From 486a05ecf197f49ccf22cb8db424b6228a7bab52 Mon Sep 17 00:00:00 2001
From: Nick Anderson <nick@cmdln.org>
Date: Fri, 13 Feb 2026 16:22:52 -0600
Subject: [PATCH] Added cipher and keyslot inventory to inventory-fde

Extended inventory-fde to report active dm-crypt cipher per volume
and LUKS keyslot details (per-keyslot cipher and PBKDF algorithm).
LUKS2 metadata is cached as JSON with a 24-hour TTL.

Gracefully degrades when dmsetup or cryptsetup are absent.
Tool paths are defined as variables for single-point configuration.

Includes loopback test helper script and Mission Portal screenshot.
---
 cfbs.json                                     |   4 +-
 inventory/inventory-fde/README.md             |  32 ++-
 .../inventory-fde-mission-portal.png          | Bin 0 -> 47983 bytes
 inventory/inventory-fde/inventory-fde.cf      | 230 ++++++++++++++++--
 .../inventory-fde/test-encrypted-volume.sh    |  96 ++++++++
 5 files changed, 331 insertions(+), 31 deletions(-)
 create mode 100644 inventory/inventory-fde/inventory-fde-mission-portal.png
 create mode 100755 inventory/inventory-fde/test-encrypted-volume.sh

diff --git a/cfbs.json b/cfbs.json
index f8af42b..00c8366 100644
--- a/cfbs.json
+++ b/cfbs.json
@@ -149,8 +149,8 @@
       "tags": ["inventory", "security"],
       "subdirectory": "inventory/inventory-fde",
       "steps": [
-        "copy inventory-fde.cf services/cfbs/inventory-fde/",
-        "policy_files services/cfbs/inventory-fde/",
+        "copy inventory-fde.cf services/cfbs/modules/inventory-fde/inventory-fde.cf",
+        "policy_files services/cfbs/modules/inventory-fde/inventory-fde.cf",
         "bundles inventory_fde:main"
       ]
     },
diff --git a/inventory/inventory-fde/README.md b/inventory/inventory-fde/README.md
index e9d765a..f2c8a82 100644
--- a/inventory/inventory-fde/README.md
+++ b/inventory/inventory-fde/README.md
@@ -1,7 +1,8 @@
 Full disk encryption (FDE) protects data at rest by encrypting entire block devices.
 This module detects mounted volumes backed by dm-crypt (LUKS1, LUKS2, or plain dm-crypt) on Linux systems and reports whether all, some, or none of the non-virtual block device filesystems are encrypted.
 
-Detection is performed entirely through virtual filesystem reads (`/sys/block/` and `/proc/mounts`), with no dependency on external commands like `dmsetup` or `findmnt`.
+Basic detection (encryption status, method, volume lists) is performed entirely through virtual filesystem reads (`/sys/block/` and `/proc/mounts`).
+When `dmsetup` and `cryptsetup` are available, the module additionally reports the active cipher and LUKS keyslot details (per-keyslot cipher and PBKDF algorithm).
 
 ## How it works
 
@@ -10,13 +11,19 @@ Detection is performed entirely through virtual filesystem reads (`/sys/block/`
 3. Identifies crypt devices by the `CRYPT-` prefix in the UUID
 4. Parses `/proc/mounts` to find all non-virtual block device mounts (excluding loop devices)
 5. Classifies each mount as encrypted or unencrypted by checking if its device matches a crypt device path
+6. If `dmsetup` is available, reads the active cipher from `dmsetup table` for each crypt device
+7. If `cryptsetup` is available, reads LUKS keyslot metadata (cipher and PBKDF per slot) via `cryptsetup luksDump`
 
 ## Inventory
 
-- **Full disk encryption enabled** -- `yes` if all non-virtual block device filesystems are encrypted, `partial` if some are encrypted and some are not, `no` if none are encrypted.
-- **Full disk encryption method** -- The encryption type(s) detected, e.g. `LUKS2`, `LUKS1`, `PLAIN`, or `none`. Multiple types are comma-separated if different methods are in use.
-- **Full disk encryption volumes** -- List of mountpoints backed by encrypted devices.
-- **Unencrypted volumes** -- List of mountpoints on non-virtual block devices that are not encrypted.
+- **Full disk encryption enabled** - `yes` if all non-virtual block device filesystems are encrypted, `partial` if some are encrypted and some are not, `no` if none are encrypted.
+- **Full disk encryption methods** - The encryption type(s) detected, e.g. `LUKS2`, `LUKS1`, `PLAIN`. Empty list when no encryption is found.
+- **Full disk encryption volumes** - List of mountpoints backed by encrypted devices.
+- **Unencrypted volumes** - List of mountpoints on non-virtual block devices that are not encrypted.
+- **Full disk encryption volume ciphers** - The active dm-crypt cipher per volume, e.g. `/ : aes-xts-plain64`. Requires `dmsetup`.
+- **Full disk encryption keyslot info** - LUKS keyslot cipher and PBKDF per volume, e.g. `/ : 0:aes-xts-plain64/argon2id`. Requires `cryptsetup`. Not available for plain dm-crypt (no keyslots).
+
+[![Inventory in Mission Portal](inventory-fde-mission-portal.png)](inventory-fde-mission-portal.png)
 
 ## Example
 
@@ -26,11 +33,24 @@ A system with LUKS2-encrypted root but unencrypted `/boot` and `/boot/efi`:
 $ sudo cf-agent -Kf ./inventory-fde.cf --show-evaluated-vars=inventory_fde
 Variable name                            Variable value                                               Meta tags                                Comment
 inventory_fde:main.fde_enabled           partial                                                      source=promise,inventory,attribute_name=Full disk encryption enabled
-inventory_fde:main.fde_method            LUKS2                                                        source=promise,inventory,attribute_name=Full disk encryption method
+inventory_fde:main.fde_method             {"LUKS2"}                                                    source=promise,inventory,attribute_name=Full disk encryption methods
 inventory_fde:main.fde_volumes            {"/"}                                                       source=promise,inventory,attribute_name=Full disk encryption volumes
 inventory_fde:main.unencrypted_volumes    {"/boot","/boot/efi"}                                       source=promise,inventory,attribute_name=Unencrypted volumes
+inventory_fde:main.fde_volume_cipher      {"/ : aes-xts-plain64"}                                      source=promise,inventory,attribute_name=Full disk encryption volume ciphers
+inventory_fde:main.fde_keyslot_info       {"/ : 0:aes-xts-plain64/argon2id"}                           source=promise,inventory,attribute_name=Full disk encryption keyslot info
+```
+
+## Testing
+
+A helper script is included to create and tear down a LUKS2 test volume on a loopback device:
+
+```
+sudo ./test-encrypted-volume.sh setup     # Create and mount test volume
+sudo cf-agent -KIf ./inventory-fde.cf --show-evaluated-vars=inventory_fde
+sudo ./test-encrypted-volume.sh teardown  # Clean up
 ```
 
 ## Platform
 
 - Linux only (requires `/sys/block/` and `/proc/mounts`)
+- Cipher and keyslot inventory requires `dmsetup` and/or `cryptsetup` (typically available on systems with dm-crypt)
diff --git a/inventory/inventory-fde/inventory-fde-mission-portal.png b/inventory/inventory-fde/inventory-fde-mission-portal.png
new file mode 100644
index 0000000000000000000000000000000000000000..89f8ebc7b2a3fa0e983898fb22c6772339a678a5
GIT binary patch
literal 47983
zcmeFYbx>SO6gP+kf+n~_aQEOA2*D+|yM^HH?(S|$@Zj$5HW1tfw}FAdePHvp>b+$5
zpRcxR>-%b@t8Vqoz4zSi{vGLaPIpIsR+K_VAwq$HfkBs%mQaC#LHvEe%D+bZeW!+#
zBK&uS>>#b}3<L9~=AR1|<d@S41M?0>MnX)@!vG9)cfnDA89u)S7h@(RAO^yG=luxj
zyfrAIqG!Ch&>~|p={M-TDUJA1DxJ7qc)MP7t4IVgcR#q5;u)ni15t`XI{>5S?1Ij>
z05I4C00rL~^uJfY#{8?ahR{F||N4(PTKMjh#Gf*N{)&O}uVP0p{rB6BAH|{~{wl;M
zDt~AtB-TDB{6$N-9TtT1H#IL#;a{{7E#LnqHZ62v_x7*8+`sgS^_`P4Yd1vAdn-EK
zh{N%0yo(A+FE+TuYp~Y~>@)C;Z{-QI%CcCG{d-8fsld2NlfnLx$3EA(;hN{+Y64Nn
z>+`s$9~khEAB}`JhwK9BOg-0KCylQd;+!X-o2VA~b(Z#=%w%_ADTQvwaaUhIqvao;
zj4GJY@v{=jQM`12W8-1XiP#R}4nW!J^4Ry~$4?%J#rE`H;Qxx@9YwZR>FIt)yd=|_
z5ku2M4$1bj{R8<f`Ji8dJ-L5;tC%l=XfdfV>&}>!b(hiMuwdEcQn=9Soh%JGhT_C?
z!h!##(b91IOx3gk!8e|r<-2*oj?OEgCZ<A?FhiQKc)t`f%yja3_k*_Ln>qxw!jHp@
z2*gGf)DC8|0vgZ<_(+2{>~&2qt|bDzfFVHs`rde_``Pp%nOf`Uawru|=F<CM@j(<l
z3W-+I<t5$|Qa^#Wqthi`4!XMnfAG7gPRL97P{%?K**`W*syXKsaYt5;2|&4ODMwO>
z@-%TAsCT}>@ze9qL&KgJfIeOAk<WQGQeiG~@c8*gPvX<dUL(4GnW@20$Zj+n@y#vW
z&mF0XeUxbtzqr(_Uj;vL>pLX8O&1R<Ve9SkH&k<>dTz6(`qREsG#_h?*#fOeJyJ(y
z$}wk1mmjgmK~XaS)EkB6^!O7LY*j8lg8}WG$hFc&(n~)6DLp!V#v0LG5=bQ+i`FC0
zKY6r_s?`BS;Ajd;iLjA|7{oF_EI&Lbc6k{ymi*)`kQ}pHAdTr)rVn}`ZJ(}JG_FGl
z;QaAywmxBAvFaa4T`r25h<^C1lVT6bylk6Ox)It`cAVLXofT&@68SP|7LRVkl`qmr
zDCc0B=g|efRkCn-+%OO3OO4sWmxzqw{<7GGnMkqd@Ic5gK%IFP_Mo!a=7fV(@<K3`
zUXC);U`jx@XtU!HlsY}e0$MH*fo-QfKZlf*32iz)tZyZI4lL97+}xv7RFdyL<53Ji
zbO9ZrJkDq0C}d(qrOQ9LY|C+nF6(T0->o%;LN>B{#fW=oX}ju><vyF9dRAa#rr{{s
zX!Z1Q`#UkNhbc)Der-7XaIAOoFxw`@7minbpmu(`rumi1aH9LeZVw$ucaS(>PSk&=
zVALBKa!&B^_$gOi<}ZF6FY|Sqvts*c4=$+6c;Hq^kNZIhXIj48wD>nQ#CG^j@sgBn
zL?X&$Yq!x6NjdQAToI4d6c3J&xVlZnJSI;{>7gQ#<mjHm7vPgpjct9Bs5R=a#g}$&
zAxr6Ls+6jouW*^{9l2I7<g+O(DojdBl64ZtX~(ZN()|(o19$AL1ao;;{>ap-tr}=4
zyxn`TaC2+WhsPM*vQF^io!5&pSbdel<_msSm_+SG3FO{Wlatnn_GBl0%HQ~0M)b%H
zG?rUAZnWB&;AqHlpe3nDjNIPj#QcNhHugxY-z4?$a`SbY=2g#GrNl<~=~m<xIz7M&
z@3|#F6m{X?6bWKt7T=cQK%Knh$#N}7%YdIO)8v5-_GcO1>-S5e`bG1F%Yo0Ghe7<Q
z>R#T^H!djgx)hw<w{Gh#!wCz{S!>EgB{MJ8EoUc`!ee*5kOd&l7kGECH_&Ge?3ZnD
zSsKa$CX?(}EjfG{e_0Ix8(5A5mA`T3o|26ULy560YMt$_<K=VOv#(TQL2H%5+^D&h
zKzr<rCa&Hh;H(W0z0n)P^vgJBh(@K1)f5f}SU`d(Aaml`_EGx0QXVKR8cP3%l`ros
zBsrB23i$mg4j|$_I#q-TDmU`x6OX8TI)$$a$VkPyWzU((ZaEBXWt_NFlSc3LA8Qv+
z22JBJ3VjouC&*tg4eexI>isdi=R5(c`nQ}ie69%}e`zq@c*QKXX=n1<3Fyw~-#R*+
z+u$&0eib5LB<g_KY^e#0H_%J2?>+k=eXY1Q-$sz5H!%a{VY~)S<;KFZM-<i>3Ym84
zPyH-F2Wi6fh=0y)y0X(lVfx&t@|qChH~dq*9fYZkzq&tf6M<TEvI7q?n1L_-6uaqS
zklPSP<DJd^11mr*aAX0^Mp?wN6YB*ohv^G!Ir-pN%8wk}8bfN9{(**~<QzMSA2zmL
zi&t$;2&0LTE*<DfFX9MmMsY!ne6BibbU(hqhUz*wjJw<Ld*`9$OCM>l4FD8$mq`tS
zAG)NLnz-WNQdd>y*-|^}d9krSr(^o+s;pp_>Y)vXIx=fFXY=4%8+O@Rb3{qpz1{2J
z`9vve4uH259BJdGV`sd!(5fcFc^^Pjbar=vs!_2bu4Yz0;l}c*bfbur8$K5^(i4e$
zoMm%5P@hD;Ggy%Grsl**AoS~Ek%?Pb%AYCu347_y)K;j}!7dO@yWr9S>-eBz+eVse
zNN6VXr@;r{YjBCdR*7dep<cOFRRJeq2oGrR%x&)+=17fAe29y@#;6xBY|cvY%oUBB
zcs<btq7k7E=^iW8Zw<~PcGMS(qA3-CBF#}unCy&@cXM2RHqLUZl0#;z863niU5Uuz
zk1Me-C*A6?BN!Me{D{1mmeUcX{IfK4?_ei_n{?@isiTL)TV>{QZ^SN|K4k7^YFb*R
zPR_Hliw>uECM=(Z11n{6>Jvu|S?J~)RBE)Sg%NMRS>4UE5auT)$anN7_l0)YIW>mT
z8RQ{m(9)7g%#|rDg_+v`F%=r8ZNW0k5{+%R3?G<l@lW`+dAUHjw#&Zkq#ul!@h6{T
zqxDt+`I$sgHc?^@9<@23v5N0FY)7H3qG^2CC~yRM9_<E<{pqsYOe#hjux_OC#aexC
zaZAzD9f||jz|Vj5#A&q-&%VzW{%gXut~bnT*S!zlvBbXUM08Gk(^iDeVD@eG<oa*}
zF+pfSq|+{MSZ=sG!k(N~rnf-U7bFD3;?iCsoe)Zm;QBbBf(?-OJt+2^np|PZQg2QC
zgVv!d3((PbXWbxBB8BZE18T~3)$mZf=Ed+f^gWptVSd6}ah5y;7w-tEES$FY9@6g5
zi`UFEO3qg?@Yd4r#KK;AOTWci<&Vp4Qs(M|XO|K2%%Y#o9!UsFZ^}#ut#pWe2;E<U
zdN|ALqHvVlvO8}x7qeDK0Jr8x^kR28<%w(YXE}UOF<nL_?0D0Qq*;#Abb8lpt+mJ+
z;^%6H<{0*nC1EJU^0ZW}+3&trrL-3Q_Dv3eyK!<gCU*#!dOc<bpjqndPiI^(-Z&+I
zVp9Y}>@Oc~<iC2}rBsWh2DLABI+F%E(y>zts4#(}3}5|m=<fZ8&QMD%I<rDr(Eugp
z75zb6(j0KeZ!Y_i))EfZ38fq55Z6gb#@dlbaB&JrO<#}&7bq!0^o&cFUss5qaB8@n
zHt$6dF&n!Qo=c;$`n-r3+5)(WGPa~Db&9H)a9Z<BozCfhCEU2%m~Af<F<WZ~0tSy}
zx{heO^6yCv2e}I+je`$ABJq*0Ck0MM3kIViab)jbCj09%B3U@NKxH+C5U0OsQp1M9
zx@M{P-zzcaolz08P$7@=^=1`$OS7#fX{2`cxCUnEp>_Cnyt}7A*07`FpwAdn_gxkN
zx!>TIDFU5B84{cl2V8;!zKLtPUc{wPo6NExgxu-PKl2W}{-)C@`*eORxuADeD4)J!
zW`QlDX15YhW3PE}EFl<co!-a0$BYywSo*67UL8fBLkAA6qoecP9{uWqEge65hLd|r
zv2k(|Sc@+lQZl4m-N4J?Uu6#DH#|MmjQ)(8GrB5|S6w$3gJyIbhFihWSvu1!pgE8J
z7Y{5se9AT&aWSg_2T)$Hi@iF=OJTCjvh|FU1UXU2KCcIOvoDIlhip2B=sO5($QggH
zEY?6|5dQ7S&E1?q{<x~~9@>vS&{j-S90@#qXa60Az$4XGq4`KtXGp}KHxHe_Z_Z9L
zKGa*I&Sr}&3#cCZ5G-jlq1zL59eu~K+#}i{r10~>$Sl7jG=P)lY^gaYKc3bInN=a0
zA{T@S%GS13siB0DA1d`s6jkK%hMQT#U?!e;w&;GO6dEb}+8UCIGO4S2utaW?&mAl(
z*Sr-e_*0dSGNY0>jnh$v6C?kFtord-C#jsl;HY3kcSh9YY`W0~ldltRuvnn%btzFz
zcr0ORsV>XA_J^T*3F|QQYvbN+^opEL+-%KvH03<KQ#)TD&5K+Lc+>=2GlWq~oWGgr
zo|dU3)eHr<jJG9(S}(G@r<3MSbG`?!1}>;WIo9Yj0+48|)#%LnQGPs8m8mY@FGv1o
zu}8Y&G(%52o^seWUOHl|HmYcWbSY!8E0~8MyWJ)6&x4#Ery1k;NUSC-dVzp9Z;Za!
zc9#=a^SmzIh*xHbJ3GBVUCQZ=go06qL|Q3ts{)j3;DS%>rOL+T@!j};M?dLiT>fQO
zxjxr@YKrd(dzpl}@Uy%1GeI&W{CNSGIvJdS&CW_MWO0|{_ZRgvX75|m!&g#UDn;e~
zNJXncq3!O8ch}bE_L4hr)x_X_bu>#>qo~j5UFfiMM+4d`_A^G6V2XJ365ab_HpG_G
zXXs^S;Q(Et$@zD)0Lmae5)P7;ru0tT1&0NlC`H#OCW${^Pt+Z!3X!DB+lxzE)voj4
zw!X>Pm3N_xgA2q#W>d(un6%m`#4=vwEzsn7#c;|u6A{_G1A;`q;NmsiFV^N8U#`6Z
zUo*>2RsqY1eLDH`{)0ARB(_GSRNmGLsGDuzY1k%X2c0wcW5y{dUzAE0#Q#KM692D_
zoc|XF?f;Ky+G7{!Koh4b`m1Q2xI%tvc^`PgeWP@$5Rq7~@Q(ZFT{bV+=yE~dX1y(%
zWth^_|N6^{_a0F7FY&RHS|lkPnXjuo?|cM3Tx){?ENPoj8Lc;eWF0ecHM95z>#rOC
zqjXHmy_oEZiDb&pD8ny>m(@h`Qub8AW;av!Nl1@Zg({%}At^TE^KS9yeY?T~0{9q?
