From 1f873c0e34d3f9a4fb9d99bf7b08c77e9279f3f4 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Wed, 21 Apr 2021 15:54:11 -0700 Subject: [PATCH 01/15] federation with AADJ updated --- .../hello-for-business/hello-how-it-works-authentication.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index cb21e54fe3..8f124ea552 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -51,6 +51,8 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |B | The Kerberos provider sends the signed pre-authentication data and its public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the 2016 domain controller in the form of a KERB_AS_REQ.
The 2016 domain controller determines the certificate is a self-signed certificate. It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory. It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed pre-authentication data using the public key from Active Directory. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| +!Note: You may have on-prem domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on the AADJ device. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT as well as it trigger authenticate against your DC (if LOS to DC available) to get kerberos.it no longer use ADFS to authenticate for WHFB signins. + ## Azure AD join authentication to Active Directory using a Certificate ![Azure AD join authentication to Active Directory using a Certificate](images/howitworks/auth-aadj-certtrust-kerb.png) @@ -61,6 +63,10 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |B | The Kerberos provider sends the signed pre-authentication data and user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.
The domain controller determines the certificate is not self-signed certificate. The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and has not been revoked. It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory. It validates the signed pre-authentication data using the public key from the certificate. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| +!Note: You may have on-prem domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT. as well as Authenticate against your DC (if LOS to DC available) to get kerberos as mentioned above. ADFS federation used only when Enterprise PRT calls are placed from client. you need to have device write back enabled to get "Enterprise PRT" from your federation. + + + ## Hybrid Azure AD join authentication using a Key ![Hybrid Azure AD join authentication using a Key](images/howitworks/auth-haadj-keytrust.png) From 85d172fb43d5b1e978cefa35aaa91233afe3c033 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Wed, 21 Apr 2021 17:05:52 -0700 Subject: [PATCH 02/15] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 8f124ea552..eb1d1585c6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -51,7 +51,8 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |B | The Kerberos provider sends the signed pre-authentication data and its public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the 2016 domain controller in the form of a KERB_AS_REQ.
The 2016 domain controller determines the certificate is a self-signed certificate. It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory. It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed pre-authentication data using the public key from Active Directory. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| -!Note: You may have on-prem domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on the AADJ device. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT as well as it trigger authenticate against your DC (if LOS to DC available) to get kerberos.it no longer use ADFS to authenticate for WHFB signins. +> [!NOTE] +> You may have on-premises domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on the AADJ device. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT, as well as it trigger authenticate against your DC (if LOS to DC available) to get Kerberos. It no longer uses ADFS to authenticate for WHFB sign-ins. ## Azure AD join authentication to Active Directory using a Certificate From 7cc89e4a49eed7339710895235b95ddf597afc62 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Thu, 22 Apr 2021 12:45:13 -0700 Subject: [PATCH 03/15] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index eb1d1585c6..411edf3dbe 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -64,7 +64,8 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |B | The Kerberos provider sends the signed pre-authentication data and user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.
The domain controller determines the certificate is not self-signed certificate. The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and has not been revoked. It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory. It validates the signed pre-authentication data using the public key from the certificate. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| -!Note: You may have on-prem domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT. as well as Authenticate against your DC (if LOS to DC available) to get kerberos as mentioned above. ADFS federation used only when Enterprise PRT calls are placed from client. you need to have device write back enabled to get "Enterprise PRT" from your federation. +> [!NOTE] +> You may have on-premises domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on, any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT, as well as Authenticate against your DC (if LOS to DC available) to get Kerberos as mentioned above. ADFS federation used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. From 9a9413f449f0500fb911b5f223c1f1e42fe397fd Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Thu, 22 Apr 2021 12:45:19 -0700 Subject: [PATCH 04/15] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 411edf3dbe..cb941338ef 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -68,7 +68,6 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c > You may have on-premises domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on, any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT, as well as Authenticate against your DC (if LOS to DC available) to get Kerberos as mentioned above. ADFS federation used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. - ## Hybrid Azure AD join authentication using a Key ![Hybrid Azure AD join authentication using a Key](images/howitworks/auth-haadj-keytrust.png) From 0f716c0357e267c18c504cc5021694f9a2a058a1 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Thu, 22 Apr 2021 12:45:45 -0700 Subject: [PATCH 05/15] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index cb941338ef..d0647fff25 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -52,7 +52,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] -> You may have on-premises domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on the AADJ device. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT, as well as it trigger authenticate against your DC (if LOS to DC available) to get Kerberos. It no longer uses ADFS to authenticate for WHFB sign-ins. +> You might have an on-premises domain federated with Azure AD. Once you have successfully provisioned WHFB PIN/Bio on the AADJ device, any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT and trigger authenticate against your DC (if LOS to DC is available) to get Kerberos. It no longer uses ADFS to authenticate for WHFB sign-ins. ## Azure AD join authentication to Active Directory using a Certificate From 79baead0da39f0f95efc61892a22776e41fefb46 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Fri, 23 Apr 2021 15:22:28 -0700 Subject: [PATCH 06/15] Update faq-md-app-guard.md --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 5d37b3aa5d..9a7f8f0ed3 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -143,7 +143,7 @@ In the Microsoft Defender Firewall user interface go through the following steps There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to **Windows Security** > **App and Browser control** > **Exploit Protection Setting**, and then switch CFG to **use default**. -### How can I have ICS in enabled state yet still use Application Guard? +### How can I disable portions of ICS without breaking Application Guard? ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys. @@ -184,4 +184,4 @@ Policy: Allow installation of devices using drivers that match these device setu ## See also -[Configure Microsoft Defender Application Guard policy settings](./configure-md-app-guard.md) \ No newline at end of file +[Configure Microsoft Defender Application Guard policy settings](./configure-md-app-guard.md) From 387603e22ebcb7f83d952068ec1fc942df2940fc Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Fri, 23 Apr 2021 19:07:26 -0700 Subject: [PATCH 07/15] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index d0647fff25..41ee599349 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -52,7 +52,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] -> You might have an on-premises domain federated with Azure AD. Once you have successfully provisioned WHFB PIN/Bio on the AADJ device, any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT and trigger authenticate against your DC (if LOS to DC is available) to get Kerberos. It no longer uses ADFS to authenticate for WHFB sign-ins. +> You might have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on the Azure AD joined device, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT and trigger authenticate against your DC (if LOS to DC is available) to get Kerberos. It no longer uses AD FS to authenticate for Windows Hello for Business sign-ins. ## Azure AD join authentication to Active Directory using a Certificate From cc5989f5a5593c9442241f7425676b7d2c0dcfe0 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Fri, 23 Apr 2021 19:07:52 -0700 Subject: [PATCH 08/15] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 41ee599349..7439db90b9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -65,7 +65,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] -> You may have on-premises domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on, any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT, as well as Authenticate against your DC (if LOS to DC available) to get Kerberos as mentioned above. ADFS federation used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. +> You may have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT, as well as authenticate against your DC (if LOS to DC is available) to get Kerberos as mentioned ppreviously. AD FS federation is used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. ## Hybrid Azure AD join authentication using a Key From 79b50f7fb3b48f346ac0cb221b4f38f390069ca0 Mon Sep 17 00:00:00 2001 From: Kateyanne <67609554+Kateyanne@users.noreply.github.com> Date: Mon, 26 Apr 2021 11:15:18 -0700 Subject: [PATCH 09/15] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 7439db90b9..73e3d5e47f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -65,7 +65,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] -> You may have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT, as well as authenticate against your DC (if LOS to DC is available) to get Kerberos as mentioned ppreviously. AD FS federation is used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. +> You may have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT, as well as authenticate against your DC (if LOS to DC is available) to get Kerberos as mentioned previously. AD FS federation is used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. ## Hybrid Azure AD join authentication using a Key From 9deaa3f1d7c99570b618dbeb20ee19cac3801b66 Mon Sep 17 00:00:00 2001 From: Charles Inglis <32555877+cinglis-msft@users.noreply.github.com> Date: Mon, 26 Apr 2021 14:22:18 -0400 Subject: [PATCH 10/15] Adding compatible regions Update Compliance is only compatible with certain regions. Customers have run into issues configuring for newer Log Analytics regions that do not support Update Compliance. Adding the list of regions in onboarding for reference. --- .../update/update-compliance-get-started.md | 34 +++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index e686447597..9298206139 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -41,11 +41,41 @@ Update Compliance is offered as an Azure Marketplace application which is linked 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You may need to login to your Azure subscription to access this. 2. Select **Get it now**. -3. Choose an existing or configure a new Log Analytics Workspace. While an Azure subscription is required, you will not be charged for ingestion of Update Compliance data. +3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the table below. While an Azure subscription is required, you will not be charged for ingestion of Update Compliance data. - [Desktop Analytics](/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance. - [Azure Update Management](/azure/automation/automation-update-management) customers are advised to use the same workspace for Update Compliance. 4. After your workspace is configured and selected, select **Create**. You will receive a notification when the solution has been successfully created. +|Compatible Log Analytics regions | +| ------------------------------- | +|Australia Central | +|Australia East | +|Australia Southeast | +|Brazil South | +|Canada Central | +|Central India | +|Central US | +|East Asia | +|East US | +|East US 2 | +|Eastus2euap(canary) | +|France Central | +|Japan East | +|Korea Central | +|North Central US | +|North Europe | +|South Africa North | +|South Central US | +|Southeast Asia | +|Switzerland North | +|Switzerland West | +|UK West | +|UK south | +|West Central US | +|West Europe | +|West US | +|West US 2 | + > [!NOTE] > It is not currently supported to programmatically enroll to Update Compliance via the [Azure CLI](/cli/azure) or otherwise. You must manually add Update Compliance to your Azure subscription. @@ -80,4 +110,4 @@ To download the script and learn what you need to configure and how to troublesh ### Configure devices manually -It is possible to manually configure devices to send data to Update Compliance, but the recommended method of configuration is to use the [Update Compliance Configuration Script](update-compliance-configuration-script.md). To learn more about configuring devices manually, see [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md). \ No newline at end of file +It is possible to manually configure devices to send data to Update Compliance, but the recommended method of configuration is to use the [Update Compliance Configuration Script](update-compliance-configuration-script.md). To learn more about configuring devices manually, see [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md). From b704f4e6228e31b3d56663679d6593e66d84c868 Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Mon, 26 Apr 2021 11:28:31 -0700 Subject: [PATCH 11/15] Update update-compliance-get-started.md --- .../deployment/update/update-compliance-get-started.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 9298206139..f7bc296b2f 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -41,10 +41,10 @@ Update Compliance is offered as an Azure Marketplace application which is linked 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You may need to login to your Azure subscription to access this. 2. Select **Get it now**. -3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the table below. While an Azure subscription is required, you will not be charged for ingestion of Update Compliance data. - - [Desktop Analytics](/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance. - - [Azure Update Management](/azure/automation/automation-update-management) customers are advised to use the same workspace for Update Compliance. -4. After your workspace is configured and selected, select **Create**. You will receive a notification when the solution has been successfully created. +3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data. + - [Desktop Analytics](/sccm/desktop-analytics/overview) users should use the same workspace for Update Compliance. + - [Azure Update Management](/azure/automation/automation-update-management) users should use the same workspace for Update Compliance. +4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created. |Compatible Log Analytics regions | | ------------------------------- | From 91892b35bacbae864fb2c2ed6a8b4350a07c96c7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 26 Apr 2021 14:05:16 -0700 Subject: [PATCH 12/15] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 43 +++++++++++-------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 9a7f8f0ed3..61f3f7421b 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 01/21/2021 +ms.date: 04/26/2021 ms.reviewer: manager: dansimp ms.custom: asr @@ -19,11 +19,12 @@ ms.technology: mde **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Answering frequently asked questions about Microsoft Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. +This article lists frequently asked questions with answers for Microsoft Defender Application Guard (Application Guard). Questions span features, integration with the Windows operating system, and general configuration. ## Frequently Asked Questions ### Can I enable Application Guard on machines equipped with 4-GB RAM? + We recommend 8-GB RAM for optimal performance but you can use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.) @@ -34,25 +35,25 @@ We recommend 8-GB RAM for optimal performance but you can use the following regi ### Can employees download documents from the Application Guard Edge session onto host devices? -In Windows 10 Enterprise edition 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy. +In Windows 10 Enterprise edition, version 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy. -In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. +In Windows 10 Enterprise edition, version 1709, or Windows 10 Professional edition, version 1803, it is not possible to download files from the isolated Application Guard container to the host computer. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. ### Can employees copy and paste between the host device and the Application Guard Edge session? Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container. -### Why don't employees see their Favorites in the Application Guard Edge session? +### Why don't employees see their favorites in the Application Guard Edge session? -To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. +To help keep the Application Guard Edge session secure and isolated from the host device, favorites that are stored in the Application Guard Edge session are not copied back to the host device. -### Why aren’t employees able to see their Extensions in the Application Guard Edge session? +### Why aren’t employees able to see their extensions in the Application Guard Edge session? -Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. +Currently, the Application Guard Edge session doesn't support extensions. However, we're closely monitoring your feedback about this. ### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)? -Microsoft Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. +Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition, version 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. ### Which Input Method Editors (IME) in 19H1 are not supported? @@ -102,7 +103,7 @@ Mandatory network isolation GP policy to deploy Application Guard: "DomainSubnet Mandatory network isolation CSP policy to deploy Application Guard: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)" For EnterpriseNetworkDomainNames, there is no mapped CSP policy. -Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). +Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). ### Why did Application Guard stop working after I turned off hyperthreading? @@ -128,21 +129,24 @@ First rule (DHCP Server): Second rule (DHCP Client) This is the same as the first rule, but scoped to local port 68. In the Microsoft Defender Firewall user interface go through the following steps: -1. Right click on inbound rules, create a new rule. +1. Right-click on inbound rules, and then create a new rule. 2. Choose **custom rule**. -3. Program path: `%SystemRoot%\System32\svchost.exe`. -4. Protocol Type: UDP, Specific ports: 67, Remote port: any. -5. Any IP addresses. -6. Allow the connection. -7. All profiles. -8. The new rule should show up in the user interface. Right click on the **rule** > **properties**. -9. In the **Programs and services** tab, Under the **Services** section click on **settings**. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**. +3. Specify the following program path: `%SystemRoot%\System32\svchost.exe`. +4. Specify the following settings: + - Protocol Type: UDP + - Specific ports: 67 + - Remote port: any +6. Specify any IP addresses. +7. Allow the connection. +8. Specify to use all profiles. +9. The new rule should show up in the user interface. Right click on the **rule** > **properties**. +10. In the **Programs and services** tab, under the **Services** section, select **settings**. +11. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**. ### Why can I not launch Application Guard when Exploit Guard is enabled? There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to **Windows Security** > **App and Browser control** > **Exploit Protection Setting**, and then switch CFG to **use default**. - ### How can I disable portions of ICS without breaking Application Guard? ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys. @@ -161,6 +165,7 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli 5. Reboot the device. ### Why doesn't the container fully load when device control policies are enabled? + Allow-listed items must be configured as "allowed" in the Group Policy Object ensure AppGuard works properly. Policy: Allow installation of devices that match any of these device IDs From afd5531a0d2f9ed2ef54379810499489383aea3b Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Mon, 26 Apr 2021 14:24:25 -0700 Subject: [PATCH 13/15] Update update-compliance-get-started.md Fixing (I think) link to Azure automation update management. It would have been broken in the original version of the article as well. --- windows/deployment/update/update-compliance-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index f7bc296b2f..9bd21c5fd2 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -43,7 +43,7 @@ Update Compliance is offered as an Azure Marketplace application which is linked 2. Select **Get it now**. 3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data. - [Desktop Analytics](/sccm/desktop-analytics/overview) users should use the same workspace for Update Compliance. - - [Azure Update Management](/azure/automation/automation-update-management) users should use the same workspace for Update Compliance. + - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance. 4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created. |Compatible Log Analytics regions | From 9164d2d0b399e3f8f7d443d92f44f0132f8ee9d3 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Mon, 26 Apr 2021 14:32:24 -0700 Subject: [PATCH 14/15] Acrolinx fixes re-adding fixes made by a PR reviewer that were overwritten by a force-push --- .../hello-how-it-works-authentication.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 73e3d5e47f..a90f1587c2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -35,7 +35,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c | Phase | Description | | :----: | :----------- | -|A | Authentication begins when the users dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider.| +|A | Authentication begins when the user dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider.| |B | The Cloud AP provider requests a nonce from Azure Active Directory. Azure AD returns a nonce. The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Azure Active Directory.| |C | Azure Active Directory validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Azure AD then validates the returned signed nonce. After validating the nonce, Azure AD creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.| |D | The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.| @@ -47,9 +47,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c | Phase | Description | | :----: | :----------- | -|A | Authentication to Active Directory from a Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses metadata from the Windows Hello for Business key to get a hint of the user's domain. Using the hint, the provider uses the DClocator service to locate a 2016 domain controller. After the provider locates an active 2016 domain controller, the provider uses the private key to sign the Kerberos pre-authentication data.| +|A | Authentication to Active Directory from an Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses metadata from the Windows Hello for Business key to get a hint of the user's domain. Using the hint, the provider uses the DClocator service to locate a 2016 domain controller. After the provider locates an active 2016 domain controller, the provider uses the private key to sign the Kerberos pre-authentication data.| |B | The Kerberos provider sends the signed pre-authentication data and its public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the 2016 domain controller in the form of a KERB_AS_REQ.
The 2016 domain controller determines the certificate is a self-signed certificate. It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory. It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed pre-authentication data using the public key from Active Directory. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| -|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| +|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] > You might have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on the Azure AD joined device, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT and trigger authenticate against your DC (if LOS to DC is available) to get Kerberos. It no longer uses AD FS to authenticate for Windows Hello for Business sign-ins. @@ -60,9 +60,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c | Phase | Description | | :----: | :----------- | -|A | Authentication to Active Directory from a Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses information from the certificate to get a hint of the user's domain. Kerberos can use the distinguished name of the user found in the subject of the certificate, or it can use the user principal name of the user found in the subject alternate name of the certificate. Using the hint, the provider uses the DClocator service to locate a domain controller. After the provider locates an active domain controller, the provider use the private key to sign the Kerberos pre-authentication data.| +|A | Authentication to Active Directory from a Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses information from the certificate to get a hint of the user's domain. Kerberos can use the distinguished name of the user found in the subject of the certificate, or it can use the user principal name of the user found in the subject alternate name of the certificate. Using the hint, the provider uses the DClocator service to locate a domain controller. After the provider locates an active domain controller, the provider uses the private key to sign the Kerberos pre-authentication data.| |B | The Kerberos provider sends the signed pre-authentication data and user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.
The domain controller determines the certificate is not self-signed certificate. The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and has not been revoked. It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory. It validates the signed pre-authentication data using the public key from the certificate. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| -|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| +|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] > You may have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT, as well as authenticate against your DC (if LOS to DC is available) to get Kerberos as mentioned previously. AD FS federation is used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. @@ -73,9 +73,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c | Phase | Description | | :----: | :----------- | -|A | Authentication begins when the users dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.| +|A | Authentication begins when the user dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.| |B | The Kerberos provider sends the signed pre-authentication data and the user's public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the 2016 domain controller in the form of a KERB_AS_REQ.
The 2016 domain controller determines the certificate is a self-signed certificate. It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory. It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed pre-authentication data using the public key from Active Directory. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| -|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. +|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. |D | After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| |E | Lsass informs winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.| |F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Azure Active Directory. Azure AD returns a nonce.| @@ -89,9 +89,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c | Phase | Description | | :----: | :----------- | -|A | Authentication begins when the users dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.| +|A | Authentication begins when the user dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.| |B | The Kerberos provider sends the signed pre-authentication data and user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.
The domain controller determines the certificate is not self-signed certificate. The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and has not been revoked. It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory. It validates the signed pre-authentication data using the public key from the certificate. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| -|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. +|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. |D | After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| |E | Lsass informs winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.| |F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Azure Active Directory. Azure AD returns a nonce.| From 7bb368fc8a03ce67283d66c0ac57ea6c0a966115 Mon Sep 17 00:00:00 2001 From: David Strome Date: Mon, 26 Apr 2021 14:57:28 -0700 Subject: [PATCH 15/15] moving include text to topic, removing include file for archive process to complete --- .../edge/emie-to-improve-compatibility.md | 26 +++++++++++- ...eroperability-goals-enterprise-guidance.md | 40 ------------------ .../deployment/images/configmgr-assets.PNG | Bin 139547 -> 0 bytes 3 files changed, 25 insertions(+), 41 deletions(-) delete mode 100644 browsers/includes/interoperability-goals-enterprise-guidance.md delete mode 100644 windows/deployment/images/configmgr-assets.PNG diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index 09a98b4378..b7dbb29a92 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -27,8 +27,32 @@ If you have specific websites and apps that have compatibility problems with Mic Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. +## Interoperability goals and enterprise guidance -[!INCLUDE [interoperability-goals-enterprise-guidance](../includes/interoperability-goals-enterprise-guidance.md)] +Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser. + +You must continue using IE11 if web apps use any of the following: + +* ActiveX controls + +* x-ua-compatible headers + +* <meta> tags with an http-equivalent value of X-UA-Compatible header + +* Enterprise mode or compatibility view to addressing compatibility issues + +* legacy document modes + +If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. + +> [!TIP] +> If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714). + +|Technology |Why it existed |Why we don't need it anymore | +|---------|---------|---------| +|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | | +|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | | +|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. | ## Enterprise guidance Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that rely on ActiveX controls, continue using Internet Explorer 11 for the web apps to work correctly. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Also, if you use an earlier version of Internet Explorer, upgrade to IE11. diff --git a/browsers/includes/interoperability-goals-enterprise-guidance.md b/browsers/includes/interoperability-goals-enterprise-guidance.md deleted file mode 100644 index 407e07bf91..0000000000 --- a/browsers/includes/interoperability-goals-enterprise-guidance.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -author: eavena -ms.author: eravena -ms.date: 10/15/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -## Interoperability goals and enterprise guidance - -Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser. - -You must continue using IE11 if web apps use any of the following: - -* ActiveX controls - -* x-ua-compatible headers - -* <meta> tags with an http-equivalent value of X-UA-Compatible header - -* Enterprise mode or compatibility view to addressing compatibility issues - -* legacy document modes - -If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. - -> [!TIP] -> If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714). - - -|Technology |Why it existed |Why we don't need it anymore | -|---------|---------|---------| -|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | | -|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | | -|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. | - - ---- diff --git a/windows/deployment/images/configmgr-assets.PNG b/windows/deployment/images/configmgr-assets.PNG deleted file mode 100644 index ac315148c5f7fa276cb84521b26d1332adcb144c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 139547 zcmZs?byQnH*Ed=(6f5pfG^Mx{hqOS82MV;fmqH3jfDjzgqQ%`MMGB?3I}|Avthl=- zI0Pr$KF@pKb=UpY_s3at=B%^U?3ww^o-Mx}q770edBX7I&Ye3Xswzr4ckbNJzjNnq z0KubwU-}w9wEb)D!gZ7t?vxBNZU5^$uzjuh`p%v5D57i2hyVJ7jw*)mJ9j8t{`1^j z_{8dd=g#d9Ri)Q@?q)lt55F*vkK;32aRX3UMmP2cB%Ey-><>e$3<7J$5=QVrr`nAdW-DNp6zjM(fJkIsKP4>C`;O2nv?c;O!2;sLts7Kyr?vJb^DdkRqLGDPr zTf2KqlKEh7NAGJIVx|OjNSe51S#jSI9YrQ~!$;3qcb0tAL9 zc2F8B?|pu-+!0L1`k$Bb`%j;?=M?#`ad74h%YD_Meke!cwA^a;{rXP;=ijV|?$<2I z4>Y|GdqSSyt=SfKECAo|ZM|hTws?1awx^vzEO*?_=yg56_6fhX z?=zM4MKj}?23lYC3>!9|k_MAM3FInSdxn%^%k&5p(of}nPac=0sx_Bl_KcHQZKaN= zUZcG*(r13iH_?B%%`NlH4Rlp!+g^Wj z8(pPphW>sT91tMFzd-y{^r_=a(7^itF8_b`L54sLWIK==IH(;F-2-Lg*j@Qm)x{$x$LK4N3Y*u%$9|Fl*hC8i7Uyn^ZS4>{m-W+-vs6CY9lfB_pr!_=WNVC zyun0zyda+qQLtf2QM^RHO@1VIB=y(M^-?