWqWyfS8FC?l9pkpssbPyk*Dj9kZd@HQL z#-YCNyc{zDuSv@i(qaPa>1ph74h(*?@!C!<8Xqo5qTMt+y!OwUV*A_0us6bso`50o zSSm)Uq|$SVOy)MkagQ($sC*D<5EyaK4n9?2H_{=ft7~(N{>NdE!(l%#F ztmP|4Od_gli6*FLA5vY1;yLQ^ez%Bk`Q`vB1Z4_otJa88;q0yFhCMdEA1zm4h_`Ab z9iR&Yk3=_EOCTR%th&p)BQ)-`39K?5ZTS;w3p{+=opkqh7wQCGYz(91=!n|Jx~s6S zGr5DGvh9&-wMBUO1`qCpBB`najxNG_F-jEkrs$}y13&8~Eo`hm^G#^MQ>=(T@(BJ# z4*|2BTi*+8|47mkqJz-i4q%U4P_v!zyd3Azdv6xMZzrewaWEUKOD>oI7c0@EkQJJF)cS`IP01_n zQe}XIb}c9MX%t&66dB?TA`AyEJIXfVzjB_a{gcE$_ERz+{f1rAb2PFT#~yM-ZU?ku z-wL9s*XOfk+a@0msR*~cK1k8j?%$HM+`#<8LnZ)is-Xb{%CyX_lgv;IGl9`Pz9_CpOeKOgnX z=e2z={c03{Ub*YU868#~-CoOQGn6LF&XagLC-bb3aMSh zu@6^mvk5LlC=pcba#;JZ`2o)Oi_U7=eXxdbBVpD~<~IUWLd+0z;kT3w`EZ&nEE@7* zcfvVgGr>q}f@w-{n3Q6v^#JR%ADnDE{QAP^`jXy_74Sh;=~}>lc2D0k{;PZX;X}b6 z&140B`}^RJ8iUIJKL>wqGmnWI4-!jhCJx+&aBw*)uZfW$EZC7vGsCuhNhJMPx+Z4a zd_$|t2|p$R3QJki%HF4!d3OEy3^ZjED$7-{zal1ksV*Y;pgq5L94y9RcsKt;aDLQS zE#)stt1k`W4{^8L6P3zE*o#Wve%>nf)pu-0k2kkj3yv(U9BSegzu;Cu`10Gd*xrjC z&Do$~>+HrDDKA3dmXD^~#F}3Nr%{7Cl|W6LjTSsRwRFP_CRJFhjbshBYwl8v4~@K| zyTdD@=WmghnwoTzx)IDjhQTa1uR)X7b`~$8@%8VGyKM8Zb>Ln?XTm!-HA@v(ngNrdDTtG7aAW$~;CdvXN%(pDG{vLo5Kqz2Vgc3T?wjB38(=9-Jbkr6R5VY^vIq1OpcH@oo|aB$7!k2cWmPHXcm<$KrUUZ(QTcfCwDKVuPwHJQG~0=A3(L6PCcdaS6T13}xi+||wj z;1tVN>{G3L5aPjT?2(TK?edzx1S#{6rUyTkVJj_rOYBnL@(xy8+rTfBoGoAux1y0G$PIG)`q z(4N|j{%!#52#I)@Re}b3;2Ydx{QXNfxyGwyTLWegZ805(thZ=k86a|(xt4b0$njBG zPtG=hOBzRg_<*iwh5#xFcMD{%l3tKkOxbU5Hd*e7*D*P;4<0sovf#GozQZ=qQQCGu z<@W;OK|>uOFKkkJDeFXBi56>fkZnKxRB(IW14rv8t0~uVMOM`REQryvAw$)#OXK^z zxQ2GQAvz#Uf_hXeyQRvk>dvi8$Z-E|Z6?O>17=x389u6g}bwz<9zlf-*bVN&Nb)AAcr-9JF2 zXlpr$(whWVI}usm=+9+7O@Rv7u+0r$Q;js(gV8M?4e5Gjk6JHaX$^n-oWysZQ^RLC zd9`>^U6#v{pF2-$=GHGT)D9o{YpTub&O-9IY**P!cEbwKDNcdI7D9n31gOT$f$8cl z!dH4YV#_*Ai?#A&V&aCJ5{U0{MC`E1)?8~~Dij!W9E9ysUS2a2IP^~U3kS$tX2_)^ zer3q(Q?8fv)K=JEdY}0rUkSJ3&EvQ8FDxu9D<-um3eT{J=jVaW>kX z`+j8&T6zpWQc0_LwPg)wijQf{Z*MMsOtAMhVR!>^Tpfn z7tpcybDHFCiyZGrbV?vUj4bX(Pr5Lc{4b~cKZxqTuj_vpl#b{qZACpc8G4YHyZe0k zg!QtdJxVWMbZ`<(0qo}KC6){f56RSLaxwoUCE*|H=iKzDpQfD9I_=q)*l7-sjyXzn zTr!;8VfuTCKkP>3|Lajy@h3Ero8-NP+`i!JnAmjM;**_d`4oa`c_@H7pbI9a=&AnS z8kA!s)i^ffK`Na zgPi+rb{YR_=2N=Nr~_IPSvuwtt5c2RyZn+Ss-l{;xsgsGdV}sSd!vuB2c`?G=E!VS zHPbg8t73{G9?~Ww^a;$09@VUJd`Y4A1MfpDUUghFeYy}?1V9FA=;d=_(oa?Wmzjs0 zdN6H0p6si}&&vGmUrzr5QMUg+%2kiGT{pO@zK~l@bv|$TgdLFB-0_VQRLLU%c_;m) zfRD$zD6ENmoo*-pZpGR^upzX@hmWKi*UFpgs8jc}&&`8cFmG1#HDmkbsM{FK8(g2+hyOkSMv$ifONLVk|KfN2DzK4Vywcjl&tv-hy!@(T>u>{ zrc{cRBj&q8i18EN#oYETB+cIlwtT6n$YWMkwkIa3sPC$0$pv^qb$QDPLmXaA(q*xQ zRA;H|lUK_$1o6m*7nUK|kB)_fWs~Hbr-7otz;}box~R|O>`5rC+abAaNXz*SX0u|c zf5T9rJyXjC47uANmFc-!0WoK{_~zU7G^eV&p}u$z7@|vaKJSvb;80?!rzGC95R+#4 z%r4s0d-&pSeDeGu@cfYfJwj2fN>TGy-XABqpwwjJ5G*%-g!T-k@6h+BJtecYtM%@{ zpBnb85?2)%Pfw;pP6}hb3#o3=2k@Kl-Nz!bnS}pm3{^MqV(YSe{k{_g2P&9pKBL`+ z4{{73Yxbg&?}Xz{)C_bI1b>SA@FOVZ{jd+qzXGw#4~zx>Ut+WBe|J)@xVR@XPckr@ z!@F9)@@SIV@>z#U&ME`%Hx(+V6XpQRzB4dfW4!*qL~*{V|3ln+Mm4#1>%uOVqJXG? zpi~7CdO$)E5O9eQNFZPWp@gDBC<%lPQUsUuUP1!W6%rt!NeP4|BE8puRFx`KP$?FC zPu_QbXYW1E*!zrgethHPS2FU9kvmVB^P2a(=5?I|9@U51!@GDk3z@4b;cFYTxq%?Y zE@7P95?PF7&2R(?tS}1xC`l50DN{?=!Ij&YI8JWntoPB`WG?pI-p?l*V8{94}pR%9uaezj(uA5Z+z$1Bm*h< zyO79zm`Tc;w$g@=uiaAqx1o^O@Lg&eZ_Ps<4XF3dRFfD5WR^nF_Q{)mj9EfMk|e~w z(F-ggFTkBFx0o^438;LuCg?W(Vfx&5Zbm&xr%CyeOeH*r@XT|)a;M>A11eGPyCGd|^KmLhs{`X;DN=k!Y zeUsi?cK|Z@h`KKIbMN1u&ws(~$8+}ZIB~k3kE&g%={Q|3V6G7ly9)(+ z4B@kVtXT4dy-Ted_*)ey?7Ju=w#!a#RRgpwSYcbd)J((feL5N3swMdA?l;Ol);7h0 zZi$yEZB*6`@#&2VdqXHZ?8pnfHDSEUM|vGUY)k~1YOd838AUg{JF|-Jf>rahRZCTm z(ENh=C9~|f>9&?MJ_WC?-5c~JIp5w zCO|iemVsMgPp%hZ_p2AbMEx7+jP#N7u2sENcW`4cF>!+BSFrb=j@b5Ml^zb}jlvV3 zzI|84RZdyOa0tP|^kOyu(X%WWH4y9;Yk~*j?5yw~S?Y078d^lx))U)FmXCuX5H%2k z$)^Rp{}FXH{tFasv|_PLn_QcitZnB<8T2hLw+B0Ca300_4yVtGvBD^7f(^-=DISvEP}vL`Nsb6$)Z^(}vqd+JloVsM@bZaq|# zTK&{vI@X+486u{{{H?FLK)d*-=soOFfT6@`-%S62k?EW0&dfU$=&g{{;o6x%>bB z|NZ~NRRVqF{auaRX2XfZFjhDrm>z`P`P(xa{cj8HAZ_oT>#b&rf#h%;DpK)Czp%3> z`fXfaZT}gNJhncv{s_VJi%Df)gZQk;j{AvW46v_4AI>gga)Jd=y9Bf#bS#uxFmcb8 z^Nh24CZ&F(>9hQu@=230r=jiKl!sG0WhS3#x!v|pcRfSUamT9eNYJqFa477VDF07L z(%ME{kwtF4a*2B1vbM8U28$lD|1=-&^uc^KL}{6*7$eR6m`U)W9(o5 z4}3UPtE61`Zeb>~xAT?DQU+-w*1wVDR$!OnonMl{=UdK%E1v3qeN+F<%srm$*+1h; ze4@+V#I?tFmGHb&I?EguATGljcLj5-OBN*4w=T3r=C1W!BYs`@9AvShU9%vMOl5Fy z*8L0y%ss;cr=%-nW~fpb5jx*t$Z_II9bjDf3(M3Qb3tF;mO3; zVVOPm>~m3D-)3H-E;eTV2p!H))a;br9;6N!4gOU+STcaVPbB7X3FcT@1_vpg8m`E4 z*fB|fiI|Temp2EZU*Bm=Qs1iIK-v0GX|xC3SBh4)#%sX^)-Bjme?#a?sp-D@(RbQ|c|J>qc_# z|CM|t>)=1lm}0t>UkGs~3~^;J2t1@QSr538F^g%uIhVSLe4+WRPW0SN-o0FsI#s&%k(+=jl2(=g3piO50H16;WECbsHvAu} zCJtlnS4<1U$44mHM{r*NcJsCPNAqOF>BZb9sp!!``UEgSPEzUq{9S+X6?|}!)@Pf| z=_kc={3P=Hn#ArnHU|-)F(_Z2fZ(~dwt|86EHeqp;#~vnN?L1@gImqkY2I^H%r=fq zzoyPxmev7fZ26t)$vL;Xb7Q?n0u5F9Kf{KCfaEU_h%@bU`r`{6SXgVBbyh!w1$RMR zS4eKg8ROQ@`IwF;hZ?e)s$Ga(=9|G0g~ybrG)#)dK_HK+yp4WX18nx55(M&4Lf+&S`$()##Z2-D(` z?KFb5<{z7S4iDm89ZH9!2yAptV(8H`GI!#kR8wv$1O|o$UKJ)$r18;%EEyk>_{!!*C9LstsWgi`1PbgX0pP}fbVsLMDr zC-FPs3K>MHEgg$23)_48Fky0Iq;M~zk{`5$$4(i?yqH78yV+p;Q=tD z5P%{LltWMe`r%-C&J4F_n!G3*`?VMEt{TT5j%_x`^fs({3T5(3z{Pg@6Q_nhl4WFc zfE3t+3*N)VE5*mB%UDXkQPuZnlEjMwp=D;3&DK34;oqDuPhNHGNv!|glp5Js0-H>i zx>C#PTPu<7uSf)61m_2~9g+gZD9kE3SZ$!W3=z%J1O}|2&HVJ1%-ru>Z<|oX0cD_z z5*GZnU_FcmpUkI0n{~kF__Z;LVxuwJgNu0@X zBBrGs^+fTXe+J~#t?_82Yt;KAp9L)N#+8|TsLxNWkE=`5FMTzl*{&#<65M?pCt0-g z*2@~PChMXn$(cW7>EG&zSbM;8i{6*^eZF&dJp7SK7Q>hu5ZlI20=6tm6-hcfJ1co> z^6~9dp%emS)k06tHj+nM?Wo2{vc}HW{1@i@W=zTHuXV@meo8MVCK%%&76DSe@2`gN zV5fl_nnuh7%_whW5Tn}0C;!(d%UFz>WLySmQ#un^*3~osWhY*}NN2mbw(*5MA5%xH!D;!o-1nq#H8$xXs!9?QY4W z2d-%vYg%Zmo76og;atSckyeHPBo3|d9EIfK9@eGdv^r}+e|lK}Q1w+3g=NlV!EO4~ zg)T&zZGe_~_g6h*;Yb75Ts#z(BO!T!RR%+|Hg&`|$^_Gx+NC?EGqHJ$E(jj-DrbK{ zy^Q;1k9mUxkYxBCNWngQzmTyN$D_(!X8KLPKZgK)IwSw{U`BNlKPULQ$=y<-(J;@> zLBdQFHd?V|B;A%^5p^SxM3KaNmMtR3#nD}nB9l_tRukMyabj#5!W2{Bo)HPgy5@rx3qde{^s68RU?MGw z%zZ^#2-b{l#0$lftXpL3nM`~5O)_d}JgWriG^vTF$qGy;u|dL-=1ayzg0>yTQJy9M zShZ+AOcyK&d_Zk;64$N>7ANti#v+1h_mcITr{?gUVz1x$eO7a;=0;5ifghSnfSI-FjzT93RYh}I0>uN8%4noPXQk-W z=bzETJWdrHU@%mGr@BW#0E>J;Rp*&gsl?;pU7p$&w`(Xy8c zI8!XPYB$$7MnuQE#fwloNdlx%)g{EW-ch^(HAlflty@C&WGi#dVR##q!7(!e!!ARK+HTU+Zlu_a9vi=ZM$RkTm1CWxK#%B1# zUg7{Yb*>y#3nPqk1@lBGOSGp6q^8zheNNvoY4bM&<>>R%-Kl17s2_H!-+=-Rel>^C zK{2e#y0B4<_0PkT?(TGinO7c;RM1Tg~^!!0)mvb|w*48HH(rw{2pQ7{zPrK9OP42U6@7 zMW8#xAihp@MUA#|0{^Yv`i0o*1(v@u+X7x9jJ?mF5(Tc_{ncM@^!v}><9q8xbIyv- zmL3g0bQ!&qiG4rIntj*cTFCjF5rzvZo$CHcA0eG^4eHbco;r0RI&=LKZT=*uBy1;b zzqRD^^zY!dz5=~BKP%cuq1+Dz+4>CUQa+ivUaw(3_?DbVJxqPV$>=`Y;7**@~hh=_-oSKX7B%&d(b#zGkZLzwmsY6O>r)<<7S^g zSv!^R{!-azkq~_IbjDwp3C0c@CNEtOFS+T_=g*YX;Adx}lny=k1yi|8&kRv)D*JQTyea;rlB zeMZQ#*2+lS!Se)H2h{r0e^%YO9D4yGbT>sBU8j=yq9Q)h$!y@Uxo?PkTvx`v^{{Vl z=5?FX@?l~qeO!er!X!cekso=*iIY)NQcMJD{? z)Xl*)J@JLAB|q8@4)`NOhwxHuNP)#Yzmu2>a~34f?zPLIa7&dh=H@4u5+ z0#$b13$vv`WvXZWRty&vBmEhfSCTX)x(uP~0w1RnBfp+L{b@!uD{$%>tH5qr>8<1) z8&>T>#LquwXIreFbNVJmcSRC#FvCG&dDco7N<|!sULbkcW_-11^%0u5q133>Kv;bL z5-%X+!MoDBp$;KvueApCWvvYIVtXSvs%nj3jgaCoS*4PSEB>A`Unb0nS!0>x2`W$D z(C;D^D@rxr=-CSJ<+;x7@o9K{nVo_~BW=aE_9?TkW$*pR<6%~-)#ce!(`z3Sy)F!6 z?&jgFGfqf6#;^;I$9*xvR39KLz&uV-5SizpwMnGs6UhluZwPu;;%qB=yy2(Sk~|O< zN3tg4Vqg84>k36Tj}q(;byFi{Lih7?DRumuXFJN`B75bCt;yTJle|=Y{v!7o$Bx@) z@oR4K2*>c>Yig*h6);jmqv>U`u=77x9R-v!oF~ugCyO*fp4m}ttHpLVQ2|BON+(Mr z!O^O_3DA7v#$r`z?1+|cc(?K(`;D_<4G(9pia60uJYpvsxBp5vx;KCx;Kp$CR%}QB z@(blL0{}=MxNog^G$QG?%Ty?^*_#$BoCPPpT}Jd4czv(Mxn?80EyJ9{yDdw9X^dRX zxUu!rMXhMEu`b|wX-5*Gv>8Pjl>M@#zLIG?)FqVIL?W0w2i=u3u)KIi;CTdXb|y3v zdmk`c7yqPdjM5{W{8xb)NjvftRAo0c?xK7Sgd`w{2xrN9hqq5I7G9+B_sh=(17@G_ zZ;t5YahV?|snNk^czwjfS*$`+Ay)n4;=|*sqGuzh)n|(M;njlrY-U%66y~^XqhJ=_ zJJz-<&g-T}SX?F6hxgY!(fs1f)5*FL5vX_egIm7N#?&#VmbkClh%f<^Q=uSb6DS;> zoCzg2IqNysKn3zm-v$jR>qS~&-W|3yc$_064=OhjWBnc9Gi+Ch^~K})9G`DSmDVIl z^=OQ612Z`C#{ygwj+|#}a*D@=>SW9w4QDjG_wIurOhG-^+PfvNS43);MxJENcu+5` zGy_7Ok>E)qxp^em=D-iE{XSuW8VYG3QKl!M=t*biC9hglxz|fUjRicqlJRfq;wv^ckWY6O z%S3!b+8+PoR2a)@Hl)Pjj?yBwyWpa#H;?th#Ah`^q9kj$bCw|WsvgBekKaw1`wuV| zq{yp~w>exHk+lo~v;04zoo_UqKhIg&S?_r-ay1Mc%@1SC!kA$qG8Qd@k!aH0??~YQ#~2X^`PH0rgaq&-pybM0 z#lOyA9b+;HI#U<=oPX4#S(lJulULFj$^kF$D#IVg%n3$fY&TFw;v9B>$pC z3KHPAWncA=$q9dQrXh5E_Na=&$vz&Q7Y)>zuiv{VTYR-|Io2CoGhz!Za~dl@Tq!0V zSlmm$Lee>bl}Uz_jYFUyPe!e{e8K7VkiX|+!~J>_6BBD7H)PeO`rQX~$=Re0hPYg#)Tc;MZBli%h3R z(fnQG!R49~czx{PhztxW#Z2VB+?XZCi&XPn}J9a}^ zrM@<_Yg4>0EhJZy!LjLn_sh%-%d61*TIu~UOZP%CcxU_p&T(H{Oh3X%Y2F{MX7$0! z^z;X-8~$oHhJD`9=bMHP^{msjI3@em9nCSX=JVK9ik=L3@S0+wS^WF5?T%A7GB4jq zD&3Cmp-z#fEd{B3--nC!rXEf?>m?~org4MT1pGmaazN}5RO>@+>R=~7aE|DrpjOH3 z7_yF4Fw046d2oKq`yxotwFtPu(HTMx1yoobL!=ZU)MnHY$s_D<&nL8sFIjIb@pN9xI2_!u z!6QjmnJm?NjSg>B^k7pshsHr2vDX_z{IQ~Ey|*IdemBN_+r_1xIF7b%mv_yy=I2)Pvu;m)xqpy4>rXmI{Qsj?#qUnp z+R6lpy|p5xqlLzG7`1*bSujmhgMsgHs?lMGS>s#M9A#C@Dj?u8gENpf*N86=xLRt6 z3q$^B?T$E?MGF6i=onkoD=x^TB162uFi|vvA1co+V0g1 zM`>)LQAVXq^A2PYbHQn)Z;fDq4Ny{jIpufb$HK2#=*DNm?hNr&bNdD(^sVlokNXJP z$#H&(mjkIIV-wZ{+U}4dbhS-|V^Nl2D^S%5#jY~@E{oC^^rG>Vp*Tg*%nkrXG zqHXu$-Nj+|OGMxE7hkgGCqPSH_pQ`+Obb2d%6sIv+2J5ezgd)=Vx1=uSC-Jd5U3yA zAGe+_cu1hz)HrdZPR_Q9)k_+tBC?W^%mj-U324clhm7XtrZ9iE>aZKsSL=&PJU7ajDO@;-vH|fvsoV6 z)cP=GOEQ+DWCf>$tKJ_0bAuc8yQk`8#`=Rzd3V6OR9J~@^ZkZl5&1${sP-_Dp3kX1 z7Or(&_&USRn)9b7v$-vX{#bQzjGOc4iGDf0|I=z&p>$lvi?PlZJ(49S} zm>yJYV@9^Q+ep>nO_G-#it2VpL;n7^)D0}I$#{E*KqDIbU~_|>D?{-I6L($4Fv z-s*aavs6syQedv>vIyNI?QNJ=V1U45)TVJz0b~ZKyPbHL2tqCM+ze z*N2wB3t`$+idxFaZ~PefCH%Z;>7dE21bTnH;9G=voBuEcHDORP26HQmZVXPotELB4 zmXPSX{&(9}_>lqsC6~EQ>&Lsc{k5`zrq}0JI+x{YeF=qe-dYbo+3jt|5>ZI(IY}oc zIU9G-(p@zozlC%8(}|etzhcB^VDYUg_-m6a+H35mWvT>j-l$Q` zFk|J<=+ZB_iFoRe3o*@Gx!tj!@ z{ci)w|MCU1!I9}U;5K&XniE}SP&Bc#R5_?=o1P?YGu&$iQuCB*gI$KJ7Xh*aveVPs zA7bi|CJO9Em92N2>M7c#Oq>>L3Ld-)`^<Lt5XLW7*@`L-F9iLqi z^1Qsd?c7X{oecb9=_y=K)=NMbjV<~|ZDJ@uPTg?_yT z5Y~RMnS)kHQ|Rqn9;cf#I{Q5->1e~jxCm9XV4`#RhiDuh*Z^#+*mPi@6=pR#y&;2= zEU`2Xp!AeC4fLfCuF8*ZJGk5{|K$EZW7#mU=tBGKFF+^5T`nBZ9~qRqa2Y%7;i40r zn@nz@h`CcRvo#o7xa5=bwSSjHTu7Y_V_thDIr>QnO=+}XT>0LuSpio$Hm-Y%^k8gt zld>L8MG}zds)8+NAeiDTuJ%6{{@^Ww9`oy4RRVkxh~w9v1|4>Q}wL-W6I7=<8(Q>oGy9fC=(`iH24p zI=m=)beCxrfH&Eb_0;ho&SG?ij~*X~qoK^r@v7dt)W9AQ^*$E>%=X+%A&c3(i`w=% zcVEb4w|sxh0s3xSzyD%MV<;2IENj(93*OD=e3r%P#ND9sJeob&Y#FMw{U*2yy!k%H z@R?W?q`X=7c6G+Dy80p~_j==&5W3sATc0b)fNW7GrNNd^>qeU+L8hJKJT;)sG5lzW z%BC++c^W3tH~;eBQNQl_q})#+V9X_{1Wx%ROkBl-qXlXmsAQyYl-rInH~9k(GXif8 zBxVR0yYMeLN(6kAVe*(4NsQ)yt0~XoAYj>Vp};RiD@+p1V{vMdH|L}2{FijcVJsaa z?__ZHmRpE@nfu~{Ta;O23vST}ou%guIH_xM3EbU0OZWB056b&~r3sLm7o|F#;9$sy z;TP{8NA>76qHz-x14hMcoY`XJs?*!}8uI`EPrt5XcJC3AGkWU_!6{et1y&58FXZ}p z?C`p?-M4t&uZ!h{NgOJ$C~G6HOr@zTXtVSjG6Q?da0rrEcJ57$oPDjX-_44OwxP6P ziv1K32hvfMr6b;VQDxDI8(=e02RPeApaimJW`!jO-Uk>t_30DOW2>AX)R-?qnhzJ+ zdacs+^Bog7_@lnA5eL3?qZUN2Ct#gtq`#0r09T~%q_dwcdrsg(Glcl|>}LHcf~CA} zGmNx;*_9EyRoOx?lFbqmUXN7P{*oFl;iAb2ebmvntZt3T?t56i~~#Qm^3$Fk;U2Z}Ay{>qs1H?Pc}Bx%mFufhQj zi?BfrTtfolT7o_Ts?Rj9&WSgo8LlOWita)+x)!-+Rj|}|>Gc#3X317<4y=_;z>Wt_ zc>LQq8A1ZVP?2UnL3(_#1ia&62(Yh#6pKmuCbRkYI9^RTNHnSY^Opy8Kl- zeK8e9i}2kn;fpQL9;#EzygU%SoPf3!{|p5fDl2c^fa+BPO`7{Pjomyledp?7F4dCr z1wO+#lu?cbcd03OG8(Bj-q*u!QkoENI3yCNgc5u+=+s(2*GMOE@pEZdUN8GRI(?bd z59(Dxo*;~xcRfqLjIqkin$NX8*DjRBrWYsm1HbcA(4Q)2qAn~Wuza)bhD@#>YsyHQ zBz-*0%vEy!mJOin3qh|&EB^x6?KJdL2$Hc;>ozI0G!|i6j+B;T6x}*qOhv3gOvu#R zUEtZ&x(XRs!rja;2qaY3=@XB?wT*S79J36^HQ=OQ)X{>yh@xJsHP0zl0Ck5$pqhCa(&Kn2nTA`gn#zOIAz8G zDlCJH-jFBD!04#IP^TAZvLp>3g)_=#{%{8T^>$!L?Nsz6?pFy9g>VI{P|o~o&{i(< zWb|ZRt!L(hYFcJg)Zu_f!ePY>#Jl&|NAfR52WU3&l9N?^0CIJ@vetP*oP(iV`9coz z<>WSGCth2m7{_FcIf?7r;X%_VLD)1O=6NNz3Yw>4(;TM?NPt|rk4(?H2puT=)#U1F zV=>5Sp9S7-)o%*x0rSwjgMc>mm zPiO6gzlFGW?P(cnBwqM&?#s^YpEh^a#hPnFzl;o-G6mng4`}?-_OdZ%%JkH!>qT=C zCww*qwSJ!$YIJVZov_BQMl8Q8e|moXUxTFbfBrQiBjkO;f&cRmUG_U|jHEMu>Dl9J zf1jebXV1`P)CLaSk2{|e;}eTFObO$KX=i)5rcBQSL0{ymB_<|Fj%9g)mHSH+4C@q% zc!*7)TGV6Qt+NM~iN;{_<2p^4Dh0CQCzv0!49HrxsU)0FITx**d>rLzD7-rQ*L}|% z{-Y)jK~?+opfQ>1Qr`F?4y}038VgV1$JPk-C8v5AG<^Up4l_Fzl7C`ml{0>ey7B6!7YO4Ap3mmM?r2(q`7<;B~mW zl(&VXMiYYTa>i|C+zRxyIiHP}flAyvStKR|;WAW)-SZs5zD8T)&ZP?&--_amo-kFj zpQdlsvp=8Czq(h+DiYIoOeV6>7LzxRO={T6-Kq+z2m}nQY+$oRexY>{w zfbRm`vo3I41I>#(-jVgNRF#tH`E~sf`pazb=#EA$IdXX(tdjML(B&^#Lhg z>I2WNPJHEDqeteZ##He->V&}=2qQIps-$d5j{&dyYHI%xX=7MV(ezY7aEQ-~kK;g^ zKKec9KJF!R?31+2y6(SR8=8|+RmZ&Ax@1PWtUv1hy$*}W*g*>IF9F6Qi*x5Z%ImWD zOTaFK5o`bD*txD9xxj2$SajZlO}uyBRn~T0RZP3319<^T`AsZ1(vcj>J_rCh7g;23 zboiURm_h%I9DjXxu!%$m z>xVW+XIihB5*^|h6yCvFJb+)6q=MDu#P>*oJ}LY^j>76gFTV z$9!Uda9tinqK=kA-r3P#Fc8-dgdtAxZa8|tQnPdc%L&JOT!wO2>LzYO3K1DTiE+e;9CQKuaf=GJ^W9x;(z-VsqmAn7SZ(Z zeLbp+Kj}dXd%t6e8v9@ZSbWNa*F!B+2q9>JCXmY$>C&tnV@!T(9~)PQ%VQE6Rpvtv zLXv!KpwFWWN&04~WJxF>!%0Mu0;d9I**T<)_e)bW6M1dVT)VIhd9>ZMGqbAu&9=|d zeWtd6Ci@3q&Ic9;`-M@$QE_->`U4OpYaM0!u(f zYF9uYwX>M<>hL<-)T^y2?H(^fM)ETD{m_DWT+Q(Z>+K7wi`p_ERu zEd;*IaeQZ)R}JPwx#cgGnqkXxxP(I<=a{6TRVb!++K@i_(=Y2b?^varntdekFcD@k zU)zvlkWzQa+?!FT4Oz=6=wH;CYaR+_I6h9&e4;UOfm8FZ^&5(FY(JY7G=a`(A@`|i z_?cB?ged&=w-T=9%Hu})!8F$W84V&x*w&wzEaY1!p`yP@Fdb) z9JqP?`{cQPf5`}=At4WL#z&mCK8t!MNQ9y8G^DoU}x=D}Pi1L^~ zxBu@4%gQaxM!9kMK_rP(H3-6M+&SCxdx+awcKC)B2!WX7Cr znHDq-+aIu1wGM1#r=xpn9G4(5B-~mN!Holt2lf&g`|r;E6lH8oah-EHD4WXD1k%-# zB>&uZEld2^aQdFdr^n`*>^NUP;-(3~#Q0lTDQ43Q5V4JqG$Rt?EGuO(SH)~c0k59V z(KVS4I7}JGR4}{-`Xc3AnP&4mmiJ~jtmjqLZ3hfLZCbnae({90nxOjOXSKW=by!&b z(=hT%Le)L&WLUN6A9Zgb?bnEusdC&_!_TWH)xP&idhIltjE^U2n}Qero5Hg_2pBS^lZ=AMTp|cJ;2CHb-Y_qnEwNcVXG7gJ%9vfEESn z6fqtpN-)Z<&J{IhP|`LBbL!{XN_NJzJ%*@ss3e}R%e-%rJ{Y+~x|ukut#B*md~8Op zVrdEh^Duj$^ohx;yF9f{4w``b@TiGd7-#6=WRj0u9+H6p`=y=(Ukunp8cD!<$DKNW z1dW`;Sow0BtAlRvS;t$TrudF=u2rpsz=>0HU~x4Qr90)lz15`)%#-;uB=L)_&)qj{ z?xdi7^xj=Es+u&R0Gr$|I4uDX01hRfJ z7WoqOsFh6@8K{h%6y(f*y%RUDMh0xAifO3Ia)ddq2%gkF(T_r zR-_lK)z@}3L&kMORz=nK`X(D=(_D(I7s(H<0@pW_kM^RqwUhCU6O6S!zuGFqCbM<3 z-O)5g3$Srkp4IEMd8H7osL{|pvfC6YY3CqxnU+Q~?;1+}{b9N>=uAvDQW&aEE_i}P zI07Kn0f*|FX04( zH*doAl+K)aZL&A*Mt5s(5^<{E{y`}($%{3q=#kPKs5G+RC-i|RqT3A7uU`^`Jwh=~ zl9tswkK=dWzm>;THQKKInwS}Dg)iWyKm6J)fBLcKTjUV=yx6;y0|B+>!^tu#Gd-i? z;sWj-f}PXphhuWnWQ_zm_RDgt#rBVez{#MGzFXq#Rw42Xnz9>nYiT#)emUxsT!W*= z>5S6qkKGm&85_FRQU)CaMda5g?8U}5bq+R0^4wQ*8Km*Egu5&bexDhCU;Jt9-Fis3 zfSbMlZ$+Wp<=4aIF46Fu*zi3inPRu*bB(xE4^C&Uf1J9=)%KuL_VpKzcn_0XBr(Mt z*{4sSW_opdzpSOxDVncreNhTG4HYu!DV7YmNzR&C#xhd&@P|`fKV@PV^Vpg|yr43k>EKO%U zoJ60r`S@t6UdKDfof%b5kI*e~xIL=7tXTEYO~P!E>3iUc97_Hrr*9u3FDQ6X(q1YxPu7~MXQW$~ol^cvZ?J&-48`M3)3uhh z_d<7?Hoj%~$GYp%AXKxfYPWwz*sreeh++-B0ZW9?eTsf!ng9lUkxmMWaZIXqkS z{kmo#b9&{4;`h49ueg-9DPq=3I=_fA^aUeJAeBmac_Z1^@gj7_Y2e{t;}J=YzF{Vd za)^n{&76c##F9ccd59DllUgm78S9gKYBdt~9$Gjuf#WMZg_G9LG+aA)?30Es&z|_- zqG}FIgY-`@N;1YXyMt@9nW{ct$|t3FC(F{7_5HI!(i{8i@;T8aGPV9)>YGUu{gai2 zP;Rf~becK0#KQ}){~pc>{7=;%-NNTfmrrRK^+$Xsxo7@5cS89%Vo*Q$;LpyE=Wj+{ zJXM%zqu2iS5o*5mUjEnQ38EtD$gM!`htTs-%-*R#erVU+8ACPxyk&ASC$Su2`o8Md z!P9h|xMxQ;Pi23Izfs{Lq%~Y0Egrq&L~Gj+5ir}iaeUP~_7q3PkjKo?5WmytSNB^c zBqWhFhDPpV`7=lN+gfMk!@KI2qr&CIT;(x|!*s#3RQzQ=SVhF?Qn<2&`0xd{g)W;~3s`Y555C7FE^l%8+fxy`d<&ceSDP5fZu-Qs zx|fpmXTm&Gqm)L@&=fSmi`d8k?d8$$KX~x+H9a+(A5RQ==7kRTjyz^9KiQXg-?=*L zXIWNqDY#sFNY+g5o7Vwa#MF++FEfUVe@;4COs^+fc7b27*>}%1xMZOBldfMs))?FU0XIqXkGVcC7JYxE!WE4iPtpKO zAowdaY^W#azCuDE^1{5wK%^?mJm0B;H* z8*LtW9a)!!={dxrVh;`46=xcSD>V%55IImFNp^6&&&JPbo~57FRrIPmlO(POR7h!#Bk7J~Cs( zj58AilTbF&3r0ehr*JHV|LB7j)jN?@yboZMuom0jvCPVo2eHLnB0MZ9P?kg_4ZrU` zv3i>Wbr%{$667a5>UyN77uYAo7O1r+fS$2xo|Ge+6&+VKCJly(E||pAm`|?1>uL0e zMQl{tM%fwzhZmYU*7-bM!m~2V)5ZI)$FOO5sdJJRsJ0DRW-?Uh$dT;@C95Wx2BSiT z|2-3-iJv^G359Wgd0${U3(0x2Eg5E`o5#TtI^R;R^>MkY{mGqRQl`@XfbSotq_lt8 z<=%!Zr|kMm?loA#1FAOTt~lGxgJ5_}#rmHBf-zknOF-aZw5jtFiRq$PKDlqJ>GCYT z`(41o{H&DlFJqd1K&BnG2V286)L*Ag5;H{eZ3&v|VbrVDjTjITleZ)9&Vq1;H~&6+ zv*)wihBom!!n>l` z*deMEvRT@k_{!H=MwYO6P$x#Ja87h#4fZ(epEz1{k90aH`}pm79Y9U>8rZt#opO}& z_NOC0Jjn`}8x_+lH7q5+%VX*CWnZS`q1r8Ff|iR+^O=0p$x{|Y<@#=6_*s2Aj4i#u06*vFRusFmqfGKFzd;A z{-I;ZgC+Fo^PD&zHqV~TWlh@=1zHm~j5GS23mhsbSC0e)o_dXSeO%-@vB0f8{l_WD zl<1dEbn)i8a(Cn4e;?3KoxPhg?3-hgS=$lYelNuXQUUyZd&0j@5$vj?KCU-*-NMJ2 zC54w8QFl0IoLQUAw-HcZIw4ns(Mw{>;rj0Jdds6F4+NgISW3AkS)|3X&mK7=S7N0{ z7?5*4Byz%=r;5O~nr@Z6pklbrJ*34x1D~!hU?`Q;VJ!$flVtEgLP7lAbNMWO(q~Wm za#%q0x59uw=NB>7sf%%v%FzS_u-hJHkxS9TI9su39M4roO`udB!8nl_)6($?X|n{d zgccw{GEhOPW9l-Wn;Xs|X~I(W!a3PA7sgx4%`THPh129$>EdRIU!%ubpn~an8sJIm z4;VShOR$aJS=}mnh(dzbZTCB}MUqeKW(JKp%&AFlr8uS6FS42l!-l;-zbXiu#&DxR zn*c)k6ZF0aLm6SSL?!rq{2E|Bn+sz|wSB%^^cMU?DRJ+-gE7b2B%XsqCgf;S zS+oM8@v6uS>*L((qrn3=$uX{{P|mhM;ClKbZvVXt6>;JLS@j%F&s=nymXS0P4^>vY z@MV*EmxSNf?H5B#F^UJ@%WcX00#NpLd&%Q=m>Y%fV%=Y-|%>ytJSPf$3 z&KgGd;xVzv``Tx9LhL}y<^E%KjhQ*yYQ_E(s@ej?rlzr(5XU1^`6960qq>jF>)QE$>3BjIk6@aLx<86A7C9S%QncTvpLGvtbrbq@e?{KdVLy;a4WU+%&tN__*!$u1^ z5PEr|HvWKMzwHyohorhPZT<8Q68AsUc)#+zb_B0H>EA&s@8{%bwC?MM@vjy? z@D>#DxXUxTj7gGH7H1VIY21I_{~+l%YhzPg^*`8q@1Ul-c5fIPN>xx$nk6J4Re{ip zHxL3zC?+(i3WSnC=t00v69hy;=uIFY303J;MS6!2dXbJaMFBw&eRF?j&b-gO-Us^m@cvGqqk37bZa~-uHxYzJ$ zix!Io?Z>92DiKL*1fqPnREUsudCdLS2@W+kag9Y|dk+N@p;MV^er7ejhCwp)B`@2T zYi9YG&gEVAV9y$G$5)xd^E;?AKV^oTp=JS>9<`(i zJ21XRwb5gxWHihY@4XG-E51j#F61`8+imYMPG(?FAs_8Il4;;npU7-nIo?RZxQa;b z9TW-+)r7v>kG^yoVVz{$6)@((UK~{Tn9Bk+9WT)#x0I=+bFYIiQ|wVGJz%I(Hc+xF zrJ%qZ8XX<-WpLS0-n5y`Npsnu2|ls*c%4!M!?Eu(@c>2E98sM#grv4YorB)hm`qKq z2g4|pM~XF2K++i|B#Zo#CY<(jVzb*C8*buB>&+z48zf5iDx_722?WvTONd2CW`hR$#{7*twQB;CP!& z-&_wWH1H{$eDZx;*&1rzHxzX7!6%-r4(Ep_Qv=A~^crfJ(upHZ1=o})JgB_xr+M&Q zHx#?B+lW5d)-=QErTkxvlZ$W8uoF3|9@$_LZQv(7_>?~7w+B2ZfTc&LGOJkWu$7Yr zm`VxTv+5&T&Y``rK)>fzWVcE`RZP_q%4`Ir$gUeN!Mmszd+j4Ehk{lbub7BQ3e|+m z0CR_9A}o1hRaw$xMrT0e42Cb-n`*B@_d9FA}qnXBT6u))vP;2$!ZA)U{EIh zutf0buU$9@YCsO8GH6Ir%~~Q8r>YQ3UZTM@KoZ(%4FbHvP3X^|l{S}gjTW^T1&ypC zCwmGasXC8=k**{nWPv+JmWL(@qcnakv-TCR{XpRDpO{oG8N%|DLCKT(O|RRjDp8E_ zbIZ!0_9+G4;4O?7o^NWx)Tl!%0+E9Mk{-Mmu;5)=QOCvDp~fhi-&q2pX2@KQouTmyjdpx5+(ThN&1Il^#E}mKIB;MIDDEzMHo) z?E+TOnVb4J?7STWV6-Kj0=6sLm~Vs?jNY5Fme{$|Yn&`*W|?<2PYte=1>I$vQEKD> z(o{i$hS7i}H@HHvOrG^9i3UDUFCS0k$^Yal15Fp>SnlfS1vecI=vR7tX<>8r)C@Y%|750wE`h7dTm%}d4bK)Nfa4>J|YtW zLwX}!#SJ9@&WT4PtN7xBR{D{Xp3*ak&x)tH)$39pF>Bp3UyUoJkfa1soCPV(7Yg;g za=i1R&t|D>K(Qm9z0@qjRKiFZkQ=!}^F7b@{5XB|?dz>%VLYOpTwI#uO)?IdYCETmaf~y^@nCxn3k&TkRe)AEVzxy>O}G zl{$Ph84b`3ColJdCBhR7S56QYI zJ2j9zMctH$teB$g3)Fu0{@s^M!-v4`(d#vdicb_}3f`OZ#y)Abcr)_3AY#pqODyU- zxc-H6f^4Fd_pp}kjf$CFG?~{7Y5<~Xa31+xquu9;sE*6u4PO&Wk9&T}aI6}86bLV# z{*m^W*Ws3ajg%5#a~xdaBq_x+>2CAc`mWN>%6F4zm$T27C|z%vdsDCNh$&T+Va&uT zDhwTL3oG7fd~&+O+z?E}X0(5HG|8DtK2aH5zJm%`V3eAU#dzhw@xi--F&$eFJH7Z` zSHAG3LJLf7s^qrvSv?*RagiR)Ux7}+;Be7uelbAD?RQ1+`r zyBk4Mza}{&8tp2ieOV#9YwqRSS}&33`5$wJOCU8`sw;V~M@rd(rtzSBm!CDxakNoO zlI@rAok^_ByXp)~${L`6*!B}}WJ<>$jEfFqK|VxBv!bBlI)H>S=ij6Q81_&&k4I`l`Daw5JaUMDJ zI$<1`f`-^&H4&L+jH;J;-+SGcU)Xoes*(ywBMoNIxYPut%2PWc=Hsuh-pRLdToU67 zgzY{DNf`*{R{~7nUQhoYmTP%&t@NL2ZUt$HGBsuu$=q2AeK?1ko38l$a*Pa9mVFU6 zRNQubKuq5SG7)8ENR5ufVKYz5Z7Z8)k{&m08tqv!4IH@$V|EJB(~)KSQ< zEGjQI9xtrLf^@R=m)CU`x>KHa%3fLgQjwa<^C0hS`@HvF(K2nwywkeCdMF#57Kl(T zo(jtZ>$47x&N`Ul3ge{*Wjew6<8e@`U#p2Y0lkJIUyqWI-H+Mz=`T|Ky6~p9)R9_( ztu?lNvqMZOjdEQR)$!4X)pS`Tg?Nkbrtp{74;EW5ivhVB$N86KzUig^){AhPC z3xSpQIZ2RL^qy;Re%9!;wfAPPpgUb!#Va(+N!YHip|XBtwKvH>W&Rz|xm~;Xy|mZ)dX3F}B}HX;(TIUWLL?mxy(52%E$K{M zTa{Mf1Ko?BG3u#ibPorK($mjN3cD0NUcIHo(Ph;91z_O1q~2E20o@&0dS$xsgeCS9 z<$O%7@5}R7#`S**PihU7N94Y!IocI}ZtwYjK4kvk_hW@$QZC}kEAu8~c)K(Gw6i^x zAwDl2ru5zt`9Z4rej)eO0!E2poGL(uV!*#)@i9cjlPgkh1H81JmAR{ZDjlz!XtaL0 zJ;b%{LSU30N{CMaTFe*$|^tfv@nD~`&xt(MiZ zP))-c=~Hi=e5s2A(_{p#S76SI*BMX)#jD+xB7dcsXmjPRlttq&FhAn^CZZrtjMi)I zGx?%uYFr-GsY>cd52E8FW(0gJOf+rJz*F?ztz#PjqeXJq4$O<8S3p48Itd!FB!m?s z7R7IYRuyIe3p67sXRC|3KayQ+zi%9toWw%dHb%s3FUpzmZ&0js493xeYeQpSa6TAvwX_@O*9^T~bI*3Syr`Mll+4G5o^s9~VGtYE_%m4t zQzh8!QRq9J_gv;k#wYcTJU5Ta_+jKW>n|JO3co*XF_0fm707q&@Ko=iolPhKq3>8< zNYF9U&$yf=24UQI>Z13_jbUm~X*Qe?c*~AFc>Yu!x!f|EZ$BEWT>Koi^6I&eqEey{ zB1+WQXFXwFKq|mGU8gqSJpZS{ZEX1LC8q z8LSqU-+qnGBHJ{~RNf`aR^lhN1@hqu!i$RRnV>}VYeP(`5D_DOR>y*j(LqFIv7(Z~ zB48fhKh(Qf;#p~?Bu_xI(X2`7V|vB*TC+T03m(&NV}PpRS#9GZ?Vp)=6mBr(bUe*? zvdW9yc!0K6UhG~lnkxdgeX)U!wUAEJ?WsvN!$#8Wd`6~h)^xhzHZbSl=$EWGrpvO_ z*Nxm#cIQD4OX*4ad*d3Z1WCj9uv(#56Q9%@UPkhQHk&jKZ7Mz3#y%G&fZpfp?K4oa z7+h7Bx{u3#Xj8R5yf|=CGxfHpfpaorDhURx5L(xDB^wwUjM(xK`fkb@>FPNpN(r4gVBM?uFydp4hnAnpK;3&qw_%aya z^GK zof`pWu1Hx#(X|jyIr(`8?jErb0ladOKV#)In+mHUhwH^Kk?f6$h}{e6>3`K5(~xc? z@Po+Z#b#xB_{SQJmuw1JhlS5(Cz7sCHy=+!eSLkGi2X4*@p`OGR!k|BElh{lL+!2P z+G$=c@Pw(&TNot~ykpty@z>vGH4GWuc*b^^^|9pl$vaAo67S6}SFK;T2&!*@%eUy| z1%G|)oW-Wl+F>jM~vS?J+29RSI{yt8h)*G+*phet&lGy2Sbt_NQ z!WLgKr>b=*{voCtI43WkT~-g@89(G%GgpV(QUG_9hK1)^5-&^#c$gAVg0NynHSv6h zCNviopOq+(bc&YGAEtqDbxYKY-aO%27T|74F)Oq$?Ri>jidl2sH6(5qmD6Za;8FxR z0m*xYUb4UM(q%3V9AWE=E17v^TxFJLC_2Gj_+YWaE#`G*W6xgAaCZM*nor@uouL*O z^6&|hN#OC-+5Ca8X1TNNi1Ui3#kBVGbegiSlE2fGdNEA`{Ym`HK2N$$R=Iqi%8Rv3 zB(EmFN>A+l3Q6;x);-rxW*ja?K`%u4RD9=J;zeke2uWa-*u&VWTu~=hXqnc2Oqo2A zizl(<_U7n3v`V&6Ze-35g)W(l8R`aDPf)Atk@xe1lx%fxY$*W5_}Wj$yTzJvw!gy^ zjPHJWTW3VZ-Lh~D88()>=~P3%Vsj=Wsb^Bzj40Sqzaaq|{>1NluhLkTex@s_tMo-{ zK7Q}|kf_--iSY3smJ(&)9F?_$+@vWM{1l@6%CBK!>#dRhH9H?WMdX zbh92U(!>`@xHq~Ub4xaV2;&`f25Dd|KsUY~+1rwurS=9Y8eEJx`LctS+^hB0TCLDh z1L1(2&rjuE&c2NPvB*>V9$eEkrP-G`$fGi!NF_RlXvtI0Oq^iuF^xI+b5+f}%I6^~ z8%jQMIo?m}^ZcavYWx9pNCawM-Xb4NkLt7dBIUB>@`uGYue{!REyp z-u`5$h0S05`=&pR5kE7KxPponSQksX%VG>4-*k~NMf;39D9n#XY~$IW6%=hgxsK0% z@HkZ29EBRwt*XI;hRusUQ>;Q@%L6vP()@C>`snR7~>r-i^x$nyYV&L`_3|AdJiZT|20|h>?mY;Jq z<{ZirKn+XBp&FH4Dy@$a0@QWOOR#us?va?OTkX0LJUG`INDNaXYOGnqR+(z?xxdO3 z004f6Ty2+fhZ*zYx8_REtl#F_R8((LiPTmlLsy{6wy(WUFuge%n7p9kqY>}=EQ{kJ zdy3>dPCLp(ef)<7orzSmQ7#(em4H=$@h#~tEby=dWCScVUSrc%nyc|F8X*d}(IHq( z`(qswNsI0FtdBa~yQ$xwxeQVox|4QYQ)d)Ex0L*>z3JNx!K~4@!?|n&v%z=k*bd56 zd%rV>gX+VL-(mQTN9`;x8Mxq#+Io ziZ|UyTK6~{EpbuDTd2d5$9Qqs|reJ-zBojelYBtFka010%#~^a|;(2g9zpkFB>0SO7 zueI=}yA8YGoNl97w+}kpSYG4){LV*v3xbo#wBP}Pcl}gROw3kbEwO*iK#8?yvod!x zcsbkIo>3cX%6B4j3cu_^AW&{sg6Tr9zH%9ejsyqS;8R)~*<-29rMVk;GIxBUa$GKe z)X8{IW+-6DSb)VCwJ7D}gp-%2d}MbkpwNkn1SI}mo3Ws{s$s265dQLQ=?U;&s_#tE zwt8FRrNmFlV%%14v6|NQ-Z_PF=a-}Rps<57V?V*S^6T!HdV7+M1u*>?zQ9hFUD(ku zAVFjaf|vO8H7Q|QK)U}rC>0|=)DmidviB>al@$_(Yh>1jZh8j)QV9qX!oqCuVNFRx zgJyZ+oEdmh&18CWr+b$XFi>8LlOA=7P|lVvlrRmCHm-IxUF-^#d_CqFo(N;Sh7mL zyAIyeTK8JI3%SGktPG{JaByMb^hTxSk!YUeBhr=QU*uShv3b~e%YLLaBAkEYjHvGo zB{%>;1D^z7UH+Df3$eDiAxnLE_~j*q;=jaNPRan*pIMfUY?9;;&wobT%f``fw1KyS zCxb32bX`EttIY0#%b2v1w|#6m$C}!$-6E%bu8YdU1mgr0)~*R5q7uQwmSv$WDxeD@k`U1I65P1o?j6|OJeS;?IfPpA;X&fia z$pQjF(TO~%`1mWg-wY6Y#8wb?b`!z0LPNB?v6%h4U4%kY-lcWfhDAShGb#4vCssAx zTdOLGU74d$JJGmb0(A+6#<`u}+5%smSy6RO5hU2TK+XXVSoX;vAaiq(i6RI=2|XjU z6(y;CXZgDY38JD~uOMvkG}R$$dCYBSW%zWkJ=%Iwv_AfELFhxO_9%0@&OEluj`J|x8H745s{V{VkT+KXh z#Z~$Ymlf)beoOb$@sAEtZMKV4@7;wh6}d|s6Moa$$(5E?pJhho+AZkbMZYcbhnq$2%u8dgF1Xo)-ABe^1Lzmly+P@u&{qVV z=z#fj3xt^7r>nm-@37{45bMN%*Fij_ZYBUcc%Fr6NF3rr;jNI0k`O1{`pV+V;*DF* zR6K8-;}S~Gg-7mW7d?J+BIQI#CWal(KaV13@j?R?uhgzTRYgA)whhWREnc}Dwiqpm zs%E54#tyh$qi^Dh@_%B@dPuuNenU%55Hm0J`aoNI)2Tr@vm$@ zvqcPL$WdKQmnswJTp`Fn>$TdgnLNXX89(g|RZ@hW=Q~q^b<~9gRSGysAbH{!nm&BE zv}2uD8CcR8oG71#>wK)LEFl3ZmZ>3~CzE@ERh`H7q`hOaDvo>=~(vZORw}ZBEf; zV(mcf&v=D(v>U|`UqDrp&`Qur7xG0u2_RF2-;sQ+2KafK%%H`u7?WV+ci-`{!p{Y5 zVzPpX`AHQ5`wxZ%e0V}-+;w=d)=?6G&eW_kPmf!lMe@>v&$2h|Ua4bg$}_hsganu} zXvA$##JA2`2mwW(e4(voZP=~TsW#NEW@ZJ@V&P=e(PIe7ye>gaJO}Nee^_#!o?M5{ zl^Fx401UT&-WzvWxbK}w9n}-e^rmlOd@rPhJEY!d@p$C|*A;4s593h{HhtYdXrl# zmffI27r}|u91Ml0U3h3p+|qCYjj(iqNOZ)1rupm%Po*`swhZ_{36PX!@Q0=0*tcry zz*xh&a3+_!S5mYo`RTEqV`nUFPtE9~-*kWJ#b%hR$^xVDB9*H37%7bv(}-jvAmpK- zRhEiN8-XqK@BA}cV{7F}Lt&*;AB0`yz~?iFGA(3;1~6s|d&_T>#a98aE`MX41u~Uv z$IHl-oGa=cJSF?4?^{KBs%ihV{4LnJs7;jgzCt`I9#} zJ`aa2#vOh*XJ~KMsa!asE~8QFK~F18Um}ewC2hy@8gy(^i4*0`m)d!pV7w-gXE*@g z^X~?1AP7lAJqilJZq7%*HCVO9cq+lLo0W7~T7M4#qi0gR{E*5pOmLqnJc?_cakn?XYxSb52zobI$*-h~fQ+}EzoB!KpKCvkb! zgb)Q(^a~<^Ne7fey_yo~F70<24wz4HXQU@FEP*1|q#Qc2D1)9fSWYtrVWHv>IB#np zdfRCx8J(^(67R2w>no_{N`xg`Rw$}kHzZfexNEM_6X>wEGd(^1&n|&vPoRtWslC3j z$16oDtA=$HQ0Y3~XcE?J5dD_|O_4jSrk)kw1k-$^01B`)6BYUOtEX?CK90}x9vA2J zn_>80)SKI2GCrJN|>|k6~ zm4N9OA&|hxG8fkn0Lw$r>%j&PX~4PABG75HvD&svD6&jSL2GBv>*y%M~KGol*=KpJqG+9nqfAZ^Te!Nd}padSaux@(H>`I|G9e~*5{EEWppjTKWK={J^w4R z5wUyu;_Row$#>2%^?iFbpIX1}dX^t)s>yx8U#vabYQA3+Y31j=l9I_(bUCo^{`Kj8 z(U+0Oro_^uManJqAdT@y9`R|no`d_yx#emJh|;E%u4@04&EfX2TzE|KoDQNnQ!MMf z?epsKq%2X_#quIc#L)#GExk%lOINp13-JkmMs}}k;6p=8(Uy3}NqxyeZrOFyNG#UO z=aYPYaHHm({{-cQ%9R{opZz~9 zouQ(P%<1NRP$A}0b(-rH=d;bQ`=$Ig z**+@!?WArfKi4o%N3ka(tzb-4^j3#TUF@yl1cghEC8PIGql){f*S7S<9vW>Uw1;%Qab>=-2kcwK-c+znHfm%_Gy75Qa+P0+c+R8p9 zO`W^+Qn{n7RI$tj!ynqo_^*qQylQyRxFS72jik{Y>>i2RTQ1hip#EV2#*`=A;y%sY z->rAwZZWZFLcG^(m1nSjOI0qxTxqykS$=Kwdt3Rzwt%v;{4>;ex1yjh0AGVs?j=H8 zss`MRw^g=w*Y32BuV)|DRMe{h?rk7M3?x@=l!N_3CL%i@J%g zS)AEzKX5{Nqsl@9;A;hw?)Qb`>C$@v%LP|r*Y~aL$+W;GxrfPfG-i;~?d1-)+hLb* z71MeCL^a~+d79jap$;N!h(qz-&id{a6b*f3f2>kb!&8WuPqr*BM#|`G_zRy)68vGE zVC|OA|DG2c#V#YcRHz-f5bsnE#jRXOK*c1-2xZk4Mx_k4+LiKzSNc|_7RKHf%G*(T z^JBIAF_ZR%Hfd>lbCH!Vs16M=bxm!xI>_NnN+jTU=H|5o6ad2Y4z~5r@4NRJ7Y-MQ z9=*?LFVDPSZ?XEK;s>$+%XNGql;jZbQsz^tI~ey-6c? zercK5gc+)4$264&i`8b?C>I|1>3`(xF3IG@xqL|g6?;NL1x8GeN#U!%O4sN9u%y1^ z$_}o#xLGlc)y_^flru})T5AxcLvLt7G$X~VDEf+&jVzOTxouc5PmMLq!8 zvi>@yA9|kA$*Pi)m=Z|^kjAI)?wf*41I#Y71Um)J@C2Fj(!n-a6hBE67GwBhA+5Jk zf20^Ly*I(xGZ*3|(Jb^dCKe7f|eoNM4sb<5uL(uH=t|vmvHcV|O7L`XG z>4GB1vn>jmu5T(>yZDn@bfO@+PNyiBxip>pu+uFw<(`Yxm?2|N;lC}*ZCnRkrYAl} z)}+S`JgpY8>d&tQkdK4x_>O-f4E$ly@b7hj;~p_NKv#+&dUNX{FBMCS=kwDFs#b@_ zJD3LLL3fXOFb<~ux&@@d-csRy`?D$Q#RutiMZr0ZyAOu5REM*?s1=84nqK!!Y7{eC8XA?t4C`@5hZ4!hCw(m(5%2-wyaMms!Usp6Y4SZ)&wQeP$AC{NZ-c9!FuT zgiNtJ_#ZCs7Ggozk4EU{w}br>L}#H2a7>snXHLs&l=+*?Ouk89n~L+XTIR+Y9F=iL z=}2+&YX-O-8G|OmWkh6W)&)qgNfYs)kFCeA78_l%AvP3`sHP@umPM1sirzGPszc2+ zxjSWk6FnJJ<9CKd`@o8#a^ebzZ0L7!`q|LuH~DrqY%KBFrsS?*sVK@sv7p4(72x#@ zaJ)(dZwA1FxqiPlm>^AcvTUJ_RcGq?M{CtvcoLS7w`pZ0F%BrY78*e;ru(!@wh`J( zR*mA)pa>0SCYTxGadl+!95dtC)kLAw}G9 zic|t$%dX12yvEV_+?VmCkJB4~T)X-O=BAoWI z%Zaq+v?;h+y(#%)Vs($pJW@ewq`^`GnQ0-C9qDT=@1W@^ApHiNvAV8t@f;lW^k-jV zPE)11!JBpS!>ncm&q?OKt`K?nj1-bBj0UMZRnv|A>veYrgp`QS5&k?{ zgc0jThvKP~Z9*~OPDN>64cbri#L#!HN&3EjqfdG+5Wif{*A1PRXjS48Sr`0~ZduG2 z!QU|e)T~C#-}S*Jq1_e1A)0MwxLM*juL;#x)veV>iqF~u8{Qt6`=w#SJ>aWU=AOim zyPU1sQ~>Wc;qzgQYeq&wkPu*10&EGLtDwkPOFTC%WLAXQ#N};#->6wBH_C&kRahx3 z7V2`UZ1{V2wq^&%+AvGWsXVDpA8%63=<*NY(D9(Kqhiyn21yI2fWoQ?bC~buOE3CV z3T5;?SfD1N^Jrv&HBVu{m2#jn)U2Z=ZjKU>&%WnT#<%1LsqtWy^hH`xNy%#uiW0oG zk3X>{x(aYi=SeAOrwJ(v#6MSmDVmGGf5L9$e;sokHy+9`Z7nG6L zyMeXB1ZY?dw1_u-9hrRj8#DcHt=(7IWp|zPq8;2%Z|r{X?#WB_-+sdlzg+HT zafX|oy?OVzY-?rl0Vt;|nw|=O+4>mwdB;i-Ncm0Qxo@e;?ri)RSxuGzK>d>l^3pFR zaj%0@d;~7LOi=W*!zYoerYXUNYlbEtzC3v8SHDb&Gu{5=RlD5qrT*9Feok&{mkXEP zM>$Ru=NXlZ+bCo{nY>UJ`*1yALojs60lZCVzzfeMpa`xxa7C=iVwMR|j@;~R`C*!v zrY9C^>=>_`525@OlgX(U*=6NST2X=XLWoI*2aygf`DK%_yzxGxKZ2m8rcV8#fb!cj z?XSjVDp&LRkj~;CwsJ*(mtD(Lg9&Jl>GInhPY~aVs?(6P7>1+4iGR7P7 zyy>=zStaiPN)t!#7q#z>J1YsNR%N^xUU8y(jqSG7Tk6c$q!Y|See}c>x|H$7955P) z=-H`ufdBvqn2$k%KYOR9iF+u$>$->Y?WwRIiHh5?h0!DefSE^DI+OuTpm;T3dH zz#EXbehyXc);xqN44U9KiV}DH@s55u9FV|+*E7$~e(CnBTJ)=M0JLOJXHk0i(_Srj z(QGm)awqDVq+8Gf3Gi+E$dUdyw~{ZT*C@gizSHox#WFN8@7k3jbnK+Vt~GZdYt!F;cZ`QaX6iL|OE(=g24F2lC>1>!~l+N+Y8ni&wj`!NXWf8BMKx zgf`QCIa9$oce$V|X2RY0(3r?09`xzTolXQ~MXic9xH1>O2sT^3TyT(ZeoH-TA>+$W z+5+R(-sG2{QuPw%#9yKL_|VPQx1wAcaig9E5iM?(zwoffx@FuYANx;kcarKT=Nj;& zkpz%9O^?8|0^u}`3i%eL{$saXB)e(sSH$ccFr+=#FiKKQC|@Zz>?5V!wj2XYm?j&M zUCNBl(DgH3nVP;D33D0g>c8(ivg*+^X_YSg#X{5CT$5NrMEcj4W&q?!v6;VDf?A@- z@7IOryV?UEf~CBM=9g1LIdO|^h^iXLx zq*sSVIi{&Hz_iG!rOjua3Amy7cwX={~S@)6S%I}&ZhZl1x56?p4c?}56K`;x^ zjp<-$ z@S|BOY15If&`8%Ts@+SQzzBfx(m(EGKpA?^4Mv*-tRsiNg!8Vwn&&V)=oLH~+w?C= z>tX+Z&y_nkJfvrWl@_N^E9q#jQ<7yzxXK0)S)vS(@|_6pec3~ zXN#!xmz9dD1sNz`KsjmT-M1d7NF!K5HxhDS0Km0gONS8YYIS1err;y>4icV%dOkqtm=*bbrM0zZYL(#w{VnHHQ1t@2 zdYCHo``+REwrixux+zR&>gT?=RSpxbGyB;9Ycp(f`h}{(VK?PRGVH~xfv?Drq>lnt zWub_OJf8~SD*^)x^6c1O6a&3{+RFdwzEiak?RM>IKr4UZBcr%8YX-wcx-ur>NUlY} zSGLpoL_tO1o4`FTtum*S@{O$b4(}bNV=UbGWdIY;P`=Wu#Bv;%JfM)%a zVV14&SG!SRG*!LZe{Cc!zwR3A-E`lmdJhd~26NxM6+q8EX2l#dzR|K}vqQ0wW_;DG#~{B>?)0p;pM$QH|Nu zbLSW;0nLhPi*>wtB@a_+yH;+2Q{E&{Qs;Gh!`@5o0qB<}A-VFh`#tNg3?sQ^!ILD& zI>w5J5J|LZI+zD%pO?h?AIfs-uU`n>b&nERL7*s^)8}Rh!~#jdwRcG)?4;lqeR+>+_`iLr(qg zLw!s4fTQDQ3ogpoXBtH$#(S+8=*sZ^Iz@9~YH=QuV1;1JCVKdnn&SoiRoOsQ>j*@# zO7^k%B!lj0ZkCQFr%TfKd&gR<(w$FE%8<{gcQh0bQ_~pqSL% zloPK`grs4x@R12K(q)v375EQ}Wf4onubbtg{)t)m1E0}J?V8(Mi`yYk0y0&!RM0T) zASV1d?w6yHa#?zN z%?{tCX;FHICMm+N>t{v2W+WzBmad?b<<~GHVW1!iTn9Q!FdZDwX0zG}R^_XS-Gp$z zo&arw>Yt;^7_rQu@N10|ogd{DG|XTYQ`QL#(Q_Pk9ri>I6vE=iqF?gNz_($zkBT-|a+GC9gRr7X{1rt5xuW!3 zMu>c;07bG*QA%Q&)pNCY`7j`Jjz2SSA* zC*CL4aaDA-s#io{9W#FCn925XvvGM(2ftukXc`yqt3G+lXv+RlICi}niY0c zgsBac$0(T5&4y$9Xaq@6lxCC^@zrKvT~kC3DX&Ha|$m<3Us&nzLcVs@yvOffj6k zAH^k!vbI1a^54w6#&EhZMIPCxYcwx%4kxXvy&pTU%smu86+FWqOU8Clcx+MY1x)=w zRBr;qBL9U$mvJRGxg@-O0KY46U)v=@&hV{4x`eA291 zIJ_b|xo_=#XUQ?s*UrD+P$`Ow1|FO+X~-XN*DacJA#@=EGrnzc8-<$w!htDyCZBsX zi<0NkpPZ$6iAan;{m0JwZyq0`t-Z>z41z%@w#qt(v*8R%s~Hd>x(%qkd-! zt^(HO`0L(u`8~M(o+F`m+pk{nhb+Rv9G=lblWtSq)xUqnw8P!Z&pWbHa*!y%T)31K zb@KYlRP$ZL@)t*YkFFl-QZ3eFTJ^M3O0^>+co*1b)SB54kX&6VJPp8Up&;-dCv+nRUN-*ZrL-E*ehv^yAsXfP1O+!pr;?dekURKVNx})3>!wfq2KI*_155 z^Dg-5qK=x)(X~(Ecr~WoK%fVSiYk~NgVjfz z()jjdQ*tv8QD|?G=(0sMyq$PA0Y@b?K#Qbn(2*U!lBR5_MkcNcu-8Ob{1C@6ayMM2qxapd{nz++PCXvlsw_e&o3qtpX!>%A1+LMBR@q*GBA$b=|sDi`0|(re$2x>=YaYVW~BLrtEVinjjg zA~PiMV&})OR#uJK4syXX(~2UaqTh$FNMQ1Ck!xUTEQkQ;BEtuw%GzyeONE}eeZTuo zYSf(jX@Q`KCR9hmmZr~#~kjwwyhWHd^w;)ZG+^wfVdZU4KM zbv*mI`=s;19+vMy`?;sb=Iza{^c14s&)(X+!5yqw<+y)YOt_8p(TSe{nMcLh+png_ z-~Du5rmV$!c-7nfygM+}ye|HfiIns|KlWTo&|>W<;ry2+oG zgZ#%{dk|x5eupbPJCrg1!(#BcD;snALw(F&ES4UH+WcnLiL$~A0oh^{u^evIN=hnu z*Gm{3Cr(peQY)Li10r|_`{HZav>ng!O(?#8;XHY_!P!{V&m9&k@V@o)^|zN`pB*$z zZpHYlaM{XxI*F{Z&%C<&_6$3&y-bLEo!UnmStU%_AxVn2ozsX(qP_6*WY$BO8loD; zb*wCw&E$i^kKC^+rTyYlLBLb&s9&zHkQugxqX5aiB;2FgL>vjS$lW^c^K|x zk${Lph-Xz@M_nH*-g^!5zLrxp<~CAPMHGkMEL!Wl$hji=gyZotTS1XZ_?2oXC6ieZ zJ&48IwjA{3GsR;XZRnyu)VV`p=2t%>q8dUlbeu}%4N%5!WNKmQOTQ1kk7d6%?uVOM z(sLfF$Z%h2o?NWuZ#2!6j5o<`Rq-D&n-t5lPgJW`N#(&ag$Pc4aEff1YPHN-Pd)(c zgp8N#z3`p1e*AUK<>iTgT)6yqGeRmkpno%Z`u3+1Jz}c=lFaSprnDVZST z(oqmS;>zie&dX=aCV0d+j}olR1)TvY8`yOF93jea+u(*O7lp=OUysP#=etIaWDuIR z3XD50j@-9@7?pqKe*|xO?seWwu#O4e*CFgJSS%}MH3oO|pJL?xVd+s&jXzV3-;z6K zSD|#@dCdRx<^$Bz7D=;YyP(hccc*#`$XrnlI7>(UglC7!_k_=Qs+jq8`k&BLoulG-%6G?Dr zqkfDxNtyYsk)PB}?MxzFk0DygfT)nv!K{z4D4E*(i8Mr1Xdj;5b?^7CHwJzkkvtPoXUay&dz7vqyVe-I?DRUT1kq zJB^ggZsYeeuQDn+wC^^Wq~2>Z-It5xNe+sMzbtRX*>_dj`yUY~|J}6xXV?A9=Vkw_ zasMvo{?$){f0sD?lXm>;W#|7% zyAc8AO|IKBu4|jJcFGx^d+C|ml3w;PNk!N`d8;;gJ4Xt)_Bd9r-eJ46`NcG#xKv+p zS2Af+9Up7G`xR|4<0{bxb~>GDB@I6LyY5LP`eE>cV>!_OJbEp-`g=J3+v*1EQ+LXt zg?>Bbjo`78>`kjHm$N>&vHs6x{}Yh^$&mjU3;(~mIsC8ou00y+_3MwEbW}*WgrY*C za5Qc)Mv8K03{K6UayJ;MTpHJ;$R($7H_2}>m~m^|FAa$(_sa}nTv9G$5Sc-Y@$)yx>t<^fc>vvh}yziRtf8S^C@ArAW``P=mpJ%V{-VZlg=CU(6F9&3zs`wKkFfP{0 zv^-vx{y6;Yzct(t{%3JuKOV6;j4o)g{sT#4Kf=gG?w!fA~u;5^#SVH`wZfN5w zg>AZddf%8gt8gw>L(QpGg?%9NSq@L{Oi^H~ZqwbeL;L=-@we~`g_0@>%XSNqTwT{z z;=&?kolo#1+Txs8qS_|`cWpsVQj@jAKXYdgKONlx?CpMc@faoHXxoO8|0MwDZ5+9A zG=yUd|4%W5i_33t-hW+wX#^D?PmBP-l5$dfmyZ-Fn!#N%9wdmP1m3WoDAtyaWkFR0&6qaUSr2t*MO z!9r?H7Fs3|O35CkmNe*DzpEOD@GI10S*m!2>WG<%?U6)~px9(|&!D6RH?8E&$hE@2 zbBe4XC2Ks+rP$0y6`g8q44)dYm-7tbj&2?$EVeslKz(eQ5Z}5y$ACnsjnTd`c65lu ze|=lj>T}W6HQkp>=^qkU-gCoY`Vy6uy14QDCEW{6VY*IR{QoTxy?Quw(|$hm(~q7J zJ*)n$vg(1Uf4Mv50!#gdwM}h}Z;_UfalEFlJQ$a|8s~c)3FHpr@`bfP`S4ROvdTkv zW~7dI3Y!Nh{mLKqP3|$a`}?!}FK(5Toz`QuSDCQ6+5OA2Iis%152kK)-gN8LP4(DK zx!M6-;2XnyNeM-S77Vs-RrVxr^L2vDcFSdMOAbrT5vbdk{LsZ`E2R7{Lu^#z`z-y} zTg8pZA%Zu>dEWh_L%pAqgzQj?-2u24+sMb}H|1ItKuDGZYnN=0dtI*KKtWFf=o4NZ zC`s=t#=7l`xc93Pq3||3g|VA9Rtf6<&_r#Svax=Hv%*#LB6>jMN!qZ97cB=IRt(;u z-K_Cum+xqw34%Psl4gS|o(W3661n?2s`Skm36*LyfBv4lSzD`SXjE1sa*U9yPVefU z+P^%ac_6QCNlYYj?QI7iuXT(!7=IECanWvh9cFGa*nJ)pkdILqr+)BTpm(3Czw=f} zv$+xJ^y$bxPol5d&6QX|3vrL)(ji$(pO|=KMwPsfEj^WFHTk5%Q>*y&J&z9AY#=S% z=UJJ)0aoXm+}`G*ZAazDAAbpw@^V~JyZO>~nYlo9mCR7Us?xC&pT|Q&+~(`@6ZZB` zl+_0aM^<_}kZjt0MGC#ayab>}Z{@=SNQ`Eszx|%i^|Y#DFpQ2)%Y&wy$Xg?T!DBqt zW>RbfIXNTnX4%yjnmRq3-ZUhc(ak>KJmqWCTLiTqeF`htnpUvxC$Np>J=M#YklYd} zLv>dP=e{6e?j_Tt7cl2n*(j@R>*73@J930!=+f-=xe6# zY0pbjL`Ct%Qa@-i5AN`*8D=8v*9hxt?M7&{>u%wO-D^34iv~VDs4R?RrmEJ7ezQhp z#yZYOcKI)zL6mM>nUM5a`Xk*NLM}emLD@mh8OvhGNMj>3a&=Dg%d&DphgVIm!H<8vjSmu5TW}gkh2u`6Jp24Uwr3 zJM%69q==39S>ehFR73Lnl7ahlpI-XAv_xmJA>_!Spae3vv&L`otDQ>H z#bYm~DbFiQ3ce~p5y*iORGel^mLjs$e*`Xbf@+&{Y6tKQ`1*XJ;98SNDp*+5L!`^N zx4>HFl+0BbM^j#lqU9tt`J#NeNjalRDWa&dUK|7Sv!mr7P0SBzE6NH2Gd5*6mZjEG zqjV%kRe}YM@H=sXAF%4p*@Hdb-XRwzg3DK-%qvwIV1!GjO-R%2&oTw2q9aW8JAxypKXe>nf(sIm$5CaIzxQxPuB2 z6Zi{CIg%JV%p3?!w(8zsCoRu`N=91jo2O_5irH>{N0%7Nq1-3qp)f4@RKk9^*Aa^g zW|3()d05OgK%gJ8LErm8$d0YXrbl6fI;X|f@)X+vP&>$V=<`Mlo7vJjybr{(Uml{Ojp zZI4E8{Dud9d{e_Q&bB|htH%`w3nK|j{#Ll)fJeY8;W0A}_BF6dMc8u%A*aabXM7FK1>Fpr=a=waGzIqz*T_Z{ipCJ_H_Pi*$tC^d(#@Sj9j{!a?yCrnI|6^Y9}^{GvRw^p56$0*%{;A0-I2ID?49L|DsNr;|3lOLF9X; zAfET!Z5a=+T#LJ-y5Dn~&h;4_tL!VA*t3Q4_pQFoaIWNKv^G*1voaZ(#>DdZx5lNG ziCS>xdeXuZC4Ad4u#Z$sQVtNvCQfcERvQ$#2w7qkL}Hl*j4htJ!e)w%xq}KC^k&LOHD( zQS}3br48L6t`i$UJTZ%ptjZ>89VXg~>m8yj5h^DkGUD$I-|$^A8E8p(;vBabp_gSf z?AIK4T{!5n`%sh35JdecD6N8QFcahT-UuR-gz6;gyCo_eJ8=BgiKXGSF8W}meLD_0 zncbs=@Wmka*0t<)CMS+7wulw<@V27g1ZLG7=2y?_DD?Mhx|Vpg!Omb$CD_Jj9)^FX z0S{qJb{$r8j!rTIe~V@n??$tp3NL2%DruE736Cz#y6VSk_3fF%H{GnrMZ>NooaB>^ zFwwHQ4od&r*~z#Ibp4qfwWupGKB43p1{Vb$(vqrR`2+>m7H@k2Rk*QR7Om^m9T^jY z%^VU(8XVo=m;(nKIC#kM4!=7@cL#?Gm`nBhc}lfAv6ci*z436rv=*5(s;HL~DQ6W& z4m36_b9D`zas^h*q{&4ff(~7(EXmqbgI)A)r{rWGHzfi9&Ze|I?#4j1i zn_Ca3Pe#X{c6G|DpJR8E?i5yzri}W)Y8t5v?js*M?h)im4f6M{ov+XHAKL*)pw#91 z_;p5x!}`D2teH06abd z!m)BU#j_Y(?+1E;Dq}hAH`*<*_#ME-W0^YK96Con9R1+f2L~TG_{i}O9RK*wt`E)^ zSD0G{IgF45WBqpvI-YkQs4SmrxOs+sS#DUxP1ISm?UzB0)m@4EF8J)Y79piI7Y%j1`Zr@+{Et= zlmmwxIQ(D1q4uQLY+84`1|>6i?6Y=0=96urbgSR(`C}h^40Zqls90*zw8xeXe^}ZS fsrtUBAN=za)D9KqIHTjy`*+L2|06e2JHvkk2^YM3 literal 0 HcmV?d00001 diff --git a/sensor-iso/docs/images/zeek_file_carve_mode.png b/docs/images/hedgehog/images/zeek_file_carve_mode.png similarity index 100% rename from sensor-iso/docs/images/zeek_file_carve_mode.png rename to docs/images/hedgehog/images/zeek_file_carve_mode.png diff --git a/docs/images/hedgehog/images/zeek_file_carve_scanners.jpg b/docs/images/hedgehog/images/zeek_file_carve_scanners.jpg new file mode 100644 index 0000000000000000000000000000000000000000..322db21449d9fcf4e50d9ee40fc15d8ec210cee0 GIT binary patch literal 42418 zcmeFZ1yoBf#as0K+55=uKJuM= z-x%-R_r?h$thtiRBy%QNN#^{))56nN098s%QVakC0|O*LKfu!lHN2?1g((0?O40zZ z006)P02m|y2BP#qzrg-NzXZ|XU=RQVC_NAq(LwZcndgWH2KC!B97N;)g^mZ&RDUT0 z4x*XBzyT!CGaVF}K{O`lSptd{LBF^41w>DPBJ6KJppN}k<6ocRlClcK%nVG749v_R zenw_yZbo))CRSo5Hf|O!ZYDNRX|Sxn_Xx!PEX!Z|{#?~x<#=x6uX3=1(jorRM`%zw z^dD%fztGR}f`R|uM_y2Q@W0S~l%Nby_`SbRf7I-A*FhzpmH}Y^78)7`8VVK$1_lle z79J532@wGS5f>c;1(Ohu=p`W@0Rb^N10^vj9T@=u6$dpPBNHntD-k6ZA15;}0}Ctj zb0uJKaBzqSh&V_{ILssjB+UQI;i&^ag9RqQK*Ev&;AmhFXkbr001>F4P@sA6JQe;D zz`!9Op`c-4;ouQK1?o_rH3b0<2>}HK2?;9w9+VG2qCugPFbP6qC>p?!I$$z?h{=W} z6RPUOQkwiu&SL232M7NG8wVGU;uR$oH4Q5pI|nBhx3Gw)n7D+bl(LGdn!1LjmXWcE zshPQjrIWLZtDC!rr~k)*z@Xre(Ac>6gv6xel+>Kuy!?W~qT-V3n%cVhhQ_AmuI`@R zzW#y1p{ePa*}3_J#ifnSt?ixNy>I&mXXh7}SJyW`e%?OI^(^OK!|#IqNiH;yT;Pz9 z5Rfp>a)E)nfg%JNBoqk~G`gT7jDZ6NDf0(dOre!)IRpo7KWKBH}>q7p^A&{;Eo&STQzSaZe!|FQ$dp=@HGw?(xI4cjlJ( zJ?YZ=14O|Ce_vaa;S(^fav$|WvC3z!#9REHHtkNR(Aefm!tFn1p?aJsUWAz?Sved3 zAzIgd3nP2$6G8Mn%*y8yIqmWZz`N!Pdjj~B&-pjRdY^!d;-5s{bDvuwQVDYE=ihiS z_XK<+xDli|EP*eqlNa1S$?udOzXEl4>Dswdf>06aTWZpIR76S9hKAC;Z@eG)&_U! z?TV8hm1Zpo$2lmN=( zr6=QVbnilzOgF())C=je`l0)+?4u4G9u^|Sj(4m2j?(t|=Sp4Er+jbPuy* zt~bXS@9_Zz=&~e*ZVQT$G9{{+8WwOy7(MDU35sw|M6jbF!TSjPH<@gE0SvV_(}+rt z4v0$01A~J)2EjOEJj!(~4hWip`jdj>z2&X7U77TOn(@d70{offfHP(aZlBnD>MF75 zo*1!gMNFEaBN(afy3b8f8m;bG=D7*R5BH_GHa+3iCOpBXf%_i>@Rx&lBf0Ms8;!Vd zt|}a9ai@h77g;lDwrR-AgVV-4@so}3`*F#){2rBbDo-3$F)d5{f`-o8RK)TTpWF=LmK&Kc_9r&F~2z2QE5j_7Lo7Vnz!;En%J^~isi`)Q1iq?hbn z?@(s4i^uuO)8r9jUX4k(4<}v%;9QiU*{_3@ho&`4!3*@FSaAcsDF zsdAT`u*MkU_GV-<_YBnq+}URT^RLc?Ko*?Itg5Y{AA)w6Ke-jdH@{;QN?eNI`{pS^ z!$sEC+}?(TenUJSSd-}q0S35aClwAqE)*)FEEy^(NtTbT>P3vs zKlmc^v3$tP2UHu*D9T4$r^s1s!