From 5a4846e4a27c13678d06052d1724bd78e1a74866 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 10:42:31 +0530 Subject: [PATCH 01/84] updated three changes --- .../bitlocker/bcd-settings-and-bitlocker.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 7dd0eb0898..876cf87f79 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -18,14 +18,14 @@ ms.date: 02/28/2019 ms.custom: bitlocker --- -# BCD settings and BitLocker +# Boot Configuration Data settings and BitLocker **Applies to** - Windows 10 -This topic for IT professionals describes the BCD settings that are used by BitLocker. +This topic for IT professionals describes the Boot Configuration Data (BCD) settings that are used by BitLocker. -When protecting data at rest on an operating system volume, during the boot process BitLocker verifies that the security sensitive boot configuration data (BCD) settings have not changed since BitLocker was last enabled, resumed, or recovered. +When protecting data at rest on an operating system volume, during the boot process BitLocker verifies that the security sensitive BCD settings have not changed since BitLocker was last enabled, resumed, or recovered. ## BitLocker and BCD Settings From 73105181a182d03ed2786da8e9bfa0aea77d6050 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 13:27:03 +0530 Subject: [PATCH 02/84] Update bitlocker-basic-deployment.md Changed instances of "volumes" to "drives" and "volume" to "partition" depending on the context. --- .../bitlocker/bitlocker-basic-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 1167e9121a..2ee647806e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -27,7 +27,7 @@ This topic for the IT professional explains how BitLocker features can be used t ## Using BitLocker to encrypt volumes -BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data volumes. To support fully encrypted operating system volumes, BitLocker uses an unencrypted system volume for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. +BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data drives. To support fully encrypted operating system drives, BitLocker uses an unencrypted system partition for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. In the event that the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes. From 4c82c1ab3ed15514f17ceef3a9208662032db858 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:03:33 +0530 Subject: [PATCH 03/84] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 6de06c740a..58a32fafe6 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -43,7 +43,7 @@ Before Windows starts, you must rely on security features implemented as part of ### Trusted Platform Module -A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. +A trusted platform module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. On some platforms, TPM can alternatively be implemented as a part of secure firmware. BitLocker binds encryption keys with the TPM to ensure that a computer has not been tampered with while the system was offline. For more info about TPM, see [Trusted Platform Module](https://docs.microsoft.com/windows/device-security/tpm/trusted-platform-module-overview). From f8d98a189eb44481869a6567fea85b46f4a85278 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:06:46 +0530 Subject: [PATCH 04/84] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 58a32fafe6..868d7192fc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -126,7 +126,7 @@ For SBP-2 and 1394 (a.k.a. Firewire), refer to the “SBP-2 Mitigation” sectio ## Attack countermeasures -This section covers countermeasures for specific types attacks. +This section covers countermeasures for specific types of attacks. ### Bootkits and rootkits @@ -172,7 +172,7 @@ Mitigation: Targeted attack with plenty of time; this attacker will open the case, will solder, and will use sophisticated hardware or software. Mitigation: -- Pre-boot authentication set to TPM with a PIN protector (with a sophisticated alphanumeric PIN to help the TPM anti-hammering mitigation). +- Pre-boot authentication set to TPM with a PIN protector (with a sophisticated alphanumeric PIN [enhanced pin] to help the TPM anti-hammering mitigation). -And- From af75f977e4678298edae82a02296678b3f8b93a5 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:19:41 +0530 Subject: [PATCH 05/84] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 868d7192fc..981252ffbf 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -162,7 +162,7 @@ The following sections cover mitigations for different types of attackers. Physical access may be limited by a form factor that does not expose buses and memory. For example, there are no external DMA-capable ports, no exposed screws to open the chassis, and memory is soldered to the mainboard. -This attacker of opportunity does not use destructive methods or sophisticated forensics hardware/software. +This attacker of opportunity does not use destructive methods or sophisticated forensics hardware/software. Mitigation: - Pre-boot authentication set to TPM only (the default) From 5965d132940474f3efe746f4a31d6551e01f96d5 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:37:16 +0530 Subject: [PATCH 06/84] Update bitlocker-device-encryption-overview-windows-10.md --- .../bitlocker-device-encryption-overview-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 34008453ad..358ea6cfab 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -23,7 +23,7 @@ ms.custom: bitlocker - Windows 10 This topic explains how BitLocker Device Encryption can help protect data on devices running Windows 10. -For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). +For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies. From 935da0cab817be752421fae427198c454f7d0f1b Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Fri, 11 Sep 2020 12:22:35 -0400 Subject: [PATCH 07/84] matching structure of page w mtp version --- .../advanced-hunting-overview.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md index e6feab4594..a47f8836ee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md @@ -18,6 +18,7 @@ ms.topic: article --- # Proactively hunt for threats with advanced hunting + **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -25,15 +26,17 @@ ms.topic: article Advanced hunting is a query-based threat-hunting tool that lets you explore raw data for the last 30 days. You can proactively inspect events in your network to locate interesting indicators and entities. The flexible access to data facilitates unconstrained hunting for both known and potential threats. -You can use the same threat-hunting queries to build custom detection rules. These rules run automatically to check for and respond to various events and system states, including suspected breach activity and misconfigured devices. - -## Get started with advanced hunting Watch this video for a quick overview of advanced hunting and a short tutorial that will get you started fast. -

+
+
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bGqo] -You can also go through each of the following steps to ramp up your advanced hunting knowledge. +You can use the same threat-hunting queries to build custom detection rules. These rules run automatically to check for and respond to various events and system states, including suspected breach activity and misconfigured devices. + +## Get started with advanced hunting + +Go through the following steps to ramp up your advanced hunting knowledge. | Learning goal | Description | Resource | |--|--|--| @@ -44,15 +47,18 @@ You can also go through each of the following steps to ramp up your advanced hun | **Learn about custom detections** | Understand how you can use advanced hunting queries to trigger alerts and apply response actions automatically. | - [Custom detections overview](overview-custom-detections.md)
- [Custom detection rules](custom-detection-rules.md) | ## Data freshness and update frequency + Advanced hunting data can be categorized into two distinct types, each consolidated differently: - **Event or activity data**—populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to Microsoft Defender ATP. - **Entity data**—populates tables with consolidated information about users and devices. To provide fresh data, tables are updated every 15 minutes with any new information, adding rows that might not be fully populated. Every 24 hours, data is consolidated to insert a record that contains the latest, most comprehensive data set about each entity. ## Time zone + All time information in advanced hunting is currently in the UTC time zone. ## Related topics + - [Learn the query language](advanced-hunting-query-language.md) - [Work with query results](advanced-hunting-query-results.md) - [Use shared queries](advanced-hunting-shared-queries.md) From 729662d01c945932df92c0e00c93c7bd8aaeb73d Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Fri, 11 Sep 2020 13:47:57 -0400 Subject: [PATCH 08/84] added link to sync with mtp version of page --- .../advanced-hunting-query-language.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md index 1b1ce276f6..745a27a3e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md @@ -22,7 +22,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-schema-reference.md) specifically structured for advanced hunting. To understand these concepts better, run your first query. @@ -177,7 +177,6 @@ For detailed information about the query language, see [Kusto query language doc ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) - [Work with query results](advanced-hunting-query-results.md) +- [Use shared queries](advanced-hunting-shared-queries) - [Understand the schema](advanced-hunting-schema-reference.md) - [Apply query best practices](advanced-hunting-best-practices.md) - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink) From 5634415d8518ef962a12253a9d6351d14eedc695 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Fri, 11 Sep 2020 17:44:25 -0400 Subject: [PATCH 09/84] added details on gui to sync w mtp version --- .../advanced-hunting-query-results.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md index f036dd4418..48b42d3ae7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md @@ -113,6 +113,12 @@ After running a query, select **Export** to save the results to local file. Your ## Drill down from query results To view more information about entities, such as devices, files, users, IP addresses, and URLs, in your query results, simply click the entity identifier. This opens a detailed profile page for the selected entity. +To quickly inspect a record in your query results, select the corresponding row to open the Inspect record panel. The panel provides the following information based on the selected record: + +- **Assets** — A summarized view of the main assets (mailboxes, devices, and users) found in the record, enriched with available information, such as risk and exposure levels +- **Process tree** — A chart generated for records with process information and enriched using available contextual information; in general, queries that return more columns can result in richer process trees. +- **All details** — Lists all the values from the columns in the record + ## Tweak your queries from the results Right-click a value in the result set to quickly enhance your query. You can use the options to: @@ -123,9 +129,9 @@ Right-click a value in the result set to quickly enhance your query. You can use ![Image of advanced hunting result set](images/advanced-hunting-results-filter.png) ## Filter the query results -The filters displayed to the right provide a summary of the result set. Each column has its own section that lists the distinct values found for that column and the number of instances. +The filters displayed in the right pane provide a summary of the result set. Every column has its own section in the pane, each of which lists the values found in that column, and the number of instances. -Refine your query by selecting the `+` or `-` buttons on the values that you want to include or exclude and then selecting **Run query**. +Refine your query by selecting the `+` or `-` buttons on the values that you want to include or exclude. Then selecting **Run query**. ![Image of advanced hunting filter](images/advanced-hunting-filter.png) From 9ca73b9629fd59f59300d5f00f8d9d7910810c02 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Mon, 14 Sep 2020 11:11:55 -0400 Subject: [PATCH 10/84] added missing links to sync with mtp version of page --- .../advanced-hunting-shared-queries.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index 677a74ca65..b6708da962 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -63,4 +63,8 @@ Microsoft security researchers regularly share advanced hunting queries in a [de ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) -- [Learn the query language](advanced-hunting-query-language.md) \ No newline at end of file +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Custom detections overview](overview-custom-detections.md) From fd5f4dfaf6188b04ab5800821f156f6c38809353 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Mon, 14 Sep 2020 12:12:20 -0400 Subject: [PATCH 11/84] making link lists more consistent --- .../advanced-hunting-schema-reference.md | 7 ++++++- .../advanced-hunting-shared-queries.md | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index 0e2f6811ad..b491e184ab 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -61,13 +61,18 @@ Table and column names are also listed within the Microsoft Defender Security Ce | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events | | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Microsoft Defender Antivirus and exploit protection | | **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints | +| **[DynamicEventCollection]()** | | +| **[DeviceInventory]()** | | | **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products | | **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available | | **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices | | **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks | +| **[DeviceInternetFacing]()** | | ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) -- [Work with query results](advanced-hunting-query-results.md) - [Learn the query language](advanced-hunting-query-language.md) +- [Work with query results](advanced-hunting-query-results.md) +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Custom detections overview](overview-custom-detections.md) - [Advanced hunting data schema changes](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index b6708da962..62bb73dd6e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -64,7 +64,7 @@ Microsoft security researchers regularly share advanced hunting queries in a [de ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) - [Learn the query language](advanced-hunting-query-language.md) +- [Work with query results](advanced-hunting-query-results.md) - [Understand the schema](advanced-hunting-schema-reference.md) - [Apply query best practices](advanced-hunting-best-practices.md) -- [Apply query best practices](advanced-hunting-best-practices.md) - [Custom detections overview](overview-custom-detections.md) From 92beced4d2eb2ea2138de0b486e70283fad66460 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 16 Sep 2020 17:28:34 -0400 Subject: [PATCH 12/84] added content wholesale from mtp version of best practices --- .../advanced-hunting-best-practices.md | 238 +++++++++++++++--- 1 file changed, 210 insertions(+), 28 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 669be788ad..54a2423525 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -20,52 +20,201 @@ ms.topic: article # Advanced hunting query best practices **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink) +- Microsoft Threat Protection -## Optimize query performance -Apply these recommendations to get results faster and avoid timeouts while running complex queries. -- When trying new queries, always use `limit` to avoid extremely large result sets. You can also initially assess the size of the result set using `count`. -- Use time filters first. Ideally, limit your queries to seven days. -- Put filters that are expected to remove most of the data in the beginning of the query, right after the time filter. -- Use the `has` operator over `contains` when looking for full tokens. -- Look in a specific column rather than running full text searches across all columns. -- When joining tables, specify the table with fewer rows first. -- `project` only the necessary columns from tables you've joined. +Apply these recommendations to get results faster and avoid timeouts while running complex queries. For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/azure/kusto/query/best-practices). ->[!TIP] ->For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/azure/kusto/query/best-practices). +## General guidance -## Query tips and pitfalls +- **Size new queries**—If you suspect that a query will return a large result set, assess it first using the [count operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/countoperator). Use [limit](https://docs.microsoft.com/azure/data-explorer/kusto/query/limitoperator) or its synonym `take` to avoid large result sets. -### Queries with process IDs -Process IDs (PIDs) are recycled in Windows and reused for new processes. On their own, they can't serve as unique identifiers for specific processes. To get a unique identifier for a process on a specific device, use the process ID together with the process creation time. When you join or summarize data around processes, include columns for the device identifier (either `DeviceId` or `DeviceName`), the process ID (`ProcessId` or `InitiatingProcessId`), and the process creation time (`ProcessCreationTime` or `InitiatingProcessCreationTime`). +- **Apply filters early**—Apply time filters and other filters to reduce the data set, especially before using transformation and parsing functions, such as [substring()](https://docs.microsoft.com/azure/data-explorer/kusto/query/substringfunction), [replace()](https://docs.microsoft.com/azure/data-explorer/kusto/query/replacefunction), [trim()](https://docs.microsoft.com/azure/data-explorer/kusto/query/trimfunction), [toupper()](https://docs.microsoft.com/azure/data-explorer/kusto/query/toupperfunction), or [parse_json()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsejsonfunction). In the example below, the parsing function [extractjson()](https://docs.microsoft.com/azure/data-explorer/kusto/query/extractjsonfunction) is used after filtering operators have reduced the number of records. + + ```kusto + DeviceEvents + | where Timestamp > ago(1d) + | where ActionType == "UsbDriveMount" + | where DeviceName == "user-desktop.domain.com" + | extend DriveLetter = extractjson("$.DriveLetter", AdditionalFields) + ``` + +- **Has beats contains**—To avoid searching substrings within words unnecessarily, use the `has` operator instead of `contains`. [Learn about string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators) + +- **Look in specific columns**—Look in a specific column rather than running full text searches across all columns. Don't use `*` to check all columns. + +- **Case-sensitive for speed**—Case-sensitive searches are more specific and generally more performant. Names of case-sensitive [string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators), such as `has_cs` and `contains_cs`, generally end with `_cs`. You can also use the case-sensitive equals operator `==` instead of `~=`. + +- **Parse, don't extract**—Whenever possible, use the [parse operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/parseoperator) or a parsing function like [parse_json()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsejsonfunction). Avoid the `matches regex` string operator or the [extract() function](https://docs.microsoft.com/azure/data-explorer/kusto/query/extractfunction), both of which use regular expression. Reserve the use of regular expression for more complex scenarios. [Read more about parsing functions](#parse-strings) + +- **Filter tables not expressions**—Don't filter on a calculated column if you can filter on a table column. + +- **No three-character terms**—Avoid comparing or filtering using terms with three characters or fewer. These terms are not indexed and matching them will require more resources. + +- **Project selectively**—Make your results easier to understand by projecting only the columns you need. Projecting specific columns prior to running [join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator) or similar operations also helps improve performance. + +## Optimize the `join` operator + +The [join operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator) merges rows from two tables by matching values in specified columns. Apply these tips to optimize queries that use this operator. + +- **Smaller table to your left**—The `join` operator matches records in the table on the left side of your join statement to records on the right. By having the smaller table on the left, fewer records will need to be matched, thus speeding up the query. + + In the table below, we reduce the left table `DeviceLogonEvents` to cover only three specific devices before joining it with `IdentityLogonEvents` by account SIDs. + + ```kusto + DeviceLogonEvents + | where DeviceName in ("device-1.domain.com", "device-2.domain.com", "device-3.domain.com") + | where ActionType == "LogonFailed" + | join + (IdentityLogonEvents + | where ActionType == "LogonFailed" + | where Protocol == "Kerberos") + on AccountSid + ``` + +- **Use the inner-join flavor**—The default [join flavor](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-flavors) or the [innerunique-join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#innerunique-join-flavor) deduplicates rows in the left table by the join key before returning a row for each match to the right table. If the left table has multiple rows with the same value for the `join` key, those rows will be deduplicated to leave a single random row for each unique value. + + This default behavior can leave out important information from the left table that can provide useful insight. For example, the query below will only show one email containing a particular attachment, even if that same attachment was sent using multiple emails messages: + + ```kusto + EmailAttachmentInfo + | where Timestamp > ago(1h) + | where Subject == "Document Attachment" and FileName == "Document.pdf" + | join (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 + ``` + + To address this limitation, we apply the [inner-join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#inner-join-flavor) flavor by specifying `kind=inner` to show all rows in the left table with matching values in the right: + + ```kusto + EmailAttachmentInfo + | where Timestamp > ago(1h) + | where Subject == "Document Attachment" and FileName == "Document.pdf" + | join kind=inner (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 + ``` + +- **Join records from a time window**—When investigating security events, analysts look for related events that occur around the same time period. Applying the same approach when using `join` also benefits performance by reducing the number of records to check. + + The query below checks for logon events within 30 minutes of receiving a malicious file: + + ```kusto + EmailEvents + | where Timestamp > ago(7d) + | where MalwareFilterVerdict == "Malware" + | project EmailReceivedTime = Timestamp, Subject, SenderFromAddress, AccountName = tostring(split(RecipientEmailAddress, "@")[0]) + | join ( + DeviceLogonEvents + | where Timestamp > ago(7d) + | project LogonTime = Timestamp, AccountName, DeviceName + ) on AccountName + | where (LogonTime - EmailReceivedTime) between (0min .. 30min) + ``` + +- **Apply time filters on both sides**—Even if you're not investigating a specific time window, applying time filters on both the left and right tables can reduce the number of records to check and improve `join` performance. The query below applies `Timestamp > ago(1h)` to both tables so that it joins only records from the past hour: + + ```kusto + EmailAttachmentInfo + | where Timestamp > ago(1h) + | where Subject == "Document Attachment" and FileName == "Document.pdf" + | join kind=inner (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 + ``` + +- **Use hints for performance**—Use hints with the `join` operator to instruct the backend to distribute load when running resource-intensive operations. [Learn more about join hints](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-hints) + + For example, the **[shuffle hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/shufflequery)** helps improve query performance when joining tables using a key with high cardinality—a key with many unique values—such as the `AccountObjectId` in the query below: + + ```kusto + IdentityInfo + | where JobTitle == "CONSULTANT" + | join hint.shufflekey = AccountObjectId + (IdentityDirectoryEvents + | where Application == "Active Directory" + | where ActionType == "Private data retrieval") + on AccountObjectId + ``` + + The **[broadcast hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/broadcastjoin)** helps when the left table is small (up to 100,000 records) and the right table is extremely large. For example, the query below is trying to join a few emails that have specific subjects with _all_ messages containing links in the `EmailUrlInfo` table: + + ```kusto + EmailEvents + | where Subject in ("Warning: Update your credentials now", "Action required: Update your credentials now") + | join hint.strategy = broadcast EmailUrlInfo on NetworkMessageId + ``` + +## Optimize the `summarize` operator + +The [summarize operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/summarizeoperator) aggregates the contents of a table. Apply these tips to optimize queries that use this operator. + +- **Find distinct values**—In general, use `summarize` to find distinct values that can be repetitive. It can be unnecessary to use it to aggregate columns that don't have repetitive values. + + While a single email can be part of multiple events, the example below is _not_ an efficient use of `summarize` because a network message ID for an individual email always comes with a unique sender address. + + ```kusto + EmailEvents + | where Timestamp > ago(1h) + | summarize by NetworkMessageId, SenderFromAddress + ``` + + The `summarize` operator can be easily replaced with `project`, yielding potentially the same results while consuming fewer resources: + + ```kusto + EmailEvents + | where Timestamp > ago(1h) + | project NetworkMessageId, SenderFromAddress + ``` + + The following example is a more efficient use of `summarize` because there can be multiple distinct instances of a sender address sending email to the same recipient address. Such combinations are less distinct and are likely to have duplicates. + + ```kusto + EmailEvents + | where Timestamp > ago(1h) + | summarize by SenderFromAddress, RecipientEmailAddress + ``` + +- **Shuffle the query**—While `summarize` is best used in columns with repetitive values, the same columns can also have _high cardinality_ or large numbers of unique values. Like the `join` operator, you can also apply the [shuffle hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/shufflequery) with `summarize` to distribute processing load and potentially improve performance when operating on columns with high cardinality. + + The query below uses `summarize` to count distinct recipient email address, which can run in the hundreds of thousands in large organizations. To improve performance, it incorporates `hint.shufflekey`: + + ```kusto + EmailEvents + | where Timestamp > ago(1h) + | summarize hint.shufflekey = RecipientEmailAddress count() by Subject, RecipientEmailAddress + ``` + +## Query scenarios + +### Identify unique processes with process IDs + +Process IDs (PIDs) are recycled in Windows and reused for new processes. On their own, they can't serve as unique identifiers for specific processes. + +To get a unique identifier for a process on a specific machine, use the process ID together with the process creation time. When you join or summarize data around processes, include columns for the machine identifier (either `DeviceId` or `DeviceName`), the process ID (`ProcessId` or `InitiatingProcessId`), and the process creation time (`ProcessCreationTime` or `InitiatingProcessCreationTime`) The following example query finds processes that access more than 10 IP addresses over port 445 (SMB), possibly scanning for file shares. +Example query: + ```kusto DeviceNetworkEvents | where RemotePort == 445 and Timestamp > ago(12h) and InitiatingProcessId !in (0, 4) -| summarize RemoteIPCount=dcount(RemoteIP) by DeviceName, InitiatingProcessId, InitiatingProcessCreationTime, InitiatingProcessFileName +| summarize RemoteIPCount=dcount(RemoteIP) by DeviceName, InitiatingProcessId +InitiatingProcessCreationTime, InitiatingProcessFileName | where RemoteIPCount > 10 ``` The query summarizes by both `InitiatingProcessId` and `InitiatingProcessCreationTime` so that it looks at a single process, without mixing multiple processes with the same process ID. -### Queries with command lines -Command lines can vary. When applicable, filter on file names and do fuzzy matching. +### Query command lines -There are numerous ways to construct a command line to accomplish a task. For example, an attacker could reference an image file with or without a path, without a file extension, using environment variables, or with quotes. In addition, the attacker could also change the order of parameters or add multiple quotes and spaces. +There are numerous ways to construct a command line to accomplish a task. For example, an attacker could reference an image file without a path, without a file extension, using environment variables, or with quotes. The attacker could also change the order of parameters or add multiple quotes and spaces. -To create more durable queries using command lines, apply the following practices: +To create more durable queries around command lines, apply the following practices: -- Identify the known processes (such as *net.exe* or *psexec.exe*) by matching on the filename fields, instead of filtering on the command-line field. +- Identify the known processes (such as *net.exe* or *psexec.exe*) by matching on the file name fields, instead of filtering on the command-line itself. +- Parse command-line sections using the [parse_command_line() function](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-command-line) - When querying for command-line arguments, don't look for an exact match on multiple unrelated arguments in a certain order. Instead, use regular expressions or use multiple separate contains operators. -- Use case insensitive matches. For example, use `=~`, `in~`, and `contains` instead of `==`, `in` and `contains_cs` -- To mitigate DOS command-line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. Note that there are more complex DOS obfuscation techniques that require other approaches, but these can help address the most common ones. +- Use case insensitive matches. For example, use `=~`, `in~`, and `contains` instead of `==`, `in`, and `contains_cs`. +- To mitigate command-line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. There are more complex obfuscation techniques that require other approaches, but these tweaks can help address common ones. -The following examples show various ways to construct a query that looks for the file *net.exe* to stop the Windows Defender Firewall service: +The following examples show various ways to construct a query that looks for the file *net.exe* to stop the firewall service "MpsSvc": ```kusto // Non-durable query - do not use @@ -73,7 +222,7 @@ DeviceProcessEvents | where ProcessCommandLine == "net stop MpsSvc" | limit 10 -// Better query - filters on filename, does case-insensitive matches +// Better query - filters on file name, does case-insensitive matches DeviceProcessEvents | where Timestamp > ago(7d) and FileName in~ ("net.exe", "net1.exe") and ProcessCommandLine contains "stop" and ProcessCommandLine contains "MpsSvc" @@ -84,9 +233,42 @@ DeviceProcessEvents | where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" ``` ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) +### Ingest data from external sources + +To incorporate long lists or large tables into your query, use the [externaldata operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/externaldata-operator) to ingest data from a specified URI. You can get data from files in TXT, CSV, JSON, or [other formats](https://docs.microsoft.com/azure/data-explorer/ingestion-supported-formats). The example below shows how you can utilize the extensive list of malware SHA-256 hashes provided by MalwareBazaar (abuse.ch) to check attachments on emails: + +```kusto +let abuse_sha256 = (externaldata(sha256_hash: string ) +[@"https://bazaar.abuse.ch/export/txt/sha256/recent/"] +with (format="txt")) +| where sha256_hash !startswith "#" +| project sha256_hash; +abuse_sha256 +| join (EmailAttachmentInfo +| where Timestamp > ago(1d) +) on $left.sha256_hash == $right.SHA256 +| project Timestamp,SenderFromAddress,RecipientEmailAddress,FileName,FileType, +SHA256,MalwareFilterVerdict,MalwareDetectionMethod +``` + +### Parse strings + +There are various functions you can use to efficiently handle strings that need parsing or conversion. + +| String | Function | Usage example | +|--|--|--| +| Command-lines | [parse_command_line()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-command-line) | Extract the command and all arguments. | +| Paths | [parse_path()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsepathfunction) | Extract the sections of a file or folder path. | +| Version numbers | [parse_version()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-versionfunction) | Deconstruct a version number with up to four sections and up to eight characters per section. Use the parsed data to compare version age. | +| IPv4 addresses | [parse_ipv4()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-ipv4function) | Convert an IPv4 address to a long integer. To compare IPv4 addresses without converting them, use [ipv4_compare()](https://docs.microsoft.com/azure/data-explorer/kusto/query/ipv4-comparefunction). | +| IPv6 addresses | [parse_ipv6()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-ipv6function) | Convert an IPv4 or IPv6 address to the canonical IPv6 notation. To compare IPv6 addresses, use [ipv6_compare()](https://docs.microsoft.com/azure/data-explorer/kusto/query/ipv6-comparefunction). | + +To learn about all supported parsing functions, [read about Kusto string functions](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalarfunctions#string-functions). ## Related topics + - [Advanced hunting overview](advanced-hunting-overview.md) - [Learn the query language](advanced-hunting-query-language.md) -- [Understand the schema](advanced-hunting-schema-reference.md) \ No newline at end of file +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Work with query results](advanced-hunting-query-results.md) +- [Custom detections overview](overview-custom-detections.md) From de14f98b3255184a699341c44468f650663efe58 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 17 Sep 2020 15:55:42 -0400 Subject: [PATCH 13/84] added take-actions.md --- .../advanced-hunting-best-practices.md | 6 +- .../advanced-hunting-take-action.md | 83 ++++++++++++++++++ .../images/ah-take-actions.png | Bin 0 -> 50595 bytes 3 files changed, 87 insertions(+), 2 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ah-take-actions.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 54a2423525..412c20d764 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -21,7 +21,9 @@ ms.topic: article **Applies to:** -- Microsoft Threat Protection +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) Apply these recommendations to get results faster and avoid timeouts while running complex queries. For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/azure/kusto/query/best-practices). @@ -39,7 +41,7 @@ Apply these recommendations to get results faster and avoid timeouts while runni | extend DriveLetter = extractjson("$.DriveLetter", AdditionalFields) ``` -- **Has beats contains**—To avoid searching substrings within words unnecessarily, use the `has` operator instead of `contains`. [Learn about string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators) +- ***Has* beats *contains*** —To avoid searching substrings within words unnecessarily, use the `has` operator instead of `contains`. [Learn about string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators) - **Look in specific columns**—Look in a specific column rather than running full text searches across all columns. Don't use `*` to check all columns. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md new file mode 100644 index 0000000000..d12e51c9d8 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md @@ -0,0 +1,83 @@ +--- +title: Take action on advanced hunting query results in Microsoft Threat Protection +description: Quickly address threats and affected assets in your advanced hunting query results +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: microsoft-365-enterprise +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: +- NOCSH +ms.author: lomayor +author: lomayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Take action on advanced hunting query results + +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) + +You can quickly contain threats or address compromised assets that you find in [advanced hunting](advanced-hunting-overview.md) using powerful and comprehensive action options. With these options, you can: + +- Take various actions on devices +- Quarantine files + +## Required permissions + +To be able to take action through advanced hunting, you need a role in Microsoft Defender ATP with [permissions to submit remediation actions on devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#permission-options). If you can't take action, contact a global administrator about getting the following permission: + +*Active remediation actions > Threat and vulnerability management - Remediation handling* + +## Take various actions on devices + +You can take the following actions on devices identified by the `DeviceId` column in you query results: + +- Isolate affected devices to contain an infection or prevent attacks from moving laterally +- Collect investigation package to obtain more forensic information +- Run an antivirus scan to find and remove threats using the latest security intelligence updates +- Initiate an automated investigation to check and remediate threats on the device and possibly other affected devices +- Restrict app execution to only Microsoft-signed executable files, preventing subsequent threat activity through malware or other untrusted executables + +To learn more about how these response actions are performed through Microsoft Defender ATP, [read about response actions on devices](respond-machine-alerts.md). + +## Quarantine files + +You can deploy the *quarantine* action on files so that they are automatically quarantined when encountered. When selecting this action, you can choose between the following columns to identify which files in your query results to quarantine: + +- `SHA1` — In most advanced hunting tables, this is the SHA-1 of the file that was affected by the recorded action. For example, if a file was copied, this would be the copied file. +- `InitiatingProcessSHA1` — In most advanced hunting tables, this is the file responsible for initiating the recorded action. For example, if a child process was launched, this would be the parent process. +- `SHA256` — This is the SHA-256 equivalent of the file identified by the `SHA1` column. +- `InitiatingProcessSHA256` — This is the SHA-256 equivalent of the file identified by the `InitiatingProcessSHA1` column. + +To learn more about how quarantine actions are taken and how files can be restored, [read about response actions on files](respond-file-alerts.md). + +>[!NOTE] +>To locate files and quarantine them, the query results should also include `DeviceId` values as device identifiers. + +## Take action + +To take any of the described actions, select one or more records in your query results and then select **Take actions**. A wizard will guide you through the process of selecting and then submitting your preferred actions. + +![Image of selected record with panel for inspecting the record](images/ah-take-actions.png) + +## Review actions taken + +Each action is individually recorded in the action center, under **Action center** > **History** ([security.microsoft.com/action-center/history](https://security.microsoft.com/action-center/history)). Go to the action center to check the status of each action. + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Work with query results](advanced-hunting-query-results.md) +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Custom detections overview](overview-custom-detections.