From 3b63ec257deba6ccc8d43fa86f05c6a3f919f84c Mon Sep 17 00:00:00 2001 From: Craig Osterhout Date: Mon, 15 Dec 2025 08:08:27 -0800 Subject: [PATCH] dhi: introducing dhi free Signed-off-by: Craig Osterhout --- content/manuals/dhi/_index.md | 25 +- content/manuals/dhi/core-concepts/_index.md | 2 +- .../manuals/dhi/core-concepts/attestations.md | 48 ++- content/manuals/dhi/core-concepts/cves.md | 35 +- content/manuals/dhi/core-concepts/fips.md | 17 +- content/manuals/dhi/core-concepts/sbom.md | 8 +- .../manuals/dhi/core-concepts/signatures.md | 6 +- content/manuals/dhi/core-concepts/slsa.md | 7 +- content/manuals/dhi/core-concepts/stig.md | 27 +- content/manuals/dhi/core-concepts/vex.md | 22 +- .../manuals/dhi/{about => explore}/_index.md | 37 +- .../dhi/{about => explore}/available.md | 38 +- .../dhi/{about => explore}/build-process.md | 32 +- .../dhi/{about => explore}/feedback.md | 2 +- .../dhi/{about => explore}/responsibility.md | 21 +- .../manuals/dhi/{about => explore}/test.md | 8 +- .../manuals/dhi/{about => explore}/what.md | 0 content/manuals/dhi/features.md | 126 +++++++ content/manuals/dhi/features/_index.md | 43 --- content/manuals/dhi/features/flexible.md | 56 --- content/manuals/dhi/features/helm.md | 28 -- content/manuals/dhi/features/integration.md | 81 ----- content/manuals/dhi/features/patching.md | 53 --- content/manuals/dhi/features/secure.md | 48 --- content/manuals/dhi/features/support.md | 68 ---- content/manuals/dhi/get-started.md | 146 ++++---- content/manuals/dhi/how-to/_index.md | 8 +- content/manuals/dhi/how-to/compare.md | 20 +- content/manuals/dhi/how-to/customize.md | 130 ++++--- content/manuals/dhi/how-to/debug.md | 6 +- content/manuals/dhi/how-to/els.md | 62 ++++ content/manuals/dhi/how-to/explore.md | 19 +- content/manuals/dhi/how-to/helm.md | 290 +++------------ content/manuals/dhi/how-to/k8s.md | 14 +- content/manuals/dhi/how-to/manage.md | 25 +- content/manuals/dhi/how-to/migrate.md | 334 ------------------ content/manuals/dhi/how-to/mirror.md | 147 ++++---- content/manuals/dhi/how-to/policies.md | 23 +- content/manuals/dhi/how-to/scan.md | 45 ++- content/manuals/dhi/how-to/use.md | 135 +++++-- content/manuals/dhi/how-to/verify.md | 165 ++++++--- content/manuals/dhi/images/dhi-catalog.png | Bin 44508 -> 50797 bytes .../manuals/dhi/images/dhi-mirror-button.png | Bin 21038 -> 0 bytes .../manuals/dhi/images/dhi-python-mirror.png | Bin 71494 -> 0 bytes .../manuals/dhi/images/dhi-python-search.png | Bin 73219 -> 57633 bytes .../manuals/dhi/images/dhi-subscription.png | Bin 0 -> 42291 bytes content/manuals/dhi/migration/_index.md | 49 +++ content/manuals/dhi/migration/checklist.md | 21 ++ .../manuals/dhi/migration/examples/_index.md | 32 ++ content/manuals/dhi/migration/examples/go.md | 110 ++++++ .../manuals/dhi/migration/examples/node.md | 120 +++++++ .../manuals/dhi/migration/examples/python.md | 165 +++++++++ .../manuals/dhi/migration/migrate-from-doi.md | 110 ++++++ .../dhi/migration/migrate-from-wolfi.md | 91 +++++ .../manuals/dhi/migration/migrate-with-ai.md | 43 +++ data/summary.yaml | 8 +- layouts/partials/content-default.html | 2 +- layouts/shortcodes/summary-bar.html | 2 +- 58 files changed, 1740 insertions(+), 1420 deletions(-) rename content/manuals/dhi/{about => explore}/_index.md (58%) rename content/manuals/dhi/{about => explore}/available.md (71%) rename content/manuals/dhi/{about => explore}/build-process.md (84%) rename content/manuals/dhi/{about => explore}/feedback.md (97%) rename content/manuals/dhi/{about => explore}/responsibility.md (77%) rename content/manuals/dhi/{about => explore}/test.md (96%) rename content/manuals/dhi/{about => explore}/what.md (100%) create mode 100644 content/manuals/dhi/features.md delete mode 100644 content/manuals/dhi/features/_index.md delete mode 100644 content/manuals/dhi/features/flexible.md delete mode 100644 content/manuals/dhi/features/helm.md delete mode 100644 content/manuals/dhi/features/integration.md delete mode 100644 content/manuals/dhi/features/patching.md delete mode 100644 content/manuals/dhi/features/secure.md delete mode 100644 content/manuals/dhi/features/support.md create mode 100644 content/manuals/dhi/how-to/els.md delete mode 100644 content/manuals/dhi/how-to/migrate.md delete mode 100644 content/manuals/dhi/images/dhi-mirror-button.png delete mode 100644 content/manuals/dhi/images/dhi-python-mirror.png create mode 100644 content/manuals/dhi/images/dhi-subscription.png create mode 100644 content/manuals/dhi/migration/_index.md create mode 100644 content/manuals/dhi/migration/checklist.md create mode 100644 content/manuals/dhi/migration/examples/_index.md create mode 100644 content/manuals/dhi/migration/examples/go.md create mode 100644 content/manuals/dhi/migration/examples/node.md create mode 100644 content/manuals/dhi/migration/examples/python.md create mode 100644 content/manuals/dhi/migration/migrate-from-doi.md create mode 100644 content/manuals/dhi/migration/migrate-from-wolfi.md create mode 100644 content/manuals/dhi/migration/migrate-with-ai.md diff --git a/content/manuals/dhi/_index.md b/content/manuals/dhi/_index.md index 45cadeb1dc..28e7339b97 100644 --- a/content/manuals/dhi/_index.md +++ b/content/manuals/dhi/_index.md @@ -1,22 +1,22 @@ --- title: Docker Hardened Images description: Secure, minimal, and production-ready base images -weight: 13 +weight: 8 params: sidebar: + group: Products badge: color: green text: New - group: Products grid_sections: - title: Quickstart - description: Follow a step-by-step guide to explore, mirror, and run a Docker Hardened Image. + description: Follow a step-by-step guide to explore and run a Docker Hardened Image. icon: rocket_launch link: /dhi/get-started/ - - title: About + - title: Explore description: Learn what Docker Hardened Images are, how they're built, and what sets them apart from typical base images. icon: info - link: /dhi/about/ + link: /dhi/explore/ - title: Features description: Discover the security, compliance, and enterprise-readiness features built into Docker Hardened Images. icon: lock @@ -35,13 +35,18 @@ params: link: /dhi/troubleshoot/ --- -{{< summary-bar feature_name="Docker Hardened Images" >}} - -Docker Hardened Images (DHIs) are minimal, secure, and production-ready -container base and application images maintained by Docker. Designed to reduce -vulnerabilities and simplify compliance, DHIs integrate easily into your +Docker Hardened Images (DHI) are minimal, secure, and production-ready container +base and application images maintained by Docker. Designed to reduce +vulnerabilities and simplify compliance, DHI integrates easily into your existing Docker-based workflows with little to no retooling required. +DHI is available in two tiers: **DHI Free** provides core security features at +no cost, while **DHI Enterprise** adds SLA-backed support, compliance variants, +customization, and Extended Lifecycle Support for organizations with advanced +requirements. + +![DHI Subscription](./images/dhi-subscription.png) + Explore the sections below to get started with Docker Hardened Images, integrate them into your workflow, and learn what makes them secure and enterprise-ready. diff --git a/content/manuals/dhi/core-concepts/_index.md b/content/manuals/dhi/core-concepts/_index.md index faccba6105..2d02ecafc0 100644 --- a/content/manuals/dhi/core-concepts/_index.md +++ b/content/manuals/dhi/core-concepts/_index.md @@ -27,7 +27,7 @@ params: icon: verified link: /dhi/core-concepts/fips/ - title: STIG - description: Learn how Docker Hardened Images provide STIG-hardened container images with verifiable security scan attestations for government and enterprise compliance requirements. + description: Learn how Docker Hardened Images provide STIG-ready container images with verifiable security scan attestations for government and enterprise compliance requirements. icon: policy link: /dhi/core-concepts/stig/ - title: CIS Benchmarks diff --git a/content/manuals/dhi/core-concepts/attestations.md b/content/manuals/dhi/core-concepts/attestations.md index 0ab5582929..b7bc68203d 100644 --- a/content/manuals/dhi/core-concepts/attestations.md +++ b/content/manuals/dhi/core-concepts/attestations.md @@ -4,7 +4,7 @@ description: Review the full set of signed attestations included with each Docke keywords: container image attestations, signed sbom, build provenance, slsa compliance, vex document --- -Docker Hardened Images (DHIs) include comprehensive, signed security +Docker Hardened Images (DHIs) and charts include comprehensive, signed security attestations that verify the image's build process, contents, and security posture. These attestations are a core part of secure software supply chain practices and help users validate that an image is trustworthy and @@ -13,13 +13,13 @@ policy-compliant. ## What is an attestation? An attestation is a signed statement that provides verifiable information -about an image, such as how it was built, what's inside it, and what security +about an image or chart, such as how it was built, what's inside it, and what security checks it has passed. Attestations are typically signed using Sigstore tooling (such as Cosign), making them tamper-evident and cryptographically verifiable. Attestations follow standardized formats (like [in-toto](https://in-toto.io/), [CycloneDX](https://cyclonedx.org/), and [SLSA](https://slsa.dev/)) and are -attached to the image as OCI-compliant metadata. They can be generated +attached to the image or chart as OCI-compliant metadata. They can be generated automatically during image builds or added manually to document extra tests, scan results, or custom provenance. @@ -38,25 +38,25 @@ They are essential for meeting industry standards such as SLSA, and help teams reduce the risk of supply chain attacks by making build and security data transparent and verifiable. -## How Docker Hardened Images use attestations +## How Docker Hardened Images and charts use attestations -All DHIs are built using [SLSA Build Level +All DHIs and charts are built using [SLSA Build Level 3](https://slsa.dev/spec/latest/levels) practices, and each image variant is published with a full set of signed attestations. These attestations allow users to: -- Verify that the image was built from trusted sources in a secure environment +- Verify that the image or chart was built from trusted sources in a secure environment - View SBOMs in multiple formats to understand component-level details - Review scan results to check for vulnerabilities or embedded secrets - Confirm the build and deployment history of each image -Attestations are automatically published and associated with each mirrored DHI -in your Docker Hub organization. They can be inspected using tools like [Docker +Attestations are automatically published and associated with each DHI +and chart. They can be inspected using tools like [Docker Scout](../how-to/verify.md) or [Cosign](https://docs.sigstore.dev/cosign/overview), and are consumable by CI/CD tooling or security platforms. -## Available attestations +## Image attestations While every DHI variant includes a set of attestations, the attestations may vary based on the image variant. For example, some images may include a STIG @@ -82,10 +82,38 @@ details](../how-to/explore.md#view-image-variant-details) in Docker Hub. | SLSA verification summary | A summary attestation indicating the image's compliance with SLSA requirements. | `https://slsa.dev/verification_summary/v1` | | SPDX SBOM | An SBOM in [SPDX](https://spdx.dev/) format, widely adopted in open-source ecosystems. | `https://spdx.dev/Document` | | FIPS compliance | An attestation that verifies the image uses FIPS 140-validated cryptographic modules. | `https://docker.com/dhi/fips/v0.1` | +| DHI Image Sources | Links to a corresponding source image containing all materials used to build the image, including package source code, git repos, and local files, ensuring compliance with open source license requirements. | `https://docker.com/dhi/source/v0.1` | + +## Helm chart attestations + +Docker Hardened Image (DHI) charts also include comprehensive signed attestations +that provide transparency and verification for your Kubernetes deployments. Like +DHI container images, these charts are built following SLSA Build Level 3 +practices and include extensive security metadata. + +DHI Helm charts include the following attestations: + +| Attestation type | Description | Predicate type URI | +|----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------| +| CycloneDX SBOM | A software bill of materials in [CycloneDX](https://cyclonedx.org/) format, listing the chart itself and all container images and tools referenced by the chart. | `https://cyclonedx.org/bom/v1.6` | +| CVEs (In-Toto format) | A list of known vulnerabilities (CVEs) affecting the container images and components referenced by the chart. | `https://in-toto.io/attestation/vulns/v0.1` | +| Scout health score | A signed attestation from Docker Scout that summarizes the overall security and quality posture of the chart and its referenced images. | `https://scout.docker.com/health/v0.1` | +| Scout provenance | Provenance metadata generated by Docker Scout, including the chart source repository, build images used, and build parameters. | `https://scout.docker.com/provenance/v0.1` | +| Scout SBOM | An SBOM generated and signed by Docker Scout, including the chart and container images it references, with additional Docker-specific metadata. | `https://scout.docker.com/sbom/v0.1` | +| Secrets scan | Results of a scan for accidentally included secrets, such as credentials, tokens, or private keys, in the chart package. | `https://scout.docker.com/secrets/v0.1` | +| Tests | A record of automated tests run against the chart to validate functionality and compatibility with referenced images. | `https://scout.docker.com/tests/v0.1` | +| Virus scan | Results of antivirus scans performed on the chart package. | `https://scout.docker.com/virus/v0.1` | +| CVEs (Scout format) | A vulnerability report generated by Docker Scout, listing known CVEs and severity data for the chart's referenced images. | `https://scout.docker.com/vulnerabilities/v0.1` | +| SLSA provenance | A standard [SLSA](https://slsa.dev/) provenance statement describing how the chart was built, including build tool, source repository, referenced images, and build materials. | `https://slsa.dev/provenance/v0.2` | +| SPDX SBOM | An SBOM in [SPDX](https://spdx.dev/) format, listing the chart and all container images and tools it references. | `https://spdx.dev/Document` | + +For instructions on how to view and verify Helm chart attestations, see [Verify +Helm chart +attestations](../how-to/verify.md#verify-helm-chart-attestations-with-docker-scout). ## View and verify attestations -To view and verify attestations for an image, see [Verify a Docker Hardened +To view and verify attestations, see [Verify a Docker Hardened Image](../how-to/verify.md). ## Add your own attestations diff --git a/content/manuals/dhi/core-concepts/cves.md b/content/manuals/dhi/core-concepts/cves.md index de5e5238c4..dc5573a16d 100644 --- a/content/manuals/dhi/core-concepts/cves.md +++ b/content/manuals/dhi/core-concepts/cves.md @@ -70,7 +70,7 @@ To scan a Docker Hardened Image using Docker Scout, run the following command: ```console -$ docker scout cves /dhi-: +$ docker scout cves dhi.io/: --platform ``` Example output: @@ -94,11 +94,13 @@ advisories. #### Scan a DHI using Grype After installing Grype, you can scan a Docker Hardened Image by pulling -the image and running the scan command: +the image and running the scan command. Grype requires you to export the VEX +attestation to a file first: ```console -$ docker pull /dhi-: -$ grype /dhi-: +$ docker pull dhi.io/: +$ docker scout vex get dhi.io/: --output vex.json +$ grype dhi.io/: --vex vex.json ``` Example output: @@ -123,8 +125,8 @@ After installing Trivy, you can scan a Docker Hardened Image by pulling the image and running the scan command: ```console -$ docker pull /dhi-: -$ trivy image /dhi-: +$ docker pull dhi.io/: +$ trivy image --scanners vuln --vex repo dhi.io/: ``` Example output: @@ -135,7 +137,7 @@ Report Summary ┌──────────────────────────────────────────────────────────────────────────────┬────────────┬─────────────────┬─────────┐ │ Target │ Type │ Vulnerabilities │ Secrets │ ├──────────────────────────────────────────────────────────────────────────────┼────────────┼─────────────────┼─────────┤ -│ /dhi-: (debian 12.11) │ debian │ 66 │ - │ +│ dhi.io/: (debian 12.11) │ debian │ 66 │ - │ ├──────────────────────────────────────────────────────────────────────────────┼────────────┼─────────────────┼─────────┤ │ opt/python-3.13.4/lib/python3.13/site-packages/pip-25.1.1.dist-info/METADATA │ python-pkg │ 0 │ - │ └──────────────────────────────────────────────────────────────────────────────┴────────────┴─────────────────┴─────────┘ @@ -147,13 +149,13 @@ Docker Hardened Images include signed [VEX (Vulnerability Exploitability eXchange)](./vex.md) attestations that identify vulnerabilities not relevant to the image’s runtime behavior. -When using Docker Scout, these VEX statements are automatically applied and no -manual configuration needed. +When using Docker Scout or Trivy, these VEX statements are automatically +applied using the previous examples, and no manual configuration needed. To manually retrieve the VEX attestation for tools that support it: ```console -$ docker scout vex get /dhi-: --output vex.json +$ docker scout vex get dhi.io/: --output vex.json ``` > [!NOTE] @@ -162,20 +164,13 @@ $ docker scout vex get /dhi-: --output vex.json > CLI](https://github.com/docker/scout-cli/) version 1.18.3 or later. > > If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use -> `registry://docs/dhi-python:3.13` instead of `docs/dhi-python:3.13`. +> `registry://dhi.io/python:3.13` instead of `dhi.io/python:3.13`. For example: ```console -$ docker scout vex get docs/dhi-python:3.13 --output vex.json +$ docker scout vex get dhi.io/python:3.13 --output vex.json ``` This creates a `vex.json` file containing the VEX statements for the specified -image. You can then use this file with tools that support VEX to filter out known non-exploitable CVEs. - -For example, with Grype and Trivy, you can use the `--vex` flag to apply the VEX -statements during the scan: - -```console -$ grype /dhi-: --vex vex.json -``` \ No newline at end of file +image. You can then use this file with tools that support VEX to filter out known non-exploitable CVEs. \ No newline at end of file diff --git a/content/manuals/dhi/core-concepts/fips.md b/content/manuals/dhi/core-concepts/fips.md index e81aa74de3..fba47e5247 100644 --- a/content/manuals/dhi/core-concepts/fips.md +++ b/content/manuals/dhi/core-concepts/fips.md @@ -1,9 +1,12 @@ --- -title: FIPS +title: 'FIPS DHI Enterprise' +linkTitle: FIPS description: Learn how Docker Hardened Images support FIPS 140 through validated cryptographic modules to help organizations meet compliance requirements. keywords: docker fips, fips 140 images, fips docker images, docker compliance, secure container images --- +{{< summary-bar feature_name="Docker Hardened Images" >}} + ## What is FIPS 140? [FIPS 140](https://csrc.nist.gov/publications/detail/fips/140/3/final) is a U.S. @@ -35,6 +38,9 @@ Using software components that rely on validated cryptographic modules can help ## How Docker Hardened Images support FIPS compliance +While Docker Hardened Images are available to all, the FIPS variant requires a +Docker Hardened Images Enterprise subscription. + Docker Hardened Images (DHIs) include variants that use cryptographic modules validated under FIPS 140. These images are intended to help organizations meet compliance requirements by incorporating components that meet the standard. @@ -67,6 +73,11 @@ These indicators help you quickly locate repositories that support FIPS-based compliance needs. Image variants that include FIPS support will have a tag ending with `-fips`, such as `3.13-fips`. +## Use a FIPS variant + +To use a FIPS variant, you must [mirror](../how-to/mirror.md) the repository +and then pull the FIPS image from your mirrored repository. + ## View the FIPS attestation The FIPS variants of Docker Hardened Images contain a FIPS attestation that @@ -78,7 +89,7 @@ You can retrieve and inspect the FIPS attestation using the Docker Scout CLI: $ docker scout attest get \ --predicate-type https://docker.com/dhi/fips/v0.1 \ --predicate \ - /dhi-: + dhi.io/: ``` For example: @@ -87,7 +98,7 @@ For example: $ docker scout attest get \ --predicate-type https://docker.com/dhi/fips/v0.1 \ --predicate \ - docs/dhi-python:3.13-fips + dhi.io/python:3.13-fips ``` The attestation output is a JSON array describing the cryptographic modules diff --git a/content/manuals/dhi/core-concepts/sbom.md b/content/manuals/dhi/core-concepts/sbom.md index 00f6b7536f..06dc2b67a3 100644 --- a/content/manuals/dhi/core-concepts/sbom.md +++ b/content/manuals/dhi/core-concepts/sbom.md @@ -62,7 +62,7 @@ To view the SBOM of a Docker Hardened Image, you can use the `docker scout sbom` command. Replace `:` with the image name and tag. ```console -$ docker scout sbom : +$ docker scout sbom dhi.io/: ``` ## Verify the SBOM of a Docker Hardened Image @@ -75,14 +75,14 @@ are trustworthy. To verify the SBOM of a Docker Hardened Image using Docker Scout, use the following command: ```console -$ docker scout attest get : \ +$ docker scout attest get dhi.io/: \ --predicate-type https://scout.docker.com/sbom/v0.1 --verify --platform ``` -For example, to verify the SBOM attestation for the `dhi/node:20.19-debian12-fips-20250701182639` image: +For example, to verify the SBOM attestation for the `node:20.19-debian12` image: ```console -$ docker scout attest get docs/dhi-node:20.19-debian12-fips-20250701182639 \ +$ docker scout attest get dhi.io/node:20.19-debian12 \ --predicate-type https://scout.docker.com/sbom/v0.1 --verify --platform linux/amd64 ``` diff --git a/content/manuals/dhi/core-concepts/signatures.md b/content/manuals/dhi/core-concepts/signatures.md index 4396131837..6922f3507c 100644 --- a/content/manuals/dhi/core-concepts/signatures.md +++ b/content/manuals/dhi/core-concepts/signatures.md @@ -62,7 +62,7 @@ $ docker scout attest list : > [!NOTE] > > If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use -> `registry://docs/dhi-python` instead of `docs/dhi-python`. +> `registry://dhi.io/python` instead of `dhi.io/python`. To verify a specific signed attestation (e.g., SBOM, VEX, provenance): @@ -76,7 +76,7 @@ $ docker scout attest get \ > [!NOTE] > > If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use -> `registry://docs/dhi-python:3.13` instead of `docs/dhi-python:3.13`. +> `registry://dhi.io/python:3.13` instead of `dhi.io/python:3.13`. For example: @@ -84,7 +84,7 @@ For example: $ docker scout attest get \ --predicate-type https://openvex.dev/ns/v0.2.0 \ --verify \ - docs/dhi-python:3.13 + dhi.io/python:3.13 ``` If valid, Docker Scout will confirm the signature and display signature payload, as well as the equivalent Cosign command to verify the image. diff --git a/content/manuals/dhi/core-concepts/slsa.md b/content/manuals/dhi/core-concepts/slsa.md index 7178a368a0..1e02b4c135 100644 --- a/content/manuals/dhi/core-concepts/slsa.md +++ b/content/manuals/dhi/core-concepts/slsa.md @@ -86,7 +86,7 @@ demonstrate adherence to SLSA Build Level 3 standards. To get and verify SLSA provenance for a DHI, you can use Docker Scout. ```console -$ docker scout attest get /dhi-: \ +$ docker scout attest get dhi.io/: \ --predicate-type https://slsa.dev/provenance/v0.2 \ --verify ``` @@ -94,11 +94,12 @@ $ docker scout attest get /dhi-: \ For example: ```console -$ docker scout attest get docs/dhi-node:20.19-debian12-fips-20250701182639 \ +$ docker scout attest get dhi.io/node:20.19-debian12 \ --predicate-type https://slsa.dev/provenance/v0.2 \ --verify ``` ## Resources -For more details about SLSA definitions and Docker Build, see [SLSA definitions](/build/metadata/attestations/slsa-definitions/). \ No newline at end of file +For more details about SLSA definitions and Docker Build, see [SLSA +definitions](/build/metadata/attestations/slsa-definitions/). \ No newline at end of file diff --git a/content/manuals/dhi/core-concepts/stig.md b/content/manuals/dhi/core-concepts/stig.md index 6223a203f9..fac4e90ed6 100644 --- a/content/manuals/dhi/core-concepts/stig.md +++ b/content/manuals/dhi/core-concepts/stig.md @@ -1,9 +1,12 @@ --- -title: STIG -description: Learn how Docker Hardened Images provide STIG-hardened container images with verifiable security scan attestations for government and enterprise compliance requirements. -keywords: docker stig, stig-hardened images, stig guidance, openscap docker, secure container images +title: 'STIG DHI Enterprise' +linkTitle: STIG +description: Learn how Docker Hardened Images provide STIG-ready container images with verifiable security scan attestations for government and enterprise compliance requirements. +keywords: docker stig, stig-ready images, stig guidance, openscap docker, secure container images --- +{{< summary-bar feature_name="Docker Hardened Images" >}} + ## What is STIG? [Security Technical Implementation Guides @@ -41,6 +44,9 @@ Docker Hardened Images (DHIs) include STIG variants that are scanned against custom STIG-based profiles and include signed STIG scan attestations. These attestations can support audits and compliance reporting. +While Docker Hardened Images are available to all, the STIG variant requires a +Docker subscription. + Docker creates custom STIG-based profiles for images based on the GPOS SRG and DoD Container Hardening Process Guide. Because DISA has not published a STIG specifically for containers, these profiles help apply STIG-like guidance to @@ -61,10 +67,15 @@ images](../how-to/explore.md) and: To find a STIG image variant within a repository, go to the **Tags** tab in the repository, and find images labeled with **STIG** in the **Compliance** column. +## Use a STIG variant + +To use a STIG variant, you must [mirror](../how-to/mirror.md) the repository +and then pull the STIG image from your mirrored repository. + ## View and verify STIG scan results Docker provides a signed [STIG scan -attestation](../core-concepts/attestations.md) for each STIG-hardened image. +attestation](../core-concepts/attestations.md) for each STIG-ready image. These attestations include: - A summary of the scan results, including the number of passed, failed, and not @@ -81,7 +92,7 @@ $ docker scout attest get \ --predicate-type https://docker.com/dhi/stig/v0.1 \ --verify \ --predicate \ - /dhi-: + dhi.io/: ``` ### Extract HTML report @@ -89,7 +100,7 @@ $ docker scout attest get \ To extract and view the human-readable HTML report: ```console -$ docker scout attest get /dhi-: \ +$ docker scout attest get dhi.io/: \ --predicate-type https://docker.com/dhi/stig/v0.1 \ --verify \ --predicate \ @@ -101,7 +112,7 @@ $ docker scout attest get /dhi-: \ To extract the XML (XCCDF) report for integration with other tools: ```console -$ docker scout attest get /dhi-: \ +$ docker scout attest get dhi.io/: \ --predicate-type https://docker.com/dhi/stig/v0.1 \ --verify \ --predicate \ @@ -113,7 +124,7 @@ $ docker scout attest get /dhi-: \ To view just the scan summary without the full reports: ```console -$ docker scout attest get /dhi-: \ +$ docker scout attest get dhi.io/: \ --predicate-type https://docker.com/dhi/stig/v0.1 \ --verify \ --predicate \ diff --git a/content/manuals/dhi/core-concepts/vex.md b/content/manuals/dhi/core-concepts/vex.md index 8517806d9f..df7189486d 100644 --- a/content/manuals/dhi/core-concepts/vex.md +++ b/content/manuals/dhi/core-concepts/vex.md @@ -57,8 +57,11 @@ vulnerability management. ## Use VEX to filter known non-exploitable CVEs -When using Docker Scout, VEX statements are automatically applied and no -manual configuration is needed. +When using Docker Scout or Trivy, VEX statements are automatically applied as +shown in the examples in [Common Vulnerabilities and Exposures (CVEs)](./cves.md). + +For Grype, you need to export the VEX attestation to a file first before +scanning, as shown in the [Grype scanning example](./cves.md#scan-a-dhi-using-grype). > [!NOTE] > @@ -70,7 +73,7 @@ manual configuration is needed. To manually retrieve the VEX attestation for tools that support it: ```console -$ docker scout vex get /dhi-: --output vex.json +$ docker scout vex get dhi.io/: --output vex.json ``` > [!NOTE] @@ -79,21 +82,14 @@ $ docker scout vex get /dhi-: --output vex.json > CLI](https://github.com/docker/scout-cli/) version 1.18.3 or later. > > If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use -> `registry://docs/dhi-python:3.13` instead of `docs/dhi-python:3.13`. +> `registry://dhi.io/python:3.13` instead of `dhi.io/python:3.13`. For example: ```console -$ docker scout vex get docs/dhi-python:3.13 --output vex.json +$ docker scout vex get dhi.io/python:3.13 --output vex.json ``` This creates a `vex.json` file containing the VEX statements for the specified image. You can then use this file with tools that support VEX to filter out -known non-exploitable CVEs. - -For example, with Grype and Trivy, you can use the `--vex` flag to apply the VEX -statements during the scan: - -```console -$ grype /dhi-: --vex vex.json -``` \ No newline at end of file +known non-exploitable CVEs. \ No newline at end of file diff --git a/content/manuals/dhi/about/_index.md b/content/manuals/dhi/explore/_index.md similarity index 58% rename from content/manuals/dhi/about/_index.md rename to content/manuals/dhi/explore/_index.md index 6d15154814..1f81916cb6 100644 --- a/content/manuals/dhi/about/_index.md +++ b/content/manuals/dhi/explore/_index.md @@ -1,42 +1,47 @@ --- -title: About +linktitle: Explore +title: Explore Docker Hardened Images description: Learn about Docker Hardened Images, their purpose, how they are built and tested, and the shared responsibility model for security. -weight: 5 +weight: 10 params: grid_about: - title: What are hardened images and why use them? description: Learn what a hardened image is, how Docker Hardened Images are built, what sets them apart from typical base and application images, and why you should use them. icon: info - link: /dhi/about/what/ + link: /dhi/explore/what/ - title: Build process description: Learn how Docker builds, tests, and maintains Docker Hardened Images through an automated, security-focused pipeline. icon: build - link: /dhi/about/build-process/ + link: /dhi/explore/build-process/ - title: Image testing description: See how Docker Hardened Images are automatically tested for standards compliance, functionality, and security. icon: science - link: /dhi/about/test/ + link: /dhi/explore/test/ - title: Responsibility overview description: Understand Docker's role and your responsibilities when using Docker Hardened Images as part of your secure software supply chain. icon: group - link: /dhi/about/responsibility/ + link: /dhi/explore/responsibility/ - title: Image types description: Learn about the different image types, distributions, and variants offered in the Docker Hardened Images catalog. icon: view_module - link: /dhi/about/available/ - - title: Questions, bugs, or feedback + link: /dhi/explore/available/ + - title: Give feedback icon: question_exchange - description: Docker welcomes all contributions and feedback — whether it’s a bug report, feature suggestion, or security concern. - link: /dhi/about/feedback + description: Docker welcomes all contributions and feedback. + link: /dhi/explore/feedback --- -Docker Hardened Images (DHIs) are purpose-built for security, compliance, and -reliability in modern software supply chains. This section explains what makes -these images different from standard base and application images, how they're -built and tested, and how Docker and users share responsibility in securing -containerized workloads. +Docker Hardened Images (DHI) are minimal, secure, and production-ready container +base and application images maintained by Docker. Designed to reduce +vulnerabilities and simplify compliance, DHI integrates easily into your +existing Docker-based workflows with little to no retooling required. -## Learn about Docker Hardened Images +This section helps you understand what Docker Hardened Images are, how they're +built and tested, the different types available, and how responsibility is +shared between Docker and you as a user. For a complete list of DHI features and +capabilities, see [Features](/dhi/features/). + +## Learn more about Docker Hardened Images {{< grid items="grid_about" diff --git a/content/manuals/dhi/about/available.md b/content/manuals/dhi/explore/available.md similarity index 71% rename from content/manuals/dhi/about/available.md rename to content/manuals/dhi/explore/available.md index 192c675f50..3de2316355 100644 --- a/content/manuals/dhi/about/available.md +++ b/content/manuals/dhi/explore/available.md @@ -23,7 +23,7 @@ For example, you might find repositories like the following in the DHI catalog: - `python`: framework for Python applications - `nginx`: web server image -## Compatibility options +## Base image distributions Docker Hardened Images are available in different base image options, giving you flexibility to choose the best match for your environment and workload @@ -74,7 +74,9 @@ For example, you might find tags like the following in a DHI repository: - `3.9.23-debian12`: runtime image for Python 3.9.23 - `3.9.23-debian12-dev`: development image for Python 3.9.23 -## FIPS variants +## FIPs and STIG variants {{< badge color="blue" text="DHI Enterprise" >}} + +{{< summary-bar feature_name="Docker Hardened Images" >}} Some Docker Hardened Images include a `-fips` variant. These variants use cryptographic modules that have been validated under [FIPS @@ -94,3 +96,35 @@ For example: FIPS variants can be used in the same way as any other Docker Hardened Image and are ideal for teams operating in regulated industries or under compliance frameworks that require cryptographic validation. + +In addition to FIPS variants, some Docker Hardened Images also include +STIG-ready variants. These images are scanned against custom STIG-based +profiles and come with signed STIG scan attestations to support audits and +compliance reporting. To identify STIG-ready variants, look for the **STIG** +in the **Compliance** column of the image tags list in the Docker Hub catalog. + +## Compatibility variants + +Some Docker Hardened Images include a compatiability variant. These variants +provide additional tools and configurations for specific use cases without +bloating the minimal base images. + +Compatibility variants are created to support: + +- Helm chart compatibility: Applications deployed via Helm charts and + Kubernetes that require specific runtime configurations or utilities for + seamless integration with popular Helm charts. + +- Special application use-cases: Applications that need optional tools not + included in the minimal image. + +By offering these as separate image flavors, DHI ensures that the minimal images +remain lean and secure, while providing the tools you need in dedicated +variants. This approach maintains a minimal attack surface for standard +deployments while supporting specialized requirements when needed. + +You can recognize compatibility variants by their tag that includes `-compat`. + +Use compatibility variants when your deployment requires additional tools beyond +the minimal runtime, such as when using Helm charts or applications with +specific tooling requirements. \ No newline at end of file diff --git a/content/manuals/dhi/about/build-process.md b/content/manuals/dhi/explore/build-process.md similarity index 84% rename from content/manuals/dhi/about/build-process.md rename to content/manuals/dhi/explore/build-process.md index e3fd049211..30f1006a10 100644 --- a/content/manuals/dhi/about/build-process.md +++ b/content/manuals/dhi/explore/build-process.md @@ -8,8 +8,13 @@ weight: 15 Docker Hardened Images are built through an automated pipeline that monitors upstream sources, applies security updates, and publishes signed artifacts. -This page explains the build process for both DHI images and customized -images built from them. +This page explains the build process for both base DHI images and DHI Enterprise +customized images. + +With a DHI Enterprise subscription, the automated security update pipeline for +both base and customized images is backed by SLA commitments, including a 7-day +SLA for critical and high severity vulnerabilities. Only DHI Enterprise includes +SLAs. DHI Free offers a secure baseline but no guaranteed remediation timelines. ## Build triggers @@ -46,14 +51,17 @@ dependencies. When a package update is detected (for example, a security patch for a library), Docker automatically identifies and rebuilds all images within the support window that use that package. -### Customization changes +### Customization changes {{< badge color="blue" text="DHI Enterprise" >}} + +{{< summary-bar feature_name="Docker Hardened Images" >}} Updates to your OCI artifact customizations trigger rebuilds of your customized images. -When you customize a DHI image, your changes are packaged as OCI artifacts that -layer on top of the base image. Docker monitors your artifact repositories and -automatically rebuilds your customized images whenever you push updates. +When you customize a DHI image with DHI Enterprise, your changes are packaged as +OCI artifacts that layer on top of the base image. Docker monitors your artifact +repositories and automatically rebuilds your customized images whenever you push +updates. The rebuild process fetches the current base image, applies your OCI artifacts, signs the result, and publishes it automatically. You don't need to manage @@ -99,8 +107,10 @@ Each Docker Hardened Image is built through an automated pipeline: Docker responds quickly to critical vulnerabilities. By building essential components from source rather than waiting for packaged updates, Docker can -patch Critical and High-severity CVEs within days of upstream fixes and publish -updated images with new attestations. +patch critical and high severity CVEs within days of upstream fixes and publish +updated images with new attestations. For DHI Enterprise subscriptions, this +rapid response is backed by a 7-day SLA for critical and high severity +vulnerabilities. The following diagram shows the base image build flow: @@ -117,9 +127,11 @@ The following diagram shows the base image build flow: '-------------------' '-------------------' '-------------------' '-------------------' ``` -### Customized image pipeline +### Customized image pipeline {{< badge color="blue" text="DHI Enterprise" >}} -When you customize a DHI image, the build process is simplified: +{{< summary-bar feature_name="Docker Hardened Images" >}} + +When you customize a DHI image with DHI Enterprise, the build process is simplified: 1. Monitoring: Docker monitors your OCI artifact repositories for changes. 2. Rebuild trigger: When you push updates to your OCI artifacts, or when the base diff --git a/content/manuals/dhi/about/feedback.md b/content/manuals/dhi/explore/feedback.md similarity index 97% rename from content/manuals/dhi/about/feedback.md rename to content/manuals/dhi/explore/feedback.md index 6851f324fc..52bc9fbb6c 100644 --- a/content/manuals/dhi/about/feedback.md +++ b/content/manuals/dhi/explore/feedback.md @@ -1,5 +1,5 @@ --- -title: Questions, bugs, or feedback +title: Give feedback linkTitle: Feedback description: How to interact with the DHI team keywords: software supply chain security, feedback, bugs, discussion, questions diff --git a/content/manuals/dhi/about/responsibility.md b/content/manuals/dhi/explore/responsibility.md similarity index 77% rename from content/manuals/dhi/about/responsibility.md rename to content/manuals/dhi/explore/responsibility.md index eebc269422..eee67186ae 100644 --- a/content/manuals/dhi/about/responsibility.md +++ b/content/manuals/dhi/explore/responsibility.md @@ -35,9 +35,10 @@ securely. - Upstream: Maintains and updates the source code for each component, including fixing vulnerabilities in libraries and dependencies. -- Docker: Rebuilds and re-releases images with upstream patches applied. - Docker also monitors for vulnerabilities and rapidly publishes updates to - affected images. +- Docker: Rebuilds and re-releases images with upstream patches applied. Docker + monitors for vulnerabilities and publishes updates to affected images. Only + DHI Enterprise includes SLAs. DHI Free offers a secure baseline but no + guaranteed remediation timelines. - You: Apply DHI updates in your environments and patch any software or dependencies you install on top of the base image. @@ -55,9 +56,23 @@ securely. - Docker: Publishes signed SBOMs, VEX documents, provenance data, and CVE scan results with each image to support compliance and supply chain security. + - For free DHI users: All security metadata and transparency features are + included at no cost. + - For DHI Enterprise users: Additional compliance variants (like FIPS and + STIG) and customization capabilities are available, with automatic rebuilds + when base images are patched. - You: Integrate DHIs into your security and compliance workflows, including vulnerability management and auditing. +## Support + +- Docker: + - For free DHI users: Community support and public documentation are available. + - For DHI Enterprise users: Access to Docker's enterprise support team for + mission-critical applications. +- You: Monitor Docker's release notes, security advisories, and documentation + for updates and best practices. + ## Summary Docker Hardened Images give you a secure foundation, complete with signed diff --git a/content/manuals/dhi/about/test.md b/content/manuals/dhi/explore/test.md similarity index 96% rename from content/manuals/dhi/about/test.md rename to content/manuals/dhi/explore/test.md index 4e86bef607..3705639e6b 100644 --- a/content/manuals/dhi/about/test.md +++ b/content/manuals/dhi/explore/test.md @@ -78,13 +78,13 @@ You can view and verify this attestation using the Docker Scout CLI. $ docker scout attest get \ --predicate-type https://scout.docker.com/tests/v0.1 \ --predicate \ - /dhi-: + dhi.io/: ``` > [!NOTE] > > If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use - > `registry://docs/dhi-python` instead of `docs/dhi-python`. + > `registry://dhi.io/python` instead of `dhi.io/python`. For example: @@ -92,7 +92,7 @@ You can view and verify this attestation using the Docker Scout CLI. $ docker scout attest get \ --predicate-type https://scout.docker.com/tests/v0.1 \ --predicate \ - docs/dhi-python:3.13 + dhi.io/python:3.13 ``` This contains a list of tests and their results. @@ -125,7 +125,7 @@ You can view and verify this attestation using the Docker Scout CLI. docker scout attest get \ --predicate-type https://scout.docker.com/tests/v0.1 \ --verify \ - /dhi-: --platform + dhi.io/: --platform ``` Example output: diff --git a/content/manuals/dhi/about/what.md b/content/manuals/dhi/explore/what.md similarity index 100% rename from content/manuals/dhi/about/what.md rename to content/manuals/dhi/explore/what.md diff --git a/content/manuals/dhi/features.md b/content/manuals/dhi/features.md new file mode 100644 index 0000000000..a63194d58e --- /dev/null +++ b/content/manuals/dhi/features.md @@ -0,0 +1,126 @@ +--- +title: Docker Hardened Images features +linktitle: Features +description: Docker Hardened Images provide total transparency, minimal attack surface, and enterprise-grade security for every application—free and open source. +weight: 5 +aliases: + - /dhi/features/ + - /dhi/features/secure/ + - /dhi/features/integration/ + - /dhi/features/support/ + - /dhi/features/patching/ + - /dhi/features/flexible/ + - /dhi/features/helm/ +--- + +Docker Hardened Images (DHI) are minimal, secure, and production-ready container +base and application images maintained by Docker. Designed to reduce +vulnerabilities and simplify compliance, DHI integrates easily into your +existing Docker-based workflows with little to no retooling required. + +DHI provides security for everyone: + +- [DHI Free](#dhi-free-features) provides core security features available to + everyone with no licensing restrictions under Apache 2.0 +- [DHI Enterprise subscription + features](#docker-hardened-image-enterprise-subscription-features) add + SLA-backed security updates, compliance variants (like FIPS and STIG), image + customization, and optional Extended Lifecycle Support (ELS) for post-EOL + coverage + +## DHI Free features + +DHI's core features are open and free to use, share, and build on with no +licensing surprises, backed by an Apache 2.0 license. + +### Security by default + +- Near-zero CVEs: Continuously scanned and patched to maintain minimal known + exploitable vulnerabilities, with no SLA-backed time commitments for non-DHI + Enterprise users +- Minimal attack surface: Distroless variants reduce attack surface by up to 95% by removing unnecessary components +- Non-root execution: Run as non-root by default, following the principle of least privilege +- Transparent vulnerability reporting: Every CVE is visible and assessed using public data—no suppressed feeds or proprietary scoring + +### Total transparency + +Every image includes complete, verifiable security metadata: + +- SLSA Build Level 3 provenance: Verifiable, tamper-resistant builds that meet supply chain security standards +- Signed SBOMs: Complete Software Bill of Materials for every component +- VEX statements: Vulnerability Exploitability eXchange documents provide context about known CVEs +- Cryptographic signatures: All images and metadata are signed for authenticity + +### Built for developers + +- Familiar foundations: Built on Alpine and Debian, requiring minimal changes to adopt +- glibc and musl support: Available in both variants for broad application compatibility +- Development and runtime variants: Use dev images for building, minimal runtime images for production +- Drop-in compatibility: Works seamlessly with existing Docker workflows, CI/CD pipelines, and tools + +### Continuous maintenance + +- Automatic patching: Images are rebuilt and updated when upstream security + patches become available, with no SLA-backed time commitments for non-DHI + Enterprise users +- Scanner integration: Direct integration with scanners and other security platforms + +### Kubernetes and Helm chart support + +Docker Hardened Image (DHI) charts are Docker-provided Helm charts built from +upstream sources, designed for compatibility with Docker Hardened Images. These +charts are available as OCI artifacts within the DHI catalog on Docker Hub. DHI +charts are robustly tested after building to ensure they work out-of-the-box +with Docker Hardened Images. This removes friction in migration and reduces +developer workload in implementing the charts, ensuring seamless compatibility. + +Like the hardened images, DHI charts incorporate multiple layers of security +metadata to ensure transparency and trust: + +- SLSA Level 3 compliance: Each chart is built with Docker's SLSA Build Level 3 + system, including a detailed build provenance, and meeting the standards set + by the Supply-chain Levels for Software Artifacts (SLSA) framework. +- Software Bill of Materials (SBOMs): Comprehensive SBOMs are provided, + detailing all components referenced within the chart to facilitate + vulnerability management and compliance audits. +- Cryptographic signing: All associated metadata is cryptographically signed by + Docker, ensuring integrity and authenticity. +- Hardened configuration: Charts automatically reference Docker hardened images, + ensuring security in deployments. + +## Docker Hardened Image Enterprise subscription features + +For organizations with strict security requirements, regulatory demands, or +operational needs, DHI Enterprise delivers additional capabilities. + +### Compliance variants {{< badge color="blue" text="DHI Enterprise" >}} + +- FIPS-enabled images: For regulated industries and government systems +- STIG-ready images: Meet DoD Security Technical Implementation Guide requirements + +### SLA-backed security {{< badge color="blue" text="DHI Enterprise" >}} + +- CVE remediation SLA: 7-day SLA for critical and high severity vulnerabilities, + with SLA commitments for other severity levels +- ELS CVE remediation SLA: Extended Lifecycle Support images have SLA commitments + for CVE remediation, even after upstream end-of-life +- Enterprise support: Access to Docker's support team for mission-critical applications + +### Customization and control {{< badge color="blue" text="DHI Enterprise" >}} + +- Build custom images: Add your own packages, tools, certificates, and configurations +- Secure build infrastructure: Customizations built on Docker's trusted infrastructure +- Full chain of trust: Customized images maintain provenance and cryptographic signing +- Automatic updates: Custom images are automatically rebuilt when base images are patched + +### Extended Lifecycle Support {{< badge color="blue" text="DHI Enterprise add-on" >}} + +- Post-EOL security coverage: Continue receiving patches for years after upstream support ends +- Continuous compliance: Updated SBOMs, provenance, and signing for audit requirements +- Production continuity: Keep production running securely without forced migrations + +## Learn more + +- [Explore how DHI images are built and more](/dhi/explore/) +- [Get started using DHIs](/dhi/get-started/) +- [Contact Docker for DHI Enterprise](https://www.docker.com/pricing/contact-sales/) diff --git a/content/manuals/dhi/features/_index.md b/content/manuals/dhi/features/_index.md deleted file mode 100644 index 07e5d26bce..0000000000 --- a/content/manuals/dhi/features/_index.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Features -description: Explore the core features of Docker Hardened Images, including hardened defaults, secure metadata, and ecosystem compatibility. -weight: 10 -params: - grid_features: - - title: Hardened, secure images - description: Learn how Docker Hardened Images reduce vulnerabilities, enforce non-root execution, and include SLSA-compliant metadata for supply chain security. - icon: lock - link: /dhi/features/secure/ - - title: Seamless integration - description: See how Docker Hardened Images integrate with CI/CD pipelines, vulnerability scanners, and container registries across your toolchain. - icon: hub - link: /dhi/features/integration/ - - title: Enterprise support - description: Learn about enterprise support and SLA-driven updates. - icon: settings - link: /dhi/features/support/ - - title: Continuous patching and secure maintenance - description: Learn how Docker Hardened Images are continuously updated with security patches, ensuring your images remain secure over time. - icon: dashboard - link: /dhi/features/patching/ - - title: Flexible, repository-based pricing - description: Learn how Docker Hardened Images offer repository-based flexibility with no per-image or per-pull limitations. - icon: wallet - link: /dhi/features/flexible/ - - title: Docker Hardened Image charts - description: Learn about Docker Hardened Image charts. - icon: leaderboard - link: /dhi/features/helm/ ---- - -Docker Hardened Images (DHIs) go beyond minimal base and application images by -incorporating hardened defaults, signed metadata, and broad ecosystem -compatibility. Whether you're securing a single service or rolling out -compliance controls at scale, this section covers the key features that make -DHIs production-ready. - -## Explore core features - -{{< grid - items="grid_features" ->}} \ No newline at end of file diff --git a/content/manuals/dhi/features/flexible.md b/content/manuals/dhi/features/flexible.md deleted file mode 100644 index cfa7d680a3..0000000000 --- a/content/manuals/dhi/features/flexible.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Flexibility through pricing and customization -linktitle: Flexibility -description: Learn how Docker Hardened Images give you control over costs and image behavior through repository-based pricing and secure customization. -keywords: docker hardened images pricing, per repo billing, flexible pricing model, mirror image pricing, container pricing model, customize hardened image ---- - -Docker Hardened Images are designed not only for security and compliance, but -also for operational and financial efficiency. With a model that charges per -repository and tooling that lets you customize images securely, you gain both -cost control and configuration flexibility. - -## Repository mirroring on your terms - -With Docker Hardened Images, you mirror entire repositories, each giving you -access to all supported tags, variants, and versions. You can choose which -repositories to mirror based on your needs. - -This flexibility allows your organization to adapt as projects evolve, whether -you're spinning up new environments, consolidating runtimes, or managing costs -over time, without worrying about per-image or per-pull fees. - -## Access all variants and versions - -When you mirror a Docker Hardened Image repository, you gain access to all -supported tags in that repository, including multiple versions, base -distributions (such as Alpine and Debian), and dev/runtime variants. You can -freely choose the best tag for each use case without incurring additional cost. - -This flexibility allows teams to adopt secure images without being limited by -billing complexity or image count. - -## Customize images to fit your environment - -In addition to cost flexibility, Docker Hardened Images let you securely -customize images before use. You can add your own packages, tools, certificates, -and configuration files using a guided customization workflow in Docker Hub. -These customizations are securely built and signed, so they integrate with your -compliance and CI/CD policies. - -## Share access across your team - -Once a repository is mirrored, anyone in your organization can pull, verify, -scan, and run images from it. There are no extra charges based on usage volume. -You mirror what you need, and your teams use it freely. - -## Cost and operational efficiency for platform teams - -The Docker Hardened Images model simplifies budgeting for platform and security -teams. Instead of tracking usage at the image or tag level, you manage spend -through the repositories you mirror. And since you can customize images within -Docker Hub itself, everything is in one place, reducing complexity and -operational overhead. - -By aligning repository mirroring, team access, image customization, and cost, -Docker Hardened Images help you build securely and operate efficiently. diff --git a/content/manuals/dhi/features/helm.md b/content/manuals/dhi/features/helm.md deleted file mode 100644 index 7fb784d07a..0000000000 --- a/content/manuals/dhi/features/helm.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: Docker Hardened Image charts -linktitle: Helm charts -description: Learn about Docker Hardened Image charts. -keywords: docker hardened images helm, dhi helm charts, kubernetes hardened images, k8s hardened images ---- - -Docker Hardened Image (DHI) charts are Docker-provided Helm charts built from upstream and community-maintained sources, -designed for compatibility with Docker Hardened Images. These charts are available as OCI artifacts within the DHI -catalog on Docker Hub. - -## Comprehensive supply chain security - -Like the hardened images, DHI charts incorporate multiple layers of security metadata to ensure transparency and trust: - -- SLSA Level 3 compliance: Each chart is built with Docker's SLSA Build Level 3 system, including a detailed build - provenance, and meeting the standards set by the Supply-chain Levels for Software Artifacts (SLSA) framework. -- Software Bill of Materials (SBOMs): Comprehensive SBOMs are provided, detailing all components referenced within the - chart to facilitate vulnerability management and compliance audits. -- Cryptographic signing: All associated metadata is cryptographically signed by Docker, ensuring integrity and - authenticity. -- Hardened configuration: Charts automatically reference Docker hardened images, ensuring security in deployments. - -## Developer Friendly - -DHI charts are robustly tested after building to ensure they work out-of-the-box with Docker Hardened Images. This -removes friction in migration and reduces developer workload in implementing the charts, ensuring seamless -compatibility. diff --git a/content/manuals/dhi/features/integration.md b/content/manuals/dhi/features/integration.md deleted file mode 100644 index b33a20ad81..0000000000 --- a/content/manuals/dhi/features/integration.