$~wc#mtcH8@o}Nz0jG~$}QBV)_d(QgeGd8Y7Ox5 zeQ^%`#Jm#_JxTj5D4JRuU3grX&;p|@hGGJ6w~?Dl)n3pVUsJ|Yi%4fn$Lo$ z1C(d4c!s5y@wKJJqgR@ch~WjmBs-wyGu|ZMl!mw-7q=CMOser69ATr3TN9j}K)vze zJYgueCHU-RYAS#NnLy+8125n~?!rgZ7H{qKafYd*g*kf;WZBhn;pLxDEPFYn-}#iHED=7?i{qVtm}sl0HF zSy=3~K{JdA2VWSx|IAO55e0x~J&cjAe*0;bCX6yjcjpHKguv2`V zfH!mNKTy~2MY(St`Q-10pMY%mDm{-G)r;3pz~0jG69A6?1O(@fv_AovR(AKWc8{b< z$G!)q1HvSvB(#!!6L7@HP2(_i%*#p*t%}eU;NsZk z3HX5Y1oSBGz6G7v>KYy)Ii3JCx#|||`clq_&0*&FcP3J?uwP?lJZC%uvsk~$jN9;5 zl_a_bGhm|V#7MSa;WT|wZ9HXu0v_L&w|^&T{}IXy>g~_#`X`_x@Cn$YCYwQ*#Dc^) zA(4dgJ`wZSjencXjE32w?E2P@z@>CM$&et{73E*^(?~GnHc}1`0^o9-xO+re(qVb^ zRJgif=~RMo(g|ywBjpYmCQrcqowmoXg-~02jfM#6K6Cfyc&3!f=!heqVef+_b=mCl*@#{E$MGnf3o3Mw@`_iPp zlT#gbWMSCV?Dzk0p4$5I;t7aJ?S5?b5!UN@5TEd&8Gqh+Uc-IoS1Lcf_sqNj&1)en z!_u`UpuhMD@bI}LQKKE_4uy|wzOTkv9`-VydBZtiM(&+c;5RfkxswQs_ENZMC{iBq z5mYFPV{a$dbAmOh7e@maHB$oRaUapva;7WT@WV>KoqRPnRPTBHVPN6QUK3?|p|vvj zdy1Dl1QOu^`3ax9VW1YGCPHnq?c5yb8$Sw7kYUFV4xNylL}H$0cxNfsrclIo;O1NC z8pm*a2BIrE%m8Hnshqi&J0$YetI1|g)tp__7dV$=f?plwcuWhl@h0238#XyLN9-cH z`{7m_9<|ujA<`X2nXD<^@>+-8qeguWiW{Y#TIf?I!#P+*}yTNke$1$Ob0}_3v!Huf%jXsO%uB3AT)r8!L5QkVE zC5w3_-CT)nL<3i&^erxaEjHYpfGmyVifiHxj+Yq;Z*KUSqvYgCZ0QRu%EJ+elHkU0 zgZY@gSr`Ux(hjD>hAVyMqI2Zzmr-$&bgb5*8LgFat^d~NX~xFaI!-Y<#q`t29y`i< z>fI3kyw3$*-4jsJ^Fr;|2$zLU3g~okl-!#LO>|6hu#PZFgG8^8xQ{9qEg0wPSf{Om zbY}YMa^y90Q^{)&0g#{I2jh~w7dVwu-T`09TexuPU# z#M>bDbtpR_x+F50(5cTW^=+**Q$r~3JTom*d?BxEFZulVi(IHLSF|0`ZsdFSFnh92 z>*I=EITT@nE?Aw;umQu79%J@CS{aT>^{0qR439Y8ka*>G?|D}H5tD!Bd9SLN5fzm- z#Ie4pBsFpa%nBs?uksmeP2N8NUn6;2E0(cN=owy%NVAX&N>UDU9eFOdQ(Kr|6doRkjwz*m!vxAOHvD9x)pg(PAC)+l|6r`#=>_6ituyw^Bz`A>k2;{|)&QFu>ByfA!7h60=0xpZBpjn15^S^$pB2Xt2t(5U1+ptcTisi9m_kR}I{fx!_`rUvDESD++-dpTIxjEnk^S3;8>C{9Kc zg(WW$HLSzfeY}k$6*GR*GW$u4EfxxKq|sgwuF)(bcPc)i(CWS~v&9SkdM-o6gGBMo z77Q8g&FJezn`*JirU6^+xNsw)1SK-JMe@dmhY4i(GGkva!uGv#@?jQBI9~hDq3EH= zu$+AM{6tfw2{)7}uCL!`tZ+->Wyc^`Q$#7x-%h7!shFRry`~Rj#JSL{pO7ZJhcWtT zLmnwfL-5-6R6pp;76nb_;oAUfvC1JHG z#CB<+ZD%QS)mGw zTx2-?yolF_q2;BTI%S~CDvTpU z=aTOg@>cOjcrg~r<}JN->>=zpQE&OP%Q zD!-?MKK?~0X$RqGpQ!zy_gPUzSVPi#6k()6mt${2xAsgM(J1w~WieSXT}#gHphcoZ z4l|2>g+`(XnVZ`K`jStM{BOSYyx_08T#wpZj$}F1jFEKb<$syFoZ{_D9JI4`OriT&1+8BR2pd`RB|6MRt>_8ehwU`u*&9Yb0jRh8pfZ#Y;g#~4xbQ|8(k`0k6HhWby8M(WVBxSTZs~Ag! zwxk}1E?EP^!{C-s1#!T~5MV^i48V{`_=1Q7D zAY~Rp16M(BnS11Wnj3{E<&fCLp<~nvV<7zVR@MrVFk5f$QN!8lH_xa=+Y|y1hvq2|XeIbX(x0#knC3f-=atWJ@+?j`#f|bxnrm3OX3O8*yK^yH|zkkNM)H3qU zQ9k@i$$R#rX3v$-Og#G*UAGfw_W3o6##xf-C!mg0G8K%q>4T3`MyUJY!2LcQ8w%RG zR&9`4AnyI%2NExrVdf%3W^9N`&zz*CJnYm@+jxA7jV&%zQvxGsf@4fkg*$3urQT7@ z1z|<>ZM`G0<2WH-Oq}7x<(eSpS?69K^;)+ldFehf3{SgwrS>TttZzN|bjR*5RR$N< zRL@Yfi8Ul1lbGKpz!+G+7~?hzJvsEBW|U>VCO+t5^N`qp8vW z?eXA(>eJu)_5@`|r|oZ~ULu4Cfksd!b`Rz`I+}H=aqziwq~h$1f5}L zyUTyLO|bLXnt1|R+iy`zvGjhud1ESy0{?OR^+1*Nf7rKPK~WSF_)nwq@B5W(A<>o9 z75|hk{-1X#FT!7qCDQh0ne&P;_g=k^UmsP6|4#1fbHwz9E#iCs!xipq9l>W{)Zhuw z<=fysIx(!8ZM+)s0Nx%wua4&DEg&D-z?!ReB3{H zn|u#Y*yT?f_QcaDZmDJu zsjj_$^|$?1vkDNjzupom_5P`QMNjzGLk?Rb%lKiD|0Cb#6JYN{v-1b~@-zOxX75o% z`yXb9p?B^#{si~ae>nHljPM7yAv_zPZ9wiBj~T4Y@&j>+DatPz9}D=}NjS$eklQ27 z)#O8L$!aIeGPIqWBJh|e`Ne+Dm+P{5(XJnwU8{vH)cSQxN_U>8)9)+q)7bDTb)E(}}->4o?=JLHH!nRC$f#mff zxE$Qi&EqRNj1n}nz;(gs7NOJ{E=7`vT&-ks3c=KX6nXv_Lv^) zsQIv=(E1{h}r%}p(^m|YIWu4Ib}?(0@eFZ zj8v#!@wYV+?dX+#j#p}q+I13Z6T31i`j#3qdl~#Xl>{x$Z2;LJkgRe;3oB+LE%>As zhca}Pe#g#v!XXIe8s@;74*D5t1wPHFGJAoLBPY z3x!9eV-9ud+l`8?Pz6LoWO`pIJDY%9uR-Kz;hs*ikKJunJ1y>DDS9&@2;sgZke{A_ z2j`B1bC&Q61>H4a6YCp{7w6N7RQbX8PzK!vy7Y5dNXgh3xQJSTXVEzCatXz_y|J_< zCQeDFProKo2JAMV0ln-s`WNR9o*Cv4#i1&xmmgT`= zZ(0&fIv{92N46_Y)s-8#)8~dtX1J+##+)VIaOOeQ{$aED)d%x`Zwot|cj~sl8+M|z z@3YU|*3U|J9=ydnYlA+(r+1y&-MALT-${e~YBZsq=hJ1DtKCEoUl@Tuktp=_k~f!0sN zhWsr&(LD^vDi@Ob_<|#V{~MLh_m^)UUnS& z1XY?1G9P>R{7B{BFmhLZ^aI%s!9Wvw(_&4i`hSDXywz`D>f#;9c)-V6ImXTV*LG`s zey!g8Pd&~#M<6q$mlqFYB2b@W%KBDH1Mnk)4qWxD?YD56Pr&*W2!+u7C#FA($-)0i z@n7HmJ#!dX(?eB0$QmLw4*DWh{+RsbZI0-k&JNyZLIGrL;%&c|CHh{~N)0l!f-aA~ zpgZ0fs|M2eam4FKKQ*752cN#EKhU5n5cNs9E|!?SLmSkuKPe!Rgjkd?y-GKPx;rq%I)o+G|aa51fcVZ z<{w^Ij27tp+{B9JKUsA6)Ogq7iDzN?%D(R3+}<~@MdB4jJi;D$NTnV z5E`Zbz(w{=jZ9At$nWwu#;7AJpVQ%=QQvb9T!ar<{{`!tLY4n={wEsxn}ebx>6)$m zX6L^Dhw7z5a1l3E$EeGOxm?`4em>8tR5kvm#ivd1&yvEzZxxi}#Uy1!L6|`h-Y?7A z$i@kh5dds#ogJ0Lg@{4$HDZ`u02)9Bus|?IL<1uydqD*SnZJVQ{_%M|_lySwfNA>Y zy8bc$-=-iLn>ZPPz<0!;QUXTyj?N%jA4IdeIom(e$siij$lSmfM3;eRI!90kLG;3N zy5aBi(KBuK8~u#M1TY;{l!QUDJ%ccb&Hg|e{(&|!ceDYOVFi^TH@2|_)eo-mJ8k?- zzk8-_tX)8T`z<_6h-hM~stkIPgCYSS4oCvBfC4}a7y>SU1z-(01N5M$EhxnaPy*!( z{R@7)-}n_kT!tVn3&04(Ap+O|Hh{rz{J`@VfXaZv-*xL`$^ycMf&v(#5CA}}Jw07e z002xJ06auLJ>6wLJw4=r@SZCG&|&*`e!DCH;JgB*NB=#IJQDy=J_0~}&)?GwlK`M0 z2mo*v?F}3aerx9$8VYU-Le8ES0sxXG0APT?rSRIn>kX9moDbyA1Aq!hS2Cjjkdg`j zugpMo>--D3pW(NE)7!r-^B4X7hB1Wze-6*TAwU5V8uB@SfTvK>K}A*9gv6RjSU6l}b|n=x|A5%I+8z)L^aUA!g6Zl^yVLUdz;BPD+@ziC$`CQ(QOdwRHYLXBpu&1yq;Ae!>rPCt<3a-KPlvCVd z=hz9kcvF&68d~FZck*s#W_GlmjtQLgo6SiEWCxmoyy;7iRCW_(49;Ip3$OTDC}XtU z9KP!b7n|aoJ6Zk6ZWl`5f4?q&;BEBZjQ^_Szmwtrgk>Pk?OADKWw`VZ_mJK|y4f)H z1gwI*)Dx?$r|-FI0kgzhlgt-JtCeP*v?VvZZiF0kmRt0#p1OsfrZ1@#H-9wdr=MsX zaZRWk4;0+0{&7@xc|0rY`_xkf0_zfPP3=?4`7$5AM4vkOJ9PbE>SSs1sk0FHF?tW~^QBG^f zv@5Vo-iA0alM(1;jPGTV0}O*?U7L)ul!0_}Vn6zrWA{p{za+TOL+adiTUoET0D z{nX5yfpN$dnasYs_>clDhzp0%%-iiY!&0+biV`8aiY$rcD1(m`ZGfBB1s=ykM z>QfTKjm9`J+7wGx#fmEYX>Wz;D#`N`*EE4owTPE-N_GT~XAcg(_Vex3yy=0u?m17~ zgDo0h#ie90(qWVBM8u8%mSTwQLL4~3#DbLFV6IX-_dP=rO5mSt*RW!o*O)yhQ2E{i z<*G!IFpYb!b!c|p+j)1Kl1IP!v7xJ7EaEub#ym`d{B3Sa#6oL{*|&BDAz zW&7vC_oaR8RiD;Yyoe0?KPeS@!*(BxPnC~fsqP&|`9A>;mAm+MtFN)PjmwAEvJ*?DOkYo(-RyiBw%_`M}?i3Ti-0g7t(69^GFx@!06u z5Hq+dcy#W#E>tKwhvv&*lT6MD!@3l^Y%{_+fjm+PDj6KnqZTfP&m1srXtt$I>})tQgdWL=(F{lb zo@czj?H8#Uu^vdGhe<$3$q8-|OapGfzSnHlgR4lsG>9J}nt&VpBD{9EepE&xpMFP| zJ;KGMlD+yIE*XkV8OvW2)-hSi=GD|IaASa!4FxgY*j^0pmC#Jx8Cvf?2R#=TfjEk) z1ABAC3a28UQ~{C*2w%@)2~fi-z6x(?%5MjAO=3?K59z0E#;UC?8NvJz77IO2LBJzR ziNNIvk4swS1TH|F0wKv74`cyg3J;jvBLw9^kWauY>8$9Q4iwh0y4`r=iW00Z4T`oe zm_QhS#v5cQI>)lF z146zt_5d@=DxK}ON%A=_2zL&0O#Ln)@$Qt1q@3Oo*?{4EnVjJecqokYT{H}wMN?8x zAXDMXi!L+pZ{AB4;;7d-86>_R9uO&HE>oJa>BI=!6{mLDK~L}DOwz|ehz^EQeUW&M z3zyi|^MmX~TkWmux@p}|Ks(*pWpJ|xPVfLc@<+nty%{KiY0{;LyaFm;-@u{ReH%iN zf+H)d4bzu82sJTHgbfOK1;+g5D&ztD@J>rYuh8)hI&#_GAjzsFI&=OZ-5IIFoa5G^B7jwLjfKVPG6tCA2!q z@}PDD`->)o9B)zSzD4J<0f`}oeGY^Ie-nvfWrZ%0aB!!fla8hj^?Uu|b&TOy@hmd* zN389$Ehik+({5Um@*h@e0@BJx_S_XD6qo`Sr<)3hZMbV*6Ite;nqxx#$aNdg;~-Ev zAY*}X;x_Fax^Wy?63<%Ihm2MIAVHNLN)8y|{0!;T=@2d-tTI3<=xQ_6(@kDSvS@Ci z#1+DuefM*jbDts=A|Lj+3a)4nr+`7L-$Dc_+G1QH89Jewi{jXXK)RMeMMoeXzBc|6 zk=)3SH;8^=lj*i_ly7jNiQ0Gg8#N|_RFT5SZ4FwEIg7r*_O{8eq4vf1LT^))E$xbx zDHx0<%wEO;RmR|us3hDPf_|nEr?Fxy#CYvZXIidhWSiWb%vT}{6-}aPS4%{SN{qg6 zlU#@tC-EXue4p_s193}WLl=AwR7|+6hNWv=Z{aa@c=Tk4vrSW%SJ~!7UT_WhqETRS zg6k_KNg!*3m#*{W^TbeAYX=mE+a0;XEo$Ph*~C+*i{9s)gU>EBG8;3gYV2{jDOoZm zsR=jj0=N;v%LK6vi5gf|m3-hJ8*`)WaH^0(^;C~Q$w<@MAhGxuIt{5Wk&{9bHt(1+ z4m$t~CI!Ux^`IYeuqjCV`M!f1?r=mM{1QRxAx5j@O)QGTa7GjV`Qe^V)9ezT2{UJE zB_{4N(W><8_zTnWd6;&k!i#&&@~Ovs{-jlW!)Aj`QLt~B=={XhYaU3rI>@r6DJ;L*pafa z#ToqA!dSA__%+MMRVFvrV1pt};=89cEPa9`pH}pWKWTiy9M=)*)&kc|F^`wvg@y7wU;^H8!SpSI+-tijt*@` zOj7iRjAjl18v(k6e1l<}f~l6h`WU@MHy->kIO`UXOgn3nT%oay@tGvTiYu34i#IUMf$SM$Y>~LZz;K11GbM48REir}= z_lc!S)R4VgcpC%3PMa;!@|pA%1ib#cItvWU9Ex$e4wyOx*w(th>#yw_CrwQS!=lSM zxxtM+3;SHUMTy%c2^uQwZ4}I@Qc4&kZwz0d!l!TO8(A)lWiV-` zTt%0?6Jk&q?=5QXaE{bwfsbEWVTx^L-)UV!q)+^=xZmwZx=;B$>sWD@s^$i<{5ky85 zsDq<-?y5ti6i^uiV+43qaiP$c>$^?Mj0Ry|#JMtX3}b?on2;ju8myu-Xkz|M-zsWC z(XstDv*S<56oli#&zaE4XRLjWzQ2#T#vLW9+AXFft{F0YfGLJU##z0NLySz_kR>h1AK(HKU4A zNuY`m8B<`AQ$+j-38U{DWa*nFk(?u%h!_)rfT#9#qO23$5Aem7cm=mpDE2AUahN_H zDxk_l^IF*@Rr9)5g_J=Ko=)Q0A`2e0DANR>J)k?rgK4zw+?kmsW2%tgyI%3tyz1qe zp`o9mvG@?_z%>Fz1(+J)^r0OG2S-j8L5=={wc`JQ)f)>H9)1MWq40Zmd~bH}k9!fo z)TxfFiXOv?4jydD9WzPfs^i8QEq>gN)#TGbpBf8}Up) zk`YsFE(_i=_;BLYNV5nt+EA`4d!Y28GFpYjP26?aR^s_Ld+;f$A(n=`ODxxx&0MH!37KkxekNcLrHezUZ!t51|Gz)cj&HIyLfh=6J`4DH6dSsFk z`3gEaQX4)0W- zjSIWQOTng-glwCg@JW|A*$^lJ7%TGV&@kA9<{>c2LPl=q%_5MHjs+z{WE4Az37gBaFbq?d z(V@|CwgEDt&X1`WuB$NX1HTDT9rlVJEsE)|+CB63Ikg9g! z-$;CpTx|18(Bo5LROKiOO%4Ab(rcj6qfmnL)nJem)||>_iA?@hT+_-;xQDGj{Y|nB z<|y{5_DI5X-UPLp4(uu_F~L{7a44h?$&tDx@wap?iH%8N7>r2=?2wRQRQ~zsnr@EB z8!x4NPeMPj#*os7D>4|y`WYoJ0>%J1DHo=zN#Jdmhm1~}O1GEXp&dMG$q0{P+4Stj zYMT^Qh+jTdLos9+9Ht`a2N?r^T7@b#wUiz)4ZY(Ne(aP1vsEOiyAF8foe%{E`Jz1( zB0xbB=|JoYfQ3>LghL~xt4eDa=LrA#iuJoCQ;4bma{;kCJ?*uqWznq!Uq6HA_7gB% z`RQ>_-TW$kVAHZy!OYsnh3<>;XljGb%Ll2<@iWr~>D&0nx6U@9`#~Z9^IcTJmUtuA zTF?#pr*?%Wme>2CC_FsI<8$V|SH4_B%{1{cN+BJ&(XdvGXFKtQzH`#*8glXJC=l}N zNg_2Li6|(DUhSymxxL(AM5Ug@R3PE}*g@<_0Ew(m(BW7-M+W7z5$jk#Q&;1ud(ptG z^fjX{1GgE*mO3(T#Ft%?xxg?T-kx2EI}{>gq`16+DjgeDjWy3gkCG!eiLfiJpukjQ z-Cqa`9R=4HRgh17_>t@Y^k-NK>!0=O1G=;w*R-Zx&~GJS*uxbKP<2Wu%P-Iil>8W) zN8+jAq_Ql)g9#voi7|lTI1ijxvl7H(-#-U5ku%^sUNzcmj?$&2s44DRQ}L<B{(f?F8j>Mh-5sdD=V|$rq@t$h)g!Oe^`BN zT{L!Xuhw4XUM5mcpfz=pQ7dVJrpqCt0=ZJJNdcc@N$x=HTL6K|zRlN685BJyjmyhW zzfHH`Mco`_l(yV5Gl{%dq{L-h>S!)0gd;_PVKJi!fhncWAi1uTvkSS242#{8=68zSO@3F$OU^U0bwhtYe9QzxLtxwS2G zb$a?jerqaRvnM3&gB#?SQ8aui^(&=dxc*@FT~Zzqu}Dn~3Q`*te>hwVv0hzeH!qi! zl6o+%h!a+jIoO(=GQDt=SioJFJU=&Suc zTl#37!4#2D7|@QGLseM2%j7R#zr;0GKcXLwn>N;M=3b6XjN$mX+PRs%QQQ=WNUJ3s7;6`{NX_Km}mg9^XC0WKF*^j1# zcA`z9tqb1!L+vD(i7k8<^$WM(AHeN8CE#*(Ofh4?Rv9WO?#WWxHA?S}kpc(=08Bd) zI@|-_f97-mM~mbOV1nqhcw0@YDn2E6!sRqi`KbHu^oF}dysSVRLv_=i$LOxumLv4x6c_ZR_BzK`!i%g3R&T9?@RE;B3Df9(8Z$v* z|10w|q)iD5489xx!1A`b>muIQx|fo)Dy6~nXiQa+buUeN( z5lSfHB*yWR+iwhFTvj(XKX6$UD=C*SvVFO7$C2z}M=2@D{hr#)R9*49Zs9o06@FNd zYEXO%(hx4iF--u6or)Bnd28{3hAekOO*^S!Rf(7DPMwi=FOBF7UzafJEP ztas=b52s8~K}mElqN*dP9z9TR2FCP#bAL;Xt7lbuvyDl`*vOr9{S9v+18q*jo2iG3 zEW^R>X;e9+DefEvf|@CCE}x;QedR4nu}mxJo_3{oIs|twWU$(urR6?VcUv(m#>Iwo zPNqk9fJFzpfGpI$Ft>AE=Uovw@$TEZ&7U9d!g;Kk8<5_-MtkoeN_E$#c(k7tUza2* z;+*0X77P1I*a1fX1jZj=pLMCV!BacfP?P0bemU11YOyx+$(CZeTl=~^ct}((R!K^U zwLCnzk47Zif!*^8+QZki6nS%UB44i5V_x>|v$0~Ms-;{89|qp-NsN@k3W08ItzY;+ z$_y6)sxRQUi;tw~TbqX4ESwbB;9UYCTpReD&AD_+9EGC7PiYw1-X_jgV~UQYNIG7QMw_qWDQx!PCL$Fv z#N+#UoCqNM7<{?Jc^f}MSKB(vl%E*bm4EVX&mj6>7#XcvBv)U-=J`dFrf)661R539 zTz})!3VS+>$RIWgaJ0N~tjcz&^UYyt{4t|)T-!mF_S@{{_cq@9&k~1fW@t(3VKIqL z*a&t_vCyPSEh?dy0W#vXz?%i(My$HRT%(@8a?cXHwa{*lb4E%p2BztJ7<%2)M?0Do z4u5TL#gB&Naz(AESeVq+kg$~0K=&#l=+7l-a>m8R&chFSx76M0Hd=k4)H$l^i}7sC z`1@9f;@p&r2II4F1nEhuBLXH)tT6o`Az+ca9nO5l3g*ST+F%@%a{T1+mAxD?a%k72 z5>&-d=iJ9GHoP`I*cjUemaFPiAgjdMC1dU?$mU5eFX5v6+)+ltQe5MatgWj1Qf9G0Gw(I9AM%zAOg{J!VQ&1)eN9iE)YO8xQ}~XIpcrrP`w5cY27;Y^t6P zMa`2QYSMncVJURj9wEk$g3>9Z$Qz1?|Gce7>Rb(iJYR2l9>yvr52<5%X5F*K79I~Y z-xa2@**5asCh%u&j@l+&QQv?0wv086f=-1Z{yC~jwdw1MTbfwoTHF=rJWtU6%2}F7 zweWjoH93~AarB?fm>eYnS!_wg`{Xb6(=kMSkyArjWQF$nz;_f-7i-y(ROz?rdvYL< z%MJ|{XL`sn#40|~z=Oq#d|Z)kB#qq8h(?T?`T!$0F$==|#j`JRlG%(Xd*;6UAOn#Q zzW_tBNqAo;e=BjwE~_M2a0b2w^CNW#Z>#R4uDsM3J@(c2hKyD*Ig!p(AxcpeOl1M? zqnf4Su$mh$7j-t53QQU?t(fI%`kgCV?WFY;XIZG+AD<9-!niLJdf#>DYo$}jr7qIP z#d^-Z9N99)c-S@l%8gMo8F$d3W7+>2_j6ITCN^BU94QnRA`}x019KY5=Az!Zh>mHO zRQeV!msw#z4Pn&44xZtd+LCZsN!^SZzQ2;@xJu5F)yhy33p0 zGp;f2^~PvTNr|4A)#``l&2&fqHi8tUiE8L21qhSqiX|kdQnRzjYPM=Ehsikm3K1y%_FxFPkvqkg%Ue#ZARh?I< zDHa}kJbUZ#`ozQsY2tb^ZE>kmOVWWHUV|)Gm^-y`X$!ddQf@_yZXP`86a8;@oKuB( zQ8XHd;|tY6agJX57Z=Mlk{sT#veSxUV$@QGXCXns2oIJIqpN`r zL7^{tTlXJX=WRLQYIyS1mWj7M~(U>HovH>9?ESGzl>~+Rv7Ss7k z@RGyaqpnA5nw7FV#bbHo)6#gw*Z62Lp|0ixAv7s6F(R-<#*Tr4pF5XOkDmao3oK>j zSR1}d*VClWYswyeRzKJDUmF|hkk8_}b72?nI-$8rCimOg50f0a2KpQj+E~}>lnN;& z;KhV3R?EYcx3y)ibhSrtk(YGVEj8ruy0?6Kh>l6;aBWFM7dWnF@QKWIMA3piK3L*` zu^m4zPpz~Ndnl^SrLwGV!=h||*$p+-SZrPwXUjY!?2<`+CnoAIJM#ziF*B?mcQ7Xh{^W$oY?H)*~i);SRSt# zB0<>;XE<^hBc5^L=#ndz8i8?$gp!kb*c{eA0bhnj)m`UlA~f36;nUJIdor{S7BeBR z(?GWD%Z$82TA{^F~(=LPhoKa=b2)Tb2NU3k$=CAphr zlT@;1Oc#fE5X2l=FZB}3VtR`GG9RSNkM`5WHZi(3BP~8qv zItMjnP)*bW|}WJ66aLRg}k(FTG;|VrFn~{m0I4g(G2mR zOVXA9SgzUCp~s+b)QOQ>{aEXO835=S0|Ut=hlG+LAK4uu$KKF1;D@TQ*O4G;ZWi=h zANBQzgN{Rvxk?AE6!hko>~%G^ZdkkJ^C6rK$1OHsf~62e-_>@Q7 zezU4w*Y+`2?_hsdsmDH59>tq4xl`9mlUgZT&_Mh(y@^@TpuwFc>_8G~H5HYxc#A4| zBz1^Hi6OUd&v-ZsTA41BQiA7XrR1%m?D0~@5%Xi@$9-kzg0>fD$9i4zT5Y<3oQ78FHLmoA1hyLru%0D0J z=JtJ*GKWths&pC8NdITQI&A;TuH+A2YbzJAN^IlJL^Nj z6g$T@oHs@Z;sOwoaTPFL38+AjfN`4QL$WNY@?J$(%}Az<_3*py`-|@rc2feg#@D`n zIiXe-hz|`XvoecGj039^1jU`?w&23Z{;01uNo+1Pba_@P@^tK}Q%jD~IO8!_dzt-q zX25YjgyZ_&(CFEVYqAuP2d^Yo8fY;ih_0~E)Y-52=42rfP$|Vr7eUI2^t5WbU#rn; z53!n*as-`ti)T&VV^1}!#ak^YD}}l1QcHbbulC+Ltj%v*7fq2CC{UoddvUkm#R(oGm z!J)Xf1PBhrokFn|`yKZF?REFQYoC4BKKnU$optZC^H-kCWX|!8XXg9n7~_54As`Xt zi(ASxs#GZDMSu`)$sb-zW6nK*>hwl`i>K%ZYB;(;7>H-`Yk5v2e(n0qcvJ`BU<=@E zV6gPlbx~Jz#I+*dmm5(+FNr}{%MEEvJdJNe+YgOvaOu(3Y_wbTN3IHx<~htnG} zYoJ8mq50_R^i9`ZX(?PzyKf#@fUHQ)a7BSpiT6#SsfsF=i(d?2_@zfY(;dhnUQkMp zoKb|6fJYk0#vrDdiIh=1sL*MbBvJvJkf+D}3MH=JXrcLuwhCUW_2ZD_6ZIc}El!Om zwGD~WR*LiZis74RtSMced{n=wBB90eer6hpcZDLAyVM^xpWE{lr~D+z=jI5_<}E-k z@aYyrd6EmOt1t6_)gqYs_mA1zLuM zFOt6y5n*EiG)iT8P60;*hTis86J_WGnx*@FMC#^b!M>{@LBJ=WdQv&kkfdb`D`0{$j7cjhgcDdV`2!-RsneEBMg+~fMtaqlr(3{s=XK7Q`mF4n2>^>x zHlmBd2S|jrmRTI^8N>6c?Mk=Niw)1I3N|u+4GCU_DS50%k=u{>4xj}&t>Yx27prH5 zD=djWGN*>?jO|;Aj+1{1l@)&fZI`vhOm*UzMEGLg;M>Hdv4F4B^QMbG0Arhm?i_jr z#hZ~$j7tvqaB+d^Ey+(lIQbgB&n+of+60=GHHqMC znXb~Xe)=MmHFqec0CfEWz*GT0bg@+LkMlyKxQ$EQ5Eara=cB#0;`i{aR%SOV$0l}0 z;0HeGC}>h+B{;958yM%`@rCPbRa9HYWl`VVqr25%?|IuhN4G&u!zlo5G#mZ^0_o^g znV%oz9S>B6@s1$b1e;+J!=4#^Z8x_?;olp!nx4z7m4}6!Goe^2wJl5|zYXU>*Ask1 zgIp?q(^h1XSM2+|F!d19)L=GA_OQILLwaa1ef9pzYdKm!XOxbYkV%)2;Q7Jb+B^Q; z2eN_;;Y4d+BWNGsBj5doda!+=I8Fj1F`pv(yOa?A8nu->&8SN~Fm)G`_x&}E7YCM5 zSsNpz+9QnUCKF+jgfI6VU$21e5+NB(Jl|Cb9BpMcQK?huCVOCH6TV}XO1PANN9Sz6 zsOqcr{98uaSq!F*8MU_Qa~?9{KLE>u+i!V077=nN$+2XE6c>EeB$bP%T6rq_#Tus~+ebxq zd9)cFJ3p2V_JA45=~f=#yc6~Ui&n4Gyz|&v`?&U!a`vK2%ZY(oadqVmI3otoF~h=o zV8C$aSD(rjUtVqWncu!Uua)|~uCt4j-#LT0NvA&nR&HP;UjelfGy872{8Q$4n58dq z4)MF3;S7C~HKxP4aRJD*%XNof@nruRNrNeeJOp~WmED~%O`WoosG`uIm?bY?{B2fr znI|!kfs$Xs$NM9s_LgDIr22S+OKFzYGX|T3-&8?@Ws^QRy@eOoA)Uffa(@8y)b6=$ z_Z0JQqBZsB&`^@=>`aC;$D>di(Woj%^{3Q_f#gvyd9Qjw3v8IOJYNgu=XY}&j}U4q z{4b$|!p8uqz7Qd6e;4N?TZGG+0MX~}+JVaU)!NXv5R%{nC=|grC>(K457W3R5s%1*#JtDZE7pMSt(Rjnh zyDBr(Q42B3=Z4Pz)No$DjTGD)SAR1`Rea{^R&4Iz7{U2g{u}*_;FCW9k#*%NPgM2v zOF0iSi}G`WF37n+pr0jGQ+~X6>(-3|bakrOYGsu7X33N{dPZ7)su32A5sjm1lJ1k< zNLc0}_Bj%q7d~8P&4yNpke$VlKEQa}B_CR1uK3E)T#LrcU=>VKvW;u4L4&@b6mOW? z#N{j-bELXc>m5a%qJi}7&M{9Rd`c^iJ&4r}hTWQ0mmU!FU!l?SXtA8`5xa;c<#ovu-FeWDUX~%Z1SgwHq@(-l?_WaCwSb(KItuYCo`hZs>ksV+sJWgbF*Gs zM7w8Y-Vz$hEpo;7SDIN^@E(?RzP7)eR9bkZy%zth*}ld*u|TWTO6g3AWGRra`+EyX zzGWSsL2#M)5ER1)OR|f=!aDPn)F-RRi~Jxo`e;dbrfG6PJ6&=*-68es3r9WA z&e?%AjZKF3=d}dn*&zEg3_wB$BQZ6icM4wky}S=ueaUl9c9K*Y`b;cS+5IwWl-#t8L3rt#pC++-j;BCz!pMBm7;zFADAPih>nJFSek(ci^qAW74L#d3 z4VuZ*c)#oX2Y|D15iG4$&kJc}N;jSAcEvNet^LV_HRrg5l74el&B-0xVyr(~^oY0J z+)DNjz!$~XB6msR`Ng!*h*TEZ#h>JTGp<~HDivY|NB2b~vs9)YAI(-V&rHNpmGh*5 z+hO$-B2`_iWqt?wedMfg&m4_(A%JMCAgH8>zb^`dDLA8a$%>5Z#BbpMU&UK|(HK~{ z7Z(xYMGN@Oqw_tB>esaC^iVtFlgyh`=rUzfPp z&(%n=j0vlRv$0T+9+WF@hj{m!L?b4pCTAL0^BvoiHGQY<;rcMF?U0Fwq~e`g zgJs&6{NHRL^lK@h%qPh#U+T6MJ?~MGcwtJzIregmf>FX*J;;PoDFMkLEqNAU3ERjS zT4+55A^ie45smS#x}X?5A!1GRH*6vajJ&Pyq$i-p`97hCLTemGK#`7FEny`OROmot+1JVkNA5yJod>7 zUM0~&;+bdz;m2~SUOrMj%9@`gtTn>EaSY{U*@1`JS%KIv~a$bbI3nB9ZUPpL9`!w3|!gw`X%FwcC2a$-wF^MvT;uK5uT5jj3 zL8y1`i-|L0XPDER3jb^iD<>mF8|Y4#Go{wvS>SgvN=`5}jv)YRq47fWJ#95Xtk2!o(T zxr48Dy>Yp^+PjXF=U`f;9Gd8)PxaA+%#3n(6`7vBI$|kl#+~jb?*aix|^a7K8=_bC;px3sk=)>_9lD$%#0X?>a@xpu27VH-0B^)DG zHEp~Yyv1zXp6EIIe!5SGhI3XH+GeP-g{Af*j(7wm+z>m_i@Pa4!S7?m?t9+^PN;%C z31^i2Nv0qn(_s{uc|=eHx{4Jw?kC%^5@=Db;4TCWF>gtXSU0y*B`_7{ZXBW#gK|U@ zZlX5;R1l0yc`PwQ-5QzNyn@O=7pXr0*OzI-X(1f2s*JJR&MU$1`S%GD-$$A5?E60Z zEMj!2CyB|96d|?8Z|tuJO#-n8H*d^UA3r-JH6+REyFaH9RR#GQ?(}u%&Fj?Go$Y|j zrbNj3+KxW&H52a z8`H%@h2R)pLWejgbm|4W>%a)+Vh6ESC-y>=28DDJdm-?Q3 zA9WR(WCI;583A7t@(LTPt6Td8Pa~UGt?M~?>(U|+(RB3M$rb|H(8g_ckw2cdn;oZYwqFkTVCz2*lzh*`lgs{@D zXUcemZqD2@i@Ylvf`;upMXfl58|7LuUT|)WnO8q~1Jl|5Rc{Wv1%>jri1qpO^g=Nw z4p!GQnAop>~xs6CtyE53E%)skS8<#rxbbmeTuxcZVXWkB+s~Uee6$>Kb?asEtnwn zrSK)7z9$X;L5e*QCm^IQiV?D4R(VCbH>ALQGvs^0hy1yB@qH(c5Op~(8+WvC=!{x% zNf^)D%r|pdmwA@SH^?d5!@}!U8##H7-P_#f? zmS>ZwOebnnZEbir zO?A;G>;c0FlVx8ACcO3yRh{-qA2Sv$NYtQ_5{?VC#XG{~63`7;m>6Gq`ZJ)STfUo{ z4(G7&lSt0TF=LERQv!eu>Uz4!K{4<|WhHbNuFTelsLCMu?YhV(tPn4bBXW-JKm7wB zr1tqt?I*7jl8~?=b~@n+)@o9*SAu!cqZ`Ht8DIDB=9h$X4Aa|;m`D*J<>%L44m*q5 zx$tM%;>fuJ;nYI5_sN1v^3MyqF&J(!&91eOq<3tW!hCW&Ul;FsX$Xr_1dBGFxOHk- z_71FU`?0I7u@QY$sh-8TsQl(sfigS0e*knxRUn)+SV2iwovNvmKhs)65N;_zk*1El5-hAxr*`8;#Q;eQz8=j8> zR=X6J0K@Tii8ydheBbw(1U+YSa-Ffg&L)SnLYL1kSiB(*ZqNBrzUja~IaDrB^)hEV8dp@-K}^EwSd!Voj#7}itGp>z?bLQ?kiR4LAI;6&H{8EgH^KEC#*buQS4+;Ua^KKtWVE#`~#pu4l?|3Amzi0C=h-=6+>Bt zm$y&}QDFAkVrHgtJvyDvhL*Ro*)Rt+#^?RYH1wEMwh4 za5G7zXjmP{jh3`vju`X zTFWkmOtU~(UpcL$K`f#7AXbqBihf#i%9|Q=`-KEDD zxmS9bEf_zyceU&|>=Zgbgv-i)xYKc)nGI3v5zTB>cL5rDsj4cum9ZPfF|?tvF{8J$ zq90m>d_67uq(-Z=iEgT?iDmY0%Abi0Md?mg>aKwo-}B9h@okvF zEF>Jd9$=ml1pe#s`>abf@klJR?e=y|BWG-CZ+J0d^qQa#MyXelCV7z^)GhQ+>`aWX zCYPH>ALgD&fYQ|6b)WxrHkr10KlKj)Ux)v7zGV?wpCzW^GzzR}#tkge2NePO4@4H)|C zr@@-L!MkpUH+YNA#xwYnIE~x7BwSxa7|Dohcjt<`%iJ(AZXCJWc&!J#=Lks`nca!IPgVq0UpIe1-NbA*E^WLv&VCfv z0#EK6lG-ySauu;9z)O>27H>*5^aUgkR_}b$1gFcnXQX7^SOhy)ySDdBWZ&`+CYVD$ zTqU2Ve1`|7IqfHi6Haw(x}{uwv{*nLfk85p4ycotIK=opUKrIe;~%V^3C4bCBp#Kh zlfeu$dtI34%xi~Kb&#yhYR`8pY+Qx4!@@-@gM-MJw85ELV=_+eUelFW^Xkg>t{QYD z%BHV*Eledm)-wcLqDk~V*#xoR7RE7Qrt z|NZ1jr9J(2vL$X^L#hbZnr#-5S0HnkzVg*t>3zUiWCyzoBA8jJK+26F}%0t?;1k`AV(V)mT!AmAaks=N2g!?GZftLch~gnBJ$ zjuGVQ3ooOT#+n?j03CSK@4CBZL;@A`qHX3D>W!nRHW+qf>@>LHn61fSa+@ZX=t?Mzn0O1O4+Wk2QTbM)#tSFB9miXac;qSm>?>3zb$Yv9d+G45X(602I~o}l zH4U}?G$+ucsj8nfdvB2wS4uhcFZVaB$!8bdcyz=3d>MkD9a`TJLEX*YmIJyJ!X5@I zsm8YIsqa$z7*e=YWq4+({~%*=luW3oi9BghcjHU%uM&p}+Q$0Uz9tw{aDN99mf%E3 zP6$+Buq@5ecvlL3^Uq}1YI5F|61A&Eu7>iq#wLQyCw5$1Y-Ddw=x{-P5 zxaK{}XF>+q6eL+T#hxNdGgNO}D^Dl>Y6Z7ic)QJPBgJYQOad zS3A=?QTiSW@ z((*Sj5i0G_vhWkH@k}Mpx$B)2PHJtwug6|h%}vJRX6_Z-P5OaO&lsa!gLs4CVytXe zfHl!b^=MC4XojIpM0N5fZJ%`olboKNkzah%a7QE0yo#y;=UwLUH=Et++ngO@oZUiR zIV$o-E)uhml8XI`4%VY$iPzKDYEIm0lFm!RyxW8%!ND5FgyU8K1}ZEIuV;UA2b~fMFd|ZKjtl=vUD5y`4Kl zvmlgHdsBChOSxmE+o^i76F6dpSX)Aa2HCcb$P8$G?`N3mpsZt#TD_8VKwRVQlPIMya!ve9b&+X&*Qdk6ZwY~DTI4JwYY>NS6 z59P^{LGV|*K;5*3gpxWP8u~`b%tZv4bkml)LL#G480j{eKW&k8>6ky8V=xwj44`~p z=O?c;cVC`(VpXJJxf?>|sDgkE?^bx0>cnbm?e)pPFE+PngpzlEVHf`5@8&w^^(jb9 zT{BciH?6}cRk*-Tdu*MQQ1#8#k%rkUxk&WVNF*v#ze+Z_m32Y$J!_6|lCUiqv0BMf zoXD3zoJ%R+%_i&aF~Lth)78+*VyF3j1JZ4vzP@%zy%t+-)w-k6*Z?##VZwN^S!V4 zQ$4hNRqpXwNp#%=UPfw3k;k6PqNj!)EQZHLR-(oJlFgl9F1tJ*D)qS2aYV) z-$e7Ug}46DD4fwCwBwzrg4kOQ^tYr6m9AWMk?88w!|Ch^Sn3^oP!_=UZ<5pl>LY61 zTlpGg{V=sjJqsh6JOjT&6L)U6MJD%8Wy?!wqyZgJCD$`HBgl02bPnnHpl{!8rnZE} zG-L}t}Ka}j@Gg|muT*qQM|IeLEQ`{5IRfT?-J^qJ`NjXfyb8fX(|)aH1XcAAA)KrWiL z6&0}*uKI)CgL9pHa(gV_tay_3(kKwF)K*aq_HSz~o<8F45KI#c+h+a>V@Ftr$x^gCywzBj8#-rQ|C^xp=+ZBMypqFZsGx zH4&?9tgQ`8?m+!UEKp7%7$@@E{DX|~%>Y7@<4JY1tbYQXemnb-&=6}rU+df8Q{9cM+&d-? z*RRNQe**eFDUf#6w7T!RS4UPx(oOIrMU|lZcHAUH>WCF z!EAW&9yY>hGTZOqHw5_CroE(M9n#VFI%J-EfWrvynv-YYmp2Ug=`_y6%kfU?2GzSK z&;k-qv(^>}BD0lh&*A$0m1M+ExMb2g8&=*+SS36Y>HfLK#d@OD&wXdj{AhZ zDzDfjLRpm~odl2<0fb^EW%Ugz38PqUA67Y4lR3#e_~PvEQ_Z=wXjD$^Q=!a;3q)2v zBb^^s-+UHV6U5yx(ReuzGJxTNOL3Y(yqi_LmHZ1g#J^cxgRl0&-uARAZ+7_qz#Fnd zzjl-_LEwQoFd#6Z2Lf3V?;Yk>%nT-9Q%?B%FEX~qcb7hrKw#@o*ShI-&rSwR2d`L1 z7>Na`Y^BpsYZuh_jG&j%^eYAGhd(07A8TsY&d(nj-)1!xCz7uUO912SbK6NN2G@XL zIJjPa0NyMGSP^=xXwQ5{r&ShjG}|LYjd+z=i@?xw9l?GY9pJIUy+)1VoT8e!%91Qs zF~Vx5LwGu41tb3QJsOUri6Keesi-t*D75V2;->UrU!6!cDY@*{Csu%rDr&#>4Sp{z zgUYemRy11_DK%VFXz5m* zCe{y0=l$D1@p4K`8*DgO)lfi^MMuHKn_|!=Vxq4#eBBgo!HRr>RY&w53!r0f4f6$4 zElC4wJS0J%*eciO(t1bbLw5%;=_BR*$Da;s4jsXDyIS|fvF5Vo*XYd#c=#;DS$p-< zJrG0g9!6=@+(bJx&|=6U=Egy^RvY$_DOr;xE0=Nqy&ztFPXdLL7EQN!5yX9W9%Z!X z<;z0FIi{^QrPXlC+Gxvf+iPkSHQ_fyPFo1WHApS5oPbzcOCKCuT>Ri!^=Ro+r93J# zrHEBCBhM8F6B;nj(e5TipbF~jv%9u24n_nS(GJP01-a#49zPxl;PSupF4g9Q#|*WN z7@6)g-Gi|sSj|2ax~{{x!DZ)VC~)e+RK`JdTifgSzP*r!l-k-SPY?Y*zI2|L3P6m` zM+N86(($%;eC}J&qmz;)@d#CQlI+M^=XI;jGmE?M^+}y|n45z$gm}Bt4OImfnB7se zb6Y|FfdcmTN

    Pl>MRGgSYv8K^>2-&h8#v#uTnTsu);%;o#(MD7emg^2Tg8yvZ6? zRPr1X2?kziD}BuMNfqG0BK{@`1p-dO9IcS=_k0d)Rf;X_X}3Ayhwa(Rug*HEj$mLC zEoryF#S~G+%&%7LOV8XXEaFKPY0{Okx}ZUE5Ud9muqkgE#<}eKT$y=Rw;-g?R_a9q z8VIx&Z<;@ijEg-NQIe-$jr3+e+NTQHn7Gp5i}kL<08}VMXA5GI%F8Rh+%$6r`HEES zIU~pjEE-S{jq>wc$(+vugbS_%Xq$5 z{wf3rKFUZ%-p3J>aW6}@Cq|8|m}@gmk^I&>2LZ-id$hD49@R`w1ILR?%?u3rPpMO< zV!bnbnLnRIptPG>?_@i$#)BWU) z^ui1A5o4Lr0oJbN!QDWkGikQrSf!k1O?bb2ZdObJ7fv1y20QJ0o(s<=%fx0TC{!{s zuFRslsz~QWY&r+LoKqPowlI4_UfWQz0x~r*gmXLUl}~zVo1noV!Sp}2XKiaZPuE#Y zuvg(j$jh|XZ_cxYje?u$3bWpVUsMsxwuJ+_*#M(mR0sGMvuE4@< ziF}#-GWGUJeT>rHFblP;{=d~ z&-UQHm_%Lqc9HHb{~H=DPW&FOjVF|5bU71=f&`j|opwxanz`Qw6(0npYt@!RW zM^U#FT(pSAMPepiWZF%zVU@Ii)V7{q#@#`jOcxa-=|_6VN2m0CXne8P6b9K33S1wnggA%~d=t-~IL>#y zUxib>PdtLXxCkjYJYG!&+q#a8+%pH~eO&07cITFX@Hisr9JJ@+8sU!PW;VGr!z(ES zeZ5`>H0f+9fTwT6d(G9NY2br>bno=w4q0s|Gv_$2V;jF2(jdKZ>J+coGtU@BQ+vp; zi}R~N1kBw@oQ}CdKVyJ`EE2hG+kaQmid#7v8YRZd6i|eByGW@J(QzWK${`&z3u5%u zW}}n(7#()9A?Y0w36Uj6 zZHxMRT$0gJ{Q%N{cU1kR9Pv8(5{q#c({gBpG)JEdwwm-MX*FeyYie;F1+s-()v9}IPOGe3 zHlzBYmTt_|(sii*TwWk65vdd0U*Tl#x2s@Jc28AKQF#TRsj$%%3=Lo(o!e~i8dX5t z_vGu|yP%**{)Qka@^<0kHOSj!(|0SbujGT83+Bg4Xm%13cQgpJ#&PT2E{ZAxUJKH>Zc@(dSZij68qLcCPPly9g?cYW3Af39{2huBPXu0ZkLq zOrKXtD-}c_J8N}bE~V6bxq05Sw#LS$Lj%MKArZopK1Z%Dvt{bz#is=M+Ri4y-g(=U z<7k&2>qs`DLR;(2QEb4dl8uGkgEQ`re3ZwYZM;nP!siP*xBZDZH8Zy{w?aRKk~24K zdFZlx`bdKKH|)P9X>M}*12iK50+hba(^-#*mBb#-qpds~w$>xii;S^}WZG%v4W~8P zVv`z_{VR(fJ`cf)IVUH4dG5pel+60a+qW_CHGA(=`rp;@?mGx*&Qs|(*@Wa=K zgIUH;o^24s2B1Bi19$eA=ktbwIzFuJJvZeJv_|rYYDnApeypu`&M-&~=od@AeXfm; z`(zKN7?6zhGHW`sVmN7~vo{p17-~#wxA!wBG{|IiRsei!#t4%#Mrzy9=vh5SI_1uWFTDZC~=Z}wMPf^zUN?4dofDuOg zO6o-HqW~5NF9X=wz|yQ97P*+lRz8sdo-gn#InCRco!_Mn0vFYgPMyDm)w0f`=RaQt z&?I~u|7W#5jMbWB`cOORRW3cY_Wxs4+sC+BINb5&CW``9Y&6O824!uo%7gl0I1j=~ z9{_0Mm_E=e$jrB@w3`RI=%vOUYSq*#gADe0&62f(jWor0jDWTS|?r==)c~1oc>Ca$C58t(iLSi0SXFpY_Ppf71NDjfPFt;|Br}H@YjI^#5f| zRp!Q{_3v#_|7s@?b=~n{>So|?3_uT#PoJ!(ldT`Pgj7WGy_FPQKfp$bWoqzGg&2NfJdK|aYS(y-) zWji!hvle-a*Zwcw*Z;2?%(BZP*keb=ykmXXkQ0+dsF=dmL|O7+6blRYvvc+?&2X|u zzNyHC$j0%E?L4TyF?P6=_BuJ428<>mqH*Ss4?S|a;sMc1!{}^|%|A}G$ zq435(1}^hYQ6Y~1jN$(vWrzP2IrskqRsCQ6eFr7PFNkZaX8cZ;knHdMcG$T%>LQ&# zffPuaW8#<@0S_9KoNe15HI2?^YT9phG%;1RhHMx4teW_H1|jxFRIb%!Cg&4^geU8z z5f5Eox(i=_34ODYSBfgZrTNP{!1Ckki;_vQmJApbd%?E81 zmxsTHL%3cNeDCaZAJ^a22e@P3Ucd4B0LsD);Qz63ns#N-_5bV1uoV~`4wvwtEHlN} z9Aq|>O1^0UVM+mEuO3VOJqU^aPKonxHX-;sAhVPI7jCG3-naf5r1D>ZETZrk^prdr z7xdWh6(f)g$xtB9n?w4ge+Ps= z>Pb}7)nt%U#-sn9^grp-Y5KBCv2RVs{bwzFG)DAb2ifW5hhF?9#jPdZbA1!E#`M#) zwVnxN2@wq{DT&1!Qb`wPc$fY~G|DT{l;nShwCtbzl_e`_cam1B<%OVEr9Z*y3ohso zt(woc0U?{9CXKxOJt9FY4DFT>?ii>dWU8$<{JV($r?%KR8%1Q{-2g%Fa=^4C9|rkR zJHrnp&DAbslFvuxWO=0liMK7NFhF$l!JMTwEFr!qK`4#fkEdTM^nFkF)!e!X!c}0wDvgYo5Fny@)!hQVQI1?K@I_%-zD_AH7p;65|9<0 zxpOsn_}WwMsT$=3pdqCh%YCGEw}+1YMQ}cT4yl|=zC6)1eK#GU5Oao~mfSAuE!b@| zG*8_OSr5glOff}R7xS#L=fjlZvJsK;j5fKiJfAq%TK7~FP6bI8BB4e8c=abUY2MhqAmZauseKkXk8jt+MvqYYcw;^c z#L8_V+E2!W<_Ba(D*?m~)*k@Q7Aaa0tGtO4KgmFOxohWXzNLiahy-ZHS=|L>5$!v# zk@o6pQI&p^ZP&W(8M;2diN(_3L@LdtsQ*aPcjxz?K8qtX_g>cM`<*G6dB;E6sldhj zt94o0D`bp(2LzOa(lmh62(l8-@JdP&C(a7DC3V$(_XY+lDExg{i>Ol|*QSi0YeseW z*cWu`k@+a7}?-Mra@az9GtMQC?Yi7ZA2ndB{-cUNXV(IdH^9!ap+dv ztjPo%L78fGOt!kD73}EZVIKE$g4hMa0GNWrbYY}ez8OgQq*`J=Lwv*_g5 zWUZgyvE(<=7;GG*iY$bSQ7@ysJn+NWj!O^bCx5*s(hwM1#KVIz{$^pP0f1~Os7Skj z8&rN>3LmK+BHOdB$Xt?PGelJyo~U|MyQZ$1H(+r4D|5oPS(XLD!v|K>yZ34}bS&N;+&_$!m>X_WLCV9`Q_jEXaKvr@;b2w*$QuZK4c%VD86_?_xgJCC*R2y<1s zVka1pSM2SIuc{x`P__?+S~N~{q-}<&!8_++2WI7wM!lbKI*FGh8@r^&oa1kQepMgF z%)b8z5E=s7{%=~-e;0|ae?I!*EVFSL2yE?{>?GTi;{58)zAf(}lGtU~kv7aNGID=a zb5nGwBD3CyxbMLbdrkYr%NF}nv{>PBRWGmv#qXM*fZ5L=pHw&Gohj5#ioozL4pERkn4YSg<3luSPXBa% zc}GJa0Z@C%(i5GcO-A1M)HF7D(o#zZ+iGW$O5-Iw-b3~M$Xhj5aW80!dWkRL6d*Jj zoXUa|^$H;GJl1c>={#V%?(bgjM(Gq)ojo;9RB?@st7NA%#-~s zT_Z+|rV`CtJg&D|886xldXi3zvuX9p^-ju{8`gGx_Dyk|dvy^h&qh*Z0GY?>Fnvo&8dvanQ5jvf-Wd5?&y z)dol4RST&_)~Wtz3WgV%V_Z2!u6;wlhF)J_Fm8CUx_*3stpteRpatMO1fcZx-wWVJ zaj7f!vsqp$uUM;&n3MagllSKXP>Sbr`-@DKR@q z4KP8CCnv9??YHF-vs6?qiP(fKUW3L{Nzy#bcpE&@RuHwK^dEq-P>Z562LB5hi>wGQ zz9JfDj9Ky$tcjMlzFK@<8#Hs5Cj3Z7}NmHwDq)MT#@P_|Mrmj_n@l(neq7iA=1V3i@N#OG=um}YMwD$ zR>nu1q>M@3dPGDI275AIGJSBa{s!j`s)f^?IMt*MDVsSXfchC*IVU2Wza)C-@0MtH zJHH#3+tZef6P63bhmmd2f2o=wMG5wr21Fg*B6TS9QmeDorO2M0X0l_gaQMd zNL5MqU!;FokKzBl<(Tg045uxJO}uS^d{ zkVciq6+hR~%7z7dQ*~_jO>X;!%?Ov{)u!TLX_Lz>9V$CDLT-P$`#*@{|91pIN5mX4 z0^KuO-n1~Ir9?(tyoW?|eN1b_gq!~^h1qIQsinT)*Ei^b42)JQJbpzO#{|^ zG7B5jBEAfhjUWp^_=S$?{pTUU8~*s$ALe9Dq;7>u3&j#B`a5(EKJd`pWot*zOT3`| zEm!yYv;UR7B+IMS*Df1(LqET)?56F+7e$=Zq+UN8c@$cr|KC6R|Bg#aNPgSK`{$>7 z+;=Ii&Crmgi}k1JkaM9cZ#o*xmI;y&5w)+BuE+m5BCuXKt-}fduKXJ%-ICPNlYN>i+3U-md#+|f`|Wecwf*Lq0!j$ z|Ln_Ik`nMwib4zr(ceq^f)}zyZpL1o2nivQE|fg<*V+$9bKW@QX-3x34<_KfHg0cD z)ft_PNkS{m5r5HvULu8@e&=`!Q4a<)OK_f8U2JK|32U<}nm(~p#g^q>UK}dja_Sv) zVfr_-OJoz+$t2T~{;CP~X8({~`jn|Es*dGe&E$uh-Q=mrnw{u>Fa3}0@a<5;uNBP0 z17GKKW`8v|zQ*oE4&X9EgDxRGD)D3b+Zh|Krz3F^7n@#rwBpInQuFs#)&B;S>OOVm z;tINN-hJPtyZgS&n(6+BgAKeMu1g8ql8_Wv-u{WsXQ_Y)F? zMiZy#IOrMX1*Z=Zfb@jaDZ4PMu7v^X^JJ^PG@LxGj)Y*3*ea0hS1Z=LXS{vXMn|Ho zsb9@C%83gA`9HYtTtk%uk05PF_Gg_eo+FUf!C#-cp0;m>jwSAtiY@yKUA;*9XR4L% zciiQlom&HE`nm2>*&+OcUJGtNWjQ>segwWawY}mTL*|cmWNrW<$Uuhs21EXBHNR_b zNw*fpw_a%cq-|ViON7!skXkmrnZ1L0L$OpenSearch index management + +Malcolm releases prior to v6.2.0 used environment variables to configure OpenSearch [Index State Management](https://opensearch.org/docs/latest/im-plugin/ism/index/) [policies](https://opensearch.org/docs/latest/im-plugin/ism/policies/). + +Since then, OpenSearch Dashboards has developed and released plugins with UIs for [Index State Management](https://opensearch.org/docs/latest/im-plugin/ism/index/) and [Snapshot Management](https://opensearch.org/docs/latest/opensearch/snapshots/sm-dashboards/). Because these plugins provide a more comprehensive and user-friendly interfaces for these features, the old environment variable-based configuration code has been removed from Malcolm, with the exception of the code that uses `OPENSEARCH_INDEX_SIZE_PRUNE_LIMIT` and `OPENSEARCH_INDEX_SIZE_PRUNE_NAME_SORT` which deals with deleting the oldest network session metadata indices when the database exceeds a certain size. + +Note that OpenSearch index state management and snapshot management only deals with disk space consumed by OpenSearch indices: it does not have anything to do with PCAP file storage. The `MANAGE_PCAP_FILES` environment variable in the [`docker-compose.yml`](#DockerComposeYml) file can be used to allow Arkime to prune old PCAP files based on available disk space. \ No newline at end of file diff --git a/docs/live-analysis.md b/docs/live-analysis.md new file mode 100644 index 000000000..30aa86b85 --- /dev/null +++ b/docs/live-analysis.md @@ -0,0 +1,57 @@ +## Live analysis + +### Using a network sensor appliance + +A dedicated network sensor appliance is the recommended method for capturing and analyzing live network traffic when performance and throughput is of utmost importance. [Hedgehog Linux](./sensor-iso/README.md) is a custom Debian-based operating system built to: + +* monitor network interfaces +* capture packets to PCAP files +* detect file transfers in network traffic and extract and scan those files for threats +* generate and forward Zeek and Suricata logs, Arkime sessions, and other information to [Malcolm](https://github.com/idaholab/Malcolm) + +Please see the [Hedgehog Linux README](./sensor-iso/README.md) for more information. + +### Monitoring local network interfaces + +Malcolm's `pcap-capture`, `suricata-live` and `zeek-live` containers can monitor one or more local network interfaces, specified by the `PCAP_IFACE` environment variable in [`docker-compose.yml`](#DockerComposeYml). These containers are started with additional privileges (`IPC_LOCK`, `NET_ADMIN`, `NET_RAW`, and `SYS_ADMIN`) to allow opening network interfaces in promiscuous mode for capture. + +The instances of Zeek and Suricata (in the `suricata-live` and `zeek-live` containers when the `SURICATA_LIVE_CAPTURE` and `ZEEK_LIVE_CAPTURE` environment variables in [`docker-compose.yml`](#DockerComposeYml) are set to `true`, respectively) analyze traffic on-the-fly and generate log files containing network session metadata. These log files are in turn scanned by Filebeat and forwarded to Logstash for enrichment and indexing into the OpenSearch document store. + +In contrast, the `pcap-capture` container buffers traffic to PCAP files and periodically rotates these files for processing (by Arkime's `capture` utlity in the `arkime` container) according to the thresholds defined by the `PCAP_ROTATE_MEGABYTES` and `PCAP_ROTATE_MINUTES` environment variables in [`docker-compose.yml`](#DockerComposeYml). If for some reason (e.g., a low resources environment) you also want Zeek and Suricata to process these intermediate PCAP files rather than monitoring the network interfaces directly, you can set `SURICATA_ROTATED_PCAP`/`ZEEK_ROTATED_PCAP` to `true` and `SURICATA_LIVE_CAPTURE`/`ZEEK_LIVE_CAPTURE` to false. + +These various options for monitoring traffic on local network interfaces can also be configured by running [`./scripts/install.py --configure`](#ConfigAndTuning). + +Note that currently Microsoft Windows and Apple macOS platforms run Docker inside of a virtualized environment. Live traffic capture and analysis on those platforms would require additional configuration of virtual interfaces and port forwarding in Docker which is outside of the scope of this document. + +### Manually forwarding logs from an external source + +Malcolm's Logstash instance can also be configured to accept logs from a [remote forwarder](https://www.elastic.co/products/beats/filebeat) by running [`./scripts/install.py --configure`](#ConfigAndTuning) and answering "yes" to "`Expose Logstash port to external hosts?`." Enabling encrypted transport of these logs files is discussed in [Configure authentication](#AuthSetup) and the description of the `BEATS_SSL` environment variable in the [`docker-compose.yml`](#DockerComposeYml) file. + +Configuring Filebeat to forward Zeek logs to Malcolm might look something like this example [`filebeat.yml`](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-reference-yml.html): +``` +filebeat.inputs: +- type: log + paths: + - /var/zeek/*.log + fields_under_root: true + compression_level: 0 + exclude_lines: ['^\s*#'] + scan_frequency: 10s + clean_inactive: 180m + ignore_older: 120m + close_inactive: 90m + close_renamed: true + close_removed: true + close_eof: false + clean_renamed: true + clean_removed: true + +output.logstash: + hosts: ["192.0.2.123:5044"] + ssl.enabled: true + ssl.certificate_authorities: ["/foo/bar/ca.crt"] + ssl.certificate: "/foo/bar/client.crt" + ssl.key: "/foo/bar/client.key" + ssl.supported_protocols: "TLSv1.2" + ssl.verification_mode: "none" +``` \ No newline at end of file diff --git a/docs/main.md b/docs/main.md new file mode 100644 index 000000000..f25a0699b --- /dev/null +++ b/docs/main.md @@ -0,0 +1,178 @@ +# Malcolm + +![](./images/logo/Malcolm_banner.png) + +[Malcolm](https://github.com/idaholab/Malcolm) is a powerful network traffic analysis tool suite designed with the following goals in mind: + +* **Easy to use** – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is automatically normalized, enriched, and correlated for analysis. +* **Powerful traffic analysis** – Visibility into network communications is provided through two intuitive interfaces: OpenSearch Dashboards, a flexible data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols; and Arkime (formerly Moloch), a powerful tool for finding and identifying the network sessions comprising suspected security incidents. +* **Streamlined deployment** – Malcolm operates as a cluster of Docker containers, isolated sandboxes which each serve a dedicated function of the system. This Docker-based deployment model, combined with a few simple scripts for setup and run-time management, makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases, whether it be for long-term deployment on a Linux server in a security operations center (SOC) or for incident response on a Macbook for an individual engagement. +* **Secure communications** – All communications with Malcolm, both from the user interface and from remote log forwarders, are secured with industry standard encryption protocols. +* **Permissive license** – Malcolm is comprised of several widely used open source tools, making it an attractive alternative to security solutions requiring paid licenses. +* **Expanding control systems visibility** – While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common ICS protocols. + +Although all of the open source tools which make up Malcolm are already available and in general use, Malcolm provides a framework of interconnectivity which makes it greater than the sum of its parts. And while there are many other network traffic analysis solutions out there, ranging from complete Linux distributions like Security Onion to licensed products like Splunk Enterprise Security, the creators of Malcolm feel its easy deployment and robust combination of tools fill a void in the network security space that will make network traffic analysis accessible to many in both the public and private sectors as well as individual enthusiasts. + +In short, Malcolm provides an easily deployable network analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs. While Internet access is required to build it, it is not required at runtime. + +## Share your feedback + +You can help steer Malcolm's development by sharing your ideas and feedback. Please take a few minutes to complete [this survey ↪](https://forms.gle/JYt9QwA5C4SYX8My6) (hosted on Google Forms) so we can understand the members of the Malcolm community and their use cases for this tool. + +## Table of Contents + +* [Automated Build Workflows Status](#BuildBadges) +* [Quick start](#QuickStart) + * [Getting Malcolm](#GetMalcolm) + * [User interface](#UserInterfaceURLs) +* [Overview](#Overview) +* [Components](#Components) +* [Supported Protocols](#Protocols) +* [Development](#Development) + * [Building from source](#Build) +* [Pre-Packaged installation files](#Packager) +* [Preparing your system](#Preparing) + * [Recommended system requirements](#SystemRequirements) + * [System configuration and tuning](#ConfigAndTuning) + * [`docker-compose.yml` parameters](#DockerComposeYml) + * [Linux host system configuration](#HostSystemConfigLinux) + * [macOS host system configuration](#HostSystemConfigMac) + * [Windows host system configuration](#HostSystemConfigWindows) +* [Running Malcolm](#Running) + * [OpenSearch instances](#OpenSearchInstance) + * [Authentication and authorization for remote OpenSearch clusters](#OpenSearchAuth) + * [Configure authentication](#AuthSetup) + * [Local account management](#AuthBasicAccountManagement) + * [Lightweight Directory Access Protocol (LDAP) authentication](#AuthLDAP) + - [LDAP connection security](#AuthLDAPSecurity) + * [TLS certificates](#TLSCerts) + * [Starting Malcolm](#Starting) + * [Stopping and restarting Malcolm](#StopAndRestart) + * [Clearing Malcolm's data](#Wipe) + * [Temporary read-only interface](#ReadOnlyUI) +* [Capture file and log archive upload](#Upload) + - [Tagging](#Tagging) + - [Processing uploaded PCAPs with Zeek and Suricata](#UploadPCAPProcessors) +* [Live analysis](#LiveAnalysis) + * [Using a network sensor appliance](#Hedgehog) + * [Monitoring local network interfaces](#LocalPCAP) + * [Manually forwarding logs from an external source](#ExternalForward) +* [Arkime](#Arkime) + * [Zeek