-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpolicy-falco.yaml
360 lines (354 loc) · 84.2 KB
/
policy-falco.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
name: policy-falco
annotations:
policy.open-cluster-management.io/standards: NIST SP 800-53
policy.open-cluster-management.io/categories: SI System and Information Integrity
policy.open-cluster-management.io/controls: SI-5 Security Alerts, Advisories, and Directives
spec:
remediationAction: enforce
disabled: false
policy-templates:
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: policy-falco-ns
spec:
remediationAction: enforce # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction.
severity: low
namespaceSelector:
exclude: ["kube-*"]
include: ["*"]
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: v1
kind: Namespace
metadata:
name: falco-operator
spec: {}
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: policy-falco-csv
spec:
remediationAction: enforce # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction.
severity: low
namespaceSelector:
exclude: ["kube-*"]
include: ["*"]
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
name: falco-operator.v1.2.0
namespace: falco-operator
annotations:
capabilities: "Basic Install"
categories: "Security"
certified: "true"
description: |-
The Falco Project is an open source runtime security tool.
containerImage: registry.connect.redhat.com/sysdig/falco-operator
support: Sysdig, Inc.
repository: https://github.com/sysdiglabs/falco-operator/
alm-examples: |-
[
{
"apiVersion": "falco.org/v1",
"kind": "Falco",
"metadata": {
"name": "example-falco"
},
"spec": {}
}
]
spec:
apiservicedefinitions: {}
maturity: stable
customresourcedefinitions:
owned:
- kind: Falco
displayName: Falco daemonSet
description: Represents a Falco Agent running on each node of your cluster.
name: falcos.falco.org
version: v1
description: |-
[Falco](https://falco.org) is a behavioral activity monitor designed to
detect anomalous activity in your applications. You can use Falco to
monitor run-time security of your Kubernetes applications and internal
components.
This operator installs Falco in all nodes in your cluster via a DaemonSet.
## Settings
This operator, uses the same options than the Helm Chart please take a look
to all the options in the following table:
| Parameter | Description | Default |
| --- | --- | --- |
| `image.registry` | The image registry to pull from | `docker.io` |
| `image.repository` | The image repository to pull from | `falcosecurity/falco` |
| `image.tag` | The image tag to pull | `0.24.0` |
| `image.pullPolicy` | The image pull policy | `IfNotPresent` |
| `containerd.enabled` | Enable ContainerD support | `true` |
| `containerd.socket` | The path of the ContainerD socket | `/run/containerd/containerd.sock` |
| `docker.enabled` | Enable Docker support | `true` |
| `docker.socket` | The path of the Docker daemon socket | `/var/run/docker.sock` |
| `resources.requests.cpu` | CPU requested for being run in a node | `100m` |
| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` |
| `resources.limits.cpu` | CPU limit | `200m` |
| `resources.limits.memory` | Memory limit | `1024Mi` |
| `extraArgs` | Specify additional container args | `[]` |
| `rbac.create` | If true, create & use RBAC resources | `true` |
| `serviceAccount.create` | Create serviceAccount | `true` |
| `serviceAccount.name` | Use this value as serviceAccountName | ` ` |
| `fakeEventGenerator.enabled` | Run falco-event-generator for sample events | `false` |
| `fakeEventGenerator.replicas` | How many replicas of falco-event-generator to run | `1` |
| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` |
| `daemonset.env` | Extra environment variables passed to daemonset pods | `{}` |
| `daemonset.podAnnotations` | Extra pod annotations to be added to pods created by the daemonset | `{}` |
| `podSecurityPolicy.create` | If true, create & use podSecurityPolicy | `false` |
| `proxy.httpProxy` | Set the Proxy server if is behind a firewall | ` ` |
| `proxy.httpsProxy` | Set the Proxy server if is behind a firewall | ` ` |
| `proxy.noProxy` | Set the Proxy server if is behind a firewall | ` ` |
| `timezone` | Set the daemonset's timezone | ` ` |
| `priorityClassName` | Set the daemonset's priorityClassName | ` ` |
| `ebpf.enabled` | Enable eBPF support for Falco instead of `falco-probe` kernel module | `false` |
| `ebpf.settings.hostNetwork` | Needed to enable eBPF JIT at runtime for performance reasons | `true` |
| `auditLog.enabled` | Enable K8s audit log support for Falco | `false` |
| `auditLog.dynamicBackend.enabled` | Deploy the Audit Sink where Falco listens for K8s audit log events | `false` |
| `auditLog.dynamicBackend.url` | Define if Audit Sink client config should point to a fixed [url](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#url) (useful for development) instead of the default webserver service. | `` |
| `falco.rulesFile` | The location of the rules files | `[/etc/falco/falco_rules.yaml, /etc/falco/falco_rules.local.yaml, /etc/falco/rules.available/application_rules.yaml, /etc/falco/rules.d]` |
| `falco.timeFormatISO8601` | Display times using ISO 8601 instead of local time zone | `false` |
| `falco.jsonOutput` | Output events in json or text | `false` |
| `falco.jsonIncludeOutputProperty` | Include output property in json output | `true` |
| `falco.logStderr` | Send Falco debugging information logs to stderr | `true` |
| `falco.logSyslog` | Send Falco debugging information logs to syslog | `true` |
| `falco.logLevel` | The minimum level of Falco debugging information to include in logs | `info` |
| `falco.priority` | The minimum rule priority level to load and run | `debug` |
| `falco.bufferedOutputs` | Use buffered outputs to channels | `false` |
| `falco.syscallEventDrops.actions` | Actions to be taken when system calls were dropped from the circular buffer | `[log, alert]` |
| `falco.syscallEventDrops.rate` | Rate at which log/alert messages are emitted | `.03333` |
| `falco.syscallEventDrops.maxBurst` | Max burst of messages emitted | `10` |
| `falco.outputs.rate` | Number of tokens gained per second | `1` |
| `falco.outputs.maxBurst` | Maximum number of tokens outstanding | `1000` |
| `falco.syslogOutput.enabled` | Enable syslog output for security notifications | `true` |
| `falco.fileOutput.enabled` | Enable file output for security notifications | `false` |
