From a5e15d58e752bbe4570a0b6c5e6d19f3be46f162 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Thu, 3 Aug 2023 17:27:23 -0700 Subject: [PATCH 01/17] Add ADR and image --- .../0002-local-scanning-with-scanner-v4.md | 63 ++++++++++++++++++ .../images/local-scanning-diagram.png | Bin 0 -> 94138 bytes 2 files changed, 63 insertions(+) create mode 100644 scanner/decisions/0002-local-scanning-with-scanner-v4.md create mode 100644 scanner/decisions/images/local-scanning-diagram.png diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md new file mode 100644 index 0000000000000..869f07a064ebe --- /dev/null +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -0,0 +1,63 @@ +# 0002 - Local Scanning with Scanner V4 + +- **Author(s):** J. Victor Martins +- **Created:** 2023-08-03 + +## Status + +Accepted. + +## Context + +Local scanning is the scenario where the container image is pulled and indexed (aka. analyzed) in the secured cluster and sent to Central for vulnerability reporting (aka. scanned). + +![Diagram of Central, Sensor and Scanners in both central and secured cluster, showing local scanning flows and related events and API calls.](images/local-scanning-diagram.png) + +In Scanner V2, Sensor and Central coordinate the calls to Scanner and Scanner Slim. The local image scanning leverages `GetImageComponents()` in Scanner V2 Slim and `GetImageVulnerabilities()` in Central Scanner V2. Both APIs have similar semantics to Scanner V4's Indexer and Matcher services: + +| Scanner V2 | Scanner V4 | Description | +|-------------------------|----------------------------|-----------------------------------------------------------------------| +| GetImageComponents | Indexer/CreateIndexReport | Retrieve the inventory of artifacts and details on the image content. | +| GetImageVulnerabilities | Matcher/GetVulnerabilities | Retrieve the matching vulnerabilities for the components provided. | + +Although `GetImageVulnerabilities` and `Matcher/GetVulnerabilities` are similar, there is a crucial difference between them. `Matcher/GetVulnerabilities` was specifically designed to retrieve the index report to be scanned from a separate service or storage, similar to how [Clair is implemented](https://github.com/quay/clair/blob/main/httptransport/matcher_v1.go#L116). On the other hand, `GetImageVulnerabilities` accepts a list of components in its payload. In order to fully utilize the clear separation between Indexer and Matcher in Scanner V4's design, changes need to be made to Central. This includes Sensor's ability to handle Index Reports and Scanner V4's capability to retrieve or access reports that are generated in the secured cluster. + +## Decision + +Scanner V4's Matcher will accept a new parameter in `GetVulnerabilitiesRequest` to support local scanning. This parameter will allow clients to provide the `v4.IndexReport` for scanning. The Matcher will then verify if the report components are available. If not, it will retrieve them from the `Indexer`. + +Example: + +```proto +message GetVulnerabilitiesRequest { + string hash_id = 1; + optional IndexReportComponents index_report; +} +``` + +Notice that we don't necessarily need to embed the whole Index Report since the Matcher only needs a subset of the proto fields: + +```proto +message IndexReportComponents { + repeated Package packages = 5; + repeated Distribution distributions = 6; + repeated Repository repositories = 7; + map environments = 8; +} +``` + +But that will be left to the implementation to decide. + +Secondly, Sensor and Central will behave the same as today regarding handling scan requests. Scanner V4 clients will implement the same interfaces as the current Clarify clients, and a new field for the `IndexreportComponents` will be added [to the `EnrichLocalImageInternalRequest`](https://github.com/stackrox/stackrox/blob/ROX-16834/proto/api/v1/image_service.proto#L67). +That addition will support both Scanner V2 and Scanner V2 requests in Central, which should then be accepted by [the image enricher](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/pkg/images/enricher/enricher.go#L111-L110) so the Scanner V4 implementation can call the Matcher. +Despite the fact that Index Reports generated in the secured cluster are not going to be stored in the central Scanner's DB, they will be cached in the secured cluster Scanner DB. + +## Consequences + +This method eliminates the need to store Index Reports in the central cluster for images obtained from the secured cluster. Instead, it distributes the workload of adding, storing, and retrieving Index Reports in the central Scanner's database across a large number of secured clusters connected to the Central. + +The new Matcher API opens the door for Scanner in Matcher mode to provide vulnerability matching with multi-tenancy, where multiple Central instances could connect to a single Matcher instance to create vulnerability reports on demand. + +The Node Scanning can be migrated to Scanner V4 using the new Matcher API and local scanning workflow, as long as it sends Index Reports to Central. + +In the event that the Central cluster is updated to a version with Scanner V4 enabled, but the secured cluster is still running Sensor based on Scanner V2, it's still feasible to detect vulnerabilities if there is at least one instance of Scanner V2 present in the Central cluster. This allows for a seamless transition to Scanner V4 while maintaining backward compatibility. diff --git a/scanner/decisions/images/local-scanning-diagram.png b/scanner/decisions/images/local-scanning-diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..8adb5dc970008a525679ea0add9cf81a89a87d4c GIT binary patch literal 94138 zcmd422UJtr*Do3iNLP>|RUx4pRJtf2orE5mgrYzw2?V4oMLp6xga8Hv3?x7T0fB^$ zsDN~V5J0L5NXLSJiU+;%obUUe|GRH|cieZ!_}+UnBYV%Rx#pa|IrrXKSu1P)dj0Dy z;1tvtVhlKP1OPa~d;xwf9(fHhFt}k2voeO58~rWl12F0MMF0RD5E=|K(LZ*r z0{|LF{%QLsC%4>#-TyLooOwLz?F|6zQ~&_nP5{8^Q2>C$`7ass@Lym%#}tV%aRoA8 zJ^+7!7vLNK0tf(j0+g7XGTNdV{9yJ$Bsw=j`AKk#(U&fH$Z}!ZYHcFzi-9=pc8B?tjCVCA34gwl>46o09csF zkFj!}WFlqcNLF+K4f;|1sfcAx!c}e>TE`n?7{oHbuR#yTbD7v z0RH%|H3L7Je*vD|0`Pd^^{I#Ti3@Ft2TNjrV}+FdpDj14 zIS{44^_Uh8wrV#s|2)x!1N~OJb)P5TZ{zh2Hl{3~_81ILPoJMO*I1f0-t&N&S3yw2Zm^mE!E z4iK_8ePinEw5jrn6T`RqX>T3+Nn2OT zoz3GyAz7u`CrfR19Cd|&y1ZvTwkI^(&!Oyx z0_V;J+wpFwY2FWP(GJn^Ys=xegfI3vC&eeFW-aDnRl(SPNc5Y)Ku4eoh|n$_V#ABe zS28SdvE9dfkmZe?;!RveULx$Q7afWiAN~T&@4bmlQ+Lf@`SVfd+4=HTZ-ufJN6WQ0 zH4R$EIpgCMS9H@f^IEokCggT9|} z^B%OrPL5`WQ(@T&P~kA{#klgp(Mw?+2`I}R|4$D_8TCp!W!h%x*Pl|>E;#b#!e(=9 z-HDb^>Wn`h)_7flSUw-dNCZb7)Pud6=SOaju5%*KQ@Teg8^lKQu~cPmGaFwsTT5x# zZ^rSwD5SQ+E0~_%01lphcVSYx*0Oz3FWEdhbe1lo;HpuHr)hBS4j_;FW(D)3`Rq#J z{V^$)7;c;oY&nRNJK}WOobB4fnz$}|VVhroydYZ{V*l}(z1Os@DO(jAJ_h`Yw*JlY z$(gTKuYhW+Zhw%{=E+_!6pwIK`)LsV^HoeyEG6R24Ol)nKQPj9@@cigM_6k>iI4r- z+x}cSdM0XbV^)2m#IdHGstKKIp;XD9e@PA6n+kNhq?qsW6~)ie4Wu~llsLcY$65h# zPx84Dh#j_mMJcm#XIQYH+Yc}Iz_9UqeH+&_Lf`C*dgVm-U z&(o0=I-z|Ucr-NgZX^2;nZ6tnX=!3EwGY~Y9w05bBrxmAJpJ#?>c=dIxal0t}0?0yK zEwIBkz;`a97NT4B!+DCTVq$DvzY0W`xq2M4G5>ck0l5}16T(k zBxQJcx_mrcGM~>lUli^u4>QlCrls{kvcRoJn`t!+%k-1gvJ$Y_H=`A{oD0IDMuDPCGz*Kl+T*P%e>gIe)%ySJ^BbN7&W9-ecW@+>#J$sxgCp zYS;|*?6-7j0;TweO{`H@<~MnyIgz=IO-|kh*$xdVdYDwADiMU_tL5<@uduI89mv5@ z%t)yZ5E{iswdTQMZ1lpLv+%)?k9>1M$6qZ;-)jIzU4sPg$msqNO!Ky6ewj=iTfv|( z+ZJ)=wuPaR0+_8p)96w>TQd zt+mov&DFT4)ziAYS!&cD(W^CFq9CbMd(`%o`gntm&-H&9#QV@Q|H!S z4j=v_Y7{ib6|jypXH2`i+&`cUVVd%awav2L=I4ASa8&WjPxDNt!*V2p&Lr%?wa$j^ zR(TYdd3OvrDLz-tMwtv!?Xk<_eN8;dWc59~Ri*fTcgy6wa?;mwhFZ&{Xh^Nuda@jR zILaaSVos3RCksPkPmhwovAa*iEEtwJVHnX~X_}|Kyl=ANOnQ}UThlWbAK{>PsO5gW zWBQay9a^hr_14vL64lho3QNc%ug&UJ_De6>tmB2!hLZdQ7c8nKE+~j+x=}f@ZOHJH z76hSUci!SfOnHXGesjczWukWO##y!A0gc?d8Hf4s2H`~iDFjK$HU%nUdYK|Q4%BxE;z-4# zjO%^-Xfp^^znE6nTJx7vVS8q-y21vnA4sF3m4-IP#9qv1h3TDr>ZHQ; z8L(|1%OmFXtL6*`zq=widudGti%hi(r-<{ORaOCluKK+$W2ChRe*x|#TGnA6>$Uj9 zrR9_Mu19q3%zEG@;1=asLmHr*wIo7 zA=hq<-QAm5k5Mw5!FoTCg5cJUBA(R0|B-z**6s0Po~@T1QHv4THgyd7&>!CetX4Q{ zga-|?B8neQ;qyqqWsPKw!$h7H?}7X%>+8)3UQxSz1@m&hI4=_V=0y9RQgrGQ$0WzQ zTIC4NJFi4`_;GZitC{oze;!on^<@YJxTDLHsYQsl^Q9l`wGmQQr!LC~MsqCAL)>HEmGQ7jsVO0tf8*mTHCX>-OQnCYY9!o-`$IlxFB>(o<@!u&*7}jZ zY-sM$A9*cmkS+E+9Ji#Aho#K5tG`M3q3*uJFM#APz)(mAo9@2xFF?~z&qx0${{Q}b z^CY$RnGSRP32?+__2w2aN7)EPyw$Z^ex<=7z#{t{uoO7P?gff$HhcgPa`$x^N^`!? z+mhkvqnaY$snTB_M!$UMC-Z9C_=300-jIOm&IjB6_vU`8AEzSJe*rA(T1DKhc83S3 zr$F$})_vr!xRsnswrbhTKI_38TRB3NhQo9`LjmHA=iyy8f?MOf<{|n*q8Z&Q8XMh< zn+2Q2Dk{~#07bkn004;^YXCrB<#trd^322#;uYkn^DzmZmlrTB^-Fc$F7+r`8~JWT z=01W(DxE4CC?}Se#KO;{1Bh~ zaHaIkQ}mTmafy~d<3jFCbEJ<=!jf`&&aGi=`vCo&DBBEGGe=5|(ARGe4G?kA>oo=p|qk0gu9|3k0y-6Ret9Uc>K3JtqCoEj$w6I zi7H-_b;ZSH4zAz$zPL*p%AiRy;UT-?vvE@-ZEE-84`y;^$inm_7lBp()S%oOyCyT`1S9Pc$#GG8yjRW@)CfM;~`g zt{G~&OP6mEdFoK4JlQP2fEy>Jn`DvW!o?w%g{}HEBBg~JOVx;AS!8jXPk9+jW(Ycf zl6!NhU}8N(2}7ork4Vp0Q7mC^(w2^wgZN4!A|3LF=qu^P6uHL8=bHDEG<}^kUL2;q z!z+Sj&lgXGD;kev|1f|(sW;Xu(eDzp)FsSd!)vOe!}@t3$ub7~Pyc8J#nq4Lohzn?ZPAL^v%wUWq#f*@;ltvGnS&XhTaCop zfiSpp0B(D9623FCI@fb+F@Y>lfc~5=c?n8XBBTg}>yO!zDfRHYK~}5Bg=*3u>{;Uv zRoYxh$6p_1>1(Mtr&=|9d*8Lp6g5Een5#Lo>AtH^7QYhMj0Kj)6vtC@L@m13)!=E3 zc?&U|g-N1$$@WcK$f=iVjf!+|o{|>Pa!pp!(CO*o=+O1gxpH}C6HOYG3vMrSGv<)b?1&tTek{cj!>4F!IK^wv}G1G$h-K zKOCxGD-L51W6PS{k5D5Q=-Nd^OGznPTi#cc=39z7Ik^+2Fph^6kp|nqg{XA)##f-@ zkh_^jsFm~_SfM*hhc`yWfq@1x_C#66^Fvs5J+_-_6k;fj%_PCHsdOoObx?xTP^vJa z+$91?c~4OyVAE5~%AxC=*=W^=RyQSe){J7JPW$HY{{mEolm%!#O-Nug(f`!zzvCkp`g!ndUXfZ@A^C0j7-<{F_nsl$ zB#y=H^HRJa7bcH^j=55IjIVTRSylS&&o{U7O^iTMX=bn8T6UohB{S;h{)LM7@PziF zUx~c^CmPS@rbaG%ZeOKsWEwUUOqi8E3oY*_BI!;2iYlKv%0@weBNSKM718Sf)SfR{ zl&Y}a!4T6b`?7A^_)S6)JnZK)Q8{kQ&b&**GHw)n&PhqUP}SNCwP-G%daH${Xn{GDkV?a5c?rin z{)P1)=16S`^8Q(0=3iC#LX`*+hde9F?CY{4wn~Z)l27ao3P+d0!R+Sh6>6$|dJ3~)FDCtyn#Ka^pET}m@9w^6~c}Ieor^CoS9b^Tf_350~Fr9*r?W=Sv7*Do3!U` zJ}QKN7e@X`ZVO!&DoZ?R$SJgPw+ii+;xXLjIy2+hA9cuq`l0h|hYG43siUn$_hJ0D z1uO4eSsJ}(5UA$!qhRx3-tJ(p>*lkB^)?+8e*=Lc_v19WPls-^4N)%BK0OS=Kxrq9 zjoY#*XKPrsThHs7Yb8!di=cs&UDpean_S?U9Pj0ivz@MOsjjMwHsfwhA~c;pkM+e9xk1sKHJyVjZ&n#Lb3x@Ms+<&-^&D%HFCE~jK|ov}CLg_mX<{R(}1%=dX|#(8YcIZ(QC zxUnL?&Z5>9B+M(=x`yzno6(5rjIo|>-cHWwzke_}9IQ+Op<~ z!-K&K{T_vAyA9BQI8c4qELFT)a1lxcYTr4-U7u-Dt=A+>WGGq;kR)Rba%K|pPE}al z;69&S05kOI*DCQ*(HRpdW+Tt5t*Z?+-5#$2hA&h)%Lm}}cdO?THQaT_tKZzQtTG-% z^5WUmr`=RUDWcaQ;lx~Vtgyz>2?5qT`x=bh#dv3XY z7f;EBzNMB>_q$5@HM6GSSc2xbtMWwOWSNb8k4V~}5hy7M%KL%Cj=VeTmCR{xTq1I{ zpIcNBgs;FZI@_Ed^q{G`EE{_}-^oV7KhJ%&U>zzWcLZB*+~So|wZAe39u|+;y+{v# zobGly1FyA?_am(tdh1nL_P7R@q(6>~Y1oXi&eXkUKUEuQw|;6L*|`PZOF#Gq_n*aY zHrGeYr|zK@CUVv*UpL*F-kI>$IB~nxA`jyDU1NH5LpJ)G+dSRF>a@_c4mlxP1Z3d2{=EcQ< zs1PBlq2Xm?lBoRa;3b$>Z_P*V7MC3KGe`T|t*Eq+EGrd!nccP~=Bk=+?Amv^ud>!N z&;A-&SY;MkD>YyWoR6(GAw;{gL^GXa-?jJ3l$xe@*?#z+yr`Vd!uJOO>yuUdn~~`{ zo!7G`-r54MDBI5RKTXdY^@BGO(oITDNA!UzpHDs0$UT3e?nUsdkf;?L`o}uXuE49O zqH2BERTwnKXyd*T!JD0(Ei4T95AT0NkdCltsUlX%PybN7@XXcX;Q-Q${?Z_BW-=b< zZ$pIY$%DKJAN6p&@-psu0D$nrtEC#>PcmomxAcAi>YM&z{~0C!ySNjDU}x>Q_TYua zawvJkH8Jg#%XP-X9e%o)=Ew3&gml@rg*Aaeeizv2SVCG-P7~dIWqYP=^$)j;N^|2% zT~#jE-<%W6Ck$3-G{3gX#~jdoHmo-T`5KAd7-!USMH)UlAUX|Frk|67up&Er+1K4H#;rJj!KbOMUy4b_#x7o&<`xu6x=u0oT%X%!j?0YBOblOSOCg1v^yG?d!vli-Q zs_GUMrOwG}!kQ?sgWKcpXH!RJfue8cgl@UyofNrV`bFUpGIDH#n%inaR5rq6Lg9SW z%06svMFiPK5m|9f=*7?yWGnkc%xV$1Dp*=;tpTVrH)A*MJeCcnN+Y#lzVHILok=-K zSs50l-TKJhWXUH@bd|fa!2ha%uflv2P_uRSd%d_arqL`kQR;~m5s73U9kC6ma~bOE zYon&Hio`#w@oN556dyXnfVM**Yc&GZZ}P`fADGAS<<-lK+#yhHHmQF`r*?M1VQ%pg zFA#>#6tnh`+0~1z0eg#2e*ya1PgxCrYaCDJsrrmxX8+p$`U(9Upn_>a_(8mUn5NKb$U~ccdsZ z$!KfhFCIvml-Dm7Y7jr%9-3;-!YDfQt{2^$0v1@-j`~yV~83DBQ z*}F|mjydKBhtRZg;93S@pcr|aKjgMEO<;WVHTp#1xA@Re=W$0b5an{VSpQ7^H=zxY zUx3mhwxsUGfWb`MPx9Oga@;^sripVh@@rTG5jca$iMVIfR=g8v(JGw9UdHh`=ppDc zN3qE5v|fHK?qMB;_qN2*5_nmyA4fEXK8nLzpj0Uv_8UhJ zccWVlByN1Zb|mDB_-?yriqfBP<7{^}BU6MY0W}yk-EN<5a52AjS}Z=o4VV$ zhN`RAg3g2~zHA7#C#b%VsC@duI)Mr;Qd6eNG5qE*mTi1kP*R8AX6|`!WpCBipsmFI zxVg~eQ2Ombw|Gk`fjE3M$__!%#;;cJxL8eo6MH;y%jDE+@|OQ&#zL+c&OB{4ZvArk zGGX4?H>d$-0SV&Nj=%{AAGzY=cJ}iK&z}PCt2{;Z^STvEp@gr__sVbORb1CQmxnN^ zlhpyb>OvRRONWhMc;6e9M(H;4h=t85ZV+i z_k6__bnICp?CCov`!*CG+uLsMnrX>(3(3AJ*}l}gaSeXVC^wwl0)jLAOcl*BZrb!;tgNCruo6G!J;5Z1o- zMn*A-xyOqNwh&r|ajlkUshB7;0wXPlRHE(qXKt_8So$~D-pi3jh0x0Rh#x4>#n_;N zQ2TRflMO&vp4SFjb~}wR5`@H0DbA)CzSm(ZyLITjbcJ#-++tW^+#*{e6&c4C`kvYl zMU)ny**tmkfKXvE05vO}9@)%XnQ(Ow$IjxIi6$q3ZP;K%WXZMd;ufR`VC|9pis7{+V~cq z3LTe6d@VXc0zFpmYKYOpT|6&iX8IkSrp1Y3VFhgahiP-N2U7Y;n0I-L%Bq;O?{eSW zgxDU1y{{^fpV3gH{-6>M9LNYzYYY2bGnfdR-A~^k2Wpq2TDfcE>(#f*snTsC=vc1Q z>ff%I;cqIWZriq`{JlHoO8}SlL500-!fW)=AQ>I zY0)H3+kd+SF~uEEy;I=w`ktqD1|Fhf1DcEnG2q$7ehDIu$MORL8&gksw5P7mU+(oO zuf5z0<<_=Pr3pd3cW7$D{!*%I-Zcxu2ENUj`$M-vER9|WW=O?HxbU~)#<#EUu1G)% zMAddjENog41R^LF95;>fA!UacL?t3JNR7I7PE{A&q&)UN?z69A~UaD`)6FgDd_A#C`lSheEzz4%19C} zB>l}$>n&4$_2%NBl*?7qAVo(Mqr$36jmLy>c$CY*ZnLKT1=g4#DNWkV2+asb8I}UK zBu3IJP|b@&sc5UIT;w-P)HM(> z%%}?ceDdOJznt`0>$9IGwjnVm-v03Q-CJ=J4v}1wu0zd++w*{FNbARA>(<$INm zd=l26+N(;5%g(vttlClj2IeI_dfs%_eX7=Ul$;N(1dpO}3Z-}Xrh#+sLKRf>r2W(s z4S>3w0p$i2KJMqe-0jC)8^JwwY7aM(1^Q1f56bz=^)VQTr;Fp_4Kqd7W0E@Tf(5*Q z(OZRH@cPBiCu44WRbDYQGOo~)sybPo!>Z-5!*f|*Zx?x!nkEB=V7u({T)pM{g8Bv^crD*SX&Q6e(whE_)Y!UcQH<*Z z-)s;rXAZMf&TEaeb_>?$Pn@ibk#$g`D7w85jbtvQkJvJ9&7L{UKO=y04NgQq#qAp0 zAZ8Ab&GRZvZ56#NRK{DMrkA06gba&#H>?6kkSwD!O=n%Ec+~1Y&T@1dEex5NP$VW% z7)$csRDe)&$N0r{NeG;4I02h~${VR#@}N{ja;_3Fo2jVl_1gAqiI*;{6~*8zvWraK zP1w^?%y@LWzF!`0y^+khfW;3d!J|(zx^u0c-EJ&1uYie_+5t@nHO|>u>A}$&qL(j- zj$}6v_Q5d~{HPhCun==Im*iY-d{A_of|7RdSlT=X{{x(Gf_PZ|bqo~N`r@p9GNT;@ z8=9B?r~;$eY(yrMMRzr!n*~3}dX(i<(Jq@P5e211-i4`MzEogyntV58gi5H7H$_Uf z?Ba@FfMB~YC=&{O>*8~Jj$X^r%`t0_9IEfe@o(l;SjuLN39Ca5owy(G zV{-90zoBO+wG?rWFN-o^Ba0nx#%FFA&s8*V* z$bVZ)yER&hbQKYWkj#Ki6qz!|q=3AqoIT;_JEMB6Wfvz1eZii~Jy6>qi7aY?!_K1gi;O0ImS<_ok zKUBM?7B=@2y_oq6a98NUi@Bpd_*;8PXmYxGl_^aOeQ-Xb!Auqvyb$oHgA6HG3D6>3 zoW?MWXOYm8d8ALa^x-<1(5A(FhEZ;Ate%@6RK5=d#%GQlM7rcC%V}gYq z3_)A|;iA~rp+mbYD%(9E6z!Lgcz43XMlhwVSCHS%A(GGC#=`a3+6*!Kbfptf21{U0 z%~PNr(f-=`GUGmOj>q?_KluK zP%5g*r$c|BmaowK_~W zq>NZ5t`g;&&goF)SNIp&_;W>(jA5-cxE~&O=301s_}jAgv&!N}gk{upJ`(KboZQ0l zh;`P^7OI;ksm~!{ePl?L5vUN+*it@krr+bfCdBgN){+@cZK(9mJ{!WoQ`e&FWRo&o zZ8i|$p_S=F4DV#JVVtqFGMcX`dx!7qB;PCAP19;ml$BlEV_UD6O&e-ZY<~~S#FO$_ zlj*rz{SQ>EUZ*|-tARFv=26K38!R5L0>Zw){5fKdV0 z$wq-YZ{Ez_NXo&3x^BG8S3-1%(t^=aZ~B8#G{1DksurnQHVT6-1V-z0-FoFj5fqoX&B%MDRxXON=Utxh7~lE$P>F{lOB|Z9*{IjFt~8t^TfIRkMd^QIf63 znnDx|y!u)VpBlRHa-y&IPR8FYv#qixiC=B)5q8*}(&{3uBR60S|Fv9R*}_!qekn(t z1w*Z=g!4}VH>EWXd571Ipj&^xPF-m=2%8p|c8b#DiDHDkX>O?;ocNw_sHeWs! z$eF<{;jNbFoPRXaG27B?{80}6%2TaT>KfD$M7q+>=Rm+nf?U2`5Oh=PZ{qIpuQ6{e zw4hn*qxf){m*p%OVM*J~c{fxm^r4UR(~?pRz?|lL3SBh0+}pGnS4DggN7e*OVq}Cs zJtt}|p^;>4QrhxCdG4;t5odIM&4ITxwZ45TGu-aOako#EmX8V=I$%bcn@{sZm5d-c zoHljuM9X7C=RP%kOLS-o_P+A6E-OG(ITlml68?TfCO<$5=NK<>fAAJ#S{irBB`-Fr z{1bL@4haRd7pL_l#b+6V>qKd#)4q75alEaOd(u4e<53TpFh)z~-7j>LMCwT3+x4dB zXEuKFymSP=+?%$2+#gUOH*414ZDIp-irjxcfv(CGVC^9~^zUP-$@+hEx z8n#t2)KE3SZ=*#C+6TfgJvvw83SL8#o3i}iX`?$1>BLfqR^=;1wYz`FjTV8>N#tp- z!C(XBIro9~t_MrQ=(RZ)o%|{=MD<+XaKj2lXAJM$t~t}h(sg&T-s^EwF1)q4P(Ys4 zI;+OUB5_$2=HyN{Sd-=3Pk)+=9CL8ZxuzAh*UO5xlM}mKB>X|MmUFrhP1e&z3xj zTDR!lKu!U5EOv$@Bm%C+vRi+Qn=>&XH+oN#x^>M8U>c!N*j1o=ej3Ib12eOH!57vO zS4SBgmL$`7V6J!rg=qF$8x4|!s7t&;`oY)3PJ$)ag^7O3Dq!ZW9L+~PX$oH(s<
1aB3DNEytL(f~al~o-B}q;5fN{mKJBTUi`x^Zey_5c?aw z;FU?6jT<$mlkb>8^Wcv&%d(0pl{HRTG-FiPe1?sl_j*kSEt?N_9qJXhN~@ChI0~;< zjMu1DlVZZ{9@wTsRSUubk;Z0^2A}Ih^4{-gu1euzFH{H^3(A93Oe&mzJa4C_yz9iF z7f#}S8Yho%Q-KHzrG+bZ@@eX_nP#4pTZV@5xe!7rhN@SjAWb!KPvf!R7Z98uET8KU%;8&XuW-tH+O5N)JvIA;@rlgjnp1{TUl^b1uABn3{OYIEB2-qy-;`4$bk z3C*}z#UsH+mTC5L6U|#zDzfx@3GF%SwmUa7 z?P|UuQ4l77c0br*{_v#9cw`OSe`@BGhR9@sPJVYBD01?KKz}3Y~Z`O$uYN!B)@Pz(g#S~cTy9dpXNw`wWaVm>^%>g zV!Fx}!!(+0u1WmOi`?`e*W82LfGV(>M4e8Ve7~~9tPLjaV^Eixq9IWpY?Td4eG>1G zntVIP5uew#yj>M$zeuRDnc_}p{cayQMkrWkZmYP!X?&m^I=i@9S^qQf-dtGby-yRm zL+=6amo!pxZ;g15pAHx+sCLsZ_+V7};x@KC`$Y%B9Lk(10tk_=&e=&Bdj> zdF5apXfi8-ur%zo3PZT5sYj>wQg^p5#lYLqvXwS92{n<>$}gw#fg_vgdl9f&7&64Q z+=LW0A8tyx32OkY)(frgfH{1 zyBb42`s18m#$3`E&3`=$r>bS|j8pp(j)8*0x-x*x`N$jJp(U2pYE9({j5~aDHyMTq z%TVsxG8G_j3@(vi^4f#s;HNs!S-Ke@Rd|Uck^d}GEEa88YS3Rg0L$`rQ=T*QTGTfE zp0(+nA*LdDW^k&P?^|iC*YY5$es_AJRV_diHlGw5Ld2w}j>GgZ6mH^2DKJ?tJA_jk z+uYNYr_Pu2kh1wA#|`BiSf`gZJ^-wIrEg}ezTR=g0-}b?Mng7Yh_%iMmY3@CdHD~# zIK+_&fwXZU8?yE5#PfwoSg@SK)SQ2zli>ajL7#U~CdA+YVNQ{iP6OCl`}t}wGwPUr zrE&Z^!gsjPZXHGHc3u@W#BLiTM`OJWOB|3ouR?q{LZSA+ShMg?4U`$UQZ8JDJGl-| zg}G%FW9hNCQiC%iPm_d8RP(EkMLxaV|1Mv2Zp3LS0bXuc^)dvXEuOR^y~`s6G)Q%) z;b}r?ScKQoXh7K3Na}VwVg*53I5pu#9fS!uCgl$L&IU24IgpFFq#Fo03}NVPQq$@i zdFS5qu)>1Cp{P4*>2>?UZK9P70TJrn##|yfS-L(40vfHK8QY*q!%+dDiM0>l&=Zy2iN!pB^7lYbpWN6l8e6aMzhrLW!krqfsLI`3)4#2eS3N{oo@`cHUpc1Xn|7Qykkn={xzEacOTy63M)I$zAjzKITIn`Y^JJN z#FcRSt_!-!me$ReI(y`gBUo2utxP)-WS_=JT%wo$Z2tvlJtlTc%8u~ujqZocr@268 z0s7-Jqr#_&vfZD50YbIqFKmwdczo%ZvfJOXUDDYp#XZ2w`+Wzn8&f4;uaO|1+waXE z$vA@fTXZrJYL)!u=Ni{7u1q52FAq8gcA3no_4}UJ5SG}?)4d0=bj-iGzP+H!__r=G zf4lq}(*0gQf8<}k{P30#5|EmDt@jAzNJynKa0QM3zZ zU-xxVS?7+@G0c`ENZU|H{_AUx1s;TuMW&(wQmxu@2L%aojkPek5B97HxI* ztHD2ck^WnDR$IX&dFk*PQ%MJ#zqfig`Zua;p7#+Q3MP94hu7@N_dXTb6E)jt1r6fV+db>(s~~C|i<5JOK+(^p<-o%I)F2lAA?p;@);4TMt9a%V`bm#Q7MpJ?2Mts% z_(puGJ$6P>cmAxy*Q=2eB5&cRk_AM>s27(pdc5c6%+i};1#lGkkBuv1RZHs6W!e=M_F*B~Tz&CPfK!IAcrK+ah&}$) zy&b-$2roIeOam*I9o$4+wuFqCt!Zg%G?y+<-v+tqcwFz@cfBBXeV6lSqLl6KkMJT1 zoWQgnwAk7FaaN8KQ69o9@giYNX`fGx+~=6c={PyWo^#=H{*G7+MQZ}$7alS>Z^UaW z-6K&2&sqwQRvoxdC&x>vvT<*F@MiMVo2t@U(DG%qK-Gjt zYL&?#IG!r>05UoVTOESFJxZi&b6E<@E7@ZSt||p26M7@CXuB}0j7@7ADN1gh5CGv@)Nwim}R4x z=#emhNFJ<5kjIA#y8c~a!MhfcMQF94K=r4?w6>Xr4*jN1s7N_x6;}3!F(RxrcFpC} zgkCdnYFuZxz~+W|0=}P28|A}9X2+yso4rUv?>4tnqXCjXI^%yF-5qgQ(eqDxfqe0@4CWsG&($fk*-YLlvaG z(mRA^Kza=bNC{Oy=~Y?+(nP9s1?ffqyx*E{Uj6#~|IC{C*P1Ly&c64YeeOMXpK|v; z``MIsQ{u<6yF)GOIyI#i6`nwYo`%+Ce@sRj3mAS_&zAi>#LE=|kO~l2lGc`*(;UIY z@rNen2bBh@>VG9GJ=p(^oiRd84VQ4!eXZ)Kq=4q2L~`uvJbl79r|O!8O^4AM_bxr! zJUcMmRWn!Zkie$K%Ts(l9~qB3)QEmC%etjT-J+I!BU48}a+*m=D~zdUKt=Mp@C3=t zM)(?8B>$Au!=uaB68%?3>v#uVwnjlB3z7<~O#2cF5;hy6rrQ$f-hdKTvH+n~uc+Sc z-I)Ej?R-#y+&3Rz4d0QPEE+(JnxKe)v2vQK=*Q)E`}*$RJ7Zi{rjirV`+hC;slJVc zyLS(UK=MbePvN<>P4Ft*lO73tF1~~S5suna+|)1C7AamKim^`{S`z%!2mX{)plY+l;2N2%iDww+3pvXOtT@q!i=i z%4RfAew#s*pM*{O9z9-QCXnft{!zkX!oiQ*!>S2;NWM$PAk;KseMnz_x--zlv6p(i zD{bsczORzcJ#xw~RUf{qZZ`XfZ(sDu@7(5dJ6_3%wbK3HO8&2#D`5Le_RNEdv@Z`M z@~W^aMfqZCWqYwrb5TdaKgjG-b*AmD=o8LvjKIAfYDXyMEFbk=dIqoGn8L_QZtX>P zb(;D0PgpH!db3c6{*ylPi{R7Vp{w@keRlsf!U!+Wy**JZ$%W!Vfa7g?yCso1+#4|H z@jcjYE(Zp}x8*FSm32;rg_2$N9_`Tz?X90|*&TS{*G7Y7kP*)M<^huQ*GYb=VDX6@ z9v&jE?e`miUmOMh#$}yR-~6H`(pBX|x%+aDyLL$<(_mqQ(=*H=g{j&?AD+F4qfMdi z)eHYg+_JvxYoG--{l6>~3G4Z;ZUI`TYVa zU_uuLL+Be&-eN|q^{U{X2bpE~RIKjbojEio4HAFjasQ)37xFH5v%-0 zCdaD>HB(#OM>|ES#0=gxpmnSPK}X%%eZ%ffn?WA&QVnm6bX$0hc2&i)p1PKOQ9 zlkS)RuDEM!f24nA@PC_T5E|S+&XrEszvp-TrD$Q6Wk~ZhS6e~-xr3A0f2k#Oi(S4{ zTUdTh{Xr%aN@8I2dB&l>ap2B(Nmzm7kliwYOe~^h;f9kRU$^Jy#`&YUDgM8$a zJM!OGE(7HUuXlc?TIDzXrNjSwL3Z)Wuty4oVC7tTq!g@jh_~@Boua)33AHerUE&ev z^~&9Y^->V-xYae z>b1n^SinR%KVJ)tBN4MhzNXeu0)3q`{&qaUJY6eov z)OHK;n1S+EF@yxW!35Q3!6KV;_B<3V1VGdJj@Q_hf%=|;-Sb$titsA=qg+#(gh8UxocO~q;k+s~P-DJoF0PHF z33oXoM;2C*sh9(Bpe3BRL@>5v8FXx2@B2a>sI53?7QcOXu z*Qz#N4&3Zmza-w|AX6>>&8Y+FopLvPyDjzp`~1lNk8J-^it?8}rTeOKpSa~zH+Mi8+LZYVgR{JI4crz7 z86m|ZH|{$Cdp3C49y3Dh(s*UnClO8?VqywWRAwnGEKk|Hdi8Q9?n)6>tB`7+Rp-x% z5aGQjY|{(zCt{}}@OsuLT880N-oydbxNQPne2_fuOs4IdX`6>HT-&F!U(%!JSW!d9ivb+^XU$c)9ghSVd2qIFP2vQ6_cA? zA3osYCtM%n0DZj%$%t5rOXtriMi%o1YZ66XS|yaMJzSybJSr$Qqm0tD&(#B7mPT4> zP9nv@bO}SuV!ItHNe92ZzLf_X%eP!K;Au!t5 zO)=(p!uf==oZ09*4qAWN|h@OV5w zU)8&&limmzhB0q*;ZK%_tr!Z2zv5>|aWXaEn>GvkFa-3%#A=p6^#g;4)2{dyWKuji z|1etGAHU5pquc2$T%0{zzcLsPGh|xue=*D%Y(GBADm6OqCBSy zbt$+q`NxXyKd}1yng8ES|2l!G{W>K7xzxGm-pdKKVo0}(!)^B?OZKOYAF(O1Cgkje zhW5F{L@2W>r=lrf44_1y8jj^Uf`#nWA*T3kwMDg6gVW339>{aw^i7g?Pc@C6wiLve zW{#utT$ie_w0V_4q;3AlIxPpNA@<{JPRQNyq;XuITG~_9qA3`lBCkvB=Cn^C@nU>G z2x0d@uQ(+p7wC?S@On?#a(fk5s@|F;X9y_E)oe2xqB|6=K}&0Gj!hCA%U-u7u}1+D zWP5QE(i6iF$gpizT->&p*cRDv7CiDH8gaI(%c!yaej?3^t^nbv;Yu@q?0DHbWd`I( z9Ma3qG#nf01f}PCDBfFFOtQ+V&FacL=AF#7*cMP{(vz(cKPxH46N=Vmp|?pWOv0z& z$5fapC))2f_2T62SC%)HD5oE?S|n=bbcSzt9fP5$^EqRaw~wru=cQ|8zu47oet^%R z;d84S!#w%O1fQZi-5gxlqa*(uQ3=S75Q^8*2`2NEgftGmHs~*KQGWX&uw@cxv&c15%@sJynI1V2h5q zP^_5}9j+-*K6rd3=ST=;gV1{hx+iqOO4+Mwz`xZv*Y{$(2XY$Hh)JlGO2SSZtncR&wZDeeW8S8H2BcAmhyvjAJilfY-#= z$;>eUW_p6%`<}>3=<9T!3*hOjoiIpWM2oOYVd$a*U-VZRp_}g;)-?x=nw_Nh1@j>m z%3o#Y%U610LntW4VNvA6B=4_2lIM?FU!OKJO*zVf&_3kY>xDHfsI|#!D{OOw3W}|Z zs{|qx39|0#im%ssIijphB&ghy`=UlyBt{ zHPjI*u*O@SvKggbq^*jV?$1VNnz?TjXlb#IX6hFbc7z@CfeJ$CamZ*6jG&=Jr$NY( zWLfF!>+4YcbI&26`~EWjgflw&?DZB;ee+vHlis`kgC7Q=o2R?pW}8o&&SsOAjwX-4 z6wl4Lw0~u!{dMViQTtWBl9IDLTKDK>#cC|GUflJ_Q3JecaubP;w3fCA6a01 z2YHO_Dx)r(sPEGmAoK+IiZl~I5N zArIEdhL&V!*)uRLWLX~ZJKghww!%zbjP+bgo< zbgmon8gCvM&fO8}YpFHb=r%~PmlTY;K*SvO=v==*E9cp6ZFtWhpH(KGL zSv_1FZp6~FgOFsR5Cmhw2pd88JWxu7JHnu2EYIybVqc4y)XIXx9~mY3 z!eAsVlK{P@AC8Rm=(K*LUMAh8wf$^7VuU$@G)^MGM zT5xVgR+(To0h?R)1vjqZ7gVF=wt9w51$yZ!f>_*ffMd9-@93L0WB*qtSr*;cj+x9Y z8r^dH@(MxU5aLJn~h{7w$+!ePZA_lN7)jgR|Im(a?I=tneACV z(a;|nogiQcJCMjOyu92!