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ah-take-actions.png b/windows/security/threat-protection/microsoft-defender-atp/images/ah-take-actions.png new file mode 100644 index 0000000000000000000000000000000000000000..daf9714d6e4f78a17338898d0e8f383d221c0a79 GIT binary patch literal 50595 zcmeFZ1yogC*e<#e2}MAF!XFknWa}P`dBC z{l0(vcZ_@Qxo3=f&pBh9@$Vtqz1LoAuDRYh-+JC>&QKL)Iqd7?*AWN=wt~F08UlgZ zf< zbXBcKb$wscg~VoO3l{BG!_Yxnycw`MueZ{3hQ zLiQ+Uz$#TUZ{Lt5M$wZwMlt&_%hJjU*0#^{=ee6_aQ;;Z2??&du6WY_yoN(1;{RSO22CGIi+J{Z0~2(cs)1w zWWMeSDk`=CPW>&?fKcdowxWpF9%hQ)g@D)oI+~4*jXVSX{ii>!-m~nLwzaiQn0VX0 zeDu4M29Ja!xVV^$QpBswI_&nRxDTOeShwit=sv|weiZWHvh1a-H&<0v4SD^#rP&{& z#A#91b?ryS5bv*Fzql-VNT=$a5tQ4E$~O9*2e^?(pdW6}%E`-PN=ix1Z*Sw`;zqIv zkg(LAojuoYcup3KOA{oSCN3_H=;`UXVL*(BKsSb4(cMkW&c0(iQ%7buQT8%0P$qOz zfdT&pl^~&1Fb?|{4jvvN0w(3Q`PSh1wY6&zvg$F6>STd|foU!)y@(f~1We>rQ*ok*?5^F5leTjCj%1B+k#zKesdAig?l0B@e<&?`l(kXJmSm z+?Fcg|HRG?8|1pTF^cPbxFus~m|Q#^O`yog#I)EJO0fDP11rCvfEy{JMn4*aO1Iy+CQYmvM0<(9)aENE(uH zULhfh$w~(~0qGdU-EDgkXeJ39xM+l=HlAMdV&mHAwpJ!3Pdd5qaC2vQ@x zXAyq$Rf>MxyLVU0bt9;R+%YBGVPy^02$-7E?^qEiH-X4Sxb< zS}yci>HX+MtIc%(J|U}S{+<1^kk_rZl#tpsT9#@2x(awdBf|Qi7>>VU`s!LF02pd?Hn8s$J&(Z zO3TVhW~j|W=kN~{Z5=SUHcOA9^>)?_-Kf^f`NadghF-9?traNFK&>o6c=*;lNNr$FNGD zUG9$>A&ubab|W4>{*}~QJB50cIBRQbU_CsKc4(hJf1Z4jfViWz3CCKvQJ$O~{gzi$ z1hI7(`JFR9=a61*{#Obdpjk*$i!{{FkC)?Aavp0qC$+UnPc`^Zh)Zmz)z;QJ;udFR zWfgO9bC+}l7);l=wZ1?>y%nSQ8#L&X!)!xK4H)!KGGWAAyu7lN_S5|(rgHT@-+Oxc ztDH>d&%?>?^;f%CK0n>8^rEfgH=jNPb1eDjfV1)Jija`d{FI^JxtnoqOY6s!bd@_d ziHI2MXoNkB`-95Mc`EEC(NpJq&8zj_gpqJw7g>tF{jjCVX)(ZfQ(0MgXLpx%kpA5_ zb?^DU{=q>4q=zWbEq`KW762M!y0<#;NQ8PI`d_#5jVM__kewa7)?+&;EDQ^@`}cRg z*;{w-{^(~Urj1dAe<*~)4LLhIcBZDLU`!A%GBOzR^YdT-5;JMTgvXHeq#-ANoui)h z>FHqR7(7!H_3F2YN*1DvmQSGZT--S`%)yjYRP%Flsg*rHetgljNsUAG=lW}kSSctd z_O@q@R*fIZ%X_Z-hLI2?+@TjX;v!u#R-J$f&5y2Lqe@YPG)Muj;j}7>+Qovc!`e%iVGNUO6vcS&GN; z&TAQ4m)ErQWeAsNWn|FO(@S|4B|eYHuKN#J+#$T4uV0OC*_TX2&Hg?mB@)zSP2?oA zihB5UmDfHCxWPcV?Xk(p)~{c$iAxl%Pn6r>(a_))Xkx`E2I^JX&j-`^-uW~3`I`wy z`{(z>#f_rIj`32g&d%Q6RRpDw`wg+P9aJ@SbreGVMer10 zlCy_QyUgzL3khLu^VyEQ0ACKF4H%*H^mL?_w@lZ1poqr{kRvMWr(c6{xdpBPLW|$O ze`Dg{a2)6c1qRXz3hH_qB~KLO=Lej2Nl8hSn0FJKnVE@y9+*4&y{KL9<(9J||CsV0 zZ=I{g=P(lx85y}lsgv{gweR`KwbnEtxAlNnc0J9ib8;T*R4@uHr=WE-9UUE*H*N&f z*VoU~*BkjBGbVlfXl!P7Rb5^EzWo%bv9U3cST#Q3#g$uPVl>bz=W5EYU%w*2P(DGv3?HKYrlL%E~&ryLTkqvka(!hn<_BM@gMK?gigS zm`tyqJh3s9^O^73C}`mmQ&Uu!zk6HLr#XG5w^?xhnSW$TiyaXqu4`&lH8q-5*sQFq zuA39(V{YKUT7z*ry|?SN<_}mE57AycW(kan!ULZWIG)h?hAPbB`v(|FwH!hSWrh;< zbLo)Y2c~;Wj#dLWp`*RQM`1UjIh6g;vHL+cOh#j}+@S+?r(3n{y*MIP{kMAJxfgTn zZi?i1ZQC;;!zR_JuVzPc{~ix zR)j=E$Y^VmE;$S6>+AOy=<$V9i;# z8c;EC+Pb3XQ*`qny1M-+IUJ_MJXqS!64TC`BqUiLN(Ox#2nZ$7n3R*6U~oeqGNGlT zyW;NdzB*pYG~;t<0Mi=rA}|mQ<`ufPw>L6CL~yySKQ05so+{_Fn;--u)WJ9V+#h-E zy?X?oZ(1o*1GAFNNm+?xK=BId?9z4QnIIrwK? zuDhL~mJ<*Me~KBBzP=4R4f%a;jCA;6sj0VcB5orEO-JWseDmK=s{i$g?teoWaC5t& zAOo7mZd>g$Jg(QIrTeJH z{)q#mr9b`8`1I!o+B{F5*5?Q!HuQC;z*H7~w>vD?r*!Z~P9bZE$^tb3TqYc-e|@iO;Qf4_?D zWDU_S30qUs%S&WVi&*`&=>P1(rNnnykWIIa^ykl?=!Ng0&n$Y*71vuUJLm)jiX>0@ z9N(Ip%4_j!*WLH~fl9!)%r6QTUKG4-S=J0FB>Rz|oOsncXN( zsaP^LiI!GdTicWM_g_6X3M8t0R(SCV@P9Y14RZJSafp84Ch$4gLqQ08?jQy;m7CiX zXfV5x$iRA?+F+TaF|UALpg?1Xm|HCjit+RbwoI(YYClQ}`?Y|Gh=);b&z?O)W_JUP zmlP0vuxS}+m=9(?M7(fX>>#Vcr*raT4wCI&cGlL>k+>ZlQ)2*9*DTTvTx3$FJKM%& z)1?e~nAji(0?AZP3<^wn{_1d+CSs?N{`IEJ$i86kCDlupmCIMba`aWz)wFj!g#_KU z!bQ9fA<2rByd4cO3Hji~p;!Q%2Td+CpJPsV=qTwx9Am^WDMSqv1k$A8biw z^?r0ZYg4Gdc{X8FbglEj^Y?eAwx1(MtIiW|rS~!r?mD+2MC$FnT{wkx8vg$HSU#qE zApI$UwvHZ&&i33K0z%{bU%#>{GKQ_4cILLV%l}Y3=YMwn;QR{>@5so}Sy*3GR5FL{ zVJ8g+^6s|dHAD|T+?NO=X2Y z6XbmMlr5Zr^Jmqiq`x-8kmI=X!1&1h`?`tL&h9M{5h_UAwU7hVa}U)-rzjG&CR};BKWi=N2_W{C0F21QLw)TAuRm z-#_pSRM_d&d&ivatzq%;RpK8$f<(%~;&zSu=55NpQ4g-(6ro^988duS|#+&?N>@#kK{Ruz(j+Ii?uD#_K7ZtLv0H2e2R5 zgCW~p=^GT9iFS5z;r6=_p4YB19yMo->vr1ur2`6RU}f5J)SV$FQNhhWRUWh3q}%FQz}GK8*h5drrA+&mi@Ml0CPx3PmgL{ zE<4sc(`@J<2AGVtw)Pyv?DF#RP2VZ_`YY^&>WwGh$;?Re9*GtH;CjBQf;mxU$5aPb zhD~#DaNum?(7cffmP8QljVUJxJ{)^gS;rq073J0G={yN~c5Ne5>0^-J#W6;-=n*0~ zlJe#D9IbYZE7_kve;ij;Lb!x$s>qS2?D@$xFE1|}ul+DT+8tsxPV@-I9o;bIc&IB0Y=f-+#Ic1pJR_@(>V} zo4>y@VFBQDt^VtmchS)$9)0$n71n4>OiaQ6FhYRe^|cr8V3ZK2%H2KNAPWcm_{3yq zj@GNQq`0`rAERCD^;d|=VP42-kI4x8CSCP7M3;=@1_wc=Z1;eGjY@?i42LMZ$Gf(i zon_Z%y{=9e(yAme4`K+GgK+}q=9huM0SESoj>^=yW(sf}T_fpuJr4n)Zim8&$(Qr51w)(E6l zeV>>Z_7QNM`ljCAqW3j+^VE}NW%u=KTyyk0U7VdI0U^Sn;W)ug=NQ_atklY0fjQTb zuG<&==A&R5U<29}u4J)SIXcGgSr&V2Q-@Osp+lMkz!96-T{1voRrBdwsk>)YcIz^%#agQ`JT&`bdud)WuG@R)6&w?*3+Q{FYDywROQWw?$CH%QCv`2 z>5;IdH!|G+Swg$O_uOCq_LfVz_q`lssoU@^~)z?8uXhoP4d%sj)@+ zOXWQBb?V9QCfuO$6Rzz#US0nHIz_p`e|;Y&=2msB9O<2^M;^WUe$W4`Wg)Tg%L_hi zijg8YWn~-~k3aOZEI*;k+ z@o8&Y+ttj>%#4w_tr^7k#7gl9a-JRVy_##s5K5^Y^J^NDatPawd+gjaGqYGPND*)$ zK50x7bJ=SRzBX3tKqKhB&i1SJ)-A;E-|dm2gV=fYgB4U>d%ptX$4C)qRJ5_Nv5!9X zl=I`#+=k>_*K1zmb~Gf!UzDf>larH4#q8POWDT>f`*=i1x4toyuS1|$VbAWC2U}!HsaVfA0P4Cp{TzmUW^ZqQbUsJZPHpsgK>YJ?Q)d=dQc@DjT0Sy3 z`Lf!w^IimvAgp0};viu%JUqOu+20Sd)qineq1d=pw%)GcWc|Uf@lp~*f00r1EVJ8& z;Jm*ALHB+C(!%fi8zZ3cvZS)uglAM)8)@tg4z|-Z%FwVl;PW#L#IeLJ=|ztg*VaP8 z|AvHxwXPUF4;`oJV{s?tjnb~aFVeDSQc_aVoK)@N^s`4NoJ^=fF=)f;J~`6ZNk~jO zGTy}pZ3!wVamt_xhISR*#U5VUF8bVmYlocts$uKK#?~!?2WW_X>z4(_&i8elsXl5> zOG?*W3BzSF@sMU&7>w!a9Tm>le=`&&MM}8;#ah-8T zSJ&t37kGg*)EK|1!*_HvZItw4QF?%)q0WI6b-bfzQEy^&RwIy1lvO zs+_2mw%IcXvdP(ZOs%fdEfVny)#F*~T^w5G$YRMeH1(=7idp}8D(L>}#WB{E{!BX| zL{nGPcJsuy+%9)sUfv_m5v88}Lpf>bs}{XUv~`Vc8@z~AReD@Dql$d_NNWHb9e3tv zR>yMgA)XW$aZc%DS;s17#0$8f!*JT91vNJ`SPkbArK>Rm>^djpiHUxCvi|TzM&23- zCcg0&0_)0^03XZVB$S-TCqrbZb~Ymc4ryOy{LYLCy!}IyZ;e;jCAznT-~|=>!&9wh zWDOJhVdUFCn@_2Ull_e6Yki+Qd)T@@PB8=D5dK(Vu0x*G;!Q)7!Xm=-%vr7aP@z}T z_-I6XERn)=cus3il8fxkM=3k0IPu5quU@?xqyGo+E;8_O=~>mJI3PZAc^{HXbJ-^a zc2jydH#32oxNZycp1QJ@lyuO4Aj99<Z8{gkNIIeU>;Qoid&4;x8FR6vXEd9^> zwzu`82}iVDen@+edbgj$d-z|O;Kf|?{#*GB36X#N4?z3>{nOVusH!62F{wBSx|k0i zUIWA=nKw*cLx@C$a&N;pqC3OS00&CaMZG^>USI#liOrHA`?-14$PZb|;ktpWIEDrw z%c}T!V`JLS55_H9yv4*C@hhQ1HZoZRh?$0N;uzB8LcRA20txv+sSmyIugG)Xt$GD` z-!E=Ly_AKg)$nA#k~qIZN^(DsoyYarV+m$v=GDncPOt_}Yd;w4-Jn(riWIZzrN%>! z{f0^?2=LkFi3#$NkrA-XSMJ`ud&A&Ev$>hs96-K8`7>x}=<)N5;}w1Y*Q&jP zXvBQO1F=XxDMa6fepvlTzlK92dLwlXD;$!2S{9bvT;+_%fsrX6KVm~M&vyJvhSEyb z>2~H$9M|6|g*AX?{PA%hIsKWh%ztnJY75PtoG!aESmgHCrZL9W8BX?_58QhV1{i8q zqz8zzgGmP{L`Xpz^t+q0@yYf~y`zhZzit7q_CuDKTqRniykRH}i42ygsi|>2{lNh6 z_G-B|i2iK$@|*_hYsJrYEz+~H=ouKUg7<9sV&46YC6*c~6e;Cfr z&!ghv4wcHa0+W&`rDbGjp>{(a(b2z*)GV_1R>86>cX-AeRo@T{jFS$I5a*!_esW?z zz-(MaR#>1ywE!aG(m; zCL<%`Jftm03t^l$yzII^f$YaB9a4~%gpSUOBcwvEipxd)8Uw;v15HFc5q&h!eLQdM zepO-d_wq<`y2Zgv&my;nb)z-6?~2;JPP|9Hu;i(gEou`~$M}6`qwA#j9kHK+rE7&; zOI=4ln-9@=SmMH-G~W{Y(;(AD{lNJN+%t+aIaDk})51)7;6CCBBadW1m!%np_4Um! zT2a;6%)B>PvL9*nO^;Jo34Eq?Molz673!5wnk6l9Ay4!1xrY!xJ+TP+I4JKh-kk}v zJYM+O-G=i6y{T%KtT8(f3P2$*0sEGqi%NwWO_k&P6~H;53KARzsTkn7h#e@0v`kFs zl4?Q;lB&#M_9Bqf!Va=us2tO?vE`4=Kvrh|1dwqkjFSXC6oZg&etsTeat`0~eJ$h3 zogGI|%>^i8Fd8;yMaeUG?gCKa!AVRaB^6enK=NvPIt-90?A)Q7lr%Jv0Dv2ReaF}y z^aKHwLG2O~G$^m5f{)0mV2=I@+5JnXVaOcusVBw9lir}4R-m*7QRxnzm2%vz8Rr^Eo>$vsw>fJFZ4=cI_dqmXVPA`M3{d z26fejxHwK}j%P1Y2!hJXWX&WwGS6dQV5}+DjZUDu)Cyou4pnluXB_Dd={gg%dWbd^ zEIl78xi8^y_{#BI)|8cB_ru(CeH@M{_4gb4DKaJ|bee_wp+u~jgr_wymhM|qItwSr ziW3++rOtQq45W9>FxN+mBC#oW35BHhK?~yVKgAEirU(L1%XMpttkmLr%lYXcl7^rU zs)b7<8USb`*rK;k0fN%yl{=XCEi5d+GUN@}+&5_pQL_xA<~ETIoPdCk$?M?PH8C+U zP|0i{&^Jh`S9&1ebh1rq=FmEEs$UecKE4 zD(AMhBcb*Z`>Z7&$}XlO`8vQ4xC%*J@OHy#q5K`VmSd#IC=x1rNag~+_W@gl!z@nf zlPYI-cV6hB9_ za#0paWxu0&j57Oaa-c2*L!lR9Dc1C?jmyTJjtGkQdzLs*$_Y!83V!XCj)t5ylrU@T zzK3&{W$*-5enCNmkDuO5Nm1s|qWDe5(j)c<6D#ue{LUs@d;)ozY5}=S#m1KX%MTVE zN9Pu|XJ)A)6EFx$mbdR`-#0&P9qt^a6d~8XB`OuDsr&W_=DnI&N=Xp3hz)X%X2PdBl)!MnK_x z0jlZ9!aFb>Ku|B2mdwDHES??ju1;0oGrOykGg`#<8mm=<>J?xmPMZ@vV8k#W;{}&V zC>uc@h%`umEoo|Mf|YZwmgG{|Y3~M-5OU(x?T_ebS2@x?_wjK$J+Q0a6umeyEraA0 zT!%y)he3efql$_OpeLY{^V(uUl{%c9=Q@BE^2!(6mog0v4ahz);9n~=tbYx32b1}h zK&y!|W(dYZj9Y`|fi)xl;6Yx0IhmmAos+#afAAE>tNm$JKBs^O69n!jBqSXDOmyf6 zoDX;tXt!^Fs{b4W!G$5+r}MDeqEewH-ZTsKBRt&s89W`8rR{0iO0?3kGVTqst2*rL zLp2j0Br^sUl)w4ae-Kc_{ub{)Z>@*Qd)HK3A!26~W6NtJJmTWiUqmiPV$A>2%j@tW z`lYHN&%l&w5Lli5bWQBGOqSo15$o73Z{EC#7xnQ9-PqmT1u{ycq7Q=#&~vzb&ph)D z>&Zd=@nbD5E$IRK1+G{JR4n%oj(1vd=T}!lkg*34P(V_}6&135$s$fCdrzh1J>y8b@M<^{fL)rW_WTa|EMmlRPI}P=4d>)q<^(@z##hX_kq;e~> z8n^;_C<#o703=in@L~%z#d@}yjx+(sf0juB^UYLBc!hK-@D+jZ@bH)qBY;8$8nN8og5j_JUS$XuT@q2KvCJSgGrTg{m~1JEM=B8=D&WL0lnlVEi!HvB z18WF@U}IzJPnAGbN)e^HxVZ50J4#GUYz4v}7`6`RJCaxePX05@U7(=JLD>MHyaAx2 zC>HVY^H;Ua_W=`gc?;Y3-D4IRP>;E}xfennTd9C8lZyEYPgK~20mI`nXdNh3TCopM zY34UKBao=vw{O=!3c5)Gxh-wj`a!+#avD~v*!C0(g7l!bRs;VPN>f)CCXLS?9%wx_ zJ^g384U3+5+Ns?$HuC#cFOUWpLND_g2R>lBA=z45Mm}hO0waA9+=aE=2MA1OFdwZ( z@)KqR#>U2k)i)W*cx_3Ms`+g9=lrBYV_G zE0bvKhz(KxDp#oJpN!2`Quc`I>}-p5r?|)ycdq^Px*01E>C_ZCh0lh`X9t72>4ioy z-M+S;x0v;?yupSJ_4MYc7w(k^R3*R1u%sZUThSmO<_Vv(uzZa>IoUjr zySIH;S=y5RQHBf+E|zewrs<{IZ(+@@fdM?I;Ix9~1*YW!xP`P|o;$aEFV8)IGm@T} zX#$1(uJ7N`5Ux-N0!E&=ipoupHx|$w%WTK-VO)w!OZ`hrU1EkP2nipX@w=+1s02=^ z-67Pjuq6YUQ4mZ~0-y@EFSLgl+uP%S@XSD;!E6Kdg6r;*3$`e$s?E z0|qL;^AaW$C$8r_*3I0|q6S3S)1!)JhH6X8oR;*?s>UX$LDbEBz0o`^P9y^+Cnsmw znhzW!7BO2BJj-uz<|beTpt6_JUv2}Sqn?=CWqLXT0_~DRT}`bR6i}_wp+6M`K#w=@ zg;rFQ8cP2poQBd?R#qh|nq&ah6+6yL#wR4qFGh+H-#$TRcV1DUqL`>nk#TBHd+xlH z1xj4?(IO*(-<*Ca^X8k&#!n8T^zz;gd8h%TmvWM&F~ZpE5yYgUBgFn6bQYyuD`p(m zw=do;s>YH}PqXi+T6*h0`X<$I(zs7^o*V+nh1H5}keh=5ZK@o*{6hx$9=3CxyxJm* zIbAjC9;Jw#M<({=%J24tk@gALb-9(cU2kc%>pZ!6?WZv1}px)b~Znswm znmD>R-G;y!1!B^08Zl~M(EwUb|L)zpemJL|7X*g`E*pVngtIEVc@h(6FUckKu6uc` z*2AGXm;`=W1m!_$XN|}98^Fd*x2CFrYpIy<>ijLO6wvP80B_m!;_Nu%038+W(5FbZ z{5oKgt26aNNX>(=?34Rut`E8wsBf|D_+5tEw@rR8w41MQBGC-5WCfU8nFU?pWy3NH ze&72UABQ6KKv@eTDfGKU(ZdoAcS_bAJe&ykms!y_TyR8MCb0gn2)u!eh-ik7i>vs@ zHl8mYRMt?zAZdRwy9VW&{gJgG$qh*-h3y5X;sKw(fOL)!9;n5B~x; zKa6ksD(qW5d8vU)HE;FwRY-94(NRCWs?xjtPfus+1UU4oo~+*e3k?7$GA2$;{jjCw zvx3IRMd+$6KWD9m`KDIpix&vMt&qvMG+oQrFMrSe{|yyUx?#{XXcbp)4K#?quT{pD zf2gu_boenV4RS|@zYPAl{bS}bUAvs_z!WqGh|AIjtoD3?!kRryZgn5tt+R)$vo%10oA%&u%4=bc({dR!$K+ou`}vp;^YTzF z=W)w}oW}qQ(29u}d4e~T`IoVbgvI_LZ2b@Y^cp~&)CKcpikd4< z@w5_N-RnN%G!@&Pnl@BKs`{HevtC4Qjh?8o7MU8pXL1i7eG00b#&Rn7rw=FGm?ZQf z?AVnK(*PV3F}&0FA2uGT;n1(V5m@q3;Ez2M{Xu;SO6rd*$?%o@?7%mpY(IVdM#Dcn z0cNXy_z}k8+?k>eLR?cb^JO0Mt$oKAyWd{QpZ&U;Z*=$qE`z6NdozJ1(nsc7uVvfki`B0oz3H$RxS>VSZRV{yhO27`T@z?S>;q>8@G@H z^qrqn3*QxPsvAsM6RE?Ty&z4iBUsZWBfHRm=^WLX2?j(cE&WlEeQ1PMb))( z;jB6BJET_(Mk-Qd3L*s;=R5u8YC1^}d%@mFI2136p9`~5+__~DML|MbBV$R}O_HUX z8v89dA<6?9zB@D)n62+pG9CL|6q3!+ZD691>UF>MW+gi=$>FkDOZULh5D=<}N?=ZE z^dab-ZD3Xs|5@jJi>>w_v=uKDEm*ek))&qxsk40l7Dsa(dW@y^47&5Cef+}#wArK( zPne}X>*uwCH8V?{dA&qJ0b^g}P#Fq@!|Eo#w*NYJ1+6Mx{q=fkBl4}E7S6_~2upz- zB75FmD|5c@_Q6lC9COwA#lKkmKv<|qOM8{uF1nifWuiC>2QMswY1cU24Isk9b^5%l zh(N2)uDO=};#Ki_jrkoDxlI-)3rkZW7wCe_!aD-TX$}_R_fmsvIYYH#b_JEsIZWHK=N99jQJNZx(3@ob>y0IC0{J3;M^X^e#g^wj!nD z=XZ-PQ3}?fLZKoi%W(ATUMc_L_VW4+P!b+|L(1LK@AiHb%<~Wu+$S66V4dwJ3JEjE zmeK-mVFEV#fq~&s))sK815*C)*^x7yommsTks+%xHwg*b(gyyq7YrQ#?TSVc&xt_H zXExuv*tz5a8DdXELkv}Zwu@PO?0Uk&t25HrXmj0HEAP_h{IpgvBT!dkM?Ht_D4~c= zJ9BB4Kw7%p@|Y^9B>NW#&@I)7~?GB@!*%BF{(>Q=jMk#&Uj^U|D!5v$NC~vA1h^b0&kz z`IG%EZqKkgg(xt?MJSYGHNq)nL^F>r!wnjPP!SeN>!IzX801wfPEketp=J9dDjr!h zW;6TU^+h>}RQW+(nyPLx=3B4Z76tqWb?lFS=4F@X(=b>pB$db|ybGr=JxdJ83T|^{HeYqNkP@Y+riKl@XNZvKkX5ihq_Y z)eJh(t~Z2px!9=Kb<#sn#d6Kxk^A6``lbCx^7+n~ZCXYi3aJkJwvp*H(&LKCv`1rXjQZuw9aON9!q}A6<>%qC{CHI|FPjqO_q?5 z7Nl+vU(NHPq#7-~x2UP-JC(S^Dy)9su*Rk8o!jN4zjyEcg*^e7-JU9<2mO1UPvR$p z9(VtC`D8!WaTJx!=k$6fL0GhyL_n4A$xPML@*x!>rA?|QKiARKgLS!FT!M#=iAWRm zNNd=Tk>MLBD_3sWhE4VWLvKB-qcVpOA#Mfq!rWi)2cqOZjF7Dl$$53VwBjuOu0!en z`4fQ{`g4`xjeXFmNW@$InuM7HIH9Em`K{W)E$Se~qX=`7uq=_?HoDrOym&j>POSVw zFA@duL(?ryu`57O!_O*TP~+v1gr4K59obe5yVQ?8qcn{>QPr&Y9@DY3cIRlq$-BYD z4Ldijj$cQ&{OK`>l6g~LBX#%7Rx2^(U^K9CbcUD`r;qSj4RZ4)1UNajmbfJ~WB)zNF5dY|vc42yNE8Iq@ZJ z$IBVhNwVLGcD7vC?N@r+pe zBO5`X!4C#^IWsr6 z;5t0G9oLjL)Ad?RXgHhr5kAtC1Y1DO7(BQX2{;lC(R5aiEHawaqE;;~QBgyx=e5p*bTbqO5b zd-2LUWZ5V@u)RsabGZuL?U3QtY307xAt5Wxl;n?m!(yXiR5&R9(UIhtRv#e3Q{#;V za?>K$kY^L4GD%#tYuBghe@GJhY&fX zuJ9IK!HusOzt*X&V~I(a@Ri#4FD0EHPTPwWk23u4wAz^v3y))gcb} zw67)Ir~@X44m%Cb7}#-s5kjR|SSfPKL)fHxy4T%?6Zz2&wfxW`BvGKX7R$N2OyXl5 zcFhYWMG2!{vEb1Rj?|XE_SJkn`EK5jjPxSykomkWP4g&Tsl+@wj-AQd7v{cO8sJ1l zf;g#f{dTI#m197IpCEu}n(?DhqVSZYD}9l_xuG&$dkvw|KKn8%5Swk56br#sQGgou zGCGytLwuXR<~+h~LwtQ48?Hwn+N)8skLUT2XCSz?MQ=>x-_Ksy7A|)OOLwdqi5#jc zX1ytw(?%a$_K1}XY>fqq$L|?3`sfDYlL>LO!UU2;#624gUT(_lIzN3`Y_M5`-c*)W zuabCI)-dznyEosf+w>$b@Cfm(S==WhX`)IL6Ihc&NkfKJMdM|v?4*+)B%&3yQnf7A^o3hcbu#oAEwwlCamG6rjGWtb)bJ+dc`Tb#Pnu;(`L3( zY$$=OtDYn*DVsuNs^;1XZl=hf03p(!oCO3+PRc?xWsf2dCQ+*DowsC8Aj(M(tH6oT z{r>fdinZ0x9+5nVd2L38u@m}t?si4}#TzYBbun&9qipF(*Ruz$;+J z6wf^*Ve}sx*2z^7s(Mfxx8!e*9W6WFx7Y6MUw)q;ZGl3MMUlN6s?tsHWPL_$m5MiK zb}8pHZ#lF}pafNb$$gc*l9FHHXnLp`Pl=)ee`ZqI2rD&}PbbC|H*)1*aB{RO)7Gzv z#X%$}s{F?7{d^R}T~150U}=euxi3lz$lh~1$MfrGj4!EYa#U#iD1<}S_X`838flu+ zlX?CW-fppYJgIi5n#Gc;%#4Xw9Y=ku*Cu1etDDb=eXzu`2fHb}8ilcNw)#>fVIt=a zOm~nd<5Ws+NNCXHt9F&!Vo=8@P^lWYL)i7mQ`;;gU*UW1@!56t+hVdK!}4d-27Zqv zo_YB^_*|=;TlUykXMV;uF5#j|#D=A%P7iTM@Hn3CHu>v#t08K^I?2%r$HA!Wz}2;Rvh+pT=y!`%>^^>GLkU|`$~OFo861mvfvbjI7HR>Mhjy|%`T?DtV7e( zQ=k6v+O)K8X1?f?hj0Bh@P{H7jYrlVF3pC%Sf6J!YLWh9hY@XKk;V-RV`4XjZklU459GkuV!;!Fyj%(^`j_SIH$q zfVIFk=7T_K+1bJHeHYxR%uInMlq!Twm1E~N?owL}E$M47qrT2X(HAb;0xP=$E6!Wb zX8Ts2D}NQQ-%;W$FnsFAS}@ZmT7>tRsjKv6QR!Z;rj&=s<(GjEYsA`$_7@kI)(O=S z;vZ*ie2TP6=57W))HhsZf4{cUyS|fHG>&aSB(y?NOFW;CYHuF&vwwgfd{c!j{k3H0 z!yof}h8n+;9Kx5)a4g(?hhJ|{mkSl)Wk&j)MKR=T{S5#V zBY)Bo1%WV=8C|6`!)~tJl^+;c3Ug+rVyNt&P@Jxi{CQ+mtzYfS&uO1lZZ6;>9p`)e zrD>z*m&He}^ZhH>ZyC=CguDG_2df(RcD-hLwg!^jUb#M9^R0cE{v}2%UAmzbn_{`) z$FRWDE#<`;{lTq4MKNCqL%TfUZ0hRY*&534T;~_XmIgCqlM5z7@9~ncFBWab~{1xx%|O>2S8V=!gw<^*2=CM{7h_ z(YrIMij_2ssyIhhwHCh?_o$x-bR+>`Id`dD;vvhZX^JDt)i$dZ_i z)}B4y+K^kuSIHMo6XerrJs5U-pB~W1%RFEDP+%lyNRG zq#FBu7k&1PkIC_$hLe9JX_S3PB-v=%%y(a7qdk!W0u~5q{6Ot$NS?_;t_ujku@z}|!p@JEK5LZqD zR1tsvr!hxpm?|hGv-Zf0-EZ~l^tbc+HRS-B4a2z`p zjt|7to*jy8+9zCv!*f6BF=x^L)a+y1``D*3YB)`YJ!|->*)T!^KUNL)^N=Gio>Q^H zYmkXKaA#SkLm*yA!onk+j(>X?{d>^b?Opr3<@sL>rGsLTuI6X17V^w)_)!!aUJF1$LgbvCSQXpM?y0*5vZ?-Wz?CPDoj8n*I4@rl-otv}vqdSq_pDhYuv-8vzuSbDb=tN;fd}=)WH&oafY14Ze_FaO z)8M}ob2Dk*xLnt~T({`ze0cD%bqT5YWy}V8y=20M~lE|AhONrf_Q08J=dHyvM&fS%mr>CbRfBSj8ecv^r*DJ!&VssU`N6+-w2i_pJFjc*{51`UUB>?ZSPyPIupU)t;iTM> zu$F7|T)WZNM^y_2@nRBP;t2hLf`TeA2unW}_axlQ$__(ERJG^pRVwo)7BofTiXPpX z-6+;A(5?3>r+&7C7sIBb28~z`dUZ^R$XIfusMrOc<8gjo#}MZpGk3@ZSWVh1_=mc3g;I z@cG?Nax!~)kp)B?W)YEdBX)1t`oL=;lnKZJX)SlG-$1#z%w(xm#H zSzQ(uy=jz~w8PWCO9%GS`cRI#i~;1w#FsxG{D8I$c6stN3w{7algH=8RpfUYfwOz> zk!T%Ibw=xFlm-R{PImjmV18cie{m)tCeDOn@l5eDDuNP&y+sDf)TY)y(nEuAX*j~# z>7u`;1CeVZCo36f!tVyAt%0_&K2u){)T{lTdwq9q-|oXi?)uF6>tmLCXCpn->LfD=e>8 z)(>{wIZk$Ghw8Czoo9)l+j@F1wO1ErvksN8rwUwMQTrTLEC}Qp)K=h73*X5b&TS7P z$&>I$2fDHvZ1hm(eP|CYO4fVr{{Z^nW7uZ{c|T}R(C?y7Hj=sk7*O3`zbe4KSOc(Q zlv(Ncuh?_o2$H3^Kp%lUJqQ|^^^WmDE-V0@fEC*nf6RS541CrGV80Uv1!OD0uFQld zMZ>_@I6s`#f;+#N?65AkUj7zi4GXc8l9C?hX|jLL^E6B;MVs~o{+l|i$>Mo__pkkC3>s2%*dDA9*qlW`_{{d$o?$U+s6+05^I1b! zRMc?0Zubog^=DXoX$_pT%NjQt1m(-ttHz1nGhxlLuu*h;yw!7ll8QdDOMOE_LwElV zKu_2JKGX<24)7L4?Plt98ZR$u(Xq)HjEsyFegGYk$6-bo*hb#E#ZO*dob5h}pcGI8 zX(0u{T2%K5*!AC2#EgJZ7M+)ucXGJxFv?>G{90?EsKf3jxv=HNQ{W1Ft$g$ts&TUc zUYIj^e2N|_sRI{sr0WK|{DDkHYC^3aXl6y)FqoB8a+)*P&`3I}%D`J!|?8p#6x z9?vbsV>2=YB;Wh6!Iusjv5c&&H7t_-z-#vbhmt=P?zEO*nLGf}4>zY4aF*_lWgmq7 zF!o_!U>`9B7}vO#*4A>^Nu;`_W*sJYAF&DQl`HpQE3J>P1rsbmBEM@EBIvP|4`ei5 zSnT&YJbVbIY5DVGXP?7q58a06)eXQ6rxaUR=}Res6>YiZ-LZnMt8ei#cTWZMRDc|# zlB1SU2DFwK4g*~vstyB3b{{x0>###eKdg5w2g3Z~K9F^WVSB0juB$2!Q$!7rstBw{ z2v`e&s>6Ewwk$C62jR%_;-ZU`-ZILZ@;sNp=SbK?3lz-;7TjFN#qB%zKiGTguqfBB zZFt-^s91oa0xF%-(xTGc&46@E!%!9&lyrl1GfFoq0un2V zzQ5i--+i!;WA9;@x$o<~uC>m!*167gI9}^Xdi!?H`c!kCOeB+E-7&DWaDL2O8o^}pi6d(+{tZ8JHLV4rwi{(0i}?p-$61E4j=Ko3z)IK3hh z6O)YZ5k4B&(qBARDka0Xfg37(ygLP-7m3=Mzb{QV+i~2M51<=WIt)1Zptk}o7`ecI z*xTK`iSj;$aO0(-qQWl?tMbOn1CtioY{NiH4D7+o+*}seCQD#b?ypp@5;laiiit@& zxV22sa?%Dv@F;3?%&9X6m}b!6-3ugt^>RCX;jOM`jt&mWP*E!d##=^a=19TB@UZr& zQ>Vf>tGw8C%jAG$r8-<>N;ow~hnt;oqP}%jecAV=QCr=TK^pz-d+CAfKgd~i(m^-O z0$4qcE-vcO)kOpR4i68X4p8LLA1t$;sH=tN&jOS)7hI3{4LUg`V8^OK&mHU-s~>O9 zehLcWF<4z*E;v3q$b%IjA|mQ(jbwHKDVU7(^dZ|2B2uPo;MEstv6K*<{?7AQF5qP( zlRD6*F8~2s4(PO{o_5e@0i@Fykcn}4_VnvkC(lp98Hcv^o40N;NHb~V$H3`LgS|cv zw~t!-)*SeqNg7Br5{q9W9DW)?fb&hu891)$`C7`b0eO;k@c793`g))#23f+ANFdH5 z#>Rne(+{MVe>&$@RtkY)w+LGiIxh!HR|twZaBE#ahgJLbLcA7wUn*VsM0^e_;8wCg zg2gxvRI_BF*$TihF|)GDhpAOLTSDuWbeNEk(DdYF3b>Y*#zt|KCi0&i!}Y%P1bv&@ z{e?Ve^o*s!0r__THl;dv)-?Ko@2^ioG*(<1mBjBP0XttE*qhS}RudwhCpw4UFliU1 z!-vwCdKG$lc-;0qf9A}sxeKxI<+g5YpDS(0u-JYyQZy2r8n_iz5FE1$=&nEYN8`^U zF|9B-&Ulb>vVtCfkz(@@8cU$45|&m32!nTZKiQW=MBMZ~!Vl(ZqLX@hdP-h25>?yj z(uKD?Hu^Sf112mS;wjj_>XnYB;*yf1-qr~b5W&AYqh6@DmpOPA@p1|ts|5(E5l%=H zn|>~p&+dKXWQF_sU#sz&O2Q!lpEEloJ_O4FO@vj>xG)aPi*L8;tHH#4Yo_c4jusw7 z&lZ8D*bhhANe`JJ6X^^zTIe7A850#3mkT`nvuDq?^!65iQSYSV=hp_cBDLqw-zB;K zy*L#x&7_{oz``Qud$|6-BT3j=XtpEKdXR#}^j#0MD=hr^@z&KPQteOYu(fUdofNOV z4GK}88lQt@KDY&KXaF%)vqk(q{~kw?$jEic++d>EZPfrcYdHV+e}M8@pkF;;5sTm1 zA!wTT0I}V6tU}powjJ~gMnNps243@Ok&vQRo`5FQ;J4Fq2XP0c~;q^oddn81cZSAZt)%7WOe5U+H>85ZShl-^ed`V7ly1l$=0F@QM(*#GH2TV~4LD&5B zK*Pg+O{68<2f-yRp+xmb0C548mhk1Uh0zi4NT4^%!`(d_tSVUALGT8-<>M$>aNoVK zF2J`<2VsyQ*5-)`Bp{}KSPN<(UE=4vp8@Ax&5wwb=#XDGS1m`V9BCvgFHf-beL&9j zK%od1=z7}fAB5wa66?=c*uOl`SH)v9qy$J%<@xhpmyvVei~FD%qts?t1w^v?%#*z{ zg*~?|Kz;HO5J6lPg*@sqaPefP@x$-7Q)j5ub&CFZ60t!-yQp!`@m0x`?dys zsEze?W$>$T8BUcI6&COc(UmJ5#X=xfsstCi1?1Y%%R2ucDqP@b%7ESB*11P=PavI9 zHFF-eaIv)qMjkqJcx*?wgFs47&~-@(D8gGq#vwRx<(!4f_qZ)S1NQ3!vOBAG(en_I z{cMhU*b147$^TlOVe{mEz_)4iN$yWonwI0?Fl9?pdORm4XNv&41rIJ0u6_aDrVd<0 zXE3Iq7gwPq;^wwIk^voYmH^4&jHf`a4(Y91*$~;l;;MiT3WLVgz9Lgu^&Ay(F0*z5 zPAX>h`G}r|oMd0vjAsKBcWMz6}Ytn-#B1DJn(}+i2+M#I3u5pR(6ELi}-k z1k#$#ixi3d1$W<^LIh{QeGX?{rV`OpX%hAaJC+C7M+Gu81SG4FEK&drPisIsge_V) zeCGlrtY5|yb`!88P~ro-A3C8RCU|{{4uKGV0Lp-cq-zTVo_;?_8iFvTA|clU`#?)8 z#=w2@EUSLiR$LnMX~ZjEf{TKui-$0yJUc*{8bGeN{u#t~)?ZkxK3RY`c$j`*{FVYd z9Jb;0@bn~i>4rQ_!DBf{Q2kL*%GctkJ>Fjod#-7LKoo{II0yZkw|es6zmhSR{y!62 z|2F~gKN1ix?@NQF=t@~-NbT@;4Pi?Z!~qLAj?<&a=g>h~nf!(yP1cdH^Sq#pynOA7 zDFCwT^07jDRdbl-qsT!g#LMam(vWIJ{0hO~RpXG}dl|u$!YHiiKZvorh2r|J1pUCN zO9bD|09(xnAP2fQl3pHKYjW}pS-BO5E6$GV2sny;A3S1)ySu7fA3Er-Y-!Z5?0Y}4a_?>xp+hNv|+KCE@ zJ^N_0)@f^A*#$So*m)F+KU!B?9T#xh9+S`JN8Aib69 z9$cNL_l58gDHCh->q~&Xc9vp%rvK%IJmrRS;My!F?VliCDxH~p zzzJ4GK2AuRn4EQ>y5S+MwDPE1wtc;iP8s*qTejjnr@rlbI`u|rgloMgj8d~6I4oQt zanmHcyuHazaC`8qvK5oFc#LPsDfk^Dpr@9r$`TpNx5zg@|3bk6OysALx@TCbmBP6s zZ;4LfLCr-zn+O^>`<)DPfc>_{oV zDbOyS&FsI8_@ttI*A1vnYGrcTNBfJu#gSRCVVX7y?J6N&Diew2mL?`+>+xK@5=~=^ zCCixG-|p{hi;@n@luyh(clnOhR3=8Jbl>gX;;uznZt8@`mM(7dYL z)fOVsr(w_vA=cfT2L0i=Lls*1#e)Q_7vx4Xm6XmB{^!jbrfCo1mjDg0hlH1(JbCqo z=?t!Ayfz3ArtC+>c&<%sk!#!hC^~svZ*!Iv(2f=@4UOJlsa9~R9F8+AV(~anebK=C z#U9QbQorM<|ug99PC&&rx}3HkK#jdq!H4wFVM1LMw7w8uX#5HB39`qmRLX}RYy1Qy^8LbI~W z%Vu_Po6bpZi$LsL49@7$s1@S7ZCZ9nwMtWTFgTpveEa%HfXV5BSB1RX)5kqeydi3Y ziW}KGc(pE>4++VL2#guz{v+Y1@daa-BLXqp&9hH7gTpaW*;A#(J1ZF6e)I&y-MFee zOh{~|gn*p% ztGD;pn`xO;tK`aVlsV3{5&+((@>AV%Ta1%ZRJ#XPbva0nTdb!x`Y8z_D)3`O z%~(13jINAn*^zI?)#-sRS)~b4quQUV3EIg>pX16WAS1T%p4y9e5w^mMsTakUOF~`N zf(RFcHN3-PXLBj4|BKIQ0DAJ*TvmGXPM>4Q{)u-)YBaQVkSLlm0 z9(~?dsYr;K8Pde>mmkqftLLh9zdkzeY`;7*9JPqU80SWhANnhV^=FjWL4&pRpn@P4BdBP(ofhVsB0)OO|E z%{%1QaCvBZBrP4C!C(<6VE>Qm+UfEy?IfNn_QZ%MlSCY$AO4#Q@EcWYuh3h3-0r1S zFkqvfRxI-W3sQ9cQ*H_V-{qD-iXgpiT0+_Dd*X-x0~uw4ce3UOIHXJtg`F=-LpEhX zS>{I`_y)jG|H7!>gop}`!<0D+RRsxmh~-Qm4Calu*TDjma%?+qWUd`h1)vDw_cK%P z%~~Yju#v(;({OyNy@s?#b-is-t2VE;X{6JYdO-)uvk3lFYi>ej`2VGvRDQ_w^ZRmB z%dj>ZTOsrchlUpyL&}au|Mu=L!WIv0d=Z6dbFLcYt18wiqwHCf_s8qBM5eWfKT<2Z)HcP#TbohObc(z( z*d$iN^BBd#Ot#lF*FS+KRx|H{9(((|#Mzq>dGXbH*fF%H51$(e^eeR_Bx!ue_~(@% zIpO>3T_n#>LhM(|v(2S1M4lJ(T|z*A=4?i_yL8wXOSJmR&nt;1HlN5aBz^OI2YJxG zDz5ip%uY`ad)(imMW@N<1~^d1|I{Cfe{a9xo}ks%>(l4A_P>&pHfK}~jNQm-m=RzY zE)MJ&`^1bXs0b5on}1n(MaOezbYx0JA5C(gbpFa+hJ_bXynm;s_5Rp-c(hogR2ZMo zp8A8Fsvt%%u((Zki$WeOO=M3^uvIuc%~Yp#VJT|Sx}d{OKqoW9HNsPh@H-9;4!&>c z6^W!00lzR>bciv=e=n)+-XM>Fu&_Q7b0p?@6vs5quBYNtc;uo|gRIz&>sZXI6rE25 zA@X?Ll}UcS`U0H-QfA-c_}SG}H2J|!I2w(n0ckf}b>(JXrVBG1Evs!er)2|r>0Z(J z6au`ODY5OWel14=OW+`*d zEh&M9mez9LoU1QGRnqVMgz=$wK~eLsgs$k5olXZ>H5 zs_|rW^yYJVl8i@udV2b%yn;>vBnUq?$Pv(~#w8>sPA@Jpo6n6dR=*6cM!fpz?CDK3 z+W@`i&Rc!A6WOk%9Qyr{QxMR9@KjPUu^V15w8p|!_suI)QG}G)>g25)U6Z)b!7yRu z;f~6F>PJmWM~gdhd&q<8d%w_=lQ!F)NDry7TKue`@$J(cEXr^LL6rCul(Vl?n~yeVc{=NF>Md8V z&Jk7t=75;XZQ}8@X2Z0MY$67yk$1jyr-}3xEADjvY!qdH4D;ZO0W18bHpzWVtFzx| zuPdcN;&;8Wo}S&9n^Yz10nB7rz|L8!6Xm21p1;yF>@-JXdg(&B>7s^<$CtdPc^bVj z-=>@)!wl&{tFAwM+{aTFD+?E=TU1e|->q|Rs)#QOx^hYg)xNwhMg_RIE4ROI=5^sn z87tFhO>a=w zM(e!auUtWAz>89?L*tO})+2lleA&KNlN?+-m_R1F*>@tz9I9B)!)Cimkl$2a6;aGH z$>Ch+Kgh8`l9@)1Iy#QhL%J23@7u~wHb*kglN@KPQzX$2jx-&W9nl+b{*kfMnu0oH7^qZ1Q1QxSh4q z+4O#USDUc*^d{|4la8gAD*q{pJw&bD99Xfd9a1&n`pJ+ zz0>A1J6!kgN((sm<@V>977rI{H;)}7?IKDS2l9|7$KX8c0him)SJ}Ob_a2j%mF*1? zJxYf}H1;c=EGi{5bRWc6g6c``iR8OYoIJr+i4u}Eq(&`JK5&sNy)bISYdc&do^|vy za(2N9Gw7Ms)JD&v;Bd@CD{WaQBCt$e2(Ek{vdzburqVJpJ+Mdf=B7eMnP(jYCnH}E0D9ZUMG?5o0?qlC_GuJbfO^R*MocQ`am)sj-exE zj{3$9@Jx|jF|lU=6ORX77puPc?tSMGHRC7zP!l>i-q92nx7D1OF>4zv`;AeQjs7=Zzt9%Tq*<8I)3ZU@N5{&lk35QM`+V!Bp>CC8!yCW7JWLCS zv(&C%MZ>!3_`n-O0f<@aHLdKdR+$_Jy@JJXQS!|4vNvWQ8hzU^82vUMom67->syd7 zUp(;G+d^%SxXP6oh>Wf;<%==3cc+eW@0nb$TuA}F}$(13W{i@-UnA|4|@V260&eiYs+YWpj9Li84f(%>qN>!fM4mK2joy(#xh!Xkc){F=>7MZ zQoQjUq-dsMS&0k6D=O0ForMR3rXPcYTgd(i4-12(&w+Z`ut9Q632D)%* zhxK)dN0_a_lxMjVWKp)a;iXKqa8Lq?h>4+54DpScgA)U92iG~`H?kN@FIvdvX{Nc- z{^dZic6l&1ezh(+OJ{PDh?rPi@9?(#!4{XaN`Vf~a#W?=(YZ)Q{i-LXwUi2#&Wu7X z8|gksd^}V|BIXXeyPNwnZL9Ap{&v*a{!xFd^5R9RPPrv3NMgCH^hqao#^iuvjTMA* zL{*Dy5X5Riol7--pr910zQSD@PD!RiB@W@OQLK5*l-|!*R!;ODnsdfFLk>VaM-R$L z$54a5z^YfH1&!+5Z`QzNmRj%FxwLMK3ps40m)T%*NhH0L80dp8Uc9(J6FoyAWbyf@ zqkH|_FRM}pT3T^<#Aqm4%s|OSgO#hQ`MsZiu9>VK9Jf)rQ{>^oi>G?dASDZ$UtEGq>N+ z<~;xS%BHQwI+=!shN<5~9ev3tdevONZOQI^;@~jcZsE>qzt!4wb<}lcc(TIZhU#d_fH(2-WfA=`S2!jdltJAN(o4m8WK7e(bD1hppIC!Fg z=BZ}fua+ASTy?DD%ZtDzu&U=q)Wvfh?87bxW0A1#2^k=T=B9;|&oUd^+Zqrw2YfX_ zyj-jjt|#m8YcWxQ5<@#%l51}p%~GhFRn5BFz}1?{1;oQMvSGuGn{o8UdyJA2*4alN zM+R(_A)a(D>xzc54{3b?r_Lv?djb*N%WDgdjs{a2a<#raEyEY;*8iAyO+*fIDf&#S zZRf?x(Xk$wRxXTFIbf(0S{fRju?tNM&JQHU#H3GX6huWhEIT+m2gY&RZLKoDyzGH> zt2)#dLwy~6<{{EL5qYrPVL9C0%>f_&#;dTT1nZ*d5!+MfweECS0kTADkWiIY>CZJ1 zKyAf@g~KMIqcbac#|bjz9?U zZdTYM+fg?(`~u|;f-lZqd`pt+oa0;9H+(YZ17%te(-|1Qb*kBt;?mo_jk!3ly@dNxF z@s^uWte=7cR0GH`o9e!xdNWn)0{}5m$fL(XIv8y4cd@smI;C+~PcHP%yMD9CMl0p4 z4w4}k?asVQnuCILbab6NbrIbz-jJZ*Sld#{_(V$Ea^Xjq^S*OFD5}g%PR5$wL*q|W zu0pX$71HmHUSm*hC1kX0M{2ZJYmTD+`R7obOK5DR4L#b35m})W@zMe;##uGQzPBz} zy4a;mD;wE@cXwunru>Lp&AePyxK-MjA{g+b+b90dE8U)Zr0=*QnU6cAKjt;2d#29i z9H%gDC43?sV_!qLrf1wnf<>p$uj@CGjaBL=#FTQAb63 zByOuwt4iL2prPFA@+Cf>ekQEMvy)PI_xtIQI@`RJx&u4;n8(skAySi(`Q*AXk^vGA zxMEAswd}L?NsLTE|2euMC`c@A-8! zHCwIyc^${&8GQW)mkxh9nCviGnfZ_j%{r8 zpr|X}{L6x{QMW(e7r5c3lPKWamENN2R9nYa?yXW}B8^|#tJuf;itY5(XaYG#1H3&D zk+v}9#U&^_1tu0B6m_%}-qYi>q9fwo^`!P_;40zYf<5m@n14iT>g;xc_dQXCVw0Lc zND>(^qPmxco%#-13|z6Po4LN3K#K-KjjDM^5>M48RNgJuzP#QCa_`Y~OlIic9@k(2BX@ZlHiDb;`Hf~yoj7GM) zuI?QjkjytIr)`;_4Ty-Um^%dw7EdxB@mP;MZ+Q5g5Q=zglRX(H@RVo+$Z>LGmQX;~ zfQb~Kh*Bg-i6s&m6W%f$JkMkQ;~$sB@n_LayJ1%lFW;Xvf=CpqPkF8vi#ae$e^W5( z=K;GcP{oCrUx-Q{p>21icN~0}RoKQ~`q|8t+y~mBhIJI279Rw9btn~3QM!~8MQ*3Xa)}H|rZvxhfBkmkt3#U4@g6zedu8~pq=tPr zc&kBl)+>as@Y)mdY8M`>A*E|B3%}diWaTON2viz2gBpf_##~&oPo^D~YT(Nc`ys#9 z4<7`qddq@|oT^;&Tu~n7EdY`Gj5wYK7v!=h z=^gScTG8Y5`FRVxdqs6ZA%!zqIn96J$b?;Z;^Zs=hUXd?5qwom%_sd@tA=MJE~?;J z7RKC?As?PsvFi>o#9)!BXr6TOER%X>f&t3(6?VIo3GH13vABE^r@AZ|dk-$0V*`)x zhg}}=`STYb0WIc?D>89&tBHxZ<(LMLRYq~pXDK8OWMbkW-Fl>_JH>{q%XgR()c_io zi(3!{e;r-czIlhB>zKRkM5QWK(A^vrP1G%rbF{**)&u=8xqC`Dxi6|f*YulN4cf_5 z5q{MQC3;$!GuiNDP%uK!1%&Obqwd#_YKI;7P8o?)38uotEX{@qZ$<0DW2f7gfr8Pk z);#nA4#@YtyJri zkHoDG<};Nc3@Z-Y#FZ zfbEl~ zz-|8EA#9oa;+>umR-FI1*~2W;XrfDMa_tvsk(R6i9vcxtV_f5_aCrjW`z0I?Hj%#f zRHUT7f_pAvrRSoluB>bkrGCPwIot9$w#|J7q#Q@8T;eHstr$RNP5sJ6Ws69rkzzMA zA?N|rryk^KwNOYD8EE(W?YVkF1RdMc6F8%H@AvY8JMC{slP+R+#x>y^$XH|0{Ke+C z(I7M!n)UvDyQU7uCYPceftpil6$7lAbf5`NKSsIC@;-{kj8r(J)g903s%PI!{c6=; zYK6CQSvY*v-x6N)X~jN)iCEtMr=+{ZA ztIq`7=oIEUe%&q@(rj}|wi(L)+NI?8?o1n$zF~`YZ!Zf*e2y_0OJz|NLyI4QM(E7s zN{Y;nN~EX9LLVd0CB@lmcEkRWjaCPkV9~$OPn4&jU%j)`QF;socM4&%d^UZV0f=Fj zf+dU1JG)_jahvwg>l|-#P6@1zjo+wraB--d75UACUQQrfEyM%a9>6Ota>=8ygyKHR zb6%~$FYhxjm}X;HLk$g6RRAp#T9Zo0wa-_#I^%0!IXU5LKaG}ICZhL< z;vth>EZc#d$ILqG*Tg_{XXdn$Mx|RYtoXsYFPkk7lN-sbk?Rsau)i0L>`N7Q0tQ-+ z*wOyJ-HIMz7*aQ?o0;-F8)+eGb9EzO z>FRl!*7KwG%#R)^MLv5<@WTCgZ!WCtzAZ2XT zPM+@Ic^80)n3z4kDAogQRvqp^5=d?)3hdlIA%;v`|9I`eO)|3FMtJe#tLsD;7*c-y zdQM=5n-y#O9)26hc9MGe6*y8kl@pz+=p;pp;m-POugVRgOPAVRlJW@E-srG!^#Us% zaY-t$qxIP?c~KINgr^siNL`kO9F8h|>-R;I zIXE}oUAzIzR$u&D1J(sJooz?SGJx!As;gjd@C&?To9~f2A(=xYCZ_Z4MMi4`W7_vH zS|BdVdy5!nzIn5v0#w(nx#J_()4nr}X2k?-ovWRfdAK=Gdj0O*e5z;`UY%*TrLmNp z-b`zl$56FcNDZVn&gT8qiF#zU>*_#Eh=>Xyq)e`-*3={?WjD~f`0?ZIhd57^)l`%G z$j)4Hn4_;^1Uu3IxVZvO+xbu5ye+lEqKpq85dTPY*Z(Luq5NjD?}u_rU4VLT?B4_<#9cAHAI&fCLSJf%S`UG zXLgxkm<|jtjt&TbJ`S8~bDFMLqYSAt%#A(r-u;@Zk(Z0rdw2=KPe`QD0IP@*HqvE% zH{A1=rwatOJI^ESPHBbdoUP8OwT`%Q_S~%JyOD%lAiMj`9gN72Lbkm0XT$P8rnACs zPT{3(MG@B!Q-7z5FQ4hJQg5?C*A562nkS7-_x+9QEox|3<@jf@f0SOd4YTj&(;BUN zLFp`qFQ0IX<$8wFsUk4l{(Np7*166awM4IK+8WWVYhRbM zGk)^q84y8tD(3)@B@sCAz#qepygEfl7Lv2;_gSOsa)H!#i{2FeW`I6CbG|v*M`h=I z6)q#%AfmcD9+Gp}a|ifdS$1Z zaL9dR68NEmgPI_tigI&LZwflmYVaq~Oa`ZVGMCI(sC}i1St@|+G&MjrMfpE|qaO1xKExpuk)L_NV4s}p)Kle6eQo)_Cc>#Gq7@G$A zu5ojS^`9?4fTThKdtdsY=-rfm^ArA*K)QhZ0U`2zvqGdY-IbE7!8%nnrTkE|57M$* z5F=*;ff}`!LGGj{0klRZEPa^s_L4S!^&~ab_{G+r(_=)Qf9SXvVb*GLYH3laeucB>a*jr1!%e+hjk+Vd%rne>{nq&>;) zRImz2C#q>TLHn@^Y5O{SS!!w-^MlmjebJK|ol={e^z;A$_ceC!{o%P!caICd0P*Qh(ZCzFNHRx_x(fxLES?o!M1iO2pluUYHbV1DzL4 z3y#wZhr>&Q4*Igt8A2x)^97s{u9{dKk1t%pQWq~cp|g@M?8<`ABoK(zQ=V>Li+!C} zS?Sq2BSS6~(3pyhVvY2D@+ywk+9!ygEC0wi=sKI8QWhJ@E&6)0Vr`tIM?LZsb#I1j zbcx%9h<5wniq7)ig;W5*m9wlhcBbX~4m2$@YEl-%wGd_(HT*&Y zr4t9iTMq`eFh;w>e(BWrYnUYAgAVI!QR%?&p5L2G9t8B$U#KsL-&JI0J#5P@?Y0z1 zig74XYUvc0XRgYVR5wo?t(BSZ+7zvYo`H9U)A9Vmn8){Jr7QD+@f(XVJ1Uue?}f1k zE;pE%jC8%I5Jd;$Sj1-}u&*TA${+suPbJjkYE(J^ZEI-wiQ{+5RA5IIf<(Qw())7~ zz z_8(}C-v8zT+_HTvjG>8NZn}K#G@@Ma-!h_O^Eo5Nsj61^v;|=P=u|pp03AOA=t5Fq zFnpWPyFws)11YHmKS2G&fMwR1P-O1M=qDvL28QRoAr!pBnxC*CUR^5RaNw&@S$UXG z{#84DE&{N>=bHuYu{E>~3|0^MP^~|K*2OrI=XT-7@u3aGhDQw0Y`&sSQ$eu`RJ1kKI8ki&u`_`+xF zzjuPG#^O&}tIiU>CEII7=qlTR@Xs)l=bSRPXg?l$U2I_pwSPn{EwRz)xd3mKL%M+%ML$051))do}nErcNXo>v(sW_^MZrPBFem87_`ppVU zn0@zoJu}?%7~{VSld8m^JUX1FqI;snc$4TR6RAujQE8&Eg!I!^K11GsJ6y10pWJUA zU}2w*g*)1fSDCtaC>j0{W<n&wkOus7pHuyh} zpyE!X$W`8Wj7^}t33irsOiILGC;9BFbcYNpLt&K5^7Eb9`;HWma7FONR)Pma_V(sz zu@oihnL8^+d9ct-?A@zGaHnp0D(8QKpAL*K{cvZnFzoMe9CPXWaI_=hdq)g(HUUdex=2JXDoSHI+{UYUWXYuUN@Vj*}gn<>F;|ZH9ucR%_o%F+df}O_iJ)Rzo zw@hXM&ce*8GPPa$YVwEINmAwD?^~b#XIIv$;8fB;Q+&^?U+21Bs+7}5MC;}f`VDvV zh3i{`gjdHs%^$nEmc2EHsaB&MRJvtk+OsgL<%1D=a%t((D+9FoOfHY}rxhvC<8RX} zWGbTk{zg2Y1!e}SD9kBzKX+TAJ`ub>c}w#8b@wVa_PRaSSRq-{N&FV7_E4}uqYW6+ z&!0TOKWJ;K4&ng|#G+LaLy4`reoa~N*v(_az^k6MIcwK}rH=K9Osja^alL&v&iTyQ zv+J$0Z@VnG#iOG8x2rRhm~1;#P<(1uJYnfK(YvrRp@y8Xzgt>J5sIWXLK1V{!+G7w&6fMS0j66KKNb?hwZ1s-bz(&Oq>MS z#f|GX!n-VZ&YV%B7o>krA{z5M&{B22yMUQlqd+XJ`;py}MP=YlQxGi!!v{0@hcld8 zC}D^5e?MCF`j?bA3y72V9Za6T!JioO{OL~)gpXczaMx!;Gr9Pu6C$<4UoE*%wRKNN zZhnNd=-!m2*}m+@#7{73Abhx@6gJ zs1@_Bg2-M|sWn2cKB;BMt@+wr3W+qjP_Js|+hH`PUT)6HXLiO&zqGg|oV3*P`t&+& zYwhO*xoG;TjUy7#*0w8mKV&tB3tzl)*|@dO(!`9+tJ3Jvt=-v^x(wxTsnn4&^WIEM z493h^;9iAwwp?*++53^)t?4E5{`Li0UGJQS*42~tVStAtj4`~Pc}IhnU>v6OikCJ zD87F9>h;EYu}dHV-Zq-iX3<9z#_u%8VZI_%Y1?ROX2#(%;!MHwF&!>WWN)kZ!6Njf z#Gcgb@rvuB`7jT-9Xj%?9@|9cz9NT_Hh4MNiyT6=fXiuuMT%S|!ZLB^1sym=5H$2l3Dz z@zH8D2|i`dasB$9UZiWVY_TZszyiTn(9{R97UckP;i&y2c&b0A>_H%>em8Od)S@88*SFPdwxDFl1}a51@eGy3hY4IM9U z6f@hkTYUT#7CSpSQY6a@5kRB5 z;YOWQQnK}6RNdsxtGNU6rNP#IYa7bb*0$#_T)Yx>LP>G`siPwis+O|Wz#bn%8kLan zro23QEGe7UcBshZ4yraOGgN*W4%vAtf(^{fY*UvoG^7Ta1#Ofr zvmi5bKy2}BSFN?C$icKR4C?F%qeXJKwp&1N;(TuwAJx&$Gbpe$zx#N@axD8k^dTBH zwyMM6;lv^D1NbgxE;G#EfW73F8x4Tmpo5$5?-U8A$xAW)7Dh(7M3KbF2LB#t@iFU& z!vN3awulXbZn>Rtb4TLg#%5=NsBcn8ra}gk^82!{sTF!FRJw;kKj1h%n^2GaR$Oe} zuv}7O3lVb8)B@&<84d$i7cc+;VutLTS&pua{*)^tNrNCA#AVYl29D49z;QE0O9XHq||8!t%Ie1)&K`C4@nMiUwz z-Fz~TpX!j-gm}y!iG3f{s3Qm&7U-+xc<4_u)edYw3Soc$%M@$BZiHxNd+82V(A+NY zVS_|=XINvvqgbN41j2llUi0>Jhcy3;0aG~fOT~Nc?(ScGS1Emtmfg%cW82J=z1sIS z=k^W*&O(q*tVympp8WWtuc#<=p87N&n1n{hH*aq z#$*cOPwy&{bHG%#XNSqA2Vdh^F1%Tj%2j*))c{TZ@ZnqH+~!ujLFH&58SWYKIu%$k zgysG@H}!_;1GKM$0Oj;_#C0)4m_jK~OUaJ5q8)%eE|J!Mv$DH;5ucu!(egT{5%=r) z(`Qd*B2oqyyBD`ADk?rFCcf3!bn^hk*C35&Fa#s?OWA|b2+8#_U6o4KQ_hp#7cX6U zlGgqE)bS^EYngO2v|g?Mxog+p^Cp*PXzf>lPP5{AReyJgbRybQKBXi{&S9^I*41WI z#?TP=+Q@O^EDU#kf%k9M8O~BjrV|v5pI7LHlz30AE?=Eq%{v(41S53b*Vj`aV7q_s z93)9J=)||nLDO~*DsnYRQylNpAHVK8#hCuHU%1! z9`o~e@8CqdD%~%7qjp}j4HP)9jzqqCwE**_RjOTW6%vHB3!i9((fAy$)5q}!P5=5> z9UoH&;RIpyn%`3~;39kowD}2RDiAP9G2-+x*af?>8nMyrW|;2r0vtggCC{g;%*j-` zHupm2k{3I5?T_Ct4s!9kEO0A58nIlw1;ZawdKVoE7Xm}d6=U&GqI(6O4{-6NqjS2? z^D}&Q<7W&f#=Unz)4hJ8cxW`*tFC**gVpxrvcDH+4;Nu#ITl+m)||;QFrp0U5dl|* z-&HBy^cdkO&+MdLA8}oSk(=*7XUx z9ScD-A1w=a-@@uq-ocbo2GOR-@jDo!1)c1zcJ$^ zGOYWh+rs_tI$J*M4*DwR`|NztUe81ng56FsqNp!CHQnmO?X`)a2b~rNSZUO| z7m1@)9q_2rNbjS|L2=J}a@wXG@W;@4kuE(zO_cpU2=$|#*&a! zO`Lrk_xU?B`pW%mGuv|{w_Aa()l%Ua1f}HGIchpHKK6Rfm>Fh`alA-Wvvq^N)8Vg+ z2s^Us?Gp78m>U$7aEJevJl&OF&6{JdUX!HjL)dk~9m#aHY^`A5?Nj(jc9y{gg$_+e zvvRb?g9~*T_@YW%acx=svcS(|z6QJyR}ho2&h|$mS*`_=DWsKs5PjG9Uq5iEy}AHCk*zIpSxl$6*)3GL9}B3@{so(kUAn$Jf& z^I#K(ek6U*D}vc948%c(UMCG9YMa}pP3_u;b3uazbvJZVl)k8t>P?sx$I8e1Hgb_U!Szhd&{o3u6mKzd1O7VdmJJ?JznR5QV90 ze|4HlAK-6aI!DHC@DwF+&O3QUb=u9mGwC5C_;C3>N|ui|*D)_jq^;u0h3pyATu)}{##76Z%^?W!fgC>Dd~e{*i^9vp1q z`A*({8=97AM7I=)ki(IM5nernjth=Z0o|ZU=46cPGN? z>@6A!!CJN_aYg6nv)sLV_m;2~O_pNPpB*G$v2n8kbge7Tmbz#CyT>kPD6SgNz_6WW zq?E=v0<4UA6bkAA4omY!NvPcOz#cT&b87<(cvtbUOb<@=xwx=|v$G_;#aFYlIy$;K z{!TLH1QN_P3-8{CM>zW*9c+guC3QfLwttJoFB9(T0QYvR2fiLwXYAC<6VA(XI4=Vh z+>ZqWdVcGNMN2bXK6o~9rZ|@DW5nW!;VrQ%n0ytskaGIZrwmOGe+~FO8D0 zwM`%9Bz6h0(+`kiQGaYYRFp(}w(7y?*vB4~?*X3q^42AeIwknIbmGnJjR!o-tKCOG z8M`3v7zWt>aKdM^4nt;Z6ni*t6lu#F9}rk4+`D5L)|ouhKq6|`b3XjzN5+g#=xFS`PE_x2`dX8hvgt1%lasg$090xmxt zTwOCk5D5k=g~i4;F7Z3zx>8QNEcP)L`9PWhde^7Za(dVBBwu_Qnrx2od@8*?AFx!i z#hLP!LtpR1Ogo{0OrCxsebvg!%Jw+n_iufV8lirhqhZtMa1eYC1aqbqH{B>4O-yb8 zzIs<&%$1lbn5xE92`3=OWmo{7H|30gqUqUo=(KoHBz>dOKsNr1p<^b;YVflZrAIzv zk6|NBFDEUHCw}?<1lT$jFkKKNLs;(JF20*uuu^$6S~XHyb=@aFq>gig6#;}`OCoX$fp zA@UCG`g|3d^k2TrR#_mp2&mY?-uk<;BJt#j%Q+IC$ozH|n1-vA*KafN?JYUd$8YXj z%@eRV5~{<-zHv)znK{^3LE%9x)JOBF=;*h9XZx~RCQ(sh~Q$B)w6B3nFlT3iVF`ekrY zT0w#Fnh+V){r*M#U1=$X^+U9{qvNL`>VRsWW zz=Z%bx_Gf!s}gk?0Mf6g#jRw84Q+W80<{LmJ=7~tgxJ_R9t#Qxt;QbL<%jJYw9#U&j?1El-&eYLmQ40Qo??kdyigr{a-4)j zPob?Y7$$(S4@5HX27dd%VlMTr)B{JUr%W-B&KDQA%-nwCvDe`mn@eyr$1s zLr0K>aZslqs;lcNM2<~R$&l*&{pW29l}fSMWuL=i-+ZlO{m|`8RJ;+)(QK`@F@om2 zl$0yHXorBm$;1H>0px_;GdXFr!6_ZqrP19wOa`>x08sq-wlsS35Vys+FM>S}Me9Sa zBiPL~TYssK1#WeInwfyHiBd0Le(g8+44`teJ}|Wv^eZwf@dR)EtMQ)UaaQtIkEwHe z9*e$jVRz5soW%>z!#`tVdLA{h=Ddd+To4KpvRpm~MU_MM`0aKejNDK+?1C*Jr+ zY9kA>QpQK}r4h(JIR~%&CMPCuSq@$qnsi<8sHz!z@n^FW8-3FyL~d7%9ICHvMZou0s<54@a)$%@l!CuacQhH zK>6WB3OtSyo9;J&mqI}`rr2qYE!RWi;o}NkmxXt2T+EAjflT>i>0&c^T>mE249ey7pDLf;sVEEh^kQKP$89-w;g#)ZIhWC)`-6w^ zLqce#$ky3oBw)_1z)MyG**{jWp1Yt{6f0~^2TWYhHwgd)4inbiY2=xL6M=z*sc^d7 zXIK6%S9tAlmODCKB)^QbpI4J1h42rOI@HqFt6dv^H)n&aNgxGRR7aw~ z`jD|LVcs-QYE$Lo2jHyf!clvdc5zp8r#VZh>504hEocKcTfK8AU0tSZvu8}azJ7jY z0tu5KgE9>%KeCgt{IA~50w~LN>-V4-C?z4GfP{d6fPi#}lyrl%lF}ia3MxuUgOubW z-CY6#($do1-3{M*-uK<-?Dy>bo%!~hnKR=I41*8PeLvTIU2FaSzqMA1sNZck^+RG} z+5irQ!HBe=SjJU4Y_(LC8^-Hvp7fVk;JY5IAt#c1>vX{^Ng3<4VW2QV!sE0*^C$Ng zIBp08k_uYx3}={=In~}F>#TAn-{~E;huh_Mv!w+P$eEcL;TKO(gmv%KgL};7JdGyD zH~t=$Nxs8a7wj*qoery5&_Kms8$Dw60!9N3ZMc4OLxk(8}r#u~@h`59(4y!T6Q`fix&{Mq+ojDw){O z58Bfh9sZ&ajc6qOh!7GH34YVF-KnjaRV~Q*_+dcva1m3!&X#>!Ml$8dZ@sl6Ju^db zk-pH&JqsrXg-2Qi*~d3?$-x5gsQF#LJ-X$s$1eG8&9`$Pvv&zO_3`L~TZz?}seaof z_znguKMnX&Ea`tv6rlKNue!RLnA3qVRPdA;k4Dzu=VVyAqnkO#t z(7TtyK0W!u*OciAgg;;yE%%v-a9GHK*b~iXk`zm0?2PsV(fiWMN*o%WSt6bqJzDZ^ zIX&#v0PLWpQos3Em3m!(cEWgdncWgDX)-T}ke##GG`EOw?gecF;Jej=*g0}Ob2;8! zZ(PX@`d*jl8%ufPN?nphYExq)yk-%`9iA{)3t!!v1Cjbur5f}3PSc&D0N?3DAT&JB zo$DLwmnLcxVqIK$9(@|CJorVEk*&2Z#f+u592NxA!68K^b`5Y3HhxM9F}dKnwo!X* zqrSyRZ|ZB~rXW|sYu9`fS6Vwdiks%TomJKUZ9|(!NYm@}DwVPqwvy`?tqPHde7<&Y?tcLoh(Y%fvAP3LJ1t%|#WfCe0 z9DlxYlkm~&0rS<>zTM@a(6`L^(qe!a2}Ag{$#hU)P9N^ed9ibqBp{-_eFd^ApMV&S z-V_^sWMp}K>lTrW7;7Qx(Ti;ZTU*Ot7e}ZE)qko2zAzEIlh1lGnKyZI&%dZZjh^QI z{rAuj>=Cp;R5kjrz4lT&eWkWfzHP@6pp}f4p!6ZdOw@3qalA)q0 zLO6rKMauDic=N~Vu!O1+&6o?{1G!E8FzRj0RNY*7(j6J@&*_y9)F-O zcQCjk6?xtX&8b9i7{g-1tUg=)+}^g8kdhJ(p&rQ9)XZ565Tk;FgqE3^kQR|)8x8OI zKoe}#6M^)}vwQ!`8>Xti4F)!&dcivewH%n2ECc?-9D5nK8u`!(3RZ&zNVhNp`eVOZ z=k=#1%BH-lt2Y(L?JM}UcPs?GjRNB0NHr{khOKLag7U+Rf5X+h6R(}9Rx8xJgE4S< z_w>~55hV!i){*pUAM@UqmU2Q%!bzC$Z9Y`+-lR7zI64~rO-#%k(55G|OUILpI=;~1 z`}&M(OeOrJn@g6blLr`}Up3e&XFV*;3P&gpHd*e!Y`Wbwyxap>HxbFqxJLZI{*hH z7T}(NN# zK{@OX281m}`Welmo9W=RdH-c3%RV4?xD2=CuYXfQxKw{Z90$+TtrGM0T<*8owk6Pq zXWT0u(fWMJ5}=V!eU@+!UB&$W518WPzr#H?K3dnk%2OvpXF5f6zhc}@4xv^Kc}Fcl z*MG%Rjjo^WKDy{Rm1ia`I34nQ+ttZT2lKTB@cQtE=o5Ic-}$A9#Ym@(pynBJm{a{* z?BgWl{~7y8J*CGi9P%GBa88q|XVmegfLkZ`*T20ShR^re|$b~BrSa6s^_sv6_OP*TR0aV`Kt578(sgn z=m=llRVpl9epxuw-t=2!z+${UU{?Rzo;u1i619x01IcQGvUXNvln4cMU~XV}l@#V~ zg8E4U5t?Gn6j_NRtcLBsRzoSQvDhzPTFcb^%52u?AH-*uE4p$W(O*MZ^)Ej(BAY%= zIyyZRlr!=t{Q#|Pg)Q@ecu^b~>+gtqKio-HIK(JM2RFNQlkT7r%5%zT=L`(A7zSM+ z+p3`5L-)FOdPikgJy|ZEuZ4F*ZVIrDxILPX*%P$VqH&_t486R})`!`g5;bx-N{)Qu zDpOTE=lD=?ca#_N@YI_Qzm-?EjX|dFx@hXzGayn%AO8ua97v|Fp22+PsQs3wSV#Nw zv5wcIC3$03zJxgd0P-C;5a|;G3MjUR(LD3MyaK(grI~2eh z7}T;8mF&a|3JcY1Y*m8yP$0FCR#jCEw&ij3rGX&wXadq^u8_~)d#hcyI!fChXngwV ze?WcY{$!Op@%Hj^noAXW#r_3%L|v1XVk*i_I?F;+W28;#pgQSaVUHZZ18iUK$kP)b zQ_>pjvwrV?05bm}?9nP@Ep!s{{}c9*3Z5Gp;&yU%ZaI1Ew)h$M?YC@u5a_qtnq;a3 z+=$rHWa=6lqsLrfFk!Y%E<*euXFH$Umi=v5nBQE^i4GF%kV(xhz{A5M-tB2a>(A=o zr4kRe$(|%G0EdnEWSz@PxB-bnfXpu(lA^eB2)M-JnVl|QhI8*sOZ;6f9IMx3f3Xr@ zUu>5{%>*8}5ob?MDmPE_ ztbSJ6IGzq*Hi)t#$KtAw|7vEXvOeifEybWH>)}G&eGkOcu8cx^Qa??X%j33EPgo@EbFM#DWAZj^U8~vBl6iV9yOCNX+0flQrh5 zPOtZVzD2c%dr*3ByfXnN&i35&eU4lOzq9;&xVr9TkNNre0x+Zfon{2v;|^>-O^}1X zQgI72OQ*K6BbrxEfEJoR`)PR|2t(r5RKpt>Uwv#1Q@T$y2EDhD@P@XL(QR^>Xi4Qt z2M7eHA$s!Ze*WuXVL|G&z=kTfisz7`R1pra?%l4{BMT^pfeh5P@%|<6;q>-BQhO7w zB}EDQZ0t8eYd;7guS4Zox@PIRcJY1Se!#%PaLUmQoF}kN6AV_H8(bv|9F-ymJAC>Jx7q2*9X9=OE|c=(xY#kp!<@axmvIVO8kay zo-Tu0?t^Y4Lc#^s%kpL`;DzDg`%kY z93sGJKH-)PUBj9{Cv;1`v=|fUr;1?u;%`>H|l8g zi#)V#!A*19)g3MgDBvDB&ev~-{Q5D28Y99oj^{3~N9>#LC^cubxgg+)rYldbuD0*3 zl+eE823{heGa;yHoUD3%gIRyzqTnq^4R5V#bi8tNnXd{T(N+MdcY3^H^`n{G;8~(; zgKwCLS&YBgpp)k`HILn^F7b;v{~-*Oj8_)xL5%!9Au_25GW&)-qIk~xX8$X0sr1#|_*1*DH( zu!4A~#h_mw-;>kU6E<*OzheG7?-q!G&g#H49oAx#3$!ojGQQ}HRWGY3+dlsx0i~SK z#`8dNM87S!_N)^sgC*po5KulZ>S4@6^!#9_3pDcx^}y~|)N+WK8Ryqa-PK&qDJ1EZ`(01*s1_ zsqo|0M{znquT_lQs@ze)JDXoyX(w=WEM;9my^e)tRJX8$-0F@dE^4mbxReWfESpOo z-P0_$tF0kXQ9q`r#1~Z;*;ImArACbY8FRQeTTLuJ%m3NYF?T}lks`IwNfdBpArU?? zyH)wm`{cNHrO!TI2iOAr`}tYE^1%TDn$s(%E54WQ?gj%N&3yvFV3&0>f!WcKQy}5u z0XXL1JIJMvggaEH(rk0Xl!)LVDCz zkq`9;{Fe-j45wyhl%{yd?}LeaM!UJUR|l$khygVp-(6;AtKAQ77%u!LGt;leGQ#^^ zv5*>nNUGS%o(uS=?^AkitFOn|UQ zPdz_88W9*DXoXoK6f7(#h>>Ld^K*|y%qzO5&!ePi0?GJ&#WE@ASa9Ch3tk{O%32tc+yOj5Z6O}u>mHzA3n2w@=^ z|BXsmfb{{nXzRr~@Bw;y4*KA{IRMbwvQ*rg)ddl+qCla__BOtL=Dzzjn?*I}2AsOza&UR>gZf)FBVfNnBs4oW2f1crSbFbuEKI5l3s(S$p3fft zE)`Uj?LP-7_2J%@7kIy_7aN|tD+gIs*b%P@@Cswdq}enpfw#4{mkK8jaCC7Ldvcp!Pqg18 zqoY@CFXMQb4j65IPDDZgaEcH?`RFJ!T-W@Z+SNk0#@5R5W?$B5nOHvi8?LUdr*7^o zy-O0+Uwm_OH-ybXVP{Rwft~esjmm|rjpCiXJ}DhxK-K{FkwmL2Ez;pA&89O;Z;R+2 ztM58~DkNX}qFWDG-$vZJS5xe!H_fOz{sehY&t=t_q(n=~l_)6cAi4~WixUnTjQy@*hO;UFV z+gJMhTAP1#;bGUE+_sG$mOUxxD;~$eyL}9HOFhvS?ic)kc|wo|e&r_ibxLmT=t!Nr z?=-T-5WSB!W`aQ0o?e_1uG*WwgB0)Rh`LXYGaI4db^Mv@0gLG@FA{(pDcvw=bd(y( z^Wgt*>ZZYN)tMGh`wNsxT)DW}=o&esRD}F?b_*>jiEJi0T}gt8UHAlMZXB(K1`U`y~wI6jn^|RLB1=qu58UPl0fWEYniGng7?;Rt_z3&NXnP#w?ddqC6&PPcb zzN22Aozc)Z>Fw${N7#NX*m{)+j=D)tGu3?4#v2j2&s!2a*Na`U z?n~&+W%Pqe9{cOpFUne8w?h`GNcUzyK!NbM1RaQ=Zu<=*M_(c1mdp@abtl&P2zf>4Dxyfu#KHN^*OX&={5R!jc=Ty%}_I z2_ARfZ{M0fg3$!}BDo~5=TKg-SOArJ(V`T{sVLakK|Vcj0KD`3B1v!^&a1nmq$acH z2b@PCk`3p-IP1*QM5j*`y@ z)-QX~69@?b&j@V6(>D_2(lj(__o^@8D%{u&N#yocJ4T(!_1Q@vn0i&LVbt|SVmdt( zS`kNaj=TB66oMSB@_J}@?_4162o7_)b|nWCAeRn*06{*_YQjV3?(QXs6P0t<<)BAY zc1~u$DeODR;EPppEnX?ocnFSHxaUN*E2oyW_T2G}i<~kLpCN)lhg=-YWs!7c+nFXz zy@TeSEE6S|obl1y`*KjRiA?cGLW1DIx*?R|Vi2EZ^b=26gr}=!4%O&iW3D;9(S_;s z79J0On&b`(%W+wBj{;XmuS=I6ja@Lx!94FqiHd52TE=KlUZ zGIk>6bqrrQn)3|#&)9`SYn|FdgP`@*kxCyJui+;r5GQw9=Z&383IZ2kZA>`(ySphl zNsFbEu#wxcXldYJ$gA0)%E@)zC@2=>0%KMH zJMFk^D3idK)zwuf5Mi?^Rl0?T7drbLcpYVtsWm*@K=ruiZK|Y=y^U%)I>@Y4kx3`4 zH*U{`|B>r?3OG>ZZPjY)3uYWy;o2R&p>Sr7R>bMKF7+6)?|-2j%t%hA0szBgu;d{S zXIfQGpJ1J*NiE1`T{u5{ZPZ1tn5LKx!vq3y^Xx491VpbMlcb!wIlD_u-X{)tRivRzZ}@3qZLBhA zulDq5oXg%8_H|^@1`&rF8st%RI3^{j-}=7 zSbTa}))}{}YhMA>BX511@5q~?I&@fKCG$**;q%K^%>?M|9guG}i@zwK00lZYYL(lH z#@{;HT@r!uHgA)Yy*u=)ElwO%b2J)LKH&{jnOtVB=K5(==^L8jbylQB2(@g2g0;5V zk+0AGy*^-{j@HY4xe z!Fo&G=31>L8=dsD=_tkVUZzt9(DLH2IkG+SUh5u%#h2D`$jkLWz$UCzt=mE4jtOLJ zGeHkE{i7Nr}26LVoHe?t(lvZVHOrvW^wf!s3qJ(;l%Uq z+tF^9$I6w8Vp+B0D>exJ4iAKxOTBoRxjOwHkpn`AwuY~qa9<=LwRGKI6-reEF#nUF z(`Og^6+J7fu6bS01_RcqjfEh1VsvzLAh`}+K0l{Mq~zI;a8%f>YbD75w4DkUg3S8* zGf$MDePLh%*Gv2DuTDkHHu18#Tf{Pi7h+DTj)a>63U$SvVjI9iYJ-4|0o8BngxR(cn0a&1lK$sS70@v<4x4Fp)_A%At> z3hs^gTlVC{6`Vr%He8&sZwycrvNzEAP-1YZIMKtqe3686DYzYUdBPzxez z=>ky!G3UTOgV+rOqp%Q5+?R+ZeG839I5R5@`xSyM%paVO=4KaAL5hl+nQbqbS!vB5 zN?UDZAJ?Q4l@3CP&qJCYFV6b_!hns54@Ww)}e7<%#U&74P*Pr zNQ{ksGwV^q1?$Uckq;PT?SS5Xm8XL#J2d*u0ki_=FgZqsh{Nt1pY0LU0QDXWdD!^| zrh&2xM{2S%J-5>)4iwvwv$7R_T>l*mR9ED3{~4;&j$rOiozI0~i<<5ugUuJ2$wu-l zNqY&LItzYRZZ4ge*Bv=qjdEqawRUmg@z!yZ$l36Q6l!-j?D9)Ug5o{q)!|fjI>|1b z-6vdt@cYnagB7?lGP99*7^1@FFL^%n=d?@V)G@5RvqI`&P3=Y@x@X;E@=^65`+ zSwzG5cp!AP{uxC5n;tq>{~Y?xadKUVD>bp0xjHmHp7WEj z9{T&&jgMo2#Q~->%fA@*DEAl{!%8RILcyJ%ZtA#GbvB@Bw?3NQr$1Js4Fc(yWZ~_H zM90HseYv_5rZMKE2NHO+EN1(6lZK0%2b&{Jln}qZdbr07-hX0$v5dqh;E@#l6Skm) z9jJK7qgW#VCNFB`hKAyqhLaEyssSLBRzw&X5#RY!A$h3$HQ`vLqdt%ivxC>vJJlMR zf}v7{W%2#nZ3C^hsHn(fbFni>-^y4(F#{$Wq0vZ)2q`ziZN!Ck8lScad_!`R6f^t4 z9wFfK9IqglX|6^Vj|InuJRK=f@F#wZ`(`5|7wYB00ggoi22hk?P#)y@5;S<^XQ+@V zb+K_W+Y(x}+v7)&F{7~e^<)e{UKnK7u}jS6Y&=WnaMMY9uQpW6IWl*2#FQRxCO<&dmVEqpJ$_{(D54`q|0++3mE3Z_^0>zdsgAQ~ zl@xfpiCm426Yj=jT-K8fmOe6rY?1;9l?W*Pg1EaG+DWKK6StQ7*r(=PC<;I9s*E!_ z+Me^j%N_FOO$Zz7&8IdF`x?%+R8V`BhFLqgJTIm^;$Ud5e$Qx7wt$swX<$aex!_(h zb+8rPnF|4wmbbiMv7Y_eZ7ZmGSBLg4w&TIcXvVb_g$>6ps6LTvZK0bX9ls5}Uj2V> z_xJIeL?X*|@?n5mD<>re4i3(D=x?r`_W~7)O%pfRNROt9K1CT^CM>wwli;PLEOKSI zms7c=m}=yC#jYca5~T2YkvN*-=ItgN5g923)fgev`5t4#wiZ_GB;_7wJkHMLT-++* zZTM(Hc}?Tv@oA0Ye4AEO|98KC_vgR*{im(OLUhdG!&tm0USW=LOhKn^BVAwB^^J{v zR5drrdZ4Oa|3OzCIGEQjPCW((RtF>I-d`{tq81KO%W*-sU5KEG0%)XZl8J6XbAoSg zBzY;#r`FawpdS&JI5hXp-Nd}3i7 zq^c=eQ(mE@SR;g12Y+ksALzojzPBv+(w2(Qr2?$~VxKYm#E_6}OsFSzem5=qDfk5h zHN1aax24MQljk^OXz-#fuS6`2nFVWA_c?mjV#-erEdMBWm;AHXeGKPq-n~&Oqe3VE z!IDr+QcPE%SD_1&a)aA*HQz zDAyL$VnDzBKXUlJy&GyXbpCYsb1O05$ Date: Thu, 17 Sep 2020 16:23:55 -0400 Subject: [PATCH 14/84] added extend-data.md --- .../advanced-hunting-extend-data.md | 50 +++++++++++++++++++ .../advanced-hunting-take-action.md | 3 +- .../custom-detection-rules.md | 3 ++ 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md new file mode 100644 index 0000000000..b6250bc237 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md @@ -0,0 +1,50 @@ +--- +title: Extend advanced hunting coverage with the right settings +description: Check auditing settings on Windows devices and other settings to help ensure that you get the most comprehensive data in advanced hunting +keywords: advanced hunting, incident, pivot, entity, audit settings, user account management, security group management, threat hunting, cyber threat hunting, search, query, telemetry, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: +- NOCSH +ms.author: lomayor +author: lomayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 09/20/2020 +--- + +# Extend advanced hunting coverage with the right settings + +## Create custom detection rules + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[Advanced hunting](advanced-hunting-overview.md) relies on data coming from various sources, including your devices, your Office 365 workspaces, Azure AD, and Azure ATP. To get the most comprehensive data possible, ensure that you have the correct settings in the corresponding data sources. + +## Advanced security auditing on Windows devices + +Turn on these advanced auditing settings to ensure you get data about activities on your devices, including local account management, local security group management, and service creation. + +Data | Description | Schema table | How to configure +-|-|-|- +Account management | Events captured as various `ActionType` values indicating local account creation, deletion, and other account-related activities | [DeviceEvents](advanced-hunting-deviceevents-table.md) | - Deploy an advanced security audit policy: [Audit User Account Management](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-user-account-management)