zB#(g@gZlB6vJT<)d>M@+5#<9#Yr17RRksX|w|XXe_!KgN<3}?2oJW8zwaS@*>9aNo
zHHhS6qW$Ia4=U>YW}{K`D{}d5Kfi>8Y3V0%>*-N*UmO^z373Zu%SK|E&)L;W?xU^d
z4sNr|>wZVZI^17AjV3j|W?9V{!J{JNx8Ov5LwC>)kR4j7UBgV9Z8F@FTx(`01^=qJ
zf8t-6vlaiM<=PjnXgR1Wj65OIJ<-+laP_6C3(jbW>-se8uKiTE0hP^eY^1&9FHIJm
znS7&iVJbQfQ9}E+e5Q2gcMq#LSe%rGHT<hG`u^_M_l6e;3TuW@<l#WVeiy+qQdS{E
ztLN%tI@&pQw+$<*2`N7@GldKJQj*a@uZ(vwXPv9NfXMT!<g};JU#O9V#U*c@AK0xe
ze5Sa9y;S|Dn=9hS+0sUK7$5!nlWs17AEBl5_xuKrb_~RCa_M+za_8>8#GM$7Pvv(h
z<`?UO&TohS23|6(=Crk^l}Lxz7xD|_u~hSRbS(3dp{JygS1!O`fVj|dK9CbX?8H*)
zQxo$qnih_;7;tZbPAdl9ACb5pZhIvbHM*QX%>H$TBIyE^ctY(t=ZuqWB7XS2_@PMY
ztKO>4v8CawjW>H$Y3w`N?|pHr_@f%tEW>ziU%i9&Orf1XQA8nfW6fUhFkHDi(ISPn
z)5u`?@y8$K)`$M<i&dYFL_`RMf~5TUKLqvr%2_<{r*+)2=jLkzJa5}!X$b}C&hA=-
z)2~)_YT<o<dhTLWG_jig;$Ng5r1ttHlt$Y^V&gIE;lRtN<IMACDvNkZ1}43uxi`V`
z<8Hgi=U_WKMTNIgUK=-mOYR_X{<w=fkck+&a`VGddC_ipiOU+c-IiZ>VhQ)D={*Hq
z3%gK6M?KwjC+sSPh&Nam?^A0CT-Y0$<A!fa)jaQ64&u2VCrS16c;lo*L<8h5J@s^7
zI++^xpC7|7Hle}4BS7{=zc6?Hwm6cp;9JY**dx{0cc>qTvPC@NILdcM)NxEaKG!%9
z48nD?>k)I#F1_?e3-O<bpF*8w%tv4RjFrM7x0C~>O^ieC1hC&)GkD!pgr&=6TdeTx
zvqg`$7F(b>msC&T_7T7;5H1uPR<>CEt^25Cp1f;5cyPMiJxMZ9hT|N}qjj<((E0<5
zh8dfRNs`+pO!&#?k`KQFnmD8FmV)K2FxwZ(Vu)YD5qCv^%v|4EDpr^#de{|HJg&5!
zK%ir`iW3~HH9@DyLs~UrS}{xjOBk*x`8Ghw&8#ZXq_}qPScbXN9_@q^Rp+8*=y~yI
zJi8Ibrs4@gKCzygqOV|zQvrz3e33(9J3yr4`U(s2t<P`BF?$_vGU>VJZ|YHFY}`Q-
z3C?{c>(9T7)gJ}ql5kA;y+}2=`R54SPd1oayu~J$FQ+p!1()(jAnNwY?@g4M!J(sm
z2MVaZ#M)L&c&T!w&Z911@_yqIL(Dix<FsuYcO4K<WbFiDB{7NrW##Ur+Gz$~^`<f@
z&zRS26v*QvzMl|&urDr5FoE+>De>o}6xK%s+e&4MnDP?BSiE<(Y|)S<xNAIA*igZH
zmpWgc<}A`K-~a8yjyK`z2H_7F4}{sL<%5=LAHb7Z+$B?nZ|1AH>dKeJF>1F_@wB0K
z5*wDWgf|=ewPB&>a5Z<zty6M7FY@RpEe2`*(HXV<lO_ydyw`d6NeolXQ)tRCXyj3;
zuZK`;aO^*BNUpaQ-^%KArr<`xU?@&y4<D&5ir|(&zDeHg+5Ayc%=_VX8nH2&m>>kC
z{Y<j)&_)&BusLU6ARtluaybVhu3j#qO@O;Zr4LKupx2h(1m=bd{J^zt-o})il3K0W
zDoyS8oz;H}{(dt+4rVK2Z%TB^&?2issA~Gf+SGCb0KYrN9Mx3l@BAWkqRX(+&UCGJ
zNxW+12JSjk;oct0zDO)O1GMu;7rh30%?~f`DUjeVa@gym@BuizhZgjFFG|;Pzq?+h
z%=|H<5l{V4VKJ0lgG(wlIX+)Rp2BbAA~)F4nQi>3s?G<s3+5pkMC*ayZJ)SajA=3R
zg@Fr=4h|fw=SRUf|8&bFDI+0;39U8+@4K`JYMZV&3if`YbuA7SHWm<pLDS@Oi>al~
zV=FC#BXeeVYT-X0<`6E?@6Ub+ZgU=H$#|{!M`d>1oU$=uiE&QXq5%b(7uGRc>oxht
zH*@?r!1l=^l|I?~uFfyp$*x*rDEIA%=!gbI$Fn6{sd&=OSY#moP~T@p#OLQ%91)Z2
z+bs@x&TgeCbn=c8hMN_W+&mm-Z_e6J#|WreUO{ypxgKvlEWd1TuFcTMvz*gqb2_aL
zpIML87!1A?AODqFzPN2w2*zPY;Wm|S?vu~;0JLhg2dk=X>_K;9z_Q5w#~6sW)$%ts
znhOp;KjHP&(X43eo0zz#nDi|DGQ+KW%9U>?eWcl=(qL3C4~Tc<^akQTwid}7+|W<1
zAhm>0^V}$94oWT-=?O)t3fE1$A~6uaHXH+EHnp820AuBffW4wAtdUV=<`5U~$6Lxp
zDC=L&>We*a=o6yId(yeoI#%U)DvH26Fm>N=jWD=kJJ4y`Qb;DVMRs2{6Xi%nlJXs1
zL2b&39UaaPdEht5@uzi$ee8}1w>-@mlV2NKGgmgd8IbhR!@@v=({(R&rC9Ww0G!Y6
zylkBml}Pgh#%MJudSy~TP8`aHIL_!d@(kuLGU35Qcg<k&lDFxrJ&uWoT2g=pgM}Yg
zWNRS-Il_O~D)G#1xAX2*$5%JYO;WOZO+A9=2I9HEGa<{(Rj^&&*Hcb~bgP58pxeXG
z&BEyI>vGlW@TD4^g8f5NyE~Y{glEf&tOhDHPFz~_8Xd1&O)wsjyNGAPwsCbo7wh?s
zi8f>)^t`qmo~2^iO7{Ihdvj^+0R_aR(9cGkaZXx2-$B3%j-XPS5Hcn7;^O1&%f$jC
z_y;#MS8pnh6v)stqPBC%-!oQw3$bXou-5pDzY$A%07ZC_v~HN|>yGzkwP~BD@x#;I
z4JG5&v~h*bV4dc$PfTu3)POML48j8~_6IUA-zz#RewH<AJlQ5YG1qD#;rF)GgA$Hg
zCRyX#H|ukLPYRN}=o8Su42&7<ok%6uvbV789c4mKuItB`PM~{3F7m7!yN~BjD7t8D
zU*CWguZhvE|3)&utuq*hS>g)(iK)B8F)&o6(|fkgC~s0R?F_?5#F<2i7nRCBZfmUO
zLACLP%jbO^=enn12XX~2(#6frJaS7`IaoC^oK9gg`5E`Dd*V4vlVe5XlF)gGr{K&S
zaH4ZJ2a&kNO7AM$(vAP_OX;LJ|F@}#))VmZ%jQ67wvZ10wnlng+S3C&&qnO$5yHE-
zXT_y`J9{a#P$H5@6LfxAx4Cs9ReQmG`2Gr$mN{?g$kDg#)IS+3QVyrEmusVD`*E0X
zeIG+M{BGN}aq|RU9yH?R@>PY1Exj`~2$xXA4@LJNW^b@vN2S@u7!K8Adxu=UY$OcL
z<LXm!W!C6b2{D!%*DN}O=n8}<c8aUdjL>wfF!iGu%JP?rT%>cz&pyd%yiR;kO452V
zd-LGqkLbNXYfa$(A{4HqgX;iP{sZr>A&om`(35vzNs`I+kf3l>rK;#AD1T}{gg!uO
z*$&P6$J@VFRiA-4g->!tEW{r}d$}UVtI0;s3I?IjvJ(MF#vjl|x)bnv5`@rD7TU5G
z5yOu6|EyOg`U}UVMx(;#*Xa}9b|<Rc0v@yeCX6q>c}TBA2vKG%go)$;Y5AgJ8i*wA
z=Xzaic9KS*v0t42WeqN>%`%EJHy8>38a?HUSJsN$pYi?w(d_>Y&i}ou-_NdMQB)_C
z!#6hOzhXf0%Ws1--NU;xsJw^`MIT}EuNr3l-3y@bm8aODHVcPgBQSiQb{}~1()d(e
zE93RVe`9CR4-uU*x|fm4E3iXED%tOp$sR#W`FhTbeOq(@+(H3MoUHa#7}8xnADeob
z-Vi=V8AK6}w%^-mY09Qq%cb)!V7Zoe=lo&*{n<$S)&&X4qZ41F!O}$0$2mm2DL91m
z3hB#J_`9io{ZdSi?7jCE@3F%h_7aOg0jXc7o+PUudYAEg6R`%LPXw1*%<++e1THRm
zq87aZS=nrP?ScGBwX3R5a5*iPIq~jBaAD(B{<y0*@m5P)OgAeRT}kOku7-KN<nd{}
zS+_;wj_$Fu&zsL*<GE-?5#$JN6_3TEvF?H7r>7k7<;~=w(dk77**9o}ztRD?P$xsK
zRl6>dORnRo<*hZ6yq6kb-|jCT#TI>8hht3lqi-+2xNSV1*({nYrtuV4ZzU4la&7gc
zQWC(w_~koYU21q7_=3pChXzd_mpaUmh?`43A0%QnppQNvD41CI4rO>sNpl+Cx4g-m
zZWd9}Y%6Yu&~ij(y^oTOuck!rDd#r?KgUprHE$C?EIy9sJO2me3p=ml)5JhxqWs*J
zt^DH`!AlGK?QFsVkik_}*!LHwQ~%vOK%ZsXto_9&dFBv|%Km70rhOnNjG85P0AH|P
z90xu=NDK%0Y+$j!g@$6Ra{HNR<2AOo4xHs1d&`BblZm`L_>(-(^lI{Q1&4(}E|kyH
zyq7vz1b2AM4z?5tPeouUzi*m5w@V4I9`pMrnEm=eIPg<JT^@u9W<kd1gVjBvAYI4y
zyW_t*{hk-EkN{Cb4q#LQVt34-HA-@FAd2sr4v;i-FRmH-2#a*^hMew~cIl?FAHDOl
zM;fiBJ}X7l#8o}Bk10;)?DH_#(s~ogh-LU=e#gKv@4f?H3&YF3{YRe*GWuqg7e%G>
zNmbhXDg`>HvmLbfmQHc4{~Y0a_qN)1gXO~5Z~Q+f*~28yUFs6P^c2KslSRWL{kkk+
zhq_3eGF8DUv)3+zm*<Jn`UWHE6Rg8^r?7@b7@R$;BQ4i8VQRE07kMh@4SU<U^KHFS
zSq+SoVoh%Q@;&w@H<n0_VYnhE$va1u(o{VP0^b;IYBsWwE1qUIr*=oC{#1JDyLeHX
zXyzQM(YgRWSDT|3K)E2lL?CYebuzL0mjVeL?-_$iwiFpen!~c(V#wHyw8j#W=;(*~
z;{8mKHE$=McqWiix|}XD^*j<aOSt@K=JdAnp7&YM24<ddo~lKQB}xM%UoKXC2AI>=
zbEtwCOF|{5&VJ`esLq*IqIuoSJJV(63LlY?Cw*9ImP^16?X=PYm*iG4{$E&r?=Lt+
z6Cja*I*|8%PrM6V_^~l{p1C?HaU=f{(%$A)q?f6K5V~04a^iR8bEn#6=$$sFcVaPW
zbdEjw`gNsZrKWq5Yca@rSfxlh?*^8WwZ?6G6%9NcsDk-V?j@;BIB#c?5Glevmuoy`
zf7P#%b4s{DAa;FO>Z%w*xKPLcDQezw(;k^su-#It(!*o-#gfBrfx8Pc4*>xQ6AMcs
zaU1sw_qMqO)B!)yAk$pYVhEGgr!L@<_FgX;YUa*xjo>WmlgB!#quSwt9wf(8EPIKG
zMlPH=D3w&rPMR6aRsSq!_Uq?esN^>Jdg?I#u-;aNe3<cI)>Py5S<Swha}kS$MA<|W
zG^$}g5?9&g`PtR$y{)2_2dOM?SN@BlsJQHDF>LYxG}`0%JLX)h&4(}N4=H7W0fAFW
zCZp%?4_G~`W%3@)#zcnPD?|Oi{EnW~kxw6lrS#I=YsnwdG`0X;xOM}ZR<#*bP?nWY
zd`+<Bk#+n`gCsmkx{dgC)zsy$y8317wWWCZZ?3h{DD%#W$FCB)LM@Ng`q|zmiC=G6
zend2@ARQ+)26$KAB~LiyiPI(zz(;#NCVH0|Ho|`2a*Zqn=08s<S?qz<%0aufmR?sB
z#W9{4wDZJobviia+q(Oj1+l7*F2|3LR^1%7voUd4b6TtYBNKgmhg^X<XbW9)f#QH;
zgO=fVl5sEo6P##K?@%(9-<V3U^f9`9n?JkFXrT$qDPdUj*wE{D#t2Z0W62#cg?~^f
z@*x$MegDHL`q5)|c8^3Bu#Q|)e;e$F5NeTU=}<kIBh((oi|9u4!vlRxq&5lN-i2=Z
zzRe#bb<aPvH)d&bF!+#p8)*22n-OY>-kOE~uWq!WuW5af?UGOL<wM0gP&!q;mA8<7
zsb%I%R!vRxxlqFMsZSrQPvf{*RPwC(x-TIgc`WinuG@Y&HECAmA=K1H&m$%_+M@ow
zmw@vrlV|iI?x@k?9TMp5$b!`(KD-#))#pugJY*~0N{){QqG|9m(cg7gU1nvHuAh8&
z&s=$_P6-O<tvR(j$&GsFx@9f@Qiy7PaX&|bk9TpWZ^!}7fj{fB7=I$MJK=7_MS~++
z8+O*WV7KvN#*oL-U^Q{HaYuZ$2V5NWOCp!V*x!2fYpK5a_>&@dxhGPXI78$TW>&LH
z-kNu|f(G)GW*k4cl`)AR$9}SYm*T#H`0{CyCzS=VKCE<nlei1Eo_SV}@!u3-#k)(L
z5<ukNSnSQbx1YXzHeAYWq)PB|p{ws&8O<@YxLj(^KmU3OP7m-o#r7rudM|FLULVVF
zC~*GHl$|eAtP$J6f=P1t^KC(yC%RD$=33zuw^Lu)qpaeAgLHJ;qYpYH2DgH2=vu>J
zZ|E+dJ=y2Nt`1*Mt*?l<Lxo3K54?Qvox4^hpUN&hPahqHR(oD%Zk<TB#@oYcE%f!=
zUg9b;`*xs!omvl)e%bX8X+EJ%;cgI_@<kp_-d_Xqt9@6V2d$5%KQckCD{jS;{JDfN
z1YHdz(}}N9GtO5%yr(~QfM#gR=$84s;j-~qO-7{*FDG+pE<GI#L0yi{&IiBe;lb=T
zoQFFn1A8t($?ck4#<x0t**qB#KhH3XPZzCjH`qRpo5LN=l(0yMVmwHR!h$M$v*+N3
zz|4lgRwiu1>3;HntI5lIVJ5K)`cE&t*XOQQ|0Mu+-4dpxm#&=>oZPVUeHsGl0gfE~
z?UdY1o*z~)*4tikC*BU$Y-;|*%WZEe6boU)>mTs*V__4%;$EGB<%-kZp{o}hM2HsU
z_5$`hE1?-nmmJ~T)_$&8r(f?Z-&Fv&q;6jea(R4k*GW5f!WbaBOR=5kffdeK73P>(
zxV*os)N=_?{)VPcMli_r=BmiDAL~xLqg3ePRo)1%MD1IHYV2S{mlECBZ(u*&Xtk0O
z>qqK3vx#JWiYVjW>Mt^~ue?nO0y2ks846mx*Pg*Y(@1EgN_?g&3LS_V?By2sQyKQ1
zaZ#7D@iX{J8Me%ccb`(NhfU>JeZyCywv?iI<{j~hjEYH(!sYf<4Vp+*?~EMZyUq5L
zn^B!Yr|8ML%eg8U5jTxlBwu*Ric<~O3pg_m($D51l(g|7F#X|Q3)T--x6IGR+D*Gi
z!1o@nF{>7vZA`ObfT^ks$>}?kx=nPd_C0UO4pnpe$N*!+tAxcqBI(HhNZQUJ+uH4P
z^*<viGNKUmsnEtB?CEEM3>e=7=`>_rK=P^weWw-=Zu_i`8mmihI8JVT0gsd7p!H6x
zOn0I6#F6u4nY;A1;0JD5ti#Ot4d)5Jb9CBV7o&3~rSNBAf;sM_=?b<0nvgc27rV!Y
zyp#JH^5@J)G61qNTJ;A?+3+ohF%0d^p+XGlJ#Bq~vv`^fA<~jV$9rEX4D&BLCd;=m
zR9?6{elBHNZDg8XR>@YP#7<Dm{SGEw7N+#Z7!D57o2+1+b6#o?xGfz@jL^6OKNaL#
zfFJls2s{wdiaZaR8mbAy;$bZwWQv6^ISt7t6?vWX&bwO24oGMZEINkHz;6e8>OU)w
z;k<Fk%MT9873IA6WkoVoLfmwsO4z;dO>bwx1@bwak;1@3<5W8TCs`)Mini9LR}u?W
z+7ucyNHQg#eD-r8xR;wXHsZgS>)DQ%=WA+H0L38HrJZZt=O0r>UbtZyppA>}PEZEH
z-GX<FXmKp{43e~9U;0PH^Q#$;ndhfew)BnugUSLvKTcuicZ)<~kKU)-qUhph9Pg-(
zV34@RR0aj7bb)V~=EJ&1@ITIGzKl4fk;@>VJ!PR;K7}jPAx%tPmhf*ef2s{zG+lyH
zfz*D$;DHB7`6PTsqcTzR4Ex4NgYyoe#oRD_I5X~7O&wttob(AEN8i@@y@l{SV?z`~
zQVD-(q5Rq&eBroHl!mi8$hhtEMay+aP~!@nG?X{m5;g@T9Z$;JZ0X+_k43vM`Jt1S
zf!+!8b9kfB!l0ot@b9rVGXw{Hr@(ptZXRJmf|a%fQV+diP!vS64*u%C^*y{@b$tWH
zf>Y{70@F$Ad7j4NNMs0jOPd_G!j6tQD9}Bi#I{Js-kp1CZlWYdDYA&8j)$dU%c`#H
zsRajm-cpi3!j2JR?CgJ-0o7A2vCD}1g!J>!gHngarn-znFZ~*D>?RH&>-)8cVuj@T
z09~b*fStr!k5*+0G_I8*N8a1W<t)F+b>s6OYI&~MM$`o?!4_gzZ#;Hidy6?E4-K=;
zo+G`Bc`hHTs|`rTgW2zW9x_i0)r1ZQbQKY<n=LJA)wJYhhqIF&Hw6~|_z=J#paefm
zyvmjLo+}w+YVx;T@{OXpi%WYgTzfb~gFSDqt>*MY<-XtneNpxXNIP?slaZ)k{4Fg|
z>R@<mS7fc6)gEvkrc6_5bgXpG+Ua5Lj7W<SN5&_Km|Fcp;Zf8SJJxW#5k}dqv{%tj
zZMy@vpK~--nnYOf=!;wehQaG=yDHTG7Pzwn@nPRXbHirtoxK0@s|1bB{8iHO1pw&c
z;ZDa8nSF1v%_<pJmDj$Z*<oMN&=Pe(($wh#-7;b2gJBMFC!GXOJ*w1xAPV>MO+1YU
z>|{)efoJUROjO^jSL6%Aa>a7SJe+Vz@*=w-x07BS>8J8G+fxBu-nQEiTC3{L#<4u{
z+*Z^x4rkK_w<%ND-_ZRVOgRy^Oh9_<1B@wJw&=S^XJf>}Vken+lDPr7U6<AZ>h|Ii
zgR~NA#C_JsxyPz}+e;0g*F4q)sZ0-+Zp@~<5I0+~+B)0PjcW=r!tOk(^HF})^)+!x
zBYsBw$qv1ykKHrf8t_q{+=?ax4hY*f**RoRnJB9y`yLu?WG6eM$;=-)_XDNj(0aIH
z6xl?i)5S9jZsV2|m{(J8-LLQ%Z%8CctdW(U^W|b=sl3zZ3f?{Yoz9}iJK>gYTESod
zpwE<zW4|48s36D>g7nnJlr^v>XTz6Ca)0VNR1r5EDAr4Kd(q!QcCT3O=Ip6T&1@aT
zNd9%cI>vpWY?+gjiQWcDyX~mM8D=HfE52g_8$IZ}r>EIP&LH;!y_$E5>lOayjR;53
z;arL1J~T{bCd-^Ty1CYO2<~PT2F>T_+QewjN3s>&|0hrBq0qv+ZwtT<Pj~)<cipkR
z$4!pCwqIRvZNjyhj)E@rP^V8L=?)G0u-VVb1u_;PWf61%R;G(%3KDz1Y*ZOPKIK4f
z=w*Uez5~MZBB}b*yeAW_U2$#kZ5DD3XmWICo4I_~2}!JUGk7-c@3o_6OZ<IN;E;(I
zYH3(55hg-nJC>?E_nqrZ1ik!PHwZme_`9r-TGMo4tB$%_QQ}mIwcMr&uRPTcwluv|
zYheO-_Z~zBcVctrnQvw*v|PbS#|PTwNVmLB=*lq6DWH|i2S5_3)YaF0J9#RrYoC3-
zar{{ENrD9`Fxvxp(!Xi3k=WK+N2X|U8phNT*}XcP+bOFtB8~*|5+R8Kal`~gd6y)v
zC-&MR>bKa~=}`Rioa<ws<dA5YjJw&r)&qji>%;u?Uy>3X(u9xGI6$+tSN8MS#>w%9
z*FBpGJL=gb>xANyFme{%@`5r4aW#JDHbdPPI4oJ~Qze3zhIY?mBm<Je=GD<AEcybs
z0iE^;d(q~pRRfr~&ZG24*R>&zkQiHP$rHeRdreyPiXm`7-9KMKgJmPod4jONoMfK$
zQq|46NUY=0444Co16xUuu1_WrCVQTIH=aAW;V5U_Ck=E@z{$^mW|~pcBxSkJ-9=TX
zd0PlLRxR>=r4t;Qn;?1WMhP4A>~3`$z)a<iP2G|ziUPRuR%MHQUS(}~<AiZXS7CWt
zhc2J(%6#c<fm3+B324EI*9%K^+LJTWl;hhr(O+0@!HDDgQHMv@jG)>Sb1XowF_yw6
zwohlj9T7`$g90&cG?<ssOZQp5sT%zzV$N9|p4nTR>0e{N2e&T(j}R}bPoTDl>hKod
zm*dfoiz_M8*;8>yPk!8BV_05#0;3o>di#$MED_X^v4tri?A7H7!lW6ESsMByas0xs
z7MN>F`6AaXxej={FBFY$V|IR3l;f_^72*m~DA_y))&9qBL$>_HZtKnEkmj@}z>s=(
z{TG*yby09&I=l<$Of(>1AbNT_2*6wSb_IeB*d@{e5E`vNY6uI##?R>AeZALvzI*5v
z@^;4;;3@skl8+0|KC8s#JfX>~IO<bPf<dAw_|u(xqJt_G@zaXP_)M&7#?xuP&~!Jh
zLV1|#$SjOJ7=PjXVd+)+Gv)J7t=A~X1N?w^=n_X<8||l2IzAU#Yj*yG=}qFtrK$~u
zuAxN+$8m)9EX)&<0q!%~nXo3YbixqsC#$QuW*gn}S38CzfSM}wGIfEs_Wdv<1NON+
zhcd&LPi^bsWs=wQJ5N5dZxk)&{P8WTUoM;L5U_~0g$%h8eIKXvt^=BMVHH~HJDt(V
zhd<$UJz}WlL<i`K>u@zVKhNgtj|~O-0$>npa8RhHCr`Z84RIHpT?ZWQz66asy2X(R
zfS%USn8kYe>c6c<Ak9Cz7I`iBHki}CkiH-tkOXXfIuUHg1i>0nu)n8&Bs5|Xj`>t_
zAwtFVVv-)ajd9z$)i`>YQ;+Z}`Pzd+HQsrt@oEsWzn4mTaYNi8!Wo)gZp<LwypDdx
z4MReb4<)Of8qe8(YmNMX{`Jt}>wo*Y61z9l<Ae3{LL&sFIO)B6<LQe#c{728Fl2L9
z+WF#{R1FeSB*Ph^tb9m1Cpp?r@P?JKlftD(5f&$X@F5MveR7bFetTz&8vo&8H0Gq`
zE~;me5^RMUuiXl4BhksBO8gx7F$@#a?P^Dd<(?!clU;I1zZAbI(&AZ9%*JG2tVR}w
zcYynFyy<h@Cz2;9E2G8pTFzCyCD)>V3&t}#k@6zlCD1n9Z)b1H&Eh#p6w2&u_!6_M
zeQb;{Uu53c?c-NQ!h20*7>~AXY7!Y2x7P>ySaG+7?uB+2RSB?~MvH$PCOkv9NDerl
zbA^0Oqfs}W-ch<-cHgLRnsr*}R0Hy}q~vmy)B%{H#Xi&z-}$J8PB0|NBhi&~j`b%i
z8mMxoSgq8qf|oAt>jkSAWm{6D_;q*~a<n6jEo#npeswfHk(ALE<}Qys7UY?)#qD-T
z=?Aj0cr{Z_+zZDpd-t?f#e^nxdd)6~-mWiCAh=bmE5uy3W3``K=RKa5)+Y@HN1<CQ
zFA-u8guS9-imlDx>M^z?`kHn6F;(v%tMA7f5wrbsmmX^4gZPfK>*t9^bu^`)+|_c2
z^F_kVDUCk(hzsL6SmW|9$)XxVn=okk0%%9LTNS0SFJZBz2R?{P@d`V8@y+I%ONC^4
zQzfFO6u(YF+jP?X0oqZECFY(7eP<v+g4?n8H?;7DP7Y)3J`J?i(4P)jyez4}TP800
zweMV&(A)#}3mAU`7Z}7m^){};(-VVN|9KEE7QFTn>&;~GLZ8FQ^EafEtdg3nvFs<?