<*{^n%Nw(up(Z0@s;MnFchU+9k{goM88OtmiUgj9MO{r4 z;0`J)tzVs?BR`&XW|NfOt4fXEB9zIVM0PrKWQ3)f5iZH!37E z7V5El%-eCOey&Vk2SUozk@iCN4Rkz^%lvsv;GfB!*$b;W9mQ|SC~yC=NT4b}{UE!8 z@WbBzY9q$O@e^_5XAXazKBwC~&YKuvcYAI3Dcxcvx9P(?+UiZ90F`AyZCBM$<*AL- z)&;cRUQJ%|>A~1rg>xm-A=by&N`3QvpC+P-$2#3i6OKr80b1*l&n!@9sV_uUTI`0n z=oaTQs=StWh%oMB7n>hsS1F$Ub=|)n(JfP%*^HgjpFVTq`=lv5$cvL?C=8)XU%oQ` zE$A->$E!08Smb)!p4P?H%aYQYY(2{brUom9+d(*Ti-6zVM=89+`pLbuAjN%|62(aW-h+N zQ5l~*wkk68&}1h}57(P8m;HKs`bp9ptN4e+!q8BH8g8Y}c1znZumeyhCVZI4HMP_0 zi!(OpX*1;+9HP7FVOV_OofP!R1Q;a=Az(17qpW3gX`a;acV!vd?deK zp&%&TeUR}z1_As*=3Vpk3Rz+H>J$84PRQXx#yrC-3rnV6O|^@Y$$Yca=d1sM(_fLl zsw4E28?X4)tAy#eUfeot`SmrD#-4jVLj0zwxP$#sC=nKOH-1BT@F1JCcdWOhmNQ4HaWy)bLD~TbGO9Ol(2`a9)3a=EsA8Nmo z&h8K{#a;j8jcEzm09rSZT4^JF%qLL!GEZPLOm*l+Xq0-5Gh>0U2U(0`gkzZY&Rss; zxsm&t{0FaRRLrQHAO@Ssxg$pwq9J9Dn?53*zEv=>y8j;cc9Dh+b zWC#6h<@u@3f1LbTqnG9ROD`lJss2HhTGib5;y{drHu@*x>Obar<~;hj-;rW2^Xb3f3-gzLkgYPZH-B+Gp~@7zSAQaMT8JP48A1+J7&0xQnR_*rwD%Tz4h+dih!X$! z^Dn9e|2~ud!bgxZ;454>-b0)>9eaPRfyVfYl<=BQQY;!V%n@Fb0Gos{%!B1=1fC{l zxvcMY=r`PnwrVTIE!D^LpYb8nZCd{*<40Ftkg}>MAy@fy@dUD(ZeMsZ$UI0+wb?(P zyd_lRS(@`r<^P9b>h0)^PF6a5EAm8%JRlA`A_!2mY{s4Ox##)WVe7QLagAmoDzznB zXo$u2gWHj{I0>5IQfNP=z87gzLD!CgcNhHs_a^xDIsMYHtdIYAyhE3_g;w9Zkh0da{vG&6II6NYk(awhuN{EBVpbwGFaerk^zI>dG^S4m*iaOO#ga6bM$u zUnPOPf#(sWjXwDMqW`BezddbHJcMLX;COp!zt1m=E-}nzxO}6Ab2Pgv zX-A_MZD*dBr_E9V${`FVBqNUAO8t{-Av^Qy#2F*Mi)O#B}9>h7!{Bs3wOheueWw?pOa z?N#Hf{Wj4tInH$Py2q}`!1R`@Jui(zL{htj%O>?7=OFj$Nw1iC{?!lu{@wm3pE>t+ zt>o75j1NI-5+PY)uSW;_)BEV_P=A$|CR^m%v%QxIUsTLQjBVrIX0}-=q#%c%86dW@ zDtOSAb$pJwNUnKHuJ<14fIiptUdm_RR!g+aQ?Pee)?kQ5mTnZ0vpzL2@2Pre_>e`e zveJA&81vJxKA0^Gh%<_+8P+cpUVUbvB(z>pwL1;d=zYBhtPmqa8v9=#VhnjUS;yO- zGn14sm#k5$>S$vOtwBbl7+5{8O2?6a#D53K7H{qSL8iPG=7gL4ZIe@E4Plsh19g=-;;r`8cGrR;d?D4F;>b?Z9t)H6=t&d6Va+wXk_)%k zOrxq#u<}53+T&9lxo?mC0^jO#l7BT4dH+;lDFTCX7j(W>n?yh?c>>6DGeFS5| zWYZfo`+0qGAL+NAoRxt|OIe6MOdu|Y2|aBq&x~#h_Xow zSY#qoUXg(PWJPypE zw|%xcrJOpF4a3wk>|64|sDGu3zqjZm@_dm!e{0qMS{EYH_f2RK5tNqtGP%^e& zoViZAq@2YQ#~UPd&69Wgo!^?55B=Ce&;I&G{I4_pr#V+f{RrQhr92KaJuYfjelJKn ztZZ(1An=1M%Wdyvz0Zi~+$*XV0vSJ3|CHz7%5au-&Ud5k<}oZ@Vf>XwfreMkVC}r% zAR#*Han=tq#8s>+c?Z`IGD1C<-^Y-z&@*RGy`9G@>ofL8wyCUJPrWK#tSQ~#&3az0 zV;^Ioo+CsEpguRw?;$OvpvY(H3`CFO4>DHc)>r2X|5ok)_!z%2^>uGQx$iN_TO<>9 zs5tABx^wL4E8b|b{&{ZKh*7y$GMWZ}>d=O1L_fI2B&BLuqY+HPHaoxckNN(KXV1!Y zn=8+HD+$!H(BIIV`NR9-Bbd9V-#abBt=W0 z;vK*Pp6RGo;$>-H#BUihT(y~CNza44O_)4e9z84QuzXVk^}a?r_J~51-a#@eORt;P zt8hn=>1E3lwQ#rBL{b3Z#h9eKu*}5z9?q3;w}eqpKRqj#IdWk4%AG<_q0q^sj)?e@ z@R_TL5pxEWm>#Y{M(z<$jQ23f$50$n1?J4xTB(g>hIkumYyr+JJh?=fy zw8;a`v58*YJ;{-ajJU{T!Xi~;KeB0WH*_;w0g0ekfeVbmdSY@`>ZRQCTD2F_M?~H- zUnQriSRSwNpl2?lvKUG(pG>IL8s#Xe<4-F}1rglx@^f!SX>qRD0a;yncn@ijcP#0) zi9=d3slqoKFmM9yep5brvdqBz4xsw|p;ie9PnS@3EM|a_?<}ek_Pk2vd#=y^2idKU zQnq;Qp4w&^ctg|zQFk)Fm{4F+y~NWx6+E1?+-(-0-%8k-&L82D{yY`+gisq?ar<;O zVeS3^hhfQlkw^iwFi{2uXEhgB&S$ZE&I3hEc-JLIA#O3>xR@b*hkItvQMBKreLd!x zB`wOWQ4K#`LYzs~PDpG@$ktI_s;`ZCT}S|_;oJF?34KTj^N6IPRT)p3qc@)Ig+&T^Tv2f~N2OLxICCqkrYo_A5|AiLWvaJU zk~rWe>_L$I+!?1w?}1N#kkN*QE?i<3;GU>8Ghy}Oag)6+5}X(xQ{YOOQ=m}BMdOV%=h?nGqk2)ibk%+nU3wNRaa8O8B^iEY`!DBqe-n#&)6a?ps#W3jXjeg? zSmq*JI*JnHob!o7Vxpy#by~(ydRwH*v$a6g+eG}GHPPXey{B)DnGwbGIGM`1Rh3D_@W9~fa)V) z6jlKZXcw;6pV*pt@0)`bEZNGaBaGgxRMp=muHXezdq@T?sShTA(Hu!yR=~1tX=*AD zm}&luNXuLUXMc-Z-*&3+D*U&5sRWyL-*YG}(<7tQsR;%Wpw`rp%omY%W`vy>V-sLK zoUt;-u}(rR@c;`%>p@lTQ@C}V%3iHve-7CJ1y&F+_6q7*oWTMc_@@>%HCgZCk^5;w z#%0=$vxqXz3*SkpK5jJbq3lT_Y>3FOQ|~( z*0vX%qZa`$(t8v6+zAQechi#~6spPQMlIs7(A`^1Qy0@clHlDe`m#2%XNy^iI4<0^-CoQiGU5MMeCjR{^u-N0B z0&YXN9ysk(9EAhqNoxyVl9U4FKp6W5(Ee|-WuJxKRqYqqC`lY%+c{*b@@>zTN~m5GA6N+w&6#-eF4efa2bGR3Gx;b#+A!-kTWCobmR!5! zf)x-jp_9xKkIj|VfdvL}DZAoByy~R57ZzDy+>s6ebHR3-NYZ>A;^x{}( zvDT=Mw{L4rN0j!ZI=-s|3igOO;+@h2Y>h)#ijlgt3y<^jA;f1<0)U$Y+j3Jw?VB4i zMpsxgdh0HK>e_4n?a2@}bb839OJ5A}MXFoML3)-8p1>McJCt9*{D!Qxlc0Gg5zk9TtZPv zy{+Qt$E#Q33J}ZBBDC&4;+;+Y@)UjM2;|Yu?O*9EPp5D_yCa8~mTRS^QtV1oT5TY@ zbIF-qNmwt$xdnb8uy7mP#=QMePn@;*vhMwEL?9sCKpm>OC#-*6QfM2CvwGFh+wt=L z7P^xv3S>)@Ef0AyqKX-LL=oCV;nm*NtVf17$q0+kp%`7+n}&5am73;31oJCdC$fqV z@dA3eeFUVkMprKu2`8Zy(X!Zg#?)4{)G;#~J1>egb7!dH_Y+a|3D!tMd9bj1N!8{Q zk`N|GV;1vH*Z`zvA|2LWv&bAF8+^CBPWhzs#ZZdAs4hp9z;Q0o2A3Z>tR1f{0CE)A z*<%4rKwO18ve>>JBHIcdiU^k+uL8SSvfZ$bcwMO>15$h$(F!N04*^d{llpDD65uu# zxo3N{chu3|jDv2i*q~9zydC%B<(g{%!vW75^`(b^0z52M6)fxx*j`fc?VfrtuW4nK zKki&I*)!K5c#9Th(clD=-B4zu(w@6B)F_}FiYEec#6~P6#KgbtGb};bcywB-ZXTxE zC3s!F=`5a5dyAhQc3fJGa@Eqr*bV^&md(Jm&nK%A%fvszI6bRV+fNV{o@_Ti$|&?z zILX=z=36A)&AZjujg<9j*aX&4Px9ERqT(DEda4Ew$vbn<=r9onpvz~HFn6w0r(WTJ zq;aK}$=*%iGw3kA0)vdg6LP!yWs7U#R?b`72Mk@DV;Xc4n_yw;tl%da)-STo#6zKN z$Cpeo5Hzu3K8!~KOBZHZtThP(spLeyb`xyRy%zQrg{=Fay?m(_fVa%3*&G zVH!T-C1j&JrAj(4^$`!L2XL)p?A0K;Ho{%;7wcxDQBNl{Nr2VQ7+g&AfKt{+%YGml{>HHF{88G45yMA`PxRu3`?JQl+`#>kI1(^11ZIE{=ay%H$HUyXr%cB# z^9eEv-3fas+?v>Ax4$IevWZ+6-!$Es4D$dTT~Hy4S4zVudwHgl2Hj)z2;s|Ti*7g&5D0$^XZ(LJ`> zX)L0hh=jaE*Y~RxE)VmSsjIo*-iPk?gY9>1=3bS@S+wif?b}wmxKbw4(e#2>g?IM#Z3Dhti7x~P3Av|`j(3!^xPvAMD08euoyMTMCf#Am6@V^uh4_D&rD zOcdlMsy@b>(ry?f%Ef4uXFmxDV2x~H)%4skngArF(yv&*j2IPBI|_9>=&j-#e`7J| zBK*aq%Yf=^o|>9`Z%U7kmS*1FK3o4nBy zgd<7;0XnL)6_cgX&mV+=N>vjx>(+X&*tA7vD2u(Wdj0&)hnH(1HN>067gTe0`@$%M z{bp~_E3(|RmJcbHtaF}oPb(aFb5vENWnr+`pslKw3@%D4p&u?eZ<938GU6N=VK-&F zg^Mh_Uw%^dY~s#h7L8<##@z5)m3A2{gD(r3>ma7hpAZ1XI>9ieS*l*nqeW;I)L8NN z;8M0UwY=_^;X;JEk@^e$@IGH0uqjT}A`DnNp?P8!3T2s>ev;PaOA%$-e62ARPjAJK zF203;qK<5KI_}6?NEnr@KN)1sBU6;hB-cVq^@I$^=^uX}EFqq}bUZH|VFC|(YBT#DU3D%A{!AL-_Bcy}q=^8H+#XFLmUIsN@oAc**T-Da7#-7b z&TTfH6dh?+$R1eR>!AIz`IO4TmCJpET-I24NncgA9?49d;h2piV;tl8 znuT6uJKJAX+BYDUWq>cHDpoW})PP27OY--nE)Q>mE5Iy(7(-|71*z1Akb$Cfo>$** z_!iff5%O-keu2maf3K{~P5PdZE1a>H-XFfp@#awT##zo9Y44+qxksyWe5(zweDq;# zd0sjMDL0?c(De9%l`FoD`WB5WUQII>(`y`_{HC6p^f=7&O?r`1pV)i-67lmnGMdK{ z$uO`<8(byv)5JCjv;abC2@N9o#%C^lA5r_u4vwxY2~q^ei;GzyQ?Qje{= z70>--7&(QMPnU0^IbuB>in&QO?NH}+fArJ`-D@vcq<<{|l~lhRkLD}bBg36Y5FFW) zpV%~UZuSmehIHr(Xth6TxR5f%3m$V{?F9|lS>jrGfI@0wzXu!Im$MEu&#-+LgD{;k znsz;w;>ph!&>Egt6Rtu|q4G_nAz&9p*mIG`Sy#(#FC5{9(>(WpDuoQbX?oXDHZ~QYg-s%Fl~?vcCA<0E zhnJ);a&ULXm>D9?Ds2q-2xDxS1~t>hMG{VyDO|z@M9v1ct!0=US<(7eu|<*jI(_@k zY$-vu7Td|(WvG_ugw$n|;%7j>*r&{Hi261h9x&K%kyAZG4w#`4{kr}#$xGgNhfsVG zw5z~sIJCo|sHmU6@q_Hc&E++NkIwQ^=D~*eju&WzyyRdvuMH`v;C%3vV!8M$Q;NnM zI%~T5jDtre!(O&SMKVXF3H2Oa&955o9Gh<^J6*{zysJLJuH<9v=7fWot~4dM(VRX; zgN08OHOv$@EK(U)(p1#9uifZ$3n)_si66<<`TI`hh_u=i?;>AfFplOskjG zGr!pQGTWPolY?5vm>%HX7uFbP!PHvy{9zWJs(Be8E&4(Lpk^5ZdUD(+>b$Wie72a2xw3h%>7x;pK`$A>%(2SR<)tlnlZjtJ}`q3y`A}CpEN7A z4x{%01@b@0_E3^5RKz{!&k2pS(4+FoEsla+KcWIYJiN4g#TdL2qa3Wi>h);ZZP{(Z zGWCs@%WMC$=lf2C-*>Yp#JzCv#=*)R!_Dan1P$y2l9Eln{vacVf{1pj!*F=E*ko5E zUV-Qlj7`2^+~En!iL;6my{^yZf9y08=16=AF@X3u#^-9`K$Ut)?Jo48WTpEt6p4}x z^-YGYGSOwx_RO??BQ&>l99YPl0$e!U$M-)Sv@sjz z6GBBc!?FVFBcpw=2 z=B`BY_h5d@iNzD!A@!iS*;iF9dq2pkoxe*gQ%L_Mv%gQDS83O#h;OsxD4f5~%$JM# z7~9sh%@klJh|Y85od&b8WS*9`0*X~eRFeJ4?>0$0%w@<=O1!d2*<9CGt@xx7y%SJ{ zs30mRvn(X=y`q(RpEvIi8Zjzyz~}T(B}ON>?NaE6HaMmiOc+olMM}df+J)Tu{b~kF zyf?zj?#5ZRxf4gmM0#!U4Tc4~EW*34d3MS%d1f}lJNlub(eD)jK z{(k4`?|wRrGvS;ZWe($UPo}4lME*Fg`QE@)qN>4l&l*dcnb4(Cis~eYQQTNJ=s96z zpa%NO{z)5<={5h^uR#vFTOaSWOQr3i2R9*{GKWhh z09C@&eeb==u0gr`YRadxG|EdffOK&xp;P>kYq)qjVM)F3bTQbJ7%Uc>Vb|~fZ!LX# zBXpPGBN6vB*wxzj)5SGqnoAOrzW02qZVU#f7%yBTG6mtTy#HcHA_lMD;Y^QS4H>E}Iu#Y;2c&g{;<8`pY5YV|gI}A3q%+z4ir?&6536@HH0J(_9DJo# za~ynCtgOus&Y#IDBqPCHv$8gk9oI~f4HCbSU10gQoBHX;bxm>Ab0$^pgjX)$4^#Oq z613c4{js)%!b8LQg24-c89o2J~&-7GwbEL^-fBRLz3hibo( zaXK6s>;EA0fSiUmDS1evZAWhrnCMle%YPy zt83T47a=8lC%0mXuCtN8*i=ls$`BSmW zl1Dl00a3n%Z@vFSvj=^!ibY2&uZwn_TRuu3`s$-&_dA&GqR88`>tttkc|IM*Ue6>u zb3k?`=gFT+{QUKYIo`Tf)-7ZA?w9_w@APMMPN~YO7DqO*evA*y-)a6#z5TiPe|4Hc zDELZ~V%iTf_1=RiC7-|Q(SN)CGso&Nu}5ARp`D{t7H;hIS0`9|15|cNe<2El48)aG z`cpcVhi_S}XunSJ{p9)e;on<&|q7 z6`>*JCR;%nzp|dqvwZ#K_bgI;qc^Ud7VU;iM|=;93?AMKxOZ(M{CikT1M?|83ytCp zyK~ov%8o85^0wxCt+NQ9yLatl(f*G5$HM(rVzL(k&vEKbE8Y+JnESa@?&zwW0m{4nZeB%=&etIVM+8lK)*Em({02wJ-kv_|%6 zbxpM8x)-_Ef=rd@eF@R~7q2Ln+4(Fds3a@zh77XHv--P`UCz8DF20o(@S5XO1RIaR z>JTzo#nFqN^<~XqzEK{KuTDW;H+%4KoAtW)TF`YHMiO2`y@VtFlVHdnG{?762A^2t zlb&TN%d>?Z?`!q;l&ro9WzERWs*jWV^_BYn_vQaXco|)q+*)EPNHZtag2O8$+qNaQ zknT~M@^NHQrb>xtoSE*D>V3!-gX_Gv~@mcv+#z2q0o zqQ`og!5anh>%?3sJBgIUvTYl$wfXhM_oy#vPjc3uH!m6AGyTe_@<(Nt5637Kx`e*l zx{{ZjF_8Og&VPKP>@acge{z2ITedX{44!>?s#8g^s}yQ|VX7e0WADyCO}2l#cl`&B zzGA*kQvY$_o)Cq-h>rC{ln>&=MO01>NJBKSj;wQ0kUd4N9ghTlNg-o>wFlk*Y^8Y zm1OKiP>p%EnE_UEExPK#U&%CU!VGSOx*!C*bU`Q8QXf1R8=Z~mtjN}t&Zq!0o4Q&Of;atP=Evzjm0uY zJ}P0)iV`~)Bl*w<3STgH-Sm_Qf8!ZE;WlDO4>bxZD?Rs^jDx2{ujjSV3Nb6uP%j#x zv@$e$S>|S}IQF z1k3Ihf&$Lc3&rsoB*R8-N<5boAnohGB*f8@lre#-GLz_VtD?=0vWa<|E zCvqfPidFrfZ>U`AfyXvgbhBIL>D9P<=l{3Z|DYxblG@QN2MND^-B@l=jxH&7)bw3; zl&cVsup694=Y(;YG33X_OROfO2YVq^eYuvOVy2Z3-eA>4A1go+r5615x)VM9(at0uk9D+^b7;MIpYE!JVQVbMd?U zT?sw5S#>@8@=y5yx@R~%?tJ~Sz|7&hrgU^;(`k05OGNf`G+;+rjqHDm{bw}^r}um@ za;i$65gPrmYMEgIC@9<%|AZT}C%>=Be7K&g4N!z^8if(+QprHMIGKFbq6E zoD^)MFtNmGsh#H=$))i^+-TGK5nQ=Kgo?82Bp8G=>lxq-W|$`s{M zmF97ySIduo)b7LC==Ofi1}C%at)|a|(=rmdQ~EqF?Zl)~yxiy8ZIiTyAqim9!8|_w z2^;T@^OD|=i@)RCZGtzRjV@%?Sr0hJD`$_~q;Pvd^wjJ?ExsJrYIluIX7|VeNUTAW zFD1dBh1zbiV|jz(&HLP_+%*wbZ)x@>u0j{`rxA9sgdlYj{xGl}3+oja4-XF^6yml{ zuTyAYC|5t)Wt^5QQlCHlO8j0j$L-b2SrjNy;X3NO8ZJ4?SMBW|MaHIS_Jwx9jrj1Z z%uYlflWsf(RW*CnOq4*I45ua^2Q=c&rI9*q{*kQo4eH1f4p0B*Xm{IgeUZuYOBNo6 zpZX`@{hc~-F}$!$T|#ZKXU!bM9JDVMqMM|d<~E`y3*ix_e#pIeGs~yHI(x`v8kXp3 z@P!XyOcMjmgPFUBX{mex+QV$r-1h3FQc>{ZB7H~4A%NLP?i%7DLVBa?iy2nx2sctV zH07A+Xt0W&@*j7FsA#dJozXC*1F5FREv{tiqz4M^W{;ZIloZ-pkBUuc2Iv=gA@uP} z6Q~*o^;8inEqO{Tx4_!9g!v_?D)CjXigrQvJ*T@$i#?5{{VPxI%cNI_2Vu3`^#&2{ zrbShw3$Ne3$rq$&i~OSUriyR`_mU_~@Q%=%$a-71>3B2G=vucihZN;2N^<+*YL8jV4XYbSQHF3rX;+1}r51v&7 z?uFHG0@-+vw9H^RN^(Pmy)8<){e0#Bhq(8SYbx9KhS9Ntpdh^|C3H|aBH+*h2|YmQ zFhD2?O{xNdj?xLehAJT;ggQXzAfxmqkc1XMluiH@q$ow-oO_?=%*?sx-1okp=icYd zUu*5Xv)0vygK;-xWNR!Tml`frpz(Jzu0)BDZH5NvJ``CCI0j<=b@% z-Vzz_yy2;SEvl6tpIx5}9ANh0%{mYQ*Gb53q&h2ulEf9cVi{4!_hn6l=Qo1WqX1HP ztYvu#lI=FA^LfGz3z8vj8iw!GjHq1w?3G ziR@+fYU~+xYZijNnli#24!fss8a6m4X%~>BEJ2tcPxDS813TZFVamk2WjT%F((`cx zcjtMejURR<^O^}~R!F+TGRSd9lE3w(IFqKkVUmydVW%Eoyj^*-d`>V*X})Jyu~|bVrVH5&w=l?&jFd-gt@y_q=SUy zrU`NFSKw(aA!VJWW%})VNi>ZUY2ynDuZ@|anoTpy*_cV^@NQW9^d~V0CbnkB22{Hw)%FeN%c<>A@3Sxa&~4iAG4MRFdYrj%?;k;1(`jM)e zG>6{ucS@b#9^3ZYFWd*=(F{uO zvGz)Y#I?gDFZ&EP3yj?^;+pbRR63t>L1@DU=p#+jk5j z^amTH6MYw6PDn5wI~hgoziJc@yfRRbK8)WODW#$nxEqCcAZpSSp9j+JJg?q$@3*-v zuw+@cew=$gTSMk9lUstx8yV?dI`L5fX3v{x8N`!b1Bzm@ge-V}(1CvQ+z&rq8mNPf zSc2DH7~_WFy)S39A0}%OeA0w7!5W0M9Sc~PsFw6~2gHkK+b5yJMgx`-LvKfGp}t~# zlB2gkBG{?pp!QO?O8C~>ZQ&g`N|KQ+|NF#RyY<_)(B>OZb=!}YLp%Ad$`8$`S*kFh zr)LsUOG+?>IWgoOWJSHVQW%)SC;@f%detVIM)la=+jOzx{!Qxu0HBJhtV9M@9YK0(f6Iy-nLZ1{mJ7 ziF@u)DoCG`e`kaJf|AVr$prbJ(=?5t7C&F~8!+z`8k~W)v{AK0@^EssY_4MUC8EV< z5ph!34#&jiMfretvIM__RxT=yfQj(KUa$`LlgA`MR(E^mP9Ux%A1*T}2biD>|9ICqLagDhz4(`Pa=XXbwc37iqTKG@MtDV|*iTetm~h7+RiP z*na-)Aj?MvRNJKcZq=-hECUf7y{zYwZxLXVzW^5=_P*QjOUC3Oe#*3Z$cBAM8hGI? z-A_{g`^%6VE<$^?4=b@Nr_r-bTSv4u zvR3;$YvMrV2BBBv0M$}JpME7_a=PLU1?YxHHkLlNQ{L%hp*CzuS&Ey3fFs$4`|{u< z2^#g9xCA&IgO?D57$T8z!&+)h{IlQ!Pg*7atAijzUpG!|o_8w@&G%HyfXlB{wyGC#hq7cGE;$rP=#cVzgTN9t4zBgS9l30Dn66?z5FzNR)}abYST2+ZZ>IjkM28#G zKpomoPMWhDdWRw8h5gI9U_^?hSu5rNd*+zdQd@V`Z_V?@D;Q!DHykku)S+QFqSAPu z7FJGfgSrbtO1z+$LP#Pg>AWH|;H|+ZcQ!dNmzwQCl)lgqM6M22KoxcL1pB+j_Y!yWbe7o|!aTBlA+Eb4=?-m3}GD~Ux2_(qZ~uED#J zU0TlWZVejVEx4nBBfq!?vvaJIu`aUgM{1 z%;KViZyV@?ewevkaL(uNx5ru`BY1n6=?xCPL2iyRwr^k1^_kV3^}NV0!|?taj$CaR z?vZpDLQY;lz;YwlTRe1WHv6M-`$w$~$yGn7vz4SVnY&zWh3k4jU;e{U*(u6$iPJB_ zLN1v=hi6hh(-idGS@iGQMC`ffcLp9=8c{5Fg3QGgCM}C}E(tV4GKqG<>FV{2s+G>| zE%{(u@YVYac68V1=;Z!E&i((pG3bSSx-kR!I8eWO zSf+~KXh9Liv3T|v;h+DZ<$uYt%^_dVum*hUf6%>K{C**kMY5Jlloke>{PMNZhoq0geHoTvwcvymv4HpX zY}^49H=2Hc!!n{?y-yd9;wp;L8%WfVx|&#GS~7^gN!3H<&Uyb`8MNCV$uz%9ijv}TGvA}@7>H*2@y5v>!%kyh4ksq6hp0Ilrqn7I+P*{w!TGcNuZ*b^jjV4%^w`7W{Rb{uZ^Yt4o4^Br++7I+2BgkDz&&xcsps!-U<+W7PMG49%OKk4?gW{-}t z4)sDu?BB*DLc`L(fj#rh6SN=%jainIK$)f`ULTLLmGTrVb^RAu@P|bvGheZ3b)~l= zSk2tFD3zgN@rMFKW~lsaE%R8e97RYf9cu`2dBie3YXzhb&Q{SH;*PCeCXGE!mihB$1ZV_rePPZAT%m`$`z z&-k2eOGU5NuJDL4Ui$o6rR})Ic&kPF8^Fpx3K;32Q7Ko{YWQ+weD2J0YH%NCK3*`d z1BBVfl%K^vgeBjWK1~ds5!J-FKAsd2`!t-xx5)-iPh!m2)Ml^|h?1khGd?7)9mO4r z!nYKVZZb`6h2UCaOLp8fyqp;)2J9y0?z?9C3B;#Us`#?aD8^m)Lx~$s+VI{MYl6dT z5K61Ye0dCKVI3gVQqKb*oJfMOp0*}wv`#>#^tk@q^f;hf zDPPulQPR1OeU8S~Iy2Ek9Y#wt*O2BaAZ`GpTd$o%mytw*SfeVwAeRQzcrUYUH>g&i zCIgNK)bSiu9jru&?W-%?B_VhIl7E9UOx-I!M6B>?2UUr=DktK-c_92ppqTXA4t~Ir^eV24BD$$kqbwgJCZVhXAp+sxs65 zX6A4YyGDzYpQ_n9PH~&`vDJkr^gFh1X{2jf1POqAzE_d$hyRe>f6E=}97{27E^|=P#z+@zu{Z0CRUtHiArOQdXak6r4mWJq`&bxQ zhO!wLmrv(_y;!q(p?Fh1XFL}{6$m{+D6V{|<-hkQ9-n&haMH|;Bnb-3j zH83c@+V1R2>O+7+av9O_iC=%iK*h7bDXiq7eI2lyrG$MYw^WFIN=ussVN2#_Jai!> z5BY7g=0)h>>^h5czq9T@b3vGWTY{0lKuIhX9D0#L`0Wk*2MiL~>_dX=@O;KL<%jmw z^}Y)#PLWVKRCml<Pe6aQSlxZ~M}eJ-4by*w~=% zYBO5EZ@N%kBivKkBK8K%Kx+VrBx2GDa;qaT&p&aVDhuXt*H3|TS_05$4-kEps+Ep%FIpf?59!TkjyWqteEyIm&OWI zG8=Yd=<{=Zs2DIs~7reP&civdeq&SmtZgQ;SFLg-XfPE)E&Am1ejiQEFd?QlS^q> zxu?(N8|pS4Znw7{Sx3~CP`Mq{OK=Jj|K>nxd#|dHs`|6A|aBo@X%SB^qTi>IT z3YrTbWOI1AklEJzvJMc42EV~^cwOt~zpRY^lVBPggf=TB9k+1t$L%G-le+F-Z{tORlHd? zNH~Afq*6UR)T_imP1#i{CBAN}>6O_a$!}d7EqV~oC-U%NR&6t7$X-5YGTo=MHqXymJ{>0hG z{f-X0@RxTH{*((_M!1T*%Y$|o6`M?#%iVf!58A2fD3uDzJ)k4dpkeEuSj<9SsV*@@ zRZ0wFnhnv!8pTE?Aun4Z(fA1)7jxC9-UqQUn!_nWbqGxI(i@-H+We)(X1jFvY%3_f z;aZ{Gj&Od3@kiqJ4J)<+v+0Lt&A-^^mV|WnvV3Y`1_v0dwR-c2*pr85f-kl^+M>!k zOU^+&Img7q1h}9XJvrDfT&1Mc(RPz+@Pcjj zi&eh*;lzZw)i?#7_5Re_00S1C^#Pkl?KW+S+m;t8E3VOKGdpbQIy3Eal6`Gg@?93X zcG{|4*grOyL|Zz4lk!n#>%@pn6<$xH+DE}T;*%SCz29=aLN^_N?^$-L?GHOp2+{iy zPUuzY{sQrF`$ea*$B%g5%Sg3&2i} zwL*UXR|i^hZ7kqoK}e$_9{6I~sAoA|U7v7!AG$pNWsI7;?xft?<=ZSgDpgZ$?#`v^ zMgb{X6fR(A?r}uS?99b?aDif=&HDc^okDfXoenREkZ43FMNrx^SYHoT^3_gi8{)NfF4QsS=JZ~4>G9T zosHtI#Kh5+vuw2=t@l0Hl>Nm|yAQlqM{Z9&Y@aE!R=^sC@w`Jp?JPo!m@?ps`u>c< z&0+&_$V60HAkES{eHL#Tu+aG4k-()G;}qI2zD-8iX9DzTwlp+!Pl(1I6UY{sc7&;n z++hBW_m9 zFV8DKDET!@Jgp{XbBE{~%laZq6iox7zRMpVXAz0RK&Bhj6KoH^Gb2AL_66Dhpv%1L zJtrBv5t4O&6jQ%CD_Bd1ZTAnt9fl7AvW{k?+2gTsGd#RU5%amUgI|$ zval6)@YJXRsk8a?b5Moxr)}=CkkQX~*KSm=wOPuklbABeR;U#Im)ZH*u^7Uj_#G@0 zGjmXTqi|6he3@LX2>dky_FY--KqmOkO-t%$XgT5QJw?b{Rq;VNk>s1+dkYghUh;C} z_-;sO9@6{Z)a3DpTJ34s*(1d*xIMGEUCb%_PFp_7)%?-hC|{tWY83twc*5?w`R60r z0LwFUxwTb9U*&rJJm-BRsu1j502EwtTglg|L?+Vi$Z4Vlo8fBX6l&lxly(g4K<5 zYTSR3>hwbLD*LYAQvr4cLBx}P#_$2%5D~U&o@OgSQAHT63i?EY1lXBQ3x|b)oB57h zXUR=oIl-%1B_tTvO?e4RcGtUWSiFyaFN+CeeW3TUEANNsFo4x)!xIX$!l!?SK<17$ zPablSLCnT2EeO}XR%S&+03&b}W7C|GLM8LlIsD`~&6b&uJ{oL|x2U!kk6ZcE)QGe5 zrCOW^zTC$U<2KB(oQ!*B>UEt`$3y#Jx49|6qHg3n=d6K{ss&A~mbSi-Vzo(n6AMJg z-QA-EJ`#+EAs?9*>tlcK@)?x(#2tmIVp7QP2l(b4~lz^@T_!Z*c9d4{J#;{yai28E9SZ;+7EX{Ql( z?Vwpd8MV;F7Qvg>Rgd0^7ljR4&obk-$HvAQ_Gv;i} zs|<&BLu86W5Wn+hpXdJWS|7sY9FMT2^tCoos}SC+5QvvOYs0xa0)|hauhK~JW`XKg zQgQ_9thwqJ`y6Ak*iOC=O0HdWX_c8z0p$o7-3@#7Wpk5PP!Vut!vZb*g`BPf-?_bi zetO7y=xg4A($GLt?`s*=N1gmRRw>ebq}hse%E&-#j%Td@BC~SiT%U~YhmTkTw6ZTn zA%uDZd$+q+v7gm+WNKApY5PQq5!>u>JXAZCKAdU$D7#`NZJBSVLblgyDi!T$0(2} z7F?lz$Cwm^Q+qx=w=uqW=&87S1;pE9cLIK z&ljy3-)up51^9%0s{7hdYfF|Wh-#-#;V(7yX^9gdW`H4cnCFuqc^X}~!rKqu<)89P z=D(dZDWd^wo7Vg(&-ADCf7d-e>h+7K&P1Gg6YZ10NVBpSjP+sDN^&46|G*ALLXYFN#!fI^^R zvo|mVC(_qywHYn#pZ~eQU9$2-&75QoV##W?WiGzUF8FO=%2B-Wdqsfd^!XGM&+(zv z2Nj@cWUD~aaKKdQ_(*CxgdnstKH|Ka{G`VwS!c$Yx}Rc!G6Kn1hzfPGnColkG&t`I zjOL+e;vL~OmRpSqTX|J)!fbu18phUm&e99$)2o#d0*usAcpF?c^}*ZC2XE3eh#`i3 zRU1h(XW=5cX$RTqNu2cn%)-Zrhs(L@7%EId52FCa!djOz0q$Pc|B(FVK z`ls;9UC?u}0IJ38^b(sX#$p8m_&v!uN5n<=w@e<483k@!eN~jX5)W#|Z-B|jnCX=I z><2^Hdmk&$Z^l}c$x)YIZH4DsJTlcm_)JZK>@RL*;{+kcg{vk~`-lBZV$Jx2x5AIB>fQnRv6JRLO<(-SoUxEirkfu{ zdkoBIUdx3Yzx(3)9$mvijri_Cd6H%HEOoM94%;iXxBHTZ41jN1_sBUf-|ayi`eq{2 zd%c7m#>>;N?c+evM=JX{YH)bjps|V@9svSv;_1)$-;eO}%-r>yrC&fhJa*I;@`1He@D3ELi*jOOooX8rfz) zmaj^^4nFw}w{>w3{7euz>d}3vxD4?=$R3Xmp$YM1v=IyRVHt?~hT`H(mY0{^w1@oy zu5P1n*FZU2;0J*)f_+ADmBxj@=&Ll0 z6ASmkXIb|rwx~woJOHjhIn5gk06#0dmF4;Tz;ReXo{yuDd`X9obc27asez9jyAFn$ z#k_$Qk`7I~_Uw<9NB39%$bTS5__ybNLZv{SW(FiHscU{W8&Ha=Ck04?Yqce9ld>1< zC3(wuK8GcyXWi1pY5UswGAkk0JH-KrcTwmyJ??W}(MniCskEJ0iI-+xkUTikA;#GPZRX|1T4@nyK6I^YU3bfD{F5f2 zGej+^C)}Rq#FwZo9m+}17-%kVI*E0c6Z`5X+a!T^u?BtZ4TwMK&g zNq9D{s_PDmOJ20QTmJ(t+W^EQD^H+kr!KOU1rmYx?*^{s2(GwCywK=nPhqc=X=l%1 z%*)a&v(Axix{j*ugFrXi;a=DeL`yDER=;8SvgEwsa6)b zJ`lKX!MzJvC1AHDO#%U{DVH+RWhQUV&!upNvM=Y71z*!uWOksVoBNLuH z)|?>g1#R1osjIF?^zT=7Bi;leO*7Z`N0SPSW4$ngr7<7Tq5+#*YhQVNlQOwVtC6IejH)Y(Gm(H=$5V8gz&XvkTQ4`7r zXg>9vn=&#LGI3MKSngtA0zkQJiK1ictATFK_EJ+-&N35enoktmNIkKX?z6NWNHaFH zG|=38oIS0ziG{(iG$0jst!ewO>-_JCXrqp8gOD!4b6d<*taQ9Va@f|PqDqEB;QFv; zW=O1V7@no+K=5W3=e2fj;a)w>EyKW1NgNf4kAI za(JYY&?#jQ@+#=dl)$98H<-FUoF5@*;^7dsc2c<{^PDoS~05C@4aN{AsRi2V2ud_v>Q+*QWPlS=)h`Vwur) z(9Tl5`w}ni=`5(1_u<7+0@;RxmzG%Pt|)G{64Djq0F2-fykYtHZ*5?l2v+9>O43vs zPjoaN&H%atoLdq$E!=S|Mws+0RM84RMA~Tfmzn16$Gdm(WnTEpvbiraPU1&~wGA{T zZx@2&MQP`Xs{6@vAzK?|N@wQ_mOPWO$1YZE4Pr8YMy0F+gd04!@j7;N1uQr$2J%U=cRYO{NMve-+ zAdAnp-{H6@-tzwCz%OUjcb7_sQ{8o{7o5d~D??%t6|7&`JXzqD)@Ey3xkJl?Ndklx z(!YIr(%b>WC4^{fnBz1Xw9D$ul%>|RZ-21|jj{?^KkvTr$$ZvcSngd^%-{-~yvRkOf7ukqh_Oh{9&x!PhgL~O90f;+ZBlYp%>1^@$(YlV-DB~#%q zb7}B~muwOiN^nDg*bmGtZd^X;A$YX%I}PLjsj?>EbBcYb0zGRO3c5V;i=vrW94?ap z)N-Wa&G1rwf(tYyp1b}uoC~!%auL`fRloqZQVGMm(Ci!KQ#BhVJmYKo$x}jMPGZv% zAeI!Ijnv$U!~w);QW)8cx_0@-k$Sa1Mfsg`lYeiWVTGyW5LUOXLRn&YI?e1?@oQW? z2{F71FUb>WN`8u++|?lIJ`dkbl?>K#Q3=%D-DCiRVXYVwHBkM>Hx~@q4eAPvi)igN-KzrWtv%Gfad4TxmHpM1$+& z+t=KWxU71i4eoOWRn6XWSz$2LUCw*r=>Zaq?SL%t`|)GvqVVwb_f5bjaX_e-0;TWX z?^Drx-vr;(*mKBRW;;HfjaPEHmD?f<6GO(+Rv9(Ek$4syxHDbsr=44b6VgYNlyl1}guG#*{T8F{_^31&A+AQ8 zut5_>`!tK!9ZPS9`>g9DVC%zQxnnA$wt}cbOUxy~!2D-^C6KH+fj9n`@`AvC1I55K z7uVPnDf)=t+C?rV`Sms19|Xm~k%BC(>8-zkHpWoQhaqX#3fiRkBeWQ8gGG2zo8X590W#V6yQS}9kPL|QTh?N74n@q1Ur!Nknw z3J_zOpOr8sZmikik_n3|HxqZig}s}%K{*&Zj-e_gI&Xm&iC%u#Xr;2ccf3+d>eUhLD{-?eET! z?fnB?T5Tk6PwkwfXKV_{Ln|8r76bY0Np;s|1@)eHD%#vhzu^%55=D1Og3`2k*jNoF z2#8O=CyH;I+uRe$lJ3j%&Nn{05;sCjpVkuGS<&J|e|AnP7k6M`Tz+~6yeAOAG-Mg! znC97-N1mwH7iAqR9~s4}ctUY4NaR5=-36Ne8^hz>)9aUGqsUvMb_$z}Am_ss`ROZj zs3~HG4Z(Ac_*kRVp`&s7&CM%+8AiIlkdgi)V>t~B)!nGp_-`ECq~Ex-ld6R=)grUZ z|4zb9@7B{_lHsx<(;V{QvI~Xd{E_M^&7~AOY~}YHB&0I*;Omu%fkc;JMTQceKPXOb zs}1d|Zg(8K_=>Du_8R855+~$g#XX?@Yu78}wk{!(j~%7$9wN!hZgqOK`cEg+)fNBV z;B)k_$ZIWL!;g?#Kj>~RKQ;226!gRz>@S7$2`CY5^`4P7H9ez*TZJ1*=Hvre#b;L{ zt*&&ajr8u`9Vv)-_4ZeYYEPJ787UFg04DkdVUEC03Y?yMDSX*p(e@a4Y{2Q}u`|nY z(6CvWT~J@Fr_nBuT=k9nTF#;9&8}|>0gg+nvmFZL zd9C)%$ICS~O>Z^Imk*iVHDGzE!t5SkXW3hd;=s<)mMp1J14v3}rMbL3%S$@qohQ=B zJ;iA+Cyv6#&1m1@jA^leww0K$(z)@@IUZZn^(c}DdQkWMp{GYpNruY(55uw!^>?b0 zk~@`az&>S;S(_bSPf{r$F=^zhDE4?k8PF-(osPLMz8lKa*W~8KM^X7M#JH>UkxtI?i6Cpx7YqGhYqI`M%bw~1tx_dJz!EOy^4buH9AoELZCHXoh zi6SZ5a+4SIN>Cx3Ilo`9%W84@y|t~Z*H6?nPB8%)GMH&-@TvF7oJE_L5m|G1qy1>85jg46Y=>}NZrItg6>NF z=!d{_%X2X=f@iJYUF5I!0Y(B;Ej$*%sdGK(K#cUUS}CBsS=GSIYhYN5i@_=ORM)NI zz_Jk@EI*K}vNQa>Sp01VPSs)kLrVmE=l!n1?F0LE2GBJ+-Kx*8Us(5~yf3SYXi`I6 z6sK5~1zr!tP#qRXL7lRX;h+rzQg&fMOm$IqSBLid?8nktBk-tkMki^+3ZVoQ{=R_q*(LB`f8?_CwhNjnvN1g>wSxER90b2n&#voD5M` z(Co3`hqEK`M;E^(l}`?%uX32EO&!~&W2#2!{h!+?Y^H~#ebQO>t46CS% zbcgEPrVtw;9P99|o zn=070-}yRI=X$t2%a;ilH$$C7aCC{+-{-I-ui}R*E$EON@y>cFZWap$dz;=vsf&h7 z_C9ZHiwvSRD+7&++7Hw*dc&z1bQe4VKF>whoB+vnGLrJuEILjwNaHS5uK5*vUnuuhV{PJF%Kn>Xx52HSj9|jyp-!Vu5eq4HGc* z=Wqr2=|^YWJ+=b$pZFh7trQJMsdR3i- zUrQ&&c22Vrs1%4JeWH<~^!40L;D?NhJ-ttD6kIoIW+POwA}B$N*d{eBcT!K=atzfH zUld~?ByE_erGDWhoj_&aiyH1~4o^9s4$Jcw@)2d03EtVOgUWN+c0sla%8b5gKE`nm z$*(ry$~phQIt{rCl_~0SYgSJ5mmx#cCG~NXm?acA)?>oca691sIE^&m|#Oo*7&4F21xScO9j};8!?>dcA zc*0@R=orIxmJ_i0MF&n+tKjPouF$!h8SQHVj#7$N(ShlqGb5hAe#UrN;+NB>xnc^( zY!l}VEzO(^E7Y~J1Web6??B9efw#>iO)wo@oWh>8K^i=!|A~6{Z@%syTTyj3 zEV7$QM6&laJ;92%{N(v0LRbi!IWhX3HpSK!^CkS(5ZxXCF`p>ixbo2gS1pz%vZoCS zRjt>qZT#-_?PpgQpYTzFfiu{5t$vb@N+(QBd)3DW!z9w;1{tj72)5Nu5vH*nRNCYS zPMdYC8gjX<;^2y^guGt%&YvNZpjuN82{s_J6v6)r?bFTEj6EhAK!bVJ|K+?)-xIaj znW0DC7W6{>okYra%xHPL zX_uQ$4g{f{gwM|5OOC!U2)KYr!=XMxS`R(#V>bRW(C4G=iX-Z&M{0}T?Ei)c)vR&i zHu*8MYmdgN^z7fBTz4fu^<3fg4tsH0n(D&{`!`Ijzm)OMGw0U7{~0zztA1?Js`u4; z;(H0f<0PJcFZ-YW^Uqh$Cml=wp!3W(S@3eYnR(~-e+vx5pDXxR>HiCHVlxMqzvmDF1;81yNqbGA|t+kAc<}VA$6<-@?O6jsfiSr?N=Rh@U+dwAy!|chU@M7Y$E; zT}0G9NpOff_E@1sftc2uSSGGOwvI>-Za<<_ISJ-Cy+VDXp(nCRzM6FT#@cqaKQ_Sk z=fW=1e`>UTr7P1FA-{JyqM~agybfM+sw%cUA{Rv{Yz3 z2^hwX4(DyT=Ad$_u9D!YUx^YeT2)-JiJpJ8YGyGZ%iVunJsL=$ZEY=4Xr(;p-B>gDcyummqLR}kW!VT=ole1|2p)_P)OsV`fCc;?fzgky)U7sg-Z1U=V3aR^^W&`|q6C>bO;){uDR2#mx0J8qoi(X|+kt ze=#e5Pej@L$xzkQvRrW1Eje)TcoJXv9d@Ejx9nBadbZr~)b{+MqW=%NDOHctO$Q}E z=iL*d7hTBiw`sl_#&ut)%Y(^D^JntRB-yz?md2mtisQ!3lF8fsc=HuO9UC9Onu8`a z=LULGLg)aAL}5{h<40dUb|5+v7W}xc!*23hQ+G^d9@!SdEwL6_+%yFBvgaqHhID>mUw9h+Ppbo(Z8 z^}+XF2kd_#Jqfu$dzsR;r0^|Qj^mWiw<4REAK>qhx$~4PcAx4#uynOZ+yl|z0rqay zFCD)-m6WJ*N?RL2^dkko()bGKj%Reg<4%7v2hP|#+TDtFpEB5!F8x8b_P}8}yEu8g z`g_x>hh$orPiZcL=e{}0#y5XE|DDKa#1p?8?vX}wpbS5`N_&3m7JBL9TUwXt(6nU> z9_vYByP1}^lo*^m14Y^8o*tuVuPlb}oKH+lynEtf5PQPov3Yr;rK!F%(cY=vWAoBW zr0L)nvDh=ry^I8I(3iOMGacG1yjglXKr2+Y#%ZQ*zcjU_wl1Y>B_;puXICBq7l@jDbL1y;om9G?{^Hv4?>m@mv+|dK%5RA@xT=zL z&bj<=t(K>~Kj>bV5^b`gXj|2Mc?JSG<4=_ ztsiuhksov!KTFbe&OeC2`P6>@sq5N%wBXUhv%|usuCGj|^3Q~C|63*8iT8k{`^WA| zD0%#pD;CG8-3QXaR9~p(u}addRVaSIE{e`xtsI3py-nh zX(+BjalOpdI(IXkjxOxp@Bc}=IV;Onu{MYMCwTlsHz#6Yz zHke8>q>i}H8-O7u$6n(DDX6qtNkTuxeGMlB^hvsRO4wJpd9LbvV)Z7B@Zxe51J7?