| `falco.fileOutput.keepAlive` | Open file once or every time a new notification arrives | `false` |
| `falco.fileOutput.filename` | The filename for logging notifications | `./events.txt` |
| `falco.stdoutOutput.enabled` | Enable stdout output for security notifications | `true` |
| `falco.webserver.enabled` | Enable Falco embedded webserver to accept K8s audit events | `true` |
| `falco.webserver.listenPort` | Port where Falco embedded webserver listen to connections | `8765` |
| `falco.webserver.k8sAuditEndpoint` | Endpoint where Falco embedded webserver accepts K8s audit events | `/k8s-audit` |
| `falco.programOutput.enabled` | Enable program output for security notifications | `false` |
| `falco.programOutput.keepAlive` | Start the program once or re-spawn when a notification arrives | `false` |
| `falco.programOutput.program` | Command to execute for program output | `mail -s "Falco Notification" [email protected]` |
| `falco.httpOutput.enabled` | Enable http output for security notifications | `false` |
| `falco.httpOutput.url` | Url to notify using the http output when a notification arrives | `http://some.url` |
| `falco.grpc.enabled` | Enable the Falco gRPC server | `false`
| `falco.grpc.listenPort` | Port where Falco gRPC server listen to connections | `5060`
| `falco.grpc.threadiness` | Number of threads (and context) the gRPC server will use | `8`
| `falco.grpc.privateKey` | Key file path for the Falco gRPC server | `/etc/falco/certs/server.key`
| `falco.grpc.certChain` | Cert file path for the Falco gRPC server | `/etc/falco/certs/server.crt`
| `falco.grpc.rootCerts` | CA root file path for the Falco gRPC server | `/etc/falco/certs/ca.crt`
| `falco.grpcOutput.enabled` | Enable the gRPC output and events will be kept in memory until you read them with a gRPC client. | `false` |
| `customRules` | Third party rules enabled for Falco | `{}` |
| `integrations.gcscc.enabled` | Enable Google Cloud Security Command Center integration | `false` |
| `integrations.gcscc.webhookUrl` | The URL where sysdig-gcscc-connector webhook is listening | `http://sysdig-gcscc-connector.default.svc.cluster.local:8080/events` |
| `integrations.gcscc.webhookAuthenticationToken` | Token used for authentication and webhook | `b27511f86e911f20b9e0f9c8104b4ec4` |
| `integrations.natsOutput.enabled` | Enable NATS Output integration | `false` |
| `integrations.natsOutput.natsUrl` | The NATS' URL where Falco is going to publish security alerts | `nats://nats.nats-io.svc.cluster.local:4222` |
| `integrations.pubsubOutput.credentialsData` | Contents retrieved from `cat $HOME/.config/gcloud/legacy_credentials/<email>/adc.json | ` ` |
| `integrations.pubsubOutput.enabled` | Enable GCloud PubSub Output Integration | `false` |
| `integrations.pubsubOutput.projectID` | GCloud Project ID where the Pub/Sub will be created | ` ` |
| `integrations.snsOutput.enabled` | Enable Amazon SNS Output integration | `false` |
| `integrations.snsOutput.topic` | The SNS topic where Falco is going to publish security alerts | ` ` |
| `integrations.snsOutput.aws_access_key_id` | The AWS Access Key Id credentials for access to SNS n | ` ` |
| `integrations.snsOutput.aws_secret_access_key` | The AWS Secret Access Key credential to access to SNS | ` ` |
| `integrations.snsOutput.aws_default_region` | The AWS region where SNS is deployed | ` ` |
| `nodeSelector` | The node selection constraint | `{}` |
| `affinity` | The affinity constraint | `{}` |
| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` |
For example, if you want to deploy a DaemonSet with eBPF enabled:
```yaml
apiVersion: falco.org/v1
kind: Falco
metadata:
name: falco-with-ebpf
spec:
ebpf:
enabled: true
```
displayName: Falco Operator
keywords:
- security
- alerting
- troubleshooting
- run-time
maintainers:
- name: Néstor Salceda
email: [email protected]
provider:
name: Sysdig
links:
- name: Falco
url: https://falco.org
- name: Documentation
url: https://falco.org/docs/
- name: Helm Chart
url: https://github.com/falcosecurity/charts/tree/master/falco
- name: Falco Operator
url: https://github.com/sysdiglabs/falco-operator
- name: Configuration Options
url: https://github.com/falcosecurity/charts/tree/master/falco#configuration
icon:
- base64data: iVBORw0KGgoAAAANSUhEUgAABKgAAAHbCAYAAADvU6LtAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDUuNC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KTMInWQAAQABJREFUeAHs3Ut220b+//0q+DqTnxVIvxVInsTWKOxhjuxjZQVWryDKCqKsIOoVhFmB5WP7ZNjMSE4mllbQ0gr+1sw3EU99AdOiJJICwEJd3zxxRIJAXV4FUeSHBUApbggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACrgW06wpb1/fi3QN1+9NAqfGGKgrzc3Irj5Qy/wo1Uj9snkyW8hMBBBBAAAEEEEAAAQQQQAABBBBAIC6BcAOqKpj6sKu03jWkK4tZyz/ULbVHULVYiWcRQAABBBBAAAEEEEAAAQQQQACBEAXCDKje/LOhyvHQgK23QivLX9XTzb1W27AyAggggAACCCCAAAIIIIAAAggggIBXgfACKpk5defjyKi0C6cuGI/V53sD9ePD9xeLuIcAAggggAACCCCAAAIIIIAAAgggEKpAEVzD7nzYN23qGk5Jd9ZNwHWkZBYWNwQQQAABBBBAAAEEEEAAAQQQQACB4AXCmkH15+GaOtf/s6R2pnQxUFvfHVkqj2IQQAABBBBAAAEEEEAAAQQQQAABBHoQCGsG1bnettjHFXMeqxEzqSyKUhQCCCCAAAIIIIAAAggggAACCCDQg0BYAZW2GlAJFyFVDzsNRSKAAAIIIIAAAggggAACCCCAAAI2BcIKqMrye5ud+1oWIVUPqBSJAAIIIIAAAggggAACCCCAAAII2BIIK6Cy1avr5RBSXTdhCQIIIIAAAggggAACCCCAAAIIIBCEQC4BlWATUgWxy9EIBBBAAAEEEEAAAQQQQAABBBBA4LJATgGV9JyQ6vL48wgBBBBAAAEEEEAAAQQQQAABBBDwLhBaQHXsQISQygEyVSCAAAIIIIAAAggggAACCCCAAAJNBcIKqLQaNW34kusRUi0JyOYIIIAAAggggAACCCCAAAIIIICALYGwAqqi3LfVsQblEFI1QGIVBBBAAAEEEEAAAQQQQAABBBBAoG+BsAKqHzZPlCr/6LvTU+UTUk1hcBcBBBBAAAEEEEAAAQQQQAABBBDwIRBWQCUCn+/vmv+fOcQgpHKITVUIIIAAAggggAACCCCAAAIIIIDAVYHwAqofH75Xpd652tCeHxNS9QxM8QgggAACCCCAAAIIIIAAAggggMA8gfACKmnp00cHSqv/zGt0T8sJqXqCpVgEEEAAAQQQQAABBBBAAAEEEEBgkYBe9KT3514fDpXSzx2340zpYqC2vjtyXC/VIYAAAggggAACCCCAAAIIIIAAAlkKhB1QyZAQUmW5Y9JpBBBAAAEEEEAAAQQQQAABBBDIRyD8gErGgpAqnz2SniKAAAIIIIAAAggggAACCCCAQHYCcQRUMiyEVNntnHQYAQQQQAABBBBAAAEEEEAAAQTyEIgnoJLxIKTKY6+klwgggAACCCCAAAIIIIAAAgggkJVAXAGVDA0hVVY7KJ1FAAEEEEAAAQQQQAABBBBAAIH0BeILqGRMCKnS3zPpIQIIIIAAAggggAACCCCAAAIIZCMQZ0Alw0NIlc1OSkcRQAABBBBAAAEEEEAAAQQQQCBtgXgDKhkXQqq09056hwACCCCAAAIIIIAAAggggAACWQjEHVDJEBFSZbGj0kkEEEAAAQQQQAABBBBAAAEEEEhXIP6ASsaGkCrdPZSeIYAAAggggAACCCCAAAIIIIBA8gJpBFQyTIRUye+sdBABBBBAAAEEEEAAAQQQQAABBNIUSCegkvEhpEpzL6VXCCCAAAIIIIAAAggggAACCCCQtEBaAZUMFSFV0jssnUMAAQQQQAABBBBAAAEEEEAAgfQEiuS69Pn+runTseN+rahyPFJv/tlwXC/VIYAAAggggAACCCCAAAIIIIAAAtELpDeDSobkxbsH6s7Hkbm3Lg8d3s6ULgZq67sjh3VSFQIIIIAAAggggAACCCCAAAIIIBC1QJoBlQwJIVXUOyaNRwABBBBAAAEEEEAAAQQQQACBfATSDahkDAmp8tmT6SkCCCCAAAIIIIAAAggggAACCEQrkHZAJcNCSBXtzknDEUAAAQQQQAABBBBAAAEEEEAgD4H0AyoZR0KqPPZmeokAAggggAACCCCAAAIIIIAAAlEK5BFQydAQUkW5g9JoBBBAAAEEEEAAAQQQQAABBBBIXyCfgErGkpAq/T2aHiKAAAIIIIAAAggggAACCCCAQHQCeQVUMjyEVNHtpDQYAQQQQAABBBBAAAEEEEAAAQTSFsgvoJLxJKRKe6+mdwgggAACCCCAAAIIIIAAAgggEJVAngGVDBEhVVQ7Ko1FAAEEEEAAAQQQQAABBBBAAIF0BfINqGRMCanS3bPpGQIIIIAAAggggAACCCCAAAIIRCOQd0Alw0RIFc3OSkMRQAABBBBAAAEEEEAAAQQQQCBNAQIqGVdCqjT3bnqFAAIIIIAAAggggAACCCCAAAJRCBBQTYaJkGoiwU8EEEAAAQQQQAABBBBAAAEEEEDAqQAB1TQ3IdW0BvcRQAABBBBAAAEEEEAAAQQQQAABJwIEVFeZCamuivAYAQQQQAABBBBAAAEEEEAAAQQQ6FWAgGoWLyHVLBWWIYAAAggggAACCCCAAAIIIIAAAr0IEFDNYyWkmifDcgQQQAABBBBAAAEEEEAAAQQQQMCqAAHVIk5CqkU6PIcAAggggAACCCCAAAIIIIAAAghYESCguomRkOomIZ5HAAEEEEAAAQQQQAABBBBAAAEElhIgoGrCR0jVRIl1EEAAAQQQQAABBBBAAAEEEEAAgU4CBFRN2QipmkqxHgIIIIAAAggggAACCCCAAAIIINBKgICqDRchVRst1kUAAQQQQAABBBBAAAEEEEAAAQQaCRBQNWKaWomQagqDuwgggAACCCCAAAIIIIAAAggggMDyAgRUXQwJqbqosQ0CCCCAAAIIIIAAAggggAACCCAwU4CAaiZLg4WEVA2QWAUBBBBAAAEEEEAAAQQQQAABBBC4WYCA6maj+WsQUs234RkEEEAAAQQQQAABBBBAAAEEEECgoQABVUOouasRUs2l4QkEEEAAAQQQQAABBBBAAAEEEECgiQABVROlm9YhpLpJiOcRQAABBBBAAAEEEEAAAQQQQACBuQIEVHNpWj5BSNUSjNURQAABBBBAAAEEEEAAAQQQQACBWoCAyuaeQEhlU5OyEEAAAQQQQAABBBBAAAEEEEAgEwECKtsDTUhlW5TyEEAAAQQQQAABBBBAAAEEEEAgcQECqj4GmJCqD1XKRAABBBBAAAEEEEAAAQQQQACBRAUIqPoaWEKqvmQpFwEEEEAAAQQQQAABBBBAAAEEEhMgoOpzQAmp+tSlbAQQQAABBBBAAAEEEEAAAQQQSESAgKrvgSSk6luY8hFAAAEEEEAAAQQQQAABBBBAIHIBAioXA0hI5UKZOhBAAAEEEEAAAQQQQAABBBBAIFIBAipXA0dI5UqaehBAAAEEEEAAAQQQQAABBBBAIDIBAiqXA0ZI5VKbuhBAAAEEEEAAAQQQQAABBBBAIBIBAirXA0VI5Vqc+hBAAAEEEEAAAQQQQAABBBBAIHCBtAOqV4cDpdWOUnpgxmF1aixeKl0eqK3N4dQyd3cJqdxZUxMCCCCAAAIIIIAAAggggAACCAQvkGZAVQVAH/ZNMPX8hhE4VaXeVU8fHdywnv2nCansm1IiAggggAACCCCAAAIIIIAAAghEKZBeQNUp+Cn/UJ/v76ofH753Ooqd2mqlhWdKFwO19d2RldIoBAEEEEAAAQQQQAABBBBAAAEEEFhCIK2Aqg58JHSZPpyvKc+x+nxvQEjVlIv1EEAAAQQQQAABBBBAAAEEEEAAATsChZ1iAinlzseRaUmXcEo6sK5kewm5XN5k1pYEY0odu6zW1LWiyvFIvflnw3G9VIcAAggggAACCCCAAAIIIIAAAghcEkgnoHr9dtf0bP1S79o/IKRqb8YWCCCAAAIIIIAAAggggAACCCCAwFIC6QRUSu0tJXGxcR1S/Xm4drHIwT1mUjlApgoEEEAAAQQQQAABBBBAAAEEEAhRII2A6tXf2wZ3xSLwujrXR84PfyOksjiEFIUAAggggAACCCCAAAIIIIAAArEIpBFQqXEf51Hyc44mQqpYfndoJwIIIIAAAggggAACCCCAAAIIWBJII6DSuo+ASogJqSztaBSDAAIIIIAAAggggAACCCCAAAIIzBNIJaB6MK+DFpYTUllApAgEEEAAAQQQQAABBBBAAAEEEEBgnkAaAdV4PJrXQUvLCaksQVIMAggggAACCCCAAAIIIIAAAgggcFUgjYCqUCdXO9bDY0KqHlApEgEEEEAAAQQQQAABBBBAAAEEEEgloBo5GkpCKkfQVIMAAggggAACCCCAAAIIIIAAAvkIpBFQ/bB5YobspaNhI6RyBE01CCCAAAIIIIAAAggggAACCCCQh0AaAZWMVVnuOxwyQiqH2FSFAAIIIIAAAggggAACCCCAAAJpC6QTUD3dHJmhcjWLSvYKQipR4IYAAggggAACCCCAAAIIIIAAAggsKZBOQCUQn+/tmP+fyV1HN0IqR9BUgwACCCCAAAIIIIAAAggggAAC6QqkFVD9+PC9OdRv2/FwEVI5Bqc6BBBAAAEEEEAAAQQQQAABBBBISyCtgErGRg710+W/HQ8TIZVjcKpDAAEEEEAAAQQQQAABBBBAAIF0BNILqGRstjaH5qzpfzgeJkIqx+BUhwACCCCAAAIIIIAAAggggAACaQjoNLoxpxevD4dK6edznu1r8ZnSxUBtfXfUVwUzy33x7oG683Fknluf+Xx/C/30t7/+UDICCCCAAAIIIIAAAggggAACCDgWSDugEkxCKhe7FCGVC2XqQAABBBBAAAEEEEAAAQQQQCBRgfQDKhk4QioXuy8hlQtl6kAAAQQQQAABBBBAAAEEEEAgQYE8AioZOEIqF7svIZULZepAAAEEEEAAAQQQQAABBBBAIDGBfAIqGThCKhe7LyGVC2XqQAABBBBAAAEEEEAAAQQQQCAhgbwCKhk4QioXuy8hlQtl6kAAAQQQQAABBBBAAAEEEEAgEYH8AioZOEIqF7svIZULZepAAAEEEEAAAQQQQAABBBBAIAGBPAMqGThCKhe7LyGVC2XqQAABBBBAAAEEEEAAAQQQQCBygXwDKhk4QioXuy8hlQtl6kAAAQQQQAABBBBAAAEEEEAgYoG8AyoZOEIqF7svIZULZepAAAEEEEAAAQQQQAABBBBAIFIBAioZOEIqF7svIZULZepAAAEEEEAAAQQQQAABBBBAIEIBAqrJoBFSTST6/ElI1acuZSOAAAIIIIAAAggggAACCCAQqQAB1fTAEVJNa/R1n5CqL1nKRQABBBBAAAEEEEAAAQQQQCBSAQKqqwNHSHVVpI/HhFR9qFImAggggAACCCCAAAIIIIAAApEKEFDNGjhCqlkqtpcRUtkWpTwEEEAAAQQQQAABBBBAAAEEIhUgoJo3cIRU82RsLieksqlJWQgggAACCCCAAAIIIIAAAghEKkBAtWjgCKkW6dh6jpDKliTlIIAAAggggAACCCCAAAIIIBCpAAHVTQNHSHWTkI3nCalsKFIGAggggAACCCCAAAIIIIAAApEKEFA1GThCqiZKy65DSLWsINsjgAACCCCAAAIIIIAAAgggEKkAAVXTgSOkaiq1zHqEVMvosS0CCCCAAAIIIIAAAggggAACkQoQULUZOEKqNlpd1yWk6irHdggggAACCCCAAAIIIIAAAghEKkBA1XbgCKnainVZn5CqixrbIIAAAggggAACCCCAAAIIIBCpAAFVl4EjpOqi1nYbQqq2YqyPAAIIIIAAAggggAACCCCAQKQCBFRdB46Qqqtcm+0IqdposS4CCCCAAAIIIIAAAggggAACkQoQUC0zcIRUy+g13ZaQqqkU6yGAAAIIIIAAAggggAACCCAQqQAB1bIDR0i1rGCT7QmpmiixDgIIIIAAAggggAACCCCAAAKRChBQ2Rg4QiobijeVQUh1kxDPI4AAAggggAACCCCAAAIIIBCpAAGVrYEjpLIluagcQqpFOjyHAAIIIIAAAggggAACCCCAQKQCBFQ2B46QyqbmvLIIqebJsBwBBBBAAAEEEEAAAQQQQACBSAUIqGwPHCGVbdFZ5RFSzVJhGQIIIIAAAggggAACCCCAAAKRChBQ9TFwhFR9qF4tk5DqqgiPEUAAAQQQQAABBBBAAAEEEIhUgICqr4EjpOpLdrpcQqppDe4jgAACCCCAAAIIIIAAAgggEKlAEWm7w2/25/u7ppHHjhu6osrxSL35Z8NpvT8+fK8+3xtk01+nuFSGAAIIIIAAAggggAACCCCAQPoCzKDqc4xfvHug7nwcmSrW+6xmRtl+Zhbl1t8Z8CxCAAEEEEAAAQQQQAABBBBAAIH2AgRU7c3abZFbaJNbf9vtDayNAAIIIIAAAggggAACCCCAAAIzBAioZqBYX5RbaJNbf63vMBSIAAIIIIAAAggggAACCCCAQF4CBFSuxju30Ca3/rraj6gHAQQQQAABBBBAAAEEEEAAgQQFCKhcDmpuoU1u/XW5L1EXAggggAACCCCAAAIIIIAAAgkJEFC5HszcQpvc+ut6f6I+BBBAAAEEEEAAAQQQQAABBBIQIKDyMYi5hTa59dfHPkWdCCCAAAIIIIAAAggggAACCEQsQEDla/ByC21y66+v/Yp6EUAAAQQQQAABBBBAAAEEEIhQgIDK56DlFtrk1l+f+xZ11wKvDgdKqx2l9IZZsG7+HSut3ytVHqmxHqmnjw7qFfk/AggggAACCCCAAAIIIICATwECKp/6UnduoU1u/fW9f+Vc/5vDHVXq3xsQvDTrDQmrGkixCgIIIIAAAggggAACCCDQkwABVU+wrYrNLbTJrb+tdgZWtiLQPJyaru5UleVQfbm/r358aGZZcUMAAQQQQAABBBBAAAEEEHAlQEDlSvqmenILbXLr703jz/P2BLqFU9P1n5mgap+gapqE+wgggAACCCCAAAIIIIBAvwIEVP36tis9t9Amt/622xtYu4vA8uHUdK0EVdMa3EcAAQQQQAABBBBAAAEEehQgoOoRt1PRuYU2ufW3007BRo0E7IZT01WemQd76snj/emF3EcAAQQQQAABBBBAAAEEELAnQEBlz9JeSbmFNrn1196eQkkTgf7CqUkN8lPOUbWjnm6OphdyHwEEEEAAAQQQQAABBBBAYHkBAqrlDfspIbfQJrf+9rPX5Fmqm3Bq2valulXuqh82T6YXch8BBBBAAAEEEEAAAQQQQKC7QNF9U7bsVUCuIvb53sDUcdxrPdcLX1HleKTe/LNx/akel+TW3x4psyrafTglvM/UuT5Sr9/uZmVNZxFAAAEEEEAAAQQQQACBHgWYQdUjrpWic5tZlFt/rewkmRbiJ5y6jK31X0rpXbX13dHlJ3iEAAIIIIAAAggggAACCCDQRoCAqo2Wr3VzC21y66+v/SrmekMIp6b9yvJXc26qvelF3EcAAQQQQACBngReHQ5UodbU2PwrigFfFvXkTLEIIICAYwECKsfgnavLLbTJrb+dd4wMNwwtnLoYgmNzbqptzk11AcI9BBBAAAEEOgvIe8HbHzaU1uafCaKU+VmWcgqKlWtlluW/uIjJNRUWIIAAAtEJEFDFNGS5hTa59TemfdFXW8MNpyYiZ+bOnnryeH+ygJ8IIIAAAgggsECgTRA1rxgCqnkyLEcAAQSiEiCgmjdcfx6umRMhb5unB+abmwffVivHJ+ZbnJH6dP9AyYm9Xd9yC21y66/r/Smm+sIPp6Y1X5qLHOx4eY2YbgX3EUAAAQQQCEXARhA1ry8EVPNkWI4AAghEJUBAdXW4qkDkg5n9oJ9ffer64/IPdcvMlnB9ufncQpvc+nt9R2NJXOHUZLzOzKEI2xxyMOHgJwIIIIBAFgJ9BlHzAAmo5smwHAEEEIhKgIBqerje/GOObR8fmEWr04tvvm+Cqs/3d53OlsgttMmtvzfvdPmsEWc4dTE+nED9woJ7CCCAAALpCMjRBl/UWqNzRPXdawKqvoUpHwEEEHAiQEA1Ya7DqZF5eP3Ei5N1Fv80syX0jnr6SAIuN7fcQpvc+utmLwq7ltjDqYmu1n+pT3e3nYbYk7r5iQACCCCAgA2B6vQX5sgBXayZGcLf2yjSWhkEVNYoKQgBBBDwKVD4rDyYuiX4KMdD056u4ZR0ZUXp8oV6dbgnD5zc5BxYn+8NTF3HTuq7qGTFeI2UhHoub7n116VtiHWlEk6JrbyRv/PxyPnvTIjjSpsQQAABBOIUkNlScgqM0MKpODVpNQIIIIDADAECKkG5/WHX/H99hk/7RVr/ol4fDttv2HGL3EKb3PrbcbeIfrOUwqmLwVg1we47JX3jhgACCCCAAAIIIIAAAgggcEmAgEpmT2