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Seamless integration -description: Learn how Docker Hardened Images integrate into your existing development and deployment workflows for enhanced security without compromising usability. -description_short: See how Docker Hardened Images integrate with CI/CD pipelines, vulnerability scanners, and container registries across your toolchain -keywords: ci cd containers, vulnerability scanning, slsa build level 3, signed sbom, oci compliant registry ---- - -Docker Hardened Images (DHI) are designed to integrate effortlessly into your -existing development and deployment workflows, ensuring that enhanced security -does not come at the cost of usability. - -## Explore images in Docker Hub - -After your organization [signs -up](https://www.docker.com/products/hardened-images/#getstarted), teams can -explore the full DHI catalog directly on Docker Hub. There, developers and -security teams can: - -- Review available images and language/framework variants -- Understand supported distros -- Compare development vs. runtime variants - -Each repository includes metadata like supported tags, base image -configurations, and image-specific documentation, helping you choose the right variant -for your project. - -## Use DHIs in CI/CD workflows - -You can use DHIs as the same base image in any CI/CD pipeline that is built -using a Dockerfile. They integrate easily into platforms like GitHub Actions, -GitLab CI/CD, Jenkins, CircleCI, and other automation systems your team already -uses. - -## Built to fit your DevSecOps stack - -Docker Hardened Images are designed to work seamlessly with your existing -DevSecOps toolchain. They integrate with scanning tools, registries, CI/CD -systems, and policy engines that teams already use. - -Docker has partnered with a broad range of ecosystem providers in order to -ensure that DHIs work out of the box with your existing workflows and tools. -These partners help deliver enhanced scanning, metadata validation, and -compliance insights directly into your pipelines. - -All DHIs include: - -- Signed Software Bill of Materials (SBOMs) -- CVE data -- Vulnerability Exploitability eXchange (VEX) documents -- SLSA Build Level 3 provenance - -Because the metadata is signed and structured, you can feed it into policy -engines and dashboards for auditing or compliance workflows. - -## Distribute through your preferred registry - -DHIs are mirrored to your organization's namespace on Docker Hub. From there, -you can optionally push them to any OCI-compliant registry, such as: - -- Amazon ECR -- Google Artifact Registry -- GitHub Container Registry -- Azure Container Registry -- Harbor -- JFrog Artifactory -- Other OCI-compliant on-premises or cloud registries - -Mirroring ensures teams can pull images from their preferred location without -breaking policies or build systems. - -## Summary - -Docker Hardened Images integrate with the tools you already use, from development -and CI to scanning and deployment. They: - -- Work with standard Docker tooling and pipelines -- Support popular scanners and registries -- Include security metadata that plugs into your existing compliance systems - -This means you can adopt stronger security controls without disrupting your -engineering workflows. diff --git a/content/manuals/dhi/features/patching.md b/content/manuals/dhi/features/patching.md deleted file mode 100644 index 16a254b0ba..0000000000 --- a/content/manuals/dhi/features/patching.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Continuous patching and secure maintenance -linktitle: Continuous patching -description: Learn how Docker Hardened Images are automatically rebuilt, tested, and updated to stay in sync with upstream security patches. -keywords: docker hardened images, secure base image, automatic patching, CVE updates, compatibility, dev containers, runtime containers, image maintenance ---- - -Docker Hardened Images (DHI) offer a secure and enterprise-ready foundation for -containerized applications, backed by a robust, automated patching process that -helps maintain compliance and reduce vulnerability exposure. - -## Secure base images with strong compatibility - -DHI includes a curated set of minimal base images designed to work across a -broad range of environments and language ecosystems. These images provide secure -building blocks with high compatibility, making it easier to integrate into your -existing infrastructure and development workflows without sacrificing security. - -## Development and runtime variants - -To support different stages of the software lifecycle, DHI provides two key -variants: - -- Development images: Include essential tools and libraries required to build - and test applications securely. -- Runtime images: Contain only the core components needed to run applications, - offering a smaller attack surface and improved runtime efficiency. - -This variant structure supports multi-stage builds, enabling developers to -compile code in secure development containers and deploy with lean runtime -images in production. - -## Automated patching and secure updates - -Docker monitors upstream open-source packages and security advisories for -vulnerabilities (CVEs) and other updates. When changes are detected, affected -Docker Hardened Images are automatically rebuilt and tested. - -Updated images are published with cryptographic provenance attestations to -support verification and compliance workflows. This automated process reduces -the operational burden of manual patching and helps teams stay aligned with -secure software development practices. - -## Automatic patching for customized images - -When you [customize a Docker Hardened Image](../how-to/customize.md), your -customized images also benefit from automatic patching. When the base Docker -Hardened Image receives a security update, Docker automatically rebuilds your -customized images in the background, ensuring they stay current with the latest -security patches without requiring manual intervention. - -This means your customizations maintain continuous compliance and protection by -default, with no additional operational overhead. \ No newline at end of file diff --git a/content/manuals/dhi/features/secure.md b/content/manuals/dhi/features/secure.md deleted file mode 100644 index d148a1ff4c..0000000000 --- a/content/manuals/dhi/features/secure.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Hardened, secure images -description: Learn how Docker Hardened Images reduce vulnerabilities, enforce non-root execution, and include SLSA-compliant metadata for supply chain security. -keywords: non-root containers, slsa build level 3, signed sbom, vex document, hardened container image ---- - -Docker Hardened Images (DHI) are engineered to provide a robust security -foundation for containerized applications, addressing the evolving challenges of -software supply chain security. - -## Near-zero vulnerabilities and non-root execution - -Each DHI is meticulously built to eliminate known vulnerabilities, achieving -near-zero Common Vulnerabilities and Exposures (CVEs) through continuous -scanning and updates. By adhering to the principle of least privilege, DHI -images run as non-root by default, reducing the risk of privilege escalation -attacks in production environments. - -## Comprehensive supply chain security - -DHI incorporates multiple layers of security metadata to ensure transparency and -trust: - -- SLSA Level 3 compliance: Each image includes detailed build provenance, - meeting the standards set by the Supply-chain Levels for Software Artifacts - (SLSA) framework. - -- Software Bill of Materials (SBOMs): Comprehensive SBOMs are provided, - detailing all components within the image to facilitate vulnerability - management and compliance audits. - -- Vulnerability Exploitability eXchange (VEX) statements: VEX documents - accompany each image, providing context about known vulnerabilities and their - exploitability status. - -- Cryptographic signing and attestations: All images and associated metadata are - cryptographically signed, ensuring integrity and authenticity. - -## Minimal and developer-friendly options - -DHI provides both minimal and development-friendly image variants: - -- Minimal images: Built using a distroless approach, these images remove - unnecessary components, reducing the attack surface by up to 95% and improving - startup times. - -- Development images: Equipped with essential development tools and libraries, - these images facilitate secure application building and testing. \ No newline at end of file diff --git a/content/manuals/dhi/features/support.md b/content/manuals/dhi/features/support.md deleted file mode 100644 index d30bb3b057..0000000000 --- a/content/manuals/dhi/features/support.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Enterprise support -description: Get enterprise-grade support and SLA-backed security updates for Docker Hardened Images (DHI), including 24x7x365 access to Docker’s support team and guaranteed CVE patching for critical and high vulnerabilities. -keywords: enterprise container support, sla-backed security, cve patching, secure container image, docker enterprise support ---- - -Docker Hardened Images (DHI) are designed to provide flexibility and robust -support for enterprise environments, allowing teams to tailor images to their -specific needs while ensuring security and compliance. - -## Enterprise-grade support and SLA-backed security updates - -Docker provides comprehensive enterprise support for DHI users, ensuring rapid -response to security threats and operational issues: - -- Enterprise support: Access to Docker's support team, with - response times designed to safeguard mission-critical applications and - maintain operational continuity. - -- SLA-backed CVE mitigation: Docker aims to address Critical and High severity - Common Vulnerabilities and Exposures (CVEs) within 7 working days of an - upstream fix becoming available, with some exceptions. Faster than typical - industry response times and backed by an enterprise-grade SLA, so your teams - can rely on timely fixes to keep workloads secure. - -This level of support ensures that organizations can rely on DHI for their -mission-critical applications, with the assurance that security and stability -are maintained proactively. - -### How Docker defines Critical and High severity vulnerabilities - -For consistent and accurate severity classification, Docker uses the same -severity and scoring principles as [Docker -Scout](../../scout/deep-dive/advisory-db-sources.md) when determining whether a -CVE is considered Critical or High. - -#### Severity and scoring priority - -Docker Scout uses two main principles when determining severity and scoring for -CVEs: - - - Source priority - - CVSS version preference - -For source priority, Docker Scout follows this order: - - 1. Vendor advisories: Scout always uses the severity and scoring data from the - source that matches the package and version. For example, Debian data for - Debian packages. - - 2. NIST scoring data: If the vendor doesn't provide scoring data for a CVE, - Scout falls back to NIST scoring data. - -For CVSS version preference, once Scout has selected a source, it prefers CVSS -v4 over v3 when both are available, as v4 is the more modern and precise scoring -model. - -#### Vulnerability matching - -Traditional tools often rely on broad [Common Product Enumeration -(CPE)](https://en.wikipedia.org/wiki/Common_Platform_Enumeration) matching, -which can lead to many false-positive results. - -Docker Scout uses [Package URLs -(PURLs)](https://github.com/package-url/purl-spec) to match packages against -CVEs, which yields more precise identification of vulnerabilities. PURLs -significantly reduce the chances of false positives, focusing only on genuinely -affected packages. \ No newline at end of file diff --git a/content/manuals/dhi/get-started.md b/content/manuals/dhi/get-started.md index cdafa09c34..ca7f97cf64 100644 --- a/content/manuals/dhi/get-started.md +++ b/content/manuals/dhi/get-started.md @@ -1,120 +1,71 @@ --- linktitle: Quickstart title: Docker Hardened Images quickstart -description: Follow a quickstart guide to explore, mirror, and run a Docker Hardened Image. +description: Follow a quickstart guide to explore and run a Docker Hardened Image. weight: 2 -keywords: docker hardened images quickstart, mirror container image, run secure image +keywords: docker hardened images quickstart, run secure image --- -{{< summary-bar feature_name="Docker Hardened Images" >}} - This guide shows you how to go from zero to running a Docker Hardened Image -(DHI) using a real example. While the steps use a specific image as an -example, they can be applied to any DHI. +(DHI) using a real example. At the end, you'll compare the DHI to a standard +Docker image to better understand the differences. While the steps use a +specific image as an example, they can be applied to any DHI. -> [!TIP] +> [!NOTE] > -> You can keep using the same tools and workflows you already know when moving -> to DHI from other images on Docker Hub, such as Bitnami public catalog images. -> Note that [Bitnami announced](https://github.com/bitnami/charts/issues/35164) -> that its public catalog images will no longer be available after September 29, -> 2025. -> -> In most cases, migrating is as simple as updating the image reference in your -> configuration or commands. Start with this guide, then see the [migration -> guide](./how-to/migrate.md) for more details and examples. +> Docker Hardened Images are freely available to everyone with no subscription +> required, no usage restrictions, and no vendor lock-in. You can upgrade to a +> DHI Enterprise subscription when you require enterprise features like FIPS or +> STIG compliance variants, customization capabilities, or SLA-backed support. -## Step 1: Start a free trial to access DHI - -You can browse the Docker Hardened Images catalog without a subscription, but to -use an image, you must either [contact sales to -subscribe](https://www.docker.com/products/hardened-images/#getstarted) or start -a free trial for an [organization](/admin/organization/). This guide walks you -through starting a free trial. - -To start a free trial: +## Step 1: Find an image to use 1. Go to the Hardened Images catalog in [Docker Hub](https://hub.docker.com/hardened-images/catalog) and sign in. -2. Select **Start trial** and follow the on-screen instructions. - -## Step 2: Find an image to use - -1. Go to the Hardened Images catalog in [Docker - Hub](https://hub.docker.com/hardened-images/catalog) and sign in. -2. In the left sidebar, choose your organization that has DHI access. -3. In the left sidebar, select **Hardened Images** > **Catalog**. +2. In the left sidebar, select **Hardened Images** > **Catalog**. ![Docker Hub sidebar showing DHI catalog](./images/dhi-catalog.png) -4. Use the search bar or filters to find an image (e.g., `python`, `node`, +3. Use the search bar or filters to find an image (e.g., `python`, `node`, `golang`). For this guide, use the Python image as an example. ![DHI catalog with Python repository shown](./images/dhi-python-search.png) -5. Select the Python repository to view its details. +4. Select the Python repository to view its details. -Continue to the next step to mirror the image. To dive deeper into exploring +Continue to the next step to pull and run the image. To dive deeper into exploring images see [Explore Docker Hardened Images](./how-to/explore.md). -## Step 3: Mirror the image +## Step 2: Pull and run the image -To use a Docker Hardened Image, you must mirror it to your organization. Only -organization owners can perform this action. Mirroring creates a copy of the -image in your organization's namespace, allowing team members to pull and use -it. - -1. In the image repository page, select **Mirror to repository**. - - ![An image of the Python page with the Mirror to repository button showing](./images/dhi-mirror-button.png) - - > [!NOTE] - > - > If you don't see the **Mirror to repository** button, the repository may - > already be mirrored to your organization. In this case, you can select - > **View in repository** to see the mirrored image's location or mirror it to - > another repository. - -2. Follow the on-screen instructions to mirror the repository. - -It may take a few minutes for all the tags to finish mirroring. Once -mirrored, the image repository appears in your organization's namespace. For -example, in [Docker Hub](https://hub.docker.com), go to **My Hub** > ***YOUR_ORG*** > **Repositories**, -and you should see `dhi-python` listed. You can now pull it -like any other image. - -![Repository list with mirrored repository showing](./images/dhi-python-mirror.png) - -Continue to the next step to pull and run the image. To dive deeper into -mirroring images see [Mirror a Docker Hardened Image -repository](./how-to/mirror.md). - -## Step 4: Pull and run the image - -Once you've mirrored the image to your organization, you can pull and run it -like any other Docker image. Note that Docker Hardened Images are designed to be -minimal and secure, so they may not include all the tools or libraries you -expect in a typical image. You can view the typical differences in -[Considerations when adopting +You can pull and run a DHI like any other Docker image. Note that Docker Hardened +Images are designed to be minimal and secure, so they may not include all the +tools or libraries you expect in a typical image. You can view the typical +differences in [Considerations when adopting DHIs](./how-to/use.md#considerations-when-adopting-dhis). +> [!TIP] +> +> On every repository page in the DHI catalog, you'll find instructions for +> pulling and scanning the image by selecting **Use this image**. + The following example demonstrates that you can run the Python image and execute a simple Python command just like you would with any other Docker image: -1. Pull the mirrored image. Open a terminal and run the following command, - replacing `` with your organization's namespace: +1. Open a terminal and run the following commands: ```console - $ docker pull /dhi-python:3.13 + $ docker login dhi.io + $ docker pull dhi.io/python:3.13 ``` 2. Run the image to confirm everything works: ```console - $ docker run --rm /dhi-python:3.13 python -c "print('Hello from DHI')" + $ docker run --rm dhi.io/python:3.13 python -c "print('Hello from DHI')" ``` - - This starts a container from the `dhi-python:3.13` image and runs a simple + + This starts a container from the `python:3.13` image and runs a simple Python script that prints `Hello from DHI`. To dive deeper into using images, see: @@ -123,17 +74,18 @@ To dive deeper into using images, see: - [Use in Kubernetes](./how-to/k8s.md) for Kubernetes deployments - [Use a Helm chart](./how-to/helm.md) for deploying with Helm -## Step 5: Compare with the other images +## Step 3: Compare with the other images You can quickly compare DHIs with other images to see the security improvements and differences. This comparison helps you understand the value of using hardened images. -Run the following command to see a summary comparison, replacing -`` with your organization's namespace: +Run the following command to see a summary comparison between the Docker +Hardened Image for Python and the non-hardened Docker Official Image for Python +from Docker Hub: ```console -$ docker scout compare /dhi-python:3.13 \ +$ docker scout compare dhi.io/python:3.13 \ --to python:3.13 \ --platform linux/amd64 \ --ignore-unchanged \ @@ -147,7 +99,7 @@ Example output: │ Analyzed Image │ Comparison Image ────────────────────┼───────────────────────────────────────────────────────┼─────────────────────────────────────────────── - Target │ docker/dhi-python:3.13 │ python:3.13 + Target │ dhi.io/python:3.13 │ python:3.13 digest │ c215e9da9f84 │ 7f48e892134c tag │ 3.13 │ 3.13 platform │ linux/amd64 │ linux/amd64 @@ -160,6 +112,16 @@ Example output: │ │ ``` +> [!NOTE] +> +> This is example output. Your results may vary depending on newly discovered +> CVEs and image updates. +> +> Docker maintains near-zero CVEs in Docker Hardened Images. For DHI Enterprise +> subscriptions, when new CVEs are discovered, the CVEs are remediated within +> the industry-leading SLA timeframe. Learn more about the [SLA-backed security +> features](./features.md#sla-backed-security). + This comparison shows that the Docker Hardened Image: - Removes vulnerabilities: 1 high, 5 medium, 141 low, and 2 unspecified severity CVEs removed @@ -172,8 +134,18 @@ To dive deeper into comparing images see [Compare Docker Hardened Images](./how- You've pulled and run your first Docker Hardened Image. Here are a few ways to keep going: -- [Migrate existing applications to DHIs](./how-to/migrate.md): Learn how to - update your Dockerfiles to use Docker Hardened Images as the base. +- [Migrate existing applications to DHIs](./migration/migrate-with-ai.md): Use + Docker's AI assistant to update your Dockerfiles to use Docker Hardened Images + as the base. + +- [Start a trial](https://hub.docker.com/hardened-images/catalog) by selecting + **How it works** on the Docker Hardened Images catalog page in Docker Hub to + explore the benefits of a DHI Enterprise subscription, such as access to FIPS + and STIG variants, customized images, and SLA-backed updates. + +- [Mirror a repository](./how-to/mirror.md): After subscribing to DHI Enterprise + or starting a trial, learn how to mirror a DHI repository to enable + customization, access compliance variants, and get SLA-backed updates. - [Verify DHIs](./how-to/verify.md): Use tools like [Docker Scout](/scout/) or Cosign to inspect and verify signed attestations, like SBOMs and provenance. diff --git a/content/manuals/dhi/how-to/_index.md b/content/manuals/dhi/how-to/_index.md index cb94dca8db..f3791eed60 100644 --- a/content/manuals/dhi/how-to/_index.md +++ b/content/manuals/dhi/how-to/_index.md @@ -29,14 +29,14 @@ params: description: Learn how to use a Docker Hardened Image chart. icon: leaderboard link: /dhi/how-to/helm/ + - title: Use extended lifecycle support with Docker Hardened Images + description: Learn how to use extended lifecycle support with Docker Hardened Images. + icon: update + link: /dhi/how-to/els/ - title: Manage Docker Hardened Images description: Learn how to manage your mirrored and customized Docker Hardened Images in your organization. icon: reorder link: /dhi/how-to/manage/ - - title: Migrate an existing application to use Docker Hardened Images - description: Follow a step-by-step guide to update your Dockerfiles and adopt Docker Hardened Images for secure, minimal, and production-ready builds. - icon: directions_run - link: /dhi/how-to/migrate/ grid_evaluate: - title: Compare Docker Hardened Images description: Learn how to compare Docker Hardened Images with other container images to evaluate security improvements and differences. diff --git a/content/manuals/dhi/how-to/compare.md b/content/manuals/dhi/how-to/compare.md index 6c173a60d4..f39577d5ec 100644 --- a/content/manuals/dhi/how-to/compare.md +++ b/content/manuals/dhi/how-to/compare.md @@ -6,8 +6,6 @@ keywords: compare docker images, docker scout compare, image comparison, vulnera weight: 40 --- -{{< summary-bar feature_name="Docker Hardened Images" >}} - Docker Hardened Images (DHIs) are designed to provide enhanced security, minimized attack surfaces, and production-ready foundations for your applications. Comparing a DHI to a standard image helps you understand the @@ -34,7 +32,7 @@ To compare a Docker Hardened Image with another image, use the [`docker scout compare`](/reference/cli/docker/scout/compare/) command: ```console -$ docker scout compare /dhi-: \ +$ docker scout compare dhi.io/: \ --to : \ --platform ``` @@ -42,7 +40,7 @@ $ docker scout compare /dhi-: \ For example, to compare a DHI Node.js image with the official Node.js image: ```console -$ docker scout compare /dhi-node:22-debian13 \ +$ docker scout compare dhi.io/node:22-debian13 \ --to node:22 \ --platform linux/amd64 ``` @@ -59,7 +57,7 @@ To focus only on the differences and ignore unchanged packages, use the `--ignore-unchanged` flag: ```console -$ docker scout compare /dhi-node:22-debian13 \ +$ docker scout compare dhi.io/node:22-debian13 \ --to node:22 \ --platform linux/amd64 \ --ignore-unchanged @@ -75,7 +73,7 @@ For a concise overview of the comparison results, you can extract just the overview section using standard shell tools: ```console -$ docker scout compare /dhi-node:22-debian13 \ +$ docker scout compare dhi.io/node:22-debian13 \ --to node:22 \ --platform linux/amd64 \ --ignore-unchanged \ @@ -90,7 +88,7 @@ images. Example output: │ Analyzed Image │ Comparison Image ────────────────────┼───────────────────────────────────────────────────────┼───────────────────────────────────────────── - Target │ docker/dhi-node:22-debian13 │ node:22 + Target │ dhi.io/node:22-debian13 │ node:22 digest │ 55d471f61608 │ 9ee3220f602f tag │ 22-debian13 │ 22 platform │ linux/amd64 │ linux/amd64 @@ -163,7 +161,7 @@ Before migrating from a Docker Official Image to a DHI, compare them to understand the security improvements. For example: ```console -$ docker scout compare /dhi-python:3.13 \ +$ docker scout compare dhi.io/python:3.13 \ --to python:3.13 \ --platform linux/amd64 \ --ignore-unchanged @@ -179,7 +177,7 @@ ensure you haven't introduced new vulnerabilities. For example: ```console $ docker scout compare /dhi-python:3.13-custom \ - --to /dhi-python:3.13 \ + --to dhi.io/python:3.13 \ --platform linux/amd64 ``` @@ -188,8 +186,8 @@ $ docker scout compare /dhi-python:3.13-custom \ Compare different versions of the same DHI to see what changed between releases. For example: ```console -$ docker scout compare /dhi-node:22-debian13 \ - --to /dhi-node:20-debian12 \ +$ docker scout compare dhi.io/node:22-debian13 \ + --to dhi.io/node:20-debian12 \ --platform linux/amd64 \ --ignore-unchanged ``` diff --git a/content/manuals/dhi/how-to/customize.md b/content/manuals/dhi/how-to/customize.md index 480cff0839..2ff7f849db 100644 --- a/content/manuals/dhi/how-to/customize.md +++ b/content/manuals/dhi/how-to/customize.md @@ -1,30 +1,35 @@ --- -title: Customize a Docker Hardened Image -linkTitle: Customize an image +title: 'Customize a Docker Hardened Image or chart DHI Enterprise' +linkTitle: Customize an image or chart weight: 25 -keywords: debug, hardened images, DHI, customize, certificate, artifact -description: Learn how to customize a Docker Hardened Images (DHI). +keywords: hardened images, DHI, customize, certificate, artifact, helm chart +description: Learn how to customize Docker Hardened Images (DHI) and charts. --- -You can customize a Docker Hardened Image (DHI) to suit your specific needs -using the Docker Hub UI. This allows you to select a base image, add packages, -add OCI artifacts (such as custom certificates or additional tools), and -configure settings. In addition, the build pipeline ensures that your customized -image is built securely and includes attestations. +{{< summary-bar feature_name="Docker Hardened Images" >}} -Your customized images stay secure automatically. When the base Docker Hardened -Image receives a security patch or your OCI artifacts are updated, Docker -automatically rebuilds your customized images in the background. This ensures -continuous compliance and protection by default, with no manual work required. -The rebuilt images are signed and attested to the same SLSA Build Level 3 -standard as the base images, ensuring a secure and verifiable supply chain. +When you have a Docker Hardened Images subscription, you can customize Docker +Hardened Images (DHI) and charts to suit your specific needs using the Docker +Hub web interface. For images, this lets you select a base image, add packages, +add OCI artifacts (such as custom certificates or additional tools), and +configure settings. For charts, this lets you customize the image references. + +Your customizations stay secure automatically. When the base Docker Hardened +Image or chart receives a security patch or your OCI artifacts are updated, +Docker automatically rebuilds your customizations in the background. This +ensures continuous compliance and protection by default, with no manual work +required. The rebuilt artifacts are signed and attested to the same SLSA Build +Level 3 standard as the base images and charts, ensuring a secure and verifiable +supply chain. ## Customize a Docker Hardened Image To add a customized Docker Hardened Image to your organization, an organization -owner must first [mirror](./mirror.md) the DHI repository to your organization. -Once the repository is mirrored, any user with access to the mirrored DHI -repository can create a customized image. +owner must first [mirror](./mirror.md) the DHI repository to your organization +on Docker Hub. Once the repository is mirrored, any user with access to the +mirrored DHI repository can create a customized image. + +### Create an image customization To customize a Docker Hardened Image, follow these steps: @@ -32,7 +37,7 @@ To customize a Docker Hardened Image, follow these steps: 1. Select **My Hub**. 1. In the namespace drop-down, select your organization that has a mirrored DHI repository. -1. Select **Hardened Images** > **Management**. +1. Select **Hardened Images** > **Manage** > **Mirrored Images**. 1. For the mirrored DHI repository you want to customize, select the menu icon in the far right column. 1. Select **Customize**. @@ -61,7 +66,7 @@ To customize a Docker Hardened Image, follow these steps: DHI. For example, you can add a custom root CA certificate or a another image that contains a tool you need, like adding Python to a Node.js image. For more details on how to create an OCI artifact image, see - [Create an OCI artifact image](#create-an-oci-artifact-image). + [Create an OCI artifact image](#create-an-oci-artifact-image-for-image-customization). When combining images that contain directories and files with the same path, images later in the list will overwrite files from earlier images. @@ -120,26 +125,7 @@ To customize a Docker Hardened Image, follow these steps: to build. Once built, it will appear in the **Tags** tab of the repository, and your team members can pull it like any other image. -## Edit or delete a Docker Hardened Image customization - -To edit or delete a Docker Hardened Image customization, follow these steps: - -1. Sign in to [Docker Hub](https://hub.docker.com). -2. Select **My Hub**. -3. In the namespace drop-down, select your organization that has a mirrored DHI. -4. Select **Hardened Images** > **Management**. -5. Select **Customizations**. - -6. For the customized DHI repository you want to manage, select the menu icon in the far right column. - From here, you can: - - - **Edit**: Edit the customized image. - - **Create new**: Create a new customized image based on the source repository. - - **Delete**: Delete the customized image. - -7. Follow the on-screen instructions to complete the edit or deletion. - -## Create an OCI artifact image +### Create an OCI artifact image for image customization An OCI artifact image is a Docker image that contains files or directories that you want to include in your customized Docker Hardened Image (DHI). This can @@ -156,7 +142,7 @@ extracted into a minimal final image: ```dockerfile # syntax=docker/dockerfile:1 -FROM /dhi-bash:5-dev AS certs +FROM dhi.io/bash:5-dev AS certs ENV DEBIAN_FRONTEND=noninteractive @@ -203,7 +189,7 @@ Once pushed to a repository in your organization's namespace, the OCI artifact automatically appears in the customization workflow when you select OCI artifacts to add to your customized Docker Hardened Image. -### Best practices for OCI artifacts +#### Best practices for OCI artifacts Follow these best practices when creating OCI artifacts for DHI customizations: @@ -228,4 +214,62 @@ Follow these best practices when creating OCI artifacts for DHI customizations: tags](../../docker-hub/repos/manage/hub-images/immutable-tags.md) for your OCI artifact repositories. This prevents accidental overwrites and ensures that each version of your OCI artifact remains unchanged, improving reproducibility - and reliability of your customizations. \ No newline at end of file + and reliability of your customizations. + +## Customize a DHI Helm chart + +You can customize DHI Helm charts to meet your organization's specific needs. +Via the Docker Hub web interface, you can modify the image references to +reference mirrored images or customized images you've created. This lets you +create a custom, securely-built chart with references to images stored in Docker +Hub or other private registries. DHI securely packages customized Helm charts +that reference your repositories, wherever they are stored, by default. + +To customize image references, an organization owner must [mirror](./mirror.md) +the DHI chart repository to your organization on Docker Hub. + +You can create one chart customization per Helm chart repository. This is +different from image customizations, where you can create multiple +customizations per repository. If you need to make changes, you can edit your +existing customization. Alternatively, you can mirror the same Helm chart +repository again and add a new customization to the new mirror. + +> [!NOTE] +> +> You can customize Docker Hardened Image charts like any other Helm chart using +> standard Helm tools and practices, such as a `values.yaml` file, outside of +> Docker Hub. The following instructions describe how to customize image +> references for the chart using the Docker Hub web interface. + +To customize a Docker Hardened Image Helm chart after it has been mirrored: + +1. Sign in to [Docker Hub](https://hub.docker.com). +1. Select **My Hub**. +1. In the namespace drop-down, select your organization that has a mirrored DHI + repository. +1. Select **Hardened Images** > **Manage** > **Mirrored Helm charts**. +1. For the mirrored DHI repository you want to customize, select the **Name**. +1. Select the **Customizations** tab. +1. Select **Create customization**. + + At this point, the on-screen instructions will guide you through the + customization process. + +## Edit or delete a customization + +To edit or delete a DHI or chart customization, follow these steps: + +1. Sign in to [Docker Hub](https://hub.docker.com). +2. Select **My Hub**. +3. In the namespace drop-down, select your organization that has a mirrored repository. +4. Select **Hardened Images** > **Manage**. +5. Select **Customizations**. + +6. For the customized DHI repository you want to manage, select the menu icon in the far right column. + From here, you can: + + - **Edit**: Edit the customization. + - **Create new**: Create a new customization based on the source repository. + - **Delete**: Delete the customization. + +7. Follow the on-screen instructions to complete the edit or deletion. \ No newline at end of file diff --git a/content/manuals/dhi/how-to/debug.md b/content/manuals/dhi/how-to/debug.md index e3d9ce4522..a05d294284 100644 --- a/content/manuals/dhi/how-to/debug.md +++ b/content/manuals/dhi/how-to/debug.md @@ -6,8 +6,6 @@ keywords: debug, hardened images, DHI, troubleshooting, ephemeral container, doc description: Learn how to use Docker Debug to troubleshoot Docker Hardened Images (DHI) locally or in production. --- -{{< summary-bar feature_name="Docker Hardened Images" >}} - Docker Hardened Images (DHI) prioritize minimalism and security, which means they intentionally leave out many common debugging tools (like shells or package managers). This makes direct troubleshooting difficult without introducing risk. @@ -19,14 +17,14 @@ without modifying the original image. This guide shows how to debug Docker Hardened Images locally during development. You can also debug containers remotely using the `--host` option. -The following example uses a mirrored `dhi-python:3.13` image, but the same steps apply to any image. +The following example uses a mirrored `python:3.13` image, but the same steps apply to any image. ## Step 1: Run a container from a Hardened Image Start with a DHI-based container that simulates an issue: ```console -$ docker run -d --name myapp /dhi-python:3.13 python -c "import time; time.sleep(300)" +$ docker run -d --name myapp dhi.io/python:3.13 python -c "import time; time.sleep(300)" ``` This container doesn't include a shell or tools like `ps`, `top`, or `cat`. diff --git a/content/manuals/dhi/how-to/els.md b/content/manuals/dhi/how-to/els.md new file mode 100644 index 0000000000..2c62941232 --- /dev/null +++ b/content/manuals/dhi/how-to/els.md @@ -0,0 +1,62 @@ +--- +title: 'Use Extended Lifecycle Support for Docker Hardened Images DHI Enterprise' +linktitle: Use Extended Lifecycle Support +description: Learn how to use Extended Lifecycle Support with Docker Hardened Images. +weight: 39 +keywords: extended lifecycle support, docker hardened images, container security, image lifecycle, vulnerability management +--- + +{{< summary-bar feature_name="Docker Hardened Images" >}} + +With a Docker Hardened Images subscription add-on, you can use Extended +Lifecycle Support (ELS) for Docker Hardened Images. ELS provides security +patches for end-of-life (EOL) image versions, letting you maintain secure, +compliant operations while planning upgrades on your own timeline. You can use +ELS images like any other Docker Hardened Image, but you must enable ELS for +each repository you want to use with ELS. + +## Discover repositories with ELS support + +To find images with ELS support: + +1. Go to [Docker Hub](https://hub.docker.com) and sign in. +2. Select **My Hub**. +3. In the namespace drop-down, select your organization. +4. Select **Hardened Images** > **Catalog**. +5. In **Filter by**, select **Extended Lifecycle Support**. + +## Enable ELS for a repository + +To enable ELS for a repository, an organization owner must [mirror](./mirror.md) +the repository to your organization. + +To enable ELS when mirroring: + +1. Go to [Docker Hub](https://hub.docker.com) and sign in. +2. Select **My Hub**. +3. In the namespace drop-down, select your organization. +4. Select **Hardened Images** > **Catalog**. +5. Select a DHI repository to view its details. +6. Select **Use this image** > **Mirror repository** +7. Select **Enable support for end-of-life versions** and then follow the + on-screen instructions. + +## Disable ELS for a repository + +To disable ELS for a repository, you must uncheck the ELS option in the mirrored +repository's **Settings** tab, or stop mirroring the repository. To stop mirroring, see +[Stop mirroring a repository](./mirror.md#stop-mirroring-a-repository). + +To update settings: + +1. Go to [Docker Hub](https://hub.docker.com) and sign in. +2. Select **My Hub**. +3. In the namespace drop-down, select your organization. +4. Select **Repositories** and then select the mirrored repository. +5. Select the **Settings** tab. +6. Uncheck the **Mirror end-of-life images** option. + +## Manage ELS repositories + +You can view and manage your mirrored repositories with ELS like any other +mirrored DHI repository. For more details, see [Manage images](./manage.md). \ No newline at end of file diff --git a/content/manuals/dhi/how-to/explore.md b/content/manuals/dhi/how-to/explore.md index b24be92693..00f714904f 100644 --- a/content/manuals/dhi/how-to/explore.md +++ b/content/manuals/dhi/how-to/explore.md @@ -6,14 +6,11 @@ keywords: explore docker images, image variants, docker hub catalog, container i weight: 10 --- -{{< summary-bar feature_name="Docker Hardened Images" >}} - Docker Hardened Images (DHI) are a curated set of secure, production-ready -container images designed for enterprise use. This page explains how to explore -available DHI repositories, review image metadata, examine variant details, and -understand the security attestations provided. Use this information to evaluate -and select the right image variants for your applications before mirroring them -to your organization. +container images. This page explains how to explore available DHI repositories, +review image metadata, examine variant details, and understand the security +attestations provided. Use this information to evaluate and select the right +image variants for your applications. ## Explore Docker Hardened Images @@ -126,10 +123,4 @@ The image variant details page provides the following information: - Attestations: Variants include comprehensive security attestations to verify the image's build process, contents, and security posture. These attestations are signed and can be verified using cosign. For a list of available - attestations, see [Attestations](../core-concepts/attestations.md). - -## What's next - -After finding an image you need, you can [mirror the image to your -organization](./mirror.md). If the image is already mirrored, then you can start -[using the image](./use.md). \ No newline at end of file + attestations, see [Attestations](../core-concepts/attestations.md). \ No newline at end of file diff --git a/content/manuals/dhi/how-to/helm.md b/content/manuals/dhi/how-to/helm.md index 4b8f6a8f5f..ddf16e60b2 100644 --- a/content/manuals/dhi/how-to/helm.md +++ b/content/manuals/dhi/how-to/helm.md @@ -4,19 +4,13 @@ linktitle: Use a Helm chart description: Learn how to use a Docker Hardened Image chart. keywords: use hardened image, helm, k8s, kubernetes, dhi chart, chart weight: 32 -params: - sidebar: - badge: - color: violet - text: Early Access --- -{{< summary-bar feature_name="Docker Hardened Image charts" >}} - -Docker Hardened Image (DHI) charts are Docker-provided [Helm charts](https://helm.sh/docs/) built from upstream and -community-maintained sources, designed for compatibility with Docker Hardened Images. These charts are available as OCI -artifacts within the DHI catalog on Docker Hub. For more details, see [Docker Hardened Image -charts](/dhi/features/helm/). +Docker Hardened Image (DHI) charts are Docker-provided [Helm +charts](https://helm.sh/docs/) built from upstream sources, designed for +compatibility with Docker Hardened Images. These charts are available as OCI +artifacts within the DHI catalog on Docker Hub. For more details, see [Docker +Hardened Image charts](/dhi/features/helm/). DHI charts incorporate multiple layers of supply chain security that aren't present in upstream charts: @@ -26,64 +20,26 @@ DHI charts incorporate multiple layers of supply chain security that aren't pres - Hardened configuration: Charts automatically reference Docker Hardened Images for secure deployments - Tested compatibility: Charts are robustly tested to work out-of-the-box with Docker Hardened Images -This guide walks you through how to use the DHI Redis chart. You can adapt the steps to other DHI charts and your own -Kubernetes workflows. DHI charts work like any other Helm chart, but you must mirror them to your own repository before -using them. +You can use a DHI chart like any other Helm chart stored in an OCI registry. +When you have a Docker Hardened Images subscription, you can also customize DHI +charts to reference customized images and mirrored repositories. The customized +chart build pipeline ensures that your customizations are built securely, use +the latest base charts, and include attestations. -## Prerequisites - -To follow along with this guide, you need: - -- A Kubernetes cluster set up and [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed. To - test locally, you can use Docker Desktop with Kubernetes enabled. For more information, see [Install Docker - Desktop](/desktop/install/windows-install/) and [Enable Kubernetes](/desktop/use-desktop/kubernetes/). -- Helm installed. For more information, see the [Helm installation guide](https://helm.sh/docs/intro/install/). -- Access to DHI. For more information about starting a free trial, see [Get started with Docker Hardened - Images](/dhi/get-started/). - -## Step 1: Find a Docker Helm chart and request access +## Find a Docker Helm chart To find a Docker Helm chart for DHI: 1. Go to the Hardened Images catalog in [Docker Hub](https://hub.docker.com/hardened-images/catalog) and sign in. -2. In the left sidebar, select your organization that has DHI access. -3. In the left sidebar, select **Hardened Images** > **Catalog**. -4. In the search bar, search for a Helm chart. For this guide, search for `redis chart`. -5. Select the Helm chart to view its details. For this guide, select the **Redis HA Helm Chart**. +2. In the left sidebar, select **Hardened Images** > **Catalog**. +3. Select **Filter by** for **Helm Charts**. +4. Select a Helm chart repository to view its details. - You will see the **Overview** page with details about the chart. +## Mirror a Helm chart and/or its images to a third-party registry -6. If visible, select **Request access to Helm charts**. - - Before you can mirror the chart, you may need to request access for the Early Access program. If **Request access to - Helm charts** is visible on the Helm chart repository details page, select it and wait for an email notifying you - that the access has been granted by Docker. - -## Step 2: Mirror the Docker Helm chart - -You must mirror the Docker Helm chart to your own repository before using it. - -To mirror the Docker Helm chart to your organization, in the Helm chart repository details page you opened in [step -1](#step-1-find-a-docker-helm-chart-and-request-access): - -1. Select **Mirror Helm chart**. -2. Follow the on-screen instructions to mirror the Helm chart. For this guide, name the destination repository - `dhi-redis-ha-chart`. - - When complete, you will see the details page for the mirrored Helm chart in your organization's namespace. On this - page, you can verify that the necessary dependencies have also been mirrored. - -3. If any dependencies are not mirrored, mirror them now. For this guide, select **Mirror image** if necessary for the - Redis image, then follow the on-screen instructions. - -You only need to mirror the Helm chart and its dependencies once. After they are mirrored, you can use them in any -Kubernetes cluster that can access your organization's namespace. - -## Step 3: Optional. Mirror the Helm chart and/or its images to your own registry - -By default, when you mirror a chart or image from the Docker Hardened Images catalog, the chart or image is mirrored to -your namespace in Docker Hub. If you want to then mirror to your own third-party registry, you can follow the -instructions in [How to mirror an image](/dhi/how-to/mirror/) for either the chart, the image, or both. +If you want to mirror to your own third-party registry, you can follow the +instructions in [Mirror a Docker Hardened Image repository](/dhi/how-to/mirror/) for either the +chart, the image, or both. The same `regctl` tool that is used for mirroring container images can also be used for mirroring Helm charts, as Helm charts are OCI artifacts. @@ -100,28 +56,35 @@ regctl image copy \ --force-recursive ``` -## Step 4: Create a Kubernetes secret for pulling images +## Create a Kubernetes secret for pulling images -You need to create a Kubernetes secret for pulling images from Docker Hub or your own registry. This is necessary -because Docker Hardened Images are in private repositories. If you mirror the images to your own registry, you still -need to create this secret if the registry requires authentication. +You need to create a Kubernetes secret for pulling images from `dhi.io`, Docker +Hub, or your own registry. This is necessary because Docker Hardened Image +repositories require authentication. If you mirror the images to your own +registry, you still need to create this secret if the registry requires +authentication. -1. For Docker Hub, create a [personal access token (PAT)](/security/access-tokens/) using your Docker account or an - [organization access token (OAT)](/enterprise/security/access-tokens/). Ensure the token has at least read-only - access to the Docker Hardened Image repositories. +1. For `dhi.io` or Docker Hub, create a [personal access token + (PAT)](/security/access-tokens/) using your Docker account or an + [organization access token (OAT)](/enterprise/security/access-tokens/). + Ensure the token has at least read-only access to the Docker Hardened Image + repositories. 2. Create a secret in Kubernetes using the following command. Replace ``, ``, ``, and `` with your own values. > [!NOTE] > - > You need to create this secret in each Kubernetes namespace that uses a DHI. If you've mirror your DHIs to another - > registry, replace `docker.io` with your registry's hostname. Replace ``, ``, and - > `` with your own values. `` is Docker ID if using a PAT or your organization name if - > using an OAT. `` is a name you choose for the secret. + > You need to create this secret in each Kubernetes namespace that uses a + > DHI. If you've mirror your DHIs to another registry, replace + > `dhi.io` with your registry's hostname. Replace + > ``, ``, and `` with your own + > values. `` is Docker ID if using a PAT or your organization + > name if using an OAT. `` is a name you choose for the + > secret. ```console $ kubectl create secret docker-registry \ - --docker-server=docker.io \ + --docker-server=dhi.io \ --docker-username= \ --docker-password= \ --docker-email= @@ -131,184 +94,45 @@ need to create this secret if the registry requires authentication. ```console $ kubectl create secret docker-registry dhi-pull-secret \ - --docker-server=docker.io \ + --docker-server=dhi.io \ --docker-username=docs \ --docker-password=dckr_pat_12345 \ --docker-email=moby@example.com ``` -## Step 5: Update the image references in the Helm chart +## Install a Helm chart -DHI charts reference images stored in private repositories. While many standard Helm charts use default image locations -that are accessible to everyone, DHI images must first be mirrored to your own Docker Hub namespace or private registry. -Since each organization will have their own unique repository location, the Helm chart must be updated to point to the -correct image locations specific to your organization's Docker Hub namespace or registry. +To install a Helm chart from Docker Hardened Images: -To do this, you can use one of the following approaches: - -- Pre-rendering: Uses a values override file to set the image references before Helm renders the chart templates. -- Post-rendering: Uses a script that automatically rewrites image references after Helm renders the templates but - before deploying to Kubernetes. The script is invoked by Helm during the `helm install` command using the - `--post-renderer` flag, where you pass it the new image prefix as an argument. - -{{< tabs group="rendering" >}} {{< tab name="Pre-rendering" >}} - -Create a file named `dhi-images.yaml` file with the following: - -```yaml -image: - repository: /dhi-redis -haproxy: - image: - repository: /dhi-haproxy -sysctlImage: - image: - repository: /dhi-busybox -configmapTest: - image: - repository: /dhi-shellcheck -exporter: - image: - repository: /dhi-redis-exporter -``` - -Replace `` with your Docker Hub namespace or with your own namespace in your own registry. - -For example, for the Redis chart: - -```yaml -image: - repository: docs/dhi-redis -haproxy: - image: - repository: docs/dhi-haproxy -sysctlImage: - image: - repository: docs/dhi-busybox -configmapTest: - image: - repository: docs/dhi-shellcheck -exporter: - image: - repository: docs/dhi-redis-exporter -``` - -{{< /tab >}} {{< tab name="Post-rendering" >}} - -Create a script named `post-renderer.sh` using the following command: - -```bash -cat > post-renderer.sh << 'EOF' -#!/usr/bin/env bash -set -euo pipefail - -if [ $# -lt 1 ]; then - echo "Usage: $0 " >&2 - exit 1 -fi - -# Replaces dhi/ or docker.io/dhi with the specified PREFIX -PREFIX="$1" -sed -E "s|(image: )\"?(docker\.io/)?dhi/|\1$PREFIX|g" -EOF -chmod +x post-renderer.sh -``` - -This script will replace all references to `dhi/` or `docker.io/dhi/` with the prefix you provide when running `helm -install`. - -{{< /tab >}} {{< /tabs >}} - -## Step 6: Install the Helm chart - -1. If the chart is in a private repository, sign in to the registry using Helm: +1. Sign in to the registry using Helm: ```console - $ echo "" | helm registry login registry-1.docker.io --username --password-stdin + $ echo $ACCESS_TOKEN | helm registry login dhi.io --username --password-stdin ``` - For example: + Replace `` and set `$ACCESS_TOKEN`. - ```console - $ echo "dckr_pat_12345" | helm registry login registry-1.docker.io --username docs --password-stdin - ``` - -2. Install the chart using `helm install`. The command differs slightly depending on whether you are using - post-rendering or pre-rendering. Optionally, you can also use the `--dry-run` flag to test the installation without +2. Install the chart using `helm install`. Optionally, you can also use the `--dry-run` flag to test the installation without actually installing anything. - {{< tabs group="rendering" >}} {{< tab name="Pre-rendering" >}} ```console - $ helm install oci://registry-1.docker.io// --version \ - --set "imagePullSecrets[0].name=" \ - -f dhi-images.yaml + $ helm install oci://dhi.io/ --version \ + --set "imagePullSecrets[0].name=" ``` - Replace `` and `` accordingly. If the chart is in your own registry, replace - `registry-1.docker.io/` with your own registry and namespace. Replace `` with the - name of the image pull secret you created earlier. + Replace `` and `` accordingly. If the + chart is in your own registry or another repository, replace + `dhi.io/` with your own location. Replace + `` with the name of the image pull secret created + from [Create a Kubernetes secret for pulling images](#create-a-kubernetes-secret-for-pulling-images). - For example, for the Redis chart: +## Customize a Helm chart - ```console - $ helm install my-redis-ha oci://registry-1.docker.io/docs/dhi-redis-ha-chart --version 0.1.0 \ - --set "imagePullSecrets[0].name=dhi-pull-secret" \ - -f dhi-images.yaml - ``` +You can customize Docker Hardened Image Helm charts to reference customized +images and mirrored repositories. For more details, see [Customize Docker +Hardened Images and charts](./customize.md). - {{< /tab >}} {{< tab name="Post-rendering" >}} +## Verify a Helm chart and view its attestations - ```console - $ helm install oci://registry-1.docker.io// --version \ - --set "imagePullSecrets[0].name=" \ - --post-renderer ./post-renderer.sh --post-renderer-args "" - ``` - - Replace `` and `` accordingly. If the chart is in your own registry, replace - `registry-1.docker.io/` with your own registry and namespace. Replace - `` with the registry and repository prefix you want to use for the images, for example, - `gcr.io/my-project/dhi-`, or `your-namespace/` if you are using Docker Hub. Replace `` with the - name of the image pull secret you created earlier. - - For example, for the Redis chart: - - ```console - $ helm install my-redis-ha oci://registry-1.docker.io/docs/dhi-redis-ha-chart --version 0.1.0 \ - --set "imagePullSecrets[0].name=dhi-pull-secret" \ - --post-renderer ./post-renderer.sh --post-renderer-args "docs/" - ``` - - {{< /tab >}} {{< /tabs >}} - -## Step 7: Verify the installation - -After a few seconds all the pods should be up and running. - -```console -$ kubectl get pods -NAME READY STATUS RESTARTS AGE ---server-0 3/3 Running 0 33s -``` - -For example, for the Redis chart: - -```console -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -my-redis-ha-redis-ha-chart-server-0 3/3 Running 0 33s -``` - -## Step 8: Uninstall the Helm chart - -To uninstall the Helm chart, run: - -```console -$ helm uninstall -``` - -For example, for the Redis chart: - -```console -$ helm uninstall my-redis-ha -``` \ No newline at end of file +You can verify Helm charts. For more details, see [Verify Helm chart attestations](./verify.md#verify-helm-chart-attestations-with-docker-scout). \ No newline at end of file diff --git a/content/manuals/dhi/how-to/k8s.md b/content/manuals/dhi/how-to/k8s.md index d924e1f90b..c033a34d58 100644 --- a/content/manuals/dhi/how-to/k8s.md +++ b/content/manuals/dhi/how-to/k8s.md @@ -6,20 +6,20 @@ keywords: use hardened image, kubernetes, k8s weight: 31 --- -{{< summary-bar feature_name="Docker Hardened Images" >}} - ## Authentication -To be able to use Docker Hardened Images in Kubernetes, you need to create a +To be able to use Docker Hardened Images in Kubernetes, you need to create a Kubernetes secret for pulling images from your mirror or internal registry. > [!NOTE] > > You need to create this secret in each Kubernetes namespace that uses a DHI. -Create a secret using a Personal Access Token (PAT). Ensure the token has at least -read-only access to private repositories. For Docker Hub replace `` -with `docker.io`. +Create a secret using a Personal Access Token (PAT). Ensure the token has at +least read-only access to public repositories. For Docker Hardened Images +replace `` with `dhi.io`. If you are using a mirrored +repository, replace it with your mirror's registry server, such as `docker.io` +for Docker Hub. ```console $ kubectl create -n secret docker-registry --docker-server= \ @@ -39,7 +39,7 @@ metadata: spec: containers: - name: test - image: /dhi-bash:5 + image: bash:5 command: [ "sh", "-c", "echo 'Hello from DHI in Kubernetes!'" ] imagePullSecrets: - name: diff --git a/content/manuals/dhi/how-to/manage.md b/content/manuals/dhi/how-to/manage.md index cc25482bfa..309c82a40e 100644 --- a/content/manuals/dhi/how-to/manage.md +++ b/content/manuals/dhi/how-to/manage.md @@ -1,6 +1,6 @@ --- -title: Manage Docker Hardened Images -linktitle: Manage images +title: 'Manage Docker Hardened Images and charts DHI Enterprise' +linktitle: Manage images and charts description: Learn how to manage your mirrored and customized Docker Hardened Images in your organization. keywords: manage docker hardened images, custom hardened images weight: 35 @@ -8,37 +8,34 @@ weight: 35 {{< summary-bar feature_name="Docker Hardened Images" >}} -On the **Management** screen in Docker Hub, you can manage both your mirrored -Docker Hardened Image (DHI) repositories and customized DHI images in your -organization. +On the **Manage** screen in Docker Hub, you can manage your mirrored Docker +Hardened Image (DHI) repositories, mirrored DHI chart repositories, and +customizations in your organization. -## Manage mirrored Docker Hardened Images +## Manage mirrored Docker Hardened Image repositories To manage your mirrored DHI repositories: 1. Go to the [Docker Hub](https://hub.docker.com) and sign in. 2. Select **My Hub**. 