>qPP=1ag>c4YqMxKNXL5OpiRQfHeG$SR zY$+6G8vHVGx{m=h$*Hj{qD@_5+%T%>E%gO4juFza44dIg>hexKtoF%wdaW+ang0WH zOR=NIC?h^4tsbJlTxD5RZ##WwPR_veo@hNMv~f1I-iT@lffKQEyGp(;JD4q2K|^&Z zpeiu%lvM+m*8=*z3-xb_QFmJ#2N}keE`SGv!Wn1 zSds>V676~-S%Q0leNWH=c3>|U_=;K4w1yvzKmSAD2q$>F5!BS(EO}028HcNuD^Hkq zDDX`;goujAbWZ$eVRm`(Mm1LESullzO|M&%Rod5xgsGl&pRCQiF-LD#zsw(o4QnSg z`AJgVLk@>)A7;NlRSylE&O<|roKv{ZEDg+R)5DSullbBd2veR=o9}pgOSVzl{F9T$ z+Y0kf$l`~ait^q~=1)VEn2mW{@8mpJb?$~I7Ngq$`NlyDAF^_X7U z=t1s3iEp1Jlb;o74-{R-eK``K+|RRdHgQr9GdI&$t#9bI74EPS!tPjl_5S#i&7YZNvR9`HSYiw$N zrKjGv!p1q-9n6UTRS=ayf?OZ_r`(K*{-;e-;Ola$aA=yVi$Qn2c75Wh-*Gri=$ZIw zyCnT6qPQW-tjEqvnIa=Y%B5<3cqU$P^zy+(3ACf3nx9?MpxLwe956hepztDvoPzQ7 zoBF3C-UQ6d^9ly47C!%7ql~DJ?AufSQK|nnmQwdWO4WUTxg>qz`rLW#qRCF^+r=>r zJ4=DmXoFY~N$FpS`VV>^wkOQhxN9FxD?M1JPI%GgNR_2RRqhVR^g4REBjQ1KEmod~umB!x`R z>z#@x`cS~_yEyg@G3aSfwN0fE%5tQg`qjRfOUsU2BGgkYwnh+fn(pJu~c+ z{E0P#gMXdN-BgVz@Klq*=C(IM%$J*;_}8UKphe`IXCu(OrN4m9@Vr4e7q>#KN2&!=`Y;w*)rfBP0l z`3c*bS9&Sw^JP8XbXEHBdB8;Z*xkjR!AqfidiOKJ#_{nD>thS%)7+sv3q;H?w<+Gk zg|nzJP!o0G(I)2UH}0lxfqg*}i|29WZu5p*IMAIMH!rAMKvK4cT86MOEwis@`n&R{ zTJo16^>StFwy7Ha3l5AMkmD`tw0C+N`bPRL*1k0wPY72aLps{ZB&^PuSCQ4%P0+)j zx~Wki+^c3Wb0_tUCy45o7ScbKXdnD{Q@uLOrRH7Z{{t82_;PNuUucYbUqEZR6J?LfQz%JEp**W}Q6BDU^+2>4^l^C|?#%Q?qMRQQ1w5hgF zxx;^kEpIMfNw#>O=y~t;fX~-r8khY_GeYgEG#+gVNsetZ+W0HDWQ173+S?+tUFoM3 zE$Qd1-i_&X9b9*~sm$oUr)jG)r&#s*I_dhe z&@mq{E6-mV^MW`wX|5_n_@dURSA}$Cmo+>p>O4BR~S|0mBaI~sGoiAOPlc6oGR5ols!z&f@!$WkDKTzqf zbb@o7WTn>idT7{7SmC16Riv@z+Eb24h|*G{z#g3yVf4%{*FEP?{lWG*KBIbQ$fh`m^U0&qol zJf6l+5d>A<17oh5;PRikh(nZp3>M#%;j~QG(?3p6LpPCoRK=8es>n3p8}!B&HuP+> zE};fBW2k?0yfGmAsr4j169CN=_aY!8W*P<{ zfh}~3`8(`}eLYGqC13S@?^Gpz>`7|0pvtuCO7UuRW*fB3c~-2C>OlD(D#~8>S;?NS z$V|aehIOmkwdGf4qH}F=mI#X~@Ij?Gh(Y>pzNAMY>6CbjJ{jXABI#uAB+z9v7fS21 zF2?7%3$BKj$zwXTmTCYCoxg*~Q-d`XSJh`~97^P^8ayQN;$)x&#IssBf$hDv2F{IU zd_{CsK1qtxk!5Q5ZI7vh9i5j+d=!7!nk6<*?=dxDM-_zGqvM?zupuNOn;GC{^vvW4NvOt@-w6{sS z3><2)R;g5~^$;xrWin-#AS@8pa?*GQEyk{K^P>q@OS*hghl{FfkhBrmf)I$MCbP-Y zkpdLkbDcU-+^%dJq4;L(>H7iWcF`6IAk4F7kY80NV?7!1C*)bjv~+HU<$^cP(B$Bc zmYs}&j?HnoXW{l*4sMA1dz*{E3K^Wyu4?gM9c}?`+ z-n>ofw9HVGLA~Ubv1M~4f{>-|n7dYRzk1*I7nWtzmd11+!t^9c9Xpx!80M!9yqxyL z5PmT4@;RuncRJrANxqs-jHDXovR23~I7!3G8->~^=@VD0xhGbC;l zhrIF%JVO8L3`UXBigV|C1gCQ!+1W#srN;xcp9O?gFc7oo0QO#wefVHG_w#PDB=lL3 zc)U6tl$p|bCNtrjzB9*ZOm8ylR~|#XH_PJnO1{%HYe|PNAS0-2P)vH%@Zc;1W*+V! z5J;f&lQb{d-ZX-3oGs>AU(Rdh-#eXQr=iJPY&tv~0L>ttsAR{)XPRj>X)-?>*zYqx zHUTAzf%{;y4A^Sqq;=|$SgGYR2RamF%VX2trl zxtY^gG)Wgu4Y03N2>)Cf`($kUg90Rf&Ju1Hpw2nXypLWFjDl2B1kuO8o87<})5Qs{ ze#;nkoT4ty;)40c!B~6D9Pk)FC1**)MTGUz#8i#=O~cx=%BiR~APsmHnJ%jtjQHJg1U6%v-rn z^5PIo-L&H%iE$SU1*d2^Yz}kU^PmL-m(EhA1tTT#V#M^aN<&0mz7_p5FtD`EM1zfw zirkjR9(hefCe|50f_k1*R-|r>3NKtvuURkWay3KFesZb2$@w`j&B88wHWh5x6_xJ& zXs_vl)u7S2KwV)AiiQmlvh0`d^NkNp6hQOifsLkdkUq)NON${JE_qIN5c4|+4~OXj z!PTc49jC}3-05qt9qPn)qwo)6dINk_{@*yvxnmnwejwYk?}AboJM3HTl!-g_4tIKUiM20;8f2sck&nuU zGLCtDVQh>F`3*W$5n|>`YkFvh}cGTnk{v4r@M5FQIW-|7whnL`i*! zLOe^j8|`K>bk$CuEO+&usSYc2y}bz>3!&BL6)!The56KR^2oe3+d z%=|hbYW1-3_Q(A^(o>yGEYgjT<#wo5kF4?YkL_eb%@2??#PV zKh;BRy?3jpCHKQ@w`c?~f5zD{7LOfEp<`hie7DMm(pnulHRgE8$;Wt0& zPcA$lHOn7fJ&BSi zGR^X|n~8mlZHH#uEYN~PDPge&=~sRqdk5FW#dQ zFZgLCgB!k3XES@Vy0yNCzcH~b z_Z0M7qM!%ZnBBJGoYdO*D8z8xrypQm@{-|Et=eo5t4&Ro8l4PVPVZ5f$(%r+kVY`1 zTe^yJr3;Zq3Sl6dL&SAW5@shC>24?jgO(?LKZZ6x%4hcag7F-Nb|4tPFPucn8Y0E{ zG$*1??UjF$-P9HD6{4gKv7x)L*?B)`f7m9azCY=-Pc92DPju6iTS^PGE#U-zR2ViM zrSxXBT(zJ&S^%)E}A5@F4td`J7An)+8?Od7{f z#@Sp^SNlSf+!2EK6Kmhp{D3SO!q8&$s@4ssna461KKff%zb4X*+!=BHx0||}D9iE! zkQbV+yMs0<9;=~Ye!fGrb5+D)rd!t>zg}i+Fr73ln4F}U6tLMgTZ*X7ej!D%{Ne9@ zrq{2AcMkJ*7o2h>Rl;%`$f+tePtC^b5uz&SqWdyobBi$3sxYxl2ZkEz9hxbq13Ss- z6*0X*vo2-LmWmpuoG}FfZ;zBQT5{Dao_DV{pdcWJvtLlxTKy&$wDKF=QFa^uD6Zr>zF$>x11%y-yl#w= ze;2}szRDQN2)|wM&6)LeU_8~`b#soeK+0ITg#g+wtqfqycIJ)&77H5wALDp?!rjiH zBn`3s}$)wCE9{}-hO^NIKz}9mwqoAZrFP+g@$fCcg z^WMN&^Ox8Se(HP_q+ly~G3-A!KzA^+fYf`*RV$-jaFV}MEU?JQ_;g$1D$$e|?j5o^4w4V!kJCOx!d4z1$+t4059!?2fOC1rq zwBmf9E3!`V#{=zmm6?KV&5Q#W_dSV$H}fyg=XioK7GMBpXDRaJrR-53h3xf_)s6^) zEJF-FjPL0l{JpNf@V)TMoIEb@SdeDKeot0ZU|$H%jzgN?P?faY2+yBh4Wq+cxFVKJ zt%Fv-^n8t3FN@>O(3W(|DQ3C7MpHN3M8$pT^4Q~v+u$e_Xp6Y@Aa2D^2VU|`9$0oD zcvq`T-8uwsueIi#H6&yXKDUUJ0i8EVe$6%u3OKE2)NWutM#nwj;?v1AzdcddaT~Tw z9UQuKXU3l&vu=IVK>a0`o4;#1GXfG>0<2;B&6c?%F4`+E3Ii>0;o(h0lR4U(a3Z8(>KHl)kmoSaSCnK~9SjC!9Bwtviw z8wsHVtYjt8fEgWEG-6-P^L<^#nvAk6R?)UwCYe?!C`XSz%-m8y29onv+ z-(H+mZwcCLDn*MR@!mVlx69JxRf0^*VP^3MD%6h7%FHTFk&>70;}J*4K$GC1beCvQ zO%-YG5JhXlK_Qe`V+Ns>F*btoiMY7M0DxmP*}yCA*+|GA)n~nX`C5`sCFYL2~6UBKWtZyTkLaepqi6j>7xt$p{Q;n;moWuBPo17m8Zwt>K zx4IQ{)H z7v3mqL2d9S@ol;zTAxqUjmVYsZBr?Xc6 zmhgHp3R!rAn_X zgQA9|SZL^mR92((;iHw-n`gVrUGjfSIEQozeYt>q~F#h<+SCs&w< zz_!Zc$(1Tm`M_i3xh{Wq$tc-an*QAT*F}acO2<_z|4paJ%RXnzpVI;O+sl7Bod9t* z#)*iobru^xTBNC}d6`{QLGSbH^TA>o2PMzI~m2`DzR#g1Q7b8pudG= zn72TLex}#G9PZt`HL8LK>`btPbhVjS*2ks5>uoK%+HPOTy)n`98s2Z1yB)$FFe&+U zho-|7%1;$58a0EhYx>e2YXL`bo4(9Mi|MPRX0AE~FcWGohM>;QkB%F!yjRVA151%- z>|FLHJl1p|JOZb}&BoM8m?~W#EejU$0gdsy5G2ql0HnA z$G#dRWk+3%)Vds5hY+=S8_c~(yR;ubZF^&g7KdAY#=ZO-;}eRj>6Wk5lSt*`m<^>| zZM?GZk(N4|)L4%S)=tv>X$XK3exJT=DX(CXOn~dp@Et1Z%Om1SA@s*!s*J zY?`l}A)DLAqkN(-;BP_@o`0f{-<5(cD>QC`h(}MV=QE_s{>2AQPg(so?_3S9BO6`= zVt4Y3uJ%o?d3W>s(>6%~r3FZ{Ig>w}AzV0l>jO@iIBaW- z7%r~a$!VbAg(%!qMXaX_j#pF7oW{~#NnJ4x@q4Yl)pJ5vNygT^%Xyn3rv9e=h+e&< z>rnP0(!}lO{Zd9T!=$rCczywld_@L$PWVWiF57LcU?XpGhFX1$@0WVH$ZhNGwthoI zc~(|iF8^+O+8vW(Gr(rr?&irPo~PZOeSW|0aNh{2o6q|FCf<3i7d0Z^m8Lz0vbe3C zRB0X*X1*|#$&zqX6H@OPyQ@pYYxiIX?AIBAQ@5PoX&CyNy0K)LQ#E(m1U!i5K)gwJ zO{2x>Ff;jVZHB_lrdO@Ci@gcGd0YEOdQyxlA<2hz)6_fAn49R-Jm~f+p|#y(@mBZ|F|#G~=eKK& z;O)qJgK^!Dr9Nj8A2XbC_egxi7D+0p>b5Wd zRRC@N3O>4QryeFk9s*Q{=Dw^{r{OMFDz)s8n|qJ_WImjDa_3Dj!iYVfPYxT}<(r`6 zIwbr5qhY*-D(^mKB0{Y2-d8eK&v)#lvegxFk4~@YTT1BYR2@IxQuVU3Sj2yOGh04+ zA}@JC*+?KYKp?d{Y+G~G)AJkk##UK|{qVUN>bNG?l%uy#Lzph6EsWQJoPH{xzh|k- z)>t``DNul|W8p4}_e~fL|BKXT{~QbjfK$4I5FcT%g3D$(s3=4KKv{{*?@;QSvpqjR zJ2g0<9BfC2Pj5^4p5b2<8VBq!IAIjic>IBaIZeJ+%L!-O%A@GQ)zdy6=3lB29sg8P z)#=CrP?pXq63&%>pP@fD8sG1KSobh?J>SvlZIRP;^CeGsZQKL_^NG37A$>*}{GNJt zp^YQvOBp3sOS~dlWZD76QN_YU%pz9zJ(v(&;d!mU4s zm^95#5r5jOfgIg}$~m(mj)A3r2`l>6+RisN<;{NT0=zq-AH@ZI!)QN$G*Kjm_;pYR zAIW+7=kkc4Fp`^)NFQNXJ42eyItmEMG85-(ldiT*1_FGbp7&~~S1TgzDENTr9#t8D zi>MoYKuTPAS?1Q@`7M63T8)oR3jhD3>K2oiI^u%DO2vnf@(We!>Wk$As)Vv>lZcn_#PP|J$ zqz{HzUeVupWR{rJ>vTjv&u~8RJ)e(SXNt8a?*-cQrd0}ip4g3QF~=%gO@-)|d0#k> z_hQB=9Wrztw_|Lv@w_OLVjHir;-8FHq&Sbg^4k{|t1q|_>!7Ef-Za-~CU0WHL+&5` z8S*w6t-yh^Jf(sYIgiu7_gd$5*b@va-mcx-MY}RSx4gbkxVbEq05?#ba!f4m-ZmNa z3d5A%xi?>**5_lo43q!H|k5O9HtGX=kEvp6a~;(TV}^6+LCx1JLW>V{fB zwz{nIowD^t&UZCBZ_DKIfn>I;!#9JsAf^1C{IN%Nh8af`&Epr5_Xv+^!b}=#-nutq zHUE?9TkVKscmCxcO-#_VfR5cVo5j_WRK_CzX zC1u(eT|pP=P2%6u!%{2EJx!L9^vl1Kjx-GTBwy>>8Aeo7F;NxJ27Vl9@OZ2~ppKVh zd&aYRY!>Xj#yQ{B2T@DEGwnEL3%95h!#(n?95(hP#r&93QGPwb#%Th^cPF$?I6HAg z@J6}VO6CpJrO!lG`&#I=1^*Vt)2p7RUtWNOEzq53$qbrH(_ z`5whHqRO^~_>PSsYkUELB;kguYz^b6b+gamwffvaN08d0Tl?t)2~!wLc^lk;XPKI=hSjbhZc*DEBR zdtZvkO}_HgV!QWbC6UwMBy#C;dx&RoIL3P5b1gh`mQl0@xK+=I9kB~w(sPAq$BKmbS{fWzw%3SmfMYd;7FQ^377ZjKy^bxC1C23olXmz zmfOdZBqxZIGUe$IJ)W@hG?C&e+N&vX-^Gypz+p-3N3#kbZ`(KPKOB3$lH>b2fgipv z#%!Fc@Ym$#5gAJn!uFU^-m@uB_1++3;N0c)fn4oM+cdAK)yycaJv%=EI`7H5`2=?} zV))OGyq(K7wylpiy(U8b@~A}W)DZyrP!1>9n7M5Zq~+g4$OzIw zb=Pa_RPoWwSDXWtB6PVsrZgDCdkA9Uv-ulX0>epq@cMjRC2KJyxakl(j1yGL2mePez znq=Rqk5dmDU}Zaaud6RXtM^N~5)=Cz3nO7xc9TYTw$JI@{isDGSKqRFBIj~l1k~(W4xP6jlFRdmR&sKFWmRB#9_Q#y8acfC z0YnF~AcUndtrce!#(4jYgvKPGVgZNQt@?uP%uCD?LF-SL4v*kk+e*J%jxbn!HKv5KfD=v=8H4ag`AGmTLqE(A`#d;W%tpK zjNe#3(1yL_rLkv0Hi1-VkQ57DmIl7k!N$_l2hvh;?Bz|a4}-xmOf7QzhynjKT|#1% zS6**arMfi3hwEa{HF=3|B&aY^P)8z2?&{cl6jG3Webf~Ky$b)vvfN$+E{Tpch)b{g z_~vq@;t$Mv>t}i19EjzO&)>LKTU;|GI zjU3+v&JQdiTMH6}%Ro)%q;q1lP2C4s*#NqlT zLE?b}($*dCAfqh^T^z4n4%HTHAU9*T%aR~y`Yxa`sT(Etbx$J+*Tdg&YNJ16D+?Ct z{|m@0xdGM6!x_s@9#TUO954M%*-Xpl95VD*ICpz9(1WjEALHq+iupWhuuK8Dw3md zEN&h;By#LTXm-CYA+d00EYK%`*W0}D)i-J+h+)Bn&mB~@z~>;@wJDlzr0gKGd7XtX zGG`o|csM)4!poKbe*-i626f=T{J>Qas)Ta$7w|r*HETWSr^MKIIIE>J2cGLX8LF#teb^NWI$yO_ML;&tH3$;(gxwohd9gmWAghY3Zi`a61zE% z`C513`U{TvP}+@&tpyi0x+vr65F2!2{rbkso|2szWjlk?nv!NuaI>1nbI$3V+XY7W ze;HJ(9S@Vzoy&$p3W+=K(nn)4S6085j8as(gxvLr{kt9rS?JNh7tMk;%}fLJH@OZ+ z=03;*Yst^#o9<*8JoFOVA5 zdvg>Btmb6eYyC&alJkDw-S@cK*L_x<@@U!Ln-ptdOX(6MIC?*z{44waWJ1Mi2CqJiHm`q%(sJ2cL58jK}=c;qq5!o36@a$aayrJj>~>3bJ;&a z!6^5d8VU1f3P&0%ef+}?iya_YG*?tWEvno*U?RBA-X|0)HZK&Jf%EO}1{UHj+eM=a zWdh?spgh$VLzi><)iCEmKAg4O%^7JW#hJ|smzpS6wu3;QVcTdHUGSbtR{vU0sxd~ zDi3iSuEH0*oyg6%vSH|W`PbQfweijg8OB&cH{ey61EQ5V|rOrk(zan-opL0Ztw ziq57m;Y8X~&wu_UXW8vxilN^mgr(G^Lc12HBWMh(g4_0SZ6Z}Qv7fHe9!60wl&r=_ zakm}%BL?P$&2LV6G2I7an`FS77O8#N<#}uJ2}ah0vYT)TvN=Xmkw`nU$p1H+PZs*= zG${Q@z?;qobH!#v%4bmbs9^X7r=mJ}A@=v&L$uRk&avY$a-mDptu-iZ&*QGd^_2%( z{`$YGnSfw>_1R2@3VRBOJw{`RqdPqSyI;qcgghRVT>o8gKIKd4I1*k?H{KeH{$#hS zw%ogE-X@6jyc;>=b`K=yE$Ds5Yr9%vOVhy1KQ9vVO!BGoaK1sdl0?RNUv9wtlrzJp z*rE6Fia^i2*k;8uxxcLsaIHAm%d zm8WgaQq%%S7kmPI7yKzH^V(F)nVW{r`;!n>okP6QLP9Km69&N-q*8d|n*-o+6)HjU zpeJf&X;n*NC|iXNV|C1zN(HxCf69LIH@*#pd!_x@IBE>B5Ldx5e!+5dAB>>uipiwn08;+-ACqP~`Pici2%*0i{}q^3Pr% z57GSD{Qff^N-k_bcTv=k&#{6JrPyLTx_HW4R1l>(2cNLy4v+sj3#xDLlW%WnPkZDB zY*o22P=Tww* zlR1o6Y<_NX*m@1CO}%t}(oahhQ}lwz!bhqM@jF4=7ds`HDzAPpP|=?Rd$5sKx!=6| zD53)|>rr|WZ*X+IQl6-<(egXuqy0o~+hr3+X)))sQ@Cb8F;QZK;M$6~#RhJbs3p|g z>_Tgx1B*QRTPfC@&syKj)geB#s&$oHGU0qB2n#C5za%@fW++-Tzuxvt_vqIkfiHD-*V?a8+HG*7uW_I2H=2NXa%WldEYQ$2Sy&)(uX(*xMhNrVv zIYp!*;)0&$^mPl>;DGMQyL)`nM;r9mK=3<(%LNI?KPcE(lVL4YOA!{knf?pnxb4;& z4l{R5QU5+oX1Dn=sW7iQ1MjgaprCL*%bKRusEzX4Z_s2FweU!8q4pxByi^b+_uUAI zLLOXLwAd~Un?7!o(WEnjVbr7y022|g!*vpx8Z>rDu7oo|VsmQn$IbXZx8M=^%|}x$ zidj4bf8rKt()kBfz8d(S?o;KZy~h2)q12Z|x4u?VF4qJbhnKuze;1OKZIwAL&k7Yp zP*lz_uNM2{3G)4)0USQtzcJ#r;GuV@NFk`$Cisl;d!d`J@fP%`_gnPbcVbDK^}F$5 zF8S!El(ic2U&1*lC`2?~$HIj)){yzVDma{ZpiI=`D?O=@>3YesgT zzGI8oZoxMZSaRa{KEUnoE@sVC!qh*IXaEjAwRzxDdofLYe`9;VKaR|+|DfR|zd;j8 z@OM-_BZ`TPoyYcP-Rk8u3Z`S5hvz*jbz; z4>EezU^rE5CC+4taKe>&$~^F2x03&yBsmraHrP_~msa;~fKx{s10amri#Pe=OPE;} z#hc%3Ml{Xu+9B?dB~a6zsO1Y~37P4`#6U1cT(j3-u&W-kNVfe^AD7^sT9OMJ&1=+L zY!2HeIL>JW4R?Mtoz>#4gK&VI{|wa#VwFh_D+|4dwf>&Q_Ok63i5mL`*|5x*bN-__ z`r&KRQ)zH+EAM{#2PIXI7r~9W{Vu^~;w(rFT}(3|i)scQs>sY(q!KYo2|Ki2P z`xX)%6cEMYdq_*UNA zJNh;IjHvkD@oac3r`s!1uBis5bo3yot4qyc?WkoKuKQV1Ugq`C2%p@V3w6cUDz(uD zXu{s$2bT~fbl>}rZ&f~UujvJG(05XTOCq_oX-X9gix_OEJ=n56h*<}z?~uL{IcEm| zbm{*7Wcxwx)c?^&<+Q(XZCXLATfM3^lG?n{7rRuiU~>HBp8a%Sy?I>DLYoAION#lEE^Rd>fXpf&0IA zG)FPYio3G8sTztS*%?sji{mwPg;0~+L>Z|V5TpSyy7oA(0!u>QY)e~?t)Y_5siYk*V|2NX+$yViRkJ?2tMyGhFjYiB*94yYD3~gf$9C-$;jvt{NZ}j;&eYBZ!VC zJGp-``fHnY)Z2fmrrsW{qWmm>Qu5y;LA%J}f5j!`_ONycX_i76(!o;MmQ2%32Fy)m zV6b6^IKTl9or%ok{N$Mv3@mN^T^PqADhJRCss(!;KXWe%(E5j3)mVd<=2)$dN6y7n zn{{7&#aX-FOCFwgt+4v+@?GN+l~20Dx#((;<^5Dp<4s%5I%l81u+ok_uc7BJXh$n0 zhUe-)SEEB-d%|+fs@CY|z*tZ%%lN&S!5R;WUztoK-% z0JCoJ#D+87`4>nJy$W6CCqi7E+Jf4XL*ktFY6V9wYof3YBqq(W2fYPRw-3+PT&yLN zax%jIZ{r?P!1qJbow+rdSvW79*&-gw* z3pXHUzk5aOWBVV-0AbZ_@td_X|CP38TP+9DTt6w%-#XpJ0Kld$LbXnUM5*oStVZ6fn%tk>~* zR2*sYRvn#V7{<2sP?0Nd?sIQ~|H9HlW1Ke_`OJVc)a@Tt%aALeov7j17ANpo_bU$I zK|QsHn`zE3C_HxjzmpDI5L=97e+Xm)?Wl-Y)4NXZ1b=dPiDp* zKHB|*l7__RjTdr8y6Kd7K)Kb>yVX)toN zYwl;8{Y!-H625)NO6$bi@fs=g<>D{E`7>kvCm9AZs!d6o#C_xVqM5d6U1 zl$5o}dDhwFFZbr_X)$UnhnPRW=C)}z|1>=r^Msc$Lw(|3p;y;dNpf&Sgi@pd5`^9J z6Uy&=M1g>^+M-k|)tdy&drYa4_RPigP)7Dp4BTF*cE$P4e93U?m#(s57hGv{ORa2) zS%5TcWHD%=u4J6B5XZ5?wH==ClPHm|)>mEsd<6Yf3*>Vx_#2SVn6u_w8&_6N!C2oU zcrq8y5IF=It`t)zlQNAm`N>#sAyJXi6g?u#zWno>(4dLlBf?lT)xBk^*xo9FR+|@V zI-IuI z`Bow?AM!L&+_5GK%-F*jK*_n#X3Mxmaxblzd)%L8U&m#3ZzkwoL@Bb1FVsA?iij~! z;&z~|al7{pabcQbXjqj|$P zHfi>ZnJmx#4-o|oV`3Q|Dml5uznZzcF{>zx-FySa|M-5Jh|zws(J1u~S9*XO_{w1^ z?Tv|pNfrA^o+3EI0on`^aA1tPbChadOLuHk2pg-G5J>lin8|Iw3x)hew`1}V0@|js zmkuN~!DeZJ#r>buajUyO`QI!||7xBuBYBUhRVJHKqA*UnbR90B;!@rF!lYJ~z_oZ7 z3V9^{!HOg4EHE=o=YQ+Om7L{c zY0}>&^y_dw(}HwfZ^Ph{Wa->*mi$epWE?dG*Wnm)m`oXo!G1AKzsMH?k!pMQy-?Q) zeNa))DNz{=P$DH>}zuu-rD+~ zMN{}LPfA}KCq32emB|s-Xz`wS$r6Qm23euj_FntVlV81s1V~lSs7&N=z5=t1wGnw4 zENu*aqLe<+l6$TLx`3%M_v3@ z-cD*aD0cie>heDY_5X;Jkzdq7j53Pu2Z#FQ7T~a_swLqJ6e^#sGRcUyMSm_kDydS0 z6jetLr(1xKrmqoOcc?=YYsJ5VrbuSKm-EOQeoG*!zU{ls1g{_ zabpVX4c~440 zV+{CCQhBF#)03vi;Vwj&rvlv{kC@zczw*KoU#2klf(;~`U~dn_v3Txg0y%E}{8Lm` z4zge=+Y1`swxBGLOJs*8E!|?^4RS}JAIm3~&|z;g&h6c)sGFLib8&IoJ1x%cO{v{y zuy6nal{Ns8<;kno4!fl}788-&U-zG^oBUmuo@O{8Y?O(n!~e^d{eRaOg9o0Rq4(5o zetR$uTboBo49-k1GPSxj`YFWGNuA%8brg$NA8^)kj;;@lVWa_QU=e=*z^-?Kiovwg z`5=L<(mJ|iX81*#gYP&(xtW>*C_*qq12C#OouvQ(xrU?d+_TZ&!Ok64_=s;-l@SGa z@P&BLRgBuY6I%Vcy~5}nS@i2gR}^P^v?@Y+;FZsg#GH0+kH3#=g2USrC5k-;xT?Si z9}UWf@~;P3cg66$aTHzG)3>$7!}SV8p8}oNV%_>0pkt*-8!uZn*BbI;m7BW?L-2wU$h#F_nP8h2Ls2t#7>l%Dhni)&nJe8pv14|@c-Sr` z3I{p^dGmLLBd^gW)(~ftWeJox4cC=w$7!4hvwJ;W@(!atxQn|xab{AR0{XIrx-<>+f5H1-KQ1(42NQY} zknJ)jp%_`p(>EpB=7LQ6B!r+0Kzq2wN^^F&qMUl|d5$qhuqVqB3f z&AHlpF2(T@4F9SSB#9|?RG`e5fI}*?4)ka{;deUn?zMN0r zmu(3dgx@?j_b_nxF2ng^rn{*{ix7Mj-Y%GwX(Bi<1 zyFodGP31f?Hh_WDn+4ZX4KM;2loMX+IH1cuCdCrY7c+`xDk+?ONP{dJ@2C=q&mtQg zX*^Q;#%x+@UnKc!Pm|G3Oy&)Ip8~Vzy_JFQZX0?Ir^6BE6jS}EvWWOUQV?p1cfUle zAFG9C3<64GL?R#|rvWsfdljRew6;~%Y$Fl95kg7BFO_?Mm73gSSrH%>L6ekGc0EzK z4QtOT%#vs}m!46oc#U*Y&ZJIP!UT2XpzTnDBwa{v#F8y@R#mA=Pl1o{(GtxqCxGk^>c)e_|ydWfW2rGN&XXqcfBRo>5CN2^}dY<2g;V#sg)M zu;SYJYKub^b=^+tA|biwPFzBYvcdwxat*6y6OEky(l4zjVK!C`}%Wj=tRl}LmC zzf*Mn4=h*wZz?jhh>TZ5)xjT>9W9V$(TtlJ4#q-3EQp58^eedpo4{}71lxtwDoRiW zqMld~57!~1#>2)Y-GZ3vn~3cRi$*%K1d(UzA)9VkQEOIqt&=$&6FjI^TNDE>vTqaO zG(;>>nbsXo&Wvj2L1&b~?{FGT9Vi=C?oTHzp>Hj^(xkb#`hTk3!5z;ZRaII?%x8@pW{nJ|v{7LyVdStso*z)uFu`Urv zO>(S?kY&xU&i^jQ${-$7nnJf$V7L;bkiA?U{?BUv+vR-;lboUTCb*|2BJQ=vAaz4A zWS5I8@v(}=N9zyLRfs7;F=#m!#k`MFtN*u*=4c))vus0|v>}r6U6N9N&P2a#Ael8T zr;hGIsuJxD^@^&zuVCEIrEn8Pd8u;^@A*e~%&)zJU$44@|9=hewT-%w=s1OcYwk}f zA2pX8m7t-#{e4s?AQiQ#fh!+^gw-d`B=$p#u&}Cq<#Z}hNQwkSj0Su0SZ#e>%kflH zeYfJtuM9t94A`N1132CKr0F3+%vx4PTMh8y32_ zd$6hkfwA&RWslBjq!|2bVHFRVW8|O_MK#5;f^KH!hzZl#^1=epgC^XJv2`|WZKW=ah6c5k#MUyYs67e#Zhm8F3Uc@m^&3uet)v(ao>`fTjHqtG zf=zDDrA`$U>4P9e2qTBi@Z`4FQ^$Cmr&j~QK?svr?v0x(TOPs`B!mEC8e-4l17`JQ z0VX6ZI+G-&2TfWii)Cd}vy1^HD$ydy0js2*#REzGIf7sgAFs#8J3ZgA-JUnyg zzdDXA@0;fCfAD`Vo3lad<%1t{5%hT-9Wsv|ccbL9vs=+=Y1obN6>2If21^y1a|njI zsiY~zRpDimjz~5l1etdf1vFO0mX}2dK?0y68qlfakF z?Q4O{(B79@d%K^-;3XT|DEd(f0@K8wY{@{zghY`mg|eUy0U)V&G6~CE~=)9F{KVz z7H0-~Uw5jH4IV4JPHKW~GNh|sl?U-GN;PQ8Dy(oe(Xc-@XOu(TWBxP8Y8^}vG$l|2 z=kGHRJ5Mtji^M~>;;5+z1*6W{j}ko)C&EN0!esY#E>A>}(t#@#%3Khg(HYVLXj7tj zsmw%3a79Vs|2J+jyi`a2Bf$Z#+R2!De1Zs zlN3scNy;qJ5nU;^p&=`WRCvv!)>rUE-;Hr-t#RE>INRq`5{IqvHI`6R3&=n*g)ucF zhV%=iNLrC*NzNA-x~lh4gR>FswhXFEX2!BBn;{OYR*9Y6mpvR)6}C8f)5}(AffSTH zCb;G*yFqlD5+ag%l4Oz+n)*Cum?&ZaW|m$or)(x8NIFiVq-SEFadS1#iJCVbJBkvr z7~R}GImw6acjs{PI~NZMc%i&sfx9~T0dbiUIAQ-;d~$$~8s2>s#fCX~75qZT0KM57 z5Fbhh6KNDltlpk^XbzgN9_&*L+HAXzD4h|3tLiMt-dE2>)FH$fXP_$R9+ZOc;B$?_Y=d&+U>=*zk~L1cNXL zDH@pQA!@8h8tn)O4;H{iu>fjYW!g5XB@m*^)Xz!vjk1h=0WkNVuB;9QEitj}Ut-?C zlHEU5#@m;sH3=1{93;~;#;PNb4VPz$#a5oUNMCq&m0203U0KKh?WuE6;($ymPBRs^ ziR>~yytlI_PJa!43LUhmv^4D5*%^y1ib&ghQ~{_Bsr&Qawd*?lxbWV~`t}EUvaVa| zTbxPV#^mHAouY27Q4rD%6C4g3+?N(P?MV<4519S&P@Kkh9{mx+|Iu*-q7&_rK5c*wjDtT`zS(UzV$w%ZQ%N=dI*yK4bg$-RpYC zWxwQn+6MgEn%DseEFmG6zKx@^Si)LN<&BGC!-vX_HxR!0xaH}R@~~`nqKnMG0$6n- zOOR?9g{z8Ng1B7Wh*XOYRXzwdEVF|y9xcuoy4q-dWOk}yLL0~ma5UE=*%ZfPfIH4| z%>l|r_+caR-sorChAB_hG4@Mw^yRvg)&IP&8Fnk2Pm0*7MbphpWLiU01IYyp>%fz8 zHX71kMi0xxxOKgR4#SxnmWkdyE@YpHx^o^S9iH2D{Dj2wNdbn1W@{!cHls3Vk;-}TmFFxT-8U2ipZ*`mW*n0Y0`Pj{LSp{;ZA_Jagja=IezF6DK$ zK+o(jK}a`{#67Pa)Sw`uF32qOA<<1kGg=@`?~M4^TtphhLYv#*29s-|Z4d(;%^UU zGM?AObind;;A@cviX`HNstpLGzWQaqqiz;M5!S-T%@-Zgej5=6v)A%!CDWgg^#N zaSj5}ul|WjzBvWCEdmR~ked@LfOhMCNtBC8L^R7F3rIBtWX8b&lF@|7sF55eG%8ST zEl9`m(5eQA4nw7I&yWzL-UV=xN13r{l$mLU0Y`|V1V1y00H}0CyDI!|)|w^S8ZMx^ zxL@Hjkq)qRk-e=Ip?DFz#&rlY=^R(kgT`L|IyP1n&8Xj*DHW_^PCWZ|4h*5o1)wV^ zs9bcgRiQjX*L@{H0J7|SR~c*f_kJgt+)W@mS+k2Y(z0&9HE!jY-r!_^awSr6RUwgO z9j#ZqkjA;$I^lI~M7J$FS`iKk<0%fK=ijf_U6t=7_iGdBVMX=iI#KEKIlm))3jcq5 z9%J+V)TFTkHYD`DqgZ8thku5QQQ`^bfC^MTG9ZSe1b^2N2viybB<{ALOmT!2BPsrF zXE~G5fwD>sM^YgzLkkTFYJr)hK~g5C4e_zsnvf5pyl;5Z@I!Wl4flgWU`!1208+;h zeb9s*I;NaJ|J{IOO{E8Goec!TJXlt0{wFpGci7%sYG zz`nL%QF2r>$O*|6swQS|eKm)PKYD3mK{cqsk4B-Y%E2zFR1MtTFL z=We=ex;)N1Rl@rvd8OAe!jwPBI_9%}LF*6}!x_*0SGUtzWhb(CQM-KUOZV3GGv?t} zuoCvr|H6M2>iv1k`<~hCDiG(Y1O6~EKNi6S3Jc|JXi+6~0JKu5Ou30}-7B~TXJ+=d z6l(zn4F57gg^Sd2KGggV6Y@R+N#1vo$DeIv9UxZZ`w0t`QNkE_#{3ivD9$AX3Xz2~z6f1BW1$-S z>=?MtBJ+c{&`?oA>MKw$_w*>=@4HEm#(kmq`x5o2n6x!FzTdlKLZZ6CWgC2?22rQL z9IPac)hje(YQ7oyOri!S!xqn7PgKLt8fb5UVtnPb@PlTo&XeX!kL5c_G8=Vv_FHGK z92~=qZl3 z|9&Rbs#MR3%e#>{J#Dr8Zvi2=^Wl9xPSEms)$;l@>@b8?Oqf2&AzTYLPEtIzQ>d&- zDtdI;NGIqDVIO@cX2EVhz349wv`pg|nH#}sALKw-w z!W$BPdTI&)fl9YyCrp$Q5}pd z8Ce`1j>gm6oPdX;ICzC0j`PgRk|Tba)rbUx4%O=j9m`$>>jc!sg-btnI#q#H^ zhF~);zz;bN{QGW4^$35|>2r)7s`mIIPIH-TFMgRM-xm-59zED?ymXwaPM+=(w5so(LiI<^Qk8yw`x`C6*Mk2XC0+Um*W>>1yM zXCisg2Njejln_J|PYGKRj8_mP$Kc=l!6l_E5FfBO6) zcri4(9a`F`oX7r5JJ?=q>|)5E{(>5T)~0cio40fHKk&Jb0l#X! z?tbljTEju)eIbO1WX%5b_t_O43#ude zd6fi+xqWW zua{Hgdm+kPT7+Eo(v`5tw-Tg|pxg&B6gmZb_|7;4;4LW(TM)k2ri~9ho72j7irI*h zUd#4A+N4H_;5CJ(_c~X5HyR2|5#I>K6wLIOU$(G)oX?TvVUvmTI)AtkW%%5*TWqZf z`1mGH9)kqD=+LH+dDAnTs|DU*j^mPRt}HNhGr;_xb?Er2D|L-H-crkd_;&1W;rz0T z|L?p;M1r3u%*F8V@EQ+O+$k)cC`_pp`=r7la0a}-W_@@=;ShYBE&*lMyZQhhN-yjl zQe-?1Q&5kGo79eM7+96(E=qjt4T_p%!_fYjy<9W7@-r0wo~4ncN7cjZS6k(Z*8FR! z6mqc%npE>K_I^myP70DTgdM(+Bsx$m-Y;DlD8qIsXYk{d=7(neWLkp6DS5MYd=I!# zk?cTLB15Xn*n%%b#g{GiwKm#&B3Uz3+_BZuWKi5O0;R}49SyrlQ1AtX;e4oR%*mT) zv;sxmc?x_0AI@Zvzki`Mh?_zj>sGq{^2dnOdf4P8*q6L+rT4bqn{Q_7ejFDwaK|&> zuLJ#@btW`g7@^~d=mgrTA|0%n553UxIY}K*m7@2ra~IFu`Ow4O;28FQ+dvF|@2gJw z?q|Ngd%b_J|BG=6xU&1rGz4&xdV?Vj#Tq{#fc#R#{M5x7!8^U^HsT1(lbl-V?1fup zIba+%7v(iz_?^!}ZW5XeWXx_yjx)gof#ix}rN|V~BLLX@I9{BsNOuEaUEm3nokW?t zCPGFnp5Csm4{L@eUtZ`$b9=pt?kqC8=vO<5f_5bI0IWTn7-uXXaKStf+2jW@FgCFb z6s9F{rf{a^90#o5gf>CJ3mq6o4oj5ANtJ(2pLWYm*-fElUaN=WA(01OHW76HB1gf^H< zOkv$3xS;qCy>y39c4oP`x#blW{tHgS5(yuI!m)!SX#=< z%M<#y1;4J!ln51Q?L*AE5l*RCe>L5?#Vwzg0kJc2~h=Q zV7sT|OO~h7tjL#Age46qF@;H(&Xt4@KFYC=_qKYu6Zv~|z(KcKBqgRs2yh7pP?tLH zuyJC}oKZB@25ZMuVm(OTH<#JoMc13vza~GyDWxHvO448t%U8XzZ|Swc9Qr~SNMt*y zfX}ZupMl4Poy7W+lYq(DYW~W+tb`IZQu-wMoWq}!Gqi+!!YIpWq(Z-Tnbrmix?Es^ zT|*!1XeC_{Q$VaX(t9}ST08*=qAO?e{@xoR=F_&dE5!WL2K>nsxQSZU+%nlMD?ys^ zsKFg+lG-eem3t25<<7>>upKkG{fmYUdTL>RtOmpP&LdeXVzf8fAf zaA?