ktAZXFm/l2iZDKoueVogiproAk9jDNcOpikEr9u9PXh4uauYcAAggggAACCCCAAAIIBCtAQHX3w7YZnWUO7ZszuIRUc2DsLCaksuMYWimph1PfvOX14e2BkoCcGwIIIIAAAggggAACCCCAgCKgUnqjv/2AkKo/W1MyIVWvvM4Lzyac+ib7zJyXakRI9c2DOwgggAACCCCAAAIIIJCxAFfxe/P3qP+TPZZ/qCebO872s9yudpdbf53tSA4ryi+cmsY9NVdE2lZb3x1NL+R+oAL1ZdV3Am0dzUpB4OnmXgrdoA8JCrw6HJjTYvw3yJ5xFb8gh4VGIYAAAm0FbrfdgPW7CFQzqZSzkEpmFr14N6hmZ9g6+Xuzbk+u7jdw+mE7t/42G4t41pLztZXmdyTfm5w8/cB0fy1fgoh6LlexkothcEOgP4G9/oqmZAQQQAABBBBAIFwBDvEbj0duhsfb4X4v3fTvWy2TkKrHQye/1XVxh8P9LixiulddTCCzcErrv5QysyrL8lfz71/qVvl/6snjtZiGjbYigAACCCCAAAIIIIAAArYFmEGlCnNYTWnbdU55HmZSKbVdXzHMaQgwCamYSTVnT2CxEUg/nDo2vTwxIZR5jTGvM4U+cTqzkJ0MAQQQQAABBBBAAAEEEIhIgHNQyWC9fvve/L+HK/nN3ROO1ed7g+ok33NXsfyEnzDgzJxbx21IJWyck8ryztNDcX72xx46UhVpziFlwieZjVmYQGps/j3dHPVVGeV6Fgj5HCyeaajeksCTx7w3s0RJMZYFQn794xxUlgeb4hBAAAE/AhziJ+5lue+Yf9351buqk7Sbw4rc3iYzqTacVsvhfk65W1cWczglh+dp9R/T55+rw/M+3/v/qsPzth4NTCi1p7Y2h4RTrfcINkAAAQQQQAABBBBAAAEEzEctbpMZN+YwHLXqmIOZVH2CM5OqT91uZccTTpnD88yheaWZDaXUSN02P3/YlPvcchcIeQZB7mOTSv+ZQZXKSKbXj5Bf/5hBld7+Ro8QQCBLAQKqybD7+6NLSDUZgz5+ElL1odqtzDDDqVPTGRNEcZ6oboOa4Vb+/lZkiJ1plwmoMh34CLod8usfAVUEOxBNRAABBG4WIKCaNnrzdt/MmPhpepGj+4RUfUITUvWp26xs/+GUOR+aPuI8Uc2Gi7UWCIT8AW1Bs3kqIgECqogGK7Omhvz6R0CV2c5IdxFAIFUBzkE1PbJbj3fNQ7nylusb56TqU5xzUvWpe3PZ3sIpc841ecNanyfqgeI8UTePFWsggAACCCCAAAIIIIAAAp4ECKiuwsvV9ZQ6u7rYwWNCqj6RCan61J1fts9wSi4MIFfTk7HnhgACCCCAAAIIIIAAAgggELQAAdXV4ZEPs7oYXF3s6DEhVZ/QhFR96l4v23c4db1FLEEAAQQQQAABBBBAAAEEEAhUgIBq1sBsfXekdPnvWU85WEZI1ScyIVWfuhdlE05dWHAPAQQQQAABBBBAAAEEEEDgRgECqnlEW5tD89TP857ueTkhVZ/AhFR96ipFONWvL6UjgAACCCCAAAIIIIAAAgkKEFAtGtQnj/eVMida9nMjpOrTnZCqH13CqX5cKRUBBBBAAAEEEEAAAQQQSFyAgOqmAZYTLRNS3aS07PMrqhyP1Jt/NpYtqNX2hFStuG5c2Vs4Za68+fm+XIGTGwIIIIAAAggggAACCCCAQKQCBFRNBo6QqonSsusQUi0r6HN7r+GUufKmhI3cEEAAAQQQQAABBBBAAAEEohUgoGo6dIRUTaWWWS/PkOrFuwfLoHnflnDK+xDQAAQQQAABBBBAAAEEEEAgdgECqjYjSEjVRqvruvmFVHc+jlSsIRXhVNf9nO0QQAABBBBAAAEEEEAAAQSmBAiopjAa3SWkasS05Eq5hVTmhPgf9pc0c7854ZR7c2pEAAEEEEAAAQQQQAABBBIVIKDqMrCEVF3U2m6TWUiln6tXf2+3RfK2PuGUN3oqRgABBBBAAAEEEEAAAQRSFCCg6jqqhFRd5dpsl1dIpcv9KA71I5xqsw+zLgIIIIAAAggggAACCCCAQAMBAqoGSHNXIaSaS2PxiZxCqlV15+OORTv7RRFO2TelRAQQQAABBBBAAAEEEEAAAUVAtexOQEi1rGCT7XMKqXabgHhZh3DKCzuVIoAAAggggAACCCCAAAI5CBBQ2RhlQiobijeVkUtItar+PFy7CcP584RTzsmpEAEEEEAAAQQQQAABBBDISYCAytZoE1LZklxUTh4h1ZdiYxGC8+cIp5yTUyECCCCAAAIIIIAAAgggkJsAAZXNESeksqk5r6wMQqpxOAEV4dS8/ZDlCCCAAAIIIIAAAggggAACFgUIqCxiVkURUtkWnVVe2iFVoU5mddr5MsIp5+RUiAACCCCAAAIIIIAAAgjkKkBA1cfIE1L1oXq1zIRDqltHVzvr/DHhlHNyKkQAAQQQQAABBBBAAAEEchYgoOpr9Amp+pKdLjfFkOpUbX3nN6AinJrex7iPAAIIIIAAAggggAACCCDgQICAqk9kQqo+dSdlpxVSleVw0jEvPwmnvLBTKQIIIIAAAggggAACCCCQuwABVd97ACFV38JSvr+Q6sljc0Lz8g9LnTxWTzf3LJXVvhjCqfZmbIEAAggggAACCCCAAAIIIGBF4LaVUihksYCEVK8PzTr6+eIVe3l2Xd35OFIv3g3Ujw/f91LD1UL99HcSUg2cHyJnp79nShc7VymdPSacckZNRQj0LHCqfM/E7LmDFI8AAggggAACCCCQpoBOs1uB9spfCCAgx+rzPXchldTop78S9LgPqaS/bw53VKl/l7stb/7aLA31M05Ss/t9UmqV25+Ha2qsBubfmtJaZsG9V6W5eqJcQfHT/QNnYW7dGv4fk8Crw4HZZ/4bbJO1/kttPRoE2z4ahgAC8QqE/PpXlv8ys9BH8eLScgQQQAABEeAQP5f7AYf7udCezKQyoYPj29bm0IRjD02txy1qPvUWqEkjcwun5M31m79H6lz/rwoTtf7FKDyrZjfKfQkY73z8f+r12wMl63JDAAEEEEAAAQQQQAABBBBwIkBA5YR5qhJCqimM3u56DKnMFfjkvFS6/Lfp3enCHmr1HzOrbcP5IYmTRuUUTr1496AKnWTmS1l+PyFY8PNZNUtGgirZlhsCCCCAAAIIIIAAAggggECvAgRUvfLOKZyQag6M1cX+QirphsymevJ4zYQh/zL/fjVLXprA46+vJ1T/Wd0q/09tPd71dihZTuGUzIS68/HEjIGZKdX69uzrOdwIqVrTsQECCCCAAAIIIIAAAggg0FyAk6Q3t7K7pp0Ta3dtEydO7yrXdrv6fAijtpv1un5O4VT384JND0H9+6KU+8NGp1vBfQQQQAABBBBAAAEEEEAgYQFmUPkcXGZSudD3O5PKRQ/b1JFTOCV97XbS+lmi6+acVHuznmAZAggggAACCCCAAAIIIIDA8gIEVMsbLlcCIdVyfs22JqQSp9zCKaWfN9s9Gq6l9U7DNVkNAQQQQAABBBBAAAEEEECgpQABVUuwXlYnpOqF9UqheYdUhFNXdodOD1fVm384zK8THRshgAACCCCAAAIIIIAAAosFCKgW+7h7lpDKhXWeIRXhlL19qxwP7BVGSQgggAACCCCAAAIIIIAAAhMBAqqJRAg/CalcjEJeIRXhlN19qiy5mp9dUUpDAAEEEEAAAQQQQAABBCoBAqrQdgRCKhcjkkdIRTjlYl+iDgQQQAABBBBAAAEEEEAAAQsCBFQWEK0XQUhlnXRGgWmHVIRTM4bcwiKt31sohSIQQAABBBBAAAEEEEAAAQSuCBBQXQEJ5iEhlYuhSDOkIpzqb9/Rxai/wikZAQQQQAABBBBAAAEEEMhXgIAq5LEnpHIxOmmFVIRTfe4zp2rru6M+K6BsBBBAAAEEEEAAAQQQQCBXAQKq0EeekMrFCKURUhFO9buv6HKv3wooHQEEEEAAAQQQQAABBBDIV4CAKoaxJ6RyMUpxh1SEU/3uI1r/pbY2h/1WQukIIIAAAggggAACCCCAQL4CBFSxjD0hlYuRkpBqqF68e+CiMmt1EE5Zo5xT0JkqxjtznmMxAggggAACCCCAAAIIIICABQECKguIzoogpHJBva7uftxzUZGVOginrDAuLKTUO+qHzZOF6/AkAggggAACCCCAAAIIIIDAUgIEVEvxediYkKp/9FL9pF4dDvqvaIkaZJbX67fmhN36+RKldN30WH2+N1A/PnzftYDW2/kK4nT5b/X00UHr9rIBAggggAACCCCAAAIIIIBAKwECqlZcgaxMSNX/QBTFXv+VdKxBwqk7H0dm6/WOJSyzWV7hFOedWmZfYVsEEEAAAQQQQAABBBBAoLEAAVVjqsBWJKTqd0DK8nv15+Fav5V0KJ1wqgNah01k5hThVAc4NkEAAQQQQAABBBBAAAEEugkQUHVzC2MrQqp+x+Fcb/dbQcvSCadagnVcnXCqIxybIYAAAggggAACCCCAAALdBQioutuFsSUhVZ/jMOiz8FZlE0614uq8MuFUZzo2RAABBBBAAAEEEEAAAQSWESCgWkYvlG0JqfoZCa0f9FNwy1IJp1qCdVydcKojHJshgAACCCCAAAIIIIAAAssLEFAtbxhGCYRUYYyD7VYQTtkWnV0e4dRsF5YigAACCCCAAAIIIIAAAo4ECKgcQTuphpDKMnN5ZLnAdsURTrXz6ro24VRXObZDAAEEEEAAAQQQQAABBKwJEFBZowykIEIqewMx1iN7hbUsiXCqJVjH1QmnOsKxGQIIIIAAAggggAACCCBgV4CAyq5nGKURUtkYhzP19NGBjYJal0E41Zqs0waEU53Y2AgBBBBAAAEEEEAAAQQQ6EOAgKoP1RDKzDKkUj9boy/LfWtltSmIcKqNVvd1Cae627ElAggggAACCCCAAAIIINCDAAFVD6jBFJldSPV4X0nwoNTZkmNwpr7cdx9QEU4tOWwNNyecagjFaggggAACCCCAAAIIIICAOwECKnfWfmrKLaTa2hwqXQwM9nFn8FLvqB8fvu+8fZcNCae6qLXfhnCqvRlbIIAAAggggAACCCCAAAIOBG47qIMqfAtISPX60LRCP/fQlHV15+NIvXg3cBb6bH13ZPq5oV4d7imtd839lcb9lgDjyeODxuvbWJFwyobizWUQTt1sxBoIIIBAW4E3/2yo8fmDr5sNvm2u1Zr5wmjt2+PJnbL8fnK3wc9j83f8/bf1yvK9Kr9eYVeWT+4/3Rx9W4c7CCAQvoC89739YUOpwrx2jM1Pc9N6w/wzj7/eylKW3/Qe/sxsczTZpPo5Ho+mHtf3v9w/cvY5ZKpy7loQsLOvXN5PyvGJKtXJ19aNqp/8HfnK4f+H9t8EWuBM4PXh0FNIJV08Vp/vuQupJqj1i9qu+eO1axYt+iN3pmTmlOsToxNOTUaq35+EU/365lT6q8OBeT35b7Bd1vovtfVoEGz7aFh8AhcBVL1fFUX9s13Q5Kbfsv9ffPAYqdvmA8gPmyduKs+glpBf/8ryX4oPmOHthN/CBWX+dn4Nrf2+dtSht4RYhXl9GJt/7Dfh7Dfy90adm38mrJR/zUJKm+3/GmTJFyHy79aRqic+2KyDsm4QIKC6ASi5p3MMqSaDKG+slPyBnP6G5usLkBwa6PpGOOVGnHDKjXMutYT8AU3GgIAqlz3Rfj//PFxTXwrzocDMZpC/k8p8mFRq3X5FzkuU81KOvs62GvFhdAn/kF//CKiWGFiLm8rryNi81y7NP6XNP7VqsfQ+izo1hR/xOtEn8YyyJ5/NisLsM61m184orLdFdWhVz8zjb0hvzBcFE1BdWORzL+eQKpRR9htOnZrZbBtOpzr72ucIp0LZ49NpR8gf0ESZgCqdfa3PnkyHUfUHAwmkFs0y7rM1rsuuAytdHpgZFCNmWLXgD/n1j4CqxUBaXvXV39uqKCWU2jYlxxJI3Ywgf09lFs1Yj9SXuyOn75tvbl2ca8jnn7sfts1RK7KvPIuzE9XFuEbmwlwH6tP9A/YL+6NIQGXfNI4SfQUGtY6fw/1CGRm/4ZT5FqAYOJ2u6mtfI5wKZY9Pqx0hf0ATaQKqtPY3W725/C11TmFUE0G5qMrQfHEz5IPGDVwhv/4RUN0weJafllBKj03IUAUNeYTb8ve1NKGELkZO30dbHjrnxU1CKVXsBDxLahmWl4RVy/Bd35aA6rpJPkt8BQe1cJ4hFeGUm98vwik3zjnWEvIHNBkPAqoc98rLfZa/M7c/Db7OaBiYJ1M4TO9yH/t79NJ8sz90fj7K/vpjt+SQX/8IqOyO9azSqsP3zDldS7Vjns4jlJrlUC87NefUOjAneR8SVs1Bql4vZF/xcpGuOY3qe3H5h/n9MH9DuHDHMtIEVMvopbAtIZW7USSccmNNOOXGOddaQv6AJmNCQJXnniknli3HAzP+5tCJYM/jEdPYmA+f5R6Hb1wZspBf/wiorgyWxYfVIXzKBFO8tsxRJayawExmS5V6zyxK53DPSf+a/+RvSHOra2sSUF0jyXABIVX/g0441b+x1EA45cY551pC/oBW/Q5wFb+sds83b/eTO+9LWANorvBb7qsv9/c5/M8MTMivfwRU9n9z3hyaQ7KyDxraup6aDfbVLXMoYE5XEK1m7n5octX0tp6xr8/fkA4jWHTYhk1SE3iyuWNOAviHp26tqzsfR0pe2FK9EU65GVnCKTfO1IIAAuEIpHZS4nBkJy1ZMbPSfjHvU07U67e7k4X8RCBpAQmmXr89MeHU76afOc+C6TLM4vWbOtf/M4YHSg6LTPkmn3FeHe5Vr5HyWsmhn1dH++JviDil/Hn3as+XeExAtQReUpsSUvUznIRT/bheLZVw6qoIjxFAIAcBrU9y6GYAfZTz7fxWfWiXWUTcEEhRgGDK9qgOkp1FRTDVdl8hqGohRkDVAiv5VQmp7A4x4ZRdz3mlEU7Nk2E5AgikLjAej1LvYmD9WzUzqv5bzYzgm/DAhobmdBaQ0JUZU535Fmw4WvBcvE/JOcnufDyqZpcyY6rtOF4EVRIIc5spQEA1kyXjhf5DqmES+oRTboaRcMqNM7UggECYAlq/D7NhybfqWXVIi3xQ44ZArAJy+JkchiahK4fy9TGKoz4K9Vam7C9v/h6Z872+MG3g0M/lBmKlOoRWPOUiJ9wuCRBQXeLgQSXgN6R6pqqTtkc8FoRTbgaPcMqNM7UggEC4AmV5FG7jkm+Z+SbcfFCT9yzMpkp+sJProJxT7VzL68ez5PoWSod0MQqlKUu3Q86fJPsLV3JcmvJSAeJZjt9V5/G69ETeDwio8h7/+b33GlLp50quTBTjjXDKzagRTrlxphYEEAhb4Mt9AirvI2Tes8jFXlI/GbJ3ZxpgRUBma7x+K68bv5l/K1bKpJBZAmdq67v4X5/rWXYczjdrhG0ukxPMy+8ls6kqVQIqmztXamX5DKlK9ZOKbeo84ZSb3wDCKTfO1IIAAuEL/PjwffiNzKKF69XsAj5cZDHY0XZSZk2V1Xnr1qPtQzQNLw+iaeq8hso5kupZduwv84zsLl+vZlNxxVhFQGV3x0qvNJ8hlS7jmTZPOOVm3yeccuNMLQggEI+A1n/F09ikW2rOKWI+/Mf25VrSQ0LnKgF5jyrnmmLWlLsdQquRu8os11TtL+bQ5VL/bkpmlp1l3gbFyRVjD3I+dJyAqsFekv0q/kKqFXX3417w/oRTboaIcMqNM7UggEBcAuX4JK4GJ93a+rxUXJ0p6UGOqnMyq0+uuMa5ptwOWxFpQCWH9Mkhy8ocuszNp4BciCPbE6gTUPnc9WKq21dIVaqdoBNkwik3ezHhlBtnakEAgfgESnUSX6MTb7HMPGAmVeKDHEH3JCitD+lbjaC1KTXxVP2weRJdhyTM5JC+kIZNDvnLclYuAVVIu2HobfETUplZVB+2g6QhnHIzLIRTbpypBQEEIhUoZHYEt9AE5DQFnJMqtFHJpz1ysSEO0fI03uXIU8Xdq63DzHemAA7p667Yx5ZZzsoloOpjV0q5TB8hVanDC6gIp9zs5YRTbpypBQEE4hUo9Em8jU+65fU5qbi6X9KDHGTnXh+a8weZiw1x8yNQFgd+Ku5YaxVOVeeb6lgAm/UuUM3KPdzrvZ5AKiCgCmQgomqG+5BqLSgfwik3w0E45caZWhBAIG6BFC5lHvcILGr9ijlkJuuT3S7C4TnLAvL+9M3fI84fZNm1bXFf7poxiORWhZmEU1GMlta/KBmvDG4EVBkMci9ddBtSrffShy6FEk51UWu/DeFUezO2QACBnAVOc+584H1fV3c+7AfeRpoXu8Dk/WlZfh97VyJv/7H68eH7KPpQhR2cDD2KsfrWSDNeGYRUBFTfBpw7rQXchlStm2d9g8kff6V8BGZnShcD5fKbcl9/uAinrO+6FIgAAokLaA7zC3uEzYcKTpoe9hDF3Dq/709jlrPfdh3J1ft8vce3L55hiemHVARUGe7WVrvsJqQ6ttrmLoX5/eNPONVlzNgGAQQQyEagPMqmq7F2VE6aLu8luCFgU8Dv+1ObPUmjrLEeBd8ROYG+YuZU8OO0sIFm/KpxXLhStE8SUEU7dAE1vP+Q6sRrb/3+8Sec8jr4VI4AAghEIFCqkwhamXsTV9Sdj8PcEei/ZYE7H0emRB8z+y13JJHinj46CLon1QnROYF+0GPUtHFyIQQZzwRvBFQJDqqXLklIJYdm9XHTpb8Xe8KpPkb0epkc1nfdhCUIIIBAU4GSGVRNqTyv90y9Ohx4bgPVpyJQn4uGcCqU8dT6r1CaMrMdXK1vJkvUC6ur+/29HXUfZjSegGoGCos6CmxtDnsIqc7Up/t+AirCqY47QsvNCKdagrE6AgggcEXgNjOoroiE+1DrYbiNo2XRCHCYVnhDNR6PwmvU1xa9+WdDlXo/2PbRsO4Ccvi4jG9CNwKqhAYziK7YDqnKct/L1TAIp9zsToRTbpypBQEE0hb4YfMk7Q4m1bvVVA/LSGqUQu4Mh2mFOjqjIBsmn2nKKjxbCbJ9NGpZgRUzvgcpnePw9rIibI/ANQEJqd4cKpPU/37tuXYLjtWX++7TfsKpdqPUdW3f4ZRcUakoB+ZEkVPfOpjDZMbmkNKnm6Ou3WI7BBBAwIuAHF7CJea90LeutNR7Zpth6+3YAIFqJsx42ffXONoXOAv2vWN9njLCKftjHlKJq+rupwPToEFIjeraFmZQdZVju8UC1Uyq4qFZ6WzxinOfPVaf7w2cz54inJo7IFaf8BlOyTePr9+emMNRXyg5waB8oPv2zzzW+r/qzd+j1KbLWh0/CkMAgfAEyvJ9eI2iRXMEmEU1B4bFCwQuZsIsWImnPAmMPNW7uNr6Sm/ri1fi2SQE5LPMq8O9FPpCQJXCKIbah63vjtStcsN84G970sCXhFMOBrU6uaaHy8z6Cqf+PFyrgqd6Zt/qQuEqsBq/4zCMhUo8iQACIQlwovSQRuPmttSzqG5ejzUQmAjUMySYCTPxCOvnKKzmmNbIkQLyRSy3fAS0/iWFC3EQUOWzy/rpqZwXY+vR4OvJ049vaMRLM5PlX+rJ423nM6dkyrS/S/WeKV0MlAR6rm65hVPyR/pcH7U+/EXCrPrbJ1cjQz0IIIBAR4HC3d+Qji1ks0sCq9UHyEuLeIDAHAGZGSFfnnELU0AXo6AaJl/KysmzueUnIBfikNmWEd84B1XEgxdV0+WQPznfgrxgfik2lBqbf99uI3OuqSPnodSk+vp4/pF56ONbKcKpyTj09bM6mWjZ/XwN8u3Tm8MjVe/DfbWSchFAAIElBcbvzTn1lixj6c2Pzaxp046pW9MrWxXF4NtWuXwQL9Su6fPBt35zB4FZAvX71F9mPcWyIATOnH7J3KTL42JoTgbs43NNk9axTr8Cq2bShRl/td1vNf2VTkDVny0lzxKorzR0Yp4K4w0Z4dSsUbK/zNdhfTL7ycb05mom1T8mpHI4y83+KFAiAgikLCAXd3j9tq8enprg6cR84JELSbxXhTpRY/NPbn1eVOLV4cDUtWaCtw3zWj4wta2bf+ncJIiTL+64CmM6Y2q7J9V5pz6G8Z7Zdt9uLs98iWtmv1e3r689N22jzWuF1g/qTco183P1pk0sPD+yUIa9Il6/3c1otl39pUg5PjF/I07mIk72i9LZPjG3KY6eeFbN0H36KMrXDgIqR3sJ1QQoQDjlZlB8hVNyGGOpntvrZLlvyhrYK4+SEEAAAesCp6bEZT6QyfZyOLT5UGgOGSxMKOUzmL8afsmH9bsfts1VgrdNO59Z1/NR4HnVF/n7wg2B6wJ3P+6Z9zLL/E5fLzPEJXK+2mq2ZQ+vO/K6cfvDRhV2j03gLbM1S3OOXFtHTmhz9edQbhJ4n6u9UJpjuR3m71M5MhOFR0rdWu5LY/nyQ0IrJftB9Rqc3mwzbT63vHg38naE0hKDT0C1BB6bRixAOOVm8HyGU8ryCeDlm27Zb3x+WHMzatSCAAKxCsgsp7Js+mG2DqOUebMvgdTVMChEgx8fvjfNGlb/qlMGqB3zIWPXPI75w4W0f9/844bAZYH6vepPlxcm8+jYvO4cmN6Men/tqV83RtfkJqcdKcrBUjM0CwlMArmda3ktifn18Cqk/J3aNxfdOrA607T+ezf6Vpn8rqnxjtkPts2ypn9Dv20e6J1VJQG3qg4lD7SJs5tFQDXbhaUpCxBOuRndlMKpidj4XP5wHU0e8hMBBBAIS0BmPqnv57TJHKZnDq8f65G6PT6y+mZ/ToW9Lq4Pi9sz3xDvm9kRuxEHVasc5tfrnhJv4eV4GG/jZ7b81IRSQ3XbhMwhHNZ69bQj1UyrT+aw4iqwahpUnAbRF+GWWUGpzCxV5R8mLBr2Hl6Km9zqL593zb3d6tA4OT9gCudCrM6j+88wti/XCaiqvZL/ZSNAOOVmqFMMp0ROm6nh3BBAAIFQBa6fg+OluZLTgTm0ZRTMhyjbdvXsiDqoqg+Him/GCYf52d4r4i9PziOUyjnX5PA9ZcK20C82U7+WHBh3+bdbBcf17+bO/LEwh5yFcpOrt0V/M8HULbXn9e9Vfd6mgyrwK4q9+IOq+E5RQkAV/S8yHWgsQDjVmGqpFVMNpwRFF2tL2bAxAggg0KeAXOq8PDffPBcHKtKTo3bmqT9cmm+/Dw/MbCr5gBnPYS5ab5v27nfuOxumJSAzeVR1aE7c/arPK7WnnjweRdmReoaV/F7uzw2rqvMhBdC7OtCM+dA0OeRz19mMqSZDVh8GOKhmVMn5nGI99E9mgsnsuhgO4/86LgRUTXZQ1olfgHDKzRimHE6JYNPLpbvRphYEEEDgskB9mMLO5YWZPZI34S/erZnLbI9Mz9ej6H0Kh5JEAR1JI+uZgPEErNdZzdX3TNiw9Xh4/alIl0yHVdVnivPd6uTan+4feO9R7IFmWf5qwpM9747zGiBf9sjJxmOdoSv9qmfXrc3rYmjLCahCGxHaY1+AcMq+6awSUw+npM9yaXVuCIQsUJYPvp6HIuRWptu22+Y1IoRzq6Qr3KxnMpvqxbtBVCFVZN9wNxsI1motUF+FLb7DVC86+lJ9vrcT45XDLrpww73QvgiQc/ApHWOgaYLMYqCefHd0g7j/p7/N0P17ZMLXoWlQbN6r6s3hTvCH2X4daQIq/7s8LehTgHCqT92LsnMIp6S3IXxTdqHOPQRmCaybb8r+O+sJljkQ+GK+CVZqz0FNVHGTQHwh1cB0aXRTt3g+cYHzaF8/zlSpd7I7tNj37iizp/RHE1BFdzs2QeYguiBTZlO9+cdc9XEsM+fiOqSy1HumzUPzL/hbEXwLaSACXQUIp7rKtdsul3BKrihSf4PSzoe1EUAAAQT8CMhrtnwIUurYTwNa1FoUgxZrs2qKAjJ7SunnEXbtuJoJk9t570IYqGr2VHSzeWSWXXzh1GS8ZQbd53sb5mH4f1cmba5/1rOoLi8L8hEBVZDDQqOWFiCcWpqwUQHZhFNGQ64qwg0BBBBAIC4BCal0sWMafRZ0wzkPVdDD46Rxcc6eqmfC1Ie9OWGikq8C1ewpHdnsKfNl75PH29F/4RvTlx/TvzD1LKrpJUHeJ6AKclho1FIChFNL8TXeOKdwSk7gyHllGu8arIgAAggEJVB/eN4Lqk2zGiPvX7jlKRDl7CkTNsQ8Eyb2PS222VNyVccnmzuxs39rf5wh1Wp1VcJvnQjzDgFVmONCq7oKEE51lWu3XU7hlPxBDfnqIu1GjrURQACBPAWePN4352f7K+zOnxNQhT1A/bUuttlTk7BBPqRz8yOg9Y6fijvVeqw+3d3utGXIG8n+f6uUfoU9Q3fasFC70w9DvE9AFWBmk7cAADV9SURBVOKo0KZuAoRT3dzabpVTOKXUaZJ/UNuOOesjgAACKQgU452guzFWa0G3j8b1IyCHasV17qk0w4Z+RrefUuWKbPGcpPusCnFSDTPlCAtdDMx4xHGTw8kDn61LQBXHrkQrbxIgnLpJyM7zeYVTcvnb+I+TtzPylIIAAgjEL1Adqm0OSwr1VhSDUJtGu3oUqA/V6rECq0WfclifVc+OhRU7HTd0v1lpZhilfpqM+jDyn93jdqyxPA96FhUBVcdxZbOABAin3AxGfuHUQHHSTzf7FrUggAACrgRCvuBFWa65YqCegATiOVSLL+5C2G2qzz1mFkwMNzmH69PNUQxNXbqNchi5Ui+XLsdJAXpbVTM3nVTWuhICqtZkbBCUAOGUm+EgnHLjTC0IIIAAAv0KVIdjBHsuqtV+O0/pwQm8+nvbtCmOcdflLl/cBbAHBT77ZUroOLtzuH6+t2P6H8P5qFbU3Q/y2hPkjYAqyGGhUY0ECKcaMS29EuHU0oQUgAACCCAQksB4GFJrLrXl1eHg0mMepC2gy51IOvhSbW0OI2lr4s00s19iuOmIDkO05Snn2Sr1jq3iei2n1Lu9lr9E4QRUS+CxqUcBwik3+HmFU+YcpQWH9bnZs6gFAQQQ8Cfw6f6Bv8qpGYGvAvUhNs8i8Dgz553aiaCd6TexnnG3EnxHtfpPtrPtnj46CP+KsdUetK7+PFwLcV8ioApxVGjTYgHCqcU+tp7NLpwq/53tH1Nb+wzlIIAAAjEI1FeTCvVcIYMYCGmjBYE7H3cslNJ/EXJoX6pXYOtfz24Nccy4O1Of7u3Z7XhkpYV+xdgJ5zjMWVQEVJMB4mccAoRTbsYpy3CKqetudi5qQQABBIIQGAXRChqRs8BO8J3X5nxtHNoXxjDFMuOuLPezDzRDv2LsZI8uVZCHixJQTQaIn+ELEE65GSPCKTfO1IIAAggg4E+gLI/8Vb6gZq03FjzLU6kI1IfWrAffnfF4L/g25tLAgE9qPTUEp+rL/f2px/neDfmKsRejsqrk83VgNwKqwAaE5swRIJyaA2N5MeGUZVCKQwABBBAIUiDUS59r/SBILxplV+A8ghNdy+ypUH9P7I5GHKWVahB8Q8tymP3sqckgxTKLany+PWlyKD8JqEIZCdoxX4Bwar6NzWcIp2xqUhYCCCCAQPgCx+E3kRYmKrATfL+YPRXYEAUfap4xe+rKLhPDLCod3n5FQHVlP+JhYAKEU24GhHDKjTO1IIAAAgiEJHASUmOqtpTlWnBtokF2BepzCYV9eB+zp+yO+bKlvTocmCLCvnqfVsyeujrOMotKfpfCvq2r+jUpmFYSUAUzFDTkmgDh1DWSXhYQTvXCSqEIIIAAAoELhHkeqtXA1WjesgIxnEtorDiP0LLjbHf7gd3ieiitMCdH53ZdIIbfpcBekwioru9GLAlBgHDKzSgQTrlxphYEEEAAgfAEtH4fXqNoUfIC4Z9L6FQ9fXSQ/DjE1MEAD8O6xCezhKpzLl1aygMRqH+XzoLGCOw1iYAq6L0l08YRTrkZeMIpN87UggACCCAQpkCYM6jCtKJVFgXCO+fLpc7Jia65hSMQwyGhasw+s2iPkcMfg77pQUjNI6AKaTRoi6oudVmOR4bCx3HWZ0oXA7X13ZGzoXh9OFRKP3dW36QiwqmJBD8RQAABBBBAAAE3AvIlrJ/3uM37dzv0D9PNu5LEmrc/yD4T9u3TfWbcLRyhYrjwaf9Prqo/D9f8N6NuAQFVKCNBOwinXO0DhFOupKkHAQQQQAABBBC4ECjHg4sHQd475lCt4MYl9H3mpfrx4fvg1EJqUD354TSkJl1ry5cimCCUgOra6LDAiwCH9blhJ5xy40wtCCCAAALhCzzdHAXZyIC+yQ7SJ+pGlcF8CJzDOJyznMW+BIpi4KvqhvWOGq6X+Wpl2E5FOQhlgAioQhmJnNtBOOVm9Amn3DhTCwIIIIAAAssIfFFry2zOtiELhHWul2tSuhhdW8YCvwJl4KHmrZLD+5rsIWURuJMOJjwnoGqyQ7FOfwKEU/3ZTpdMODWtwX0EEEAAAQQQQMCtQH2y61W3lbaq7dTpeVhbNS3TlevZlD7Oy9sU/JRDQhtSfbk7arimn9XK8ns/FV+vlYDquglLXAkQTrmRJpxy40wtCCCAAAIIIIDAPIHgT3Yd+CFI81xTXh78bEr2mca7X32eruPG6/tYMZDDywmofAw+dXJCdFf7AOGUK2nqQQABBBBAAAEEFgkMFj3p/TmtRt7bQAOuCgyuLgjqMftMu+EI3SuQE6XfbqfK2ghYEGDmlAXEBkUQTjVAYhUEEEAAAasC8g1s9a1/8UCpcX1OC23OqaSLtW/11OdUaXPYypnS+uhi+/GJKtXJ18ej6ueX+0dcSeqrCD/CFJDfg5BvBQFVcMMT+j6jbl28LgeHF2CDxnqkdPlTgC372qTqb/aB7/YRUPkegdzqJ5xyM+KEU26cqQUBBBDIUUDOpSOHK2lzUtXqA5T5WZZrhmJVnZv/a0EpJ3fkgXkojzvfVsz2U+fH0N/XdVTl/VL9/85HpV6/lbtyCIUJsMojVUiIZT5A1Zf4lue4IeBPQELa5X4P+mz7GecS6pO3Y9lh7zOK19aW43p7fKTOqz+QLTd0tHoggSgBlaPxphojQDjlZjcgnHLjTC0IIIBADgJVGPVpUM2GKoqB+YBtZkV9NLOfvr7JrnKnpcIn24rrpsB1E549qzIyNa6DK63/UqWZeVUdYkFoZRud8hoIXApZG6zvcpXpGYou66WuxQJh7zN/LW48z14T+GHz5OsXKdeeCmLB9Exnjw0ioPKIn1XVhFNuhptwyo0ztSCAAAKpCkwCqaI0YZQamDBKAh9zM4FUuLM/6iYu+n/1Qc/MvCrVcxO2SWhVHzYYc58W9ZfnwhKQQ19ldmGot/F4FGrTaFegAhL4c2svUH1ZMj0juH0RvW1RH37fW/FNCyagairFet0FCKe627XZknCqjRbrIpCqwOVz9aTay1D7pcuTUJu2sF3Vh2e9bdYZmEDqWbVuUJOiFra+65NXDhvsWgzbIdBAQM7L9nXSYYO13a9SHQ7rvlpqXCDw6nCw4Fn/T12cB9B/W2JqQRXsmS9LwryZ2dH+bwRU/scg7RYQTrkZX8IpN87UgkDoAnKYxtajQejNpH0BCMhMqbsftlVpgqlzVYdSATSLJiCQpEBhAqqQQ9/xt4sOJMlPp3oRGPVSauqFSrAXclgtn909n7eRgCr1XwKf/SOccqOfWzhVlr+qJ5tDN7jUggACCCQmUB9qtGdmSkk4FcS3pYkJ0x0ErguMA59B9XRzdL3RLPEsMPBc/+Lqi1vvF6/As3MERmb5L3Oe8794fP7AdyMIqHyPQKr1vzncMScj/d1T98whLsXAafr7+nBozs/x3Hl/cwunVPmHerq559yZChFAAIHYBeRwkaLYU+eBnvsidl/aj8AigUI/CHoG1aK28xwCswQ8z7KZ1SSW2RAoCKhsMFJGYAJVOKUJp/oelhzDqSebO32zUj4CCCCQlMAkmJKThHNC8KSGls7EJKA3zFUGwmywnLSZW3gChJrhjYmNFn25f6TufLRRUk9ljM1rlTroqfBGxTKDqhETKzUWIJxqTLXUioRTS/GxMQIIIJC8gBxmr8p9E0oRTCU/2HQQAQTSEyDUTG9MTY9+fPjeXEU2ya7Z6hQBlS1JylGKcMrNXkA45caZWhBAAIEYBaqTn3/cM4fZ/xRj82kzAkkKlOVasP2qrioWbOtoGAIIZCZQZNZfutuXAOFUX7KXyyWcuuzBIwQQQACBC4FXf2+bQwdOzJFEhFMXKtxDIASB1RAaMbMNclUxbggg4E4g5MNqi2LgDmJ2Tcygmu3C0jYChFNttLqvSzjV3Y4tEUAAgZQFZNbUnY9Dc0jfs5S7Sd8QQACBbATK8kG4fS2Pwm0bLYtdgIAq9hH03X7CKTcjQDjlxplaEEAAgdgE5FxT5Uc5oWm4MzRiM6W9CCCAgH+Bdf9NmNOCcfl+zjMsRmBpAQ7xW5ow4wIIp9wMPuGUG2dqQQABBGITqP4Oj9+ZZhNOxTZ2tBeBcARG4TSFliCAQO4CBFS57wFd+0841VWu3XaEU+28WBsBBBDIReDNW3OFPv17Lt2lnwhEK/Dn4Vq0bafhCCBgX6BkBtoiVAKqRTo8N1uAcGq2i+2lhFO2RSkPAQQQSEPg9eGQE6GnMZT0IgOBL2otg17SRQQQaCpQcg6vRVScg2qRDs9dFyCcum7Sx5Lcwilf/e1j7CgTAQQQ6FNAwimln/dZBWUjgAACCCCAAAI+BJhB5UM91joJp9yMnK+wxteHHl/9dTOa1IIAAgjYE/D1Om2vB5SEAAIIIIAAAgjMFSCgmkvDE5cECKcucfT2wFdY4+tDj6/+9jaAFIwAAgj0JODrdbqn7lAsAggggAACCCBwVYCA6qoIj68LEE5dN+ljia+wxteHHl/97WPsKBMBBBDoU0D+DnNYX5/ClI0AAggggAACAQgQUAUwCEE3gXDKzfD4CmsIp9yML7UggAACXQVeHQ64Wl9XPLZDAAEEEEAgMIFCPwisRUE1h4AqqOEIrDGEU24GhHDKjTO1IIAAArEJvHj3QGl9EFuzaS8CCCCAAAIIzBPQG/OeYblSBFTsBbMFCKdmu9heSjhlW5TyEEAAgXQE7n6ScGolnQ7REwQyFHi6Ocqw13QZAQQQ6CRAQNWJLfGNCKfcDDDhlBtnakEAAQRiFHj9dleV5fcxNp02I4BAVAKDqFqbT2PP8ukqPUXgQoCA6sKCeyJAOOVmPyCccuNMLQgggECMAn8erplm78XYdNqMAAIIIGBBQOsjC6X0U4RWa/0UTKkIcIgf+8C0AOHUtEZ/9wmn+rOlZAQQQCAFgXO9b7rBoX0pjCV9QAABBFIT0MVaal1y2p+yfOC0vjaVleOTNqv3se7tPgqlzAgFCKfcDBrhlBtnakEAAQRiFZCr9in1LNbmW2j3sTkx/PtG5ZTlmllvtdG6rIQAArMFuKLYbBeWItCfwHp/RS9ZcqlOlixh6c0JqJYmTKAAwik3g0g45caZWhBAAIGYBYpiz5x7KuYeLGr7qQmfTpQqj9S4lBBqVK385f6R+vFhs1Cq2mDG/+SwyC9y2Elhvpkebyg5BEW+5S/LDbM2s9FmkLHIqcCxqS3QD6VcUczpntC0srJ6jWy6ttv16i8H3NZJbdkIEFBlM9RzOko4NQfG8mLCKcugFIcAAggkKCCzp9I6Mfqx6c+BGamRshFCLRryHzZPzNPyT25S58XtW3ilBiYgk8BqYP4RWl0Ica9vAZkVmG7w3LdenuWXJsjX+lmgnWfmateBkb9H5103zmM7Aqo8xnl2LwmnZrvYXppXOHWmdLmrtjaHthkpDwEEEEheIIXZU1r/ZWYwDdWn+wdLz4qyNeAX4dXoW5Fv/tlQ5XhgHv/2bRl3EMhRIK1QPMcR9NPnF+8eBPMa70egW60y01d329TRViNH9cythoBqLk3iTxBOuRng7MKpYqC2vjtyg0stCCCAQEICdWDyfaQ9Ml9OqKEqyn31w+OTKPpQ/606Uq/fElBFMWCxN9LMhlEq1t/v2PHjbH9hZoSWATf99geZjToKuIVhNq0wAVXI4xqAWhFAG2iCawHCKTfihFNunKkFAQQQSEGgPN+NsBtn5rClX9Xne2tq6/GuqmcqRdgNmoxAzwL1Odd6rmSJ4uuLMyxRAJtaFxh/O2TZetF2CpTz/XFrLTA2AVXIt9v+9ztmUIW8g/TRNsKpPlSvl0k4dd2EJQgggAACCwT09oInQ3zqpbplDukmlApxbGhTaAKhz4aRWR3cwhKQoCDocxWZi1FcPd9fWIJhtqY+D2KYbZNWBfA3nRlU4e4e9ltGOGXfdFaJvsKpN2/3ldLPZzWpx2XmsI6Cw/p6BKZoBBDIQODV3xJOxXTS7p/Vk8fbIbyRzWDvoIspCIQ+Gyb0WR0p7ANt+xBAULCwyaEHLQsb7/XJNa+1L678dPHTbp5lBpUbZ/+1EE65GQNv4dThjjme+Sc3nfxWC+HUNwruIIAAAksI6LEJqPQSBTjblNd9Z9RUlJRAcctcxW8cbpeKYhBu47JumQQGq4EKrAXartCbtR5sA7U+CaFtzKAKYRT6bgPhVN/Cdfm+wim5XGmpzewpx7ey3OaE6I7NqQ4BBBIViOLwPsKpRPc+uuVAIPQLyJTlhgMFqmgrEEhgMKfZ4QYtcxrsfbFcDCXoW3UxB+8tJKDyPgQ9N4Bwqmfgr8X7Cqek+nExNP93fWjIz+rp5sjUyw0BBBBAYBmB+g2r69fw9i3mcO72ZmyBwGWBIA6fudykb49WlHzhyS0sgfF4FFaDrrSGk+tfAbnp4XnYAVUgF3MgoLppP4r5ecIpN6PnM5ySPwxl+b2bjn6tReu/zLlH3M/YctpJKkMAAQQcCZTjgaOalqnmZ2bMLsPHtggYgbBnw5gvPNWAcQpMQE6uH/KN81C1G50y+N+xUbsO9bM2AVU/rv5LJZxyMwY+wynpoda7bjo6VUsx3pl6xF0EEEAAgaUEgj+05iVfSiw1wGyMQC0Q+myY8D8857cnhX5yfRV84BLYPqMHgTXocnO+3D+6vMDPIwIqP+791ko41a/vpHTf4dSLdw9MU55NmuPmZ/kHV21yI00tCCCQi4DeCLqnt0r3X4QEDULjEOgoEPpsGBX4h+eO7FFvFv7pNAZR+7psfH0IbagnvBeJM/Xjw/cuSebVRUA1TybW5YRTbkbOdzglvbz9aeCms1O1lMXB1CPuIoAAAggsLxDwiWb5UmL54aUEBCYCt44m9wL9ucp5qIIcmeMgW1U3akUFf+LvQPRCP4RW62