< z9H$}~hy5d71A#m_OZj<^z-R=~BXTq8(dX%>2K&8*?X%k&^j_T~r;d{rb5r7lLe_-} z$?}G}s>UCa1kGPD4qbDT z{uCKP=}>Zr8I^fdwqoU8ErBzcoIZ&B)NS;LN=KJ&MR)G`tIaIxXub_*?q(WOr3}yi zL*9FbHTi67!?71cr79pOT|ht}0i-H~lF%d&N(dk=kkFAL-9m>@LhsT7q4$m`y|>Vd zNR=+qr2FRV_w3_u@9*sEoO4~@`TqHyKXT0^PiE$snP<(KHEZ2>NUJBxR1p!ZI<%aE zh{>8L{KTBqg%9G$!8(RA^6SyAHaI6b!Kqt%D7OqG0jv&+8`U31Q|#L@>EO4(AE?$_~? z>r|EC)j7DF&v3 z`)4R9@Mk}W6Y?V)TWas~F2s(2rkd5ea?x1gPCAEEGAKTwB3Zu`vOOq5LMBxz{{rvNMga zkwEds6~8FI=1O0cC~SGQNm;{ec%*#9X7)ou+Enk^Xn)(bk;D=c;YxJxY6?hVXLx-T z^n;h2Go7MS>>gj=%xjVUt3vb$yh&Z)9aep}XvKp9l5{2`@X{QSvmYtLiggW4J~WDk z03C9xv?3{_us>G=1BuSRCU%o^CZ-pzs9q8%w8)@R;7-WJ4t_G`)ER>WVqLaYQ_Ko3 z_?2<(*TS?J-N5 z8k%qlA=2KDm?B9D08IRyo%>D~4$6B?-~KFZ62M3mq%eOwhlCLhxa|+;*YUbX&dq0v zxZioF^J7@tEuM1xNMR21us->LL8YLT7aDMuYD1moBW5Ne|pn)IHC)VtiQsO6518>D5zq z8I!g_ue6Q?)+;^n5bsyLdxqQoa=!t04&OG@FgDUFdUDH}jpOJ-gC~Cj?yl6k0a~KD zis-Mc5UjnyW^VizAJPv3uJRAHkq)z>pQWE(q?55#(-D)lx(XzaZsNMtNW&hIH@Sp*Z_Z9jOVM#RGn+ud9255mnzcSS^!dS{}ai7 z%ewb;I``c8H{eT-sh{xjxeeS~!28=Uux^)g_*b)+K^W5O@twacjK22YGLACry>PbQ z0(9mm%4QRv9B2QGE}J9Ui@kS{aSnV7;E4MC&owz_j;<8vhUdKI-j2%|9$K4|b(Wz# z%`6AoBw7efm%iZQ$bc}-v=%0W-~JEl8MZw+e2yl#=;AdPghf4Dc5H{7tj>7! zfCB!j*_iv>~)Y5BQ^y;#fXiGDNed~Y3ly|52Kk9 zOZV%!CvzoBbF{h(CKHmOMSHvGdYotZNjJ;IDiM)(1B#-6?L*+Gi zW9G^pQBBY2ym&kK$l5X)QrwktVM8Ym8q_#&$YHTgZ0Mcv}eivom&ewSn_`OH8(ve zYiloczw`Gl=vCv<=`*$A_>L%9Q@98YAg^PRCko0Iw6bUGKU+a1gZRt}>q+M{2OO_! zOIp$Owkhcij4f{{c%ZB>qf^>Jk|M8z?B4FySFTXD^lI+(fVI?pB!2bjiBqjq zu1$vpn`%II`H*|Gh?DlwN`-W8Uq@n)EFvM^iL+v5{XEg~l@*txG>_3+#J zDelz$&S!1OTOmDNZIdF{8c%iIYF@X**G6?6y%JHArz8vx67+S+i2_M=`SPwOr&W2P z=0R{tTl~U$Xxv`YyX1|{>B1m;XP)3{%(->f8@Jq0;K+l${+T==;35S1k5l{~a#t@s zB9YJ+str;}T`?A!W8D;I*z+lxXJ#{fxJ=V|%wqmIU;dQMGuy-~Jo*&Oymjtealn0w zMm|kVk4v4>`whUNlK_{SQvO!x&D}t+)zh$}+H;yTBVX5+M#po7(;4rZ1Ae_y5xyth zL>|AMvr9r}VP{cKo&s(}OZvIH#_G0h>t z;ZX6^CKIKI0xBl|g22TYyr;ln-uEjHdl`cFBE2umwBOABqSARIP@9p!yqB(=jQ;V7`Wn17pUMS&m_gr$ZAm8(;P#fZvP#yz%q7 zSF}E!MY;|wYrfLp=yp)cqDtpwWPZBfXQ@PH-6ZLU0+$Y#^T}>E>jpC}PiMRyuuGO% z%hccDy7N4qzD6}Dbr0iiRSlKxr}CY{1rML!t|!6ocztOzD`=>v^x<#I%j zH(XWkRuK~qX0KoWu?a+THs7mtyAlrxhKpxeL#9#*ybhAa)Upn&p@g1k{FiMn^*}uQA3^E=QhgG%=EDn~%R}eMuril`=LIXgrVcA~ zhJsbG+MS!Ko>e?I^-9n=K3FqK++dbkp7-1L?5r*zx(M12jJ60mX)^eh8{?hZO&wZG zs4Bi1NIVnaHd~y&nfr9mFm@@&ZI1mnZ^+!94MoY+6M|Een>`+nE;WDrLhrX&=>R4H9q@ z&g#n6mS*5=)9NVel^E!Y%>LqzJ^HNO7N>0&oVeW{zo+>W52pl1MyF*F7 zvR8FwA%Gn>{J~5DS7?UMD6x2UVa3Joj&CU66H9mf(Y@6TP40b7IAc;_SYDK`s_YNZ zit=oRZOsB$Ztj|Rq872 zwY10e?2kjPuG;nWmcA*Bu$de)E23r4f~W;EWhg~6M+w%n_}VHt=uICHN>4a4aq@vv zg}G8l-n0apl_stjGxLwmZAvzziiG-IQRDY?+gR`vJQv6IL zJqHANE0P~AO$oQbXRg9?^K48X??2vNlt-BD`+a5ggvboIM@6zow&H6a8qH(0w7_jO zh^+?RCukBDTGbCV|7Bs55|TLW(zok2)z3 z>KZ?KY+5!lt7IGde8HB0Durp5DFv!~bC{xe6>XngZ0n#Cp&iNwm!V^#XKj!#x7^^2 zohzRHOaWUt*54B#Y}mG5u)AU>hgnZYNZZXr-xR^#FQF;10qT}Ryq2G?*kr=;2H85C zc(YpQ6F8#KD+8)e`r(wrC@e+CXPtjKC#2~XJ{uhG{taMwNGD(-=g`~e=q&gf(AM6j ztTRX+~~&byUl@haxzY3DEr zakeLWWJ+c;@$BR{JDWy}*$JEIvggT7Y_!>1$Jg5Mx+`jVahBSMbeLIlK3rtLEQ>PQ zEk!fsw|p&XOq&>TRMP65(#F?XlA@KK-qraBOUg~y%SZ$XPC!XRNb-7sKHvQxbxccb zKn#10>&vwYdPkSrrlN3KL$7BH-2>C4;8g{*bA)sFjsMF61pqj$0as`&_=()%6S0&~ z@~Sx3%jKexo2;yhraVrw0Yypddfv=)ba$kch#tq>J=24i-Quk`ov!q&HLC^m$4AFs z_!8Q^X_C%SFw%ZABg8xT#&o2GfG)d}23XEHZ$`hiY7psWlAUhi;eFX9P{^7P^T_)B zoJ{`H_nNtud8`OeC(@!m$!bXVnhz0yL3F&o)9oQ%g-p>N6^PPgNEhrqqtgaYM<1*c zygBB61C)wMySOU#FF~R~$jR8@tBBxL#$Gy4WU4D86-)~m5T%dJKQ(+`M4J$CTb#~! znzy5ASsd?W?VYD>W)Nm7$W+~cJA=7}%lm7}= zb#;`7I?pXqunw7{@J=|E)@?KmZV*^GYa zzyNOrX;i0LBX9{LQ0oe|FbyRObo+4RV#Z2?(Ogi=)R&1O3O7f5TzvdW02bx7^7ZRX zZQ&TT27S+#$&MPmZel=guOZ!bG`hU?(?sEelhX7-iv=ZCNCIrlSumP*^9Do@kL-Lb zC`j_c@l|CVR5lAtLQGS`g)`oysgFHLC;5#gK=?}$zX7eqA-cD`UrpWbBECaS0{2?8 zKU?9D!S3CsoJjS1J{1pzq>m^l$Spa|r`?0hzhr1HLF3^m>xwE;NkaynG1G{bvB|73 z*pzz|ZbV)l<#mH6?zB7p^zr6Z_qboYsa2iW)8xna+T~}$w6znmLq=U+3@2LqrmEac=Uz=qPsB*+|?&h|G~D zZbO;_kkVabxz`f`mNV|6fwf!5c795hFj(2RYJRW^1m#KPdx*BHH$^#1zCDDuEWeo) ztY2oq6gs9?V?lWd3F#uXb5s-zdx6;F7Ms^)mD>l|6ux7M3sj9R%5Dw(DxWPy`%bgW zZh6`)LRmBew8@_ZeNZ8Qvp_?Suqrv-F^hScsg;ooPfzw#>xKv9kYM|VVQ;KT&vT2= zP&Z_To@TDnO}?_1u59vXg}s-_io<2wFnN7E8q!6XrSO4fwTwyjiGsCi?R-Bt?FO%k zycY`#tH9E^kl9zD=-Zm=w;i|YIEJg(@#IyIaIjStmym`c!Zl(8k~NZDqAI3OV1+bo z-gfn$n66zm2|6lQxV|7Hp3X`Xs!JE`TXFhU9KBFPG@hmV4FFlCA`2x%lXS;&sxBiT zX1y#(;W%DgvgsLgXqgyZVPWcCCFpw(7~bA8ClWx^TEjZ>n(K#a?!G+t|uyy-vnE$Hs~3 zLYW$JAUiAyRLGHwXK_kV1FmO+i=20?s;;Ry)M>5@G%hK7Uys9r=JFIW?M+&}$wq`( zezJnYymfJmvNwt}a6Zxx4SH#P9!0rf+?ixFGx(GijgQCaE)H}FM@t=*@L0ifDuj;} zcM!uB1A8#d$bo^(cshDbuqo+czBxi0X+LB(kXL@dsqr0%XKVAkoGJE!&(xGe4c34p z*rl~5r7*D#XLgj7-nO?XsRw!NcHDa|EaJxqxJt;&XtfJ>qY>0c{(e$8a|} znUU^tRPTr$E>U)ch;y_{LM!|R+@1%fp0iNFqdlf{F9!5FPv%sy$5P5KxSd5rzZob$ z$m~vC+T>M4aensI^f?pGq9F*FR^n64hH>HLbQY$jo|#PS|FA$$=*bm5ad>#v(Q4593l3B}9H$pKAQ9vHcd5aeuxo%~N*~ z<2MXaG=mDyCHm;oH5Ox`unJZs$e=v3XFxtu?2rUiQiJ8x?a)0sxhR3v>J{|MFdL;b z@4WdKKg)Y3=6g($VcgQU+1pNJ-s_v5V*7}_`eVqFFb3PM6S@}CX_|#WEo8b6f11gK zy1qg5-aA)MHyL}>6fa-R1LBSs&2e1g<(&wtk3u&X+@Pd{Oed>A`Gy|Sk<44Zx4P=P z^0Up+fe9SOmc(cw;LpXD(>Q!GCj!r@&*37AtTNw_3usx$cH9nS$o8v0?gx84evwbn zdKU6N$K)%29w`_sWlt_&oHZ}!L`}1H(dXeohV0K35sw$`1^XrjPfH%&uWSb1*pawi zrF4T$-d$sm$MyP11KtBW+JlQEI#7bMXxmM{>lyFV(wHiJL{>I5+4t#DPx&Q}=;ON7 z82y%#og_%5%|z?Xr@2yLWmn#;Y@Q`no@82}VkPfC zJ~UWWCId}mp$%Jq*m5tn#;_t{C#anJO(@bK1AMTfGyC*eW*GS-5@+~sFCXoOWQc}t_?*%u!Th-WS`h z5|p%jG+j|AX$9Y0f|tKGn@CaTL|3aQePA)W`!#e8qEZ_*INA^l*?}n!fzeX(h=?75im!*~J&CQ$5>6+W zBvY+cEt#pc6^x>@1aLA#LAgvd(_KxL_g3)p;Wrh{0YElz_#iXwK_(E`X{rxn0wVTOf|T`o~dM4TY3c;oP@c zmHhNGBkjQollmWmMmwCZ>;&5Aiu5+xaa`>y&xNZ5nzo%yxv65I6NMw_!h}s}ofaOK zT)CQ7>PcM5UdY=`o4(Mv;<*PJkqYQ|K6X@k)Pgm8?C6>Yi@}11<+d^o1x!3|ul@P( z+AlEY+~<#ydey3?hsEbzBOK9!_()ASZw92=2RN7Jt{jXRg-A*~qJ2Nxp><_KOpb5l z6Yp`)xQ{uDq!hl#UzbJlj@#V~;4TTMvu=Ng0RK@}+FH7)mAf@bT{#=iwdSvdhI8U9 zjW2q&eL_vx=p_eCzn{#IQm>b|ytr3>QLgpqW^~jB0{&Cc zXuNlrL0yvO$C9z44ED~`#>4P=&B*<|vEsI2=G%0);&Ya7I@;J7FXk3$6H9K|=WL0+ z-w#MagzeFTK@^J|o;v8F#xG`Di{F=!gmYc($P zq7$6~s>|keGDAh4w}fwOYo9h1dc{h=v(hor=q$}Cx?*z{9Icm|Gn=`Us@&4jR+PIL zGdyN4*7C}}+TCSyP`h)fWrq+Lkj#>c;#4vBSu2t@y#1*DJ@hOpEL`f-gBPxsqffXV zJ}Umq?miW?liLt=!2OkC$;+x@wB|=%|5$SX|07(Z8SCPmBLBMvFW9}h6gr+fz2O7z>W!%#liYVbKD58GNU6P%>G5uVd!DR=t!P5==!zfUhYe3x?t#Ym8-?hj z(lNyMPyez3jGL{laDy)QJJ)v_g%Rt>UnAew=UVQCLkvqJcCP(t3GMw$4b?^5c@t_z zb4=RH-TIa($H10f=a6~~)qbiBnMwXRWxoAo>s(@UI?oDtU?lWe8I#8~vs9T#! zB^czy(2($9Kp%Zwm_ZpRT;-+#q73LsR-GYe;S~x~o;{Jw-IxmEDa5426Aix=qVDI3 z_JF^ZV0bmeJQ7eSRu??V<>&k)0N`Hz7672<{Sja>mfU)C7i%|7JJNcQWp#7J0vAr~ z4#>jw`ctkwK)2Yks8fc!JropV7yt}D$(NQX+j=IFl)LY>RK3{3?K+YdNx9oA_f<(4 zp=2Se@@N#C!S<*^kk@Iz_7&@?Z$d$jx4}D$=$msjd}1MHeW*I33@vnduNGYdMlqhhJjjx%$*^_9x~ zNFE`8i(=g_eX?cRN-Dvx#2una-z+g$*y~@&M)f-1o3qij-2(?*YNx=|jV=fAB%oXu zR7@r}x_=56#|7CMRFG&NobZIWz!`x?NZ?F+m|*>xhv@sA8$1Uvspo&@!uw`G$lqr` z>HqE&_?HcEsiIkeyK`+wuy&nJSQfmV)lU60mmmIl8+2aXKA5l1Ei#kz_i;5$Hq~mLDbGH_^u~5#65vi}qfot=4`r^-IBo|J2IEv=vKl zM%{bwCvZfp2hMQprEKeH?bK!as&qX{gSurZ*EnuWF|bB!Wy~w0*=tX&RZ<3NMfG}c zwJ?Em=6aZA^VAx4Ey{0>cGfCzSNmN37R(a+viS59(__Jzw|G8=Tyj;Vn}c2O0?Lmk zLl0T`UslMw25deIw9S%RyQNz<+LSSCS=Cp@VPa8bX`eSZ6*l_-KD1Bup*3+4CLqvuD=OeEHbu2~Es!o1rZ}v?*>yb67(I6*J_Xq`L+c(hCw2 zVu5hjD?G1M?jECj74n=2ul4me89`I=xUhSLDHyv)bw=td=k!YXC)z)e8Ln;4e0x@gv6i}>-1q{%u}GGR=fHBx84?u*M?qBGLy$aA87Cj+wkWL zLx2%8A_Y0SXvau$xXF-D=)SJ*Ix(&FdArgh#O zPPqjYFF)8xjYy)EU2>HL(rahIn(UZ0@zCZps%qNy_|qfdm^OlN@@ z3fa}?Rae;XVlbTGDh=ZZFlxlC#7C*Q>BSq|}bPS;F%6ZbF>_eUK z0lP12){(QyCZ}7J#m3Aww+B^iGI+0Rc?E{n%GWdQ|5QX~)MhTN5v_^uL%+trQii`e zBNl;cOtAhGd?x7nHx7)h&F!dPqADzYW$O0HcA~d$NOJ&D=mZ*@I$%xXbNX;%Z`*PwOO|YSy%qh zk}jrTSOM8+`DDf5g>N#x7DiMZJgWMUcS6Kqmu`EH&@fYv7l4D}if=T#MyHj!XL6Al zk%68}X+txVtYe0F*V25L$2Mw4<>tbFkcINfTXEsoG}+`hu>z*T$2u$+F$N_i4RCbC zqo~Y;V0$J%-GuX}8Ay?I{!SW9Jtl+pbjq2l)sr00152{D`84(xqjX$4LHWx9oT{;K zfqbDp%k@iyQBXHAhLG;ZEOtZKE?`2xu?L^5U*Fu$Wck`2 zG{3uay++*g;V`3Xil+pB~afU#*Cgw~h>B2xcRIp}cA@#{?Q|pDaD__0YO` zDh7(Q`bw4w`__tYvtL~eAo6yh+mmFlPm+8-A+k5>qDtA*9z!0ifRdbEsh33Oj%3S5 z3M)H8<3SD_1!SJz7dstf^AO=Ar2p!*I!a_Y|J@1F!U&MBsk^TuGE#mfzY*2Scek77os zB!*W<654A^xo1C4SU*mB2QfoMcd7*Z!@ZNT9qlMuh1Y#GJ$g^wLtR>!FA@ELUmk1zf=3bLugSsT3vHW*Zx6u!6f1V z*sZBkQJ9=d$hs6n!PTVAOR+WtB{AaM%KoEzP_X3-s9q*98yGOc}K1&1Wv_B!PNUxDD(B}bBfK-NslU;ID^(ULpjYce1wpu z>ZVh!s}Mz3p1!#v(RuT@XY60CN({gLeF1xO_`j+{{jV&byML6yOMkREvRfCvPHRWQ zH?oVj!+3Vh3M=|O4ZQwnqn`hvOS~|8EB^0#DbxRFYN=+3lTQ9uuK>y40J~Xg*(@!+ zv@I|vEM3zqD@TPbAiAf*V%R%EVLePuAqn{k{Mx?|xT*Sxt=νXC=$+@eYZ&cM2` zaFy{)WLzc`&GogA zIDkXkGe;l9$M@e|2Iqi{J#O$SV%f{Js75|$uh zyRcfI?Sf%}Cwr@64ZjF|NRPY(rv`O0E21)1njFG`GxV)NxJ5EprCdBWOEI!Le3PQh z7eCWWAs{5}2=1nfUVCE1r)@~idDs^5(9LU4WLYJ)i7_SKw4h{BbHYg8ZObZK!uuOW z-TPIUF>tQvzPR7EN^B^5Wt2)L@$T!PXv#n#Mp#NX*lZHK9!l}B;3KYmE8yD^b%p_l znG(rTsuq1YWY%UNFF`ph!F%w*h};pG#`%|*hZMoLrEizVrl)Z^Xdd--2=Za1!>CZC9+*M(cCrfT}6EhH(1$?p{Jg>@Q7|UK=u-XK(rz>P3wk!*ZrI zp=Cds(ai&?gKV+k6RBtmpW0+em{!(3mWODSodVdF|AZBP~b^MG?i4q zSiI3h;xM8etbIHvz|=4k>}aac(XD>v=QZ}EWcAGL6Kl?b5zan;%|eM;;NWV0Z7lg1 z%^}~Dp{O**Y(gpt_i=WYT!DjV^{mgB!8NF%?`Kv(K?5^B{0q;Bk*~14laJW(8C<>e7LMvl3?% ztGenMZ`##~LQ+=?he&KyS%_-244?zz_}R;-3Cm3`DDgLdB3S#vD(q2vgfLx8_`0Ir zU~iM5Oc@J^)!sqNpMXJzy?}FF?Wab%A{?jC3Sy&e3>cxTG%#Ls!^KSlrd9&cIMYu( z47{n1NilBTR*0P!U{JF;t3DDY6k_7$KE>l%4H%YP99M;U<|p-r)!!y?FKD)Jj{=9? z@QZ^g$#4u!P%1VQT=%~+qh7-$d`dXLmXCPl4rYAJu918?bdU$((T<9ybj}Q|!B(Et2v#(}1L|1m zTk6oN#hzwd`Bhgn_-&+`94mRRCQF#Qtx4aQcSusD5~+FDA}3MHoou|ME(b!3{m8{+ zJE=FhstZxoIt}ihyh-4jBQ${fA|DLqx6fp5@4F3xE><`ok#bX@TQfG#%;Ddjr;KE% zz8d6a8xftLj?Tr8efDATFjdIK#R;R`PmJ&zXbtRlS-m1beb=e=Q&MgB>BNjfO>O>mgev$vdZKkA-C! zWh&Rxjv7=E%^SBAW=TP+Q}@z-kChYZ&VyRSB~*-ZaHmEicXCss3s-hNw@l%eNVehH zb*gJYlw&E>-85xIGR6~I|^xDnqs!F*xb zUw!E_)cu7C#+--EOXJ;9Ut5qh3OC|YtvWX1k9o&Z%@Xy&sc^pD#bLs} zWX54IySvH=*scDG>#AZ%Ok_owMMtL!fxROtl9gpFRiFYu&eGI$I7K(i4$oh^G?=Yy zn$f_mB2Q8s2btzy@W}?NbHZ2$LW0A;rN8okTSq(9(iG+>BO@}wIjxwq#~HlYJ-x$~ z?U2E;>YjaJT;xI9DF9^BdLZznoRBU18z5g2)3tJao!>i+fG79s*FUbwfCA4VoomiHotwE8)rqsx82M z8NHm46ibX;XYF0q$Fd-)~ z2~DOg&S_YiQZLU>{zVXo1twVTiZI@QI5k zxe9iCy}#-^ldq!RnN4rb^NB>g*Cd}VqZUJW!IXeKwGgG+6vudl zsr|e^>u2}Ny&-{bHJh8ovm_7cb#Gp@u3Fz|5e^sICdJ{5sT^B=1YDZv_?s~N?|$4a z&^yx>+I5lkX}55~%&yg>Cf1yCfQpv8hsKt;_M0w!D?0K;p7D8K94~IF|En#Ns_Zv_ zEQcG>C@b zMZ$-t2($&q1LYQBe>WH~A*3TgbtYHU&%E%{qj$vz48?+GCQsEmsAUSX>I1cXDFST@ zRAgQ-M{`+a=rcG$?e^`(c)ln|fk6+vgA4MqKM*E_H=m6pc7bk|aFcr>$Fzknrg81b zJ>J?HNq?bWwWsQnF^w6s4^}fV>Ee^tZ>t3oiWvJ1BJH}@m1HU*o{ynJUx%~hI}%lW z+){;xdyF@yMXdBheNTBWda8G^ZgXmkFn`y32A-}E%f1z*$Y#Ups^>vYCNmtCl6HT( z%9HP`>}RM{p^lniENJjK*1nLe0;DmQc0F`LoJE5$=0I+1p*TKAU$e=|B2X~zX0~dh zAKy$ru?Ka^;th7VJjqUu)8(3$jqqjvye2_F#- z)~ZgygH7@)D+-~y*8Y(FL$(Pngrn&M#cTC=OYXd>QC|O>@y)*h)b|QToHXLX=>093 zDZW452^flMcMxb>)iI4E&{fYdp!wkhGFEpZZt`FHAKZ^!>=3a?3w=2!O9xj4&yHnx ztiMQ_b?pSd1`Fa=$5G5%fqF4r-P>QPcr?l8;v!xp>rVi$--0I--1IM?AyEd&qXSv& zWbB*66)ai_JIs?EI+d$AhEE;(1Zutw@l|V9s2ds+$YHNEKPEPC>pF&KRu5)1gQx-| zl{8pcSsBa%&G4-mb&z91b>X##;RL?k!v1v_bp});jgAuLL-D9w1_ogjk^~9e=UJer zaUD~)19!RX7q6M%#TEu~J1{~%k?J^XEW-YB2n@sOe*BG zqtA;?T7!iM&~^3j_&P{@#LQ$gdXQjAqL$C32TFpm#@lE9CHZkKzLY)+y6@;vo6g|& zlt|9kC{?kY;WAEgFh*!NB-jAqK*ykWO^3F%#;|faP_R0&%q4r5M=+L8UqkCyx=ggt zjZ%U-i!Ca%0djYB{7{%NP~GqJNvzi}!ErgJ1H8k_;ElHxM#W$2vz&SNt@0~ zHu{LB>Tz3^;dsJYf29E>R>f>(C=b|Oo8{EVRP4))vcNT8x9$xDaegtKvBHYc2C_1< z7#y4`M<+jBELhKJ*aox${v@>fFyRYtt^s*>MM-%bd8P|2s%soEacN@C{i zmL_$&PiN~>os8aUr)0O8pG>|x8=rkD_NVY4Ek}}Hi+)K^WcS^-{i;@5{F$d; zV?pR_^ZEIPZ5-pD2D{9Ar2No6Nx4q^eoN#B=ZwxPn(u$QEIlZ;5g-@QfRr7&LqZ8=T8x^D5cd_YHPkHYu&4WRz6_ zMj}QlC}B|%n7_G|)|-@F3atuD&s_=3jufII>BylHyF-C}JK{%-C(e9hDjv1QwWz@O zK+?$wc9&w{EFhBidzU^bc566`aF2LW3k{5URV+WRgQyczsqaM|J*r6!lUW8S^$XAF za#Yqky&bpzeyf)%ua;iVh<*h%88%FcTDS1%-zL$EGc2=y8C~WNeLY&FVnfGf&Yg4Y zWRSgvn_waZP^IQ-hn!rmwlT3q(WoR{URAb9Od4Ft#(PRIiSrl6_W_*7WFd zVPWCD4p4lxt!1a_z^lNxEA$EFhH_mp?A=W=aB}0DH+PheB2r`l6+l2@6YJ0K!+;B; zLH|N)P&gvq(Dit}P;#1)&o@L3#Tmx5?`VL8BrUQEY(QtlgLL zev*GSd%n?=Y}Hx!v(#`xxd6;MK16MvCOo&Ml5@1qNaQnhr>SbvOoT3E`_qR2yW*WR zxoo(^LnUgJeMKYpLnfeuMT_dOmHZnyCFb(Z55{{HLw8he1J`bl;#$f{HJNSR4_vEf zv1>=f)$DFtrx8U9)`Za=ucC_R67(hwze&ALJ-uhj@FE~de-cyWP_PSB*62zhjdIQy z-k8Na`PqlbTd11>Rm!dE4?wfoKLcS?V`1VLy_`xr&ou42t!LdFMz((QbQ=B>6`5!8 zBi^4Os*OXGYBx^r8w~N|4{`I@-DH=7mhQ|!17Kc`XzJqEH<91iEm-)lnLD--seWL^ zDq234*6L0&Rmt|svwEAD&>Ge3^6t=k`B|A&JSWO+(;Uv0#--ROyce_W(nu{P*D2Q| zLw`~sorT49y83jCDz3)`J@a6&R=QsYaB&iQ1+pOY{>T;Q;nC{9b|Y=Ei~HrgR;(EH z2qc{^kYhP(@Y8!1Hc^j|a%e~ZE>rIn{g|8xR{{oWtQ(kMuH)*D{+XxOK61rmi!-0T zx6%GNTjfTZ(dMdBagzN9K|xlc{-zDIVuTIMc0WcFr^AGaU>T-8O@d5)uxeJzze z3DyExd~6CI)7lV%_N9xy7=1s_tc8axeNs1_Q3rg%NeP?3pyfkB>0D!w6dDc97MnS$ zZ24fkM*Q-ddeHGoZhSD%Av>BXzpX?yB3tU*@sd`bYjZH-!+5)&9(}f2W~ZQWwn6Lx zNN}izM3*d9MaO|i@gZ>^@ly4F5pQlPBCCwOMa#VcBwW!bf|K9TT3fR<&Js;_X1+0e z0DKP%1&rEdpHv!@zI@LXdvJFvENxL-Jl5(f z!+ecXb$W_WzmTMm&?oal1)xk`NV{P>aw~Ri)ccMm0Koa+?Z3Z7yX{ij-ciN!&!bb{ zD2CL$WXqq%8r&)*@7Aul8j4N7AKQus6I*e!(yi&ys_I= z@T;M&-GtTty!U~LMqqh3gh zVhi`d!Egfs!7?ll#KpHQBdlf)Ta8u{wiIsW#pRleP*At1WvjSxFpY1V(1m5xj0sTh z$!~hPFC(_Z+eh&{rK?(3B9!E$g5^ywnOS|9k5N zt*yiaEb6Bv-*PqkKE~sw5$|{5gs>z*sA51(d_qV-@R;C(Eoi5Nh9-FcSES`a8*;Fn z<}`oiPFXA`O;JGo<-=Zixx#gOyG_+krAsm=^=wq-*oZ;;l%bGlW<@kxhLhZyI)Tmt z*+0gz88;6OzR2_PV;e@o`L0SiQIU=L2Fm~r#|H)*u+W4^X$LkqkmUK|L~d>FkmyMM zZa+x8+CJ4}wZ@OQG|qEhY5b-*o-bH zk|7cTN+NnOoAyhqy*4}*Q0eUr-s=H=ZveWyQ|TiDauk^g*Zq5c%+>|f!PoayNW12q zo^>IqcmTj==fBs1+DS^k)E2#a$F>W|Zt?W7pJeYyFRveJ`3R%;Linf7j7f^4t436$xXVPGI^-J4ho@Ji9)MZ-qbXdygO2P$Q_eF_EuFBEN^!@|> z9{xUexN!B&FOToiT3j*v5x)IyNl-fu^H7Fyhv}{a9=b~|yYgK3BTeil*`{kzod!lZ zp4b0hs7n4+{w&KTtatLzxkc|U?Zec_hVfArP2DcAXzJQ(b<3P&Q0kl7r-B0QxrGEd zoHih#NT=GuIh(0;P&_^-4B3(;D1NYAgQq`R9ZIlK7m}o)0r#BHGF&8qm8cD_p0hG+ z=ZG$ZrBLSQF@<4zyFxqM;vat0D0s;&uALqx%d0b7L+8N2`KKQ!l4xl3n)T9ihK%C^ z4}g9A>H$6W_XZPBmSqW-)y7EmE*=rO_Bq|9O-3$R2vyXnSmCH<9`gH)FpZe%ZS(q>0{*$B}00jR3y_%aHO(y%u+tEfw3-RIgD!`+)T$H?<5 zC8P-WznWV)Nv`_By8GVG^n_3LBJUkE;sF4vn{WQPg8w?t!%x?Kp!B?PF7-EHoYq21 zN=R+vAkh1Z__-CJ!1(0bj|$$Bqag2q*6a6XuXz%z!+JDMu5&xl74 zcb!goWSajP+fSb0$x3$c8-Uj)k3YU@e)90-vCb<1756_q%*8CX#}6Iye-NX7EWAv9 z<971GM9qHBHW2veU%fYq|J;QCB+p{QE48egwuQ*p=BD_bR`cr-NrokjNJ$-rAC{lQ z3;Ne!!anCHr1*WG{$PIoTJ!Ma+mmnqNjZP{>d!zr`~MN8h;yq3UN2ZG@{trNCO8h> zKlFW@H~1D${}t~Z?(eIw4{2NdD8!|YO8fJUx+bb-GvgX7&Yl7QaT=fhQuco@c|oU| zgzS;0*m&^Td%2@5z4&LG_iAOD_Xgg(H=L&2(1YQ z9REy+t-Kim%$&A2B{=~_P+&Z2;v>8?9;8dm-`Ny$@_JfLJvp@y+{d=&?GboMd^gzk*aR#MIb;R z^cF%00fB@rsPtY!4WQDSs8kiyee>P>ozH#F-TS%a-1F<^PsX#>%A707oO6vi#yj3u zcUT}@trM!Blq|SZ){I)FXz;P*QeNAaUJI2ecd)gP@g_gk3N>HAJNjBqo7vhus}yK) z&k5lWAP6V48yUde_a6;u*N!zjR3x@w6iG(*c-_3AKEG5$sZ&uvF+z=%m3|BrpHO=L zJryr+Y9=$qrtkZN<^uf5|K4vybGB{yLCa&lpI#l&uJ`T!yx8;98B*>A1T$EHDpn|CoEzc|%g-5d?A6FfmtB~}zWr<@mBaRJ81Sr&sT%WCYojSkgNX$ZqT%Mwr{RhqFURqk( zHqS;=>(YditpV0(U~+8|GWA-s&skklLD3aOmM-01FQry6=dC-#FG+B}Yb0A=TKyhk z?WV>4<)-mAsvC?9Kpp7IzDbUSmF>%91bRXzLb)~EB(CTC4r5a+-heO6>fgFdT$}yC z5tVaeT%MfT@6}SnK;5N@O@@DAEp(+biT?ij?7R0LyZbF;j`Efu(9%KtWL~7hi1My_ z59=07$#f`A*KlPONu??S>OG3>4!)LNEg#g%D!{5&(YKvi7{re%)(f+dm6r6(2-Y7> z^YA%R1y@u|Q7Qiqg?3$~E)C^UK_WH znfFARu&P8VX&I!2=Ci|*@JC5~=c0|4>tnYuy%(mV)0V59U>2|^`^EiQ!YMn&vP0dn z#*4;<)DTN(A@5|c_-S3K!N}}SvIC!Hxn|WXyyB0h7U-ok!n35LbH*cMA znN~e8?Q0-_g-k_|(_sL%BN;$hnzyer#5@jaV4af1#~`xzG4K@&cq3?Oz~;gaQuX#~ zZb_-<$fNgWv)SJS%Z2KQCWd9l+qwaXh7iax`WPSZD9_TqDlq%=Q6Tf8`Llb6Ki`Q| zoeh<8l$+2A6+^)yqRI&DW1(f_X2mC|zSKG_Z}Dl2Rrb$4k!16m{;2PQMbNmD`wNgQ zSzXTyh=np#nYQ)d45tTe2((2EiV12?ziqR|*lPN`vQ&m-0)I}H5K2%?C1Oon6A{hj zvDixU+?3yv{cW~?8fdc)&mPlJ%aWl%SbZE!Ah5;8R@5D8BWqeBXlX3ecOrLbRAa_= z*!^ZRDNZ#u(lRLNU{`psr=kmcYbMlQ;l3xM47tlw*zxh_oF{NyWhb9O;~J1x*I+=m zZlsQ>o5o6?77N#m0WQ0IKr!Wk<%qp{`@T(LQVDG1T_Z=R41Cz2QcHo6u|3{zL1Q{f z7{MpdH!(39IxGZi8zS-GoDz*VzQ|f1cM`YVgTnO;jqgwx3#x~LR)h`Y-^C>>!OAL{ z)6!V|nULR8q`oYfMBifB5y=Tm+#gL;VAS*NPik)_Ml0 zI#ITI;d!Zre@XdKPIyz5q2;lFa%_&C1nd4-D#>e-I0IvBs^$oPF&M7Kq)rEr5)KAl z)|b1~Ccr5?d>i%b`wa?-8M7?S{I9I6)&e|Y2(7t5(s^&nH>&CXQJtE_Rj3S)*yGtl ze35dx<~POt^j?Yz-DvZL(eLZHy)UmUU;W#{_LuKxrtps|*CV|)K44NZun9=uE%(pBG{`_F%4SIawRA_OKS?}Eek$mia@{s1to&V@)|7EZL zIH-0_c_=80SF-|9j&z4lmq1}ip#IS4i?}ui%aa}ZPr|Z|1$^K4(p&$a$qB3(pNOQ@ zsQY{WR$8?(L4;xGGmpjDd zGpLB#>SZ`J<+cBGKwDSmcupB88Z$^MSK!MXN-=hkEwily284~cKWLOy|70T~2C^+? zKh(%~96W0_xqM2k%VqiLLvC^Yg9i2vUK6;pAgkAFuZa3_ymd6){TAlwt*rBH>6f{p z_tErCd#_VSH`Q0+{MFXKH4yNT9k5c%sTX+~@axNd{$=iAzKGa8aHwlrruwP$Yx<%e zf-LeLe0#kp{TSy>uxJUUL+;H!$8j09d2pUKKZc{$RQ+pM@MG{> z>@4Klhy*oTGq7aESv^%=x!>Se(%`{j19cO3HFOI-iOva=`LN1KmODY6Ood^6<|H`d zwynNQJf5*)34xH>_P94VL!bGXu;yRTcY$~++N$Oc z-_*9ADA}V{b*uiV3r28_$AsASRXw-g-^@KdFQNw|bXt}rYnOgbK_3_=-}$Oc;K&Om}IRnEv|KMwhmMZV-19If(<~1KLRoXa8_u(n9I3e z&gV2%v(s%TLVRq@@ku%qDthe(ISYy$`{pgKC72X}^wdX#4V-5S3_ZunwEeX@SY5t~ z3wE!J4Z>6uSd-DNnsFvxJfa$X6J-@t-mzUio(FZz=WF1B_5Jc(5VDAVTD1Y7o)>X= zT#*a;Dxiav9Zma5AETvd+4*ijFe^H~dParg@Wl1-@y>_P@swA)o{}yyl|cKiCSlQ_ zL-6eL8-LKWJwAH<@D=#hW7V;Jg&#)KXb~Wp+f?n$F3b?8T0vPHg^eAle+7>c(8$c-X#z6)~yGPKct#GM#rSpX8)j>)99q3LH|czoJn;2?rEk=WFGc0ThvbH4CM-2 zSW0O)r1<>b>{ZU*{pSs^jp)B9a$>*SoFYOB#YoY;X7F)>l*`Zi!3Ms`X9#xz0nLg< zN06@~Dl)20s76;Ay!lgu1|eS)wp`t~p<7AV+6K5f53NLB#y{kw$BLHRHS*IxCSf`I zd!-IAI%U&acoQggNbelNbFIO3!7JU_bK9NbDh+HoVE90PrFK{{dj9jLw&#gJFJT>L zrhz5nP>|4MxuTSj-WVFa{Z5Z~L`^J6sy(^nJHqU{{TZMZ3&UGqYQUvPol2ST6tp-m zj1ZBaT&t@shC1)v8?(G68`n9Ez19~Vt8v(vxJe3Uve>un5Wlc{?wed|IFZG50r|Dd zCv+-}(h738r50%}WT7R&t$C6!AFwQ@Q?EBmfA0O#(6?b#usC&oYZiN*h^j>Jhn9U~ zJ?568R{1P8OGRT*E(R4PH7?*n#w$SiIc;CYu?%^yvN1PlUUg4O+199y_9hLFB9(x~ zM>I3xrM9Z?;9(r7*?TBc7i+`G!D})IYKn>X6z)lN#yk>&>ypNZtU0~(D91$R`QGX1 z$emimaREjzbOv9|5i{ZFNF+c3=~S5lSc`^vrL^?AGvLk{=9Ne;PwU{oz7C8Hi|0zf z%PSMB=Hdxh>ohi=3RJlze=!{~-I$?Zk^%koTS2qvZx`oo{p_l8i0jL|Up(VHDKKJR z<@s{rs2gV_;}``Hco*fUf zJH~(=G9{DFJAOG}FpXA_XKBZTU%S58%qG_;#bF`iv>dlL!T%m zgGKBEZ)%3nu-V#n9e+gB<=2X%Nw;2bWih+uVVfvifZh=CqPXd3tS0PI%4;eRO=_3D z=$|8$h92W|G?O)Le|JtO{Gt6olzEng8xERUa?0nP zLgo?N6=p+c{e*r0orH3za%%X=lZa0;5Yb$62uaQ#1FpFZpTN?R zh9?!(!f};3xRo9O`+x~M1)8|l%Fi`*!nR(I*JA^1nU2At!=vBFh2MpD^qNdZJG>S< z?W;Z#`Jh+CE56+(`XRw0xA0r>qD6E>8uY;b4;mSzPg!5LL&qKg3PYIQVr=3A&Vm1Y z_E+N(`&9Y`Blxv*^`CfKC-Jr7PyVv&u}|#}R&YD&?@AOPG^giAmC$AT<7ycu)? zNK^(l$@c4ChnNK=T4g1J))Q88Dzfu`##`QHI;NwBqH6^dYF0f0Bh96fMb6Cvr!&R( z{3wuUi7`4Iun|1tihXZCjpn=Q{EBo}zihuwul)+`+ zZ`vi$qkmM=I)X=GKs_5BJo+U~tee8fXWW$g(DHX^Yjvi_P*ARF7^&wW`~KWdn`{E` zvRv|oF#So-vT1ECm-5mY%Vj@g0=-;Q)u2YPpH9EG5?jHbQE}{Sh!{>Q8WVX@@J6jm zTl_hwc_r`I8@Dqo_x9H&a*xI3I`&p%f7sR9vgHd9`DbK1 ztfmUnpypIlL_cf6ag9yYA}aYd?vB?9Msh2z2G@&NJbOK(2l2d0YoC@XXeW2wWkT3W z&)}+H(e)YTOvRTH*Kh-XNUU}mZ>vsRbHLnlaB56`-T()G%N#Pj($q1O+b&sTCsFR| zs)zp#?zPkE_nH0+NiesdMX#31W+g*7Gj^>ge_=EWq7B~8MW{{K{5b5b&nt;bt)L;T*LJ&{wMFJ%YkWEfYUxh*(i>< zz4Z9q~FY%KEq}ci2P#6T}S;I3(;RUPeS z5|hp+!v+xs2!4pIxt((t%;~>t9}dPIl;N{tl6>azm0a z>-C49?%D9fulk_Capgm@H2X_Q+P_;WQp8W!ekv9a72Ezbx6ktadFD?&vY5MBBd2zt z+5YYEb1dQF@0MTEY_`p2(>_uaC-U770}6k?7xz`^)I{aPR_C*f)WGs@EN?$=Grw$w zr~c6JRCLjxEVayuItDY>&_Z}6&WlLKzyGwW|79zL`_u%5;S=)GAg zQ=Ma@p<-YR3WR`)#wtUvX;s9Xz-Ek9i^XnVo`1ZayI$OtkA7aIcp5MWD>P2$+C=(V z24I`0__&BD0>YSjSqa8X9b>i57|5p{&-;4BwCWiXQ(utE9HgPlWX3Gk*UUl3{#->o zuT-EwR>n3hL}hEsNK^*`nF*RlMueedVGhYHkj*Er z=po>Mv+f&xW29y+R&*&;kZ~GrOI3c*T!axCMUuyEgj5!c!?^OWPzC0FOLV`j`@9j0mmn zIcNd@E-h-Y#;Ryu4(wbU+*in)s}ak9tO$5v-mrcnU$nyM+`v4{v@}>#8dy%yb;8e8 zr+7^OzunlqQf#(U?A54GqQp#8j^L`ja?&Oag*0xIWGv?k^ko!YF=M!;`-B%A4q4fz z(ub{5hM-fjz*~;f|Kd3AqBDJi4vDy)=`USQtF2zhY5mg8*zhARni4k%sC`#+X}jJ6U4Q3mIIm} z>uK`cd(mmpC%-)19{?T~cjaGVu1o>2-58(w!7tjqn`QU4uS-=_ygD&G;nk?XhH@mq zwrT6I=crYT!Y=2tm$?xzJfs{>DcwiClrd6Kkum%jGc+F;NE?X3xLPtIsi{lHh!|}( zjq1BiemYl3=9?CJFmX}34cYGOIk%=Rm)U%yR~FTj6ao3-sKf>=p2`DgmOT}?|-wN=wScprEvVDb$JU8##z|g zoM8wyTcS#}wk=T8zx2O+p#R|^J^Qb8ka~KXT=#*~AKzr7whT2yQtk&N)9U+sm%Sx~ zq%npRy!`!qW_R@P1+uqBq~9OO9{N73PC&^66EywFD|5xy;r&V@t#XM%qgt=5<`;a=;C3cQ570#PFDjy#N*A zLoH`042BR7UB5H>8R*62`{NH9MLM#tS#>Ns#u%6G=2~Iq7I?8R5Lnj?)zr1%7uH@z zBB9qqx1EN>QZJuU(Xs?zpQG%#{#z(u!8|k2&etZzmt-m|P$BVA9m(b~hTsJT^6@Re zSvMWvq^9I{$zulMr|q9t^QM)s;|R}wLTFI$11%HJ@&voP{H(d!&Y27WWiMl(GAvTJ ziSPM1(zCajNmF{g=1dv*_K%h7euT+PnAf@cKG*9!R@HbAwi6}^{5--MlcfMZDsSSG z@;!k@vAkl_CNaT^FJ40BDkfD{gE-j(@7pB`0*YudkF^jqv)W;t43piB(tV4{fLa!J;{?jeQtZ5V(gx=27Qz%~ z8-!%*X8`07gHR@}Y&0ZcqJ`P?;FI!6yw<#DL%OsSG{f0ZD}5$a_wMc1YpSbmZ(+^8 zBN|;9R**z!&M+Kn0;c$zOxbG2kO^{A>~E7T;ik@IIRPJ3;Y(}2cK+(b`9ZQz(t54` zOAcgpzUQ-w^4}8qOAzD+ug#>4%&m#T+-pIj*RR|<+w_*zLB4l6=6s_498q!V>IZaS z+_>XHLe#>9X;a*eJKVmNWKcjTuH)m=!`m*eroEV#qwD5N#JA69-OmfCmo>Br1&sFFV?jxe8DUY6_2 z0e2MVvpI7VRSc~74w7;%!wFMs#`Y(^mNrpq6(uB$I*}_5Z1}N$rYv_L6SxAIuc@zZ zeb%E74a@WRrs~cwmf^a4oB7;@%v7)NT#ZN$>)^y&EyIUE?+%gnDap8XZTRh>dEahf zI2tv5jEco&@v@n632quJ4dO)>W%CWwMEWb$)Cu?I1Dhpy%jXHi>|Oc%>svtYdQv1U ztGsro>shxm58N!NLFapZfUJks$|~cxE5G<2YGfVx83Ib}s?n?R8E;m%;Q%2dR0fYo z6LS%rqwMDg&FqG&#U~tq%TMggT?U$1F?Zt2Dc15;Y-9Bylf|we_gY#I0~=}PE;^=O zyH^%-_CuxZVV}61MOE22a7~p2aCFw`7YJpM$+ElD9BvN7Ge^hYf8l|fsyx;x6h|AB z3}sKL;h}L^^j3ZkY*!mRbM<)nG0yd51XpQo%z%*zE zvXyKPkb6R41to68epj<|Yz|(FtdZ@^r?W^K#3`SeJ@U8FG|6a~EQREHDQ2;%sCJ=_ zv0CWVx>ZLf95)YDnEBtm&cI&Yyw+?UyfqNKS7F$u5>Zr(Z90+b%DMh0gbM9UYz>iF z<_ov>*YvymzdnEFye)^Jkm?ME)X=Bnpgq<{b>nN=nG=PjLbDdm3jl^@m_4TYza-PiSCrrOD} z45C`d0N~l~2bLo9y>+{Bpp{e{izijWRH1<}Q)pE&x+;Sz8lgRbnra5)P?)|W_IsFc zuqDdN4BZJ{3Y))EX~texuNQ4*RYu@W_yB5eFyIemr0ZtgCwEDQ!