@S+X^hOIh`xis5SaoR$h)Ark-0wR1|OV+dbVFZhY#mC|LlY(8e9K)DX$ua1TK+ zj4LgN_2mPHTiv_ODc+Hrn}}yOcqFTgr|+$st%d?cQ^u?ss=&}2Zq71z+cqJDyqo@* z;@>Ie@YxW@OMb?fpjhEfOG~RUo5XHtY&0B+1)R(m$DnXNv9Ckebjy(C1FKtGv8dIn z7WlXvb_5m{7cEn^YG_@hZK6M{m#b9&K_cRJXuefzHA+1aFc|b8EPn<9F@iF-J~n&y^GEMP%l*R9F_2(4R zxwr?c{POVMx6|2;dE=E|7M9U!RT>TxAVFDz28Yxlo6nSjLB14oHT{{!ZqpOMejL#e zRyeLE!P$q&X!Hw#=fnUG6k*9k8Sezp(rY}>I_o<*`k)SG-|_a}dRT$du2SctNu0p> zM$~JAJ&w^86=CNCGoELx$m+p@t!y|DkE4*J6I1%{j^lUr?uz-drG$&Sbf+^271W{` zB@aSHpJm${2tAFkY#eJ(l)bxXJM&`>L#3p$wpVVygt7~ytz^4)EZttpSr$q#AqlV1 zbK3Y#?HIsWx}6dGjr}*EV=4Q6HiDo&xwJHcLzC08KD218#%-~Fgl)_J;;wNdm?{oh zjR-r|S!@gkhO{6PWrWoSKh97Y8TRYW){aNeX5*j% z3!UGuNeVjxLx{JNL~3Y5byVIK?iK|K;83x%hpg4{&kL*^1}cSTo9pPOQe9T%h)X*7 zI=^^%%ryoT`63^xqWIG*7v{A#B?%G~3HRpw`f}kh?Vz(VY~9hFvREmavf*0~ol$(~ z@=HiEFyoe*W2e%;Y=6N2^x-se;Y;}yX!t^1CngwsNswetS#T`*2P~s*9s0)9(3TsA zyt@)vS-%St`dH0LKHIs&*m%}x9jHf=^8#HV4 zztBprWh+Eq-N_ zLazf&C>-Q~3Phr*qX}>Wa-7<6S$KM{tr#P}bGynyUX+m|LnuUsPx#RA!BRI=9*^Z` zh+KB))DxYEX#hU7^wOLdXBTTK8pUH7xatF7wyq77lZHPCOUtWE@88&h@T1xn@=rlU zG1vL1EzVBDR&CfRCAxLMLag>8rRpvdVWP15Z`L2Ck9+jHg>~jwfGaG{2?mcD^XXiKbO>_FyYc^r=mtYQmo5$uGggT_-cKDyF zJUZ`oJm>*N0|B`6^ulea<4Zfaov&#PnV0k=)vZ5KzV-V2{PL0#uG>=#(fvkp{_UO< zU-o_Ubd}(h?#lDMnmZ~-%W18+36afagir}@);9DI?J)HIueo6=gPA1HAx}IbF#b+O zJw0|&juc3OYPN1K=YFV=7f12-cujs>_C8@SN4#bGxDd&E9Suh?h$O`9ex~wwYa^ngLEZnu~s-J10jtQ zDXjSbJ2`Y;9P(4G$}%2zJ2NIr4Id|{g*MJ}bR>>gk-i{Gq_VN`r)(>kOHkSjx=sAN z*l&MelQe^Nv;>erF7$hy+LZ7n!#x~wXU=do$M!L&fB+il!YN=y| zu@dg%9;qgTD!_s%V_$|2GYYaNyzWtFPwg8}?0oq(LEzDlUGWkpF@tBSHIP#&{r&tz zX1DnGkkL|T`rx5l{}tuKX;IaR{~%V_v3cT>y+S`GUY-xyeZvvM%4%Dm-RUWv6^y>~ zC2y_!wbFjSj^I<|l8HK7Jt5=nAQtx5^#&(cbQa6hx1+pf=SG%| zq8v+(;yl!-Kw9!2vl=2~-b|KiMq@wu_~yT&2nny>osk+xYU6Nn{p%J=AI!tXi$X!`aWj{UH{vDMusv4W`I<0OAB(9lC$1uh)RkcbyuY8-!5+0Vs%RLCmlj^V_UR| zhWp69>*t1tW^Z@O*3TFRf!U1 z#{|*^KI=Hzma7E+?)aZ@?^;V~&~|x?69TM825@9PAxz5=gtRk{(YT5jE3 zd_Dr@rZNisC40TR^^xh zGhu#2Ngh~RG1&FvcHD*#FHG)*t_K@^5=Re@+=!5tn9H^ziNkr>H(M%wHgEk#b@e@S z?6)nSr89*-q>6110-8LCm7=i6-m8_Q@Y!)?0gO< zjMV^{!XnWb>=DTG@mT%-92v!Kdgu!Z$5?wjmr>}QMZpk?SZgf(k zn{BS=HC~TaGASH_=f3~EIH#(`lr7M-@~v6nris_hSSW2UtgFXVa=9oE6Su!Uz{bk0 zjL)K{#*cr0t$89YW#u~GBA6_Et|$+ZE1i7cE3VL=Qp|*=Fd_^-dog*O$%LFHHx%EV zgMpE8_i5Wg%5_+ciM|TjdJ$fLT(n*)O6PBeT`!8Uai05aBE(6ol|5%mk4(ujdHSZj z2)M1?Z}##X4}Hupk6%annh61z<5`?)j@mL2R8Bc_*tVWVu;l(QmmLHSTg5Qn{PPeZ z{X6m$*SU?Wc8$UJr7<0YJ|Hy5tMN6xlhkIB-0Dw6z6U6?$u;>+e4m@|ty^*;VD5Df z0so%T{c-F&EaMG*d~S9@^WHoM3rG;=+SLeZPBtHrzS29q)okD8kUVGigCfCfjrSoc zG+KqOA%^o3L&eL17Gx@LG92MLhbls?ByVcNwa4EKX1QUJ6QGqC=A)XI!zwO^jGfi< z+C6E-qEkb+->;}tp2GkGrQGy+O+F3Igv&e}Ipw0e=>3fyF*~#K5qcTAu@YvNO$@0r zmfj&GNhyw-+M7UoeNTEba)=z#dB}gn$OBXmIn-#vWw)wuWj1|5*&GP_CSjJArd{bn+$hm>(T0y3W)Dgvu1S7vZ8UwBMAYnFY)Ib3(Tjbv`FCHT}6T)#k50C6j|ouWurw$5XK5hk9#es4~ZI;*rbG)eTWOc z6p`Tev`s-({jP;iOeN(g*u@%{i4p^#x$esi_wcm~@q^(yj+BC}MJ&?e{-ft9vXa*3 z+TH$D_MsEjkGQo>TAWZOAkyr%1fHLw$_|U6?}xX>zr8!~vSajVon*W*^BYr1-``Z1 zQYBe@wy_Gj*MhSMu2Mke$cc54GgYJT=FxkJSbGW4zlrTYSvQ60gl<9ob49Y$T!zaA zz3qN81t~2UBdZIw`1;NlchMnlzkR>=e5)@AR#9I)#u^xUFKzXz179~6&57J(n_b3q z(Ww117*6iA%+j4GT8FBv{GbC1IlO3KD~zo)kk9qIE;0_QQ^KjTTyvc|Z^T}`&G@eD zG|v)B&me|=WV{@YvWfl_&*X=MmaL-QjVMHzO9c9c?32z#tJB9wAHfy|z2q4;c;p7Gay zaFlR1pR31y6uU{@mO{gi)~^OA;jG(fP)a6?2@7xXeAaV25a;pdb#0?|{6GT>kNx`t z_q)Tw^JN65{X}nUFkoHvGixU6s>j({PsCG`bm$o?*niePdb-_Ma$bt3`@)pPt+H1z zA7NnS_uzno_Dx;vd_?tW%##_nUQJbovqHJ-$El}{PCIw|ZF2U4(bxQ`)6>0a^$%#% z!$Ug8$AE#yUx4D~?wAoubq{&YN0#IiJGv(fr#JcRjE`yI;6{`Y(E&a23(sETeUtZ# z+oFPByg|D;qXdG=>T3skwoft#K?>>P9`eRarUA z>6gW%kPZtbj*rS~Vg>NplhDa4idX}I~*m;Xw;@kjZ*nRE+^j<>NeQ=ADay`B~= z>7kzfzp66g1{_91_h_n5dI8?#3EL159GFw6-2aP0&hNJW=jhU zP4q)`tK9>6tLg@`*6M_{FEAOLH(D7pH{fMKBQTkwvPHO=VNT#4sDe}6u5rkHMf8GWq>DO4Kx#Gy z;2NJmP)hF`A(eIi2%?Rk7?)xRTa*G#w1FsZfRpd!u$4(Lo^XE;tmDE*_E3u?q`_QP zJ;U#%DoocNx)s|`-`Z(Gal?1Pzay;qSiN_IS=U~;f#$M(@b>!A+*@tJ2`5KBa8Nj) z5!$kasDem-dM}y~Fcexl&%^qBnq=4cruf@GVNQF~`!d|sK}VdjY3SDKAcx?YW_ePp zGf0D;9V<9IWUA{qAA{ zi+IM3Nwgj3$#w6WrX(JvXs&iT41XG&jHs!xiI$e3{az?($ZxKzH7}*w0^{n>wE%fu zSpBnxr|Vlay|-@jGn4I6??bcr=Gk;UfAd{*HUs{p?D>r2HCPZ2kI}9xG3Dja5X*2j z*|_O=)5Y%J*%rgVqDh{n@(*z3WxlrGFU-IAPTFUd5N~U&9a2h6zRsUAxc9 zs97r>?}u7<0G>D&V4kK-F0b<2X!CtL`t>w~TxZ0ecL_FpIX;AR zSoDLmW~*>iL);me>h@SE60T|EetUK`I6B(Qx8K6o^rsj+W~d=NJSLM72L!xrPfu^) z%|N{T2_Czh=wdTDDJYg%Q|^IA>0F(7buIj=pyiO6BIbahq5|&pNejF_@huh0#57>g zrxJmLoa>e`o}kT^hM+)S{>`2y<0k}%X1o{N*K|a1$#|kW*qi|Ht~v|J|z^4%BQ4M#$?!7O-dDs zamOIwV>UmZk$aBvUtT}0ydocYaEHB9qmKq<%+#KDqQqh7d!y_>@nibmII*zulj*); zr5bcc+FYp~+||d8(};DoBY%&}ktp-U=Sss*lyo8{yJp1-6uSyg-#+bobe|sV#@F$; z#<%ZRod$P!q&{qMv*We%qKx9s(ujty%(Q@3Ia~Kt-bn0e)V3v;{w5+qtL`~$rNHqa z5bc+gVzszC-B>o@DgNpp=f9`{Xivm%oQ7> zG9w8W;jxbbggImSSgm06ay0^Mm?>`)(Q=vy1F668CKvSOm@6O`f`? z+L7?l=BK3O)Z`9^O4+facd5Qw8msy%BM|Q0q1dU5R7|OIg8h|SkMYwY>n60$Un}A* zi&et-`;@MUv84E04SX=Q3di~x`6|v=G#NxG1a?@m(n=7Gebr#A6}GUZrp|>TOO^Ft zXen`!q{+=|d(7bdIQ}`~l{XPWi_w_5OzWWcVDO;^y0d*V#k;o?SFWoW24hj~5hkcn@?*SxBWGTW1Z9)tI^fpqVWzbSu?YIPr4as&UcM$uz3Z=^wtZS-x+U4Ng6%&*J!AP}_Xh?|P3PDDgJAM4n7@wP%UF0MzN`v)`IQ3)wX%5ihQFy*TO*f<+l?Rw^3 z?Q=cKv@a>btCyT)NBLIqRnO-%TAx4|fU7$JPN5G4D zGKLonHCf=KbGqnaoUk&$Rzqhayf|vy_OBMA@-x+)m9w6cZQ!`-hb% zgaH6Rv44#WCRhoa$t)e}7uIwf`tXJ1)Bz}{PFiaI;bT+_%S#55()gFzZzM!sPqz&9REhVJ3G-{4i9zJt~jJq-%XDO?)mSV z_HlrD)BTZbk3v_5ir48G7Ya1lQwmhk22X9mWWqZfaUC1r0t71OK_fX~Pl79AVgIoa zhbfH~i`=r+zi8X0gnHbBtqm4t^gW_{`5I`mhf4k%dziqL%Wd za5hOuYs50T8C_ywMUH6gZ)qL1lbC|)8d`J+<-n38;%%pEbAHgzHEgG`3n` z_INj`2=;-Q77O{GO$v}Ys3C`OH9Fez68&P(rGA~LGSk$`%5ILfMMkW-SE}7{ZsM}$ z0`$R@D0R;Md%T>XoUUzyK>>yJaSaX=g|EGW-e_rRD74K7*CB0ZT zoHS6z#4FI?WRs3Kv|<(4L>ZBMz7J>0D1|jP{wmZ>1A%}QS^GC?$aLBd&(H5rop*S< zSI9v%ewx6!{Vc7~+J%}vtTee`^;kwa=n_*dq_H}>Dhnv+3t^3OL)IT04KJnTId86O zLA&LpeI(@Snuc*t;x%U}4cs}_e<3qG>;6b3Ux;e+G>oZ~R2o~HlPS2FV3yT3^Om_e zLc6r*drUd%?MNZ-MOv5MveYL#HiJ@ri*(GUq#ev~b&j1#yB@cLS#ZDWxlLKIXUfuf zFo}7!Ew!<*iED~qvauC4m!{^TFhX2p&%dsKKk+lDWx-txI#(NVIFYw=oiDjwm;WoG z?Jcgjre}%C1-Jb%<-X8$Zr6T#e@k0Q>-FAP{TmC-RPpPM5n4K#PSJgDM;Kuc%RIBv z(8BL)3X)YeyFK01C!P8)*){!-vE_sA+WG5^X+O0uJI*iA$XZRpm*`vc^_hhCRK&e6 zcz68bx9i}co!<8Q(DKcab{|@rHpA~ek%^4P>|h*bH=3!}i(^dHe{!6U`&9&ofB8F* zK0B}Z8d0-9`!E)#yfS%A!|gJUZ@>6Ad`NtsP@L&xJo2lGNP7Og2uGK^BRCN+c;s9` zj^$tb2AB9Fri};YdmL==#+7Gsju{tal%$w&dCu8{CIAZ zd7gLXOAwOtb>%F6=O@&@g6m1q9c?--e9e%ZDnes&v=U|xE0dwn;%=W=TMDmh8Z0@{ z3Ot=BBUGU~U?D-p_%OLqbNp3Pq%n~B!NOV|pu5Y_B|lJpZWi%=5fM?xDYx;bV(Dl0 z;Ne)1j2_Sg!el369Qc@U+MZMAOv-eam@z3BjGLJf;=E~5jqQ(`*8$AVbq zQakwEt;p3NhFn|~csp{`hBjX=Bx>1=$ul-|y-%lyR&-`R@8rk#Q<^4NI0Z?tX3RT0 z@eerKhT{_VJ=g*%_|r)qF;JkTbkEfF3v};@ykMj`ETMpXjw1Ps9;dCZEyum;ip&Ny zPrNS{7j4H~C+mLSAP_EM0D*4?%a-lCImFSuA0a+JqVQNfY_HCtq_KVGDVp8tug?=y zFS6#929vr=s!PY!!rz&n`lk2W`$!6f+ok;TMWXFY0pdb(1tknnv6m+-r`FrP(PX*K~U{~+tTtd=-JFI}TDnS-XR|2^lu9>hj)4zMf%G3S*&pLnT z;ksc|9i8uEy&Mu3rKc_$3l>N?!kXD}TjoY2ujl3YD^cM#K`FMRtIVUbv5&F{_3OyIys~4b)ec z=B*XhQg2t(_K#8dyBV+#cNa!CR+yUJE$KMFLr2bKm&b;QiaZ#>LM+g$u&=A%h1(0u zM&p%M#`6xA#VM7Zr58PL`}<+OWTgF*YU|~S!5YKz43v~g{GiyXe6$2Wz_YC93+^y-`s1LzqpXHYtSCsA)sV&n$* zF*4Oi5W~~^;-^@!mI-`cc8Qva0A3s)Z|Yrh{Sr+F@NnBU1ed_|v~1RZs1S zy&v*7K70DpvJ#o6dDlgRmF2wcPk#)nby0ayq}JB|2lLXE#w~pkw(;>SIxuh zN(E8yl6l?yy-V&c8gSiRhppNEfXp$J5RU7n=N8LAjtcaYfOOP*aM3XS_Iixzgq&Ll z?y_FMfo}b)0wN2naSS{}p9sJi1sro&#(N%Dt$_3Eyq*pvNC1bZ6y-tfC4T0i2$Y9E zYiXbxyZfs`nQCxHt(d749bJ_8HO@}bO1c2oX{{(ecB3S)X5ElLxP>O%Af;d-KPG7- zRJGE)wma+Ht?J=otsM&S(63Us3qDl@WFI~0C@KJf1XAu&p^CLZal-By6_TSiVVFoz zB_aqTBC%D&f`#^!BII!4$}<-+``TA~sPdfPoUi%w-|WV^`Zjk)OVrq?bRKRq|y zA~n{B-2OiR*gz-0bKEm*$juS^pKxtr(Y`05cf`4^+LBWa=GizBJQrmG8Oml6mi95^ zG%Ms(G-Dfy@J51?Q{l6G9%c3FW~^GoAV=TxrH}Wi9V4sm2x3#aru=8%2Adv_2!N9LHViP(q3HoqnXSGFg6{=$OKT4 zl<}clx~7oTu4otuxkQkl((K}OA{CTtYz&{67{f(Vvlu3XvpzZmQ~T_VgF;8)(C9HZ zI&>lq%^iya5=USc%s^$gq*InaS)>(5O+EC!JM=TN(iRzo@Yr=Kd_u!dmtX+vO{P!5Vxt^;&@6C@Svc0WczXRIR(xT6pa;1wZk5 zt-Ve4Z=F3`^S1qxBG>h)JNFXp*D^tZo-ZHuKoGZ<0T z;BnpfM^d`7eI>4Y{W^4Ix;#D`|9BnZ**2yBWUOvkWv)xx@H_kL({b9VC!nEWfXoAc z*VnY5VZvm5?Wn1!t%_nrYXD1HfCDc4mup6yvDur>m%j2B;wk63O8y>v=mGb* zG`u~2b@rKLb}@`3L7HkKg_7H?H5rNt5uipZ(Z5>iu`Y z4==KT3U;r0o`@lG~9gCjc(ct7QBtW{`D%g z*Yv4TKW{xaVNqvBGJ9y8vG&W3i4BMXV~0 z>${5lvv!4ZVBDRb*aI@j4#*^g!iAx|Nc zTuitXk$0zMA|i1^G9e5jhR*gZG8KKXwrMe1n^&W|xdmyNwCBFB2Vm4YrCyS|@bHQZd0E31@MY$A5B;1(}^#wZ}B-Y^IwAOr_| z1ELK22TmT2GQKp4OhxK6C6l|3SOi@%K(!9&kB8>2LX8YS5e`C zKmWc6Uz+hZjIEuj6If3A>?)*vhSKV%{lkH^dreO8?J@0qn`ys({nSqKX@vxU&x)qo z(@HkEQW}b<(V6Si?@f}R2E~oxxavw$s>HNQ2y=&wQxY$e2&1hjjkweo{YWO5x6R)R z>%KKo1Rjdeoy5TkL1IkdThk98S&2pSUd9EBnsLmydYrRIA1r9kU_o;PzrN&Oxaj*= z;o=|sMdgwo{uMv@@s;@LPbh!J&whFpe*QDcU+{~c|5ekr5RDw0z*-%h-V-4?Ew505 zsw=25A*M18@f)*|P*k^XvOc1jIHpe74Fh%?fD4}dH12-upFO9yorQ#S@Q}esB~xh1 zHKJL5`dn!b&zE|IE2flSGKhFSj)}FqXnJ`Wr`ZSRHP16`oixI<__piD&JFrPA?C@v zOZC}OQT+!GMz^FHT)Ecmf3`1DSL@c>^QB&t`di&?U8L5o)x3rb8M0mUx3aFQ5q;vd zC=ZqQ=wB+U+E(HE*RDr*x_cu(sd4wm_88xHG=kF4?wNPbMq#%^9)0X7{QVy{;_Zb? z@xn{9v9@kJ&N*Z%Ix=~D9 zJf`yaqmN?d%>7Il!V_L0=J$VaA&xx!P!0dj>#r+brR+sM_qlWNPBe~7$i#K?`JZrxr zDPq=736HWx=*|6u16u-Ka7|;1P1?bhpTfmCvLUG=t>WeFP592Es}Zd1FVYVwnK-6G zGFb6Jys|L*Ja#{B{p3fGl*5j2mu^GlYG0Tu;!?lb${eJWlsa%GR>l-p*Tc2!Am~uz z*jZju_aoWy0!4y4R|{y$j#|ec1mvkzfnGVG&(jsgvy{?lyhmRE3S~37SUB1 zZsX%QLrDv{r9`{%(1R_=R2+sOdrd)Gdpqjt>xF<;p}nOMsayc5ED0^2UE+H#Wzx@= zMXZpC`22@3W54||Xy`CK@A(1`o{yU>skbP-26Ni8CzMu&Cm8$4dw~u4P7Dl2Q1zGo z*nh^}TDO#3RN6#Ll7GJZh@_LB4Iv4wMg%KU@3_QNKPeI@H#Z6d?AsNboXI7L1gJHa z)CnX%u+J5%mP|t3T7~!wiH^n-ue^Xohp*PSI~}ZcX%|j_`ON6SzkUQ?KjTpBIt+T( zex4Ar7hYSBHLYb>wQLc_jT(ko`_v-40rnQaeP|}~_p^nkVYewqBOcxj&(6OL)1zO&-c@@miKJM<#rkwjRZcZ60{tu)R>u!7;94%IOCs>;x~uvjl=e7z{yW9MQuEfzfT{n*I+MLCtf{l8I4{4yT|+n z`Q?{ij$@BG76S(jL?vIwvIWTUS%j^`VKh7sFEe}aAc-bD{% z+JId!s&><#9l7Z7iyWK5;HtqmW9k_)ohiKBj{37aR(Sl#q9?JkV;Md_;|orxEyF{P zJc*ZHcnP~tpN_x$>CYHDZVXo5I5nJ&4C2dlVO6y6I1c?MxhWz${#M!@u-K<(A^AKVOOR z@-m#k?a4mg6PPQ51ux_@^q;yI!*N%uW4Fid!6w8Q_P{teM=HvGD7*yc<$@)S+``B$ zjg)9KfU>@Elvl=)?C3;}+m9uTGi1v|nomed*nnIF#Uq0{l*=S19jwRt&K9g_YQ#IM z*P^34g}2{afceWepuCJ*DS5$>gd{KC{pZx*ExU*@T+KaVZT|yc`K8cyz|j>tUAtx} z%`YdDos85l2a=c&&Z_b%3`#fg1BXI5&BTCaAQwV58A8jzk$7tE5^#58nWQiCAVj5o z!(uAE(mufYv-#09c^Ms4Gl6T_fncuozcJP3=;#<5i4%OYVA3={6R}uW2V6PTuBbJX z7WXchy~V^kEyrfUXjV?8zPJi4=LIqnP9`yWLnbKhnG}-UozgDl5+)~;FKLr(0-bG5 zNF_QEm2~?^zwcKa$AG$ORLaFR#~TK*3Y{=CHMi;ofeYfgda6IG<;G$x@=p(3qu{JU zy&b#pc1>?UxBZ>pdxf&B)RmJRCrERWFX{J7-|U?2%EIIvEbD$7%SF~E-c(}BXH0t{ zrd;V`I_=VK>l5u*+trGut|qMMXu-jb zuD*E?R&?~2em4NIngK%iM`6MIAK}OW-^1xMzNF89ZrC79*U6t^?P~Jp zxR?5QK{q>*=5>q2lLI2%`Og>2@hyGXASyF;n7Z$tn2#6m{bxUkHSNot)V4o5Iy!VaImu~v$h-u} zwh>J$JmyL%i7AgsdUyk?Bin(oeaD)1$(X)0d+lu9?#noq=-M<|gRQ#a$ZhG&ds|`k z=kuTh^PmK(tv@8$E-{^U8wtF}ijXy12@^ zm3Z;lr|_}UK8A@C$Kvu|{{mn7$`^6YK~r$ulM7|64&kS#AB2jC%!xTD3qsC}UFWUu zBV2k3x5Xai9KHWQ^2}}HTSH8_rTACB{5cLh=n%)n$9nfgwHQYoFFIPscv+2%LK1|1JZJ#NXY~t%NI8>j$9}xysH$+b5bZ5 zx)8UK3OTKwj&z_N8-$#8%H%y4D@Xl+!7@ot;ohfS!p%2bi}vI~m z?8PuHZkP|aXdzvKT9~xSuqU1((lDlWLI}zPJQm5Ls-g-5Q%%U%)X1bz{%eIIcTf^gsVp7ap3tor4}l ze+;)7BLAFtCZ5d3t5~2{1$@k!aebK+R0(HD8lS?2Wgf)|v$t&9~UZJ1)AUWmK zj(X{;w(7&9f*6=1^DD7AI`#;rr+zjDe>^IM6UGU@Bc&|oZ1)mywUpNr5>Ap$k_^6q zm)m#wTy>7w>-tmmSc zl2f@31X>WT45PhyJmqzjOGhsaXMmf5LRJ4WavATUR9-ns;#sz+h3F#B@ z_}%N!mCRx7hE`XX9`*B})U7l;C%zgave_Ms;H~Rtm19wf>_OYfF5>vW$<-5?HX?LY>tN}wShq=$1u4!E(*O8^#4=pkE zg1a)<51D7t_d>T)to|9#jUv^3+B8(`w;#%8&P4gFS*Y1>UsTW92eo_8K+RtJqHdpA zs5@{L1|4w-8je03!;U!;!;d`*Bai~`wusM~dt)(^|aawXTS z*>3t%QW<_m5Qqdhj;eKwWTg<)>x7_o$-L9+&Xdd9YvR>1U)}VI_@-pc=+XH14cFuH z%PzweKlw3!e(5E6@`fw%>;revxF<9R=;n5^Xs_gx*K{7w<)>m&ws+G;SKo9)z|2j z^Pa-^vSY-#592xU#L*ZGVBL%}?XH{a`0gVAT`5?K-PA5&VQjvqQz1-3R2wC1 zF588qOd1l>K3&qX32{ryfRU8RLsuwM!t$6C)^^>|K@kAyi{ahw4Dd~?Kh{TD0++kpNs_3IS@tlz3Q~(J%H_B_v zkZx{7v@D3I%*VOn6O{7;I#5eH%5gZ57sAR(92Z`Nkaes@Yik?gWo244P8PVGUsoR- zy}Z3oY-@N}6YO=5 z{hf8eEroC9>M*xnCStXDj3hx9-QydY(KnI7P$BD$Z+7Cj=hh+Ayg}-w3F+>3L{pr! z3CUym#7st7fy!>IS(A{y7C_(H3=SLkRUA3^8yM5DC!+nMx+=rxKe=M#C0||?UyC;u z3wzA^Wm+r?S2jsLS@#sKP}L8p5Yi@Ps~Dg+93pc43blohZILmin=5e{1QPsqvxLtE z^ivlkr%Z<{yd<^V-K)^rxK=0C%u8}E(#L*QhUiJhQn7wsh!6j{@cPs4?MK#&I^Xxw z65Km`4I10J@Wa2~fhp-qeD$C)+P=I~7~@NXM4}NsugPcK3pyCk?i{Nj|Kv}v4LcF6 z=SV0b*Eb=jfv}89{3^E)HyMZ8Gi_*0uf>McIy4J0ZA|E5L^6l^ zUHan6ITzun756!*Za?r@Q|ice;j_!EQ?KxP!SkQjhE~y!H>%9d0n?Uy)a{|^(2dua z`K#yY+k2TNUp!O_ex8Zx(Vuy5E7-qP|5ig332xu@!dnj8{}@NNRy)G;&I)hdSh3em z8;6o@?KJv3H|(|*A?Xhp>8xBm-CEcc)ULF7=994XK{GDrOy1cYu{HSEsVC#R|My+| z`nSI-lIt)18m0{Gg9~qc5@-JD9-Q%~yNl#gSKaHRuyb(8p@*ThL$2kHoN?w^j?eoC zk39CItKTcH%`x95-9mi!bLVROnL@mMyti=4sU3J|@T60d|MgEj-IG$?teC@1iub@{ zHLz}8Q~vQ{7b7|4+(rgc6(y)Lxt0qZKRV78Bo31N97Hf2L|JVGYKHVjMcp7oYh>an zv+q99T9gkOfV#bpMq=9OC?`4XTZ2TO2=aaFao5AoV$mv@Q0c~C^K6lKrOKAQ7{*=o z{eX)XN|waryhX+wsSD{Ixv*}n4yD_X7LwX315{Y5X0L|P;#NXVIY=c^$jPA8$mf=` z?MTW5A|ZoAm(*u6CzC=UNeLM?x}|N>`uPJ7$>EXd0DA0NHziKgZ595rX;LRO1T^i+ zraLI7~C{ z)4T-fFYZf_D3|}@Zz__D$^ZBZ$->oR zTcj#hjYLvNrP#Mt`1a@ZUF-46s#j#Jm3rmmh<}cq!rQz(<-e`+(LKiCmaiUz`_4O| zSLrF9FTVUQNP(OZ*26i}V{3IR*5A6j2b&VF)$1;zh9s&#Yl<5Qf?Tcig2jQB7eaoL zgck$eA>{;;x>S^x3yH0e3wMQ(od7ygb;yPi=#mRc{fLp+_nW`Rq|>fO^N}ws;H;~>$;bp3n%Ed ziAj+{7@dqJYRa+R9C6%THe(}gi4cr0cGsD973;`5l})Zhq`h~U3g4WbQXp9 z{3%~q#y2O|$NON{(fu*^)qf(@+KfIGaea|bJRFd|E`6G6bAlujpln(uK3O5HiB2qA z^ftzg9-%K8%Vf<9EI4^EechD5psWZ{a%{p`G43?g>OJ;^Q_xTA)Ug*yZ|>VqbbD0J zy!66LOi4<)WtS_a`VG@uwGvZv-O1}VJQB~0)FqFTfuz4KQYprO}HzjmK2ec z(v)CY&wOj;`w1+IZcXMEeYxIpBAsl_p=~L!n{cnMjt9OpA&zg&sKLp*4#r^zHQ5KlX2GB4LI?nT1?w3hJNuX{ZtSMYA)432$L=c~WoiaP^nZ-Q|L2n=jL}d0HK}20g{2n-y+BrpXr?BGZkEcnIgs=!2to z8HDGTrE$WDJZ6n9$1ROH{B3an7hd=^{NM*)QThJ&zpUnW&i^dV`_4Hk-#+g%u6*m; zpEmhBDyV%YL(V9)=i1PkYe9RqO|D(Mrb%6712PuLoFOG-Pb969QF~3_YSay`#hSNQ zBC#Zm?@aq0ru3Qaq`3W{H`b+&*zY2l!rPnqY$>lBeIkQ!)`ZXFlnH06%o=d0_7&c& znp{8GnfI72>F+cyL`$GW&ked;)7rDqtP)qQMluiPy{#abRQ;>VT-_CSKrABjd(m<}bH6*oEGS&ndRrRKrBw+BoeX3;L! z>aBr&PJL3}Ntiiwrn*r-d+nffrxG$I6i=gl`0%mqaL+0ZHDj>M`qYpR9* z8fG(oPIwisyZpRRUrpB>bJEH;4{{QoNpmI6TokxXgLmQR&ezE+ISp1SIc;~z={l69 zS7PkgAsARS7U^{%)FeAlSrbAb@7X1|U^lHas56Pi%Skkeuf z3)r|MAIu-?*p$VZGFK-#jfRkvI(Yi^S8#n|2!2+!7k*bc4S%bigzMsC@Ic)pplS$G zNtp);LCq;S70CzDkxJv`fy43rRSo#YJ5%w+x&82&m(w`+)pA_&VivD1Sb}o2iE!fT z5D>!l5i9D}vzUHTD91MaiqaL6R>#!(5j)ALadRfh)Z3cxD*9(cj+u_J7awal$wylv zAmlXBtlt$1V#=>PJ`V6AyZu#JE98@+<80N)~^wA8bn-(DaomD zR1-%g=zLa{FI8In=3Kn~@{5L?*4D`6UC1d{y)|t|F`K77w5ACE@z}z;yCVNe-7GYo zh>36NX=Cx$olgABWXEjNvqXc)2>GD! zB}gQq`gUIV@#Q++71M5hd|xJ@`EI$MNqFI}N|p$>Kfh0e<>N$|&t%5SR-t7V7@v2q;1A4OZWxKBETDBXcd+RZm{a zB^>Kp!!wMSH8nLl3FXT&x;neCaKS>%e|rhup1T|i7A?o}Wy^KDZf#{8`%JFE$4{xj zX&>*8GtV4?Lk}1%<4ZpbO|%2^UqMTAi>~^ToCeCI?nqM8-P+dPeBJU1=;jscR#YD2 z>|&$v{5f`lFJ%fQ+mKGC^u<(X&lro-_a2F}_N>6X^}wGOcVKm5HPV@sjCtKi$^@H2 zyT+Ga5!|GCWh%~#@apqk3DKUHekJ`>SMRvfhvyR?{SgwHmH7ha3~3pQ(p({xYh?dn z^@x^*vE-F^Ff1_+KichT467Wi?@}O9>M5VC6_PbRFUtNGNmi+zT!rVggV%tS$#=9a zN%AP;`j3}u_dxv|)r8uK+GlwkX5ZoGWAZTxEB%I&jmY)cc|M*(a>s8h^Eq$k$-H~g zX-kA#>s9}{I^9N0Aqj4u_coTj{5+Pw{<_Mt*IvVtS6{{AS6;!QmtV#^FTI3?FTRKc zFT8-apMM^2KKpEsGXI%p(6V^3URO!pS&p*)l9%MkynE7VOC`k52}ytGO7i>NTlOP? zrcR@4N8{LW$7=s!d+6Bc*lDilSS91CxwiP?i!a+xLZ_c`=8uLB9i|_d9X)!CT&PL< z3M7!jlnw>Xc;p?HN`|mrQ9P76prcJ(@==JL`DW57G;Uar?(Qy(A2-h2edgBEa2W0F z9ayz`rA{b1yE-v`{5W)UB;_I}bSIcVvyf9x8F!RVJ&{AYs}<{)%)_9815jUEE$T?+P#wAWP@kT#xn+OS#jBq!O0OqaNe zbOf_#jRnzf$#Xb3-;B?max6OYVWe^))5n;vr$V*vUGaDjp2HHK?F8oP(MNQ%6Ch4B z0wNa0dTv@2wtf|~n|$t8~=PaKKXc0|OD@eLI+@wHDfjvg=puF9m4 zku=izAgTvU!GljM#(=(k(XXx^v3R+VupFWla&Cp1H7tqgyxDVc!#^*_M~*rf{Rh{h zZ@<2hg$(E-+%IS9-sEXa@3BCvwtT9RI(opimGW@qijxq+hEuUgxo({NTKjt=HMNzP zvu+;#`sS6`bI&oDSTzwN%En@J`Dip$jlh8DaP%n~gxc6ZR8{svU34(|XNDmjj-x%> ztlM}~QlEU&Yo{G0)s2YVN`4!#+FaSn6e3&P%!}$E5%+j8Ivk^#V%F5 zfR7_CXl$+UbPPY`Td_TsGm%a6N3sM{BYU4?en32yRkWi;*P3OlhB}D37ClU`U_c zZ0<}W*-?hoLYnHLt!U`qjOxmA)Yh8kgZQR!HAOFK$5mZ(MtI=ql7x<0bdz8_S6Cih z>6G)Mv9VDn{OptE<>hD?+TaoaqQ1Ufu3YezuB z@>%5CnlOeAk7NELS7XY4`(fT2uVYYsrJQH{j7(ggxef8A5w9DpQ%ANGS{?!4{Ht{! zHQ=_FobQ3WA-*pPDVQ~DmYi2|4u>PUa!ZWrAIHprS;R(-#iwpxiTLvQxZ<$skV~>u zQK2rqx_QSvhVdR-eYlI@86g>C$BxyPE(N3I1-&*ywgorM|070B86kZqtvAsq_MH@# zn3|Q-G-72@3>@AMiMB2*o4pvv4f-@bG4|_-$vGU7>r&XcHf>LIwzs09qC)GfG1Z9n zV6zaVfSe0m>ek-fjsfu@s4F*bl4T#^4UCF#1;+K2IggMuZh>9dv=T3Lydd)(nTzlf zG9tDg*<)Tq>bm=5T%U3Jwp-pz>C?Brrn|N1Xm4@#Ppn+7`SHBzTD%mgrAv`mz6PDE zm!NCKGITpqWM972Jx(oJiNw<7NG@A}?6M_DFB3OOBht}$@Zp&-W8j=_oJPt-clIe-Y;h(bHvUt05uo)1%o zOm$-W@Zn>7AasV1(}tnLv2eixj2b-}eETX-I$gn$F-Qk24)P2w?%NB+DRHnfcb}L? zHk+17#0LE+^SH5N^rD!S$utK;e!FqiDj}z_sFK%-6DOiWCOMI41)61|*x21ii7B`B zjI6CdIyM+@E?R|1WsQ`U7nHOT)0Bis2uW>Ehfsk|tX;7Lqel)!!$9XE#yX&=X1!qh zRmV;Q8`)bFX$Pr)q!aong7SC_6Uq~qKX*BDRm1qE2c)HMBxKS^V&Bmz6FniOygO|s z1{omHg+QWHh-n&KohigKLDXcTI5_+|zVW%k(432)g_Ad#M3w1a>trpU9#$8xed9Lh zwNELa8%8onpyzWxSox%nm~rWu*kXR;MoyFP%~FTae(9=;u~ zy?h@=$mF_z-(4|yy!8See)D;iN9MkW zhvq+z2i|!Gr;Irci!<}}+Qb!8u9Dhsmkt&}dd*8WV9v@pn74W!=C7HLx7NLdx7WXo zg&P)Pank}UYJD3^+7>D?eQ3WHT`hY*6f9rIFqcN$E4y@}c$2||eE;GF_a%q{|btfft z>06;J!l61LpE5yjPs=1eiSBeQmaSy^jTqLyQ;8|bj(vvGf-kHiyaZ<>qADPXqdUvO z^OiS8T3cK722*2Gqpr+w#gy)A*RIu<8qtmAwx1f{_aYgFx(pgL5JQI!72?_#Rh3nG zW0W`OI7TKrl8AN4M7yjCgX_w%Zs9Aas_lmiKcgYwjz3!luB2MM`Tt$v6piI!96i?^ zvaS$+9ieh&Yxzqry@Z)FXXqG?pb##}m%4`XDVd;$aQXf7aQC_{{NodQVNgJ>@j{%b zo7K--*Mwe^cs{CW;I)^M({MEI`0RL)oDQ2f9EtXnAq&#BB&AABm6V$2OY8dgLH*!5 ztXsSW9g92gm0f;{=>rcH-G!8j{*)botc;Ua`5FvFQh9dWMhxwT;Uc5QRO6ku*P>yM z&tvqc;i#$WhrBbX)$~mfHxr(a&N*WyP64#EwCW^Z2l%4%$<{-0F4lERa^G6ya$%I0 zM}?$r{iI*4P#jas^ZD|_sZm@B6J z`}fy!_U+qO2`b$Z-TY2#+;v~|{4IzIvB)NcTy)5FF=n=F+UJLBL){oKVINe~)NB4P z&7O-1)Am8U-$-;x*_bc4aPzr3UQ>zEafLdQ07M|BQ0r3DUWyLl@1I|DH ze7$Bf{gtg*{OyVP*wC59UJZS5(bYHO)YFg0S7r`IWjKwWUv{0oftp}=N(Q}uWAdBd z`jo3TO>P;!{PN3j)KN!a;J|^1S8n;+Ft-*TyK`6Ub?kI>H6@hD@v#fDVk*~azT8NT zhmLNLYia=Ry!ti-WbCFT8*; z6DI4ffNcTwU-;%6OrJg-^X|SIsa4C6YE9`2m`p!0eaylVX7*#(o-uFa4NDKUZasnS z$-#p$?ZgxD{PWLm7yT`$<3C>hI}RRmD8~2ioj_jn_(j?$cz%wo8i|u9o~&_8NvWL+ z(Ej-Hr?9kTF}||@*PT>+`0%m4;H;bu!-9niF>3S}@OxoADJdKf^@1YTAont)mcm78 z^U?E#DX-4*Px8@=f##b>TWc%UtzCmDQzq+{US1IRY)ETc8&<94w%!Pm$pj`%+C{fD zWz*g0+fRt-+Y7|bxA?{|wr@3-HU-eemAvwh5GNr}&Wb6?X_9Z7OLn6w9>eODt1)6& z5Mvs4p;n>~3vH%DtcM=4HP!HbgOCS>w=Bxax#$r=oG(TwkD+#842|<&Mtiyexta>( zThc;2We`hqI~8BB!@Jc&QWGhZrP@%LYT*)xBooB=STjC*z%UG{t3tVu{&+Zqiija) z>9kC&oO))J)j+j=Y>g6{_~`fNw@h1N>GM=z8nO&@5yB{Q`sA}bwhCL&Hu(R2am#D z6Z4p{`$&;d*mKelOrJailScJLL%%W%tf@n?r4zNg9D=@;GO-q78qk+funkJu!GY1C zXEFZ@&chScWo%^UnDltcFUpqAT}VI; zb?O*LM-ED$^Um)@9a~3IbZjYwg@jXi36oSN^Vys8X-i%iZOtm9f|3f#-<(aodWBNQ zRy8teDLa4Ss$eF88?MV#-!;Q1BW@>*^2oEp=LNYr^68h%%uFGnXisoYwr|&7rn6(@ z5Akl;utEIdWe`S=K)7<3|4!