BenwioAtlnrTSDcMoK442FhBBOVY0cb9zYVtsrPH1EQGXblPIQQCBfgdDf2N9Se/kODj1HwLJA6Ffyk+6eR3FFUcsDE3pxYVxZba7S+Hx77nM8cSEQ+iG0AR2CTEB1sdvEfY9wys34BRNOuekutSCAAAII9CgwPn/QY+nLFn3MId3LErI9AlcE5EIzYd92wm5ehq3TahR0rzWhZrPxCd2pOGrWj/7XIqDq37j/Ggin+jeWGginlKrPe+XGm1oQQACB1AVCvgJSWTJjNvX9j/55EAh8NoxS6xzm52G3WFhl8IeGss8sHD/z5Ku/ZZbZyk2reX3+y92R1/qnKiegmsKI8i7hlJthI5yqnX2c98rNCFMLAggg4F6gLEOeQTVyD0KNCKQuEHxApdQXtZP6KETVv/rQ0LOg28yhoYuHR48loAr5dhzKCdIFiYAq5F3lprYRTt0kZOf5UMMpH1eDKdSuHVRKQQABBBAIWiD8q0cFzUfjEJgpUAR+uJY0WuudmW1noU+Bkc/KG9TN54N5SNXRJ6Ef3hdWcE5ANW9nCn054ZSbEQo1nJLe+3iTU5bfq1eHAzf41IIAAggkLhDuIX5hf1uf+G5B9xIW+GHzxPTuNPAern49JCnwZmbUPB38IderXM1vzv5494PMngr78L7ArtJOQDVnXwp6MeGUm+EJOZwSgfpNzks3GFO1aD3kXFRTHtxFAAEEugpo/aDrpr1uF9DlpnvtJ4Uj4EWgHHmptk2lzJhvo9X/uj6+lG7bq/KcWVSzzEodvktA558SQgKqWTtSyMsIp9yMTujh1EShLPcndx3+XFV3Pg4d1kdVCCCAAAIIIIBAGgKhX5VNlGXG/J+Ha2mAJ9CL+kvp47B7op/zBfaVEaqPOlm/sjS0h0Gdf0pwCKhC20UWtYdwapGOvediCaekx3KOED+XLH6mXh8O7aFTEgIIIIAAAgggkIFADLNhZBjO1V4GoxFPF2MINm9/CH+2kMsR11FccGDokqRJXQRUTZRCWIdwys0oxBROTUSK8Y656+F8IeabEkKqySjwEwEEEEAAAQT8CQz8Vd2y5ihmw0ifzPu8N/9stOwdq/cmUAx7K9pWwdoczladFNxWgRGXU81ANL9Dod90MQqtiQRUoY3IrPYQTs1Ssb8sxnBKFOSNji49fWMhIdXbA/4Y2d8dKREBBBBAAAEEEhWIYTZMRe/lVBKJDvqS3dr67siUEPoJ9lcUs6jqgT7X+0uOuIvNT1W9X7moq3EdBFSNqTyt+OpwT5X6d0+1nyldDJzuuNWMHA9pc6zh1GTH2NocmhMG/DF56PjnM3NOqhEhlWN1qkMAAQQQQACBWkCrtbgoIpgNI6BcvTms3Uqrg7AaNKM1Mosq9/OX1eeeejZDJ6xFge5PBFRh7SaXWyNhjda/XF7o7BHhlDNqSxU92dzxGFKtE1JZGkeKQQABBHwLyIdSbgjEJKCLtZia+/XL39Bnw9SkXL05oF0rimBzJfvzlxXFXkA7zYKmhLk/EVAtGDKvT/maSVR3mnDK6+AvUXkIIRXnK1hiANkUAQQQQAABBFoLlOVG6218bxDo7IUZLKvq7se9GctZ5FqgPhwr8Kv5CYo5GqaeReRayH99r9/uVjMP/bfkphYcOz1K6qbWTD1PQDWFEcxdwik3QxH7YX3zlHyHVOV4xEk15w0OyxFAAIEpgXJ8MvUorLu5frgIaxRoTXOBlfgOKwpz9sJM8lL9lG3gMBPE68Kh19qbVp7jzLv60Ma9pkSe1xt6rn9u9QRUc2k8PUE45QY+1XBqouc3pFpRhFSTkeAnAgggMF+gVCfzn/T8TBHbOX08e1G9f4GxGvhvRIsWxHHS64sOac1FcS40/N37fG/or/JWNec3825chc4rrZR8rRzwfkRA5WunmFUv4dQsFfvLUg+nJmKEVBMJfiKAAAIItBUoI/uw37Z/rJ+eQJz7bAxX+prsKyvq7qfwT9I9aW2qP398+N7jOWfbqVYz7/7ebrdRpGvHc2ifATYX1qr2ozCtCahCGRfCKTcjkUs4NdEkpJpI8BMBBBAIT0Br80Ej1JsehNoy2uVJ4Mv9I081N6xWx/dB+FZ50LBzYawmF1CoPrOE0ZxsW1GqYTR91+UwvsNvW+rWh8T/1nIrf6sHvv8QUPnbNS5qJpy6sOjzXm7h1MSSkGoiwU8EEEAgLIGyDPkD/yrnnAlrd/HemoC/cf9qs6LeHO54d2rTgB82T8zqL9ts4n/d6gTYe/7bkXELnm6OzJXe/4pEwFzVL+HDQ+XiUHL4azy3UyX7T8A3Airfg0M45WYEcg2nJrqEVBMJfiKAAALhCBS33ofTmBkt0WpnxlIWIRCwQLETcONmN60s92c/EfBSrX8xAfZewC3MoGnjYUSdXFd3Po4iam+zpr5498Ccd3doVo7jvFPSK13uyY+QbwRUPkeHcMqNfu7h1ESZkGoiwU8EEEAgDIH6JMlhtGVmK8xMifqqRDOfZWGWAqdB91oOQXsV2Tlv6tkMYbvOGnQJqTjcb5aMm2Vbm0NTUUz7zXpS+4uEU3Xotu5mwK3Ucqbq/cZKYX0VQkDVl+xN5RJO3SRk53nCqcuOhFSXPXiEAAII+BcI+wPGudrzT0QLghHQ+iSYtsxriDYzkuTDY0y3CGY1zOY0Ifabv0fRec/uTHxLo9tvzP7y+m38V4OMM5wy50aPY7YmAZWPlyLCKTfqhFOznQmpZruwFAEEEPAhEPwH/up8MwMfNNQZoEBZhn1Yak22qu58iOuwufhmw1zsnDJr7c7HE85Zd0Hi7F6c+82zauZRbCHyZFDlnFN3Ph6ZhzHNnJLWn6kv96N4XSSgmuxsrn6+eWt2DPNmz8/tTOlioFweUuArjCOcWryHEVIt9uFZBBBAwJXAeDxyVVXnerQeMkOis15aG4Z9Yv8p62qmxu7UgvDvRjcb5hLpijlR9H+VfM6JNXi41J2OD+SQaNf9j3O/kXNSHSkJe2K6yeHDZfU3ezWmZldtldlT4V/oomoqAZXLvUuuLFKqn1xWOVUX4dQUBneNACEVuwECCCAQgEBxFEAjbmqCmZFiTnDr+oPXTa3iefcChTpxX2nnGn8zhxPFE1LFORvm8uDI5xyZTRWT++UedHskn/Hk0LVz/T/T/51uhXTcKt79ZtWEPe+i2Ffkb5+Er7p8YUZppeNI+dwsmtlTgkRA5WpXqcIp/bur6q7UQzh1BYSHXwUIqdgVEEAAAb8CX+6O/Dagce31VZgIqRqDJbniOKqASobAhFSH8cwAjHM2zNVdXT7ASzh4ouTzT4o3eR2U2TSyb71++16V1We8Z3VXS/ezgkodTxB7fX/4rTqPWaizqV4dDqrZXv4mmVwXa7tEl7uxzJ6SrhFQtR3gLusTTnVRa78Nh/W1N5MtCKm6ubEVAgggYEOgnnJ/bKMoB2XUIVWoHyQcAGRfxZf7Mcz4uzJM5nA/OZwohqv71bNhYnk9uOJ87aGZIWOCGwlwZPZJ7FcEldc9mRkmM6XufPx/9Wya6rQtl2fU6GLtmkTfC54+OjCHWP7VdzW9lS/nMatmU5nAL5T9RNohFwCQQ1eViu+QvovBOo3hyn0XzSWgmrbo5z7hVD+uV0slnLoq0u4xIVU7L9ZGAAEEbApoNbJZXM9lrVcfJF4d7nHIX8/SIRZfB6phX3lytttqFSjIB87Qg6rSzHZI67ZSneJEDn97/faoCnlCCSEWOU8HUjIbTAIUmRmm1LNFm5krpX2/8Pnenox6FtVXFRP4VfuJx6BKZkzJzDhph7extLiTlOWOxdKcFKWd1JJrJYRTbkaecMqes6+T2tc9OFWf723ENAXVHjwlRSMgb1zqb9PCbLJ8g7r1aBBm42jVXAH5wFyf22LuKoE+cVZdtlquDBTJyVevOb5+W15b5ntBWf5LPd0c+W7G3PplBslNH9LnbhzME6dKK9OPYuj04kFNu5+G8U29rcdgrEfq9vhI/bB5ctMGvT1fzQo93zAXsqr/LRtM3Cr/z0t/ZKZazIeiXR/gY/O3cV99un/Q698YCUzP9bapftf8i3m21FXBl+rJY+lXVDcCqr6Gi3CqL9nL5RJOXfaw8chvSHVsQqpBr3+EbBhRRr4CBFT5jn3fPZfDYOI8+arImHNdqqEqzAcJnx8yu4wRAVV7NZk9p/Uv7TcMdosz07JR9U8XoyACq/oD85Fp04r5l8vNvI5o0+fyyIQsZsaS+Vncem9lPOScUbc/bHyFHFQ/i2Jg6nhg7q9Xj23+z1fILP2Uw1nTClkmI3NsxuvAPBgpOdR4mS9F5PfrS7Fh/maZfUANTJn294FJq/39PFO3zPnQYvubbLwIqPrYaQin+lC9Xibh1HUTW0sIqWxJUk5qAgRUqY1oOP3x+7pr06H+EFHcOrDywdJmy6bLmnxgDXFGpK8Pt9M+i+6H/jq4qO1Nn5PZqOXYhCTVSeFH1oKSpvXLevWV8H5rs0ni634NsBr2sizXzJp+ZsOU5a9mFuRew5baXS3eGbltHer94eL3tN5erjQqF3PQZjZcHUDWy+Wx1g/Msu/bVhTp+j+b2VP7MbadgMr2qBFO2RadXR7h1GwXm0v9flhiJpXNsaQsewKhfzDjED97Y+26pND3rW4e9QeI8XhkDqUysyH0idPQSkzlVqg184FlzXwta/6ZExiX1VW2wp2ZEnpAJaYhzjyTdvV58/HeU86Zlc8H6j5Hz3HZ5R/1RYgcVzupLo9DRCe95edVgcjfC96+2h8eLyFAOLUEXotNfbxBaNG8ZFaVE6e/PjTdqa5Q4rpbk8uZc7ifa3nqQwABPwJyzqHXb09N5X6+8e+n1+bkyObbaq3NN9al+c/8e/1WarqYCXH12++m7ZiETdPrzztcx1T77ZgBaQO35QWqGUbZzESovWRWhutbMd4x58aRQ7bCDVRdm8RQn48r+U27fL63k/ChftM95f51gTMlrxsR3wiobA0e4ZQtycXlEE4t9rH9rO+Q6u4nOdZ8YLtblIcAAggEKaDLveqy7EE2zmqj6uCqKtKEV7pj2YRNHeEsbFafC+Z7CyXFU4SPE9fL+WNev90zSBzqF8+eImG8398NOT/Tq8Md8+XAf2Nio60WBLS5CmiE552a7nkx/YD7HQXkWN9S/95x62U3M99CFgOnU+Z9HfpFOLXsvtJtewmplJmq7OMmf+Cr/c1H5dSJAAIIOBaQKxXJ7CJuCIQucKs6WXHorbTZPpnd6OdWn0fmpZ/KqbWzgJyI2+dNAlU5Fxa3jATM57WtzWHsHSagWnYE5bKkuvS1IxBOLTt+bN9MwGdIJYcYSkglJ7TlhgACCKQsIN96l+ZKeNwQCF2g/ob+OPRmWmufNudP83mTQ7aUysfbp7Wtur+oNVtFdS5HTtQuh+Nyy0HAnL/3/m4KHSWgWmYUJZwq5cSfXo4LJ5xaZuzYtr2A75DqzscRIVX7YWMLBBCITODLfQmo/M3WiIyL5noVGHqt3WXl1Yn+XVZ4pS4Jr3WxY5Yyw/IKTcAPB0G07dPdbdMO/qYEMRi9NUJygR0lrxMJ3Aioug4i4VRXuXbbcVhfO6++1/YaUik5cfqRkt89bggggECqAtUHUXMuKm4IhC7w+d4w9CZaa59cut73beu7I3NKkR3fzaD+hgJyIYcQbnW4KSEV4WYI49FHG+R1QV4fErkRUHUZSMKpLmrttyGcam/mYgu/IdWqmbX4zpwwdNdFV6kDAQQQ8CIg55DgsAwv9FTaQqD6tt7TOSpbNNPKqj6u4Der4U8fHZjFP896imWhCeiNYFpEuBnMUFhviHxerl8XrBftq0ACqrbyhFNtxbqtTzjVzc3VVn5DKunlbyakOjJXKBm46jL1IIAAAm4FNEG8W3Bq6yJwS+112Sy6bXxcwW8eUnXS9EyCwXkGcSxfD6qZEmLI5ytuCQmkcVL0qwNCQHVVZNFjOUlzOR6aVVYWrdbTc5xzqidYiu0o4D+kWq8un/vm75GSK2lyQwABBFISqL7x5gpMKQ1pkn2pTpaefFgS3vl7/L8HS3J3tt6p0E5LUV/hjRl41gfaR4Hmdbd6HfBRd791ElA19ZVwSk7SrMx5cNzfCKfcm1NjE4EQ3iCV5ffmG6EXZkbV++pqfxJW+b60bxM71kEAAQRuEpArMHHlrpuUeN63QOqzqHxfwW/e+IbwHmxe21heC4zLteAomIEX3JC0b1C64ZRY3G4PkuEW2YVT1fl9njsfaQ7rc05upUJ5g/T60BSl3e8zlztgZjaaNujyuTrXygRW8uyxmWX1/vJqcx7JFXrkJKiFGqn68tlzVmQxAggg4FDgVrltXtOOTI0+Zm877ChVRSsgfzNfHf5q/t7+Em0fFjXc9xX8FrUtnPdgi1qZ8XPjDdP5g+AA2G+CG5LmDUo7nBIHZlA12Rtymjn15