From 7632fb5e4d739c1e52b4bdf0f78e1595c291793f Mon Sep 17 00:00:00 2001 From: Mike Schiessl Date: Wed, 9 Jun 2021 14:34:49 +0200 Subject: [PATCH] Initial Commit for ULS development branch --- Dockerfile | 63 ++++++ README.md | 88 +++++++- bin/config/global_config.py | 52 +++++ bin/modules/UlsArgsParser.py | 144 +++++++++++++ bin/modules/UlsInputCli.py | 202 ++++++++++++++++++ bin/modules/UlsMonitoring.py | 90 ++++++++ bin/modules/UlsOutput.py | 202 ++++++++++++++++++ bin/modules/aka_log.py | 11 + bin/uls.py | 112 ++++++++++ docker-compose/complex/docker-compose.yml | 26 +++ docker-compose/complex/eaa-access.env | 28 +++ docker-compose/complex/eaa-admin.env | 28 +++ docker-compose/complex/etp-threat.env | 28 +++ docker-compose/simple/docker-compose.yml | 10 + docker-compose/simple/etp-threat.env | 28 +++ docs/ARGUMENTS_ENV_VARS.md | 33 +++ docs/CHANGELOG.md | 17 ++ docs/COMMAND_LINE_USAGE.md | 72 +++++++ docs/DEBUGGING.md | 52 +++++ docs/DOCKER-COMPOSE_USAGE.md | 59 +++++ docs/DOCKER_USAGE.md | 77 +++++++ docs/MONITORING.md | 23 ++ docs/SIEM/GRAYLOG/README.md | 20 ++ docs/SIEM/GRAYLOG/img.png | Bin 0 -> 8356 bytes docs/SIEM/QRADAR/README.md | 8 + docs/SIEM/SIEM_OVERVIEW.md | 10 + docs/SIEM/SPLUNK/README.md | 26 +++ .../ula_docker-compose_complex_example.png | Bin 0 -> 38898 bytes docs/images/uls_cli_help_example.png | Bin 0 -> 57034 bytes docs/images/uls_docker_etp_threat_example.png | Bin 0 -> 23304 bytes docs/images/uls_docker_version_example.png | Bin 0 -> 31854 bytes 31 files changed, 1507 insertions(+), 2 deletions(-) create mode 100644 Dockerfile create mode 100644 bin/config/global_config.py create mode 100644 bin/modules/UlsArgsParser.py create mode 100644 bin/modules/UlsInputCli.py create mode 100644 bin/modules/UlsMonitoring.py create mode 100644 bin/modules/UlsOutput.py create mode 100644 bin/modules/aka_log.py create mode 100644 bin/uls.py create mode 100644 docker-compose/complex/docker-compose.yml create mode 100644 docker-compose/complex/eaa-access.env create mode 100644 docker-compose/complex/eaa-admin.env create mode 100644 docker-compose/complex/etp-threat.env create mode 100644 docker-compose/simple/docker-compose.yml create mode 100644 docker-compose/simple/etp-threat.env create mode 100644 docs/ARGUMENTS_ENV_VARS.md create mode 100644 docs/CHANGELOG.md create mode 100644 docs/COMMAND_LINE_USAGE.md create mode 100644 docs/DEBUGGING.md create mode 100644 docs/DOCKER-COMPOSE_USAGE.md create mode 100644 docs/DOCKER_USAGE.md create mode 100644 docs/MONITORING.md create mode 100644 docs/SIEM/GRAYLOG/README.md create mode 100644 docs/SIEM/GRAYLOG/img.png create mode 100644 docs/SIEM/QRADAR/README.md create mode 100644 docs/SIEM/SIEM_OVERVIEW.md create mode 100644 docs/SIEM/SPLUNK/README.md create mode 100644 docs/images/ula_docker-compose_complex_example.png create mode 100644 docs/images/uls_cli_help_example.png create mode 100644 docs/images/uls_docker_etp_threat_example.png create mode 100644 docs/images/uls_docker_version_example.png diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..65b1355 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,63 @@ +FROM python:3.9.5-slim-buster +LABEL maintainer="Mike Schiessl - mike.schiessl@akamai.com" +LABEL APP="Akamai Universal Log Streamer" + +# CONFIGURATION ARGS +ARG HOMEDIR="/opt/akamai-uls" +ARG ULS_DIR="$HOMEDIR/uls" +ARG EXT_DIR="$ULS_DIR/ext" + +ARG ETP_CLI_VERSION="0.3.4" +ARG EAA_CLI_VERSION="0.3.8" +ARG MFA_CLI_VERSION="0.0.4" +ARG ULS_VERSION="0.0.1" + +# ENV VARS +ENV ULS_DIR=$ULS_DIR +ENV EXT_DIR=$EXT_DIR +ENV HOMEDIR=$HOMEDIR + + +# PREPARE ENVIRONMENT +# ENV PREP +RUN apt-get update && \ + apt-get --no-install-recommends -y install \ + curl \ + ca-certificates \ + git && \ + rm -rf /var/lib/apt/lists/ + +# USER & GROUP +RUN groupadd akamai && \ + useradd -g akamai -s /bin/bash -m -d ${HOMEDIR} akamai + +USER akamai +WORKDIR ${HOMEDIR} +RUN mkdir -p ${HOMEDIR}/uls + + +# Install ULS +ENV ULS_VERSION=$ULS_VERSION +RUN git clone --depth 1 -b "${ULS_VERSION}" --single-branch https://github.com/akamai/uls.git ${ULS_DIR} +WORKDIR ${ULS_DIR} + +# Install external CLI'S +## ETP CLI +ENV ETP_CLI_VERSION=$ETP_CLI_VERSION +RUN git clone --depth 1 -b "${ETP_CLI_VERSION}" --single-branch https://github.com/akamai/cli-etp.git ${EXT_DIR}/cli-etp && \ + pip install -r ${EXT_DIR}/cli-etp/requirements.txt + +## EAA CLI +ENV EAA-CLI_VERSION=$EAA_CLI_VERSION +RUN git clone --depth 1 -b "${EAA_CLI_VERSION}" --single-branch https://github.com/akamai/cli-eaa.git ${EXT_DIR}/cli-eaa && \ + pip install -r ${EXT_DIR}/cli-eaa/requirements.txt +## MFA CLI +ENV MFA-CLI_VERSION=$MFA_CLI_VERSION +RUN git clone --depth 1 -b "${MFA_CLI_VERSION}" --single-branch https://github.com/akamai/cli-mfa.git ${EXT_DIR}/cli-mfa && \ + pip install -r ${EXT_DIR}/cli-mfa/requirements.txt + +# ENTRYPOINTS / CMD +#CMD /usr/local/bin/python3 ${ULS_DIR}/bin/uls.py +ENTRYPOINT ["/usr/local/bin/python3","bin/uls.py"] + +# EOF diff --git a/README.md b/README.md index 5c780c7..75d61bc 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,86 @@ -# uls -Unified Log Streamer (ULS) +# Akamai Unified Log Streamer (ULS) + +## Introduction +The Unified Log Streamer (ULS) is designed to simplify SIEM integrations for Akamai Secure Enterprise Access Products +- [Enterprise Application Access (EAA)](https://www.akamai.com/us/en/products/security/enterprise-application-access.jsp) +- [Enterprise Threat Protector (ETP)](https://www.akamai.com/us/en/products/security/enterprise-threat-protector.jsp) +- [Akamai Phish-proof Multi Factor Authenticator (AKAMAI-MFA)](https://www.akamai.com/us/en/products/security/akamai-mfa.jsp) + +Thanks to its modular design, ULS allows the connection of many SIEM solutions out-of-the-box. +It can be run directly as Python code, as a provided Docker container or through `docker compose` scripts. + + +![ULS docker compose usage](docs/images/ula_docker-compose_complex_example.png) + + +## Table of contents +- [Akamai Unified Log Streamer (ULS)](#akamai-unified-log-streamer-uls) + - [Introduction](#introduction) + - [Table of contents](#table-of-contents) + - [Key Features](#key-features) + - [Documentation](#documentation) + - [Command Line Usage](#command-line-usage) + - [Docker](#docker) + - [Docker-compose](#docker-compose) + - [Development](#development) + - [Support](#support) + +## Key Features + +- Supported Inputs (Secure Enterprise Access Products) + - [Enterprise Application Access (EAA)](https://www.akamai.com/us/en/products/security/enterprise-application-access.jsp) + - [Enterprise Threat Protectors (ETP)](https://www.akamai.com/us/en/products/security/enterprise-threat-protector.jsp) + - [Akamai Phish-proof Multi Factor Authenticator (AKAMAI-MFA)](https://www.akamai.com/us/en/products/security/akamai-mfa.jsp) + + +- Supported data outputs + - TCP Socket (tcp://host:port) + - UDP Socket (udp://host:port) + - HTTP(S) URL (http(s)://host:port/path) (supporting Authentication) + + +- Operation types + - [python (command line)](./docs/COMMAND_LINE_USAGE.md) + - [docker](./docs/DOCKER_USAGE.md) + - [docker-compose](./docs/DOCKER-COMPOSE_USAGE.md) + + +- Additional Features + - [Monitoring output](./docs/MONITORING.md) + - Debug information (log level adjustment) + - HTTP CA CERT verification skipping + - Adoptable HTTP - POST format + +## Documentation +ULS can be operated in many ways. +Before setting up ULS, please understand your SIEM ingestion capabilities and configure an ingest method on your SIEM. +More information for specific SIEM solutions can be found in [this directory](./docs/SIEM/SIEM_OVERVIEW.md) and in your SIEM documentation. + +### Command Line Usage +![ULS command line usage](docs/images/uls_cli_help_example.png) +For more information, please visit [this document](./docs/COMMAND_LINE_USAGE.md) + +### Docker +![ULS docker usage](docs/images/uls_docker_etp_threat_example.png) +For more information, please visit [this document](./docs/DOCKER_USAGE.md) + +### Docker-compose +![ULS docker compose usage](docs/images/ula_docker-compose_complex_example.png) +For more information, please visit [this document](./docs/DOCKER-COMPOSE_USAGE.md) + + +## Development + +For the latest stable version of this software, please check the [release section](https://github.com/akamai/uls/releases) of the repo. The `main` [branch](https://github.com/akamai/uls) will retain the stable versions. +To ensure a continuous development of this tool, all new updates will go into the `development` [branch](https://github.com/akamai/uls/tree/development) of this repo. +The `development` branch can be subject to change and could also represent a broken version of this software. +In parallel, all new versions within the "main" branch will also be available on the [ULS docker hub space](https://hub.docker.com/repository/docker/akamai/uls). + +Contributions to this software can be provided via [Pull Requests](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests) and will get merged after successful review. + +## Support + +Akamai ULS is provided "as-is". It is not supported by Akamai Support. Akamai is neither liable for the function nor for any caused problems that come along with the usage or caused by this tool. To report an issue, feature request or bug, please open a new issue into the [GitHub Issues page](https://github.com/akamai/uls/issues). +This software is released under the "Apache License". Please refer to the [LICENSE](./LICENSE) document for more information. + +[Pull requests](#development) to improve the code or enhance the functionality are welcome. diff --git a/bin/config/global_config.py b/bin/config/global_config.py new file mode 100644 index 0000000..f0b6316 --- /dev/null +++ b/bin/config/global_config.py @@ -0,0 +1,52 @@ +#!/usr/bin/env python3 + +# Common global variables / constants +__version__ = "0.0.1" +__tool_name_long__ = "Akamai Unified Log Streamer" +__tool_name_short__ = "ULS" + + +# Generic config +bin_python = "python3" # Python binary to use (use OS standard when not using path) + # EAA +bin_eaa_cli = "ext/cli-eaa/bin/akamai-eaa" # Path to the EAA CLI Executable +eaa_cli_feeds = ['ACCESS', 'ADMIN'] # Available EAA CLI feeds + # ETP +bin_etp_cli = "ext/cli-etp/bin/akamai-etp" # Path to the ETP CLI Executable +etp_cli_feeds = ['THREAT', 'AUP'] # Available ETP CLI feeds + # MFA +bin_mfa_cli = "ext/cli-mfa/bin/akamai-mfa" # Path to the MFA CLI Executable +mfa_cli_feeds = ['POLICY', 'AUTH'] # Available MFA CLI feeds + + # INPUT Choices +input_choices = ['EAA', 'ETP', 'MFA'] # Available input types +input_format_choices = ['JSON', 'TEXT'] # Available input format choices (need to be supported by cli) + + # OUTPUT Choices +output_choices = ['TCP', 'HTTP', 'UDP'] # Definition of OUTPUT Choices + + # LogLevels +log_levels_available = ['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'] +log_level_default = 'WARNING' + + +# INPUT Configuration +input_rerun_retries = 3 # Number of rerun attempts before giving up +input_run_delay = 1 # Time in seconds to wait for the first health check +input_rerun_delay = 1 # Time in seconds between rerun attempts + + +# OUTPUT Configuration +output_reconnect_retries = 10 # Number of reconnect attempts before giving up +output_reconnect_delay = 1 # Time in seconds between reconnect attempts +output_udp_send_buffer = 262144 # UDP Send buffer in bytes +output_udp_timeout = 10.0 # UDP SEND / CONNECT Timeout (seconds) +output_tcp_send_buffer = 262144 # TCP Send buffer in bytes +output_tcp_timeout = 10.0 # TCP SEND / CONNECT Timeout (seconds) + # Additional Headers to send (requests module KV pairs) +output_http_header = {'User-Agent': f'{__tool_name_long__}/{__version__}'} + + +# Monitoring Configuration +monitoring_enabled = True # Set to false to disable monitoring outputs +monitoring_interval = 5 * 60 # Monitoring output interval (seconds) diff --git a/bin/modules/UlsArgsParser.py b/bin/modules/UlsArgsParser.py new file mode 100644 index 0000000..8495a7f --- /dev/null +++ b/bin/modules/UlsArgsParser.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python3 + +import argparse +import os +import config.global_config as uls_config + + +def init(): + # Argument Parsing + parser = argparse.ArgumentParser(description=f"{uls_config.__tool_name_long__}", + formatter_class=argparse.RawTextHelpFormatter) + # Common params + parser.add_argument('-l', '--loglevel', + action='store', + type=str.upper, + default=(os.environ.get('ULS_LOGLEVEL') or uls_config.log_level_default), + choices=uls_config.log_levels_available, + help=f'Adjust the loglevel Default: {uls_config.log_level_default}') + + # Version Information + parser.add_argument('-v', '--version', + action='store', + type=bool, + default=False, + nargs='?', + const=True, + help=f'Display {uls_config.__tool_name_short__} version and operational information') + + # ---------------------- + # Input GROUP + input_group = parser.add_argument_group(title="Input", + description="Define INPUT Settings (AKAMAI API)") + + # INPUT_SELECTOR + input_group.add_argument('-i', '--input', + action='store', + type=str.upper, + default=(os.environ.get('ULS_INPUT') or None), + choices=uls_config.input_choices, + help="Select the Input Source. Default: None", ) + # INPUT_FEED + input_group.add_argument('--feed', + action='store', + type=str.upper, + default=(os.environ.get('ULS_FEED') or 'DEFAULT'), + help="Select data feed [CLI-DEFAULT]") + # INPUT FORMAT + input_group.add_argument('--format', + action='store', + dest="cliformat", + type=str.upper, + default=(os.environ.get('ULS_FORMAT') or "JSON"), + choices=uls_config.input_format_choices, + help="Select log output format Default: JSON") + # INPUT PROXY + input_group.add_argument('--inproxy', '--inputproxy', + dest='inproxy', + type=str, + default=(os.environ.get('ULS_INPUT_PROXY') or None), + help="Use a proxy Server for the INPUT requests (fetching data from AKAMAI API'S)") + # RAWCMD + input_group.add_argument('--rawcmd', + action='store', + type=str, + default=(os.environ.get('ULS_RAWCMD') or None), + help="Overwrite the cli command with your parameters. (python3 akamai-cli $rawcmd)") + # EDGERC + input_group.add_argument('--edgerc', + action='store', + type=str, + dest="credentials_file", + default=(os.environ.get('ULS_EDGERC') or '~/.edgerc'), + help="Location of the credentials file (default is ~/.edgerc)") + # EDGERC-SECTION + input_group.add_argument('--section', + action='store', + type=str, + dest="credentials_file_section", + default=(os.environ.get('ULS_SECTION') or 'default'), + help="Credentials file Section's name to use ('default' if not specified).") + + # ---------------------- + # Output GROUP + output_group = parser.add_argument_group(title="Output", + description="Define OUTPUT Settings (SIEM)") + + # OUTPUT Selector + output_group.add_argument('-o', '--output', + action='store', + type=str.upper, + default=(os.environ.get('ULS_OUTPUT') or None), + choices=uls_config.output_choices, + help="Select the Output Destination Default: None") + + # Output HOST + output_group.add_argument('--host', + action='store', + type=str, + default=(os.environ.get('ULS_OUTPUT_HOST') or None), + help="Host for TCP/UDP") + + # OUTPUT PORT + output_group.add_argument('--port', + action='store', + type=int, + default=int(os.environ.get('ULS_OUTPUT_PORT') or '0'), + help="Port for TCP/UDP") + + # HTTP URL + output_group.add_argument('--httpurl', + action='store', + type=str, + default=(os.environ.get('ULS_HTTP_URL') or None), + help=f'Full http(s) target url i.e. ' + f'https://my.splunk.host:9091/services/collector/event"') + + # HTTP AUTH HEADER + output_group.add_argument('--httpauthheader', + action='store', + type=str, + default=(os.environ.get('ULS_HTTP_AUTH_HEADER') or None), + help='HTTP Header for authorization. Example: ' + '\'{"Authorization": "Splunk xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"}\'') + + # Disable HTTP TLS verification + output_group.add_argument('--httpinsecure', + action='store', + type=bool, + default=(os.environ.get('ULS_HTTP_NO_VERIFY_TLS') or False), + nargs='?', + const=True, + help=f'Disable TLS CA Certificate verification. Default: False') + + # HTTP FORMAT DEFINITION + output_group.add_argument('--httpformat', + action='store', + type=str, + default=(os.environ.get('ULS_HTTP_FORMAT') or '{"event": %s}'), + help='HTTP Message format expected by http receiver ' + '(%%s defines the data string). Default \'{\"event\": %%s}\'') + + return parser.parse_args() + +# EOF diff --git a/bin/modules/UlsInputCli.py b/bin/modules/UlsInputCli.py new file mode 100644 index 0000000..9055d4d --- /dev/null +++ b/bin/modules/UlsInputCli.py @@ -0,0 +1,202 @@ +#!/usr/bin/env python3 + +import subprocess +import sys +import time +import shlex +import modules.aka_log as aka_log +import config.global_config as uls_config +import platform + + +def uls_version(): + """ + Collect ULS Version information and display it on STDOUT + """ + def _get_cli_version(cli_bin): + try: + version_proc = subprocess.Popen([uls_config.bin_python, cli_bin, "version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + my_cli_version = version_proc.communicate()[0].decode().strip('\n') + version_proc.terminate() + if my_cli_version: + return my_cli_version + else: + return "n/a" + except Exception as my_err: + return f"n/a -> ({my_err})" + + # generate the stdout + print(f"{uls_config.__tool_name_long__} Version information\n" + f"ULS Version\t\t{uls_config.__version__}\n\n" + f"EAA Version\t\t{_get_cli_version(uls_config.bin_eaa_cli)}\n" + f"ETP Version\t\t{_get_cli_version(uls_config.bin_etp_cli)}\n" + f"MFA Version\t\t{_get_cli_version(uls_config.bin_mfa_cli)}\n\n" + f"OS Plattform\t\t{platform.platform()}\n" + f"OS Version\t\t{platform.release()}\n" + f"Python Version\t\t{sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}\n" + ) + sys.exit(0) + + +class UlsInputCli: + def __init__(self): + + self.run_delay = uls_config.input_run_delay # Time in seconds to wait for the first health check + self.rerun_retries = uls_config.input_rerun_retries # Number of rerun attempts before giving up + self.rerun_delay = uls_config.input_rerun_delay # Time in seconds between rerun attempts + self.bin_python = uls_config.bin_python # The python binary + + # Defaults (may vary later) + self.name = "UlsInputCli" # Class Human readable name + self.running = False # Internal Running tracker - do not touch + self.proc = None + self.proc_output = None + + def _feed_selector(self, feed, product_feeds): + if feed in product_feeds: + # feed matches the given list + aka_log.log.debug(f'{self.name} - selected feed: {feed}') + elif not feed: + # Set default (first of feeds) + feed = product_feeds[0] + aka_log.log.debug(f'{self.name} - using default feed: {feed}') + else: + aka_log.log.critical( + f"{self.name} - Feed ({feed}) not available - Available: {product_feeds}") + sys.exit(1) + return feed + + def _format_selector(self, cliformat): + if cliformat in uls_config.input_format_choices: + + return cliformat + elif not cliformat: + cliformat = 'JSON' + aka_log.log.debug(f'{self.name} - using default format: {cliformat}') + else: + aka_log.log.critical( + f"{self.name} - FORMAT ({cliformat}) not available") + sys.exit(1) + return cliformat + + def _prep_proxy(self, proxy): + if proxy: + return ['--proxy', proxy] + else: + return "" + + def _prep_edgegridauth(self, credentials_file, credentials_file_section): + edgegrid_auth = ['--edgerc', credentials_file, '--section', credentials_file_section] + return edgegrid_auth + + def _uls_useragent(self, product, feed): + my_useragent = f'ULS/{uls_config.__version__}_{product}-{feed}' + return ["--user-agent-prefix", my_useragent] + + def proc_create(self, product=None, + feed=None, + cliformat=None, + credentials_file="~/.edgerc", + credentials_file_section="default", + rawcmd=None, + inproxy=None): + + rerun_counter = 1 + + while self.running is False and rerun_counter <= self.rerun_retries: + edgegrid_auth = self._prep_edgegridauth(credentials_file, credentials_file_section) + aka_log.log.debug(f'{self.name} - selected product: {product}') + + # EAA config + if product == "EAA": + product_path = uls_config.bin_eaa_cli + product_feeds = uls_config.eaa_cli_feeds + if not rawcmd: + feed = self._feed_selector(feed, product_feeds) + cli_command = [self.bin_python, product_path, 'log', feed.lower(), '-f'] + cli_command[2:2] = self._uls_useragent(product_path, product, feed) + cli_command[2:2] = edgegrid_auth + cli_command[2:2] = self._prep_proxy(inproxy) + if self._format_selector(cliformat) == "JSON": + cli_command.append('-j') + else: + cli_command = [self.bin_python, product_path] + \ + self._uls_useragent(product, feed) +\ + shlex.split(rawcmd) + + # ETP config + elif product == "ETP": + product_path = uls_config.bin_etp_cli + product_feeds = uls_config.etp_cli_feeds + if not rawcmd: + feed = self._feed_selector(feed, product_feeds) + cli_command = [self.bin_python, product_path, 'event', feed.lower(), '-f'] + cli_command[2:2] = self._uls_useragent(product, feed) + cli_command[2:2] = edgegrid_auth + cli_command[2:2] = self._prep_proxy(inproxy) + else: + cli_command = [self.bin_python, product_path] +\ + self._uls_useragent(product, feed) +\ + shlex.split(rawcmd) + + # MFA config + elif product == "MFA": + product_path = uls_config.bin_mfa_cli + product_feeds = uls_config.mfa_cli_feeds + if not rawcmd: + feed = self._feed_selector(feed, product_feeds) + cli_command = [self.bin_python, product_path, 'event', feed.lower(), '-f'] + cli_command[2:2] = self._uls_useragent(product, feed) + cli_command[2:2] = edgegrid_auth + cli_command[2:2] = self._prep_proxy(inproxy) + else: + cli_command = [self.bin_python, product_path] +\ + self._uls_useragent(product, feed) +\ + shlex.split(rawcmd) + + # Everything else (undefined) + else: + aka_log.log.critical(f" {self.name} - No valid product selected (--input={product}).") + sys.exit(1) + try: + aka_log.log.debug(f'{self.name} - CLI Command: {cli_command}') + cli_proc = subprocess.Popen(cli_command, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + + aka_log.log.debug(f"{self.name} - started PID[{cli_proc.pid}]: {cli_command}") + self.proc = cli_proc + self.proc_output = cli_proc.stdout + time.sleep(1) + + if not self.check_proc(): + raise NameError(f"process [{cli_proc.pid}] " + f"exited rc={cli_proc.returncode}: {cli_proc.stderr.read()}") + self.running = True + + except Exception as my_error: + time.sleep(self.rerun_delay) + self.running = False + rerun_counter += 1 + aka_log.log.error(f'{self.name} - {my_error} -> {self.proc.stderr.read()}') + + if self.running is False and rerun_counter > self.rerun_retries: + aka_log.log.critical(f'Not able to start the CLI for {product}. See above errors' + f'giving up after {rerun_counter - 1} retries.') + sys.exit(1) + + def check_proc(self): + try: + if self.proc.poll() is None: + return True + else: + self.running = False + aka_log.log.error(f'{self.name} - CLI process [{self.proc.pid}]' + f' was found stale -> {self.proc.stderr.read()}') + return False + except: + return False + +# EOF diff --git a/bin/modules/UlsMonitoring.py b/bin/modules/UlsMonitoring.py new file mode 100644 index 0000000..cfcafe0 --- /dev/null +++ b/bin/modules/UlsMonitoring.