3. In the namespace drop-down, select your organization. -4. Select **Hardened Images** > **Management**. - - On this page, you can view your mirrored DHI - repositories and view which source repositories they are mirrored from. - -5. Select the menu icon in the far right column of the repository you want to manage. +4. Select **Hardened Images** > **Manage**. +5. Select **Mirrored Images** +6. Select the menu icon in the far right column of the repository you want to manage. From here, you can: - **Customize**: Create a customized image based on the source repository. - **Stop mirroring**: Stop mirroring the DHI repository. -## Manage customized Docker Hardened Images +## Manage customized Docker Hardened Image repositories To manage your customized DHI repositories: 1. Go to [Docker Hub](https://hub.docker.com) and sign in. 2. Select **My Hub**. 3. In the namespace drop-down, select your organization. -4. Select **Hardened Images** > **Management**. +4. Select **Hardened Images** > **Manage**. 5. Select **Customizations**. On this page, you can view your customized DHI diff --git a/content/manuals/dhi/how-to/migrate.md b/content/manuals/dhi/how-to/migrate.md deleted file mode 100644 index 5fb26f0721..0000000000 --- a/content/manuals/dhi/how-to/migrate.md +++ /dev/null @@ -1,334 +0,0 @@ ---- -title: Migrate an existing application to use Docker Hardened Images -linktitle: Migrate an app -description: Follow a step-by-step guide to update your Dockerfiles and adopt Docker Hardened Images for secure, minimal, and production-ready builds. -weight: 36 -keywords: migrate dockerfile, hardened base image, multi-stage build, non-root containers, secure container build ---- - -{{< summary-bar feature_name="Docker Hardened Images" >}} - -This guide helps you migrate your existing Dockerfiles to use Docker Hardened -Images (DHIs) [manually](#step-1-update-the-base-image-in-your-dockerfile), -or with [Gordon](#use-gordon). -DHIs are minimal and security-focused, which may require -adjustments to your base images, build process, and runtime configuration. - -This guide focuses on migrating framework images, such as images for building -applications from source using languages like Go, Python, or Node.js. If you're -migrating application images, such as databases, proxies, or other prebuilt -services, many of the same principles still apply. - -## Migration considerations - -DHIs omit common tools such as shells and package managers to -reduce the attack surface. They also default to running as a nonroot user. As a -result, migrating to DHI typically requires the following changes to your -Dockerfile: - - -| Item | Migration note | -|:-------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Base image | Replace your base images in your Dockerfile with a Docker Hardened Image. | -| Package management | Images intended for runtime, don't contain package managers. Use package managers only in images with a `dev` tag. Utilize multi-stage builds and copy necessary artifacts from the build stage to the runtime stage. | -| Non-root user | By default, images intended for runtime, run as the nonroot user. Ensure that necessary files and directories are accessible to the nonroot user. | -| Multi-stage build | Utilize images with a `dev` or `sdk` tags for build stages and non-dev images for runtime. | -| TLS certificates | DHIs contain standard TLS certificates by default. There is no need to install TLS certificates. | -| Ports | DHIs intended for runtime run as a nonroot user by default. As a result, applications in these images can't bind to privileged ports (below 1024) when running in Kubernetes or in Docker Engine versions older than 20.10. To avoid issues, configure your application to listen on port 1025 or higher inside the container. | -| Entry point | DHIs may have different entry points than images such as Docker Official Images. Inspect entry points for DHIs and update your Dockerfile if necessary. | -| No shell | DHIs intended for runtime don't contain a shell. Use dev images in build stages to run shell commands and then copy artifacts to the runtime stage. | - -For more details and troubleshooting tips, see the [Troubleshoot](/manuals/dhi/troubleshoot.md). - -## Migrate an existing application - -The following steps outline the migration process. - -### Step 1: Update the base image in your Dockerfile - -Update the base image in your application’s Dockerfile to a hardened image. This -is typically going to be an image tagged as `dev` or `sdk` because it has the tools -needed to install packages and dependencies. - -The following example diff snippet from a Dockerfile shows the old base image -replaced by the new hardened image. - -```diff -- ## Original base image -- FROM golang:1.22 - -+ ## Updated to use hardened base image -+ FROM /dhi-golang:1.22-dev -``` - -### Step 2: Update the runtime image in your Dockerfile - -> [!NOTE] -> -> Multi-stage builds are recommended to keep your final image minimal and -> secure. Single-stage builds are supported, but they include the full `dev` image -> and therefore result in a larger image with a broader attack surface. - -To ensure that your final image is as minimal as possible, you should use a -[multi-stage build](/manuals/build/building/multi-stage.md). All stages in your -Dockerfile should use a hardened image. While intermediary stages will typically -use images tagged as `dev` or `sdk`, your final runtime stage should use a runtime image. - -Utilize the build stage to compile your application and copy the resulting -artifacts to the final runtime stage. This ensures that your final image is -minimal and secure. - -See the [Example Dockerfile migrations](#example-dockerfile-migrations) section for -examples of how to update your Dockerfile. - -## Example Dockerfile migrations - -The following examples show a Dockerfile before and after migration. Each -example includes both a multi-stage build (recommended for minimal, secure -images) and a single-stage build (supported, but results in a larger image with -a broader attack surface). - -> [!NOTE] -> -> Multi-stage builds are recommended for most use cases. Single-stage builds are -> supported for simplicity, but come with tradeoffs in size and security. - -### Go example - -{{< tabs >}} -{{< tab name="Before" >}} - -```dockerfile -#syntax=docker/dockerfile:1 - -FROM golang:latest - -WORKDIR /app -ADD . ./ -RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" --installsuffix cgo -o main . - -ENTRYPOINT ["/app/main"] -``` - -{{< /tab >}} -{{< tab name="After (multi-stage)" >}} - -```dockerfile -#syntax=docker/dockerfile:1 - -# === Build stage: Compile Go application === -FROM /dhi-golang:1-alpine3.21-dev AS builder - -WORKDIR /app -ADD . ./ -RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" --installsuffix cgo -o main . - -# === Final stage: Create minimal runtime image === -FROM /dhi-golang:1-alpine3.21 - -WORKDIR /app -COPY --from=builder /app/main /app/main - -ENTRYPOINT ["/app/main"] -``` - -{{< /tab >}} -{{< tab name="After (single-stage)" >}} - -```dockerfile -#syntax=docker/dockerfile:1 - -FROM /dhi-golang:1-alpine3.21-dev - -WORKDIR /app -ADD . ./ -RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" --installsuffix cgo -o main . - -ENTRYPOINT ["/app/main"] -``` - -{{< /tab >}} -{{< /tabs >}} - -### Node.js example - -{{< tabs >}} -{{< tab name="Before" >}} - -```dockerfile -#syntax=docker/dockerfile:1 - -FROM node:latest -WORKDIR /usr/src/app - -COPY package*.json ./ -RUN npm install - -COPY image.jpg ./image.jpg -COPY . . - -CMD ["node", "index.js"] -``` - -{{< /tab >}} -{{< tab name="After (multi-stage)" >}} - -```dockerfile -#syntax=docker/dockerfile:1 - -#=== Build stage: Install dependencies and build application ===# -FROM /dhi-node:23-alpine3.21-dev AS builder -WORKDIR /usr/src/app - -COPY package*.json ./ -RUN npm install - -COPY image.jpg ./image.jpg -COPY . . - -#=== Final stage: Create minimal runtime image ===# -FROM /dhi-node:23-alpine3.21 -ENV PATH=/app/node_modules/.bin:$PATH - -COPY --from=builder --chown=node:node /usr/src/app /app - -WORKDIR /app - -CMD ["index.js"] -``` - -{{< /tab >}} -{{< tab name="After (single-stage)" >}} - -```dockerfile -#syntax=docker/dockerfile:1 - -FROM /dhi-node:23-alpine3.21-dev -WORKDIR /usr/src/app - -COPY package*.json ./ -RUN npm install - -COPY image.jpg ./image.jpg -COPY . . - -CMD ["index.js"] -``` - -{{< /tab >}} -{{< /tabs >}} - -### Python example - -{{< tabs >}} -{{< tab name="Before" >}} - -```dockerfile -#syntax=docker/dockerfile:1 - -FROM python:latest AS builder - -ENV LANG=C.UTF-8 -ENV PYTHONDONTWRITEBYTECODE=1 -ENV PYTHONUNBUFFERED=1 -ENV PATH="/app/venv/bin:$PATH" - -WORKDIR /app - -RUN python -m venv /app/venv -COPY requirements.txt . - -RUN pip install --no-cache-dir -r requirements.txt - -FROM python:latest - -WORKDIR /app - -ENV PYTHONUNBUFFERED=1 -ENV PATH="/app/venv/bin:$PATH" - -COPY image.py image.png ./ -COPY --from=builder /app/venv /app/venv - -ENTRYPOINT [ "python", "/app/image.py" ] -``` - -{{< /tab >}} -{{< tab name="After (multi-stage)" >}} - -```dockerfile -#syntax=docker/dockerfile:1 - -#=== Build stage: Install dependencies and create virtual environment ===# -FROM /dhi-python:3.13-alpine3.21-dev AS builder - -ENV LANG=C.UTF-8 -ENV PYTHONDONTWRITEBYTECODE=1 -ENV PYTHONUNBUFFERED=1 -ENV PATH="/app/venv/bin:$PATH" - -WORKDIR /app - -RUN python -m venv /app/venv -COPY requirements.txt . - -RUN pip install --no-cache-dir -r requirements.txt - -#=== Final stage: Create minimal runtime image ===# -FROM /dhi-python:3.13-alpine3.21 - -WORKDIR /app - -ENV PYTHONUNBUFFERED=1 -ENV PATH="/app/venv/bin:$PATH" - -COPY image.py image.png ./ -COPY --from=builder /app/venv /app/venv - -ENTRYPOINT [ "python", "/app/image.py" ] -``` - -{{< /tab >}} -{{< tab name="After (single-stage)" >}} - -```dockerfile -#syntax=docker/dockerfile:1 - -FROM /dhi-python:3.13-alpine3.21-dev - -ENV LANG=C.UTF-8 -ENV PYTHONDONTWRITEBYTECODE=1 -ENV PYTHONUNBUFFERED=1 -ENV PATH="/app/venv/bin:$PATH" - -WORKDIR /app - -RUN python -m venv /app/venv -COPY requirements.txt . -RUN pip install --no-cache-dir -r requirements.txt - -COPY image.py image.png ./ - -ENTRYPOINT [ "python", "/app/image.py" ] -``` - -{{< /tab >}} -{{< /tabs >}} - -### Use Gordon - -Alternatively, you can request assistance to -[Gordon](/manuals/ai/gordon/_index.md), Docker's AI-powered assistant, to -migrate your Dockerfile: - -{{% include "gordondhi.md" %}} - -## What's next - -After migrating to Docker Hardened Images, you can: - -- [Compare images](./compare.md) to see the security improvements and - differences between your DHI and the original image -- [Verify the image](./verify.md) to check signed attestations like SBOMs and - provenance -- [Scan the image](./scan.md) to analyze it for known vulnerabilities diff --git a/content/manuals/dhi/how-to/mirror.md b/content/manuals/dhi/how-to/mirror.md index ea60d3bf88..5d66113769 100644 --- a/content/manuals/dhi/how-to/mirror.md +++ b/content/manuals/dhi/how-to/mirror.md @@ -1,6 +1,6 @@ --- -title: Mirror a Docker Hardened Image repository -linktitle: Mirror an image +title: 'Mirror a Docker Hardened Image repository DHI Enterprise' +linktitle: Mirror a repository description: Learn how to mirror an image into your organization's namespace and optionally push it to another private registry. weight: 20 keywords: mirror docker image, private container registry, docker hub automation, webhook image sync, secure image distribution, internal registry, jfrog artifactory, harbor registry, amazon ecr, google artifact registry, github container registry @@ -8,59 +8,74 @@ keywords: mirror docker image, private container registry, docker hub automation {{< summary-bar feature_name="Docker Hardened Images" >}} -Before you can use a Docker Hardened Image (DHI), you must mirror its repository -to your organization. Only organization owners can perform this action. Once -mirrored, the image becomes available in your organization's namespace, and -users with access can begin pulling and using it. +Mirroring requires a DHI Enterprise subscription. Without a DHI Enterprise +subscription, you can pull Docker Hardened Images directly from `dhi.io` without +mirroring. With a DHI Enterprise subscription, you must mirror to get: -Mirrored repositories automatically stay up to date. Docker continues to sync -new tags and image updates from the upstream DHI catalog, so you always have -access to the latest secure version. +- Compliance variants (FIPS-enabled or STIG-ready images) +- Extended Lifecycle Support (ELS) variants (requires add-on) +- Image or Helm chart customization +- Air-gapped or restricted network environments +- SLA-backed security updates -## Prerequisites +## How to mirror -- To manage mirroring, you must be an [organization owner](/admin/). -- Your organization must be [signed - up](https://www.docker.com/products/hardened-images/#getstarted) to use - Docker Hardened Images. +This topic covers two types of mirroring for Docker Hardened Image (DHI) +repositories: -## Mirror an image repository +- [Mirror to Docker Hub](#mirror-a-dhi-repository-to-docker-hub): Mirror a DHI + repository to your organization's namespace on Docker Hub. This requires a DHI + Enterprise subscription and is used to [customize an image or + chart](./customize.md) and access compliance variants and ELS variants + (requires add-on). This must be done through the Docker Hub web interface. + +- [Mirror to a third-party + registry](#mirror-a-dhi-repository-to-a-third-party-registry): Mirror a + repository to another container registry, such as Amazon ECR, Google Artifact + Registry, or a private Harbor instance. + +## Mirror a DHI repository to Docker Hub + +Mirroring a repository to Docker Hub requires a DHI Enterprise subscription and +enables access to compliance variants, Extended Lifecycle Support (ELS) variants +(requires add-on), and customization capabilities: + +- Image repositories: Mirroring lets you customize images by adding packages, + OCI artifacts (such as custom certificates or additional tools), environment + variables, labels, and other configuration settings. For more details, see + [Customize a Docker Hardened Image](./customize.md#customize-a-docker-hardened-image). + +- Chart repositories: Mirroring lets you customize image references within + the chart. This is particularly useful when using customized images or when + you've mirrored images to a third-party registry and need the chart to + reference those custom locations. For more details, see [Customize a Docker + Hardened Helm chart](./customize.md#customize-a-docker-hardened-helm-chart). + +Only organization owners can perform mirroring. Once mirrored, the repository +becomes available in your organization's namespace, and you can customize it as +needed. To mirror a Docker Hardened Image repository: 1. Go to [Docker Hub](https://hub.docker.com) and sign in. 2. Select **My Hub**. -3. In the namespace drop-down, select your organization that has access to DHI. +3. In the namespace drop-down, select your organization. 4. Select **Hardened Images** > **Catalog**. 5. Select a DHI repository to view its details. -6. Select **Mirror to repository** and follow the on-screen instructions. +6. Mirror the repository: + - To mirror an image repository, select **Use this image** > **Mirror + repository**, and then follow the on-screen instructions. If you have the ELS add-on, you can also + select **Enable support for end-of-life versions**. + - To mirror a Helm chart repository, select **Get Helm chart**, and then follow the on-screen instructions. - -It may take a few minutes for all the tags to finish mirroring. Once an image -has been mirrored, the **Mirror to repository** button changes to **View in -repository**. Selecting **View in repository** opens a drop-down list of -repositories that the image has already been mirrored to. From this drop-down, -you can: - - - Select an existing mirrored repository to view its details - - Select **Mirror to repository** again to mirror the image to an additional - repository +It may take a few minutes for all the tags to finish mirroring. After mirroring a repository, the repository appears in your organization's -repository list, prefixed by `dhi-`. It will -continue to receive updated images. +repository list, prefixed by `dhi-`. It will continue to receive updated images. -![Repository list with mirrored repository showing](../images/dhi-python-mirror.png) - -> [!IMPORTANT] -> -> The mirrored repository's visibility must remain private. Changing its -> visibility to public will stop updates from being mirrored. - -Once mirrored, the image repository works like any other private repository on -Docker Hub. Team members with access to the repository can now pull and use the -image. To learn how to manage access, view tags, or configure settings, see -[Repositories](/manuals/docker-hub/repos.md). +Once mirrored, the repository works like any other private repository on Docker +Hub and you can now customize it. To learn more about customization, see +[Customize a Docker Hardened Image or chart](./customize.md). ### Webhook integration for syncing and alerts @@ -106,37 +121,35 @@ When a webhook is triggered, Docker Hub sends a JSON payload like the following: } ``` -## Stop mirroring an image repository +### Stop mirroring a repository Only organization owners can stop mirroring a repository. After you stop mirroring, the repository remains, but it will -no longer receive updates. You can still pull the last image that was mirrored, +no longer receive updates. You can still use the last images or charts that were mirrored, but the repository will not receive new tags or updates from the original repository. - To stop mirroring an image repository: +> [!NOTE] +> +> If you only want to stop mirroring ELS versions, you can uncheck the ELS +> option in the mirrored repository's **Settings** tab. For more details, see +> [Disable ELS for a repository](./els.md#disable-els-for-a-repository). + + To stop mirroring a repository: 1. Go to [Docker Hub](https://hub.docker.com) and sign in. 2. Select **My Hub**. 3. In the namespace drop-down, select your organization that has access to DHI. -4. Select **Hardened Images** > **Management**. -5. In the far right column of the repository you want to stop mirroring, select the menu icon. -6. Select **Stop mirroring**. +4. Select **Hardened Images** > **Manage**. +5. Select the **Mirrored Images** or **Mirrored Helm charts** tab. +6. In the far right column of the repository you want to stop mirroring, select the menu icon. +7. Select **Stop mirroring**. -Once you have stopped mirroring a repository, you can choose another DHI -repository to mirror. +## Mirror a DHI repository to a third-party registry -## Mirror from Docker Hub to another registry - -> [!IMPORTANT] -> -> To continue receiving image updates and preserve access to Docker Hardened -> Images, ensure that any copies pushed to other registries remain private. - -After you've mirrored a Docker Hardened Image repository to your organization's -namespace on Docker Hub, you can optionally mirror it to another container -registry, such as Amazon ECR, Google Artifact Registry, GitHub Container -Registry, or a private Harbor instance. +You can optionally mirror a DHI repository to another container registry, such as Amazon +ECR, Google Artifact Registry, GitHub Container Registry, or a private Harbor +instance. You can use any standard workflow to mirror the image, such as the [Docker CLI](/reference/cli/docker/_index.md), [Docker Hub Registry @@ -144,9 +157,9 @@ API](/reference/api/registry/latest/), third-party registry tools, or CI/CD automation. However, to preserve the full security context, including attestations, you must -also mirror its associated OCI artifacts. Docker Hardened Images store the image -layers on Docker Hub (`docker.io`) and the signed attestations in a separate -registry (`registry.scout.docker.com`). +also mirror its associated OCI artifacts. DHI repositories store the image +layers on `dhi.io` (or `docker.io` for customized images) and the signed +attestations in a separate registry (`registry.scout.docker.com`). To copy both, you can use [`regctl`](https://regclient.org/cli/regctl/), an OCI-aware CLI that supports mirroring images along with attached artifacts such @@ -160,6 +173,11 @@ Image from Docker Hub to another registry, along with its associated attestations using `regctl`. You must [install `regctl`](https://github.com/regclient/regclient) first. +The example assumes you have mirrored the DHI repository to your organization's +namespace on Docker Hub as described in the previous section. You can apply the +same steps to a non-mirrored image by updating the the `SRC_ATT_REPO` and +`SRC_REPO` variables accordingly. + 1. Set environment variables for your specific environment. Replace the placeholders with your actual values. @@ -285,7 +303,6 @@ To run the sync with the configuration file: $ regsync once -c regsync.yaml ``` -## What's next +## What next -After mirroring an image repository, you can you can start [using the -image](./use.md). \ No newline at end of file +After mirroring, see [Pull a DHI](./use.md#pull-a-dhi) to learn how to pull and use mirrored images. diff --git a/content/manuals/dhi/how-to/policies.md b/content/manuals/dhi/how-to/policies.md index cbcf04351a..80f9589bc0 100644 --- a/content/manuals/dhi/how-to/policies.md +++ b/content/manuals/dhi/how-to/policies.md @@ -6,13 +6,12 @@ weight: 50 keywords: docker scout policies, enforce image compliance, container security policy, image provenance, vulnerability policy check --- -{{< summary-bar feature_name="Docker Hardened Images" >}} - -Mirroring a Docker Hardened Image (DHI) repository automatically enables [Docker -Scout](/scout/), allowing you to start enforcing security and compliance policies for your -images without additional setup. Using Docker Scout policies, you can define and -apply rules that ensure only approved and secure images, such as those based on -DHIs, are used across your environments. +When you have a Docker Hardened Images Enterprise subscription, mirroring a +Docker Hardened Image (DHI) repository automatically enables [Docker +Scout](/scout/), allowing you to start enforcing security and compliance +policies for your images without additional setup. Using Docker Scout policies, +you can define and apply rules that ensure only approved and secure images, such +as those based on DHIs, are used across your environments. Docker Scout includes a dedicated [**Valid Docker Hardened Image (DHI) or DHI base @@ -60,7 +59,7 @@ base. For example: ```dockerfile # Dockerfile -FROM ORG_NAME/dhi-python:3.13-alpine3.21 +FROM /dhi-python:3.13-alpine3.21 ENTRYPOINT ["python", "-c", "print('Hello from a DHI-based image')"] ``` @@ -73,7 +72,7 @@ build and push the image to your Docker Hub repository: ```console $ docker build \ --push \ - -t YOUR_ORG/my-dhi-app:v1 . + -t /my-dhi-app:v1 . ``` #### Step 3: Enable Docker Scout @@ -83,8 +82,8 @@ following commands in your terminal: ```console $ docker login -$ docker scout enroll YOUR_ORG -$ docker scout repo enable --org YOUR_ORG YOUR_ORG/my-dhi-app +$ docker scout enroll +$ docker scout repo enable --org /my-dhi-app ``` #### Step 4: Configure the DHI policy @@ -106,7 +105,7 @@ Once the DHI policy is configured and active, you can view compliance results: 1. Go to the [Docker Scout dashboard](https://scout.docker.com). 2. Select your organization and navigate to **Images**. -3. Find your image, `YOUR_ORG/my-dhi-app:v1`, and select the link in the **Compliance** column. +3. Find your image, `/my-dhi-app:v1`, and select the link in the **Compliance** column. This shows the policy compliance results for your image. The **Valid Docker Hardened Image (DHI) or DHI base image** policy evaluates whether your image has diff --git a/content/manuals/dhi/how-to/scan.md b/content/manuals/dhi/how-to/scan.md index c2d1c9818a..ddd2e4b8d2 100644 --- a/content/manuals/dhi/how-to/scan.md +++ b/content/manuals/dhi/how-to/scan.md @@ -6,8 +6,6 @@ keywords: scan container image, docker scout cves, grype scanner, trivy containe weight: 46 --- -{{< summary-bar feature_name="Docker Hardened Images" >}} - Docker Hardened Images (DHIs) are designed to be secure by default, but like any container image, it's important to scan them regularly as part of your vulnerability management process. @@ -19,10 +17,20 @@ be mirrored into your organization on Docker Hub. > [!NOTE] > -> [Docker Scout](/manuals/scout/_index.md) is automatically enabled at no -> additional cost for all mirrored Docker Hardened Image repositories on Docker -> Hub. You can view scan results directly in the Docker Hub UI under your -> organization's repository. +> When you have a Docker Hardened Images Enterprise subscription, [Docker +> Scout](/manuals/scout/_index.md) is automatically enabled at no additional +> cost for all mirrored Docker Hardened Image repositories on Docker Hub. You +> can view scan results directly in the Docker Hub UI under your organization's +> repository. + +> [!IMPORTANT] +> +> You must authenticate to the Docker Hardened Image registry (`dhi.io`) to pull images. To +> do this, you can use [`docker login`](../../../reference/cli/docker/login.md): +> +> ```console +> $ docker login dhi.io +> ``` ## Docker Scout @@ -35,7 +43,7 @@ To scan a Docker Hardened Image using Docker Scout, run the following command: ```console -$ docker scout cves /dhi-: --platform +$ docker scout cves dhi.io/: --platform ``` Example output: @@ -150,8 +158,8 @@ After installing Grype, you can scan a Docker Hardened Image by pulling the image and running the scan command: ```console -$ docker pull /dhi-: -$ grype /dhi-: +$ docker pull dhi.io/: +$ grype dhi.io/: ``` Example output: @@ -180,8 +188,8 @@ After installing Trivy, you can scan a Docker Hardened Image by pulling the image and running the scan command: ```console -$ docker pull /dhi-: -$ trivy image /dhi-: +$ docker pull dhi.io/: +$ trivy image --scanners vuln --vex repo dhi.io/: ``` Example output: @@ -192,15 +200,14 @@ Report Summary ┌──────────────────────────────────────────────────────────────────────────────┬────────────┬─────────────────┬─────────┐ │ Target │ Type │ Vulnerabilities │ Secrets │ ├──────────────────────────────────────────────────────────────────────────────┼────────────┼─────────────────┼─────────┤ -│ /dhi-: (debian 12.11) │ debian │ 66 │ - │ +│ dhi.io/: (debian 12.11) │ debian │ 66 │ - │ ├──────────────────────────────────────────────────────────────────────────────┼────────────┼─────────────────┼─────────┤ │ opt/python-3.13.4/lib/python3.13/site-packages/pip-25.1.1.dist-info/METADATA │ python-pkg │ 0 │ - │ └──────────────────────────────────────────────────────────────────────────────┴────────────┴─────────────────┴─────────┘ ``` You should include the `--vex` flag to apply VEX statements during the scan, -which filter out known non-exploitable CVEs. For more information, see the [VEX -section](#use-vex-to-filter-known-non-exploitable-cves). +which filter out known non-exploitable CVEs. ## Use VEX to filter known non-exploitable CVEs @@ -215,12 +222,12 @@ manual configuration needed. > > By default, VEX attestations are fetched from `registry.scout.docker.com`. Ensure that you can access this registry > if your network has outbound restrictions. You can also mirror the attestations to an alternate registry. For more -> details, see [Mirror a Docker Hardened Image repository](mirror.md#mirror-from-docker-hub-to-another-registry). +> details, see [Mirror to a third-party registry](mirror.md#mirror-to-a-third-party-registry). To manually create a JSON file of VEX attestations for tools that support it: ```console -$ docker scout vex get /dhi-: --output vex.json +$ docker scout vex get dhi.io/: --output vex.json ``` > [!NOTE] @@ -234,16 +241,16 @@ $ docker scout vex get /dhi-: --output vex.json For example: ```console -$ docker scout vex get docs/dhi-python:3.13 --output vex.json +$ docker scout vex get dhi.io/python:3.13 --output vex.json ``` This creates a `vex.json` file containing the VEX statements for the specified image. You can then use this file with tools that support VEX to filter out known non-exploitable CVEs. -For example, with Grype and Trivy, you can use the `--vex` flag to apply the VEX +For example, with Grype you can use the `--vex` flag to apply the VEX statements during the scan: ```console -$ grype /dhi-: --vex vex.json +$ grype dhi.io/python:3.13 --vex vex.json ``` diff --git a/content/manuals/dhi/how-to/use.md b/content/manuals/dhi/how-to/use.md index 93be73141b..1d65165bcb 100644 --- a/content/manuals/dhi/how-to/use.md +++ b/content/manuals/dhi/how-to/use.md @@ -6,8 +6,6 @@ keywords: use hardened image, docker pull secure image, non-root containers, mul weight: 30 --- -{{< summary-bar feature_name="Docker Hardened Images" >}} - You can use a Docker Hardened Image (DHI) just like any other image on Docker Hub. DHIs follow the same familiar usage patterns. Pull them with `docker pull`, reference them in your Dockerfile, and run containers with `docker run`. @@ -16,16 +14,14 @@ The key difference is that DHIs are security-focused and intentionally minimal to reduce the attack surface. This means some variants don't include a shell or package manager, and may run as a nonroot user by default. -> [!NOTE] +> [!IMPORTANT] > -> You don't need to change your existing workflows. Whether you're pulling -> images manually, referencing them in your Dockerfiles, or integrating them -> into CI pipelines, DHIs work just like the images you already use. - -After [mirroring](./mirror.md) a DHI to your organization's namespace, the image -becomes available for use. To find your mirrored repository, go to the original -image's page in the Hardened Images catalog and select **View in repository**, -to show a list of mirrored repositories. +> You must authenticate to the Docker Hardened Image registry (`dhi.io`) to pull images. To +> do this, you can use [`docker login`](../../../reference/cli/docker/login.md): +> +> ```console +> $ docker login dhi.io +> ``` ## Considerations when adopting DHIs @@ -40,22 +36,21 @@ Docker Hardened Images are intentionally minimal to improve security. If you're | Multi-stage builds | Always use multi-stage builds for frameworks: a `-dev` image for building or installing dependencies, and a minimal runtime image for the final stage. | | TLS certificates | DHIs include standard TLS certificates. You do not need to manually install CA certs. | -If you're migrating an existing application, see [Migrate an existing -application to use Docker Hardened Images](./migrate.md). +If you're migrating an existing application, see [Migrate an existing application to use Docker Hardened Images](../migration/_index.md). ## Use a DHI in a Dockerfile To use a DHI as the base image for your container, specify it in the `FROM` instruction in your Dockerfile: ```dockerfile -FROM /dhi-: +FROM dhi.io/: ``` Replace the image name and tag with the variant you want to use. For example, use a `-dev` tag if you need a shell or package manager during build stages: ```dockerfile -FROM /dhi-python:3.13-dev AS build +FROM dhi.io/python:3.13-dev AS build ``` To learn how to explore available variants, see [Explore images](./explore.md). @@ -65,29 +60,81 @@ To learn how to explore available variants, see [Explore images](./explore.md). > Use a multi-stage Dockerfile to separate build and runtime stages, using a > `-dev` variant in build stages and a minimal runtime image in the final stage. -## Pull a DHI from Docker Hub +## Pull a DHI -Just like any other image on Docker Hub, you can pull Docker Hardened Images -(DHIs) using tools such as the Docker CLI, the Docker Hub Registry API, or -within your CI pipelines. +Just like any other image, you can pull DHIs using tools such as +the Docker CLI or within your CI pipelines. -The following example shows how to pull a DHI using the CLI: +You can pull Docker Hardened Images from three different locations depending on your needs: + +- Directly from `dhi.io` +- From a mirror on Docker Hub +- From a mirror on a third-party registry + +To understand which approach is right for your use case, see [Mirror a Docker Hardened Image repository](./mirror.md). + +The following sections show how to pull images from each location. + +### Pull directly from dhi.io + +After authenticating to `dhi.io`, you can pull images using standard Docker commands: ```console -$ docker pull /dhi-: +$ docker login dhi.io +$ docker pull dhi.io/python:3.13 ``` -You must have access to the image in your Docker Hub namespace. For more -information, see [Mirror a Docker Hardened Image](./mirror.md). +Reference images in your Dockerfile: + +```dockerfile +FROM dhi.io/python:3.13 +COPY . /app +CMD ["python", "/app/main.py"] +``` + +### Pull from a mirror on Docker Hub + +Once you've mirrored a repository to Docker Hub, you can pull images from your organization's namespace: + +```console +$ docker login +$ docker pull /dhi-python:3.13 +``` + +Reference mirrored images in your Dockerfile: + +```dockerfile +FROM /dhi-python:3.13 +COPY . /app +CMD ["python", "/app/main.py"] +``` + +To learn how to mirror repositories, see [Mirror a DHI repository to Docker Hub](./mirror.md#mirror-a-dhi-repository-to-docker-hub). + +### Pull from a mirror on a third-party registry + +Once you've mirrored a repository to your third-party registry, you can pull images: + +```console +$ docker pull //python:3.13 +``` + +Reference third-party mirrored images in your Dockerfile: + +```dockerfile +FROM //python:3.13 +COPY . /app +CMD ["python", "/app/main.py"] +``` + +To learn more, see [Mirror to a third-party registry](./mirror.md#mirror-to-a-third-party-registry). ## Run a DHI -After pulling the image, you can run it using `docker run`. For example, -assuming the repository was mirrored to `dhi-python` in your organization -namespace, start a container and run a Python command: +After pulling the image, you can run it using `docker run`. For example: ```console -$ docker run --rm /dhi-python:3.13 python -c "print('Hello from DHI')" +$ docker run --rm dhi.io/python:3.13 python -c "print('Hello from DHI')" ``` ## Use a DHI in CI/CD pipelines @@ -103,17 +150,22 @@ security, policy checks, or audit requirements if your tooling supports it. To strengthen your software supply chain, consider adding your own attestations when building images from DHIs. This lets you document how the image was -built, verify its integrity, and enable downstream validation and [policy -enforcement](./policies.md) using tools like Docker Scout. +built, verify its integrity, and enable downstream validation and policy +enforcement using tools like Docker Scout. To learn how to attach attestations during the build process, see [Docker Build -Attestations](/manuals/build/metadata/attestations.md) . +Attestations](/manuals/build/metadata/attestations.md). ## Use a static image for compiled executables Docker Hardened Images include a `static` image repository designed specifically for running compiled executables in an extremely minimal and secure runtime. +Unlike a non-hardened `FROM scratch` image, the DHI `static` image includes all +the attestations needed to verify its integrity and provenance. Although it is +minimal, it includes the common packages needed to run containers securely, such +as `ca-certificates`. + Use a `-dev` or other builder image in an earlier stage to compile your binary, and copy the output into a `static` image. @@ -123,12 +175,12 @@ and runs it in a minimal static image: ```dockerfile #syntax=docker/dockerfile:1 -FROM /dhi-golang:1.22-dev AS build +FROM dhi.io/golang:1.22-dev AS build WORKDIR /app COPY . . RUN CGO_ENABLED=0 go build -o myapp -FROM /dhi-static:20230311 +FROM dhi.io/static:20230311 COPY --from=build /app/myapp /myapp ENTRYPOINT ["/myapp"] ``` @@ -148,13 +200,17 @@ Use `-dev` images in your inner development loop or in isolated CI stages to maximize productivity. Once you're ready to produce artifacts for production, switch to a smaller runtime variant to reduce the attack surface and image size. +Dev variants are typically configured with no `ENTRYPOINT` and a default `CMD` that +launches a shell (for example, ["/bin/bash"]). In those cases, running the +container without additional arguments starts an interactive shell by default. + The following example shows how to build a Python app using a `-dev` variant and run it using the smaller runtime variant: ```dockerfile #syntax=docker/dockerfile:1 -FROM /dhi-python:3.13-alpine3.21-dev AS builder +FROM dhi.io/python:3.13-alpine3.21-dev AS builder ENV LANG=C.UTF-8 ENV PYTHONDONTWRITEBYTECODE=1 @@ -168,7 +224,7 @@ COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt -FROM /dhi-python:3.13-alpine3.21 +FROM dhi.io/python:3.13-alpine3.21 WORKDIR /app @@ -185,3 +241,14 @@ This pattern separates the build environment from the runtime environment, helping reduce image size and improve security by removing unnecessary tooling from the final image. +## Use compliance variants {{< badge color="blue" text="DHI Enterprise" >}} + +{{< summary-bar feature_name="Docker Hardened Images" >}} + +When you have a Docker Hardened Images Enterprise subscription, you can access +compliance variants such as FIPS-enabled and STIG-ready images. These +variants help meet regulatory and compliance requirements for secure +deployments. + +To use a compliance variant, you must first [mirror](./mirror.md) the +repository, and then pull the compliance image from your mirrored repository. \ No newline at end of file diff --git a/content/manuals/dhi/how-to/verify.md b/content/manuals/dhi/how-to/verify.md index f581867379..f7291f87cb 100644 --- a/content/manuals/dhi/how-to/verify.md +++ b/content/manuals/dhi/how-to/verify.md @@ -1,27 +1,35 @@ --- -title: Verify a Docker Hardened Image -linktitle: Verify an image -description: Use Docker Scout or cosign to verify signed attestations like SBOMs, provenance, and vulnerability data for Docker Hardened Images. +title: Verify a Docker Hardened Image or chart +linktitle: Verify an image or chart +description: Use Docker Scout or cosign to verify signed attestations like SBOMs, provenance, and vulnerability data for Docker Hardened Images and charts. weight: 40 -keywords: verify container image, docker scout attest, cosign verify, sbom validation, signed container attestations +keywords: verify container image, docker scout attest, cosign verify, sbom validation, signed container attestations, helm chart verification --- -{{< summary-bar feature_name="Docker Hardened Images" >}} - -Docker Hardened Images (DHI) include signed attestations that verify the image’s -build process, contents, and security posture. These attestations are available -for each image variant and can be verified using +Docker Hardened Images (DHI) and charts include signed attestations that verify +the build process, contents, and security posture. These attestations are +available for each image variant and chart and can be verified using [cosign](https://docs.sigstore.dev/) or the Docker Scout CLI. -Docker's public key for DHI images is published at: +Docker's public key for DHI images and charts is published at: - https://registry.scout.docker.com/keyring/dhi/latest.pub - https://github.com/docker-hardened-images/keyring -## Verify attestations with Docker Scout +> [!IMPORTANT] +> +> You must authenticate to the Docker Hardened Image registry (`dhi.io`) to pull images. To +> do this, you can use [`docker login`](../../../reference/cli/docker/login.md): +> +> ```console +> $ docker login dhi.io +> ``` + + +## Verify image attestations with Docker Scout You can use the [Docker Scout](/scout/) CLI to list and retrieve attestations for Docker -Hardened Images, including images mirrored into your organization's namespace. +Hardened Images. > [!NOTE] > @@ -32,11 +40,11 @@ Hardened Images, including images mirrored into your organization's namespace. ### Why use Docker Scout instead of cosign directly? While you can use cosign to verify attestations manually, the Docker Scout CLI -offers several key advantages when working with Docker Hardened Images: +offers several key advantages when working with Docker Hardened Images and charts: - Purpose-built experience: Docker Scout understands the structure of DHI - attestations and image naming conventions, so you don't have to construct full - image digests or URIs manually. + attestations and naming conventions, so you don't have to construct full + digests or URIs manually. - Automatic platform resolution: With Scout, you can specify the platform (e.g., `--platform linux/amd64`), and it automatically verifies the correct image @@ -60,15 +68,15 @@ you full visibility and the option to fall back to cosign when needed. ### List available attestations -To list attestations for a mirrored DHI: +To list attestations for a mirrored DHI image: > [!NOTE] > > If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use -> `registry://docs/dhi-python:3.13` instead of `docs/dhi-python:3.13`. +> `registry://dhi.io/python:3.13` instead of `dhi.io/python:3.13`. ```console -$ docker scout attest list /dhi-: +$ docker scout attest list dhi.io/: ``` This command shows all available attestations, including SBOMs, provenance, vulnerability reports, and more. @@ -80,20 +88,20 @@ To retrieve a specific attestation, use the `--predicate-type` flag with the ful ```console $ docker scout attest get \ --predicate-type https://cyclonedx.org/bom/v1.6 \ - /dhi-: + dhi.io/: ``` > [!NOTE] > > If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use -> `registry://docs/dhi-python:3.13` instead of `docs/dhi-python:3.13`. +> `registry://dhi.io/python:3.13` instead of `dhi.io/python:3.13`. For example: ```console $ docker scout attest get \ --predicate-type https://cyclonedx.org/bom/v1.6 \ - docs/dhi-python:3.13 + dhi.io/python:3.13 ``` To retrieve only the predicate body: @@ -102,7 +110,7 @@ To retrieve only the predicate body: $ docker scout attest get \ --predicate-type https://cyclonedx.org/bom/v1.6 \ --predicate \ - /dhi-: + dhi.io/: ``` For example: @@ -111,7 +119,7 @@ For example: $ docker scout attest get \ --predicate-type https://cyclonedx.org/bom/v1.6 \ --predicate \ - docs/dhi-python:3.13 + dhi.io/python:3.13 ``` ### Validate the attestation with Docker Scout @@ -119,21 +127,21 @@ $ docker scout attest get \ To validate the attestation using Docker Scout, you can use the `--verify` flag: ```console -$ docker scout attest get : \ +$ docker scout attest get dhi.io/: \ --predicate-type https://scout.docker.com/sbom/v0.1 --verify ``` > [!NOTE] > -> If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use -> `registry://docs/dhi-node:20.19-debian12-fips-20250701182639` instead of -> `docs/dhi-node:20.19-debian12-fips-20250701182639`. +> If the image exists locally on your device, you must prefix the image name +> with `registry://`. For example, use `registry://dhi.io/node:20.19-debian12` +> instead of `dhi.io/node:20.19-debian12`. -For example, to verify the SBOM attestation for the `dhi/node:20.19-debian12-fips-20250701182639` image: +For example, to verify the SBOM attestation for the `dhi.io/node:20.19-debian12` image: ```console -$ docker scout attest get docs/dhi-node:20.19-debian12-fips-20250701182639 \ +$ docker scout attest get dhi.io/node:20.19-debian12 \ --predicate-type https://scout.docker.com/sbom/v0.1 --verify ``` @@ -161,7 +169,7 @@ To skip the transparency log check and validate against Docker's key, use the ```console $ docker scout attest get \ --predicate-type https://cyclonedx.org/bom/v1.6 \ - /dhi-: \ + dhi.io/: \ --verify --skip-tlog ``` @@ -171,7 +179,7 @@ $ docker scout attest get \ > later. > > If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use -> `registry://docs/dhi-python:3.13` instead of `docs/dhi-python:3.13`. +> `registry://dhi.io/python:3.13` instead of `dhi.io/python:3.13`. This is equivalent to using `cosign` with the `--insecure-ignore-tlog=true` @@ -187,13 +195,13 @@ When using the `--verify` flag, it also prints the corresponding $ docker scout attest get \ --predicate-type https://cyclonedx.org/bom/v1.6 \ --verify \ - /dhi-: + dhi.io/: ``` > [!NOTE] > > If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use -> `registry://docs/dhi-python:3.13` instead of `docs/dhi-python:3.13`. +> `registry://dhi.io/python:3.13` instead of `dhi.io/python:3.13`. For example: @@ -201,7 +209,7 @@ For example: $ docker scout attest get \ --predicate-type https://cyclonedx.org/bom/v1.6 \ --verify \ - docs/dhi-python:3.13 + dhi.io/python:3.13 ``` If verification succeeds, Docker Scout prints the full `cosign verify` command. @@ -211,31 +219,98 @@ Example output: ```console v SBOM obtained from attestation, 101 packages found v Provenance obtained from attestation - v cosign verify registry.scout.docker.com/docker/dhi-python@sha256:b5418da893ada6272add2268573a3d5f595b5c486fb7ec58370a93217a9785ae \ - --key https://registry.scout.docker.com/keyring/dhi/latest.pub --experimental-oci11 - ... + v cosign verify ... ``` > [!IMPORTANT] > -> When using cosign, you must first authenticate to both the Docker Hub registry +> When using cosign, you must first authenticate to both the DHI registry > and the Docker Scout registry. > > For example: > > ```console -> $ docker login +> $ docker login dhi.io > $ docker login registry.scout.docker.com -> $ cosign verify \ -> registry.scout.docker.com/docker/dhi-python@sha256:b5418da893ada6272add2268573a3d5f595b5c486fb7ec58370a93217a9785ae \ -> --key https://registry.scout.docker.com/keyring/dhi/latest.pub --experimental-oci11 +> $ cosign verify ... > ``` +## Verify Helm chart attestations with Docker Scout + +Docker Hardened Image Helm charts include the same comprehensive attestations +as container images. The verification process for charts is identical to that +for images, using the same Docker Scout CLI commands. + +### List available chart attestations + +To list attestations for a DHI Helm chart: + +```console +$ docker scout attest list oci://dhi.io/: +``` + +For example, to list attestations for the Redis HA chart: + +```console +$ docker scout attest list oci://dhi.io/redis-ha-chart:0.1.0 +``` + +This command shows all available chart attestations, including SBOMs, provenance, vulnerability reports, and more. + +### Retrieve a specific chart attestation + +To retrieve a specific attestation from a Helm chart, use the `--predicate-type` flag with the full predicate type URI: + +```console +$ docker scout attest get \ + --predicate-type https://cyclonedx.org/bom/v1.6 \ + oci://dhi.io/: +``` + +For example: + +```console +$ docker scout attest get \ + --predicate-type https://cyclonedx.org/bom/v1.6 \ + oci://dhi.io/redis-ha-chart:0.1.0 +``` + +To retrieve only the predicate body: + +```console +$ docker scout attest get \ + --predicate-type https://cyclonedx.org/bom/v1.6 \ + --predicate \ + oci://dhi.io/: +``` + +### Validate chart attestations with Docker Scout + +To validate a chart attestation using Docker Scout, use the `--verify` flag: + +```console +$ docker scout attest get oci://dhi.io/: \ + --predicate-type https://scout.docker.com/sbom/v0.1 --verify +``` + +For example, to verify the SBOM attestation for the Redis HA chart: + +```console +$ docker scout attest get oci://dhi.io/redis-ha-chart:0.1.0 \ + --predicate-type https://scout.docker.com/sbom/v0.1 --verify +``` + +The same `--skip-tlog` flag described in [Handle missing transparency log +entries](#handle-missing-transparency-log-entries) can also be used with chart +attestations when needed. + ## Available DHI attestations See [available -attestations](../core-concepts/attestations.md#available-attestations) for list -of attestations available for each DHI. +attestations](../core-concepts/attestations.md#image-attestations) for a list +of attestations available for each DHI image and [Helm chart +attestations](../core-concepts/attestations.md#helm-chart-attestations) for a +list of attestations available for each DHI chart. ## Explore attestations on Docker Hub @@ -248,4 +323,4 @@ lists each available attestation with its: - Digest reference for use with `cosign` These attestations are generated and signed automatically as part of the Docker -Hardened Image build process. \ No newline at end of file +Hardened Image or chart build process. \ No newline at end of file diff --git a/content/manuals/dhi/images/dhi-catalog.png b/content/manuals/dhi/images/dhi-catalog.png index d7d92f10190b6056b2cc0b68d89176ac26154f1c..b246ae23653bad344f00bdd31823de1c6715082c 100644 GIT binary patch literal 50797 zcmeFY1z1#l-!(e4bV*2;lt@VDfJiCbN(rcxlynZ#f;0$%fRuDeH-fZuH%JLX4iW&^)U_22Zh z3V!^i3R+zFylQ5=&sXbn__M^L*b>VsGvV?Hk_z3?M)l-q%Oy`!qWD{sA}!#7Ag6`H z_qQ;UP<|r3C8V0%A$Fz0SY^T?gCF=@&bzFzBjiw@!aiO;SXHaKO}r*Mo|q>k;F^nk zJ)RzVk$*-S(~`+b%23zSrB(0TC{x~@-nly=?8XJlEpIsLr-gbOt!0&vme|{ot*&He zx-@IXfOUq&O!B+a3oKJhwO7@2Qq{~&@~&UDXvY)k4A-w~j)!#aYF9>Gzg?ypbS&&) zc%UO5SpKwW&@83}oA*}Ov)sY^HE0ot*X;BK|9CTC9S9RFx8T0H2?H#5CN>n7vGqus zo~l6$d3a0h!KF6h4e(uHVz|~38x!R3*N(q?0NlWzXHxr>E81~pvgFmbwmTfYg~HS! zPOrj_4mZ!%BjqjyTx*)^%wL0b>eH;Xy6`#o-8BFHT$KZQoUmNZCmVOj;96wGhY4X9 z`C$|AhjN$Na!~Ia;L9^z=(K~5y=e5js~jodAQ-Cb_KPd|E^Db?KVDt7QT<92r>;zI z%WXT!Hyp-Mg|xe4zlR*GLq>Iu8Ur3Dm*$R5U|~`6$7U5%2uUu!lPpq#fHK#Lus)xg z_f$Lg66c2H!f)-rg0M-v4ZpDR-JS57S)6r@0rwC3C7z2fn;NdF9Xi!4j9xB8BHzbs zoLj^uTw#JFr#Bp>9iO-&-{)UiyHs_jq=1iJ%oU$hw$xm|kHT}}*4AFzoxZ+d*OZHB zqRkyO5Chv^jQg%&?w;6h)e6J0t=9kjSB-9FUT9y$q<6R6E+yMDqAyID_7k*B)#96daN!rbV5zl6EzUT07h#Y@O*HI+2mImCALct z(;_oFb(Ddx@=a~kUY+pLdCrPZ#urmD*RG_|aC2xcLm;j@J<^6cMzXSaTos{EufJiR zR5GZxr-0b3wIfVU7b;;0IZEY5;Fn`T#7gcu$EBCg=AlBe#LlS`-a>1%gN!TSsnft+7K7R2)UWD3*Z6%IFVe=CoX*^@RIcv+vB{uZ~pC~{x_?a zQ{Wf_SVz|vG(R}XC>Q_NMXdwLJR8xEC;V%#RH0Drvfz%V$WMliQU7=nQ*Yy3qS*Ah zWISIf!bspqm~{AwwD2yfSP`6K>)yoqsJ?K>`o=vWS8DSZaKw?Xz(ld*t-^T$q2OeC z9T#<|TOy&(Je~D+cBhp*a+5QeT(A3ZedI!KE33BDF^ZWCB1rsea5k(6~7qM)=s zgo;{w@`D+0OBk2j<`i(s??UlWLX&d7+WBDH z9Zfft)D>s8y4%D$Xa5-%To2n+>KRE4J#w?5X-NHNXa6&Dygp2QcKvPkA8q8eN`~v0 zjxhhcm5)xyL!!>bit{oXVPn_xK#QCLtA9AOHJ07U&1-c7ID!N~Fd=OG0q;e&Y$Fh5(!C7s_p!V8T5__>#+fb?_XLg0e##Iw<-kQ#7q*j%`f=PBNp8uOz{wo0dn~w+!?w?CW-f5nx4fh6lyk>N* zfMl5q(m$7`ER3__nklU_*8pg*ChhCZ(ynm=x4*U`PK3|v?sRM1)u=jrwft@`cZEQre%-GMhA}&>EPguc>{SyBk?8S`Y)5E|pQh3ekQN}4d*jM#4 z%Dvsn5ZLSH#UVvsXKr-(Eh5(mW|;5~3~!$?N4L-m{F%-YLR(8S0M-IL_j6ZNy>7tx zrNvyF*47?|_!8#4e{kt+I2*d1VO#9F1s>@TgS0#Q_ z!}C>s*po=k`&;w#`zW%%z{AD>am{E1b%+=Ii1&N|SO0e)`7h;xPDVKo5nRhw33w2@3xGBi z+D^CN8tKH}26z9}VZc^KQs1hYx!a|{_1vf->2Dq$r*BXg8Rwlh;%yo5G$PJ(^iKx8hHpXO zNf!j3tBj`EF>>4%AO70sUnO#-k5AHoVe=?#a3a&o{p0aLd4)?oK6TejOQ4lkiR9C+ z?-!h=#+DZrVO4Hh634Ui^rVhKKoRhZ(`}iwI^~!1kH>#Bf2W~+CI2U?zP`FMD)zm^ z)#Y@F?9PjZKT2?J!nhu}ZM%O!$AL*5sV%YPvvpnM8v1t?={Q{AI0#A76Yxg>3zHSw zaO?P3ZmY_jpCT6-22|S;64ym$QUw70#5or^+{P`o>M^Pgb%dM~iZd>5EAS|$w$_y7 z^D}gB=Ka@Bc}#07+-~e{+fH=6cwUZc=sx6KAA*%>;0~$}!V2B^Q58ceq5Wgw%!b+e zSM@;#kW*(^^SylLFbn4g2g<1fZ`+a=Ih-UIr$#~jAwmc$y)ArzAoFYT)Q0u$iD$a& zD%@0q`cYd-y&+~#o+s|85I5_0d8RB^wxIxlhJJq>lazUUXD6%0<-x&X+x)t@Une?Y zJFM2uKCyg+B{l>g&mE}=m-?T%!BEOp>>Gbh5q>>#}Qf3)M)_ZX_bT=&kL(I<5bf~;{(oK*~BOXpeW0PE-M`&i&udgiM8m*d#V!+iQ0rU~TbBYQeAHJb4q_e*2 z8WP`tb+!~zMr)rEvbjwDFpRn0Vt?(k{KN)iYuXKUv#rGa;naO1?;WU9W+# z$LXx~<(E~I{JC<5aDn%fhdA0Y3&T0O+qXUrEE0Kb0>oyiOX8=9s|%hYKEE=H5ikAW zXa7Rp^spZ#+Lt02!Ot9Xew7(7K1f?`V22UZCRzl^VK@nXi z89g?uAtd!8kX#9sXqFo3G$(IhnkU2O&@&T{ zTIR@sx2-o_E}}F<#2T2Zt=x*xcwYcp20TKnVBz+4nPZ2~FtPNLREtz^ZEQ^i=Ov7! z9K3VVnU3rOTewOP_**&1idzPLCIY7(>o^)VbM%c3xfoj)C@FDCOrIG$!UUJMm>Mpb z(1#-g!Sf3EUy1`@(r%kSL&g44^8F z5?bd5+wNfk1wwryJJ^RCS!!&mrF1WTTs<3F&$>un6YX(37P{jGnau!T1HjIV)0ecc zC{d7f__&<4_x8(FJ6ra8xgUESC~n6DG2o#_!_{1cH@R%RUflJ?lDpgHC4=8>KddXaL2GKq;vuJqhbbU34=vV4*n2S03F2MDz>CI|h>D(K?wsh$iW9~4G>szqj6 zWqRx;*t$mE=po1ZZjQ$P(WOOKJkNN+P+(|<4rSdwp1iLX+TnBZZ>l&$a86GZ5pq17 z`|yQ_ct-A+%q=b-yQ+2$diS9C* z@B_|4-%-qd3l+o1xLb#rt7+7Byes!W7Gvg-L+a0 zt8@vCH+y-g=%B$z&NE2`7au%)5Ri7gXKxBdmkz!+26j^-;#?zftQ&`#?*!&NJ34U%4QKXFJ6oVoeKm}y*CjCCaP#ZIKd z!M8~EG!~Qe?|TEwS79oYqMy;^UGqAEuRbW0e@4%17p9*sQ$s!8$!kr%Lh)$`5%Y;8 zT?rVw{H#O(4b1Tu`xZVvWSN~Dv=);4-fRT)1*`YMf0xju#^e)t1B!92BMnz8_I9+ zAAtOtFoc%VcrlhZ)+8!sF!KaUs&m6B{Q|{`AmDnt?egl%JE%vD&JwmS$ zb4HqF2W&RpX(XUjCSN*JTR!W9lgj^eeF=@{GXBGFaEn`y1z4L0Z)V+d`SQ3B>S^~Do|l0IA0UQ3X&5i0jkD(iU~@|T;BL7eZy7W6y)2S0+C-DnBgN0z-5}U+=2zR22JG=lB!D{N=`cMR z;mFvcGF}~2o7xS9R%lb)rG-zl!xLcBbxS_cxH$wZ{5Y>iJ4CppK&E^e-K(57>Z0J= zWY)H0TZy;DW~>m(kMRZcv4^MfeYpf714_IpXdk2?aZ0{nZYPE9s}z0xTcO{ZU;BxI zn#LRv-sX8em)hep#U@v9C>5~i6DVdJXMxp<6>f=>9kDmKT=10s5u_{h|`*& z=h8|qhL-2TaMCgWPXb97v^VMvd_2EnF(f-oZ@ub+m(JGH?l)q8rgOhaN{E0uVVzMk zjv@>*?^-4K$BMP!Y*;@VS^WN0vR-pAEaNxVhU@DfbW;z6EY(Jslq;XSiAcYD6xJC5x*)~q;`^guM4jF zig_lJRwwCTTJ+oLHVr_tR`fhTQ}rG83)*%4Ko}Fl?v?VYoCr(|>(9xZ<<;E0nQJ8rXmf#9 zV=5IK@sI5X%fv*%%5`lz!=S$cbQgcuvmyq_@`Y6%uXwXfr+g}kq2FPxIa6rrQIY)Y zV6jJ}OwUAbKGZcDqF>2O0o}z@I9L>;qN{iZDZ&J%jPKZltQ%~+@*yBOB=YOaJLHf% z6uaThgZ!?Zfd;aUYZ;Bj$EnZ(s?K0%+*bn{ZcTFq;y^_PD24<^g&|+(?Frhy4v+{z ze98CH?wS7Vr;X0;$8L3D?*CzfdPZ=gJ?W93Pe*S>fy;S|!BT5a=+kev==^tCKiZpl zy{&uDb^_*bI!byub!tFcZ!%2q=sOxn3nWiS*fsIf)dBuM?5r*nDUWUG!+h`yp5Cu< z_1i3><)OIMg(9v?o8Si`z0a_G-Xyfq^wTS>G2zl@V>OHVRt+X9U&g7xLeg7o6vcka zC~9uPFW^f`e+N((03Y;tJYzqQbOpqI=CgiSzK z{QXIMc{7$RTQ($X83iR)9?{-ol7Z!|i_f>2=w-RO6~bMdjvOl_*y@1((G{zzTt&N; z^@Ra){*n$hMOWzy9aGZ@c6Q50)b?1RgA&5zTaHDIssn0_-IYy zy|fTXu!~Dn~vz_@>CUY1`I} z5V}ZIcELu>J$P6el&4n837*-{fA#frqv`B$`sn3F&+9{wx>ooHdJL~&$^4p;lU<5& z5nWtEPh0e`J%Wz$dei4PTVl!O>m>w=_*et!Gfgu>{D{ z4N)$DbZ@oY=WPj48DCEbXMc#Z&5&=#mbVemxHXmDN%#+0>Cb-7F_Jp-&lkU%JG-0s z>Hy^dN0IG`7SR0xg2L~X?