nDHkPzWhMXqOoRTVjmdFxbut3jrSmZYNfknb6xL/bv5IPg/xWGDznchKkQAgTkC8uGfK3fNwWFxMAJf7u+btoR3KJwNoBCu4LeoH+G+B1vU6jye0wGdKP2quOw3Wv3n6mIehyyQfjgl+gRUN+2Drw+HZpU8DuurTgCv5Q2G2xvhlFvvvmpL6Q3S5LBBCapkBiU3BBBAwKcAV+7yqU/dTQQuLmXfZO3I1rl1FHyDU3oPFjx2qwautVrb9cpbj3c5cbpr9K715RFOiQ4B1aJ9pLqUvZfDltyfc0ocfJwAnnBq0R4Y33OpvUGSoEpmUBJSxbcv0mIEUhPgvCGpjWh6/ZET+yuV3gmY636FP17VjBiu0hbYQPmY5NCOQE6cLp/HuIUs8HOqJ0SfhU5ANUtFltUfSPfmPd3jcj/h1KtD6avbF1HCqR53I49FpxZSye/F3Y/y+8ENAQQQ8CuQ3uurX09qty+QXpB6bB+pxxIlbCjLf5kaznqshaLbCIR2Jb9Zba9CquKheYr9ZpaPv2UmFzDhYfW66q8RrmsmoJonfvvDrnlqZd7TPS33E05JGKe19NfdjXDKnbWPmlL7EFWqn7gyoI8diToRQOCaQGqvr9c6yILoBT7fl/eUcQU789FP5j8V6DNPN0fqVrlhWpfKGAQK3bBZIV7Jb1bTZaYg+80sGV/LTpUuBkrCw8xuBFTzBlzrnXlP9bTcTzglnbn7Ydv8310YRzjV0y4UWLGpfYg61/J7wg0BBBDwLyCvr5zc1v840ILZAnI+qs/3BubJ+AOSsjya3cnAl8rFFWQMeJ0IYKCqK/kF0I4GTZjsN8qc74ibPwGt/zK/vxsqlsOLLUsRUM0Cradirs56qqdl/sIp6VDp8IM34VRPu1CgxVYhVQJvUGveQaDKNAsBBHIU4OS2OY56PH1OJqQq4gyoZE+RMZDXiVL/aB6dxbPzJNbSkK/kN4ta9pvqS5DqvFTsN7OM+lxWlr+qrUeD6ve3z3oCLpuAatbgjM8fzFrc0zK/4VTdqY2e+na5WMKpyx65PErlW1StXb4u5LJ30E8EEFhG4OK8IafLFMO2CPQi8C2king2RqFPerFxWahcBfTzvTVT5UuX1VLXNwE3n7O+VWfpTv33ZWBKO7ZUIsUsFpBD+h6qp5t7i1dL/1kCqtljPJi92PrSEMIp6VT/s8UIp6zvPNEU+O0NauR/4OSKftwQQACB0ATkEAA5FIAPn6GNDO0RgclsDJkVEOMtlUNsqnF4vP11NhWBttt9sf/PWX31R/b/J483zIn34/z97cvFdrlyKG7Gh/Rd5SSguipSPx7NXmx1aSjhlHSq3+mbhFNWd5woC0slpIoSn0YjgEDyApc/fPb7Nz15TDrYi4DMCqivLhdTOJLezJF6NhWBQy87+YJCXx0OFjwb/lPy+yuze+TcSNxsChxXrnIorvwd51YJEFDN2hFuq5NZiy0uCymcUubF5shi3y4XRTh12SPnR/GHVOm9Uc15f6TvCKQoMDmUhxMjpzi68fdJri4nswTi2T9P4kef0QN5PyaBw63y/8yJaP+YsQaLbAsUas12kc7Lk9lUcm4k+WzX9+QG551zXqF8kfRzNTstlVmaFgkJqGZhyhUMlDqd9ZSFZcfVceAh7YxleWChX9eLIJy6bpL7kphDKq35ZiP3/Zf+IxCDgLzOVidQ59vuGIYruzZO9k+ZTRX6bIxYr+DXdKeSzzvVybB5rWhK1nm9cQIB1aTzcm4qOadZfdgfM3YnLk1/ipv4PXm833ST3NYjoJo34rrcm/fUEsslnArvrPyf7w1Nn+y+wBBOLbGbJL7pJKQK/Y3ptWGI9FLT1/rBAgQQyEJg8m13DEFAFgPSopPFrfS/EJHZVBezMfr6UrgF+qxVI76C36zuzFs2/VrBjKp5SiyfFpD38vUsvA1m4U3DLLpvZivKrEVxEz9ucwX03Gd4Qqk3f49MOmznxMjyYfzT3e1gd8hXf2+bKZsvrAw74ZQVxiwKeX04NMeYPo+ir3LsfUgzH6NAS7CRch4Jrf8bbM/kb4186OOGwFWBN/+Y886c70bzmnu1/ak+rr6skS9A5N8tcwiNOYwmx9ubwx2lih1r77ttGMqHyfqoChulxVPGn4dr6lztmdeKbdPolXgaHlxLT83+PFS31TD5/Yh9ZsHOJ8GU+X3K8bVkgcqipwioFum8ePdA3fl4YlZZ8sXZ7JgyhTb02/JhQVjn1grdm/bVAvKmtNT75sGSv2c9gvKhv0fcyIomoIpswGjuNYH6vc2OWb5r/q1ee54FfQnILKEj84HVBFBmZk6hT7INoxYJXwSp/sORJ4/z/pzEa8WiPXXec+aIFHPqlLI4UHJOwNxuss/c/rBrvsiTvy/hvq/vf1zqcPLL/f1gJ6f0b9C5hrxfeJuwVX8oxyOzapdfMhPYlLtKjtWN5dY9pJKrEOzwZiuWgQ6snfXv2dC0aj2wlklzCF4DHBRvTSKg8kZPxT0IyGuvGpsvCZSEAYRVdohPzYezEzU27x0Lc9Gdsfknh7Nxay9Qf4El++az9hsvuQVfTF0GvHit2DFPdPlMdLm8tB6Z8LkcZRtKzRvLEGdFzmurreXVjNjxMKrP/rb6brEcAqommNW0RX1gVm3+4Vl20MK86YtxOl/bkEquxvLpHsfTNtmXWGexwKvDvcC+dSGcWjxi+T1LQJXfmOfS4/q9joQBA/PPfSAQm7O8zyvL98yIcjRwciqKohyYMFX2z+bvxzs3L5KjHzr3b4kNL8Yi12Bbzts7qv7pwpxLLdPDcpvuQvK35YvaMe/vd8wmKX4Rcmz6NTTnlzqI8nN/03F0uB4BVRvs1293zep75t/8bw7kDctY7Uc/rbM+J9W+6ev8F5Kqr+M9vhk0StzsCVwcx/7cXqEdSoo5ZO7QXTZpKEBA1RCK1aIXqPf1DdOPgfknP+e/HzBPJnozs8PNFVxlNpT8lMPzbpsZUTF++ZjSAFWHEX0amNl/G6ooTGhVyv45/715l77LlbbkZMbcFgvUM+AHZqXJP7vjsLh2V8+aAML87msJpTI+T5wNbdlfxufmvMfV+c0cBM02Gj2zDEKpmSx2FhJQdXGU8Eb+KGot/x5UL1qlecOSYnJaTa82f3R0sfaNqpq2fuuAbwy+iXCnDwE/37iYDyPyBqQw03P5RqyPYY2+TAKq6IeQDnQUqM8t8vW9j1pTyrwHKkvzM9rgqj4UTzjkfU11M+eGUuP36sv9I84bUotE8//6PcOaae/AnN/LvDev9k/zs+NsK7n6JYdmth/+b4GVhIZmDLr6t6/ZzhbVzMjxiWn7URVIsw/YcZ1Vyv/f3t3lJggEAQBGmvjsEXoUjtAjc6Q+9qG1nV0y/CRabSJW4rcvK0gVv26AnRmxnFP2H29DVeSui00eOQkyzA+Ou7753PfOD6f+obdbJ0B1O0uvRIDAWgLjBU/N0L3G25zKusTX8eKCYt6Wv8K5fD4nJHmPEBOSuZzH5wQEqM7JWP/MAkNW/NC0Ebg6luBVtLbtSlfbeoGsmDREZdO8fcfksiQNs+Uxviy3L++SDwnzZH05dtfWHmqSOT9+BrNyOfut3qYj9/+R+nJ8aL6iciaODZncX6Pq7brPPF0Lqoy8TuxeW80rI8s4+b/K3VIdFeeR8oMWkbQ2P7jXCBjfR4BqpPCAAAECBAhcEBCgugDkaQIECBAgcKVABreHzbvFX2Uwa7Hyl4VMPOYm8+C0r+amyvb6aYx0defn4+Lvgc6pcna8h2B91V4CY3tDwx4TIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQ2JjAD4HlNDdm19LIAAAAAElFTkSuQmCC
mediatype: image/png
install:
spec:
clusterPermissions:
- rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
serviceAccountName: falco-operator
deployments:
- name: falco-operator
spec:
replicas: 1
selector:
matchLabels:
name: falco-operator
strategy: {}
template:
metadata:
labels:
name: falco-operator
spec:
containers:
- env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: "metadata.annotations['olm.targetNamespaces']"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: falco-operator
image: registry.connect.redhat.com/sysdig/falco-operator:1.2.0
imagePullPolicy: Always
name: falco-operator
resources: {}
serviceAccountName: falco-operator
strategy: deployment
version: 1.2.0
installModes:
- type: OwnNamespace
supported: true
- type: SingleNamespace
supported: true
- type: MultiNamespace
supported: false
- type: AllNamespaces
supported: false
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: policy-falco-operatorgroup
spec:
remediationAction: enforce # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction.
severity: low
namespaceSelector:
exclude: ["kube-*"]
include: ["*"]
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: falco-operatorgroup
namespace: falco-operator
spec:
targetNamespaces:
- falco-operator
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: policy-falco-subscription
spec:
remediationAction: enforce # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction.
severity: low
namespaceSelector:
exclude: ["kube-*"]
include: ["*"]
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: falco-operator
namespace: falco-operator
spec:
channel: stable
installPlanApproval: Automatic
name: falco-certified
source: certified-operators
sourceNamespace: openshift-marketplace
startingCSV: falco-operator.v1.2.0
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: policy-falco-installation
spec:
remediationAction: enforce # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction.
severity: low
namespaceSelector:
exclude: ["kube-*"]
include: ["*"]
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: falco.org/v1
kind: Falco
metadata:
name: falco-enforcement
namespace: falco-operator
spec: {}
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-falco
placementRef:
name: placement-policy-falco
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-falco
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-falco
spec:
clusterConditions:
- status: "True"
type: ManagedClusterConditionAvailable
clusterSelector:
matchExpressions:
- {key: environment, operator: In, values: ["dev"]}