zlF7Z0u$MpvWK~@;i_JwQ#U}^jVnD6W^(Zu?B};WX?`76im-+34$X(dt=xFixyZZI1
z4jk6I-^XSz7V9j3jxjCQ+GM^xqu0*-8Hk8j#97iIun)tPS;Q9i?KX}_O=e^Cs!R~b
zY;Y16TJz((R>WYS%*sl0nIRM@N=refLp0m*gi{L&s7JfMAXvxb{xW}v!H9RezjoA0
z;)ubAq+Tf>Sx&A!F^Kgmw**nqY%(NyiNulF-}f!<Fn)1@a9BM)7bg;1EZm&;p`E~8
z;A7%J_V`(Q=Hi_|A<I_pSGfzjNi&>p55d(JDyAD9)w^k3@k(UAF^f&&9+P43%hmH<
zzaa2TE*+Dcv3)S(KDd%=#VOpXufEJz?<Z*I#+}9N5BfEAE|Y8T!Fll&(eDK8)yzf#
z*$3v0wx3vo^VhNyI@t6Q-%OIVWYek+*HNwyV0H%bJ~nOXlat3ZsLhZX>61m9j|~eE
zWZr7s`eeI&*S&k+B>=)=@Jun?{I+tpYco12ZvplGSbC;_JQi;5;Pb+dmE-(b8!r27
zGvQ)6_#|z!FT|55!7d1jwt-<c^<(?hD7{F+y{gpP#Mz(GYX@0=4vZg(nBP^@;GbKX
z%D80&1U70}=8>roF|7qTK!~*aK(3a)2HNdOg<wc!pno~p721>x3=56d8F*Tz;(kM!
zb3$UF%Nw7&M7`*%79&y<c*iA+eD;lB&lDT?P$q+6IFs-JBgaJ~kB{>U96*pHCku*#
zp5`ZB8&sClnXsGVH6iYh?d|!kicYUiHp*Ml!THpNv?qs<RW*pv;61@yF5}|;+JDC%
zTXCzr`A${v#?U&_p9kxIs%&Rm_Db-Sz#61_UL0!@eim_#^O?=-Nt`6ss=daEbi?M_
z;~TfM-wGieSsG7=01je+19<KsxLhTi&joCRyuQ4@FtGdE(fSRD6@`_0>IK|4bde6?
zb2wDv>OHm*M4)@GX^wVz+5Px6D7{^ZGy*GzNT_oKM-#b_3$r)*c!GJmL}kN3@6MMr
zETB(RknR_j<b_<i{`Y6E?fZ|Fcsc_?R!?7qAK(paF|+tP<3aEE_em`4KH}IjUU{ch
zlb1Tg9=HbE9dUPgqD}QRczhL_HLN(+J6t18E?qWcx6>sm&KxSM9KXL`wf8vKG1PWq
zM#n~_P$0K(fh0VYR9!^wmMM|_`0l(ez-7#2FTxks80mS_K3HLnbk?o(_?gDJike-4
zQ$<DEU89vCERw}qIktRHKiUr%)viWJ;IVi*+A}^$W$v-LbL|fXdgdrxlMkOScGhzS
z_p)2W_>Oi#9<j_fJ|df!MM!*q4aJc`l~r>?R!;j-N4-3j#9e4c{>VvS(SG~*Xo|<>
zz7MbfLk@Pf&e;#vyr)_>_IyMS9$ODcn6}at&lUr@YGrVuy$uB7{G&^Ds8L4Lf=jXw
zVxT_QexW;3ijG^w!lNBVbMCfEk%y44lvU2OhclJbvNus3{I>K8kX1_?tuyO|s3GO_
zy-&3kMOGyb7@E^&g#cahbAtjs2_Q0aQuNEI3A8vE0r=ji8}MxCXFPnrDuYYon*)#P
zS1H9_@1J?7TSsU^fzR)Gs)0qLn#n4ky%d&#`c`!!DRX#rKC;u5AYiZ^QGXS&@ZbaW
zzhP9;>5TjHSUXYm6|3AFNiN0qwD|ht4YOMhi$7PFR%60)u&zpbDcky~o!QxWfy7B#
z$Nio-kKcMw5Nm+0V;FPZaLiWj7v;*=o^_sEpncgPn?N<YXOjHNjNy<Wj^uS#oD(R=
zMkg?6EO6b!!vkBZn4(%Ce{!M(PQ`IGlfH^3Z|B&vdZtXrpw7}^a2`n99W=<01dQS~
zwA_CYO1w4jNfIc68%-RA=jDCl0~dX17SF3)`|vRjkiWtraK<R}avy!~=%cBl_L^E3
zkynUwZ?iT_*}TEeY4+~T_im<{=9pPP&^$0Z=U(pDRcqjcetQliTuq^u?ULoL$ur#*
zHH@p~BRV6_8I7|G@BzPCaWOH!)=x}R)|0Obf_J+O%y`haUW(kChSncK7radJZvE_A
z655yP7b@>FjFr^)YjX@dS}duh0-YK>J#j>#0;$jD$*n4Mu)K^sRfN9YY&}VVZA!ec
zN9h2qy2~r6eD)u<gcs)LJ^g}oG{kQE1?HC-D=VUYk2QDGHfw6dU25r^u<ITzZAl!u
zFf_6Vo2h0P1EFh^k{9Dy@t)<X>QM(5L$ko-3QxJ2ibZxmE#6oP^=*-m=V#MVo$!)u
z3DICghjV-Rbi~L)eJ-IPRA>BJFOxSqnt<r)bmCJ&-x1w5ys6l%iT(VrS?Z>s-+9^{
z5*R%4BaHmfp;y76Uo`}QB4jPzW|Z!uSwg&DIkPp;zB^7pS5z2OPrT;hWS)%&n`Lx$
z*5YqX|2sM!*>55rRPr-=q<|hw9gQTU6#uED26n+lA+!D3SLdEj-X*+ptMv!G7LG~J
zkyJIrZ+}O}?%a@Sdt}Y%<!bTE&Au046*m2YfnHtCo3GS~gMSR;o3-m>Vu@W5?5;%3
zpPhg{u0>?z_^!#c!BomAmo1rL>L}@-`a9WV3ZAZ$+*QDccSonrc$^yG0aW$WKMvz#
zJ{ALIypZ75Vzsld(Ec(po=~*QcChByH!C}tH;LaV5W*z}o^8)rCwn+@8ItB~cm7Mf
zonp%tMhG1-6P}G8MOr%`5c*sy*DC9Vb^HolX(ReH6N(F|&>q=zg5AkY9%ke%JV@wr
zVLJfbiT}F@lK7aEm-w&3{Zns;%sU4D8=3r5ODI$RwH-ua0Ga0haBM#3^Z)5_Yfn$=
zzk31x2e1Br<*|dSUP2BKX^PznfVW`BAHxx6O|F24`o6*-;#t33wMmP0c>X^gT)h27
z0y=32^3R8tVc0b@W7XeIYtv4y_t~$;V-ewjS{@R&KwGl8viG2kN`a#22mUHWj%W@B
zdyDordEe*d49~kY$x7tP>$F(#hSP<Tz(Z&Ab-<X6mN0YGwnAOg|JJ_}AEWoBXNONF
z%0z5j9R$r2GdjZoGhG``QUZb7BeVUfgZVCs&YU#rktt;Mtl#ZY;aqI>0gkCK&S}5R
z{Q{Ld`RtHm>VKjlgz#P}t80d{<e_FkOlOReqce=fe7@M96kqg$Xpwm$9n$2cmqS_R
zB{{aj5)PXAS+Qdhxlp98{TmT*i`IW4O@@_4rC?~4sp_kB{Ep>!uQr;<UG=Ef3|b2r
z6HU<GJejMwC(WC9ZbF9tbC)RrR&nori_8_TjVps2Qa+iu$W;#j75}0557*y6F6jR+
z%ChG0tN-Yo$ZHLE9vwG0y`<=s;}@Hph51Mpne#k`y6BTOjRXy}*G%c2>eMQRD<}qE
zPb-yulCT^9m@i%XX{EMB#}yR&FHk}mHYM7w@7VI0zkE>F?C}eX^yPiaUd2tyDOIHL
zT3C8RlWo@C$u&wla3nd#%MZWZ_P2^htW_b=Cz@D}53qS!jB?w=mDi|Lx$|1!FDtbF
zdQo;fn~f>Ax^vsLk<2OYxtRK?%;(ip6B_0qvX-ouslV+X@^9-S&@mGV*LrO{J!T^k
ze0ZY+aGtQdeoOqkH=7gB+N%w{F14T9S?i>7p9N_7lW`u^ExH7Pr!E?eFME7i_^Z-G
z`dH7QF|P7Du1N*FdS{c^J=m2$FJ+zm>u9xi!;+)%XN&^b>i0zzV_g`*5xLf-+`E*%
zU0zXk{K;#uJ%BEd^OyG8*K#HEg%U?ZJ5Z`g*E9MWm6KEhA0VwN<uDPku4t~<@L=x}
zsU}c?_4LlN(cwmXNq-|=FiD!@py^_7f+a^W<2+(`ds{BoF1IY53D?RIpFGR8S|XO&
zQMc*U2G)8@SWEIe9egIR(x|T$k3>={2dj~EL$dw%Io@Na5bCPsFLlO$*?JKXY4);R
z<dW@`Wz#rzIb+?(kTD7fEug#eTNZc-v#?O_7IL&Bqy<ssY|#3T2N-sG6iacfU-0HE
zHOAj}=kIuNDQs_${tU*c)i)ljII+Qq%MRntS#|H1F}Y!NL^oQhP;?P|pxO&3e>dO=
zC3Ta+Vn`z~|FTGv@Yb92ll5dkwISmyp#~eHh(Q|bb7Uh}hdED`>8ShW?5-TfhNtg@
z{^Ni9-{K1+KKiqtMbF}Zmm{@vof0T4KHbALd@%@RN+gs0v4)&zsr@+Yiqi0PG(y8q
zIk`?f>a2l73oCm+<*GzLn$Y{T-~xERe0Fr=WW$xUr5)HF)kYPG!<=U}Mf$;Qc+XvH
z;6`1I+$VwP<#@c1$Z>IL`3B@7z={#q#<EmmsIsYwf7JC1SD)?a@O2y#lUJLLF7@&J
z>`kHVEn>&|JL0@w=@pGSn}Y$1&?P=wI&U)TiJM=8=TVR6|H4gq+bPY%vN|dHymwcn
zpF=H+#;fGB{RGF)d}vrKzdE*Ud%%airI@!J>d|JckjDhcbx`3j6BS;q=rh$4rCp3|
z<49<2i$7R-5#Pu3%~Ts78y!ToYI#owxpguHO$gf{*Cp4>zZ&X#COGKU9v+x4;WNK2
zmd%!w_YomqX2E187RkgUB)3#~F7RmqzxFo_%PAVWxXEs`+O+Ns$uT}HY?NR2h(mQ#
zLP=p6B(9$S(FN(uc2G#+#`c6VGe1GucpA=%`~an#bpx5bZ-gBql)9dRA#QrRLBL$0
zL6q4_DV97ITvgRDRPUx={ww(v&|BJ5*!x5NQe@vT4-;6MbR|yHBgB0hk#TKr#3;@3
zo@^+i^87Fy0RVCrjF}HHf&OCWMA$8Iwq4ZKB%s#yk4&)~P+yqToswdTzi_X4)jb?_
zwmp9B*;XnT+3~P0SBx<+|88G#b)sXkgdfX>POb}1Xt5fTE%kbLWYO?);D?QT=3>Y&
z7aV~iv%$!YbH|;7fpeC(fp^UqWvmd2rg?9n&Mxqribe92ZX_wS3L@M;0ype&JxG4X
z;ZN1nVVEL}`a)eHt9`WRxHI<sqx`)Ksq>q#PmR3MbbGps=3gHBQpQ1J^Vq}M5A*gu
zSL2`TOp4UvtC){*`a;ev%jWBa%%7h#iA3>DW)HVLv|+j}z%Px2i<)fTpW4G^cAcUG
zDO1yf3&XZ9h6t}txH8Dt`2RQd-YP1tpz9Wm0U<yL?hrh9aF>MO4Fq=@cW4@GoFqta
zcTIu?cekL8G!Wd~wQ*>m>BIMr@!5Ge=jDz&?!(<LJw|V-+Eu%%)|zXsS@#FL-(m#O
z3Xjy^n(y2uy%_<9-$K^xKGBT=z!pC}TZmx+HGF7BrG%iFc$pkG3r`%?j~-<^b9f6v
zyTE9O9N*fOx}ffRD{lJwpyheV1-*6yTvZ&WQCRs`&mN@Bzl<M@uSjwX6jpbO?vvhx
zCd&xq{Zr#3l=ykYrs=AvYK@t?hWB>MpG{gUvO4~eRz21^uKV6pnK(DfOUjInQt7yW
zht;i=<oDf)rh|thH$@<o*PJ&=!l<QYU_gH|PUM~77g`#z(e1q$jkQUSWqs#xd2G1=
z-JxBMV>hoIJ#7_-uJe4~{(V0h6(a+`-7|f2{n@Lr+yiWp=#{}yIgt2Hr@x0}1-5Qy
z!_Qz+iE=DSzxnv5TSxb<Vq#bPOq;+yfS9b*P#=sG#o)+Gy|bYTIjx`y6&fm(?yz+E
z>=dH9JJ44Y_1o(T*Sn)3=B?;#G<-F`!QVPS%2ML)f~-I?CGbd+a@|m$Z9J&Tc972a
zhV~m%g?M*}7ZsWMDmEP3U?|<*7Wr3{Jx!#taRHN-r0qMzYAW*TV$?4LR}N(2_dEC=
zN9pt0wrM+3y!mK>>l~RrVNt9X|0vjkYplo6Yu38}ji8+S^?<PQh)~W9LAFHc6jJu;
z*GQOWSQdKTF_WqvGo3@rw(qdGSEd44iFm8bk4G<1CKNut;oNqH8X`A(PuOC_r$Q=j
ziF$qD9<qM-6f4>1`3sLs@V|fVw5z*%W9r@4GOkI^7c(^sS8CF%jg5u|heAS^GWNzn
z5=PsPbkXfg$cJy6;M=O$y6JO3bo+#MbC}q$9GCJ|?yjU!#Ej|XCMzL;htZ;QL6Rit
zV@!OfS?AD7jADL`3I9)agb5eaHPLjr(oXaIiQRUOhXXN<KO}UfI4Rt_C4$T7cB;Ur
z{O;r}`#)#7csgRkQj?lA3+hP+Yj`|IsSC$&Da2lb?e<$JG<>t?U>zHMbYV1t=oK_T
z=~Y@N%+0%wQ+2!H8_TD*j~yom`DU#XJKW(---^_}#M98Mb-aBZ{A<~K^n#TByXKE#
z3@N<yWc}e7W=_|s%|13)bTPVe0=G`tdUeE}Cg1V&F&DL$()))9UoqqmX93r|Y)*E7
zdYc?ufydcK$5uzpbR8kD?9>mHzTYz>tc3DPUv_JgFt2|gR<*G?w$Mq>#H+pw1C7^z
z<D5M-Ma-crw-8)*=bxTptq!w|5}S4!VCcFQy&%$to2Td~SiLTjcU1jhqb$+t8Gftr
zt3FA8d*0OQ!82-*%YCz#RgGYE*jw9bZ`5A5IhQtSze%)xt9`Zg_5JA;_GbRquT>Q|
z4#1#M!5j-XnRJ`4jIEB-^IUCYckpfgfcMQ4C0w7e&EQsxR*&7U>{x|{NHU=<8FX0`
z83N9fe!1NBLG(*jE}OrZZW^cWcmpq187HN|366O~uX4HU$xtRgV8Q13gZUC|cf2kC
z?y`{R3g^YIJB_Eaf++bJ@LiM57cFMYj9Ydt2&+OTutCNz=;#^Hulg%!bn$jF>#kLp
z<n@((3c?j$^nHVj1#^}TGb*y#si$}Nc>_ZN^?>u~R@%(LxRAkQjyBxkrttC{=B|?6
zU@F>>LhXnOZ-Wgw)tC$r0b<1qz8Id4TmDOO=Im{a)vr%Ku@@KpGmT7xbNw|l-%&tS
zjC<o(a>l_lsb&LGdu9@;`6<G2ZcI$!!_mWQ7>Hz8)9+Y8E1uEt2rN(Ht3uri_Wa%{
zG(qeup&YpW-yHR-JG;)|;a47kR9M0}p7DBug71%q&?Zy&mCi@py=ola&P|8_Jqw$>
z)!M<z5`L}E4BB-8*J&NqKb(A?eJeK|NQsEYJZ|uaVAOE36Zbe!|An3Hq<iRbNctE<
zAFS&?2ONrjRW$>eR&ES!nTYO;0-^ED7&2x%7aTW4gC9JG5VJbWvGT~?N?`NgUa0(Q
z-!sOTrTMoWEx~r3YqQ{vgocmJ;$hPtn7u99`mceg&Q=^|VdrfoK}Qd|qq)#ZvPz4*
zQvx(k$fCb?Hk(QjKZa0z3F(Gni<u<iNs5e_14*i&zjz6!4AQm(oJIg%_$nThvva&&
z;a$f<01lcPQejS;3>9+^LC$c9;l*N-zyX^B4nhyt!sR`_R-24h_Y~3j>9}7xooVf8
zX-!qgSHxXN@L7J|3xl53czplX`%MS&I?}V?Q<u;Cg2bu7kCx{eTw~vd3jq#9x;$|!