&e4uReSFTb#~US z%=HJ0jhC8a(GmKizN6O4-a^fAtjIi&Yk1Ntt5l|Ru{l)m#jh9nos=O^)YSA3$r#6J z!O_S79E|F8YGs-3PihmZHS(yLTjqRmXvSM3OI#&j+zgo*LqdI;+3@o9M!Q?2h-5%H@2%?atfdy9$eejV$9`Srdne?)KzT z%s7f{zM7>1v$wd3+UuJNCp~F0@3T0=zn$rUcjuVG@FRVXXN0jFyyD-O8>mM*b>X>Wa0r5 zIB1>%4O~TXSPKE~V6Zj;(i*x$q`h0w($7Z5q~EHxZOfmmHCOn!24>eiPq`b48*AGx zJ#-{CWHJU)2%w{+`**k|jSZSs$JsQIyE|FiYm1dsLbZICuce8GH7-uMZp#hqy}^JE zgREOihV~?{myjKUcFI_FQXV8Ahd(K4&<12wts$~RndqC+TQ3w8y60xh-jyNfDWVl$ zi<%Eq5KSd2s6-33$#CfInKY3m7amA6`&<|WDPrtTud!QO1hRp&5Rn1+jOw>N_I;R7~N$l zl^!H8a7~fsl6Ru0ZRw+BzQ(OdTC+^u8sp@zzNNq;aYYv?FLW`#%ZpU1*1H`8Yavgo zWp*O-N;AEFt?zD!268`0ftOCDp#c84#GQA+Y1h4I{>gcVCfC49o6_z;4Xkc1BM^3T z<9+-0z=nl#vIdmSQ&>xjh(sc!4KX;@pw#Y3iLmuAOYQWmCCgVDw<}+IY8BtaB2J9w z5k1!_>m19{?j@T;(~z06$$kN(3OKdT96Po4%x`w_am5c~of25*1oG+n8F>dw3Hrljo;kIfJPpVlh=uKQ% z6{p)jR^2<+Bid80Qqmo?u>#=(VS9^mtf;t+CHYL`bTlJKYWFzhj`>=O(uK8(ueraO zSIser+85JaRr5M|AW*f{8J?@D&oXCGl0}TCR#Mu=^D*C{vDj=F?#qkqBu-f!@up~z z-1fG;Ido*z1AXiObnOHg1Qf=s1sxljC=u^u7rZ8;ILz?9ta6yk<7~yM8*wvMK#{T| zIlbVgIsB3LEv2C%9*pCPE#7C`q^U5uv$z)c`I{8_=q9xo;u^rHg}um(Req}q>{YU# zoXp7!tgc&57Kpsu?7va5SnDZxN%tjAl=#)G2?(!OdV4q>QDAzE8xWWbe`lN~G&;!w z?l3WaM3S_7bwRPw%W6g}Xn7%kEzm3`Yk~^&p(3qqbG&#hSs6B+;inGQ{ydY=pf+^vm&vYsvD+g;_gMX%e(>`ef(k*TF{Mg`^D@D-WbWqW@E*iO zi!cMCintAOLa5-Ox`QxjzOmD*eXiD=KX3&29vF|NJ)P9{V?PyY;M;J*0S&80)H z@8^Xmo5299VXzCB$KL-OiaI6S*<&V;Hmqxx_6JT;*-3NN*`w% z?VCde`ffsBl9)|qF6V7_$+FJQNT0ySomXS3u))2Peqn0Tr=e~KYBzDl${op#Ii3g(yr z$pz^xGOx6*UKR11mMJHrwih4@XM`=6!EjNTLA__UU$@+El3E+}d(mQgI@01n=F}W+ zDkJl$JIh$;*{2|KkO#T?{ooEXLvl40R|I&f=meiHQ#BKL=IU&w9id^M;XZtOXo6BU z;M;3(&e<8V*k~e6Hg0%Q#r#%k5Hw`>(C5f+W!iI_u6*}4{%F*Iuf5wW$AQp7u_IEF zmrY}{5qff|(_J|~j5nn$-#*Rs_q<>(m-y_5AZpQoG*KfwRUzt}VW0}t|JpS%Vysfj zhE$aCH=hzU2&^qSTfKN+wW@72e4&wExcb4Q)$mC`9G3Cp_8m4&N%rRzN0;Idn6zn=+A)*;K9`+as z*#sBId(fDLd6%Nkf|-{dm-%VLuPMheYVE{0H^fgi zL8WAb5;f;Bl;(tqcCqkcaf;Ye(`ODMGu5?*Xg0pS3Si$S1xX~boMPeyr1B;;i}3QZ z@_$P+dU%$Iz36zk(p7w6GVZx<%f7t?{&fR@r|)pK)`1%qqg@Iu9QQ3M*3Lk)wP=o| z4_Q9^hmXRr4j)EU3t_o!e6Z$RhP4QS#D~P0T0ON_It}5YUD`4W*e>bXZKssIs}GF4 zLd4lG90+Z}lWJH6yGU6o`rprOIy;B5()R$C)+*^Vw?6>}MULhG5f6vg0tjHsV^-Fa z#w#Z}{mKnlyvA=H42dsS8?uYPlRUuxfQPvqhFRz{tH%s{FhP4>Ad;0fN$l0uhoh6F z<+yjs3&U`7mqoiLfs}gS|Eas&4f<459Y?U*<(1jN>#A`t;d`9=MnZG#=Rop4xG5#o zL@6NX!h)>hUBsjgWD6$?g&=j0u{KHp68Bwb0+*!bZ@~ow6wJ&H%7ceSvEOv0BtR5> zFGNs6NmxGf7h^EDKn~wHR{3D)Q=$3#-+3cv#`mnaVJfN5{}0`k|HnSn?uJWG^WJXI z>nKlh=~Tr;#V)%6(wLL}MR__2P|U!e0cQw(lfN=}h0*fZiK}-Y@9Ok+@Jlx7fc`pM zkh}kq8K-OfdEgC_KtMnos?=9k3YMX59ld^LoS}TvXK2`@s#st*lxQnyXR$ngz+R-& zT@4#oU@$knPDM2*110+xWf_kJefeyHP%W;C1gk7sUrFRnuX;tMRK!!gSY~gt2kN{U zT-k1jMi~kz4Jd%%lLmGVqG=b-MCrZpq_6SxSxgZEohT2OX)`gPFdAr1ebvsqp^1iR ztunj`b>|(&HPnL^PkZzBeAD~;QwSD%$*PiiSVO_XmC;C^N7;EMx^GAt3)2)Phk)a+hl9vjtKfe;)Do@;Q&4(0)R*i9CDHST@ zV93E=1y994GgrWG;=QoqO?ZKGTCkN)-+t$PxMRk+6cY4_%7|c?gNhNmM^nlA?gp8h zOZd%lB6|n5op(>$QyCSiYspX3^yPw`$I+fP$ z3|F%72mx6cV$NLEZBPMbT0UCR6-b@*JC%-sT9(D@@_`gebdQ+BXf`)y$#7ms8&UZY6{XpW+7^CRL=2qWxii~?XuMRiZEYIX>*#nRZ&Zy zb*pTF=vtYuWUy)H8sUJ@w*aytIWi4Jb7a) zuA(#Z{04iVf#Mq!C9c0GwFJ%qIZoTQdCIgBwS2lb|FiS(%k5G=$18!G2hI-yUw&17dfk+qG(YW-wJw=I+aJ}FEO0|r-Kbi^qK19=FuJqQRA)Ltsx74A`1h%F}%5F z3kJ6}3Sq2(CX#%6@;NuFgfVIr3eaurQxmk!qo?Pcd3f{UZu(J<2nNGGs- z8CI5q)WNyIkK>6n=E`7Kn}Ctuwi_ZeX7E}y3U^y9!N5&JIiR5muP+hlIH3m;Lp_5a zDjNk20(rg-97oR>zvn_blL?{3oP(g@dQQ`F9{J|@K&%~mg)Bs=UzcCP7f~66w~>)_ zd2-%#K!!h9-5O*~ju-zP@7!NX&aE$nZHZ4IKEE}B%-s9#$knAx%5~1NG0eSU&|Urv zT4edj(pqqXVs?PjJfDmkJGIa2V8#@sd#T#qu($H*xFok0gmJXYk8? z)oVM6(!HF7V4H!5cI#n#6hqUf_OdAzms1HqZ`=Itmiw%ZY0spD>*0`? z#b$;`ncJXD0=Ox`#1GSJdrYsH5OGAHwPbAIAJcY(Z-a|+Xe>g1DACo%Y~EC?xe^Tb zRLsCJ!i&g+0;CP+D#6MT7&j&dyR_&Rc3mx#AomiIfN=XSnca9>-d3W1kMPTAMr zLb-2R>4l{b4}l`{Cd%in09p0U2kdZV~FD*nPDf4@AU9>PAThfV4 zp?K)6v?u>~`2Okje~-YYHex<^>!QqZ*z!{ABgdDXK|(VDYf~Z(`EzUP~CrC1xY4U4;KLCL0An=8hm z8|-X^^gBmuDHT$@lEzK06S#336bX(d1ZkaPV`L{ zpJ;MDJe^?~z?i;Q0nsZNW%7zeM)z3Dq{$nIC4J{L{0QzNt$pEHuIfht+wAepr&3Ij zV|_$wGCjcqtwZNyFT7}FXDH)t)nh2AVa%hrv&8b8iYt1n`@)qK+F89aSd6L8dJwfL zd|_^r$e8#Ve)St8vV!1Vl^!~9^lox$PWy`TW+>YAFn zMmY-JTQV~RIS0(vG5VbLW@q5 z0DdS`H&JurtJ<>olS@@WXODS*+)88#VKTYFEtlDAq#poO5Qum-_}Svctq*cRC2OWr zEzPBnazVqJBW)3XC6HTpTe%&8{$?8aQOU;U+gu@N^fcjRx7WV}bpNI5YkB=zymO=( zck6R3~MuPr@&B|z)X}{j)$rP+>E5fA3Uo$PWF#e zBMwh}%ZX(8&8X*_)MSsciWMjk5_dp&C4?D>+8!oA|y9Y`h4D+ z`*}n1#`nCGPY3ynX(d?E35&j~RQAg_kfx$a1rex^v?(*!rce`B(VPi% zjrz{#ZmpHDxwabhV7T2fB0*f`4$4*3vT#tN12)?1q@AGF1OK9Yp~t(mzvKDlir3Id z2)HBMBCHLCK^|*XL*11GgK@V-d`@bIge|^P&D*y1;O;V3C$o*Zt zrEd7&lrVf|_W9f9{&OeJ`J$xFq;CvhwJXN?M-TfOnV&gLVx2o7tXv&m<7h5CTTJl` zqr*{^y5-@S$JKbZTt8`6<9VF6R)!45tqcIhF`ys4qH(%QbKz;hN{7UC>stF4E2Ao` zbPe+ekg%KFJuNNp(9mcXuZMK!l>s3OLpY>ANC}}YBAT!ebI+Pgew2bnA36=1s8G;o znoAzqHV&-W;Q8?yf$Rx|rqNp)-&r{5$5!@}e)pLbY37_>gHLfQ>6RpqD^qql41Q*2 zXF}JBP-f7n74cMMX*pMbYA?X(Eixv+SV%?rH{AN z`iBorx1DfltXs>fuhmZe1m>mr6Pj1;kGcN_K~GQm literal 0 HcmV?d00001 From 6251846d6468d19ccd8f67134e57ba770a7839cb Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Thu, 3 Aug 2023 17:46:41 -0700 Subject: [PATCH 02/17] Add notes and refs to interfaces --- .../decisions/0002-local-scanning-with-scanner-v4.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index 869f07a064ebe..024cd74bb4fb2 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -48,9 +48,9 @@ message IndexReportComponents { But that will be left to the implementation to decide. -Secondly, Sensor and Central will behave the same as today regarding handling scan requests. Scanner V4 clients will implement the same interfaces as the current Clarify clients, and a new field for the `IndexreportComponents` will be added [to the `EnrichLocalImageInternalRequest`](https://github.com/stackrox/stackrox/blob/ROX-16834/proto/api/v1/image_service.proto#L67). -That addition will support both Scanner V2 and Scanner V2 requests in Central, which should then be accepted by [the image enricher](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/pkg/images/enricher/enricher.go#L111-L110) so the Scanner V4 implementation can call the Matcher. -Despite the fact that Index Reports generated in the secured cluster are not going to be stored in the central Scanner's DB, they will be cached in the secured cluster Scanner DB. +Sensor and Central will behave the same as today regarding handling scan requests. Scanner V4 clients will have to make minimal changes to int the current scanner clients[^1]. In central, a new field for the `IndexreportComponents` will be added [to the `EnrichLocalImageInternalRequest`](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/proto/api/v1/image_service.proto#L62). + +Finally, Index Reports generated in the secured cluster are not going to be stored in the central cluster. They will be stored in the secured cluster, in Scanner DB. ## Consequences @@ -61,3 +61,9 @@ The new Matcher API opens the door for Scanner in Matcher mode to provide vulner The Node Scanning can be migrated to Scanner V4 using the new Matcher API and local scanning workflow, as long as it sends Index Reports to Central. In the event that the Central cluster is updated to a version with Scanner V4 enabled, but the secured cluster is still running Sensor based on Scanner V2, it's still feasible to detect vulnerabilities if there is at least one instance of Scanner V2 present in the Central cluster. This allows for a seamless transition to Scanner V4 while maintaining backward compatibility. + +The changes in the protos minimize the dependency on Scanner V2 protos, making it easy to remove them in the future. + +## Footnotes + +[^1]: [In Sensor the [client interface](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/sensor/common/scannerclient/grpc_client.go#L24) is used by `LocalScan`, while in Central the Scanner V4 intergration will support the [image vulnerability getter](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/pkg/scanners/types/types.go#L33). From 7deafa21294d78959fa1af814610f55691788e69 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Thu, 3 Aug 2023 18:00:13 -0700 Subject: [PATCH 03/17] Clarify needed changes --- scanner/decisions/0002-local-scanning-with-scanner-v4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index 024cd74bb4fb2..a7e9ca3cd8a05 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -20,11 +20,11 @@ In Scanner V2, Sensor and Central coordinate the calls to Scanner and Scanner Sl | GetImageComponents | Indexer/CreateIndexReport | Retrieve the inventory of artifacts and details on the image content. | | GetImageVulnerabilities | Matcher/GetVulnerabilities | Retrieve the matching vulnerabilities for the components provided. | -Although `GetImageVulnerabilities` and `Matcher/GetVulnerabilities` are similar, there is a crucial difference between them. `Matcher/GetVulnerabilities` was specifically designed to retrieve the index report to be scanned from a separate service or storage, similar to how [Clair is implemented](https://github.com/quay/clair/blob/main/httptransport/matcher_v1.go#L116). On the other hand, `GetImageVulnerabilities` accepts a list of components in its payload. In order to fully utilize the clear separation between Indexer and Matcher in Scanner V4's design, changes need to be made to Central. This includes Sensor's ability to handle Index Reports and Scanner V4's capability to retrieve or access reports that are generated in the secured cluster. +Although `GetImageVulnerabilities` and `Matcher/GetVulnerabilities` are similar, there is a crucial difference between them. `Matcher/GetVulnerabilities` was specifically designed to retrieve the index report to be scanned from a separate service or storage, similar to how [Clair is implemented](https://github.com/quay/clair/blob/main/httptransport/matcher_v1.go#L116). On the other hand, `GetImageVulnerabilities` accepts a list of components in its payload. In order to fully utilize the clear separation between Indexer and Matcher in Scanner V4's design, changes need to be made to Scanner V4, Central and Sensor. This includes Central and Sensor ability to handle Index Reports, and also Scanner V4's capability to access reports that are generated in the secured cluster. ## Decision -Scanner V4's Matcher will accept a new parameter in `GetVulnerabilitiesRequest` to support local scanning. This parameter will allow clients to provide the `v4.IndexReport` for scanning. The Matcher will then verify if the report components are available. If not, it will retrieve them from the `Indexer`. +Scanner V4's Matcher will accept a new parameter in `GetVulnerabilitiesRequest` to support local scanning. This parameter will allow clients to provide the `v4.IndexReport` for scanning. The Matcher will then verify if the report components are available in the request. If not, it will retrieve them from the `Indexer`. Example: From f73d384e3565b39e5cda37d1b3b10f84281190ce Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Thu, 3 Aug 2023 18:02:01 -0700 Subject: [PATCH 04/17] Fix a typo --- scanner/decisions/0002-local-scanning-with-scanner-v4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index a7e9ca3cd8a05..7292c64c3bc76 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -48,7 +48,7 @@ message IndexReportComponents { But that will be left to the implementation to decide. -Sensor and Central will behave the same as today regarding handling scan requests. Scanner V4 clients will have to make minimal changes to int the current scanner clients[^1]. In central, a new field for the `IndexreportComponents` will be added [to the `EnrichLocalImageInternalRequest`](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/proto/api/v1/image_service.proto#L62). +Sensor and Central will behave the same as today regarding handling scan requests. Scanner V4 clients will have to make minimal changes to the interfaces of current scanner clients[^1] to support both V2 and V4. In central, a new field for the `IndexreportComponents` will be added [to the `EnrichLocalImageInternalRequest`](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/proto/api/v1/image_service.proto#L62). Finally, Index Reports generated in the secured cluster are not going to be stored in the central cluster. They will be stored in the secured cluster, in Scanner DB. From 1d0aa25fef7694a464cceda017f79e00765930eb Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Thu, 3 Aug 2023 19:00:17 -0700 Subject: [PATCH 05/17] Update 0002-local-scanning-with-scanner-v4.md --- scanner/decisions/0002-local-scanning-with-scanner-v4.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index 7292c64c3bc76..0a738f6bd2285 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -50,7 +50,7 @@ But that will be left to the implementation to decide. Sensor and Central will behave the same as today regarding handling scan requests. Scanner V4 clients will have to make minimal changes to the interfaces of current scanner clients[^1] to support both V2 and V4. In central, a new field for the `IndexreportComponents` will be added [to the `EnrichLocalImageInternalRequest`](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/proto/api/v1/image_service.proto#L62). -Finally, Index Reports generated in the secured cluster are not going to be stored in the central cluster. They will be stored in the secured cluster, in Scanner DB. +Finally, Index Reports generated in the secured cluster will not be stored in the central cluster. They will be stored in the secured cluster, in Scanner DB. ## Consequences @@ -64,6 +64,4 @@ In the event that the Central cluster is updated to a version with Scanner V4 en The changes in the protos minimize the dependency on Scanner V2 protos, making it easy to remove them in the future. -## Footnotes - [^1]: [In Sensor the [client interface](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/sensor/common/scannerclient/grpc_client.go#L24) is used by `LocalScan`, while in Central the Scanner V4 intergration will support the [image vulnerability getter](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/pkg/scanners/types/types.go#L33). From 9603f180f6c86abe466a49ae6b6dd5425c48d9c3 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Thu, 3 Aug 2023 20:15:45 -0700 Subject: [PATCH 06/17] Update 0002-local-scanning-with-scanner-v4.md --- .../0002-local-scanning-with-scanner-v4.md | 21 ++++++++----------- 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index 0a738f6bd2285..d9e997a288c5a 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -13,14 +13,14 @@ Local scanning is the scenario where the container image is pulled and indexed ( ![Diagram of Central, Sensor and Scanners in both central and secured cluster, showing local scanning flows and related events and API calls.](images/local-scanning-diagram.png) -In Scanner V2, Sensor and Central coordinate the calls to Scanner and Scanner Slim. The local image scanning leverages `GetImageComponents()` in Scanner V2 Slim and `GetImageVulnerabilities()` in Central Scanner V2. Both APIs have similar semantics to Scanner V4's Indexer and Matcher services: +Currently, Sensor and Central coordinate the calls to Scanner and Scanner Slim. The local image scanning leverages `GetImageComponents()` in Scanner V2 Slim and `GetImageVulnerabilities()` in Central Scanner V2. Both APIs have similar semantics to Scanner V4's Indexer and Matcher services: | Scanner V2 | Scanner V4 | Description | |-------------------------|----------------------------|-----------------------------------------------------------------------| | GetImageComponents | Indexer/CreateIndexReport | Retrieve the inventory of artifacts and details on the image content. | | GetImageVulnerabilities | Matcher/GetVulnerabilities | Retrieve the matching vulnerabilities for the components provided. | -Although `GetImageVulnerabilities` and `Matcher/GetVulnerabilities` are similar, there is a crucial difference between them. `Matcher/GetVulnerabilities` was specifically designed to retrieve the index report to be scanned from a separate service or storage, similar to how [Clair is implemented](https://github.com/quay/clair/blob/main/httptransport/matcher_v1.go#L116). On the other hand, `GetImageVulnerabilities` accepts a list of components in its payload. In order to fully utilize the clear separation between Indexer and Matcher in Scanner V4's design, changes need to be made to Scanner V4, Central and Sensor. This includes Central and Sensor ability to handle Index Reports, and also Scanner V4's capability to access reports that are generated in the secured cluster. +Although `GetImageVulnerabilities` and `Matcher/GetVulnerabilities` are similar, they have a crucial difference. `Matcher/GetVulnerabilities` was specifically designed to retrieve the index report to be scanned from a separate service or storage, similar to how [Clair is implemented](https://github.com/quay/clair/blob/main/httptransport/matcher_v1.go#L116). On the other hand, `GetImageVulnerabilities` accepts a list of components in its payload. To fully utilize the clear separation between Indexer and Matcher in Scanner V4's design, changes need to be made to Scanner V4, Central, and Sensor. This includes Central and Sensor's ability to handle Index Reports and also Scanner V4's capability to access reports that are generated in the secured cluster. ## Decision @@ -54,14 +54,11 @@ Finally, Index Reports generated in the secured cluster will not be stored in th ## Consequences -This method eliminates the need to store Index Reports in the central cluster for images obtained from the secured cluster. Instead, it distributes the workload of adding, storing, and retrieving Index Reports in the central Scanner's database across a large number of secured clusters connected to the Central. - -The new Matcher API opens the door for Scanner in Matcher mode to provide vulnerability matching with multi-tenancy, where multiple Central instances could connect to a single Matcher instance to create vulnerability reports on demand. - -The Node Scanning can be migrated to Scanner V4 using the new Matcher API and local scanning workflow, as long as it sends Index Reports to Central. +1. This method eliminates the need to store Index Reports in the central cluster for images obtained from the secured cluster. Instead, it distributes the workload of adding, storing, and retrieving Index Reports in the central Scanner's database across a large number of secured clusters connected to the Central. +2. Re-scanning continues to rely on Deployment Resyncs. That means images are only rescanned after a resync deployment message is sent to Sensor, and the image cache has expired. +3. The new Matcher API opens the door for Scanner in Matcher mode to provide vulnerability matching with multi-tenancy, where multiple Central instances could connect to a single Matcher instance to create vulnerability reports on demand. +4. The Node Scanning can be migrated to Scanner V4 using the new Matcher API and local scanning workflow, as long as it sends Index Reports to Central. +5. In the event that the Central cluster is updated to a version with Scanner V4 enabled, but the secured cluster is still running Sensor based on Scanner V2, it's still feasible to detect vulnerabilities if there is at least one instance of Scanner V2 present in the Central cluster. This allows for a seamless transition to Scanner V4 while maintaining backward compatibility. +6. The changes in the protos minimize the dependency on Scanner V2 protos, making it easy to remove them in the future. -In the event that the Central cluster is updated to a version with Scanner V4 enabled, but the secured cluster is still running Sensor based on Scanner V2, it's still feasible to detect vulnerabilities if there is at least one instance of Scanner V2 present in the Central cluster. This allows for a seamless transition to Scanner V4 while maintaining backward compatibility. - -The changes in the protos minimize the dependency on Scanner V2 protos, making it easy to remove them in the future. - -[^1]: [In Sensor the [client interface](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/sensor/common/scannerclient/grpc_client.go#L24) is used by `LocalScan`, while in Central the Scanner V4 intergration will support the [image vulnerability getter](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/pkg/scanners/types/types.go#L33). +[^1]: [In Sensor the [client interface](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/sensor/common/scannerclient/grpc_client.go#L24) is used by `LocalScan`, while in Central the Scanner V4 integration will support the [image vulnerability getter](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/pkg/scanners/types/types.go#L33). From 1630f3a4ab423cf5cf3f22388df945a93d6cfb17 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Thu, 3 Aug 2023 21:35:05 -0700 Subject: [PATCH 07/17] Update 0002-local-scanning-with-scanner-v4.md --- scanner/decisions/0002-local-scanning-with-scanner-v4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index d9e997a288c5a..a78bc8b1204b6 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -56,7 +56,7 @@ Finally, Index Reports generated in the secured cluster will not be stored in th 1. This method eliminates the need to store Index Reports in the central cluster for images obtained from the secured cluster. Instead, it distributes the workload of adding, storing, and retrieving Index Reports in the central Scanner's database across a large number of secured clusters connected to the Central. 