-cd&zFRQJlZ9geDXnpF{~wk}08S3yNvdj62{}R9ad} z#iiwx8W~Mn7ydy}$xVr3nh7z@ui#EPCkrEBZor=zMa2=Fen9fzI{HFtLmd>_Kh#fi zr~gF*ju;^AWF_Z4E{tf*?{nz2iEC;8+EPkOZAnib*Njr*SAJ~-+AJmry9^Qur4D3wf-!K@ohX>*>6(mwMG@PRviEo@qVh zytJg0QktddRO~*G{^9~`5*aS*PO}%xBfdGQhUNyqntku_Irm zf)X=JNpUf)U%!?zw{NE&J-Q25lC^#Tfs~V*OWT;VVk0Dw*6!VV$oj}yCZ36jO(>&z zI&ECDk_xl8QV`ZJL^qX@rQn(}t~fCg7=hN6D^JcJcPtBQB>vbWAcg- zDn!T$@lG_uT^+}ZKXhnpOrQ&+`O9e^$5xsj=Xv^828%}mCs^SKCLjvV+$G_(xgXqI| zpQ5%IL_IpCP)aOzvySAn2T>G1Gx70p6dN1E63rctP};IRmjavhp`_RZ3gFJBjNY2O zK{%sw+90UANO|WDmM+6mbn=Cq!p(%H^KXg))@;T*Asxbg0XC!xRFO6qudIEB`nTvy zt4kJBL2ZTX$ZLoxMnKwzccf+8meCCv2Oc?uC5PP3XkFZKb}& zOF<9_6NWh&vjM_&pp7a`_zrG}BBxC7!=mGMd6!t<%eE`{Zq3`2)GCEa3o4j2fSlsx zXcfgL#8O7bmb7*K7TWaJM!Kl&opey|>z=0HjZP_@>Gw51Q+{a?wTx@-5KiR599QP8 zq;_%b=!CW>IPRw1_Z8@mUpbNcNHug`-wSjsdya(*7SQ%>+Z!w?e61}k{;BY^h61h< zOs&8Vpoo|~Mh7_8_6-rEuTaMVHJk`YDBf7-2PZob)X%nLdtw9s2=op7cCr&!0%^moBDttJl)HjoWB5 zccQkf-^3lFH59sZ0(FQgrGMXiHI)~kyN_urGUTV=PAZGPywxjpz5hMJKM=R2NgoWT zY}FA5CZ*gofs~e32T~yuAGV;FnrbR2$*1FvX-C~FvMDK-J5^P+YDyJ%&Zr9CG|VO9 z#yv5l;B)D#FTSMgtfkbmdl0oukD}lL)*fv&&5X0wOP)! z5nwkdi~R_cy6F(^3h>Do5Yy}mwIeS&otP4esh;S-9LT`4Us4?=9Z`@eTtnO=urCV_ z7kiwS^7D@)?wiVjD!%WssiYuB$Pb9orcIk@)uPojZ{A#*`Nz++WWgL-w`wW1ORb>G z&u&VO-JMRKeAtX$emS0Ada@Ore0-8xBgt_}T>v<@iJ$vIyBVmvN0gOt5V+^jp2&U3 zKqndJrt=9ijv$;M1PKWVGSX!_sQg4wC|+1rm2$4DBz?@ug=peDq@4YhRmrsvD9a-% z&84kdxg%dh)W2;@S~ufc=B`B)&7>C7dK(IpU&#@k3qN9j>*4`6uEF|$P80S42#%!= z)eGpqgG1Z3hcJl_N)P;f);xq}2Th90>ANQ4>gQh8-<+2jW7U z`vLE}08Vx7k^`Wj?onom6yI)GX57*VxM?j?nLDkKqOU2xi9%4iZ!v0)K%9o6P7s$s9Nd6{ubnU0T`m*e^?hYkF5&P`r=|YAU27V+7w#?HJjSR%WlH>s#NheH>Uoy>B3O zvlcuDp?pWdjOQ1Ek-zn8R|~;kvt|vIF4+j6eY zF~W*zwET2YTAOn202a!q2}Vvq5J7^?i-R52$DVsi!An;g#SZ_RH!s1TPky7Zn{bmR zGTIM9Q?zCQC8oAwJ$4UJ*BH}xG37WUNPYGK<$!g1K}_n?l2Rx#C6Sh_+CZs2j-b%w zw(>&Ggby)hFYMrcuaifeb_0w;VJ`-ZoT^N7y&V=R-!5*Nl1{B!Wl(HFqD(1OQ2AD2 zu<$?PFljPc?lgLeN!gi^({}CJ$w)DX`>tRI+1)8Htv9h{G8JVPbDhO)QrEWJMiH(4 zeI>P_o^)g9N4ZXGBI`>rUGwikXhbBf0L4H$zge|Hri{l%#!_i6UTPJ{4&NwST!ZYI zY$`7;N(yL2-f~)0v5?9`^5y=+TGL>R*vmUybrFKgqA5Nzl@4v$pJHNSxPP>a znrF0g^13Hw>ju)lcJ)e0e|Sa)8Oq)sC~+wPvXj2<(Q)-Z2C zIBxjn#grfL?DKDM9T!Z^nyC?McUl%MTuQIK`MzI&21bAUgei{RHts`rx)l{c8aauBO__3BsfdxRE zFTVH!z52?l+<{pp8z6z0&iZpU{qpN?G-c|~w1_Ln1q&BR3t$Pigv$ znM_`b>6Ft?rCV;lm9D=28Y-O8~YL?KPQc}~YY3r8Ms(EW_ozjMqxIwK6EThV* zGAb%6;0g#IvqtA!C9<9zFhJs5s8`XgRexyv1Dw1`RF? z`uY4+^AGND9EsL#$)$)^hf#Dew$BHFz=vosNWs~S4nxKp-# z4MwKS^KG7C1Cvio@5Roe z*o73+dN;0FI6F1ev1?PMTft)d56L{#8Cel;_M=(|Q5(U1of*Tg>bpgm;0^We12m z{|LwA-=xbqM?@MPI~O_Se#7pN(>=krtKX*h=1qjmwCmi4^0V`3^|V!VVzW!>)Ql@B zG&oGshkNYrfGIJoe+}m}u3fX1T4l7NxUe{?&ISppqT+yJxd!Ed<+Pz}11&9HN~=m1 z(faDuR1r`@fuZVN4PkPMqml5UcuLvWQiv%wqFTIYF{P)cQ*_MU+mOngemo0Ef19># zD6Ca0+P-+XJey{%v`JT372jiACxE0HJNE`j!ByC#EQrGR9xCUXG4#Y!si{eS+TKmS zKeUK%$s{n2=5Lxy%d=K-UnYVQ!sDdwlC`MSo}*d+YupxXT}o5e{z65S1vI?lanw1r zvkrC75W>%AEVeObV5)9RhUH48Ixq*$c1`irQv3o#Ff#oY!QxJDf+qG@2Z4`X-vOP14X3v=~c}Yo0rXR*k z5Hrf~i?2pg$M$WhcdzcWapPvG|8BYID)Hw_OaWZOrAt@Rjn`dH#~*jJ=*{_S0sY3r z^3X%->NgaK8)d#P%6o6%*%#iRmMxm^@-++i@yBts{RbS*1n);WdiXIE6cVZ*OeQ6m z?xWv+DX4}?emy@81gbmedm1`pl*W=P0j|NM5}Pt*GIw~^aK|NIq^PKf3R&=QVohvG zNwIt|JvTRpAH3Bno!s~i959du4jf1~-h2~f=4Ml3QX&-;7jiVHNV%)ddBT)ke1HId zsB{8DYN?{4iYmBs8Nwa(U>1OzYJJ=hl&hx{>M0MeK-9^O!rhfpZ4e|tbT_n_BRBB} zVlvNCx@Y7>TAD+&ttOrVBI7AFsEFE?FQrG$ z>rd_4w4tKHVku{^F1b#KN5~eZ2S)=$=sFefxun`<52H#u?iF~Nr)Y8JqPg73O zG77BX&Iyx!l$BZst&V}!QQS$6qD9Lq>Fo3WNBI@C^!&RIQ$Xe->XQ~sVKLlMh~a?I zF$=~TAr%)s`Gar#vXP-P#S5k(MwPxO;L2&ti~lm^AxBa%i&2N>DRv zPV@5fW%OJcd#?b@HLMTyM7B4SV zESj?MM_M>!llF1o08c;QzOT)5VD5YAu<7fF^JkuTl)7~3LQ9q`k)3W41g6L0^D7YO zf}DcXg@=d9^x3kqa=tZ#rEXundKJrRI`q)~)TiG-83{sJn$BT;aHrA0q~9D29D5hw z-{ivpdT8??h#Mm(Tc>?OVWlNZGWprBE*H1Z8Ya(7oM9K8TS$?82T@>2IR#Y~(&E*d zsn6gOsHRC%Dx_#3NHsyKUBM2*CfQEO1WY~ zDRaG$N9+TDBc>wb2!Wdc!o%|qJG8T?vt<+sFSVQm)dkj@w(ihbM%H$9hgH?e>>e(g zIDk4G*^Lqs6KMV7HB_>$oUZEd0A<8>;`FOs)xG;Je=o8!GbwBPR_feYZGN<9 zE6k*A1zV}IrjlADwxE-HoT@|EJJ^y_Lfdjns8`!0TC`vRlbSv><}dGE-cRV=jB@kx zi;mW<@BB$x;4mov`*M`9-E$q$s4B(yzns0oY zx0=hTsx*hHOR?s%EMwF;K0ZOFM#)PkQ8VSC;xlLa8!Bi1@09w`?dNnlz4PhxP4=fkMnONT3ImeG)5$4ZC6{Y)WzWl)Em!MT!deGbm+9`-Wg z-c!mZE+0VBz~KCQQ&^fdsN{WO639XEj1&ss}Os?+I`cK@T;uy`S+=)^ZhTo)5i6( zWCzxKD%^^J@s3StcZ^PZ;fMApM&+ZIDkrC2{(<@^ig$)-0;xK3NDq8)!Nla_SO& z$5REji$f&`WzpSP+2e(n=w3|0M-4O{8V)Q8!ql*e6Z8e={N@ootpWPH#+1tTakRm|n^q0c;8p z5`y(6nrw1KVIpX?gT0^(%Ilh)v)0^%2VtTf2nkr*hh?{l-V6BVV0o<@z5{`KL4+)Hjp~CVSnzUd8O`5-fiZ?B#r!O5u z8BG&uTXhUyCsm%(iDQq>uDk-aKw$V$38@SA2NzMpQS0OWfFJP%zdCr;Z{>sDw|AIRMb*MrBcS4R5^02*sV8! zDydm|OZxnauV~iX1vF^LQPi#tIt_8M%Wq9Z8J9PAJk7K=zIN*Qk&H>YA=m&ZBs_{G zl5p!|-IhVUIddGe0b$}GzX)Dk54>aoIo-N#8#PN!)z33F#ZYLebqpgJnh0eW+d&k7JL$HcG zLw?{+Kf-jwomZIMaXDr_sPBkkc|(wF3S*`!!VToEXy*GA)ucJiTeOUN96FeSliO2O zNDKvWM;G-Z+M_aV#^mLk`vKckxRdWms-zwHKs>nrP}VT}=E;G!0zs{+#n7A%gUiPu z&kY2w5vG2^AI!S~({tDzT>jHQiVBUPBb%O1$G5mpUILgA)5Z)uE8DhgqN>UY?htYZ znMr+7aUpHZ+Cq5+x!h?hrz+emTslGFffODUM)7g+)GRTLVxr>s`6!@u>(+6N>2GYdfRCAqJ6F|{TVrkawxlB&GX$_E# z98G-A@ghD3ZucciR`5Nvp3c!^28098@QC5w1pLE~zMw8$Ita;lo=HZt)D*{$8>@w6 zeyY!iju>>96V~+Uv;D@^r*{u}lSvB5A;LFdoO;S}Oio*P<;9(LEEzH8Y$2k`j|pSk zgvoUMwUj&iinyW5$%G6v#w||)3 z_ldbbaJ^8TZ8KVl9>Si(MA(#}J6_)~c7&h{FTBw6ozpgLr2&@C0h2z}u%X$Kg9B+J z`NzAd*WgaDFMR!bLE9rP2pTx_A85%;JlR~Lm zWF8%Rcy9_x%Ait;pb*wY`KxenZP|>tI7~!?I8C(50H~Oq_{F5ooV4SJ@L-RBglX(? z!1dH__+e*P_zLb*aR*$5BX&Am>9BFf2h+;sQ#joDGxw^>giqjpVIpzE+fH`i#pq}d zrgsHXP#BkCR0KuDaECtzpTgiHBr1|ZBEl#zG@J=hHMQ^5iTd^HONm_B#c@X=GCZ2X zBBIz&JcUKYP-tWng|URoF;d*ZqLf5LMN@b*6Vot!VgYH89Bc6$8Vr<+HlkcG1s`RH znGYZyC`&xEfRtY&0PaVm#Fg@$;-By>Q@o2gAF0U5%n~#HvsZkR8l5uHlt$VD7i_3OzlmG zPo(tb>D<<|k@a#Qrub$k{FgIn1^2GX^i3p+Q$!aYgKAo7J z-i*4mO7N1(Qm#uk=TK=@AypNXQ})Jf6vlnos3!4T7peL&lAm3Sji_`VOJv}S755BUn?^P6tGijEpONXpU| z?tCC$2JnlvR7OE(&6ewkxM$3qEq;3R=qe+b$Vcy9>V-ri_ox2gYl01~Kw|Ux`9hpC z*zVL*j(5U$>lK%j2>C>wr%e5wI(BL&>7PG;G4(&R54CRHN(K*BtzJtf9zR^d$jQ!g zg*}JC7`u5%88F+;HFjxpYG7Z%7N+R%M3zC#7^5QQDLc#92{3I@Pkf4 z5H~;}(&?3{kbE8}i!(rIl|R{iO^)ikj_B|q2wSEaA_6q7{Le08@8t)&>R%ul{Nt4$ zh;f6G9JOCL@~?650^Bg|RjnIx^c>;x({_?}5q%DKs2Fz<6{p({;m8s2I^x>Hz@05F zL)F3H_)MPx{%~N=Ql_kn5d_$xa|U~mHSFk@(XIm}CML<$9+~p0!;vE!aEBocUTK%` zm97-N{F=z&=E;i(2oLv(Dl1by>b`OLSCOmua4KTrQc&UZk$*foun=cBNU~sud_!;d zphETp47lx7I>f9Jq~emYVl$2`QvRZdmosX!4|H;3qGM!pglHz4nCXD)sLIVdJSA$j z0SBg!+8+0TxEn8QMv{C0I}t}uoeSW{Ibp~-ER>}(E7TYMeg`MQNn!(KeCuCm%<3^T zcFkCtw0;at-87CSXO5N8(kVqh($6{LS?6aC7x!qx#a~?eTjUxUv;Gt41D-Frb}VWn zTs;@2KB%fvYejKx1i&XFuz?cpO&l@Oj8Qv`M8eKj+=Ry*8v>*ckaX)j$iGgrW9I_S z-FBiU1|=$uoIn0UK9E1;Gq0#jK7kPw-kl;^52UJyWU2`a6+((pbm&yns(fR#6_EBu zr$yq_aTu8N8+*}m>8tk56$T5g0bbggYhfVzoYn>jW=r7>uSw5-5F~YX<*lK=QAP~b zmvTMGE5=;EY*mP!AQKZ?K%J170D3qSDdFU*5cO3JHg%{I&y@jMr6)-ma4 zsVpg{b@Nuzwk7K+gzJ#Fm{^Joi=g<(Sc(mfq^!kjyuwOsl1K{|E%mZ!nD!+f`SYHCxjw7T8D|6!aE zxs#X>PiL}b>;W9yx^+aUiNS3@ea4^EqzOM0?1XR8oANgzBo4aps{Oz$&<5isfV&ZG z1;e5J`qG9Cn<$gXEN0jA>D|*y$5-Ekhl6p$D78Cn!;cmqoIcZZ^N-ckNb}mMOTdY zQJVTF&gk2#qdu3sYC9;&L5?t~b6>2Q zQSMq-$1m1!mp`qibrG*2qvD5;k}h+u{j2byXLLP~bGWNhWe^YA&gH@69Y+JC$`kg^ zL^wGSOKsIrm6fwodC&AnauA$PB5;c_%*HHzh!*csq&xRAW z+g$`!_;LG}gUd~eM@i1bO5h34xGSSlz(E_upfvtIF+fTh`q!*QYnnfJ!w#ici#8mp zx)&QN?l}IoKU@( zXiMDW6mXjjB)tes!}vE4SGmWKV6jkUw8OQbIl8Y=w(f9?m0ghxhF(`ISZwnHcC(fbhUKkx_| zG~{Rzm|+Ju=s?$B7=Nd@)8E~s|Hxq?FvG4fr~mJk@X#P?l@jBe&zLobwr|@?mD}@Z z)8e%hhx#QsNxsu-bPCH#D6gcD$>b`>4l;1yq4e8t(`oi!OboRhMy<>_fMa4}BF&w* zP)7fZ9t4CjDk_R%;$r0-JK6$no%#eYW~Ae%$-heY^~KeuU29ssb{%cn!sLX{SFKq` zD^{rdU_CbKr4_50eDnFrm20T195Ybr#swI2Qc4n&o@Gv$Mld1>GG@vlGdo8{bOE=X z5x}24$}%-Ig?cloLzr0iIpL?NjyvGi_a}h+{P`E(aKbeCp3e7xTL%K59L)L5nX{=W z=hs{-07rZk;m7fl{OTcm%yPhb<>oEY9UZ`!cXZw)FO%MW>( z;>R5lbioA|JdoDB1+84QTBcgz4WuDJXt(`!3IJ&sab%G<Lt1?}R7*<;eE@gQ&z^h>bEU9dqUlW8-nDm1)5;Jq_uX0Pv3={PG_x zb^OQ-{$%Z?Qc>;#xZ|JQA{2O#qZlL}BMJ!9=qWf( z0*`~Yy@C#&J0uwO;7(+4Fei%@{pdWQXmr?za|cXFCa)9fTCa zoqv!9gpZ>K$btGrILNCiBc+62=tIZz8zAWbIh9=iIX-N*1aj{XZ0PFvBoOUSj&Ra; zI4D~{Tk;V)@}vGG9!zb(rXR?wxVwDr8tVG<*r+t9UsYyuZ^M9pEr2-jiLyfptI;O; z><{e3gDA;S&H*{VLZ54Ub!zMYbxj%$rR?^CYl*VU%U2sBDMG_>XeCcMy5s#jVD1hJ zfpdLu52#rc^74`4ex}^_lw)Q{d!Y5*Fn-M^U3?4OkSC`e@B!{~zZZ(F)k{VN#4ThQ z(dql#oj$qRIvnHfz?_PTQPN`Ic4J6-)f+kD+DMMRfKH7pCBgi8?MDUV1=!VBu7L8T zJ-Pg%+}v>Tt;-DY!EEf!xdUxYURD2wzX0*`0i4yp{d-pE%#aG|a#EDaB>eSyTG&F>c9(JTm4_$~Ur9HaJ zw9W!1i(h>Cz34#VVq>V^A-!nYA2aF4AAb_NRxOxgesiIoFg4;Rx^Yv|SkFqInX zl}|bG7$=Pz=~-F=_H-5qxOc5P_cvK92z*FQMvN8WLty8ZZuk(--K-+lL^d}?m} z`i=C_$6q*UJLjzWcfSr8GiGdUzy1Sg{Dg@#?C9aLhDMPkYyeSDCqr5l-E8uS+LaX} zIM|2?Z_?2k>W0oVf-Ev>$$z-<@X!JJpaDJk*Dxjy35qQEGq!Ssz6l?Hd^ABiL5n}v zkzvB9s4C+JIE+F#KDyyiH z%MPPq5Yb0U^%3QU&XP0Qq5QA`maIF%O9uQ&Tq;_$inHnqhY=>uH{rdH? z6R9CrNQdOfr&Cx55{`KBfy+k6t89>Z4qMFnh-AnSZd#9jBxoG*$0y33f1xJ=BYcQ& zFaIik`ouV^gFrd+kIQ{WQ0nrl;^DGIrG(n=HAEAO=?Y^0i$EA)N=%bIymkO#EH5KY4A-m!t~0& zhQ#FwqRzROzH{(CH!y93$-AT#|0sX{GcOm+CugLb*be6~J3zSZH0)!5tXo)E)J67R z%lTPkVj9lv3pOq4-Mfdju`u{? z+)r{3U>fb7VCIb3d=G7)vvxoV8w*tHpc`J#ugky6CW&_S4dh|9q!1#A8 z;D+eLe+?5j7V(F?OTlnB5{8;~2Ov)9mzH6dW7UyU@pDH8iDX@LU_knmfJh=KDj%w| z6Cmk9xSnZ#oN)GEjqAi|U?=e>e#Ia3OveGVvq9U`+)Dc z+FH}eQk`e$s*w!Obwt?-5IbzbtdEIxS5@E#=9JpM}eeOOA zk#p(!1FkXjaR1_-GtZ*|m%0<4)G-KG3+_V@Q{2x6(5)k`1Q=bhWjCzvMBLa_6fdp( z!T5KFDd+A#9go|cPt}3XkzU82>)eQenDr^j#{3CjuLW_{IS2FsaQu0SNAx5_E(cYg zX)>x`00D<#R@9nes)q?GwL#+ zpY9L%@q3_(fj>7Z3jXYOL8i}~E#GMM=hoOnS}&N*FW_oV88D#q0T~M5j*2?hO(PmlZZt7cr{1nBqJYsigl8I9a}EeOLZ@0f)2z>g4jm8pV{Oqh zqy<};BOz>A*YTc{(3x$SarxAr5KKIZujk)lx7>0EY)_ zn>qoRLZ=_z;l56!91UAawS|P zNu^DRvhx+=$CC$!HXpVL>jlrf z;1YKs;ueznL(Qge{J3;*Zo+hji+coho2jb+Ck`X-xZKdz(7{VmyllhBsT+=e`Bxrb zXO3QiKi9cdckW|JH`}Xc$WvB;u`_#yV#SJ&By?*-k?AQE7#=F;HQXNnl3O;X4*mO}VXfoG%0E{O z{JAwmu#4{l4?RJhJ9nU7y?Xf7X>8)@1!(B@mB9vmBENFV&7lZCEcysR#~F)*@wtej zhaXK-r%vGx0!A7Y!2+=Y@eu-vb3V#B6Ci|*uoUUwHWZC1I@R1sk;aq%K~zi2%B0f) zzv%E{S}8{I(7f^~lhOdn&e|^D_(@MzbI+lp!cd)sv(7q;R<2wjA1RlSN4ER#fA6B- zfBQ|sk!hVQ=&(!LaLx{x@*5QyDGffz4~U!)QsjnpQHUU^a?XuD!r&jt4+4-g1kHcQ zD}1UQhuH_8C&h=;%{SjnW5uwh0ONW?DWaHA#@U{~&NuKEWs-T%!^RFE|8K3~^7XbRt~5 zY(UsBt7{_{N5!R#8f=nFg#4M#r&3TR{MG{r2;q6eTV37rl15H@ITN^z8#hu)QXF;Y z(2+7)wv0@jR)p)I9?Gm8(|L zi6HOnGbx!pkBG}{`+X$xN(%3m8q^H+v7RHeT#btN4dFB zgzS#z3ii?57U2F$O^R1K3_QEg!F^`#HPkC_zWF9i{Ar@pw|D>VZrSCtu&_}4se8u< zY$f+NUSM$?h;QP=iS*=?Ptq%|yh0B=@BqE{(PtD99wD1?APfly$w&QxQAK`sup|IL zJ`J&xdKvC`;e(99oA&EY3(QEvyYIeBbLY;b?c2AjaP%{YG@(9*4(yZ`Bj zIx?8XjUOlN4bq1;Rno=&}JV~-ssYlr>0HAD{W--qtM@6J66V}FZkO&!2e9l5=7 z)bQgpCulgequ8-ok<%E;&(9Omm(eOilTQ#J?u;;5K&M!pbLWCPB3NUI&Wwb@VSwBq zSd0Xz#+J#OH1+|~*n?0CIpr|mj>XK1z`~Cjp^1))q7fs8)9*9pP()<75HxhA6l%G$ z*(_n;J3O+>A4gbGR<87n8bhT=Phn$(vU^k%lT#)Uh`+3~R7R!Hlp}xeD};fMAPA;> zM0B`PR_+mkKt)cWx-Gky%P&^SQFZ((se;K!Wo5aT;TyyY1Qi1ERa(mAi_1}wQ+(sK zLJ>W7LwZ6&F+zsO5vL+SNCVPi@`qzqR<0}-zvb3jxMMh$<7WcIafOA4N%^Df(XndT zvISjo@x`3X46S0ok&}@Y}Vzb;y~~y161zC#UQ7Zd_O31ijR(a$f+7BM*5&D zYe-pCnz-Z1X+@ms9O*?Ip6gt}#2p(HB_<}&?RVTkKTVp**AU;i!|tG18;6$}rF`VL zV2Arj@(tpq;(@3RqY4`bWpw{4pxmUh3|q;sSc;$wy+k|tgSa9>5&q}u~{P zuZ7KcX0o%g7A;yxeVoPjAMWF{^fZ}{+oVYor>^t|_1q|83WbnHm7GPCHYBL@0)+n4g+ zf8RzIUUV64+Fl@1&UK=3JBd4Qn>TLs(r<{o|IS-9>XVQBy6uYK`-f?%sj@q!KlcM! zumQ~Nx7|SZ-+L#8hlbIVDNMYKJK)mYB?0`|H&hJ#+56i0ih(~j2;k4Yp#u1`-wg@o zzEX6{rqsGe7r*XSto##&d$?#IbtCD(_uLyGe9|Ct0}oPw&Tvstk!s}GD>~00bRbx8 zOG-+hN+uK-Sq+Z}<4!{%nM_MsjX9x;NAM%0D7&_+Y zFku8Pg42iiuzOWeQ6YDfVufg-(-adEA)|H8nx#^1PLAXqY0AyXmN=xNAV(Au(k{vL zK%b*CU^;tvV~tJ>@_}?Aj212Mk?LmB0mO%Su>c zADyZfUU;59{^(;GI8b#+WQ3fFRO{BQB_H@U6UZ_IaU(DIuzSmNRff1Wv9U3d52PtR zK9UN!9EI=R>~ju9?Bt` zuLB4iKIjZm+`L(mTzBkl7Z)EbqY5BwcnN@uBiBr>g3m9Pq0_0BbN+XqvjNvov`si# z#7=(w1HP0MX!Bj2~^NS=TG`7&}B9~;NTw zQBF}@E_hBrZgaA;Bn`M`D7XClT=r8&$$SsvIm*q=kr@sc)kZnvnL}D+rh+r_v!m4S zB2Y$%07iB2#$JqSx3QBnOqwu;uDbRnDVufc)@j>+F7Tob_a^EE)JwR}lai9;{%Xqi z5wLCBHpdQtA3X1PVH6n|NiEY-#4q$fauEi|T5>`RVL1kLQNLh@1?pXla;mmNJwtf0 zWS%cy81e=^(*^-}K0&~$D45!J?k*dcVFyKAU!)Vy8OSQks5|kD0Hu}uToiJCT#NL;XS;Xl}?rWY9>X;RAsKaey}*F>-g_dFRrk zpC(c`cV61HPN(_v=hAi8UP~R?wPOO2B2z1}GBfFi@4u%nJ|9KrvVLps*fej^T*5F@ zXYai8-_$fdirTkIqZ3Xzo|03NIT5w=6NmkuyZ%F$UUrH2MdyCSiWPKt|337e|NMvA zwr#5#drmJ#r_d=v<1FNqi5Q5a>@>?Ae~`GRo_dlJqQa?T#}0Jozwh7;QabnSGwDgr?|=aV>FTSlrVro$fNr?qdLf-4 zir8`*X#o+MH+LSjYu{cvYv@3s(`QBs5YL-$y-97Fr%>CLDN=Umh#`G*=P#i%&p3ld zjrxpe>ZM`{uiMcq5LqnmHONk&Gu zY}rERo_nrLoy*D1qYX^lF1q+aA;6bkb_I>(xUahM3huNVA)~UZR;?29+>Y>61@Kajdn}s$~nlw{D`2?fLm*qCa86 z1Y|_wcTY=na6 z>f5u6lt((>kHDjkK1vBO;dE%99x}rG%rno>RhM2wUyb^hI=5?01-aX4()claPlr<5 zR_WBTS&9%O%=R#((wR=n*QBfzvjh}*GtZwF*b4UIN8hv1$5I5Och1adQupI!CG^IR zA5RZI^f0~p>Z@Yjnwdvs%uSzu{$;wG>+hFddP$yz?4oKRsULp$A=iaB$W&pBz+!~= z{rBIe#~*)OrVao4>#st{G5QEnT3%L8OP4O?I{IyXejlQDxZWMb?b-bK^QCRP=l(|| zoR?pInI3%TL7FmkisakWDGu}lO34E_|`Ocm_n{K)B8hYl*N97*w-le^~6wS)c zVskrMvUIW78~yzuXP$j7oq5^`@?z6%f70>8XwK|e)US6JdicS69J}u-Lj4 z57Q}Mdg(=4ylfeb`tmy=jpv?w4%Jqb&o#p?68$-MM3%^i-<&_ENqR6X5~IHu9Y$wJ`cn|~QwQi&sC1$82{Y*FB zaHHh&v(G-2&eNt%8>ytKmfn5uT{`vD(}WD=F|nTg=L{Nrj~iWdB(a{!bRtcM5u?-JeEki*_`(ace9cBGuBfHAM~mx$q&kj^AA#d`4yMb8*jW$Q>ILod+++|uah-?=tvKhFX!5Br(nHWRz*lga2Mbn3=IpV zAAa~=-b&*I#HW1yl9H08yz!C(B&o2tkluOk1A5{4=cr}+-soEZ0RQw!L_t)G=5*o- z$Idh3L}{-=%r;<~eS7VRE3reV;=x5*ZX0CHA*6 zSpo4XEUl84MWaWLk^A+BAAX><8@JKcty}5ZYp<0TAgFIHz2s8Kdur2EI_e5qqW7BM?Q@+XfS7lLzB`hhsBKR4hXWs1)=_3YJ?f@{_68#ejcC!f}>TTidN@Qhqr;BzL}-Fh7&_wc2cUP|A7 z`I(HEFIcjYI(P0O_QxD^jOgwUTyptU^w^WnQRj9o=-e|;(Y8cC{5XmF9MX?w&0S3Q zKJbWRw<)tgWaf-NXfwBiz?LoC4mEEf_K!UFH2vQb&(O0kzDm<(&7)Xu<8}wLX8lEJ zX{loF+N~q4Sg~5n25=ubWU#FHI;3xJ8aHl|b|G4|daX=nhuf*AoFLygG=LlY-E#9a zT%RnW@e?M|4cA{Gy4PNNsgOMM3wrhJt_U%su&{`>Zp)-r&QJ zMp2I*-RP<-F4i`C4|q-&FquTW=bd|o5LE-bRNA_2o4Eb^j+^NB-)GRK%}gR)SiXD} z*Zbeml~-Qu=>72hIMKuR9Nlhr-Fb`lr7&&UOxnWr&E0q3#(f`ke^^*pGz>c+r~X<= z)loo$h!Hb9_-JI&2!=;s4IvW=KF6pMI;D`8UVKqD6Kax}KtqNdO9Ku&j5ch^l8znh zF`B8!>3^wd)21@z@QyofX9D&CZQ7bCjmgco+(g(_7NfCOU3H~QGexHcYg{j3@|cm) zN;cuh;|{pfD02gynwqLe1Op9rWjWp?vm5&bImL8dthGT02V|^gpWbxJ$tQ6~Ws?vh zqC3A=I{2OZh1ApR;Cg2WN|HyfkR=Fd4nd%F2`}svvWS$8;gs=)hf?C_gi; z3y@K0tc~QfqXU65d4UN9J~)igi9;lv17lom*M*bDwrw@GZ8vFy#J;;^EOw zg7|B<#IAl8{kz@BYVNO?5M#Imch zM@VrSiAFrU_>2Zkd8$#<^1`^%UyP+OiFUe~SJ>Nk1d@E2RazJs8~fp8XgV9y*xP&n zyaDkFaIc=j6?i8jDQH5vDhwR+<#(_?tP)!@oX*?Lr-~Yzt20pv{%eX!NTeO{ngz!fiZk!GAfqWcVy$qz(kYe}0 z55rPHcR{#;Nrw8usA2J}6DC+K=r;BXsyx3q=G8Z&XinMJTO6M)W)Yt=00LiSl9eVb*SS<|?nciN zOB=_ofDUubf9bbKh%Hn3qs{hN$QM{7ln1%OZ9dQ8S=VVfIeqr0Vi{kd$Vr=PjP!Xa z23Hn=#W{xbLKxi?q%hnotvKMIMPaMr*d-2+Z^7Sj{{Xi#0QEV8f4_M5o?s>j^1Zyc zJPc@I7Xp(5jgJ7vL}0TVyDaAyMFRlLvpl|dRvL+-4q@r)EW@!B`RNIPFV-gp-Q@C9 z2J2QZDeAmVIjExTU6L&8KCXu>`IGu9uQa)_xU40BCi?=b*WTEfjeOeCQ?t>Z^hhPd zvB)|OUmS*=$@C^fg~y|qnSr^8@^{_#C`B02{#BIROv=4|t*J|7F1i55QEh&bEFBaH zni2!d$bg($fI;wY4MY@#qPux)2eUdsC;U^>dIY~-YRz#k)2NCz^fOIHswBHX3>3~Y zSSQPXky-OU7woBm+<%@iJ)P!N%DK5L?(lt1D$2_Bf8pMBzoR)x=faUH0xa5ml&q%d zRum#@6fB@X1mXqPeysJBm)f8bW$}iGZEKLdXt3SHHi1p1_XoQ^pjB>g-x5uE-jP>pF zBOMFe1zrp9v^-XN8@^HfX>j*_-@RC7tq7`Ydn)^)d)bzYQzYsZ@jg?IEeo6;9&~!& zA|neAEXL?ql4Y*9uE5lh9&i@ime9TS@Y@c7!9=}T`=|x~zKv}MFtB}z<=-DkT@tCw zxb_qFFh@-#YK_+|SYl0Va({{&`rmWI87fyb-;U!+8ce49YLtve!8LaZrug(cCntD9 z1sQo@&v%AM9n(dpql(zCT)Hh$2v_L1w8KvZet2W{g@5 z#vd7g2k_q_ZGWv{-)|U&4sf9@9dxWR`%aJh(&>T(6!Osg%-=Hl4RP~Bt;-o@y^tSsLsn1i-q^z zqRNqd`r#D%O5g;~@fM{|hL-4GOkc>pl(u-cV3U!sIMC`xkrm_10^%}lR1VVvWbbW+ zKQS|E=x>9lafOBUY*d8~LFt_jqev1a6nKVzFBeK3c75${5A5%*=?wX((GM-CT?4z7 zqbw(1<|szHqcCI#UeOs|ezSN)vOyh5wvHTt zVSf_P&{Ch&w+>ltk;hNTrNhxMQQ<%bjTcOjlX5(%li>hR6b(19=*tz9z{ApR zanE3s!6J*k_1FWk&t=CWy$FlJ23YiMno6QFY}z?Hi^rUUziMX^XW^F%BVQu9;V|Bf zSw9K`iyN(&SVj=NOC>zxnfgq~=b|$Z8Tzmh?UySca#z4xVpLp(pM<$mNM#0lz|O zC|tFKxG%%aBr0cOUQ6$l>Y7*jypzZD^-p>f8iXNAb&Tf;i)9^p>*)!rQb zlt@5g>b4aU%KndV5h`!S=sRu`TK6L{n}>k|F~bd6adbsHn^D`@*=L`JWy>YKv7C4_ z@4BGIV)8O=(>PxYDmMHMNb8{vtii>DKVvodKo2*%x_L)o`I?}JyFhQybSQ3@V_U^a zjQ$6Xmikv|h;_eR=DQ0)N6wbf123DSoFu9weEGcMq`>~OzqatHbmlx;Lh{dqUO8Um z&fI*39cWVLWtiBQFF=b+K*N=S(_$*kdZ!tjE)Zkg1v@4B-prHqd&uuKUh9rvM$oad zQaPS%m`JLcjLi81%F96QF~4&FiKbntcSQ}fFdQYPGnZhF2i(y!(Rt=c(idV*W0UyO zO-)S0##KICSr(xbWDS&l;Ap7DzYKER)u|`8Liu-pGnumP8^;oYB5$shY`yw|Qi6a zkc>*gm(J35B(w|#(S2lVWrT8nx~M8MX5OEkXFVTl+rq-ca>&D|jbT5pO0Oz(8P#V8 zOXJ-OWt0#=?j4bWAttJN73w0@;c-oaH^;rGCrQL>m)dSW#XxSC42|h9%rJ@^;JhxT zn*^)G2^-BiNZ2F%3A2&uk8Sf|m#0-qC2N!YK$*yi$$942`9>lU`GPxIWn#Jm|6pmP zv=OWFEC`d)^WJd9>>2e(F2gvp9hzbS$n|#fUqz7>Z8S9IlU5Z(UhJ=@HFL!JAQPq6 zfjj-J>43=Tyg)F`ROxl%gMq zlHd7xyWL$>AKg#gxBQ;75Ru)^XQTgP~^3Sn804 za>{YYEo(l%>*2^CCwZxIN-}*k5u{z|^-Lt0b1qa1=Le~$1FgEQuIoimV}VMJfChG1 zED1wGG+_d{PfRvruNK@F2R$2lK`pGank_4&8@X8V%(G;(GXJJk z14oOof}C8cAC(&VbpnaNhzuXVzbQ#k6$uC0_IjfSn3Jc*k@scAVO}T8MR59V+tLzd z;(uymoi)uG;(|=VxI+ZfhDdxVb6g*y-9{NKrx&VhCX!l58{N*Fhi0af9O`aOIj{`f z2B(+f5~2&nYMMjFZrNh?Wj*%@xaQPUf&j(=ldZVrC7m#NvC0l2M-usj1=b z!&pm|VdiKqw?~a}aWe!*pzK!`VT zh?dma?twK7zqS4GHDY31fp8nm7&3`Y(be1cF0&bv0NO8Mpv{0+`#g+^fPC_3=%}Hx4mUB#JSgYph-R`oam}bA^&h|S$fxcuG?rw zLuHH4(02dOb`*|h;3V@^wa>@l-4iUG_G^agJVHQu;NR1SjZKUE)+-}DwGz)YJW^uu zQy3p3Q%&JjIX>VCE@(XERo9lnmLBL=cL;ziaeDuejIX-xdsnR5`4(}5gm{#0npl){ z*)D0%clm4acS+l2OXSPrIR$Ig0*Cjna@5oum)Oxt`p*Ihqqd){p%#NNlGGc7nIajV zm&+?r@@*UnQ`w^T8>0Eiqimd5Fy%02>aa(Tmvd8OxgmSFoUYVX+L>czKKPPO8|s&s zGr_)7?`~86Xfyt3LK4PF?DMZ6uo8Wmi=eZp^1%z@7_v*c-eewcVs+;Qt%a(q-2A#b$#T@tsK(N5a8Q+mLrZN|=WLnV5m8mLQDD|JAMOwic!QROvtGqv zS2dJ0e~Q}8sc01zXe_`pB$2m1X6`>9ub(Um=xCkpLt9g%%XJZWzgp)lj8q-JJ6c}F zLES>QjiO2{Ty^Nog?%`!@bL5ibU(n2u}GFt*u$!(t{6tc0kYkWtEf`@!)rVI&`KZF z3jMOxrw%klO7OA+f9@Wj)>}?F{4u!yp|y#-4zwXuON&iV*w$7XM$ija|LPMBO{vSG z9CWH@V)05T6Fh{iqC3~{=ZNg83S6#nHWKB#sqh7awGZ=LH{biMcY=Ky9^jyzHuv;s z%S+ZQI%K2=PF9amaDG#*H#^5-JpfnF|9W7~$N2NYvVt)cEmx28bF4G+bYx@qVw}#L zN7Ds4O8lh!H=zPPoenWkK5wYRONQ`_YuE@p)>o`ZADQB!sxL`@?R8mMzv6z@mP-`9 z37S^~-&JWp(Ksc=9s+yka)8G^+bS2P<1 zZ4T`^?9thCXhtRN{&0@xURAqjQAD zK^!&T7U7&Tg?dRB;h(#?Y{HCZ!>#?E9!Ncg`pe;Ng09HfitLhT_ei|E-9yq}#V;UH zWvh`^+s5#&Gi&2WgIvo;tWZAA;hkrUxjf#?1isu} zQvK@#U*;fAkZ5-{74nk!S}R-Vc#u&)Z6}ZDd%Cg^EUhr@#9$W% zLllySoamY|F(2HFbP;M!?KImAoQ{+w6iSzT=nSth(Gg1;uM%Alq`zCC5*S3AqO#Q2 zMX-%kI1a%dMtTSNECdlrmBaO5dxIvJo#jTUM6AqjQiKUXLfG9O?`3odj%t^$cZ1<4 zE=DMxE>;%Ms*WpY7n3OQ(*rNJrP8@!t&uNblUMHDfBKc_^ASM`}Ig+E9q$nYt$#gNaDp6GT<8ByXpMu}JRH^_cNf-$uk zf;{e_@3ZEL`&er3J>DRAj09At}OBucRiF^%mF8+P8uk zE(>i%I>WZm^iSjhR^v0#kV=x4&|;C|+^v<)KPTakdZD%!