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python3 + +import time +import threading +import json +import datetime + +import modules.aka_log as aka_log +import config.global_config as uls_config + + +class UlsMonitoring: + + def __init__(self, stopEvent, product, feed, output): + """ + Hanlde ULS self monitoring, spills out performance counter on stdout. + + Args: + stopEvent (threading.Event): Event from the controlling thread to tell the monitoring to stop + product (string): Akamai Product name/acronym + feed (string): specific data feed being consumed by ULS + """ + + self._stopEvent = stopEvent + self._product = product + self._feed = feed + self._output = output + + # Prevent other thread interact with the performance counters + self._metricLock = threading.Lock() + + # Variables + self.monitoring_enabled = uls_config.monitoring_enabled # Monitoring enable Flag + self.monitoring_interval = uls_config.monitoring_interval # Monitoring interval + + # Definitions + self.name = "UlsMonitoring" # Class Human readable name + self.overall_messages_handled = 0 # Define overall number of messages handled + self.window_messages_handled = 0 # Define mon_window number of messages handled + self.init_time = time.time() # Define the init time + + # Define the working thread, daemon allows us to offload + # of the main program termination to python + self.mon_thread = threading.Thread(target=self.display, daemon=True) + + def start(self): + if self.monitoring_enabled: + aka_log.log.debug(f"{self.name} monitoring thread started...") + # Start the background thread + self.mon_thread.start() + else: + aka_log.log.debug(f"{self.name} monitoring was disabled - not starting.") + + def display(self): + """ + Entry point for the monitoring thread + """ + try: # Exception handling is crucial once on the thread + while not self._stopEvent.is_set(): + aka_log.log.debug(f"{self.name} sleeping {self.monitoring_interval} sec...") + # Wait return True unless the timer expired, which is when + # ULS is still active and we safely report the activity + if not self._stopEvent.wait(self.monitoring_interval): + mon_msg = { + 'dt': datetime.datetime.utcnow().isoformat(), + 'uls_product': self._product, + 'uls_feed': self._feed, + 'uls_outpout': self._output, + 'uls_runtime': self._runtime(), + 'event_count': self.overall_messages_handled, + 'event_rate': round(self.window_messages_handled / self.monitoring_interval, 2), + 'mon_interval': self.monitoring_interval + } + print(json.dumps(mon_msg)) + # Reset window based vars + with self._metricLock: + self.window_messages_handled = 0 + except Exception as e: + aka_log.log.exception(e) + + def increase_message_count(self): + with self._metricLock: + self.overall_messages_handled = self.overall_messages_handled + 1 + self.window_messages_handled = self.window_messages_handled + 1 + + def _runtime(self): + return int(time.time() - self.init_time) + +# EOF + diff --git a/bin/modules/UlsOutput.py b/bin/modules/UlsOutput.py new file mode 100644 index 0000000..dcdac00 --- /dev/null +++ b/bin/modules/UlsOutput.py @@ -0,0 +1,202 @@ +#!/usr/bin/env python3 + +import socket +import requests +import ast +import sys +import time +import threading + +# ULS specific modules +import modules.aka_log as aka_log +import config.global_config as uls_config + +stopEvent = threading.Event() + + +class UlsOutput: + + def __init__(self): + # Variables (load from uls_config) + self.reconnect_retries = uls_config.output_reconnect_retries # Number of reconnect attempts before giving up + self.udp_send_buffer = uls_config.output_udp_send_buffer # UDP Send buffer in bytes + self.udp_timeout = uls_config.output_udp_timeout # UDP SEND / CONNECT Timeout (seconds) + self.tcp_send_buffer = uls_config.output_tcp_send_buffer # TCP Send buffer in bytes + self.tcp_timeout = uls_config.output_tcp_timeout # TCP SEND / CONNECT Timeout (seconds) + self.http_header = uls_config.output_http_header # Additional Headers + + # Defaults (may vary later) + self.name = "UlsOutput" # Class Human readable name + self.http_verify_tls = False # whether to verify the Certificate CA (True) or not (False) + self.connected = False # Internal Connection tracker - do not touch + self.output_type = None + self.http_out_format = None + self.http_url = None + self.httpSession = None + self.port = None + self.host = None + self.clientSocket = None + + def connect(self, output_type: str, host: str, port: int, + http_out_format=None, + http_out_auth_header=None, + http_url=None, + http_insecure=False): + """ + Connecting the tcp output socket. in addition we've added some error/reconnection handling + :param output_type: The desired output format (TCP/ UDP / HTTP) + :param host: hostname or ip address (TCP/UDP) + :param port: tcp port number (TCP/UDP) + :param http_url: URL (scheme://host:port/path) (HTTP) + :param http_out_format: HTTP Output format ((HTTP) + :param http_out_auth_header: HTTP Authentication header (HTTP) + :param http_insecure: (bool) Disable TLS verification (HTTP) + :return: + """ + + reconnect_counter = 1 + while not stopEvent.is_set() and self.connected is False and reconnect_counter <= self.reconnect_retries: + # Check & set output type + if output_type in ['TCP', 'HTTP', 'UDP']: + self.output_type = output_type + aka_log.log.debug(f"{self.name} Selected Output Type: {self.output_type} ") + else: + aka_log.log.critical(f"{self.name} target was not defined {output_type} ") + sys.exit(1) + try: + # TCP Connector + if self.output_type == "TCP": + # add a check if required vars are set + aka_log.log.debug(f"{self.name} attempting to connect via TCP to {host}:{port} ") + self.clientSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + # check + self.clientSocket.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, self.tcp_send_buffer) + self.clientSocket.connect((host, port)) + self.clientSocket.settimeout(self.tcp_timeout) + reconnect_counter = 1 + self.connected = True + aka_log.log.info(f"{self.name} successful connected to tcp://{host}:{port} ") + + # UDP Connector + if self.output_type == "UDP": + aka_log.log.debug(f"{self.name} attempting to connect via UDP to {host}:{port} ") + self.clientSocket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + self.host = host + self.port = port + self.clientSocket.settimeout(self.udp_timeout) + self.clientSocket.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, self.udp_send_buffer) + reconnect_counter = 1 + self.connected = True + aka_log.log.info(f"{self.name} successful connected to udp://{host}:{port} ") + + # HTTP Connector + if self.output_type == "HTTP": + self.httpSession = requests.session() + # Prepare & set the headers + if http_out_auth_header: + headers = self.http_header | ast.literal_eval(http_out_auth_header) + else: + headers = self.http_header + aka_log.log.debug(f"{self.name} adding http headers: {headers}") + self.httpSession.headers.update(headers) + # Output Format + self.http_out_format = http_out_format + aka_log.log.debug(f"{self.name} setting http output format: {self.http_out_format}") + # TLS Verification + if http_insecure: + # DISABLE insecure warnings (if verify=FALSE) + requests.packages.urllib3.disable_warnings() + self.http_verify_tls = False # Use the inverted boolean expression ;) + aka_log.log.debug( + f"{self.name} TLS CA Certificate verification has been disabled - this is insecure !!") + elif not http_insecure: + self.http_verify_tls = True + aka_log.log.debug( + f"{self.name} TLS CA Certificate verification is turned on.") + else: + aka_log.log.critical(f'{self.name} HTTP insecure was not set to a boolean value (True|False) ' + f'- we got "{http_insecure}" instead') + sys.exit(1) + # Check the URL + if not http_url: + aka_log.log.critical(f'{self.name} HTTP output selected but no URL given. ' + f'Use --httpurl instead of --host / --port') + sys.exit(1) + else: + aka_log.log.debug(f"{self.name} attempting to connect via HTTP to {http_url} ") + + # Let'S do an options request + self.http_url = http_url + resp = self.httpSession.options(url=self.http_url, data='{"event":"connection test"}', + verify=self.http_verify_tls) + + if resp.status_code == 200: + reconnect_counter = 1 + self.connected = True + aka_log.log.info(f"{self.name} successful connected to {self.http_url} ") + else: + aka_log.log.error(f"{self.name} error connecting to {self.http_url}. " + f"StatusCode: {resp.status_code} Reason: {resp.text} [{reconnect_counter}]") + time.sleep(uls_config.output_reconnect_delay) + self.connected = False + reconnect_counter = 1 + + except Exception as con_error: + aka_log.log.debug(f"{self.name} issue: {con_error}") + if not self.output_type == 'HTTP': + aka_log.log.error(f"{self.name} error connecting to {host}:{port} [{reconnect_counter}]") + else: + aka_log.log.error(f"{self.name} error connecting to {self.http_url} [{reconnect_counter}]") + reconnect_counter += 1 + self.connected = False + time.sleep(uls_config.output_reconnect_delay) + + if self.connected is False and reconnect_counter > self.reconnect_retries: + if not self.output_type == 'HTTP': + aka_log.log.critical(f"{self.name} not able to connect to {host}:{port} - " + f"giving up after {reconnect_counter - 1} retries.") + else: + aka_log.log.critical(f"{self.name} not able to connect to {self.http_url} - " + f"giving up after {reconnect_counter - 1} retries.") + sys.exit(1) + + def send_data(self, data): + """ + Transfer binary data towards the established TCP socket. + We also try to handle issues across the connection (potential data loss?) + :param data: binary + :return: + """ + try: + if self.output_type == "TCP": + self.clientSocket.sendall(data) + + elif self.output_type == "UDP": + self.clientSocket.sendto(data, (self.host, self.port)) + + elif self.output_type == "HTTP": + response = self.httpSession.post(url=self.http_url, + data=self.http_out_format % (data.decode()), + verify=self.http_verify_tls) + aka_log.log.debug(f"{self.name} DATA Send response {response.status_code}," + f" {response.text} ") + else: + aka_log.log.critical(f"{self.name} target was not defined {self.output_type} ") + sys.exit(1) + except Exception as my_error: + aka_log.log.error(f"{self.name} Issue sending data {my_error}") + self.connected = False + + def tear_down(self): + """ + Tear down all resources + """ + if self.output_type == "TCP" or self.output_type == "UDP": + aka_log.log.debug(f"{self.name} closing socket {self.clientSocket}") + if self.clientSocket: + self.clientSocket.close() + if self.output_type == "HTTP": + aka_log.log.debug(f"{self.name} closing HTTP Session {self.httpSession}") + if self.httpSession: + self.httpSession.close() +# EOF diff --git a/bin/modules/aka_log.py b/bin/modules/aka_log.py new file mode 100644 index 0000000..63d22e4 --- /dev/null +++ b/bin/modules/aka_log.py @@ -0,0 +1,11 @@ +import logging + +def init(loglevel='WARNING', loggername=None): + global log + log = logging.getLogger(loggername) + logging.basicConfig(format='%(asctime)s %(name)s %(levelname).1s %(message)s') + log.setLevel(loglevel) + log.debug("Logging initialized") + return log + +# EOF diff --git a/bin/uls.py b/bin/uls.py new file mode 100644 index 0000000..f7a4b23 --- /dev/null +++ b/bin/uls.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python3 + +# Copyright 2021 Akamai Technologies, Inc. All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import sys +import select +import signal +import threading + +# ULS specific modules +import modules.aka_log as aka_log +import modules.UlsArgsParser as aka_parser +import modules.UlsOutput as UlsOutput +import modules.UlsInputCli as UlsInputCli +import config.global_config as uls_config +import modules.UlsMonitoring as UlsMonitoring + +stopEvent = threading.Event() + + +def sigterm_handler(signum, frame): + """ + Upon SIGTERM, we signal any other pending activities + to stop right away + """ + aka_log.log.debug(f"SIGTERM ({signum}) detected, setting stopEvent") + stopEvent.set() + + +def control_break_handler(): + """ + Upon CTRL + C, we signal any other pending activities + to stop right away + """ + aka_log.log.debug("Control+C detected, setting stopEvent") + stopEvent.set() + + +def main(): + + signal.signal(signal.SIGTERM, sigterm_handler) + + # Load the Argument / ENV Var handler + uls_args = aka_parser.init() + if uls_args.version: + UlsInputCli.uls_version() + + # Load the LOG system + aka_log.init(uls_args.loglevel, uls_config.__tool_name_short__) + + # Create instances for Input and Output stream handler + my_monitor = UlsMonitoring.UlsMonitoring(stopEvent, uls_args.input, uls_args.feed, uls_args.output) + my_monitor.start() + my_output = UlsOutput.UlsOutput() + my_input = UlsInputCli.UlsInputCli() + + # Now let's handle the data and send input to output + while not stopEvent.is_set(): + try: + # (Re)Connect the input handler + my_input.proc_create(product=uls_args.input, + feed=uls_args.feed, + cliformat=uls_args.cliformat, + credentials_file=uls_args.credentials_file, + credentials_file_section=uls_args.credentials_file_section, + rawcmd=uls_args.rawcmd) + + input_poll = select.poll() + input_poll.register(my_input.proc_output) + my_input.check_proc() + + # (RE)Connect the output handler + my_output.connect(output_type=uls_args.output, + host=uls_args.host, + port=uls_args.port, + http_out_format=uls_args.httpformat, + http_out_auth_header=uls_args.httpauthheader, + http_url=uls_args.httpurl, + http_insecure=uls_args.httpinsecure) + + if input_poll.poll(10): + data = my_input.proc_output.readline() + if data: + aka_log.log.debug(f"DATA: {data}") + my_monitor.increase_message_count() + my_output.send_data(data) + except KeyboardInterrupt: + control_break_handler() + + my_output.tear_down() + + if stopEvent.is_set(): + sys.exit(100) + + +if __name__ == "__main__": + main() + +# EOF diff --git a/docker-compose/complex/docker-compose.yml b/docker-compose/complex/docker-compose.yml new file mode 100644 index 0000000..642d598 --- /dev/null +++ b/docker-compose/complex/docker-compose.yml @@ -0,0 +1,26 @@ +version: "3.0" +services: + etp-threat: + image: akamai/uls:latest + restart: always + env_file: etp-threat.env + volumes: + - type: bind + source: /Users/mschiess/.edgerc + target: /opt/akamai-uls/.edgerc + eaa-access: + image: akamai/uls:latest + restart: always + env_file: eaa-access.env + volumes: + - type: bind + source: /Users/mschiess/.edgerc + target: /opt/akamai-uls/.edgerc + eaa-admin: + image: akamai/uls:latest + restart: always + env_file: eaa-admin.env + volumes: + - type: bind + source: /Users/mschiess/.edgerc + target: /opt/akamai-uls/.edgerc \ No newline at end of file diff --git a/docker-compose/complex/eaa-access.env b/docker-compose/complex/eaa-access.env new file mode 100644 index 0000000..91de9a2 --- /dev/null +++ b/docker-compose/complex/eaa-access.env @@ -0,0 +1,28 @@ +# This is a sample ENV file for EAA - Threat logs (via ULS) + +# GENERIC Config +ULS_LOGLEVEL=DEBUG + +# INPUT CONFIGURATION + # THE INPUT PRODUCT [EAA | ETP | MFA] + ULS_INPUT=EAA + # THE INPUT FEED + # EAA: [ ADMIN | ACCESS] + # ETP: [ THREAT | AUP ] + # MFA: [ POLICY | AUTH ] + ULS_FEED=ACCESS + # INPUT FORRMAT + ULS_FORMAT=JSON + # LOCATION OF THE AKAMAI .EDGERC FILE + ULS_EDGERC='~/.edgerc' + # RELEVANT SECTION WITHIN THE EDGERC FILE + ULS_SECTION=akamaidemo + + +# OUTPUT CONFIGURATION + # OUTPUT PATH [ TCP / UDP / HTTP ] + ULS_OUTPUT=UDP + # OUTPUT TARGET HOST + ULS_OUTPUT_HOST=192.168.86.34 + # OUTPUT TARGET PORT + ULS_OUTPUT_PORT=9091 \ No newline at end of file diff --git a/docker-compose/complex/eaa-admin.env b/docker-compose/complex/eaa-admin.env new file mode 100644 index 0000000..8276b1c --- /dev/null +++ b/docker-compose/complex/eaa-admin.env @@ -0,0 +1,28 @@ +# This is a sample ENV file for EAA - Threat logs (via ULS) + +# GENERIC Config +ULS_LOGLEVEL=DEBUG + +# INPUT CONFIGURATION + # THE INPUT PRODUCT [EAA | ETP | MFA] + ULS_INPUT=EAA + # THE INPUT FEED + # EAA: [ ADMIN | ACCESS] + # ETP: [ THREAT | AUP ] + # MFA: [ POLICY | AUTH ] + ULS_FEED=ADMIN + # INPUT FORRMAT + ULS_FORMAT=JSON + # LOCATION OF THE AKAMAI .EDGERC FILE + ULS_EDGERC='~/.edgerc' + # RELEVANT SECTION WITHIN THE EDGERC FILE + ULS_SECTION=akamaidemo + + +# OUTPUT CONFIGURATION + # OUTPUT PATH [ TCP / UDP / HTTP ] + ULS_OUTPUT=TCP + # OUTPUT TARGET HOST + ULS_OUTPUT_HOST=192.168.86.34 + # OUTPUT TARGET PORT + ULS_OUTPUT_PORT=9091 \ No newline at end of file diff --git a/docker-compose/complex/etp-threat.env b/docker-compose/complex/etp-threat.env new file mode 100644 index 0000000..c1331af --- /dev/null +++ b/docker-compose/complex/etp-threat.env @@ -0,0 +1,28 @@ +# This is a sample ENV file for EAA - Threat logs (via ULS) + +# GENERIC Config +ULS_LOGLEVEL=DEBUG + +# INPUT CONFIGURATION + # THE INPUT PRODUCT [EAA | ETP | MFA] + ULS_INPUT=ETP + # THE INPUT FEED + # EAA: [ ADMIN | ACCESS] + # ETP: [ THREAT | AUP ] + # MFA: [ POLICY | AUTH ] + ULS_FEED=THREAT + # INPUT FORRMAT + ULS_FORMAT=JSON + # LOCATION OF THE AKAMAI .EDGERC FILE + ULS_EDGERC='~/.edgerc' + # RELEVANT SECTION WITHIN THE EDGERC FILE + ULS_SECTION=akamaidemo + + +# OUTPUT CONFIGURATION + # OUTPUT PATH [ TCP / UDP / HTTP ] + ULS_OUTPUT=TCP + # OUTPUT TARGET HOST + ULS_OUTPUT_HOST=192.168.86.34 + # OUTPUT TARGET PORT + ULS_OUTPUT_PORT=9091 \ No newline at end of file diff --git a/docker-compose/simple/docker-compose.yml b/docker-compose/simple/docker-compose.yml new file mode 100644 index 0000000..f0a5383 --- /dev/null +++ b/docker-compose/simple/docker-compose.yml @@ -0,0 +1,10 @@ +version: "3.0" +services: + etp-threat: + image: uls:latest + restart: always + env_file: etp-threat.env + volumes: + - type: bind + source: /Users/mschiess/.edgerc + target: /opt/akamai-uls/.edgerc \ No newline at end of file diff --git a/docker-compose/simple/etp-threat.env b/docker-compose/simple/etp-threat.env new file mode 100644 index 0000000..c1331af --- /dev/null +++ b/docker-compose/simple/etp-threat.env @@ -0,0 +1,28 @@ +# This is a sample ENV file for EAA - Threat logs (via ULS) + +# GENERIC Config +ULS_LOGLEVEL=DEBUG + +# INPUT CONFIGURATION + # THE INPUT PRODUCT [EAA | ETP | MFA] + ULS_INPUT=ETP + # THE INPUT FEED + # EAA: [ ADMIN | ACCESS] + # ETP: [ THREAT | AUP ] + # MFA: [ POLICY | AUTH ] + ULS_FEED=THREAT + # INPUT FORRMAT + ULS_FORMAT=JSON + # LOCATION OF THE AKAMAI .EDGERC FILE + ULS_EDGERC='~/.edgerc' + # RELEVANT SECTION WITHIN THE EDGERC FILE + ULS_SECTION=akamaidemo + + +# OUTPUT CONFIGURATION + # OUTPUT PATH [ TCP / UDP / HTTP ] + ULS_OUTPUT=TCP + # OUTPUT TARGET HOST + ULS_OUTPUT_HOST=192.168.86.34 + # OUTPUT TARGET PORT + ULS_OUTPUT_PORT=9091 \ No newline at end of file diff --git a/docs/ARGUMENTS_ENV_VARS.md b/docs/ARGUMENTS_ENV_VARS.md new file mode 100644 index 0000000..992cc73 --- /dev/null +++ b/docs/ARGUMENTS_ENV_VARS.md @@ -0,0 +1,33 @@ +# List of parameters / Environmental variables +The following tables list all available command line parameters and their corresponding environmental variables (for advanced usage). + + +## Global +|Parameter|Env - Var|Options|Default|Description| +|---|---|---|---|---| +|-h
--help | n/a | n/a | None | Display help / usage information | +|-l
--loglevel | ULS_LOGLEVEL | 'DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL' | WARNING | Adjust the overall loglevel | +|-v
--version| n/a | n/a | None | Display ULS version information (incl. CLI & OS versions) | + + +## INPUT +|Parameter|Env - Var|Options|Default|Description| +|---|---|---|---|---| +|-i
--input | ULS_INPUT | 'EAA', 'ETP', 'MFA' | None | Specify the desired INPUT source | +|--feed | ULS_FEED | EAA: 'ACCESS', 'ADMIN'
ETP: 'THREAT', 'AUP'
MFA: 'AUTH' | None | Specify the desired INPUT feed | +|--format | ULS_FORMAT | 'JSON', 'TEXT' | JSON | Specify the desired INPUT (=OUTPUT) format | +|--inproxy
--inputproxy | ULS_INPUT_PROXY | HOST:PORT| None | Adjust proxy usage for INPUT data collection (cli) | +|--rawcmd | ULS_RAWCMD | \ | None | USE with caution /!\
This is meant only to be used when told by AKAMAI| +|--edgerc | ULS_EDGERC | /path/to/your/.edgerc | '~/.edgerc' | Specify the location of the .edgerc EDGE GRID AUTH file | +|--section | ULS_SECTION | edgerc_config_section | 'default' | Specify the desired section within the .edgerc file | + +## OUTPUT +|Parameter|Env - Var|Options|Default|Description| +|---|---|---|---|---| +|-o
--output| ULS_OUTPUT | 'TCP' | None | Specify the desired OUTPUT target | +|--host | ULS_OUTPUT_HOST | xxx.xxx.xxx.xxx | None | Specify the desired OUTPUT target host (TCP/UDP only) | +|--port| ULS_OUTPUT_PORT | xxxx | None | Specify the desired OUTPUT target port (TCP/UDP only) | +|--httpurl| ULS_HTTP_URL | http(s)://\:\/\ | None | The HTTP target URL. (HTTP only)
Do not use --host / --port for HTTP| +|--httpformat| ULS_HTTP_FORMAT| ''|'{"event": %s}'| Specify the expected output format (i.e. json) where %s will be replaced with the event data. +|--httpauthheader| ULS_HTTP_AUTH_HEADER | '{"Authorization": "VALUE"}' | None | Specify an Auhtorization header to auth against the HTTP Server (HTTP only)
Example:
'{"Authorization": "Splunk xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"}' | +|--httpinsecure| ULS_HTTP_INSECURE | True | False | Disable TLS CA certificate verification | diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md new file mode 100644 index 0000000..672e619 --- /dev/null +++ b/docs/CHANGELOG.md @@ -0,0 +1,17 @@ +# Version History + + +## v0.0.1 (Initial Commit) +|version|v0.0.1| +|---|---| +|Date|2021-06-09 +|Kind|Initial Commit +|Author|mschiess@akamai.com