<1f=s{(cGbNjoxtWckE(Kh{-mKtOaS&uoNBxN@vzRR(y z7Us<9kkZSv#$6nyD~Kq%D_<(4Yj`spW&kDQf@ zE4AMXf#wY>nu5|y_*_^__fP{fuw3kYXC@+9oP15z+zqOveBf!g4IrK&45V2G7WM&=A(}CqHz=18J3h# z?@_RuZ$qs_z17RS%Mu$vGr7TYKE9EAM!n*>YU-jM0mZ6v3`j>>HMZFm_wuas&NjV% z#<{G}0o^Mj`KkC(U*>7gppw8Tb^P{THXR_#V(MI=C~AChUn67;aj=2X%5&biGtCyL1y;;^)1+uBTP6i9I$Y{U$79u^ZTs~jiB7%s(dKE zuNkDhwzWly{M^R3zNyO5M{2959N-+ z8S)B|Y7Lrl{II0g`0b%KJ1^GZP*nj##x9U$L?WS$##RH({$O9%H5W5kcfKS<-e%!}&4CoEQ zmbgarcga_C&k9$pxkf$#Qu3cCerDfFxd7OfLTcW>pm~^2Zqs}=xebuvj=FB68><%h z7BM9=Kkdxj5(jsO4m=oT)BCac$xD_*5_&wl)|PzMF!D+Igd`uhGRCtHa%V_E(pu(( z#LE0I!%_C5*PF_6c90aiFpXAiUO1=M5J^cr4LA-DkMe2 zg+g}QuJk~kT?AMw3E+r``Q2-84bU6`Z;iSk6|jYEF2f4=bgJ@w>5#_F7O=~H2}pl0 ztN#hJt_7*Tqutgcq<5ikqv^I2%$|)OX22^IPO6ib^@|@qz%>80 z^d7pnHmi`W#R5R1g52g+DV?3_hgk&#)`(r8W}TIdNF5XD&-3^Gp#2}|*fFI@=NwR- zfQKxgk3fqP|bT7I4ILPSni-F7HoJYAThk7Yb3H27*kjm1vA@`@ev{jPtRF7Dx^p0-NzSBK6>(K|S z9K~ zc`zC9Z=(l*iLg7C7;3KJ0(w3X=(Pl+w8c;Kbv4Oh1JB_oA6 z5%bYgcPW8FbVyQS$hN!@$p&(sOn(?Be@}6ck*Z4+W|ge8eLC;6uuMEX`_DX>-(&IT zs98T^>J9m8pz%Lixy5q$vj7@EmO;`*rbrbfdDGCK)>i&A~a z%TVe|JY{FQ}Ow(R%+{(Dt(!(mzn3cgHN?;53U(yvW&4JwuB{kP*A zl1Ay_c=n})v~Dx){gZ?ayJP(ciFatvB;#L@zySx5`Ey8h)lB}CA_epUfAk2xiO2)f zPVUGYj&_o*mNk#&v@jk6nTx6*I~cz!wa${gwgn_B))DcpS6&tACWdZwQ)yp(&{jdl zFgiCX3;tw|OiTWCHqGC323U-L>R9F1;-|rnGs|)Y@VE)Bo_UOr;2*qq?L}%VuI375 zv?%>_#{Ct+`1=z6Ge`9I#L*wKj0}1FcQP9Svre%=fZ2xhK<2M|bLq+JkU;WT${WkO zACdCM#KldQTRe@}bR@H<$nZQ(qz5)|I zMIB-$dhlpFe86+{&<2#7>t5yW{s|zD{qv9lftZ1EAZGMOsHI_*)%%1hhkd z>y!kzPJgIFGUG@MD2|;_$3>+tU^Q!(@$K*2jG2tolcE%xP@jVjt1pnu|E~-8zvzYk zuW-0^V^GOelfs?SF3r)1jx{b^ADmtSbTEIA`pG+)SN?jtIM?LP?2{hR#YpI|Jb zW7*Q>*r7-57DLFu!~50l*xtElJqz!Kxy!u>xpP4`u3jKlI1!ih{it?kS@q9t`Nz|t zoQn2fb|V9A7Oj1V)O}uLoTBc(4!ZyCY~B9`&URhrP5vJciu*t51gK=@8mRvYVEju~ z^Z))T{r?jie@kqPiK@EA8jxt@{2A!|C#3vcNC5)=d_E5`5KGA@2NMBF;6Jmd|B4rX zpR+1rkwv9rWIp6N1otb7hs?$O84Upr$pVGM*lYgbIaWC>mj;T_C?w>Qq{~3h- zjw=6et3DSWo}oSaZ$yWY(PBLJx)xHTSR(*-gG%n~?ff^8ST(oC*>~Zz5YdT0x3@Uv zXb&SD`Su^Bl;z<0r_A6O$RlI=uqfEd1`9O<5O8Cs|8b5Vv8u3fKRO-7)It(agN$1z z6=>Z;02RV^`)nwf^$$S-$j$)~wGRA1CU`N~=Ka8PQEQGhv;3$!t_~D6BlW zk$aK_gyd?l`qilQqTA0@6EB0O0)VQOyuN2}%2xYzi$*FU;$i2J0VlO6pjcTlr!m{8 zA2?|WlEJAfZ>5hG{7>eJTc6eFK_T>}l%EoaNl26%D1%KYgAe#%sn3xAK>iV^RebU5 zUzDg6J$UWB$Um}6Oz(fcf5VW4|M$_?;eTAk=n(Vm`owl#bne(&zdx&0?%uD<+ll@^ z{-LMEibC%}aXk+jd?I_E-N&7}_iKo3DdXmi?+y>FvobJ%UcW}UtI2}q$D)*1Tr6v3 zL`!Ryq^qW=$h%{P9PrMr(+kyC($XM*e^i4a>EKtwqU`KMC@4}_&bL1GD8`~I#j5ME zU70DQh;b`PT_JS8EeHLuz4ztWRzy(9=11jSbW&wjQqLAm#Sm|4Msj23^BjnB*Aqhg z2G%-7;i}8QHGkRjG*ty|T64Prw!AJ>8CZb_!#^YeaImh^*(J>wCgb^kDrLgZI>43 z;i2eyW$I0kkg(x+*+_eAja6V{ZCdKuYP=(zP)xNkFsq^Q7^6^!`@>)=n6P1>rcth--#X>ns_?o|5j#?!=$IXj^&X-j=(#e1M#2E9OOJ*)C9rOa-QjUuVn z3(y$kIO)77JuK(VVY{CIr4Y0vf2D>Z@-CpK9$Ih&&8Q16!2*dqjNz9PF7@Ih_f0Kc zdnyvL5N)%KI=f8s?P0-{p|S=VpNA16{K<@ZtsS|1-sH%$` zq3H?ixee#u%PYBh`*~vy^Bp?ihj66NgeJbAfY$j*KnA?d9{h;s=(PZM$g$U?lyb<; ztF}Q^#2oj)i;C%-0?rie#~!L;PM?&;d>ggTj(#|9PG+?T){{|Ov8GCRJQQ=={h+O- z#XLSSF=CHcUl~H>K#BH4xB9{;#$K^$rwC%1Yf^&V@eo(qMa%An#^zKm4?mGuT0@&@ zWaeSBL_C2uNQ*Hkjl{^IZJje^<@~S=H#MG7NKUDIrJOxtACuW2_b5hYt6tg4E8^Zx zmO#7bBj?JSw2$e#Bz4jgwHq}bYIJc8YdQV?Oc{ zD_45xbY{499_ZECspOb>x!jjS;u8LSO*8fwP8c2A#ilfD?LCjW>E|h#O=1Oin4D}s z6|`RxBzJUpEzsJrk#%J}C1r%5D_3-EAI)C1883Cqjz89T&!TjD8w*2&2Ea~@tK6GPMjP>mZh=p_?S?fg&hy*s9QpUhqYk5`b!T)fn0x}r z%Cb!nJ)H436F(MhfyfQ9T9bp`_l=3iaK0?RL^PeZpFH$~T0rl%)C5z}wa z!gP5f?8}5lQZ*Tfgmd@xh9q2Kx8G z+nS(+LSB1E4nNCp-%8tJ8WW}}8y>=E^vk#EUfyJ)>QTGf1q&fbXd>l1>|fKr)V`P5 z1aHKMFG&i1yeJF5V2LM7{Fq&Um$Dm)UPfIZKk!AygZ1+Zi!V59URecrw>xgUO=kN(2x1{3BLS;`UQvva)J%Gj4s z-jLRp1YP6ii5b!-dcsh>sPAVbuqRHFU)+CceOWy8eeyPC#>D?kN<81^jiZX1UPwLS zIp0~zUaN`4Nx<|R;niu-c6+7Lm^nETFimpEyZdF0QUf^+@CQ;)7Kd>StT-M9mXgXq5enk+ z8I2y+YZ(guFb@0nW3wW9bil{ri8?TTPUxwYbwe$st2 zn;lV+rWpJV5zWGa0($8ObD`Y#eseL^I`{U>Bj$~wW{E+==7 zWt^%nvDH^WU5+PjwrN4pfo$ojBd|A(J_Ij1(4^^L&1gf6_$e&dvD*F^vRjEZCe$0G zgsK8R4_!aqOwsLY8M`eZTzYvZ%MxqS7aP8v`LgJOPI{Adb=&XoME=>m5qrH!KD<$K zs{^Jw)mVqmBav|l;}0vS%?wm%S)9CDN9b-~W6WKsE%vLo=gqxsSrDVBW`oGrHBqtY z;=Mk4fY^_mM(~#Zl-cGe4MxmqG>(~am!#J}zN|Sr#hFWJBr}H%wAq!)dn{0T!!{bq z?$^-e3YmT1Gm+jdNI%$Rho^7TR-Buft>Il58smGxEo$NIvkq5STP>F<E;i} ze(PGjPm<7^Ck%yZWk699(1XRpS~Xi}S}}{*9}7q464Ac;_QGe@Sva*Y%_Q|LF?KzF zPtywyw-t2s7=zO1&tZd47GEo>;}SF8X4fFd4)#qC>d|7gv7N!`*m=tM5YI+J{YmDW z27%mV%F($>+CBVfaIY4@&3B*#-RFxainW?8ukFigo9OOMlvePH=DQ)L4Ykz1%~*WU zdXaFoqeS^Gk8H&(*&%|EF7V>S&+_X7C>F{7sto+xBIk+W3{K49Pj`frp-_H1MrhZ&&8`H5f{9XO*6&kEi#|evkX9>?MSh0Dc#_TYAUfYhvw-}LE_Pa zm-1X(z|!tC_ojDo;9v0Q_ivFD#V#iY$;411R#!re;9^3$sB+N6<-ReteSLa3sPye_U)3))GXDE*hS<y`_kgBvnpu$<+uRcQd-u*V=~H2?mdj+W7}Xw4B}mh zPl>i`4mXa7o_?P?CW!q(nr}c#?2e#_L`%JU-=z@vnXh(P?jzF;xbDA9pvW3;ka|H zsYrp}K+F;3-KbOJ4J_g}?1&|@gIe++c1aXCBvR(Z{Kpu7xhON0+dCKq>R}WioC*Tp z7;DcCP(OYIU2wg{#a%I4wN~WDS+y1SZ5=kx$;*=n3F|#X{?*qYhimY_9cx?CfzpeR zCez@{a$eB9@w_J;zFvHU=$-)zi`k~zZ28ico7r>k{o`ZMh~+lwGato!yE!d#(>NRO zb}^`mQWKqwq2xBqz0w-U5sJ5S{DBV&ZI1(wG{qkq-y^yeK?!QLqj5g43%txFnjS3n zCzJkO*ii1H@yUByfT!J(-`%dyUQVy!M~e|LytH&f@d)|a>%F>z2JDdz&<~<~ z@BYIwgx898u<4ADFHbC#1v|kNt9L*zYumfZaOj~6Xq8pTPtDgczMRrd4P2Xq z#_DZv!Iy%ty1vQkt1#Gro@tM-_+{0J@R;By_8T}Ds*h9YHqb$}T;$kgZTk-jSLE35 z(_}VqLa1D)Tms~|+=@Hi81bM)UC}`hpPIophuvR#32wU@%}UXhpLHmwC}{37iPI2_ z)r*8Q+IA6E;+oRVtf}fdB1???MsnbyBz2Wc|0RW zcNwUa^P5M`Wx4$X?c;8t3%CSTR%c)CE8MHJNcg$)+CsjeGPMxSG{%t;K9lFokzh1w z#&xyisDQIcrk82K89mdlmgyvMIAlRf4C|7KS`eXgeWA}2N@1L2sw*N{Q(^dw4q6fe9H)m4uKD@SzRqW0jGsvV1T0iHQEzW$fKhS z;|qi-X>?bMoP6J~`QJ|WPX}HxhQ7^Ig|4(+bHy!YyNMm{%PEU~RN^cO_$(o44r3s} z@n~yW;7@%ym13mz&9su%LlgS0Ii7Gnw?~Z491;Nq$xpULclb@zGzFSEF74bxY%M9y@s9^XzL~scO1X$S>damL9`X~5 zw;qis<&443_)5Zfj_0cIO#=ef;9 zbxW;}hoqu8JuHv6qvrhCYJH0!RQ7xHt5WZI91}`*lkg<qO3}&pM)K zw?aZ1KU3_<^T=L>5+%)^v}Pp?exIF`?{zcgP6;G@6=E){S$py9EnfrQCYXLKT}d~z z5o+WuvPC*~v@frpAPKH@MJtJlPPaQaS2?J)xVfm%JQVG0FNsgzsIL}?9=BX8*GJy# zm;{Hray5B@xXOCeT0_;^Ve`-!Owd&1eB}rkk+6?=WKn;spCV{NGyVx_bh#_VyV2Ym z=(ib|Ylvn|RNDP4!(lfG?l6@;Y9FzEK6R-sd-bf8Sqja7peJ3nQtp!G;T>karQMt< zK>Ztx#U(u-~m>SXXzNrNj4KV2^I&=-h+<{G*XFr~ z@ov_QUj2nUldUcG#G)`LMh0eRQ*)Ec-Rsk+`Ejyy#EOO4dB#zas00CdO5?z*=Ok(0 z#*3lRZ`Z&jUEh|6{o2Du%yY`{yhu{2IXd!fDO_o_j-k=PMIZ3+%A}judsTh}Ll#i| zNqC(M-Zx5-l+oRh%kTHEUFI*p9CH2kcCx?8j;?y+j)_wUSx!!?-}!|3ru#e%0O>TW z4NWt-R~vZP*g{`BEC!bCO=uMC90i}^fVQ?6Qfu1AGU6mM>TzPVapN9Kd2#8a`RDs6 zJh!{ca$a}l)Z^lklt}p+3)3jfOBX?LRZ>U8ss(abz=@NUO61bfGxZ*1XcXZ@F%r{P zH=6e|dvAJkAU+|>TpN7{Q{wHW#^U4Bf&!e4!P%!cH?pcX$jWZ5t1~i-* zh2^=Hm}qzLmbkC4375lh=NVrG$tr{$eCxCSJ``gn#`2&kj!VR9SxbBIT~qkC%G(6Z z_i*y>INKBMlre3$87<&}IqfXzl;bvtUlxg0rJFE6N`Q9~FVNPC^@OU0=+a>LVo#|bS5-&0-dD??h_-zRd=*Xqg!#{X=F$rjU zV0G{w(d>h`^kb&?6^@M_+-wFDPN!^`=Xtu;dBwXPi^6t~l5!!4w&6V0`MLq^rKJH(YR~pWDHYPW-B1S0_C9$8_g|g2=DX!c~i%|*&GE?$VAqWK7jioFyW&Tk0}Sa*Rs5bYy1W3WeMriS~;HYrPOnN8`gT%0)5m#9SCU6fMCo5 z*6m@9!+wnd6Hjt{eJ#W<0QY_iR8r4^H|ZkC+-l4S&c7c89YQ<-ffp?WfW-@LFJ9U;ePGN!Yu#tQqG%LFLxZ;=={X= zgy&h5d~bdzMkOA9o-_kSB_xEt;SE1{|BcD8={7HDX^z;ts{QTo;6iwV{ll-(kqTw& z^Yp}gdBT~J_9}U;gR_vY(|7DzT~vHTYo$sT*}hjxk)1M~Gl;$Yv4gnNKYQ|Z4+0^J z&(-Ajy|208SXw>tdPYpiH?4*sTofIo?)hE7+QpvPmH=BOuj4H#+n`9*p6g!MU<-|0 z%Yxo_m>pmJyf#ZmfE%KJ)v`UeH_q~HvAcn=DZswLYHm01mxw|q0 zD@)+=rH#0$eiZM`bpGX!RTD0+4Gqw=)3F8~JIbkJydc~R^TIrm?jl&nY?AMBiZKi- zyd1(xMCEm>$4P~p-!z%QS~|0nX|*>o?)LA)P_U#8UL)?sqJR;Wcv5r5+b`w5RKsKZDdMo?SNS?GpoII=tcV z6!D7dbdtdPU|jWPQvJ$VU;ApqNGZKc+fbUw$!3avZ80U-u3vT_*JPz{kxQ|W74r*7 zbx%JWzPHM_2No}1c_vZw}dap)ZR`+LlczIvrS_43#nk8X&%JvcP|3l$N=7c(K`bnx;5 zzKJiQofv69Ra#v<0bG~cB1ArBZR(CCIJ9WAwGAc|cw2OlwF5xVoC#gB9qqv8`Q5O= zagJQ!+aF6*rJiW`(1}3EcLvkH{-BddO1T*V?sSuTV5t~@^UVD*3!3!&0eyM@0AY1)KRv<$9-jyjc@-<|LKO<#bUV)-$|((1H4mJr2Y)|!w<-9>&tWI zf#XowO)UDSgMw~mokOZ1-;VmL*~rj0T5CT0cgcP2J8gYvPJR0r(HC8L(r9Q+Oc-oD z$es??H0-Zcr*_Z#VjirF#*EztiImf)s5y^>tu7wF?6MygUaGICb9Y=!aCg<^j4j1& z-L1m7ap@zGIY|3O&+9cb_!!+6&Lbu1A^Jk~QAb`1lcU6j_y<}MkRzMamy7-v5~qq{ zopWOppGu`#k3%2)1m9h#KvcW9gP)=s*FsqA>MmHMdc^|@OQEJ0G)R-BW~*?4Hj-*= zTuD`~u!F`QXsNSI_KYbdK1R*D_Nh#o@B2w{?=qmpYKKQJG3axVqhnzmHtg^rH%ek< zcX19kEmx9<4Lx4n*1g8sBi@BU@LPYAM;fkY0wp;4Umqc?9U(6T#U|dhYkOd_gHbkr zY6K?IemQ+K$ZWB#qyNqmpJYWW!zeU8t<(ud3dw za?8&ZL^MR|CIvLYZEGGub@Wf6w;`>}HSD-*bZvtceK9R&*l8bH&<|@q$n=-5h@gOY zvurkw!x-0I&B0e?lde`}-48B}*^RI4X&kinvd+nV_^f+z869C%(>CGVii(nlh+%gM>jx6&+6RyOou!--Q` z!Z)JkAk6ie>ESeSJ%K=lgpPs1$j*Ml;c%Ufc$rp0s7BG{1|BaX3k$l8jEriB$hD!G zW>tRWl^lS2&?S|)oaz;9Dn0n<;LBy4`$b&(es|aTe$?Pe*7grmJZzCj@iw*PVRUS2 z1(QhGiV#Mx3kJM~Ox&3ubjDUfw@%f>RN1c3$jaGUdKT}@Nrzfaaf>b=zkz}j#su9J zIovk}-$&|MTzo0ayjQCL{#kQDsGvGROq(&uuySx74bW5p!3DKb+TxGqya_EVXDZLc z4~ubx%Q+S=R(cG$9h)pBQw~;1N%=k{-s&*%@#}i$6CvMRwC^wHgJPtvPIUkNeIm*m zV-piYR{ehH*e*8+2<|&Ll``HySDXVe7_bQtMgeb_!E5mJv_@#KJ zL`X4=s2Ti9_3$N8LQ7`Z+*{WSP<>$5=m9A^x?laG!!`sKA9mFk@!ke^IDbR1*5#Xn zq0Je6q(IrLo#Y|3aq#w6#@iiX>5#7(P9-N2Wv+b2mr?lhBqRs97A&D9A`c+wFxWpnOYNR@q={^Gy3za{bB;Ifj=$T>HfW0L_wZ6&VrK;K zzeibdzN{+4s+|%!Hs0UaKRixiG@$)`-^6`ItTN*xWB!qaGexpVYv~z>X+3SJTpV3$h}Z+ zBp16X-lb`TkBYX+W*!(E%;^;*(4K0w$HB?jCcf7w+i?9cD&G&8rpND`8u$Yix6?r; zU5)x6TVF@9;SweW#{GiApsY_+f`US0+OryZ8`8G6_*>Srd4x1#jTo`|^@N zronY*sKiLTofsFAD#s0cJpZ6Xz|@rf*NzU;k!+>Vh=`7CrMUgIM3a%t=H>nSKZSCb z6OV<3b6w3(OsRKlDODarv0jF_nV)dX%yyQqn@;$tCn>XLLzJ-$P>L_SGCj&N_Rr_b zI7{uV9^;hnC+nUywN^g4ID}{ho8k@S8Ua|HGi6(Pvyt%zHo<*$b&x-*$_)Y>X$J?; z{rmovZM8n<$Ciu6X{F8TgXs!fX&&phfO}h>cU$a`Jedn1yQ9k>Bt$+ab@ylv)(&*V705@!Rt7=X^IMwLUwl-^ncMPT?cU=;ev! zk*mOX$MkluHA_)rY9y+|l!L?JePz|KFGG4`rSbP=gfzW+FseB!*)$i$@~GpTv|H4& zF#GSPaVtP49#c}@j(VSoX*QvIz&2Fh%;p_FF_E>k8Kf>+0$TLJT*CccL%Gm8{vnP|AN~)Wr=f?)qR_ z8!!8vR@fIbZb7uvisy|peMgS+eoBE+CqWL;+Yhbih%CZ`tn!^Yjl|En;Hb5J!n-it z?Btfj2(0<{6-5dGAJjrv2T5r~;$-(Ea$y6kHJ{ z5+*>ykax1A_amP6gHN)52U8x0MV9bqoeY007VKC(>g|+_*l4Wl(f~9Nvj!Cn6A6-C zvP3*>LUV@S!8g?6pRWl)B~MpOg8g_Q> zaQM9`-PhO#?U9j{X%RdiH|>f>gOSEdYdA8&--+8RC2|YF| zD1bVSOBBAwrm%aqSyf))Rs&&mpoh!Hkf_imDZQzbKLzmDGpKbI>% zfq;x<3bzmpJ}9Y0#dzdKa>JL+BCb{d5eYIRpI3Ju!tgh%tzt-?c7^(Z53sy*rUE*9*})vDGWn$eQI&JcbNvahN5>B7v?!Hd#NvG z(s%6~uQlEajIDnxt(VjAMW`wp{G+u)R_xtcC??y_d1=6qY@o4u|JsK5P4^%0F)=tP zYFZMUA&ICYRa!(NBQ!X+Ug5~<(Tv)hpDqDG9JGIC*gjn*W%0dUA-YI$M4-_~4?Q#0 zNPqRC?U5T0F52MUiPH-4@Jc|0B`p&lH)Tokrq&M~ICpoFNNtLVnVc)vI?l3@8OOn6 zR1ZPR7sH)D&Orv|%#Gv&)$3 z3HliSqR<_NRRu#jB%U2qJiyeQ9*F(zCtS+9W|*ZN(m>b1$3D3s$%O`HfzXdgeF_88 zrBbJI>F|StbZ7H91nhpBasDYE1#u9+(P;iAkh_-)xX`b37_}|zBg_mX`wsAe(hP*G^@_c_(hSG!)4P*8eV*MSVWb1OTnY_eNd%WIsaVL?cf zwo9JihC1^;IZD7IiO>`&q93uf_e6*rJLmfEvl#vc#uv>kwMHY#^}I|^<;d3*Xl-9L zs2!Xwy`n_fSId)h;PY7>vyb77_#1?=@8kVt^-GE=EWASuB1}QC-;z95(`n^D!RUlo zVt+m@!tbnNY~esQp>ddS%Q;xb#T6C7&1t9aq8*l04m6la2=RchxIL8)wKeU=X;w=- zar>BtGR~kMc9g2|W;8Dt{t>Ec@AuKF)D`OWP$Q z+d+Nz#b?>sbm7Mmr*0U0=XqSS^1Gq;qN8t;%;>ik2@p|0&dTjg3~S|kC8Q;oa$a}x zs5{vUmKm{rfnvxCW9XKe>}2f$RF2gI0`z1|Gtq%E5wgyYWN(4927WTLHjmW>bC1cj zvJ=%8ZR#qB=?6D)7Rv2{a7zazmkymc&b7Pk-qVjqIL6KgJ*!c8(;@BBp_DtvKmC?q z8&7Op{t{_Hbx)-lo*sEXhd<;k2Oa}O@ZpZl*PjP&BLU0RgW*T_vRs;hs?d%JSy9+~F)lRynr6Q&(y>7QO}*N4m(r~l z3nMns_4gcmDK_NAr}USfK9$0bXJ&?eoB1UD^BD2B8#=y{g1ECYEi2kh1HEtsh{z`o zi_CJ&H_1F2k_5gAHKqP#ht6vQU;YZQhOOnccr0Z**kI-s1<~Xzx9ORBuRrPbc zW?S9Wn-R^y{DmOh4s4!zne*srXU|W}n`}lC;ct}qE^YI?6fh`2g0d1!1~4FpQ#ij4 z?7AN;x{fE0&Ztolk{_;tnx0B8vrC&=&Njl};jY}RJDnr5P2W8~hUJ&>4Ifh8m38Ms z85jBq#^MeMQejhFgByk8JAMirE5XsE}BhJ1lKWN?`{w-2!fy7;n5PX z<(!R)jtV8foTo z8jd@%657e=`@$WKU>BR2%`J+iO@;*Bs~c;`<9++GA9vxw9G~3h6_RTdTwR4<9 z?{<;c?5}1Pa-R8JCRkh-)!5mGe3lO}FCXNDo|scy_kymQB`!b4gZW}%j0(Qc#IfS+ z5kNEv;}Fp#K2f6B-z(gPg_XY2=*3$zr}#lp&?|sjOi@5{q;F`psz7V?G0KtLD-c^d zH}0&DwaaFPHtTwF;uU(cY6#b(jIer`WEWL_VOfx(T$^72TmyscjA8XpgL!^hUAP0b z-;1-gNja!FAiugB|2EtDoev1AuE;NK+OA~+9j;vvF%`-p$x&jP6h!k?my>8_J4eHp zfw3UQMV1x|*W2)NoW9`qhm#hJ20d2oq|5BCTbMMl#(_%`IR+Yf>8~#0^(xF3!{w3s4lhQeNF|ej116IPF}?=@8(B z{P^*bZ`qrh%#mIYkI2N;WGTv;^utr}XO_MGFyxNAnU$VY?{{CJ{U?ygt)~?p8h`fA1_ccN8@^}ziTGq zNBkf{^TwTPNz}Xy)D6)V%L={K!HIJyIQrC9h@B9De4@h@YpD|^V23v#b5KY+5xhW$^dt&LcDyRd+>fguMcof$5Qu;8C-@-w16+G9x%n<@ZNQ-+q95>{u)MU!8TuP<=fknx2d)h*6u&!7h~l2Z)b+mQGL&TYS7_h6;I;9v8*M0 z^);xmOsJWyCQ!3l{nhMxtSB8)y&Ct%0*q#BX5dA^xslVo)0#@tL&H+MztX(7X;XI7 z$)tMN0n?X?pMAI6Lp64I>cmgOpJ=yfAIcCI%i{dzh!39YdTx{Xsjx>f5l1qU4Q0s= zLYYtUuQUizdKL)%nnp*~TQ^!&s8%; zL7)VPls7q|vyvYe!MB^q?$995WnW!zBS7w3$twxh17=#L(G);?UUFk_K2Br_mXhdP z{W~T5D`cQFgA{2^h*@Tk74_|>k~Dl8=A0G!i7xpTTBz#i!MH>;v zM5og5$Ql!gP1f6ww>b`)zm0$@{Pw}O9zAsQd78lE8|lp7rAxubK~}TJD6t403z550;L!T$o8S^p`T@8^-0Omk#&i-eLBSQ%IT^U2DJC@cEa7j$Zx z9$JIzaitBBGTj1n%f6Apwsx;gD_j>lCa&6%3E#0#_zOOZFtjaAWGDe!*%m*L@_#s6 zV-&S|j$N1ZUNKnrMa7kQ4M}~M%ZPs&8JdLyUYnfeVZ>4d>q7jk5(|ui&}3}OP-%My zOi*fG`E3f^?((R*B^xo`7Rlz-<&!PRC!GAj+1xobgg4LNT5SMjKL}^YS%%K4!8)w1 zJMHkyMzkDH2gj~KZ-y}>*XNIY|hWH{g# z;CRu>y}!jF+76I!&IjiR^YL)7*VfXtS)gl6XDCMRFyC@inr#Epamzj1)<{O=YG60X0D1$4iX`@AKghx2gFC7pu+~t*Vaz8%LWdSaCcKuMzXy z780`gLDU?LB4QCE*>KP&_x^MUao#%Rv9x!-O>}eTET$X`#{Z=laH`x| zjRBRfIF1dHk_8-YDr<&ckpW85#DFErKW35cr>X#htpC_b`7UFuZt*G^j+Y@jsGT5j zfc9aj5x6S!m&3FU{`wu@HTAgtM^t(Wh3Nc8SVH~(o5rMV7UzBThlrGsU;1wb5y}N( zPdT{y9PU~}YvA+vN?)f18}$3TlPs&=32KI;(R%q>sEB&kGaEj>;M7a&)(5|UFe?We z3&D;mJRmz~N$|HwAe#SiNj~#_MoP0`g=oQh{nGizER*&h409(rA1g4@9YimROkHq7 z<)IQ4Cv*ui$&lba@gfD0?G0Ay6o>WAMqzv1;de41_4T)Z9i$?cz5|mb@Oy#7X&>)w{KF!do!)PwpWi@o9L%0 z37o|Ix&iM&et1Io(K3*$vy3fr6OHUP7|>tp&%)_RUY)2Ud8FJ|t2#KFM_10Hy~2f@ zBSAulueO-`TIYSW%T}gI#TtXzN^x0vy<4vIsyOYgv(Ce z%|=3{E6@e^Z`%x>7vRhn$sY+OmqU3szFk)zwTbmyy*v65x_&pSGxnZu;vdIN`ztN*H9-=HbZJ&*cZ_2p7kFL908VfhLMmq~K=WbopKAp*JbRlvaO{3jx5KvZ1 z(E=Iq_0S34>~s63s&mFALK!#1zs6n9|LK%E6~CEp*C;dSucLZ18i(#$^_!lqXLDId{_#Z)jxd9Y@eJ`bQ zh?n`u8Df$_WId~kaCX$Lo0_`hSOKN2SphsU_ROC%n55guDJuhQ&ELTyTrkPRdGmIO zpp%qa!ctceFfaM@Fp9SuQ9ku&-0VH$t&K?}w~;#F9i_CwxsD=1tEWI*7F*>W2OX4y z=?w0p@p>BD76%TX?T&&44+oKDcQ;CougP!j0~tN9EWO_sI&1lfwJ=bq{IIiIftb>P zva4Royo3jJ^%$UN4(5oJzx(hZs5H47#LF^3^AwgWIvcVe3NL|g_{WQp&zo)1{gJoLyqfB1>H6ew>{mI3LFB4V&)R4i z&rvGzKXbCl0A`9xreL&M!3g1&KpWar@I7!`s8Z_kB2he8U`HIaNPC=hBP=|Oflq2#Ko=hP&srpr zcyOC0q*z~&IoHM5!;h7hUz20Jc-8av5OJNNmHGCeRWhns*B80_ElKEl=P0pbrq=MT z!%Y65Kx&ygA;Xb7rW7lFl-IeKd$}`pLrt<+GT!3UT3#XAT;kt#eJdcZJL?N7u+SzO zfFpr5ybG{>`?Eim#q)JUY7Ea}&btd^97~>z9byRj!HeLsp2oZ#!p_$e0J9s~EvI57 zxpGtI3z3TDtt+wWr0iN81b|9Ym`onvFrQ-l;|fPTTe`?pdQKA#d|~qjH|16UoA3?d zKb~;Ub5#R0?xp!(hn^A~{WEb6C9A;yn_+z7fD&T4S=FcpY!W;S;yA-RXe znwJCs?R9bt!K?ft=&!D>u8K5b69ibVtM>e#`2KFAHbLe>U#zRORn^rI8W)vA0q*QK zy++rtu&_^Odec*`^a5gH6yf3FRcU{l!uWMlxpMMzccEGV^j2isKzU4F9%*1;U z^-9vsnc@cr25wXaQP%?^B9Q00F_p8J3iSTAH23vwos5mmD|9kJs57AY^5skMGW})% z!M5`*uCOY+pnuYyG5)` zrgCVPd(+*~7az3plf~1p=g+fj!HTn%0Dkk8O1h|8jIt_LiWtKe<-azRHNk2D<$M!& zG+K!wfN0V87+7OrveiDk01ze5vHU+Ml#>(Jm$Pj1)aG752M>|L+wXjPbb< z=15a34|w03xMOARq2M6TryJ-!*XqQ^jNmc^->d*llq!h9>U;KO_kG&b5bUP07)fsr zK_iJxObnjZ_d?6^y<;LM1|C2u(2_@{vbqUYr}YUvGPxPjJ-E~x^4255R$^>y-Ptp3 z?M5hX>{(uH3GIH5^Fqakz~=rZCjs%E$9nj>ZGn^|v_rcbYS)3Tdho7$Dt46O2R{jm z-XCyZ>`kIzh~7{hH6DvrSxuws)Y@(`oI+hlwA_!l{hu8kIwA0NS6|(Q?`J+Jflq8v zTOBY#IO@fBm_S1?tUS)e6!w9;2g83~M$r*-$nn)z+Lvu6StvB=T-KGz*gwqJaM~V$ z0YS@Pn3#S*+5h5rnZjZ;GkEedJm}$S-cGanGhSt7W%=hx=5#?91s(9siBZ$z)x5Ha zjEszCvnP+}(~U{f^^zB~%|DBZPP+*VR;s7z7MCeO{YC1 z?uXUWu~}J=h6cf5=sdD)u8N?(9V~0@Oi`8BHnM(I=2!i|TG~vnzYmFe*=Z{p(9U6# zG+{9i2Mp<UB_sekoFU{!4S>4T@|D^XnA9+V{sBTIbddekfffLmS#7yL>P+D@IXNE{Tff+y z2+;+sF=a|VlAs>|hgy}z89W*|U-09zdr`2c`-I^Y@xp?rX*w{8u+Xh;wK}z1RlSgP zGD#xaAMbO(&%T75B8ak|6D!KdrJlzitHDFG7stNlgHH~oOkJ=exn-|-zu;a)s zcc(n1YW~>de(CmVCM2NA!hYIt`vEme<5{B4s$Kch^_3+$yJ!e!gU|(=69a&tnhBnn zeE@S9Y7<@p+54=x<2BF7T035BQqri64bzLAF*pjJ3#=vgb+nD`?YxEtVvzmCj;izC zAEdFdF^*KFov}P<^=n{o5Q~f~`r^V_T1Ey2Wb8fy>iK%?Fo0tOSy z!`B-}3y~u8`qIzmm*5_eYF|Nm?{vT7vTNW(JC2eoA|aq%pX+F)@ z_9U5FrKHjPae+i`cH$lJ$K@8I`raawF&6o3?O34R<*XvZ9&takW`!eVp}m=^X`cD=EE=O#WCsqK&B$sgY~T9Hn#a|wRG6==fjAJ8+dreiN<*Yz^D?a9V_4jf@J$pc3@&NA1E^O_CoqHWZF^ABFvzcbY(4g29^c#Ng1^Sw^#yPR zsb@KlQLI|ea|BeHSm8?UA<&RUjJP8yhp{P_U>Z!-KBOJaf1N=YhJ(iARDVPH7=s%W z^a#^m3xW^sg{d2DcR2#h1ye5gzCgst2oT{w4YVlfPO7Idh2R^m7eM78f^S$FsE*SX zbs70+GIFUm306HETKJzEoBhs|%-&No!GC;bb`RI+hO5{^c zzLtvP8_M!`bbcxeAe*^LaZJwzi(P>E3HWt2!PAp?)st-+5KCFnyX#SDwwRSZRgckf z*V1Q(CHo-`#Bouw;CgrALxe*?;TA2vEjC2AdV^a`QFjLTUIIvWxqo16`Yrv{jNZYz z$sgF;qd!=L&WDp>t(AypEw}zCo92=}*G+EI4{7K~am%SHnfr%2AKZ?Y$PyD1`JHz# z_xARnW|*5x{pZi0Hf!EISqM45!`h1&(m3!LGYiWpkdn#LpxW+fgf6K)=+>H6Q46PbW!N}1TW)AXzZn%pYfJW_>Kg+ z)Z$^8yMOIIAwe|qbF`gpor$}@FtsL14}N8^Z8T`%;coY{)DPdVM=RaMrF04v)k{^> z_1$u&f3H`oKULdX_5oQk=fhNzO%axnNT7qfN!!N@o&3E-+ouOy+>O53&gh{ZIf@y; z+$Wlxbo>-PcsR0RC2m6F&KDB1>6+d_F-??sEPH>%=#;ZSs_Pm@R>rsMr!0BN@i+Q8CmdzG2jC6S`Ty{QJ`S%L-GieKeXw?%#3~nRr@{u z;ccp2TJ%{qBII6*xnAmPcMt;IV{Q26kF=up7Y0_?Jn34i>bHKV@IoRVom)ReJu<6} z>0Bw>T2B@JephqUKF*MA2+^B$x_y680sEt*Eos#IG^`f+LwZeKZU;JWF%_$mOh8Z~6Ju^z?5?S}(>G zfZcw<>$th@Y=8v@L`6kax0$39o0=Maf80tTFE1~rs3-;WJm3p)nhz1aK%8#<=q@Ms z^64a0%n)!PQUqO?ZJSQt0C3_w#bma+{nAD#Tu$7Ba}{s{FiA*?O3Z++)@BES6ZI@> zXh#F#F=nQZ_0Ox~jYTp1?42D4Tr!a*$>WY`B9lySgwwR+o)!N`4t^Ur$-B!J%*?v@ zHID_Y5F&rYIN>^qI}9&Wi~B#z3`gk=gvW17d(PztCTR5eqs1O%1h)5MN|`h-o^WRj znj}0VyS&qhImsV~#ka>ID_)=KEV!wOT~Ih9@&=;?-g_-Z=ZNK-z3u8xj_0TYi=le$ z@q41b7-6m*%5dag{O((rwlGYS)$Qe$(XlRnhQl5IJP99(uM*U%xOv0UIKdVzF|Gf$ zG3Cv8VctX11h~P55OA(d#;jOQ+lIEG!=SZovAUdPGqL1w{F8;P_dh>=F#_tUdq?!! zmf4=MC?g|()o;=sWGOeEeA9JRhidYM&eDg3*Jdn6Px?)e(fheimGPE|-j{@TtzZ2X zE}z)lb!bjcqs5qUvEPHID|w)9V^^2-+#yfF;6Plfn(yFl7FZxcnT*DM5-&MV?L&~O z?=287Ea^Q~2$SRa-#T&a^8Sr5aJ1jXq3Y$Jey2q6lef&PUeoeL6wT)`e)gowWFil? z=;`S^;EzH3C2O+!eem?sG+7zh*$Wn-*Kv{<+n@%-on8WN z6*O!N2BN*+rMz!zZ5K}l*<0;%pm1N^->(O0RzTUs#i)3Ac!0zbun6aMqB^NUqXPg% zmjfUUU!tH$85*ur5CU)8gFyuSufTZrU#zK%`C2Eg7?8$+zbr5du|yrdb^1*lX^Qt0 zoB}*r{X5GmXi;nHJI}u-bjlgu;QpUyb;@b~mtzN-g2`4#otia2RE7J{+zWk30(63* zRMVo#h{{T?nL}5>E)HKP?Sh#ZIW8{F`N!Bv>VL@rg02kcVSsxB@RF+dT^q>?lrsV* zKYy2k_CseC6iU|Rq+?3%67HPpvXB$A^ruo#zeSxnbx- z0JrC=0|I4$@|0Rd@*8j)fPf2whMv8>20?Vob^gmE$5zJrzpx$%jymn*bSuyx1tZ<3 zIs_(zBh53vxG~r-=0hykle7J@R=WRQ(@E8FjG(`FnqAuVIaSkn)XD~IWk`$A z?M}pchGkSB@f!7rn049g2)vJK4M50k+?&8+O80#Brl)eykhB*j+ZbahE%Vz#B6(0F z{(*Gx*!w)=zp+H+akNRriPfUgqiA5S@#=$;=+E}Qw_RsoyQ9AC%c0p3*zpY76@o)t zKh0QPJ%s_Gv$qHBGH@RK0@`cA&b#39VsyxppqCSs{a`loI~dkec{xgCpJ9y)x+O1a zPMC1I9?eFI7_|CjS~0BOmR+Q=r1!N)HS(=gCbzU_ig;C=XXuo3pW8OM;erlkuGUOh zOEN+hGQ27*<|AJ&kHY_xe2Z$W+le%V=-y&FUYi;zeIvbUGDGzw7Y(CvCI_`eZFGCZ z2{nrifiSNSX_sMfaRsxqM4x7f51K5I^U-1loz4@ljpnjqRu-e-L9WJwt(_dJPq@0~ z2!==D8#-R&ul`L=LW*{oN?GP|ZY!>MyCxVK+qWHI@``%6eaQcOrv-Nt>^BQvgL?TU zkhpqLQ2fd{>QmHrW{Vhx#Xo?Yd$*-EtmS-c`|F%MHv@}eMmV5=vNqT66% z`QwR>X5AH+5-AymAz@Ec?Rqnxqx}MUo9~PIELDxa6M?WtL-#_4t0QDJ_;Pfu62i^l zZU}5j!q}q+WFg;+C?vfpe|ucuxYPUM(9>Q?J$F^iVE&;HQT2~FKRauu>4iC7j()N{ zUgN(r(Vmh{_hv#0yua=&FNn$87GEjeNwS~DW%UH3#)vVCWqF*4WSQ7c-KYGPB0my) z^ci}o8?n*;_!~T9GBZ)iy$FOC&^Dc7K{5Ne88*?-OqEN!128$|L|@~0ZDHg|DY4Lr zie|dN)%@_`L!0@poYK-5bnd88q?a%Kx{W0?H3@Tbb9e0XR%P4% za-^Q?4I@nP_*5`VQJZ~}D`%7v(zfjN_ui}a?NG$l-vwdf z!`}p_5IVcG-4`T!iAdtt$WBvuz* z0;uQDE4+KpTKn@W^MR)?2$X$tT$u6;GGYPrZ%Pf^-|JyW;G?<=qom>kA~U|eOc{R{ zFB=4CCfM>#E|%N(2i5Rug=ssf)dnrXF_sSkQwWy`Lj!F&%A80*o%%PsN8>8cdPuMhX2dCU{V&1c$A3GJf8C zH~#qDHro;JeWKH>?dU<~fb3L|e;Bg5XzL0iYIj zAZXh9D~2o;GR7c9k4xlOgPYhQiAXP-^pX(?b)yW;oUzpERIuEkDD14Zk(JC*vjgGX z3G+csuJ2Na7U3KVS$%_KrO`c;w-^c>js;aM7xq}3BUQ_N$p=)QBTBz_v{A$2J+B-F zHuz~5ll`MAkY3WwgZwtHK70d#9Lp_>Y@twZ5NJGB^!;?%wkGeJF4XR-Yq!ohBM=~0 zM@6iD;0q=WS*pZDtnR46L(fd$nd z0!Utt$ULs`dRSs_8D*1uNKE}NI_;y`jI$f9pRkgbs7hw73;O%zT3ES`abx*R4F?cP zDV(8R@SlS7=6MwwY)b*NAIwY=@~J_3kU@Bd)eznPO`fejJmq%Fkrm8LG!`O)EBK9S z-S)QgJ>ctywl}?P_>B1`TQ=N2=BnC$qI) zCysqD5MlQH!%zE_`WKzP;#8I7{ULbb8;kp@>Z$?pYg}>+(=>1EFD^;D(uKD3FvUBZ z5Z`@N4~UOvPWY=R=YcW$#mQ;Icm(xUCK)cXEKB2ZUHF|FFjY`8B3tCtXH%+S8RP&r z{zTHMfT)G!;AC9us3O!b-EdxhPPVL?so zXCs3SymF!?3!VftD0LoNSS<4n)?5^j)hM@FjFDu&n%EISJnxbIyb8#!Q7+XE?v7YX z$z>)Wp@5196Hycay|rL8KX@WH`mtSNxJ-6`TKQNf5#+W$+Rt$_0Vs}Z3B%17l#Y0z?+v?~^f)@0=3g#Z{7S34?c{u-pi z>*xxai7Q&f%HnJE&HQdh%#|PvtgdYMP=`!4kMnN6+uf$MWu3Yuv3e(3X$Hf#Ho?HcB4#68Q4aYo+u6)+Xa}zPqldppwm)gZ%O5lU?s! zMOZsztqhFb-t~5l(Up}rlKgP<^e=><+e0ekl&@y|eFFKHv`GM#nsTd$q`stYkdQ?B zzEth~7R^L~|Fw+9Y@x|+R%Y&tN1i~*PmC`_p{@H%;o z!fpqh=*S?X+l#y_a2KngrT*q|=DqNVA`gHXIq=8^VMI-nbv`0Gq+;Q`SwX% z>C9f*EZS~%8wNAxl#w~fI~`BI42X~Q&4Twsn-rmbgUEdfBJwll9y z?OsWBNGVqM9(ooVG~!xrxWVd3fstHa#)Q?ksTb;3E%uEW{Hk><*O|>f(M0+dj};q>v_N{NDu*)Hvp7^E<<6v#XYXXLW7<q+vi9$|2)4u687H}9wJQ(%4+ zo`I+rN$HU%lIO*NKY8c&6hR+3qox4Nv|IBFJ+CWqNG49j8#4P3Fc~!aqm1vZ+Zb>< zHcg1PFjLf~K=&xb2ZJ0>9gg>stYqjQL{6&^T})W)#@|9j=&K{ZgDZ zMGMK^wcb34|i;v{m+xqBiVS}s_6RYUzeY`spjx1%aY1Pip_ zxSn*gF7g34y4d9|92D}6h6Wqt7%T9RkARm{mkU{nV&qG!zEnaUt!A)5*&ng1;RYI% z*#~D7VC?~d!Kttwk<`2jPAhoVrfXu}B~H9+UGsFKdqZT~`xA5ToBe0|i#}D-#XHuu zXtl0`tVp4JSjh1+g)*r?M4s$YH@^!jBQC$$Br-AsYa7M#7l`GbTD}umL5Pud`X|$- z2ii5z%DU3ft@dt<1NoE~E@E56MxJIj#1 zKl->7eG=^dGCCZpq9s|D3U_I*U|Hyh=yRhq)QAppH5uW_Idgd#-SJyvCu8%Isqm}k z4nrR?JXPpELk_QY-QV|}fRYjG+>r~bU<55X-oT!SIARH7n;N{xY+aTBi68o~#N%*{ z(~Lz-w@s8-SFXzL2t?zSgZ6R7o$+^+wIVbe_uU}Ll+FupIcB*aA0ge2zv!3u|QWAF9v*pxfU{`%TkjD6=nU8X*<`R{kv z5)Kj_K}wsJI1X|o`>Qgpptbz%{;V_^kM_L(QHP3igsMYX7;n|kXo8nP(g^+2?ZjFB zmyOATkjM!mqI%Ncd3?%Eg~)WbLU<;2yWafS5sdOk(iU7q^b$ZG3Mnk;qi;LiTI_2d zk(ixQyM>EG{z_grIBF^b9V=L_siTgw`P~@6nVKo0Li1m?SbrH?Z@OAy*ux=e7fil6C&r@!P?y1jB5$r>-5_YzM z21HO>9jk!Lr$Yh7=@pgVAAgP;(mk+`TOh8WW_X2ASY#vTUHxL7!m-6^5Qtf-Y;Njg zBGrPXk9}~n(ql2+X|`&G;N6F=Z&~dM1G!u{5AF@_4&W?tQ-m$0HCP~U+mZ~5+`wnR zH#q{~GYqJd?|5Eg5I)W#rgZf(5$3zR*NS*g;%CdGnOP>r0!{ho%KZb8K>vkCpkn`T z;otu^ReL@hqZD=Y*3_4s94&8PLE(ci`Ozj^?b7#OfdCaiul~(X88{qynk@m{1MPo1j*_4+F)RW#wA(np6Lo^VV)lUXSEh`+dni4@fH(c$ z@RdyxxKJ-Vms7h@MG6)kQOqxk(J`ujd=luwMhgP+Ybd5$0bRzNovZf1%S6+lErG_X z747WfCTs{_Z+u1o3`c(A#M~&Y;@bz=Fd#43Zuzudour{?(Z2g0JfvVQow`X{}ACGVwv&!BJnXZ!t{yAVoorgww^VNaC#sEbdt>Xb2@fn^WW43^KA!#^ASdVieg?9QY zf~Uh>xrgAp@iIi7)Bkcp0#yy#aParekpqGCb@9Gv42jrHe zPAlHmiWQXlCh1)Q3FxqbtS|V@U!Z7Uka#j%hW&Z;^q@^j?p|-hO`A&SF8*++3Cj~P zRzR9Q%Xb>l{Fl#!givAU-&aWFWS%VgH|(iEBn8a?+(hHQif?p2dI{RW0n^zwsJ2Kc z=^Wqa&-LE%3`g5May6l&_}=t#;r^BY8xuui96Wa_+N_%k{LLN=!OKVD_aD7G=28I= zpXj)xxt+sGOiTT9VPkf_A+1K7Nj~36=3c{W`9sz&X9KZ}(EaOuFcuQ^4BqIp>P0nr zh5&-p{sK@BeBh@}aXFZ+ly}*mC-HMHM#?5jkB?kP+q|s(L@X5WP8Z z`j>3>&HISg4~0tmW-ar$=C5Q8zH@%2ec*f<*1RvFd*8#gsAmB3A@BWFI93jL`DBo> z8yNUj*c}dZiWzW^;`HEXM0ArBpE)Id-m`(Q=&d1*H7KHG&JSmI{ZtmhKEwibPzkSh z*28K+e(fOY)k32*lYu@qnU#XzGue3axzoatu=>ikiy zuzkCU@asIwEH4 zO^$9C;j`(gye7VaZ3#%kvGgRTJzznpNp4`CeYu`myWRUGE|{+5TF+ zq}|l5s7EBfL7u7b=84$R9eAp*Ghsftd3s*$ip%5o+|Y~4bNawW5_mdo*Ar5!VbWQ< z&hf-6*ba{my0}3AwINt}&_3OC6wEl~5^s80fByZHr_z4@%?;9R=_!RCK}UCM zKm5go019-x$pF%kM7DmNkJ|Xb|?Zhqecm1c-Wi$U`b3N+xPA1O|T5_g1S4|+R5zj0sm>dg(a6}$1?&|V3!$>ckTp0V)XinT3Gm6uUNAPEYoD+dd%K2^Sr#& z+$*cPd`|&>I}?jWX}yso{s}493{G9LI{pI$JEkN^fk$A4v#Hr6Z_6_ef8_j$No7-DK52c^OF{+_7M=43-q?J~7g$ zbZ@6=x?9V|w;{0TZZQ+SzWbEFY*{}OYD4-3ytP#eu1asSxNMg7@G*yPeR!iH*>JsX zQEC*`BV}ggL9p}O`MhO*@bJ2Sc@CzK-V+B)0k<^Vse!CdM9# zq?Vg;*=@ef7wdF)epJZSf2gsWihdF^8f9PJ>aS7%Av2PvVPMefS7c{1rah+a|B8@| zEUCFsfypLaZ;MrcV7>`6p*dDsy4>Hvg_mu=1AR*?tNq72xK6nodkx;PH^{+Li6ij? zqpQ(oXb+!s@wmxP&(;|r*w^Ku7EkIj;YCvockp&w>6=Qa&N#vQwN(O)WqPgMZmmLg z=1*(WLf>+A-60Ye6Hl#O?21f_n_^@7BZE#KECiHCyyVa?4&w1H4sm*X)YQVrc@x5G zAtuksh_fqp)%^Pi%G)J-wYRt8`>=H$V@Bw&h~d@^ay`#kznWa|CuxBD*vmkGbjn1_ zEZxr{jPs?5*7eK1QTGd>79Kl2?TNF`UW-x={Pa$}*Iz?H2+P+sb|j;aU)EXqy*Fzq zWdo1116on8Hw0)+8Db9;e81jYR*bs4Tzw)Y2zOSGKEx~8oh)LY(hEeg?EHv8(&?Bs z&%P&|Ae_+^3v><#N5>n^%W6L-4E2I^>T(YzZ+qO+bH!qmk+#B`-S5^~5n^q(*B*(H z=-^w?`S!7l!6-|!A;yx9g|Es9E*?U7OD2X3IOT3G5>?U3BUQ?}R7Hl2#)!233;j(dR=;az&;5DZ(Vx)90tsLvJH?)P)+chY9;-#GSK z@Tv}nzHw`~L;Q_UshrYWkjh_up$geNZj{o>%F{J9u!*f~@QB8LHcW@l*yZ1SO?5j< z_kWf5mR)f?(Yq)TAi*uTguz{dO9&7`f(DntCAbCGAi+HZcXxLuxCZyZT?V&7PV+ne z7xx3)b?;g0^jfSM=&9t>F7e`(j@{(67ZXGJs;mY;uGAXZ_W z%y;Lfx@$6=efO|Ew$#)#gLfvm^)Ku1^b8-i$ODr@x|iST?g;(y6Qd3{kVoM0qoEwa zcCw2b?7JJe%?oV*G8P~_|ECL^I{66vG*rzU zNc;w;y?oehkvH+co(ser1|@w#ya_U_(IO>_vq-(3#=?yqh3ROsrn7R(7GtPm8eG ze3Tzr3#%&{jeiuEsl6hR54xV2;-2i=#%Zs}&{C1JnB}Bn%z`dE!#}UWM*lpGkJIPu5UAR)I(g}qljQhk69T2muJG@$y7e7&fk*=S zAbIJC&F#s7!i>0UA_AreHH`wX%-_J!TG;%%)fQjtC`j`?v+{^y@jN}gl8!$A(kWK7 zjWjwA--ScdrZ{_F?Yrwg%Mblbv(ZF$j?gjM406bLLwkm4)|m+oMvKtx*KZMy+$KX?HwbZT zqJ$>t>eGQ$zf8fKLBa-mmWuMM`@he_qr3GQR1RGSlX+;=(wMvLu!7TstCGYd&a~uv zxl@2T|@bA(W-p8k{ zNy{Z0?Nl`}RC|l_yr}U_&)mC?Y1!E9tp6>(LR9uq6@Toqxyp2MVx3Up*_ldgy8Yet z<0cZnjA?{<^#*UIa6<09PPT5*rRp{xozidYU5_qnlO@*W`t06o=Le>Pk@~rwuM1OW zJtDitqxro(d?Iu1gDJSuWB(9}W$|hpkj8fVV(UqWlE*L|F$VcHPpd-izO6xlK6q#0 ztAhUIq>n#6wCU_a-sT=(J+iqhtM^TZSbH(AW>OX2(Kgsgutq%!|Bj_6|LuvZh=Ydk z_xscNN2kj3*XxgDa`cd1bV^x3p~6WWF_h_6rl-A?I$8p}C=+lXq#wr+A8V zh!qSRKmyxvHVy?eN~w)WOjEhVEO_I!XYKVN&A6sIX&+}0*;cEs&hUE*>e0J?8cuzt z1b1$jjCyQ><0ZxheoP{SHl7g1zW8H5)aRRMjh&$3HF z6D=r!Dx^<&hAnU-F*Y3dfvTyaAx=~%$xcW=iuPEP9?3Fgby6-pPU>OJj!dNUZr)~u z@0y(lUY^|HD;t=~*wD3F0q)I* zi~G?d8p6aQZ>HHBp&vA{TsU7`yuE5!y#yoo3Q|ioZ?MPu^qzuQoKq}6A8*1Y1vuaC z){nMhJD}zpC{j-A+>vmCg8h7^D-TvI3@gz0y7)TRmemKw>ipxSLx`W`mSG}2=#)o? z?;%iwtug%DPM}ekFsXYG|iUsXtv5?U24aWcW=#vsDRISO8AF!;-cB(gBl3hzQr&Nh0 zXEgfLkn0!1p~GNRL7aU8^rP|hgn4cRgZ`+@4kE+S0j-lMh}P}y>E8*RixPYYxAL2n zrQ3!B7zHlH2&f*b9lEZrNn@-1;RN;}N|8*Z(k%|nHZ84i-?ETp@ExjMnXb5IC+AKh zReIu1kXYEmxRB$wkZM>4>8>&El>;UcJq(5FgPD*#eyr41D-khw>J_QpW?n0q_gx9B zu*^0yAA)}So!85AQ{nmRd6`Sq=3nyJ(b_Pt?;x~LXJu9G-km!o{AGf^`I?zkON<)& zQ(#s3`L>}f>-+3raTa`bDnES1RZmS$`i^s`S^!q4MY47qD&Ix9B_^5#1%rQe^(=En zI*4mC2%CUFyeISZ#!jm6ebdmFu8DI>6kwfR-nPc#`Z+dsy)n3;J(#?NN}Tb%2=iow zdb_zYAIiEN-x*joNPW>Yi_j31Enq~9OYjL81!QxnzQ33`*U2`G)Vgtvg_Ygq>mpWu z0hSuJU7bKi)^#2d%a?}^S46If+P%K{DKRT0d3l9Y_iLz4&M3k_FkA1?w&A*|^%(k2 z(<4@Wc}LG~GR(0~nja@7qCYQft94}ybL^rHH828n^)})89$9rQy}vNO^2Ab^VQJ=I z0>#(Mki=ZOTC){nzCQ7Y)jU_OR(apNw5yq62_cdKUOIGiun@;a=k13mV>QpzuhYXa zk^v+Ez4_JIXCy{W5WL7L$L!@^%o+B-G$qHvj#f?Xn0pm> zD+sj3Y*w{Coj10)?qdxXRa7+CWP?ouNMx;3O(snH1=zxRvG^Gm8yBi~n%3QD1J6qE zG^!Y~tZV+EJL5{gOOdi}ri3z9_v6jY;~K6*4lPg-vH~vt(GAPUrf3O;41R_DuEG!3 zl#nt(dJ9xR@@A>Ts?K9D1Cl#fA)-!AIswx6q;Hn?ORb>wDzVh$G%TzeRC6l0={DgN zCdQFp15tET?mHUZx@ewwAkb@SE1)k!)V~qKw1h30n2P4L#e4f$JLO1vbbw zHbY^zBseqv@5GX8Gyn`)# zM9moerI!bk+ei7dPWC1}2VVM18rodBT{Z}=0ws$2Cz6ym6|ZrR>8*Q&_4SJk zL0qBVnY85twNJXG@No)Q7F^o@M}*10kbUYJtDy7GO&!m-3xVTj14ja8WRawKPeU>% zsj{ID7=yYlI8AOQk{Fn-6Zh2!H^d#m^@e7=XM=3jU(}-i{-ET=tr zL6W|HGsGOb+vjOuB&arwCuLt-iI>=cQXQYX(j)DA)ZLNG*cCJH3$t8M$!}lQq8*lq zM`@K7Rz%Ttp;{Q%w#=nqdSLfd!kY@#OOwj)0Qa_7QxK0!#c*z4LOMlCmTG#V>zv_* zv89JBu-3XZuQ$$Iy~J`@1&mQ-^=6uh41c8&HHt`!*wx}Hkgqu@H!>8A#vA)m&5;P- z)IzaX3}iWCy!<)*&`o{B@O@>NqkeqOFp<8UjfPhtJ5BwkEeznt@Jsb@voTHi1gfeR zX23~}%neYo+4ASkXZtXyq^OUcBeb$!Jyx4gYN*!rdl@C2i!{fgv)uq!!)K z>w@k+Yr<*k#ZrWq14oEv_?PH8)mH11N0c3iBnqniP3B^Z`YMD=kK?L&AdNS^Rau9$ zSAaDwakr2AsflQ^K=T>t!V4?#f}8OU*VF5kcnf{>-IbR99KyzZB)wSzVdduQsPFed z!WM>1Rq*|ZyJ?_g2s7~kO(cR^sfErT2^-6)38YG0xU%yPn+g**t#OYUY-|-if_*65 zjBP>@J-kmDQ%R9{fyOuj>=vXCZG9MYbr=zPQ*=N1OA3y8Bj*y`m{UfJy%22Iv_HkA>P{Bm;3vtqzukIl4 z$O_5(l05N~4;^7gBmf#6$iYJk&p)3w+^UdPk794Kezcc%5U zreTY^aeg&a!*)sfX|IXiRIichdRm(`hr8DD#?I~4hFk$JsFCf+>I&*^uO;|vVw2@ z5GFxqZJU*x8HITh?MY#Odeb4q0}9*lV{oXr7Smha1mzh2v^{|i@Svh@Ff{kN zgbNTN*W=Mf$0vMNa@gcz=cE@g1BLdOSK-UO`J1?rf<^sQ&f`jlxhc5nsCCrMr53P@ zO@5GaM!or+ASFZLyJLy8nV@|5!9lX)>KzNHpv;n#t#m>O;QyYhgy^Bd+rvXL$168T zbF24wPnS2UJc)Ey`7-`*t}y5@)+jCSs=9hQ(g*36#5QUaoR!ZObf2zvmRfHTw$VxE zSMNCzegS+*uPF&>_ZCFtaDDXLO~c$j9GO$sdaH=Vp%2Y+hp<){t;1A>e<-UPqByN5 zx3?EB>@RAcJS}cs8uycVrTQj_l&?gDf08})_p+rW;RMBzccxhj}%km~s3Mu4v;7oar8Mo&6l8ldLQ z??QC61c&Xjqgg=Y7XLb*gyZ7J%CQ<8Z8wbTeKcmLQaOYvf zw;uIS8gDK#ioyL#!LxaDHFx#KXtLmWzF7w6OlW3lfL`d20nRNSj2I)b(vBD@km&FtuB*LPAS2@>Mod_d4W39J!u&93^ z5Ktz6FVe}#@b0TwJ}?!#s`?t`MWtJOc=R>)S9*okzAGk_XIoo5B*GL=wU>-9KXvNC zsYuBBH4CTiC1qifJqpJJptR-QMVpD_K7#OgAKm_47#3Hio-N&qcNkMY==eu*LkxT* zdBw)*dQO0VyJ17n2NbeRP}*S8i=&K@Klz3_7;$|9^V_%)+Zv->F$B|qtnG>kpFg!{ zdWJVQ@09E%<`42A*Lmq0#-Pmrz3Q}sKNoO+*Y`m(j==;rH5qW$y@JEh=^gZakTLgy zCS>m8rN;OGCyW#GH5Fb?y$}zF^5r++K>L5R<~4l{hFH*vS|t!6H83WR@@Ik==c)xO z&$``UCk;u#H*@Oo^Hv2u3%V(zeY+{lWq(10@%3c%sDq$MHW3f!pi`}DtJ~PW8O7Nw zlbWs;7PqHik33{I_mNXm(=}!;79ZP=?hoN3y>%_YEDqw9}8DIkP)z zZ(}aTO=~8AZ#KK2)v;L+l5aY2S{}Y=<>a7KA0QBrLzQw%AW)_tI5_ZQ_5by4?RdFW zHU{FRrOkvwOX*GX?fXZaZw$3;csMa=k-+?<@_M-PugB0svfVZ2gukj4-1;~A6$S^V zY6Bv3NKQ4jF3mKAhBUmN$|+?I3l7#%1eg(!yB@DqKl*=>Un zQ7#KJl@L|;q{MM=9g}~R`mcK^;ZXD~I_eN2AF3-DUzSu#qw?7!H0euMzwYoCK*Urp zdgr+ND4Sg&3-V|~tDsIjwG)DXrHtu6aa;%PWFG1A{;4E2i@s?`>92c36ZHl~fzge7 zGuWpY{dKPZWBjx>$r68da0g%fw2b`6l=?|gH)R0rE^(D6jD?sECTZWl{ zEfx$8`bBxI*Y_UN>LDef657CdAl=mza5-shvW9)cYJXa7d-?$0&Dy$ACO$;plWFJL zT&`!I*Yeg>IQp?+_mN~?@6 zu3s5lsS=j+wc+!gtd5u};Dld-_BN($QWW(2<2!L3Tp15ig9WQ!CTw(tBU)PW-s$T( z4uVxfZC$`Bja}Mv=jnh_*?)Ucs%}w+p;g0}fl%r)l~lPn@{UkHktXBzBX~p2)}lnD zDLk3f#LpXzN&%XD?ql;IBuBPsjYdeSWk)6EC-1x%Brng()a$QOXPbaY5dKe1jeejO zVfrFWo-lV#sr(fxkx+B+fr`32@W1`GpSkFTc{CQX$jOKtPA^C4J7C+H__8E4*CQy=XVZ5v}?D52MsT--igH{v(fz3;q9k8CC*= zjkHjtaxeB4-_HyFfF$P2+_ke4;S<|{r)^MH=zLg<3#5$^@t$%@oX+No=OLY>Np-ox ztML?G7;vJi@Ff)QlTwZT)kN90`DdiCq_2D!@)t*ctha3wp-d7MZTYokgM9T%Mk0D} z+=qCiZuPj^Bjq4TX#8shL=lWN=P4Adm%F%s%)zh(9-l5XnwRK8N5;FoZfNG9&m*0B zwhP#^olo>I<3mS`R85ifzJ7i4WX52xzHqxw8C5w2R%pOR^vg8k^It8vT#K^xU|d#{ z7zeJ{Ic{6YO*$I>P6-=hx7op>R# z@I6b!%yxJRZx}Q3)lv7QQd{!u)$IGzjq8eASOG<|%lp06HZ=3OfQ!*|XI@JF?rbcb z%lf6)m|SlT3>~aHbZI_eSTuJ84+QGlHo?MmD^z3%VlbTwThkw!=oB8ZBi;YzKIkLv zvy&TL4;lUTASo@$_`N>dDkqCr86N*Q#n-+shc~5%$??-05k37uf`h%4q}xa#u=3mo zD0H~m&>f5e)_Ahw)773$gGSb#^*HKAddP9;>p#DHGJ}}lKi1P9`Ygq*%0cD72Se@k zyqAXa!A_%CHayTsgHCQn5m(!C{~HSDO13t_zujIkw+TiP3zwECw&MrA&MxF%S1)*N zsXweW)b}fo*FRp#>CL_GB&D3wzjv+~Gz&VMcWjLG@mk+zw!OG#em(|Pfe(;dW)1Jd zx68*z{a=M{99zpN5Qzw8)9$MNx^mg@UsOBP3GAWIK z@>?6PPNgk01jM%QBsyKiaXmKtF&d?=n>mHvkbag$+vwcIAUk_iKIgd#@j`bGBqkG> zbg&c`w;PV=nzuTgNLLQJSt`d^cd;zy|2ET_);C@XBQCVpjKcPZ*`RM9D_98NS4MpL zNsT8RaO$p!;qr2`!TsS~5xi{aNk%OPraT*h+b5`tT9 zL02&;H z-cb`7xXPz#$K1+~*eadEx8|IrPvm*1<=>9z&#**>{R5F=cP)XAB5Kei;SL#*+VHdb z-t6ew0O#uWyPwD>p0}@!yxkI0%qVv#g*;&xr;jmR=m&T`Uv1sIR4sFw7Ojamn4t_g zls6oL!+(uRqWD(WPqi@*O%;{RzJYxV6|J?#eGgF<3W4%LabNVD8tv3EjF4Tn&;RWd zTyECUL0d|i?4#2-SC9HqGAME&JVoZGkIWPF)00y;YdI4A1D>|@9d0f{7kmk4cV|q8 zOdt@U$bW(}jUH7We4pv#ij4@n&-fL7Ekb=oqR(+Wqi^~=`fii`bgCEILDR8u`95;+ z?c9f8^76>{^Y^-lS5J}t?4o>kVpEo%A8px*J5C*TeU|oCJFWt3kYDZo^zwJTI-@9k zwpQR}IU2ml_D}iabZp3Bq{HCznEB^;`$`{KC05Rrt_cMydbGA8i{fZ=xTEJ_xH4;H z&0#kXP!XB3{4lBySq2YhS;Sex4vDz=8+#$%I+|fWWwuOs%bSH0D~d_xeMTDeBHHL7 z_sG@HR{~-_7e*9}_V$f^b8HUrIYOFqSeqdef8FeU$HA|BB&7sPZpBVSCeYx-aL)nT z*aUfC%CQF4Uoh<+ULP_1>dwP>5Uh$c0aDVhGU)Vv!@3PR z;E|tin#x%oBwqUmy~1&JJ6tL*|GBA3C(?q#X6pq;4?ZIAQRtu7ti0#%x6rz#X<*8< zCC;oK>Y=d0#Pejcn!FqNUUH-FTDbvW*1dgS8RsdnY<|49xSn?7^^L}LdXLAxTVEBPSWn#@JLBV-EM}B|IgV&P6zw>J}9K2 z*j_5*P}(Ic9~lBGU@!I2P#cdjBipT?2FjutkSB>@<)w(#p1>xzI(EpmcQk{VI3GD~ zp3jIN$$yl;%r|$Io@MEHCsi1RJx`dnIsBf`r1&&`arzh-G!N`5L$WbcJ#QGX_#RKN z|597YHbEe*Rd7G!jp4MhANI7tO~o#R?RYqL-RbZ`ShKhUB$BQ-J7>&f;G$ygyB_6H zEaaQ5;!14qdK*6Fxns~_Mg~v;gs<(R=b?}19+4woe9Yar^@x`bvk&A#^WqwSi#W;j z0Geqb+LaMK4IF%KR~?RtMm~^`rPHPC?or27cF6eKTnvC4^9f-9S9a|$t?HlWmIKK9 z{nDpjNL5UE1y1h);BoOO{v}poSo(tGQZ4@n*rl2PVD#l6`2VqW5MQv{duLQ1kA3Bh z!+x>~1Umo%qV}?Pjbxy3WlymJ!vW4#uKyFiR-rUI@25Q7gG7~`c07lC#FXJ#jTh1S)3(W)6PnT`*+;yC+2omq@}%rw4y^Kb1?G-Rn?+JtFU#Cbw@`m6Sbb}b9;Je5buCB$R|FF`3# zLUh~q3AcM2K&|$-*aD+l*W>;Qw_e~`seZVE}Ey zwacf{1Y%?ky2nMOrX!Rt2$fVD+%``qny>4mEfy+QhZC=0Za-jD*JLF%MPrk8^Q!8S{RNT>yFE~!B& zEci41i^=Zx<{VyE6;v+@E_Wxr+Gc&e=Bd-+5xmGm$Ci3%E6RnWeCe)41s>)${49wY zNO9<1U=CzJ{`zUJkmVE-9Q@6qAmJ@n>GCz7WyhSCv%O6aF3+k{}V0%-xybHnOSa3wVZD>M8D zK*k_yPWOW~ahCy*9pT%uzbx)^*f&GGH4+IV%V%deD*vAzFTne) zZP~=XL}p+B_xr>FoJMVFOQyAqfN}ry9mn_RXI5~HI)jh|KO<#~5=^i~QFU-s~ zL<*U02?64*FNQ~Mdcun6w)N-d?E2K~Y-Z~rnOfX%y1W5|Vy#~GTMz<%)z14&1t#Jt zqhM4l`qrp4WoRBCh8M;>nKdS@$R?&JMVVqiE-FWBtdKG^ZLUmAiTC9aF%LU^C^;e4 z9*!gQma{WqA(uwhns-OetW;eI(Le3Jsh3kdYN3?ZHEppmgDxR&jU(V0@{Uw4 zD1r*AT@6^Ab@1CO6SEx-QGt2K0rp!+rUV&4Y0`7$U9(vieLQkQH(p(t12x=k(5?6u zx3fof_{Q~oeTaSP)1@68pSq_%#`C3CP>LjkBl^799qx};1D{yLfejdNJZ!ig!z*T& z?s;E;$OYdp9frZ<_%Hj5w<1-lX>Q}EMNC8f*0VrBI%f7IsO9DaoY8!)F%Y&tGz9}S8nu;82} zO7#EuF&V*8`#tjZKzo)|;dxrl!&Ko(qc{Ht`s0w`fw{?}|6=^YEmD?4mc@*xN4qYt z8!f{3ZyKCvdtP_jB$tY47=V|%^*vm?kBP>xy4lU_T+*88K@LU#fUXWoAx9)1vp0J} z9p1TsF*0V|?_9uj70qO#!S-#`TBY3ckTjutDO`Nq?pyJ;{|Gu5pl5)Ot^4ATQ?K&7 ztlJvAPk97$^HOvwHGhc1v4^(=?kn#Duw~T5P?wi&wOwAa?q6)gis0}~ql4fO2zJ!I z1k8VE0j60-Vm5+}gJX^b#Q1+WBv`aaW%kX6xkQoIvkB(47Ou}y0kOqbspc&}kI(c4 wfS!XUz0F8sXKVm(3<4Quz5M0>#rEtOUL=~UdrDu&9S%5Tq~s;bKkEDaFGRP7+yDRo literal 44508 zcmdqIc{H1C`|quDtEGdXx4A_r)tVY((bkw&C=oGhYaT+27>nL*Q8mwmP(wo!q^774 zT3TuzBZ#4@F+@@G8206Uo@cN9uJ?WS`t7~;Uwf?(vXU#wc^=327|zcT`N%+*jg^;` zg@uI;tfytn!g3VM!g9pw^hw~6QE$n=fx9E##=7@eO1t>yfPaoV-Gkg?VJV9{yZ7V- z@c)@-dgk6NEbL8(KSx?Ti|kogN}hwY?wR=8{6_nwbAB6)n8+U18)4DY;k+kzG?BC8 zo$^d{(aWM7Wvg?4$=t9J@jv3-DCKzKnBFt5-NnQV;33fND_vMQuWM^xpMjyaJvvraUJDW)GI&o(01{jtssr)&POZ%=>G9$ zg@D`cEHR&JXiKdO4H=Q_I+S&CUmM(xFz6tOhDC{#z!a~sx7`ksb)bPh+R6mryzF3Xcf6wFNB zVMPl#&Dr`3)@~f+x|eL~oeC7F6l|7wIfv~?dvR6dqG#T^)!$)4svc}Z-0C;1U;%BV z5dC$$8}iYNb#)4EULsZUskQX-QxyVfP%JQj$fkbfE(MlL`>Rdf1y(k4r}S09v$gvS z1}3+soe-O}{Mhw2sX32d4;Oy&9Q_;A113u$lu~lbGsEX{GxhTIIFmww3#n@E_Esr? z*Hjd?GvA&(w?Ai*Ip7;WY9Jz>nEUEe=E1qNUQvL*Up@8ZS59eFq)j#nEUCYcD+ilZ2w%|$E?mt_-;4Qx*?^|)4@otiOFsky1Bb6e)4-1688JMK^c`Dc@h@% zu9Cbqs`Y2lHR_BLM-lQA-GQ2#=_^)XxWg1}Ny&1N&+Yk?kLm(KRWzr%(gOW0G!ZtI^P z)8f_6OW*6SQW)j|7OV=KM=b*!^7i9DhSZS)VtYRm^dD>ce+y&nbhGFj<1ynn!*#sg zu@Z;A4;VM3>C`0&4Ws|WjFc8p3Ebe@ryRpY!c}5Mmm3;6YcgMP5hQ(71@+ILv2HRF zm*w4Ad1l$*GD{>yUe{NQY;%WYdvL6Z2o!brg%73E&K{{yL~7gEq8wOKNM2;uaRqV-+$ew3Ifa`bVO`eX?A6_{;rZ zhzU8pO+LjEn$8I0kgz4Om90^Y9(4#TRM{ChLp zk{Cpxq=vGAfe=RD1gX?E%C2R&hT^2odnz z;C6*k#=;hti|T^zn5an)jusn8^(&1-iLC7B5{xR++g4p+fjdBKB?^_RkV3^`v>h_? z+HRXp7u_ma*cp6%0oqgQRynU-jlZ8aQ%#zsV|T-;gR106*J2<9z;IdM5m-=n z*>@mRpZ=l_)7{nAs+c@658;$yl8Q;Sk;H+IDyo?j`Q0zE!*#^7&O&kjBtgtBAa|pn z?R?477Ip+iaSzjY8lBkIA-U%9+GE~?I0{(g0OP$=q7TR+)pa$X07~7QLCxNl0MzH7 zu$z7u{Up4TizHttp%=~Q--H+S6B~bJVSBzuJo^PM)#nN+Df|lpSdc=VmOKQblivpO zg*?Rp*2)1D1H;J|XDzt&Lk7bdFe`QRMfL?KKsFQw8Nf?a`9ykX74fU6O~ko`FzMZ~!-4!7i(%WU&u8JPFo@C;!j6nCfMN3x~2 z?^F7m)-9^%D-!CJi8a@B=F_L?9y`E02L>>vm#QG^oDaE33*XkBjTxOE)?%1w3^=gKU9}!JV$Mkl!!FJTMqcg@pj0XJwnr5vS!PK3@M#8!l}H-Ng9EQ3 zk^PTm>F}0Te;E+3wOy{$t4oxZxpn?+C6fOLrHOC9jG7OJ3uolh6+q4Got!m*PZ4R; z0(e~S%P$&$(~sOT+@vN;^uY+?fJa8SX0RvhhfBw4*=DCB81_L6fMpfnUt>9n@BzE1 zUYsv0Qq=~;CZt!er$qsr6|;cD!32{EiY!Fl#W*z0{yi7{S3LXYtqko^)!L##Pf1qj zFArAJI$Y0!zl@rw51TIft1}Qx5KK%ijUkpNGbSoo0Sh2OIx^p`P+yb{CYx3p%>fEH zkc=%h*iON=YFI;PFjz`Xo5J`VNuHzvARS*WYHjGzR7N$tW6-8o@(4>?C5x(noigm= zJAf#DQY`^>TJm)PtxWDANz!#Hz#a#LxRhgN08g5*7EcWnzg=~6X7JM2vF44UYIn=bXH;4285pr~zOe75Whyvn z6q)$8GNl={hNP(1@!DXx9Oqkb6q`2)%UA(i<};d;@*DyrL7N!~;aBxB5MKD>%~#HR z>7eXe5T0sjs&@>b@oip%P z>vKirDI<#^cG#6}<-#&12&?%ir;TW(VdwH$E$0Dco9$DG3iZAod7pu!7ETp%O%qn+ z3%a~uIbAhphKX(wdoXB$fQ6!c1V&HQglHEL3$lN0r;BryHr0;-{oQR%HF5}|#7W~u zQddK1@Ba0r1RD5h5}E?9^Sf#yOI(fD8R)&m?U)baV8ZIlS_7%7;%DmypXR?BFBPVWSpE0{nz> zo&F9w_p%!{8Wi1)P>hvSEijfti+F;^GNF0FG)I* zUW>_E8cdzyjtPs2;c~PrUEnXb;B}dDRCwVr-4v0eTqYIua#uw>+oyOzFl+%c#gB{? zw~x5}!^l08^#*Cjoo@T$-93TsPS={H5@460E)UsmgNvnoG1Nick!1S8@tV%2j+{5Vd=yd zlyL|OQHWL|_J<_fCIG)p!u81P6of9*<9yfBpqteF`Zu=+-vmuOa;@1EUro7$4K)AM zUdQ<6r5KAj(lr0W47aFhLkV6pNZ5SHJbj~S_;V0t7FR06MQ#0mgv9t$ROi}#U^CVi1KG9VOcmo6!R~eFuvYR$ff$)N%UBe~ z1oqP6NS^+PoLa;kT(z_(b4cl6Xz`0qKkhMy9Z>9i_<%PFe3bhtrimtc>W1$Ks$3?h zbC7k!eyi+d1JU%)u7Wst`nbg8EIots2UDK6w>-gHIppJ~H)R#?8vT;5V47DKGh&>F zdv4l+&un%_OKFlZ{R{q}9}?X&gM<+NDsbga342pl*K}9q{gL`dzt89htgE}{W5=)K zUIR|<#*t#WNfbh60}CuJNIqb=cNw1l(>Y{yOV7C4SsuASzzWPUz5#U$@1Ly?jEY-K z&|!IdSPaD6`?ov^%7Cx_(&miEV+}BS-$nj&-__^zc2r{1vU65Rs|ue zw9b)CxliQLGBl|&;9$pn(1t4GoC$P5dYBa0ree9E9eyG8@M?c5{-R!2i zX~vgRYnZbzP=k8b{kKJn{X8{(*!Q+ij7mFs^YjPO0ZC$0f zo*ZHgdDwAo2yP^iuCD5HZA<^HA-eibEP@tWGT^lYBjPVuH#Lh6n|?xxHPn_Gp{-9m z_d^iJ5bkk1Qclk{5y$$=#-<*vKBvmM+ySY_CL(y`?} zL1f0-(;pp(U?Fn$Z6xrI+(Avb3brt_er1a|U87{KPt_BUi1qzJukOOtTV^HmL#cF( zRf!%SKW#W|*mt84pP7n;Z{VgZ-B0K;O9K&B8ZaJ~g2Lwk)$cxTuEhCn*zD$RtKT5u zn6K!>6T$URPh58Iz{UWiCcoKrGWPS-S+6gQ!yMVHLk%otcbhTR;cyzc z{zWNjZ(Y(OI1sjtbw5SGN$jbxV&w(z59hWj-zs!pTIb|ln#_W?i1}NG(Oer#3=2I> zYQ6TC^bMq`Zum02X<4v>7Ee^cfGRgwD5>DLS(1e!N+m=aUZ@u4R-`VlZV=M#k8)Ilrjlp4hg5c_Y8U6 zkQ)T~G;x*96PoH~$@uHlW?eknq+Oy9ZKmvId)ZAtA=5uR1(;`+RmvKvN#K@|~NU#JnEm_VF!4rxoIX&V%m?|4&9nfRbaPx;wd)G!PqCYn`=i;$G z9`!5ehol0M(T57FI2G6$K0okGASeH`piefikU3)Mm(Ro39&0KSGeKUrAGet15N#cF zq36hFDKsM@5Najc&ief z9Y1dExTm5M&J{f09Uk7BbgbI1t5dIb9J)w8OE?TZ$k3GVO-zy_0kP&(dX&x`Eqll z-ATJPw8Ol?cSlO6xzsFdntRUf$82*kSveD?=(I|uyJW#8xAMf0WF=}iwfot%p>|(6 z?i4Jlv4VdZE1b?Hi(gR#Hvf$nusVh4H~1CX;qg{W#a?1>``ZsYWpIBv?eSKV%MUm* zBuCFB8lU5BlTseeapvtQ*C8!*R5T3$y-}5Qo>E+FGWz?kk_l%9+9dotR>ZUUdI539 zLII1)+A-lN_!I1pxU(Sf-Wo0jOA0B;#I)^E(lQ2AGfJNj7%jZmMRLbYTTeq`kTh{D zSO-^sXO#VYw!~FhE2nZ20SRAkvsHV}CI`QjFNOU`Ov|v`gS<-AzPQB7gLo4 zVQm_vYmSH|{c3f-p7@e>YH(@;$d85k;-8EepD|0#y!x&b@a$LK{9?$rC6XvVVQ)%B zOsT=r)dE-e_;$#9h{qA9gX7nNC{t*1V!+acDAUl(&nbQeHpisOtLfg8P0Hs`E_PL= z-QSyz#@f2FogLihm@Z=?+Co}q-spNM{SX%#CeM3^F1>rqbOaUuz|YZYf*ns3X4}NI zqf%D}Gi%H^qP7~-+Wy!XzuwQdJ-`=fGG?2kLanUOuokdA>MnT-H853k&S^N|lz4Aj zc->JJJximnR(#G`U7uclBfUbrS2 z*YcpRUK_3j-Lidm{zDiow>%HaxY=S1!j2>T4W*3jAdGaNl@Nh9+3YST6AQKu&cVo$ zaYA^i;<@zxF_e;9WgMa#VcmaW!QGs5uGyz61T@I5wY#Pc5%_MeRMmCH(EejJ zRbqFEp%ZJhrny!HB>8t%IZQ$RhlgGHvBiojR_HUEf`SlqZLXcFLpXkuhZiDXI~E<8 z8oc3Xl(I9%%rqJ6&vNqpzJZf&tGGug^j^>%c>tu-yrdZ=*Aw!Zj%*I^^6*JKUK=x2 zFvlV}venxJ6N#Yz; zQo?!DE#oT~4dt2isC5$22vRUUZ!_Dk5=q-BT3w_g zSU-=f44Q*f@NCm)J>Vc(=Zl^Cd&ng}A()2JiOMoP_&NRaw^VDqQS#&0Ics~%jV>)^ z&q?Itq0L!OGJL*2i?tOB;)KA4Co_bdvf%=a(WhyVLuhZOa{ ztnJ87)A#%1*o*ra17itBDHCl(Sb*$6VGOw38b(w%Xv90a){twSAp;ZId>3K4J3fr> z^G=@xP?FV}wD8|OoGuZuH|HJB+yrm3*goKyheTf8*WE_&35cuZYyn)I?AH0cFf|dAV4Rz6bqZ=P8nZ(d9|*V7sAArr;V)R)0qHFT z$4D0iDfilM{nGlF!1xxqa^E?s3DMN(;?_R&WB(`H>60oVCo%HdYvDdVrwmkkUG%ub zeZaYfZkuPOat-H2n}x>i=CGBXcjb@gUCsX}l_}a7xBj)XwOP)>am)Xi9`iwqXaK0r zU7P_|$lgH?JbEH{->81rlzbc%7RZ(zIM5Q@a@eM4?A(2zH2tAD~8yW4_k4@gXZy+k|WIX`VQ}f+Nj(sL4OiIe%icz z{iuaco4p?NeO{L5jA$)FVxaceXZAl0yWY;s$Lv9*{_ZZbfa=SPQtsa+B!33gt3|YG zrys*P^Z3RpwP11lic}Q6XuMX=fwUh3?bt-Q33}gkJW}O2s9(78dqt9 z^Gf!rK=`u-X^-S0HGQ4mRcbn@`p%kZDtwWOD8(_As3EswK$DK~9d?QQ6#0ic>7sej zU}IjlJ}Pq0%f0X%@?5OSj2ICIrr`ZnPRT#$1&TAIVA~aK_>H!7QSsL%HG$$VB8p$5 z3AD${4i6n#H>qjZDOgl?wGI}-xDC0z1`2fLKK4!JQT8#n`^0KCb0hbM0`MZi{RBk19S^zs5x=YvXOR-qG@^2X&8#a;Mk`L6P5b?EN$5(5@4!Ibcd z5X+a#@=;sQo`Z+>)Jqa8JEAqOq<8iPZoNcUCUg9*JZ0WMk+9qA5FV^;dBYbiFs`CJ zonGJ%TfbGucx{++?#J;6ix!IJx9mU|o+C z+s85K)2GtD^c}s@+9Gj8JaBVZeMA5CUGQDJZFM34OUOfSm(@SqBX_c<7z(%ay>>7d zn}~7MW!xfRJW5U?+a_b>8$7*zRk@30@nGX*6pO~*BVH?Zg_017Cm|=|(OR||A9K@d zUl4<0!WgiUr9J9gZ}@Z&_4(eP5$AQcVTJjPa=kCgW-Xqezx!?6;VC(jM3s|HIk5uc zcw=9GQ%#5Xrx332-+ILo7g9mbVkydg%MxGCY3gb2t1!@O4kT3D+YgL%GO+pcI)sKc zvC(tJ$Y#-8Ak%H>j$hc~DK#*6M0SBciOIqKD!ph;hR%-o-cG*9iWP8>N;F=2qi_-o zhoz#9X3t+oF{lZsf%W{|Lbqb@nD+oF!J#N9e^_iwKhh(JNm)|vlAI*c2TSq+U5O*S z0FHZd=?0dOh7>izQN^SJIl(e9=*iaeSp&)-rQm0Q`SD}dQX*nqKZC9Lg9cu%od$mS z7%&psz8{&Zd!ZvTXq73j0o@O9L;pRVR+rSB=GHdq%vmzSXK(-xh(^P{7D==IwX~gW z)PBzP4>J9-txV9A7Hyn~(>IoR%kFgJF{6OFSY{OPR{kfT!jB|Y(A$sZ-_J(Zf8HVpg8 zrf!J{hgD{P3;%*(@gkxBSY)Y9L!LzTxp$?x_`aVT%8%Y?xBGk~aCP>E-FGG;5cy=Ly9!-?KV`DzX~>ZutKK`Z-18O+KdG^<@=j`Jg(9MhTM~jk z$kWZD&RyB8Zv1GI0qBEu0Fy1H(49``&onk?9UBZ9#$Dz{?HQF{wOKc?Ibep{R3K)p zBQ||B_veUxW=Zv>rT0ImhefwZ~dAubaY?qcZb7 zOIZ$*Tbx(kMDby3DTn#W|5z0H!SnjpfZumtIn7vz43yI)h#)=#<|v0{#trm%%>=Sy zSH@~Wk`EFXe(g~ocF0{pONtVU`(#FCSiDMo2FR!T`M|K~D6vUSXOiLFzATxopWsao z8z`5A7cMBd>bCM{RE|u5U5CHx<_v-I@E7%HX}Ib{_Vc{{c!s{U zF|T7o$uMG!inPi44bf|QR^je3!~6354*|)SgJ-=yd6a6egs^1<0A1MH(r})i^ZS|#vMKFDO@~!BWYCr#ceZk40+=8iC$J{z_{0q(RrKP-&!UY@yuEJ zAh&w=Iv>O?!8tg6ByOcbVIhH3`|_t7&@hionQgoqM#-JXX*gIM8wDd4{O_N$en(Lk|DbZ17*mjOrR3l*BSCWH;Y#Oc8D z>!5FzQ4iIOK9F+5bkUMK6eIF+E@ohvyBQg@w}u{7{#Nr5k(p}^Z8}=7?ACtzQ!ge@ zTT|#rw_l=)y;8>QZ#yMi$+h$#%H?8P-4p?c?Ak38Pu*em$$i}Q3EGXfx|Hp;jazjy z=1b_J>z28Jbv9MNk!5!fa5P3{1uC|~HUT*#Vqi{Nl5ZiUx(IChgIH374RQqhN%A0N0bPgWK=6^H&2U1s-hv|HQ0waudtN*{SkCNv^_e9gUalN#Q^l=vJVz`4_!nJllO!(4lrW+9WvOlfdTyQxkPD z2@)crDr3lZ*4*^i1US&sWs7BwAs1qLv4IZ15EweA6`OnAP#Zs8WYP&=G9nLg@73SD zuyK~eQHznA@6(@VZ~wWN&xj~Fm_n_*T@tP8_#^9QCN>pu+kP+p2KidjeO$s-;Xj< zXt6omM9b`{G?b5OWodrbKCm|HipJZ?U+#OJ#K)u zc_8aShDB^OA+Eb{B3$;4NFA>mu-~a03di!?sv44ho$}a~yE9wF%11o$myEKs8L{8{ z4CI0}MCsxSQT4O+R?y~)Nkrb)wQP&x#}{+V-*hwSwla5pUyBF7{Dcan%xsG?A2uX$ zG90w3(Khd1Q#Uv=z^pFLHHs)W&ou}9csQI)KAEJV)qPvJ9tB%km?cYvnt9$fhAp+> z4Kh#vb8HzH6u{V1LGlcrMRwhzXVm_fl>H7@m ztc~4x#2oL&$ooZP@4~a3riC7|n0*i}p6eTNK(X;EZN>RH^8Mmb0-eJHgS@|_*q z@7uwOgS12BO!iGNHyxRb-$!$PpUG zJKV3RvU8>6NH@z|&&sh8C6c2X;4H}``kS`-tjY5u535s;aiis5@b`!fk73T`l$;FI zrv70L7F!T`ho+rB`}R?e(74R`ao(hkQVh)`yh63srO|eKa3EW zyj1ire8soz%iNI@0Qnf=K%9aXEK~}K%R8GJi1n2F(2SOLy4H=nl|sVZ5Kkq$@qf#N z;xT1^hCNQT<^u$34%p7mLJ<&dU>prH8OjG zk(XAu$Y(=~NOCI1HA{9Ez^*OYR?mgul5j;V9zyY5k=Bi;G~msL5r6yJ#@nd7(%l7B ze`A-w_P;gx^MSVP`WYJQdOI@N*4ni;WIZB$^9c}?LGOV0TIhzz^9Uc`fDS{-Wqx9Yodk520`_7jKPyVbj5cATL;F1J)8_RLzdujmR(tBo%fZA{b!={ zN}3U6`C|q6Mk7Qb4@Co=8ty3+kU=U)ZgJu&cXxYlz?(6bYtL%>)I~U5kQG2Db|9iY z3CgpI*8PxtIm?CaxYd2rLu{*huSYwxs06Qxp z5)~#K-TD65`CV^_4~mn7X!KDBST}t-a1xrV{J?}uJSPEncRT^Uo|G_{y)pob! z&jRocDaav_s5N>V2|9r#Np>iH`zkZG_74U)&^h6j$pGMKA6nGhBq?98JaV8S`wUJW zk|7MUv5p2G^1qaOXuq*ojqj%seE-J)n{Irqof!5ItsW%AX;CsI-T}*vNGsfRYvY^) zU}XRj)~wQx&`*|KlYKj506yuV%_#O~H@=|^-057d)hI`;M-!}Rr0rVDq zPC?dFxXpI;n+4QjOy|Rds3a7MDOaJxF#u%-Ae%5)h$PK_wa8vS@qYqQpGi;Cc|}0D4#f>#-}l&G!(pP}=^ z58Jv~N9JKCM+gxBLEh+^B`8;102tRu=gxv0uAM#Sc1_>BjF>j}7J?qlMS~%h`^t38 zcc8Z3J9vOUVe@=&3<|)<;rPCODu}y^8Bgg25;rNyc1{?kOimYh4?(RKe3Sml*E-)? znqH2-8BdZ`#wm)wIE73>QhRwgtC`K${1^*C1 zC4}rlGDNKZ3vxPQE~iT}Jw-2U{15N-FJeL;?M@gRO)t>nlVKO?K`ia$cEx$j^G%S7~|#o06*`U=UNwFA_q`>{UK8n z(z2pIh^PH*l{hTKIk?4;Qi^lDv3Jof`TtKBGrL95q4W?;2 z*YF$`DvaXmp>_mYYZ|RJZAp~pH?GJ@++aZOApgO6y}Q--J6-`9 zCrlAI=5OP~W*XBoP85!!DmZQ!ihI?Ba12m53m7<=2~LhCpML5g5eQWbB_MExW`L_m zV>ZDws3?JB}PjTDsUjx`=&eMtxY9-i1G8t!?h0N83#P zJx+3n`kuw&GsEvoH>emizXtr2_pBO6a?$_JD9K?O9H=JYqpEJw?(=p{@kM~>&dOJJ zfYNuPj;4!R3+SWoT6fZ@(WX_<9h$6LzQ&b60cSlo+Bqnzn)-^NMU^rivHC=EMM4zpWqfbX+UBVLGY`QwbPb1K0#W zDjkq*1pR;GngF9tT%I;+O+O4MvAU4`u*J*0doYs;g|y4T!7ZN13BXWcLa*%yN51-K z41zA2oCH_fIi&i)2AWsD1M4^_x_l>2m=HAtDA+324Pk5^(0l)vmdT;9&C}<2r2!;U z1#=$|Bo%BV?lLq0S;t~e0UG}g6e@<5 zsfzf|W+05mHtbduQ&A&^);pHeb-bJ&1>hb5fU?L90Q(OiC{JJ}#Yb)4A_)MlK?+2^ zQPt}W_kHaPhuk7mUgOlXN5+}+bQmx^lA7GmJ4mf6r#r&X8aZvEluj@OJy892+T?}r z9dX#ftwfJZ$s6T&Ds&tl3I7ASj<0SwDy<2I)ZsP=G}Ziu>5lt)5CA|1C54#IuIAr7 zKOE_(AXy>MAdDzv7G=I+wLtzS&D0v#SOd9oLj!C|9vIqE%?36!O?3~?b&I5+CK=6b z{FD<_))Rpjp0bW0V|>Z8zA(MDJ=4p8;7|M+2`p4Jih&)X`zi9^TGwvsfd5YyEyA=W2`a{bb`e-LXj zH>XzqISYa099Aes4^GbJ1k}}aq@hg)2)h>Ec8S7>&q^=uR+Hx=R5VB>ZZFy)=*BHo zrv!9;TV-hk$E*cRV~Qdf2YxqLwvRKO4H)ZURLrRLy6}+fRejOt?56?kfMiJm!}alGRtNh zg)&#}CH`v^^2q-Um%58S4o*Fh>M&Q~CeU6!bmSZB;rIP`_Hjyb^2kmH>g&wvU{wte1>RFx2|zwXv7JfGs$p#{?oUY#9*<)d*mTm9ys@*MXGq#wvg3~i2TkWOPE9s%B zIV^$X7A1|wMcon|_K?t$MfIz`7`uzd1w0>{*w`2Z1SmT=I3%a08e3RAFgG`UhAS#M zeHL~6iJw#RaQ2m%-u0cQ_lo2$DW7g+*E*rg#l@AJl44|ReE<1#*%K$iI5|1X5j0<- zN4wKJ@deRS`u)d`@jrh)eemEx<596QslX1qW?Qf&`u=iLK%?i(j{p6`Us+tq>uCPb zmFmmJkIeMJF3KMqxH!|2fr}bEf6j9v?3#PKw6LOd4uVF6n*2KckWQyxx(?XUz|ksR zQD&|Am#@LlS*FYS$*%opA*|Rq&mO0)?yif#OR+o?NQ1gmvt%pXZ5h2F(@1v$L0#DjEdu9oV03 zC%v6H(&lZx_4$HI0cqanPSWKxM}OAkN7?PtaXI=2I@wei=B;1*Le&w2%dt+REfFF) zSjU;U#^hOJ2#u>XR~z!%HvC0Wj7b_$ss7_(kpBmH=}S=7Oz79aIKotVDnn^Ace6m_ zz5hi*4lQBl%M@>y{Xz+J*)LAE($Lfyy_Whrp!azF2zR~B<88iZ#zOS9Dyg&cmE!*E zsE+qz%%nd^Pt{LhPC2_h^E=o*o1bI(JTv}@_v!Wv-SLGp<-@g!mNQJ$wNuoGu9McD z${ZU+rCCU~f?{Q3IqCUAPV5~2lzQ%JLRRN^#Ka{djozW1?W(MPS+(CvaX~&O-6R{S z4-3ZMgr2Y3nI|&#>I>7tR-3jZ_=yLS4@zBfr7!tv4!oa#_l{NkuH>!Uy1KxIx=N`cxOB=|~Zoe#>3qP;3$7>-S z-9mkGVEa&9Z)EeChG%coFR$&u_P;*Q>dc%ef1a-pM3C(;4-nry z=CCBB9R;ob%8?lUoxiJnzS%oO?QyI1xmlI);T;u0Qm}i)tl9OTgWDS_bnC&n8!VN7 zb+w0n+P(deNq_C^H+gP#*=p@trj61ov0pM%zndqI#HT&6HI^w8kX{=5`=ZBP&b%Ac z;=PpT+GTrlO`sbyavstp<7zWb3(Sy_J@E&-zjtk?yXsKt`(GK5Ek7ewzdqiliz9c& zt#TTZ*Inw$Z$;(|raUq=a+5`08BiH#!M^`kG;-vUha>jm$2WO-PaiydIKN1-T)u-* zSBz{uI1Bm0(%SAe6LGX)vHDN1EuZo$Kv_yz8Kw5kvERu?Vr zCU`t`mbvS-u|3&8(<|cZB_nG!L2jveZWnZT1<$xe-H#9UUqrzVj;D9#I~B1=piMc_ zRyT8Uyn}T8$aQC|{si87^ff{;KyWQX*Q>LAX?bH-)A_@+L|cPHrQ%(c4FdqAI9|Q5 zG{PtL?2G0N&H13#1EHqZM~sVNUm>@Do-Vaw?Wj-kHhG!sdo)gJKccGtR$+vNXP@RB zqKnY24085)17rEWd%cH0PM%tHgLVwKsqK&6d99(a*T$zg5FK!5-*#q?7f^$#S4R>j zchXlwe;;h^9IpQ+pir*VK@)2ovT}Dv_UNYL8PhI4lL4o#uO^5 zgEw?*e8FI>8uOgHpcQ?fMY@`HD&dJ=utxW%?gF=ZA~hv-WP?ym8&e(^3_;5Ck%r(0 z+;5dkGxmd_&!0zHKYHXm^Xu2h{2<~Zyu`*fzn=k`U+BzKq=kir`I?(&2%J8?CiV!S z5Qiiz`(qXjhaLi>@744nJ_YxWita;?3GFw1eN8qJ)ucWxhHco>hzk=-l|jd69ENwv zwihI~z6s_s*rgyUPlbE%vmq4b$pwW%W(7G z2?uP3XwcjG&i>KoS1-$fZKb0*KJ66r)S_;>sY&2sgL)P0U8I~!H(^xst_b&=H(rdk z5gtzQ#~(ej;LYUi4h&jYkac}q;KQgr=6H$6{pfK>z zH?+mU{;jgJ0_2+mH7RS3C zb|ciNeHq*Z4!xrd(T1fO>FNTb^UaJ_(6~zJn_rj=vx(78?NgiYA*7&ar+~J&FPA(` zD}&N{4r&GeYID4aYA1v;dHl#{4%B^}=&NDBTeMh`Q2i)AKL*Ds64n z&VS3K{-l+MmyfO=e^7NK@zw`Amy}iJ!;t5c7WVCi;Fy`riRP##3#0QNN$012`nt~5 z>SqlldwbTV$6^(Hjk#OKpR119hM>-9t1Hw6+yoTqlp)f0(ZFt zCwIJ#Nzbmnysxl4!V)zwz-bJHIzK=4(MO^^7^M92-cYZ9g&t64429bgI)OEkcVsp) zs`y$bZ0?4H9NDIw9jbtMPbDW9<%C7SKRyHhYQoix@~l=?yx@J@d|-2)ttZ%3AhVF% zQ7}_F{r(T-Y2T-+naKLzhNk#~v^k`5{Jmpp)5mT!%2{t{)VP=bH{!lKs;Ta46GcEo z!3Kg<1w^Dt??L26dRM9tkrI0EkOV|QL3-~XRq4GGih|V8JA@v3Zy_X^%lrG*d~4RM znfY`6xMZzxbMCqOoU`{n&)&~I_S;)VKDxiYpPx-tgh85Rk*CY|sry6Ow#kHQkuazQ86CW!_{4_|c-QM@E$aXjiO_Okl zZ+Cy^`#b8ah+xXmYYLt5k`E-9`dFc}Cz-M)ARidj*gfo7QZ$eGeXQR-%S zFHe$=#2r+vjwJGLe_9?5h3sR#3l}9FJ=a4~w>(zLcU^Ms(MS3!F#f47Z9@LGRbOVp zO_-6HblBT`_Bv3xy(jdQs}tTj3UOFmfzroJEj|SjO?d9EBnpb@;Ru1f8$07e{1F97 z#`Srnt8O4_8MWo*cklzO4l7+TGsS1Jd<|4jT`g)k-@Q9a?-Tc0HXr`O(GRNn#a(^G z!`nmW$C7fTV9WCAKs}`Cjl&kFLy*>MSu{v5>;iW~R#=1eqCOyn4N8T5~C*QG_j1lVKKSeUG z&tDXN=#F=}#G8+^L-z5*?_v5FDw)!5Q#JK#7SspQY&}8m|G3ldt^H8idVXVDKE`X2 zulo2cZ?oHj(mCw)US;m0!}p+icOjJV%aFy5Ylf-9;ZI6Y{c$RDy0{~&Qw?bmp=Z_z zlhHjldX(yXOsPhLzi18SHMZ#x2IDOEe=4E|%FqFe;xl#66MpziY`!zHK)nh{=zDYL zuia>5u@S|wJkgC8seNMu`#U*p=#2Xpf5s#q4P|@lQNlzLDX!BTsaPzl8ouxE=#W0m zxtHoPB-aEvzf(^D%G`LG{N;shJRXoak}63)4n49hQpi|J(?*gy-#r6S!4lDd2Knz{ zh%Ih)hLaZ*o-3T|UQBv!I-OF_n13v077mTZQPvb{>khWc`!WRoI)0wxEBIl_r9R>~uM&*AVs8D!20e4;qXZ)d0 zV|niHO7`LaW00894jq|r-m4Ox#cbSq1|@LJguFnoPAic)qh`ry-4rA%v~?64M?YqA zaLt||;0IdEjT@-vNwF6@VkO6PmNL*AC;r3Z*NGUQTt4M;Hgy7Ln0}r#I(pj>4)WLP`je(YgJ&<8um|vgP8Lqb6z?Kq_p9z!xkiX&_Jos3%8CB- zj)!b1ZKV$@4o;#N#)giv()&ubJ?DZiPtjuPI@qr%UT0Gwf(WB7^rJobnv1#4p9G5m z$w$FVOYZ7qLGUx4n1LNyiJ%tIqdz$h@0rg@5ZAD|H&hmUGR*Lyk`&c?^DLtl! z*=|vS7}lPS!9G$Q*Yd~-MTME{$R-fAw2`37PiGYB>pa)Hc<^gb+QZYww>l-y-bsWn zrZ6*^T6ubY$>A>ALabD~eoEP&Q$34YyY~RIQ{Evr@kX0wP6v7$X3CghGMAzIE0GfN z5-+V0WHmtL$8aG2^=`3aai*fAI$*iCSyAPNP}XlZ07q0$E1x;$ePynHV}9{+u5j*K zeUSF`Ys$Bd6zwDL=uhU#znxrV%at&TP_A*zGQrus;AXz@;yEAZZ)I2b%)OiY=l-{O zwgv0?6_tHpxA5w| z(2EKWEvi|4iPn;?dFa3NZlUJIitvTr9NOhjfY03)GFxa4ie1kIz4g({g+JtlL8{-CbUurA+7cEDc_*$gIb7V|0uEld~hD%h$2FXEOUW zmCrEmN=4iBvrnTlysByD(TBHsy&O7~(-Sj#Pe+4deN4oG<%j=3HPPuP_r(@#FL_Q- zoXHEYSkzF+I zyGQ2Kw@CJho<$lnn{vE25_Y5>;Ww21;O33zJUqDoZWcW(z}*{DcCuTF;p(O`)5%-6zH}}+N`j>fd${&U)tnKcJX~vpZQeN8kg~V1J?F_uDUGD!+w86|qFRQdcQp_m zYQScfg-zK*m(|y~j)+}GS&Urf(?K;|ks6mqgQx9X z-dhofRaxdcKWmNSCA!(DV`Bv|U1PIS9L!)#*B%_X-yLqI9u=!9C`EoP_v+6|pXJcQ zv?twcJHjJXxI2XrZ2lz!gONE>nFsd4m&{EUcRM zBsaFvEJW2!k>`Th)n=m z++Nxd;_A2f?QiL3yMZ%%BN;uW>bri8>3!AF9a=uFgkXzze+PPQhN~z)?5#-UR%g^} zMn1auR1P4#kz(%m*#H)P)ir2JzP3rl940q8m~AHLm46sJY|Z}Qz|+)1Hu}zL?&O~t zYt5!4t_Fyc397kZppwOVxog&UOKw)^l-!{a%U?p+^HoLutlaz-a#r^y0{VTcQ>v>@ z-uuGFIqDeMC3Vrt!Cjy(Pfnh79l(i$soCRVr~Y1|JzlUn8iDBOHj!yTW-}fI@5ND9 zVr++FcWNi5$&PUNK|b%zTsAFT-A-m(R|BK_trdQny2>t#x~CO2!-8C2rsOxcd6gj+ z-{h-gqSMW1^jFz$C?8sDC-)Lg`pnN4PK8tprEGQXEpN@>cX~0F9&(h8==(v8LXm-$ z@rMJUDoUFZapUBKfT`k3Ovlr4Pq9SV{vQc+RHj|RUMyYiQ+*K+2(6$BLHqksMXzw- zwu)G{QKNOv6n5# z!=|;&B#dq{@0vIXjqA~iA2$?5l&Du@6KJB}Mk?sRL86pa1NG3E=s6bl5>dK1GNsij z=?X62smReB!Qye)-_eR|w;fhlz2_#Rj(+>9Ch-R&(Zw9rsFLkC2VzW-pY78#glH%q zA_XZ0HX^MqzDc5_Mp!CT0522=VfhOT?klArES8p;4=+3`F@EzXp^d2|nr=bw#kJC; zlQXwxFauR2@!1<_o~8^heEuWIXeA%ph8;ddC)9mN{?jd;e68&KOS#mZOsZ^uO~qmH zfzN_wH3aW(@4movo-(k&-FTGxsmf@cJffQ9#*oB3u z5h%XE8WP#Nzh0%0C=pqA!y2lrevf~8`uL((ywLZ7Pqp>m^f3CtUs|{9>Di+irCUQj z5$$rYKDnFuqbc^4^}X&dGkfRA@aro7%RvexASLc zhp-sPf!1{15T13ilL=Q$>Cnlr%he-D|CHH!w>$eX(zgT@wM;7f^enFQyx3DgdyU)N ztg)HXXUDx|+nvdb)ciUZ=EJN;EM;RdefUn7R)AwY4o#Xmnfn#oV%R-y7VL`p#`x)) z_Ih1>x!1T!d1Z?(A=n?P2@6H8Ooxi7uFcqm%3M{FuB0ktje^+w0p-S@11pcCH z4?M8v$eq6)sb19!?mYg|eGGEq8;(b=&G9hS!A7l9ot&UG&C&^DQ0$;t2X^*Uo+e@5 zk13yd_RE_Qu!YTO+ig7Bco}5mcl076hXGmF8?jbbV~cU}0r~EsMEZi~=;E5S;E#V} zvMc|&!DIcCb9<_RB#`X*hi?Mq@y?j=rrSyzZeyY`ls^!NGg0TTaYV((zj1M?@Uu6% zdm}4k)cdT$Iq+?XVf-n|2(S8b7H>PL9RmRG9`?`Lh;P`uZvWd*9?@dhF zGdpmkw;IW&I=SYDb!lHWO&x8ebFIc?Pb3Z>>hFrrl7EcG8}tlc7GFwOGh}yx+SW^J zW2!6}ZMi8FbLAf#o!_5KF>@fubcVMiEATq@p4R3GaJ;e7Z-J1J+NJ+lF4ZubPHq+_ z$Z)v4ViAzmo6iI#f$05`gd8-LWuyMAp>!*y_w=64oq+)@nqDh1Rb+gkF$&G|oDSBd z0HKF|q6B6@UyXQ~73n)#FX!lbEB3KCz}`m1#(rk}isQV6j+l6p@zHeV+9e3kHBlKj z3P8)mFuIVbDFH=`Y`M}AUU#uOVzZ*z(%XP};NAQai)u)cKa`)Wq^6BZ(DyKl?-ZtNrGy z;mo7dWqPPERe1e3GAd+v1F~XG!FdZlfSx^t;W2CPN*HBg;7i;#p0ao5)s>Z90w2k& z?xG$QId2nncXzXKaF7M&G+1!~Mx*iRP)3!zKMLaP)MYvAs?CS@Y-4$5>~=RMnCW*; zDAmWF+(7TuCE~i}b0&tdT=uZx`}oSau^;DWp5Cq&3Y1$>su-rU4U?K^W)ZQmRU@g0 z(n<+|GE@JOG{Z87d8u1O*Aas5+ial8-6l)BW|Z@LCoPU!^ImCtx1h1Yd#V`~tA3dL z2M;l|d={q}YgAJT9SA5pSIt;HtRbvffz-Dclad=x5-?VT>Ef)tOo7yG?+BY$?RA^x zGxfakmF}(i?fEOk&03`yQ)%#aQA$4)4sKm~4IYJ-_$^;^z|QB%C&)6m>WWH~;!|W+ zvKRt-p5^A`L`Fx4Ab)fc=f2AP9vjOBz*I`=>hat_bo#aM&k=ql$>g3cHgPj}3vP`J z1Wx&rm5|=K5OfXgxL1Wl2Y2tiwCH328O3x*+r zmIAt*Ol#ld*n^owo^6c$@YwaryRykHw|q{rReHmZ3lh6?^zsDlI~iJfrUCaopI26I`65@y<_TD0!sCZk)?N(*Y?}aMZMj>w7i-e z`-;uFZHM1vWb#{9a5*6n?k<7t6yuT~arm{5`gN)1;B7+^(fn)BywnU7Jd6w!MpzlO ziF|0A>1JFh$Qa79Kpr0*6LY66`T>!!)gTM)-K)P=zTnca6Ahe7%IUI91U~p6-P%n9 zTFj`r`HB~MY*{j^0A|@95E4ImW71%AxB4P~(DTH$bm!;n$-bt#Z2@0_s9NKX!#9Oh#WME-qWeJA|^&Iu>Kv(O4|OV zO9}6!gge6o@9sdNQFvx?ixVJM%wOGxbj_Yi4bfl8q6sL+=KL6K-Zhp6dAmXgPyuTbuM&x`xgR^>M2uG7rOEje9RG^>%-3||I` z>k;RZq&%|po??zYIjAl$)(Pi7jUOpL!gt2Y@vUxT>%H8V1}nCl+~S=jo)ijIifJ(& z$RqO5erz8uoiIb`K?uo$7_jif;0Bm`sMAK8)5ZHzewQJ2#0nPQSmMWmMwq2jSU=hs zmHWLwwp93oYq1}BvkhFQsY~*gVrOX64tQ%p^>G1bcUFJD^+%mAgx8**RLx|Q{+NL@ z_boG*SlWO4g3zK5Z@9d!?jqB<%cB6M(La7{hPsS#m#0xW5!moqBl*5PKe+J?UZ0O< zAkhBm6%LZPdD+pFFu(BU&w#fUTIz754s&^M!IqB6^>23xU7<-6_x#Oy+irpT$b`bQ zcTH_6ny*qkf6gXvU`G8L-<&j@E6HtVqVGU_0&YD58{qd1&lkE2Gqz8Y2)}1Uxq1?M z7Fv!{E(yKE+%WNxk^=Ut3ojbsR#MKAelguqF9O+_$=H^csYf>oCZx}Wkd&%H2J&8= zdw+A@p0{9cag*3iP}>C;)4>XT(|<6Q>edQv_2ufNx8qNmx^8os)CUJ|g8zQjIlU2* zh&z^R8in1^V4mxPvR~eJ4M(I6`TG4$i+Ct-J|u16zH|Kb0wv*m`#~k;lK*NY#wUi+ zd5*++%Xv>$z7NYkF`0*EU~brLM)PhO!PG^~-!tEg}xkNlj*6!*?Wf;y|zwUA2gSA^Uzeua5|YxGCqN(w6UE>=O% zbQF}+k5Bf*2ka(nk zmP@z(*&O9m)hE6ITdQ_Pm2E`clR8+3d+jdW9#@5>AeF0(>)0HpT7Q8cM}v%Au9`*m zp)F?ZpJmGV8o~~M#fw%~T&nG6et9R;>RAj2-;=$Ukj4XurFQw8bi~eulhvsq3_pdj zk>R3wSy(_!4D5wgplyWtf&7iXgqQfClsd;(OgbE}&X4{);Qh(Z!fap{!DVI~RRnV~ zbIo>C!jYBqZ1)Y2aFIAY*elR;R_}TF%|hZ2e{3Ik{rbV2%}m?>85@y{jIQ-M=Qul; zeyHx7t}yPlG>m;C2(*5VG%2K&+3#uxXWHhIR;1eweHq`o8%-gz(o?)g!Rs&R+B1x@g$!$)HuIj31MNJto;XBLz&B zbViSKFHc8lhcCxV4lHi>AVm8zjOd*^8Eg6RZIxmT+j{9K`;z?%v%k-SOIN4W;YZ`a zmCp-SCTn4rFEkwOI=*;@Tejom#EU-g(7!#3aBo6D|H9#_i)E6j9v*5(ao>I2OOEVi zsCIm7{+wZ5@&`gK1qcyrHGIZBZ~T8y7fsG4@1`{w-4+^`d9}y~kC9%o?39s;Htp9t z>O>>FM32kTzx?Dl{M(UD2bbeB9DoIPJ$j2@j`ubtPZFA#J{|Ue)La6)^YW{lAmQV@;{}L8IpuV1iFkVOdG8s*JSh90_@yd|~m!7ts1kiE6HeKV%=aw!sF2S)%B@4Zjd}OeT&tu`=45 zAl3_;I(rpVqt!MASetbV=jPYsg~YHWY{nMJy7^N3P z#nOA-&sU&8f!IalF<<*SHq71OniVoqM`B2Tb)4vUTWj-IC zf@E-OyVO>)ua%dYot9#=1VW3QIjUcD_G@+CtVSoA z8O2=J?+;&zoxeuIb8Za&srz$Ve_5;CGA=qI2I)idom0!1sb{S`Lo|14(vm$*)`7&>s0p6JgF!#wQI2_f$pq zUtaox=6rVYOYc9$vAmi0Vqt_J+IVWiSATWQL#8beN0~)sR%Lb)6J!y4^lRsbll!%m zeWw$@6+>Nmi2qz({`1_b1(Wi07(c`uGJp{wkmtiEBbQk@=Z+3c!Ccdpk1E8GjV7rN zFWVcJJDqpzBb-MP73c&7%Mmt2aTzn4k#=-kZBI7KB~KpdDwup^bZpeAUyg2mj2 zQbLw5rN@|)PT7~aIG=5%6nA1rYF8h_aF$H2BAs4iq?+j(u;!Lj=#H?|=|aEMOO}k% zE_mNW?ovW)KApEmNm0M$id>CsA9jg(XAJ0MMOBD`?0YYx%lNV*>6cCnrEXV`+d!pg$e$Kx}N@fjOr!_AVsEJS=he>_mn{B%%uYy`WI3s+$ zz)|b>r)C^JC)q~GEY5+o*HN{FEztq*{6uz@90)#wx&EcHG)bGF*-FXaxXbnxjd6+9 z_)^Fk1>aHk+P*aHw`zM+{x24*c6=1CGQYZK@O}8!!*;SgV9Jg-oUa`?*q@METk&!H z{_yR`QVWH;Gc(>`m8=|Vc^{k2j5eJID2e=&O@!Yg%d%E70Y4WAd=SVRA zEm3R?c8*KxG}|O#0AnINXUwPhJIIp>-OhpF(Br|b$)(EiKyV7E{dblc;Zr&@Y7bxB zdi&SlAJeFa;lrmlUw!E11|^q9w0sNHN7syhb>B8*BymY1RHCUr7A>cp(M-sk@(R{U zw!MABDo4}J{?k_SG`aTcPew_}3F8C+6ZE;p99NsI@%=zL>p~-z+V7$p9821Y$EwVy z?77Yyr*BXFNR?R|aBmT4hyGsE5kYJoza zj1P9iy+@6&{~_@g}^PBY!J_^CkMjm!jLKxnWD7Ak;bSnPa!*9xd~-J$%=xWY&ys*^#dI z>lX9JzGzE^az#I< ziaR*DY&@At=*yTlUzY=yC)<&xiAOq6pcXdi_m+R<$IGSMzGVM%k2uck{?_dHV*~z( z=J~8gP9y1s-Ww(5w-G1amJfY~?aIT?{9WscCqzI_Tc-^fDNgfc&)sK!ur_azP1c59 zl>ftb;aR~s<;ncRU7>wTM$2$Gd*y*coi{ftlfiEkS@8663kPFc>sW^K)}1qcn_0hG zDI$ZSBH440Un<4$>#y#9{#99t!*wtQp&=~_>%AWGAuY=rz647`Ib@LeL$~ew19g#X z2N{XY4&}-Iujg+AHGv%&kj-xjc?wKzjWxkWTPluMKfcOWiVSZ4mScN09aav9g(|dM z#0>i%N!WK5h3W4Ys`$U{z51EQN4A)iiW&20nE7xuSg_XMQIIhsrcK6FH17ld$b4ca z8A6)ZV1Re~B4Ql_Ns0Z6_vcq}(;@lYfdJurR0`!M0^>P6Du!pXN zFYTPktQMcikYp;w*mcgj2&<)-Zx!xT=&#maRi#9OFGtv1{ThFS$xc)D3W9dV%Wpw-{ zPW#LbS)0BPshRt(YAXvRPsG`~XG$1V@fw0004eGE z5cObiX)Z)r!{Jhp^U#Zup+7}Dy+{X{HS6Wasx6IGg!%_@F#?K{lb0H*;;`*yeEAlzj*%lisB=0wmqisW;0SEPTP#NKDqfEH)UQR z2ks%!oK$3w|7||I|u)owP%(#<^LS-epPTku@|4xh?O2)fcI+fE+qF=e5r$vej}5m`q0l$Vtj6lM3<}&p9!n zO40%9%~m^}#PQb`E=Lzy9ndEe_bpRMwQJWEeM5-OZ8;<9mDT`)a$p@NBA#RikmcjyXzj3d@TKI0P8#Mz~z zMPc}kA7jSwqmd~YS8yq}wxERb0`!PeapLS>_1E}FQb^Iqh#oRpr6fW|wW(06&iE8| zA+r|1VFR3-qQdLFU^l$W&~N+2p?Z|egflBAXH-zSUp}u08Dvq^`i*1NX>?X)(Q#$i>LouPG%*)r>Dg0f_cWStB7UZam zI&4y@mE19seociF%xLh&+JWDm*EfNAoJO-{mzp=#=hjY!asJ-xE1l=T1?24>Bl8%5 zwQ?tAB3Fm(jfs!Rq?CVuimTN$+r?yVa^`UvnU@brkM?5yR;DzXa_^=drCEifSc6yR zNviYN<%j*s^E4`by^o7rCT%M-s2r!2`u7jZtewZjf>fJBRV*a}t9RrHi-c#Mi<_ao zkyV$xl#cGVJaGo3IU@z$wgS>!ciYzP6#ZgxlcJjKoG`k4b`aDSmHC+rgBhnyoUerTX8A0^1&B`Du%WCLXqN zH0{7%4gZct#S3l*@e5f;Ge#Nz@-}qoW`zu$&u?M&L}X5a;9aToA}$)XGCzNEn$K$X z9VDFGX?ZMJfcH#|OH*}u0|~MKb#i!8k!Dt%JkRrUrQw8FMkOb|p1wC?O&FpA7Polr z95ZBmE9|_&2ns;giY?p`6fN+<#I#>xeqs}GQop}#;Ob%a(XLVuLLa;RWlo-D*%^o4 z(QtxZ*NHa~Ii1LCtEk(Rejp zpXWjtFVfg%W#kTb&ML)mD`vA)3J#0KXQ1Vf-hpiE7`v9Vg9j-!c0Ugs+1^D^tIpO6 zBBdMz35f#GES6DP;4qpiBiuzv72Wi`!Sr^DD0(nQNd)+CLi6a24e(9>3cI27dhTD= zUwgP&{;lY@y5tKBvbe2<6T^3aBU(WJFEwz|dHd}ZGjQ==USZktWEOEP5L3RIQo8@m z9W0%>Vaj0%@tdo$9(guiY@{G7yB;9|#Oby}{^K`D8bwwC|I#frQNy0@boYJ7(7gpZ z2$#O{3qIEw)H7|I|TkuqN0tt>M+o9cYl9wU7bFd?Pepp zwY9amg+)|UR2HA|*ED<8VJex+)&Mf50wfJ!CD?y@JhR>!FSeU3lfBL+yRZ5FeP7TW z`pE|OLV)UbL-ssDbBBdfR8;SZOc`1g(K8htlaB=0kdvGRr&~2B7*_4-Kf&s05*w9E zmU_^+)1gO#`uMIFFmSnqSgEt_Gqno(A=3DJZT-u#uO1hnuqfk)i?yYCt` z=)#W_QL3-DT%<~Ry3^LOGgHAX8iCR)TFXX4_JQV()c|2`G62~)uXzB+DfsGlOxW8* z*c!*)YQ5Cb()RdNDJI`F;hL4TAu+C)@>=7p(x*V62Xf`ceU@0v6$M@Y@BzitNkpFM z?D1^E*qN6Yd-_4efr+nS=5l7T%KCw03+5TXKDl@*dlxUi?Ut0&RE)W-w~=o4*)9ZF zVXS_5^I^dX#gd80oScVty~BDxANJO8^6}*sz0CMgTz}(5&+)s>8{KSeec}|}2VoIE zEF<0Cz9C;|cMUf~o%(JT{sy9!!Hx)A{K?jYnE}ntOf6)8q3tS%2wbgu)q|0I4fN*+ z>IIboB(eqG9wDmQ^W%Ok7#L-QG*)0a9h!6|lhkR3Z0W-?YoL*1TgPJr;T5%QS>y}^ zAaH);t1m=%OI3&{f%i*Ui%mtQ>`$NYWRv4pMqiL964d}HVCw8V+21M=03YndYsT_E z#!TqqRM%GMccFoSm8)(7;^>tQY+TL)^1Jw2&OcEyO1yMgQRHph7T6ps?3w_>)x5py zTN;3X)>{v+$m9MqSK71f-aha#eRHGdQi)N?!gSOlr}Y3Fk=J51mDl!ELibE^siUF& z;j`0B^hRm9w(rdedncWlqO~0}U#HIR520=9N`@VFo1)extF6x;*H~yFlw8SUJ?{46 zovx>KP8|@GVx9ps5U~V8xia`+%%@M+iKeS=>%0X7j?EnzuACQ-`U<#z=Fe-R42K-y28{KH`tJ}rHHMSy<^hMrI(rH*c2 zU0@i-Vn4;X#=g>O=;<@n#8yC6bo3<&lHa)A<^s%j%+#Xn@B|9ExMD_yZUEl%Z)VGi zeLsiimWa>EWI{}YlqHl%&+`b8^0x;`q0_`&y<}_M24K0dXPg;m@h53@!Kz zTT1bjyCro?w|vfa`)g4!6`=q0q7LS#+f%77J)GYk3x`0@<`U=xEj4x5ntt{7_gm~W zpRIit8~}14!!lqOwFYY5K9iR10?}MxSV5eFMSEVrfT?o3cpXXThi9D{oA&7N(QV zg#tw(@I>z}{@d$6nJabqa08aJllRiMjfB9}W=t-ud_}jKnN*Q~Z}qa+ryLR&mm2o) z)d)Jy#4=mq94PlCsnYSRj6ukyK`u+@b?PH;OafSZIVAUTyHc?S8@Dx(h%C$nePBnv z7fa|8#kBQ5&xM$i^uCNj7?aKbwKL43#NS<7t;Em%u2E4}Uz;?G0GMPoe&>t9s);WH zk^~_DLHSlIux6}h>-d3**j2$jU1P5TgrkjW9df;o)>1v^z0EDeClqID>^Xr9RZ=A$ z!>UZPuJD}vd>udoUz}`hOjmO$DJcOd9?n3!f?j1uVfo*`-irvwDA`qwF^QGth@?h7UzZ8=V!f+1Sh_`)JgxeN&Skc7l4^I#SbukZ2n!fh7 zP&79rSBj+-%HWde@fjtj&WtJOOtx3%ZY^r+kkFF9MaEi&M}%A6_IK9MIwpq+&Zfn!9Pd-^9zGe?Y$49XTb zTBHe7ond~_e;hu41h>Za33dkybWIpM8Z~ZNXv@dy}_+VSw3%tS^uFH)Fc8%;&^>1 zFqE$)@n}FY0$`2LL(hyuLPBodxL%}R{t1!+jla@7=nQx|FyK0XdSSWy0a#*Egv+C* z{dNk~G>N$A==;z!S-Y9eUyFJjfE|Qcq&rFOV24w>urz-A;Z^aCZ#t|Z$Y7$E&#zP^9K?Gm2IOGXYSmgsOYg_0ezO_Iq&`nGD zVUKJx@zba>9+wEL>!&!T6ew_D!%ynfufq) znDR|i1DYE2^!*#A6F(|AG>W6+hMxD$SE_O8mY4wN&uv*x8Ek){}|Pa$N93cogQ zP@jxS$Q|0+777O^c6~x9XUUQN9GbhK;qTVA5j;|hZn^(_>}40Fvx#i;@kQ6gQ&uCF z*C@rub#PCpv+8t}bq63dgBCyWfLH#nSX#kwoV?p+duFqWYhz4SpwMdY8cc7r#EST&hfE z$!c2$9mT#Y9n&o~PylSExsc62yEU3NFr-NF`V>^bPt=+Y`QC+$iw_sIhsfwW=F2-e zzjq<=M7z7=D2ON3P0`y*R{v$qhc^3EhOY<5rxU?>tVu;A&J+W-w_p@Cs}CM$y&ZWd zxFf^rz1f;@K74{JUd+mUcW@H>qu8!nER`#Rkhr%-_#J^>5jeQ)@nX>2Y& zPo(rDK)b)f5i2bY`@2vFx?9iA!FRscZCfhFmj(X4NI4AJty}(7I+_kWH2{R<87{VT z^RckaKOP<;3QXQ?GPvUh8ZtN`ojlbngGx)l4vb{UkqHP2dgC$ZBq?u!+}vEi7Rck= zULjz(f`WpDdUX0SoPcEp{QKiA^re6vuu+f!cG}n1$C@9Y`VuJ|29GC_-J1yALQaT` zV|>@hRD-?IT$4}e2YQTm89UG!@ik9%^u^?SH^i{JdsHRNe;rrrk)ACLI~qod7{TBsMxuY}4ykbV1g zwlBA0ACDzOTpPbZe72_!>>Mly4F0bBW_J48>pzRo@YIhm+C%l&_<>7jDy3q zhckb$#JF*x22k{uqboYq$_xSpeDyOm2Y}lwX08d|ZCJf^b(PS2Uqf(TgvAw39H4)l zTsG}{LPsP%z~4xFN=%(mTE0RuZHqpOXvSVo=T1nV6m9O93m8frt(BA}MGfSckljeg z%{aN`c&Fd=vTg3l8-p^xSX~fo=<*vg$DW}(k<1H45#eS)Gsm=E{5q$gm~5lBn&X#J zc&xdjh{^8-jfy7eq&Ax-^OO5i2s+*RjZeaLflW*u+ z;n<=~)2WplOzNj7;Pz!=88NB*nBn^7EM{+~psO z*iPxA7px_Sh#_Dzzdi{$Uw1`Q%`nNBJMBlzhqp{%d>sMw&%Iy$0HSnQvnGhCKHHdU zeh_@yg;amdz8~Ejkw*q@v=FxWJ$R%(T=UR_2H1lvEWAUOFQi|)`0-hjIi`r`mWX4H z7z*Q|Zu|ru&vu`~_E=h6-21ZSqi|TIfOYiTS4!;mhIwj*U|{Los0+rd7AWi@EGZxP z&-cuAjGoMgQfVX7Kn_zh%ie0Ccir6FtcX|)Y5kGc(vK`DQ8!Wwb*1eD#b?8hEk`n) zD<9)FYb<8$P=}srWQvNBZ+V&mhFe>t>z)tD*k0{bA8ZTB-gn5%X(?(3pQ)Q$iZMsM zC2snX7Q7Oc@p5;(@f>yebYIk>RE2r%i&pbN)6_4TLox?Ok24l>QO#s=&wD_he;xN< zAsW9bbV!swm2o}2!X(-eF^nLm|6uy2kbnL!^^RUu2j&1dlF)dTo4k#N*a9#D+=*03OgtGKRlF)cSvb9kiMwY~e+DpFvPe9|p(UYs2fg%4CVEl2R z=CVP3lCIz!UnGyj|ExCt8n zpGe8)wAeY2qVoJX`B~ar=+$bfgi!eypK@o|g_atwp+*DK`Rs=w0P=BFTj?%Xs4R2| zB@#B&HTP$tOC4}QLiNu_giJOMX=>APK$b}S)eifri}xDcBdaWWs+&ajMdlj{MEkG& zyS(GN3x}W*dZcS;G|?n}>`v-LSGT|k!_}ro`FhJrNxC%ch4}vZ;;|G?Sl5sSZ-12N zQr+l)gdKZtLk@rZHe^Rgb@2q(Z&6C55H4viYSbrT7is-<<*Y03(yksn%767-7rH@5 zqNH@0zK>Wk=l)M5-}emOY*t{!&MvemFD~?Gxb^=&%7+cqZGk`Lx=EQVg4xzu-T>>}NyETFU4b**VMbbEmckw;dl6W%duT zZq)hlQ-n=r2~m36JfXmsQf$1E&t4XDzR8VsO>23Y0)l?sqpJVp>zhaX!M!eME2wB; z^$bpCx&H?