- [Learn about advanced security audit policies](https://docs.microsoft.com/windows/security/threat-protection/auditing/advanced-security-auditing) +Security group management | Events captured as various `ActionType` values indicating local security group creation and other local group management activities | [DeviceEvents](advanced-hunting-deviceevents-table.md) | - Deploy an advanced security audit policy: [Audit Security Group Management](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-security-group-management)
- [Learn about advanced security audit policies](https://docs.microsoft.com/windows/security/threat-protection/auditing/advanced-security-auditing) +Service installation | Events captured with the `ActionType` value `ServiceInstalled`, indicating that a service has been created | [DeviceEvents](advanced-hunting-deviceevents-table.md) | - Deploy an advanced security audit policy: [Audit Security System Extension](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-security-system-extension)
- [Learn about advanced security audit policies](https://docs.microsoft.com/windows/security/threat-protection/auditing/advanced-security-auditing) + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Work with query results](advanced-hunting-query-results.md) +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Custom detections overview](overview-custom-detections.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md index d12e51c9d8..f915252f17 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md @@ -4,7 +4,7 @@ description: Quickly address threats and affected assets in your advanced huntin keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id search.product: eADQiWindows 10XVcnh search.appverid: met150 -ms.prod: microsoft-365-enterprise +ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -17,6 +17,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article +ms.date: 09/20/2020 --- # Take action on advanced hunting query results diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 6021933e52..947c8c38b5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -16,10 +16,13 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article +ms.date: 09/20/2020 --- # Create custom detection rules + **Applies to:** + - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. From 7244f328afef7f3ca6b960d552f34eaa7bc994c5 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 17 Sep 2020 16:44:16 -0400 Subject: [PATCH 15/84] added function page assignedipaddress --- ...nced-hunting-assignedipaddress-function.md | 78 +++++++++++++++++++ .../advanced-hunting-extend-data.md | 2 - .../advanced-hunting-take-action.md | 2 - 3 files changed, 78 insertions(+), 4 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md new file mode 100644 index 0000000000..0845cc41c0 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md @@ -0,0 +1,78 @@ +--- +title: AssignedIPAddresses() function in advanced hunting for Microsoft Threat Protection +description: Learn how to use the AssignedIPAddresses() function to get the latest IP addresses assigned to a device +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: lomayor +author: lomayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 09/20/2020 +--- + +# AssignedIPAddresses() + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +Use the `AssignedIPAddresses()` function to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time. + +This function returns a table with the following columns: + +Column | Data type | Description +-|-|- +`Timestamp` | datetime | Latest time when the device was observed using the IP address +`IPAddress` | string | IP address used by the device +`IPType` | string | Indicates whether the IP address is a public or private address +`NetworkAdapterType` | int | Network adapter type used by the device that has been assigned the IP address. For the possible values, refer to [this enumeration](https://docs.microsoft.com/dotnet/api/system.net.networkinformation.networkinterfacetype) +`ConnectedNetworks` | int | Networks that the adapter with the assigned IP address is connected to. Each JSON array contains the network name, category (public, private, or domain), a description, and a flag indicating if it's connected publicly to the internet + +## Syntax + +```kusto +AssignedIPAddresses(x, y) +``` + +## Arguments + +- **x**—`DeviceId` or `DeviceName` value identifying the device +- **y**—`Timestamp` (datetime) value instructing the function to obtain the most recent assigned IP addresses from a specific time. If not specified, the function returns the latest IP addresses. + +## Examples + +### Get the list of IP addresses used by a device 24 hours ago + +```kusto +AssignedIPAddresses('example-device-name', ago(1d)) +``` + +### Get IP addresses used by a device and find devices communicating with it + +This query uses the `AssignedIPAddresses()` function to get assigned IP addresses for the device (`example-device-name`) on or before a specific date (`example-date`). It then uses the IP addresses to find connections to the device initiated by other devices. + +```kusto +let Date = datetime(example-date); +let DeviceName = "example-device-name"; +// List IP addresses used on or before the specified date +AssignedIPAddresses(DeviceName, Date) +| project DeviceName, IPAddress, AssignedTime = Timestamp +// Get all network events on devices with the assigned IP addresses as the destination addresses +| join kind=inner DeviceNetworkEvents on $left.IPAddress == $right.RemoteIP +// Get only network events around the time the IP address was assigned +| where Timestamp between ((AssignedTime - 1h) .. (AssignedTime + 1h)) +``` + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md index b6250bc237..9da7deaf78 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md @@ -8,8 +8,6 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -f1.keywords: -- NOCSH ms.author: lomayor author: lomayor ms.localizationpriority: medium diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md index f915252f17..9f5671b224 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md @@ -8,8 +8,6 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -f1.keywords: -- NOCSH ms.author: lomayor author: lomayor ms.localizationpriority: medium From 3a46478e468b4b1ba5c1091cacd98b2cfc287a14 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 17 Sep 2020 17:09:00 -0400 Subject: [PATCH 16/84] added function page fileprofile --- ...nced-hunting-assignedipaddress-function.md | 2 +- .../advanced-hunting-fileprofile-function.md | 85 +++++++++++++++++++ 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md index 0845cc41c0..18be1be4a0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md @@ -1,5 +1,5 @@ --- -title: AssignedIPAddresses() function in advanced hunting for Microsoft Threat Protection +title: AssignedIPAddresses() function in advanced hunting for Microsoft Defender Advanced Threat Protection description: Learn how to use the AssignedIPAddresses() function to get the latest IP addresses assigned to a device keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md new file mode 100644 index 0000000000..f2f93bf6a2 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md @@ -0,0 +1,85 @@ +--- +title: FileProfile() function in advanced hunting for Microsoft Defender Advanced Threat Protection +description: Learn how to use the FileProfile() to enrich information about files in your advanced hunting query results +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: lomayor +author: lomayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 09/20/2020 +--- + +# FileProfile() + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +The `FileProfile()` function is an enrichment function in [advanced hunting](advanced-hunting-overview.md) that adds the following data to files found by the query. + +Column | Data type | Description +-|-|- +SHA1 | string | SHA-1 of the file that the recorded action was applied to +SHA256 | string | SHA-256 of the file that the recorded action was applied to +MD5 | string | MD5 hash of the file that the recorded action was applied to +FileSize | int | Size of the file in bytes +GlobalPrevalence | int | Number of instances of the entity observed by Microsoft globally +GlobalFirstSeen | datetime | Date and time when the entity was first observed by Microsoft globally +GlobalLastSeen | datetime | Date and time when the entity was last observed by Microsoft globally +Signer | string | Information about the signer of the file +Issuer | string | Information about the issuing certificate authority (CA) +SignerHash | string | Unique hash value identifying the signer +IsCertificateValid | boolean | Whether the certificate used to sign the file is valid +IsRootSignerMicrosoft | boolean | Indicates whether the signer of the root certificate is Microsoft +IsExecutable | boolean | Whether the file is a Portable Executable (PE) file +ThreatName | string | Detection name for any malware or other threats found +Publisher | string | Name of the organization that published the file +SoftwareName | string | Name of the software product + +## Syntax + +```kusto +invoke FileProfile(x,y) +``` + +## Arguments + +- **x** — file ID column to use: `SHA1`, `SHA256`, `InitiatingProcessSHA1` or `InitiatingProcessSHA256`; function uses `SHA1` if unspecified +- **y** — limit to the number of records to enrich, 1-1000; function uses 100 if unspecified + +## Examples + +### Project only the SHA1 column and enrich it + +```kusto +DeviceFileEvents +| where isnotempty(SHA1) and Timestamp > ago(1d) +| take 10 +| project SHA1 +| invoke FileProfile() +``` + +### Enrich the first 500 records and list low-prevalence files + +```kusto +DeviceFileEvents +| where ActionType == "FileCreated" and Timestamp > ago(1d) +| project CreatedOn = Timestamp, FileName, FolderPath, SHA1 +| invoke FileProfile("SHA1", 500) +| where GlobalPrevalence < 15 +``` + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) From fb844b70ab342742e22f7bc7cd203354e1473a84 Mon Sep 17 00:00:00 2001 From: schmurky Date: Fri, 18 Sep 2020 16:14:20 +0800 Subject: [PATCH 17/84] New firewall best practices page --- .../best-practices-configuring.md | 306 ++++++++++++++++++ .../windows-firewall/images/fw01-profiles.png | Bin 0 -> 66504 bytes .../images/fw02-createrule.png | Bin 0 -> 165999 bytes .../windows-firewall/images/fw03-defaults.png | Bin 0 -> 28751 bytes .../images/fw04-userquery.png | Bin 0 -> 248535 bytes .../images/fw05-rulemerge.png | Bin 0 -> 25314 bytes .../windows-firewall/images/fw06-block.png | Bin 0 -> 8080 bytes .../windows-firewall/images/fw07-legacy.png | Bin 0 -> 37359 bytes 8 files changed, 306 insertions(+) create mode 100644 windows/security/threat-protection/windows-firewall/best-practices-configuring.md create mode 100644 windows/security/threat-protection/windows-firewall/images/fw01-profiles.png create mode 100644 windows/security/threat-protection/windows-firewall/images/fw02-createrule.png create mode 100644 windows/security/threat-protection/windows-firewall/images/fw03-defaults.png create mode 100644 windows/security/threat-protection/windows-firewall/images/fw04-userquery.png create mode 100644 windows/security/threat-protection/windows-firewall/images/fw05-rulemerge.png create mode 100644 windows/security/threat-protection/windows-firewall/images/fw06-block.png create mode 100644 windows/security/threat-protection/windows-firewall/images/fw07-legacy.png diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md new file mode 100644 index 0000000000..a2dfad0ac9 --- /dev/null +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -0,0 +1,306 @@ +--- +title: Best practices for configuring Windows Defender Firewall +description: Learn about best practices for configuring Windows Defender Firewall +keywords: firewall, best practices +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: maccruz +author: maccruz +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 01/22/2020 +--- + +# Best practices for configuring Windows Defender Firewall + +**Applies to** + +- Windows Operating Systems including Windows 10 + +- Windows Server Operating Systems + +Windows Defender Firewall with Advanced Security provides host-based, two-way +network traffic filtering and blocks unauthorized network traffic flowing into +or out of the local device. Configuring your Windows Firewall based on the +following best practices can help you optimize protection for devices in your +network. These recommendations cover a wide range of deployments including home +networks and enterprise desktop/server systems. + +To open Windows Firewall, go to the **Start** menu, click **Run**, +type **WF.msc**, and then click **OK**. + +## Understanding default settings + +When you open the Windows Defender Firewall for the first time, you can see the +default settings applicable to the local computer. The Overview panel displays +security settings for each type of network the device can connect to. + +![A screenshot of a social media post Description automatically generated](images/fw01-profiles.png) + +**Figure 1: Windows Defender Firewall** + +1. **Domain profile**: Security settings in this profile are designed for a + network where there is a system of account authentication against a domain + controller (DC), such as an Azure Active Directory DC. + +2. **Private profile**: This profile’s settings are designed for and best used + in private networks such as a home network. + +3. **Public profile**: This profile is designed with higher security in mind + for public networks like Wi-Fi hotspots, coffee shops, airports, hotels, and + stores. + +You can view detailed settings for each profile by right-clicking (or selecting +and holding) the top-level **Windows Defender Firewall with Advanced Security** +node in the left pane and then selecting **Properties**. + +**Best practice:** You should maintain the default settings shipped with the Windows Defender +Firewall whenever possible. These settings have been designed to safeguard your +computer for use in most common network scenarios. + +One key example is the default Block behavior for Inbound connections (shown +below). In order to maintain maximum security, changing this setting is highly +discouraged. + +## Creating new rules + +In many cases, a next step for administrators will be to customize these +profiles so that they can work with user apps or other types of software. For +example, an administrator or user may choose to add a rule to accommodate a +program, open a port or protocol, or allow a predefined type of traffic. + +This can be accomplished by selecting either **Inbound Rules** or **Outbound +Rules** and right clicking to select **New Rule**. The interface for adding a +new rule looks like this: + +![A screenshot of a computer Description automatically generated](images/fw02-createrule.png) + +**Figure 2: Rule Creation Wizard** + +NOTE – It is not the purpose of this document to cover the step-by-step of rule +configuration. See the [Windows Firewall with Advanced Security Deployment +Guide](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide) +for general guidance on policy creation. + +The remainder of this articles deals with best practices when creating these +rules. + +![A screenshot of a cell phone Description automatically generated](images/fw03-defaults.png) + +**Figure 3: Default Inbound/Outbound connection behavior** + +### Creating inbound rules + +In many cases, allowing specific types of inbound traffic will be required for +applications to function on the network. + +Administrators should keep the following rule precedence behaviors in mind when +allowing these inbound exceptions. + +1. Explicitly defined allow rules will take precedence over the default Block + setting. + +2. Explicit block rules will take precedence over any conflicting explicating + allow rules. + +3. More specific rules will take precedence over less specific rules, except in + the case of explicit block rules as mentioned in 2. (For example, if the + parameters of rule 1 includes an IP address range, while the parameters of + rule 2 include a single IP host address; rule 2 will take precedence.) + +Because of 1 and 2, it is important that, when designing a set of policies, you +make sure that there are no other active block rules in place that could +inadvertently overlap, thus preventing the traffic flow you wish to allow. + +**Best practice:** That said, general security best practice dictates that a +rule should be as specific as possible. However, when new rules must be made +that use ports or IP addresses, consider using consecutive ranges or subnets +instead of individual addresses or ports where possible. This avoids creation of +multiple filters under the hood, thus reducing complexity and helping to avoid +performance degradation. + +### **NOTE:** + +The Windows Defender Firewall does not support rule ordering in the traditional +sense whereby a weighting value is administratively assigned to a rule to +determine its order of precedence. That said, an effective policy set with +expected behaviors can be created by keeping in mind the few consistent and +logical rule behaviors described above. + +### Understanding user query behaviors + +When designing a set of firewall policies for your network, it is a best +practice to configure allow rules for any networked applications deployed on the +host. Having these rules in place before the user first launches the application +will help ensure a seamless experience. + +The absence of these staged rules does not necessarily mean that in the end an +application will be unable to communicate on the network. However, the behaviors +involved in the automatic creation of application rules at runtime can sometimes +be problematic due to the need for user interaction. The source of confusion +around this process can typically be boiled down to a few primary causes: + +1. A user with sufficient privileges receives a query notification advising + them that the application needs to make a change to the firewall policy. Not + fully understanding the meaning of the prompt, the user then cancels or + otherwise dismisses the prompt. + +2. A user lacking sufficient privileges and is therefore not prompted to allow + the application to make the appropriate policy changes. + +3. Local Policy Merge is disabled, preventing the application or network + service from plumbing local rules. + +![A screenshot of a cell phone Description automatically generated](images/fw04-userquery.png) + +**Figure 4: User Query Notification** + +### Additional Background + +When first installed, networked applications and services issue a ‘listen call’ +specifying the protocol/port information required for them to function properly. +As there is a default block action in place on the Windows Defender Firewall, it +is necessary to create inbound exception rules to allow this traffic. In such a +scenario it is common for the app or the app-installer itself to add this +firewall rule. Failing that, the responsibility falls to the user (or firewall +admin on behalf of the user) to manually create them. + +Assuming there are no active application or administratively defined allow +rule(s) already present to allow the traffic, creation will have to be dealt +with the first time the application is launched or otherwise tries to +communicate on the network. In such a case a query popup will be triggered +prompting the user to either allow or block the packets. + +- If the user has admin level permissions, they will be prompted. If they + respond ‘no’ or otherwise cancel the prompt, block rules will be created + (typically two; one for TCP traffic and one for UDP traffic). + +- If the user is not a local admin they will not be prompted and, in most + cases, block rules will be created. + +In either of the scenarios above, once these rules are added they must be +deleted in order to generate the prompt again. If not, the traffic will continue +to be blocked. + +As regards third-party software. Microsoft cannot know in advance [and should +not even assume] whether we should let all packets for the application just come +into the machine. Hence, it is up to the developer of the app, the user (or the +admin acting on behalf of the user) to allow appropriate inbound firewall +exceptions. + +### Local Policy Merge and Application Rules + +Firewall rules can be deployed locally using the Firewall snap-in (wf.msc) or +PowerShell, or remotely using Group Policy (if member of an Active Directory +Name, SCCM, or Intune (if Workplace joined). Rule merging settings can be used +to control how rules from these two policy sources can be combined. +Administrators can configure different merge behaviors for Domain, Private, and +Public profiles. + +The setting is used if you want to allow/disallow local administrators the +ability to create their own firewall rules in addition to those obtained from +Group Policy. + +![A screenshot of a cell phone Description automatically generated](images/fw05-rulemerge.png) + +**Figure 5: Rule Merge Setting** + +The equivalent setting *AllowLocalPolicyMerge* is used when configuring the +firewall using the Firewall CSP and is exposed under each respective profile +node, DomainProfile, PrivateProfile, PublicProfile. + +In a case where the merging of local policies is disabled, centralized +deployment of rules will be required for any app that needs inbound +connectivity. + +Admins may disable LocalPolicyMerge in high security environments to maintain +tighter control over their device endpoints. This can impact some apps and +services that automatically generate a local firewall policy upon installation +as discussed above. For these types of apps and services to work network +administrators should push rules centrally via group policy (GP), Mobile Device +Management (MDM), or both (for hybrid or co-management environments). + +As a best practice, it is important that to list and log such apps, including +the network ports used for communications. Typically, you can find what ports +must be open for a given service on the vendor’s website. For more complex or +customer application deployments however, a more thorough analysis may need to +be made using network packet capture tools. In any event, to maintain maximum +security administrators should only push firewall exceptions for apps and +services determined to serve legitimate purposes. + +NOTE: Currently the use of wildcard patterns, such as C:\*\\teams.exe is not +supported in application rules. Currently we only support created using the full +path to an application(s). + +### **Shields Up Mode** + +A discussion of inbound connections presents a good time to discuss a firewall +option that can be used to help mitigate damage in the face of an active attack. + +‘Shields Up Mode’ is an informal term referring to an easy method a firewall +administrator can use to achieve a temporarily heightened state of security in +the face of an active attack. It can be achieved by checking the ‘Block all +incoming connections, including those in the list of allowed apps’ setting +exposed in either the Windows Setting App or the legacy firewall.cpl. + +![A picture containing flower, bird Description automatically generated](images/fw06-block.png) + +**Figure 6: Windows Settings App/ Windows Security / Firewall Protection / +Network Type** + +![A screenshot of a cell phone Description automatically generated](images/fw07-legacy.png) + +**Figure 7: Legacy firewall.cpl** + +By default, the Windows Defender Firewall will block everything unless there is +an exception rule created. Consider an example involving Remote Desktop. If +Remote Desktop is enabled, but no firewall rules were plumbed, then you cannot +RDP to that machine. This is why the Remote Desktop feature automatically plumbs +the filters when the feature is enabled. With the policy plumbed, RDP works! + +Now let us say there is an exploit that is attacking multiple ports and services +on a host. Rather than disable each individual rule, the ‘Block all incoming +connections…’ check box can be used block ALL inbound connections regardless of +these exceptions. In this case, the RDP rules are still present, however RDP +will not work because those rules are being overridden by the block EVERYTHING +nature of the setting. + +One the emergency is over, uncheck the setting to resume normal operations. + +### Creating outbound rules + +What follows are a few general guidelines for configuring outbound filters. + +- The default configuration of Blocked for Outbound rules should and may be + considered for certain highly secure environments; however, the Inbound rule + configuration should never be changed in a way that Allows traffic by + default. + +- It is recommended to Allow Outbound by default for most deployments for the + sake of simplification around app deployments, and unless the enterprise is + one that must have tight security controls. + + - In high security environments, an inventory of all enterprise-spanning + apps must be taken and logged by the administrator or administrators. + Records must include whether an app used requires network connectivity. + Administrators will need to create new rules specific to each app that + needs network connectivity and push those rules centrally, via group + policy (GP), Mobile Device Management (MDM), or both (for hybrid or + co-management environments). + +## Document Your Changes + +When creating an Inbound or Outbound rule, you should specify details about the +app itself, the port range used, and important notes like the date of creation. +The goal of creating any new rule is for it to be tightly secured and explicitly +documented so that its existence is easily grasped by new administrators, or +existing administrators who may not revisit the rule for a quarter year or more. +Take pains to make the work of reviewing your firewall rules at a later date +easier. And *never* create unnecessary holes in your firewall. diff --git a/windows/security/threat-protection/windows-firewall/images/fw01-profiles.png b/windows/security/threat-protection/windows-firewall/images/fw01-profiles.png new file mode 100644 index 0000000000000000000000000000000000000000..c1aa416fdf989c32dd3d6f18bf9c5083e098c2ae GIT binary patch literal 66504 zcmb4qWmFvPvMvx3ENBQ4+yVrL;4rvbfFQx$CD`B$?(P8w0t5)|?(Ps=hQZz4<&u5& zCpqihA9t;nMNiW`U0rX4T1z`&qNNs21Lz`*0ez`&^>!abisP7mdM z{srrxBq0n_GD5iX`~m5!|0nlkiX>tBs%~gDBu`uz!#C;b1`xVx)yKYyyp=pW7 zPJk(}#eSQ7aKsKb-iCW`rqtTyp%U7R3rmmihe#O5VQnSajrX(K&6Oo9DHpYijtWB+ zuFmpAEO$jAyIygxB4#KbBpMHFGZJs6nEi$Rts@wCH(DRV-bmUAavq)twW9jeROQ-Z z!ixY;Wkz0I{_}gXo;sh0Uc&m-5QU|u+k;_u;H45WGr=En`^tD9>aFL%*D@T<_k|a0 z)(#kN>$TN>u`oARd?)sKYFpvRmes>+XC7KSh45~=+AfG*%aX#B9V|)Mz+f^`&fspL z9X_#HU|)S{curd^X?sVLHi4TXh3@uZS&JWWSt>JIlHMUtBl?1Dz5hLkAqjsIfoel* zU-iZ?-CYLTTu(Ky9A;-f4mLH zCd9TCoB#}vAr&IoAq683CC5-me25^|dHmY>{fKzEfcSn(f-QZ1QNcZ&*R{`zuZum+ z=3!dBlGCJjX}aaeK=jr(EtXXiFLOzISS2AbOdsA;T5kI5Zj-d7aXJt4TB8nK^(X3c zYcc7T9ta_4Hf3JNd_>|r>KbHUUm9x!P3AuBYA+1Az`?!%g;3vU#+|9|omoRhyCQXE zmdxTouvg=>Y+F~uG`)r2-!|qAZlg-ls>nPgFefGR$8e06fBDLyD;N`y6}+*-R!Gvg zwFW7Xg{t3QbXz{^)Sgd|dR;nhJVXH;HV#H}0X0XP^F-w;Bspo<_C01Q1%;R?>yx`s z;f3!^OmejJ>lThR3RO0*H9iJt-D1!QhiQ~PIJ{>uHkx4YNyJTk7Q^_p& zS(snpT*1S{#Q*s~km(;=cNBm%Cmp-M@ZBfjar_xYvwEG+A>yDZYZ?dPEGBxd42>sS z65w~d%F@;5oJk1gnc%QBn&?{}`hjhiE3aG=Pl+SSwKatuA|)O!v+^>^GM7;N!NYQD8wkXpX#mMuH683PS`v2iyhH^ zl#eGo9Z7TvXu}BUR;!6ra%ZQtKu~b2WSq?br|g47L3d2F#T4vDJ>&Dl94E@f$uM z%2%GR*!_Is%Slpa#&uw?7%-(#v<=6$!!(S=3jR>%OD@NP-&KxH0k|00C}K8LwW~Hzfofq6;3WTtb3t24U5EFZ1Dn-&4%|4!9>A5T;xLZIoOCk zSO~tCI{-7%tIDZ_$2OnhWn@H5PIw*f;6|Idz3mZ4JB_PCzh*p|x`jlN%0L|?d62zN z^W^-_@aR2@cnrp1TqC}9tHCkuf4xpvn$)9)J!o>6SnZG@lxuD_h22Ru+{JU$@~a5{M~R-r;r0?F^`t*hMvK0pCtqT3OiZKqzh~_j)xKQEg|kgX;cc#_m^- zvi9{ZLn~j}zRHKUH5mRx8`;>JyVx%=zsLk!phG4TF}C@nTSE#$Jj zQy5Reu3(t8VynS$xi+r1JcAum-6{s|#~?}i*-Eo=daC)r|Krr~@`4Sx!Yy+=%*_DS zlolK242}so?KOW+gkn404Au(H#Mz6y@WyxZEv_e*=E~x3R;jJGX)&YrVd|OKd9n8% zy&llQVS17Q;6}qw!KPq&goCqBDORERiuXgDn#peCce@oE9>@uD{MtsjJC)XXwM~j- zGXYU}E)T?UUQHR*beC4HzYdkwd$2|^_BDfO>k3Y}bgi4H zLk$JXFEHT$N~hZ@@avF#KP<`XU~&Tu1x86g-Vs^zaW1GCkX!82%w0uYQ>=e~efA1X z@|YO;*L|eJx^r1PuDf_F)8kI}TW%_RdQ9rnK`gcu8in*xZv6n`j1CyeSznPGgbrB}JIO(TxxD`(^VW zan4kaot&fr+uaZFSdJg`3_nXrNmW;upodo$x*vC(m8O2&oE@Wp5HOr_z7a>&J)KMR zhKP${1Z%)mDdt%DbPzo$q98^7owNLDeY(SN@6^M%rp&!sFV#2f{2-jX@*e~8O_@>P zJHEj{ZuB7l;t^m6$3GbBSg@^E!@p^IXY-QG^x~xg28@q4Vi}}+Q*F#7hSmLK1MZDGti>?$#^f`F}r%l?nq@e0@i-`Qs1?L)Y&z9>}tjkRJ7Y_Iz07Uv39z)DO zl>XfJ?;QJlAov4I5F0a}AEotAEcyR+F(o|kU_O9`oYE*0`;Ui`C$yCt_F{;MT5NSN z{qxSx7!wi6CtD(lJQNY>3(d>F4DvVj^pT`ue$FqVm@)J9$0&b%o3OCndS6U1xv(&f z^xskEx7eggNZ|yWXo{jgfQhJFzOCy|GXdhoi&Y#C5tz7; zhC%nzy&gn9{X11YA1De7N?{ApD4{s1W`5qx=XTPedRkh>^;8scl9zY#nduW{)kXtT zaV(AFu0JEj{d9{#X?vU>LD7Q8--Idt5DEU9cLxo5U$L7~9uw0>MIwFws`Q{=L)+Nf zGxq*`D&v}NOqSs7P{8D$dR&wzEu-nsK7B27iWz$9Pl@a1ff19hYTDqBsWdg|D2}9- zP>MMpqrMtlq1l$ffc2&VPPUoca$nz{BKRw$#4LIkWctlJ-{o~ZAM6%nD%AAFc|&cK z0qd1T2bKJumdGEB(Sc|;q99RdpLo0A-~PI6_;|`yhR7XX2_@g@MQoO*Dp49nSifbTEaG%Bp`T|M5vqn1vS2EE-%#YVF=^Aw@5}W=V zM>UFnWA6X>+5*<|<7qOJD2m|ARsoa8C8CXdtpi>w+Htzw+&~H%bN+Z%VZ6+@r^V~2 z+`NoEg!I9EvU#EG4JGiHiwjC{X<`I_7Je97a6+NvlTx%=Qr;o5z9R7q>yC5UYBc-e z%e7S3(?bNLHomz8{QYcE4gL|j1pR%^Z$#_t($Fa?P-ud`H-0fTQAuJbwIlI#?4~4X zE9^ShxtET##8Oq87t{WiSNQy-E_2$OCKbcfa$}Kczbbd_K>7L%Q?<8iZ7p(B>s5cu zemv8RpBq-QZY(_b@C|kf-$VK>L>#lvA{h59nLVx2C##B}_Y0mP)hjgmaGI4Dp`^G+ zZOY0P6|UG-YLtC6zWWH1KL3h8=fZFWKYsj}pP$z;1@mX5vOpva4NfTu%>K9gkz!CjySFbqYxv|Z3ijv`Z1D$J<$vxY zJ^g)C6Cgn1&zm%!ZxSBFo&Phs{68<=moH^%xi&B(@B#iyi~k8?WXBySOl33%5OnsK zRm}T8t7;5H2A`a$hZ0VHr;_zv(&fH-8boQnd_)k6$Tr{Szw^m+I1)wpol>qUXjWq# z8YbB^qwF#x$vYN07*|A$|9IpwS15Uhv-5@S<7v{b3q{F^@;*^e2WvPit}I5ccyJAtG6$xwjcu`esrf$2!V>TBBEkkdPr4~7z-yakc| z2!-c7Z~&kh=(L~u>1Gs!!>ILh%0ky|C#R&b)@&?`_o&I?V7{7j$>S_RO=m}p%v$^U zz!pUJ_B$`>+!Z58`?f&0N9)@KOh3d~Z7@NmT28Z0=-TDZW7wYs$$5mN?&gldnt{5c zWi_h?xE9KZj!!QFxOH5sx!P)+#Sle#I7RFDQ(e~Z9{VLal_sbG7|siJz0YN}uh|>( z#+5*Vh8A)==)EIT={&_N9=iLz(vuGkLC2wr`SKr=!n2dkwO0XY(8JFA6K5>M#lQ^l|V@%-)K1>>u_A~DBq;eZmM*MDqi!#D5VEiuFp z*;*(N67q(6b#2XjoaD_L!)gr%oUl2o!~K0LTU%ReYdLxO#X7sS%25DaZ7OS0N$caS zND!LhzRO#E(xt4Si$7)*$3}i^qzii9Q}za&TblR~`}! zpj5~J$i3asbyEnCKUi#b?+M3;&EqJ3${jc;wD0UeP34f$MYiMWD#D2beJd_NqcCO8 zH<3FKA?s2jKyNxZ3T+XI9WL-r0SjBv*arb~^!}eZ5@ zQj>Y}s^CqKEPKlEhlHs-4TbmpsF(T3|H|giR3ioeenAxTYSH~jP1n-266-(}x zR^$5x!iTCF!FHHuc{BaanZ)39_{d<9IcQwItNVUNnwLyBKtkI&WFpe9}X(8x?5H z&kykpLSd}a8;GY>&XWfNJb5-qhf~-sFZbtWv>YM^FJIu&A)ph>c6|P6AT2#W*<$wb zokljscp8oW_4QiR4)LcS%rNNr7aeJXGPt@QCXG|c=o8n9FI)+5X9bWE9#n`8&9QZe zUWEdSUd3&6*D4e*mHCD3%`BR;{t}ihN*KBQOjk9+5!dzY>3nS!wO1f+-mq2x2E~&D z^$*L$KqP{_QUGTot|V&OWV+Lg{m4i}GwXS}*~%!@tc^^^m*BL#eY`s=EG)FNw7hV8 zNaJ=`c;`IIf8}unb*{QfA!feXNYeE(q0{v^>3%i|^S7%7g(X=K!7&O7I25vui|mvtR+f zNHVD$0nv_{`KCxdrKD?7i_s6t&%mB;efydD||&zNa*6xCX{jFdzp zTt=ekuMqo35=5kfBhE&wh-Ho390AMFAuV1BT<@V9^C*55CKGKd#JI!(om~wJ(9XYS z*E3uFiOY1C(fZysmNSLn6*6J?Chij8@(Khh*MBet9|WP|ustw|3t_K(vfLo9TYh3B z09MP0*x&gXbDuv4<$spoHlj-y`A-#TYiR|AysjUl8iG+>Xwry6@1=y2(pcu;%f;{sHPr#&I}I#jr9G~I-33sza|$Vx}Oz%aGad#m~A&-GF^2S=eB zKT-a0PN-npT4iC5we4(~4^Zfr-+F`1uL6}qv#9D=6~qh$@Yx_gRG@b6p3_udYBRHTv^H#y^?x?+`>651>=+m*pI?BSld?92@?g4Xv(%fdquyUozO3 z$-<2RJ}MFne=3;Wr!10uePklxu>_Ya6j2fB8M3T%P5!&26h((+3H|x=XE1Tb3hlqt z^t;$pL%hEz1sUIwbJ#8}yk+=bFGz~P5C3=^Bye3Pp?qHEo%ctsg@HpxA`Sh7h-~n` zPLsomV&WnHual3Mg4io0Op^b`QqMa^8rp{Uzo6K06ilPU1oVo3U6)GI&)dJP6P*zY zkdTl7`}!~81=lhAMn-I`thzGp`u679__9t&0ZhJG!PF$fD6%LPV%$E)qqtJp!E&h_ zV%!*Ye>q5ugx&z_!bFZI$D-}C7s&NAG1_gtf&jc?-21T@YFod?oPXzB zADQy|#r@-xQ^-N}PxT`?sxLCJ-vSU`n9t}A8VBA8N!5D-3-4J*o2g{|P6Nr1{^d0o zQorSxf^ZORTYdb0wPZHu4R5st8kQwxMqL#O-=ZIuPT3Jmmta!wAvi(uezGrI->XOz zdhxX6F^}91i|;*l1G ze!=`nF_Mdg*u9Ni@fE9*?yB~!!m0EEjuGE^1=dR+m)*k1J0RGNf-;-+*U82pNv|uY zak|n3J;mxF|2#Ek!SUIye%sSIJ?t|{&#CLh^L6iGArRs5Vl4a#vUn6{xX>?RvPM?2 z;<%@3IJ}rlWO?azu-oR}uWVrvuy=(p6L0ZY=R2`?t#ErmV(+k3=svA4wYQ^SrNy$5 zVVppWn!@fSJc|dhM7_BT$~L;|8}smIHaVAE#5`HscGzAUBWdBsMq4D(J{uA#;;Y=; z?z>TNiTZ42;JEZTa?0h_kC=JUWLJbrv%@D1o#47Z=alv`S%wMtj#7UwlNqrE zaG*JqPLNp(u`Y@n(0X+0pXHAJWPcgZFgl}qzhmj7uy}ei`lOz4c4un3bg4C;eTO?a z-KFXoZ@)T-zgBFht&I=r)GBd&@M5vT69C1Er{(Wm+JafV_=ucG3TZdr1c?_A-iXl$ zh;u3JeX{x8sR^h3t5dV_@}ZTjdx%QPE#WoKH#ez%HQ~nu5s(d4CG#4;O=nmVq{yDf z(xKgUP^wb>>Kj#lQaCoi?Zdx1H#?fdNm^ag&AXWNcFZSD-fKNcB0)Dat7&8BOaelD zZs$J_C`gnE`8|RmO2TJl#NVO^835<)dzO9c`8$9l@#GDDoem`Mi@>e|{E6J#7gBf> zOCSZm^;H>9Ci$Cep1KO*Du?q~eW8QISiK-eAGX&e+1kH2Ha8u2?~j(sGUrZ(YT=35#}79PA5UOMYrZ|Bb^!tZ)S2G zbmMmzR~#+R1%_27b`kQt;_eJ?!usE84orPRTpsR}+>`|t3 z^si>*FH{)J@f%=pR#wZKw&vfhpzrie#B~j$joS^e%&D<0du|j}44}YA%4pg^8`5e) z>lL6UR;UaP{zj&&e?O9p)Q$od8yQ^avCYll-CeHyh8oH2eCHUu03i{#{caWh0!}1@ zn8y>*!{V>%&b!?4x0iY7rsD)SX5obW5_pcm!@S!SOxk0P){&)DgxK&0762~F>F;6R zsWi2!&fZ?XA>J1d-J?E}IQ5B=fq1Z`4JYSc6>D)v%urM-7=$WGtWSXnFHH(xKx>nv z@lI5XEF>Vzjaz3tR}Q?!1g;9&`!A|5)2Oe}Hl79@gNp`SJt-zKG+Z;PKt#oeLR~4R z_BQL2H`wAHUxTA2ja~?HE%O1k;}%}(NB4=xf6o3XwuqAcirAKsggEMlabX^pe)N1O zFMrAK$(oj#8ipwmP@QL>6|{zW2;h7@Q-sgGv|0D#&3^G<3-&XYCek)ot5(ugkDk0S zezK`wh3JFxgzC&_|6l-`Z@H$AT;EpfJW+Y;QB87j96%kuB=-jNw#kzp+^UPt|9SQ0 zEBR+a=vu@Zo!o?8qpMis;*r{&#H~+Rx_ACm1+CfvWi*ZUJnwB^APVf2C1zg4bSMRQ ziP$2xg;t=4gyjqRH^aM#kCBH0rt~vFsa1x5gsF5{FS{180UTB^+hjF#Yr&b`bk*SU@H;>1ME2~)r#ZU&P0;NXJ zL)*$abOC^wLQ0nM)6j9bt45W-g68U#?Jvr7?fTY2qsC-k9(y9 z3PFk|#4BK44r|QTKYTXcsBJRxNoGabn z*|}YD0#pVQa0|q7d>-o4kJALub;NLz%Zgt638P_c3?VX<%gokP;o&qP9^4-vY!kAe zgiw8_srx#F0Puha3kMc|6CvRnwpydW)QKX%Pvt}=JW z1og4F14sI91g;uz)(+(!)9Cp3gtphf&b)sKm3+YFP zy?|i0*WD@Ak%a2ZI~R%``udKM8`00JT3X3{V2L%5l&8CYC8_pOB9hPK$@usqz*uBt za7J0Qc;ET8(sS@ZMtn9~26O=r6zvZ`m^)Ov6E`W17{_?Jhze)(Rh*CaFvr8+KQ@2r zBBWmFTc{V#ia%2XIpks2!C-q5xi$rCmj?j{2cs2Q8r4R%snitl5>dS3%-M!y1~ zCq&ig4^|pam9HAiBQs)EcWahXM#%jgwoL7Aqx@QFg=N9xUMg|ycN)^!^IvM8)~dCp z_fP1@)tx3A!W(DOAJ@~7`opAD9RXWZH5)0<0~$;QE&_W*u4=mj?7Ws|a6UNJhpR4m zj;-}wGvAN1deu~Px8`y@aX5zb;)olV`$4(pzjCaMI}UOYr3x_QHUjS9S3=(lxEhPO zeKPY-~X*t0E4U6{gUA@v7BSYwn}@+NJp>y(WD2 zQmhUsU|(h7%LW+TL4Fp=Qgh{Gys|~bHGjwuQyJ=y%4UGs0qdnP0wEPevO$26u+)+# z%RY#$)x=HX6_yo`jpTQ(Td1XDQA?JD7$A9R?8!%^ZZ@@_lq>YfFB03$CDcDC1)GAA zT+Ek>v91_t-Z2QXW@poUj710dv#io|Yy-pjnQZC=?e5;9B{6)FUhsa6c#Z~VfMNIG zkCcK!JE8oVg2q4j@j4NI)P}cnU_R*muldf#uw;p_#T>EVdbB0~V_zcv%7Zz4P2vnj zDc6RaWPv_w*Lx})=jb%K?9U=c%h=qi4I$)#kz9F|IcwJ;HJfPJ5KdK*-ZpR}2vo|x z(-8)Z(^DSrMt>rqK9na`(4@d=-A*ob@0RG$#BJ?AQsGi>lKtI}rnKrm+`?PDz%YCUszqP5F@L-oHzqJD_5l+P3_@p@5e%`vd(^I-QI^TR^ zRWC98h(^ho=n`1wymcw_K0`vTOt0Tm2B3FabR;I&RFXEr$OhSZMZvT=G2qu&-G)=P zARG6Ty_8UCwvi@#nLZ4dO^a$}KBSBNN@;-D*nW`u4a#Uh6LSKW7dFLj4lJFfBdMXf z2)Q9-0MX3R?yIPHXN#p3B10B#`s-_(F>9C&0x4{Jm~ej>meMurX{H)X7&E!~a!gta zIpp@z@Cn`n3Z=9^`KBC^L5i_GEYKqa)!aBf;t0_piZa9ME5OS=BA{5J3geLxg6#$` z0JiEBKe!nNjO@Do_sqHdG*xUM*`Ap_I$)rdtZY_X5!rtK;oQkOAln=&rIO8_yV!?h zds%?h!fpJ66M>=pxhp=+QN{n%B@(BU>&gMn{ZUybb8QT(I$qimw08KVZF8?h=Jt*4 zMw2tH45M4@f7->gpfzM7&@onxm`}znN+F?U_Z?u&9V$>8_D$H}eUwG}lU#kqVao1j zs~a&Zh@a;j?8N9;gl>R@RNbN2rPp)`Gn^qSJ4Y;3et`19cR@cmm^C8K}vN1deaSF7K`o)v~&gLMb0Kw6?y( z1TeUj(S1|S3l)MdO+HY+V3EKXSEpgm@Ve;AXU$OS9tcm}Fb7B*`On)BDe6E=%U6Yp zaRIB2VXF)fa8(oMHcEAIjpt2Y-oprPlNh=gdj|vO^tTQAodW{^&qkw6KFTVeRt0F0 zfl=WAIWoMSyO#rxkf0d48^cL$hEXzpW-b5-WfM`%m}tWhuf1amU^*Dtf_{jp|NgrA zmxxDA=EL2@TZ(}1%eHXy#w+HO4V*i!;77`d>LH%=RXMkB-Joi?=n449F#$z1$lA`cVxi`l2E)C1bygQ;g( zy<|hTibK~12yfB(AQ?_42D!&c(23`vmtx1_r1y^=DPffP!3rQ8rSSmk8ezAnx-BP4 zk_^N*IFQhwgU!eL!{8ZX&aiT8j%DYnc^f<`9aEfBGMeEY=xQn!{^IMaNScz8PD>a-O!zUA#nGWL;Jf;VAdnUMnmq$^Sr*T0{0Y@&pj=FY^>1!%m&1_uT>tmm;grrR+vfMy*|W1u91{=P)do`Hp#BW;TS0mzaRF&#^ zTioJC61rvQ8U6ug0N%)N0?&I1K8-cyz9a%!Q32+TJj)9a=6{$y!Sy$S;>zn+mQh5n$zV0;j%y{m%}kCs0*22}@tdK2jN-@k9$!JSqIe`7PftW#lrp22)> zHS`Yir?_=tf1EEwlFSYk@_Th*p{w`z+^jb>9HX;aP90oPR-B-xr{{5YFtn6!B4clV zo0)@{zo8Jy<+M=$;yNl1on&szrs=wg;>aXl=NzmxokRiCu`g;4hqu&i&{S+?4 z$mg>Bb!$iYBrkF@{}$KwriHUeY*tO6sTV1joKO)yk;{Dy9ai>#o)Ihzcj+RSdDOx0 zs+AR-YX7L9?-VSC=M%pouFpW8d}TI{C$GSs!9%zB^=2c9kJ(|tXf0pa8O_XNd%;ja zd-^FKrGO1Jj|6Z0_PUD=RKGeMAEVPMf~t<;;e!qMtb!;ci%k1#^v)?Z3fk= zZ^7{Uoy^J3Zk}h(t%sA=GY&6IMw+&leJGwgR>iG6p!pnHxlK0H*U#kk;L32`yCmy$ zkM^71NU+Ds*@rpj_7*1L6jCG5Q9L_ks0FezJ8wqS@Tm2Lr)n+I*MR&hd)v?z9|&~H zL;Ot$x5i09niS)ro^v?Rh$%mZVj&dc5cy~>1N#Q7bAT`R$e4UtL}B*VbO3p>_cPR4G!1!m%$fu0TJ0bWdl^#i4`;b|d=zAFgD%R?5Ck`UO{P?&&-^BFSA7{UO z;t+OI_x45!vjh#KFNX>O)N+U$AkB?T0##3Fo@}5bcSj~jx}*-1L0Rlhi@FD{r!x!B5M=J!{|i& z-RtR(Vr9CT@fH)<+_~(SUbaG0vA)Ca;V8JW8bviABEJ9d&%B4XB&mSF5)+P1Esm|{ z<3d8bA6X)k>WJ3yiV!5PKmwQVDd1vxuQiGIyhdoQ-VLLMHLk+}cUGtMX%t}lpy{eLC(Mu9!LBi|P2`IPR4?$MEO2aidRRg)_fz8 zMEAjlI)@p5&j18E$W|TCWAAZh66ENLeveK*u+3d`?%Oow;-{q_x&1N!%flkj|2d~E4 zb?rz>-%=4F$UL2``z%3Kb!@?I8(_;BP``!M^|>Ijno4!XB60q0GJ(KiL#E4=KZv3f6tQv%# zr=0UWQ_*+ian^-i_K!qrWojp{)TB9Fad};>+vz5&noD<@al6Sv$m3t@Aye8k9&k{_ zM#KKAwT;LQYkvHlFZwv1+F>lg*{kMJX0WF^11#`pRd|tRr=_y-Na0j1wbp~8;*aMG zV&lIXDV%NpHly7;MO;v;v3oU@!{@pt3%uNifLy_(QV8|DOdIGL;!F(};y5|#Jq2-> zhr9;WHk!J;bi8qQt6>z=51OsZCc`{Y;M-$U8JVj=hAK{mG^~llWUrJig}w%R;px~~ z=OaT}bu_6f(*#Y%89p%nPE%;xr>5pDfxWps+@?Gw>8vJRnfn3NQ*zms#@B2-t5Pk! zS;3z`Z@!cKYY0Y=4Ayn_J9G50OR?Kf*ALITmcl}?!-fi_!)4KHnFkUBT+>&@+m1dy8IY!@&)(Z1|dg^f}d03Af+=jYNl+@U`Y?eAb z4~C$*>)st`y3x5aB|6x+n|7DxPEB#=Jj|xnXtdtmX}{cRDcd(leY{${AnmU`JSl<_ zjV8M1Tbk0a484t9izkq2xxG_y{`{!}uYT>eCkke*xYRLSCz$+rI0^&K(JsqkDSsHX z+7jLBapiiX!