adrocho@akamai.com +- INPUT: EAA, ETP, MFA (based on CLI's) +- OUTPUT: HTTP, TCP, UDP +- Docker & docker-compose examples +- Error & Reconnection handling +- Monitoring hook introduced Example: +- Kill Signal handling +- Configuration file `bin/config/global_config.py` +- Documentation & usage examples \ No newline at end of file diff --git a/docs/COMMAND_LINE_USAGE.md b/docs/COMMAND_LINE_USAGE.md new file mode 100644 index 0000000..8142524 --- /dev/null +++ b/docs/COMMAND_LINE_USAGE.md @@ -0,0 +1,72 @@ +# ULS Command Line Usage +This document describes the "command line usage" of the ULS software. +All commands referenced in this document are run from the repositories root level. + + +### Overview +- [Requirements](#requirements) +- [Installation](#installation) +- [Usage](#usage) + +## Requirements +To run the operations within the following documentation, you need to have the following tools installed: +- git +- python >= 3.9 (including pip) +- Akamai EDGEGRID credentials file (`.edgerc`) +- Understanding of available [ULS CLI PARAMETERS](ARGUMENTS_ENV_VARS.md) + +## Installation +### Enterprise Access CLI's +The Secure Enterprise Access Products CLI Tools need to be installed into the `ext` directory within this repo. +Please run the following commands to download the CLI tools and install the requirements. +```bash +# Enterprise Application Access (EAA) +git clone --depth 1 --single-branch https://github.com/akamai/cli-etp.git ext/cli-etp && \ +pip install -r ext/cli-eaa/requirements.txt + +# Enterprise Threat Protector (ETP) +git clone --depth 1 --single-branch https://github.com/akamai/cli-etp.git ext/cli-etp && \ +pip install ext/cli-etp/requirements.txt + +# Akamai Phish Proof Multi Factor Authenticator (AKAMAI-MFA) +git clone --depth 1 --single-branch https://github.com/akamai/cli-mfa.git ext/cli-mfa && \ +pip install -r ext/cli-mfa/requirements.txt +``` + +## Usage +The command line interface is split into 3 different sections: +- Global commands (i.e. --loglevel debug) +- Input configuration (i.e. --input eaa) +- Output configuration (i.e. --output tcp) + +A full list of options/parameters can be printed by typing +```bash +python3 bin/uls.py --help +``` + +Starting ULS on the command line, ULS will run in foreground and literally run forever (unless terminated). +As a docker/container usage is recommended, ULS does not bring any threading/daemon support right now. +All log output will be directed to STDOUT by default. + +### Usage examples +- EAA ADMIN LOG ==> TCP LISTENER + ```bash + python3 bin/uls.py --input eaa --feed admin --output tcp --host 10.10.10.200 --port 9090 + ``` + +- ETP THREAT LOG ==> UDP LISTENER + ```bash + python3 bin/uls.py --input etp --feed threat --output udp --host 10.10.10.200 --port 9090 + ``` +- MFA AUTH LOG ==> HTTP LISTENER (SPLUNK) + disabled TLS verification + ```bash + python3 bin/uls.py --input=MFA --feed auth --output HTTP --httpformat '{"event": %s}' --httpauthheader '{"Authorization": "Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}' --httpurl "https://127.0.0.1:9091/services/collector/event" --httpinsecure + ``` + +- Logging to a file and sending process to the background + ```bash + python3 bin/uls.py --input etp --feed threat --output udp --host 10.10.10.200 --port 9090 &> /path/to/my/logfile & + ``` + Rather consider [docker usage](./DOCKER_USAGE.md) instead of this + \ No newline at end of file diff --git a/docs/DEBUGGING.md b/docs/DEBUGGING.md new file mode 100644 index 0000000..f5d05b2 --- /dev/null +++ b/docs/DEBUGGING.md @@ -0,0 +1,52 @@ +# ULS DEBUGGING +This document describes the debugging of the ULS software. +Please make sure you follow the steps before filing an issue on the [GitHub Issues Page](https://github.com/akamai/uls/issues). +Follow the steps to collect "supportive" data you should also provide when filing an issue. + +## Table of contents +- [Version Information](#version-information) +- [Debug Output](#debug-output) + +## Version information +Providing information about relevant module & software versions can help identify issues. +###Commands to trigger version output +####Command Line: +```bash +python3 bin/uls.py --version +``` +####Docker +```bash +docker run -ti --mount type=bind,source="/path/to/your/.edgerc",target="/opt/akamai-uls/.edgerc",readonly --rm akamai/uls -v +``` + +###Example Output +```text +Akamai Unified Log Streamer Version information +ULS Version 0.0.1 + +EAA Version 0.3.8 +ETP Version 0.3.4 +MFA Version 0.0.4 + +OS Plattform Linux-5.10.25-linuxkit-x86_64-with-glibc2.28 +OS Version 5.10.25-linuxkit +Python Version 3.9.5 + +``` + + +## Debug Output +To debug problems into depth, ULS provides an extremely verbose output about every step processed within ULS. +###Commands to trigger debug output +####Command Line: +```bash +python3 bin/uls.py --loglevel debug +``` +####Docker +```bash +docker run -ti --mount type=bind,source="/path/to/your/.edgerc",target="/opt/akamai-uls/.edgerc",readonly \ + --rm akamai/uls --loglevel debug \ + +``` + +Instead of adding it to the command line, you can also set the `ULS_LOGLEVEL` ENV VAR to "DEBUG" diff --git a/docs/DOCKER-COMPOSE_USAGE.md b/docs/DOCKER-COMPOSE_USAGE.md new file mode 100644 index 0000000..62557e9 --- /dev/null +++ b/docs/DOCKER-COMPOSE_USAGE.md @@ -0,0 +1,59 @@ +# ULS Docker-Compose Usage +This document describes the "docker compose" of the ULS software. +All commands referenced in this document are run from the repositories root level. +The `docker compose` command used in this doc, was recently integrated into the docker cli (currently beta). Nevertheless, all of the `docker-compose`commands will work as well. + +![ULS docker compose usage](./images/ula_docker-compose_complex_example.png) +### Overview +- [Requirements](#requirements) +- [Usage](#usage) + +## Requirements +- [Docker](https://www.docker.com/) needs to be installed on an **linux** OS (Windows not supported) +- [docker-compose](https://docs.docker.com/compose/install/) needs to be installed alongside docker + As alternative to the above, you can now use the latest docker cli with the command `docker compose` +- Access to the docker image (see Installation section within the [DOCKER documentation](./DOCKER_USAGE.md#installation)) +- Akamai EDGEGRID credentials file (`.edgerc`) +- Understanding of available [ULS Environmental Variables](ARGUMENTS_ENV_VARS.md) + +## Usage +Docker compose is the recommended way to run AKAMAI ULS in a production environment. +Docker compose enables the definition of multiple parallel uls instances providing different data to multiple ingestion points. + +To start the docker-compose script please run the following: +```bash +cd docker-compose/simple +docker compose up +``` + + +In order to run the docker-compose as DAEMON in the background, use the following command + ```bash +cd docker-compose/simple +docker compose up -d + ``` + +### Usage Examples +- Simple docker-compose setup that will ship ETP-THREAT events via TCP + ```bash + cd docker-compose/simple + docker compose up + ``` + This will run the "simple" use case in foreground. + The `docker-compose.yml` file will reference the `etp-threat.env` and provide the configuration from that file. + **Files:** + - [docker-compose.yml](../docker-compose/simple/docker-compose.yml) + - [etp-threat.env](../docker-compose/simple/etp-threat.env) + + +- Complex docker-compose setup delivering different streams to different endpoints + ```bash + cd docker-compose/complex + docker compose up + ``` + This triggers a more complex setup consisting out of 3 different data feeds. + **Files:** + - [docker-compose.yml](../docker-compose/complex/docker-compose.yml) + - [etp-threat.env](../docker-compose/complex/etp-threat.env) + - [eaa-admin.env](../docker-compose/complex/eaa-admin.env) + - [eaa-access.env](../docker-compose/complex/eaa-access.env) \ No newline at end of file diff --git a/docs/DOCKER_USAGE.md b/docs/DOCKER_USAGE.md new file mode 100644 index 0000000..b954ed8 --- /dev/null +++ b/docs/DOCKER_USAGE.md @@ -0,0 +1,77 @@ +# ULS Docker Usage +This document describes the "docker" of the ULS software. +All commands referenced in this document are run from the repositories root level. +![img.png](images/uls_docker_etp_threat_example.png) + +### Overview +- [ULS Docker Usage](#uls-docker-usage) + - [Overview](#overview) + - [Requirements](#requirements) + - [Installation](#installation) + - [Usage](#usage) + +## Requirements +- [Docker](https://www.docker.com/) needs to be installed on an **GNU/Linux** OS + - Note: Windows is not supported, please use HyperV with a Linux VM +- Access to the docker image (see [installation](#installation)) +- Akamai EDGEGRID credentials file (`.edgerc`) +- Understanding of available [ULS Environmental Variables and CLI PARAMETERS](ARGUMENTS_ENV_VARS.md) + +## Installation +There are two options to retrieve the docker image: +- DockerHub + Pull the latest image from DockerHubs online repository + ```bash + docker pull akamai/uls:latest + ``` +- Build using Dockerfile + Locally build the container using the `Dockerfile` provided with this repo. + ```bash + docker build --force-rm -t akamai/uls:latest . + ``` +For both of the above options the image can be verified with the following command: +```bash +docker image ls | grep uls +``` +should return something like (where size, fingerprint and time will differ) +```text +akamai/uls latest 2a822d4ab406 16 hours ago 929MB +``` + +## Usage +Using the dockerized approach, you have two different options to set up the options and parameters: + +- Docker Command Line Arguments + ```bash + docker run -d --name uls_etp-threat -ti \ + --mount type=bind,source="/path/to/your/.edgerc",target="/opt/akamai-uls/.edgerc",readonly \ + akamai/uls \ + --input etp --feed threat --output tcp --host 10.10.10.10 --port 9091 + ``` + +- Docker Environmental Variables´ + ```bash + docker run -d --name uls_etp-threat -ti \ + --mount type=bind,source="/path/to/your/.edgerc",target="/opt/akamai-uls/.edgerc",readonly \ + --env ULS_INPUT=ETP \ + --env ULS_FEED=THREAT \ + --env ULS_OUTPUT=TCP \ + --env ULS_OUTPUT_HOST=10.10.10.10 \ + --env ULS_OUTPUT_PORT=9091 \ + akamai/uls + ``` + +Both of the above examples would do the exact same thing. +You can find a full set of command line parameters along with the according ENV variables in this document. + +Right now, mounting the `.edgerc` file into the container is the only way applying the authentication. This might get fixed in some later version. +Please change the `source=` according to your needs within the mount lines. +```bash +--mount type=bind,source="/path/to/your/.edgerc",target="/opt/akamai-uls/.edgerc",readonly +``` + +- Display version information + ```bash + docker run -ti --mount type=bind,source="/path/to/your/.edgerc",target="/opt/akamai-uls/.edgerc",readonly --rm akamai/uls -v + ``` + ![img.png](images/uls_docker_version_example.png) \ No newline at end of file diff --git a/docs/MONITORING.md b/docs/MONITORING.md new file mode 100644 index 0000000..11f5b6c --- /dev/null +++ b/docs/MONITORING.md @@ -0,0 +1,23 @@ +# ULS Monitoring +This document describes the ULS monitoring output (STDOUT). +The output will be sent every 5 minutes to stdout by default. + +## Field description +| Field| Example | Description | +|---|---|---| +|dt | "2021-06-09T08:15:35.092889" | Date & Time (OS Timezone)| +|uls_product| "ETP" | Selected ULS product | +|uls_feed| "THREAT" | Selected ULS feed | +|uls_output| "HTTP" | Selected ULS output | +|uls_runtime| "3000" | Time in seconds ULS is already running | +|event_count| "625014" | Number of events handled by ULS (overall) | +|event_rate| "10.97" | Average events per second. Average based on the monitoring interval. (Default 5 minutes)| +|mon_interval| "300" | Monitoring interval in seconds| + + +## Example Output +The output is delivered in JSON format +```json +{"dt": "2021-06-09T08:15:35.092889", "uls_product": "ETP", "uls_feed": "THREAT", "uls_outpout": "HTTP", "uls_runtime": 300, "event_count": 504, "event_rate": 1.68, "mon_interval": 300} +``` + diff --git a/docs/SIEM/GRAYLOG/README.md b/docs/SIEM/GRAYLOG/README.md new file mode 100644 index 0000000..493baa0 --- /dev/null +++ b/docs/SIEM/GRAYLOG/README.md @@ -0,0 +1,20 @@ +# GRAYLOG +This document describes how to configure [Graylog](https://www.graylog.org/) in order to receive data from ULS. +The recommended way is the Raw/Plaintext TCP Input. + +## INPUT CONFIG +### Raw/Plaintext TCP +Go to System -> Inputs and create a new Input: +![img.png](img.png) + + +## FIELD EXTRACTION +As Extractor, you can use the "JSON" extractor using the standard settings. +Eventually it is required to add additional JSON extractors for fields like "event_aupCategories", "query_resolved", ... +Please see the [extractor documentation](https://docs.graylog.org/en/4.0/pages/extractors.html) for more help. + + +## KNOWN ISSUES + +### Some fields are not getting extracted properly +See [this bug report](https://community.graylog.org/t/search-at-json-object-field/14735/6) within the graylog universe. \ No newline at end of file diff --git a/docs/SIEM/GRAYLOG/img.png b/docs/SIEM/GRAYLOG/img.png new file mode 100644 index 0000000000000000000000000000000000000000..f5248bc7d5d8cfcbd319a51b97ba223304599963 GIT binary patch literal 8356 zcmYM4bySpJ(D(`I5~ZXi1*A)0SwN+vOS+_%SU@_L29<89Wu-(~SeNeZ4vD2fa-|!7 z>-RnH`}^lP_slc*&dj}M?wMyk&u2|_MG`_bffd z1B2O7`K_F;kJ&*E-dDZpU%kqrg8ZoFjlpQtjhPe7z=Cj+NLZk42!lJcXU! z+FPrxIa%2f(=NW^xvH^(i#!j^LM8HoFb_;qmxr0=n~@A*Z;ME-p#;(8i-*JJ?fsfT ziJP)zGe?wrkz8ja343vP_@n-TfuyD;KytseP=>0WZWyz5a&j`exVZkrSO!{m}r%*YWgYb7s3I$HZfBHowJh(>1S&4~S93lTBVAUsvXJlj~rKP?9KT&$f z%)eENXjA@opi2^l$UskEu!%TG>ep>7u^m&8^wO?*!k(qdF{!1^Wo*47%D}Go6r>XN z%djTpN#WQ3)b{XY=|an}#H0!5 zoDNp(e-E=ub1wggDA-1%5bK3lizt?>awPwV)P4L@bY#oIe+pN^I9yHpvL`r;@ywY7 zQIx4)C}+%VLVxx_XR?L`$`d>c{+1&xT=~ly@gk)xOOTqL#e0x0kav#@6y6v z<^UScB$6h#0R3G1%=Ho5D$ZKH36lTLRFuowJbSqP+ycF>Ar5JaZ~4@M-il-vWe8ZA zMnaD0DJtnoMthqLq1})q;^GOMU?$zV2Kj|2_t=$={iRP8Be=V_X zGQDBjM6Plq_v?zEj@Gi>^&pcB=d^_KpKt2oEf~;9^h=PJpKQkXSEMS8-o2qEZBV3b zndr9WPTYI?UHV>JVy{Srookw8=m`($!n0k3gx#QHBdpNw@$BRt`7g0 zsgq@?ZtmWwbH<=}?977_*~Ha8bq-XQ2!J{*tr%A=pGij(S067ZIc&=%`5;9}tL;)H z{-sA8A}JHf`+1~Bt=_-b`j<%hiz@g)dg^+o+tVny& zP;V=nMUPWXM)%!rd*@5bep+|Z#HOh-_jN2ArwEsO*}weql!zA-Y?RGh64$OKl6ti; ztso?H!d6%poBb-URyeOu)=?6Uad1Qm|1L9K-ypZQj76E9%kGrTpD~g(%mw24VH){P z`=}e&=-;WPro2$DFJ}NLDygqtUH{Qg@M;lphe_MN3O<9O6KMdQ`Wi?xBA5+CtTtk= zOg?F{BnSJT@xRI5l#jq4IRi(;q#Gmr;GA?IHA>ysFtNJFUuw(#uuAiOVXr-t_)oKz z68k_2Z=UGX_dykJehMM4HFi#pUB2U55;(R6pBgEFHTTLo3T5n8VZnyM{+1MQUJ`iG zyC3gm2ZP#HTCKYPMzRZAi$O$V9D2uKW^@vgauLsmPQdQ&L9M%W_hBwBN{b?Eo7+yqmreEz}>fZp$8;i z0^8x)c!)`8%_vaHtEJbNcFmLYi7W9pTAF zRR-NT)^Da6vvudxeCfbT&=Ud6dlcV-E>MsQDKO7k_KEThfBnW2Wi_=}%(N5P`PPR! z)bX~=gW-IwOXUHJ+TZMtjLJj-gFLeyPM`d1s;V?^{Qer9xz1g` zR+$;nU*zO(D3+=M3+z6x_y2AEtQzt$Cu-K4!J1ATVpL&p*>Y>`WPZn>uA}oIVQQt5 z(FVb!j*gSb1Rz1QI)mpSCBu*|&GObk5FCR{YC$=r2P)e#A}l|mv`T!`O7AT2LV z8+4&Qw*(Rwi|#fD^S_J^8$9>mq^0l6ll)Q5`jdI=DrtSCl`Y(MP+!}OfH2=lD7Bf7 zT+8Jek^Oj{yonV>1zjYOfVc}1Q1Sh-dQcrW;C_=oD6y%jsqQM4Nycnp;0oE~TjTV* zT7IF)vJ>}ezh<<+b8kixcDZN%P|{lKvRttY#7P~FAp-BOwi||XYo<%}Rcf7= z)@Fv$yL5AO*oaE=J=yA)zF2%3ZOzxKNyGFU%wSsVKY_kf9`Uf|CR`iUXIqYs*%r0JAEMD+p< z#Uk7qzAxn?`=m(v`wGv};pG|rtSIvS4TGY@fotYOBF`+?uOx#B-sq6bpuqL zH)83;2U56nJ|HP0bLrCks$-Yss>0=H7pai(wcZQh+J30C|3)Yg-(hr@Hj7UtJnpEUwr)VyP5Dw)i! z=IAphY84Qqb4PJks*wwnd~EZ$2R5kD4!B$iJKp)8JMe{)r@(!Cgc7$LHAtyBefg)z^Z0i>Xb^U5MHKJyMS$1|R!jjElY`ZXZ=~ z1L=b3n}sEsZeIN&vK}8%^Lx4T3aFi1tx1@6FnR0al&ge%j(;Wgc7XeU9Kx9(-kTKX z)w95~cs@uFube0qB}1=se60eG;^CP%oY)?jO$XC6IeNqRR;z!N{gL2Y`p7rhEhVnf zTkoJ36*x+KF*qY z=K#vlwh^vitqk%tsv-j~ObzQ?zcroB7!$r3XkGil zV?9-@<#x51?&#l#C(v?%^gq5?elY8adG>TL9_7TEBePA63li^bzS_zX3c3#{FU6C> zezx1cg4Z?y2_jxrR;**X9pZ@rwo|O=J-?Ne;hg|J~KiTQLqJJ-nVFVClCV#}Mkae*NMa5jIjMQY` zOyg$2J!4I3LE#IGAqvLZY9zNGT5dmd+%nJ=%$67)TY2x-IBpLnnPzPc zM08qjY>nE?=E%y{hVn~??&KVB}b9CaqbVH?dx@haqBerI{w#oCo(b7}`%ygb8f0SO zmW>CFXOu3`%2$|ouAuZ}eC2AfxUSk8S$DtaO-%DF=A#S7;^ttwBa@xEytD?czfbF_ z4eof<(;ergqn-gpRR?mojB9SVi_9F{wi1hfIW|sDbk-}V7j8nlg=JwY)CJh`tl0xBIZ>Uc{F_NuvrJUX?9_nwIV0SV-l zS`Yil2f57G8spZv`AG`6%+;!F)wg3}Q%}S!G`!A`5lkl{HB|)?^eD#9&X@q78##3EOA@Ly3m@c$J2jd;zrlnG;%!e8Knv z_CW^B(R?9NuMo5KgY}!ygur7MNp>SSs{+WESZMAdO6FEhPPzHg6gnP_X9TbZqy*la z@7Rq!C1u0|*`J(@%2bkL;tCRn(_~jEaU(w#St**BPCpQ@oD&sse0<-ZU|040kQVb%$;lJFI&t79=qEu&PvfN9sqb{qc3X5L)NDHHF{-@ zU)^~A4qS1x2RbHfh2S-QxDdO_kV3S7!keOl901vXze{qpDZFCYr6m2|4DoM zOLe6;a(AoJTS@~G9O@N(kDw!8LX7t(ZN@@IfUQq~~*`tPjoPPl<7!LqPs-ILL& zJH~q7h?u3OY6?&YcOqs5fmYaE1rWzs^NsOepU&Ajz_jC7%jty5F1Zj2d+~B_q1MF- zlBfX?1-xt%@H+)X42^wzLs`)5cc$$ssIN5VFtEY3t0!pwc0m9)_-jCbL5cuR{)YiP zcnVS9*M$u!Oa1qg*OHIq2GvI1nFfFHj#VVGC^q+n;jAGCS!IavunBQVgBix2R1^Vl zDZ?ium@v`>#GhMi$#BI76ytq!jEKufUlTDF>!5gjLw|c+u zjUeAge8zntlT$U_f3fopNBpr!YkM%kS&uMjw zk5}_7`Ws6xaHDBzClfk7(SD`E>@nS8S=~F$@4lsCMBSGB>dseUrD-LNsk!8AadTIJ z<~A&L(B|vO6sNOcx!1KM-hd8=Od+H2H|LeOs4w5&K_d@rs3bwD z*Nn>x<*+-E6M8Rep=P{NfJS0Lf-0Y~WFDf-2c3}v*8X%m`%2zn^|Z)J<&>OE;gDBWDV%^t$Xms{xU6@_a<6mzh&ej&m2MEQ zz<~fxb7(&5uZTb`f45u?;>#&MiD(NK;A8&Fc)*1@21NmMEH>n%2IW>I@P?Q{cv55P zv7u>!Z6Zy5ePLjRKBA5`PN2iPQH@KVdr>dZ>5GTU>1s zhB4~`18~T zD!yKs^EoR;;`wI(3kM)XRM^JCgNEKU_7bpDkPL@F;$qxGzpKz0YNjS8e!Ics#U|?* zjPiquF@k=R3K+U7+^4+BlJ4qfvZBt;-)xE;&DfcvnEeXr@rW=d_PjZ$-Al$g^+o)I zhTc?G-?jVqpZcSIzbCTRA_<|2*Ld^QN54!4XUBMKA&f8%jV6JIuW@+10xf$Ljcb0^ zG{nw+$JpGmX|7yQF-<$cr$IyYSVr&Zg}KQh>LUL}-l$M9_I z_sYqfX9b7h;mvMU<@ z5lYA7EpZqrpTE)Q%migGjSGX}90v<9f-1dWIJcH#kedT>+G`uLWO+q6H44ywV09x+ zdOqZ>U7HurdQt#fByKByN>n@tfl5(Zq7s+OULX-c8pQA^y2@AhMgUz3>~bk@pOc}d z;_jYTt|!})2@?LhHAb_Fi$_CR=0XqB5}p$}6VoI@msw4*IND_W%7@v)c0j*DZi&w6 zhagU%*}x<)Wmgo0`6&3*j3bh#at( zz#K9ijZFs3W{v1$u>)oTSLF6C$Za_T)C@m?Fmb6+SnE;Z?hkht>9n$6z7QqQa^`D;QGUx z9)}k@+_S>DEROq^k zLP$9Z{+ttyzDrN>xm6mqb-?0?3MY5Ac%z6(O;xQabe9)I&PdOw=SnBew-8LJkSp@? z6PAfj)6h4p7r9VyfsMZpU2hT-c*DCcAkOmU8+0_EZ==(D_l+M$?DN0AH*TQ^-$(<< za+fV2^lu~;jsawOX@i#G8 zzLns7i$#v#@jv?1l4h+0kiU7}NZ_nvgxXhwCq z@HDrw9K>y`%BlEdR>6S|6yF(v%SnD|ym(h9Oi0L!M2&;s^X1d!4K!QwD-(iAdp)Qj ze{#!a9bgQaGs4O(>S`tRcwoPRZk^G+=)w*d*#6FmIstO%rZqAAOjS}JP;Feu*#AR)`V}ZSOI|K3?fH)ki6rR4 zYawF_W%W|8|7(fk!a1M)>$sDIiq$`YbN$d7vuzx=fLd?;O8bWmLKTfY z6902g4Rb#GJ+0&j-~Nh|K3#v`kWT!07rE?A7^3W>XhzcqSYV0!a4^D<0zRxg$pETh z<1MYX7I9%W94S>h04OC%nr#yzsHwlI7D*O&6(voTgcU5_#r=mfczA{NwT&qIxLmv^ zXW13rGo*`Fa3rVWf!EE%^<_W=Oq@|vZ+8G-b)tSJGv;Tri=6%5Eqwj}|S+nF4vL=?|G>uv?I za(TCKWJEBW*+|XtIT^frm&ry&t(2eM*oS6F$^Xlc3eVnrXNuorZS_b1-?ot?rDU@7 zD_g4f=(Ecjiv`f1IMkf5#$UghD>7fu)4msct9{4-p@|jv2P(DaTEhPWWEz2#)fpr2 z$v>;GJME(_88wKw;|l*!YZ1Ah^_=)~)mX5);$N`JoXo{M%c<_ahH{%3PM2rSGB^@n z(<6izHW^v$Nxrb8-jbj|3^O>L`0!d8_d5s1ZNMco+z6$V(4_Cv7cEXS+AVo54~~6` zz@tl9x;6=1Vp;u==ORm$6>*^5_hHaSMiQy~ddg>aO(U6$?OJK_?SH9?i#g0=ZevpCux?VLWA4B?_=>gL-;EJ!vB~qB^suxC(biFkrU;5sHeGp^f04Z zh#=AF6N?6R(DZJhp|W0~9Nme7X!yP*9SN(jT~;a`rn7oW9R1E>c*Hz?g3~vXAWtNBfOjLA!LU)=xvm;D&IwlSS{^F5wPED*&E%}PAebh{%)qC|v zEruQ*|KcOrEIH7k3+MfUIrF=CD#`Vy+>9=r>9e@*5A z&60K0UVt2@&V8i9)jGoT_{AhS>4>Q5tkpzIxr3>2Ea*<0^T%RC#i1+$V(1`ub^c?^ ziM1NT#MMRfdX#c|lsoW3*dAqAZ4;e$ z{-bQ^AHg(&1l9IGJ691DHu_lMkM3c0MNlTkboBWTao(|U-3t(YtN;jtleHHuz nvZAS&yq4Dg^Lje}0S_NhvH7(y@)G^`0fw@?`rC@v7NP$SwRCuN literal 0 HcmV?d00001 diff --git a/docs/SIEM/QRADAR/README.md b/docs/SIEM/QRADAR/README.md new file mode 100644 index 0000000..1962332 --- /dev/null +++ b/docs/SIEM/QRADAR/README.md @@ -0,0 +1,8 @@ +# QRADAR +This document describes how to configure [QRADAR](https://www.ibm.com/security/security-intelligence/qradar) in order to receive data from ULS. +The recommended way (in order to minimize network/encryption overhead) is the TCP (Syslog) connector. + +## INPUTS +### HTTP OUTPUT +Please follow the [QRADAR documentation](https://www.ibm.com/docs/en/dsm?topic=options-http-receiver-protocol-configuration). + diff --git a/docs/SIEM/SIEM_OVERVIEW.md b/docs/SIEM/SIEM_OVERVIEW.md new file mode 100644 index 0000000..5d3bbe5 --- /dev/null +++ b/docs/SIEM/SIEM_OVERVIEW.md @@ -0,0 +1,10 @@ +# SIEM OVERVIEW +Following are some references on how ULS can be implemented alng some common SIEM solutions. +If a SIEM is not listed, does not mean it will not work. It just has not (yet) been documented. + +All contributions in terms of documentation a welcome. + +## SIEM Integration guides (alphabetical) +- [GRAYLOG](./GRAYLOG/README.md) +- [QRADAR](./QRADAR/README.md) +- [SPLUNK](./SPLUNK/README.md) diff --git a/docs/SIEM/SPLUNK/README.md b/docs/SIEM/SPLUNK/README.md new file mode 100644 index 0000000..da105da --- /dev/null +++ b/docs/SIEM/SPLUNK/README.md @@ -0,0 +1,26 @@ +# SPLUNK +This document describes how to configure [Splunk](https://www.splunk.com/) in order to receive data from ULS. +The recommended way (in order to minimize network/encryption overhead) is the TCP connector. +Nevertheless, ULS has been tested with TCP & HTTP output module towards splunk. + +## INPUTS +### TCP INPUT +Please follow the [SPLUNK DOCUMENTATION](https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/Monitornetworkports). + +### HTTP EVENT COLLECTOR +Please follow the [SPLUNK DOCUMENTATION](https://docs.splunk.com/Documentation/Splunk/8.2.0/Data/UsetheHTTPEventCollector). + + +## KNOWN ISSUES +### Line breaking with tcp (streaming) input fails +Depending on your configured settings, SPLUNK could fail determining the line breaks correctly. +Many messages might appear as "one" event within splunk. +To fix this, please follow the instructions below: + +Add the following to the file `$SPLUNK_HOME/etc/system/local/props.conf`: +```text +[akamai_etp] +SHOULD_LINEMERGE = false +``` +The default linebreaker `LINE_BREAKER = ([\r\n]+)` configuration should perfectly match. +More information on props can be found [here](https://docs.splunk.com/Documentation/Splunk/Latest/Admin/Propsconf) \ No newline at end of file diff --git a/docs/images/ula_docker-compose_complex_example.png b/docs/images/ula_docker-compose_complex_example.png new file mode 100644 index 0000000000000000000000000000000000000000..7d5bcec1a2f820caa003f55fec7c34c313a396c9 GIT binary patch literal 38898 zcma&NWmwbg`v)wF3L-5a(%|R@M>j}!Iq4P{j7C~gx?{8wBb1hgP3i8g=_tt&(hMHF z@B8;0$N$Z9Ja4w|i)-6;TydVCT9lTCBL0&XPww5jhp((8uXFF-efZsT4$h;y*G&IX zi+lGz+*6j9(R**Y+wPsC-6_&#Lsa96`A04eH;Zr)rXkSSlO1vvAp((ImHX;|B$P*NzbAh15;Wym@S96DC>@s!8REzdF=1 z9ApQhbvGKQay(bIT?&hXRhJ5`3lX*WZDy10+_Zw~wyK8ykkZz4HHwolM@7ZqZ=i)L z1cYdP-o#&x=xPW`EmkiGrtbwxK8pEhOKlbCd723;EMWY1j#*nQlFaKSHK&N|{iI_Z zi_=$?@Jk2x(|Nm+CGW@H%bppa1~6#A!w~CmbyK<~OsK`d6vvD?%97 zW6kW@J-)+}Pi^iLLFR+ER03_AQ>nM+#Mt(Y!3V`W0sY|lTEIG7tm$|}YX=h@i4F>>h&zF2Q4qEqtq}+(5Z}}d{P{7YwUY}Z#wel}Rso4;| zie3#0q1467i(~bjKdVDc?xU}!t$LuucobO=8uJ`gsIt|1cjsXi1D|0xiE=}q8>MYX{FxQkYMa{RdlHhQd_2`4pG@^0&TiJ;M&BG|+eQHOz5-8!y64TIsW(ZQEsE zlG#xktd66iveUI>K0s`k70R6J)S@^d)EWJSQzqAnfEqCpD{3B9_C<=94ARrDnK?}r zgcZIu58~9syWph8aR>SBTED6#;9Or<}|Zf<89YB{tTBH01LDuJ6O$|$ko=JBtz-XFF~zou^HZL_;y zSfmU~^lAvOc;c`4hy6*9r?syX-X%IdOn$hrNi}O5$#b#nJlS>ywcqGs9S+TYF>DX? z_tDm7##g!wNm|}Wghj*}DcF2Wz5U}E#ORst50T_F9&_S`yA-f-aPWIC`xN=C*6XU- ztXJzbz1-g39#U>VaKEYkE`B;^WjhH|r$qEOpz~aNC~X_|6!rD>MGo1)BAO!W&+2?n z9Nar_S)elpLe0t~$S6{lEIF{$=_u3dSY8gpO2HTko^)?N?;*~fIrImQ&EaeobT^nW z6X{?2ZBN*JL#==Cu$L~sA5Zwtm>i%2RA;Na(3Ip{f_X$Jw#)0@MXWe?1G3y0%CveN z_rgX+RTZG|*(sxwP-^KbsP6UBDw>Jb{zxOAnYDIL)M-Jm&Usl>yPZ(-+*}L`m;a`{ zz1?=YT;F!QKmi7`HFqbU*f1#?6tLIMA08ftE!_kiUgU^+manD!NwNQXqfvO_sdA4L zr9?V8FGy7*2plyo_6Q}2=yYWet`xVpP_aGRb?bhv083?n3gaU#tq=st|myUHKE$S^t?CuNsm}bz;WPa3b z8C?+a>lGmrGXW8JWuD@&qT#`x0;x-;x}Su%*_nq&9Ja%dn_-f}J=hq*Mla&D1#}y9 zTVJ9GcIv7 zCpKI_CdF&S^U8Lcuh9-ASg*#1mk|V>alSOFJ8VN{b(h@cb)%uH8ovBiUyMw|268-C zAVc#MRJuk|KvD{R{}rIsYq}R}hc&$;>ZoHJ%ihG3}TQu(mtKoWc!B@h3cVMdZ_}BIq*xX88ciYiX z|Ay4fsBK-~GE@)xl0H&X3iHk9;K$?P;tW%V72h2$_Zg5~6mp^7aX5wt&idrQsd3qs z)@Lp0skW1Y1Al_#Woeh#@sPl9{j4cR7o}7rIvJq4cDB^)K1|hsq`Mn~fF`NxBGrKv;2(CxErca@fsWTeZyH=c&%aUH?