zD>x|!jHv=`v{M9!iCKQp5&w2t<T*7R)k2{D^L?pJF{fHFix$zMy~G~DS<H(p2D1si
zU(>kl184neEDnkAQz;JT1IU!5z-PK^CYcRpbtaEq#?conlg5V`g{y@hR+%Y!hK8X5
zI^0<0<pTiT7TqxKbQ!u*vZBc=OyauY?gya2$v%dXC%qD`1Ss)T!bc!@t#9gcX&Ub;
zrpd6>Rx{$|&D9%gPJ`cvIhZvfp>2YS8lwZ<X&mL84E~OR!LX+4)s5r~30Kjx%$yCu
zhMJiftcO?IwNx&8PqArtD)1<I)zZ6e1AjMZ+1ImgUY)!>naT$EiFNyFPmeHYVc<C+
zwnfn$aW|Jtv%IREnRuvm<(57`b64y;3-vL{E$_48{<jew0d2BBnR;1{Zhs`p;2)Y&
zF8d_{v&0>id%vr2>HONPQ=$ZqLhX@Cm8O&a-!d6=jLvT~<`>=&y5TJFi$ViA5;?Zz
zw1?0*N&oOuSiWj8A2D1DirPF!zyAFN{*kUX;g!*M^-l1qxXHk7bVKjR3Wdj+a&qPk
ziBF_#)}V&lA8lj*CD~D?rU7rHSjRDU?H(|N`JPhp!#{g%vvW&7?-fnEbGo&p0U#n^
za2y%dN;u%q=zQ^FDCNj1!I~%;P^7XaFy&=-sfz7Ak=1Dwp~lmVQ;%v4!>#ukvjr%)
zw2-#){+U9lRBsqQ(W<e||IFD9p+IfJ&(NGDJz~MU(QmdJpYIKhoaRiQjTJo+nY^Np
zfS|XQdVF-6f4^9RnC=PAUTq^usj8CFYZk<2sJP>w=2{#Aub548?JC-?6!YEeSsT;D
z#hE^qJuaFV&;YkQj`IbO8p2K|@K4?Wzb^NZyf@vnD_v65m|96HfkvNhtSny~>P4>O
zD1J6O73doo9t|4#Y9VrtYu+I-sO%!+_r=HM(z<hK2*>r5-Qe}g5BagK*1z6tqbhnM
zEv8zwdUOQSLp!<+r?2u`v~rD;?}{&S8T2qhuu?vPhu7q`y3$TxOG054sO`uw-m)B8
znxlQI&AI#xVQ_a03C(p>y5Z>klVln7Qe#cuR(8`WJ%K0PTOGJnXK?v&cZb2sSEjH4
za|w-Vek(+5i0|SW<tS(C8^5Q4j~pR~!9NZt7gC@;q+Gu0K#sI}pRPVs38wEBuFb_~
za-5Nt)*u?`TgN(Hwu+-2y$r<@O$@D>@&pLYIFTFDu*r@xukEJ2^`9lm{I*kA7}F9f
z-xQ$hN}LP&9^h%dmxF!xH^Ku%^wViL9Y(g(IcwXJ%414nN>=mvr!k`oL-sP!KW#&=
zFHP#LMiknF%R?y<S3DaDOPOtZidSDKHH%hK8C8jLgV<tog=kdWtOqY7Q~B&jth<)_
zHCo>w`=-{L&a!pi^X-3*Lo=`EwK0{Lz8+GJ@lTo)HKiIBEvJ`@`*`8mM4T)*EqW{^
zQXR_zRB4@Y*h=cvX*9bmSlqxNLwqW@gKH~hf4!j4$GX$;Nj*Ew$;5J{2NjvMO4h&T
z=Y2w^$OHbxmLRb**eKZG+UXg8UG>fF5MN$^Efah%CRg5mL3vK7XXRwJ{XN3-x;WUu
z%jMi6gWTeUA(r-b4c;2|-95%WSLFslYKlr!gqq28((mh*8%B));xqo=fV;X9#7Us|
zWVU`(xVXrB(K}ftcKv~w!Y=U8u~Hp+k|*5*qug~2!@-}Z6XU4ahcT;p$vPa>oI^f4
zwQu1q(LIPKI;?`6ve{b(n5+g_+fTVM@f$EI*yGpNrE92T9`zGGiegx0S>^hGC62Qb
z2qH*$Jr<NdvfF!>xR6NrwUbpm@Jrq{ZQ~s-xhC-(QJnqi2zJGI{r-LesOLNVBt$wQ
z`P9LaDx|)mKh&GkP#l~&2QS^pb*G(8*l((LWlwEO(f3pO8}OMrn*AY}sO1|K&>gB9
z$*od8rtl8fhAVV+U>_a9_&O=>pSVa~NvQP20XUwMm;Ce8qcoa{*$U2!NPFe)sXng3
z)Oqldls&;Fk=|0NO$Ax;j)>xkjET(;nXtAP+XpUWemy|r?iNGA+qc2@Qo`BLO{Y=I
z4wif!QRUTRaSLiSm<i8Q(I2{sYyLM@y7_fuT{U+-V{gUQ?&6u~Okg+I@4?kcIYkzq
z(qZSi&;zP+V_Bpdv#dh%5C5Mf|I@$3OZ$<q^sr=*TVei&3m#q*TjGDpoW?ESSNRbo
zk(as{-hY-~-}}!zLAn@$|1;zorpc(zPFzW`(Wv`tE~?WEZ1^vrgbo*LIIf_g_7N>C
zb&pN1mX9p_P92q<y1<h1coX@fB%IEWhbU*V4Ul6&xqCmDk|g4vZQC#X(KT<6jl;DV
z*PbdbpB-PLP~9IY({+@jRE*DpY|*yv>EVazH6Q$h-Q*`Nk#4gu^@fJo@2=D}Z`l2F
zJmPuD+dN`?izAu)-P#xp8pL6b@aL_gk>Bb2vkT|^fQH(Xvfk9my4ru^tbqMx#7VX8
zuj(I<WfVG88Ag}<3(4N3{UtoU0BL!wlLpnIlOBT={AUdyy)F0=ZDizQ9|vF3cRxa)
zB1vZx9R}`-B$uv+S!P8l|D^#d#;Wda&-Jeg;^D=~g*_tq|8c0i`!D=)J?Q^G{g2l9
zf4EsnHok2>uIbK4^ZXyBrKxoOBh5K<QBX`=d?1m9z{$xex<nmj_6WXXWrZpH(q$+1
z_4TdPWsl~HlQaDM`OVX(PopDbHYI*Mu$--a4j^hm73B=(0*-*6j?t;?KQXig1qHpK
zqy$7$3Xf+36sF4BK7RaIsb6L>oUWztuaMB=*U(hq<>eK}s6<?D)Uw^k+N+)<U$t;#
z0ZSbN|BLeVI5hhG28M<X>Zx_&i$5va*t|PFK7K6!pSH>4FSTOPKak&lA7YCCHPZ3G
zAH)8$Ts-FgcTXqEr5&-CNRkg=fjBHdp&Nr3QWgw&Oxw7kcx&~I_6ZhU(v8&HjeNp!
zhN3>%tBD}lV}62>%h;FD{L@~0IosHH$Gr5l+jcnV?b*9Nl*{Xujs3f9=>UKh*+P>S
zk|{1aBEb~5?c?9x&+4sYO#ykuetCbX_EHoucTTFqS|<bWhoTpUj|vC~6h39DSVx2c
z5MX9yOUIYE5<^V~dq$`69z_wk)StH3b9@DEaM1mmB9!dBar0_>;VcQo8_R+6JAOrZ
z=j|6B6=s*;+d(T3LW06*v-LaG{k~L;!7L$oJH>GgDHD=_1y7Vr|0myE`tWvWH{MQP
z{L`CT?bS5KpQk!`dM|WTvgDwdwPA~*IX~fCR?CxPkw`@I#=a=jBed#raQ(=DXHBw$
z*~{GCMdP=?Yyau2*5ErH_^+>jFE7|MqF$jElodnDLOI|XOaaetD{wFt@Y;7j$2=P@
ztPva-o}az*$2d!->5Cu21qIeDHA?->PgUnLG!je>m&y1G*~)LBzF4l$u;0_FeKpm0
z>^{y(Ij^SA&=OVKJQ5Cu^LTaAEmKv+iYwF)Ul3g(-@0td=YejM8GH)i^7X&hFQJ;r
zRY>+45iRD*OT*U->SGU1_kf09b+#9$51Py-)RfU1MlVGBAPm4Xf0%Ic`pE+|Z;-Lr
z5F&#+ps?C6Z<6XDMd9U2A2hI#`}%;3>}Eiqi)v<tJI;Z0K9)V~LI<=`J(=Maw5jr(
z?jcob>SLW3SW77N9OhI0x+!C1HD`1A<!j5VGXb*pH7Z3S$Iibi$ND%+esMFx?zi)0
z32;Iv#kCac#&3*-Eb|BntDDFzU+yz=;%q>3R6*ehP)_ZgwU<7uef52^(Z+!_Yi!Z#
zqm0!h13Zw?-#1O*bp84waeia@x#EtW2;9|8XY}q^rZl^t{fM-rFDaRa$8d@JJE!}>
zD#_=sT@_A^5!~zIzfyI%tLS@sAX0-1x{0E0%YG?~HKcu*kKrKPXlH-lCeExGf$fDQ
z(8S**a2o@(&RJY!O0PR}h{zVmnETlCBk487&w=(*CW~&_`~>+}3^^-UIPI`0=Z@c!
zhqQ*Rp1i#sgzrrS8%-l5JarfQcN2(!F_Dc1>m4I;!&a)Me=ba_k-UMjmrQFSW@wUa
zu@r2?rPRh2L)l5NY~0nKT|sy*-N_bN{}@Jb-yHLzNT%lb^6wwAEa0ENcR|{2j98Gc
zx88}@p$(Ia5U<wwJ?3a6x4Wgoj+H#A$Md{m<XmMw!yi8rMuBBL=j*|5pn8~vo2xGp
z+3);t(4I){880EpWon^E^0w}XKKNL-1MtlNtna}N1xf1L%(V(Z+7u1X$E}<N_pKrp
zK9p_#-pn}UvVsk>8NLkT<RTcD!qUN1LVO`FEY%oea;&#dwW6`XYa!LHp~xYj=pGXu
zJ_*t6rGOayPq!w0X;!vXU#CP7+sYyh2QIM{xG*<{YQso63JWKxuc<$a!0EN1rdikd
z4L)y53Y$U9)FsRDAv`=g2rJl&<Qz`v6>i6O26<1Sb8i2t0V2)Tg$M~&Xp3yj$Bz5G
zu8mwO%t_@~D4!myu9@QDN<Ht0@k-ga1o^MJKZZQQ9zz5iEgpGYZ4SZHQq8_iL7dS;
zG%|5(L30~4gst`$)|bf-;N<=#Q%2yz*!}c07_qeev3>q%cW!wI+-sD71ySlc9Z4GZ
zYd4Y0@x+4LUxl8uT(kAG497?Hp)!WDQNrboN~P_Z_Sb~s=ZuhWPiApX$Fq^Jx9p3w
zAGKP+qfI1mSnG<&qwyrl5qG10{50!&Pl!^74yg`?oK@Ks5B2+J4e2;EN?Zx~HP_RP
zwqZ{k6ZiJKV~SSdKFvA}t*i2(>=tTHkt6xjw|6<=`7qG8IbuYOs#ZNcyz2mq-QG&x
zAtXIfO;>~iI@y^r6dJi3HU&<?s++;RwXffe@+vu*Np_@aKV=+HH>EUKH}<iV98M(O
z>eok6F?B3_50_zEHE0w*lAIk3-pxrdL>*wrUhK=}^YHhReU5v^58NzED*VN{7VZ_$
zHU^-ai{J@njV*B?F*drD3q1TM7vK!{j<};cfv99HqmcU282PokYKBeL*<q?s%&6n3
z|5KuVoi;(~6iV7LHfcDPAj0}m(6`+acL!d`*LWn^C&;c;PYeXp-KN@$zE4Vj*s{4t
z6lpS#I^DN@>paRx5Cmz3Pabvm=cp2pofG7ydOO{q1uSGXG`;9GFR%7GoY;KrFfzn8
z!ej_)>F*nmw*B1BI_IiW=oS$Nn|0;bCwawUlaXptKTN4G!OA~?_c`oaoj0%Zh%slz
zuED1pt)B;zTdm{2UkfWmZypR7oet|oWV3;m-k<Cb{@fhZ3$6!d(I3vJ5uTNN_};)g
zk?&-5@1m3MIkD#3bWR>3Uyls})X(Qsiqd@>?j}!|YY=m6Zze>xvx;@_G{<F_)T_`8
zBqZftl{jZfU>ls#2>xmys{<wNU3B{1^4ZFlFD9|v_Q-Fe5^iMLm~ObNu)U+JW!PfH
z1Elxc-X|!N<l5i#DQ1rtrQ`b*o|{&95DpqVMZH?`+JN$oZBY%Z(MWCtdpN#RtHqyt
zZm(W2Wz#M}ikki!_kn^G2~ax2(0*I#f@^HxE94PC#n>eI1#=mi@;p0V^QYn_CyLOB
z$zkK3>b5EU=-!D~#h|CSd(WM%=faeey}(_Hj5Q{ziEqW(!$Y-t$8KPuh2SD6Z;rEi
zEn%j}px~9iOirF!2jZ~RqeRMl-dpnyYwJ%J#74ady}hYKJx`ycImV#3Gd76mjlY}l
z5^ExJz(U#~V3Rss@O9Z{lnMt+Y@wJx<H9(i?J_fzT2g&7MEb$B^Ms_xuoZvqeDas!
z&>CRgGrB*ueQA|`8?Y;#_Ke7D{roxmu67d4%ZK;C0oEQ;V|hbhfw|j{@x5z~zn)0q
z>5`XU7sVu(0oqFI<?lIH@{X(qxfF=mMi$4dUt1cH-|G7rT<(BbEKOGJxI-^HjrJuQ
zt0R?OFtawy8e)Aji5mNDNaR9j_i+f~zwvhjt@Y%Sw98ic$J68u#Hrij!&)9{_QBk@
z+l7$4Hn_6CI})Ue4njrylKNz|X8qtNur;VdZ-0Dl*^Jmjr0eL&-&}jI76YH~ZLS#5
z8neyCnS+2)<J5HgaZ1Rl<j&Z^02H&|=<A>AGMjl2c}X;*KR{7b`lMaUSJ<5YuAJ%J
zU!QmTH`$EWZ0ym(Co&EjbuRg*N6p_RjY+fI^h9e1LN$C*R}pGQj}qpJg8QSD6)3tj
zBlW{fJ^u7TuVVG<qp~ou7P_KYR;!FrZkJo#bgkkLkV%&Sp~nS@ECl|?95J+E@SFS6
z$FFZNcdcpzFz^8j@e5*q_M+Zwavf81P%C{Lge3D3edTJ!U3Q*aV3GrDBu8eCw@I!I
zs|*k9ysr-`qXd+HIR=Q^GP`Y=xFC|dQ2Fjb!aWqRfCUu~>_}4~<W$7wpk4+wTX`>M
z)Z#UZmh0n)fPSxvgVnDqv=8@CGK)rMNLPfopAKn63>p>I?5#NZ-uN24+A5PeX7%$7
zP;$QD;!O~ecv2+XzLI=0aW4R(b`{KOifABL2u_?tNaF*^<EbNP({99HFZ{Hf#CfN@
zw<a3eCau2<$9`u(-cd+Q@VHj_y1l7)dEa!uKaQG7&BC<St5CGyl!&ieTP!Y2X<uz~
zD(g=v#1AHK?Yvk*Rk>V5Xui|`N-4AO*Rk)ZnG#2lcZ<Oh@E_)eQUP#z@4USczh{4B
z@UNkjX*}4?qIg}b(A>1T$}Z7!hiPEaarQc}KduA~1dnF$9nuZoVGjmYOa(F4(clK(
z@iVD(o{AF@5}>-KW?fg}BK^ul^RcwvLe0xO_m_ae#1HR#dIlQOE@Hx{gs5mJ=XH5@
zm>U@Uma{Y+lAXoKd%4zP9_9O>_$*8ptRJANVD^y?0uoRkmag<es(eWy^J$4aRY;^y
z#F{d1^;YgfEopn23Bh1G1ZaJj{S6ywM?6%}`tiG%V57r%52KP_A7|D;zX-Li-~Q=x
zb<;iH2AN_@AL7I&?t4QGmny`H^C2;AN?K3+0cUyc4Uv^~|C<r57?%su2LYhUz8w9`
z5x{rPvHex^R46@ap|kUwcpBpJUG`vW&YoXRK9oy_RN@Xx0-m1m{QLpBDzn4==Tezw
zy!j6MYRe})3>a<doD=~&p2(QdUfJinCRq47=LWx(L~pxzChhMcQ0I#wv%ERpgq0}{
z`C7BX>2m6=-hq;*a5d#e&f{(k1-6S__EALc8-J_GfH3peJQV`Do{EGwjnL3s<!@}3
z)TZ-9VGiF@a*jorj0Q>6`dG6qJ7Vyf4?amx1(MFLDYrkW;W-LBX2en6l+ti~znA)4
z^}6+Zx#XhMGjOUVzzXDi5uNdQdUQofY6VwUpbZPhpdl~W`h7{V<2L!1CYb8V{oq#V
z<=!$K2JsWuDCL9E&yK4$R=$f_XC&HZ`cPV!xam*LiWohFp3ke6X7%Q4Xz8sflX-SO
z{$;yv+#%}FQojwsJ5%DZfjkZL6uCB)2&lr~;tV^Naw8b5U*S62Y{{uQOsL<yy%RO|
z^5e#ITC$NGh%|2Vyu5QJf9(}RW^NF7bd6biAdnGQrQGSfecjdwAs>!M1C5WH3ntuk
zjE*azJ9mnnp<m&1c$we(_?~(YxE!KFQtn39qz*f$M)p<&z~zIkt&;6DN4~hHmMhEH
z_j`(65^0MMv#LBb5D+?th}@}Dpl5)y(yPOj!DCUEbJ!by&vP{I*M1q%ZPu<Q<+#Kl
zl_ey(ciU(q*&VVr-=4J?;T@*Urd;LDxaQhH`l63z&e`wgoZp>t*-KW(`akbru6|sx
zfVY@5ZJL-35wwk7J&ySyp&M*_6aIu9+kR=F9k;^PZW;dVd%N2@ib2>!zNh=RC(|Wt
z^s6c`e`(gJ;ag<hd?k|a+}Jmp#OgjUpyeSlpoIcw@xkI)utk`L_o?%t9C3Cr^acTZ
zzdi7b&##zTPa0CWxpS_D+}!rq=ECZ#(Z<N;r1ZN8ogGSVL-X7VJOxl0QZ3Afx$TN1
zJU3>cgdcu@`8;;Wh`3DEabVhsiuGWo(FofS`bqDaf#v>vV?t<u$DD7q7-;l1k^A!K
zUI6?gYUMuV77o~Mxu%FSy`#KsJvW%N@Kr}bUz}X@q_O)p5jt@;d3krSYjfSvWSxBq
zxbAObH^@ojghyIAd^e;txRT&fe#nsjV|btR)e&epo_**>dPTf(r^R@`gKIMZW(^3D
zaTFZzCqt0XT#}7)>51~%54deVR6Nh8uXvL_ZoreL+2iqW4SQ=$B^DdK@z8pAJ;{$}
z*hb2mZM?d;^*4w>yn(H$IvVP1I-u(v;2%A2E@8cO4<TI?;!Ua0KZz8qoE1h5-PP`0
zJ}2`AY_{NOg+iFo)kzIxs4cqV##{OA$!m-`VS9~^yW`&I^;CbpceI@M{Q21`cmj4g
zMtz;5P$5XbZa<me@koS^-uHse0myAJt?|KAqLNwa*Cso&)$ln|VyW-tb^Vmc?2Qgb
z`t^aQzNftzVmYXn6S+|0hJ8QXb~n;8S6y($^7k!CnB|;3k#p;F$7)B>eJzE^uiWg9
z5`I$W4m!F`CPo)MhA$R6^g36LllGRYo=g)uvLylDEi@SABYYANc8{X#4;S2y^ZuQe
z9;l6$rsuy2>c2wn0y?K(#!E<iD!91uZ#jJ7ha^5ikNl}xhzE<vifvh8(AvRO^;O_8
z2ivVfQo1;HjTaI&lv1iByx(>_9PlJ(o&MCDVLoBD+%VrK9l5W{!5)paI!zqel)QcZ
z+~8`9Eyp^oYL^~8QD`)N4Rnr>6o@ZrXqk9$Urvb~xud+>q7sKkB<YrBe<DM-{HdT0
zc6$h9i9U~~gwQ91X(g<dIxX3^!*GY7r@nY3i;Chytu))!zVeof@$)gY(F4~6y*;m~
zuTn|ra2?F-r?p!J-6`R<SKBcP&uy-cb3U;$skj3ufv@_$duHb3EZWg1WI~t;GGrX-
zjy*518CAvTxFhKkUKOfjxfmvXzR9tYN2vF)`Cu}m1~UpfT5Kc5XW0+6do4J5yGomh
z&$lV8mJXr-+ly_m$eJ10c(#^u@)>eiZs_5CzyoA#v9fpRbE@8a&94DXhaf!yVu%-?