2. Re-scanning continues to rely on Deployment Resyncs. That means images are only rescanned after a resync deployment message is sent to Sensor, and the image cache has expired. -3. The new Matcher API opens the door for Scanner in Matcher mode to provide vulnerability matching with multi-tenancy, where multiple Central instances could connect to a single Matcher instance to create vulnerability reports on demand. +3. The new Matcher API opens the door for Scanner in Matcher mode to provide vulnerability matching with multi-tenancy, where multiple Central instances could connect to a fleet of Matcher instances behind a load balancer backed by a DB to create vulnerability reports. 4. The Node Scanning can be migrated to Scanner V4 using the new Matcher API and local scanning workflow, as long as it sends Index Reports to Central. 5. In the event that the Central cluster is updated to a version with Scanner V4 enabled, but the secured cluster is still running Sensor based on Scanner V2, it's still feasible to detect vulnerabilities if there is at least one instance of Scanner V2 present in the Central cluster. This allows for a seamless transition to Scanner V4 while maintaining backward compatibility. 6. The changes in the protos minimize the dependency on Scanner V2 protos, making it easy to remove them in the future. From c07d8e63359596dd6f363f62e1e964868110ac04 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Fri, 4 Aug 2023 12:57:53 -0700 Subject: [PATCH 08/17] Update 0001-scannerv4-apis.md --- scanner/decisions/0001-scannerv4-apis.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanner/decisions/0001-scannerv4-apis.md b/scanner/decisions/0001-scannerv4-apis.md index abaadf42fb0d4..eb7df87fa077f 100644 --- a/scanner/decisions/0001-scannerv4-apis.md +++ b/scanner/decisions/0001-scannerv4-apis.md @@ -1,6 +1,6 @@ # 0001 - ScannerV4 APIs definition -- **Status:** Accepted +- **Status:** Updated by [#0002](0002-local-scanning-with-scanner-v4.md) - **Created:** [2023-05-09 Tue] ## Context From fa67f2f0b6ab06cc8511e9554438efc9f754b8c0 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Fri, 4 Aug 2023 15:56:48 -0700 Subject: [PATCH 09/17] Move to svg --- .../0002-local-scanning-with-scanner-v4.md | 2 +- .../images/local-scanning-diagram.png | Bin 94138 -> 0 bytes .../images/local-scanning-diagram.svg | 996 ++++++++++++++++++ 3 files changed, 997 insertions(+), 1 deletion(-) delete mode 100644 scanner/decisions/images/local-scanning-diagram.png create mode 100644 scanner/decisions/images/local-scanning-diagram.svg diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index a78bc8b1204b6..d2bdd19c50e58 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -11,7 +11,7 @@ Accepted. Local scanning is the scenario where the container image is pulled and indexed (aka. analyzed) in the secured cluster and sent to Central for vulnerability reporting (aka. scanned). -![Diagram of Central, Sensor and Scanners in both central and secured cluster, showing local scanning flows and related events and API calls.](images/local-scanning-diagram.png) +![Diagram of Central, Sensor and Scanners in both central and secured cluster, showing local scanning flows and related events and API calls.](images/local-scanning-diagram.svg) Currently, Sensor and Central coordinate the calls to Scanner and Scanner Slim. The local image scanning leverages `GetImageComponents()` in Scanner V2 Slim and `GetImageVulnerabilities()` in Central Scanner V2. Both APIs have similar semantics to Scanner V4's Indexer and Matcher services: diff --git a/scanner/decisions/images/local-scanning-diagram.png b/scanner/decisions/images/local-scanning-diagram.png deleted file mode 100644 index 8adb5dc970008a525679ea0add9cf81a89a87d4c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 94138 zcmd422UJtr*Do3iNLP>|RUx4pRJtf2orE5mgrYzw2?V4oMLp6xga8Hv3?x7T0fB^$ zsDN~V5J0L5NXLSJiU+;%obUUe|GRH|cieZ!_}+UnBYV%Rx#pa|IrrXKSu1P)dj0Dy z;1tvtVhlKP1OPa~d;xwf9(fHhFt}k2voeO58~rWl12F0MMF0RD5E=|K(LZ*r z0{|LF{%QLsC%4>#-TyLooOwLz?F|6zQ~&_nP5{8^Q2>C$`7ass@Lym%#}tV%aRoA8 zJ^+7!7vLNK0tf(j0+g7XGTNdV{9yJ$Bsw=j`AKk#(U&fH$Z}!ZYHcFzi-9=pc8B?tjCVCA34gwl>46o09csF zkFj!}WFlqcNLF+K4f;|1sfcAx!c}e>TE`n?7{oHbuR#yTbD7v z0RH%|H3L7Je*vD|0`Pd^^{I#Ti3@Ft2TNjrV}+FdpDj14 zIS{44^_Uh8wrV#s|2)x!1N~OJb)P5TZ{zh2Hl{3~_81ILPoJMO*I1f0-t&N&S3yw2Zm^mE!E z4iK_8ePinEw5jrn6T`RqX>T3+Nn2OT zoz3GyAz7u`CrfR19Cd|&y1ZvTwkI^(&!Oyx z0_V;J+wpFwY2FWP(GJn^Ys=xegfI3vC&eeFW-aDnRl(SPNc5Y)Ku4eoh|n$_V#ABe zS28SdvE9dfkmZe?;!RveULx$Q7afWiAN~T&@4bmlQ+Lf@`SVfd+4=HTZ-ufJN6WQ0 zH4R$EIpgCMS9H@f^IEokCggT9|} z^B%OrPL5`WQ(@T&P~kA{#klgp(Mw?+2`I}R|4$D_8TCp!W!h%x*Pl|>E;#b#!e(=9 z-HDb^>Wn`h)_7flSUw-dNCZb7)Pud6=SOaju5%*KQ@Teg8^lKQu~cPmGaFwsTT5x# zZ^rSwD5SQ+E0~_%01lphcVSYx*0Oz3FWEdhbe1lo;HpuHr)hBS4j_;FW(D)3`Rq#J z{V^$)7;c;oY&nRNJK}WOobB4fnz$}|VVhroydYZ{V*l}(z1Os@DO(jAJ_h`Yw*JlY z$(gTKuYhW+Zhw%{=E+_!6pwIK`)LsV^HoeyEG6R24Ol)nKQPj9@@cigM_6k>iI4r- z+x}cSdM0XbV^)2m#IdHGstKKIp;XD9e@PA6n+kNhq?qsW6~)ie4Wu~llsLcY$65h# zPx84Dh#j_mMJcm#XIQYH+Yc}Iz_9UqeH+&_Lf`C*dgVm-U z&(o0=I-z|Ucr-NgZX^2;nZ6tnX=!3EwGY~Y9w05bBrxmAJpJ#?>c=dIxal0t}0?0yK zEwIBkz;`a97NT4B!+DCTVq$DvzY0W`xq2M4G5>ck0l5}16T(k zBxQJcx_mrcGM~>lUli^u4>QlCrls{kvcRoJn`t!+%k-1gvJ$Y_H=`A{oD0IDMuDPCGz*Kl+T*P%e>gIe)%ySJ^BbN7&W9-ecW@+>#J$sxgCp zYS;|*?6-7j0;TweO{`H@<~MnyIgz=IO-|kh*$xdVdYDwADiMU_tL5<@uduI89mv5@ z%t)yZ5E{iswdTQMZ1lpLv+%)?k9>1M$6qZ;-)jIzU4sPg$msqNO!Ky6ewj=iTfv|( z+ZJ)=wuPaR0+_8p)96w>TQd zt+mov&DFT4)ziAYS!&cD(W^CFq9CbMd(`%o`gntm&-H&9#QV@Q|H!S z4j=v_Y7{ib6|jypXH2`i+&`cUVVd%awav2L=I4ASa8&WjPxDNt!*V2p&Lr%?wa$j^ zR(TYdd3OvrDLz-tMwtv!?Xk<_eN8;dWc59~Ri*fTcgy6wa?;mwhFZ&{Xh^Nuda@jR zILaaSVos3RCksPkPmhwovAa*iEEtwJVHnX~X_}|Kyl=ANOnQ}UThlWbAK{>PsO5gW zWBQay9a^hr_14vL64lho3QNc%ug&UJ_De6>tmB2!hLZdQ7c8nKE+~j+x=}f@ZOHJH z76hSUci!SfOnHXGesjczWukWO##y!A0gc?d8Hf4s2H`~iDFjK$HU%nUdYK|Q4%BxE;z-4# zjO%^-Xfp^^znE6nTJx7vVS8q-y21vnA4sF3m4-IP#9qv1h3TDr>ZHQ; z8L(|1%OmFXtL6*`zq=widudGti%hi(r-<{ORaOCluKK+$W2ChRe*x|#TGnA6>$Uj9 zrR9_Mu19q3%zEG@;1=asLmHr*wIo7 zA=hq<-QAm5k5Mw5!FoTCg5cJUBA(R0|B-z**6s0Po~@T1QHv4THgyd7&>!CetX4Q{ zga-|?B8neQ;qyqqWsPKw!$h7H?}7X%>+8)3UQxSz1@m&hI4=_V=0y9RQgrGQ$0WzQ zTIC4NJFi4`_;GZitC{oze;!on^<@YJxTDLHsYQsl^Q9l`wGmQQr!LC~MsqCAL)>HEmGQ7jsVO0tf8*mTHCX>-OQnCYY9!o-`$IlxFB>(o<@!u&*7}jZ zY-sM$A9*cmkS+E+9Ji#Aho#K5tG`M3q3*uJFM#APz)(mAo9@2xFF?~z&qx0${{Q}b z^CY$RnGSRP32?+__2w2aN7)EPyw$Z^ex<=7z#{t{uoO7P?gff$HhcgPa`$x^N^`!? z+mhkvqnaY$snTB_M!$UMC-Z9C_=300-jIOm&IjB6_vU`8AEzSJe*rA(T1DKhc83S3 zr$F$})_vr!xRsnswrbhTKI_38TRB3NhQo9`LjmHA=iyy8f?MOf<{|n*q8Z&Q8XMh< zn+2Q2Dk{~#07bkn004;^YXCrB<#trd^322#;uYkn^DzmZmlrTB^-Fc$F7+r`8~JWT z=01W(DxE4CC?}Se#KO;{1Bh~ zaHaIkQ}mTmafy~d<3jFCbEJ<=!jf`&&aGi=`vCo&DBBEGGe=5|(ARGe4G?kA>oo=p|qk0gu9|3k0y-6Ret9Uc>K3JtqCoEj$w6I zi7H-_b;ZSH4zAz$zPL*p%AiRy;UT-?vvE@-ZEE-84`y;^$inm_7lBp()S%oOyCyT`1S9Pc$#GG8yjRW@)CfM;~`g zt{G~&OP6mEdFoK4JlQP2fEy>Jn`DvW!o?w%g{}HEBBg~JOVx;AS!8jXPk9+jW(Ycf zl6!NhU}8N(2}7ork4Vp0Q7mC^(w2^wgZN4!A|3LF=qu^P6uHL8=bHDEG<}^kUL2;q z!z+Sj&lgXGD;kev|1f|(sW;Xu(eDzp)FsSd!)vOe!}@t3$ub7~Pyc8J#nq4Lohzn?ZPAL^v%wUWq#f*@;ltvGnS&XhTaCop zfiSpp0B(D9623FCI@fb+F@Y>lfc~5=c?n8XBBTg}>yO!zDfRHYK~}5Bg=*3u>{;Uv zRoYxh$6p_1>1(Mtr&=|9d*8Lp6g5Een5#Lo>AtH^7QYhMj0Kj)6vtC@L@m13)!=E3 zc?&U|g-N1$$@WcK$f=iVjf!+|o{|>Pa!pp!(CO*o=+O1gxpH}C6HOYG3vMrSGv<)b?1&tTek{cj!>4F!IK^wv}G1G$h-K zKOCxGD-L51W6PS{k5D5Q=-Nd^OGznPTi#cc=39z7Ik^+2Fph^6kp|nqg{XA)##f-@ zkh_^jsFm~_SfM*hhc`yWfq@1x_C#66^Fvs5J+_-_6k;fj%_PCHsdOoObx?xTP^vJa z+$91?c~4OyVAE5~%AxC=*=W^=RyQSe){J7JPW$HY{{mEolm%!#O-Nug(f`!zzvCkp`g!ndUXfZ@A^C0j7-<{F_nsl$ zB#y=H^HRJa7bcH^j=55IjIVTRSylS&&o{U7O^iTMX=bn8T6UohB{S;h{)LM7@PziF zUx~c^CmPS@rbaG%ZeOKsWEwUUOqi8E3oY*_BI!;2iYlKv%0@weBNSKM718Sf)SfR{ zl&Y}a!4T6b`?7A^_)S6)JnZK)Q8{kQ&b&**GHw)n&PhqUP}SNCwP-G%daH${Xn{GDkV?a5c?rin z{)P1)=16S`^8Q(0=3iC#LX`*+hde9F?CY{4wn~Z)l27ao3P+d0!R+Sh6>6$|dJ3~)FDCtyn#Ka^pET}m@9w^6~c}Ieor^CoS9b^Tf_350~Fr9*r?W=Sv7*Do3!U` zJ}QKN7e@X`ZVO!&DoZ?R$SJgPw+ii+;xXLjIy2+hA9cuq`l0h|hYG43siUn$_hJ0D z1uO4eSsJ}(5UA$!qhRx3-tJ(p>*lkB^)?+8e*=Lc_v19WPls-^4N)%BK0OS=Kxrq9 zjoY#*XKPrsThHs7Yb8!di=cs&UDpean_S?U9Pj0ivz@MOsjjMwHsfwhA~c;pkM+e9xk1sKHJyVjZ&n#Lb3x@Ms+<&-^&D%HFCE~jK|ov}CLg_mX<{R(}1%=dX|#(8YcIZ(QC zxUnL?&Z5>9B+M(=x`yzno6(5rjIo|>-cHWwzke_}9IQ+Op<~ z!-K&K{T_vAyA9BQI8c4qELFT)a1lxcYTr4-U7u-Dt=A+>WGGq;kR)Rba%K|pPE}al z;69&S05kOI*DCQ*(HRpdW+Tt5t*Z?+-5#$2hA&h)%Lm}}cdO?THQaT_tKZzQtTG-% z^5WUmr`=RUDWcaQ;lx~Vtgyz>2?5qT`x=bh#dv3XY z7f;EBzNMB>_q$5@HM6GSSc2xbtMWwOWSNb8k4V~}5hy7M%KL%Cj=VeTmCR{xTq1I{ zpIcNBgs;FZI@_Ed^q{G`EE{_}-^oV7KhJ%&U>zzWcLZB*+~So|wZAe39u|+;y+{v# zobGly1FyA?_am(tdh1nL_P7R@q(6>~Y1oXi&eXkUKUEuQw|;6L*|`PZOF#Gq_n*aY zHrGeYr|zK@CUVv*UpL*F-kI>$IB~nxA`jyDU1NH5LpJ)G+dSRF>a@_c4mlxP1Z3d2{=EcQ< zs1PBlq2Xm?lBoRa;3b$>Z_P*V7MC3KGe`T|t*Eq+EGrd!nccP~=Bk=+?Amv^ud>!N z&;A-&SY;MkD>YyWoR6(GAw;{gL^GXa-?jJ3l$xe@*?#z+yr`Vd!uJOO>yuUdn~~`{ zo!7G`-r54MDBI5RKTXdY^@BGO(oITDNA!UzpHDs0$UT3e?nUsdkf;?L`o}uXuE49O zqH2BERTwnKXyd*T!JD0(Ei4T95AT0NkdCltsUlX%PybN7@XXcX;Q-Q${?Z_BW-=b< zZ$pIY$%DKJAN6p&@-psu0D$nrtEC#>PcmomxAcAi>YM&z{~0C!ySNjDU}x>Q_TYua zawvJkH8Jg#%XP-X9e%o)=Ew3&gml@rg*Aaeeizv2SVCG-P7~dIWqYP=^$)j;N^|2% zT~#jE-<%W6Ck$3-G{3gX#~jdoHmo-T`5KAd7-!USMH)UlAUX|Frk|67up&Er+1K4H#;rJj!KbOMUy4b_#x7o&<`xu6x=u0oT%X%!j?0YBOblOSOCg1v^yG?d!vli-Q zs_GUMrOwG}!kQ?sgWKcpXH!RJfue8cgl@UyofNrV`bFUpGIDH#n%inaR5rq6Lg9SW z%06svMFiPK5m|9f=*7?yWGnkc%xV$1Dp*=;tpTVrH)A*MJeCcnN+Y#lzVHILok=-K zSs50l-TKJhWXUH@bd|fa!2ha%uflv2P_uRSd%d_arqL`kQR;~m5s73U9kC6ma~bOE zYon&Hio`#w@oN556dyXnfVM**Yc&GZZ}P`fADGAS<<-lK+#yhHHmQF`r*?M1VQ%pg zFA#>#6tnh`+0~1z0eg#2e*ya1PgxCrYaCDJsrrmxX8+p$`U(9Upn_>a_(8mUn5NKb$U~ccdsZ z$!KfhFCIvml-Dm7Y7jr%9-3;-!YDfQt{2^$0v1@-j`~yV~83DBQ z*}F|mjydKBhtRZg;93S@pcr|aKjgMEO<;WVHTp#1xA@Re=W$0b5an{VSpQ7^H=zxY zUx3mhwxsUGfWb`MPx9Oga@;^sripVh@@rTG5jca$iMVIfR=g8v(JGw9UdHh`=ppDc zN3qE5v|fHK?qMB;_qN2*5_nmyA4fEXK8nLzpj0Uv_8UhJ zccWVlByN1Zb|mDB_-?yriqfBP<7{^}BU6MY0W}yk-EN<5a52AjS}Z=o4VV$ zhN`RAg3g2~zHA7#C#b%VsC@duI)Mr;Qd6eNG5qE*mTi1kP*R8AX6|`!WpCBipsmFI zxVg~eQ2Ombw|Gk`fjE3M$__!%#;;cJxL8eo6MH;y%jDE+@|OQ&#zL+c&OB{4ZvArk zGGX4?H>d$-0SV&Nj=%{AAGzY=cJ}iK&z}PCt2{;Z^STvEp@gr__sVbORb1CQmxnN^ zlhpyb>OvRRONWhMc;6e9M(H;4h=t85ZV+i z_k6__bnICp?CCov`!*CG+uLsMnrX>(3(3AJ*}l}gaSeXVC^wwl0)jLAOcl*BZrb!;tgNCruo6G!J;5Z1o- zMn*A-xyOqNwh&r|ajlkUshB7;0wXPlRHE(qXKt_8So$~D-pi3jh0x0Rh#x4>#n_;N zQ2TRflMO&vp4SFjb~}wR5`@H0DbA)CzSm(ZyLITjbcJ#-++tW^+#*{e6&c4C`kvYl zMU)ny**tmkfKXvE05vO}9@)%XnQ(Ow$IjxIi6$q3ZP;K%WXZMd;ufR`VC|9pis7{+V~cq z3LTe6d@VXc0zFpmYKYOpT|6&iX8IkSrp1Y3VFhgahiP-N2U7Y;n0I-L%Bq;O?{eSW zgxDU1y{{^fpV3gH{-6>M9LNYzYYY2bGnfdR-A~^k2Wpq2TDfcE>(#f*snTsC=vc1Q z>ff%I;cqIWZriq`{JlHoO8}SlL500-!fW)=AQ>I zY0)H3+kd+SF~uEEy;I=w`ktqD1|Fhf1DcEnG2q$7ehDIu$MORL8&gksw5P7mU+(oO zuf5z0<<_=Pr3pd3cW7$D{!*%I-Zcxu2ENUj`$M-vER9|WW=O?HxbU~)#<#EUu1G)% zMAddjENog41R^LF95;>fA!UacL?t3JNR7I7PE{A&q&)UN?z69A~UaD`)6FgDd_A#C`lSheEzz4%19C} zB>l}$>n&4$_2%NBl*?7qAVo(Mqr$36jmLy>c$CY*ZnLKT1=g4#DNWkV2+asb8I}UK zBu3IJP|b@&sc5UIT;w-P)HM(> z%%}?ceDdOJznt`0>$9IGwjnVm-v03Q-CJ=J4v}1wu0zd++w*{FNbARA>(<$INm zd=l26+N(;5%g(vttlClj2IeI_dfs%_eX7=Ul$;N(1dpO}3Z-}Xrh#+sLKRf>r2W(s z4S>3w0p$i2KJMqe-0jC)8^JwwY7aM(1^Q1f56bz=^)VQTr;Fp_4Kqd7W0E@Tf(5*Q z(OZRH@cPBiCu44WRbDYQGOo~)sybPo!>Z-5!*f|*Zx?x!nkEB=V7u({T)pM{g8Bv^crD*SX&Q6e(whE_)Y!UcQH<*Z z-)s;rXAZMf&TEaeb_>?$Pn@ibk#$g`D7w85jbtvQkJvJ9&7L{UKO=y04NgQq#qAp0 zAZ8Ab&GRZvZ56#NRK{DMrkA06gba&#H>?6kkSwD!O=n%Ec+~1Y&T@1dEex5NP$VW% z7)$csRDe)&$N0r{NeG;4I02h~${VR#@}N{ja;_3Fo2jVl_1gAqiI*;{6~*8zvWraK zP1w^?%y@LWzF!`0y^+khfW;3d!J|(zx^u0c-EJ&1uYie_+5t@nHO|>u>A}$&qL(j- zj$}6v_Q5d~{HPhCun==Im*iY-d{A_of|7RdSlT=X{{x(Gf_PZ|bqo~N`r@p9GNT;@ z8=9B?r~;$eY(yrMMRzr!n*~3}dX(i<(Jq@P5e211-i4`MzEogyntV58gi5H7H$_Uf z?Ba@FfMB~YC=&{O>*8~Jj$X^r%`t0_9IEfe@o(l;SjuLN39Ca5owy(G zV{-90zoBO+wG?rWFN-o^Ba0nx#%FFA&s8*V* z$bVZ)yER&hbQKYWkj#Ki6qz!|q=3AqoIT;_JEMB6Wfvz1eZii~Jy6>qi7aY?!_K1gi;O0ImS<_ok zKUBM?7B=@2y_oq6a98NUi@Bpd_*;8PXmYxGl_^aOeQ-Xb!Auqvyb$oHgA6HG3D6>3 zoW?MWXOYm8d8ALa^x-<1(5A(FhEZ;Ate%@6RK5=d#%GQlM7rcC%V}gYq z3_)A|;iA~rp+mbYD%(9E6z!Lgcz43XMlhwVSCHS%A(GGC#=`a3+6*!Kbfptf21{U0 z%~PNr(f-=`GUGmOj>q?_KluK zP%5g*r$c|BmaowK_~W zq>NZ5t`g;&&goF)SNIp&_;W>(jA5-cxE~&O=301s_}jAgv&!N}gk{upJ`(KboZQ0l zh;`P^7OI;ksm~!{ePl?L5vUN+*it@krr+bfCdBgN){+@cZK(9mJ{!WoQ`e&FWRo&o zZ8i|$p_S=F4DV#JVVtqFGMcX`dx!7qB;PCAP19;ml$BlEV_UD6O&e-ZY<~~S#FO$_ zlj*rz{SQ>EUZ*|-tARFv=26K38!R5L0>Zw){5fKdV0 z$wq-YZ{Ez_NXo&3x^BG8S3-1%(t^=aZ~B8#G{1DksurnQHVT6-1V-z0-FoFj5fqoX&B%MDRxXON=Utxh7~lE$P>F{lOB|Z9*{IjFt~8t^TfIRkMd^QIf63 znnDx|y!u)VpBlRHa-y&IPR8FYv#qixiC=B)5q8*}(&{3uBR60S|Fv9R*}_!qekn(t z1w*Z=g!4}VH>EWXd571Ipj&^xPF-m=2%8p|c8b#DiDHDkX>O?;ocNw_sHeWs! z$eF<{;jNbFoPRXaG27B?{80}6%2TaT>KfD$M7q+>=Rm+nf?U2`5Oh=PZ{qIpuQ6{e zw4hn*qxf){m*p%OVM*J~c{fxm^r4UR(~?pRz?|lL3SBh0+}pGnS4DggN7e*OVq}Cs zJtt}|p^;>4QrhxCdG4;t5odIM&4ITxwZ45TGu-aOako#EmX8V=I$%bcn@{sZm5d-c zoHljuM9X7C=RP%kOLS-o_P+A6E-OG(ITlml68?TfCO<$5=NK<>fAAJ#S{irBB`-Fr z{1bL@4haRd7pL_l#b+6V>qKd#)4q75alEaOd(u4e<53TpFh)z~-7j>LMCwT3+x4dB zXEuKFymSP=+?%$2+#gUOH*414ZDIp-irjxcfv(CGVC^9~^zUP-$@+hEx z8n#t2)KE3SZ=*#C+6TfgJvvw83SL8#o3i}iX`?$1>BLfqR^=;1wYz`FjTV8>N#tp- z!C(XBIro9~t_MrQ=(RZ)o%|{=MD<+XaKj2lXAJM$t~t}h(sg&T-s^EwF1)q4P(Ys4 zI;+OUB5_$2=HyN{Sd-=3Pk)+=9CL8ZxuzAh*UO5xlM}mKB>X|MmUFrhP1e&z3xj zTDR!lKu!U5EOv$@Bm%C+vRi+Qn=>&XH+oN#x^>M8U>c!N*j1o=ej3Ib12eOH!57vO zS4SBgmL$`7V6J!rg=qF$8x4|!s7t&;`oY)3PJ$)ag^7O3Dq!ZW9L+~PX$oH(s<
1aB3DNEytL(f~al~o-B}q;5fN{mKJBTUi`x^Zey_5c?aw z;FU?6jT<$mlkb>8^Wcv&%d(0pl{HRTG-FiPe1?sl_j*kSEt?N_9qJXhN~@ChI0~;< zjMu1DlVZZ{9@wTsRSUubk;Z0^2A}Ih^4{-gu1euzFH{H^3(A93Oe&mzJa4C_yz9iF z7f#}S8Yho%Q-KHzrG+bZ@@eX_nP#4pTZV@5xe!7rhN@SjAWb!KPvf!R7Z98uET8KU%;8&XuW-tH+O5N)JvIA;@rlgjnp1{TUl^b1uABn3{OYIEB2-qy-;`4$bk z3C*}z#UsH+mTC5L6U|#zDzfx@3GF%SwmUa7 z?P|UuQ4l77c0br*{_v#9cw`OSe`@BGhR9@sPJVYBD01?KKz}3Y~Z`O$uYN!B)@Pz(g#S~cTy9dpXNw`wWaVm>^%>g zV!Fx}!!(+0u1WmOi`?`e*W82LfGV(>M4e8Ve7~~9tPLjaV^Eixq9IWpY?Td4eG>1G zntVIP5uew#yj>M$zeuRDnc_}p{cayQMkrWkZmYP!X?&m^I=i@9S^qQf-dtGby-yRm zL+=6amo!pxZ;g15pAHx+sCLsZ_+V7};x@KC`$Y%B9Lk(10tk_=&e=&Bdj> zdF5apXfi8-ur%zo3PZT5sYj>wQg^p5#lYLqvXwS92{n<>$}gw#fg_vgdl9f&7&64Q z+=LW0A8tyx32OkY)(frgfH{1 zyBb42`s18m#$3`E&3`=$r>bS|j8pp(j)8*0x-x*x`N$jJp(U2pYE9({j5~aDHyMTq z%TVsxG8G_j3@(vi^4f#s;HNs!S-Ke@Rd|Uck^d}GEEa88YS3Rg0L$`rQ=T*QTGTfE zp0(+nA*LdDW^k&P?^|iC*YY5$es_AJRV_diHlGw5Ld2w}j>GgZ6mH^2DKJ?tJA_jk z+uYNYr_Pu2kh1wA#|`BiSf`gZJ^-wIrEg}ezTR=g0-}b?Mng7Yh_%iMmY3@CdHD~# zIK+_&fwXZU8?yE5#PfwoSg@SK)SQ2zli>ajL7#U~CdA+YVNQ{iP6OCl`}t}wGwPUr zrE&Z^!gsjPZXHGHc3u@W#BLiTM`OJWOB|3ouR?q{LZSA+ShMg?4U`$UQZ8JDJGl-| zg}G%FW9hNCQiC%iPm_d8RP(EkMLxaV|1Mv2Zp3LS0bXuc^)dvXEuOR^y~`s6G)Q%) z;b}r?ScKQoXh7K3Na}VwVg*53I5pu#9fS!uCgl$L&IU24IgpFFq#Fo03}NVPQq$@i zdFS5qu)>1Cp{P4*>2>?UZK9P70TJrn##|yfS-L(40vfHK8QY*q!%+dDiM0>l&=Zy2iN!pB^7lYbpWN6l8e6aMzhrLW!krqfsLI`3)4#2eS3N{oo@`cHUpc1Xn|7Qykkn={xzEacOTy63M)I$zAjzKITIn`Y^JJN z#FcRSt_!-!me$ReI(y`gBUo2utxP)-WS_=JT%wo$Z2tvlJtlTc%8u~ujqZocr@268 z0s7-Jqr#_&vfZD50YbIqFKmwdczo%ZvfJOXUDDYp#XZ2w`+Wzn8&f4;uaO|1+waXE z$vA@fTXZrJYL)!u=Ni{7u1q52FAq8gcA3no_4}UJ5SG}?)4d0=bj-iGzP+H!__r=G zf4lq}(*0gQf8<}k{P30#5|EmDt@jAzNJynKa0QM3zZ zU-xxVS?7+@G0c`ENZU|H{_AUx1s;TuMW&(wQmxu@2L%aojkPek5B97HxI* ztHD2ck^WnDR$IX&dFk*PQ%MJ#zqfig`Zua;p7#+Q3MP94hu7@N_dXTb6E)jt1r6fV+db>(s~~C|i<5JOK+(^p<-o%I)F2lAA?p;@);4TMt9a%V`bm#Q7MpJ?2Mts% z_(puGJ$6P>cmAxy*Q=2eB5&cRk_AM>s27(pdc5c6%+i};1#lGkkBuv1RZHs6W!e=M_F*B~Tz&CPfK!IAcrK+ah&}$) zy&b-$2roIeOam*I9o$4+wuFqCt!Zg%G?y+<-v+tqcwFz@cfBBXeV6lSqLl6KkMJT1 zoWQgnwAk7FaaN8KQ69o9@giYNX`fGx+~=6c={PyWo^#=H{*G7+MQZ}$7alS>Z^UaW z-6K&2&sqwQRvoxdC&x>vvT<*F@MiMVo2t@U(DG%qK-Gjt zYL&?#IG!r>05UoVTOESFJxZi&b6E<@E7@ZSt||p26M7@CXuB}0j7@7ADN1gh5CGv@)Nwim}R4x z=#emhNFJ<5kjIA#y8c~a!MhfcMQF94K=r4?w6>Xr4*jN1s7N_x6;}3!F(RxrcFpC} zgkCdnYFuZxz~+W|0=}P28|A}9X2+yso4rUv?>4tnqXCjXI^%yF-5qgQ(eqDxfqe0@4CWsG&($fk*-YLlvaG z(mRA^Kza=bNC{Oy=~Y?+(nP9s1?ffqyx*E{Uj6#~|IC{C*P1Ly&c64YeeOMXpK|v; z``MIsQ{u<6yF)GOIyI#i6`nwYo`%+Ce@sRj3mAS_&zAi>#LE=|kO~l2lGc`*(;UIY z@rNen2bBh@>VG9GJ=p(^oiRd84VQ4!eXZ)Kq=4q2L~`uvJbl79r|O!8O^4AM_bxr! zJUcMmRWn!Zkie$K%Ts(l9~qB3)QEmC%etjT-J+I!BU48}a+*m=D~zdUKt=Mp@C3=t zM)(?8B>$Au!=uaB68%?3>v#uVwnjlB3z7<~O#2cF5;hy6rrQ$f-hdKTvH+n~uc+Sc z-I)Ej?R-#y+&3Rz4d0QPEE+(JnxKe)v2vQK=*Q)E`}*$RJ7Zi{rjirV`+hC;slJVc zyLS(UK=MbePvN<>P4Ft*lO73tF1~~S5suna+|)1C7AamKim^`{S`z%!2mX{)plY+l;2N2%iDww+3pvXOtT@q!i=i z%4RfAew#s*pM*{O9z9-QCXnft{!zkX!oiQ*!>S2;NWM$PAk;KseMnz_x--zlv6p(i zD{bsczORzcJ#xw~RUf{qZZ`XfZ(sDu@7(5dJ6_3%wbK3HO8&2#D`5Le_RNEdv@Z`M z@~W^aMfqZCWqYwrb5TdaKgjG-b*AmD=o8LvjKIAfYDXyMEFbk=dIqoGn8L_QZtX>P zb(;D0PgpH!db3c6{*ylPi{R7Vp{w@keRlsf!U!+Wy**JZ$%W!Vfa7g?yCso1+#4|H z@jcjYE(Zp}x8*FSm32;rg_2$N9_`Tz?X90|*&TS{*G7Y7kP*)M<^huQ*GYb=VDX6@ z9v&jE?e`miUmOMh#$}yR-~6H`(pBX|x%+aDyLL$<(_mqQ(=*H=g{j&?AD+F4qfMdi z)eHYg+_JvxYoG--{l6>~3G4Z;ZUI`TYVa zU_uuLL+Be&-eN|q^{U{X2bpE~RIKjbojEio4HAFjasQ)37xFH5v%-0 zCdaD>HB(#OM>|ES#0=gxpmnSPK}X%%eZ%ffn?WA&QVnm6bX$0hc2&i)p1PKOQ9 zlkS)RuDEM!f24nA@PC_T5E|S+&XrEszvp-TrD$Q6Wk~ZhS6e~-xr3A0f2k#Oi(S4{ zTUdTh{Xr%aN@8I2dB&l>ap2B(Nmzm7kliwYOe~^h;f9kRU$^Jy#`&YUDgM8$a zJM!OGE(7HUuXlc?TIDzXrNjSwL3Z)Wuty4oVC7tTq!g@jh_~@Boua)33AHerUE&ev z^~&9Y^->V-xYae z>b1n^SinR%KVJ)tBN4MhzNXeu0)3q`{&qaUJY6eov z)OHK;n1S+EF@yxW!35Q3!6KV;_B<3V1VGdJj@Q_hf%=|;-Sb$titsA=qg+#(gh8UxocO~q;k+s~P-DJoF0PHF z33oXoM;2C*sh9(Bpe3BRL@>5v8FXx2@B2a>sI53?7QcOXu z*Qz#N4&3Zmza-w|AX6>>&8Y+FopLvPyDjzp`~1lNk8J-^it?8}rTeOKpSa~zH+Mi8+LZYVgR{JI4crz7 z86m|ZH|{$Cdp3C49y3Dh(s*UnClO8?VqywWRAwnGEKk|Hdi8Q9?n)6>tB`7+Rp-x% z5aGQjY|{(zCt{}}@OsuLT880N-oydbxNQPne2_fuOs4IdX`6>HT-&F!U(%!JSW!d9ivb+^XU$c)9ghSVd2qIFP2vQ6_cA? zA3osYCtM%n0DZj%$%t5rOXtriMi%o1YZ66XS|yaMJzSybJSr$Qqm0tD&(#B7mPT4> zP9nv@bO}SuV!ItHNe92ZzLf_X%eP!K;Au!t5 zO)=(p!uf==oZ09*4qAWN|h@OV5w zU)8&&limmzhB0q*;ZK%_tr!Z2zv5>|aWXaEn>GvkFa-3%#A=p6^#g;4)2{dyWKuji z|1etGAHU5pquc2$T%0{zzcLsPGh|xue=*D%Y(GBADm6OqCBSy zbt$+q`NxXyKd}1yng8ES|2l!G{W>K7xzxGm-pdKKVo0}(!)^B?OZKOYAF(O1Cgkje zhW5F{L@2W>r=lrf44_1y8jj^Uf`#nWA*T3kwMDg6gVW339>{aw^i7g?Pc@C6wiLve zW{#utT$ie_w0V_4q;3AlIxPpNA@<{JPRQNyq;XuITG~_9qA3`lBCkvB=Cn^C@nU>G z2x0d@uQ(+p7wC?S@On?#a(fk5s@|F;X9y_E)oe2xqB|6=K}&0Gj!hCA%U-u7u}1+D zWP5QE(i6iF$gpizT->&p*cRDv7CiDH8gaI(%c!yaej?3^t^nbv;Yu@q?0DHbWd`I( z9Ma3qG#nf01f}PCDBfFFOtQ+V&FacL=AF#7*cMP{(vz(cKPxH46N=Vmp|?pWOv0z& z$5fapC))2f_2T62SC%)HD5oE?S|n=bbcSzt9fP5$^EqRaw~wru=cQ|8zu47oet^%R z;d84S!#w%O1fQZi-5gxlqa*(uQ3=S75Q^8*2`2NEgftGmHs~*KQGWX&uw@cxv&c15%@sJynI1V2h5q zP^_5}9j+-*K6rd3=ST=;gV1{hx+iqOO4+Mwz`xZv*Y{$(2XY$Hh)JlGO2SSZtncR&wZDeeW8S8H2BcAmhyvjAJilfY-#= z$;>eUW_p6%`<}>3=<9T!3*hOjoiIpWM2oOYVd$a*U-VZRp_}g;)-?x=nw_Nh1@j>m z%3o#Y%U610LntW4VNvA6B=4_2lIM?FU!OKJO*zVf&_3kY>xDHfsI|#!D{OOw3W}|Z zs{|qx39|0#im%ssIijphB&ghy`=UlyBt{ zHPjI*u*O@SvKggbq^*jV?$1VNnz?TjXlb#IX6hFbc7z@CfeJ$CamZ*6jG&=Jr$NY( zWLfF!>+4YcbI&26`~EWjgflw&?DZB;ee+vHlis`kgC7Q=o2R?pW}8o&&SsOAjwX-4 z6wl4Lw0~u!{dMViQTtWBl9IDLTKDK>#cC|GUflJ_Q3JecaubP;w3fCA6a01 z2YHO_Dx)r(sPEGmAoK+IiZl~I5N zArIEdhL&V!*)uRLWLX~ZJKghww!%zbjP+bgo< zbgmon8gCvM&fO8}YpFHb=r%~PmlTY;K*SvO=v==*E9cp6ZFtWhpH(KGL zSv_1FZp6~FgOFsR5Cmhw2pd88JWxu7JHnu2EYIybVqc4y)XIXx9~mY3 z!eAsVlK{P@AC8Rm=(K*LUMAh8wf$^7VuU$@G)^MGM zT5xVgR+(To0h?R)1vjqZ7gVF=wt9w51$yZ!f>_*ffMd9-@93L0WB*qtSr*;cj+x9Y z8r^dH@(MxU5aLJn~h{7w$+!ePZA_lN7)jgR|Im(a?I=tneACV z(a;|nogiQcJCMjOyu92!<*{^n%Nw(up(Z0@s;MnFchU+9k{goM88OtmiUgj9MO{r4 z;0`J)tzVs?BR`&XW|NfOt4fXEB9zIVM0PrKWQ3)f5iZH!37E z7V5El%-eCOey&Vk2SUozk@iCN4Rkz^%lvsv;GfB!*$b;W9mQ|SC~yC=NT4b}{UE!8 z@WbBzY9q$O@e^_5XAXazKBwC~&YKuvcYAI3Dcxcvx9P(?+UiZ90F`AyZCBM$<*AL- z)&;cRUQJ%|>A~1rg>xm-A=by&N`3QvpC+P-$2#3i6OKr80b1*l&n!@9sV_uUTI`0n z=oaTQs=StWh%oMB7n>hsS1F$Ub=|)n(JfP%*^HgjpFVTq`=lv5$cvL?C=8)XU%oQ` zE$A->$E!08Smb)!p4P?H%aYQYY(2{brUom9+d(*Ti-6zVM=89+`pLbuAjN%|62(aW-h+N zQ5l~*wkk68&}1h}57(P8m;HKs`bp9ptN4e+!q8BH8g8Y}c1znZumeyhCVZI4HMP_0 zi!(OpX*1;+9HP7FVOV_OofP!R1Q;a=Az(17qpW3gX`a;acV!vd?deK zp&%&TeUR}z1_As*=3Vpk3Rz+H>J$84PRQXx#yrC-3rnV6O|^@Y$$Yca=d1sM(_fLl zsw4E28?X4)tAy#eUfeot`SmrD#-4jVLj0zwxP$#sC=nKOH-1BT@F1JCcdWOhmNQ4HaWy)bLD~TbGO9Ol(2`a9)3a=EsA8Nmo z&h8K{#a;j8jcEzm09rSZT4^JF%qLL!GEZPLOm*l+Xq0-5Gh>0U2U(0`gkzZY&Rss; zxsm&t{0FaRRLrQHAO@Ssxg$pwq9J9Dn?53*zEv=>y8j;cc9Dh+b zWC#6h<@u@3f1LbTqnG9ROD`lJss2HhTGib5;y{drHu@*x>Obar<~;hj-;rW2^Xb3f3-gzLkgYPZH-B+Gp~@7zSAQaMT8JP48A1+J7&0xQnR_*rwD%Tz4h+dih!X$! z^Dn9e|2~ud!bgxZ;454>-b0)>9eaPRfyVfYl<=BQQY;!V%n@Fb0Gos{%!B1=1fC{l zxvcMY=r`PnwrVTIE!D^LpYb8nZCd{*<40Ftkg}>MAy@fy@dUD(ZeMsZ$UI0+wb?