-cg-iP54J40WdlM`zpt{a5uokkyFn@Z zmu)WxNgw-szVW9Cw|GYzcy5syDeY$Fw^y$wiEc$p9-l5k2C*44`yX9_p#`KfpXv=Nww)32*rY{$*U8T?H^~(*I$8~6lub07iM(uJ ziv;S+2#%g_2E9sww17~b?$cde6V&bB-h8BN_sRubr$`AXN*y)adK~8VqmJA&KnsolwbvB#cBwApgFVO)O-ZUGUDufJoS?Ip?+w>5y z8^5w$PS4NI(~eP7oIQlq;65ChR(MXHS-Gz(|B3*wZq4sfIbras+|g|s&PCdTYu|Qx zz$UA8n*d1p(o1W8tc+y<%08 zY36Kd_m(S@K|PWud+*@tGhpp@HP%Kp`u6>a+i~k4ML)Cfvo;8Kp5u+n`UExEb6&nV z^BtdvirXeXv*+&86&JlhZywKFY4A9h(^K)Kv#w`9zm%Q@DTg#V^7j)&b7ZL`A)6 zYj{f2(EvyIhn_V3l~=xh-m!%mI%2N0jkOic0xxW|P4WXyLGJy43}_OQqDm(HCi1*T zsEE20(G_si&oUf=PZg%uqs;5DL#ipxuyy!UIbw|ESQtFVn`u6jFJ+e3&w*BC(~O7< zvofi_E%&Eu+9`IgP@TwC$;~9hL7eyw&3F5)!&WGOtX9l-{{cg z%>BAcq3j`F_l7MKK2b{7G3nv(pXq{Y`__;=pt_!k8eJRJ20qaW>5Bj0*PH1o^}XQL zq4801#|_L)0;jgKPzh$<4Cm0~nkC3VBk=YCpDz814278`aN+&1qDIQ5e^+Bu!%WU; zNszMvW>U(i7DFSjBZho6cynpD5gT-o2Gt>g*>5Km+^@RWyCo)#wFV`BpEAeHBLoFD z+ml?yP^H;!kr1b4=(EEUsOwRR<+he_vZL=9oh{e<#jo?{La;W*S?=?ks8t1#y_&Vt z6J1R{I-X2O3ppG;x)XJ(CIH$+Ls| zE%;}zy!CPB;1O^n5dVH%0~nI3u_n8F?mL`M&i}E!|DpEt zcEN&k9CO;*$)`{P5`Mfx8mYjxH4amrS!4G&)-Npi{?PWv7z#Q>AW6zkhGiOZXq7zE_@_fyzwIGp?&~LK|w< ze_{P$xZD6kD4P(S#mtRu3}w(SdD1XY{X1{Iokb+yVBn>I?!r{+>WZLexlB;@c`=88 zGZQ%%3Ciz!2LesIJ=cVlxAsyWUlRx{CQqSSMBNw6u5aVdZ`MZTaZe9n5|>cWG33_S zp{EIOba$G*HG_`$&JZ{7xg$%>rx%sk!pdqiIPO22Hy1ntIkpeis30n7fT)NbWy^Ax zKe3z)BCe+~8(%9BFPg%juWv(7kgs-L9xwF^3~35|1*-e(esu(6_ucju6gYOSy)!I>bxUZv5tx3&IKQP8|30h}~9t5te{g9HIswdh}3bKXI}o+vYVG!C-^ z?ZeU}el#6(^V)&arjbg5k!Bh0CUs>4jAfYNVJvqbI?JSf7^`u`T;TQcuHjB58}2t^VTc~nd8vES8jHb zLRlZ!z9oV2s5_O4E!(ECkFU4(9AS|nLdEoVee2EV#k)O7;FP&(&cqy^4XdbH+XY~< zVc!5>vSy5G?;o068cMx#4?GaFopP|Vdb2XlU|(^*h!D7gPMzg$95Wa~_a4ygVot+00_tgZ%UIYqGZRdudbS;*_1N5=!I8YfRXzY7Yc61>l$EF#S|1sgCFac){Y`Z;>2P;Wg? zd;E9^>)_Zr5y4tgnk2OBk;2+dq;mb{RFP)=?2Q-}Q^3%3tw07x)^ygQIouTPuEgp@ z?UkgVP3fQVk5Ng6`4ot80zb<>hIMOq+GzflwEX+H!am=3A9#`}Q0YEacg(i=oFyC_|Su`Tu3Kosu#{7>q-u6Z%k-Gmhxv^&>W)tXoWr`QJ3e*_7TPQb>Pki~B1J#uzw6OlVx^kD z!{;E8iXV$V$;s3D*$6836#F9@ia>Juo{f}ZffXX}2LQ0*JsfRcS35Z>hmE)UG>KcEhoOG4$k*cj zXCF1jnGue?acP2^3A@1D8o_z$#}~O{Z+H-^TRJPvF;arrJlFM8a!2jT&&a}U7rq%V zv??QlKa_oUZ3wEtCS6(NPha0?sNjZ?;KL5>`F2sca9>09vYZB_?P7aSEulIc-OhO;}01 zQii`}dC2^Oi`d5Oe`s8_l8FC?wvHLZ;2JYJ>?-D6d@bpuHyfL}*yXFp#UD5P5z4nZ z!b>%JD^w$PQX;U+5&JurMF?84d@YduQBhs1>8fl07`yM*l|{mtg-l9-W9B+(Yd<&p zN#WetK^VWY=phKZL{oaKy)5(}<@TWuwd65tWf@=Zo^QWe3rdv@p-E+&=Q4C?1{^fF z4F)ye@C+Tj3VH`qM>vjUuixSRIgL{#R3#(DteFN*ssd*i>UolpJrfhrn{+; zw06o|XH5p+0@q!x$4lBdatjMkiednn0GBXbe+toGDZSQg|NYu24%=h*vt{o=i-V=5 zE{4-D1{DL%d4jm{La4VB_*6h8YJ$dmG4G#+usNq;8O+lA?q3&62iW$fc2WBrF7fP- zH+vyT3$yRQ;8eF$&p581)q&f2zQNe;BW$xM=Y?-8s}`BU4lE&0x0xM?1R`BE+2-_MJN5&v;q2T-;6S?B_=>Ps_hl@=INgC&)`^UOt$z zbIv&uQgs!3PKs5T1#sqX`)BE%gj+Tyxe=jSExV&rTOSKCO;1e~ElFs_JXZB@-WSyH zh#H)(T>9RHuX%Vz?J*`}`Q$s~nim8Wb}cZjiuQT54^@4MX{vc5RaJ0lREXO2yF4RC z{|qG@iQ4?(Waz#zMEo#Eu*r!71oM|(x8c77W`xj5O(}_WLal*j)U=dlo;YYA{%YFL zEcZ#(UnAh}MmZHxKY9uOi}{ULvpmk`Oi(+@JLiY1!y~z33YhQ@ZaXB-lHvoK7n}J! zh`(&K&S??oev3KF9^^qRwO#GECKGgJ2=cW5(Q!uxoUNbB_}75o>*+>AhKNi3X7-tq zI1?xM`@Cz*@(-5-R}Id~4tFBUG%#*VlKbZd5Y+Y}-&x zDfOKF-;IBYt3&XB1nF4SZZI`o)Y`jGWEQy}dZ%rz?QfOjj}*l$;9A6fDNh`C9}!Uu zB!%2*HL&7hz^eDJa0=UNUeb5Y&gq+bi;dZTv26;0Ya|}qi8B#0!_>E5{A|e`R#v9G z)O6BMx|a=si}bGD)5V@R8NK*W!T-{4eIV^<2)#a-u^AQ|i+sNt$L384fd6+9|?e*4Z-6k3a|hCS?2nP*zB39roZ>zLYf@h z_2czXw&3apDeJctLi6$;u$q^L3JUSrLOI?mJ{zbQ9$>;*M~&YD~EeXguG|qVxUzIVXi0rG@(P?~d|WD~bG3^=D|!J9i7C z?4qa(dq20#0Ebej<%;U(@d2dOH-t)*x}tcPpF-(BeLIRR7qg!zQhV!)!ei@!&t3tP z9n88YI$~*RyhG0mp1EIk-mOcf$iw?-r}1L@eGHQqE)&WunRk@Jw2wOod8hG}iKSYp zv9LQ_gu$KNmJo!+%ubY$+%19cw!TfoTARD=N6i2wcjs?Wo+B zsEV>h0aB&I{nh^+mS`D5hBLs{C?D?*KxAo-hqBwpyHT(YU(i+fViuEE! z3i~vYDW1sft(jSV4OY)Cy)#8jJ~B1^4^#Zv1F-0-ZF7xP?|@m~%RUOi6ztnr%C65J zY1t7Bx26HKoWk{3eing+&V^u>&iB$Ie8)fCh_*wKQ~LZl|0_RZN+OXMcB-0ch{AMN z?03=z|DSz)spG2L&GM*Ev8Ud0^PBiYmd@3oVeUIrn@7RGk8|5CJ`fqEy`;8hY#`XX9@3Yo!f|AI;73ywBubA#&f9%+^ zux6oFGVJb|VUzi*Oxdkq*r)f_3jy@cW}qPhtIK8+thbsA=i~<2A>}FRGAH2dk7W&c zF%x$#o=VS~-5z@ii*Vd>4MCYsQBu88w*V$eTVB?$^)^xf_N!mO+zt;YTx;s*!stfv zCvbtn>Fe*9C!GuGT7hA>(XHN9fj4zpzKIxG#iHeZ7G%!7h&qB?fs2{?CI^>2zP~Aa zx+JUmWWi%j9EUyLOP)Casm1iJy$4&}NO%81fk!N^V$duJT$>r(GKZZ@SkmeLqS}*2 z(9E`DBM1e|Mp(bog|TN`1`BQFLgN((C>+LGZVe+RpSnawA1T=qKBs z?hR*;WTw@wB&ZYJkThWp5bTp3oqzqq-G@2^7)G%8Y*@WWn8Tp%&?C zvDYoQEqM(OT%uG9y~+S$ghibjGIN&5aSxe+05kdz-$3`%J?MxMuZVe6K%p%HoWXEz znhjlfEl~qzs#~_M#;s(TMnf$TxxP8tFKs?Vsp_>hL83f|_>1U^@ywLI*PW>4Ls)` z?kP3OH9TJCVF*j+<48sV84a%4r_UuI+< zVyo(=lpu_YqS8~V-^wxXGG+o*3U}~Rojti~9O%j9UK8p?l8k*%#(diHzw!d zlaWg10-8?;p}lB(9itc-H0J^<;_|d)(ZGUHyXwR!E2@E>4iJvY`4_^cyjs;AZ8XeC zf(9UqaQf%AJHPa(Y|%K2c26v#N^hrZ1_;M`Y;?g?zql^NX91%epQ- zMxlKrq4Cw*4|~WF&fpgATI3m~ft#XeXQ5T~6Z3sL5%h{iF z=P|AGeyg@7;C}`L*N3h7Fz{IHp`IS%tGr&s+UM{ZTeg-JBZ^qAniEbhP5(1@pb4!$ zlhFRsQQ5n9EFgPiJq8vxid31qif7^~nhtDzy2cO|B~#}dj=LvK>xD?wZhaGi@4NEN z0#bL#-MA&m%uIlyV1mn>h-aTtrN7Y>5DE1%!x2Hw;$NE1lRta4;4fv5^ezF^#JohR z(H`L0xHQ^S895*OB&iXV@}%+~(KVRb4c@c>HZw$z!z)>GMeTQ3!Rylq6+B2{#z`CfjHd6z<`)DnaQca3mw$oq~CY%I= za`s&j#IH2Yz#)!B(XBD+ylgmrPOb6RWA#q6q?8?GZ``=8htuiYUOEj~7gYaX%UGMw zD8q1Ht<=wNigyXI<}*4URqoFgp3MW<+-EiMiZD-#uI0+4Z%abaG0Jwzu|qxdMbiy2 ze~MvvCPu)PFHH{?&x$3ui1D*|qApW)ql=wd&FY*yiYspGcEwg2kwes(sYkgHObA>b7t3<#fjTH#Bs?8x7cJ7QSG%T0bouXjdQBs_A#8i1kSH379Hn=>^xAD=eM_9 zrOp)XD`JERMwn>Yw4T%j`Qokno32Y#y(CZtBe%b3@HE$;IjP z)IYpRE+$nD@f}9-FfN$aoT6PwWQB$a7f0OBVNU6*HSm7G!Ck)mur1r>9b}6mIz~FE#FY` zvCEW@!k$W+4IvRh5U}u|hd4E5G(+vW3l9g&lY#kOQZyHpKd&omc|s&w*bqMPl~Q)h zB_2TQZI^#cguFMwI&jfB-_n3i&=kF|`lpjmYNX9i`YDyg6F-Cl%d7d^v(opLEm-zw zpIJEi^W2rG7c=2azzI}zDKCYY6ieIF%9cXr3Lis+%znfSmxPoq)DPW zEyACAuXh|vg}i^~T3xi$%}aU*HDI7xmbG%X+dfQR{`Oan0fZX0C z+`GpvHUzq_NEvd_rKB2p{{@p>rl1%tiM}%UKIk>tUukOkp2D{)PbNh@gk)#@(LAZ`EG;*glWY;sombz&9T|cX*V{d5O0K_QC%qL9zk|4-b(W$Wuv;?LjefXldshXP+o@7$G7sFpu zI$Az}Aw@3cw7YZ!AR;P0CZ>f;0<$bmNxrpACsN}mW0WrKU)QIda(JdFUVakVvPkZH z`NYp7imoZj-V?QkGvx6)@b~G%my@ZuI~@B#(QBy zJC}{!qgKg82Dk>9HLi&oK4S-IL9Oh5n+f1SK5|XrJYrab=G3c!=ta8PM=8is)V)sQ ztimA0N3IMib8G`{6{>`30#+khp3wk!LdkJdK2#L!p(4o6?_mABZg%;>C*CK-XH>1# zSOkvp^T{?VSr;R@!L&w7db`^fKpu?~uda+?MP<}rk6@(uX;W289S9>9elAH@X15|a z-(a|iKaw}EX;3<-B+-2e0ta$Mk+r^ybU(UYeyku!`Zr8sWqd`m7XK$27_^@a<0fjjv;pP56kKus=so^#+fd>lE-m-g494Y$Nebo)(LOu9ti zr(}5XnOSLnKtnbXeN2hknfm0%xpd?}WPn?PueD#zV^fAqF}T*wo8z2xt?FL(`s4-t zP)pgH|1g#WhoKzx4YzOf^GNzwa(VTRHVAe4q(Il7PJNS93LH#TSo|LB&`)Yh;a5M; z=AlwPOxFOn+@#J`XAh%E9!ch*s;riKjVT9F>-s~Y*x+YkRLHzpr?ySwd94NZ_yM01 zB2rbQ;uWR3>ValmO(H_zViZ?Z#m;u7Gl+_0e^j->hiJWd-ObQz{vZuI!wP!@Y_s-Q zHr1w%1o(5jj39XJg24zme)VnM)@faGf`@v3d)=jW^-8!KIBbB!rO?8}R z&yNK6IQ!NSMJKUk)I!zK8zv`f7Ok)JN?9jV)*+-ln(|4*kXCEdYXn&xt8(3PB)$-4 zuq29&Fd*t?b#Xb_ig~{LAA!O$GRf`vTj|6%Be6)vh!+`!l4OHNC3Dl{-dU*^VfdrY zu3$d__LmN}zj1P zQQ{A9{z^4DGo`F>QGuS%wz@t1{H4yKLe^`&iEr2cIJcLb>cQgjp^n>qSPS@=43^SR-|jri7<0lYGVw_dB+`X3Y-iRMa`&!KgcA;wM6>6C3~md)&t!jP?m{rx zSG9P&Av8L3TcpaS=`I53j9=tk*tYNSrhKs$Z9q)yW2LO0zwVHQ+f9gz3#l(^7Mu9D zvMm0itVOpg4#*sW9&J1Xb4KT@xA8ELhLbC5@&BY`%%V^GAIZGaqn_p4gzbCrX*Z<= z{*ON2B)a{}?C&JHQ^o(k3gn#k^BISbXsgLys(^)`N*tBM@pL8)h|t2%<(t_d3*E2} zi&NKoerDJ%U6j3ufIRN6IA10pga)A41db4<7K#0-cwm~!1;r1*HbB3Lh zviv@;b*lKp*PF@6Be)xWfAgW;$lDdUJ_RcL{aT8D5LpDyUqt2>V?fhbLN)++WSp7( zG(}!ZWI2pU>RZ^F`6l!1>Au7vs(k9x)^%!Y0isjvh%6eyNe8!GD7NQQl{pukZOH+3FizfJq>gh$_n+43L z(s2{2#kS!a6CR;-5yTk$_SsHgnffvKj9{sGx*Qxmyo%d!lYv(zCqZ$NZ8Wb%iT7na z`b}lo$*iznpMGrsF|t z9X3JkE+#arr%Nt~d`-U0;MZ!fZc(T1^Ntm7 zE}tmkxaYE}vNpI4wx6FCJe`nb-;?f7_W!WWH1G*P(GD>p5$`0ZmPl`t;2Qj4ffhSG z(*?$Da%Q?>v$1Z~yLxASI&omwv=|+vBw;|?H>(}JoF%?$do%I;^i9Z^S3r^c5!_o% zrs&<{^u!1zQ;%&B#v%LW3+0s@!#fFx7%9P3UiFT})&3V98}-kn>Xi?Au0w5tA|YCJ z->2~&+#cA`XhS|=x1sv{hZz~LEe6w)Ki+900%pH`b^7?6Ef)70o;EJF<=Ay3A*i9W(+zEao_{sQHOBcDIwNKj)Zs&Br%rqER=(zxKWs#>ncih5-jh!2V z=f&5r_roM0EvHmBv1>n;)y`mvsOmifh9RAZqq4F;?#NdPmmgG*~1q+SRgTDssQiHxP>LyM_&(a&2o|v%^G4a~CGn=Bkx1(-145?PSTx+TjztMX4GZ z3h(|w#hSJ`!NJFn8Dc>*pkUW5Nx#e5Y~8FB3w^*ypk0B6kh2%2#ox>K0uWezac1JwY{MC!;8Z@g?Ck_l#& z8XEd=7X@45r?nQx01bWiuZ?SHQP-4UQkyvv0R{)oy4RtNG2UeW;!WH9k07^KmWo;D zvaGGNWcAt|GVipc`VBWT+;@|gk8LSNk}qBU5DILwuX*wUhn^l-TuHEb<2Zi?Ow{7` zBM8$bl1=&^dPcmZX+W}BYit)B%cxQlc#vYLF4>4=zfb=ryCHzy4Ly%ANx%zs9S!!2 zA0oQHGJOKY72U6O%^$U|g3G+n>`A}G98*rbPPRLOu!zl{a-`!Y%9<`Zd+n*M(0^~( zO(w9=M(nLA@`9W26pfWhuMY8>?a2*d;&{-RZ)t<>JYS~N|eh)A_ihY5Gr^V78iteW>7k`0>&F}du?OvM9?-=LK zp>>&M=e$(2rhai}#1|o$6f+5oAiNI$NZZj2uLnMxVXy0QMM?BUmdUNx$bwTW+{_;v zD=EU)9kjQ!-nXMdvrE;)!u6f_OU#J1qT~MNYpP4 z`vEzBJT07nCfG5xJ$d&5K11kdnxAqw^ghSs=F^;{9uj1#F*1QaO^#(51&Y{XKB3-a zWI$q<>|4J4PZejDufrfCg+=2OO zHmaTmAK{JO0$!HmY(g3By3!A&$az8UsD^(xPx5<(=Vup)SNK z14EicFGe;VMRg*pDYwhWB?D9}{?0&WZv;S1!k7{7%HyITF9>K3K zV$0L7yy_0&Faa}`$9_irIr?}S5R=Y>LqUGcA#83Lcn>NsBM#)INZ1g%+;OF`|;eA!CAyU zon{S3`5QGCJL$F!r*ZnZm-VVI$|zkQCUNL#O9T;7$guh$-(5bEnwx?hGNR~q#P>Wb zo%8VtmCnAU*9W$T=p$z+USxE`l(_)Mp>|Ih9WzDV`GP1Z=|ei6xA0MMyGRJw{j-qb z53fZIkD4Q8@v9M+bApVji3fMNXqmomxd(dG({@>Z0LgO_j?86}gG%X%QEA6lmWy`J zdjU<}JzhjN#R*F05g{p-bVOWTDNt8#V0X%{Gk;ZSZf_srx-hZY2LeTcI%zbA0i2|e z>O_E-Hlv7PS_=1WSO~y1eS`8(_*X5S^d^fc2jw)V_BXJ*52Msn0uhqOE{dn2H?eM8 zL_<49u|m>Z%q`krI5Hyna}~NxV-eGq?^McC59R{aUKIE#g%k3eK{cq(_9G zujHzzUJ9>K`#EXOl?iRvy)T+OAje^=Od@^Vp^fa<&JH&ol#gpOzah#7|9QAI*bU6f zoqA=qwz6~en^qR+V_BD*sn&%5ZUoZKh2$y|_SckMazc!@AvJ8RNsar13zh~NW%GYV z$_~)#`ac+YW*tJ_#4nF+sHSbrzcmR?7o=gkX#vAhhBF&RI<=9inwI~1$YOW6?{Vu$ z%@@uO^6H5;M|x0kmryh}!~I(M1RCc3Qg~uZyq^u5S$d^*8s$rdZazO9hL+*@Km7vR z=Ch;)UbQcG5^A38%sv@^J$+IlD&66R0x{A9yXN`^j<`=FMi+lj3&gWh!^o0!Xg*21 zKEc|+1>V+Lu!!R6YiRv`Pp`ibOdOdUW&a5HO~+J2gkD|solRj9;FPt~VsM(6*w}jK z=Y8DJvJce6AIs!E0-TGjY&w%t7dHq)qD7Rib7i*P+lBC6i}2wQ$%gp7*;B&x`Q%?Z z&g#dnEbWu95bV3%WEPnzR`CH>&F86j9i#c+BZhB#S=k%?^KH_!{g0gz%2fk&$orAU zJx*_ze(Ck^bIUB1#ZgdP@D}b*9+9O8^}8j*0ZX*bf&QBtv=o+!rCyZ0{&l zsXB}%(6mxxdthTSb5LPjQ>Ioc+Uw(@Qe;32iP>Lx@RUo3;EKR4XG(d* zpCK?6N^{=r{3d?)XmBQ2mu$76Ht$XMvJcUbUm36grn#Jk>{_fc-}B_4*+2lrmhc9muoqxrCvX|ojYpz zLZ@djwGV8(CP<=>H!N8tBKx+IM)MFDXq=r2X=7^E;c0t7ChF++tAi}&h)o5axLZ>9 zQ}6*0b|Ef1W1s&%%XRG3hO}_8E4nTka`8*!^NH=N)(6V&I>2GI#g<_=ZZ&zy3og%X z=6gO^uGYz$85n`UV6l-Qj(&b(r6M^h6;lG2E%Si~3~Do=9Zzkk=u5yr?I*yv_u2jK zLTeNQG8%2?w)AEuUHqZO(We0U<+!suTk36aGha5n+L4AYMy}6nX5Xuk_v>UPpbPAO#(~qUJ_B-+e{ohl z@?YlRZ}w)B%)-+nHABqt#2r`lz75l&R$0z}eE80Z{deFUDgFP<;QSxbd`c;NsvNJ2 z8oON^SIlRAva_6t=(lP)wbQcY{{C}Fe`F$#j;Hv1_jC35?liHF&-X)Tw++GG+U|s# zt60WT=)$J{;6D@CWw?uEd~i1_tTS6Tp87%k<5?GXbrbXE{g`$ctyh!J^k}o)=!lHX ze^l6YE=&YoaYSdW-6!I%NOX7m2-RbYz_Ca(wxWr@j&Q0Hn7r}3Khom7vcaAGu33jW z?SSIVE=QmKaE?rFFQob>75WwK!sZpCb|8la65i`p~uATJSAth%4IoGCU3_#iEEd+FjY4K=i z3w*h0Ad`|4(;&JDZD{trhs{w-jl=DaHA6vbuQ>dEx2)z05 zK>5wEw;kF%fcY=ES8{izH^&1*?5l>8z$KE|rs;-pg$V=Ka4l!Qoz5z$ruUmYsP4*7 z+_d}K(JjtPoQ*a3167u9^&*@a%(_`1X>P^NW4>`a6cc8Qq$H_}EomS`7St>sr_g9{ zw{hAds{6vHW0$$Zt@-lJO8%b*e^#TnMxI7N!l~9Q1H|rJ(`n_&;v@C$)qx7I7m89) zdp3L7n`k+i)lhJjJ0>8z23_jrn+oHya`k8}IIG)JyGml7jn@5GCeHEqR@7|XC14Wh zowvVBOMWN|1teRb4fo8w{TD_VzgZJ9K61s|9!bpZ?Rqp0{|LDFgaNAlbWXxbq-v*M zdDtxh91#F6pK-0kRR#pCTsC`S7h5fT!qqMVSqCAY48*d}v$?AeSCWi6_>Zvx(>6TNWKC#3sXi9zNQt;1n(L2?@eX{3_7oENjwJb7 z-8*BLvPYWMt8A76Pd)UTPHGLK8?AhLmu?8GpAwm6U!?%%Z4Nz#J~bF6y|Qo4RKFfU zPeOPTqdK&R%*6Qc6$6(|9_IY1ON84j0(P5_Y@Me@PhJR#Aj(tLeb+zvreicl1>I=8 zv{R112rmSDiL=A|Md*i2_p&XJYwk=kOM!Hm3|{NmGLq?yrrxYhESU$P-3$d*6|X!~ zU`~hyg?&HWf6`9TpB4Us#pt=F={qhoOUnFBo{f_Eac9de{du5)%+TSEi!~575U!rC z_6=!cJwHp}e`f@yyXZH03z@vbMHat~Z1i-85l{#R-6JN9c7oG37V)U2hTRjg$%qTJ z;Nll9iL9cT>l}G3VEa5cfMOtJZE!;_RZ~0Xqlm(nLu!i3BYD#J8xz$>uvR;q4=l!* zdt}<+xRgMmtGveWK3}28%F>TSx=QwMw$;?L8jVPdHjm;cLjiv*7KbBFliqj91fQaZ zRQ(?)YS2^aNNykS8AbH<2(s37^`+0k<(S!uS0{Wlf(7$y?70()?W6pcUl;}@(mm73 z=XvIpUXS~DzP5{HbvD9GFMp0bgZekn0i;8b8p~gM_wOFIE{WDQTIn0EC{F~0Tp+|l z^01EdW4fcxei6sobn-jH2$IZuyfQ!Xab?C%N-Io|M)wUHhOZQqi~(*Xj0-)w zxYHeUnIBayyD##9+hx>g{$5GGskRuY{9qP`Xd7jcz*`5OX8awf4Pby~v24pD~V;Qt|LDJux53NZdHmP!eUNB`HD` zZ)4oY^RjglU-3^30-LDd_j0KrR$-c}wUqsvoSKZi84h{H( zuEuOdN~k(zqPmoVh{*GJcN^BN;U25`H_RmC?zAYXXRpLMz{Gz#;=A1io@66f%Fqwf#$bR?U@AIr@{T9Vu14!_=O_d=)5XSP?4N>w$j(oQ-yn4RT znyVM0DsAuk&zt4GK%4+v`AYiIGYS`;O@`*5INxyflRDUU87;;L#*h?~cpMha*BXQl z-vpbjZK&CCB@ZlC)MRp5qJ0=(UKt6lq#JKtcG82cCdM8`IA4FUO@&aUGxy!;`1HZGM|f?I0&*{!Q}uu}U(*9TN?g61MxmO;634VRFhb!lZa)XA#YpWBN?~O)O1wuUA5AEzg6poe_{AiZ1+` zmjPuSS+S3)A%QoAo2Zq9KN61@<4`UFmQD-p)YQ_fAFejs8Y9owmGBL{XjORhp|Dqy zSKEBucUbOwlGtEO9fCj0n%(|@@iMX6+CPC%Vg>e2N|t^Sr&aRxdm;^Ow;+A|FWtRw zA)!eh_2B&+InV zemM;a`Ofp`zb68c3< z(J(UK!Ts!7cHh$1Y@jf;!_zqyAIZ_K8W6ekS{! zN{>ZPtIRc`NWG-ZLD9|@i7rev!d9G&I=&^jPaAhpgvEQ)Sn)c0W>#VOogJl$-$+Sx zxApL&*&Hih#V_hemZ%jbmLhtk@=#|)eLP919?&xI`B<#mzK;IPXz(|1gELKh=`uIcA9x{hAIuK^7%gR#TxNrEE4@K5K8sz@lF|!;B%70D3 zNc{|=HO+L!R#za%uv{XQjAfiuV_KnXXPkE?BeM^N>q6MH45qrfObeo2hpy(>jh z31Qd{?5qxLi2bBPOGX3Nk6g&BtR-{|p?ZTGd*b;9F>W9dhO_<^yghme?}Y!>`%PQU zu?f%L*8hsbu1XZ*bf0y*P5t`6JZ=zL#MfJ`)_##1Gd*bJqp_s=nvuW=i*lyZU^{%E zS{@peMJ&vtK&0q6hG*|LHsqSUopVSjJZty!8s&^iU8=iXE+srrS?n&5z9z}aRN8_3 zxD%L1-iYlSTq5U1P@4Uqp<}56>gOY~%pFzO*lsMxL}#`1pkqIhyY)7>zwyR*<1+GS zBYxeUdY-x5EB-J_mWSVv-TaJY?_DA&)LQfMu!2*+0q6ew2-n>#EjD~5BZ4t|8^_6l z*J$zaPCaa+91CnvVoY~AVL_9yyttkZsYvV0IVGzM6@+?&4qu*5+UNw>&J0a z+W)HnNdGc|KLnBMNUb%_ zFQwI8R}gPZh+QM>u>9AdeA{=)B7+mJtt|wc@ogG&>eRk{Y$s>Ei+?lfPg%6Gz+tD0 zv)q_}dG80BwYXsvZUd2D?&f<)(I8}wS9;m)8D^@zlOfV@|Nq=cqR0>tTckcbmq91V zLJVO5m*iy*f|r5b|Gp39X-tdj724eRqzY53*Mpe<&9|v;?2ou9`s?7+fkl-US9h{a zqDYI>#*U0eBqts?dA=|dwY%NJ!y6XGjdA5L9MgU2tIqsp#*p0ud1* zUF-U!Ce#~IsVPXCKC$@osq9e$s)>)=}@ z%I*!x6nrI$5N@(*oKL$r?k8K2g9vdOSMlnr`PXlj^;4tFjlPYMN$Mevsu( zi$m1#Bp2XGxML&O#!#bqrbU_YSStdKl&V0?F^2EZ{ou8~3^p5fa})2`H#1wd4lS9b zZ%u>Gj&LOhwJ4sl?7A`z$x`0Z*mEYg<}H>|LapxW=Sj<``&aBJjBFKFMHU(D#4)mJ zzm3^FST)oc)Vxf)t1v#gQ(S+Y?CPU$6f!H8lwYREqhki+4M}bJ;n;pg_xQTJ)}|#^ z#m!3Iof~5PZl-x=uVP$cgqWVzFj}L z_pT>C@^gN$QbO0c9joE;M>@!__dAHq8p46YM=TiW2@0BKbm88e=2`^_HALDgc*ogB ze4aDSR~X=iT=zDoKaZa#$l_79>sZS&f<>p>y@$mglRCOTKjB+{UMqXO-x~Y2)Bq;6 zK=O}!+qjWWc_xo}Q%tsazY9!r2ev=2*|mSHUah(UT?_XO+{@EyGzCW$+xr>e-R~3} zT4bm5AHOo`I-WmddB{2SO9iR2WbsZwr%DUS3V7tnUGjeP;~0 z^&6KKFc%@e*|J zOJh5Xn|jt8+|``5sCwKgE|L@Yl02)5J%tV5+$>{AFU98P-fUXmW7(iKkK2L3e-9h) zE#-DHxZFhdI9>%3@#nFFfcs{66U5#-AOz;|5T(Nk-=~I zf9zGLz=bea=dN_VIhXRI2t&PZRni^-#a`;MOu$tmC`3VCZP4RBXA)AWmG{5JCT86A zWoV);USOVVW?&)0_lE9xzK{yZ(Wa>I)tBeWieW<*YkfnLJm|$S81+YO!-@6}b+|2b z(i2EQX25W>LuwYTD2+neIzD3*xA8_;U`Czbs5q`Iu~ZrjIPIqH;dr5+O@`?uYR{x?%1J#Gwn`;hcFZ{*h{n+l$!v_ zR1ALZ1bbQ*!jTm*)!yHhFeD~vXruT}R^b6YQ@+{1McD{>C}(6d-x(7Hovb{jQf7nH zL;klY?z2fiQ;2qi_JM$~Cw3j{+n|~AxN-y@K|TCff{c-fDbBQ&{)1^V1<|(RLhSwy zLF^u@OzgPA+@7lZHrE+hd$RIa;Pp%j{gz$fMZlwnc&^If8N zw%7#Gg#hup$g_fVlQjwTB7|t%6#-;J?i*;@h#+@95e-^m`prqJegmj22W#_RDA$Ag zoN%N)!Rt9E{05ax`5J6Hel7pQSCt~|l-HDc!Q78cab@&j519eED8gMdCEM!cbvnra zvwKlsg13@Um+=o{loPxH`S#`kCc8$uu1l+E{Q;#{gs+rH47z^2wVm;6RFdG5G?n^E z&~;5nVGIPb@_=ZM+ZHQsT8ww_AhW?|gvJc^?q=y;#z*fvoApjKfncQ~S-{2yCz7o)yp9idn=Yc(nVtmcq>z4+ZLkqz ztzy~XJO;69?k9z<{5N&?2Vu6M5D=|O_Bd_k{w)_bjj8iC(fKnHtS?5~nicB6 z{Pu%R1PrLx^9qigHAj&W)Bsn{`gLXle03L^^H0j=#byJ+dX_8r5PJ^Jj5j7>0XE?} zb-rzf%V{@aS;_Ie)W^OP%WoLhLUY`E9H4uzm|P`?A6xuX8r_^CqjBM-eo=245v^rP zO^SPOamnlNW52Tx@c(vT8e$q;a^GXlXDUkzkry^2NvK?Qke5E8sqG!+_P^Q29??aAOjRSfSj(s&5-t?16^%d_B9R)_?Nj59FS5^J8 zqPhQDOa%B%B0|XO zOl{iq$Cf z*di`_>`^pcHfuCj@n-SzPs<}Di5ADguEdaDAfmsA=t|c`*STaIEjvIB?_?9;UdZJ5 zP3A=(msz?Gu3THQ!QNR&lHwye9K=Ke7Jlp1YVqlqKU^GkxY9!iW!>?Vk=daP#LDJy z+Q}4A6N@`NbI&Z1z768Bp-}&1o}3EC<1@4v-FbA#G@PYmb{|s`(DftDw(@JdjpdVC zAkKDruo65=g;V?td6E3)jx75%{f0dURmk-3>ZQy^CGj60ln4+pqnHTTK}+uXj`Z1U zW2d0 zt-yY9)pvl{IDW?InEI0QBR_?l;?PJ`)KXb7O(Xu?RdL;;kjL@s7q?r%6L)oC?0*|)&A$A*Lh!_EbBH}MP3o+(8-#O8L8$NSn7dzN zV0;)o_MK-h<;#Q3OWI*AlT$Tfr!`7$zt%GaS@^uMFGw`JM47^AxwijKR{W=ai>-#J z5lj3*5ExlV4=@4|nCW|)@KJU?b<;%WvMSCog{D!TfrBau4FvA_zjTTk?nz4U;azrF zouAoR5K=H_Ct%KhWDMF%%$htA4=9_ZqlU47gC*=Pyws#b!Y}n9?e)cJ; zvjU@8na??P2`GHT%fc`K`K>OIt8h!zNSIc9OlO*+xmm1ilZ3WB>Yqx>iDz;b60Rgh zy@K~c1E~5k%7;O@^;Qx6-5#+Se+Qz`qR8_3M?NnKK2#LlGNogDD4P?+7NbI#m>NR$ zV35CQX!cp%e$G*s)l}f6%yIewz`oT&z9wUODN=6fG01Kx<+?t}gwap1ig=Q={VG|( z0PMZhiBX!@k3Ze+{>N|h$xp2IO#BJe%lRSC9{?& zlFOFNIr)GP{Rs~J|0&Q+A-x3j?U5MG-23k$)Y23+ulh#mJ@j}~^JwrR`t~PC%uIpC znb@KZyapxL8wjdFYf-mqZv&2p6K2UPIkTdxt!PVfn;n$-SrF zEi^UaKs<7@gL4;~=p9PS<^4-O8h*h)jE_Cu&hl=!AIU{-S(CBF_qPkyaXtTaXTnp0q35q79AVjUc65(d7&K-FjOflKeSV1r zm;X_wgVsdbeRrEP}{N) zJ+=cW>DILbRId{pGzsOBN*~2)%PT6lDfsNTEG;dWd!|`rD}U$f5L@BZ9eUwb3=8U4l=-X|(no^0%n1ZK><&?r0AIGgQ9y;v$pw6|a`` zx;@*q`u#(X*<Y_N*LCa^86H*?a(or1G-vfzV;>i3SIsE+v*?X z_8b8X#Z*wb!+jq_&6Uk(&l3*t^Bi+j#Sbf7?(%Xye3qA!3%^C+2E?>!MlJGMazwmb z#%jgCd3aG76cQXpbUTgTASp$jex^cv;z2^O{Q0bz`FI&Tl9+~=9q zS%#EIc5rqc^SBPb^|)AtUB3eDZX-IT-#DGE>8ycIPy2DRmm973|8a-1TQ|JNwRAd* zpHV+1-;u@W`xiWmAzIe=5Z&o2x0j(wNd&Hl?(h-1co#Okq;8VW|E^4*kd$D&rB#Q{ z$*#M@s=W;JIDGzyFFHEu?SDItCJ_HNb5A&ebj-ra%Imji?B9Jmn~o@{RaK4|S;s(w zf?`~p&nNk_|8d#2!!_I{-!En$PLbxUwO4xJpFvV%#5ZHN%yavFTHHU4fgDlKqZUVC z3v6%%0ep5Dg8MnH6A}2d6Jx2Y^c%mc^51fmNmA>j6G| zeXt0KkfQ{^>iTiUZ*KW$)>|Qdt2zJBxQFu9^FUzcOn#C9Ly|w zUD?2~dB{I7?{{wc{0#X*T@>C^Yx@Mi`s7B1mBwMn;->rrYG-9(ky#EQt3iNm$A&#* z^*(?8yz`jRV({(P2ZFG7Ne2wQ*O3Yn+wtNKpQ=BnCNq4!qHyd2`cI2L`&Oj?V`pe` zKKK_IpZiCP!FM_R^;UjU5{&Nd|q*)B~pJA$g=(na09f3}XpU6>p4g8~L@Q|Hn`$O^Gq7uQv zqo9vuYmvg1V?^gGwzZ=HsHQ#_zvLznD}l`qOX;SNNjZZ{au)fa-~Z`$-%>)#GR*fM z&`~NVayTIJ;3drb1^m{U+Us^Vou29|u@^NJ!vrykRj`38m7*k$fvzpG!8YcEk$eg&U@X5Q1cv2%zNqMa`TtdJ@1_BE4^mBlNJl=gMUhD(KuU2?5MABD*^ty3M zNb!z8Buaq{l<1gN*F^6J$6&OQU^{?#KtNJanFjF3yDJK;8vvIU!gGM1a21B?YA~Ed zyybn|DvlRR;!)#p`uP%VWZ(vYE=aZ>Q|$(AQ$WaOt};6=Y|g|3ZXS%Ol^Kv8dV;#n zPG+7xuLw!O@4+4qHr6A&&poHbqBnq{S6Pv0_6OJG3H)c`9)AtI#Gh>=R6)tBjRGfqACip*Vx}OA+YiDV5=)IRo`=7i)+w3Eg5P$+hDe zq{FCD#Y9+y2g1(OId30slnuEyr9xgH3m*Im!+LUd%Rcj5RX&XVmUR27T*nWI2rW6e z)_0dxYQ>kl+&G^!g2XFSi*dW?^A&=kjztVFjh`{5W&>kg=!{^yp;kn)LdxruD7%ae zw#sls13z?Mocs(4jx5oEWo!-*d*2C!gte5$Lfvw}5&Ng(N*gge|ui%Jp|wue!~1!z>BKXbefD+FycJRo*LkK}5Fw}8=WdBaA2B&p-M5|NbjuG6<>V_P~+zDB5+|AD}8(~YH6_VUsR7mY2s13|X4d1+HXe~NY6Sg9 zsz-p!IK~Sxk>nQwO>tcH# z7|)Q;ZwocC7;vgQ7|96|1HdiKNMM{hXqOw}xFLl!;2rWo!r3>qw)5%_z@R2+Uk$YK z^pd1l=7?5!7}M}k*0buv^G{qPB@jJ-snnMW+q*)K;>U+)nlZ)o;q4a_foj>n(F_SS zR4uQRZ(vb|A5Wd%#m^m{Pb7|SHx7wMnCnDXzZ7E;YEIhDS#Zw>-Jwg*!?NdKdyFTj{2dF`k7*H}8 z=rHJ82C>2(@dZ(x<@0s0woONcZSJ;r)Y7OG|AjCfx*q9Gzi=w?C&40+>GM7Fv=WWy z`Bekd2rD2KA`;>wa=z5qOa>c2ifhl3&A`=rLpBWPOE@;R+;d!3t)8Twp;g{q!K%Ih<-8G;2fcca)l zc!Y(BB+!Ev+N``vihKIa*(CPh9^YYv`<_42^ypI`ujRSS5;AoB8OeC@iDFnx>^6>$ zdd~UmV2i)?QqK20Q=;A@fX7oaLm)$-0ckhYAmRzJ-(yOq&J%@SPIqEPwCD`~b0_PE zN5mv5sdcf25=@@ddH*1?*2-j9SmjN4jPhE(k@@tSZGeH4K$O1F&j6fT-W*@l zRh#3PC+w}44|D;7UYMRA6f+E`Z!6$7r*h$up{kr=03)mB6YNkON8Z`+lsk)YMd6HR z28+IZ(GVat*ckxH2^zz|FaCiQv17wEjAL4hzEy&wj-#GD!f&I=IRAbJH8oKv_?vXp z+3hZEnX`m1wJwuv0z(SR*xyKzDB=NZ8WmwRKJm83ALGK?ekFkb*q}`CT?rOj>%9Wn zE7YPF_{HK9Golp=cao<`A&da@qxj__PPj0*J<+#-X^3AH=heKqmhA|hr3nu*Mk%M1 zff|t>{m+eLA#*cn5L7M?zMXr+EvQfiK(miMcu9w0wzCaCnQ3XV?21*BzeQCCf%Lsr z)%s?xp#!8+Wa6*|&Ys~&&aVd&g!B^PC4StoCc6O;=OX#%pY8(fY4XTc-vhy zV(S{UE_D?sDRMiV*PE(Loo5vnKyoCkI>TBh^^6@$+ z5y{i>Vy}7w=Y3|-fQ3vpO~h^!_b+ZEvp4GMan2+=6h72*nzSnTUs%3)TGKgvF__Y2 zR*BD8P~NE^?ie=%cqmgk!;!R>LMiNxcMN`KL%V{B6xN5;^+v(i`b@H?-(ZkXVuTdF z#C32KB8Dj#XDlmiyd``=*lc0Q`?A2X$WvqSLUoqD2Yx2`x#xZz_8LPet)5e2c9hqv zr1rF0B}agJTQ&2GFd_oOE&o0lh2h0KZ$QL7aeQw;$Hy{-Wv{sG%9+-#Oq67bL$OSf zpWo13RE(IApTCQESxfa+5+cd9iG1Hu+3BYhD`T zz1@8~(f^;U6_W+vZpChk-(_%J4S3hF%$^TGR$BYS!r=2hdRP$!Qjxkk`G9xM)hKNNrm@ngbKz8f^5Jc@NdA9TRtV6SH@u$xe`>5zuc(* zLh_CM|8P>3OtdD#I^kfzGwRizkA$1b@ArhG&x;$m{`wl)9xrOM*@(7Z-~=$xB$#l? zhTz$RFz^V_1WO3Z*x_rT;{S2@V?~glPE?W^8T~4DR$`p)m4N`8h1$^WvsT44yF283 zs=DJEjM16D9}e?|^^RuLf32jM&{TMBXpQD$jx7}lF-T3 z@G4Zx&l%jV+_)wg)ou5=@pi+tqIBy-3UG?5@#jPwm?fiBUxO2*EhYbRgw+QSW6lx) z%z)r|R0C3X1qV!b1GPx>$L*lq4+0@0{poK?n&wOUG^GFY>%BBwBx?Wbs3YM1zj#%* z4jrMbylXQb?(aO^5Usqs*WnU;N7YJp+-j_i7;4~ozw`^wc*~v*{O}Q;byKKVnT>(g3yZm+zHPmABLU&_s4z_5>}Fx zkl26w?T)z}13;Uxl}{Es)KfJJpJNh1;{3WgYzd7i?((assN<*``$-`4bzA5d{~jV2 znY@y*Zn8HwKPOk&PF_zrR)v#y$w6p#%L_8mX|=^+V-$dHFp4%oNBJbVz8%IH4^KI zb7))h1{c=nvw=XZ8*Y3b+9nBF_ozKo{5*xmxw)t}mh zUNl&a>&YcxOc6Zny$aFc3cK!?A=-Y-k@r-kRMo48hktMSC)$l1g4(TOAKLVHcWCVv z8~n$NDtH=-e@u*M<;ljG#|c{L@>v`s=2=i>eU~n1nvK?_+Ml9cD$0 z6gZ=_Cc_^-N*BmOKKJOPR#g$q*o3|a>c^Gu#z1m;I;^UlI_~>j7`*+;QsHeo^~bSV zWxIJwXD2ak%wB=po#gP7gHuxxr?ddBkDA?YLuiyiMDCV?>YMhQhh=#p8@mVJ(OZ|9 zC9QY`a%#yiL2xemH}3o56@Y;6?wRfJ>1FSmlQgYOy?Q7=nL zwJ)`GR2VfCL$e(#5BqW6;=-gkv_E{6*G_z8v@EX>N~<1W=V>wyk=E_r_cxlvGv6Uq zA3Z-t3SvdjvOSBv5o1DH6dV%lEbK|l-bl=Py}4&xP`+|q#R4?eUYTehWeGIW>VPI z+0>e*YBC+~?r<<=MJ5D&96_x7eem}dLDzp%7TLst*+2oCd_6#_rxMADVeN^#^OEC| zj!a@eur6b;)a^AIpC#YbgX~32l-YrRArTr{CWw)IHXew6 z{&yG~M8(hAakx3N&6O9^3;a)Y%GWya zpDu?mtL_32Khwdw3*SM-m9^a+mDkIim5yzGYX1Ajy$N;67awsI{1!W9ZGau54qwpc z#6MlOg7p@jT~)I;^q(ENlms{6aaXW|@7kB|bz(WE#zSujAVf8*hy_|ePcHe!3xzP; z>0yt*hg^ty1VZaYZ-_}zT^QsvCAg1;Vf*AuYG6wPhSyy0$el$e0DspcpIV67i(itP$AZryqQoWNRPc`yJ*S)A#5E*^9DB zHb`nXD@Yqk)JoDwa{oZqKyK-bo~gx2@a?bX{Ta^EOgn8$uVVf?a&E1b2R#jAg1gf{ zve2rjxik5CH7KiilCODrG}$FE!ck}{CR4$lG(*O>RIx}UO6lW?TEdVfEde98e547L zwb7gDn)69)a~k^Wp>#f;@YMCdkI!WUD&eCdlU);_&Z|NsS#3nasXyLEPEG2i5|LGf~18+V}V4*asqiAeDD<`e>JBu_r<2aOtczxi?ZBWwD)&k*l6t7s`h-()(bK z#gpK$oEF$yPm^p2v$6elg1*e*>6zJZp>pGy7O~kT zth$RFM!n2~0d_C<_;oJ(^(p%9A==$f55090`Y-_2`PBGAxTC-AFg2KuW|lN$&@su# zV(?jx(pd(CaBJro^E{zW#VcO>xvkyS$!A9C6xK2(pPvd(xt&S>HxcVWQ8;va31r!3i`Pni?b2W_-K^_SxonDu9HIl$){w*i{uzqX`{bHd%}-KJJY^O`?=mD z(`_=I?Re<`(M8Ycr8(4!%HYevC7-=a>oB(~@NGrygaYh9f4T&g$vRT^ez;>Np+L0a z=f(fZFJ`gJLQ^-QO$x6X^^-g@U z^WT~p{)6Tgl)t8&-ttxDLHiNcAM(+Jv$I6oMS$?6}*Z{vqCzdRKPBg&~Xt z|G;LK!Z(``LY-R@K;oIrYWBsnRXr@PwheKPeBz$IL~%fEi<=ITsA!7CI2!8{@8rj= z%r%RnB+QQdDMoAkACFAE?0(ejDG=HR%r*f_ZHB_X@<~vzL~;{2@{(8=6NK&1EL~vP zrv!FUfppQ~C=@;%gHjRA^>@s?1Thi6^tG<2KSJlaZS?>nniFXP=DooB{1*A zP#Aqfb9I;`o?RS&LzB0sboe0-hXtvu`?ArC*!fT;afRS@b0B~rF>*t7n`UgkV>k6X+Vzxt`PIIurN$RGP7-bY>`b3 zg}~^}`IW(N8)bQjtLKc|;X$haS~X&*jPEL9iSQQ~tQ4ybFZK>da^d6+4IpfB!&;+m zZvna8TI^K8Aw};mTGK^`YHD>*uDkki4(-Q3(%84%ReBS(RfiOB);iiNRUf@=^#WeK zZ~o$BDs49{-b$aY`tWsz&8WC7mO^&GV`2C+CMKk_sgkqjMtrsqL z+%=z}K>4(&wHmBNUt9dPZPI~AZkQBqd9WEZzEXEoVAO<##V=cG(u7*f0V9FLF}U;cZ$g)Ey5zK9=uQ3i6ut4T6Z1{tg9f3m zuq7DG{+x+z9!McCTXMfe(q&V60h=9r@mzTJv8rZw%l_|=eh zpoEIc>|3E#x)d)VF^-AS4Z{M0nM>!@9|NR#lu7a(zd!(Wln%uBjJF!c56hIG0a9li zW-p1=MCv3Cp%*3mOmy=&x$-@2TJK*eC`WQiWfB^P<0rX+4n5WwsKI+NekuxW($hZ% z7AYqqYmqY_r1p({svIlFg6-V#jooK;K|{ z>&NeWe@`5%4%vIYlr{>&KVaQQz#u)2DaLrlER^_s#?br8xvINE*!0tb8MiT1@#~6P zDuqr4$yM8L>DP%=&vVPP?PCzdz;`z@?6@$bib(9RZ@hHz=&XI#gdU)*!@49fVBG;j zUhrQyqHxDg*CR=A!19sTpJXR@j~g4^8-ivh4|}J+N~6Rg_5_=*KDMUr3k@o5=G~Q4I2TS}y>02HzFM zUQ~ZpfP3@=pC%BsI+HrS8Mnic&p0^s+y7zp%VFbw3wPz3&*94g8P(EkB{y}?M26_2 z*8QrStB&EXGUxuw6Eu$qn5cL~3%=pN^{;T$%R_1XX6&z&5wK!qKQt;Xmi{|8x?gjV zY_3-K$C}tj-;VZrPoJrm$1(2457WavUU~u5g%P!)aJod6fY7{)xv+z;#P!Z6Z;YSj zFlEpUekEP)!W0&XTVk_HVs-|f=W3emGw7H{VjkqXG!8IFE0s4;=>QZq2vGU}LreiJ z(in&G>>GFu$L{WHGVZ3rz27Vy0n`aG#=hV4y)Gyy3WTe}1OZO#I*0Q8EgE>X^0 zE!-x|v2b*nuS2=g1Q-YJY)Lo!86My6a&e|e`w09fZ#<*+(jrT-i5I;hOVT4SGA97? z4&$+$(8UpnL1QAddREC?xE7uyCobyyr4Y-97+je8(K&m@?Qc9&Y=$)48;H%BE;;N?77) zRd$Q~95Nlm6xB5TT?OF*;bS#>F>Z6AbkMCdY~v;&&ucHB@Ga%*%h8b#*U{5)a??{YLw9{^=59xVfVxn=cM39}TmG#)-EGuKSm1 z+l00yF){4e|HhcWx2;mV&GDX! z`J(%}$$MD5^V%&MkF@C|b9VaHq^L9@$ z_R2C10M*Z?AuuEx!+G3!&JqxUC*weK;KqXS;Z4(b_n2#q?&%jr1rvgStM_gV+b;-B z(b1($d4Hp+lX!PTQ1Z~JfLGqB5^^_29zDM^xP7bElzoL26g;1ZdYCQGTa%A(Zyz(j z6n>Ryr9iz|OiSS7^-)+mw?N-v&4%9`zg@#2WbXXX)^}WUb%)@XawJ_u{!91vCP~?3 zS#NKo_s10aZ)1akYD}t4s+G^)eWYM6Et?sJk!)wOy9T-*n;ds#dhiOD9nG*@#Sqsx z0I{WX4q&=d_GVWG)%vH{eu}IOj(uoS_MJF9W$Mvd2=vyh^xjM$-kn&`Pni2cVa~H4 z&W9Gm4I9j&169%-nkac~R4Z0q|D7p)y!3Y%n)Zx(XD;eG^4q$v_&Fw!%iQ`wNY`7A z{1MPH70c@VC!