zK`f%wOK)Rh)z$SqkDXf2vZ}IHNA>n83p1cKCfwtwMF$X_c{$A15zKt%pCNo|DVQ)-
z5$xpyxxg^ivl4lc$kV$rYt?n61H0!;0wljOhlON}(U5vg0z9iTPaRQF!j3V<9yC=s
zdbZ6;?2bHJM<#v8;m(FxOe}WvaRC|J?n6Sg5$XjOp;=6eq~>(E8P^nv+<F<K{LoxB
zRu>eZ2EC5ngw4K!Id7cRPHHk!L;x4>dFxVYEKz~06pM!0Z1nGIXmuLBMmE15GCj@I
zz?`)=wbGqlxid3q*p;n|av$N1@5pJDp_<{}-ICVYl#x!7jF$FEiNh^$&!9DNV8K4A
ziP8vu<*KCo{oYc!3>U>8hdG}ty@0)Bahvqc@_wG<J#^hcl8$b_yK6d%56xARFN@eH
zO3yYD8J~u7AWA4Yd0WFUOM15_Q{bLGUa(1FFg%=k-Q&AsvxZTSKHoH$N=`$`6W3Q2
zncL$7yzoa8Ygx>UupM2)7#4LO>hVtrTEOI9kpK=@u!?k*dh8bBiAoA=Az4$2YessU
z;QPg<1<vKr;R6FY{34wUVd1itf&H1q$VD<E=hL7JAo>)4nhWmxm1Vw$Wz_bS!O{A>
z)wv=<oyn&qn5mz-gNm_160e0RHQav-fK)&&6<@!&OEvBqz5*X9k5F0y;+7@TYWCdj
z<rPraMiPH-Zbc{?kU&0HE}5es<UQTQU`K5c-*&~WOJxRcjd!YpKL_l$QQT|G^}jkB
zua<0#IgJNzAh**mdI=k)S3(!E>8@3|`R~~>yrnyMB~hm_!g!R0*D|0Qn}%yZO!1cT
zaxyU0QHOwyF9QLuu?9>V9u50on9YAqof9ceJ7u|O*7FcY2vAn}{3_bjnVuv^HH0~i
z*UJ-_@>bpD<oCTew_XgC?nj?!uwdC(@c1fh%e%cFPRj%wNiVoNGci}Kjda-FJj`aY
z9tpAfTktaB#&hSdKSY&}2sxM`tD%yb3bGP?sIw&}H6j_Hf|yB6lWyG1sZ}6*G*8*=
z$pidZ_v`96tjrRs`wAa4UElJcA?K>HdKOevdFi)X<Y=s`A&6x|UIEvO^KzyPARDip
zHH@So18W6`&&yR?aJ1s3LOU=7#2+}AEPz;0;lr9a;{HAo)RU~*94=-i0Ww&!7*y-7
z&Gce7s*j6*umc1k9Oa)U%+XGt*@_L{6Oh&UpI6E<xk?4pykofKSTh*@QJoLCvJQAZ
z15h_#FDoN8kLNn@JYpJuF}!c<i!?}Io(SO1xXR{B`3Slk`0c38$ML<@-fpYH!S3~n
z#RxNTDkFsfqeBVPA%yowqB({4cx(Ns>>>0~5ArwsO&cm0-GQ%RdL9;#<IX+jBH@JY
zh|SA%R!O!}8F^YH*n3apbs&BkeJ5C-KEsw2O>F@9#uI(}DBzdjyP(pTmDl&@bIs{+
zACuDR`F2EtfVq<c4^k;b0O4K6lX6tFq|Lez$=w&^$X$`hZdna6!bAGe57#$jq_IDU
z4_~+r#8fCyuS|?hxx-U=9vGFcSj}P0v*AtREPI8f9qo><w%%E%kBV8Z#{fFFOGdUL
zAwLCSgP#+8vn2UWEnUpPuhy?U54Q)eD>8hA?NiH@0;87v=X@vHiU-vFBj?_b^Ews!
z`eGZMHlGgZK`#tQCc3HmR$p8anh`@POn8VWY^P=6`n&sUOrU7Rf;(K(foX$TBRkY1
zXi2%@whR#*y^D{WN?_~GTi?xFZ=H;83F|996$YuQ9T4<PW6nbquQr}SR{DAdXjT$R
zR!GCca?RI!2K)Vc*^i8dEI9f4+1sq}dt%jSG6vhzRvQBv%+@vQ$;@F#eLbfP!V-BV
z4v`T5_<JwNc$MDz#@JH$8e9*1<5QQWp9q*^J_Pss6ti{aC(Rxj-d$mY)FjQ7E2S`X
zxP6>@V%Q_)huLz7q|bc>9F1oAW9Wn%n^Yie)cCkFlmZ>nQ7v{i;u8r<U{=O0tM;^H
z$VEH!curalM}*8g%Hbo9&p%m>D9`<Iri;Y!`Nd+7m7Ptk`-C82<ou#1aCfvOXJ@v^
z+2KRP-e)u0LoSiSIAV4$Rq!}^)3L5?VN`DgCU3o#wQrE1FwY7y%XMHW2uxF35KHvu
zn@;=3JztcCD02*&sVkS<7Eg9G8^M~4Mxi6;+kHm70B(>sLxDVQw*6|(?nC<O1Z9U=
zW3?G6<13sPBd3VU_`OeW1YSYC+!GreCk(}V$A*Z{v^eFY4pn~{I!Co|M<ijBZHT>G
zj87_1onkx~rMNjxVM`Rh6Q`hi#e0(W%Jbu|hDv8P-Ef}AK#8OWI)zNU-$@px#N&gs
zAL+&Z2Qzq1Xum(R(qBz63p)iqJ6(Rds@NClqzmZ!{(DX(Ydw)8)0|!(|HcERE*huJ
z#;mgVg$E48G3gv)dro{fd-!DS{(K1o+Y^Llpc)d-4N-g5wD^Zq^s2GrTXm1{ORtol
z-U@<NNY{9c`kQMs6{i3PGF9g;i=DY}FZ{CWi!IsS&U3^L;-Jy;oL2gl=|baAR54P*
z#HMW5-+Wk60e-QBN#Gl9u2V|*TQfbArBPr!f0h?O=@)LQu~IluYyU~N?cHLdV2<Cd
z*woS!>>cglos50}AI0Cyvo!n#py&tY5t9h9Q8{J%_uL*}22LhXs5vJ~7_&b`eU?xs
zW<t`47S`e|f7BFXvGS*mrS-J0kzm1`s#jSC=<gvTqora~q3n+?Q_|wFSGk%MJEk}K
z7orXxM$Fp7)ti9~sm%7{Pm}(Zx&Cv8Rep2nB`>yII%%NaUiL~ZA9R8Nfb`yO0#&Tk
z*{6TAu&Mvx_-HmUOa%N+X0bA*V{h<Bv%RFNAu(w%?H(D(Eev(zQbnwD=R0;5Iw-u-
zpK-aLWuyb}Ajiw-0wwpL!4Tpz#X_z|D_2^BFlMsLxdkyG597wiS52FR*MjyoK4{fe
zqp63dd`nHl1<;@wn{4`GhBCb~g4hvJQ_(bl9@M-SRYVIA5sJoz;+Q?;JNK`uW*O6`
z36v7gJpqtXY_l_rmr=sqih@99(659&+L%|p>tQ<R>$N}M(ithKwS5dRr~tc1T}$9r
zV1pm(<15^i?4pn~Y{_s7%>qf?#?hp7bA2_KUYgar54~pPzIfvG42O=<k6Y+r#>hsS
zn;24S9*l>?^A?<4LZCK48{wf5#6-J+qc6M1gW_eq`oQ|vLQ(KDi<1jCjKf*S0U8>^
zVkWTfX#8xIm?O`WPeR!paMLQ}@P;8kS6NUyhy6y^F;mnBk3!g~j(<UBB(uT%@|3oO
z2>&(4>B0S47*_&C1pPpA@y*i5WLc`+*gNKJPTirjL4kH-3dMnkqoU)dakiv18c-rt
zRUP)!S)i}JnD|NMthy$MfoLVq{BFi8hd%3?k+E&`?iT}f39~^6S&2wYZbJBZIMknz
zg#zLV^^;C#pfM=4kmOlzTIgHE2@j(Z>){5QJ<VezupHWfZrx2#wwN#@oRZ=t)^^vT
z!itDpvv64`XyVtM{qZjac6OE&pjO-jRHx8fh8-K~U!;9%W=4EQx;4Z<KO}_I+ISzV
zBy71X&i~+NMmzVy_p+gBF$azNB`k@e7{@tcpEZ>=ZrT6&UD3Xkle-|)>_|*ML}@*J
zLgo-jK}G6hRFFu1MF1ncrH(k{&~0_af<j>1xzk<~i9en`W*V;DXE$y-4Ry5zytx2Q
zcJM+`n~Qx<HJh*9v)<XG=lD#&;V}NHSp<xb#jzjzZK`ZXI6}Bo#L?LJrO7LS!nSyk
zRQuW4%^JRctfP<mRc4sQLZ$(uF~v-BD+=~wNNJ_dOX6`K7Iv?9sY{B}1-WxRH`)e5
zK4+>A$VQKEN@P@eJUc(7Ji5muA2u}|2-9cZ;sLkOIc$!7vg(xD&E^GLsx)m!d3&?u
zaPUyaraM|}US~@pRY9K6drx+~XDqS9BXLFnVD4>xJh>a!6`WG9^Y~Fj0sdAz7Y)Kl
z{5Q893v=$!yWNh*&*T#0Ty&9KDwCTez~ZI^OV}U)Tl4{$6(||A))b%JfF9DbI6GSZ
z9ItVEMA_*(QrRiM@Y%DMm4=(6RLsA){MsfA2M!OULqt6iRl<`f8B64@hxPf2f$?8b
z19N-BiMoel|JG9Z<my%55TwqH#2wuUr2rPt|HOwWip!p#*K=edK^z%{4S)QGnOl*=
zX}e#bAEgRABTH?qw^sclXH#c6h{`rONJBI1)zI%Nx$8mbR7;(~<~3fz0cXKS@myR8
zj+EJlyEp^p;=bsKbH*o&MdLp)gXtkvo>yY+w_8jx?hdL^o;!#JCX+uSds#lhw$*Wh
z?^S+e^my*X3vziq-d@N1?rL+&-%7G&ME7JgCnFKS@+fU_JIc|w$IV3h*ti($<o=;l
zcjj=|P|{MsY0gr{JzDizvO`C0e2oW}6|yzthj|9#U<Z${`HCLod!jUX^nN@+N!AzM
zi%I{5pI4@2Ci18ThYc;B+dHY(?5S(QfuM%rNtog#_j_qmkr-tBQ2=P;0yu;?mXWOY
zyLvkD5bpFd8JmwnB62$o!c#ni()AFDvrSouE-T&SNTp~9eeN)ix5MMyB0fOCXkQ-U
zR-6&{gC@XaJTvJ&p@?&|ZiGnECVC+jbl*FT42$GYq3}6#6h-8!`Eth8{qk`q@!-fD
zx~Z53*Xi0f>s&H$EGSk85YW$UNLNFzFU&f-caE9Vo*2@U0HP>E0wahkIj@KbLrMaC
zyJzkWEh>zY)LDd{dU>u7ZT6YXXhPwhnm-J7=z<(|yMhLkW=&Yf+canm<-2ce+&k^M
z8o|7A=IZ1O1|Uco@}PAzZsaZ#S7Xm_nS}9FR~*3uV2xI>%}hzJde2{FXP0j!No{g%
z3&=EvLLNP1Zm{7tt0;uBH+d|_7tH%nMO5qdI_x4cY@%eiM_zy_nqGNBT5&`bKgrM`
z`G>`?f4IZBJ`E(vFg~9m`rdiida#Q2t)$ko6eL@!&<-V{1r;OEZhCm{`L_Fk4a&<g
zsPXq4yO8ty2Kk#W9avw20ckv4Nk_1ZD{+$N=jt6^bA-rh;cz0IlE-Zf-|ui5Zr@+l
z97_6fTVize=<<x!!g&*I_@j=g=sXd7XBJow8B-k;B2iSIBL4X3OsW{I^kRsI@ZPD*
zEN2VH*MDW<Y!w~qjlu8rt@Nu&g;*nV+FD*muG?$~J+wtUqkVy^;0(cETw1DYY*7NU
z=r3liAFJnmw)vV|FCUS(?$jB!bG$4WFC|2`$?<vf8o|}#<I|8amu9^^mo==S%EjBk
zu{a>vxoX?ym>8K?yp*aqamQU_$^5NlilJe{(O<XvZmR{`c!$O^4GVK1ilIa(_A*&c
zbC)-K9*KW~?1^s-k#v9UwfA=}!d*H<y?2|(QL%YFVC^LaHSt<T)zrWnBkMU@E-Dev
zDyP{O#eD552jc^tU~jGiE@HFe=GU9m%MyS?U%t}h$gPMS-U-T#L08szx_fx_O||*O
zlXkDq@fXQhrCIfl`SmhsdXjm$wjM5B119T-(MjyeiFh%FL@dO|8$z4;esZeQuW6K{
zq9HbVf5X^BQ@F1UpB0amsfbXRxglq*ij+oQ9oUH0@<)OAe=6!XdR#DbTJ7~rdgz7i
zKe#`MtS5~kzR!{9TDZe2fTrB+L|^tK6FZe6ld~1})!EZ<p~+k(Ysxz0(VQ_QPmhBa
zc;;6Ua)}+WN`J02zUK3q4%a8+Fr2N6q<KcG)`)DSuqt;Xmz@Bq#GaI>u^%N9FdryC
z(4+6TStvW1tn>*3IG3ZUtGKGodVw$ECcP(q3vU)`onx0~@g<W}9gj7&ina$FTlCR%
zp3GBO(88`gChCp^GE21c0rf#Q!0Si6b@Rm8o9Lux<kOB!!b$m992tjCtlI{AvlW))
zC$pYh6?^j0y`F|Bk+VD_Mwgze?FK(<`9-If&%+sBHaPY;)J*0ZG`YK_E@tmvQ>cr#
zrJeiKgW3H8>Z29y+Ym|~!mJvC=Vr2_sWF|?5mh)mt;<g^kezv)2`@|2(sXC8cpdw=
zvAw*<S#vnv5PtAU;kYlX8rJ`QY&kOy24JL%IRTn1VuUJBMEyPbp$!}^CQ#%|eZb7G
zHh*k%v)-t{vOR&j<Z}8UG##EKF0(cYHre<Y+Yf=lMyboK1P@e$37v3;mErlofU9UX
zb}|Zs1)K7rReN?D$;6y-?Vl=Ze2rpF-Oqu~6~yA(dR-;BO}u)RO_%oChNSAi8l-AG
z{*wwzxP2jfdJ}k}H}7gX<`nygi#+c)Ts)RyN_h!{7f7eR5@%DV%O~tTBszYk<bpgG
zJeGiNreeo@LiZ%CPBJRqhv_{e>em&H)hm3&cRW;CJArV?P#DNSlA}B)ofNwDvh@B|
zGfI@PB@CUu#+asJ@`w>;FEwfNdnfJ7I>jd2x@3@Ax%ka~gI3em@s}O1;B<7M{V(st
zi<6CpEi7HPp`;M=kMqRXVCQJ_x4WAv1r^_FS;UHr-unhp`prdedMx*o85K>`zMx+y
zx9pRAO-N-B$X@^E9PSOVWCFNdN@w1I)H*tzf8EiZs79J`=7WaU=iCPfjl{0Xg|-WQ
zR(?4g)nzknJzk`*f-fdIG<_)v=5~78ex$v5G=DStuAQAq*?_X<hU!lUJI?-Rn|T|n
z;lLYyrq59EO}V~Wzgp#-udw=sIetH;j08=(y(m8zYEGnmZ$okRpIm^*uQm^$y=>pq
zvkLzl{>!`4ilOT{xDQL0u6VlZ?i(3O<TQBMpf>o;hf@7a%8{{Na_&=)j*Wz?vA!O7
zxxWtJ{uY9kqo;8F^@?wVga)3Y%>y37;&HS4sK@;FMk6|G#V8GvzzA?ZpGU4%kLyS;
zKPk5)i79z?S%3m%ZkF}gEC<K1haglt#68-b9Q4P6@jE4XP5;>R`NEZcW>3rt{CYBi
z?mUv3Wueo+)2K{Q%$L#czcUZZSYUUvLlb?~aP;vga&%U}?0wq~67QDhXM@GXkGa{0
z$+{KQh4G|!v!2w2p?4KLN>wfpvx#)-L~cq;^%dHSH1AmE@*;(^TZ23a^3F$VXsVOV
zP`D}U5-RbH<f@f0!zEC5qU85izd%v-vI&=Ct5LaT)JBduKtFEI9)03nuX{TMPtbCW
z>Y6^oH3ir4D+2d4EOXW7ioU912=Q^np<E!C+4D+&u7=ip!PbEa81{l$`)|eFOIc8>
z^tTIzmk^K_p+o<qDY-$PcJIcSw(RSyzF!33qRDD@z1+w$%6?!2oh@cxW-TQLt1cP`
zI!5am^Tti)nA^QKe?W_t<ykW~-|MoVNb02B30grgN?+wVTVvL3Ohl}n(e=*O;h{hb
z8~{{AJ!t6qiE<omvzuv0Ijd&0ahR*`j~e#eZ?iPDy3l3$D6h5fzRpv|!!Tz+<(y!j
z4sqM5`-w$I<paLjX;OI;0<913Ug6}uOQ&cFjM$y=!M8uoFFZQ*0<iC#SxJ#B!K)Nx
zT7r4W)W*^zx1$Tr|JE7ytA{R*xyL?mN!(Y1MWGeOR;Xs_*3*g`t~txX>kDd41?P~{
zVg0d-g^mGThI5n}WImx~20Qt>KM=7h)_k2gI1inBm$X$EaYVF`w>jvry&7pcSu&S=
zg$36zIU(%R_7vZ;ip<GTW0O^1*uxFsBkSL{uaJ{QPoV?M3PoibtIqNG3mKtv?Z{VR
z*cvUL(b&4>uN?-%9MiHf7Pe0=L$@evA1CZK%D8E^C$o9^PD>86X)vLra^<BN@0Kr)
zBCjl42jYJQ?s0Djfmtssy2q_7>Vq5X;E@A1d_J@_9WFaLmIQnJ7W@HC+UENq1GOpy
z1HyhOzgqmiG+G+`?I>l_(TORTh>glTtC9#6B*Q1PUJp@l8$yIenahrWwn4Kg@Zml!