>JMZgM3l3HLC_a<|^63fBUySI>K!Rs^giD*po(mliU|2N$XnP#h{`N_MI zSFzzKwIXsu?J{EOyg6%UNX2ta;&I&<;M_c6W+j&l+?hV{q&7)U!jkR%{@3s`d9e4@ zmY9q4^|Dc{#_bT~EY3zWw*a$xJ}P^Mb?eC2Anb!+QUanMo8&7h$Z=w|rP z)T?6yJW<+Oe16lqMqpG#c2|9lr`snaxeR#|9`?w-5FpNF&i_D*!_9#gGo<~_{} z6H7cux_S%C0&)+`ol$Wyf;JwdJ3Xzp^ru1umZs8__#Hc1+B8U$cWm0G%+n|;%hG0# z8DC?5HT?WzL+)DM`~t|-tOZ=|86fXnJosVCCE~T42M{3hv6?)OveS}qOa?^O(Yb%8 z3c7~6Mroo)0eEXJ3o1b_$G$I|(FN+QkGXZxiFwSnzZ3w&>RV_z9w+<4TJIg8$}9S; zMSoe%F;!V_#%h0r9+U{t&5g+Cx$+3AyJqi=AlV(U;&!?9Z@2%HaDAe<26AS%`pGLo zg08+c80F|y*0=(>&7BZ`G-)pp)2%C_%**n9J0+QZw^G zmka4lrMn+K=yoR16JJLB%c$JGY03z{^U=0vo(d;HeRh8OJtB zM4gu`e-Xv5_3@xXQ(3$Lg&e>LjjklswiovlnWonVGHL@c7AuXzuxvUFA}GON^Um>D z?&ua;lf`CQsSQ6fqGc3J9GTB{5-rREb`Gv( z9PR87WOGHVH!nFvB!cG5Dw1Uruf2+&>aM8KTU1>~!!i;`ieSY4A`hNx-)$#XE@m!u z_-B~mVaIB6CY0Fp`8PiQ`5T`Xyg&_682W*+8f?6jkfhVheS|z<%wrXq&u3hheJ<@h zVei_v{J!k?xH!3bRStkJ4Sq60BXQrhtaYgAM!ge?(#`)umv}rD%+DWE0EsN0xA}0& z5^mF76w4}Rt~Nxhxg4X|Av-CXuChu|hqR+0$VF3IRqIGR=WYaXo6v8rUn$FJp0iOo z;cXDvG)%n0ea(Nn=S6L!>uxdD9(SOE3f@ylfv_#-SAFf6V3Uo+2BTI(U)i$glAyB=Uo+4rC8 zh%yvKzpz4iS_dpV;~Ldszvf8F7$F`M-WPd6gA!jr-lU*K5Pw$!=d&F?)Z_!#GE1c| zNa6`^_jN~eGOo2-*TebQMoYepX}PN$WcH9m_E_-~SDw}F-WlRR?PO%)s+;Gm%qpug zHhV@Fh-dOEx~PZ+_8R+^UoidGcuB30M5nv(7O#cc0Pp>7nu2Xnyx4|j2`$+POA8CR ztkONp-M*SmfHq$fczCTQmu~@6c;+JxwtCC~8ds0TY$lJT`=AWQ#m!r&UMf)?GE1XG zlm43wI?+3XkGvV{3S4LtjmB|K!i+JZvt)FNTU0B^5>fuQbQ}UI`+4I(2a)8R;@;Paw*FMwHGLLzklClk8?J+g&N9sb(A`rr(jjo zjYnenxjKI+cLH3ssuwypV^j_N$k`2csyZr*^AzXkdTqmk#y!FJbInMivm_FB&5`r* zP*?MU+PSL6(`{5+IryPU?Kjl&j(1JL33O_g$!unI z5=hUpNC;1^nDj9_h%!b63kp|e6~tv-Adfn>$DD&+Ab76X88-mKx@Y=m^s}~of4Bl# z)6CfXP9O|qzs(rYJ?+M&gQMJpR*b46gmolQOSE2M96D8*yKjVhp<>14U#3FdoNOJm zY*~(q)FD(`uy85v#?lx-SLn%kdih7J4sW-pH;J zg%*Bj&Bsxr@Z=@(3Vol1Bu>vN%+~tWZlX5P?+*Rpc&){nx1bf;Z0%<=Q7d4>ho!v4 zv#cIu@iog;kDPPf!$8Au7&Wg&%VjxZ#`uy;NHig`(g>0Pc1U!(>JtHm+VTDt&J^?W{ZIg>8teUr%QnJBYx4jN0)_I1h z1Pl=o2x!FA`CToZ1_p-VLSK&6bN>j1C^- zGhh2H7+o-ZJG`3q>#a?%E3Er}Y)tU`Q(F$IQMI~n%C2YyNWXYnN$@-gn0Gb<&!B!f zNcbcYS-rs?hC|ibDlUb%okXjRt&=M7@Sy3x=y{QNb#%=8%F%ie#OlNKi{Ih=(3}e6 ziOMM+?&@d{A1ENC{bN1Ht#o_iS3UYLDaK29UwpBq`m=L2gp^2vp(SEl+9~kkXk?r& zA$vND!x9nTL0;UW!_|>3J(54@@=&0uv~%*^ORJSEbhzyLX_Ou?znkEFa#2RNRzkU{ z<7sf1sTKEZgX>WUKd)mRI#HOpZFbPW7g_Onigv6)deyiDwtTM2DJz2pLxZAet~l-* z1x+o!mso+xJ`683w6CSF52ysqH_%odi`Ta9x`r~2NsZ7Cy>4Xoy_jb>3uqUWcjA9_o+>Lyk?XF3 z)K_&_@&h9vLwEG}0cqE!#f-@SsVJZ3>@-xpHha8WPaIR>q4fSr_vv_mlYr#r%6(8k zQ@2Xra?H8$@#FzbWidYHMb9O#2e7pv=HU`NA>k~ap}i$aWzBUU>YYe*o67UXfd000 zI^1@alcB_Xp&z;?eh&Wlm^MM1??l0_X((Z3wP(p~I`rzHyrDS=qQD7E<2E$6;HatU zEif<`3Z#%LUP5d7Sd+nC)0*=XeVv*8Dk7D6^E9l-d!`S9LKV>^3X~EV=YrvX7 z2peqgRPVjoH6^)p0%j@M(OdK(_vMFS;TJU&S%@;am_`TOD60gT27^r=N3_aTUS#TP zX7>rrj#78!!>J^xj5N+XRO|FNrXSdRN)tv2&pmv!e1+rVIS<-(Svp0e6&9(|zarJ} zw>8o;4o{ZY?V#jyXeddKqz%fY8AY{exl6|un%I8s6Drr-CeGIGOSIY)791yvRMfAv zhKnff)p0XE(AjwxLV!9_EXlOg0E8t72eMiobjq!x-Vik@`bc^aBLv$OYqxcbJxy3+6K#%g2R zMq{&a8mloH+iBd`RvX*4?KHM++sS)6GoAVU-%rVhd+*V6p1t?ld#$yH5W-UMNi*n#@5&0gKgsFH!+|_w>w3FA~Soo zrt~vuo{zQ8bhm+sSzkl6fYlO(+!Bl9vHA5Ywe$;neeba)I{_Y#>$dRCH1paGLHtLD z=MKSasK{o6p-Y|o$1G}cRJnNpa|B%JWwij5VXG=F_FXiKvceJf_?@hlWXiqT&eUqx&-2N|olUOls$7JOP7e1EL zvrn=2ePbxhNzmzlc!A?CaZqV0frl z9V}A4b-hm9+C}%I&NE%*{j?fj6V%1@U1j?0cj{xgsmyBC6En_zg3o)9x1&O6I zPMMhrQ?}lo+Pd1FJBb<=_MaM~*WB{uR$TKX#i>|pj2`dUUBvY-_lbrY+ME+ zqs@#dHKW-g?w-6aC4^^Guvqx$3cWq{U8D;$LiL#b$8|8kfS&tfMvKnukf?v?PF!wZ zzv9xWv}c$IZk7MsLCPL=EgryIp$U?ttIBUt~` zcV{dSH(mq_&d;)+l6o&JKt^vgNKV9(3$ri`R(J0RzO6?n4@wy<1dftB;@D)Gw=5m+ zw^cmAAisCQ+O9(Cs({NLdlfww;rq3{X2*>c$uBtMh0kl+e^Egq05d?|q!Th@#-wpD zQQ<)2Oi$ld+9;1kux4|3ofHCFy&y~_+jgAS{AIG0wz+ZMDs`}`U@D}A7bc9<1;j%> z31QI6Df21G+|(4t2({9_-?__N?56I7-{Qe)DbKoI$!hW5afe-}?CG%j)E6b0MMP4f=W9tZ8(XiX=|?ZG^=~hyFT1;J_S~(DBc+z)p+DP(EJZ)r=jZy)(k!Zn z(HSezNmE3ov)ECae=eD^Nd3rc*i$1B8|nV-s>M96VKjkYNC%nx{#iJ**dzFMk4x*9 za+VnVr#VOS>+-m{Wu`a5x}FPIvg7J;KeFB_WJoWy#UpeLF`paaIwzt8SptV7HCN7^ z-op;FMoI@2Chx0th9zYl(_kCMly-~b%x?v!2yS)AdSW6NQe;SpO5qK1dO9`=W|_a@ z-Z9ElP*mE0nAyPj*C=3i?yey?>#eoY;Pz&l_-uNQD7iZDWave;Y|mJZT}XW&6|qvd z2g%p*t9XIA+#BA@FUgNMH%EO~An$Pt5_qqJErXwWbNayU{z%41K%hS!O=}XO=U+0%B~nt_Q&y+BdiLbA!+f`21#>+e z1cY#dv1zO)1tT1WCjDtevMC&7dhRSqUSv1_wkyf(;I$8-prFX09vq+EX1Dgzmbsrh z>b3=!8|Fv76Gu*+Pj0xyWbqT7W_AGfkIEO>noDo@&k8e)lu>_ zK_ZC{+vM~7S5)B&7^lmp$P1V!_u0o5RgNZFX;a)f9N|HY#pZ;Vy!jbrClD9qM&1ie z*Cld>{A1Xaq(g~J1%oa_%b&`pFJ!rc%ffwM&yv(NV4Is0cvMu)5 zs?uErl4^H{g=|%Qqh1-VGs3>(*7n%&ZRq^kU6dMzsNvTh9has#o@}vcrcx)m0`ZaV zIBW1Fu#xF4^X@Bh2p>7gKx^RajQ(KlU3T@KGl_KIVl?#||}R357YQtMgri)xma z?EDze;fPKNST;a-Z#2MB|8&D&OH%@_O2QO$X_ZOts+h z=$i&W-!Mz^Po+e=a_M@*UJr`=8b+KF5y|)yO1~Tnwaa9GR8_pcgEHfMedOZqqB9no zf8ptUPnfrWFJ~i!*okZwvxWho<2ce;VJ-5bt;H!gBVcFB-W|g17(E|bTV}!1$-Icd ze`v7Laxu1@?P{(3V)6UZVV7SR1lVSPT_m-pb2YRc_|7u-U7V#){X*M~|JWwdJGUCS z&9m#B<>u)RcA$3C@ET;3z9JA-t}3gr3o6~#vOn(>8o9?(2gWU?SLRzw@@_%+hKCuM zAe613==h%;J8Z>=AX|nhFS#mGEfO>BFS|}Y+E^DAs~no;HgG1uRt!^dZ^ z;C57!&QR`RFyiejo5s=NJm);4(QaXVbl$J&IUyhw{Ha7P24$FNGn8&;K%yf$&>(Tk z{K8*icNcaB5U?t858p~*k6kXP3YD5;!L@5tzg>-v*)iSeCP3UEck6_}D2R!PIc+=3 z1jtoKO|~=qo^E4cZch80BQ$duks~Ll!l*Ii_o}rpZHDo zN};8pS*kIe8j7d!j|8~4tEq2dtG?NbvhZBR)?q_t6$R>CTt(cQ<(Mn&t)){Ybq-E7 z$s_31gEg6SRqKqX*R5Z*HU61KHcf3p?QcYqSwN_9-eZV%TcU`Kp9OC`KVXJR% ze+95QPrPQeUIB!8sKewKG1Tu z@#h>1kYuq7MeHHwtQMj{jn|L;vNfb)riY_>HdzHWN&a{-zB4W4d|8y@=&M{ITN&9g zIb_DlLXK`|5+4LJSHSY?hdKkxNq3kgzI|!=X8UoD*kp7rzkH{p?Ih*EVCg5xl5+}= z++5R{K)$DJGGfdlJ&Tr#sS}^6+qawK<^GkL>VPJ$TDdRvc02)#^{r*d2K+cv?i12w z9}+I$V@aJJ0TSWI)v%D1n6T5e^c?8a-Oae&(5bdiyvkmt?I)5ED0ti>3v2ci)2#8# zDFJVAG&r~2lz4M%3lm_}mM~$oo3fl1A|I>(4maJoXM!Ys1&hc&wO`(eAStTAVLX z41UPgKa_V}FH@ zJS-9-Gy;^6CAa4r-M*Y)%s-`1@{>PE(}9)bL;k=yJd&Yp%imzX!}Z+l?Asp1 zUURmb1g2y<(K(u;^vzNAqe<&?(b0Ed#Vn7YpL1R3d{M;~i*@WG`J{8~2<@wdsRSEWJX2+z@4j6}c;hwpwkaJ)r|7sIdAO-F0 zGs+!TRuo}IoCfJZ>aruCF5qd3%=rNMNv?3=R`3cA)B;8*HLfcd z4kRu>Np4fmwXg@;zi9fWS|J%Kv$*mkW0}LlrNSt>@O-`4z#1hZ*|C8Swg{$l?wRKG zDmTXKT`Jt_>)m872R#qy`x-|Qqr_PQ_qvXPaK#kcY+9&h^H@(qYL27!Xqek!$QHS zll4^8kDVTUex|U5GqflyA>A8v-+KzX5JW;7qE@Qu{Uj>UybQ?;ebJynA&bYmx-h-C zEOQ`r;vhBGC-c=jzjJ;u$IOaLvHmP&>j|%XV z{AY_bdK6^Ujp!aHPGWXA(rG6`)hf_xMlurIRlWc=E14?aMST^DUsiouR%c#5#>RL) z0Z$+fzRWd6K~LO3KtAc-d_oKpOiF-ypz^EAf0M5-X;}ss2P2CJqC@?3Ls9Z&_VwxNN2C#URrb zg+t;eXlyW<+KSBODQ7G)_tF%DL!~<=s$PZD;;iiji-2Mp7ku(GIdG$Qk;pxntdOR2 zi}96PR?U3usx=74li|YaZ!NTAl(0}JQm%s6$4F?u=p~^YgJKRr#KmQ|vbfyN`Pwgo z&+i#CIm^0df03t{a`D6JEc(OJ;?2{@OzrGqt4j9sYWX2fRotk{i=jllR8>6T3fo{H z#NjhL9?CspZCaZ_uamm^1P1*QeGcs)9JB8r<<^b`1;K~b!4(=cRrx&8N~Lx|U;6f& zh~>Rk&FcdUEQVJPO;Hu|HzF}vc5Lo&#uWd{gfQ~riJ@AoMkksR|9y*-W0sjS0-JAZ z83_UQUq^yZN=wO^A#g%){0RS9cHadGpi6$XM{1WB@Y5x?wz`j6nFTogT9qa05v_xb zW+Ucp8|z@)Vz9EzBP4DxN6Ne`D0W>)2!dW#wd_X*#%!C5kEfM(c$F04dxPkSP zW2DB_MdqHl4+nS9>N<%kW~Z^iLYDJB$_R%hF5 zC6+9rdNLee|EoS#N`;+6B8NGxv2=@p%J_%xLVtQUz@+-|TKgIQS%TH86Pz-`s%8}X z#epAK_v_WD*XzseQh9sjBSEoByZWFOt)ES`FR2Ma0m3dlk%i z)kPIE_5d$W0^f9!8Pa*D(B4x`v)=1%vDUo4w2bUs%#v++KLcDKJRtcsnk$jYLI z%3OC|Cs_tZofX3y!EIz8wOnj@dA_}PJ)J$}HY4z8J_6%omzR%Pwa`Re`M$dU$}|Zm zAwe67PVG74R<)!aF92S@3aF`Ullu0u(+EyFouDI;Up0z!t6@cPd7(WDZ%6ZNu z)3bm3;KZ$0c;+)WXg|f=HOYbr@!xQxydWWvDN*RAd)yWRKNE;R;JOvgo&{=YlDd7C zk#j78n8^zMe>A(YA_bghBumY05M{@03&{xkOH16c-PUKc<^ z{LlIT{_$Rw)ZOUv2UdAmlihAYDL-s^=~7YqTjg&5p;i;GquU)`5%;(2^XOO#nemh4 z5)2&&J!=Ta=KphU@4z|efs5{7=6)(U)+s(4Oum_VPHyM4nIjyrOeH~Qfp0qyPya=r zzN=n}%R7#}{lDKPj_gPZVPYsBxMEM@h4n;5VxAu$tFimE)X>08al}pWeuo}=M9Ybf zeNTv0q$?6z;9Y;8lKdvTJRMB|fe7SWM6HxkP9Ytav9-4e>u|L4fw~(d%{j z;oz#g(dhO$?AOEGSTg%r6HVC69WD4Qa*NQP+Kr{PMlqS$n9+SmNS^?Hw2UY9mXXUEGf*i43b5C62+U%?M^_ zZ=?_*pHTx*BGf(EgZ_`oM`fk0=I4@L0~zt-VO#3rg_6yNSFk|DpFKT(N4sO62$2|l zdz?`#J)Uj>Njo(jdO{AlFP!R2eA2eN46zO)V{?e9<#Kku6bWo9@m3Z%px=JS3Ewit6C> z3E%Z{f~OwQ1kFb%h(s(R44c&q&?#bMT+NC|IxOXOI!t^UaewyPSfAjKI?m|v^LAci z^{g_|H8-|sZ@Ykstfx)VsWw-ANp*gi*0P^w940?XTP~#1(4~_xMvnXHz;H*7m$~)4 z2#PlzWRAj#=7XqX-W%5&Dz)ETg65N=r3}d}DH3%nmpZ&5DVeAA1tX3TOx#-|HDcDd zG~-rMBsS~Yb=1*t8iVV7rwFKTRaF(Ba#E_<$kY_w;r7p}hc*WVYF0(7wVq&<ME&|O;G)U|JiK@;Ov!)BGY2mHs!@>}fx7OkI42-Q@7 z_Fqc+Xe^sK;pXfMC?@SR?u=uhYqEbTC~a#?>+1#>Mjj<1a){!cVE%}x;w3umt9v2B z7N37jWLu^T;btGM(*lUqWN8Fj-El~x3Ne`ohU^Ga*K#@FU=vt zm32&kMa>cYq~q!=jY{6`w4xfli&2PUU6Ij%-eIyQ>dDXp#8BE2_l}Lq$J;?`SmYSu zxr2gNa#d`Q5#45Z3aew@c?pr_75UaW}$E z_fW0{;TCQ4-8$)U5IDm%k{)G6kqa7 zary4E>&o);P#6Q36hp(lB%E>XLLI2ev!>3EpZ13>Lm_eQL+lf~MmA^>!ufzKxD~6E zJk|DP^@A2{9A`{A@op(9AXVxcT6AbYK7g#+FfGI=)oZyfCl`|xPqm!c-%6dRt`Cn| zp2DOtuOC2H81Qw;Eir(QP70*W3Q-FA1~2s>FF2Rm6d z&4S1C`B!xI2U3^3EdzJjd`Xi`_B$2L%iA{o=giAhc*SJZwSD!sxL&N#)T*BaK0q2c zns%(zP|{OJpBbe%SG;tYdp+IIB}xSOKjBi~yHHT1-ECSJXTpytL=1vhp0_5cNsQ0w zUgkrr>@uHQ+3asO8SYxVHcdR-En2E5ebSHMnC(RwS{rcQJNejvX+Tddo4?H>8 zlJXO0Wlr0r^YB%N`UdNb1U(u45b#2AoAUA1@E$Iv@%B0E10!<@${4T*Oh{_(Vo0b$ z;}OtgI3-t?my?raKY86oS?5M^cnrQ-p5P1JjvLRt>b-yksypwwyY7tl$hWtx-@Jr3 zSJg7p;;xhr+Gm#Jsc}wPkZZI2HPy4FP^+zfoN{NR#8_9}Y^_~og z{$Y7R&wL$Jf7SuO;D9C)eqH58c_Qs2@9XRD)!-a9oeK6Xb#r1ryRY16Zps78aT*9> z6s=}__tI8WLFF|UA~imVW_Tb4TMQR+{g~xrrl(9I6dFnC11jK8SJ1GqjaXKC$)?(u$kiPyswL6dLc;=FhaR03j-PK!oJC zhx4gm56bx9QsEy;0gzJ%B$i?kH3WRCuGcKNISx*8&Bii#nO;<_ygMO5Dn%Cg)q^XLqzp9aDOaw6GN8xGDvUVJO7~fi4gJA zeC)ZA^engnn&ZDioC1WC&?RlQbM+c)u6ozWvtR6EbBX$JxjBs%r{|}KQOa7Y&Ti(? z;`R0oBq+h4(m%-(SXtk-aL$7C0o<_pPpO?0P?f{a5hL)LW|Gou=~+T9;&nX~coN?R zH8N?@{F{rZ0(+aOJ5}_?0=^;y+E|!MN=Qga)V)U!r7P%dFxEYdHN&uzw&6}&@H!%=CCe)^x47h?{|+J^8@jo&(eHCM`ffrJv442 zPNc)b9lB+?M6fQqa9qI`2wv|?gv^Q1t-$@l@+PvyNJ60N%MJ{09mqoDUft$~GdeW? zxz+pHpbnNY4>~hZqDU)8?CM7#phBp&fQTVsb|KV$wuJZhZ)4ieP=E5P40G_0weP&G z$UnN@+Xy4A{K6gik3jZ&*6@t{e3bi)Fl2v4YreSjY|#*7`rlxT2y=b-@Gk5u92}iq zGl(*a-AU7LK5Xp|Gxwc$24YauPmtw(Uhu=iLqw75v{Rql|D{S0B0_@So-74Y62E^W zQkRAvn!%v_m)R0DTL}Jq$_T2e<%pIQgr6N5!27yyP7qcfzrb+db6YQXH+g)odkB}L zC-;Yjr$zEz0sI(+^Qe&?#7zFM&#lc;J!R@XuW3y{*1%Rk7_MaQzJwQJG z)oXad1{DPmb?;4Gn<{I55S&wecHSDZPGR6=CVIIYE_QT%0p`s3u7gkRDGvE2x|kY+0}tygb(N{+{x@N6z54;|o7J;6E_o$NsGx z*QbqOp3aa?JIuM*pvZrr8u{{kgD?l3Q2ua!lg@uz9K4*QqkX@&c{(3^yH&CC!^r{4Pte8|t|LkxbI-ry5M311s(?T1NG{3D6V7H*pP#oINm(=T3a<30gPE-|;9B`3i8!PZv4D$rj65Fu z9a%R6_v_@R6s>WvT?)ODY=-j{I>Xw<@^IYJ^>V~gnK4v}O2m_kT65{MBfghkb)h2- zLz-i$_=(+H>A2S=QDK_cne$}*X#OCrlk+lF2j z&k;)|M82zM_a?pc5v^kXyglA&M7r&ghHK+d zqj640wk?{Ds{;7IiPvUAPEb|5<|iqn8q5v3BWi1Yn(~38)q#~E2D|Ymyz(=|)$BiW z&i5$iTjkc}NIP2~09n8ShI>&{+BD(EZV%dck5)4ezyDo45hyUpHbs3i2qERzsEZShGAW~L4>FoV$KnXv&T{p6cPhbM1qp-1L?VYqWAPrJp0CiZMNdjeFEJ$WfgayYl;6`9w0Cx8W-m61nDN9x$?z z39Lny5_(#S`${%3 zmHBMC$u7QB$2`T8KDM3t9{=goj9fFdGoQb51oZOgk;zg9(V|eX$j1P$ear`~T=^Tb zTAMQ9dD4L1dG;C6f^y4FlSr!cW)+0b1F1WxMe?<+Cgx<1Hkl?jN4Nv!I7?DevgxTU zFwLE1;EB%1lH%H*>bLSJ@AEowXT!ghxk7O1-I~{12pUbCxDe!@xZ1(}TS>nCca*2H zT&k1KBn_5M;iznEbUB`{1iIcJ&yA|9h@_u{zYEbVW~|;EQ#QNY+}yC>n+yPg3Bp>C zwQVrMFYzRQurBX)#Pb(14CD!k@0P*PuWe@DWLZJ`xQcokjy9egnSX%dtTcfy&su>< z8zSGmoWKq3OW{S>P_lx~4=uic{ZDEG=m-;ataT3EmV{@RILP~WAZ2D?i*PkpF$lRp z8l!^v7ylEb*ZDyfEeoE@sc%K@5inVC0qQnr_WyNX5Fiu)oyR~T}|I5hmsf4S^$M-j8%;cc-jaOBn09yh|j108RZ9l z8t{Vw#!>2yHvX?i9=Q0su~2A4+#(oop_i7R%S*eAKZ!~^w1JV)BN+im*Eelpa0h*B z+s@Y(Xknz*+~Kb2Q6N!56*4e_|DZUghyHiyZ9t}Eunwvd0F@VRfbWB@fdi1-4w>+e ziHJhNUjn=Eey_=WHc$r$SgC~-QJfDVbRfr}|KIr|rh(TqQj1B@Oopl)hE6I)$nsin zE&M2spIvC zQwsjZtJCz?>&K(=_UlQheA#r*liImeSGahM15_BosQo@ZLB)R_FrpGD5NR00GD?UT zvj?O34chm|s=j}bprNh`zPP-W;GrK0LuSsisI`n&u45rv04bEB4f?WPg-FC%PDdj# zGK4z&S@Y(c-1HpTw&u5rC)4 zA=QGLaOAdTW4zwLcZ!Hgpal!H-pbzECMO&f(|I*_A4o-Sy~?JfLq3^<{>Fp>MH$!1 zA7^oj3LR(3fJX~3oG{-xqiGrpCi#~K8zXf-wHIf5#zs`lA#5@8eT8tdW{E{DdiDNy z1HjKEt_W7fL;#yCs-~GRE5xq+3ji!iwb&KsQ@4NDkWO;+*YvE*(AbTrX$0UAKv zWS`ogiUU|oWJHj~+l)E((R6-mz_sr>l?;zO_Q64Mudr`a#`D9&8aU;N}QI% zja1>vVV0Wat>_mHPSgyqmc+w$Efiht8265~>p1m}bl_Nv+Ee~9s8yj1ZcTA4f{7hF z<=v;~oENFgWJRrYPDvO7@{krEpa(3_fFv$G+wg1KA1&ZLqwe@wnGD(;RRMsyaTr*N zov4YD4(WucC=;9Hq7|2 zhE};+F)&ChPC06gb>^V6Wdu=?L{mW&K?&umx6TLTvjMbIs+|~hGI?b8q429yo7ZsU z*{Uu}#pHtC{{Hdj&z}hyk>N9fp-Zx~zo<2Sq;<-BfT&MQI!TP|#3*B+9yc!aBwd+Z zJ8Tgv>8m5<=j`P;X_KwZ&AcS3QE=l(bWFd|S@OZL)w= zvge5W@k16FX?E!z-9=7fpuUjC1VZj{~Rb;?rlDtyo`xn!}+*;?+# zkSKp?;&Q}oR@t9b?5~QM`f_99e%@X-4h_gfNx?wFh>t$-G$m2%+4?|Ww&(zGibfx@ z^c5MFG*h`mOts~#QC6KJOdXq?gdofk`pEDA@=w2XmGY+|2#w2xJm^Bn(;EQg1={<+ zzO^|va<^ud1GQ#=wof=dbPCS`@ix;0wcmtEj$z;}e7AFRa{JoK;_B)sa#ENmijH`g zpYOXEqt(qe=%m)lLE`$FxT<6awa52F>IIV&4Br5X z7Fwg)sAR$ErMn|UuDpDo_^XC{b2>%&uDy~k3p3sWU1Be7<>BcTQyRUUo8T9@ z;$f+sK03A3M9E;vc(^Gox;PCI>y^|wDM@kW#5c(PRXHOmGVA!zRHvO)-lAWqBW^kK zM)_N?O7U$0NM%(j1rN_yPzpzfoX-$c7(2+3lLUpR$dkv7?8Jx7PHrs9eF+G5+b{H$ zLstClyIUqgD#Ln7OMGZMstoaTc*+Ny_&y)c4Z44=h|j%BEKid7C5Dt#9TaZ*UF>4+ zO`==qz)FK8)+TA*@(pOYBv3TEi}{?h`ojW|Jcv+Nic$fM^vJ*sbTV-~0kjT^sF_?u zGgO?x=uXv8LS{iTfiznJ-WOO9Nr_68BM6&((0cW(5VX&wi9f=|L1|*Nbog$SLrX7i zD>=GK)28FF>-IabQL;$bPp^IWgi$BpxM0X#DLPb$ei;qv9PaODP!jX;G4f?1;BDVC z@SRlVl_Cj#-Ji#}5a((hPp&6TJ&DkrYB=O#sb={auVRCZjI+-KmRBb9J zW*-%SakjEEQxjE}v3hVRc64u6o_WCb{2=^E3N}5_+(pXI1N%^|cQ%G6aa%qUMz!`? z5Cd){DyH^y)?6=3N_yV7#f}>sayVIwYL2A=%P^bFrUi#faS^tS#ti2{pYhOZmp0!kQuPpqHZi)~hGT+W- zWv45JewdX*%smJsAv z3r?k_FROu>r&czyn@NcRF-&y!v@Sl8J2e@v+uw+aHexYNOf+ibBNI9%Fx6=B7)_95 z&W=fho?Xf&Y2<-&oXL-H}jGSCu83^v5SpVpJ^azm^&U2lGLIn+AWy3zocR_)Q5LidQ6 z>{ef1GCz&b(dk3$?XzHhhJo?eM-!7mMir7fSZlX#_aqhV60A#+o(M^}!g+VSldhVZ zvgf(`)6-Dq#+te4A@ur^`Z+*}kypXF!`C0jPMK3=xuj(?A6D_Exv{2Xx{7HD5~l7= zP>u#4$uGX3wwAnhJRG8GHvXHm>i{(dH{OtkOHNBMsW>N6Mzvi&XHC*nMe)<)C72BN zhn63Q0i{)*&bFOTCeb+S#AjI}d`8D$V;&R{BN|2YBd@V4-vw}Zjzd5C2>F94tfnNw zUmg?=e<53P4-?qQ28jVKf8uk;g=RolObYC;n@{}cfPG*ZqdGK}_coju0k7Ttel$r9 zawj@57q_&Ll)FB`kcnhaq-=(6mUViY$J3-fL~yiC#Rsh9dag*Cfvopf(g(Py{Tge( z)T6p`jdCv-16qbk$oyUTc&UtCeo}x*h-wWPR7qB+4JpRPwAMh~L(axVPTY{(DLLl$ZTr>IV(oo^JkV8c+QKF5c^EF9`07x}z5N*=EQ9V}! zO#>9(W&HMzbY8m~kB!`gki$|I(EUq~u|a%YPDQ28bSe*^LsNI!y}jK1F2S@(hlhum znFAk{Ze}%-v9XcMT5qvE?fqO%67t?G#lynG-JS-KYS8tVk{8vN_#U>WGCzHAUSXZe zuN#LR$1`oymZLhYhnGgtnm*Jg@+i@mggb+jid3D7)57ZF{^^8dZ&Dm+@nfPjzN&F1 z6AyuinXl$oCT|H$Tp~MAc?8r33$l*x=_s3;|L)ta-v8aVJ;*!!uMl*D^L~7E#YPCl zVCYj9wmx8*KS=9voFnV+XZLu0z;F;#Rkv?A+~gw*eJb-bAe5LYUybe-qx2&LK|aFr zIqu_VFCA^7DM@2L@aqcquMYXdZTQ|!)ub1vJ#UiNr>WwBbU?+ixapk0NZaPxY^%98 zdE&2*q#p)QVr|S2RP^b98mD{A($#+^VEc7{kZ)e+aff%3mG{KLn!?u#wDrf@@3UH- zzpDEKhrCj?x7mKc+48$lEbCqq(&3HP)+DxK!8k=i^(V_o#XQXK^`E|{#C>n`mqA%m z=)0_-Q{r$ZA<^%|;6o}+2YG{FkF~GoF9B~YFX;c2B1Qc|K~atGd;co|$E$&QGt2nl z?s3-5T}QZ_0vhV?vQbC?kdJH;_|V%1{Ztl==s>P?`_UWFd6b~5I13d(o#@7!T1pl} zomg^1y!{Qj3kU8?Pu(L0)gcl; zyS_sgfdDBH5f)(&9331l6@g}(deQ!5%)|0GfGQsL<@tC$O+Hzlz?6bSBr<-WJJgh1*~Lj)3BK|j)oU_*8oe}z;IqOD+tQKq`= zR%D?utkREBz!R|7@=N&N$(dzDT|MC&t2)-M6-hrfRmG&->MDg!G}HqsFiFj(@dV|3 zyWE|UthSaosoC#Vy5Mo($U(%QUqjXZ_eN$C3+RCpeAstZ&2Q=hbqFgSnmd<5!XmSP zf-n@gV1)YZ-P{|3Dr{h=k0J6MPZ%U=EGdZCo!AFZ-ONCfn2SkB(8!5jt|T&Wg0bXY z!Ryk{u=IoZ9BUk_tY5j*hvQU&60B2l^)LIcmsZ*Ay zs+V$UiNLDHq-Rzd^9784zt*44O0V~}`C&GryltaQ_JHk`zX>!*W2hs(@`wHQ$eCXk zK#qb-adP3S9g~D9MRIGz40vE`7l-i?bTPOY^tekIUnQI%-UQ1nBW{( zE#Mh68kAKyp%vm>hZbcG>r`PRa{riRjw^!CuR_z$toR7IR+dGfC?@&6%siV3$76C- ze9ZDgpp<(i&EW9^tbr)hgYG_pBrY^+Ymkz@o|DmyB%F~-F-i{C8p28_gkQ(;Z5NE7 zZihT5#7G@SxCzXwU$Fbx&UTnJvnOMZ=*E8In_@047_e7~ZxcTkz3=zfjZ^fDF7+80 z+|4sL4iOZdJDjjlyT6~CwZTFSbiA#;v zQI1#tl9`R0)iqs2J>+bcv{kL>;A7N7Mn)7*a|-Qp#$)d>%8HLUh?lru+b$G?0R+3v_8r-z0Aqy=mvTbq19r_830fj74~5C zpxcuKT?(H;;k-l!ytdq|3Nrt*t1SPG*@5LGA|u-0o6aW7P(>ZM6dOtiKNmU>or=?G zrUGXVckjXlC)5*)xp}QBtx9(+D@@j}7wc?6%wY}IQ>MK|eAqPPL5f|WyJxp&p$+l=+6dHUt#ON>DWcAf2pl_J#i(>RoPxQ9}Fe=i62d)Hum0PpCghW*?my;n1h#@+s zU6RS}8mnB)%8Z4%6PZ6=8k$qDMP4oGr_T(?ziv^V&mjx0R8&zXvB8&;Mo&Y;>YHNL z4uE7p)g zg&!=)4tAm2Ezngxz)4bkq4~q_q`{E?-J@2d*HfKW1yLtf#wWCO!LKd67}}HB^L=Co zDo<+Yb=`_g)jCI1z#-^zX~zp@aH(`g^Ung?940In{i*nq*Ca-7O{+y<%DLP8EyvR8 zl&Ysz0Uv#bz%6 zDjS0P4af>35rM+h{&NR2QUoH!kcOoF4Xh~$0jtJkdxTq&>)SHFmw#{Z?|;Ti!TH{v z?SZzlByRZswqw2vSW{HkYzP5hb1RA-|DTojSEP4f2O|B7H15fNUjP!7FMEydH#4fD z*^I=k5$gGXo44g$x9vY&5MY;wX7Z*127MZcPljm9GvQU9hz3Oe zm6z7u2f)R#6-bo5UXFBhJRf%I*F2kRYisMjz;pi-y9r&PztE!BdxIlow66e&Dtqz> z4!f1oJK^6(-kPO**gm@IfPAw;FtqYjbA%V2us2Iq5as^%>M?OI!gaQywl<&HG-XqO z?M}RE1TJS)O-&p!0}eK}YqfF3ze>a5?|@JmGH9Uwbdr?rhMMnOh4k@tZOhG^6)_&2YC4*Fh!uE&Cz_HrD_fZ$qZ z6}4)!{LO59!Z`rrt@3cf6YMdS{gfx>Le}}w2e-_%zP~nL+92HPkr3~{W3PuYv^DH! zg(@g2Mmpe@VZY8qAgy6Fj>3O+D=mCHE#-Hy9S#8o^nN>N0#b5sItPzBU)lpHV;7-NjjS#W)@9wT%si00AIXTzFA-Ex#VVsTf z12z$7Fd5a(?xc(7Mwi6oh;g1Yh1n-7MZ%XZTOfj;ULBMr+U3LDqXqNEG6yzIBv)rRaT?u$3WIhMPqQ+Y$>m zwB0r1)mERVS`!Q`m9%{_EQ)0m96><)bv}%li!TKKR~Ad?4l}-H^;rG97T`tU(6blm z#$zeEsAl}(b6VVUvs4;xCU&LXK1EG!l0h72M;DmN5c)iFLQP}RBrW4eFb(A-s$v~V zKXSSSjI{F1U~%c}rb7s23h51y3VFgB@>L4uKPbfObVRcp6b$K{8t(ZsnP{fS^q31T@-;qe15^v=3Rm)z##n0D@~)HXu8a6b@%WveI!`2VCrI-bX9aI|ay5&# zrU0TLSumWoUq%mhOy!P?x}#Jq91DIIO4E6l=ZQtT1FZ5BgAsdxoh0+HFFI`_E4ZNl z+lw#uUpqlFG_*OACV%&SpFM+2oA^Ab;M;pFrs)=jSMlRclzbV=QIpL#;e+2}0XUR=q0MXW8MQYhlT#d4=bpAOnI)V2oA-yfD8s2JN8xRJFV~Q zTwf29;H@~C4w}F6Tk%&EKj^v*I+iDg?-r*w?}lxJAzL2i#1&22y(YDn1q`bv^)B!$ z@6d{??kV3+C(t^&t{w^{vyPUH|3Bj1GN_KWYZFZf5ZomMcZU$1U?I2$cXto&?(Q3R zcXtheV8MgCyGwAUi9C7UshO#7&iPKAs$KiXuHD^tuUnQ~>srH_Ken9wUkemmP-DUW zW|V~@eU3q>RO*A`4~H`rp&75Wk*?XES-ey`Rm9VBwC?%v0!;|HCDY_aR#|UM($o?ZYw?9!v1evMMJ&#zWM-zwcq_dp{aj(k(uhBv zwqAw8Wh?`1G?8n*d3_!=K{3p;o^bNt8LA1Bg z>#jK}Fm=+Zxim2`%pkR-Ru|~|-bz2Urf;j(!HA-0iB$3wlcEL)9GXp)rEu@eKWEg) zkTvSn$H)sfM?8#Ke_~Ky)Am!lJb7^h9sZ&ra4Iant?BjFFHPVa>v^2Nd@1IEqRF*w zsrLD>wV5)qL4P|{C?ak9je`Q>VstxM{07^#B2b8G?TQnnQIhS@X#suY@=`y#ZcEDO zR2H;aR`GE1gCdNANSGj#Y#N**n9XXns{*9`G8uvUc*SSjUxK=6Mc=0Q`lh~YOVHX7 ze(&+P<}NSKz&YHv9AtbdHh>6Fw^%~vix?>LHzgItlI#rT%2tDN&eC@{(aAI@aHPlO zmNo)kaR-V)KNSUccACHtD-EG72=eu|i4V|9sg$0zE%zsXj*CAPLoBI~4;-_0DI!lK znr^UFH+{3RH&7IkM|Hmjk-mAQUcz~$rD?rq&%M@SPH`(D>CGR3hZ5D4Cp!a#}e2;D8=`gVGt>vECPhh|hf&)5jAeT^L;7 z?(DF$uxW6%cEnS5RF3U2G(#K^o@76C{?yfaLCcM!1E4Sg!J@j}KhK7H%1omK2t zm0RS187FV3zgbBd4iuib8WHJf(n*w2ju^FYeHyQ`e{Uc>#<~+fwlg`UA?Z}fQ=vi! zlNwhrgTUnQP^GF(Lcf72YlPnYQm*?`(=2@IGQ4<47>MItrSGkg769@0Ycv3kCwrj;YYf!r;S`&Hhp%@4UGKf|GaxyhFgIwl` ztIe8;!RVP_;KKVE`aQT1RtjZqR>mi6c9BX;ff2OtH0a+WH(|oddBgPCCyuTAkp&wV zCt~>YJNP{|L^-cb8QW`S6BaDT%ZAKgYz+;hwDct>@e43 zXZ0}8*V(=e#4u;`exe}=9gVZqYz9AFL-6f_DVho_^z$a6n7;)yEs-_Pa-$^w z#9WW7{+jHo=l4IB9)T9&*Rk`BHd{jYZcLVoEti*RxyxK;Z7>O15z>_;x1JQ-AjC2=1F{ z-G~LC>3PkGim^oRUz`0Il&|NrO99_!CQOBJ7j1z?I?$Sb3}s$0E&y;nBTE2wjxga2 z>d1KSlLI;ZLjb_j&baSfloAJTU#S0yYC7|H;YAQR^YA%l!~!8oYEp<_;ibRTZkPbl z#*6Uze;|1Xmhk~M;^D-b>94W>Q>K>!T5z^Oyahi5lvGq^izn^eoBJvh%ikumhmacd zR&d9E+h%l;ylXg7e~TOUXTUO0=T~ikgQ|7zr#ptCpEO)9;uLdosiJ(v9Z@>k0+07G zl{WZ0GK$R|R}jN2(Nya^rs``eElp+9L3vkAt*MW0d*^HI>}L zOhE&<3xC?4(Dltotx`;zbTazKxD*L~L<}d@1|3o3Ttq zjVcuyLSsD9-|zGc{EqO`)%FSi9l+zU+F$QmgNG*vD4Zw0e;*lhZ7RJG7gCiq6gvA7 zGN#M!!$U=gJqc`RU%MatrB)z-UqGI8k`dlY!8CNj`sNPy@ODbI-Syz&rDB`)LVxt< zfd^N;6tW?mp!=n{=0y*B6UxtjoHZzXu&pqx()HYLS^$_aDYf2123t!&x=`d2)7R*ErO z2}hbA&B6Uu^J1l)4US={xyeE#)1dVsxQ*;uVthQStC|5TyH#)G!wh>~LIZ<@VbK5& zg05oI0Mo7O=u%MjJa0SG6)DcE&@!gcxF#>*{c$HlkE>1-(QB`NOR?8C^9tn} zRb;wQBD*?0@;d2hjJnst`N0En2#lsa{HDvvkg1|uQR%+0nZgN*oDC!*${{8mgoiyS zWKk82z+%%AUfpK+lCCz%pd*(xF?(Vn?L!+G$Zo1NKYdnWVEQGEt8Kw>D#s>dS_(0a zX>M3z(0V2C-g8lz-3U^^6(ZRW56cI(GV(t2&{n(e#G3WtYdy*D81T zC=bIBF1la#x;dRRdt0lqH*3ZwIIXR7I_@lXuarfbJQ?^?8mC&TxNLDX`*HA z*0K-isR?7kc;}Q*lI-5>--HRXQRU6H+(mnSc;QwbS2 z{#xEARj5TN6?-O^s*Q+MbPCHB9ZA9$rDu$hj-y|?4AX_r{T}gM?3a^5*_<(HJ^7je z^DuT;$W57??|f*;lw4TK?iE5G5@=7{ZlPQVZ$hzoR{Qi*4I?DqV9mm68aYNRtWC_0 zTCiL3>DSiP)l#0e6*U<=e~giilA*l|mXo)+LsnO?gM_7-PDxPhcQ-Z@ny0j%SSzS? zHV(Fd;E4MS&7&%)!9DH}{${eUDKT z%hT8faC@>5n|(KYJ&>MzkrjImV{4qn`FY0E+b~@72WpGT(eDWrsg0`XW)5b%qgBdY zOkjLyKu~nxuF~?+iT7Tgi0j@t7n(j$LJ4R!dq#bu^B(F+SE)gDS?a%Byj}jVGvFb5 zhvFsL?G4eR$*Rhkxuib0L4#!Q;5sA=e_vD`toppa%Vs&vpl9N}|(8!B12u93Za$cJQ^K>cY+HY~*ov0!THjMrF$u z`D><_1$OhpApLSAsl|1#m*dMlzx)w;Jm>cxH!RiCvT8MqsYJs3Chb;jOQMdBNrY zB3?Z%o0Ki3^A=HVN}|0K<6uM6EesKSN&@ooBWI98o#qdiB5NcT#K<&6ztzS{-Qb*= zBxRcuG_xP|<>?ihMM;dcy8P((U^14@Eu~l=TNqA3$&ZXYk&3(~zBDtXbPNB=n8B`u zsxpQB0E&dHV3<TO?S`h*>$?K-okGXT_LiCZIL?IW*Q&sPkCV6GX7>8V__Am6fD7Pz2aO zoo6q#GTcZ{(HaExg@%(`1^&Tl4 zeDy0p^)O@>GsDTJXtR5=WN%SYlVXtpKQ#%$kauzE46Gg`6DygRHLBQ8vmV_@WCh>- zU{`o7OZ@Oq(TAbf@ixFr=!rt39kz3PNvatUco1<@+P^85i+V%NDktew^b zqM?=bM5vbr5wKkJn|*;!s>4w`R^wu6U;SIEaXdh3JM7<`3kCRqHNQ_j^XXzgdxYHV zEOV}s1i$0_rR>USZ1i(DKvqC9_Tx>v6ld#QW=H<>W`hV0{B_Ll*Q+Fb_JfV9)?fvYc;z+{Mm*t0GsK-7_{|eVTLK;V!Q$3+IP~F~IW@;kLVIB6|qG zJV&7Sw_VShgK~VYD8G7LXFeBe^Ot4~8ymazuF>Nr5z{^Sk-BgeQT58OyQskwW%jjX zI)OJM+Po8L7h#UfC>wIL7T|NcMe?cXDW%MHVEWj8TvhnWh2Fme9 zFL2G6Ud!M9P-$1rpH;@4n%ApPDpq;7l8%ZU7W;LpZ|xjPRS$ZjyEZ{BN^<^g~7uV^Y>jW=;V?)UQ7?1^@U+p1hvm zk)vq;b+A3qYK`|(0U1(98&oLx?<4}yF%$4gI^FT7@r0hg@RrniN`jpdqi85?A7Ar>0cinz_u~~Y0eY^J zE7bEW*7GO?$V%vfzwP>ftqg!ao`47qs?bbKOs?lELZ*|hCQQls63NbU=JjJCiz7lD z!ui4(s_=Zezn=K(n-g$rUO{P#dJ_3c)uc1AFc;F}H|ws>wx?YrFDbpn#Aa0N+OT|e z_4!InaFh~-mjF5M{$=&=iFo3Tct*+$Sd;UI2ODYf?y|;}Dy5id%IJ^h`FZtwVJ;kD zxVZiZy3K`4GeN~ece!r!A}9ov8iy3$UjA~pyo3qf9DwLu+vqf|%t;zx@YyT?CJG=H zgVY)I%-m%fpn^e?Xh$sd;L+pI+L23~EzLt18XMx`xgN~zqo1(bezeJQ>}Z50*|dr9 z)ksdxTNP8Wh+2$qzsag$T9Rq2VM|B!lYFFsDzcqg*lF_5;8@S0*{*|7&m>>+^Y@-p z`&8>!HkAP&Xb9k-l>Ff^H4<%PEhN*eRX1Zx0QS|h%|eHzw-<|Zc?&jk=gpRhcwex- zbjTzi;XEZiz96f3i)Gj=9wb!i)_0Y&>t!HynjBUnQ3e~;rp?)|_+{spDg6+)u~A*v zx!=Q{ihKp_Vyd28+_wzcHB$d#qMoW&bb>_0ziZZas5pgtF6N`z=@pjtpVs^ic!^-~ zad61Sb{tFXqb?8jLvL254gC?1*{775Z+5TcsdR;MbOVVVf&C!RmCEDcwQ+^)0cc+u53cNKpOoj_x+w zxbZR@^}VLZ=w^{x*-c->^o1jPZVqiPP%$FS@45VuHU~T$_uXW>$0PAUfcU|@?=&zB7#mBKb9AVx#+R z78dsI^73uwnOO#nkuTyv)Q~tgL=2RoY^y5j!o+=c7&r!jslxCA3wyq{^|8*Q+M%ef@7c&JpCl%_mut)8ZIPVe5WZ^EDqD@M>^0&tD%< zraiIVecP5d64#;)FhitqGy12V>ZG;MuP=%`$OX+&})eg^BnC_tSkE4{^!Yv8^DHZP4w)aCv4G?D?)|eTy?lCqjB2v z8Ad2mZ_n3Ux=I+rpXK0?n;ZgCcxDbno)lm&h+Lr)fQAhUd+2UskM0*jjH_j>?&}A7 zd&S8bOjsobqBgrVNgT9orBV`;!hYXHC@pqL=#|wIl2i&%%O(}&ZD18-!D8u(IeaAQ zr+wvxgR5|@rp)B+;57$SqGZ&0&$xt2C&bieb7Zm9Fw*sNRr~ezswwyveT(@F5=w%` z^x7mqB?2Z&*)oF=^D;r2o&0kSA7(eMDbc;_!~L-B(in*h#n|Woi=NeYf{J1|7AB-- zowvpN;#45q=t;~1iJM#1dhv>P;G5rp))#X}nnGbZS8}g+YgH3w%nzcAo`eqXV5#U5~kY8PiZ?kGXW*askiRaL@mPM}8z$X7Xm7=V@fYh;8} zn<4hn(o*7Yy5hK?_9K2d&OJ+*rZxtDKC^Q^_q;&=p49K#h(>I#!1e`?L=r*o>^6S@sQ?V7LJDi#j+{Q zWNK*96)n(po}KjAMn<%`HEPu3`)GXZs`|>M@ z@ARS6%LCH$x#%3XXl%&@%1O0%`W^%$PxR8Xd}` zu-*(zz|7v2ZdAwuRLVZ(S*z`ghQTn`gCs7U8ZDXT5k=( z!?9|^r;U6*=YBsymswocue|JTFi*X+Q6cc6Qf{-c3+}lyzbb{1m9DY1gqNW1z|LuA z@MT3j8U04Q0H;PM;z*K~94yF5{rlRyayb9HBNKqT2~zdOJ7sr4Kz~9x(Mg2z+`^%j zc8(q`o8r|yB<|BL3wb7hcsBqn^H=OXBFv^H=~$R#uC*r}*pFq~??`4!b}@C$<@aL_ z`a?d&3&;xwDaG6yzzkeZ!i1OJzl)<%3EmusHj+*%9nJO)2SAl0m42HY(Be&6W0^NM z1Gk#29QK@k@RmncLLcS|-N?_=r`&Yjs_f{qsPv>VYY#P^iG=!c)#nVUCPhohYHRO3 zS5NOP$SW?v@lXa0+pe733QXosOF=hNQJ}3*R0oKJ+|sltV%9W%k7glEL2;j>piHMr z`BX&~+o8)KBa&DU&_0l_Rz1!a`i*Lfi@1&jB4+F?n36VV*h^YYh7CR$b8o#_YA&UiWn88PlV-*8FI$mn#b_r6K3)PwXA z+9x&n(t7yE!Or-6PZmK(cM*rLVt$k<>nB{nJ^Arlvl;i6?TIm8uiY*}*)W4@QGI#w z;L}jtsXhvwUSty)7BWNFH*ZDNP!Nom8$U6(w~2c^+USv^*TcUj1uQ&@Oz^}*vNy(K zIcGf)mPMBBHs4<8qLAZQa4}u`NynEa%+Jo4uqb^K9B8N}TjaS=EbVy*h_7`f9>`*u zqPxyUMTj`^JUP1fZ8)gn!*^U*X zLS+K0MB%UdFiKYD?S8y2L7`1I8lxW5?ar#7G@k2z!c$z<){Fhyd06RD3h&LukVnSt zr`wSIn&KFIq0bxpO4m}DY(EcLYNREBoOsimODL~L!sn;&upif20AB*i4>!0Lx%Bj2 z^MP^~o)*m3Me7SFbCarzj(YO2yo^XP-m*fMBfKztqZ$e++s<8d<70PnKfK3dZIJ)@ z`;0{>LplQF>pqyGfG$C- z3cF@*kJ=w=r!>xpW=2MigDz2>IW9b<-P$-?49-U3?ci^X<81epx71mv?1r4C>T!>9 z?p3GqHF<2eKa$e^Q$I@-=Lz6~WP0k&=kij%{F~=$`+oSo1p9#q>RZDNUI_D7GX~S4 zkatRFCz*MfRzCDBqnfsH*V~|Ww^H=(mRVj!I+*BgSP$=vd#KjT7O)+5hkTx*^dB;a;;bvpomt{9Jjh>n+R*3iq4TgD(?uE?d!i)4a<}4*Ax|BHptN!APr|xp#^wWg^Jl< z$x-xpUUEX!V?-U4Zvq6UzP4aZa|C>WTE~|qFQoa6uK8RPp*|8=tw}tU@X>R#Ts9xI zJuW>iW@ENyM%YG5YNKaSJ4$2z&S-cGceqE81>=X3#q}9IY?yyJ6yC7KGVSQukELXG+<$;P+St0ycBw^twnLd!vd%DqDUbWsr01a8D^CKQOSk1vo zUb3Y#+tG?)nw!7Ixj&HVfJOE-$OQD*FSmvO2~4oMo7c-{^lo*o=i%Xqo~7imr278N zfl1C|H$@l`m@%eZQw;CVvd}~D@VbAja9)D9&`OO;D-*_VfSy$~rxk~Dn?I-;6W&v9 zCaf65%=Drpp>fi&yglJhQv5~qA-pGd^{-mx1u25hGVxlAAIgbUL8;T1=Y6HaOoxtj z=11*t7x?y*4>L8l^ceT)AI#!75vjW11?!#pkw+IEkAJ1RevaS!{W7)riDLTQmmaab zgUis*6<{1q5l@(O-7wJKp#uLU0D~$~tw)gN2R|oP160!AkJlmbry=&O_L);@RBsq!iGEYoep zj;`mfuOHt6_08e?U#}7f@dF9HXRnLS!JpgRM0d)WG~|3!e>IAV!Cs41;MDXwn6Tly zo=M8i(X>MWG5Hwd7A zd~|*=;5ktvA<`>8Z4~d))$4|pBM*-ig(;~(IMQ3RgWAaNjoD$5`o*rP@0AlxVBo75 zMT?5MNJ!KnXwBr}^z<-yCY<78X}Y^$>|#*`kUgKE!BPxWD%93W7;)b4m>Pq+=3CWu z)V2zf*7EZ1kYa;b{4_4(u@Q0WnZz%cD5?A*QvQ+oHWnarXa9F9@`9eAmu4;{%-8aT zh3x1Y#=Vi%-v=cF&mrpG@WBy*Q^H`7G$VZ9NmQocDJl}&G7GYAlr163k%ndnYN22n z&a*MrXiAdJ-zvSNXC9!BiM8@W`Ja1Cht+}F{B8bV zh$!|n8Xr}ni1S6*b_!$l0!Kp#$Y5D~o!t|sCR!2u#ZN{4gLvr)@!qH`dBtO=~2i0GU@&fn2AAn~Gk5h8nm zlW6;nv%pw0>w5`GB$J%aZrp*Om62r=0KU2VVKdp93Xf*$STl!sDlHC?++=vX#qR-~ zIb{t#O}|1AKg|xp;0}U7ez4UR^`xPkyaOoqLNyV{IpfUH5lPd4H8i`51;iR?;?lr@ z;_p!ebC2TIHIy98`6I@Rg3nqC%x7h3x7X#X+$P6>yW5R{!ZVW5JTVKv{_bIWu%eut zoaQ5!?LMKiXAl6FQN{jsRsg;liQL~-331zv0Ev{Q%K`Jhn|~imc9gdlJtfSCY=DIM z;NYNcPq?|68Qk)4>#0A%jOxF&8-RuVEcqWN4HPWcQOg-ZR$#?8^sE2OD!2M|{KPJu zgND3Q{|W;z!;t8nvZG>B9SHw%uWef3=W|fn|Cj#`HhCwN$^k%AE$=VNJ>0H0;+NcS z4<;uk3%)-8jYxXh?iu+2o5c1G9`CIN^vAmj_xqdE(^KheL7)>Ex}t{DMsF0cn3&j9 zsp{0o$TP=(zZ@4I5D|#b63T9a2535TFLo!+^}4RE9K!_1Q%24m#;GGx?*@}4is@U9 zJD(U8V>9@4+U%bEy`Lxa(>Fl@AO~=C@>qz74opo~t5E^W+`K%z9X2)QyJB48Hb(1I z+^?4^vKI@g9;d4ybYo*zMx{s{4Dd4noD;TWrNZSM zj753kBlUEPV5%Ym6V7HD$phdApxa3r;j1UKCX6x#BmbK(^t!Q>{{L)g-UMI|A(P=g zXPigMfck7Ahs!DZhP*@4$(r9PXeH|X;n=q*&7gR zl<`v{71y!((H@`j+8h1XbB`J86hWXhT`hupW%gA-5mCN4qnm{*&vVZ*g{_B^# ztZ(RR{^>tflQ2z_?BQN>M1GSJ7e8O&2fV(b*SOG?d$%IM0gCe|l2Y)_+R{1%=o}aq zj1uM;=X}EZl=mI+KM17geCrLa>@pjB^%X=N3)t_>?k=#=}2G#Nx;*b=-^dH3GE?iPrF=Msw9YwGdkgZBO z4ap1wijxL}s-o2%tmpFJ>J5Hk5Bpr#CMWuGXPV=;VPuudkV%;uQ&xRY1oA}DgKMJ` zeTGD2XcUlxNtz0ZHc8|6?W>A}k481a#puh>#%rn^oi&2V*$|eAG+5Jac1==##b-bA zYGv^VcyR~vQ$D@(?8(XzivTjYWXh|_xBFV-pI>sjewwW?7GP~LvtZVIoV=J9J}l9` z$4>(-eg7^#9Cf?_E8%W@?d1pW8XZZNsE@p3QX~_dlPF%OEH-vMY?}syN{<#^U|e+c zyX)IO!3!G0U_R8MkJ0Zj9|vL-_F62>mj{;tb)NfDVVa8Hm|Zmui3rmnKQ@6%F##Yg zWuu@CcSA;b2O;7#?)LQ8o`}M-*7SfMH5Vew*_jL?v*9G(D+Oiw|M`cf@a; zPS?K#AU^7yN&$hn)r0ayb?5rVnY*joh`rmrujw|Iy_wm0sf_mkG|-k+DcyPI^uvs` zwzt&#=de_u_!C%EfMtMIzO}iagoBzfg4PP{pltI4>g@9l(3@ye7^c_d^~%=!9=+P8 zm^y{uY-UkbHexYvfjCCih;mR8(6KC6D-MWv{4WrHPl|vKP}6)+m_^NeTGJKUWHCWy z7E8u=JL}R(r`h;JF1m*=X&)y-aoB+-$D~0KVOVcC$OM@kkF}OcbLfRBDKjOIJ98aj zsJ3G&-mFwsDEU-HDOn&iQ_u_IM?ZD)N&!Lv;K^F~v77OE$C=O`h{|+a<&Jil_n?ob zpmP<`BvIw0e1j)AA0J-iKv-x?N)@&3QwOLv?HQ7JmV-sjqUcWJSBP#-Vdb?@h@aG2 zK50!o^0o`+<{qjqd~q-Em2rmZg_aN224Q@#m8ezWb6 z?tH@T(*~+mYO^$Y=n1-Hy$N&NOM#AiG0biDraOgu=6Y8wK*Ooeq|y`f?>#(uSphXS zI@mFqLIn1I4RMo-5`_9U`VsuelU}a$&09t`dfcQQPg_WtnV&YUQ291hlNz{mqO0c0 zSsOWBzT^}?B~vO5HJQRm>Yfb*VIpl&^VfPq%imF7gEbi zx3ge1ie4_%Wl*Dq#uv*kMp}zVnfrzF{I0@2w|;VLoL&kRT;r;;_E=5M=1szjjMHpM zzF}ofb8>R}(xY$hfEoa|lb)&@9E3e?o7Z%=2GzYBp?Z0p)sEUj_f=8dawtDu-8hTd z&h7OdvaqKxG*AlGaQ0=|ZjD==$Z$qqqG6@J9k)%d(CVtdF{Ti(J=rh3h&?DR#vqDp z1j(!?>jslMr{gSGC4O2PhnEJU1b?IrbZ7u93i*Wvmz3I(G?Qxm^8~LC{v_dejCXzd zxWs~_Dy6vP7|hdPK?&86U&FYDP3l?JtrDOe@CMODfa3Z$#m*mQU@95A9Z z`Y;xoCv=PBK8#$b$zqTXGQZ&D`p8(WWr$yX&X7ps(%hZdosPL{0=UbWCl+0%^@kXcRhrW!TSkEm35;71~SIp*2A8{vVD2|^@`EQrw#vXETcL%j z0MJrdcctnma)qlD$LFyrW;`W`WQ`_hH{Mn$qY+vD27Qg`E!ywxuFJ@L5sx#WTLxj| zX_fx zlk*jbGRHjEAjr~8*7V0_->r9GU*Fu^=_*+*1ssXgVY4mh`}0PX_sK0GxwUGLMcaiX zAqzK3@=2+w($Q6N->lD=K)%{XZ#~i7$_ajP_afy2ha$gmPe9|GTb`!Dn?&*y4r|9- z`{qKoq4YPdGiSKjU%z6*nGe&yyAL3j9~?9%s}_kt+dKsS(t=ZGL;&jNj87o!fHZ=I zptYd+S&rY|rQAjE>cbADw8h?9K(r3A2&reEFyVy)kM7WKj}^6a+>4`MK^c;TjG4hoe|& zFS;c@c#G^fb;p9%caqv$RDgnnGabN$xvhm_M`Bl^*SIC!7mRp$=89q?zcDU>sQY12 zSu%+$d28$!K#pz0prQXOc33b_iI}8c7-Z#}U#W*rB??KR_uEPJTtgDjLh~i|YOvb+ z(a1Qb#}Y9zk>Y$;pNdUQn~!burM5O#U}7=t&8k^-ABt%$%WInEd^KCAO?a=HkLpQ- zTbr>4Cs>@s((hYKDTVbWN%Mbo3YJNoQS zW3F25MU|BPd{7}9=`RBAbtZPDw;~kBi2g{IKnD8ip_uBVrLuCA9^qF+rgrLdZ@5(x z{(XZYQbBon{z--7iB5^YdGJH9D6y`NAlKC%NRumT@7=T!Q_vh)c!wDo`U;z%!r`LbXsf>W9D8~u{@7W@>kwvS-egBf3!+nb=<3@Iad+yhS zA1~ooal>>^EB;o0@HWFGAfOjf-WUM9Y#U!+Tct zC5zUh5PCevjX2Zl!$2|NV=3gEe@tdz4SDkeL6S&bKKMT>4%jYFO)Z|hu;tW21`8czz-*^@@WeBi7LWGTi9k1;oQYW;qav z=11mwk84gv@bOwAx7(yv!_h$gZah6{v5fU_hsoad6-Venp1UD=8OK@tr4_k|XBQfU z57fVe2++9z1~Qq%HVg*9=2&6*_&}KCj<53Q-fP=2R`|A7RRT99H`T@cG+8W0vuJPR zaf|=N(*{-e+ZG;lD+^#M#MjIdwbElhSyXMguEti}_%Nvt%1ClMWzFMu@bB$Km6$VAadtGyWU_Z~c=+c+fkV0R~pvY|;~o+f3>{NC-53QLqV^5SQjJ zzL?L0rN`m2>uxekN}k)5Jknfh@PEP~h?Sj^`P3@BKa`5t#b+poE&%oZ-cs;Job#?vcmsP-Pvl zKTAmEgzK^#ZctQ(5b+b+GNs5^V>Q58nIlf!iZ-~owP~=WD8Dg>L1hAhW&dd0sMC>2 zfAe^G2tiYJDtUKB=mj21hGI#W`5M)qLi?7ru8wZn#MBhrBxymVX~Cnez??5zL0Gk^ zE~J&h+0?H zF!7alTD_EcET-3?W~Qg>8+Ov2ks%)IS*6-96KqTpShbe+rXIRK4?p`;?uzFwV zA4tQ*mq<8X(B>D zV%%cg|86ukMvR*m|Hxp#X2e*tHluLxBg`roDZqm7p_`Ec42r;$cNhAjK+a-PBKc|% zDwghtvVp1ryr$Jcv9~-<7ty8yhlut-qopxs!aDY_rmsTeUrb}slv}XT(J)?a%gRm7 zD#?s(k1UoRRZ;J$c0*DK<+iG&IrO0_n9IiACi0Hk&$xWoC=1td@nKs^-knf6V$F9f zR4bHoP-fqaJEc67foHL-QgC5~`{mIm8{$b;o+97{MB-H=l%P%atrSKkCfmubs*|X` z0F73cPkP6fwPBjgtC|P5j}Awb?UJG5;pr)8q+M0lTfqidRt4ux&RxctQ+@K~Tr`3r z`l(G2qC7_^m`t&P>4sq8%ZIs2!QaR2$~9KO0;S+~#bz(FysHcp4Z~23VA`Jx=&qri zf(1LzbP$#0D$SYuN4beoEEUWf#yxxq1{YQ7?{2<1@GI3}R3hms+7PiTbcXoAk5UnW zOu}RaB_*}~HAs|-x<*VY&9a8&bLY6uu?8%mLF^B4G$ILx>^2*^j}NC+2}e3kOWT$> z3fQ!>8nRZeBPgVK2Rz{FSX^{@fYn3RRSR{(oacJA-;O!R zzn0PGwCHhB^Xc5yTm}E?8(VJR{AY`3O!#vl!!XUkH-n*Fv}miVf^O1MKHaN}nmUmpMiq8ur(Jz4bV}8gg+EMQf z7bm^3gM6S2Kk_>lJ=1&ckdcMj(K}}+sm#_K^8n=J({66(?l%G?#q_2*AQm^A3t8?k z;#;*q2L26~;XoHj+MKE+gGySFg%_x!*-DkYXF7&1Qp={uf=I+>fk9a&I9e$LD}Lx_ z_*7;|?-6L%bgn~jI62!%!*k+Kj>j>Y%-pQZODTw8)*U8QOe;(BeQ*WRUT|kk6>bOY0cu2GD&T;7&Gv3W^<_`U30D{_8OiRSP+serHNEguTt+Eez@y3&^ zNE}ph>*^JX z-Z`(+KA%N8G=y7t!B5~aGoW8ygxBp*-r`vJp>mgj61S8Y;wvSQGDW#nkuz2Io40aH zQ3EY!(N3?e86-)ns1>qNclzI71RzFf(vJ#A74#QbV8M<|L!pSgNehAt`_PT*4p&mQ5p4|YEB!nN^AYQDYEFj}Ct4!X$$`-K z!Lz(_P$3v}^X)&DdoW|~&$EB<*d5@{wpZMi4dCCcuLid%A_m1%5Poyii)4J7SKysU zyq?MPqtJj6f+HjObusUiDK}phl{DIDx}M}N-EG#din$WIqe%tFH^6+Z^Z_pTdDXYz zXYySo6^zDcV5@ZjcIoO4VuQ3iccX~i@mGR(uQoLTDg5&(fBzX!72m<+kfmcrpFaox zx$mF8VqiZCB-}kCaQpiccos%Ra9~m>!mo$?d{Tm%CspVA%V#^pPow?$69G~!Fy`-i zwogaM@B4MEgWXNA$KXG!%)^gw=fFHjZx3QNy7_exQgTO@K!^@D!BFdUv5gg^e#0_Y zT04gj`e$vF7+$razyzX<-}1=A%m{vSPx!{>+1*D~eJJYk!=<896E!`8lwfF+m!6 zq2mW`@8dj7@eVKZ2@_wUNSTXd<8Giq;#&xZH%%XrvLi9ZQy9QBlYYt6lehm#ozF)n zQY}Xd28emEaj;OT)7FAK(fMj9^ariK4<&gUaeO6wWhnbWEI!L@7b(WUUXs|q&@n&G zTW3y%dNV!(qt4=md+AJFwqf5@qY;l2{hD)LDkxxRom9x#?ViI!q-!jB zAnRd^f{x@2SJo{yuDQ^4jOYT!zb8Q04wzs$&G+M7M`lGbtZQZ}ni$+$(Gs{i)N*>s8C@M4 zI>}MfG06G zGUs3oruDX0Cg2Jdsv- zUdOak&oAz_88=TuIsjFkOq><0Oig?qV2O;Ze>}dDi}>f%s{&3v8v1ABJw#eZwd|>~ z_!_$ay?x%I2F_?H+F^t{ii=B^(rnmg2DhaB@18_ZR_S(V^)|iW=d|Lr^1HM%r`!h> z$j0?tFPn2!v1{(`x_S@WyCB@Q(X9x0vM(L^4mQ7Ip z1fmd5s{S{bGOg~Ed$|F__IcYr5i1lK)PH1<_HP|H6XKO9tF#>cF4*6_-;%fEz#%sR!v!TB~k{Np@$cgjr;b(D=1{O0DS z>!d<|0HaJGr^^|cBPW--^jg89gI7 zLEfDVk(^*Rfal>P;^5!_NMppS+t2iHUsjTefs{%o7n&XLxty8QEH#AwIrW7Df!E_x z!eX-bYIXSmG!%H)Rc!C?@2^s#@i_zXB@Z3-OSd=e_?GIe&KE6CXI%o&CrE=j=^@B} zbx9TqpiF~9zA};@e`6eWJ@&z;p`>JIvaZ%)&8=PIWn;4a$P zkH5wTKWyNOPI*+XB?D|Ibn(=-V0F8pCdrFkGjd4`7cq{xHGNp`Z?aVN;J-xV3NE|H zD$IFHS{8%gxuOE_l}(Z53%Eb?8zCzbsJxPfK%MER;rk^HFA`)x|3&)|ggyhy;`D0XzeF+toa1Q~&g`ve)nIcp5;g2V7waOMXcFNqCW~RXr66?_lh>#%$n?$alGXikP3}$xa!K>7vMh6%! zL(wC!nM?wYHit?aH?Qp|02csua#at=PG#h*ihg+V8JutSwwYVnU1^mmLIt%;<5sn+ zblX3uZ!2D3fz*p+S{r!>Ry=z69?=99BgbH=7^D!j9Qlt zCbCAWmK5K~@uSmkwGEuEU!W=6yliZaz*eDwJu;ACs_wfEThB3Rw;hAxW@c5j=AAJ! zd*;d;)a*Fc>8iMcvF$BX)QXf@xXCKV@HaRE&IqnVgtQ2JRaNV=EHUrQii!{wA23I$ zZPACb7~M?0E%hUL0;HA^V{9j_u#qmkBJr{OIX+2~kQo~)E{+p$HXb!*;JV<)xdJJg z)jDaJF@~v@g4)%x0;UZQ?@VjQyL}o;-6{MBw%Q-^^@Al@)97EPbBpB8C!~zu-1COH zK&50Zlj5Fm9}F33Pesr9TrmD?6gl zLmMeE?F=2@Pnm@~%bw3tnbODB1rrPEwFS=cC(AHwbdP}AHlR;Zxvd9qf>pd5E%xEh z8{-Xa%DK6?ro;)J9La?YiM_F;$G5-uhF`@e3Yq%&{!@j{s4P1CNr|ZD^wQG3BFB6C z%2b~SQ5nA!{=nMzk(WTt`6SF|<7F3uwyPX`oHyQMF9LafKc4&~lu2_e)8oK6v^o^)E~jyt zCVtSx4LC%L0Fa3SWqZSjY?0>BetcZ*=6V)pa(VP!K=y2&L<0dGR&2NoFzbqKK;+RhqzlIf6ju}^SC<(t%r!TOwv)%Wiig%#NlYf=MP+USE%^#>eRpBk-LuQHt zr5^A@dhw9U(2dbG%ufZiU*iqEI^$5wX&L`nRXLG;ZYLRz)-w4@$BqN1qhJgU~x(qe1UxS76iJ~jheSzHtV-YGS%>l86@fa8Kf zcwMJNA0lI3sE-og1!x2^!T&%blDVanXoIcij~Xu#tE;Q{_;%-WUxYE20*+&_zSno4 zB;OR3B3M_Pv6%uxR0>H+O4oJP8Q5$b0&K0_XO8_%7xKF0p>E*M&wt7}b0t3pW4zsD zK4qj`$tMl_IV`gt8%2vuXF(_Nf9%tf2zSDZJ@v^O5{F> zOZB=$e9D`Sx>&6XYJ?Bi8(ao{D-gQ0+tNV2T$nHAhDae6JO7-Blp65;s(QTat=>bs zQ-dHc-=Fw>aV(8V>>SbTZv@T|3tDFeWZuxy3z!#T0_J0T7sc^U7_l#bAH9bk7@gfD zZ2^m^^YI!wNnztX85(SsoFlntqqh)r=@0D>v>+4U70SB=52C_&cbWu?yQJ&?PL8=I zFqQ9{lbI>}yN*y%No^fS_*2##`yAvCLB7ogjb59%Tj=(4hfR4^m1#a51CP=zy3*3p z&Qd!J5VQ7_gh1oUP5pWcc^9aYgF)1kZHk7+lfvP!4K*5?yAq1EG_*nv(Ah$;Z(naW z7JIMoQoNI}m-Kv;4_Dr6wW=P@^Uim$EeM&lxrK_ARow6d#l&8zX-x1llMveWhSEIj zGqh*97@3|kCShlO+B@w=lps1duvM~5nlRwm*+W?jQ{D^1zdI#|Zd5M3@MX|t zKk>)K?m&&4tvgutt#Thq2c_11v>rZA>ox0$nw-95mnX=S?r~~(ycJ>+exSBF9N5Q} zKySQ8#Kn4(>xRZi`DoZIK3I7|huj@rW^lFf`T?&6B8#!nsPyDSP9dQ;kbx)x-b!D3 zr_nnED~!n{)d~XR>8)RS-7N2Lrl)h>VHaY;zM;r|Uw}15u5#u}+-7!lo`;?0PjR4=csk@-bU@xAdu@3Zf;G?2JrJ7B|;=%^v<)Uhm! zg2V8YdwKTQFxRq5*zL%LZ8dGPE%<{rtKpS+r_X2kfKNfB*-78ZdV0tRim{bftJKr0 z#1j;)l%5C~>0{&T9LZo=8F|T|R7aLV`-GDc(!RYILGIJ+7XO{v2K$+Z^4^wO(Oq?* z#vJeMBcc#k(0*LLCpXU?Ii8u1WOHRzq&wbN6|%pr3fl>P3!ayi!QuHxjw30dA-9SB zw@su$d`(Ei7a+XrT38MsvPMIJitq|{8k+c!uEMleTl&G9dkG-tX_71pmUM0($Ld{L zN#Cc!3!|KD0w>#b1kB?4eY)(I~S1nfUM$(J)$f=i6f6`8md}o;`f7Ogh*~GOHPwPsugvAiWpSH)w zN_32<1xwM~SQSOH`S|KG&*cloU$##GG-Fi6wB-HaeOS8(Tp~L9YqQ{}v%_)g!tPcX z{-|>;afFQRJBr4b=1$Isgc(Lm#PC}?!c+nazwL^kh%39o$U>K~#HHP+a!}V9d?C9z z+H)!5JdSbEq5P59tn`UY@cYcM{$)0Y2!@}f*<^?BZ}VjOYI6Ky-mH1I)BY8Uc8RnKrfO9y5wRd|iC=BU_&pT8aA;|aI-RiV+-dY~9Z2a4_H zbH~e}OP~OQ&ywGUc4K*#3{Tpr5ms`YvLkgI5Ovfg=5(&~Dtk&#>#M#T+gvYHLYBuA zU=>t-7Fqw}qdwQyV4Fu{E~!SQVFn1SE-{Lk1jk)GXHTPotQy8x(V?|M@dyH^f2KC^io}YKN;U?Cxn+d3%X@ z(lQDZ@4kZrP#=jRn>fp|V&UcP@fzT(lH;v=L>i^tD!|#CU}a9oa|$+k zv5z&2c%%vrXC;Tnt4^$i10#mvrv0s17BJ6r9r0PM2r-p zz)Qa2Xs$KY-t<3W5Ty*z#&xOb)~-Qn+sE(gPQ^ZS_qwEggNt^lGx~JT-{1c;@m*BZ zy}dm_aOSBq*{B$Y!ae_n1|bK5SCeIdHkkCK`nmr(_NM{eb)J{Y_PmY?WJE+gZVS%i z<#p`(r52A!g?ZQ32?-Hffn@a;F$OP1li)wet$s^bWEFslXEHqL7{C?SiCzFT z&X}Fl<*_N2M)sY|ez6cZ85~NRCbDziA3Xo?^wuASfsy169GuK;(Y}h}xVOgwsjq?J zM_u%gfoAtt@QZzylS_nlnrNR2gLv)r-`pM~ysn#pUnW-oNRq=_)5rgiq#Lu5M(Lk1 zC?G9i(n`JmL+vm`nmDdXRxN8R@jo=_|MhhWlVZRlT$Ln>+tqn%89?VjV+hM`#Ice< za@jphp5G!$G#vO+`o;jOw5Guv z1_UIjshnq?hMA%hR@1z%&)u4HPCPX(E*gd#E)KdvnM`n9Eygaa=Hq&V<7xG=9@0_u z`h1KQzWL$a_kd#g>NC3q3Uc~@i$bk#@n{EWUoB#7x8tn+Fd{M{JdK!uh*WrK^CXJ& z>}1Cs7IHUJ3+3G)%HOHX08V{(#I(@uUhp*O#bG;9O@fL`H7OtK#qy$M`|(#BFR^4| z_3io{$VS-qq%ic{7sdrT^>@$In((Abt6CrW??6d=cJV*_tnx1v99{*lvyK}wf}drD zkrx-4DAFEcLQ|p#3>~7Fwr}6<(MzRk7;bZ|Xe}bVCRe=xxoQoMV>d!UE&-oTm7Slj zl)I4d(958Ww+7pYs$#wTsAf|7>{nIpt3RP$7UMcd=odQTp$4}`l`nXwkz2fWVK z;V{`^lLWE1_|?Xk?!^fD!i(TgZx==L8UBF5>?Eu-p6e`8KwU z^j2>yVPme79}bF)Z^vg1=`#=1E#51rqVGn?eYC3E6trg1kSqm1PlL%HSQj0os$B83 z{JKKo0~z-Zg`(jq$LMso+2xFwlvm+)12$kVn-+PY_!1V`DLYoD?rByG&sgIS1q#@_uM9EAl?%7HS~`WO z)1OQ7Lg=g2Qg5N%&xHr*;hDFE~kVosdAV&QGcPfW= zfLlA&aNg>fTS*`Wd$%Xe{g~V&B?vD*ov*uAuWM<&{XX}jf(Sg@k}o_FlJRsOmxS-? zq=JDCOy+JtQ>CZ~SFx0gIaF+d{djn0A9VLu6_^VM#jJhGd8(N`i7dV=V9K`S#9#&} zV(?SKtb7li@6Y`^HNw89k_%bb*ih|&V?q@nuR}-}(4O&QQ2^HHq0Qq_%TsrflaR*2*`w?O;_o`x{a%0cG+ufrR-enqbk zG@kY+^p6qImKrHxzF)kyBYV zRVeb59@HM=&D{Dp6Ard$70km^){-xuNXXvy4_Q?z)Le8gEeF%?RH9J^V{)~MDRDkx zRfyjC9(sa~%hg97l;BY6CGm(f1A-+v)Z=z+^+2zxp}I;P2lEb`-=?Tib8NUdl41af zY;b)T?N|D~0n#^D2OclwHkz-t!eZc4Z+{%t(@^{BBJ|x0ROWN(ImzvY*OqTAp^J;H z6N^CLGj4-@FJR%n+M%+$Q%Fc;-qmh(4E<2~0y%xDK5nUTg#5wIc39!`L0d9dym4d1 zu1I-W=jkYkAUxrgE!q+L`)wqOXz=DznTA>vv`$06e&mzpK~j9=SPJq2P7GuGIFFj( z2jj;C`LIs2IrlDshc%CB|B}9zpw5!S)l6DdGqrEwcPw9_git*m5PRSL2^u0G@J{pd z2Jd^0+l9(sO>wf>fI1|Oli|^jOawOvIFUFk|U8p2!ZrGl| zzijVxMdtlIjNfeU;mlvQw>){n_9_HC_E#0A6?VtJDE9SSfZo+*@So=)Bq2#@ua`hB z+mdjZVu7P|Y*=`IS7&wY<~s0NbxAhL8(uA?;s3Q!4UA3p_;GNz(d*Z&!orZ@r}+j) zO7db0@ffQc8`vE!2~0ZGcrjQTX6@wSw&V-};t%k*A)Y%654wF$2hTvYhv-`d6W-%X z=su1P;*f%%R@rzAa{;zaf*ZaND{>_Y;rU~{MGF>%rZ|rm>UpY-&D5|o91q$1?CI=M zH(&~f(zeM0g4)C%)@3dZs6gry$sG5Q9Hv`p2a4-*mJ`S>R)c==qW_#&#Bf@Mf1$*+ z1ZEA;!p~i+R|VRQ`s3FHC~9&(x1xpq4BbLj0t^%}c?r~i2%j9#H(><7?YIAr$`*X3 zo>{Z;{SlJT$PFElF4oh!(ET)rqk0U|!wv@^t%Mwi>w|*j4F@yDOCMsa%$<+c@VsNw zeT_6=ke(I#lQl$|oLNmw4)e#&d<`y zNB_2e$)j_`;&1qnt=ruRXo1qGfdk0cF!k6*5B1*Ktf{09;HPYogZ{$f-G zF(mbsxk^&(v&vszu>Pg>146m%a?dF%qsQ-d6@}OR*M7$&O##GB_2BtqA!IG574yDy zcKhua_vGZg6?1d5Q2WKBy)w4)W%DlkMOm$6C$aLHPg{)cyoWEQPIjfv_GG%sV)Tm~ zc?66#%6^%In8ovDIg!igHLc_5@KBe{hmPBGkg@dH!ShecVHCt~YWoD5Ieb4m$@|WP z=3vYNZ=SY+VCGHr)_H~IN2V|nA#TXKAH!P{U^5WYNmg!les&ul^|AWG!V_q!oR)xq z`_eE-`0@d~qfljPnZ`yB7SjcRmX3UXrhGsOKLD%ewzfPb7xCXzI|d{l#I@4T?OyVfay%JU0Cdy zQw2iF*eQO1dwq=F`SXwI00E03eM)YU?UIYR=HlC^OjAihELNTgnGe*qr<6U_dQb$3 zYX5tsG95j0?IXIcIUgx7ebcX|96M2NER3(e%?=Mu8m0cx{LWHU7%uvrW*HpO&Ei%H z#blPL?sO-)S#p3*0FSM0QpIG8Q`3)X?OV`R3)^TUwppgK z?VP6KO>7CioHY+&)$Cb_C#Q{^Q9D0)Dfa2^su~qGj){k$X;J2E-n^O~@na<&=B7-MrPvu{t#A8@kU15EvC9U!*T59QM6KoJX%Xsso5sA1zMi8I zakp(3ivJd5V*&_2YXl~IJTh5tKr7)%Tt;Kt1(H0%5-CAGxO`)EY^*foX zkK~$085?^WZpc^qU>(X$UtT)9(3gtRqnVjm5N5kjv}tzTcV%HtTS1R150=#9y8!1g zNFsEvHQB?Z&$Uf0us-ue5F_M4!#gQ;nv63t$EC^#hyp2L@R$Yql>wQ1Wk6m&f4lg! z%J2ZcNTp;k*amt2hq0$1y#8EUqMoj_P161vYvd@JD$(K?--PDSTi-5Kqo=j;nVowG za)&|-$m%|CmU3zcH%Q1XSa{k^gCPm2jUpA8+_C`!TbVOZJ9m`;7yL>(2JPB2Tn81g z;GhX`7V%8J4_3jR_(20&qeaDFYo{&h7X0+Z_UZY>)Jpld0abL1{J^R18kX?8>ZK?(Htm71K?_fk9HGOr_l3@0~6(#n9 zNLZw&6OY=FO#9kDFth{A2&WR?GIN&h+q<8NfvKn0+UsY~tgcwyrxp)O(EqyHH$RuV z(r~${!#|)~WjF{Wc1LwNKBEweHRcYZfaQ#lLVawgJ63XoZ#|lX-j3fy-^8tZlmCc* z{cHnHU>4-n4)-cvc&}R-N2~?D_!zI3R$J4y2I-jGB0ayso z)|;K=SIsz_SZ}N`lrTW1z!4)U7`JXshEqR;ZFm#|d#ItZT${klH zb%yLPCE2;ZTRe|NNZbppaN>aKl1?)PvdA(>zmPXUqGSWrC?tO6^zeOv z%DAk>@$DuI2$Zj|3|x%wDTb6l3N8^PD=wCh;LG)a&ye5*>GXTe*DDeL&})Fy5ffRE zg2yZP^3Wj0D@VK-XgI#PjkA-kAd2ZRFb}_n$XPdlRjj-L1?BIMpGfExW0`o1$@~x7 zDQ9kige4tNOKsgUKJmo-lFmDLZRSSHAwRjeA7_ws4h}Ze{x%ZUws%Bvr7Y~mGC-{~ zFr`1-X})GshNM77?-e>zuq~DJQ;U9h_75jy4ZL+Eo@AUXjdg=ER|OjnFa@ocai4z6 zbHGQy|EUGgCnQt-b8K)H5Et&4PjX>b$_r*)|iRYuCP>M9H-FM)`pT| z-M+b}Mg8Sdxg40j2W$vErFUYw;@~5aSarYp{C=f|v z5KWV`X6NAIYUjg6sK_^!uV%E6HxQs8Kn)8SQ5H31WQ`q|qb#VC+*3mO*b`iJv~#b* ztmo(m!+4E@SwllCL$A`t5YON0@-5dzsNxS6gq5UJM>Z~+n)pjms;#m7$MIT29(~ZW5#2w)%+Z^_)slM@qW$W8qRCR#c;lR}I63ow^F|oH~gFN;SD%$L|<*=YI z-cPjRd-%j`fIF;Jk=w(&ahTcwYn-liVx9YF?(@N5MlAXf&$^9@Vo&0j{@#)xq`rB0 z$O7+K*||Fd%H(qehlL1j-3&KV*#SoD3ZFf`MO1k5nk!MwugqwrAouAA*b>@`d$@2y znmUmeVO16R$%R8nDrw7-bvd;fi{kTE4!-qt%;Bu7c$Jr~1L%DEeVv^)qP5afa&bX= zspANDMi{=B_(9f}CZp!krvx^B`lxOtwWLs`E_nTCu^ycBSwFXiFg?gq(;aGbNj^3w zTy``?s~)ChA6wKGm7%rR3AJE)%OZSk!pX2ZQGWD2=z#XXO-#1YQhfNwp5w>sMFvAt zVg$rsqH3wVB7Z$L=l5qPMTt#(Qq~=3#L5o}RO*QDV10<#MXTvwVA4M|PyQgi!tp6ZH1(NKP56^H*ejYUg3O zk%JD4_KeA$;(>vo<)MV{yf<<(KIc}^oG4g?bG>zM(J#&YRr&c@p@f^gbEDBbECrdq z&c(0$G%0~*Af6;2;ANp^xRp>Oqqp04k%*+Ot^O1pvNk8qfk12H@m$|lmxQ=N(l7W^ zTxM4?j6hr5o~;pMLfE_pqo7!p_y09Nwq1441EC9IiadE2@a)#D+lA6%&s70D8B%ZB z8%sXown}9R$@vJZbN89GYXgXP9)7^(7Iez&s}z#-EQFj5Z*do4JS?d_S^|Z_MSV|m z^`OZ%b`zAKolAWsVRdPJ@z=f!2!z^E)$Gn!zEcg|OSg9r`F;&8{Xq-5;-}W05(=A~ zJ!+L6CpUbAs`>hPLN&a(BsB;V^@(QfUP>teK`|2a8G#Vns~_LeH}1~4;7h|BMC81JVVTu*VHP{lW&JD}*oNCHQ9yBNfQnS3diH*byM7djX_lS;vX(pD}VS zKw+6UUyb-fP5k^$farU_Et>+3$iGidyI_>&e_ L5GxineEYuuI>CA+ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-firewall/images/fw02-createrule.png b/windows/security/threat-protection/windows-firewall/images/fw02-createrule.png new file mode 100644 index 0000000000000000000000000000000000000000..5c8f858f526d0591039a914973b37828d8d4ab54 GIT binary patch literal 165999 zcmY(Kb9g1)(zi1)Cbo8LCllMYZQD*Jwr$(CC&|RNZQI|RbKd8i`Tknh)w}oV>gv^1 zweI?Ln4F9#EHoB05D*ZoxR{Uv5D*9z5D>62B=Daj$_TFoe}-?43Zeo))sr|UKtNxk z;zImNZaU{#5PB#FNI#!!YM#apW9Z^6hL7hAmA4E!VOZ;{P)$~O`$UB z{9crGfBKIY&DNZ|bm;EidUT1szfNTnn(h4W)N54)Hr*?*`lTGC)CCJLsP8CxKDZd2 zk10I{NTss>*!3^-J~=^Y={aAW^w^?v9zZyCf$zq2@WTlN_kEA{`KW~ddl!B^{=I`H zqFbJ55eF&t7(qcn($dmCP0PZobcIlFRM8Np$p5+7e@_YnItec@Lm1^}hl-6&l`@72 z0S{1m9etsuh1R;!?G0QE{l|fS{MZ{sVpqmk(b$+cbrgUw#O8D?XJKKXr?(x2i}Vou z*NH%cc8K3;J>{6ED80qg}ac*->k9`G}tQIm%?(M{eKS& zAD9M|?+#1=gT}83F}!$2NpsH3wS83$Pg(H)n}#h1sI-d@IG}&uVWk%0cGL;Wd2$N= z%E$1k-BdM4t+U$`3UkkOsyD17ebFc z1%F#QqXx>?GzEjuvbD1M4h3Z{nS$@9PK~AkjQz09 zggoo7uEk$5F*%QkR>O1N_<+LbiEB8iwCUZGfPT+n!%_omdOstUPnlC0CB=Y-aEZ|9VZ>}m2;VG#(^iUd;3 zB!5a&*9IiNaVD%m-A(c zN0V85lS$9d&#S8%kgk*{(6-z0ZCcf9dm~d*@X&CFuST4)cj+1FvvYH6Qe_NoKCC&&!go`j%r-SQU)b5Hz_IJUbJSajzS$=oYNeP0*and80;2G zJ#OCeHcgxM`o^ZpNwl4UTY!;1YlNQTvPNT`+PFlj2rPPwU%&MO6#7y6!pw2^5-(C1 zJ~K~NJ`hwTe~%!5mbl8oA0j)yn1)+Q#p>WDMq>obgyZ2In9rKI5tb>})N9+howWCM zSpQhHpY2ax<&7y=(o)KgCx*vj^>M0!(|6Nk_0*!rkwsi9vWyQjrzdUm=9#i@iR|cNi$(<_j4S7oTBZAd}6kUAr(YDza#5m(AfJj4SOLzc~W5 zi&83UQ4&;pK7ifMcc*761_)~LpB5;1tEa4fSDmB<=RB^pNv`cYQyd5(8~i;L9pbot zs!<{~*>dJ26MkVbLMR-3N-BXucytOaQxUY&-yWGzRNkJ+RAO0meq9TcIemo3>r!4Q zU~AvNc6(e3PH&9Ut+Q4nW~?Z&nu};p%DD;( zT|bH$wUAh7yK;m}eF7eSN6qr~tji(zQ|fT$e3paBt3z%RKK|$G?74|)U0xnHy6>JQ&yZ(AUNaw!7$TgVj_#&Hwny?$_Z}!dnNva zL2;zc=|H=0kgng0=hSqUj$*qoLuk?gKdF^H~t3GzHzWCQGX*tCcvlU9u!>3kv-dk~?0;(~ye! z2zIq&rq?!gq03|blgg%TfDs;`scouZBIZs&{h%Z|Iy$^S{v_P?GeU;a`g$bl0AT(z zmF_c4?L4`k!I?_1EVV+pew{b zDOk4%Ab(tU0#kas&HpCYAezL6EkrC{DP2(0YQ?8u_?@TBd?prO1F6?h=~0!