log integration](#ArkimeZeek) + - [Correlating Zeek logs and Arkime sessions](#ZeekArkimeFlowCorrelation) + * [Help](#ArkimeHelp) + * [Sessions](#ArkimeSessions) + * [PCAP Export](#ArkimePCAPExport) + * [SPIView](#ArkimeSPIView) + * [SPIGraph](#ArkimeSPIGraph) + * [Connections](#ArkimeConnections) + * [Hunt](#ArkimeHunt) + * [Statistics](#ArkimeStats) + * [Settings](#ArkimeSettings) +* [OpenSearch Dashboards](#Dashboards) + * [Discover](#Discover) + - [Screenshots](#DiscoverGallery) + * [Visualizations and dashboards](#DashboardsVisualizations) + - [Prebuilt visualizations and dashboards](#PrebuiltVisualizations) + - [Screenshots](#PrebuiltVisualizationsGallery) + - [Building your own visualizations and dashboards](#BuildDashboard) + + [Screenshots](#NewVisualizationsGallery) +* [Search Queries in Arkime and OpenSearch](#SearchCheatSheet) +* [Other Malcolm features](#MalcolmFeatures) + - [Automatic file extraction and scanning](#ZeekFileExtraction) + - [Automatic host and subnet name assignment](#HostAndSubnetNaming) + + [IP/MAC address to hostname mapping via `host-map.txt`](#HostNaming) + + [CIDR subnet to network segment name mapping via `cidr-map.txt`](#SegmentNaming) + + [Defining hostname and CIDR subnet names interface](#NameMapUI) + + [Applying mapping changes](#ApplyMapping) + - [OpenSearch index management](#IndexManagement) + - [Event severity scoring](#Severity) + + [Customizing event severity scoring](#SeverityConfig) + - [Zeek Intelligence Framework](#ZeekIntel) + + [STIX™ and TAXII™](#ZeekIntelSTIX) + + [MISP](#ZeekIntelMISP) + - [Anomaly Detection](#AnomalyDetection) + - [Alerting](#Alerting) + + [Email Sender Accounts](#AlertingEmail) + - ["Best Guess" Fingerprinting for ICS Protocols](#ICSBestGuess) + - [Asset Management with NetBox](#NetBox) + - [CyberChef](#CyberChef) + - [API](#API) + + [Examples](#APIExamples) +* [Ingesting Third-party Logs](#ThirdPartyLogs) +* [Malcolm installer ISO](#ISO) + * [Installation](#ISOInstallation) + * [Generating the ISO](#ISOBuild) + * [Setup](#ISOSetup) + * [Time synchronization](#ConfigTime) + * [Hardening](#Hardening) + * [Compliance Exceptions](#ComplianceExceptions) +* [Installation example using Ubuntu 22.04 LTS](#InstallationExample) +* [Upgrading Malcolm](#UpgradePlan) +* [Modifying or Contributing to Malcolm](#Contributing) +* [Forks](#Forks) +* [Copyright](#Footer) +* [Contact](#Contact) + +## Automated Builds Status + +See [**Building from source**](#Build) to read how you can use GitHub [workflow files](./.github/workflows/) to build Malcolm. + +![api-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/api-build-and-push-ghcr/badge.svg) +![arkime-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/arkime-build-and-push-ghcr/badge.svg) +![dashboards-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/dashboards-build-and-push-ghcr/badge.svg) +![dashboards-helper-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/dashboards-helper-build-and-push-ghcr/badge.svg) +![file-monitor-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/file-monitor-build-and-push-ghcr/badge.svg) +![file-upload-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/file-upload-build-and-push-ghcr/badge.svg) +![filebeat-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/filebeat-build-and-push-ghcr/badge.svg) +![freq-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/freq-build-and-push-ghcr/badge.svg) +![htadmin-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/htadmin-build-and-push-ghcr/badge.svg) +![logstash-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/logstash-build-and-push-ghcr/badge.svg) +![name-map-ui-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/name-map-ui-build-and-push-ghcr/badge.svg) +![nginx-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/nginx-build-and-push-ghcr/badge.svg) +![opensearch-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/opensearch-build-and-push-ghcr/badge.svg) +![pcap-capture-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/pcap-capture-build-and-push-ghcr/badge.svg) +![pcap-monitor-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/pcap-monitor-build-and-push-ghcr/badge.svg) +![suricata-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/suricata-build-and-push-ghcr/badge.svg) +![zeek-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/zeek-build-and-push-ghcr/badge.svg) +![malcolm-iso-build-docker-wrap-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/malcolm-iso-build-docker-wrap-push-ghcr/badge.svg) +![sensor-iso-build-docker-wrap-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/sensor-iso-build-docker-wrap-push-ghcr/badge.svg) + +## Overview + +![Malcolm Network Diagram](./images/malcolm_network_diagram.png) + +Malcolm processes network traffic data in the form of packet capture (PCAP) files or Zeek logs. A [sensor](#Hedgehog) (packet capture appliance) monitors network traffic mirrored to it over a SPAN port on a network switch or router, or using a network TAP device. [Zeek](https://www.zeek.org/index.html) logs and [Arkime](https://molo.ch/) sessions are generated containing important session metadata from the traffic observed, which are then securely forwarded to a Malcolm instance. Full PCAP files are optionally stored locally on the sensor device for examination later. + +Malcolm parses the network session data and enriches it with additional lookups and mappings including GeoIP mapping, hardware manufacturer lookups from [organizationally unique identifiers (OUI)](http://standards-oui.ieee.org/oui/oui.txt) in MAC addresses, assigning names to [network segments](#SegmentNaming) and [hosts](#HostNaming) based on user-defined IP address and MAC mappings, performing [TLS fingerprinting](#https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967), and many others. + +The enriched data is stored in an [OpenSearch](https://opensearch.org/) document store in a format suitable for analysis through two intuitive interfaces: OpenSearch Dashboards, a flexible data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols; and Arkime, a powerful tool for finding and identifying the network sessions comprising suspected security incidents. These tools can be accessed through a web browser from analyst workstations or for display in a security operations center (SOC). Logs can also optionally be forwarded on to another instance of Malcolm. + +![Malcolm Data Pipeline](./images/malcolm_data_pipeline.png) + +For smaller networks, use at home by network security enthusiasts, or in the field for incident response engagements, Malcolm can also easily be deployed locally on an ordinary consumer workstation or laptop. Malcolm can process local artifacts such as locally-generated Zeek logs, locally-captured PCAP files, and PCAP files collected offline without the use of a dedicated sensor appliance. + +## Forks + +[CISA](https://www.cisa.gov/) maintains the upstream source code repository for Malcolm at [https://github.com/cisagov/Malcolm](https://github.com/cisagov/Malcolm). The [Idaho National Lab](https://inl.gov/)'s fork of Malcolm, which is currently kept up-to-date with CISA's upstream development, can be found at [https://github.com/idaholab/Malcolm](https://github.com/idaholab/Malcolm). + +## Copyright + +[Malcolm](https://github.com/idaholab/Malcolm) is Copyright 2022 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the [Cybersecurity and Infrastructure Security Agency](https://www.cisa.gov/) of the [U.S. Department of Homeland Security](https://www.dhs.gov/). + +See [`License.txt`](./License.txt) for the terms of its release. + +## Other Software + +Idaho National Laboratory is a cutting edge research facility which is constantly producing high quality research and software. Feel free to take a look at our other software and scientific offerings at: + +* [Primary Technology Offerings Page](https://www.inl.gov/inl-initiatives/technology-deployment) +* [Supported Open Source Software](https://github.com/idaholab) +* [Raw Experiment Open Source Software](https://github.com/IdahoLabResearch) +* [Unsupported Open Source Software](https://github.com/IdahoLabCuttingBoard) + +## Contact information of author(s): + +[malcolm@inl.gov](mailto:malcolm@inl.gov?subject=Malcolm) + +[![Join the chat at https://gitter.im/malcolmnetsec/community](https://badges.gitter.im/malcolmnetsec/community.svg)](https://gitter.im/malcolmnetsec/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) diff --git a/docs/malcolm-iso.md b/docs/malcolm-iso.md new file mode 100644 index 000000000..cfb3f9182 --- /dev/null +++ b/docs/malcolm-iso.md @@ -0,0 +1,81 @@ +## Malcolm installer ISO + +Malcolm's Docker-based deployment model makes Malcolm able to run on a variety of platforms. However, in some circumstances (for example, as a long-running appliance as part of a security operations center, or inside of a virtual machine) it may be desirable to install Malcolm as a dedicated standalone installation. + +Malcolm can be packaged into an installer ISO based on the current [stable release](https://wiki.debian.org/DebianStable) of [Debian](https://www.debian.org/). This [customized Debian installation](https://wiki.debian.org/DebianLive) is preconfigured with the bare minimum software needed to run Malcolm. + +### Generating the ISO + +Official downloads of the Malcolm installer ISO are not provided: however, it can be built easily on an internet-connected Linux host with Vagrant: + +* [Vagrant](https://www.vagrantup.com/) + - [`vagrant-reload`](https://github.com/aidanns/vagrant-reload) plugin + - [`vagrant-sshfs`](https://github.com/dustymabe/vagrant-sshfs) plugin + - [`bento/debian-11`](https://app.vagrantup.com/bento/boxes/debian-11) Vagrant box + +The build should work with either the [VirtualBox](https://www.virtualbox.org/) provider or the [libvirt](https://libvirt.org/) provider: + +* [VirtualBox](https://www.virtualbox.org/) [provider](https://www.vagrantup.com/docs/providers/virtualbox) + - [`vagrant-vbguest`](https://github.com/dotless-de/vagrant-vbguest) plugin +* [libvirt](https://libvirt.org/) + - [`vagrant-libvirt`](https://github.com/vagrant-libvirt/vagrant-libvirt) provider plugin + - [`vagrant-mutate`](https://github.com/sciurus/vagrant-mutate) plugin to convert [`bento/debian-11`](https://app.vagrantup.com/bento/boxes/debian-11) Vagrant box to `libvirt` format + +To perform a clean build the Malcolm installer ISO, navigate to your local Malcolm working copy and run: + +``` +$ ./malcolm-iso/build_via_vagrant.sh -f +… +Starting build machine... +Bringing machine 'default' up with 'virtualbox' provider... +… +``` + +Building the ISO may take 30 minutes or more depending on your system. As the build finishes, you will see the following message indicating success: + +``` +… +Finished, created "/malcolm-build/malcolm-iso/malcolm-6.4.0.iso" +… +``` + +By default, Malcolm's Docker images are not packaged with the installer ISO, assuming instead that you will pull the [latest images](https://hub.docker.com/u/malcolmnetsec) with a `docker-compose pull` command as described in the [Quick start](#QuickStart) section. If you wish to build an ISO with the latest Malcolm images included, follow the directions to create [pre-packaged installation files](#Packager), which include a tarball with a name like `malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz`. Then, pass that images tarball to the ISO build script with a `-d`, like this: + +``` +$ ./malcolm-iso/build_via_vagrant.sh -f -d malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz +… +``` + +A system installed from the resulting ISO will load the Malcolm Docker images upon first boot. This method is desirable when the ISO is to be installed in an "air gapped" environment or for distribution to non-networked machines. + +Alternately, if you have forked Malcolm on GitHub, [workflow files](./.github/workflows/) are provided which contain instructions for GitHub to build the docker images and [sensor](#Hedgehog) and [Malcolm](#ISO) installer ISOs, specifically [`malcolm-iso-build-docker-wrap-push-ghcr.yml`](./.github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml) for the Malcolm ISO. You'll need to run the workflows to build and push your fork's Malcolm docker images before building the ISO. The resulting ISO file is wrapped in a Docker image that provides an HTTP server from which the ISO may be downloaded. + +### Installation + +The installer is designed to require as little user input as possible. For this reason, there are NO user prompts and confirmations about partitioning and reformatting hard disks for use by the operating system. The installer assumes that all non-removable storage media (eg., SSD, HDD, NVMe, etc.) are available for use and ⛔🆘😭💀 ***will partition and format them without warning*** 💀😭🆘⛔. + +The installer will ask for several pieces of information prior to installing the Malcolm base operating system: + +* Hostname +* Domain name +* Root password – (optional) a password for the privileged root account which is rarely needed +* User name: the name for the non-privileged service account user account under which the Malcolm runs +* User password – a password for the non-privileged sensor account +* Encryption password (optional) – if the encrypted installation option was selected at boot time, the encryption password must be entered every time the system boots + +At the end of the installation process, you will be prompted with a few self-explanatory yes/no questions: + +* **Disable IPv6?** +* **Automatically login to the GUI session?** +* **Should the GUI session be locked due to inactivity?** +* **Display the [Standard Mandatory DoD Notice and Consent Banner](https://www.stigviewer.com/stig/application_security_and_development/2018-12-24/finding/V-69349)?** *(only applies when installed on U.S. government information systems)* + +Following these prompts, the installer will reboot and the Malcolm base operating system will boot. + +### Setup + +When the system boots for the first time, the Malcolm Docker images will load if the installer was built with pre-packaged installation files as described above. Wait for this operation to continue (the progress dialog will disappear when they have finished loading) before continuing the setup. + +Open a terminal (click the red terminal 🗔 icon next to the Debian swirl logo 🍥 menu button in the menu bar). At this point, setup is similar to the steps described in the [Quick start](#QuickStart) section. Navigate to the Malcolm directory (`cd ~/Malcolm`) and run [`auth_setup`](#AuthSetup) to configure authentication. If the ISO didn't have pre-packaged Malcolm images, or if you'd like to retrieve the latest updates, run `docker-compose pull`. Finalize your configuration by running `scripts/install.py --configure` and follow the prompts as illustrated in the [installation example](#InstallationExample). + +Once Malcolm is configured, you can [start Malcolm](#Starting) via the command line or by clicking the circular yellow Malcolm icon in the menu bar. \ No newline at end of file diff --git a/docs/malcolm-upgrade.md b/docs/malcolm-upgrade.md new file mode 100644 index 000000000..b8c7803dd --- /dev/null +++ b/docs/malcolm-upgrade.md @@ -0,0 +1,73 @@ +## Upgrading Malcolm + +At this time there is not an "official" upgrade procedure to get from one version of Malcolm to the next, as it may vary from platform to platform. However, the process is fairly simple can be done by following these steps: + +### Update the underlying system + +You may wish to get the official updates for the underlying system's software packages before you proceed. Consult the documentation of your operating system for how to do this. + +If you are upgrading an Malcolm instance installed from [Malcolm installation ISO](#ISOInstallation), follow scenario 2 below. Due to the Malcolm base operating system's [hardened](#Hardening) configuration, when updating the underlying system, temporarily set the umask value to Debian default (`umask 0022` in the root shell in which updates are being performed) instead of the more restrictive Malcolm default. This will allow updates to be applied with the right permissions. + +### Scenario 1: Malcolm is a GitHub clone + +If you checked out a working copy of the Malcolm repository from GitHub with a `git clone` command, here are the basic steps to performing an upgrade: + +1. stop Malcolm + * `./scripts/stop` +2. stash changes to `docker-compose.yml` and other files + * `git stash save "pre-upgrade Malcolm configuration changes"` +3. pull changes from GitHub repository + * `git pull --rebase` +4. pull new Docker images (this will take a while) + * `docker-compose pull` +5. apply saved configuration change stashed earlier + * `git stash pop` +6. if you see `Merge conflict` messages, resolve the [conflicts](https://git-scm.com/book/en/v2/Git-Branching-Basic-Branching-and-Merging#_basic_merge_conflicts) with your favorite text editor +7. you may wish to re-run `install.py --configure` as described in [System configuration and tuning](#ConfigAndTuning) in case there are any new `docker-compose.yml` parameters for Malcolm that need to be set up +8. start Malcolm + * `./scripts/start` +9. you may be prompted to [configure authentication](#AuthSetup) if there are new authentication-related files that need to be generated + * you probably do not need to re-generate self-signed certificates + +### Scenario 2: Malcolm was installed from a packaged tarball + +If you installed Malcolm from [pre-packaged installation files](https://github.com/idaholab/Malcolm#Packager), here are the basic steps to perform an upgrade: + +1. stop Malcolm + * `./scripts/stop` +2. uncompress the new pre-packaged installation files (using `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` as an example, the file and/or directory names will be different depending on the release) + * `tar xf malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` +3. backup current Malcolm scripts, configuration files and certificates + * `mkdir -p ./upgrade_backup_$(date +%Y-%m-%d)` + * `cp -r filebeat/ htadmin/ logstash/ nginx/ auth.env cidr-map.txt docker-compose.yml host-map.txt net-map.json ./scripts ./README.md ./upgrade_backup_$(date +%Y-%m-%d)/` +3. replace scripts and local documentation in your existing installation with the new ones + * `rm -rf ./scripts ./README.md` + * `cp -r ./malcolm_YYYYMMDD_HHNNSS_xxxxxxx/scripts ./malcolm_YYYYMMDD_HHNNSS_xxxxxxx/README.md ./` +4. replace (overwrite) `docker-compose.yml` file with new version + * `cp ./malcolm_YYYYMMDD_HHNNSS_xxxxxxx/docker-compose.yml ./docker-compose.yml` +5. re-run `./scripts/install.py --configure` as described in [System configuration and tuning](#ConfigAndTuning) +6. using a file comparison tool (e.g., `diff`, `meld`, `Beyond Compare`, etc.), compare `docker-compose.yml` and the `docker-compare.yml` file you backed up in step 3, and manually migrate over any customizations you wish to preserve from that file (e.g., `PCAP_FILTER`, `MAXMIND_GEOIP_DB_LICENSE_KEY`, `MANAGE_PCAP_FILES`; [anything else](#DockerComposeYml) you may have edited by hand in `docker-compose.yml` that's not prompted for in `install.py --configure`) +7. pull the new docker images (this will take a while) + * `docker-compose pull` to pull them from Docker Hub or `docker-compose load -i malcolm_YYYYMMDD_HHNNSS_xxxxxxx_images.tar.gz` if you have an offline tarball of the Malcolm docker images +8. start Malcolm + * `./scripts/start` +9. you may be prompted to [configure authentication](#AuthSetup) if there are new authentication-related files that need to be generated + * you probably do not need to re-generate self-signed certificates + +### Post-upgrade + +#### Monitoring Malcolm + +If you are technically-minded, you may wish to follow the debug output provided by `./scripts/start` (or `./scripts/logs` if you need to re-open the log stream after you've closed it), although there is a lot there and it may be hard to distinguish whether or not something is okay. + +Running `docker-compose ps -a` should give you a good idea if all of Malcolm's Docker containers started up and, in some cases, may be able to indicate if the containers are "healthy" or not. + +After upgrading following one of the previous outlines, give Malcolm several minutes to get started. Once things are up and running, open one of Malcolm's [web interfaces](#UserInterfaceURLs) to verify that things are working. + +#### Loading new OpenSearch Dashboards visualizations + +Once the upgraded instance Malcolm has started up, you'll probably want to import the new dashboards and visualizations for OpenSearch Dashboards. You can signal Malcolm to load the new visualizations by opening OpenSearch Dashboards, clicking **Management** → **Index Patterns**, then selecting the `arkime_sessions3-*` index pattern and clicking the delete **🗑** button near the upper-right of the window. Confirm the **Delete index pattern?** prompt by clicking **Delete**. Close the OpenSearch Dashboards browser window. After a few minutes the missing index pattern will be detected and OpenSearch Dashboards will be signalled to load its new dashboards and visualizations. + +### Major releases + +The Malcolm project uses [semantic versioning](https://semver.org/) when choosing version numbers. If you are moving between major releases (e.g., from v4.0.1 to v5.0.0), you're likely to find that there are enough major backwards compatibility-breaking changes that upgrading may not be worth the time and trouble. A fresh install is strongly recommended between major releases. \ No newline at end of file diff --git a/docs/netbox.md b/docs/netbox.md new file mode 100644 index 000000000..43b45b6c1 --- /dev/null +++ b/docs/netbox.md @@ -0,0 +1,7 @@ +### Asset Management with NetBox + +Malcolm provides an instance of [NetBox](https://netbox.dev/), an open-source "solution for modeling and documenting modern networks." The NetBox web interface is available at at [https://localhost/netbox/](https://localhost/netbox/) if you are connecting locally. + +The design of a potentially deeper integration between Malcolm and Netbox is a work in progress. The purpose of an asset management system is to document the intended state of a network: were Malcolm to actively and agressively populate NetBox with the live network state, a network configuration fault could result in an incorrect documented configuration. The Malcolm development team is investigating what data, if any, should automatically flow to NetBox based on traffic observed (enabled via the `NETBOX_CRON` [environment variable in `docker-compose.yml`](#DockerComposeYml)), and what NetBox inventory data could be used, if any, to enrich Malcolm's network traffic metadata. Well-considered suggestions in this area [are welcome](mailto:malcolm@inl.gov?subject=NetBox). + +Please see the [NetBox page on GitHub](https://github.com/netbox-community/netbox), its [documentation](https://docs.netbox.dev/en/stable/) and its [public demo](https://demo.netbox.dev/) for more information. \ No newline at end of file diff --git a/docs/preparation.md b/docs/preparation.md new file mode 100644 index 000000000..4180d587b --- /dev/null +++ b/docs/preparation.md @@ -0,0 +1,233 @@ +## Preparing your system + +### Recommended system requirements + +Malcolm runs on top of [Docker](https://www.docker.com/) which runs on recent releases of Linux, Apple macOS and Microsoft Windows 10. + +To quote the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/guide/current/hardware.html), "If there is one resource that you will run out of first, it will likely be memory." The same is true for Malcolm: you will want at least 16 gigabytes of RAM to run Malcolm comfortably. For processing large volumes of traffic, I'd recommend at a bare minimum a dedicated server with 16 cores and 16 gigabytes of RAM. Malcolm can run on less, but more is better. You're going to want as much hard drive space as possible, of course, as the amount of PCAP data you're able to analyze and store will be limited by your hard drive. + +Arkime's wiki has a couple of documents ([here](https://github.com/arkime/arkime#hardware-requirements) and [here](https://github.com/arkime/arkime/wiki/FAQ#what-kind-of-capture-machines-should-we-buy) and [here](https://github.com/arkime/arkime/wiki/FAQ#how-many-elasticsearch-nodes-or-machines-do-i-need) and a [calculator here](https://molo.ch/#estimators)) which may be helpful, although not everything in those documents will apply to a Docker-based setup like Malcolm. + +### System configuration and tuning + +If you already have Docker and Docker Compose installed, the `install.py` script can still help you tune system configuration and `docker-compose.yml` parameters for Malcolm. To run it in "configuration only" mode, bypassing the steps to install Docker and Docker Compose, run it like this: +``` +./scripts/install.py --configure +``` + +Although `install.py` will attempt to automate many of the following configuration and tuning parameters, they are nonetheless listed in the following sections for reference: + +#### `docker-compose.yml` parameters + +Edit `docker-compose.yml` and search for the `OPENSEARCH_JAVA_OPTS` key. Edit the `-Xms4g -Xmx4g` values, replacing `4g` with a number that is half of your total system memory, or just under 32 gigabytes, whichever is less. So, for example, if I had 64 gigabytes of memory I would edit those values to be `-Xms31g -Xmx31g`. This indicates how much memory can be allocated to the OpenSearch heaps. For a pleasant experience, I would suggest not using a value under 10 gigabytes. Similar values can be modified for Logstash with `LS_JAVA_OPTS`, where using 3 or 4 gigabytes is recommended. + +Various other environment variables inside of `docker-compose.yml` can be tweaked to control aspects of how Malcolm behaves, particularly with regards to processing PCAP files and Zeek logs. The environment variables of particular interest are located near the top of that file under **Commonly tweaked configuration options**, which include: + +* `ARKIME_ANALYZE_PCAP_THREADS` – the number of threads available to Arkime for analyzing PCAP files (default `1`) +* `AUTO_TAG` – if set to `true`, Malcolm will automatically create Arkime sessions and Zeek logs with tags based on the filename, as described in [Tagging](#Tagging) (default `true`) +* `BEATS_SSL` – if set to `true`, Logstash will use require encrypted communications for any external [Beats](https://www.elastic.co/guide/en/logstash/current/plugins-inputs-beats.html)-based forwarders from which it will accept logs (default `true`) +* `CONNECTION_SECONDS_SEVERITY_THRESHOLD` - when [severity scoring](#Severity) is enabled, this variable indicates the duration threshold (in seconds) for assigning severity to long connections (default `3600`) +* `EXTRACTED_FILE_CAPA_VERBOSE` – if set to `true`, all Capa rule hits will be logged; otherwise (`false`) only [MITRE ATT&CK® technique](https://attack.mitre.org/techniques) classifications will be logged +* `EXTRACTED_FILE_ENABLE_CAPA` – if set to `true`, [Zeek-extracted files](#ZeekFileExtraction) that are determined to be PE (portable executable) files will be scanned with [Capa](https://github.com/fireeye/capa) +* `EXTRACTED_FILE_ENABLE_CLAMAV` – if set to `true`, [Zeek-extracted files](#ZeekFileExtraction) will be scanned with [ClamAV](https://www.clamav.net/) +* `EXTRACTED_FILE_ENABLE_YARA` – if set to `true`, [Zeek-extracted files](#ZeekFileExtraction) will be scanned with [Yara](https://github.com/VirusTotal/yara) +* `EXTRACTED_FILE_HTTP_SERVER_ENABLE` – if set to `true`, the directory containing [Zeek-extracted files](#ZeekFileExtraction) will be served over HTTP at `./extracted-files/` (e.g., [https://localhost/extracted-files/](https://localhost/extracted-files/) if you are connecting locally) +* `EXTRACTED_FILE_HTTP_SERVER_ENCRYPT` – if set to `true`, those Zeek-extracted files will be AES-256-CBC-encrypted in an `openssl enc`-compatible format (e.g., `openssl enc -aes-256-cbc -d -in example.exe.encrypted -out example.exe`) +* `EXTRACTED_FILE_HTTP_SERVER_KEY` – specifies the AES-256-CBC decryption password for encrypted Zeek-extracted files; used in conjunction with `EXTRACTED_FILE_HTTP_SERVER_ENCRYPT` +* `EXTRACTED_FILE_IGNORE_EXISTING` – if set to `true`, files extant in `./zeek-logs/extract_files/` directory will be ignored on startup rather than scanned +* `EXTRACTED_FILE_PRESERVATION` – determines behavior for preservation of [Zeek-extracted files](#ZeekFileExtraction) +* `EXTRACTED_FILE_UPDATE_RULES` – if set to `true`, file scanner engines (e.g., ClamAV, Capa, Yara) will periodically update their rule definitions +* `EXTRACTED_FILE_YARA_CUSTOM_ONLY` – if set to `true`, Malcolm will bypass the default [Yara ruleset](https://github.com/Neo23x0/signature-base) and use only user-defined rules in `./yara/rules` +* `FREQ_LOOKUP` - if set to `true`, domain names (from DNS queries and SSL server names) will be assigned entropy scores as calculated by [`freq`](https://github.com/MarkBaggett/freq) (default `false`) +* `FREQ_SEVERITY_THRESHOLD` - when [severity scoring](#Severity) is enabled, this variable indicates the entropy threshold for assigning severity to events with entropy scores calculated by [`freq`](https://github.com/MarkBaggett/freq); a lower value will only assign severity scores to fewer domain names with higher entropy (e.g., `2.0` for `NQZHTFHRMYMTVBQJE.COM`), while a higher value will assign severity scores to more domain names with lower entropy (e.g., `7.5` for `naturallanguagedomain.example.org`) (default `2.0`) +* `LOGSTASH_OUI_LOOKUP` – if set to `true`, Logstash will map MAC addresses to vendors for all source and destination MAC addresses when analyzing Zeek logs (default `true`) +* `LOGSTASH_REVERSE_DNS` – if set to `true`, Logstash will perform a reverse DNS lookup for all external source and destination IP address values when analyzing Zeek logs (default `false`) +* `LOGSTASH_SEVERITY_SCORING` - if set to `true`, Logstash will perform [severity scoring](#Severity) when analyzing Zeek logs (default `true`) +* `MANAGE_PCAP_FILES` – if set to `true`, all PCAP files imported into Malcolm will be marked as available for deletion by Arkime if available storage space becomes too low (default `false`) +* `MAXMIND_GEOIP_DB_LICENSE_KEY` - Malcolm uses MaxMind's free GeoLite2 databases for GeoIP lookups. As of December 30, 2019, these databases are [no longer available](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/) for download via a public URL. Instead, they must be downloaded using a MaxMind license key (available without charge [from MaxMind](https://www.maxmind.com/en/geolite2/signup)). The license key can be specified here for GeoIP database downloads during build- and run-time. +* `OPENSEARCH_LOCAL` - if set to `true`, Malcolm will use its own internal [OpenSearch instance](#OpenSearchInstance) (default `true`) +* `OPENSEARCH_URL` - when using Malcolm's internal OpenSearch instance (i.e., `OPENSEARCH_LOCAL` is `true`) this should be `http://opensearch:9200`, otherwise this value specifies the primary remote instance URL in the format `protocol://host:port` (default `http://opensearch:9200`) +* `OPENSEARCH_SSL_CERTIFICATE_VERIFICATION` - if set to `true`, connections to the primary remote OpenSearch instance will require full TLS certificate validation (this may fail if using self-signed certificates) (default `false`) +* `OPENSEARCH_SECONDARY` - if set to `true`, Malcolm will forward logs to a secondary remote OpenSearch instance in addition to the primary (local or remote) OpenSearch instance (default `false`) +* `OPENSEARCH_SECONDARY_URL` - when forwarding to a secondary remote OpenSearch instance (i.e., `OPENSEARCH_SECONDARY` is `true`) this value specifies the secondary remote instance URL in the format `protocol://host:port` +* `OPENSEARCH_SECONDARY_SSL_CERTIFICATE_VERIFICATION` - if set to `true`, connections to the secondary remote OpenSearch instance will require full TLS certificate validation (this may fail if using self-signed certificates) (default `false`) +* `NETBOX_DISABLED` - if set to `true`, Malcolm will **not** start [NetBox](#NetBox) and manage a [NetBox](#NetBox) instance (default `true`) +* `NETBOX_CRON` - if set to `true`, network traffic metadata will periodically be queried and used to populate Malcolm's [NetBox](#NetBox) instance +* `NGINX_BASIC_AUTH` - if set to `true`, use [TLS-encrypted HTTP basic](#AuthBasicAccountManagement) authentication (default); if set to `false`, use [Lightweight Directory Access Protocol (LDAP)](#AuthLDAP) authentication +* `NGINX_LOG_ACCESS_AND_ERRORS` - if set to `true`, all access to Malcolm via its [web interfaces](#UserInterfaceURLs) will be logged to OpenSearch (default `false`) +* `NGINX_SSL` - if set to `true`, require HTTPS connections to Malcolm's `nginx-proxy` container (default); if set to `false`, use unencrypted HTTP connections (using unsecured HTTP connections is **NOT** recommended unless you are running Malcolm behind another reverse proxy like Traefik, Caddy, etc.) +* `PCAP_ENABLE_NETSNIFF` – if set to `true`, Malcolm will capture network traffic on the local network interface(s) indicated in `PCAP_IFACE` using [netsniff-ng](http://netsniff-ng.org/) +* `PCAP_ENABLE_TCPDUMP` – if set to `true`, Malcolm will capture network traffic on the local network interface(s) indicated in `PCAP_IFACE` using [tcpdump](https://www.tcpdump.org/); there is no reason to enable *both* `PCAP_ENABLE_NETSNIFF` and `PCAP_ENABLE_TCPDUMP` +* `PCAP_FILTER` – specifies a tcpdump-style filter expression for local packet capture; leave blank to capture all traffic +* `PCAP_IFACE` – used to specify the network interface(s) for local packet capture if `PCAP_ENABLE_NETSNIFF`, `PCAP_ENABLE_TCPDUMP`, `ZEEK_LIVE_CAPTURE` or `SURICATA_LIVE_CAPTURE` are enabled; for multiple interfaces, separate the interface names with a comma (e.g., `'enp0s25'` or `'enp10s0,enp11s0'`) +* `PCAP_IFACE_TWEAK` - if set to `true`, Malcolm will [use `ethtool`](shared/bin/nic-capture-setup.sh) to disable NIC hardware offloading features and adjust ring buffer sizes for capture interface(s); this should be `true` if the interface(s) are being used for capture only, `false` if they are being used for management/communication +* `PCAP_ROTATE_MEGABYTES` – used to specify how large a locally-captured PCAP file can become (in megabytes) before it is closed for processing and a new PCAP file created +* `PCAP_ROTATE_MINUTES` – used to specify a time interval (in minutes) after which a locally-captured PCAP file will be closed for processing and a new PCAP file created +* `pipeline.workers`, `pipeline.batch.size` and `pipeline.batch.delay` - these settings are used to tune the performance and