}mHKk&;dJigLbH5@ouh@TcC!gcxulF~CnLEGttM;Xhi1unH>GZ$2Obj+Y4J!LUEP zb~^kh>D>7IS4dvh?C(s+^u-zy^+a<%cq$fUizMOLqxjz)gJbD`SE1(2_PDIJe0B#N z_8={Fe}3b5Z!VAt7rxxX4sjyTXRq&6{`9=amYRg!XC-yZ?rN<}iiHU=PIZpI=Fr^q zojnlpU9|H_KYPqo-16OL*R5iYvCltUdeTvq$@h$;#(pF;w+Q1cb-KjQ2A;VxQDvw> zgDU8$yMvW6<*VS7`NiE7-uv#VaYhriR-e!PPlLVWrcn5^!N5-leq zEAvIO+ ze*>|f4gdL+lNOn$z@!%1Ek`?8Nj67`_{J9j3vkrvAJlsQXp0+JG*J`wpEN1{Zi!rB zwKCCH*d{PM|JPb^3t(n8z@yu!ykQ#rbRq}P(j{#OkYZ0y&oG3%ol?F;=}PGa!f_l# zL^Td`$_@^^KuItFoGcI=9v=SN)AN)yd#%NqJ%b2%5`aG62ejk%um3`y&nFNL|8`Bb z;LiW5KMyMHZcFn}aE%|Y`#=kgGd?uG|9x~J06?DA|3b=f`=XBOmE%z(CUfj_qzC=KAyCearV=NO_O#P zYyEj3&xOrH_!+GnmhDTYu*H8We$n}_s!qeiMjU5qXM>Lrcd z?Wzzv|06Etn*$2^^%a4t`;`t@GK(w~@=4{AMkN_6)TlsU|P(tLfTR|Q9gp4@rj z$OL{rm5>)vLbN$_&`v??>_y=jdV1XG2e^Lqd?$gvO5gW*ce|)xthr#8$9;rk&;}r| z^+=|>t6?5Zxy41`ZCm$;XC%bAtE%fW0Z;fYmDEWFd{mw}b(VWpzV!11Ow0AFr7{r6 znUj|{xLW+zBomHh<5gCBQjHwBv@`%})=l;s^u>@>WqPOVcQ-8hdSYJh%ItE+6VEn& z`ZRlDH>vr0!&hOLcA=-yTaxHy3P~G*KBKJ zMNlz2?UEM#12b25Q<@7=!BYF?`M#cf77KPgo0nVWCFWI<_TX|p1wrvEC) zmB6L(ZvAOleF-Ir3dJ`rD3tid&GNd#_(~pe@R3~J8lE>Y06L%KddS^N2W!U!i=4cm z9YES1W;WsmVyZhC=gUnG5Ar$4aN?~lT)m#G?yZZ+)z85&LoROuR?xu<2fEOe(joAn z#wZnync(gr`CL<=sG05|RR?#W*m=`K zYo=?F#Q<(=@I4#r9w?DGTt59OcUN9vz2tbsV735Ke_yD2T`O9q(KaNaTCBeFf=6#0 zU6MC=`l*ZGyW)qt(_l76y_PKYF&Uh=du7+)a_rV=|Jv3EL)a})i}G$sr2q=;t8Bh3 z^9;R9om8q}a4w8vzmJ6WzI?CUyGq&9Yd^iWL{kBr$gO9>qc+m+n2fvc)Ld&u9gXziOXiJ@MT&r>ojF%NeewsTVTRXY1NI#fHA= z?}sOU1WwR<_MpFNR22iV=kux719XyF8!T?&=2*2!M@Nsr3sH(ebaMmu>}u3M@v$xU9CMX)%AhI6JX zp(o;=tP;X^!bfs00oYG&LD8-G_(45NpRznX`|S&(oevK>Um=wE{vb|QBdvc%hJ4!xTbA+ zXO(g#G#tYFTWN?l20!d@CFI**{IOX#)~n{+MsXj{51r@orTG$VYcMsaDud34{B z0?LngUuF&@9>;G`t=#Cmfkh38cZcKoHs`b2U<9eOi?_cMsoO6_w!E~GK5Hj8j5IN2 z`r7Eg?w81!-MeIIT7G2%QJvI=V9S<$C*reONQdJEO}b3RCi?!^bh!Qje$R&QpAv%@ zz=7sXzrcG+RmJOpo)*ZphBWq=c$AWQ6_>9dNvu}>p<-x`=P=xTF?OQmL7q&r;Zsam z5$ za5bBLz7*re@m_i5o$D7MFAAg;;VM?6o&>xJb?J?}Mb zs4~Vk|5|LkR*|$rR`o04kNC9BK%NDQdTje&K<_&5%NYZm7OJZbl@7zmx><~IJin6ONN#_g? zCFoS!=wxy`)fRRrXtd~2(W*YNVo9tB6K&Dv{7v|%NL;nGutK`hrzbOHt363DTm#`a zgdBxMK4)1b+I3c{ji4O2X+Ryj+WSUFs=cDi{}mB&9)co|_^iM@`m^i>6vHV^QdkI& zw|(g`5SQINzvu*704mz1AN&td-m92j)-PFr!A$>GJS6q(V-HZ3itk!Z`2Ml#g{N(- zEX)Lb_WJg7*sdD(DfjW!T<9xDUf*-fs6p#Ws@A#h4 z`6NR#zO47HmxACLZr9U~7bb^WVe0tNticLclW$xW0k~PR79sOLO8WmpG2lYr*`S$9kJ2{uQA(;z*gQZi+VE8fpZpv1 z%%%0>3 z)@Y5OA7uVbt5f{_oQHtT@v>)EzVw!d?-TO(IZkPq zcxc4^rk`MJEYcdp7&1IYIQ`bA!rrCS5Z(HK6;uQWBY??%7M5j{n%ZN*sV=eoqG@KH zCY)w_h8pCiAY1;cb=Y7E>}MG-JvoW2S?Z`vQxlasVA>Qc`f(VF!omu1At$T?Qvhx> z5dxpglliVjCbDdss4fT6S3{{XY44n;jrNH)+~8?qDC8FXb*e?A>kjAgH;Jsv&(pUn!NEq%gXnCeyJI zu7*s7OFv;Zx!)xn6L_ZdbbKsVQ&p5|T|ZT<#pQ2!|<}JyJ@DI1hx6m$teYe$N>282)xBC>w3gAo@9hAmXHffRj$$=uStpUk zOn;cr)1;g6Kjuvadem}E)6csVAj3c(X{du1pS)%dm zGhrY?3xYFAcEvgB3u#L za)D2~pEf=$@A)yCSjd|R45eb;A8~n>>tip=sRM5|4e8sAGUBt)u1(}(q+@$!@0j;& z^28a{QtCO9((B~m%1_Cv)-j6YQK7x*l&4kPddHt&9M($o^Mn|=gHM?2`>g*HEl<1x zQVINkqU!phdPB>l{moF_^={rcN3{0JkY@2150qBC;qKnS*@gg6g0|*YEMxw9yyd-O z;mWZQUANNvWJ*TN7*yI9tbV!P=>DdXU(;^4By6DWkyhAA=fGvQ#ziy!U<6_x;Itlx ze7F^dhhESS4?2{ixTsN8Hz?9|hvslXYQjX{6@5h4=+g=O=ki1}b4rbJfDkV!m;7zJ zQh3O-DH*?G>G{{z4V-r)KQ!F5;p;&c&3yk<%AdgGv6pko=lln&qvbZrq`#g_Ia|V2 zOYD4n+USo2o!RW&W=&X2Kr8*;4!q{xO5phNmM&BmrI*B|?#ygBT_`tX&M!ln<1^`p zK@M2@((%!C`q4N^bc~GDgM`Dk`!}f#p756YRtuNo{aTM&|LT>QaVJ|JLVAfMdvg(i zS$&b7Goz=oaJl+$dr9GUdp3AgzBA`S-t_3n9e}m_1ik5VWCGTst!F%sp8G)WV|iXkq`sBni3T<22HTF;e%=&+5wBNOCq>IY3=Y;PV)BO7dc^Pe~B zXDaTWLL03-?pNkSwqzu>J1Yp=p<@jcS zT|(ziS73Mb*Ydhhz$w?v_*?mpK#H;Nw_TK?R1@iSd>5uE1_i%AdS}h*A z69!72-odbiA!0(#EH42QlC@lEsoKW^ge9SR+?2~>C0uWToQ-G*p6+?;+dRTkMtf-& z-6@a-Jxiw1ClJrMxkR~ZuOPPqlGbxzAGTXqoUH1lvXOIer)0$3WM!?A# zxr6Cx&<|taz%vKGC#m{xGDCa^2?`T5rPR|C%|{=u4U1DZO}1aepOL+)@zO6Hj-V#H zYa7;kf-N;limM-Zk$8dHz2Ch_4@6@R%nPh$7pH9- z$o&d3s7o4YFSEW02Pk!m>Fi7~Gcpf;qfBNZ#FY&c&gzS)NN?#PDJw6b+v`tTm^eQ4 zCwOnViWq&VCn8BW5VcWtTT+W@zi{tQh!f_~qow^gkNus!y{bd>eG{nVC$X`d4p)>- zXU_&n5m)Y)jqwN7x1(b}D-j#tuI{y|(y{1qnm^zc2_`J&zvLjdqK5|uG8ht2fKhCr z@9$zW(-^Y#s9aQqv0qFgykepI!$q>eTVY$w2%38BbI>@jTw* z>ks|`_NPn>55AY;ldB>tKVr@i#hrgtWqvdl0@q7}@?D&jaF2v?%HFAEyS?X~oZ96z zv*qfZ!Yc6@U}Rum_y8ir#Y-NJCp_beE)2D`pTwQ%kNvrK+RHdHC&d7UN@(YvWifTJ z_EA8+?Nlh;8hz!E388V=U>YcM^NSHAe3Y5Y233w$0ordfm>{2yJ6(Xl|01OtY4eyhW3mszTI@z6?vYj@Awg1{H{i z|J3F7lO`>CF&{ac!@eW^*OZ2x zN|QpT1yZ%f28^NqYgCBw_KJCbI34<|=ik7g&;zNQuA4pMOXF7`m}!&L-HK1{ep0e* z#Fvhmj!(mf^Eevswv)vVXb393iaCyj3}Af+f3~-_uw1v)2>eS4@(>M_%1C37s`UVO z{-ho{9H7%JBBG*a?Taf8FR$8P-8aSv-Aw$xYS!*!|5IyN)pYgmgOH?m z`&Q@+=b17~v2Rtvs&P{n=gAFjVk!6|?oJ{VPlFdkIAYn?n`r zX!2^p5M2_Chq^WmoW-q%cZ zY)_w0I7}Q8m6r!bL?HYM@7p@dTW#J`au4U0wcLhv9&Xydihtwc#}Zw>BS@3fcp~vd zcd!+KU#4FlY$43?i&wFKNk8sO!XANm>m*pxyERO*;hcBQl%Pnoyf3E%q0V_$FB6eC zMKl2E@;*5#I3=`g#_`AXrZV@irOawO;@0-&PDn~<6&?Mq7@Cq7UssZ?aj6+W;l{KfbTcY^x6 z;lqPY?4T%$0tL`IP^$F4fJ=oaLaKv~x(xXGe8m?1zblrKg+@v-r8%`I6oqmA)D&Xb zpZV>(%JTcv#5b)YN?ql{MCJZZ4#^X;j(DRSMt9ZJc(kuATY zQIiF{(ia{W%eJ-#V`YI3h5?oo&NSjgb%l76!E%<813|JNb zrDzK+P~%2dUqbU2>sy6bAMz*avbwh}LLBA(L>%{Vw^mCojGnj|D7OswhC zncu*2(#@74w`Ws0Iq%=Ue%jYKr!;IQ=x_C^XDqi$30_?eQ#~fMs5j=jJ&H_$*J;Mg ztbcXVyMTa2#;m`Kj@3Y-7Cpfzf#l&D>OGs#P%0c3!c@MoA*zh72>#dG7-~4xX?~d$ z&aj){Sl!I>(M#I5M5{)}StV)S<^RSuIyqU?PKqdu%Y3X%++L&VJXzMBj>hNoDQ6?#u7}sIo8nH&8@5@b7ELG_UX_u)(!f;S9#KtKNjf!H1qxK# zltc*ah*NJS%v`lSaMnOinyQaw7kby>4C|EYSa z`Hf`7FR0aD4dMm`%L!LCjQ5vn)#FUb={MrEF}!;H8jqmScbio;GQ}e__x601e1$@A zv6F9*I$LO{G19cx;)@39H>ObC2j=`ESS-1@sY6b^^IRGXC z=W8oe9e)+;acD_rHBh52%1h28PNjh7%NMnl=tj2^&q+L5S!Y~pYk5V*akVOUE@;yu z?b%~v1SZU5IK5r6*7*c4m03-O>Qj3ksucb2WCZ7)BY7rknp5$5tB{9c+9H@n=PeEN zOzhUo*wHm2ozB~bl^tU_*vMVSt~We#ZtWP?f!VFVZVb$iIuZq;iSE^sjCXry-7%Fu zSi&X&nkNgddFk(3F)bR|gcv<7EKM4AGJ4IWMVmS^t-az#;>_ksE5ESmg;JiO%Q9YV zS^v92n$}o?x6F9eqa&Gxnk9eRxcRSlMo-4iJWs1Ls(1c4G2KPQj9mNX5s8V~#Sa6s zhE1@tP)y=#T@#aFb(Pt2Cs4iPlc<@-O(_i;8rqG;M^29RXkDN4r!*D0uW z_b#8GbJ`V}-9?Ja4=MS6pX#`hk2)m=w>S_ozN90b=Kj3V#Sd9pJ{s+)yXfm) zgF$|9F79_1dMyEIXRG|hByYlg`M?xY#iEK;CTujxCn_yFpp%hB3kDUHw zQp4?@oovkSwRS&$WU>5GEw8>nJcBcob(Mothqit4k{D@%=}OTkKL`tWhXhwSf-&j! z-RwxKDmH&l4+Exn5CVUSa+KHw6#$hLHWGo@3G-UA(V6UE;;qev*=rr>tjJ8>3gFBo zBz8&$M-mQ4bEuPslr}Ak#k2?dCmcR6u-{=-|1+|fF(!9RQzw=|ACPQ8`Zd!cd9Il&TRBPt)!sinbF7LXL@qHBf z^+>snrWX8X!!=s($AJS?BIk2?>@9WgAM?R+hi2o}qk<6X=)7rRYFzSP%}!enDt|ND zl{a0Ex*ck2=?mw-^)&NrWHK-y&c(pwO{ik16)=JQUsSoaU$uDkX~fT+(+MfuaWAC2 z{PK4Z-e4jpEgerB42w*E{0hYGI$@*rZ4Yjwr#~7ZRQG{a(0?NsWU?T=!pp~phhHBT zNJtl3Kdi$O^MMaq_t}vA9d))kpQCsA_2kcbF?T ztAuxsy>^6|EWPRgPTI2ZC1>kB+7SCN?5E8olLEsJYDk z3fjPDgg`#v8KCzGq4vqs#Pj9{2xhg^_bXIW?P^d0i(E)fd#Nbb5hjGidzI4l!g{#} zZ!=fp66Uj2?(Qlk-sl+9aX@~YamS}mcZ*;0m-q8FGA=G!vbw}^meKlHlx^#4Y0Fr% zN=j#a`FG)&dyd~N!{F4l=&vk!#TMSCeKc^FO7!#yHk}V9KXU$Qaupj^9H{OSjVz-j z3>5--DRgEjo!F=x=VdZ?#t0DuEK2AhanThL18l+ouxT?hG%_xA-!RioVo%Xo!y2pm zNlxAj3YLz8rv1&12_yv_80t;LHEh11hgb~;;G^Q);<56= zy%;HAw6WqBstcRwat@j3`m=pQ@@Z_yo;nNh8%(E@M|z8Gf6~$$U5K2X?+j&|FR_#+ zoa&eA{Z8%1TF@3=SG=dNbJNR_Fxzxyxa0VW*e^mj6Mv8)#Io0HUPPEnQY;5=c+xrG za*RAs=g?man+$o!T?3nfG5j@p>{s zehh5uuTBJsGilYPIy~7>j$fG@gnW=8b3xhe98jN|UOwB@ummZqp^z^;lE_1dvX^&@ z*Cz8{0%-H(s+@wYCCrC(|M+SYzigdfiD%0jt4VsmpsgyHq*+U26fc860>AnvfNaKo z&ub&e`$BexePH2u=L2wZG%491g?O44&k+SY!#4b8kJxSo-x9FoFFNTk@0(97M|y{8 zHQS~f2v~Wo>;DEhtvV90S#AE9ZyLZ<6FG&9I^9>OtJFHfcggmzU0;YUxsLkyr0m0e z9_Hk@m?v>?EV&THwcJbCUQ+9hmL>VFuyrYkj-qFo6-Dh|!T{>r&qzyy6VMcrlM9QN z*@!b+SlAuAY~?=RyL(~K_9_16@>PxukyEz;{NFeS&qU#2N~QHc z{@M&Q&a?Xuiz1Ht(Sf$SyqmMkLCa*ObiBgs?~5{H3KZfoT69p!PQFR`{_mc4{1=8()efoXi+;m z27vEqH8`Aw?1E(fuiN)1@|hZ!kTOpWQ>vez&?l0HYgGWBoB7A({?xyXc-#e8-WAe6 qE;u@K2fD5&is?w)r1US*e!@PsTJ7Cei9m$|K45V@&2dca~n) z^rsI*H!a222<4+x2Txy6Y-QAB5D=>3upZ1&pT1+bDCxT)AmDcWc_H>W7h549Xm%;f z$-MJ6Ia%@XBc6f5FXpU*C`puAEwm7EHg$u?-?+R81okezDc1Q?{0;LB(o4Gc;k7*< zN)%u^(uVj+Oa_&KlubR3zM%ixUT7d<YYYRjhzH->otmgL*%o+qEPBm|9~K??)9^D z?Uq9qx3OCv-zeqr!GG4>BvT-Z)K+z4^{ZC$2p|iOJrhU%@45|`QIN=JTJ;0MUl8I= zGHlUF6eeFDn#8@onZZxsd*ideL-5(#d5M+Xc6FGbFIa>dK+sDE}pMe}Dd5 zqL9{NV~EK}_>oTHlx?FNw4%nfH{bfmSF&(w_?yRRS52y)I_d#tlIjuOykf07gjtz1v&H(QZlT29h_<7!se_ZTS2lKc&(TxYB~vb*#1x~;G6@y2>J zBz5bp4&lYa* z#Cy(6q2FE4^8PBvby4&NF?z*%xpv%Ym~i4)|GAn;!ayx)EZTDDhPk$t;q2IlvDEpG zmnNQk!Ai4j<7pBB?h|W{_fS!nuNN9~<9nyEPdAN#iBiE1tPzi_DTkXgZRew28CU4K=;||OnC=f}H=NXOnF(yIRde1#THkjV`*wPJDDeAc+mEU3 z6b9sc9P(jp!h~on*0{;odahFTri&=*>*F4?+727^KdyZM51+K>_{ zMDy!6k-2mJcwzvYPM`IZlYN@0P~gV<=9Uq&2QJZZ34-wG%|f}ZIoGpBic2_4!Ud@U zl6j_wBco8#biy9B$q#!JJfoFl;MY&HGx69L-t+I5Z(V(*ew)wr#EXxEV%`g}ez97k z$Pi@wg>1XDB+57u7{$==OGWsr;v{^NTlhmY?Y;nSs6-mIFgw*VuTN9fXicrZQI|^> zED|23Jg?7)&^8>&T&>&tfOY91@%YO(Tfkb>MU&-Z9%J!sM|2~!tlw(D0DU!UZ%VY4 zg`klGou)#-pp@icdv1quCNYj!W!jo=U%U6ZUG`_GFFDH|e8G8if)_}Q$M?gHSq0vt zOL5s_#8U2_>vMZWvIh$!;leqzaPD;Eo}Tu(QusLnDeMC)Kom)CoNwpNJ=Mea0HV(+ z;yK@QOr@>JyqTsKCc{PdNvy$~V>-jXoy0 zpYPi!tV5Kc!ONWCHB z%=g*p)QN*w1)i>)2s;J7Fj{Zv!LYwKcH92U>hGwNv0S${n;907;M_SDfS<9gi#3Y*<=O$snnbOQXn-Nq_K`DFcu%tOO6rav@ zmj*8*tT66eZ4`T|rPf_$(s#3O$=70SX(P<{+^EyMg2I}zahfHHUO3HGK=A(Y&|`U>gT2~}uqmk&R@a6W{Q8mW z-k09Bi?y?kb0zT12w1i1o1^OgUTMDHe4#@kyMw-S9Z(Q`6DIzgMqy4pD2*$ocz!qx z-Vn&1es>ptN|<}Obv3E%q&q(v+?_d1ojtK4FG zxYa|WApX0+sa`fbvrIr%RMF@Kw}S`_7 zX$CXWMt7^#@6TSQr09dRRV%hLx&^PD42VrQV=fmA=JdniOH*v~}`UikRG-+=!nxT)fYjNzQ zhGxvV=O%MX36?)jW={0ut$6Q*eqQ$rcencmHzY1iNtj)j;g&+b=M6!p`t&c1J?>xV zW@5#+K*w3uEsv()^z*gRP4MT!WVSBG<;q)+w8>ShP>j>;d!ibw(T#HD#}28#epcYY zt2%{E<{+bvMN5;{H^@CJHBmKSCO7m4#~!oP6MOjzYHCiKTx)JJeAHTU`%9Ha5T7m88{387z2|oS3$%AL15X{sx|wX3m$RAwXMi&U?d>#IKxCYfe4$Wtv+FGRA2pZ!;K6-N z+()5k^)(1LzeKbYN34~V!B;MC#PJhf^JOW<$OrWNG!Hjlv~I;}$hR;yXIksEjYUz| zU#8q&rHQZ=og@v0$`hT`6=5bOKxhkS+Y41EO<6rTU3wQPax44QwDb1t1ug{RnlUTD^A}TvH$o!ho-q)-Isd^I!yDJwGoubT#ZJ&u1c#<~D zo9~89im*&n(ND+IYcLvqIB>pzTAx+s$-%O9DV&GhWUNYWS0nV6!bK(O%rmK~;Rc#n z6*Sq7+lD;F%^l;S3SXf|crf>5%H~e}c4*PP4m@VRIPWcd15OgI=D_CeL>zj&yow#Axjz+(Qq5ZjDL1J_D9OK!Of!i9ep=(CW z!!Y!?md6(*LV$r}F0fdWL){ydH>IR2o8c#ky~S6EnEI{EbhMVboI`CWN_2qvpNw%T zEH_&0ZpgY)T75qg{oiM{Nwl+fMW~GYs0s3Vyr(Ia=9Y#mkL@jQ2>_4Gi!t7Esmlr|Rf7=d@Xw z$VMbpsD|W*wJ;$rkf52R3R}?r^PFe{M}++1g3Qe3G3C$a6$PVyVaL{n`jucl;IU-; z?8@3(BQ5n$1Db27g@{B+R6px$GxHMi9admCPYYEBAJOufpZa2_f+@PP^?DA~${@X% z5OAMzz$68f-d_*%g7KT=3&g-L@APo$uqmd>P5QX!u2+JJDbI zfL%5ih50_drL6O?Chu#HklxRsxp{!UZfFp>ju3MGkq8p1;==&TS%>KrgvGu25BFpD9LQ!Q1RR`iiBbY|rahXa4?O^NeQ)E_~n@Ai4#uy59 z2eXtIa-R5WC-71DhlGmidt1XGVzPz$)J&~F&EW?}Bu`0nBk`onH3NJ7R(GEjLv^RI z-44msko7&RE0?L^i=YctnajrRBL% zP4%gp0Ps6ZIhJpJa9&SRPP(7LE5%DLlV}JIW*3nbtR^D~5QGFJ%Gu*{`L5$|xedj; z*&)dYM!9LnNiMbpr+0FiE58X}HW~`koODK*o0ky zIgqoCEAn6;|K<15P~|UD$PC`PB8Q8t9L5sTZY z*(rIg-k$<+aJ)@;n_sTSQa_l32u1u8irEpGuWHn-FqLd@_S=a)3h&PKjEap63;5l+ zrVI`Z^6K*29@@Ej9_)FqektZ&zB^(@kEnw6Q@8M=btRU+nvA!c{D?%B;YHidFVX7o z<-7mN07bTv#TX|e`1tjG9cg01eEy>zX$LPaRic|X_Fi=yr}5cx=Il?|mv&tUnDdPo zbRo5rhXr=hUty2Z%CMpk{=Pu|$$Z4*ZvqVK7r%2xE^%I^i}KD$3HB=UZbB;C=DVup zbprFe+rr!$4bsS+9g3~GMn9?si*8woXPI`;O1*-R{tq)}pXP?<(bwEx54Nx+34HAD*;=HHs7wS6ktruUHh4L_;m*J`n}n%}HYc|ntV`-#AEGd#n= z`Xj%g9Kk}=WCSWu{Y>rMJE~7BmfQrq3z%|it?8NZEMk6$q}M|G4}jnkIJnYVS)j_e zD;56M_wh0#wpp-_p#t`sp+aN7KNLL=@kx}(q1lrEwA);lju4vUvyqiSl!OAus`q-p zwA~GHuBKS1XxTDB`R>EVRh&_$IXxImR*ruVU2R$v`z!%tf+ev><0k)q-A+ho#YP@)&ZU;wHEVspgIk&3hgENy?*;4&#_skc^F^w(B0l@7s2!Sb2Prp z6CVAG@sVy1&jO}eW@{C)Ri2ogXbX=U3$4-0AJmttzjh+_mfiQ!=3tDO5nYF9ADjRO z&+bg$%Npk5)OyW~|1xIE%KLqL63A&Z)uNpR{wupl-ZJJu9*5pFHqm`Nv+kZ+%Mb7? zvPHOfyVcDuymCED190=`16!9fGwUMX=N_g*#8cIg6wiB)&W)LUtaf&QT7Rmq(sKp2 zR2$>QGA*+JV+tuQ&R({-;h2nxV_|z+sxTpQhUfaK3X^@ic4eCbe_;vmOGdjO`p@u1 z)c-i909~La*ZK2QnIHxieEz1q4b>>oGh{w)13QHL^N=6dnb|6z*rcUwPM15UO-6NW zW8wZ==F_yXl~5&)6^pKUuW96X7x-9SJ-kozSZv#Typuq|lw#CUHzzW~g5XjTAC z;ae3)v!#iiOho$te)zKwdz36)ONwRP1 zBvROyjXtYy-H}`-w2(&H>T!=m=UVvo{Plmmx3}#C$jR1bD*M**_Sf-`)UbHDO1+rb z1H7<4Wr;1G{9UWuw)bStH^A}wSD~v;o+n43N%g@WSNQj%dgiyWKOo5Bbz}mqgYf)X zHLwl+3Yz8tqnepnq)$^LcR9silt|s@bznz*J`4U{aSJQcK~vb!D}HSBhxWVC<+00| zqGy%Yr2K=S_}ym<2nw3YB5@o`gUKuC>BQ2{?pxIxq=e1Ua4#`D)|P_e?uUd{&juBp zYLLj9&T5g#R&P-CIjh+-rKT`H{*_|5QsV1Nl7tyUaDwQSF_46&ox8L&q8$SnyX&L< z*cZNYbXue+>Y>>*^m4BLMwnx%Kc#Vi?C;i4F1{a)^ZE>b?U`QYs}TYN%b6REA#jGq zwsSDHm~R)Qqwi-WFU=R#`7}JllhVyVNxz*($*e6SlvZGJ)%^|lJ&U@<;@Od-N_%rP znWrtfx$(m;@nvDbSimOPYM?Dn!T%GeMlqaNGp{TN7Sdx zZrn1iwR#DiPyeT*0+|2O8ppP>d!pBa-9ag^mT}0zP}l1iVbz^op;oTHNc}P z1HaYB5~u@n@WgNjhPwm#q>FJSe zY?#X_D42O`ryH!RirTE*=>3;@)H3&ZFL*rcI4ux<+c7gP@P;d94Wm!tvQ2Z~iJEJ) z^0I$;{$zT!&S#z|`f+yX^oPml$Kh_U4imAWU}to9m(3*IjAJPS75yY-4?eDSwcN(p zg3>_)U~{90${qEPXs{i}65?BJZ55w8&g4~z__?-f&hC=mnPsnyCNh@Y&N7HZhA1~K zyo<}re>5+vsi~FKG-}TBxM{aIG0%Wa`CI`AHozASjAi# zjehpk%Rk!E%022v| zXOY8}gV-Pfeiz_AY?{O|Ys*XWhhtJdZ7jcA3{q>7O43|Eynz1YerqqsZFDckjh|z& zx5<**;I~V1Xl-s;zA1oyd62W!If^|61Pszys4+!aJJ+(2B(-+1Iyb&E;^`mlW`TS}LzqGBz*|`d6ui6?wX}U^S30U2VAH(AnybR{axa|Ta zQ{y2_@dulPyN$*)SGr)gWbX8J71kZsAO0qs0%@?>`=^YANu`b+RkU>)!>DGU$(P%v zc$2G|M*8~JfEZ@C>@o}qE7*~C{ir^2L*pBXxtkDjrjGbJ}q<=*aJJAZold0%SExINxZo)*$6IMdalCX_yt5qjU-m{Nx~D-8 zLL5{>o+w8Z(3^--Uw;G@=je0itt<(o7#l%5-xi%Wl*Y z;hpZBaMY_Hkfq%rEQz>~?^&1~7i-J9!25%XTaP@lRhy3O5wXb}vUW*Fh zP%7Vd#*}8{4D45d+@?6D05EEp0~_8lZ$d_I;Z-|(j@xuodY;#v{Rme*q|vR|YrwQA zP6%F`W`71l{WRLx8yitp^?8lQjMjM-%AW0a!FJlfo|WO0)_#mP2-tD{tdSPD)oj0k zqQLd4Hd5Ed^{6!F5w-x6wC8G0X755Ayz_pnsP|A61;sXJp__2kIvXzZC&~tlCDu%p zIbfXa2?}HxI+G8S#kGz!f@oO)4(s5|`G2l$5F&?Qd3B1c<0;!x#dItJ-X1nMpG9r$ ztu;j(20X=kfVQlq$@6i=mXm5e4(^Df<)9qA`uWB9-xhE%e{D;Uw%Jmm3zqUv2B_cJ zZoXe4QCFZK0(HX%2wC47P$cRo3dGvV7<;pD>qu<0oZ>NNtW~tSP^7JW6Js~kONoJ5 zWa*1XDFjP#{!L$hJ&IULtq++j|8*mLlyS&a4|8}B{*r;7W!ZA#gJExaI`k8fBl8HO z5GZ0tf#Azfe|WJspns2KX}`K&HkO5hR13#|ta^NJ;BwsFnj@)n+XpN=^s&1Hv@doc zlP#m>W;QdOO|tWa&6#`-=>a8Q_D^!OI)SNTSg!7#64(6ImU==j-}j7VfRymUx>FOHFHeJu5HA004iPJK;% zx)w-p7SXZ{VMyZQq6?68=f}-}6|MIiqz)E4I&4J%OvmA_4-oW%)Q~#XP?oR=pLglOa!|O{| z%055F8)ulL$8S(vW`$-mIoJ)#)G>=~ZQP4O9BKZ&?qu!VHbbW3 z(K(H+SomWEx@3LAudbE}EaBTYf$y;WkD|!qvD=zb=5u@p(KH#O5?lZiukG;~Q9aW0 z4W90-sWhyuGDE(_9Ad{h=x0h=AbIUe_1tx#d#$WlRUrR3U;YpBBVS1$7Ii*;|0Fu!Vx_ zW~(IQ|AA87A5aQV89cO-zvZK*$VR8V>J)>-`fQ9fe;C+4LRK_g^>|{gWAH;#MicMy zI>Mg;pfAr`PwaQMM>>neFA$^6T3IidhS5n^BWPn(tyXflta}1Ko&pN0_ycV&S6(M5 z8I;yc24D^BVR3EE0ZuwJ^L<_547%rco!(9l)!|Df@Yud1GN?VJQ(Jv4*HLzybvr1# zm+PBG;UaIW4uT?b&Y!yX%IO1q7 zhh_ueM5(@>-4}ea6)Z$rebjcAAi$Y5(Wc*94u7@PT6L8bmBXtTr?(bV9T_M++BR3U z)hG1>1c4R$h}XkEn|QN@$#Y3`a*bUHNstsB{ly`Xq$eB-$|9C&QAJnGlQ)Z$GpjN_ zHDY#gnm_qsZ8HA0Fbs4S7#(#MP{FVjYBD<5=TroT&v!%}R&2EK0UXnbtZ3Ck!_OPp zPgmO{RwN}mdtU}Jlz!&T;c-Tf4f+%=6p%7jU#CddOx+SNo?H_*3p=W)(I_fB%=qcf zV(GNfnXwai+#Fcpa#0P_m!!<&UjvPaw9|Nw5bNSx%t|L zz1OM8H7jdvHnUb!oH2MlZyrR`{OQ8o)oFPY{@6n?7laJogw>SqVy1xJ3naZydN+gg zu4-!ve&sbzwRgP}`8%fhj2bWB1$4$n?#OvCCgS6K^@&(o1T}}c01~oNf4OSieAP(J zeYdu8E$S>B;AdwfU8F{vSa?V|7c+kfy}ia_m&UIjsRwaG?qJIo4;A|lDI&9E^zD6T z0UgB1TL6i-?{_rbi9C?!JocG-yi(u(ALOgwwSBe!h|EWI+~77G5!#zr*#~q<&PaVq zWo`F&NWWdw(4wiP7);%O`3q>tW$$@T@BOWe*5W?N5)6=JG=%=d!;l}a>8wroCfj3U6uKv=1Z<5sMznzo!y=_)W zM>l;h8(wY6Dg-QM`!F08&I{Gi*aEa+sB^Kj*6w?|ToBj0)R>3$Z0AoalOf%KB%?Pd zgfx%Tt)46X9k>2xi9RZ#Aa%WVTxXvNQ=jV*C)I|0E(xc`IQ!L{jv+Dgxh3Z*k-Oi4 zLG(?ZrdE(|&p`|gcEf;Xk87hvT2@E*%<#s|hAYV2*g`SNELSU9z8NLAW{-Tw&7Y8D8*$7o zg;Q_(yhINDb3mTB>-X7+)J7taY#S;KJIPB8Hv?I2+Oo%re9!POXfAT#gd+Su4 zuj}7`{kq}4?I0%eobNT7I@dQ~22d^@c8aZP<| z6K~msv^#1hKVBW^(*|h|KNl1~{U}ih|4 zkYcJzfqAP0PR^|>WfRvwBT;%r@%Dq+>Lj=$`HEy_!AUXW@u)dQz4-EDqO4O~K%zlE zf@s~kMb=j3Q|_{NB2BvOf=#+@d&y&e@XwzdUo!??gx=8WA>^(?1F^Avvptri{r!7T zbrREIl@QJVU)yhVm2HK)944bsTHE%#w5y?6UsBPHj}k7mi?Y^bH~SiEyMpbN=*13{ zxF-x<>CI~NsmbMhsk61z2!(c9#>TRaWqZ*+;x_*$ucVqPdu}_)11q?{W988q2ctuJ#X9YuF(NPlC1>3 z*~Sny#zKt38+QU#jTX_Vay~UYaw#mbMtH^on3u)=(rL>p?O0M2j3xfRJfDE>iD!J` zIVmL#l@KBGYyiDyTLRM~BP>#Y?=rjzSzAlsTRW{eNW% zdf>Nbe~NW1ReKAbg|D|PO}vNHrWgeaTiOVndxKfHp+9~Nh=hg&EXS<7**2LSxp8h~ ziY=v$|Ddg%;rQR8aWEnf(4^s5jrS%(g1aGJPAJT8QDOlTo!#g;xkIQNr5Ozq(u8ej z6e!?No^Q-z{?%!Ozjj-`LyW|wv7RS%Mx2k+7T{4U6#;L(Z;8{d6A~$R^L;81c4C?x zliOPJ=~2(SL8XG4_8qpUQu3-AoNds)qaV~%wPu|x_IBWy)#;7jEE>*nQ17c^L zx3!%fA|K(#CTI-#1i8^%cDJUqz2U)1!;Y>WJt6<>qfr@5jKat^J=D&9Jm7z(+ty7` zAg-htjI;!_YLLd^AkEo%^;fPUj-?N|kpovl^Hm_74lKmdf?#T2`!w;k=p@>AA|-M9 z{ZE@ldCQMvjZ~qHmL~HWly)C3c_=Au^L|`frnL@L#~v)Z3#$ZsMgCcO|H0AI{4(X~ zCHt-(p8Y~lFxtZv4;a%pv^DZB3LM5dn-*@8Z^4c%O!*p`E&}2V|9pg%XG@ZqvGGbG zhKRSMLT2%$?cFC&Gj>C-hOD0~eZPz#Y!ky{*Y0AR0zVyA-t{Z5Z5r3?I~K$ry#ggU zjpgS~>wo^(;N@t2glKy(@c!wMaqoU;Y`PL(=C?CHPCEr>n-kaMsPJdf9g=Z1O5JS6(te7k*?}L6zL|}+oV6rA?GDTc+DKg*y6gM#%wfy#%#n~=C^%Xl-{BJM z$g!;lviwMBALBD&UF>zF@w=0}g$Fx-l*rA8LS!l9vB>1~L+~meW>yc&yN(Bb0+v^W z^ZK6%YCo)$Omg3kZf?_LnWd9|y~Qp(dKfgw8ynev8}8Zq4b+1s`g&4D`>l< zjvM(TakjjzuEBU0fioIOB6_ixtCauxQjCj!vhe_jZ#R4)F7=u-Fi42dvQxvydz+5H zx91WzO5J|(EZ1h#wu9dW~JbXIc!XI-&Dmax+d++E-eT~vWE$gJg`AtL6si>JSp?t2~!(qHS+Tb2&wx zogNWWt0_EfD;K-DRa-e|UR#`Uw-;R#llY*vrU5E^OSF-<=3GO*v-(En6QceFnrzB_ z4G&N~u8R!z%r3NJTsPOuV5~9VVkNul{8Wco@m-thr61eHPlr^V%z7o~WJTtN)oFJq z*LK_(WL7a=m?_R|;o4(r;0Ubm1@K66%G_DvWOx}r3^@+%Ydlp*9-?+MTdqd|+D=ZT zSQvR3ZfUu(7FRV6Qag_OPBVt~lIy^mY$le-1`F6Coe2 zj;UFZA-ag|$4Gt2)wY~ROIj>uBo*&@1yM=So=ALnpEAQQI0@vFf0=x7Kt zKCu9XX{?MIO=8~Xgu0c(njd4O<}sOjo`BUZU z5SPeZ{Ace*g)WzH)Q&YQky7jje2Bas<$HPjTq#(Fi?auWkr~UcC(5KMv z`Wa&Zp_j+5_nc_+?N*`LBUN&uw2=eS0U<%ZapUr1-=R)&i_vf~ew$^LUG=@ElJ`fU zUEnWoxKp#0505@7vrP|f^+y{XyVe_xip{$&@_N?n9eL(LeHs6cG_n;K4`B-g$<+OM zm7N6^h9sx9%<+WRNUz#^9kggXd5ZeGOF7LwCSA*^n+hHQqt+@)8tJkRl*Flp$^!`~ zyNnu)a}YeBrJfLfz0n{&;Z;Tc@o+M=>dDRuT+UUc)N!PIz-&MN5i9eHfP6u#w%kO` zfTyygJRn8WVi6#ftUBx4y1VVaz1ff@zr99?2X!UO{w}-u(icwSk;uas^~FSc!Ti+5 zhL-F`m(WcUbK1d7YmNV9A+eTu`n%?o;md9JOwk9Zh58j+`kR*rY@P60WE7PwMv` zs)3;~Ljw`i@&-ADQZ;7jl4EWIQG->Ib6I2fd<?Blvr(ECdAI-G%Mn0 zLvAwI?^FiWpILx1_51gTqhIvwmQH7?MpFa>Mti0j<7b}F?|Lv^u~$KcV8R1aSAHHI z{&5s5kM}vc!-}y{u=W$@OOS9}o|7AEDfqDv*Lt0DU>35jBxz^J*YDRAuzU&b;jt}( z*N~^zMsEu+rOps<$1T6{GF&;B^iPYYqvo5AlTI(G3dsp`AH}f?K*!(Z~Uv3pVytfyEwgA#No+Xqi1G0@+o+c~I>l-I{1QTj9;u zn&3hrt#ckZugb?CsI#aaEOIO`gW*TjKKE8NJ1}?5q8kQg-pFjWh3zKfS^V7fBz^)* zi|_*)MI#7*vM^=l2d92&>motQ)pzhOyRe@);U_eBI6rS^>&@S%pUq-+kqr`Hvd$kk zJez(eeX+%Ozi4m(Lv6w=Yvkma&v{VRl;MdpJzXIQ&Yr@|%?-j@n-s53@FgH5d>UUE zO_IvxdRaPZOhu(l^FXepIl9cj`iAmCmC6w=+t!n#KQwl=pPIU!V{dun1a36|o#+9s zZDz}polU7ZM8?v`=l4uxuz5H{F$`NxgVu_Afj?zRCLeOt*7S)sEv6Gzwlmwh-yFm# zGXm^h)aQE7#eQBZxs8GfxPDp*Psa>*nZe?eAzV8t?CvGhIPXgnsDp99n$zKi$DK2! zSId(Lz!Mo>t!G|pWA zH4|=qTg>RXmfE#ROi4Dg+=e@YuhIGQtpUk7q&NLFrdJOE+_;yEgS}^kC98*)SW{E8 zv)bO3T=G>vAsNt?$6eg&R^e6mOn45#E_7Cc5^}c!GFdgdFV_`4Ks^ur0V)YO8BCTH)^`FW zY%kgJJ~-pw#i2b|Ps^W6OS@ewTYhH`v*vomu=fyA;N#r#;lg(I@~XMEfbn*3alSF5 zrDE1mY_?h~b+Ke;Nmo&2w1$}<+@PrWS~*I+GxW18z$zxn%H_mhzNFGp{B1s zk^oG8oEt8GB{_-HK-8C=G&gv`1U{SEj2{)maS<6^+5NbwC)h|E18WTr&s1-0OwE{y zXqW?KtIThmhMjod#K($*Wo_k;CO%8TlC2b}hP2;g#(FeNNgs#1C+J!wG?>#L#6~40 zIH$KtQEw_!=BS<$>N^M{tQVRoFuQ%WPVi5walC5K{Yf~-mDr3tYg(|?$bXJ^GpQB1 z{PX*C{g2*}*@c>ixM}ftTp~@Q-~c#FLCrFaUZuM+i5;HvGyfMz(wtFiti3q(UL!B; z1y!3RZl$=k6jd30X5=Py=ivqtl|iKw`VPFGb5k*!(I!mbD9kt zslklvMW8d||EW9TwGDF*_ciKK)7Ig0l}t#*TI?AydNSY5Mp-n4?aFELcm*wLRI=WY z7ij`tfX_-fvT@32_hy>aQch5lH-?=ikCl_dW)rpCDdi9wa86`zL&RmQc%8H|#wh?x zszUq5aM^)lnKno3P1MTwWP=VSNS|BkOlcpQ*yu{SR&pD@i`+f)q_Z!s3b3in&FzuO z&sOmX-mCt=JL)_rXgQAZp^6A!1YGuZigvUJvmxT}nP7?r-&$oI>%rI-#Km(ym2pHn!+6wCH zIggFmpk&C8A6Q}rbE_@n`->UY6Ps!5UOO!J#gwzRhdNAAuoKk<-Bd^dUs^1 zX{apvI2Z!lU;O$MdP5YrGf?VZ5z*!<*df3h_JAQ@umI>Ci?UpZqyylN+T6h8RU@N1 z!=qoca0dm&z&sAU>zQLB@N3A(()vrePGC8wHWryl)s$Y&JY9WD5EXQRZ>czJ-DGH* zq&8chU&bBVXF58pOzHz)U_rLY*s1HGa*<(b^aH5RH4bkXFME5nh(IM_wG zhAkV~F!}^KKVT4kQv2p+ zU~}dbOTv{L{{kSNJDMz%v>S>(=lB%bfPX?8Q7cdU56CO0OZb$$oVs}MBW!7gY_ErHN9ef?o`ZD+Jq4(8uQk(DG+iFh{&pg$Jz5c%Zk-~E+2(>xb8*R8H*uwz+ z%XDp=iqPV$7Ktn<(j*kVJM9?YN}zySW(K zG>Wud)ZBxuh6rV{2i>UtJMrMi2hhkAS;@MF=_iHqNW`xoYCuG3)bIVn`^hVwPTtsR z^3}08%NUAMU%GfICWh#Td4G_SCX0h{rt{eP+!kt+IZCk?jj_Z#vJPc3 zZl19tmLK(l4H-m+nj&^)tTZGCA5A?OecuY($|KD%=afqg-nPA~5_0i6wq}pA7b&q9 z4g)1k1OSzFY zdB!jIyn#vi<)$}q(U^l%X3Oa9PaTGssE->fey8#jMTf|WRoT83ZkpBY%mv=kYUvJ@ zkca8rUhUH0;Xy@1Cr-?WL9oJTzfSL$V(Ckbv%Jm^FRB4B!L_H5l_lR-Kx}P>G7u?D z^HikDvacS@JTbtB^wsp6Bq|)fAEgk{uAkffCblWU8@GiDJvjVI6_t(zbPBn3;-Dek z7`|Ar*nKz5=qrcyh19i^cvPLiEy=?d7hRCsRugeRmq|1uOHdvBSU+c#Ah^_6HtdU~ zc`bn4=61embr$wir9&Y7HC{LPsWn?hg3FkXl6pHlmS~_~xD1IK1f$mz`-o3Hn#LVSdv)c%^ zf(uiDb$J+yz9d065@Q)Z=-O){%@xy6ToSXkY}`aD+ad=K>rmii&# zo7Xd+q)1Mgu;Y%^bVlA)AJ_U}Y;OK?Sl~`Vf#HUHzcugLNb{dPVfysTff|@>y_N2^ zB>zEl0lM{uVzfPOG9rSXJMS|ei)h%xQ>}2s;P^iUeA0a{ziP6-TEl@H6eJ`+8D%gV zU^hOnAUOW`(P>b!b9*PrGf3Iri4D}EHwwO@KOnZLzB^O&{!o??W}{R2_}sm1yhja( z(>bYZ!AuL|?T-0Q;YX(?@h>&SOkV2bHA3&Webkw9K4ag*xo_Kcz)qsW-=vawECEEa zoZMys0+y~X_0kM`JGoT%DNffyol6=Ve`SQI#BoF5s{2Hv0JQTw7?WAYu;=(9h&1=5B#m<1{%TwUi5%|eMxAV>8^VmCCtqMRxD91= zuep9k$$Ahhv3$)r>@6u8mU#9EB4f>-m+~?EPj{?p+zotZy$PjGdm-Bp_ zNFvZ%&lrK-p7^r2`Y3P!2Cnn3C2;9ukjmfZD@rQOIz79C+-NuvdCn|}BN;;(#6}d$02em5$aToTi`*l~138V52R8ztm%i}8$w$50Jy{(od;44!#w}-8>@SDoms^@L zt2Bh8j$M^{42({+Ki;EqFTxNSAFBOz5K-z#-adkA=6Gh{gqFQWE2HXy}&_)Q%w+OeAD1otMz;r(^p zu5V0V4>=Spg%^i*eNE)8LWVHQU%b;Xw~a7Q36z3cosFW7uv!rIFye=%K= zzwjuB4tJzni`t%v=lp+~Iq#q*w=|4{C|poL2qlpwO$jK~OI4y=qzQt6p-5Li;L?ea zfD{o7MUiIc2nb4-B0=djNFWG^5eOxQCcSup7(zA*?)b;f?Cj3Yo&ERBH{Z-T=PS>7 zpZEE7#VvK)@&ipw+tYtfDV2+=mi4iM6$u4Cg98O$Iu1lB6DU}Y-p2Y1oDz{F&1vEj z7U^-ELktW2cOU5C_=1{F*fGq_trxG&qauCp)W5I0_W;VVNpGjQR6^n3*hVM}76wJIs5_e7(53s^E^`%tSM^QbjRQL43@2Rg#&4zAnGl>F$a> zNhtmPVvVj{biW}RJSSyEdzo8xML<|D{&THAaVS*KdBb3}OpHBaI{>t)sq_V*&l5j_ z^_n#O!g(V34}9zL-K9}ITzRQ8(Z0u0|Mww2^H;MsBEs>tq{?JHb)jOHu2|>kYpv5N z#h)%qY!||(Mm{J9s9W~Mp=1`yQ>FPlD+&gAajE9~coFP6J)`3(k?TkKt!!4I_^M=R z1hry^W$Nonp0`Dxizak^*KYNN(qmkn z`+t z|L4$_|Nk8D{&I2sT@;&N7Gwe>+~Tu25>v2S^2sWMxd`mMSg1w7`7yAi4dYLGrc~P; z?D4evYsR>AQ|Lt2Mf22fM-4VuJ+tEyY(}ax8t2;-+W)GEzWO$&T6(_iwGd`x}FKp3Ot>=8@jQl=k>KIrhp3wb^jNY<`W zRvTmXU5{9j$0rIemL6b!ScP85hE;lSz~xF#Zfp(jdh`@%!+m@w*yT1_MF3Nzpwy=F zR5cXv0U8vm0?FGkMmcB)%&3fo->dK;z2Sm(g*(0{7LV|JV5k?C_$aSR8(eh+GFJjb zX1K*Ol|fB*ss7QIwDFTB7iIDE@n&#Mv3pG5Ore+dr+X)aDqOZ)TkMlqRb;256-&}6 z>qiyhwC&0(C-^5uSjA5<)uWO;EI39=61zj(q~BG_wp?ENeWbVH1rn3ff8->*=F%#N z@djF&J%9C#M-aR(51kM-%x$28bGi%npyhuv659?7Rq!s0{T;u`LSMdXYjRt)kvZ&F%FP5d=9%*@3^&y0-Y0JVg)ytYk5*>n zsYVQNv}wdU_jU>Zg9e03*+Rn}=^9FZG!kH-l& z*(tzY0|C(-Ky@75yDhl>c<*Y={j)qa=aZ+sV6jO#6)nNw0xw6i9>27^Mtmy|;bxBM z$qkB662r_>+0D51WU$X)wRMzsiwAbTel7=N`e_tN8z#lvKVyL5l%xl+=UzZtnNxQ{ zj<~>BvE@CIq~ZVqC%-jFroT(Uq+dW7oKovxrlq%!(s>;p(q9%5E1+q6r4rV|8E zS4*XZ`ZtYeF`K$2)SLX}UdHwo;BsHd?ZRzTwFE+Xg!K8lH@=7B} z=A8r&zvLge| zPOhf()xD*r*9Y@whj&*?bBUo5lxSDr@-mNJHjxFsCA2(KGI@f1n#%Sw=yz_KST55J3OJz*_VE}|_ z*~D2_Wn^xmEYTJn5{XSU$L-A}Kd45yz>*WU*Is{(ixw>p67;ojCifR9&Ft)p*ay$d z_*za9-QQZYO+u%K!LoMEF@vx4LK1m6>-3D8A8!=%?~Er2xbf3G1`$>u7VWkvNxG2? zYxOd!;QCq^%~3?~^;EmQ8Hxc2j1Fw>)jUH7)gd30@R?nEVVs1I3X{2ac$|Y4tM88< z*gH)^HmYZZPbX0`&P&TRX60yTXjsV_pCVTePcQpJ1tXABswSUB(5<2|mcqL)S1J`C z=?3S$46fYN3v@rLVPGiDrsz0&QIW~3Le;hoRp`GQa|_C!Vp4-f=51F~(I>tf%qmln z{$&{O5R>DG&-<2=YeU7v`{L`sxW){bRhh7(!lc|*s1hDYsT;VL+U!|E++A;vrspFy zSK=PPZtAX$GPc-uF9}c-Zf`K#pVG3G)uArv^l;K18GGPd+twW733|jP4RInhK&Qcu ztqz=dPn^nZ>=Yq@6vFi9ZC8d|(a_mFCA_0%7Gi^C5#Sh-fzjD2NvD+`6~X!B-7NV6 zJGUlKyic}6a^;3j=GsHp_|E3GcnXzdlCg^cME~z4?CS1xd!&Gmw|$$_q$)f3`Q+m4 zdXO;sTdNTf3%b={`Wug;5;!VX&Jz1Zy@MNXlCFi6IV%%c#cklh09Sa^k6U+jnE!P- z!ef&yXxNx~++04Gij0X9^O_GXPNa1_4yBFeh;k*gRSb%;(p%KMUNdoW={I~O(=TX< z8pA2mPtAU`*%iWtvqi+xUD4*xxNdp9%r+lP7|Kq6v&msVt_hQV~3E)SE1 z|A2eW)P$=@AW0 za>wD0HrxZ!{&C2!_&^Q1J=SvhYx&*N(}sMLQ>6z)B+?fi7YAgf7h9T=dXfzVnl%XX z?;goE^nhJ%g9*d0sQ|5{qgZ>@t zuK}RWtP>v>fy-0+_@h2`Adv?Rd;TRHumONLx(^rm-u3kC*x!vC{6(n!XCy;vD8ip% WdS+vIkIr~x(7$|DyIjlR{yzZWd*<%| diff --git a/content/manuals/dhi/images/dhi-python-mirror.png b/content/manuals/dhi/images/dhi-python-mirror.png deleted file mode 100644 index ba0f492b3ef86e02cd031575810477e2f56345e3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 71494 zcmcG#cQ~8v|39pEib6Dt|Nyl=Xt)**Lt5<+*3mxHWpqM1_lN; zJ>7>O1_nk^28J`w&oj~Q3>YPyq5nDK3)0bI!1nPk(J#(9YZ_=WFq9{=9y&16uP=D% zTKFR;B3csSd9iC3aF_k-Ip z3()H?f~!+>XE%GFbD2aE|31{S)axqI z0O1|Phx4Z1*3@i{;H1pc65-Gro@0zw5J2ANw7h3q0r(URtTG7i4b~Cww@!T+pX{b6 z&w#Nvw#GtlvFRs_xGh5Y0Nn%2snfp(7mvHDrHC<53roBv(N_v*YevL5Sa5@IiFopO zJ^Jv188DfcQoq57sj>r!(@1E~yx2szy$;w)Kbck)mR?{d&iuS#Tf}^F=XTNI z-*68ve@Ll32`Rt~!4~Ml zN>sQrkvBA*N(DS2eLdQxk0Iv9aGs*8TX>pT@LZ-azDdL)w^r&#TSs+@dGJ@mU^#aD zn$;8J4vPQ8dx>(0^m%xk7EJ}~3B#=O?b(`wb8TqNT>i(A?0qrI^Kd7fYfoO-yC|GF z!Vx!Ap0pVWTu`)u>hJBGe-`eHnne*!e{cBO9G*& zN+DdBj8z-C27L5MQ_)7Xw#0PW7Lh!^ULzEm@cjMZl4Vz0l-tz-MtsWpo-o@jW>yzU zcB%k)6Bi994^I^g&cu4J#yJ%}$ zuygAPw1odefn6~5_XOueQY4qq2=F@X{h@K=OaQ;gUhjD<;sLd_nm>M68l~zj0t9IA zFYUL=3E~F(Sz8)%7o`(<{H(TD#HRM-X(SxAza#2!PrtfOykH~pk49#DnBpz93Guh0 z*%V<7BwE9e06Y*uPS`1to(6`_?sCo>fm{d$Rn{;)xF{B`ZeZ@UaRA{BYedvkXT^2x ztmS2wP!Z!2^@Q2#$(;#}+{99t^A00H!)VA{;>5*J{&@*NL zSy7a%?s`HP7k%lQ=_7rxEc|du@`r(;ht4p5Ay!%2`!HP}xtX2^L#_L=p)Vq@pDwYm zOzj+R>{Jp2tzqq7us8S8HX(spsX#(d)7_MwX1~5KnH3g zO7w!KkVuK}Q1UGp2zCb>^KW5(+vce`^g`@+I~-vO-p`RUg&nrViqySDY6Tbp>R3cU zh6Y-6A}Rl27r<^pXhit^z#_e}kM+oLZYktAlcgY~fhT%cWjr(vgQI+DDDHvJTe9O- zk4mc{pndDscjNh7*;%O|Cy_Y6GHZ!AQ^kU;*ABeQs7Rj@;p4;V979}--G{@d?Pv1H zbS8V&D1VQY@qr&1aGk~g1V&Pwr(qC@L8iq zeWO{jO>Y~0KTB7IM#1si=lt-lKGgxT`)mcd(^5+Q>TKwPZ~~c8L%uChc0ORW;e>(h zxQ>3r4DPj`dY#$jP9ccElpf$w+{b1!k@s^XUgneSaVx=stSi=0RM86sd$qSO7}=qX z@J*+Hc6kCeu;ESLu&p0A`zS@?h(g6<(#^IGIlZ7GairP;(924z{@ANT7D`5GYLVf(vCKc z@uB$6mt}+jxW*GQ2QzZxDkM{Lsjt9v$-99IEDLB9ho-}Uv~KXUEpKu=7${A7d(wI+ zQUVIKMjm~3t)f1nAP&}*|IFS;N~>j?g-1fKK)!uQeN8Y<<=dR94e~A#CI@iO^%cXF zb>`Fm2*0PMx{18M^UIpnmgxr2_1<|*hvUh$6Ro3J-p3P%@0K~*EaLWCmyQm%15`iv z6i9wKS0hpoRChZLt`5nmCF_80QmP>ML;8}o%_Syqm103*R5Zo!-XRU?HPXGlZA+xQ zHpb5q)7>^>-9XNH97#dWX{CWG4sCKvea z)h6KG$uKX|cyw)1%x$bqkDb@6&g7cVkcP0d{ch_xpZ#u4 z-Hp@QT6v#sD67Zqm$l8rGR>Uo8`g2;!zpPd8A=SEd zCd_tQ0f0OO)&j@4Evz<)nW{CILqF-G{hnfB?1x z(2K>q!PLuWYkcL(n!5y{b8O?#`)~!>ZU9-DYeu{oP~_Hj#n+l$UX_kZU~YyAEVcAX zZy_Q&_!RPJJsr=)d*2Gf8aMj%0I<5WvpIntslXg7>_hY5xOhKXdU3Dz}%hlRptex;e~)1*z*%yaE5qz+rJ1<+ekSL^|0i>5@O0AN16)b_DEO zXayLFFw8Xn36f>rS2>?fQUurM>7YiHsGa&-6g6 z6mYt+ZgtlR{XgRl-fvVBBp-_)cJzVyG>IYg>EnS`ZbJPE@`L-3VLdtFKw>g&N~V)i zcGM_exEBJ>omkO?@6=~po=DT(4>7&iDKw&}JMzi~c`OXkT9$?<(D9nFCwrdH_{I-t zctrxB8G2z=W3}^50-wf75vjJLx}o9}l^zn3wG z8*&jYh?TY`AEo|$nPUe5sC(#ux9>it&6bwDnbY`B{Yrpo_9nclK4jX%(_Nd$?fFT5 zZzp|(nb^fKY!_ITPdsi0)!IPMD6y7p-XAslVGrExIKl))&2$I}!CsL^?iS_D1jrzm zj1fUso9VceNeAxyt^BRE_|s9+p;_-HvS02ksGAd2vW?lBDOY&I=V={uth*hHfg9DQ zMR9qG%-t3~<)VE~NF3axsfE6-bZ++f(QP75{^lH8Gl)O*`Y+Cp_UNiRksRx4U5Vi^ zYY9E%rb66K{7eAARM|FZJ{iMatunD-8MG+;{^5dGK@^=Rj9C)=QlCOjb)UExL>f1E zfg`eXcYO6@4An#s&p9xI&oDTyWqZvw1+X1&y2lIk;wcXGvVDU5P)FXA{_-zc0m1R9 z?k;70h(%6h2SrT0Z4t+#xpA3HtRT!#z!O8OT$Od`LlWie2=Hcghc)Se?Cm-M`P38% z;trUOTBnn!nnl+lbbKS+USH#F;YIM2P#C>UREWfd^Bp; zvSE9gT5;Ix$T&ljXzT9QkrAntYCcMT6`pW|M&ga(@{}CT-q@+Tth?cDa9Pk3K#rT) zft|zsD!DX-LtOLrHNN0+_EA6)11NZomwDHLXAG}utTASXg^!onyUY&4!mTb1-ckH~ zj#0(^BAK>B|L+Xq)=^=S%!f$ys_uE;5W*8?e+~iL0$z97D z5m?(FE&M=_UeZvI@9=ESBFOY#z0TrN)y^^Nx_9y!8ikUGQ0D?S@-p{d_ppLhk@Qpcy`;HaafrghSlC(TKB_|UcdphnzQwT8#ak}r%r?jibij%_^Gt$e!zRG2GRp_dbe z;>1WGJD_^VzS|JGQZuD?(0MB_c-%BcYud8LgjcVcHEfo7K8X2&BAw#mjp8d!hc}ro zF()7QHH~Zh>}z6^vMr^wyfPIT#g)hz`q@sli+ft-Hvi3*R1j|a&UGsEh_FX-4Awoa zZU1L(K0wLRxWM(PX3#OPmpPe`(f-dt@~d#iTV&~xzYBUDQ9GKSg0a`>cwi9uh!QNh zS{`- zz!`w;SSrhW2De&Sh za!N|?RLxIF`ob#qoiFZ#$E5+}9QUxtLPGZ+fq{9%?q~QmrYoROZ&R2LX#a^`Buubs zs=Ae#^O%w_CVq!dvYdQa@Y?Rl76nYxWrrO!*XVM0=3$Z6s)CtGR524;rY6p~@cP~wTro#^13%-%agC`j`+0{~G zIhtanFFE0UdKZPJ9>I%2XBOzb=H33L#nc@cgtDo1^iln0@L}z@oiIU2ccMZZ^&4U! z&>6_>8r4r2_`TBoYVmn!Rx)h(h^>^e6MIM+6AQRIp+OMbAV~==?RQjPoush-n8Y!R ztp+rS!=L!8-P=BTO8g;R1$*Sxz*Vs4j-kt;`x!TboR#ALr~0q6S>|7~UAiq=lkaM~ zsSS1EKOuvb4#|sl^=3Z*)%ZW;K&2XoZPtbL)9;DOAw8Rf@Edr|_$K5yoyizW&Tj74uO}81iG~yQg zil_dE3H8sak;5Y&TztYf>lk}XA>`1BX9T$GsfZ7QSEc;W7WH{7D-zuF?dM(k&NWM^ zJ)TR;6C1|_WpP??7Q8EdnjE>z`7bK;Nsq*XgkejL9v#M!)Ulc~Bj^5=hTj+6dn{6T zIvlM}F#Cfor+Pp14>tr#G)P}|%ODiIKXo|k8z0o~kjY|2bcwE+ediF2$c^TtzhM9$jEZkuCKKT5e1VUmR4_y#jX=*;tge z0dpO9%?lOtR010BGgw_M_O)sXZKr#}y&3VDONiZ&O>1&xt$M!Y*wac z3CER8YtaM3`@SojLOq~t(^6pNsrvSKr78RV!c^meeBo#as&SqEW9e!S`2mi=3wqO) z~wDnjtv9>jc+m*%JR=iyU=H@y&2ZHlg3OZD>*S(*NcaF z@QG|6gTHh0xC%WsgZ@{0(B3ATZYnO(np>D3>IdvMHG>9HZeQrn6WcDNBdzW2_sbFx z2VeROxA;(1yrNjHBSf*}uic!|LUgS;>noKIdFzHl{{^u>?}{ip`2bjJjWqF&UjYkS z1|f>v{~VcGQrn5o%0t<*^Y`B{W47Qm+mg6?BMAui5`LJQI^ zh&d9A`AfUIe3Q@;4>jG0iBGqq`$}`X_xrhFFxtqL zZUSR82wbZn*P5o>8glN&D})~SK##o)mj7T3CE8ZjdZ^nTqQ$jL{_3;ix;?&6 zTGKm(S-~5srlvIYaVLceP)hO0LsnjbT<{Q$wEly))GSzt>acrq!9!nnG2QL6F0E7U z-1uAKd+>L=@vo2^i3cK^fxon1p3(bq^ZnD)?+^4G=(>SU8aI2h=XsgdHmOZ_At=?2 z4+uoT$Ywe%wTnku+WUT1_h)E0tB=h_Q;PtCjz_$iv8}+B!1Bo14InS0+i!zSci3jz z?El?UfEM#+qW*Gm$_nWyz`zA-^o^Ht66g*u1r(o39XrZ&^h0jdN};%f=(Gv~FF*06 zOK-&7wgfofSV;}=sjE$;0q<)Ro?1zwk@iM5+Y>Q<8#BO%b$kC`o&ta4|J_sEaVYza zn2|pROEF9FIohCt=$V#cC)N6*THkC~&WF@1598A%q@}I9KTT}%@thiLz*Oz>KPr_H zM0HQ!FYVQn7hm2TG4ZWUSay(uA0Y~d3(|V4Y{*-$2 z+{!^|9z|SvujhQznuBzs&DrXVtSIeqqnx>D?Fo>F=~P`^RNs`rE-=E357Xl5I<)(r zK9w3hq}z+9&hLo-$%7SFa|tPGc3sMYfQ%LA=ESn6@-%c{Oo43|(%K6)!No*p!y|FhNz4tZqrExJWH zEsCEnH|V_R2@4J@D>;06^NS)fI$2LZ*vjfq2WB;s^l9LIIRJW^| zB_=Y6eI-@varILzcROw`Ne`=a{QCdlD@;(dR7HngqraY3Fj~Uhm=t&Y02KGQ7%ba?M^c^P>6 z1V-|5^c_x3di0RR@vF`tDo~3zo2Rla?~c>L-){io(vr+ z#VHUpDEqm7ls{HAPfX22#~7eqQ_dQnE;gNZ#OPT%_a&e(qZdpT@)V+5@}*~V*Kz-} zu4Dmqml3ssdbDmiz0cOkhvb{qq<=M2K?b2H2XR*fi@dBRl>xk)v3$9TM*=kT6kO2k9cqzU#th|1L%JAd7iujtO8 zv@&QT-{Z*#g!Zf1FCSsAPA>S3=pWHu9!Qjw{`HI3GTKI=sO9&tZ0+n4JAUU;vS&ji zP(Tvfw}Z%3I^AgKE?GdU^MVg@Dt7LM;5>=9nsdMK_uE@u>ak>e)2;89LkHS9B;dMxp_#OU23 zU>VfPE&DgVKJiL#f$7umPI^OO7*E@WZ4f)C?+(2a&$e|^e5yX{4u6bXKSX452*P9% z&+ZEC9=1R3vculc&5B)OcQc*EAFXV3=!~!TDOec!TEEPdcmpRCSYgweMI3p($c~gg zwk~Q$_1(o44m}d{l+b??I>kCVK0Du|HhIb*mfe(&NdrWhKKad|h;fsTKtkDbTh_o~ ziTiRK97k6?Pfg2>$@T6^>6jAUF9qD)fH&CjQKz6Q^4H8588RkP+W2HEEu(ZjWxS!? zLw2|RNboOV(7gocZFEIPs-ZUr}_VUL= z9u5x)1C^ZmD$n)#j>NX%GDgD&O;;sKsx|1aE3Da~5R*jy!(Twl$gy#a^&`tHClDIv zb<8hTN7=g8f-Y1#sE|7`_Be5E>gPE>=oM!_Fr@+#oGVMxsyU+3pc zPUY6!h=xmdyFHE+Vyy~Y*p5pVjZY;OfR1K?<(7Rt0mQ%DiIEi53Gq>e23}qHu!S!e zPknFhP*-mzKvn3l<09_(nu~4ar?CP$zyjB)=X%)(6G{=|wVTtNl|RfLE*Ts8Nq!Cdq;TLQz~d#_#pF*ZBGLIjZqF@|YM%H{>ymo1R``>j|Hdx(G!<+sCrm$804Ka?IM|o%3Z;Lznkct%(c0uXFm9 zUTxp0%e`Z&u*H12UQp||(U@7Btmx($*~S1~Td-J2Y1LNHpR{PDi)&dij57_}+@++C|Qt2oE+gqBKSf8Iqr)GHv*$9@} z{fxhLk2`SbQw<5Re2FfuniPRy9Qxh;Q*R-3%pgDTzC6&QOQ$e;M@ws9<4UVW#=0v! z)~L;WSdU6%_#gkd^z8g;pXn$H9VFX05tNTok*x@{wQ8;&Qp`uIUw!bcuZbQb0>eMM zB1vR%+Td`2pzFX6-nWz^Gjd9)6Z)_7yl);b!r@v`w)1p2e?K@b(a338_W8?>-~aWZ zi#z(Y0tJZGX|JFIF&B|b)0%*JeSS9W)ATiNMcRWF_qj2CqBuxSlckg8zm2CQdMiQf z5j9%l($3z*(ODHo!VrEAA>jsN=fBt zVWWQ7$)_Uh8nf^_0_asvA4m_F{+e{8@I;jF&aUi_%; z+q4pGbu|3ypNVX|qn6H0uO7-vSK)$4jw()wY1co@`t}5!CI2=(tLV-PLFdfz+C}iql=X>#&bKlhnwn3!{|6wib6sJ6*+SLHkGj9#W zs1gaIYfo#Hf}iuw(f!ta^TjUa6>FqlzH8m0LMAsb^>=@XQRrQLZ&0In@9hD@@CFLw z(F{v-!^p$}mz8uiPq-BGai1P`Kt;5>QLyb(4bi!t-S`+dA}XjspTNuiCbjeyntzZe zlIve>bmKqmG5)>n%=G^?*dpsWsn)md76GCY!ojis^tIaOh)z-3Th~x_1@kmL?`8Sq zn$yO>%rPmqzm^{U#b|o_s8p~}D%Y-Gel05HlCpjn2ZGUc73IZcRFlsY`9*p$Ns1EA zD*PMZo^~lWs5cPOg6bm`Vv3h9?_@K~cy`Fo?eHjXOa)q~{nN4!a<36Gpz$?@alJ}K zpuG>J-PVaJX?r6)%Ajbbp6O;EoTmjm^`3AVR`q)H3cKewr~G>vYW?l0oGLQDO>AG= zoiJdBm%iw-)puDu4*Q428HVquv8YfdW`)#6isx*k44XOZMWe!*P*theZXp+) z?#S%lgp9P!zRve&?`5d>X9*?ed}_KE`jw3}jCji{lv`CD-kxvlmo<#>`udx0_$<#6y}mPlV$Dp5_@R(8~_p=3e_;s!C5u^6o_eT6;loQ z&NAvy7CnAH!dfuFin#GB-_D_@a$}&|bR^$l26*GYxxoD?!!zin@iYihgyJrNPQ&|L zdZuzPn)yX?J7049kJII`B8~QdivUvs@I7XaH!JaV8uir z%X_FrA43b37*PSXtSA{EEnEM|N%RMoM@xLXPbuU|4qb?on1M;MV|jx3IY_ zznDH!eZeS!WHmRmnaRV1=7%zwSasX^H$x6qfZk~8T%r+3RL)pRbn0%e$|886%2&PB zG&vnZftSMbLHPQXP9qzDVa1jDfjKE1tfe5)X2=^b9THr@LI&nQUgST;;^n2hs3v5# zVTo;mrD?2o&7iIlQ9N1)$^a;M&tgiXN@NJ&e&96Gb1Y`yJpA%PAt+2Qzcysk6sNb@ zr(Tb)SP_>Jw;Mij;KdawqEzc}Sk-WwZN*M@tDq?_MCk9X&cy`tr~zK2=g@8dU$h?y-aU*@77W8`>>7V zFj)q&sEJ@{0Z8d4*!#@ibGO3|c*55A%BvM63*E1i(Y`g0Q57ahIX4^1%)=YXN(Pz# zs*0X7eTw(%aZFy0g8eB?dK6|zD{}9G1R5_bZG=EOjL*bF4!(^&hLrYu87Ljpc34kE zo`cWGGbk2bx2|rR!&Mp-F$pslZAoHfxPjUbK?2s#(2udQm3v%XH&}4fai+sn>BFTW zRZn3y3wxCGqd^?}3&xPo^$gvmw!oE?)?~QG%}2~sTye~$y(=@X)eh_@#uE1klOfrv z+anI1;U-p#<9YpE&&XF;l$ML4mgn8B8R5PFs@2KXQGSeYw0er$3UFi!oH=+Erl)by z&5(p!R4ykAS$S`73Ix3bi3(;6MGqb~ojaJWIA5bS5_jXQq^h5*&|ChZ_F=9D~2geluV3prj|asL}#<3U5fE>QCc2PTl5XwAXY)eJ+&LP z`^`AG<{y>xD{3h}ccaZQXSama4A(w{dOLg9%%d5J`qp2RjCz%MT(Mlfj`FJ#hTJhLsd~jEE@m4izG5ks&*$j zYD*g#8WPLOcAToes}ONpD^W5>IcyAm*b4q870fl+@O&qu1xJd zCiM|E-vfcE-<#WC6e^GoWDn-%iY*n~N}WPs0kBZKLo(@J^v^|(uRWDn8%JZkd#f3i zZ#z-uFF#Q~cf|-6Le4;-&cwS&5#*6j)qHkXB>Wi%=t^wEJAndpZV+Nl)XHuPe_=fK z;JiurA0<&w+D$T}OSVWXUgyS3c3PxmK-mHmS>0I4*75>%L6_NlcagE`V0(gvvHpVE}3@eO`PWN{Ka7){XqMCGHm_x#g!~Mtab!e0t z;Rd;hhMD2ymBs);KLc-yDm*7}0K)4|%vI*}SmcK(iLxo;u=`3ocKW}0wQ0Wzx0f=V zGkvix_2PEG;Tu6<0SsoUwq>|?+8!KiKwAbYZls}C*t%y%1>Dxj#r#PGLhpwgE~MDD z;Lv-O%p8rx=+rgO)~{c9aZ)&=yLkX7R-^7xa_-P;9V6FowVb@(Ck}Fo0d06`TN|*@ zg`^Y;xFseL5519$hp;A8s;5l8b~AGM3RT%vbU|(A=-k4pRiA;B`!UyqsNWl;^k7Sg4hMA1hdNE6HYW z6n93H8~Ml`&Dr(CUDRlZ7Xk&1x7)?eiJ4nPXdU`kq{F+CC}Lw%_im3E=*?#9cpldS zJB(<6Ht+=j*w2`e)^ zs$Mupq`kYX8ek^Sw`S)2&thQ$TertIHfM#oPco>MeQEi(aB(RsrCn={CaJ3R2H)_v&@X$AIr830@S!_`9=ZJ||o_n`+)zPg|4P zFLno|^6r7Ne_gz0KU?3*_nP`Vf&5*{$W`qD`TGvMP_=UM(HLP8$<5$315ViZHh(8{ zIX4isj*?*f z4w#3EOH2!1?m7FQd&2sL!LtE~nxT>p&tzVBPkoMWUwQbGlmP$gE1{2^g>A16Ml=Vg z*y4A>ioJhv@%y*(DE`R~l$l2}?#bsh$HbQY<5oYZ`1!~1aC=v#$?fb-zAyBU;r$o9 z5&O_*CqUiu)RI5te#A7^CW^JDsFl%b$gx))&|?X2{qsl(uON}Y^|Wk>NpVb;XK^FT z-_`5*w{o^dJv(OGfXB9rh2fwWOj1?y%7csH193_&=8CWcWoyNH!J4)4H{~luEFXNF zyh_FtqVj*Cnn(RzWdd?CTNba0HrcV4wwpU2VQ-<|{mi|3=^6u161F2cf5ocS&dOyED*_uE0C&#&Z8 zOtt(FQt=w#TW(Uf{}lZ58GrC(sJmKoj9l>^(I)F&?_W>VY6KjQ2mbNak9cwta_F7R#egZ}7#11{ z2xCNr%yDC@ez@NY(^Db-=EePxiAISxR8Z*$YOVHgss^2f*hBN}(d*yzS^ICAGaB*<7Hq*yX2%QmoPsT6&~QHml=THWhAnXupBaBZ zLv=Mx-ySBBmvKr!DN*co1Er-HfEqYDf8PXxS@)AS2itru#M|&`j7V!G=EPDUcKwdkuyazMS?#LF@RwX_I zfYGYj6)Dj$WM4>$l$m;lz>kHcU%Uibd&u?e5|@Flj4AQzbPmx5@QlHlxv-2iua@u*f@k<_=+u2gV= zHENpyajV-T*OYI5eD(7m8wG63k+i?#LJMB@)_{1=+w5UiQgo*Uf3-fF*`IV!le^_h zrvh-s4Zv6$(!HDR!1nD1+;ZJIly+-K&4Kmnqu0V@j^o1>z5A7|!=9f#4iDk%8?O{x z3(aXe{mQtr%22t|#)_+oBcmQzs25XJ9cy%+iww3MOy4F4Jn%pW-Xs9 z-`rRjQPZ{HZu*ed5wIxr?er7HSs&VQ8@0+euGR5|p<4fgT=0a?-Xnps^{6$kuUV71 z{sx>HZAa4#MQ-1I+bxy)h$RhAt^!^;pr!3`Ry&QEf2rwuad*>)cd)Kmc$j32O5S5XduB)Iu+F7 zjAd^PJJ*Zv2|!B?0#}!g@6-%WhP}XSV%+6qTlJnlP;)x`bWN(yz3mzS`-uI4>wwmT zqHLnnj{DbDHVZs8L`7X}uYa~uw0?uv{Ryn$3P&&Fr07C-W9HA9N{elT`y;K~`z%5zT#~gA0v1c~(j|dGc%h$d+zP}STdW;xA*W4Qo zxOuSW=yB7EG%?I*j)B39g`iSecX!i!VXSxbM_p4xzw<;biy|&j)%HZ6dFsP-QdDkb z`QHy(yOuA&xeBp{TAx7^&oPD8vzb1*Wyn!U!3tl)`jkji2)h)}4b6jFuZgMGMIR2Q44LLQBGLSv^@c*MHX4Dm zIBDqo`_>vx9#UK0;8k_4Z5P=UxtTBd2Q%+Ev(|raB-Xyj@^hG$t8x8S(y`sF=scN+ z(^FAj@#-rN^V)4rtUY*r`_OUvzIy|cj^F?@NA{0XHQN%UqcBqdt`03mwG0zhqE2r) zb_|mS*d}WMhFDf7zquXe`V9}GEAnHu0_iVCW@e7E)|2T^{NCBszd=7@Y{G|f441=x2(WQe|9(*$JgO)Bsi;Km*x|{D2_~Cyq^c z67M_S8~t^8(2VQy$154N9&GY_FI!!gzOA+U&mPCw)KY{5f&z_MhFdXStv|!OCe~FW z?#rtZE(9Lli`q1FYtcx?bR-rk%yyD6-uSF+Q6Yj&^%(^y^b<-nHZXVTt2V1kqk{5L z(6@epfks!N^EpllR4B1t$1g3H_+xAMAY`)85Rq$sj7sp0dlUd6rqgfdk3Rle* z;Uat|8KZH5g-#n7DfB-PO@AeKG%j>?9f(`UZiAs4%!48JWEZCbh(^X2k0+>m7^jB| zQi~9@Ko$nUVMYwNQkEms_y-7X)wDW(hs&)N?R6NRC@$q^M49Fa z^F{Buo8uC5bN4hD{13nLGFUu0_|4qJ!r(QC^8DPt%2`Gs#7{d9E-fvY(kO4iD9;ii z&ar{jRQ)^-bj4F}*`ZKYTU!dZqao$u%!gIpdY){LX~dOL5g*htNQaRM5iM-(bZnl@ zJ)2pUxtV`|tDx=R8{?>3iL1Nn+uVs-cU8$KmGH6e8cf+&sfKUS19kK_(k|jV>UYP% zpObHdnbbOs#C%@M9vWV;QY*i~XL&4s<=zwRNelWR8aIsS`7X1?kzlQSwcwpbUuu(~ z^KBjW^rU{r#|A7ryA;LxXs3sD=6&wTLMmqz*S_Ub-!YXrosDo8G*UJKQOyMHs?VS@ z;Rj`g$b#JCf(Y`jKgnsb%pb`;PNQyr73n#E7u)7N4!e^1N-^SQ7Q-gzA;W_#r7a4+ zmwz9A;j5JVc%qy*8j9h4Yj}3-17#2WR9Mpb_|lIv_UpVyWh*`mJ{E6brClifRrlKr z5jh<;klv0mw*|*X&a@xFL9mKN)K6Q$y*x<7A9VKhnC3ob-Su7- zqu;txy@o1Aq5cNUJ^LVN0t9?$c0 zG6zu49$O;R&DyF|+bjb5Q|2i>B>3nSalpmBnrc>>#0OVTjfTiFN~JOj?C^%qRU5o|cV z1E6Nnus$35(UTy4k-3bfE;kCZXD6Ld_CDk_v#b1?D^vY3ReA~H?r`G>%6IIw^6YS5 zgwICe*K93x@)~E|akb*BHP_;ivABl3rIswz#r9R>C>xN?-hp;PS$Au25C7AITLBOX z3&WOM*X+@V$_8wW{Qfg_uBV{txA<2lvw<BM4vV*Y6t2G~4Ry=JI zTB&`>Ll&+oVLx|8*rE=c9#zfU(gmv-cR>dfSp`^Yx_>?uOa5!9BKssK`cI@XF$6B6 z&00fO+<7sQ0B1hX`7Y83qVGM{o)@7N1uh<Rw|h_xlhSCJZ7fC5ME+I;irLt_sUo>@X7D5gC;|%7oU+nU6bcDelOi)>$moj69>J)y1T?J^Xe1Tn|_w7 zCm`uUpTUou7;tox?>#gyaQsRIRrLIQE6qGM&M$EI@pH`_XTG$Y_7h5G%ZxnV)v<^J zodp)7=jVyRk!4y^3`AP>Y>Vp{6&>Lb<@wmg4H!HobrmYOi~7>#LTaCt{JdFk*%S@`oom+xPe%p+f0)N}eC7k?p5)$9U38yND`bVhT=K&;MUyfdZ`pY|5VNzU#kRr_^$EVV%aZO{w=@K5-NfyQ z7H?mPBrjE8bHA$`o2;PcV2We*JW+||X3%ePZ3VzAU#CtL6k-6y6-IIa=%sdzywz_B ztdjG_u?A_~4&x9?(0(D;{?TYsdU(}cuexQeyrWo`1aG3K1%B*vpQoT0-f@8Gu07@0 z^%ohC7(`dOZ&ett&i=^??5jkRfEVIxUK#RW_s6vy-4r}RWs@zcuN5~mbvgSRHYPMl z8*wH{+gQBkLU2=2(rDFaw`|5U0cB{_UDzsi_kq(5^?jYnoKZM;`LIxRgQE&2`+1}6 zk$cwEKSg7?s%$lrxDF+zU)&L7=HW~97wu4Y9vRmd*5jxm668|s@+d&45ehd#8E}}W z<+0NAWrZ2Re0xJm57ri+b}Wf&#$aTdmfG=xFLpyGqAzHmchm;QqY_pr-?lw}+X?s+ zap)_UGULRoq+CKu$j2D5Cz}-uC^mnrLFj}59WEu;^S-r z+wE3EF?SsY=uyHE{rp|mTE-SJBGJ2Wx7pEotNFvLA;+!d<$YO4Tio6Jl(cJoDuN1j zQi-jPM`p@p_h-rn_Z5T5^Q_yPsBrFb6i4yySOFQ{xa>twfNN>LW3*0aKct2aq)V02 zg2ZAou$Tg=^iKjN3Eg2p@bK$;-%#XJFfatQ0mD*~0OrFx8)aZ)1O6@uIBDWhb^k0{ zI#j?V-f1sdYI(H`VC6oY)ltWdR(e#hx-QD33DjFMx;)Uw`8q9Ue@>xS3BS3iisKDYR;MK2rW7HCp2@l3m_wlASDUadcV-R5A+5l$2dd5fTFzuYh}z< zvoq$WhpP%J!2RSPl& zh)NTXKK2K@m{8^o~leK}rZU0@ACrAc4?9dM|+x?u=`#{a@z zGR8_(HSAA<>ijquz^?YUJE*f_3@G6J?7mA>l!X)rI#N-h&U^u<#9Fc-1&( z41)V~beiIh58`%M-9tdZ63eTFD{qQ;#0)0IlnTaMZ7_Y>J}TOg>?Y^nE1D+!MaaV1 ztYJ&Br^XEn9Yr#xDt7JgZ0iJ+j{oPvg*3hRxALZ?+(0t-VmH)+7p&ti60}f^CiY`4 zG3)8;c-fohz4sh`w}-=JMd zC5K9L&kM;1`>Hdq9zp`yDF!U%4H>_9$rHo%ISuP?PKvu7XamMMN`iJ}$riOL#n*mq z!@G+KwK2{t4}~g(8TF25MASQCr+jGUBk1WHRp3P+T!VF1Z+= zqSoVTsqrSh!YI=A+hw18xL+pz>lIBe=9P&te4}WlKG2)F(5`Wgo)15kBIv6je7m6# z@#9&1r9&{sN9^5#%6bnC!@egf&lmAB!JsyPZ``>_pv z254PBk+A*O4T#F8EcZS}1pyvnbU9y7+7kBKH94V(xE%kI)Q<;`_EQ5P`|K7Fr{(sa z<2lbH`~7%d+ZiY;q;CpQ8F5jSa!b%$8D_QA+rPbJt4MAY{4-jP8;G5?NADpuyIi!d zfZQ8>ZXB>yUus8{T@dVbl=>VA1@{SO`at(^j1@`}PzrP>gQW(~{&YP%7^b|t7svJ@ z{ZQ5NobMN*kVC6l%{OAKrIs4GZ#|wkkNCCVC=CfQ>(Zr{w(6ZT@m~GH`~h2io$?}c z=?$;$da-_7#fV+IJK46`zOkr+rs@+wSk6J%P@{j3$$v?fFN`HSLtBaRTuy?X6^kLUnBMMa zTVA*Bd_zrQLsBV^e^rBNB8OY|i!z|LK9ddSgCV7O zt>kZ*|9Px0S$3vP1$po>mlolK6~Fv3Ix{ZYzR0CG@s`^Y)4JdF*rwiMs{3!!e6%;C z$$+`tWjp=;Ak%-vhPfbv&$Q0sE_Hpc3AGPTNVT}b*AKi)TO(>}j$^FEBcXOC_pqSS zu|(!+yegfoxO|x6a;IS!RqE>?3h#k8*B0GKmU%>Pk%7jKbHB%Z`QA9ToAUrS0jmiypPIB0Dt0Wi?MbSB&6vhsVr z96qC$@*UpI$MG+{hqg>FeSG>*w2FM86K?P298dr9jLh#bFquprr({;hFJ`2KP$G%B zk#q4W?xo8JeYDgnkaui~@1U?y1pCdba*TZNUFnLNyqc9Q<1pNgm7!gGGY(9e*p?c8 zu1pj^hbCa#WGM7YQO92l9+Bn|8fh{lO6c3IWG{O~?}W;&;u=X92t}+6FpC>#{Rk2o zb#u=fXSm2mw#*M1?q%4j@4jjnK8%Tjy5xNiZ`5MyMS;5!+uy#~U-R01z6R^Q*Nb_Yyb=W3~c|;0Ss5+{zq#gD%p)gJTsE`aO2E8V+*MCa_ zhrV0hb#9c4E%o-_Z7j|H?buaZb|}(i(}q|J`dYo~40N}I*GQ)MII#3Jz*%YPCts)S zQg^jD=)b`LX;KxK(dT1EjR}P=z<&(FEQMr=7+j}j7jz|P9R^&zWnoZ8?)R#0pnB2I zZX_|g)u9CkEeI8cqg=p~PVNxH!9GNG{B+-Y)+1-9KCi*)W2a*ox!abK=@UYhuQn?$ z1ehr4ND6a~PEFz5jNlF=Mt(egiOe=XF+wSVherJ zk!v$J{rJcQ#G|9$b`ZIyu=1(qV-<+)Oku|3BP %E_7Ssw5OcDx5iAIa}CXrL_Q z9ve%ur)q-R*Gy@FH_boT`TVJPJcT^xA@GAP5|j97Yr36cw)37WNmv-2$fC0RJtvE7oQeNGL&~V%N%omZu_|ONo z);CP6OSaqA3#&B@B7db3^UU4wIb8A=Q!~1ntiC=v9;hd)y~}7 zO$U;C+%$@QnSAshUoNLSUK3uZ-ZGL3r-cv3UDZn(jI~vnnRm!HEGJZcYrDGXZr=OJ zTGVIoy-`%+-ckDSeT#{@$sph1xnVmtc&WYD%GY^zem<1yRSjcBKa%HLhE!u-A0up) z*jS$QnY}6`H`>f>szn3^b)#qZ6j_{Ryd^)jJ&3=kV+DS>sTV|YP$hH;l(ws^pKuYg z^0i1F)XO_M*Rc?A`?RoZ>b2kY5q#1^1DsaaQ=5MeK01{9;*dovY>o!rW(ko^!h4(U zYKKfkls_|Kx`xzdE^<4Z&bn+}EH4>Vkj!Jd-z^f{(i~mI;@GVcaWte`2(#Ls|Gr~E z<9`?v!LFO%<|Um6a(%YbZyjz7Kc^&+NcJ>n{qWVdv(tNX2U_Rs7PE6s;h%YmLx#u( z`(BZo965anYEon=vw^ax7op7(7lxmO&z7(m2fCmyB<#W4n2hp-Y*lEmryNumZd4(5 z;Iq5)ZYW08B>!|k&I$1yf(y+p#B$xPOS^cPtI6)ZG!tM<>8sQ29*AC-yq{y`6!GOL zbM4NNTaL@;Kbvs7c9Ymi#N)mDHnW`0iDY(TK+3x;PSDRoC#>8uA4uu1q4 zv}DAuQ=%VoRZM#`K4{>;%M5`P^0HOee&yFy1FR1&h#v=fRFrCeqoY@^m(~`HDc@Qg zwy!@>*KE?YP+A^1$6YTiYE(9P^ui5(S+(=dg5On>!!aZ&XbXN=r(@KKm9)+qrc~)Z zZ<S>E-&>yd5LXIEuHG^25R_H+mrRaW-`Z<_1Dfy4d*Ud+Fuu-F+uj@l~pciF3q=82~ps&{A4uOyQ zBidMezWHS4#OrQ?A?RmCj{LcDV*4g>>jw>xsSorhbxiIKB8Byn$V;tNmp;XiG#4_@ zaxohr?l$%1(GA}^O|d;r3fJ~jMUQ%GL`b9siSQUzj~}|&-BNJ;sCQg6gDGvZcTJ&j ztB z_$L_))NimL-NTRz$_?-(EprSxT^K1o##K?6&kjAZfElJhw<`b4g7Xu zTn;XS9sG~uXFop*)zgD$)~jyEmI!)dFRZutz2%m7cVjyZi(|-kqW4C>kOXE}drz=} z%bAh|v#yYT-!{pR@_WIKa^{WYLe{NP6|kX>|6sU^19L4^iQIxgO-vlU>1a-le!Xvc z_VLYlGZWmGV@TCqT47@AXzoCI_PF~f#dpq6J-JW!HZ6d%bD!)}u)T@W& zDWs&2*GziJYj()Qv#^A@F4DT$MQM2U>#=?Pk)hH|dMvHr0;gYgSN*-0L$7W2+p~br z6!ftw3!02b%rts~VK|4Ndg5J35!J75UI!JM{T{pG=;=ZaZy0|M%MLicsOCs`$WjAg zc0BEjK)R7pBnwJAO&Zy=j|NA?H=4XLlGpsyZ&)Q^)oMR+3KyuK(28iFUJq2#C~b8j zsW_Ssv(Ixl2N56_=CoUf(W#or?#EYFq=rOf$#*hqt-R^FL2$RS4FSJ+jlYo(4~%Ui2O#B#ohC=%ngn}cUL(H8UH zzu_-+*c#sz$zS>1p2=n0{neZzZJ*cPBD}~IAD0O>zBsZY{7(8Zv!$ zs>!P5z6V)Z<~@}!XC_-qYog|zFPp~LPi()dW#1YOk?iTn74n>8UaPwo|4{tQxE^6R z6|oELHGeD+q=gxtLEfQD9`A$D1O;CCl{ z%8(vvn(cmIvXv|E(lRV8`@yqvCSyySmbv9o&{o!{YxX$D&S&awr=52mN4y>(QUzYZ zUS|j!&2aOaO&5^4`{}A4n?V$lhln|z&Tsp0hy^f>e0_M#m20&YRD4$K4pXtm`rjd& z6tS$8#Uj@sV+pP=DvqB(AB*Lsc|7%&UpiT=G9O(}bBWwHkEtwF&HQpLB3IhKEsXX4 zRD^Ex97~ZY#~05qH>deR&|>v$re6PWL0c4~s~mNBaTq#8Y5AjI1>2XQP$#zMOTv zOoD%|@@amb8oz9YA1FVvl#0?4dVW z*Pa5bGe>D=9br0xXT$30*8a9_x9(=D)2Y{b{V$5Ecw;W!loQ|Zt%Bu{HQWE`&3+v0A?%7sCU*vk|B7TA*oY zteKs*GtVYqa@6oEnuKPNpV;X})P(IGJ=dj{7cBoWIv_I2m?Ged=w*g@&Q99P;4==D zXj-&UmI4z^iqwOM_;%6Zr{aBjI-(Df=N3VcXvnz_tsIxDn6@c zq%#LJXKYVPr!z`kkN94sXQuB$K6l5}?703K^<+7{9=kylCS(0uRX<`^kzcg{=hF>m z`Lg-a&Bdd_g&qV#m^3iMBz-pcPKzU)5$>g zE*susPp4SiiV7<~`WPW}(m_gzs7N|kKJP0-)4_*+t3F!XG+oFiS8sC<;d2k$(^=aX zs5Lakwq=DDnY3#$vGKkF0ww!N6+TL3y48t_UamgZvTJj4`XdgQ{{UtFf z>}6|5)1Eu93DRcLOuqgIDi8>b5)TOv*@R7Z$SqKp*1i6?XvGE;m-c zP;zeFe&(8> zo~oUGS>@KUJgVfKHN!QnH*eN$4Y~5pyC=hH4w!L# zevJR=U*LPOK!oiUYlEuj+5`W(6BU1DtKR<47O&S&(u(4%NA#*L#v>A4+gM4q`Y%sP z;2LiS_0vq2leVM`ArF2an%%9|e*~O9Mn4PNHEP9=bknh;cD8+VSUtSiZ5Qh)eCl@T z3q92AAt6A0h73f^3lQW!Q51>gZ5=~SK_Ja1KijxrMr&ae*GAg2YHY>n&yFH=JwBUn z3Xw;#m7jNKwEZMTbv;oDQyk>EQUG_F*u_r0eE(o>r|2V(_9~3Ad8G4C4HRxKFc7GRtnPqtHQ6w)NtnO3Z$&G*fiCbn;}=F$OCo!7Ux;7 zN(lj-qCO=H>36+Cc2_4AwvuC7b!^oD-iMw_>|2`AQwAH@QWS5~Iu~GYOE@OjC)2JU zO$-0UBLi>rvU6jF;#V{s+AsjNLHLfgm>*r%(Gyi7k!=98tx78kDnL^{&b`sa=27n72WJizdyFYz@?K@<{yP z93mUcnfh;-YnzC|{fgJHy}SWz3$&OH+^=;ON@_HV?C zP)atHNkW9jR?d0@QN*Fl$lcsZg2ibn42yR>MSp)Eb7omfZ`9n$N+P{ zbN8K`>#mh>fkpGL%fNDe0ha)PcDpR<3y~ytX>d{DxZ0d~dx@cLi{K%^- z8Q1LwOyN5IIfc75X@1wntPjl|(?(M-pT8PPGKeIUk=oW8l5YB?xAu(6U{4MG>YRTD z&>mpwNrA?VAg0)BL~dqzYZn&2sd1d!E}jLX^oU6AG~LrMOx3Ldwc2je!?O74M0P+Yc3RzL`iDNOhRO$usN5Ub ze`##bamIM516rz8Mmio7^{|)*CMuiefMt4jXlY*&L`dtO?Rvp3~Q_a3D9LhC3fD z|87ZnJOX1<*6`vq%KY9=rmht~xFmMHy&WRemmSw`Wc&0+D}z!jF6CB}JdNSz_)OsC zvx8P!y2L5n{SZ=h00e~q`}siRVzP$Yigh?(wQUWa%FMy8=inSNaw;ucV#4J~!M$;7 zR6OZZuGq^3!p)-j^#D6>Hezz=xjrQrq<{g#&7b1}ZzJAi9IPMrL{%po5m55Oy&;*`&2B*(~=fF^>n7oPIL z_WaeO0Z?ZGRsQV7rqPOHRq;+)vD8imG+@bf3Ebw^B>woEabvncPX+FH!T*#aNXBAb zUDWcCz-_$U@9yMByT4RXZzAbUXruyw0WGp~b@SA8=m6KQbji#7SQq!AmfRu;oqq%i z$Wqz`m60|UWRu}yb$%t~AyAB29(sH6xhG1bEqyipi90Z5G*BL3D0;TdefwoF$K;dj zbld7ZsZqiCU)#cx9bgnfimv1(2ieJoVA98LnVvQ?VhDciS5?gjZF-PoYuFaNlUay z;jTlmzZ|7c2$9G$=K@!PY9P0N$vpG0m%uMp_uJAB-lsEY4eJ4>T&JJwo;k-Y5T#JT z$i*rom%NX#=`WZ;tBNwv6uskn6KO)O(ym8&_N=*RLy<95u(3pn$)6?QD23d96;qck zW$zM!FkM+|U*6jd;cu<1hW^2Z;9;j!PWJ(@!OJ|j_l5D1iAD38dYA-KHCNdK>V$ux zA^uA!;k(U`v^%#W|Aruc_}#P>lh%=PJ?KS{H?2-45+IMharLj!jk}3cV|S5`yg~(` zXOpeEtS9#)vO3T5lx2tY%6)((C}kAcHC=zYa(A(<_2nw}<}>0ch}y%viEh+O4Iiu| z)59;Gv6g$vOL_@*&vb35`FD3e0X(lU{?c(os=x?Z2zHAsI~}^DLHa+^9=^@8qZArB zkA13RIRGly5P1>3Ew_A4@Qo@o_sh*R%C0mC{But_jj?)a#pCP;4q!Q8aMeCzEE3MJ zc#GAyMmb2aR)sOw2_WR6Rc8gSxk9v#cw=E@raifPgCJY8vOYW94ikE@a5}IE8Cb_; zRgn0DASi@i!8IO*{d@GnmGXb^&QGukD*rLpP{lav^B`tj*d&Atma}>_Dw7vL1~2;p zSZt!qLVYYa^a{5``pj=Im0JM1oSLv&RV||oxG4%aZGqRDY4a)9W#qXvCKtEq|3IEk z>@oouH?$BJK)~1i(mJ07SRp$;}bH(&j~g6aRK$-ea1S?mj>T z?S7reX)2e!)7r9RNPki3L375{k7G`~JZaT1S;CQWYOR97SXuNlKFqq3HX+!7-O@pl zCs2*r{%d?x)m)X}&(R>`8#%_l{vTDZK^!@yM_bKUE_sxt4-!@b?EEKGE>!fi9*02cU?YlF0YZ zf1%T%Zid{ZFaVy8mQHQeSqWFg+|B{+>7YN?K7h;k{|1I=Ry)TGkucwss^5js3;GWS z_FGwfAGJG4v4Xmlf~c4%Y^b`Qq4$e~y!R>XJ!=)~?i#RF&>#Eo4#Pj~E^lsjoMsDA zDe}kzAjv)6@qeSPkLbz$gSs9nV4WVgfxu0eJSwn%`PdKDgg2)FS|a{rusbwL`1&E& z-MxQ4!@G|Wnh@X>{8itl*ZuhUNhl1EszmB`Jhr9-fR}OSNN{JWd7(LeVTg~AsweS< zV5<}WR#X6x2+xd!IhSzElBI*KfxN#j%o!x-Rx_wm@VAq8T0~3rbrZ+G|c$2z2X*Nwz<*lf`Y9& zucBi4`dbI)`08EC-vD&_g@qs+$v7YXxto7-m1P~R+$}Ix8>)lO(X%6>s$S$F$Egb6 zOrU0UzvUl~HK=H8pG@5_=*c~+-+VexprDo|KtjMqnPsYT7lC`9-O46LtG#S?AqQ35 z-~vXs@jUBE0Gz!DN?p?%K`T6J(s>O^9#Ik2@{8M}46*=`&%SbhzM-AhEgwm~ePhN$ zBRG-s4NO4ZcDty~H2#)UdRMOdAU|{hx{TP1RIv|P->i~sMFTk&?o88yOj;uTKc=nXI@}NYqUMOOJ`u;9OXwC)2urumdj}G7U4$6SEG>$0!Mx@|bV@?e)IjMtr||sTTs2dSZ6rFPf23 z;H%tbcDP3ad!t+izwE@|`aEFkAva`wXLvRyZOWixIE1OKpcAC8I##=5X%%PJ0yjcH3U~GEfUxBf9op#S+;Z9UF z4e;m=v$;f&0E|ZWF(4#)c)L`Ih}4eZLf?YbTmmTlOMs*V_oCn{tJ_cB)28(~-cO4; z%T^iBbS1dOldckp(F<3O`Z~#*clAOO6QiC3N)2yL1P}i=BHg1Nol*s1ty9F!TocEK zm&pO6@WHN>yg;7a?(7O=<(ZQk0zTXWV2S=0(CfIl6et8>I3$jnN&~^eDZrPLO0UKXA5Z@7&Kl<=PRiOD!^~8 z{w~P=%L+&VQ03S2N;^sb!7B0!_g7)U0^2? zAmtL}k~EprShnT_M-~gC+bFQxTvLL^xE8Xhmc&cKn4b~}3mzH?g#_P(YPBah)O31g zs7PZr7mV%Hl2g@$XDpYdF}I&b?h8Ph0?!-K*a$S3wN>Me^d_ga#_eGp|4>W%Pzo~+ z>~Q0IeDXOnx;x=ebQ8dOyQz2I(w^ctfd8qU6ffZtL#lmYlTS(O5B0Ch*$OssO}vxy z^X@vmHvaki5pyVGo^%u*uZC7FRfzut;Mf6}YVG5d{Sc_M*D2TkvB(AAwtRsYx#+-< zkmHu5K_b}hzYboGb#n%)HBhGAn7V@Kx82j-Ie5 z?l{vDmjDnBS&;nV+K)1y6k(HBya76)lAE7=BhPRDj7T`5sS^M_AMy~_SfM9#*C9_! zNLVyjMNsj}^DK{-sh8(Fe z1J})I3kq*o0DJ=%s;*3qpRr$_8d2%w1?Y5#}Q`T5^P8iUW`@iFNfV1FQZn{Ab{Tq>i@mhib{+L^g=2>V2Eq`GDA4@kbu z7C$_l+4CoOOS5TNf`5f=;CetvPc^ehV`AqP_XqcJUQ-~Nj(NV_Myyd6$a#&pOED4f zVC1R=;3llQH*;ZuD^i7P5iO{IOO?>VQNrEmT@CZ3wq@TtpMJ#{+4aIKdh1DqE(mb* zfNeCsPaa@ihom~=wrL_&wdfeCh}tcL)A*hJ?{=N2MpNdAZ&hJ93VT7^c7moubw3!E z%&VmVlf1-j3am+(Y|JkAFVs3wZiU;g)Qq;y!0<`V&O?7MT;T<$IerGf_zQOK-2SyQ zC<}Ae1UH@3*9-PQ_%v-TEp9LG<1Gk4eA%sL42+p2iV)o~KzYM^NCwcG0_p)F82h{s z>NW>J)DP%vl!lRGlVhb|E3B~qAAdsNQI3azGf|3&Tcc}<3qbq=H0|4eQlM4St%-g$ zxZXdft4}_U^R`ZnrxkkYhwfiAb+w4pKjMWPC%)iePhtWWdWC`J4Mu7(C>8pX_gs{? zz1(hcRI5&kmm?R?C%UPt0uVFR&tb+ zsNhl9Y_$%tKKVyHMdxp7{cAe`eBpAwVRpd2{`-34e;5(0yB~LCq6I93TI~vkl$B|q z$gUI4tnX5&Qm`+eN3~)WzS9CV`n?rq{MWB-$`$dP@7jGoIOopI%#VFwx3w+^2h_aS z3sD=-l&Vhyb3DZq0=XyI58<;^Z`fhJ`1N>b%SZP&m{uL;hmcvb3ra*h_fz@E!KgtL z?=M+2B2Ya}4lSh0ubGV)h0g}IW3L0cbu+kIfLI8SH8Z3J*T=t0jmA5Ud|1&mz75vE zk?$so0AAf6`4Rxw4w(91IyAPH9PAa_UyK1bDT`5I@Ud1eoPtbyw+7)$N+~M^Eb?;t*?s zo<4NqRno1tr95YzCtm>_(Dl1$iGgq+NbCjrl5}RhIe^fP4E{3E{DYUK}yN-e)r>K zK#Hl~{p34s<`gwXzP1gAT$#OH=(d+pe-F$hLR?m$C7BiI{Eky=k;3x5v z+668;DnQ_u!r_{6`K;A&gJbmWm0!r%jX6ln9yF8v$uZ`dhAgt`-j>RK%G~$X747JBdG}oKVY(hkQI3sKu@rZ zg<(T;Wm5%5o9i@9@R2rEX^CFZyjCSDuT~@jn0M2u7(UI3gkM^FUFn@2CyhW}B(v+^ ze0&E3F6b{wQS#AgK!Y}({fX9+;LmB>d<_k2_qe7w?`n?83ws!QPBpy^P2IC_g?$38v)^4%+%8mgJxDqH=5qjd;CLKD-NR5H7RDI|1gsvfmI z{I6tCv&MQlo->PSmy74S`VV<=X7^n}f81$a2fy?2?+!Z2a#yU*QFwZdY8S}v0Besb zFp;6)^pds_Z~Iw9U^|D@AyF;~Py@Z9?9Tzy5k#^oUG^7#V{;pL-1$SE@2df6(f8mk z8lW2B7!k6*w+mS9C7jya#Yx>$sZjAoKrgKXzq@^1o&W|ySL^!gCsDah?0w2K)#P*U zo1ff5Wr9c8^PofxkPUd6Q@(WL*2(1^&H_N_*02=C0RW0sr_#9%@~Py`RI}iMo9VIJ zcJc6G)9*y3B*YS7+m=?EaU&BNb+ny8-ReGq>j8RhIy}UoykvW_hR%G_8MaPDF_{3F?O=Q12dl&E;&HA|Gm6VZ+-qINKv zEwrm!7T^`W4QMb5YM$Aw#}hYz>;tZg>*=uy$*~s(n}D4jJQHnyB^c-xAn&S*Iod_L zOZ^~+S?th^hW&^$WexzC&NU?`9%O1xz@3*vhDsx|jsSEvV5iG(%d1!ez5oP}9)fh` zofS9vd=hz2m^l7MRzb@-QZ#6LbKQsRcJISG*&8p$MjHN?HI81EL5M;ie+nEeTV6ze z#H*YKd_0xrp~RJ|a6zJs&xONGSKn*ID!|Wr7wJOP1@6c*B(YcMiYZFfI;sXhF-MmY zbGkr)?&j&Qvdy4)G1gs?YLbV86L{XgSIMZ1O zPR%ffn9F@M@^T?;ocD0XZLGyw73wWfg1>MRo}O zP`SCl2`KiM6xZy8iK2l8ycPlYR<%=SLByOr5_e;SJ+$J=e#p=XZgt)BVX}(BA6}~S zFE1593PfcCUOLHW_EQEI>m>yoZ;8i`zn|KW}>K$h_?sXE?B?nL&p>3mvP0xfFDM|l$ z2|nZ5V@dk+&A(m-Y?4xA|Mm8de=sX}X0O5g*MI)?0Xc7KB(4ATfq(otfqZc>`|saF z{IfpKe}CwIU(>%WKGHz5f~VW5u?ZLT6I$gAKKUP}{jE*iStI z1Y8grWG#f>+}dx|pDIr?=(PP|E0~5qdQ!RTMs3ct9sr?yDZ8k7qK45zKqm zW_ka<;E$%Vo_nkhE{EP`O|@9orwl$L9SkHj3o?6EKo)SA(V9uk7#SRvx22xwWZI5X z6l*n=E`5D0-|sG$8Y->lZeNSNpLx5LPo{RYcFgRMN(lcp5vTh12a>QP6sn(+PTw50o?= zPM-%gJ$v`aou@H}#k+-!L5{FE;Y}$uf40>u!V=L!YNo7Cw%FiJ)kb}Kv2-5p;=504 zdvEdgdU?m+NDoN{aQs+&ORoM#u*0NXdFE^%Rq7W)jo|FiqpfV*D&+B8IDAsw%5>zN zLP&Uv&u(g28y3}~g%SU>6y}6{Ui7>EVNF2hhJh2%Z0K?FydvD(!SlNRN!^#DULjCY zlsHYPo;4xvk$1F9+U6ZYGt;$aN+j4oPA8cUhprMgb1B&V?ZOf{#+5TEgiA^5~%1G-K7iOeXOUE6p zO+e?QKwkxr&ux}O$ura5O~Oe7s+`uAWc4TRkyS`7%|zS-ULH z7bdGP!hCmDsX9KQS(@>-x@Upr&s+K>=u|RWC1);#QHz z;#^oB;f)W}=xu@;=p$XG3106Vylvv=g^ANdn{CWYq~BOC@Bz zP=W%k3bvYi#j(Zy-F$Qlb+7ey7TbN|OjR^OkWK!O*(n3nIg4{ja~i+D6{44wo69Vk zdUj6JdMc)}98ej#Ta*P;7k%~W__JjXbXzO&gsr<29oarglJ2KBc3!DrcyVLx>1nIQ zSdOKn?OuJ#zV!k*4)-Fn9Mis*xlA=dm_VMiR&p)l`7Imm zYr=>o9>4%@eP!O1dOm1!v?~J|V?n1kmLKoCfFLKP!SXLauGsg|oS$yq{kwfCt2B5e z&bf<-@KUQKNi5B{wwB`UiWX}wEG5~IxtQp@X^@*J^Ip3eMeAU4%xYLy`yGcC{a)Dc z)4q$F*R0=*!EEp|n`^aS2n@m=)vM{rv<@n?A~2B=c1UcuETw@R<2!CAGO2v&HF9Uk z)$FXNpJq-xb>iKlD8DEgckODn+_ds52WySwnfxmX{moX6qw?-w5mDgl{j+_?A=|Ct z+elZ>(&)&hvf}8I88W?-~vaNwMJUab)bZ6_S9809}|gF3Rj7rz}AMZ#Qre>9F>6n51l! zH4F-WXp{LBdRBXlx?vivU(yzwz8p0vSo_;5;j|xFaVtnNDlM3Sy5>@~q;Ns88~odR z>5?PXxlg?{v)yb>RcRK>i*3(t_&NGIc9Gj$sIu*Gqq|X>>y@o_3b@oNO*>Qo!^{gG zU~o&mw^`3j`MyF-BYhD+TX`zF!FU-oHM@KwH;P#Pdfpo{8#3qEZ{op_fRYir_=>Pq zowOf_P-Bd6!^eKsSwE4m6gZ}Jm~-w?J zrw-RX8M>eSiUqd;3fP98z4apyxHmF{NGQhD>J^erC@I&X7T%r&j0mGz^BCW~KAni4 z%o=UGb3|GJQ*P=y-*Lg$Q9lo@B{Pv9}JxAtlH)jkfrHMA1c!BW}pA(BfPg*6*&tx^JNN{$SWf@89_bj4vcNp)XM3}knWe8V7jUp!@VC%r%F zg-iW*1fwEI1Gtg6 z%J%yX5A{!?6^ChRW&9}--m0l1XdL&(q?h*E0jZDpYTn^Yg5b-->q5J=fsW#!>FaA% z{2KpYal1++5BAz3q?@L;p|%ALAyd-+WS>&Qmb70B72|w z+TX`&K?L!ZS0WPQwI8>%Ze*PFH8~wSnO5EI>wPe3JfZgTVd$5UFB0dTZWiNDE0Xj) zV-?8^?U^GW8h&aE);0gUx|D-9;+zZ!kGW2orRg@bq2thM#nw`_)h+bU#TPySw)7qD zHztPyT?N971;TVRt1C*$09l%;9+Pl+lq`#QgB*o;{juyFjm)UXjB9e4iI1dAf(#&j z+x>!u+Xt1ITV~z9l|2rMnga8W;+bXZGTsiskhDsZvJ~r}HO#8Z zH(Svr^u@Nk8PbQo^-kX|OCSWIn#}E+OKD6(uP$4*hAf%Krc45Z`SxWum`9Ny_*BJB zQ_RvOnR>2;T(4P3AI+-k^pX#CyFX3u%{l+;dGiuddGExYaK z?(@oxSD({8yTK^pE5y7q+TviE91fG0Xu^4mZ_8~M7m+771>Vg@1=f(jA2Gy8sevTRtP)5<3^LFVH$^4w|;cf2m<3@sK)? z!kTe0yL&yw)#D$o>27s11<4*d5*nV{iBPeJH$b0m%Xl%KkF1a%#i6Ij+nK_8+>vVw zEjonBY6j9#G4p|~CPqV}sNeH6zf~%+e??)sBRc;U)C60^n$}6yWDAF(QAXh`a?m$6 zz`=sDRg_9s=p(H)BT>F#Wzg|M%o#zIJ=`l>g>6nur?)@-%!>AHynyycFlzfh6=&al zDoj-ew)QPYGV3);Q6!=U-^k0I@o)IsNYT5wR@~Y)w?eeW$HLo28A{#~L`U*v$D4ne zOzhiC?XYIBI&zC`Y6q`J4{ z;0>2C3QxC0GRNW0{^z9&*)<0yW1lqX0B`2`7=;laBo*v)00a=`V|YVj6d9;;cES7% zaIZnVV|!=g+bxQyc0t`DGWwpTC}G(Bll=7U)ON!G_mD!xi=z#s{qj^iYJbu2XeqahUm3dK8VrI9aObIW`$mEu|^YY&gve8@ed=b`8q zV{@w7IyGPRoEcaQu7u+I1WNFXk*i!l#gp|IzR+p%Z2jCs=eK6^SXn7lv>^kvwZ{V{BOO@eXaWNCC&*XI&|#S!h)Fr z0oo%9T^0Lg;lKL8*moUThUqhUJ`x|oVE=^8{r)C??H$gr`tLD9@R>W0ze{-uZ{ZoI8m&7w=aeJ1E-@)8x5h_69EBMMMmN=02ej5iN@!zG< zjxux34>2|jL-M{n(56cnh$!CeQ+}@n@v=p?w{^V2Eq;D@2OVhJezW)mfAeOwiR4yW zcGFXy-cvvyt0J<=UfSVDk@y{|zsIzU1crRzro>s8Iid`Uv2l;x5G+g>d94aLD%;U& z*7nk|(1??ZQ(uQW=e?hK2sDvTmHm$g;Aq$65BhAr?dj6nA zg5MX6hS7G^Kfi|30=x}(Bl(&Z#EK-0SRbL5?-x3KTq>Gm!aR2CYWvwHU^_4ze}{UBuLbV=q(5$TJ%m5NpymUUPte} zGonY05S>YM(M|N;J3%md?~Fc%VSGFH^W69Iyx;G5zvK7ExBhTAm_2LlYpr!%=XGA^ z-YYc$qry*vtH!9FL8x%|g{mIMuLVrEn(sDaqm(m}xO&3wYYVYr^U}4_i}u7V{VA39 zxxNj6g@m1x)wD?mYMLV&1IPNojfaJ{Zw3@7ZBQ@!HQDIZq~#9*@&7EZ_XTXD7)NzT*gvoXM%_oEr2G zPj;-MSW6RXo8mD0oGMNaZoagZIO}-=d`BE*9XgFtUl8*m>xP;YjeLf_QfHf5vN1m+ z6e&9kVn<#SSeG;|>{1@D+=#4_;iJlGu`rAWnzfc4cQPx^@$iAJ>FTbIFOE)-p2q<` zEOwIFB%0FK_!JAg_{DbBd?j1AA&QG=Orz$jXY{@+$`Zl_m~$nKSU)g-HlKRxyDWJ% zT>&Ezs+ATpa>e*jsjWnMN#(T_>w8o{vDi6S4vs#=DGiOmO`8dj|31z5->e(Jdqyti)3b> z2WMEd7d;MlTBuCe))DYn!pgF8n8}MSnuNUP-@uXqx*`;90us)L(}mJkO8UO&{yGm- zw-=)Q7}<~Y+?m$FVGak}v}~sDyBMqOdkys(xK!}@QGm^}gnVi^dt{u^?7$Uh?R7H3 z6MuPNU5B_%aK5pSUPf%SxHWOTnCofnrL)`*Txm&-nK-&OuU)?8aOh^Q9er_{()`L& z`UCiq)*(fhn!>>CVVO9Hne+DQiF5vjYUbeDFAdc;L5hRuF(aj(K}GdKAa~K1GI`LG z1;#6@TNZ|Sj%d_vr7Iby%?M|8%g7+wt0^*~(_^(UU3JU^!KJH8>d%9JK9e$Uf`y=U&cs<1$rq!+TwavHCTWG?aM zf1c}3O+-KbF`QVJQ24NxTga%0>Un=B8=~_ zH8s`V?nP@NVeXa53y|=v80XN93r-RzlEBl*8-JvA)sgZ78k4$o`zXa?fx6gqyO(D< z%(4gcrI~9))Z(X;>*W92Qah7?rQT)AgQly)R~=gyscE8VBb^~P(WkdJEF%G%8uMr4 zmPqfO_jZYCpPEr4-J-TIFN7AyDwMyr-5}g9s8mab=zNk&yZO1eqoJ*M(xLcg@IEuc z5!WUne$Tk~FsnCnsW83p1HF~w;)7npZw>;6&h0yOYXa8!X7@N8B9x0QO?F4y3%HDG zNn%9~Jw=?MA1kDNu_*MZ0{ACn==<#aQ^Zh=fhS$1AY95uZ~iph-ua@uwmV1G zF&Hnxvfi5Y{g;KZT#N=?_ z*%zMY);^8!nx{J~6GsQxI0CMEPKBE~L$E8LULAS$`v58( zt6Pb4DJ8>ugxYexAWb+P$YuDIX&AKsW6pF=Ik~f~7Sdrqs@$XKSpCiQ%t6E@Q>xGa zh#vv!p)obopJs~^j{JHRM&fojyUuD0vh6#EE2chARv0>9!2^~xn@%=;y}Z#Ul+80v z1lrEnyu=l>A~Wyb#?Z{8Ly+RWYE zz(a8!mWD=Oq%2M+-*DB3@c#)lzp&0;`2UZX{s-KhKEJG-~UtOMDnnpXh*6z zwZRS>wrJOFKiVz38oGdskDz4lVEfHm`!MA=FeN`S60h^7#k&G~FKot+gQ~^RY+#5( z=G76OK2y_BqCWS3ZuI+W;CA@-ajks*U1Rd1Z+bXAIfW%WAKCA>0LH5hUt>TpNmQ~M zsZn=wSDCar-FIz$U`8s7l@^+%o*x%2A2}!tqVboO_n7~xj?L1rWk|`P1`hoET+YiVlPZmYvdYb2 zFKT33b4ddBs)BDDAnIsNJn^4y4gk<(UkbQ{c7i>IGN7IVF388nQK2`dG~I%LgZ@ zCeLImad9*0?#w;iiYtatFlW%M{yvz)(BoutIG9V@mhRJ9ZI$t4X4saFdW(NlBC(m} zTK7`jCA614+<4f1VWuF8Ui?A2*8Po*y{O6-_eW^tw2@fLZv0iJUJ8E2^wYxfBfTWg z?|f_hkPgw$14{8#`$a|rTZUSL8~+tXv(+op6Pz60AUpi7Kk1+L zT$=2shy&s=wF^joA|A1#Wbj=(@7E7{=n-`i;<%TqfQfYVp%axOL0PWjdWbTiy<<# z)2##hk^#gcyyw1^xHb07p6#_Fd&$X#I{A)}&;uT-5NUL-skdj2?NRZPRG5bnj)$DRDDYezv1eVgoO?TZv$s;5!_(PZa+!GY%x!7kD?@PgT@$!n z;^&OezLrp1_}ne|w5QhuHn6ZHJvz;y#2w~`;JDNap*2+PLiK5xeGdZsqdh;)F9ss* zP05D#A|zT^f7q0Y`|C=Jwq`Qa%W4mG)K9E&^y_NPX>t=JDWxtMb-YTlw^GMb+q07Z z?=?Po)xc+j!8G#>nL|IG{7h%(-b>l5C?+3&FP z8(uG;GQvg>p33EpiC+<%?ha5=QzqK)pqHKjC{ixjxK171ZR>?N#jS}}a`C$;UayJlI*)Np;!QW&ESU^n+AYkaPi=SU9xKf;Fhq(vFz?r?j7ZxtFMm33j6z zhTcm!q24bC@mFfz2~+|{i+Wfte*)JFTlHKMi4(rt3jm&LfZ2Cs)_uoLLH%O)3V;C0 z=OjW54BO^n=Y}LddN@qqPl)!dAbACfDAfDg8 z2`_H4*i092Z$q~*hkQjlF^l%~WXVG;l+MtW0;|sqWj39(R+CpC#X{yivwzMI<65Ht{5-yTl%rIJ-IG&NOCHki55a}sYE<$KY!>3{Xz z8fi>G9UuUY_1YmW|1YzDCK!AB6qtphA>}%vwn4q|n0ymTe$2K^;>6p*VL}Z0eu|c) zA4%dzG%a)(L#Z({g|bq2N`8_DV&h8~MP&&QwpB1JcWITrfwDeZt>6>aim3*EM{Y{C)cT&_agcv|mb7e{1i$lXA8FV*|N06?S^h>M{ zPmhP%QETu{^rvZ$X$Q6d7bXuW4~$r}119i33_vRb?$&m+!jrN>5_EI;o>9jbt*vaXn8{bX~+R!8f2yNOY9|C`AYY2}tgif#Kpth&suL_2k$dPw@mFkhiiBBJpzJpd(q_Jto9n)Svt_$J9XCr`sj9oA)j-B z3>{>^xdn281p_Wl)avK=Y%}0W0PVCZW5wVt#63%EC4%JK4^MVlIXvtwkXGr`sy&GQ z_<_zN^#!Ut`e1sFpjXNh-$T!dEmq{x{3pnj)*m|%Mbwe+84%_OP6?VGU3zqul;tFrx(hu(UJdFN$6*+a8 zvak@z;41l|hSX@u?>@Sp=LXZ9wJ9KU0=+Zg1)rlwSN}&HqjwhpKFfRyp`;~RM_(ox#+}oKBMdWtyPlVyIMWC z)VbE^qtD@imK@n{pl-|)ZfEBjIi|hBjMZ%qGM@w?p#>}L)1eFm@st64Szah&?NbhMT99-CB9Cxy z_Pq5)*46aujw2}%dzUa{RnLP!=;m7W>D3yPx7eiq9MMjwX}Q+k5AG6T$GC~>kzQ;e z2yb$KG)40hZ%V`!bE@TH;@0u7B`2rw>Uk_!xEXWj!9%f#pMh>6zj7l2pT2qj?)4)Q zb|&qYZ;aI5Kgx@YWQvs2!o(!WQ>3`peDQ8vUR4N%jyIDJd-Agl$4hE!{prPG>Ws37 zrw8O_LHv5^DGJSx=5}S(3@VBnTaLTyXB1`JD|>#=w+M&q&W{OG711jq`z(IgU}v?I z)I4OVZ(vjUxT5@if~{Z+VR=faBRzj{Onyw`eU12rXb=Ak1On-8(syc(<6B8tWgX#?lhGC-r1Y7U<|Dn)FIz^-ukCN@NDrhJtnA21 z{`Y8934-vK7v}~??gAz*gqzi? z(3z7NdzWtazdjP5t~Al`29I5N?_a|pi5Jg&#`fl~9)KTRtPX`Pd=e7#uqRA2$ScF) zYOrg;pKkwZ^%D#4fG&jNI{xz)Yu(z2zZ)#%pMQ{$RNfCwVEVh6lH&b$Cy!Jj|Gp+d z`Dw<#M*pXa^ye&W1=`Uu(@d|Dr~B@w@ecnwnYhSbvl*!rELDq zH4Q`+9lxCt)x+p1kRY0L)7U8|;Gth|w&puSrD26``sc#rN^hU9&FUwqY~sA@-35gP zYlhjTrk`T#y(V4_Y&!-Q>G02~95x&z@9T+j(ZCH4MW3z9}YktCTMZ8k{{n#np~WQlJSXKN635@y!pZq_+D2R7XhJ9|F-YEnw{B8SE}%zR^K2eVDu zR(R>G`su{Nv$1+T84>4?&lB!PY_$ERuy!@FFyG*4g|aQ&%`k?`v`bv9Y@HP*%uM^b z#6}LT9~hm!9UN+5jXRyXdSVN_R;QEOej1^fPv?ozwu3Zln4}#k_h7AQCRgfaq*-3J zq9+VU_8>bQouGYA$K_1y@WiVr3Csw)&>!#^2>UfiIbI#zxb zDP~(p`n{EK-UzF==Yl+mUH-(*R=Oq}u4VeW_51$3K%5qj%4X=X9;TCoc(9fa7o+?B zTaSHMKjM(aWwo1)(sckc9G~CIf7=9}35}r>7pnZR#n{s#lC=<4G*>M>)BnAa@cTFo zC#*iu*FlXYu*_P=A$(hlde3l{3|r%=aaEeE@-=?DP_JO_0{ z<5teD`G318_nI0Bd#mMTo; z<(+@OV{T~eo5BEIP;F?$eSO7{JXH;M6KVuH@I{sqwz(99>v=m zG|@15lU%w_`(5c9sn(Dg19DbFxJWqBOC4cL+o*0d{SWN771Gzw&>s3L>j$fveG)N;Bq!v)sC5Q0BQmOvvPbH6jr znUCL;fYUJu7L}@I9yU=BxEhf11@!4D0^?4L(a^4ay7uksM@xw745I@Vc?s92GTo6* zoQyNGrhJg)-_|_OQ2ASwsT{tf0=LnGqVPeLmPYBXiBar#-ROEp!H&#s8wGAxmJjSL zvxMO<|F(B-+YDz$bYzR1o11=YjZ5Ag?_B>uT6+v$UW(&qNf)z;*o@y-IHI36eqLFE zU?@zWE30y^9q*p<^N1x>orA)ZW#GHB~^^ZvN*As@QYeTwv=T7Asuv%<%PCbvcstG8jKQz`@|VB z_ubEE2Rp0OM##ZEHG1xhyIIRZKc!d7hC^d9t?w%F(Nv6;eBahw1aEo;47KJ=YB3u1 zcj#L0u~;#y=VQ6FTwwiBwqUnkB?kD`KVILoJ5v9Hvd+=<4)8XKNdNQu6Ke-f2WV1P zAK4R4=3L=am7N4U_;sYn(@b)yp z;G#+2J9%uQX4>zl`!AZhMTY{r8-`#>)V3%ErLX2YST8oTXg@>liP^41Gh~rt&TcoojqyiuQ-H znT{Mf-Bq2Ed$$Mks!Dd8f1-$kjSO1~>K(2{bA6mBBYTfZJS`9?uF8cD*VnD=9{zhV z*XO`WT)qssvqFP<4+GF&t)*|@zPIB9vEBX&uBBRkqZ9!5h{q{+_U~u;pOEMZ6v-Y? zU+@93@~M_?6vIDQV!q!_tWYX* z9mB4qlh&7&V8NNR7qIgn{#B0|pIUXIB#*@Q05f4m^g?pI(+XCBDuh)^Y7xewzFptg zNJ>c=0f9g&6#-+FJ(iNng2A-a)zza7T#}t#T(Ygkvg;ZfX&TE?JLKcjw^i`izzZoI zDcJY@&VGt3{}3_dqmqs2I~XwiSnaFf?dl`ZN$)-={H+P-hfO8p+pADKFCQQ3#y5D) z+uK$|3{pxv<9TH7fSc71Mk2jBIy+;AU6N1F&zn~QPr~xu8|&&Q(_cTC$V6PHR0+h# zWqGjW{s@wf7mw+`%cx0rxoz#4fnvE_7iW{sWTqIY_BmJ4)}A>}^{V*yNZ84(jB zDD>%3-`Z+ehdd7t4=5qRtYIRH!B-{CT0PH6(=}4A-A27TUXpFNXOnhyZH-K6z+A9ek?x*ym8Bo7`q^=d|Zn!g8tH!Liye}T6ei%RYHyzDOF{Hc6d zd;gk<+5y5+Q2IfFpZK6}|Xb6^?Rx?Url zK?(OT%m)&Ag$xpCe*71FtTzM@T$cqCQ%;QXzbDy+V(h0w{HtA+%&F$>Q9)V>w~U)` zRqZ*yCW+&7ZiT!^^X*@(PkOyb>Z{An^rzoz*K2H7asn{gUZ7O(BpX;EE_x9W(H8r; z5bd9KgeYQ2Tkl}P+w-6z{qF)KYGeD-enD>rrz(K&?ono8U^U2-``6xa00ARo&xPj> z^hfkrg~g@aeX)U;M>XDB;CzoHe#}p5$C4>K`}p|8>~{pZhw%%3LVs>ChvLVEaaV&$ z3zvdlARPeo&lb9$K}39c zO`oX2l(*6p6hhDqryrHoFG{`VLw2D2Jr?o6Mgk5gOZTKscdbj~74kHGBBOz-*3A^~x3=NT`p=iVp<8&GBHoM=Uo>rnsM0sM6C8L+AUJA89;sSw9#cv%J`_Y|jg@84h=?{(fN7{Sm5{T^6me)4=KgzJdz{n|oeoq@0|K0Q3 zP(==tMGwHX0!0UNDr)bcA+^vK%+9xb*1M`r0(MUlS~J_>{0pqbdhN2Kze z%fk4zQFl@)TD-6D+Rexr996RdvL%6KK|ACzmXXf2O^2UkuBtW*V^oh2{Gr#`;84u_ zZ61si0kI8Z7|Y$#BfWe#w`)H^q}MelD3ErvdeQz&^?kbKNSlsxu<#-0w;#TMt7O-< z$d=KnK(xKle>Rz?mVheK>WPQ>@9FqT^owYp7$bi4+##-Es)L=gvV3BuF{yiS#6R)8ZRqKTYGG}M!??&=t zh+p1R021Z92||a3w7H#@xuCb3V6xGZnhzU7$M^K)*I|M~5zcpLQYXarjWn zmE&{%y*wV*fxX5hsg#++u!V~15KH@Ko?L&~y{Xe2Gmkf=M1Q4cDv+JB;Bw{E{e4DF z8Zk)r1YrZZos>5mOU8M_4`DNO->K(ZoK0T4gyit#WLK_j4?=Ej>4i;puPH)^vVRnb z$;56}mG6&EVwdt_xAxcaB=;_ub*yWDnbjaRmr_0azN7}5lscRytrx;2f*9YfkW$$` z+#-Evft{eUMf+#MB$WCKL|tZsWV*wCbL=Vd#$_WHHR93&EFQ*XFb*WDVb?kBsUU8k zA#c(<<(}k>yKGcND-3ST#gWEerY>@`M>p>!L)~`Nlei5=c5g^>bw?^K`)xeB=T`iD zNEMUATzc+me~ExqC$(1f!0TVAb1MP@9o5bhq)drkLn4>BXQj)G`c#HWsDz_skH2n< zD^DX@r(--%QKtqT=&n%HPurVn&rw>t2f0;o9?NjgAl=u$vFx$esTtQb+4XXuQB3AG zKMg(7KP+Z}r?@x%was2LSsOQVB?q+n&YW*O47fe?vygs$sNMBt19h)f&CYbf$z`Nm zaeJwNjkGs9caQm??g4%O<kvOxrb8M9<^UZ~Nf$C;~I{5FxXT~FXvf`_ig zSbn}A28;7POD|6MpmY5dF4f4Tt1J;+p^X&@6jGQtx zarZPHvgQ=WRcEmUUYMLWB;5~OatTG#8ls*vw?#naKc`7gZ-%>)b0*zY@t_<`7>26y zXO5sqAkNSGUtPt%{EaMO$l;TDRNuHk{*JuG_@T%VA>`02ZDnD1?1D^N%(v9J>uV-$ zZ%%2A^HR@yPICO6VqKD}CT90RAbNy%_fjTlb=0JNrlb5Dfi?(3U03OTvXBxFS8u0Sv z7yDV7c4EFo*L&lKwOC{WBFk>v(fk&q5Bfu05h;q;tLZ3%mK{5C6$|AV2XghLt3x0F z=oYhJUi&p4U!1nEe@)O@o3DpTT&|Ofh>Nf6?si0wFv}?