(c4je>)P%_a{81w~k72r0~Sb@ekNo?yMt_|!?b#qD{2TkFNJa$m`{ z?~CyHy)DI9X&f83Y{wqUR|B_|ta4=&PXq;LzZUs0Kgi3TpY8_4dTaOr-A4Nvfnqgd z;u|!*L}JQsy5|dolJrZ|Wa$jOTtLfuGpT!Yo+Jkn$9Gx`39d;{5z5;F9K0Qt0@3@~ zi?}=Gv!>r@Ho!G6zhu1a2#Z=rw(eg}oAUQelocUy9B1-Rj@|Ku1?{wgovN2XK%>tt#J-1~U`~0VkFGzX_f3Pn2fBbRax2xE+ zkmu&WI8jk;z&fy}=8yE7RpRu|j=JdbS{2l49+Kq;l^kL6qzI4TA=TvHTmFy3gx>7` z;uXRt`!24%z?lDzY6B&X&Ce5r@ZaL~v2aA{+%^-#IZ44zQrfV_YlOMzJMaxLt^&&* zcK3(gZSl2TXhZr~nZu!E^e+#0+3w*)nVS~XUil~AY9!C_b^R74*Ez|vbjIwTcBrm6 z2|W-LcOlxz`I1arAJ1^JqdCZ}ugJiB3MZ`d@U8K#$KYikF$#d9^v@YdDTm$O-WEuW zS{J*+A)i@`9<8=_%h$@=8CzpV{FB@vPdMSs z_*NnxI$a2UEe;({*09`n9FD%fd?ySRW70(9a|P-0Rbd;K?OZ5+eH%E3;yPfg!nd?9 z`gk#C&8IzlRqHXw1)#`^pF8BnzKaiysDV4Eu<<=ot|VPXyuFnc+71UnYg+W;_;^t{ z!8g#%;c>G<94{j!^v{s=4u{6R@I0~O9WA=}Y|f6uR$VqeWkB}l>@(3;lgZyV~Rg=bFg081-hn z$k_;&xGa>s9QQ1`fOm(JQ-x_K*Za*8vI~RqUUo|4{ii7|w!Iw5kznBcZHBuPxJ?Fx zFw%x7T_dDj1||)NqEj{ z3kzd8aTNGl0~shWP7y*Ptx1rwK0q#OMK3Goi$pzZmt-D?GDsLPhLdrRlsX6i={d(>Ao- ztp;LrRA{ZpjZGe0`x3fA!PP9@3D9*r&e<_R@va0d}@`VuMViehsm0 z3ee&n^@m*sd-r$r&gi?ElhMC;L0YXKBdN8jt;6vQC2qSds}wt)fuD-)XaKTBr!}zt z(8jDezvk~vY(FhX>DgaCmA4FL_&^Vo)H)OC#2dQkzhqLN>KmF%flx9pr6ByVUTDZe z$RZ0t)1r}2wHRU+aySKMt+8aK{9KzDef#*Ff+?-kseErLGrf@)<*4G6a@AKx%9BVjvR2w4?^D#RKqwcE7o&c+_oc3Z$!EVq zuKd;DpCv9+F4RZTIzFmZ{Ur@MbvQKETc5iz=g#Kx8{0lk|I$%;6v*dGZfzbEN(d8v zktql7mHvj7gfmLA%7vd9##Ex`L?w=NgmGVXG(O< z?A#g$HJIDC@d$h^oyFiWf`1+P{H42m9U*+5Vem@uDH7vi<b~K!47ae8;5$Ue1 zZLjn>2EHv(ln+-J1F_Ebzwi^wWY0j4sxs^`-=?*c@jLhJFmY}i z88X`nnQG=d$Y%AojGVjt5iO+f@_}E>Wm_MvUT08d1Lv-%T#Lx&eYl}KaegHe8I?pQQm^V-byg&rYs4F z)>*StFZO?$ z*Zd)+sB)$?uB3Mm?J_?uv*g}iK$hGLOaB|__LkTQTQZ$(qZ{=Yk$iQj zpYm%`-dljzs+xJMLTT&(m1b;5ul4mxjG~1-@8slr<`(y~@BQET5*^kO1V-9o)u~*? z9keLFQR=R1RTO(P1v>vQlz)!hHMn!^(rxWC>^xJ~dyO<=*$j?-&@i)^Vos;vZKb|j zxU;R+l)bHx{w&`2;;5o0PhG_xa8h})<{*=;V7^iv^?o&Qbwx2(`E3ee;)2*nZhaY* zm!CBv=cvX74I9oX!vWs5#Idq6vi<&XarHWIKJ89x)rlGK^}|q0e}@3fC0lGfFmqn( z^Wl%D3Pt;`+OK$5K0h|OQc_)}3X)p>QguFkf8C|HWDY{%_qNIU4VUNrts3&XSNnD{ z^@8sw@2s}0*VEH=PrgtMW((#7_RaBk3aOh$$+>p+Lf@UjO0lyDJ{%0t@m8hS-*b|{ z$_?MSf{kycolcbS$V$JaNa3ptzQ1XJu!C1+^_-dwMuPezxbw|yME=h z_d5JG4t5bPnnMuLb+#Gf>O&uxO(eX+w(8FM`qQP4yXId>(8T^5==n&&#`$A$mwY{7 zqtZ_sbd?$WpGreoKJMZ3! z&nt_hRWGs@CFK99?7ZLE{Qf`QmWon@w$z?AYL5mju}NywsPQ&xmc}eKD@N^AVwKt> z)T$Y?NQ=g<)F_gmHJhM{Qeu7beqY!35BQ$n?)y6Dx_`OPxz2e!pRe;o4PSt$lS^fi zt7CU4fyvwt%REV}0r`C>ar?W>i~DGDN8UTK!{rtSL1zsM&kRaX+2rlSd}^fPonEo3 zC<>(G1Yb)x6z=n^WQEMG*|d9ed%IWrYpP0QkvwE6{3JH_?&alz4FKe^5&WRN>n^?D z+s(|t%gpKMi|nP7dgoR*B+n-oQ;*O)k=&Q8+TV;03MZa)N(cQbv=y9o6O5 zubCDP8U=Vjc1RjW*@j6Q&V7E6(|~zrik1|rRqaYl-EcpbpE_gn^7E1fE(OT7?0G_V z@99ri*H_49{RJg7eBLoX_#45(h+4BdI`cTuicU-F9rX8_51c)JJ);%yY1W(eY1L0Y z&^PfgSMc4@e>q7Vx=oupTPK1KhRNuiuB5E$Oxe836uK|(JgI`1`(&M6LB z0j8dAa=yUa_edR`(9pn94!hBQ7>-D|nA_MLk_!3OwP~h=e+VT98hB1KQb}5!7N#7} zi<}Qu7hWL!8=u!Nrx#AT8{w=9@%uShTkPv->)~-0bv=2%`@RwvdodRs|eskC$uUA%mVnTK3_t35E>qb&SCzP)ODmSuQ0CQd!W;kd}|v2K#0F+uhkHvz8< z=D9psgK>m1zQJ@K^!1iB9H8%6u+J=Xe`_FBrecOrHkhdGE9Jb?SAQKt%^TE;y`5Wf z&&N@$YOi4w5g zlP4Fs+hIE%qj(*-^aq!lZNIu}_;;LNPbPD}IZ zmf1RQ<-mNEGx;jMGEPA$J9E$Kj~AHLm%eu#+@QzHstGUEcQR~7ej&yG=3{|eFDq5m z#JvaG)iBz@XejG)tkn~oK{$eCOp4DMHyBmVkUbHXAUdpOn7KO8;_DoFUAq`3>Y2MZ zu@7mwy-ZIV|8joX3>M5w8TxwEYP8sp^0w9|#W3H2!_71A2APL{a)*MEYk%8bScYb1 zvFi<`9|L_C4QEWM&U5uUyE682DYvdSqsIClJ8kkws9kK{7!XDt57F!~PvoIT3g1|A zWiPF!swACyFXvG{k;w1PN&x6V<3|D@8zi-B1S`xg#zaWg+nYffCQne8Y76zH| z&objitSG#e0=kIm1A8OES@uZg00#5h87~8_L*L!sw0zq1gj0`I$#(;g}f_tA|3Gk*VXX)E>WZHFon`RlyIn77#bv5IVRpAwEWh-|=K zdruPK;hYW)bNF+Li9;4e{3<#BSY$|O$U{R3mGrs;e@iIw!c&G2uY1$!suzTs#ekeQ zR{HXH-m!UcO>Y#*KN~Wn5OpPJpXjfx7VG7c&IyZyTRE+cvvy`PwM_Et>n!$9NdmoS zcw^1qiy_gi?n;RqTZISd3yX;jP#k^dhrouW--C zA(@Z@=ax+LSq!PM30VCvn_uH&S(aeNQUjCmPB;YhBW?(bCm%`MG~K!?mof|T`>t?h zG^xqA7_hFU?ze(mzGfB`M~c zE02(^^*ZdK%=k7%M&b!1=7|?mX>(Mn?Cqlup__SBz7vVkeI-6xKBfhSvTWID)Y7VB ziTS#4=)zdYfgeII7?_4_*Grk&IAAW@BI7QL3z+Vam zp)kb@n+;P9Ek-~qC3&!jQ^fa@Y+79!sVZV6juG{)gHpK(>_08XNO3Q9gzV$*1MglH zt6TdfaWF&Uu&qfw!>;k#ZJd1*{3Eti+56|m-~#i(S;8GhQ04Rk^ECD5we;Gs+bu*D zIkxv7G~f#ofeS8IULlV2HW@fY);*pCwF@S+ga9Y31zSV;dmm8isxAJhtO4Bo&JI0>C6lj(?=%4fwglS_ zBVZ$zga<)h&`k_I#Rus$rw3nAq~5Jq22!pQ@AZebZ=~T7J@8jFA~wl6iR_$R3__p> z+9SG|=$yW|#H!UFb_unQSYol_kEQZ!u100?^^j0vYqPD&5Fi9CQCV8#*iRH_2hk-z zfsZNDdsc?=HuCqhAezC?0506=O$j!qUP`PsMBFox8P(Wv)ogI!<&c2v!nideKA2nG zRE(DBWv?o^r-69!Y!ezU%y%b|X;r}BLPwc-3Cg=&(a3HjzyTbv%s=rew={}TivYz2 zmRh7!=0?lc&prc|AJ%qgxSUq^KP;VjL$KqV&IC--kbolN71~-VzKl#3C}#&%@%>;h zqYg#LX&N0ZK{GEM-B$R1DTz>le1smIxPXw6yRk>>vxgdR=lXXP*~TA8AGN`OQ%Oy8 zJ8@7Ic&n3Zx-4G6=quKB{z9DM63L6S(eJO_^%$$T%;wTRaG+ zd{*gk{6GG1DrEIz9)f7>>fClwfP4-Oz8?~>qWCGbIcC-Flbpj>`*PRe-e*v_D0+m0Qosdf4J(uB>upG zB+h!DM8(#a3EnA*B+E7!0wVu6_Q-U~0d1+YTnjH&p(A?CC;{#7_wOai)!A=Ew-dDk zCsgf1QEQ$1hZcaBJ3W|U8+U@=3-PaC`ad}MTN|N0(d@lO~W$+ma_C@oGfgfN>t^*}-#7 zk>L#2f>Y>AN`}QE3N{5&#i8SRi_2$2`j5;_Gc#Ab?1d0R6dIa>pY$nRpX!rSn9 zadn39tHb??mUHXsCaW@_Rpbxc#yzWvqu2ff>vv9V7lFwQo`^`VBJGjG9 z`Ev0w3Wig<(a-onBPHP@m0lC7*&nB3JRo8ichLf!4dGFa?m#LW+|phd-;Xs&@4TJ|zgJL-@2 z?fj1m#uU-%ABQGFF^Z^F=orjqAx9Y$e%Pm=Cb^nhYeWHxBdg6 zJLmz)8;v~(TfPtWL<|BtN1Rmk6Qwf>*45+W@WnAiet)%Ax zvTw9{2IuI^)1^d5D9+>o^Bo<#7S43rOu)(a8xAiBd75Bc092Oi|O>${e zsS4U1OsTEc^_rm{5B~jbUK@8D`2Mx`n}JyGFuH9L-|Q{RMj?tr3%yrSbG}pzqTXq9 zl{*dA?zZ42kQT@ZDR*dMa>Km_&NK-ZC|^BpWxHj1UNx6LJhebQMeT#r*`){HBSF$3 zJV9FyRU+^aF&Z87;z0M4F^V!`&i3=V;Mz{OB`2lOF2P?b?xL2XMvrgu`S{HHB%RfZ z&-cuG4n3mDsyp7Bznda>FCSn0Jbxd)PuZi2oPOXS9FvzmSWl)HZv;)esBYr?G`L zldCWb+DoPC>Vo5s-M4UGog8JGAVJD0Kd*@SSSz~7fSRDb4!iCAl^HDg=<)f=vXl{A zfMi;3hvs<0IT-6HA*A8x&gkh{lx<fs#$hs#Xj)Qjy2 z^s|9N%8WwkuC_n;9VhuK6f967Qei|YmV~2$Ssd}zWmt*=bf~p(e9B5gw=8@_+b`4J zY(r*IRa$bp;%wO&2{X1l)>hunk4AiZnDa8_yeVWv>kL)c(HN9Gy`CW@G{le)jLdt| z5RNT!^kcXtqZn;m(<1vePgHO?GiML!Of$^}GXVr7M!)OVT@_JjRZa5uuSQW%FU)1y z1Fun2QcvYrSMHJE%TN&pCgnZN>#OUJ?EjiioFbCa){Lj+efN7{!Cy*S}u* z*Vs8K<#lK3c;Dw{uJaUI$dQw}_2koX-%c4Zwd9dH9=s_;9v$8cOs_Q9=WCm$1#pCP zbcwm~fa&{OYyW&FB4oYdHem zcLX8;Thn`(I)u?I!A>-#9KH~%luLn#1R<-mvGRH_t^bTq>G4&k?!ed$4-t0Dc&S0du<({Yg#fyb#V`N3A%f~S7>WwGVo74_(U!v$V z61SZ%Q?xJf>qyTjmCjo?B><4&Dt647+KhYvH1X4g;T)u`_OyQ$8(~UjZQ4+v-g@%Qh~VoO$0u7gzUA$GT?D zTHY?gmK2+kp2J{3Qy7STZuvmABn@xcj=$XI`AB&!>kH-gt1tQ9z&9dI(LL1#AdNl>|^}(hVdaAOg}tQ9wda;SmuGy_cv! z2oQou2_1xx(2;~*Z~Wc+;(za2_f5(=XPvXp*?Yb-vu8eucdRYA&t5!x=FAyxE6eNm z&YWTCr~m%W&PxCM{W1@C=FH18R@aRmyl`2a3Tu|XZL9U1<$=+IJH}=)kPF5PiEWHB zGFHaPBq`m(>+(tpatSev0=L<(B*^?=PjLIrtZ;Po5FQB+kR%SFry~k9yvVs;p2q>M zlvVWl@>!*6+o@v~*S{>T6;H2SOffGUc=CUK1+dof{Gb2-pQ8aK;1#3)&#C_oW$V@P zI1M!{+m<&q_WAl%H@1tfSL~DhPsn{j@Bty;{2=K+sbMYi1ldhMeIwc&&0D|U@NBf5ufkxr+khFhk+$Kv<bxnRp!^jlua!29BJl&n z>F^Q=JhdHp5_Wsd)WCIL8`iGv)3#jN_G|^EG1RtjGJm>n&^&Tni;yFaN;g}v2TB;KQd-Cqs3?lqwo}XdHOLn@=zr&3;IGr#m1k3~J07le z!|&XX*8y(iF(X$v;YrqSeWzu#%9(HZD?Yg)gPHdKN zJ}fjmD9nqPIh>{ph0d(`h3U^n&K$PRG>x?~CtDsgOg*wgtzBy*tKJVVJ|Ie&OnfsTCK;y3p6&F0}Va zzJ{bpei;7rFzVEQ(_-e}+f0*KQobbRqf7mYOLLE>ee=wFKXaGBsQ}W8nz35$%aRl7 zJwHbcwcbU^&$}Mhx<;7i0=}tl9?zT}_rg+k3x2>chs~HnuG|KS!A9dSD)W0w5-0A9 zFjz}LktM>gI!@LTEIx(ozK))-d$_{Uc07SOPKNTaRZW2NJnv9;Vg0*E0B>+eOP7_D z!l!1^+(>=fb_t<<|7Uj8ezw{Uio0>?wtsjq5RlV&vFnCJKxW<~B&c0<`neM8LxmA^ z=;St7oa6=6lBp8Vzk6D)B^OAFB3_oC)BWYqH*BMC zcbjK!;oduE^~zqu)%O@@V&7c3ZlOerb@`7w#X{JfULzW?s-g5Dgh^*^`w1`%k^T@cO@K7Zo(Qmkar$ zSq|+Byw%DJUozQ7Ds zX(NkEjPSsJ*SWc#lC9OSkvF~dS^g4{?Z@(?T)l2ntm~B6hxzIie19919UrnLImaMU zwB{Z1UWwuf?Edr3FQl|nB=bTLZKoasAJDA3-Prk7sAZPLk!U+HJ6)>+QS;b(+ve@> zdkU639POK@FNklEA{&aJ&BQ#q7P~$Q)(U5<#~iPv`S9xR*hOvIaqer50Ac}q-{^8+ zMg&Jl>{P^yi(L{IV*D|4vNq!aG2D!OqeYsv`6c<$FAFHuzW4{*`VZn4KJVfm1ThRI1crX zM~abiih{Wnd|GwhtOxsSQGeO;3QqS63^O>ig5ODrvti$*{JD=mwK*Z#pq{C_M=tih zfH6lP?Au$I^ov)EBbSQ_2o3;ezNe$72e!vu2Ku3&yyg|P2uy zGMW3g=!Kf+!khYvQ<*0NjElDzT#n|1)I#TdC_8e`ZC>>?{0(9sRSZQPL$vpXvJ9x{ zX->hJJYBn{s~7S$UAGLu-7eIr&BjCkzY)1f6`0HRYHswiQGReL$WHXrbav~iM{i4y z$7H|QFE;ggJx-DFcYpxZ{KvBUC69_R%h%$A9UCK??P|N-XK_-Za#3FZG*$b_AM?yH@Fyh^F~VL~vM zz%xkN%yja@c=HuSNjE0l{8Czl(IaXYPsMcnQ_iugm`csLJ2a2!Mg7+DJpE8(QNyD@ zylNnIS}IJkUtj2h{sxSq-!JMAC6*w*#~7Zgt6sbcJcUT?F=(|CRM>*EN*~LIKeYgRNf;z}nB8RIP12jrF?b z>PM)2AS?7cwS zc)OOl3!ED|6O-c&KOe7rmuGlQ35%qJ@r07Ig)X_v*X%?;-uvfvOJdSyUxu-4$O`AC zTk138#8}sV<^R6GwaI%j%PVm#_@re6zTuc5vi&Ic1ZM#X%-Xv8CgW~LhVDDJ*O0@h znd7Or$xOtJGF?5PUo0Z~ zx?_a!ZQsKVMNs8XK@sP`&zFai41FBKpyyAx0A4r;4mXzj2MF#(`{Et zkr1$GOy>N-s+VE2@G0|8Wcl~__G=@!0I@g+T~=PF)X;K8X* z5Kn>F%N-6smLc?gOl44hm6K4HFTYugjL1#L<;+W=igXuuLJ>Is;FFn=@(1C=htWXo z`1#G3suJBh8cugiI=+DJaGhNrvk*E_)*>2(oXxg2q5=gQyB570QmxJ!15w~7TA4fIPAb1 zS!44%NBu;-xq7s!GFhy0lk^HGYq+;G#>z`0?R_NaIu!Q$wA+Vj&D!kYs^$Om3$C7# zam&UyFgaRpm}uGl0)WfX*aN$g4fMSja$Ooxs60cAuYk0^Pff$z@kZ3CKzqe8-7$Cx zMx`Hg1~v;m9kS9IRRPf>=3rR-rW%Abj25RFnF!3Ccy*fuF6l zZ1O{ht-{&;(gomVBiGK__zutS^{t0f8z8XpZq4&WKeCd*C`Zth-HJQrb$xmB5Ti0e z0SQJ*2c`qxJnqgDzJr(AIXC#`ai&t`A9uEs%v(8mk5uv!JN6R* zfWrM?!=#9w$ynYJX5n89+v4y2lX7uM81Psp>(1bd5gkv~g}IO*Hul@0tsr?f>(kw+ z)38d8$ZDpe6tQ%!00>YLQ< z8SjeB>x86Nnsx_mq9ag{!l|(sVA3IP-%WxLF20c*wwR~;$<>`3$qYYd`ksxsF2%e% ze_wJx!u`jncTy9TC9q>BNo3QQ{HUceRJ@>n2Qv6y-Cw1x8R)VA_~f4h&6v;N^?g|0 z+_QLlq^uD*i` zo#Vuv-m+Qvn>eH4SzWL9OP@ML+Bb{V;Jw2d<18sH@W9qRod)lam8fJd_<&wN6D%G_ zhF!kF-Nw#kVxBwPQHEeJLs*^#cD+oVZCd|Tqyqn9RoL-SL3F*<9L0I&x1qHn0nD96 zIA#tQzhw08s#2lR`3h7y9G7YuIv()gEpR#>LE(C8Ik$PjK=p8~a)}lba7yXgHFmVV zfx`S%k9{vb=9Vnd_Ut?2y7U`FxK*(E^DAS~eYrt=q|DgesJFbdG{iRM`!%I<#ppJo z8QU&oOE*X7nff`#G1X^@!}e+WkPj=VE*zm~$JnOVSAkuw@)P`m7QIF8wp#7|kLCmS5r*BQ>14{XqjIDR=jgY}jO;li0Z66`Wn-jFz`j;=rP=#rhGU*|fxnL4%#G^4$hUobRG8EAQI^PIj_B!>jaO2iDhR0VyiHyNN(4XHkkEnzE9(t-S`3jQ9 zq?s3mgXBLtRhP?}pzNYTE>;LDJ`_pw)^5}qf!Ws9`(#4iyK1q{!FL8G_mut!`dhy4 zyPp!0%sKZf0Hnv9bSN@7KZ=r)t3JS1y}Vr^OgU8!?}Mf5uyNQ5h42Z?sU4d*Jv^>T z>f@QJM2R3i;a1Q zNf&*C8dFSPMBioKNdA72FwWarmr{*6N)Q+*ykha>lDW1K_nE`xJO)hv9Rt+^m$uY6Mu6gPslP}59ZXGON zd)Pn9JWO;!&@FM71Je0pr7|sLy}xn5j-OPKhK0 zW%#c{LVD4jWaCq`E{@qimzO`s`6$LyAEV356KIZ-RbOQK3AGEXomg(M_~j6!X!O@U`;-N`WhG_li7TY>S;XiP43#bI;}a^VN*-8^Cpn9-Oq5zE18tW)9SFm|_EWjU>|~s6gw!pY{g` zXRpg(TGoIU13$Ec3O>T;c@O70|7rA_Q56YIb`Gr zn4tQ5Oi)DUJj;pn515wjpj{#Til?M*ouvOdmLRub{gL6Fe9n+q_xOEy)y{nI z+81u4l9G~@bTj=&+R}pp7v6f4x{nlQWHiSAJZijPaG_LA8xTeA1XljHH85FH;QU`R zY209;Em%9?CDK@&U6V4PAC68LR;(~ymY{%Hi|~8QXJYIol<=c49?u(|%x4%TOk~icZj3!7c7v1C!I9Mw!R!=cN(x+yFv~ist*elyBU@pC zOR50?B%xppnxkk+ZaB{OC|2=px7;BKw$tm5Sy_OQJV-L5nJtk3U-AmBN-G{%E_!BZ ztYHyGAHi0fO(hNt@;&=zU4A69J|l|8M@7Pkp&mzk1)1vmu;puA+qU6Q_&ZE`HAxR$ ztQ4Hog6P^D)|XwZec@F%rcQ!JR^Ntx%`+T{+;llIg~YWel{ztsx|c0(jEB598>oV@ zOuk0;ti;Tp3u^93PTL$(rRL=L2|)>;GjxgK7c)(8K>=MjA?84PP+Mg73jOvj73Cp# zYVaSbjk0vg z`K3Ka|I1&-{Hf>6R={CEa66G2H%+868~^IvnzGN(Er3NZp~(fQwv z8Q<<&%YVFDj@~A|@vwZno10D%`v52_%_Df=(lU{KbX$LM@v zg9TDFUgoaOD_}X1-K7lNUIuV&g>aI{+8 z8@dj`Yvb;{T+42;TlK1XU$XnJy5zE55ATr|-8eb|f169|kh1V7Nb}v>fR`)u9PcfL z8}2lt3QxUBx|r_->6xVtkV%&6qYnUWf%|p2%A*`b*3>wk0YT~ybNM^Pr~a5*YJC?n zo(w(a;5;<7j=QvZ>37O9~%O01dl+=A0R5%+dv%$k%NuFN)Rpw)k%Jc4i-n#KLgCZ!0tt7OR zzg>!r1BYXU5~}-Rb@_^EB@UJfOeDRe^0^}ny-r|Ibq<1AAk`$s7Lu+&c@8eu8-HGmvg8JE9hVY&z_`q=$rK?+ zykL%ZS3f->R)QqohCIbzNTy+qdNH@=W1LBiU^4fZto23TAM}A0B5mCt+ldIwn)SSL(kZalFO-`UT#Vk(Z|!;cBpu^6Q{yNhh5Z#))#KSYQc*mAEkfG5EQ{{}Jxkmjwo67SK&@FvAnta#jo06Jtu9Hn3Kc$cY-2Gi-@8BGxwBjj zGm4ZJ(nP1L1dKEcqMUMhIbUrtL$8G0$K=Q~NxcgOjTw+?Rp!`eULWro%%vV2+-aM; zkiEc5a&F7txJK%BspL7ebRE51c{L(hNo1oFn+^c7Ons!F=M~3DB2ZP&i$dWxnLtTO zT^ri-Te8@|#2)DQY8o{xsGV1_K;3UH5-!?{4^g@ArDgN9TCb2sZXJIHFlaVKCwss{ zgp&6M5@7mXKpuBZ^&jQ$!MlXf%8l{dsmUYL)nCa#FD88XrbhjClaJg$D9BM2ix%Om zil`&$o<8I67B10ls!Rg1(NrX^v63*Lg*sNa7VnXx`_90Qcs5X*>=V$Y4Z(ZvgEJ{Y z7YM+svi%|*!e)ervpwIfaNrhQ=+FC1!9;d-jyG~`ARgHtr0<#E&uQ^6Fvo)3!^HTg z>A+$nJ!?!hi2rgsYZEbhRcRx{;<9X^%}IaZ6>RFjhno0|a=OKU-=&>nj}Zoi1f3y& zUeBuIgx3|W)!>3y8|%!z-%Xjf!UZJ?w5K7zTGOMgX2UK8cK#vuy<|-ePwk*DR77oJ;o1i#dwmcqsu~P@7`VADyRWwXkaON&?azDP5vyWMz zOs9Pn5yDKALAn01#Agw>r#P(*vK-|kTZc1;hvQLbI)#ifn3Y_*EAPqTE|7`Bti7Y&=N>`UeNyVT5_02C3W>5iAt%uo~J`MMb|HxGwD z%VJV*qGXfT?)>py=HZ<;=Gh8EvPlhAD#GMi6K<_uag04&$~4=Z^uNVLe|o7IWQJ8> zdul^uSroIOYNeZ(yoVI}UfN+r^s2@9&w6>?!fJ;HB#p780e^&aV#1401b(Cfl(1u$ zi}Txud$^TZIE)Z$^pj+;$fyO*tn{~!6wq_ti=STsLd0*N@-#wHz_*3wh*^o3Ghbbv zSMu`Eptg+vnZ4E>ln52~?sx>7w)e!B8p?UkEAZ`9fI_)L?38|gUVpx@i+kI&3Q78= z{cbhJp2xUH(2TXl7=J!$_WhVUO|?SA-Dnd#?tK!I4&)s*uXCc_E*NgF8xF#KMZPwK zOx!QfmG_#r?$e|%mV>u;k!J6fn`2UvHchF`yNf~ex9z5CkpI~xWO@)aDAT`x2`sED zOWX8zFRLuexGl|8DhVlAE@jxtbG;rzO<4`!)(qA>P>uW|+L)Z)D6cd&DIh#?aIG4- zLEnnP)U|PX1aSQzMajWKRfs_&73Qcx0NfmspE+{S3Qr+ATiZ24?s@6|-GLNFeh9ng>R_tXVM9u2 z$+ZhjM|p&y!DHtE)$Qc=`>Q^+_V>_=Ud6jU3=v|v9z-7beqYjW7a~y@nOrKn@rf|l zdy;MO$8^ikW}jy4?tXCJ6(jH@6N-I`kO#0FZouGq>6B$jSH~BRNVgb_MCMhaNS>hVX#}%$J@o`qR zIL>c{8ihbMW+cVq8xm~a>AN}3zH>#P%|SO{)(2dfBHxx~=Z|3uiP$APlp zlu7aSwc4la6qaQv$$qq+Ce|oA=kQ6LHQE^N%lZ7ZOVoEn8mX}(I+IWCV*i1)BTY|X zqnSSS&1w$kzN8aZV@Qath%$@sKTC#(%PIm}O$CpGGtRS7%7g)_S}sjwDnsV8N+TL&Qfra*S6YUS8AAxO(C3daMr za&UR8{*L3pvGuPrjHV2)XHD`CKJktNBX(C3Rs(yy1Fo2$MD42lLCb!Y?8cE7NsV;5dL9>YjByuLCG$R9@+m# z;4g6Wn3E$lejjpg_o3)Q`~0TQg3atwSQ^c_PX1LaIc{ z#@RzkP&{mJoaOam=ICELHzynlVvHfmSJDUXV}Q% zF@Ujpnv+j@ntbX9MRM|#>4~?OO1~dy=VHlx4pbv5cnLvd`k_jNt>sg&ref(+>zX{V z&LrJ}Zi~Fw8#uOND^#hWI_uktQCn7TQe)+9o}by$;U=iT4Fsk;yGk~*C52fkL4|g< z=B1OImTdv-$BU}+kV-Whg-nK|{CVK&&x=rk>Yl4>XTY+ZTCPGGY`MYy)5aWB&pegy zPvX+zX2YUc+PQvVNt(sG8n2^u9^L0Nlq)#eeht-?L7WYcM&ZuPAl@A=I-dYg@Z~rDGVuETuKxay6WQoO$2I9oD9lJ zqU-BYeZbcs(dL@cTd>ZZh4#olJY}&~}2|RD$onIiKYfT3odQeS;BP02GFXnx; zdSzbN<{(E^??#SB=>1i?$)K9LVJLR{SWxwTHB4QH18S}91sJjSrw2dW1mO24H+tqD zq$^28a{@Hc?>QdvTO`X;M5Kkz-yrafFvnGL+*PtPpZ2ie{{38T>TBh~s>q6F7f^=b zE;9YPndFrpZ(jvnTLzyZF3l@J%C3%F*g;SNjLyF@?zS+E-u#@*)z$W@#XSY+YI;C; zOdf4i=--v*xFIjY+c~b^5B@IvqO?t#l~=z1Tm?JpkQHb}-;ae|dW|1I)`)h63rStY zLc-VDFF@5iBIAMm>-T*B;=nHFjI6tiv~~gYOH9sYdczh``LeU3OnSS$-j>O4-7Et; zrA2MvirEP~#tLkgh539eQkS$Sx598yf@iWCi}hAk5?{JJ5aEP^T(YO02&&X58mq;8 z%Akys-lyw~TA&p9X0ICPx}ljPgVjCQOS0lFodsmi#vE09p?eu^(WO>jLdQRvTM5TU3QN72KeRKW?ax6t+w_tlW0(i5^3LFI8a9Y2T$BpZM%6t+#641vXPtJfsgA!s(vK_{7h&m?!|!eOKDs=KVioPxVW@r_t;PSIs4P*yDl`_q zykY-PNNll8QT)o|;5yPix=3m_lZ$L0iV{`YiJNlMxB>+U^h#|G8~Xk-l)~65WL5Tg z>xWrq0u4p!;exN}8(Y^elGv*rZ~1IQ94&;#o`%~9DxW9d*7#xfr~Z4iGHrp{IB>hP z|68!lLS08dly2Jv-1OMY;A>jN&5o6yD%2;i>lgO~BMs=e<8AYl%Fa)#atgat7Ra4d zjX8l5+j)|v2+Fw3PDrWL;PVVbvE0Z_s5F0$vTeh~_erB$zjfGep0F#^Z#q71N&DA6 zVIc`&29)f%*L9N`NR3+5$I_ggRl)TK2hODZxDx`+NWY7iU1@XV!M-X2MFs7fw<&Js zG}MD`3ntihq?1SeE1Bmm?M!GMoe}q>VOeBewFuAtDxP871z5a&UP{tU2-pj2PF-?@ zQ=oBeE2fZ_-!v2wdT1{ub z=DQccPLp~n)T1J)uyKd3cazJK6Ce8`V_A5SZ=u?LwRqT-Or?xJ4*9u4!0zPgkGnoq zIqFGplBW~t;>T}+Ib)yMBh7B*>EVP9J+1Mb7dZ%in~v!FhKFW`-Aax2&1kwQq^`ch z5F4V*5p1i;RR^hX-OL<=s#4!MkDd3{3Z9ZH_Z}X@Tnef;#HoMoVqpz2yaTTfuDj!C zxhVQZw-vo>Y)(vsjb}X7#av$BN6sr*r9I`6EW0!e*&cmX;Igo6dY9U2=<%<3!xm=Y z@rVW4tD1MS5cVutbX}!wNC!E&t>>I9 zl}dfQ!rcD9{)l8}cBn5WWdXGA7&~Vq(jJQZej-QGZMU=HJ(kFqMXFJe(p9wHqxZYd z5IY}1&v>|6PdJ=(&tq?Wcwcn=7!sGs_{tjj^7~t`;CV=P%|Vux`cR2#)lF;JbJ!uY zK$Q`iFKRe_X~yuBW~e3?HFeiY5-$l2Fl_GTH)DJdo_Qv^Fq3&<>hn54fjL_4w*Ig$ z=tD-9SbUh%xYgZ>xfUG*sxsdPCfw^y7bx?MGlb{|)OMX;yn6m(b5bdVGtjRlfnPRa z?nKwO<*|h!^y%8e}7NX@;Ny3qOby;u3`s+%?yu~O$O zOEq4#cq_9DdxvCb2OiSf)L`l0s)w$Y&qFtcJ<7X=AdIj_XeQ};fhBr4oc1m2J_mj-{ryG%C^Mh3M%lm?-Ui{URzC7eF zf#;ktJ{|R%Kk4bkibJgpkzUq|>C6P3n@)3Sa@WX6xS}HIjsN4rl}`znEhtx;+Ii}v zfm~2CaLpy#7pkz3^a1%Ut7_AH1o!92-A% z9YwpmDlUoQ)jwE41*27s?C;3rtv_|)*;YAfp^sXO`f)5o)K&Z*yVV!&Ee`1$sWpJ^ z3h(4voqM;kyB7CtXh@y62I|D&(8O4)8^!gdDix2Od{ox*eb ztHAO~a~8OJn1IkPB`t-3Sa#1o=JTVvfZKT^gv5{0s zy4P&%>bbd3FEGS5%0|GFg%iHnyO;%zP5!NhOap&0Y2~4EWM|@~g)RsAQN_TzBO()6 zG+vM(ElR;%CwWMYar)GRR@ofIdM~{PC^AX+cgr*8`ehhU-H*D9p*K>c1Z%Bcu9BBF zdbui*DUSN9WJ4_ydotpOr>2PKR?pX$B3|J?BEQ z$=o|7TFTzYO?xPQwxe4)`VkXTHqnYCY;lbcoE8U+~jKtr9|x4-hv~`jST43e3ymXcdc{-Ha{EFwPoE?5MppzaYL2BXBspn>FXm%U z4S2O=FILPJu3<6$5;?1}z&MO%(*F!h(nx)ZftGVF9XKo~H%oeL*lA0Q>x^FrclEI1 zDoxpf8j};eE)3_!4;-LrHTjGf-;(=(QyPR}qkmjJ3`_dYh6p4ifn(N~_prw-I z&7j)J)~@2*tsjhX?(dF+(VJiQ*>SG)j)JFntdrb_%r5!<{jYb``UMY^{JWkuT0kb? z_-1HOa+w!0xt`_fy!U!X&#+C|uvMsMdDGdfMD0Bdu=e1vNV4<jW_wo%rVW%X5K z!pU%5gSDu0?`u)sqnmTuL@(2HGwgT9A~Ws~Lg0e)S}?}hcYqjxC-H#SH;@YbY8QRP zbwZxM6o9?Cby-+csleN6`~r9K$D+V@$g70plBvOjzqPaO+-T$PW4?tv42K}aX4W43 zm(jZ)K>94p>k06Rre~cMbsoW^#oXmr0d*7_8Yfh$)WmzL#L^Xxy zzxNwP?L(!b!F95KbZkDI)gUDlYA5|< zjnT<*RY&D7Ei_BK%L~Qb!4tgXbZEfQpj+rF&~f9ceA2> z((U=HqXyZ~zt@YQI$6MMzVXI|k{dLm`ZX!BbImvTee@dZ&kcE^5MJ4Ae5G1nhKd^q z+N7&T8dX0$5f^8wO}iyK=Be@YYm(l_>F(&MzsN|@@#5@|iULR&+93{mB2p-;&dWj? zh;~vZEMmON9siNkNJDOvTp*SfM@|$4{Q1d>!|TKQmFlrHPouhtS|7FmGJMT8iz1-q zo#DFE_cLc_G!6zJoylgz=jvQ=5Z^OUWkh)=RQjBdHgMI&dL%4;tMUA(-t%R?mYYbv za_I1@x2KyeN>`Y3kTCfqM!A9uYH4Fg$OZ9_(tnskICQ#fn@pw0Or8{h(#j;8&M~gu z(D_y;c9z7Mk;0(Yt;9fJ6ZV)7kVY^HTB>@+m;@#v+J2pjDjnHcG4ZE7HF=qwRT&Xp zqZHf`W4#(L9uvR1&IJt2_imjTFd$q2BxP;ukoKEq_Fsw1g-FQhjmcM+`bZ|{zA8)= zsgiH5>%XuHGX7hIDQ<0tG8;a?I0vBrbSKZloYsqs9#oV-4WFr0XV&&G7Z^@dYA{Jc zEL`4lh$^be=e>Aj^koDp6(8^C^dXi#L60}McKu;<*5h`D2!AK6crN8!@H~}}M7j#; zaPPBxk$CET^3qA~+KGkU=0{uBFoWDsv=nIP>wh$UNk?E!iTMe|_6ucP$mPjwc4C6A2cG@j}xce{BDzSH6c#d&j zwGQswN6V{$b{als9?mvROp>)IPSZR;d?d^xzy$w*B*$A_H$@IV0%zO+UK-GVf`3S& z7d|%aMC?G?)_40)wH_}hAp``n4+HTvx*YN$0oO)cw{2ZRg7Gc71qR~VkBPv&C!YCi zl5XyUT@eJg7WnK{BIqBwLH5|J{`nK(?t&V%gj7dkBh;9|i*f7ZGVw#?F&y~Sl|z#!MbEf+K{ z-2Vu(Hqqw$RinAbniK27W$WAh)IFPvKsvaSyBnrJyD$$=n|L>b3C*8x?)lBSEf={H zWuQ$Nnz7Zk7(*YR^uQb4-S4fFv`eSo1a$?Ce2A3%)?d5437Fk%G5z6^&~E*8SFtn2 zFSu|a_Rsugk~k?kA5H6`vvR}@G1tNP#c6x;`zy`hDUyaBBIs!2qMpt{-d77L)kZo9 z*4Vh2;twmbXx{qB==Ep3Lu<2fTWtG@>=*Dz{MfO3CW+OytD`8fAnffL)3lkBf<@oa z)IK3>T5sbHPS!u9)X`VmQ1Wl|=*IE%hVvX8uxcOq(LF00$FM*7A8&Kd5WlXd2fw*4 zEh>d&&j)P3;2hyumA8|sRZkw*^CMyyPTXD8|2V6E*wl2(dPun=8cIhMD{8WTex<0;G0i|c zv0lEgk(i0vD$+n}*tzb8xYi51>&G6}X$UlIUMkgpD zX#YdmbpM%K_Th-p**~<;+O1D%h^vT6P&`c~ZaKD?-jSI{XTN6jz7FPGtln(l zCoR%vYhE3VKJ0Wo>XfCfJf-7*A|WQndQC5t)&E42e^v%aOrPx3s~sCPr5tP2CtTZx zx6_H*d!JQ_Qk`Pj1nelI+4^k)F0o_d9}Y+U2h_#<>$w0vbTjs(lbuofIKeMrTshXF zhTHcIYw?)ImR{%eD!ztlfCdl84zp+~hK?UUO1&8=M%?)~BS~D1uVqDJfAMR#F5S)! zD2M!4d5v{l!@Jkp^>F;Z)`8MT=Aa?7lfKM4ovx!b@7_MY(CTk>6PUt#MxcLhmYKZk2cE-Imwg_)iVKByc|k ze)VMhS=&C-$<8l;#rxx>f|Dh3oEq#;dW#f4k2r=O7JuLg;Xs%cbt?0W+lH!Egc^o! z|GV7h>tuA*AY!kE(l?!Mle;xe`En`sQ3u6Q2bbC` zb7#~dHLde>TIQM2p&me`H_X_*|sBrl>L<8jt*gV-?kC zvT!xZ2aio{MD8wtV9r#grX6ZF<|z5F*JGMaZRe*`HYbig)3)!zH>EAP0B+wh(O1rK zo)R{W2qGt@Ers~K4uT;?w|@+_Xe#+=u1L?*yF#RMzn_kMXRi!{2fTqBcM|INQfkel zcWy*@C2ckL>=@(SCA#K?^gA$;`#1~1iGux1|6bj0Fahkfcx6m}cL1{-$YM>Y5q~l}b}K_5vH7#@MwoCdKZNycTaXP zr?H>b`)LKTOAqA?2E*nD`s)Kydv z2mu;$@{%NV2Fqaj@<(r+SjTTAMRtVk&Fn*7C>KhS`DTm>IKGHAf1S&K+uPz0gr9<4 z)@iAo#Oye(m|OgaLqwhy{KhanO;@|cSgNiJnSqSnup;;*@70g91$+U`P7NuhX09x) z(CO{<>J+>GDLCJky9uh-EpMcMn%|r)D(VY({PsQV!lgj<^EZq-mjW0CK8Q}vvL?;x zs?m|yIfTvw{Y>LLk=MJe8}ME~R-#pdZaiWREmD3iOI<7Kus*6;u8hMd9b$RLIwgSo zf3f$TaZN>EyPy;W1gX+{w@?J6hmIi9RHR8$LJ?^~XrW3+dItpph>D8z-Vq`6gx-q~ zNGPF%(CZxDcV@2tJ99tGxA}1Sz>nk?PWIks?X{l0&U)7KhT85i^Ccv8%b_;Y_hN_Y z@*Q{BS?-vla$O)=BG)uKfd4h|r`RqT0j}@1GW@3@auJ)h(LZ{%V{~pKnr!bM*^`BljYYAE=M5KS*`Rh^HD%=r^46Kq& zJ)T^hAo4DEpIC)M|Fw_N#E4A(wTr(bN_BjyC!+7f;x9CLSTu=mD5Rxw&A?BM-c@ZG zqzH<0eeXM)diJ6Fd2LN5(Qi@BY;kg32f?X)vv>z`GnI(L>yMMooyBg*MpV)JBodud z-u)(=EF{v!EXVPJe*=-yMvgrug21KgBK(v1F*x#RwZQISpCFY9;54NC^u7JW z8gM}T&GeXB&5nZ*WzW$e2q#+%Ri?wHC}~mU+H-X0L-RtN?s4{N)WzS*yC0uLg;$=) zE^xs=NQSLnhAJI}f|D>IYiby0&Z;z|2`^G@Ps`ul*6H{c)_n2G(36#mlazTU#iWXo zo0mg#k!;+j)Wf6-5I)5v-gBk<5=KsZ;(blL>5~Q(zf0?_bnW6?K)iEMF zGuXE2&&*lhT0Iw0i4|(^9tV1r|NdNc%$kd()90Ps&9ZWb`SYH1+1si;-=lhda78lI zv|Ub`9n#G*KTGgfHWnftzO`Rb?@uMmW#*yDb~%L%Jc!D0qtNOS$b@)NBik63IF|}( z)kf3~Cu)`@*Aqup!F%yAyqUiUXGTjUS=4|~)Q9>bgK~Px_wh0E5T!t`Cadd>>WB8k z&b=DV=AlyE%=Vr+#0(FU@=>@pCI?RW3M0Fgu8M%RG?OoE3AwI`Dgj)%;3*dB4)>pD z0x8y1veM_`97`${qBjz@A2V}))!AB>HtR)HPF#Efvo3VAUuq(H{HyVB*f}lZjyJX$ z9|)9e_~T@kM*@}?m!IbxvAT1x?*^T5)~{^bO9-(#*}lBkF39ezUy^tJmNl*I+5^w5 zT_;g6jp?H77!QVDCtil~n<5xut1KRontc#Py&$p-(GlajllsH5@3q)j34b=RqOB3; z?b9^BAGz;N<>_ABe3H*MD27daZ$RzO{bQ_X09DN^!$!tIBAzaGaa+8Rwe1Nr?^4jR z(yncjUhZ8VUA|wG5RVIco22h3&)A&21PNp{++$XkOG}GY<5yZeC#HwXs9;?t*&oEo z#~!kPJ5nTl%U_Pd-PCx)N7x_yC>&=#2v4cH{-IO><@W0FrXpuT3V-lGNjN+8atXg} zh`q|oz?o-v@B9dky5RA=&e}`-Hc4{V%$t(9lGu}xS|qJo@piIYQ8BigDRnEfepmgE z51Wi90XUG=G2X3;sEvUMB^Qs4qDSLqqhmein$-^1d*ud)s=FX*099%8Vd2!~O+rd? z3sg0Il(h4Y4{WkES)n=9I-`P=tG>%)CS-pN1fJEfDzwUaAAH^dl~PANW&mmd$ur>< zDQ!oU(kFVbemC8lQw@)u*2mdDKK)@J>!1 zvtTQSygnc27PI6|{&;|RJXHONq-EHg<4Jo2$f{_&Zcr5RR;Q;C`d!?fgIW?DoKOPh z`|eTlh(sS;PBs=aDJedUv*>Pjx7c}2a{V{$^A0V3tEo39s^iy3r>34T^qU4e>676_ zPcX3arR|;6Eg!!O=z7FpI6yMfo?dQvcS6v{xZ1nAp9f*0VZTbvY;%9~V+WGw3zRC~ z8rJjTG0!1G!jQiHpQz2B!ucs(0NKP-szQ z;%J1U?0-MAFcsou^>_&8MFaJ=&fgyd0-0Q@w9D==f}|0k6GnHd4AY5 z85@7!@p^{RY6GkFB2#KLT8LMc?hi5QAekZqcc+pmmgSU5Kb<^Ht|pWCt(|8)O@#F6SH>ju`Je#D-R%vwbVcpO^(+?m|MyY*9HPxZa2 z+t$cg)(O*(Y@rr3xy8bRnGjs9SA&38RO{CfoCHE5;;gyl2ZSMXhYD+dMpXZTYWFKF zGD=nis^{7@yZ?o&@+7a-zreg2(HzJ+GF8Ms-dpwTaxEHaR2X;# zU8<#*CCm0A*Td9F%lM}f;fc;x$MrGMP@H?5+*(FMw@WnvI^|Zco@Il5i}`)cviGL@ zQimhoaDk3bGmcq34VzRicFoMXO{=dvaVm+W(A%QmjO7VT1-;p9Mes-jb1ArB*?Y@1 zdy;J8L)YZB7%fzGsJK|4OsPYzoISZPJT0!%JbMW?Jn`^24m^uOXY3 zyhsBtw%zQO>}7`-=GeP_e?*eayqXXhM_r&7r*i3W9TLn16E?|K&oFi0mB-;n6djTt zMo#I1Ue5(Mcm=mK3wvlR#0saAHmpFi3x@avRy>?|l5Jum>}`4r6ie z_zA$V{QAj?aJC_xDQ4k_oDrU1z04dcOoi<~c#>rD#2zFwiB%CgFU#B7Oy1$Wu6Bc* zsd{L?(aV;Q=uW21D7+#O!=1ZJYCR3m-fn0?z4+xgcAIXbg*;6FugGn(mP&}wQh$lV zy|THEuGa6`7JQI(Lo{m~!+ zx8&ymSrl+pps2qEup zc54yw*WB%N99aGtbMNT#r1kw)+48)**I=6hV5>0&TEpMK(^PG{Bhy_`DK0C2S6brV zKcPrf;f3sQiVs2|8f85bLsl2cTzxfVDK`Beu0Z=QZ#rW^nr&uG$;6{`qOTS^K;?AP zY)cusgC!>(X*=i(5vJPmR5 zrhE&_aTm6+lSE*KAg&u?_9c+!jrEXGpcvK5;Q96iEsOYbt+(#B9Gb~?#Q--1uSp8U zjU6#yEoW=-N$UI254UUZ; zQEGXAjx+II8U%%Zs6M83SAq4&DaGhsAVpp#KD<GA0$Ij-Ci z36~{@dh{RBK8emR`wnd4SaZB;{H#1!SZYX9jKEB1Vp2gdPo(BeBTypdSB1>{o)DkZ zxh&!I@YqvHEcnbmdxm+u8xp8&p5h}a|JhNo+K2mVgjT&I^6&*_{lG+X*^J9Sjz_td4_!+5 zH#}yWA{RcGk0|UX9j=D@7-V%WxwG%D#el@KhN~iHKg`VbmAHyk_wLybxZ+q0D&jhUB11_wAw zmuEK$LZK54m+TlW4b+Au#kahW-P7EHpAngakXcg;q*%K}3RsWz?jHiNNeayn0rioV zx!$dToqomG&Laa2N-GO^9&JXvm=|2WbotfoyAzLL605iM+kP~&d6o1PD8@ec^Gb;6 zb-dxVcQwmU4&J5{+Xyz(u-nnN`A4u&E>lisoSX3=3zIcL-i270*7~|E@T7470@r!^ zen*zCj8H3_I2!U@>!#+N?jN3VBCCRQr^#sGct#O4cby=%{#XE+EpOWYRtV!J0@Npc zTldR`jlGTkn*56PHrbX*7b)emCmed9I0f*4lElYRJf;XnVlv|EHje|`EA=V)9Y~>& zC*A~8FLOm???OdL#~Gxy5^LBpK!p9^H7Y*oN}+9pN=rhXd`7%lOwn~u z=nkv-5$f+?tdM(4vIhQ?wLcVZA>F%v%!lkMXIL#BPzzB;;ejqY9_4uMXyUZJyFITM zntG_^)BYNAom^!eSMO4gGf$QG*jI=m6g)UoVZ0ubH$SklcGvQ*5BMo8P@4Gu%E1z6 z4KQY2Hu!M>m4PLfC=+`QJKOjaRy^0%555xhD05aSu?Rkd$vT7sWu(F3$XpMZEt=ucDYp;>GeQ(4Y z(wo6UHuX+iP;o2)V1e`8{kWpmd3$M?Isy(PUNF4?+0MqRxSuU(i7wY9xwT_yi8xSe zCN{+77k~DiqIHY@gplon&uPwM^DSgf)2fd zY7?E3^u-z`C)vKn#(s@0?zxdVsqBopU;XF&2-6{1Vv7{&PVyADLV=|g>VHTq(D$_K zc)3LP^|*Rj@bDir?@~ITSrp^@PfyDe0#gic zccHLb0(;d5D%p0kcD8#-3N%E)?o#z=4u8k_43|LFw?IKEIn?^I)86YpvqkXaZgRz0 zA1)2M7ABxvRgl+E+A+StNJHatk@I5lPAT}$eq@d(M-Yz)ue?pWIa8m7?ef!{U1`r@ zpoB8c>Nv?wlYh#~qQ#Lu7cFysJ0Y^am@D+mgTXGAMqVe^B14x7#?)4tGzI;q$#|F6ZH6s*eER8$FMr9VY2xy$H zpW6YwFSwA$q1Xtj=a>@lfGU(sJ+YORVz&`2WPolEof%|b(680I`?4stJPBz0b?H-8 zm%7bYrnNUyZ|#N02DRw2cJlapIf#G(x(61r`~%ByV%dba zJHo*fKYEnoZB0L_yrX^`pT5KY@p0LvoN9m4yEEu4z&=RJBmD&at5FyEswo*m=;{3Z zhJ1qCQ;r)Iv`pQDQyV7tMiWd}Ii;_kqw4tf2^&GvsqToU!@XSM?qU~Y!}pC^)BgLwZ_e{G`%i zpzsmQkt&itKzb|Wnp6nISh#pcE1xr;xaMTBwuVf31JPZ87DA|tc%X9P6UZjirEO0M zy{*er%D(eGB@v+XZ)`Aq zB5{8ls4)lR2YtD~uG!Dwhejc@&ErmgDQxCVk|f;OPm6S}=^tzyFOeKlQ$057*H*kE zo!o#)0oiY?o8Wb)`0@t8%(56T-#o4vZk}z}y4c2Gd}@+kQXX4Ow__aCeZiuQx9owS z_~Xf;Z8ug7-P;0JA%Vc^+l$7D%ErVG@u$JUBp}ct8<&n?S!wgdb2XsZU#yY}lW9i-er_tSoht|B1bT2tg zq4mJ-lyW^(7SnrOiXPHw$(aW)f?tr~Q2s$QF==IrWKa=-&+^y@?R+g3L9x&LIhRK2 zPA|UzwB|`!_it3tCJX;hIVWJ#0Oyz!IfFhpuf_dK)2%iQmCh>(98itJA^c|6sx0dVQ1hMOvqPO=N_sFP$x0iqPjr!