resource utilization of the the `logstash` container; see [Tuning and Profiling Logstash Performance](https://www.elastic.co/guide/en/logstash/current/tuning-logstash.html), [`logstash.yml`](https://www.elastic.co/guide/en/logstash/current/logstash-settings-file.html) and [Multiple Pipelines](https://www.elastic.co/guide/en/logstash/current/multiple-pipelines.html) +* `PUID` and `PGID` - Docker runs all of its containers as the privileged `root` user by default. For better security, Malcolm immediately drops to non-privileged user accounts for executing internal processes wherever possible. The `PUID` (**p**rocess **u**ser **ID**) and `PGID` (**p**rocess **g**roup **ID**) environment variables allow Malcolm to map internal non-privileged user accounts to a corresponding [user account](https://en.wikipedia.org/wiki/User_identifier) on the host. +* `SENSITIVE_COUNTRY_CODES` - when [severity scoring](#Severity) is enabled, this variable defines a comma-separated list of sensitive countries (using [ISO 3166-1 alpha-2 codes](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Current_codes)) (default `'AM,AZ,BY,CN,CU,DZ,GE,HK,IL,IN,IQ,IR,KG,KP,KZ,LY,MD,MO,PK,RU,SD,SS,SY,TJ,TM,TW,UA,UZ'`, taken from the U.S. Department of Energy Sensitive Country List) +* `SURICATA_AUTO_ANALYZE_PCAP_FILES` – if set to `true`, all PCAP files imported into Malcolm will automatically be analyzed by Suricata, and the resulting logs will also be imported (default `false`) +* `SURICATA_AUTO_ANALYZE_PCAP_THREADS` – the number of threads available to Malcolm for analyzing Suricata logs (default `1`) +* `SURICATA_CUSTOM_RULES_ONLY` – if set to `true`, Malcolm will bypass the default [Suricata ruleset](https://github.com/OISF/suricata/tree/master/rules) and use only user-defined rules (`./suricata/rules/*.rules`). +* `SURICATA_UPDATE_RULES` – if set to `true`, Suricata signatures will periodically be updated (default `false`) +* `SURICATA_LIVE_CAPTURE` - if set to `true`, Suricata will monitor live traffic on the local interface(s) defined by `PCAP_FILTER` +* `SURICATA_ROTATED_PCAP` - if set to `true`, Suricata can analyze captured PCAP files captured by `netsniff-ng` or `tcpdump` (see `PCAP_ENABLE_NETSNIFF` and `PCAP_ENABLE_TCPDUMP`, as well as `SURICATA_AUTO_ANALYZE_PCAP_FILES`); if `SURICATA_LIVE_CAPTURE` is `true`, this should be false, otherwise Suricata will see duplicate traffic +* `SURICATA_…` - the [`suricata` container entrypoint script](shared/bin/suricata_config_populate.py) can use **many** more environment variables to tweak [suricata.yaml](https://github.com/OISF/suricata/blob/master/suricata.yaml.in); in that script, `DEFAULT_VARS` defines those variables (albeit without the `SURICATA_` prefix you must add to each for use) +* `TOTAL_MEGABYTES_SEVERITY_THRESHOLD` - when [severity scoring](#Severity) is enabled, this variable indicates the size threshold (in megabytes) for assigning severity to large connections or file transfers (default `1000`) +* `VTOT_API2_KEY` – used to specify a [VirusTotal Public API v.20](https://www.virustotal.com/en/documentation/public-api/) key, which, if specified, will be used to submit hashes of [Zeek-extracted files](#ZeekFileExtraction) to VirusTotal +* `ZEEK_AUTO_ANALYZE_PCAP_FILES` – if set to `true`, all PCAP files imported into Malcolm will automatically be analyzed by Zeek, and the resulting logs will also be imported (default `false`) +* `ZEEK_AUTO_ANALYZE_PCAP_THREADS` – the number of threads available to Malcolm for analyzing Zeek logs (default `1`) +* `ZEEK_DISABLE_…` - if set to any non-blank value, each of these variables can be used to disable a certain Zeek function when it analyzes PCAP files (for example, setting `ZEEK_DISABLE_LOG_PASSWORDS` to `true` to disable logging of cleartext passwords) +* `ZEEK_DISABLE_BEST_GUESS_ICS` - see ["Best Guess" Fingerprinting for ICS Protocols](#ICSBestGuess) +* `ZEEK_EXTRACTOR_MODE` – determines the file extraction behavior for file transfers detected by Zeek; see [Automatic file extraction and scanning](#ZeekFileExtraction) for more details +* `ZEEK_INTEL_FEED_SINCE` - when querying a [TAXII](#ZeekIntelSTIX) or [MISP](#ZeekIntelMISP) feed, only process threat indicators that have been created or modified since the time represented by this value; it may be either a fixed date/time (`01/01/2021`) or relative interval (`30 days ago`) +* `ZEEK_INTEL_ITEM_EXPIRATION` - specifies the value for Zeek's [`Intel::item_expiration`](https://docs.zeek.org/en/current/scripts/base/frameworks/intel/main.zeek.html#id-Intel::item_expiration) timeout as used by the [Zeek Intelligence Framework](#ZeekIntel) (default `-1min`, which disables item expiration) +* `ZEEK_INTEL_REFRESH_CRON_EXPRESSION` - specifies a [cron expression](https://en.wikipedia.org/wiki/Cron#CRON_expression) indicating the refresh interval for generating the [Zeek Intelligence Framework](#ZeekIntel) files (defaults to empty, which disables automatic refresh) +* `ZEEK_LIVE_CAPTURE` - if set to `true`, Zeek will monitor live traffic on the local interface(s) defined by `PCAP_FILTER` +* `ZEEK_ROTATED_PCAP` - if set to `true`, Zeek can analyze captured PCAP files captured by `netsniff-ng` or `tcpdump` (see `PCAP_ENABLE_NETSNIFF` and `PCAP_ENABLE_TCPDUMP`, as well as `ZEEK_AUTO_ANALYZE_PCAP_FILES`); if `ZEEK_LIVE_CAPTURE` is `true`, this should be false, otherwise Zeek will see duplicate traffic + +#### Linux host system configuration + +##### Installing Docker + +Docker installation instructions vary slightly by distribution. Please follow the links below to docker.com to find the instructions specific to your distribution: + +* [Ubuntu](https://docs.docker.com/install/linux/docker-ce/ubuntu/) +* [Debian](https://docs.docker.com/install/linux/docker-ce/debian/) +* [Fedora](https://docs.docker.com/install/linux/docker-ce/fedora/) +* [CentOS](https://docs.docker.com/install/linux/docker-ce/centos/) +* [Binaries](https://docs.docker.com/install/linux/docker-ce/binaries/) + +After installing Docker, because Malcolm should be run as a non-root user, add your user to the `docker` group with something like: +``` +$ sudo usermod -aG docker yourusername +``` + +Following this, either reboot or log out then log back in. + +Docker starts automatically on DEB-based distributions. On RPM-based distributions, you need to start it manually or enable it using the appropriate `systemctl` or `service` command(s). + +You can test docker by running `docker info`, or (assuming you have internet access), `docker run --rm hello-world`. + +##### Installing docker-compose + +Please follow [this link](https://docs.docker.com/compose/install/) on docker.com for instructions on installing docker-compose. + +##### Operating system configuration + +The host system (ie., the one running Docker) will need to be configured for the [best possible OpenSearch performance](https://www.elastic.co/guide/en/elasticsearch/reference/master/system-config.html). Here are a few suggestions for Linux hosts (these may vary from distribution to distribution): + +* Append the following lines to `/etc/sysctl.conf`: + +``` +# the maximum number of open file handles +fs.file-max=2097152 + +# increase maximums for inotify watches +fs.inotify.max_user_watches=131072 +fs.inotify.max_queued_events=131072 +fs.inotify.max_user_instances=512 + +# the maximum number of memory map areas a process may have +vm.max_map_count=262144 + +# decrease "swappiness" (swapping out runtime memory vs. dropping pages) +vm.swappiness=1 + +# the maximum number of incoming connections +net.core.somaxconn=65535 + +# the % of system memory fillable with "dirty" pages before flushing +vm.dirty_background_ratio=40 + +# maximum % of dirty system memory before committing everything +vm.dirty_ratio=80 +``` + +* Depending on your distribution, create **either** the file `/etc/security/limits.d/limits.conf` containing: + +``` +# the maximum number of open file handles +* soft nofile 65535 +* hard nofile 65535 +# do not limit the size of memory that can be locked +* soft memlock unlimited +* hard memlock unlimited +``` + +**OR** the file `/etc/systemd/system.conf.d/limits.conf` containing: + +``` +[Manager] +# the maximum number of open file handles +DefaultLimitNOFILE=65535:65535 +# do not limit the size of memory that can be locked +DefaultLimitMEMLOCK=infinity +``` + +* Change the readahead value for the disk where the OpenSearch data will be stored. There are a few ways to do this. For example, you could add this line to `/etc/rc.local` (replacing `/dev/sda` with your disk block descriptor): + +``` +# change disk read-adhead value (# of blocks) +blockdev --setra 512 /dev/sda +``` + +* Change the I/O scheduler to `deadline` or `noop`. Again, this can be done in a variety of ways. The simplest is to add `elevator=deadline` to the arguments in `GRUB_CMDLINE_LINUX` in `/etc/default/grub`, then running `sudo update-grub2` + +* If you are planning on using very large data sets, consider formatting the drive containing the `opensearch` volume as XFS. + +After making all of these changes, do a reboot for good measure! + +#### macOS host system configuration + +##### Automatic installation using `install.py` + +The `install.py` script will attempt to guide you through the installation of Docker and Docker Compose if they are not present. If that works for you, you can skip ahead to **Configure docker daemon option** in this section. + +##### Install Homebrew + +The easiest way to install and maintain docker on Mac is using the [Homebrew cask](https://brew.sh). Execute the following in a terminal. + +``` +$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" +$ brew install cask +$ brew tap homebrew/cask-versions +``` + +##### Install docker-edge + +``` +$ brew cask install docker-edge +``` +This will install the latest version of docker and docker-compose. It can be upgraded later using `brew` as well: +``` +$ brew cask upgrade --no-quarantine docker-edge +``` +You can now run docker from the Applications folder. + +##### Configure docker daemon option + +Some changes should be made for performance ([this link](http://markshust.com/2018/01/30/performance-tuning-docker-mac) gives a good succinct overview). + +* **Resource allocation** - For a good experience, you likely need at least a quad-core MacBook Pro with 16GB RAM and an SSD. I have run Malcolm on an older 2013 MacBook Pro with 8GB of RAM, but the more the better. Go in your system tray and select **Docker** → **Preferences** → **Advanced**. Set the resources available to docker to at least 4 CPUs and 8GB of RAM (>= 16GB is preferable). + +* **Volume mount performance** - You can speed up performance of volume mounts by removing unused paths from **Docker** → **Preferences** → **File Sharing**. For example, if you're only going to be mounting volumes under your home directory, you could share `/Users` but remove other paths. + +After making these changes, right click on the Docker 🐋 icon in the system tray and select **Restart**. + +#### Windows host system configuration + +#### Installing and configuring Docker Desktop for Windows + +Installing and configuring [Docker to run under Windows](https://docs.docker.com/desktop/windows/wsl/) must be done manually, rather than through the `install.py` script as is done for Linux and macOS. + +1. Be running Windows 10, version 1903 or higher +1. Prepare your system and [install WSL](https://docs.microsoft.com/en-us/windows/wsl/install) and a Linux distribution by running `wsl --install -d Debian` in PowerShell as Administrator (these instructions are tested with Debian, but may work with other distributions) +1. Install Docker Desktop for Windows either by downloading the installer from the [official Docker site](https://hub.docker.com/editions/community/docker-ce-desktop-windows) or installing it through [chocolatey](https://chocolatey.org/packages/docker-desktop). +1. Follow the [Docker Desktop WSL 2 backend](https://docs.docker.com/desktop/windows/wsl/) instructions to finish configuration and review best practices +1. Reboot +1. Open the WSL distribution's terminal and run run `docker info` to make sure Docker is running + +#### Finish Malcolm's configuration + +Once Docker is installed, configured and running as described in the previous section, run [`./scripts/install.py --configure`](#ConfigAndTuning) to finish configuration of the local Malcolm installation. Malcolm will be controlled and run from within your WSL distribution's terminal environment. \ No newline at end of file diff --git a/docs/protocols.md b/docs/protocols.md new file mode 100644 index 000000000..a6899d83e --- /dev/null +++ b/docs/protocols.md @@ -0,0 +1,64 @@ +## Supported Protocols + +Malcolm uses [Zeek](https://docs.zeek.org/en/stable/script-reference/proto-analyzers.html) and [Arkime](https://github.com/arkime/arkime/tree/master/capture/parsers) to analyze network traffic. These tools provide varying degrees of visibility into traffic transmitted over the following network protocols: + +| Traffic | Wiki | Organization/Specification | Arkime | Zeek | +|---|:---:|:---:|:---:|:---:| +|Internet layer|[🔗](https://en.wikipedia.org/wiki/Internet_layer)|[🔗](https://tools.ietf.org/html/rfc791)|[✓](https://github.com/arkime/arkime/blob/master/capture/packet.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/conn/main.zeek.html#type-Conn::Info)| +|Border Gateway Protocol (BGP)|[🔗](https://en.wikipedia.org/wiki/Border_Gateway_Protocol)|[🔗](https://tools.ietf.org/html/rfc2283)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/bgp.c)|| +|Building Automation and Control (BACnet)|[🔗](https://en.wikipedia.org/wiki/BACnet)|[🔗](http://www.bacnet.org/)||[✓](https://github.com/cisagov/icsnpp-bacnet)| +|Bristol Standard Asynchronous Protocol (BSAP)|[🔗](https://en.wikipedia.org/wiki/Bristol_Standard_Asynchronous_Protocol)|[🔗](http://www.documentation.emersonprocess.com/groups/public/documents/specification_sheets/d301321x012.pdf)[🔗](http://www.documentation.emersonprocess.com/groups/public/documents/instruction_manuals/d301401x012.pdf)||[✓](https://github.com/cisagov/icsnpp-bsap)| +|Distributed Computing Environment / Remote Procedure Calls (DCE/RPC)|[🔗](https://en.wikipedia.org/wiki/DCE/RPC)|[🔗](https://pubs.opengroup.org/onlinepubs/009629399/toc.pdf)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/dce-rpc/main.zeek.html#type-DCE_RPC::Info)| +|Dynamic Host Configuration Protocol (DHCP)|[🔗](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol)|[🔗](https://tools.ietf.org/html/rfc2131)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/dhcp.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/dhcp/main.zeek.html#type-DHCP::Info)| +|Distributed Network Protocol 3 (DNP3)|[🔗](https://en.wikipedia.org/wiki/DNP3)|[🔗](https://www.dnp.org)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/dnp3/main.zeek.html#type-DNP3::Info)[✓](https://github.com/cisagov/icsnpp-dnp3)| +|Domain Name System (DNS)|[🔗](https://en.wikipedia.org/wiki/Domain_Name_System)|[🔗](https://tools.ietf.org/html/rfc1035)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/dns.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/dns/main.zeek.html#type-DNS::Info)| +|EtherCAT|[🔗](https://en.wikipedia.org/wiki/EtherCAT)|[🔗](https://www.ethercat.org/en/downloads/downloads_A02E436C7A97479F9261FDFA8A6D71E5.htm)||[✓](https://github.com/cisagov/icsnpp-ethercat)| +|EtherNet/IP / Common Industrial Protocol (CIP)|[🔗](https://en.wikipedia.org/wiki/EtherNet/IP) [🔗](https://en.wikipedia.org/wiki/Common_Industrial_Protocol)|[🔗](https://www.odva.org/Technology-Standards/EtherNet-IP/Overview)||[✓](https://github.com/cisagov/icsnpp-enip)| +|FTP (File Transfer Protocol)|[🔗](https://en.wikipedia.org/wiki/File_Transfer_Protocol)|[🔗](https://tools.ietf.org/html/rfc959)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/ftp/info.zeek.html#type-FTP::Info)| +|GENISYS||[🔗](https://manualzz.com/doc/6363274/genisys-2000---ansaldo-sts---product-support#93)[🔗](https://gitlab.com/wireshark/wireshark/-/issues/3422)||[✓](https://github.com/cisagov/icsnpp-genisys)| +|Google Quick UDP Internet Connections (gQUIC)|[🔗](https://en.wikipedia.org/wiki/QUIC#Google_QUIC_(gQUIC))|[🔗](https://www.chromium.org/quic)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/quic.c)|[✓](https://github.com/salesforce/GQUIC_Protocol_Analyzer/blob/master/scripts/Salesforce/GQUIC/main.bro)| +|Hypertext Transfer Protocol (HTTP)|[🔗](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol)|[🔗](https://tools.ietf.org/html/rfc7230)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/http.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/http/main.zeek.html#type-HTTP::Info)| +|IPsec|[🔗](https://en.wikipedia.org/wiki/IPsec)|[🔗](https://zeek.org/2021/04/20/zeeks-ipsec-protocol-analyzer/)||[✓](https://github.com/corelight/zeek-spicy-ipsec)| +|Internet Relay Chat (IRC)|[🔗](https://en.wikipedia.org/wiki/Internet_Relay_Chat)|[🔗](https://tools.ietf.org/html/rfc1459)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/irc.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/irc/main.zeek.html#type-IRC::Info)| +|Lightweight Directory Access Protocol (LDAP)|[🔗](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol)|[🔗](https://tools.ietf.org/html/rfc4511)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/ldap.c)|[✓](https://github.com/zeek/spicy-ldap)| +|Kerberos|[🔗](https://en.wikipedia.org/wiki/Kerberos_(protocol))|[🔗](https://tools.ietf.org/html/rfc4120)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/krb5.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/krb/main.zeek.html#type-KRB::Info)| +|Modbus|[🔗](https://en.wikipedia.org/wiki/Modbus)|[🔗](http://www.modbus.org/)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/modbus/main.zeek.html#type-Modbus::Info)[✓](https://github.com/cisagov/icsnpp-modbus)| +|MQ Telemetry Transport (MQTT)|[🔗](https://en.wikipedia.org/wiki/MQTT)|[🔗](https://mqtt.org/)||[✓](https://docs.zeek.org/en/stable/scripts/policy/protocols/mqtt/main.zeek.html)| +|MySQL|[🔗](https://en.wikipedia.org/wiki/MySQL)|[🔗](https://dev.mysql.com/doc/internals/en/client-server-protocol.html)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/mysql.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/mysql/main.zeek.html#type-MySQL::Info)| +|NT Lan Manager (NTLM)|[🔗](https://en.wikipedia.org/wiki/NT_LAN_Manager)|[🔗](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b38c36ed-2804-4868-a9ff-8dd3182128e4?redirectedfrom=MSDN)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/ntlm/main.zeek.html#type-NTLM::Info)| +|Network Time Protocol (NTP)|[🔗](https://en.wikipedia.org/wiki/Network_Time_Protocol)|[🔗](http://www.ntp.org)||[✓](https://docs.zeek.org/en/latest/scripts/base/protocols/ntp/main.zeek.html#type-NTP::Info)| +|Oracle|[🔗](https://en.wikipedia.org/wiki/Oracle_Net_Services)|[🔗](https://docs.oracle.com/cd/E11882_01/network.112/e41945/layers.htm#NETAG004)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/oracle.c)|| +|Open Platform Communications Unified Architecture (OPC UA) Binary|[🔗](https://en.wikipedia.org/wiki/OPC_Unified_Architecture)|[🔗](https://opcfoundation.org/developer-tools/specifications-unified-architecture)||[✓](https://github.com/cisagov/icsnpp-opcua-binary)| +|Open Shortest Path First (OSPF)|[🔗](https://en.wikipedia.org/wiki/Open_Shortest_Path_First)|[🔗](https://datatracker.ietf.org/wg/ospf/charter/)[🔗](https://datatracker.ietf.org/doc/html/rfc2328)[🔗](https://datatracker.ietf.org/doc/html/rfc5340)||[✓](https://github.com/corelight/zeek-spicy-ospf)| +|OpenVPN|[🔗](https://en.wikipedia.org/wiki/OpenVPN)|[🔗](https://openvpn.net/community-resources/openvpn-protocol/)[🔗](https://zeek.org/2021/03/16/a-zeek-openvpn-protocol-analyzer/)||[✓](https://github.com/corelight/zeek-spicy-openvpn)| +|PostgreSQL|[🔗](https://en.wikipedia.org/wiki/PostgreSQL)|[🔗](https://www.postgresql.org/)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/postgresql.c)|| +|Process Field Net (PROFINET)|[🔗](https://en.wikipedia.org/wiki/PROFINET)|[🔗](https://us.profinet.com/technology/profinet/)||[✓](https://github.com/amzn/zeek-plugin-profinet/blob/master/scripts/main.zeek)| +|Remote Authentication Dial-In User Service (RADIUS)|[🔗](https://en.wikipedia.org/wiki/RADIUS)|[🔗](https://tools.ietf.org/html/rfc2865)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/radius.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/radius/main.zeek.html#type-RADIUS::Info)| +|Remote Desktop Protocol (RDP)|[🔗](https://en.wikipedia.org/wiki/Remote_Desktop_Protocol)|[🔗](https://docs.microsoft.com/en-us/windows/win32/termserv/remote-desktop-protocol?redirectedfrom=MSDN)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/rdp/main.zeek.html#type-RDP::Info)| +|Remote Framebuffer (RFB)|[🔗](https://en.wikipedia.org/wiki/RFB_protocol)|[🔗](https://tools.ietf.org/html/rfc6143)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/rfb/main.zeek.html#type-RFB::Info)| +|S7comm / Connection Oriented Transport Protocol (COTP)|[🔗](https://wiki.wireshark.org/S7comm) [🔗](https://wiki.wireshark.org/COTP)|[🔗](https://support.industry.siemens.com/cs/document/26483647/what-properties-advantages-and-special-features-does-the-s7-protocol-offer-?dti=0&lc=en-WW) [🔗](https://www.ietf.org/rfc/rfc0905.txt)||[✓](https://github.com/cisagov/icsnpp-s7comm)| +|Secure Shell (SSH)|[🔗](https://en.wikipedia.org/wiki/Secure_Shell)|[🔗](https://tools.ietf.org/html/rfc4253)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/ssh.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/ssh/main.zeek.html#type-SSH::Info)| +|Secure Sockets Layer (SSL) / Transport Layer Security (TLS)|[🔗](https://en.wikipedia.org/wiki/Transport_Layer_Security)|[🔗](https://tools.ietf.org/html/rfc5246)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/socks.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/ssl/main.zeek.html#type-SSL::Info)| +|Session Initiation Protocol (SIP)|[🔗](https://en.wikipedia.org/wiki/Session_Initiation_Protocol)|[🔗](https://tools.ietf.org/html/rfc3261)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/sip/main.zeek.html#type-SIP::Info)| +|Server Message Block (SMB) / Common Internet File System (CIFS)|[🔗](https://en.wikipedia.org/wiki/Server_Message_Block)|[🔗](https://docs.microsoft.com/en-us/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/smb.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html)| +|Simple Mail Transfer Protocol (SMTP)|[🔗](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol)|[🔗](https://tools.ietf.org/html/rfc5321)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/smtp.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/smtp/main.zeek.html#type-SMTP::Info)| +|Simple Network Management Protocol (SNMP)|[🔗](https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol)|[🔗](https://tools.ietf.org/html/rfc2578)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/smtp.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/snmp/main.zeek.html#type-SNMP::Info)| +|SOCKS|[🔗](https://en.wikipedia.org/wiki/SOCKS)|[🔗](https://tools.ietf.org/html/rfc1928)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/socks.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/socks/main.zeek.html#type-SOCKS::Info)| +|STUN (Session Traversal Utilities for NAT)|[🔗](https://en.wikipedia.org/wiki/STUN)|[🔗](https://datatracker.ietf.org/doc/html/rfc3489)|[✓](https://github.com/arkime/arkime/blob/main/capture/parsers/misc.c#L147)|[✓](https://github.com/corelight/zeek-spicy-stun)| +|Syslog|[🔗](https://en.wikipedia.org/wiki/Syslog)|[🔗](https://tools.ietf.org/html/rfc5424)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/tls.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/syslog/main.zeek.html#type-Syslog::Info)| +|Tabular Data Stream (TDS)|[🔗](https://en.wikipedia.org/wiki/Tabular_Data_Stream)|[🔗](https://www.freetds.org/tds.html) [🔗](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-tds/b46a581a-39de-4745-b076-ec4dbb7d13ec)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/tds.c)|[✓](https://github.com/amzn/zeek-plugin-tds/blob/master/scripts/main.zeek)| +|Telnet / remote shell (rsh) / remote login (rlogin)|[🔗](https://en.wikipedia.org/wiki/Telnet)[🔗](https://en.wikipedia.org/wiki/Berkeley_r-commands)|[🔗](https://tools.ietf.org/html/rfc854)[🔗](https://tools.ietf.org/html/rfc1282)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/misc.c#L336)|[✓](https://docs.zeek.org/en/current/scripts/base/bif/plugins/Zeek_Login.events.bif.zeek.html)[❋](https://github.com/idaholab/Malcolm/blob/main/zeek/config/login.zeek)| +|TFTP (Trivial File Transfer Protocol)|[🔗](https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol)|[🔗](https://tools.ietf.org/html/rfc1350)||[✓](https://github.com/zeek/spicy-analyzers/blob/main/analyzer/protocol/tftp/tftp.zeek)| +|WireGuard|[🔗](https://en.wikipedia.org/wiki/WireGuard)|[🔗](https://www.wireguard.com/protocol/)[🔗](https://www.wireguard.com/papers/wireguard.pdf)||[✓](https://github.com/corelight/zeek-spicy-wireguard)| +|various tunnel protocols (e.g., GTP, GRE, Teredo, AYIYA, IP-in-IP, etc.)|[🔗](https://en.wikipedia.org/wiki/Tunneling_protocol)||[✓](https://github.com/arkime/arkime/blob/master/capture/packet.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/frameworks/tunnels/main.zeek.html#type-Tunnel::Info)| + +Additionally, Zeek is able to detect and, where possible, log the type, vendor and version of [various](https://docs.zeek.org/en/stable/scripts/base/frameworks/software/main.zeek.html#type-Software::Type) other [software protocols](https://en.wikipedia.org/wiki/Application_layer). + +As part of its network traffic analysis, Zeek can extract and analyze files transferred across the protocols it understands. In addition to generating logs for transferred files, deeper analysis is done into the following file types: + +* [Portable executable](https://docs.zeek.org/en/stable/scripts/base/files/pe/main.zeek.html#type-PE::Info) files +* [X.509](https://docs.zeek.org/en/stable/scripts/base/files/x509/main.zeek.html#type-X509::Info) certificates + +See [automatic file extraction and scanning](#ZeekFileExtraction) for additional features related to file scanning. + +See [Zeek log integration](#ArkimeZeek) for more information on how Malcolm integrates [Arkime sessions and Zeek logs](#ZeekArkimeFlowCorrelation) for analysis. \ No newline at end of file diff --git a/docs/queries-cheat-sheet.md b/docs/queries-cheat-sheet.md new file mode 100644 index 000000000..eae198894 --- /dev/null +++ b/docs/queries-cheat-sheet.md @@ -0,0 +1,74 @@ +## Search Queries in Arkime and OpenSearch Dashboards + +OpenSearch Dashboards supports two query syntaxes: the legacy [Lucene](https://www.elastic.co/guide/en/kibana/current/lucene-query.html) syntax and [Dashboards Query Language (DQL)](https://opensearch.org/docs/1.2/dashboards/dql/), both of which are somewhat different than Arkime's query syntax (see the help at [https://localhost/help#search](https://localhost/help#search) if you are connecting locally). The Arkime interface is for searching and visualizing both Arkime sessions and Zeek logs. The prebuilt dashboards in the OpenSearch Dashboards interface are for searching and visualizing Zeek logs, but will not include Arkime sessions. Here are some common patterns used in building search query strings for Arkime and OpenSearch Dashboards, respectively. See the links provided for further documentation. + +| | [Arkime Search String](https://localhost/help#search) | [OpenSearch Dashboards Search String (Lucene)](https://www.elastic.co/guide/en/kibana/current/lucene-query.html) | [OpenSearch Dashboards Search String (DQL)](https://www.elastic.co/guide/en/kibana/current/kuery-query.html)| +|---|:---:|:---:|:---:| +| Field exists |`event.dataset == EXISTS!`|`_exists_:event.dataset`|`event.dataset:*`| +| Field does not exist |`event.dataset != EXISTS!`|`NOT _exists_:event.dataset`|`NOT event.dataset:*`| +| Field matches a value |`port.dst == 22`|`destination.port:22`|`destination.port:22`| +| Field does not match a value |`port.dst != 22`|`NOT destination.port:22`|`NOT destination.port:22`| +| Field matches at least one of a list of values |`tags == [foo, bar]`|`tags:(foo OR bar)`|`tags:(foo or bar)`| +| Field range (inclusive) |`http.statuscode >= 200 && http.statuscode <= 300`|`http.statuscode:[200 TO 300]`|`http.statuscode >= 200 and http.statuscode <= 300`| +| Field range (exclusive) |`http.statuscode > 200 && http.statuscode < 300`|`http.statuscode:{200 TO 300}`|`http.statuscode > 200 and http.statuscode < 300`| +| Field range (mixed exclusivity) |`http.statuscode >= 200 && http.statuscode < 300`|`http.statuscode:[200 TO 300}`|`http.statuscode >= 200 and http.statuscode < 300`| +| Match all search terms (AND) |`(tags == [foo, bar]) && (http.statuscode == 401)`|`tags:(foo OR bar) AND http.statuscode:401`|`tags:(foo or bar) and http.statuscode:401`| +| Match any search terms (OR) |`(zeek.ftp.password == EXISTS!) || (zeek.http.password == EXISTS!) || (related.user == "anonymous")`|`_exists_:zeek.ftp.password OR _exists_:zeek.http.password OR related.user:"anonymous"`|`zeek.ftp.password:* or zeek.http.password:* or related.user:"anonymous"`| +| Global string search (anywhere in the document) |all Arkime search expressions are field-based|`microsoft`|`microsoft`| +| Wildcards|`host.dns == "*micro?oft*"` (`?` for single character, `*` for any characters)|`dns.host:*micro?oft*` (`?` for single character, `*` for any characters)|`dns.host:*micro*ft*` (`*` for any characters)| +| Regex |`host.http == /.*www\.f.*k\.com.*/`|`zeek.http.host:/.*www\.f.*k\.com.*/`|DQL does not support regex| +| IPv4 values |`ip == 0.0.0.0/0`|`source.ip:"0.0.0.0/0" OR destination.ip:"0.0.0.0/0"`|`source.ip:"0.0.0.0/0" OR destination.ip:"0.0.0.0/0"`| +| IPv6 values |`(ip.src == EXISTS! || ip.dst == EXISTS!) && (ip != 0.0.0.0/0)`|`(_exists_:source.ip AND NOT source.ip:"0.0.0.0/0") OR (_exists_:destination.ip AND NOT destination.ip:"0.0.0.0/0")`|`(source.ip:* and not source.ip:"0.0.0.0/0") or (destination.ip:* and not destination.ip:"0.0.0.0/0")`| +| GeoIP information available |`country == EXISTS!`|`_exists_:destination.geo OR _exists_:source.geo`|`destination.geo:* or source.geo:*`| +| Zeek log type |`event.dataset == notice`|`event.dataset:notice`|`event.dataset:notice`| +| IP CIDR Subnets |`ip.src == 172.16.0.0/12`|`source.ip:"172.16.0.0/12"`|`source.ip:"172.16.0.0/12"`| +| Search time frame |Use Arkime time bounding controls under the search bar|Use OpenSearch Dashboards time range controls in the upper right-hand corner|Use OpenSearch Dashboards time range controls in the upper right-hand corner| + +When building complex queries, it is **strongly recommended** that you enclose search terms and expressions in parentheses to control order of operations. + +As Zeek logs are ingested, Malcolm parses and normalizes the logs' fields to match Arkime's underlying OpenSearch schema. A complete list of these fields can be found in the Arkime help (accessible at [https://localhost/help#fields](https://localhost/help#fields) if you are connecting locally). + +Whenever possible, Zeek fields are mapped to existing corresponding Arkime fields: for example, the `orig_h` field in Zeek is mapped to Arkime's `source.ip` field. The original Zeek fields are also left intact. To complicate the issue, the Arkime interface uses its own aliases to reference those fields: the source IP field is referenced as `ip.src` (Arkime's alias) in Arkime and `source.ip` or `source.ip` in OpenSearch Dashboards. + +The table below shows the mapping of some of these fields. + +| Field Description |Arkime Field Alias(es)|Arkime-mapped Zeek Field(s)|Zeek Field(s)| +|---|:---:|:---:|:---:| +| [Community ID](https://github.com/corelight/community-id-spec) Flow Hash ||`network.community_id`|`network.community_id`| +| Destination IP |`ip.dst`|`destination.ip`|`destination.ip`| +| Destination MAC |`mac.dst`|`destination.mac`|`destination.mac`| +| Destination Port |`port.dst`|`destination.port`|`destination.port`| +| Duration |`session.length`|`length`|`zeek.conn.duration`| +| First Packet Time |`starttime`|`firstPacket`|`zeek.ts`, `@timestamp`| +| IP Protocol |`ip.protocol`|`ipProtocol`|`network.transport`| +| Last Packet Time |`stoptime`|`lastPacket`|| +| MIME Type |`email.bodymagic`, `http.bodymagic`|`http.bodyMagic`|`file.mime_type`, `zeek.files.mime_type`, `zeek.ftp.mime_type`, `zeek.http.orig_mime_types`, `zeek.http.resp_mime_types`, `zeek.irc.dcc_mime_type`| +| Protocol/Service |`protocols`|`protocol`|`network.transport`, `network.protocol`| +| Request Bytes |`databytes.src`, `bytes.src`|`source.bytes`, `client.bytes`|`zeek.conn.orig_bytes`, `zeek.conn.orig_ip_bytes`| +| Request Packets |`packets.src`|`source.packets`|`zeek.conn.orig_pkts`| +| Response Bytes |`databytes.dst`, `bytes.dst`|`destination.bytes`, `server.bytes`|`zeek.conn.resp_bytes`, `zeek.conn.resp_ip_bytes`| +| Response Packets |`packets.dst`|`destination.packets`|`zeek.con.resp_pkts`| +| Source IP |`ip.src`|`source.ip`|`source.ip`| +| Source MAC |`mac.src`|`source.mac`|`source.mac`| +| Source Port |`port.src`|`source.port`|`source.port`| +| Total Bytes |`databytes`, `bytes`|`totDataBytes`, `network.bytes`|| +| Total Packets |`packets`|`network.packets`|| +| Username |`user`|`user`|`related.user`| +| Zeek Connection UID|||`zeek.uid`, `event.id`| +| Zeek File UID |||`zeek.fuid`, `event.id`| +| Zeek Log Type |||`event.dataset`| + +In addition to the fields listed above, Arkime provides several special field aliases for matching any field of a particular type. While these aliases do not exist in OpenSearch Dashboards *per se*, they can be approximated as illustrated below. + +| Matches Any | Arkime Special Field Example | OpenSearch Dashboards/Zeek Equivalent Example | +|---|:---:|:---:| +| IP Address | `ip == 192.168.0.1` | `source.ip:192.168.0.1 OR destination.ip:192.168.0.1` | +| Port | `port == [80, 443, 8080, 8443]` | `source.port:(80 OR 443 OR 8080 OR 8443) OR destination.port:(80 OR 443 OR 8080 OR 8443)` | +| Country (code) | `country == [RU,CN]` | `destination.geo.country_code2:(RU OR CN) OR source.geo.country_code2:(RU OR CN) OR dns.GEO:(RU OR CN)` | +| Country (name) | | `destination.geo.country_name:(Russia OR China) OR source.geo.country_name:(Russia OR China)` | +| ASN | `asn == "*Mozilla*"` | `source.as.full:*Mozilla* OR destination.as.full:*Mozilla* OR dns.ASN:*Mozilla*` | +| Host | `host == www.microsoft.com` | `zeek.http.host:www.microsoft.com (or zeek.dhcp.host_name, zeek.dns.host, zeek.ntlm.host, smb.host, etc.)