(P zyd_lRS(@`r<^P9b>h0)^PF6a5EAm8%JRlA`A_!2mY{s4Ox##)WVe7QLagAmoDzznB zXo$u2gWHj{I0>5IQfNP=z87gzLD!CgcNhHs_a^xDIsMYHtdIYAyhE3_g;w9Zkh0da{vG&6II6NYk(awhuN{EBVpbwGFaerk^zI>dG^S4m*iaOO#ga6bM$u zUnPOPf#(sWjXwDMqW`BezddbHJcMLX;COp!zt1m=E-}nzxO}6Ab2Pgv zX-A_MZD*dBr_E9V${`FVBqNUAO8t{-Av^Qy#2F*Mi)O#B}9>h7!{Bs3wOheueWw?pOa z?N#Hf{Wj4tInH$Py2q}`!1R`@Jui(zL{htj%O>?7=OFj$Nw1iC{?!lu{@wm3pE>t+ zt>o75j1NI-5+PY)uSW;_)BEV_P=A$|CR^m%v%QxIUsTLQjBVrIX0}-=q#%c%86dW@ zDtOSAb$pJwNUnKHuJ<14fIiptUdm_RR!g+aQ?Pee)?kQ5mTnZ0vpzL2@2Pre_>e`e zveJA&81vJxKA0^Gh%<_+8P+cpUVUbvB(z>pwL1;d=zYBhtPmqa8v9=#VhnjUS;yO- zGn14sm#k5$>S$vOtwBbl7+5{8O2?6a#D53K7H{qSL8iPG=7gL4ZIe@E4Plsh19g=-;;r`8cGrR;d?D4F;>b?Z9t)H6=t&d6Va+wXk_)%k zOrxq#u<}53+T&9lxo?mC0^jO#l7BT4dH+;lDFTCX7j(W>n?yh?c>>6DGeFS5| zWYZfo`+0qGAL+NAoRxt|OIe6MOdu|Y2|aBq&x~#h_Xow zSY#qoUXg(PWJPypE zw|%xcrJOpF4a3wk>|64|sDGu3zqjZm@_dm!e{0qMS{EYH_f2RK5tNqtGP%^e& zoViZAq@2YQ#~UPd&69Wgo!^?55B=Ce&;I&G{I4_pr#V+f{RrQhr92KaJuYfjelJKn ztZZ(1An=1M%Wdyvz0Zi~+$*XV0vSJ3|CHz7%5au-&Ud5k<}oZ@Vf>XwfreMkVC}r% zAR#*Han=tq#8s>+c?Z`IGD1C<-^Y-z&@*RGy`9G@>ofL8wyCUJPrWK#tSQ~#&3az0 zV;^Ioo+CsEpguRw?;$OvpvY(H3`CFO4>DHc)>r2X|5ok)_!z%2^>uGQx$iN_TO<>9 zs5tABx^wL4E8b|b{&{ZKh*7y$GMWZ}>d=O1L_fI2B&BLuqY+HPHaoxckNN(KXV1!Y zn=8+HD+$!H(BIIV`NR9-Bbd9V-#abBt=W0 z;vK*Pp6RGo;$>-H#BUihT(y~CNza44O_)4e9z84QuzXVk^}a?r_J~51-a#@eORt;P zt8hn=>1E3lwQ#rBL{b3Z#h9eKu*}5z9?q3;w}eqpKRqj#IdWk4%AG<_q0q^sj)?e@ z@R_TL5pxEWm>#Y{M(z<$jQ23f$50$n1?J4xTB(g>hIkumYyr+JJh?=fy zw8;a`v58*YJ;{-ajJU{T!Xi~;KeB0WH*_;w0g0ekfeVbmdSY@`>ZRQCTD2F_M?~H- zUnQriSRSwNpl2?lvKUG(pG>IL8s#Xe<4-F}1rglx@^f!SX>qRD0a;yncn@ijcP#0) zi9=d3slqoKFmM9yep5brvdqBz4xsw|p;ie9PnS@3EM|a_?<}ek_Pk2vd#=y^2idKU zQnq;Qp4w&^ctg|zQFk)Fm{4F+y~NWx6+E1?+-(-0-%8k-&L82D{yY`+gisq?ar<;O zVeS3^hhfQlkw^iwFi{2uXEhgB&S$ZE&I3hEc-JLIA#O3>xR@b*hkItvQMBKreLd!x zB`wOWQ4K#`LYzs~PDpG@$ktI_s;`ZCT}S|_;oJF?34KTj^N6IPRT)p3qc@)Ig+&T^Tv2f~N2OLxICCqkrYo_A5|AiLWvaJU zk~rWe>_L$I+!?1w?}1N#kkN*QE?i<3;GU>8Ghy}Oag)6+5}X(xQ{YOOQ=m}BMdOV%=h?nGqk2)ibk%+nU3wNRaa8O8B^iEY`!DBqe-n#&)6a?ps#W3jXjeg? zSmq*JI*JnHob!o7Vxpy#by~(ydRwH*v$a6g+eG}GHPPXey{B)DnGwbGIGM`1Rh3D_@W9~fa)V) z6jlKZXcw;6pV*pt@0)`bEZNGaBaGgxRMp=muHXezdq@T?sShTA(Hu!yR=~1tX=*AD zm}&luNXuLUXMc-Z-*&3+D*U&5sRWyL-*YG}(<7tQsR;%Wpw`rp%omY%W`vy>V-sLK zoUt;-u}(rR@c;`%>p@lTQ@C}V%3iHve-7CJ1y&F+_6q7*oWTMc_@@>%HCgZCk^5;w z#%0=$vxqXz3*SkpK5jJbq3lT_Y>3FOQ|~( z*0vX%qZa`$(t8v6+zAQechi#~6spPQMlIs7(A`^1Qy0@clHlDe`m#2%XNy^iI4<0^-CoQiGU5MMeCjR{^u-N0B z0&YXN9ysk(9EAhqNoxyVl9U4FKp6W5(Ee|-WuJxKRqYqqC`lY%+c{*b@@>zTN~m5GA6N+w&6#-eF4efa2bGR3Gx;b#+A!-kTWCobmR!5! zf)x-jp_9xKkIj|VfdvL}DZAoByy~R57ZzDy+>s6ebHR3-NYZ>A;^x{}( zvDT=Mw{L4rN0j!ZI=-s|3igOO;+@h2Y>h)#ijlgt3y<^jA;f1<0)U$Y+j3Jw?VB4i zMpsxgdh0HK>e_4n?a2@}bb839OJ5A}MXFoML3)-8p1>McJCt9*{D!Qxlc0Gg5zk9TtZPv zy{+Qt$E#Q33J}ZBBDC&4;+;+Y@)UjM2;|Yu?O*9EPp5D_yCa8~mTRS^QtV1oT5TY@ zbIF-qNmwt$xdnb8uy7mP#=QMePn@;*vhMwEL?9sCKpm>OC#-*6QfM2CvwGFh+wt=L z7P^xv3S>)@Ef0AyqKX-LL=oCV;nm*NtVf17$q0+kp%`7+n}&5am73;31oJCdC$fqV z@dA3eeFUVkMprKu2`8Zy(X!Zg#?)4{)G;#~J1>egb7!dH_Y+a|3D!tMd9bj1N!8{Q zk`N|GV;1vH*Z`zvA|2LWv&bAF8+^CBPWhzs#ZZdAs4hp9z;Q0o2A3Z>tR1f{0CE)A z*<%4rKwO18ve>>JBHIcdiU^k+uL8SSvfZ$bcwMO>15$h$(F!N04*^d{llpDD65uu# zxo3N{chu3|jDv2i*q~9zydC%B<(g{%!vW75^`(b^0z52M6)fxx*j`fc?VfrtuW4nK zKki&I*)!K5c#9Th(clD=-B4zu(w@6B)F_}FiYEec#6~P6#KgbtGb};bcywB-ZXTxE zC3s!F=`5a5dyAhQc3fJGa@Eqr*bV^&md(Jm&nK%A%fvszI6bRV+fNV{o@_Ti$|&?z zILX=z=36A)&AZjujg<9j*aX&4Px9ERqT(DEda4Ew$vbn<=r9onpvz~HFn6w0r(WTJ zq;aK}$=*%iGw3kA0)vdg6LP!yWs7U#R?b`72Mk@DV;Xc4n_yw;tl%da)-STo#6zKN z$Cpeo5Hzu3K8!~KOBZHZtThP(spLeyb`xyRy%zQrg{=Fay?m(_fVa%3*&G zVH!T-C1j&JrAj(4^$`!L2XL)p?A0K;Ho{%;7wcxDQBNl{Nr2VQ7+g&AfKt{+%YGml{>HHF{88G45yMA`PxRu3`?JQl+`#>kI1(^11ZIE{=ay%H$HUyXr%cB# z^9eEv-3fas+?v>Ax4$IevWZ+6-!$Es4D$dTT~Hy4S4zVudwHgl2Hj)z2;s|Ti*7g&5D0$^XZ(LJ`> zX)L0hh=jaE*Y~RxE)VmSsjIo*-iPk?gY9>1=3bS@S+wif?b}wmxKbw4(e#2>g?IM#Z3Dhti7x~P3Av|`j(3!^xPvAMD08euoyMTMCf#Am6@V^uh4_D&rD zOcdlMsy@b>(ry?f%Ef4uXFmxDV2x~H)%4skngArF(yv&*j2IPBI|_9>=&j-#e`7J| zBK*aq%Yf=^o|>9`Z%U7kmS*1FK3o4nBy zgd<7;0XnL)6_cgX&mV+=N>vjx>(+X&*tA7vD2u(Wdj0&)hnH(1HN>067gTe0`@$%M z{bp~_E3(|RmJcbHtaF}oPb(aFb5vENWnr+`pslKw3@%D4p&u?eZ<938GU6N=VK-&F zg^Mh_Uw%^dY~s#h7L8<##@z5)m3A2{gD(r3>ma7hpAZ1XI>9ieS*l*nqeW;I)L8NN z;8M0UwY=_^;X;JEk@^e$@IGH0uqjT}A`DnNp?P8!3T2s>ev;PaOA%$-e62ARPjAJK zF203;qK<5KI_}6?NEnr@KN)1sBU6;hB-cVq^@I$^=^uX}EFqq}bUZH|VFC|(YBT#DU3D%A{!AL-_Bcy}q=^8H+#XFLmUIsN@oAc**T-Da7#-7b z&TTfH6dh?+$R1eR>!AIz`IO4TmCJpET-I24NncgA9?49d;h2piV;tl8 znuT6uJKJAX+BYDUWq>cHDpoW})PP27OY--nE)Q>mE5Iy(7(-|71*z1Akb$Cfo>$** z_!iff5%O-keu2maf3K{~P5PdZE1a>H-XFfp@#awT##zo9Y44+qxksyWe5(zweDq;# zd0sjMDL0?c(De9%l`FoD`WB5WUQII>(`y`_{HC6p^f=7&O?r`1pV)i-67lmnGMdK{ z$uO`<8(byv)5JCjv;abC2@N9o#%C^lA5r_u4vwxY2~q^ei;GzyQ?Qje{= z70>--7&(QMPnU0^IbuB>in&QO?NH}+fArJ`-D@vcq<<{|l~lhRkLD}bBg36Y5FFW) zpV%~UZuSmehIHr(Xth6TxR5f%3m$V{?F9|lS>jrGfI@0wzXu!Im$MEu&#-+LgD{;k znsz;w;>ph!&>Egt6Rtu|q4G_nAz&9p*mIG`Sy#(#FC5{9(>(WpDuoQbX?oXDHZ~QYg-s%Fl~?vcCA<0E zhnJ);a&ULXm>D9?Ds2q-2xDxS1~t>hMG{VyDO|z@M9v1ct!0=US<(7eu|<*jI(_@k zY$-vu7Td|(WvG_ugw$n|;%7j>*r&{Hi261h9x&K%kyAZG4w#`4{kr}#$xGgNhfsVG zw5z~sIJCo|sHmU6@q_Hc&E++NkIwQ^=D~*eju&WzyyRdvuMH`v;C%3vV!8M$Q;NnM zI%~T5jDtre!(O&SMKVXF3H2Oa&955o9Gh<^J6*{zysJLJuH<9v=7fWot~4dM(VRX; zgN08OHOv$@EK(U)(p1#9uifZ$3n)_si66<<`TI`hh_u=i?;>AfFplOskjG zGr!pQGTWPolY?5vm>%HX7uFbP!PHvy{9zWJs(Be8E&4(Lpk^5ZdUD(+>b$Wie72a2xw3h%>7x;pK`$A>%(2SR<)tlnlZjtJ}`q3y`A}CpEN7A z4x{%01@b@0_E3^5RKz{!&k2pS(4+FoEsla+KcWIYJiN4g#TdL2qa3Wi>h);ZZP{(Z zGWCs@%WMC$=lf2C-*>Yp#JzCv#=*)R!_Dan1P$y2l9Eln{vacVf{1pj!*F=E*ko5E zUV-Qlj7`2^+~En!iL;6my{^yZf9y08=16=AF@X3u#^-9`K$Ut)?Jo48WTpEt6p4}x z^-YGYGSOwx_RO??BQ&>l99YPl0$e!U$M-)Sv@sjz z6GBBc!?FVFBcpw=2 z=B`BY_h5d@iNzD!A@!iS*;iF9dq2pkoxe*gQ%L_Mv%gQDS83O#h;OsxD4f5~%$JM# z7~9sh%@klJh|Y85od&b8WS*9`0*X~eRFeJ4?>0$0%w@<=O1!d2*<9CGt@xx7y%SJ{ zs30mRvn(X=y`q(RpEvIi8Zjzyz~}T(B}ON>?NaE6HaMmiOc+olMM}df+J)Tu{b~kF zyf?zj?#5ZRxf4gmM0#!U4Tc4~EW*34d3MS%d1f}lJNlub(eD)jK z{(k4`?|wRrGvS;ZWe($UPo}4lME*Fg`QE@)qN>4l&l*dcnb4(Cis~eYQQTNJ=s96z zpa%NO{z)5<={5h^uR#vFTOaSWOQr3i2R9*{GKWhh z09C@&eeb==u0gr`YRadxG|EdffOK&xp;P>kYq)qjVM)F3bTQbJ7%Uc>Vb|~fZ!LX# zBXpPGBN6vB*wxzj)5SGqnoAOrzW02qZVU#f7%yBTG6mtTy#HcHA_lMD;Y^QS4H>E}Iu#Y;2c&g{;<8`pY5YV|gI}A3q%+z4ir?&6536@HH0J(_9DJo# za~ynCtgOus&Y#IDBqPCHv$8gk9oI~f4HCbSU10gQoBHX;bxm>Ab0$^pgjX)$4^#Oq z613c4{js)%!b8LQg24-c89o2J~&-7GwbEL^-fBRLz3hibo( zaXK6s>;EA0fSiUmDS1evZAWhrnCMle%YPy zt83T47a=8lC%0mXuCtN8*i=ls$`BSmW zl1Dl00a3n%Z@vFSvj=^!ibY2&uZwn_TRuu3`s$-&_dA&GqR88`>tttkc|IM*Ue6>u zb3k?`=gFT+{QUKYIo`Tf)-7ZA?w9_w@APMMPN~YO7DqO*evA*y-)a6#z5TiPe|4Hc zDELZ~V%iTf_1=RiC7-|Q(SN)CGso&Nu}5ARp`D{t7H;hIS0`9|15|cNe<2El48)aG z`cpcVhi_S}XunSJ{p9)e;on<&|q7 z6`>*JCR;%nzp|dqvwZ#K_bgI;qc^Ud7VU;iM|=;93?AMKxOZ(M{CikT1M?|83ytCp zyK~ov%8o85^0wxCt+NQ9yLatl(f*G5$HM(rVzL(k&vEKbE8Y+JnESa@?&zwW0m{4nZeB%=&etIVM+8lK)*Em({02wJ-kv_|%6 zbxpM8x)-_Ef=rd@eF@R~7q2Ln+4(Fds3a@zh77XHv--P`UCz8DF20o(@S5XO1RIaR z>JTzo#nFqN^<~XqzEK{KuTDW;H+%4KoAtW)TF`YHMiO2`y@VtFlVHdnG{?762A^2t zlb&TN%d>?Z?`!q;l&ro9WzERWs*jWV^_BYn_vQaXco|)q+*)EPNHZtag2O8$+qNaQ zknT~M@^NHQrb>xtoSE*D>V3!-gX_Gv~@mcv+#z2q0o zqQ`og!5anh>%?3sJBgIUvTYl$wfXhM_oy#vPjc3uH!m6AGyTe_@<(Nt5637Kx`e*l zx{{ZjF_8Og&VPKP>@acge{z2ITedX{44!>?s#8g^s}yQ|VX7e0WADyCO}2l#cl`&B zzGA*kQvY$_o)Cq-h>rC{ln>&=MO01>NJBKSj;wQ0kUd4N9ghTlNg-o>wFlk*Y^8Y zm1OKiP>p%EnE_UEExPK#U&%CU!VGSOx*!C*bU`Q8QXf1R8=Z~mtjN}t&Zq!0o4Q&Of;atP=Evzjm0uY zJ}P0)iV`~)Bl*w<3STgH-Sm_Qf8!ZE;WlDO4>bxZD?Rs^jDx2{ujjSV3Nb6uP%j#x zv@$e$S>|S}IQF z1k3Ihf&$Lc3&rsoB*R8-N<5boAnohGB*f8@lre#-GLz_VtD?=0vWa<|E zCvqfPidFrfZ>U`AfyXvgbhBIL>D9P<=l{3Z|DYxblG@QN2MND^-B@l=jxH&7)bw3; zl&cVsup694=Y(;YG33X_OROfO2YVq^eYuvOVy2Z3-eA>4A1go+r5615x)VM9(at0uk9D+^b7;MIpYE!JVQVbMd?U zT?sw5S#>@8@=y5yx@R~%?tJ~Sz|7&hrgU^;(`k05OGNf`G+;+rjqHDm{bw}^r}um@ za;i$65gPrmYMEgIC@9<%|AZT}C%>=Be7K&g4N!z^8if(+QprHMIGKFbq6E zoD^)MFtNmGsh#H=$))i^+-TGK5nQ=Kgo?82Bp8G=>lxq-W|$`s{M zmF97ySIduo)b7LC==Ofi1}C%at)|a|(=rmdQ~EqF?Zl)~yxiy8ZIiTyAqim9!8|_w z2^;T@^OD|=i@)RCZGtzRjV@%?Sr0hJD`$_~q;Pvd^wjJ?ExsJrYIluIX7|VeNUTAW zFD1dBh1zbiV|jz(&HLP_+%*wbZ)x@>u0j{`rxA9sgdlYj{xGl}3+oja4-XF^6yml{ zuTyAYC|5t)Wt^5QQlCHlO8j0j$L-b2SrjNy;X3NO8ZJ4?SMBW|MaHIS_Jwx9jrj1Z z%uYlflWsf(RW*CnOq4*I45ua^2Q=c&rI9*q{*kQo4eH1f4p0B*Xm{IgeUZuYOBNo6 zpZX`@{hc~-F}$!$T|#ZKXU!bM9JDVMqMM|d<~E`y3*ix_e#pIeGs~yHI(x`v8kXp3 z@P!XyOcMjmgPFUBX{mex+QV$r-1h3FQc>{ZB7H~4A%NLP?i%7DLVBa?iy2nx2sctV zH07A+Xt0W&@*j7FsA#dJozXC*1F5FREv{tiqz4M^W{;ZIloZ-pkBUuc2Iv=gA@uP} z6Q~*o^;8inEqO{Tx4_!9g!v_?D)CjXigrQvJ*T@$i#?5{{VPxI%cNI_2Vu3`^#&2{ zrbShw3$Ne3$rq$&i~OSUriyR`_mU_~@Q%=%$a-71>3B2G=vucihZN;2N^<+*YL8jV4XYbSQHF3rX;+1}r51v&7 z?uFHG0@-+vw9H^RN^(Pmy)8<){e0#Bhq(8SYbx9KhS9Ntpdh^|C3H|aBH+*h2|YmQ zFhD2?O{xNdj?xLehAJT;ggQXzAfxmqkc1XMluiH@q$ow-oO_?=%*?sx-1okp=icYd zUu*5Xv)0vygK;-xWNR!Tml`frpz(Jzu0)BDZH5NvJ``CCI0j<=b@% z-Vzz_yy2;SEvl6tpIx5}9ANh0%{mYQ*Gb53q&h2ulEf9cVi{4!_hn6l=Qo1WqX1HP ztYvu#lI=FA^LfGz3z8vj8iw!GjHq1w?3G ziR@+fYU~+xYZijNnli#24!fss8a6m4X%~>BEJ2tcPxDS813TZFVamk2WjT%F((`cx zcjtMejURR<^O^}~R!F+TGRSd9lE3w(IFqKkVUmydVW%Eoyj^*-d`>V*X})Jyu~|bVrVH5&w=l?&jFd-gt@y_q=SUy zrU`NFSKw(aA!VJWW%})VNi>ZUY2ynDuZ@|anoTpy*_cV^@NQW9^d~V0CbnkB22{Hw)%FeN%c<>A@3Sxa&~4iAG4MRFdYrj%?;k;1(`jM)e zG>6{ucS@b#9^3ZYFWd*=(F{uO zvGz)Y#I?gDFZ&EP3yj?^;+pbRR63t>L1@DU=p#+jk5j z^amTH6MYw6PDn5wI~hgoziJc@yfRRbK8)WODW#$nxEqCcAZpSSp9j+JJg?q$@3*-v zuw+@cew=$gTSMk9lUstx8yV?dI`L5fX3v{x8N`!b1Bzm@ge-V}(1CvQ+z&rq8mNPf zSc2DH7~_WFy)S39A0}%OeA0w7!5W0M9Sc~PsFw6~2gHkK+b5yJMgx`-LvKfGp}t~# zlB2gkBG{?pp!QO?O8C~>ZQ&g`N|KQ+|NF#RyY<_)(B>OZb=!}YLp%Ad$`8$`S*kFh zr)LsUOG+?>IWgoOWJSHVQW%)SC;@f%detVIM)la=+jOzx{!Qxu0HBJhtV9M@9YK0(f6Iy-nLZ1{mJ7 ziF@u)DoCG`e`kaJf|AVr$prbJ(=?5t7C&F~8!+z`8k~W)v{AK0@^EssY_4MUC8EV< z5ph!34#&jiMfretvIM__RxT=yfQj(KUa$`LlgA`MR(E^mP9Ux%A1*T}2biD>|9ICqLagDhz4(`Pa=XXbwc37iqTKG@MtDV|*iTetm~h7+RiP z*na-)Aj?MvRNJKcZq=-hECUf7y{zYwZxLXVzW^5=_P*QjOUC3Oe#*3Z$cBAM8hGI? z-A_{g`^%6VE<$^?4=b@Nr_r-bTSv4u zvR3;$YvMrV2BBBv0M$}JpME7_a=PLU1?YxHHkLlNQ{L%hp*CzuS&Ey3fFs$4`|{u< z2^#g9xCA&IgO?D57$T8z!&+)h{IlQ!Pg*7atAijzUpG!|o_8w@&G%HyfXlB{wyGC#hq7cGE;$rP=#cVzgTN9t4zBgS9l30Dn66?z5FzNR)}abYST2+ZZ>IjkM28#G zKpomoPMWhDdWRw8h5gI9U_^?hSu5rNd*+zdQd@V`Z_V?@D;Q!DHykku)S+QFqSAPu z7FJGfgSrbtO1z+$LP#Pg>AWH|;H|+ZcQ!dNmzwQCl)lgqM6M22KoxcL1pB+j_Y!yWbe7o|!aTBlA+Eb4=?-m3}GD~Ux2_(qZ~uED#J zU0TlWZVejVEx4nBBfq!?vvaJIu`aUgM{1 z%;KViZyV@?ewevkaL(uNx5ru`BY1n6=?xCPL2iyRwr^k1^_kV3^}NV0!|?taj$CaR z?vZpDLQY;lz;YwlTRe1WHv6M-`$w$~$yGn7vz4SVnY&zWh3k4jU;e{U*(u6$iPJB_ zLN1v=hi6hh(-idGS@iGQMC`ffcLp9=8c{5Fg3QGgCM}C}E(tV4GKqG<>FV{2s+G>| zE%{(u@YVYac68V1=;Z!E&i((pG3bSSx-kR!I8eWO zSf+~KXh9Liv3T|v;h+DZ<$uYt%^_dVum*hUf6%>K{C**kMY5Jlloke>{PMNZhoq0geHoTvwcvymv4HpX zY}^49H=2Hc!!n{?y-yd9;wp;L8%WfVx|&#GS~7^gN!3H<&Uyb`8MNCV$uz%9ijv}TGvA}@7>H*2@y5v>!%kyh4ksq6hp0Ilrqn7I+P*{w!TGcNuZ*b^jjV4%^w`7W{Rb{uZ^Yt4o4^Br++7I+2BgkDz&&xcsps!-U<+W7PMG49%OKk4?gW{-}t z4)sDu?BB*DLc`L(fj#rh6SN=%jainIK$)f`ULTLLmGTrVb^RAu@P|bvGheZ3b)~l= zSk2tFD3zgN@rMFKW~lsaE%R8e97RYf9cu`2dBie3YXzhb&Q{SH;*PCeCXGE!mihB$1ZV_rePPZAT%m`$`z z&-k2eOGU5NuJDL4Ui$o6rR})Ic&kPF8^Fpx3K;32Q7Ko{YWQ+weD2J0YH%NCK3*`d z1BBVfl%K^vgeBjWK1~ds5!J-FKAsd2`!t-xx5)-iPh!m2)Ml^|h?1khGd?7)9mO4r z!nYKVZZb`6h2UCaOLp8fyqp;)2J9y0?z?9C3B;#Us`#?aD8^m)Lx~$s+VI{MYl6dT z5K61Ye0dCKVI3gVQqKb*oJfMOp0*}wv`#>#^tk@q^f;hf zDPPulQPR1OeU8S~Iy2Ek9Y#wt*O2BaAZ`GpTd$o%mytw*SfeVwAeRQzcrUYUH>g&i zCIgNK)bSiu9jru&?W-%?B_VhIl7E9UOx-I!M6B>?2UUr=DktK-c_92ppqTXA4t~Ir^eV24BD$$kqbwgJCZVhXAp+sxs65 zX6A4YyGDzYpQ_n9PH~&`vDJkr^gFh1X{2jf1POqAzE_d$hyRe>f6E=}97{27E^|=P#z+@zu{Z0CRUtHiArOQdXak6r4mWJq`&bxQ zhO!wLmrv(_y;!q(p?Fh1XFL}{6$m{+D6V{|<-hkQ9-n&haMH|;Bnb-3j zH83c@+V1R2>O+7+av9O_iC=%iK*h7bDXiq7eI2lyrG$MYw^WFIN=ussVN2#_Jai!> z5BY7g=0)h>>^h5czq9T@b3vGWTY{0lKuIhX9D0#L`0Wk*2MiL~>_dX=@O;KL<%jmw z^}Y)#PLWVKRCml<Pe6aQSlxZ~M}eJ-4by*w~=% zYBO5EZ@N%kBivKkBK8K%Kx+VrBx2GDa;qaT&p&aVDhuXt*H3|TS_05$4-kEps+Ep%FIpf?59!TkjyWqteEyIm&OWI zG8=Yd=<{=Zs2DIs~7reP&civdeq&SmtZgQ;SFLg-XfPE)E&Am1ejiQEFd?QlS^q> zxu?(N8|pS4Znw7{Sx3~CP`Mq{OK=Jj|K>nxd#|dHs`|6A|aBo@X%SB^qTi>IT z3YrTbWOI1AklEJzvJMc42EV~^cwOt~zpRY^lVBPggf=TB9k+1t$L%G-le+F-Z{tORlHd? zNH~Afq*6UR)T_imP1#i{CBAN}>6O_a$!}d7EqV~oC-U%NR&6t7$X-5YGTo=MHqXymJ{>0hG z{f-X0@RxTH{*((_M!1T*%Y$|o6`M?#%iVf!58A2fD3uDzJ)k4dpkeEuSj<9SsV*@@ zRZ0wFnhnv!8pTE?Aun4Z(fA1)7jxC9-UqQUn!_nWbqGxI(i@-H+We)(X1jFvY%3_f z;aZ{Gj&Od3@kiqJ4J)<+v+0Lt&A-^^mV|WnvV3Y`1_v0dwR-c2*pr85f-kl^+M>!k zOU^+&Img7q1h}9XJvrDfT&1Mc(RPz+@Pcjj zi&eh*;lzZw)i?#7_5Re_00S1C^#Pkl?KW+S+m;t8E3VOKGdpbQIy3Eal6`Gg@?93X zcG{|4*grOyL|Zz4lk!n#>%@pn6<$xH+DE}T;*%SCz29=aLN^_N?^$-L?GHOp2+{iy zPUuzY{sQrF`$ea*$B%g5%Sg3&2i} zwL*UXR|i^hZ7kqoK}e$_9{6I~sAoA|U7v7!AG$pNWsI7;?xft?<=ZSgDpgZ$?#`v^ zMgb{X6fR(A?r}uS?99b?aDif=&HDc^okDfXoenREkZ43FMNrx^SYHoT^3_gi8{)NfF4QsS=JZ~4>G9T zosHtI#Kh5+vuw2=t@l0Hl>Nm|yAQlqM{Z9&Y@aE!R=^sC@w`Jp?JPo!m@?ps`u>c< z&0+&_$V60HAkES{eHL#Tu+aG4k-()G;}qI2zD-8iX9DzTwlp+!Pl(1I6UY{sc7&;n z++hBW_m9 zFV8DKDET!@Jgp{XbBE{~%laZq6iox7zRMpVXAz0RK&Bhj6KoH^Gb2AL_66Dhpv%1L zJtrBv5t4O&6jQ%CD_Bd1ZTAnt9fl7AvW{k?+2gTsGd#RU5%amUgI|$ zval6)@YJXRsk8a?b5Moxr)}=CkkQX~*KSm=wOPuklbABeR;U#Im)ZH*u^7Uj_#G@0 zGjmXTqi|6he3@LX2>dky_FY--KqmOkO-t%$XgT5QJw?b{Rq;VNk>s1+dkYghUh;C} z_-;sO9@6{Z)a3DpTJ34s*(1d*xIMGEUCb%_PFp_7)%?-hC|{tWY83twc*5?w`R60r z0LwFUxwTb9U*&rJJm-BRsu1j502EwtTglg|L?+Vi$Z4Vlo8fBX6l&lxly(g4K<5 zYTSR3>hwbLD*LYAQvr4cLBx}P#_$2%5D~U&o@OgSQAHT63i?EY1lXBQ3x|b)oB57h zXUR=oIl-%1B_tTvO?e4RcGtUWSiFyaFN+CeeW3TUEANNsFo4x)!xIX$!l!?SK<17$ zPablSLCnT2EeO}XR%S&+03&b}W7C|GLM8LlIsD`~&6b&uJ{oL|x2U!kk6ZcE)QGe5 zrCOW^zTC$U<2KB(oQ!*B>UEt`$3y#Jx49|6qHg3n=d6K{ss&A~mbSi-Vzo(n6AMJg z-QA-EJ`#+EAs?9*>tlcK@)?x(#2tmIVp7QP2l(b4~lz^@T_!Z*c9d4{J#;{yai28E9SZ;+7EX{Ql( z?Vwpd8MV;F7Qvg>Rgd0^7ljR4&obk-$HvAQ_Gv;i} zs|<&BLu86W5Wn+hpXdJWS|7sY9FMT2^tCoos}SC+5QvvOYs0xa0)|hauhK~JW`XKg zQgQ_9thwqJ`y6Ak*iOC=O0HdWX_c8z0p$o7-3@#7Wpk5PP!Vut!vZb*g`BPf-?_bi zetO7y=xg4A($GLt?`s*=N1gmRRw>ebq}hse%E&-#j%Td@BC~SiT%U~YhmTkTw6ZTn zA%uDZd$+q+v7gm+WNKApY5PQq5!>u>JXAZCKAdU$D7#`NZJBSVLblgyDi!T$0(2} z7F?lz$Cwm^Q+qx=w=uqW=&87S1;pE9cLIK z&ljy3-)up51^9%0s{7hdYfF|Wh-#-#;V(7yX^9gdW`H4cnCFuqc^X}~!rKqu<)89P z=D(dZDWd^wo7Vg(&-ADCf7d-e>h+7K&P1Gg6YZ10NVBpSjP+sDN^&46|G*ALLXYFN#!fI^^R zvo|mVC(_qywHYn#pZ~eQU9$2-&75QoV##W?WiGzUF8FO=%2B-Wdqsfd^!XGM&+(zv z2Nj@cWUD~aaKKdQ_(*CxgdnstKH|Ka{G`VwS!c$Yx}Rc!G6Kn1hzfPGnColkG&t`I zjOL+e;vL~OmRpSqTX|J)!fbu18phUm&e99$)2o#d0*usAcpF?c^}*ZC2XE3eh#`i3 zRU1h(XW=5cX$RTqNu2cn%)-Zrhs(L@7%EId52FCa!djOz0q$Pc|B(FVK z`ls;9UC?u}0IJ38^b(sX#$p8m_&v!uN5n<=w@e<483k@!eN~jX5)W#|Z-B|jnCX=I z><2^Hdmk&$Z^l}c$x)YIZH4DsJTlcm_)JZK>@RL*;{+kcg{vk~`-lBZV$Jx2x5AIB>fQnRv6JRLO<(-SoUxEirkfu{ zdkoBIUdx3Yzx(3)9$mvijri_Cd6H%HEOoM94%;iXxBHTZ41jN1_sBUf-|ayi`eq{2 zd%c7m#>>;N?c+evM=JX{YH)bjps|V@9svSv;_1)$-;eO}%-r>yrC&fhJa*I;@`1He@D3ELi*jOOooX8rfz) zmaj^^4nFw}w{>w3{7euz>d}3vxD4?=$R3Xmp$YM1v=IyRVHt?~hT`H(mY0{^w1@oy zu5P1n*FZU2;0J*)f_+ADmBxj@=&Ll0 z6ASmkXIb|rwx~woJOHjhIn5gk06#0dmF4;Tz;ReXo{yuDd`X9obc27asez9jyAFn$ z#k_$Qk`7I~_Uw<9NB39%$bTS5__ybNLZv{SW(FiHscU{W8&Ha=Ck04?Yqce9ld>1< zC3(wuK8GcyXWi1pY5UswGAkk0JH-KrcTwmyJ??W}(MniCskEJ0iI-+xkUTikA;#GPZRX|1T4@nyK6I^YU3bfD{F5f2 zGej+^C)}Rq#FwZo9m+}17-%kVI*E0c6Z`5X+a!T^u?BtZ4TwMK&g zNq9D{s_PDmOJ20QTmJ(t+W^EQD^H+kr!KOU1rmYx?*^{s2(GwCywK=nPhqc=X=l%1 z%*)a&v(Axix{j*ugFrXi;a=DeL`yDER=;8SvgEwsa6)b zJ`lKX!MzJvC1AHDO#%U{DVH+RWhQUV&!upNvM=Y71z*!uWOksVoBNLuH z)|?>g1#R1osjIF?^zT=7Bi;leO*7Z`N0SPSW4$ngr7<7Tq5+#*YhQVNlQOwVtC6IejH)Y(Gm(H=$5V8gz&XvkTQ4`7r zXg>9vn=&#LGI3MKSngtA0zkQJiK1ictATFK_EJ+-&N35enoktmNIkKX?z6NWNHaFH zG|=38oIS0ziG{(iG$0jst!ewO>-_JCXrqp8gOD!4b6d<*taQ9Va@f|PqDqEB;QFv; zW=O1V7@no+K=5W3=e2fj;a)w>EyKW1NgNf4kAI za(JYY&?#jQ@+#=dl)$98H<-FUoF5@*;^7dsc2c<{^PDoS~05C@4aN{AsRi2V2ud_v>Q+*QWPlS=)h`Vwur) z(9Tl5`w}ni=`5(1_u<7+0@;RxmzG%Pt|)G{64Djq0F2-fykYtHZ*5?l2v+9>O43vs zPjoaN&H%atoLdq$E!=S|Mws+0RM84RMA~Tfmzn16$Gdm(WnTEpvbiraPU1&~wGA{T zZx@2&MQP`Xs{6@vAzK?|N@wQ_mOPWO$1YZE4Pr8YMy0F+gd04!@j7;N1uQr$2J%U=cRYO{NMve-+ zAdAnp-{H6@-tzwCz%OUjcb7_sQ{8o{7o5d~D??%t6|7&`JXzqD)@Ey3xkJl?Ndklx z(!YIr(%b>WC4^{fnBz1Xw9D$ul%>|RZ-21|jj{?^KkvTr$$ZvcSngd^%-{-~yvRkOf7ukqh_Oh{9&x!PhgL~O90f;+ZBlYp%>1^@$(YlV-DB~#%q zb7}B~muwOiN^nDg*bmGtZd^X;A$YX%I}PLjsj?>EbBcYb0zGRO3c5V;i=vrW94?ap z)N-Wa&G1rwf(tYyp1b}uoC~!%auL`fRloqZQVGMm(Ci!KQ#BhVJmYKo$x}jMPGZv% zAeI!Ijnv$U!~w);QW)8cx_0@-k$Sa1Mfsg`lYeiWVTGyW5LUOXLRn&YI?e1?@oQW? z2{F71FUb>WN`8u++|?lIJ`dkbl?>K#Q3=%D-DCiRVXYVwHBkM>Hx~@q4eAPvi)igN-KzrWtv%Gfad4TxmHpM1$+& z+t=KWxU71i4eoOWRn6XWSz$2LUCw*r=>Zaq?SL%t`|)GvqVVwb_f5bjaX_e-0;TWX z?^Drx-vr;(*mKBRW;;HfjaPEHmD?f<6GO(+Rv9(Ek$4syxHDbsr=44b6VgYNlyl1}guG#*{T8F{_^31&A+AQ8 zut5_>`!tK!9ZPS9`>g9DVC%zQxnnA$wt}cbOUxy~!2D-^C6KH+fj9n`@`AvC1I55K z7uVPnDf)=t+C?rV`Sms19|Xm~k%BC(>8-zkHpWoQhaqX#3fiRkBeWQ8gGG2zo8X590W#V6yQS}9kPL|QTh?N74n@q1Ur!Nknw z3J_zOpOr8sZmikik_n3|HxqZig}s}%K{*&Zj-e_gI&Xm&iC%u#Xr;2ccf3+d>eUhLD{-?eET! z?fnB?T5Tk6PwkwfXKV_{Ln|8r76bY0Np;s|1@)eHD%#vhzu^%55=D1Og3`2k*jNoF z2#8O=CyH;I+uRe$lJ3j%&Nn{05;sCjpVkuGS<&J|e|AnP7k6M`Tz+~6yeAOAG-Mg! znC97-N1mwH7iAqR9~s4}ctUY4NaR5=-36Ne8^hz>)9aUGqsUvMb_$z}Am_ss`ROZj zs3~HG4Z(Ac_*kRVp`&s7&CM%+8AiIlkdgi)V>t~B)!nGp_-`ECq~Ex-ld6R=)grUZ z|4zb9@7B{_lHsx<(;V{QvI~Xd{E_M^&7~AOY~}YHB&0I*;Omu%fkc;JMTQceKPXOb zs}1d|Zg(8K_=>Du_8R855+~$g#XX?@Yu78}wk{!(j~%7$9wN!hZgqOK`cEg+)fNBV z;B)k_$ZIWL!;g?#Kj>~RKQ;226!gRz>@S7$2`CY5^`4P7H9ez*TZJ1*=Hvre#b;L{ zt*&&ajr8u`9Vv)-_4ZeYYEPJ787UFg04DkdVUEC03Y?yMDSX*p(e@a4Y{2Q}u`|nY z(6CvWT~J@Fr_nBuT=k9nTF#;9&8}|>0gg+nvmFZL zd9C)%$ICS~O>Z^Imk*iVHDGzE!t5SkXW3hd;=s<)mMp1J14v3}rMbL3%S$@qohQ=B zJ;iA+Cyv6#&1m1@jA^leww0K$(z)@@IUZZn^(c}DdQkWMp{GYpNruY(55uw!^>?b0 zk~@`az&>S;S(_bSPf{r$F=^zhDE4?k8PF-(osPLMz8lKa*W~8KM^X7M#JH>UkxtI?i6Cpx7YqGhYqI`M%bw~1tx_dJz!EOy^4buH9AoELZCHXoh zi6SZ5a+4SIN>Cx3Ilo`9%W84@y|t~Z*H6?nPB8%)GMH&-@TvF7oJE_L5m|G1qy1>85jg46Y=>}NZrItg6>NF z=!d{_%X2X=f@iJYUF5I!0Y(B;Ej$*%sdGK(K#cUUS}CBsS=GSIYhYN5i@_=ORM)NI zz_Jk@EI*K}vNQa>Sp01VPSs)kLrVmE=l!n1?F0LE2GBJ+-Kx*8Us(5~yf3SYXi`I6 z6sK5~1zr!tP#qRXL7lRX;h+rzQg&fMOm$IqSBLid?8nktBk-tkMki^+3ZVoQ{=R_q*(LB`f8?_CwhNjnvN1g>wSxER90b2n&#voD5M` z(Co3`hqEK`M;E^(l}`?%uX32EO&!~&W2#2!{h!+?Y^H~#ebQO>t46CS% zbcgEPrVtw;9P99|o zn=070-}yRI=X$t2%a;ilH$$C7aCC{+-{-I-ui}R*E$EON@y>cFZWap$dz;=vsf&h7 z_C9ZHiwvSRD+7&++7Hw*dc&z1bQe4VKF>whoB+vnGLrJuEILjwNaHS5uK5*vUnuuhV{PJF%Kn>Xx52HSj9|jyp-!Vu5eq4HGc* z=Wqr2=|^YWJ+=b$pZFh7trQJMsdR3i- zUrQ&&c22Vrs1%4JeWH<~^!40L;D?NhJ-ttD6kIoIW+POwA}B$N*d{eBcT!K=atzfH zUld~?ByE_erGDWhoj_&aiyH1~4o^9s4$Jcw@)2d03EtVOgUWN+c0sla%8b5gKE`nm z$*(ry$~phQIt{rCl_~0SYgSJ5mmx#cCG~NXm?acA)?>oca691sIE^&m|#Oo*7&4F21xScO9j};8!?>dcA zc*0@R=orIxmJ_i0MF&n+tKjPouF$!h8SQHVj#7$N(ShlqGb5hAe#UrN;+NB>xnc^( zY!l}VEzO(^E7Y~J1Web6??B9efw#>iO)wo@oWh>8K^i=!|A~6{Z@%syTTyj3 zEV7$QM6&laJ;92%{N(v0LRbi!IWhX3HpSK!^CkS(5ZxXCF`p>ixbo2gS1pz%vZoCS zRjt>qZT#-_?PpgQpYTzFfiu{5t$vb@N+(QBd)3DW!z9w;1{tj72)5Nu5vH*nRNCYS zPMdYC8gjX<;^2y^guGt%&YvNZpjuN82{s_J6v6)r?bFTEj6EhAK!bVJ|K+?)-xIaj znW0DC7W6{>okYra%xHPL zX_uQ$4g{f{gwM|5OOC!U2)KYr!=XMxS`R(#V>bRW(C4G=iX-Z&M{0}T?Ei)c)vR&i zHu*8MYmdgN^z7fBTz4fu^<3fg4tsH0n(D&{`!`Ijzm)OMGw0U7{~0zztA1?Js`u4; z;(H0f<0PJcFZ-YW^Uqh$Cml=wp!3W(S@3eYnR(~-e+vx5pDXxR>HiCHVlxMqzvmDF1;81yNqbGA|t+kAc<}VA$6<-@?O6jsfiSr?N=Rh@U+dwAy!|chU@M7Y$E; zT}0G9NpOff_E@1sftc2uSSGGOwvI>-Za<<_ISJ-Cy+VDXp(nCRzM6FT#@cqaKQ_Sk z=fW=1e`>UTr7P1FA-{JyqM~agybfM+sw%cUA{Rv{Yz3 z2^hwX4(DyT=Ad$_u9D!YUx^YeT2)-JiJpJ8YGyGZ%iVunJsL=$ZEY=4Xr(;p-B>gDcyummqLR}kW!VT=ole1|2p)_P)OsV`fCc;?fzgky)U7sg-Z1U=V3aR^^W&`|q6C>bO;){uDR2#mx0J8qoi(X|+kt ze=#e5Pej@L$xzkQvRrW1Eje)TcoJXv9d@Ejx9nBadbZr~)b{+MqW=%NDOHctO$Q}E z=iL*d7hTBiw`sl_#&ut)%Y(^D^JntRB-yz?md2mtisQ!3lF8fsc=HuO9UC9Onu8`a z=LULGLg)aAL}5{h<40dUb|5+v7W}xc!*23hQ+G^d9@!SdEwL6_+%yFBvgaqHhID>mUw9h+Ppbo(Z8 z^}+XF2kd_#Jqfu$dzsR;r0^|Qj^mWiw<4REAK>qhx$~4PcAx4#uynOZ+yl|z0rqay zFCD)-m6WJ*N?RL2^dkko()bGKj%Reg<4%7v2hP|#+TDtFpEB5!F8x8b_P}8}yEu8g z`g_x>hh$orPiZcL=e{}0#y5XE|DDKa#1p?8?vX}wpbS5`N_&3m7JBL9TUwXt(6nU> z9_vYByP1}^lo*^m14Y^8o*tuVuPlb}oKH+lynEtf5PQPov3Yr;rK!F%(cY=vWAoBW zr0L)nvDh=ry^I8I(3iOMGacG1yjglXKr2+Y#%ZQ*zcjU_wl1Y>B_;puXICBq7l@jDbL1y;om9G?{^Hv4?>m@mv+|dK%5RA@xT=zL z&bj<=t(K>~Kj>bV5^b`gXj|2Mc?JSG<4=_ ztsiuhksov!KTFbe&OeC2`P6>@sq5N%wBXUhv%|usuCGj|^3Q~C|63*8iT8k{`^WA| zD0%#pD;CG8-3QXaR9~p(u}addRVaSIE{e`xtsI3py-nh zX(+BjalOpdI(IXkjxOxp@Bc}=IV;Onu{MYMCwTlsHz#6Yz zHke8>q>i}H8-O7u$6n(DDX6qtNkTuxeGMlB^hvsRO4wJpd9LbvV)Z7B@Zxe51J7?< z9H$}~hy5d71A#m_OZj<^z-R=~BXTq8(dX%>2K&8*?X%k&^j_T~r;d{rb5r7lLe_-} z$?}G}s>UCa1kGPD4qbDT z{uCKP=}>Zr8I^fdwqoU8ErBzcoIZ&B)NS;LN=KJ&MR)G`tIaIxXub_*?q(WOr3}yi zL*9FbHTi67!?71cr79pOT|ht}0i-H~lF%d&N(dk=kkFAL-9m>@LhsT7q4$m`y|>Vd zNR=+qr2FRV_w3_u@9*sEoO4~@`TqHyKXT0^PiE$snP<(KHEZ2>NUJBxR1p!ZI<%aE zh{>8L{KTBqg%9G$!8(RA^6SyAHaI6b!Kqt%D7OqG0jv&+8`U31Q|#L@>EO4(AE?$_~? z>r|EC)j7DF&v3 z`)4R9@Mk}W6Y?V)TWas~F2s(2rkd5ea?x1gPCAEEGAKTwB3Zu`vOOq5LMBxz{{rvNMga zkwEds6~8FI=1O0cC~SGQNm;{ec%*#9X7)ou+Enk^Xn)(bk;D=c;YxJxY6?hVXLx-T z^n;h2Go7MS>>gj=%xjVUt3vb$yh&Z)9aep}XvKp9l5{2`@X{QSvmYtLiggW4J~WDk z03C9xv?3{_us>G=1BuSRCU%o^CZ-pzs9q8%w8)@R;7-WJ4t_G`)ER>WVqLaYQ_Ko3 z_?2<(*TS?J-N5 z8k%qlA=2KDm?B9D08IRyo%>D~4$6B?-~KFZ62M3mq%eOwhlCLhxa|+;*YUbX&dq0v zxZioF^J7@tEuM1xNMR21us->LL8YLT7aDMuYD1moBW5Ne|pn)IHC)VtiQsO6518>D5zq z8I!g_ue6Q?)