^X{0;^o~&vz5I zgM-M!dv|my#lMt`>6EZD>nLt3I!zumRJ@czf5bkElU+;k8)XyIrybpRN4X!G)>eX9 z3z8DYaZbIW8z>Ac=XGLk)MDrmm$F>5k4stMna&2qT<)AEo;`f!H#cH3L_e`xV0a1S zZ$_ZRO_}K>b(&}5@|qfxrQN3M{I&arL9gO_s+xuZx=Ri^Ia1UxZ%7)uDI0R#&=XS% z<+|>#-L_YiK7m|+C1Z%A+-$hszt+pEE}|e+AQ24aZVGYGFr-!|AP$P z^d9LB)}jm8n)q%9dY9lA91CdDdt_a2!n>`A3e>szvcSwJeHG?gVD1OS@i(*{@?z`( zT3J}zxBg1+uaO}8vt;U310zHT0G6hO-@m%eWUdGAx|{NzT@^<32N8vwr%`Ob$s^00 zU<|;W33z}$4K`GfX#{k)`~U%gKMSefQ0M}@Pc|J7UE1H<>f*a0!iaeD6tMd@myThR zZJ>KVw(;1ZjL3(g`X78ZH8os--X;S>)4mzr2;BW^-LSR9(F9kd5ogg5-(!G*? zKNj|7g0dbNkmc5e`D^KE?&AHEG1j4Oza*$C#k)4Q1O+`0Q^U!$$`(%Iy4k!tzQkIv z_f5)GWWAryW>Nz)?}BQw2lTF zRi5SUxgGg4MrTJWY7hIW8SpRX-^HJSC#%Krn2V2Q=Ym8~Ij+W5doTOqSlu698O5(z zWBDtz&Sf)#+=9X=+YOvPZd9ctP>^Mu#@S?)zq3TY;X~TnE=zExd04rLm0fP}7Je`F zR()Q6ckf}=?awhD`u)LARbX6JQ;RR{yG3zO(oD4^ZyNh8|=DorY{0zwIY!vMDFi$4p#Ew%9ceAmhQiNvq-j35f0uHsOeM9%4 zFu5tI-LHr#zft@&!#SM<=1(CC3Ir&ktQVe@a4JXJDFqmmsRy43tvq~En)Y!h ziuA??5;&`&J}yj)PhVFwY|`^Of?x*qTV7z5U3v;}`9&TP3dQ1PGp0QdcYzx^mWbSr z1w*dR?hc<;wWyyK%g}&nr(r(KJ3!0F{=W5d^3ak1$u{+)Jc97uAr$Q07iNtP$knl-hba;+EY;J8e?IPQ#=Y})BU3kUarsQFY$ClUInI#^Y zP8qjozzQ$-Gs`VckLyfwYslUg4=~LYGH~y^j=NA=)lVVe9!cg2qF!4a$7<&Nk zR3)%B>Lm44$LrFVMPG2+nwE&WDE{yx(jOh0GyEIy9FBQJ9^5_TIk#{3a}1gPahr!y zveo|mAtwxG-)(An@+$0j!27nl5by}Xx!HQ{Ay6MI^OL&CLHkzIq$-)8QfCk9Kd9Qc#Xz1DyM`Bx!r3KPFq`twww?r=i+g^}>Q`rlD=fUYx?J>O&R=T zYU(S6+l#(Qk@7q8Sw8bFB~FTqjuj(019ZH;{M7QP6ZOnsUjeTtrt9d5dk+0Bl?t8& zudY0Xe}!UJUjvPLR&06QJ^Ar-yU?mf{*+OIih|**>Wi_n6Zrn_GJ7oG?PT4pSl*RMx5@0?ZdX zCe_Wo+otFsc==g)>ybb=ZGg1q5S)wwZc;NE*9YRu8! zDLYQVN=?6W)Kq6g<1&jEye)mMP8jjm-O_T#c!tzw-rPw1qkq4bLc-)Dm@%R3#hFtN z{^V05b8PO$&ojf_S@SZp(!J|?H-h#p;%0<+!VX!&BF<&RAnzNX^7Vja677#4~0 zmvd(lyvP-(jYNI1>;O;F0=iVh1r6JS*W1XGcLK>LC;ZC1jp71FbWjqi&fXugxxljg z*VB#5-5a1x)_o8ry<$#dZ314-$Z}W5rL}0zAA5tp>%x0{lH9zsTX76~p{3M<9h_^7 z>_yPWDVR6|K_s*9&FFqL>v2tWK07vtSeZze#TT~khSG#RgQJ>`?+IwQAotp)zUnM# z))lA!3ICmPraa-)Fj`|Go<*A|*`+4l zAojkxK?vTAd$3O?r*{Q@MY^OR9_{5^<$ft!t~wQ8ifO2Q`cm}Q2R=lYsm zp;j+bd4Nr-EDxuR*V-Rj@yGEJEjDj{NvOb-2_0-ok~S}pZ{40Ux)Tx?UqEY%PrBc9 zGY03kCF=}lfIbOMzH{k@xMRF6Qg2q_&66=)4z%weI(t)K1ou28fuNxh=yqbzIVTYX z-bRGa7Cvn*czl~U7Hs}I|NOM|^0Z==HuBT8ugMsA#n!Um0(RKR>A4XdN!MhCg}S0_ z&1(L+WTq`Xk(eQ9^*WT#3Y*?$!7QI&swFh5zat)R82-22r$hnfebwYEUqBKqOPqII zd9%PQnGI!UUX?XJ$lK8FeWw(E_rXKXlB5SE!q(R-{~|yppgkq)d5}q4iuts&GidU0 z!xKi>yN^yUl}Bq>UJV%^c<73Xy6$F|GMGC``^onb2MyS-O870hCPPnT%t*=iK4!~x zfnv$QysHgRlN2#=m2b!X2VC1~0w{+3$vz_?;Ew@!_rLfjb5?{H;U*Y?SP#!k`x z-5l&UDH3?4$lo~Iv#PM3t;#03_sCc(iO6-$t&herx;FB};hBXk->iv~lV+o4%(ISc zZ(;d!euc$57KsjeIMK==y^3o`dZ{`=i{Q&WF{^(u!zr0`d~1_@ETDU?m)s&rg7 z1o5LKT&J}}j^amu=z?>mR_;fb_{A-=Bz7;C0ynjDgi1E@Qf;*~3Dc{w%l2C#F!FTQH7>A*X%89$=03-w+JT7K7wIfu-n|hvUTH>#0h^DNQXy^&V#O%kSf} zA}4RQ#BSBYMC#KyaKA4m6i*_newI4tXGtPU9}6u8N=emO1*|Nv0N^U70Q!|?RUZ07 zEc)d5gXC^DNBnX<6IkFr0?a#?;%^V?`O!IZvMH|Eu4m$wC?=_aR#t>vu4QCD6(JlV zA)m&PIYnn$fVjFO8P}yE{aah%% zvZ2awW3YhKm>@12-|oFa4=%U&m=CDt+?IvEMJKxqhO%gf))%wh?$lc<28bcA zsXr%~E3iK0>;3)SWQ=t|dO%hN@s9Lp{T?GX=0%cTs_P5TjTEs$bwk|f?`L9M7e?aI zDeiIC^0xXv%NUl8DX`Q@epj-Qz&u%Gr~5mRlatMW;bJzZcN zIXL_KM(W+OLFf$0Cgc0z`v*={;8#vZ%{W5>M9x(H&6;*l;-7#Rr**GV3ru+y?e%?I zj#x5IV=%dw;evSK`n)7ni2@l^QBgJMd0p#)Av50}aGA(!TI~<6aJQefCp})Pbd5Z9 zrDC`1IKU{KV2od zjgo49#box|Rv#)?v6GaTx4fL-t-zz%y-LaZZZptm0mLWoOi*LP@GuRJy zdcmHjv?MxFvCZrl6vw+@0!ALKts~>A!Dnketw;USUR~qe_|&+-x3>@(5?jeJDCNta z1H*!?nwJR7h!|J`VJ|E}B161f$D|euiUHo}LcvWH&~K^?&*q#cj`{J07En*IT-s*4 znPpvcuj@IhbI9=s32vr^4Yp8J`Z%5~c6NfPb?aW%%Hr=9P@CjgCMXZSQBX=K^~mBP z{y-b+VA*|O0=Il|npX;rH+ek|G^y-9N2J0dEc|-Wq*Jh=d1D}Q_-H#kM>)i_amT*&k*w~! z6R#h!2`v^JgA9!yy*E>pZjrVtwAg!R8u1MWr zk2_C%@rk67aMKQe=W{g@q?y9LlVZuxvLk77RjS~>BRqXVe_JPmx%xnpU;6_&p1>+o zyyl^*-TUa@OY_GEZjJA`el>Qp*pqbVE{9)M-~)BW$GJo*97Rh*c|;jd2f}jM`cdqY z>Eu6jQTzG{n`X)8D@OSo z{-6raJU0RY)Ar*TNulqrqC`47>WAt+{}CZd01w+H&T`s&r&@H3F_;u9PN-{pJ+Irw zT2vR3?OWXmu1H&h=w^qGdBj|g`t4SG%et&LhTSW2Yn7UdccG|h^0)W%;e+Q97Mz|O zM}OTiFf2kRQ@4yTzs++~tEzd4%HQ3EUtd;5Fa@A7gP|g@5^zRY>K&!_w6;T#F z=sN9cH}M@aLsx}3x9{_1DSK7DFHM}Y=Ib(FX-Wme%ugTtf7exyh>9ti zFKIs6*bSMi2t<9w1(j{20jv}6m-?HM7gR8#pK<~W(VR4;@wSoZk6t=4ed}kNewdTv zh({Py%W#ofXN1f`3f!<{txXGGhWuZPo&A5*M*H6%|6i%b{r_rZ*cMqP>fmVYmSt^( z%z^I0o^IBaSk|GaFm}uTY@0SLhqay$=o6!`76<*S+5;`+8Uqd}4>veg$5QGO93;r9k z%q>7Kzrgy1TY%V7vG|v2-@wg@Kxceimx2qvs!+ihpJsKOrp>H6<#{EgRa+u|`znbh zE$TPbR}-J$v&_p`4_(u?YVbTWUlfq8??G?62A!g>*g)tjMiF|fG;kk14QSszJHDbz z46tv#i!9#we+UkuZblaqkz*eK3MWdy`SyZ8 z9_WoeRL*&v#5r|En3|D0tg8d4IJHou-#i526`-_8ra#%V`bczIPI2i6AV7w$E)Ccm z$3eoc^m4K?nwI(dmi|isP^58V0}&Y3Dit>&`9BW`PJi2sgn>&H5D}Ahod-1Agu~q8 z6PAy2wmb^|Tb<9a#64|Adg&w|kN`t}(Dz?L(FMhOVe< zz-OBP4%KwiPPpi-T*)?ku@fN2psxr*=$Mw(n0WZ3`oil~E1v+iPlegV)r#*kBnJp^IScjuKgt6q|8UeCmu#PuIOM<;x-9&zZtura zO@;Mm+Gf7B{{OR{qzOQ44L<|qmKN&kyA-y{uXv!9iHUcCj!itrmzCZV$O<;&hQm^u zo|-{xv;Kd7Y)q4d9pNPWWM;gSoL zo^YQYg8wGrG%vY4!y_B%jZ9vDFD+ow2T3#Jj)^XlsbrF#_Xy^CG;TF)JoP(&Ag1oj zv1t`_?s?cRflPfMkmb_gzT#Y@k*r8#jKz8fdZeQquxir1LcSM3~%kektbw{HSva$A4 ze_SWyTo-2$D3dXy-e2Q7L|`;VGGOV0V6S3g?ZLF8cWLv%%e5|Gc(cuTggjAx(APAh zd#(zkNxTa!GyLBqb1r9 zyHpjfFltp&?*H@G1u`m(=YUq6JyT0Zpp15Og+`fd3Dj;;`TGWIss}eHD$_aEV*&>V zzv-B-;O_5{;GRz=baD9oBHdEQ)?_0YEj)()o?6EUk2ml3-j~n;36{|M?00!P<5Wu~ zqF0KWTYR>BIhH!CCxps7Xu*^(idRmS>b;O4eE;u55>EdzABR)_2@7v}f;u$rc5Za0 z0?fw+OT4r{VHK2U=S0DxNLM~nzPsLXvR)Lq&U~F1;=hW+=cr@26Bi;L&1aOq<09qbShDxmfAq2-PXkf)=||H{JrqmIZCqq2jmD zS*{{t7>jKyh;~%z3RdiMBa(veWJ#B3f&JiT^M#Ds|Gh-2q>GoakMF=*h^;urD5KA? zmB{GGa!|Vz?r6rfRX9?8TwK*@=Yh)~o1LeEulR(2Z$BF8F2M;?T)UHtd!;u;HVjsQb z6$cSE^89Qc-6m=24j;@4j}_+1`kL%wwIs^Dd=} zXG>4|7`H+&6();e$a}-I6HpMHVgMuES&}BlUF$oznwzi=NJt@(G?c85*N3)yCFW!C zxm1ZSJyP?-RKee49gr&(1-(R8VFj`SFNHYtS%NNvvZ;##EWuy5sC zp#D?Hrmth0TJu82KO04r>GvdY`#t1}uGG|*sNd9q;XZd;Bb;fzg%9@mWi!eqCI3Y< zW@w6X?>BC@++WlpUAB(BuMc9R%JR`O_deoP$lV$~aXD>zCW2g? zK7WHd-zc+PT%2xqg}E_PEy&mXhdp0N=Rdo>TprmqRk%PFBlwkV-EyEw$b?fNRE51^rMcz<6HNMJdRIKK&5_#R70?9mTH7|!IT;1 z?me{VuB=<={=gCBJ(%$jOf0NW0XNGO?wo`Xj(k~o{2dSS3V=TFStI@Rv~WHC~Sx6=lZ${$=e?si!ibT zyODkM3mjoFZc$&|;bwg_;U6%RulX62PO+8z^EFMp@iNvA>^p2wxzRp)kL_&UaS8aC zZv!!dKS8CPiCLO-0$ste+mrWnM#9dyT5M2L<&7~TIPyX)bLVf3*FK8|quVmsiS+_! zz}^tQMefPz59`bC6R&em-dJLlps}LF9;mVfCYil7w+OLz$)#V$NJs#8J%PXBrF(08$?CKC zw#{ez{Xquzg7lPy2=*T^Bxo>v={v_@iV87fdnjW7eMOp~_rA^zw?=ln`X(8Hwa$6X zw0l$G=?dv!dy-SjG5V`jv3rR3HBKO(jq}oqni?N<=r{(B$Yx-kwaH(@sG>o-eY<~+WI_9l!nrN#<^BF;->4(oiaw)w;<<# zKh=+>;19F9+f*BFK$B(8#LE3{TFvlZ*UL=-T&I$N@*GB})ipJ$+ z?TFzZ%5*cA`mHfzs~q7@{6=YOi~Qj%By#va>_+E9ewa(VEPC}|7J~dQB&d3HvQcU^ z90Xu+PZD;Ir?nll+8)5SnR#CUiJd#G#{;f6$wlg3dGC)IduLd9nI88OodM#x&Of&Q zhEi=IWHH&aPagTs%x6OoQ=8QjmS2Azj05{d$+@0CY$);S3CQ4$kUoK0RfZ<=krybML)7#}gy;ym!0x@*>nx zdiLEP>%=mK-p5&vCG|HvclRc!7QRk+{`Cx63}=itC9y5eujVQ#!mk!2Y@q>!s^W+5 zm(cf~b}00e2O!a4)4$uN-KpcLDviEX;PDDi9-Xn$(ce&)f;g#rJR4cAEmI1>%Q?U* zhH`wCKFk?g1&nQ0A{9IPPU|tS4MhN6Zvijw=UPEm(s(F}Acu3_qOieTBXhS-u}zv- zE8n%Rv~QO)!ST#hnjRDL7T$A)(?tPO-U|WRvP)N>YRy%o`h)z8VbeIkviIE9@yqDSVfhx2|h?}U*@08-!InszJ|UV#N1OaU0acJmlgz8D$qeYi`exB8AJ&fCSyUk9J3JVe2E1(PBL2g0wKTc;XMzv z_deaM&43;QEA`}(^bDzV>3;~^6)(VKwM3JDlgo7_+ylt0borrOxj5dR(-Iz4@6)Vwsz>nF(zZX zsRIM7?b3k%+SiP9A2oQSlMW0O zLtk$0rw_uZd$0c}r0m62X`EkxJ0SsM45B-qG-O);hLHE#i**3FFo?2gfNZd2OdoGh z8XAcEB5hB+BROFXNi4jixZMQ5LdoL#>OQc2O8Ee6c~`V?J=8NNFnH*5g!Ste?=1FN zu1+>Fi+LqPNOwnriD2V~4TKCTb_>`C8|jw5Yxy|iCeu6}C53;@$c`5Xb^}lux(3Hj zJG`#V`$jbRWTnMrA{6Am>jMR|>6}mZL!RpOyL3WcYmx4%rjI^+tsC_x%x1#1yptgm zWVzm+Nqr18!&j9+iI>-CkYkVfT~0LH?5l zHFq@Kf@|GkL^2%ZAIa`@2OPMZq!}G4>$+zTgMRa=TL28LQ{GA@b3LiGM<9!0-R9i` z(f!66W`*^`Uf?KW1e%3@T>!Q)xPA8D$*3|tka`XH22t4Gu&qx5O_76~5yhr*z|j_(z5oOp$|Wc>w8=K=+YUR`z=8lTi_=*kPbXz`DRK* zB$E0*s*o8kdL;Du;i>pd)Y~pSpab()7NRIjd){6j%?#PGp$CTlV&@MPqo_aF2NfqB z%_LHKkYX=~Yl_h1hPl?Sr1OXM79=RXJVAVKlebXv3AwLbW-N$nf`2A?)+`Fk^&B@< z3n(@rLeb8Lmw(RX{5Sqp%7W=gtJ?Fa!R+GogR1281jk=e^zK1B-f$p^=dK{Nk7lj) zky{tLac`gC?yg4(RNcXHQhlA}ptBV;LDoFYJ4pAvb18lMWc<%3Y02LoBc)tjNo?h) zQ{GiWl>Hx(gjFo{X$KlOXgB%o_6RmI zTKeSsJd7#UZf zz{y&n_M42CB(F2P8)>+@Kf`fl%a2x#Lr0%! zrachctyu^>rG5U@>PAzy()ohBx^u*}Met8S8D63UuXE~>M|YSsZosgfLZHs@r`#>% zBkg7|F_ngvs31htV&bz95YZpNr^&y`74&1R(16`?HxBoIqu{^oBTXJR%pufs|I^XtUmc$NqAP*2)Xi!9(X}KIv;pCqi(|S`t_r^$ z{haHVs5i%qTj^3~yu$r{04i$=%5S&2rCyV?`;gdv~fUKVZxXy2c#5KK|s(u2OfeiaX5X!1Fj zeo~ZYlQi!CSWBCRNne}Z`xm!m4lq4oV&r*PiU(}h{*J4c-IQ&H@cddNhwmFQ@1?)b z=a&qH{sSNE#DMR-HusU@^cYkzP<#*Z3Z7^RRp^vxy*Sy>o=jf>(86lNzh6Px$`nES z?@r(jo65=mkF8Gn+ROgVzotX2nmNb(mySXDhfaBHP(|P@Y ztF}#BgKAWp=`Y{@$Zz^!@+LpL!9ZW3S{?{Fjl2njjsR$l9psz zPW>Q?H-44D${&~C)O)4gyahlPVZWl>L+~+>nKhd>b1LtQ*cDK{{4d7~q!;cVhN}gi zPK15z0?sot&Vb8QTa!q(O*j1}kI9BK9Ak2W?uh=6dFgaNZKsG#Ji1C(0ios?7;Ici z6A(b>zGb-p;Esk|s7zVx8gT66pF7=dRnjJ{dM$JX5)OwnIXyQ3IQMkEzoTW+p)d#j zMXbdC4A(UWL|g@rfN-%j09Q+DCXwJ++FaAP`Z*?I*q-lxNu9O#oaclmfWrPhoqwjuKIU9GAf>kU zKW;?+gVYCqxJ_DtoS4$fG8pq}AAtYnottoQHK@Vs#5W<}V`ozKv z04sjI!c$#eXpjp~OpZ&O z^Mm^VvH+g`vjh^-i#IahPzvY+|_DZccl51M>9eOL3h!sztw zyjDNij9iO+>VK771Ok<}X`uuXRQW47@xQ|-l1lOD?-l@!?o5z5e9jI^P&k;ZD7pI1 zw)fVYzW|$GsXV(SHJRr>4=ioNmGOT+k3I?0dd5jGYCoxM*e&=3uQS2u*8!uJ>xMO= zKRGs3BIJsi#s)bT?iK>Xl0uimUYpk;sodj0Ftr-845GS9n0-}*)BqQYzw6o`fXgnd zIHt3NH-XM}{&X6cGJOj?70z<1(5eM;lNk@h+lTK20dX<|`h8+&v^2nB;jtJa`ddjc z5?z7*81qRm_PO7}+YG@&0R5Xx1HgFT26Usi)>13Qe!h0brBMaeG7kiuuZWs{o4Oij z{Zq7A?q(Prd-l9-snd~AIm1Ik{LH6$KMb@l|Oen&P31ye9 z?h?XGQrWlcd&DT)RF<&|F)_BmjLaB*udDCpzTfZ9IltdOzw`a$KIcBCb7sbMy{^~m z`B*QMj7MqRq{t?3g2vZU^l`w}A{L0nHIr&`dcnuY4$vOc9ke{GKDuT*G5S3>kfY9e zliW;Sk>0S`@@b>~=V?fAIpY$oTNVna*9M4*WHA8KVh|UtJ$J=Pz2Y06cy=>OdbTV) zun@dCQeqRL3?{(Z_#U#>%6w3sC#T&%TbAXWndbH_uKr_czh19E)W!jD=j9lj%mSDB zRofFZ!HCK{Q}^I7*MYOTiIg#D!mWdV3>r*W_25U>7bUK#L-3rdnRU%oXKzk6>@4C} zFr}z|u|Rj(I`S53rH8!(av9EA_I%SeONx`E zb$-4ifKOINJg_qNH{*y2$EnrL7e0IzkD&14 zo3~w@UDKYNYpidjKl3=l6=Q?*uL^#m_Oay2i~cU;a$>4st;8j+`dA{xZYDnsuL-j* zOqGmvp2;L!0yJFYIagl%;Nk)r;3wYF{!r|vOg$aL2y;X=@GroQ5nSo6s zG-PMT=^2N+H96Klm2Uq5q=I~w3_x-lZ+(_XeqeN=?iP97`%tGQylnZbJLQYV@GA9~ z#kCVvvP{1&HCJiY$88sMZwZimgi z{%RNc0_l?+1^|QpPU)Q$TMV8-wT~sze8*Qr-EKSk`KFs4jt>5HAsJ;L70u*MNnM*L zxvr1dUL@x0q6e=WFi>l&R&uSKm3P{J1c47!O(8`I$K|73+drS1iFh?cJ<~@=?!Cg% zGwM zjwwxRVo-725_zzgSYmO^X}s}_Dmlga%zmp8@MPA+S{8f!Iz!Hs`~0aovC8BTdh?rM z3{CjGDDKFcoP(-y9|sFl<=ch!EkDlIyY{B=sUTBOn@8^$Kx*-MJ@ILurP~jgxrock zBIp(DHS!{nqs>3A{@e`IM?0V4O222{0_z0#T(1v2#f=Hc1m)6Sp&21wJsW`>3N-$P zHEE`s{#IK``!iAln*v`TR~!|v#r#IUPS=7>UCh#66sy63RBhPeKOI@_(k@q0Eo;RR zh&=agYPdK;`KVXZ`gkq_j+ui`R9Tc3yIwljk&6wrJLXZ0ng`M*oeII_fT|FS60P^V z{vGDuL^it~UF+~i6}xmI;j1ri29A6<#-^y`drlr772(?MNxw67P+Q10 z-_()0)v@u!LqgZ!zX2FHtKJ{gLB&@JZe%{PEzRHp+(Yr`By#(^SC7Br0!3}6u8ey< zmI!|qA{j~P=s$;v=Wytcy|?(nx}U{ikfhur9Q(8}KFUN)&c1N>adx{ui$xo(kp~_J z*4E6aRSyGLxP0v ziZ3|NXIDt)Fg0XC@1Y#d{q^s;n&{Etn(Z5ErZcMd$M^-FBeh|8fl(akXzTHlTKv)x-ooVf*7t*y9L#8h5raR0}#eUnSys<%D6t;vmjW=F}5l&=4pC*An3 zrcHA`j8ygHn3XVJA1KQxMQi7-bk+a;wP5R~> zuTM2fOC66^L%r*^W`4FFBO03a!LX!h>8Z_uOZQ)zJ50HHMm-Go6FLx!^pPFCJ}A+g zlst@h*tl?0ab$bnsAOifYtwy#oIIOq`(W^yQ@-m%(io)a=YY%SEUdLQTN`Wpn&(ek zm`5U11f$mE0x}b>EMAggJHGghZ$tn15TB0!a{MRtn~0^seba1@FO^1jJd;{cm4Eg0 z!pnvbv4`IQtz*R|Js)*><)jm#4i8P!tzub2dMvrsvdga$!{xP$)-<-pE0!dDYdlMF zaN?n<=<#WpQVm3rEH$$kxf=pllbCrW5owz9RMlYt0!l<6 zW80IYw5z__Sg~YH(!_{K{kvbdTyp<&JkOVpiZq^W*VfwI;B$It0YAlR&QQC3oTlUH zb%;EhtkoP_q=a2FEIWQXT-gtOS^S%Y$m-y^+gw>Js76fG^^wVur9Db+z<>Qu25)fqZ5@YI$uqbS&qj$`jRMZ9}%mS z%t`B-KC=mmJ)A|X88c4^Hgh`Fm9r9kN$Y|>Vv=J)-nE>*mY)3{Z3UP3*_IHL>S^cL z6>1sX%!XH7`dMaf{kL3l;pS)$fx9r*0V!iSXz1KN_XJb_jDKl*zD}P$`xi z&o3rd-P}s?TO{EZ@|p+eUxs_#(F{G**QxrF(E-P0=HxA}N6v7uvKn_oin~Ik^{0IT z{z~mOG1b2FuWvHrUM@~+cqK}Px9V$EO*dSk;|#p*JE_fi2z9TAG}9%bzSf}9f0WHM z6aK5eZBOcvkrVEzH>1~Y2e8C5o(hQVeCIl#&%$l+ICN6>kl6jm`&?J=0I6DrIc}Xz zs%@*3{l8#Ir+FLx0Qn(YrU zC%A3OasY!rk%-HEwd)9Gp)N1JeJjE)6?JC=dYN z8hgD8a|xx9e0=7?uab9@n^%j5JVCSbRteh>qaQeazf)m8|7Au3yYhJ1l1Gf4;GP~s zPaV4+vI}$%b7}+mYN3DevAxCBJinE0yV5}AQO_LtkUR8zv(Y>Km30HxjMx*u2s)sb zt0urSZ+A?XQSPrGai5b6p!d{Gz;jOk5UXU^^+~%Uwpg<6H?VgMaf&i zrDcI9WCZ~0MJnKSKTKkbsGlK`U_LY^zU}-kcgM2WVr*y+rDqHT?sC z0jYJ9E-@$GKUgaz`i4zVM1kF<>xV#pQfsKNY^nHO*{5Tq>QS#k(8b_Y7iW&=wZALR zk5ygWs$kH4N_uAVwg;$r#N2HHp4?RxGUC@QW8?%8V)7*46GdTYjmnWpEgn+vMz1no zAmDrC5yJn&&rEy#fobO<(zXFmExB|+hjzxEy*>v}(2_{l4jF>h(yqy(g|dxnI$P`A zvOydgo90_UnF)a0DVJ^P0dd^`aN64j-~ebquhjj)?A^)NPyjsJYyssZkORJU8FKNw z^jq9;qXJb+`c1HRYONnw$SL>|F=rqlAUgQ(4O&?TNM+t@Gk2o%*H9rs98#fVuyKN+ zDq++S5B;73f(US*ylc^f(ILx9EB|H?HiUW>1(}Doz;kz8+n5%?p{bIu;s;PgARrig zw&i`;03-SEFXgbv16Wo$Y}hVJz+Q%ExF_V>_)PKs`ZC55xpeDf2)R22+ z92pu0rsfFMia^?xw;v3FFQ`r-8ZZj4V_`VwhdJv7&tlHFmJ~PbKm+&Bvwx@>2=aaQ z16~D1$ys%94%P#C>Am_)ti)BVDl5{1mhlJuCI_?o1YhaWXWpeco}0A?N=(B+4tUu^ z>lFYz1qNJ7?XSD~wv0pS)#51~?uH2?+Kl3}YU*G}b|(Gpi3oHLlJ3@T9WX{1nh4%1 z-OfLGMD*Ur{T=s+7+?M3JMW77L*ykEGg+e9NF+ysqf=zY5#V#US65R#5jZCPw(wKP z4)AC_NQSRp8QIIt^y|8u2R;8?6=jo#yT#EuA!RX(6+ZyNxiH6))Le7Grzt3;T6T#K zzua%8)zkncn|N~R6oI!bhxn+84yfx?kEgpx1G@SeXoi0G$Du<2w{c`H7^{JXcaOI0 z-wpljcCrA!D}{adVH2Ss5sMh-TS-mU+N~V}`{`90_*@OnJ8^Hp0=oHsq?vS%uy_oR z%T@rFCWDtk+_@WRuCv7sETDG+~OsKu{+wmQ?}1%3#+{Ic$*>dTcY z(Lz3FqKkIZXlYXTW6Q|C5k+cEixoDMc4u42q4Ra}t|Se;vTBo&D@yStgWGDmxVaPz zA?o^M>y^KaE~Ni0_USi&ID9q%zsFJeNyW8SV~ZBhR?+(~*x+2@v5ke*S`F{!T~HeS zQe&k;)%n)u!2B9W4?b^U#$c(Id$0Z( z9<LES-}vOrzRP=sh1&4?d^0iJrP#?@-I+l9Tr#$hSt|+R-Us; zo_$4Fl%I@CY^-it(Hl%%@!?0K9&JmIn~z`J*CgCr`tV|yOlR!n1i*e-&cC|ypo7Pn zt+=5)FZo*=f9%bnzok^=?>54{M=NMKA_q>kj@i7B@PVm$sfwqg7PbnLo5uMBix1&% z1SllsJ-=6Mib*NScl)3@7-3V7pje$y!V?$gMqWz18T2aytdSn|)li?3#Uk`F?s_oS zmdDbSvM%Fdzb6$YQ@y6bOpzx@dq|zFN@OScU`L3uW7e|p9zRaH^U9khaBWj0_zA1j zbd4472%7Mz0WQK^0|)Cj2K{rDo=3p8aqVrU4ddyQ!oEPW!U*RDMePyBWN@9?9A>DR zv}EBsGSG}P-2>50G*@ZiTCa*tNAOGu@n#s?P&Yp$!LLs^a0W4C7HTGRc1{Nd-|(`w zXLE1gqVY1jf%g(nO4r9rX3Doua>MKk`99Q@Ol|_ITI=cwO0cg0GJ3FFD1!(~o>x1J z!FS!s?Q^m3Yebt?9Ujc@QIarHdQ<5?KVtA=e$bl@IFgOD3R(wie{$uJe)l9d+bdJ# zm~0K*ToM*iujkSWrb;#04(-0*)M#XwSV^shP4(8PQ96`xv#akyyjH8}qdUJ!;l2`^ zSS%)Fedk2coU<9{B;8kN0KZ$p*b3VVlD{-ayVrRl=!M2$Qej6u-QGEgj{0Y43%v%2 zT*1(LW`)SU>(7{d7^a>ldsvAU{jt@0f!H`=V+W1$h{*qJ)I)2Bkw#20{ki5=C5wSo zFl;0*lY5p4%2r5|8(h4DX+M}zJk6BC;CdJy^_4=JE*|E4N$IbZ5&K4-^wkm*@kUR(SGe?g6(G{!piXd7l=b+mYH(Jt+v zNXR^}^Lj2PyC}pG2k9T8%DyGBwp$)hm3Oxk5i1YwubxJ2_SakH=umz{-#3-S!1R|U z7PqH#K37!h^;Y*a@AF>4ZJbIWnk0wP^57vZzki|itJj{M(pj|T$(Bn;`uNJRS$*ok z$0-S(#wbSD=Ax1W-KLBtgYYM2Z{7XiG}=gR_jmlVvY%cTYyis~ql;p+CSCKxRgwoo z>yAWpRX!myxre(ke6aG5ScNS6V@oON`5ZZz0E}$pe0`@zzlKn3XQXogwZq>V2Ahyx zR{YUvu1}{llRM-T!jCol1CMeU-Sf8S*rto`=nN1nfR)4aBG$y_8gZ!W>ssZwiF(OI0O zF=z6Gxove>XH+(1zl-2h%kSF_2u-THO+M7O6UjNbyn}= z|1+exyjOT3*PkXr&b&8m=*iH$3g60ksVqoNiM@P%>dOZ1+>PUdwYHXGz7G=!spabo_{0iJ|JX z36>|v*|%YlMU5ys%rKWzyb7-grG0-wkr}-Hq7@g)6`eD0 zB8h33Vzs`m%IAC={QDOCYZ%(9Ib?aabSCQ}Jv_}bae4d3lAsx!nD5&%)`Bq`>JOE& zgpH1>bgtZACLNV8bLtZwLI7KAkSuy=a20UtzS1^s*tjh{XVQvh!J9ig_+=x8};LgqaIqQ@R^_(IDvtJavc< zpLNKhdxTIjy}DLP55WVSGkN3JmY z@u=IC;w@(Cs4TUi!m#+ASl)_34wTk4QnI<$IBIDje(iMog#}m~kx6!@PL%dNE~7o~ zizCHX;53GGkn8c+)tKh5a#nB;xs&1i2etWW+G{sTc$jv+N?xFF1mBh4W8yoYv_I{) zZr=2L>8a8D)JJ+(Br0DSAv_&fE!))z1D_@e&N#0iWiSuE|K;BFUK~?srph>Z=4`HS zq~MHdL=1v5=wQv!9p`+!tU6!<^@jTkOVWJI{ixxeQ-Zl^KeQY%sHa2CKEA#iL)D@4 z?v{0Nd14#}9Uo46ad-9b4X7@Lrd!OQ*b(MUx9FVGiM_%KPi*$;S0!Qi3E!az?Fgt;cE3k0ukY>&rl7@zbh(R22Wo}o1Ex>r?u^=XQp37~FzXL2L`rGL3@|W-rO~S3Ox!@>)jVX@t!;^~&HGb9E zB{K0a%6VZY8t-Q9oDdH_GI+~$Ol5XO8mEZu<;zLk{;rj+SCrc%wh|O#3d^Hp@l}`C z<_ZMniem_V7_QOV!|Or#S3*G=!h>UME3KC_X-FHyh67>3-?l#BdanFfF3xu9MggAm zinxmCm53$Ow4S4RU0~_<&g!a);ZKgCo1$}ehqfDjqTZYCX@SRA&EqZ7M|7Y}pFx`5 zwn*IF%tTP>lva+Q$-kKt!e5BC!(pskaAtdQrn3!4>}G+=H;4LiPFXwOzAsSF z!cgz{n?v|kLCr^>=R3n%M8dCYEnQ~UmwR^k%fYnYH=>*-x0!Ni2OY;ki(ofd^qG$6 zu$601#mcdKQDCTUFCvkh*H zH%lty`@bmD0BdFI%_SU6zE_pw7P^fwLG@4|3ny^Q$0Dse8t-&8j#*Q-XGBWH*d@C@ z0WCrvr&b-Fzsr3Ev9m%=cWVUaNxQnv+14V##sOsQvczEgHoN?@zzp(%TTsFFT$K6jtXmkuT9v+20$l5)Z9} zo+{Y_D;YVXIz3EVh(T33ksfDbd~=Rfp8jxDeNeC+p21QAi)vc$SzoG5UUHvKsC4=y zyFHd`g2D(5_19|57CdX!Tnl=;%f2~o&8(ZO8W5(SGI&r|9)ny-FUTaC$r!?GQhNfL z%oyHor(A7*CFgS-{FQgl7F-*9F8JcuFqQf+#Id`Ad2x&3~gykeU{OPt%qq;czovFuMog!tXID7p)u)Xm|(0fDE ze)*#R(dyE>%-f7}o)E8ZKOT=M8#^KfM1-biam-ddlCK9M7HO68_*S8W7-6o2&p)cx zUUhC%1mA}7j;b+UpD0bV;Jh2lNEVjO%)jlu& z5?1VmuWc?B!MY0?Eq zM~z`bof-i*@#M#R9R(+x{KXYR`2BNq_Rw86#_-%cwpRB_g-36|O$n9_35P@SIf-U{ z_RoK-TKrs${fsEZM@do0){dKt268t$r+EIj4Y4Hro zUW&sq`^n$qlyrtv%#S9lBd%DEKIB zqEoT@23#tk^vLQw5xckJ!L>3Wy;x~DijFFO_Dx3>kJuoN*kY3-z1_@fh(#WM%MU!Y zHOFn_3;I}eY}oZ}TvK%|V&sSpB7}#ACRdX4lQl+O7Fv=sYii3kFs1(X8#^+;h$9uW zNx?LDPT{j`8Djb{2B9F*?i)R0LA*FnCX=8_jja0B*_7(Dn!MgFditq#PetRU%rw#j zhtdO!c(QE}-htr^uaR2Zv)#$Mv-(Ao3FU9SXYdcf`g;U$+IKj`8NW`O(p^UQn54p) zCHKD$-O_!@_xgcWGvleGh^725C@wac5o$~qGubJ6^IWuCPq>X=yDiz<(Npip%nQ-V z(BmWtu5{%Bzjin8H4)0e=IFP1A>xm?^cN{SGjY{Bv69Yfk=I)^xl}i&0z%L4b%yP9 zp8Ux=-5kB&Q!HuCQ-aFr&GIcWBlw4K0cg-xw++GlR3wAHzuLRVEb9b8U@5Q z_i@FpW$!NL6FcFhS6yrIIP(sFgps-UDZ1%v1?su^fpStsO&;>}%+6T2{PO zb{oBK0WY&UJj0LwD)m!3YxC38N*MSRz$ZR*yldLbLf=F7j%Y9h=hNp{|4b# z1nO9o<4?WY(SMV>Mqu9PV&&Cazpm5g50f*?Ja!W^Jp0^ga6Z(B_gktE2u9)4?ls)T za5MFMo^Re~MGsABw?2|RJKNy^YwThF@fbv8 zlo$K9N3@*4JZ_wvIEc~MJzRNzZ=!qtHHCU95ciUnpnwTukeoVZCpRA5zwETwG?PB< z`;}=@W%}$%8yLVw{Jv#dvc%PK&Ly*=AbWB z&J{(djj7g%3RKX1aY&KTmagAnk*HGt!R8a!K~!t|cY~+HkZ#%=HEfk*h@~$nWkvIP zAI7{7FLxE}LA znE2t4N?+vjUD5zdyV1)@eJf`?ISezyB&bCjljGO(3O`e7%NbUvETA2gXUKn8`~4A% zHr8JfT=C2&%$hF^<%#xHY3x;F@k8zjub3rE29CvU^m>Y#)qcx|V(ryqH#avOeP$fChUCp=*6W^_N zn3YvZ#gdgC>Z%ip*W7RNcNZ9j8L>B+PdWc0;yqdH6O>kTXRLUNS%X&G5AXLEH`ZCk zi|nCG!+y7*zldDqqk0J4j@)NMYAnw07aZ->`xcyB?Z4b??ZG~GO>F#5jtn8Vll#B~ z^XLW}NmN{&3pXqnuymUKVz^ji>z+_s)V_&H!#pwTO%nn7bQG`TJDJzA+|r_}WE{V3{<3Uw)kKSl-7S+oqQqOth}(Z*?;fM)Jus0f*-9X)}Q}mKq;Z070~~MA zO*iamKUOhH`3BC&8yV_h%mVC7Ja}@j$Rh-tKB!vY!1JsZ-@+JcVNWRMK`d{(?e?Y; zS;|NK|H@j<&|!0=eX+TnG`d}BIHufNDP7F4_h1|HZ1kheuoqX$CS04(RkHaw6|%h& zKwc+p^gEz$RO3Sog7#Vj0_42@nLn^EvLn-@MK_uBvi>tdAW*!8}kgd@p6m@m5AYWyS`cPmr{rfc_1IP#Q^gEWg*XF!#xCL!=90UKjC zqy%G)UynUAOX=r8Y7LCZ)5b$fDanh>n|0J2tnc~nhI50#QbOpKrcgnb9tW5=_!u?; zrN*l!q*C?K03e#IJhni2I}N&(*q4Vjs*U+MGo2Jp97X5_>SQTpdYTQWNxj0y(JrR= z!6nC<6AG9EObvUhE}~Y%#O29`Hu0e+PR>(1zNAN8+AP&XkHSMP&3mm~Zi*&&P~J)Ir)NYE)>A|(~Q0R)&Oaxg%>F;=rlzNz7erc=cLc<&)rcmy`uu{ zV=p`qXmj@{<iDVuT`lj58?b9y3p zYS+OgEJQ4tx)I9Ga>DIlMH`9fET@t(%rtE8O{vO`$0$a!S6BewLO}ZXL$T$b7cebt=g|#{!e;>?!_|+V25|Y!*S6 z^vDvfYq=WE>#4CdDn;E$k!dYu_&3B32`hxF6I7-XSaK$1#e`!+tEYW#Gb6Lc&=rdz zg8y?_D#ZS;Y06?d;x^t@gY_Li);rVW4k*>7K#=Oo-UL!st?+>nv%R|e=5vsH^w`5? zqKWjP->*543mMA-)WF>3`duY0-k8TjY9Oc5E^v*gw>d@!eGck{>`~nJsBoNs*gb<^oWP z=PJ-0kFzz^6Us_b58fo$xFyQRWcLAU%3PU?fAw^<&`WZLAqwZCNeW8qhs@Cr9f4rm z00nu0VokYf8?ZCY5q4(T#PS&A$F2d&(Mv`PkmiojME*G$Bi9raUU0UZ=a^mwhU1kI zAns*1^14d3R$-fgK=y!H1o^|9R(TKjI(f@Wv6=!oU0hO7rpBkZYDlm?)Xw%^>!Ajq zx#vJxwFZzCDU3~LAVSYCniGL1S@{!CwpM1Km&~_IdSOICtx=p$hwacm;g%W%>?=DJS+6`m0xw-*+8nnWeeD`Q=2KJ zF5|=C<72+(MhW@UW~)y}!k%35H5+8?LV6jb>u($LgJ|%cBh^5r^CSi8KL8>YGQ9%m zYh?{&oKSq8>ApRnLp5Xtj^4S)04_|8+D_mC_4tTt>+(9tS@136NY@d-3Ob{&8=MtI#wHnqFyI?XPXiNaKWKzV>d^U@r;i z?Zz!;z6>?B^vMbsT7VYN*?1xq2aLVujoBfPE4TsNr=qa{!p%;HTn)!z#yT65nFeLR zoVNKkyjaHVekb;PknAlmE} zqJiGaZ1DITW=ytuBTd<(@pJDKkZGN0PNlvb8(kp2qHf?!oG2Lw_f+c);R(?rE8xb~ zVqs}g`g04?e}Xvwb0zS=>+pR7NU0r#wMTMNpnxD0%x{3aQ7pNQ_;;{1WE*!eqk-Uv zPI(YMafr`BPSWy8*@eM_X`OPu(;yy^2fma3ghdtftni3kV@ZIN?${TaZsPKyvnl-? zDBl)FAZu9b(e!)W`@Tl&LwUOfa3;5W<$EmU3OQHKK0u@r%gecZqxw8IYKC3o6|n1N z04H;-L!OFf0j`kIches{h-dH6q;LI&o|uW3b)0WGG6PRS)HU-_4TQWen#|N`SoHUS zf`<=5i$NkI@S-Zhk>$U7|$*rpg)L!IDK!7%(-RRxwl*Hf%)$p5a=w`H^QAASq0LB&67kX=4Q z#qenZ`0R%G3-z8)rTP@K8IXO{rVVjwGZl*aB0v_CVy--U=?1bJxDApc{NIqxy^VBJB0oH0J zbcoWBV4Kb`$BaCeEkDOv=hOQNW8_NudM}L?{iIuqCaW#xt=l@W z?pEy}XSOHNt2dckN#)>QU#N9VRNrn)L+KI_aSKCnzs_YQkx+9b1yQ@m0PY zp54I+Gg13bPgVPG+Y|ISx0d}GejM=i&l2uSY-Z~M@jdLme%^yMCxM30R4grV?AgR* zC2!*ZxbDBWgQMlOuVes09FW<=1c7+T?boaGt{eQ+S@Z5uNDNDsgaD?3a zW7zQTQS~6-IE`aHB(}t2@%LBz(zyw>b9du6Av5kn$pTnWT&xmSc?ASdZfHWmVg1Te z<4H$Oi&ag?u4Y*kU0Qb$D|gFdCr4xt0yS);smxjZo)Ong2atr;@~HMsq_ zxJ$>o&yXA2)EzPyn@_d{tC$U4ntDY)v4~}=;H8@d6Zut&;_)<(rNuxkPJEP&*i$2q zGQShEF%)X`qk0bYrLqq(fCZK|Oat~3qR6dE*Nb^EbqcT3VwM5o^fdlQ#MEKYk_V@J z&v(vGQ8&eY`+z_o6vwq;e9%cTXS*}?f$rZm;ol| zW!9AM)lkZbqvXVCOgy9azB;?x{x)czofXuJNrWU)Ju>^z7~xv(WFP^Hq#AGEVnkz#u2N8XH)%FIrw6=}nu{%EXkPv-6y9KdF%p5n zd8a|tkPZMR#w_fO_4XVNf zJ6=_VtB^CTgM_r2zHeQ_iVT!`lO*8D0Sxfsdi)H^7b|}lg~*vSgghsJN9buBkUOWe z+lX(g=4@R)Bwn`(9RQqy`8sf^&xBPgxUyE4Z3Kvc-M;5L%AsV;jqD~U^ZYyTaE2Oy zkX)Mkw04hl%10ByNZPn?Dp(=sm96z@MOg%3S^0NMFe9DR*l+N5L zj^G|NyEPOl)YTr)n2S<4%CKm9Af?;V@vUSocDJ!SuBk15fV4R!_O2@7o&fEyj}Bl4 zi#}$20@RpDJg!HfGSrv3%z9(Wxr|w{u2`58CF*0ThR8tUQ`81QEsn@gdk1VU3;Iv1 zj#Xjd)d*GQ524^((r5AIu(2`?^HL4*>E>!>{SBf7x)YJ!I!y|=FJq0(S(jf|1r8ab zas5Y@b$(h-*Xr=|-PZfXb$`4AVVzr5F4c>*Sxn$qUwU@~UK6vd>~G@W+j)|S1COSU z{pOGK!t9dQeK?e|*!Wu~E>XXmbCZTkV~NN|*LnhHTOwq!Ln< z(d@IXtN9ht;qoH%wBLOZSg8gL1GuPFNi&albR#-NS=|L&D}vwn_dM!3@Mn?g{8)*f z*1MupyvA{ibn11>?kGZk{8T8lsi75Jui^OuY3Nxb@=edm`-_CcdVa#(&Sl?^ zDC06-kz0@VWH(tK-{6Odf4C>pSX}s;^vKG!j4GV;1-zp?XYr@fO=6UGn=m0%t>^>g zjB?=NWT;ZbSTsdqCdsYCSnUP@Y2m04ns2uDp@`8E$+@8%|_D29@zg1^B^DBnUK9dt!t0>r;7%5BmW zMWCpls@#AFx{IbTwC3Zh(bRhH$Lni^?HYEs_CgE`p5;wgKvqZo)?xkS=VZ?a!v?ba zW|}YV$mGx2l!K)~Bxm;V_?4+$MW$#ZeK1Vrj$%A_KbDh7x;xzdjI|7){*mqpIahcbPE2#c& z0)#sB<|Ms*;Rb{K3Kr;Dm*lFA!IxFcQruK2p@WYb5+$6a}4k42r|tf1^<+M0FMHpc7-PpjgPb{qrIw#R{Y6Ei|iAH5D0 zDWu9N=IBlQyJ#Xo5fNB6YlV8h*kXK-@K|v0u+M&)bzp(H_(qCM-`7kx4ExU)u(XK( z{|vsS&7}e0VYD*`hJEzqy;n}+xWS|a<(6#|WspH*yUBN3n9=mpANq$8qyL;vVmiDNX7He!HJ}LL0e}XJX(X0xkS+BA`R|PY2$IwQnE3z%B&}RB zysH;@ZJZyApDBS#95z8BIQLK8$a~D-4f|rq+uWeor;;-UeA|b&7jNJ}j@53Fx((&v z%)_cBc;MxQj zy$57KS(z?MF#?nT1ob%911Dz#a0Ry5gPEbz!SGSF4}=P8z{!w2VgxnkjJPo&&^n_a zY&in(o*mSd*dR~2q7G73-6Bw!u>m@8PT$O6G!67=%hZ6(Xb`{!VShnMU?Z&82^)~P zHQL*ph6*8;-a!HNO;B9+U$?pK1>h0p00v~PkC$z(wFgKwKCc!;(IDvQ40%_1xhfnX zA9rdcxPCk8zMg+>GEwps9F2Q|Qt|5H(?sRhQmKOG{ACljF3v=aKS-=kY$Md}C1mew4YPTV$B;*P` z%-GxpM!{8HhkLE!KZTx`Hvx<|0Y+Dii@Q#WLyJWfeT%#xx0l_RzW-p9QUN;76Y6Jx zyn4Z0U8DfLMKIws6itI}itALp38SIZZ|#$GVAsBy1txxL$VAIFWOV|VBCr36C4*Gj z9j-RWN8PHDII;`A%(ouoo|^~0oIK?V7TPlS>L%Al3t6$uN2aGBC>#IUk&XiK+LT~^ z#Awq`&67i0o&UjOAn2{2%UU4}@PIEA>rVJf!Z8$JJvVq2l(n7tvb+IMz{pL2S#<-* zlc%4oZ&I?9>sPIwo(gpYAYXUR?oR;;a6}6|BwFouNtZr=vg_LyZXMQ6`E4q^3qaG8 z-*!>`K)q?K>@VE{H);v^i%YXNZR7GIdl%5_gvuee;DWWEm@_+{lZ&4dP*ay%^IQ{S z@k)^CTN=lM^#zG%@kd)E@xNhs$dtaG^=Mh0JQnn33&P8mC3C>=yG)%3nraOShetpS zGuN9l5Hs}}pNz1>7p9t1e3QBGbjrDkPsh~R-o^aaLVMo>g~ZJv43o^IjoNeser&fk zOae1G6FF=KO?%8bHTA4RRv#rX8~iJ&3-QF0(W~X1A`yOn;PmgrmyoMDL8|Vntlsr$ z8?Vv*%);i2r+e0~5&v?C8UX6-@~*>-s_Y!tP&|4BWdMWYp2)xNA#qvuB8yqbY$3r1 z{Ba#duWG8FibamqAA{3S4zOZ@OObzx?HoZtzUh}$P2iY~f#X^GfyLY6tXl~bIr!Vu zct}cQcC?bW*`BbQW{@ok0!UM77ei2gDjQO0z-9Ny1l|Ib2rU-O)R765sZODFAaT6h z<>9zU{iSz63xvT=d9Z!39^L*Sum`-5Ddt)wThX87JB6>W<6w9vkT;Db{@4CyED9{I z!qbwPAYjgY?alkRqo$mhJ@EoyMr>?}i*wDAt>{tEe*l_qc#K3^Z!lafV2V&!Tbz2N z*Fpmw_et*_!OG0B{QDHB_Yl{7Vl?3k3n4!QKU`MKdbCWmt?r6MQNtvXlFSL^j`4mo zb>=GY?J<>gJ^L9YvtV2l7YBrS-l4=yu2yfAAb7xXX5fp`7hJ2#y3uF>B zHL%Q6SzIRV$eS-c;5y8MO}CtCOP&yCX2y&b<(vW@E`GCadq^6b{LY8(Rovg)BpdtV zJHHhFt;Q%ZJvOr~fWt1#p#JLwQjCGjOsN#$Q62$An~%Qv>2o(MM#Zp$uuQ27Tu;A_ zmbx7WS1;0U`cmu*o%^whrVc4mJ<-U1JqPmJjx@;+uuB~^l6FU`bglqI+tE2dQg5|< zcn8x|)pykit~?3&5$}YUa&wVI$x&Ex+^6;*Ae3H;yoWa?KaAqJ!C!G~z77{Hnqu8l z4fUsJBe`8}#Ll^Xggs&H)=8JU@TfIA*v*~@sFafSQEJxbn}@taz7IXl-8;i^cf(c2 z4p=iT^sq-2UQf_4-uAWCqW?Rc%U6lA4#f$2(b!qGTG0s)l$Sitcjcj=)|i6M{h*w;G;dy5_<03A_6(2;lD(aZ@W0~OCT?I*95jzaVFn~j&FbuADs2LKxvxdkh>ua zA{ZS{KkAOFaeqW;%C`WEZ2Va5B&Xqc01cPZLix#CZ}{sa2-SffNsywDu;pCu{`|&9 z)IM~aa>$;VoE+y@dJGb{M7J5Aj09B2Wtn!*ecjk44qjkOT9ac?#WDZ2LCH<9o$fh~ z{Lbx!^4s{x%l$U27nvZ1nT4ur!ez^=cr2x0ctnr?8)ele{%|7zcGxS2ju{ zlL!|vE6^!Y1NH#k$1iFEiy=kKK0PAT9;~?#-?{WdZjri1sCd}Zs8`Q?d|0Xg|F&T+ zV0;RAb6fR(KneVw$63IiGTU)Lwz{L;SR z^^ja0-X!1kNrY+hO?glJ@N55&WG30U43y(iCfFog5|7}1X!i3OVck(VeoI$&*iW@r`79K)RWj zc~28clE&Rka(M&5Z&5GLs=s?IUZ-*`K{;&xInwN{)SA6kz>r$xU6=C zfpI*H9lnC7uL|JwnlOr_gNRfM5*G$)LL!D&aZ*0;*@F==O}FsFM$#pf*G9HxQW}Ot zD#8-^2Hbl`p%_o_t7U6BNYop2lmQ8WL*Q@lsi*hO6FT zH-q#5a@uOLe%=2*y7-_mhsk8x7O4Zv?`XmZWE(H;f6;D)`N;Srnj0=BLnD}p9ul(> z!X0`OBJ};O_+-sfWkt6hEnX3Vk^#+<%j_ZeIw9DnhXrZf)Wq)?$n}`0ZaV=j^{kFTXjolXa(mOD!KloqOKL2M* z{t?n0VI9lCvLHqc*sFIEY-?S!^z9tn`oQ}p2WQ05&yn3YVKk|bmX0B6@#yqbqQBIJ zK9SSRP6rL-yIC2qn?+8F)IkFmfivz zPY_@h161?s!g|eG^+;tP5Bh@K3qpdrsDH2AZ(DHPTwcy?wd{rbX~l-B>9}Scp>95a z&CV@Q1jCp9lFGVhqGOK*qk8EW=v%9YV%%sj@-zSy2Knoiz!xwxj{|(+q3=*~2j>Td z_!K-;KJmjJ3kA;U087>bWLBdNa-C0xwJP+#-HCGfR2%x2tJpLJOxGe;v4bEe>R%5| zwU9F>p!$s>*GF6rf#AKdkh%#LP=j75c zjm@urq@+ubHVHH?k@}U~A3GcPRVbgB{op*P3z}e+%9NW|<^6YE*oJ3=Rw&z8BXDS# za?L!129)?TQ(=;mx(L%)Tzi8B3a$%vDzbKL2!O(X^HPss3@<^8MC$_lpC)a8EEFhX z`OerB*#FH>+$DLd1(gLFh;VOZ%RU~^vRh-44}#0yOt8zzm-{AYVwvj)CRh~LWjbnB zzS!-l<~N~(i^56-ekD!ZOHefBcP8W2KLBk2nJvIHNSkGse9H8{!Ifw%Q;1hCm+#36im5yrVFZUngGa2)nF4Sy8)d% z_$?qNUK4$`0(Om6sQS_eEd2ABuHslKgwy{t6Y2BX-pWhr+KeRviP&um+<4P7ep}PU z7ut=ad&mYu_{F*~Ah`xYK~8}&5Fx%;8wjd|Rv`Jw2h2OGBA{1EK?|sW_rAbZa6