` | +| Protocol (layers >= 4) | `protocols == tls` | `protocol:tls` | +| User | `user == EXISTS! && user != anonymous` | `_exists_:user AND (NOT user:anonymous)` | + +For details on how to filter both Zeek logs and Arkime session records for a particular connection, see [Correlating Zeek logs and Arkime sessions](#ZeekArkimeFlowCorrelation). \ No newline at end of file diff --git a/docs/Malcolm Network Traffic Analysis Quick Start Guide.odt b/docs/quick-start/Malcolm Network Traffic Analysis Quick Start Guide.odt similarity index 100% rename from docs/Malcolm Network Traffic Analysis Quick Start Guide.odt rename to docs/quick-start/Malcolm Network Traffic Analysis Quick Start Guide.odt diff --git a/docs/Malcolm Network Traffic Analysis Quick Start Guide.pdf b/docs/quick-start/Malcolm Network Traffic Analysis Quick Start Guide.pdf similarity index 100% rename from docs/Malcolm Network Traffic Analysis Quick Start Guide.pdf rename to docs/quick-start/Malcolm Network Traffic Analysis Quick Start Guide.pdf diff --git a/docs/quickstart.md b/docs/quickstart.md new file mode 100644 index 000000000..2216b0d47 --- /dev/null +++ b/docs/quickstart.md @@ -0,0 +1,93 @@ +## Quick start + +### Getting Malcolm + +For a `TL;DR` example of downloading, configuring, and running Malcolm on a Linux platform, see [Installation example using Ubuntu 22.04 LTS](#InstallationExample). + +The scripts to control Malcolm require Python 3. The [`install.py`](#ConfigAndTuning) script requires the [requests](https://docs.python-requests.org/en/latest/) module for Python 3, and will make use of the [pythondialog](https://pythondialog.sourceforge.io/) module for user interaction (on Linux) if it is available. + +#### Source code + +The files required to build and run Malcolm are available on its [GitHub page](https://github.com/idaholab/Malcolm/tree/main). Malcolm's source code is released under the terms of a permissive open source software license (see see `License.txt` for the terms of its release). + +#### Building Malcolm from scratch + +The `build.sh` script can build Malcolm's Docker images from scratch. See [Building from source](#Build) for more information. + +#### Initial configuration + +You must run [`auth_setup`](#AuthSetup) prior to pulling Malcolm's Docker images. You should also ensure your system configuration and `docker-compose.yml` settings are tuned by running `./scripts/install.py` or `./scripts/install.py --configure` (see [System configuration and tuning](#ConfigAndTuning)). + +#### Pull Malcolm's Docker images + +Malcolm's Docker images are periodically built and hosted on [Docker Hub](https://hub.docker.com/u/malcolmnetsec). If you already have [Docker](https://www.docker.com/) and [Docker Compose](https://docs.docker.com/compose/), these prebuilt images can be pulled by navigating into the Malcolm directory (containing the `docker-compose.yml` file) and running `docker-compose pull` like this: +``` +$ docker-compose pull +Pulling api ... done +Pulling arkime ... done +Pulling dashboards ... done +Pulling dashboards-helper ... done +Pulling file-monitor ... done +Pulling filebeat ... done +Pulling freq ... done +Pulling htadmin ... done +Pulling logstash ... done +Pulling name-map-ui ... done +Pulling netbox ... done +Pulling netbox-postgresql ... done +Pulling netbox-redis ... done +Pulling nginx-proxy ... done +Pulling opensearch ... done +Pulling pcap-capture ... done +Pulling pcap-monitor ... done +Pulling suricata ... done +Pulling upload ... done +Pulling zeek ... done +``` + +You can then observe that the images have been retrieved by running `docker images`: +``` +$ docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +malcolmnetsec/api 6.4.0 xxxxxxxxxxxx 3 days ago 158MB +malcolmnetsec/arkime 6.4.0 xxxxxxxxxxxx 3 days ago 816MB +malcolmnetsec/dashboards 6.4.0 xxxxxxxxxxxx 3 days ago 1.02GB +malcolmnetsec/dashboards-helper 6.4.0 xxxxxxxxxxxx 3 days ago 184MB +malcolmnetsec/file-monitor 6.4.0 xxxxxxxxxxxx 3 days ago 588MB +malcolmnetsec/file-upload 6.4.0 xxxxxxxxxxxx 3 days ago 259MB +malcolmnetsec/filebeat-oss 6.4.0 xxxxxxxxxxxx 3 days ago 624MB +malcolmnetsec/freq 6.4.0 xxxxxxxxxxxx 3 days ago 132MB +malcolmnetsec/htadmin 6.4.0 xxxxxxxxxxxx 3 days ago 242MB +malcolmnetsec/logstash-oss 6.4.0 xxxxxxxxxxxx 3 days ago 1.35GB +malcolmnetsec/name-map-ui 6.4.0 xxxxxxxxxxxx 3 days ago 143MB +malcolmnetsec/netbox 6.4.0 xxxxxxxxxxxx 3 days ago 1.01GB +malcolmnetsec/nginx-proxy 6.4.0 xxxxxxxxxxxx 3 days ago 121MB +malcolmnetsec/opensearch 6.4.0 xxxxxxxxxxxx 3 days ago 1.17GB +malcolmnetsec/pcap-capture 6.4.0 xxxxxxxxxxxx 3 days ago 121MB +malcolmnetsec/pcap-monitor 6.4.0 xxxxxxxxxxxx 3 days ago 213MB +malcolmnetsec/postgresql 6.4.0 xxxxxxxxxxxx 3 days ago 268MB +malcolmnetsec/redis 6.4.0 xxxxxxxxxxxx 3 days ago 34.2MB +malcolmnetsec/suricata 6.4.0 xxxxxxxxxxxx 3 days ago 278MB +malcolmnetsec/zeek 6.4.0 xxxxxxxxxxxx 3 days ago 1GB +``` + +#### Import from pre-packaged tarballs + +Once built, the `malcolm_appliance_packager.sh` script can be used to create pre-packaged Malcolm tarballs for import on another machine. See [Pre-Packaged Installation Files](#Packager) for more information. + +### Starting and stopping Malcolm + +Use the scripts in the `scripts/` directory to start and stop Malcolm, view debug logs of a currently running +instance, wipe the database and restore Malcolm to a fresh state, etc. + +### User interface + +A few minutes after starting Malcolm (probably 5 to 10 minutes for Logstash to be completely up, depending on the system), the following services will be accessible: + +* [Arkime](https://arkime.com/): [https://localhost:443](https://localhost:443) +* [OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/): [https://localhost/dashboards/](https://localhost/dashboards/) or [https://localhost:5601](https://localhost:5601) +* [Capture File and Log Archive Upload (Web)](#Upload): [https://localhost/upload/](https://localhost/upload/) +* [Capture File and Log Archive Upload (SFTP)](#Upload): `sftp://@127.0.0.1:8022/files` +* [Host and Subnet Name Mapping](#HostAndSubnetNaming) Editor: [https://localhost/name-map-ui/](https://localhost/name-map-ui/) +* [NetBox](#NetBox): [https://localhost/netbox/](https://localhost/netbox/) +* [Account Management](#AuthBasicAccountManagement): [https://localhost:488](https://localhost:488) \ No newline at end of file diff --git a/docs/running.md b/docs/running.md new file mode 100644 index 000000000..af0867660 --- /dev/null +++ b/docs/running.md @@ -0,0 +1,222 @@ +## Running Malcolm + +### OpenSearch instances + +Malcolm's default standalone configuration is to use a local [OpenSearch](https://opensearch.org/) instance in a Docker container to index and search network traffic metadata. OpenSearch can also run as a [cluster](https://opensearch.org/docs/latest/opensearch/cluster/) with instances distributed across multiple nodes with dedicated [roles](https://opensearch.org/docs/latest/opensearch/cluster/#nodes) like cluster manager, data node, ingest node, etc. + +As the permutations of OpenSearch cluster configurations are numerous, it is beyond Malcolm's scope to set up multi-node clusters. However, Malcolm can be configured to use a remote OpenSearch cluster rather than its own internal instance. + +The `OPENSEARCH_…` [environment variables in `docker-compose.yml`](#DockerComposeYml) control whether Malcolm uses its own local OpenSearch instance or a remote OpenSearch instance as its primary data store. The configuration portion of Malcolm install script ([`./scripts/install.py --configure`](#ConfigAndTuning)) can help you configure these options. + +For example, to use the default standalone configuration, answer `Y` when prompted `Should Malcolm use and maintain its own OpenSearch instance?`. + +Or, to use a remote OpenSearch cluster: + +``` +… +Should Malcolm use and maintain its own OpenSearch instance? (Y/n): n + +Enter primary remote OpenSearch connection URL (e.g., https://192.168.1.123:9200): https://192.168.1.123:9200 + +Require SSL certificate validation for communication with primary OpenSearch instance? (y/N): n + +You must run auth_setup after install.py to store OpenSearch connection credentials. +… +``` + +Whether the primary OpenSearch instance is a locally maintained single-node instance or is a remote cluster, Malcolm can be configured additionally forward logs to a secondary remote OpenSearch instance. The `OPENSEARCH_SECONDARY_…` [environment variables in `docker-compose.yml`](#DockerComposeYml) control this behavior. Configuration of a remote secondary OpenSearch instance is similar to that of a remote primary OpenSearch instance: + + +``` +… +Forward Logstash logs to a secondary remote OpenSearch instance? (y/N): y + +Enter secondary remote OpenSearch connection URL (e.g., https://192.168.1.123:9200): https://192.168.1.124:9200 + +Require SSL certificate validation for communication with secondary OpenSearch instance? (y/N): n + +You must run auth_setup after install.py to store OpenSearch connection credentials. +… +``` + +#### Authentication and authorization for remote OpenSearch clusters + +In addition to setting the environment variables in [`docker-compose.yml`](#DockerComposeYml) as described above, you must provide Malcolm with credentials for it to be able to communicate with remote OpenSearch instances. These credentials are stored in the Malcolm installation directory as `.opensearch.primary.curlrc` and `.opensearch.secondary.curlrc` for the primary and secondary OpenSearch connections, respectively, and are bind mounted into the Docker containers which need to communicate with OpenSearch. These [cURL-formatted](https://everything.curl.dev/cmdline/configfile) config files can be generated for you by the [`auth_setup`](#AuthSetup) script as illustrated: + +``` +$ ./scripts/auth_setup + +… + +Store username/password for primary remote OpenSearch instance? (y/N): y + +OpenSearch username: servicedb +servicedb password: +servicedb password (again): + +Require SSL certificate validation for OpenSearch communication? (Y/n): n + +Store username/password for secondary remote OpenSearch instance? (y/N): y + +OpenSearch username: remotedb +remotedb password: +remotedb password (again): + +Require SSL certificate validation for OpenSearch communication? (Y/n): n + +… +``` + +These files are created with permissions such that only the user account running Malcolm can access them: + +``` +$ ls -la .opensearch.*.curlrc +-rw------- 1 user user 36 Aug 22 14:17 .opensearch.primary.curlrc +-rw------- 1 user user 35 Aug 22 14:18 .opensearch.secondary.curlrc +``` + +One caveat with Malcolm using a remote OpenSearch cluster as its primary document store is that the accounts used to access Malcolm's [web interfaces](#UserInterfaceURLs), particularly [OpenSearch Dashboards](#Dashboards), are in some instance passed directly through to OpenSearch itself. For this reason, both Malcolm and the remote primary OpenSearch instance must have the same account information. The easiest way to accomplish this is to use an Active Directory/LDAP server that both [Malcolm](#AuthLDAP) and [OpenSearch](https://opensearch.org/docs/latest/security-plugin/configuration/ldap/) use as a common authentication backend. + +See the OpenSearch documentation on [access control](https://opensearch.org/docs/latest/security-plugin/access-control/index/) for more information. + +### Configure authentication + +Malcolm requires authentication to access the [user interface](#UserInterfaceURLs). [Nginx](https://nginx.org/) can authenticate users with either local TLS-encrypted HTTP basic authentication or using a remote Lightweight Directory Access Protocol (LDAP) authentication server. + +With the local basic authentication method, user accounts are managed by Malcolm and can be created, modified, and deleted using a [user management web interface](#AccountManagement). This method is suitable in instances where accounts and credentials do not need to be synced across many Malcolm installations. + +LDAP authentication are managed on a remote directory service, such as a [Microsoft Active Directory Domain Services](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview) or [OpenLDAP](https://www.openldap.org/). + +Malcolm's authentication method is defined in the `x-auth-variables` section near the top of the [`docker-compose.yml`](#DockerComposeYml) file with the `NGINX_BASIC_AUTH` environment variable: `true` for local TLS-encrypted HTTP basic authentication, `false` for LDAP authentication. + +In either case, you **must** run `./scripts/auth_setup` before starting Malcolm for the first time in order to: + +* define the local Malcolm administrator account username and password (although these credentials will only be used for basic authentication, not LDAP authentication) +* specify whether or not to (re)generate the self-signed certificates used for HTTPS access + * key and certificate files are located in the `nginx/certs/` directory +* specify whether or not to (re)generate the self-signed certificates used by a remote log forwarder (see the `BEATS_SSL` environment variable above) + * certificate authority, certificate, and key files for Malcolm's Logstash instance are located in the `logstash/certs/` directory + * certificate authority, certificate, and key files to be copied to and used by the remote log forwarder are located in the `filebeat/certs/` directory; if using [Hedgehog Linux](#Hedgehog), these certificates should be copied to the `/opt/sensor/sensor_ctl/logstash-client-certificates` directory on the sensor +* specify whether or not to [store the username/password](https://opensearch.org/docs/latest/monitoring-plugins/alerting/monitors/#authenticate-sender-account) for [email alert senders](https://opensearch.org/docs/latest/monitoring-plugins/alerting/monitors/#create-destinations) + * these parameters are stored securely in the OpenSearch keystore file `opensearch/opensearch.keystore` + +##### Local account management + +[`auth_setup`](#AuthSetup) is used to define the username and password for the administrator account. Once Malcolm is running, the administrator account can be used to manage other user accounts via a **Malcolm User Management** page served over HTTPS on port 488 (e.g., [https://localhost:488](https://localhost:488) if you are connecting locally). + +Malcolm user accounts can be used to access the [interfaces](#UserInterfaceURLs) of all of its [components](#Components), including Arkime. Arkime uses its own internal database of user accounts, so when a Malcolm user account logs in to Arkime for the first time Malcolm creates a corresponding Arkime user account automatically. This being the case, it is *not* recommended to use the Arkime **Users** settings page or change the password via the **Password** form under the Arkime **Settings** page, as those settings would not be consistently used across Malcolm. + +Users may change their passwords via the **Malcolm User Management** page by clicking **User Self Service**. A forgotten password can also be reset via an emailed link, though this requires SMTP server settings to be specified in `htadmin/config.ini` in the Malcolm installation directory. + +#### Lightweight Directory Access Protocol (LDAP) authentication + +The [nginx-auth-ldap](https://github.com/kvspb/nginx-auth-ldap) module serves as the interface between Malcolm's [Nginx](https://nginx.org/) web server and a remote LDAP server. When you run [`auth_setup`](#AuthSetup) for the first time, a sample LDAP configuration file is created at `nginx/nginx_ldap.conf`. + +``` +# This is a sample configuration for the ldap_server section of nginx.conf. +# Yours will vary depending on how your Active Directory/LDAP server is configured. +# See https://github.com/kvspb/nginx-auth-ldap#available-config-parameters for options. + +ldap_server ad_server { + url "ldap://ds.example.com:3268/DC=ds,DC=example,DC=com?sAMAccountName?sub?(objectClass=person)"; + + binddn "bind_dn"; + binddn_passwd "bind_dn_password"; + + group_attribute member; + group_attribute_is_dn on; + require group "CN=Malcolm,CN=Users,DC=ds,DC=example,DC=com"; + require valid_user; + satisfy all; +} + +auth_ldap_cache_enabled on; +auth_ldap_cache_expiration_time 10000; +auth_ldap_cache_size 1000; +``` + +This file is mounted into the `nginx` container when Malcolm is started to provide connection information for the LDAP server. + +The contents of `nginx_ldap.conf` will vary depending on how the LDAP server is configured. Some of the [avaiable parameters](https://github.com/kvspb/nginx-auth-ldap#available-config-parameters) in that file include: + +* **`url`** - the `ldap://` or `ldaps://` connection URL for the remote LDAP server, which has the [following syntax](https://www.ietf.org/rfc/rfc2255.txt): `ldap[s]://:/???` +* **`binddn`** and **`binddn_password`** - the account credentials used to query the LDAP directory +* **`group_attribute`** - the group attribute name which contains the member object (e.g., `member` or `memberUid`) +* **`group_attribute_is_dn`** - whether or not to search for the user's full distinguished name as the value in the group's member attribute +* **`require`** and **`satisfy`** - `require user`, `require group` and `require valid_user` can be used in conjunction with `satisfy any` or `satisfy all` to limit the users that are allowed to access the Malcolm instance + +Before starting Malcolm, edit `nginx/nginx_ldap.conf` according to the specifics of your LDAP server and directory tree structure. Using a LDAP search tool such as [`ldapsearch`](https://www.openldap.org/software/man.cgi?query=ldapsearch) in Linux or [`dsquery`](https://social.technet.microsoft.com/wiki/contents/articles/2195.active-directory-dsquery-commands.aspx) in Windows may be of help as you formulate the configuration. Your changes should be made within the curly braces of the `ldap_server ad_server { … }` section. You can troubleshoot configuration file syntax errors and LDAP connection or credentials issues by running `./scripts/logs` (or `docker-compose logs nginx`) and examining the output of the `nginx` container. + +The **Malcolm User Management** page described above is not available when using LDAP authentication. + +##### LDAP connection security + +Authentication over LDAP can be done using one of three ways, [two of which](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/8e73932f-70cf-46d6-88b1-8d9f86235e81) offer data confidentiality protection: + +* **StartTLS** - the [standard extension](https://tools.ietf.org/html/rfc2830) to the LDAP protocol to establish an encrypted SSL/TLS connection within an already established LDAP connection +* **LDAPS** - a commonly used (though unofficial and considered deprecated) method in which SSL negotiation takes place before any commands are sent from the client to the server +* **Unencrypted** (cleartext) (***not recommended***) + +In addition to the `NGINX_BASIC_AUTH` environment variable being set to `false` in the `x-auth-variables` section near the top of the [`docker-compose.yml`](#DockerComposeYml) file, the `NGINX_LDAP_TLS_STUNNEL` and `NGINX_LDAP_TLS_STUNNEL` environment variables are used in conjunction with the values in `nginx/nginx_ldap.conf` to define the LDAP connection security level. Use the following combinations of values to achieve the connection security methods above, respectively: + +* **StartTLS** + - `NGINX_LDAP_TLS_STUNNEL` set to `true` in [`docker-compose.yml`](#DockerComposeYml) + - `url` should begin with `ldap://` and its port should be either the default LDAP port (389) or the default Global Catalog port (3268) in `nginx/nginx_ldap.conf` +* **LDAPS** + - `NGINX_LDAP_TLS_STUNNEL` set to `false` in [`docker-compose.yml`](#DockerComposeYml) + - `url` should begin with `ldaps://` and its port should be either the default LDAPS port (636) or the default LDAPS Global Catalog port (3269) in `nginx/nginx_ldap.conf` +* **Unencrypted** (clear text) (***not recommended***) + - `NGINX_LDAP_TLS_STUNNEL` set to `false` in [`docker-compose.yml`](#DockerComposeYml) + - `url` should begin with `ldap://` and its port should be either the default LDAP port (389) or the default Global Catalog port (3268) in `nginx/nginx_ldap.conf` + +For encrypted connections (whether using **StartTLS** or **LDAPS**), Malcolm will require and verify certificates when one or more trusted CA certificate files are placed in the `nginx/ca-trust/` directory. Otherwise, any certificate presented by the domain server will be accepted. + +### TLS certificates + +When you [set up authentication](#AuthSetup) for Malcolm a set of unique [self-signed](https://en.wikipedia.org/wiki/Self-signed_certificate) TLS certificates are created which are used to secure the connection between clients (e.g., your web browser) and Malcolm's browser-based interface. This is adequate for most Malcolm instances as they are often run locally or on internal networks, although your browser will most likely require you to add a security exception for the certificate the first time you connect to Malcolm. + +Another option is to generate your own certificates (or have them issued to you) and have them placed in the `nginx/certs/` directory. The certificate and key file should be named `cert.pem` and `key.pem`, respectively. + +A third possibility is to use a third-party reverse proxy (e.g., [Traefik](https://doc.traefik.io/traefik/) or [Caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy)) to handle the issuance of the certificates for you and to broker the connections between clients and Malcolm. Reverse proxies such as these often implement the [ACME](https://datatracker.ietf.org/doc/html/rfc8555) protocol for domain name authentication and can be used to request certificates from certificate authorities like [Let's Encrypt](https://letsencrypt.org/how-it-works/). In this configuration, the reverse proxy will be encrypting the connections instead of Malcolm, so you'll need to set the `NGINX_SSL` environment variable to `false` in [`docker-compose.yml`](#DockerComposeYml) (or answer `no` to the "Require encrypted HTTPS connections?" question posed by `install.py`). If you are setting `NGINX_SSL` to `false`, **make sure** you understand what you are doing and ensure that external connections cannot reach ports over which Malcolm will be communicating without encryption, including verifying your local firewall configuration. + +### Starting Malcolm + +[Docker compose](https://docs.docker.com/compose/) is used to coordinate running the Docker containers. To start Malcolm, navigate to the directory containing `docker-compose.yml` and run: +``` +$ ./scripts/start +``` +This will create the containers' virtual network and instantiate them, then leave them running in the background. The Malcolm containers may take a several minutes to start up completely. To follow the debug output for an already-running Malcolm instance, run: +``` +$ ./scripts/logs +``` +You can also use `docker stats` to monitor the resource utilization of running containers. + +### Stopping and restarting Malcolm + +You can run `./scripts/stop` to stop the docker containers and remove their virtual network. Alternatively, `./scripts/restart` will restart an instance of Malcolm. Because the data on disk is stored on the host in docker volumes, doing these operations will not result in loss of data. + +Malcolm can be configured to be automatically restarted when the Docker system daemon restart (for example, on system reboot). This behavior depends on the [value](https://docs.docker.com/config/containers/start-containers-automatically/) of the [`restart:`](https://docs.docker.com/compose/compose-file/#restart) setting for each service in the `docker-compose.yml` file. This value can be set by running [`./scripts/install.py --configure`](#ConfigAndTuning) and answering "yes" to "`Restart Malcolm upon system or Docker daemon restart?`." + +### Clearing Malcolm's data + +Run `./scripts/wipe` to stop the Malcolm instance and wipe its OpenSearch database (**including** [index snapshots and management policies](#IndexManagement) and [alerting configuration](#Alerting)). + +### Temporary read-only interface + +To temporarily set the Malcolm user interaces into a read-only configuration, run the following commands from the Malcolm installation directory. + +First, to configure [Nginx] to disable access to the upload and other interfaces for changing Malcolm settings, and to deny HTTP methods other than `GET` and `POST`: + +``` +docker-compose exec nginx-proxy bash -c "cp /etc/nginx/nginx_readonly.conf /etc/nginx/nginx.conf && nginx -s reload" +``` + +Second, to set the existing OpenSearch data store to read-only: + +``` +docker-compose exec dashboards-helper /data/opensearch_read_only.py -i _cluster +``` + +These commands must be re-run every time you restart Malcolm. + +Note that after you run these commands you may see an increase of error messages in the Malcolm containers' output as various background processes will fail due to the read-only nature of the indices. Additionally, some features such as Arkime's [Hunt](#ArkimeHunt) and [building your own visualizations and dashboards](#BuildDashboard) in OpenSearch Dashboards will not function correctly in read-only mode. \ No newline at end of file diff --git a/docs/severity.md b/docs/severity.md new file mode 100644 index 000000000..acc215872 --- /dev/null +++ b/docs/severity.md @@ -0,0 +1,44 @@ +### Event severity scoring + +As Zeek logs are parsed and enriched prior to indexing, a severity score up to `100` (a higher score indicating a more severe event) can be assigned when one or more of the following conditions are met: + +* cross-segment network traffic (if [network subnets were defined](#HostAndSubnetNaming)) +* connection origination and destination (e.g., inbound, outbound, external, internal) +* traffic to or from sensitive countries + - The comma-separated list of countries (by [ISO 3166-1 alpha-2 code](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Current_codes)) can be customized by setting the `SENSITIVE_COUNTRY_CODES` environment variable in [`docker-compose.yml`](#DockerComposeYml). +* domain names (from DNS queries and SSL server names) with high entropy as calculated by [freq](https://github.com/MarkBaggett/freq) + - The entropy threshold for this condition to trigger can be adjusted by setting the `FREQ_SEVERITY_THRESHOLD` environment variable in [`docker-compose.yml`](#DockerComposeYml). A lower value will only assign severity scores to fewer domain names with higher entropy (e.g., `2.0` for `NQZHTFHRMYMTVBQJE.COM`), while a higher value will assign severity scores to more domain names with lower entropy (e.g., `7.5` for `naturallanguagedomain.example.org`). +* file transfers (categorized by mime type) +* `notice.log`, [`intel.log`](#ZeekIntel) and `weird.log` entries, including those generated by Zeek plugins detecting vulnerabilities (see the list of Zeek plugins under [Components](#Components)) +* detection of cleartext passwords +* use of insecure or outdated protocols +* tunneled traffic or use of VPN protocols +* rejected or aborted connections +* common network services communicating over non-standard ports +* file scanning engine hits on [extracted files](#ZeekFileExtraction) +* large connection or file transfer + - The size (in megabytes) threshold for this condition to trigger can be adjusted by setting the `TOTAL_MEGABYTES_SEVERITY_THRESHOLD` environment variable in [`docker-compose.yml`](#DockerComposeYml). +* long connection duration + - The duration (in seconds) threshold for this condition to trigger can be adjusted by setting the `CONNECTION_SECONDS_SEVERITY_THRESHOLD` environment variable in [`docker-compose.yml`](#DockerComposeYml). + +As this [feature](https://github.com/idaholab/Malcolm/issues/19) is improved it's expected that additional categories will be identified and implemented for severity scoring. + +When a Zeek log satisfies more than one of these conditions its severity scores will be summed, with a maximum score of `100`. A Zeek log's severity score is indexed in the `event.severity` field and the conditions which contributed to its score are indexed in `event.severity_tags`. + +![The Severity dashboard](./images/screenshots/dashboards_severity.png) + +#### Customizing event severity scoring + +These categories' severity scores can be customized by editing `logstash/maps/malcolm_severity.yaml`: + +* Each category can be assigned a number between `1` and `100` for severity scoring. +* Any category may be disabled by assigning it a score of `0`. +* A severity score can be assigned for any [supported protocol](#Protocols) by adding an entry with the key formatted like `"PROTOCOL_XYZ"`, where `XYZ` is the uppercased value of the protocol as stored in the `network.protocol` field. For example, to assign a score of `40` to Zeek logs generated for SSH traffic, you could add the following line to `malcolm_severity.yaml`: + +``` +"PROTOCOL_SSH": 40 +``` + +Restart Logstash after modifying `malcolm_severity.yaml` for the changes to take effect. The [hostname and CIDR subnet names interface](#NameMapUI) provides a convenient button for restarting Logstash. + +Severity scoring can be disabled globally by setting the `LOGSTASH_SEVERITY_SCORING` environment variable to `false` in the [`docker-compose.yml`](#DockerComposeYml) file and [restarting Malcolm](#StopAndRestart). \ No newline at end of file diff --git a/scripts/third-party-logs/README.md b/docs/third-party-logs.md similarity index 100% rename from scripts/third-party-logs/README.md rename to docs/third-party-logs.md diff --git a/docs/time-sync.md b/docs/time-sync.md new file mode 100644 index 000000000..aeaf6de37 --- /dev/null +++ b/docs/time-sync.md @@ -0,0 +1,9 @@ +### Time synchronization + +If you wish to set up time synchronization via [NTP](http://www.ntp.org/) or `htpdate`, open a terminal and run `sudo configure-interfaces.py`. Select **Continue**, then choose **Time Sync**. Here you can configure the operating system to keep its time synchronized with either an NTP server (using the NTP protocol), another Malcolm instance, or another HTTP/HTTPS server. On the next dialog, choose the time synchronization method you wish to configure. + +If **htpdate** is selected, you will be prompted to enter the IP address or hostname and port of an HTTP/HTTPS server (for a Malcolm instance, port `9200` may be used) and the time synchronization check frequency in minutes. A test connection will be made to determine if the time can be retrieved from the server. + +If *ntpdate* is selected, you will be prompted to enter the IP address or hostname of the NTP server. + +Upon configuring time synchronization, a "Time synchronization configured successfully!" message will be displayed. \ No newline at end of file diff --git a/docs/ubuntu-install-example.md b/docs/ubuntu-install-example.md new file mode 100644 index 000000000..3bdf5a3c7 --- /dev/null +++ b/docs/ubuntu-install-example.md @@ -0,0 +1,323 @@ +## Installation example using Ubuntu 22.04 LTS + +Here's a step-by-step example of getting [Malcolm from GitHub](https://github.com/idaholab/Malcolm/tree/main), configuring your system and your Malcolm instance, and running it on a system running Ubuntu Linux. Your mileage may vary depending on your individual system configuration, but this should be a good starting point. + +The commands in this example should be executed as a non-root user. + +You can use `git` to clone Malcolm into a local working copy, or you can download and extract the artifacts from the [latest release](https://github.com/idaholab/Malcolm/releases). + +To install Malcolm from the latest Malcolm release, browse to the [Malcolm releases page on GitHub](https://github.com/idaholab/Malcolm/releases) and download at a minimum `install.py` and the `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` file, then navigate to your downloads directory: +``` +user@host:~$ cd Downloads/ +user@host:~/Downloads$ ls +malcolm_common.py install.py malcolm_20190611_095410_ce2d8de.tar.gz +``` + +If you are obtaining Malcolm using `git` instead, run the following command to clone Malcolm into a local working copy: +``` +user@host:~$ git clone https://github.com/idaholab/Malcolm +Cloning into 'Malcolm'... +remote: Enumerating objects: 443, done. +remote: Counting objects: 100% (443/443), done. +remote: Compressing objects: 100% (310/310), done. +remote: Total 443 (delta 81), reused 441 (delta 79), pack-reused 0 +Receiving objects: 100% (443/443), 6.87 MiB | 18.86 MiB/s, done. +Resolving deltas: 100% (81/81), done. + +user@host:~$ cd Malcolm/ +``` + +Next, run the `install.py` script to configure your system. Replace `user` in this example with your local account username, and follow the prompts. Most questions have an acceptable default you can accept by pressing the `Enter` key. Depending on whether you are installing Malcolm from the release tarball or inside of a git working copy, the questions below will be slightly different, but for the most part are the same. +``` +user@host:~/Malcolm$ sudo ./scripts/install.py +Installing required packages: ['apache2-utils', 'make', 'openssl', 'python3-dialog'] + +"docker info" failed, attempt to install Docker? (Y/n): y + +Attempt to install Docker using official repositories? (Y/n): y +Installing required packages: ['apt-transport-https', 'ca-certificates', 'curl', 'gnupg-agent', 'software-properties-common'] +Installing docker packages: ['docker-ce', 'docker-ce-cli', 'containerd.io'] +Installation of docker packages apparently succeeded + +Add a non-root user to the "docker" group?: y + +Enter user account: user + +Add another non-root user to the "docker" group?: n + +"docker-compose version" failed, attempt to install docker-compose? (Y/n): y + +Install docker-compose directly from docker github? (Y/n): y +Download and installation of docker-compose apparently succeeded + +fs.file-max increases allowed maximum for file handles +fs.file-max= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y + +fs.inotify.max_user_watches increases allowed maximum for monitored files +fs.inotify.max_user_watches= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y + +fs.inotify.max_queued_events increases queue size for monitored files +fs.inotify.max_queued_events= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y + +fs.inotify.max_user_instances increases allowed maximum monitor file watchers +fs.inotify.max_user_instances= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y + +vm.max_map_count increases allowed maximum for memory segments +vm.max_map_count= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y + +net.core.somaxconn increases allowed maximum for socket connections +net.core.somaxconn= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y + +vm.swappiness adjusts the preference of the system to swap vs. drop runtime memory pages +vm.swappiness= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y + +vm.dirty_background_ratio defines the percentage of system memory fillable with "dirty" pages before flushing +vm.dirty_background_ratio= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y + +vm.dirty_ratio defines the maximum percentage of dirty system memory before committing everything +vm.dirty_ratio= appears to be missing from /etc/sysctl.conf, append it? (Y/n): y + +/etc/security/limits.d/limits.conf increases the allowed maximums for file handles and memlocked segments +/etc/security/limits.d/limits.conf does not exist, create it? (Y/n): y +``` + +If you are configuring Malcolm from within a git working copy, `install.py` will now exit. Run `install.py` again like you did at the beginning of the example, only remove the `sudo` and add `--configure` to run `install.py` in "configuration only" mode. +``` +user@host:~/Malcolm$ ./scripts/install.py --configure +``` + +Alternately, if you are configuring Malcolm from the release tarball you will be asked if you would like to extract the contents of the tarball and to specify the installation directory and `install.py` will continue: +``` +Extract Malcolm runtime files from /home/user/Downloads/malcolm_20190611_095410_ce2d8de.tar.gz (Y/n): y + +Enter installation path for Malcolm [/home/user/Downloads/malcolm]: /home/user/Malcolm +Malcolm runtime files extracted to /home/user/Malcolm +``` + +Now that any necessary system configuration changes have been made, the local Malcolm instance will be configured: +``` +Malcolm processes will run as UID 1000 and GID 1000. Is this OK? (Y/n): y + +Should Malcolm use and maintain its own OpenSearch instance? (Y/n): y + +Forward Logstash logs to a secondary remote OpenSearch instance? (y/N): n + +Setting 10g for OpenSearch and 3g for Logstash. Is this OK? (Y/n): y + +Setting 3 workers for Logstash pipelines. Is this OK? (Y/n): y + +Restart Malcolm upon system or Docker daemon restart? (y/N): y +1: no +2: on-failure +3: always +4: unless-stopped +Select Malcolm restart behavior (unless-stopped): 4 + +Require encrypted HTTPS connections? (Y/n): y + +Will Malcolm be running behind another reverse proxy (Traefik, Caddy, etc.)