z$5Xerw+G|v^7<8oV)NVy^*H+Kg>cSiY&cdj9fo)>a!?=t3fGrPbmk91^_q?rzXw!V
z<zX`viGNAss6KP+{#-mmGoUa1`c<$B<PH5;mOWd@3$lSNw-ChhW{olrP#-cWo*L^>
z!A0+;8uV6WWV$qUCN^=0WUO(@Wkh#L{vKq`CVg-A*l5AaXn}K*uK0nEI%aAk>9y?f
z4B;L_Qmx}tztd+wzA3W3(Q4O$@IEtPuwAB{MG3_mFVWc;IPi{_s#3MGckq<Y$oIip
zuKSGi#*&XndEa#S8re0G{mFm9(Y?e$S_Aj~{y%eGx4|?V6`i(#0jWHPDL>3NWj%+K
zq3GcWIJWKSJ=ut|cU16K6x%TCzCJ7=BGACP<AhDdvE#w+D06#cIY+eZ{cDqp-||B)
zU~W>QqNUmwr``2Yrgt_8^|TXxTC~GcNwvjOX<soCJ~Lc**mD0uboj+SPHn(XlkmGQ
z$ad%D$f>XgN?Bq#=-UyWjQSH)n3nmzqd%1SC^sr>#S~eddc!YJ<eG4faFV?u?c0Sv
zXIXT8MbR-rRK3JZMbOdBL%`Jhcn!BB&9A+jPxQ^R>>q(P*yfe3=_g|P4WO02;o)KL
zD&Jzj^(?O?@j=e!FC|pEMF65a9hEcKA28(R&&j9=>nYrL<xiD~+|qRaD*2k;6`4f{
zyyuNzMMi`JCEj3hsesHT4>cG{m*R}`<7M#{Tg8oXP>j3{DfQhoqcZ#KE1j@v)3KPa
z1amtzGjH{Rd*PJruw^D#T#V}5lzNz17cM&M#jbqRq}q#2kiyJC0Q)NBme{WIS6<tV
zyMgO?2u>;DI8W`?Khy4%idoJJiPGpA#IW}A%+xcV0dxC_qc@yJx;gVRwI?2Eo^Dx7
zA=^hsQrwLm8*T_H$9-zeT%9`W`+aVT?W_(Y=RY@*90^*^cuO<5vn+||H%mor7~>)w
zW*PDgE7lSpLykGws}z*Fu3xB1l1~ebocaQiF3(HEI^LmYR!^B7!t|%vHVG`+{W9HG
zXv{7XfiDLqqw5(b5qI~q3H9EPZOw+qM^Hv^?OYwL-<6f<dh=2fVQA5R%b4CGu#n%C
zDa16Mj$mXB=aQt^zxI=8uRKr(Ulhtd)>E3h%9mZDnp8H7FmCk2-xYSU8xB!(>%6fW
zT0YfF&TQbDI7p|PC5bdfIaE;DR#w?wVPv$af$glQMr`LKb1d>^DOk)=_I<tnw+3%Y
z<IS498}-eN^I)Tt@LZV(`tUFry1b&c%`9~?JcQ@oEg`~f*P94&vnP_ol{VNB>ie?T
z{?n$>o#5r*j^Ew4e>2D*!_Pndok#NczdXZ#bH>B|w+w~2|5o>5!2fSX`ltV9pvTGo
zcfJGu|E3j0_w)Z!c&AyFZYhcE_SMnC^uLoUAGz=n-jDqK>4@d<vdeF~_Z>h6V8}uP
zs3bDfH_y#4+*ib{E!_9sEo(3Zum$`i@nVXf?yMY{fg!_Jm+~KP|NpVK{qJOuI8W6u
zLaYLlh|4b0$~U_-kpteR)@v)-6kaIU3pD@ieAQ2%Hq8kS4+3-Myo(<52ju?X_haR}
zJ;*;p<3U5qb(UFX?(NB;ReJxSa~f+)<MNn*<pU(`@=`zq<bQ!;{K)Qqm{k|Wq`?K=
zaV-&hIBJS(Fgv^4zRInXn(3-}Zr-2ulP=3cf^MEL8TFxg^WB%3P>pw*$y{oG>Wvvx
z4rKx_C8kTByu1gK+9r6aUy6cC4)%oED17h)ho5+$KPd<x)u3bM3@&iKxBUACmQ>f)
zpUKXwx8Sg&_{PK^R)O_hqs|!|-@HW!ZdTtc8B3v6Lal0>^cVVa9$6bg3pNK+zXu(o
z4QP8knF#R8Q;7^EI?uYC1Z*js7Nx9cWSVxO*2JlA^tf;>n_&%>;$X*0TD}mh)y43y
ziH|eT3#VY)T7h34vpsVxIL@jof&4Mch7_(J#F{R@kigA!q-vq;`1DUHsSM+8(l9EK
zX_q2#qgla)q8PDEdW`7z<m8)eu4)ZWr;qY_?_TDTYtjbGamEv8bybCmeDRn3%OoxF
zDiU#!b%6_nm$YN4(YQ_m7A2b#Uu&_(E_O#)2p^1DEc%zf&;?y{-$@<SZarnwC+uz;
zr{nxYVS#oE4Z6*PjRoh=nEf?BZR<(~x3OduzE==GOZaI*(0*%0lS1EY$UZ70)W{S@
zV9jg<&;3*z=I(`xZ$+8M6fCkZJ=~ymtWIa`!2JNUyE81Css@QyK6K5BK<oCFgk<Aj
z7NL6x9d%S#XxLpx=`WwQ^gPugnQ`nb7DEu}xqkrp2Qpq)>$@k_j6)$xV|({Sn<J>L
zC1!P4r`R<&GNQ|d_RmTrVi<K(2nXg+ghlUl(G3=GNuRr4OOMt(&6TFaXNZic$t|0j
z#(RHva`H3hL5>cdnI_sIt6l;%hHZsZddU*0FQf?xmheuYA8z_@>tmCN#;Rqp#q*y)
ztgfBpN*D#-d%^Sk@{a+c2|@G75N_*_Y~g5>7N5I~VJ&C=U1o8r31J;NrQ1KM-a3*O
z^!0gPc37=-4yxqA=0o&QpL~xH$mVp$!VR?=ORspcr#aG*6s<`$VQf6!>H+%O;ZdEp
z(o#QiXr96uj<GCscFgivc>{qf1Eg9Pk6llY%=|sI;Yy%rU+_m}&82?aXeNUCfcR)j
zZ$zXPW)5n*q6#g?sdQpi&NSc&3&XhYUvYn<;hpkU=2KK5;}aU7#*63b+}BpX%a!os
z)LgSQMBIR8nP?b|L&O+l(IjL_d2o+R{P*nEo$6-6H14d5!8fmM<o_z|t%BoL+ICSp
z=9nR7h&gu5%#1O`%*@Qp%*>panVH8lX2;CT%uHvpzWUd<|EhCwPVK(YTau<*)zfPA
zD?Je9*UUu^eY(?6D*wsUU`4$;GU$V|h{a5LrZv^BdMO^xuzf1ekD$2|07{b}?d{Ed
zHN0G5UfAb@Yw0d@6CS)zr&75G`iWY9B_hx$rDeS#ZCQ4n6VyNQ0#**rmQeyLNw3iQ
zDSfnFnrWI%&d>10(lvILzNBR$^}#R~X{v)#^geiTAp1z#<nWW%+!>ghfqHd(np<SN
zalD*_-B<Aa1^6b#-&Lo)%dD$ts82OCJn!yI&MUUt>QmrWnVOlmNPb73HQBQ$7)-HJ
z#;s*S{+RvNeyGyoe#R2i8LqXrGhW;lL72>rWkDi7vD{;~s~SRZA@UJxpS{|EMG@(e
z@abms9e_epz7UHhyErIgfPq3gik3>DJk@Fm)GR%jZVOTzBIz#XxnhsYllInNAG#I{
znCS8Q<;ueGg=EAKGaQw9VWHY6R1PVGWpv^NTMY9l4Jvo7CxEmmDO)4Z$(CIR!%)5n
z+_oVRGl$PTWQh&$j(g#^tknr}2Mp@1@<-*jSWfDq@-d>OfJmI>%f1ZRT?eodu>p+i
zZ?mpUiJD19UVuNFFQoVOO*2hK7aXztTpIMTQQ=aNU0azOXn$PR6b7-v@us`Yr^CSK
zGYz(`0O2gS*T@5d4}I>lKV39zKcOZ)&=0|I+<zO*HrSREKmqr^xIXQ`3lS+y>!?n;
z+aBuV7z^{!bW?Kr8mcl&DPsn(SUS2J2ODd4ooU?jB3!@${_*rabR718ch|gl4^R4;
z;zxO^?%}7x+w{lnQjUi2i$iMn-jlMJ)0)VFwVV#0!NX&5Zs~$M{r9TS(J9c(aQU2j
zxabLg_i}D{JI}ouyIY3X;+Z(W{4m||VuFkG=wG{Xe%%A<&ptWReL$fx)*jOg#n7#{
zaC<iU^o-5VU%Tmh0zHaJkax1MV*bY%eq5Z;<cMk`Zo~M>_@!Wc7RNhb91nS>b^#L?
zk!Pr5BiH_JQ4$()Nv!jn`>1^z+BE>2Mr*w(mP;GCR`22B7Oy4QW6gEia?AbQ15^Ec
zYV56hg2`r#4%cN(s2(*`{q^MrmS_|bK6c`xF9~jAreMVc*Sj;9G1JD5_p8&|#z8uM
zTh&z$g!H0)DvbWY_f3kOHtW2zgqw=&=2(-p=065w7pGnCSsP9GMUJ_&vlsQT;h{O3
zMCW)LcpKR)4wJI?O*2nzf?pIo+_vJIzjQ9>dZZ)z*qd+*FSC%!#R!qvkIEePp5b)d
zs0{7Q?sJb-Wkfy}Qq(&A5O*k;ka==v=in*9hl`LsQ2L1?4xQ4+8BfWY%1^Qh)Gv_9
zh)v;!@Yka|%Mfi}W*tr-Muy}4oS6SCq4NGF7^AfdZ?rWK4#i?s8<gqpQD-kNT*nbo
z#k9C{2wQXlT=Y3bqSskp-4+-LaF;j$(-U77s!sR@2JU*XC8M>PFra`Y3JC_k&aF~=
zu4B<<A&){SorSMRfYrQ@kii^K*Loe#VJ%t~&DGCOsWMaLWv;b$6W_WF=@Pu|fcv<^
zFikNo6=<tERcr9~NW$;epDNn0kTb><NfV;WI^uA!UHw7RoOVA{a>KXwn;3Lg20PZ?
zcWrfG<X-fAj&*TUrG=NU%(hqi+givzXQDBLS+*BX{ZeC0D54QN*T`4%+`8iwp^=-c
zDN%)YFu5erFPly>YfkG!&Obj@>sV0i8&4d}d}ZKQlXGsa=)b`QPW?K(KbUM~%`Zu7
zMhRcNN$e6p&xl>=+nA&i^&BH%M01L{NWlmGwi3oI@UYcph>uMog2A%h_1cbTD9r*B
zR`adumncHA7LIAqY1y|Dij~3Q==8z(;(+y4{u(Xmur^!Dzh~5?5=s~==C?!6C$j5r
zKm6IgbG-MW8RMaB-?=bNtg$NDk4i3aHZwq-=DSB!^pCP;<OcR!-?H4a`-(O-xZ6Ec
zh$m8YU-gu6U%X7pLbH^J9q;CljcY`P7$Q56j<k0La^gzr&Iz%+z_$%FZJiA#QnAA+
zVv>6<RUv4(hlnHRahrhoA|Y2xM(_wPzF*!2GHkqtXBX4%+G>U3)9+Z}Da=+0Kef0%
zzP~s^s(Y_rA7a46xa2FnqqVepZf8^?MN_`_zNN}Ip)A~w{gNM6AalMUF$Of<Za4+k
zr2CB_`xtvgauvuONhTodeN*x!bBy5&b2=vfn7R3uP0ekdVZB#`1KTzD+7@g#ydHVS
zPA@hs3v+Y(_<33BTVQ5879nT3V(I9od#y;fBywp9e5J6qKGW#}H_)2wfYPy0aE$+o
zr<Z#;pASoauaQ=&gO(o1U+1JT)X&x^nb{j@q%)3Fb7C`8n^{$BzN4%5nWf0{_aCw!
zWS{6Oek-@j^dGT=<FKxg;QXnNf$t`p2ZEB?zW#np!gE}qdjwV-uUQW(+Goa=Z@#Kz
z&YL@7bkbmv?3!FDfPqfTJ|7TY1LPu%E7#0}f#;h6<bK&cp3mZB9|zeQM_T4tk)7E2
z`K9?F2jOMnkEE@S59iEB_T!W*UStx5w~U1EYX!}JQHLR*{FdQ@+;i~9rHM~MsB?l<
zheDoY*D>R&GUQUYEvEusJ}n4U75_SAedehCa(B%7ym(Y3R19ax>fU7KnxFIfKCwf;
z%QLoHLTv4svovv_Cw;A($>Kz~qWGkN2c++8-d+13`N@K9SUhxFc6IULdwvsd|8~5;
zO=E)I`wfWX<})$(22_8K<u%US&8vw7_vA+JYJ#IuT}wRIH3rNaj_;FGE`IFJB^z{I
zjF0!@94<{I=GEq0zD);8b7IAYSi{dW+R@nHa{_t|->Y#|XAEW6!=&~?o(?rQ;r5wL
zad;m-Es&O+yuNdehq+_5q%g3aY3>)v;`-iuyQV!ALu{B;ywPXt_g65#VkU)^H9Ah$
z_@S>;R$ab$qraz4FnHaozc<(y+PrD844IF%YIid@y?J}-oDcQxNXgaEpAPiwn@b*h
z2f8Q5*73V=dAJOV%eeX?Rr3QT+UGZ3yVP2I4%q{!olMs|s?F1nKf`l379Kpv)qvF+
zKwXa!V^u;Un!Y#CB{jZfmlA~3zuuRlo3}MZvNr!<(4XTGOO+FeVM|=%EJr%BvL0S{
zVe)LEH*tD$Q}GW&lm&F9)hikH1l5k=>BRS&E=;%1C`^cA0>Xzr#!owAt7MAod6YHh
z>CD9@E?r-65@%ZENb6t-jm_rjT8gQE#7tM3t$JdP`m{cXc_Zt&J0<DAE$p1lMa78r
zF)@+oa?CiZ&^?F$dc8AGq1D15@X8@&=f&wVg3g!9;ACm!-s|d;7?x*V;^?BO_0jzS
zln-@7ZR#Az-SBaj2(~q;HTIy@nzSv@%)QfMZkaMWHkfys2+5A-jxM6nzequ4ksx%D
zvPS`?R&A-BqBT_R#Gv9iH06#weAkQzPDqqNlRo*p7!0a90S+!jEE>`#QGsZ;1Z$D9
zqT{a~yYuCO7&kJQjpo9!*8WN7>?xv#Wr>@qRI@hs1is=9!iavvI+BA{I%9tfkg&CX
zFu05|b?MHgoeq{fn0D2L(D62-YI&2bu*sP!gz_x%-U8^FJXt`?US@h9t?@c3$&!^i
zjPN{Ma`Yzzb;48q_5DyIi&Z~^Ed#*jsPCm~#ypJ<XOzc;srus4ca1Z-$zK=yjLqg~
z6P4J48_vi&chP|#`^Ddva5{{@rMQZBCQ`1P(%cCZjjRRK63ymhanX`YUiZnRtKzZq
zy>+_QYoac&*vX5pC?Z#y3K!a5j6lizm3Mjk^C_cju#~JC;c21N**i^FVl?3l1w*AX
z^~Ct0;29%jej3SOh*kWpa=3#pW(Rxp@3Ykx3<BQN>~gWG<}BveT%52yv~flVJpcy2
zh@Bk@KxNHqCi-NRp*@aIJ757O7+*1Ay|3r2ycw?Mxq~={)`wo}+gcZL{Q*M0cn;Pn
z?m{Sddk)0qHs~*4(d|D<x=Z8oW%0h@-EEJtKI(j+!hBtNkRcj;O%Hh=O|3C@VLzsL
z*sC38oED@4T2-d8=P?vr0H>UvjNdc3(}+X0&G?*Q8+mz1Y>E@##tUN57m2!wrPyeV
zmcrVMkbMF^R-|vN-6ysJU8(*!l0{Om17|!bJ5L@Am!jEW9P_xbZ0qbEQoCzx84_g5
zyNfdVs7zc4CilfLK@aI8cubx;^6klCUaAaUdN|&QxccWm3+s-0?ruTg<K25&Q@?3W
zk|BzRmJ^1yd+7y@{?53a!2bPTUjqUHVe6`_^6&y9uQ^DoAqYsne}sSxr?@j*N~;(u
zS6Gm=d50F(7A}7YxMJQ8g-8Kntk!tqaKob)u}+8P&qf!gR}xJb-*W5%CJFY{UXP=)
znPcQxvmTu_TrGSZc>>soGaOOlC6+t&q_wzR!?D<KhRjw4CpD5Kx3<D9@3~m;-yl-^
zpcSQEm;U6#B<89Z15QJXULT2AUJpBqHRc4oCdXK)l3?+)B(Ju?v)Ood%9?|F;VPP=
z)22vi&yEX7TTwysw?=}V>0Y~N!0+S*o1?YN@DIM-L-7Y!B?|+Q$HNGI->ZE1FYhK(
zIprCNp*|lJtp!6!YkZJ?sExIx(Eg~WxyJ?*PEcyFe7^oZY<v@zA4z2YlmoRLOvBtp
zQ7pFA?}km=g3&toe)qmhn;cO=2wjqpBFz5*nA4<ZK-a*vMw9RK5sMgrsv{?NtN`Px
z?i$OHIx@@N-c$7_k28F!c3}6R4rv||QQ`g?3SY$iqUOAb8C_RI;j;*33Aeq7oZ5;y
z8mOav^K%I9D{C^fW(^~>quIN$4OgMjPoS0?*C)5Q>5kYfaeBJ~1+)<^Fl>o9W&-7U
ziXLdwvR9XI$y7AO-$n}4i$d3R!;7pZn5q{VJ$JMg5x(Po;@Rg>Hs`?vKf8>6yhb(}
zOa<^F(CWq-nOiU#50+O-tz;QFzVLH84?|WFk49A~W3v_!=Fm&ot9*W>AdLYCWF@In
z{p=wiRpZ?<{Axb8K30u;?`n^hwIY5ucff%KncinhO=8Q0Eu4^uc>*>Z0K${xZ#C`~
z0@#qQ443Slt{IVDccj)=?RzWP<4TnHeO@~;VIDq4E_}5&SDzg5HQ6&OrBrL}UmfPz
z<(?dTevaNKMp-T=ih?JraddO4v(iVvf`J1UY7a&5sVA%P(b$7)$7N^EmA@qo33Qz+
ztJipg)3ItQ&{yLPuAZ598NdinW*-!lLYjji)P7s9qn+zG1(f5hxmp!GO&+wOoJyoy
z<t)CVV&wynA5L{J#&D``ZeJO0R5yC^Cw@|s!?yNjD;nqf&1|$_BRsa4<_Y-IENbM`
z6+MX2QI-srIro)fOoAx^MnA~Ni$YJSA1Cj|crXO6>=PfG)D@zV@|E&l+*q}T^ESE-
zymZj%y*@Dpmj@u+*V@G-$BjL0U&{%Rf)Im_I`p5Hg)fJx<j-xTdH7#xFi*X6u2vJ!