|%O!2m z6ok!L=$qbBEn(cioVd^GKJfZ*fgQMJB^5kYJUU_-eZp;IH$`k{Z_)t6ggGwKwNX|< zIdkj;-jOGMVUHW1`#K5>XMpn*=%|`RtA*%=rj*ha`-K2Ocw{;7NykrRzb%11~$9m2_VQ_%uiyqT3; z2Z^}g8}TaT*gS1ZJAK7Ee2M$VR za+6@J2ikxr6cr~xxELv?L)H)+3Hb>E@xp1E3u`-Co4b?|R6m9Cd$)t%i8tt&-cm^8 zk_L<%-nM?X2w>%?5(M3vtE?Y2+#?hmh*#`zk%3z%O|Jxu<}I;9k;?wIIU9*SCHPO3 z{VoWKe{(-mAS$b+wvF7S^94U~91IIn{Y1^;O_ncQY)L8AQIhoYnONL8*6;1d0u_UT z*m8nFe*wErozN_u*5!ff&B7ujB(^#gaT6Wv=Iq<6h!`k0>%o3<0i%VS=8oY zfl{FjD_Y&L0iISW{zgc&{uJ=v50MqT% zuiz4ctlvWE%cX{fFg)}3@iX?Ve1H}%jU|XaU^BVg|JJ`@gj@cW#uh+mA4W~DHZp(< zr;&f%uC?Afy`77XxMf{g@gp=o-+$zA78-8G)H-Pd28*B#F2!(z1?UWp6?#rmTGVf%%~Vc`a8xVvH?lt z^z9ZCLTy3hGi_Msn*$HUzj}Y#q7nZR(y0tE5CaA~JS`^`DARK^Leg{(S|ozjGYmxk zg-RDB?}Xq(_d5&})SpBhhhTV7tEPS#7xuwf1bQ#DwNhY zi{Ii1GFe{P5G6=*rL(s19&QI%**R>~NyV;EtY+*au%~#`DoGLri}>g+RjZq;PBO=b zn?v}w8*K`<$S-=9oEVt>xDAh|i#ZB@TD{hFfG!Iu-Of!sPB$bg^E~tFg-KF*pFhJ2 zmt8ZmNb&voT7{=UZQ`}tdjqego)Y{_{5aI6AEZ>DuU?c~!0>_nOJ3N<>-}jQ7Ag*K zdQN+#f~=Z^6vCXG$`m9VvKt@#Z|IY0DjMJro0H^jU+*t=PEb)y(&_!AMT0(Vj!|i5 zN)SaTnM-;wwb_vs4@SQ!m%%_3(6ldmalmFdN#Y^k6_hx8Qj1G|pw;SJJ+ z`x1!y$_r=u@Rehd_Ml$!yu@TbbvUNWhFVa8fWmpO|h0y z%jcC`(*N6vv!Z^B{n1MWbDnX8PVcjMEiO~0&+4}r^e0+>dCfg4f zd5jL4%3>mew6aFOMES}2G6Gvs&{ZswMZhDs&v^38<-&GJVQY5EYvI-+U!aK@JYwt? z$s*$>5ttcPhwH*k$Hgu%Nu;F`fvPGpnx)YIyQUKS(N+O}BWe>HSKn0AB?3;Qt*=+SxQDfJU~xkSt(*< zFd-At*EfhBUbZ?284{*QeK39@iP8Yq#3F}y&}!{n%k-u!DJ-8HLZna&455Kh3IEW9 z>k6DO%14PK==Sz)e2LT>Lt$JuAw)$a08afjmY9;Jt)N~+Ld-DZAeo?!fQ5}p$;f=R zavKU+6gcKIk9MHS;!X@LY^U~9(h@B=$PNe1e~u9vWO!W!2Czh+5Z-~EF_H?$V6bjH zzf6KS^R2b5GJkwDfyxdz{b%eEBX(vhF`E$drak@|7W=48R(t^do`)WN%Dj1KZ?t@8 zdH%XX6r$-^q91=BG{c&;lIG3+J{wQO0BICz5SX(EBfc1v24~15DI9!?-FmSJ3@;l8 zA!Dz)ZgPU^wAnB)kpYo$_O2rP;DK=yi%m!?WKAApMd@rG(%8#w>~DMk4jSn|Ddh-H zoZ`9}RQS~_1E~_N9cs=btsg0xjDtewbj8Tnc-i8yeu+q+zq+D|T%pCS!h3D49cB)2 zgOglgJQyPHcp)Q)!nWLj>O2z(0ly!=igGp)J~xe2g^0E~R&D>Z)zI4QfTixEcoGzdQ z=kIm=z@GX-zUAe$Gdobwv1=11Nb?eG>S`5f^~X1!o1djo$Xyo9u_RNf*#2mt2K1T{ z)(iQbz}!nbuMOXhb&stBQk)zXoU<+}7cd)t zbh|aOJb37kta`1;pi)&r6c&t$(Or{N-rqLl&NS7wB1l(Awmp|>%?1uRqCF|AWy1Q3 zs!!r@lSty>PzeL8c}}4z;r$Cp`T4Scz`io5q*TL$>u@~kGOEt#T_CAF0{}b!gj^Q`26TwqI{8t=`&QZ8+U{G)>Hb6IdYKW;;(Dhy z&eNasM0`2FHS=NN1plh($>PL9_zybUt|9nIT-y^&b&C2wmWJRrhRlbA!NK`AFnsQS z!iPG)B8?vUn_T@IIl5cJoB`th``{nCNDDk3!}|hC7@)0+SIY1=4-4hcFj=dRSa; zwOX`2DBn)%EU^}%Ca}6zCJ*h;v8pmAjNP^2$VPT+s~MQ^^qJVY-l;4$)>XV47W+`| zYIt8Fm(1%rxTxWVSv6}$4*fG%!5cEjb~j?Rb5Ty3GjPAdK|I0ou@NwJJQ1=1LMBd% zmzSi@c|C3NgZ>L+G4A>{(Em2!<#Ur2w^VA>k!$E~AzHt#QSLvH zy%|Z;0&B;cBA(c@-fzQx=fs@^;bU+v;*5JH~RwRd>4szl5H((sG*R42y9{x%LX` z<@z?y>cazKAbr!kFsAEa{pp{kc{#Pn_6H{!cZ!Bb-6gF*`wZ$ z`a_{OQ(AU1i`8~g)3g50#peAu5N*I}WvjcD8lsSSuI!2>+s>o9n;IP1l%7i@YE#uo zBmHm>0PuV{v(kXhbtjX(py<7?X5J9g*Ut|;$Bd)#y33&xGFi56h*!hAKpH@B zKwfHzR3wG7?5QO>b@BlVDx&23*?)F=?}<*Q!)1NFO|bX&aL#rbXATl{7+>Id3!6P^ zJVlEf>FsfI=W4m+b8l%M(Cju1?{WxLruqgAX<^5-t7&3*!A6hsF=5orb0)wsSh@4&{$JR zbj$l5pqqBLT5j!;wp=`-_WEw2B5@S$KW?lk>(TiK66b3z@cP^uT2D`#USX# zcbsgsP-bQ&434Ot4%Z`_xl0^<1@rWErRUVRy^seSdLJ_lK55itsx^gvPiaW1wJ*_T zopEs(5JTbsDijzoX+fW^kwPlErkj33Lr({-?SB;t*;lJ z*fwT=6V!P3%&4+--fcG`bPTL3sZQ%LmXA`3s}sXNBFCbrQE_KRcMVNuF%`b0rh)81 zQ}GRk{1xWjRiU)RNAbHr#Tnah;6kJ&bpqEwpqZYh1>Nl9_%JhnoE6a}d%rwX%yl#e z>1ZELc1=JD?xq3YH>(sWSv|cG({S)Kyw2@#`Fr^ihYuWBg>9gv$~#=k{}MagKzrqa`4w}SV@texkR9rd@&wnouE%c-(aFU5O8_Qz|BLU)tnf&{W=Mo`<#R|WN z_uL8pyj$44>4HkxI3TspoW`Q0w1mw6L$1svyp%H9MU(y)__uY%wk0|@kpLNFags&;p@E1`8zk^fvJnasNt z9v_J%F?}zKM#gqS=n&*=3!$xRoXfjFn6 z7}YL+s;Tl^z(ow^c3u-?z~06zRW5aOVo2gA!LX|i?%8wNP39zX!|&u_SiwcJ!*amz zI|w^K*xrE6zW->bml`KvS-~&A+r5g;)qsv@Y7A>ZV1swqu22g`E z1Kb$wj02Wb0v7q@q_Wir4&wlH;28q;!ApX2-_^|4K)J&2f99ZPOx!cv%8o;X-1p@z z3xowmB%lnaHM@@(4wHUd3t&OO%l%$m^vp;Oru;v?@~?zcC6Jq&%U7i$Dk7pI4l(pg z9bYPQ&W}M2hh;Kw!uLL;+j%!0h$OK&R97y;JNsF<$9QHJ9VJ`qTh`BKuo`wR^<1Uj z{WrhU3{Mfdav1c!InQ9i#PETe{O|d1frBrL;SGJZ-4nn_ ze~3^fYL5o#VGeawi6W&jFztBqWo)#OBqRum1hG%kNobzLe@m#IG(POkiLZ&VueU|g zDBPRs;T`x&u+PWsa&L`LF6THbP!Tkg*-tPZnw)p^S(4hsHXzs=9rABe`! zFYY`C11sw9K3=bH1fL`!;n3&Dn>`MC#GsPq0OvY&VXtMxOfjDkx>Tx}CiO>;b==YW z+$sY;4!JG1pnYS3s?uNe+NTEacW}Xi1^)qeGc$4;Kd_)cFmOu!h&^4-^Qg;>!#+JS zlMd)mP6N0_pSmjTfW`vG-|{A^9fK6hjoWK2KmQ6d>k^>&E&}fAZ5t+V@G*KgT(v!d z!;QVY*hv+yS0Fc{%q9+o>nygKpk0XMy~U&knHeIW4G7D&2dTBvdBc$5c@ujg(4n;^Z52J zNN8+7fzuW!jPk&L((1YvsK%}z0~`+5dY)kT?JWoWH9Sazv1bW>v$;)~_^*&w6R8?>!es?1QsN(`^q7f*K|OZ9Uc+o0 z^}HxOplEcKIiTQ5!9-A%U8cnUFz`P$JSgaA!XP8%wMT*8}U8l`K_UTvJ1Cy4BVHdRcCem)PKb;oH%O#?A$Bt>h;t66=ltb(LX3{_2F>R1T=H-geHW%pd@zt(vJa&HItO~7tDM2NPP#9TU#tu@_B zVhv^%77BGx;^GB4ZHnc`>w`v>3O+)k#W@pJ6#gPHF|k&)V#LU&;EHNbyUH>ZHsOUz zaKU&P&3!wKl{{o%##0L=lb#kD_)2YtW%)d+aj-~}&W7D5o|l1z%@39`=Lcs%iY9pi zc9t3hn2M_A*uf2LJ>c{~#1ANCw2+z)Ab>Il$ z`7?j21$VK0J~|Lm{>tekQvUXGL}>{nTcOW(){wHvoKKbCX?dj@2h#Etm&56BJgvEbfV=s1 z9k%4r`}H6W-7yfeo}Axgels9gu;)lz#RywUxkuf(2>oH`7lX6#x4fF8)(NYUx`UXj zIt--+<2Lr9wzl+918HT3`A&g6{4%1GHCSj1nrWt)FhG|);%%*7w_5Lvxu$AB(<;H7 z;jp#|+QDJ1dWnO@=7-Z;+<1C)ozATKg&hax@}Q?o-_V&0JC@|6omTN(3Q!GLVG}i7 zNp)i_+goH=@$dOc9^JGhm)cU&|LwlkmHt%lnSH%(YZJX=ys=vS6Q3-J4Y`%#q zJylV4UZwPV`c7taosN5QN<_I#y;#<+SW&4|x;-qY>iT{>ux@$XRkduszTZuW$Ac1S zyScFmb(nP^nAl7XZ)`}(@#)2({7?!D6&&!tcL^ETvl=9ZRwvH5uYM)9 z^lqp+s41SYYE~ppkY#v5t2NqH4cp?2LrLhXO`mvZdVuTb=q@g+F6Xac5ETIx3WULo zd?bdyZl~`LR|F)aaVh(+VVDD(Cl2f=uqJwTx?Dqb+ ziP`~9*nkORh(oiNHXRQ=M z;av*;dmdT2WY%k`h9fuiyO#jwA3spg(L(|Qdx!YwNBkT;q@<)26p&J}^rwiHPae-# z=1d48w;_az$bxw=me|v9x1HqU2IDdPPQ>{WL(iJqG4-k}owE>k!dp|fpHsKz3qxCv zx0g$Ek0Fg6wA?%-luF=c7~=R+KQn><)cR|e&d$edW@gi=KFb#j*Oa! zfV7d^5`p}?A#iqmg?K!gaPC$L> z5c=V8*ru14-IVKzp>P1UQ=Bj~nKzyzrd zb`grSdXM(^lYSGw*Xp?&)iM$aAz~2+EcN**lsX>dqUJURK#2|u$KWutk&Cf;Xq9{` z5S$B96zR;LP3oCwoN|S>c9P? znY@=*7%gIjP9C$52-T}r#vu|gzE4Qw0>5L|uwjF^6Bh@V732)a>LHe+^LyUC(>A?v z$bO&JBU;YukF`Nbp6bs^oIhd%(RZaU`(%?V_b)%&r1cQph9@)Ygaq!&kL1Z~SWPaaQ;g_Mt#| zZeVg25uHY6q|8hHabN-|!nj_`o>));jCUAMf*q>ZaZ=grbu_5&jNB|1O;j=_O036+ znzNVT(hyB(JGV%H*jxN;G_Nga+4y|Oeq`!CceXB+(WoRd$4x4?M<>VNHF39fK**T$ z!T?a#&rS?HJa!YMuWkIxK>IMiIH7!v+tB6hAMv8N)~_GsAJ4?}$YOdrEvVzI z&J)?XE-W0KgyBR@ZQO-RLqA`dRP=~|b{^TXE|Jp%@KC#zW-}%G;t0&cRL2MRfrG~` z+QN`1o4`QJ1OBO9@PShZrX_xs&14Oj5-N)59g4 zSeL41{bnngQ;!BzFeibFRS@PsaCMY-w!bQoW7@mEE2>_E0J0tS5)+6wTv9@!I&87y zrfX!e&XK`R!to)W+ZSZ`oC=S`6}+0K`Pr!f$dyZEb_zBzO9wXI=oXrX0jK|srJ=nO zBDoJVK7t&9mpphLg+gBHGWnXb zSy>-n_r9!JQ2q9hum!DzN9v!Ih=8tx-WsYRX*NXyM|nV2TfBSt~ey zXIYgDnJ_FZEvO`>fUO}7-5n~cD);A7hlc> zR}MMBcwHj$@r~Yg34PD$5;^lSH;@9 zB?OeiWGaJj{?S3a%^8VTf$|s{4Pnn*cj&Cq1ycLh| zxGCYT76(e!9~HupmM0?;nuTaY6fhp>uNNXh@))SZ`>BF}j5q5bDCI>j$6^r$*Rpo% zG=>5lwX%}iQu=@vkfwAtL763N>rB<3KN!x}6%ZY!tE@h<<3Qjw^imM8U8Eqmt?b&c zS;VX$?eRQ-1v^d(a!Gzjb27zJ5~ty--ilB9)n>e~w*# zo;~>-#rz~5XSzk!wQT>q7}QtFtLW$APT%FstBGO4jQ$TrSbFQOB7ReSdob$mX}!9% zDi??m=%}!gWnhFIIjQ%@?ATJCe-ecq6M|V-*wk{1t!@Y$E-fmNUNTP+;>TA7_*}c0 zI89n7-4a3}Y{QC|d4GO$A&~8fqb7;f!mn1gA%nSZir)GZ$6;EhCSZ7q#D^}50Hlnx zNKEI6So>qblk0Lp-F7qt!oHac1rpu04#u{+3FFjQX^43}dySm77~U>gHC%B$G%{3L zk+e43U_8WhkbkWDqt*GN!L?|@@;bmoXaMw=3N(iHFwK7Z#S;WPd2*5c><(KA7>AM{ zTUG2$kQg1rKLrg{Y*c)IK($)~=50FL0hh7C7t+C4-#c|gsx>>n`@5F5MErS-kd%}J z7XsqKFpGo%X^;!j;S;uRTMV?T0Ybu1BhYUl{G;pb2x+(I zeD-x}HnaPuhWWRo*cucACfVlGOa{-7I`&$tMt8m^YC^gPfRIIC(7gs*XOxDovUPta zjQsD$%(e*`&>=o~Ehlt!#rC;pgDm>Ql?oA%%r!eZyJ=Ny1Ml*?o^08Qu&7bb0@|%^ z4&6COXhc+aSajfaOKc!e^qFrKqz3Q5oxQ{l&J(0@tQB@zyN&;Vn+(&vHzdU)`Im-EZSksx@97j0fd;Ip4#i{<0-fF zr_`_*tV;#%NQQkkzMo&ubSi_P5~Z@YH#d!+bLRDR=1o^lDlf8sq7KJ_fBfpkV2Fc6 zI=!Tvfl}{y9>opR4eQ?MXM!UoB?TQ##kHg!@8`3jx;kcj?`HxTu*Q!+4qe9p#`lv> z|6%@mfAZ%F$-u<5o>yJ0?CdWdyF8nzX?Z%IsGz;=7dLL(^A=`ixg@pfw$>P!Hdzdg zq%mV%W`3e~Ox@(q?A&<;lN%&095c#uv1U`RTiV_U3bd1?^OTrdf&Z9*ukgVCgaC46aV z=QgcSEJC{v&}|pUa3r~!R}y+s(cS^gh^v+9buQkkpxCvcR-r^EB1${bytmb2d5nB*!>=a<^2SLq1dH+$EE zCR*`_jStsI3?}>A{To-Vmd<&%k*NSDlPWKZrki!vaQEnD$$7BrOwaGW-r6FSKFfG>flJK z?co*>DQlkML?X7qFm8X*4UH*Fz`RTeRV%8aq#~WW_CUWMr z`wd&eV5-4T4jyhnI17tHpf+TLOWv~GcC!280PyzR#GvIZR9d{pHIp^`@(8#@9>Uf-*Eb0$;X+wp$$FeLCD_6no|P0!5D+H82(0vlZ} zl=dFpkj~rZrSAad|HK_E$ZeeDhWqDBSnOsM41$6Y;YavzgIXc{EGT!Y*>vCgCu_3N zjd_x$YJIi&eO-y4>bh>rHZ%SczkB!^WE5LZLRM)iuv@G>8VLx_j}C98dv1NTR&1Z1 zHgDr`+l*Y=x@Yvv@(^QZTO=Lj%h0KK+#Y^z6Gj)4Mu?59209ceg~F4&w{UCKEiIwXoIrQb5>=tm{Jhhlc0bOAo1sow z*vT)VKOQ-8NcheYGj&v(<{N!%@7^1K5`=jCXy#DLSA>*R51`jva-%XO-;!UIJ=ODwy=Ch?=M4wL1s%=_i|0D8 zn~Uwmvs2CJdWW+YmdTyXP3vo^J%+>0kppX+TZ%cWhI&iSv3KW2+eiCz*kJ;Mg6UBv zA9*p!HWMxs#>u=c7qkWaNQtA%sbW0Jw-<9cC<+MM2lr1MjH38SN?hVuHKkbFSuqZ=g_Tv zugdV?E1X}EeJeTE`9=it1p+{@Tt4a#Q;%?yq6Acqaz8KhiAZ&QB^==Sxb{n+ zT`ap%H&8!auO2{*EdM(Gnfoh|xF}XQ))@nQtY;o7>QMnk1`lIc;m>ypzm8EkEE}Si z=-Ztnq|Z4Y>)uRVVND@9qrJB`J0PA;xJ<<0zojg=?_YTDl897j#z-K>@>0= znj8g1wK?t-#PGa63p#oV)t83)z|(cw@=-_N@*aP_U0o$3t-6kW$nv&dZ-(G`?}mAL zibiCmmVRBpadRY`NmJ@urcjb0o2XWQoyZM~WmC11=xp=9F!~CDm z0Ywn>?4H%!5Bs=0#iWePc199RGK2Q4;AAk;7akrc?GVhzKR!N=(0rTN1rOl5pPKMg zd0E9Li#ll~6EunzF(64(2JtIZ8v05tEzIWCxtvPL#w}-ml$|PLRlHrNANCO@DU)yOJ+6X;ND7S* zk;Ysw8Lf7;I2+(@Jc&XT%w;JK{}K*yI!;9+HD)Z@IXN-schGlJSc0olTiije-u~PJ zcRBvywW=MEZz=m>U)c{_{*2Zan-57xdg=St`GSlTQ~l!L8>fSnv`9cB^Q%v22e;iR zG^G|w&Xt`jA3#(rb&fn+YEg{RbvTj5_L$uPPDcJ?<;{mPaSy-tY>Uv&(1)QE{ZBpo zY>T8<@18wm_y%X^$@{q&ASem{m0e{Rq4tWa+sWpBTPZBd{dRHao#FFRJs!Srq1|Tj zwo{PN{pw{IT~ca+`EWSoPyMDjG936$6=;h?RD&>bvYu@1$Bp_)a&yfUM9l zhy;|>o^4)Y-QK!|a&sm_$EMP*D<6Z;Wncr{E^DX0vdWK_Q}C@{T-VR+vgZH|`c z?%`cn(<{;FJsIueewa^IY<*sjEk;eP(++lNu|RmORDq6w44~%>GpbZL>s?rtvK(hx zu_Wxf0KBeRcq=#S59d1Cf5Wmw3V*a^^`7++`^}t`m5J9O0T@Qvl`wi(kPYXN@z%I`y^N+@VNu++<8weB zhnvMXfBAYb+DSQhG@cf)G8q|)Y%q}dYj2I+IOFKth7JU z1WO_$ZtLrBnbQq*x4uq??%#OUJIx=yOk#38o&wCFD~HchvU_N{s`GR6n{DQ1AvQOU zKDX*0#x5mw?lvW{Wm!+Ku`otly@sY@w$oW(=!?03fQYfVkncSj-h6kJg@9obA_WVoSghA6HIJgt) zm;I9t)2ZwSZTsIuHB$171I64dwN`@-t`liYM+XNb3p&d>5a9IGxl5TV-*hLk;qZ97 z9b%%4>QZ?I5v3vs-RcuhxFcgW7%X=xbXC+-QHac@yO6F$ z&L?X-FFmfUB$4f|FPJAr)uPqMEMzkLadbJ>B-Zh8i8neNzyW_oWIM^0RN?I4PI!%+ zG@v7Fw*ZXbQj%am|B_o_v_lQxW#b~{pyc`?r=qN)rEMDj8yLjjKYzDieIg1xK^z}x ztneFSnNaVMUo}c5I{mfwbsOtX&VU)CeQ2R?es%WpeSg%##t;YrBfI)sEp@Ncc%p72 z1!Ui)cKvS>HzkQ-W5?L8$A^vT*|eI6t(#WUtnNl&ExXq`&#u!b7s9HxXf?CUp)-Cs zMkWqhF<5@4_+*<^{b}LYIU?xMudwA&aE!q6a zPjFr)pbC4O?!XV3#aSx{D9YBApqsUo$+6G!;fSsJ{{l!S#%0)3i_A%bb$8H+%0 z!Dd3kkyhXwmpT31h@ZXirxF3iaKRWX2vw@@3a(6e3FIOUrb8tMAptI~t1ivekgPAd z!QBl+gF!_g-pf&bTXB{~^GC;^e&}*NJ8i7QCmFM-?XT{~_b_Q5s$ahq@gIqixWJ(y zn^zWbmm-hZQBpShe>|O4P#w{_t#NmPySoPn9w1n-;O@bK>%!gLCAho0J1e+5EZp6F zaoPKvd-}Dj`k||P&RPE$;~S<*+hRNeE1F*I{q)K~l2ULt4zsxqqm-tL+NiPw%tE|K zxeZ4BhDHCXt$6rXjJ6$P)oQqu{V|aMPCokFnDGhZ4O$h>#iM`!UYmsIVZ|p?ZYU@? zKZfrPOFGyj{hIZ%o=|-KsWr;la4>~p{uc#?Ey(8GWI`&GNX1OV6+o{c@BoG!RbwIG`{8ev1ApLPl5qG(fRUKif&E(ZC-xh#wO5$r` zay?Ce4rsa5>^9(b+Y#arM3&9p(y3VdxKdNcj@&jYLCNN^Qhox(b}!o`Y&vX0Z%9b= z*w`HLnFcMF0qXaZO&UXR&Fj{ zvR$z+|5Lgbaa0o<`vC)HfJ%*ohw}_@lUs^Kf7Gv~GP@lSN-X%hNr3(6wQ;uzI{rAG zyL22D>TpwUr!FV?P{S+;QLYQ1P_G%EN=`1EhrgnxIil#sD}HZ|T+ zsSU?CM1axd*>_nZ$vuTiRZQq#iGxTI?bjDy_4^qRk59U=Y+cLHFDymdIn05cM&CCt zlkhEc>ad>N5M~+0lA9zFmH;Qs87SQ11_zxKeueaKGwnYlNE&uF^oT08mNRu+nTx9z z81u-Q+1KQc(731X_fFW+tERW5~b@>U;CLUo9()tAyEb2114 zS7QL-H4V_=Lz_~Q4q$t?yR~N%lmmMAv7>RDi1I$`f^|q%>;~hkTwXuIX@WFgxK}LA zjCWtUOfiNjPqK#;(ZhEJirUT_B)IMPpfuup<+RVi@k6$*yZC|B;oT;{ z&>z5cM`SRb;#0X+I4ee=#XgUXyNv@^ZdI}m-q(-q?x&0f15qyRh- z;qr=0_t>{`@Ps}L^=`=;bdsrpCt#{6{ogZE!8JN-YBaUJ8xb=B|25G*AtUBi{_v&H zo##IL)yd8@Go&sZbc9RkM_sFPWSCd>DarLtC~heuS}#^=eTHqE`HzD@#3AGa zwg#aW3sO4cq@g-Uvp?+DL}+S@4=&X!=@}Tz8rX7RPsp;F2}%DWzxZcl`3)JT^VqDC z0M;R2r?z+y)7w1nPY7^uU>zuJAIb`zH|}7*KR|hMQG0|ot}`YhaXJ~~z_?Dj{KNC; z#lu97+7L$a$)Pk@%@pBXdQkyqIbpmc;+{+I0l3>ij!KGO+#Ce-NTVjOZ*?%`z4Vn> z&}5ec9yT{YZ2r+C+=I4&UQBL6dATdv@38-)2W|aD@Qa|Nq!j$L*;Gn2H8qj@M-%gL za&jUCFzBiHmSR%clS1Yg!kFWQ87wjRuPnHPWSzR9unlT(bFPpiE00?;m03C8{*dA9 z-uOMvQgLx}v@@9PJr%8pYYTR_^EbYTG#SJr{&L!^0jicudze161xJZ%$iaE949IlY zCQ9T?z6u|-rP3D7Qhm(=ACGwUOiR+!LHLAP2)*kll2_F@{${@!9Lf7pzBl~V}!CNuS1 zavfa!d;0P(_En<>;r`>24#IPh-AI4O?AWRqnR+(}h*a<(f%cKl0;h%(Hzg*JtG+ z7W6*;G=6}Gp8?WtOnAS(j7)ql3!Z!szwo_0zE{)Jf4<4i6-kw6x}EI0wVGf3bodK2 z5ot6?KxKTj{h==^qa|^_hgh)YBGm5SBr3FV1GDutw8S?~n|w>!)AkSVLcgUvf1w~N z8(VBdOn*AY5MEGi#@(YQtUbA=+q&&HjE}Ru?a$mP`BxkXsfuS{a38XJ-@2|X@8lo_ zhlx(Iit`C7Kf;tm>fJ5t)!m{!0=xIokqkQsgi$ILYGRFG}2?&efzs51BYF*;g zf*XDsFAK6-8OGMtr={Wg7c+dw6)7y*B+>8g=6w8HZFXPRe3skqlm+zuzSELw1M-%R<75>6-tjtSptiGo^nK^wXw$;__wt9kK9@Chn`ejf zMP{u(J@|aK^sC?#6|J@rFF+I;|2!auVYo73o-*8N<*Ks;Qhb_f!GL@kU=psT7JWY z3C-TE<@w5mV^kT$x+{Z*p+ydEMB%~XF{~GHm{nN_z-z=W`c8={%DAqr@y#CJ&4Y;y zVpq>k-P_*H7a2_X{YR}fi&!4Q!AC4O#lc<#-X!xodFwO#&K4&+d?s+W$-&m%(T%*7 z946e4&MHjd=ru4bj3pSHq|e+Vx`C3f>8u*0P%|Lbt>GNEwAyb$GDlqFKOn13DtJvgF882Yt^@`<2THo zDXREVqOD2D{KfaOa-!3aZiOJZ^lwJSBwpF3fn&`7}2y`w<*2QgDc3HE^uK zckkzjyT!5LF4b=Lflw{?<1Z5>j8!Nh@AJb|S~&bReTzdm7ZDfSf(jY;GfS^gpiVYC zUw@Y@9y#l=xr)s3hJ0$ppj46%BT$-=lkX6oue}|9#r4+7#0n!_pb_8o=>eAu97^?y zZn1*P-Q18>*uN+C!}v>I(97;iwEG)r!$o#_K7`GRJflz6XWlUp#e3B4h2ef`4ACPP zp)u5tP2zZEHrtg~R`1(~sMmV8_iLRA&}=Fjm3Q_2bSV%*w4}HT7FpK~e66)PUNYE} zRRKPAm(_W>Z)2j<6@1rFF(}tJknD1Tjq1CT>K^^i>-B*;tY}X=BTXE5!ho;d&^D{U zV*;>KD0pOzw0BJAbGHTK51eyras)Q?DO9p);2aSOU9Eq|%W>O!G%frLIAd;_KM1u% zw|#(&RK=SX<>DgZ=PuKD%nk|wgIE)E5ei>dz7$;M@SD8^0AGTLnU#&i!jq;TWvS7Q zVV;>2$cx_L6w_SRYyeaE_^L{pYHFJpU#~|(hodqCJT0Wj_aGjlW%w(9$i*JBb-nAh zSO1*Y8<-~c4}y2k=fJV>@gmJhTFRzcvUk$16#LC)`b>No@`p!uaJ%L6W?bI`! zp#;C^IAW2$UX-&Qbt~!Au7#NSS_Z1T?bzx3Zl|iG1W6d_dC^AqDKj^(*+Nq=b8+3K z=#I;C9cMfzIHEcUe1x|bJwLNef(W-2V0i~qbaw8EV~Cy*HfI-5&u%?ZLRR&eAaiK% zt&JXth^6?~&r^EXqXv5UB^l{xnV>U9pMxSNXilQbmAx$s+C;M%aVH}!ckt66kX^6( zcj>EMU{&ZtxcbBgcJptQ65~#_D`x*1X}6hIQZxM|xNxx=TljKN##Uhyg_eA))o&IF zPpoz~G=ch=#d|Q;r9JSYj z0xHM>_ab0wk2b_<^v6Te%UcAo%nMhR2Y+Q4<;hR!XOs#GM^J^7 z)1n`bAuKtr?f0o7H7u#8nII$w|E$;t@$R#}TrMkJ@EQ-B-^G4E_C2Mk{+Ny?w43*{ zU4akZnb&@h0Zajx%^aS_(Wlkgm96l$qOQ$Q+^BB38~OCv#fxFtO9|5JDG!OLBe(y# ztLd710~-ZN-O>Z>Y==L&J>z6}yUdI$G%MkhoA#|0OaINCC{%m_ECzL$WA-!_%T`)7 z=X|+H!0dSF>#(q-p13`jH-Lk>>d`dp7tVcsA*Qajkp8EnmtyZ4N`QI$D7j zX>vX~9i)s(1U`6+bPA*Xc|Q*9uPG8&lu>%dkYQRgu&GDB${!ujkA71LK~ERb*J=ir zq5DjhR@QSPcgPdYQN+n_7vd)9;<~lVk)+|13)fwAKt0E;DW8CJZx$XZ$3y;9P9-Vb zgamM^OfL(B-u`LszP}h1@!3@0+gjsPX9i#7M*bw@va(1BgVk!UR-1jdTI<^v-&n3( zBEs4+`AV48XQ3b;4(JeKS;9`R*Cc^K!$W8dnJ#P3B4s0n`%r_#`LP8Bb%hN}0hcY^ zs(ay1hcLWTE6DS?&o2IU`ChCbUG3Y*iiV_CvI2L?#9?% zV#W{2k_Fj}iXHrdQ8RW38DfyTV$9xU8@UlF4%YsF{uAj8%eHkFvV+&Wr3zVODJco} zgxsteSktPjVB(g-;7>jPda+*wWo0^*KD{ym(|n_hrl(9J@tkyu?wcAFhMN>`s@zE=#G z)!PT;a{oGnN4$3f3kE;%FmK|c!(yX#_R)0z0Cg_EO9=^rrQp2CR-4ZoHSzpq9^$f z884IHj!wwsW7u*5O)F27g-iRJ9a`lT?P#HBY-`3u>Mqi#eSJ0v6!_wLy5RXV-cjNb ziHH)Vc)1~>7G{!vHLou|3;ivBSzjFP{%qd-YEa+;KlRIaL5_@IA^X>|$J%Nn+`vBM zvrlh(gfcG3sJ9oS=kZA7a9GK3ybamMkmdQHfN|TK;XCc8{|PBMUE<~zW@K%1TFM?6 zjyl0)q4;jrriCns!p&`U=Rw8dZ|MS;$j8ms=j#pWo=VlLCZ#@}`BGl;x&?9&C2ls` zjg&>R2yAza9Y&0swOv%pbAK0y*+N8oOWJltuAVTr(>AO+v`3VmtRG_YZgm}d$Z5gp zz=4JT$pU7!JaJHk5FUK?Heh`Xx>0v4$qWS9$C~T!`eOqJj?$ryj)NJ>&Zy8&GQ9#5n zf6uSFOfsx}W|jxN0O>xXCr8^GuQ3qA z9GHXK!4l*|s@m)qkCj++{*7*nw|}H5Q8>Vgeao!fJPPdJg6Kn7VL{3%Cs%(-GX5me zp*Zioxf+J@yS&)Mi>=GH3dTKS9wH24k>b@$c^I`YP^azL;|C$@UwzZfq^58F-fML0 z<^}0|v=P!$_uCVwd|>lTS;5`$1Y*Sh@*`K-lUf2cz#Mg( zHceOfQ|3rFF?McN+6?@uasagWzGie_>$|5;9}kBfN;N zkNu7m6B7^kLg~i-XhVKLA1EGx;~1ZY{*#zCgAT(_APrAJ%Rf%sV|`l1Ub(Z+SFsdJCfM`?$F>HFkFTGjmOi`!8u}d;2)m-u-YK z_QdZ5OUQt~8Bg2kAmo)o|E{=e2c-$ZteM{m3K5|hrI+q#)hnvvKKcj4n@DbXLbDxk z;VeL()mi+w#Tr0o+`zU2pLNL6@r@%)oN~(0_I2+Vn)A9BWX{-d7ilVR%<%R}OgMJH z2#b~X2SaO9BZ5WqISqu!RHU<^y?_b-n2*P4^z7Ahj?c^b9i&i_u7C)ot+ZF9|lMucX}MXHd;0qPo@0Bz6+8rp?yw(SG7=%jAQ_w18$O- zCvfpg{M{QLu~<%vi;I5$e4T^WrJ5pcT806XfC2olA>vsPQHq@v#`4Lv0+qnePK5xd zR&QMJkJq8Ba!HLW1l0Dr|{`msjTpE$pFf)`=n_GaZq$VYpa0 z@sF?C;r?|irjCm6KYaS!FtR^39*dvTEH(Glt=$T6uJtG{PNo6F~lg86O9 zRlJ`xm5$@RI{+E(m_|sjsby2EjmCBdGJ4U$ERl+5*@JmD_3}gTqb4PS-%7cdZevlj zQbEQx4iZgzxFi;=6O1+NPJ<5-yG=#|Qc{j5=+*BB)A4hpO3u<4=^twv9S;|CZprq6 zuzV;CHMZoCPfFWyW?4hvy(YQ`YrQqQWj9uXEq`gp!#l&qP>7Hr`l&hpi8gbE#D`Bx za=;K(e_}#tbj%U&kL4=gO;!`n*uVI~)|xe>yB@`8lPrw-81GjB1hH3p<^we^#waf? z{fC*@UI!klVsM1|aU{9ZnBhnKSCH%ITkk8#u%(S&n=j(H&u{#19oo5+RYt*hV5F<& z{nee1Mc<<9E~r58^ZQd4?Bs)!tJe$mrtTznXTM(WrQ((12JLq!t2=7fy^X|Y?5)$LU)0>PZ==RV(>kX^uvo&tro|AL)o;S-|MA@S&+x&seN@2H?!ACOY zjm@w~d2@Y(w};j7m*vLn8BV~(Lo!>}>;B>fs*-nKsi#&2P^8K0>jf&EeLPG^L+xro zhWh2rxbNkRW(kNUL2`($c3dI@^!#VPSPusj2P1R67Rw5D-Do!k{HUppFVa!J6f_FI z#4K3taahZSb4PL5iZnpWS@{?N=HMA4c3}nfp5KtYHm%!h`kIEOYEo>kmQ5_%E3ccY z_Ktk<3;qS7%|J}fKD?2A;@ zsK8)LlvHeBiUSK(KdvVt?O4`28(8ZVrD*;crPi4=SDs;g+G(TDUPjLn=_Zb`;pyqw zboTz~HrPI1`g*-g)EmSu47#4+`Eysk?v2E%TZ5Fw2$q>T52ow>R2}?#Ak(;Djgr2^ zKB5 zk}+n^ejGe82xApbpm|7u)7reCkjqp8oE>W9cs~M31SDj_XRyNO_Mu>xV@L#I$V9+f zf#?cp?2!4uEPj_iN7H#**piVMx(eRjR2BpIlmnkk2Ag0Md5mc+{H)1XWBYHDI|K01 z4)5@iu=TytvK*P^Z(Wu1wrXP{RhWR&*(^`%<5^<>#8e(s&i<7?wDGbFJkNy-T=4dZ z37w*+GTe^?pZC#tLYW_N3{F5q{h#gcM<>uglHIfTya`y;DEuAB+`U0a5aaGJ~34@rrCwOR$C!8kSG9SdQQ zyVp_(i@~{&b<8n|vQsUkv0O`tK?(^AVDxGjD;lo_*LEWjkCcD~IUE@&E&wLPCxQ2> z1f?Di+1&SevZ2FQXKwwMhPr+6)K;BtHb(#RixlK)?r9h*)|+K;=4VXA>6M0k)!+wt znDkFHMY+$+MD$NN6h-+MX@wX$xd6N}4m~&tbh5AZ#HgNU5Dm11iF6J1U4C`ETx9p>Sp-9|ahL zyQ(;*rsV~6@(Svg;FE5kJ}5rY<#^!r+4qvj1LU$~cy@@lX%m&>^B9&Z&cv&UrLqyq zdp>E3ng%L5Xi?Ka;}bwN@^#-#SWV&p+-<*IzbojsKwe{w9zTdk<~ia(@noQ)1$_h{ zPNk9ilNhv=$Y4%ZZQPnPyDXp8jhk$Gzd609Ntunv`f5Gc81+0q(yFRQ0>QtJ6u zQu^#<6|^hq7#LWd%!_O17@VR;BUV1$1UFS)2togiC9VacDJu2f-;XBx&4`ZrCqmxI zfq^=1J}qAlDqoEk9!xx4FPBObAcpcwjW>W{DheGCxN~u7+8u4NUy2GD|4g+gsGCnKo zocXX?`>Xa)F5*2NY2NuNotC~p_`rEsA4A$iM3i`+8n0EPGUWl}&&Q?qQs;$xg%gu5 zd86s)u5*1k8#APFi9}9J(1+W%rWaHv6)Y`ze_~+FQ*^ zUD@t82B!_lO1hwx^L6!Agt5F;m9D9<$!C4d(z~`Hz@=&U!|f^o%sZY;7;mTb(Y?%F zEpXYu>*jD#Ree4X@4pMHH=&6)!J9}I=}-3*8w)$1rV2;h;aX8`En&BQ`c>KaGmbx3 z2Tx)nzJQRE)7!qhY3oOz67HIWvUe+gy}{lwnR-%tS{hK(WS54Kpj=yLXUkF#OFRuF zCo@tkbAudeEAhyYugC3{0i);5+^nFS_Huq^vI`zLh;kG6$JM`KLwH%;+FA*yj^VEX zpS)-kC^&=Sq|{^++s^X#{LaS4RgKT2$Q#=vTXHuPlF^gUlk9|h(f&ZjEo>!%Ps@iP zsiZc*BOK`>bL9Cf5OupTqF+iehqT%I-J>ZH*oWvO(dXZlJ`{}>Wy#srheW{by4r}y zWk-gYl|Y)p?{*SZ)O1jC0lk6+te~ZRNY!8?5nJ%&- zwE2CvC6L`&Afm5qMQ!gcUBaOvMRO}RlpH^BNzCDOBd+qQbwa30&ANAe?1?{laQn>M zKY*Zk#AUL0j!nD4^|d>{6C`TqC0S$x^QJiNyJ*TOtvClVNcDbknwj>zAX`v^E6<$I z9soxFY{oq;tEHGLLCN8<`6+mrB%h5%hCf@Ua>&jx39(DwO6YG#e9XP1exS<3vw&N! zYyE;JFA{Cw&4?!tt<7hX9fwws^ZNT)%5J<+?->)vVhTj`~OzB9o<~yjIFGW%pq3FkblQp;)2KZn2gl z5m?-yb(IE63GbU{OCx&HyCQHQfai>uI$LXYxr~p>3VkG-VyF;Su^xoq^!|9Fc!v*( z9Qulc5=a*f?uMe^5RHPiJL)4t7{kcUSS_M8`1w74QVl<}K=B$O{IGEutA)hAf z_i4X_s4AKTm<)J0y@)AXES|3H$vHWAjzE)Gj-)K0$Xjnl1<2!KhLj3V_;qJsQ7BSa zvu;A}N|f;Xz9c3@%}RczT!H9X*T)qpwB!p|(vNDstiW@-;#P|91Eynme4U(OMHCSw z1j!?n>RtBX!`cgx%u6AoJN3>f@UqbEIxhIqOBq=c!V)%Z#TXWq{f+vqr!-|VdGojX zJ=36w2DCc$L-K8w@5khEFWMeI0%*PPJShcbl>KVx64ZoEem?=}Wkyh5*##eiJwTRC zYR0gB`&t9M9rC6_P5yK1L_%_~PTK1E3_22!Bv`cJD2gH!;bb>?UJdCLPAsPRQmL;o zDSd)vzS6SExqZF1t64apbMTveyAeo7Uoe z*YSJyo7VLVmc}Q_{1v1Z;t)F}ZK%Qu$ncr5|M?`o8u0yGgofOwsd#JpLMVkIRxZ}8 zm7{w9X;dB+vWs>jTlem^U73=VMz=*o%5gKF6_{$X6-zK7)J?UP%z2yL?INIVo<8vE znrc?bcFA2MHTmfICDD#79e4buopJIErH4qn+h2&$XaXT2=)~7H1 zYw|h4qHh37wztXLdZYIIci@jGPXgu^(2V71l(X46n5%lm2^ee?XK;L`k6oIRkN`z$ zSWExw>x+CkOIbvrvdr*^bsRT5+L4;NHh34k;uC?dEIAn1QTt)fZYWh-}$RAQrL2{GQEyzJlmabGo@XPPiOh#fanT zb8rERNW%nrdoN`AHf~Dcq3GtU?>6^hms(Twg&`&ciqmjbFV;H=y~~jJ?1^S1(uC*nkDxLTPlFXH<_ zM4Dt#HfaJ}=QD9Vs!naWf4btn_6KO#RE0}N8;7`%W&Y!jcUY}1@ADkbA)ND(p7Gt8e=ZgBtgfSE{~#bQt6(0R zoX8M#zmd=IxkfUF$P#`en;<*}hzD8|`GkJ`H{$@d?mI+vm8@^Ij$4pU)w63v{H;uT ze7&P9ydSU(B}jpnbdy^Tai|QXYfHdvp9{;T$3}7*Qm=C^SB(#~4cg1UV!6Za8Ywvu znPw?zybK8FIHzsEPK8DAih04$i1f@Ng$o@sGa?m$ImSl(W?PZW5NA(NI0p-QWR3w^ z0=9KILbq!L*qi-gJblub2>E5X-oRc$Zx#_hbk3}qe)HQf zqFeT&IB;l{>6ZS%UscN#FlMYwT9P4Z*9Lh@@s`gKx)9THZz=q$vhG@%1Oe*23UlN5Puyz?S#t#U?Rh)rXrnHX6CWi=>@$H;ir9F_5!;;*GOq z)uHU^uCerOONOvQ0^Zlx1=@5>`L}*Y)lOOev?h>)JRP)-M+tc9vIW8o~_&j*F8VI(e_nK6tWVcuk6A6*omp zb$eiVimi@ZWDQaO=(x18KSH2WF`g2k%Gs6}5)4=}RH_R+@1Qw$Z&(PbXydp(4%7*~ z_F<}8dXHDq+j;6v0&BfWk7S}r~1*1>z-$#->5}=n$E+^W^E%1$Z_RqIvmytvNb96c1 zptWNfiqRklc;iYMZnm4hQ(PDU!m~Sk*yT!F1Q`YL1?hkUl9hV z^sbQ?)r(eL1EB*kTHE;e0&+FGH5GuJB8Tn+E|R9&?>`oVDB8;KAMEsnIf=TnIliTSn)$F1<8oF0ppbZr-0 z5T{DxGm8ohKcdq1VQ)saRe$1R2>vgB|5@4P5U-tCkmnL9i^!6c$pqH7EW%~{Y_p== zy50E0ute|gKZ&!B{G*t*V}?5E(;dCO6QUhCP1OeYzEvq~TNKIOQ3zExQ09 zD7wsIOKN~gW$Z_rVz1<7nLA=!{}hO6(DaK`Ztb^UXiCN651jw~U_Y6_n7Q1lhxvT7 zNCC)W5>;NwGh~$Z0|=SE0eS^ESdA@`(apjlM44Av-}DzP%CSr!(NR^3gH6PWDfm^@ zewj3VI{0x)B<_;fi{iu~&ABpeV-9)U_|eZ0jf}Ng_s7ZjJR~&5@LSB6x;45riPIQalUTv*V^mm`IRKNURh270ad*J zb*J?xkP8TSp073uc|O3nBMV+r1VC7a-dzRD$yF$@0v=(&5O!ckH{KSS*^GdjnH@}Vw|8GOCylSYzMP>h<&XXIEMf_HD`I1F+B!&j%63mNM{VW`{ zQk`hH5s{t?l!V#8ZP4U9!O9MhAJ;CGr;kAC^(kR`gX_o?V7 ze-^>ONeK9hnuJZAI46n<0h#sRM!6!hJs*yNaDX_mOauP3<^8cKDcLG1{;Yo|9ql3B zK?4?ze#Nbl->e^5$Erij#AOA%IF51jb+_7n&zbkHJ!gL1SyR-w z6lrrAdV%s5Fy@GVm?N9?F|ykzLIF4RAU3jpF3hbih;pAuh5d3hofey0HprVw!TY;8 zAZ&qMSf4(;RLFMJpqgJhtr9 zRzLqnr5D{xER>I$6{wp!6GW*^B&*5q%hPiIb}ck%$i}WC9|)L}M>HLsuEhvWJ1n~W z+pJJpR$pm-8ynnH{WfvI_K{d_MU>R{Dgsj~lV*s@d}Vi<~e6S&#Sm=nCng zFokEh@Plq`;J~qvxL|c)8?=~aW0Vnqd8O6iG@ts#E(GHvW+;pX>fT zmZ4bMzSR-*tiI9>#`Rgrt1wt>ef(JzAe8X7Oca>yS?!}6#U!X&iRO%3M^HqWt@A^a z-rB%lD7O2+|K2Cjzq=+>{_n4_p07Jcle*4xlUK2FmENO~#_ z=E967=y<#yF3hIc7VyrryBgM)0tF6ZnFaS_;Ne1gi7a0#5$jad#BF9STsFPx@CM0U zh8Hh;H1FR_PF+(jeBaA>A5sLw_Eay5i=2u#AEpmGEM=lApSSlzi{*2KPe)pAri8Ir?Vl z!B3hkk59mvB=WJ-^KkbUOlX2<;B4NdJq>QeUvHzP&gJ zfpj?UDq^KR?uPU#r~)Xptcf`z^;F#se^!iCtytTl4%N^+-;+*uo7JQ+2wM-UFeA&x$orRi-n+3hIu-kSUp;LU{ayWF`(+X$)*mAx5bMcY5x$%9hh5X(jIl@sb9H~(3FXvO zhg=5J)k4wh4f74&4xMj3&DDj|UvAecZnZiztXaxM>d)SVxH;ImUrscAo^PfWHMCgV zUmLy}V%>esSxGFT5HywIc~_cY z3FYk)a_`sk)Y=8}mcY+w#y4F?k)p-OdV5S+q85G_?m*QsdG4le+LWJ9(`+c!Sq_O- z*)5(0{pjvfkJHdrnMixsBF`61&eGB|Ia}dHu$o+TsQrt{eci1=mi~p#RkC>SDo_CR zVxuCl_TcKkAf}W>O#qOkknRCsn>jABvp)a$SMgYKGg?W=TR`%M>rPzkKP3-aIW**{ zV-%%jk`<^3PqI9gGaL$4O;}S5{-@LiJxcUf{M^Yg#gYx>!z-$n7Ny+k$y#5p(l$LP z^j7ox9a*xV36M-}Rk=&$Z647m&Q=4kr5?{$oUVS`T9L9RHI<1j82)&L1+OI5b`@~N z;+4XF3nMs3zQ7u6O2p|SZNjwVc#4m1A&T+?Q_D&LNZ zP1N#CUZtM+x9Qzo6B&VS%~BQZ!oM)7cdwSoxdTEl5@ZqFcec{5Fl2r?0`d8B`cjJ~ z{sKJztPYO6S5Bzmn8F4uLsE4V6-{(@DU#Fam~J6UV6X++GQ=Y|MC~E$6wBl1EV_&b zIny*WmWxfOqP3ZeEj7lg&;o!C(tt~*pgD?6_Q(7EOSYsXGoD0zGIK{*O8ZcAdl;;6 z2s1H`H0#)cI&C$phIw^WrP(yMk)SS;jw3Y8xIB9Gzb@ z{+S~0Z_nh{|8vHjs(+t4+g`NYCiQszdl|(?jyoIF|mcZYL03cpWx-wsc(#CT&8ed6{83f9*osbBp`;3j_TR-zWxDnNm1LcUr9n0Y+I){fhB1jBV zZ;nY=c)ff&=R8K&&MOY6~(JP z_~4N@=|+G~5`IJvtrE27xP*JSFN(y{zw5jzM~g1wUUg8vZrrq{Wq-db zuGYqd3Q*P6PTLtKm8D#rw?mKSnE;Lo^7s!0N*Mg0Zo;H()a@RnxzoV~QpbNfTUA`m z$7~U#*GvJ9$}b9pqBKD$2;X-$wIxznxUD=rlJ9!Mp2h^{LCGT9>Y-9GSvtug6C}>^aIx8(F$%fs~AC z73YaYGf*U7P04iif^wzAO8HN>u9f3DzI9{#HV51WT1~2Lyp!OT?@q%nePX<(*c2J` zn%WPP2XL}H>PbkNO-D*64dnesrcE_?#kHqh(Fe`AWEpjJn*Z`t0_$%Ap*~CI@-VS1 z5n4U;s@bH`Mz9g}{@$ph(=|*coe=9UL#_WY4V)ll?F&YOPIRQZLg-SMWJ8YlWxrMUn+Z7XVXVoxG?`F{((dU&HX)8pE0^ZHBp_f#C5eje0_$=? zh%+q^ZKQs8NjPUbv=2bq<;OePg>AY$vX%Bnm2&4^)gFjTrcmT^tJ^q8h zFgkuRg7U-yL+3rMCZNlwsKZJo0d8R67i0w@!t&7 zN`XZ6Eh(5JQfN4=>D(^EfOH4Ucr08U!u-9R8~p~{I~>x#9IpLAYk1ZChz#Rz5}X$H z<&6Vz3U>#mNB-~0qPuW|fl*^yp|pcW`*cg^Pb{AAYg{GkEtHBJPKECi9d^D}0P){q z`u}?GYTrsTprcOJpMImnml}nbGnz>|jzZ>txEZS~_Y9@vEJ-jraAS zGidxXYqC$HkPQlLIWOT>k2rQxH)}vV3|F(;+^M5~N zw&9_6*`5DIRb-7rc!CQcpfJ-ov91$URx4O!O6qJnEag1dIbv=M2FdyxpH+T8q!Ij* z8GRMQPBb3polTYGCxnhQylbt!O#K~asLc(pbj+-=O}hCz<3SdVGzFk*L7_re< z)X}43MC>Yvk~Pq=&6v|sBt0AM=>qRj4hOH*B;+GlM*2UQRxFe zPBi)VQ?X2Ylq8WXHI68w=b{!1zO@PjMKa>OA;52K446?@H` zMZLI&V7%s)xd+53vO$jc*3cV~Klv2Xx7$QpD6INf0V4|QG>Fgxw6HW)yq~K8!o1c0@_TjhAUif#F%Vc!`j4H(T5Dt{1TYSKCjN47 zbO1tYdf|&{Nbx&`L`avnz!>P2P&@uCnziH%3?l%Vdt9#@M}4DYa&8v&fAxoE=De!E zB8P!!KbNXE)Sg#FgX!75z5}~IJo(bdJdQoSx_|Cz*4OVnY~!AL-1nU&o)h9w+P^$zr;U>O7uSvM`oX4=!_~+hy9;=MF+Gh;C&wB%{~Je{3I#fuXd4|HQ7_L z?w{T1r#mr(EjbX>N}*i0Q*MSlMm^H7fs_A07h-(Gq*3)o*~2#pf8VA4#%4F-rQk20 zHB1JBGtpT*e=ZYOw|N0mFTICJ?^oGQm#Va`XXD)BHzWi8IUN5()ayWh+f2|`>=r&* zS>hLLbh~r1D-^z3FHHrJeDr8M)vI?h8_~PvKdBh@Y6)K>Bgs<2_sF#wu-`-)+?Aw; z8C+3l&Y?BMC;Q28xl31{H;|eyYJu$ zojfBsBuYw(7ES)v&81()TMq!> zZ4j*J42`Wo*KfuiJst`u5#es%c~p$4NQ263+43b0i!?9y60 z+jkN~Gh2@v$vWP6FJ1pcbQc_=nG1-b{Q*GYv1JU64iF=yuh`h4Bv(i|*PJZ)&mMIa znHIrHNSHg`O#aS+)Qgz{p#t2;j?bm;C;%et4bYaegyFfZX$Ty^v%2PbcWOq4=NJh^ zIjyIwd3dsbp7dB@9uj@QyCa)Nwl5=l=h;ku{5}Dh|MM%MLn0+2yIXEYusd~Wsil&q z-Znj)-OOq0G^}jIx#{3t22g8VTFlP3lc7nxD5tuytFIsNVHOu{R?+X@nErGR#x%jxVxYbZrFa;TOUD|3_fn)$yP#0vz})k9xe!u@nr+N$EC>9-r#$5U6bnbzI*+*-di?DTS^xOr@uo#iyux-Na{A6r9msTF({cNE2aWlocK8T~f=6s;2DONaY z^U=$>n}5}BXr2%IBx6Ir-(^uC&QV+1{|5ofpe`vEaT2*OzR|*OwZmqty)Hd2(d7RE z8~>9t?n#2Mz?xUMyg)j)j2;-+FTc0FkC1zR>5OP!HPcZk=twzYuAWZDcv!?CBv!Kc z`AE$nB%wb=FeUW0szi(;_W0|4-b$WUDj5!ptjw7eP2Dk|ag zc`q8*xl_34d-ga;491Icq+jMoCkeqH2BzUA7aS>mWHJcYeR{;VTg(LNbUu4Y4~~pv zLN#JhTgUOYM%lQ!=p=6LT&!C!BqtM&wrtj7Q5L`T-83-dLiYL;X8cHDoi-@vKgysT-_(7JF`3R3Bpm7I}a!H_vo zh%-s=%g8|lWOEC2Jr|tni2XGSSypB8bJ=#r-10*_a=ehhFR6xZ3l@D5B@vOe^Dkp< zh%7A3Y9FhahtAtuf>|C`HHV92u={Hc8wwk!$5$b}>ovGQ8*3p`=YL)&0CWMyfrRHcVX;SAq%bo2ltU5KEH(CKe*p~$bMTi z3E-72anzYcFn&`&6_IJ`{D$B1?OGdU)n3QbE7xL#5jJ^%(<2!Ui0&#I^wN}Sj*a>0kE1r}vo0IRx`!bFLZw zOhjt2Z@fHr?`A`=r1`6JRX%{;d_!89`E15!E!Vn!Ih86GP%C37g(mGm&+In>CtuEp z`4Ij_qW>8(`fB)nDux3UV=8^S_M|UB57W3z45j={KN-}v6rs{t^x4PIGr490=IH!}?h=XAc>($qVFD24o=5=bJcEswHTFz~ZWjl&X#jTxNjwGY*2-mD8gE81EC z?Kbej1?>9N!b|!eXX}Aei6Y4M+dmDpVcw0fB1pq}3=9mshFW65@0;)}nKA#Zko_zJ zuM`Cn6hi`mB(}iUE`oe>klsz>nFq+8&URru?*$QWVsLbr-R-%zgsG^`fsnFOdB$_9 z4lF+t73$ECi)LT+5!}&up@n1?=if>GRe}EIs}bJSAet8=CS=cXk@0~0z=Ko0IaGhq zh_DZiXhiW!p2Y%b;ORV`$p=pTFb3 zhdi0DMN-!*7Y+qF@boenN5~CrJSSjETu(olfK>=8NHjW_-Nrs95U+}>-h6)2?F4o< zMh^9Qk}0_rh|lA5?Kq;dGamzAv*xVgFc{%D5Bhu6ax;6Z!w zC+me~i_3aD#KXGBg&%~D=T%>V$Nk1M0rGDfm1P~5kDLoztCI}B42O3f`-Oh+hE_Z< zmAEcSDynE)E@S%Nzvsk1e}*&JwqzwmZ>1mBwXtTmt1ZbMRF>Txrm1ybrG*qO3VFB) zxy9%?3c+F_x|HO%jtru5#N9~5;Hn1*P&U^;3|nPMpH3HiT-GRf8qNM52ioYUpSF)u zY}05l7LN=rO`xsNh5MOuzn>GemN5vvI3G zOr&wsJTK?EXg9e(1-W#Qk^ZUaU~^=K^P{u2_>lY;0yZZqN%a&k_yLzWWUY>j9Qz!HaW}21vlWLpP1!1sllNwK<_#@>E;0;!9^hUtq1!_KnMW_B`bf9#i zbEG3;nb+o-Y0!!p$s0$Vx--TeG$a-QLK3k%cJ-aAkG`4O7*Y@J0F}wU=I4Of|deHsf6v zKcZs1#KB-+>!RcN-h{6ddh`##?TYHcl6x&;i#s!h5Eay$W-D2y@iBZOL#=-Mh%({X z+Hp8>x1(7D=MIAa^T!~Wgn%A=-8MDKv;DE<0#QYfMX>uGQQPZ25Tvnec(sj@>9Kz` zfbVmik~EK7>RVM@I0I@}xZMdy=ee4-u&7I|97a|8r_KZl!XJ=+|C9jPf4^H#hm7o1<|&f$B+h?gvFW?Qio7ZQ+ic)^<5UyW}hH&$$C2 zkq9vpSzJ{>=^|WKyiy96@;U82;+U?zp}mn%w*6>K=Ju%{=dkT<+C^gL-B7Cm<+Re} z5mWf)ee<(WM#0f29Usob*m~oRq?CbneC+L$qv4q>cV_CPo%Bc^1eR6o~6nA>aUqnm?2 zu*VL4Ar^-Q7S{NT&AYwj$qe44O04TDvnYv($GUBe0{UW^jojtvIV=E_%S*XYvDk{ity2#>WUs(wAYss{4xm4V8`*o64X5>wLE9l@&*c={SSlIeM;LbcEN`sOjw z-k957dARaJV*Q;|Fy)W___O``nT!>8`@`PQ%*KY?yut0E7%=h0Wc5LzaKDN-pxEa> zH-B1uSHQ3MdETepN~N+?W-PL_4zG*#?*dzh_&%dZ;Z^i{l`$2=+7D2wUrk1rFj$ZbQ~I#9)Y+{9yp};?WPmda@FSMCP=&D+7%=1#Lr(4 z67f6I_mqD9uV#+g@!d6y7a52$ymxN*4o*R--Q7%VNtJ_BI9oLnt!}<$V z>ySlxuD8$f+8j}vd5Ai1Pu(24g}%dm>y3W9yzdEwy~tShIrP(MU45AQ`q1ldODlVc zYEKdF+l~GyqU_rZK|1D{-Js!(=FT4&xXE^l z9VB+MmSS?B#Xg32-4)-2D6gyf0f7j3ob<1vb0^Pt15P(>sM!mkd|Tj=C;D~1o*~z8 zccO!+!(Zj0faAjq{hvJsM07>0*krM}+V)@VgxWvFJU`1&3_9z~AXXqK+p2NHKx^LZIOoo+yaO_1kjJfxWhlpb{T*PkS z3cTfHKtU24zOFgg0Cu*DNEwfDGe7eLZIK})olML!6>)RYj`DrZj2Y%@zn%(&eZYEt zy$H?m3>HLQKdBTge1Kxf9F1!CxLV~pci&p?bZT(cUeM;@birk!=M4bvK?!S;T2=wo zs2yf%3|frf3pjp6npd<~oxl2gKh$X10rg7pUUq%?%V;_-Yi?F8QM^B2dy$90bcE@b z&iVQ2V}IWm*bN&qbl~icy0Zv09Ciuv;%S=kk_i6zLvXQ4@Y<=7KO+1iBK4+sWG3IZ zj>PJ+{c9n)rL*QLN3Mi8l|nwbtbC+uz2itC4R)uGiNM#Zt2sXOM{aOvMD|1mHR=dp zn=H+MVY4J;T7Z8z{L4b6cAF^M+g{(q`1xo{y94HJBJWicUQaDsmXDbz>C3nWY5y-f z+bk5ApRYh}aAAGRY2zXxfu_9I1(q_GKO-0&x7+FbCNj4gPpdy2{u8=2JA-WwT#I_Y zvjqmS#}Bo{U0t1i%TF@ALc22i^(*wso))1E(d$Y7@DBs+v~h!n*t2rqcCCLu-|aYJ z8QZC+iJtf;;8}OOPpczSdw%zBeusM)tS+&U>w<4a;OeOihL=D5DT?d((tvegYox2| zTw+BTKs|X-?;Cia0X5{R>~~9qx$GP%_WM%vP|1F04oie!wAJ69ZWcf1{Rlp5$Bk{* zqUNDfKk3~)Yi02z;JKcKyrG@ zA85at`E4Cu{Dh(63)|msNeuc@WxR*TD2!BzB=Q#KN{TCc0Q$kvo$#}T#5C;n4X_hLfq)q16t zyGfe!EHE-Fn{%V*l{&~Xp2-#A^WJ7@gROub&wOowEjHSh*`WWbh#Dk4xfd`diT`Agr7+woI9n$SL-$wQBEvU*S=LelL zH z+;;n!Bt3YU?5rrv93oh_tn*mQ2_LNZXuk(-USb2Y)bWv#aKn_C;I*3w$nZ!htjf$3!aZZfa8v!@HNcpv(Gg2bQ(i%A@H zWS-rIM-GX5pO1*mTNi`24Hrhn3LWw40{)GM_lXUUdXt&`XgtsNuPT5oH6 z6L&C4nHYvUr7?04|Gm%rx*~^RTU;hG17&zaub$Snx4oa94$3OWPHGPuXzf%9qC4GW zSu^H`P(uR${5pvXq#!pC<}cu&?{vsVEu$J#R$GNrQw7q4}py_gE`)Dg7&Q}A&}^4|(F_Dt;S zX{9xjD*3rba~2lGI*DX=Sx-i#8zsA0S=0k^_&rHWD2FSUI2hz?-R)0>)g#I(Z~3&l zj~tgRSp&gvQq?KgsF_@_DFlnzWNrLZ)Y?esv(*0}klq(%e|eVk`^^*Qcy2?t<=Cp~ z`FZ4l2ZXkGRdOCVapHjc)1caF#KzMWi__&A19v+1Ei(c4iyAvX#}u8Y<2%FYHVuGx zGo5OG3r#KdR*nC6v;!zNm1(HPSm=Mba-WDUqrWxFA!E|4eglVO#aaB~?7cbyuu?kT z_X1FVJh3~!071R(4c>r{m3==*b7EiYq?8x)FVB)Ax`&@NKyQ@=S7PzMsK^H|7#wO9Ih|~Y5svwP6e{9yLD~yZpb6eax zCq9Nmrjr(Amm7&)wsu9lKv9IFEL6w&#zC+;mksUE9OT`7r?Uf8^Z&<}S%vuTw<|@y zdPV;inFRr~T{`@qe(Cx^D9w`no8^4^=R*ags7UYV{eK>IpjCE3`D+L*g%cV4|NQ<_ zT-PMW|DfK#18zwD9gxkA8Sg)7Q-xTU;J4D{<*>LoPaO(s>VVTB;l93vf`Za(dnKg= z?J5A;Lg4+syV+6ok?@lz}`8gA82V&%s z_55SURt;tM)LQfkOWb=SvE-rt4#!4x0YiCg>Gf^|-&;lR&dYqR((PkuqH(Vw&Z(W| zOH3+p8={FJ&bnLnqSw-MW@);CN7O=n0pEXp&^I}u0|EmgFxjFcWqdwXY(Unr3r!nt z2V*}ZI^93s>?XK((&;~khcsLCM~uMhm99U$``f%{W@PEe&YCuAFh`ELdpKN;%VcUO z0jmwm-z$C!YFfFEVe5EXyw&tmDLW*cX+Jz+0QL?JaQUj67A+^19yN?xo^na^>x?H# zH_BpvJF{#rTz05e;IUb+g7ndrr|%2nyPzcQuag$s;$H5<2E1Q%ohqN&%H1}oH>OUn=+evCTXu?Q_9ScdfzLbW^Jx0zt#uDpT5V;uH0`t+0~$3uE0${J zalJ|6wX`>zLnx}QvcPCQyjo2`0NmYqg$DxOa-Ey#``!5j79m%SD9 ziUsm_t;L+C&B^(!rX(#Oku1tTN9MZ}xIk|1yw6o&erf5(&BVdN>`#4tQhuCi^MyZ& zwFvmy4_#koE}D1jPwv=jlGmB|UJu_MHoUw94w`T6W=IhvH<3wXMjgHnvw6MVMU_*A zhg(}sv6f;x(LT?Mx}7@vOWQcPd95+F2oPo+O%`LrOFsrUE?Ifcff-6QE_+2XjKpfS zjcVb0f4m{CtJ%vG*Bv)a0M_g2HV$v&XdUX**YXQ4O7@o{@OdB4WkbjLqXn?A=8i>( zuae3r-lYzDj24KHL(MHLilovKV`J^+Aa)$~N6qH3T3t>?^`DqZK7K&h3u!A7$gz2X zDLa4wkOGOMM7gywwX()}5VI~`uni86gPh?fsUyoC4!37v|Bn#3KI!wSkdqm*s49>r zcb=F8xCpr$W?>nJ*X3dgDPnXP*Xw%l$`h`8zNi@HpS?*L{5QwRsg9(2b{%{IdvuIB zy;}0X-&?c0xa^Lt)8h!RvE8W@(f83diPqzK&f?qHnA{LqI}8a*Y#NU6cYRB0KS)Is zO+Q7&rd}HaOQRlg_#!dBw=Btz6$~I4CC0$C+}!rlAz}`!^L98S|K5_bc{g_BT|YYy zT{F@r43?T*P)tz5deWCTkBw+2B_d&*R97qe;PWu~j5#+2zUgs*lez<`yjz*)LE#|v@etsVFQ(zTkyD}-g?d|3q3?5ZI9o*Rip6tch1YmMwY+}N! zNGdf(l`t(Cvig+;oOM117eC>Tnr2yDZGln$?vx~jeWcXF_`0H>G-)XvEzQ{IXmOmZ zC3R$oxty@Dl(3z4#dw8=#?5O0_JhJmL*hNUBR78_!Nc`5-}s@XV9%Q5Q{NSv!E~Rb zgGQdHK1#DNbd!O6DXOFgmAaFfnX+<@Sa=E6&sJ)}ndR}2!qVZeDCt4k;y(7>M+Jbnf0848hx@ zK}A(Ie5{UH8y+tx_yuv=H8?0JHSHtgA$43o@_6B5aJ}OI7B(0HQu!B2{LVJG$v93X zr_*3E!$*&J_XscGKqLdLET=iZ(kS76A&xkdlTC)2s#C0Yg3D=NT%2NovDsg0u1^?t zJ`>>C;kS3*JFL$6cvA5|iHX&X({*KAeh#uN%!Dvq_cYO;j5tI!*o}X z!B-*CbcA6pK`?1L{EAIR%Sz87z0SLx)~0;Qou;fQet)q?#op#R)c8fTa@LMIpDoI= z13g}i2J!HlNDIK_{-Ui)yM0af;N(JATmV{6`z$0_Z4e%twQB=p2L}!b>F(;vY=szS zBxrB_s6>MN9UGgC3qE3$(LgzUx#2?DQ$AMeB`R@yRH5yoHB&h=PN#ra_EE{xf~;RL`p#Rpwp1tEPlKbYE>p^I?Y|^VjQnbVR>-nzl!WoA$bdO zp-1kg)w0+AEMKje!NT^C)tZ@*<~J;K+#a6d z)>yIJat!ZycQo*!SxZUU#CF0%eMTi@Q+0*3unh06MMD!z%4 zF+R60!0+oqe3>flOT)g_QZ*lC5dj}lOF#4IM3k{ueAK_`2TgDnmANjxEKDS8xy8bt zI+I9{#V<7tsI$9iC!8+mt?U^>g92iSj5T9a0ZRN@;PX3qp+q2V}l%jq`uDe1i!*nXmYQ z9j{2~0uU-OG3O=zD4 zAK)|^drrQfm0-W8wczAI1Y2}`sl#gJzCg!|(b%+!H_MBM69*q{h{$s@AP3)Pxv8Nb z?vU4RDr*Jd^>|RC)ya8a7(_Zqkk7P#pS)L~&x>L>Tk&MpyIqVX^JFc^V?Fj3Ic5nB zt_p55S^VwfW4-d?bg)W{F@CmGcVb>4UsB#&{WiFy_%^CLmV$Dm?8SPz3Mi^mEUSb5 z&VGBMHp9uVh0&-3pva0!eZ4ED9mmQMs>~HdNNsg&eR;ZL3xg0>+UoH4(IS0HjY)7@ zYO2e>&mU!)I;Qh2PGKXq*m^IZj(dB7Gu7Y$7^)j++2F*LfYNAnxyY$W9L8RNze!lV zAX77gt!3hWo_ z$nfza6$q7?pUQ_k;=ispqFA)pcM-lfG7Q1{8UxudU+<`8`~Q z^vQrywIw_9>E?h=z5Z|m+rk+uxjiRWRxBEa{e8ix4kr#J?gs1B%iWv7=sEfZ!~4Ze zg}6be3x%nCMLL=JEiDUU{K-3}CQ*o`A%I_AGd<&sgR(_nA(=v(Dqc*9GvX(S-Dw7n zDma+yC6n1SWJ`ia(gYxx*J6E|L%}0$({)xp6fR4NtgYe1piX~F`vofNr_Wc)NEobd z31fQXLQe4czZ?AvrL#IW9}2P_9_F&X+1G^iZT)si9WGQr^~@0>L>hr}4;8149o~!= z@JFf#k7^053oLGo(nWqA$~W71t>0|2`RZbgLcUp`Sq1%WEtYmTb5LxRZefGFQO{^G zIco-NZPJVVMK8Q!IAP}G7*!I^Bcdq&q)rJJg8)em|CtzBktlYwc3`t+rf5RF#$6hp zucJYeHlDHpvoMbGNU{;lvpau=A)%X3noyZxaUY$XLB)j4#iB9eOE4`J-GI6a7N^%U zTevbc?o1-U`I=Q^Fot3WvL%^;L?9G~7>R@kw_7?Gs1_Ys z`iGlbGbe-$Vy^lt=WJwDuuR$c!zDNkJx0CzC#Hj)?Q#6}VQ1&tMi>M~W}1!W+b|Q1 ztp1lwfyd49k~}%PE0=8{RFtpit9@A0@;fkPVK(~-OOW+jA@l zq?Kv7;L*41Sj2-4Yy-MJlU-%XIha5ru_W(`rw6)$)zCH!Eu*!jBCV?uw=y=%WFEWq z$}$f1^EVXHo!b+nP}2VC*AdaGUUXia11{5&eMByySLIJ1_Z0F|{ zniK;qd4k4{6$v)c1T)Mz!;7=yqoYE!sHCgWEorjy9kT2jzQWzoe%na$h zy8YHWuHEdm(MYwYB+#Hqp8W`iy+axXK==5VKgwqemA~+kF`BfnIpa{rK{k`~cnRiv zSM_ZFiHCWfYctfTl5ey=)#9_=yMMu+LLMU?fYo-Mr-7{^GSI)yiLE0`T$m<%q_zYd z+N2PFqKIR_-(TWyhkUW+kEw=XJq_9{`r9`58D-nOa!{&J^F2**^;!K3oi!oxZh%ggaZ7OsT! zcqWg>`8gF)p=eX|vc`J_dX2zKlm$>ytHT|!wA7AMk-P` zW%RSfT`9cD=+{?f4(95!VG*7e2-Vs*kI4FVpVPrFc9ZE1 z3Q8&;es~!8QL&wgdm0}@+Z~lZb7VmcFTV-GxH-yHhptjM%^b6X zqtm|p;AKE@2!C}I3t*WkR#FAWX;uq;ut@PH7ID71gKAxPrNJ@MUQ@sIVM~ zUOh0Cin3HFy<6}lwiG!Re|C}4DS2TMKPXVGH9&*uSYLkRlnViKc}l9P35mL0fSQG6 zs4rlhxCqYFWI|WXt$Atk3X*}+-{9bM*U-dT-}qwZVDEg})MV!n`!F#LON0LokEODR zB|+cXW@m$Qw6CvciY-6Gzb&sV9Jh^*uw~!^6|Ty{g&8f@~9Gb+Wsw zf3UlsH#|XEmckB3ctMWA?H@);$Ttemsp47pYU76%9YINJ!q3BuJnNaf`>>oR!6r@YCgx(RA^03mEJKS6yol6LRU( z3~edwVzoe8E1IKzuE>m;{!H!!g-kUcjy(;?IvwK$<7JJL2#< ziZ$oegnD3`y2@^he_kJFRyCh=9=!alg~K5hltYQ76<`ZugA7UjB5KTRVA^zStcr10R&?4peWUhA_oywE^_zwW* zfRZg=65)di(goY_{c+lo<~D%F&^ogSp}|Ur6Fdu2G9}Z_@yPdmgO3(tYiwxDK9c!~ z{N1x;vUF92y>_zj-zSg&qv!jA!YD&CCckb1C7hqSw3Jpm=~epUte(tJ7)up)-A&B# zUu65Q9kpo=cnsvcfC~;X_Wx0j)agIx`!;N51PlEi)5jNG{F9k3jpG1e&3|c;pM|m^ zP=5aZ9MaVS93D~ z+wm1N(R;j8A!hLZ;PMAVmy`@DWntkMA6Ekj%gd~UgcX8figb}Ox~NTNQs;gu)_&6Wqy~n;$n=ED#YBXAO#jQ-p3}qoC|8KF*pL{g9_f0I|Yep9W)v zZ}z3kXZHE6D;3F^bL9`v(9iii8k5w$T=&FLV8e@Gl#?1==8IIGK|(qqB8*KA%tWP% zBtZmj3w}#Rb=IEPFH80-Pk;x<=Ld#_%2T%Z%e~_ie2!NMo=6faAR<+ndgN<*zq4hATbH$}_U)$cUA^s_NnS`TLs7Mg<6p&7$FsO*q6g+26l%y}P^f_4Or~uk!;L z9sGB%eO1UlaiZ_;_#5_)kB{rZ`8&oy_KnDHVsmC_YpZ=J3Dr!;!NPLQt_=JOd!%7o z7szt3voC6vq~E?=Sc(pOLW#$sby2drdRHiF{Y5e`U(Qfd>ppL#As?TR90LF5oLm&h z5iU|PE=I9~a-=Hdt_~k7XJ-oR%!drD00DSrYoT{1GTIZ_iylkWZg!%y+U;qiOis3p z2H&8zZ((cfne4CoWcY*4})8BgBtJPV@pD15V}*P7n-GX|n>cP3P+!9z?OlE*I-Ej#q}p=fxUqC`>m+ z*`upA`YPG1|5?OT6yMw1TZtsvj&%6bDRx%NrP`zGy^K2JIr4k24UgR_faKX_ zdd~!o|%Kc-qXO!2unSWrjz_w8=Hp+Ib+f74HM*E8y-Ap^kLgbQ-|s?n=Hj z&CDyoAS?8Y1c0dC|Li$Fd&Sd}5eXe|dA8&VVdCa3DWA4RAbkdz^`QfWkLvVsPHdui2#C<|WR^bVZ_yH==kxj$$}`=qeR)Vj zMRjv~t4NMojoS=OtJB$T_C;o~s~QEPQYjHt=GhS^L&T#y>OGHhcimm_=f#XEv(yJ= zg7{-$b~XVWoz3gx6=lNl-F=k02Oe0pKLI|?Yl3*egaZEDKe8Ozd&t>Srb9zRF6XOm z!tiiVcJ{*8kFZpN*mK!oPCyg;uj6X; z-E>wv%{%D~UZ9#j#pn>HWz#LN2ZoaTJ)m)glUin-^$on`|A?7wS}c`|UDJC%S1 zaaRw6w3H<}TfjA#_(QLP@2phtQ|@r1jJm1NHB70iN8f51&E?NR+%8P*CdINy?O1YwcuD^CEu&OKGfv)O!J3Btj zwtkOsXq*gX!uVg8Efksw)1^w6i?H#6lm&hvYMjd;G4#EGx+UeELU$dF+c!|@>TRr_ z$%qKPP_E=-9y3%Z@^L(~MWHBaO?h*z$$~1bMMaeBYL1%!z&2V`(BXo~T++sJD=AAF z#7MY$d+xIKEd-GnNL3D@a6YVgz+eI2+3w0}0JCo1b5q02xm7m>QZq&GjAyn25Ru}A zlPPiS*c(0{cZ(@)qpe=pVBSW>?F64|R8P-9Hs8IW+1c42tACiidje8hgXVMib;F-0 zmg%%|jw156I^LmwE_~{Y;?@=ugW^tltwVU;k3|060UZwrdP9issj3xwDL{m)C;aC= zvWfhpc}`HMVrF(U;E7)Rp+fsl5dRMAsB*7WEI z``fmW&BgWxYuD89FxTitcmMp{8e6eok}ew)iiW6)%fzRR?D^Q7apfSX>`6@lE*J9y zbN!=ro7G7KTGB}bW&4J%_OaqjtK?{$MlqZVgxGa-I9RTv`!7NF76;a&HD+^!i&Mh^ zB6V=*i~Vs!jxfiZ#`>ZP5xS>K{WIgE%N(|c$u(Z;Z7{G3_BScGeCNo^l?%m46&!=m zr+g15e3V`KQ6LWG%kwj@(+nBUmCagvN@~JKUmHkX&lD9T)lNZf7#R)8i5n_u-MYbo zMcsCayC@Q$HIZx*fG-S!zo-6vz5}bL~ON z5+l?bBh*amUi=b7PZU~SE(MZ3c&7t}G9KMw#3c$c1bwht zKmMs7yUKx~GA_;b^vo_luNCXi$CjWQZHzdE94@@Dl<55Ing-ltPvOQqEQI61(P?G5 zwy6#mvbJ7!I8s&B5*G7Rw-8RkijW|owv>s=XjT(;;F z$x+!4v0)F5q+o)O@V$tT9bJ<#7*mQ}T7~v>pfES{{QfN&Pu4=|Iu_XhDpD9IUs*&L zs;?t)xGUq;M!=@x3Vyh!DC|mczpbCC(i0VK8E3Ynm@iw6M*PaEYEzDNu+5<(Jh%k8 z79;Ao$&OTw%d~o(%y;yzLdI6-6Hsw5uu>jt%YRl0rWlUf&OI0ED=-$PC*tFyc@`0` z5b%fNzHkoCUH@;?0iu_efQKYfPdnu2x$oTKwHz3r^Xqsq$U0ie7eVt`t=iQnni%91 zm&YQd+@)yve7JRCY@9CwJ{IWs-k*cBARmsVb6$!7%Y3^ok4T^TJp~5B&#L}l3&MwdO4yV#*HD}oRt7PzI3Z4&>6_%kQkquZN zlU=(U%OF=gcP_Mkf`kY!sG4zs7CicPZWTq$bl0?N}~$I2PvS8xkLLQ2eH{XvwE zjrmUuufbL~^P(Z|x8u)5+cHPk?miw9TZ%TG4 z0)@$3T^Qaq=^?b~2E{#M{d~?+T}T$Dp2KXxWBtW+q-nf&*O&!_7OAt(Vz~+w`D5Y zlf#>`ivdo$S8L)h{y;t1v_6_gwEjR=uehIHUT@WUK+t7*$8Ea)b{@^zycInvg_%-h8*a#cr^u#z+D%t`n$q&-Kgixh0_Z%@l zDl-A!5Hf!@`xHfTz2JY%Ht*0X5s{gKCWg@gLLu+Rv9FfAN5y;RK(WT0lAK^t8N* ziAnQzw`lVxUiZg9n=U0ldo3jTR2w@7GxMdqf`Xu+;Mmxhj+Y}`Dl^r2J*{E#ujRrS z5q~}#i6vG&TogVB7bmo2WTYk_rSTPy3&lp*t56*-gKndGJ4GC&Y){ z_SR3uflY!x3BFk_R`Zj_XK=eABh-OHfx@>Q9*p#>oG398Mpjnu0akkUZGJSSa)h6I zG$@}=Z4^(4;s!~GI*ZYeD+S?j-*SSEP)dQq7iWRcgmDy#Fi$$q#K>D%uUNaj#;NsR zh<|h_(xYb2EspQNcV?6gD7bgK;J>^6bPMM?%Ya9Bihyb-1XHxovC*mOne`iuI1c%S zaVT6dJw3QRTgUYvn&7~GdR;yE31)8w^u|$rf8V7@}ky37%N+6^XHS0 zYjH)z+XL--4J2fbuQ*hT-Foe{Z|fI$+-gAg4k8d0Ia9La^ILd!A}e!94pT&N0xbUv zhD1K)pwH#RIs;K4f?CNf-ysxcigF1Yu zhq|0CT4ppS3<2>&$v#4au*aMKuZgR6`lluC!8s*ctD*PdMnc+t+Y_J|Nv$%)zCj|d zUPjx)+w;p(7Q!)J&IqU5i*jUN5mSdDLrv06b(B{6`sVFyIN}$pD}3;-O1)%-!W;n|sbhPN$b zLtdezhgF~`Qf-Z$%h7ZYK<@f@d0(3>0lmwb@l#E(00QaL2_%WMD!}_KNyqysOCR8Y zz33AbLRl{hrreLtFcfG{M8_pz)=fQ39vf3Cp-^nBECQaQIr7QMADABt%^4wS!mp_s z6^kUH=JZe{#ny|O+(}Yrdi^LdfS^UGTf=V231LZRh!x+hTfHb*Jg&z;LGL6+GJ{!7 zlNOlf2exg%yo36>&mQj=WGavR}m7AZ!!RY)4D zT1up^Xo{t-FAJ}b*bE=log2?Ul+gWY=Ub>`4ikBAe?Nz0assg&CR}L_E|Gt3fU}`F zk%&QUu_Ng(!bD1znD5$O8EY{oaeajXoyiSh))5C~0+)EO;MId52Nkh!P58T@uv!!; zk>*ttXQ2ttGjMET_`foAi3uBZH7{Cb2W2&3Mph24H*N{#{QS~SwfQ?bCF&$4(wLGc z6w+XB#@CP%jufRI!J5{Q$C?20m0q{hWMco2(K=(*i!*IlKW4}ghXFQN{2Mfuq{dtI z$>9|m%1Lgc7R7wcBXwjV>v#gebhLiZ5 z9sZ$0uvB1p)=#gy04j0#zG(5c*{0gw6R+Ca+o|@CX&8ZWyw;SVWKLC4J zL}5owS0zN*G+QX9T7pE~u~7`aKa5+gJ6S$-S|#Dja*9C89wQ^*x9HFz6)%AZ8>rUW z%qBZI#gwpFKSdp2V)J)?*l2kJ$)|Z;CYCHYGAM^y9Lr}JVtibOTqHg?wTw>A1!#Fa z+q?1_zAArrxm6YD5E5g&fv*vJd^^x_!3SgvHl5D_I?7t)gh$uW7A!#J$g+-(C-oe^ z@wU3hg}#+a9^0r(@-{o-8b7>U;ICHqd*`U}iH)ejEwVo2p`(6M$++qqX_Ia2W93#e zAatZdbug>ZKq|+Hiw@PcD|qv=?P2Tc$;*NzZ>r1{?qrm+!HNtY-3l(1Q9#g>{j51n zvBmK6OxnSyM$3(S++d%Y)79n`PcZGCibENrbLArnUT=lq>ngLI2l}X1-N)=1BU;(! z>9T=K%X$WpWuVIYqt#MncnPH_pUc48(~4d3s*ul_{pQIUA`nQXq2TK| zWSw{zV;uC0D^t32xm=J>TpCkbSf{9qIedTCGdie?!BdrFHGCYJSrur&mLb%bbo|53 zB~}$^RE!aVQ7|zdsh`r4$letSNRY$~!M@M%oD2d@bdJNB@~k)7K|WQHX%F_@za`xN z3_uYh{c)OOfhYPg>rw8NTsl=E&Sb6A=6rMh=2880ci0P)gN0M5aXxO{7$=y{+FIa} zY#}H=`-K?W;G#Op7;PxY;P{pLOj0av+Fd*;nh$?l-f8O+z9HU3cfh*h?d;k{heA;; zz~yj;WmdaLQBH0DJO>Gvn5)q_yYPZfrJSO}xi+7O>CGFfVxk_uwGQ8s!9^0Q{Gq`Gg8ia|831QVMNN_p=$A_Xl@4v?=1GwGq7qO*is4HW?cC3wyV5 z>8p#8Ouu?`I&&#@WTm`s zp`V^5Yr)}RpQqbV2CVSYcM8$y%o{A$Hv^mX#Eb*RX~xxdLsU~@z8Yr-OMfp5zWD}F(wrunL#$xMYx^TXWDMPz!%uTkNL0=6ENtZU3 zXsAua6nEN4eBtvOk)+iSR&7drQgkp2guJ3}OS}R0>i%uo zZ98d<#>5siW@#6xCYVp7=uoFr8*@WCJE(@;($HuR$kgBJkh=RUTd04rqr2-s zgA`}5N$RL+W-lP)+m#q$B+6gJ2}JSn8*bf>BysNtqb zxV0HBT4Ig?OEA(uKR(SeE1MlJ_37&2dyR1z+u_58MeX))5fpD$?uFfXp*g3FLi*B=BglG&J_|j zSk&9VEP2eXeW@wR@+1H!WfCDy47h;KYH5~BBe4n(iWWsmM?CaSfpBT|`X3ktTSFjSBg zKN%mL%hf!=Avxvpj801>B&8gViHfObb{q;uuT~zZ8h^ivK(kCR5VaAut^H4Bl8=a+Ph(+@fId14Ry!aK^~0I zEJHR}9F@cR+)QY29P@)Mk4mXn%AIRyw$&W^uRLK?8!~_g2nQX57=w69K7z#Q$kp zfCtpJGqO27E_SJaVNk1(+MNC%Lj}Y5LCUYnKX+zRnn|)Sl)>M{VXfAc-#a4%BQv2S zpBmVfi#zWl&YHIZ4xF1Tj#g}1NlF4{So65-SKe{-yk7S511ugyI$X;aT#?tjsOV~^sV>1w-Y7)oR&*N5ISoC zz-k1c4HrV3;jfDY%F$G7t70@7EjwG6pr#7*B`ksXk1f2LO7KHb7U7^ZSUrZJ-D*Ms$V@)%D;^rzMZ zgn037HhPNp@Od5TO;e<0#IwSdEnCixcu9m!1V_IHU9DP+ATeBfbKoCv5r{#Rctidf zEY>Ofy@s?W#;}9pwYjVaD9lV|xOt^Ef1TNv#LkC461 zdPAHTUe2nh9cn_kDX0cUjg4J0Z@5xyY{^!f#ZQtH7!Udi((bL~+L4HvaG`gwO z)@4cJy51Py0VdOiRnYCrBXTt-Y0FZsORdKX5eM1OkBkwGo}O9^ZT5c_Vl+LQ5iY)44u%vv@suFP2izF(1Q92^30UeX>SSRSmC_LxY8W0?Tzu9Wxs^K0kgB0r3=j4n=zY2V zRNMI_S~XpBaXVG7OQ{iJIHgvJt?T0Ux0of#l${O_>TmtTTg664M}?vsh5BcmhaetH zz7RspbuB)<&qioh^OhVQ8l~3zm@Q_`*Gv`7ji!^S3NOq1!Wa?G#^;Xf&@sL4@8+xd z#tSQDXO41ar-jR_jZpn>u0E#v`d7XAKUeo^Z7??@hITpZenSXj270NWjX9yBaEPM{ zl;y?s#^=wWkVu22+AZQT2M8iBErltAL;g)2BDES4suQ~kji!}xVA3l~!n)+OOEsI{ zJGz40C)B9>OdhLod|hCpqh*0q=fWVhA<&y|gwS=A%&7Y&)w@>?hq z^QYw|TS*{?`APJVBQ){g%&pJE9wHqus{=?W7C5CPt|6-R86{y?ToB`osSwSe^C}=llL8$P{Kj#hB2++L<0!IdZxa3Cc zoFWEGRj7sz!iKj|D{1R35tCqRX*f{nUoN2fmMizB#7bAmKoeu?O*1#K8ws-F$|v_G zN-0R3w((G>8JSuLDFG5)BavxD>31FcQqzh!BdS%P&(5ALJw?ewL>I#G2EmidU@`_P z%HqwBF_%r1*Rv~?CPbMD2;x_HHO*e!YcNXLM7A%GeIs=L-QGAE83dAhZ$M}%{7yjVqSrw4>d(UV%KJb*{5ZP8z*!Zv&REY`F*WAA=SvqDC| z(?lcsGt1k_h`|x=v#uY(RPrJN{ACx-CB>E>5fL8`hk^d1#Tn{;%tc$EPRPYT4op;j zLBQ^OsfAXHgyrcMf1wW)x0Dv164$Zqb$;z60Rh2en(=JXy=F3E4C_>#i&L$MLgTj2 z4ES$>0E9?iD6el(aFbdhI>xZ1CkFtpDbf`b`cr$+m_#(1m zR>Jm`pi+zc*ldlqusk!jm4T8`geZ@oZZxupw$gWHL5Ej00@6r-wKVI}oOss3z&ZC; zl*1z1y%)C#i@9%_T9o0q#XaCKrCH0_M54>80t%YSm==%`F!aXY5a!I0LBJStODtK9 z)8nX*;{j|=7yIT`BExE5yTbEA0xXWSRz{@KwJcMWeRI>0#SvxL!;E#!?55kpY)V$o%bAem_d9mf(r9Sw zdI(vdwr7iiAFNWKkYu3$TYv1VYv(H*vvRcwxyw4SXT%B(4PpzDE?7!alXU$E@!Qy8 zx`65zKe4RVku++5eeqCFcdv_o+K6RjvWmDs;D0(_!A$+^~6L^OJg z*BL=X5KQAQ#d#p?%8k^X0@}a$VD6T{1=(U`ylh>1$rNp2N zLfdg0jcH;9@|GBgzgp^CScF4K=%OH0tWGA6nTJogx#EiFcu~BdvyX5dr=u~qr3&LG zLJ=?CD|tcxg8y94xO@3+hUP?XL;vVvS8(}0Ryd7?DTB@Dh&8je87k)O`W+GudSm(T z7(Qhct7f^I-EXX7j}T}$M#og;^(|)W@m+3$*C=dO*ZtX;Om=BJPMa5s$)zwsU*Gi6 zZ`Yn!Z7W)EhhT|{qsHV)em6O}3gZ-tJf@##7yAg!kon~Y#9zV>X9zAq>0%r+^h84|@=7^!i(D`X0T|@nb&H*Ra25v=Ls9d%y<&x+!i)KZhU8kMxb)u&<2SInjdTiqdA3tbnT2 z?cn#>q2sb_HU>Cc>;I{rXXjyhs|J8x!hL;xKt^Z|#i!4MR*Kf{9(V&KOk@T(SC*`T zW>iv2R(8z)9Y?OLC~4Wa_+VMeK=8>2U0rZvmRPXvdnUS)R1+!