)67+h4U7hGw9Ej*Gz`c@wk?o~IaFU4#SWvTJ-m ziJNN3p9qzWBIyLR(%P9P@}vu!i9i|w$x(2Wr9PEl)YFGOXm*|EP0dYQE@mv+GvMWm z4N8%5sH&lP!M65+KM~scepB^g{=}Z#x|dF4l^2$OLorx|nszVWJHrI(+cM2bgOh#s zZloKl5rJ&fg1UUSVeguWtMy6`nnJqLpxGT#!bj3HJU9lL`D2<1aPY!Qe)7280OPfm zw`#}`pYI(TRw4`vHD?q-JQK1Y8Gxkk_D_+DIGjyC1b zDMw%08NR3TpS1xjG+^Ze1Ab&1c!;xOvm^hypAWV0b1!Dgpj!{|Jph%c4sk8UJ7YlP zj33r33jwUHkqT?J*js1@(0@_t4%!>z3fti~oQ6y7G9a_BLLjNGc?xFt(IzBiynNMOmihGIr81GPW#PrWuzkGYA#QGAOy+ zGGrMVYnD4Ii1wT__pf))gM2mbpvm1GpK(QQnS8odstsP5#}=kD6+%IFN%O_%S9lh z>U+QPf|N19_6^>GZg?(4w1%ZCZu#HO`5rN}wJF5#HOV#%zjWQbpa0Os-VCW!h}*tB zY7MwvmnoV??Z#Y=x*r1Tn<4%7IXs9SE$=%ae@q7uD1Av?R9~8cSMz(5U zfn@?|tDmqCFmC2#993Om-MTfJ4ElgT!MtRm1H2e%WQ4-zlBdC)CvHf12v}XF7=a^A zz#rLPZk=5MK9%O)bGMAS;~!hNpJs}5iih5K))%jSJa!3IY}$ONO#B-QiT2fbe~7l5 z3*Z}o-+DQCOU&)21ju6?BBTj0FTM_IA6r>X+HD)p7zL2CvdxGh6MAviPgcPWSZV+s z5P%oxqr8^bc8NfdDImvP{bGxX4)ODeOz&qS-xCXLra_mPFD3yQ9>Fu812nQE7rzVL zt>pRJFqA6A18~Xu3~IDpW^~3p$$tBKFd)$N`Hju=TAs9Ne5Seeh+efIM1C?F@Ed96 zO~@Dq;BUVeRubVa*-#ugxfb@XXl5beg} zSyzIi4X2QpYwm7Q_UW*n%q;l3agaHCGt;TZapnc3bkz4>LWU~bxZk+yZkj>m7t1|ruI z%obmDr8b7Ow>I4&R0LMn0|gZm+gwV5KV6!Z)F;08x!CSbP64PVa<(pY!&|4;TGqYt zD(Xsg10pecz_wYt2-bz|GC=0@pwR_e_$*I0KGh@`O5{E89-z<>ydegcXI@bSG0DWB zM%>Ooww$Ao^!?*QwNf+_DA}l>qwcwO5$a{aT$^D)z%h0d?L4n+XR!w1+GX)`Y3wKb z-+yKG(1D~YM?49b?=5xW*!h6&Uz=)_UF7A~@T!inXX#rsZG45n2&KFfNg6ob=YYiydko}e@wPBn7NSypPY z-X)m|=S)vePYy@h-@&8(O9NqO^+<5g?8W(5`yy!aA~Gv^9;86e%nD~#ZA#2tpUf9l z`C@u^BlMeWR_7xeN>swd&s4Xi?ltahX+54AKFay1CR*4seCW~{Wz>X`GEGPmE|?ji z`se+mcPC=nhGUr|J?5~mGL4U{_M$`-Q#mHu@iO3{bK=kQ!f%Ze;>Tw8?0s9w5{p?X zRG@zHl2`<9#vOXc_~D%RKQ@_^mW)+6x>Bg4 zT#Nms_ImR2z@VCGuWp%Ui&~dOs`x!C^{*E?DN8EyIPDqP?35=d2ZEp41b=<>PKk`A zJ%~ztaR3qa$e1zOn|P}C0+t=7()doBqa8Zw-9_pN)WJJw*W zzBMGSCopgEa^8r7QVi21Cb*cuU!7_?Wf(4sv`G;4an>M~ubsLV-PaHZf(lBmC@-+e zVtTe3QV;<}(ALmv!?O6=(_~0;ejOiVgd5(}PpDM{Kg0RN%j}k)>qqSYdJk^nqNkOr z3AspWh$uWf$1%vBFzIQz!Z5~bM-o~0NT@Fr`G3uNAGqF#?^#1v;Z5NKqG5JoVJ>_@ z;+sAOpsdoyh+2}iNYnF8QjFH;PGV7$h%;_XNeUUf(|FKY97r%pG0)!2Ykrf&nL_hI zH7S$l9hR-Kde6J=L(ULMM%?u=24Pg|{q*85a^!_=cDSKFg+QmK*hmjbyw-8x#^2t5 zO*n9)jlXcrg4oLbF@oQ;+|OEVzsh>_T)Fql)3|w*pwf3>Vg>?-p%kaTHD~tR<=P7R zT36;=Q-{}uKc#uBTmI&|wY@ntbuQE!pOgK-0{wE4OdbW@MjVtpo26>UbfcVWZZ1qO z5$FwxW0`%`@Yf4}o#U(hrIc}>s1nSYdfbq3Y7d0$W7mAq>?-fB=il3vybhUqQJqsE zdWcYY;nO850_a>(Pyv5`2U4GX|Icl#w<@N^Y&h1ORY}oSF!Lm&#ECr|bNRp)UX-P@ z!TM4A(hG|{B+;RNGjhoZn?#{)h|h3@LSaE(c}Z%W{|PvunReHq#MT^#jmqd*-E8qP zdu`o6-n8`Ldcxgx#&*NDp#vgfy~7jPSbp6)t}3#f#+UdpdTjCq%kG_{;3wT zXEH`CrTKV;uvp0BbLJm3=#Zwih=IjTH!hpHy-E_0LFlC9l4Hdt0VNHtNsU?ve$uuu zubItQW73u+WOeXtJw32`qek<+~PT|MfiSLL=i~VmO*m4IhSX%wG?$+@4 phyOi#n+-g{zs4~7f0uf2_AS=$IE_@iFW&{&r3(&LRS@rl{{Z@K>2v@9 literal 0 HcmV?d00001 diff --git a/docs/images/uls_docker_etp_threat_example.png b/docs/images/uls_docker_etp_threat_example.png new file mode 100644 index 0000000000000000000000000000000000000000..f99b39bd818e5197fa57e04186df252905d8bd47 GIT binary patch literal 23304 zcma%jWmJ@H)U_Zff`o!JLyEM(&|QNxsPrHu(jp99N{ci|Gn8~lH%O<%kkTDP$I$WJ zJkRs~`M$Nj_5PVPi(%%z=DN>y&e{9yJt69<3iyvG9zA&Q0ACRztNGvodL!^W7zYb@ z#2geHdGJ7QNKsbmjVp9_ZmZ^lT%5#t5>;PRLAfkD2j){u*>zoW8Z-GWGtG4#b1bXgK6XKNv#d=xN$5?s3-(zwU)Qg~-xJK^TccI_TxO-WPXaQQ8c9U9ZsY2Ml4Q z#j8>_b1v`S?(ILCK7irwdn{bl+t$og&v;+$HmLbrj?Tev{=!jvx;?JlBJ(4*^; zHDUV7=i4o}+jia5E<3l^LwAj20{#)+Cs}h>3wO6r*Za$nGP$E!^A8Gbr0mTs+&Xi4 zf@_cZ*cu#%#A?WZD`+e7G`fY6(nAs_qSa4&x={3i|kfv z)r`nfqS~}E5woA#@pJvXHf3m$P}ijZyBpNx{#*-l+3}!=3;eu;#eK=K6Mnk|cW&4z zS2{cMxjSnTR6h-(^>$r86}diW*LLGnyx)SaQukXxZjn;f7dlqcj4GB+nK^(FkwIOJ zT}I@{P;HZPHZ^n3a|{uph^7s({jJVo+*z-)xw*1#ni)K!XR{vrO>-Iw)cj13m%R4s zHrC?~=yQQDeTJ8Bv$Fmu`i%B^5ql04M1=^&Q-1Bd0(HA?BWoTGRl2`;rVQ8nN8sz< z*!2-j`%O&;7ahQM&)Y?aoo*6{?EKnmSh%qR6%p0^{g4dnruFf3*~|!X_Bj^t;a#h9 zX+BO}tBX+;&Y!Vwxsi{~_;KL9&I{jio-z&^(KuBQKZ=r;{SBK9;)X|tbM4kG zKD4jef_m(}MeYELgSxb0lAY}7QlE#moQG6 zWDvxDg=2!}M3g!XDz9@SaTc;W1OpEW3XU50UQdF`0eQr@tDsOTFn1F}Bv z=BTOrB%Dkc2%QW8yIp=&*m7CO>HuuMzDoy@f->&0U5Eaqcgy8?=@0Rd91#MSSqBAj z7MKnp6jh0u(2wUswFJj^tAPJz=Q(eZu%x+~M7b-7h8*Iuqzrqlu^DYm=-W53T2hi+ zR-VoPahLl&zG1JvP~_nELk~BDXS2Yc*1TW|Jmpt=4KBcKbzxnwd82tUgiYg`KDmB> zXmp%5F_l|QuXaXm_E~5bc7NRlc{m)St$rUvwqnz=ckio-UznZ!vG=a%&`r59s&}$< z*{z!Vv9dY5U*)QQE#`8$l}i?Fok6BeGSB6;r4;a(?hS-l^SYh(_E*F8QGdTjHu+^U zHq|G|vr+hMWy5-sbsy2W#O;cNDrjNl)36jaOilDq)@@H@;X?Inh4!vCn=4{S{L1Dm zU(L(PX&*Idw2Z-kl3#VA_;m~frc>sau?)t z9;6AMzeAP!G`TDwAKXA-g(X>!xqw3$d_td$BnzqADete3H}b9{e9ic-VeWH3$4`Pm z;q4;L$)h6Z=HCLDXiM1Tu*{QZH-AoV_#2g=o3`=^w_j#E?;QNK(^mZ`zPljFVj#ps zNT17GpO=)6%(eH^Wcp&|+)ylQlidOfp2yK@`kF8K;K7gdu`HVkcA*uuAGY<(3+Qb}UH>z}Cd6l9Z-e27Z&U&dqcogPL_`H2|X zhOoCTN4+d(Z6v@QF3aQQUu?JM=uxVf&TRM`WLwWxy-@FAvmjP~cXnM-f9KGLTPW+k zfXa9Rqy1}pwkJk;edoWDN_+kOtVA9;{NR*VbJQucqc73LAi&d7VKFROTJ5JPvf^u*^ywA>vLNH%?N zpYZgr1^j3>nn|h8XNW-!2h>(^*hLw!*K~<2RGKGh$c1~?6E;OAfmCAhOd?(LX_GNq z=CgKi#1PUSDj;?w0i> zUND7pURtF0A=nziS{@2{xzQKLhL;%X+2K`!+Q_JP=1|GjTZm?cXo)og>;1_o#zO5M zwfeVe!RI30hc#LJ4t1ADCR_%aLzZ4v9Oji+Wj;r&y?|TTzC$)vqQ=?+(>dW5u@O#G z7pJPGE-zFlag)dY5<`>I-78Y=3z%F;KAOJgrhUDU=UU{RwgMI6=7{5Zy+@|u&SHz) z&}B(z?htdZ+Kd7kP*B*$%&f-&KfQ`drh_fhP?Yygmj|*WW-rnr4o^v3ZY;V)%N$ej}VvC?Yk|-l^8W)74K$A_*h!@Ft7OH>) zA@$p=YY|(fM(^cbwpu!sAaz``#^q|G@h8h*`TI?vs$TwG~2{L5=Xc>x~BZ^(xEHU0d(lQ~SH>cyBzI%JeskzAO?P z*it2EF9R`53`0p18~V6@@Uvi8oxahSM9NIVyqku46;gBl1lALTa88MK$`5j(Q#nk( zU698JBf5z7i4?H)Pj4VVr`|8==Ov57vQ;Yu_gRRJVK_s6f+WR^IsM5_{3z{eGsx2Z zxgCDc-%n>7x5MY|yjuUxbO+f;P20Qr1oZM@I+tvf~2o7JvNy=@YDIh+?;1kyUR=K459B>rPOF6^5ek*su8G0+6-Xi}5+ zBhJ^4Aku_XTMT`+?!2v;5!sbXQm!jXUKjGu6(xzF3jI~LIi`Dx>@OqTL2Ny#MypEG z$f8?UTr_R$>_%G(j;{~KEdyz`)l<%JC*}FwWLyD8Wx9_2(=S&D);N zluD>7*d3?WMQPOBG4|~S8FLU?VZ5$GT5NmLr&hfVvLJ-s=m`Z}JnzqM7t}J~fJ|D) zc=Ww8`5y0D#q+p>Zr^4usl zF!`Dd66wifm>nLK!-BMLW(zMnt3k@x zCxY49#gnrSjRbyUT71A~&}Pg&R@W+F&vW%~5XSvMp9+ zoHObRS-v$SRS}mOuBG_v@2`=O4<{Al&(Mq6$6ijKO{zOzE?$O$Va0>iaajH#w>Fhc z_{7BD-p8;Ph^ZXsu|)l1*a!v!TxZ3jso2n`_4=ULh zXk#+|LX1UJV&b}Ylv!omj2+jGrY63(`$cZo{!j5-9Kq8m^gZ8g?B_H$cC>ko)Q`bm z4T>dW{TPuM^^!SzYFCz1dV2f9{g5pDO=pk;qfYQw2Ad@Z8ztdM3KSe;R4gcgw`px^ zil5bnYDHMQq!=w&|Lqe8pF`4oZEY~#{Dxs+(z@VBk?wO8kz<}{EorzYYfCkvnlUi^ zSO(>b^c9ZOhCN4!oPBgjCSW*j=?gfT{B$6p%f zQPO=X6M97F?_`%X1feCzMzY$9E84|LiEX;vGC1v>4c1kL36Hu|mGNa!BV8y3%7jit z=CJkqxFl2svq@GuT#rGyWos?YwgTwW%Fr>7;{Aq~&*MK-!g(a@8vkIJ4-Y!V5wj47 z$eI+(anVIVlpl1E{gpSfj@+4Wuc|=HlsBh;Ljk-D;G-ha6LbI(%wQ19zkHzRdcU7h zI>noqK$ZI!t%c$?`TqM1_&A;nvdH_4d;bS^=KFX4_fn@nRMI5sYd$;8pp}*dhbMdI z$%H}UTTIu@f~FOY51&4^o)!z6_kAA^JWYF`rClWW5gSEG)8X68oijOYF;BoPl0#+e zZ3C13n~0xWQZ$eqP`m)PQ;`w*m^E(sL)mb!vvC&bd-jSlcU}ljSG$XeJF2_7y7|L= z@}OJjVgD*rjCqnV;iS;e>xmTY>VzjO@i_VE`u_CKn*!g9cCoYBiUh*P5t)vdlsi=_ zXK&@k_GeIEeqC}ihyB^DS@8arKUPDsE;;yXYQ%np8Pi(E6{BHmG^|04`O_=-d%qL~(d>}+SjDS^>J6NqRfX5izfHQ=!Ibm1vrdb0QSHz0 z&Q>BMprSg}XBdL?1*tg$n89B?RizCC7xJ433D8eAIW)}vJAY-$~hOyly zlfw_%3Qk+=9%N{qCU$k(7%v;)lb}-G``zB-mB=mtO~F?AKQl)P>wZ`KI9+>zwZ&%g zRkX@s^vj!(^||$c8d=K0QyRJv0dRZ9fWa5Z!`G04*{<rbVB3`(4~R%z9#B!4##?!!kN2gm-hN4|3+Z`AE(9eOaYzPw3USQUjZOEP>d`Fn#YU9uC9$ z%ClS2sFIUfFK0tqQ)?xd*8orVcbw?f=WZcaCtnVV*0g6VjTqaRAGUt?pf-wnp8}iE zWooIa)TgCGW57*1!I`Gdw_VeBSDGuR6-rgb6MrhrD7`{`@#1q(`AhXk<*O^{8xIR*8BjyiWf6t z3|eLOW-ejuXOK-KDUzknu59B_jhuSB4xWS^VJDgz)=xVWgb-QsC&?Lu-}Z@QHl}zU z^_m|BH$Lvfr#6hC8|Y#xbAHpkP6kEa7Bp44Mejwo^W!IZaZi%4m>VY!*2 zW%s3_s!?UlttDrEw`gx&^$6FPamui|aj-X&ouv{ zHH_tFc^@8eHoqg{5ohn2NIexpUDZCe|LN9M3D$;-QdoI78mhRWELMu&CBLev8j2do zcbvyDqznRRg5_A}U(ORliDa!*SQVhZm(ZrYz_a0`;cX8Y|4ETzp>=svISKpyC>oc8 z^&7AqRijaIvXb62ag;?-0^Sb}eelmFq%(IoQYEsCP6ee^c&)31GQF9vFB`^7R16(eKFU zAY3^J16ZN>ENr}LhRGlr_m5qe9Ue5Ui(l+6j@FpqhbiG-({bXRXG?h#_|{Ms5?8vQ zsk3V19A341$EE6Lu&*@3IhnE!B zb|#SSAz5H*qoxIbl`v25b%|`)datRmz|z969{GGrpRa?wr_UmjTO;Y5Ly%e9EuY06 z?;Vvk#joj`ANqD%05NAD$7k}}Z6f^kbjF_R%+lhaZc2b2ZPb%Bt+XE2y}y->w` zDDr)478x_V-jJh&MH}eYPv`QG5djohXsM`cPSWc{wR`4@HPo3Yx+nuK5DF@iBIe5?FmwWA!{&aL=iBsQfs!g@i7 zfYfzgYojZt4)lhb-C%nEAI<_{L}cL5Rb0DW+S0swIIeBP;g~4s-hY&TlZxZ;mil5O zKEE}O_vYPQNV9dghEbPeo>_;yo`@WE?*gOnCrFxi)#tUoS4IgH15#x|vX`|j6Ihq) zz=w$^VcXtDl6b8G#43lQVx%Ia#tlTgs^!G*e2bE2{*Tn9uMlq8*hZsFqdVB83U8fI zl-69Jw9>8#EuY7}lYWn8H|KHim(R1#Gqy|yseLW{-3f$eV_Irq!6vI(E%9o$Z>>&DOd_Q~U?M;fyYmoeI~CLFu!>)*lm#%spl*HL4M+Ne5p zUYUC2M&lErR~!0DHk@M)`r0eMJL_L{`LF)YtdgEi` zTiH9z48xi5J{E{BCHOuxbv*$q7KZ}SJt90&-OlBG7)pf8TT+RsX~+ITDLcP(lc8-q zmtPE0>0n%hQ?uTqWTSJEud{zL>a0qEy)t5{(x^uMox`E8h_)~HLYh*ciReTYI>54? zCfLhM5H}}k>#c!x{7p#aqERhr0{cciY1+^|ZDiv+gX72IZ(v#1@#0(Ziz930gtO`L zYIURYvEg-?^a=VpH8aet%lDxy9kYLi;4?E~!!i@O3wsB3W1MetZHxRo~BzZuUGVEe}+DN&Mqb2fhqJ0k4KWf)*A6GF73) z>9mDiBUw|mS;DVWl4A1sTuV=_$mn5a8AVLwNVO#ALFRpTkOo)Zo}SPh%IL0&J^hv; zOe#>ttj8hw$!>`a^90T)HoM7XueujKrEPQ2d*X_Ns7%=@;B>j2Y&fIyF|)fem*B`i zmh&e3F9EK<8De^)FdtAiG04rxk7>^HMNgJt;JE8Gq-0fNVcdt1#p^9p-%A^1`30dc zefGScRA&vZt(a?4;kK)^^CvTW-a^|T(p`Z6Az-b5ZbZBa)1bvkox zX4Aa4KgqQx6yJZ}K11po@zO*Yy1nXtX+0+LTqMf=;&P44M@X1}-=~1gHlGW#4*Md9 zh27Ayi~d7%nc}bD{?LHQl-0jIN-1MirlVaYd+h)s?;`1a=O6XHS7{*PsMye-;Zw`i z+`hbU$dPU9lirv4`QB3HFX8J5cfX9ilQ6w06PnRMkm97mEQvpm^Q8tOH>dn(4w7Xu zeOx0v!l)OB61a#Q&?&5co|ZYg!Z(()D(S|nWVOW@xDF-KzoYc1tiRMt`6I6e;Hao` z!X>%yHqUcJ-hz~)S_E5@ard;Fbr!~BU}MKe;bU?}{O_VXU>vFw|cUcmTmEtve}=62*M&I%(YpLI3qw+RjfSC zS%lhWCAc;-)C zv-NGz5&~lrb3jBn*qMU@!T9l4mqxLnHl>AR;v4pYJt|EjVDIs!ks#^3-I=?>l6F*3~$+!GzV>7{>1kfs`NWN%;_ zL4w(@VzrJ!rfeC>4`cQ!kAiSYFM+kbDsyGc6(+E(Hln2ieTq`sB_<&-;o?MmFK+;k zC~8qh23AM26g+1hbbocaC-_r zjKdu>#L%05OaJ=s8t zuN$bC{KA<&+$oXPc4x)=Lbi)gc=uUy3LP>#Y~2J=IVIW28Y6f{PmA-`W0lo@*C3Y` zAJqU#a7=kTVccbW)%qhW)}v|RJj6|r9EZZBBF9E5dfMfSOBL;b;G>Djm6k(25-7}C zCc|fZ0)vp~tn+Rv7P-AH17mrtdzixiZYDt?pwm&tz3pg>7VS$0kd}Wp1NdKqJ69=54iiHB5px^QEDrAXTQVf@wcn% zxu59sqAG$%y^+$lS^JawleB*+X#k6M)E3Ma@bcvkU#UvRBFB&iKGamt2Nv1OZkC5VN?4^ zhUbKTxBu6VAhzkeiC*xRZjFSH_mFReL$2W%wP7-hsiZv$hHz%1m`-&sJ@pUtjbP48 z1M7kT9}*1}*C>Cz*SQNZDS1kGUp+CG-b%p4{Ukxnqq-sLaKzX`Sj1HJM-k#gy(+9q z`xJWDuE1WgX%MNGWdWWsa#9TEo4AG&+QY*UJuxr~sPQt9LC~R(21OJt_zU8eE2n#x zKMw8q`?SU(xJA(&Ok1!;a%9q4c)Uy<9N<71EoMwgYBnXWXOQyvqktQa5xL9s1o}+Q z7Bu-NgU5Verl`v7(_3Q$dY)YYEF5MuS)1?DuSm}lX@kTE-+FtolPa{~+)(JgTA=U& zpJ_Pn67TL$KDUqHi6d7m=+3$0P^A6(N1+HCR@>MuO~t+c=u8}gwU3avk8VmzIH>65 zi{x58oQD&s?lA?lflm6AFKUGF%ksK|ug9|Aq`DE5IVOGip3qVm*Zgso;Tbq5SY1@1 z{sU)00J)4mS+;g*r<5w{B1u+h^t^O(#KE7eXlvebjwhnSQ=UVTwn!kDxAnR9ll6Q- z{9o_#9%c`DQk*3f#u|#_;#o=OQFr_uBl-P8En%i;)Ty+NXDrm}`RFBz5h+mdMaX9J zp>o@^?Ml&!3%-SqSC@>s5*p&$LCt2SgbwR^$rvruMdD4EroXRHSM_r!T*o;^e}T)o zKmL4yPBpoH<%w!moV*}+G(2=1dp^20YaX5ppgp&t`VtbcqK8n9iR+xt{)hnM%zGaH zIimEhnNO_t*Io%QBS*@)2~W*UDm0=Tv8Y&Ci78j}m>M(io(c;bsk7NrdZzJ|z03{a zc#j=WsaVL|C~Tu-=65i0St#YY&2=^&a+Xl^*y=*726A&x0!Kgo8bSmr4uN|#75;dk zC(5oziW#jGnsK0Wz+O#?78CKAK4rR{$25;YhboZSTAi$qR91_IUDKOr@5d+l8&dT8 zAGTifO}zPhQ=J4+Pxo_Op3yFS6d@5=CP5LOz05j_R?REi>?SI;%M``2XG{IYhvZwE zF(X6RB^QCB>Dg78l#$H&bd8s?sX5L(iqWsmOLwN(NnI&H7*e#h#eClx8bSCNFtfuF zfn>y}+E2p`xzy)shhOBVH^?1EY6d`6R_dX2eO0mY3v_FFu)z}s5^;JtVq1b}ACl&a zPJ`?{dR2<9Qo-Hyuvj6+iTAS|-7j$Vhueq{1fej(hn6bBTv7fat$9q#>GNYQ#p_uM zbOJclWgwrPMSJh#?$>eE9o$GPdx18pa^2pxWqPH+eapwMuCyG{{gard> zhc+UUQNr@HRM_TtZ==BkBYa>J-j5}Gw>EZ}MvnwkQF1qQU_+z=Ji=*Bs|6*#OM(>S z|8Bis;mpc)L|MR=VfWr^xOB|JW{QYlrN{9y_(Tz8n?MM4Y&dmzNecVfLUcWqj^V~s zjG9#@p5O9KNGgqco3#GIaw0cI#$Vf~SPje6^Zac*V%23!&uF&xvq>#c%Ud%PCv;C{-Ur7=ZBj(6J6T#vz|5fFmOG?&%gcR*Q|qOS z%VDE1Q`DF1u7)n)jr@d!TY^>A@(SW-#d6qRVzh-l4mDoS7K-2PF5DJF zR5LvhOqRn~X(L-}Y~j-?l09|RZ^0N6*@jr(u3dkay_uOHo_C0;!qtWI)XKDqlRCxt zo^7)o?WbmB36beYvcD^qW${hvQ}DzIu1xsOzDEk$wbCvzswD_%z?@>tx}k^j)B!c1 zulUIp7lJRb0W76kls&0hz#V>2U(KyE^}Pnz>9nh=xatb^kNPAy?r9aaZoZ6aE|aW%iFE_WL~ zw;Sne@k2uW5;R1a%rw2VLZ!8g@lB zuaKjb6W$rU<;pmw_VRs7y;ViR$Ou_49tJ9wm0h)l zL{HH(_A=V_`OX$3*WW~vd?mUFDKq2LYFQ_^(QjVWXvo7pmgXR|1i|kPY41iV7)_`O zhSZ~Y=Br|0%Hmlie>jkmM$*tVj%6IXj(|#Wah*zUtvVjNtle%RsO00HSt*yk{JG5j zqf#wbrFWO5^YWHdOPDKA@ih(TAD4+Y+d<-CBwGz&ehu;CpjX=@-c@gHDhG5Sg?E>6 z8!HbDyi_O-_dsn*!DgIqY7Py4EBdO)<#GNYomTd$-j#TGpUJUw*^`1(aNCs^@=f(6+uSGL8RmcUIP~~k z=5H$}Q0KgwAW7)ehALOvras7zLEA~Iw>jGM>IpuHWjLA19zlMbh}7<8A$>r+k+fMi zf#qC+wB&3Ulw2*vFEuuieA-6x&Oh0=vd*1ol4grF%RAeyQfYP6apmdVHlNo3xhAV= zIyAxRV>jK-v~<(gO>WzZco>xcX^KHDR6W z>7Fxa@%@=spK$ijcKgJ_=1Te=!=HNS*h1uQx^y^1J2iO{33C$e(Z1s0&uiJ5XSpkL z9^3x4t;2h*eY)9>)HLvonyG3lpr-gN$oHpj?31f{4c=?h4^u(L;STUqH{py<<<1!2+MX7JX)O0Q7Nw&I(p@XFcHjz zCsR|MH6*sP(wOD;S>}#r?IQVdapS?jFe`0Qu-74!!A}nz<5q;=IZK&7g!@Zn-~>qs z3?E#^m>>S>i}3hNQv%4L0=CIb7TG0I9bVp$ruem{`b+G~=7*Lm#CVj!B~SWMDlgfL z(JPwl#iinmHBmtU=xtodxXC-yfBQu<$s!Y2ro;wOA31@6nsQP9iujnx^nt92t#7l? zXm?LYogW3>+mITE(J8$DnY%HPk^tNC-`uUkMEZWf_wPtfM;VyOU`cLtOpaACVY<5- zYx+U^oYwg}E{KzKv!`c=oeq{LnD)5?cc(?xe)5NCZOEluW$<_BJg&O^zL6jib?3_b z*fB`AAo0Yuak44)`r$m&+!lf=erRhEZ)n=@-GA~;0B18|EwY))Ct6>H+2nmrT1=|T zsI_Y)pq82a&gEGBpxAZ+bRPYe_pxHdWba2XW#rBQPlQ$jiFqN{EHUq=Kdac3-jC%f zPJM@8IdrKzsXR|KAu46JQGONEL6u}JfBUyLxmVMlYv?b#nRLK7?)xkC=_qCvim04d zWu`qlcrxQrYJ)GWW_)DcXN`JHj7NC?JBJ(qMwJ~8rV3X<`C!?>aockyi>~Zb4XEEF z3FpD`wk%>WF-2CgHcXb;Ee%)kqw5PP_I6dewq3E3Ch%YeNTYeb1j%JocJ*$5 z*5e`h?Bd5CA9B5(@BU6)E}{i>bCMdA`HI)qE9jgZazOtZmW0DSYID?E7<#w#*P05_ z<>rYyWcA;@AxS6umG0|X9@eA6A`;RT$?9xG#0_Rvq-%%KXYGp?k6F@X?%CTeO-Q=d zbr#KSe-7&N%CJWC0vlOED?Jsc_Q=1=nQ2o8J{Es9ez5Nah{eb@o|P!RvDOai0lE06 zX$2-7&?lrwkL}Bdy17~(^AOAm6x@Luu@Lk1NT#3b-*|5wg;?Rc6&!>v#QSe-|BVu! z`z{^Jpgr(}_`FpfNeG?HF7T{i=wM84^!Sv&T`!)qvHS2#k}9^#TO6*Hz0#Ij_d{9< zvLWfdo;#204bmw00GCU1fynLoq=ShwN9xxvzio=&T_2MW&HsHKAn%&51x%UkyshaP zi;r>rYfed2rT@gcU+oY^n$jSF(Ec}u(C$gg@KMFx&0h3g!{||n z7H}`;y4x)^AH5zr*3!Gi#F4i!6|x_~U#%7Pff>O5(~wQVcL4|J|p-XNm}xlrM! zGBuz!Hlt}Z@o}Tr{ALR(8`Z|pmIE+w6z|VdCNSKaU(%V^0JnYPn*-=*xk;^A8jl?w zCW8DEsi%thre3t7xDScj>8fz-cVCg9J+AtCb2?Kxt3-Qx48QZNqltb!0T5M?<7|Jj z&DA4Ni%I9VOudn=h<3uIXMqDTk@VmC$U2^loDn@oS59RJzf}y>Z&M0#VQy2h@&=Tr zPC?YpQ#fE8#ucaFCYD)-{?W*%9>E8FHJ@FfP3O-`z3haiWTzSjPBQfW-BcJ2Ko?-M zf)qJ3pW@&ysi!=Nk5s^Tx+LS9|KgYD@28~np$B$#Yd^AFA|Y5yaafu)Gjrd;hI6!+PmiAZYhTQqjRW5qOwr@$v2P<;uZ)-vycZ$>3w*PQ$^Lwp z(i}vm{03A$MoS3AD11kqhs*WLYWSpAyzV6>{n#2T5@nUiBouYC4^^ z4)`r`GAz@1%86V2syoO9k#V}z&Ucs3_dO=1{51V>cKwm8blAY;nLqT?)sCQn7ixSC zP&z7@*YLdmP}GbqWnaukS5R>wXh#+4;D$qD`(Nh42iE^6J0!R`B7W01&@8ITciMyO zvoe0B_YZ|%KX(3LT>er{xfm``g`bRF<%|1XwITf)xdQ@i=!-HOU%yhK2pz)`%zIxf z=}n{;t>kR;b4xD?hZ7YxEnafgjqSdiQz0mo8Ri-7+l}qZzv==;NxRf=id2S!vi~Bd z10TIkp0@$vCx?P>{yXe<@_>3mO>&s9m2{~#qeF3QTJ8So}|T~9@Z@C|Vju?$|#F4R+{al+9qid9ln;^T#%aJYtQ z?c4riC?F1jq5o57O4bHUvckX=0n}b6BMkc=sMI=Op(+A%m4eX4#ITA-gRcl%Pn${a z1@vb?LTGgTuu}9DZ^@59IIqJ&WuPvAuhT)a^|Vxw0E`rrWF}G|U=#FoJ!r)a#b2E0 zpC(-OJL5lVIYB6O)?sWsov#~J6^Z*~Cb|dcj*pdS5)8HMssn`nxUMH!)bkFBI?7rJ zO%Re^ycs;8!4760`ZPmCEfqyo?(x! z!lIs*4MOLwm;t*c)WjTHX(PfGkRq-%1EP*9SGe^t`PL4g$Cl^l)8^%01be}}-?KPdvHyt?81u!qIC)I`Bn=tN0-+*q7 z`y9~6FNocquiQI3^cP({V^qMb{_%{_*(CX&8N*#cEolx<_ktx5Qogi6oLNRRXa@jg zpG~`jT{e=e3hYfqbth5~uZ?^}7_DkXnEzCv{xzI`_9a6*jLORp5UA#ZIz$Kr7k%la zY!}1`a7rzfCEAqQ3he}DY$`IFGiXZckp)CcRYXw&sOuhvi0=lXjv1bv&$OSG8*Gq3 zY^!qdzg1_v)7X%4$KetfvZcxO12+Jf{K*`Q0aV^=NU zVyKCfR`@GP;X3cO5hv)L7MzmhamNJ=Yw7eULiylx{7luC4W1WA#PT)Tf0wg3%*gU1YC}2e^9V(wcTR6S z_UbG~%H;YKd*>+CEx>pv`S-yGB|2r9W1u(!m}D4Q6pCuA)H#w2F&-u`?|QJNA(cBAdGRS=jg z3pd6PLnR+TFi@>D+tLH_)q|o*ngb(FRQZcud%vQ47N5$}IJ!KGu3W1)M5{ zDWAKW1}@JfJgp)j;3Kl%-O%MiYTOCpupGt|V>@9So#Q{=a7}xDh?g;7RH7L?AZUtL5M)8MQeJ`6GpCXuETZu;f4 zg&tRJ@JRiQ60yX@nqwt(^cw!7D#Z7U)^UJG?j^+;Kp+`|&|`}ymVU0MQ`35%FA>w6 z<(EeGOdg2uD*XJykNXnezVWat_N?U566VGE^knk{p4z`h&0kh@5 z2?ddPS$%=@Zy*nd!~m0y!X2>t&M9$NmrW-*0Ul4Dg&8{k{dvtolnd6_h?#B!T0`x5 z2DRy@gvZm50#9>t#kAYlTHY{2a%O7(t$?8fO}>~9{l8_$RFaY(NyRd_n*~Fy2szTX zDTNz-Wi>SD=4?i(v1va<3DYN^_(s)7dLwYX0c%-kQh*0UY^%Euk6zjS>C)-8L~>cM zP`RqK;X||&D(ZO$O;gP`X8iL(Jy@*@f-{1!B`@Qai9lafTMqtIjO^ku>Sc*u?$3Hk zuC}tPQdh2Owm)0De8=83Y3QcU6J30dAW($r_Y*;0ZGHAU$@QKhnP9f1VZn@hO8cv7 zkn`Vmh+P=qJD)-@6v>I|r_s@ubx6oD3djEz?M|ycl1+rNT~(kI-XK``QEQ zV%;Koq6|-tG?Q0NK75~nUMzZ=w&M%1t3DI7|Fj$5%e5ufc-2nPQOlQTTsXS=wN|C# zk0Tw`mw^*1En6zrPZ#~K1Gv+6MJWean9KB9E7B_e2Ni9L0>B=P&L-u>r%FQO#*#y; z^~)5;L2|>IsSnAv-yAVdVM1n~Xo)B1CrxH-YdH2B0ViXqw!lysc__xw*GfG<(O z^7GTBI^jRyg)hMWcpnJuzw=(z^SVCome{*@IxP>cY-UAp4t)&%k2YUkGBckTasKqNzOp>U@v0>0$Sd$NSbG z>fO;q6_68Q-BgYPv3w8=BKbYQ z$1UwO?9;6MWNz#$BtY^(w24-QABV^@uG~3vQ)@%GP-vDD{%4h=s%$WQi3lgHvb=U? zG({BPbrrab=y@dLKI0)Z|3viQ_lS=<%dYLdwUmmVY~oqdf7rA`I22Idp&fmD4${2Z zZ}9;IpO_Nq6U#-97nU~HLr6R8f|M55`s39=&daobrq0rE07$WN(0g5;w7VkP%sFTW z5bLf%S_Ve}M61DAnQU9FTLXB3LU8s0N1-TSDt$YDZqNJauX%jjC0%Qp{{hXX-)LHG z%xIqr0bAg+M^*$UcK3_izS;-+oV|M+?VNyrsplG-+}kW?mw#+hvL>m3(RW_zTOHtx zcy{yw!UZ@?RdnI0R;g|AP4WS8I8+Qu6?v&u%6yhN8E17P!M^1}58P;n1? zK5PC9+ZQx=()}NthI-SCdw@R*q1s*RZG>+|+lt~Wpuj2htUkk+ zO1_77B;$_%CW`w8-wpe%zsO!~R>Q@5a;O=BrOCMDEE&+2KvSNi=|CheBi|k#0PWJ# z8x{ATz_mJ;sd1iXl360;yoNmHwQwl&EmQ^r7qhB<9HcoR6iG;+=~hw!@7Ma`)|zZR z!|oO7gcEePzW_cXzR?bFGmGKw=jWyg1BE!#i}1t4UuM10nh|Yrg#f^IwV-cgoB%wd z)=|~igpSFv)5J1Lu1!JyE?2uX@M!PfK{jBVBSlQ6A_3(`fUY3Z^WUU6VR_H8;1sNE zQ1Es(oi*)q_{W<~VCw`Mdp?#g2tAnSUgKYSriKW4tjT+DsGFQi8k`zYZ#6dzz=?`~ zOrZR2p^-I1_-H)M%iq}Cm-zFbbm_E!J6gdw8Or>9^zo%sJV>xiH2l9l z5{Q-72fCRPz7Ob|ipbR6K4q(X-QJYglbg4SRvbFM_f~dT36JWbZB&%?QIbW4g zE?)yN9tYMEz?@{F;vL_(P>y-v@{14M-g6tb70 z#NEUD0o=zhpc6(RsP9Rg3{e>YolB>$eq$gw+q%AHU zAczvSA0R?eGisi~FE;MseP2!8WRv*bKxJ~tG9HVWTTur)Y-6;2NM|ZSTFxq1ydfdf z6COlrdR1A@1Fd7gSoP2#hT9ujSi&oWUv*S^d7C_UjOFsG7i@F!Rlodr7W2Y?VIl++ zcq&(%6H3I2gLJHu*2;2CC+FKw{Z{rtMNUu+B6A8g|S zssIO`_-DpDYp+7qlPrsCY0zWzZQ6jOS9VY7O;*^85FE||$y)qXG1GlbpI+WE@xuqd zxOng5TJZIoYvwa+_8pE(9p_zFpncw@;vEKF~7FOdL05zqsJ;pgl&Mr>~>&ak9Y z$ymN@;j0@;D^BFMBoLBY!qQ9HVIBgjz=UI&H(n^vdO11Zi76%-KzQRP|E1E(egI>G z=MSP!26%^_qLUamMmr=dCTRuN+I^v72ikkVl-k9wc=dozx;nBKARv0MSx605Ka011 z!PIXFCameJQZY)KsTEq+4RhgvF1{-<&=pOoyPZF4)^2QZNN8^DuZg-Zh-w*Eo4PdCh4fubK0UFU;2T=dYW!h@%9=(vD&{*LRt`K+Gn+n zF4_a$!e#%T;VWorNtev~-Uf0*vFqU?dpapGpAP5##dBq(nPk5LDxk)ulF zo^u)3%)49Ht=9{d=+l`h#dA{Mz!@ci7w$no)CP}Pg#IFcsEP=C?thWt(URE3YD{SR zBTaRLqNXs-K;+v=P}NFVn6>elLj=1$nUSXhs2)*-%VpvOw1UctF)lR#&GYef(#o%1 z=HysD>$a;fdrwnYMCAAZ|9ur zI{&~JpZVPP`?bAaG6#E04@SZIr+clBl}qb0)kA%j_EMF;x>@!iCOM2L&By7FFxO?o*7C@sJW^+%My?9i4$gwdk6EN+|rL^Jx#Oo#DgrRB~r-`k@wEUeOMipRP6&n$E0ZB)cXX39l!YirOXo z1JUvo_5@4iK{%zF@A4Tb73ja2P(SgD(S4!FHxT0+Q!zbfIY+Q&qF(q3x6n$k!Tbtk zE0$ozpd~zVkdomekm1&o|L}!wCTw@dv=REc`!5Nl9GPsS|MT`Lh18;F?)(}<3iv@q zhE+x0X}@Lf|!Y2w%hV5TuSj6$cqCg)vvA-XO|aY+9ml8W_l z6r3{fA0|lxab~fJ$NtA6>1TVA0lx-Ak|x(zWy6GRlnZJ+#kV-}GMQ76f$uup2iMbw z4zLfJ&BYy;C+phM&FYxYG#m-ydwfL;!m3qpxmC8_21bAryH?ft$<~jwYs5*b(*YwD zAv8RqW1HJH>T}h=m8>rhZuHGGS3DPPz&_9ZnrJ-JJ1&r44eT+ro$vAg>TB-bjXHY@ zvxPtZ9NwQGhb75>}j( zHg4E%f!YA2C;=RhvuJx+hSB~v$WrKT72&72r($RydsKk=s;5vYZIF08Wo#2#i$%X9Rx zZw1+(@y%=_v2xUN<(`KFuTY1k?r>V-DW0+sQ+bMYFoYjfsreU$wHv_|o6wIK(Pv)0ouP|kT8K{ULk=E#5Y1_YUYfbSv~#6I(dG(8gmKH_%B%!t-$4 zOyl_|239_@el3)I7c5z?(;(~(_^~*J^4SkJkGC>g;1eKz{g%%0K7x=Fn2HW|C@jk@ z05I)q(K_k=0sVKvpK2GWw(#F~VQoH_qOoxg~SrK2I%8(zO#Wg`XP` zE}9MQF4tTs%aC(|OH-YjAI>56y7*T2=j{)Oc~)NvSz{BshMb!lc=I%@;AWPOS`T}5j(1xONLaxaU00;_W8kE8;W3O7`dPl5iy)BEjE0s z(xYJRp(AaNsdhU0m0H;T&ul{| zDdu`eobLOW5J}sIP_9Z;|6u$ud`C;YFT){N z*a}Lf6wbTwL>i_Cb=s|w)^m~6Pzv$HLt-3GJR+pe)I8O7yWbvJ0I|W)JiRk*K_|Xj zVnpYBGk>V)Bh>Osl+g>)*D|}4-V)zs_c^Dt^Xr|^+-OH8N7`m{ild#LiL0&bY-ezW zmMT)yXb8N~Dw0MjbF}7WXR?J}zp-VIQU8>4`SfOYe&GUMo?qvNB7gqLZt#p^x;1?{4r$X2=3Y*%E$@C${+oxdMD8jRF0cNa!Bm20{Nt}!DXrQb-U(&rsh6XH8 z^JGiEP<`^#$E*c(f=0@jZiC_F9RIGrP#6q%OB}5&=^rpjoM;LEg=9YcbQje$p)?XY zcbyt2dkQihla@#*PgI5rpd4K*POQ&WXPCh6Vy*OA#hJ@dNF!8hUq#p>y1N}amMbN- z8&-pky@8$2x_g<$+Kf&ch2hn^?-_C-t1T__(7~vlPlf0nU42q~Vwe!-Msi-yNyEK= z?#PkLq4Fbd^JN;T=`PG}Qs|wpzM08dcAN*5!s5SA5peX!K2CCZSv+ub=qmE%l-ZF9 zd~Sj$W0HR?g2ncYcW<#;>nAXR7I_+xMlUOT1zo5C;>e!eoX~H| z-^64mVEe0GVfPhN?%3YpGTC!N<5731Z#HmMMzHlo-w_GfA14R4eMV`dWL2Q~#De!Lfr>}*vmd*(=XrmVvqnC!2!DajG0A~- zQi>d)Kf&8@$@!S)*Q1s}031C{KH4sz#GT$aBEkPbz~a8+$6Jk{Ys>r|RkWW}T(-c! z>80>7O!oHYU4gU5>VHki#-8|VfHrl@e5DeSnP)wVP%uy+b6>cfA7b;hC3_8PCq${bvZ3Cgw)^An zCO9uwOSR@p9!yK@uIfOYMmXNfuAzNJg7D(T>g0oTLt_upPtP%^jC;e$Id;UPm8Y6C%qZTvE`MKo1l_P zWIGq5H=eP`4+t2JRfss7H-g`JG7( z2I3u2|9mwbtJ`gM-qf|31z&`0Rr0VX1=wxUbpH;VB-oW4)}M59(H-Xu0PAv6hhzuK}7v^okNV&%k0Dz-a=Q_|iQUj<#+`eo5Am<3M zB2IeQN6P@-RrTzxJG98?^fn+%wiG$}V6b|<2HTvIu-OY+ek3eizta)LWA`O^N$H%J zgzTlK{}J=b|>E1nN> z1Gh{K9uZ>^2C9-4nm8U#_N)XJrO|e4)7}Jh>o~oX8jqKoNVnPLc>>&iev zcmA=h^!zsScmOp;9*l0c`x8^8%()}f*2azF;T&q^lLg}Ngf*Ona00Z`8%pZNbIik) zlp8>)m-puWW_>*}U;qSwI#E?9KNMl=I#tNG_qtAYWgU-%&gzt=ZE|>!F!^*+??=w@ zGqqH zZ+B{_i!I$>>7Dq6pBDy9&23F7@EI%R9rp<=Cqqn155kDTEFu#lAV2$$WOr2n^GlR) ze6?R>yqvND;vVO8M%^-kWKEv8P39V*WBmqpX6@9Gt`m1-Hm_T{og)8@Phqi?8b8DM zGG%#)SA+tr)Xlu%UJWa9FsKVW`QAzc$ejhYq>jgDV7V~Tx4ED+bGL?_C=z!0hGpRP zRGR+&oDaZ~WIZo^w8&LHA-6l;Z)$TXa<}JKrXUG^YQ)GupwqViAc@58~?{_gRZymbX52>(aRIXEYJ{AT@F!Ml4|_x9h0p zD)dy36+|~NxsKo(nO0sN>dpd-rv&rc(Kq~5Pnu$ZwxH^MR zEY!6Ah+B@k)lWaj=ejMnR%L%E0k)mQh1Ny`sVD4t~VRfN|Q ztRCA6oXB}55IU>lo*&$cF`9qHcRjk=BW5hQ{2kj4$wVMs-CLH+a@08)V#Xu>Fdp%o z`KrJyTCBQ-P-F*)qG+nQcu;@K54#)FAWq@i((E@EouXc-N;fNI>yBZZ@pt9${X~p< zf8E2#U_mEHN_Nc`^>>qsXWpp22BF>U8QGx3&-8#&QRyWk>=sCPmVdnW@lN zZp<+?vX^i3hMi9}7_O*Jwwa2v>rlve;@0U&qd~2sCK( z9qEE!onpjkxrDr0>jY`2)p$8*P{LQ-1YIjb!WcxM@!yLS-uGxx!TvL<({D%=Ho?K6 zRR*kkC5-n1Tha)5rQRU~BkF6SIHZ8Gb`5n#tiYW_UYjw!17_pVwM?9yqHkXZ4k2Vo zb~{<_RHQCyU>nJxsL0SOH00C#u+eNVui+d*##Vg%EulcT@0m2ISr--d?F#JjH{{0( z`dPWW`oYXs^mAPJmYz_hjQ@Uxm9Q+z-#z{v%%tN&5LKR-R52w@&XD^19Mz6y=pL1{G_wt=GWvM0ZN^7(k`5ma0v8%R2cH59caqoYkR4ma+to1XZ} zhf5t zo@0l|B6s|#6*I$v_j>KR zN33T@TV%ZAP+ow>bJQ_`vGsVVZ=T?gr_Yc7;aK3mXaS!g^949 zvN8hZVM*1C^=xa0Sx-TMO-eyXGp&5`$`o#X2n0>4XmE*0Gq!5|54i(irQhQ~5+fpE z9>`=}f`A~tDFwUrRUu%1@R zowj-j>X(ky%)Kknv-@_SMAql}_3LK`57$fK@;{NsLI`k*PW7^9fjrG3uvfRv0a5on zKg3Rw31lR1ZUTMVpZ1_;vN{0fn5xc9Nn#SqK*~i($K8!c{G`6sz`<=AgY+( zY&uEaePS4LTYCIZQwp9dg_7s@l0jm0m~PK3gDAH6NN+ITAE~>irzNQdyP&F8>*!$W4UCPM5`= z%^ZYfZ*{7bfUG&Jy#g0U0qr*;Guu-{ZTpKpj1X&p+8nzteTjZ0Mk6U3qc1>_U=6=YRFQe zD$)!}3vZPzkBMEu2!fPMt$e4fcx`HZQRUFP8qgqIb4tqWsQwWmFX9Piw9F3V@f%s^+EF;>8qc*1r>Ju_)pqy$9s}xc%s6lD^RY2{IvSKWm~Rje5KumQs``R} zfH)8Mz5O~V@aiDl`;&kmgAa=5tKFSm~QvMl4m2mEZ{eQnZp*OWlia<_A z>{fMR5&eHcQRP;CikD|&WC>@GqxxKYg_(QfG^}G6qmFvE=e<*uw%>{AIH26iq>b~D zmuO!5$nSqVrg+)iDNW8|8jNftgN)rkyvCzu4t`q%ED9q7c5KsLxs*j9>pvb@Sihrd z%{|}XCB_vKZ&nD~<#t`5s@v2UEPPketBJt(+SYG2;GpkvE2)eRmWvd~<{_Q_t>D)e zWU?+zO@GIo)BS@-ghLNwW3UEk$cyT0%c_Jy=Z6CUX_i4d-RO+fw>O2hbrjAvB9O~; zzfB#pJvP4>-<`e1hNab&JFGqaQwbJ9Z;m#*v0Nv9|(1wA4S-{W%HlSKarmw9g$p?8#vcED20!a&yTaMF6o0G z=-F+iP_vh|iSkCQKm3=o>@bS~2Oe!m$lL^}#L}Dfec+BDEdw{dB!SnZ{w_irm%Z-Y zZXowx+RwZ-+wC(ZZyc3#q`!