zCNr{2muXmP!j98K4SKKrq9gAw864p?x{rs#yojZ>)EYCqi#nogv)&uQVOMUG57)`~
zajeJ4tefKZ0tw|?y$K?W>ixT9)as4C7EfxCru`9wTsdVq(@Fmnju7{om%qYnylw{T
zs(BPc9}i_e+GUy#RsFj4(y5#mT9}7v_byM*3YL#GSsmtWh}jORysZG~sd5h8j>?-~
z7F=)t`1xXSH#^?vL~NQh5%Fgf%cO<84M^_lZbbA8x311(Cm&IlH4Wu<QB+B_#s0`?
z$$e^IhYvWUVeiARqcjfF&q7PaE(ch1%Y3eVl-h4>4&2S+8uZA91e2j2t&7h$>PI}z
zZi_@pch_4$UPDgDeKtU{))Jp7glfW^@k`b{hCL*;5yfLJZd68dD8QI{>i|7$0IjDU
z2+m<bFY$7f9BvHBu=TK-ddYl-9p%y=b0V=!L7MJS06q@Gx}QcB$C8c3Sf(^Io^X!Z
zI3w7-wPQPof7pkvtH}dDYv6RZ`1>t<sGD*(R!!-UH*F&M)ZZX!RKLJ!Sba>}GklP@
zBIm>|Y+Fl77R#oO0Xjk1>c`8pdJQSMu*QYnS`YlI^P2RT6Zj*HW=p#ZHM0d<-o>g3
z*)`{6Te#xU%q2JyjL9FGE9HIXL!iS;NX1(bB;9*g2kbTF;-{2N0k5~f8s~;S3CO)S
zc(kM1?-V|hjJ5v#bAy+ztmOj&PKI_zA2G)qcr&CCTz~Mf?Y;4UoJ4&l%{$Fy^=4`=
zq<r_}>D-;DIH!J(r9-I~;8jR^QMnObP(1d%W7)YMu@`W>yiMxIj7`2WOv_-#*IUm8
zpJh}ljBJVMsY70*oeoHPuZD(}d8c<Su>8m$Arr+prW@uKDhTv|mANU*rz<+MSGq%!
zq)hfE2FP4QcEumdbQpHGJHc{b-~c~PSltb<fE_Nq7vc~<e$or7_)plq@95A5z`6lH
z-zeR$AJ@L-HI&}VE!ZEoJMWJ0)d~Ta9YoLiY%ld!D<DDam34zbGyBbVW_U7}0)YXR
z0zMx{2b?l6Fx)*!5kaL8DHq97H6C#NHLPwtRkfCVp6=C4AjWqj^X*L7CN+j`_damF
zo^?JeFh-~NY(y6nCO2$i2)bcyi6Hg|qV&y1kqG_=qD)5qu93s{1zlP;90s!6ffb<^
zkqDv(q72413Npj2)Jy|IL$G?H2f~b6`)Ikc)O1nJ=>n(0eN&=y-lh&|o(_Zl^$9=l
z(NST>#U(w<n*K-M+ll@Wp>ye`v39#eO$vDX$*MxRk6<g_J3l>BR|gMBG$TfRq|`!I
zjzJQaDEdbMI;+=|b3<3V(<1)bHRibaL9ECD{NWF6kzVGu{=NaT?f1^mG>O+TR7T$2
za|mWJEUfKNcnw6lVC>EkLPZPYgG>ru`z4NOmvr53#9lgmkC9m!x%4(--%QYINjN>H
zLc1f-QP-I)6LIqaxn9!+#C7T&Tjq#5wwVWH4q=U4XRX0E+l}W_*N<{_rwk!XZf=I<
z6MKyr$kD*`EZ`3(;WqWhScd`(B8<GTnVZ=vjcyX9Z_Ur|m<A)_p1@UYA@wpDDO<Bi
z-wTU0n_G-O?=Ht#xFH~GT2L&S?G7U92ApC2ESMIe3u#B6tX&qdp(zunP>s}yu<>Pk
z!ee&crG=irkqd;Hgku^c)^2SY%a}?C_{}~S_NrNQgO~36M=0E$b@=w(Lzjf8*e{Vr
z%Ok}tnNl7|TPLp#5fg)i4eMGRlTV7|$61F|28idV1#@IMo7HSe1S`q}DWymbskSDH
zGyOE!zmIND3m{@BRUj_v(!!65CMRAXf^>8?#k)q}#5p(N<Bo`48NXMN)TMJLZ+jDL
z^mt3Vf8d~qIT<Ju_ec4TGq8+c4Co<g5p&_%2#6MUNWjZ=*xDu?8%XT(pzi;`{a9_-
zR9WRcRhdeqLH0Fu*svda+WLfy2q%%s3LY!HX~5+F1ioMcWzg1{)27bW4N`d4g9yQB
zZZVG#E)>i^;<KZu=V~?xtA=_h;C!-}RijYq5}I7iR=Yn`4qZK5_Ok}UD6aA`Dtoe$
z9n4eVH`5EPq;Tftl#S4_dl$O`JZEv+Skr)xiHLA@N+1FGtp;gdn&}HFY#S{7(`h5p
z(E9Ysg>!@LyIqN-0}>7B?f&p!aApeT%{a*BAU(xjc$R}Hh`e1{yHYn<JEA5v`X8jY
zd&?8A!m*cdIwE^Ckvbb|*D(cL^C54cZ9B#{_j_;kHz^Bk2HRl|5AO!sCBV(RckOqw
z$Oa^upo@T^lNB}2j6e0)pK&X_e;gx?mz)zS2b;fsbQO!XXa_O&lNXy(TQ#k1Wi;P?
zHJk-qQFWuISVAi$VDL~NvK0L=mCDJB%+|#~n_4{I+LL37-fu2a?&h^N9bgR4_}G|D
zTOeJ89>x7kkgXu*Y}2pNe+76kf|ZPegci|;>KsJtFD$2L;3lJxT)j+=@+S-5(KBo)
z7MnzyjXmrIy~DhChSv(;5vlw2QlaITomHtAw|E)AYbk3#l;FQb%A7DkoTkbDCiZbM
zS@Cd5ujb}-hPuuX$Lv4%E0-8^7;Q=KR!;Dv+A(2`>j&H<3jBfyTN=H`O|u;C=TI>u
z%zCImV$7=WsI)4c{T~7r+uWZZ9iNt&rJL;Sz0;$gV1wlZo^rMpm%dslw(i)p0P@}q
z)lF@No6xN<9j>=}w|$bhoVVugr^0BOjon)!1$pP~ssSwT*cxH|@9gRu#W>v?HR}o@
zBnFv`^ucKKo9)i!oPSKd8KYx^!B6^tl&oh=(B_Bb*tlVdjJXQR`+E0~OVv%G-*CNU
zI%Iat;zlrGcTcZ5Po-wkVuI1Stm3S)&=WaQzymwIheq8Xs%smBJ)v_SjJ5}-X65d-
zGU?)Dlb`01_RqZhO>^6JBdJr|Olhi{YXMm5ZHL%w<RMqe&t_;@gCYfX&7_aJlJ9OR
z?6>Fb3rhvklGK_o2?#4=DVW3SY3F_0in-*PKQ^(>*|E`z+&k+nw)Ub)rp}PR%9Y2T
z+OQ`4I(T?|+4RzAPM^4JOkP}~IF-dH|NBDU7m0qU=jhQ`U7d7QuW$$p(7SV?TKlZx
z&}E?>1zYy!O0R_n#%M`ty}D}0{MvKHZ-b)s?KV7V0b4SD5Q2N<(P^VA0bKpGg1x7E
z{-=vaC+q`WRKFBDledbR+iRIjxQ}mKOo-wBj9nC5?#lv4n;vX*vF~UAE)-4@uM>K?
zp%32Ru4qY|F_WRH^|n*u{qGA&Mtj2@==%-{vHZ{JZf^@|kB0jUVuTK+v-d>i$?GYh
zl$d{N_W6k~1Q;pELF3peN7-;3;Ew_C3UMe!CB<mvP8E{==I(aJ^1bUE5GNQ}qEiaf
zsY+XD{<9_DP6D6FQvA|61wmshm#$O-&n_tbty$hepH(MU`I{HFHJRiT8_m)hv{Vms
zRqoPg*nA((rM3Mr9W~n1gUHvz?c6Lk6EgQ73#oELp<(-4{Yly?pfBA+dETCj2ihUH
zzi;?6-d-<(5@;~oR?~C(fE1GI0sgcJhROjqq=SpT5kBJ~J@k5zn)lP?-yG3egdG~|
z?ZP3Z0BKd=LgGXdUd}fMP&4jRAe|b77b(uzbj%d82hTsrvGv_B?2EcK-rR#*_p=xF
zD6{OV{TId4*8*vypz<vhQAaw1L4kyA(IMlkiHS3;qZ}$jiR%@#uxectXc!p$)A||j
z0R>#BkdI<0dpl|F!PSbfsPyq~H?~aIx+Uy}fe&LSqv=U-oBbEQ^;C+OJZHJ~n}>!0
zmDi2?nyKmCfDp9OGk1@7G`x4%-cD(a4t$xc^_JXPO0++%x;EDbqXMN6;!6xKuzZCH
ziOUnYz7srvRwX)Iqnf?tb^gcm4qjvKq+jzlJGa^{5v4EM*c!{wc=_Owx?kmTVJ>Gk
za!(%K@`o9^p%U5gQnD$&x$@u>uIrEL*dmnH%hOfH$FUcNGA+heTWKgr^Gy~UnUrDv
zkkHyF&T29H?bd0v>*_u+7|vfiPK9T<QcPld#8SZVhFo6+Vk`-T+j+dl<;p?Jw^<AR
zNR}18F2zb?n-RG4qQkb`(7Ty@C!^gL{oSHAX?+*Z;AnW})<#h#E{V+VquJ#r+N@>H
zQN&Xfg0+Z?nC6}1u<^o(th2gvS{N$Ah`1{SO-Y%BKrwNyHasnYb2X$KZ?MJAux!Ah
zaq0UEYkMJ{MyR`;%Z=I@F1RaYvOR)ao_<8orK;aU<;mGaot1m;9a-17;E|EkE&67`
zDS3HHqq*?WKhOg8*rXW`dx7S7Z8ci<w60{)7BPXC9oFvtEje4R-sD|@;;l1bZ?8<T
zSwu|Bn#kU3=SNpNeyoGy_xPB0tMjRt^LFbJjuPDSg_zn0Tt9H}*b0o{L$sqcF_PSF
zy?2eS5K<S>v?YdQWy%k2W|Z$X_*OE_OU+IM>U1p$rC#>aIcnq6H*h7aCHRv0?bwJ{
zC97q)RJc|7!rq=9jYHzSp+NPvQzi<b^V!C6h18rc^HVNnmbe=hLdgwwXNPiHW7FZK
zXLV@oG2E@!AO#kVDE}6F!@k4~^;$hVWL|}zbqcdDk&eFX+AB7Ftrp57Mp9uP&bB(6
z(n!dZQStbWF%swa7~x@iTR!{NE#etPh*Sg%9+g9;6JC+5kw}{-bIF)F@lh(>%%~0E
z%5@Hu&}RkKF&YiDH6cDbTz_`ezgrkL*y%4Y`M?H=fMH*i%w!BYa$Q;H$MBe|hU3?E
zK3Q+zpf%(5`jNodIgJbWvzr9LqRQ(wIwieCPTmNkn=`HD)*(jh?AdG%t{tS|CvL?L
z3G@TA63MCw>9>lBoy}`_x$EzJgztj3mgzHD8gQol<`55lHgBP~%??MsCBKd3ctRFi
z7#_uM0FG}+CG-u0zUmV4x{V2A!KY5H?bfEp#p4TWQ9D~mryRqZ>9B`QMDs{q-tu_*
z*8b6xrZ4k=bTn{~gVvc4-6_i{u<sbH1o|(wwZ@Olr#H0nO1>N~1b^PFPKUsD8%j6%
zo-%a<VEEzm7Q*JpTwiGDflp#lELFU%wxR!;)b!c;b1`6Vn1JvRS7JLJ0Y=zp1D(sr
z;K~?y2<~<Bi|mLNOO4war#L&3soqD!s^ww%o=rYG5<3#K($%KwHpM=(RO48w!Z-p^
zXE+Sud?~3We=$v98v;pHeVP~eF|qq`Jt6KTXA<c{@$MlVsiF7YZt~I|ol$2IFIXv>
zHaoq)4zy(#4NkL0(czz`r<o0I=J8F?r1?g4AVpPlHS#Qq=hBt8DE^{{!8A5DzDtol
z<B0jx9x6}#8~lG`s~zMA8!}87UkQbBN#OYE6V4&d%(LkE*7+-qwo|Z-4rhbv<{?O@
zvLe&!B(+mft(z1a4LmJ)EF|kYu3CKE5EEU}E^*b8vs~<JZ|bUUURx9Ygl)xt=e#lc
zx&$-%+3T6_m8xD+;H+q=rGA^o^5AU@*<4Y9R+z`Cs$0h`YB(Wo{Q~o3o@c982H!#H
zo50BrIQt&Rj*P$!6mF`@cFZ2*9d(~Yp8#zW&s8R}VihY=pVSFP=L7VFBx>myn*08`
z-MsN72<g>(ymCdXVw+BUEuAZNMWD_An?2e{K|OGP!-ODe!bozzZ(Sy}<%^!&2>ueb
z8an|MiNy6%@yOVwtP9PWOS(*XHR>UDW|Yp6eXXav6McOxl6f6NOFqGdb>~>sxa(IN
z9)~X@QK|-{NKNWEtLrfrP1^czZI;9*)R@2ApU6Idv#LZ9@dfUVdLKJHZ6EhwD;TZj
z+%J|P$&LU&`0>H}1EpBb2HH;W7bPfj4F<X<p1Sp6ynmp^`b64Tbj6;NK`c3{DF$14
zIKr<EQ5jANvZO$TBCwXdav}GF5BgQqCod>RlQpvEO8D-vF!2*<7V4}d7F`*G*c+=5
znGHY)ClJ<7S}0|kR-NY;Z{v(8W)rT2QW?KxF;9`f0b+yI;aD3YFAm7t>j{fiA29eP
zjn|Zc#gWM4>El6nDiT{}gPm(_IJb`n2@Od3y|#Gm;47w;Ik|J%3?-bSf%=5@^x7Mc
zoGPi1k37fMvr@j3VlDVlhn3#q!IJHgtf#PLm8IQ~*nWgN)7COapo7Y^sZ~dhXSy=u
zIEESW@JQJFX|6<*g|piReyu+(>6sZzADcTq{5$3JQ#hg|6IPyiFb8%%ugHJ!=ln&r
z*8O_-dq*SZBeePJxz-8}#%%R&gADs?@L!uWDMpZTdKW(vldjw1JH{LQD3FNKQg4q~
z^J&GtQpRjly&iyjc7%YB;rwZ1qC72vNz(OqUL(%|R%AE)gRO=;<j+ZW6tCyE(V%Xm
z5jodZZN+R02Nc4hv&oVU*QC?n@n=01xfOiZO3tC1qKqIpE>Drfx_d`}V@en`C%=KQ
z+D?fjkYw7;2L|}FNSZ)KfyB7>vdG{*3ZY4VqbF%HqExF9HC4-w^-Njfte7GK;HH1p
zt%-=;(Fxbp_=lzDHWRA?^$}V*5{^I&Vp>@ZYL+1h9#W78K>x^ExQyjCliRHY#od~S
zUn0y?89S-u;q2)IPJN=)hYECa`ha3Sy!rLK$@-#6(71%**#JGWIrBR{)ylZ3Qt2ay
zIyAGnFK<TlIq-0G6g!81BJ<4Y9lYS~2OuSx*_`{0(Ztl1=RbhxsRh8lIC$wUlis;<
z>O}E}qT0}_JwNlX!%0!;rGkoqZEM*mBF@~45QJU-rC@1Mym~t`@v<N}KhZr1U@%cK
zve&6?5(vxV2cCa5zD%*q*kTqlgJw*C4L(Dg@_;>|u|Xo8Iqio)$99`Ll@ge2I$auy
z1%s(d8Eh?<aaY>sFQ|#VaDqJDm??U+%=nsPXQgmJad5L1b$Z1fYgnA8G)X0Wm>jv-
z;iK!>a6nRoAd5j*7e{NOh*N7vr=9w^y_pg{(r3b4r|nT*{CQ8CQH{hG0K~J|=!(wF
zRL0a2Qg7)vgLyuW7HzlvtauOKxpP`M5_TbrTX+F1#oVxWP#PND7u|jHEI&~c;rnds
z*txDb2REtHeAHmd3sEo1^!bV~osPChs}_eNW^u4d#fIMY9py=(W89gmML@P|lr1Ll
z<~z#sx_bO%?@H3gMSIGxEji;wFC&xz(u{_W&N@3=<%5rg>?Aqy&Dg#nEnmt3tdFt0
zA5%qId_uXl?!K9AVvMz~lw+=G+MOi2FD|>Oyw<`xZ1lN7&84a&`6rqnpy)1ogVz+Q
zbTIBT&8RPGBaDO9utp4ba-Q{B*gi8Rs^6Cdt<sIUf`o6^qM&pYP91lF@|A|3DC%g$
zcU3mROF-An{lhj^o3VB%Rb-(BgdH8CG#fr@QL<D=efapAQP0CU^xD`gsZ&k7r_CZn
zgO*;be)5O<1IGQNa!C9@{CcLye)&U>&;F9XX`kPkQk1WNzO&;a6}0SD+a1mO|AyK1
zjjR6Gh5)1|{lxNriK_iC&Xf`5U-)R4SJl7J-*|eFuk1*4g_haJ1yV<ny|aZ>%MO_B
zw$KoI{{<I%Rq)~T{uf+HGyfeVR=vw?Y}qLQ>i558*YS3HlY^RVF~Yj^`4&GHDpefB
zy&lBJWoN4g3CcMvaiP%*dTj$6frHO|zdyab!q#wT(qn>j(<jsZy~b-%JL=^asPdD<
zN;T*#1h6lqC>PK;9&i2c<ph_~x)H-KKh%AtL9KyoJC>#XX;(yKo%V*;CyO&{xo|X*
zBAF6yCaF*f_~rGT#fYn-hbT0j&73b|V(CY7-GD@bGxiGv;9ynddA3w20^?~|tqwjA
z#+A%C!K+~v2fNJ>-4%)MmvOK|OS@+RjVW&zu5Z}M?{eY$%v9)&syxGi>6W$wa^a`n
z6>TVO{)})?5uxPrU}LMDXVJsNj5cslo9&5W=S#y}ha7@nkoMLOEVvlo#io-6hO{j)
zEa@SGy#HEVcA@+Wq#kNFjtU%D$W>BaVbI^_plFg9h(<ItXWZh@r$VK9$Je?;x5@4@
z9_<}8@@&YQaE7VdybzhiWAG!^HQpTj&F_YPu1v<)EnDc34>G;hjPlumW-d{%ijh73
zF()VvJ3i(2|N03#a&zyJUUsZ_v_h)Dc0HjCPS-?Lr;?v19+!6CvA-75Tl^tUQJ%S*
zur+wtL-_A7tT4CuAF+FPVAi)KQv~w9cbeRQOwVJ+qg#F+h64&luzQSSrXU~I?N26E
z6F30O3niyzworL@0`QW|ePaH(4V*gUQD&DhoxUd#R`qTV6yt0#>V!F^?BnmLHMOpS
zxDeO|@*T#SW$sIXs_bnSixM}vla9pL3d^CVpL;%DEi%}1`l3k!7q1$zWUEzzYj})-
ztI=ArKckgTLKLZTz)J#BKO}!hH?RNgWj<4ne+?JbX=ix5K8i@)nGcBl#Rcn<@CN2R
zF&Wa`p7g>15*3R`zkSnM-OrFHUZQr#Q4>Vm1E2U*t6mH<`S3WmgJ_+|icPt!0&N}7
zTp(k!^rTJ~U9f427IH}7+S;OB5C`pfJZ;$~Dutiz;8Ie@kXt-R!B(O;htFR3XZ~6!
zT<`rCNWV_?@y2Y%|HiWvQn_<nNW|Gz0tKa=_d^WZUMdG8v#0y%OwRWtnK(*PB5^u?
z(^uB<SaeZ{UpBi%q9z-rbZx^Xtk3BH#)AcWB$kT1-bWt2ZlG?RB#9A~YV{13&o_ZT
zCpc60pIe0E|F}h{0xMDRKDobNGOi<^U9~%<pU~69&3cS7h$+ljhzuOPr7zW?1J*1O
zR<79iX_m$VYhYv$CX~*9=1Q}s{;Behuez(#b98}GOkJl`zCoRp#!$|q2-@3{hh{qk
z)&X;F&r<zEyI;q2z@o^;b^P$R4j!2L^Bu}93d~w!knYZo=17R(hzL!O>PFK@_)-3j
zC<Lm1?GY}Lgs)`B&K**H5;fyJt-N^3lYzW8v*AejmgM^tH->s2Pc#HfL99oS({0j(
zXs=Hvqt*roCxb;_>~T0uXwjjq1`{}VjXh*{GS8vxK=w$Y_wle?t%=H}Zw%?a`qG)Y
zy_NRAo?l5Tz7g4=LT5?c8}C?odc-XCUJ`EXsQkipj-)tPu-<A0*+zqK;UFSH$K6fo
zzs#B;DQZ#@B6{syl3XP1Y7!!T?c!_lm$<zRS5^LLc7Ex*FEDA!gA*Q&VP1oLM%tt#
zx*@)b)rbG;^FP6+wYKW>kWLg82>o^<W7O3@3xenfQw>9FW$_{g4Ui84(Z9|Jf6Fy0
z>~6g7*L8j$@m$ddHw<h%<jLtMjpa}-+pG7#uGaAnqW?$590~cuC~R!CI)80Kt~Z!8
z=>PWZ|CIRuPBi}zA^vX}8wN=d_D)V@3=Drf{+F47DHVw8l0OwzU0r==@IQ@%w(+qE
zv9ZW8F){Oz8yZn)RQB8b04uhe$16h`%*Z>7|8-^v=uEj>K60DYmihAa3;<eRlmy6_
zVKSE=xUsR}kv#OV+-iv7CkO@`z!nhw@nQ4aBXs&{qTwMZ7y=Ab{5I4qqdOnc9J`7q
zV}w8d-38V|8&lQ!PXuN|Qt+Puk{Ifr;43WEe|88;fd3P~3jOCt0w@aqIS>%{>7M{4
j2;-lv-`D@&RrEs0?MSHb%CVXKtwB;$R-{TuFW~<Hz!-aw

literal 0
HcmV?d00001

diff --git a/inventory/inventory-fde/inventory-fde.cf b/inventory/inventory-fde/inventory-fde.cf
index c7f3ec8..323e248 100644
--- a/inventory/inventory-fde/inventory-fde.cf
+++ b/inventory/inventory-fde/inventory-fde.cf
@@ -3,19 +3,53 @@ body file control
       namespace => "inventory_fde";
 }
 
+# Duplicated from the CFEngine standard library so this module can be parsed
+# and tested standalone without loading the full masterfiles.