? (y/N): n + +Specify external Docker network name (or leave blank for default networking) (): + +Authenticate against Lightweight Directory Access Protocol (LDAP) server? (y/N): n + +Store OpenSearch index snapshots locally in /home/user/Malcolm/opensearch-backup? (Y/n): y + +Compress OpenSearch index snapshots? (y/N): n + +Delete the oldest indices when the database exceeds a certain size? (y/N): n + +Automatically analyze all PCAP files with Suricata? (Y/n): y + +Download updated Suricata signatures periodically? (Y/n): y + +Automatically analyze all PCAP files with Zeek? (Y/n): y + +Perform reverse DNS lookup locally for source and destination IP addresses in logs? (y/N): n + +Perform hardware vendor OUI lookups for MAC addresses? (Y/n): y + +Perform string randomness scoring on some fields? (Y/n): y + +Expose OpenSearch port to external hosts? (y/N): n + +Expose Logstash port to external hosts? (y/N): n + +Expose Filebeat TCP port to external hosts? (y/N): y +1: json +2: raw +Select log format for messages sent to Filebeat TCP listener (json): 1 + +Source field to parse for messages sent to Filebeat TCP listener (message): message + +Target field under which to store decoded JSON fields for messages sent to Filebeat TCP listener (miscbeat): miscbeat + +Field to drop from events sent to Filebeat TCP listener (message): message + +Tag to apply to messages sent to Filebeat TCP listener (_malcolm_beats): _malcolm_beats + +Expose SFTP server (for PCAP upload) to external hosts? (y/N): n + +Enable file extraction with Zeek? (y/N): y +1: none +2: known +3: mapped +4: all +5: interesting +Select file extraction behavior (none): 5 +1: quarantined +2: all +3: none +Select file preservation behavior (quarantined): 1 + +Scan extracted files with ClamAV? (y/N): y + +Scan extracted files with Yara? (y/N): y + +Scan extracted PE files with Capa? (y/N): y + +Lookup extracted file hashes with VirusTotal? (y/N): n + +Download updated file scanner signatures periodically? (Y/n): y + +Should Malcolm capture live network traffic to PCAP files for analysis with Arkime? (y/N): y + +Capture packets using netsniff-ng? (Y/n): y + +Capture packets using tcpdump? (y/N): n + +Should Malcolm analyze live network traffic with Suricata? (y/N): y + +Should Malcolm analyze live network traffic with Zeek? (y/N): y + +Specify capture interface(s) (comma-separated): eth0 + +Capture filter (tcpdump-like filter expression; leave blank to capture all traffic) (): not port 5044 and not port 8005 and not port 9200 + +Disable capture interface hardware offloading and adjust ring buffer sizes? (y/N): n + +Malcolm has been installed to /home/user/Malcolm. See README.md for more information. +Scripts for starting and stopping Malcolm and changing authentication-related settings can be found in /home/user/Malcolm/scripts. +``` + +At this point you should **reboot your computer** so that the new system settings can be applied. After rebooting, log back in and return to the directory to which Malcolm was installed (or to which the git working copy was cloned). + +Now we need to [set up authentication](#AuthSetup) and generate some unique self-signed TLS certificates. You can replace `analyst` in this example with whatever username you wish to use to log in to the Malcolm web interface. +``` +user@host:~/Malcolm$ ./scripts/auth_setup + +Store administrator username/password for local Malcolm access? (Y/n): y + +Administrator username: analyst +analyst password: +analyst password (again): + +(Re)generate self-signed certificates for HTTPS access (Y/n): y + +(Re)generate self-signed certificates for a remote log forwarder (Y/n): y + +Store username/password for primary remote OpenSearch instance? (y/N): n + +Store username/password for secondary remote OpenSearch instance? (y/N): n + +Store username/password for email alert sender account? (y/N): n + +(Re)generate internal passwords for NetBox (Y/n): y +``` + +For now, rather than [build Malcolm from scratch](#Build), we'll pull images from [Docker Hub](https://hub.docker.com/u/malcolmnetsec): +``` +user@host:~/Malcolm$ docker-compose pull +Pulling api ... done +Pulling arkime ... done +Pulling dashboards ... done +Pulling dashboards-helper ... done +Pulling file-monitor ... done +Pulling filebeat ... done +Pulling freq ... done +Pulling htadmin ... done +Pulling logstash ... done +Pulling name-map-ui ... done +Pulling netbox ... done +Pulling netbox-postgresql ... done +Pulling netbox-redis ... done +Pulling nginx-proxy ... done +Pulling opensearch ... done +Pulling pcap-capture ... done +Pulling pcap-monitor ... done +Pulling suricata ... done +Pulling upload ... done +Pulling zeek ... done + +user@host:~/Malcolm$ docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +malcolmnetsec/api 6.4.0 xxxxxxxxxxxx 3 days ago 158MB +malcolmnetsec/arkime 6.4.0 xxxxxxxxxxxx 3 days ago 816MB +malcolmnetsec/dashboards 6.4.0 xxxxxxxxxxxx 3 days ago 1.02GB +malcolmnetsec/dashboards-helper 6.4.0 xxxxxxxxxxxx 3 days ago 184MB +malcolmnetsec/file-monitor 6.4.0 xxxxxxxxxxxx 3 days ago 588MB +malcolmnetsec/file-upload 6.4.0 xxxxxxxxxxxx 3 days ago 259MB +malcolmnetsec/filebeat-oss 6.4.0 xxxxxxxxxxxx 3 days ago 624MB +malcolmnetsec/freq 6.4.0 xxxxxxxxxxxx 3 days ago 132MB +malcolmnetsec/htadmin 6.4.0 xxxxxxxxxxxx 3 days ago 242MB +malcolmnetsec/logstash-oss 6.4.0 xxxxxxxxxxxx 3 days ago 1.35GB +malcolmnetsec/name-map-ui 6.4.0 xxxxxxxxxxxx 3 days ago 143MB +malcolmnetsec/netbox 6.4.0 xxxxxxxxxxxx 3 days ago 1.01GB +malcolmnetsec/nginx-proxy 6.4.0 xxxxxxxxxxxx 3 days ago 121MB +malcolmnetsec/opensearch 6.4.0 xxxxxxxxxxxx 3 days ago 1.17GB +malcolmnetsec/pcap-capture 6.4.0 xxxxxxxxxxxx 3 days ago 121MB +malcolmnetsec/pcap-monitor 6.4.0 xxxxxxxxxxxx 3 days ago 213MB +malcolmnetsec/postgresql 6.4.0 xxxxxxxxxxxx 3 days ago 268MB +malcolmnetsec/redis 6.4.0 xxxxxxxxxxxx 3 days ago 34.2MB +malcolmnetsec/suricata 6.4.0 xxxxxxxxxxxx 3 days ago 278MB +malcolmnetsec/zeek 6.4.0 xxxxxxxxxxxx 3 days ago 1GB +``` + +Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background. +``` +user@host:~/Malcolm$ ./scripts/start +In a few minutes, Malcolm services will be accessible via the following URLs: +------------------------------------------------------------------------------ + - Arkime: https://localhost/ + - OpenSearch Dashboards: https://localhost/dashboards/ + - PCAP upload (web): https://localhost/upload/ + - PCAP upload (sftp): sftp://username@127.0.0.1:8022/files/ + - Host and subnet name mapping editor: https://localhost/name-map-ui/ + - NetBox: https://localhost/netbox/ + - Account management: https://localhost:488/ + +NAME COMMAND SERVICE STATUS PORTS +malcolm-api-1 "/usr/local/bin/dock…" api running (starting) … +malcolm-arkime-1 "/usr/local/bin/dock…" arkime running (starting) … +malcolm-dashboards-1 "/usr/local/bin/dock…" dashboards running (starting) … +malcolm-dashboards-helper-1 "/usr/local/bin/dock…" dashboards-helper running (starting) … +malcolm-file-monitor-1 "/usr/local/bin/dock…" file-monitor running (starting) … +malcolm-filebeat-1 "/usr/local/bin/dock…" filebeat running (starting) … +malcolm-freq-1 "/usr/local/bin/dock…" freq running (starting) … +malcolm-htadmin-1 "/usr/local/bin/dock…" htadmin running (starting) … +malcolm-logstash-1 "/usr/local/bin/dock…" logstash running (starting) … +malcolm-name-map-ui-1 "/usr/local/bin/dock…" name-map-ui running (starting) … +malcolm-netbox-1 "/usr/bin/tini -- /u…" netbox running (starting) … +malcolm-netbox-postgres-1 "/usr/bin/docker-uid…" netbox-postgres running (starting) … +malcolm-netbox-redis-1 "/sbin/tini -- /usr/…" netbox-redis running (starting) … +malcolm-netbox-redis-cache-1 "/sbin/tini -- /usr/…" netbox-redis-cache running (starting) … +malcolm-nginx-proxy-1 "/usr/local/bin/dock…" nginx-proxy running (starting) … +malcolm-opensearch-1 "/usr/local/bin/dock…" opensearch running (starting) … +malcolm-pcap-capture-1 "/usr/local/bin/dock…" pcap-capture running … +malcolm-pcap-monitor-1 "/usr/local/bin/dock…" pcap-monitor running (starting) … +malcolm-suricata-1 "/usr/local/bin/dock…" suricata running (starting) … +malcolm-suricata-live-1 "/usr/local/bin/dock…" suricata-live running … +malcolm-upload-1 "/usr/local/bin/dock…" upload running (starting) … +malcolm-zeek-1 "/usr/local/bin/dock…" zeek running (starting) … +malcolm-zeek-live-1 "/usr/local/bin/dock…" zeek-live running … +… +``` + +It will take several minutes for all of Malcolm's components to start up. Logstash will take the longest, probably 3 to 5 minutes. You'll know Logstash is fully ready when you see Logstash spit out a bunch of starting up messages, ending with this: +``` +… +malcolm-logstash-1 | [2022-07-27T20:27:52,056][INFO ][logstash.agent ] Pipelines running {:count=>6, :running_pipelines=>[:"malcolm-input", :"malcolm-output", :"malcolm-beats", :"malcolm-suricata", :"malcolm-enrichment", :"malcolm-zeek"], :non_running_pipelines=>[]} +… +``` + +You can now open a web browser and navigate to one of the [Malcolm user interfaces](#UserInterfaceURLs). \ No newline at end of file diff --git a/docs/upload.md b/docs/upload.md new file mode 100644 index 000000000..b747d1a02 --- /dev/null +++ b/docs/upload.md @@ -0,0 +1,26 @@ +## Capture file and log archive upload + +Malcolm serves a web browser-based upload form for uploading PCAP files and Zeek logs at [https://localhost/upload/](https://localhost/upload/) if you are connecting locally. + +![Capture File and Log Archive Upload](./images/screenshots/malcolm_upload.png) + +Additionally, there is a writable `files` directory on an SFTP server served on port 8022 (e.g., `sftp://USERNAME@localhost:8022/files/` if you are connecting locally). + +The types of files supported are: + +* PCAP files (of mime type `application/vnd.tcpdump.pcap` or `application/x-pcapng`) + - PCAPNG files are *partially* supported: Zeek is able to process PCAPNG files, but not all of Arkime's packet examination features work correctly +* Zeek logs in archive files (`application/gzip`, `application/x-gzip`, `application/x-7z-compressed`, `application/x-bzip2`, `application/x-cpio`, `application/x-lzip`, `application/x-lzma`, `application/x-rar-compressed`, `application/x-tar`, `application/x-xz`, or `application/zip`) + - where the Zeek logs are found in the internal directory structure in the archive file does not matter + +Files uploaded via these methods are monitored and moved automatically to other directories for processing to begin, generally within one minute of completion of the upload. + +### Tagging + +In addition to be processed for uploading, Malcolm events will be tagged according to the components of the filenames of the PCAP files or Zeek log archives files from which the events were parsed. For example, records created from a PCAP file named `ACME_Scada_VLAN10.pcap` would be tagged with `ACME`, `Scada`, and `VLAN10`. Tags are extracted from filenames by splitting on the characters `,` (comma), `-` (dash), and `_` (underscore). These tags are viewable and searchable (via the `tags` field) in Arkime and OpenSearch Dashboards. This behavior can be changed by modifying the `AUTO_TAG` [environment variable in `docker-compose.yml`](#DockerComposeYml). + +Tags may also be specified manually with the [browser-based upload form](#Upload). + +### Processing uploaded PCAPs with Zeek and Suricata + +The **Analyze with Zeek** and **Analyze with Suricata** checkboxes may be used when uploading PCAP files to cause them to be analyzed by Zeek and Suricata, respectively. This is functionally equivalent to the `ZEEK_AUTO_ANALYZE_PCAP_FILES` and `SURICATA_AUTO_ANALYZE_PCAP_FILES` environment variables [described above](#DockerComposeYml), only on a per-upload basis. Zeek can also automatically carve out files from file transfers; see [Automatic file extraction and scanning](#ZeekFileExtraction) for more details. diff --git a/docs/zeek-intel.md b/docs/zeek-intel.md new file mode 100644 index 000000000..4f90da1b5 --- /dev/null +++ b/docs/zeek-intel.md @@ -0,0 +1,58 @@ +### Zeek Intelligence Framework + +To quote Zeek's [Intelligence Framework](https://docs.zeek.org/en/master/frameworks/intel.html) documentation, "The goals of Zeek’s Intelligence Framework are to consume intelligence data, make it available for matching, and provide infrastructure to improve performance and memory utilization. Data in the Intelligence Framework is an atomic piece of intelligence such as an IP address or an e-mail address. This atomic data will be packed with metadata such as a freeform source field, a freeform descriptive field, and a URL which might lead to more information about the specific item." Zeek [intelligence](https://docs.zeek.org/en/master/scripts/base/frameworks/intel/main.zeek.html) [indicator types](https://docs.zeek.org/en/master/scripts/base/frameworks/intel/main.zeek.html#type-Intel::Type) include IP addresses, URLs, file names, hashes, email addresses, and more. + +Malcolm doesn't come bundled with intelligence files from any particular feed, but they can be easily included into your local instance. On [startup](shared/bin/zeek_intel_setup.sh), Malcolm's `malcolmnetsec/zeek` docker container enumerates the subdirectories under `./zeek/intel` (which is [bind mounted](https://docs.docker.com/storage/bind-mounts/) into the container's runtime) and configures Zeek so that those intelligence files will be automatically included in its local policy. Subdirectories under `./zeek/intel` which contain their own `__load__.zeek` file will be `@load`-ed as-is, while subdirectories containing "loose" intelligence files will be [loaded](https://docs.zeek.org/en/master/frameworks/intel.html#loading-intelligence) automatically with a `redef Intel::read_files` directive. + +Note that Malcolm does not manage updates for these intelligence files. You should use the update mechanism suggested by your feeds' maintainers to keep them up to date, or use a [TAXII](#ZeekIntelSTIX) or [MISP](#ZeekIntelMISP) feed as described below. + +Adding and deleting intelligence files under this directory will take effect upon [restarting Malcolm](#StopAndRestart). Alternately, you can use the `ZEEK_INTEL_REFRESH_CRON_EXPRESSION` environment variable containing a [cron expression](https://en.wikipedia.org/wiki/Cron#CRON_expression) to specify the interval at which the intel files should be refreshed. It can also be done manually without restarting Malcolm by running the following command from the Malcolm installation directory: + +``` +docker-compose exec --user $(id -u) zeek /usr/local/bin/entrypoint.sh true +``` + +For a public example of Zeek intelligence files, see Critical Path Security's [repository](https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds) which aggregates data from various other threat feeds into Zeek's format. + +#### STIX™ and TAXII™ + +In addition to loading Zeek intelligence files, on startup Malcolm will [automatically generate](shared/bin/zeek_intel_from_threat_feed.py) a Zeek intelligence file for all [Structured Threat Information Expression (STIX™)](https://oasis-open.github.io/cti-documentation/stix/intro.html) [v2.0](https://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part1-stix-core.html)/[v2.1](https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html) JSON files found under `./zeek/intel/STIX`. + +Additionally, if a special text file named `.stix_input.txt` is found in `./zeek/intel/STIX`, that file will be read and processed as a list of [TAXII™](https://oasis-open.github.io/cti-documentation/taxii/intro.html) [2.0](http://docs.oasis-open.org/cti/taxii/v2.0/cs01/taxii-v2.0-cs01.html)/[2.1](https://docs.oasis-open.org/cti/taxii/v2.1/csprd02/taxii-v2.1-csprd02.html) feeds, one per line, according to the following format (the username and password are optional): + +``` +taxii|version|discovery_url|collection_name|username|password +``` + +For example: + +``` +taxii|2.0|http://example.org/taxii/|IP Blocklist|guest|guest +taxii|2.1|https://example.com/taxii/api2/|URL Blocklist +… +``` + +Malcolm will attempt to query the TAXII feed(s) for `indicator` STIX objects and convert them to the Zeek intelligence format as described above. There are publicly available TAXII 2.x-compatible services provided by a number of organizations including [Anomali Labs](https://www.anomali.com/resources/limo) and [MITRE](https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/attck%E2%84%A2-content-available-in-stix%E2%84%A2-20-via), or you may choose from several open-source offerings to roll your own TAXII 2 server (e.g., [oasis-open/cti-taxii-server](https://github.com/oasis-open/cti-taxii-server), [freetaxii/server](https://github.com/freetaxii/server), [StephenOTT/TAXII-Server](https://github.com/StephenOTT/TAXII-Server), etc.). + +Note that only **indicators** of [**cyber-observable objects**](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_mlbmudhl16lr) matched with the **equals (`=`)** [comparison operator](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_t11hn314cr7w) against a **single value** can be expressed as Zeek intelligence items. More complex STIX indicators will be silently ignored. + +#### MISP + +In addition to loading Zeek intelligence files, on startup Malcolm will [automatically generate](shared/bin/zeek_intel_from_threat_feed.py) a Zeek intelligence file for all [Malware Information Sharing Platform (MISP)](https://www.misp-project.org/datamodels/) JSON files found under `./zeek/intel/MISP`. + +Additionally, if a special text file named `.misp_input.txt` is found in `./zeek/intel/MISP`, that file will be read and processed as a list of [MISP feed](https://misp.gitbooks.io/misp-book/content/managing-feeds/#feeds) URLs, one per line, according to the following format (the authentication key is optional): + +``` +misp|manifest_url|auth_key +``` + +For example: + +``` +misp|https://example.com/data/feed-osint/manifest.json|df97338db644c64fbfd90f3e03ba8870 +… +``` + +Malcolm will attempt to connect to the MISP feed(s) and retrieve [`Attribute`](https://www.misp-standard.org/rfc/misp-standard-core.html#name-attribute) objects of MISP events and convert them to the Zeek intelligence format as described above. There are publicly available [MISP feeds](https://www.misp-project.org/feeds/) and [communities](https://www.misp-project.org/communities/), or you may [run your own MISP instance](https://www.misp-project.org/2019/09/25/hostev-vs-own-misp.html/). + +Note that only a subset of MISP [attribute types](https://www.misp-project.org/datamodels/#attribute-categories-vs-types) can be expressed with the Zeek intelligence [indicator types](https://docs.zeek.org/en/master/scripts/base/frameworks/intel/main.zeek.html#type-Intel::Type). MISP attributes with other types will be silently ignored. \ No newline at end of file diff --git a/sensor-iso/README.md b/sensor-iso/README.md deleted file mode 100644 index 0ddfdf8c1..000000000 --- a/sensor-iso/README.md +++ /dev/null @@ -1,833 +0,0 @@ -# Hedgehog Linux -## Network Traffic Capture Appliance - -![](./docs/logo/hedgehog-color-w-text.png) - -Hedgehog Linux is a Debian-based operating system built to - -* monitor network interfaces -* capture packets to PCAP files -* detect file transfers in network traffic and extract and scan those files for threats -* generate and forward Zeek logs, Arkime sessions and other information to [Malcolm](https://github.com/idaholab/Malcolm) - -![sensor-iso-build-docker-wrap-push-ghcr](https://github.com/idaholab/Malcolm/workflows/sensor-iso-build-docker-wrap-push-ghcr/badge.svg) - -### Table of Contents - -* [Sensor installation](#Installation) - - [Image boot options](#BootOptions) - - [Installer](#Installer) -* [Boot](#Boot) - - [Kiosk mode](#KioskMode) -* [Configuration](#Configuration) - - [Interfaces, hostname, and time synchronization](#ConfigRoot) - + [Hostname](#ConfigHostname) - + [Interfaces](#ConfigIface) - + [Time synchronization](#ConfigTime) - - [Capture, forwarding, and autostart services](#ConfigUser) - + [Capture](#ConfigCapture) - * [Automatic file extraction and scanning](#ZeekFileExtraction) - + [Forwarding](#ConfigForwarding) - * [arkime-capture](#arkime-capture): Arkime session forwarding - * [filebeat](#filebeat): Zeek and Suricata log forwarding - * [miscbeat](#miscbeat): System metrics forwarding - + [Autostart services](#ConfigAutostart) -+ [Zeek Intelligence Framework](#ZeekIntel) -* [Appendix A - Generating the ISO](#ISOBuild) -* [Appendix B - Configuring SSH access](#ConfigSSH) -* [Appendix C - Troubleshooting](#Troubleshooting) -* [Appendix D - Hardening](#Hardening) - - [Compliance exceptions](#ComplianceExceptions) -* [Appendix E - Upgrades](#UpgradePlan) -* [Copyright](#Footer) - -# Sensor installation - -## Image boot options - -The Hedgehog Linux installation image, when provided on an optical disc, USB thumb drive, or other removable medium, can be used to install or reinstall the sensor software. - -![Sensor installation image boot menu](./docs/images/boot_options.png) - -The boot menu of the sensor installer image provides several options: - -* **Live system** and **Live system (fully in RAM)** may also be used to run the sensor in a "live USB" mode without installing any software or making any persistent configuration changes on the sensor hardware. -* **Install Hedgehog Linux** and **Install Hedgehog Linux (encrypted)** are used to [install the sensor](#Installer) onto the current system. Both selections install the same operating system and sensor software, the only difference being that the **encrypted** option encrypts the hard disks with a password (provided in a subsequent step during installation) that must be provided each time the sensor boots. There is some CPU overhead involved in an encrypted installation, so it is recommended that encrypted installations only be used for mobile installations (eg., on a sensor that may be shipped or carried for an incident response) and that the unencrypted option be used for fixed sensors in secure environments. -* **Install Hedgehog Linux (advanced configuration)** allows you to configure installation fully using all of the [Debian installer](https://www.debian.org/releases/stable/amd64/) settings and should only be selected for advanced users who know what they're doing. -* **Rescue system** is included for debugging and/or system recovery and should not be needed in most cases. - -## Installer - -The sensor installer is designed to require as little user input as possible. For this reason, there are NO user prompts and confirmations about partitioning and reformatting hard disks for use by the sensor. The installer assumes that all non-removable storage media (eg., SSD, HDD, NVMe, etc.) are available for use and ⛔🆘😭💀 ***will partition and format them without warning*** 💀😭🆘⛔. - -The installer will ask for a few pieces of information prior to installing the sensor operating system: - -* **Root password** – a password for the privileged root account which is rarely needed (only during the configuration of the sensors network interfaces and setting the sensor host name) -* **User password** – a password for the non-privileged sensor account under which the various sensor capture and forwarding services run -* **Encryption password** (optional) – if the encrypted installation option was selected at boot time, the encryption password must be entered every time the sensor boots - -Each of these passwords must be entered twice to ensure they were entered correctly. - -![Example of the installer's password prompt](./docs/images/users_and_passwords.png) - -After the passwords have been entered, the installer will proceed to format the system drive and install Hedgehog Linux. - -![Installer progress](./docs/images/installer_progress.png) - -At the end of the installation process, you will be prompted with a few self-explanatory yes/no questions: - -* **Disable IPv6?** -* **Automatically login to the GUI session?** -* **Should the GUI session be locked due to inactivity?** -* **Display the [Standard Mandatory DoD Notice and Consent Banner](https://www.stigviewer.com/stig/application_security_and_development/2018-12-24/finding/V-69349)?** *(only applies when installed on U.S. government information systems)* - -Following these prompts, the installer will reboot and Hedgehog Linux will boot. - -# Boot - -Each time the sensor boots, a grub boot menu will be shown briefly, after which the sensor will proceed to load. - -## Kiosk mode - -![Kiosk mode sensor menu: resource statistics](./docs/images/kiosk_mode_sensor_menu.png) - -The sensor automatically logs in as the sensor user account and runs in **kiosk mode**, which is intended to show an at-a-glance view of the its resource utilization. Clicking the **☰** icon in allows you to switch between the resource statistics view and the services view. - -![Kiosk mode sensor menu: services](./docs/images/kiosk_mode_services_menu.png) - -The kiosk's services screen (designed with large clickable labels for small portable touch screens) can be used to start and stop essential services, get a status report of the currently running services, and clean all captured data from the sensor. - -!["Clean Sensor" confirmation prompt before deleting sensor data](./docs/images/kiosk_mode_wipe_prompt.png) - -!["Sensor Status" report from the kiosk services menu](./docs/images/kiosk_mode_status.png) - -# Configuration - -Kiosk mode can be exited by connecting an external USB keyboard and pressing **Alt+F4**, upon which the *sensor* user's desktop is shown. - -![Sensor login session desktop](./docs/images/desktop.png) - -Several icons are available in the top menu bar: - -* **Terminal** - opens a command prompt in a terminal emulator -* **Browser** - opens a web browser -* **Kiosk** – returns the sensor to kiosk mode -* **README** – displays this document -* **Sensor status** – displays a list with the status of each sensor service -* **Configure capture and forwarding** – opens a dialog for configuring the sensor's capture and forwarding services, as well as specifying which services should autostart upon boot -* **Configure interfaces and hostname** – opens a dialog for configuring the sensor's network interfaces and setting the sensor's hostname -* **Restart sensor services** - stops and restarts all of the [autostart services](#ConfigAutostart) - -## Interfaces, hostname, and time synchronization - -### Hostname - -The first step of sensor configuration is to configure the network interfaces and sensor hostname. Clicking the **Configure Interfaces and Hostname** toolbar icon (or, if you are at a command line prompt, running `configure-interfaces`) will prompt you for the root password you created during installation, after which the configuration welcome screen is shown. Select **Continue** to proceed. - -You may next select whether to configure the network interfaces, hostname, or time synchronization. - -![Selection to configure network interfaces, hostname, or time synchronization](./docs/images/root_config_mode.png) - -Selecting **Hostname**, you will be presented with a summary of the current sensor identification information, after which you may specify a new sensor hostname. This name will be used to tag all events forwarded from this sensor in the events' **host.name** field. - -![Specifying a new sensor hostname](./docs/images/hostname_setting.png) - -### Interfaces - -Returning to the configuration mode selection, choose **Interface**. You will be prompted if you would like help identifying network interfaces. If you select **Yes**, you will be prompted to select a network interface, after which that interface's link LED will blink for 10 seconds to help you in its identification. This network interface identification aid will continue to prompt you to identify further network interfaces until you select **No**. - -You will be presented with a list of interfaces to configure as the sensor management interface. This is the interface the sensor itself will use to communicate with the network in order to, for example, forward captured logs to an aggregate server. In order to do so, the management interface must be assigned an IP address. This is generally **not** the interface used for capturing data. Select the interface to which you wish to assign an IP address. The interfaces are listed by name and MAC address and the associated link speed is also displayed if it can be determined. For interfaces without a connected network cable, generally a `-1` will be displayed instead of the interface speed. - -![Management interface selection](./docs/images/select_iface.png) - -Depending on the configuration of your network, you may now specify how the management interface will be assigned an IP address. In order to communicate with an event aggregator over the management interface, either **static** or **dhcp** must be selected. - -![Interface address source](./docs/images/iface_mode.png) - -If you select static, you will be prompted to enter the IP address, netmask, and gateway to assign to the management interface. - -![Static IP configuration](./docs/images/iface_static.png) - -In either case, upon selecting **OK** the network interface will be brought down, configured, and brought back up, and the result of the operation will be displayed. You may choose **Quit** upon returning to the configuration tool's welcome screen. - -### Time synchronization - -Returning to the configuration mode selection, choose **Time Sync**. Here you can configure the sensor to keep its time synchronized with either an NTP server (using the NTP protocol) or a local [Malcolm](https://github.com/idaholab/Malcolm) aggregator or another HTTP/HTTPS server. On the next dialog, choose the time synchronization method you wish to configure. - -![Time synchronization method](./docs/images/time_sync_mode.png) - -If **htpdate** is selected, you will be prompted to enter the IP address or hostname and port of an HTTP/HTTPS server (for a Malcolm instance, port `9200` may be used) and the time synchronization check frequency in minutes. A test connection will be made to determine if the time can be retrieved from the server. - -![*htpdate* configuration](./docs/images/htpdate_setup.png) - -If *ntpdate* is selected, you will be prompted to enter the IP address or hostname of the NTP server. - -![NTP configuration](./docs/images/ntp_host.png) - -Upon configuring time synchronization, a "Time synchronization configured successfully!" message will be displayed, after which you will be returned to the welcome screen. - -## Capture, forwarding, and autostart services - -Clicking the **Configure Capture and Forwarding** toolbar icon (or, if you are at a command prompt, running `configure-capture`) will launch the configuration tool for capture and forwarding. The root password is not required as it was for the interface and hostname configuration, as sensor services are run under the non-privileged sensor account. Select **Continue** to proceed. You may select from a list of configuration options. - -![Select configuration mode](./docs/images/capture_config_main.png) - -### Capture - -Choose **Configure Capture** to configure parameters related to traffic capture and local analysis. You will be prompted if you would like help identifying network interfaces. If you select **Yes**, you will be prompted to select a network interface, after which that interface's link LED will blink for 10 seconds to help you in its identification. This network interface identification aid will continue to prompt you to identify further network interfaces until you select **No**. - -You will be presented with a list of network interfaces and prompted to select one or more capture interfaces. An interface used to capture traffic is generally a different interface than the one selected previously as the management interface, and each capture interface should be connected to a network tap or span port for traffic monitoring. Capture interfaces are usually not assigned an IP address as they are only used to passively “listen” to the traffic on the wire. The interfaces are listed by name and MAC address and the associated link speed is also displayed if it can be determined. For interfaces without a connected network cable, generally a `-1` will be displayed instead of the interface speed. - -![Select capture interfaces](./docs/images/capture_iface_select.png) - -Upon choosing the capture interfaces and selecting OK, you may optionally provide a capture filter. This filter will be used to limit what traffic the PCAP service ([`tcpdump`](https://www.tcpdump.org/)) and the traffic analysis services ([`zeek`](https://www.zeek.org/) and [`suricata`](https://suricata.io/)) will see. Capture filters are specified using [Berkeley Packet Filter (BPF)](http://biot.com/capstats/bpf.html) syntax. Clicking **OK** will attempt to validate the capture filter, if specified, and will present a warning if the filter is invalid. - -![Specify capture filters](./docs/images/capture_filter.png) - -Next you must specify the paths where captured PCAP files and logs will be stored locally on the sensor. If the installation worked as expected, these paths should be prepopulated to reflect paths on the volumes formatted at install time for the purpose storing these artifacts. Usually these paths will exist on separate storage volumes. Enabling the PCAP and log pruning autostart services (see the section on autostart services below) will enable monitoring of these paths to ensure that their contents do not consume more than 90% of their respective volumes' space. Choose **OK** to continue. - -![Specify capture paths](./docs/images/capture_paths.png) - -#### Automatic file extraction and scanning - -Hedgehog Linux can leverage Zeek's knowledge of network protocols to automatically detect file transfers and extract those files from network traffic as Zeek sees them. - -To specify which files should be extracted, specify the Zeek file carving mode: - -![Zeek file carving mode](./docs/images/zeek_file_carve_mode.png) - -If you're not sure what to choose, either of **mapped (except common plain text files)** (if you want to carve and scan almost all files) or **interesting** (if you only want to carve and scan files with [mime types of common attack vectors](./interface/sensor_ctl/zeek/extractor_override.interesting.zeek)) is probably a good choice. - -Next, specify which carved files to preserve (saved on the sensor under `/capture/bro/capture/extract_files/quarantine` by default). In order to not consume all of the sensor's available storage space, the oldest preserved files will be pruned along with the oldest Zeek logs as described below with **AUTOSTART_PRUNE_ZEEK** in the [autostart services](#ConfigAutostart) section. - -You'll be prompted to specify which engine(s) to use to analyze extracted files. Extracted files can be examined through any of three methods: - -![File scanners](./docs/images/zeek_file_carve_scanners.png) - -* scanning files with [**ClamAV**](https://www.clamav.net/); to enable this method, select **ZEEK_FILE_SCAN_CLAMAV** when specifying scanners for Zeek-carved files -* submitting file hashes to [**VirusTotal**](https://www.virustotal.com/en/#search); to enable this method, select **ZEEK_FILE_SCAN_VTOT** when specifying scanners for Zeek-carved files, then manually edit `/opt/sensor/sensor_ctl/control_vars.conf` and specify your [VirusTotal API key](https://developers.virustotal.com/reference) in `VTOT_API2_KEY` -* scanning files with [**Yara**](https://github.com/VirusTotal/yara); to enable this method, select **ZEEK_FILE_SCAN_YARA** when specifying scanners for Zeek-carved files -* scanning portable executable (PE) files with [**Capa**](https://github.com/fireeye/capa); to enable this method, select **ZEEK_FILE_SCAN_CAPA** when specifying scanners for Zeek-carved files - -Files which are flagged as potentially malicious will be logged as Zeek `signatures.log` entries, and can be viewed in the **Signatures** dashboard in [OpenSearch Dashboards](https://github.com/idaholab/Malcolm#DashboardsVisualizations) when forwarded to Malcolm. - -![File quarantine](./docs/images/file_quarantine.png) - -Finally, you will be presented with the list of configuration variables that will be used for capture, including the values which you have configured up to this point in this section. Upon choosing **OK** these values will be written back out to the sensor configuration file located at `/opt/sensor/sensor_ctl/control_vars.conf`. It is not recommended that you edit this file manually. After confirming these values, you will be presented with a confirmation that these settings have been written to the configuration file, and you will be returned to the welcome screen. - -### Forwarding - -Select **Configure Forwarding** to set up forwarding logs and statistics from the sensor to an aggregator server, such as [Malcolm](https://github.com/idaholab/Malcolm). - -![Configure forwarders](./docs/images/forwarder_config.png) - -There are five forwarder services used on the sensor, each for forwarding a different type of log or sensor metric. - -### capture: Arkime session forwarding - -[capture](https://github.com/arkime/arkime/tree/master/capture) is not only used to capture PCAP files, but also the parse raw traffic into sessions and forward this session metadata to an [OpenSearch](https://opensearch.org/) database so that it can be viewed in [Arkime viewer](https://arkime.com/), whether standalone or as part of a [Malcolm](https://github.com/idaholab/Malcolm) instance. If you're using Hedgehog Linux with Malcolm, please read [Correlating Zeek logs and Arkime sessions](https://github.com/idaholab/Malcolm#ZeekArkimeFlowCorrelation) in the Malcolm documentation for more information. - -First, select the OpenSearch connection transport protocol, either **HTTPS** or **HTTP**. If the metrics are being forwarded to Malcolm, select **HTTPS** to encrypt messages from the sensor to the aggregator using TLS v1.2 using ECDHE-RSA-AES128-GCM-SHA256. If **HTTPS** is chosen, you must choose whether to enable SSL certificate verification. If you are using a self-signed certificate (such as the one automatically created during [Malcolm's configuration](https://github.com/idaholab/Malcolm#configure-authentication)), choose **None**. - -![OpenSearch connection protocol](./docs/images/opensearch_connection_protocol.png) ![OpenSearch SSL verification](./docs/images/opensearch_ssl_verification.png) - -Next, enter the **OpenSearch host** IP address (ie., the IP address of the aggregator) and port. These metrics are written to an OpenSearch database using a RESTful API, usually using port 9200. Depending on your network configuration, you may need to open this port in your firewall to allow this connection from the sensor to the aggregator. - -![OpenSearch host and port](./docs/images/arkime-capture-ip-port.png) - -You will be asked to enter authentication credentials for the sensor's connections to the aggregator's OpenSearch API. After you've entered the username and the password, the sensor will attempt a test connection to OpenSearch using the connection information provided. - -![OpenSearch username](./docs/images/opensearch_username.png) ![OpenSearch password](./docs/images/opensearch_password.png) ![Successful OpenSearch connection](./docs/images/opensearch_connection_success.png) - -Finally, you will be shown a dialog for a list of IP addresses used to populate an access control list (ACL) for hosts allowed to connect back to the sensor for retrieving session payloads from its PCAP files for display in Arkime viewer. The list will be prepopulated with the IP address entered a few screens prior to this one. - -![PCAP retrieval ACL](./docs/images/malcolm_arkime_reachback_acl.png) - -Finally, you'll be given the opportunity to review the all of the Arkime `capture` options you've specified. Selecting **OK** will cause the parameters to be saved and you will be returned to the configuration tool's welcome screen. - -![capture settings confirmation](./docs/images/arkime_confirm.png) - -### filebeat: Zeek and Suricata log forwarding - -[Filebeat](https://www.elastic.co/products/beats/filebeat) is used to forward [Zeek](https://www.zeek.org/) and [Suricata](https://suricata.io/) logs to a remote [Logstash](https://www.elastic.co/products/logstash) instance for further enrichment prior to insertion into an [OpenSearch](https://opensearch.org/) database. - -To configure filebeat, first provide the log path (the same path previously configured for log file generation). - -![Configure filebeat for log forwarding](./docs/images/filebeat_log_path.png) - -You must also provide the IP address of the Logstash instance to which the logs are to be forwarded, and the port on which Logstash is listening. These logs are forwarded using the Beats protocol, generally over port 5044. Depending on your network configuration, you may need to open this port in your firewall to allow this connection from the sensor to the aggregator. - -![Configure filebeat for log forwrading](./docs/images/filebeat_ip_port.png) - -Next you are asked whether the connection used for log forwarding should be done **unencrypted** or over **SSL**. Unencrypted communication requires less processing overhead and is simpler to configure, but the contents of the logs may be visible to anyone who is able to intercept that traffic. - -![Filebeat SSL certificate verification](./docs/images/filebeat_ssl.png) - -If **SSL** is chosen, you must choose whether to enable [SSL certificate verification](https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html). If you are using a self-signed certificate (such as the one automatically created during [Malcolm's configuration](https://github.com/idaholab/Malcolm#configure-authentication), choose **None**. - -![Unencrypted vs. SSL encryption for log forwarding](./docs/images/filebeat_ssl_verify.png) - -The last step for SSL-encrypted log forwarding is to specify the SSL certificate authority, certificate, and key files. These files must match those used by the Logstash instance receiving the logs on the aggregator. If Malcolm's `auth_setup` script was used to generate these files they would be found in the `filebeat/certs/` subdirectory of the Malcolm installation and must be manually copied to the sensor (stored under `/opt/sensor/sensor_ctl/logstash-client-certificates` or in any other path accessible to the sensor account). Specify the location of the certificate authorities file (eg., `ca.crt`), the certificate file (eg., `client.crt`), and the key file (eg., `client.key`). - -![SSL certificate files](./docs/images/filebeat_certs.png) - -The Logstash instance receiving the events must be similarly configured with matching SSL certificate and key files. Under Malcolm, the `BEATS_SSL` variable must be set to `true` in Malcolm's `docker-compose.yml` file and the SSL files must exist in the `logstash/certs/` subdirectory of the Malcolm installation. - -Once you have specified all of the filebeat parameters, you will be presented with a summary of the settings related to the forwarding of these logs. Selecting **OK** will cause the parameters to be written to filebeat's configuration keystore under `/opt/sensor/sensor_ctl/logstash-client-certificates` and you will be returned to the configuration tool's welcome screen. - -![Confirm filebeat settings](./docs/images/filebeat_confirm.png) - -### miscbeat: System metrics forwarding - -The sensor uses [Fluent Bit](https://fluentbit.io/) to gather miscellaneous system resource metrics (CPU, network I/O, disk I/O, memory utilization, temperature, etc.) and the [Beats](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html) protocol to forward these metrics to a remote [Logstash](https://www.elastic.co/products/logstash) instance for further enrichment prior to insertion into an [OpenSearch](https://opensearch.org/) database. Metrics categories can be enabled/disabled as described in the [autostart services](#ConfigAutostart) section of this document. - -This forwarder's configuration is almost identical to that of [filebeat](#filebeat) in the previous section. Select `miscbeat` from the forwarding configuration mode options and follow the same steps outlined above to set up this forwarder. - -### Autostart services - -Once the forwarders have been configured, the final step is to **Configure Autostart Services**. Choose this option from the configuration mode menu after the welcome screen of the sensor configuration tool. - -Despite configuring capture and/or forwarder services as described in previous sections, only services enabled in the autostart configuration will run when the sensor starts up. The available autostart processes are as follows (recommended services are in **bold text**): - -* **AUTOSTART_ARKIME** - [capture](#arkime-capture) PCAP engine for traffic capture, as well as traffic parsing and metadata insertion into OpenSearch for viewing in [Arkime](https://arkime.com/). If you are using Hedgehog Linux along with [Malcolm](https://github.com/idaholab/Malcolm) or another Arkime installation, this is probably the packet capture engine you want to use. -* **AUTOSTART_CLAMAV_UPDATES** - Virus database update service for ClamAV (requires sensor to be connected to the internet) -* **AUTOSTART_FILEBEAT** - [filebeat](#filebeat) Zeek and Suricata log forwarder -* **AUTOSTART_FLUENTBIT_AIDE** - [Fluent Bit](https://fluentbit.io/) agent [monitoring](https://docs.fluentbit.io/manual/pipeline/inputs/exec) [AIDE](https://aide.github.io/) file system integrity checks -* **AUTOSTART_FLUENTBIT_AUDITLOG** - [Fluent Bit](https://fluentbit.io/) agent [monitoring](https://docs.fluentbit.io/manual/pipeline/inputs/tail) [auditd](https://man7.org/linux/man-pages/man8/auditd.8.html) logs -* *AUTOSTART_FLUENTBIT_KMSG* - [Fluent Bit](https://fluentbit.io/) agent [monitoring](https://docs.fluentbit.io/manual/pipeline/inputs/kernel-logs) the Linux kernel log buffer (these are generally reflected in syslog as well, which may make this agent redundant) -* **AUTOSTART_FLUENTBIT_METRICS** - [Fluent Bit](https://fluentbit.io/) agent for collecting [various](https://docs.fluentbit.io/manual/pipeline/inputs) system resource and performance metrics -* **AUTOSTART_FLUENTBIT_SYSLOG** - [Fluent Bit](https://fluentbit.io/) agent [monitoring](https://docs.fluentbit.io/manual/pipeline/inputs/syslog) Linux syslog messages -* **AUTOSTART_FLUENTBIT_THERMAL** - [Fluent Bit](https://fluentbit.io/) agent [monitoring](https://docs.fluentbit.io/manual/pipeline/inputs/thermal) system temperatures -* **AUTOSTART_MISCBEAT** - [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html) forwarder which sends system metrics collected by [Fluent Bit](https://fluentbit.io/) to a remote Logstash instance (e.g., [Malcolm](https://github.com/idaholab/Malcolm)'s) -* *AUTOSTART_NETSNIFF* - [netsniff-ng](http://netsniff-ng.org/) PCAP engine for saving packet capture (PCAP) files -* **AUTOSTART_PRUNE_PCAP** - storage space monitor to ensure that PCAP files do not consume more than 90% of the total size of the storage volume to which PCAP files are written -* **AUTOSTART_PRUNE_ZEEK** - storage space monitor to ensure that Zeek logs do not consume more than 90% of the total size of the storage volume to which Zeek logs are written -* **AUTOSTART_SURICATA** - [Suricata](https://suricata.io/) traffic analysis engine -* **AUTOSTART_SURICATA_UPDATES** - Rule update service for Suricata (requires sensor to be connected to the internet) -* *AUTOSTART_TCPDUMP* - [tcpdump](https://www.tcpdump.org/) PCAP engine for saving packet capture (PCAP) files -* **AUTOSTART_ZEEK** - [Zeek](https://www.zeek.org/) traffic analysis engine - -Note that only one packet capture engine ([capture](https://arkime.com/), [netsniff-ng](http://netsniff-ng.org/), or [tcpdump](https://www.tcpdump.org/)) can be used. - -![Autostart services](./docs/images/autostarts.png) - -Once you have selected the autostart services, you will be prompted to confirm your selections. Doing so will cause these values to be written back out to the `/opt/sensor/sensor_ctl/control_vars.conf` configuration file. - -![Autostart services confirmation](./docs/images/autostarts_confirm.png) - -After you have completed configuring the sensor it is recommended that you reboot the sensor to ensure all new settings take effect. If rebooting is not an option, you may click the **Restart Sensor Services** menu icon in the top menu bar, or open a terminal and run: - -``` -/opt/sensor/sensor_ctl/shutdown && sleep 10 && /opt/sensor/sensor_ctl/supervisor.sh -``` - -This will cause the sensor services controller to stop, wait a few seconds, and restart. You can check the status of the sensor's processes by choosing **Sensor Status** from the sensor's kiosk mode, clicking the **Sensor Service Status** toolbar icon, or running `/opt/sensor/sensor_ctl/status` from the command line: - -``` -$ /opt/sensor/sensor_ctl/status -arkime:arkime-capture RUNNING pid 6455, uptime 0:03:17 -arkime:arkime-viewer RUNNING pid 6456, uptime 0:03:17 -beats:filebeat RUNNING pid 6457, uptime 0:03:17 -beats:miscbeat RUNNING pid 6458, uptime 0:03:17 -clamav:clamav-service RUNNING pid 6459, uptime 0:03:17 -clamav:clamav-updates RUNNING pid 6461, uptime 0:03:17 -fluentbit-auditlog RUNNING pid 6463, uptime 0:03:17 -fluentbit-kmsg STOPPED Not started -fluentbit-metrics:cpu RUNNING pid 6466, uptime 0:03:17 -fluentbit-metrics:df RUNNING pid 6471, uptime 0:03:17 -fluentbit-metrics:disk RUNNING pid 6468, uptime 0:03:17 -fluentbit-metrics:mem RUNNING pid 6472, uptime 0:03:17 -fluentbit-metrics:mem_p RUNNING pid 6473, uptime 0:03:17 -fluentbit-metrics:netif RUNNING pid 6474, uptime 0:03:17 -fluentbit-syslog RUNNING pid 6478, uptime 0:03:17 -fluentbit-thermal RUNNING pid 6480, uptime 0:03:17 -netsniff:netsniff-enp1s0 STOPPED Not started -prune:prune-pcap RUNNING pid 6484, uptime 0:03:17 -prune:prune-zeek RUNNING pid 6486, uptime 0:03:17 -supercronic RUNNING pid 6490, uptime 0:03:17 -suricata RUNNING pid 6501, uptime 0:03:17 -tcpdump:tcpdump-enp1s0 STOPPED Not started -zeek:capa RUNNING pid 6553, uptime 0:03:17 -zeek:clamav RUNNING pid 6512, uptime 0:03:17 -zeek:logger RUNNING pid 6554, uptime 0:03:17 -zeek:virustotal STOPPED Not started -zeek:watcher RUNNING pid 6510, uptime 0:03:17 -zeek:yara RUNNING pid 6548, uptime 0:03:17 -zeek:zeekctl RUNNING pid 6502, uptime 0:03:17 -``` - -### Zeek Intelligence Framework - -To quote Zeek's [Intelligence Framework](https://docs.zeek.org/en/master/frameworks/intel.html) documentation, "The goals of Zeek’s Intelligence Framework are to consume intelligence data, make it available for matching, and provide infrastructure to improve performance and memory utilization. Data in the Intelligence Framework is an atomic piece of intelligence such as an IP address or an e-mail address. This atomic data will be packed with metadata such as a freeform source field, a freeform descriptive field, and a URL which might lead to more information about the specific item." Zeek [intelligence](https://docs.zeek.org/en/master/scripts/base/frameworks/intel/main.zeek.html) [indicator types](https://docs.zeek.org/en/master/scripts/base/frameworks/intel/main.zeek.html#type-Intel::Type) include IP addresses, URLs, file names, hashes, email addresses, and more. - -Hedgehog Linux doesn't come bundled with intelligence files from any particular feed, but they can be easily included into your local instance. Before Zeek starts, Hedgehog Linux configures it such that intelligence files will be automatically included in its local policy. Subdirectories under `/opt/sensor/sensor_ctl/zeek/intel` which contain their own `__load__.zeek` file will be `@load`-ed as-is, while subdirectories containing "loose" intelligence files will be [loaded](https://docs.zeek.org/en/master/frameworks/intel.html#loading-intelligence) automatically with a `redef Intel::read_files` directive. - -Note that Hedgehog Linux does not manage updates for these intelligence files. You should use the update mechanism suggested by your feeds' maintainers to keep them up to date. Adding and deleting intelligence files under this directory will take effect upon restarting Zeek. - -# Appendix A - Generating the ISO - -Official downloads of the Hedgehog Linux installer ISO are not provided: however, it can be built easily on an internet-connected Linux host with Vagrant: - -* [Vagrant](https://www.vagrantup.com/) - - [`vagrant-reload`](https://github.com/aidanns/vagrant-reload) plugin - - [`vagrant-sshfs`](https://github.com/dustymabe/vagrant-sshfs) plugin - - [`bento/debian-11`](https://app.vagrantup.com/bento/boxes/debian-11) Vagrant box - -The build should work with either the [VirtualBox](https://www.virtualbox.org/) provider or the [libvirt](https://libvirt.org/) provider: - -* [VirtualBox](https://www.virtualbox.org/) [provider](https://www.vagrantup.com/docs/providers/virtualbox) - - [`vagrant-vbguest`](https://github.com/dotless-de/vagrant-vbguest) plugin -* [libvirt](https://libvirt.org/) - - [`vagrant-libvirt`](https://github.com/vagrant-libvirt/vagrant-libvirt) provider plugin - - [`vagrant-mutate`](https://github.com/sciurus/vagrant-mutate) plugin to convert [`bento/debian-11`](https://app.vagrantup.com/bento/boxes/debian-11) Vagrant box to `libvirt` format - -To perform a clean build the Hedgehog Linux installer ISO, navigate to your local [Malcolm](https://github.com/idaholab/Malcolm/) working copy and run: - -``` -$ ./sensor-iso/build_via_vagrant.sh -f -… -Starting build machine... -Bringing machine 'default' up with 'virtualbox' provider... -… -``` - -Building the ISO may take 90 minutes or more depending on your system. As the build finishes, you will see the following message indicating success: - -``` -… -Finished, created "/sensor-build/hedgehog-6.4.0.iso" -… -``` - -Alternately, if you have forked Malcolm on GitHub, [workflow files](../.github/workflows/) are provided which contain instructions for GitHub to build the docker images and Hedgehog and [Malcolm](https://github.com/idaholab/Malcolm) installer ISOs, specifically [`sensor-iso-build-docker-wrap-push-ghcr.yml`](../.github/workflows/sensor-iso-build-docker-wrap-push-ghcr.yml) for the Hedgehog ISO. The resulting ISO file is wrapped in a Docker image that provides an HTTP server from which the ISO may be downloaded. - -# Appendix B - Configuring SSH access - -SSH access to the sensor's non-privileged sensor account is only available using secure key-based authentication which can be enabled by adding a public SSH key to the **/home/sensor/.ssh/authorized_keys** file as illustrated below: - -``` -sensor@sensor:~$ mkdir -p ~/.ssh - -sensor@sensor:~$ ssh analyst@172.16.10.48 "cat ~/.ssh/id_rsa.pub" >> ~/.ssh/authorized_keys -The authenticity of host '172.16.10.48 (172.16.10.48)' can't be established. -ECDSA key fingerprint is SHA256:... -Are you sure you want to continue connecting (yes/no)? yes -Warning: Permanently added '172.16.10.48' (ECDSA) to the list of known hosts. -analyst@172.16.10.48's password: - -sensor@sensor:~$ cat ~/.ssh/authorized_keys -ssh-rsa AAA...kff analyst@SOC -``` - -SSH access should only be configured when necessary. - -# Appendix C - Troubleshooting - -Should the sensor not function as expected, first try rebooting the device. If the behavior continues, here are a few things that may help you diagnose the problem (items which may require Linux command line use are marked with **†**) - -* Stop / start services – Using the sensor's kiosk mode, attempt a **Services Stop** followed by a **Services Start**, then check **Sensor Status** to see which service(s) may not be running correctly. -* Sensor configuration file – See `/opt/sensor/sensor_ctl/control_vars.conf` for sensor service settings. It is not recommended to manually edit this file unless you are sure of what you are doing. -* Sensor control scripts – There are scripts under ``/opt/sensor/sensor_ctl/`` to control sensor services (eg., `shutdown`, `start`, `status`, `stop`, etc.) -* Sensor debug logs – Log files under `/opt/sensor/sensor_ctl/log/` may contain clues to processes that are not working correctly. If you can determine which service is failing, you can attempt to reconfigure it using the instructions in the Configure Capture and Forwarding section of this document. -* `sensorwatch` script – Running `sensorwatch` on the command line will display the most recently modified PCAP and Zeek log files in their respective directories, how much storage space they are consuming, and the amount of used/free space on the volumes containing those files. - -# Appendix D - Hardening - -Hedgehog Linux uses the [harbian-audit](https://github.com/hardenedlinux/harbian-audit) benchmarks which target the following guidelines for establishing a secure configuration posture: - -* [CIS Debian Linux 9/10 Benchmark](https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/) -* [DISA STIG (Security Technical Implementation Guides) for RHEL 7](https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/) v2r5 Ubuntu v1r2 [adapted](https://github.com/hardenedlinux/STIG-OS-mirror/blob/master/redhat-STIG-DOCs/U_Red_Hat_Enterprise_Linux_7_V2R5_STIG.zip) for a Debian operating system -* Additional recommendations from [cisecurity.org](https://www.cisecurity.org/) - -## Compliance Exceptions - -[Currently](https://github.com/hardenedlinux/harbian-audit/tree/master/bin/hardening) there are 274 checks to determine compliance with the [harbian-audit](https://github.com/hardenedlinux/harbian-audit) benchmark. - -Hedgehog Linux claims exceptions from the recommendations in this benchmark in the following categories: - -**1.1 Install Updates, Patches and Additional Security Software** - When the the Malcolm aggregator appliance software is built, all of the latest applicable security patches and updates are included in it. How future updates are to be handled is still in design. - -**1.3 Enable verify the signature of local packages** - As the base distribution is not using embedded signatures, `debsig-verify` would reject all packages (see comment in `/etc/dpkg/dpkg.cfg`). Enabling it after installation would disallow any future updates. - -**2.14 Add nodev option to /run/shm Partition**, **2.15 Add nosuid Option to /run/shm Partition**, **2.16 Add noexec Option to /run/shm Partition** - Hedgehog Linux does not mount `/run/shm` as a separate partition, so these recommendations do not apply. - -**2.19 Disable Mounting of freevxfs Filesystems**, **2.20 Disable Mounting of jffs2 Filesystems**, **2.21 Disable Mounting of hfs Filesystems**, **2.22 Disable Mounting of hfsplus Filesystems**, **2.23 Disable Mounting of squashfs Filesystems**, **2.24 Disable Mounting of udf Filesystems** - Hedgehog Linux is not compiling a custom Linux kernel, so these filesystems are inherently supported as they are part Debian Linux's default kernel. - -**3.3 Set Boot Loader Password** - As maximizing availability is a system requirement, Malcolm should restart automatically without user intervention to ensured uninterrupted service. A boot loader password is not enabled. - -**4.8 Disable USB Devices** - The ability to ingest data (such as PCAP files) from a mounted USB mass storage device is a requirement of the system. - -**6.1 Ensure the X Window system is not installed**, **6.2 Ensure Avahi Server is not enabled**, **6.3 Ensure print server is not enabled** - An X Windows session is provided for displaying dashboards. The library packages `libavahi-common-data`, `libavahi-common3`, and `libcups2` are dependencies of some of the X components used by Hedgehog Linux, but the `avahi` and `cups` services themselves are disabled. - -**6.17 Ensure virus scan Server is enabled**, **6.18 Ensure virus scan Server update is enabled** - As this is a network traffic analysis appliance rather than an end-user device, regular user files will not be created. A virus scan program would impact device performance and would be unnecessary. - -**7.1.1 Disable IP Forwarding**, **7.2.4 Log Suspicious Packets**, **7.2.7 Enable RFC-recommended Source Route Validation**, **7.4.1 Install TCP Wrappers** - As Malcolm may operate as a network traffic capture appliance sniffing packets on a network interface configured in promiscuous mode, these recommendations do not apply. - -**8.1.1.2 Disable System on Audit Log Full**, **8.1.1.3 Keep All Auditing Information**, **8.1.1.5 Ensure set remote_server for audit service**, **8.1.1.6 Ensure enable_krb5 set to yes for remote audit service**, **8.1.1.7 Ensure set action for audit storage volume is fulled**, **8.1.1.8 Ensure set action for network failure on remote audit service**, **8.1.1.9 Set space left for auditd service**, a few other audit-related items under section **8.1**, **8.2.4 Configure rsyslog to Send Logs to a Remote Log Host** - As maximizing availability is a system requirement, audit processing failures will be logged on the device rather than halting the system. `auditd` is set up to syslog when its local storage capacity is reached. - -**8.4.2 Implement Periodic Execution of File Integrity** - This functionality is not configured by default, but it can be configured post-install by the end user. - -Password-related recommendations under **9.2** and **10.1** - The library package `libpam-pwquality` is used in favor of `libpam-cracklib` which is what the [compliance scripts](https://github.com/hardenedlinux/harbian-audit/tree/master/bin/hardening) are looking for. Also, as an appliance running Malcolm is intended to be used as an appliance rather than a general user-facing software platform, some exceptions to password enforcement policies are claimed. - -**9.3.13 Limit Access via SSH** - Hedgehog Linux does not create multiple regular user accounts: only `root` and a sensor service account are used. SSH access for `root` is disabled. SSH login with a password is also disallowed: only key-based authentication is accepted. The service account accepts no keys by default. As such, the `AllowUsers`, `AllowGroups`, `DenyUsers`, and `DenyGroups` values in `sshd_config` do not apply. - -**9.4 Restrict Access to the su Command** - Hedgehog Linux does not create multiple regular user accounts: only `root` and a sensor service account are used. - -**10.1.6 Remove nopasswd option from the sudoers configuration** - A very limited set of operations (a single script used to run the AIDE integrity check as a non-root user) has the NOPASSWD option set to allow it to be run in the background without user intervention. - -**10.1.10 Set maxlogins for all accounts** and **10.5 Set Timeout on ttys** - Hedgehog Linux does not create multiple regular user accounts: only `root` and a sensor service account are used. - -**12.10 Find SUID System Executables**, **12.11 Find SGID System Executables** - The few files found by [these](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/12.10_find_suid_files.sh) [scripts](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/12.11_find_sgid_files.sh) are valid exceptions required by Hedgehog Linux's core requirements. - -**14.1 Defense for NAT Slipstreaming** - As Malcolm may operate as a network traffic capture appliance sniffing packets on a network interface configured in promiscuous mode, this recommendation does not apply. - -Please review the notes for these additional guidelines. While not claiming an exception, Hedgehog Linux may implement them in a manner different than is described by the [CIS Debian Linux 9/10 Benchmark](https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/) or the [hardenedlinux/harbian-audit](https://github.com/hardenedlinux/harbian-audit) audit scripts. - -**4.1 Restrict Core Dumps** - Hedgehog Linux disables core dumps using a configuration file for `ulimit` named `/etc/security/limits.d/limits.conf`. The [audit script](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/4.1_restrict_core_dumps.sh) checking for this does not check the `limits.d` subdirectory, which is why this is incorrectly flagged as noncompliant. - -**5.4 Ensure ctrl-alt-del is disabled** - Hedgehog Linux disables the `ctrl+alt+delete` key sequence by executing `systemctl disable ctrl-alt-del.target` during installation and the command `systemctl mask ctrl-alt-del.target` at boot time. - -**7.4.4 Create /etc/hosts.deny**, **7.7.1 Ensure Firewall is active**, **7.7.4.1 Ensure default deny firewall policy**, **7.7.4.2 Ensure loopback traffic is configured**, **7.7.4.3 Ensure default deny firewall policy**, **7.7.4.4 Ensure outbound and established connections are configured** - Hedgehog Linux **is** configured with an appropriately locked-down software firewall (managed by "Uncomplicated Firewall" `ufw`). However, the methods outlined in the CIS benchmark recommendations do not account for this configuration. - -**8.6 Verifies integrity all packages** - The [script](https://github.com/hardenedlinux/harbian-audit/blob/master/bin/hardening/8.7_verify_integrity_packages.sh) which verifies package integrity only "fails" because of missing (status `??5??????