{%!xCkfNLUq z`YakA9%j;uy3>1Yb$nck+P9MR6fF|HGxftnEKRH*l+#Qe zG&p3-cORfJ#7I-<5+~X?CHNc^{49oJ`CH) zrmwbrX|-NG^M?DhMsb;p-Q)ON@KruWHSQl47V@|L-s?RjNKyCW)zaYm;dgrm5u)iK z1D>wK3fp=U@O>{rWLdyj4+$iIh5A27dt%TT$#0d~*W2!K9`gx@Y!gN{P&1=U-Dv#H zUvz%174or2g7G;^h)J^56CK@7x2b)!mfd={MPyCxZ!r^SiPe3Zt0%Pfl`dUx&(7)Z zfAq05Zj2sSxbzJr8;VD zHo7L49^6zMiaINWOb*UY2Q0m32vd!jG5O;+z=o+$ zxnRFppDmjBn2f3;9#*On@N2a>9GspA z$0h=8t&xq`4#nO*t+|U`S8AH@TiGFmB0!Jytwqozqw{rbK`D&#j3B|rc(it$tR|bJ z(|O7#7$p3&g=6;O>fe2fEZREyyk+Va5wh!GPM;PaRgZYKJ{b+D|a^=&my*j^jh^^Ywgz670h5gQXr3@Ffk<7@k{-f05zVS2xh76m; zP7L;Ll+Io*bjU8GFN$9#e_f$U4u%TVUB4Lj**(C)rVaZG`Lw@6^dy+WKW7OR#8SD+ z6ngU#ZDJ}_;8-l^hn1nK98ftrSignE{fH!`W%>HL-R z4q(vR*Z|prI7$@}mirK(p)LMcVd@(4v{;smYr+|rh1bpYtRF_L8=ZbGcq5v%;Ub){ zRnk#UrSg^}owNyJg$Ybm03CHQ2J}-jz-i-wwkXP#mlXXULqtdN|G<-)fN#>cI-XM!oQ>IRnJ5GL3z|Jc1kuuN`GC#RxH-jzy6r-Vjat|L=*Kd5s#^lR>9 zHMj#5;K8j35IPtJ-+6F==u17x-LCnmWY4VQSp+z`GMnF2tE)TmM&0&>QImO85%zqMZL)U8CK zM!OwUFUpjkSSkHsPH-+wkX`OKc7R)5ItN082^B$Z3F5c>C*)F~H&aH^S@Fj}AO>K! zCiE~T#;TQ!_}Rn0{|`7CW|FVP=@3`EY{lYnB2ATa8O9iED}+?V&X_aebf)YfIA+p# zUik!iq+j(~MctB`(&@~hq+1N-volwm^3;-9ON;doI|GUomAX6bm0>hvopiOLg&SaU zDQKfFP+z2Eesm2tt(Zq#o;0r=7p=VFfGX=0%Bw%G?|=Vb#Gvk=Qxae-2B|WRZ+Q$x zg=ytUMeMl+H-j_yJ!EJ(TqUwLf5Z3Sf@!_-YLC0#?Kf!hBdlBN3_l(q<8TVPpvMcze*G@Zf!M|s1%T6XDyTYnpAVJD;?hx`ib!hOM6Bci|>l! zTNOm>od>mQP1uZCuz!!FBsD!usDFI^g^4`K})| z`YE#lXOM(Fd;RxZ&jQ=$Z=yH7n~eI4JiybQl?=3o5D9+yoS%shU9t}6V%wBqJOOx? z^-45o@<|oM@zQB$PQ|`1og-0@6aV}7Km-q>K9n4tvN#!e9~tTN3|G_GxEL7;4{h|) zr!N5Jl?5KEw&$2AGOko`(>?7iul2v*3XtQX_;wQ7h?~?BlGTz@^$B5n-o=AY!f9ln z5XYB9_D@@nLQJ{A^`mqrZqyv%BEnC&>3{qw9~CGzN`c}SvV%YDm(nOY?t34x40%g6 z9|eVI(Q6AlEsfyvw4SNgThG^r?J!b`19?qY2F=;-3GHuK_={OVG$A2sUQYsCoCNHNhzVX^(;DS~l9Og)<|TB(WkicAP+9kv?{s*u4XXV?D=m z>5{`s&y*tXlA>|2P@sBEULL z25S|DfnLLzMB}=CBky994utg2e46QG@WAQRV}R!WujvBHytF|ELigX-d31Seit|an z1TDN})3nQ7T-Z$Odx72=br7t$^+xhB48u|QoSvZ!1*E(zQm}%tffSN$O|i4p^gV_3 zERR z+HfclU6%1NB?qQDoOjlXN{=V+1Mfzn3HcmI%kDYRRGYUq7EndMmme5L!8*ut(Eff; zmOveQM+Y6GgaG-s(aIG?>qXGVE^95!WI$eCzKwvj42NrF!!Rt%zwCZ&^p*c$C@5g2 zX45!2oXqaAJGnW3Js+4@)@@DjvUyleNOJ}kI(dc3kxpya8*i&>=+-6FW2lha>NyVC zipk+_*=f<^$ec(3pkhU5);e7cNpb8=95_=mF(I+lj&Lg%SEn;_b9FrTcFXu&@cZym zvU4}oYR|^zU}h)=v(_HE9-}N=ZI;=_CS)j7_aBDBjNRvh3q1Iv|JueTnZt4gBifn3 zvi{%XJeL#Mml0jlZdi@h{XW#mz8L|!_H1*3Hy7{EY72V@2@{djx?a6d?lzy4GGlHW z6+9Xo9Gqixn&V84si%|aSZjj%Oq=j~FJy7Qx*u3^^_u4`Ue07k8IFQSer@duHxT6f zbPnm~4skfeVTF5Q@YZT`yW7nJ;q}qHHNt8snKnX|ROS+$q8+1cI%o7ALfS$i;{B!n zMxW!=bKDSGGR$s^sLgMV6UtGM=0s~I{TEyBGa%Rx@{0>vpc7xddE0=Ao!#Ycv-QM- z$=l<_)74f8!%j&th_e${Gs;`CwYLNTx^UFHa z3(QjlVrF|Av%vuo1TE5HmZAC|M~zPF7r3_D@RG;;_=+E$?LJ=@_ch%>be*{N2X=li zAgL_P8znP&ni&b&F5q|W5sHB(K(wIFo*=@)*m!cToQ>S5If^MuAl6|hd_+5V8x>%N z+sEMQ_gyqItI4f>e(Mm6#c?%U za=55pZL_?+=!=?Ku=fuetji73`m79eUQ15q;^rQ}K;r9%xQ?p<_XH!+nxM5JhRFKY zX@~*nMa0UwxW0~0?q`mkgmJ*0jPJw$n?J>^uFCp{wzLLjn+l8# zoey{M89#*@YvH9%H-8rKgp}M-INr4N&lSskj^rmf^7JOlJ(12P>zSPlOh{R2xFwW&Bo?iiR1YpY9wT zy7HNtbhXU|!&ey&^bAYUeUe@JNha zmb;`**gQ~v9C?0yG#7tcY*Uhwynrrk^z`(0q5-?x+q3P?XBix}LdQZJ92~Pf5A$&v z_%~rh-Orw55DCjwi)9@?TF!y!thH*nKTv?I=ld?S&y5gizaff5k&XIS)fc2g?tu6} zNO4eLpArd9as-De%R87}fBwypfPeYF8Ud+o6;{S3O(kvZ?Ndv~4|jC2S>?pAdFJwp zvu81fbWTZChB9PWJihu@y8iYrr5gooI$RZ6RA_Pl+sI=7^xv+(;vXM6Y)y)2K3F>M zJFMw7NdW27&!NK0YRp4I>#WtzNPo)=7qIV9@McyL_}o|wdRS!XL0t*?1aM*ilLo_UJ}^|yQ+D`aW@>0q`xZ4)E(v+mTn@Z`xl zr?b{xU+2B}LHCOnbX~gi>Z02w8_Yup%*sY1tPxNYJfn6e!o^L?7IJ6%>egQ$rc^+k zGo|rig6D#^yjECIQqM+GKo$rk3kMl}W<1aHBzzZp+GIun8U@q%1`L>nC*)~WsZf=R zMD-WX;r?v{6!M9QiMdlm_Ol;ae;MzegCVA{h6r0Bwjki?EE`$v`fnPB$qG5$>xyul^kHCnMYyIFjRB!>)u#3|B#GR+U8F5 zbQjc67K4JO$Z}yA3I``?23<}qs|q%ixxI<`l)hVCZK%WJWi)R9YoQ##TusF1y06HW zvU7F?da4GT^8k;7FdE+n%KH9wD2uripgcKCp45sD%qNE&#Dhu1Ur6N0ax`?afE8^!T}bd%aypOZ*Rwu6 zO+SKB!f=Iz#hjd?NzI4rKO7-Dl*1Eu(15S_qsqjDiTgg|BcvsYQBu9z{m(qn@}{i) zv&B{#*qs>e+3A@pLX)B4kwt`D4sX*@3{F76y7iAqnE3MqGue@nn@IvLnb&eGS_THg z*_D9K(;57T^2!y#Z)Yp~ri-M&a@F%2c&RdgcFUKhy1GQ+XQr_GK0K|BOc!Z_IxOUp(C z1UaO`3G#T`ZTkVS=yO#40r|u%?i?`~ zy>64cXt^v&g`;_x=)OH~-J7GwEuJQdBIi-~$5$j3`C4^4%#5k(O3&~QRD69-e8hl0 z^ZdXQ{S71nxU`p*!-uowcUxsM7U^mV_10An6lXRS!{VBho(4yCyFh{#K0c=4iM$rX zC(tXX*@NC0DRI)DuI`QTDjt$uTLD7C@9bR(7j3&bU$8?3;clg%?mxRxVm85Y`L~Io4nYQDa*Zl*rDdRF=*yu zxT%WeQr%+=45Shm+olL`a?tRQ!#g||bpmOQNk_~Uhw*L^s-Jwo{J|5`v~m9eq!`0r z)?&(|iCiD2m|2=-BuW;paL*T-Re73!{|N6JHVMg?6+oNY?rML#q7VJOx3gn^FrMVo z?DKG{!oa|wu6{p@Mg$6ShOVd((A?dfT@njO0#3?`kWpKC@)G+Vt+2v%e%8Bel;?b{ zX=0)9gx%cyF(H@LrPG_xf0=X(^I#aHO+zOuRW7go%w4O}goOKS2-E6!^Xyrt zJehzdVi+bO&wx3>+S-8qe}ie@T%TAVozXxDC|to`76PWIy+Yb6pcF2XmM?+h$}F_h z0R7aa`1c;}45u^Y&>k{a=eMTk7X)2t%7?|$?C(qgn&%e{C5phDqJ1e1bSoLnvZZ6b z#XvZpjp&KcYSO3kBORxf{syT)-m3fauwOBV7weOF1*NPJIydxzu4q;yeLN=C)&xXE zdfM9XYuMOb`o{XG++MG&Km8uAwunfTuvr=HvP$O0$bbBqAHMbATLD4e(yAw?$6);i}J@H?FN|*1D>wsSQBDb^F2PR8?8e zWb+Ds52#4Z!<81_Yk8mz_i_6X2Lf$=v8nrq8YcnMjqE%&Sv}AK;rWPdtT! z8JQ-EE+an)zY@EdYX9-~U7Y)Sydq6J4U7|F$R`yQ%wScpJccI4{+J14DNUQQl)*e> zk~*CN8Oth^XJbJgu%oWWoX_>+y&Mh?B?X-k^#v5+vetfI7GiHPM<>n`qf+jrBVYGW zXdXXWYpIbxL9o!bi}MFVO#FzCN2O1J6DOSH5rP&;#j(MC#aLvnjWRJa+tZLFN-yp; zg^U}}mzL8$2^ER2rRV4GP|l^4PsJqU^P4^dPa8*8ga2<<^O^CFap2bmNVy;MJFVX# zUes>hDmfV$Wdww-&ZtF65#dCxgP^*nd>-+$C9qTY+hhf0D?k#!kRi4i5(Bi;WMl~Q zXyT(oK|u+=hmnIPB!$7#aBI2R==t*f>}n6<)+BzYC?X`3u=(F;hz7i8q|>lR`oU6r2^%QVir2{Jn@emCFK`tjfrKN0h+J9*G6f zbi06J$3;?4umFGMT=w_Jb9>+Ei;^e8$j61f!X+q2$6=)`pJ7R<3}UcIah~SCmq9?Z z6@j)L<^ZF@wener?NLr38a&S!QIm%9`40xaSvbe%zsI|Woyv@022}hE6Eb6>j)h4W z%kPojM<Ss_p!A5J={;p2a@QBqRm$mPcoMdL4gEw93Y z@2&XszV(CMopA&T)L43NE?Jcs5}3ZW!LPZ%B7)v>C&Ywkr^ z?>*%4yf2!!c}N$B>?)06*RVdgJHZI5xbNI=0O}yg-?TKll!N1Va2*O5vBQMWGWDL1 znjKqC(POjT=Ui{R?c<2X*P%~I6nO*1w@%V{m^^t)#eES1+*XSP(|e%IpMAexu?r4= zgOi3K`(cszo-~pN#gbzQMr$~d89D%7KMOcy{y6A;M``JnEl~Z6V9QSNvG}vd&w{5^ zS9)o!S!X(sHFAeMW?QXM?>*uLJsLO;B?NTiAsUUgDIQoX!@#Y0vXFZV&R+0>r zL|KHPW+gZP>eh#&C*|sDwK6_P8YdD)s|ODMxoEnz-oy{cB@-$~&H_-PODSu%ZW-YQ z!QaXXJ*(ix`P>cOMAQ{wPsN5q3q{2#JJiVsX4F!lr%EkK43U-r;7CS+LSEG>--|@> z@J~6Si)XiG^tmWlOZ*S*bmHi0BBhc#yg1H6T%x(!wCPbJRJh<@ z=S~}Ahqa64_sTH^OOmDR1=)^``=rNrP10Xo9q>K~d&Ji_@~bBr35ea~BLPVLG=1C+Xz1Ba=;%(!-6> zqx>f-7#0nYFAnvb7)gV~%ua==1P2Krd4^DSaKS`@291TVwVr)@*xC||10uz$MX}>} zU{9U3ndSkQLb*7i#?~Z*o3u<@A|lIJ-@ui^z%R3;=2RTmL}|w+r0GiM<{K$E&=N1m z*2k}M)|^QR)^Dq{c{!6tlB?F;m}zv3Pw@8jg($;quGH(^42$bR8XAAnQoqh$5^xtt zS#veoS9i7A^u2zR)D)s~jIzvJwyOdnjxlW}ihaxbqxkFfH_y95=r){0a@=1V`~l9qx<2kqj(lLtMK3S8ueGovep%L zBk`@UR#**%T~c4GZshbqnCpEJ!eB-4v^`x$kLyEFNP1J|jIehk;ukNUBPLMO`^!+l z89JI>H`ifk9WK^AS+@JenswGM$q{PNmun8~{e{9%;+qd%5x|FgbPpRJ;+U;`Ubl7h z-gGb9=5`Dl9CuG^d4UV_&YD0N(m zZtJn$@LA> z^J%{;A8HP(MQ`!}8o`CVxKx3B9qT8P{1S)gHU?S!@*Rda17<&3YDon`5a4_4)T^_z zbIW&pF1MD}WFa!E;CnmBiEE{zloc}_zI2JlW;IncWo3ceE-jvl+Rck!S67;!XL=s= z*$hq>Saea{N@j;g!($r!ju&mI5msO7I-}>vJ7%9$%R3pn{%c-Z;Mt+0;e>Kqn68U6 z3(&r7;dIpPPM$NbOF&PY+N`zWj1+2Bg+3^yaK(9fg&)N7)bsVJ&J%LsRUcgz5L!MO zKtJHPuuNYtK*hdZPCEvd8|Q0+^-- z6RTyuY-WSmQJXJ{&-qqc=l3v=n`6HO>T|chzkSfiw|d@G-E7L{J)SptrTW?2K-;Z= z8h=UzyBb-l>j->Sa`mM6qgum}W`$*yj;HSmQDq1eVJ%nJ1ALc9g7Hg|z2Z@%HBzfx zPqI&CJ{Ma&-?bH;&U-&IOl+*KWy+r}dbG0jB(1();s_jhAa0)WcOAyZynNI<9!f?} zOC668uh!klHd%VrJg$0!*)rHKdbSrGr$0BWpm5`GY~s3tWwGa%OQ~qDKARHM9ITVC zR&UDiY_GaY>pLCjT>E!);QSNIIBYX}+>6F-)q9YYgnsCi&SD24oc}F3TfOSB$Z^@$ z_xlr@^;flZagc~JL0*X*@A_oXRvaA71eRc9wMyy91;pDWah(?HQo^7;zVrYKBSOZV zVXMi*9}UaBY_bOCf@`15M?*93uAD$CL_?W~%Wmg6j&_ospJ0=#C#0;Nrl&SP@bx8T zOBQ$Kd!tv&H`|KLW4Jn)F=wHSuaD;i<217w^<8c=tgr;uG-K6 zTpMT+s#xUC4RgWl(~XeoA+xb#N}E(nN{pP7FeF&q9=e_0wWZhkN8?|`!+{EEUhYfd zc+KA4(e2zmS#m|bk{Ke4)HKz4Q#UWqM_E#Q)ZBHHpC@f`TC8H^o@7ACBu{up2X)qB zpQhnDO{$rY$LaR@eP<|0!^D&A=j?*OoqujM`uc*TX3|$~WZ#atMKXzzSR-4%{%wRn z@vJ#KVuWly=c^0+&F<>ox+-Z1in%u*es%hJKQO-4qEThai~&e3em{xD#Um_30xlOM z)}|){&Mzq+miXb@0vGybzRjwiNzSAmIrP?GGSk-9(KDVf580y`Xz zCKo)`r?#DGT$^24Pwx1~E}!!BwM$$4};=m0pH2HEK3Ed8zK= zj;SY>KM+ao2Pj!M#y3Lcs9By|YN;uxDCsGxDo+=OF~>vS1(XOCE2r*ucKaMiR>w<( z2uv}qROHAnIz;mLXKqYdzjt}2Vl*kH^jo zFYG4;Ia?+O_$X^(|J6gF1jwJ)zf=+4TYZ6a(_+!62KlT$1jfzf$OMlm-11{8bx!Od zK14xx!h=YckXS%mD^fLihAsa|)>c$>r|pimSdgtM@^9(ykro=Kpy|jpu!_cCOd;!u zy09L`y0voijAsgwU`06PUj2*7Oz0N@!~>De*3AU0#JRV=Aw|rm2dAK5STB%56C+fL zo)NRy(&?rZv+Y+cer{7K>|qvAaibNLL&1Wkk2jzl-cy9$+Wa3L6$#>SO3 zQcq>FM}Q|QA7m>!SmIenkjx`3RRI)b>S@HKkB8xZS>*J7^HVHPx}%8zxH+(aRA;Dq zgCv&Th148UZhfBl_!x&vM6P+27%5#+7Se81YM_Q;|8A3~Hg>>xE@n$iNnVj6W{D5K zxa^NTylTb8^5Njca%?f6HhxfnFu@s)>*A_#s3}Z_69h9_Yra*~gO06rD*>%+h+|+zUV8LCIrzc(p)lb=EY&|Nq@+M97o!lx0x(S-b z6AlYSak&{tY$klY+~4EmFETjX{01_Q#TI95stsL1L_J*EQLFqS)@8V zPt0{aAzO+CBm5k*g@m^$w|?nEJbXFnBazW)5GVMXr2?w_eUcb8+k~nha#$2}DCCw} zqj$S_Q|Eg5zJXfC2TRQ_P9$y9*L0*%wz+nMPBt#Y|70$LU+`@@{WC|^NE7xAwHuq5 zIuO)Pz061}<8LY+#A61}OGBLwZ)H(zs$5>tY~oPR(^VlRrCw*|#M!Cs7l_@5d`Ref zFW(|>4bc<#BN*6-QdVK5kmb?A#VnyprASrd0_TZ zVOPc1PwW}1r4G4Pu)^12Y-xqfqKH4tELLXXdPH)x#g(PXJ6qim-+y?WC0pNM!2Z3i z4giB_i7v)%vfi^1gNQ+}#VW}7&T-D4Ap(B}RF!w%nBK&F`}TD&DI%!+n7;quLpWyS zlEu;0&?;npd3s?ZRZg>`)$G7d-+`wj(fsJ-WdCSMa41^U)nK}yk-gE&nJ{1}RY>UP zr@q;gb!1riCX2l_mQ$`2m)4y9SlIB!LD-dUwC**UIH#kIpise)J!d=L-YjyyeYR(w zUqywHv6@=9+AP>dZ)~9hlft{b=eIasA+>TTGm!aqfA)7{<@WMrszYv53H<)uxK(Os zNXm^%%8~oXrmOvDDcVXUzk4(h*yVlTDI7q0E$>_PB-=PyBb2; z+Kc@u1*=)W8`5j|T{YBKxVJt6&rO&klZdp5HGoq`4gCsj0qyBiB)>lOh496N$HcZ=q#6AQV^5q58dkbw zP8nnN@tY7rr6}d=@igEz7`k$mV+FdAkkleGKQSLXN!}I)D$dG6eoxc z+Ks>`fDJ-UF+!~vW_b)sCd>+pJWtFC|CHDGoK6cX0$30b?-lr=hO(-B(?)<-!_lb6 z*MWrMfL+SQsEDjp5D@Um^)#1JGP^qqtX}jz)R|s=)0ewv@m#;924XFr*hm5f) zbX3c&Kg&ogVe&0fUlIEeDqQvDy#%uSg%Y~cPcp9mpATnb9es!&){~D)L(A3yS%t8%YKc3;7%#neQ1b zO~7l=nNcojF9(CeBI>_R9RLE8i=5c>m`%WsAm<45gTtQ_R4!0va5%|wIe z*EkRcFsi8Fe#5`3n!w8H#d%SHAI@K*JP?uX8V^x5Y^MGcWJl`c=JJ{#yv6@4MdHKV z$PC5u*&4+cN;p*~1WT?rWemK;R`tD+hMKKKmJSm($g@r8RkPl)7mRQa*yrxHG^uTw z@Q)&$>&%OL?Tt$=7bznisRiaX;b<%%txUs)skU<-P$T?*0SdHuMu zxqn^Udm!{Scpl5O=cVv?ZovK00{>{15xY+;PIvie#g=jR)LtvzVlIo>w~)pd+%EFa0^XP^8oDg?z# zI%^2SXg-KcBo@jsg&EPTn$sk&yKT z8e}T>Eu#B3KPQ{lZOPtoZiJt3ouM8h)Eu6{kiM;OL)u1Q&Ug1_GO>Grbzj)F76>aa4!jgD46raw%i6ul`kCtu%&a?KZ(|`L0byPi3X6ych>7)s z^>+W&%E%yFJb$c=8jK=|{+uM_o~(jNra+}kgM(we)v*VG0F7ck3{I?hs1%MkAc1W| z7`alk@UJiIveQ zDKRngr#&eZmHBugwcaUQ=grd-zstG0g@py06n0u)+=e<^gIbBMuvirCqe4vf9#-*U z1vR?F(~WT-V^pD^mKLo%uk`Tp|Hslf1xC_!Z9BGY+qP|cV%wb9w(U%8XX1&SbTF|d zww=G9_xt;>54x(WYwzB**S)Tb?Utkp7>g_VhcW#l+k_K3*=ALg&tK!64Ne_x^mmdwPl}B%$U1qKLwdQ&7_` z11cC+;|%+*o|(mBm>J(KyaduGxEvW6;G|4(_K4%+V5s}?H-3#Zt0CnkkUg{}9e_qh z!?e1Cp+xRSgRT7Z5Py4mO;z5UAYHK8E&e6|g0leO+KC2h_>2ehqE5bggD_dGbnLy| zqEPchngiqJxZFo4zdgd~uC|ut>&G(DNfPhf+@q_1qk|bchW^FF%LjETpc7eQ2m3pq z_x4!qGoehD+^Nrm)7|ZP`KCP4?S2Y&)D#f`RcZNxS$k%Vx0Pjmxpz&3wre%1vU+df zkjSbS@Y5&IUP^W1aoG0?&Ia&HXCen1mI4ttB!44A z7+>AE5RUO0ZQ7k83y=7tP~v@CguwEX2rEEbTEVl(P?(G!)kS z$yJ>yXUo=yr^C!Qc}bTe9aNTJ`yJ_|!-4gDWfVAi3^&dJ7c8^DJx(GD0^X)ig;vvs z7p_yLQrU_Ft6=e_NCR<#u*q}c&Xyge+}4X_lJLTk7(r<4)Yo+~kq;7gd-dk9c=Syno2TA2CkWlAb|SX|I0z z_#I!z_Tl^9=rIXc4q?LgBOlDxV?YXj9#vcTa?cukT(0$MH%}nA4$j2aSSsrE2JDUa zW1|uMG1_iBG-cDyYIi!gsG2&OPMoa$wNNR6hKd&q@*Gk~ggbzs#ZspyKC&61^tuxwteh|OqzyrR?^o-7_>J}1XEFu= ztp<-&#)O^m3+>OjzmHQ&z_O2UIu-(DD3{yFlZrP7QlEpLlY+Lj!3t$;ZFR|#G(9FL z!-D3cgo=>>lZy&f2^0*SE>Gsw$I^x2jg!}TJp<{hTl}82DMVZ^rJj^l?PVG@G7_85 z@Y=;JWTL9B@B5Gi7IUau0_q9*^o+{gcg#&TZFx#JqSqdT>p5W-ox5V zVHU3oyGAJIiy=3$prM!}*p5Hy&%LTI1vf3qwXZ0!wJ8khEg{@5cI7i@ImTh05@4)3 z_4rap>ZaoUde>P~iHAfYtE;QKx!nT*fWVlv zloV6oTxM!ovhYC&jnm9wtcPBB)9#=L&6nH4!k8_k0&wnvGm%sb-;6So2&a`MG>}Ar zrG)!H3;RFYnNv6jQ6gqxxF1h4gnEFx$8COWHsr!F*S7~V<=gt}MmiX4us!<9ed&q; zRNM85qPhiui-kZ>((`IZxad+k04Y4Z4Mo{#2ZCr>^Oss`EulES`_=w-xir0jVmW|p zdMs8YH7PGeoW+ZUo2$e1v4vd|V>>!Vc{1fh14q1G<$ws^8@y<+s@wxplM^jK(W5-a z(nd-vRi_~MlAmWi7fr*~ZwusSFFY7aoqk^C=Xn}w7p`oC8M;=&C!2+g--Bird4NKs zlj{i?&>!kb6v&bvWD5zWrK7X9T%!#HuI424R8$;|#^XDzx3aRafk|F2C_6V-!UC%s zRGG38rse5@I}KLt%A2=SCwqnYl{Wm(znJ~vmQAzu6?b*`7P=6*J!|_1OP9up5!5(T z{`)hJgdob5AXA(8U6wmRh7S#$5);WA=2NA{et+&R;i9P7mGwhEOSN>~Co5+XGGsAF zuD+41tMSjsVov44M#ZiTI-HPn#fmimu1l;~YvK^ErQPfp;o3UcIpDJwnk+?$HnYZk z^Uu=i{jhL0f0-|YE>Z^Lni{Ms0|%YXm_*qkjaCAo^o$<&{VFf&_9$7jejUU!iw=1- znC9;mT$%a$5i-$^;8NDOkz(TjqfZm<*V%o}N%n8ZR)| zB07T(G&hJ82@DOj!ENhIN=S$ThI+PiW9#{Ytjqh_j9|%=K&hb;dNZ_A&PJ(xS)fi> zG#7dJSaYiL{nEZ^iSj?^_-;Ret>BbQpIbvE8^G2ScWw9F8HQ<Z&f^{x9DqL_`X8FFqJu`Q*?j zX`^D9mvN_;an{~4U1wceev1O#;I(HbCOTNqset_&T9XV7+8|ya!Zh0HUq~AEXJ{|l zMdTMmiz6=m*}JZxqWByEcmufkqcF}O^Qdi<>}ay094Wr=gJC8Oii2NM{BjR5IG9uM928#?&0C%qGb+?L5C&q>mwSSI^+$~h)c8o z<{Y;IJY0@!beWlExBB|%%JXIZYpds`*>~=1SUSb(Ig!s_fmj9eDh$7qy{eW4R)Rn# zNNAQ&ew^))KE{_?t%Fq==hDa=Jj5@eZ83unc}%}};Z8i;p^O*ms70qWh=37#ygtAB z`41WVpB)guZnY!NkpAO49DNWY>m+4w#J>6VO1A$!NHru61lBQz*~o?@rzZBMQdX$# zdwFFsmFe=myf?DUcWjST3$)@iXQNxYx|89r*$HT>s{j9ouWL-u&fL&PSWC3R$B?pQ zI2cc6?U3aDCZLEhRmS9!%yCDISz?zJjE3yo*TdiXZ|GnPn(E+SU(-BIq9EFCzZeA2 zP{b1cGJn`{5**{T`XOjYIs+1_MBclm2N|RoCO{pCjrZ~`_TfPHg;*OGWKIte2PUib z0C^|2r!@Yp`|zqqgcf>8KaXH8YQ1^T2m$`Y-S;Q1_8RgU#t9o!qUaTcMdJ3qb7(`g zcKs(|N18jA{e?u~BW_1p=u3fvs(xQHC2!{~$9c$Sw$}Z+mYp<+DHiAyd9pw!q^w}- zyoMl9C%t63SD^UI)U^qi&uNT{H*T9pSI>9;@oTASx3@vX)?{Sy9y?CPWIo!pYM1+{|^IS~F~(_fPF)bk$RGQ|B*qh!dL&QzIGT zDm7niJ}|^pXe&`sQjO46e0BON^kzDZCYjjU&j08Tw}xhRrZUPhWWC!)ESBe~)6K3= z|BVA^zZ2Hp6;55kQ6fX7<$v~x3L(R29QRV)h}n_e-@$ucZwuO9czYo;e_X}Fk=;x} z4A>>g0f4e7;FIu>o=jPAFWW-K<^cc7fQ&o2!Bt8_Ag^|{N9+Fhx!t&^5yQ7llpy%W z)9nNPXc)A7Aiv|X!}MA~JzW)AKg1a(E6gT&6*FU{1vD?_Y%cNA@%bFtR{V{_&A+`j zkCY-QREk&R$yO;($0vd;SZjb19=7V)51*_&HDc>-Rq5fVA~p?kOgh2O{A`r2^3z$$ z1>NQ_UikV}BK{_$$~L?VbG$Miot)O^hf&1E?|k&7#z(VUT%lkLJ`+V37r~`fgItt3 z4`dsQL9$Tc7*LVa+8jk_Q*Y!2Jj}>nGd#7d-!8M)mkw!gB(FOC$QA*Bm@jy=^r~vP z^`@)D%8%}kvY+Q%h8bV}{ipxDEjIQviZ#X-*L;xPEvlc7PK9?4mo9nXqDOX(0`c%o z>rz8Q-mOuTW5g|-W4IEw&G;-n8kx5FT!1@#*xj{+89g?CD|`jKd^7YWuD)I~4}9OY zHy+NJ`PsJw6}{1NL6-sx7MCTczzHvKEAgP^sOapLT3(+FnJN$jdR^p&P?Im5q6g%y zjnyms_O7mOGY-YKem_IF>orNhp`Ie(;oO1yUVC}p6BS8OaU%qO81KHr>~VMQ$FoFRFokgYO zqIJXX<-0=zCy3~k$R3J~%D81D2iTzTYGSQ7@0QC8;QU9(hy-mHKpsdx;*4NZ-S4eK zL24wzPk$3){0t2;wI3ci{a@q7X1;IMcj)_Wni_eGYvi|02jYPo1Ja);53#q1(4-Q= zi`JTKtTT3Z%I8RgeBEYJH(TJ+sc>iI<{O|!48rawFU07*cL_#SrHitSA4JM5F-!AP zFjC!PKZ_T2HFTe58GpgQ(BWv`3r!}wGiHG>u-gwVk}u@qf_4@QKItc#?sK;gK4^{j zptIf@8H4O%m(}#RF{+Mo1cxPIQfBM^^&@L~3+U!!*sNkZ9ZGh?6)Rt#>`jNfe%KE` zN7|fLntO&S6A16&67Fn>6ViD&tg-s-)Ab}y-f+V?vj4C{_8Q3aE$raN{r@& zG`A65nfnQz<#0*R3e{wHr}u2_OwSypTl^6C3~}BMmV?!qNVOVpvWx5M4Y$MjJ;mG( z!@1>{`%PF3q8N9N;G zeSKVAtE0KBo_`WZ!ezb7bq+lV#NkjKo74ZoT0N)Mxt}vRH?FBt!SyIx&u<@9xm6HH)N&~`<(4BV-S6xu7!-~ zkk0_KWe?MLkUQU9ucq-Wk)>~gXBKt|20Y#eo^puGExyvsbZjBL1JTcWTK-L0FNgx; zPC)4ZT(skNGy>TX4j8eR49p8A5vGuSt@YuY;sA;c1et!!1MBUA=>6uQ$_Tdz2>If8 zNbM(n#>dT;wvmFN_$gp2wsd@=E;wt6%}`RwkTF;)U31jw?H~*w#1W*~c)IFwD#n>T zewT2vUA(dTbxH7NL|^M2_WU@Jl*%ZMIfX~kGu9gaYLuzh_c~bo7w9mwr&~vnO>34? zMt|TvQB4%CU8es|HQD{)V6SwEq!EK5>w2;4`*v>lEp7Q|zINTmN`9_Jd0X^_pr^an z`-k1_Q30Xv&zoyXG)o49_3)Ige=2lKS(A)$y{^Fyd_~RjP=!S)Sm1GueiOh z3gP=3XJYs}ot{S&&Jtg!c=?efkH^Yyx1gL}KH+0iHoP1+yD~L)-j=%h1CLU@9;Zi2 zd!7xd?3Vdd(0#3k-?sRl2#VeV`#hH~=HG0iU5w59lY7Bss$5Q=8;FHdD_=b)ngd25 zH=cGT5|wLO&N~8LImU8)wd)IbeM`!giyV=f*N5~9rK96D}$b87jD!}^0$Y_$`}gt*l^KO955S* zEp@i#614y{8wtn7cFg|ite(U*E9;K-S%~n2+8UwuOO)cv2TkE8Szh2sstfzzcpYb^ zetPTx?4!3iCk`pPd7nEchP1sUQaO6yQ3l)0rpX@C#YABHyKZ&te7Nf#JuMt>>8e2{ z*VfBTSDHK-cHVId%PwvoaL*A6h+f=0RuliEEEIIR*U}Gw^7+%r{L>SU=eIHoIG?B^ zpVRJxgrZP7h(u{5Z5i+t^6{~_Z#u63usawEOs$8(qXMNvGT^?drj=jk6h%wpnwER) znfCl1Z-720-^>iG6**W2ECul)G66h_-3S|YAX`G84`Q~VR$I^ObXRQg*vbqqH#A(bum7}P4{A{-X2?rQVwlj~^Zi<893Ax@CVRE9kT`b0`JXv^>_dNF17-37`kX~>z4Y^-M0 zCcQW1(kZ+FjRlC$iGMKe2M2~5UER|3dp!hmb2A&Qo)TQ!q;vz&cFIVMZ0u%%rJxcp zSW-hShOohR6`M5IY>DA^x0YB0hxhwUN%RQM77wSL47cyu^7ltgAL`>e9-jsox>T4E zwdjOX>oJuyB1IaynQ4EL7Iv$lk4QDi`Q0J8k>wD&OcU}5^yazES%#%#89kY83RHQS zcA=HW@a$tbIHIyuE!A4Z3AOA1cRn~p_2dH7T-)#EW{ZRF*32r6#J`E|cG6^2HoMBFfx|< z=1W$Q&m_b{{TU&QQDGE_bai!qzQ1U!0)WyLtMyjk&ymN<$$I?+}#HNUd+#m6K|8h3)_%#nfZz4W zwJSAMeDIb~-izu(97*;ef$+FQZvOJCjQ|$dFHTl)dGEm)u`UV$)G8^77j3L$16KG1Z!Y+NFqqFWw#Ll}(_nA6K{P~kA z^>pDW6_&iliSg@j={sLN=NSjZ`eXN{o?WuyifL~v;^B7h>*MuMoYK%JaB*UCb2As01o1jrPb&m?sD7#V>0J48lCF4m%R1$&NKSoT>C0Pae4T8=%l zez)CGrZ0=p7<~>%=rs#%S~U zDrG}KkGs{Tvm0iqXIvoH{_`*IfmJ@z6?=(QR!ur?sQEsQZHAlk!3ZDR_jWsbw4@(d zdK`iYvnO21IYHf_dRfiCE{~GIa{v5X3|HA9(hT{2`xxZf2@7_AEu*Y zu0kQ3&FoXTSMiFdPi@Q<$qC(fhU(0_9QL`S6rJtGHl&R1-cUosUXN5~;)J83oU(?L zn*GdBznlQCf+dc}U4~MYvy6(HkB*MDm4{2`USAG@eMYbivRGS5F`c(yr>P?!Rucy z+!SaPNupOj*ivP~L6+Yt;ggnrK(_p7)SpGEhW6qL>7ogdqtXhk@ptxwm!ICJ5>1gm)EGb;( z=X&`pwkg{ZUxEK-Yt!7je=evZ-eaNhpx61B8xq_({R)xh$+<@m+*&-F#& zdGS3$MEu$hmdIN#ju`0ZQ#dq4gU;=RE0L`bQ?TmjVDL`AbEg}ebl9H?W`2Gzh{&>{ z#q7H7lf%Y!&gf&IBqHXX-etZxMxb~>8~i75DyZ(M@`W}-YAzb&jGL!wVf1Ry$7IadJBVC&cnjU1ImDk5TtxMffy zu$IENqq+8Xoso;fJcymgXosuIXEF*@u~3s}1?}33LnBsV7tC4s6lx?SP(mW!0Y1%x z{hWv@-BBzkQFm4<{dgX#0#BiMImT?b6kwG`-Y9L-()f-JACEL|)?|xbkb7D00L@TLIC(} zlvH2s#)A{7)O&&g=gZ40^+2QeVKlm28{Q(HKq8DS;zpFii0OcjOvyOi(qe4>yMO=X zvu>RZgm2=CloUn^2|X=uWDTjDrj&o*5BHljq@C(5)<-;+Al9nI*83i0iOirtON;I0 zSlD<=7J*Pm(F|NK&aQb!`!I6RT5os3Am|^T;&jQfsz;K9n=V4|dHj(7xRti)0*P!? z^SPx#s4y^Y++UCQL>S4zzLh|X2%n!RvbJ4gekcqY$9xwtd&{VXqP9hULfY&_b?MzL}Wt_1az2MFBXY$J}tgLVegte|J=GXIZm|2!~4kq5+ZsQNhZ`jQA*1{ zyi26Ci_7Jthn@(%K!YK4Bn|GT77=O274_*2@4Y3Rhi9>f?nkCCuC9`JUDPkh(HgG) zljm~HoYrh9KIZ}a$A_8jzIYMxF%|yChi{I<2OArD4in{~p}ziV^zmG4Wo48ANoS~Fne*#J zv;u!mT`^~xKb!1lWokAWf!J$aQWw1TL(28%OO2D0RmC^&ai^+8e`0q>6WapaKR$fy zYZWVRgklyNI8FtLkQ~UScL<7}pz*|r#B5-fD0e&~V6gZ7$;r^2&Vbi=5(K_Hh&j!c@?&TbOlTpBOp{Av^-#VhY_od5 zgs%^UVSh5El|Gl7c&o+S0?R}LpFgB1VNAWHcm3zQZS$gh&D7*%SBg}jZ<~UKx@sMT z&eN%}ujK?WESwed^@l^v^W{eCw7c5h{ME{oUgq|sz^T@OZM@BI9|b|FYQOis;6OHGTm zJ-5->(-+@aa-@==2PAOm;^h9>HN0*;?$z6x+DPegD@#8^`A<>6-qT7#LWL!oixN@h z<89*3TP_MK-S9RwNvA^?e$A1iy{k+4{1E-xFxc}yurXbFFJx>ldU$DRL{ZZ{g6-Kk z0am{DA;9y2l7aZJpyH_ly>fq1BT}9HpXaMl?963$gU}CqT_;rGGdO)YqS*16tsXaa zCdRKkCn&NTieRAS*}_)lA(rL;Q*!?U?*yV4yRBWW zcRW7chkGPvWMl;N^>K2x?Iyyx=n@hTB)x?r6#?<0SfYI>Od7cV7hT*9r2^T0rlO)E zOY_Af5+MQuPeJlk>K(FW2OK1 zE)YvQ&w2v|dqSSimBGD+X!~C|88|MLMat*I{wwN~KopGg-<_yP;;rQh+X;^oiCl(+ z?|2vB_y=>}pmtRSB#nXLaRB*mC@f*NK+zd+H)f6xv=N`%vCInFj}=z3)LXe8m6;=s z8zUa(+zRSRW%;NRlOX|HROno{Qhi^qtP~Z*TxZuhzg)+r!R^*oyp7qJ4b`hORn!x!u%VClk3RURG1 z65q_s?Ee0~|Mdu;<>%G{wy?19%ggQ{xJ(60(4P^%xIS~t83!xxlaTEyItp{ELXv6S+HFSj=VQ%vcsC+?qf=4=H;*}m4JFQNwl zy*Y*c0n6Q*c1(aJYve%3^&pebNJOy=Yb^P6f7AUa!~T5Qpw2%x_%REMi%5JF%w#u6 zFgM}*htmY*)vO(fA~ZkyBKy2Z=+2sb&_wWb?l+kkHRR%IL(5~tDA76OnnWnlY%4WXGH57Lw5ZT-yurHQ)amc84H@0w30@x$6Z58R z7?9AHDoIuAH7E|@CE(f;#KN(n)`M(WB?d+)8Q$twp~d(Aa2RtaQYhm z%LIFK1wU*KO{w16_WqD`_57MGJx27|2Zn14Qh~RA0XjzYlRkt<+y1S0($&(=&NuLz z?Lv>5Hf1ST0xjx$!;#?N;J|)tYhx&BR&mml3A|dmv&k8C=~)gG#m&YS<gX|q;V)o9R>oM1`ecygRqQAZ0NpqQ(RcNa5r-;9}6^VIm?`p590zYoY z8>}1@7AkFB>j?#Y7@uZmHku~9keJT?^3jxB?skB`WbnFq=9Bma_VfsgxZyMS*$A2Hg&nXLpBybjab+QPmpuZt3I zz~W`#7hor@JS8e@v=1Env+cbFDFZJZt-hl2e*^A@0c>}wXsP;&n!*AL3w9)A&z~<< z_Aqb|h){ky>vH?rY;-w@SngrkJcuc*tf`Wbm6@u3Wu`>BOnQz4-W1z~{(lLi!0g-y z_eU&SOyHV-bT}G=q@Kb1EdddDSw&$^#=L6iPOyY0b_fjiPgmkV8kX)`{~i*@{I)&# z$9gutyti0&S1kL~qVG6zVBL>J!HK!qxjaQI=bBDAbUS6=3i0;_ty&{? zvm{8#a?+$Kb2#tt1se>q=y58D$E$5#!0Oyc2x+Fsoqlt6Ed10^@3&WAoe@`Dl2QGF z`{~xm$lUf^o}{K7Kmu-fZ8}d<{8-YBCnpI3NZ+9XDL~S6qC7m14Cv}R#qM_csfWF22R`9D`MSUUD>(0!fc^Hg|QqJs;Q!qd(X#+&7Eonn>bM@r%Fg+PVnVWY~ zbn-&Ky-Ge_I^D(VjFrQK7F$YodMPHS!vSDqLGz}`dxu&62}laPySsFg#`MTMe7zw(0tQ4N$kofCoBs8lErq9Cv;*{&<}E zGoKr|LNHh1dG(#(rz;q_X-#pij>Rwix!13Mf-_`DN(q6`>_i4Qag6^WJ1prqq>Grc;7G)aRgtSs%#+!RkX2&JAxagivJyThkfpNd1XsDAU&_Y|=lk!Za(}JM2ytlbOESkPCQrXA}#< z&pS&N-x)$rKK;)IdmWeDXGi~7N5zk4E~2zd`y0k6V#eS4uKrqbFm>r8<*fXPM(6ju zum<*LSPq53CL|=>sH=;zB5=@mVQ>(KZtzdb*_!C7(P@kRhK-5Ljg4)ASJ3b7=IQD3 zWy3{K!Tsk7jJKu(;T!3C#@u8@A9sy8NIYH)=bd9WO#=LaUyw6bd+O?uO)jZ0+cuMN7$*nDaSo z4j5OpKoc-xllny4Z1}MVlx(mLB*cFE{8uBqj}rzE85>aO{3b!6#{dFs3kxA=Y*mQK zA~_k0GDx9ckFBC?$$(4cT#{X#+|Tpv^R9oGy>_9os2E%;tu&q)woUS64t z86_idUe7a$32{rJRfvCIsp|Y$ zPQSWV!F3;B6#f5(%$HG1Ad9|`U)6*S&Mr2qj7*1h%?aL17V&UWSKD6-~cD1TqG zyKhzZ2lO^<5>sQS5m~Ik3!F z#Rv8Xf;+P(k76n34_Bm#^()1qMEc1DU%4gatr(_ zzPvcA!Wzx_jNvj@_@)5yG5&PZ7fRFweww<*fT6!(z?*J%S5uD62a#P`Av6|%?!VIn zg$N4qQ&)d(4gML4-4&!zN362cFZ_7$)411jTmr1|*W1npME)xyYLGyqlTGV)RYTzh z_%H!HP3-|mVD9nC%-8XZ#5Vx{#4QR$qUakmN0@Y;do-}@9q@1SD*-?a^f7>9^c*2ith{pnc_eHiRdqHyxSoHlU&(-=@e zR}=>kDZVgobP^OmX$fwlg@F32HbnjGl@ygl1n=Ae>Q0CE$5$!G4qkuEl5bLW1h3P7B@n+aJaCm{iDWW3* z``@v4H%Nm-$W-UKTAi$ZzuPG9ITPgN5TWWWz%8+@s1JIKZuV%ej7#mg@Cdvh$A%3j z({Mn+?_0a<+JJrpCPqLK1P|@O>ONhTxsEA+S2X2~z1WCM~^RBQZJ&~1qH zVNo&)ghq&u^_tRP5tCp%O+Vn(Qevj~d(Pd=zzU8uy+|n@BJ#=}{`^TfV`@?WEU#?pq!bjS z{8h*V(^iDVmz^T z7Q5R834|Wo2!YX=!L^n3=KVix?#e!JazQs9l3_ zVJnVU93NC(e(5{-aMJZZb9%>td@ova@a10}9zN9F0Jo|jRD*lHM!ApS-~O!Zvy1~` zl<HFPL};Dem{8YK~ClRBWmh4)VK)K81;K8Wnh9;776 z_VV)g;auPJTYFIrrBZMq?y+2m1Jwc3omoVR9bu_KpPH-*^G<~o-udnB6DcPxr*IR> zwh%?0cwN}@a!!J%cf;ARhQ`85RrAP?pRB_)WL(73+;Afo-u-|Db|-DuWPNioam1yx zr|c(p?@IpR{}4YNshkDMH5^J%YsA6pb6uv^I6&vM7PJGEN!?vnSqpM+a=qO!TGqqA z5`1@m*}3i|49|CGM;YYo=>@)nNP~O3$~R!7&|fA-I_o~vY~)EK;JiPrCHh0j&=51^ zg2()>6*jiL?mHl-I;J~?%@9F6>G9zfjYwvD=HDQz+zOozj;t!?h&hWS8->`PvYT-} zBJv7_!WPHpMIZ1cuw;mY(MCD8?szFheIAd;#3hF`zFb^!ZimKDk6)CO3mBJ2js{h$ z%Si?KvZzt!rsctQ+VL%_4bw7Aj@E}0jS`rS>;L3sCpJk_sea&`2X!(-`m_5};;4s+ z87~MVV3eDbD@5!eOy@!8M%l=ak0lRNG3&OOty*gv&{p0|eU;vi=nEwke};j)sFPvE zM#L8)51K4SJYDgtS_mX7B!?ZicCl5(O_*b0V*WcmR<8o| z6GEDFKhM4YmM5rC%H^7YopY-Gejk3Hh!V5(lLL#Aq;I#atcj8sQvM64!7Z^%3=@<@ zOB%VbC3$K(B+(Aeuz`<5qlir{t4*0MW>;yAPC8=Gq)mf*%fnD0L1ugto$&-!*==?_ zw}~WIrA547G&`;AXIQd->R1X8vng9{%ygLayevo02R~y2 zFDwA=%5h*u8vv^F06jJeAyA+Ta@XduWe;~jS$D2sVA;%QEE0^or?8L=sL>;6ca?w& zE-b}?19n|7Rs^O!)=nICUwN^A%jaXnTfh*HTjpII6)%m~sFiuc7+>v6O#E?=RP%?32sMu&Q6ihM}>#(kGc_bJO&-dX&u z&sjfOk68ohA1D(`P*_*X+n&u>rLO2G!{!u8i8dP4e9*&AqSvk~cK7Jv;}62TRbCaO zLAqFK`b^4smnX<-V&5vczG<+$065Y;wBVuibje6k!u>- zsw6b0C+9T-sFO(I(s*>Pi>YuENU<5rI0{&t%UaQdmW&*vOX#MluYBOt3O5w;l5Amd z3nQ8f?HpVyXia4@&2U(b#+Jb~bIgB`3xu5}%`tThlpMRZ%Qz48XE2s)3G#szF|;0z ze9KyW6DHak`z4}wW0(>l(qF%2hfPjIl%)md`--`+NK=c`E}`N%7s9Qmsl7}U#_A0P z7PsOz3JUTTia5>RRIJ3)a3}_(P6p(k;bWz+R@D1Xcp4+# zej+MfIzmN`rq6fd>c!vy`wJVX{-PVM%pSYu=HyP8vw-Pgr!ykCT zXdMFX-V^X$3~CeBc8?K$Eg(@IcQ^vauSiF@Ae^Wu{*zFqZX4->pzM5bwKe^ z7V~3F(8U$`jUE9`TK0Qx9~&^w7{DzZMs93OmMlU8C8v)AhQtK*+N~->cqco^;0SPpS???%!X6~$Xl zM*t5N{my$=mVl-o4MwIhF9?*IoiuI+l>`fAi-!uia;2`qJ7kmltK9J6paj3 zj!D59P+k@}ZwI&7SV^}RmRo-JrBX_T@S?%=3e2XPa|kh6l2oeJ5d1Enh69KS+uub zu?z$1UG|nAAGku2Y}lO_g&Ioj9D1;RrvQ=>U24pWA7A{O`MrfR3ihbg;wwoRY99Qy zdE=|AHj<3$z+MrNP$Ki?XWg;BQ109XuPR)^@pz(@+h8+!;T(3T++Pl%d?Y+fcpX2i zSmxxYPIn=2zyt{NjgP*MX76KAU4m)f2l-EKBN|XG8SmPHb#Jlp&o{n$g-UFcU_&rt zQ)Lni+bViro}5HyRu>j6NM+r1IUYo`=I(UEB}8l#_qNv7!NN6ew58TYHH)`x#p|~i5lpT5&@n*uI9q_il^f;c6K(t zfWMFLPJ3G$WXU{92X43=CkqQj%_)Z$8?G2cI<&S5i5@!5fQPHQYrxWOObhY#)<1(w z0e~XrC}mE3w$L=m?M((taAc^Kn?dBpEIqt!fKebB5tmM17g23*sR5&CL>JM9mAW-wN7%VTiCw3QVte}DgR@b?Pln7PYf6K3hOd^oxewk3=h z66A~AK8)hoz*C4XRaLZj2>`eI{{!Yg8NW^S(EekI+n1P`8_a=~loT@w)vmqtWKeb8jNl|ZT$ zpJSMyHa{K#`F5+ntqlYLh}hDt6SWUdRAX>Hk0L7&T+PkRO-@c8I&>)b=3%i|Frg(+ zqVz(VRY^%PJ*xl&84MrnQB_@Y=gyrqYu13Rj{o1Yii!%LDDL9s$>ajn83bPh5&)nX z&80w`V$i^W|B5TeZ^MsSI;)QVGOXuxac50_h<`9$Z~RY-2SK8p{|afpI|=f@`rVLx zMuR@H2Zl!+O=Jm?gx$lHmZg26wE8(>>#x3--yhExce8CfVnnMD+sFx zZveLk{PezlS%5AJh`xWVArO84>K*WPGhVSA#Qw{}{9jZDx&V?By%fv_zrM5tR058C zS*;M71pJKO1gPl`Ccp)ennK~5u^q7Gc5 zmSn#>iJcCP#yGgFE%WKgvp0gn!V(L)CT=!rywb4fdOZtW{3}h!x=Q1d$~rn*TACY5 zD=1nG(z^q zAFx%qpjFVxkxaC}fmx%^a^L)rtVFLF43cC3MOH4C$Ki0<94@QpUyz~5+S(c{NB*nc zq4b>G9Bi~+#CzeahEJV3)>RqGc=WGm_Ro`E&q~xkt%R)lb_l$f(~=bi9RB@Gw35}t zvEwI>a@5H`fA+?cGO3{MS!9)xCNC5UQSACQHLt1pFquh_^61-uJrRyr;7g4jFeFk`Ya|YHX$}H_DOI?yIj}e z&mw4yJAOD>-O_>T>-8umKRqrYmZCmthFR`YpYrO$E6=0Fjsq=W1$S=T%PUH~A4eTH zYa~0}Kc=)SIwU+tW;}efM)LhzrQCnhG3XqKKtCZM2K$1gu)q0%N##?{^72 VjcS zj2=B^^k2)^v17Hhwfo74KxXuR0+4sz|HtU7w@^NR-#D79?BIx{ zTxw0X1Sae#Yi9GIJ2?|8{)^7>3fvPp;yAi4_DJ3u%3WnDm zJ?lGA|I)!)%3>0XT?p;N+K=XnKqxWCdQl^YGsJ{cAQ}ZY66NYKhxu7;#|Lvkq zdRKLBLSlmN-TMy%tKfJLW7hNd4TE)8#nIfBuCgW6b>uUp7$sy!$gN-Z@89>!^IEf6 zE~-4?OFbVcw>9|EPnUdyLSnOvg%Skv%@6N*lhN~r(DolZc#q;aYN)G%n5s@D0KHed zvStTesH#8&ufqZ&x(U|$M23bE_!Xw8q1V*X0T*#p6i_gk6sxFCrO2n}paK#23J8F3 ztFErD%F0S2kW_x9fS7k`7qz~&j>Te0K(216Km@*R0+0vxZI6F{=)K%C;>&OZb!^?m z(Dvy+U*0l!gvCH>ZcA-SqoRe8Obo*-gWMl#$^;A&Y#J0waD%3Pe{`co_~n>t8lPXE z@%VB$%t{3(ttyT$6&j$6gObG~>K5%H;>=EuxTxMZZv)$&|p2>khNLPdI z)WA!B6i)kb!~AgrNoe4@$s@PmNGyo^iieH-W!vTrdrxn*m*f`~(_|V$rmo$vVZ-8~ z*5HA?Hvp_JUPUUFVYQUOQl(IWeI;~Q1~xIu-8rK3l#Lr#Od(YUgi>{v&0n(2swFZl zj}24mVuGkHEQitoBpX}8uUyDg+J1JYs~!$VRB3LP=k8^+H5=;dz)(aQTLeQO1vH9= z=3izD`opL|Hb4a4mjIA>0P|Z{u3RZCEftAGXU?1fGhr{cd4XMnK#r2dVuD?h&?@Bn zvW1TS`UpTC*w;6vUs{i(U{Z)|>2BT}9Yu5a<;EkQKhB=^kBz%^?fVhtBp6q~qIY+7 z@j$P*JRXO~<8xSaI*(*Fc-kOtdPqW2T0%@Yhh#8NuPmLaW-;1Hy__v1DC(-IsS4Sw z^pvE8w7Oc5?+84V^FXQ~QEAL`CP8b+I8V<3Zj0xcXUAnXQ@iQiv_Gjy1Z=htiQrYn zWzlfvc1XVs2QM7+@-C$@z@H6}6p6zTA<=@S%);s>rnaSrr?aJv(@0oJ@R5rb5Brtb zIk^q8G;4Tx^~U9sCEbHuU~#**T*McW&M%>q(;#%hvmOA>hr5nGzeq}Df4# z)s@2EiRI&4zG1c4E!Cey1pWkWN2+}Wp1pa-ZupWGPS8_8CaT-JBu5T#twtrt?KfM(KeoQ zMvQi_H8(Lcv$C|XFop-8xZjL3bhJ_fV}(*PcT!^Kmo;d*&0jfdu)cu~tf8c+TsUIo z8g~sDPm!RAlF%6}DM@GG;1TB7_OzsG&@-q^(tQlpT`x?^LhPo6Lf3&9hcvWW>$0t2l`xLi(nxHvSFUR=xq`+anDkUg;n zP=N^iKY`cOC?HMzZ~7wn{EDmzObH6NcVu724Q@+uZeCrte7%ogXLD>*`WuGSfYKj0_Fm&@Y*=yQ7oN=1brhZBv8)f8G)cxO^d;K*B@r+kbpj{FlwW zrpOA7^?wN;YU>{e5OnQ^OqtqKM)za)3-ki5uB8sSU(f{&5qOON@Vd0Lw7^tT?^Z`J zF{Y!V^Ofu}L7@arPJ*s3B%7^aObG&IzCdX8PUPD5S&jnH^ZHrZ(6ser)1fNQ2j506~Uc+Ibp2)Jw(?=^{z z>Im=i$HE}B=J&b|zo3I559|vXtgqbEu8bHz?@QN`x?r%@h$rDOG2wn81wA(@QB_vd z)5!Ao?0;8$cuXmUU#^rBH z?|$Sjx{wtV%oi{295JGc$%Iu_DijwJ;^O$>;m;czn@5b8x^}IBme$)k2)t7y5+(w7 zG_=*mos)@`!L>pdr{vkT!-#;9#}sem~YQ4Nl_Ji+{!t|6&WlcLV?sHVNd8y zW8I_JMF25j;^yL{nE3QIo|wyMsqL0O848)zwaqQ94fXkH@o{Mt^gkaV#c*Y-d24on zJK4$&zl}yS8tUmVQD<&aY1R^geSy@aNYj!K1hGpVklM-6hDzIB#+TY}e_OPNNFj-;;8OTl&TH#X4G{gnXZ zf%Vss`PS@W7grH+ZX;K@D`X{9a&aJgc29Yc{s-)XL^tQ2J#prc&)Flt-1CbJyt?bq zb0JKWeB!|IW&4puhBDM5D+pA2cImgiKoGiu}geXa!uKf8KAI59o)=*F#wPTot% zZ~5XM-oLfW3F_~EP5=acfd$9EDPr+oldb;e7Ji%tg+k(!CyMd$GB#TQfdF?KnLyxD zS}M%T6a3>OpL~^8ZUvhnl^|@i5X}Yk3}$zA6_=z>R>Z-jFgQX)X(?%CGO0CH0+N}A zp^34UmWG*|fhwc1p}L#ZQB%dl=~*hhNZ$Q%x&+no*$6-$*k?lzHT;5r+{@zCSEk=N zcX02HGybvB38gYTMt*7bO+6uik}8&0d;P-e9l4FJC%Cp!>zX zaf7jA2d<_DqoB~>=0-6$=Zi$JxH$2lL)DRy{I{oClF1}OozPZJ zFP&O9%-~BW3EAIE0P?_~E8%k!fCKkNkXhHEG2-VfYZh);yHvdVz-*$uxtWo!fn2zP3d5stxEIrA0zTGY z#)|DbcI-IqwFlXmmzYxnQ?vw8vKX=wQ6?1#rEnS8!-PR2C1L>|sI?+syzWl8rPH`2 zOPBBZec!sNb_6vovJ(1p1A^Lz2tWk-1p(pBo1A_7WSyNj0-?moDR0>_%1=MR?CmKM zNoRb#=;+agpddC+E+75>g`lh=p(XB_GjsNe%PPx%`F^GW4(q;QyYr*fQ$SgBBV0<< z(9|HQXt@9QlZDrk3E<6jUYRByp0IYGrANaIC#|0C)VOBSlqoZoo{WN4A^XMk@Zm;4 z9@vL7glhO80`l-wVPkGmzU8d>!$*#qx^$Wbto-S-JibiGL?{^{8iJ1=y8a{=_?tJAtgXS+JEyp~`q{Jg zw$}tD`lu=BkH3%>=jZKx%lq>B$&NjGU<8Lbzdnh0?CtG+V$n#4DXV_@W1%Vx=dkEd zK-fd@=CK7%s`iu528Q3;I0jA7UwZUr&?9eeuXEoG)&I7K;_K->a?Pq0tsOKs7spR3 zPu!b{;?)9z2Eea08jVh;J2^RhJw(5#p7aMze2^@As5YRc?donq0#5`8q9RUFS<7VD zXg5P`n{m@!c(tWmtsy@y8)<1{C#}!RZdF^dcCDK>rn|P1g3z2YWt=(|rJ`+UVxWvf zVU)ED%#74}9xMyIh$L<{|&+YSGr7QL3;?ps+H=bWR?9J*s?^PRgFhl?%@PP!toxHQN z^KDP^;Lm|N2@}KAyW$_S*{uCb)WipTfY4cOOiWo-mDTw1mL?`IiP34a;(&m5nQZ8+ zS(+*;A4n29{VOK$x+XpYK>~>(pw0GQ@sRiXuDuA{dLKg-9j0G7dv@7S$o+aBYS6I| z0f@i{5J17UB2hjZ%Pep#ebDNaX>gWuuLVkM4Y_vv;q&5hxSqKY>5Yp5@+0ZZC7C5GU451J zn$~ZMdVJ-ce{6Lo$0j5s6}DiEZS{%oW!c-WVrFY;dJzNk z^u@kTL3w3a7p1*6pQdP{4%S7eRVBqG3^ha5-UW|$DB_lif|6#Lz7`2=X06OGY~|pY zr4KIO4oS_UeopecX-B7ZW%HWo2Ho-`>l)Z&y_9D2efYocCT%PI2(r9k=oj%E}5I<@fg9 zD0_RxkcRwNzwnB`?Mqv*Z)j2T%PJ(*nUVg_>p)^-Wo39q(4D8x|FY?+r8w?UP|1r5 z*-4?{sih!=z&jOcMZEWebpDHD#kJ89sachkB>@+sd#aE%rpG+-PJi=0t~a+JEKLse z4J+&UkeM197?RS2#*vhjF~z=NsRiB2iXkeFdcsM_Rg zq3NPucg!A)X$khLHXCh5Z)xqMump_e@~V0Y3#p=}z@c~1+Zsx%oA?+N6(R~IVV4)> z*EX|>TEtc`dm|+hWwcHnUR6aHa_*Mm!d*KTkM$Td%H7I9MGeiUDJ`vSqH<6wstRBd zsI4}?tg2Z=R6((8@+*b<+LDGA9#LHdhk!BLN(;*BSSUp`g}(&M_S!7tH$1-RZ}HQi zpJogjIBb-QxsJNFqOiT9psXI$ri6phs9m(y+VWb8jDRl-x#}Iu9yZFEgyq&1F{it;v%aRXkq*Nl8*d)D)23+UZll>VpC@jtD3_Qn+VR5_507C6)ZDBR+{jUS z&1HENjSQ3usVeN+_0aCY!!0F3PD@iw2OVK#X{wB4Ru&Z1bP5zTm1O`C6GkAS#Z2%@ zghR8c3yN!+J49F&1gkoy1~+D`ZBMT_Q8$8UN**H|5k<)?*Ew#AFc_txu(m_lbG$}n zP8o%Z(NF;ihS~MS`IXH~jJi6QitB1AF0G(ol+^oD6~IJ|rG*rf&2Tr6i3QhGoKMG_ zPMR>v-D3!`mTEj@#o7gfO%07K9X$pZ5xbggvmB6fAx$G`K`+vokxK&`)pz_&05#^>`v1oPhu&qAL<1pc1@n0@F?lls~m7;@#x z6|J2#$OHQ}@2j7}0|Q$+vO!kuw6s;LR(X1QYWEadTU!$olhDvmu#-nmPY<|aJsub$ zxj`gDqK6sb+6p3lBhs1drtsJfqcLWA_b*=e&*X5#lCG>L;fc`+wMYeN_{EctqSI62 z1D-5<>%0D}~JR z=Sd}8$FajOMc&u_<1!11s`*Ni62JWi9u!t(ggs4bqHroxqsrl?Q^q;;t~Pd6#y@-< zOY5%B%1cRY;t!lSf!ylvzm-wG^13BjLu~Cn5g%NIeU3oBs{psEoXVVu7{^yx#l3vCxd_KHrN_$s-WkEBr`RPT(}0ZW-s`GN_23mzDFwgi7lp#l+jUjn`E z*Z+H92%!X8gZzT;di~9G5bwogGJyv+dh}@EX}xM5m=7B@YE))sCX2;-u@)(U!CAeT zhY$!EpWWTw-cA!T`AiO-uP|rr?p@oL*_vCa67cZO?9}vZmQ;E0y5kT1t_;D|Jb&ir zU#NQgq3^?>(^D*!nKZG^&^5qy*gg(dn4H7Mg2}8`3Pw@a(OHRrm$c?)#fRJrEFHDU z=ix)&y>kX2=q!o4$8Q&IJvuv`mm3`F?d26s2X10V$fa8kGJECq>BZ0XY+AqnX_4IL zlBX9&!vEa5!VZ6&Aa*_A|I}|1rad?yUx3q}wdeXn|6lbPO{$(V7OvSi!J_5Z?mIu36DL$&YUD4hVdGoiM zsci%Tyfgar^-j}C^H%;iYp|ApqqTM4fpt?Iy7R-19uBA%5eTdj@7))9_5)Oi)Qs%H zigxyZS+00Rbv;{K0s&o`5mnLJ1tur^ZUbx<7B19KCW^&UnXJc|k_Wh;kZ^i&eih!% zX5PXv+QQM1rh6?2jW)fuJo_WzQ5YQ)dp$5yB9kbPMQo-}*#(;364@Dl4Tq|&cwLYV_o(%lG}h zaeyX@CzQevNP>}tx+Xy&ln9wrw$yC&`aq@{CpcfBk;q*l{bj%qCV9N9W|z#J$!ExiY1}v$q0k4;(nYYPu_u`!dYzZI_gg zEmImgXB#+S`<$TwyS&d5KF~q>c-J6Q6GY%s5df3-;P%y181f%RUjZ*T95#?cdl_Q! zsVso%{kjOeR|xXg)pe*hpMU`H|9h9f-zYB!=9WMd1z7s*`HPQ$i3Korm;42o0)x}C zVjnzu{P@hBOqhwgvXIK;3E?6voet;l1kEk1MjnsLV6pk&ToIGOQ!{t9=ldNw_3-ie z3x|F>lh?uFa>0z1Ovq+%Wd_4X8b@5bbk*na;|pgG|9-Qq1IJ;*xjbHD6Sa}#IN7qn z_r#&ckMAB>y6b6b9g7QG5is?{?BuBqo#J95Yhv+OCG{O`ELpE#fYY=dH+lMKTe-sk zCzuZ#uKD=rY4696@BeY^=;34o2SQWao;$ZMg*S4{UGzj9U2KqmSR!Dvg*ZI7E+I6x z!+82MWo`|HCulEj;mX8322&n-FXnOB5(H6P5g(k`+2_-M^EfmLMeZxXb)3|2-31KC z=>~|#7M`#pzlBR6iQBWDr{py-`8<(Oz+th`1|HK!py*ZIJWf+?BM&4P@EoFA;2S5l z^&o&2y0J8#NZLiK>*UY`JkHC60g74}A+EWSiqbSQwQh>?j|h(p3T@{b4Og#!6qQ$n zRU~$EFgoMMsPXGNc>K1!HXgmcIO%S_SWO)*tfw>j%oX$5UDTee1277e(%l0R6q$g{ zHF6m|+8x&tpO{uf!wmc3hlS(qQPlL9%p#(t+t`sK$4?x_sESF>Z#9~= zbir6#RYl;2s3X9c1l=){rYMR^1EO+qj^pQ!wf@RSr(bzI$-*bOUD?9C1eXLeIgPL!>GFt1lkL=e1pMr=Xh2nK1r!Y4PQ9hRaZ$_ zL(kMe33#gt`c{L?#Z|>zlc7$kJu8H81X4-U(9B2$4uca3D5AE(s3{Y>@&n@X1+McJ zOm$OZmz6V=EFGP!txYsBNW7`Tpix83a-#z?+m$9RnQ2Wzq0}^paKq6P256JWmiCJE z=@EGyT&qE2#tgJJ)H5_UQSXu2CaX5)7qIQ0Ss`T3dq|ai~B9-b~<1D7!K&)&>OgWcE-tR1prEp{68xKz zk^&x)Cr_SiW@ZN3>TRM&4-9OelWXF4*QWbEd>S2}SjfT}o9O^4s`n}Un&Of+4o*Y) z&&Nu7c9i#nr*Y-gNIi2s;v1B`dh2JlRpwW+wRM!xWD{?z+kZG7ny+HXuUv8t*Wc1)qoAEXjNt4t8pq4OV|Xm z(%X5yUXP?JH>+BvpiIJn9SLpOd7W4^BjL%-XVF=CML8+)i5YD$cys)d!060^yv($e z#Po8QiYhlh@_t}=QgUWHOyA6a3@*@y%pk7^L3vcZrMXF0RS}DzKt{in(EE-Abo@sl z@YSzEg1co^bq$e7($ZA3voWu#Z6@K-ofH~Ko6TafxLh8%l~So))>am80gir-aESQZn0P*p`^sz z{r&j4yJ1lg&z^)9{2%?7)=8?f<3i&9BEer9ev0UF$ES88FiPs*4C)S81QmL@!!A<|% zCO#OvC*DtT+87;$!8gu^(`Ax|IKK;*GH4x1J~5@j_ZqYJuoyZNBJg(vdY)9_Xbi^I z#tg`VnHXr}aadg~bp{>i@UX#_qPLz5he^Z&u2|fVlv1s0W=-OR9ozB8-CU_uob2=K z72hI>gd1`G`0a#RT2u6Z&TUP(7nM?yA8};U?;wH} zheo0>C?M}5W#-=4ez{o4%Di^oFTR1>UGg;ic~bn-qfawsAUg?&Nrg&(CGhS~{{6KF zkX`+f0PwW%csvjQTeD^j@V!Qi7y%X^-{5}r87~owREE#kvU}IAgVW7h0}~s$?ADg% z`i9od=IY|&;);5?00NiIq_x%+mz1~Ad;As|ufDRlxU`-PLz0yhP`r+cl9H+xmK4TJ zd>U`LV&kEGyLRn8@$1H!x;Q?yzM{Ceq^hw`NTI6*{94+|7GX(bGKODQT~<=j%tspp-|cDk-dO=V6K1o^PP6F)OKzskZILZ@YHwx^VcH$)5UfMq3rI zqolg4#}FC6yAq^rtZ5e^@JdQ}q1?!_#;zWRO2%vey{YPTb9xMDFHMYZnDNI^!1L&V zeT(N0Qo_LTiW&yGs$kKV-3d%7X<~wzNGXd!?`*6rF0G|<*u`-H4+BzZ+!uQo1tme= zY>&YXN(3wh+dJQez>$c+WG=m-w79B^BX@!%+_rMiv(|2T&t$CHin7Z3u0J&f!S)6+ z$Tigyxv!$Eh=-$9%qOqh_3MF6GdyN(-?MAS!cjvet=hWt!0K@`maN{fd+X|V;Ci~?#0y66BAOIXN zkyLh;3B!_!A|abE-}lQ@RZ-B;P?h|xwiA|!ZZCSedB%*jM;qrKT&E3_%5b`q*Kc1u zQ7iF5o7?(5yLRn6G+()@G^LHLWMnt&`@LHZojKqD4=b)}i3o|SY;UM;X-+GsV9}*I z_M^9K|7qvWWkbz}ZCpFWLK6p9Ad>_ganGW2o0@9sTeHi`yJ=l$7}03x+_5gE&~$OX zz4oA0$bLIC|Ak?nVioeG-5}Tt$Wj2W3l#9;|CMrH$x4K6%YW`4ohy=bM#r`43^C02 zyL#n8QdbvG(2;yUAPP*+W0m0H7fwD5kBba_^gIXY>Y-ipaR0C80u#d0YTMZ|L0fuU zQhI8Le^8yWE;6qIF=N3PO}yN_A!(`-W$np#u6T#Xg~wK-&FobhAO61Yct~7oazYb9 zNst?xl2eit;uYMWJk(C9H1PJ>C(pCu>v)>Rrh23|+`HIK8UFq$bYW+4K~`dXmdJ3B zn?mrRLw`K;i%LeRx@r)De&6dI7aJE;(Nr0kQYNq)JzSx}=aNrILS}B6#MDWZ7JBvj zbN5pc3+h>ho=b+A0( zi4MtTiNuVi%B=L{=g_@g+hjrKkaGuiNDBbs;c1Bc%S(mA@8Jp%X4{E#BJE;{wjg@@6Rv2jv+XF`6!DX+k^__8*fkskcH z&+ixSKK08IkgXi8lzW^@YTRRx__DdJwzME6F`)`QZpuIn9D)zD|DV(t&K;`Vw>m=4 z3r=Qg8N1kO!X=b=-)FhCT`lDxKLTd-)QPqlysG#+Avr9D0O#p$ia?U7x#zRtBL^A( zi^bpn;%oJ7w(*UuLaHdMVlilY983WT=L-ZFGzNu4DG-U>bhcC?Vzb#+mTz8#WVIA# zX5-d*o!+=&hPy6MGNfleNyfO0a<`DCJPMOJj~i@BZcUFW$C}!z^0Tv;;}?xmq!k4Q zRy&SyFAvQ1*mL~owjWlHcSlq5Q3G1aHetj|uVd&l$4b+u#4m_VHGN4w^vO zWzQua-_w(sna@IR-|&iIsi>%Q23@#zC#^SNjZqqQVCUweFH&LyMSL~|%yNNJTGzrt z2rGQ<7dfwgW~5M)0fX*`Qs#uwqv_)m+(|okgXvH_g=XB zFpE3!w!i<8^}|)fqMlhZnFL7F!~b%RBw5*7+FPqA35$}Rg+)A0XSm-F_7A?k(E`P% z&{6jD_xnG+JzlLPCB*-aKZ2VPsw(`7yT2aG>{%g{?~#JPkiVC|A(6r05|K#4YYw`8 z{cf5FOx@KzICbrQYzNF>-tS)i4>v2f)oKi1xMbCuaTXv!k-T(MI<+)OC>Tlt1VdoG ziz`SV89@h0Fe})0b7oC()u@d1Id-!cqpE@~e0uHdgRqPmw7JE+MI*Fv;=V;fpn)%> z*H?jQGB8nAN9Rl6|F|XsN63Wq+Opi@YU%iOt33<}N@kP4-|`blSaS37v4fE{zznjQ zPA8QPeT^Uj|2+Y4Vas)7Btm)cghV2h$QRLp8Q{&oUl^ByFS``2qOGo?*t`8mCITCj zct9FZbLvXVyem64Z~p#RoXW^SBX!7PW_9AeT|2+qa2DbEgR6=0)Y+OL`*-iyzJ1T# zC@`lk5%57AKU&2ECw#W|;GM!&0ZPQ>U<@X&u+G16csnQ;pO$7tA3bm)w^`LxPZbFz zzWMJjly_?pT7`T!PS8=GmVkuIAPk(knYSA&Nqp*5_mQPn`TwAW-2 zi=N?oemq9~q%?vQS_I9bcnJo~|huO@T=I&^yZ)UC!5^`geuxNg3lR(|jW#FJ8 zt2b|3G0Cd;>w#9%b#!&N*H`MTkSoI2Oxbwm1Sn^I`F^q@y{SoPVydSF!)s{4&}db= zg}aw%HC4vt6}EB&AYcS63U<)7+y=P~8o6-yu7x^iAfhz@>|0X75rFDf&%F_Eq^Zbn z&1>y#KrCR>axZPT+>SQ!ba&Jw$hx{jSR)U4#J+*m=!HWywRG%EfbKqAs;DgKZtLP3 zcntL%G;#U{YV5tBm=G+R#lV3lF)lBW7c6{x=v$PZJ$f3E=elPt7@Pj z$@W7$22EeSVZ(w+6V@!A>8O&QoK`}i_x&{z31nJ>w;wq#r*&b+5IvFzShXshDHC~<`^Zjv0F~BH~%vzOMTX%U*`|g0hhDw?7e%o z&vSPlwszllBP>+--7;-Mr@=#AM=ajBZKE@oZX3Ss*r9E+oSmH=jJ0$fr))X7)(FgQ ztGaGDcXW=knX<-!@6T^>!r|=a|8{);3O8_^g+5tT%huk>b=sQE^T(@wu<*sVIoAI{ zuOScYKY$E1@s9++6iau0N?=G>*mb`=nVzGfu!{xq^)Mw=h5`v}j$=xixI8WsXySus zKM{+`S2K0AVm>^5H8||n%|F&1%WC8B`!wj7RBcqvP$zS(XPqI2m^9VF{k7g6Ycf$w%m05k=MAOiDvW zd`Xwdl!;0x21-RmSV2>8bTpBcoV@-t)Gs8snk(v=_(EEHxZ%6Ajvn$43ky5H;oz+& z*=$>t65^coP(G{XQK4oCJn{FnFJLQuN(yD zqU4^Bf}W$J8Rz`o>!7y#hfiNT^0p8J$%k)ais&4vn9JmXi9X=- zafDb5vo1ZUyuB}+Ox4i1yQ-sGhAt9VP?5A`-7m!%nZY?t1T)*g zMqC6&MJ(nua~MsL36=Fqdg{W?=K8*zP%sIHL8DN6exp#SbPn+8K#@sBpyfYR^Lu3U z`F%3_z#XSidrtvH%!+xqZ`H9&VPWBS6RVXyEP#_qYiF1kLK<@a__cx#_?QGh90iZZ zH#apJGRW20+8AwWen-h7Ld`;1OAUvX>FcX2C=f-WS1#(mHjYuyvUD~l|M@2utM6cI zpwYYS8)G+e`l3Y(hgiw8r3v{=hE!$T;y zfQK76Pn$Pou)d0#p`(?mJmvuBFlrh&Y|*#@dM0+$<}6w`cbthD6bAM&FN2R;7ZeBf zae01WwSCe!uzzHMLnD$Kz`P4`m=OVuVb|A}6_k`x@Xo8YE;dHNw2ZB-?9DLL~Ybbgb>bNvs?Cp$`-V*+E+VfuEXMva*^c}QzsU_?r__LN2Q$6Aw!8desXaH&Xy z(w;PP8jg{1Cm>N`J$mj0JK~#m5rK6F3|Ys807`0bSUzUKcR!7D zGRLw?!(y^EXZ)~vh8ZP2i)A!?!Cbfe&^r^acUuI`dcY91+Nj3~8I1_T`J3lkDG)Uc^)xh0 zCrqCRYfJD6O2@fOo;kt-BU7-nH6*|#0=U{hPYqgL8Q;X&R!4q&N2;mtf`Zy?M!35S zA#<9O60|rW&zr4?5=fV73gUJk;sV)hNwa^`v3SH`wtKJ>f^uw%ckbmrj{0Y zBKp?W?51|#nvS;iHl0qelc%)4u@NMR)X-2jGBo%=>fp&((ec~72kSPX!X;gLH%hFL!9S-KAk*t z{g?rA855}V8vtkeq5d1T+LkEEM47PU0qz999&(ToE#k>_v`B&{7=#|=qd7(V1+7u z2LcGNh6fX}VLf{Q8BKZqKDVx3z3P)t_#%S*9qQ;iM9^4SUe(kWdf)pVr#Sf@sLt0v zpYeC%rEE$a$WZ-H!Qp?gM1D$1YtJbXYExBlCFR`>edS0QqrIk}wEfRrN&>KBKu*9n zx8$u_WZ--mv#hYZmHy9aSnb6z*REdmex5}CxA{*HFpR32O79j;4wq8XSXG@{(bA`s z#;i;&?c}{R>g5eg1f2zWRScoL$6{7ecJs z_wU}idHt$Sa9ML}VU+(3(2c8i6DwFfbxK=uB5z!~_Bf>obgQ|loGyDG8~)W$K_@{3 zAOaA9PeA~R1N#(IznD5dcN~}`xkV_$84NQ*WqBXndnrpp2Vaw2)&$e_w0N&LYub~` zH*;BrgYCf%L3wG-di=|YaGF%er&c6Bt27)kP!s=VVd%P)`)B>=lgHbb-M* z-DAhwqG5uJK(B}C$O&>yuQ!yIvb2;^k-1Ti9_i}^UY&6FN-$@_7%O?xoVq(_&OJ(? zBGKH!$oO`Vp1rNsn>SX;D$gG9l^MHPYyaJ1M@M1A)nk6GC|Pq}QbD=;fWi776pkz5 z<~;YxkSNrg4QMyAwl@HZ6&074-$jfcWY)K}{vED)TJpZbac09kwFyXeb;yCsm97I- z$}=*H^OO9pXP``!5enMs{Hns5s<3lUYhYLcLCHj``})CKjVPjwRS}gYa2sXTo$~n7 zrDzUXQk0m~#xo$WBO<8!9xt}3zJn3aA)kuCw-5&g65Rr6LvY)K3Pj+&2!Qkny?Os2 zJ+M!81A^*(PXZDk^8iz@g~{hIBqD*zsM$LYA3S(srg`Jz_%S^kb*8>XB9;>ab>*7nW3JMAsQCo9;Z6k%>vrSLHYz0TQv-*-( zzQJ`uV#!L1y_)z+;00Fh+W>{I+WHo5Pwhf(M_p|boy)08e&*ws+|38?im0F;4edQL z^56(YQ(bi{O^7A*`bDyq?1Y?l!X|HE@xiP6e;#G80b_T8&ehhn$hGU`ePuV+f!}Bn z1eQ$3i5bAi`c7u=^bfZKbgqf=%CwlUDmR^?GwJk!gBLEHSuj=?50kOwU9RsE01JS= z1G~Mgp}vVK=rx$h;fcU2Zd-kAZA%xJTLS4*==84UW~$tFu;;TgFVf}*&Fs8JGgy?n-KwPGyBxZg9nfP;nrGQ z*V3AkTBtB|&7lJaubJt(Ge@CGL5%?Db-gZ$!b6}tF zM4eM~q}|qq!;bBwV<#Qkwr$(CJGRlWZQJVDwr%sT?>py=|Dx)u#;9FyZLGEST+cjT z`>yz!aMGu6cjQ@t3CA)GvYGV4OH+>!WZFZ?Sln>F1MQ;SjJCBgam+C4@)i;_#DTOt z36mnn2NU7;*}Lb)Kffwdx^~k)o_$9O_$%W~IQo`}hk=iO`AyNPu!)$gM3mKK>>W$S zt1Tg?1iXapx4+S37Ej2~9! ztN~!yTU=iE8q%)dY6=C9uaDa?o73e7nlbhYVtrb3 zcv~o5AN0~J=Mv~sn~SQku!C1jpcUex2{R2N-XH~z)GC)YZFO$nt*^|K%^?+5c@iGZ z2G=e*{$fRA=u@WcJWO#P!}{B4@OT|X?Z4QFDLZsr?u^yIb9eOg;*iCfvX845o`X-t zy)t8*>zigt2U_9!5QuSJK0-EXnTyAQ%8cM<25-n>I)k3 zK^D4C0TZgIjf8=aup|#OMAXF%dSrUL({B0>iO%qJh)!W-qjIG~wcDFb8-gYj( zmVX=K@7%U6AB?x-C@8hL-9AM-P22vn^SHc)sxuWt$&H$fx63`@09+G`0&W|n0wHf~ z!iMS=B&_#aVkll$UZPa}w!>~;!Tx@SBB-F9UI*^T;_Ol}H<#P3s^#?qO2gjk?Ptey zQ0nuZD1dV}oKOfRpKv$MrJr!-<;G;Ax((-jm+_03fsBKpB+i!0ZB1B>YlKqjxaPwk z!sNXUR~HQ#*GBNTVf#tD)rl^d7na%Yri1W+SH`)zJ6X?x(Y4M|HNhjye%A(X)?}zIsw&8Bt9u7K`y>X5Wu` z=54Fg-;`^dYa1}YPKq>EMvc+773#G)TWdZZwPrp%^+8^TaffBzJ13Z8BoGhB7l zd&&Nl4wIl2lU{AzNQh#@ZnmAQFUw-ddq=?QR1ptAf^;W!$#s86^G3;~=a-*;_nn&mD=*fVKxUhGsp=`@%kyuinUD)uG?J`B$ z*|w=qtF<(;s`N#0QV3?Q+PlEQ8tt+>T(aZZ@Q_Op6h#M6SA=z>uVHe!#;CG_9$$QU z#Q5s9X22foDc57U?HnZIaEUHz_vFk5%(B$i*WIdj87#W9f!3Errw~ayoj9_YKD0$S zIz>7>kywK2jBHJ!lR%v||XYKl56 z-M0n>y%UNk%20zFu!)WCE4A7DmZGo@JG5wf^hW04 z#J=nV(^;8SLZ3aO@1*!{X5-@GrF4Q70YzI$!vS@9Wy*h6Rj#?oVKEL%L%m>@f-_bV zC1G-a;{-*kqT<|B9eB`?HA^%(^iKeLCoLz8@WtOq>+-(8`Liqt?ydYaD zsws)_8OuN|ItW^d2OJxDf>pFLI-v)@$+;fD<0E&K|N z#pW|x>rFp^2w)f*GdiBaF$y2CSkbf!WN!QUXQ|O+UjFh{4Nn*Vqn-S7!tXiH`A2v( zakuHxrZM22WY1}qign(MgKdc0JK;x0gYUkv8jQMDil2M>+5>*`B)x5fOg>JuCi4ix ztBFU6azOBc~u^lHze#`rq?A$UNN#U0`QVAy6N4 zU|Y>XXNMZAa?xzo`3|#lQ{Rtm#>v99c+7`pDy`FfWUsb3ek! z(#>Vmf0~wp=&wlZXG${rWe@7Xns?^`P?0<6GZ&v|aF2e6**DAMomSUdN2~#91vNC~ zD~A}?B6-vL44cyoYN0Q`Zo0HlHn9ug{{GNRX*@7fYm!=QLe+!PM`b%SUUVg7VV0O# z7(MPv_aVl>d*TO@f)gPXT` zo8SIn`}_ISGV-+o;*Z~LP|pXvH%$5qn#%=;R)c`@;~>(JP*$?~LVo*?v9aKR(#;F% z*i%@t<0}TW+^Fy2zKhYGhU1Y;7KUSB#C!O&W+3CCZ+jm8bTb(6w}a@^P|*2q`KkT#erZE2%1w?adG@ zD3YC&Q_#@VT!PF(suRVF^G61Q@Mg%^RMCOr>0K-GD0eG@d|t%7B`b!sKem7!oSRlQ z&()T6yIpVjBTY7+cz?qTp7Qcg9p-zpf3ivnM}O30&!$^#AYv# zuE((~FU}3wp{c#Q@pw9*YYIuBR2B(>6W!z>`H#E#hM6$_5&un4fi;n382> z@t5Q<5ascim9=>V^iij@5g_prHMU47=xT+T#%r7vrq zvzxvIA;|opO>P;pJoSDZ-1_U`V5k(@-u5dial2|g8T^41j1+@4b6lUn%Fw4;+gnvV z&Fg!RV>>N9=IvMv-qQ>N6;+tK+x|h`GBQc!WstfI+cUv$+8_}AIu?w7f#@gg?}1<< zhRO`MhL&Dz%RAc52nxHty`(4uMSCXq^JMtF0kDgya>1KTprTszuyaIt8nnFQ8WP0C z#jsA2nj1k>y#Tn3MkGJ`qKhLKtK`u8>##N6iOV7yGX(5 zIg{7rY(l!>45AJ-JZ;j@)s1Nt*3!$1E17n?og66=tn%s!ehj9|lM>f^1!@j2|3;Ww zvcK5b*}1Ma3WI$2OX;o>E_DiEr?EFT?G#FpFPv#B>E$K19QiZe8=bu&kS4?c5)4Fi zZF6x|z~m8nBGO|sSA_GsN*7D6c&E;sj{fm(75pYF4c_DArJ_W9g;`(4ZMrcwiEhVL z;gl!hKG(7=VKYhy1Heo3vAwq5B)Ar?2GIxy1DWy2!p(}()$yp6i(8uA5;&JKr8IPN zb$-AkMzIIfzAZ_(1>}4{?De^1x}^ydC0n)8gGH~CA5$gTy2SkFRMQkP%Xdy~0|K6d zAqN6pu<>Gnsa|0v$&2VD{NrdK`jHW>0=UQB@v>wtU?a*K^B6!ga#lwn znAm;vUPC&2@(~au<`!;JP-f93(R(POG3MvjH~yb2eB#PvJM~ z#Y{|f)!QvM(`YSMYuEZ-C#s@1JluXYjW1Q|w7yO}LN*5_VmN!;BT%PQa-d}-YW;Fe zW1FiSK}>puWaE+6>TeS2aJBp1J&r_T`DwbE$g@qO-r+i#f}1MExw2`3)N}b}@i@V9 zOk{p>l~119a=q1MHL_?X(#U4kGfXr@)8?pDvl*V!##K5Knf;VmfA47z9yl`9<90SP zwb_H)imH>2;dI<#vTe8K!ckUc)`SeNO7HGm-lK`P>BQi8KS=`;$ z#8IKGvuQJDY+)khW|I}u)Qqe+ZiHl>VhnvULf|&vJ2XO-Ug?yJtUY!!xvPxd7RhYKHpUl9)4OH84Bl{jR=!6 zH{HUTU3on{B!SYgk<2{nGW)zA_L?C)uQ`@Q%Sd;AZfN;-^R?a15hbX*GipAKRUsCb z@K{zBg%hSEWFcamInm9Te!ZGad#hIh_MiUsRjOcOuzF11D*nQ7HN_csU8S(X4H^0{78r^r%>RodLBfFn|46TpEyr+ak z%PeSoc|G&QP>b$u$m*=HEP)l)e@Vsn(?es5I-xWrY9e8%T5`K?JoF7`0j>l-DwZ-I z{GMJ0A(h2O2Ov1|Z)3B0bt+fApEXL>jgxptFFpNSu~!XWuqS!+NZ$xqc$) z%^B>~-dtTzAbhAEiWR1Pt3QfB+c8d6BLzex`Q=TCjbNJN=?q>G}@eQBr}t#80^T= z5UY0dK5T+9nCI+XsV%9?(Onf;b&U~>*qJL%W4}e1vJg!UDQJ9LXn0~-tjshp&Cl7n z0w0q6wvv&|f9m3K(dH>H_D4xC#@QF%K2$l$tiqihy5Q>2FelGmr3eS*_Z>vvGb5=d ze6g!=Zz)eB&MsNdKXHjko~%xAs=YI$w8mIQw8zI3cMrU%P>WKPonf(aV0lK>y6oxl zBIWWd52)@>e_k+pIM*UeL<=52cyG5gl0}V;dNdTr&eO{LwKH8%Q-gw};?&eEc1oei zODF9I`^uE#U1j(H4dMfQ zUc`Kj7_FBMFRykF{u3VKX~92rjMxz5@)J-@I_5`LEN?N5DQyaAdN%z zY!_J#TS#Rb90qc-m)vMsON*rRxD2jQKY-UI8}ahv@tyAhl!38F{O4C;wR&*Fn-l1u z6$?R?l0H+~H7eqfD0wAS^oZFmk2bU@h?=chlh+yEP-&_?Ci6y&uPkKtAq_1J--w8O z@mY&EOc5oUlDd8CLJA^PvV+={8ta&Z+O>)Xrg}%l{VScD**_fG2tUjmup^0a7JrFa zNR8pRyBpb#WJ}%~WzIRp|NT3CUjdoYZXZ+!+IHgL-jLGKP|SNmJiB2z zK_O=pfGHPLhvi%=q%bg#jEjn7XUX8d;8h@&kA}*UUXfuyuOsCqDPbyYVF4(db9e>C zvlo;$EY2)OsH@BtUYefe7V)@V@DpiB^xBq1na{dmRrQZiR@+`O;R(o-QzV(1*hg31 z2+LqaC(Lf;85Kbrsb%vuy~+crzeG=7AeUm58G>H`9040MGc(Ovh!kP8(P72Q|#;69{0ca?6Vf zUXC!szWRXc_l%JInQ!^f|I*cGe-(t&p|qF+0P}^#DYp}9AD!BA6H07NEiG*5s-f<$ zKN^kTe!