*To3`d=flrk;k3fc7Ts` zY}USo?%oKqyi+3F-VBRJg`7=vb?aob`IPe}CI){!Nbo#pMcW%32>({35zf1f`In_y zKrE>xHse0bE%-NuADN5I&F*ATwksT><0{HXDhdl9aWTpvdbhsAAgb){RB9+lJR$|} zA+o(lB6Y^~FP8JW_##NMd&U@24cypc+)DLp6y<}S&O5pr^u)J$6*{AW5L<6GOG6^f ze9*cL@4q(^m!A1Y0w|=j?WtnfNq7EFrJs{%fpXGn3_nagrH;E8sXl!h4|+>Y{h>iK zY^@fh#9fu#s+go96lg`a$KUTd+Oy>i<&5bP)0(;-7Pd1yMV2d$MK>AWRtHmn8O4%t zf{l)+f|uY`s{CGPH;)0nhU+q!o$9)Qnw_{;B0p5$G4q}0{-Ro*q`!ysQklE!1B(Dr zu@8aH(|=^Yl+KXX==0EGxyNbwBy$hUj40cN74@mCwcML4e9`md6CoDV%snYCdpVOF zKy&2JgC6u+Nj*wx?7=)iHSse8a#k?I6{#IQ2+{kLHp*=ZHD_O@9Ga_}JFOnYRjzj+ z)U#gx0eK`JQ14=AEq|QP6;}TG6Pe?DRWB>nJ;~LSXI^!i))gF5=3Q6%&Uq^>^4fdr zUH{@VKV3vD3>qcD_o%e&;b-P*?e}nSVVYZ8Jfk?0&0HH=sfTkK@7I&N|!K@C`i>MvxR!z z-yMdr-bRNRKMH1sbeDDtO%!4hzgh1Y6;M^R&#hiTuEpWkvW(6n4XzWPA|R8|Na^jQNp#I?1F+l_Wg zz-!$)%s2=8YV@LW1N`3^8vcMJY{%$RNA$m>;8)PaDk_GBMTCW4yT+%fC|t!MAkY0U4xHc3jn>t0an-iJAVBJP3i zPfEO|7&1zKl--dKd=IxZuJ67@R0X;_3tMTX=2rt1bLnSn%`xbP_OR7Fcohwr?bV%| z8w~TY0OcjQqPSGboHdsGTIDZJ&~+$Va-aCnyuL-C6pH}mZW{M*13LiWZ z5_I3{xAWfFl_V32;*8`?%Lu3U!te=s&gi{4iLr>3tG;s;6(tf=Z+=gSNE(5K2cct% z@ESv2CD!_lFo}$V*XnKPl$MA-_&j4p@p;kl;05q+52wnG*!)-qc45hxmz-epP`Y_H zYLV0m(s&}>*xKUOXyd4<1H7}y7 zf>y=Rc#W<5$UreJH4$A^e(xKrvmdY@6v8((XA|zrf6S3cxV`e*_hktoiT^)kEFlrp3U1UOna~O zAK1-hSn(vMfs3-d`H3XmK>xgJ&ri46szBs+>sL)z;i7?$N*=e1moUd$(AM*gWv#p) zay&jqRI4W-)6b-v`86dxY1Wt-@V;-^`W7>mu@*M_gs}Uc9l_$ysFbF`*)yVrj?qs9 z(I$!ZC;p$>=nSG&zp2`qi9X6h`$?=p9|GukH@|)9NIYi$USa5nsquOC{@!+D`A)C z+$GKB@VXr~G(UEUW^M}At6qO-Kb0H6R{q85Un!m=!J{PN@Ir42w%t!Lytt{WtzGI8 z>*C-lz_H(K&jla^D&gVbsTyh$Wx2i??Vq!Ft%<*yo2$>i>^Gd$CpOeX>^5Ua=J2@9 z=}tB2O<)_wWs(MHlVu9H#~eMWM6Y8g;YUGH)m&g`??zbvgx!ZWXjBW$Tfrsc!(5DWV zv-WS{mYi>kraF^VrHT2^@Cn~{RW-j=4ATa^Q7J!3!4WzYBak@^sdTXwNxCiuUM7#i zK##lex@qr2p|?C&&Hvi|W@C9oVIM_gY<%*0Ho_4hMwmeYwchR1^OT+} zI@mJrO*E6s8dFO`+ibtZ+3;_(O0-N2#YG?8N`#i3Kz zYi`^A99)o2J=3DPXDT@?Ceh764kH#X7+7N;y;qz3(hrh}z=9@-_SgT#3e7w*R)Hjkt?j=6n=^!ApnT}C)Rxz-6g8)HnB{oMoG8%>i`Eq2FUnAD`lOtS{Wa>ap>-!0>k)5--4-C&T-uM! zexLs%EV}EJt5Z{181mO)S)wn2kg-kk=S~W(*EbsJN>VW)HYP!uPgQXEzJ}^oLQh{* zzb#B_8T!jY!J!s2RX2xRbiO)7!?|0xJ)9ri08Qxy0(-tEi2sIz`!M9C-J@5mk%$ub z_(2%P_XMBEi+kwusQEGD1@&p)KM#^$9l^)k-QYqUE%<0Kl zVAO53W3JM#5B_Vn!Dx<18l&n2Q*=hK1c8ue)pjz<)Qt5vWG?LG@6YPi69wH)KZeDE z?A$G<%(qjnlZD3EC-)OsB&66bmHl-hBL;I zBnL|C((P26@57gxCe6ll&S9}ALYJMV9_&<|X?cMw6cM5-={v<3KIFl$r@ZCI{g(kx z49a;T>({rd^La;u-!GT;8TuVNz?lB;?}?bD86n6fgqQ@o#gMG<$nvtfU$QKtgkig` zD%grV!QO|l2?HC_Brb?M5W`uP5g_6`8Ki!!FqAx~ZVaj8QKp(=x;(EK5wAn#Ybfzm zCKS$(5&AsbY@$M=we_H^F0XfSLSN``41VxX3_Ym-+0|n9eodr$t9A zmQL&>PN`cA6Kx$Gi}uI51Pi-utFHOaZO3eO&jeLtydT2k$Ux0ZwNgu<|R@ahS#w$lV8Is>&C=gPD?j>rathmDskPw+jAA z*m=qJEv!iNF=xck^>B7OG?MS|(9k13txdFN|Iu<2eOVs}_3Gk)tCaJ{g#JTky_yzM z26;S$;Vyb||Mo`dbJ1dHy%tt6-==CfI(~pEu0|iv_W&L9)A1xCcB=R7lMY_=eH{Mt zUSwwFavYV%t#q|`p;S73uw-z*i4Q|*j*PTP(;eH&FbTR}GNY13P&tN-r$1DA5yv80 zQBnUYTody@FL7N(ejOOVg`)x_+nHI6g9;?gV{9?7l;?lULYh#f$vTGZ`<^F;POIXTIo3FKz2$PrpcP4R{8he9^PgB`DUXe)J@Ttes;M5Xvzl(oK)hk;-Thi>6-q-;3xjG$3#b zmV$G9*KJiUJ1>pv`kFEw+Xrsrw*o&FId7VoAjD6Xs!Pxfk-_O#ko~dT6<`QnNe|zL zGkM-kkFxaLo!z~xH&}dg?tVg6>BTC;GW{r)jvZZoT5kEmYW=p^!hw_5nmj0*B@%{P8a_soBuqRcl$ zTr!~)Sm*Tel90o*km8dBl#0TaQI5Jv`ySAt47(r_22n5WA$=_K-2cYKeS#+wd-~|S zMa6g;lI@U9@Qa-kKE-D5%X^+~VwY6PhLyql)CCW9A+y0n= zf1Zpql{6s`K|Eu)K@6!X@&GFGoKMPaGOxFoC=9#~MHHW&-C%vY`T#DZO_ zn{`18H6NEaxoT4Ncjs}mgq)gpS5;A!P`JB-U#xA@b(}tfsKaZW>j*>vz&ZW)2VS1* z+1d-N*Q?DM1t25L^;mA=y9|jvj!Q}Wq0-0-C~A@Dgn11EfBd~4T;s1N$uUhJ+{2lq z5EkTjh{ao8$kvh49xtwvzgo_*K0`#mNzXf&m65!g-FNCWqE~rPgXWFh5T6kN-M4AocHH* zS%`m{V)Cr#0v6}g`M)WrBiG&Li%{-Q8AMWaHDcq3bwJrv=)dCLjnL(dzOal#+hmUK zrQFtA+!N|pe9C>k@V%U={QB#7f>(AH(Bd+11^_NQiKb1Dw)Qyx?Pt6vUCl4>X_4Lq zv0iItXk88xjE4uBOBIFfK>{WVNHT)gE%=2O!mVm^cNT6v1BdKdgM*qSn%@kh5D=XI zC;~rggLMW3Dn~@J3==bu6GeQks~=oBCOfzsrS`D zp)AJ>c~S9}FITt1x9je{psA?pds9pY(Z#VN`gj-+ z6fL;ZP`iX>^mlWw#I}6I7*Acyin^qP`pZ-&Nx5v|&+%d(^?#X{6}u0j73)Fb0JFBn z|C~5Ixi#nYlP}Z-N)q9p<=JY8{<{e+L$|1VU?VHlKiR3Ybu47S3QVnN!N+)zjS&a@ zzju*})y*qlF)YZ}V_-}FNf~e-X%mk}EH;rnNHF(8927dd>hm@iH z!JiGh_rFSTK}Zs!L~}v(K(%lML?RPV1_Tg_uGEFLWsSF9kEbLes>9|-76fh;j#U?y z<@)LFMb=@Nx027^F5_)RFXNHt$db7h_QMHpK7m-C!in6_Vc+n{4f-3qj0D8IrfCyi z#b>!*hUD*_iqN9oU&-PNO%wQkmVyN&Nw3OCeYHz}WpH#nmu8V9M<@I%dz*fL%!RYQ znVO?M1BANj1`FS2gfEtM_X@x_Su;1x)ywskbF(Fi1D81;9a9KcKIHk9Io`N{be`zX zUt4hD{!M{Pih*1EHOaW|MPUDRq%}!I^Cz_R57D~3E-RRhyIDows^0a*qm@R%_eLXr zeYXn&3Dlc(WXi?W3~B@aXKAk6nt=xXdQd>7Ks?y>bz;Zk4S_D2Wbgb@q~LMGTjPvE zRrH$PU-W>^=X5>M3IVIKEYBKzxT;PsDY2W83{??PQ-uPABiV8vAXLT*Cr>IdT(qgaH!aBtW;Tr z-`uRB^x9N5mMDk{eov6f(9;cla@Db&)`8r5IK{coJyY0`0hr#E?c4sHM&Vu8t@&Wi z;+bu+%%$FkdmXE3|2cTv>`C3Zefb&9FaTV!)b%nbC}E|J%jdXJ2%~Jw0pB4@+OE|b z`mR{hxsO9uT(CG12QMKuTFZ~#`LR~BNx?CJTy%~8%tDwlmyg~Ujao0DAg}T>X||YF zncmeGcirjz-mTAlQQbmCgxNIYwI3^ShKDwv{EG(v`g)st5%cPwqXQzx{F=_UibJIVK$B`Lbf|v-8&WxLfB^QvEbI{II9fcsVfHL@isEwk5SX@_ePd5aOHO4s8m-i`c?4xgD>nplRK+EifS)|PoLo6JMh}vA(9`?8@A@>B##&TGG_Tp1MA&kxXw3!e+# zK-JiwuAkL@SN11s%#u;ogERit=TCK9+mSjABD)ra`S9mO#%xsaOR57~09R|KG@@_5 z=u6-^MRu*8v4eI;NUP^1%i;3!^6cX;Ruv_20DZyTlvi|AzCC37-Lb)H&Y%=|cYq3l z@-?sR;y34LOhtbv9NIzWxd}xBtH^7y$8~Luae0#Qsr zTnw^!)zGigDaEnhR_+E2eJ~ZO`6)-hy|BETzRL{t_9>p!>8_4$cJv1m$@=Z2py3;l z+wtsIIp*n3f8W;Q(yTqITkXq}fF6jC0|DXNv$+O``-HKo;^MHEhjS(p>Ch~Pciwlt z7b1U|S#daY!^@2hv~u?>WsR(vUUS>^pH zq~%F)adkcVNmRYidHTr~ebeVvlF;i33fW*^aKufUgv z3}l(>qr?;KY`VVk@9rO79>2h%p(}q%taL-hi1{}QS`v4+_j=Z#mp8}Nzwr*wi#hY* z2+TnYHAAF``DjEdlc4|P5BZ-^9(6ix4&Pml^_iaNlm9RXjmWo*7+0q$B$Mf1VU$l=*!3#Y=!S&ik(Tg~RDe9f&j)VrMn1%f4v+-mwNfekYJG`HJfHOmjF>C~XsyBRc&4 zI2q|T0e9ZyvwIme*K49$OZzKM;ikTVjWy+GoWCZ#w#)~Y?(3Z0i^ZKABJo`y_K$^l zkynrGhi$S8?lOEKG5`C^wu=(r-x{wIO*}OU6w98DoFof;E3kh=QxUpX0=$7W)DFmY z1&K{m$RZ|e6WJrgrri+syC~>Gw$+^x0uA;Q#wPV;j-6zOaerDZwfg(}<@oTGCx(Ze z&L}Pb@z%veD*6TIR9B%sFmZcejIeMdQ!)Cr9 z!GL1hF8!kd-oJLV^KJKQgt-x9yp17Kq>`6*6U9RBZXKbPB^(c(>nVYJPWl*?kV|a;5L!UvUjk_>Ino`!87zIKI3WEtkfuB&kfp z=1jD$1#8=z1aHr9*6ZJ`FP2XTvZ)z8F9N4?2)xS;Ns#ApQQj7f<*B9rQp8T%W>K1WkCqUCq{NgoEO#6F=mI_ zPK8WjwZ9iA@EFx$Q^iR8ev5$@g@EDj+k)+n)YRF2hAzd9Hg2Z8)ttuvxSBD-o&Jmz z@chymH8KMj(RP3PE%XG>^3=%0gq(%nAxRYGuhSpCZ#Ec^^YHxaeDR1o19f#>dG=cy z*R>5#eEuQ8TO4=Ve6sxvx!@^ij=WVz^3~=G~Qysi?##lyg?@RqK-;Ff^Tm>Zna!U zBm6M@{t|ao=3G<(FuFMeTH3U`0)%O3X!wndNaiLXT*9n-F09*Gg+H)KJa?>L&bnb1 zTr%BrAmC}Hi{&xj+0UBKnX({?hYF4?k!k%I$zcDZa!fs$SLK+k$MFsh+06~PmLFkD#ZPf z9xW&F;DD}EzmrcQJ!_6%cSuRmI0D?qm^X<@EycxV&b&-a7$P!FY=v-?-^L#ahppY* z;?De#IGBl0>)H-dSjc5?ei03R3kyu8|6+CaPcluF z^HUG`?>hX|aId?Qlya0jxC)B4v{O<5h{3$l#lWCikJk+!Bh7bjF}VLQxL7``Bfn!< z{Kl>nrXJ;^NX7rTB#nR4kM^pu!TXelpo+PseDAKIBvAycJ&Nu?p=46u0v1~?nhWD= zsulTUv+$eX19tdu?&|$pKTKhQ`sIt$N=4bsX-)b4Ot-INSG6)}K9%?Le%f3%|3~(e zmX7wBDm5I=%mec&!yhw}dmCNJB3af#8Xa$Jo;Mnb((*{kqN{iF`yUaZ1nCd2y@0b3 z87)>gRHu3l-#l@+;<7=%U7sz8z-+d;jhC%gQ!6fafp`DkB5Uc0Nf-|G+!BE=uV2|6 zVfxbp%(xuetm)2>fELJXQ+<07_G~5MxUN*l(C=8<=VD;7;q+n~B#D}Yfrmvq4qL7? z9wB#OJ(!Lg*Z2$1(COzc8q)guoFAHIw)aEJB(^?0{K!aIHp`s7=*J73KtMnG5Q-Gc z!{WMAtkOsL`T_HOpum1JmP#S#q|jnUsqYV4N$S9IRu%Le2NKS`cF#xDyXhj;VWiN( zpn&%mL2Kb+Ez6gK$ZMA_qsmM6AyQR>WBCL@9&Q&XYV5fl!3KweBYe!~zNI|iEKyUv z`}l^$g6nUmt(g}H>Y>XG=&2iOosUpCb&uQx37sMP`+B&%nfNn|T0CwYU*X?qt7%Kg zq7o=*1ia?>c%DmCWt>qE6W_v*->YzX5H|9)K?zovYlhQZiZo#HRKb}?E#qrHZB|u z9WwttYoD9z!zX^P-~{0VFIr!FKEv(bwxzsU8k>Nh>OWKgz$C+XoXioNyPXnMRTa7} z_WNlESlec;`-dYH>gm>12=%W1%z398njREUy+y8v)rC4;ZumEg*vlVgyR!JdoE&Q1`fS)T&MA5M1 ziT(%LL32!WiBInHzhP4k57b7hXd@&>;KSmH!}SA@l%Z=MLUihfK-(J z{!KYLGFiHmj?c)-S~MI59}|<1%+S8X24`%y))1YXoU->?4ii3*nwBO@Kych(J?DXl zfKm_^20c2(YUFb8(vCo<79Z>*nfyBr3@J+zhEI$(%E3n;H=>7wwZOQn-u$~gb!XR< zPdR)(72#vS{#jz9)&h$fWzIHSZ;Vg{c9xEcK#qiLV2w=aV z8$PfhVS170lQOscGy4Lin08=>tp0%1?Ns@rA}ZD;Y0gAZ#S=#2426GP+QhN$W2;p2 z>48m-!3%349r6Ct<*ck<8FoK{ExU0rAh&}GK~&$X)J@@=dUxFErl*3|h@7}Hz(L!Q z25H~MJpDT=c)ES_%3mTuI(vqnLV*~j?G0}N2p|-tAc#r)8(d6G%1>V+x$BZqJs@;= zY#rS91bhlg*p9gHNxIEFzS}<4B`2x+DZuSVHuUOE>_;o7No2HVx%6m?!VAX{@cS zc-dp|oAdmz%vNu2qJtC|!s#Sq?tss&k zIaG@y4kDS9ESP2I>!O%){UDc>S8uA>Ss`+7bQ;98EdP!Mj~Z?-BP(330dDIsooyY_ z_h?aQ?BRV?iE(EGQMNBJJQMIg?X^v8jDb%btMSOO0W<)(8R{SGT$u0e?JZ>C5;ma> z&9M_tF#0xUi-K_vqUE=tBplvD2vZ<7n)3KPUU1EiWPudB6?e`a0~a`*rX8Lt@dPcf zgEnoA390F&Amp^_gAmYfmcOIkkG+Sw_ZwE;oVz)A{_BVpr7b%HG`m!1l2%wGhCEI} z7)%JF31aiCmq|FwZ#w8<;3B5gy`pdf>L3U}q5^#O{W>M%JjveP9mfcoGT?haqa2azYID)1ul`H(JJtZ<^Im?LMwC&-VyAF2D12|t zKwpi9AIJX{_~fYpc~qyB_%v9x9Y(P?hqk0E!?ZsI0d8!LlM(V^tMmHY5c8OqW+}@R zH&f?wj88=_Ylwu)pI(F;p^|~=iK(-gqXDRzfcf1ZL}a#!@oyZaZ*TCW{myhMBt(qj zlt2+fb0s-%fdnR8h&`n#aZ*cWufQ6pSC&GI%)!t`lll*YP7gRRO$Pd+x%qM8u^=`W z%e{GRIl}F{k1g8X2XrlT%(zok9mXg_enL+0R*%+v4_<=d8@|}oQ7oCM+KxJotp8T( zaZ#NoT=W%9$w}VV2E+e-BN=Exm;bN2o+}VxH^IAE`HZ}>&0hI^Tmsp)A+Gtu(`^_< zP&JZ`LRDatA^7?i>wAQnh<;79B<_UaQe@p)8Cs-PXz)#n(A1`a&it64T zWg~c)9fFjyerj~cB6xzHPoyL%EI1SR z`Fo3Cm1HytnuVe>q|@TRFJ2dI^DrIVY&A=1F_niVNJgF#qxelR13Td7&tMDf|NUkP zh>mMY(F?3?_P3(vIF}tm{Dxfiml!D4F29}qBc!VFr2@jOFG1=EA1%WL-H~zf4*$AB zn(BuPvaY`8RfjQqkir#RKCxf@ae~>?(&-tKN8X^;AD2+0(Lxoncy|#`3wE6Ouhao= zKCD-gM#EPCn{tiI`_}Tk!f@^C(4oY6IAJTp;)EaHD}2|z*Cc;pQq#!Oi?CBeN4V8} zeNDijBd70t6D3EC*1mVuPc!@MX)Iq+iv$@mH6_PnarP2z1MFVum+$Vx)~^}+*R1}% zKJZ}*yxbLfIyHyO#ZyNG6gp5{{M~JDF&yA^l~y$O@-$gaYC^h9-yvU0nMR zA_GrwX6_&kN0qs!NuLfTc2BO0q*lAP_NDC_RXPgqAxs}I!OI0!!eZlt8(OJ|eL1XJ zCjWbugan^t5=r$1t)|IeE`~<9OrD(V?dzHV9c0bjE$bZMtfkm(~8SJ+EXkiDl*GasoC-7%LW+rhz|l z269a-%?2c02@{~AA-K5$tA(B|96e*Kx(Yh`E0mU+=5gZ*{+mey^r~-p7z6$N)9zaO zgXdbQf0w!6IP7Ve^;=V`JKs#~O^uzeAPozwe%IR1iu40$DpevLhf=u9k3=eszjn5lGORnqtDN*rt}%ZmgqsvNr}nwp_=q9)IV!l@t7rY<;qljFog10dtNgz$D;^)% z#i@d{!@?uyXz+51?6DIBEz)^(w7oz-enS2;62XQNQsLGUPGHS|ava_5aM;g- zxO{t3c@@6e&Jjh5g+e1w>x)1sV(0=F*#B44^6&xx8;1-)>(elQZ;AMiFjmFvd>wnUCbn(n^ecmS>t9yTE%rBCf^z@1m-%k5H8fbH&Qq() zD36UX0nwP8<>lq+BT9l95^o!DdC?m$C|TuNQw{<=vBKioR%}&UheiHvJemgTRrZf8 z$yrY_Wx1!j`4MUQMYiD#%a{p zwrw@GZQFL6#&*)!YHVALZ8Wy6lXv(3JooJp2eabhY5e~aQ#RVkU2}K*Hbk76ivV?+^1jbj1JV)WQN;3Y6Jl> zrl~v*3Crai%ubY$UG5Lcx7J%yXpqx~*ZOag~5T%F-l0H4BUKn-C=# z)%TPtU733G4>3I+H^;LL|25Nwy$2`m&Zmv{Q0`9O$zFjgL9@DtEMUgZrHivAAL*%$vL5nH$ zSy*SVgzL*S``ju$URY*&28KK!0Ve9IadSUDG4?wZPlpZf^`~KQP|$R4|LYu<92&w5 z1T!FG_IUiIi&0+SSd-^$y6di2qG0c3ca!B2N?-d;z^*NB?CeZ8ox_d-fAGN~+o?|W z-QQ*})O9}@QyS|E{(B~f+lN5UvG_F|nwO4mx%XzhW zsj8__KiKc>?ZG;+gD~lI>D)1(5vPSV0Wp_4D~u|3@rmCwzn=s~4}AW9Zmo(HyeCm} zk!iKM#kjr&g%%7DJj$!9$1H;#AD2xw7_yE0Q^j_rsOjQ*yAl~BaB8+nB!0{b4jx4O zK2`gD>|F6lBA{syVCrst!X-6QA*O1)qySa()2^z= zO_z3LY2-PKiMav9M|r;<8MyUW42=7}xH7#I{%aqiu$;GZINx^;^;!TuGua*B5tl## z)%3=CqpyWJ&Gz$oBG5EcRLD0xE(fwF3zdnB>OGb;#U~-5p*FZkK;`5DJ$pmw4?s}v zO_=k8@Xa;>{HJbO5kF^|Amj=fMjR+42FzFx7?ROaQ%j9&a%!ra2UwGh4Ce$)-t(4Q z&piE@8fo!3WG~q4CGJH7WWDE_HhNqQqVhAWcCqj)k??sM3bq1rj-#5iHJ`xmOdlZv zKxZG+HwsfZUxD=vHZ39&WokDBDfyN{E`7e8`>Xo{{^OkL=*S2%KPQtM7R2LlxJpCx zH)~}+dd(WcW{=NJ0ELkCse*gZKF_)Ug4TyYbM5hVs(bEHH{O^O&^ub3^E%9y|M5e( z?tqQ7fIJaiH3e)Q(0qP5IlVkCk?Ia(2pc7~)zH(EDHtx5OJKUM>&Op$!JpOXTW+FP z;h5zc8e;`HUOWV$9lqX!}2B>AZJ*cJ^aTGCjy-lv%Q4ukH zXK1^^gM))hh{h5C-N_ubRcW@SBc3m%UPfE5jKjDS_YxEjX(HJ#8$#k+%ka72`#%Xr1ta}>e^9#3)`jXx9UIq94 zeI!Es%l)~WFtO3y%HjIO3D<-d=!u(%= z3SMp1`5$70CVW#k*}$eNdoJmz;{GovY?)3gx#!t)1%17zr~3E)$e-|PYHF*dPD~_Z zEg*%Yf6||tZ?}r=8P!FP(0I;m)>-f4K>)FIur~}Rrz{K1f0d5+^)@GxC;)T)zvzH4 za%jDfchA+v{YO(B5O~&brG1|Y_v|Ossy(|SgnvEg{TD;z_JIk@!^@mEF#PwWC=2bi zMzl@R*2pI+CZOM4HLW=rk{+(^J&MS9mhk`1+n4XuLtG+;?!K%4Kc5i(!CU>&No9&J z(8>#;vTXIa^Fsa!13^rv@_n-GzY7dH`Mk|r(wjL>^m_9z2;9m2`J69lXZIb$P5*P5 z5{W?^^Ue|O^~0fptmcXC=?lVG&KcjEUScQq;t$6E#n_MxtK-p)0Jiw|2>3oZxuQ1V za4gMVaf`08%buLTQwM9IDiOD@+AT?u+<7d->Tns5(8Pk=5Cs4}E^t`VIgU`TQm#q< zI|E+OCn=}*V+`T3$?b>J>tnxzu<_|1D}Hx91+4|$A^oV?aC5KYpzW#ux#8L#R%e{t zO%kAK2KcNg%oT;5N{EaAXcBhxXV;U$sn_VlTloy(=6v*Vl&?Cb*0I`j%o+KWXUj5qr5 z@26s}|G7fG(qbYzYu~H5xf>k&T&}zyU~D!+w$@9QBrf`q!4R_k4h#(3Yhi@MPf9D5q@kuy=DVN`VwwR~zZ$MMWGpnHAF_(z zLdrp7KPt;Pz#f1sh^_*39rv`C5v*P<>W_f^s-TT07+6E$v>FLLq{~L#50mxzqcBG< z3PjS;2})bklC>%U*q-=z8^K;W3V{}0C&E4Be~AgB8O^_`nd%xEG8XwE=MRmBm5C9U zUz`I*y2KuBxbcqEQ`l27P9`*U& zRi7wEp#3Pkw@IyDy_|-kgs7^GAo-v#PRtJt{OGI7 zFezV@Iyg~xBT?`-G_7GdE@3QUXGH#~)&Surw{x|1={R>vUkuQ-bTvBp|5-e$;#Dr} zbBB8s9mYKbDmgj3TWYDj^T z8GS!_8SNUH6qkp0X`ZQAxyAp*Z$Ug^(2}HHp{?+H$u|EUw`ul(UMuO>ud&s}2Ddq$ z{Tbk=YfK2HVkb;;o$}SRsJuL)u8xJ8hvr-How~ZZvaK!E{{EqouWL=5OsR=AJ&ii? z57`&fMTCz(v&f6R^9Hb~N{Wg^_a?Ho5W&GA(!8WWsaZdN-n;6~gleei?BZ>Yg#E@? zroPej;GvmUvrk$<-kqLC4kaSx3u07B%Ci6<9&qH(^w{jFvM+>WI)@4Ygg45fqW!zR zF~YgUO06B}9-h281^(6QE`xYPm`H)#xoKppH5RQM7OLSA2aL+Rn;Yrw7lIjr2V$JI zgS!M7yn#=81X)M(2znh}A_K&2hxCz#*;FN#&KzcK@(%mXvUhZU6*DU!0Y#fia)?>3sZ zl=Y3sm*iySpONe!Y1HGyRW-lKKU0wwzUaarf3Qi(<^qMf^e)he4;;Kn9gOp6A;yJy zR#}|V1`$=j+t@Y?vzZ>U#d2^^X=6gZ34|cvRk(~1KvYCbY<)`}1PK3Lp`20Hjg7uYOKv%CHs0WNy^i}K2uXA z8tS2#)pf$3=IjR4$7c4VQ17*N`vzclkM>j)N~#4uWY^B{4P6h?3ZOZ0X4~CPF^I)d z_59KI(bU6qegB~IlGVM!6?DDD#PEYe{T`;E!>GkiWLrf*m+{a?KOZ+2abBV9R+|c1 z;Zs#e65BpQe%oyk2sYG`U=qg_`Bth@5~HfFE~?XPn>U{6`*JeI2#|H`P3ttt3*xPD zYH*$hwADl;H|9Krsf=>65=9dI(tZM zHWuZv2iwZkSo}}NfkX)C`|J&VuN)B(U-B~7@uYG{mLoFo&;IYS9H-*(nVhub2+MKz zoHkh&wCQ~)18AUkE~<0gMwwV1#ew|a=V`;tICX}KrJUwFP2i7Vu+dVJX4VH!A1oW3 z6i~kEdhEHL7T>dZEIN=JY3BW0XoGZ_`wpI82cBNv@*M+Eot0Y)SGOnAo~Se8t@^}c zbg=u>9%ED0?o=I>wBa$Ox7y(G3B1*E2E6Tj%VWkO$G_0-$Vtw08k*;k-jB#yxE&C0Ie>e|9!W|*)uz%bhS0^Gg(i{4(+=?4+TJvsRx z8Uca0SmC7n2|4VXcXkgTJduIoZ zII0x>Ivl41b}(I?6&1g+6tTtPtG}x?Uy9pXWQFn_{20cwETMjkC1P zVp3H%2*Y}z?pM?-i9ewMbnX9cK8Rd%<&55 z=5G!EcRTm2nnH&>1AkHhgFoZc`77}1OSH>a)DT&?m^W|{R-oB?8s9CZMtQ$9HYYrO z(9yfw-deTb5)N-@_hqL2Mo0FaHyrQnK@Dz%^8Tbnx-^o0nJ{SElkl_`23``3HNXPYLy{hObbi>Hc zhszrzPPgHNNZ=XPq_%Ccx6<g&&ran6~Vu zk^A9bGv4}f1tWi#itqdJCDoKU8rDvB!ue(TIpV{CUz7Pg4bN%j?cFbExpcBWx6S_V zJSQ_n_?0^C;_apJ>a6FFz`Epmu0*{5{(vSM4+@ght~KV4#`14C`{X+whQj7{f>v%=*Wx@V9T6E* zg!ZsT#-P5~qOO`WM~Wo)4Hi#5v4slf{+Mb$t-?SUkZRfSRBplRZxPTFYi(`)mKGdT zj^}ye^$a$TvuaIIpTS{Q+}vtA#eE1qIyHvsb3PUUp!(ooG14Ca&NzjOnSofX`;pZ{ zbC+`mVKKP->rR@r#v6!cXDtRNL6p4g(l8g|v!u8j7NaG`?qul6L{6I{qx6N4W1KaA z3|j6@j%rZm+vIp@sHvUExLc{SJa4SDO%7om>JQMix&HEnhJ+|%dra;a*IbkZjl$nr z9Y^r3wzMX3*wUEH>WR}Xp=l{{}ue`)DVw{j-CHsAW8ae+!boz z3&JKgl{~ENk1e!fJ&eFDK9SH8^hja!YVkYMX_5dDKvvh5czrt5nibDl`A#$ouI8+BxF5(Gj|KV8rC$ z;oKEapB@{lPT28%xjC)=Cn#M6xL^ft23+bbl2iO32k5=BI0C+0cAFhq;zBwun?nB3 z_yS?(Q@`XgezDn4j29mqPaFq)yfflEOB#$C=j&@KOXc`IU{7Rl#%}uV%C$YD+myDn z#N9;Dl!@J9pkZQCGAawpo886!_OR-o?_QRQu;EgWl}}8_V7jgnTU$@$HZ5h~){i};S^WzC3Kh1`1iTiHlRCGBQ&1O&c@)F^SYLdrju zR`&86ljh>$Hf?}T|3zFys{}-j*9kNB9~RHsbELg6rOoWlS4q6nrK%zc(4`b5Qd%+Z zTiWix8Pp9b3bxke%TlAw()2B3=RustfYS_l>YPFSN7AkRh7U|H)T+mkBz z&80ZXb0-@Rw<2uZd7X%U0hY`6+oV6P8~2=%{4hYfkCj{BirSeqc6qviS^^fan4YGV z)}UK*`4rPWhUnCp_-3aLCt%^h@Xr0t3G9R9!Awq_e*F*lnOT8*2W}U%ss9PIS68-{twXA%I{RUra*m51V1fh*p;^c9svI(vp-W$s8~I z&%B~6Fx)ou0spA?6(oW>^dZWuM1uf?m6;6eFIKAze}0smnoYngPD7mlO(BNA%aX$H z&VB_*S+^*DLHLyQ*as`E0M5B6X_1r;P3)Zo|Ubn%JF8A*UrH_|X>PpWcvw!3dED8#lAh4=En; zFf=4dBstan)+VsV{{}cwM8Tv_dZ#{A?%`#5##J5HAC5_qt&gKAMcw#;?vacw!fbTE zb+GPO4y1B{5yd!WydTnCU-Fhi8}sa4iDcF22b}VsD+>zI;DU=(AgtKZePZt1ZOX`W zZhznUSYWvS>~%3)lp$~%f-T2hSCYYS9{pP3meGU=bRI^<4Gj#84v8hJC9^a>UVr$E z*v#Lq&FpsGxLy}&SYjeEiM41{3$W}w57{uzF%M_u>UC^0(xE;AMhc3}1pG%~q@mME ze*|Hr2)vUlq^~ZFm&W2?vnkvxp#gfr%v>%})l}Nv57m6P9+n7R`}Sbt`~vD9IlYms zfbhg>W(SFOt#2!zg(dGK*SYJ<&h3=h%jMr*2}K}9V`jHCxveVA1&_&4DEt%Z507$3 zizsg3K5^P&yW_R-C@ocPeuDKsX)=a4-B>Ks?AkMIkJMdN+WDI%F5NioX2A zMAZ&EW<&;NX>7b1Jq@P$bUIw$cN@~~ztqHk$%%=xFWmd;>rt!EqrWWhB<$9j(D*+i zSD`BKM1UT~s2w97+Qn+47Y50#sjcO*=AP5h9y}KNTG)}Ie=Rn z5gsqbNj=1)oN1zpSzt|phrExp6<`r+qk8(2*C36L~9O-E7VbVpm{KGYY=@x2qkUk&(%`w+gFyet7>^gk;AV6dc>W|F(v z*5rike!7{Z?|BUgB*Dy`(-ndTpOezi#=^_;T;*0ERqE-CoshozRd)Y4KhROSNE?8HhB?&(f=YO?Yz zruc&K>2;ENl%0<+6VSCUZ7EE+fv?eTimR);X;sOPz~wZXD__X?5E6Nla{CHpKLWD&l8sWo31=%n1L+R%CY1vVSWo=stQ&N`c>*}2aS2gthZ`s3}g zpLngHYpA4FZQunUKMqOR8$!5_rA*w%xL;7w#ZANR1|+#v^*B*x4!B`${q$if@|YS` zWN!aXL{S3db}q&&XZl*vFbHHPW>ty^aPJ3GT_?Q`m6%FcgD>Z%#Ql07LCk1`1z|fG z4$*~diNnge3GcW#SV2hRmSFrBN;jQFpy`0@VmdKYTJzoP%?sD+%0&&Y9KDh zXEhg7Gz#@JG2S^|Hc=?#+{BYQ&J_1$8U9~<7M z14d~p0)~gj$ML-Hlab2i8)?aS2$%GHeqcInp!D?znrZwgEp?2Dj!BxC5BZcqG@;cZ z-eqU~>DxwRxRtJLVN+S8Aw^~Pc$x(MTJs!-4`Gh~GlJfB{i4mzvP0TkL%u=4yIOIb z(a+d=M#a;t^4~N^OVlPnQL-^9DM?lWkvC=s^#SyV!d!{To2Kuy(6~ATl&|Z#le(=Y zFfiJomd3t0stJtnib4qte~P`Dvi)v=+a#>(c5um` z7pb2KJ6~Te+F||g-(mBA4;G^z5uOEBXtqy8rh((Hu@$snQ55^%bq+uujd+4oEyh3Z z!}<}19n<}xL?@D#x-tIiAVQW~QxoTXe?p!?ijB5suJq6pJa~^K``f6~=hEve0=-+fmK!e!0BLrriJi^i!PTi5$c+D=gG=+T z>}h31Y5wRcQ8_G3zSk|L@<$gxHSgBF-z2`_PLRRzqg6eS@p6|{4^=T$4RT*$Cg~R` zt*cAOFX*F6d2f**@_;}dF#F9p_mKHbS~@I`!Jk9?CiL%Lp%=G9fB7Y)ebGLqBPnM2`D5q9LNHmf_%749h#mw@1kn*OF4d4&h!46O@NI^i6 zCvvmRke9eS70vpU_A+-(`TDv2Mo#troaw*+kO0+geqL5#u$jkfls@N0zJDVlAEtn$ z?*q+{75V>tYoy*!)=JC_&3T9rWi`7`m0LCO3F%~twytbY)Q{8=($dsPuzJ$QUvkdZ zMn-9AEI|qENi*faO)IZY_p!fR$CZBG|N1Ys|KC4iB7eo?e}Dc~T1TPSMIY`kv(3u5 zd|_~&UFuQlR;y+qU4^%-pYu)Z_%|t(__ivkMALjbM_nQuYSoqg*aQ2**H7*ys!GRY zLpNjJ!G2gpT0i`pLWh8as55x7P?85<`Jy?Di;643%v_6xfl=&{y@yvykBd#yS(Qc> zecwA{{JEHtG^d9!U^2eo|GBI|K?L?>>(F<6;^`@hT7(}W@-m~fasi(bJBcWqiR=iR zdfwpCzFfQ*OwRY_*?=SS$I0Ub$Bq7Sj$`UoZG`tnV}@|`936DK6MCKP2^k?uu`Q9R z?tvJA*6fXi<%ZeX>W5y|d$FIbkTfwHTKj zDAP9B0L3;q#fneBJj(;v(J3@=2ng{G^MAr9To~OTjDj`tN+T*@gQ~1zLI}?%yCa?; z;mT0snU>XJWEq4X@RYi;E*E+$wmC=zGJy*8ADFZ2pPr7>66a)uMo6XrY*jw0r=JBw z2ZL!k!o_uQJxqo?Hbo5#1uN)apM>4=@EfIuKM4+6@!E4cS7TG<$Gr{PpfpU>Egc!K z&~36v5$nLrW$~qw>}uI({_gf~PzeVIs?M{9gaQ-AAeFcx*Zw?i{^65y z>97O7M-QdpeV7g8xxx3JYdM*oe9*_oZ_u>mHogX<3)D5;k{FK?uRpa?bv)XAsqkb?@(&pyTv2xJtu>+SWb(3{k&dF9o=ch!aqz!G`q%b_Y-pD0O3 zEcnBzaZ3i?(A(6VQ%&&wno0Xz;1VennV)YfK%IZD_kWy`?%Sglk6<$oKF!*DS>xgruZx-=;Go07f*gK9}WO5?8WANkAM zanBy3{P;)EAMxST=D*NO33CB`a8*?>@LNHH)zaU%xtbcs+EQ4=T|`d8Uzy&kkN7~F z>E1#MEv?8meidx=6LP9ErB)({sXRpAjxmPL)h}4}!;>YSX>C-U?ph?{^rhk4RJ50d z2t^|UWGRPHn__hO<)%Bw{+Osg_f(71 zL9)Rma!{tX)^&JfA?(w-#^C2ASlrL|t&|XEH?T8|Z;32DOPhjfw{lH4B|Plk@f`Ef zJLgv>GkLv@7qjtOCOb159AI^LpS;~f=38~&k3Gr1luWNF8McRv!m+boAUvMs6iQ2dxn4R<%gwaq%ATpE2}sxqx22D0wcLQCAvz5 zq}-8NqNp#3I_Tg8ZRP8TCt17 zvL206Xr}r?`DL&%Q1WQezm5#%ti0txEhw2Q{cNI#C3bJ~zYfClR>XJSCKCJv|^}D#x z-3YkI;>|jjZASTnZ(alTR?$+5aU8zWa307+Z!4c{N6+(E*<8%JzoppL`-D3th_CLU z{qaIY;7Spy3*$SUTVDQk7ii={D)W)QMP6s$A+HIyINf=fS@vdsg@w|tQ*XFz+pXj7 zuCA1`=q9Ca--^3o#aHnE{J@VJVuU5G!^0Yeo=MzB-GEXe7v>q>n3|g;qBl783{{k( zAv?5y-+TT<8Fz6N|2^Xr>q+N69!W4Lbf_pG^7kQ$y*?WuV^qkEp!VPuiIWam0OWY0)6NL z`zNOhVLs0HBv;bo8nD&KMg5jfbTX%`Cu!LoM6*LDWvF0HU|Fx(s}?5vTbip;IVcpY z5$4+lpGDo*Q3Sm{f8R;!OPWegsi5tvQlThlEtA^H8?