+;^n5bsyLdxqQoa=!t04&OG@FgDUFdUDH}jpOJ-gC~Cj?yl6k0a~KD zis-Mc5UjnyW^VizAJPv3uJRAHkq)z>pQWE(q?55#(-D)lx(XzaZsNMtNW&hIH@Sp*Z_Z9jOVM#RGn+ud9255mnzcSS^!dS{}ai7 z%ewb;I``c8H{eT-sh{xjxeeS~!28=Uux^)g_*b)+K^W5O@twacjK22YGLACry>PbQ z0(9mm%4QRv9B2QGE}J9Ui@kS{aSnV7;E4MC&owz_j;<8vhUdKI-j2%|9$K4|b(Wz# z%`6AoBw7efm%iZQ$bc}-v=%0W-~JEl8MZw+e2yl#=;AdPghf4Dc5H{7tj>7! zfCB!j*_iv>~)Y5BQ^y;#fXiGDNed~Y3ly|52Kk9 zOZV%!CvzoBbF{h(CKHmOMSHvGdYotZNjJ;IDiM)(1B#-6?L*+Gi zW9G^pQBBY2ym&kK$l5X)QrwktVM8Ym8q_#&$YHTgZ0Mcv}eivom&ewSn_`OH8(ve zYiloczw`Gl=vCv<=`*$A_>L%9Q@98YAg^PRCko0Iw6bUGKU+a1gZRt}>q+M{2OO_! zOIp$Owkhcij4f{{c%ZB>qf^>Jk|M8z?B4FySFTXD^lI+(fVI?pB!2bjiBqjq zu1$vpn`%II`H*|Gh?DlwN`-W8Uq@n)EFvM^iL+v5{XEg~l@*txG>_3+#J zDelz$&S!1OTOmDNZIdF{8c%iIYF@X**G6?6y%JHArz8vx67+S+i2_M=`SPwOr&W2P z=0R{tTl~U$Xxv`YyX1|{>B1m;XP)3{%(->f8@Jq0;K+l${+T==;35S1k5l{~a#t@s zB9YJ+str;}T`?A!W8D;I*z+lxXJ#{fxJ=V|%wqmIU;dQMGuy-~Jo*&Oymjtealn0w zMm|kVk4v4>`whUNlK_{SQvO!x&D}t+)zh$}+H;yTBVX5+M#po7(;4rZ1Ae_y5xyth zL>|AMvr9r}VP{cKo&s(}OZvIH#_G0h>t z;ZX6^CKIKI0xBl|g22TYyr;ln-uEjHdl`cFBE2umwBOABqSARIP@9p!yqB(=jQ;V7`Wn17pUMS&m_gr$ZAm8(;P#fZvP#yz%q7 zSF}E!MY;|wYrfLp=yp)cqDtpwWPZBfXQ@PH-6ZLU0+$Y#^T}>E>jpC}PiMRyuuGO% z%hccDy7N4qzD6}Dbr0iiRSlKxr}CY{1rML!t|!6ocztOzD`=>v^x<#I%j zH(XWkRuK~qX0KoWu?a+THs7mtyAlrxhKpxeL#9#*ybhAa)Upn&p@g1k{FiMn^*}uQA3^E=QhgG%=EDn~%R}eMuril`=LIXgrVcA~ zhJsbG+MS!Ko>e?I^-9n=K3FqK++dbkp7-1L?5r*zx(M12jJ60mX)^eh8{?hZO&wZG zs4Bi1NIVnaHd~y&nfr9mFm@@&ZI1mnZ^+!94MoY+6M|Een>`+nE;WDrLhrX&=>R4H9q@ z&g#n6mS*5=)9NVel^E!Y%>LqzJ^HNO7N>0&oVeW{zo+>W52pl1MyF*F7 zvR8FwA%Gn>{J~5DS7?UMD6x2UVa3Joj&CU66H9mf(Y@6TP40b7IAc;_SYDK`s_YNZ zit=oRZOsB$Ztj|Rq872 zwY10e?2kjPuG;nWmcA*Bu$de)E23r4f~W;EWhg~6M+w%n_}VHt=uICHN>4a4aq@vv zg}G8l-n0apl_stjGxLwmZAvzziiG-IQRDY?+gR`vJQv6IL zJqHANE0P~AO$oQbXRg9?^K48X??2vNlt-BD`+a5ggvboIM@6zow&H6a8qH(0w7_jO zh^+?RCukBDTGbCV|7Bs55|TLW(zok2)z3 z>KZ?KY+5!lt7IGde8HB0Durp5DFv!~bC{xe6>XngZ0n#Cp&iNwm!V^#XKj!#x7^^2 zohzRHOaWUt*54B#Y}mG5u)AU>hgnZYNZZXr-xR^#FQF;10qT}Ryq2G?*kr=;2H85C zc(YpQ6F8#KD+8)e`r(wrC@e+CXPtjKC#2~XJ{uhG{taMwNGD(-=g`~e=q&gf(AM6j ztTRX+~~&byUl@haxzY3DEr zakeLWWJ+c;@$BR{JDWy}*$JEIvggT7Y_!>1$Jg5Mx+`jVahBSMbeLIlK3rtLEQ>PQ zEk!fsw|p&XOq&>TRMP65(#F?XlA@KK-qraBOUg~y%SZ$XPC!XRNb-7sKHvQxbxccb zKn#10>&vwYdPkSrrlN3KL$7BH-2>C4;8g{*bA)sFjsMF61pqj$0as`&_=()%6S0&~ z@~Sx3%jKexo2;yhraVrw0Yypddfv=)ba$kch#tq>J=24i-Quk`ov!q&HLC^m$4AFs z_!8Q^X_C%SFw%ZABg8xT#&o2GfG)d}23XEHZ$`hiY7psWlAUhi;eFX9P{^7P^T_)B zoJ{`H_nNtud8`OeC(@!m$!bXVnhz0yL3F&o)9oQ%g-p>N6^PPgNEhrqqtgaYM<1*c zygBB61C)wMySOU#FF~R~$jR8@tBBxL#$Gy4WU4D86-)~m5T%dJKQ(+`M4J$CTb#~! znzy5ASsd?W?VYD>W)Nm7$W+~cJA=7}%lm7}= zb#;`7I?pXqunw7{@J=|E)@?KmZV*^GYa zzyNOrX;i0LBX9{LQ0oe|FbyRObo+4RV#Z2?(Ogi=)R&1O3O7f5TzvdW02bx7^7ZRX zZQ&TT27S+#$&MPmZel=guOZ!bG`hU?(?sEelhX7-iv=ZCNCIrlSumP*^9Do@kL-Lb zC`j_c@l|CVR5lAtLQGS`g)`oysgFHLC;5#gK=?}$zX7eqA-cD`UrpWbBECaS0{2?8 zKU?9D!S3CsoJjS1J{1pzq>m^l$Spa|r`?0hzhr1HLF3^m>xwE;NkaynG1G{bvB|73 z*pzz|ZbV)l<#mH6?zB7p^zr6Z_qboYsa2iW)8xna+T~}$w6znmLq=U+3@2LqrmEac=Uz=qPsB*+|?&h|G~D zZbO;_kkVabxz`f`mNV|6fwf!5c795hFj(2RYJRW^1m#KPdx*BHH$^#1zCDDuEWeo) ztY2oq6gs9?V?lWd3F#uXb5s-zdx6;F7Ms^)mD>l|6ux7M3sj9R%5Dw(DxWPy`%bgW zZh6`)LRmBew8@_ZeNZ8Qvp_?Suqrv-F^hScsg;ooPfzw#>xKv9kYM|VVQ;KT&vT2= zP&Z_To@TDnO}?_1u59vXg}s-_io<2wFnN7E8q!6XrSO4fwTwyjiGsCi?R-Bt?FO%k zycY`#tH9E^kl9zD=-Zm=w;i|YIEJg(@#IyIaIjStmym`c!Zl(8k~NZDqAI3OV1+bo z-gfn$n66zm2|6lQxV|7Hp3X`Xs!JE`TXFhU9KBFPG@hmV4FFlCA`2x%lXS;&sxBiT zX1y#(;W%DgvgsLgXqgyZVPWcCCFpw(7~bA8ClWx^TEjZ>n(K#a?!G+t|uyy-vnE$Hs~3 zLYW$JAUiAyRLGHwXK_kV1FmO+i=20?s;;Ry)M>5@G%hK7Uys9r=JFIW?M+&}$wq`( zezJnYymfJmvNwt}a6Zxx4SH#P9!0rf+?ixFGx(GijgQCaE)H}FM@t=*@L0ifDuj;} zcM!uB1A8#d$bo^(cshDbuqo+czBxi0X+LB(kXL@dsqr0%XKVAkoGJE!&(xGe4c34p z*rl~5r7*D#XLgj7-nO?XsRw!NcHDa|EaJxqxJt;&XtfJ>qY>0c{(e$8a|} znUU^tRPTr$E>U)ch;y_{LM!|R+@1%fp0iNFqdlf{F9!5FPv%sy$5P5KxSd5rzZob$ z$m~vC+T>M4aensI^f?pGq9F*FR^n64hH>HLbQY$jo|#PS|FA$$=*bm5ad>#v(Q4593l3B}9H$pKAQ9vHcd5aeuxo%~N*~ z<2MXaG=mDyCHm;oH5Ox`unJZs$e=v3XFxtu?2rUiQiJ8x?a)0sxhR3v>J{|MFdL;b z@4WdKKg)Y3=6g($VcgQU+1pNJ-s_v5V*7}_`eVqFFb3PM6S@}CX_|#WEo8b6f11gK zy1qg5-aA)MHyL}>6fa-R1LBSs&2e1g<(&wtk3u&X+@Pd{Oed>A`Gy|Sk<44Zx4P=P z^0Up+fe9SOmc(cw;LpXD(>Q!GCj!r@&*37AtTNw_3usx$cH9nS$o8v0?gx84evwbn zdKU6N$K)%29w`_sWlt_&oHZ}!L`}1H(dXeohV0K35sw$`1^XrjPfH%&uWSb1*pawi zrF4T$-d$sm$MyP11KtBW+JlQEI#7bMXxmM{>lyFV(wHiJL{>I5+4t#DPx&Q}=;ON7 z82y%#og_%5%|z?Xr@2yLWmn#;Y@Q`no@82}VkPfC zJ~UWWCId}mp$%Jq*m5tn#;_t{C#anJO(@bK1AMTfGyC*eW*GS-5@+~sFCXoOWQc}t_?*%u!Th-WS`h z5|p%jG+j|AX$9Y0f|tKGn@CaTL|3aQePA)W`!#e8qEZ_*INA^l*?}n!fzeX(h=?75im!*~J&CQ$5>6+W zBvY+cEt#pc6^x>@1aLA#LAgvd(_KxL_g3)p;Wrh{0YElz_#iXwK_(E`X{rxn0wVTOf|T`o~dM4TY3c;oP@c zmHhNGBkjQollmWmMmwCZ>;&5Aiu5+xaa`>y&xNZ5nzo%yxv65I6NMw_!h}s}ofaOK zT)CQ7>PcM5UdY=`o4(Mv;<*PJkqYQ|K6X@k)Pgm8?C6>Yi@}11<+d^o1x!3|ul@P( z+AlEY+~<#ydey3?hsEbzBOK9!_()ASZw92=2RN7Jt{jXRg-A*~qJ2Nxp><_KOpb5l z6Yp`)xQ{uDq!hl#UzbJlj@#V~;4TTMvu=Ng0RK@}+FH7)mAf@bT{#=iwdSvdhI8U9 zjW2q&eL_vx=p_eCzn{#IQm>b|ytr3>QLgpqW^~jB0{&Cc zXuNlrL0yvO$C9z44ED~`#>4P=&B*<|vEsI2=G%0);&Ya7I@;J7FXk3$6H9K|=WL0+ z-w#MagzeFTK@^J|o;v8F#xG`Di{F=!gmYc($P zq7$6~s>|keGDAh4w}fwOYo9h1dc{h=v(hor=q$}Cx?*z{9Icm|Gn=`Us@&4jR+PIL zGdyN4*7C}}+TCSyP`h)fWrq+Lkj#>c;#4vBSu2t@y#1*DJ@hOpEL`f-gBPxsqffXV zJ}Umq?miW?liLt=!2OkC$;+x@wB|=%|5$SX|07(Z8SCPmBLBMvFW9}h6gr+fz2O7z>W!%#liYVbKD58GNU6P%>G5uVd!DR=t!P5==!zfUhYe3x?t#Ym8-?hj z(lNyMPyez3jGL{laDy)QJJ)v_g%Rt>UnAew=UVQCLkvqJcCP(t3GMw$4b?^5c@t_z zb4=RH-TIa($H10f=a6~~)qbiBnMwXRWxoAo>s(@UI?oDtU?lWe8I#8~vs9T#! zB^czy(2($9Kp%Zwm_ZpRT;-+#q73LsR-GYe;S~x~o;{Jw-IxmEDa5426Aix=qVDI3 z_JF^ZV0bmeJQ7eSRu??V<>&k)0N`Hz7672<{Sja>mfU)C7i%|7JJNcQWp#7J0vAr~ z4#>jw`ctkwK)2Yks8fc!JropV7yt}D$(NQX+j=IFl)LY>RK3{3?K+YdNx9oA_f<(4 zp=2Se@@N#C!S<*^kk@Iz_7&@?Z$d$jx4}D$=$msjd}1MHeW*I33@vnduNGYdMlqhhJjjx%$*^_9x~ zNFE`8i(=g_eX?cRN-Dvx#2una-z+g$*y~@&M)f-1o3qij-2(?*YNx=|jV=fAB%oXu zR7@r}x_=56#|7CMRFG&NobZIWz!`x?NZ?F+m|*>xhv@sA8$1Uvspo&@!uw`G$lqr` z>HqE&_?HcEsiIkeyK`+wuy&nJSQfmV)lU60mmmIl8+2aXKA5l1Ei#kz_i;5$Hq~mLDbGH_^u~5#65vi}qfot=4`r^-IBo|J2IEv=vKl zM%{bwCvZfp2hMQprEKeH?bK!as&qX{gSurZ*EnuWF|bB!Wy~w0*=tX&RZ<3NMfG}c zwJ?Em=6aZA^VAx4Ey{0>cGfCzSNmN37R(a+viS59(__Jzw|G8=Tyj;Vn}c2O0?Lmk zLl0T`UslMw25deIw9S%RyQNz<+LSSCS=Cp@VPa8bX`eSZ6*l_-KD1Bup*3+4CLqvuD=OeEHbu2~Es!o1rZ}v?*>yb67(I6*J_Xq`L+c(hCw2 zVu5hjD?G1M?jECj74n=2ul4me89`I=xUhSLDHyv)bw=td=k!YXC)z)e8Ln;4e0x@gv6i}>-1q{%u}GGR=fHBx84?u*M?qBGLy$aA87Cj+wkWL zLx2%8A_Y0SXvau$xXF-D=)SJ*Ix(&FdArgh#O zPPqjYFF)8xjYy)EU2>HL(rahIn(UZ0@zCZps%qNy_|qfdm^OlN@@ z3fa}?Rae;XVlbTGDh=ZZFlxlC#7C*Q>BSq|}bPS;F%6ZbF>_eUK z0lP12){(QyCZ}7J#m3Aww+B^iGI+0Rc?E{n%GWdQ|5QX~)MhTN5v_^uL%+trQii`e zBNl;cOtAhGd?x7nHx7)h&F!dPqADzYW$O0HcA~d$NOJ&D=mZ*@I$%xXbNX;%Z`*PwOO|YSy%qh zk}jrTSOM8+`DDf5g>N#x7DiMZJgWMUcS6Kqmu`EH&@fYv7l4D}if=T#MyHj!XL6Al zk%68}X+txVtYe0F*V25L$2Mw4<>tbFkcINfTXEsoG}+`hu>z*T$2u$+F$N_i4RCbC zqo~Y;V0$J%-GuX}8Ay?I{!SW9Jtl+pbjq2l)sr00152{D`84(xqjX$4LHWx9oT{;K zfqbDp%k@iyQBXHAhLG;ZEOtZKE?`2xu?L^5U*Fu$Wck`2 zG{3uay++*g;V`3Xil+pB~afU#*Cgw~h>B2xcRIp}cA@#{?Q|pDaD__0YO` zDh7(Q`bw4w`__tYvtL~eAo6yh+mmFlPm+8-A+k5>qDtA*9z!0ifRdbEsh33Oj%3S5 z3M)H8<3SD_1!SJz7dstf^AO=Ar2p!*I!a_Y|J@1F!U&MBsk^TuGE#mfzY*2Scek77os zB!*W<654A^xo1C4SU*mB2QfoMcd7*Z!@ZNT9qlMuh1Y#GJ$g^wLtR>!FA@ELUmk1zf=3bLugSsT3vHW*Zx6u!6f1V z*sZBkQJ9=d$hs6n!PTVAOR+WtB{AaM%KoEzP_X3-s9q*98yGOc}K1&1Wv_B!PNUxDD(B}bBfK-NslU;ID^(ULpjYce1wpu z>ZVh!s}Mz3p1!#v(RuT@XY60CN({gLeF1xO_`j+{{jV&byML6yOMkREvRfCvPHRWQ zH?oVj!+3Vh3M=|O4ZQwnqn`hvOS~|8EB^0#DbxRFYN=+3lTQ9uuK>y40J~Xg*(@!+ zv@I|vEM3zqD@TPbAiAf*V%R%EVLePuAqn{k{Mx?|xT*Sxt=νXC=$+@eYZ&cM2` zaFy{)WLzc`&GogA zIDkXkGe;l9$M@e|2Iqi{J#O$SV%f{Js75|$uh zyRcfI?Sf%}Cwr@64ZjF|NRPY(rv`O0E21)1njFG`GxV)NxJ5EprCdBWOEI!Le3PQh z7eCWWAs{5}2=1nfUVCE1r)@~idDs^5(9LU4WLYJ)i7_SKw4h{BbHYg8ZObZK!uuOW z-TPIUF>tQvzPR7EN^B^5Wt2)L@$T!PXv#n#Mp#NX*lZHK9!l}B;3KYmE8yD^b%p_l znG(rTsuq1YWY%UNFF`ph!F%w*h};pG#`%|*hZMoLrEizVrl)Z^Xdd--2=Za1!>CZC9+*M(cCrfT}6EhH(1$?p{Jg>@Q7|UK=u-XK(rz>P3wk!*ZrI zp=Cds(ai&?gKV+k6RBtmpW0+em{!(3mWODSodVdF|AZBP~b^MG?i4q zSiI3h;xM8etbIHvz|=4k>}aac(XD>v=QZ}EWcAGL6Kl?b5zan;%|eM;;NWV0Z7lg1 z%^}~Dp{O**Y(gpt_i=WYT!DjV^{mgB!8NF%?`Kv(K?5^B{0q;Bk*~14laJW(8C<>e7LMvl3?% ztGenMZ`##~LQ+=?he&KyS%_-244?zz_}R;-3Cm3`DDgLdB3S#vD(q2vgfLx8_`0Ir zU~iM5Oc@J^)!sqNpMXJzy?}FF?Wab%A{?jC3Sy&e3>cxTG%#Ls!^KSlrd9&cIMYu( z47{n1NilBTR*0P!U{JF;t3DDY6k_7$KE>l%4H%YP99M;U<|p-r)!!y?FKD)Jj{=9? z@QZ^g$#4u!P%1VQT=%~+qh7-$d`dXLmXCPl4rYAJu918?bdU$((T<9ybj}Q|!B(Et2v#(}1L|1m zTk6oN#hzwd`Bhgn_-&+`94mRRCQF#Qtx4aQcSusD5~+FDA}3MHoou|ME(b!3{m8{+ zJE=FhstZxoIt}ihyh-4jBQ${fA|DLqx6fp5@4F3xE><`ok#bX@TQfG#%;Ddjr;KE% zz8d6a8xftLj?Tr8efDATFjdIK#R;R`PmJ&zXbtRlS-m1beb=e=Q&MgB>BNjfO>O>mgev$vdZKkA-C! zWh&Rxjv7=E%^SBAW=TP+Q}@z-kChYZ&VyRSB~*-ZaHmEicXCss3s-hNw@l%eNVehH zb*gJYlw&E>-85xIGR6~I|^xDnqs!F*xb zUw!E_)cu7C#+--EOXJ;9Ut5qh3OC|YtvWX1k9o&Z%@Xy&sc^pD#bLs} zWX54IySvH=*scDG>#AZ%Ok_owMMtL!fxROtl9gpFRiFYu&eGI$I7K(i4$oh^G?=Yy zn$f_mB2Q8s2btzy@W}?NbHZ2$LW0A;rN8okTSq(9(iG+>BO@}wIjxwq#~HlYJ-x$~ z?U2E;>YjaJT;xI9DF9^BdLZznoRBU18z5g2)3tJao!>i+fG79s*FUbwfCA4VoomiHotwE8)rqsx82M z8NHm46ibX;XYF0q$Fd-)~ z2~DOg&S_YiQZLU>{zVXo1twVTiZI@QI5k zxe9iCy}#-^ldq!RnN4rb^NB>g*Cd}VqZUJW!IXeKwGgG+6vudl zsr|e^>u2}Ny&-{bHJh8ovm_7cb#Gp@u3Fz|5e^sICdJ{5sT^B=1YDZv_?s~N?|$4a z&^yx>+I5lkX}55~%&yg>Cf1yCfQpv8hsKt;_M0w!D?0K;p7D8K94~IF|En#Ns_Zv_ zEQcG>C@b zMZ$-t2($&q1LYQBe>WH~A*3TgbtYHU&%E%{qj$vz48?+GCQsEmsAUSX>I1cXDFST@ zRAgQ-M{`+a=rcG$?e^`(c)ln|fk6+vgA4MqKM*E_H=m6pc7bk|aFcr>$Fzknrg81b zJ>J?HNq?bWwWsQnF^w6s4^}fV>Ee^tZ>t3oiWvJ1BJH}@m1HU*o{ynJUx%~hI}%lW z+){;xdyF@yMXdBheNTBWda8G^ZgXmkFn`y32A-}E%f1z*$Y#Ups^>vYCNmtCl6HT( z%9HP`>}RM{p^lniENJjK*1nLe0;DmQc0F`LoJE5$=0I+1p*TKAU$e=|B2X~zX0~dh zAKy$ru?Ka^;th7VJjqUu)8(3$jqqjvye2_F#- z)~ZgygH7@)D+-~y*8Y(FL$(Pngrn&M#cTC=OYXd>QC|O>@y)*h)b|QToHXLX=>093 zDZW452^flMcMxb>)iI4E&{fYdp!wkhGFEpZZt`FHAKZ^!>=3a?3w=2!O9xj4&yHnx ztiMQ_b?pSd1`Fa=$5G5%fqF4r-P>QPcr?l8;v!xp>rVi$--0I--1IM?AyEd&qXSv& zWbB*66)ai_JIs?EI+d$AhEE;(1Zutw@l|V9s2ds+$YHNEKPEPC>pF&KRu5)1gQx-| zl{8pcSsBa%&G4-mb&z91b>X##;RL?k!v1v_bp});jgAuLL-D9w1_ogjk^~9e=UJer zaUD~)19!RX7q6M%#TEu~J1{~%k?J^XEW-YB2n@sOe*BG zqtA;?T7!iM&~^3j_&P{@#LQ$gdXQjAqL$C32TFpm#@lE9CHZkKzLY)+y6@;vo6g|& zlt|9kC{?kY;WAEgFh*!NB-jAqK*ykWO^3F%#;|faP_R0&%q4r5M=+L8UqkCyx=ggt zjZ%U-i!Ca%0djYB{7{%NP~GqJNvzi}!ErgJ1H8k_;ElHxM#W$2vz&SNt@0~ zHu{LB>Tz3^;dsJYf29E>R>f>(C=b|Oo8{EVRP4))vcNT8x9$xDaegtKvBHYc2C_1< z7#y4`M<+jBELhKJ*aox${v@>fFyRYtt^s*>MM-%bd8P|2s%soEacN@C{i zmL_$&PiN~>os8aUr)0O8pG>|x8=rkD_NVY4Ek}}Hi+)K^WcS^-{i;@5{F$d; zV?pR_^ZEIPZ5-pD2D{9Ar2No6Nx4q^eoN#B=ZwxPn(u$QEIlZ;5g-@QfRr7&LqZ8=T8x^D5cd_YHPkHYu&4WRz6_ zMj}QlC}B|%n7_G|)|-@F3atuD&s_=3jufII>BylHyF-C}JK{%-C(e9hDjv1QwWz@O zK+?$wc9&w{EFhBidzU^bc566`aF2LW3k{5URV+WRgQyczsqaM|J*r6!lUW8S^$XAF za#Yqky&bpzeyf)%ua;iVh<*h%88%FcTDS1%-zL$EGc2=y8C~WNeLY&FVnfGf&Yg4Y zWRSgvn_waZP^IQ-hn!rmwlT3q(WoR{URAb9Od4Ft#(PRIiSrl6_W_*7WFd zVPWCD4p4lxt!1a_z^lNxEA$EFhH_mp?A=W=aB}0DH+PheB2r`l6+l2@6YJ0K!+;B; zLH|N)P&gvq(Dit}P;#1)&o@L3#Tmx5?`VL8BrUQEY(QtlgLL zev*GSd%n?=Y}Hx!v(#`xxd6;MK16MvCOo&Ml5@1qNaQnhr>SbvOoT3E`_qR2yW*WR zxoo(^LnUgJeMKYpLnfeuMT_dOmHZnyCFb(Z55{{HLw8he1J`bl;#$f{HJNSR4_vEf zv1>=f)$DFtrx8U9)`Za=ucC_R67(hwze&ALJ-uhj@FE~de-cyWP_PSB*62zhjdIQy z-k8Na`PqlbTd11>Rm!dE4?wfoKLcS?V`1VLy_`xr&ou42t!LdFMz((QbQ=B>6`5!8 zBi^4Os*OXGYBx^r8w~N|4{`I@-DH=7mhQ|!17Kc`XzJqEH<91iEm-)lnLD--seWL^ zDq234*6L0&Rmt|svwEAD&>Ge3^6t=k`B|A&JSWO+(;Uv0#--ROyce_W(nu{P*D2Q| zLw`~sorT49y83jCDz3)`J@a6&R=QsYaB&iQ1+pOY{>T;Q;nC{9b|Y=Ei~HrgR;(EH z2qc{^kYhP(@Y8!1Hc^j|a%e~ZE>rIn{g|8xR{{oWtQ(kMuH)*D{+XxOK61rmi!-0T zx6%GNTjfTZ(dMdBagzN9K|xlc{-zDIVuTIMc0WcFr^AGaU>T-8O@d5)uxeJzze z3DyExd~6CI)7lV%_N9xy7=1s_tc8axeNs1_Q3rg%NeP?3pyfkB>0D!w6dDc97MnS$ zZ24fkM*Q-ddeHGoZhSD%Av>BXzpX?yB3tU*@sd`bYjZH-!+5)&9(}f2W~ZQWwn6Lx zNN}izM3*d9MaO|i@gZ>^@ly4F5pQlPBCCwOMa#VcBwW!bf|K9TT3fR<&Js;_X1+0e z0DKP%1&rEdpHv!@zI@LXdvJFvENxL-Jl5(f z!+ecXb$W_WzmTMm&?oal1)xk`NV{P>aw~Ri)ccMm0Koa+?Z3Z7yX{ij-ciN!&!bb{ zD2CL$WXqq%8r&)*@7Aul8j4N7AKQus6I*e!(yi&ys_I= z@T;M&-GtTty!U~LMqqh3gh zVhi`d!Egfs!7?ll#KpHQBdlf)Ta8u{wiIsW#pRleP*At1WvjSxFpY1V(1m5xj0sTh z$!~hPFC(_Z+eh&{rK?(3B9!E$g5^ywnOS|9k5N zt*yiaEb6Bv-*PqkKE~sw5$|{5gs>z*sA51(d_qV-@R;C(Eoi5Nh9-FcSES`a8*;Fn z<}`oiPFXA`O;JGo<-=Zixx#gOyG_+krAsm=^=wq-*oZ;;l%bGlW<@kxhLhZyI)Tmt z*+0gz88;6OzR2_PV;e@o`L0SiQIU=L2Fm~r#|H)*u+W4^X$LkqkmUK|L~d>FkmyMM zZa+x8+CJ4}wZ@OQG|qEhY5b-*o-bH zk|7cTN+NnOoAyhqy*4}*Q0eUr-s=H=ZveWyQ|TiDauk^g*Zq5c%+>|f!PoayNW12q zo^>IqcmTj==fBs1+DS^k)E2#a$F>W|Zt?W7pJeYyFRveJ`3R%;Linf7j7f^4t436$xXVPGI^-J4ho@Ji9)MZ-qbXdygO2P$Q_eF_EuFBEN^!@|> z9{xUexN!B&FOToiT3j*v5x)IyNl-fu^H7Fyhv}{a9=b~|yYgK3BTeil*`{kzod!lZ zp4b0hs7n4+{w&KTtatLzxkc|U?Zec_hVfArP2DcAXzJQ(b<3P&Q0kl7r-B0QxrGEd zoHih#NT=GuIh(0;P&_^-4B3(;D1NYAgQq`R9ZIlK7m}o)0r#BHGF&8qm8cD_p0hG+ z=ZG$ZrBLSQF@<4zyFxqM;vat0D0s;&uALqx%d0b7L+8N2`KKQ!l4xl3n)T9ihK%C^ z4}g9A>H$6W_XZPBmSqW-)y7EmE*=rO_Bq|9O-3$R2vyXnSmCH<9`gH)FpZe%ZS(q>0{*$B}00jR3y_%aHO(y%u+tEfw3-RIgD!`+)T$H?<5 zC8P-WznWV)Nv`_By8GVG^n_3LBJUkE;sF4vn{WQPg8w?t!%x?Kp!B?PF7-EHoYq21 zN=R+vAkh1Z__-CJ!1(0bj|$$Bqag2q*6a6XuXz%z!+JDMu5&xl74 zcb!goWSajP+fSb0$x3$c8-Uj)k3YU@e)90-vCb<1756_q%*8CX#}6Iye-NX7EWAv9 z<971GM9qHBHW2veU%fYq|J;QCB+p{QE48egwuQ*p=BD_bR`cr-NrokjNJ$-rAC{lQ z3;Ne!!anCHr1*WG{$PIoTJ!Ma+mmnqNjZP{>d!zr`~MN8h;yq3UN2ZG@{trNCO8h> zKlFW@H~1D${}t~Z?(eIw4{2NdD8!|YO8fJUx+bb-GvgX7&Yl7QaT=fhQuco@c|oU| zgzS;0*m&^Td%2@5z4&LG_iAOD_Xgg(H=L&2(1YQ z9REy+t-Kim%$&A2B{=~_P+&Z2;v>8?9;8dm-`Ny$@_JfLJvp@y+{d=&?GboMd^gzk*aR#MIb;R z^cF%00fB@rsPtY!4WQDSs8kiyee>P>ozH#F-TS%a-1F<^PsX#>%A707oO6vi#yj3u zcUT}@trM!Blq|SZ){I)FXz;P*QeNAaUJI2ecd)gP@g_gk3N>HAJNjBqo7vhus}yK) z&k5lWAP6V48yUde_a6;u*N!zjR3x@w6iG(*c-_3AKEG5$sZ&uvF+z=%m3|BrpHO=L zJryr+Y9=$qrtkZN<^uf5|K4vybGB{yLCa&lpI#l&uJ`T!yx8;98B*>A1T$EHDpn|CoEzc|%g-5d?A6FfmtB~}zWr<@mBaRJ81Sr&sT%WCYojSkgNX$ZqT%Mwr{RhqFURqk( zHqS;=>(YditpV0(U~+8|GWA-s&skklLD3aOmM-01FQry6=dC-#FG+B}Yb0A=TKyhk z?WV>4<)-mAsvC?9Kpp7IzDbUSmF>%91bRXzLb)~EB(CTC4r5a+-heO6>fgFdT$}yC z5tVaeT%MfT@6}SnK;5N@O@@DAEp(+biT?ij?7R0LyZbF;j`Efu(9%KtWL~7hi1My_ z59=07$#f`A*KlPONu??S>OG3>4!)LNEg#g%D!{5&(YKvi7{re%)(f+dm6r6(2-Y7> z^YA%R1y@u|Q7Qiqg?3$~E)C^UK_WH znfFARu&P8VX&I!2=Ci|*@JC5~=c0|4>tnYuy%(mV)0V59U>2|^`^EiQ!YMn&vP0dn z#*4;<)DTN(A@5|c_-S3K!N}}SvIC!Hxn|WXyyB0h7U-ok!n35LbH*cMA znN~e8?Q0-_g-k_|(_sL%BN;$hnzyer#5@jaV4af1#~`xzG4K@&cq3?Oz~;gaQuX#~ zZb_-<$fNgWv)SJS%Z2KQCWd9l+qwaXh7iax`WPSZD9_TqDlq%=Q6Tf8`Llb6Ki`Q| zoeh<8l$+2A6+^)yqRI&DW1(f_X2mC|zSKG_Z}Dl2Rrb$4k!16m{;2PQMbNmD`wNgQ zSzXTyh=np#nYQ)d45tTe2((2EiV12?ziqR|*lPN`vQ&m-0)I}H5K2%?C1Oon6A{hj zvDixU+?3yv{cW~?8fdc)&mPlJ%aWl%SbZE!Ah5;8R@5D8BWqeBXlX3ecOrLbRAa_= z*!^ZRDNZ#u(lRLNU{`psr=kmcYbMlQ;l3xM47tlw*zxh_oF{NyWhb9O;~J1x*I+=m zZlsQ>o5o6?77N#m0WQ0IKr!Wk<%qp{`@T(LQVDG1T_Z=R41Cz2QcHo6u|3{zL1Q{f z7{MpdH!(39IxGZi8zS-GoDz*VzQ|f1cM`YVgTnO;jqgwx3#x~LR)h`Y-^C>>!OAL{ z)6!V|nULR8q`oYfMBifB5y=Tm+#gL;VAS*NPik)_Ml0 zI#ITI;d!Zre@XdKPIyz5q2;lFa%_&C1nd4-D#>e-I0IvBs^$oPF&M7Kq)rEr5)KAl z)|b1~Ccr5?d>i%b`wa?-8M7?S{I9I6)&e|Y2(7t5(s^&nH>&CXQJtE_Rj3S)*yGtl ze35dx<~POt^j?Yz-DvZL(eLZHy)UmUU;W#{_LuKxrtps|*CV|)K44NZun9=uE%(pBG{`_F%4SIawRA_OKS?}Eek$mia@{s1to&V@)|7EZL zIH-0_c_=80SF-|9j&z4lmq1}ip#IS4i?}ui%aa}ZPr|Z|1$^K4(p&$a$qB3(pNOQ@ zsQY{WR$8?(L4;xGGmpjDd zGpLB#>SZ`J<+cBGKwDSmcupB88Z$^MSK!MXN-=hkEwily284~cKWLOy|70T~2C^+? zKh(%~96W0_xqM2k%VqiLLvC^Yg9i2vUK6;pAgkAFuZa3_ymd6){TAlwt*rBH>6f{p z_tErCd#_VSH`Q0+{MFXKH4yNT9k5c%sTX+~@axNd{$=iAzKGa8aHwlrruwP$Yx<%e zf-LeLe0#kp{TSy>uxJUUL+;H!$8j09d2pUKKZc{$RQ+pM@MG{> z>@4Klhy*oTGq7aESv^%=x!>Se(%`{j19cO3HFOI-iOva=`LN1KmODY6Ood^6<|H`d zwynNQJf5*)34xH>_P94VL!bGXu;yRTcY$~++N$Oc z-_*9ADA}V{b*uiV3r28_$AsASRXw-g-^@KdFQNw|bXt}rYnOgbK_3_=-}$Oc;K&Om}IRnEv|KMwhmMZV-19If(<~1KLRoXa8_u(n9I3e z&gV2%v(s%TLVRq@@ku%qDthe(ISYy$`{pgKC72X}^wdX#4V-5S3_ZunwEeX@SY5t~ z3wE!J4Z>6uSd-DNnsFvxJfa$X6J-@t-mzUio(FZz=WF1B_5Jc(5VDAVTD1Y7o)>X= zT#*a;Dxiav9Zma5AETvd+4*ijFe^H~dParg@Wl1-@y>_P@swA)o{}yyl|cKiCSlQ_ zL-6eL8-LKWJwAH<@D=#hW7V;Jg&#)KXb~Wp+f?n$F3b?8T0vPHg^eAle+7>c(8$c-X#z6)~yGPKct#GM#rSpX8)j>)99q3LH|czoJn;2?rEk=WFGc0ThvbH4CM-2 zSW0O)r1<>b>{ZU*{pSs^jp)B9a$>*SoFYOB#YoY;X7F)>l*`Zi!3Ms`X9#xz0nLg< zN06@~Dl)20s76;Ay!lgu1|eS)wp`t~p<7AV+6K5f53NLB#y{kw$BLHRHS*IxCSf`I zd!-IAI%U&acoQggNbelNbFIO3!7JU_bK9NbDh+HoVE90PrFK{{dj9jLw&#gJFJT>L zrhz5nP>|4MxuTSj-WVFa{Z5Z~L`^J6sy(^nJHqU{{TZMZ3&UGqYQUvPol2ST6tp-m zj1ZBaT&t@shC1)v8?(G68`n9Ez19~Vt8v(vxJe3Uve>un5Wlc{?wed|IFZG50r|Dd zCv+-}(h738r50%}WT7R&t$C6!AFwQ@Q?EBmfA0O#(6?b#usC&oYZiN*h^j>Jhn9U~ zJ?568R{1P8OGRT*E(R4PH7?*n#w$SiIc;CYu?%^yvN1PlUUg4O+199y_9hLFB9(x~ zM>I3xrM9Z?;9(r7*?TBc7i+`G!D})IYKn>X6z)lN#yk>&>ypNZtU0~(D91$R`QGX1 z$emimaREjzbOv9|5i{ZFNF+c3=~S5lSc`^vrL^?AGvLk{=9Ne;PwU{oz7C8Hi|0zf z%PSMB=Hdxh>ohi=3RJlze=!{~-I$?Zk^%koTS2qvZx`oo{p_l8i0jL|Up(VHDKKJR z<@s{rs2gV_;}``Hco*fUf zJH~(=G9{DFJAOG}FpXA_XKBZTU%S58%qG_;#bF`iv>dlL!T%m zgGKBEZ)%3nu-V#n9e+gB<=2X%Nw;2bWih+uVVfvifZh=CqPXd3tS0PI%4;eRO=_3D z=$|8$h92W|G?O)Le|JtO{Gt6olzEng8xERUa?0nP zLgo?N6=p+c{e*r0orH3za%%X=lZa0;5Yb$62uaQ#1FpFZpTN?R zh9?!(!f};3xRo9O`+x~M1)8|l%Fi`*!nR(I*JA^1nU2At!=vBFh2MpD^qNdZJG>S< z?W;Z#`Jh+CE56+(`XRw0xA0r>qD6E>8uY;b4;mSzPg!5LL&qKg3PYIQVr=3A&Vm1Y z_E+N(`&9Y`Blxv*^`CfKC-Jr7PyVv&u}|#}R&YD&?@AOPG^giAmC$AT<7ycu)? zNK^(l$@c4ChnNK=T4g1J))Q88Dzfu`##`QHI;NwBqH6^dYF0f0Bh96fMb6Cvr!&R( z{3wuUi7`4Iun|1tihXZCjpn=Q{EBo}zihuwul)+`+ zZ`vi$qkmM=I)X=GKs_5BJo+U~tee8fXWW$g(DHX^Yjvi_P*ARF7^&wW`~KWdn`{E` zvRv|oF#So-vT1ECm-5mY%Vj@g0=-;Q)u2YPpH9EG5?jHbQE}{Sh!{>Q8WVX@@J6jm zTl_hwc_r`I8@Dqo_x9H&a*xI3I`&p%f7sR9vgHd9`DbK1 ztfmUnpypIlL_cf6ag9yYA}aYd?vB?9Msh2z2G@&NJbOK(2l2d0YoC@XXeW2wWkT3W z&)}+H(e)YTOvRTH*Kh-XNUU}mZ>vsRbHLnlaB56`-T()G%N#Pj($q1O+b&sTCsFR| zs)zp#?zPkE_nH0+NiesdMX#31W+g*7Gj^>ge_=EWq7B~8MW{{K{5b5b&nt;bt)L;T*LJ&{wMFJ%YkWEfYUxh*(i>< zz4Z9q~FY%KEq}ci2P#6T}S;I3(;RUPeS z5|hp+!v+xs2!4pIxt((t%;~>t9}dPIl;N{tl6>azm0a z>-C49?%D9fulk_Capgm@H2X_Q+P_;WQp8W!ekv9a72Ezbx6ktadFD?&vY5MBBd2zt z+5YYEb1dQF@0MTEY_`p2(>_uaC-U770}6k?7xz`^)I{aPR_C*f)WGs@EN?$=Grw$w zr~c6JRCLjxEVayuItDY>&_Z}6&WlLKzyGwW|79zL`_u%5;S=)GAg zQ=Ma@p<-YR3WR`)#wtUvX;s9Xz-Ek9i^XnVo`1ZayI$OtkA7aIcp5MWD>P2$+C=(V z24I`0__&BD0>YSjSqa8X9b>i57|5p{&-;4BwCWiXQ(utE9HgPlWX3Gk*UUl3{#->o zuT-EwR>n3hL}hEsNK^*`nF*RlMueedVGhYHkj*Er z=po>Mv+f&xW29y+R&*&;kZ~GrOI3c*T!axCMUuyEgj5!c!?^OWPzC0FOLV`j`@9j0mmn zIcNd@E-h-Y#;Ryu4(wbU+*in)s}ak9tO$5v-mrcnU$nyM+`v4{v@}>#8dy%yb;8e8 zr+7^OzunlqQf#(U?A54GqQp#8j^L`ja?&Oag*0xIWGv?k^ko!YF=M!;`-B%A4q4fz z(ub{5hM-fjz*~;f|Kd3AqBDJi4vDy)=`USQtF2zhY5mg8*zhARni4k%sC`#+X}jJ6U4Q3mIIm} z>uK`cd(mmpC%-)19{?T~cjaGVu1o>2-58(w!7tjqn`QU4uS-=_ygD&G;nk?XhH@mq zwrT6I=crYT!Y=2tm$?xzJfs{>DcwiClrd6Kkum%jGc+F;NE?X3xLPtIsi{lHh!|}( zjq1BiemYl3=9?CJFmX}34cYGOIk%=Rm)U%yR~FTj6ao3-sKf>=p2`DgmOT}?|-wN=wScprEvVDb$JU8##z|g zoM8wyTcS#}wk=T8zx2O+p#R|^J^Qb8ka~KXT=#*~AKzr7whT2yQtk&N)9U+sm%Sx~ zq%npRy!`!qW_R@P1+uqBq~9OO9{N73PC&^66EywFD|5xy;r&V@t#XM%qgt=5<`;a=;C3cQ570#PFDjy#N*A zLoH`042BR7UB5H>8R*62`{NH9MLM#tS#>Ns#u%6G=2~Iq7I?8R5Lnj?)zr1%7uH@z zBB9qqx1EN>QZJuU(Xs?zpQG%#{#z(u!8|k2&etZzmt-m|P$BVA9m(b~hTsJT^6@Re zSvMWvq^9I{$zulMr|q9t^QM)s;|R}wLTFI$11%HJ@&voP{H(d!&Y27WWiMl(GAvTJ ziSPM1(zCajNmF{g=1dv*_K%h7euT+PnAf@cKG*9!R@HbAwi6}^{5--MlcfMZDsSSG z@;!k@vAkl_CNaT^FJ40BDkfD{gE-j(@7pB`0*YudkF^jqv)W;t43piB(tV4{fLa!J;{?jeQtZ5V(gx=27Qz%~ z8-!%*X8`07gHR@}Y&0ZcqJ`P?;FI!6yw<#DL%OsSG{f0ZD}5$a_wMc1YpSbmZ(+^8 zBN|;9R**z!&M+Kn0;c$zOxbG2kO^{A>~E7T;ik@IIRPJ3;Y(}2cK+(b`9ZQz(t54` zOAcgpzUQ-w^4}8qOAzD+ug#>4%&m#T+-pIj*RR|<+w_*zLB4l6=6s_498q!V>IZaS z+_>XHLe#>9X;a*eJKVmNWKcjTuH)m=!`m*eroEV#qwD5N#JA69-OmfCmo>Br1&sFFV?jxe8DUY6_2 z0e2MVvpI7VRSc~74w7;%!wFMs#`Y(^mNrpq6(uB$I*}_5Z1}N$rYv_L6SxAIuc@zZ zeb%E74a@WRrs~cwmf^a4oB7;@%v7)NT#ZN$>)^y&EyIUE?+%gnDap8XZTRh>dEahf zI2tv5jEco&@v@n632quJ4dO)>W%CWwMEWb$)Cu?I1Dhpy%jXHi>|Oc%>svtYdQv1U ztGsro>shxm58N!NLFapZfUJks$|~cxE5G<2YGfVx83Ib}s?n?R8E;m%;Q%2dR0fYo z6LS%rqwMDg&FqG&#U~tq%TMggT?U$1F?Zt2Dc15;Y-9Bylf|we_gY#I0~=}PE;^=O zyH^%-_CuxZVV}61MOE22a7~p2aCFw`7YJpM$+ElD9BvN7Ge^hYf8l|fsyx;x6h|AB z3}sKL;h}L^^j3ZkY*!mRbM<)nG0yd51XpQo%z%*zE zvXyKPkb6R41to68epj<|Yz|(FtdZ@^r?W^K#3`SeJ@U8FG|6a~EQREHDQ2;%sCJ=_ zv0CWVx>ZLf95)YDnEBtm&cI&Yyw+?UyfqNKS7F$u5>Zr(Z90+b%DMh0gbM9UYz>iF z<_ov>*YvymzdnEFye)^Jkm?ME)X=Bnpgq<{b>nN=nG=PjLbDdm3jl^@m_4TYza-PiSCrrOD} z45C`d0N~l~2bLo9y>+{Bpp{e{izijWRH1<}Q)pE&x+;Sz8lgRbnra5)P?)|W_IsFc zuqDdN4BZJ{3Y))EX~texuNQ4*RYu@W_yB5eFyIemr0ZtgCwEDQ!&e4uReSFTb#~US z%=HJ0jhC8a(GmKizN6O4-a^fAtjIi&Yk1Ntt5l|Ru{l)m#jh9nos=O^)YSA3$r#6J z!O_S79E|F8YGs-3PihmZHS(yLTjqRmXvSM3OI#&j+zgo*LqdI;+3@o9M!Q?2h-5%H@2%?atfdy9$eejV$9`Srdne?)KzT z%s7f{zM7>1v$wd3+UuJNCp~F0@3T0=zn$rUcjuVG@FRVXXN0jFyyD-O8>mM*b>X>Wa0r5 zIB1>%4O~TXSPKE~V6Zj;(i*x$q`h0w($7Z5q~EHxZOfmmHCOn!24>eiPq`b48*AGx zJ#-{CWHJU)2%w{+`**k|jSZSs$JsQIyE|FiYm1dsLbZICuce8GH7-uMZp#hqy}^JE zgREOihV~?{myjKUcFI_FQXV8Ahd(K4&<12wts$~RndqC+TQ3w8y60xh-jyNfDWVl$ zi<%Eq5KSd2s6-33$#CfInKY3m7amA6`&<|WDPrtTud!QO1hRp&5Rn1+jOw>N_I;R7~N$l zl^!H8a7~fsl6Ru0ZRw+BzQ(OdTC+^u8sp@zzNNq;aYYv?FLW`#%ZpU1*1H`8Yavgo zWp*O-N;AEFt?zD!268`0ftOCDp#c84#GQA+Y1h4I{>gcVCfC49o6_z;4Xkc1BM^3T z<9+-0z=nl#vIdmSQ&>xjh(sc!4KX;@pw#Y3iLmuAOYQWmCCgVDw<}+IY8BtaB2J9w z5k1!_>m19{?j@T;(~z06$$kN(3OKdT96Po4%x`w_am5c~of25*1oG+n8F>dw3Hrljo;kIfJPpVlh=uKQ% z6{p)jR^2<+Bid80Qqmo?u>#=(VS9^mtf;t+CHYL`bTlJKYWFzhj`>=O(uK8(ueraO zSIser+85JaRr5M|AW*f{8J?@D&oXCGl0}TCR#Mu=^D*C{vDj=F?#qkqBu-f!@up~z z-1fG;Ido*z1AXiObnOHg1Qf=s1sxljC=u^u7rZ8;ILz?9ta6yk<7~yM8*wvMK#{T| zIlbVgIsB3LEv2C%9*pCPE#7C`q^U5uv$z)c`I{8_=q9xo;u^rHg}um(Req}q>{YU# zoXp7!tgc&57Kpsu?7va5SnDZxN%tjAl=#)G2?