#gfsHm|uGtbM%xw=4CLd4+PhTeAgFfnEvcDr_mqQ@7S80OXV8qm|1lM$22 zuv|)ad3`%*;|-avrnAgvY7EJBeh8I<1@;w?(`8?&K71Sv#QoaXIc*Tj$Wu6jcWq|` zPNbU2Y;sO7Bs(Zn(+_Pvt_+WnEM?=)4|A8sQygE#D;$h}XK#<8&2O)r*A2+x%yue< z$1$uyc|MuwI+iI;Ebchp+hwPLu%d@sP(s{G>3kV&ZCz+Y{;0ifnR-N>>p*+Z)^2Ra z+k7g~j9$C@Jc~bC@rPI*P}H2n_@&3;1n|;xoaKVPti4z!rR~KPE}*xs+a1J$j}R7e z;@RyQPyJmUUvMlt6D)=15;gfa8dP15-Q8bEsl@zd94aqNSU^@R?-q3oM1CAHxDys+ zjhNPC^2p4@$jNr1D-CCNf#9Vk>tr>4)3$>`Q;Wsqmc;cZ;rO0Ho74X3xgjJ@-lsVb z!ka{)&*g<)hX@-=sdmQA`I))TASs%D1e+^ikZ4UPHU_%q0?R@Gz@Y!a5|fh&(=Xg2h=AcjG) zD3i)%eFN)_v)ji_MPQ*Bn|DG63}$x>DD& zURYM+)6JT~o8MLkxXtwME2jsHUv~@dqnBMuF8$owOyST4tTNa@Mbp0I`g#`v+W<~D z1{ZtW?q@JiVfeP5C`dgh(TxKXq6_X)^)|EF3H23*IZy?U!=eoELngXGL-gP4?fxzBG1oDJ(XsXi<@?}oqM63)CVq)fLiJkbO&q_xnXu@l zmqqoL%)7Ux&cyv_d36hwo*&qH(ZyRj+0i!TYfl?eLf-hnZZ%a`pH&SiqlS*u=i_7= ze&3W^IY?Pqg;+x56(C~<0??KC!M+6lVP?VX0hn2Vxef-pqmMce_`}1)yj{Lu7pL@N zT2c8dsKX_TJu9|@V{+pZHr`r>1e&9d^PzNaft;YzU#@F(#pib3*aAYr;+E9%=AWVc zQUGU@v96gEHyP1E>dC2J)#s*-Xh9=MpGKEH(Na`hQ=9NnVG`04($k|=7NKBR-xlh* z(}e#RPW57l1BTPxEAZYfEt)H@FQuc-U;iEelS-@8?)36Z8N+E_TNV!`==H}(@r;o- zaSB<|Bzo1L<*KCC6KvZgp}7{KdlyTlOYl~o4dBmprku*pUk_ehojX-QZn_j4Vx|Jx zBhha#gJu27N?fKsN6mncI7ULm9xvTHc7GtLu>&N#%}c@%)=|U+PRGp))xuo_-ei3q zfF!y@^4h_F0*s1PE7F_Cq)umY&~|s_akfUscA+4;WQgAaTF^GCLnhia=}+dl5L@h$DEdYfUDS6QB3XONknT2`QhiYS!UB zd3-a6=NlP`RCv2D+u+c%uw&@N3SBJJVOTHeQFKVE8B%mCJHw zm9zke>v#9tAvO*rV;74{K!18cAqaiGMyiYf)BJP>_}_csH;g zFK(J0FCCW3XY#iov>#^5azc7rYBBES;{q)|Lm)ewF_6Q$2bJ1pUs_PB7zeHKUs7_-632zw)8+8OIVc2MJq3J$uunFD1 z_u2q*=nHw5IilbybP z)(YNX;eWrsA0w43cE##Jl_}TP&(U@|-gt_Wn$LPq1pQ4+wcX}WQ{%TfPoRT${KHJu z)KJzbV6Fj!}+j}5_jG-z)$3zB+byrgyq3d_Tq! z%aQ)wK|h|saywrArhi)A(t(j6vnx)oMk#w7#NO1`*BjSp9m{RSNbMR)i_zpTs6xfs zoK}|0B(}!<3A2lyuCTbUEVn9rG>sA^7+N@!jHu5>?|#%&SJjZ#>>d?tk&8qv6g+TU zR8IQMi9(xWv80I4==4Ov_4|DX9EN;-0FeZo*`hU(WSA|=icb-0>TGX+a$=FRjV-$* z)nv2B>Bv55jNeI)>3t}&#N6UcACU+9UXfwu@R;a!O;}LL(9=~zMnWTtpJLC6T^l&; z9;3F+P(=tPs~G};C}MoCpVscRz<>Cxvh4h%m}$l|TXd4+R+sd&4vRS?qB|mJILS?j z1XY6F#)O6?i)@WuO|RYOo89v!o5xF*oLPNJ`|Ez{HsN7D!!_&3;!o>ZyZWi? zCYMtro8{{h3re&(6fh+mPv5O(0YoCTkWg8BftoB^o13wm_%cx3`1=q`m9dc|Rdm;n zvrZkGX7^7jHLh6F?Pxfz*MVm<my-*T zxoThkQva6CT)E0VO4sux2aZ5y!^udQrVSKQFsz6cS4P?Rvc~3Eh%WqVW6<_y;T@QTXS=T%3o>7T^JuBzywwz9V5bN^e=TGBj1IQpc>;;XRmz$nzi zct-#?`JY>S#DE%qAZ|)Z%9>j5%d;YO>ub+RG3t6X=rG;GL|qGt1n< zPQ#&y*d;3E*>^-h1iT%(WX9FZdG>LnWkT(Cm2+A6x*Fw=9Rm450}xx{xAOyfMa2K< zn-?S0V1&g3Ce3{lbDRN2444+;7hM4ROS2r~=D$%h%>*Q0@gIXoB}D#GXR~IOWw09Uyey{Q zS2a3KZDrhDMCLhqiSwMZ{NOV-#Z&*7+R%c}5lyRan{zc8l9=8X@FsNysXf+kzT39cL6g|<@H@Cj1P>Z4F2Ca z{$U1&n9fQZZkdh@qF)TZ-Sl31+^j43mk>kOo2E4j}q3$soH?&pgoMWC;Bq^-o#P= z%%R9dx4bZOp8Lk$V2~bc6$JH%jE()AtGyJ% zfFtx573k58*bSr&BkhF_FQp^wrOx43L;c^9_5ee4Dv=%}KqL_T8gIa@f1xG-3N6?{ z7VrTUvDi2R?mhSKdzc83bx<>h=V>%6anVS0ft3$L;ITliAZzmJF$LM^iQsefsPs&YE zQZYxT)BR-yU+v>}^`?|XakAceqxIUvYQ>eRax&T0x5H*J8ntPZPN&8G^!TyOmfyim zK(H0U;LcttK9Df6*uXY!LS!f?o9CXsSJPh!(5>7gr*e7VSo^aq zdaJoQylTyJiT#58PGjdJ`^{NB_v^LoqrD#+`JRR6_-wY-ZieI#p_@FH$;0%`b^Ri^ zU!NB`*Iv6cd_V7RIoc=UXyvgOzeg6ClsOG!ent;#tYXfi&|UIe9X__|I9-v}R3vUF z3;Sr0e}ia31DL%E`PUn**bBA>M#Qq6-WSr@>5&vP9Z}iInqjDvyQGtgLvpryMWs`Z zx3{l<1C-IR>`!_FUF)NxEjymKe0Y6#Uz>tvsl^gIC>p!lXWcd2G+(NWMr6?ww9RU8 z!b_Zl)$4a>7(lZ!A7&QYz-7=AQ>?#i-{rJaWwO3ErOBtFo$Bz`Yc|(*u{_A>xf;TV z>EBJ}ty!==XOAXXap6ch9ALN|pbSX2Cs;sSQ2%rO*nlA_lA^(CK#>LCefru6y_-Cg zh@s#E+Ti*t&a~*jT*oaVJE}G}M5!}4IrbzTY_qG6Z;*;D$H+o3Nu&!)*^FNZa7l6N zh10|66V8&FAgTAE#-&L$K)T1gM}{ z?g8?UgL`fI9r?<=29CF6cvskZN3i{6UQrEKqcJ^7Isjw943T&{5I{c!ZC6)yb9G)d#Z5oUMG|GfW+ji! zgsN|k#RUQRuZY4*Lz7tPyO;uOSbL=dMGNzN;J2#P0EB?PywK^*Fnw4|Q+mgRF`096 zb4#lTEz4Hsj&LIzY{l%9d9QN_1|4qn_n~~kxc(w5hR*weQ_)1$KspJ?`tVA4!3cDIe*v$}U*UPKSbQ-zYe2 zUr0gOoMxNs!9;#NKNcA(R9AF2>dhyEjq`&i(@ZLwGLW0EdB$dHotKFpS7m1yNtblq zea?p`A(&XuD|1fIc>O-bE1n+5F|x$-F;^^pv(qLDz?5Wgv1b^>fx#IO-=9*m{^>{d z@9WlSC3M2D-ehFD+-n!f=samxWp#~7D32R&A-YtpdOooNuCg$yNCUbeauQWj4=at?Rm$Q0gDUy@A?Cb5|{!D$r;Yu7Q|7;TX#|^ z$Lt4RP7gr2G4Hd^qx@c<)IIy`p^~j@%asx)C^`2#n>kY79W@R;<&jtA0gvoVyu+KL zaX*WRSDa*ykF9vr|Em-8skrj7X8ooOOYlj8zoIiQ-v^(t|oSBR-<3dszb|K0m zg)zwP7sJb6d1uSh5K`sVxwH37d@le#k#Y?u4v!Em5%GNMf$V)fa~L*Pe22LmSyE6o zH>Smf&*nrOC`*^g?J-v_B}dU8F%AL$(P%KA+zSFu!`OAT8qnYdUFNJQC1hB;{6)jH zMDvH&;;9D7#n3@*qO2;hcrt_6b2I!z@@<&~Q{L|19|a`5(?bkMaldh`N{d>M;%-*8 z3yGc%M;Mp(E8JG#`Ly}!s%cnHG~88f!p#?#+QJTUTSaZi#gc>eA@E69o^fe+VQxed zN7$9_>#5ciB#m8Hn#R9|+{wus>T!iJaTIjZKJI*nl+Ko;wFA0ix05Z;h18_jq@c$TfQ}YFM6k+n7IT+oe=<|; zFu=1I#*SH16+ET(ltvKgr)b)!AIx(tpjnk()s;xtlD8wEBP8N#1geNng1vXwX3eSU zaTTNF1<^bG6Vf*RuQ5PDMX_`155_0mYvKTPBwJ1@5ss9!giR*?3TdMBsh$d~{GTNE z<>{XdpoQ(|vvPz$4*|BU%X*y-K3EOl_|*0&n?6_j_uMZtbd&kB^T{8yKI2h>+H@3aPmoZ+TSCi2 zF$G#GzG#5KuwjZ(2qypfjU#Yg6C)uylrEZxczAe# zC)->XO3CZe ze-Ee&n*F;$2H2$o{f0Rgl=Pq%Pk+qlhUK+71}N9(I{lf(Q*1drA5M02+_Ik|Eee{B zjguIJ?fh8d?B}vGxji3Ji;RxHYVTVLQt{9}6R#}2wi35vLj^#Pb6jfkhW~q(BNfnL{ADFaeR{f-cqPq%$8Ku zTV_}ATF8ITTDxo@kPy|-zJS(4h>#KQdjdir{AeIS4PeS*j6o9B+M6@gg5eIX)%f-X zp+MrCjqd3tEswVoIrPrv6!xZj(J7kj17qy1FGvbQ}h!4(ZR52pp7 zr;C49Co7L0wx7Od3mMHT3;M(wFv=nSJ2MDCuH}G$F*?O-pTEe3%mA?i5inT3T8QAx z9E~U<99$z3jmPY?tr&A-W8KP6s3Q7|Ge*>{X>QB^T0;OuwwIf zfiM7uQa)aOPM%`o9Y89%WEV)m>}lFE2VK^`5k$}dYevu^(8M=`0jhb6EVKK=Itf>4aitiy<;9+))7Lmw{>CRBHZ%yhr54d2Z^B$`K0!x%nv7Qx|hs4D#DY%m88 zUqjX5P|}?SZVl+;R1~Eg>wn7wFp7x2Z!yss;G8s|n_&7i%h7~d6c`LzZ7-@3+u0Dx z>N9BfO@Vn+PO4#=G{!?m!NB^w`#F5{Inb$()<=Swf=~mm#}fwZVa^D4dXJF#IVCZv z(Pk7g&N#z2Sq6LUR$Fl5%M(ED7++D|H9Llk%-yA7b-XwZ1aE|i*P$l&?Egb2wtw~j zySKX&Il%rB7ob3q&^zl6B3i9Lp4fMoUaAPN{uVU2#YD}o;2x(ViIKH~6ywbN@-3=Z z(t0@2;}GGMB15u&MTU(ha9h`C=f~D+vW8JbKHCB6m zSzSS%kB3P91q|#&@hkhj0ds)Y?_R_(;T_+AR6*9r0St*SRW6Jv2ak;R$7Q7hG{U;v zrEb_5I_Ild07LOmhcIsFKb5cwBA_y2AC-aELs!v$vu5T6K%S<`HoH}9Q*+5`xxU5Y z<@(M1SF&0R;i#Eid$#9D6ZY)YCwy!nC)_X9@Y{NLprFFe3a@tyr=p5_-%0G`aphkxR|S*B9lDKqgIO}%ZwOC(rOkr|Do9Q==+w>GafJ8QK;+nQ2KzYMwlN~rhG zT)v_jsx_yYO)j@DdZ(2IG@RxuZr_qtrH||PyRkopvSK1CCCXzIf2pmEI)#c!ZO0oL z$eXJ++nlbOCp)GOm>IWMqpJOJmODT9?_ti_?VdMY9-7C_rk?LEwpM{o`2QPayW9OE z@Y)*9Md1YoMvAVXcYK}o_xC41K57hc=aZ?gIL!Sf%c(&jwBt zZbmEYfJ7w86-@JS3^($)+v0s5zWxCMg7<1uH)k^UdTkAaUf8tL(6P>mS+6S)%Z6rY z@v>?qfj`pWZ8n|@`rnzkV*?g9o=SIJ=-ScFo-gm0to~Ly!LR;kB|;SM?`F=7oh9q$ z==fGzC6L@j4UC8uCOr0S4insu5ukSMc@>HuDm0LY1I9>Vnub)~O<$o4kQomERa-;X zRMk{lBwFHVAX+@jUU2#_Wz9+ag?fOl7ScMK!+!_c@VihOQ>~lXBPTBgB-Kz9`*1%C zkv*s*DlGF01|hv3Ub>f~cY*{P7e@o$;M`&_IlZ{rRcAeO;~7c!`(rlA@kEXm_pOiR z96%%o>7Yp`ThxvA=#_?+-qo%*d@&W}7iLn9z4ie2wZF2%!8vwkyJ~yA%xE`h4>aKG zRie6@eZJd9&`^C4$OW&e2E1rDe6UqY%=u<8wXS`f@AF`u6>-3HJOWyB$cP?gQ1u~Y zbl_}vldJf0?xw6=F)ehF?gp>BubV1Tb4;Wvxi1%L^<|pw0m{Uo6%Uk4Wqta>>d3A- zvOM0~gK4g*jlZRAI2`H_y7<)tA;4Q|-=g2bafa^eARb zaD}Bstkefzi2&yEt8gO@Ja+CnmXG1{HCqlC21633($$tnimW5vae0!H=W~h@TmCDn zD`)54{c$J$TZuTV^)D9P-P_#)n8llDBp^3O_|QQ9&d0LsFp(vw(bXcCY$|IN8Xggm zA-OlP!WW#4U*E|N_-dWCu zR0oPpXC6sH^E#4sOHI!TFg#8CJ@1aSeI-NCZg6{)#=!b$(x9ASeF2`LpkX42$>p-Y zoeQVM8_@n)g(yQQ5ReBIZ=plR^!&;FCj%St=N&Ui?Yu=w2R&a;LMRg+bN|3!1s!G7 zyI({PSAVF!{C(b^Je*lrXOc5Tr*d`$#=^(N<=~%uGdZ40e59f^Y2Aa9hlh*iqFcV( zXS0)$pE~PHmSNK&qX&2N1dWtMwmjqDWi^av9A9mni?1gSZ1=PH{K&@;+TMSW($)7G zOqf?SuV|;A9_g%KOosi^w9ynb&~VgN2KPOT$x2kA`u%aIFX{>^8tvGqHXaFELaBj( z%jNZ(W^XoJihEh*U6m`C?;$!|c0%?ft=)NxpLpmQkM0EQ|BEevZ3p-!SBZ}b*nNAx zp){IS0MS{wPQ9QHG>dzeG`Q-F*7dFZZTL-7Sj6Q%K5-=4VV>0JMLkZ(e9m61s_4J{u?4knNRFE}*L9qs#&g4=!&?`_L!JZj%*o(#4goS1QvKc*>(p|bENXUUk|`BoAFA~e{~9}X1dF_{_8SsAsq{;6FvVl4et=qFhWR=N6? z_+n!kw@XCUC!&&-4pN6(ow5cBF`~T&UHDx3d1<*-A7$cj^a6!6R26|H!WO;$&WplZ z`@gMB=8+W@RSL4w0pVv$(gmgNlw8 zd9=jB%o1zk9Qksg8*C=0OZmW{L=1=oHK;A8>6$QtlS^=H!_%8W4P+_fzmNWg1?8VM zLJ#Mj+-?a{B3?NlbfME#Uo09K^a5^&3tCC8@dfAEd<9WTUp7ZhcR^Y;0`$nwT;ZdEp^N?U_G7Ne;psZ`mC9G2C|G37EY z`Yxpz^(3voAM?wnc_b*HG>or5GnGkF2{CC-4vZkM4&I!-ccCf72z2 zuSC%j*KHv`!;>iy^Afa4M zL0XIoxebTY13WVwQqGJa6X$!9AH^$`m3x{7LK?}+keRAw@())?W_mMd;D4b1Ee^eL z00M*aW6+1_w9r}Q1XDg9cB`dI6A0vq6o(X`jI$?Xoud|KTY zyO7h9xLy0s^y2pBc1O3PqM=CB%_@d3-`xqUeenSD)S9oU3Z;CDOT$9V_nnu^VUJM1 z6ZkD=lQY2_?C#+6gEmly9@^}#dyA0llpj}g<_uKrmcqUF26p1SP%BYNvXD;8`EVl9=43Eio>11R-{Tm zPfet=ybE(Kns#Yu(goZ!U<#cfXeSNwqIjbazI|ehdOK6A$Z=~ia znr*b>L+o_*fWoG{GmnSJ>NZ-ZowS%Vw1ADNR%J6d+*)U$*Lc7zEmK76^32Cajf9aL z)KQzk7|~AZb@S##vdk+hDJcDTEQ>o7Y+`3r2sh@liWch|T7)^ancAmVfu$!w-Q>M* z^!mF5g|@6Vt$9D{ao0IZ`$LlCXQA|awD)ALtstO^_8IYyAgm^2zlXIL-(pYd|CoBm z@JQD0YdGoHwryu(+qN~aor&#Z-1;uG;t7Ypr`P zapD*(a+=V>$Y10;$x?$R$W+nsuw3xpLsi%Vg?delObElN1`?sMS#rk?WFmjb+<1DVC$Gw<8DGO{RduEcM$3_= z_V?*tr7;cE1mH3rHgKV`BgP4jV`))T*@uBwmWc_;^l_kb0oWgIhTufa^uBQ#!j90< z>>n<@dqw$VDh!^QM@B?B8zRfOgTe;{q>q^2h=W6*V#1`Aj(``pnA5DB0uU3fu{V8i zP$iXmO?OBcB|)Ixg<-f|o1v=<#K46HO|W;~3=O@Mybb?O|M{%MQz;WA$_3uP&+814 zFMi+vX!e96aC66R8%#>^UG|^=S+&#-!#tx1GgQP_z@JdP6NBzxm`I9Iiv-{y&op8{ zA4VcTqoyKGXji)T9dKFTXoitu@F;6Qq^&KU5b#;~O5vd!U`SE>G>yefUQ_DKC$Xgx z*D?QUrKqZ9MCaIZ-~gJYEFLP>3;HPg0V4r=2WU0C8FnN`MOohW8xsUw{QG(L#!C*E zL8m7uvcie+%)a0IVe(ek0l}#ik?ro8`kBx!hFWq8DCUmGeacqmVb3qce!2>3I+`Gb zfX5kdRL7p)4(tMzxK|26Wal1(-tZ5ie>yW@NMD}C_9r^$!pb_dl=w!?RI|B~4)3@A zL^HmeItP{G_wq3zH5|h`l__;nBUK(9;Y|YeKO@MUSRR4D)_5R#nIo|Wox6GhXK?=G z3akHCVuyFwr?>aZ*+C{~E*6(x1w=xtAJLkYUh>Mo@v%r}ZJ+dJFA}dEGP&>WT=83v zIGlYp+jkk`eowov7~4c}w8wXy43;(J6?VQ~2n~k|fa3pqAu4~%!sWy_rPby|Nd*W< z{%+p~g`;hjWL7$v3SMocsk~|bd|}N0vFm=~K$qXkqN7j4a73By#ta1zdbRmGMW7a! zC-fUR4b}O3`J&FKU)3uX)CN zf5(<;SE=19w7Um$H*oH&$E6{l|JcTjjCW&iVukqpNw$3f0qTbT&n@-22hS6PH+)C- z#~}a@R94C300o>M7NC>nm4TS7M?!y-UP-uIs(L=PmIA)NwWU`-NEP2Z%_lR7{BG$S zfb%|G_TK_?u^9AjIuu#1N_p6r?DX1BI<|?H`)8QYYj*fSZ}=F~X61~Lckcy|F7co2 z&g(nIZ0)ZHbUCLl)>|!iACJLQR0jwl_*&64M-rL^1?zn$Gpi*B&O0hyNWbIrv|7C$ z%2oKdp?_Cio-3=C8~<8&SMu5FT9*Kz81X-jlf|kQNLZl^R%Wdom)CtizmFL{O2j*6 zy4Y$uS5WyXDY{YJaP0r-bzcC{1D+gYtwUP#-s*W;5W21)IO&&QeL9X!Ju34bB;xvO z#o2cZv3_O-SVC~!KmYcmn_x(wh`t)|(F5q>Q%=e;x$~9Sz_5&b;(>b{L0j65?l?laW?I>*@7S_3aTu z=Lmad^BUu^J+|_EKl1pff)wIIEEd<)D%W-+E4xVEC6Czwwr5PyhHhF0jWId zYa%p51W_GHKp6~FB)PSt!(nOjkKm8cPx_IZ}Dl`M8I~S+>q7pGbStQbq z4>|GtI?dEZL-GT+z%Taor9#0i_+5rdfb%;H-@Zn+u%zx_vsx_`brUXuvrkn`*FBaX zA!aZSMko|ytnjpYrCUZhNN_GJVq&Sw(8DV^CyH;w%!l8*u`c9_h~;bhZm+xUygl#J zRZba#`Z0YbBn?B}!{J{9FJ95IneJVF#ll!_YGjvb)H(;`ckQ#Aa4d*fKZ7-P#p%L z2Z;2|Lmj~UirGnCJrp9r*28>-kq1?(f~dN%mYjskXl{5MBLNYBgZ_&SLjhT8+OI~g z)OwP9vUar?Ynrjz)KNl3Td`_kM{*_3Sm+!s5Q|RCD=QjMUH(?gI&&*f-mV%_p=hQw z8IZuVjI{89Uqpxm0yiU#P6NNOsY73C9a-!R4wfQx`RD`fMo9y7gcc+Iv<9dlQWLJ( zU&zk^N1gdt9y==9B)}tYk;xS6K}OsKChquCCyUXlB2QjuZL~*;A;=V+o`BrxJD_{6 zaQ(~db>e_CzacWVh6hl+a?T6bVvx?9YLTi~xyn%WVCL1$;mD!`W*x7*$DuO6%Haq; zcWus^U{>Gi+V(!dXe8F1CQety}G!!$o9Y&Rb{gZGc z&=|y+CgpBrMi@**jTSTbw{7UK*-5sNC++&+c#@Wf*GL;+K5hxV^J#2l?6zAr6%~Hf z7V^F}E7DBWh5U4*YAlJ0k@uv|aY{*(PNviWUXnBs7+iw|Z`b*9zd>{BpgtDJ4c$69 zL(OLyEK$gIB6h_#5JW{-aep_&X6a>t$)MHF(kvko1cS5d@IPZ;XEb!)>&lAao8@8c zw*ThX{u3*Nmq=spDo7{3;v2;3WiJ&521bCi*H|J2Q-iUVW(&#*ch-|NhNFmaB+s6b zSTQ(>UW7(8WdcY`S5bLrxG{DH%ZChE5ptu87%VBm!2?MiGCE>W5#+&h0Di6*_-8Xm zOCd-HU4{(t9uL)*GNp3y{fMV2J25dbP0LNWONzKSflr5HYm2%AYF zOVEQvLZ+F?)G*j&W4gi+VYJ@DAd00Ex-6S0J29bZp|n_*1_C8J^MF!8GiE-lxG}bp zv=&2ae1!5Z_1@`Xh`~FttnX!Vq5b1)g*D=-O$(creVr{k<47+*JNQlNh{f{4NkO=; zy-#|Dn!cd|6kYbB#Yv55?#U7I881lzy;0w65A&|UiN&&?i(MF%8LFys*n4^{#7gRm zQ&JMXe*kl_(@w{31D_Y4Ys-sMXrf_M!1?`3Krm2=G7R%TaN(?n^H}0^K#$TsL`ex_ zDOrRxMioT9>BAk_=7HjdfBGL`J$)C0qSXeyh3gy!R4N{~59~l^|293L#7s@agmjIM zg7yKp&d`*cD_F3wV=7Yae$7h#c@tIQK6x$wL5zPpqt zC$4d4x!~~%{-^$4wDHlNdW>mIsa<0^u7!5(4WDUv%?|6$hqq4MG4{#f;{S?9d5smXFUaDw&5-7NTe9b`BgXdUO?*1D0 z>AbVk;Bg~!8?U}>9`UUwA5#Rpep=pKl+SZZ4r%n-T_h>n$~h=#II1u@HItD&e*0Uo z=b9jo?}^29-%HZ^K>sy#02taD6qHKF^{s;a>o(|u0ksUgFPZi6el5Tx3mZ88bX1}87RXsu)XzbmCTMWI zj$t91aJIZCQ=NZ>#}jmMjn9^yS%`esTX_oW42j^qUmWrhR|im{fEHEia3kT%U-0h# zh#pyPH7(NnLT7ZdA^koYTZS`!tdP@+et@voNR7;s1aCwdPmNBRvvMA_-8YL3bp(sm5zIC}l2~Er?J9Bg;;ok=BAAS`f?DUMUk=TwX9` zM+bmr#V3y!S;I>d#*ZcI@NEu`v`kO)#t{j&8DFeC3J}_?r~0sTYlKqG|M(+7UuG$q z;HZNO7K5h zDso^>G{{jU!nrnl*h^$59lxe_nf9ePNbUaT9MrT;9T)s&`}R+5%CzoGp2PhgBy1%w ztGLJ@Zv2@-Bw$gD@iNgyXk1pa@J9{}B?{jDF75C(xO{F)Qv0eziWwYstKadv15+qs zrN~WC@P|B3(T8{As1#p#>~}UGR7>F1u^eB@eOVuRbS$x;-wwVP?CBNa^ z8Mqox|MzB&kOU|wNJ~%CJ{he7P!pbyLh7sCmABMuFgho4aKi3Ng2*@%Upe zjjq9@8@9(?nHkCEvw#D$;wAQ}*^T@H<6u(Vr>5d2n65A_%=QoV_Kf7_>SvN@78Gt} zH75o!(Y=$O!|g544@@kqu*Bh0{hOf6 zFjOMdN`7056~;@Evm#SIXaR>Te-N$qC;#++efX@j7w{XF(%h#)73f~e>0A4M^$QCy z0|;)|MIZ~1C~Q(uu;WJ(w(`g#8gO!oujAMOw@d28+o2G^@S0D>M{G@Nc`&VF z+ws%*_P=XaAO&Hl^Kf4ARw$jdjK`J*ldG=!R$Xy7Z8sL|$LIC@_F;rxTSR?6*zH?w z>fh?P+n?hEHi#o`M?e!E*HXoY^UZ1+NkYDu!P!94#wHvY-)_ z!M3sjm4CWXMD}+62JbnJ@sc}UNd7;^fW8ojj?ra5_2ZpDLH$lV8Di+nXc)egF2eU6 z_RDn&!lz-4qHPa2zEjus`4F6O&A6tS0+zdP#->nD55RmUbI zlwH^sdp`#Zv0m|v&sF059#<_4iQ49i&?&YfH#!_{N9Z*Ev?YROnc8Vz8<(OjmV`l~ z2j$&OP3QW)UH=j+_!UZ>O#J1dWm@3%BF;wpEe8>A0qI{Ebjt)h58?q6$>36npomQ6 zOR-_(Xgo?)8bj`itH=4l^}c^wyc%8NXjyZZqARKmey6qZPBwq#aBNN+RSlsqN^Z<< zKl5vq9v|`UOxnJL;x>Wdq6)tEnHc=o5~eO;lmFxCXag4PIYOA1@?L?$5hu;O3FB6E z?N~d(BlGjp82^Z+{r+%U0udpX%jre=RfxH+Zsm>5NL&a;e^q&x>GwW^|Mky=5g?7d z-*)mkU1;;2#Bd>?CJ0Klvzl}f309j5p0_4fL|LU)$M2NHcUGBGej3$s|+q4nFEv%mCwqO|?)2S*e3cL6F~HZwJfgp*R!>2`%N8 zXctk@qd5ALQe8fUXid|5a1;telrz}%yfw1XLlfC4LMW~yB~&T>JH3B#HNk3$q%QlvyMSDmB_wq&1%{w73s_VpI#+<`XS)~9EP z=yf8EOKEk_N?!gPG#9*%q?IxMAd#l<)t`NMz(^x@r)qBzjlgfi0FDxW?~Vl4)7#=< z1WEJB?EA4(F#(iiu)ILpe>*9mOEC}vVC=S`-t+D&90`@*CH}7eZ*|3;!R0+^L3rZp zL26MjTA4XzJ!PZ~O~e|;7=;{fX;E!%$tctG4xV&?pSqi*sj@Gx2&Lm`iWLBe6oC*7T zYL>?9`}@!%O~ouaC8~e8j+toWfR6YsOJ;9lP2{V=ypL$4Poi%TmhH-ASOs7m;QzuL z2PWWS>+L;KlV&qD*~RRCQdTZR+0}EYQ6d&S$G-7?)-_E^=Xy-0>s)KMhQT07k{A@B zSSpvpW7EIfVc!&`-i438!v8P3a>4*D1XtA(bFjW1=TE$Ow&Msx=<>{v=Nfl*Q2R6{=jD@0lm8ko_Ak+XF z<-*8RG0MSl7taoTU=3vn*Lb~dpp8`^=qq(<?1|G;u72wVEWl3NsqzvcB*Y`OI|Rg|2Hv4Qds#yJ0&yY?{_g+aGm^KN@+A`5`E;odvWHUDuAeI?z{lEc&E zj=ws(|Kqax{b4lLNbb1~3Ki3E`fS=$mmcK(eyMGD1ShFOZUq}y=NQ#k1 zh~(lM2(S|xD1?Dz^aVhHz&KlYlo0eIpOlo)6a3&O9x26MO=oqh)xreLlM@u=D87ZG z{ugF|pm^dT2VkzOGs`GR{@?Q|1pe(W>N(fnf980Atd?EY@-rQXKi#HWvgtiv^Y%WT zcqYx)9`XI;L>Ugt;q@Sk8%HZ|oF>nmX)NA;_Bx88Q7xh0c(br?xXX3HwK7v_lexWw z$CMhY-kcwi18D-){uu8&tI_foqe%JnWqLAwVKwlj%BBN}imyS?VLw7R`#<}Jza&WT zNFH(I+~;?)s$G8}kPAZVHHx6Kg}3%Fb99;P$E&5oGUt4~_bMKo#E0RE#H`o))!#Q3 zw!9U;3jKMJWqch5a`-!rEy+)vLO-+0%5HWZ=Cu(%{d`n3RHr%N^nRAAF8Q)<=iF)0 zxXyl$O*?P*ctWkUq+_sK(oR$Q_iqLvorwf-pPEB@{{8#I*T<=KO6!Lv8S&CF&8#K+ z4jNOX*~~CvP!vF@NGn`rj)0vNj0Dk6>{B}RyI=!K)AF# zn+5Xy#ERqeV74T^DF z<`-6mck9o{cE6(S?nM!V=bQIH3HsFWypIoqR4s$yw&3tu%Eh_Oje5IKq|1@*s7@a$ zLx}|rgEcR5-E(HAJUf?{Rei~Rwh(wGtZxP)dJEafBuMPMo$6^^GWBnYD?Iq-WSA$RLI*>viYHH+e&Iv$P zaK&~GNkBB5BgKOH-uAm;QzEK0m|3GLMB#^Q+2|;fo@E?(rY~?T>)YDeYHFsImN2V4 zcNnxl0;j%#=Eh4Eg_UU3VXm!eIkk0eZ0Py>`*Zwwzi|xu(lrll*`(vRjsXo$ngIO< z&Mb{U%X$_3m&Z^BZ-fm6s@!#Td%_amwJz94!?z4lybec0B>)hc$o@M@a>MVU$AyHr zy6aNPGTn7oHz`n)GJM&SC8|=BZ7qrhzfN5bWqv%t!jFG2$x5uEc0Ve84-rwuAYAu7 z8y-UY@i4N(z>u)&nx!C!edOUX7 z(p6XP1QOzs*S0 z7k<$f^yB9LJvFv3i81Uh)|n}(e7qq*kg*|@Pt0;W1yvBMTyZGW6qEG$rWtH<*zZ0SAi zJY{U`^#|STIUD#Lv{}~gmoX6eUakHl`6D5N9;u)b^}~kFW*in4&-w;WM~Am^FmME> zO5#QHzW-vrRMjOK7Vd^l=Vq?*0FopL%eV7n07BJw%rjASw2Ye!{|vQodZU7tf!>m4 ztfrhkE%V;+;gAX~y#36_nmPr32p+rZ$~)VK&1SAHrP4z4V*9?=a)C*3>gFDw%>|k6 zw}hIdkDIVCN-0-iNe#>;>t67*z{}1$5&?`n3=B;*rQt{8S@7bm#G|sNWT^PIR5=Yb z^(D1jrR4#OFQwnZb-2rMYoR)R$q$G49*TpxfFAgNs^8Tg;s6|@?+Mh#0lzxf_V^o1 zp$nD@G)glz{rB{KC@=PDi$kWMN~n)wHHms>M?wm zW6k>5$^;(wXX|DDNnnW_RU?qP{^-5uX$Q?k;jC@+^^K5+ONrs%wZQWk+NgC0^6sWG z^ot0%0WxT{21Od~Gt=vH2h*!=w9rK^k8@S4i>!4T% zf6c;&7x#)tmh7id{6vq1BTNlgLZS(Bt#63;jbh-{_XN)PnajQTj|i^li-$#Njd-mP z5G(PSXW(HPl;p`p^~xqDb_Mp8GGo=mx>{@4YdY!kYqWFD6(QyV?_KiBu?VQDK-Z~^ zUSi@}gz+Q7wW%=L1q3A%{aOPu2%VR%?z$kva8JFteYgltA>5obD; zz7Mg>6bSh*2=E+NHa~-URWY%ly#oIan}YtYGUxz@k)hXO*srXxA{#)hTG5kQ&69{aZhkzx&H1NGr=}w&4Y%$5F?Rh@19V$Y zRz*t$j<`IYb68*gw-C*b1}3}JMk{}{Zg7f8dFgiN-Om zcQeU?Hgi0#%G-baKI^S0{VILqsSY9Gc@o`V>LKaaq;TM|hIgHI07r=>g~fP;NfPcV zPK)*q+42jmFR5g6d2Gf>-v`_y8j)D`_PtPmO~eXDX1x3D;CJ6@+NfsY)4PZ9mfAnv ziSe=;3m;y4S|VQFCMOQN;<(~lDcfXd6^WO6?LLY@#6wOf7E^}&UA~HXI?DDZLvWnY zVg>zhKkQpX6Zcz;=7cf+*LeL91NJWtsJ<%?hR~La&dJwB#RI$rm&wx1PY;dzl6$OC zzhrNs&e@!i(~JisVqvauHynf{)x_#U)0)aUyVc7ZVaSJv8Z7+UUZW?szp*!=t4U{t zPrjeNrucGY*euysvEX#&dr&>;6+9dcUm>acwq(x#{hVWB>Hq?xZ1Eqge--ZO%0|6_La=GRc(K_1z){% zZ@+^(zJZ{Mx<3;MWlQ1bh95mw^Z#`pPn^Kc81h(hS_nkgN)48lfw;H%>Y!YWBE#15 z;^nmVRWX~l-T3!Nj#`QsjK~p7_XlDNSrYxQKU&oULapWPjpHz#7b(t3kX)5|!L=A^ zQi(du0edb{x7L^fQta7=`~qCw0cl1|&imq=(Rn%@)%>~` zHICt9SIoNFxTNs`YX-L2D`usc_0PcQN1=fmJ6;=xa8KTNrIp@57sMPcx4UVA@e)WJ zB}dpVQD=f$6g1q;M zJQ_C0xJFYb&}4*v5*O2q`>zFsg2~6(uIkR@S7JiL&@r_(zYnNaYIHqncP`i;y%8si zm1DM0{8_E%WrsLFWwV*^XpWPJIVd`h@yE!5mtd}Brn zvpJFeo71iWiR0US)U<%0YljFlt1|5ZD@@c5_fTg|q{)6CWtXZc6ffMrJ^Lpp=*8Yp z^g35(_eb~V;MX@I+V@uq#hd+eLogAaD`4@xdG-+$>`9x0tvV1#0l9DtK*H67P(knX zQ}970%+{(DVqWQcP-`v@ZV5+-7Vc;L4XKEKc6o5I;Sqp=H{E!Z%j%n48y#Gj(pKLU zoRXq?RVO@kB#~O<7yRx!X$dac0;&)um$}~?IxpF=uFc!AQnz|!|3{(3Ruqm%(E?AE zm_6u^bnwJaXOEUI^>y`+I9yg+^iYtC!?Ua7BRvj+RJaK!%*Hwq9nltsg18xHTt){~ zUSQd_FRfbX@e}VyQ&~qQ(AIe?Pw;r0qw6u^l+3pL?;9}W?b~_vXpk=*+^g%_EQ|d& z-Yj2yEv5);EdT?(2ClUIHx9f2BZ@RB@&L<^Tpke$lS+)3n1VB8QI_?Is4=tdxgS$( ziy#afoSa}1&bqp~b$f2gyI@U$0g512exj;$xUoMQ>i3+zfQ`?`$A>LPQH<;JfF}hB?_3q*$FqTIS z)C>bT81(--(;wxH^jFk=%*p8kO4VEBfQ4DQNBwQs$y!cs$U3|KEpwP8Ap5;r1$}45 z6=z)6%IZ!dX;Yc}7E@WzbnZi(0=1@0i-d{AWe;wsw8+00m- z2J=aDkFnS!q@2Q}_M5XquBq)g^d`-s?Z_w|C*VND`V;Lhmd<1fhKg)Y7vT;T>4gPM z;hWPmhqNDdk^>D*QY2i7X;J4DD6wSw`~0D4VfZBtn@*O9?OBpcNw2Kr{V~3~EUUVgH7g$!(wRt}t zk+j7KE2fW-k2xrZXJs`hmiV)AvZ<_|RS@BdDE&N3m(V8;7g6Q2YWkQihQ|jc z&8S9n*ZsDL7f{oeAF8e$Wk6=-lI!n};uQcjdh7`9Rka|=N2=n@>tn6O1+7LEce=vk z0h*s3G-@;XW-w)4Ua!WBNovBl&M%wanm@+E|V|NwlZXeEfw_l>!HlLK2>4#)N1dD43MZ* zCcyRR-0nALfWgz5)P|=%`8V0U#%(hZ8Ouv9_^-qIE-LlC{7YixY5pZ<4On6ve5o2` zLM~1?Z7){pgEuCetjoiONmc4tBh`wRP_`-;WWZ}RzC?TxYnNG>NUFHT7L(0WqV~)X zi!sJASs=~83?4CMht1F;O{<*sJSJ|=@EmW}H8l^Pxqq@W8-f@Ur``u0pkl!LO(H{w ziHn<&(DzWNC7&OSYvSRX#`DrK+0kuaKR{gOWcCwOoHT`c0XL+dJ%7KCu^3vs9}SvI ztYqC=OCR%joo82FCV%=Wnyq}RKT_ZV~P!OwM;n(6-hBy=9luFy%OKA zI=5rrf4U>AElr#ybVsyvAD?j&(SMv(*7n3zL2EI`^c_a4^+pya$bJQ{C=70Un5c2< zxs04RtYo(i6)BlJOMgj`iO+^MBM`AlK}DJ3Gcy<3Z-=Pt{`B+riH463*Nv|=;^?LQ zAB5r!0Eq$fhJt*~?N}k(>*e7F?!c|)->_S)n&Ml-&a6&K3Z_`^9UPk<60R;r%&IdA z;)HY9ws18>^1y;pHI>~KCh_&{>e{r6iDA&w`#mWqSN%JiudB=F%_rE00O2IeeCeQn zP-H*P2@Ndk>YF4+nB^tLo^W5`Y1q4@Tn0b;%+k_Y-*CDN2uwIWU)MVzNS+yXkkx3X zDw6E=^|h5(7xzaxZ+q+W{k4+|bFpefiAJ-14P%Wx;V<{^N<;D#?S9O(5fIOs+o#*e z7jIQA>;*>PSElY&2`C@ET?*1{4$(YIFBqzw^ji>94 z$A+6=eFl$8%FUxy7nmK|;^^4OL0KYh(372^za;Yc)CIHDxEzCFi}j@%Vgt0hv!DDqVEA);yld;`TRN#(J+}X6pIIm53a;6$3Kb1?@Z=6cWQE ze&yLI(7=Em(YyXvTHP8}KG)~*aNb)M;A^pFaa3T?X>{B@*0o=x`CJw#m}TN=S^P@l zQ6rYZ*I+DddUomp(?4}NL#y!g@Kx4zuKb#lmn~E6v<5>7uQ!Y9!PXsYX9~(&{~2 zHYAd>c3a-z%T5y@!t;2E|hqI^bfNn8e9VUS3*S+Rsm5)cajf#@w88wDJ9g z&8LS3#JHmiJ`k%*_WtLefj@WPe{EEU5JP$&zCLa;3ff9fdxDokBwCPfG%?V1v6OV+3?N?!xUw(6MV;}AhIcuFE)*1IZ z$gZ|4hu+$;;JR37s5%?*Zil~O8(H%sfAE8m(M2J}wx$)bw6qk-Hn735shG+RVO!}d ztDsD;rRu5brDkBJEz*mN$zMx3jgE)X5q5KTu0c2d~rfo_EjY46LN{y+L<#ZAEq~kbV2=k>OO%f9H=0G4rcCvO!bl6a|m(=FTP*pD2 z`;njEB<@xX`?EUq`*%!Wq-+Z5Ot#b;Ed*IZ>$iaVjg8^H!NCxT!h{bfP;-2(J|WA7 z`g)e9_3SNB2b`;n#YJF#`C8Ds(iNty2>?uiX$LJ&0f-TaGwT1rh`r*+mzUG#4IQf7 z^k68Si~vRPJyE!ewut*90RJ$6tmSZ%&-1`U!o2_Y4`XiZj>jVehwi3JoqVB*N-63A zE*9N>kGF)SsQs@NhnhB5KXudkFQGGWYg1Y>cYi#5IA)3-ZgRU7O4t07XHv3W>wnCm zRfC={O5rO50f|tR786z@CA+~@N1(`1w}xZ0cU{S5uZhT2>FtZWd932qjvI+~xg62N z^TNi+WxIOZ`AMj6-g-s;5~#(^0$D)&@s&y-R?K=?1gK`RdIPCZn_$6AmH5+D`wh z@MS!CbuRx4yRun!hdwE)%P$pcCtLfeRl(XXvbr~DTv{TV1C2a@Zn8s(sI@Hu=`F`Q z;p|RQwu0c5wCZj*OL<$cwgTd2wLo>VcK634#o;OJBeNM?camwBj|V0J{B0l3k{bOIlIM?ZClb!$ zitV|t@7lk)L#t`CCM|3=_(Rc%*>)Pfd!@Rx>1cI&v%CMo=k$

uC- zo7P9-=0i)G&VpKX!v{;2Cs#SKY1(afn=aSf&%ds+q{~6J8Wael&{%@U4xQ4Yi;*ka zEb1hm-VGVLrM`J(Vc`{PoOh$ivg39^`lEsOVPmV7S>`K!H@fpcsZIqtSA^T09BC9P z6Ks^ZP#3{{O2tp)Np@v^%%F_YGH6R)^KC z#xB*Wi1wRqJJT+!CUJhj1Uw40Pd>jjZ+isLNpJ%8y zDZ{Tf4wc>S?wU{ch(D*_4*g=6AOEa%oh#|31n&3xEu6~=ykB>KNmhpZ{QQisNr(ou z5hxQULxXLl-TxTiYvdO6dzefcaXttxmB*DRe|k>3bpLRwDN>MG`sE@TSF_dn(9o4( zkOU}0MOic72|8`;;BC3!@w~H!F;p`|ZQr%j6OS%W0u`pl7!PodP@z|11v`efgzZ3n$CW@%re)4UvU*PbrgdQl_^#lO#oG>*D^uTrX$5UobAgj(^5Dfp zbKEOrAehYV-aJ)msZbn$dOgf^_d!nEpSzlXJERzf(R&6LkehPQUC zYHQ;)%&>!LdV3?~`gK1X!BVt;4rVmGzVhDTSUZ4p8V{SA%inv{JzPHwMTBs?4>J%5 zPAp+_O|^&Yot*9*naK3c>1AK&+s5FS=lBw=lHxcGCJ&KqRucdw%5ZVk=NvXdP~Kl( zAzw0BVX$9!GGryd*L8k)figfnm{#a0!^f>&#yYv&+%@)QFku7IUl6FdN+f&yz}~t5FP@$&8OV-i zlDv3Ch7N`vSlU3{AxPDD=X2FDj+3>+sPGaUz$aixoA5SXFGh=^TWhW#G5%-)gRt<` z;(Km)vQl7+%glnNWBn4z2XOM+y9ia@F5?03m%eY37P)JoVk3it2UwbZPah(v*Ay0- zUUO%FYCzKYSP$_!;ZspTK|x6gBr@GSqT_bE!KfK4AP__X7QE5@&v}=IaUzQ@YDg^V zMwA~U7cf|T$-Tr-%-F3Kr5IK`zp!sAM6W2Z0tG)osI*{4Ct0jW&C<~f=mroP8^SGz z6(uPwRzZjiQV)*VAkGqNfeKd{UF0G~ELIMdmF5C3`c6LYxPzLaMyDKvrf9hXALker$}&xUxt&swgqD6?HXaSpdM8Q4AG!urt6;Do_al9gs`g#Kl7ZK}~B$ znj#0+KkSIkcY;y?$q0x~1)d2FMr&tX)z}Iiy;qo2C6E_=CR_oy|DU>BDv|`%5X2oqi?3o|FK5;e3xz} zKU@@i(c21|cxPmppbzcp-V5W|&Dk5PgQAl2z3nhM{~bU-Y7OxeDgrcgc>mSTHt}wA zmQ1tvVfXE1uS?5nEnsRe#;ftuqc^22iy@0&YhA1$OF;sY;NPI=8LqIjl#Pyp<^x|? zbvB-if)A&RG*Pp#F5ZxnK^KEqUp^Ni(&+5+v3%><3@nNRS&1$67f+qRBq922ic{_7 zp4sF3mkbg2f>8Ry2jGVTZlm+CTlrm6XRQGEvU$!|8ns|$h{>7(?!0(_ZFk?r#TPs; z&K4u1*wrqrxsCP=Z2D5Aa}1ZZ6XCG5=rK(YMCN9X3AxZFSd9V@Jg@M= zflKGeU*V3IV~4+?gE&UIdaMe0Q|@3h>M*Ruk^$iwo8DN7DEJX@`p1ktGz`h9MB(8p zd>t|TT}fQ?&^bIYt(8xFpDj`p1q$zAHp}`C6A2+xs{`piNS7{})O3Y3t{>jD#<1q9_Zq~^)@n`+pW(>YILyBc01frHnhVH32c%!ML=>w zeOiWJ%eT6(8{)O)E6zh%(IM@uCRcNKSOZpbtJ>np>TgV#n)_8w2T>@oGigj+ z{9%C!pGT4=NznV*(3AL+@x=2G8rT*#I><1w4dmlS2+Cm+$q91uB3&|| zIg?+Yry@A!p)m|7Sbi2Yv^sbANkq#>g65d9antt3ac3!DA4vY}MU%`hW`Y03N)%NH zFC~&7&7U6NGnRFL-~nHV*k6#OsiB%J zWllu!d2P&fVQN_|NG|Yr+1h=d^qGbgYL^jv64K13o!ChyiE)ZwCgRd&Y#k?43dS=E zzQG=z`MYTu!g(RsulrF4FmOs_am}nT@S@K6a5LG%1&N8Fp=g^v=JH3 z!#IN)nnR7>1P?9QpC!Ij63srCc6BmIIdDx4p%O(~)WL)hEkN0vh(K>+rO*F;>r$;O zav`O-1Yfc@-VmFcYxlvSZGSnXcNAigP!I2NrllDL!`1S<$BDtkOAP432Ni-Wk?n(i z`20eQlJFw^EKTG9V2PB3)@NLwddD$cy zoYe3W4Jp^MDAjP|%{!F!p(BLCoF7g6h(dT@^4|5@@bQ-xs27`9(TT%}%bRF>LGs1T zh?V3jeDyER;g)monQ~S|TDjl^M6o>#s;4cKgGmBcIQ78Znj!Y_*0vf{q zMT9~j@PV<}>~5yzh9dzH=xGSRIIx~JBCl1SHy#I;4dTG^q~H`GN1`rlRW^#XC=Ajf z(v-K!BTFSx9D#*aMrH`_wX4cF%4)v4lBX=`P&Eit84a>~wF)v5CukP!NEMgzfeD4G zu9HMmD47fbRwO%-A#MgX5U{~esKyTY!$!3VL}e*7r6R@MGI=`&D{Ph=$mT~kYw2`c zLzQrUzNCPwdQc^+(_(Q-)um+arDlXo(54oP;`nG23Z}S9a=ApB)F98}sKiR7QKZUf zl-;jV0PLf4f4K!$)iw*t$B=i6VKYhYV6YKm^_a1mqfjN7`uX=f{Cn$?5r( zP2(K#u3mnC=G4;C((Hc|b8~YlmD+vAJHWi!+}sTKFl}vZf#lt)`uqC>Bk#4Y%doNDivZ-r@4aLD;yrugjI4*!CEwliC2zB9kIOo;$S3y|kqjn?_nFd8i=k6?8XV1QNv zkk!lNS_KM4A%d#3A{ClSLTi*-sYXXSPr#vdskU(#A_mbh>f_LO1Q9B96#^w`IJ8`; z5vx$(bNZv^UVKR46%c{94gslV=@6qYy(A?y&tYV}FSPnI^#12gEiQf`Ha0eZlKwUK z6>{RgX24-{Payy~@!^#C3xPLof&CFD1i5v-AIb)Yp`P3k2WHd1rikkd@Y01@y`)%o zv@ZP-V3kyNGE0KMGO*M5mmnZ;|AnT_^Ay9NJ55bMCH9i^eU&Aq@4S zu>bNONG}Aw)&G4N|Ea2@ZzOSKYJF|W>bMn=5$KcqYO4!U9u%PifinI3@bhk7 zxSaPQE-+Qj{mApTEB~cAPDt>B< zXsj#CjE}q)l~n^+B2XxCRs8M9Yxk2fsyL6$CRKZ3()Gy58`0Su1;TA>tjtTh8F@W6 zr$u*K5$VW^y?*<8ssKYG;2-@Q)L53^nE7*c+ALW<)RvoFjiAKE$=4&V-!B!YG%7(^ zX;ED4-Hh7CqKuS;+&W!Dn)ZzQ*RDOt;;MML_by!yyWc1RIh2}Gq9Y^kr|ZrH{3Ysw zN@Uowc^*}1^-A5Rb%n8!k&%g|t-3cVUTVy>$mTU~y@GmO1(ND}H*VZd zsRm~Yw7kNb*KRz_Yk|9%z47M&`vehy2)q*rz_XC=#4!I;C*Sy4$i!L&f+Y;LBe&(< zK5_P1Sy@(W?CmT$d&;cgyazw*3eT=cjZei=aK%Yi5|NPu?5ZDL+`Ro(E5A{}uw}@r zGcxnn4Bj)Ap;`O;y$LJfmq-hgft*?~AJwP8_~cT$L9aA05|(8a-z! zsr#US)u2W+B@oQ-YYWou;)enu;+S7X-0gy290DqNN;8i z8t>C~bN`jp>iX)U%w|@grv>0F>$DMz?w2=t5140CbD_XughlDG&D&0t)VC#G&BR!- zTW{|?bTzNGq#*fWtC5K^?b^x2(zcw^dW{jYN*6^LcTg|Va?q^pa*f{ zBc0M6rD2)gjsT)XuoMOxoJ^-RRSRVXhRpWM(X>zYo;`Bx6GcpBS(}sya`%E1+bW!+ zZ^)2IOFmyb)|!F=79^T%JNe6<2T$w_B3IwN8F9aD^r52%kA6SPlMKl49|_Uif~ZE6 z!h+27G!dE|IA_i7gQpkwBj!d$oK80Ta^JaKf36v9O4KSJxvI1XhDb9sH#0L5HS=1C z)=sGNn@-&?QAkCt4-f9Uk=1POHF@{uAN;81bHDs#o*zBqX2kgn`yY;-II&})EUBJ7 zaPER-O9L4Nf2u;o z5=fBps7HugOLQ4LXVuD;tGDf$=8uZF7AMEqjGMLOi_d@9vhDj3-WC)V6RqHDjV%qZ zN|_qLq7+K3F%w))CKEL(p-7?zCp#r#G}&w3ich}yZvD26AGw1zbt22GY%m$~%WrEw z`Dx9kcGcHn+YOA3b>Gn)Y%L548k`YB*HN^kn>AjF*m;auwfc*nH*Q)zd*tZ(3zrS{ zDo?n5zgRSK`6u%|Ow#V%O0H>tkr=g?IcBgfh(K>b0J;Nu(`ddeeSsF(+cHwUTu-%J z!sT@6I*GOMCut>hT3^?^eZT&;>bT z6k=fS=(r+O0-?&rE5KED`qPd3_MC}sRA{lCm=Vdw7?nIVIp#q^S*b{_l!`@C5PqeV zi2%`R&=|YaU%uFIVEfL8HO(OHksf7WI%BjL9;OUsUWeaYH{rvZu?f+)@){)y zoeikbsw4uDLZb%6-UQ3w(Y6mZt>3))*DzFYp8y+K#-+1qa*tV42sz==v5EKZ6bUdG zox4{fXvm4ncA7A;Z(z`n$wLgyO&N;X#FIbn*|X=%#p~kR%!Zkz{r1h~JsZ}4_x&Ye z|6%@=+~~Wp5eeC)LT=^N@QCX*2m_&FnvzdlyOYi*7^v_dO;RtP8nAm1f!BcmOl|Z! zP=;;%e+1re92iIq2BHW2{QTg!yb%O?L>w3fH`ty+q%v*n?X1i|LLfBLm~P_iHfZQz zMMZuCG2qjs(_9^`4d@LuH3~=HAp?i?>*r49wqhOo1^KzUxVbqw+M3b`csj$_J22SK z*`_+bB#+x%&I(vL!VNrOP)zI`Ekz~8)f5;1@uP+WcsV=TSs5`&R65ha&AWepe@5jg*-l$H*@>!q+R)m@hat0QRsjP?+nWgsDmV_4<}8{#(9h4KttPiw&K|XD$=JZYw&v)}ymFf7 zusNfGJ)KS4%Sz-(0z*`pw213>#C;l6rH1A&X zZ;TTkGzxopkHz6L!4WvB#1;2l5!tmJPCBWqGp(x5?ufCWbA6zmhiVlh+GbHEwtK?8y- zDk@K%I<N`Xnytd zVTbxb1l}A1;MN1A>*S{X?VD2vw)~DF@MbnJ^wS;A_;+;D{r_&GvEY!SB=*eOHEX_G z`|Hm?e*fK?%_p-fN^c+B{N1-})_nVWSf-8%tmMwg-;dwrb)IjmPq}*NOjLVk02HEV zPKY>L!0D_Mt!}C=uWZGe8g`eUfm@p$9b5K9D3$QR$!%-atl1SAFX{{g`!AxEr5)c1 zD*55mg%S~9@A_v!I7#=D%99DBGlcSpg{)b&?`sa6AQGoD!wxx@^JG1aY5|?D=?r24o7F>!bpgXv`+o^7xy3r(T&q%uT$GY>? zd@yFb@ZD=aSr^)-w`~x0@x!o)9NiZv1?OS-hOakWD5#fqe%E;EZc7c0dx#=E^F z;Zj8QV_Qp+diuzTdUf`oSZb78oxG0@e;a zs|{FFUi3hrrf-H><55kwKHnwU zwq*_u)$se&KS%FdP;u=}%$=;ETldU2tlGTom(bGDm(H$o&_$tZa&G*2G0)-mAI8hd zRhCl%E-`fq zaI?fUH#fI5iA^0X5l%^MbH(KgHKSInoa|==nip1F|NOI?j^n)E`{)z;y)Q>?<1b$R z)n^mvS(z0=glOv>Xw6i1G`F=i*K@U|z9DXg8g5xueuG5IwDj)dYJ@=q#TnU63KG-Y zv9F`CidUMN-H0-G>*sDEY;S38ZR8^~TR^y0$+7SOj2akTU1oNLfa&Dl*M{ES+#>F1 ztZLWVdb-zy{=756diTCnPV7!ppg;t=fk1cSz+yz!JI>sA-?ZGpE5O3S0+>YIsQ9H7 z(UI2>i3J4(K-E#BMuB?4>ZgAM?J~$f99VK%Hn?dG85mq%QF-#@Nf-zA(gpxl1nvoH zwOlT*tE+2jYO=Prezg`@7v-Ja_5yG9k@(;R&;z^%XCdR_;y_eB7#jWOdK==&7jV>` zi2ztMnp@jDI=F5wj%{rnT)x2D!&RmJf7ArJM?DOn&C;1@I*%k;H~e~ddjhIdj4GUC zJ!1TnZ~E&u4XgIfI%)Uor;|L5was^yFF#>2$e${!t3eOh^v%FKhc35ETHBl_&Nk#` zXGbS-`hNT4JQtRZrd3>Wch9N#u|NK1ki7eNF3lVx$B|@lQ7J4NK}x(RWYNk1a%%^3 z{MQTI@1NKnCmXtcn)1NTOXUiolrer%A5nas@w#6p>urtN_(P{I#Sbu*JJl}p&`loI!fDzk16ua(iL6zMl_pasyVo2&lw#^d>&WN1eX!|= ziRx>6jwH4TTV!4zem%=PZ{5bL91IO#AnA8v-LU%Ghi_Nl7)w)8h0aHDZ@ast8i;MrAgf$2r>1_KsY zN?HzBBL@!v7FdNo65rX``K=fNsASJa;Eh>edZViAI3#!h++g7M046=~#OQw;T_+{G ztg#+qEA+r|B@pn%rImGc4MPV9S5($EG_{T$IYiNE%XZpZXbfrWH9ygluOF{f|d zjV)A9n(kM6t@fi`OH()Q6!l*`+#vnv1FLOoU2Yw}cDEoiBM&oUx=UG(!KR%94*niH zWaaz8Ryw2W85Wql;`;g9F$GzVF3DnSIy~{rH(N~>|31ry_wAR*1Lm)q)mLZha0^2> zU*h$##Bq5=9YkLTY;&{W*so{d&L6yyUYV6%X*_S7aeA@MzWs~Q$p^o_Vz_(9(6lSp zLLa6VuJWwFhoA;1&ZMZ+e>ym|uGDSC<0}lw>j)zybqzDrkZA z*qQcLEB0p2LUzU7Ke^YgpZ&nt0`p$~GXS4J={5qo1*CHgdHh26S||D#3tk65HTPk> zIO3G-k8Qj!c5}Xu>^PZF5K~)K1Fi!F^o0TJcp`;q$OgiqQ@|r(w-xyJf}kEE-Jr8x zHk(N$fu^3iK=%NO0XwJ9_(1^@e1_}THEX|HvtnKl8@TV3V4hHo-Mx&8?+I=}K zRtx9O@U=5W(0H1?Jq5HPRiPiVxf)tJvH3|!o#e78MA^|)c;f55d2Kd-UE=6O)$$sp zY%`Ni@-sB%ue?HtMy@d)IKZ$X_MXtnnMtFgk&?roAL7u17R;IGV#-kCDAta)z+uQi zF&O5G>)ZF;d5B%Oa9*&d9mrlT!P;7Yga9ff;QAM~OIg+f=e@V+lQnC<{Af6fWn@6n zNN`kROJlTLhQTViZCXd~Q41C>T=VPN52yLkjm#Z@8LURM6q;HlQ*|W>c&k@CsC*AZ zpfd*RB`q?~sD?sgGN>f|{e(cG&>0j0jzDG7iJkk6;Qs&;z4zWoA|LgJm)>H~8x37Az;1n4;3Rkr<(UZRtSCGlAO*k!&~=p| zlgLCIsjRUmj&kK5@j?|bzZzA7r65iYPWRQJY0ZfWsftFU>BI1|PoFuT)}%5r zVEw%q4iC(aE*nTA6H1i8TI#f2gxn5}s4L?RA`^?{YP8LeMN|3?^RrjBai!|NY$uHO z5U18V@f~bWHiaM&iDfddO(;?!M4Bi)JTlM7+^{fg|Ndi_?z88mMi<@MC(sLjc+Hk$$Bu3N^w)zI9xAXVoR+^X5qEIpIL}Ew zwa0(|{`CHBw{nZ+y3?SYomMLZ?R*Z2iVX#umY2n7wk% zf3uy^#jS$n>J=^TWHOagos!uoWl||*DpAF&FUf6C;uY2Dg&it9$Qh=;%XGQEo^pWc zZ% z8QV;^4iZVq=AyzA`4P3-s2hC*%*NxJm6c>6$8(iItv@2Dkb`JJ-mXwaFdisz# z18Ita!V0BZz@Yvi1BZ_=Z_bV{m*NA4j~*4`>1b6I;#fN=}o zALmCQF&!MO7&HT02U}AkV61wN9_J)1PAKB4eTR%5-QU~E*2clk&VtOXZzj0*b7uf` zFl3j&0e1YH#Iib-h3~vi7LN%uYA;GGete0uovod%iJgzHC@-%QEm?CPn86 zLt_a{BU4)km%c*+Yz%2w4BpZqaKvzvy0rLe4K;Z9nBjr$pgB7$0}KvNXSNjHih(Sa9`!uFz7Pr^jRoJchV3D6aK0YB$VjeVa#vn5?!^X+Rh{ZCqvazvX zQE29aM~pQgx7<%IVfv4mHKq@n!g6r3q~dTSnrYtCY#|Ksuw)*Pa`cJHshM3o~$Mh!NlqpIVg31**arRzw({;otK5gVFXz&R&d8%r*io0F5{@9z)1_}xJOmVpR77lGHui4RnH zGOWJqwLZqHD>nbh1CsjByZ(07@Z4U#g9U)SQ&3b^T~j-1_@J_~s=9`zN#jS!6~K>y z!ea@k*~v#_zt(C?H8QkRCUeAjZw)!|XV%uR%1efL)`yl~zc+X>4j4M>=F989$hTd& z_S5MW1W8A0ZL7?XiQ~3&Wf&5TZDc?~Yb4w@jzrBgV^-fdy!RMq;feJ_*;o`7uN0?j zn7Na+;)f5$c^gs?PII$BrllE~u&G3~N(C%8S$pjEPohVk*gw@l820P;2ea+BpIBw7 z7PU0Ch&4pE5z`Q-*pZDVGgvD2CHi3PyMHJ!Hlx6vNNzjilYdQ-4M zh``ebbSDn%zR-H_#i*4w_0GOQR#sLo_beoiOy|V!+ImM~g5z3F{dwg;LdxaCr>-K4 zcMiU>33#8mp~j?a%#3d4y>%aTz?i4M&iTi{<08wIu1-v z81YKwnM@N;288Kn|C5g<`mITwI|s_YAOJ$EFu>yl0<3h~xw@z@z2NXn7QJ2B%GOwp zHJ(eC8}&09uF@z|>f_N$bUUAqC1WWR3YI|9b`)pSdQG1<)IiN?=S$HPb6X2~OU{j> z`*yDVc0*`FlU7)`Yr~J5HvD?(_Pqz!(+e6O?mrd*_znyVwI$Ipsmwfuq&H7`7?RYXp@9M{*wJNEICl-@~ri^sKrWCYb+EXHSZrr|q)Amab60aWn z{al`ejDH0+4;3@X9Z_CJ)lNm&;&W{gPBAv1IDCYjJxcjH>L4Q*ejvYkcl_P)wOc0&k zsaMPY+hv43Iq9Ez7J147)Bi;ON56FMz8oxLU3RO^gzZ8Lhtu|*d7L!99XUpwHD(UIMmbEnyDzyO3W!O z%Xlbu{$_9ZA0IEB`|-rleP?d{K-=Gh_-}rHV`QeQ>ofiKQe*N-P zYEH!cBn6fMY6H@_+JaYT6qd|j8qtul6I)Kz5iRXZgg26kDHd)WchYfWGD^+MOTJ#E z<0aLW$6vb=T>>5pl-#notBKqve*%)~h(EWj|5Yca>X`PNw45)hMYPv7lH{v@{i>0&!j>V|y!YQfjG`%3v|* zbPAb5QdgbZdZ|od(@njl8e(zPWIlOEi!m&)egFGmboU%#ZA967>^Ft;O5+pZDwMp8#1lW2lS0@#9D*HNtS5G++1mn(eD8Wo0>)Dn}=_M8vPH zsVpjO6iJ)%(^Aq(8uWIKu%#?DC8e;TgHxA&<$P#znf?@`&c-9SjR`iazn%ax2@$AN zaGr{QQnwXmq@)(r2^8Gq>sLbWWVf}qw=|2jC`8&KQKPi74z54|s4=9Kxv8mnmEe_1 zA!=-_P0O#8bJZP%r?)OSKnFc~;?IZ*ZUZ9n-Syu^fND;HY>f~ut^CoQd* z+o__2Qw224u4wHv4i)vq=_#4TpbD)*&{{9heW(z()^dTPlV6{gl9F1+0hfV|EWU$R|6IpIGCv5 zXz?;qtFq--+JPJS_s|H+f@(Ixe9UN@iQaDBWGY#A=mCYZ=`+-q)*f~tG$|vONA;gF zWvHFDI6N%6mFPHjT!^{6X!DMvl@hxd3lDkGt=^cYU|7FogYm}Ph6KI+pe(~Ca z_=j!yQ3C@CL`F&tVX!?z+gR0DC^IpuPN#bGWieDzvZgti?CH~dKdznb>}dn2vrq(S z`MINE1)RqGjCyWI-pzRNfFW+3)|oW_VTOQg7vgD*!Wt_x(hBMeiyMVC$yfFrxmVlJ z&TYOM^&tCUVFjP=VXsQq^YgFQlJerCatbpO5(}%zjv*s`EIJ=}g&7aa?E?G+1x1#9 z?5fks4IHebStpL)OwB5*s%;U}#9U1m8hfyt&K=3~8BX|Z`uD1lfz`*(CAVO)&3iZP zzZG}yevOqiCgsZ7-!ElW6!0hkliXz|Po8ch+4ZqA>1;w%SCC%HV~^-(3z#cVbya0~ z2?-pcmA3B8_I*)_57P^o?k+87*8gxZF6Y73bcLxcx%Tkp{b%EE-A`j!xycK6{d(MN z!g%$Aou40T>+j9IcIxoml)Q%xC=+b;uJ3mzWZ&F>FwC^ zoU5rZnP%!1V2gC9?Lz!b$taatqi?Ir_R`;Ox=!VjNTm7(kc<_vwXy2x=zwP--|0F1 z3OfJvS;$+rZk1Ive6)NqU+=fgIR)y8#%*fV5y@wgIP1weUAR)n{ z%F!6WNda~gb%N-~I00>rp5y`1=(sGvrXzT*1&sP?6d=?AFXb}12GKnzf{=SW8l_dr z6$lPckm+lX%axB52;hMYNbM@1_6f{Jc;xu^d2PER&RMAP$Jl$hO;GkktY)? zwLF={jD4?>Cghr*IaZSv_sav=EbFRL>qa?^wQYq>G>!;*3 z^Y-V{m6Jc-{nZ$U$3rPkxbSCGOW)tW7z{qiK6U6;Ms}U~peZ)(7emwhm(6mO7__zD zs#OjB`K$4={H(Of!fR3Kqkr5v#xQZ&x5=wMnUEQN6dkbIB4Fd6iulq{`QGk9QdSy}ms6DQzV$d@!muo@i#Z-x`U3;QR1U|mlhT~4pAC!x-5 zH5do>T<<%!Gxw0r>(%-HzsiH9ghC-ZyE}~y9{>IHUw)sx{pVS~FC4wt%hSu))Ci>J z_^T)etpV1RUX&UTDWOq5ey7#|D@^|etYzT2QU4M|(&~f$!J?*nj{rCSqhg?jzv65$ z$m4nyDh*&_?2OIVnR0poJ7hrXM|`YQJ7zNBFZjKR^3SgK!4q70+!|R5w?{b9j!nNEG(Q&193&qre z%wi9m6_A=3pIXp7Vo?w@zu>Ch;}8H`Tb=U!)$IjJfOFRfSdG+3=aEMoPPfje)LQTi z2|nxmN~>QfJNH=h^3?vL-UtK#?{SDhg?cXnuPF}fNdTYPi0t|qJoVy#^h@{p%K@bN zCFJp9q8rL5O<3?2IJ#&|D%F63CZq5)9FxsZYt+CCsyA@oxByojupl4J4Tg(JTSI}A zPiNprPHs)vMBZF*cn)cSV_Re%fQkhiT#bpn|+k|zow=P}2 zeEG=t+a->U0|V@&fL%i@K&;0gBftomUQeRNIDJM1Id@+ViRUs%(H-pAo8&6!mymQ45d#*|Qdla5Ku#hDl zM9-Dq^$Y1L@K44W{9JE%wYPV0d3;xA2kK@R~Cti!3bV9ydY z#9o)Qk;b4p`v>^C*b?zfOP2GHAwkwAWHg3s=VWJQpi6qKMWOLjQ#V&j5(Z2m4B5ca z&Dpeb?-Nf#1XWcfRW-Fz%P}8)GRKvoMkuDvF7{xj!`9Zt#eo`g`*tbXapvrieY}Eb z%F;WD1vtMk%U4gd6BL(p82Sa+cW#FORLRzWN#B^lwsy2|vh?pac1R!7q^N5-BJ(Lr zXAdwJSL8Gs^$T`3X4<&A`FJ~-+nPBz1cD3$?q1dlp2%TVzctoWuAsO6b)cuHE>9vgDK6#Gl(q8iHyl-1y7nj z)QyH`I=fnd(_c*)8P-#l474$Ldln+7>06ILcjCaR6pXCWn*K&|BXesI2L?{-yw0^q z&;H%DFzQ#)C+|n#HP{%fZv=5*C>RI!*3ZZu*?~6`2lf;c{}SK@W52pNZNS=5SX@?K zQ8j7Yh=O83j^8kK(wHatb@dAkqDFxjd=yw`kj{*=od(NmpyBOKFF+S|CU%IGsI|jk z(vR){){QdC`lFk^4&#nHvvaW#+)wESV6e!`LZF**U`HcjzwzL@`S%CuwO(Ev*z-F9 z7DK623ZftMR@dJ}?+ajnII!eQeH>V6X&HB%48J2w(0yyKb^Vj{kb}lr(;QZ*x2)vPHN5Ag<(;cTL!v%Hgtq8nv>Gfth?Y~6?d`X}+c-^CwAYLA>u+nIPYf2N7L;V(tJe|4YirW)-HfjSlvgT#b!t>b7mwE8u2nZx6l527mml@1 z%SE}dN49O;G>-(~+BzS6rN*k=OWSx-KQZIwiH@)zYR)+vASy*}8S>@rPOB z|2$VPBr8WZJGO4q_FqL&nG&B~q(@IskeOH0_TSk5Rn@6C_wC*R)ZV&%Z)92TZ z1Q8US-oAC~pGUG9pU=hnrj&&3b|Ub~LahG(!~K(sn;!YU-*MoGKm^_(0&my?d-g5) zjXWQ{ZH@kYHF@$A5HnT4%ZM^M5wE$%Rkn+y;y}uW-6&mJap{A3m7S?nuyT&4kgBjr`M>9Tl|MZB^OX62*GH z>S5UCz0oClQ>!ii{>8)hTGY)qcAd^?*AO0&?z|f~!(P4(2=qh?>}|lUr|Xzsl$S-i zUoOu_#5k1*!EtHRP2NXD*rKMQ6#4z+;zW(&(Os=Ee&-iIUto^})VwqLnsbZm{;_Mk zq8mHEJ@W*yLfgf!Hbhtc69s!F<9Y(ECn+%J2_n$?Fg|6Vl_ht_BSX^)X9%f2wR zNUd#=8V2=q6X(@xrBc3X{P`b#>1 z!GQ>c{D%6vn%bt8y3)M7{PG5#sI@rs)TNk$c7~aSxe?%=Py&x#erY{8$Ei`v1f15& z;)248wnyx3D5Neup;%z_^^sq``|i8FzyB~H#Fm6o=q@R%2hD*?+S{7TE6Q6XlBTNa z1}^BMlH1-?3Hn{DOM@vBi*%&lz<`vAnhO&zoC$qcsv9Utdj-&^h6nnt6$rSsRn>K^ zqRvfUCEj_MFSX`IQX>dHrU3GPJX+CFR|HBI)`--A)?eD%+)!Fo&6SF4%d472x&x?M zSxa$VUSWO56Sk=mVf%jg%~qiH_ZxPNMw-ehI#3#3MPXikWwRb}Iky%7Rb1ODkdy2H zZwFD!Ybh%zsOE{68_HLYD z?|KLVujwpg59w_$Q-jmN1&1NQSx6l@zCh^e;@H)}hPJv;(Lsqqf|Zd$)|?Rf@MZ2_ z{Fbz)xVc;;7WuP60-S?Ecs?R6KJe2a>y>*}j`enMaB*{SGoqvU<*|`BVsoqc2KIJL zoTB(%=#9Aa4g@I*JA2}4GS9)u$Ht0`)7EE3?%a5yP)V?M@vvknldpx|dzjUMH+C># z=+#h5YEz=yNB;Q9aQA>f3+~O!S?<$@8DraGE``Qr)f0_a^2Yq=R$~ed8Dz&)*H_gS z%FHZkQ%G)o0c(bgu5C@ix%&xIGb?H{PwqLJkdqj7Cae$%478{^yW`Un;pwr!z6lx` zg1xkU@fssT;K*+bW^-nvw86XI)SKtzeN zPu-GCdT+EPU3V&hX38cB(ogPKz2{=$t%4c{Z`=0FdJG*AYi&n*$-?&^h)j&Vo2j)l zM<++!iOWri3X7nKDTq#Zg5Fqt&l>M z%c?3YJhj6-z?BwzEgC~l?1{Lap3s1@pfnx$@sCS)b46s^U@vnF zN|=>WVbjM)SXg4!$F3%=#L(4~-Ee2$iO9H^v>LS`C+Wnd!#Cp+!lIMw^J1^xEXDM9 zqi02IKN^u7UsR)Hxp|p`CgDQHayane*5a3 z__%};MMv)S``J8uPew*^i>;0F!ST-lqsPshQfoisdmH{Ze*MAS=qtAprEdLw%&59? z#FFXS@=I557uVGZ9ESy)C~Bk5Y(8}}Exx>iVSu``d&{wFanY9!+^#~#4GYXVyLn$k zev43MY)mb={OfOj-j2VKST1H-8#PCt0f?o=*QzWX?agVgkfgeotwo?a-9HOCz*uf< zVa;N(fEo01aj3d^qLkg=&wyL4^$)fu^QtnlOK`!{oXf6eT1=kk#zM)JDqwy!G&F#i zFpzc(ghc}q{Hm%dGMNkrGJs8{I}6#+3|_#qkS}*=U~PH?o;nK&ePF$FVvxwhb}`3P zY5%qJW?xMIp{5fHTXRyYA7bQa9#5*{Anl|f)pE+KG((05nmk4UjmM%?lJ>gFiaW>l z9Y2{?Q*r0lV>hZQD_gjnjy9oGEv%_+)4R{a?HrL-(b3e@Di)=l`f>Y_*y7@p18X;g zc5S)=wpFcK*6CX?@pQGNHGFxiYczlx_$0ObWHe>{rBsrM4c-3u4Zi8hS-}8 zLH&aqaY##LbbNxr051cPNF))6q*%ul+fH0LvKYy|79Mu3p1u71<*RGv1~Rx=r_PlP z`08qC_|KZe^l~x7!M-x>c1|0q^5L~SE)!3*CX_v_v>HBU>TnM{(y2G1(EuK@zoP%u zsW)#G6X!=pM110|3BQnu=y?7?DFkC+|J)bOAG3T!Oe$7|&yxjauSS&?F3a~^+%>V5B_lJ;WvbO5Plh-86_TC6T zxTrGxUO{Oa&T;h4qn8eR>Q)?^-04q3w7TcEMuKkXZPGNwhU05#~GJ3^G}z|rGpeX(x2_rnu^9sx$6 z0jnu&&%u+?9a@JkfB*fRO!%1=Bc`6bf(8RL6{Tyv=S+vH7_oHju zW!^)U?)Z8RzJvYK-p`!`RrjtP-?A?QW56Pp-aN4Bl_no*ecl##nV%U%4ov?hNNG@uqC@5>g1TUUEVNh_u)Mcxd z&+B81LF0V4?D>A~>>&=W-Yf%5QCb?S|I|54KbbeoO4{C-bmwNeY~tm}t84p_BF-f8 z6-3Xu>q4&{8_uZ7&409siN;$@`)2DvXM9flsc-j&Ke%yj*YP5v0Sl9LdH>c^rF`0i z1;0gv?{(EyCuWos)pNY3hA=psoQILON-PhAhK5~UKg>{Y`@q2y2~vPqL+Gv}7qXta zk=Z-fj<>j1Z84e1fKlUy`nrlU6M%zM_e=hp0AnjTIr;G6!(i*2$z-ObrGeML6#J($ zl5a5{Q1u><0JOk*{1E*o1?3V2Rc2V#T5Cmg+%xjr1g9BS3eL9hg<3g^tRZP-2%wtR z-G^~_j8drhe<4GNG2MtOZjlJ9s%vYc+;*XgJ!Hw+1tUk#SUzz?pQ*pEm}I7Ne_-6l z&Yb8oVA(foC%W^m9&Z}+^NuZB{`_H>AUQ4j@4+>Qnt&%do8f9NoV;Gb<+O5ZV+z__ zgU4Duh|%D6&%tziC$c*4=6xL}zK=Vptso)|@9D-S0n0>#BbmE-I+IaK9GyT=w+ZkD z7JY#kVN7N)BrVMvXGcpGifm$v!ZVm=4xXxG;Vsh^ufzeidaTC1PygxPEb&pc#inF7 z=owt8P9DVSyc!T`rW2L0wWb3@H|q=7OHJ9PM3F=a&P$_I9$wYSkcD0H!m&yjI-K z#rZlLfomqfD#H?z=l@plRU7LE5AHi}qvHattH<|OX_>MYj5e~`Z?i-184%q=Yq!9B^q z!HJDkAZU%Cg{!4|4eB>&;)2!Rtr+pRBDsw0viS4OTefUDdEz@&Q)XOBk%Hhpu>Zi} z(?4AE=}<&MVO#m>rVE0Aga~RG+PeSvrK`uPvNGd~N;+g(kb?nDq#1ennh;tquHI3| zH5oV{z|w%CmIFH<3v$X35P63HAsGjP?im}IllelWm2+PQfF@c)H|PrNQOiUElJ&IZ z-|auO(L5&@A!z#k9vZm{`z~zIN>m0T4Lv$M418ez|CZ zAwgjl^#1LmtIGFJShy>)jsx!fPd-!%g;GG_4n&vX8{A)Y6=KO0(j#Avjs_M>WOh=0 z<=(j6NE~2iAXlL6CNBSC^PY?McYGck=sjaplT6-OC)3rWr7l~@X96BmSJ(QCBCaWe zge8Gvn{t^%$QS8CeiR~(+_1ktvoUtV*{~~DqOR97`;KwS3p=^{#^DQvB$Bm{x1B=X zT2*d8Xo?}KBt>N7Vbq#*JXu0>X5;Ewnmcse#F`BoVHb7i$nncJZk#^y+t=sO<_4Og zO((8|T}iJo>uZPOi6k(j5ee7ISMcSM>f3h?MBX@e_DEA2@D?WD%BzkjYd$}j@Iu%0y|D25pdc&9Z?Sbd|PT;wT6TG;j}Uu880po+Kujy z&A+}b?0RTwc9j|p^7P4?^V8GA8(H>dh^Rs;X(@_NENbi!i)9*=n%9Vx5g5i=q=~Oo z6Xk6=2^o2{94*7w#}Zq)`N)-s^YJA{fer)?S0DraDPVMob=k5yg_Cn})eqmCx^d&m zsn7;zpCO|Lg;)!;ScXh3Z|*>FDj~ocOwW*khIv=+h+KoIcm-FCSi8HMHyqu4{KmE2 zyMJAC&2U5?4+5XYAl7q4+)ht1l(z=~by9S4a!kzr?^b-e>2g6_T5fT*6c5OopBBIh zHhlQ-88c?wy?b}pu3f+yTd`sV*oy=%vA3tQP}5$50E`2BiwE*w;=oLdOnEiJMtN0A zL!v^dxRxIlUzMs-qRc6VQ?2LB8a$WE06qn9OQPFZ;IAIvc`danFXe7xsnE&9IyduL zeoaGJYJtqqGsIDG^32WFdI8ooWS}!C?(E?Nlx3iY6IJ)bh?L$sbRnbO$aSz6E&1HZ z`^6=9@8wubnm^gasPhJ`s=oZkk;LZK!sP4e)x_Cft#oITv`sM=B64}{w_G_bbs=WlLdNNBqk6^|V- zFnTT-^}!u$#Aw#)@EjY6DBw} zC0~unuQBxr$I zV$*Ooej_Ig3t={87ik>&`FJ=7j2Y&TcPsKC$K|Wf7df+VL_=#AI|IP_NHnl^cQV%9 zB&ZgHe4RLnVfS*1G@iqkeLQ`zr*Ur7^<<9A*Iz7hV&O;zR?apI1Y-zn2DFCEWQt0w zN)*jimDFLsteE2N!l)~bO3D^Gcn0?y(bt_+n_f(s^!_3yKjlp1L$ufEnIk=k2*ugm zmiB0424r2wn%UXen$g&n_D0sme*Gs7bmZI)zgdH@0tXEV@vybBwgWi{uw*lL7q&`C z4IVk(%Tf_~F`@+LGHcEVvqveFfyWJJ>EK{(3`U$xBS_djLx%;K-wVBv!edXEGdaY! z54FAeero#dX1SH`prIaafg%3*=G42{H31*3{U89zPpl+*__*2IyE!_#xe;>jgrzi! z9D+y99PffIEodRxyLq?`9zM*O)_yhOA;Ek8PxAxha;%-Jg9#m@QRA$g94y%2G=?r$ zr&W7pUF*KN#ZgZ$WRrbmdkp-RHfTgIHR;jSC1+B;bvWu@ci^;|EwX(F!@q zZ_wxQ1z?+Q&({i)-osR7D#rZ=& zEr0L51tSe}&SVQ5Nviy8S>Pl!gW!1F}lP8SoDx%dQWhG^a zC2Sqv8E!FVp#9Lk{(V8-?ykbhhK#cj55-!HsrT49!<@JU(O2Ti zDduj$ecg>QtyiukDzWAxXHIuBQe@mbmnL?ZGi9)zaH^x^R#-x_+lYCC9aJ&rFBEW8 zo+DQeCQxE*fW!d|W9&M0F>rDMW{b1!tbLdxk%_H#on(Hnneq`(#559Zf zm&}Q;6*XsGUma5;b!Fn(ThI={rgd>8tiV81f=VLQ5%K7aFyIX1a5%vH z0x$F*LQeeGH(lPG ztw%#B(P10>nS(FT}c9wLb-Oh@mmJ{n^spP6Y#_sBV&3G4 z@9Anrf77tR_Fo|aZ`K0qPRC?&xk4`QGPZyb21Ne&6KH{T2SZrqe?*{1WF`6^`v5QR zCIVy{$=|Qfq~ViCg^V3HXu^mgBf#ck&oRG1FVHBEC>Mv)h$`|EnsovENJCy?Ollnn zF9U2`*>RnWq0bg|YfWiE`4jYH-2?>`lQi7FeCi+w!992}y-6R5^}ma@H9ziRR2sLl zK4D!}^!*ghUwl>nd;R~f20WQ*(&No9pfQea=pERlDe!b)w0IPd(1fC3H1$Gz+ z`~sVgkO}O?frMAQGz5D1BlJt_C#u)ND_KK=2)ML^Kb z&%Lw%mwm^h9^_U%lM^4wj|n>+p`+S=QIXWe?cQ;vtfi%;B<0K>UtceHbT0B)^=Qk| zVs0l?ccTe;>aFbymToU-0liS(-TlRc`I}4r*?#Osh5xNcN8IfPg$-|@;s2&Cyb2-! z5r7E1vk3fUfq^aX=ZZdvtmg~R^SOO_+Y3B1p>=mU)pG_BWU>K|p+FxLj&01e%TFuT zAgwaGf1tA7UCVs%G93?C=V$@sR0m zxCTKBO4iJw&~4rNvH-C^rxEZy)--TINu@$A;kANyEuA@YG~#wpV^wvNUNuC)18-}Z zIl|6_LZbHCs;XL^jzB{z77Lpj>)RzVVMlutN5=~fT!bB<;+kd&$N+%os2G~-s;is$ zQbptK3m{EUjsB1-6o^0%M4&s%)Jrd;QmK?mCG>dp!1?eltE7tqE3a-`ws;<3h1A^( z|5*Sz5ZE$rYy@dcdbEI>x{;9)o6YXsr;AA>VntP5MMd?b@gqPaeobBD#BsxgLeal3 zF@X2EqoV`FpMn=}d=wc3WN!}2*uvraA&i_02O_e~<}H;Rio^R+CKQ2@^Qk+(Q^FEt<`n2$i zJp&HR+|&Qa52$lj>)39_{JZBfN)g$hZ+Cp$*G6{&lwWjZ?Gee3JC~RNpIh;ry*n$W zul3J5eJG&@LkyVv$wZ4=-)*=1?ZkA-ozK2{U^Bp)YCL?ld;Yrhhic_Cn(2r&Yi6Pf zjvS6^5HoCs&iHsyQ0HMr6!*%33)OX1g1~9>%#oa=Gq+j>to>rND)!i}*cyq-V)Ejt ziiZ~xOFIO@29@EY_1ivhEWPmC(S!~a%4q1C@26s;k9>JH4J*U2+{S+T+gQ%2L+A2a zNQOffFLY_$yX&r!*4D1H^)eX6IC%Kl5Yn4;|GqrJ zNc`6}9PeyHPsM@h*eJMsQ6E2Vz|q;2CrghGFuA~d)lXdT7Q6dU_3N3}f_lWA0*bxyF(jb1 zDa{CtX*kG^L{Zh33+fw6IrhWHIso5Lb9s5HX2@LMio|@0N?2Y;Te*ApmqSodkr}-9 z%rfneU3)eg$t&6<^6I2C$0hqVe&i8)D#6go4kOBvOOb@sYkaI570c6DvMVp&p-vk= zfMvmUwzf3XodA`$7d^;Q4Ib+UXhjv=#?s8pw5-_ZLaeJJJ1^`~2Wx<@Lq$f5gI!Z} zD&4^w5NL2Y1xfKP)3q7Isjz z#n~Ls9e?f!A-7gHimLCNzEN-NW{Xcc9nq>%i{!4q?^)6qmKOB!M}4r3g=KYdXHVr5 zJscTrH;+fj38;3h-?pQh#xtvu3nfrlzJ9D(kzQB*4!8Aa70 zhGMpv72uczak6mq@vE*Y+T1+WH>)v7Jd1l<9*88XFMMqQ(ZTmzTdih%EPCG&9gt%adAoyL$MK zT(IWTafXlMdl8KaXW-M{tmIB?nPHGG6{D(4k378Y8q>+m)fVt)A!u`_U@se8t`tL4 ztt98fw?~@M7H)2i1_T{zDBXGp;OoF*@kB*yO%2w<0qE2J!_Srt^S5SNJD8J{Xe&2I zQ!)ln--;V+TUjoiE*`#PR)4<0&DPw>%M+X?mC@MXm<8aK#1WwTt9w5%SgO|{0G2!b zZsUtCn7s}O*rB%ofoDhJgOsHpKxOUPwIJCD*tCKf8{X7N0;cA?yu9zf|9lF-t_xHa`cA;mV(NK;x_+o})S!XnC+vW$CiadF{iuUx(Fv25Ao!8Z0( zyr-uv;HVcX31)82tooR!a*B(qElSWXrg;yw$P3+nC@wB)`|@A!bBss!CmXRn94+w; zd>rjja$!WFTl-Pg{YQEj1_$}#xdM@}UEI*ju=a8@z)~BeQn^?tl7fDy<$#q)BCadL z(wv>#7|c2u!_$*3%Gi4GUR-8su88J3Y>c%Hk>crTDb`@sO0`0wqr#U8g)*fIRH88O z9y^?6gg5o{FyzWWW=6S4*h#XlkVsSrL0zBwFoz2R!MZi=V4>cFfbLWe78@QO4i>%Z z*RK-@gjeBX>pghEp7a0&{@R7qvC(x3Fu%&m%D^pOC=@PUyx7gn4Lni+Rl)oQUNP`t z4^aExRM2+;>_T?aSn0{#0S-uOYin?1IyyQUMBw%5(+Aj9`uMhI?n3GhR|5gI8d!r) zpFR!v1{W<_)U_uIykfwT1JV=H(1P?uX{~4)!vO3;0{0RTt1@=;3G#L(5f}`OalfGh zoh`{yvBu2C($v(()7=uMkqeaUaWh8YtMe}1N}zfKj13+$exhep)cJ^X{Jd4G23S$i zYL%g_Lr{>9kqOz@c0jO|1yxZM5ph@BZ~Dj62hlsNB|KVDot+q;l9633@LKrIf)=1k-$pJG5ly_OOzB^lbRpt?0b}^gj~7n%vQ%F@ zapFN6bNrl1PV~-vOu#;rsu-rWJ^=$qkMp5xC0r4$-^k&%=h|IY{D)o0m+qzl%bJ6OLuF+pSTKR(z|+(7MWcb?F64`kJiOus z5O@YBzCIEk(dtg6f%yl_ubn%0f{6>#HTd}W2m}JX`$Qj!UteGU0HgoI7{!^y$;VYT3=FaTtl; z3+H7I>(X-=S;5z)rlwwAUSLNhJ3AZv1-J8VPTwBZ)83#CKpyzg0dW=Biv&B8AeR|f zU;h1s0k{MdaCLPBM~!N0Ym17CfKApDJYN4i9*{TzYc?dim2L>!KI-UN}M;{FuH0b>K z^ZWPj2S(US_Z2@+EBO5*1c3Pktf&neHe_aIg3ZJ!Q>Flaf*5rb?XZY zB5sJg7n9S}Nn5HGrOaG%hFSGs&yd>;^xZYygG@vIsV>*yq3;WASzyNQhafXL?vk{t!Qj&tZftZ^k9bW zq5#YFBm}@h_u#>U-+%udEO)^D4>k?JV%U=ugt|Zk{vQHQTVQ(13GjE}!i67x_#xQN z>)M5c$i039z#|=(%LUfcIdY^#B6+U)rB@PcI|3irr=Na0ZQ3-jcMQh#^()`a z7SUKd3TeA}Zp-yba3|+o{Q9G>cV6HF)~@W^yT9FW>~4I1^)t;QO-}TsW1;!oY~{&f z>gIbZm#*A>LC2>rDG8f1V&=~1s{c^W|9DATWkz&-XupWrOt3cq{XCc9J1Mqu+n>Vn-z@}tRzJI?8PO}#!C>_PMi@9t0oJ3x(~0$*K5DgqKEaSpx6Vl~(W2U=1kXN> z-26sF3Yh6fj0`b0pb!z2N+IfKZEof32=9TTOetz>t`o=+0!c@^Amf9tI&_b^8l_aK z`xogfr&TJ|DzGUl24Cxm=Jle)8Tz{SvqxpOfY&W$YWG2ocr;2S>1YPhF3}k|h)N;j zx3{#ki*(g#6~gwG=H?czSZ@F!qK=m4Rt^uGoYXZ6>ThlpbaL{mRU!eGBM>Xq@{V?