`SATfYa`ejR`r40*e{+Hs z6dZ(gd2_K;ijr4W-iYGqS>4egu(V|JIrm9RNuk^eSOnkt2L;VVGl`@j}x=RZUr>9Ae*n=;}H|W6b4)LtWe`ZV#ISJ*@7!)RQ2I7qyP~_DR-_| zT*RCEQz7hqmbWhjD%RrtNUkM4n{>Py)rA_~+o|xrK7A=A!Q|%w2;-z|%Uh6VTON+8Bz_3IU-U800%Qx5p{+ei2m+RG1Q#65$RF)oaksZB zTdFfT8QAgwHRk6CI+1gGq7^Eto&E9vFV z+bSWyv_r%4uwt2>n_VLZVekSH%iAUVIZooE8erGmEcovG?RaNZ-hmXnov>RK>3Kpe zyTRkPX`FOM*{`KZi}4&g&LVt6^)1pI;qDW+bJ3`Wk~(Nf=gBwpi8VSnm9{kk1@Xs% zrZ1GQXfwN`OTIySe3cGYV`!F-x?CmNEj;vnzt`&L5!t^wA$S_oZf4>$1Y~}F)$;5* zQLJATN#1eB^UJQuvFn7QA{$rN)zW-9>XzMvGEP}3uy&=}g55cm_jaRQUp&Sn$EQdb zf&oj*7%M81d1Qo0BtLTlX^kICX7jFpkc{GR;5~QhTXm$U%gFa(TL`=8Tk~T=hu4$i z=tr)fMz%aGqLtYV8Bbwf3)R}O!y}*}1sNMiDyI_4j2W$usApu|JM;Hd^33c~vNGhp zbdzj-6Z>g3mbgnlLrRJoJlwln%TVHZb@{{m*xfxx`w~^C%bD4iu+`@?=)ZHZ7b1JC zUiYAY0Bkl5z0?=mGi(4?&_-z?81e~LhSijJ9j{znuPT6=Yet+!dB_!KTj z%P+HYKyoT77V~w^Q|M~j=_=E1ypE0$(@O0W(NjxqeG%2sEXnQZ!#58fKD^v1fOwrx zYKeO6Q{LWOFgP|Hi!J$I(A~fP>1^+UNnXBZUD{JNj^2E+$@{fz@4MCj|17W7`-Xm% z(#Oa5uMfctM`+X`DH&P!76d%9Gf@x`9ld&eiJu|n9_iR}nfCMN&q4U!SWa&VYILuK z9@wh4H;4Wfqge^w=_p>SUoUKzQ%&oyzt`*Q0u`(-^GuWzrU z?gnAYeY9`O*ayX~8AtI;-MH`}Mru6QH1_6Jq`rjJo5@2gEJcl)C3uUycveC3lvr zh{^*z?J0VA^Dv3Hdn_lg7)xCpBd)Efwwr>?QHq&zW_Y?e@G!R1G%} z1kc;lV<+OV0t6_WlU!p8x9G`gLi^58(vbC(qK@-ps^@nQFqRC{(W@crQN`P}5cUhI zFZt`QSCu~3fb-m?X*y`18wlB+?q1vvtmbH)^A`1tGkqb^U)kT4`Yi>OH{UliNhZf6 zI2?RJc$o9*ilnCGIw22??ri9+%$?bSO`3m6Sp8_~RcA?NR=>QP6w59;>0`@%6VSd- z^;##{Z6s8d#C3(U2$6U1mE>$v$mKix2M6pL`2;c4f~HF?ig^m@T?BPScXID7H^wAKA z^y1>8#Mv*I{e{M4`?;Ex<>eQR9tRb*wFM3fK96_|GZq>>p%%k7yOYJTgGt23j*hBw za-<4LoYu_-m)_go!%J#&WWr;Am+B>>;Elw z6CF=Y2Sr0P?PHiXKJelEYq2^ITW7T(^&YdbqQnLHSM(@Od!=O~8aQ#?+83z4+}S%_ z4korh6}>dxwf1ln>AQSLXnnpMEP-71Ppny&k{Ms!j||7Ah1)S(!ie87nki z`EMp(9B`%%ZXP@H28xfo$vm!jp>&;R{aT*AKM+3_VWF#S6*l@PxXN+o# zco-D=>ExqB2z^suXyK#T#ly}|6;C|q8ss*r;36XW2!&*s56?wU&Rc%^eyhY9z(Ty6 zdr%h!yl||~YH#ub&19*`{)kayvNwQ{RaGRFv5aR#zaF|4`!&%+156DhK9hHE*5X2Q z$M6ZbzK(4my2O8`3#U-jwhT4)urE-Q<)2kDNusoZh!;)Y+byMqTnifRU*x(&dL?>jAS1Se>Pr5Z&if_6mtX6627x1} zY>!-iWwGRVcye|X&4cC?UjkgHP1AgV%}C}t%QZnSe{0(SY}!=-&2=i_Zz6bj;TJCL z3Yl?Dg;JC`w>0Qi?_=f#{i)r~1$T>nKKaNxPGoP<+y8X+A?UtzMJgS|zB8B6c*Ev8 zOZQWqkvm%xb1*l)Sme4F6S1A~1_D3VVu~fdt2aI|_jY2Nv)XdmxO9$pM1`s?3~Fg*7g_Jd&Qf)-aLA}4i?AE7@^xVe$ONyAAVo*%j+MG z_x&;z-sL~ZrJwC@FMRzF6kBO&B*5OSs4*ZF-3-3%g!pnlfPBGmD67LzLG)brIvL#z zz8iou$s%Z(C3rs~*BWQY%;P+ZR`s(M&727DeTxtciV&Go+387I$%T{)o9X$wjG}{) zDCF|iTIXeiqK0?zhqBibtW`bdJ{bF~c8txaqYF%g(Xt%JcxmSi%hu|3$RXKXAUphCyT zqg4xn;*%^kV}uO>m)npb;{2sEJnm>p&#|3wemeV26re5{4Z_9;5~5tAR*IeJL+lZV zbaK7X+9HOM#A3}|;5p&SwdFiTZcE72%`DU$v+zTErgEd{Cq=m&8*Ji-Uxw@!$p)J@ z_@?LwO(j$i#(Ys&13{Yguc-EL`%8ZD@&JsU(kLx|E;!D%0nmLB4I{mJ*#zk5LmK-- z7WkdOn3`f_#cq+G$dpoOn~Pe}*!d&=S>rmHm>AnV1>S-UZYMFB7CYEyLQ?g<9#YGgPkKo zVYuxYtwUPA(jk(EQ@LC|dp+I8n}c;4&-`;q1VR!(<$pRY`BB4?Sc#R?V;G&iIv!K6 zB~4T96R(vZJ2BG29jt0`U`wfK=rr1-d%;n%Ba|YP{NaAT3`+yS8QTh#u+r#`&4RFE zxDX@3&Qh?}m2{D@IzUm@7{^)0;1(J!0*n-mPNR)vx~le3iI24Mz3Jvj+yU_K<(d!L&ai~K3&>K4W#g;E$(}^C!KYR?k z_}WG0+w?-)=|Iv2blOFTrZfs9W5eqSH0APC8(peViN+^t`{Y6tq=RnZ9<^v zx;T9r+g;=X77Y4=fSOO*d|;6KW;JQ?nj<%gd9*tgD0>*HxUAeaWhPb3YJ&C0+^bfkVN>AduL4Yxr@-&SE&NIz!a;z}9AiWzCDC z-itRDc!@d@omkiP<>?9zd=EGc*lHdbP~*51o0&=1(jq1LOgK}iUYg|EKf}Ak{r(4s zQLsUkI*UHclZhT|WT`;r`8^{2j_fEa$vWgTbi^y;%KgXIJyxh0cA`{P%?)B%WvtMF z5FpVn0ca2ge!f%1z6k6A&MQ~KPFdxuvQ*FNuSsw7m$fc0f!B;r)r|SI{C>49gYngC zMQ-ZW^2mE{oXj113wAKIX?3=4^=(<5p%sl1=3YEn2Bq%pnC~1h7mRai3lV1Hndy^x zS=A6S7-StNEH2({t>gqXbqASGSY`DgiE!am{X~PrXEhF9m;UjM6YWD=iVhU5yf}&V z1{=tvr{`iET(+0blUeX~{cYR%zW1BQ9S>%4%!o)I3DST7E|AUQ)Z|7n!9^d=;Jo8a zT^$OUweWxGe(B2E>)Ik`DfOwsxYBNAa42${7Ns!XaiWsSFXbZP*sqUg8Yg)7oX&+C zB!;Z@Zq4e8Dc1i!R1N<4r(er9$<~8qM;XZU?y5 zbA{9&N0PtVY_^Un?ZC;bua|>=p8_|t?k|oxRF+q?m~HUZXwCNsIx14ry%_vZ5bB_1 zt2c$oyt|O{tac45{qnYA<{Gp#Z;5e?jlWe4hj%s@A0`#@`$VX;dAX z2o$zc+YD8@>Q2wpirKX6tg{qT5WpyZ2N=B+L3>(gehg?eCB8(rG2Q@0RONff_@Q*h zZ2l}CC`Or|ZI1zv_1^r#g4bTDaM8Q(OqG?%&yZCqN~~eT46)74k^uoNcX6k`>DNa` zN(C-9`=0JYN7V~d?Dh3Cybqf%wtsyGwP>W>TwkY(o>Gu=>4v1IbL1%|cK}!5EU0c1`^L=y{~e0SK$o&p1* zV8I*aK}4(ituBtVTavCwjdxAPW?}cu{WIr|QItA{O|o~!KK1XSthJ??YTs|Xi$M7a zKPax2t^5o;uKQBdW1QfM@aFRhgVF%r zC}~iM`p^RW{x@J^O6(I_QcW@!4-VHl8y$%R?ASxQQ+Od&o`;6{DmNoAcV(cE!ENX< zSrVkt)gGj{S^KE=4qHLf^xf*vaepQeUcoKh%4y~t1sAUP_&-%GECwD`AOlb@GEI%f zQ*>0_JA;>?)tIknJY5xmy3*?jp90s?b=}jtPx+@mj$uYLsgs;rd|0(XK|M2YK|D;bgd9oS#j9 z{ya1=M5C6k1n+*RHMqI*T_wsDp_N$o?3B-cwLVj_&m&mDgI7lA8>~vydPW+T+5jV@Z|^*U=EP+gf<`Ec7S2t6zw&8{XimcYnO~8cL z6$G7+^Z#9t#ASa3l%!qi8=GC!U)!xIjJj*4_h-KPS9KH6`1KFcsR8BCzndq+KVmi} zrvFn%*Qd#ws-*q%RcRmHuxYNc!s`S@*>(1Yu)L)k=OsXSF7Se6($m7NP zW}A!NbD2BZjkE)i2dFInDXp@IiBWrcdV-+9f?Ll4lHVTIcr0&yK$#a`e9{qI)+8#K zCFrZJ`4TAHR%#m$XT4v{pdZC22K1<|_Xr5qk5)SIo^I5T(a{aBbcWw2AQ12XlwfjF zfEPGEKj-?aAXdk9)Y|UyTC8ZfkpSeSHlm1A%6G2dMet6?IVl zqbYp!Mg#*T#GF&817(%;MLcF=>JZWY`%Yiu!3=0r0NfnqvN6DG*2e(|6V~8xm0L8= zmz0#gSh~4NZO)-o{&0Y2&dAKX2QbmGbmAhuLeYT7J(^IJ=Ji85>DD^D(buQl8p-^# z?b?7LYH3ltji!8QWAo#<0;9yRIc<5F8lceCYV4@cNDwc16!zoZfS@2O@0HM&w1?b( zPl9J|qfo{?fME!!1=_~O#%4DUjWW3OYR0QJ?%2)O#a}FeuzWzikg~agn^&LoLmjM!VSgm8Z^V7lPTX}#` zvYI);1mHCxjnI=PPeP2qH(&eu?){&n(tqh|;P>#@PCuum4HT*|ylZf?2D%;WB=&qF zCN?WF^bA0FK>gqz9^Rj%d?-zDP~RB zF7@vv-AA`oM#xtDzNn)ohQ_r7-y3}`x;s_cxdbjZZV$q~25K30OD&l>vT?_#L;T~j zv!Tj3&i^er3sm^}jD&$fRack#PaPwHO_hX_G6cYqJ3Bj1SXrrsN&l_rA*o-RuU=UP z#kp^7kL4(3Nqhp(FrXDl6|m+jD=Yh5q7wyFOCFMv%FD|GTAC~>ehd8%qEu8=q1~p8 z0GZX-CkJr9&(nwhtOOvkZ&Ie`x$g;ugoT}4EOAt5bK1cwKAI0Eo%AusEpKh9o^Eob zh&W?aR#pO>*vS@TFsAVzrCdETFcdRDHuGl<1fULt0bBt1BSrx?Ht8FII}8jA^uGJN z&oqC$PUSPdN5I+N9aULZUmu^6a`(k_nE^0lCIEf|R{c7bBYTRNV|McNTq~_z1STW0 ztH-cK%6#&NW~#&`2e4$qqN4a!C5}ZPV6-T(#2A3N0bC)-(J>AJ;Q{J3ati8Xd4EsM ze5z7^KRY=n=Mg=iI~V{!P^#FuI4F63B_o5|K;H1*`*vN$ZTf=>`G=(d6j$plTHFGf zI#Hks1=tvB0V^w7*1s37%bbRYPM?77R5ZYA;|L3D{m?8{NEfo-UTCa!PWijjK6};w zZ|V2{uFC$u_H2La!vC-2-*W9bzo--b6x*rA%O>@+_*0+zd-MRu+b$xdKHkSq0Q5~U zU$h9e`p0bV346$WclVpc$bvZc!TeHb!E<+*i>&$7)`-^%2}BX~-vsmRK;;N8CYNGb zGX-zb{N>|)K@aDREmUbX;PUa5y24qNScTyzE=IjQGD89YiR8Wru2Vc&vh4AmJ34Kn z@k>S>%}voPu{{SFJY={f2cvKjt=0Z$4-`gH!EDo!0ylPwm?0slhZ9+sgRuDGV0P`Ri-OmAhoeTRfYQE#}@H8lKIrmbS3NWY#wdXfhcK!UcFG# zOH#-%aQJ(pmnLS(!E}mMxVaCzDdP`wcG`2t%cypL;}O-EZr(e5YG)N!J55s#cG_5+ zw#bsJ7cbK_iS!JAY2hz2C&cRZQb@5l*=O*e2$rEn;wsJul4SX;MJAu9BR4kAMZU94 zs@Xabb5fnSsToJI!%GkFNS}WA#5cG-74t0aj8}hUZzz+|FPe)~nKsw|BkLER&{k(4 zPechxuZ~-D-*aD19CFa8E!+66hCjz&fGT5Pb%=k)_vzdf+)h*Mm$(m4LRHfwFEf^V zhLVbvzg}YSEa%8QN2lfVN`FNyzol#84@oR^&l(4H2M&bX9_roVH`x{8iYALAk0+Mj zHCq)&w?}XnthWA68n>zUX%}?q<1gl}ONdl8dh$;B(DyKIX;a_!gskX%nF8rsoBQ({Z^0E>+gy|)?0dnQfc<4!d079wNbx&Te9;7scMgjfnst@Q-(@de z#vN;7d%C#!xTHcub4y_`z^fw~qp`wvVFUGqW1UYaI78bUTavOx$AF?RL0}8);(gB{ z$I23M_Y{50mRYXN@K1A`ga``#muG^{=J}TfIw<8M*4Ip4Q2ppV*u}la$82<2xz78* zDm>p&+vJ=5f=>L~)_7BYH)jQ`*ZIQT*~GN2w#&Fb*G2iXZte@s@;UMyiwJJH4O@sZ zV>zZss1Ng3V_E82HOpC!Zl12AC9T|}vC(=TccrC^DTHd+O}g3Ig#sgrrw3-(>q&Z; zv4-2E6)tj?EI2wRU!C3GSFxfPjG?#pu(>zXGfiE+gXz5=Wga)so#1m2cRty~l`q@ zTH#tOo)ES9EmJK_Wv|WKqp=KfC*B*^I!Vg|F>xmig$G={#ijIKD$)H2Z0tNl4=UOK z54mdj5x$9rI`?JT1m#pow^89ioZ+tJ5)G`k{9b>UO(HEEQ;1}Td!xAJTt1lv8&sZi zy>RWW1TJ$(7Kb{y5}b!WC**y){x13Ey>?9{I=0@`)VZh4(mq#Z9i@C9&Pni9af*K?v5Bq z0-bqc-S>xuKb_zTk33NQYJ(kkSX;GmTP|7Ac+272dEz#8)%`%)Y>d@Y?{gR3{5C|* z#H)&5xLS@ARZ=81hNYivb=BN2C{Q2GBt-F4b9t}8YgSG^?D5^ge;XZbih-%C&a_>p z6Gl51A~kUL_U*5Ss&gZGg0oDCVg>u6)GtRSi13x@F=~%Jx3(*P#_q%k4GnE;-R_BH zCW!jIDBGfkN_F@{QtDyK6g;A5u1z#@u;3Nbo=ErR@uANejpEvQXLOfHT;`%izf>Mo z2)LN_YpgfAl{~_p?{zxpE?TMbzoaiTR#aPw#BJN()TriBdLiF9Kz)R_&6N-v8Ve#b z-@ctAu2fgOPwS^4$+4#H0y-Ubb)K7T$5Y4MQ>0!_msn#R(3Zq=mMNy}m#-~Z7GuZw ziK>y5UboQC5;*^)z&`t2^Ote2ucS2g-K9Nm);6NZS~A{+SuDRl*lSDN_2LO}oi;v^ zX16)r<2vb|%rbn#MK|kr1twN=w$-G(xhiEzmah2+BQlXPc5w+oWEfD z1e3gNcjiUWb5i%^@G79-Q0N~v{`5q%^9+8{+0}m)`uGm_!FwMA7Ig!OxDg{JACc|v zJbBZ*+*8J4k=F4IC2?7OVGb`S^U;+DN%dTZ<;7@=#zNsMOG}BS>~VL041M>F=oWVO zk-8w8I#@`%=BtxXtj0!HT==5-(Cha(xyQZA^MpRT{K|wWR!=$9OzEj6_U=SKQlb^^ z@^7;DEy$;5R+OU|EV^)}Wz+mNzO|^WOeUc(s&9y$MLqu+yO&3c>!XcYs6(i6#Gk`>STlZWE zeykQXxL(BJtz08g+|7 zx17%9+Kn*M+;F^e`y+YRLeh*?E!jL%90r@VFox$Awt9)bPL|0bVr0?FITy^a0+DmcD9s_Ev$z6vs|J;zxKt&Qw=Txr z^1C!t?e23XIW>x3@{Z+rRdxqSVrY+)=W}a;WYQndd(;gLxIKMzE>8R!&?i+)d>5sqfvp1^^S#71b*=YF#;~sTFQ=o88XOXLWVIVF<{E zIx{KTXs%iT9e*WucempC3m1y5MpS-#m+Xmb-j~xXxB52I6p9Hf$^QuxvYe(O@KG)M zhR!V`%k0fTMp3iEgpn>efPK%&c0JOAcN9i-hY4+QvEB8Sja_MC@H(?yD0dH?-kal1 zk%xvNufDnso8>LffD1j%waAQTNjvEV8gU<5@`U*gLtIsR%mJSuHgDdK-5lbWk&s z9q;1MkLTPzU%x-=6A20lyj!ibN&D+H8%VzZ&^VqFlamIv`eXk@7ERsIRNX} zkZpvFrzR$n|1BD_r$|2hLxUlP()0y1>CmhWCb0~ zdfu}nfGSKF@US>8)9qg`*Ye&)Vj$Qbw<8HaS0Ewl&3S5>mYyCQ+Tj}ApCL;$T456j z$X!=FPg7S{I7CI2aw`qz^(&cf=o=UT0o+BqYm;@j0L523F8f2TjK|{VZGQgQnkAq) zEcB%GIP{1Bo+Ji9n()rget=vbSw8<;{?@ui&k)iW>cL^l_+)iV^;<@e`ozHWo%>%j z%Qm;RjOW{*l8bpK`kd(~0e~AETvd8s+`@t}UCQe|;A0GG`ONrY<55dXOl%*Y0~wR| z#jSUYPc!7>IJwP!yfJLye4nTw$2GgK@H%~Ve!vcp-4cOt)8yq>5Zl2$IIbVx11`rM zYU;^?Tm2d?`NRL$k%)5Gw+rI8Xq;r^Z5alc7}t zxhZhJjdxc^26KJEauZ5Rxfi+;0!OUq0H{q8;>!0~0#qFq_+Tj=U%+#p9ZUm|Y=hO| z9*%^r*XjR4aY5tB*A>s5o&s~X3b)K+Ann1+*Ui@dD=^ZCJYGUZMzz|-C$ZY;w{oc& z0rc?|iwv4%Y|`wJuFdKLFThRepJ@X>0?&umpP5)#u%j|~w) z$EBdUI+Ve`(#t5JMjel`^#(dt)(B}TuYg!RN^xNHhELd&^bJ)1BY_7kWxFg{aA+t3 zd(HsI7r17F1$r%D@AuU5;q9saK2a-$>~uyrv=vkfbVUT6SA78veR&aop@XeH15R0U z>c3bejSJG9VaNb=-9ISjy5oN<;rsugUDE(g%z%S8BxntqR<{zYR`$1MVSdElpQ?^` z464n;jtT&mURQa=@*nvjgIW9_%YPp8|8%G6pD7LrYvQhVkWQ~vw^|t^@$#XJkfB5B z&#a!3C)p~m^c!_~oaftsbz<5>$@nZUC^t8^NNfG?M%zF4A0-r`z({}MStme6;8&l* z2ZWZ&nV#g6i(BX|j`dFn+cg6EIDp)@4LhkeH8u5CJ2Bm0)4lQ)Hr@4jYu#$HwvGSE zKbt3cM@iqV$g{!_3oEv3x`u-6QfMd-9z&@Wq2f8)W z&h@nWdD>MWhAj~sF6-I`1_ogh74q3CnZtD+_~5d+kk;YfpSd^0GR{eS@AAnl!T4$PR8Yz*jK*~3|vs^F#ykYA@r`{jbq^CUdGG!13v}?OQ5pZ!ETQ^|R94Kkun4vW%A>#jTbYPxP+wbfYpRbOavOu8*nKzjjr zmT90_1z$_<3-*r?H^D!~PO$#7`UF)DubP@TEhbV1?{hM*ZyVGUR^BX65^4MF)UhOJ z!n?KG~H0ru{Qs zVu}wPRmZi_aA@ZAmYSjQ8tkquvzA&j^n$AV3ny_C7v%859w*fHXgJ zYMjC8Zuf{WkqYfP@LG?XjlcSL$Hu9P)nrfY%wmg#z%DqB?aWB9V!J>6uFZaxA788- z5Dkh;yZ+oe4kfNz2Df;sA<4lQE%OM1xMcH1@w{1I#^trKiWX?J0i|hXVWD}X#FPO% zy^zc6zFIe23~}*z^`m0+=H^G>Ss(9?6=Y;)Zf(^6&Q>d+#KgoDXeMm}<&4j%=i$!p zz={gK-QC^Vg9R=4mo~tQ{xvhxfbu$m2l@2ui)NlyMY3j@1*r?|zlYYvcf;ALwdB#Z zW(*TW8ANh9(}wv`Dl>i6m`MlK_YswXKT!+ zzAwAK5lAkKPd?wje_!@J^Fbs3A5QT9=KY@@XRAC!x`kkVAZGYrcN1f6ROI`&mlsFs zeZ;_|QdP60+2iD!^#%T>@{&`q)oYeOor$TVE_1 zxeC%Z_7@EQ-2}4di>vmkD_VZ-Suxw!_qyB!1qWjF!gz_@N9Y6$l5QDTLT~x$kagidafzCI9RuIqYpKG?>+kjTl-Y zsZ3{^ug0)w4f0>{-Jb6N@%wi$s^E~24Cl4cX6jg=AqGBPx;c!kKMToJgIty zUj>h!NtKoBs_u*jJDE2RD?keo0CSIt<=LAJ_yBo)Qs| zPQ#P6PS8Qe6YR%fu9X1BE3`l((5AfyOqAb#?$RRUdu7Tntz?~9f6K*7HjD4@?aRuX{^E~OQ$B#zVzbx^FK0VFL9Z6ckZnW zL4mhCd143sUy0tdhr=i@A=qtNj;+4HrB!ip@q4jFS4+rl-HrMhZ9Jvi->f zs%%)oj~W-7m7xM9NE0_VZA~HVk^jJs>2o&Yd9?P#`(T~~SXkMbWjN6MJkO#f`W&1= zmpXIdp4AmCB}t>>#4w}1xSP&W8Me0>snxS+SH6L)Nv~*IKn#S(+%}Vm!0@b>OL zx@~Tc+=Z^e#rHxF9UZv?@u}cQ_|MJFd5UF?-wSOLx3}j6=Swc?`2kY6*=qz+57rF1;f**k=o1TvioU0bi4Epk+pXIo4UO0W|A$q!Q9 z%SQSw2OLRjQ+%U%v}JaPbb45Ym=NOqftohEQP zE>1>IFV}8+2~RX@b34yxk9`PrJmY?*TKiDa`s+K?Pc4X!PjjApGvb_{pKqFLi*^Vw zfIQmhdk_IP&^4xK6|PfID5$FsD_p&U265LVTwK-r8kdk{0_El5{%7gI6w1qOE=u~d zZk-@7tJ={;oZiQ-&5=|#Rwz0>uN`8o3Tqx-IcgsLhVwbVV5o9f4AXJr^v=G1>((PM zK>^35H+G+|i_4O*+HP&yy-ha=nnbk>>wF#&P9z6X9L5I9&3wffxQkorS%IAA+BkC7++W@B+$~>kKLZ;Nymdod!TsbgR}AxM5R&@}6(XGddvPy!+0|!+P%%8O3h?z~<)W?P0^nEuf@n zw%7oT1L9?o$6lsWJCKQ6RFy;?La;F#%pCUp>Z*A zeM7u;XegG$uz7Q5NDuwHpniMG=d8%2>lUw7>&ZD1tc!R?zrOnGuqxmb0BZvRP!}*E z4nR*AHlg;#`{WShAie0m*)o6Rts zMHl@(KHx4(+*0M8NnP&{(}kqx1K-fA5%R__Vkn4s1GWxwXstvkq4Hm!+BYGAiVZ4` zFsPiZt*yggj+XS9AJ#>)pP!@3W(*qwE)OnW0<%YIz2UJjAZI8=Qi^~qu(L?yD=?)m zcUA`6HoskjJS1-?K`OMV0ro^HOEJmT*7mDG5xeCe zGcXb%{DF)?q{Xhkzdw%Ojs~s|mp~)?BX;G_%0OtO*y*q!uiUc>Mk%6Rc}I}Hupqr7 zSno{Ww2}+hpZA4w>s_GM-|km{3Kfv)YVS<^EwG9Oc164ng;#@Bx~ zrlt<}*q;s0nSeh86^PExEK`y;!&)>t#)(E;Z3~Eg61(Wo`g$?B_sng*^)N{Q59u^L2)fzUuI?+;INpFOU1-RfXWg~0w$S@{~0 zkr{Ckkdw>Lx4#2!d3yWFY^2x%6h&8VabKdR&mteYrL$4h#&_f+z6H*dCrFvDI%>H*{s?G9%^n1RgF4u;cU zAjEYDg`j4ru%=K{R6K@!^o;<~ED+J|0<8+t^G&cpF7OR$X`G)<2eMTIn?gy@;3^mQ z#eagoX_1+pUs{rZ2_7TG#<=?W`d3If12D0$m2;o5h)YNu?9WDO00+$6-24iq@CRT( zX~IZuOOlORG#>Dom^Dj-;F$EKOXEZ8+XjIdw0JXcaRf#81WS-l5+vqK;VP)xy){wo zL<_eBv@njImb`IIjh>?(v9m-_n=Y#RvqE$S64312T+HnF7WfB5y#iz39<;r^3)fHG z(FQ1<6#L4}uaI8n9cffMGC%=zmyT|scnG~(uw!qT(cDCYG8anb$^Av5k`mgYNZ_;5 zN22{IsjIQgABE$h4;@g9Ks*YQft-Q!*w`>FXr2GExe1-qZP>EW>r|)*Z1W6s=ynagJeG4KI;S{=-)wH1T^M z^F!Q>Vbhx&bpe?#rO&aQ``)?&??!{7O^9hTtE=+B4TNycFDS@q zKi5irq*w1P0+L;9C`CVkr&yh=O8~!-49d$l@836rs{!`m$rmcK-Svr%^hnY6PYMZ} zdp)1uih|ttB0gmXypafAxm_NvrswqzmNOcDNsg^9W;VQ`$gl-yxU?`K669=LhRs); z*T>D*dX!XD2w^E8nfHf!3=w+fs1+zafBtc&t8IOvCO9&3v8aU-r2Y;FQwq*q5|#Hp z=C%N;$v}U9a~kv$$i&H+nHgIrr}?rWU0N0v!=%=(1U@1{LL`Y$%~CX89WHXyy~ix~ zv7oMqLCxVcvA&G7n!hKTnDM*zOa;j~XZt@(kD>NxfwUPYm0?t3$&lu2NzillaHOWD ze*gYmIZvGfAx*+EB3}sFWyFU9kThCqE&<9;bYf1@JRHMcV9i+|_Dd9Ui4b&JnOoWz zE}~^p%P(cMaok&^F!18uxC6dcxfSMf;KB{=kztUq=^8-@1|O6H)@rvk^AHeD0k9TGYLKZ}S&9@8 zj9$gYs+Ef@veu8$ypn+A87lBkQsKAW9O&-GnI`K4(lp46h;nc7Sj5a86j@IQuGgP= z;{pG**tjDj41*j4gM?95^1%~zV3Ts0bUufB^F(*?edsdL_1bxw?0smCEF<_*-~@VZ zx6vaYF^pIE3qAyXV8UVIo80K9*N}t*)=$#al^;^W@?E7Q!FO<@_OONs8}ygoMc3ub z*qg$x?C^}KaN~#_K-WaG0zA4funet6ikl9No8W{$=y=b<0BhVBh)>VS`4*;q0i(79 z7_uMuY?7TkstyPvl4%4uZ}n(CwPPX)D5;<)_+6o2t$7@2os*L>*jE@?Y|;1gaW+2yU2Xu(?>kUH@xQ`)U&6y%0C2r!axxi|LT}%^d9LGw zcv?yk_g@F(~XtgI{qnFXAJstwf9aH%;F5I|GxxTGS;+rZnv;%BNC8I;;g0h@XE z8WmN_hDT`L9ws334bUL~JxV<9i*`sq99HXZXJ%yFOt41+^Y5X8Mfh!ULC1U2t)72N z!@wtq0SOcgFgiKe`l>gik9rWIWMOE+mw_C}nKOY2U1~Mbci3d|o@wGn)ecl6q`;Gg zA7{b}aGUo9AUl_*!G!_S_$Gy8i7kG7#Du=gZEzS+^drDBgtTn!Do!ZbD|CC1Dj1$m zJJyCD2-Z(B_*H?NTmK!un2eAG%-OTCME_3YCpn^ zQ5D?RFHmpI#R@NDsjSlHNZ86#3I4oRBOBc9^WqF+4|EED;l&qddab5q(zpm7`m?)T zoLN%45$$r@`E(xnk6)@dLQ{Ri2k)sT=nXrmWBarn86VO6;O3@$X;)Gj%t$NnSeUop zj(z`LsyD5w{tcy|<0U@63UZQ=9L+Mu>FH^x#~@vgNYa^P^8qhVR7S%o2M!GifX3cl zn7bct9Pk3$?#zkwZ2C0!zg5dnxb|!y_XEBqS|xc{40TXXojq8XqORY&aS@Na)eaA8;BlyfV6H|x|DX5J6V3#m3Ac2*KZ_5K z@8Ee*X+Qr6ImARt!r!3uN76b_uMdt*f$<};0#Gfdk%ZO$YBC-Rqlwt-iX%gbi9D7! z$oQ=1Mod%cau&@Yk=xqdo`L8DRB%AU1U$XG{t+!eXzQ)8(F5Pu3eZVdf`rM#9Y|oH zp?wXpd#H}&6Zs#jy5ahP^HMD~k_BYk?2D^*;d4xA)s&zHb$Tv1)z#J_rw-C(eW*?M z_xF|4rLF?49$G=vckX;Y6qpa^oBRdkTb1{-sNbq-G8~4{PiLxdB?H&#Pyc9~dN^=v zVb{0B5nIZJ1qyDO(Rvz0TK7u9dz?XMtuUfzN(C)w7ZYaQ5 zayRMivK=?WyyV?_n&x#+0q8*;vasFiSpW-f9$9XH~O%|UkX zy!8$B;KMlz3JQQ_aG_X)<^HV%Lnq+r7ij)q0CrMbE+8mKNJZuIw0~f`ugFmPcad7Y zc5qEijol@fhYcW@p{c3#D;#1_7Z@~$kpg{Qm)B{-V*dzUcd(vph~q9Pc^*ttjfa?7 ztV-vK>C)a-A|9V=`w;8YbNgA*x&z{=;e_HY8ZR9Elf{8 zfV*=@#GRd;g%(oH^pFW>V*%ttaA71tD){}<${S~U+<-R$!~oMT@kM`u!#jpb6oFHa zzXh5z0pDH8El`235)y2|kX?_~DyX@vIydT?ME1s`XUVOL)cM`E?|{8Fr(U3|-w_7v zQASPON$6rwG z?bM5?u}CP?Z!D=7U^XYNMc*?6Ap z3?YAz$Oh5nW?(xDOuuP?Cpv&?33AFNaQ4+smXNHrK~LgKfzuEfO$F$7pk1&9|6==x z1U`5hKhRXb<{LtbSU{8>zEAHjgNxRCWw^R7@w~`(>a+g1*c#V*$}Z_uy2v!M1I|Rf z3R1a8>nT|{L?9JYxgAo)ubfp$6k#swd!ghm#l_ILXH99@i*a0q0bzaUw6>zs9i=Rf zF2d$Xrj^k$CIFe|pic;HZW~~1jiZ&H*%FYQ0!!qZ6)#MSphg|8FeQ6#%fi4CS?CIY zRssi31$Z#@pMIsqN=9QSkeA_$>fCn>Hh+DCSox#;g%+&)_gXhJWM|00om7dy1r32J zvtAmI5hbP5WI+A9I$jlBe|m^pGSUfM7>7ItXIk%*9W@Y(1c!$sskZRuS1d3`t*lIA z7TXtzeH1_rpPj1O+S|*5P##9c7XjM}Qj!A*&7UFifJ&4Xuik=e`x1$gWCqutBiCE? zlu4%S!K^{FG%i8VLx&g*YH9>^)dT3V*r5?>ZHV#0ARj@#4r&l+$d8aOio-p@7$fN@ znunjC=H39?g7Z=WUaZrE%W^2+7@WVrE*TkFf+hbuK)mZ#(6M^n8o$2XQM0qo1_f5= z4VL13{ax7BTQ2&ItF9(O7MSO%SMs|bd@8kY@tj)7_^vnu=fASiBH zqiB(8_T*@a#UK2FbjuB_V%1X0k|K>7*b^d-uN&@Pj1Fjq_l7E$bUpBA(% zeAcXdx4)*}E0c@iD%ckA)!*m@I#JOY% zR#J#6B8Y}HA|QrEN@VD~#YoGRZP9i23!3VVy|H2qYzl_Xt=cd9=4PXUwRNxX{0R{T7SkXI_u3cq+o#`12kTZocM&HYD1Uhh!V(vYF3O4TrB_*Zf z`gokE*Wu>4Ll5b0Omv%(!Ozc+W0*AvVKA?-urRd#=c1KFt5O+O{7}2GI(|YO!9jnR zblYl5Ba;wwuc(8-y7iq%36!e}pqAT*w0aXXUXLHEgMu1Lc2P*ir8G6;cX&`rDWXXA z1Oyz&tuLM)qm@u+ryg(>XbbQI*v0F0_~#q++o!0Z&ri#`JM z1&Z;Pko3&oT!i)<;NbhP8<6Pyg?)J*Y!8OW%zA{rfrx*tq<*Vf*i z23RI-(e$%3Gva{6eG#krLb?n=HkMTf@qWZi&jPFp7Ga|xQG*#&UmITGvK=ws;mg-~ z)iLB!aUrG8 z@-I-S9GQ8ms)0JX;?a_@DgpLicL z7Bkx$gqnb0)c`~l$P2V1@QL{(0Cu1dbOh#CszCnd*a>hTZd*+x2Y_wnkt{MWE56R+ zT0N@tWV+*^I@%K9MCEZS0q7?bQ!3Etb#-4!WTG*! z1n$8VZQj7b%ETe*N=on|2A*Tq%_a$;Oi_`Uh?u_fwJGCCgl^EhfeMZ@os9g;`7D*o zp**u2R%u~bSUgzT*?Ob6^cSDjO?+m06%Bb*7^O%&_*)L|-Sicw}~piv33 z5^@RglQShtC>R-M?IDg2o&E@urB!}}RPqyQw+H6PbmXPKL=*->RFZx@tw}qCr_~>gnnESvl1oh7v`Ie{$ZsefYC_ zYS>euS!`cD6^HKee1^=lQ_VBQ5N%`ugip=$oW8WF30A?YVJ6%k+9=Hb_41gg8Xa|Q z=Bc&euRz5ht;zqa^ySE{+(g2#q>BL=eSKZAed6Blm9Y^v$7rpDzbFE&6O7EP@9zfg zu{#~P8>%J0=Cek;I%xv#1xQ_9#WegYAZ+V!5#rT;dSBr5Tgzu1;nrboGf<-=-}%q9 zcNy0yl3GLK;{8ATf5j}hlz*-SH~!zhqvrpP8uG98QTUtYBSlaoLQgMk7_HFM zLjRw4-ORBruCH6b2>!nX?>7`F#k`Rh_5A&Dsp2$lznPF94AbVta|-|K(0~gHmj5o= z|Im@_$Q&KfcxngDv6RikSFZGXX`aKuVfh_-Dkw$_MT7rYS0yPkx4CD8Ai! zS{^H0E?pE=>`_b6(6HNGT)pY0oQ~kjM@jgP$PWA7^4IRuCST?4wJ%ClLcRwZY#6zJ z2JVGzi*!EqC&!}xeT3mjZbF-vMUs!>3vq}UTzZXG>(YYid>(}7z>LLb_&M^CU6@bU zFiG;ghAuENFtiOjP9QU_l$7{*k?El51Hj0sP3&{9YRZ`mV2UQRnON!#;;*pA5x5)!|KYOuR~)lA2tRI(s7& z>Qid!Z^NDwpmm3S@U#0c?ZCkBA4|8!O2Cf4_n7f^i;}gzL9#R6Z6gD%8?U7aZj>ho z^inXKJiT6e6rZ$#L1p!=xRUK@*ckCSXpjNOT3d(9O6_E4_pPbvAtu7Y2>)k2s;>T| zvYB3OD^OITSuhayez8c;L#L)&(27`-^xt*}8Rxp;t9gy3z~) zGNhIPSy@>;=ZT>Z&_dL)@M)d6?Rw5qS5rz_4_2(bzgM4{{?Lt7n)uNOR=a;1GNLNO z7J03dcB3)I!?|a6_I(LPu&+_8Fa-~nSw>z-sl|$yWcU=>^g|f8kL-`6HSPt{JEJ2b p#7lqw{QrS5BMEtZmf%#7}D?JLvjF`aX{cp-kE+2L;1)SJ+m zSXt@Q+LCn8!pUre<)hvNz0$t4+UHZFg-G- zGk8N5o_Fixu0aKB7c%dq6Ungf$ws#A*&1;K(MEP^F9*{zOjqTd^UvFkyl}$l{@dP3 z%0{A7d$}~%sqIJJ+~E%F(M@%g!=dI)v{fE=%}B+n&$(cjO`5FiS7h3PwGHeGLR!_~ zT->ue5uIbR@f#VXD;lsSRLbz=Vm@Er^5d;Ve~Q6*ox%A??%$d;JXLEpiol`?0N%JtxR z0~7fYuC<1aQnOsiUu;Sa?u9+%5k%@8rGudQ-|vOHH4hVTe=Zy`W*&4(C-e*>|M@=H zp8YxM@6MPh{k)4m|MF`mNQwJCTFyeI^|c=EN`TwOcSiSNd&ph1r+h;-tP8lrS+GaP zjzQ)|Zi?Obn}~)umyM5^z(E`=s(``y+({qjLNcuOn$qt=ih#w*6_yK*~NB34y~?W{9WZmu-wpMFROh4bCyJpe{4NJKMKv?`7IooSkxG{rw}s? zdWEXryw&uvfcD$hXIfv%?CiWuV@gjx!JAwgw_{wUhc)Cr$IqKw#J#?wz&*96g+C2} zc#rcZHC+ETyq3l|XTm?{*asp>VJm11kVpD#IP$eo@)35{ovpk5wN@wJ23y(G_3ykq zDYKIp%)Kay*Mld33$83~e3u?5Decd05N4Xx*+>cX$4Gi4zFY(6S2ort|w^Xhp5Dd2lUx%{b~$>qxV~>n7%P7SVe)Fod zx(=Fr;a)$8)FH~bfG*QgyRGgi{q;YAx@pBOj$l&yAQT*6$EUp!pn(ru!`2G%un4lANb7#*3 z;FuVC`ODWkvZ8G{omn$}mr;(dOt!O2OZm9C=fJ_8$6WoThT8h$|A^{!{Va*|6#o4h z5hEkYKP{|@i;c!g^5qS=UOFAS{lgP`vypOeE<)l&hs1I!PB#;$S39I^>^oqo|F?@6 zOmmjZNb$0{Ud8^8xK19VUO$^9ou(sm8b%?lw;Bgk{*F68YCw|m;HxJ9;Qe-prLTQ= zwGeU>`wOq}c5V#GUvibnC~pJ2KuU$lF=qBwC*gx44=|r=Agc{h;zer87c7?MUV8v* z;)1|jE9GR|67Is3q-5~@!x!5Q;5~^S;jYZZUBA^#1BK$E9hl3Z+w?gAfU85Hc{iK@ z+>yo`0Hc`43d}u21j!J9pgihq;NmirjR1HT8JGB%Cm#T48l309#_}ZZqbPt<8<`}j zt!!X>04IO$8*k_coT9?necskOMgE!+p3A;thY;a601JEVtypSV&^?S)MgTX0)_@t| zCxpvJ;0-cK7KqpAOz#W{)V!H?&_jQ$S6b1SHj0PSOvxuy;OK*mbnayhhO_Y#Cexfb1w$jbQGdSC5)L7 z#7;qpv)^mSr*!_DDn`6qAyi#RTg{JyD$+^w5MYGK3ybmCx|}$$jQ>-pC1dt)0WGLY{k@>>&i0kkRXR(-bU!y-UF`reO343pOI;QoLwXh! zm9k9>Ah66MU+X5hp|;&bsQ~3ppTZ9VR)KC@t$F%=TO-g*HR%f0Y@5CBZA z9Ug|5b>zmRUf0B%y*WisssD!n@q@b~(bhNlSs6j`4Vg^z?*@8LB0QHnIDS?4UvuPl zkR?00mwP~2nnG7pVDR5e_;f;FeEvT{m0v34A;ZXJ^8?69y9^M^;$DC|QYPE!Ch`%i z@!BsF={eRRsWwr_EC?(^8Nmp%_B()`**zQk&5TmZ$ZivCR;k?Pj^1EQia#8uD_xM* zW?{?s;8qr&_>8X~fF4H2EdYc`Di$YW&JPU1k$KSpImGx&k*Q-IT`};NE)@dIFgT)VzFoXn*)>`=SxQHq&FrVvEz%JTERIwer5 z8(it#QnBMr7ljLdN2$MtK6FJB2Itb2RnC+Dhm!bf+y91bUSY-ex5`R#N4s42(J`yp zkFYAE1Q8;UYEfOwicqZb_#KlHoAdifj_!mn9#y5O<&lM=u|ZdELxv{T5a0G^9O@_k ztl0go_tvXq6`eoWY?^q#$g2HSzd8234Bk&}MKbPuQ51ZD&lS|Imf| zgA}G^<+<9~e2)?dNoD?9G(DPTTxV=&NmX_>T4s^Q=O#m zSftbMWl(bms?ENXIC2EsKyg8e6OYv2&_=}4HL4o`WxJSese(w?KGr9?hD@V<&_`wRAsiSxZJQSi28cN zms#Y6At6NWqkjAFI98SeST7(PR>bg&9Mss3$|lW1;&4aXua_nC=?UJ){zD^kAx6K zExA#%`zh>PuAQ>RA+3;$Oo=jQxcY-t6NkzFA$G@E^3H zXJrR{ADZ#ja3vIbD|+$c=J~Qr7(0J-mCQKsZm)@>)GZZPGBtz(l&J&9$xXDmxtFW2 zJW{*f!DaCS{eaH-CkNx={UVH8CleH+wEU}nU2@;~3r2vBoP*qK{}=ecTeI9~T-Faz zWLr`m3OKGXYEs&S=p$N{V25uT)ZT~J3CdVp%F;IOsdJ^yveP-Uk@ULP-Ve{6CRZqI z>WBA~c1XgubH8urIGs}K?5E;q%Oilj{Yl4<%hptfYfsDh8A-~q5ta#Z8eZ!nny+^5 z4-a;Ik)Mj;bT;vDrH)0mP9}0PvF$g=F5lE*x39}M9o$q~w1UK!aoGFk&~J6k1Cusf zW$hW$d>Sb1Zrgic`A?u>Yn|m{JKhDnmwmoRy5B*$x$hPE$WNu1=p#i^P{nzC21bg- zi71d)r^aJO6f_$mp`!mIATZ$RXd1wQf%H5=U>V(Wb%7V%R2l zv)hM!)@LpEl=i>KE+v0G#I0oIdFtZ1Z2B#w(L+8~k3JN&v)`#ovxo{N?pS*jIyesQ z4GPyPFEh9NY;_#rF~RfXekhlRUmPBTmxZLn7wa6+MUL051udlGI-02E)!HC2 zOH}d?u2AxVDdAD3DnbB1dAy!BF!u%7u{NiZXq-}{hLIdf-;yAm!(sU^0`1X&udkvU z9OpH}^bt9`U~1;qY6=h&;C$Rbv*zM!ZTAr8g|Ng(RtON4B#g2k21*gig;CxKra(vP z*tg1yJO}UkGF-1W^7TdJ{J0z?ArgFNVvQ!&7K~mjg=|+S@ZbaUCv2;1&g`@r4!?$6zoJ4qMd&MJM{3G zl10e#T@8u#7|CZf&5^HjS!keI#S0O&SDwqhBT@&?^0$1_S?t{yp}&aDMxbk2giLU~ zN50$3ArxB80@~TZlY*Pi4G&^ZiYistUEXyJ&4FYSBxY&|np~~ZI`Q1*iWL@^? z%(JVcPpyOwE?V1|+y)IQ9)5r#2FdxKyOwQPAaA~Su_#TNdk$!=pMK&>$;4@+jf00L z9l0C|y5}{BHsd8Uh21eI-KJJ;Bq>XlOc~GNbGt_$-fEpF7$-eA>xF(Xa@B&EXFc+y z`@==yeK}^nnLVw~@U9>Yl{FLr0np?wsON%J4;FL`7|>SVqGw zC`>8hhcJ-TAbjrNR6}#!~@rBRg$mV@J;ShVpXZp z@SZ+7c3J|caQ!C4EKlpiXErM768o>{FFw3hju!w;FYlUWXxyZJ6@}14-PG$I?`XhL z9&mv8SiWV6{ULfq#H9-@EA3t~x-{NyLyG!RQTawuefG39ZPwdk7u!MyT^|E@U)sx) zZJw@ZrMuM$0K&0BbQyLdW@o}rCW7bdk<$vvEqU<^HH^)6r=$W4$B&Y;Fu9wkPQH010JI&`%3Q#KZb5ID-HM}3C5wcoKp2OAX?m3WI*Y@in#s(bG@r>1&vw&iLrEGEn^r2>rux%81S}61gb<51dN1H z-GV;_plTYD38xVQS=IzfEb#L`eVF%yY1hC7{;)hm)wV-IS}_hv!C$Y7ZU_ucPuzYHwfYVLD0`SMyl@49qrMu7+V zkI4K%WkK9w*i!pCIX>6gG+~EESljWqiC%tEZOt7ZDpo>ab=-G4H=9C1N90*p*s3>C zhCASJYMYS+Mr&QpyrdYaARt0%Jnx0}be;Di8sgq$Pwe0s5nJ5ENTV8OP~+L_yv|L! z3N)3p7=Nd!_n%rNiXSQj$%EpcUymqb=_c)!!uFTVqZmQ4G##%!*py~@)pWEP6f=ro z-pOy6j+r(r`y9$fl*&E4WlEd|q>;)k)IuAN zRlaLe6XZVXp35t4{$Lf=I~|^3k0J8cAm5F5#nAP11#>InR8y^D867;RuoIvqg3bl+ z@4V9Guy~sS9e(U?)Rwnz&I0Zd23&05LH8vx2fQ+Owo-+fZ7*YBuPn>goeP>macX)5 zoxNP4*&6Syc-BA}*1%NQ^lYfu%vOaKW`ENFs%^uYCIra+9rb{6@w3yLUPf!;a5g*< z2W{NT{1B13MY7ucuQ%|wongbfS3q;uisv3$UGFz^v>?-1p!FmRc?X`ruP1_~Rz)d- zWLd9==0RlKe|Fyv2wbeUs~<_~Q&x)Ck<2SbIF?VgcD`rcj%;ccw{9&5*r*JADUDbw zKl!LT6DHdFsI`8=LqaLC3Rsr~!&9wQ4MXXhjhtAnO?ielY_g@32JR}-6RTe5Eu!R^ zPC)toz?9t4X()c>OML}z^ic$SQ-U3)LVfA2cq3!nqeg!CSBhi` zo}H*&*Jt)A`>U9CyH0hC<^Q+DM|+?krQMIcKBYc_iF1YPpRFb$4}kIAq&Tr*r$3}l zY&nLYU%Gp)zNgunf@YWI8~7-$g|~7`nz27>t^ugBm^5oqomhuxZ&x(uZr%wwB&Sd`O3o=FLgflljJcOMgy`pp&4B;~7 z>>D{M2 z5UTq&71~CuIH4Ob1LJm_QylFboRZ`zk-R!rYV@7%Vz{ zjJ9l=8~ni6sV_Dg_pRJ9IHkk}8I3u9AeEqXUUpRyrD&iNJddY+aV}!TioKV;VlI&^ zemZ{$w2%8o)P6q&FH=&p5w@xhrC^n-9|ISJC@GmP{kjj3O7hQ>i*<2daA&k#7@L%=X>UrQ^j7@U(1&g~uu+}v(9e2u?}y9m&GjEybefi_%k z^6*XAlM@$xlr$7LYe_n>e9lu`oFB)zmH_)?vxI`c)UB2V^@KVfrAjGuE%vr&63Pko z3~pGS#{fT{-JhoH0Qy0p-rc+}_%D-@93ojF^Yhys`5fXj|(Ano_b^sT1Og zd(D*_6?w=28F?U}>*q&y9}-Gr3sRU4I5y}WzgCelwB9PMb)f@jfe+k83p>CA6-W*) z#kdtVRRs^(Cjm{LMHbPPh@rbuP-Fywm2HIF7*bFSNKh(E?wb>UENv7QQ9X_*AHlp)DH zJRhgoI&YdJQ^ChYOJyG3pEZPzi@7$$=asbiE`QCR13(!PzyS}GL!hdk&%ToGNp|M2 z8NwYr8Q$vvXp&jW7_zk<(8*V}_+3eVIdoh4yd&5(lwnjZMhh_J01&JJJfYmXfPR`M zqD2l^{KpS}_^v}ls$5`4znl30XihOm4A{gy+lCaRNOahGl}EtR}AQ*vWnK9yayJ< z!=e$}T^v(e+BEWSfNjN)KuS9 zezG?nawg#sZ3}t)gq`w?L`L$bVn2AcK5)Ewhd^K z!Bikq!v~n3sVNVSfJfI-e>nnwIhBBMGmH#A))keV_K!||{A-~H*hE|R2%XjuVsejXot*$dMKTyRr__iQF-*!6{RzW(6h-V9fThQxTF zk3xXwT%BltB7x~##h-in{)6)6hn+Ftfz18P527-W*?>U;$O}u3{;q8i%0}`?O!chR z=N%tmaB*nOw&F7d#lqj7rKiIXKb`ugO6fhC%uZL z%f%yzS?ZV!7}-Exwtun#UWnS+nfHP_0aeh=w@dP>5(LQl1S7HhlVksj!#-247jGUY zjDU1V_L+Ni_i(=yMeC6Wob%@&_BPpj`7;1idq8C_xcMqd7$8@Q=Wy};u7Cy!wgI@* z0pCdo&W6;Ll19vQES6<*$2V&QWjc&t7aR+|%oh)$OqkIJt~bD4!a@(kOWf`Txr!Fp z6t$TlZ3-rQEKDhjlQ}bf#d-c^ssD%>{(=m7DJI&Vp_PALI&M%dSKL2^8ks-3bce^0 z4_NW~aCs7AaG6WQh`s4JtsC({s5_uYEvA(^`@@D6CFV3>eu{`{9EVc2qCwRE^`IP( z#$crK9n4T6BqnS(1C0T(^H+d_r=Q7`*~pZ?#g6FOqQQIa*E0Ww1iV~e$vJ?k%`t3G z|9g@Ns6l@X(f^<0{2$11c4C#p|HmSn*1bL!ly4FR9dnwp%wd@0+-?0pUfPzsR$z(%;;&|Yd0_394H?; za%(X|>4yoaQ4?fu6u!UKlF<|?SezD&NQMx#oXNfC%}oPj^|ykEhTC<-&Kv8kXDgo8 z;*EOCk066A^+~RLiU0t|?kCYk1p`$HFn;}j$fdDb|AT@kgTK5Tb+{=|e+WiX2mR;6 zG&DN&H693l6t^X%*!lg{&KUJdDdH9oIMl57x^3lkT-KaYsbvwDofphp9bQ=9>dgT+ z;5mqE8r%d@vE+M(RPJ;o-P3Yan#JFQ5yvMR3#XQgKZ#fW!fP|s&b74{PH~-Fg<)s`Rkb{wcj`X*%(+?P*CkxC|Pc}00RA8b& zz~%49__NX-Wa)k%&g41+#Om1O;|>h{gUBUd?+5=bL9b1`@7@!^noEY0Alz6WBnP)C#z+}gpn$FH)$yy-Zy-Hj4}`Q z{8}LxiI$s6fH65_wbYFyi)TT(K)NFq->**0)rS|icC6{w^~T!)37HQv4coQkqMpq0 z_i+buvH#~Gvw!~x#DDX#27Ia-*6T>LLrQHLQ{p2;uCYCj&KwY&{~6cigy*?I23Xnd4EuNq^HwqqMBqM1%?{bEkdttv*_e1% z7Ypp_LB#T4TKzub9DIZvUHomP{r_gr^0#39zlAT?`*zU-fyy*L%O$Y1K0hyg7UUSf zoBpW^v5UtTwK2P1h!o)I>f4gSol?zEbFNbt)4IR;A*(k zOat$Cg88W{V{|rxrLFx^YJ<6C9^p5^Er2;bF4?Q&H|tP#iSz)s1r}}RjvF|!jsY-a3YQ(v*ZE$?Qn^Pc+3QQ)h~=ahAbz~R7yud8;dGU7iT z1`3oPxwmoZ&leIe|Nk%iFCLPQHD0A(L5ZE}@0%h!AE?j|)BPOzqw4k!+cr-h$hPRobS+%R=nB@X(f1gGzRSYSXT<{ z&FAJiC)}OOYWc*)mTf)_3%cMS@b<*3kFt3#7Eoz$8Ypu^{p5!SLCXogIUZqEy481C zXve3u@eh2$~$dXC_L)xp6~J4MoRAgv8g!zt3gcU8rLz22RkcWif+hlGzeONWZ#J_Wj1>s79BIPV`}eAC1Im>cGsdt zxB3+A=}nkT*-3mD%ct8$g)?HZ4vK4;UMw6emDIUT$tG~U{oC~z z5xX`Oiqt!MraI8U#avtdRM{d;gG(W8KGWaXJv>{N{UzG_u{Ol@*s-wmr4;1o@Z2-w zY4mcI^J}cvXzYC$k7D3-5S_7u*`Ahy%0+!A{~VfGsu{nAqdmb9Y^GyhzF|3*zp zS)1tE7!H>v%Qw2jdCNGdPYV&U4iv^r17hzc1=d4Jm+5YO;8!zjd z>(AcEo5Kl;+IVD%talGpQc_a27e{tJRS&3HyN%F2S zYlxMI4GJ^i81iD*0+B9c^m)YU?aQSFm}va?mqrmlE=GsmR|GT z7tW_KC`*%a2wlGdf#Nz^9V>_8OJr?TYuuqjXYh0 z_^b!~T~-d|j|6ZnxM6dnr+JJ9(I(J{(S`e*A1Y4#TpKhWQ45BMO z9~qV`UDxH!+cHYaa-dx=qM9^|;4GepSEHN-%5rGjjf`^g^h$80s-Vj=d3U=xksm|e z>VBtQ@+eZ(dU!lCP0TEQM?A4b-gK=(g!z7BVBKXannj6tv*iKyW+T+Y90-f4PI zem)NXqpPlc06W4l(sd1>>{9p{go-K^{ZRS!6>CmybGrAF0{?6q4JsIxgZdGsvrLg zWMN>skZxERcblAkbRKV|{6n*aJWAZ#!f!4T8Bnx?sLjn2Uj<~QI2M;~2M1mNMTgzi z$@0cHkG={|f`D`bUvyKreQq{Ydz@}~((xMFt$Vwb@cDvxpx@ZIA#7Oz^FU$YwH%_D zndwbkt;yKll5pc&agbrLTJH(ZeS6uyX!k^j4zSV=(_VP%Wuwc+BR|!eb}YMMR;Hy$ zl2JEZ479`!;!US$+3sr55s}p{Xu>)qGolI{ojd%vXyce3Z`^@-f9W7q<>USB6&`V| z#Q3aT&Hh?NdhCvANTYo} z(dwgYU-x{Y!s{l&fC$&=D`D$C7dpoi>Fgypuwk`!?HTyoi;MYY#NFFj4GSJd>GSP+ z9PvG#-I{3Pg%2zpi(3ywZ-8^4XSembKYGo-arDpAyM3r>Tk*I`u_W_x0OUSuhTB`% znp-(7@I#t2HF78Av>K#kx*b&)4HrFvKu`)r$2&Z7r*4TygW~xJ!eYNr4~c zpzXri1J+hIMU~HA{$Llpm9`c6ex!}t4k~M>O9jeN4Rx+V(dnj}Cm7W=(B&{syIrQA zG>duKY-ylZl16i#Sxi5QxUTkz0Y7Q*(J4Y0H}i>qh?^5Gr2hIeua~2ZvZN$VvzfAg zulNsO0$Xd9f0{i6;*yt7bz7mybOj5{UKL8N$#J#^r^3$LON`xF9A$hLUsUo{p?3ik z5aq$AI`R!V^|G(dDMenZ|AQWs*3DhY!s5>NM!wjl$Fi{Xw~(q6FLNM=aax-9Vo%y+ z-6fs&+@@YWgwaLJh1kX=sJS;9MHzvPACI<*Iif7G#U`-*P%wb)JlB&upqqVRPTDSb7lv%+p zpaNA0-w5IoWxO1eWxb?e06) z-;;70Uce0-00GUqXllWmI{r!}v_8?#cET$(%`juZZ#W6dU!0v5=^J6nO<0J{Qk1$P z-6LAQ=;5VngF@c_bN=EH?-kW>XB6QK5 zhAm3ZBhSOnkaUvXwLzwqQQ0gaw@E!MHN8|+Xjt1QUy?n-mD5O{p?or6el*6|!} zAOLiYpAs|^zj0F!U8hW-FY#1E^L**W6c*VkvQOh{j(+(xV;~GG4*?at4jR3H-(RZ2 z_RI00EpC6}qXeCeC)^C3+pp}Bc8xZs04;Dxn-O5F1Db7lIORQn3YUK*^fEn*7^-*r zXtQ@(FS__!Vk^p+WG@z`xDAol+iPUQO|jO!eeRyT=3{}_v!dhTFZQcC{AFl<0|135 zPIua8XNGh8g+{$WWnkZ^ul&nRuE;%5lCw&#GF4_hUyd?Wk{siVy;5u$E_jp^_)x2! z*P9dF4)OuyO_y*lciyZEVY-r9-krvkRM;_F`OuDk)eGvJ;Jx~_K4aKt^WLhCAh!g| zb~XE*M<4jAKvnf#v{>H^L5=B3=Bm}UYR%HNOw#EZeCXGmON)?*73$5;Rs7&$-xJ;N z43gc#$QBQcD)FOhw`Q?j@l$l3%}(1N!aD|d>RPP5*~Ts{vfp9P!?HVZdm2Jyxe~Yv zn_73f2c^Yz?x$Mga_{x_&J(Jj$`D=5N{ zRfjbl^pJEfeYB*~kFiGgoMw9GkWu1k;Ec}Hx^gUPDK1W6kYY02Y!fkLp_0VtY!j}B zPxIe3QGAOubY$|VPkvm*(OKDchK->7l0}{Mxqqeis0flfhcEnzwJJ0wf6Rx{(AbU^ zzQe;7K@s5cJ-aygk1`>g7UF z^^nKn`8v}bw{e#afvlfdhZJkOHD+*cowg!E_WZ}hYS-Hxc=G9|E#g0&^i2DHXn4*d zbU25p$}|0#ihplB-z7(d@d)@Ks=EpTn7|az@6G)?n={WbP!aLh&l=d6+wumwFfpH7 zV=bo}NPV8&;lb!F@LHuF7QGd6t0}i|H_py@3U7k5fhqs-jkbaJ?40=%e(uotwW$Z^ zxsVJBW|(8`_Y<`~nNDCm<;qeKa{ z_g5w$E=NSbvnPoz3X^&2?iIWX;ts7NuP=CHs7;r%;!K7s1e@hzqIdDP3I_NJN~-Nc zWcnU=%ov$?>0IJ@jxn*?cKcojXvLIOnp-QQ5uAPuu;Rp^&dibR+VN0~t-x-|OB1(j%LsDEzcf6$(yvuD z^jVo#z8u^_h)ik5?t6h+2-;Nd4yUG3d=?h8PZl$zO)3gXPkMUcMqQzv$DEMeh@9JHjA8L>6 z&kh=HJ{;KEn*f_}kd?wx~QS^(O&r_eY}Fn2zob z-!inZVmt&O*6is5D~m1}p<%zA6Wkso_7K}hDyzjoD{fInUG4XZ+vP%xI8*KS-7_6F z-Lg_iMp#k3fiI1*-t43e6~=Lr8#vE)5wtCwN@B3TK?TfnYwOGDLRL{!^Sv!`UJoPyezr~(PAv0{dAHLPa@03=@>;K5cYScr; zkzt7?WNUdq`g=$CQ92E~$SLwW{luaou|5X|jkMmMvcpc}ky|Q5`w?#p5_sh{PMHMf zQ^&BXr#2pGMODD@N$pz)(L5x9xdlE$eKxC zrFZYY8>OR;M~9d0kl19uyVj7Y>Qxi4xZoJhq{>S?Ww-W(Q*(ZtyR;zAK{Z7-!dY1k zVeGgseCkx~!D)I_BZqj}48%#Cpz~u@zvRmEmSbdULBdWD)(9_xoLVd>RUf6QSW-Dz z5@^iqX_>0Nec-g0v+4$AC(RE!QNye2#EYt%fq#qCKC5Oe0t~L@+=^cnDVu05Qt)XO zxQ~G3^&#=1S=->XC!N8Xu#9MqV-y2+;HhKsf>k4AR7Y%xsAKaTI$ zzRB+*fhRU^x3-x2H%@HKPU(EJhJSHw#b(FQ*8?-(ZkIei$Wq$mk;T{Spd9&IA=yLN z*0)M@T=MRcQ28t&YyPy!5p4%ERQprL3W*%qDQw>*HR5H>?dxuCydMVa?yk;v7YEk) zDaiLcnUEBx-4D&)HwiXKUV5hZM-;wGNy6KgM!!5;Hl&q#$7lS~Qp5doE8Le|Pu?w{ z$2lcegZ$d=3HV$-MyIf;(?KkwN4vnEidt)1zx?!?{fETo_|Y36ykcRcX!ba{=;3-M z+1pezZoF)$>ytYt-IUFrK9+FsHDE`4JZ)aG7>h)Nr-Q6UFONAl*F@dH1ehppmVKdg zFbhQMMvi^J27$##&-6b0a9qW)I*Cnd9N9ZLAtQfYE z%hN`^PB7MYQ6wu-B|#1)xlOwBH^!)BUs}WMhOqEe_dupG>d%X0)~w1hls-c zrTr-dFds#GaUt-@(;k;o>2a>9W`*Czg+0%g8QMXH}<|;F*fx(6lwV-t*ffY5nLV;CC%-Bxjo-;QU?nUhWnQ@hKOT=>}tFw z`p-x)qOsAyq6fZGS+^v`K}WgAD3}=*5#{+cr-ao%yvc_}`x{xAp_FJ;#6w$Q?Y&jP zCs`59^acaW*@|dNOe9r>hSP^NDvoc&^CY)#Gx1L5%x;V>=sq^Fi1#3kDBeS>O1EmO zsg%xXHvz$><|P)Z(wf!NJQPltvO&*{9f6K6zoX)cB+X{{I^;&A9evU+1$-Y3Em=-r z7zIyKx+fbqT-`Hg&RcxLqw-9JxxlTPd@b4CQ*tu#z?C^-=UWAf?YxCgo1|pHlbE+LWo#*(aWJWfi4hth?bye-J z(Mo`~9rl(Qu;}6myhYigeu4?SSA6a2N|2}JRh=c0F(;G$>7UxSwK~wffG$^RKkBH$ z*)mkGvnn=NvX6_6Jq^R=>$!eET(smwDZZ&3?&FiJ9#__ON5Pp*_R-PL&+F#R%7DuC zoh_`@JkV0fkSA$ew8U{{qO_^|`kBot2EQo($7)aan_KJR1PGD4#cAVY zjc9rHx-ACyMB7BWF91VYjKQ--<>_m=d-Wu>Dh_eL5EDFKER4Ggvtg?xIrQ` zUa%GL`3XPj;t38^ptT&nKh{&Ka^_S#bDF(FY+^|^rH*V;*;r5M>0e<_<3KO=@ zRJ!~gjC=z!r(9jLr!p5tU!RyL$A0CfTH0?}QIUcP;JNN8KVp6xVir-u3)fgF%O^TM zijV@aGu4?FIt~SSPUXIicmJYRkE-2y(BZu&7EyhQjsPLi^ZDIB7TF^Wunh9$q;ZzI zZKU^$eGE=4s^xI?PmTy&15e`K2T$Qbn^y6TAydUM!D&v@x*dFj{0&uj!Dpp^`0%SO zSHj!!%$3&4C?2JLJ6^TEWZ}COl%QZ>5iBmh-5St!c>{d+bLE@w@PgkxB?+jMmbDMx4B`l=>^q+bno)CkHLzgGHw?s>p`wMsGGdg#y9R(vg zx*FY+DHK*&+1!yb`^sVsZ@*u4Z=0|)k>0s8*E;r$>-po-xa5bm zmiuAjRiBAR=pf;Zj8yo^kuRe=^UFpU#6FT=Eo#v}tU2D+x0FQd#L}sZym6SP&CRMelVn-yym23!LyxWXYVh|?O<5X4@FQ<^ZxRv{o9+vJn@O+x z;4J2Pp|K*L;eLpXBX`^Fz@+cifQNUlFs=R8WzqfD)_i6;d+7|?%cS;KnSiBN-iHLv zo^TU5b)dkWtQRIXJ32o88F<3?SOam{vD9rre-krEucJ(q0^QkJothuaXWv@-s*=54 zC88(gB``hm?M~U(qkd{M>y@$#IVUpqD$Xx%3502#ut$B*XYM=f?l7F@IBh26 z?<=5>ydcd?&)%i~JzKExLD`1~;p*5;%2=QAQF*;fegf$aG2NH1dP8m`?wr=ee-}Eh zZ5o^)N%v|@y$pmg7lOt`UC%wjA+NKqZDYtLfTnXt!@^e(5kORbIxt(EI49+x%XEW5 zS|0rU&Yh%$vKB_wE*jFI@*-sD#VHZ>u2jR0-N19eGEE36vA5V87jTp)%sp|%dQp+M z*>6(gCM+TGAJS4Sb4)PoyO@{2Db7S z8mO~M@2Ec0etni5Dj*wIJ=GSuIYVbVo86FiX%4gyXgP+Nm ztWm?O$1L2EB^BC_U9xDxm#eS&)jknpWs}xsXN`%OnuO5Vci&||gf``P8RaM#Fm7z6 z^HiS}Oj}h5Xku??V* zYAQkY7Sw5SJ3Hto3J`e)*nCzgwy5jLHx~EZCvHo%=!U*Uh`rJ2P}dg(m7FHMQ|zcN zqz*SWyc8GQTSluLt0-qk2=|i;hTI<6369;%gimh1Xf^YbqwDkWnZ;>CBV6MAg-3*L zCXcfp*vyn7bGWAu18;puI6wU2?L{MKr61+nalQRu3&jsK--_uU7rXW(Cenil;TNyJ zf75?=PdJ|1vf5GOGUF_@`Yi zp}mSu1A{ecZhTih^_F<6?zh8ip4zmAFy}BvPHfKL>pky#sj2C`VzM_%9vQK^Aa5Fj zk8hp17pWPz;lvnlGfP{F}O0RU~KXu28}w# zSmjY}nUxnGSH246<~FUoP`r2c#c0u8w&ix!m5wuj_D$%#x{~}-h@@MXe$Slc1z(q% zw{c->n`?A=9`#vJiRFbb{C5G52rAGdM-1Ses0n?w{y&&|%cv;BwrzB15TucA5e&M! zL!?_eM7lc$P!Xg-Qo6fCx?_~??(T-6+4rc=^R9RQ*lYj!*7{h(teLsv>hn6|IFI`$ zs4gwLuDQ_Y(Y^Gq%X##oMjPBk01_8HFG=FIFhq-9GPAtJz3HfxV3*XqSvk z%`@6}x8%p(1{A+Umo8_Ak{-Nb;)bulr`O;K9|iV2V>Pk0q0(!&-`;ORAustnUIl~o zNUmpC&%Muyo;?&GYsv`)r$VQe7omzPOOgtA=MP!iyw?m;OoB)Uc-Zz$na`kuJi)2a z;h9@8B>gkFf~eafj4JfJ6~|y73Wem3A`i}8fkghj4!$hkPk03pQ^sj=Tpok=s|(;$ zA1Q3?(gAb<(ge?BUe$=PydkaG!Q=vIFu2)T7coOU`rCP9w6Z%Cb-na;U=amq|ChI7 z`=rJB0-ZFgY$m!=7DN7AJ*vZ*3ae?@O?ck<503TOn$~kl?U0NjDJmT=c6~lDgCpNY z#%?J5h8)4^J}*&z3KA%|Vx|SPv53n=mibGpf+R25Sl>izIkTdq!$-bnM<}C)P_}FZ#5N^>Uqg4DpS#h+Q=_YWn5%!=L!bb;~=9;WZ?DRNh zW0Im$;jjy7mR~9~COWETF4q`8UrNC|q)&JD#H}pMGn7ubY~G6r`4kbPof>tCr5MtAQ#} zI>IQ8d-x2Teb`WswaJp38Vn4u6;-g+c$JjXF1^t>`>xyY(oqm$`(&@uT|Ie-tA^3p z{j6I}CXu?yJ0g^>?N1cmyt7k5k(g1QB%baRoxH1~2-LB?{#spwPD zjT3xJ6u~6EQ`_XWASvgLK~3_j8wFC?husc2H+(MU-OnjQu5H~pws#)%eya2=PCkO3 z^LQc6?;4i(inm?aUt2;S_1Mz&BC~G+0lvJLs&jx6Cj{IJ? z*i%EiLc2;qRZ0YlQqh+Z#D*A==klZJV-a>ts$b??>Ddu#c1UlJ!cDbnnNhB?WdC=?}DtRz#p z&3`BkiaF9B^mq9`kMZrc#^EzH&Z#8z5FdA231@vTBTd{3HK#ZUGlN~#x4T=uEp>*w z*hRaS%7NdSHL22^i%n<37P*L)uUkPxSG!@{Qe3jWHQxNI1URLkKI5K`2{b>1 zFn()3J|Ks;9UmrlKOO#CgztMK*oJaO5>A=Z!2FYklPT@n1kBpIAJ9#Ut35PMNt1#X9A6cJd`3xu=nE&g1p zBY@xMSy;ZSh}x74#zCQ>!BfBRl;bVUwa7W?`@51s?rO-d0Ob8s>(E)F%}4VyPq#L5 z!k1S!AW$`Adq?m1w}1FIct3>{mIkcji-$3gu2!wO=xz!5$=Eb%x*kesQ_BhCOpE-* zw7033+~gkV2t}6FVCK4?**B`>TEKrsgW3@hsNYg5wFkw0f!eSTbUp;AtN$rKF?fS%S5=|NSR>XcM z;(k!*SDPwugR`m>;2xW^&Qkj37<0riRF*uY*+Pr#^gH$XEv~>m+`I z#PW&4n4O8 z$;RdarZ&_$k@Y>S7gZ2ik5%0Dg&m2v7T9L&sDp_lLk18%1;X!#?*mHIU6e3OBz6Od zWpwgOiNlt;$UYTFO*|}fiJinlkuawc4(an3RneZmplTl`j4X3vwPcHItU~6zEmW$p zBWAnMP3K;I*p3MgW$o6wbcKrp^B~R8);!4Y+t0CGsBnwxWNvZdnjM<=kM)gmBwJNR zx^tHoI}(oy95L10f;B8M1Sxi~wx}E?v@d*cX&3ND2s!gvDZ1`s^Cf6-2QM(MvY$WK z+-DJh8$ilaeO!D&vqO?z++qKs|NR#d2?P-CEe2xm_<&!W#DEbM-?y}o^b;r;1zSEM z1cyITBVXTkaypKRvF#|x6c~@NP~=rJqu19z=J^fIJ0T}*7Cf)zqum%36YQY4PYE}?`?~S@;n0W zUn*2lr!jeMqt&jU>bXu;MZvFvUYE<8Np`s}?N))UGZ(`tmoQzoQJ_m*+3&Nuhzb;O z`Sdx4Bu-q3(o!%FH>1?2%X9izv2`I$WKF^4S#`g8Bn3I*G~~9gnZMC?pLShl<@Hl$puSK!fjF#gM^uRIYR{D6PGy0DM>zRQJ*i5h;G})f*vcz4C(*6HD!>uE4h zu9mIILE*MlDDcKrL3ESxV~A775;TQ^P?Psb{GLvM#0Pl=$rFSb%L7nyl4I1xhnKoO zzKX@qyN>o4XA)KuL-x0-QS<>Lki`S{3Do^DwZ4U^i*4+YJ@MCD7!4X3e-_AWXgP_~ ztciQ-&6Dsn`0zB9WhsPteyfwht>PSV6WdUc-za&9?73=Y1!;XaDc?RHzE&u4w#b) zMIGb*=F_tf>P9v+@rzb%>0Co)3kqGVBE^Vcg?@2oqx#EVvl7{g3ZlOk9Lg6C)+$S* zW)h5RY5Cb}D$2aLG~zZpE+TIP%P$f>@3N{!;i}BUGPs+wzA6G@xALvykWG(Fozdu| z3N{ZqWT`nrE6T9yr#o7$$-c?N2Sx)V+!*+E>cAS=GrFnlCM0Ur#(qcX`s zBhu0kPkImgVUq^EV6^!EEPo~pLBI>05bN$eqV^qvZWK@&9r z1$rjOyXP`>Aqx5NVSKF1hCS66%O`W%w*Z8(I+EN9*SiG<7 z=e^Gc>UMIIjsa0)3^+K5guHp;nDlm`%Dpy;obSs8g|Hi26WfK*-eGH_$DZ9}LNz^v zm{<6h3V28S>J&|)F->Yj4TKEK7U(8??QTA0-TLW1jTKL0cBK>}sP^>&YQI(H-)ik_w3!5_ znB*S|sIqPM-46Z5mJuEnBi}6TR~8-x0ir=y@00}`L3;8WRS@W&DNN!7FU6vkDp~Vi z;oviP8-yyrizCt)xPK9lG0O&9@+~4pL#84IhNYsLNRPP z*p$rkl{>zHb?Y^fElAT~3=W-g+rMvuo~??kK;7Obw3R*!ts{bRrU_N-bv7g5F!|i@!`w z{`nLCugxUT9@yL%UdftPu84L;|4(H>pugyQ?Ey%VPIYoZl==~0V>17s{vGSs7-F45N zMd8d0dn*7U1t^lynL7L&(965uN^5tyl`WTMKvz?~Xg9gSXCgDTQLw$?(RF_eYQO46 z*D)9S8y3W#4%d#(j4V+a8}hKjv=L<>cq1_z7OE zwP9Wjh(|2nXmJuI@y$8+^jz=2&oAomXE~i13Y380>AcV{p z%V5ya(gK|F&Jp~Qz~`brxZ3uj)Q~`-&rmEYrzr&ywMVq8g)%Ri-tr#5>#!{wIZk45 ziq0{_L9m8hDaGNw|EYOFwBo-J!~XURh`*q^bLHqvp*ut)#Ye({6ug6kAC4?}Y-L56 zK`7|95c$XWP$*_ad$gr-x#sBHbQ!wr1LaB_I?YjX6EhJ>}Aja%sBy0x-ve@+FK6HL02#D z+Wvdak8=hc?a@F@j=3?e=a}t}40N6Ug&#!C2>`6&#wKYQojh}Hi{brmIc~yg7Cq1i)VqK!&Y1 ztO6bJWaRudQLqFSag>GJjmBH|zZ>qSKs(#<^s!WT@22Z&vs6iUaWO(9Rz z_Tg{(Z!jnyTV(~aY*nqdHh=4=uyAJ+QhP~cgNHUFTyvf!$X8?EDjL?cW{Cdr2zUlIP|AR#H!NSFWll%HmGs}JL6#Non z+YrEpbl#rpr{jj=e(+aYb4`hm?kN{1zg$&^nN)Y5))6$ zvyAC;HwC@|!{DA0X5q8yu;c{oyxymEpF-13z9;m)`-YCCSEz64vQupt`h%m(DQGHE zA?NC%n;e_Ki!QaM)z4ReT~}V04afI-N@AbbH|p|vrFz|Uv+oKt9nX+eUFT1BTkU->^y;qQFKXT#w2&PMVvob}8(=R(UPd5ycX%-0yLv}8 zlw1%u5Rz5I`S!WNSRv;aVF;7o%>AJX;yRy~d?iBQ!1Yjw{+Uxs*K zx$mP-oo-Kr5e$NkC|ZvBSJkMo(Z?j`^9SEvu2l9hiCY&hMQHv#1CRhbQqGKumW@pxUn+1=X%^rb(|8kS2Q z6J%D%!{g-Sv~OJCphMlFBjX^K zCCXbQ{4oFPZgcwCnHFQqo$TNy;ORoUe~5#X*m!saTMucp=_D7*baxkr9RBp#cHx2A2B^4n&;j6-kiS_M9JMrA>c4@!Hy zjQ&g;?BVZ8gy6B$4NZc&%S0jfn-LV2gNG9$pEW8F*Biz=Qdl|3ki^HRDwIW{ftHb4 z?@l8e;mIkwYM=8edO}yU2XX$33hFeE8CVEPIe`xr)dcb=M~H4dyi5k^9(`zwiwt1{ z?+1y6R$g=$OW$_5N@DgZe^cfntsH+n4^qp}GROnNv+2KvPQ&sG>7+Y>K?-1@6PAiDG`| zeE2;45jGc8kT3EUeCk=4o)NkRbw?%UdSmu~RMV@%BX8e8to+tDc~XoCHt# zXN45gpZFv{RWf5;(xcFLg|&d;dJX16GxjXglMC8=jk*)gi*+Mkz-G{ZB#>Nk{;s36 zSqe-tmfDO`z8qUyQGINurCmn?TK*RHiS{RZG9)}{Q@dxTQ|qyx2ZLgm5&`)f^36hW z8m!R=zGFZR^}!#Kf7|T`7hy~b8n^A#8B<|36!FC%62Kg?VVl$ov9XhbeEYO$Ws^KX zY4WTo+$l~&Y}=t*j8rG1>VPfEZlX?N#=JZmxZEML@(s4RuV zC&9VkZ>A)b^e;Lv+ZOGfJrhQKFwRv^!+2} zUTA+f69XO`hF)cMgq3fN1Z~`Z7;~2s_C}esTL`z&(Oe5}Ry69F3ut)7y*kYJuH5JT z4MqSdX1~QpCxIAyEAz#7mAI7*9)&( zyK0#2I$%FOw1v4_2Dt`JwbRH^wmx}_E)4l;Ggq+#$DQhFNbQQibA0(+Zpl?p|JI%V zC-{LowBb0?thvoQpp#HIe6?imWTy8w&;2F7+?65AGrRe4n;bjZlGT^}k8Mxe!dB@a zYYVC9$1^{HTJ7+j>kFX``4pF~s*4{;x$DQK%~ss2%X!ozP%tY;Kr-PTy95=VbuMV7 zZxla3J~lNw3Sz2JX1vS@(w)xPF;hx(>fnKQy4GfDhxhGHadZ`1bj~toRj(;6X5SMu z=P;VjE1joSV$SKyO3U$s4m@cOelAWoSFuL)(VO&aFK*9rA}e2E>^)L^L4)S5eP;kE zH%GZz+1V_^;RC>w&KL3`Y2l#RZbLaK63iIu^W=dGL$gb_EYgTRaFYA9&Zx11EXMK>t0Ve^}g__bjxjtuDxfiftQiSkpm zgkje&4(BlVVFwU079u8@00z|)3-q5^?z12XIFbILC|7hPWeDEX1WQAv+I%6 z^&d(0~E`P9W z$zHU`QmLQ^Yff;@S5N> z;p2kL-7`qkWPy=ig`8+@K22Rap5_xDGw-M${rp1EUiHs>W8>3k9B`Lyz#1s`f~g|#H7 zE=afW8Lb;Ni>Y^FVz8X#q@a2NKbZA9y;;<|p5*)|o4Y^%$9LS+xO@rZ42m2QiPc?yj}u3P%!*;`Ndc2iJ{qbOG+r7GunP<~YN_;~wkY zI_v4E&&8}KVJY!>CcR;F3HWB6&(}7SY5(~D0{r7|3l(Yhq7bIob(HOsto2~at^Elg z!Qeqbg1(>Ct$+kVhYHr|DkzHLzJNvu@PpE&I+Evm2ecoAHTF~RhtV}{@7uucw2Rt1 zM*_cDLhHxEY9Dm{5o|$+3k(k;l)h-AY{({S^D|my_olT!t*I$=ni!V_DdOinQILHF z2o+<^8)>$<-Xzvw&&|&!zI$ergx5BsUHnKz79mzDd4R)hX|-UFVE?$K*OaqxwCbTJ zWO=N|zx?3NB^BBSF;f5?_?3poT~Q!_nf8ok>$Wi(E?=G37xOa(wMORpzldbZZ@p=c zPP2m)^M*7tQS$@4?!!YwSOTY8#g>y1yp6N>n#k;3$!>I8%&X#*AI1&BNSG+N0UxNd z8Y|dwRJkTamGR#Yqb>h5Rcc8z;$a7n0KJ&~!_4e^so`{{yY4x*+!{g&>%4p4FXKLw zvp?N(Zkqgqq+HQ8uNVk<$gTi7&HgOx%kg;@mb=hi&VJDo*lP2-q-cw0Jk4J(C1T%u zdH$Z8;tR?pWVv5`d$^TbNoUWglhtr`E@9CYXA~I<@iU58y_yKyQg8V9rcEbWVQoh3 zz(RkBynX0Vx-p`Qk}%KYVJ>>b=K=X3NYBZ^y(@(X8?ersK_Mza-GbZ~5I@n@_SpoZ zV_)0+ml$p1-EJ$x=mkUq>B0em4xnZfcu0+^oIWSn&Lq!-;(;=4T8~aGWsgb0E?)oW z!|c;D!g-{kS{5+Vk!Yg;tcPdmIHCZJ&G_d25v%p4n}w`^H{hC?xf9Hu+6{EHdP*aa z@1r3tOg%PO;KR_=cYPU7CK&MEiEu1u@Tn%}le7V8?~lkBTYsjUsJS>Scjd_eMnG_| z(~=rb#DuZMiY2fJ(RxB3!DbnlUT4+Y`M2GXTJ+UqRr}%VzFYAE}FJDa9oE+iON<)Nb{!mMag_a*4QD zhPhsWSXiB^%~aX%dPF}23~Srl^+Hr{rB(_Yz}V`(prViAQV)u8hGSU>+rwwLK!zmw z{X@K6>l~~*`l~AbpyOBWa=W>ihq+ixXE%&~Pn~}fZ*(wN>PIb!nYD3;Ue_l)LZ8&( zd=+Z-BpDKn4p@9h)pw5`NDpkIB_t%;Y-`u1D@*{x45suNz65R~Atgn_#T5rQWYb3q zROx3Ya(5P+`CD!e`DfbxoHd-uajpCtq@=3)Wp-A(PL~O=;fAXL2RU%RbQ4JU_ILrF zv9a-Rsot3IaW1FetM^;O8RFBezQVdpg#R(}I(TjLo$)2FM|5duQRQ=ZeX+FHHYKGW zl&E24h`k$m18ZGk{AAO=7Ms6JbcPwEuzCWoiT~KffVk&sk1#%?N#m!j#y_p1|8v-o z+~y{gFmEgWu@896h?uS}85t&uJSTDe)_*K(F0ak*9p}~Kl};evL7S|0 zF03;Ut8>SBH0EzX!=cqP1MdLi^RHQ3je2o$kzY`dvGBJdV(gAuB{vI*PmbcX(+=%W&qE7xbl>6syVprzT|1)ZX!v7xxKe!+NT3a^R|4RBy<^Sut z(S!F&Q6Sa>0T~0>tr2cay0X7c6Rks>tzoM8B9F*F&8I?% zEeGN#ENfeXc4{s67I`qQlQ3w*_An>{@9I_8zq9|Fw!=I?xs7gzQb(dwv^~=^wk#C4 z`%VIJ7=}|~atW@eZr!Ce1*3P!?!u~lpfYr3sG~a}{eu|>pWW(CSGhPm5G#U2N4CDD8h8nkJL`C`I4PbNGcGyCiuVoAK#=e=m z?J<>rCUV`>K#w5Zl*!1AV)?@t++qVhf|j9A`#qT`9}!x?lu2B%hW99R?zYd#vmDOoXW-Gq*2?1sJV$~LCFH9NY?)$goIy?qF>OJb8n;?(=+%UP}C$LXLS{4c&dbYK) zfKG2H=bL^x?yx-WFm72N_Vvg!#e-MhN$a-oS&j63eu+!x)3*CGx07dXt>}L5Y?~3j z2>TF(^p2AUdrevWGVnn=Bw0Xd`+ut*ehp9l&e4wRKA>#Teinh+Qw!b77o@O#)~}uR zWc<=d>wNIb_88_i-;IO7gc;+D>~n};jDr>dFQ{2LWL98i|;KpGP4gUo@e0>+}L8zxob!y zSDi32h8O-EpKH#4yyP7oAp-|OCBuV1MIDN@c( zJpW%*UxP#J%q1}hM*_ij5m-ggE}q(z1IMDDoZT-+;q8&LmKAFvH$qgClko$^QR`HEec$a{~at1H4t*NT*dV|BNfP z5b&#{GQRWvG+@Yxg^X61NHfSLc|Uypd+VfhK#I}O(&CVkzH3CvkPHe7ll<`E`N6Zl zRY?ruy3PLp0tBL{jSV9p-vQsCxi)r(f`kO(zAHbl4PX-zN{`7)QN+IaQ{J+C(qhv# zLohsycMFMn-+#|c@xLL<>fe1m3@h$u45;l?!d`!ee)1%1`k#*!_4DzXH0)%=k1&+J zb@|K-hb`&OiQJ?PQk$%xY zSFRce+sAz6gI^_;!v9G2GmA9Z7=fG~jlU{bqG~F)w($jiG zhKK`AvJu|kDt7uc4oIo48e5@Gsm1WsrW&Y@k(Btvx%$T+=CUj$R1kyoAVHz;BngP& zl5D7+@|ls!cUBY_OlUHlXQ-kQND!FpP$6nn4TH3z#=d@Gl>Ts&=|yW|#H*`h;C5s_ zYuEG0>YQ;rW%<~K6t*O)7 zi3Xknk|IpoxAd3@u8HzXxb5}pCwEjL!~x{BmaYo&DR)$w9k8oVy8|j{Fo(scwx*TK ze!uE>5R#0_sq1L=kAbmO0?-q~fAm$eHPaa%S~Ro5W=qyDzD!~vMPbslcr_VMnPk82 zv%DZEilOTyh0MY@wgQbxGjbQ0Ulf4XrgozT?qNh-+6MM6uYxNbf>)2<)1TaU$9>O- z@~_5Txr5~y3d%GrzF5Z8tdU!`3M#*CW}jP5DPE7|W`d|x$-N!h4Ud>=VoJ*_=8oA9 zDJlE-dIp+p$vGRlUNIwkDLB*nolR0XrbagR#KnT~Oi;4GQ*Z*0{|{l<9t2bNG=v}M zoA4^3pI%M4c2g#e-`(qP8V2q$O?#!pqeRI%3pHyz4|R8bXlN$nhOs|{+G^xZ4}dw3 zOu2l74^Cvg-449q7{X7i2!@Qjna9qx$Kwi$H+%*!8C6GX(%!C-@axNIKqUEM*5@jp zLc;DsVRKj1Nk7%&U+{eSvURu>3deK8WE-*Tm;VX9Ja7|H^mr&ptpB~zQz{B}*}d|{ z55$vk6GnR`L7-#?@7%UyO^2|(O+#s$r!bPO(vJYO6-ZL6QMAwQf0(UQk4Ey9%hx0i zDhqP4ol_>X1e{otL4QcLQuMd9KX~dnsE5y2?A|lH9oiSslP4%F+*LZ$e?bP4rAYkp z-4itNI_mK!o(M^t+Ck4v2c4FV#@AQ?u@pnSC7I?sr|Iy)cn~iLq?=!gyn6ILB=J;I z=AsaiwC)vW_`8Tb5*{QYFjyoUJb`!Ax7BynVAc=*l08&&NnZQ{3`oznd2+?-_zbeKmjUW@ zyprI?eHSpcUq8JW^;_TRSX!il`*G&JSL3y=IYm##EdYqJRBKP3F&hhFG9%YBz0M0p^{bWO6|$%deECcJWI#xU$^U zd37&9%OW>LyB{-lCCh3d$jJ;I`P|4487DS&7r~~}-eTw)1@U|rDQ--5A<-;m1Gw4H z5NY6XsbrTQ`U_Nm+?z=S>v?Jz#TUe&`AbjN^qXwAiI#9V3D1Vhlm>P}_M7c5WHRKX z7klwmNM0B~GJ>Z7NE40g2wutHbBz@!R8E}4?>i@*J)C{4jTA5Fc3N2m*^jYLX&KQ^ zZe4J)PUxmzq}^nf(@pXS|A(*KZGZdh)L0ZgWyF=c^coo`pIQ8YF-vJ1(O!>&tF_cl z7u1FshyW^7KGjDntdWe)wb5uDvZ{<)CWdJUh<$*rPRvP?C9LNc-^%K$u@=_7$8y6> z8e|W(&=rP^N;(Td>TNt(8Vz&?qrF4IGG*uLzws2deIlPy$2Cze}E$e`f^K>Xj9runKb<8?B z_jJgd(t6r+Fs-kpvo_j4&pC`e(ycYaur1dH0(!p8KJ2v)s?SkN;%*$*vG&43h4Hic zqr#hNHHeA@n$LMbxj#OOF&4e8vbktWrwl16SduM$GEaeEnjQ2 zB!rC%Ve-6|RXRRqI1eNK=AG8M8>@9$=y|Qt%YH3$v@0^Zm&BS!>BsEIa(<}$#;1l% zL_p;`!hAg?t^)p2%C`(Gg7mH*{>02yklh?Pjy!ZRfq<8_*$5z6**>KkBOE`qY^(@? z&WZ!nt<{)8W|{+v3{dWL31nGT;-=ofGIIwXk<~Jasvlq$`+7VZEe$~_>{Gf6d`pxN z=~v9@IMxCvJF2iwH_*tOY97OW+_d!0PMNsc9zyrqfzs}juNYSrrSS# z#v9p6Vsn28Ykla7nsrAe|@)^(xxVQwaQD?9u8 zxeB>ous zm!u0zH7#-if3+G*>CKW>ub#^!$LEr&Xz|ACJjA4$*7DnqMOx+Ccbnl>y)ck6CBgl+(dtLsP5ob!hkq6+dsnXbnTJ?9Y3W7XM zXF5@%IC2@jfKV?9N+GmG~lvFhXONPv$O>%=@JX2vlan!G8Zh%8rb1A|C zLBIX=YrVE0x0BwqvhM1)U?sPH_YprlO2K<{U6&Kd?U_b;Pt3H1ItMh7?n<<}ht&{! zhojW(nOml&BKqAuzf#Q3nh`|8;|Kr2-HngR5h33r|1@*p>%(F^zkdpsPEPP^$#yzp?4rQVnrJx(FmCEj4MDd?O zD?At`tg0cjoIs*Udl28)S|I6LiBpz~67WgYHN(`_<&V$s_fG}=#vx9LKFrwC%`Iky zQn6bWop&d~X0V|ceo3&?38#jiRYxKttEf7JXmMZa(#?Pr>D)Km!!D6}fgZ&_bo^~I z*!zQUUP~R2vG}DmdGF_&Y+f=MFN+^Hpg>@)?Y^~nx2hYI>_GghjuWL1(`t?OK&FLN zU2kdUy!kB*QsM3BW2cWDv7|s8HW3nU+^55Aa$!f&X2;ALVSjJR=5tb;bW(ft7}DGb zH9iW+Td7|fr(Ejqv7-P{+-|n=)Oj&q9{S+9ZP))YUoIbmkm7?}m*edU;*&Uk3a`aG zCsS!D@Hz(4QDp?W^<87P+20Qsu~s&8Q)fuSuL6kqlb@GkE$E;QP1puQC0yISPtbbeM)wtT)00z z^Gd2lqPAVTBClpnxZq`GjX*PuV@esiHu3zx`(*2SD29qc0X zpZYC`g_t3-U~e21S~%~Nkd~2=)C&|6+hOJ($-6Gsqr46te3fMgezN`KT zQg2{JxPOO7iwE33F?6lPrnOU^y|oLhdU$*jGFO2I@xxQNVD>AuY--((T^{t~Ny&F5 z7aw>JWGZyTGe6=S?bYMpIiz{PeI(phPWyH?!0!$@TlUkhWB1}&^fhPGu<|W&@?j%& z6Ks}zkfpDFqB}8>zj(Azs0-rDG5W0uqnr{@I+D0}u$&GY=$H+20+<9#OQsvrN{LWW z*y1&fHUxj$OB6l~9`5||0tY~e0}f}j-X{j0_Z=j*;=NsqH-wzZoz*GrHrZlwkxmsO ze?NL3BMFd-wcTOB*CSC43sGXAdlV~mE;J>HJY?z+TG zB0RqDivL=J+?!dgAk*4w0eW=jp`M$<0WA(8;&7Sx2A^hx-)m>(u4b{G2*SOQ(cg0x zmKVvM8}|ej=8+fXRVluRiz)H7vA((^7A|Ok=Bf~Br zk2wowh~?Kb?m3p2)`N8eBH8a>-WKey)T0AsVFjz_dC_a&!z75F3$6#>F_0k%`RznyKX!E z8(gMohXZjuoX62ux{UxA(!dftb={gD)PKS`Etj&*1c79sXnldS;+EW0ci|yr4pAVP{6O!nBWhAXBpm_Sm}zhd;f7BCUIIbvW$M^)l}y zy0oJ5({&Ur6sRwDRo4umuP6dQnpWk(KRH z{(wKJ0AfWeg|;ahqnl?SSfiH-?>D`9{~-?FjnP1x1n%$N?V`NfhU$)#8HL+XxC+`f zoOqUGxtu*LkRQvm+Ev(iGAEvXLHBylgM;{4t$fSoUGdK5TsT{0{u3iA2?F01Z7da0 z^2Vik@H$^HfYNnp(H#KHbCFF#?#)zyJH*#@gf21S=INE5HOle7;cjwb8R~O^a7TfD z+zSa9pGEsda)tW9;lyH`#Rns6tZPnp@LIcbhO<2aApL+gM!-)L;l0lxH+l7ut2FrL z>7rnUn|IKRApdeH9XbouuB^c6(_>pt6p4jq%r?Gxf(Zan-FzDnQYd>T`~Z)Fq(+s3 zFMeibEQ(W*A64|x)Pgj&=3zHazHlY*@Eyr;NNb1Tp!{yEX50BExq5vX9`UBhQte6|5JQxZAgT1k)BoN&*ER1(NE))Ia0%(3<4C3tyxjc# z3$ux`w)7)-)606h`Eyg{+B$eRZDK9+y$w=0lj;7^=E%w#O>b{_G*pz^_~<6OdGP&k zv;gTj9c9_8nx&u%lY#-_h~1O8+>on|`we1#sr_w!Mj^3H^J zpG^y1zCGj;4Kx~ZJiGHy$a*d^jD82s7f$tC8pfF)irAk<;2<5WtW5LBil+zp;3&9o zIxjy+H&l4eY{kGgM#o2UTOzupIfy>k3h9@JuMD+{a4Uio8zk=~W;7K?NramcKW#vs z?h8FhO-Z8@g6h0*=DMT?o;^V`daQeS{CTaznA^EA{2`o^32Vt03;0}G_+aVuE^m_X zlMDHo@f!hFYrlJ+HUxo@Bd1NUy(>D@4PdEg)~?NT$+N2eIkxtOlgoaaW&gcr*-gSw zgtpfGHD&;ophrxOMvh1cH6(h4@~;2x@*VMHJ*&KSAnRrHg5i)dtO7JoXHC(WfAH^X z;uK-L(oE7(V;uI~_PI^ETR-9w)q69o=p8XVs$y*CR;**;$Qbpz{A3|w#>Uzz=K2ZF z+Varao=c3L zg{xkTNw}}L-7$_#1K|bDs(+xxkp zy|`n?ntCLs2i7p&$Aq5OzFvpf7Dl2Ar6z;IxfT2O+*WdwjSP-UCi>oXspKE8aNmvz z3h+*L2yc--J0$)3m~th2u*E!eGn{Sly613L%I*n|t_~)g_7Z>cgZpWh5>T!3vOteQ z?zcnLnZE&s!q~YQimK4AYe;JPCS{agLh=OsHmOH*Jm2-L390IB3+ZU3RK z_O7*xd;|yf=U`-OY6^MXI`;7WmhlnW_tDo5R_%McJ;_nGB-CA3^0!MinM*d!?$fN` z{v2|>-ts|GcP^;Gd6^4&$gkfd+?OoRCSE2D^t8-3X}88+IlBPOzxcffe%7qdX&-O8 zo-+!pVJGq0J@*Ye-&IQ|^irHBxrCj;ghSd9kllCY6n zhu52oiVrw=M`4HCKH7%%+~*eg{yy}ACNDRN5C7MNo-ormzTMcENqDp%e!On!*P;U|SmkisNL;HM%8LS|UjC$|oF~03cJuS;b^SfjP7%lF8RIufN#kl8oRR(&XkIBVab$?{R>J@{-5T) zIw-E^+Y>@aa6$+cG!P&_aMvLT5}ZJA3k>e=mH@#axI+>w1PJajxVsLn!{E-~!(Q_J z?R#5q-`3Vvy{dg(HGcrZz1{crIp=depVQs89DiyU3Dt>CvOD|yqSRAbN z;zKA`22b@WPkB~WY}=b+BB_eKJxak1zxO01bU)`s@_Og{)zHv75)@tOa6Uetb7!9k zki>4RJ#eEM@GN4=64^nseNs`@Q7cnCzpIrKHi*j+Z=+O|WT$V{zHwpR^{BGGEAozH zrxlXKyD~|paA91KfcAJ7_e%hInfV|7{v|6}=paMhFbhnx0C%3|dzG-9f!z@Q-KpUM z$me3ZLgC2LXz3t$DY4umf1JOsUX3~`jU3nlE<&N?qHK#EG$ntWn+6g6abxnGB<*ga zyN1xaw^CE9wxF^epK%D^#;p~T3ordwypSqY7Svdd=O- zLVp!2bh)q2rlSiP9;a98-lc0O-9?P{X!UxN@ta}`7k)L52o_j0?`Q2ceGmyjffJE! zB*tyi?Kudd+t$M$#j#sVSJ~8;u}CSu%kGMWl5glVZ<(l;6rc2FDiMq7CR-SCtKCYF ze_-IaSe-kAyHq$Y;Fx1-x4&<1W`HlxaN*%58CgGj(=1Jhtoj{DM?ZP{5os!-XqEtM z*jdZ@r-Wq5G)Z-HLYf{P8yt}K1ad2&-fd_?E%q7KgZYJmjxB-jR=Z1&vT1V{-Z~r{ zg=W9*jy`uRM>gM^)D^k=0WMX+&mN=~UQ;ki7NrjOP^7XuL5z@_J0#5~{vot-LH1bQ z06`_z+T4zCTV*(}@H){wWNG9ckR8zDLpty`0>{Nft49lKy3Vu=Mz&Dd>QXKbA*j+U4PYdSK_}|LUg!I(*3*IiHfPNZ!U68o!o>`(HHOcY~7m@ zR|dQ!wQoL9vDDbo69F_Kp1dH9Gm9I|x=7YUuB+-3V{tFLsePu6z`?E~EUyl3FS3n1 z!OObRVA^#n$uZ{Fz!CtsN!v7dw{jMtD3H`nP$0b8dV>!QzBUwPn%db9`#{ZJbWb2O8wV zAg^@JcDc))EIBg1d5N8=s)Ol`XXX$7xSGw}@q&SA{66gH#m%GW-+(2|lln!Igl@r% z_k~gU@?%JVsXP-A$$nYp@SB?bZgK8|)3HEsarIj`EjfjdX||si{?tais-`L3ntuW+ zrHCcP-W^`j+SkbHK?P@rjG=gY$2trC%VT=CGzM_3GT&o;fqW@x|@uK#B2max#>`d2@Y8jn(p? za94nWrEFz${JafzAg&8@T_-GIFaH-R3MX7_|_AT4&lUIFE!r_EB6u0VMdbItvuRgXX~zr z5ss@jXg{43THW853Zi?l)hR9kI4b=TU__UCXk;L@PlBJ;&TpSr9N44d2lJvXuPB9Y zj&>ohQzp0sKA0$djZCyzx$`kxz4I|Onu1f^*oFwFL=}J&tiay4^Q7Kcp|Jj9O-eZ% z=Ii2L{v}gMfGKBNJ$CC(mOAU{Dwv;c;@sHSx4!Pw7CkmHSM9WL-Y`#ztlN>>oa;q1 z7>*l{DvQSRjXXSYhIhJj&QDiiQYo4p2GA23->46jU+a_^nUg1iNLxUUtBopPq`=5V z?`BPl2AFbA18*;1RjDiM8{RE6o2@MZA#$7gue;IELnBbCJ;_g!4cXjjEs{<Nf3UwutkE6ehke?F;s9+EWCMg~B?j*71oS`6_oN8wk3i z+w(qNzZy}RQ#$Oq0N?n^bEf&0bMcO0+es()4AvZt^h96)r zU@+hu{giaN#&{gnq;PTZs>uK-&DueqCsOUf3-|G}V@PKVLm>L@APG zHoHpd-Xt>m>Bdj!Bjk116ZRmM%Er)|89)O=r=sk*SyK8E>#<~GO98p6spHkT!ahPC zBU95E(fcJxT1fyK#f*Od+=1M08#y-yoa3LxS+}QzBR3OC2SoS4Dev$e=+V-$y;=DS zStNA7w1xl0Ahi#HH*?<{Faa=f-&UUjW_8~>=wCJd{Z5D+;Aa1}r0@U#E~Lox`Gc)( zEt#FhLd!@B`K!|Bb6IJ6+;%O4gOMK$NUeY#=kVQ+!E7RCE{m!?Ilr4@V=LzLXnx2{ z)i!r+^C4D*f|3dRwXMBV`(D{YFtE@rB>g@P#&B=9=eRAx7XE(3R9=J4=|?wCopcuKk`3tC|B@zjoKe!=ThUh4i4g$fNXx*g0))2`T6H(@jR@`8lleRs9-3YX!>e*YP|hia59DuKBVwpw9(0H3g~Fu4=>i7uH#-K9j$O z=DZODthz8myXlQqbZbaUfer8~&O(8=)Z=kz?Ms9b9G$p)dHq2IBOZB8$Gj%DRX=?3 zX!GLq6%|sI!oe=8gL=7Iro)FTxD`3+!+JSReR*(}P0IZfADP>5v75r#s7I!V^_0|Q z;fcP%V;`vq!+{VncU!HN5!adt9B~xtD0uW-iP>fxm~51g$;6)?l2rj5Wb>}+n zjqwjc&&vILMy}5KSSZ5yV`*7Q+-1t`Z{KsC8NdD68fvIyTT+96Ys8h03pr#7zbg9l z_1)LX-zqKhUw^AJC|wWhUC$g$+|T(0CScB|kFqsio+vDfG%xSnf zu;Q1&Rh;;%2c-0i_ww*Szu^^f z_<@BWC8X8+6r$EB&=Ou5O;WnNh8vF{eK)^Io$TC7CwxD7I*W^TYX>!7(I#oEby0Qw z6f&upfhMI%H&lP+pEvtOh_=HYVJG&j#xAoRiR)LSKLFe{spDS>8PJ8ZkpwDzyl08! zY$qCAzJh_|e8*VPE2b3=Rna8H-l7(;olbx9xv{?Kx!NrgqZcc8dB=!Y^q0H-kCWn` z@V9aL0Z56BEGX%#(u!mbRefxGKQ)Q>@YL=S3OSV7jwtGyXwn4gzWwJ@X8jHWm?Wu{ z&Gc-y!=T3fsgNPjQpddhtq%)e`Ms|idAzkx0E_IhasVB_QxrR29E(c&y7+*P+!h)T zCR+LFZo%PhVREZTc9752iOkt}%#@r@2NU$_KGmBb172kTzcsXUhB^6agcWDYm-St} zL3pucWp10rdMC1B&=fqmkbpN=`5M-^>IFPIPDv+KCbTbtjDI_I)M z?_R+95!7PpVCPO`dsl1LEHO(Ph>zTurD&ETb&QazSb$}VJDJ$r4$gkFJWka zETP%J406T-!d6~nXb=5)`=0=ji|7)qQdeP2(C!Pv9jd3*`=*nLdM~YKI)Ae^XjXZU z6!O7KnR(OH3WTkS913*F!Da!+BCl#%9Iz?mg3+jF?MOD4f4t?hMuuipoTqth3gu~0QDo#{DGh)xm58-2mHRSX7OsC~s} zoyqfN|Fl7|jNR14K?+gfYPWbNZ_s+T+QEg$>6QoKV|=1nyI^bz2nnF^`K>RnyuCVY z43(7AnBsb%D%-az5Sx0sc9!y?L-7u+DNH5gGMe+*!zV{?pOsbo49PeXI8T0Y5z}}5 zAp)P5r^Jb&Ei1|hQ7R4&0uV{l$YySmeyZu~XEFVSAF`zYW7TlZAvMVAqfs8;+8&zh zD~247X9lQQsqg;CcEpu4u`gRHv5Ay(87W($=3ADk_bdsH-A%oPT95ofg6_57KKryEB95JBxiW~Tsb8*#V!Ta7 z+xM+}HQO~Etm9y}$*Z`RPWfV|!8xq{l)gy8WveVBbim_;kl3dzv*T<|0D3I+_J;EM zcMl`1{XC`49hYUwdU zqzs8oUKhmIbEJA)3p-r9h#{8Ts2JT~`2#wc-ea!aTx;&PgTq?&zcy!fp>ncf&5uM`P)cU1Cn1bwdP9emHrMh>J|8| z!LA9bw}*Gf!Tm?j{nxidR&QJ#7qgop2Z@ixWUQv$nGa@NtPLt=QYd6i5jWNY?cD^z zEMdv{b8$`Xm`B83E?r|muUYX{JGVY`G#}v*C{%M@2NY9qBUFsHXW&~Y8xH19Ta)25XO4zO zCe?g~haXb(1o;%T;SS5>n$k)yy-h9%H;S5LAKA#NeTDAhxhOF`w5J7_H47ocWOR%@ zS->{FY)b~g@S66|FX8AjZt_CK{@B#sMa365dmE4arLSM$G&lRl$6M26#PblYxSh8z z8B;G{Qd4}f+lbCdBo(sU4Sg&<1L2Q8#v(+bQG>g(uE&Q)iug8kt_c>~j1M5vIz9c} zDjwE)o}86Um=xWJ*&?&r@#Hl{I6T9c2k)hkxRnS>G=iUS_GdX)bo_+(gKOLzRl@7F zouvjeN#XL+Z<4dF`Q5hL;unz!_GPptEwMAyjVN4L zu9u_7))0?={o3Ph)T-`D%Mdp~DLv+f0_{^Hh=;D8o*Sys23wv9HfX=8 zkUc!n_s#UswBw;NfsZG&ePHWZF58O@FAx8VF@#z&2>n~u zFcM3tu`!+bcJM+~>W9N=dm+gh<9T}{Of|3Z$zY&XR?IQE?g)Avi$8Y8f~Lc2PPfJ& z7ST5%5>+39fX;>$Wz_336bSJ40#9)8)NGROi-!ZD|wa~b#KP%%7CJ4jC zUjqYxjpaVG(p4$;Zc+q{*0h2%$IMLN3OC+Zpje}zQH?92=%f0i=9 zug7Pwqm}cq{BDJg#-`+M>G}SztROOe)NUh$MgPhV_%M4d%0)2xC>vu&EhRci{DD?y z{?;G{{sB(l6Dmu36BjOG7Ud7(eQ=$!hYRw_4idEdq0{=e{_OagsD#bUgB*N<8c4%8 zm2-8WwW8`MeQw1@+w16zB_5dOp?uZAYzn|g6`Gwh1R7W+Yo=d5DD00$8dRa)Ext!lT#US z*HN;9f4-!}D_LZfgouw%JQ}Piz`4;Q-Fu)-UfoA;*s9HijeWsnAqtc_H`=TPt}*K{ z7Q!sS`jnfaTTgb9iaw2!>|9>ubJ-XpJq}JewD{WbQ`K$03qy&!thmrB!DZnesaUv4Ge2aZ7n*f^gH; zQVsTCqtM7&s)1&+Il7!iF??r_;VKG=7EofLdtwPzm~*t*;uE`cz7IV{!FDVIb@a*Y zUSq``EMJ6^Vy`Yqye~R|8^NS&5+5_!+4_jp5)|AcAK%LynKxWIhqrq`!SN-V8k-e$@G8X zX|<&8--ZWb{Y*PUlb_qb^XGn9!a;;y%kCBu0`F#<@#*J=C}b_?^AjD(c^b&-n{4Kr z0Fd_SpX(}+69U{pLJ7ZW@YxrvYwe_M9TQRqeTb3fxZ~JhUF3;&(vDnJ4FX`yC zSO>7QWe**Df-ls<5WuZBhahYyv-|eG^4Cfq{HWWH*F9kedWiDhRjg6GtO+%J*O9j` z!~x!UUG^hMiG~UU078G!Wx-@K$?i(0M-D6TafzHRCj6hLa8F{$6(yZu`L`I0MzSP_uR%= z@Ni42YA3U_db+expKnkA=C=lAx_e?ogY+J7gHpdjNj5aTl2EAj+CTSTn!|6<557?w zxgp*>jdj8YzBlG?@fUD+vO!BeBFQPP*`M8!MBP2=#{a1F;-vO@>LQ9lz;~@u2RQ(o zf6+UhW~o~Ty0!g-MeLq!Nq-DTQQm+6MC(ZZUgz!lsl@B9W9~kBUr!#Vu?UzMVCX|b zB7KGX@N!dqoMDA9Q_HuugViptT~>0J@_|$X7wBe8h5e!O3l_rZ3IM$VP^(+hCw3xe zR6>z!apS4q*VAPcyGqtjdC^I5pMv4aO~Ol}*#lzw652mB-!SbYj%Jrpz&oA==F+qk z1{sETe&;thc|N5HH(21p{ymZQ+>nrPAVnb%3`njE4^645-A49xoHbs|&QXZ0yPNqk zzX=G*Ac8rQOLru2rTqX1hcv;j!ajR$(FvMAsz4d?U0=^8epEG{9as;%lRlX$x)1ZR zo4{|HdB&kCK*9#>nF(-Xl^eOpkd%hxMAjR3?~5iBYv>Ij5VAX3+k@^MW#}5!4-@Qe zVQ0ny>};(b8Y5}960Hw0ayJ8#IYA;rl?`a$1%hVARSqe+zk%-*UuKtQ)CrI4lLmr1 zjp@DnzO3tp6)lg`r^CAt*%=K!)GVpzv>awEOplA)dGME;^QqxODBo$b;ybfSopn%Q z`SP@f4zKjKASh7L(=urJC^5geLNKEI0<@uvGp zO1*t5U?0&qFpvjd*M6G<Z-dV6>16kw1iW zk_3Qya*m3gbuvIWb9Z3lygJsv!~0FujTd2En{IE3 zh6dK!mbQch1(1bderK))A}lt@?Cybhf1!7so3eqrZ&h;_pV>NbZT@pJfNMh#Wc?QNEz_TaX@5dQsR^ z1b)bEir1dJVyUJaagK6*A`JconsLZFg8k_03wZVjhu+lmnO!9Q&zoy^=Eu&v-O~}> zc|ug(XC4DtYmMqm(FXEvhpYW`WZvyG`f2}4$X=lX2#)riZB1_*o`HY-BDa|Jg@O1(K|Bjy6!gyvk6$Y2>);DQcOR>+lkH!ixm-nUb7AarN z#;Bc{PI+5_+H{gz7NQTSY+kTaV|!T7s*8Vuym-i8V@EoJ+>O{!h?}45-pT;WLAF~Y5G>@qn)Qi`o4qU_9Gkzc~0)ptU8^USrgB1&V1o%MKE9-Ed-vm8z2L&u1;yPG$Ebxp`xktZ*mVr+kkJ$6(~upKf|M9{ti<^Fc~7yub0$so6WaK8ZWNqItKK-x2xE@c-a-RB5E2M zgfpM7`X3C^b$wZr_ieeiMaqws>Sm7%4=MX6ab z0cEF-A5M3pXeN^#gND+$kd^Pnm48(m=NIrNgw-P=bsFma7wvcaZho^>ujnBy9@s!c zOS&g@nVk3Ln=MnJ0L9>N@V!|?>_-2d+qn02x1FFdUV2GRd?b@wR7p*L zuAcWlntn{^>CInYut!r|=hLTY;+H?4*SCexQSFK)lW5M;cUhvN30!#>z;Q50pD)#4 z@j={>AbH*jqW#9V^@BY>s_BgmDH5Xg%>FQh(e#=oDx`-9VAFutQSVw;yD^=WI#z)}Yn=%@s@jB9rVK1A+$vE} zxiHrvqoLy>?nWgy>!il82s#9R3zNn5??O8qhJn=H$1HAh*JT?qr>#$8@jgzO5I}~I zl&ml>-ZR4bV zUCdOg^kid?>Gj}%n~3zKu{R{x+rVI;rE2;jCJUME<2NNTW$o{f6;rji8`9aN1i}va`O_5no@7+>qY}_|_%M+R_H|PBu7ncGI9xbr{5)t$t{1b z>(T=_+|#P|H%pT+am>@KmY+bMZWuBsE7$PBv=~QUO;K52$ti8L*BYz;S&|H|9-Prx ze|HBA!*r&ruPKrP?%Us%yYqfPUcF8+8X$+ zFO-o_Q(nfLgXC#!U9dp$)n)^=OHO)meei}W!K#zi5@%r+!l|-V4eI?SEe)+$mbrv0 zPZ#>p+*rx&7kbQfzFH}@nE*5S3GIP!4Sey9&povzN$vLmEFr}fBU+gJ6y6&jipEL4 zvyBGtXCU86XL~_uT0|Iw?V1bG*Tdwok(XG<*{7UH0&vYrC;=qjD#@zVpNc zMA79-pM=nZ$QNha0Hgdq<1YY{V=XyW)2vH>9V+jGq+IRyJc5c#-shk(0Pi~S?jA+b zI_{r(P96e~9l*GN!u;Px_iOz>Dg($aW)#GJMSA(Z{PD?2q$B{U^Nsn^A|=iC-s+ch z@cvC6aPM`R5M5@^Cd-TaXZPQ0aR11x>nf!$xm?Dcszk!7UV*+T3=x1We7?!uoSJXs zko8kW?K156Piitdj{fC^KhZOKV2=O%8JhlV&`A}}&KQ8zhcUM4G~c?bxr4| zl#%-X{F$9!B%B>q+<2!*Oi6W1hwp45Pd9&b*pw(%><0s79l&Nk^N%pIN7mZ?xEuG` zTE?sOBDB{-zq|G(mwpH2+XZE+fO7JiHVziKoe1!pBQ&~nS>4?}u;^f{Oj%+~Itw^_K{RwOeA64OF%a1r%aH{6;|2%(V~f2t zOI(cu^zPAHZQkl=WMgdGO4n8+b(;9R#?ZBZAIYgFJ=+@~A62QrTL%}ID=eRVJyx{Y z`j{wPjedxqXI7{ymQfKlF|Xp)q#;0P8cFvv!BChW=IXU*#>B?L=29`q$~63>eQG?? zgd&II(<@HyY1OMvJqSu&)zZDn?hpiB?- zdeW*_w7%PiP6OV0o0u4M*mwHMC|`O+kR|hyoDyzE!}wUL@wwzKIk>h&hQTS(2B^y| zFeW^KAGF-`JTo$rByjRmRauH=tg`gfW}6GMTRYoAblWK?m`3KBlF&*4T8&DLFU$8Q z_#zQzO&-b9^Kf>ZqGK0o;`A_zDHZlE&ZTJawYlCgzWDkz< zHT|7c#^eK+2%=^lCO@dF2&UG$D^^r*b;JD;hsja3G1P!|G}{~(r@rZaX4EzSIx#09 zL|HU!eW?Dd^iJF)01v0RhMQ`Cc@$~tnTicbs|+KiC*J}$3kgHra+1HNFg4!+!amdzw( z3Ncl7h{~G%h$0-9qFIFkiowAuT_+>Yq;z8OYmxPkWRh|EO>(BBqk{sOK^vE86tU2C z__-mtV0hprm(1t#h%m1c*#B!b4lSxj@Lp=HpX`f(cu{H1;lc#3do0FMhmgvZ`;@dx z?~6P?oSKiOAfp$g>}9BC)UrlGLniDJBeizvvuZV1mQK6lv`y(<;=p0kWa}gp=x*1q zI<=f0*PqgvCi)!tz-+8T%2voe8poE6OXNqP`eWj|DP2XE%$V(-1RV0)2H&>-S_9}* z{laoHB0KtcC-{kKvZxI$cOGsI8~Ym?jYs#Ci_ZRnhxsRN6_CC}ELc>|!xpOoG?WKB z@Fc{!2n>4S{wgCH(q9!l@-e=g|5CbqKFtWh>-vgTg?f*{LJqYxnso6{X+O%t>k$)u z7Xk%bh`UNI3e9Y?eW5*?>&XPkfQ8%`D+gF_xg>(EsNhR*cs%hLOlAp z7!;!z9362ubs9-U5HH$TO2+7DRkBQMX>%*NZzE^gA;K#*jxtw&s)Mdsj}}ib2^pnN z<_DZb9!YSB^guUov`@ip&?kL_8?(}0c_q0V0_iOb;&2l9Ujj@}sM^Gd#b%M%l4`lMno8u_ERuzG(2Qw-_F6En77OTsFRcdvhluRx%gPkLQC#1xO-P`u`NyNrU*xo&|GUIrrHJwAFCz)C zYa*IYQ-n@v&Ig~%B$w^eGHIXVsrur*FtuiHj7-3d*DrZ47I`1hLwE%0isp=9nO-I7 z%d~%I0Kfu1>h{IF!sy=BjrscaZw1r3$_aIcm5YFhe9n)1D0JWcONx`GW2*yuwn8-{ zU?`epyYmVkg35Fywq>{5%<~x5XAdZ56sAxM%R+aA_AWPQ{}tZfz}aIeasc))NgkQ% z780Q?C8gISkd%9}b)yurv{ma@w&<=~a@U;>O;p#R z5Y6DYq7IJikpbfQ`qP=gX>zPXnl#>m+^)XxY#Fz%;q#*vsglPlu42bJxcd~<4L zSX2uQlkvHuB;GwWyXau*Xy(B10~3C-dn;naCiyM)(T`C%_9mWxsywo#A|oVS{%pSI zY!(}g=tOx&L@8>rpw%yLj6_sNP+G6{A7F1SN)xRsdqOJENJj>xNZzw-Wv0>-z;LWfztB=qXicSjmmJ=fQG-or;9BF5R zN-?K2rZFc#FcxP!7}hI$kxX{L@TA65bZO(`NU_&r?*){wUQGnsI7qi0UN~KW$VaPe z-g<=a{U`^z1DMup$XK==$?mZ1nQsH7g7G#>?=G9>aND`>caa>%g~k(^%R?ViHvRT6 zUUKNaBDw$wM9ap^ZzHNTXuE;f@h*Ki04v#9sN+9z%as2&L0dd%d}$kaNC%|}0Wj9h zd+p*CJ#1|lI(I9>aC(v-lXg|k4jEf_fZr|=SV8ZqFhY`QqBmY*p1r&zuOXYw9RUve>bti-4RqEhz)?XmCG*UNs_QA=g)>h%7TIy2lm z?X|%;zi=Ap^|P!bI0Khgkg$&z6sk2fg|ve|(2bvFDVSC~VwaIvUzJ^mkF<+U!^Fd8 zaQEX&!_6v(9SF)o$JdfMUq8g7=e`aQvGw-Ex-WF_s2A0u_HIjU>+6~^uDL@4P)_oZ zxSZqDSQ%bxLns;TZ zW{3EIU#<{o4P<4#Sso`0%@B+!dxPFl{Clh!RJ^+vVnZa+}xL9L)!kv*C5O=fmj z;Rt$*IjjIgkz<@Z*8cTmRqTF^qnA}wJ=y$TLJ66Wh=FX0MrEIQxj0IzaK-F}1%lHO zXkYgdiPP&d)m29{GVXbcz~9D%R<4!sA&zd&eXY)jJBr*p><=A7VMemiMyq1>sf#YJ zqTAA_jl22@KH~9YoSmf91wVCSveJ)aa8%(LR?z84eUASk>7p~GlI;1LlD<#Oj*srK z+_@}YO!C-{Xse1{Zz;tN*Yd@6rO%wT{1 zvbKLx**>237+P8E-{SiYsQv^=2L@LcZ==bH5r+v*8PSwL2qbs=(Kzj#u4vj~-|wFL zMz{;)Sbn^Gi@wC$;oHpR^4%|l`Z7^lBVuBms%516tw8OuUS4qz-Nnj_hr&&BEVIc& z$PubZlf7UL@CNA>f6bE3bT;?KO~8#x-Dkl-f*O~W?i!0p^P?Hjti$kJ|KoR0glqwW z$m94S&FO%x9<#RDT`rWFQ+R!3-qVTc{|zWpUWE5Acf z6fhwy7+C!nRMwh|F)6Lph}J+sKb5Ssw)7P4WDef1Oyfou0{sO;E$z1-{WcLN{=w5* zi|^e&9gc{5&wt)n2;E$mIC>+&b`(CwxkUa(Q+16m=}imGzJ-B&jGf!pDU3&#IXMaT za?wMICY{Ew{eqcP%{UCTaa1?*;toD~G35J-?G4l{zPVFpxDI|B;6-qc=ZU4E*MFGs zad&)2+cI^@?sMNLSZp~xH6o8Amy72{IQ+QWI(975hI0NhVOJZr$pbeG3ZWRN7GjIw zZ`G7wgt9axtjmV&5h2xn<|*|-<*?R=4l#r4HZ=m&9<#w?=f>N#m}*BNuR^g+z}Gg2 z&b#Zd=kqraJrU(Dwy+cI*Q=hGN34-_Fw-IQr7qjYWwb0Zi_1(J zC1yO2!)sQ;Gy=QTBYo#>vX7`0HLGKA<)lto{QB`qzasUvF+=9H+U$B*HULjttcIg= zD7ITRQ+SsemB=@xrMB~)pLDWZ0>uTkaE4U`6vF<~dzv{gFgq5BOEL-e!=GN7I-b!R6kee|&|b~TQW&Euylo(xy6q_d zZQ}leo1>b`j4o|~#bEv1e9!6}FMyI5AL;_~Jq;N1Y+1~pBK0{?2ozBp`=m?$3hiCf zSc<`=C>Ons%))p|>2ne?mJQ88x58UtLQG6pQFhl=b_{2>p4pChT0($9wv> zoU!oR8k>%FZRr^e3CWuG>dJ@$#T<^U9^8wbys;c$XtgG$^S8sL)c57GcEpdkcG*5@*zEsn$TINYVw`Cn}CG%$h{P zyVTpbW|Fn&r?b;yN{b?&o`HpTSBgopL(?hV73Fdhb_q;1l3x8#15sUPgvJYU@7mz= zWM?=mDgLLhK5|gv56uf4%GpGN#9?~CQ- zi!&BCy`CbV)U}1LQ%D%42`{y|U^RFq)(7JX+!cjKl9?o*{UC4Vw-S0I;K2U~;>n#P zs<{aELl`FK!&eLye#||g+DYxs@2_?&qK(U`Oguf<)5vDe@_k3@c}BG%ElGH}`Z$ND z{y8^21xvx`?#%_hQ6F9L44>a4Aba5uuAq;OB44c?`O|Wg)^%T=uVPpCzvN%gcFm9Zz;@Z! zjwj~RQ%joYEsH*hs#6&mMt}vIw7S(jOF#uQYbu`PvRfg0Ch7uuL$>kPO(B#El!!k@ z+iApC3Y0+5?MehzQNaHy+A@rVBUt+kHzoM+vhKDm;|I{bbeS}Beh&%)Bm!T7OTGK# z^P2AF3QYRY$M2JM@(k1l_g;@rws?KEmf5=&0)+(jOtPjR+GuX9tafbM7-_x{0MxyW zFS6U8H#(l)!8=t;Jd{Yp8?6?+{!YT#!t+=xBl)q|kW~OHZ`Nb~o8kdKJ61Ac7MQ2s3tyrWB04GPyJ$qin zzH|eF`tkT`a#_wdVFUNC!a5&o_8^^TwW|Fj-gpp zKrZH><}!TiM5NU@8LZkF+cO~}_rAE%AYJmNku)>yV_md-)El)dCv^sHuhi^e{?(pe z+Z8}rf>Vm}T$#pt+;OXJW}5Y`s>Jgz6CK4AI}ZF{ugA+Pcs!Wj@7fnEYPjR#--4}r zX40ZByB2}Rh`K!LKtorb2JkJm)}BYn1A+K>t?7Q>42G^r9eWq8=u5pov%IJrhIo;m z?DM@XN*Bz%a5-J)Khy?ZMvptc>&XVzaaE2I=3yWg^f3S z&`s>!uEEs`+WOxb(m{7?pp*d6^ylxD_PCJT-)C>IZoeL0k$-696~nOFW;V^QF}W%H z&>@8n>snH|a0Xkb?c8=EC4hZ*cgg9t3=)UZVfo3!$^e(x>5!8g{Dhk&3~GVKncrQ( zQCu%6wef*gzx13;Kc;hRUDuxC`etFzW8bB_%&ixU{9+93Baw@(rA^$%G7h8>RBzx# z?i<3C`60FCx(Ik{mEHp@;u_MP@QTa=7a>dg^Py*qetkCw<-Ikt{X)1I?{^7bbmfsm z^JYby&8%Nv8HpW$F}`d3q9$V@F6CiOI>tg#x&o1RRyODW=k|=UCq5X^Yxn^End%suhINZtBCQ zP+~k{ilXf@Crtq)L(9bH9|WJjWqwx0D+pp-0RtJ6{dXT+#eYz*ua`I~Mza-0Mk@4r zmwHvYxl_ew7wxOSMorr0X^VjLD>+8`L5T~>s5KsRM>Bj-InpbShMpET!L5hGRDM75 zJTc+sHpo2F3yf*7|B8dJP|uV$CT^Fm5zr}8Qk8vtg+iU?;7f+B`-vh#wip>~%cM64 zRNWEMLf`Jrq~+5o2IKv@VjNpye21hbg-41996WWM6#dGH{|=iKP}vU;%axeWS{AZg zS!H`cojV0vxL}zUrDid?C%(aZrrMpYq@P@99&z~|KU?%%BkMXXeG1SyLBbKmLn@Lm_60H!Fq5>RorcN&kkQ-= za1(XvrZ)?$#(PCt>45K{y-SfN091BykI-@F-(e5%sE#^z;fwSCRlVymoB23}5p{2v&eq(7?o+W9eAjKduFS-S4zQUE*1uChsYS@1h5onNzr%fI9 zE4DLI22UMd<+y1&jin~Z6H7^QLmVwa8yNTA26Oy$Q$_60g3Wa_hE7Pa;yirDbXV~O z_R|I)F7ic${84vwROEi(jI|(?+I#2m*eptpmJwK66jKjd%m_iv%wY?qJNxDn_68ti zsTtseq*G|r|7iOjL}bz^Me8qL#?6X^ASoj=GBS266%cjvQzFf}8R#!s1D}&mDi4&Y zu)ydMa;}L7+HxvUWePSF-OaW{g6iLY#;3!aLcO_DXy0PsSH+%&X5+CW9wc(!H8>f} zGt-`_Lcj03+i4B9ReE2Wk($)KyftI-YIsQC3k;Fw>fBnkYulZRc{nJTOJ-I*Vpxqe zGIFQKgDSud|H_S(#=-;3tAAG#R@a-e|0R)Cv0{Pg;&fkf^M}GfXn&Emn`&l5Tsj?; z-J8bo`4uAon*S^;catrxy~;v@0i5wOMSz_$T3DKE(ILh7#Q%dlhG5_05=lZqi$``g zc7xC(IOy$Y-jUcwBZb2H3HC+bM8*;RL$Wl|hn(IYX@aa4SLy(-eUpRYghJs)g)4*( zTq9zyG`L1T;-361OB|9X1w)>^IXoN{nKi|)FenB6Nw)Dl#TPyAET&aaLdP-c8((;J zWAx)zHi+F%B34>JH50FU4hj??wx~uxa%;DBFXlnb8%c@*$xlarT=ji*Y1~-5iTc5` zq6BJx=bO@aR_^nBx5FdF9f!0Jx~Qn?JDjM20nVb9-TYi~d5t}J>#@ZDbyT~Q-R%26 zYgA{?8+C>1I+P4L78|lj{jPox11cLsT+j!DHBrPcj-6dm!^iD*PF>PzkEYm@-1|*0 z0AExj!kR&;XS>$iPx>7AYe@S2V#bh=9+M3Mp;)r)hH0UNU6lg-ZW>1h08owj1Itvt zwFCi^CtHP-o>)u)R|8 zzweP}|9_C2<$hjhVoFMOY8FpDhXDZ5YObo_10b2JEbT6s{m|3#1DEm80DUJmJp%;zX;CjMe!6OhOeIjcdyI2Cut+(83-Y!RGh@Xlb9fHz@zLk<{}Hv{e17m zxQ~x4WV5Gojs0}K6OaNU(2y-s_w5rF?<`aC_D+3XnEQG3{Jw7XY|l$yV30&J3_v!v z3~`vi7pKK;e5XM%qjc3rmnm2CIz izXX^5mt5%Z4%Kt)ecTUat^^dI$w(?n{CWH7%l`lm8Iddi literal 73219 zcmcG#XFQvK{5~4Alo~aPnr&6BqH533)}A$6Th&g)jJ<1=qOC2pifE{yB=%mlN^Oa) zw%D6+((mv5{twQRbDo?B;g$R4j@#$GuIqYVKIrMFQc73=jx(Fv8RfJRBhCX>+eiC~# z;AX%M)m?@y3jViwF=}rZC!0=wUv&SS*3x-gYqw*eICyeE4%B(p^Y?4N*5jnwH$_;% z+eWmZ1;lR?td;v^bPa1l3 z4rIi4v-^Xw*;g$TyQBe_J;b1}Co{(+hc`sH@i=M2$W?;YX9dW_6PEnsuxO7~q2faAIonp3ir$dl8s=<>;o{8sg`w~mkhj~%8 z{In#w!