(!OdV4q>QDAzE8xWWbe`lN~G&;!w z?l3WaM3S_7bwRPw%W6g}Xn7%kEzm3`Yk~^&p(3qqbG&#hSs6B+;inGQ{ydY=pf+^vm&vYsvD+g;_gMX%e(>`ef(k*TF{Mg`^D@D-WbWqW@E*iO zi!cMCintAOLa5-Ox`QxjzOmD*eXiD=KX3&29vF|NJ)P9{V?PyY;M;J*0S&80)H z@8^Xmo5299VXzCB$KL-OiaI6S*<&V;Hmqxx_6JT;*-3NN*`w% z?VCde`ffsBl9)|qF6V7_$+FJQNT0ySomXS3u))2Peqn0Tr=e~KYBzDl${op#Ii3g(yr z$pz^xGOx6*UKR11mMJHrwih4@XM`=6!EjNTLA__UU$@+El3E+}d(mQgI@01n=F}W+ zDkJl$JIh$;*{2|KkO#T?{ooEXLvl40R|I&f=meiHQ#BKL=IU&w9id^M;XZtOXo6BU z;M;3(&e<8V*k~e6Hg0%Q#r#%k5Hw`>(C5f+W!iI_u6*}4{%F*Iuf5wW$AQp7u_IEF zmrY}{5qff|(_J|~j5nn$-#*Rs_q<>(m-y_5AZpQoG*KfwRUzt}VW0}t|JpS%Vysfj zhE$aCH=hzU2&^qSTfKN+wW@72e4&wExcb4Q)$mC`9G3Cp_8m4&N%rRzN0;Idn6zn=+A)*;K9`+as z*#sBId(fDLd6%Nkf|-{dm-%VLuPMheYVE{0H^fgi zL8WAb5;f;Bl;(tqcCqkcaf;Ye(`ODMGu5?*Xg0pS3Si$S1xX~boMPeyr1B;;i}3QZ z@_$P+dU%$Iz36zk(p7w6GVZx<%f7t?{&fR@r|)pK)`1%qqg@Iu9QQ3M*3Lk)wP=o| z4_Q9^hmXRr4j)EU3t_o!e6Z$RhP4QS#D~P0T0ON_It}5YUD`4W*e>bXZKssIs}GF4 zLd4lG90+Z}lWJH6yGU6o`rprOIy;B5()R$C)+*^Vw?6>}MULhG5f6vg0tjHsV^-Fa z#w#Z}{mKnlyvA=H42dsS8?uYPlRUuxfQPvqhFRz{tH%s{FhP4>Ad;0fN$l0uhoh6F z<+yjs3&U`7mqoiLfs}gS|Eas&4f<459Y?U*<(1jN>#A`t;d`9=MnZG#=Rop4xG5#o zL@6NX!h)>hUBsjgWD6$?g&=j0u{KHp68Bwb0+*!bZ@~ow6wJ&H%7ceSvEOv0BtR5> zFGNs6NmxGf7h^EDKn~wHR{3D)Q=$3#-+3cv#`mnaVJfN5{}0`k|HnSn?uJWG^WJXI z>nKlh=~Tr;#V)%6(wLL}MR__2P|U!e0cQw(lfN=}h0*fZiK}-Y@9Ok+@Jlx7fc`pM zkh}kq8K-OfdEgC_KtMnos?=9k3YMX59ld^LoS}TvXK2`@s#st*lxQnyXR$ngz+R-& zT@4#oU@$knPDM2*110+xWf_kJefeyHP%W;C1gk7sUrFRnuX;tMRK!!gSY~gt2kN{U zT-k1jMi~kz4Jd%%lLmGVqG=b-MCrZpq_6SxSxgZEohT2OX)`gPFdAr1ebvsqp^1iR ztunj`b>|(&HPnL^PkZzBeAD~;QwSD%$*PiiSVO_XmC;C^N7;EMx^GAt3)2)Phk)a+hl9vjtKfe;)Do@;Q&4(0)R*i9CDHST@ zV93E=1y994GgrWG;=QoqO?ZKGTCkN)-+t$PxMRk+6cY4_%7|c?gNhNmM^nlA?gp8h zOZd%lB6|n5op(>$QyCSiYspX3^yPw`$I+fP$ z3|F%72mx6cV$NLEZBPMbT0UCR6-b@*JC%-sT9(D@@_`gebdQ+BXf`)y$#7ms8&UZY6{XpW+7^CRL=2qWxii~?XuMRiZEYIX>*#nRZ&Zy zb*pTF=vtYuWUy)H8sUJ@w*aytIWi4Jb7a) zuA(#Z{04iVf#Mq!C9c0GwFJ%qIZoTQdCIgBwS2lb|FiS(%k5G=$18!G2hI-yUw&17dfk+qG(YW-wJw=I+aJ}FEO0|r-Kbi^qK19=FuJqQRA)Ltsx74A`1h%F}%5F z3kJ6}3Sq2(CX#%6@;NuFgfVIr3eaurQxmk!qo?Pcd3f{UZu(J<2nNGGs- z8CI5q)WNyIkK>6n=E`7Kn}Ctuwi_ZeX7E}y3U^y9!N5&JIiR5muP+hlIH3m;Lp_5a zDjNk20(rg-97oR>zvn_blL?{3oP(g@dQQ`F9{J|@K&%~mg)Bs=UzcCP7f~66w~>)_ zd2-%#K!!h9-5O*~ju-zP@7!NX&aE$nZHZ4IKEE}B%-s9#$knAx%5~1NG0eSU&|Urv zT4edj(pqqXVs?PjJfDmkJGIa2V8#@sd#T#qu($H*xFok0gmJXYk8? z)oVM6(!HF7V4H!5cI#n#6hqUf_OdAzms1HqZ`=Itmiw%ZY0spD>*0`? z#b$;`ncJXD0=Ox`#1GSJdrYsH5OGAHwPbAIAJcY(Z-a|+Xe>g1DACo%Y~EC?xe^Tb zRLsCJ!i&g+0;CP+D#6MT7&j&dyR_&Rc3mx#AomiIfN=XSnca9>-d3W1kMPTAMr zLb-2R>4l{b4}l`{Cd%in09p0U2kdZV~FD*nPDf4@AU9>PAThfV4 zp?K)6v?u>~`2Okje~-YYHex<^>!QqZ*z!{ABgdDXK|(VDYf~Z(`EzUP~CrC1xY4U4;KLCL0An=8hm z8|-X^^gBmuDHT$@lEzK06S#336bX(d1ZkaPV`L{ zpJ;MDJe^?~z?i;Q0nsZNW%7zeM)z3Dq{$nIC4J{L{0QzNt$pEHuIfht+wAepr&3Ij zV|_$wGCjcqtwZNyFT7}FXDH)t)nh2AVa%hrv&8b8iYt1n`@)qK+F89aSd6L8dJwfL zd|_^r$e8#Ve)St8vV!1Vl^!~9^lox$PWy`TW+>YAFn zMmY-JTQV~RIS0(vG5VbLW@q5 z0DdS`H&JurtJ<>olS@@WXODS*+)88#VKTYFEtlDAq#poO5Qum-_}Svctq*cRC2OWr zEzPBnazVqJBW)3XC6HTpTe%&8{$?8aQOU;U+gu@N^fcjRx7WV}bpNI5YkB=zymO=( zck6R3~MuPr@&B|z)X}{j)$rP+>E5fA3Uo$PWF#e zBMwh}%ZX(8&8X*_)MSsciWMjk5_dp&C4?D>+8!oA|y9Y`h4D+ z`*}n1#`nCGPY3ynX(d?E35&j~RQAg_kfx$a1rex^v?(*!rce`B(VPi% zjrz{#ZmpHDxwabhV7T2fB0*f`4$4*3vT#tN12)?1q@AGF1OK9Yp~t(mzvKDlir3Id z2)HBMBCHLCK^|*XL*11GgK@V-d`@bIge|^P&D*y1;O;V3C$o*Zt zrEd7&lrVf|_W9f9{&OeJ`J$xFq;CvhwJXN?M-TfOnV&gLVx2o7tXv&m<7h5CTTJl` zqr*{^y5-@S$JKbZTt8`6<9VF6R)!45tqcIhF`ys4qH(%QbKz;hN{7UC>stF4E2Ao` zbPe+ekg%KFJuNNp(9mcXuZMK!l>s3OLpY>ANC}}YBAT!ebI+Pgew2bnA36=1s8G;o znoAzqHV&-W;Q8?yf$Rx|rqNp)-&r{5$5!@}e)pLbY37_>gHLfQ>6RpqD^qql41Q*2 zXF}JBP-f7n74cMMX*pMbYA?X(Eixv+SV%?rH{AN z`iBorx1DfltXs>fuhmZe1m>mr6Pj1;kGcN_K~GQm diff --git a/scanner/decisions/images/local-scanning-diagram.svg b/scanner/decisions/images/local-scanning-diagram.svg new file mode 100644 index 0000000000000..9c9b5b3e2b814 --- /dev/null +++ b/scanner/decisions/images/local-scanning-diagram.svg @@ -0,0 +1,996 @@ + +image/svg+xmlenricher.getImages() +Central +Sensor +Scanner +GetImageVulnerabilities() +Admission +Control +GetImage() +Scanner +Slim +GetImageComponents() +Delegated +Image Scan +MsgToSensor +1. Delegated Scanning +2. Policy detector +3. Admission control validation +1 +3 +Central Cluster +Secured Cluster +Triggers local image scan (LocalScan) +Local image scan flow +(localScan.EnrichLocalImageInNamespace) +EnrichLocalImageInternal() +MsgToSensor +Event Pipeline +2 + \ No newline at end of file From 1c3d03bd5b2aab15a66a7940842a54b4e98b1096 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Fri, 4 Aug 2023 17:25:12 -0700 Subject: [PATCH 10/17] Optimize SVG --- .../images/local-scanning-diagram.svg | 1025 +---------------- 1 file changed, 29 insertions(+), 996 deletions(-) diff --git a/scanner/decisions/images/local-scanning-diagram.svg b/scanner/decisions/images/local-scanning-diagram.svg index 9c9b5b3e2b814..5126cdd50e822 100644 --- a/scanner/decisions/images/local-scanning-diagram.svg +++ b/scanner/decisions/images/local-scanning-diagram.svg @@ -1,996 +1,29 @@ - -image/svg+xmlenricher.getImages() -Central -Sensor -Scanner -GetImageVulnerabilities() -Admission -Control -GetImage() -Scanner -Slim -GetImageComponents() -Delegated -Image Scan -MsgToSensor -1. Delegated Scanning -2. Policy detector -3. Admission control validation -1 -3 -Central Cluster -Secured Cluster -Triggers local image scan (LocalScan) -Local image scan flow -(localScan.EnrichLocalImageInNamespace) -EnrichLocalImageInternal() -MsgToSensor -Event Pipeline -2 - \ No newline at end of file +enricher.getImages() +Central +Sensor +Scanner +GetImageVulnerabilities() +Admission +Control +GetImage() +Scanner +Slim +GetImageComponents() +Delegated +Image Scan +MsgToSensor +1. Delegated Scanning +2. Policy detector +3. Admission control validation +1 +3 +Central Cluster +Secured Cluster +Triggers local image scan (LocalScan) +Local image scan flow +(localScan.EnrichLocalImageInNamespace) +EnrichLocalImageInternal() +MsgToSensor +Event Pipeline +2 + From f800a4a9fb1aa788049d7ceca9ca99a490fd92ed Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Tue, 8 Aug 2023 13:25:00 -0700 Subject: [PATCH 11/17] Update 0002-local-scanning-with-scanner-v4.md --- scanner/decisions/0002-local-scanning-with-scanner-v4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index d2bdd19c50e58..436d00733e9ba 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -31,14 +31,14 @@ Example: ```proto message GetVulnerabilitiesRequest { string hash_id = 1; - optional IndexReportComponents index_report; + IndexReportComponents index_report; } ``` Notice that we don't necessarily need to embed the whole Index Report since the Matcher only needs a subset of the proto fields: ```proto -message IndexReportComponents { +message Contents { repeated Package packages = 5; repeated Distribution distributions = 6; repeated Repository repositories = 7; From bf017c9face0a7451cf542563bf40ce55e3ef8c2 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Tue, 8 Aug 2023 13:25:29 -0700 Subject: [PATCH 12/17] Update 0002-local-scanning-with-scanner-v4.md --- .../decisions/0002-local-scanning-with-scanner-v4.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index 436d00733e9ba..c319f8e1ad947 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -31,7 +31,7 @@ Example: ```proto message GetVulnerabilitiesRequest { string hash_id = 1; - IndexReportComponents index_report; + Contents contents = 2; } ``` @@ -39,10 +39,10 @@ Notice that we don't necessarily need to embed the whole Index Report since the ```proto message Contents { - repeated Package packages = 5; - repeated Distribution distributions = 6; - repeated Repository repositories = 7; - map environments = 8; + repeated Package packages = 1; + repeated Distribution distributions = 2; + repeated Repository repositories = 3; + map environments = 4; } ``` From 4fba8d4d96720891707470f2f49c060bef1cf8eb Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Tue, 8 Aug 2023 20:46:24 -0700 Subject: [PATCH 13/17] Update scanner/decisions/0002-local-scanning-with-scanner-v4.md Co-authored-by: David Caravello <119438707+dcaravel@users.noreply.github.com> --- scanner/decisions/0002-local-scanning-with-scanner-v4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index c319f8e1ad947..d0598ec9c57ef 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -48,7 +48,7 @@ message Contents { But that will be left to the implementation to decide. -Sensor and Central will behave the same as today regarding handling scan requests. Scanner V4 clients will have to make minimal changes to the interfaces of current scanner clients[^1] to support both V2 and V4. In central, a new field for the `IndexreportComponents` will be added [to the `EnrichLocalImageInternalRequest`](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/proto/api/v1/image_service.proto#L62). +Sensor and Central will behave the same as today regarding handling scan requests. Scanner V4 clients will have to make minimal changes to the interfaces of current scanner clients[^1] to support both V2 and V4. In central, a new field for the `IndexReportComponents` will be added [to the `EnrichLocalImageInternalRequest`](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/proto/api/v1/image_service.proto#L62). Finally, Index Reports generated in the secured cluster will not be stored in the central cluster. They will be stored in the secured cluster, in Scanner DB. From 0f1a126734d7cef633f82dca0dbbf529da01b923 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Fri, 11 Aug 2023 14:34:07 -0700 Subject: [PATCH 14/17] Update 0002-local-scanning-with-scanner-v4.md --- .../decisions/0002-local-scanning-with-scanner-v4.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index d0598ec9c57ef..eaa5e890444a1 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -55,10 +55,11 @@ Finally, Index Reports generated in the secured cluster will not be stored in th ## Consequences 1. This method eliminates the need to store Index Reports in the central cluster for images obtained from the secured cluster. Instead, it distributes the workload of adding, storing, and retrieving Index Reports in the central Scanner's database across a large number of secured clusters connected to the Central. -2. Re-scanning continues to rely on Deployment Resyncs. That means images are only rescanned after a resync deployment message is sent to Sensor, and the image cache has expired. -3. The new Matcher API opens the door for Scanner in Matcher mode to provide vulnerability matching with multi-tenancy, where multiple Central instances could connect to a fleet of Matcher instances behind a load balancer backed by a DB to create vulnerability reports. -4. The Node Scanning can be migrated to Scanner V4 using the new Matcher API and local scanning workflow, as long as it sends Index Reports to Central. -5. In the event that the Central cluster is updated to a version with Scanner V4 enabled, but the secured cluster is still running Sensor based on Scanner V2, it's still feasible to detect vulnerabilities if there is at least one instance of Scanner V2 present in the Central cluster. This allows for a seamless transition to Scanner V4 while maintaining backward compatibility. -6. The changes in the protos minimize the dependency on Scanner V2 protos, making it easy to remove them in the future. +2. If so would remove "resync" as that may be confused with informer resyncs. Believe the statement will remain accurate if relying on informer resyncs or not. +3. Re-scanning continues to rely on `ReprocessDeployments`. The `ReprocessDeployments` message will either clear the deduper cache triggering reprocessing on next resync or submit all the deployments for reprocessing if resync disabled. +4. The new Matcher API opens the door for Scanner in Matcher mode to provide vulnerability matching with multi-tenancy, where multiple Central instances could connect to a fleet of Matcher instances behind a load balancer backed by a DB to create vulnerability reports. +5. The Node Scanning can be migrated to Scanner V4 using the new Matcher API and local scanning workflow, as long as it sends Index Reports to Central. +6. In the event that the Central cluster is updated to a version with Scanner V4 enabled, but the secured cluster is still running Sensor based on Scanner V2, it's still feasible to detect vulnerabilities if there is at least one instance of Scanner V2 present in the Central cluster. This allows for a seamless transition to Scanner V4 while maintaining backward compatibility. +7. The changes in the protos minimize the dependency on Scanner V2 protos, making it easy to remove them in the future. [^1]: [In Sensor the [client interface](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/sensor/common/scannerclient/grpc_client.go#L24) is used by `LocalScan`, while in Central the Scanner V4 integration will support the [image vulnerability getter](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/pkg/scanners/types/types.go#L33). From 73d98bfff5cbd1ecd7f4cc50ddcaaed8b300db14 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Fri, 11 Aug 2023 14:34:53 -0700 Subject: [PATCH 15/17] Update 0002-local-scanning-with-scanner-v4.md --- scanner/decisions/0002-local-scanning-with-scanner-v4.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index eaa5e890444a1..d131d9c0b57b4 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -55,11 +55,10 @@ Finally, Index Reports generated in the secured cluster will not be stored in th ## Consequences 1. This method eliminates the need to store Index Reports in the central cluster for images obtained from the secured cluster. Instead, it distributes the workload of adding, storing, and retrieving Index Reports in the central Scanner's database across a large number of secured clusters connected to the Central. -2. If so would remove "resync" as that may be confused with informer resyncs. Believe the statement will remain accurate if relying on informer resyncs or not. -3. Re-scanning continues to rely on `ReprocessDeployments`. The `ReprocessDeployments` message will either clear the deduper cache triggering reprocessing on next resync or submit all the deployments for reprocessing if resync disabled. -4. The new Matcher API opens the door for Scanner in Matcher mode to provide vulnerability matching with multi-tenancy, where multiple Central instances could connect to a fleet of Matcher instances behind a load balancer backed by a DB to create vulnerability reports. -5. The Node Scanning can be migrated to Scanner V4 using the new Matcher API and local scanning workflow, as long as it sends Index Reports to Central. -6. In the event that the Central cluster is updated to a version with Scanner V4 enabled, but the secured cluster is still running Sensor based on Scanner V2, it's still feasible to detect vulnerabilities if there is at least one instance of Scanner V2 present in the Central cluster. This allows for a seamless transition to Scanner V4 while maintaining backward compatibility. +2. Re-scanning continues to rely on `ReprocessDeployments`. The `ReprocessDeployments` message will either clear the deduper cache triggering reprocessing on next resync or submit all the deployments for reprocessing if resync disabled. +3. The new Matcher API opens the door for Scanner in Matcher mode to provide vulnerability matching with multi-tenancy, where multiple Central instances could connect to a fleet of Matcher instances behind a load balancer backed by a DB to create vulnerability reports. +4. The Node Scanning can be migrated to Scanner V4 using the new Matcher API and local scanning workflow, as long as it sends Index Reports to Central. +5. In the event that the Central cluster is updated to a version with Scanner V4 enabled, but the secured cluster is still running Sensor based on Scanner V2, it's still feasible to detect vulnerabilities if there is at least one instance of Scanner V2 present in the Central cluster. This allows for a seamless transition to Scanner V4 while maintaining backward compatibility. 7. The changes in the protos minimize the dependency on Scanner V2 protos, making it easy to remove them in the future. [^1]: [In Sensor the [client interface](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/sensor/common/scannerclient/grpc_client.go#L24) is used by `LocalScan`, while in Central the Scanner V4 integration will support the [image vulnerability getter](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/pkg/scanners/types/types.go#L33). From 470fbdd2742a6c7ad0844eabd77e98088633ad3d Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Fri, 11 Aug 2023 14:35:52 -0700 Subject: [PATCH 16/17] Update 0002-local-scanning-with-scanner-v4.md --- scanner/decisions/0002-local-scanning-with-scanner-v4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanner/decisions/0002-local-scanning-with-scanner-v4.md b/scanner/decisions/0002-local-scanning-with-scanner-v4.md index d131d9c0b57b4..b66f6d7741cb4 100644 --- a/scanner/decisions/0002-local-scanning-with-scanner-v4.md +++ b/scanner/decisions/0002-local-scanning-with-scanner-v4.md @@ -59,6 +59,6 @@ Finally, Index Reports generated in the secured cluster will not be stored in th 3. The new Matcher API opens the door for Scanner in Matcher mode to provide vulnerability matching with multi-tenancy, where multiple Central instances could connect to a fleet of Matcher instances behind a load balancer backed by a DB to create vulnerability reports. 4. The Node Scanning can be migrated to Scanner V4 using the new Matcher API and local scanning workflow, as long as it sends Index Reports to Central. 5. In the event that the Central cluster is updated to a version with Scanner V4 enabled, but the secured cluster is still running Sensor based on Scanner V2, it's still feasible to detect vulnerabilities if there is at least one instance of Scanner V2 present in the Central cluster. This allows for a seamless transition to Scanner V4 while maintaining backward compatibility. -7. The changes in the protos minimize the dependency on Scanner V2 protos, making it easy to remove them in the future. +6. The changes in the protos minimize the dependency on Scanner V2 protos, making it easy to remove them in the future. [^1]: [In Sensor the [client interface](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/sensor/common/scannerclient/grpc_client.go#L24) is used by `LocalScan`, while in Central the Scanner V4 integration will support the [image vulnerability getter](https://github.com/stackrox/stackrox/blob/a21793de1842586499e4afb3de68b780753db7f0/pkg/scanners/types/types.go#L33). From 3cdea6caf3d7068d6008bb9cd52fdfbf955590c7 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Mon, 14 Aug 2023 14:03:38 -0700 Subject: [PATCH 17/17] Update diagram --- .../images/local-scanning-diagram.svg | 622 +++++++++++++++++- 1 file changed, 593 insertions(+), 29 deletions(-) diff --git a/scanner/decisions/images/local-scanning-diagram.svg b/scanner/decisions/images/local-scanning-diagram.svg index 5126cdd50e822..796c9819bab24 100644 --- a/scanner/decisions/images/local-scanning-diagram.svg +++ b/scanner/decisions/images/local-scanning-diagram.svg @@ -1,29 +1,593 @@ -enricher.getImages() -Central -Sensor -Scanner -GetImageVulnerabilities() -Admission -Control -GetImage() -Scanner -Slim -GetImageComponents() -Delegated -Image Scan -MsgToSensor -1. Delegated Scanning -2. Policy detector -3. Admission control validation -1 -3 -Central Cluster -Secured Cluster -Triggers local image scan (LocalScan) -Local image scan flow -(localScan.EnrichLocalImageInNamespace) -EnrichLocalImageInternal() -MsgToSensor -Event Pipeline -2 - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Central + + + + + + + + + + Sensor + + + + + + + + + + Scanner + + + + + + + + + + + + + + + + + + + GetImageVulnerabilities() + + + + + + + + + + Admission + Control + + + + + + + + + + + + + + + + + + + GetImage() + + + + + + + + + + Scanner + Slim + + + + + + + + + + + + + + + + + + + GetImageComponents() + + + + + + + + + + + + + + + + Delegated + Image Scan + + + + + + + + + + + + + + + + MsgToSensor + + + + + + + + + + + + + + + 1. Delegated Scanning + 2. (and 2.5) Image Reprocessing + 3. Admission control validation + + + + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + + + 3 + + + Central Cluster + + + Secured Cluster + + + + + + + + + + + + + + + Triggers local image scan (LocalScan) + + + Local image scan flow + (localScan.EnrichLocalImageInNamespace) + + + + + + + + + + + + + + + + + + + EnrichLocalImageInternal() + + + + + + + + + + + + + + + + MsgToSensor + + + + + + + + + + + + + + + + ReprocessDeployments + + + + + + + + + + + + + + + + + 2 + + + + + + + + + + + + + + + + + + + + + + + 2.5 + + + enricher.getImages() + + + +