` displayed by the utility) language ("locale") files, which are removed as part of Hedgehog Linux's trimming-down process. All non-locale-related system files pass intergrity checks. - -# Appendix E - Upgrades - -At this time there is not an "official" upgrade procedure to get from one release of Hedgehog Linux to the next. Upgrading the underlying operating system packages is generally straightforward, but not all of the Hedgehog Linux components are packaged into .deb archives yet as they should be, so for now it's a manual (and kind of nasty) process to Frankenstein an upgrade into existance. The author of this project intends to remedy this at some future point when time and resources allow. - -If possible, it would save you **a lot** of trouble to just [re-ISO](#Installation) your Hedgehog installation and start fresh, backing up the files (in `/opt/sensor/sensor_ctl`) first and reconfiguring or restoring them as needed afterwards. - -However, if reinstalling the system is not an option, here is the basic process for doing a manual upgrade of Hedgehog Linux. It should be understood that this process is very likely to break your system, and there is **no** guarantee of any kind that any of this will work, or that these instructions are even complete or any support whatsoever regarding them. Really, it will be **much** easier if you re-ISO your installation. But for the brave among you, here you go. ⛔🆘😭💀 - -## Prerequisites - -* A good understanding of the Linux command line -* An existing installation of Hedgehog Linux **with internet access** -* A copy of the Hedgehog Linux [ISO](#ISOBuild) for the version approximating the one you're upgrading to (i.e., the latest version), **and** - - Either a separate VM with that ISO installed **OR** - - A separate Linux workstation where you can manually mount that ISO to pull stuff off of it - -## Upgrade - -1. Obtain a root shell - - `su -` - -2. Temporarily set the umask value to Debian default instead of the more restrictive Hedgehog Linux default. This will allow updates to be applied with the right permissions. - - `umask 0022` - -3. Create backups of some files - - `cp /etc/apt/sources.list /etc/apt/sources.list.bak` - -4. Set up alternate package sources, if needed - - In an offline/airgapped scenario, you could use [apt-mirror](https://apt-mirror.github.io) to mirror Debian repos and [bandersnatch](https://github.com/pypa/bandersnatch/) to mirror PyPI sources, or [combine them](https://github.com/mmguero/espejo) with Docker. If you were to do this, you'd probably want to make the following changes (and **revert them after the upgrade**): - + create `/etc/apt/apt.conf.d/80ssl-exceptions` to ignore self-signed certificate warnings from using your apt-mirror -``` -Acquire::https { - Verify-Peer "false"; - Verify-Host "false"; -} -``` - - + modify `/etc/apt/source.list` to point to your apt-mirror: - -``` -deb https://XXXXXX:443/debian buster main contrib non-free -deb https://XXXXXX:443/debian-security buster/updates main contrib non-free -deb https://XXXXXX:443/debian buster-updates main contrib non-free -deb https://XXXXXX:443/debian buster-backports main contrib non-free -``` - -5. Update underlying system packages with `apt-get` - - `apt-get update && apt-get dist-upgrade` - -6. If there were [new system deb packages added](https://github.com/idaholab/Malcolm/tree/main/sensor-iso/config/package-lists) to this release of Hedgehog Linux (you might have to [manually compare](https://github.com/idaholab/Malcolm/commits/main/sensor-iso/config/package-lists) on GitHub), install them. If you're not sure, of course, you could just install everything, like this (although you may have to tweak some version numbers or something if the base distribution of your Hedgehog branch is different than `main`; in this example I'm not jumping between Debian releases, just upgrading within a release): -``` -$ for LIST in apps desktopmanager net system; do curl -L -J -O https://raw.github.com/idaholab/Malcolm/main/sensor-iso/config/package-lists/$LIST.list.chroot; done -... -$ apt-get install $(cat *.list.chroot) -``` - -7. Update underlying python packages with `python3 -m pip` - * `apt-get install -y build-essential git-core pkg-config python3-dev` - * `python3 -m pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1 | xargs -r -n1 python3 -m pip install -U` - - if this fails for some reason, you may need to reinstall pip first with `python3 -m pip install --force -U pip` - - some *very* old builds of Hedgehog Linux had separate Python 3.5 and 3.7 installations: in this case, you'd need to do this for both `python3 -m pip` and `python3.7 -m pip` (or whatever `python3.x` you have) - * If there were [new python packages](https://raw.githubusercontent.com/idaholab/Malcolm/master/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot) added to this release of Hedgehog Linux (you might have to [manually compare](https://github.com/idaholab/Malcolm/blame/main/sensor-iso/config/hooks/normal/0169-pip-installs.hook.chroot) on GitHub), install them. If you are using a PyPI mirror, replace `XXXXXX` here with your mirror's IP. The `colorama` package is used here as an example, your package list might vary. - - `python3 -m pip install --no-compile --no-cache-dir --force-reinstall --upgrade --index-url=https://XXXXXX:443/pypi/simple --trusted-host=XXXXXX:443 colorama` - -8. Okay, **now** things start to get a little bit ugly. You're going to need access to the ISO of the release of Hedgehog Linux you're upgrading to, as we're going to grab some packages off of it. On another Linux system, [build it](#ISOBuild). - -9. Use a disk image mounter to mount the ISO, **or** if you want to just install the ISO in a VM and grab the files we need off of it, that's fine too. But I'll go through the example as if I've mounted the ISO. - -10. Navigate to the `/live/` directory, and mount the `filesystem.squashfs` file - - `sudo mount filesystem.squashfs /media/squash -t squashfs -o loop` - - **OR** - - `squashfuse filesystem.squashfs /home/user/media/squash` - -11. Very recent builds of Hedgehog Linux keep some build artifacts in `/opt/hedgehog_install_artifacts/`. You're going to want to grab those files and throw them in a temporary directory on the system you're upgrading, via SSH or whatever means you devise. -``` -root@hedgehog:/tmp# scp -r user@otherbox:/media/squash/opt/hedgehog_install_artifacts/ ./ -user@otherbox's password: -filebeat-tweaked-7.6.2-amd64.deb 100% 13MB 65.9MB/s 00:00 -arkime_2.2.3-1_amd64.deb 100% 113MB 32.2MB/s 00:03 -netsniff-ng_0.6.6-1_amd64.deb 100% 330KB 52.1MB/s 00:00 -zeek_3.0.20-1_amd64.deb 100% 26MB 63.1MB/s 00:00 -``` - -12. Blow away the old `zeek` package, we're going to start clean with that one particularly. The others should be fine to upgrade in place. -``` -root@hedgehog:/opt# apt-get --purge remove zeek -Reading package lists... Done -Building dependency tree -Reading state information... Done -The following packages will be REMOVED: - zeek* -0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. -After this operation, 160 MB disk space will be freed. -Do you want to continue? [Y/n] y -(Reading database ... 118490 files and directories currently installed.) -Removing zeek (3.0.20-1) ... -dpkg: warning: while removing zeek, directory '/opt/zeek/spool' not empty so not removed -dpkg: warning: while removing zeek, directory '/opt/zeek/share/zeek/site' not empty so not removed -dpkg: warning: while removing zeek, directory '/opt/zeek/lib' not empty so not removed -dpkg: warning: while removing zeek, directory '/opt/zeek/bin' not empty so not removed -root@hedgehog:/opt# rm -rf /opt/zeek* -``` - -13. Install the new .deb files. You're going to have some warnings, but that's okay. -``` -root@hedgehog:/tmp# dpkg -i hedgehog_install_artifacts/*.deb -(Reading database ... 118149 files and directories currently installed.) -Preparing to unpack .../filebeat-tweaked-7.6.2-amd64.deb ... -Unpacking filebeat (7.6.2) over (6.8.4) ... -dpkg: warning: unable to delete old directory '/usr/share/filebeat/kibana/6/dashboard': Directory not empty -dpkg: warning: unable to delete old directory '/usr/share/filebeat/kibana/6': Directory not empty -Preparing to unpack .../arkime_2.2.3-1_amd64.deb ... -Unpacking arkime (2.2.3-1) over (2.0.1-1) ... -Preparing to unpack .../netsniff-ng_0.6.6-1_amd64.deb ... -Unpacking netsniff-ng (0.6.6-1) over (0.6.6-1) ... -Preparing to unpack .../zeek_3.0.20-1_amd64.deb ... -Unpacking zeek (3.0.20-1) over (3.0.0-1) ... -Setting up filebeat (7.6.2) ... -Installing new version of [...] -[...] -Setting up arkime (2.2.3-1) ... -READ /opt/arkime/README.txt and RUN /opt/arkime/bin/Configure -Setting up netsniff-ng (0.6.6-1) ... -Setting up zeek (3.0.20-1) ... -Processing triggers for systemd (232-25+deb9u12) ... -Processing triggers for man-db (2.7.6.1-2) ... -``` - -14. Fix anything that might need fixing as far as the deb package requirements go - - `apt-get -f install` - -15. We just installed a Zeek .deb, but the third-part plugins packages and local config weren't part of that package. So we're going to `rsync` those from the other box where we have the ISO and `filesystem.squashfs` mounted as well: -``` -root@hedgehog:/tmp# rsync -a user@otherbox:/media/squash/opt/zeek/ /opt/zeek -user@otherbox's password: - -root@hedgehog:/tmp# ls -l /opt/zeek/share/zeek/site/ -total 52 -lrwxrwxrwx 1 root root 13 May 6 21:52 bzar -> packages/bzar -lrwxrwxrwx 1 root root 22 May 6 21:50 cve-2020-0601 -> packages/cve-2020-0601 --rw-r--r-- 1 root root 2031 Apr 30 16:02 extractor.zeek --rw-r--r-- 1 root root 39134 May 1 14:20 extractor_params.zeek -lrwxrwxrwx 1 root root 14 May 6 21:52 hassh -> packages/hassh -lrwxrwxrwx 1 root root 12 May 6 21:52 ja3 -> packages/ja3 --rw-rw-r-- 1 root root 2005 May 6 21:54 local.zeek -drwxr-xr-x 13 root root 4096 May 6 21:52 packages -lrwxrwxrwx 1 root root 27 May 6 21:52 zeek-EternalSafety -> packages/zeek-EternalSafety -lrwxrwxrwx 1 root root 26 May 6 21:52 zeek-community-id -> packages/zeek-community-id -lrwxrwxrwx 1 root root 27 May 6 21:51 zeek-plugin-bacnet -> packages/zeek-plugin-bacnet -lrwxrwxrwx 1 root root 25 May 6 21:51 zeek-plugin-enip -> packages/zeek-plugin-enip -lrwxrwxrwx 1 root root 29 May 6 21:51 zeek-plugin-profinet -> packages/zeek-plugin-profinet -lrwxrwxrwx 1 root root 27 May 6 21:52 zeek-plugin-s7comm -> packages/zeek-plugin-s7comm -lrwxrwxrwx 1 root root 24 May 6 21:52 zeek-plugin-tds -> packages/zeek-plugin-tds -``` - -16. The `zeekctl` component of zeek doesn't like being run by an unprivileged user unless the whole directory is owned by that user. As Hedgehog Linux runs everything it can as an unprivileged user, we're going to reset zeek to a "clean" state after each reboot. Zeek's config files will get regenerated when Zeek itself is started. So, now make a complete backup of `/opt/zeek` as it's going to have its ownership changed during runtime: -``` -root@hedgehog:/tmp# rsync -a /opt/zeek/ /opt/zeek.orig - -root@hedgehog:/tmp# chown -R sensor:sensor /opt/zeek/* - -root@hedgehog:/tmp# chown -R root:root /opt/zeek.orig/* - -root@hedgehog:/tmp# ls -l /opt/ | grep zeek -drwxr-xr-x 8 root root 4096 May 8 15:48 zeek -drwxr-xr-x 8 root root 4096 May 8 15:48 zeek.orig -``` - -17. Grab other new scripts and stuff from our mount of the ISO using `rsync`: -``` -root@hedgehog:/tmp# rsync -a user@otherbox:/media/squash/usr/local/bin/ /usr/local/bin -user@otherbox's password: - -root@hedgehog:/tmp# ls -l /usr/local/bin/ | tail -lrwxrwxrwx 1 root root 18 May 8 14:34 zeek -> /opt/zeek/bin/zeek --rwxr-xr-x 1 root staff 10349 Oct 29 2019 zeek_carve_logger.py --rwxr-xr-x 1 root staff 10467 Oct 29 2019 zeek_carve_scanner.py --rw-r--r-- 1 root staff 25756 Oct 29 2019 zeek_carve_utils.py --rwxr-xr-x 1 root staff 8787 Oct 29 2019 zeek_carve_watcher.py --rwxr-xr-x 1 root staff 4883 May 4 17:39 zeek_install_plugins.sh - -root@hedgehog:/tmp# rsync -a user@otherbox:/media/squash/opt/yara-rules/ /opt/yara-rules -user@otherbox's password: - -root@hedgehog:/tmp# rsync -a user@otherbox:/media/squash/opt/capa-rules/ /opt/capa-rules -user@otherbox's password: - -root@hedgehog:/tmp# ls -l /opt/ | grep '\-rules' -drwxr-xr-x 8 root root 4096 May 8 15:48 capa-rules -drwxr-xr-x 8 root root 24576 May 8 15:48 yara-rules - -root@hedgehog:/tmp# for BEAT in filebeat; do rsync -a user@otherbox:/media/squash/usr/share/$BEAT/kibana/ /usr/share/$BEAT/kibana; done -user@otherbox's password: -user@otherbox's password: - -root@hedgehog:/tmp# rsync -avP --delete user@otherbox:/media/squash/etc/audit/rules.d/ /etc/audit/rules.d/ -user@otherbox's password: - -root@hedgehog:/tmp# rsync -avP --delete user@otherbox:/media/squash/etc/sudoers.d/ /etc/sudoers.d/ -user@otherbox's password: - -root@hedgehog:/tmp# chmod 400 /etc/sudoers.d/* -``` - -18. Set capabilities and symlinks for network capture programs to be used by the unprivileged user: - -commands: - -``` -chown root:netdev /usr/sbin/netsniff-ng && \ - setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip CAP_SYS_ADMIN+eip' /usr/sbin/netsniff-ng -chown root:netdev /opt/zeek/bin/zeek && \ - setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip' /opt/zeek/bin/zeek -chown root:netdev /sbin/ethtool && \ - setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /sbin/ethtool -chown root:netdev /opt/zeek/bin/capstats && \ - setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /opt/zeek/bin/capstats -chown root:netdev /usr/bin/tcpdump && \ - setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump -chown root:netdev /opt/arkime/bin/capture && \ - setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip' /opt/arkime/bin/capture - -ln -s -f /opt/zeek/bin/zeek /usr/local/bin/ -ln -s -f /usr/sbin/netsniff-ng /usr/local/bin/ -ln -s -f /usr/bin/tcpdump /usr/local/bin/ -ln -s -f /opt/arkime/bin/capture /usr/local/bin/ -ln -s -f /opt/arkime/bin/npm /usr/local/bin -ln -s -f /opt/arkime/bin/node /usr/local/bin -ln -s -f /opt/arkime/bin/npx /usr/local/bin -``` - -example: - -``` -root@hedgehog:/tmp# chown root:netdev /usr/sbin/netsniff-ng && \ -> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip CAP_SYS_ADMIN+eip' /usr/sbin/netsniff-ng -root@hedgehog:/tmp# chown root:netdev /opt/zeek/bin/zeek && \ -> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip' /opt/zeek/bin/zeek -root@hedgehog:/tmp# chown root:netdev /sbin/ethtool && \ -> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /sbin/ethtool -root@hedgehog:/tmp# chown root:netdev /opt/zeek/bin/capstats && \ -> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /opt/zeek/bin/capstats -root@hedgehog:/tmp# chown root:netdev /usr/bin/tcpdump && \ -> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump -root@hedgehog:/tmp# chown root:netdev /opt/arkime/bin/capture && \ -> setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip' /opt/arkime/bin/capture -root@hedgehog:/tmp# ln -s -f /opt/zeek/bin/zeek /usr/local/bin/ -root@hedgehog:/tmp# ln -s -f /usr/sbin/netsniff-ng /usr/local/bin/ -root@hedgehog:/tmp# ln -s -f /usr/bin/tcpdump /usr/local/bin/ -root@hedgehog:/tmp# ln -s -f /opt/arkime/bin/capture /usr/local/bin/ -root@hedgehog:/tmp# ln -s -f /opt/arkime/bin/npm /usr/local/bin -root@hedgehog:/tmp# ln -s -f /opt/arkime/bin/node /usr/local/bin -root@hedgehog:/tmp# ln -s -f /opt/arkime/bin/npx /usr/local/bin -``` - -19. Back up unprivileged user sensor-specific config and scripts: - - `mv /opt/sensor/ /opt/sensor_upgrade_backup_$(date +%Y-%m-%d)` - -20. Grab unprivileged user sensor-specific config and scripts from our mount of the ISO using `rsync` and change its ownership to the unprivileged user: -``` -root@hedgehog:/tmp# rsync -av user@otherbox:/media/squash/opt/sensor /opt/ -user@otherbox's password: -receiving incremental file list -created directory ./opt -sensor/ -[...] - -sent 1,244 bytes received 1,646,409 bytes 470,758.00 bytes/sec -total size is 1,641,629 speedup is 1.00 - -root@hedgehog:/tmp# chown -R sensor:sensor /opt/sensor* - -root@hedgehog:/tmp# ls -l /opt/ | grep sensor -drwxr-xr-x 4 sensor sensor 4096 May 6 22:00 sensor -drwxr-x--- 4 sensor sensor 4096 May 8 14:33 sensor_upgrade_backup_2020-05-08 -``` - -21. Leave the root shell and `cd` to `/opt` -``` -root@hedgehog:~# exit -logout - -sensor@hedgehog:~$ whoami -sensor - -sensor@hedgehog:~$ cd /opt -``` - -22. Compare the old and new `control_vars.conf` files -``` -sensor@hedgehog:opt$ diff sensor_upgrade_backup_2020-05-08/sensor_ctl/control_vars.conf sensor/sensor_ctl/control_vars.conf -1,2c1,2 -< export CAPTURE_INTERFACE=enp0s3 -< export CAPTURE_FILTER="not port 5044 and not port 5601 and not port 8005 and not port 9200 and not port 9600" ---- -> export CAPTURE_INTERFACE=xxxx -> export CAPTURE_FILTER="" -4c4 -[...] -``` - -Examine the differences. If there aren't any new `export` variables, then you're probably safe to just replace the default version of `control_vars.conf` with the backed-up version: - -``` -sensor@hedgehog:opt$ cp sensor_upgrade_backup_2020-05-08/sensor_ctl/control_vars.conf sensor/sensor_ctl/control_vars.conf -cp: overwrite 'sensor/sensor_ctl/control_vars.conf'? y -``` - -If there are major differences or new variables, continue on to the next step, in a minute you'll need to run `capture-config` to configure from scratch anyway. - -23. Restore certificates/keystores for forwarders from the backup `sensor_ctl` path to the new one -``` -sensor@hedgehog:opt$ for BEAT in filebeat miscbeat; do cp /opt/sensor_upgrade_backup_2020-05-08/sensor_ctl/$BEAT/data/* /opt/sensor/sensor_ctl/$BEAT/data/; done - -sensor@hedgehog:opt$ cp /opt/sensor_upgrade_backup_2020-05-07/sensor_ctl/filebeat/{ca.crt,client.crt,client.key} /opt/sensor/sensor_ctl/logstash-client-certificates/ -``` - -24. Despite what we just did, you may consider running `capture-config` to re-configure [capture, forwarding, and autostart services](#ConfigUser) from scratch anyway. You can use the backed-up version of `control_vars.conf` to refer back to as a basis for things you might want to restore (e.g., `CAPTURE_INTERFACE`, `CAPTURE_FILTER`, `PCAP_PATH`, `ZEEK_LOG_PATH`, your autostart settings, etc.). - -25. Once you feel confident you've completed all of these steps, issue a reboot on the Hedgehog - -## Post-upgrade - -Once the Hedgehog has come back up, check to make sure everything is working: - -* `/opt/sensor/sensor_ctl/status` should return `RUNNING` for the things you set to autorun (no `FATAL` errors) -* `sensorwatch` should show current writes to Zeek log files and PCAP files (depending on your configuration) -* `tail -f /opt/sensor/sensor_ctl/log/*` should show no egregious errors -* `zeek --version`, `zeek -N local` and `capture --version` ought to run and print out version information as expected -* if you are forwarding to a [Malcolm](https://github.com/idaholab/Malcolm) aggregator, you should start seeing data momentarily - -# Copyright - -Hedgehog Linux - part of [Malcolm](https://github.com/idaholab/Malcolm) - is Copyright 2022 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security. - -See [`License.txt`](https://raw.githubusercontent.com/idaholab/Malcolm/main/License.txt) for the terms of its release. - -### Contact information of author(s): - -[malcolm@inl.gov](mailto:malcolm@inl.gov?subject=Network%20sensor%20development) diff --git a/sensor-iso/doc.css b/sensor-iso/doc.css deleted file mode 100644 index cfef2a644..000000000 --- a/sensor-iso/doc.css +++ /dev/null @@ -1,324 +0,0 @@ -html { - font-size: 100%; - overflow-y: scroll; - -webkit-text-size-adjust: 100%; - -ms-text-size-adjust: 100%; -} - -body { - color: #444; - font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', serif; - font-size: 12px; - line-height: 1.7; - padding: 1em; - margin: auto; - max-width: 1366px; - background: #fefefe; -} - -a { - color: #0645ad; - text-decoration: none; -} - -a:visited { - color: #0b0080; -} - -a:hover { - color: #06e; -} - -a:active { - color: #faa700; -} - -a:focus { - outline: thin dotted; -} - -*::-moz-selection { - background: rgba(255, 255, 0, 0.3); - color: #000; -} - -*::selection { - background: rgba(255, 255, 0, 0.3); - color: #000; -} - -a::-moz-selection { - background: rgba(255, 255, 0, 0.3); - color: #0645ad; -} - -a::selection { - background: rgba(255, 255, 0, 0.3); - color: #0645ad; -} - -p { - margin: 1em 0; -} - -img { - max-width: 100%; -} - -h1, h2, h3, h4, h5, h6 { - color: #111; - line-height: 125%; - margin-top: 2em; - font-weight: normal; -} - -h4, h5, h6 { - font-weight: bold; -} - -h1 { - font-size: 2.5em; -} - -h2 { - font-size: 2em; -} - -h3 { - font-size: 1.5em; -} - -h4 { - font-size: 1.2em; -} - -h5 { - font-size: 1em; -} - -h6 { - font-size: 0.9em; -} - -blockquote { - color: #666666; - margin: 0; - padding-left: 3em; - border-left: 0.5em #EEE solid; -} - -hr { - display: block; - height: 2px; - border: 0; - border-top: 1px solid #aaa; - border-bottom: 1px solid #eee; - margin: 1em 0; - padding: 0; -} - -pre, code, kbd, samp { - color: #000; - font-family: monospace, monospace; - _font-family: 'courier new', monospace; - font-size: 0.98em; -} - -pre { - white-space: pre; - white-space: pre-wrap; - word-wrap: break-word; -} - -b, strong { - font-weight: bold; -} - -dfn { - font-style: italic; -} - -ins { - background: #ff9; - color: #000; - text-decoration: none; -} - -mark { - background: #ff0; - color: #000; - font-style: italic; - font-weight: bold; -} - -sub, sup { - font-size: 75%; - line-height: 0; - position: relative; - vertical-align: baseline; -} - -sup { - top: -0.5em; -} - -sub { - bottom: -0.25em; -} - -ul, ol { - margin: 1em 0; - padding: 0 0 0 2em; -} - -li p:last-child { - margin-bottom: 0; -} - -ul ul, ol ol { - margin: .3em 0; -} - -dl { - margin-bottom: 1em; -} - -dt { - font-weight: bold; - margin-bottom: .8em; -} - -dd { - margin: 0 0 .8em 2em; -} - -dd:last-child { - margin-bottom: 0; -} - -img { - border: 0; - -ms-interpolation-mode: bicubic; - vertical-align: middle; -} - -figure { - display: block; - text-align: center; - margin: 1em 0; -} - -figure img { - border: none; - margin: 0 auto; -} - -p.caption, figcaption { - font-size: 0.8em; - font-style: italic; - margin: 0 0 .8em; -} - -table { - margin-bottom: 2em; - border-bottom: 1px solid #ddd; - border-right: 1px solid #ddd; - border-spacing: 0; - border-collapse: collapse; -} - -table th { - padding: .2em 1em; - background-color: #eee; - border-top: 1px solid #ddd; - border-left: 1px solid #ddd; -} - -table td { - padding: .2em 1em; - border-top: 1px solid #ddd; - border-left: 1px solid #ddd; - vertical-align: top; -} - -.author { - font-size: 1.2em; - text-align: center; -} - -@media only screen and (min-width: 480px) { - body { - font-size: 14px; - } -} -@media only screen and (min-width: 768px) { - body { - font-size: 16px; - } -} -@media print { - * { - background: transparent !important; - color: black !important; - filter: none !important; - -ms-filter: none !important; - } - - body { - font-size: 12pt; - max-width: 100%; - } - - a, a:visited { - text-decoration: underline; - } - - hr { - height: 1px; - border: 0; - border-bottom: 1px solid black; - } - - a[href]:after { - content: " (" attr(href) ")"; - } - - abbr[title]:after { - content: " (" attr(title) ")"; - } - - .ir a:after, a[href^="javascript:"]:after, a[href^="#"]:after { - content: ""; - } - - pre, blockquote { - border: 1px solid #999; - padding-right: 1em; - page-break-inside: avoid; - } - - tr, img { - page-break-inside: avoid; - } - - img { - max-width: 100% !important; - } - - @page :left { - margin: 15mm 20mm 15mm 10mm; -} - - @page :right { - margin: 15mm 10mm 15mm 20mm; -} - - p, h2, h3 { - orphans: 3; - widows: 3; - } - - h2, h3 { - page-break-after: avoid; - } -}

    @cf54p-ZEGRFT4V;{@$G-vveD2($7#jGik~Hz61HQ@tbkwG2kxyqW5F=ukah| z=s%Bhe*yE2PZGZ)UM?qJRzn_%BG-nLrMUj$>@Czhs7 za1^Zn(67)*mWFqWw6Dw1;1=~E%aj{!J5_5-@*>%?n0px&q_TyMMv`RdP`+tHGdzq2 zoI`6;9M$BPHWjofNR>F3vrB2rHjyfjF3XO`-gfY5J@9nFNd z*B?wZ)$UNEWj}?LgF;5YAapYeNrSYvsD7tE4+^;Z>-~^psy||!I75#G8kY?i!_#Eh z_&fl>P2_|xwF!abF+Hnz_A!`q<0{xfLlXuGT&6qbC;8{VCh#>y%os`ZpUgy-%0;!y z@VhgQ{VjfO7v*nLm2A3w#sX~YvEuv$d~g^hG+8%_a&cQrM3Z_U-`+jQpxHh3y_y%4 z<~rW7pwFsGSrj2(N}}XgACi)IMA~X^siH8cmK!xr@XL^Cqxv*diOoSGniCAmS?5p; zMCA}O7}a|{Po@)0`%<5H8C(<9r0Hsb+$Cr@qgG~hKiaHo48f#{cMVH7 z{D@)q^IdmtNk9v*q%k%`?Gsvo;LH#mY2Xv?ll^k{i4er`R!237IT+EV@^bga@n2gQ z>1iCdqsEQ51g^h*tqH$ENdh#zlPgDfy~ck5OFrkNy-_Xt%vn3yFtNDZ*8ao2F5%PO z^`d0x;pS*hDMb8iio~a>%Px|zTJA;>db`s_@+taM67Rdsreh^kOwX68|Er$}5i{yS zZ1YIin=2IMc~}0WZDGnwI7*FVC*D!|icGGVnRaGedm#&L;GvKyttN4?PxUXMZck!y zy(1qzq8LsVTITA(ZvE4be*v8;d+XHD@UJll`ZP33tTM0RD8CNn#=ET*x!V;l_wv2x zk2x%YT4Ef44KjedRPXQ>c8h`xM2X?XDFmxP@hq`wJ3tA^RfT6n5V$T zyJ>AA?H^@R?{%*i%t|8ud}@?NT3Vtp#coM3fI5fUB^_92OaWd96m_ZOsrEHr;P0ks zLD8a^YM4727#5sy9lsFX6o?>qu-?&9on0y`w5w*(>LJpx z184Hx%*YbuD&VP*)akIPmk+$)S^8bFsC}A(tem20{UGJ+FM=8EBzgcqj*VsBwaMpc zK=$c*m)XroZK0o9Gu*>vxFe~kn*J@9kFOe*JVfv80uLN;OZ_qWMx1q{O+*CVen%s} zU6AR6J%GUEZ)}P*_HG4vJPT}*0#1J{xkXcgOIVx@<#dycS>ijWi~UwXM+x><^gwm0 zZ}uJosQ&YHg+I=N=>e7^Ux*Xw(Vm@@%Hlo|Z$MmwzVPC{JPwh)*Z$i5{)?80?e10p za$QOLx!a>rfe%2}n1Xc{XTuxkNYj^@3(bcPWq+Ccc9nQeUZd$Hw(^|lhtH%YZ&d+X zDr4WfqCOsj3l%#}qCR?@ngj)i`*2C5gQ>tHZvIAE{kfDhCGZ|Ny1pxR~$6 z%yY_duLrR&HTEP=sja*K3D&{zVS1C1Z)7PNFSL{oyqmX#uVN*D!G%MgS-kew&%{i` zKhL8sw5K^B49oXQg(DaB*5(SfXB*UBcY0m#*4}TPsQ8rGA-)a^!tUV3x(6Hy43kxf z@>%e53?Op>ck2+Is3d?k*knzVoU-@7by;5U51@aFIY-tf?d(~|b%b=kFEme6W09@} zrOhysDWpODFfdt>IH;(Ib@lmS(F3=FM8sQsk+Np%hzbomf zGGtZuGf<%Lm;|&|G?%!l;7G{V%fxY~pJlzmS~7sS>5EG$Y57nFs;vA43)T9vDhK6!wKABF`#15a|`0mB2tauw{$!C|@}qDkkz?KvMuM z?_|bFyL7{59XrimH^RkAU9nt==d}Sl0VyLR(xe=%Uf&_bpbY+yW;aocnF9RaL*3`4 zq!;-uzhV{9<)4%cjgdg3 z>eT4x%&Vt{V9i$?zV9ggwXH-f&6Ly{y?H!8PZGIrSZMn%@u9qeB#=n0j(2z9j+IGw zjj68+4-IKD_Y}pjp=B&aF+szO zf0FLefFd3(+0cu@+nr=^>F*_$qx08O(|6=a^PVlvdQlxo1vQ9IwNA<=?F$D$QMTAVLlK!3G;XXIDsfttFtWdum8c@* zfs(vnZ-B4dGOGtGq9+MkaLRcU@AwPorMl;OWp4le`(FV3S8eEM^gZN;R_$L#InFf$ zKD@o96MBxvz1rH7N-v$||KW>}?)4MBGFZ*Ie)AV_AOn6PrP}Elc+IAiXaDtN?ax=w z?WzX;&%Y3k+HaQbxJCOsVc)dlg~k_Vo1W))dvyN!!m0~XPv|c2sE`z#T$capspO+i zQTurCm%jkecb)a-&zB#NCndO-=u|{L-YbM2OM{c{KmB1kdDmk5e(Mc-nx9#vOcLbn zRrK>z&=Sq{yWc9aFYShdJ0I{_1aX0=9>RiDK_rnDzSW$$q!4%*jyC|vmjMGXg~Obi z0CXh2#!V&!7b^vp0ckpComJ|EpsajZY839r$^QqJ;{P{{qW^F<`uD0j!f(jUtbIz- zz@K*{vAf}m0G~@sKDq`-@S9eqglf1l|MWog+&-(yJ{iLZC%e$M%xye_)E@0G&Ko1x zcU;oP?dy!n-b{hGq5Z7Do6R~=6zwYQb?+2GT<0-2?MA0*vCzp>Vq>#72QlW`YF-8A z)?$N{F;*OUzZvq0td3)abNw;egqRrMy`>@{T94X%SXqKg8*!9~(NO0BrMdR%3Eq^B zDM0B$mB_BaJb*AD-kMDA-7EbUM~8Y2{vPaxWv_Kr>o9@L21-oi3K;}M^QVLn0mfGXO zHYkumc8xr57_scAU{51H0>Hx`X zG-{57YMvKdTgKqPTBB5lPb%XUkB|V>GhGgB-uNWfMPNzksA8c{xtGbnu2gOe zx`^?y6cYfJ4AiftJ@c0(Tup?a2y##{D~1sdV!2Tz`(wTZOqaH|lViKQRS2j(+2g3ymjc2 zXjS>su5jLPJ0~h}t%liWu3Zr#{Jljkn=31-(>w%4b{@xn`4`5m>BbwnnP1yoC5rc? zb)6hj49|+2eN`N*|7n;m$&$_yB@}0G?>$8^o|HjN5zG7)+#irF@KV0AP2;AbVNDX> zYnF2;x<=uBSD|)d+v_eR)Uf8_j>g~A1!KIjqq2k~I64V?R>e{%Zc;{Ulq{vk17Z7J z0Z8r{J1?Z@f7@++0=Ay(E0bz_t`}X6$S?M!=O;$XwO&}u_Ivo_al$TDNi_RA0qByV z_R&E@eRad<^VJBF&nKLUbSV_7Q%7}=DL354WBBiliE9CR*QNlL4t};;Pt8T)0pS3f z-bAic)d858AZ#<|9hK}lh^A*wKzPuqu_k7e&vkF&(6#L`_7dAtFp6#8(hux+L)ZI_ zf89v^leLe$r;2^Dqh)cvG*I%N^J zMf_UDCvmX=f3%vHYTAjay;XI+57mr|xBvV@-dTEe{9WiyR$PYs>oTXKq`TbVSR_$Z zjYt9sH=uXFq3&D6fo}Ur*Up7jbIJbwq1DUWW*sybn}%9@TDzZAHnsxw`XxB$;1JR) zWKFt})!m3KGMAi^9`5fw<K7^tONrNG7^WQLM!EGTFVg|2Yok5#OES)?O>FLWDWl67RRqoFbsQ>ez@KI5Q-Vq z?Hf}q^EJ0~UXf-G<__h)#Oz?%vNQ=TR!`dpbZgG`Vp(FQl3m4Z#~|~TGIOZMDjIGo z4pa;pAdF~e#W#zn4Vqcz{ICZYiq$qX2?JEA7|fQ8n?v>+rh_fhG!gC5*t7;-vXI(M zZ$E`PPqhKwXAW|Q#WY2I@!v$uMlckyO82lh8NNm-B~hbc;fuQh==8Yu%=~+60YjBR*7v?Q#3{X26QX)TmM@tI9C8WxN7Sn^9JbPK zpcyEEi6KlzO?Ae7ID9dVR8D1^UsRWsEoQ5f1}8~%ooLp)xKR=Xmhh%ScvU-l=i;Hl zomVKl9bd9PR#+<6A}l>5onRXb1OOm%CcUW_J=4hHnq`7GrTKY!m;V=MY^Znd>07md z&V}1{$n9T1)LLDib~%pQ*f_3CUWk{D#)rE&Z(IfemsuWd<< zF3H;UmrfCEyz=wEHdhUWsi;n5!(OjwIe+sEF`dE4O8%brCKnx=&blxPCG|P*cJJ#d zwXpC>i=FC2;}mm(7mBc;jJ$Rnk-?Orc6eh)jGk3*4q=!p%-Yz5a_4>8xH)){&1Da{ zl#XyM{`~F5CB!$bZ>5bFGqBWr&W!VnlV8Oye9SL5&Z-;;A_6M%Q4pLHj45&`ZM?RD z#(9s4tI-iS%Yj9)%`fLR`R^^i1tL+hJ$i~JVik+X+YQh#hlsjPRQFWzQV5QAC}jK1 zlCfCHXAto!jxiAPs#_)xA*6gq-LyFjA%xC6IOXxNXel>E3HM*y8iaF=tD8e?_HY~U zZ$xIPE^E`QxBIM>B$f>?F+<%U3Z8z1#FvpxNrTK7+lEKzaCTPqdd%dg0Ws$&B|^SR zSO`Mm^hI{Yi|NW1Mmsz0W8t^IcpJ?++6VI0Y{3%O;V9?GK_5=z^bLZdf?PqxEDQ&g zpd^P$4%TSb{lWZHZ9RKNFXWV$l=^6UKms;ner3_L;jHeRPrQjXj&7kW<>L+&Dn1=K z=G?1}Qfl4-12leVw&wKL&H}456=PR(MM*+-bBk!$?V=KXhA6UlX(7(2{Au=045sfl z*hQKNEjJR2uO#DE8fLAQodAB?!xe)&Z^Ks~<$O4NKXdJ5XI2EX^*Sy{LXUzyq&>!H zVimQGN39H}8Rtc=K&H8`M6r!fwp?T&d|lk2`NQA zy$|fW6_htNW+8oH*bT3buTM=twXiS-?Tum)RYd?m_E?pa8Uy22?B^=?f45i{p4pHP zN&Q0C_#d)Y{>HqwMbYm~r2M;O6H3PS5tK8uZBI2 z$tqL7=LNp+@Ub+G8rW~E<6yT@tJj|+b2(+>WanT{#bVPW=8PIl0O%41%2RW>RtZbA zD@~6wijr4lv=;(VE)%uq4SU*j4Rdfqz!$!QZm{KW;3Cvhuk$jK1LOk6J@h*LU6%n- zsxU~4(UzK)aKY0IRnzrM97iHA-_r#R!UmAzK0p_n1jVac+Ij{AtxA<`0;tH1yo76( z0V>xTWojPI_vUg`1Fc0}KURPCG)$ThILa^E{rM?9GR5l3_k}T0Rof$#nG|n01(aQ1A{&Yccm zJK+^2*~2*BPDkfALW)pJTFG{c&^D9*A2mE`pxX7DT|cM&%$t=0O|tS!+XEe!I1CJj z*m#d3aTx8w(!~)BnOK!5Es?woDmd*Vb0FkGA_y&&da2SV);)H3Aj?koa1km;OcKBD=k(3l6E>TJ z02C3o!fv9GfgEb>Ij-pQUdH+fmMf07T4TsuDjrAr>(mV;v%Ez6}6rk!6)$WXL~O(>Z_6-&y++WmgkP3{yt#;E+OyCuT^$?>d= z>+%#E-(~yjXt(OLU@ml|MgS^Hi>4V62SWo+Dvq#|i$z(ad!c+7HNyEYeye6J zZ%quNq`EyZpMF?^EkaC%{SS=X=9se;zA`3;Nw2ogjJJrk5*RH}vQYYV&-)Lo5UDd| zz=wE$*#?LOLL+te3RZ|-`Kep~&%E;ACtry|+(W@K(xG5U#>@1+dZH6g_h@~eVaoYN zQ84TlPxg(C5JJKBwmRn;wQ5gQVG(RQKXOl?GJ?vc_|L!hFDdK)xj^CL0fUEQiKyvk z40#d7!ekWz=+z1bSicWUS`2BEuRdvub~!{oeW+AECMcxaDJt;vn8dsfVfIkf{*S>l zQD!!kd*>>utycMvT{WsSqOzy9rNqk(2AS*f#7WGB=Z({`yNi@}0gK8vJC)^VjcFmw}W2@M12bvI@AfCWj4A=-k!B^7Spt(@=M{#mPg2+dqy z``@Af$@UWvcX(R>00*87=WO({*C;I3N6Ep;uh?vIJGIOQ2DG)>!Z0sYFd_Vyul9<+ezZCl+Jo|e0X$7 zt;dyU94<%ltV-9Nyo1GsrSv5h4$-2V&G6{uVW$OAT2^-ZM1>%o$%@#*EJ|o${*=Tl z?+#5D{To&tfC=uP-^dnQoVM;+h7&VUf?IQbYcI@}9e;$J{Hj=R0_FNxUF$dKYzDMy{~yEU(dU z6;{40nAH-785znCz(G)V4AovhL}J;r_tdTcghs`VzLT&8wlNuISV_sx@U^#OUK2CI zXd;UcG8Jjlnf@t+VnBdM2J4NdQw8nMCWQOj8Qt? zWAf#%eBN$avRPn_%{a&@IA-H)JVaX_7-vunOwuF=R+lfCH!<$m6p^Bgg8^d?l4&(Z z)p>LCf%j0=!bQ<2uWJ2&&hkIQA^Rk@52dj+um6*b(GQLlNs`wJ*=Yjhgw#+NjEV(> zkAY6hjZ5j%-R-IvK!|^~u$Ocy%CU%$7YMsyQCmP9rT>Pe{SN{2e+jSu7y)yQ|3bcq zfA0I;I@Boa`Mg;c^zEcK3#@2{IFo)=bbV}W|3hJZCzJm~hX3njN|W^0ruOqt&lBuM z;RBNzb;h4u>$AVEI{yOP|A1VdC7(3ztX@t39t?b;@HWKx?N^hK!ce()XDatGO;d6A zZnP!x|I|lfkE6Zq-rOWD7+w4!OAu?v}0%8`vU*c@-k_Lcz> zQ^~pFMpM4q2EM{>2ogH+n0?>=(`=eEhtp^J-~=hU0$XQ&E>Q!6U4;ZUKnI|D7(?ZCER>7rHFXy|5HF%**6 z=Kq1+C#PyDpe?Pi55cAl7U6dJswLC+6Ynp;w+`K*znr;LO@)pALjMG`y~D&@OTp(8 zoWzMyZHbYCA~=+zZzh)sesY{k?^J-hTuf(#l@!*%-`lHw9#c*cp+M(9aFW|WR-y_r z?VQ~SIXj=cW4yV|y6~9^;6$)Fk)6>vM*svvFcuuDda=WL-62q4UE88T`vSQ`Y(~@C zh9hDRO4}4WNgruKB#QNZOruJM-tlyk$zHq?2@{qkzj^v|I{uO2qifNf_7=4MPo{Kk zZd785F^}<>$MFz~?kwC{HN4aS18<%X7S?irCp@l*cJMX5;{qK%Te9!JesCyXr=oWR zjh4W7Sug$B$jG|1)Xh$XL`W&KliEYc#Jy8joZwXE4;W%G@>BItjblf^?0_ot?)bnO z)D?cinw9PtSqW8?cJKZak#1DnXx%#f!UXI@o1Wr#`|THG>&2nvBM4KqXR`7pta9y>e#3l3YXmA$4(jPh`884t5bB(-pTs zLxYlyq04MY1IJrL@{-H$^f|s%Yn|vux?FHDFOGNz(+cTJs%uE!T#w@Lw1Xl5Q7gKM z6rdnz@W%D~kRB-nf`qd&J$fGWG=Iu!ZIKpRbH7C3qwE@==q{`zW77NRls22WPwYKv zlwCOE72*4RA%h(PaI}MTn;XD>SS|mxn1mvYxvzIz(poDz%-qoaEjW-#v)n5Wvece_ zYeZf{iUE!;P~yBL>_4Rj5u@x+0Vf&vwDn$?VxXbC{Y*!0fWKH1mFzD)j3@W7)uGK+ z%AbDy(!8E&2xWW$tFbXb z!(kY^5%jac@V)zz-{#}SE5gI6d5@W->(k3`OM5jY1%&r_HC8u-ccbswKT}G_5wPU; ztR#}JRw^*=w*XNEJWRZ>wqOGsVQ+VFe9v@iEJVzsuCgJdsPDtS_l)E&sNt4B8XlNs z_(5sY!!G#%d-RtU@=Eb!K?;!0<-Ugt5_)Cq*uWY9hm{0JY&*iJC?M4U2Drf;@FaDs ztO1Yn|A_jo3f{E&p}N!1&FiYgGh}E#+nS<1ztK|oh!ku**XY<=?3U(bMe{O1U>|x# zQOI&&?5ZnRss@b6_d)%W7G9iDY+Ztkfe)lC5vJ0Mjyls(^kmb0JEeGnAjcQR8>12I zBX%@3^)}j{d7G}^^Bq{Ns2cMASUz_NTE`cslay9kJ3zRxI#whj)oVcyv`J>4S~-qx z82JVeG_IuF{O6N)L`hQMDFlB;kZ6PefVPlr`+?Z<_fI;r)|2MpfHn?#{LwdCzGS#z zA^k~d@`rs8=vwaeq?wg?AkVQT=J#k>y-h{L{thM)$RAMb8&Mk>!?DNFn~fUrv**gu zp>s74Y)7(@J*DE|OPP8waY|7Gc-(2*cH)My`Vsh>1woiDxf|1?+NuT8Bm7i2)pC9w zDGmEAY8Bn+2?=&|vDT;;VW8q;yBxWFT|2cqUs~zWs4@`G1HStn4yoK@@LELeR`*=k zpLGYjKyB%cVa^toJ07d8qMO;~7qsRJs#~K#Vux5>-yX3&KBTP_zzgb_WAr*1DHCk^ z_U!eGt*(&HSDo7?_7{5;-d#?gB;N$`c1e?E)zen*V4mT$Lzd73B&`KFC_ri?Jw^t4 zNbJk#c;X1TS0pb{0DxCyu72+l{yB74V+f+ z;}v#M*lU1URG%2%S=BbbFRyC9dJW~V(@TzivpuUh+e0j%E^hgh#aZl2jr9&?992`Q zq`Cw*Sm(2_*>9e}Df9yY&CzcW7gN#M(&0)`qC^h`<48Ja@wi>kn?5$AUtlp~eLTCJ zvD#i1@jQu*X-2UJwsm{5msfl-r!}?nYbiMOUSlp@ZGVcMxwyIu^wntrnuLe`ehz!& zQNN_@l+4hhxcvc8DZTz!_?@I_!!qdcsvZ?-w2`=&#>?2e{`N1DCefswuBn;*;T{OnDqqNUK4OcBENhn`arUO8>p;1 zVpzUtTb_)Jy|jNW(LlNkEk`~e75%`}5bCxe9lN{f_Ab?Ri(luBiuv!g)?lKK?Mtby zP8`?pbA%1Mj$OcAo)3@asPrw3+jr~93++Ek+DbJ!RsZogc%nm)_MpdG)!v(|oW}n-a2@TBEXV3^)r2Fo)zzFP$y}(%_yRdHR9I;lrLBxky@y}i z1;J>1|NOk=8w=qvxq0U5Mz}QczFIDOYF$g`x~>n3!u)Sbn-j0kvavynt^3Gc-FKqf z?J^jNXuohN0*M3oR{I$6cHeZh((QOS(OMxmx#Qc^F5caOcjF~Fc0Woo5zs9J-z-?c z&~hW*tj&0dBi}JDQ7;2+&vAP^qhUo{9M$jz@fW_nwE_2wm<+ zlJCPbin_dHJlt%-VJ{H(tBkSm)7hdskj0cb1z9@Bb~Bxc5!@h^ZN z4lg8D5cNq<4Uq<}0!uRUq~vjg^*Qdsdp|pLj`$IDORQ+g;)l5%s7s4q5s{7u39Ys0 zR6_QL{Ou-?m2)ymQf{q^G8gm|mV**`G{{qqkFw`cGOLAT7E^lm>NPCAy*sJkjsnz- zN)CrIws8jY1gLmHT2r^`FPUp03*aH#p4!K7r!N!_k`vR)(x}?#PIlOOQ>N5p(0ybZ zDf&HxLpq;x8oB)LdwqO@vnw!qBoTx;y|zI0*wv2m5|vNIrHuY=f^4tTqglbi@q^#$ z7b*AGPT^nVO5R~9q62pGdPP~;9xOz?#}MAA1V>{Ee%v)us*nn$&?179eoF7*`-B|R zq6tZfvAnnT+S|t4f=e~N%{Kd6os$Kc^P{G(nWzVU@r%WTGbJP{lcODMN(_D#@t8nN*q3{aOQ`pcRgsAwD)TlPjy~JpgcL?B@fJgeIEo=bE0NbQ8MM zTxKCbce&Ig22c$uH0|gV<#14d)&3E1x@b$WNegRiZ6TKyfvlB2Pm3%2cd4j!gUqZlfROPQ9)L#vev~%TYiVxo6*vK@~KZ4S-;XF(7}<^%`YVpIHzq~$wgXu zOo+1=10t9lMjKS87%*Wa&oedGaqh?~DeSENN`nA4@A%uraKwd(28(lSb$q;Uvs)uf z6-8Zn5jrK2)UniaShZb7C(YwuJGm{OMqav>u8^ODk&+I6payE4e0qh3lciUp*U3Cx z`YXwYdTD0?w;zMa$X(X0P9}e(i#@CyX}}jxJXWw@d32p?u;Rm+{;c_NAC2Nic~xQ? z#1&pmoJ=YerYDA}lEErU<%w5Jy^zAsywo%GfL;gYf8Te<-K&CyYS59U{0yU+li~bg zXwGBObl{Ydve7GMYEp9bRHrS=BEtKyiUsG&#l(0I}p&{DKNF`AL zoG=WaA!F<}C5{*yKnl8dAika(9%qyU8VBrPxZlw`{_M*nUW#YlA`i^Bhg#u0HY6f? zaM6V_WEI2LCLZ8)EdN<`g3Zm1n@BR!Lv%)&P;F(5BW0RBhuwezRW--wWvmtx6$*y} z_&4JhMxk8H$!X)Qg-wW#v{%t2@rHE&oR4t^9nRe7pX; zd{a!Z=1klf=YVAhbL>p$V zZxKLaIhk{t^dxk}p!N;d2`MGjuF|lYt(uhf0Y}XQ)a`=Q_`Py-bGw_}_ggYsE zjBH#gF3FM;){b4|pFku2lsE#yD;a=0yp&B;h&Ca>DO2;6Vx(cXFmC&kGz={!j^ zjkkaVEZ4TkJCl0ij(pa#Wvh-z*)d4u9i)iRRM2oR99-oXHpaR>LXwkKOo2Tj=36}8 zd$J56LJ5hdjiMhwtq;$&jP{y8J|A$&Z&QXq)FM!@R*I!!=mQqxMyVBqv9A%4C_x;Eioy{YP%6v!_h$uUa9mr=30^xX1oMd9w zUG8>1x+GBNW|`htdapuC@Uc3&K&}ccv0khsrXqG}S{X!dcqWO9_2!Vp@q}Ir1Ms^k zb&}8hJY};*Mi7;<#~0Pu+AAGY)pM(zb|oo>0qhyU%v&jkw{QXgimT-pDM#;=Vj<)l z>?XK{z^Bfgp0^&GDYx3z-ac)t9Q38zzWX^*Km^~uSSOl+ z)TidANb0A~Ou=WDB1s6hQOMf*NWP!&Q?I<4v~%Em9P)IPL@~kJ4<2su4h5Qi-mH;) zpg_G$n+8oKOE;=yON>yb${Bd<^Q*wA#PLZeHBdx`5H2HfwXS9 zBQDiTt)6(noe=D>E1@Nn?PC~+RV$Af8O48_4h+Z#Fu}IP&MCueWao3Q;YI5JD2g;A z=7#Nn8!e|y=uF#HTXDsbtAZv)HM|&%hABoIgV50XmbCkz_nyqjqi;D)!>5o`GwLHU z_aJ+Xsxm$Wqr+UjGcLSTQNRvKjsph?z(N270`_5}+V%y8MJWP!^8s@|Ez20Hn&C{g zRAoLX)%q=TildX&D`xDgjdP+N?|<+5i{)cg$6=d{hkRsq1|2d)%%2BTwSRs#1*`o^(N3%4y(g5+H8BM=F;~a z1$@yVlwMmNKNCGSNi)myCe1th75S;j@mlORnAeF#$80o9QvU)%EZ>iyrQ6hHXuI_O zj%&Ll=OEL+fwn99-VZUJE-7;`wjMC0e)h@0@sJ9HFAHV0r9+}Gi?FPgpaGWGo0Xg( zh5oin3W~~m=BNgOGpk~NXlNU8(lJ65IxaSVjIP+#R7*gEN8(n+Z@{e)Y3?6kz^>hL z#Mk*^o6L1~`yXLIuzFOD2<>$T0j5_0z;9tP` z2Hm;a+XT07o@#I3G&~eOW?tXC+Nt>idgR7Bu;Tb{X~O>@up+*K%=a%~;VsM5`cO9>We>C2`{N3|bKly6fTD9rJzgvm?*J^ePGo#({M4Wz0 zgLP`}kx#58qY+RTF3uQ*4A>i`rMEdiUXgP~$5r_WdL)!2*r}*eXd?C|BE5VvGtp}> z4jLgwYcy1>Gy;eL=xj#>tOfwcVK^}F;;(7S3+V7wN!G6(^mq5CGAIvC)ejTvSqF=p z(rwJBN+iVj<%W~}CqxD7>;Q)`{sg8~MnqAy9D;!ixG>!T8-Cb;VSirI%u}I9$-6#+X(+FtS!dYgH*;qM0~ak9n#N~Z z&Vyz71(37@qX5x1_DbbNir+K6#m0|Heb9kP_ zrl+?Vgc+~{17lucN#&K&g)Z9=&$J?nUw4HK;L=VPX$(| zpiaU99#oS8%j8}Xv5josDg-!5tOwvqiLg&vP)-)5D|`5SicC%Q0ATb5(8f)(0$18k z*mL+F(JCUB#B=QjX_h=pEV=LJn-}BT{MiU6Hy5UTqg{E!hy@+J7~b>qVWg~saH7$X zb@5D`DF=xL&Lr`6zAAPxERKmKN{Mi9GLD$D^2|hl13(Q%Z)Re&+R91|IAe7Zj~PY; zbVZQqk;j2~c(KfomIL94T|a4h;6~^(+n_zd0tSz2Lde@gsW!6bml?|3tRQIr2H2xZ zFccAe)kc&Mc(jdmwXV*PUHFQCwNxdI)&Jr^9wN5+RiKE}8qc)Qwdo}%KK!7OzDP_SN z4{kn6SWX{Uf5nKChD&BaKJZ>&q+Q-u9gy)&$u32L&z_t_wr_-gxUu5jPqsrSuHy})sle!y5VU#!|bSq>6Yal2qm$o+S|YSA9npT zGyI>bZ~uvKs8rrWcZA>i;_mv}G*yMrn zmM@R~$oJouepqTi#7o}pwOH#4_W0!{d(khwThDC|N_9W3FJEl zuF|9n2!gZ#Qlte$klqpL(o2Mh^coaIKza+(LX#4Dhd{#1+|hCFojY^ywD)G-Cx7xe zoRhQ9-g~We)>*&rdJpD@*=RN>$<3cRv_DeuLEh%PYWmr6RBQbn)lJ;R{_CIFmB1rT zEg^$h=jac2Dd)k2O%F~0?b)*wG$`nv?Mkg_%3Ild=5Gr; zOsiM^%*wW0P$>OLQku++vL^uES}!SZBoYP~t|>FV302Uy6M7!NYm39~U+pBL(W5SU48x8gC@uJi1Eiif z`HAhVtx6Up-_@It@MX~!H23m~sLmuomzYS}p&>9w$}RPe7mDBAJ72VpH=p+X7c?Hv zigj&Dsdyfd54rnoYeYQq)ooq^PUMR?rCA+h`p#z z0RPWs0E_lK7h!T?$DL_zDM{{u(b~Bdxq7T1LK0?%tmrQ!sF6-8!9Op-v`IO~dYBL8B?8!Gt} zd3{c0`yQdO)#~0l`zfTPkvl!<`8y88+Q(`Pqj#GgDgy9X1J5X^c3#WqUw_C~cFy$D zGt7uR`!H|W{p(|PDz{>cp5IB8cB;;dZVHl?R@fx^Lp&1rG|HIwS{7d#__%)z0XG1X z6??I$qr+YtXSC_1@92%X!bG=;;EbERgSk|m2`g5|`-b33FiC}P8ansr3iK=HK|Nh2 ztg#HX!`s*mW9`{xKWc`5mG`QMx|8`kLZm;0Rp#v-t+z|>X;>*kPFZ6c^evg^#0at8 zX%A<`i=hOx?FJLss3fTLkmd9%j}Rv4HI$Df%@flQ^rycG`ZQx-X*3rz@jt^+pqIQOXx-J3t-O9WmHZ#%z7&(KgrLNj41}MyP;8@Q06t$ zW6pLd`)04!gD8>54`bi)^+rdjbtl&d>+8=T1$_qT*?>#0baiJ0c*cZ}+0NH!fQ57`&|!zw@bI1d3im zz%+Gc8$O=^o*#0qRy%qisOHnSm!fiPO^+sEzUh!pUWq4w(_5O~MsBHKI?OjPH+vC! zpKhIYqP@!YQfN^IfP?8=9u*USB$A+j@Noi&zLsAAqTEEDn*;3Ae^o@ooDfC0aZyu` zZQ?g(t&cHj#dwK!Keir5;RD@k#-=fvz4SX)=K9#cz=SIjY5b;(|6!#AyAvHJ1T2Fy#cGJ->j02^<$Fq_=dtdUjydiZ70Q-h@TP zE?gLT6u+Q)OVg^`Flf>yb!8dQ;u8B5#M?$S$=v-zk?W2@|pW{LS>YJMw%A_Y;?dUxTJ=6tgxE zr6`#lE3?|Al6!U79rUfeq=$Kf*k5bH@t0}9w;YeAid%DiKwVeE99;3(-fXs0UW{aA zBO+juCIsDOa-AZcDYou~1iKmVU%BPSxuadEn?{wK?Z>3XjU4tf%1{V`AN~1r};n3Y<|(^ zB-Si^@Q(W@&FnwsU^2)(_2K8U1*=NhY!nIAbcFa2IW-;9lvrth5EY=^Pk1N>82PR^ z01G}yt`NQE$Qm_dlFk-k@iOJTI0=tc&CB0c8uUjSP8(Yfj+ShLjln+i@yzOCJ5&~l zLa*2sTE)x9K~Dh5hF+*;&FKWF#S*L(bOMMwB;B42J<_O}$2_Q=HM#5=pCxdwAsmsu z?6}u6O$!}>mBTEDj$xg2&vr!jhutxO?qA?@4453Shv#tt)a_@9)xTLY%w?iFqdF?`y1i&YzSCf3^u-o}dcS8yo0?j;9>J