^a0;~BH~tA+HX*rua6&u!(-k z@EVEZ)@63!)%N-UJ|FVyt~mcQamr>1X6zsveaQVToa-WDIc5WWm&U1uiH@X){rjkl zhabD3`M#SdpZ3i@YZ?8q*9E=VwX#u1gOFQzgQzuTst6I~iicCbw){J#PHG{oi4177 z>+*Qeq4+O+VL9kxnHQ6P_DX21dF@*p9vF{{L}9(-zD1o$_#C}PfKE))mdmhf(;I#f zHZT&!om4pM?Oh%GA1a_*90%(iaJy_SdOZ!g9oGa#AVg;GwUHo&ykfD=(#sIC`>Te^ zHv9FroAqRXL{UlD+?`enl*Zq~7|=ToFa|?S#nIY|c_aa`&yT-eePc~nAv5sm6Gtr0 z(i5as91=ctF{z^L%Q?)eu|ZN+JW1r}#9~0ByMY?`+#R`S@&hH;+2sf?pkvYHM1DpX z5Q(mCWI##ENNZ&*hbQ|{l8Maz*;k!&R1c|{8(FVIJxi643~zBR;MBH#mK-+5LRi9f z$wA!83YSVBXQa(6auaUZ_j&LvygxOoI=FdMwk(5Wzjht^tN*gozuO}iI+WVcq3Sz( z-Sqw5QhUL-r;X%1xt{ct?tHKa@(-Uq^m|srn`Q_9^PYoVzyP0f;LL4_9hVvGZ;ypQ zj5pVAuPHN;hP@S@5Bw}cJy#1AR|$XkE|Jv@rZ4?WQFh{Md2}C)ERc9ed^5+eB?ku- zC_W_e83`}CG`ulYI>U%$?C2$qvlHRHuEVoi-Y6}M6jtqbYMDF^_8W?o5j5AggUL8X zY|NOO=T^v079g}Dsag!9KYZkjD84lEI-NpW#qp5Hcaz0h1Y{qVyaZjS2z-pVB&`@_I? zjH1Q_>%V7S_#Uq!3>kmd%jLY9l;0y$?n9PP6iCfqSNhHtPRcKJ!PA?Hq10B58(iQO zaf>-qdcD_=J`{Y-lK=+3Q%>$Dm_!)rNfNt1u8cBj7e?B~M|oYMSTu65*dICW@(6k! zL45obZK0o?&d48TK8a-EkH@~4cX`odOpkB6#a2^DyOV0XfjVnkCwEyAZS)!A`{B8A zNltSzzF-9b^wml1#m=tJNf)7iq!tpz?^df&j?2dd?8H%LjNAza7Q0Qs=fTrUo<0r< z@Y`Qj_MM)a6C|BhWGS+vZdrytU&YKZDsn?)#c=(mqNlx$BK_-ymVh`J@MS!+`}sS z6yY|=h*L;uX#*|E%JCWGx8-sYGiCbZe?>d|vaFFk{jP3?vYfo3{PD#^CQoqp?lPxa zhq+12xzgfVJJ$TSWmLGLopnkIHJ-4`h(SU6_4+Q1tIoum@AFuEI8x z(~di8;4;|Hvggyn!7neFFKycB4PWN4Zf6a-oyEd1??y4fvha~p_1m`z;HO z$^AT4u{fO44E*WzwJp&gyR#qk9eN_qTHaeFHi~)RpDb33{Tw~ z%{U?a*7U@BZu)JM*vl#Bx|6zEKYNp^a%pAmZa?RA9&#*|+#bc9!>n72r=;^0L+GXI zXrsNEQgKDt#J4)`XszUv+#ibLPaM|J(WI!sey`StvH0Jhc443+ds*sPM{mOF-3i#~ z={0guOG%lWH)nr5h`V%_AGZ3CvbL@gS5!L)RqJ;uYH5}2M-F$QM2F3ztC)Fa71QCX z9u&>RLWUS=1r|_7p+<{iBS@7YVaoFk(be}{erIBk7*Ru$Nvi}?Iky@T%XT+iJE)oU z^VGW*5hGi}(Po3EZl&146Wf zNgy@iCYE>9h~7a!Ex&@HDA}a@sE?a?C;p9`u&w@mn}}fz;UKr!))Rk}Jrix0^}XXu z>pr`rASIfL^M<;r>TVUU{jg5G{*tTag}4mJ^O(r{3yJp zx{i5Gw@#k-yy3S*EJ1Y8$D?{1&8(5hAq{a>B21lF*rwak2EZV&a2!wVjv5+DlYh=f zHnSLV3*l4hpHxkZnAJtmK6{(qIBj^&k9I1g#6XE33Ose?3-6yq;}tlwG?(#}A2Y$; zAwj18)>u$#CFze7tMXTLT{>Gf(P;&?U`An#(#mRBZHJ{I=2PVB`ZN4>39fx#P4CYc zg&?ZAFTW*kziR5J1_kgvA-%mm2kcI0IT-Ippr>&;<)?(!yrKD>EthAA&LLJNB|b}m zHAd0j@8U~vCD0n@T)audODUz%=W{YLVm3CqJpsORPD@!H#qxkXil)G2FV+k?5yyI1%z{B3)Dl&9_!D^g66ZmbO z_YSq`xg#%&`N4R&Lztbv!k_m%E@2t;5#?^KyO%(Ko|**n=|uAtz*#eTj!4F$THUjN1P7hM=T$3hFs;=&Fnc`>kIkc5Tzl^` zyGDdK(u>>G60fC_$I~Sy+y1obr)zDqsAltkAYA)r+M#IdXt2*OKF8MS6TlA#(|ya1 zGYU^Yw`vJS;LVf)^gN(~#cc}%IQ~=~lBCv0SO)Re{;|n8|8g3()b629m#V>m-t9fP z8QL_b>^@}jWSU^_?^6>TU;p^nhWOULgsr>6i@W)6!*^HZ(2!|(#au*n&HRenYmws@ zvc8VDcX(*BSfRDrYZNLo80%iqfg&3tdm@?DQqL+8KRSuaD{;nM=9s*zs`4#J5sw)q z>vXAlc3^)hajx~f0b5RQ zx=wXLbi<;gVB^NZLeZ%N+Glf#IyJ?*Dk>W8!C3#y2uaSE9%n(~dkNvuc-3>yIsq~T zcY&;0KJNly-eP@;Urnuo6#dIz>Cyy|_V>*|N>H2o7rXEBUi{ZXvSMoNF>kY}P8ZLI zyL~bYVtyuH9zo~+<5|20RRJiWUt^a9C6HDGm^rFHgEqYoEbGz>DHpL00O`^GHn-Eb zEc_Xc(A3h=HgkuF>NSl#npYlW8as@B@4#iupSGU|auBMPI2z0s&mQ0T31O!UZFRmn z6J)ln(F!W8u`~%s*Fr!c;)TWStqs`dt*SIt=EXfpd>i?5z?Zz;y91Wl;#xorbEkKS>g5s^j2m{6bQfI^FRRH z*1-lV6}6t}tFn;$f zy^%`kbY4C1x$V-RC6t25(_il7-xCaa%og8K<>8V76y+d1e;guPNDvGs+ zd8SBwSaGK%EK%P>a6_`iYRR}JDqNf3*IADLQt`mW!BNe{#6&l`-WgoBYu;dTyX<6g zJ7J58zYLx8u+kpZ9T$6WJ7KvseR-2#CdT+N%17%nPc7gEAX%JH35WUR|6?sc5U` zeZA4co@@{cltt}hbYFwt;T%VdBn;2euAS+fUTih1RKf=Ly~9TvF~lURK2%*KXRXEc zvOGr{2UaM;O%V%sFw%f?Qj?@FRZt@EXL~(#AI-I6E@C7bp6ItrWy~q~ zbt+D1wt6Gjx4t9Zoh~6cO!>n<@?XW3F4~TNoSBfBxMA_Ra;aA^3{_XRf-wqwfPro= zF&%q;yh>-cdhSMRdA?l_*Bb9j^W9zbd)_ZB)c|Jq+r7|)eLs=-qm~8(EUdP?WpJl> z-hPKYuQ{~qiFwgs3>QizHe@+U&IodHI9vaNeH(c0FdVbgxn0Y6049;=ye)1Et}&m$ z8Bf25df2pKM2|z0L$lu@+eN({Q(X7(QH12AzY~oI=Oaf=_UB`M0z|Pjpo#b=X2f#|MEDwB#&KL*zg7L+-7l4=fmC|j$Mi&hP0Ho zM+AibBFoEZIsmmmPpLk>>w!c~@~olNHlFikwWax;fRD$3c-pL03Bq?u(Ce(sNX&uZ z=G*fstS{i0#%w;$b*|8Tm4kUbQV<*7BEOUEb2*eR7U`<(lG7DjT2Xp4czgl)GO}NE z+%j;#B8$gjM_Oe6`Y}x41CAtk6Be=}(}f8)X#l#>pkl10}=ai)wS z;MXnTnDlijPI)dX$?p9wEHcx)^{GN%Cu;4Y1^%*wQ{vGjUki)HG)x}M-Pl>iXlH&I zt79?8^Nbk9z@Z%Lr4L2IXkcWf%K`q4zNqBh847%`Ot*a^kFJC3mi$X1mx_COP+$jL zn1HAVU3l}BH|j9qBl$ch#r1jsC^A3*1Oa+p?yj-dgB6d#`B{?fuf3YpEZQKqfHDhB z=#Tc{ePe~vw(GPj$0?Fd5QWE#AtsjWc}4g!z{;B44>0c{h($sTm&1BVA`JRBJhmcJ z2ko|Z$Vr@Eb8{LT6y8py);&J9iY7cUi;5DKMwEEyHQ3qL@QjXcl0EMmSDrxFC4aja zr=%lQVDq}^Bl5t0LK`ifale!fEX4>S0;G_kIyD<7(29l8Vfe1nbjhbBy#V;G_YKtR zpY`&h_Wl?I-bYHZYZii8>2EU(y#zjI;V7iy`9M(=V#QijjZ<3U41IoKVYfuE9nRwY$TkyD z3D#_JL=gbIBi?Q_G1+uNZzJ+tJ$uUNy! zW>z|jOzt-36ovyK;qT->ru-jVbOB>$uA{#{Q6?rAS;$0#lsjtYJO<(o20lOs+IU3A z-ESwqv6u{z>s(xFZCBv@C?4`<7<%P-6?zLk(7>qt!WV27cOX$hw?2B2oHknz%Z>_Q zc44Z19-h%3psB}K%sCawlcG4xrxe7Er7$kZA1~MLI^MG{8NLOofF8*K0TYecgfA+-P#8~xj8$K|<2@fY z9&5UM`DGHC07X%m_q|aMVtj2_Ui&wQOs@m2meUI#MXLN)LBJ?vun zj1Y%_S2p0-NsK*|wrIoqK+BU=3K-?=3U}FGf6j7Fzxs^CM`Y9;EyLKU8vN+O*b%h4 zs?9(3S2Enl7M{TOZ}pSm^S{V_}3O;YI&2fe@6)%ch3U$ndul5lkwvSJ28Xq-n6?x&AOoLDlHFmX!q z?wfPhYZ2pa0s}g z9*J+V$JA@>km^IgW5Y6YmamX#A|?%aSgKMCR0X+?C{LS{cP-AYhU2(23FeoGW-MozY@q)SOf2fBN&yB_A2~+3d?DTr> zVF(Hg#$s~J4f!}KKoXm0NR(d{^Sn8hK$)~oh*3eO`Au{8tUwvYb#M1KSGeW8Y0Y)7 zKA;=)az>^Q2M?>1$-y?HhGp;=y0smx@;htH(&bk9js1J36pr1y3OArUTs9pnVUQoobPG8)Pj0`Y02a+jd|H*ivRx2 zBfBn=L3=>nE+)(*;tw;4E_~7Y?oe#%E-W0@3R&soRC(rqLPf%CEUb9+1bl} z&Tg-WLZvE_gsGPs8!0J=_?I;BCWkHmw#v$~{{C3L2%GBnXt@2+6YJwIp=v!y*gW8g z6!Iy)!+E*6%}MMG-x|clo&X8?qR#@~PE6T`B%dQABkz33biQU1yA|WUBF;jf^To??Qm#?M?*SksZ5ver{o1~bi4k5Mtw(>)6 z=HP?W)h@-a7nw-4UBzG;20r-y?-{3xI$L22Hjy=BRqdy@<&mij{eWR)jq3_rr~OLt zz@642&3O7dhw}|7*THhZbcq2N0FI5Yn61fD=nR6{2a8%jAsK3!RoW_a=Mv0A3ae6m zkA3_Btw@A^H@_y?$|`Twg&wu>{yGGFP{zF8pe$S6cy1Lz`laah-SF&>cI0wRpgYmn zcSs$M`i5TD5A)oO6xz z3rmW&=0-uX-Nz!I3JQXX*BBWYXYV#l_R5+M!=;%Ul^6Z12Hb`-^2-PG46wV?0{<6?i_!+W`8&g`q9(EKlP}9>#b&Xn zZ1qur)L?44PUZ@%;ZDLyUM zeIlIIdQ?K$oy8SwJwpm5=6Ffsbs_+~?ACX5OiUU*#UYcff+@`(g{2N66U^E|*K zTGG9Jw5cNE?Wi2bKlg0iR`8$KmDE?nwhQgi79n$8?x%(2gx|e9YPcM|>-!VNxm0k7 zxR~X_SGaY4viR1V3J4icx=aE_Cq+%j!SgTHVSK-I-aM`>;CG^Ur`PzkqdcxjHamIvHimsdxeSXxSYDuRfu4H9!qWGK!^XItHg zUJ}JeYcapRL9aZQloz>4m*jy<|5k9GmH^Nwkeb2X0LY6I&haB|j~qnm4NPZbN z=C(%HNn5s1IElT1J%-D8h7`;`ZTn`P^A;T$dMNi<#* ztuVYChiiT6)${^#IsDZR@9>^lpOZ?Z$U5M);G6+Rg}POyk}wZNhj_N->vpmzR2 zXrfm8v)2=MiI&oD$`IU*jR=A6lPsSKeYk!L_rBv4D7V6*U!U)?9KxDu{n`IL-5>a> z06I``{SFP@x(miz`9cQtPwndeB zVNrGdClA+2JlNHg-b@e5+Nz9)-?jG0ktq$Q?T9A?3h-pf0!Evqc%hbb{c&SmYejHw zI^`sKsz2AJtBiu-hP$*E|>72 z{C4f{hDcPHbs6nHZB3yxRb7gK4@wr?hTio;HHCmUN2K0Ja-t_+Ba+JxeBNFk8m3c$?G zip+~dWIVHxfzfUPQjh{-+wS$I%n9I>D}kgoyWHVTaS>gm%PARL8Qf9UeDvF_e}}x^ zr&vDxBd-ds`+|AI@_2bgM4%8|Uqv|66?_plM?4G)$r!>$Z$PqNxmOdHyk2p)J^%#8 z>7z-snKQ$cy~F{uiYiX}swHZ_Jg?KJE;S+$kar9cv?05}9fb3) z_lNT|bUGowCdTvLWpL^J4&1rDOOs6np}M+qlko^nhHu^=##CHSwVnWO3|3md(oI%~ zHnWrU_9#Tcsf_9AV#3^79}e@wqj#)2@2M1_v9n4XQ?5ju!Z^+w}O z&1x0|u%qSLPNeI?}6M&;JuQ zBZK^KjG8QcNALO7mAIj(--^h6=lbNO7>@P3s#5;13o0uN#ehOe0EtH+TsJX%C&QDd ze&r;x2K#tzBVx5H!|S;{(Ec0kudhj*xQp)ZNAmTN$^J&ZBp9 zHRa_qkBM{pHqX=EUtTt?7H1}ag|{x$gJ&+cu<7Kvn|RFBNaIV?AVecik9Tkhnn{}r z^l^0sg*@l`^D}!&LR@$sMm-XC?jsU%g~zR#=d-T1CF2_uyr18SRV91va>HHhL=v~Q zt1HcCa18p^giK1x<21ep(3g})uMa+O?+xroSLe)=1?Jr0Cjn_hmiH=+N||;!c>|#K z)U@_ab(N6Mr2zE*A6l?eLqpL!8!wl)*&HU&{5uiQOt=A0sfp#$F`Bc_a zSr{9ys-Ivh{FqZJt+w!+%Jlcm0#%*#L))ciFZw5R^RIjz&>)e9AQvTF#I7CDd857k zl8Z+9#-48N3~gNW(qq;56D??}C72FdT*;m=s)UfklbPN4r-WV03#hROx4SRr7#Dq4 z2Z8@kKm_}Vkut@=&ZwwBp2$Of3p85GB%EWP?x5|@4>pVa8p|COwl!Ww(s-#;NA(t! z*7Gcu%ax=7yNXZI$xn?ZPevAW=%%Jk_>$U8W*ZGv&YxTUhNCHB1hxYNTUxIr1#)vJ z(kd9*bgB*L|O*)UkLGoMiqoIbzqLjI+Ow599<#A7B zI+WJL&8n{|$?@ZB>T#*SVZ(l^kxy+<7k0CWf>L_0W_LgWq)w@YX>ztbkpFbUac@D0 z`bmqhiJcE>0mAso*8lMnq9q!w39Zbn*OYu8`|+Le{l>7e-hG$(5@xf<>tBbNHO&kG zH|~~58+Wty50m36I>r;>ftb>rUr=b@u0+i;*^G14#ehYmJ%R>rJRs)P-PdAL{DR4| zs7-Z4(>{Msp(j2kOe3-^9Er)3(#JujMc^GThmN>kc5E8UsJ6hSATOA3-u|T|6swE1 z?TtY|&+(i@Z*UsDQ!uFhr;C2_g@G3jMn^dC4jp;Dl@-U|{p8~O_>Fb1(&^}i_S69+ zJVao6B14&xo8=;e;KbtTATE&0KxYQ04oGfyBAc&_LCsDj$RNu3Zp3ymYj;bIM|U(W zE)$dU^KvB0MkKa8jz&i{_lfT<61Y?_K4JWat}HkrZPJA-OY<_;p`|9bi{7eiMVoKC z7bsOOlQ&r7iS4W%e9%!^$${(G13Tyu`|D6XzUEa+eK&Lr!|hz6Ora6ywuQUi0=L0X zxhJ7m309ewleu*%s~~-v%qZZ|iUrNu=`Bv9f5Xm)>vEoqT`p^P_-S%uxN}JhX|`bV zm@&VHt$wqMaq*)m1RB$02NcJtf{Nau`nhyPalV+3WTB5=to8A7rx0HW_`AbmZzV|d z?M>P3l0UHGMWIUK@KPS3wyvV2 z`s7L*I?85VsjX$DZWKhFzjd}Tk;-L+!DPvdI@op7y}yRg70{)n4$|bwunmfl*Bj;0 z(>{sgE+Jt0XKP}t=J7$@$v^MI_U&iR%8j9@Z?`%R6)V@DF3DXhF$cLo0)Y07F7x=| z&#+Ydln|{KD;!L9jN;&C7}ivoudFo(5cz}>eF#RKC?Y=~dVM*#J*L7Kcw(UFcC8~y zes0W^zI*;Ueh2*aGK!1th6aD~nGj1QUE<6)H346gc)ZZCjm9uKIpTl?jsJ`{H~mvy zZKyvFx|lcB0LTF(G`MrPUztyFW9sUqNW40qMG9qZJ(a~Y=9@QYq)Fx%g71BOWxAjN zju#(|?g6PKtZ=*aVw5L!PGQzzO_d135UrfLlfsQlREZGc87GxFOReP`&gKXV^<<8h zmimG>x2M~4&HpCKz`30^o=|}Q*;#{=L0mrvIQdt#nEsHZ%jB!fDZ|ooz!lnNoA!Wy zjSl4uo53`~S3yX2Gw0!1*m<3N!^)5qI5Do?#9r}dxuyVXJr2i|POQ~)=9m3OmN2wB zep#B@vTTCFI)7h;@|wSe-z)$6CPQh7g6Wx+DE~O@!7V3&$8R=d%}-zb(OW}8Hm8WSf%8&~7y5bZ)x+ zuk8U@f6q?WEG^u-$gS=jkogZ}#J{hGm9f)G4tlvQp23%}Y4hkUD*l*q-pZ5idrT6$ zZEh%HpJQ61SEci!X_6zpo-~VF@i#@Jb6@d}xWN5VA1~jbjaJUmAt%n_2l9&i4EZt@ zMWX-IV~>0=(0>p9SkvGCZ>jg+pAGv;R?jHn$VC*O6;ig1kCAhsSJfmgv=E;6JD-)$ zJcyCYkAkXWYQidf$N+a%j`dM)ATKA3AtSlL5GBgZ)g~3x&;!;mL2W~hny@amx&1N5g9*{TA@D>UqebkF~( z(gEk{A+SIb52EuEcnfp}t;~5`-=y)6kE)Ye&P~Ao_aO(R7I7Nr4OgD^in;i5=Grz| zu;UBc1!4k0QnMaZ$BlT5SfbpGvlYd8JpW2PhfQ53t~A>J?zIKyM7DA_&Fo+n%hsZ% z15V+eTKmrljLcx}v{-^CX*uR^#;bgsWmSW}>#g}{kGm&KZNBNyme$9yw7FU(>(M_u zw2T@sm7>_Yy5H7+{?8r)7b;!K$w`^9Xwkwtqr5v*1U*RP&o#uF$#TVh;llN@D3GUq ztHNsVCVNp)^vwH9A4hYJ(UB8M%*i81?VsH3p9!$771%0{|4QU@k4bx`w&#!D75gT` z`LWUIIUZ$|Z*^{?@Pqm4$5ux1nCGVv2KQ0;8{5kt|6YV1RNpp3Uqu-QIs1W0tu`k6 zqVQLqDP1b)5L4G4*IrU$ZUfuAObwOxwL4n*I5Rc=lX@#=q5&8N@R>{a!HU_#RKY75r-C7Hw1 zb4ga%VRhXh1zAZEPsTbjvwjZi>NwsBHK%A8D7z-isb6-keselozA%D03{G^Ecg+Pm zP=E&q2R#!;<&^A2>eaJyt-`MUZ}H*6Gza@ZHGO9nnp~-Q@iHgdPurLG^$lEG^hN;w zXl!h(0AXfFzj1mqk6uops4L2=US~;@=SJsavQH5QQMj$6I2s~-$NjOTrhi0IfJG|F zdXFn|I-V6NkrjFFM&s_sakBA|yy{jK+a^QPM|!q81Og05mpIC~_J3N~p@%{Y>0iND zfB&n-yC9@6&d+4hZinjYAIQ)vP4Ezd-Y+* z(9;NLHf;2wDu?vPy{Y>)OagBw{_ue>M|bSE7eSQ+p=$USe9-^T%IxW;7jBjc)!62J zUHE7hEY2y7MhOPk{(G5$jylrO{KUng>_bxJdWHS3H}PF3&*J4i-s03=mb`AoL5?H zLDZTL3`(>>Z>4uyLzMy3Vx@pGWe)>kTDB z(2e&3J2q{t+Bdy0GcRJbUV+@~`k*POG@-^&g?0!>p!D9K`+xFNm^-e>y6H%2#1r6q z-9`*46YvuVLSwbH@W#5R91mpt)hcB)*!l6Qr_NAGhq5bb()E0MJ=whMR9oX6_>>=> z8^hvx=dg^{1Ylw0Hrjv@R5!pVnkh@5dC!A1ShMPJF6)>AK!bX6c%dgi_r*6jIJlD#ue$y94gzg*V<#=x5wbC(K}br} zeDD#2CS9N>3#V-&M9-tiJ8|fY&7RF$pD<4BCGjRSPPO&#fqeh`*9vw`<e&~UF*O1+f|t!w@cvY^ZFFYqZdEq~5LuZLWJAfJ-*^qd zj3h*$cbd zEkhNhgzPGQvBQe}%5Fau^U`6iBHpwEEAuFkJQGk=$vDCU&kti|0$+2|g@`Ym%`o`C zcVL{|#ML#lI+9xcwr%ocTMkZ{LILJfO^jBi39V8@PY>BKfbP|r1W)TJKNEtcHghT! zz>r4NLN&^GX8JB_``L}^+iy26ULWa-2qFjYxMlMc8y>d>H_kG&{KgG>Zp$WK@IOdk zhkY(G#e3ri@yQ0!(9rTN`gF$GV8yL3OPIRrPld(uu;B{B0xjeZ{)LMB>s=_*$loqZ zj@~9uj)Y8(lFLX^)c?~j&oqM_7ldrbP({-3>>S#oNHU%#i^l;h&{j+Sa~ z*1E9O8oo1{iKH5V_hs{v<+W;X?ul$Fjwd?D^tvhm4JN*`wa13T{C!VV>)dJCds!+> zc;O$2$01&cR;A1`xAt|VIEnK0ATv+%G)S+6;CulQ-h3+zUKr zQ#AkeCOOpOPDaH9l8<~2X0|E>Ff%;Q&_`NN*xozuUUacK zW;`y)(kF64cjcIx{{gT{$yO|Bhrdc^nhkGTa5F3676WFje~$;RC!UH%CXaKdi*btf zC{`nrCJp3jOnAAqp)sG2K}#6EJuaRt@KID-lvS}+{JYTOhgeD^)*qW9SXU%J)%g6q zUIpmYx1x0l>2kf9jNoaDW1-yWk^2M8C4R`M3nk>hkCMQeyaKdyxM)E;E!W}TTkSdr zM0^5*$(%GmoWZNOrp+n(n!%Kdu&3>w#20PFTQ%b2Gcb*5%2Qn26yZGm@~)U`HBJ z9f`E=26I`fU2DQ4-GR%f&@&go78Y~VU_g^O%qYiX*p4Cfnsv|2>|w4HF`(Mvt}I1^ zz?aOfTf&--NOaBpc&KN;yv>)@Kr>x-S$(9JFGugQ8?E9wYRTA&wMIW@ZbSE_M{vi$HcGt9T z(vB;xcK*xj5l!nqKxMOTF;+)^(ygB1bE)%Ub(U$XW^n#?pjGu($z}Y*jsHbWCUvtA zIcDU|<8Dku3K-(%)>a7WB41q7a5r4o+AC1mghgzVg2it4ONm9GRPUQUtMIJs{1=pl zaed{Q;pA7V@4Euft_>{lkOaVajy72A=iJIjGZ6wV?Q!l#E#wgb`P0?8LRpgNG729F zwcq>i(=c}0U{cG@z`L;qw0^*+tTV>N`mCh?jqre9cODFgW^}F=Ed?24_Bd-<`rk)n z&ekS^J|DMqT9%zGDiHs^7g2C1zY6$_s3=~#B;}UQ$cT_}8&dl|hUi*+kD9u%F#sBlsp3iyQ^AkZs zi3=%IQ?lvY9Cgf8U`=3|_d>S#;3@qCZKqT1CTjbgk!ee3L9`rmcJC(-6hbcfVU{{7 zUX2tZ%bU86J=ewRdB=2|!l#k=^ciXNYHpR)55h4Q*W}}bKSZn0QO~tGqr=+WFgZQq zP;gyg?qH>1($&sio}(WIzN)BTWwB&DBlQ=$9fc;u-X!&Sq$ploclEd3ahz)N4(l_O z?DX2m4yg`^=deHs9w$xB5`UT!6KSf7kJ{4X`OWr}&`+#1T7=g+wj7hPVU(lhqpS@{a$4@ibqUDR7uI3}fd12)Rx?&n6WSmc6r^v7uwqj}0Ey zR7^y8AD@yG@b%)HL5A~0=_PoiP+8L4@% zN=sj{Pgv}4H#YNFo6ng38yD3HKHrXdpL8NKe~Oa$gcGuU?ETCu@OYuLI{UBpYoeNR z)r<{%2B*j?$sm~7ONrzQ>hF2iyi>l#jrV@o6!7FON=`|kCu5<|SDe7?z_qsc0dlm) zxsId(M4Y5wo2qq6SRe`K9}-+A2_TrqyBPJOGBP0Yj7xe`(*OVV3h-nQ5LZ;~fA zYY-Bm1dB)A{+wj-a@B96^;*o=P{OyMVSh$7=t43`u&W2d7Ql9rV+<>f&!$R|p<92c zBfK6MjbBTD2Z%{e^s@-+-UZO=R8yqY1UkAlSF8xWPtjwDq5g(Yzd`7;O%9BI{r6(d z>Db&I0Yj#NkodwW%o~7ogglP@YnkJJk&n9g}d@GFcpGoPKE0}=70zPw-g({&wID>zUwaUug&uRbwT z0WW#1fk%9ZkbcP#_qB{cE?IRx}MCnvEHD@xdEB`(E-UZ%|c#d$3$z)|NH7 z``HI=8$flm;*t!x>UNuBR^=#oqH@Hgvn?$slbdA=B$Ezbk6|a7kbUv&C|XZzC;s4g z;WXJ$vC`JX%Zr)+zdH=1)wmFFdr+=nwXe;;Ttj5h{4Z*aWZ6oj>ZR{ z<<`7YomDnZ1oT_clVy{|LIUHzz%t3|g?Fj9-;SRu1)Cp_{ogy?H78Qn#Pv;KPdW7q zBE+X)%6>&mDhk6K!!}XgRzp)a%%O%+c60vif3H>$9B=-0MDm0&R>>F`iC0R$E(Ipo$(^ed7?@DPW&%0@V^ z)vRfULU@5xgA19z^GbS{II$O=G!FC3OPeAavX0pm5INcJn873V5^6VE@a>ASZemeT z{THEBqG1*9?P9P0omdZ5H56KiBnnvx#I$JpkQZs*n&*x;ob}Ew2Z3gYfy1uK9Nw$ICDVvev{fg-1RSQ1-0wSSV}MiPi4^l%VB zDu+T_;8Vlvu39!72u}*g4x9jGCcMJZ3NG$<0t;a-0`ig7GO@X%#>XR+QAU@ta7IV3 zB)Ij+YU}q_XXB=U`}A%o`&3U~i#T5e7SP1SslA>xOhW$Om(^(7(O!0OTMn-iV=twZ}R&<#?#2w9fp z$7>&(4j$7t^?j}c{*@bF^;k?Navcan&CAKX&WAZSQtd}hBR&(=B^@r$Eyka;gbUp5 zUbr%8)X*>{{@$r?G&D>FylK-n?WPN7P}9V5u-=H^v&RwuDsLO~*K_MQ4l~REa(r(9 z5E{;dRBbdo;hDZs_o3)vv7O(dIB4?InfgZTssHVd8FJ(?az3q@X`IS2fch^OZ(pkC(qStRBLQ($9+ zFFChVDo~S8a>G4|*FdqS!8lA&AfD2bU3Q?uW4Gr_>C;(5rn9w{)BIKgcp(?&xL<=} zvG2mffZ4UjerCtCFC{hAUQ;3yQCk9&qoXT!kOmQPD~zy=Kfr8dh0SSG^Vk*C&=Btm zgKXl?4T&6|w1z+bkh~ok9&*bzjD~w3HSU-#esthH7dPIYX-1skdDzBZbh%wETaB-g z`Rx?~utOSm(lP{ydA(kuKEt9)JI6jlO3rbaI`8eb*QRGzO}38q?365|XYOaJWY`{? zCyw`y(fEEoH=j~1*$pxt-Wex9%sMQd?}t`8E!aP|;N-Tp8!UF#wQ*hg)4rl2(RT~z zdhRVF)%}PWAvUHK8Riw^Ec(>I{{gcSznDRcMkSQQ%FzU*9)mLCJO)1t1t-1UY zjkO+g;H&cFVU>x@B`NZnsu95GaGA8v@0Icoev1>kDvKJW)o}Q388+7~9yJ5;M^A-b z*Qwy@y#Nvtl6+g+%U+KydKcSm@4Pg+FV9|nH@h2hCq5+UL3+Xgd)(}DOc>&}O{-6D zGp$#@qUWo-90Ym87t=PPomvAg@ccmM6Hc+Pq@5w2?c1A~qg$)rx0h8y=FB>rwQp{p z{#pyhh5J?G&S_5dsO1(8=-5at<|uv1dHa5$r>;kSw(FFAI+*4372`2C~L5y;t#C~i6plTi(AB>nli{WQ!veW8cnqyvXwf~o;D*bt9}h6F$()y1Z#b)u`a z*a$pbCAdctA^L2fPF%9HFX~yi3%}?mki|-CxyIgpm#K9f7RE~Gb%XA*8|7W(J>H~9 zSh3nh#&`Tjb|P{%aI83P|CtosD}b0s8^OTv8@2%EFCLq*PbE67Z#b7+Fs&Na#gu2K z3f@iajM37#dWTu!EwcBQd&cB*m`q$%9Bv4R({_<1CJ_(HIEV%179P7@J>oLz{9b*y zs&BYUHdm$qBHkFA74GWCyK4Zz3MjV|!5`PU&?-HkQa>c`MYG%=FTHyPfb#W5qqjjh z|Mef%Ucww#`P>!H*=09kU7kG}zMD0lo6Q(Gg}OEjNXC<3w2ogqJ3YoU&_dm6PiKx0 zR%A*i8SLALKOe67(^y=KD<-pVNIs*(R}0=A_X}P9m835BuZxn-dt5NxNz(+#;RIi; zTn_4kmyTmHd;p|tEtFdd|r%(xXi8xwXzWzbw06>Ps6aGOHcmB_$6G}q;?`<7gDd%msraD!;Ml*S4e z>|Ln?J}lV%s0q+a-yyJ)y01i4C%n`4f7k6{l_2=5H3#}W&KL`9Q=2e&J_6KY(@WD=GQ z1?=Og_3NvuUUCCz@i>O==>`^0IL^NmL4fhUJ6(+1cHK&{Hm#})O?N-^<2`B+<^?8U zKJFe=pSCzWrF%cE0(lkjpCD>)Z35qlP1V)0PigabZr4X)090CV4#-7Mq0C2PR!V6t1C*mj-P=Y;j`stUsUq(>XQ=*@cQW}tISp*#Ib0J^8KE#UKP_@ z73dor?&(z=iK7=ym1?9NDt|uD$Xj}3`OzmYBlr+N{vF-QGENUv&n%_p|8q&&E3KG8-DMh$)& zJd~h&SAM*}$|sl(;WdtS)!{wnGtAk!^I;!7yZ&iE!cP*x_YmnlwGiRBdn57WUy;gW z9d8JLK-;WmbLk(;j+!>EYJP6U_o5!X-S;$LX}ce}0W=-uh)&}SB9w$=@B$2vM=Yw_ z!K>1q>i#Kk?ftSguJIeqaGErGX!zljk8&Or2yTO;0Pq7>n3gdIg921hk#vG)v zF<)%^fyqrB?lcUN;W%g>h*m+#D?!QUguGa#6q z_A)m&2SAeUYfY=#5VY1~6B{EJ=ekj8cT*?ojm@B|C0_GI0-cQ(|Jzh5D6uFVR6R^9 zVWTHZ^%+n;-Up#K85{5HvL|C1y9LO@e(Y@S_R(AO1o_la1GM&U7Zcy0e(ylUG)wah zw&8(dXXI|qRE`PUaKYt-3tBhYMA~=Uo{8B>Tgi2!0&1TQXF`oLrm@V;%ubiiM>n3W z8eUw6*-lMyticAE#2p>ObgiseIlS3A7`StDyVDj6p!7= zqIks3*p^&aXg}P>VF)oGEXuVFOvCL$h?SC-$4(ZKW82Y^Hn&#Rb50em*e5HkOzCDSDwfoiH=~=BXpdjR)_}MbqX^E+ElP&c!r`q z0su1CqQ;x9U9g2!LL|S=R;@N47sd zyD*v_^}4giwzlxmalQPOhBLUI-Wg{q;q%)jP>DrT><707-1i5)8lq0lOr_}uxuIL} zmH7UkwQ24Cm?x~@p-Fz;(K?GiKVLMQk2Kp1me!l8Aq~0O@8})ORnn2smRYym;#iI< ziy&KQ()KteTN~ueNQ0e3_Jb^QC?X2)4?+S+Twfb*ZP73s6U8SH9{T`3xZ;;zp3@It8`Q z;`FQssu+tAHsdqcS1hFwdFBK*ULQ3-s-P-}OYCpsw61D$LtyU(@+%~rA zGeZ1h?np%SR{InfZ2RRklqrIiLA%xZz%A z8VU1y<6B4#o|oRJmf@avrRk#=u{UT8oW$EJf(3G1i-DMZD*`7q&`Yo&p7*FwR50~ZMUBRLmdVP^XJXL2)_AB-}>QNusJcbfZM!lbu zHh_fAyB9z>4`KqzF#*h%@K{ALl~Jok0%0kD#51(q`_R1U``Dk(6<|sw>C;Z=@%lgT ze^6)`x_^2-+Ai7Ze*48!;Y}(fB|VRoC09;pDXvnYMQbVay48+cg6f8@=ns1x_`yUX zfcI*sS&u4zy+My)w^o68;^-C@OTRmj_O-dqjqusw$koEG3ecln0?N0O83c;PPJ86|ReOVk zscIGeHb>S(2+yO^U#n%w-Kf5Evm5P z3dQF34tcpMagq7H{5REz7Lix@(!mwaUhdx^{RR};?Ohb6AWrvVxB(5)u*Wgl1h z!@XXEo3&OqJ>(E*KJJ5I zCqj$ZI^GlMC)*eqraNZKZq<^ni^FNy5|iHvHR^P!r+eg*s6NgxE|NEn+_r51Vnr{* z?vulFCC{tQpH98a`2xPTj)|VfF}@`}x2uYxf8X2b7ZMf7seirfB!gNcpZ84%_(UewYinS4wi2zP2* zL@wSL5hnGxQWun2ZJE>h?I>Vpu_I<#57KNk9&U#|_>}Z`uY@0OTyiK*ypWxpp7<*ISznoqraod@xo>tX0D_=Zg^0>7;I%Oo7 zDKIhY4f`EyTG2Ha&Vc(}Pat&XItC?Yv9eHbx$I172QwbM@hV#j7y_KlN&5bGa2p_4 z^5|;1mux}`7MBfvXTbX*icy!He3nU(>;h&Ie{z=f7cZj3ZR-5qj)o^^*wEJc9(dRp*&ow*{>{XA#V@|5U;je!dS?E}t{)*< zoC+q;eR=h)5$TC;?>4*QY#smp*kj*BNG04MSA>SD>H{`9o?JJJ-jKY<3p3#B%o z(f&lDb>cH=a|E#9GfkVbRIPCAvL|S>zWnHgO6w?rA)|0FGOBsB%?qx(laEZ{5;kst zq%jwzysjWASuFV*tUN-$wOz!FNm%@oM_I^M6=-dD4$0tA{ykiMe3Ye$wgsG8EAIXz zR4>zR`Ae%bu+K1oF_=m!i!3`Y2?oMZih@=uV25Wr;MH+M(Z3>Q5PehVa`sV3<&bpG z;cTGk+a=jLPibk}*puT7=E#?=EXs~Bz5iMm7MU$c*drZ+DOiFeuAAtuoT|9%1_KTF zQat9y_F_WhIk6#je_GVR!A3|jl3$?aWdL}lPA21JBHU~N#vq##?|1pfuGwBzLI6e1 zcJ$m5Q}C&Z@c z#jQHxMbPIgT`TsxJ};dj;@c>SGy5(waF>p;*ig_^{3fkHEAF-u!g&(C(|Z~fM^>zP z)l)h#+tjpS)e#X8vF9yH3bi~fn6f-o3;x;;vp^aRRuLF~`|71lbLau;FfKeaoA7;