++Btpey%*sChibiX)krjmNZoF^T5iC7#Pu^m)gorVMutIAS#iaxI0vtWi;# z$iik6m&(~Cg`g)dmojyI@x6ueD;jRtDBM*$>eJ+6-`M-^zLgLe?nT#z{QW*jiR&8l zd#|Gb;~dbDkQEL!kw|rpFsj8{KWv6R4Y`J55A4tq?7C@1*1-)x2yo8P+kfU~xw0}B zvu{9{OFTsv>QhyfQhpe-Yc!&is3@@KHxJs^L+}xrG*SSfSF;j6FgU(Dk(!gS)0}tZ z7XJ|IJGnt~_9o`M-3fmxqb9>&s3Gl^j#*?V{C5JE%bB{M?p5b6;Ij%oS|6-{WpFLy z7q2V(xB)8z@KH}$??f1RDifrhy=ewgv>Cd0D2O_{9lA?oyDuqa-CvEBd1u2iyCCop zv%lnwO%x-Ke0|%{F2hQ5Y=zSV8=S#!5#pMJv22;_ODsYMJ~P5Gp_pv0=vwipeOv|> zeK~-uW77)}l9aUwUchk!=Tb*7xXRMz{uD>`5NS$Sv-xfH-QahL2FY~OXq$sX7ljJ; z92bUlQmuyzcZ#k)e zA~dM@t#n1TzCYh%^(cRldoYlbWfA;!9*U)UG{NfeSn{jaB#Rm{^8KoViz3)PRzDp3 z7)`dbd<4kW{(46F#mgCH^Ze|yg&JsY8AG>L=Ls7fZ(Y)OnUbbeVPW#`zM|wt+thfv z=_qa>jPXnAN_U^83<}kK_GEC~5z##LwnW$*?EVwgT|0!i`gg>H3sc4Fb(j0`f&JJZEm?E@RN@mkjhB!gB0gFuVx#zN-+ z%Xvbel1cq*vk(~4`SsITfc4Wk^Z$ugEk7{W1(>*h33kQ`n+^DqQb1ZvH^ai`&#J44 zv{lQMZaXsslB%OKtNx~`H`Tt46P`#_B$Pk_n%a7jDhpd{O^DHhH?$ix6VJbZrO{`w z_{V}*?t+gZes{he7=zkw@=MGk;#@z4gn(y>)WzhpkBUa)IY;`nNhO@Z& zZ_(WGcK5O5)wGa%=zEgy1tBT`dByazy-QTH&F;ZqwspYWQQq%a^H3R-d^*$HmSo$1 zIh7a8#tuxnviMip?JJxUfp29MCU`vrbqjjeO!k;eOO?=9_O}xgORwBeojs$e)(6#h zg6YwLHJOtex@e7#>HWJYR!tRW-6-z#Wj;nvyulxwm@v@2{2s6Qhd>6Y1i|~}2kMXS z4oQ5n;cvxhmCGx79OX|ZJZBE9pF5VZWYE1JA+-qzRdX;1o+kaq@$@vt-$tyG+OcMz zEQXLn3!`5yM-T%*BpUBww4VgRlH4@m;E~~|7JUT^u?(PH5&q+W&9?IO$4R1O*Fi{` z;D(@iQ#BAyWCE0%!84tZ`ME8Hw*&u+(F%F?DCy!=x%o>MiT}Fa7a`!rFLzm1?lzfF zLaj9&R9b`>fN6f1lXH{>4k3Rj`SIzoc!m$y63y?S&ieXP|EK-U4R6Az&4SJI%gb zBn7hxeQ?B}vNq^!YJY$UO)WkFDyJHHiNMt{(V3aouF%*0ep#+WKAT%ZH~sqtp`LG( z4<>Tt-ZBePE4oo_(=!N1J| z-Srbtcmk}p6rX?G<{GfeVMLAAS6O;FG3N5)ORv(Cl2a&BAOiKS6<1#yur~Qqc zNxNdNK-aREEBNN=9YH$>c0S?;8%#>7d;IgMT4Qf9r*+Yw;NO+>_~V)mfD z=)<2VKA`L7C0}`RXif-H!XzH&*Lp42dlF}?pvb~}-`<(^Y2m?;d*y0UC5GZDVHWre zTYtr^@59m5cTM_&<9i;h2pWVP*<@DV;~ib#I;E1Q=dPjB43;1~OM>@fb`VR<0u=5{ z?TG3EFcl5$ElDxWSaMZoK3q>crtkBDF-E6 zWH#8=?d=L4lRX>Zdg$eQ{5})&321hqjEkJ1j^-4`lSofIKY>U!1XVdb$P07t{b>Jn zx8_~`D?+84s{I@g#_lJ5K=WU%bRhj6dB4__rzp|=pO~C`2=Y2DYL?Vy#nUmYDiS08 zIv914k@qw7((9i%1#v8~kj;D5+vQPQd{BEGEz3Dc+(tl3mnf=tFP$VNIhY9u#5xdf z^bz=Jii3A}%Bw*NVCR=Rk8X^0aPb`5rM5=1>+L6EZCH*%KWBac_3&6>^g}9*{xIAIzz83od2&xx-Q z+qpHsHzC)yq#m3paUz*TKq;*UgU9~%afI>wicqA#Ukl<|UpG>xTj0~E7DZklKEIp|B0CaP}cz$?hSM=4x?eoC{LTF4et-qmBu{eK& zCd6irDroPosoD=Jja12U^YXJP76OhCJ-|zjaw1>7W2G^}KLFl-6(Uv2X@$onr3R8j z3bcY*B|-?T6uVcO`OYjDq|q^R9Ghl^jC_=i_Q@v#sDKJbNxv|}`54X%FqT!89X zrU*l{!CDv^EO`HaS|7P9w%o!B>DNg}Gg`f8t`0v^PxZqUy@ddgA9ucPSVJPu#gnai zC7Qz)qodQ?t5va*-WxkLllHgPAlbee-Ahm*=L^zXgrYyw-%ncH z(smj&U-z9x|L^?8QstC@f%>p!r9v{&rfmCky~st$ce6x!fd>u_X`DPYS-|`5DDiZ2 z@(U6J=>H2m42V!aLv=~&{U3ZNCN+P@@L_SoyI5Qu0o2Pio6A%YimLrfj`nSJ&4Z<7 z?ko&uDKK@_D?RwwdFQtx-+e-?_V?RR+*OC?|E1ky2|_J!%843H9%ne%jS$ev#Hd!U z!G9R>Gwzre%cpwe47s0pNfSKsC`um?ZTt2YTiLv4gA25x{2 z~w_k&nU+6e3<&1Q;NAH zP!C~~W%jpbWN8A4^z4b)T1WdUxbq9^kc(qCv(*oNcLSMO0e>!ag?3)}kV|BZfyir|CyCEN&|{~4&Dc_OW2uh(3o&=5}-IVNVN91v@HP!L@=f2{JHYN%`&>6}k4Wi)l^WY0e2woG$peN>_y!F^Wrzx?Je&(yyTCZ|I{EDql!t{YfQ(wkrQ zfdhgU)=_h#+Xa=i8>f56VJ;6UyeVt!Ne1K=praodkS`x>tD;Xm26!^26T_DunpU>{ zYm{HS&XzC2p1;{Aw4VK}9Nam~IUskQFn3YOLy%mCI~-Q9=7zumgK(?_Ax#>a*319R zc3ATp#OHgEoZDglPWJr;Ow;dSO{2bbNplpxPlIUtUt_{VEttv!O!m@GfObj$_N**_ z7~EZ8k;vz9bop6jaPJS1paeFgJD8if!be&GUwaP{G!w(Q@<b9yJ7BMO<~QqdjR2jiqFM@TOW>0P?B_#6 z8<=J1s2<~yMEsigw4iyrH4s^`%YS#s~#t2Lm*avPEH{M3_G&kVh6=~GTzEGOr znbX^jepP_jz$7UEAmWB9p zgx3!k(s$2DYbCvz{e)nDmU7`J)O!3S$42Im+8(i>!L6lKyWCS|jTU-wtbDOPg&FKO zs_qM37U@}S{x4&S2or6jlRreqi}m`jaHa$;&uitAx4!Tfst47yCEqg?0b(RI7uJ zq6N-2YD90Oknk2>8={OSNGE4n>_=pFYV1u3P`_xwA-yf8WL>s;z`H=bJ<28t(@Sp> zp2ourO}4Mx4LYp|*TAba&0@FX02#<(0uG0krRk(LYM;5At?Gt}3x)1bC}X|kaIo5$ z5EX=AYM6ehVbkH+Cf!%d0V4gM`J)on#na)1i7ay0jEGWzCkjUv8N0~rDpMzj^o29# zXhA4IgD(eGMfJ_t+8JnNT=LpJ){=j%hOjoA`jKRQxd$!xB4HfbAYHa3!k2j*R5;Dr z=RSHdo4zwzB6YXR$3gsT>&+PXp)+SR$^6O2jbPJn5L>ilpd1iJ+;W=?_2L970%(Z? zidi2P$Xtj0>=>^I-kyi9S+1{$pomO#DOZ$4RSAm4O*j<_7v2jp=OO{wi6otmm2 zjE$Vdx+ygJW)1t35L$xi(Dxn_q>oz!&eVk0R4s2`n$RNsH8NF4a;J*ub;y@rV9~~j zym^Uo5S*#%Fmx#y9nfw*kTt@U{if`nmcrjX&BhhKK?8#I*XYSS!R zQa-W0zWt#blIw>3j|^-K1z=4|yq@MpZ@(I_g74x$2ijb?bOJ~HM&PK??TM>Lnlqg$nS8+rrMwqL_P*rjAwt^`9wy5s=fDWA*}tS8jE2xn`iJJw+MrOLMoIw zsE=zs`x7Ezzohojv{-?g>_Qcw1%rF*J0Gg?Q9hS0-^VE~%l~fC7XCbCG4!gC?;^BBLU3FX@tp26Vf#k}$y|ZXIrtw*nEAEKcXDC8AP#zeiJ2gmorY#Z#o_JhA-DG$=Hm?=%o9hi$n*vLro;dXVacbA9wi>RDwb&y?r*8TvS(}JD6fS z*}Jqd%ByW>724MCDZ4nP?WHP=I5hLtuYt_aBZ(=5v&YCQ2f>MPFjT26Vz-U(5JARv zy=cCjUH6b$kB|uWkH*U@OoitdXYKpn>p;H6eTg$bWP(|f)|lO79M4%Nt{-36X_}caQrHyZPrjo_BEdc4G}}K?2s8 z&m`<{Ls(J?{GnNm-m32R^y9JmmnBQ*ntO({6kNe#r+Kzc7y=}yXSIUi1d*J4K5M`h z=M<4?Z$s8;sG%9<41(c>4}YifMY7E_Uy78M=ZwQk{sgtoBx)PXISXuAEyo~T`}W7{ zr0ZZT)}$~&$#3c|9E;5KD{S8>vlxhk&NU;ln!m=Y`}D&8~p+LvWhglkmJLI2%C znRb3|19@;MXkyeb7^!}e4%dCP`OEbK`c~|#WR|$M*k8v^ziiZ;h`iYDn%FA6{Eq^E zC@2I?j+&oJz%nQI#Zq$W2UTJFlWSvF%%)q({PNwA33m;5a$lS?E|iwBo)Lwk6CJVj z)qZGTQ>#Q4Hke`dvX1=4`Jbwr=q!$J24Otdp@Lc0&44K}qWdaSozn~a1}RG>SUR5( z(=mC81rCgB{RQs}+k~s3E#-*5yy=77Be#)BF?!I|;~Co`gKf3`Kb0!q7&TsGR!yQC z^!-eKOZRN?`hHAa(rJA+k--RPX)`@+vZ3{#srfb5IeAd>@PuXki&aX zvefO~3trMdFRkJH_pqVpqlzuG0*8skb~0?z5NB3JY`TQZlrRVK(Et?v?&+|lEA|iY ztVq>VkE_d$aXwT%o8FRxMoHyvZ<@)uea`RnDoYY%a)6!i8@tqfJ6?#TGdaYaEBZs39#{%Zw1lr1^Te?E0 z>VMQd>YDU;CWufg69%SU=1150V$Oep_5Joi2DR7l%-}EVsNG37)UpjfusZkQvf1=v z*~IuM{&>`?h;0J8#-b|ArwvsBqe;iNFoX0d^b&7RFT7zj&c$UG(W9s>1oF@AwF8xOW8s2g^3dyF=8!vf7v(8iI(fJr+K=wrg zE!kWxWjiOLHAQ%QsdkXH;+m1WX7fAxb?GyX7@jjH%(Rt3$9VS^|7pC&;q~!9z_g4@XV);f` zk%@%QS*Blevoto3!vMAqfZ~6Jvku%w82!{vbnZ(%@q|$(3NamGu%4MtVXrEf zETQH1@l1Nx(|g+bJ%3`nHW#DRIoZ?X)P!{eHcF<&w4`gdefs@1;Z%P(Y_d~fqvuw< z-4-ozPp=v%rW*s2SVyeckGl!%b1++`=$=byX6*M8p}HiJts< zZG-4b)$f*yK+S))k4g}$K-7B($x-mRsbEh+gud`a2826_B7LkvFk22qAFPneOb)0V zUyn%~+>S{^Yg>=6WbMvOvF{$!irE&@H_2BqMDrKS+7oTh!}TYj7YV0_UXr+b?7IsI zos)`uyhdR>gKO_03C@X}Dqd}aWOqq;+dHG7ZNl52^f?_++-*!rilQ{kwK^vUZ^!5tGIivD(UbLJhkQ1JEz3=f25%jnezsR(aWJEe z^NU$i_+n|I`lDR8&No@R-O@Ob;x`ajr4P@gyQOMirF#<0jxs_O+O>5cvye!5ozVBW zsXf1VemjN9LP86OFIIhn+Nl2YMx7eQHJ-aD*)tc{cKmE0c7OP5-#!nAB15@8O)q?An%UF=J5c(O2 zA2^X)2hM;2%XE9eaVY`)x%;?aS@OCfUv&1pT&BV*Z6^?Ve=NgMc3~yWEsj=rZVBV2mUa9KP!X3%W)XQNZneBd4*|6Qw6H~fH+x7;R?(-B4qTt_TWVsbV@w%CeT45q^>FDvFQ5 zLgGX=%h&X-iO^21~MVBMFVBYEPGT&E`g{v`+BBO7xjt=OjJRLd>ll(o9^;th(gXw z=Vn)qL72m!Ys3XLU+XbBZtnMWX@}@)s_nb{CJMQ14vK{0miSep`JNYV5xAh^?;Z53 zM%I_^+>;7Q>zAh3g2B6h>FBSH+8A-fv_y}dV#&6EAGBW*uw>?VLq+%;Tvjw2^UrwPPDf8 z9}S4RV}bBW!h9s+S}?W7f0QdjSX#v&Fpc;rfa1QwH-5Ja1}u> zoma(uNQ>GKiFi|A(_k&LZ1}#Xcu+*Am8tJXEmY?ujK~J&v}mF*@}5zl{e4ML*x-0@ zX7RMG!EEr+thql_?yiG>1OnW63Wgkio>5u*2mp^f`Cd?;IG|H^LfpJ@)0LG2zHWaj z{bcCrSkp$GD<(KZKEA%Ynh)i4o{gJ=cRk;xV$iiXj*vjC3!9V;{Mo1pj&$mmcTFCq z1k_}@ssKzZ(yI9FN!G`#kcWPs2JmA?+@A6E!I{pfoOReQrMf+3?rYfRa?8SkO0p~P zF^%AJFuMyo&{aUP)EF=EY-R0J2ipm*z=`XwP!??^&Ge5Ow^JXx_uNKpYtRQ>g$Qad zX8W)XRjabeo(TLgThrTy^*%ki*qq2h3wIJ_(Vs5P*h&3OFg4#rMNInJNd>443tF|> zPVSfU0aXpiV@p1GjJ#hDM;J++9v4dO720cgXp|pt+?A@$y2$gHLy?=DA`#If<@X*V zRi0Qo^}v@}zogY>=dhlnU2&q*oxr^ZE4^j$IMYncCwd9rOZUbvn67`Y_F^j=uRP!q ztzc~y*=630b71y$9kpzN4t@C%(BEfb95%gF05WaBB?JVPZbS10$Niql77U1vaq=|t zPgL-Z+4Ud;8Pg|7H}E5T&1vaZZM&j{NUP7qjgk*tzq8J%d0%GM-QRYfexE(;&tQ9c zRVbC4_IzYV+jl+xaRX2?0qv4(J^8?&(SkonEl@rj>Y;a2$kHmW0ZrKHLR!e&8?(_D zW6C}S-^A@r%&aKG0?M!_KdJgZ4KJSBr=E_aLy23|%{K0FwUefBkr&v1`dVct?T*KV}o^$Xnp@ac+N7m;V*JIpGHAdf~OdE`vO# zd#_Ci_Y~wN9YrP7J&V_LJ41s1UD97|Fe-a!-sFNE{qk;3LE6vF&l%f#)xZg6M! zf|$HtrIy%d&OJyEG$;EpVwnTH9#>D-pA~B>bVy(GhC2tUw4mebVCWOZkH|9g5v$P2 z{VeQhbJ%|KGkks7V6pqimJ}&&j4_}J+*Qvxy4YuUMILx<&NUm|2FWp8=(*XF*@)f9 z5JNDu)Z*EG{H&p^ZkUTHyZdxAsnfTSKZ+;_Tf+rw`MPc-g)bqM6E9&S^CnxlHjTJ# z&-16Um^$D$=~p8Sw-2&y>u0*bq(&DkY_(O0U>Gw}9YD=yC`cSCMGDEhF~pdLq*4@L zV!ETbw?7AXtIYgUTU5xBBt~grmD7cUD-!_ViJ}+UO3qYzc0nM0li-L$tcv8ln;+c3 zk&hH=s;P5?iaT4&_zX!L>y4dSfUr8UpZsUqXz-0JmwtAU#ER;?cRbTe7zQo&O|#d_ zmELB{od(^%4o4sXn*LbqL}eqlW5DXl6o#p>d2Xe632tj|qQFIb>-WfZpY1PqFHfWmP(!)_K)sW+IGV*dE!un^yZBr zX!3dA7b^rPN!xDR&=RgqH6Cfr{_Jl5aj#>|uzdKUx?K*oKmypFTrF?O?ty>T&4V>8 zuZ}feFBP0dN83|Oj@m%ZLJ1^RRfZEbfUi31yX&-A(nk{rEc7PjUY?C;Cnm1Ps6_powDS#~dB(*Tx zn=kvKZ!BY3brBt>BLcfyJ7d7ZcG7zo8IR zORZ}>0&VtLIeR@ZLK2ev7=<~1TRv?|PjG0|41fE0JwhP)ZsK{g`r+VXY-;?@Z`U^S z6X64Z8dW$Yt9b$$^^cCaZB=upj$WY0&8?Z{8?fU7+NX)y0gN{NA^fM#Ek|KZvd`z3 zAF!$B-MaF`HxqS^%hgpUE?{Oba6D-&;;P~37t_=&b1uym%7)K|_1X|7r@dJT7Wcn% ziheb-L0qXV%bbrzD#b{TR0R`qlp(3|Y$v5t4gMBfY$t+D)7AEP46&om;#oS!o|cUI zr6Ea&hV5)_k-`^_lz1YG3-68}o-(%M(pkCZM7;4f;7--)cGYxL8T2OWs}+dD8CGS# z@G4EE-#s*eM4)_mypWlVEYo3PvB>bVo7?h)B73N7kgRnz5gG{lmex?+1^}dV z1epjwA9P`|@%A~>2&tAl8mC19;Z$5r3B%ZcOZd>Opr7lPC`5o*%YN#ZMEGy<^@Q9c znJ8_DvUYrQgZu=eFjs@K2E3Pbz|PrN^3B85$X~(sRs90YL^6&kywzk{Sb% z-P15XI;74oNxj4Vq(f(+WJy7cZu5Cxxz$qBe)6nUlOF7a)0qg!ZnBC99I(n(g;%%$ zmzC~;DygL(pkJ&ide6#}&X63kD)`rLmin-PWw!}S4g^vbdb1%Q(+S4ngReqNp}&*{ zRSG=cwkfE?(U@e3nf3r<%hn$N_Gv_wHnt%B5^fN#J20L{gnP z(+)Mg5b-CP^vKa?8{!V5nR7dMWB8sO`lNk9Js17rrV5S6ot#$@l@PPo>&DWda)0S4 z@Fr9S@JJ?gq2XGfmGtO{`ND(baYwA%bavq+_jsr(q53ScHQqv3pRv_OyP5!UU)T{_ z1?nZ%^YGB-?=SvVb6*o`vHw0acGycl#qrnS4Vm?VnPz!+dpvV<4Kph>AK_P@2=htH zWYwl$d{JpVuvZpKQBB|Q|CWL+n0n$RMDSv%JQtyO)$LB`IPZ!^wKol*%%(NCnr<4$ z4m!^f0>AyIhOlH%z+c_g)wD~W_wzrY{#onX%`SQ061#;NjVgNkuEJa2XAkSy_lh(m2hA$WgP~=Aw{HYFRMj(pBTz*B0Wo!=BmJE*cSvwr9%w53@KYHO*}Ie(OB18 zF;fr9y32OAd#1i~s8of>1>MQz@>rj%_`SzmEYcM2@?N7+d~^?HOp?nRh5zFJNF4t5 zbt9$PFa+1YwQkE3b~aKxw0R!6Mqo@PY4hJ7%DXuRn61BWn5jJLn`^=_bYYeExsA;t z$(Ys?duHp%=kI^eRd5nhslDqTI1?&N50JTQb08I3dsOoTKK*Q^Gi7-5dP8zy)?YOK zxV@@%ag#Sv+C_#pOyLbqQZN)L+-tNy0vVBBvvtN^Gp2&BLANsf=maY;aU(S?1O9ll~UjOLLOwGWr}$T}ZW} z1kRsP*~q4Ig3 zVD+buz+4L17E$abB#ii1ajGjMilUaRR`Dbpjx8>(i(R!;H7lx-5^^k4a2kes+@cQ~AdEpw2EeaRsRE0yyZ%Y%jnI{~Es^J^pqPpY{ z{@%lt-j>k9)6C+*ti?4*KCuSaKRMG~r!&ny^R*$*t?vQhS4Tsu>wHR4MWP{29c_=n zl0hS(9}c`OEDgurYjPBKQ*ru5pcsGvUdu*iSh9b&$dZcz=ja_}r(vYJ^NX1P`jG9% zRQ-wzqTJsY@e-2;HIQE?>n53|mU87;4kyB$-u1@TIae43J3YS^!WZe|b*tDU(v+n? z5g42CjI6+rgwwdG^Zd$gg?a|a;IP%^O~;PdL`5ewTRn3=&)7n8wewT^w-(MpC&v|| zx*)B$h&P|$Y+k}-UpM^Cfk{oq zW!2qZS>(j%6`w@W@m}s~H`dPvux`}{BTEnV!)c= z%xEBj3i_s!ZRyx;h(mEK5rv$qT1%EOhBsRVze{TN@0hlMSoDl`jWAFDZgQ!X` zi>A2RB8}%t;(ag88RuvX%qn>w{Tp-vrZ_o;Z`92rjt7vIuzaJP#p;xc)IPX~B&PvU zbEfEhHlD_fx_l!MR<*K!&}6$zI|Wvzz4WBXF!-5KcO&xrj#5Z%mw9s=!;>b=_|V5& z1`9P5`@0W1FqV$3)-jim;DoA_4$MEXdLMgji{$cUXiZtlaqXVr2+)rxW{fY8LHPM9-TglW7kwfC za0#s9yGWEo3Szw;aqGZSEw!t{CICOQ0O)!`N7h)q6}nesVtu)OmwBA)!@Jsu7t>_P z%!Q~x`c9&!*U|iJ9-GhDyf&Yigk_{k4N246v-M1DSLQlkx*EOhO=0`Yp3Mfz&z?KI z>biFNaMqi|nizBQ0d(8>MlS_c$G#VMo@i6wJ?;PNzxPBU(4(mBy%D{VBMuQOx#Vl0xB`7C!KZiCXTL~IV~S|HuqFE-r;4Xx0STUnr^BJ zfi)oX>oqG_r2T~~7u6oG1sj;#d5{W%2ZXbgLSXCzM&&lhl zII}9PYKXpii_9^Plh^p0Hf{L#W+Su1DC_VOv=6c)uWVd203>erT1^)y3-Y zN&?2H*!`+o<3dyP!Qmp{sYAM(S&8J*4OjBV*bAWG3S}~3{n8ZAnJA1Ya~p#c;)}}! zJ89LT`Wtd3G3ft10pl=vy4!eCjhcbJPc!2iDX$u{{w-3?QP(n!Z_+>;DLrmueom1A zfd+nAe~$cU#_Z#&tqB{{Se?)P0W$rU1}V@bwKv{%kL` zk@1PiC#vUPFQGS)GPQI*;JJ^FLiaZwH(br?e}t{(T9C=lh>wqcJb_rmMr`k?SYe-IWK zuh>u{l>&zcv85oVz&Vr#dXCcd0c+&9s+bWr>7TB0dP}8l2T$ z1Xl4S##`bN^E!2$oL9)F%;O`5Ew4y?k2xuBv*)^~;>k?Kl%ajH+dZmuCr1ApaPhn}nrnl7D^aj@`(O(AUo2vh6}u zY9Ul=;JDy}Wv2%<4*KlD=9zA)fW|<_f>;5O?nYWw5$tIf1z>Bue)2^A%l3*Q^)mSH zNPZ*7XMT@n@5Py3@epGk648J|%H&*aKMX^vOM%0;cZ@z9geA&YNS2ed&yPJE{flb< zT8@iZ^eqyr(TJCg!6jV@lEQ8C)eVmq2BR6jolwOMT}1JN6p+-qwOmCs3aDF+oWpak z+}X%DgY+UxUB|k&gZkcrPAuu0yaC;BqONCu-inwT=A;;pNIj}qL@2+8{a#MsmRey2 z-23=6$$9Quii*^k*~_a`_rEy8XV>v>o!N(sE=!%XpNhZEG7(2u<@OMrH6+NPJD|1|LZ#D7s!*Q&%>K=<=1!&Kj_p* zM5qo->u*tiYtwQSyyI!bo}F-k{~uq3I20A1>sgq=D^XaT|EhN`6IMKF=Cd!LHSpPX z8#u*c;8c;u6GS<9%ot=T1F4jgMtBtVeMZwhlMQFA*&D6+bG0E!TeSwE%#aAW=(wU{ zxcS=desKE;VSId=bmm8f1CAA%&E%72KY{9G+gRb|~(dgGa;(uLKg&t=)bPv#6qbbtP1DFnozwYjZ|8HMt8gRbT-d4s=?eu-6;a^2;JU^BcrIn=|i=@WEptcG6rAappx{1A`{&<7MMydcG`~>;9E~M=hIFQ+O0OPOs^$P!m<2@k9`#men&5L^T%~#mbl${= z+OcaseXB+(pC-O=09n#=JsUfUVr)!e5+Hc9a*x|zFTq8OR#P%I{PR<`QlI>apqnQB z7)M*!wdjV`rbj%8COO<=L%w<9MfuPEGAu4~w?Dy@7o5J&eBe31x>3`5%ZP&&rt-w? zQZ#riJ-ZJ4eJLwN$yJnTKA3zqHQO^N`hBspvtP%7LgJ2UeC5tnGH= zFGIpYm&*^m!^(T5oLKc<*uOsbpm474(cPz==|P``yRL^E8?yFPVjLg!ip*xZuYvD0 zii^54JWZndxrHt3$h!H>tv^(MPAk2q681?8PpUOi`Yft|I5V#q{8J}Do+SFTQik@7 ziXoP3%EpW z4YslWmHsySd414yw36V4nxcsrt*xThP;Tq7yEvSCy0P3~V>*9w}qs`dRs=|1=6w zJJe6d&gBXJP{jWi%Tw_G#V4^L5f!*{q+Sb7_DH;ENccBzp1hsA|73#pe=-4VcoMW+ zBKimIBRnEujx{`BA=}~hO3afY-BE}8gQZYMN`%QiRy1!Cgv>t2#~KSa5w++X2lL>`VUZQxOSfVoXQd8RY<%`sONTSr^OSKSC%T9Ci^o_A?2=SnT zL81c_gUv`5W^vs>zRb5zozB7|<3#!I#Df^R>4CT~ewlh)K z6!!cIZogGi;*~K$%8eUt<|1r8!UC?#ZbcY!&H91wZJQGF-V8i`OOkDIryF{WAUH94 z-Cq{jH(XoFb0iXh8HL+_sZ)GV0K2#EQcR;GBEE5My5qYoIgOQU;_vmjVMm!UN5buA zC6aHqN~nB`kT(K2$EkH`gxkx722P=-`Pk}EAtuB<-rmz@C^stWT%&7D`}xADFl^67 znJ?kmikkyN9#h}k#1pc~L}CH`(cz++HlGXCJ_YHMWP7qnZ6A#u#V|I~<1}%R`GlqP zMuSZ<7duct2&9|O#Bb*RXSvU?Sk~tD+;;T>W<}b;g7d_7}KzlD)h>%l0Zqj zP91?HAN$7@#U>Bm*mRVj7-zh{479j7)UZ>1gK;eTSPPa#?a@-4$eb^2@?`-#M^;QU z;!mTB#hXlRDrauDjL9oq`&$LV+_0WhzGs8Xm>+M#NqmIbs7oG~`>Jqt$(44KSpHw^ zy?0boUEA;pq9969LFvRs2T_qCEhs8V?GUub#|dKkrW zZ@2!oIj8AMi)06?{K2#pr?lhe!cQ(ImFFLNE%Ib&9mYzcR-C&Z$Ca_kt$bqd|Jr{` zIGc^4Sfj{P(oTj0EoITJnAZ{;y?O?V^V{6P+Ow(qv72!Yo9x}*s^wa%2%Srv8_!uc zOYcLg-#aADux-Dv+zy>B!;D%g7AYI|@9=v&-xszkKP0Icvx;Cs&~G98!5AI~*kW`r zXRHLS^-DnGHKW3ngbH^q{;5JHBSVew%+QltK9qR6As?l@81}IT!iyrCUxE3|(|+!g zU!+DUEV4Qz)UZ2kq>-zyL`?RBIymG{TkL_s@c(h#iFcvVUi0g&*yV|zRC$R>83@A0 zqoad$YdIb~`NPr_E(Oh)n; zx_E}W*srmk3#=$mzOoGjOtK3<8DPX9gp9VOo@{@E{jLqoyqOUyK!8koMu1aBPa zXa1;=TwqSGqZ>MzCl$Buf)9cUC8hQCd^e8G9a0_Jfn|Qhsgl#$+Kn>XZX24Ryx=2H zs1Nb-c;jj9tR`%fdet#+A5P31|;O-Yqj2LzB) z4iqY;aX=nb=@?K6LW*@kN<>*MT3_@q+Z`cus6^+p6}sHYH!~t(Vw@9|M%k0zyEpd` zCX^A}{cMG2KdR%eX^UFF=5q}Um#)ZIRiDr0e2W^yjA(3F+0FN7ry&yG^&>kp4Mg*b z`mP_%x@)7whWi_C@LYUl#;>`^p$rxz@6GQ(rU~aX`B;lNp{^8I?#1X zjOe#6i#2#xXih}H3V=3<+k;mYS$Hb^`fX4I0fT~!T@AmW<;dwD;cgd5spHrly!m(( z^0L9=isq4d#@PX%h0ncBWo&2uykgNJVHe(!FI$+te)Kx| zLbp`2riazV%8eJ#zRkh4y0os>A9sKH*g9MeTji30L=%ZphyUg5ILc||4K1`%IkuQ3v7^*RoPG52HBqjS%)fiLU|0W~<= zxh2cvm`~Z}kz#3VyGXi$10FU$vWirRv9D@`@dp>6G$*<{Rtih6^DgkHzyo$?T}0&V zB)GVr-N=i>N*Dtlo$_Z+bt=#CPpUxpBUp4{m%h-%HC zxR$f4{pw_~=UGaTUGT$3R9R9npv=}9d-V@{uNz5~(A+!pA34;2JTRr7 zbbRN+hJrj==AQ5(?jV>Du5~1;T2%&>IFbOK1FUzmE!sLn7_Tg`xoK85_e@_&f~E?= zP?=jfX)ig1zOrro5?WahRNkyLhfiZtJgwW}3`&-Ya_sQsJorttrU92^c(pzJ-NY`7 z1Y7s?7HVJkdC`1&Lv|lwTyyR)+PY(3NFH0MvV0uqP1d#t3}@yX4D4VPpdLWkRdT;# z$9iEr4N-m;B3STStapduu7zpTbGS>;tmD}ymVb(_`5S;I1Gi24sKi{cT|O=dS(995 zEnl^wD=1ghM{;Z$qPc|`*c~x?TqdjjzyNcDeUvgXU^g3>s?vcm9av51r1j&v8Hx%@ zKrPyVN-P=hI}-=E^~!p9dl^!E-hcFW@N&pFRo^H@L9(YrQw34%DG=4|JkT6rt39L1 zwEt%z9wiZgjO3S?Sq1d+_Lz;nH_**ZayWnH zpcX7VbKtrLba^?8VLvegU7`gNs3*2CO9wN{OK*U&MN;q!{KAhSL-*a7le2s(BF_CW zTvyf8zGyCOw8fuD5WIi~! zbpjci3naSaJaeIQ|_^bNz$P~_i zE8}jx_`4IQc2t9wU_n`4w3}5NK`b%R2yw6zBUMnt$mf|08HNNr|9K*&uCQYq93F z_qHJ3$nDq(e!%y3?RZXUMO$8U5vrG;Xc!-P@)^Ge%*8HPSl)jvZzRGTFh;YKDWyzt z*qf~e@TP3^9ZQ9@Q1n~FUw`dnuPNUa(0KBnl#7i7T;Ls@@GgKw(i#UE;dXN`sQ{_v zg*hm0INrF2UmcRZ<}J}p2H!1nL|pL#*D_(^ID~jr&Q=Qjp0_=tCk;ROp#scLJ)zqC zepxR&@9xHf-sWt98wOrIP^E+`l7@Wbnmf(Ls8`-Yc!>_%mU~feYyq;&Fjm8uhZIcI zhZF*H-oDzrMqY@w3t&Qx7Di*zaJQY=~3+bU1-I4ppmLlNXtEv0Z)bcZxAPbdmxzyOQ3Zp^8(G9z!oqq5~M*$~dU<*nv`Pvm` z#+;t0hk)9#`j6Q+#KV&RX7=p~%9LX6=eJg^-jUhp6=ajYSCFJ}D3?xj!7xvA0Iss> zhN!?(rBw^b>dObz^g#Mtxl->MuZM9ZN3nBNnaPM@o7kIf2Pa#GP}b+}z&hI`YKErg zM-P)Mup}ek@58u}EK+JMByu^&=d z!SDz|=><&ZqrzgmCL-@=RiG?tXw|$Rhg_RrVB$~2dL;UEzjO?>4wL@W4rX+skl;ml zopP5%&Tfqmc8!5yapr63as9OhKL8|$yMIUY$pgry?O&X=js2c$z%X*=b#QfRiSGDP z-jtAd|3Omo8)#|myrk6ioI z^~1p!eeT!#Xb~d=`!Di%X@g7(HFZi2ik_~6<34)y@}Am(_8R?6sVr(X&%$ztP@diB zLh?+GcgW|Q#7mpwR|;3)J}-rrn7I85GR7|GpJ}wI59up2pqk_}ODKClNzvF*mb4wZ zqmj(bFJ{|-quXT((>R01IzJ4Zux(Y3eg1?beI?>kMkxIc;D8rrI?uw6J zF`|0bge1#+6=+t(v%7}Ow!a~5OJ!tn!AK(#e_F<9L=&l5!{qRdiyA1BLIHz@!MIZ> zo6qB|L8_SP!TqoymloPiLC~M*K{2-1Zk90K6)k)xaD2B@^HkpbvB|vncOEYvj>!E+;@G07>dE#c$D@O{D652e8rsUt1KP?8b&7y#HU<>^{7td9 zfjI!oVCf6o*5@Bsw`wn(e?$i)`7b_1#pE`?u((x$wOU13k#{vWl3me3Q3vyxz>K?S zP}Co+Zp;956ji;H)8Hj|qsh}<%EyAvLfY?k>iCqgI<#O1z+iY)!_U@iPHmZ!b7&~^xRVl0)Vn}cb^%*qU+&Z z)&@KVx@5#y9&K78uQjfxtn{5iG1khGbAg9>)i&_|1kwR}iUa!juC_Ja(2F&Bj=uT5 z!jg)kEy7+&@1MX4P5?M@%Q7j7fT?i)R;7C)`?=wNpWh+0j}{}#It^#tu|KqNO+4J!CpcG*(+Bjqyq$rr^vlJS?jfFhXwmD zbM_Jp$R4yNl+~|9g3<2q0mRsY=A2KJ7n!$S3Sa7s1(;-{m!xz_nINUHxZ{@Cjvy^~*s!g?wI-cOQu$%hyjTRe-lBOr&g|(kzZxWO zc?xn{q@|z8rl4v*Ao=t&`=pBciInk21e`e$jQmc91fN7;HqH zD%+0Wh>i_KfYvYqY&V7S3HTC2njubULs>jIKLTV6ssd0%o;|`WZx<;mGtIx+aa^zm zm!49+I_IJE{0x0b)bO=VKpk`oqG{>7q5!^B)Yggh2wL-$hveIlpXCoF%ktSi8b4WB zxb=rnWV^Dj6m&``8a+YEhxfSQ^w0lBTuz|%yXcxWV$bN|g*B_^Qkgg_d7B{Dku<+` zs=1%&brlgo6|X?rkzyvP{~Fv@RkL#OK3RYnpRvBu5w$dfFyJnAiyDoJ59*gSiOA4p z4X+ug zym{Jb1{CmxPQh8HR%Ou^ZfVNb3#1wVkVxM$4ap;@yNg}pM0x#t(>#?&C`swwqAd8x z&P`ZLzoSy+WZ~dU76WM_6{BO;oIMI4dU5_n{Qx!wxwlA_#vXf5jOM$>i0n{R-@wHW zG8BytX;{EZ6ahO9>6?qW<5`lLG7p!8JnFpeS609PmjFULmD$y#-SswQxyB>>D)M>X zHj{E}5wBcqg)bQdZya>XaCB-nz3) z-RxB-I^;$6NZ=ZN+Ua`Uelt5yhPJT5ae)unMUQVx40heYPmE1 za|GMu$Et!M#iDLG!g)AI@+lN}LcGEmaEdiW;gH8*AIBKl&Ke1a1{0|5Sq!VFfe)?~bnEV0-*5#hN=~PUESz-B)8VHhX4-BW&}>tHLHBI z!B0EdMT-FK>^8+tyKw$S4jOlN#DTD#8`d!&NE?{ANCikFFD3&>)SZ%8uEMjCBO#<( zb$3Ty%F@K2Q_o}9AD|^)oN^KW!+RyV$80eac=@}zZoX-;XCa>9a82q4XDX>Igz^w^751~_m?j!^Or9wOkO1x5Fv;lz>j-` z*U8f_o?;BH7Eu=A1CJS(i9i?bq`(R(tu!J=LH)}_QTE# z*24mQh@_vr?Ws1pk+=$}dWy;AmF;y(;ffnD_(ACS#acERu;DRm;;*q&H@%7U#;)4v!Ds4z}AjU9mC%#iR`!vd}^Ouy`g z8{#0I0#JS<#YgjgE>CH?q{V=g3cQc!GL*Jn2(9g{ zc>48zDeI^!sk+4c&|l7^09=DDSCcGm^(6;uM#-zs4VPaIKlwy`_J0CwE09&fMy0C! zzr|}a{$J*`ecI(&8_VmukBG|ybSfNwU#o^N5#d2Di*Ny$ zV=bgz9qv+d(u`7oHVEVZ{=Xh9k*_a`;J^r=$*x6B)&RH*dWhBxX<#O!o9w2 zuv|a&8WcKJLL50oU;iO*{ssOi5TWz-rU}PdeLW>tDXi=h7cV6>th*-$dCK0v=BV$1mq4k=z0R z&nCO{e}-rK2;kYOosOy?wI)~Kq^5AVDe_E5$vJ;3=^4^8tQE_TyT2_L`}OK$ zH5<7bR6v0gKyroT;7R=ej_=npfFw$$M$72+r2cNwD~bpDSh6SL6-YbF7lf6;KO)Hs zfEobB_lHcE2*3}E>d#~1-&R9<1tseblE+h>M0D7|Q_^+-#QPw@O5|4$osAsw`HVdM zEc7+t9e71`;<;bm`6A5nJC=SC4|1Nb0-{|LHW`4)h{lc;B68sr+JNoUk^WJMSeeEy zlu6s8$a@ihi}a2jejF8^v>zOw^Y|3bEIqSuBYyYEsk?OuDhz17W@Lz%eddu&T#1<$ zdAuul8<5jKj$RRXP=yBGt^1Di!bZ*n)cn`*YYR{O+g(9`shwVp)M~+DW_mNL^AiPo zd$SKP;lp7T8Ftp^!t#R)&b-Ozgr8Vr7cc6OwF9?J_CU?jsu9rFh58su1B;uZ8KbuI zCTxq=68^spZ5n#F>Ji}l2^4@uV3~v3Fx>(4aD*UI@?EE>>UkTB$5uEi0H_;`L|YHF zYNr8gN017o? z9IS_O@hYqTLSO^Xsm5K3ls075<&gp{fZ?z{5ASWleaeLsghn3s0}#@HC5yGKF#xVU z)`+nMc*4v91%%g`T|X?`0keViAE_+folkz>U&AI{^C;k)Of|K=jSDB6G`@h2`P=#N zsqjY4e|PE#EM@h6@yh?^)FlZiI;7h_-rhGsNuh>s1k0!Y9EP5QtTwJtoU0*q{3}m+ z*&6H?a$?%uJE(8-LqC&yk4!8GXEDItkG%ULM@>js*Y9zML^R9&k>cIv4gDVn$8h>I zPz6giWbNCVOf~FS`Nz@SIp%YMg7AY|^08_W#9%i4JT9jbMF4ns8u3robHdM~yhQaj?)7!>sm*M0yc&8|q4IE*0q zqZh1`oZo&>XWR=GLb{NQiIAjwq}dIO?RIMULCH@aSj^H$)RO8J_GW_0OQ;BdyDM0P zkYAWAK0kH+&6mFvZ{zUCH~krXr@q|K*H0=|RCe|k*o>ffB*o5M>e{9yU%-e3+y()= zW$cuq4%|N=K0wxYJ9Ks|i7V8ucIE+x6s# z_XV<7vf!fg)$_^ui>nsdT@sCOnmd4=zrQh^HSkv!v1?;g!-GimewxhJ8$f(#oJO&T zDVJ1Rg0&uW;*_pC%8tQZ9#Pyp#QIl8iU`~ujLbZ-##dVdWW-Y-CLH@l4_Y;T+^vSs z2a;t#v=^KwXR;s6cZv@`ttWp47M>DVcpw}WO#2I2?$x}OULg5zu3O^*nVt;b%Km#! zFs#Ty;taE)&!41Vn$0giAa)hO9Ev-Qjq3~7ktIMVVov5<5}pAeETsE?6|ZYjyYSTc z9_jE!$wauTCKTHa z6zJnV7B-BnMi)#i_J&}h?8%rz&r(|8< z_mvD)!{3a7$DzPdewxfyEHtg zfbcOr;2St)II@Uv@InDdvH)x!Y9ImhyBe-kDgYJ%4ukM)>lOq;^`B_#60B8TfizYN zD}J|WcNS9FQi8R zG^ZKH$5-k=V{?C<3IQBs0h|iK{IrHN)d_%-#0Ux+1zgvI>0OAu)g|~Q87;Gu`QMzf zuqUb_2?W;?3>DsF{y<-X7l10V|2ZGn6Z?Ocj$_fZRK+8F7 zXDd-Q*Q=*K3RTa1Z5ft1h2etr$SgxokAe^>k#Z9(qS&^c?XmdyRRaKJcNGaYy#LqZ z2-tQ0g`x}2T4yV>1`Hhksa`9805&uP&X17#Y2mIcr+`OZ)AODI$^gI*0)`JpPLp$b z-ksV?{R_ZhAXs|{C4Bc|q4(m-7d0C&9~JRn8lR&o1m6&Wv18Jrf529WQN$IN|S z$c>=uPFOkK63{|n&H!nJuMd88Zzv9lkf?MVl9Tvh7yo)zTG$;uoO{fYtp*A@X4x*J z>P9xKOG|&Y7m-E%R@|3bS2c55=y~bTR}O^YF7oO>vW^wbBrP_}6F<+L>WIz|RY2II zth-A9v-sfM4xo>DoS+j%e`CXi{4BFMmy2MYml~ubP_>uUp-_o<8c-!fRIyn^re~-D z27Q2{AqAo|#i8UgEGNOHoLGzeKf6&|T%0o^{MC6WN8bvoq0a3Uro&%U< zcLl=%aJ>cH9*N0f2WEs2*whR5^xe=>&CGD|MFCX=W5W-m8WF&*#`+)I16JeM6>u>A zy(i=oZ>CY3(c230vEyU`Non|T%V`v>=Zi!?K2jRpodFKJ0FUurcI?*qdkZ&q(+PqS z2-N0k^M(-e8Xuh$p2d zQI)^(>G{n>#a$)e;%1Hi6qWp+GQn-8+`J)zl}&V2WvU?|vme@YhnycB$(3&NcBGCi zG>%QXD0Vw|PPs$lhmnGEUiMhDgqLH8c4Ruqc9ony=+CpBK|jrpxY;^akYsS1ufO{A zFUFcRe{LuF5f0l${v{tD>F)olB>H{~)Mk@;l?I-i`Tl(AUu3X3L@A#p9U3?@Jop+hg$KLAHI2eu!Ar9EMc zaDJC*F}b-%ByS6wD@WD?o#iJVtg(j$5GgkjR|=1cst=l0Jlu$uY39J?;gW0Y3J zT;s!O5lQH?pqP4s6``B~GJ+Ia93ORS?LNwFlKjHvE&bF`noYFD##OoLjL;_*jDWU) zau(mJd3JJy=deTZ#z4EY#i7p}Rcj*RoksfH_|!i4rhkQtIQUZf-8{4;9nqk2!Zpov zN{qDZ3c+ctRq2n2ynOg}2+=&ykGQ@&+RAiv(yM!$ewsVLSv+>O6@tsCtNOr&{LtRc z*}&_|R0XStR;^tN5OnP|2ZPgD)qL4Rab(mMPIJj;ZwLq!$YRZBv}kI=oWe_$N)FXn zKIiv+8H9>lQ}JG7UPA}wqSFGQNc2ovxM*YXR=tz7O(L1IhpUuN>C~HyNvVitvQ-o7 zdp%8!o<|~NLI?qo#^NHkGw~AUvZ?*Dw2JGX{ia_Lqu7C`Zk~626eEKlGFED-u-^Z~ zbr(Q*eG76~v?66U+U4@Y=tC-aPxcw~>KC~c3H$2ScvGX!)dm#VTaOu%@6~9>gcdpynaa;@dklvO*W#pV1ct>deeqrq zP!1B^kwQU|d^*es(SdYUBUpzBK~sH`M_${D z7WS^^&n-Kf{4laZooFj2im@iQmxU(((Y?jH#p+0z#QUE2(gy z9J-Jbxl8`stBA(#!-zJrLw5zs?bi9=TXjv*`@J1}2x0(ubLvd4#TurlW6jW#4??J8 z&q?s(>IiSb(58pt#aY($EjJ|^S(dq(eefN1KK3I7iZxYVjoxNzXG0Gqx$mwk18#&F z$DQ=SV6B(Rvk8OK!P1KguIv%iyV#45M_e(I#N&M00}$p+8dLQ-^&41- zBs-CsM7kxMqHp@eLyrkC8wTo0$56DEt>;A>;Z=G;hRslXgz@Zh@x`BRd+w4#4xW1% z&QCBwjPGdD*6n%NSzKA}jQ3P5P5Ip_!VM|dmhMSYDN(1n-IH(IoiPz}X7=g5(*}FD z{ngrbV!H*MfZq%r_300IUKMc4hVKC3(t zpEF%o59$@X;a_;FuQM8Sb8E6cQyQ6=H&gf&Qb!zGEZGz;MLc~ zpQ-u3|7i}bkqJwEiBQOrl9$SeQ3o63i99b@`zGS?xxM>nhPrN!ra=e)Xe}L;xF9Mg zB{eD*loOpR>*e&J5;~m^_ZF50MMCv>geB(82oCU1n=zERPEBUOK|h&}_j}9G6_%yR z!|@}+LK79}Z+afs-WR#LS{v=K&55==_=}tr=fn~swd1JpO5p)+Lh9@BtMFIRY#2Xc z&BitQns9ZHx;loL`QHA{-W|gR3F)YsIB8g#GA}S(kqlm{U1(oIlQ_2*c@(&_*|o5C zy$~kgEmj#Xu1&<66E-V~4L~UIEZ+rlT})=4Q{3iUff~>}wymD&h zZr~0+bg9nj_jBGml!$a2#2`pkuaz zcI0z#nRRPSJreMV8gre^AbJIda}Iv_{Q2_!*7^s~f%thHB+!8;m_($H7+dG$cVDFS zs;-3wU|UwKjEmayckof153~?rjvzECD&m%$VUrXjt+_lAG`nlK-f`ete6yGUNywv* zDdA^C(vf~!|DY8I^^u@q@Dzamqz~G+z3b30{uGEJC+EIYn!*OSx zHX{}4mZ{|Z$H}JNoAr0zbV5_#ck-B7tk+lD=0_&wYN#r-PpFMXG~i4KXV+?Z5@N<% z%w_~_J)afXrgUb{WrAD2)2j`lawn5=!JW#=}%W%q&C zz+BgT4#HDFM7d6rRZxqB=MK_xV4_gK|%+V$;|7p zX|?$C6P|6CfJOk%7={Wvr{|aAxIpZITElq3XRrrkFp-!{OoZI@C>?wUTKY-nT1Hxt z<-GtgbF2Flz)5WW;k{m$H5U2LiCc%TsYucUWj`Y=&9PZ=YTzaI)KGhVFJ+7HoVDmN zpfbkP+pSaLOhX$<)WpD4R(?YSPtmDkcWKM+W8<}!h>qgac~8wh3hA-=cU3ZOl3x?q zWGOBNGv#X+w8of}uBJ|xuZ6tE721uL%a*F!^5w1jzI=5K%|^04(+e|8mqWCS1`Cx` ziF7=QS5it6Z~wwSxoKqDit zI2ZhgMqWWdRae*7CY~fggnGaXdt&T+o!^La;_&NX$uEgT(0pbzrjSqg?=+v#Nwtv>n!$y zyi}OkNi8Xfcu{?*1;1fRQs@0SR@cA}bB#h}Z`N#AAuFpS0 z8uL~Cr8e3>FNs`p=z+04gwB+g5|2u`ofP|6pW~zIiXg>z_hqSo#9#}*l8%0X_XNxp6#ey6`b7tUc>gr=2T)(LuUKTLTyB2T4vp(UMlDHedNS3rJG|j ze@~Lvtw5timB24#J220v9j-LAvrY&_|&F_$Bu z-25DR#|JjO`tzb4MyPiV^RR8IH*A~C(0z@8|7epV#oK+*=)vx?*L2pDiZi=3V}806 zxggqE9FE?i+^UiT`84d1-H-g+by6?Ur%=taV%a&-akL-6mDyn^9PO64U^n{)Ngjxj zB9StVWV1?2AGne}J%4a(cyQUq%Gc7SRq$fm>`xU!D-zVx6uyOj{{kWK*g)fq27|~g zcER?P*#kEd-K)~reOoVKtIOsBd5<)1&bIK7E7hh3mJw=L) zP?M=ivS+3#yizx7uT2Kd9e)m#a$!7>I2M<*#Y$A|+(Ng=1$nyQZ&^%#@T2W`XNDMt z2`{!wY+GlR$dbSI>e(pl@XH@iSGg5FrI!-U z)x)Tmd?ACC=sJ)!8Z|5cWvOJX1}RtV*G{MN-Wfl`;Pv1F>XXzV-Gq04!x2KGuq_l! z_VVO>#CfZ3UX@0vNb9*cO2KEjpmWsq=Q2kI$ry7T6D2Qr7L;%vryUgTW)`F98t)IhC>xlH_*q3IX1}TZ5aE-IQ}q?x z9?w~kVZ(j8RGC=e9tl^sz#d}FW5!_TbpxH!TXl5LPWt=bi7OHE#Dr2 zb_&FHZ}kwipPks!ZONi`hD6$IdV3xt87B)(C)JLoqgm{Fj%|FuMA$v63+EyvkDmi6 zIl(w9F!-aL?9{qawZY44@$JP(S;y_;ZGk?&(pO8@!`!D5Ufsvi)iEDM53@@NKF^3q z~itse@FtgvaGDxF;}dln))nW{~U?A!1tzwt)ES|%9uadnR372 z>{G2}%(|LNBBmPd{QR3aee9}j>H~hg45(OhVAAM|Pr)6r>;jy6+RZS9gR|ue=CA zFABE!8!gTh<#BxAy7GZ9z+e7LRmoJUebf`PQp(^bj+W%|uQbdoS)wR2s;BUGE@ULJ z+}$tYmE0XGN+>I*DGAh#c_4bDFzR`0sL$&wYcay6i2d5nW-RXKua;U2Iv>vNyMkx( z@8K&G8J#EV69~yzA^Jy0Tz4tvT=?aZsRL&gEz&wLbD)l8gZf7#F>C>JKvT*2E26(s zI{q;3?lv8>`Bh$4ik<%Z zgV!pblCieN5yDH`U|$?xv7(Cl*tx7L$VFC$D4*I(+1wUV^|yYhsTHm^G8sDQI(4CT zt6X@RCT#+`H8AQh@LuesaXM0NH@rvYvTm%-fgGwnT~xZkvi~xfQEK?s!AmIknXbvF zznAgWt2<=eTEf&-R?VQQlOS`kjhZthXB7Q&jY6n_i4-NzqKJYK-E$H5wjTp2$d3Yx z*Sp58_AQ5+=z#wgvwp*`-qCk%zgmUOMC|#+BROj*RKJd;6~dk|-J1 zO(L%(E5v@}#Q8J1j=qE@|MNp-@ReRVB=y@$>l-xdQy(N~#?F?!wA(%lq*CY4Q-2|O z`{z^sPP;ZcWRhrr`!x)&bmYaheS2~%Y0@@f^kt4%@WwdL_gAJMk`lF;w~rksuY8~3 zZ+d|$yejT?^L%xGu9;_;_~DcF28?#W=}-R3qh03*pWajtK+=$98qN>P{91kaDX$o1 zwi4^;7jJ>ULc;(h34hws1bU97jMaFPp>|#>mU3Qlm#rVs{9NX)Dss{`!vR7^kK0 zZc9~bR7W9FPGw5T$G%I){&#xWf1$-8@%I>)x-4mpx}{z?6VsIbhC;G>+t05Pi;8nJh%iUFFm*X_Ea_}Kyb z1r7_7Js7<-V(pb;o{`NBpS3(|J z_erdHGrlQ+_Y&||3~iYGAs(%&l1ttb&L|9{sLB1QlUWt|0#OpHI6e}EowXyJ{XQmo z`#{cUHuR+})kY+3z(v$WOVGv1OX?Sr%_9tJ%5k=jO0qdG=CA$Y~|9phkNK*sL_X{LP zGoSn1?l#Z`e%B2*>WFL-?p1D=06`-JXRVB%Z(X1#?(^PZ5~A>i8(#dmRykLyLTFam zst>Z5O7R(4gtv*T6@^?O5l)v5>1HQf+Vb9Gnlk!zS?^#i>w`f*kN zsy1UeF{meLEOOiYoZh#10-i zbBnih+9qfb?fl*8AFutRj^iI2ydds#h9s3w-hQ}{?5^7+d(|eM$<4Z7FyWxX=$mf& zC2#q-*)P;d_N&a{%ZV?2quzvG%1@)Pm{D{pI=&j@Qq-bBQ533oU%<7u)FW(nc3!Sbzo8K$!S_6nd1yN0;@rxnw9E+2jkd zFdduSx_6MLch6zZj}dHSasYw_v6t0tjW6#YldEOBP z9sEPobOX^Q@P>EI7o``MQ?wHnii`8E<(F?Y>rgxoJTc93LB1c|IUKR?74*pHcyXp8 zRiyn_=$`S9<;;ej&`%FAoo64 zDkukLz#w6x8n&o)Y=X}=+UeA1YZ#?9n#M=0ncBU%LU!!Zk|Nk3LrroU*4&-hkqvDg zaLkmlpYQWl!wg0reG>`H9y&G|$X;>7iAot?F%qFp$7@@eC&wL?8r?H{p;s=Tqncmd zkyN&5k~BxsnV7I&`Lh!1S8LZSRQ9W(H*nOR$aeQ7J~*Ah+-0S9Z!28H2pYI`#e@DU zA;)%G7Q(-mfRF~L8OJX_>k)5^;y=D$7IkEYz6)p)_}hk@eZ+mcd*fCq-}wEy!=pWB?f6~q z;YA~a5baKZNXIb*U#8ZBIW}&#aGM*jjM;J|i7>3E?{ty+wGcUS@1UB;?XV2-i_s`> zv7)jKp6vQGUd6DLtw^Z}1?qi_pPsZIY;@t)6Jgu()(caD8`8ZQ0Jp3;TUCKF3fgVc z73GladKs`o=aNUJH`}ET*r!tOGHvnep7X0*4)~d0WGQ7{DU34d>z>>G<*Bhf{MEAj zp`8kAoqS?1#SK^O@_*{rZQG`IZ{POJ9^Mql{Ca!7QlLBdv|J>AN&D@;Uv{GmZT}CY z419AE`fiAnJ{H-bcCjbK>5lJp`Xuw7bb>^lc8DdBVv5=O+%s6q$VGRH&Y~j|=#k1p zOiP#Mfy4Dz0Yb9NA$bQK z)G+)k>EH&&>ehMR;@Mw$r-kg3vTsnVITee&mT~9u3|J|MzvzKtd#G7j`<&1b`Aqt= zcG`84Yjqg@Lhn@#%^hm&e7fO*IU+J>%bi+KaL8O_rbuPaFq-k- z5}nVD6Uy?lKM7x&8LYsP&!83K@x4vAa;P84HQY!)8R$0L!rPDScK`H?QO__36e|3;oC3#wyl=w4kjTVgTTwq%&A48;p(4RWm#gf^Wp zYVvp~wMp3ikmd5L%%R|=sc(fx#x|?vNC=m{TTYFmWkDtKbr*hhv@h~okWH;Jwba^+ zeR#-JC3Y!(a3fy-lMCvXRYzXFVEtnQY=!!2rNt1|LMp@Xdrr*2;6(!Bck^pf2IzFUL(kCgfyGE*mh^ zEIx|+wxTle{ijpWVeSYxN7`T&BGm0`i;BSw-O~Z*OnK~HOO;za_WrU7mdybHE47sp zj+t4o+))q(8m-**u{IPTD9w3*b2y1RuU1DJ)~?uZHi)Hr zX4VjbDTV@cm_~TkyX}g?Q%8GC3hXDJT%Dr={2u~-iI!9fQGDG4fB=fMnYCc z0P5?&1blThSZnjs2_#97Tx~<9#zA^bz!}GltCp((NymAo?{=Wcm)G3p_&~?q;8?JB zwr%zP!AG2e%RV>8W6HON`Kn{4;_=Jvyqe7(&mkcjjr>8$eZqcxt^(L9!p2o#iHUi@ zdNW^5TCv)QO~NCES#-F*u%UFhNN#LU&d{c%`=$9t9MIij^=p-kyY$CRh0X4eXUC*5 zd_%8_2-(b6Jnl|k!Q2RRzGO93tp$kpnx&^NQLF)obr5&@8y*jt5aqDor1Gz-K+?^oW~LsKoSqL)FApOfq`+|J_{%d~*s zg&oOXt+`y8cTXr*Jy>vPjzPZwfbwQV;xJ~bCuJbDq8#$ORM`_nfoaYKHS5udc^*6J zLzgOSH-c7w0&hc^SK*ZFy*|Sx{DhzeYu|-uZP2{pC ztQ>rYd1@Ot#Gy(eSASp_t7xZ)wXiS8`LB3}_EJ5L`@8qaNHZ5x^@e^~8M%VQlLym# zC%#A2yz$kI;l0?K+o`Y*e<;Yj(1XO}^*W`nNZ&K<6yKHS*a>1U)^ZJHQ?S`di#a}b`1;t?GGM~iBq=YEu!CAHd9$y=Z_C=2!}=J;0kNj z!uW>NMC*$dv#ni?Bc)h(kJf5%{vP?fpL-p9VjC#3>2nVrgNwO{9txB0z%q6fB|EUo zsC8*W@!O;^VLyiimbfI3Vm%>Fv5VapF3~pu*K6ZH!7rbjX?Ae=fIbb8q z{oV*nj)t5X{F-z&bv;(-{3*?maJ#j4857TFGyK~gBg7Swl88|URh0)S$#LS^ox`=WU@6pR;Lx1fY*F}l-bHy5<8ZwF z^0V+G>s{L1TZQ!~!_g`$PbY4r0tX(sWc7e{_p-aSm+iDC$t(;!=p)w2r<1p~4Oe8= zrM~$|Z;Hzn%Lbu$+9FRFliCZDr(t^gk82OEatDuBdg-Njwb-S=<7($J-j5c$UtT<+ zp6*yV`fg2ffQs-Mqfd7In$B1lAt3s#anF`BlU!zh5WIu)X&B}Czo>i5xVV4kUvz;2 z1&SB9;SYSCz`~AuPoO|wr`|Rey?!G>o zPcoTFChtsU5=VsaNwzq>x7#BrLA?f;3nz90R)j(?4giIaLwAqrQ5qgS$H#(-u)5`! zet3_e%#hi|RxN9D;;EsDzOVY;8crKX*;8e*9<1#q+EfdCn1=xHTZs zen3T>fzg3~l~{nw0fUbZpjWKlkAS0gnOK7nNXESnz1$M4Q}+nYalc1vEGf`E8le;N zWHESDV$d}9Je(&-=pL-RULa9as(FP%Ip&EbbnjJ!m#ZdWQDw``>{ocfNH6hqifuUM zYe27>#HHY&=#u9y*u*@I44~7_H|GE;PilVMuG*$En2@Uf^egjpKnbAi-Sv}mwu8&J z(XhbafTU77C`o8+L`CFI8|7oGe zF%=>>u0O!0fMmJfj0QblU$r~t!@XV`sXgo7MSuf^)9f6Xs^Uty? z4`_In7>TwXue(UiA0x_JYsGlDDTdVY|I8fpKR&3+W4s_IhM>kFj;;{2xaR!kfRjYD z@6$f;48IO>rPHd%KW4Z8*7&>JC)Q%Um@!U27F(|S?5MTfFEOgO2yZ1IRX7#>%ZoSj z{yEeu>(|ph;~Oqkio__}o>6t;+L({gOXHr7i1r}=Ae$aB;Ci?s_xh3|_NnYJNy#TJ z@~__lD=I^;)k}j=y;B06iEvkoGZXYydx_4dNVgW(f7;jfHf9P2TrlHDOj)_XoG=9+ zASV0!g=VgF1yA33`V3U|B=JMzrOrGa_Cky}Xb;Y2EI~dCu4L2Mht?2`U**n9H?aiX z`o}r=p@XJbuilp+x;g*q`QBsH_^RlRaBSIweYAO(CXIhzJUm5hNcku2NR1^@PbBBd zlyQ6D*+ox3)xHOCjx3S5i6%vhAPjRyGpPF512L2PTgIFok^W=N_WDky&q+Qc0w(n^ zlyO$uUs8Kk=eXQkKR$ws>DC!#Auirft$=+qtdbnAWqvYz+W<3^VXZv9?u|m`qO&y~ zm?bKPqLt>moXHAPNUs6=O1oO<-WbUDV(EIjxv79WcMMFEnx!Y!*s>~GLzXsArZaq{ zS}=IzH$^$<63Su7hZ=oFCoj4atv}4INv1BF3FRW;X^;Gu-L@VhSK`jCrK)TaVTdM(7}}OFnrd5BTZwSH)I~Z1Ky>6A8MOJw)4~$jO>Zswh8L@ z7A|Z?vhrNKhl`T{0NVh=gX3VL`MdPGR?s%p5==U-qJNGW0T=1<*hYu_T~|GIY#FHsU|p}qk|jWUH@iBZiy=(BwIKrL6?G9pgcT!gx{kV$MuOB8X> z?uLWgJ3Rv|$5zxYCWkF3f$8>KR&8L8w5bbp0ijv0B!x&>;6bpdaGU>$*O4D85WW#r zjU+6;C1}j6tQ-7zev^bJZt3Y6=*TC+CCG#mwuImoLh-sMWx@iLlmExL$aw7jK;U7Xl<`9YiutK8(SK#e|o9K7gS=>2SV>YeHxfAyzc6I)ok-b z_1V&y(8_7(i1k2?o{v&CS!-f|b9*aQUm;WY^r(PrBW(V$(*E;(2Ip6hYV~NJg-XUZ5RMM z>)l0<$&0M*mcX4>rjCSE^wkiC2VZWhRua6nHb4YG4~JyJH)DcJgN&ccBLYz?we-Rg zf{jh)_PU($l&nK)y0zx2(9*28Dxc~{Nmm+oTgT@V->Nn6T;-a(z*Dvm*#iWgMm1UX z;vIgKBI3i@DBi7AtZb)uD;%JDrFSM#_`5Ai3?Ov8)>CZX(&(NMQLk%{Y`ymF&}AsK zu+9S<^Lnayi)C)6P={aj(uZ{I%&xp0fneiA*xh+}Pe?{2(D*H2MD5|28+4cqP}k}2 ztx3APBuYvF_!xcmyu`Nx#~~_cp9q8Or>GBDZsyf(rjN*SLu)-xu`Y|aHpWzi+WASi zx{r&iyZnC?X7>U4re}M`=QI$hd^bBKUACmb`@6HXrU1yY3)@yR&Zx6 z(`d{QNgzzAmYFEiy@9|r*L@p{xQl|nc2-A5W{z)z7K)}gHD@s`pNt^iEi3aF{xS@#S{~oo6R|f835XUp9;GFFacjuNosCx!ch~PHe~KouS(i z?^DwwJNg;T&p=zbtj}34wv1ja^*)lc#FwdUL3hiqd2?A01Ia2acHnIEgfn`@$qwBI znbe%mAMu6O-@R(t6ntR2#Yk&xh0J&A8Xt#4R)q5FB0P}EO88zbIiHbE6U?G8xE*8VlPV;1{jkSJf#^v^Nbn} zZ!MYrlC=!tikfC)X2gzwVAV*<=K%xNIb^kgr(;i2zNuO`LSa2Qn zs^~<~Ky5ub!|tYrjEVtr}Gcs+VZTz?lHUGHNlt03*ZM;(}%X~6|a%R%3LR#nsH z)|R~TsFsP#G_~99(KMx_cdn}ZW0#vbrA6T+*^|XyBr2g+*ZfXIZv|0nSMyObUkgYG zYKVL2mUNASWMqs77Q;a!77ECepon_3<z`>vgUW|=l%Ep1}}Hz)mTXpaYQfnNBni_Mv^*Lg}@A6engFR4!5jZeGE zmOMVT@VG;}=teet;cylMLh!FBsEW;5{+01Sb4+|=h;{_ED}A)$K}C(2uj_|;mf=ZB zo%5u78X6r-*Ix#Hv#{UDo=djAr&YSaJZ`olSM(+vm>=(1|=$fX}~9qaoz!_-Z9F-#JnL zQC~u5GtiKs^whfZYn?C`WWzAc6Z9+_*5(N#S`C{|+8Hu`%J|Sv`Ml?-7V;zW^xsxZ z2C_e7{cA%O8dY;H1ZUU*3;AmK0Yj$IVc=2T8G4r2zpTvuTOuGt1*ol=_`iZ}Dm?zX zL}=0fe-EuuxrK?lL&4SEkD7wUY5Zm0^QXT`7u0b48G4puCp&X<Ehmgf1b$9+OT0XS7je#jirJmB^7%2?%yS5|ONam_t1t%@{0I#ZE-5`kJH@<^6S=rR{|xQqeOvSAs@m+;tYD? zQQ2D}NYt_+TzLh!wdvf!zgah*)9p{-u~}KZ+s3WjUBGf6a%OM6JO6z71^LWS7Ki^IP*-_(Q{GK+A?!@VJ>3~CiG;lQOM z+(A0A%K~~2cGZ1at$!({?nK8KspvMOanDO|*IP`p zn(=5#Bj^5G@C2Ko-*7VQKYQR0B5K(P3V_utPiG0>X!_m$>x&&#-5_%H^BH*ZRtx0g z<~u>1`_ggMx6`0%MlNqN2?5qNf(XuwQEBy$C4W}0fpm1x#wvH=vuBM%8R??*S_aY*kUdtO?#5F^fAbAfj57ZNqa~z}5 zW&%X&M|PFnG`?n)u)sj^X{}TBcPrM+i%4CIEk45LDL;|~(Fz0`;A%-|*|q*9J*c6D znSL5Dczrx(SG#D00%%{p5sp+IB@GxVYb7a26GR47EOV)^wtG7F4fK)tLOg-G68&&1 znIWjsP(QG5-*ZOQ*QQ&Ub$T6B0ZG2J$9Dug-Y*d9WIy6KPFE{yxu6O+Zs5Q{oL|i{ zLVcT2yMt5FKcqHgwnJrSpDBcGeeC&`6n_a9uv+4cQzmHg&dPmPor->N0<)Ucc95*l z+{%xMR=)EgN=`(WYZcRfbVurNoEIjGSa8f8zt6*)v+Pl6jH;tu`t(-OTz}@vBBGa< z=#Ik(__!o?W2}d@EvieIeSLQhxBZftwdfbjh^BMb)(XT|-bp(<^gk{mZ+^d{pH{Z@ zzMe{lyICfIyD#%=!(-|$ya>9lJ^SsdzdCZ8Ux|c@+NOUP2mo7!XV^Nk$bey$;}#*zrO_H%?d4o%PFuuDicMUFWKnCGpwW zN%2o#p0npe0Iv$^Buf>=i1eyCA-&w*cUa$SQ(&4s==k!5QrziCyQ6OR@el=>QiI0O zACXlpmoW2=?)46eTSaAgh5xO+q1!(0&wV#TcZG9rArHHjs0tq8T9fv4Crm=qUfs9N zcao$}%bsqKi6n&9Y?-A7{!|T)kdQE9OODtwm67enc-V*3Q7xCur)Q>+lk4f4--mP= zqqw|th2*-!@B|XvP&1?EG6<_7xG5ko?A3{Fpm|9Kc&I30t?4y|5U_ild`DHip#Gf` z3OIax{mY}3V?A9nWnAq`loqW(kh~Ev%XL(rXMYQNU(qq|1IB;oJ}uV`Abfx44xt#% z)ZS7Dww>_t?A>;G9sqPYzKiWHP(P@@z00!gGq>4si&{$}G6wAWbp@88q`483+6Yg7 z6V`o!*7z_q-QJHr)*8%+|dy$-5zb=uvs}lPvNPor|Z~YPx ztbhB&^?u@Vs6sjF(PrLS7BDzrRgXxwWxLv=6!j%xw<4I!Qv)QHZarlv@P zPG0DqT6Zsi<@4daSJoXrX&2Xyd@Y{`={h#U!2v9^%mS`hH6SlRgU?ctk)*< zXSu5%4F#ABMiJ0ntp@$qMCtw4rLo{h#Q^eM?DlkH%x1N z;b;*zch+_6{aUb^P~{Fzja^=~cp%@@ZC(6bp= zEus6|F`$z#E`yrC^q6odi??e*4-_Sh^ZkKJfBRPFxo!aI`|No-sPg*3sJ=$a-#`I1 z?H&AgtnW||j@xr2vGD(ZG-}yG6!iawNzi>&3h0af>9Ei7!B800Db*c%i=Alaw3hmZR5eMH#ac$U%U$0x&8BnNujG%gA8vPI%ANEK#i3!xy3~4NMDLS@y@iZM z(?Wzi!C4|fXdcyndJH{M7#?$PI05^3lk-U$S>#XcH!q(o&L`wb4*TU@UVP|J=C$Ac zL@W8sZ3v9R?l_Dm__8C7*Zwv?Jle|_y74<8!CzTL`AqGmjI3;gL(DTtYh)jT&`7>r zP7&?lz3dduOsK`C=l`!3L+kz#_}v38ud$Kv%a<>O<>fo6FV?grzkVg)b2<#ZK3cqx z{aTsh3AYt1FVr!sZat!k^30Bkn8_G-cj;@K7rI+(D;mHHp+7~~?~KNGV1HnNmeaS? zV6UjDIl}#)*lv0lSF-m-zkaP3zxZGi4UWzT2*bVj@^9`Ar8lEz^$%lzcqy?Tl&%U& z@ku>#d(|bb5fGhwGU>LZS$|j7cRHw!?PB*YnB%WPd-6v<$yGKJdV-(Mw_iMP=+p2y zANq8pTKimqFMB(G_1v2F$}~g&A`tx-YSC@@!zczkT&8bO|D2Ofd3Gbc7NHi_?OqgC za89i4Ww!g;aBS50b${$cgFfQ(+u_aUOkOYlQ?tl(Ah{Zo!1**i;7@Jr@tuVMMjJ;jQLPG&N&c4+hM@hZFXYO^{>8$1SBtdVcYF&_^F;y{%`Eq-e z=xX9Ha&k--pbSdt!`kv??p>cV2X)A_YGJ(at?We4VkpxJEpL4cDaVBvcCYuCESlmt z?9L-<&h7?{nqQB(?Nx~jKR>YKFa56O(F3+`f8wH%gK%+PZ0?HOtfzWD6Xt%z_adF& zseP<%xLckbvMPz(HI`eEZO=ivc>oV>n=ZW0dfdtBsdBmh==g(aFBv{Bm`UJanx6g= zaiLhdl>jOZ95r!oIGyWzm)i{B>A6xXo=*ew+9am@8p$)Q**+yd;ON4N6W9HsXgBhk z$a+Scg+uYQ-0`@VAL+DQt^^;r?9t>~Co66ts1<8HvA6rMXIxB+Hrh)pO~KY`dvwKz z{&Fp|;$QEXg7FeR@}kMdU=G@1Ff)lkpMYKB(_OH#<8NI9z547wr*vTF*cYJj?6T0WS}L#=2p5ScVyzEgf%_|QK1BWD!=FKVOoP=zV_qx8+o zV4vW_D){+0HYs%# zA_M*Tkz5Lw_cD|5#lSFPBSkAb49|l$je8a`;Rm0+w;+!KWLH@lnS6oQ_?77|eW2I6 z#Djla4Oo^xMD56+vsir6m6;JT;AY>`Wm9x_wew?tm}$$g6g6LC#?V`dPY|UDdFK@Vh)sa26(uXDhC~We68=IRI0?= z6~o()>XxkWjVq&l?8YuK_aSXb9sUzvbGUV&_eY&^I?#g+u5{-SibdwfF~#bnvnw^& zsjp-{16V!6%6;R^Ca+r%y*rFkbA8pEWQaeUh@oW)a(PKdjj7mA*y=`G?2bprKDcjE zX?t+fc41KS3P?gcmduEZEL{r5ihrAde(XxC1~)n+H$rAywnJuL?OwcV zg-5P1AN#P86Ejp_-xynNW2=8g5)b`C-5G$z%gr%e7++CK%Z9dy?(jfFbkk6OMs}_} z(8p1u;#;Nvb?$Z$`uV(sk&!%uX0OQ}R9=85@^KKLL4o~&0=cjW04Zci&eYT9t zE%Fe}Q?JlH+c91juVNdvzR+&FNZ{4{e$-i}w{|NbcO25P6bAp3gi*##zE&<9)e%Tv zTb|*`Uwl=wfGZ$^9%H~Lh3m3FxkFHSSK;7oQjbfr2vcnmF&M zOdk3?Ad-)K$HOgnvyEO*!7A`z>uC63NB+H!FbqsY;Zu)Xj_l9N!(GmO6s^Jy`SxKH z(?zcRZp2iQdor!<@i?L1#pdPS#&7Q#^W(0X1sz#MzAYYTfn$Wr7PQ{oR1XncY3%bM zT1Lr!-I$pA`CWa7Sqf;+5Q7-Sl|51T}x^z|lq ze4zPt2^#M5J)?_)$O)4Uv#1w(bfYb?v86LW$IUvuQTXC@Se)G z(HZorvG(W7h1dev9@Fo_hkq40Gu1 zfm==42lmq}Oc^EDLBk$p7_NZ2ME5f`btFNUlBD*z7|Nunsan)fC!@fkqb26OKq{FEze$%<;DyS^Jkj~HgfbM`Zz}zyEd=8IvqE@bTl8| zJa4lQfKhX*+A&ci1U5AZpN1^GC0VGc*A3QtC2u#$OG(fB6qp`>``DOZOlsZbBUEm; zHyLli@+3)Y9_VCjkk?>=wmbqt?Q*pfSJl$abRz^cj-`6hLv*?>;OD@S&f+QJRR#y7 zPS&?c;uA&L@`v)}r=6kV;q$)}m-)HaXq@nw<@w^3+Pq|6r+Y0A9W$cfJ6Iw=;$?Kj z{f?+S3bHwkK!sKzyL&UkJGTL6)ZMUZt4Fcy7pbJTFYF(9Y}BWJ47KWSWzb<~o@ znw1(j05OTZ+-bA3)#r#eI|nAxEjl$Ui1%WyI z+<7Gs@v)hsP74G?l5Fq;iGQHg+L$Ut-y^ep-WXkW=|V$zmGkM24xyygfB|92#k||^ z;Y<@7a$81PK5M(v5mtE^&b8*sl7PcxYq4b9N%=siuF-7rS)j)Fz1t%6IMq5?2FQ_h z=cpKd@h0xFoP3P>UPDXP;1Nt71bQEmA}W5?n4Sr2oik(D9#k~HTe-=r0!FsdU< znI`;KE)n%4K$~a3V{};kq}fT)f_3{Mu`5nk7QeuIs;v!7J4t=|;2V++iXqLE0W zI{iX`kTFW(=D*LlD*5&`m=-QGuQ>>(*cgXTAZ2Nvs%?}%vhQHIaKo}=|C>)FGlwtd zf%3L?5#ijT%FfpS+6)*pGV-zBc^UeJpeOffL~9>DL6;G0>NX3qBbw`0mkz!H?M3ZwQij%+R!zM_9fewHXagI4@=cwJiW8^ z4@~B9pv$1$cdtI&bzPG0t88>5-CwNhK&|x?6ln0^OxXV-RqZ5F_%V*Z@KZJ{R9B8p zlQ_m$cd6C?uw;r`w7sVKu{2-w1rNl_AEDj)ZFp|M(>3>d_L*$Iavr>>s9i@k!}gq9 zp&FKEq^Rhom0jA!Pjf!|oF#6JQjOAu6x+Z76GR{vS2ICncX#TkO{J$=;paMrGI#XT zgJb3T=_1*$`u5Qlqxd;=0u7F%tpOnAR(O=3cg_uLUc`a~y&bFeW>#0LSP+oeK#5eBMP$e)l*-=WXF3W}=Y z&uvhOE$avfx%`CW!gp$mPs~SvAgMz4V+FTl39W8gr=$PsT>GK?zU%GSV}N9lW8Jxi z^R{PXw6t*6R*ukb^WCT?b23)$CF+eGg_4(W>RNd~^nwt1W!>#mOz$(Bm65m%FG4z* znqRoM#DW8DLCuAW17T=Qxk!Q;fG^1Ft{VkNXlnz-V|CfO?>PhLoaZ)<)Zf#1kvHKJ zq_eTROd-^rOPai0VGO21s30coYL`3~0Dn_gk6+wyIP(0?3PJoQj_Rs0*Kx==K?SHp#I1ZVd7HvfHRhnSn7IwCt#nYeB{j=g z!YsEBJJ1< zd35zDtLHdM#-a^V>uT)3(N_d`VpopFJiSh)7t~$L#(K5Z^*XqkIgeClPv$!F6LXUu z2Jsl2D)T-W*}JI<;0-pb`DaBGB-_k#MTN-jV`NM%OTj6W#_$tIteylnPcvi&8SOB$ zUnIrT(&ryJn=VD_yTr(l52k-9RceTXp1Gu+uNfY0l;1K^x)NFm9|19wQH(_b{?fJs zU&s#IC4D&dP1L4AA8{?u?egIH(sU~4XXv5UE;;|NIszQ2!5V0OH z;ceI1Mh&y)%+V^Rw}$)~bT4><5RvnA`SQH&0hT$>W3y0t#ilM$3;&<-cAt&Ui9*e}YdpcnHB%RvJV8;jm(T_c zQE4EQX?DcD*hVo=<`Ql=p3NxU+T^~pxZ_&M;DXcIWc~)*C-fu zZ{hXz)!IpE6B1;z=^*ezBRqUN@e9#Q(mTz;`s382N;^SqLJ!+Hryyc;{3bs_1u9ub za%3*gi1wJsfG@j^GodqPTVvPl)ouFAkF_G`@jJ;D%VW2jDMWyo+z@A)^X7#Ls#L|Aj+|&&#gT6zhcoRlSW^JL=uoJiHIa;>2$7h~RGRu!s zwUa&NFDI#HJGKRv{oG+J-9>#masOWHZ+A;u6%1f>vebZ4*FijF@-X8Pf7PU_iGFOCq0Z z>vnjI^}QrX=QDzp;X9G~IM6(OQ>D~YWob4Rh+c1>7mVlVsRT5w`UZV#tAeypt3f8k zo8JsyA>!fgb=DG60LtB|+{)-%LB(Eg?$q`y#TVY^=|^ppZ5xU4M1bA#)}G~iYR2PN z(!!90Q>L+%Tfg|=;7?pr*_tTg2sbTE0+K5AKhWX8t)2a=t>7w$R0h1K)kI79BGsqs z9bN3`w2{|jnLi-h)9MaTSATuQd@=3D&S~DTBGo27s9a>;s$UK*#AORWS7qZZLsNm& z)J?(A1@I8|3O3jlTmMVG%NDaJh{BoqpbghHp`JdvcfIMC+tq$=PU`lWZWE`r(-~0P z`)t(@oiL1jWOmVjGCF$Vd1V;j=}D(l2>9|YvHI%s+s#S*Nb1dni_vw2>8vazn#oxr&I^EjQynG zm9%xAT50puw8Q`dTX-q2W-W40QD0Z6S_@CV_>r7&Evx)F)AxjyXtji<|by;TA zsP&l7DcYSDdbJ7WKCvAmC-7S82hC$?}PbT#L(cs>6247;5o;0>PCX6 zgU+OXk{sRpKLtTQY}X?Z>9n-8dMPj~hb+CxTrak%`S=#p7@!$>6&xHmpbt24S2#SG zFa{p2ZUmyImd^k^Kp;?!io&Vk=%j0GEQ(Shal$G;qXwGk|tHo$gF*iuLu+%h4s#2e5I{iA6gVs-s)$->|1#UIRRize6fBt{EBuv!sA!sk z&);__DAxV|DHK{V?dvRq=-mOxi{`fZKa79QH2(wkHQe(ed!~p91_tut#jWzqRR}|y zhkcM~-y3gOBP|x(uz$pi=4?OE?%8>DPWV0Z_J=TOX6LU`=)%bmmEC-Fr$uh1s!NZJ z3-2#~qVJ(KBjW9#>L^a>4xfCBS|?R0$q+j`xxrlS`grRVMFdb)ZIey}*Mi={93iqj z`V*bJ0I8d|@_)F7JODe@qTfhZac+OUT*Lm-5ZX(NgYdT;U@u)|miD=;#L|fy+KEC<3nj zwIS7uII>w-MA9YV%w8&p@jGxllV5p)a402vnc%A_Qz|r*bC*p<+C)4M=+0w>1-PlM zb}cwS#_D?#G1;|pk~Qxf5MsW#Gv$60S(@o!{L_?5y7pN2CNS!4qkXI`&OZ{c!+ZOF z!2kA_$X7xzP78_}fbPPC>=!Ah@7TdT-eqDxb=e=HE!*t-6ITB8vpbIi!|>b>6#CwZ z$}ieNNT&$xpYw!IehYV&^gO{5snt|r$Rh|zyQ0&pjJrfnoj7m1%2WcglYfZV17AQZ3Pm)Spe)^We+VEPBH9`1@>g`hM&Awkkr3Q zD|ns7Q>cbBSH(LbK%M_HLgwYmH!Ra6b%u{FhMw-dkjjvn;@K))Gv;6GEFjtl5f9)7 zT;%macW;EbT9X+g_5$JJ-0c^RjxG9bzPNyNgit*A_E?jga-PrssEmHWJV4KfHN3uy z!oI>|zyihVgEb_N#zL%eA!Sq-|DDVzgRlJ*k+exHJ!IR7E8*rC|Mbl! zNtjT-pRktrcLz2Z8kYhQ2X`AQyGWpgC)mtU&saAmm2&~%$cgxTjJcn<5LtfKo_ob# zcFEGLwHSG8*d%m9E!Z%c+cwkFKe*exGd^bi&XV*Ib`%#?t|Yg)tFo=8O4#khV<+wM ze6J4+`%pCH$!2Jy#0emL-?Gwe&A+TJ*1z`jkhxK0kqe7OH^KWnci6TA>M5B=k zm@o`F=Fr|xop;~(do6XVQO|$A+MkIKtLyIST865`Kk3HDEo&1nQ4PjyCQngo=QQK5 zPK3QO!%v0U1fEmBW)6TFkq+FS8<)0_K?4JsHe(N7Axj_4BtaqkuT10u6gNJBr+;7C zwAlCkr|bUj%HwZ_;QyiQLZB+h#ntuy)Kngxo)KacU!_hY|L{CIjTyMyi@!RVCk<6> zn0R=`C0Gr{&CSiHS66w^jo#j0>iLWKe-({Ega$!Y@TSVY6k3&d8Br(YKSbFTy#3Fl z@)4?-ml{PVU$P{#7+&H#_tt+tPPEf#WE)YV{gag(lsu;y zi&DD6Y-DUOu@GMZGw*7xFglXrtRVb;aw5V65F06pVdqB{AC($Ub{TYTK5-)2;4j2J zoEQL6?<&jt405)@OJzK|d5onQcDAp#CZw3Ix6T!Qj$q^y7C405M}1kQSDG7X^=NtT zC1jTv$oNN~pAw$Qx#<#6BNE_R2wo_DQTx_ZI|nNQv@5xTR~*f4$e3K+s!j=}*b{d>4<8c9V-$+JfGihLiZZ7fFT{8bpp!5Df4uh0b&fr9;;+~Q8>D4NX+ll<< zV3AGdI#U&d+Ghoc)X-Zi42)Hem(?oLgfG{YX>|0LdK9|%l6}$E`F4XCG4)Kz{YxCw z6zg<*hhIn26bYv@3^u7Erhz4%G`^u%0x+*v2MZqQBPB7zcavEJV4MWrvdVA;D+aOE zS5;t-Tr9Yix~RA%+Xh(qJ@hmiJ|8y*hfSbR)G z1x}Wm6A!nekxr|xS(Qf^+|2bA{pizrnnXX8QL@G#KqJk1QdB>U-ezqnEd>vMfI3%p zs;#u)39fwd^5~@i=zaAZ1YHaf_mm-NnrJgx?-SF_2sIar=nW5e>p2a!aFRb-7H3zmz3x_zm{XIwqomC{CQ*1I)1!K z*{;!Xyx58ds&}n#rNoL=wb`N11syf_&m}py{ZcDc^ONeREXTjaes2$2Y>hsF&D@^H z<2&EXh151E9V1!4Q>l15vA<|AT9PluDRyMupnqRPaqZ-O&CkI6XM8k7!^SyuPZRc! z6Kb z8opJoQC+=fEQ=5P$o58h7?ES>n^V z0R4YyEw6dpIR+O$#Kbvp8UUj%XwQ=9e9mpLq6snM#A0zaocsmpr{hSh z0Z@pubAR-o0k`CitT4GH0X0 z;H!M66x_Xwxv9)P5QAuxNVF)_YFU&UyBpb~vX?+ckyCGz`<{yVR73#UJ<+19_skj; z*C}FT>uWYQW;6?7SvDj?U2t+llVfgOx3UlUQ+fGL5WT`+emP}ZGx|_IC@{-QrLuKl zAJQY!9)5rHRu_~r1|+amD7=+9YTE%s>W+xFzB5;s&@KP?du*6toUu(;?9KbvO&J4W z19h*d2ji&9>x7qq78`ZE-iv|fzezgqY5=wDMfv=9Lvh_>#Vj?n_^N*wX}syMaYUay zOj%AWjzx0GF$KMZp4^-|K z78h`c=#QUHMdIlUBG#Aos?%7%=9>B_5rO=wh=qPW#A_hTk<$ zc0XQbMjDK^1FfO^v#In=ro1iV&(g;yZubNfc90g*A@LOhDoz3kCT%EV^a6q&oW?OeeB~F9>llp*G6d-4 z4QW9^Yfh|xMkIxuJl*?&*+`a#Z>X)QKZvvXALag8qJEkk$H=hQddc31rVD~!^gy>I z5~AI7QP(Qb&!qg<8okONHqIgsizKtPcNpRB^zt%Grw*G#O)!(3Fy|kf6_dx|FF}Pk zfkFBgzLjK?{y#43pApzU3Hx7o?f-27`mfCYw*~WmSq%O^7p)r_C0{{^B1YwYerm&w zYuGS1r&gxX@KH}Mr&0=v?CfBiot@8j#-i%#>YxucTXO(nREPssFj5v440v5Rt0nwG zhR8q4(+Vn|f!C%^v~37+So246X<};R`*)(4(f27(xZKa!WVeN!=2+lxk%KJ%TyFM9 zt>bCtFTqqN9<>Lp!Tp{x&-k>eyIa&_aFhFa8U2Y#xxoeo6^IjkpYe=L8Se(4vGbo~ zmu|t1I2aK8sr7!vLfAVW{ zT9;(1FvB`th0e~-XKTpcI(|YcUplFhMUTr7L$-yii-qDaiWYB2qzhd?xhLfWpb)9r zOC$}`yNpf2js2k0pV4&kAD9s+tn0j{o~O3L>_D$2w@FN`%>GAOOCs|$?_uav>RC98 zzhoPRiSG%S%@(GeKLNzTz=W!{67^3UDa_5yIuCUg&a4E*Cj?=t#zx)R23~Lx+)z)D z=QJQS|L%Q5Gzw-kp!w?f1!JQ)=u{^&K%%V$BA&c^rFs*0S)(xjG6~5Fn@MiVfB;I zR}GsMz5q~ZK6Vpb!Yve{$k7j<*IKg=#av_1PJ5-oYGu@(VrcUtjJG6f@yUIS>qpV7J-sGQv)S zeTqm>Vi9fJix8PBBbI43J`Dn63C@C&R@!GNyPuIocVF7mkmQX1xGCH)g>OD1%6R`U$P`xzUQZ{RyTc1AZ&+304Tdjx+AKad+ISvQ z&uJ4Eziru==(&%WM0ZY?C?>0n5W$^xvPUUayT!+GiG?lAOB%>-<9Iys3M>`j0Fd&U zPQ^FiUnSd4%yDSa8VQM9P>8)%s$?*HcWtzQie??cMCocWk1i7`ICKtw+HN03nELaC zkSd=)vxHlIM6jK$P4bfNB+&SbMxc826|VJigTz0i$bEVu^1^+q@*Cs+NpKiCsJ_*j zh)zKF&cFRs82ni|P{#nV@4~HEY1omod%BWt1wc$pt465Tzhbj$!f9WiBfj$5L}j{t`yaN_c4r>Xx@w5w>Z1y?S;4O z-ft-pm%mhr9{XG1WC=VC>mLfbB-MdPI;5Au%cp0{ab);Ho0c2vb#D^_re-^Lv7s3F zrvO&jNZvgN$;0l=av51s4ii=e#>o6n9+_<(G|xvQX=@i3>4{3?FIApKXR)v z6Q>>)^Rd$1RSkj0nN{>4{{iAYsI7JNuG>N`ITAyujxK;U2oug_i(c}r{Kom;$%MkL z*y<8hSo$@iQn0l!SqFD!l+Nvsy0?0}y5~^YosH~J-kO3{O#{!DkVp&K)`oCK@Gq5; zIkr^lBAY=QFD^u0#SRcs30zXQ-OLZnO}d`-tEV*b#Dz<_Z`@GdD-`{=d5*c-< zcvVH+)z-L_wW=Qk;D9`Fi<^5b8Eu4KL;9`9E}M+)aQCe`cTwd^z2Cxg)s4=2Z??{^ zF5638tYc1OP07HWbPIno!dGM zYTBo@hYn9wsiU2}UFO~0m?JINfqVghDquwk)cpJK@DSbuEiMLSuaTMJrpaOkj(R?L ztQA)0*1f39A;Wu{Rm%fx3oTB5keH4)9?Hr#?Mq#&sK`Ic{#l}SJ{F5`TXOOksh$i} zD~J)y)vq=tA3oSr`Hu2OI2?M{2n63sZZy(p*x1sKRGes<^>zPPAz9KWbtu(J_$73wTnk-9*p)AhI%Y`%xP7rMBCO~_ zanlk$x!C`N)qoq_U1W(w)k~F_Qn=iap2b<_koiI#ucL-eUH0+X%A;~HewMkO#ZU%| z6$mKdu-@v8OU{tVJQh32uu}6ynZWgejD*jmG@|3ShsKY&Z|QIBez$lic_Ulg1f!Bs zd@_(R(dyvYAEqm;xgnKiJEr`U?jInGKEF*SRn@-Vg`}e`+}==(8!4K?>o6hH&8fau z^MZcGB5ZR8(c|l>1-w?t_Rta>9*ergRf~DN?xi0m!Tcsnz+XGlS1NS`Itsfs8v*#_ ziWDWkU~Hm|mo9IGbtu+=Kxl~WyH|Bk})*3@q9)07e^afB2FU+>`j5N^(T$u#qJ!nw>% zI{Q>s9RCb*Q{_$?qXsXYKFzGfns1I4;5S`tW=Dkd#`gO6w~qyH{*0KLBq-V#VAJ*1 zS}#C!W-ngTQn}&}888b&#wt@oT8#eGuuU3Qa@0G~rgTDAa}N|1vew_aFH`w;~jiZr6iZ>8vdyLa(ti2EStd*m{=pv0=KExRkJI9ya2rXe}HGA4o4u zByrEus;bp2Xqh)4-IH9Z#-PC9y`Ws6kN&zE{+p`(&W#^Z$sKd_HjZG7b40Z&!-FSH z^vzRqccEeOeqS%2!BJ?<2hbhEel@{3JGCs>c zW>5ooPb|D>2E9%*w!CD-9uQ2x#=(XO*ysc7)4N_Ga}V1a4%@T;Roz!cwbixT(o&;P zDDI@iDXzh(P+SVMxVyVsTA;WTcW6t2wzvg%2*nE&4eoBi1L5xQzTf$deCLjP?-=*T z**}7eBzy0*m&|9*`8-QPXAqkes?YRJrzMHOP*!f|gKW51B0V!RQQ^eTenZ``>s-BO zHQ9k72X@RaMgqER;%%Z>D*EcX%tjV%0R{fpFaWwlifU8fVQoiPFBsYDiHX1#E2`bi58MzCx(K z99F<>#&*pJu5wx+Zf#; zCh5z(k(7aV*V+N$FunA5ovv&H2r@G^JIZ3Mcm}pf)cwk5c~{WoMJ5S49A8F#1M~;y zNG2M;p!uhmM4zTjAjRc8mX@~_4H{lEX0AGhN3zuLKb$C>f)4O=T}wXsGTHlVK^JI?;Ro8L_;|^&=_{-^f=F; zOEja-a<$fhW5m^!sGX$Kk#WjcR~LqiyGp{Wca zgcC$bzZNFwp-0DGOmCS1AhmXKNB0zHBuv0r09+cu=RZYDgVluMyd-m#U?iSwh40y< zi|F_dpELofYLd?lu(w+{s$;gZZTSooyhp|i`cu~+7n^T-&-5m_o@hBfW+d!inTz{&r$6%LyF)1=*R^aCage5YA)KR7XyAW zdH%vMImlca3ni_`q*};VRN>-n5va_+j{YOCU~o{=9rWW*h{CRM+gsq?G5b94#Qz|{ zjLsEcceBNE7=_~D9TqDzvRvn?-`3Ua_!ZKi8uFNbv;Pk-?lI6_hCD`_Ct?M48sAFO z8)sa2C$n0)a@KhnA711J)2|J*V*8n_3v519oQqf-VUxu&^gDVFd1F{<674tq+xNB&nL80KNpgmlkqM%7tj9V~H?{x8!fX-)aWz7S7 ze=YV7ltxkEM|E0@sj7t(dhB=404531!>ebP?#o6ZgfKe=J**Z&UZHw_MzyBwzOM%N z7Vt`q2)V6va!b>6O9dl`%TihvZ$GlB8UCI|S<{lb{->qG^foE!@s0WzJFN&%JIfT! zs1p%73Ccmj7$~>;EmOg#J4NRapJp4^&x3ak`Y=&Ag10NPIui0QW<^IU*d2pGB-{59 z&Pk|;Z#@$|9E|-F2wpd;q2}QID2e>G5ABzStZ0>qM_G=t+CqQ9?EOa@&1}_&L@cSo zUy9QGGNs#v7JhfcjxGl*J;-*q(`8og>u75xI6D~^EM#O=9#<9t#T5LtB*}1~h0XFr z%434bS{pDhdfQww>k#JGPdCKd2D40Br>!$kh{@>4*V&+$G2n4$mqhzYU=E*V5Tc2?sDVIu`P7QkEy0|v4D=}-Zj z6^vt8(+cn|Yy5fIMVj%TvgG%XEH_OEnsz#sNUFJh>`)tOZ?@@ZJ!hAKay>5N2 zCEL;@>lrh7-W~qdnQeeR0t?2xkXbk?#HTkKXELSK5W@*M+`+e(4u&@rfL4$>cEWL4nstC}u;kZn1hMD`MF z!E=ptqBMFmXDBxz0Go5iBVGU9E*Y!J(LhKwn2N1VG3JEry$ zc+1@+>SzYbW3LnG>GdY@oAp~L8;Iav@Lq>41G25vo^RafKPb$(1oI*qFiEcG<&ZR) zfa&v|=DBT&AO|Mjq`dzAhY~)~%HqIM=IRX+21@ySEQ~9&(P}`Q*SF9D`APv}>K@mAF@|**@RgRl!sa1Oyj;nDWrFg%d&za1o z0baUg@qa*xTj4Ue&Jutunu;YjyDiaS6+@WQS9rZjZLYfW^Um%ujHogkkqyodEtADP z=r8wNwToFf}3<&ko@w@w?@3O?s9gMvKs0_-PzvArQRLrz-tiFeno{Y-Z zt(qB~KY#ng5Et;@lgGtX#+daUjz6aJ6%>NLk@LJ=`qSp=Us0^H0lIex=>w}N+x3pe zKvtt6+8+lTwRGrNI(om`Vkzo13ot_u1k{cI&jte+&jUyM)HiR!x43yz>1FktSFxIh z|J9C%`|ebxdECT)#hRec2~~XlbxZnH$Tuw|bYGNQR{D*`8Z!22lF$`8<=7NU0TK%= z4-YWv((gwZS~8~kn>KiZhlYp5tZ%vgE7ThTfa$-$g?hqb%2hw#MRuO*0zcM=H@r;B z&_h2|h624t_WJS|%OnLekN#9&h{sQJRlm8SjFEp_(Ady+twaR?IiqPr+{c-c+&nyT zj6XiCw3~S;hNk*?7L@eRkmMN}lE~OULR;_Xks|=i-SwdOH?PWnGT+^tA9(qn5Giz@ zLzTaDSriCau{G!P=?eO0Fc*|v&X#70bTn&3<O ze@WaLj9KY+VoJlk!KM*=TQ!Mg=T?eqVbV~$57MNs(u-g#$8&0 zR3YH>GD@G(bN}1a@n8a;0hDJx#|o6gXrf2th+$jl&{nR*DbTB+ylhe5F-Lz7U%}@~ zT-hQjDYvA%h-KL63GbYJbV(U4>)i&}cuscy$1+jYm6mb!Wp82hoe2OIt~(aZ$Kf&p z3kwVOY(1(*Mn-_Klsv*=7~Kwm6*B=?xH9aGfQR@4DQLCpr_TDZ56eBAy%tQ2GMiMv zqbGOMQ?;6fsw7;|*JqpcGG-3@!1+9$4ep=lN$SueI-6?5Ewo_v|aWoGbTIi^B&m z*;+mOgQt$Tgc!-z5(6K;*dY7vSAng5 z-|JoP@E+t(|G3(2+zhb!@K6+W(krU+3uV*v<;v!@YPNysE=$+K`ZB(+PfL5#X%ipi zbjWzP-ohCt;=!b2l4Zq$rXW>5aPQU^UXLl%GVxzcsS5PRIxe53Wf+eBO5H9RA&6n$ zn)DgH8$SMdTxU?#tl#rqNra--&pw-1c6+sy)X6()>$SsyA&1#3drM}X{<=(4=11N- zN~K1Nw^u~BZbF_8rI zQ0#LsIJo#>?tATxc{po1$FsQXC*EH{GkOj0k9IW}C)1AHl7w%KnM|B)%$=L}xS!~| zPs3!*ADu1Lt$ELEt(sn&FDiEvA}6(fU`n`0$RbZy&rpt@*((f)5})A(Glk2ie^4kT z!|lq zS(v23v060IIg#oT21b%Za|fm}W2s4})>pRZ!Aa(wxp#*Mhfix4!l!Zk>r`iKiili9 z9Xw`b40n%^$`Eu-OKBEjRf~#??k^S`{m2CN&;51| zcTZS2ka0-&vTwNl=Eu&WA84NCBRIMlcy!vF$v}$ z4k~k<&SGD2fs~T$fv$6dv9fzDzu`|$FYMD-4Wd8#LzQBWns53_euBRsT zzjqfwksj+tF6~$Dv@?Dj=R}}rpO4WWVS;23*P2VrjiYu z`(jy!zwUF6{0J?gryUMt#0;4n+wlnU;vI7mFzdB~gHn0J9O5YOFSWSh#r-lakZZi| z@&r{rQBS_PI1z*k7_SS$Nq?vCkDOVSfb=AA8BJ|L!c0X*eZyQB99P2W4ueSxRST^O z7nLIHhm!fW+`K2-5nmMdxn4>&cjScmq(V_tK(dYFl@F}j$*GxaAnYQO4DsSV4Q&!N z?^?w-Pib)wI6;<9`;FJyph78LyfBXiW5prR6x^)}6j#D}ijad1Ujy%Gyw!dRtQzs* z_#fkUA9h;mcZKW+`qbQePA_sIt;X<~!z*)Jr_O%S&wu4Ne-B=HV=?B>Y?Id04V;o5 zOL$Ud-?_brMwVy9O)`(8UU*SfKR6^!$g3D!4H;r8R;loic&YzA(_E$I0LeC~*u49% zliO`Sv`w6A9PEt60AEC|)78)ke zEc|M?AmS3QMTEvMGM2Mb1bmOIxZ-CEBgZ8mrB52qHE}ssdKGCZQ7tDPqs<*Eu)$dv zf86!z!-Gp?YfvO*htInhM6<)N*NnrwObXLr6Ox1u#DNQ3-+7^>+$r>!>@v>+Yd|Tx zH-MG=+KzH&-*ZC9p11uf<|_S%+9~186twsgX;Fso%4TV9<(9KM2e5fqYpuH9*|T%q z23PU96uU0S;wRw*czFgWu0&dQzR*EhoFembip}V3wx%zyfLrqi zhBh<@PPa%6Hu;%9oK8N-H{hBUYnWfuihiy0`8lS(_o?E={cl(MxNirG|B0J>ujTaj=IH>yDxhDsz(OThSJK`3MhQ zM+s($I&Zn9iz-i?8&qd&Z-c5>TyTD3(z_c3f1Kdjqb z`sLkLysewL3-s?pzgdnFI}oeHigLS4h-UI(-IQ77&Tp~8ZjBI9iU|mc^LN0w1a+Ut zyGL6xgNi!_A~fuJ?*qJ|AkqVK7GPwZ!G#6qmv@^7azZ)|;-?{-zxfWC;e+kDnb%I= zto7>N_2a#lj^F%KDY*5`23{={!=E2naCHo6%Xap0pVHTOQsziJm0O4)&pO7oKqN(w zgKRLK9ZW2(*g=w4wh)G29w_CWRyH&o$Tjr*h*zPnIa6&!P%3P{O>bacdP$cu_4l!yeW#sW7I*_I>Aew$64&(c~1#qqH~W%85)pXG(J z76pB?{mRzJMAyrednc#)7VOpuN{hag2Qj^?Qfs?9KG$KPzZ&z<;4EQ@iaA~iZ*fFp z>&-Okyup3xVa?8LyZ;u)$)yHR*D9Qn)Z^Kz?i~_kPFs+y-NU43@1_5|Q_qgJWCiqU)iYVX@*#t9*Oft<2%uIOE$f- z!IJax-(Ul(sv0UsV{#6bwLq3)=+xS+iO@cuChpvl||{vm)y87o-@*? zme%E+eiYAXwzHs$?sCi6Ze}>BJAE6>d|&+7`lVYC znnfp;O3^JDk&B$6DzBQ(zo$8ML0)T8h2rI(1;SAC?3Z+*J&$&f}E z-^{x8LU4KnsT(p^@3iv82F^muBi+IT-&O%vS_VE!q$s=NT~gN7iKF_4IpS1d4rxtM zFJMoOIrD}qw{3lfA^kPr)8q*DojUOGZ8;}FS4^8%oI~H8sCAt3PWl-~_7D?-1Tt%G z{g!Z!-4r%+xU&+Guk-VsatZf>`131yx|~xjZ-aH-dFvJH(XmKg(dO1FJGbHkCl)bd zd$}Rn1cA=S>B6HAbt4&vm!p(lgp?D->eg)sghc4Tx-Np{hB?lz5}>WOp8FDEnSq`< z&e!{1ZNPEZ`~oJ`)Lr5h6WC0F$6*#mzbHo&K9O(OO{Bq^_wDF*K_m*A=_E)q&XRP1 zs;@CP&8jQ2b>whgRiA|by80lwgm74>DTu?(N_UHAO9PbmygfLWbET|9(BG;y_We|4 z^jz;(2|8PYOOEUQ?MG#QEQjX>{5K*PjzX|-GOEYjd(AWq9D(Oi~|a)g<_(DbpdlR43GsINkm=pM1ynk zPNSjt;HoU$hPcErG*@<<=PZ2u8%Yrg8BuHTbGR_LkxdP0?m@VR2x=ZX^r^hdrgB;B z3Qq6ML)4j9?f?x^TNiN-x8)7gSixW5#tdSeuWT#aYt0sGLy8D%S8&M)psjP#2 z8WE!9(?(L$xr6#>&@MOpO=Tf6#?9O|TlqIB_Brw=`&(wsmL?;)+^hPwzEl92PBFdj z>bb=r|0b5ucE(tQr0hOwvE&yegpF;YhQtkZ6=9XX{bh9MBMwL~>aGUQ1-xnYQB0Q` z&f4826y=;+S9Qg4uuHJ%OzoNZ%oGw}CU&bR^{jwg&5v@&&lap$hkM;e*c6?VIn~ZhZlw3_eLIa<>p#q!wc-5z)LW>1j{5c9 zXI7H(Y457B_Q#Qp_D_^eUKm`Z73@ zp34%4?u0bojvCoxbAfOi)@N)KiA}}-l&|O!K-pD#l7nUnj9YkktF$LpiMtW|1vt+< z;!=SMd8a-jn(5Vi4DlkQL7Zluzjf6`>;)?#_fi$8lj~eJRq@sR<(q;0WfYb4!Z1l+ znG?p_%}a_BeVyL@7jzp}v#v?YUIBwy)icma^(*T$+w-tp6MHVFe4sc=vE5UsJ3B>w zf?25pSeOKSAU>>>gi#~puWzOcw~gs)@pH%(Oh92N0#nz!*rTT?nAf)$ zTm~WU-uFwwU)s{Iq24+L`(ZpUQ2ckyd~ zYKEMu_jC+Os3WO);${P{yKr1w?lo#NF_7^fSKBLnZ(jvS9Y88_SS}B-8I%@LWW_dl~X8iYqQ;*?u zD-D*qh#AZ4ibdTF+408f!U+pX0{mE8$!czr?ibGEc99Ol2Ok?MzCRAU_YGmDyertH zV{cB0T>I_u;_0mKwF;cQXwSl9NmJKDM5lJ3h~^Xs%ny8Oj~upqCF%;g+7AT!V09V4 z4g_{!b%idAK|ByRs<-5vo4{ zRlCpSAY1i>cb(IfO3iz2k4aB@V|CJ;MKphvf0L6@riY7PpE#*@UHT}yL*Xdxjr%I= z>ndBKEP#Nd| zbT{D*ZSPB5I<_V-K}6P+^^12 z?I&kh!s+FveQ8#{mE$qRpquDFGk%QA+$v?M=dVnFWORE@z6T#)L_S%r?eWA|wv&sO zGam@bmbY5?&#}-y0}snjcshDBanY;;&!yng?a`RCeBOmZX1cek<@ibx2b*-sD61va zibv`G?3dbAIK>aA;8D$+PCdGzhGjSaBf4aH$jH_MawH38uwUzE{G}B4GxK29)K=rR ze)y=SlZ$1Ub#yDb1?$JmGq(2f1P(4ZT~mLbldooOIvuE1gt3!E`_4oa@kW%mLeaO#IG%A zkiXrf=arz61(vC@r?9Rs(EmEa9Y%HW%$nyaWp2b(hLr_M9l-Vzw_V5vwkpc(!>EWo4XrPb~GkfY=b27_JyX!!vw0^2s($Z2VxD`NC96{X&4J;lgX-=iI?#1 zGXE+gx{_vc{vHpBfyLl5e#1Fj$fPW)Scn$LyGD!3RoTJ zi|+2@#n>M4H`mnz6n-(}CkdB1S^nQBBpf1xb%U=oRZg$TX7ZjSCq*&sFSY|E?Qk7G zE;aYjnYL?v?Pp}x57c)MlTYMdB5&XjFe^e|nPXWl&h;g&8Rct&ItIK)_f8i!AXH;j zehiL-WEKQW3!XW6p5ej5XNz-`BXcXSrzRqaU8Dz`gxH2b9v z-O1*G$bId&FIOM?6;jKii%8it8xB>9-K6h9S)xK3bxus@LM+|SK&TqS&Z_6+Q;i4D zl#`c(2TNXLCFBFnRCf*VpmE!9d`2{wd>}VHg~yO|ckg(m${30`O*-T^ntP$tm0p@q z)T>h>5e%V$e@aW(dU>WA4Dk=UpQT{f6<#5!HGN=pMg(fm%xoYV+!6odl`G(w>_*+Vh|`9Qu`Toh4`ebr@# zu>Z8?t^3J`D~x#BkjDzYCd7|8oe~Zzsuxa{F<#CVy>@zbcvhw;V95w*3|{iK)6TI0bKCDixw3u5E<_KhZqCT&6j#f-v$Wu_e_5PctS2dn5zT43e4F=H zE1H(=32~#-ne|AyhzLJcL4M5!Naq;~XVp$9hqWD2pZ^zji$Z6H*5S}oTekGu z2~jOE_Zn@fr}u&&U!&oV+n$noomPA<8rj*QGWO0N+p(LB_DhG3K-|%-gm{i4SI>MA z3pU*GMr-(V^0fBJ9*8QxVMNR4Nw!E=hDBW|3-=rFwGn;D9oQ*(b~(gC_~ZV-Kfu>* zPoK$vbXR*aSNnEXaVRL{1)ad-O`s+Y01-rF&@(dK+T{5jaZduLL*e@~W`Z8^m-8(i z=NBW@E zaJoDjZjL)u&4-A@I8Gd;iY8eTw1&;{+%{te+6hzM=_2Lv|Hv9OS3w=ZO{e|XaOh7k zP!uu#;4K?%9RH$nx!)$6xxrz+NqPWGdqO<>GbhR6={tDHWWe1>5X2-*_B7D?LX>0M z@FdBS;61?cX!=(YDN+yz$1!~Wg$1>*efWI)L-QFc&(4ow2Glds5o9FAoAj{*AFU&c zpq=*JmFCpOr%4ow6oR1erK9t(&$|mvjjLWK}nZ zqN}stISLG?#QLtdb*87F=Rf6c56)iL+o;gAr&5iVqDvc(GU^SF%8gRz@+UJ=rH4{x>n_uH82IiFw{ObVl4-&}L1m+jn>{=*9sPYVnD zx+7Z~%1t$%_aRqpTH>}uIj3Z#3I_k8K;bzC-(u}rxRX_DGMec4m93v}=q4j?{ZB3g zhBwIJwjuhNnBh800U$IQxV>4|bUcgDUD15slj#4uOd zDV$Kg?-6Vz!A%0-x6u z$&#ZWsuv?s*ey?fm=T5xP!{bP1n=@B<@B-yX0Yt3+NWZq2*~)tZ}s;5u~wNBczgfX ze_%$IM#r^d>nip7nKm@`2)3mB<@Q<)5Tm)qZ+T|Ej|15a(^z#;Wiq&N_4Xz}0WfE9 z?rgC5F|M7*1WM>g?@cIp4w7&`(yjK>4W>iKfxr=~5MegB>Uf!D?Pd@JWZj@+CE!>l z@l>mqe%yLXANCNilm7d(KJc)jj8pxg&E zeO=g?CiZv8F78Iv9lHUAdCU0LTK_W0*v18-1Ma;PuUSq1kiV%a__dXoM<}F(VhT93 zX#g5u(V}qz(0_7NX&mlAI!il!Ldz-O!bWGGa18b9gRC?zv8Z?x96;>5Z|G>_cwhhR zd*M-^ew5ynKb`@J%Js-Ro|ejsJkRjQl;+|2qiI7}<|_Ij*rmzE+?^w<-GVimjCD7F zj*W&pEcPbR|6l6z!L=NzmS( z-03j}933yDm{f5mBfiepJN$Z4`~dt`i;c!iJ$HBUjUx8YrKbcNd|e0}jU@IM-^h)m zst#ON*E{od@c( z!pPg5!Y8W;CqK`kl(M^$m*t;whw8|HbZV^Pz2S<)>+JjP2bO-wmV$Z_s-Uo~KEL%7K~`gaLKi7kH-CL%tdoh}Ls6_W*8<<4}? zz~aa^-6wiyA2+q=wy-N=a;A2zl#wJN1SEpmfwbpRhvsr}qtL)&kF0!0fKX zH8eKShj#zC}x*$bk(#FWk+BeltIV7SDkDADoN;F$eBgQI>5l+k-ov~hO z=ia;7Y}(BsYPr@!rQbz9xz98QNxk`M|46QuGP@#FW>qljJ|{b+@@aFUSCbMJ(#r;$ zRJ5AgX7S-_$y6U~y^YW3^8*@yV-YuIlHIXU!GBL!NO8{Zf(>2%atT2+Yo(cJztExnY}SR% zRjtVLUD8#yxnFx-#$hq#Z@zoIx_t;MH#r&Hwxs%XpFMouT2Aa93mcQ>@r;x)O<{B| zKJSWZ*4!iAt7Nxy0=20ffG&y|7@rU8IiCPVL{79;O@k}P9NSb&cz+kS2KHxfe?uUy z>5Kekj|eBa;}g?uwp}#-xLE>*7+AD9lhBL}&|S!OkT5wLA`sOpkm)gxDb(ycn98(V zvp{AJ9|+}74%iv^M3*iji!=@V)AjiqWlss)fDWdUlpI3QQNi@3VW-iB(tZye9U{=A znki*c#FxTpm&D7a*HQ0+IMZ6s&ZK+=8B;!$=~;Rl;K52nrCXWqKR&c)4_Av_>w3f> zh+z%X9bH$S)%|%T`1HhJ*?3H0DW~zHC+f=ZCG62+YGb z3CoGhZj7>F*&@NOrBpgpR-hEW;7gHpP={@0OK5(YeT*yZm40{;-;|+wNr{YCI^3Fm zl_JvcTsmZyU}5V7|JYEC2II-Ua&0)0>AQ@q_3YgA>Z!6uv3Rmd9s? zJX~Fy}4YI9VQC{a#1I4%jJsr(_>c9;-_>eKS-M zpsRfqlh(+&nxrq4Y8n?X|p%GS?I{lJZ~a(|jY%oGQI z`}L|~l;z#;`*_IIp?W1fYflW0rauVImoJB&iK-7!JJKmDN?dXPo6WWKQkHZSWC)YL z4v63!6=`nmP^#)qF9&ja>c0@gi0RL|4?Hu-zK{LdanoEWLQy|YqwGyyjBW?dXbnmu?i>&=IMAP2p=XHv2 zyz{)nq*we{>r6$Qim>n7sm>drBMX?lZ236nNXZktQ8;spOcDtbG~M=>}?H!TK{5=o=h-ut;~d z^gYn?UXSHK8e*ACvxhGNyY>gF3nt^{t!x>9f;Y?g`bdfz{qX!YLOYf%%_$hh6VI=RX=&5QZPINV}>L#IA-CJmunS1M5)30^q zS);ztCsKUF8g(w4|lcvu{}5ed$%;&j(b0pfpP5P9Tzsu7H22k=4~$jJ2Ak2 z-Xyf$P_NT5Y zU6guwqrXxsNVwj8AJl(;a?g0rd3`2f6;HC<>6`;zw9R?l{}n>;UB6NIk01N7z1>o< zK6r1GTBGhk;sD6JlZDlg(OZ%EOE=PLvO5E$q`I9-sknc+`d{Pdf&0gsS3? zSF7;QSPj52)}qU;(%)y6M3APd+MMcMJfiA^&rt>Q+*N~gvyr#7`!BG81j2`WB73Kn ztwu8OtY04@y66D1zCAyr2XUbjT)b8NbFvqwz$caA#I3oa;(?y`>=(BPU^fT4ET3Ys zWD;LlU`L$b%Z=A820q|;8=KT7+9YjiP;U7T=6-|XSKV&dDa5$kkXLj;0b|0-q=K^)7o%Tm)SrZ8GF%jR5ESU~+yxXZw(-Tsohxr(3bT z9Fyr^X%*+*5~;J5zoEVUSfT+OKHDl$I-Dce8OFdUu2`Y-Hrm}mLMmsb0)U#~V3Y^R zpi;>YyzG7?5D};V{BKY~bUJNZqnD>C*RCjb(8rGpYaUlYC4eS0LS=LiI@)o%*Dvp3 zY`G+6s((eS7sJ1V9H$PUnK3~_--9HDUEO}o_=0tGIR_E6F(0k#0Uex4Q^=cq&A=x@ zL!M%5S?MpAKJfUQAK#QJj(hi4D(~ultSk9sl$bvgQNn`!+~$vP`%;CX;0ZJ?$R2^$<&PgS-wXQS18#*KjRu| z4Al$`jbUhwGcBxR$4a87T_paB4$Xj;S#I*Mn)KAqYU(|~lP8kC7Lg7p1L~wL%c(de z>Fhc!D#VRKQRz-BPf>(; zf##~57xKJ$o_92ryfG$it;hMo4xH5B5(MU~SLq*ZTM)$azBg{@Iogo&s(J*mCD~T$ zSoqS&-#7nWRD)U|p#i5_u*=sDpxNCY2ojuLwY<-Ece=+Ln=8!q#YW^AiZ@LIEVV!Z z30oQyO*nA2usJTi+!Bkh#?KTQsbVZ1$K|?$hbh#pVyT0&Hbp~UjH*e9oOycAj%6@c zL(tiwllH!hr1-VHwEn4mDVcXIPsg4EAaMmL&fkrMd~A+O-1!w^LJX+P(|E=N zQ4F6Ze#J;M*|dS?_>G)IKqmZnr(U1<2rVG+YI->M#sxim-?5t zsgpAmD-^upPDC~W`RAvFLdg9s@edzCiiT2OR$TR6f^QeyD>t2BHs?E7u}$1%BNqtg z9n^5qd={%H5xG=9)joN)pb2#^kX+w3vvuLlt>m%?s^sw8tox688A+~nJu^=B*y(Y<|_#m&LDHeiOE#V7vRUwIwE=W~G2yjaf-*iOvm zU@wYa^awYfxrxo;TnC{=ifFA4Xo8#mLNkbIU&$M3FEn_vVKC%ic<9emq6W~F3>7P5 zBE~+R^pHq*CIfx!g6gbQ->)LXKKyG(5uL-8ZqUp-Hd998=M7&cD7-@-RD?Nm`nRHR z8HWGlJAg!D-hQ_5gF}~C-HlJWsIBHp?Uvku2-gK2;f@KCwz6D)SK+pE%92KMFI}fC zVRsa!!lZq$|D*3$-GwLj`0l`k`*O}utAck0kN)+)@a6vLK2tJ4ZJ^7Jq3rpF&;GpuVZj)b2c4+k3>Ii@e*kdSF^s!rQx`6VbEkvK z@AAi);Z1l&jsc%oD8p_?_oa4#WuqRT*Z_T7To-HHfEk?fjlqbzldISzZ4KYdd~gNzN7Xxy{kO* z1oWOVSC}tv^5Yxz3>ka1q5@iz*b|NJo+Pte3L6I9T2%?THhw((Ezkv}u z7IY9QYqVLc(FlC|lh>8*?I-p4P}dADa43)~%fM^VX7?29`N~O*YI{3$AmlF}vD=)E zgq)%V23Ssfe2xak&S+^sl+Vg$PPtmUvLrhOa=Pa|!eyTp8Y=e454xJ&-*U z-hz-&&Mi8dmAft5YGJz|@WLFq8JX`H-!Vj~QR$`yQgJ@WqcHSQ%`uaQDiD2%V`6rQ zq6j^+pS|al2B8j;I0G%I!)zmG5zfCEyozUY7Gyb$p&t=j8?it3Bsd8Sa$AiUwxS40*~E| zun^jO`%B(c!8YyUNbGrp^;*igG8q=5W21W%YcL6H2N2*^*V&%YYUOz1_dJGu$gzqr z@kfRi8`#r_qkV_1R9pL7*$i=^tX|B{R~i1Pq&F0@Xw-@ou;?!LOIG=&A7nSQr{KSE zEm<^We2y{Q(isk1K42X<_-fz$B`8wfPl57JQaLOS&5y3gg4YMADwN&CX$%)izyibH z#z|;|m)kRv<@2qUY(;<-&k7}W^wHOrYBZ)xe0^|<31qqup9l=nLF#LzD>9;!M@4fW znUNug;}1Jl3Sk`hzw305lFdaCrP%k)InDhN{8Z~lwo;%AJj9gXj^uymM`-z{xsH6y zEnaDR8dgi+;v4MNd?oEVGX{r|Kv+d@_QGj!?g+Tr+ z0IT8TSn8`K;5+2DMRn_kq<%k^*ze5y^F<1{Nrz=8kJff0Uqv8`YxxLnHe4yo&e}a< zz-OWEw^T|4J`}KNsZ8yk5UnN8@A|X&G(?BYr^ehD+XTY_>>;YF>Z9uo-h_cc%7&fN zgcGN`E__a!1}G-+1%>gn4U`CrgPHIh|29|*to$GcKhn-1IN;>6qrLMOYHtMarD)`d zO}z0t;)NS$x$ky9Kp8I<$s%h{EH!3rjJHVR0CR)*cjE3rPz>5xmre6*aLZxFTREzH zm+5Q{Nry!xn(39L=ygio1((Rn=g6#k8!;Zo?~(Fy=tJ$k83 z4}Ztr!KE6sAf=g~$%1w}vAXT{>vZDc^K_gvNNsZ}!G&K(7CZ)ai)b0|?cAVZsO}jx z)w%9xUSIGUUuEV_RUkV0RWq0iaH|$TVaDIC)3icCA<`!oE6i+cI1&;PCQbsb|4?7= z+$Y-tI9-1W=<~N3AMaRH_jcdG(;#fp=SWSZy+|MCQ_8h4b zv6R1r(3Lsrmrj7~IM9bsN;)=C|589nGM2K&2>Ypw6aR<&0xSbg!q*5>4$)hVE>2%c zlfmLNS)O$@v(7O@@!diB5v;)9L??$$bPIr~0`16%1{@jHayRs`y~Y4KKX{t@zv9LV z#7%kb|0nYJ|06HG4Am7%wPgD%fw$WYSml1PyLfmoZN81XNv?HHB~($VsjsJu0P3H! zqCsEM%3wA~EsRVFdc6axfx3H&b>84hG_w_39i#cp@E z(;=@82`MRi0S;D1;m;c&GK!u4H8YcWd5&1x*|7uihigl2d>Z8@e_>HtXNlkcV@(=B dgP;#46e!Ty2SvVGn1KNtvagjSi(eWB{4c}CQ1k!* diff --git a/content/manuals/dhi/images/dhi-subscription.png b/content/manuals/dhi/images/dhi-subscription.png new file mode 100644 index 0000000000000000000000000000000000000000..b3cf48a7c5636b7d5c3356ea6cc73ed8f972ba7a GIT binary patch literal 42291 zcmdS>c|6qb7e5Y931vy5$Q~8h$(AgMP}xHEC2Mxscam%gNeCg7B_aDh6hf24&}1Fi z_pyy-gx?wO&*S^M@B9Dze%wEgsTkM1Uf1io&Uv2aIp=v5t)-ztO~FKgKp?2^s48hA z5G3vh#4){-Wbh8ZSLq!5bIe0q???@z>C`@^`elZp|$(M@=E)D-Bn0w(+#!@O5@_ z@sReF0Sx!4o&&Se2LOwn|fe0?vogeG`ai2{ z;{r?S18c|s`VA!lkt=>jNkP}wY-vBlmw7vgn}8gYHjQ?Pi=ZCl9W!=+)18;&!~8UF z)W0EF#Lk}+SDla8+gI3tEqJJ@ zCLZD9QEsV0_aqtTGLlC2##_CphMTe6up|1-!^$|GeD7=9G(FqtxIhtv!t)%}`F(#j znX|JUKFE!XFFyij_DB><7V9}UiC;M+lY5(|l#aeCn?+u79lb04kg=2Y=!;dDYAWjJ z>og;o`+wuesYtH>@52$HEJwq7kG0;6I~q3k#DYWRXq;z@@c+{#HAhit6MzB2-!Z^=)kBm4hd;blNlAb9=_$v<5S^Vyln57{O) z+1+xCl6y>FHYq=0jQp35M%qM2MUkyV_frxsy-1CG?BjdF$CwK_FU0TlS$CHS!ExW0 zJc9Z#XaPOn{B?k@bP_qovl6@i*>$($yU$)SDWU=I{4c++Ue2(7SoDm>$OlcimvRaI z$L=MiJgyOciv8HLP!Szv$GmmvCA0sk2jNmz+U~{IAsZRO@ux`;yod8eszIA5#FMSV z8^<^1EU@c|hxb^wP?(qZ_7$yl4u91&?rq9%3*1vu5{ufV+Aoy5Q$Nh~#cDd_naIW& z#KXe%S5*IkYxbYK75q0eb*TA${l?Zy8==Oz9AL31&M5ZU?R z;G$(m$O*(RyWo3dmS9Gb=+WPu%*PB?oNFbwTAwi31##ld@wZ*0%sY|P@kzL?ps&$2 z3o*{~<@>yX!=;vJKhrEPo&AkXDVQiCOo}td^m9$9$(%r^zqtLtwF;iYnH$H1-V~Ys zt4B)F()MN&pHRpeTX1JDWx(fq+GhqPRvG=h2;@#l!!VPAlwS&tE6rQ5yZISB*V>J> zb0*d1?YK7mRma4h@zw;J!C5D?->7~=jjo>+Yn5i&n=8Lf(?ah248#1puXbo+&)O`p zOO-rh{&bWeA;)6)Es_iM*|>B(e#88fn&Q-7xI*KvxpAKfzMYmIDPU>mviOQ8=?V{@ zYd$)-D;Pq25%QS~j1}I$&3qJ${KQDb*y(Qcrnyg=~c+s&g}B9=Y7!J(#VN z^zJMrGhs>A3qC3&CT-x@^pr*=v(=*tt*6))Zs{%^@hAWd3-}0O(UG1nV-RV0MTGH7{ z8GHIb>hPS5eghSlCZfe?ao9JzH+0mWbaj3EZ>PtOiJK`|I%iYQ)qS!<82C@)9|{?C zptK(QBr$5v+e?S!I^whK*l~p2K0XBV=%VQMWwis#(d{yGWS)?+l9FfZh;x$&55}ly zPYzGKURBqlK=!IF$A*Jq{mJ*iO24>>`w`U3{;eZzdy=8tm85aJP~`CJw;zf-qgy2I zhP|)de#kug@crJ7$y)6AT+Kqo4%hahRiPquExMK@8oKQr9Sx5WFx z>iSwoo#gRubHPTEkf{SIq5-amt+Y@E=<3{6s$?JCyjjA&=ZLA71H0Y}FDTZQ$4q|Q z@YnZO*dGb5+d2Ivo4rkFYV4%{_<;8pW@jBniItZj&7Y?bW*h3h;^wYDLUL_>P~JPZ zxia>LG5F%P#E5gOC-vMqDxAIbjo(SzIr6ohK3A$d&h-*P_|mZThE|ZLCgO?c$Pjat z5B8>%9|O^OSq8MlvIDIGT(=zPN-a1yZ6C7tzdlPl$}cJVvci1q#FLV&3y3G{ljwp& zdE9o;=6!wuEtmJGEoLFw$XLnw3Tx*?LT^~+^3L?v8})tHnx0JiNALT7VZN-hjNAGa z7;?t@QOf}Z=MD+NgAlMwH+-gl`YHIkqSUUkGgf>0GSLXiuW0vIMhBW!o8zaA`#Bbd zFLBnJj`ZLB8SF%p^5BL!+fr}POO<7zJ zD(ej;lJa7E29TlPO(cyR6UaGcd6ma!qQ+I6ll^LJ5QyJKr4N6|@RPL9o)?^~3r7uq z9MleJY5cqYXE);;>u`x|V2Sr`>=*rH>77}?L)5~J1Rf;q8&fZ{Nbnb*NbJct$qY=; zZneJI7Z1vmGK=Qk@eb^^ij1AFhKP(WR8qFTNYBJpWvMD!MMw(vEs& z@gYS<4ghV#u+bqGQkM1I^4-YKhWnW4Cw3_WNtM4K!a0skEUHsa>9DNl9A+&vRp=Pv zQyVkaV>5t*NUom0L=bvxeIbjlWYVJ@FOaVAF_~BBFXl?tm(mwv)^wdA)nV*x>=G+2 z#65Id`ERgl)05rJ%Po|dxN7Ccu1-|8bKR!92cCq|RX}>>ngmzQ9OJG`GI!pM;>d)9 zEOoKNeYf4oaiRybgUuew$i~Hs<5J{L2Wv%rQAM=41TlLro}*&+8LwH`o^Ww&D{^am z0hm14?|vin<4#ahky$KOK8v|SXsQ}3w&CJ<0)oIdxDpZTJ~lo>Z55eit|X!MmA#n$ zPMIPDvGyaOA%;P-)sDwtr_TZN;k8l*&eB_atDk2f2-D{JQ-OK9oLxkf0bE-CEHFfQ~fMe;zFwA_O^WgPJ!THiv2349z+Y)+I>X5hC0@FW!&rD{u>si zdX2JavlPJsh4Ty;OuYHijiqhUEol8FMfmYs*)Qc%qoV9EPTO)ejAWK&j9>q*QWvvU zI5Q_ECK9X}BSJOub2Z1bd6S+x46X2RC1azaw&YKH-+~#j zK5ysbOgPEX(fi1>#!Nul#ae)amX?+3hn|zT@ubFFUc%m6gx9RN^>N)mD6&onZSs z7i$Yc-`W@!U=|5eHwm%iL)5?BSj3p95p&mHr7$85oexB1WvNl+WXP+}m!mA+{hd~P z4=%ma z+b!?^#NqE;Npxu#{jHxQoe}4HLxCMFHhT9%PU&6P?h$XC&b(*6qanhj%-}U@v%xiL z?