|8wYo-fqYduaOG$=~A5Jy%m|G0RAs1Od?c>=#qte8< zu90o=+)(V!+RY~1pZf!>K3Ys|^T@|o7OZ_P7|k?mT)&oYvD<}R z4FvL+=f`cyIx^0$aRKl6tJ~{j_nX&AA!JtX)}<`W0~YL@?Q7KIq+B$@8q4TdVo_S+7+MZxL)#`GjF+d!?iY3jne2TZ>-rgURx zz$dj%DK_F9=!kGX$k?--+rC<)v$g`q)Kmz?v@QFIJN#sn`ctlCm0#ibVKL*;3RMHV zYlLwR(iSRL|pQb*SPHE!mu7s+;=qG_I)cjp-?M3>jW zm*QL7eyeN1uwaufu;j-36g2PMlKb23(X{B#vc2%APY^O&pvnVT^oPf6vR4vp8h#c0 z7#+c+M=W1bn4|n>#pIT~=Q0pItxu@reJeh-oMa6&ugU4(nW0Vc3G=hGVafxO(hM*Y z{C?$H8PVW)jasNa03`t(Yi^oz$ei$sfAvRNwnnuZ{E#8x{cai8D45lDS(%K@kW9-fJ%Bxyk9*8?n&2#`628NbUH1I-A8>h8T!8ewVMuIY3huOVs z&WKqIL2jQae-F^4xCH=7{BF&nf=YN@uY|VFS9CkDN_5R7M~}N?P{yH)VXjRisXmQ` zWOv`ZuE=na;IcrsFNfm331~Ll=6fBb=q`@KZU+DD3fibBwIXhB_dZ=S zaetRR>yZla$Ys^{yYIagI)9GNcmHm7=1+wvkS8t4@`go8y+l_78T3A35Rk%CN0%-q zI9at!wl!F-G`MEty;t>S@YUx7pXE_2jBrkEq>sthA54x}qT@|13EtB@c|RMAZacZD zM{!M<`;0v1RrCG1S1xNm(qa<;izWC1@^{Ep7(Ses(FHY58$CJRn%~!K$V<346DZm? ztivUYcCQ=a>A<;Y5yjayMYIog)p?|qn_|CLr|Pbi(TBpUamXfNT#6=}r~&;vH@p(( zhjKZ$P6N`laZKrN$Z+aZd>yqQMFhyyNUQnl9kHD0Ggft}eptgInZI@FLi+d7wV@=7u;+QWAshm&?X3h5R448kS`^SAzD`EK`h6 z-t9ljwd)H0ZLHcwJdj~Gq1ZT6R_&;wGB*XEuEZJTAarpe{!K)NOjG>M^T!S3m`d|a z{pC_cy`{#Elk9<|26?;k$&3b)tX zfq)wc?0u^{(67oU*lKS5+)KLE?}hR<%+BBSx-Kx|)4_O8!@8T^KIZt_&Rs^>uyB`L z*<>e>*IH?Hr1Ce^wjSmJsoHqw{N1DmWrD#E<>up2Sxp%kK8_&qH*p#zc97u-w()G~ z4qr{j5)X<$S%K81^{^}+;ymS*ImcWJ0piEE&RylM7ys%r`}-MvQ71^Ea8_7uS_u5_+)4NmTF=O zmshcNtr|X7=KEyI%u|D0USWi~>2TtOu4%0>zy7z%oT-u@%iyO^Eb1pEZWJ!K@$xJb z22liiQ3j?sZu$YOkhYwo%kuHGg8iaGBrNIkvR7`?x~iJx$k*XEy~`OxcG zLAj!9RAHx2n7WaZiO&s!^`Ke%e7d$Vbq(>02+8YKxDz@k$@-Vzm&LUepN?t$p*e6d z6+xbE!sNV+=f%QG{hUOkMPOjL}-Mu5Bonp_Vu z6uNPkE{vteKg+q{6GOFeqaom7(I^S6w4aKA0#) z{$Y90+wsR+cHguw7VG8IGg=hE#liko38E6)^-$BzV$jE;%?Y36^fASSdJz;ao?Pz@0Ikcl!Mam)Ux)i0$k4N;zE=@Q zKRa&o|Hf47IvPj7=HFqBb94NA(0;6wvGav}b6?@HdEg6S(v;@+q=k{T)v%(R+VOBk z8J1NFmfN;Gx=$oM`CNAp-BNI`0|PbK#*Ei^eqZ3Yhm>n$hm)^pVVUiXRr_2WS=Emx z2+n_`i(J}DTFTm@^;@z=5Si~%mbjI@ zfdgwkvz-R`;*;xPU2}DE%oQzEdg<^*f1r0#aYP#C`}nOAC8&hBh-x z3%GRUswAE*MlwdaxEXwy|A^)F)G}w}>$MIDS@y9&4Ey6fIxM6!rB-IWa(eVdKTRju z+UT)VT#JM_o2e>)>o<+-G;Z4qzEHEAJuQtvUPZV;(#qn!Vo6C$)vAB1~Y98kQwqeEyAz`Z;YmPpuTf z&r(ZlI#6E%GVMNj(D~GneJ`=s{3f?;D};&vIcs5;zA#T1FbgJ6B=T7W>K*JWD-_wv zr6vwKy7ywuku&%{iP49$w>X3>k^@O1B$zZg=HiZG(?0YCS`)hs2SVlC6GwKfP70yV z{R?$tjtde?tEmG&ZgnB*-UgKotfim6SWU88YUc z`qj>BcJM{MnftV>#$Eu@yF|#L)fCxq*JUNDb8H(wD`=SY+!@h zDif@Ql8Sq3yQo-i5NdE;&)&6Xq~qA4M>p zu2FW2CEMXQ@%QqUPCYuA6;^BgiF!hZa66{uj$5NAo^&it(`^4^-QQ2Do8iB9(lGn}qUWg}12#p%;HfpjHGEB{9NLzio8#J#0sw!cQ* zukl$k5>0iRQb8#mko@G^Fentg?nNV|*T~^?zt>VxXYB#MCu4RNpFE^`J0|~^;yC5>nflZV*tXrUJ|E<5l=gEA)LU#v>c|h?tX)GqW~6Jl-*|Q5j<0E$-BoE2Etd zwvedYkDpEsj;NE!(3fT5NknY!kfMyjU8-40{Max;H`v`D78tPd(vqP1ewBhnZfiDm zV)O@P$&@=cxi~-1r$dU|f3MpJv`k5?7fIFXviv!5QFQ+bd%$XwpoBEv-aP?fiDq&v zK!TJhYRfd{wvlylkTS|CB13p}e@%!t$#fa^Mu{GFz8*bTto1w{A8>#*!Q8!-;HA5~ zsF3{UD^EHC;%pF{SKdq1pT~edkbw~7U6p8V8Anar3)#AuFq!2M<%y{+PS#N*W z-0lr^K_zX6?XeV#4#bn-O7Pn^`3bK4iu#W5SvhL;@H+Obo#o!&z|<8kQ%skaFhd2E z8X1W3s-??2+(Q@=-PwcB7O~>3bWfkK_Ys1|Sl;7KCvz_hVc~*I0VpISvqFqiRbkF^ z_6s?wKilSu10Qzxuh4cU7HE9*l9W|oxrX~!w!|QDY{l!I2RyZi-7?!VyXvDd`Joc8 z-}j^ZnVq+Z<7=_y(fiQO8uImy&=R^&^MaYiLLuARC5<;xmhiA#f@@ZW%UfaKW`#QW z;&)*VS$4s0B0NR5x#SB$R`~REq^PxJT1KswnYd5}tGDp^03;jIT;;RgbfOZDIBpKr~(ZL^SLGAx& zte53xi!(xBcN4si5qM|&Y5H*6&{pJ6c-fu!?0RV6rf*ce09bvlSdy-mqHJ;LhTi)h zd5kTWex;~-Rto1V$Iz!t-&A-6j_I&7rX{- zAq#jGr7xNtcT}U)$SQ=SMnq}v3sNd?-ARgT)i2+D70w*uu<2f;YMJZl2c~?nmA_OF zx=M1qbW6vpn_3j-xDRws=&#Vk{+&5EMG17W$;2&$El)O@_MYiPI3Ds$P zt?X<&rD=xKp3vzuw0cPWV_M}SJw?aD<0%g??#mTyUbdug zzulwz6SFE-f!+$mAHyHg5_>O_a)9xw7EqZ#t%b&a92BLAU~kz}6{KHGlpgP7nIPu> z0JE-VDsQBv06u}R9$f#}ELJ%--X#pne5tYcbn@NZ93Mjo`Sun;UrG(eq4 z>V)z5857)8DfHyhb!)%>tTDR@SD=eF?$nT%owV8e#2}%!)o-$$(^$($o07a+ra1s- zh-}0eH0?c;f1YeoHAzwH^7A_`zdKatkI1-qc@*)II_-4w(46Pgm-1&bCP%I|-$6&u zSR8%E9c)ku5?hwq73sgC2lIoe@=GYBKOl#}s`s`3P66fo)hWdjD?UY}RMD~+wE<{y z%QbVtUQv|(As0p|1-HoihiKiVAu*^;0xt7SlpG=u7xvli$;9-bARQPX75{ z$@70NY^@Xz1v&dBjRc1_*j@gCm{zz7+qUD$?h!rh0G4Yf z;W#uh{L_8xDY3OCR-j<^bl890Waq2iFaHX?dv9%XgMFxAYAhmNs-LEv)fMJ6mo=fY zjBR&$>m*c=XrEyQD^vAN>voafchkcbl?4QbviQT4c2*igvB}nNmw&sL#LnvwUplsOu>;+Me z8KhiDi;UDHuM(iXyh)<67yWYmr3SXCH34y$sl8i$nt^S5Ft7nAg+KVKXW67;lg3_G z36tg>7>^E`AOBnwJXHf`wvVpjN|a)x*GZiMKdDRyZvVB}x%o2$`a*@X&;r4rV=VAv zdWGU4=^~@a<0F5g$610z4LR?a8HinTJ?-^KFBv^Y?t`&ACHCDn2ww?*U^EWbd6!Y# zN@wNWWHFCS!AxHj@&#=Ue>tx z)&NJ&YAH*r_iFm|nmmb9M+jHW%&Hrs-FgdsBoj*oFJHrB9c{2e{;Qj>{5F^!el$u) z8c^85K63rJyP=txU@9|OwY#H*=TU+ecS3?&HgQ z^IsmRgg@++(FRkqBy^^NJp~ZTV;xZhmD!OBgs`OQYoSsY)I%a1xk%V$TzTi!c4`H`FdpzN^$t5TrUCC@m5G%K4^_|El8nXM z^UDevxW82$hTn}Mc&W>wG*^zT&8D(rtsV1E_8ToX#&4H%$vnOVwRCR1lo`PmiD8rc zTRMZPc?sgEj0n?L^c|usEVcyaSyo>pzJzL`URHN{vSEgQ&sH6~aYYN38Ex?-V9^g4 zz+WEi4yE%cUJg4hBY1YUtLN-gEf!}C*VVg8WAd>Vc^-&PUXiNO4?zX$3Y)z*=xoDI z45B_bm0e_6!AKW%r*bzhpuFW2(I+)t;576PT|EiE4c~NvN_-J>!K__GsKdgAixG#C znb`{lSVZ!;AV4zZgt%W(b)pe zHAVAlC||dCZd7gy3kO!PF=c+~x`R1$s*Z>QxfBO;k+K1A0Y}uz)IF&jnY)ohPbkTz z4_9kM#cV$KU>aI`78E~@r|Jr@Ar{)Lq=cKzg6>U z(|%_BSJQ9LviLPNO~;@aglj9JL6nZ)`Nk^>dJ_{y^=VUW|eleWIsjMw?Kvg zH22M$j!y(fdv}srwB*4h5dEmMm~i>E z{O!4YJ_eqPV03~9z zG-KTVVAOgb;ql;{BY}5Fu>8(%X9St8^WClS?%zV1@8qBlZ=+woo{~suTHk%NX~j;5 zFY!`-^u)5Tf}C{o$4=>Rf1efJ!8swG;d?3Om0PADkD>W+2Yjs7L6cP1UAap@UZq-rGUTk8TMSkhXKY zfc^|=uTeF7jhUdZzL$+PMKYsGL#0%)^jj#wu>Ib~OL!O#L=1XNmQ6nQyj12%7s2hPU26b=jM~pl?O3RANUz;6@o=G zSVmo?>Qy6R7?2S8vE~x0-vJMN+&`DTraI~!^2zaCH?@^6>*_4KB6M9D+0fq^s&OKDTFwAxc`TksSrm2;j+BwarVdPbMqDtoZ z!6m+n>N+nH!G#&B`$#~67aPqD$$|L}=>b37I@D9d6X z1e-j~%b9DhRWlth^E|tR$|V_HXfFrOH;YYJ{Y7%VI4}nnotGK=-%0-EZd%WPkMyUd zeG54>=sozpY6~k7`&1kxnXjj@XORiw1)*-TG}5B?Sds5}n5T^f-gTVAyYO(6a+6MK zB17J){OwPEeatq1gmUTEDTDGa9%><#xdt+NkUG});+IsyWPfu35m2d(#A6^c!_&nS z{1_30TqLvY<_6@sht>Ep$fgZY|X`{{Fl2M zl=oQmv)!j6-``J!l_c~H7GfoK%gz^KWm1gojfC;_)!B2_;-t^>dA7SE$`f z9m^In6FwrD&aq3_?RmGE*Odm_KAtXn0a?4vmoj2^_;~9*_Y|U<&&!7At$jRZGmv|_ zUlDnbAI()6dXd)dRP)KLq9P|>ist6tEWQD|OCWRy&tEoFM9~xu z(gr(X_QZLb8`1`E!b`8AYQQkt??vTqBaH>sWwn*U!lUEDP%-4Z!eWzLl+QqZY1%_q zV<@FfHZiR;8ujEcRA^@~@kek*vRa$Ia}?LNb+26^2%CIhEj;)M z5+b9{;@ROJ7#ts}YnH&UHHD0zoC=Lm5Dkft5+;fF(#x45?9w_@lcr%B7e;3rHz}g{ zh3Bo78OJ|7nyYvg+3aDVaYW~=e(|MTZb!C3TLOC5J*}&(v#`|4*L-;+Beb`d=Wcju^I*opmGCL#zX z2sLznc*L|$difKCxoaDXtxwdJTIzVeSf-2rhSsYtogA1-Mq$7IwzM!XEytiuO|}rk z^Io<(ddsfywOSS|aGMIR1*uT)lgn|)Vw-;nXi~>j@$)jBLRLdI11;mIZ7=KtewUX^ z7{Pr6Y@{(aUQE0%tcZsn{kVmNR&}S-TqIzV9gwbb?7;P{Uo;RSjk=`197qefJ-?JT zT0vyqQ%c_0{iv);=HxIg;JLW%E5XT)qWKGYC}UjjiPZA=9Fn%uZYtOl__)SLK)Pje zHJmciwh&JlC8)|CC8xo65C&`gsGMXm7MG zl!S*IT6AJIb`v)Xk%cBhd%gD`nuV zfI5&X>clRF{=RCRdn4W8&3+$0V!#3p%5F8Lo(aUfpYXDJyw^BdWgJFSq~7wTvQ{#@ zf6D+W4Ps4k$Ft>Hze(yzJNwyJal0CXhB;QZUI?|Ps4t>B8VVY#=i>c`QW3^3W6#=m zBotgH_cL#dMZW3%hR)O7;jgY{MlUcKB-#I3;TXFQ`@Khn`oKhBK z9>VDVJ#o9|!?H!!qC$xtk3!F0VdD}(;Cj5IPSA0AQ%66htW%ry%}T^(?{woVItT@r zjT$j+hV?g>vyb9`>;%PD&3tdO#7QidMIYRD0VxFi*$Z_eqfcDjQE+5K%a9Mlzo z{86!B^&f+q7z=QUY6{Y+S3Ad7rZg=#(6!R1@q>}vRiUwYd%(`K+FxYdu+XNNb>9uq zr&AwQy^ZjdT}k)98s;)2Q8?q=&lZ|B&A^w>I(MlEe6&C5NJn*qDrv8UFWS1y{CWhveJ z*uTA0!umGs+6l-}I`aCI;4yiOK;R+1Mq=#o5gx{0?F)BrTI`b;SKxdU8rv{{nhkPG zTLw0}>&-#HP5bIAk5t2P%`bLwS3syyfYa_}3&?-I>HcqxEx@KU=uJgkd%voIZousB z{wr9Ad{cj5)mEl`m2vDNXSJ^^ZZ*o!49=#v+O}M)JN)liI2miO`5BgBf_l{PPQe99 zsmQzFlkuY5*EeCGw-eD@ciC9B>XHC=PvtBLOBH-VTXNA5)-oE|4yqrK*u3}#Z;~^a z8{PuEP734fU+ugOV7-C+7MIgGng3baKS_E?_;^QNys(L_2QPRHXz!I@u#kk$`fRU$ zjDBG0NZ+1)`0ba*qG)}MzG*4VWbzuti^D{ z47d-U)xN~|{8A?S64YQZ$Cn0p5-S=gx1Pak(fk9z*;mgJCxM=|FV90lqV;IwqQ14Z zAR+MQaQ80j?WMWw5KAy>nw!o3wThORgT_7{SXvJ^Wk>C_|C$8@{Y=`$BFZ( znM$9q{+{DjlCI4c7l-gSrgoh*YAzi@Cgzw=FHqMPGU;%IQL(s7Tn09 zeR3F=zmBM5go+S;ms@PRZtdn1U&>&wodQ)riR<*yaq9Gu^2$e%j&Fn!y>~xlU)|2k zIt8|nWA*-KhR2grCV<%%DOR@Dq(hN?REjlOd9Oc(jCnb1lWj9#P}&-hq$ZN~mO>XJ#D zF_Heo$vK#c*wRwF6_Xd_+~TPJg*Ly)T#HmSlV?h+w80tkBh{jsKJS9ci)lu+u_hQ#SAgLs0P-zUkJ1I(1bophh>teUdAMVlSepabHryltqAhn>Y5hnN)}>-0)OlHNbh7!fHlw241nJd^TnL~4 zqK>mt5C16jj)3kOZAUzqb^XDzK4YvpM$9?Wc#VMbUY6t1B9+ z&L)=cMYX~|%6%l7PLNoA`bdLqdXuyDaTUR}@%_7&VR#hhXB%1NXm?y4raFBFf5?%EU-s--m0zvYK6c{*Ik;c_wFvkWgJZ&$xEpTK`_xH zR?~5jx0IZwS-9I;UTpSbWssD5?Kb;#0#wD_@s~5@uC$i0!YZyA+Hq#bAyEABb^gF; zcSPd>lio~Kzq-<+S8GozrZzd3cPpDLYh$oy>NB!{pJZ4(g1Ry_V2szyW|w(Caq*SV zLTclBwyd~t!FT=NHQyvs8|%b{`D}W@GshuZW*(C_8rTY6EG>cr{jnsaUr4H~6m2WC zqCq_{RUP;Gs35jLcC}oBmlvv5^3?ZeEV|sDt4gNwlEDh;U{PkX5pn}jhLnWN&gCU< zgbbNzVpBy1d{#IsN$gKFMSe^v5Hp{U|GEuBefAFg1$sb+vFr+Yo;xEs^q(a3Iqq35 z!KT~Cyg*TMjZE9;Szg}AMDAu*r7K{%(ii8(c_O9glYc!R5aftB|FNbz1V1=LB03p|9+ zO={%*R31I8r=OaLbEL|4^)4D2mWmEBdoJL@L?psvir9pEQC;vV*>Wq#A0zB@MV#;1 zFn2u(|Bala0Tn!LLzyv|-KrRIN<>d5KdR?c+6}rz_$qcDP$>Ov3%D%zxj~%qQ6xVK<9@Nb31CUc|zA|lTrW8&=- zhPU?fL(2^R8484fC%|2Uu>W}5{-dtGC!}|kzMr#Mbx)v)YlGD>Mo8mJbc5SSy=7F1 z&pFQva=n6xNXH=?IWwmicCVLRrpZr+^*8!x1i&Ct_roKWEl@y2wx(%jv6W@1 zHj(LN)f#$@pdXY{2u{yYu0hT^l~2van%pr&VO%eK_84wS4$OD(vv7K3 zT`#S>fG=MdsS-ycZeN>BkY)*;fp(BK!Jyi}~LV+a_Ru(=u`qLR*Yr@Gk zV8SyZ^le08Jz01uwIXXe^H@GWTZ&q1uY*4Ch;}%lLgon?Xk z-T4z$0j^w_DhtJ-qc_ZZ4$V4d`Tn(pG#yb2zF841pm_Au38u;Rj`u!!;J|~)QnEK3 zNdu&_27-BwTZ1KhvPnZrjiz8FK_$W3{n#Vk|C9yW30|cb*!&LBxPx@o)Ax9kqr6mE zmi>U|XF)=gDREbf)+qm$=)}p4{{T%;!uls!VTI(^T~0RUk)LQqX^N5(y}G*itO}So z?V(Qd&Z*VT=V}7dP7EPTwN6hpwY<@YxoVR1VgcZrX5RADa(YhYdGSh)f zq-1lS4SEP+#g+=s8rndcuQc8&HN^0pnX-W6bpPn(#!9aiNWF(b<__niXlS{{RUVM;&SxiGRkEex&b8b#l^ACOM0ad)Pr^dmpqIR9PXZ@amadAobvuZ| zhHE4!<~y2&+VZq3;dI8S_sF@fBy{w1Jf>3UlhL=zg^eM66uz%Sf9;wXtfm9vJ4XXA zD{R45HFvdwB5+@HsWCMiXMP8MofhSmG}-^{sP6*_`wZQ4NdIFs$_JrFD=%rH7@Ypk zC@rS(ln}e9qB`iUGt44y?3iIAcbWRXK70mz*jLwsWr_LEqXS-jvhL*l`(~)&6Vao8 z-(}GMpYwYz0cz;x7#Vcy`ieNk;T%n_TB)M-#F|O&wZk&1T(`e-$>?FoD%DJvO-1w`n9(Y^*hsGt7l+@N{7;aF$^)d0@O z-VJD2kgyN)_%6V0uYJC}1_vuJU;cVR<=3>}tr-9eNR%N44fbgk{yQE3*b;GoTm)kl z#RY{NNS$$f_^ftyF~`60(|~P1uYCx!`hk5vK>@q{jFzYOZ@iJ;s8IG6u4FxHi*b23 zWc3{b6zkyf-zsol9&jbC9mGp6Z5vsEQ8DgUcJ}~aLQAU<*b7>~jx?OPOOqGjU zX~30+;Hhy6MgR-5kH;+Mo(RIS{pZU76lb7V4l^wF(pTaP`=bh&jXL*%`7tvZa=D`$ zhM4sZb_>pl`C_0WU6j>?_+IWGc5$5BrY$jNw=$bLsjJu#3{W^9-^gPYe8|xMU1HC~ zNP9`P%d0zIr9OZ{fRE}!WG5~;l@7y(Q8QMGk7Q&hlEwzu!`fxH^CEd507m7v=rzD5 zc^I5wpZcI@2J))(;(SZ-;0oZWi}POwV~{%Xs3{Ksx)R0-a4-2zYPTipDzs$resrBH z1_LsLpY#%>b1don3N=emyg1zlZhyAP_h;R1z{IU)UJVSiYJ+Z_XMY~plrX(L2F~Ju z9!QZ#W~vv!H6W|nk6;nDuGe+8V*cVffa(-*c_e%}Vd2$JM?CPm^nV80*&%Y?tX}{D z6-YerPZ$6W2(xgHD}~_$d#DL3O2Jx^Vj$M#EbPZMhCR!W!+wwW$G`cy1T#YbouL(A zv}&V!wsONd1%5OnehNW0&a?u9Eu`&qEq1u>=j}UJWA|LZtn~*vjzGZqmezoj{o764 z2H4Ttuk7JusVg)+V{*q@0fQVLe1Y-G0R!~vsk_uL;f|9R0T*XmY1~=pD|Tw}N>uPv z9Lll2?316kjTrvh2ze>!M>1y z7{6LyWe0km7>E1YQvh6biE4>JObD>c&1>oF3ur?AyxG1JeYJh;KM-MS2f##mfCf0j zqhNrw;phBu+4pV`QIkf|LeF7vQ*W%CrV?nkmii!9cKqm9Ni|mk>~%KHSR|MFsMLB~ zL_@OlhgQg)RDzD3;>_pSpqd|~MINdp@O5Hp5bd4O?fL%@wK1_N)f>A-j(=w)i%0U+(cTN6ujvlK}*HT1#L;gi%^RQa$zs1#)`D$A*=Z37q+>exX|?uiFnfaLg}=m;Ull5BIv3cOG? z!_#nT8mVQTD<%+7X4yKswRKPxObo{hB%hdEC$dUNJS>2dm@|qKmE)7Ga4Xy=-*cv9=15Ae{kdg zKRu7?0v4k2+}+vzxz;yOG0&xD5G9@IId1vVGWEspz}A(wH(}yAhb_kUNlG2h z<{OmkrpC~LzsF+Z)&hWz=#3!T62Ri|RBif*M15R7GScuh2-i{EoAl|l1&Pra`K=YDOwnMgJR z{KnsatyY)zHs`|Ods_kE?>9%95q?vF#uk3l-|X9#AbTUtm4hck4E_U_v!&eKD4(H! z3Q-*3RKB6pzWvEou8;{%u96@lN(Qu^k3yKa6uj1GxeG0COnyisKy7|#zDH5CGr#oI zwJk)tME-8hH4FPMFI$a|5 zKTGAmQSt2mCv`tiO8zI?eRk&fH@fdX6BGPK@Ly2`i1^}n|30|S_y6y8`Tx0tSrhpJ zx%D6vU7za*z_V|xW4Kedukht(1Lr3tipW1eQHbyE#Pz!Zf3C{AFO}S1B}};$-o-|7{1nh0{T;LYes{Oj9sn2+>+H+` z(2x9H47y@DvetJ`oto@ zJWgeML75f-KBhNf-Q@~{_5M#35feMVBoGU){iNe zp{KVJ=4S?uhJ}{_fj&5y(-i1Jf~o0IkCREFiictf6J)-hJ1B;o4O_KVLgrmoX6f|} zRHiPk1Y!)(vCwzqeKy$Dl*tSTpI(9a>?{(@4H8~{P>EK-!DqD zd{{84Ff4e5I`8L2-a_1xS_xk}*J$tsZt4CKz(jMJSPat)U7^f-a3CUMuk%QFU1{YD zSC9WyDpjmq<8X*to4|o@Tu95(!}5w3QN?pnTCeMcj`05E5TbpRAMJ>gE+*6k|G;weiiNSltJl3LT1fcH6f zR=pH@H2go>yM}-u1hn92kvvCyxRqh&@3)m5kV;N4>^!Z_GUCB;Umg<(9Gw9!@_^c3 z;>NhI`w9TD3k>(qSOy~_Z2xKCGk`}mMPshh%22tYp@;>5^TB3I3!WLwNxFinQH~qr%5YWY7?LFIvlAL76_F@XFDG(` zOe0DTw`Zc`HA6g^T5eQ?ts9>;b=;0a@^?*1S>bY+GeEr3iMAW)Q|P&WZTo~1b^);C zDVx7?2q7a!uF0IpS_A9PMF-lWk8^|}KjGqqwIlH45*gutGS7Q`BEyqkn!%hmo`(b- ze!R{>eXnPGPETK{#|Kyf{KFtPm}E^#7;%U;A9jvu4|>3D4O>mLuU0K}J=*`!=85k5e6P46B2B+J8@Ku?|Jr`~%r~i~k0y^hP;j5QHU@*~ty)Q1p~H&m zT{CPjEPYJ!pL%`N#R%wY8e?rSVn2M63O+AA+|BrjHPLjF597UIALG_BHetS&2OigD z@4FkZRoRI0FX)a9Q{@+Ixi5v8wN0!WgFAIF7Hi+kne$25k|ZY`^Z31deqZUj1Lw(S zO`(kF??D%nO?MYdq6PAwq|@B(a~9N*dy+l|^lAma5Go{-R>=gY0Hv$1o!AG3;mppm z^xTdiW=Vk(h&Nk}%Y=0LD0K^35frNZ7c4WNgXybaM#?=0c*y^rgADs7x6}m`qqxid zzv{j-D2lG@RuF+PAVXA1k_HeE6hShG1Bhf%a*zy?Gf37EXNZF2EFz#J$vJ0GlH@2k zIfG=$_cYJr`+k3K)mL@vR$22ypr`wUz1LoApVb7~$cJmj(ve0U*3;tSRt~%unTma; z?%gC4by^w^+9V%e_#EmuRE}t<0C1IpaiZ2*CVms~N+uC$av7Olwmy_HhCbX*wDi{X z?CID}#R&l4h`V@ChUo@!u_d{JGA2GiabaDp7RN6Ejcxf%^ODzp zHX95On}1ht1WR1*{|0^m)8swY%%f>&;UGB-SGksl1IZ6Z4;1-L#cxo7;tBFi6Fn_*A{=nI#t5=XyT3RV(=@*ezxfCBL{ zh#m!JM2OuGIIxcci+=?&P{Dys_^TU~ADfCJyX7~ScD`iit)At5$eIKSPq+a!Wh`XT za+Ovjm{LQxVB{Di#Cu==voSfqQveh*F*`y229HQTQjNkH6y|I69`oV2cIGgyQ)A%v zvU)~DfDnL#oMT*qxJxzNz%#i*?jn*0{3t9W>2olZfMD!ecR0EJI3Byv;YK611>q19 zNH|Y8KHACm#X@Ee{>C~ZmPd8FV^-8vG;a8>6sG~(FbQ`Scf0BQfn>%OBnb#)jCGO}(^&s&&O9eXHD(N-*_x z$h;u~-(w6GI8f+fWZ=+T7`XwD7FQkH3e!>9d*p?f$pG zrH|W7i6BW&f&tYoJ^e`}!M>!`D)*~=2zcCTm0}B4rJcj^3P+m%;IbTe!Yg40g8%l zO~^TL2+>z$;}F1&Rolvy433mOky$izAh8RrzxnlbpmOW(wm8Zgh0Q5@q1Yz?ZtIG8 z^lAsV$?$j}E@MSNdq!o9flr0#y7|g)KwgPEf7+9v3y_|xTVeDEYns% z2)%@7Y?{KBpwsZpdu#c1`u#7~+2Wko?YfFa1D7O5KXe41Apz6!v^}s14BWuUZpwts z%a)!B3<$|&07^D>3r)uX(KTFu=kFt)O&lO5+}7((eYB*kv~n$;A4;W)%+G-K4bCp#2iD21W0t1VfHE062HclLHQElq%rb|^rOCvq;EnBNcYxQ zu_*vPTJ!}*p1&shuKV2o0%2%=fkApwNa3CLq#)U@*E{et&5xba**XL!Gb^qDd-~7) zCqn%L2f~p|q$mSV1yD~@!SG0GS@S^E@u%Lyo0ObM0T6bwnD~JD`J*7=z|cTj#}gP4 zPgp_9?`_fN=?__29S!U_p|o5H40t{!R)IzlrAkD>KG>9sWT~ic;7Wp@6?7j?p{ZX% zU!F9=roDPW&;>vMX_GPeY_1wgOsEZl92~?M(roN1%?LCL>;^~Q>v;O?V^O?}jE(vd zYJXdyIw*iF*Q`@jlcDUV{YpooN{Ej%D!P^og5Ub1tqo-a>LzOGopwC0F$?w0j1FTN z&*nlZne-qxs(k`kko2`>A90tsh;{iH)2RM>Bagg`_hQuimk5wz0ByjRom;96MyS&U@^-9An z$5o-;5oN!ZB=*3j>Q>s208>mVr5?E=xiqEWl@Hh-ca!Bp?h)(o$iB!2vtGU3fszzm zlSgR_*l^g=8e@t-jWCTBDAFA!+f?7{9Cs2^rj@s9zzukN>j$y^+^3rOHwB%^(`oCk zuZpwtZ1|hzBv==Aq#GmscY)1~+&Gtu7@+=$`e}%|>r5kUkdNp4__CsR4=xk>FJmir zF&5gp;~8(<`-01&r$D8*kiR5uTu040YA5%}!cKIq64aHEa~R9nAD80L)cA=bl>R~Y zkgY})_IJIHRyFEwxjeWW|CJZ6QfE0j-9_Vl|7EUEl({()2~6?)zgX|4 zB{QY!v$Kp1`rK~uNgF=)6nVjooM-|?p2P}G_-;_npj4X!wks}T0~X6346T5kEY$BY_7LgcO|s zgAHnUC6tFjW_aKR*%zJV7AWC);wqM!3u;ULfPr%ZRp!Re3!XO#lig=Aaz+r4U4w!m z6V=$9IW=+}lyAZ}eE`?+Yh!;YWxX4;ot#00JkVlOfZ#+w16Q2#Sf~a?qgT$>t7jT| zC5NEHE9f^+JpPTQccBui?)0$E4bbX4&80!NE3*y(#}If9vR|r#?7ooFuPYYgt!6cq zPRvuh)oG6fu;S6c0u2X#1N)B>k>>#RxYFbMa+18_z__bL<_I#Ese(?tLk(y5?188t z7Xpg?sv~{i4%X!X*<#ffcz*-Ee2_Xad<=3o_j_LK$=_ki0E&xaFQE44aDWTpuA|nr z_<#dt8LT$ zc&oe>2({P(U=ce4vE6P&wDywlR%%`Q2asgr0x_(k_dyxv`j*aB(+v>b(N4f)t=Sfk z7CeWLF&Wbr2#b*w;8)fcFBzaEJ%M5Ot!LeCCtC znGVwZS$QFo9428g1~B_Nu6xtIzIy;Cxpr|CDPZ0ON_w0)L2--Jv-=p>vQ3C>edC)9 zps^i+I3DR>65Zmrz|Ac^T{-wRaE6nvepxyoZi&%_cnsEChfseTz%uHiWrONEQ495M z6ArTQG}IzkDbIH4UM_!Ny;ue6HD}y=i{D3Iydn7E1}Y^tyXp-Ycz*cRp5$ZzYgqdi zs=->Q(FH4Lh||M!qlLPwgcvTRA?_r!xLw#pBH|1RMfd&bdA~|w5azn>;sEk7|M^D} zwGHqa=P5-0FNl&~>A&GZKk^euJzC9cpqXy~q<#JWp}t%Ih9P`BV-GE~UOcjfpBbOQ zQ&EZN_w44PL@%nGq%#3YS5Y_--n4#7n)&gj5qA?SA;i)!$w)I{nFAn|jLCK;9+FZ< zq5pRQw1*`;$cH?=Ipb-f7~}ZtsB&5wRcf?TEvTENb=w5O)rMIlVcL6isy%$& zf*(cJa*7E1l@@84wh_pY#&zInMrO*!KB}$2yKQLnX4!cP1bNM5<~NvVbnqTy|El}& z?*wjl+X}JUebCL)?`#|Mm|~7=HZkI#PgsGPo)_ zE_B)G{WS_bD93m9YmU#ok;!A*WU=W+a@gcmA4jr49!mu3JPKyMEO z1~JFpQ%5?^E0ZY$ZYJLK(q4 z;Ar%lsSBv^pU!_){Kgl7VrppXV*elR+hP@w1%-Kaqod*)s*9l4x3{$UHJWBdm9fO;}Cwt?x%A}J^+YC z;UG63jEt<9mVix%o2PY1rAzXol^#IW7Jesl=%Ivm7>HJ;Mkc4ndpuw9dWdua)>@F* zjlVa2`2)!H`(cm5PHUXef41eQR3-790jOA`^wuXf>Bue%a{Pvo?RuUW$a{g-+pcG) zI@8JcP*s-h89~1JL$PdG!2n{4!5rpPet;|4c`h>rV`SlXc~}FF`xz0$(_ZA?P7dNCeNjc zW}tv|Zimftqt{K`LX!!h%sAIo09iZQAxuMeAh3^wSR+n|HG7XlyqeLIc1m= zxZ%mz^xg^_KUeH3O0UM+m7@QeYmP;Rg$5lRU35%+4L6XwOyg`06;=0`?E1;~bN1w7 z(4Q}G>Simo9fy)nDw;{GS_9TEp%_(Z2G-~=?}}c*r4VgxkxrSvn#FbC;qzaSB4SkO z|2y&F|DCMD``GU`5WXhyh-iDUfR3C5R;|32(}49>+okjQGXsgtL*My&M9(jkaRCMz z(k|3Afn*Nas{XW@9!g!}9!LV3`6_UQ`0g)&A0*-q;FZa zx%rym==slUd--~bvI$V#CSN;_ZMevp)0+f%49L6oJ}@=?IdxTN{+(@@*zUDu;rcQA23=dtm{M0>~s^ioG;d1PXrl$5JuVR1pdwlg*OL|H(-vd6T$`hcZN>IO7|As^< zh<>Yg;FjkqK)UrwQ@cRTer~IuGnK|<-K#;%!z4I*F#^~b8`Dh_U@1!X=wrYSrFV0n zbAx;747ETC$nG?#ZqDxybdNi~C}!y11sG}&h&O6A9=sUV(;t0#ko{l()Hv23#_O@t zm5Jf;HmveiXIuoPtfT$Dt9y{|EavX>go7Vec@-H0EvzxRPd0}#`iz)n-2icvzO|jQ za|cB3WvKrTf`iutebsqY-8(rlFQdyr=Exo~uvvOm(tbP<5$)K%6LpU6t+=eK z>&Hpb;1f3d!?gR{p>Ql*uNruc20o-Y%t7+rVY#?iw%nVU;-k%U%SPBHzJ$5E6fCP9 zTcG-J*TI;`c^!TU?q7z?j{6O^VO0*XdOOdJtjJbXM$26;Dc3^`(@#n$M#2q?_$s2f2v_hiUIC z_O(LFN-)1qm~cMTt7aFv1{WSA|AX;ljk)T|E3sdnQLC>1+5(*1t<&sm0DJ3*cLmPc z%=U+X{lk@5aNcAr{gZDrIVSi|%9e?ln^_C>QbVxgkwCVMj3Dj#A}l!FQDEV^5701s zbN|Dx2_(U{(8H96-7`Vn-JkbbBG~s3JYb(|V#G(NNrac?0Liru>1DW#1l!fp3CAvs z*BO@3ieY`1*X1znGOSkxRK{$slA?JflUK2eykuCuxo>Q9pcCAYMd$<}K&!?>w}cLS zq$PZ7_7hG?a0X@6_N&puWnSi<;vwmZTBcP_fy^k*y{i--pBZ=!47`iRkX{Y*VguQXeEB?qv$3vS$!QDwr8%6W?A9YHob zj!!)Lc8y;tO89?{ezz(yFP*YbW|fsm$`LKN#

Fu0a}L9sW}VNAM_Nk)4afP2XS| zO`7#fYrq>YJ@kSZVpDhZ_cd^xcTi;EERMM;!@i~A(t9(aeUHLx+4)SLvj%&;FkV%i zTs4=))ZHNGLL;R-|Z8d14Qn({lj$u6>FpC~` z0}^ApRf(>*6!1yw`_yx(K%A?3ETkoLQ=&-N@+{L&TO0ttg+f=ynb9v087at+_yO|L z6wFooesS2Io<#i5Ps}u-x03D=Jwj3_B@Y{?b}BFX^nLr*X@Xs?7Qq%M($qGa4Zq&| zUJI4p{k4E%uTJj}qLRD&(1t;_LoB|fH2n`SljeT)`p>+INB5uyZ8~7hzj9^IA?>x1 zTGACrA<@I8jrjq4H1R~7$0E=5FrdRabz(qWdcMmMr)hL?mrIy@m-&FY57~Fo^@)T= zC*ESZ(~wYDXcYa2Mzaj<2qIS#%e9YT;@ZDnBz}tKM>+uOCP#bSV;&<8$1)H{qPN>9 z!^UFTeX+qspu=^UGqXm_?i#3qNPE>WSH0yX+t{sa-tZ~$ekL-_=Lsa%o+K)l^%xX@ zJ(AZc;h3FxGD{jnkhQ5w(wxCs5yVyar~oD}jbS}j7vo?II{69v%{8br4uurL3kU>+;IAM=RiKdCckWOcq#cPK{Kr#SQc(rzPXh zq1$APD4WV-2YL+#!Yz*92oKN)!;|G~d*q?~xK03uWqDR};I+^lb%_+qjD&N%spL_# zG5*aof*gr=rTPt&c!=)o0uRVgT3Hk5u-ZuL#vHoUE_6bUE$N=UnEg-ymV9s_XK?)6 zyp#5-c{ciScj0N&cc7-+o5>lzC{ZN`#C?26oYpHA{=;ib~&aW~%zj)iV3Sd&&*qnkul7v#8e z&#~r|(4@7^2f%K=XU4gF$)ZC`2&^ZsVK-S)Xl(>^^8J1)4DYesdM4|9NMIpJKnfTm z=5??zaLr`T*mbgrioK=2=H2(c5RUbojrhYP1*-ATj`Wb z@DFKU2ox1=WKGBNzV;au+7TnoJK*`?4m#Mw)!hfKz5?ls^5AnTKu}jzrsA$_v0#s1o%{WY6nUnDM z1GCfdVnLedSNqfby6{Vu_OVa=x_vUpQVr#E&zTMrJhLvk_ud;c%B8UruoK6gZl|26 z!E<*?it*aCGdMdfU!^P0+lMM<6wlgGlt+Zfzl0MgJgJ4k%r8Db9>tt)8X&~Xm8v<+kI#ieHtKG5KyC}V#if~9N+$sN8a`III0I^>Z)z4f(gxo9Wl)(**s2m$mEkBf~h1J z?p>YfX>e0lcXrXwhqJ{M2xA2|>W+p%PMB{w*0Ow}oR-z&a3O2sGi7S@&%#f_>+1Yj zoG$5!$jI^HdKtxA1G6r)Be{3-l6fyA6zJ&)V5I)UqvA#>;b+s83r&}oJ=5i%1&SvA ze!p~XnZa(Ef0&$V^Z-s_B`Aw5W>`V+t+YF|G*Ta2|DcJLo+Z!=YBcSFU9|U2DAate z9tP{<(5~;W`7v94i|Euz6sDDixUih)&%AU&47+>Nnqz7rm^8IS5Qg_SGS;0~gc&vR zfa^LN3!1{kidB-%F#bBSWi{ra;sv-WgE9eViSfM+&v!?JF!y}0>#^x0k-_ZV=yp5Y zoirp(OayJMfI)rU9sJy|k&f%fl>dH(3{2Tbiwr(Zo z=mH!bjbC2SN415WLG*O4reBzBB~dM6Q^}r7uC^H;Fl&s&sa|&0+m$tZaW9Ka#>|x|eyah(1 zpV$MAquCvu$Euz59}=+N4^6ACTB1lTV(9rDPimO3O6+37X^mM%TWE7NgiyEn{ZO>P zd=X4md=wOmSy%|=n`xLad!MK-Fye#%QTmV<{@@!KeVRTJN#|n7oLrG(;C#Vj5k(%u zB*Rp+A^K5{d|Ys#e>Q8_vQ_^5>QWDq>tVZe90yTb>HfVqrj(8TPoHmQa6OEo*U5iF z(WXNYXiu_~AQ(=)N8Pq!SL}cd6XfqR-t35w;k-!A8LAL%e2%JV^f_6Dw^ba*Z0lqk```h2ivS zkyLArF-r%dr{amqsVnA#VK1o}b7JZWVe&@Y{ASrZCRr!y;-jwfd(b>V5B@2c@JiExL_kZrJe{;F9ssu zBqRx{VeAs^<%8%et^I5yMR885=ar_)8RDrImUR}Xt{n+IGYilYNkn!FIXrhwer*(8 zcS4KzR$**Y>i1yR&Y1U(`HjoK==vRg&mDL;PS1zyN^qP@5BrYvlps|>aeu#LD6Fli zM5m2=e-oV^^qf@uCfDk^U;sD99nPKj%*YR&6XWDbayxC4*1nH<_jVz(QTvc!P#Tia zIbHhe*9O&;RR^)O_Cg(xKC`j*&t7Dl*g{QmE`;!GRU$%_DWWINg@K^_o|R|Y69d6z zq~tLzy=rr^(2A|U^;7I%{Dx2EvRrepTtdE7?8#Sxe6Xx~!{9XP% z)+*&!mq(vcnlA=6QchoB>EUF}9DLXvq)caNWi1ugVRh&_1I_(@H&D$86T=0x&vn1O zzIfpAee{BPpF9`(b6;0vjiQ5gQUk;ST{|cN&-Nbv8NQ9y@)Vmb5TfOr9Y25Ym z2g%t<*QFAJTC1qWDfw;RI2-6>t&E#XrTf^HwV1ql$)KLugre58%03`z_1Gehx0!LIhrKOH``kCEcs&vvf8{`5JzDJ)R?Oheqf z0=a`gBLw~Xzi4KbfvHS?*t(*?;ASUbIJS<(dlxlJ=SSmug-e58z*(U-P;<0X_w|OEQr=vi>GANNCIlA@MkK_<$hTx zJrhb&q$*s?L{?HOO4?+aNkn(oTUG9I!!q^pJi}8vpSHw;j7rbNZf_pyIdAc!#)(y2 z{A%)xC(2@(s}QF`C`2sx>0Po0!EtCLv&X_bA)TnZJ>tqEc>2?u3^#??IyfGWQA)_9 zgpI>IEJKXSlXa`I)pH9I13Xrq0!`|6F|&g#|~y|WK38N=OvY}u8Vcc2Qi{Z zrHC2h??~fE`ftYZnOm#W7`0rKU&NmGA{Lixx_0b~pjO1&ZDxjdv z-o=G~6IUjd*lcGu94of0XuFXBVDar>1_^OB+;0WTOZyZ*jDc~3oIB7y?k<2wL6N4# zMX*Ua=#tP1lD3A@S^3Tx@&1%;-`G3YS!+rZaw?2^c8+bcGm7(rY#9BgyAw==`vniB zrpiRy*bqH7rd>Xzo623;4g68G@c{!IwqoO@HhjZ(xbs^Z-&|_?HCpuD&;-Aw3m#A0 zc5-|;K3)D19DDV=cE<>r5qj+akYL@(VpjMOJtA&6u0btMy-MdhhLbAcT39j1TRXmg zfE!3t>>cB~3p<8$ts#r48UN#+VKmJpm?SycZ%uEnj+-YkPb6w@72Av!vVM!_?-J)* zHnkUboNw=UXrvb+Dv%%HX^hzf)Jpe6s#22h8<(}AxS;v-vp_bz|1IHu4_OSe8Jx;T z0=#yp;)s%(F^&lLthUq83+zS- zdshsVbig@OuN!VuxMx>N$3n>vfQDm zc?C2j*}m2%{6@>{upiDWtH4XvFMrpGftc?c{XL6!Fnq#=sZc6zZB!JeMtrQab&*f6 z9w+kRUiZ%=e?BHZ0doDgsjzZy($$wM{j7)B;XJ(rEd$*v5tD8BksVhN0)Hm*4I~o2 zT@!Y;5OiKvX`SK1k4ce>AK75mt{<;3`+j5Xv#U>65O}id{ zz?45K7q^_8-ECO!Bsfn_f@V6POqfYuq71*Nf@EIfhpVGf=7#RzJ<-t6;Mq&q!<)Hp z+8J5sNWg$i_hnkm)34EvcQ))NSn{s-!+&Bvo6F>I1_d7lixi0@q+jy_p6 zm5;f7F%9^MyD-fw7Z+Y%AWPmo97GSvmp_re^AqWmgg;rMbqL-(@(?B%|=-S z6zf6}Lh7E{CV>T5!!|bqKhBz>#dSlSd4oOOj}Kg&Ztz91@wT^UB?>wiY1X_ffoXK^ z)7M_bLl?oy`N$CpU*`k`bz_Ez(A^Gmt#KBj4znn4#C&fUvxP&75ng9#@@M1M%QDua z!tHehYJA=Y+jk3?PV{>7?Rnr)D+NqX@K#BVHW#|S#sElM?GkwdEc4yCPXha zN}ve{vhsb; z!+L!sa%l2eKDF9}y`c(a!oTFdyhh>B08d{j;Xu8Zqt96I_=<>7eAmAzN}5W%R!#aG zb#ta+BmOaUYC+LDexw||l(pC^|GigkEiH_OYYOLPVxJI&<_`O-3BTO7aC+il_d_om zo?6VR%+4%HS$q2|H9ZEK=K0M|Z62wOYrn_}S4BK$1Md2n)_2rh9&_OTA-riZUF!`P zU5RgZFhoPB6-EkJk?FhOOY-A_i@2xSF$QmSFilM^>AAlrJ^goQT<@luO>(Ra**|j7 ztdMOM*n2C2)a1oa@PAod8udg( zI2`2hyM*JYshP&FGW|sLm(}4YYp%vI#V3X7YmI@DqP)GIYReP-d6=l!F0cjQ6<$&y zoV}d>qw<_=6rIQQ`Ptj>?rU%FL{vq(&ZgehuP%>_$2SbIYT=(apElUSVQX8hb@{b( zE!(lJgXhot^Y^8QH>&VI{M-;CrbogPp0+F~AbvU*om~5a6?3NULmRg(3ZZJ5nrE%x zFVTXu(mZowhG_vlYd=$&16Py>mayq5Lu?wKn_3@F$q+bIcX8cjvr_lY)ai^RHA=GN z!iPES@yF)yn?B?od+-#mF)|D9KzQ$`hmQxfgXO4PjHe{BP$tT_x~@71dBNS{u9fz_ z@2k?^TyyNOp@EmgJnQj}ug>D(J*Pl|tk*x_`4?QS<;=cow(7lczM1*;P;oU`xrkuu z6}gT2_?~J~*^PCg26R;{H5JKG>EMvvqJJ;fn0pqZ%dAi9%v9O?YOf0Eo_w+r{iajK zD{|7zXJdY1{FFTP40wPKo1OpK^Sh#_u-*-ln!(aSsbMmQDK)^QxaON`!b@jp*w_9TMhfx+e;Ui(M6 zmr>iI(D#Bny%0#S3@+SQVBFRiNXg0NAeJKH`YTq5Ck#f8K=pl;jfrAB0m#DCNI>jV zo!6o_)qeNaXrWhV@#(iXzOtu+HwPdQZ(`ze+6I8AJdN`m@0)r*JZ#F-t7^yJ>ovP}=L@668?7%{LP{dH|7%Pl^HXJFNEHvrYK+sE7QYQF)sB z$nWl>6hVhHZ^X*c(f*drJA)L0?ZluaiWo*oDEC)_w?X<+vwq4Y$%HNO+Oe_>{{&i7QI;-48yBfJGup+%g6F6L>H zw^tcR0KkKF#qjWuKZY#BG^^bmEC9L&-8(vEw{x^hI>njK>6BVqrmeMyGYgEQ2-s)~ z+W+*c$kvsoE5@6tbXilM1I>GPHipxrFJ)Ifd`m**=<)mK1E<{8IbPep*iUVEs>ZYF z9pl5tZL%RZO!qM5*F;=%yr~z8Js^aj3BA?He!2GpukD1ONPvY_sdZe%^WyiVy{-he z@@S_40ExE;eKIj6Z+36%miLA_(RI@ePXHgY8PGC#89I9oFloT#bpI!L#qEqe=1mXq zFxawO0r1+&*}dQ{rDW0T0LCYP(TIr>SD98Z_;(SJL=j|(qzXnP+_w|(NBhAiq-OLws6DUX$>_3vA zIEU-N33qj0J-sAMJ!m5v$$MB`3r-Ej31r?>u-Ah}mz$ubOJ59jhQiaT?51mfgVyIa zK;9e+-QW@&$~UO9-&$0(I+W+BF=>Q<=qLasicXcoc-DJfg{#Nlt(I&y-i$8L+dDtG z-mHZ$5aR$0j;&vy9fCWqqYzuV;zz$9R!N}5X9a5*Hm)k@^1|z#s+?DznAO z=ptRQWBkyYH%ra#i`_THj+HD5^?z3`3k6IiQ5d-l!~~PmyN~v^0t4j>K37AcyiO00&h=a^|_$K*Wm;BsPUndjd*ZDxc8;wl{G0x)VP0L7IF z)qBYdFu9jcyL*4$0*zh?KWHwg5a2+aW%HVeC*huDgg4tP1zuqJo^g4;Xj8H6##L*2 z)F1N*qlM0>#akLW<6ZpQG!qI3jNb8>3k0SwZ974mfCY(!Rjk9F@4*V&+Wi%efA%Q) zB6w6v*4AKof8^vbQL@T zS#oRVk(X&kdJ!mQ65Atddl@ynz^&GrX2X*59MP-EVkCCe4dgwc=CM9y?QOnGz;5rR z6W1H3mDk>fyZqFE_q?XqlTAQ=t$e9`X64R*qn`!ss|2E|i9(UvI5pwlZ8cjZF`<`w z-PLXqo(evRqE(@lqE(r$CSK)~#PfeNNi6Ah&%t)z6JXM~Ej+x=_{L(<09UxS*Z!ud zlSa+N1&hRh7CMy)Ri2M}qQxCK{iy60Imjq4lGKPzt<+%?tD6D=B`^`4uZkf0rn0XH?a) zmE=BcW_7*CY-O>c$Io8Sxtc=dNVA?NVmgqb=;C z88^4Bvlj_I`BLJ5h=UMLbm@G8)P`qETb!n#x`syS`Fq}Imz45P@3?8tDY~psM5{m99_)5O+;f$;{4AnRYmfJQvP{|DZK9RB`)pbd^c3}Ug-B)<}Sv%q`A&&f$EA@ii3zxqGj C%J5$R literal 0 HcmV?d00001