+# _tidy: lib/files.cf body delete tidy
+# _in_shell: lib/commands.cf body contain in_shell
+
+body delete _tidy
+{
+      dirlinks => "delete";
+      rmdirs   => "true";
+}
+
+body contain _in_shell
+{
+      useshell => "useshell";
+}
+
 bundle agent main
 # @brief Inventory full disk encryption status
 # @inventory Full disk encryption enabled - Whether all non-virtual mounted filesystems use dm-crypt encryption (yes, partial, or no).
-# @inventory Full disk encryption method - The encryption type(s) in use, e.g. LUKS2, LUKS1, PLAIN, or none.
+# @inventory Full disk encryption methods - The encryption type(s) in use, e.g. LUKS2, LUKS1, PLAIN.
 # @inventory Full disk encryption volumes - List of mountpoints backed by encrypted devices, e.g. /.
 # @inventory Unencrypted volumes - List of mountpoints on non-virtual block devices that are not encrypted, e.g. /boot, /boot/efi.
+# @inventory Full disk encryption volume ciphers - The active dm-crypt cipher per volume, e.g. / : aes-xts-plain64.
+# @inventory Full disk encryption keyslot info - LUKS keyslot cipher and PBKDF per volume, e.g. / : 0:aes-xts-plain64/argon2id.
 {
+  vars:
+    linux::
+      "_dmsetup"    string => "/sbin/dmsetup";
+      "_cryptsetup" string => "/sbin/cryptsetup";
+
   classes:
     linux::
+      "_have_dmsetup"
+        expression => isexecutable("${_dmsetup}");
+      "_have_cryptsetup"
+        expression => isexecutable("${_cryptsetup}");
+
       # Flag each dm device that has a CRYPT uuid
       "_dm_is_crypt_${_dm_devices}"
         expression => regcmp("CRYPT-.*", "${_dm_uuid[${_dm_devices}]}");
 
+      # Classify crypt type per device
+      "_dm_is_luks2_${_dm_devices}"
+        expression => strcmp("LUKS2", "${_dm_crypt_type[${_dm_devices}]}");
+      "_dm_is_luks1_${_dm_devices}"
+        expression => strcmp("LUKS1", "${_dm_crypt_type[${_dm_devices}]}");
+
       # Classify each mount: real block device? (starts with /dev/, not a loop device)
       "_is_real_block_${_mnt_idx}"
         expression => regcmp("/dev/(?!loop)\S+", "${_mnt_data[${_mnt_idx}][0]}");
@@ -25,6 +59,11 @@ bundle agent main
         expression => regcmp("(${_crypt_paths_regex})", "${_mnt_data[${_mnt_idx}][0]}"),
         if => canonify("_is_real_block_${_mnt_idx}");
 
+      # LUKS1: flag enabled keyslots (slots 0-7, all share global cipher, all use PBKDF2)
+      "_luks1_slot_enabled_${_dm_devices}_${_luks1_slots}"
+        expression => regcmp("(?s).*Key Slot ${_luks1_slots}: ENABLED.*", "${_luks1_dump[${_dm_devices}]}"),
+        if => canonify("_dm_is_luks1_${_dm_devices}");
+
       # Summary classes
       "_has_encrypted"
         expression => isgreaterthan(length(_encrypted_mountpoints), 0);
@@ -64,6 +103,14 @@ bundle agent main
         string => regex_replace("${_dm_uuid[${_dm_devices}]}", "^CRYPT-([^-]+)-.*", "\1", ""),
         if => canonify("_dm_is_crypt_${_dm_devices}");
 
+      # Underlying block device for each crypt device (for cryptsetup luksDump)
+      "_dm_slaves[${_dm_devices}]"
+        slist => lsdir("/sys/block/${_dm_devices}/slaves", "[a-z].*", false),
+        if => canonify("_dm_is_crypt_${_dm_devices}");
+      "_dm_slave_dev[${_dm_devices}]"
+        string => "/dev/${_dm_slaves[${_dm_devices}]}",
+        if => canonify("_dm_is_crypt_${_dm_devices}");
+
       # Parse /proc/mounts into indexed array
       # Columns: 0=device, 1=mountpoint, 2=fstype, 3=options, 4=dump, 5=pass
       "_n_mnt_lines"
@@ -83,54 +130,191 @@ bundle agent main
           canonify("_is_encrypted_${_mnt_idx}")
         );
 
+      # Map dm device to its mountpoint via cross-iteration
+      "_dm_mountpoint[${_dm_devices}]"
+        string => "${_mnt_data[${_mnt_idx}][1]}",
+        if => and(
+          canonify("_dm_is_crypt_${_dm_devices}"),
+          regcmp("(/dev/mapper/${_dm_name[${_dm_devices}]}|/dev/${_dm_devices})",
+                 "${_mnt_data[${_mnt_idx}][0]}"));
+
       # Derive unencrypted mountpoints as the difference
       "_all_real_mountpoints" slist => getvalues(_all_real_mountpoint);
       "_encrypted_mountpoints" slist => getvalues(_encrypted_mountpoint);
       "_unencrypted_mountpoints"
         slist => difference(_all_real_mountpoints, _encrypted_mountpoints);
 
-    # Inventory: full encryption (encrypted volumes exist, no unencrypted ones)
-    _has_encrypted.!_has_unencrypted::
-      "fde_enabled"
-        string => "yes",
-        meta => { "inventory", "attribute_name=Full disk encryption enabled" };
+    # --- Active cipher via dmsetup table ---
+    _have_dmsetup::
+      # dmsetup table format: "0 <size> crypt <cipher> <key> <iv_offset> <dev> <offset>"
+      "_dm_active_cipher[${_dm_devices}]"
+        string => regex_replace(
+          execresult("${_dmsetup} table ${_dm_name[${_dm_devices}]}", "noshell"),
+          "^\d+\s+\d+\s+crypt\s+(\S+)\s+.*$", "\1", ""),
+        if => canonify("_dm_is_crypt_${_dm_devices}");
 
-    # Inventory: partial encryption
-    _has_encrypted._has_unencrypted::
-      "fde_enabled"
-        string => "partial",
-        meta => { "inventory", "attribute_name=Full disk encryption enabled" };
+    # --- LUKS2 keyslot info via cached JSON metadata ---
+    _have_cryptsetup::
+      "_luks2_cache[${_dm_devices}]"
+        string => "$(sys.statedir)/inventory_fde_luks2_${_dm_devices}.json",
+        if => canonify("_dm_is_luks2_${_dm_devices}");
+
+      "_luks2_cache_mtime[${_dm_devices}]"
+        string => filestat("${_luks2_cache[${_dm_devices}]}", "mtime"),
+        if => and(
+          canonify("_dm_is_luks2_${_dm_devices}"),
+          fileexists("${_luks2_cache[${_dm_devices}]}"));
+
+    # --- LUKS1 keyslot info via text parsing ---
+    _have_cryptsetup::
+      "_luks1_slots" slist => { "0", "1", "2", "3", "4", "5", "6", "7" };
+
+      "_luks1_dump[${_dm_devices}]"
+        string => execresult("${_cryptsetup} luksDump ${_dm_slave_dev[${_dm_devices}]}", "noshell"),
+        if => canonify("_dm_is_luks1_${_dm_devices}");
+
+      # LUKS1 global cipher: "Cipher name" + "Cipher mode"
+      "_luks1_cipher_name[${_dm_devices}]"
+        string => regex_replace("${_luks1_dump[${_dm_devices}]}", "(?s).*Cipher name:\s+(\S+).*", "\1", ""),
+        if => canonify("_dm_is_luks1_${_dm_devices}");
+      "_luks1_cipher_mode[${_dm_devices}]"
+        string => regex_replace("${_luks1_dump[${_dm_devices}]}", "(?s).*Cipher mode:\s+(\S+).*", "\1", ""),
+        if => canonify("_dm_is_luks1_${_dm_devices}");
+
+      # Build per-keyslot summary for each ENABLED slot
+      "_luks1_ks_entry[${_dm_devices}][${_luks1_slots}]"
+        string => "${_luks1_slots}:${_luks1_cipher_name[${_dm_devices}]}-${_luks1_cipher_mode[${_dm_devices}]}/pbkdf2",
+        if => and(
+          canonify("_dm_is_luks1_${_dm_devices}"),
+          canonify("_luks1_slot_enabled_${_dm_devices}_${_luks1_slots}"));
+
+      "_luks1_ks_entries[${_dm_devices}]"
+        slist => getvalues("_luks1_ks_entry[${_dm_devices}]"),
+        if => canonify("_dm_is_luks1_${_dm_devices}");
+
+      "_dm_keyslot_info[${_dm_devices}]"
+        string => join(", ", sort("_luks1_ks_entries[${_dm_devices}]", "lex")),
+        if => canonify("_dm_is_luks1_${_dm_devices}");
 
-    # Inventory: no encryption
-    linux.!_has_encrypted::
+    # --- Inventory attributes ---
+
+    linux::
       "fde_enabled"
-        string => "no",
+        string => ifelse("_has_encrypted.!_has_unencrypted", "yes",
+                         "_has_encrypted._has_unencrypted", "partial",
+                         "no"),
         meta => { "inventory", "attribute_name=Full disk encryption enabled" };
 
-    # Method and volume details
-    _has_encrypted::
       "fde_method"
-        string => join(", ", unique(getvalues(_dm_crypt_type))),
-        meta => { "inventory", "attribute_name=Full disk encryption method" };
+        slist => unique(getvalues(_dm_crypt_type)),
+        meta => { "inventory", "attribute_name=Full disk encryption methods" };
+
+    _has_encrypted::
       "fde_volumes"
         slist => unique(_encrypted_mountpoints),
         meta => { "inventory", "attribute_name=Full disk encryption volumes" };
 
-    linux.!_has_encrypted::
-      "fde_method"
-        string => "none",
-        meta => { "inventory", "attribute_name=Full disk encryption method" };
-
     _has_unencrypted::
       "unencrypted_volumes"
         slist => unique(_unencrypted_mountpoints),
         meta => { "inventory", "attribute_name=Unencrypted volumes" };
 
+    # Build per-volume cipher and keyslot strings with mountpoint prefix
+    _have_dmsetup::
+      "_volume_cipher_entry[${_dm_devices}]"
+        string => "${_dm_mountpoint[${_dm_devices}]} : ${_dm_active_cipher[${_dm_devices}]}",
+        if => and(
+          canonify("_dm_is_crypt_${_dm_devices}"),
+          isvariable("_dm_mountpoint[${_dm_devices}]"));
+
+    _have_cryptsetup::
+      "_keyslot_info_entry[${_dm_devices}]"
+        string => "${_dm_mountpoint[${_dm_devices}]} : ${_luks2_ks_${_dm_devices}[keyslots]}",
+        if => and(
+          canonify("_dm_is_luks2_${_dm_devices}"),
+          isvariable("_dm_mountpoint[${_dm_devices}]"),
+          isvariable("_luks2_ks_${_dm_devices}[keyslots]"));
+
+      "_keyslot_info_entry[${_dm_devices}]"
+        string => "${_dm_mountpoint[${_dm_devices}]} : ${_dm_keyslot_info[${_dm_devices}]}",
+        if => and(
+          canonify("_dm_is_luks1_${_dm_devices}"),
+          isvariable("_dm_mountpoint[${_dm_devices}]"));
+
+    _has_encrypted._have_dmsetup::
+      "fde_volume_cipher"
+        slist => getvalues(_volume_cipher_entry),
+        meta => { "inventory", "attribute_name=Full disk encryption volume ciphers" };
+
+    _has_encrypted._have_cryptsetup::
+      "fde_keyslot_info"
+        slist => getvalues(_keyslot_info_entry),
+        meta => { "inventory", "attribute_name=Full disk encryption keyslot info" };
+
+  files:
+    _have_cryptsetup::
+      # Delete LUKS2 JSON cache if older than 24 hours
+      "${_luks2_cache[${_dm_devices}]}"
+        delete => _tidy,
+        if => and(
+          canonify("_dm_is_luks2_${_dm_devices}"),
+          fileexists("${_luks2_cache[${_dm_devices}]}"),
+          isgreaterthan(
+            format("%d", eval("$(sys.systime) - ${_luks2_cache_mtime[${_dm_devices}]}")),
+            "86400"));
+
+  commands:
+    _have_cryptsetup::
+      "${_cryptsetup}"
+        arglist => { "luksDump",
+                     "--dump-json-metadata",
+                     "${_dm_slave_dev[${_dm_devices}]}",
+                     ">", "${_luks2_cache[${_dm_devices}]}" },
+        contain => _in_shell,
+        if => and(
+          canonify("_dm_is_luks2_${_dm_devices}"),
+          not(fileexists("${_luks2_cache[${_dm_devices}]}")));
+
+  methods:
+    _have_cryptsetup::
+      # Parse LUKS2 JSON and return keyslot summary via bundle_return_value_index
+      "luks2_${_dm_devices}"
+        usebundle => luks2_keyslot_info("${_luks2_cache[${_dm_devices}]}"),
+        useresult => "_luks2_ks_${_dm_devices}",
+        if => and(
+          canonify("_dm_is_luks2_${_dm_devices}"),
+          fileexists("${_luks2_cache[${_dm_devices}]}"));
+
   reports:
       !linux.verbose_mode::
         "$(this.promise_filename): $(this.namespace):$(this.bundle) is currently only instrumented for Linux. Please consider making a pull request or filing a ticket to request your specific platform.";
 }
 
+bundle agent luks2_keyslot_info(cache_file)
+# @brief Parse LUKS2 JSON metadata and return keyslot summary
+{
+  vars:
+      "_json"
+        data => readjson("${cache_file}");
+
+      "_ks_idx"
+        slist => getindices("_json[keyslots]");
+
+      # Build per-keyslot summary: "<slot>:<cipher>/<kdf>"
+      "_ks_entry[${_ks_idx}]"
+        string => "${_ks_idx}:${_json[keyslots][${_ks_idx}][area][encryption]}/${_json[keyslots][${_ks_idx}][kdf][type]}";
+
+      "_ks_entries"
+        slist => getvalues(_ks_entry);
+
+      "_keyslots"
+        string => join(", ", sort(_ks_entries, "lex"));
+
+  reports:
+      "${_keyslots}"
+        bundle_return_value_index => "keyslots";
+}
+
 body file control
 {
       namespace => "default";
diff --git a/inventory/inventory-fde/test-encrypted-volume.sh b/inventory/inventory-fde/test-encrypted-volume.sh
new file mode 100755
index 0000000..bf6bb75
--- /dev/null
+++ b/inventory/inventory-fde/test-encrypted-volume.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+# Create or tear down a test LUKS2 encrypted volume for inventory-fde testing.
+#
+# Usage:
+#   sudo ./test-encrypted-volume.sh setup    # Create and mount test volume
+#   sudo ./test-encrypted-volume.sh teardown # Unmount and remove test volume
+#
+# The test volume uses a loopback device with a hardcoded passphrase ("testpass")
+# and mounts at /mnt/fde-test. Requires cryptsetup and root privileges.
+
+set -euo pipefail
+
+IMG="/tmp/fde-test.img"
+LOOP="/dev/loop100"
+NAME="fde-test"
+MNT="/mnt/${NAME}"
+PASS="testpass"
+
+setup() {
+    if [ -e "/dev/mapper/${NAME}" ]; then
+        echo "Test volume already exists at /dev/mapper/${NAME}"
+        exit 1
+    fi
+
+    echo "Creating 100MB disk image..."
+    dd if=/dev/zero of="${IMG}" bs=1M count=100 status=progress
+
+    echo "Setting up loop device ${LOOP}..."
+    losetup "${LOOP}" "${IMG}"
+
+    echo "Formatting as LUKS2..."
+    echo -n "${PASS}" | cryptsetup luksFormat --type luks2 "${LOOP}" --key-file=-
+
+    echo "Opening LUKS volume as ${NAME}..."
+    echo -n "${PASS}" | cryptsetup open "${LOOP}" "${NAME}" --key-file=-
+
+    echo "Creating ext4 filesystem..."
+    mkfs.ext4 -q "/dev/mapper/${NAME}"
+
+    echo "Mounting at ${MNT}..."
+    mkdir -p "${MNT}"
+    mount "/dev/mapper/${NAME}" "${MNT}"
+
+    echo ""
+    echo "Test volume ready. Verify with:"
+    echo "  cf-agent -KIf ./inventory-fde.cf --show-evaluated-vars=inventory_fde"
+    echo ""
+    echo "Tear down with:"
+    echo "  sudo $0 teardown"
+}
+
+teardown() {
+    echo "Tearing down test volume..."
+
+    if mountpoint -q "${MNT}" 2>/dev/null; then
+        echo "Unmounting ${MNT}..."
+        umount "${MNT}"
+    fi
+
+    if [ -e "/dev/mapper/${NAME}" ]; then
+        echo "Closing LUKS volume ${NAME}..."
+        cryptsetup close "${NAME}"
+    fi
+
+    if losetup "${LOOP}" &>/dev/null; then
+        echo "Detaching loop device ${LOOP}..."
+        losetup -d "${LOOP}"
+    fi
+
+    if [ -f "${IMG}" ]; then
+        echo "Removing disk image ${IMG}..."
+        rm -f "${IMG}"
+    fi
+
+    if [ -d "${MNT}" ]; then
+        rmdir "${MNT}" 2>/dev/null || true
+    fi
+
+    # Clean up cached LUKS2 JSON metadata
+    rm -f /var/cfengine/state/inventory_fde_luks2_*.json
+
+    echo "Teardown complete."
+}
+
+case "${1:-}" in
+    setup)
+        setup
+        ;;
+    teardown)
+        teardown
+        ;;
+    *)
+        echo "Usage: sudo $0 {setup|teardown}"
+        exit 1
+        ;;
+esac