{=NZN*Z~Kk9^;3whD4+x!TcC4^wU#&~1Bd)r`p#dxau(A}_8me9*p= zRmD~9%yl-pGx@5t8#`rv2iU+DPaTpvy`pf{OMM%#Q=1P0nPSPFx97+iezz74m8>#T z*KUi|YMOtZ?)Iy@N36TWlPUHa_57v=IFxyA@68X|z1$>b6?c5)Cq^BrHU~|~3~kRe zt>}PREY`zL%}M@R^qBsBF6dlVuw=2B z84fK=NM~qZqAXVsr#MzJ7fwM+}qqCq9^!rub%Som}>2o_4=5;Bao)yJ690LSwTY z11{0O=mn0rD+HD*eL9eXfg=2ulSHpe4ZNo3EET#RD53A*>F5gvs|8ffQu?DV^j{LQ z3utngfz@#AvaL|Pl86{*9x!;oLmwELZlC6!u}JHgb^KS7gyRg{UO*B*ORjY7wb|L| zXK&fXtVI!(!_HXY?pvkPHsduqEPbg_a}VddvWA}97VB7`9%^#7vs2Al-ZOmmZqKxIPm?!k!9R4+(GUO+>*5gm);^6V1tlxL|5S#j z`>HGbegvcpH7Qy={a&ux>B_$s@g)HdN&{4W%_SM*NwLlfejJ=RVe@%p?vmQSV#UtK zbX|F497G_Eo_4Qu+<_c`jzolQ;t^NW7*C+iR2snB)4v)vs&S1H?j`(_RE zFc+Bc-(>2kP09DGV@e;xa^B=cfB0~DYQqn!LiO5`QTd@XA0MCTJU>6b=Z9A2E401K zD*sM|3MSp%eOkA>yIW!#cLUbyX^rdyxhxv0D_|K9>kEUX`XvsG2Q}Ccn}fEZscj=8 zEL5#6|NhB5Z@0u4gS%W++5SGeflLq#w=9c#EJf8Sti_vjJTmRHgFAr2o@QylH^7Cb zlTvTqzFn%XIhkzp#qBLpXio`shU%9}Nw3}JQjdU{#8CC97tJ}s=sn2K4(n|kr_|6( zyXfQBu3dxADG8=5*7v66&F`7kf^}>0Oc|3Q`sORuxOt)`=N`h^a<>W}$I0Ky?VV$8 zb55}_l*LI_JLkg1sV1Vp!s~5FuKOy=Za1VZsG*gb%u-wx!ofSli`h}-T0HcdU9i0A zbNI7blAWSquyw{``TkxEN1Kv-dTN~112zKJ-6u>1CMuTR-NKx0=dH~{e|(lQ*(Q5w zf7L;2)&uZ1NGx65oRTKVKCM8n=uLV$`q6TfFKywW_gjuM%dLh;A{vx)2Tg5J4p;X& zR0VclRm|4HatNsw4XnqWv}Gi_m3_wbrIJ$r?afHKZsu-*U`4$D{C0iD$Sj1P!-nGH z|Ent)e-Xe|zWT48p!ff)%EJ1eYStY$78Uc&Ja?9S*G#~1xh!164}9&|CTqt$?m4kvea_l_@rh?n=g zw&cf=->fjqH?fS3{pC=lRWv}R5%OyqFOzcjg8*i*$K`h!H|J2Cr*y1$!}1;k_nxC3_C; zG2eOD^V_$I2EI;By_egq|5Gi1U7U}x6FXir zEfr@%GbRD?0eA^#g6ep1rICPNd|FmkM_-?Ik7Md#s&5I3b*zO}VI zGf_UF(Q8Nl_c7zVr%@hk25-`H6Fn!4m+7Umr=;S-R4+~3bF{T3qobo!y>u4hl4?F$ zHZ0@a=HyzfTJwOzZXf&Wg1^jD$XeEW_wIFCi-K9)6k}@N+!WI;)a}`K6k{?lHr`M# z(&ZI>$#*`cd}(%O#voBuNiwn_QVs1{H1N?eEzh`6H*n+Qz(@FZ#J_3fo23Y*{8Nby zFo|^3wEs^ZQ;a|gDs*EJUr*WMTr=zYF2yXC*cbxcK{If14oUK(+!eE560gdhZ6er^XaBv~u`2Cf z!>9{t?*&I*^kTk!n(1~ZJOWe1#gyK|^Y#Usfwe>XO6DD6>eygUX;y|O!%h;Wm|@p_ zGi$?SN5f>-v@@@Rr8AO4Vm9%6uOMdES92F^&zcC%GDY-y$-L@%@5mU@xP2n2i8ocv zJ4qjy7ffN1>=V1EISB_Yk+A=1)Ma}_g0?rd{E@i(#Ih0pc}3CG&89ArCrL@?ba~HN zi(bH{tKq5jfj$-MZ8ROzNx$-3GW+jisa18J#yna}q;GCsiO>x9*;8P)nHissain(> z2;_gNV*v=}=k2lXt7B%>MgqVLv77Vr^PyN7L4N+un$Z84RZSK`_}VqD*_auLiRF*J zd%O;}+K0Q~qjq8xt-@#GJEs5X6uMuaQP2V)bldAT8G25S2 zzffG4AUZ+#sErGG>OcA$bIRdVu30|bu^M=HnZeRf#OKjXuYHFps@9i_^V^(B_1*9G zUJ;FhRo{y>XusHD%B1x2eQ*&7W#b2Qw4-(bdR+Q|L&I`tF$+UI{eX3d*8#bg$Jm}r z`X}3TdGGE9j@2A||9%%k$g|He5kxh&SH3%}F%sDQt=o8~c)&rJiUgR7dz~4epi%L8 zitwj$ixFqU?LRt6@L|uxK$AN6+bb~z#~$qA=3Qw9YU%(`VwDxQENdG{_mpuE0m`7Y$fv6&ELCos(@W?CrZG zi}gcr%!RtVUZe8fF=K@G>Sg5im8v|!0$Y*uG2n!`gH8}GoCB=ybLK2oL2}p5JaXx5 zG$7tdMMXsbEK`O74%oOD`?kHN3vLzng*G!ZR1OaP`2_@a<&tf7rBleeW;cLPLwY5f z{xym@eC*le_ar`9SI+&p`GU4a<=nr+3_9~-&F4_%zg%i87?m+6)AdVCjvfDg*O`J| z_p|~U@(yP1@s5uJjwQ9*;BV$0N~rROj1i@&yI`lv%E|<@ioZ>rRN=S4{7lsm;mj8d zE}uO`A9MRhPY=YOu9QT{S4KZA)8{=25lv^D#hBJfKTpQi4;Fn=%svCDiOkl52zwy03xI-cs7tETK|}{48MNnY9&arg zeJlHkWf_l3R{uuXutQZEKQ?MRcM&}C(POVBKylokH+h5C?CAFd*YlfC6zdfsDuIsRWDh`rZe8x$zYFFZWv?R7L}9)B6v9-ScPJpNrVNXFjeki zu?OH<(gU!n+}@WPH!^;<3}4}to+IF!`mV=?85Kta%3;Ob-`_O}aea38!&B8uoH%_b zs->fvc(58nUe2;y@^)Jqx<34A~*UNL6{%aoQ40j_76aM%8 zm!l_-b8RO znc-0Ad<-E+k`+-i>e2wUrZR&c)Zw=XoU-$?J+X3mB{k};!XpsCB5qw|c!Fb0M%iG1 zI7m13Lk^FRc3~h^%%DCe=p1N}RNaoB3!3K+1gd7f7fl)}&y~5H02WyCDy9d!IlJk*RSx*^7t%6)M^} zA3fi)yvzWV61=}@)<|OT!N{D|ke%2|jr?9GiRt`Nms|t>l>(F5*;!iP_x$JahDtRu zN4@A9@5$WaN4Gts@ISMDGt>!I8BqgpL+~LcUI;P-q-KzeL8*>6=@l9(UUFF}i;!_# zhg=47ly~qqTRazdN##+hr*i3RLI@?N&N)#G&H1wh~7#glXw@dRK4YKU05uK_Lb?Up2xJ~|1X%Dw;Qh*JRJ@#ac62?z)oP)=_FE_&QY8cK;43kP#?bgK|7&C9=Kfw37Ak* zF%*nx@!W*A{T*Brc7I=f?~`1>!(^MfY^_dpm`*(84<@Mcz(t_y=JEnZC0Ncw!4#Bf z(EEN*r7X_g{JV&8+X_RhSk<8+)NmGRbcuNrVuxTnu;?|20msFwn?ExA-Ll`iDfhr1 zIU;8>S|s#_r^CBJKprZI`rdFW0eT7~zCVyV@eX#4k~aYF3r=_x_)5H&HupW74s0FL z>P$2;6(Nr*#w;SI@uHX>_Npbw=O|lJz{lLETVDoI;)6V!g0#{7P#hoJ7KVq!>rf5# zaKPihjl7xynIn2Pe9w+PH{gO+#(Q7)X-eO@YwT??%;p1+j!C||q5e_bf8VrIh+GQsHR=*;QSds+nJCN;*_Hil4=vy(^{rc&GrV0m_O zh#N{nVq(vLOGuejSmX?o9(AGG3+H|QmhA|NMyLW20xCII{m8a5^y@GhO41p)6C}CL%C&V{efUg09i@2(($CbmxbRDn*r9M zNPDPQ0H8sQ!?a4ZftcJgI5CdllDomtmeCvv9%s;EfV}m6bRB~96ke=cO?eL<{8wxN zQp!UQK#jjmIQylNt+L9f*g1pYqjq8cfc(!@hr9UYOOs6YmCz5KoCCDw@T<*H{r z>P_`U-Bdr}K`C^Q!hF6hI*k`!F-qP`%xr0o#WH^W>c#@=4;?D!Vwap5GP5U;vmSS> zei~&PB46dO+)60 zP$;SbCB{I87`oRlRJ)*ZqI98*j!WVBE?_)aVw~ht8zKL0!`$9gYHQBq`#tPQzE|Io zbwiEpv{N}<$)flEGev;hV!g$WT}xh{z<$9VS(0=E+pbq+q{-%lIhm8Yr$`{5hY)Zf zB$~myF$8|lRx#hDo{`&Z*TlZ$I6a2*E!_VMUQmPQNb9zR%nW$sDW2{D(Nrp6pVn9| z5v2fmVDbs7C!p&F0LDX4L4s)n>;c5v-D(w6ALJL#(BOi7oQX*|6HusE1nE7DgWd+z z?JmKLO0&{9bikTSGsGIXUJHp`Np9>M8?sYGq zpbg0cfbyn5GlVaw`k|rJZMx4fu))pq2AKR~7IH2wF2)NN6d+SJJP3nW2Pual#7T8d zokDs@T!maYdGzEt-|;8i{al$PeC88dGoPv_ACo(l(Z&ILKmGGRdA6M_pMS$Lg}M~I zc9n}?A3&6=u8x5FK|M_E3Rk*d0ZYdhm_HQUu`!qN+`)^sH{`XYqf%2ZycxswoS_{( znYFXgGeH+}5Hj+T!$oqidKCYV&*AyzyaKRs2qHEDady(Rrg4~%Vhq8!8wXjfb7_UX zcfIDmlh;zU4x90ZaJJd_yGvHhHr0+V18MKO?uot}E)G6<4kzixk6NJMfJ_`H$^yPV za1mX^13%^T&b7E+E;KIIgZ!+#?jAg|D_dzKBVLWBKRU`AeXlf-&ZlWtfG}nJ{N&V* zmb#Ls@KQrwQp35nFU(IRQc&5D0qTnfK$9?5`!Y~~dr0-C7~2Mnx0CA|6EDA{N$Pa| zzSBk}<^=f6J}7wxuvMD#iZl;c)y|o12;e%Tv!^w&8m0JNt7gkG1AV&WVEdbf z=2!{Z`$9GTXUKm)KSRqZL!d#8sx{zAih$iMdmA6z%sZG&DcK@Pw;VJB-rAh#CX_dWZ*k_Vp1K&}<|Gzw9gL#|TqN(o@tyQqNvW5BZ@<4^T)0enRlcicy!n zJ_&X7c36=#TFfSGLGF2AlvqFeIK9oKnF|qr_wE~Eyr3<~iD5YWDDS{K6H|U4rLdo1 zj4C%lnA$rf1^)`Z3{kC2;Cu{H4C+fbgDLmx*s@9>fEjlO}bYdw*P6(1(EA+hQxK!Ly z=NJ^w_|FG**1zji;a?n%kt|xcf2B|Z$b|mbPx>kxb4O$5Sb|Ys}R{LDVn2-;( zMukiZbr&2Q3dzUXfG~K};h{E*7pqm~nP;dS}4Tnb3pkx-#o*HJjqB31k4Zm>NJ?_2pf`?Pwi^gj|Ki4?rly7%YvIZnwBk&-DVV~% zv+YNACxkCYLI>LeJTj#VXoso(LI1Op&!eNZhW`9{^RH~yS0-+JT@Q9>3+Vw&J}jO?B~0ln3`9hd;F{-|CyK|LKFq+qta;q zM?;|31%lPQClj<^g{l6G&Aq$@g?m_Qb)EG45v>+dV{>s}ZSg~w-1!`|it@5kZbR{Y zUshgT$ZIMt&BU5*r90&EZ3FYdH7pj-`RKl ze-w7Vm{`SJ`3M4r?{jlJd3kwLkG#CjZI5_p_8_Jw+GC`AR!sD%DPGs?Ys&4uf7^^i z#!)f|?j$$(uH^*o(7Lt z4W4nTOtD4$Vu4!kER(0!vL6Tek7?$$r||$Pm`Dd_n}~rqsyBOWp3)R ziwgF3#OdEY^ zHD%ULeCy~Cxp5=Lq3Suf(Tlja9KE7lHp@)^g{v*YW8Ct)chuC?|AGU$vu60NzD-N} z`sWX$goMOnK*blavBcjPn3%j)7X(AC^Oz;FEUS(<`>Rc5>RzC%;l%_I=JVIOG=tAh zPEIm1GXt?%zj(hV%vY6;h=#EJMDI2*Gy9fkmRQ{0ep_a(jqXiGMtfV^3AvpwG-PrQ z6^jzW^r3r-G8PsWpXOu6|25J)Ow9WC9{1%jIC6@RdGfTFDq6hkt?I_oV1;N8gP_UF z4%ka7fYaoS{tdO0k-b_D_5=v%gDR{&@v>^f#9&aZu8^kPfLie zkAA*QKNn-WB=J= zw*C(AlTPmg+^tKwxVR9G$Abfa?UUu@vyppU$KN2uNu3}S1+Vd4D9neO^P_H#mh5C| zz`hjbXTI7XhN9G-Kr%qE^#Fg^m)a7(=5)wzF^z+RhEy~(lYos#57WbvkJvqcRu;KH z12ds<)<+7m?EN0DR#qf1zi&G`zSzYv1$Uj}*L{zTgl`8~>xW4x^jFS7-Q|-7MP#eH zFgR2MNR_|fuaf&X{?d`yGeJU7quKa zQn(TT!ji=sag)O-c47;BHIP&}Nh~hrRzDyp?465M4*HT~C&=_V!p6|9X1JURwx@mz z%-&WCP!4y@Sie{=K_j1N;B?#?<3#+~h+~(J>tGLIp^@9+02EzqA)$E)AV9?b@lf(9 z#f|lKQKC~o6af&TqNcX+_C62BvD2v{*Z07fgDp8SGExKr*x$bv#JvXZYKx}h2HOnx zlwJ<7%YZ0UsFS}s9!5jxds-8}P#-UUP%C72W|5Ti?1Xt!^*SK!oAopkb=bfJ6}ALa zmXzCZ_T5euVVEYw&&fY!R=z8Bvw@3>ew}*hHnK29-_EJ+t3&I7EpnqjZxqVHU+1aTT>dDv0cs2V(8n=;k*eE0abp5Q7 zSn=ESr+x}TlYjsIEs1on>+taQt}dEiPQCVM%FS;sJJQ zJmq+)Srad6cd9E9D8XtsPUWqT4>rgLBXZ8~oDHFqD}Efj&0r%<2VCv%SOBhFHy%vi z1AYAZ$UAm}0Tnsj@LLyw{oXXz=r_Pa|Ad=;O8~V#uti!-6b_I?f5)O40dW!Yg(@&2-Q0Ok@rKji;bFVXb$i!I+*A%AqGVc$1hIyuQ zA|w3P7fDdZcn!RIUfCbGc~9Q1dGkJR*=?pgdly48C8YrSqM=$?T)<=kn?e6WmHv-W z$9UxqcY9EN3yKv5US}5BZ+KJ1%Mo~ms9ZQoY6a&r3gsQE@x z=LQfdk_~mlLmc+CUd*3Tna!35AASS)SdCckW? znE^Tu(?2_$w7O+1t8#){k*TPrskO;-$dwk?yxCs&XRlbx>k<`Rw-4@))>>Y zzXWQ)O=S;AY@>W-1k;b}@t(tST!LQ1;?PHl)5mDgV1Q0B_{8FZ;f2!emfeyQM_nykF1gI}!w{L4wEzOhY3>tm@G-VLJ<0=#l`t-&etbleZ6d_aMgPwfqH=O8iy>9DwLIzd z&bQ6C|LtxJ`$tjuYh?ltfyhdwq1Tk<`9!}O$UGxH?bY)u`t@d^-}L}I*@(~#xze9i zGA+i}b~7J_M@C*NG!@+b^Sq$${+`bKY~8PUF`e4?09hzJ(LZESSu^5P;5f+y4;N$i#OzS%(A+Jk0GVl<#xL? z32Aw8v9T5djuG{R_-m~FpD?p(ufHrTIP@^w)Gsw_uf?Re`1;ls8CLw!=P9NjqxKGe zXXN5`TG3vF!@(!4BtXHQd#X=Lci$ z%?^ony){)?#6SuOA_F7DW(fOwGa(HMbd8>n1x>pZ`;%;(pvAD3$;$FD2wAjw-P>Ga zeZ5mMClnSD8A%)8VUwCE7i1(c`4*OPXejLm8o-ea)*4G7@BTk+-mNU^(!mG6hWE`j zh%9<*$uRKWB>T2{EmblDKK@9QC~5)8^$rn-2X- znUJp$b6#LDCdPf5RN;q!HA-2eR4-?P{WC}uHvcV3RLVVR+Ps%<9^4-)tQ$~ucw;~) zL}3_uvQmGkSJ9fk>LqVA<9go_l0sdI_JqtX;I!;TmsWE7E2K@0^&u9V;URPuBqp!LAO04r&H%~LPjHnln6 zN=pi5P1^EiJlBxmQRB3Rr#CW|=9OebL2no)#O|g0*vIpK^=iQH(g(&$Y;IN>AKe|Q zTdcw?OV9ovajh3X{w>KN`j3?oo7AmS= zA0=~B++f_n!Di-EyMb&~M(S`z1q4N(otY8D0+`yBTp{;+(EEoHc)1Kza2}=>9yOGE zxoNEJ?N1SpLr^)nnRv!cn&`__^MUlW*KRHmP62>^sUJx-)z7g4-I~++W4mYqXArbM zq2LWb3>tC-bc)`jrmo4ZN-|M@`t*s%F<29_$xxGqQ8ua1Qanm8`QXeANO`n)P9O{n z4F^RZLIe56X|NOf=E)onmf8CCGE*Qq5PH$v<~2~OQ@xalLw`#&RS8~4iX-wTnN>F%;DpBoB{KUeqtGu2lTzzwhbn8tDc20WqI0!@rMpj6 zHM3lYtJM^pP{LHudH_WMw)~GJbA9pmhxz`?F&d*a%DH7WhFfPVk-T#Th5kul{-4?d z@m%Yrf>=8-vY(Q)qby4lH-R=eo0GajL7Y@Xoi6;=F%YaQ{w4SiRzutQDOC5N!2|Wg zowUnC)v?g)g=WuxEjI$&k87z^5HkOlw}aefch?UJy)fds>3;y^9(?I6G!5Ph6~NE# z>742!@{rT_+JW){()!MEZB3FVBi_FxJT0-1%tL<#(s%rA@ArB|T|tAq?9hyW?VAa( zwf$Ce0Fy}WwuW00Ta;ye+pX2k*fQ?LDYcQ&)Y&8f`JxrtJ#YKY}C0gN1y}cZ5L+giE0L2E773 z1u0ZaJ5!7#jTdZa5o%eMM0JjGW!di+?oBpt z2XE)gCAsN?kjHf_Cgt$kexc@m{eQpMK3u9m`rQD1CaAAByP!)0jTp1ihLReVCziM<>RafJ!aGC;$S5|cp#7$ z?EZeRaq&QC9p(j<_33hj4ndw$kV&|srpsN8^3e%a2Cf(a>aCiMZd(yS*tX6q3I?l^VTyjmatBwaY1J=6En#H&jNY{(`|Y; z*(FbDkT5L`#c}+`;9{rU4b2vz2|8YN&5pf&UsqF8Yc^)@t6tj{K8Sw!k3+g8`{)zL z+MmKNN`fAsZapZ)1kA91uej4N3QOf#G587j2F|xV9FpGm{b(aHci<}C3`?-m&Wal= zb`0oISLmN^cjpXQkPdsBxL-I31`w; z${%R*`^UWNHCH9|w;T?)`)j1(fCO}XgUBvBsBR){^6WuJ18pVpGxx)9Wg}ft)&3jr zT{ZcI*3oui*68Mhgap>6jQ*O72dBT+6kJb#`}TEKG1*X!GRr0{i&B5b+&hG5EX#Y zg90^1T>0<@gcuNY<&nC94EVu2{f);}^UXun8m8u+7fw28bEmzC+0$+QO$O177_)ZY zWtzcZlWy#Sk$u1@D`!HK)A7<0x@aY6U)fxkQ=e-WUHJEIZ$b}*i%ZSTbUAs@ww$kk zZapBvW|t|bWggO*R8h7}O-)tDm%R~;i}nvRK2mZ7%@#;qA@~*jq=SgKzT5btqQF`2 zP;bME&y=mL?)~qFMH>T?#d#Mq6(?lteZemcHQazI%T_{X1mRaf_hsa3%%P2@>oZVU z<=K177MRn}j+`(JeD;nq@K@#XT$L=Xj4~&!nx&WOz|n(xokgffKz7`BuKN=HriUbBM6Zv04JSbePK^wTdE^7wI3X{bjx24!o}{I= zEp0e1b*%eG4Y3cnnC*M&bsu4fnm4hlMXR3Tgt!p2&wxg`2SY60XeVi~GaGY~0M%_E z%{mBCRN`0^h8+c=!aH?O$P`MzFlyLAA|0f@qMsd(j&dMpR*l8~@+I8`Mbw<9G}O|- z>7Z$Dii#2gw+_|N>5fPy|6=VNZ~ z%EEb?NDD@o!1{$-@|mk!LN;)|Gu0VMt zRKN|zKIQ|t8dy-Y(yc5nQ>E^7x!P#oigPjT4+E<1F8l-ew&OO^l-gOT9U8x3x^6l> z)9&jzwUw3cKgqs{kXW#6z9~gd0b=u00INMNBcA|kp|uY3`gzO9y=zgRHEj6XLiv+y zl;KF}_0TYx>Z8xsYUkZ=!cd`+^OSUGj_$;L&_~WY%5pAwpCLzp0JvJ}jQH(+P~}`0 zkNQ&D9{@*E6eZHbC-GTm$Jb87$%`@ZwZAcq2Ln0Nq4sH@i$E^s5LyIQPEBxIwZ%x5 zA$Rom?_3}jO;sndrRSt?95rBxXG&6h z)8Rar)|&DMcNTJxOhv4F!{IFGeOv_DK8Vg|Ik>`3hTn<`U>&(lhq%9Zg$#9O_YUah zyY;^Q{Tx^{xTt)VBK*vna!X%LHXl8OyYU2e)XwPtv_1l-F-{Wr+dgo@IC)kBmZFXM zw)-zicc7G45)=H+N%j>-J$b;w2j?RB&o{*Vb!m>`$Z-i6J$KV}0y~y-1+-AWvDrZA zNIX3ddaBX!ew7i(xfMX~4E;IN#FXUZKz3gmq{Aw=T$NF`Pu3ZlMqUxD8_VF5v$b^_ z=90!q{|k0$w&MtHkYT2vcGnX@FR18WG_X)Fw-~bM^ntJC*RNkK82hsLYG)s3D-a8A z`LJJ!?ZPFU!!)`>k~7)yvFv7{3n7l*i+sCpyTY8)(~j%oY?0J$_3R3X-kr zr{MVHV}`Nq1k(oEkDx;YnM0r=U95619MN|1j8@8dRQ$#${j!6SKW(l&Q$#2nSp~rY zc9?z5yT95Q)Tq1R3{ck>Vz+G>E`q9cgK%12G<0i z|0I|QpqzQ;DeYlp-^=+SFzr5cO@pRFInIhFC=@_Vtr^*EyPm2>278C0Qh(1kw@U|V z@Epxo7++cW9B&j=fjau|_iavEmh0{(@cyhNi{C5BY)+ieQcx)PwfF{v#w|vj3egPZ z4rVhmGtgiIO=!?I-M+8uIWbbNB%XjEe)8+z{Qc(kTzyBc%*@V~fk-xM(B&DF4gW9d z-aH)Y{r~?bMW+&_lkD18DapR%M4gk6(?XU}O3E4~>yVTsq1{22C~|~S$TsRAqC#k5 zFtTKeu?=R%%>3>z=kxx2Kfmwyx_8}+HSX*Q3RLW9T#I$%p>)4lztr(Os7wjwTy%ts%sIkXR zq^Y8^R1}E)uXLP7qUnq*^QFYDFRyFvi649KlmsIkVS%H-xyD*G)fjmrrL=^$CO;2; zCoFV*Mu({}N5#2wp8mHqY+Nb&zPg^uO-=-@Yr3Rt zV9ASw%6%&#CSwJVq7QAc3UzsUWXt8f!=0vkSm#x5VtPx671=8X6OD>{YEfz1X5+o; z>LN7fC0pZJ8TS>cRx4>6PI8c5YI(44qti8nW7r>mtiCc}`wOIm_3?6Bl#W!M4^7Sb zO)IhUMES17(`#_?u^9e!?10rHJZ#_h&d`2o{AvEv4yuPkgY}Y^Z?$kOV&b-JE(=}S z`O-Px>Y}V;$_h1aj4L`TExA6`xax`eAx9ngnHEdj&i&2OueLAjSVm87qRD)rIIaivJV$S+>D*2R$$BF{=efQfIk~*sQhb{jQNVne=g$PPv zu4*prU`%(bV{%o@TulrD$J1xeKI!LKJ-lHYyYu^(r^bYjRB!ra4C|rTwjLzVEISoX z_(>V1nV0gpjB1>t5QqP6_}b|;!W14ew}&|K$NR&^8e;-iF?{R&r;G$s9C+P6Yv&m!Mpr)QBRDvkRhOc+l(H)b4m!drX~Fy_y|O2JAp5=n4&@X&nXk zhuO9Eo}Lrw{T}+pPyYn=gMF4z;>pR~5f zT^*gbGE-`Duyd&CpPX=SQbjTMbbPvdQKGnSxtvf@$KudJt!eC&q4Z+++EU#LXEvPr z>6n#=RjOiY>a|{+4s^zi=Z_I6J;TfUf0pbs73-ESVK_34gbQB0xH|8V_v#Rv8*}=? zek!3#FL2d}7OM6*MN<=a``?+UsTAhIY7aOV@F$=yQ`p3~Ut_s+)B%e&0|-+hxz`FA zZ1$0dlC*{eh9YthjGC^(Lo*SCJzCT2+5Lxwon=sE5~_5!k^Ur~8+4I6>1V$>0@1c+Io2NRp&go82<-PR+yB|QkVYx> z(vo8Z85~B8DrR85nuFN(Bmm&yv*#K3SA|woEGh$Z`Okq+rL= zJ7KUZSv_pY=VGyG+VkMjJ1<+`Wk#Ct|7~QB&J9$b%Th5P`8spx{^Ob~%Y#3?;Rm7@ zo>dv#bnlO%vcSQTPVYasJb{Zaraw~teCeeencSw|>`!$(K}o3}g*>^a#p!tR&nsGT zg#A3Hp9l|Fa_(vg$eQTpa;ynQ$#A3F3MxafyUoCVGqmfrVcz#H#8aH5SBy|P&0I@< z?#b5oG7Dh8F7aczPo2yusWW(#rE|XckYf6u3XiJxTPx$z!z?g?5No95LtOe`LNdgc zG-Dh(%;lx7$NnavbkCw4?&k^0OXzdAAngl-Q(?9%?uRQLGpiF_+}kX21{zry;UB0o zPd{mOVSio0I;xNY(|LQ&@B5YP4CvD*E=0ISawRx4#y4w{czSxKyqHH)1Xp6RO0BXY z!qV=!#Qk(XQwV9*@BCgEq!ZQ;Zb;W;(j;gW zG4~*1-Gt~B1Fd%&MiJ*V2kPf8YbEB)g{w5q6j4KR0(qmo{!f#=AqKwjn*mP_NkF>D zikb)}_H;IC1H~&MtIqN;UZ}fIgfO7W>;c+CP+^rofyVMN&sAQQpVa z7JHRM=dy`6wnNi+rer=JmDB9NY7WW!Hq*SUK2 z>a!BrH*PGNSN!+RK}VNlQaAM)`$9}ehd)f@tJIHZhUb)vZQ!IJwpmzU+Ti59H0KPUR_^b;f-jcm^%s! z>05t@{rP?yLXndDOVg9RFb4Nm4*m$}+Dr>~O5hgDzM(_UIt} z20mb1xk0&wfyu_Imm*i4@`sG~iw|ZEJHBeoIrntPdp(#Q=JC&m`v2S+OPeS;>_2>< zy~NMFK8p0oYf(N+?{)e&zdfBPubVGfxGs3E&i7)g%DoquJkFjmawTO4#)M28BvNy? z<|QeVW#(I^Td)oMlyc>j*Pi#c=Qj@yjW0P=Xc0G5ebQvl`9xf|+z5MX_QB1y7A7GxT0r~Jp?zAgZ0qLfureH}{ zwgzcm_QT@{Qc>y1&M6%T68lZJ6Pf(vdN90%ks%{WFiJ~ZeSL-pXpjos=1Z!>`qoX0 zC8>W^oVWbVewE}JRR!ptqQ+F14sia4JpyYc3=wxY>%SFr9N**===b0c<6-Y-OV}j% zWdyZnNxvX_jZmu~OgLkD$y?-O2%^}S z-}-0tm&djd&%%F~Mu@l>iD(riugW%jA7%+EyzGR%(Quv0C#&pDlj|t4Lq*W`1x&UG zmR}3!hIs1&Cv=~>?9RbE{Wu!RDs*pqj6^px8xFe<^)5x=kVw(kT@l`qtTg3XVU4{xBH zzd7FIx&$fAefD#+}2P`fg~4lLFcF?(|gs`+rY)HA^qw za^WZNN|O(cqWV!r5-CkFp%?IGt~jVjq416rB9>$vmBQIMK>O8w&*S@vfgck-r7trS zMj@s6tE9u}E%~+Acr$J**CV%c60e5Wz)n%>vP<(^_@y^i*;hu6=Bl)QVmv_76crd$ zED&x(e^)I3wV{8`TQ;L#C-Fl3#G{q8wxM@-uTAQlx}>S$^PP^hD1MuliJ@8!zP9MD|O2q%9eX1Whh&h z5JUv|Pv<1EPi!Ca6Mu4S8zj{Dlwg%Xcva+vM9q%X!`mi(bVf@;H?91IwcrqHq%SMoE0WnZ5f-ETKHC0evXO{29ki$`h!_2T_w$RCAVEvpRogH;|FGMDU6_-*J{4SQhcp=cFN*2p9pX#OK)M-f-M$Hyypm<~Fq00`w} z`uCMd|307m+_C68=hJ1T6p;`qp~zrP37tuG5XTx6ZQ-AAcoWvUl4z+84gc0(PaSdE z<4WL2zP{CuNmZ+gK9IJ{ZVB@??pV)^jzJ)l~I--^*$Vai!RWC$WqTv9EHQL4^rsD!v{Ck8uy}#fhP;IG~F{bb93pL=OjD1>hVNI zS$u&+hv~G=?U0op2l;eS(Ojtqe!Iolw)g#4i20%@3manG;rHH+s--_7w&o5V$~^WP z>b!^^O8+uNE#O4f+T{9~Qgf?^8eovq7DGmJHo{j(sMaqD# zU&Y?xkjP9yicPxSqH5TQN=3k)jK5o)JY~8^9{UL3iGER5SYmID+?B;}Yh+)U$FG8) z@iZMa?%gaOQIn0b1ov|@Yuzc2()8n+4h_Nv&GJJ{+e!ECJfyy}AV;=rSE}>3{@cs~ zzQl8{w$7N$WmC!|Sel-_;Q>9Fq;}ls$474G>mn7t-Dj2hb-V!zv-FC*Eq1%@>i3tQ zISL<0h}Qkrc$%z8^h~5rLk`@T26_NaO(Y|)<*D6{+KJtB+kUV3f%1*f*&1r=bnoyl zYP2)QT>aeLjEWAXnPYOXivsCqN-hDS>g};90Z>83DZh*YwCQBs6M32ZcB1;VX_N4_ zrFR0itQz`zq@}*%*@RH*kZ&FYBhW+t_PC1{2L1}nmFHF4nA4JnUcDzde2JVT4c3kH z`fvQ4i&OUvj8Hi~BWcA(4g>2)%i;mwKMS|UTMzcH9*HU&T5@XY*)L1u3+&bishTXW z4QhCeyOezj3mj1mAH00KML2KClDkuLy=>J_RHl|2_gNh*uK3K8LmH+Qd;U0HJ|d^- zX_)+a{W>w|m~0I!bmU{}1^p!N87%CxEAtln&AlzjG@~!lCYAP3@76}S06f`@UG*hK z{Ei(RSHkMkX%>Jouua~ie19G>-NxXzCcn|=`7>gZ6Xz=T=^N;qrW~J~ABV~?! z9y0s*rnbK4S@W3`ex(62l5@72WbK>@3DqGwd-sd`$J?Xy@ zczJyccT-o-J`nA;Y&ZMCATwD}Yq6|*Wuuh)LiI*$@R{q|oYnKT3zTlU5=!mWzW1TV zoI`j~^^W>~$lKBS=-YUF4bwT^C4Li3f-diO#^;GyP3GC!Z#Y|)aP^drts)AmbK$(^ ze@=XA^h(`Y-lk*g%9CZXzrQatR|VHCH|Tkqs;i{$36AWLt%_k>mV-1{fn0XZ!77=b zM)%WZ!#(p#bCz}MG&ui*J?zgm@n#1DC1rC;mA!}cUVkF3{u+;`SH92M;*NlzXjd<{ ztuWl_A{CgV`c9=ZScctUh}38(q!UO)4!#QCP%&H?G|;e?*r*evIY?7PWKt9QDCPX+ zhA~`;xv5?z-!N>HNdNIUbVx@o4u07PbrJ?TkpdOO(SBHeRsEE6fk=f?y9z1H>^FQK zM^FHolovaUN&ZY{CT1C%6FZP1ovAxz-0`qa^iL=(u7%0_Ee=~Q2lrLT=`}=haeSgq z8J^`XA%)qihs~Z({(M#6-C|*9ga?{6{A)v8t-y{jF@;e-sa9u&<#JlrXONSHw?IhgbU`IU5&xdMy@)DAmCzlghT_i{e2{Dn;yf+xhLgs3M?-%C? zpu=8I5U=!E_w*x>%dNfOBo*#Z`7+p(hl_+g^LAmuA-=1cp<`TkwjS}yF*05MNqsum?LVIUmq*^7 znc?m*Et||>wj%kc-dt7B6HQ|2^MsXmx(~eC#r}G_Ql7W_V`z;1>?ijxjuI=Fy@AxK zeE0Hb3w1lHV~1*x`|NUA-aBm^yZY*A%C|z3?MC7=wccvXleD`izk+-G0ksbVxa{5} zgiqb$Z}faEKv}@n07d?{I>SiPGEle#k$S3%&>wPgz_SF;YXOm{RX>dVssrdRS5Xc? zO_2Oj4v0r0l;gZUF7@-eD-AKH)PUv6Mqb`{zDdA9^GftX*hI4Fd^?sve-`ZD)gQR3 z`rN_Yb3fEi_c$laHisq5He_ym&Tsiu_m_3WA7G7mY1zD)z6-H9O0lqTj(Xe9&A5{t z?G||mj3s`ej@K4aLKuPG^snQ$&;55cxUi?~4P;#aeXMx_Hiyfwpud~j^6wWdlS`ek zEx;Cf9tX3fdwlj`u+h^$-$B)dMHq|Kca7zU@Ui2foVP<(7}gc`SPAyYm@E6{62ZWYO%A~Wj;?-UL9Dg8$a*=rpgK3y1<>)M?b!*wJ+ z+bxRM8a}6-^~)Tst-h-;d0EeQdi*>0!0wE(2<5pwb3YX3RvlnSKQy54Nw%flYr6~d zkXf$eIqOfrHVyi7n+gkCuDGwR_Q=sTvwr&WxaOc(FHRO>%dt57TxK071^gg@AJQ7X zJ(!w?XRx=VaJav0cCmHh9^g{%I%F&Xgf64Wn&Ly59-)qV=X#46)7kH{*c$?dWpcZ% z={|7NP<|u?jtn__l9Y)b&AN|R6sKoih`4;c+@Bj2|C`pDX9$=C5@SH!bff{eN`M} zz}fInbejc^mJ<0j+FaZNeb(V1J{Mqd@e|c&9%pL<6_sP z-^;3_SDs<8%`E5Aas>pUJNDcRvgSxtD)4p-yghn@e={n!fO>PogF~m0aX~E-e~7#b zNXdSU-;}S;=PDwhJcN2xdEFpQA{mTxWobM}qNP8X_(JVik`5)qy$=KTHs-fq#;rjF zNxCN!C5&ebJ24Q}KQUyaA`Jb0kcq$u;0&ahpwOJ)i(oVk7W0Q)a@9=Bs7NGTN#uY- z-)Xid?r=Rrs#LW~EA`hFl=B#Yk3h;zes`V0OO&ycn8|jxsc`2H8QIKM@UxuT%C))u zvmX<#%_#Z%GXrU=Le-uXBtzOft$G-=SrG_qWRR;)xYOF(w@UOT)o~_6nHA$!o?A0}Yh<^t=WJ<6i z4cASqU4NdUSb$s5%L^CS)~);YS^k-B`|Z>27cTrEzyJ6VDd;fv`8SB0?5X-hYCpy7 z**R@?Khm#f)nEj7iI%%z(K)c=K7N#aCZpVFaD?2wQjOGBIjbGrg=cb{Nv6%V{g4Ss zvYAj%yQMpK#%IRAGxU=MsY0T>ga2LSU!)kQV&EBptiLbd>Io_Br*38eP-s#tQ@&m` zsa{?TT`9nWc8YBU!1E)=(reri@;4N}(8aa7)SAt!QcF+wx4R`IC&y-A@w=cZjX>R2 z`6$9!Dl1pH$rv3BF2q9_1MH%YC8P0E zKXg50!x*K+H~p1_DauTH&zrvKoWIQO!gS^&loefiT?sO zh3qUZH=b|y-W?5|zwZjcaK(aFh=QS@b;|dnJg~B~e2d`LMh#ZCGUjVn>xWDrfR zvlEHvwIGLfxK-rsAg_@6nW-*THvJl!AB;(&$~3cJEhIZ`6odRQ!`FLc>}ZvHlDRSh zZ`;c$X2~5EbKeyz#u6BBBkN?SEq0$#u=UggHa9p|zho=&ggJj84GTm^{2M61u`WU& zPA8}1j*l|OzY6JkjMSkP>F^-1W95aL@zIK+xfjkfs0qiF%YnD@u$)47a?Sjf;iDt} z<`Y&h%bj3JIkOOf(aVl0-Gj8@__=Mgg1)-Gl!@a?N=hI4*F)s|J?`OsfcVDO09I=PFA^?@luOskXC|$^oBdW}5gOwqHjVv1p8i{r9G0b(i)E zbU`Q=VRv%Y$6{9@4aM`wC$shu@!8p(st&JCviJ~E*X3bf(Pe#L*Rl%9M_5)_Pi-wN zZ>yg%uxXfz{43?Ngh7XCripl!UY0LGk|^DD{hFV-q=}UOqNB(R#3r3yW6OC;YKAt) zj}n(xb}kg~OAgfbc1ISzfD4y~?);Y#FfAjxjqjlKGc# zuFV<1Yg%viY;r5r7M+c#ara^+2we4lp0=jU*)q9h0rc$G0j(Ks`xhSmm%ELH#rD(D!isTr%)64W!Xw@gs9=$YB^oL# zKgxBY1 zb>usQ1&u8a7#?&|7%YLk&cU>eXu-&30qeM#o#y(o1V{rTbfem})O2dFAvXG#h zXCA}EV=JkYD6a!9>}1qU=^cV&`El;Plpd|zgkI>|jzE8t|IT41lkVFIJBzqb51pDO?RP~T zWl{T9ass#Z)MgjjXd3{DZAivx{A=%4Os4+23^2*w2I8&y@Yj zK#Q>FW}PcMOpfI?VZGey`no%C@5-`;PuCZ$XWK?fry%~Z^MuR>`6vY&BY7j|P#6jj zE?F;q77VTI-A^k47Lt9c?}7UbItZGlOfvmlURoOFTRk8qTZ$_#J(2Q;Zcuv7)X(b_ zIwnC3FuWTIc2qOlg^u$Q#1EbziD3y*Fj`lMLOHe%)*f8Jx<2>yY zpRQx!Z=QVP7?B1Yo!OS5*xmkUsyHOvac{?!WCh;bQswV$E!6R_r~I3-l!==&-rf?2 zcQ5|%U7OM1_}$vBJoJu&=7xT|qwyC>oateWxe$8p4$T@52`69 z=)Xuxkv^|7L^MMFN=}|}b-Z0V01xu1U)!wz@he+S^&;<$qirmB>|Rb^)R4CWRR|n` zHSMh}*-e_#NjWIB*doWJoOPcPMN*F^A%s8|8e|!AAi~rkufz8eYM)yJ6+VR$$l*`8eP{Z9q z)eLK??d0*)uPW*4vo7IByZ0>>I$S2RQA=Jnm%<;wXS(!nRuHQ(Pw7g`xc^CZ2 z->{^9oSAX60&Ww6Hb}e83e*Q4xYCf4xRd`E9u;i0uUZH{{4$jBXJ*ZXvFVfbL23yj zZ3lh&9M^g-pSiWE_(F539*5>D+!%D3L)>CXJGQX=9Lr-aL_y&lS%31tz2D1x z`|`7LPmjk?u5miOB$v|%`5m?VuYrq*#pV0vKz5WDv0C`B%{mu1D*;_5vCFcD{C)}QRpsEPom$j(^<99$nm^YMXR1x!gsX+zXx5zPX+&#UP*o>E$xD~rt`~a2nB18e&J*$nQnd)bMMf|KUgpuj+dyO=NWaS{SXq8*G3nW z=>w%|_w`!UYl-Z-J6WNMK2&zX?%a`cF^%OA&;;~TNTVUUOb84v(@*!srZ0m{&nHEA zN#*B$5^K3EWpcUBlrdjGf4s??xK%st6om!KxmgHXgP2mX#goe`gP3xjY(7&`?rb2B zU&+wr$;!_qzjr8q6BanA(AALW{!dT&v1-I7d$1S%52>oJa2*%TjrnpVj-;^1d}QYr0%0k+VSF{wkpjUJ zgra&+EZDaK7Cv?Vt#(*E5qXU*t9nho5uTLRoYL^Zpldx`VcV)<9UHLHxnDsCgGLeM z7F4i)uD__8N4oUxmb%J$9eIYYkVYZ-4FKpU8U?CnuQo% zY5(dhTJe1sfgD%$fAdfB)F%OsVMncZ-59DMWvwH13#;tGBhggk9gl zy1WGpDRrx=EZaky?oDVlMfzBRWl4$6NR{ePL~((-)L_M}a8_BtTDF>uAUVH~ljo|v zEce9Gdb3t%KSw{4;VFNE{j5PLbG^N}`pH&HFRVFW!L!yCE?haYSy!QKRO#u};1h;P z%(=g(eEoPXPZ!-!QJ`W$>QAs5k-IP8)*$(ad%ZNc;Y#F)=v-QCh=%@gpx65&Zz*W> ziuDF|V_DyytTmdjn%|;O!T0+?nrjeKIPhJc7qexqn!m!4zv~*G)2@Fv-$RW1MStwm zQvTc<8~#|LcbA2H^7}A7roenKvOUJE&X+$N=Re+{%oSpJ&sore#mGZ~tip@4BHaAI z*ZLjz_bn$0cz-7=w6-Xkic9`!i(QJOY2#MwjR#y-e$s(*=Fw)Y?te;V2lhH3nI21; zw^|t04J&74WH_rOc>2Ql&_d3uuZaVdRyY`F(eF`*Gy6??tEQc#n576#P)R|3W{2-5 zBWTwd_S@T@qd@e?fXt^i~r>Io)2f@}3kLq2A zrxf$76IqDf^3q{49j-odKlpbGWg(yb2O9F2qlobWFC1L0x7GKYcL1KW*Sa1%du$Tv zYQJ@gMf}}dIy@ZtBil(n;(Y(6QiDTDc5ISsTk}ur`EhcI&(@p!u{rS2bh5<$@ED|# zi0#F#Gc&iklg6x91kFYj_9f&_DY)$G^Vz$tfGWLqlsk3x&CXFZFaPfK@`kSN_YKUg zPt&egC`Cyh30H(uz6NO;VeEVSI!h3Qt%7M~Cw(li)@WDhrm&%!D0`W11KmVZ&JXH> zz~`DZD8X5rT(<7JXl?59(Y2(BcT2y3{TGkuJ7A{z301+oy>1aX2*O6H+2rB~!+$IS zqkB%})ieGn%87&)ZM(vX!#6pj*x5e%p|Kpk(^E$_6nyu|b^wxm(dq7|0;Q7&L@gyc zuj+Nrt)#8UkLO|sp?meu!Sy~%+2dbhd>dwjI@M%42eO<_I;u!rFa2tC39q`aj>b>CG+6E{TVQG6tL$9OB$JMoYRYCs&~#RbdvN>)v5Uaev3{2I&{SmYxp_uMa*7IZMd_&-s+= zI$9D#{H>#$lau7omJ!;nZu*lJKN2-mlL~BqnJ#m@yt1D^uzgKX^@_Rad)x#i{pp2T6-$X zb=lqbZW8%>$_iSQ&AM6px#J!!CpcNJ$^>5vpIj~ULr##}ysguHxTWllM#!`~5>O7g z5hEv9AQvbXe7%2kvlEDfS4yZJu+5MA1f(PjdzKG(w-wq|XC;JCJL%^!l-_<7dI zuWox2axM7L%#G(QPTE6bXlz&*O{9auIt#By#j1J4c&!o(Ixk$|zT7Q-s1q;?{h??)#IgWn1F<+BOLqo zN(UI_k0Vp#oKbqw8{}!n*v@p(xu_zU5e_A2vHsW$MNI$V!1DHSA@%I)Uq{6M#Vx<5 zsyXaa`>)!7EWb#hMRM56ZIYHtTv%cjais>DMZ1|GO9Ght<0H=;%XwThtvL<7RrF$c zgrADEp3M^B=e_?09zQdX7Fbr!G9m8LEedm&S~*v%Gl6#yQSck*B9Xw+gX3fFi^L8Y zKth}_&tG7UeRQP0oIU7D6OL zFcEfn&2VvZv%hpnA}y`(Yf;h5moIzBKtsMA8`~8cMqhI)d;s{vqCovIBNRl|fU`mr zK@OMpEIvRl_7}TBpozfr@c=^w9KoJ^Dyagnxz4HdF2NJRpumK0x5(+rDH;9ZD7TnE zmWj>16Y_KgS!_^#6FHfP=XNMMu@LJ$WXaS!59 z1}=H)R{w#FttE*x>bvuKZf=hmuh(qsvo}S8AY6cxH(JgQL^jz>_XdAVfhR=rAIT4% zd;#2*Sm0QQ54EJT<<)a{Bj6He)%ic@1SsQ+W20X6_X~u8{w`2@I-qvJvajLMy%2yl z5BAgr7dJ{{zgq@T|6>jvCr<b?(Nn7b8nJ*7BVcOz^npxhhTE)$p{dK!ubmc$OnuWfDX1`YylnEI;dX-3GCn3 zAy<3*1!zh0b`hKEjK2a56s{MyTmTJ>&<=6~8Xy1}#372FFJJB^NOpjC+Hu;bXBA() zd>K61U*BVF$6g75D_Lv^Lz(MS?tu_2Pxw4|UotW>K0o3d31DDhId??2&>OdX zA1f*k_ezI5)#SsW(WA?G!{zT2I;S>iG5}2jXs{Ao84L*Z(?IF~`r}zvRaKQURi$&M zzGSp`DbRkE;PR}QP1#vMpvj2uf$R1SLlCr}!_Xy2*vpC?wXyC{w?BE8hJ03N>F!Qta8iE8Zc2YqCJ!24{ZsF9&x-@m=#QwN z891i_=8PcY-5^FC2#ytiMG*uVuo~a`@6!R+)`t3En80vZIk~IurcJR;0ad)5y*~7I zp{oq2p_7Y*40hVQxe6xhX@Gh_bVG7erTo8uhF!%w0k9ItjqAll?wbZpOvGoeT6Zwg z7)}-h?53bV*hef4m-H`CA;Fky58Bd~Hi{lUKSagE&VbEFfJq5VXYsaiMICMJ?asmC zx2tiJ;&|YWdGO|Z@!Z#)GI}ne{JTEjp?IK(;r`08zLs1JrdExAoZ8+n~Q>=ux=pU3u7uv_e4z7j~^iN#y|8__mbP2Y&~*G99dxBEwu){NBQ!{ zvyRh!Hw;u4T4e(zX_9jZlUQk=lKZ>n=2gV`olGY_B(`rhGgta83mHf*9GWxurlU`j338DvWTru6DnrCHc8jMBTGsrGQJy6Uckh?$2JxAHMah3t)qQ z8ftt_){nu3#`Qge?-0x={3@7ZcX9-Ng4G31-~k z1BLO1CCc9d{s+Qu=7^4-UNiwrO0JkZ zq=L`5OG|6W-v`7*`u0gK7?3rd1SwcPaQ3t&<9nFGL$SJs+KWCuYmmKtgNJALuj0+& zil*oUtKtt#TUMH1&#$Fff*=vWviQa%_VMV$mW4V1MSFSXJ( zW2Vi@d@Tdks{9W_db!!ztSF_T5Rvy0NJ~rm z5BL!nE?uARHzWlF2-M>G7@c)9+_rpY&t!Eqwc^h!zT+4auD(b2b%yrZcF^4@b0myG z0@+9v%x~YkY10^v@WH_hFkTUbfFttTJ(3iNE9bI}>puySTaEM|drfwm$?|bO|L@Gp zl|F%uqw_kD*D+Y$yFY6)7M7}ab-QYnhBcqg-P(-h7lWTXdG3LtBMgcyPA!tM**Q7$ zOjNAscudUy1*NiXr|UK2C*3&Ni8Nu)p)1wz-v^K%H;c5u=1k8MATHJ^jQ_92;b9#F zhs{3t0QlJev25-DM{W1+ z?@Lt-@2UD2`&`-Pjrd==V6L)kPhuHqXdqHSFMcp@{5l*dt-Dt= zKY)O->G0=>^099HB-ZvE#wY8}iPgS=e-B1Dueh&+`X)53C$$f$uO@bgspQ_ljO2%6 z?*P|yq*i>z#CLWdwf??^M7mnOG{Br?Go1th&@d1pfvylPW(jb1mGp-y65}`T9cvc# z=YBj!AaliDRmUh)8@X4S<_jM@qOfXFnQt%FPK^eh;wjtHpe`!#XRG@Zx0eY&YRnkq z6aX5my^}q0Ezm~2jAv0|M9<-Q>tmjzOb|-|AkR;gzZ%g)t-j*04BwrDeu-3!)QP7r z<>oP9PaKtNK|4)Ek&nV(Vqg8a&Q}3xpsWKGM7-j1j&Mx!32mPdcjh%`aHrrr7;DlOOkZ zJ}D!>qpz?-Fp{c_@a;D6Ai(T--w7r)9#j0V)!Pk|4Z%SSebAPf66j@ZPA|v`&TzwQ zhWS$^Muzk$;aO%e@POmQQjL=f7E7)mWhZXIF5pwnrfUR0&^@R!z+A7}z{|tqrDIdA zk$Xxw?l`feK+c6r{XWsVb1>_BL&8+%q*`hEWgIQ{QSMh+rJXx#+Zyqlzg1^|9XNb4 zbWHx6h@7A&ER{eV6Ii6TdHI%kK#jMU0r3%u$uQ;HqZ)XGZ z3?UD@ECF9bDd4jexqNnR4?ao-0jCYQi{sS&I7B>}*ig#{&3U}_|9utLhTuMLPV!lI z@fj1-eeInYtdaqHUBORoZ48-gXt+&~^Q^kAthikbmf&otw*rQ>?o9i7k)Mkvuw}N# zBtwJ>7!_oeXq&?L+pX-OaNq9J>NWS(eTex6u9CBMX}Aek9Ar_b1LknMxU7Q0!Izem z__2e@_2MXk-m6EJCh)1DW$)H^$=wrm?}|em8W_8zy}QQ>_F$86P=WkH zyFr(pXYYq_6q~)k?jm7E4t84F!o)|?ZJ3@4xH-}3N<3Br1J86Ejh}vr{>)LtB#t29 zx=y_wGJ`djPGLP%Hi7Q0!y`r+9^Pll2TELOylgF!e@B4DsRl%_ zUgUM)q+ja?t!qAOf<8-gON zK%DEsob6Kyl4p-P7Z*K92@rM47#=-amiYXY1Wi-2Aj_hSy&KJdHF8ATnw&dEzL`ob z&--aQ`MQaD-f`YI{kmRsM(SA_y_9q%FWOD}f{SA-33OV2J)ddga=MOfuB!{Pf#$61 z^3tu`*P!6lj)EHMi7UmUreA3vw6tF)UOHXk_mm7k;v;Qu)8#$6JW@i#|Ncg^Azk>O zsxKg5qsIu)bC3z!^;6V~9@*&<<)+UF=+_n$u;Wd{V)GtqH& zGjkIQB$bsW+ha6#vUd+=&|hA+IAAST2lCtYgSw*c3PzOb_CXY2+ehEtLHd_uC(!3J zeKhl!->7p|OPeRRgHVhEF=#fO+2WMSebIzm$T;m`lBVS|+m5gt*y)r#&(0p@L@_?2V08J%%0?Wu~nxkv;%QD^O7O)gH7?o zu3wjj^^J>Hze;}k^l1`DtA<_j6y27WZF#(~DD|Ttz zJMW;mnN9|emrOp9ta}>9{aCjS-vFVr53)CA9>7W@}&|0+1fz4XoME@bW=^(>ccx%Z%i%zWar{YjU zKfbeUVPAQxOR+$2G26G-uUhFmMI%Xz`)DvfmjFL8Z=?hi3DTE(xG)C^kL(UF6pDwn z&;Q%FyXm@V#;ZQ>!@Vba|43AL9UY&(?L0lCw&r+knuX?Kd$Mka0adKF+$oEN$L%s_ zFmR|O;tCulWg_oMVkOt41z-?IV@P!MK_kZ^WIJ=RbWZhqY7+l?BrQug=v13UDpFWP zby{4!Qq5m?wut=DT&Rdtw-_drFz4}$@~hTFT%PKBigrP06oeuGQm>NxhO|f*t#YXy zxFYBf$9$11(`zZ*XK|#k=m8XEArck43TzH4FI88(y>v-w^VLnUbzX~ppkMBEqB{-& z9+K_gFJ4NwmumHcMnCLV-L`9)!w4f=c_IlecmWl$p_d)oZZA!Bv$L4FHV1cnU9R+O z#Kh{!DovP^dsWAEy~@rgT$aU6=(l~Hs<^+Aa>ZGH zpU6_tSotpfoBCdjU+%&zB~09pnz;k8-j=Ks7{joCRGdC0N@9@E11upI%>(Aur_RtIO|x1CcJ_ zHJ>8729WVM7L!LVD9-!`b2zx<2Ske!Z6gH%V-mqvdFi%uu1@)mIjf&Vh`2Dn{~>yt zsQP?26*suE*k?)rVqR8PyD{iREgA#v!{1x}3Xky_Tg5485%O-R@Nd{p*^-vB&ouY+ zfYCxf0k&TAaDmoC>qVY9GXl8}&)~%6%*-EluW2cht_T$S_{Y;tRZ~uv(Som~=BMgy z35TrFjFKwK-@!Hwn!|o3$Nd*+4$Z)7?Inlu!j2f)iT(!!zp^gf&g5=Q38mbrsg2~2 z8RU&-smmx+JTlu8J^kfELqYQyVhJzI z)s^|#+dNe=21rJv1?7@xdES^u>6`K6il0Lp9T?&#zLtLafh+3Nu5XCrNUAt%oe!n zR~Ak5i5xo+yYMO@1I^PSS`nh;N>mu4*X*l+qp%MgOVFN)rr6QKzbKnU_tfazG#6_T zw7K@I8fvV6HBsc36v$BeEO*AjSRK$G@{RY;KMOEtWAzY7VekadRq(fj zar+n2+;0OxGwTk7KY~R%@gA`zg4`i*eaFt@mMe|WNM$F~_ZR9~{(;A@+C<^Wrf^CS zGT;og5K0NQLV0tQyzp|Fs8Cs(^cE+yLSs#v-%`{XSe#)0qyYvBgtd!C?Hck87uS{( zO_2Bh&|DcYr4u?orM11IY{E{)_ z@6#+5D%hk7QxrM*+^dN5s@r0lnwt417L6QKiM#*KMj3@kG=UeHgpHF{;4i!yd3rd* z*=NDDeLUZw7u~|w6JS9B0bI~!4^fQ%f*xN5|4P2mDFdyUP7p++iT;&SVJ8igL*TIS zEYcaPa5nmS*p>?-l1InZFBP)81ISU;p4#x&MlH`x-Pg z!B*O007CF>PHt_Vr|mG>Owv_CRN#g$di-U^O#h0(lo!TB_tGRZ-@q27HiTJ$#{@~&UjDsvEDFK=bE%VNiBI7EeJK8!nQGS6(S zRT{7yGK`9(Ffe48uF4HcsO*}7_l7pC{*Nw4TWD+V-Yw|kdu&qqT4gpm%U0}y)3d8fFVO&KRp9)7)e7)y;5Zd~>=380I@8LS`!5ITw=PvaC9hf=C zFr0%ep-qE+53I|?YP4M&jrn%aCqFMlyzfq3UqD}(oB>O6Z*jM5L(J)h`g7tam$?4! z?p$OM$gk&}wcu1{HosE>=1ewapWOX@BmQ5e4~VFi1^;rm3EPIV77CijZDkJGE$ha? zh%%tn!@dN&>=O?BosHBjUmcqdQHPhV|FUCsr00}YW5$7A<0tDUmbofo7t|wj{Ld-= zp8VkTQ-Nlw^t!R^Y_$l4VRXKpN|W3pc8g` zX?Yn#iM``1Ry3X@4?4s18g-W%BbdS}(VEra3 zKvOKNzv4osA-_40GvHUf`&oHhpy^GO)h~<`H0xw;r=u*Z>E5-Hx#llHa#u6czt3)q ze@NQEB$KO1?6&J?(98XieEY}^4v(iTt~+fu)^xAq6FVo?;iSfupKJan!U}LV!cVL+ z?;=|Y%huie6WvkX2nFHxg7d?spNMty|Aa^2U%S~1JxCv-9qcg)hZ>6e^Y%2@#1;w= z#|GnyAa@a1Ejw;j&<#+n@Og+dBjxgqneush7ff9~tiIUOe&nj=woovxdIlQP^0s!M zhbY0VB7Af)Ha}p6Q_0Q^;tmrHTp4(Ur>20x^Bpe(Q7WdXo1i)5DSX1f= zkK5xT14a7t4aZIve80E`=4DtbTwRr3XeKzE1d$V-7u}eRr2&yD;>iSX>xa3^%zr3k z1k6iJcS^jgB^AdznU$(yB4LqZbH^dIsgM&{J{t)$M_%dSCPVbQMaq>hvBr>po`DVM z9Z?^v&9kT%Wa^Z_l*i|fbnJHN`6~E++-$%zF1k(jvWC;v(${xGg_^JIid*iexM+u~ z{DQw+V(ZRk%B@Vl4S`)D0G^CROgg)_wKKE-^u? zv-V-(VjG@b3h>T3)6LU=t8s@hUUo1-e6GX)$tN#aqdVx;q6?GubG(0))?M<}_8UAcuH}j^|CB9zg0qGu` z%zo^t%+dCuG|mhoVPeXEoj*4txiLycy;mdJH^{xSH1pl56m@z)Q-Cn=L?9b@2TYgr z`}UZXt4l|{Z=2|52?|`Lnr&qL2nx4zo@BMpsU#m#xIV5jQ!3!I`&H}VoZ*|f>jea^ zMix!@_vWOr0&-wIpwIleFxZA_TjaP{0RQDIJ=gm%wNJ=2N!LF;LEXJ}vb5cEivVAL z@Tf_o@i{>Offw=y%ZXPW3Vr&3_>3%hkJU zYw+6w`#y;G65mcayV#TX`v3N?U&;z=gq~K-83TJb*!zpz+iN$uAUhg zwx7&o2HiB0T)i+DSRrim@c;Ct3poKQaRXyx7ai>UZVeZ2@1u4E=z*PcZv$>D(D}ue zh~r$OI7{{BtsU*4=~K1!{jx0ktP!J`Y?1(=>q1bF-9v}Wrok-_wu-!DE(OqBB~v5h*g{%C)3WY4#SCqOm=IisN9W(#rb`<5I3xclVIWXZ8* z9*oYw5*&MxLCS}-sRv`^VLN*Tk>&?4+r-2~{DVbN{zE#Z`tB3Bjdm^T(}>pGl$gJ? zqT%QEn>`qOf82%a=H+br#Fm?9X$9RHUjy{i$r;s_4>!^ZlC9|lBQ`7-wR;SX)sEFg z?33oJw%%N~S30Vl14TaBRtI{L>|t$Y=`?ZwY@(g_uJ@K&Yg#wf!kDr6?Rt-fmWIZz z$A3Sww7aWQudQDBssB=o(_X}EMLAiZ7B~l~N+(*A&~2SVImtVj)uNj4$&=P9WkB`X z8+W)FT~9d_l&(%5Dl%hgE1%eKV}z}K^(Q5epu(tYgDpHDeS-EG<}$%*c< zgdpZ6e)yng{&cSO-kiI@qxOD2SpEl(RpnTfy5Wzzy-mt`#(@)Ib{qBQ#@r@2<@~3X z0jDFY*4?@P=>ID0YGax@qcB+(Or#n$nh8|mNHf_=lu>?kP=^eV;RZ}}trwvvp9+?( zFv>@v+aQxE475P8Wv!VC0@^l3xDC)!L6b_0eArc1O4mx)ny$8GSm>mr>@>@M@87+- zZ{GX9=Y8%ux##0KeEz;>at&|idcGD0tcwjqlY7exc?KW#xn`K@8!#?ahQT&H* zO{-W_Hz_pGT|=P%79r3PJ2dJ@lj^ne^Ve|zrM@iTz=9o$rSrbLIMM={^#Gs;UlFmq z9^UQwPX#Y6oRXbQi9qj_-R<>yt;4{~j8(Qkom{7H%pgLZUC^VW2B)eq`?<~IwQgqW z3U6kie1{&Tonlp2_puZ=?M%s;8?PbPXoUNP9@Umf*H&I6YCeV~en+V)OmOlyX5CJQ zbWOXk_4J1k^-j8uDWgIMHb7r&T$~2h*{kUX_67+LXPat2g!jlU2A><=P!je-Jb8n8Hyh9b=%@X#W=*e^Lp8f#k?-Py~X9gn?PEW+uy-Eqf=K4OrtLZ$r z9o}xzW+T_y3mURQtYNGT>1R9WS%E=--nbyZ6|^9ydsNdM(Z3w_7O3yXJS4Tr>mpLg zbZ<0?x&CS?fK#4BNo7Z15?{NTYk&V+<5QX?lTk78ZDB{BL2fh$x%W}{hpLR_ zFP+JK?DP4hCvw@oDe?K=Vq*JYh*|F zT!jvmN>0Y5+$+b0^g;RzJT;aG%DNE|{sr_knh``-*TR1k+4stSw8Wy}rz*{?rjvQp2s3Hms|5Ui_QF3;QTKZ}LORf9u&;3{Bc y^~QBP*FEuGB;{?mrRM%;?Kot=g#Oo@O>YHEtFOo_j|EHo)1@Y-Cy72e*YFRCD|0LW literal 0 HcmV?d00001 diff --git a/content/manuals/dhi/migration/_index.md b/content/manuals/dhi/migration/_index.md new file mode 100644 index 0000000000..6285dc5ecc --- /dev/null +++ b/content/manuals/dhi/migration/_index.md @@ -0,0 +1,49 @@ +--- +title: Migration +description: Learn how to migrate your existing applications to Docker Hardened Images +weight: 18 +keywords: migrate, docker hardened images, dhi, migration guide +aliases: + - /dhi/how-to/migrate/ +params: + grid_migration_paths: + - title: Migrate with Docker's AI assistant + description: Use Docker's AI assistant to automatically migrate your Dockerfile to Docker Hardened Images with guidance and recommendations. + icon: smart_toy + link: /dhi/migration/migrate-with-ai/ + - title: Migrate from Alpine or Debian images + description: Manual migration guide for moving from Docker Official Images (Alpine or Debian-based) to Docker Hardened Images. + icon: code + link: /dhi/migration/migrate-from-doi/ + - title: Migrate from Wolfi + description: Manual migration guide for transitioning from Wolfi-based images to Docker Hardened Images. + icon: transform + link: /dhi/migration/migrate-from-wolfi/ + + grid_migration_resources: + - title: Migration checklist + description: A comprehensive checklist of migration considerations to ensure successful transition to Docker Hardened Images. + icon: checklist + link: /dhi/migration/checklist/ + - title: Examples + description: Example Dockerfile migrations for different programming languages and frameworks to guide your migration process. + icon: preview + link: /dhi/migration/examples/ +--- + +This section provides guidance for migrating your applications to Docker +Hardened Images (DHI). Migrating to DHI enhances the security posture of your +containerized applications by leveraging hardened base images with built-in +security features. + +## Migration paths + +Choose the migration approach that best fits your needs: + +{{< grid items="grid_migration_paths" >}} + +## Resources + +{{< grid items="grid_migration_resources" >}} + + diff --git a/content/manuals/dhi/migration/checklist.md b/content/manuals/dhi/migration/checklist.md new file mode 100644 index 0000000000..fc6034356f --- /dev/null +++ b/content/manuals/dhi/migration/checklist.md @@ -0,0 +1,21 @@ +--- +title: Migration checklist +description: A checklist of considerations when migrating to Docker Hardened Images +weight: 10 +keywords: migration checklist, dhi, docker hardened images +--- + +Use this checklist to ensure you address key considerations when migrating to Docker Hardened Images. + +## Migration considerations + +| Item | Action required | +|:-------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Base image | Update your Dockerfile `FROM` statements to reference a Docker Hardened Image instead of your current base image. | +| Package management | Install packages only in `dev`-tagged images during build stages. Use `apk` for Alpine-based images or `apt` for Debian-based images. Copy the necessary artifacts to your runtime stage, as runtime images don't include package managers. | +| Non-root user | Verify that all files and directories your application needs are readable and writable by the nonroot user (UID 65532), as runtime images run as nonroot by default. | +| Multi-stage build | Use `dev` or `sdk`-tagged images for build stages where you need build tools and package managers. Use non-dev images for your final runtime stage. | +| TLS certificates | Remove any steps that install ca-certificates, as DHIs include ca-certificates by default. | +| Ports | Configure your application to listen on port 1025 or higher inside the container, as the nonroot user can't bind to privileged ports (below 1024) in Kubernetes or Docker Engine versions older than 20.10. | +| Entry point | Check the entry point of your chosen DHI using `docker inspect` or the image documentation. Update your Dockerfile's `ENTRYPOINT` or `CMD` instructions if your application relies on a different entry point. | +| No shell | Move any shell commands (`RUN`, `SHELL`) to build stages using `dev`-tagged images. Runtime images don't include a shell, so copy all necessary artifacts from the build stage. | diff --git a/content/manuals/dhi/migration/examples/_index.md b/content/manuals/dhi/migration/examples/_index.md new file mode 100644 index 0000000000..8044b2844e --- /dev/null +++ b/content/manuals/dhi/migration/examples/_index.md @@ -0,0 +1,32 @@ +--- +title: Migration examples +description: Real-world examples of migrating to Docker Hardened Images +weight: 40 +keywords: migration examples, dhi, docker hardened images +params: + grid_examples: + - title: Go + description: Learn how to migrate Go applications to Docker Hardened Images with practical examples and best practices. + icon: code + link: /dhi/migration/examples/go/ + - title: Python + description: Learn how to migrate Python applications to Docker Hardened Images with practical examples and best practices. + icon: code + link: /dhi/migration/examples/python/ + - title: Node.js + description: Learn how to migrate Node.js applications to Docker Hardened Images with practical examples and best practices. + icon: code + link: /dhi/migration/examples/node/ +--- + +This section provides detailed migration examples for common programming languages and frameworks. + +## Available examples + +{{< grid items="grid_examples" >}} + +In addition to this documentation, each Docker Hardened Image repository in +the [Docker Hardened Images +catalog](https://hub.docker.com/hardened-images/catalog) includes image-specific +guidance and best practices for migrating applications built with that language +or framework. \ No newline at end of file diff --git a/content/manuals/dhi/migration/examples/go.md b/content/manuals/dhi/migration/examples/go.md new file mode 100644 index 0000000000..38dbe2f3c9 --- /dev/null +++ b/content/manuals/dhi/migration/examples/go.md @@ -0,0 +1,110 @@ +--- +title: Go +description: Migrate a Go application to Docker Hardened Images +weight: 10 +keywords: go, golang, migration, dhi +--- + +This example shows how to migrate a Go application to Docker Hardened Images. + +The following examples show Dockerfiles before and after migration to Docker +Hardened Images. Each example includes four variations: + +- Before (Wolfi): A sample Dockerfile using Wolfi distribution images, before migrating to DHI +- Before (DOI): A sample Dockerfile using Docker Official Images, before migrating to DHI +- After (multi-stage): A sample Dockerfile after migrating to DHI with multi-stage builds (recommended for minimal, secure images) +- After (single-stage): A sample Dockerfile after migrating to DHI with single-stage builds (simpler but results in a larger image with a broader attack surface) + +> [!NOTE] +> +> Multi-stage builds are recommended for most use cases. Single-stage builds are +> supported for simplicity, but come with tradeoffs in size and security. +> +> You must authenticate to `dhi.io` before you can pull Docker Hardened Images. +> Run `docker login dhi.io` to authenticate. + +{{< tabs >}} +{{< tab name="Before (Wolfi)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +FROM cgr.dev/chainguard/go:latest-dev + +WORKDIR /app +ADD . ./ + +# Install any additional packages if needed using apk +# RUN apk add --no-cache git + +RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" --installsuffix cgo -o main . + +ENTRYPOINT ["/app/main"] +``` + +{{< /tab >}} +{{< tab name="Before (DOI)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +FROM golang:latest + +WORKDIR /app +ADD . ./ + +# Install any additional packages if needed using apt +# RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* + +RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" --installsuffix cgo -o main . + +ENTRYPOINT ["/app/main"] +``` + +{{< /tab >}} +{{< tab name="After (multi-stage)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +# === Build stage: Compile Go application === +FROM dhi.io/golang:1-alpine3.21-dev AS builder + +WORKDIR /app +ADD . ./ + +# Install any additional packages if needed using apk +# RUN apk add --no-cache git + +RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" --installsuffix cgo -o main . + +# === Final stage: Create minimal runtime image === +FROM dhi.io/golang:1-alpine3.21 + +WORKDIR /app +COPY --from=builder /app/main /app/main + +ENTRYPOINT ["/app/main"] +``` + +{{< /tab >}} +{{< tab name="After (single-stage)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +FROM dhi.io/golang:1-alpine3.21-dev + +WORKDIR /app +ADD . ./ + +# Install any additional packages if needed using apk +# RUN apk add --no-cache git + +RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" --installsuffix cgo -o main . + +ENTRYPOINT ["/app/main"] +``` + +{{< /tab >}} +{{< /tabs >}} diff --git a/content/manuals/dhi/migration/examples/node.md b/content/manuals/dhi/migration/examples/node.md new file mode 100644 index 0000000000..9c1d7302b6 --- /dev/null +++ b/content/manuals/dhi/migration/examples/node.md @@ -0,0 +1,120 @@ +--- +title: Node.js +description: Migrate a Node.js application to Docker Hardened Images +weight: 30 +keywords: nodejs, node, migration, dhi +--- + +This example shows how to migrate a Node.js application to Docker Hardened Images. + +The following examples show Dockerfiles before and after migration to Docker +Hardened Images. Each example includes four variations: + +- Before (Wolfi): A sample Dockerfile using Wolfi distribution images, before migrating to DHI +- Before (DOI): A sample Dockerfile using Docker Official Images, before migrating to DHI +- After (multi-stage): A sample Dockerfile after migrating to DHI with multi-stage builds (recommended for minimal, secure images) +- After (single-stage): A sample Dockerfile after migrating to DHI with single-stage builds (simpler but results in a larger image with a broader attack surface) + +> [!NOTE] +> +> Multi-stage builds are recommended for most use cases. Single-stage builds are +> supported for simplicity, but come with tradeoffs in size and security. +> +> You must authenticate to `dhi.io` before you can pull Docker Hardened Images. +> Run `docker login dhi.io` to authenticate. + +{{< tabs >}} +{{< tab name="Before (Wolfi)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +FROM cgr.dev/chainguard/node:latest-dev +WORKDIR /usr/src/app + +COPY package*.json ./ + +# Install any additional packages if needed using apk +# RUN apk add --no-cache python3 make g++ + +RUN npm install + +COPY . . + +CMD ["node", "index.js"] +``` + +{{< /tab >}} +{{< tab name="Before (DOI)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +FROM node:latest +WORKDIR /usr/src/app + +COPY package*.json ./ + +# Install any additional packages if needed using apt +# RUN apt-get update && apt-get install -y python3 make g++ && rm -rf /var/lib/apt/lists/* + +RUN npm install + +COPY . . + +CMD ["node", "index.js"] +``` + +{{< /tab >}} +{{< tab name="After (multi-stage)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +# === Build stage: Install dependencies and build application === +FROM dhi.io/node:23-alpine3.21-dev AS builder +WORKDIR /usr/src/app + +COPY package*.json ./ + +# Install any additional packages if needed using apk +# RUN apk add --no-cache python3 make g++ + +RUN npm install + +COPY . . + +# === Final stage: Create minimal runtime image === +FROM dhi.io/node:23-alpine3.21 +ENV PATH=/app/node_modules/.bin:$PATH + +COPY --from=builder --chown=node:node /usr/src/app /app + +WORKDIR /app + +CMD ["index.js"] +``` + +{{< /tab >}} +{{< tab name="After (single-stage)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +FROM dhi.io/node:23-alpine3.21-dev +WORKDIR /usr/src/app + +COPY package*.json ./ + +# Install any additional packages if needed using apk +# RUN apk add --no-cache python3 make g++ + +RUN npm install + +COPY . . + +CMD ["node", "index.js"] +``` + +{{< /tab >}} +{{< /tabs >}} diff --git a/content/manuals/dhi/migration/examples/python.md b/content/manuals/dhi/migration/examples/python.md new file mode 100644 index 0000000000..321d92b710 --- /dev/null +++ b/content/manuals/dhi/migration/examples/python.md @@ -0,0 +1,165 @@ +--- +title: Python +description: Migrate a Python application to Docker Hardened Images +weight: 20 +keywords: python, migration, dhi +--- + +This example shows how to migrate a Python application to Docker Hardened Images. + +The following examples show Dockerfiles before and after migration to Docker +Hardened Images. Each example includes four variations: + +- Before (Wolfi): A sample Dockerfile using Wolfi distribution images, before migrating to DHI +- Before (DOI): A sample Dockerfile using Docker Official Images, before migrating to DHI +- After (multi-stage): A sample Dockerfile after migrating to DHI with multi-stage builds (recommended for minimal, secure images) +- After (single-stage): A sample Dockerfile after migrating to DHI with single-stage builds (simpler but results in a larger image with a broader attack surface) + +> [!NOTE] +> +> Multi-stage builds are recommended for most use cases. Single-stage builds are +> supported for simplicity, but come with tradeoffs in size and security. +> +> You must authenticate to `dhi.io` before you can pull Docker Hardened Images. +> Run `docker login dhi.io` to authenticate. + +{{< tabs >}} +{{< tab name="Before (Wolfi)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +FROM cgr.dev/chainguard/python:latest-dev AS builder + +ENV LANG=C.UTF-8 +ENV PYTHONDONTWRITEBYTECODE=1 +ENV PYTHONUNBUFFERED=1 +ENV PATH="/app/venv/bin:$PATH" + +WORKDIR /app + +RUN python -m venv /app/venv +COPY requirements.txt . + +# Install any additional packages if needed using apk +# RUN apk add --no-cache gcc musl-dev + +RUN pip install --no-cache-dir -r requirements.txt + +FROM cgr.dev/chainguard/python:latest + +WORKDIR /app + +ENV PYTHONUNBUFFERED=1 +ENV PATH="/app/venv/bin:$PATH" + +COPY app.py ./ +COPY --from=builder /app/venv /app/venv + +ENTRYPOINT [ "python", "/app/app.py" ] +``` + +{{< /tab >}} +{{< tab name="Before (DOI)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +FROM python:latest AS builder + +ENV LANG=C.UTF-8 +ENV PYTHONDONTWRITEBYTECODE=1 +ENV PYTHONUNBUFFERED=1 +ENV PATH="/app/venv/bin:$PATH" + +WORKDIR /app + +RUN python -m venv /app/venv +COPY requirements.txt . + +# Install any additional packages if needed using apt +# RUN apt-get update && apt-get install -y gcc && rm -rf /var/lib/apt/lists/* + +RUN pip install --no-cache-dir -r requirements.txt + +FROM python:latest + +WORKDIR /app + +ENV PYTHONUNBUFFERED=1 +ENV PATH="/app/venv/bin:$PATH" + +COPY app.py ./ +COPY --from=builder /app/venv /app/venv + +ENTRYPOINT [ "python", "/app/app.py" ] +``` + +{{< /tab >}} +{{< tab name="After (multi-stage)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +# === Build stage: Install dependencies and create virtual environment === +FROM dhi.io/python:3.13-alpine3.21-dev AS builder + +ENV LANG=C.UTF-8 +ENV PYTHONDONTWRITEBYTECODE=1 +ENV PYTHONUNBUFFERED=1 +ENV PATH="/app/venv/bin:$PATH" + +WORKDIR /app + +RUN python -m venv /app/venv +COPY requirements.txt . + +# Install any additional packages if needed using apk +# RUN apk add --no-cache gcc musl-dev + +RUN pip install --no-cache-dir -r requirements.txt + +# === Final stage: Create minimal runtime image === +FROM dhi.io/python:3.13-alpine3.21 + +WORKDIR /app + +ENV PYTHONUNBUFFERED=1 +ENV PATH="/app/venv/bin:$PATH" + +COPY app.py ./ +COPY --from=builder /app/venv /app/venv + +ENTRYPOINT [ "python", "/app/app.py" ] +``` + +{{< /tab >}} +{{< tab name="After (single-stage)" >}} + +```dockerfile +#syntax=docker/dockerfile:1 + +FROM dhi.io/python:3.13-alpine3.21-dev + +ENV LANG=C.UTF-8 +ENV PYTHONDONTWRITEBYTECODE=1 +ENV PYTHONUNBUFFERED=1 +ENV PATH="/app/venv/bin:$PATH" + +WORKDIR /app + +RUN python -m venv /app/venv +COPY requirements.txt . + +# Install any additional packages if needed using apk +# RUN apk add --no-cache gcc musl-dev + +RUN pip install --no-cache-dir -r requirements.txt + +COPY app.py ./ + +ENTRYPOINT [ "python", "/app/app.py" ] +``` + +{{< /tab >}} +{{< /tabs >}} diff --git a/content/manuals/dhi/migration/migrate-from-doi.md b/content/manuals/dhi/migration/migrate-from-doi.md new file mode 100644 index 0000000000..d8b77ba896 --- /dev/null +++ b/content/manuals/dhi/migration/migrate-from-doi.md @@ -0,0 +1,110 @@ +--- +title: Migrate from Alpine or Debian +description: Step-by-step guide to migrate from Docker Official Images to Docker Hardened Images +weight: 20 +keywords: docker official images, doi, migration, dhi, alpine, debian +--- + +Docker Hardened Images (DHI) come in both [Alpine-based and Debian-based +variants](../explore/available.md). In many cases, migrating from another image +based on these distributions is as simple as changing the base image in your +Dockerfile. + +This guide helps you migrate from an existing Alpine-based or Debian-based +Docker Official Image (DOI) to DHI. + +If you're currently using a Debian-based Docker Official Image, migrate to the +Debian-based DHI variant. If you're using an Alpine-based image, migrate to the +Alpine-based DHI variant. This minimizes changes to package management and +dependencies during migration. + +## Key differences + +When migrating from non-hardened images to DHI, be aware of these key differences: + +| Item | Non-hardened images | Docker Hardened Images | +|:-------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Package management | Package managers generally available in all images. | Package managers generally only available in images with a `dev` tag. Runtime images don't contain package managers. Use multi-stage builds and copy necessary artifacts from the build stage to the runtime stage. | +| Non-root user | Usually runs as root by default | Runtime variants run as the nonroot user by default. Ensure that necessary files and directories are accessible to the nonroot user. | +| Multi-stage build | Optional | Recommended. Use images with a `dev` or `sdk` tags for build stages and non-dev images for runtime. | +| TLS certificates | May need to be installed | Contain standard TLS certificates by default. There is no need to install TLS certificates. | +| Ports | Can bind to privileged ports (below 1024) when running as root | Run as a nonroot user by default. Applications can't bind to privileged ports (below 1024) when running in Kubernetes or in Docker Engine versions older than 20.10. Configure your application to listen on port 1025 or higher inside the container. | +| Entry point | Varies by image | May have different entry points than Docker Official Images. Inspect entry points and update your Dockerfile if necessary. | +| No shell | Shell generally available in all images | Runtime images don't contain a shell. Use `dev` images in build stages to run shell commands and then copy artifacts to the runtime stage. | + +## Migration steps + +### Step 1: Update the base image in your Dockerfile + +Update the base image in your application's Dockerfile to a hardened image. This +is typically going to be an image tagged as `dev` or `sdk` because it has the tools +needed to install packages and dependencies. + +The following example diff snippet from a Dockerfile shows the old base image +replaced by the new hardened image. + +> [!NOTE] +> +> You must authenticate to `dhi.io` before you can pull Docker Hardened Images. +> Run `docker login dhi.io` to authenticate. + + +```diff +- ## Original base image +- FROM golang:1.25 + ++ ## Updated to use hardened base image ++ FROM dhi.io/golang:1.25-debian12-dev +``` + +Note that DHI does not have a `latest` tag in order to promote best practices +around image versioning. Ensure that you specify the appropriate version tag for +your image. To find the right tag, explore the available tags in the [DHI +Catalog](https://hub.docker.com/hardened-images/catalog/). In addition, the +distribution base is specified in the tag (for example, `-alpine3.22` or +`-debian12`), so be sure to select the correct variant for your application. + +### Step 2: Update the runtime image in your Dockerfile + +> [!NOTE] +> +> Multi-stage builds are recommended to keep your final image minimal and +> secure. Single-stage builds are supported, but they include the full `dev` image +> and therefore result in a larger image with a broader attack surface. + +To ensure that your final image is as minimal as possible, you should use a +[multi-stage build](/manuals/build/building/multi-stage.md). All stages in your +Dockerfile should use a hardened image. While intermediary stages will typically +use images tagged as `dev` or `sdk`, your final runtime stage should use a runtime image. + +Utilize the build stage to compile your application and copy the resulting +artifacts to the final runtime stage. This ensures that your final image is +minimal and secure. + +The following example shows a multi-stage Dockerfile with a build stage and runtime stage: + +```dockerfile +# Build stage +FROM dhi.io/golang:1.25-debian12-dev AS builder +WORKDIR /app +COPY . . +RUN go build -o myapp + +# Runtime stage +FROM dhi.io/golang:1.25-debian12 +WORKDIR /app +COPY --from=builder /app/myapp . +ENTRYPOINT ["/app/myapp"] +``` + +After updating your Dockerfile, build and test your application. If you encounter +issues, see the [Troubleshoot](/manuals/dhi/troubleshoot.md) guide for common +problems and solutions. + +## Language-specific examples + +See the examples section for language-specific migration examples: + +- [Go](examples/go.md) +- [Python](examples/python.md) +- [Node.js](examples/node.md) diff --git a/content/manuals/dhi/migration/migrate-from-wolfi.md b/content/manuals/dhi/migration/migrate-from-wolfi.md new file mode 100644 index 0000000000..1cca348fb8 --- /dev/null +++ b/content/manuals/dhi/migration/migrate-from-wolfi.md @@ -0,0 +1,91 @@ +--- +title: Migrate from Wolfi +description: Step-by-step guide to migrate from Wolfi distribution images to Docker Hardened Images +weight: 30 +keywords: wolfi, chainguard, migration, dhi +--- + +This guide helps you migrate from Wolfi-based images to Docker Hardened +Images (DHI). Generally, the migration process is straightforward since Wolfi is +Alpine-like and DHI provides an Alpine-based hardened image. + +Like other hardened images, DHI provides comprehensive +[attestations](/dhi/core-concepts/attestations/) including SBOMs and provenance, +allowing you to [verify](/manuals/dhi/how-to/verify.md) image signatures and +[scan](/manuals/dhi/how-to/scan.md) for vulnerabilities to ensure the security +and integrity of your images. + +## Migration steps + +The following example demonstrates how to migrate a Dockerfile from a +Wolfi-based image to an Alpine-based Docker Hardened Image. + +### Step 1: Update the base image in your Dockerfile + +Update the base image in your application's Dockerfile to a hardened image. This +is typically going to be an image tagged as `dev` or `sdk` because it has the tools +needed to install packages and dependencies. + +The following example diff snippet from a Dockerfile shows the old base image +replaced by the new hardened image. + +> [!NOTE] +> +> You must authenticate to `dhi.io` before you can pull Docker Hardened Images. +> Run `docker login dhi.io` to authenticate. + +```diff +- ## Original base image +- FROM cgr.dev/chainguard/go:latest-dev + ++ ## Updated to use hardened base image ++ FROM dhi.io/golang:1.25-alpine3.22-dev +``` + +Note that DHI does not have a `latest` tag in order to promote best practices +around image versioning. Ensure that you specify the appropriate version tag for your image. To find the right tag, explore the available tags in the [DHI Catalog](https://hub.docker.com/hardened-images/catalog/). + +### Step 2: Update the runtime image in your Dockerfile + +> [!NOTE] +> +> Multi-stage builds are recommended to keep your final image minimal and +> secure. Single-stage builds are supported, but they include the full `dev` image +> and therefore result in a larger image with a broader attack surface. + +To ensure that your final image is as minimal as possible, you should use a +[multi-stage build](/manuals/build/building/multi-stage.md). All stages in your +Dockerfile should use a hardened image. While intermediary stages will typically +use images tagged as `dev` or `sdk`, your final runtime stage should use a runtime image. + +Utilize the build stage to compile your application and copy the resulting +artifacts to the final runtime stage. This ensures that your final image is +minimal and secure. + +The following example shows a multi-stage Dockerfile with a build stage and runtime stage: + +```dockerfile +# Build stage +FROM dhi.io/golang:1.25-alpine3.22-dev AS builder +WORKDIR /app +COPY . . +RUN go build -o myapp + +# Runtime stage +FROM dhi.io/golang:1.25-alpine3.22 +WORKDIR /app +COPY --from=builder /app/myapp . +ENTRYPOINT ["/app/myapp"] +``` + +After updating your Dockerfile, build and test your application. If you encounter +issues, see the [Troubleshoot](/manuals/dhi/troubleshoot.md) guide for common +problems and solutions. + +## Language-specific examples + +See the examples section for language-specific migration examples: + +- [Go](examples/go.md) +- [Python](examples/python.md) +- [Node.js](examples/node.md) diff --git a/content/manuals/dhi/migration/migrate-with-ai.md b/content/manuals/dhi/migration/migrate-with-ai.md new file mode 100644 index 0000000000..1bded182c5 --- /dev/null +++ b/content/manuals/dhi/migration/migrate-with-ai.md @@ -0,0 +1,43 @@ +--- +title: Migrate using Docker's AI-powered assistant +linktitle: AI-assisted migration +description: Use Docker's AI-powered assistant to automatically migrate your Dockerfile to Docker Hardened Images +weight: 15 +keywords: ai assistant, migrate dockerfile, docker hardened images, automated migration +params: + sidebar: + badge: + color: violet + text: Experimental +--- + +{{< summary-bar feature_name="Ask Gordon DHI migration" >}} + +You can use Docker's AI-powered assistant, to automatically migrate your +Dockerfile to use Docker Hardened Images (DHI). + +1. Ensure Docker's AI-powered assistant is [enabled](/manuals/ai/gordon.md#enable-ask-gordon). +1. In the assistant's Toolbox, ensure the [Developer MCP Toolkit is enabled](/manuals/ai/gordon/mcp/built-in-tools.md#configuration). +1. In the terminal, navigate to the directory containing your Dockerfile. +1. Start a conversation with the assistant: + ```bash + docker ai + ``` +1. Type: + ```console + "Migrate my dockerfile to DHI" + ``` +1. Follow the conversation with the assistant. The assistant will edit your Dockerfile, so when + it requests access to the filesystem and more, type `yes` to allow the assistant to proceed. + +When the migration is complete, you see a success message: + +```text +The migration to Docker Hardened Images (DHI) is complete. The updated Dockerfile +successfully builds the image, and no vulnerabilities were detected in the final image. +The functionality and optimizations of the original Dockerfile have been preserved. +``` + +> [!IMPORTANT] +> +> As with any AI tool, you must verify the assistant's edits and test your image. diff --git a/data/summary.yaml b/data/summary.yaml index 09e4edddef..006bd9efaf 100644 --- a/data/summary.yaml +++ b/data/summary.yaml @@ -16,6 +16,9 @@ Amazon S3 cache: Ask Gordon: availability: Beta requires: Docker Desktop [4.38.0](/manuals/desktop/release-notes.md#4380) or later +Ask Gordon DHI migration: + availability: Experimental + requires: Docker Desktop [4.38.0](/manuals/desktop/release-notes.md#4380) or later Automated builds: subscription: [Pro, Team, Business] Azure blob: @@ -167,10 +170,7 @@ Docker Desktop CLI logs: Docker Desktop CLI kubernetes: requires: Docker Desktop 4.44 and later Docker Hardened Images: - subscription: [Docker Hardened Images] -Docker Hardened Image charts: - availability: Early Access - subscription: [Docker Hardened Images] + subscription: [Docker Hardened Images Enterprise] Docker Init: requires: Docker Desktop [4.27](/manuals/desktop/release-notes.md#4270) and later Docker Model Runner: diff --git a/layouts/partials/content-default.html b/layouts/partials/content-default.html index 85f9738b38..f47a11f743 100644 --- a/layouts/partials/content-default.html +++ b/layouts/partials/content-default.html @@ -2,7 +2,7 @@
{{ partial "breadcrumbs.html" . }}
-

{{ .Title }}

+

{{ .Title | safeHTML }}

diff --git a/layouts/shortcodes/summary-bar.html b/layouts/shortcodes/summary-bar.html index 172f81c619..d0cfe21325 100644 --- a/layouts/shortcodes/summary-bar.html +++ b/layouts/shortcodes/summary-bar.html @@ -10,7 +10,7 @@ "Pro" "person_add" "Personal" "person" "Available to all" "public" - "Docker Hardened Images" "/icons/dhi.svg" + "Docker Hardened Images Enterprise" "/icons/dhi.svg" }} {{ $availabilityIcons := dict "Experimental" "science"