60h?V9 zmmC}u+Z9U;1}%~UgJ;qjD=zu$QW`1r+DM*=#aN{Mlb2}U8IaAwu-+&u^$Do~FQXpoml&&*!hpkVx*WC2 zw~9O1IObRIch}zZ6QtxFIl*`zvg8nqQ_pNHEiKX6tx?udobf&`vOW)mc$|!f$J?#I z5O-m|D4cXt?|H?aXAj>JrMR#wU?Uf;=idc%@V1Yqlbna_>IHC}(?^yUtw&p$;yeq{ zO1%X==wqsC2-(v!h`ZQz7DmsFZduVQogWH zr`!P_=!YzLq!&AwhiEbdf*P20iC$?J&JYNpz}eS5pfNaYaksps3&iLqQbvzA_WCL4i{5U{@NMl3)Ikt@Sec%miKNDIL~Xn>)p-BfkwJ60x_Rg2~#V z(<7qK&G&7+GczDWG)4X>FMNN>N8w!lN#9H35QBjdF;M9_=7~vJdQU*-OiKDA&zH{p z4TLK`3MU>bX)*_M#&rIvez{TPL&T|?kRx~F=f1Bi=7G(iM zVHq7AbkmmnvegY(j!;9<)daREo&5b3e5=_F=J4mw3zxG;48qoD7c8S!e%!R(FvQ9R z>TkJ8h?1H)a>#vINMyRW@-Ul(jI8aST+@MP9lifFNP91z#lXfE&AxhR{32RD?|iF` zu(NLM=$laf`!vIJ6zRS^+*FD*Zu1^YnF+L!!Le@hg8{K|l6hTRf|RWr>#pwWh^<>c z3FPXGd?64L@p^*Jh&{`fZy7RrF6&L1y&?Ql(o#8#nJkXBY)BgjCy}3YXuPS(P3|4& z#&D=pXYa&9{yjOo()l}pEgo1wzJ9GZM@lxBJIU=dWTVY7$%2x@-#|0p;zwUG=^ND+ zLJbyV3R&A-ew%GwgLu0ALBFtq$t3^y7K_U;;id0$=L2=`!fVOuc#PAer-U<2ic^R3 zD1APBXz5XizTIfLJDEwB2?%<4lO5z zeEs{DIdEOiIcEQhavT>R@o4$bEcbDT z#1(b{rIh8`w?QwNC<6smhOL_!VTJ`8f^Ktu&x_2sko*jP9WZO-cUWn2 za()7ffxLsQp^c|@+`)cxifj7bN^XQO7bk9baj?CHgHlX=5m%Qj!FJI$tnAoi`>TS7 zV9gZ423yN4c#xYdJT}6LaN6-@{F4Ui@mK&X(bR3DLgRWRzzdgwI^v_M)8$;6cu_w+ zu6WcfK684AstPj+k)9F0zD$PI$_B~GDrQ3XOiHnM-n0;YQ`N!Yy%oVtk@jC_#6z`T zGYM{X1BSFn*aS%kJ#FsKJjXmYuA3#VXgid}4}Npt50<85aX9&lea`U=mL6dJAuss+ zuE5%)+nAE}K(GxBHoP)~!W2ZoOIMOi>qet5vN?7pS~6W)-cyx#uAo?ju^*g}(_lht zCT%YNO(AsP3`4n$SxDOvLI08?kSwUE%5hhfOSxN4c_LCKDK?+r`Ycl-t|l$f-0-lG z)q;T2I9@x7g&iYt6XxMhIHtbW&GWi3Q`&Q zkk)%`2<1MnB7c;mP`@4gwy;?_+t;!DIa~Ap@%C0xajahy=S>2^A-F>V!9BPKhu{vu zA-HSfB)B%g9fE6cOXJdbAh^@GL*p(}x%WRaYu1{19Ul6T>Z<;#zEk_`^V@1eoeaNK zu}c&<2Q}v#TAks)Oa|xV>E0i&)2(TCe&VlZy;<8&-m;u;&aw9QTD)8g?VH~I*D0`@ z`cu>;9slw;T;4JePO>$OF+g{oZ11+oMO-db(WoFmGr^%gNBrek`sq(y6Ft)1n5$$h zKdFTD(P0=jdOjTx0~@s%ohc$L8d2B5M^gH|o}n~2{o(;CITN9SP5wjtE#8p0p$96B zZOU5yt^CQ9*(LH84fc?tX{^C(v!UP@R-c?TFvB-D^BP4$BOXa>+H)~|j{UyBkEiSV zBDE_=Dt)>^eh}8A*?Ki;&l4VMl2IrV*=Pxw-h8ZgmmzE80ee~d3na>&OTLql+++Qn z7qF7;e4&2%BfL|Ck>Mp571bCe3jQQWsJtF9*!X((s>+QKfvpDvxbM{QY+A~Rz1M`l zlt15gDfeAVvdGBrlk9KxHye7p6^CyLmS)6{$n5JXEJIrhS|8fR4YZZmu!@Q(KRcyE zzWf2}`E)gYAT$5h;+=2ScsF2;3nv&(2JLtuEnOmi8e-(|R0&vyBco2Cs7f2Wq z??K4o^Ag`-j_hT)kL>gsp#b&};PYgLmj(Bx@W?N)qPF2BWo_od5el6>RULP4x0j|{ zt8Kd2e|Fm((DT>Zr6Gk7!NSTWO{7%znJnJ7wxemfc?xYS_Qy!xvRWm}i>yWo@n7pu zv0BTfGyakKQYHnZVtly~j|`*EB99p0KNFsyGN!?x#U;3wO@td<23vnf6Bm!(s8onm z4_rq6F$E!%Mjfs_xA^BV^>qi%7#ofGnKXu1P<#L`pE#=I`=2HL+H&L=N#_Z0rD1t& zCi5+yO5*JGJFbzCC%6Y5{SbjE=`4jsxL|o|_8iPYCFRAFjhcu}3s*GvY^m0fl+(MOT z%48s1|BDpqcdN4gb@NLq$XCO*9{OFqFcH6R;`3LdvDB*C--;yj!!wzcA4-tVKEL1Y zVUd9gIVW0EZB9LGjIe(`{z#O(a-Hy;XY!cSD^^>P^A7K1s5K&K0NXXCsQ4tk+iSM~? z^xR$TuNqB6+Wozo-JyNU;^IK2D-ACRF7-_)zVvBrB26a#G%0TD3+J)6 z>(yY~_M(?rR^-Ej-tP3YJIiXthHYo}wj5)Q8KlED78apZ{(I~XhmlbW?qhD8Ky$Ok zt~_#5hdI;-{)_a|9q2%onm?UX#LnjK&dm{1#17F*3B<3wrHeoHuH6FF7mIx{~S}A0Wfz$*zz&51(KPpRXur9z+L@% zNb6GU*5-$)yCc`MIklm(Gf6^Xn<_8cV=@l|z3-A1CGU?KeKEA)^96dN#Md#_ch7t- zsraV^ET|Dbm_F-8KeyjFlGR^3=xC~b(>zeuF<6Q2Sh^36Y_7eGp{lrF{nl^TTgEM? zp+)C>$rca_AR=h&js3j%0SuF<@m}|bL@nM8ZS7}b202lhTi=ZgI^*7wE}dWP=(bEu z)s;mgNlBV&4#rD!HEPKgi4{x)oUgn3LxNpt8k{mTX%Z6lB%fj@zSsuV6D-hI124$yzVZN6r^ zHvTJ0>H2YQ2dKrGACLg-ici>0olC#Yr4X>*aI_-es}Zj34?T!vvM0gilopO!Ada>d zi&uRah!z$WtybTZMIQdCdH`9FUa!`qrOksa_5N14E3P{%IuK9n*BE49H9nN0B_UW> zO;)#m!O&uP!js==54+n(%>whd{cy87+s9VYFx!i?@oi=Qwq^U(-1b}HM6SN-QpMPa zix~K7;$if9v^!sUOrvER^c*%k`uuLi>mbIX$6ygb=@n{x>{Cds?6yxQI4|pk-YmEWRU`e6K6-2*3P0C=RSCtZj3xyLRG&L@Y7&8^} zHW{^6Nyv4Fc-?Vi*rAyV`-+rX0}SVD3iAYOJ<=Lig*2L7a;lQJv5hlS`is}aUe>O! zWvRxaC2QsE59e}kj(I!4+*@iq*x?iLd8*wrpa4s*Ni9)=1S7)Y|tU(wSbz zu_t$=RZ%Ux1|d;6^2b(*k)I-+r|0hB5DcTc2^2nftNi8{D%nqded+1WM~(sToE%@- zvhl-`CKc>O?Q7*>Ca*{x;q76gzTODjlbnEOy@PM-0wgi}$@VTnaUUfl#9?~F=Lx$j zc-jo=^qJkA-N4M{K5xyJJ*raB>OK=|SLAfL3eyhu;Ar=sF8-V2Jxk-QGSkDRXN?hq zS_FXqi^cA?t1>utpCP`+L|k+LW1?(Y@p8jA!$?m{8@zlwdj!>fdKvKaShd)U6#IK* z#6xJ2ah;1rA%!(=H0c7Tkg(e_bx9DJ{HzHQqnV6vvNeS7c@x)PSXZkrNcMPdDHrwu zT(Rk`kxXE68h@!%S41Ht#Zh6f7)(_oz2{zImY9~EqB?vUEGM|Z8__8H=n>k^~ghTAjGiK+m_{nHMn$ zy#_dV!|OJX^&EoY+UE;VO29(;S&K!iwpTd1`9`YNwSdKZxlTxN0Bj-8PcNz4(krha z<)w~uF!QqqE8s*T^ES(|RA&=IDpDPsSF5=FsYjpi>$-+ad?6-3w{~F7Tb;H_tp)h& zi(~b#vqk}k#lG?_dZ2aPbp@eweKUL2kxu%LQXkS6CoKFQ5b37+~_`835U-)BH zW_v9y>^8PB*D+gI2o}Y~<@cL5319WW;B9qDEsI8tUpV?M#*`Lq*~S#^)6&u|^%vLI zx#$(-;<4O;obU9kpHU_Vr_!XK_5A$WI&KiHla(Uf(l_~d^#tVNh;T5bbsB1MhP9_n zrqiV>3>U-AfhtLl^7?qhvS3F5QLL$EgU*Iun^`Zf|Jip}#P>XydiuEe*4ytHhEJGP zm|xC{*(3DWOAX9avHCl2N&Q?3a^CB!&sqd2iO^<^m9urEdSDfqSXj)|xFb~A`t>th zOYJ$m_(7{`i6^3~t2%{QD%q8N!0s{f&jqnYRHp0;#>fp>EpBSI?3lv^qGVR)t|hE; zj-BPgo0Fq09gz;419>STo~=(U8$aKc=jSu}(vv~I4Ev!{jx9MyaR5o|F{jW}aB9)c z)gIf)KGGh0%)WN#LP0ZLmS3llL zyy?1mF;DVb-3AhuSR(x;HRMB%Zlu`r^Ziy*%HGfn=?jc}*w=5($3=^OJuOrn+L-AX zH$#LdfKumc5L5s7h_smpDI)mwOO=bp%q5TG0-nWWZrxcG;DXrhy`)_O&|(f7?~kpb zr^`#W2Fghz3U@E}X-m=gPJb;GB*r<|cZ4Nxtb*2vJEDwrfX&q2K6uf{0Q9Qz?i5jn zQJiacbc5}%1BQJHlOL-5OOr3!eA$InowW}xreXH9I(jy4N# zqlB+cU~yRqQAjzSVlki-SOACzEWAdVdcLwqk~}#N3}Lby)?ACQIGf+!F+D^3DM#h{ zh0mAd3nY>{b&GQ{J?^0mvm4oh4ijA2K6lO!PoaX-kNdDEBM7kaEy(p`>T!z6))K3; zlefyM=Vdi8q18!9W&>qx5v$Cdt1t4aXEj#;NVuFNQQxo1hlQ|PsBwozhv&mr8+HY) zSo)N#B;n$3<8YkQhb9h^t<`S4(WvEo-byzaOF;OyvvSzfUImuQ;o(UUA`*nmJNO(% z+(sqmRkTV|6`bS`SM_DO%jvuJ7;W(d2L`_EUB_rXdI~VP+J9ek7{Hh9bH$&StZ_dX z{>@0=4}$=IcI~I8+{5a6PCkEJXMO2pwNsbN)U4c52$haja_3?>Nt~c(X82@k^1JtY z2R`a`)U{h9gxHgnn7zt$u;5xZjq?IWUtHTL`IBQoO3zqlCz87G$%Cg8I)zkrY`?m@ z^*!RTAI&91zX$m$pP&BLf(WIeRIyZCo4X1IYH)iuC)mDc1l5#QwISj zMvf3c%T1L`wU4fa#>xE+&*aPO$RvpSSJhWTrWTFV=?~f)Pq3$3vM29Z7Hg1$HeiXf zeRATIj?G8~_n2L^ECJ<#?pQqwqf!d1LF8Zp-Nvwy2(7V^bd@2Zq09)@&Yw~F&^YX2 ztj?#gN4!@v3S#tR;@IMq$Jb%Zg)?!nNO`}`yU>zx1g!#Pc~Cip6ZJW zMg7r>kh*+smnotO-8LMo6%enI;HgzZ(~2h|)K=T<`4!fe*o`?n^Te({wJ32(&>^Cy z)or0Xo2K9>?JGe3MaG|YkEb)jmpDaroKhK0n)Lg%s=|dspt}+sAo76h06DeL(A2W_ zDeM*|OZwULR+W>GH{N^RJxAiC3#m?JR)xVdQ{6IS(^u+yC{31?MhKHTvSqT+0@HWUwVuZ=8;{-Y$0eWZr<;{B4=`$treUK!rqd#CRLWjpOOdsbT1 z28$Bw#?fD;H&U+n+$#!QkKoSP?)&fED14`8gxby;pL}1l23aP6778`JuZ2$7+(n<` zbJoEfB9V?c7v}osb@Gb<(VElNmK@u0bVBOuTv@Yqn?7aOdi}R`4X|tXylkH-GB;g~ zi!<@-i=(LSrEm1eSQ7g6dgJ}(I_(7nHA|``V-(7}fz*9#+cM@Sv zh^}K>WbhPL4&jz-LF+rB(NS^nh31mTg*WSpc*URDf8s`}Q*gFb$nuz;zTYP`omioa z0bt7i{PkSUq*TqG7kh4TEyYi~-n`xqS$KWxAW0^3c2AX@6n1%uB6)r<+errOLWX=> zf-tCazaQc)Vp~mR1-2jB{rU){VfYge3^08%rX@RywDy`IgHEaKL&JlGP9=fK{ z=@sWp7*L#mvR=mqfF|3TPqCgeJScf=nEl>>gjSpE&_Gbw)*8wgC^7Igc*On$j-;qUp zH>Ak!LfC$^<}G9dGIu9cg%NYP0nmdxET?(?9n-x?eAyo)9qsF6hupsiuZSqRXFEK< zM@l7IJ`FWA--N-ShCyfVj|}HPl8*W=+aS*ztY2PjCo6|d9IcKB_vm9?1zr3)fP70e zP8LDh*C}=zE|*nVRUyu|9-+fZ=Kds=vO1me6cpJ0c=^DGI)ZrW#zDuQ(;x*s3wsAZ zD?;~onV(skT`jz|jm}9kUG_m7{vTN}$r55wB+#7io_(=^ydtaSP@Q~a-GOU?PougB z4G#$7`rFzQj_R}aBe(9G9qx)x8EI(|ajU1hHMljy$3Df&UcPYZu{C+5!@#VtFXgAH z$6cPlqeys6oYP{&N@Vl9#Dykv!QgE9#P9K=okBSQ+Px9CvhExMeehxh@8!%{%%0<%D@&A*p=kj%~-c%;l8?@~Y4PyB;nOJfVC9 zV%?Nxg)FMWM4$Jtj1gyJGx5O*QYqrdU>+`A_h$0^`&EK@+)F8bf+0|Mc!;>KNFv&( zGl_%#I-O)SFrshg=aEq58nL+CckE3@qb`Q>A^nzvY4%NNyP^7+&S*nrG6EX2-Et zsAuECLP%_*_l8TBF`loy-2bN(&#Htw;krrr#iRD(lw+^?P2?m;e&~V!cV(E5F5%7U zE&~HAYhS9I&yRo(@x6=QKPpD0`R}Hur%OtI$~=qZv%78beUa}U2GB?Sk(#!P_{DUT z?Bcy8;gr_3-Hb|Yi1D7x3wXB4Y|;jr3?(~!>&aOuv4eu}z}g8aE-2}rIhCkTh=4U> ze*8zCGqgL?n}Hgt;}Qc&-_SZq1ZV8G6y{W{M|ROVZMOIUW;Jo|vSr&p)p_v5EmS*jT0BQEIN1{qn8UFuJ9}$B%c~v*wzR zR==nLk`mQ?c^imiXl{vumG1Genf>?Kc0R?8xalZo>s;7QicNx98 z6R}uP-~2@%a;l-@_l`fuDb;=SCf?!0yPfZUobVv50l$?e^L+pydbW;7H7m`JqJy}V zd4E~IzkS5eaSlCTAM-xEaGFXaCqAl2#w*U3!I*q}n^b5EFmYdMXjjf|i1kRDEcF_E zFJY6Y5RwJ72T?xb;$fG|rw)!fDu56XeLq1q$-=MA-{lM>^H# z(utz9#!m@v()OPz-rO9DXHD3FBW_|FSg%~iU!BL~Tqq(PA;;{jwZq(6SzkUI{!8f^ z=U7w$f_=nltuVtUSoCFx9m9h|-wf>_w6*kYVAm{1{(-Zx5k0A-6l zQA&y388-M{L^+*6`TdVCt;_Yw!-i4ndR(!Jy~<-r-GYcIn4*to`_GMOEv_E-3o|y= z$#@JhdxK`7o98(f*Xws(5sRnGlLfE%TK{>_sB$y+;rmv)l`ByV#(#cj{eo~8c^di^ zjDX7)GsCXm8KW8~_JFRpU(WKg+tF6-DCs|(Q9m%_D+lD}XvXA)6k?-d(3zTi~*Ae6w($;+Gl=aP# z=`jdpsU^NPK+#CUYX++ktabP4HqDttYH=^FdF<3L2V8eVdTz}x*F9e>?UvH1{vv!+ ze3bQhf%7qUZEE_KU*F#}TUq|sK>#WzYff`3<@N&PU-o8m)y=L-!1lz7DAl{lK=s6QP6xgz<0`@IyIh`MTOp;>g` zD+3{C$ZR6Vjgu7jimp!d-5os%2^Ddm1lZSLLOd!6HT8l%%N0xd4MjSw_$u)%^iQquvaM<;9rf|443*8W{*$fR2?I0 z(f=U)Z%1~)3^4gVnJJ6aI*|vK?F%F(YMb=_5nC)w0EWQ{WzwVL<1g<%rM`H)zX7wX zC+Yf2t(y0EYEkbHGZxO0gL+}_!%fT1Rax(R#ERB{H_>ZFX#9>Mx|`4yPcpb7DvYlRK>t9tpaBFjvbf!xXfzK481}{0(KXCtx#>f|LjNo(6dhNFzQHB0@=wBglJ+Vq# zwP1|$@amu){>Lz?haf`w-9Dn7+*kO%0&V=AK)KbFtHxS^4@K7_OH9#`WoJw>7m@D3=e$0f%Hgj%^MJw@evRHmWYEoPRk?&-LbIE6(!r2#5uq2^{_0T zAH85#^O7Um!&P7v-@oiKprx6`XRkCE3h&*BS_if$p4cCJ)3cxN@(K;adMp%|4s2{y zjEurE4@>wWBsgJhgNWZ+5x6RSoqFTOx+Z@)c8EJ#I1282*xHaQE{=7wwfpb#d}P-T ztH&M7HD%BGCSx(D)!!8~;=4Hb#Z1aJCHl+`m9^t{bi3m2kojL2cywhaaNn~6KV~$G zm`bKcauSoa>3psEQyfxAiO-HT*Hi%zR+?wDGZJ2wm=3u1O;gu*#s?NNTa+aXb;=bssO&7v2`uw>}@86Y;Znij14YihV z=dk&dQleR@7hOB;TH`$!rt>gw=gYIh-Fi9X>MsjK=np9zT0`=ypU!DdP(N;eFkBn(2?|nG12TiH!IY!bp8|y)J9_98~ojj9J zfnC#cVe%2wRJ`z~?_u|5Y-nfzsB3D}nT;8u>@OrqzCCy|8>xm=Y$M!ly?8vAAks|@ z!G5()(g;jI69Ue(YM7LPQB z*Uvf-ht`;ln?bGLi!zY^5hyq-SAnz>FU5k7mb z13lP6WKv%Afe4L%V(@jUn@Mt5WOEDNe@n8()zM6pJhfqspK1WOUtGYfvlR=W{dk_# z&)!WSU@iG7gVPdxrwBks3^1H__iBVO1L`h0!1b*@qC2?n5eR-W55vkkf_aX zQ2TjS{o5^ni+*^ro`YO}+wFFS<{yA5V~17QerLlCT(7s*&O@5+K}-jbjWOHBNDRe| zp9k0OT&8bUygKm4+N&|kwPtT>7S0BOt~V@2+XqC?WNC5vjy5+I4lQe~)_gNPm*Q;x zLv)RMyQ=^bY~;XToE3>t)Snkn#_qgvdPZB)xEx9eM*T2PKkjX|%I;dt7<$8*l5V%- zAykYE+4m0`jiPu7cuASvEgTe{tKaHx{tjZHYLe0bwu^Eg@r+L)OQ4~rF@|?xi5l(d z=9|eO-$kl*8)8hFXM$k3v(oYZz(V>Ws2iOsY6qMgvmOKi;4Ag*a%^1i;Y6$l<0_B)O=F3@QRQq1;`y+uWI27{Im+0K=|tGC6CF=_Ne}HwlOZLf7d&uUA*#@aRAwmmVn1Dgerh-pFS8lLgOFG9mmxdc!j{Mi@HBfGX7Qp1dw9Hu0yA4}v__oa3Lb0%mW3p`vu zV_tIIc)#Y|@060Un*w;8m8g_*$gJSr9aYZa`?I+Pj-K6Hx5X7}b#+t;q*s2fHgA*? zP3=`VwtdxNensIxsH!rCT092@nDwg(xVhcu+{gT!rnK9^fXr}PTK{p}bHF6*US_VM zv~9DNsY(rd5L-P`IdaDDT9p3rfnoB?!kQBS5YW`#wIhGKw3t54=&peqUgO*RfJJ4|S)2xy_BBXY9AcGk2w z%cJ||bc4fXQ}&CcWpNJ6RwB#*w2Y5L?)JUi(y==jWq$?V*fKhc=USgZMx6iC0>w_I zD_9AJ5vi+mMANnB3{YcWP@F1qd04>#g#`JH4SFKUAs54&PAe_`<5*fnek0I zOJ95;jZSMl$*?w0QSliCWT%+#@?@61BB$w(oQw+BsPEeC#l?ifjZBj;L^u3JO9@GJq7V7OYLU#sUVunH)6}#IG zM^41Y@%4Ikp(}FnY1c8hmx4wFAX85B=-O)^klC%rz}9bSJ?5>MthKHB0;c8 zU_ROfR^MQ-_^dQFP+cWgD-PkM+eHQ1<1f<89-BAX0wse!0ua@5yZ;EYb|ynlUSl^#pr@v zc0|Hi%N~muk9U{yi}lu%Q(0M=t*t_Sm5IPSY{}vK@#X(GLv#LiDw&N<5KHYEPn?pU zRbpnE+_edXyGdmq&2I&KKLlW`JbUsJFzW>E-!b~$t@+Ti8O%D6jPey;SN9Y(IqzI7 zjz;oFjzFUbiewDot(UJKu3}lr#}t<>MTKsG3`^_gE@)Kq#|a>XPGfnw`;*%aXI09> zjb;3CpxYdHrDg#e?>8%}k-O{FE#bXL=(w=8^Z;y;T_Ow<3e4nY^N93FdaQU^HUMcX zgkcokB_zdX6F?>Rx0pMUvFeK^{vAf+)7z)0Gz!Vxv?mc&~bo)_wRcd zk#K^;{YYs(Bu_HL8t6!~`qnxaaIAQ5m>c|4$kd6g4p65pMHEy2L(ctukyCD>PjCY1Ot^|mSHdit9RL%WeJYnIX8 zjl}35zq?Jzz?Bjr?i0B`tTOqJ`4nv*RLTYvkV4bbNjie z@}|6?_<-LQdKl6w=0lZSN1C2-`?N{!GxJ|OTHjS?Z>b59a6I4=!o$ZejZ;D1&=(1&cCXLbe@Qh!tIZ>*16u(Z8IkT)oYCbNW24$wYgLDOsCb8 z15?Cv18#O~2iz#bJNq=}LOw5r*!;0b19y)0zrsMYS z$xHEr(dtUU^DH-Ro#U%YdC0Y-r(qXN|KtwYu$X)rC7=!fC;!J*9;`JVJ{bjqZX)Qi z6RAbaNV<2iO*W-%zJ{WX80mw@2>MhtCW5zY)pUNn)&bb^?--P%8a!TkDn${nh`ZJ$ zrc1OF11Xr(Pb=V8f_@c**)8QMKvCN+A6_^b*%H$Q-UkZb&=y+86MAZ}jlQJG;sTf`xM1&g>%E6NO?IG&d8` z(3k^I7kMh)Zxt2H7st!dfe%FDr>GiO=`q%nM9eaUV=Fg{S=Ku-u%9hj4S6Hk6LYx-F-;IKwL%Z2y&c{Syq6-|W z++E2=yXgNuyOfWFdTc-6}AN=qylo}q*`^ocs1p9%-MO3|-q!0Y@ znw0-1L-+Bc4ZFQ0a-CsT1PJB_kS{RWivf*9#=wAFe1j2N#ERQdo|+^EFd<-j{bC4~ zzzCn!HtWhm1p=+YG|Lan7sI87nd&*e%f5g7TO{XpVdJmJfwD+I3d3aX{CB&+RW8oh ztCfJCSve*Kndedt%LOC{ZLcGsKw9>EqA4?n`q>@0zVV4V1ev3Rq5$Nfrg~x;^lnd9 zjP#zQp4%2*po)65NT%8C-*|hRYNEpfOgP(XgGR|JF?W-_vZFVgPRUs*EHO^{Bz>%L zL+@MjzFNC!Ac=Wa9{X}0uy{I%fzkz)Q?LewjQWZxW7e!#{e1vn(B#kHk3P*e^~Sd! zhDU4bQ-FY2B9TcpPu5=Y$(xo{cu%2Xpmnq7(g%u1t6-Qr`|@#jv-8G&)n5T{ z+?UkHt;l0^e1$Q$oUG@9*GsN`vjjRaWO2L5$uv5aLUglTbd_WmX6=V>TB?PrjFBdi zLI^7E!K+r}2SHw=>D=;@0>B{ug!P~0X>8}Mk=Cw{YkT{_?)~Gg*(t+0YiT?O{fg9I zh*BESn%=#D>CTmUY>ib=b_?AKpZk&@`Gqm7v;SPJmjRRfaw7)Assxc{un{r$c0q)} zumm(1#Y6k8aI*`$UkahKxg}9@RsMsgVWxw8hw(B9p#!aG(2Xbz#uSjkia~PF-{o4E zQ?4Bf;w^`ewzBFNrFD=~v^3J_Af>HAsE>J}@EBOzecSo9C6P2QPO*ak{O7gsH&Kxf zXmB>2puv{IZ&{%1z@;U9Q4PJPi+kJCnZu?B>R1_yRxD-V)9`?Lb2$JyeGypawC*fZ zw*0r)SMF#2%t!eb=WTx_$`&i+8Bl!28=XD$M^n9KvZdInzsM2xlB_Y{1?F9U{b-s!#|EFr(#QZ zvPFb=alu&(9u;$gF4aLtXBIol?&%EZfs+gjd2@rb(LI=?fM~pW%Z`C`@Qq!RmxUF1 znRA#Z*xcFrjkZz>=A@hHcXwHnwE?`gF1H(Dm0m|wyfkK}gYSJ{-h%<`2M1mRz^VAEw|g1|#|2J5}D6?ln`&p(Q78T$*-A%*ZBu&e7gU6W4)T91!C(&~6*Q?4a%Vfn+4 z$pr6~5pzqhk~xqk(Tl`BbZBdPpz0?thy2d;AkK84e8_S{eX!^2T9=Fxgs*}YaaTcO zdpBY?!iWcPCw!iDKU&t>l?}_gNO^>0o_?DMH^Ud$J-$H3zUPZ(fpV}-MvPj?;Qp;d z_%SXob1Pj@@sfcoI4-5fD`HR6K81$m>m^bq?fU0_C;0>hyAH2~J-+Mi;RouTxtdi< zAK*<2uznBXq26D1X^Q3q=NNDhh~Dpc>N}f@X5KGbWL{0b_PsCX=DVCj^}PntAvC7) zlygM<84ZH21oFDDp>N4Tejo}qEWH-I2qr)LLA0PT=VgJ^mOuJb^pQghyYoYB54?y$ zEgAtTZfTqbkw;3V3hGd|?7}=K`hKgoE8DE{4+0{G6t3XVQOpMi*#Y-t7LN3t(U1;| z2)dAI^ zAO#^{Cv83T)*T^0rpv_v`Finq^yC`nq3slu&A&X`;4B<5atP?*QEuHZ1r zQ%@Y*89cMIO$H)ChnIgNr!x=f)7ABpnuz`G@jmT1Xp?!aicK&G5#iD*2$n~F`sbgw z&vKGt8Yeh=FRRbHNBIQD2o2m+KYP|B^eMHFBIXawX~ao&4PWS!j1&v!*1n^6N$u;C zL=M3gG-PG-SPhz#Pis0bZaJSLGwJk35$TblR!G?C^UV|-Zu^y=gg3!T4tPx`M=%@9 zCr4BTvaudL>%MKRfe4r_EqjqSPK#dVem4!v+JQdkcCf}6lYduyG+Zoa0tFS+HN$6< za;bGZl;+*MYL>cMcPa78k3lu19iVRD0q?`gwo>8bp5P^n&@rp{PRFqe#(%!%#V1Pl zIYLkda(=fB|G@W(>c-BEcErqeXg+BbH0bSG5Aw590%$@e8ONisjlVkhdv@jiZ)OGU z%vG!mK_fixEqA%7G(25Or)^VR=x%}z!U(UHrAhCn0ISM8Ag{Gk7fce%=vot}%kQiY zJc6JA)AwPH!gu>(bi-G8*U-p5eXMipjwmk430gm?0>QwrrqAmKdLC!(< zc%jT;!%RBhNhJ}A0LW>hR(@@oIdY%nQfq7L1((rXQcBW3$2DcZ#XCjE%@U60hrBv> zn-Aywk5g5}!*)al-zLsJ9SWP*2TXBrT8>J(H(aALtevmY<@kOe7;;ww+5nN4TP2mH z;~pXF?(4mS0-sHYNPAec>e>W`l)gHYt#UPrEZ()`elP4?S;}Dkt0=^<3cGyP)(g89 zxzot;S+m+3@N17$ftw7F3Q@?*lUCd9eMr=t$;+!i_EOy~r{Y1ZJQMW2ankpi4*|3> zAnxQOrDG|Bf+O?tj*0$ri}YilDaSzbDK0S4f%9C#0+q6LKHU<%jQ#poQmXgE`hz_R z)@ie$Ildn@upi<$xYRxkp#~pbxS4ni$}SXq?NWE91mrO=}YSi93NFXz0fUO8{l1VEef$9f!m zj)M9YK2`WV>niLme$B_6Ck%Rxac0)Y4&*Q-Rv7G2Hf)_SRdv6@5?!(Q%$7s$9z`;~ zfLkDz`F-*G+!EOW6H>@=cwGL&8$B%4X;GLjVLND>pAl^TxoSL%NWhIAQ}p4a{*;)u z7MP|iJE|M==iB_=GleOz`zCADmS`DKN%_cHoh(K%jJk*i0}#HlC4sG?VGy~tkD@HU zFh~X-?3Lu@X$u584-c!hwIlc;p?3jT$?5|oT(>X5=a-zsTy}UAz9*DV*ww~sFNJ_Y ze9m>@sU7W2jO1xm@$*l0U~*WeGVrRjpZ7?U6VC+?8~{09&>D*ux%&gVOzpl56@459 z9($_}hs4uy`O+JM{d(EN?oN;+(c@>^V(k|e^RKap7e48`kig%Cksnjq6M@e}?l#YV zN`D4kfju=DHC*z4+OGRBSy$U;zi7|86xxKf-$mCwso!sa_wKTm26Fmb`|so$uw43*3x-+4 zHPp!a7l&=wOWp>m7zRvn(N08BvfQuI;1O(^R%P`W#~RS)S65drt4@x|s}mZH%&~h& z3bee9|L?zyx9!&Mm$Pf5YB#);PiF2qn}(KDM&&nhl;#(z_hCSr!1phUC|d)H)Y6$k5Usa z&(B$Q2*uyezZyusrRhH4L7`A)o(Ug{Jmb+)Ro$MyQ){?9kgslUMbOkt@>lpz9Wm20 zp)Mxv1VohlgBpJ7Vp}bio(XdnCWo*;(SIWd2o~GkbT18TQN#!Q;#ciWFgdJK9zH1g zdl2B8{*3+qP4DQ;Z2PeQh3GpP`p7G3{Fgmw{2fid z7Q-h2iQ}VDp_I=ll+aH*cG0mz_^AI;fhhYl2=ECKAyN8P15eg0j3!}|+ofB}Y)j>@ zJ5YEo_06M)+f($;gTNidUUr(uaZm&xz?XK5)~DvDqY&{ePeT1T&!egOi! z$0+~KjfgNMT`SNu+rPM_40t#-5NCGRTCzv??`T@~Af;8x+-<23=|Fm7^?Z8BYWCH| zN}yHzH2b?kw+_fX`9}V@+8}m-N*>@ZdW4b?;|%k=-g9gd#Cb3{Ms7Zc(=!a}eY{$7 zbOyo|#?8bs`=T@k4vF(mRt0%L%r%IeU5Yq1O)Z$9lK zJq4OMt0np1GlL)Zq&P0iF@Rs%IEa_*MsOA0mBkrAcignLZz&Tj9!~x^Vw*1rYjuXz z-21oS;!Q7W>I6^(9&tM+o@}R4-{@`n7a4O$lYeudQL-)nq^en~|Fhnc=93l+FiYgh z0iWc*IeBb4Sr~pkl>l_Ne06Q@us_Y8g0VjTUYrP*&M&F7mNaxgT~m3r4m2#POI|X~ zPMJ*ad(ZQj0;3K`=HcDW#I#2am!+^zUmZHuq$_U#9eM=Nw0*VDxfK%IA>L0IU479$R) z=z1gAtDhdD{iE zuKs_BAx@hYtxQqXi|?lA&QD%u-ewq_&fmRKg*`j#|=5LaswCJ4!0m>O-n* zkyw!!9-ro|H}E)kg%c*z<_Fy;KNCMibB?NX{QgGnoucHEPd1VBj8a6{#N z3z%+LX;;Z?es4QCF=%IBl2qd(iEa-= z+)ca;yD$rw(0+1G;_`p)zcbE$s7xj3AWV6^Y(S2!JvyQ)?B7wTqyx%a89sNpZ8>q+ ze>?Wg++3&I6(KQ+rHMakmvO*U4?&g#_KRl7v8aH^Km0)S1_hoJYvXS0|N z!e55DU9_Ne!v{kgv1af)khC$2C?5@|Pi9A$lIi0&AigV^p$o#sQt(HWgYaDLV8iyCh3=1`Ti%tK89T|Od#4DB zn0p^On)I)_F>2h#?<}J#`9E=k{xkhLFJh!Za+15OS$~H6rg3`Kx2?i(Q(x_livAxb z=JSE;dwEf;XV_H(Qao+ju0_>?TACCE#g^)Xn zM|R4*4ucIqy?!~ZT0y*ap5Rs`U9964o@nwkpq~8ena~D26KqGZX;@!2ezioMhRGYr zI81KnRDS{1^h-t?l800vy>9m;Ryc=qYh60x3n~E2T`kK|?jEZoipqI(6RK>kr5t^9 z;8eP|dDZ?nO_J$thuH38N6yG-GhVDrDVkI%=0mRP;Tc38FzdYdXF%mmC|YE$Vn~*y z#~)tpIfUHQAIQc#8RY)FigBjz=?Mg04Nn;eRO1mVeVhm+pHY0r2T{;T5p$O3*herd z8aNKeK>0OVOCx>0Z$&*K$n1(G^U z+z3691aKn$&7@H_Ia*M=I9{Y|^SPEWG^7M9{s72fT8H{L*NNin{Qlh-u+uFrD;L^! zGWZ|Py_t2+9Y6*HU6j$$@`Fx@6M7G(GA%mLygWp9t}m}6_up3LfU15Sbt|H04xA(n z+H(1ywt=UemRHWnZn%9Rx(zjpOjyOU{C|@+9N7_u=ZQZ!GM+4X8j`s?Uk-2l;4|mf zH#oa@&(|2qFgNzIoG>II53$GM9cr#&_!)dT1|NyjW!1LO?iV6V{#j@4-28u3cHYr& zZG9gXHzAd1i7w&MB03qO%oA-S7~F{{Jw^rQ_mY~JUeB&3p2^jVa_00 z?KM=YXk-EcVq-qZ)o@r|Eqn0gbilKN6eM(KZXNAUf~Wi=X~bW}oIob~MQ6PsNuP)h zLKwkjktH4FGw*$m_rYIbvgQW+D||=cZ@ZK(Jj46rcE;s|^d>lfH_}G%p0C+4pogZB zQtMe{ZF5u(no2#%DHVQ``8w#L2#pNS&32Nsw=PKw4nQvIE*&K3{th|HQ~8bjlQ3zo z4c2fT(5Xfss08Z4iWe>D7!9xWJD=rNA;zG*c5RWBH~bunkmnosQ$t>s$mA4cnt}Pqj<^9+L`r*y`yeW(Z%ncRW&lW<{CKt z=$mFd6J1{5l&qOtgPfOBXKPjISd!AiyVqBG&kd+34HZCTA&Z`>o3nVjxYw^_OuD*4 znOfXn@uHuoTvJ}s0Rxi6Hf4eZyqX-p+BrJD+4kuRc1gq$QmM=lpkDNydl%*PIPUGy zo#G|`tE;FI(Y2k9J!h|V+u+=o&gJV=KxX2~@kxD6xiBH;O48ohE+9{p_9RF};YE?g zuOun9?2-YB&C(rtQ zcKjQHZZgX+u{^_rboM50Z4_MY-(_WOaNpdey{dApS4`Tq@5AO1I;_Lu zwvcwjD)5XEBvQFdNVBM2DMipvUl1d?mh2<&{l7Dm5Q8 zBxdPcnVq3@^|{K{StLiIxvD8BQpzG}#G3r(0WPeRXkp=4TsYt zs|K@6SzOkNb*6W-hVJ2_6k%g{roHm^=7mIK zgPX`1Eh~5}_%?Z_%;cyJd~^jM5oA_SQ}wTB^g$CZ*I9&SLLQL^T`A!pbafZ%^lJ=Wob{w;)BmM1 z9OZxipDF_jhV@k=eXzlYN2lc2GPASKJ|pDUj|Jng{N#h?>+k!8iX9E5uMiLsfWiD7 zOH!rw8biN!Uspf8e~ZC*omky6oTU^IAMgoSHT@6_X<+giwQSI?5a+j}>c1WBX_g zPlOI?rZ`cFWXFevzl4S)jd&JJyA3m&;3X`T=~_c+@q?g6Z(pfGW|@jz_1x`ORq3LY-?|qeAB&5xt8B$NzmI9vwVuB~zz{!Po|nZW&?>gAF$n-8 zB0C!X5GasuN?Gib&1E=`Jg-ZSx#+ejU&=5NxV1q_B0I?U{*_U8f^QT{-x7gVJzOa- zpTB>xIFasOVh+(#Z*&az^s};xzKNOoACn$A z11Ofm9I%IQ@oni3o-NJsJ(87;h=~F}Oyd}Tr|_+Blp=xEy{h24X!uSh4SX<}UrClk zWsQq+rc`=d;6Gz&o?O1%aD2jDj&H5hh4G(7M9j_rX_L?Ib^cA5yt`C;&(^1CA!ayK zm?c!c<%@A^6X%yhPcsCXVB}Gya*%BekVk`FSJN%oM?<=5@3s7;x->4ByDPdZY0C>n zhxS{;d(Pi9lj3WH=zYzWX6erTNHgt>qX5Z=-%UO!01!OTWFf)53JK-uXA=}*vK%o$ zyl!al7ZEcJ9DY_4RMN`~4*K2P%CiBLAfAzJ>&IJ9J^WOXE7c-Z8#eT|ZqXjL78mT)}D3*Y`=?O9lTy8W3uYDw=oQAtv0K&CMdBqIVuYXG@H^#4hK0GbD;5Dmj@OY%|Codv6-3`rD{qfTh## z{P3nV)&EqkasIu1xPQ;ENtIOs@3YYDCU+z|*ph$32U#A_*DxEU`pG{MS5R|aIN38S zU~@N}ssfl(2Lcv*(~y~p004pgJNA5m8?K+MRmvpJ9<;RN{hpOAv!vuao6++j>tg|F z+c9WcM;P^b^_9=}S;F29Sk?W;Ffi+^5YAHPlC%2kf{CO~{7nbJ7ouT6oG!!m`0+J> zfcg1QWIpK?G}c%I`QNZIJtHD6);#j(vH{#YBvxlW9gXc}oLvG0TKL0EiEk%rp^4KEmY`m)rp(JYzKFfV^Fc{0CTX3` zZe)p8dbjwGwdsb9kAq94N~wm*we#C}=4{qTg7PlAQ{|RZO4u?w^LK-}`S~2K{Pgte z;tL{83p)S_YrXlwWodru{jkbTD%uKnPA>A}(PE2|yMs7I5pc8bw_(c?7$^ea0c+`q z?$7l%F9a_F8$1=BZ3qcIc8~hl6`(NhVKfySyvNQ7??Liii0=s0Bh$p~L&oD=BQqJ& zctw8{@r5FMFm|@)twduuCbgSlu?vSkhF-Px=JQ+gzs-x|VqdJIh+8=KfSQA2~#^ zUvm1RC}gUXn)lc3H- zIF+_RsDq+@*szYILN091x#$3y7El~;nkfTvjW;Tbu+^3sbyq)d0tja=vfY}GdhzpP zlaQV-i>@=9rEG47hTyY$TM-HyT*#Skld4hDh(kfE;B(wkN7r;GDGIuy6e-;aYsT=A z=llaU`2cvPG#!XFHu`8Q z*dB<)M&p8Gw4yj>_sfE5B}^hC#BaGD4C=Q4D^N}*`i@INdr6j#l*icVW4p%6&+Qoh z{fpv_08RatZ2fb34Jm#MOb+gky;Sari5bF;LJrKo6k*e^=5R5el?PpaAFK8>o0$!t z6)G>!&+$YpPx|F9TiSGyp|FJ!#S9#KLMBf*U~fQJt6r^45VyDBHHPY88lW7=9i5jI zqHDXjDQ(ea1jM<|rK!yjTL)~u+TDUzkuttb+BF-!ogNS)C98&}b~{JMZqX8_`z0!7 zl~WW<0@0g?`|(^yW1f!M^eBhPk&;tYJ$NJaCBCa`(OK??tpF(gJn<63Ks7*?8w%|W zbFn5h8K)zP=@cEVyiAN}pSB+Y`Th$XQupF>kNUeLk+0Eybs?IuWNR}ZgIe-zTI{!M zOcJNhTo&mh>OG5ARKaNL+icW;J;t51IdJMX`m9+S3I9G`K$cMe*Ud1Sp$_p&t&5Fj zd2QmMO+9*`r&OR8jJ>>T$6~(Iolk(NI6zY3AY@e+lVlRE5?azt{$argumD9=<+x{%*M>J5B|MB>+knS&gXh`DZQrF(bi?_C>`G@?` z>)Hnrx~wmEU5T^4et$Js#UtreUHlQJ;kW6b>yxsUSdPk_9A+rtkQh-hO!=r4-}(