% zUR$+{2kPa@bTt89Zkd47+`^HlG}URhPF+mo>Phy2ps^$}0nsW|3Msd(rG+Ez{6fv+ zw6^o4YGK*s<5yD4+m#x%Oe$(??-0v7d#Y6{6-sbYQX&?#bNLF5ir3DSsPzqtfMRXJ zM~W%LKnyKkjxjXIg23=`54J|K+W_fW zYq{2QkUd7L#o(|A&Mj!HNq&BA)4wEx`l}uI3L?-=1oRt@`9t&2k(`wt>tSi{@d zT^3jtSjy5nO9zEjY4#fIMx)V0qj{Rdm|}_v&q&nRum(Y;NECu%iGma1-D z*vb~RyxCooc-~VFlK39@?wq3sxO4BF`DX6SH#7hL{nd3GtOZ7Zv4_>>aSSX?$PP}% z%=~iM>_s$qePqt4Q-GuK0kKiVcQJ;1Ujo&57AvK)#R@XnN?D@gwkW zzK~BDn3ty;Sn0o)w)I%@ea5S}`A-JpF~A^j>l$mswUXnttr;QPOBDLnP~d^w4DesiPk_Bwl$$qL|BB z&!co(ngj9Pe;JygFJpuO@kDxD9^3(|LVg2^|mbq zT?k(J#Y@G8-frk8Sy}lV0-nO}on4EGgOx*0Az!-}rPK>rQ)4oQon7qua&A?&k1&Q{ zGe16f^dI(Rw;pS|xmh?b`(&N_(~W3xZ(e?vhJsN)Z1>Zp<4bf~(#skA#*!Ai>Ebyw z8v~Ne(EXzw3pfSYOv2oK+o=t8@VWDyWrH=DMT0QjfTr{MPZw!tXQTdk`mHA^m4e~o zOVK69-foD7%jj^E=#R%^fYvWZ%Be2yu%GE=YP)Rj zR@00dRU%<)ehnfd;!*&tI4)}t+t)Sf{(jWSEt2B&R+$Zrst+(^)})n*jTZQN5P4^0I&gGsZu5Px73Tgn|7M2Qlvc;$xxPAq4(F z04x%KaTnMJQHF&8QHdBVwx@?18ihuokl^s~MF}{WV9*$%E)m=|nUgM&2)-gX0`Zc% zyaAWMZWf&Z2-t{|qb;4zVzNf;ZLQ$Ito@}4G$I~{*VWb4o&-%u&?Z(h5E8i}&g3{ zq7U@(xRBbyL)67c6vBH@6`cT+~Lm3K{=-PVOrV% z#ldi7fJ@Ye5AdBgyiFs(=|y?%Fn(`k8;<5rHMeq_F~e+-iJuwh4&(H3wLE51M~jMj zL<3#zViR9aD_g27&4bj%GFZLFPhX2$kl&-B4IhPD%%5TT^ve|Y=051e7-(vl(1K@} z57V29T1o5Q^}>jHN=k-ol7kNw$nV2O z+Y25rNkP6;L;T>~2f6J}EZ1%dG#p4td{`?sSh9AWwRo^5yOFdeKqEKd5{LGVgN!kv zVd-YVQZq1qV`j0?elf(r-k^DDoD8huN#`sBv7xCYpfzB_X;KZvU}*~0s2yEBV5h;# z!fbGG2$ayy&JOIT0V5D7K?wYH1c03)=<`5VRn5TQKsFtOb=J`#f*3Z?dUOhnhhRUF z$LHJGSO)sjy1IMsXXk4X2rAWyDI@NHh0Ct@5q)ON{K`)orV#zMZ`nuL?vD$@%q68; z=PYkpkWdh6d+OU5F%j0qwE5}yMttk7J?EG!XS36D`xdTQRdD6Zkn8rvvTM~^i4co4@&Ju?sjt8>x-|GD3dp z?6jzzmo0aFfG$t2k{jSNYZNOty=~dBGpuZeKanxwb^5^4-u#%bT&b6+zmo6#>Br{B z4_wt=yu`8Pa+?I@pb47$@#@rs6ft*v@GDK%dO_#6mXVpAn8Lj*+QJsk4ZBx)b5HNPEHy;6)uDHW z1Q&l3+2tL)W1evD!A#e=1p*#&zHKc3MiX|?R$4>I&+;?j?>2S?IHN#Y~O#q=zy*jL9djeR~FGsPuB0Xww$QtW!s?7Wa^;)VZ^_FQ3*E ze(*$ooB7&rzh3P@W|m+7txB=_y|=p_{#uL<`p}QukPvw`r3me_{JRfV8R3*CeuCb| ziCLmG@6Fbh!{CU~^32R$jOR>zZP>}HEIbZvH8*&s&M?R9ot5q*&AE50bym|A80?0LfG>(}cE z1~87yVZ&S0!Md#bErv^-`7sC2)DY}0ni+go0LDfE1q)N$Rpe+CpK8vtRNqN&^p3Nny`d}ZGzu<!LD7^lrd;_6IKIzLNf6 zL?VH`R*V! z>ZBdGUTeFk&50leHhz!+0|W9R>cELpnt=feFwpM6$pdr%n2Ck$ZACKEE+YC2!6Kq_Mo^>+17L|R=jI#l+!_z6QL*Dm9?RF$<1 zJzu#|%pGj$_;=YVimMNh%3Ho*CWr$rWVGg{-MxA9=H0AX_Lyv-vxoImGwgLhHMyRN zfZ@$djVC~(NJb_kEVTVKxmxqDmj=v^U>X0C1TO#ex4aoon4+f^|6B0i4AB1VvCPmG#PdC-xkTc~IEU^;}K-v9i>wk%`q4 zKv3G3{{H&+j>W4q@tba~@n3c<{TXfgXP(Gx$TY5;Z9m<;@CUa}Tq1v7pxu!US9v&p*IJ2aiDmV_2D3z-9A!9t(E#fP_5A$y3Vk%j7b(Z>mC}+|H9r_~43KpI@$!jS2*#V#ovLmHP~I!z4ri z9H|%?83Dhp=Oz$ag{ZHu+yDSx+)#oLfDlk2fZVoi8<9u^%a?Hm9E5O#5cs1Ut+}_ezH)d(oohz~QGS-nv$S77G-*y_Iy|uf)Iw3M4H9avpJgHMFz{hOp z*6AGw&)iC{V(I!W2-3?r@YNR)my%mdt<9JfKcA{}U7&SgOPF-Fb4Tp8g7(qD(wO~c zBJZVg9BD2FDn0j6M(dM$j;0lgk8?rQW-$#cDTdDOq>{78j{R~sze&Tkfbbi@y8I<}UBK?MimoWFZ>Q-A^o&e_7?RrM@c%8TeA_omzm_9&~mUjFXU6MJal)RY9AKw^%pSW(Rr$STH#==}*Y4R_kHx#zZjd6HE zPf07!*p`S8A!HSaQN=PRX9_@`pqhuIi$olIr}G6s#ih)`1id$77!K%hZq=u6k=en z)UVW;-&6($G}2$ylW79zLAO8%yaWN|sf4bLHD04WB~3~-HgmHyWgxw4FC? zT%e~Aiu8hA^srXOCKf;&NCPY5)&3e9-Nr%b=n&9ibxfS5IF7I5!`jv)Wv8h+B%m*hz5X(=4y7?7|!E_Q8&MO{WZT4=0j zR45jU1bl%Q*i?!5Y^k27J+iMP{82?|PF`l0j@vA9acb(_hRm#Lh1A&9!&V`FQqycV z?`>^M_H`h0KZLn2YVtCwr(aK$)%(WpZ z_`_&@lUad2+JrHjY0zvdV?|GK?9~*>^x&Oqf`}O9hLc>(VeqgnzB7WBEOax&v4`BXYCX?!)EBp`H0-M5wffQvH%B7 zm8i9VJuKHW^Kdd$RZBe7FQ(3z@2>mgQpBa=K8d-fU+@enyzxHEap{U_4%VJ714VHs zqLR6GbC%J}MLdkFmn|OJ0)sw^Hv$3Z6mp!+2%SQX6R2miy?LjQz^n~8ufQKXcwlaB z4jfe=P5cRT3+R@=f`ASV@lzgGhQdxQP5f7>vgl#_fkWxYgJIuJCu_dSjZj_)fhmRn z2ssRl@m~_0LkEkvTqiq!J#&vr6CcbwlU5V|wL%Xd0>bEE0tV*S(CO1Sp$0bi91aH< zO-=RPA|QniL|Z^yNT6VBW@ZL0z{lAEpllEV6G6bha@I$mZ1sld*F?aB?tu`15P%SP zGZ9d)Rg{rO-^}_!wVEmj08MqNUz5({= zv$kDWr&-H_eXPf^&>5q5bTYUq2o$6JJ%e1~#BIdJ1g!4f;palf?ykv5PtU7w2a;s; zo&k>NZ<8q(GMh8g(=*HKRLX2nf)IcZfDnKXcp(C6iT`m-4G@M90CI=bN1SU!s5El=khRFUE0OZz6?uBN{T#tF(D-@_I%ufhKXt74`2Ik z^NL-uEF~#yjyM)w(DrP=B|&3F<&&Q0#s+v!!AG8?{uGw_pCx8B=S75^xOyWg^7P5r z$b{1o@ueLvqp-Zb+RWUh@i0Mte^qSA(Tg{dE=L|d7FP5!(yA)&*htg;%o;w#)h5t= zp<5sXAOxm30_xC~N(Ki0P3bt7Q@kOd;=`1d5NIL+XINGNXb_7lF?XO0)X`z1Y$n^6 z=7d8bkjiaZ5D!}<`D4RI0sJG!WH4YHphQqA5j|Cwe{Nrvi$!9!NWMCap>*u6JSn0| zKzGFb^-M!|ifSWRJ_gkC{tQG3UML!qBM?ZSypKY{f!;p&!|yLrKS{!e87%oQEIK+m z=9^iAH`51jSPYOO1LXnf&(f+htHt`2m;R`R6j(1y)kTw{&736-8Oilx7!r*@f|@C- zrp!GCG7M+@nt1PV4-ol(ZjX^E0r=yRTqqt>z!6HZONC4-`=jcj%B(E9#pWwf(Z3%4 z+|g1YRUlweP$!8x$J1i}snIV7RY0Ot+8YX)vgW_PK@N}*D~t7elDC&;RVn5qMMcN| ze0+|xhVmX2n$Of!{Olca1ssJ&sv1_IgzEQascurn2Za)Zz?+Q#H0{3G?fatI{n749 z`UPf}ty{MOdqCh034RA=ZqH3>AzGkc{E|E`x)=I8gusgsKx5I5yFj=gWPlY>)YjZy zE48uh%@&#gsVw=JF`AXjw(-&H>+Tz>y&j#IayKsG+>IXHARlwa-E$xAKc1KdH1T~F z%rzyB2I>kPRx?fX6LarK8aLNd^tRI5O0NSzj?jKB>)k*?Gkp0Q{CzKYCaA>68GhvBNy)! zYSE~?yc-8k#Kxzj594oRNj6mqF>RUW___vq0h+=%P`3 z_Vc|zUi$4`>?46+fV(bQWz8UEHW%M$;u~tu=VBz*YuvCydNxlgb*)2v8n zRj4Q^O%(*j=?hub&@szENTyhjNF*?={C^IQU>XLKDbPk&&cRR`2Lgb80KH%EKNgFf z(x8D_XlZEyO?=>r0m2c%b8~aiXf%kW3brBu2SXqf^8Z+8g9`I_JavzOd^e`bfH?Wf zsjUG!TP`OWn(hlEvWl+97clj;xRU8Btr|;OL?}^Ji}&8;RWTW2{OF^H{OxD&>(Q3?c={r*bKf6!`Y6nSUd5(Z z(POSiw=AU8p`6w)3#2N!2)psO<5#=P46!hrOv*;!G)B1uYmKV70)(f#5#wGeZ{?Qh zjJl>3dqZVqmm>>>HaM77z~)W9yu@F!+dE5hdps}3?6%YZ{6JQjcwpC&N9GO&8Xj+b zw{u#`kvr6l+ZRxJuEghcbd)#Cedp-3Fw7RN^p!?m>Toq}xL1dm=A!@Tex3bH$H7X$ z=Fl(ws781VzzaLi{cz2|Zz-YofspJrP+e7`srZ|U78O&3?=;X60!yCQ$y=%pr(P?{PDjK>!;u3mofm*nk~4jY$g6bc0} wu&GfusFV-_e-i?Ld;=cY-Q5kSB=Cj&7e3L)S!0Y|qW}N^07*qoM6N<$g7a0I&Hw-a literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-firewall/images/fw03-defaults.png b/windows/security/threat-protection/windows-firewall/images/fw03-defaults.png new file mode 100644 index 0000000000000000000000000000000000000000..cfc1daea372601c412d15d30c5406f659f8b0d3a GIT binary patch literal 28751 zcmb??V{m0r({7xTWMbRa#I|kQnb@``wmrebwl%Rmv2Ani$@^B_`}clT-;Z6V_CCG# z>b=z6&(r-=QCrhrYCqycqblwD>Hdj|yGkhniAG<6%F&bE&a=oXXHeW8eEDon)xO|?! z_rW6zLLdb?2oga7Dr#%LWrzp^I zZH(HDBSvjgNzmHHPHYV?QqOMn5=p)qkq@}pSsM>)23;&91TKr2zOF4^ZHypb*8a!c`o9yW1 z_)V7Jo9D7h=!q9moZ=HEOboQoNPHHBzp-n&CK)goYryg{It}}Re*L=>c-nB^YWy)T zTF|TRP@A7G=%u(?)Mw~$U{q|)%q^QE++^p>(Y83dIN8(R!sVqeNXPZJ^d_ z6C0zOqORgLG-(Zy|0E?YFAs(6U)PCoP!oBm(=sTZ+hr=%-t!lRqiw@Nfqim`uR$7u z45Bx|DOJJ-a=QZ-MoRiNqF~hrGbC^$uX{ct@fWdumS(ia;`QUTUR-~yuOW)}LDRBj zviTi%RkfwX`2}@ahYChrgz|2l)0Q5Jx3rHom76)Ij)FRaImR`aj(PQK+s9ktsRc9B4xeiD* zgi$leIiuW-J1XR5oYk)?$iiN^AZ)^A<^&w zyPz9V5jytf1GeG}UKNs1NCt?r2v>9FntZ(P2-V0LmX7Z*KadN^L#dA250k~V8V_BI zTq;_>g$8m7+sUndw z$5qTPBorvUhizE37aQGZ{i!O!ICOQ(tt>vDdY_3!0Hs^&vw%%=J^Nv39L2{Yx8WR; z=lEKI;HP8}MFbY|`*juK1s|JNbs^!fp{zoXSlEOWqhoB!=}D>UPVz$ypG&tNVDM?&*+T#C;CIFMX8hz zo!QZpexmg_@eEU<46=Js8;V1#*Pz{=G`08Gjswa=h#M>mH`S&3L<&lBm1K?KN%xA} zdp=qnIl^S4y4&~8oM51u0y+n=c{a;ebl=SrAM9dLjN@5r3RT+9i(Kof&|7Gi3eO7$i9c5^r-C+a64EaWq@=Mqcp0np$TW)iLA!Og| zZwC(8jciO(Auay#Doyt|w%XaPAD4%CBGBhm3~L~6wEAYCJEd8-YTDek12%7JrNIv9 z1!)!YmE4WO9Z8Nf8lZDSPnc>Y41~`7VSY_6Zv%8Pov?pE^ zeA-cdW_J(7VsbOBEW{JThI@3zG5}>3#)9Zct$$0r5ATtRzl&ze-M$S)U0Bs7Uz~i< zsw;w<%#m_~E_&}&PI4(F>Sgp|Vfi619;Smh4w=r5pHKMU6;CxRQB8h8TR<5S^)nV) z<*3{x90|sD-T+Zwx9adZsi?zMus4+k^7i24xJay^U_ocsIb1O>Hf&WICQ|+QVIrJr zbOfm$Bi36vQj?pvJdx)Ogjb>us?sT7G`yvwk2u!UO^VLZBZi7tnS;jC$v*ZWa&I|% zetae;m!H#reYKiD7R;e~xU3 zr~u)RtFZ!pr~)2e>jO&(D*}N8>Q537a-iU%#7+_bct!&yqs#06*^dM&+M5S#`GTsK z90MQ%;}-*g883Ax{0{Uqt|`GJH9ti$%}Bu_0u+!V@UgLP$^_BEfMO8=JxKW~&bN1W zALIlFBw!IBB-^AAI5;@p$?lO;si1(4%zGRNO6otRKNw$KNPKkxkVFdxw*8ab*ko^{3iqlJ@c0QBuM4}50A9kE+^0ER(eMMO#*=PK}`FPI}fJCx@S&WDAzO% zDA932qCi_BFs0al@DNB#zV|zJxV682F8>r7O2(jQV1|~CRR}*8*g)|GytZj;bm$hf zB-NDon`hqvqP@=jC_*DXo%d-1l;Lr5qyD3Ge9k4TDtxsWe``A5q_U!JFaE?4bPK@2 zdeE#E$jXW`1a|i3=aZiGpuZa{F6D_ys!{G-5fp9LCkHJ&eQ6^={9Ft9`{mbw9 zM62y|{{6*sbuU?*d6`cP``aUdpA~-G{UAO9?So5t9AtGo+HrW^E=mA6{x;)b?UX7U zC|N}4?L};+`ck;@#1+b4-{maMrJ|ZrJRyG?85u3kROt^2U+TATJ61tMfd<|pBXa47 z65pYoqm?CJ$EK&fR^Br@%3K_DIlYGx7_XQJ_DXhdR36_|}&<0bmHG!Inv zEg{w{?Td2~*uo!$(m@E#-)H|~OW(^*#mrSw6Rka6&Sw=h|CK`O=x$WS1IJ@vk1XOF z8;)y=a`lnbB9%`wAGfk<>#X2hUbkk5Ok>fNoa%nD4ORsnnL#(^5XNmmQ~di_>tC$X>dOo^8z~~g;SWb6 z)&4`(HI^Q)hkwQB76n&h+?gQKZ7fF@?nc#+9)*GX<6@W?<$Wwpnx(Ib zL|}cAz%jpiLZgu(>DYi+>)z+BPT`!F?kZk&mDTkf0q-C%f9x%>kl*-L%z#=n010qx zQljagFZj2nPputU!KO*Nd3=SBzS&)3R4=SCn!!yNP_HB&PrBwf@dF79XqS zRxhB^MqA56s}IAx6&$}c438+Ldag1eHP|w9zIsBlwXy_BH;1FXT!+S0`u_ehdhR&a ztVfQ%DXJMaTbNcQ`-rdU7>1UR91=KR`ZGiSw|dQ z$=koNi@nN|f1V2ypkVOQ62VlKdoKM{N{yE}>Pvl=3^X2Azn;K`Lpy{liX);TlyLAJ zbe(61tX%bDf;()8HH%iWIiRI+LmtgvF!TDgI5kk1D<#K=2%)yAyC;3?0weQn*5F1= zD>msve_TVjPkC=0l-0En_GpMy8b2fip@wMmtPPUux@1+=*bC)4k;sr|OB}6hZ;mRp zuF;%v=MTj`M`=(G1T+bVT}|#2VpZ!!umjCDu~BH!kHGm9gl3Aqo}h0SG00k*6|I-N zzq07^aWjd+v!oWAmYl1E#br}66>r4qqhO2O=W;gVZne9WVQP1I$2U(Nm!d4Dm(d#} zmje+JONiGr#v6RCntQV-tRUGLjQJp;0{f-!b+O60B<`{%j6)&n&TLJ3u_@5P??P?X z&$*}lj!aL>Kv{0bx6jPZUpaRT7*YG~%t`;SUMo7EF1LHgk{HuHBpW#1Hk3vfd5ZQL z03r|-19~XdyKXd8jOZ{$`oCZDs`4cwArXc#MLqo@9pxol4GK9RB~tqKWzY#hCyYj& zH9v>(bbufNs0M)3dzh@-5p5VA_-_aX7=xWp8A)YsZte^-pb2Pg0|8=&OO;yHFmTSA z$bauFF-VYp0*$noaZRCIgkT8JS3obok1{6)ONanLQ73z(`5OWdr2;wx$bakp*MtM! zTG%|8(ylLBwqivqXDEP%Uoo`zR~&zNd3Is^T3bjrC7oeKll75DDZ`TRm(qgy-JhxM z*$1h$K6of3I%2(+BB)4#)FdDbQF;Azgs4ks7lWrj$07jGDoFGSsQBQB8>EY?^CR#) zamFKz2zUbYI(Y4KT)fvlXaz$)JnOKTGP zT(1`V^QhS!TK;E#X7t>P;1e3`Csg*qF%(xzbd#VrTmbso(O%K|oRN<8h>p;CFB|;; zec^F)Ys`6?AGs*g^1|;X48g^U=3A0JT!2E%c;is`p(lh&<^1kk@{^@bb#1rQfZO@7 zxKhH;S+}eJjM^$RY3ZU$|8qpMu;Ey+)(N%^hq$J+J78iM)J&%O3fk}URf zoQyc21L1k02cpyL{g1wDHL1Ux?F-XdkVkuO>^`@yKU3rg{UYRmjCV*W7w}X%%5?T$`$ywW3;Anq2OT5J)irrA4i{R8`qG^ zyj-pAw~csS@AY&XNSWueu7qAJ|0tY)c{w++OpIWw^WbxH zM~$%O8ev|#q?BsCN$jc;ePK=Ac5&WqHs=S2V#u_n{`C7Zq+LgT+(C-kIQGJ$gA|>Y z&l(SJVJQx?FlPSd%&DpxWOKAa$_K-&^g^CzeKQ4GlTA6-xk|x1?KCabkt~l9(RE-c zmU*n#zh?&Gk1_vI)gNXl&SBR#=D0^HUGYJR0*wH;k>AzT2Zxi-SAI{^|8~8%bQ;Vj z=Za;Voty}~&+8r_YpcS)1}@ud+{o5D`_qR{j ztYlcZ=g)aPv5c>w^q3KRlRF4M_Xw#f3d&J@XU23^eu=t)CL@^j8Q&vjfay~^89y0E#(;aCdUym`CRJC6yvmlAB$0!-oStGi`E*H)Oge!QV7fA zk|!a4xP_@CERWV&p>0vx#^D8Qv#Qzg($XjNxo(D}a_eL2J2&?p&z2_*Ev@z6#vc#% zdYw;MJ@N*=mOego?Cg)RZSMPL-CW$$g9G6DVk22gT^jp|f&WYiL z6YZsaPg_x02t6aSE8U$Dm3{5Q+((f}=p>bzTAnKPbNq+#-3JE;L8|xmP&c|rIlRTi z#fQZWadCe}Md>utVMe~t<%vlQ$aHAcmvnvZXFy*%^NtYydu1W~H;GEfvMi!Se%B2> zrMoRs-gOa_gnVP?IKjf05S~}@>3DGasD3-5G9E|JMA2Yb9T|lld);p}sI8M^bu0)j zc4k#sA}|cgXWPG_RrEO*FDMNGauK?wSDir?^-6c~fO%do%%JKTP}T02ma*;CNQEAs zk|u>Z9L;%+=f0bk>&<_6J>L-<^;3SfX&+1tLDJ0ml!wYxIt^T4%KcOD^wfeVG`jI;)#hU1z2d0$YBOvmnlaha0)^Z39cS$S@T(p zhypJlTAvG~(NoE41Pm267B?F#9dX?AaAT$fC1$zY?+bBx;}FFEWD(}wOme%g7iiPg8|LSU`O)U$ z@(e9IXQnJADRlo*8GUE)f32N3b0{cB(Lw*X6trD#!h0+;T%Ly_L4=Wd+bJz0P7I_x z6TMlsT%(;%!t?;!IT0}Jv4e*Ry*q{4zjX`lbJ(oO!J>{k2QG=p z9G<<`hqG<*n^wfn*w`3KGKwKeGEg=0!C^{rayc2PKt#0Qeo!po6^JkY0}YH=R1*$k z{qv<*#`og`OeZEbIyRP)f?|M@0FT~~cBMo?A%h)0QpkwWu`%o2#&<%Sg4Ts1!Se^1 zx(EabY9JCx<++%EOE02|{;C^p_UYMKhtta#u05+DDAghA{olBMJ9`Ik#}HWIEZVk=Vs%+b=Prrm z3NFILU)Tp;An-Kfxysg3jCX#!FoB1s)Sk)>-REAX?p)mXn3W*R@wuCPeKm1Dj1~r^ zVlU=zlJ^VaIX?d>x15x5aA$soId&+lAca{O4MbH=kpcAmU|oUH>^9G*E#0pFqJMy2 zyBzy}91;K5pK!1$w}G^c;G*+`-nfWXU+r8S-k4%lj}u501^SDKNC2+>-FA^ktAVF( z*y;Lzce$n8;5^rh9Gh)s5ttRUMh7*u0<+v?Bo!;DJb)?|9$ty6oodlT^Ew0JJ1v1tEg_ z3VsOWje4g+NvZ=S6^gTxA|N8d)7}d;NveDr(AGp?v%vvzFlWG_fYkWzwJjn8q{9S% z2Dsnk4Ecpe-Q>d-31L zcEs<1jeBdpfGBi*v{>Mfb&CRls5Hw$x-Yzm7ULE$Jm$K+bN~h96Tw~Z2MqRwRu+6q8xDh6YLnD{9lM<>@HHfZAN**CyuEbb0_FICj zXyH*Z!?JdkRM1Ch#Xh81OHXj@>2f)1kTa&KNslQS&z{g3MpJ7c>vXzbCef1wp){D?Di-OPEmMEQ!hfRV2XcOCofow*q=3H==32rM6O1`3S zfi^U97Cic`OAcNJQErvMdoQ-LxbfvtfJe3^6APD^7l5!X(SI?=~P*xeCw+Y)#;t8qa z(padn)9bs$OeR9xEA1bcVE_eNE7DGn4um+UpvyI}m7XaQ6eg)PC$*F9%VDjV8*pRr z4Z{lx3;RJRT(Mx{3e2Qwl$i{8POdp+_Pv9gx>cvJ}<2`XBw#yLSQo8(ZP zvx_C4eox;Z^gGFq?{LwO%h7DmM|lLGBHu3F&fp;{ILyok^gD=o=C!IPs)!3CW9e?= zJ{gM3RnyHmCe_R)P@f)~qjAqvt@?{SR993q!3`^A$(MusHZ|3LXe-D)`g-~!W5~=# zXqCO<cgrS%&loPj#oiVai7Jcfje6=PfKIrF|4WXWLRV9M?auda$@QT^8&{eG5zSmrwih*AGZb>fC#$fWA>Wy)H#?1yeB&WqnqFo)3xl{z1usTmjd#+=bg~6Yjp{@(0 zB~!*EAat=I-1$$J*&%ik=xTuERwVyfN38_O2$ZOogy{MjPH&ZbsKbo!E6oTvT$TjT zmI)9c2_lXo{{1BhJlG@1AV{VLB8#SkbiRlP5s3E`mzFZ*&-pao5VWYT)4m7kTEIw7 z&$+0x%p?K@DKJ8i2oC^9nIJx>C_;)9SVp?d(O)mm-86~g%1yZ9mrK7wmepD_Mh;{{1V>1bc$k@Yp~+Jk#Q8ET&TL+*olffsRV9Gv2?=dqP7tv+zjf-MctItbvqDKpxUHqS2^%NYEw0 z1ajz{yt&OQ3^-a8&~h0C1^5G^1U ztd&7PSwA6=(!*y+b+ky}jgU~U0zO`rHzVoCp3`p7kc_#IN9*)%ZtxGoakg_Fpmrz$zWhI8Fd*Ngvi4#IY5iPV{XzR<812vV*YzKbt0a02RY5A!I&2%te62cd00dda(vMkK$chA|=py|u{u zm^coH7`WuqiGdKIIeyqF3D|5j5F%uK;{O{92*CzZlF}^sczJKqwHe>KdWPrNyeE@{ za(u7hc&I}F_T4H>lnt<+Gv=E2Y`9Uc_%xmmH}JWg`>_XCW3Y_tJxoE#ce&pQ`)SOu zf}@@Xpz3MOZ;-TT&yBM0dWBun_dU~%8XOxP*z}s z$}f1u7eHgJ?{juceLIt+FmEenwXD>l!IiS+d6II0g6(hC14c+t((=R>O zqz&o}1h*>hAC?XkId8q4`=j>j!)+Ez!CTrHUXLOzn}3E7r%OsUFm;D~|GxT0&9|>- zUCdMPA+dk|o=N-EokFD*`LaZQ2et+k>4e(sjqGIvEkUBZ|hz6z`Nb zRsH&Nu~|h>|B+j9z$InpJ#(r0azVAMl$F-i&0<*$hqlXAJ_5}kWmpEYgL{7d(!^}D z&}=j4)>x}gCE-s7rdBpJwFvgC`bUb!w4UihK>c@9H$7eBPWE$+ zH+af7A00d$CZ8_RJ}1_rdn}22ly6~ldnQcOb(quBan^eC_y1CD-$t{_zEre5Si+Q?b@d#hm@T3Adglu;$phv(an< z+q!JT`7aIGXs;ISJdXR(z9hKB^5Oxv?CNhrxZ~y?*}#}q@rHSfJ3+_PUPA=5oSbHm zv3uR)(@TEu9C+>6W0c842bOs)F#qgL~crLRr+#mAr^X7WPCq);N{yz;u8kSZc)1k zeu=5tHLcF*K)F<08*V>e+=H~iC>~w2@3{S{$CdU?b?PwEb5qcWR>7f;V@0rnW|GJU zsfMhE_9jlxI=|!D?Y?5(3gKeUj~-S>+xp8NABnD@1z;i6y2uX zNQK>D(2}V&-jjX`6ASC;uFxgGC=yzSP&>->S zGNPRnbGplG>|1QSwH}dGqx1Oh@rBhPXN`9uP)^|~KPtSoXAH7308f8rfqb0rrfkZ| zn0oS}M~5-3VsD1s9J4F}QWK_h+1$EBD5piJDjAhF#>D7!j)h;^cXm$yO?*eDy*egS zA0Hc=T7OP{v)*;S_4y=b-@iN-c5WqXu01W~u1g;#h}zX9zVr`M`#(nOm{5~a3yj9A zgvMj~GB{q1s}UbvVy9<)8ZV)H+E#d8X7h{1-`e9|5r$-8Kv(xIM&k1L7p0Qg8|Kq0 zpP?S&0^H@3(AU)xFX1M^pk0gkGF}6#qSZp=f<%wU(C^vF$a)m=iYF)ZZ^alj)D1BEEx+-K?IM{MMi5nc9^j|-#;ILH5NV;^Z=JuxoOR`0 z$x`fn4E#z>Pj4+6k4#In(x%}z`{9*`GS+9dw| z(83n-@jwrbK#+4G4QJ6!(nnsI9~N@sI67ZCDc@!5C2X_1V%RTu)h56$=eOi~GT@v; zeZpU#=DquxNHEZzRod;mqp@YP+IBl=(o#MA zEhF5!hT^0AF3$h_{Jf1Hj@e*S&rp+g0V(}qTSOE9CL+hicz?pREJgrpay15*mGS&xATQ8k_h`MP5E1vpBu~X) z30QxE$KVkkWIyY(C(@HEqYReP#5aBQ#b{j=p?Je0-SvZ(!2o#bm>OhGO9n1H&bBoFILMg%>2fxJDvX0{fl7IiP!K;^QFwP zaX8dY+sx<<(}=}TFZ&PdmiQYiW}^(O(ttmIwCQg4P#s5uZ(w@0e$}-+Y^A1NcLfy} zM6#cT0=;?_VWM=Yrxx1g$sDc^FMETt$R0Jz`?=>8W#llaI-}G~QlpOUn|yCu z|BM!siTcL6ML@PrE_vugB$bg267XdEx$pXyc#fvJeLlo3wgyGqr?S(FrUMY}@5$t1 zyO$Q9Fl8F5H(Rk;d=F=4B>i{qvrLjS!o)|P_YK|M-;X11ZWnJ(=Gj_`C%U~p5fT3x zi|-l=>#ld+H|F`gb#t{8hbV3p(nJWVk{|^}DdN4XMg`|(gfSRU+#T}q`XBxd{f3Ab z7o(sV1{G(3OaFe0KagbV;^5)nL1o^bh{ki{mG+VacXfe{htm+hbh%lPlSBOzrX|M3 zJryr6fz#2#{IR~zeW~hI+{T73B#r<+G2zO0?bod)7BH$Y1(1CV+ZRi`i)!{w7)|2g z&X}65cfJ0+57&6FWBmNkK_%3G-o0C@{>jgMWo~R~X>5pe2nY7|EjH#cMiyZJf2i-X z&d*ua|0;&jE;<2A#wOdWzwqT0+@0>__CrHoF3RSd`U6KQ|I5A*A)AO1d1|&x5R_) z&%r|M=3;|p2Pq#Nd;j#1ha2(ny8e7wkT4750ZVH}MtpLYTfn#r3@bW@p&%9rAL07eFDmnQkZ8R@v(a)^&wYc<_Ae{r3akX#SBwb< z)^}gK`8m|1kB#%T+kcc=H#=I9M|r>A>9}@b(8K3Q$6)7x*5AQ2q5vNY+z(P?KTq1Y zIAIm^`hFFG|JvKDyGeV6f`W!Fp`_eM&Az{L=T9eDKQ@v>?v1bVyWJm+U!?az*J&Di z+*b_Xt29JeDm(f&-8h;c!!dEl_2ffMec7-w*t(CM=YOv>F(P?t=q@c>2^rKhI(o;% zf-wyL5F0I$*yZnlwdu#k&HuQ%eLOO9Y%2wGXP5P0E0x%p=hwj&IMOJW!*e5Z;z_?Jfeq3-t*tjx=wggw??x@Y)s4AU|_-!C4Q z5}x};)3Y?}zX50T{#$gc{QbASV68nQ{@Ca^oq#DXiF^)EHGK_fAWf^yru^EP^)&UUoKO1Ol_?_q*wxA5d_-;BmNLfhGf3A6ezq<-fQ#>u%Jn z2SM+ngUzf%Vu#jOXsxN#NigE!Fz?-7EZiV-_r4)p`Wj9UO0;m)>*X zSDjBz!qVr_*l?pOm7_{Yqb?7pi&-4@$|M6{^)e)wfxww))N1H%?yha!wP0lHd>PF3 z*SQ{40iQq8y|~22#SRXyB)Z1MZRr)c2sSYtF~-Iwz{bMH{#WVzN|mGoc>WK+8|*1iiLm{4uHT0_LaJD-@(G1_bhZH@P2qa zz4_+xpzuUD>c2Z?D*SJIhOAT9+}Oq#jN*JyFc+5M63L@|gPDmHs>U(EbA~K;Fu>mR z-^Y_RYpX{?OR&`b*a*dBb?_OcX3N6?bO#`i^z5YPlH-Y7A%!KO|FHAD%&A=Lh5E^s zX5oxmv${MNc6LXbOcfv#xs_PsZ?bkbeZ}|iDA2WdKWWQjXYe{=*8aI|%3Iew0aL z*uymGyQ2ah-k2{kB>g0YzMj_1l-GGKQ>Au>#0)8tP%G+yl9cGGfWg~y)$8y7_r<-2 z?fu~2DsQKtx3%GSHy;!Nx40ZXozdy1kF%bC#*a1vH80{HvC3bjlSd6$_@x3DO%mTJem&evsGd+jz$2 z6VvYYVsL@YBITWRLm5-@inE|o<`bb_)*tJ8QvLBK?ExaA6Iy&8Hj;+;mHa*o%G^W9-$H{z- zg0({fLk~;o6;a`K?}}-nGMo%N!hlveTr2~vgUT(h%8ca%Nqzvc#<`8%W?PU%h%sEJ z+7GlJYxWhJW95JXYwh+&#bAG|ik_Z-8a=OSA|k_~gcfwLS~r6}{b#V7DQ~o);#0 zbI)ypOc_@tW{S_}v~zE+-1tD`{)Z~6E4%4Pa%hZ|+El$|l)_@#oL_!>q^^>W4zK|( zWNC48g5TE0BYzj+U^awIkSAOrPuf+v%U3yuEVOoCscTZ2Ea>Zo-x~$)cD_=ud?q#( zg#Qc+y^}nhnUR@aOIBHyffw3zq0yB#o0R4u*gkGkP4l0)QW23wmfad*d`vc4ZIf5r z4UGjs+S>;I0NgJ`MfC4jB%B1hFxs+@&Dm0+2uf~J7F`N>XFoYhc%0fdOt{UgO2oxm7(!NTVttsti# zRJgfED#|`Keu|`6IIh-x(5G%2(2t+PfQENWamk{op!pqMCZ3{5GmtUbK$hxumpjkX z3VqmTUMzVk&9sZk4nT}Evo+tuY}F$G+}kT9Gzd?&?3$Ard2W1!wWDOZgdH4dNkT-8 zYs7E#2i>0oDn;!B*iMK=x?482Xd6=t;xTBLP&(q{VJpdPLf;m$H;S6AlEha-a1K%` zHfhPum;>>gmBl2a!P9OaAE|T+Q^(a0pLa<|WI)1bn(x463Dps|KP`4-LJn$Y#)I!Id z0PHVPgIKQ$5{NQMV4^q8+!mU2{r+>L$=P5LN&}i?6)_>R$`XYW$3Ds)H^nLqrTaiE zA3E;OCb865%)b+pwqYTw$X|`{8n<_F z*GH!%H5-o-YJ)gFKh~UjHvVJ1Hy-e>` z2g92>fA6CGmrleJ<3&;;g zH|(wB`r?-fKxNxa<~H7DQD50^axOoQe-U+)V8g({j1!9Bn2E!IDK!Gbj$No3)CjqK z12aRY!4i5@ebe2(m4B6G^a+C`UG@nRtcd~njX309ywu@%qpvy%hbTb^2DPgtbGiVa zSVRCC=zXmNuP8Ivvu3b>m&U7RFw2YIZEbw*`)mOfiz*UeW&cQ#Y2}~S2!#N2dhPd< z%YOv_A0-;=Ak=z&3Yz}YV(|Wz+2@EE{5X8TDi6SSAZyM5x}0{1b~^-R6pCewuV=lW z^dfnX9HHA!uxbA7%JRziVpH=asswJiEd zY@AjE*qBrjOPDtmcySMtSElZjU`BS`qD@Sy@|3`k13YS@HU=rsb`Q%g{cb4VA7!lz zJoHgAE8({&kF|$o>^&q~?$PMPQ44oUu`-JlBC_ktU4Q>f;ToBxV4UZ%o=NR@eM_e;Ukr|4_1lSk}I3bU_ z2p3>3lcsNMF+9;RV%A1K7bI5;ZDG9IWlsx8*4l6M=3-SDG^f+pFCe;^`^yW(4e2zu zTsBO8j9nuB6FW`G4wYF9-!Q9QRZZ2)RT*2#3qRO>I>N-EX+8!(gfT4T50jsZxWRaz z8Z6Ef@4VbzZ=1B~l>3=|LYW-(LG85UP%U7YA02R%-_9lj@z~r`00PlAo91nnoRIs;&@eA?vpp^0_>W`CLrp^lJQY zxmuA=1xd0)ZkFsyZg41j{Z2-w$~A!;56nris9veRS5JDbzpZ8OswL_C1$nmGes7y~ zLUOa~bpIGHI!p4fe!VU4_Xh|=yrBO)?GPmbvA2%M6+0CPti9%<>)b^Sq$UoCT2O%D zN2CRwa{w$135b2bHpxREE@~YqDQTcJybdr-0u?oc{STQYSHP|QwHHK*8~}!Md=8o> zGJz6b(JA7@*X|NTHv=+gf-^|h^CW2LE{NK3#sgo$2sLoM=8}XRd~HulU@8bCyqC>a zw8#5Z_M|dc%M0{bA>e`hSH4gj{1-V`3Ka5;#7YJ7ih=pW0n`6!!5M@cv3=CDz#9U| zcUC%#1LVk_%Z28H!URD!QIOHrRJ(Ql_=ki7iMCgK+%GNdfehCz6kFw2`I8VZM~0TF z*5uchKJY+&HuJ+=zdnQt*i~ByK89xroZ>Zok1F9ce_}N=e!w5_bzKlT*gA^AVr|Sy z0|UQu+QCLRaM$?SbypO+6B~0KnLwi_zvkVvq{&|u8^8K5T^f0=1V#zUm{R%+VUP`@ zAfVgxhw3UPOIMjqyxEfqtDrZOF&4D0x|8u&^i?yYEg+j2P*SZrSDixK;DjowBO$v) z1slo&Ybr5daCK~5r~jn4kgSshZY!kV9X>Y&(cNCz#UTB#PCGH-3>7=Lm?%h3 zMK{og(+w`DYddSzq<6mMlw5;0E-uqWe8&GSgITIy+x@;>7OdmW&T*yNmqW*t8)BL0 z8(Lf6nT?^3NPdC<$5Q2F2+Dj$k!)d>VMxP3$3aHtz5#_dC`oO>LH*mf=P?HA;xA2u zr;N807xk|j5{RhKV*IRfnp+~jA_CA_@f?iEUiIQC+CVr!ELtKMhHi6mLjOk5gsYK| zlbTkuZVxcCq}h&r*}MTsZE5M}Vj)iEBBW=STdT*z16xrE0T3CL=Sovgu$tnG!Ch2N zpqv@DvsDu*mOot|kp-#18?V!dlXfeswRUKIu)_JGQK}Del)BS0iYiz&PS;)Sk8=dn zx{|6Ce7$lUEks^(@!M*hNFLJL13CdwlsmG>zli2+CTRGDG3z#8mp@ffLr;h6AFnN0&(b3eS?}WuaDYeh875Qsq9Qc}r6**?jx>ADZ_-)^zOEuM zb0pI~>QigST=15P%aC03!v{78Vm6zx+UB#$?`hcu#otIaZecxsk%^2~n~CW(|5gJS z_pw#}KlUR=WU@^ux$RV18rHggd_MuJhMX;sQ&_Ns0N_$l3+DjQtvruJq^1JU-}yOF zp6akqT^Bds;Dm@Ccy(|7nmh0Ep>AXXYQ_{rX%us+YeGq0qFXUeaXBImXU1g<9}#%E zpk_jVK}WdeGa+tsSsf719T##?dP!B-^Vm;OKsj9Hsj5lc|HF0TFNw(8r7S<0i3nxtrz{gkoVcyWuZiIM~-@Yc}Aulb|*vyTl4f6bCI&zQ1_O@ zWgy3`tNWf_8u6=Kr=z9d9My0JJP31GQPZY6TdDDD!-!bZ&R5dZB$~PnvU{zZr-+sM zMz79eRH~x$*wRT=5<(L)l0i7YxpANdM8wCF`1@N$k@70g@dn`7~v|v?jSO@(un> zV6i4Ej277TcNRskMkwCTPtzy|3BQJOX|v4UEg;TWgW}shS(Aaxe2}+?Gx>JDm35-~ z(D>*|Y`h*K1gc|wbU$b7b9|=M+%^!hprOTn4J@Tn3R-zI;iB7g*bhtA)l!{_zy|;& zdIwkCd2e-?{rDq0xQoUD778gu;MVVdHF54!-mQKmM52WCDQ?S-JC=b2QjIOp(qi9% zZXzImuW9a>J{wn7|sjUTMuENGVp^WcybA@lZ#z-AMXdAAAOQ26-K1u4`say$V zp|jw_l?Lm1LiUftSl5@AB}15Nk!7ql>ECUCo-DTkIvhNjQGFZOAr#`G6!o`QUrsdR zjr>G~=qM*kb=7tCN@u!*I$QP7%CD@~rgpyDeI`ie7T5FrwKjX-u+c0=z-N55L0(p{ zM#~D6Kf$fhY+N*Pw?E(i1uBoYb<(Ia8>|h{rqm|fK5_hQJRDdGYSmK$jgHtjSs7Om z{uY)qT>ep)7i6pZ>kk+4doSLR8baC)G=#@9rJMWvd*H(0;&Zh&K&w$NWmMTld+QZn zYzEbH@*-Y4Up0nQwmCV;oiS{y=k&LRi(1fPHx~#ha%wxvGx++B1Es1lb2^%8lNX9x zwql8VXJ1pY=8h~(6E6#6Mrd2j!Q}=Y-8wPqAuO@|M&Y8j)YyEzKZSJlU_HEot7R1Mf&|JhOix7Y|HmwO_zPagoS|aBVZnMOBd#PxKP{e3DMU*uAp6E z+m0Up+;zQ0XadfL{|bi_7$ZUb6-8bPg&*+7sP2d1+&S=J6mlHgt51yk-%+}wxss){^w(F+WQm&k}s20L51`M zWrk`cLU+|u$Y$yh(NA@DKN{gs%-yVY)k`R?cyOHnx=a1_Ab_jIYL12b$U_>jD!I(w z!U9BU*pMN76XrfqQoEA>2Fu@dQ6jPnmx_vt>~F7U!bg-#+}BB-(%ikSam?+%2I-^< zLk9jTw)~bzWtY4=2-2dHR(xyJDnUlWwoZOx3)Mmj({VdjDskz6Qp= z+)3Aqp92cmf@ae@>crQ)?{%oG+`+5i7y4iqb?F|BJ~ip!f1|QqnHMCTb3CKWPV^$K ze06ivM#DOO0QaHOy=!~5_!KYGKqqa|?0#F}* zYZ%J%!_8h_g{_EscSwBa1`;Z2Lo>DDkD@1f1vn<^!$V%xACLB>iYS}HP&s) zID(t)u&Ve^RzfuOir+tz7#S=GESL^1l`Fc&mNUloofSlVICJ`BnvB9;vi9-Wvi6j>%{GZuU6SB7Aq-y;Ut#bK4_zDdGNS z9=WUTPY-e((Ys4*mvNxCOE;pn8i;);VvNP3u>Qjv@A%x` zY}KF8+TlqX(b=BltG7@$!&Q3pntDrhf$RyloFd# zT-QG;NowamI3pFbP$ks)T#AkFMod=!wotX!nTabPP?%2>!?GFWIIVL{MOD=>pfgvD z@v7}pnu%yS>dBg(zLQFVDHTOp zcoSS}dw;A(8O^s)U@xID6`zkvjZPe?Pw8eK9l(XoCuurX{5v*pC@vEVrO=_NFRZGm zi0${Y38M2%P`heznIFd}=f>F<#XKlhLGJlDRi!*a0`)#=;WZkDZ+giGPab^x7QvoYL0|8mT~j zLyLTL$>$z!_1cC(N*BwmB_74~R~v^Z<3J?K@pn+>1&tU)l)JFY^5@g2;5)&k+xLGP zx+Yr$Z8hH%GqyT%eDTH6j_}0+eGQAlW+_{-K$7>l*|+_K29)p(^*LM=n19gp&{8#udFN552Yr;+aU`qt&{ z=JyOMIx~q(CA13$AIx(I$niCa<>#uX+d_C---P3*8}lDqslMhasb955T+_;9vX46G z%Vm0vyUQpr8zZ-?AoCD9g~_P(zV0$>)}GZqbX^5c4OUEZ)}v$dXw(bAl)<0 zp)PkvJmL4f8vXm^GOCxpb?tni(XNi^%jlD}R#Lo&sFoiuPh)+_p+l|G4BuWxt4lSi zjD+R2J#mWJZ^_bQ+P!byRqI`h-(BoYro8Thm-M-&##-?!H(16FN0vDgE~mV-?~WAk zz(ga@t~81MDp!D9`G7!Pn>il5ZMRU%{}+O@yy{5GA}-Y8x<}(yv@0_pr_-re&P^#W zo6(kUrnfvQh!u;$4Mnco7_LbiOalFE>nhHHNkru*3u>DbTJKMsA>=X+Sw<=F4Yby7 zM+Q3<#$l08dqe&GHV>yGYsytmebFyB*Hlj@=TtAQchS%HCz}_KgI)g5)z8ONf6SM! z^XiV2;dLVt%oSY`eQds9h-bv2ZszzK__2t@z$j(;7O{GS8jp5LZm3@=*<$p6EuJTF z=P5W@j2&G>{b``&vC zaS56>%-6ZZC^~dfNvlD>)kFsvl^J_8CEl(GUY=ZJZNa1LhRVI;wx%JFi(m>^(X$9mSi zcuiL8S#5=Fg%n@Y|B9el`^IF&Rr!8(>7ibvgZsSf>^}6aX=hc;SRnF>Cnv?Mn0k8d ztp{ON@zy@gB&9V7Zg#=Mg${;GVs;9lAjd*Zr2J@y0NhNqbH(tJAQ>hww>iW*37isa zT1b2#)^R`G5UO15u6N@5tp3m&kun~+*9Wf&hZEt`PuYTNBsyJOw@&v`j^Z3HWgwy4;~V_e5_HLga%B%ux8qP7(Mh`Tmd|89#WOKvL|b*q zvg27%mf%QtV(o&)&ep*BFuEn<%V8kNu#sgXa60=1al@+6cBTGv&4`0IDXV~G(oa%; z^?s^*f&Wu1Drg+!B9h{clD*y;^{yNyyJ@14(w53+KUyn$w9VOlGj3^eEcrpY$$}<| z-lXi02^k2hlAW;H+?OFTE8yfzc1C@bK4BHl#VvB`uWlHn#$`#3bbhdW6)pYGCW;bE zB}I~Gu87WFpd#X3hdx6JB_Y~uc}8(*D(BpR zPANdNLO-rL-f8?RXt_xE#k|FRLUHx-I3!{7>|E-Cgg@f3{}EgsNzVsK=x!$VAndg^ zx!u-XwAs66`=vcDfQ*-`F)@&+m|fJcknrh&X-2?&nqAK1Ik*mAm0MmP5AOoNFqM2hB>-Wa8(!GW< zTDtB}b@oECY!@%g=%=^6|fq8CdVqd>^aPJ|7{X^_{eaMfFy2XjDF|x3k z#JRBn4b*M5Ak%cVFnXFdj^{NB;Xf9G^$FC{JlizKGnFoo`ZUIp%_c|TjZrSr5!1;h z+}tc0nmR(R@<;-6@RCkldedp@rCc+gWH_a+ZO^OZDky%)neH7FJ4h8k}3Gf-V}dr4sR1tcj9!J!g^SJt z=5qvB5-_j;z(NLEobH2X@o~bvfFb4ifv91igWh;>Zw-q+0{RB%1x{d#^PU$Ag{HBE zt!;>u$^QxHu^Af5gy$ndp%|1J*6g#W;{yjVH4f;|X;^?x1CL(F7pQ?AF5x#Q_xQiC z4qyrvTnPS=K%kOpMkLcN8-?Z{H|*9$fF_a3EVQt+CmA{O0RAY11L6f(Q2G43aunqX zRcoNz6k0ejde)iF4|*)CE`?rpVMpQYi9^wKbSr&%{_;DCiLS-r7@E*57q&$AP<*!i zN^>rkO3HT(RyBn(+h-h~Nz2t=A4+FVg`G`9JrF#;5a?foHhgs`NW<@QyiHeYDrqD= z!1XP)n-@o>uf*V2XYTicodb%=umd?gbm410tFf5|(?5;e@RK;^Ir>T}%6=uMJH-`^ z2PQ^KePaa#z}y8F&VMIphXc~bl&>!euvsrR_bdbK#RyF;UrEbIgEjO#`%}dZRQ1$bg#+@TBj$fNNdux_FpE(Hgu6Q1Ic^BW9*ITTp$Czf~YXErWnCn?hl z^nxNRK?DHK-q6kzssAhhDz*)*i&zxuPlc*OgXgtsRjq6iUnS%`Sbwf@i^%b@_PHyaK#}cz;|gW0=pSj=_nMx zL(AhHzW_dn2Afiw(0rdfaP55}7)GF}%r08&$ASmOBi?sM&A-;Y-_nSD>+i>oL`44< z_yWrHzQkHJ_uueG6YTy5l4et(driZ`&hF;5B~!F}?0wR~D6GWA} zw?LSk;_}p6yr;8f&}6ow=RQ7k77Rkb35;h{Myhq~;^}|_v2(ik8j<@yAD2VO^yY`` zx&$w3tBV+4^*a`$%7lNwqodm>m*o@h`sq8U?t+X8TiDZ;u>p8XR5kjaK6{@KR*X)L zjJSL*we@}$Eb87*hBUNG?%)lf7T9{nSKfo4q_X;p~TDmNmk`;XL_bPbMTfYvrh z2VDbdlGyb~2a)(xpPp{kvDgg}`NI&^>p8&}yF|%bM#g}J#O7O(iFbI7)rZYjbmU>x z#*aA=CnF~p7yJbNB?p zcn+yP1U+2#toP8|UiO-QDv5rkI3ytsep>Upm4D~km%riCvaawC)~#$#+gP2ZS>>?b zDypaP^!b+SCvGTuXv}?E(3(HDR0N2lM3#*X^jtkBB&*c0f*4 z!A`y7ee+jwD~@<}o{4STd?x68U_SepC^~>jiZ`WbcyvmfLEL(0W~vUz&^EZdJU^;i zYxtHnTN9B9*wemC6tJEOUSJaJ&7>~MQY3r!($to1bE`;l=&+@iFRj2W;#>e9di+BD zLrYB^0EZDU#1bH?5zjT$^}(ieXU(e)#}6aVladcTYD{)2IYeabcar zK^F)#QIfh+#{Eff@R2y1y;Z-Z$268&ahVXMQBk5_>5j-4{&>bL(fofRHU(-C79H?p zq-qhh>G#$GlueLik!OZZg=vL!MG+Siu<`r@Y$V!x(-u!_PNaE1%|>nxc0w~CdIR`& zB^CH?uP8GfG);Ov^IPS>Ab|)Y&9|_+pOaWPQb&)g!cK)~H-HjWyk8Zw+6I8tuYrNT zf&#h+gjp8lkmIVd$Po*T9K4{c5QKHB`L?@5E+{jBLVr!1*S~Z)6cR@m!NuV(2hDxFD_L*--@ucUFeN2CaPe9_fA1ojPb#G+p}W6y z*B6;AZk^%Ov@6u1Oh zf;T&}n}J$=oLPXD$s5?in4LF+eKZ4$cE*63`;cwbl%Y_*c`4=U2eb&b)7h0E<$BJTF~c2&4UDq{&-^n4<=X)3#LUv%V==`J zZe&S3S@GRSqM%nAB4{W_yq{Pl40C(ZrjxU_=kCZf2N)`(Wx`^U5)*K~@x2|?kS!vE zCBhXK0ni!o79n+Qz-P_F5b*qfMp|iS3y5R!YWH=W@jvav1XMfm&1U9*E5cJt zpJAz2Q@0(h)u2kFKVp=(VO-{NE(ITks|`Boe`qSCO;1HG3RuH!XrW0{$WdyR&mnTp zfGe7nX85SBW?9ts93FR(Q2k4o!I-I(*JL%!-*XD$cRJfsDVUz_UbUf=M64{%^`lc9 zqCFu#cBK+`T*EoTvZv0EC1Qv-g0{&7D%$FGLOYK?W>6dAOx1r_q9U|#rW|gk<6%dl zv?Y>3&O$Ril%TRMR*tAMUs;qW{Pp|r)sqAjSCq0$yX$7g*<+ahb>$o&*cLI{s5ckf zL zry7zvc*BnGE*{)+d>I=R9GcdPiN7Y%C`XEms#UO@=3WvZaFO@aGhJ0xwL5rY^dp5n zwB{iorfRE`z%>)H_JyIcgbcBhU{W7NI#|ujuiYL-#8-kYYqw_BHNN!&Hd~=M-ygAi zIUhMVA)c)350s9-8t>x{zPo>9;jC1U>I*MV&r0+z0r?d3&fH{FL73Bq;6{uHm5YQM z+2=X8vh)LTQi`!Q8x`toExby^o(u_UNJJ}8a6vygnEZju3*m8 z3MRT(muz1pNM~plbQUD1)K~>tnzE3FD(dBsELwdydPk3Xin!_=; zSyv|;9mbsyQ)|AyH~#H?qVVmqmyCEr)zxG0%R0ukU%Z2V%o=Th@~1O3UT{>ISM+??a#fbMK&x0}`M9wBMt{j_v#F!Fi}d}2%j zG1gn4lH>PQ{1#sKg^?ej|H0~YYEr?mth>AL(MG$IQuc_pA4{ZXF0LjDFG9DwKnEr{ zBV}@jg4MN+g06OZ-!N^%)f~nOC10NK`)E;p)MMr%c;(6*?ThbG-fq~MsSFjbdh+my znJQx?q=fwaYtYK(u^HTZe(_+B-C_>M3ObHtVk7bn%ihfY{oD12g2&fP$@|oQRU{J0 zg|&md6D9JiGUU%!i{~#St^B@LuyMz9^HK90jn9kOBF8NI$9jHx+VX|ui328m5*0go zSJ)Ibss)6dl|9PU$tZPU4Y#>rNxoOp+uH8h42*z#mq+WD;zHctxW>Rc03srz6=mcC zW;NbCOpzz`VP)E+{Ncp{L*~Udq=y=iwqHh3{H36mW?8 ztnl&(dU(3ln-{YhAcUE6l!F*+O zk3F(J-_v|Sk!=^*Wae`eqe*<0>G&d=Vg1YPqse3u{ezcHj*ukvHgp@c1N`{7-hFLB z+c3>@@W&Q8b3{31B0MGPupDL}@H%(&PL2`zHC*&um+sVCu)=n9Zu#Teed)C5!lm(Y zhW>=oIseZu`#lrp_+WFfdO8X>IVZgpWqHh&+7MJ4I1y>;;oz&Gcb)S;Z{1EBFh7;_ z#2R`e9Yh}MdpKpb={zDrtlk0Yc)EN*tJ@Sf%(x?vQC%*%B=CBHr#SgM(dgTE+1J7g zcVCT`C9N0RE%qwQQyvd5#Daiqwu%_E@6$d5-MY)^**i2w#vxy@+pfgM{Ezc#!nqH9|vhYOL8iN;~tXbhMd zL}W7cYoMtY96VM0TTCK43xaXqEP+T%0qeg?PfkLDLhBMObpB_nFnX+W@A*eWtt8}q zP-g+`v)6@eunx-E@%pcgPlMG?o$Lx{+%?IDJ13Pyo3CdV$G`0k5vWB*JY9Z5jwhv< z3~Ed#IvW3OqB3|Esq}fFYk`Y)Ll+_F(D3QT|Alb(CDZ!hW1G$D#%Z^@O=P6<*S{x+ zowJ(FYlUIli9F(U>`L;OKkOph3Lke25sBsrz?!T&=M92{LI{7iUx}$mYfInD1|%dQ zX9puR&RVJ4@Uii;w30-92d=v8&HBsp_szbWs#G1Lt*x;4(gfMSOFFPb@{Nsa6mpaK zYaGZ(fc8-N%M~mf5G5sowXCSd+Q81t6&#=ogyP4*kbI5yo=N29+<#&NIA|lF)0-mY z34JSH4t5$t7n_y7N#bVpxXIfEK0RasIiU(_bV3_k91st*F}L+E1%?Ujlr}RL56;j^ z=8|LhlZVgI743+f^-b|xP{aJ#2+^1mT(}bZ$IiRUWyO4Bx>E?8`?qaNCJ*j65rN5c zGrTrW1S3@*upx!Up$GAw@HG_kL zpO{hSqd(Wqx569NV(1^j*r%uFEZ_1yn8%$HW<*3qX1+C_cry4^R8SBs+mx3UE^0!H zT^mgBpN^)1un`0v<_BICqz1ey2oS+a03z78?KNBg-ax2}T9bMD9<#5@g_@ z8LF{mlY{^g4gd!M-K*@Q%)$c)D?pb!gtY$@?72Yz=_t8GI0ytL%?^M-PG~rU(6=I~ zKnaez7u*%p-M9%DP)i8tKMVj0QCNfnpppB`ORYbh7~i zv7_k)I14Q{3zYiEDd$i^BXU9jr!-+3{zESWz_-N<8C9^LL3Jb$w(A0hfB)a75tu@R zMdioy&Y)=GKO!Y!7J)oy$JpGU?~RQU>AaJVxFJ5IQE{jUA< z-!8v`%bMP0)>-KE_Y%SqQ6?GpqUy@4IszjIhagzU+%9G|Nmuw<5Cg-IB!sI?pErG< zBxM0Lb(Um>t97RR#l-~`UD0B|`e1^8df^`d%!L@3T+s1HE)1M-F5r}CE2XC?C8>j; zNNr<6Y6fuok)Yl^-R!&jQpz7|W_r2k4Cr5ExV`4eG%yt-#p5Tlgvm-f+D(4o7FwQ? z6XI%`T=RYGkWXfh5?WsKfAJ*>Ca`6IHyqF4e|zrLQe8bs0&p&3&($bG8aNza-ZcB& z*hoV`l9a%t$Icg9-~e|WFy~S>^Ld7V&9`X(tkuU zAYACY)1t_hJrQ79YUq4SuvkdgS*CewYWa-kaMkyFXx)xVWwl%MVL1z5i)~&}>=mm4 z4GD!4&=nJHy0Ssea#n>gnEVtMf3dWZzwR~LS8P~KZAaEot9hUrX>M@9&}0x_y~C^W z6W0i ze4mEn*M-tdNL|=ZL9txT;3lMRhoDMuM2sgj^I+1?82 z`mokTl$x5}wWE%Jqd6n*m)1olCi;+G7rM?z|DrX#!&w30XQn5zH?Xkjf&FaPTDDA$ z*<*1bDeyIQTcAi^jtqTspVWcy@xjJN;Y*pQB#M23=7#VJW1MqKN}1kRW9$$H>?_!9W>Z2T3PA z?lvlwis@y(U!Gr~@cu?#y66yYu#8iqY7nvd2~u01njYU)l`<5yuYJjZMjz?f$R33l zhmfK2$<9p;&WfALdj_+53IXx9?BrbgK&fNy*ZdHP_3mX`k(zB_pV{@5poqA#x!Kw{ zF<8_`3iyw7Mh_{_{7-6CZn31k(o>={rh3Fwb#7#f!o)mqX9BU_ z^Bn6Mi>1NwrA%;e`m`zx^EfPPhaW*a`FnV$J^C@!$Jp!tST^z+}BT=g{Vme_dNk5!e@1h^rFh@J22h`qA zWF4hX3cvBU|6_PZwmBTvRk!7W;h7pD1lG6HbzhoZ6-TWj*^t zXXmiiJ9$o2C#*UbKXz1ZCfTQnGDDZLBv4Hl(P2~5(yWenc668nC-pwKNX>@qP14dt zk5f3X`g~GsT7G&cneBkfFE$^Ec6hbR5o%Re=QqG~UEVyAYykWIAN~|XFq-Z;r$}K! z0hX-CNEn9Ir%3yn0_jb(iTo)OpJMNtDh?YW;4^GkUQjnJ{w+D-H(X#T{QrmIG7vr_ z=%Q}}UG&qd#HE0B7Vsh+`nP;zz+LuC*QgQ_K!t{X-fz4hck}pSm!S&i11|-Hk(E-C KtP=ke^uGXaQI!S& literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-firewall/images/fw04-userquery.png b/windows/security/threat-protection/windows-firewall/images/fw04-userquery.png new file mode 100644 index 0000000000000000000000000000000000000000..85f748547922aaeba593b88ad441bb45eb0e0559 GIT binary patch literal 248535 zcmV(!K;^%QP)Px#32;bRa{vGi!~g&e!~vBn4jTXf|Fua(K~#8N?EUw*WY>Mz3s#Od$L`y?8x1sa zCP9J-Bmqz&MLtGRvLs8EDf_***4XR)1*7?4){MR0jAq7f)>|I`G9Jm2C0QZ~27pA) zXf)91ZlH6Hw{Oms!+gHq?>?tag&P_KDat~jaJ%Z%IXirF+IxrV^?E4yYW^m_gabd@ zufZ#P_$?j zAL*oC4uxXUy8o0nHUCDQt5m9o4!*a2+xC%7o8(Tpxdw{Ek!S-OHb@?0NIFdSlQm=` z)?Xc9LV!pg_g^|MZCf8VIQyWp!OL`X@btoM9xhyuK3>{sgu8X<9?UACNW5BCKnEe_ z_sD(r^4ko|NV{sN)5xTy^)C%DILA_~*|&`Q&fjvU}K@7*l2fc85|(EpDh* z;LwtXdOp})iq-&(nupZ-gWuF@KXhoU_13jnb@hgue(A{3t3KP(W!ro^KiEt-DI9aGlFPrdK^}>M11A#6}-ZXQ=Y1 zs)BFaZ2Hp%-24g-sm{D2v?r?8S9tcMjzjt~69jc7TF?}-8>D=3dX`HSu`PTx7VNgB z6X9>vn+~(4zm_@jqp4wgc5N0gi<4%V0=L$}^@wQHC@MMlg5YZPu=VTPRn~H2aiItK6G37_{Jq=r{VnrD)?V;0vnY3H-wWGN_G_7)WkX}YJ;P?q1%2zK-~}o zl)2ZJLO0UpKM@7LCeYdlOYZJ?@kSu)?)4GY&dh6&PK(NM>RkRoRyVwMy^dCJn$lAZ zZurgZH~c` zSDTc6i*616CR!dxU$hpTMARl}dWk|+i>1vHXxwHKkq5c2Gj>I5J3qR$eY1f?14{#Z z!LR^Ikx;azF@(TO{kDBwz8c>Kfa8J(ez(#-62GLpP1cI4u6y^hF-H|kU z>g2+vgfhE_9ITby2`eGR$KKl-Hqc$>CU>2A--%QSN9w2}X+K3bKXf1hYX zQ{Fl&+VW?IQj5eIJ~f)xA`Nzf7!b8uJ%USWSDL^EdL=CH`?IJ?mohL-WTQ1(f_wdF zwI_d7fjMblKydMLeNF@JVhBWhv%|s4S8_Hf>BDpGy%rkdY)rOIts3M7CZ_Bou9@H@ z?Q;;4?YtFK|K4Z({u&mN*Mob=Gsg6?`R-m`p~WvZ)2-dG=t#G#DFc7*Ysip}qM`-O z3S;l34{Vfuyoc7kzp0BG{L-=UmWylL^RbN0hj0tEI2!YKe6?Y;&sa$%*s9**2k06& z2q@k5*iHab8=9uyW2dG%IpUoL{&6UHo1Z~%jaU0UYd|NNA@C7Nr9p=EFI9&j!D!G9s6?#wCs3BuC$F*F)BC6P#Cf|AI2#|^;5NOz^-2v z^$z3Cm&18g_10-rh<9m7C&!aKp$@GZj5lp>=-Pqfb?F$At_sV9Z4jrF-}9JkDB1)LA3gV^v7*iT5#&MtnUD z5ia-=paE@d%9o(tb)O2Gr{FaeCadOSCkR{r21g%GerYt#2Eb?=bju~V;@ES60@REg;Q zQbWLxs#>JBqp41S)_h?4Q!vQ$ml92zCjVFfLO#|*F&&J7$PnQR5W7KY7d#H~TeJIY zknW<#3yi@d>c$6|hz`$Dj`ElBg2BhwK^2d0-gyM0q-bPmz@ZTl2v)&a55)~ZZb%Y_ zvzhuN%~P7t@+PUE695`sJP-*}R2_Bss>S9)YX&8w84HKers0tfTr7q{35C1aT_OQI zN-)^^l7aCVRDEG9H&?5%hzh-M)UGSH)}vvGDl%E)N5h41ind?~6+ZGRKzzQo?(8ow zb4BEeemAx?5IO$x1{qWVzMMqxMupuSCIIV+u#mIQ zO}@C68|o#BY?L0uK4H+hF(y}e`K09|(;#3|aHwg>OHm?rCsQ`)RTVlmab8B2@>OrJ z*`a9Si~&I;Hj#5xZFbh2aJ>?$@ljx!?pK@O+OPI|{B~LzT%#RhZT|)JxDnVW-P~2Z z^HZ)Cnpz2!+IkkM@`{cjJ*YVqsr95INf6Fs`C_P2k{a(?Sz(|~2IOX%x>R;a;u&m44q5y{h2%rpHzzzHW4f5WW_>KrB%XF%U zMa4#8?r^AFP)R{DAyiK!!nE(J1llQ8LM6SQF~ z1Z*}uumC|tLuJsaU*i}VphGP~pu|s5T!k()m0{zl0%WxWP5B}E%?~gJ#zwKZ0~xRn z9=Xk!g2BKZafPjrpXNiDCM}4_HspdsI#pXI3uJ0CFYaUt@)yFzT-K%peK7%Pv07g& z*Q1F@A{NTB$bw4Dawt#x%qS8{RYPf}3^~y(gDDBd5rM*tOg}DZLjYLz02K@+wn3_@4GXP-_O$y1RD>77? z5+3o@Jgq6FMDl9C+zbuZmAQdH1$#UO1ITz7VObv(UWWx3jIF284um$qf{q{9(o`ZY z&^C4x!@ndd1crcWnL9jgX_{0x)Fqr=gKUag8p_0h3^Nr4R;w52Hxe#@M?e{^MyjD~ zEXH4MfQm?K@c^?g)R0*btVy{`l{CO-`qGF;7$qfN(XtWoB~sxq!xI+Jlox|6RqEwh zS>O&2X6_RiH_m%FB^3L#mafR#YgSi%2f|E!4qsJsz&5qc9FI6J0`wWd>HO z0h5TVd=YU-LaB=KQ_4@)D{;Qo!jL^Q4!V-za3U72m{p;S%)3yoAWEsC%_I{bQCL_l z6!{Eh`B8(NTu<=3in4OKTEWPO#{|VuQ5G}_MTr!RRv1vVniT6?R+B(dMM$I$;YO0x zsE}B-QclFV;YnL`34bS~Zr4B85`ITD58^0tiGV*NaeWu@1Q;MRKb0w15GS;YMaJY$5{_vIarQ zXiXZ~EVGaBQnOu5y5O@dO;swD)2B}PH&{Hu^c#Tu;%)czA+=40dpCs{pD2b<=+N1@ z@BH!qoQog?{FlNwEHnnxVyNMAK2a~-xp(__zy6z#KYai6<*V0^9S=`U#+K&d`K4^6 z4ylO`7LHVM`QpM-VRkMzKVMi{UMMUtm-BFN3@%5>MZ>e%=xkqdwkMv?M2pcnoCVs@ z=&&^Gha9N!0;uIG%Dz}GqsuWQDn-n|^u4z~@YG{pPDXoPeBrG(-afpH;z?#JG3X-# zvoIlGuMsJsVNqDHM_5wUBLls+?A)4+hA*B!H#s>2>x2{WQl*^AX0~kIwqs=T?6qr? zS1uPq)rG=JIa(hc+B7;e8m?3)u3ukXS&5|+gQG+7RATb#{M_tPI2wz^L#cFP`;Hxv zNaX6JOEc4xNZ`$zhxgsGx4(C&SPaiD&E*zndl*SEHa%B7w^&>*EhW>To3?M>H8MP$ z$t086<=pbw^CwP^&&-uV(PTF!Otf0uGBUhvY*V$IKXdNF@^YT4x_C6UZTq&7;eq+Z z`LpNGFDw?idwYg94ULR$?(OZ)q!Q(7d1hw%+O_Mmb94DZSpqF^Dxi?iQZ1cI4UhJ3 z-aOiq?WtF4$yg$jOcnB_^XJZ=zj(G-p>{8l%x22v^8DOfI+?oprdxLI*qP0wqtRHo zUO#)`^yxDv^DEV4D%&?Wv~~OD+3D-k*RQdDEWezuRaUlc+kEpaxAgRllq=YGm6`da zOINO49UqUz8|c*Y}05qolRf3Iy1AFTgl~yhkJI84sRPC zNq6 zQtj>P8W|nRS4&qX#+UMiY**KoEn}&8czXQ$!pu@M)`dP;Eaj`A{O~~kO=CMY^^IoY znQEv!u{6zla`O6O4z-mU=qs(Oy?*ub`RVzR zm?ZJd+06Fgfzg4Uc+bG>N@4Qyg;XS*O(m{go0!iR;{(H6`ZDoaW#anOd~PMv*E2f0 z3DGz?F}bji1AFj@2<>n!60K&lnbFbFLa{P&b-Y|G#}g?e#lS%SwvmzI;^Nhd=W?Oi z(CFyC&D#b?hl};f(>ImSJSr@iQ0BT%L@_GrM-*v}ezb?qsdJJdB`0B#ZoMuBz6e}BlU~OuT(tSm)$oug6VYb z!nNf>tyHRJBDGC}12A>(=x`>RDdh7r*BQdq>$5YZa=E|1|E67gzy-W8IX%TsX+Fi` z*REb&$*mw)d-{5J?%vryFiG&q!42IW^T)k@KH_t0`BGPgL3%Dj2+-o0D5^d*x>>*ajm+T`TrE0=Ma zH*MLnZTpT)I)#!ijL9#pQf4j3iB`0WNP*+2Qz7u9mDvcJJE0b?2r`PZINK zX@2SYh4J}``6^PVRwE~qERPxPwTrCOp zds`N@xr*aen(`9{h&PP1pZ?kZe#bDZ(G*k&V@p>*?BuK-G;zBGk*&Vqy5I^4+n@xo=N`X1nWi(PRhA|Eqlq3Qq za8s+IRx7dNo>DiKI%gu6i`Xw*<~lxl}9V!*%SI zL=>|q!e#L!FiFLhj6~y!E`)m(`v;$n1|;SQ%p}^vP-DqV8TnPKi=M+CuUASXczQV= zs&*$caiR?Lj9YSA6!JxykubqZsufE36^R%a74x{pzp+|2HB>Iw3uWSw zSOPg5nslr$7EaVEi{M>JB~`)L1qi8ZD3L0{TNP}wPRjFD&)M8B7+_E({fgi#0eZl_^G(#Zoa_Tn3ei2-Zdnmk5M*p^fle zk_d_WrHv+vbz&+NXbbMg$OS2-QWWQu)`3?lt*hh1*?2axlB?u% zcoe006;~{l>SlVPjKalG5t7J+V?D)CbQ#Mio)1@xseCnENu;rcqxGe5J|8a;Zwe*4 z3-wg3Pz>dll9k0wHlE0I<-*x~UTl?Yq>#YH#T1HVu}5p+Xm7ooEa!_$bLD8dmP|)$ zWv0=Uh_4h%l~}42?@E*w(h{AF=4xdStT9a7k!Xcg4mh^)G`35%4u32`6p2(yY8A@0 z1R5-sDVFgDYw=lcT%M!>8b4f7cCBpHjwlX1jDzF5F47IP4qEF*Ah z>0}}hVl2 zlny7-D9uuSHdI*1FbQ$_)3roTz5r#{aKBQaT)esxk48$NbRpbb6ZaX?TdEdwv0Ah% zJ`k%$EBQhsS`H`BC*@)^Q;VgmkvJMO49!ZdpM^;L4vBA(g)o`LWk{qd2bJ23H ztDIjZB!g}Pz?EFIun?(MuqnckbWK*T)Qgo|1aTY3hAZGM$D{F5I8l(eVQvTkS*fiM zXiW|Pu&!D$T*Ljz12_@Yl?vk|_*PEB!OSI;B(hR0R^aa}#$qU1!i2!K#Gplnh|6C= zeBgX1le{H_fRPBTLHHWVlMq<7SPvBv$!s_>nk&@`2*CJ!I#x;|T*~o!q^klJBGq~P zw{mf)UK>azMGxchs)H^OGQ4_Zd8LG12$vvZ>HwM8V=@zqCd=Rte_l8`z7R?FV@DG^ ziWRHz5@^B!PuEk~Xb(;|AptC&NPQ(NvAgI3@q|P+8A(LSxl|OJnW#prSW7KbYJ*T; zaUoS-!JS+#MyoL-n}j4Vi^H+haw5K1&Sk1AnMx&6tfVu2*mEn(v$66-D%)L)^)3}t zOg$DVXz&h?9@kOADmbB)a5yIs8;KC&DwHIOYeB#pe6?$Mb;mXJ5pd$0{Q34S^k&OB z)N2R+*Z=qZgQDPrujrrtpZ=8LVvSs#EC20}o~wn^1On|X0a^%KvY=2tF)rwvfO>hT zr{@m*yIngA`SQ~AOl5vPR;?mH;`oYDLLAkpg~dg@_W6b7~aG@h-7<2ZzQSS6l}M7x0pgCy`4Mc+%6Kzy0F8LBXb zQ$k_^<-=`R?q>GTTeyy$5Gtg)qUi)YltNPwkBnuDu|zeMD28!nB$P&ufXEVF4rHYv z#CV+H#Sn!RrW8%35f$`N#-bM+1$iukL^RhRK4OmmkQ|=WH)!0k9wYh!CyHXg){Ucv zV$2w+E=3PgZ-+6EO=hztI53vTSFugP+1`OkHf;(&xNiIf*f0AMo2 zBgsq(OO`-2`i5C6ju>J(!erx73EUy(qDjCN1G$)IM24fu<(gQ(DMTYmF`KT%x(Tu| zUqnF?GbRzwf#_H~oJx|mL5oFV$tsYnqf3#8v2Ze(N9Dwlaa4#z?a0{F7&AhSZUhbt zL;PcWAEJ0_T}R0eNFL8fJh4M zz!R`boRAl$RV*D(b@P+3sRr=Fi43<@$}0%zdOThOAaUp|j1d`2p}$jjJrXgLLKs@+ zvgmJ#yw)LZG*SW~%Ixs~QYnHp@g)M`5wS-g_)0vMCkPA<)0uQSQ><3=l0K72aYfRO zU?UleC3u?lKsIj$X#%|p9l}&_Rh3^QO+hRZGavy9Nvh>*)nY742tj6$N|);40z?*L zl1T_6nMg;8SHVTZ1iHGhP6P~mOClf8*93P_E*N%jP)f3L;b=J;hZrCv@v2F15FBE7 zsV=m14U-xvC21zjpJAXT62b-H1n{&inBs8+7;;0bWz4LohxTLEQ4XGZWD%PIL71*fQvLnjgVNTiH`C{YM(5{V|l0!XF=jGB_bJ^?TADTs<8dWkpIGU;Rn zO%WphQd-2qNMd9nDkRFXR4ElBb%IP>URlXQ1@&aAnt&<58}=$xLqaE7#c&iWwOT8# zKrdhn1}@_EkR(W@BI2%u=gF+lHow$sscg0yNf3doVg|-V9+Z$N(QGt%Aekg25Xcw0L%+k0#S(EcyoY)^-nH+h+xPCgrI-(&JbCHL z_*|)m2uRi93DjE=%U*UysX|Q<4(gJuplAx%Q@p-NJc|e0vr?`V2+u|$xrziKQ9AHV zPb{ekxiAz9cjhGp7|X`+t&-sg(X-lotqh%L-X&40MV4_-p~X6wMpZAFZEjQ9>G5081!=Mnku3%(VFTK zst`m%|0RNb5+d`8u49rcA(8;>TisB-6kFD!^*s_FS!!3lTXI))S^nqzD}skx4Kg>;Rxr z3B(J^ITgjW(bcZ8IMPOnXeBKTyd~pLa*|O=1{q~Zelk|iFa(Sk_RNGxs?`KNK-Y z%^Zbn=z=Ijv4WUomI;Z1AoEIPvZbV-s*&Uj@j)q_h-5G|_y`pyaEo{onyQ1dp|zHze^W16$y@b_CR z1Lt=)d+@CWgjKou#oMaQwH+wyPoDY>6nvu@wFgAO^A9XKK3n?RA3j?SW0uNj0JB!n zSfLs+qf9joB_T-a?nGp4^XTR++tTUu(#&jOZYf?a5kbzC3iJ8WQi=R~u7m@KxT=&O zKi-mA$EuYaJhfO+Y|BDAQOKm0vf(Nh;t>=Z;#mR)$RnY6yd4p{V&O}?4AVf=JtDcU zYiQq1cajWSn9Uvk@a)9YVknBvOG=>+@?GLVRN7Z1qAi746y>BuhM-2o!(kXm;do9` zC{-L<)EnhCCF0ffP^LyEfy+_=h}h3b9ajWSia-|d8PSJiQmi9p1?fdoQsN=Y)6JZU zL0(91zec!e-9vPrx@0wjW|NE8VQ43Py;bFo&_be)7x#mxY2)e_N+L?RfF*>4PK!jMz!U1yaA8DikS_2wp4| zu?@O#P6-sE1n>w*Y~(`Gd?ZTd6XAut6k8bw4o>&HGX#^tiZ84NZ_iOnd9=((hp(Pmu zZa)ndinUx0Ul+d(6OGCM08WfFUc(NNaY>ns5Wlj3dh4K7l3KEj13-{Kveh$VKT~%l z6{}Su`BFT@MJb-DC9vgEP%<=-WBN#5(jPos#AK2hRrMU?L8E3}CSV&Rh;zUIU_+ET zrUu`rEJG9`K~XJWU6eDDohS}K2DB;w(bXtxd?tzHmoVZG;qfx@oBMq?w0ZpaYr#4EA^FPg%Daz z!W+bFX-_-_vBGe?Fq)%X#Dp>2OUy%xsevPwG;ASumN?b|qpH*ysX@yf)Tz z$)_<5zzte7pn<*0-~k0GpaM~MF^e(!X^P=RU^`_M@r zMU<{ErMMzw+2O3(auvf;0$0f2B%ysMmgqO3h$wa>-cKcowUmee7R&;&KZ#UkPGf7T z+mN*7P&F@BWHMc#PFLmtCh`PJ=pNNxPQ=8sl9eo?Q{r(%Rt=#ep)YK{aH5hV#9vvd z7GOVgQ8kn-RO>tsVsI)M5Z(-LC>47G>7@}JVH=!D$1qxxuhK3md9}*Nno|+4A2!jR#KAtym*J2`5=t{EIJhlPJ_gmQEVcJWt#!CnwXcE)~W!c zs2opF!WLF$=(dN0clAveLKY>-gHQm<5hq>}=R_?f<;w`VWX!~_kz!0v9Aa*Uaga2) z)VP{RigbpWEKw)oPNIO&pU4d?ZJbZM5^=aCTuhIQ3HrhHND%v#)ety)6dMrb$I1av zxJ;7L6^$zEauS$a%(gd?B;H7DL4wgZ)#6o%rU8r6hb^6=S=H()J)BDmHo=9hWK-p2 zMz*LG@oL1EFcVT7YDsLv$ht3(C6Xl84V5r>DJhm10J2!k0a>SsS0)rdhF;Pfk`JOM z=Bee=;uuLbL_9J)dNdoZz7~^c&8_;~#1kZzAhC5YFD4WcOk8wg+E53SAw@B2>>|75 z0m)VHkG!SIUNt>*t=sNODXNS339pJg(J{%W7^{eC2`x$(OB_BZ1#bpxMyi@2HtZyk zlM<$(J?5!yimhkSK}gq<=F&PifB{5gLK2CU5z0uUijgP8FvV0vxI^N6Os2?pN~bhM zQichWY~o6xB7uA@)dmexU?tS3{<~5pK_h}LCVKz{{*;iCS!6+5 z5>TNH4Cf-Q*saB>YK-B`B#{kpzB?LOID8@qxL>DHv))OMG7JATdWJoG9Tmfu9`V zA@WmJzY^G^Kk+&w;D+G{9agEijFed$AySSy7@>CskVcoKxg?RYa)Gf%;wi#vk|C&w z{Q*G4goBKb{<^LN>=M$@HC}uW%NW5QA*;xg#V(@w2?%1nOCD3!(uN5d=O*zW1fy*qjy*-rb~v z-zj)#^XhB`1z!rM#2^*PW$wQh(MLIfR0(y0xN0_&-L`ql=E45bN^W9mZhSs}c`ko# zp}1H{l+0*OrLLRc}%zB%+XuQbANN<4h@sRf$zdjXh44 zR0vRkL~SPZcd0z9iYUoITjTXf3_QAo#~}-KBvvj`pY**rkiz6@|DwZWbuPjMnJ*zT zNsxZ&f=zNa>Pti4G+C4Na-!8lu<@wG1`%1Z)>aDO3=o0SL=n{v z=?j5M-y)(Us46N*;`XQ(bdH)kvN}caDCt@i;x48njVh6(ula?lIRh;Ut5;|fiC{k6u-_x@gYl3 z#9a`JKyT`i zJ~PV@vp|=0iA&F9q*=}FN;->KOE_B(HV|SG_LfF0a3m-bww1XH$;iKIoS{sB3zdi( z_LKFctTU6cIxVCS+fNN0iK%ONMl`-5OF~g}N+w7)e+3$?7r< z+X?}w0n8xzK`j{pslJ5>9lc7Gtp|GHWu1gRYMq$LC3BZrUVtoM#2S&Tjod&4i;0lN z4P#^}uZb47hm~l>Z&#MFgfG%XAjMzXPsNZSR;M|hm>~KqPZ7zJ1(sr^GNTv?^(3q* zF1WCdSYEXXaYaH_B02?M5_l)UCTt+N6-AV83#!?1VGQ|6`~~%Gbn7pA#~;$Q{vuy> z=32`nl%@slww6-Gf&Ug8!2q=OYXi4vONP)jOaWh@wR{jt#)J12ye9CpF`0?DL6LXP z<-Ywd{+C>&-&TjC_J~%ilvd$et#->!1%$K7Ko$1w+WCzqpZNNtpPm`N{_5KYFI}0P zVP#gXoK2*o?H;>%c+grBLwCht;-kgF$k&w@Mh`NXjDxw;feCq@TG?<&`JynOJ|PhUNJ?#f~` zI~+>&%Hldw>0&X72d~zqkiGy+>D7WK`0^q(#nCELrHbW9_B|(C?nHVjxlBEutg(P2 zTOjHX?S(dbLd8sNQ5McdDP560Ey!CUb4b}piJg>>;C~S&!dPP$0qPc{N6PC{s^BG( zqb`YwUh&$6R=Gq+uDbs03+1x|C{o6%k_m!&kDaQM95}0J0uZ6pKU}WF4-mD3OS^Qrd)~Q_{lt zK!gMZ_7otM7`*a=tl(7lN``G!D+&OABYhPNG8a(+PDbf^R&}+FIaR?aC#X`9O$4yq zyw zr_!c5CMuwm0i|kG+xO(H`BQqMBG8+Lo4(pXf@|3iKm@()2Oy$SLIH+P(fKNO`Dpw0 zV%dmYs)h0<(yf5c7he{|5yhk6c7j+w==fEah!G^~g2~QAa4oqI!Oc%|WlIU6s9(qZ4f{>xQIVwE%1$ zx~-P%rX?sM`$JA0t4D{dV7FkZ5sCC9p)^CDy)>8&o$C%L5-!y9AWU)#r8pTb!qc{+ zk_?zLuXW=988%icsV-?$CoPi|^Hh$a6s<3LI1OP-Nt)Cjd0_z=kt%Yr_?43tF=7^> zbj6g?L96AYP!j7&4P7ZvmJedLn!RP7s2)0@Bk)W+hXn<-8hnCEoweduhN-3kk5Z(j zpU{nRS$AWS5SiIYyp+XEuRFM?LnCMtUXZG81vNw0xV=1WVnrP!861*^RD>#2NgDHu z_!}ZhB?5!|&@y2Gmn2lBYcWyeiW|J-P?WvZ3sDu*1thx!OyC=e>hB3ERH?zy8_% z1A{^qDs}9o&V`B;&l}S$zWYJPB~z7uOr!#0;v7r4()jE`zD$W&Z!(izsfCsaeaF%Z z;lyGrJs(ZaMlv(8ZX)w@iR^qlwGc}#MH9=>WP!>NYLX*Vyr(F3O;XTI5gIiR;Tpj! zNvg5DEL2T}tC>(aT`gt8mA+)8n+hy=Qsga*MpDUS&(ca|W_EdDk)@=%C{7LzQ8(Q- z*3}9KkGMpP@>#U0N@f?UQ_(M+A;c>%0ljLFiZ-xX7q#5Y+*J=)rHYvUBF;oiU~h{w z61pK-YvR-SC#q7N-RetvB?{}&tX8d|76qb1lUSUjhC~5LVjW9DM6oC+!GJUpVTBj?xXa&t4D410zigzay&@m}CRrV_M#rZbYR#B^5tPu^PXMv{(Yq>0*ihB4GZ&7kH zlShA6VQwN_i~)%OXzEns77A2VhGtwSF(_hWfX0n75<1X=K*?2k#*05y+1SM7iRvox z{j@07P$#;>=wGz7NBBysvfNS7BPdX}SGA5wGi6teJ*bG(>Qd!=0hyREx+*}1C*HiS zLQp7ayQYwoQOp$=V96|Gni_f%btLqxn?I>_WgY3PJ#Y!Y6v~2DSq7jAQOOK0X4qJ_ z`iy2k#KTp3)45AT#ALg`!Hrv0o(gE1BC;pZ6N?MVB*a?M__leo= zPBqB*G)|xoX{gI-d}ACR`(`DGgw%+F(y!SVk_gq&D*cMEaZt7{xLHbA^l2NsYgHLR zV@W(zSA>l+378 zL`Rw(GohjBJ=+jPgo(_Gf(4$_IEPrDCUDF;b9zEyFO%@N(xj08*4Z^(Q#WHHZ+-NJ zUcS;^g61}zC_3vl`2b%D~n6G=$TCSaK0Q~SfUh{LXC_@;lvVC zuS_JAlN&k}-?Ub(Pkn$1t9nWc)A6vW?=W`4^n)%4^@yja<=1HyIO-!yl9}QUiP9it zbn72eMZ)~H7ENMz+%HQc2t*idt8u8Bz?rmuJ(Oby$zHl3t_WU9D|nhxg`XyzG?lKc z!4+Cxq-s`MRS~5#Rhe!EtKQ%}X}Z9)g1t0z>l{C|&}D#LD>_h>+|CNo@_XT1NoQ)x zTcnj*`ARFMNhK}6^ZH*J0J)m zOf(xZ^d>hYdEQ}0%{*z)Y$nzFst{aQRHd6)SBy~L@7aY$W}bvISJkH%m5I)zlGbI? z3K^3d$}Ac(mT_r?psiR`1~p_VxtPtSzPr%yRn25(5i+7<4S7|?GA~CeTf%av5P=Ts#S#S^jt+p^QM>7P*VLQNeD+Y8qCqL zDz)2`%xrR8BE3WZ8dFi;k>~ZV3xBxF%G8dwJR-LF>+W6Fuu2Ite>{DnwX!l3Wh_CT zRN&hvi~>~%$o+zTsSWgqN_D)63CCW>&T3_AQcS*T4AKOQ>1<~i8m4vbMwyBZ1&GE1 zJuDlO8!U-r2!_8D>QB$8$F7(<#<#bi`JNXtQtsAOtdj3X8qb@sGNJjRH` ztWL4e#VQc&$O0RsJ+s@S97r=BvW!?`eNuaCTRa3_N+w2@0%&6#a~*^4HZ(Q25^V9~ z`P|-NQ@akMfoo2|8xJ}oNmY;9lSV!QGJ%op!7F94)I$|#<|aQpf4ZEA^lu(XWHaoB zkP9bQqM503WGUV|AMcq(!AJX6;(hse*K#boj1wOYqvrFJEXj%{95`xbDR8AehN>wr zOkry=9U-Ao&9aqDq?(G7eW9j{;zp_ODO0B#>F(;?97%Lf%q~pME>a%KDh{c)QQfX7 zY|th`Q0#vhI#gzP6R?CKz``#jI4jT)ijr)aTw!5`o+rmDb4?x#F-S&Clf6bGe8e_% zmb;4-Xg!8TLuIw5$8c)&nZi)HWLj5cy{T)<@9`@NllDnA3O{K*l{k5-HGMRxv{aEK zBT;|dGsx{<6IY5O4Jjz?J67_vw}(dMKoKy)Dpr(jB1o2@sBjhSs@{-p|11oF8Lz=^ z8-saCY6Gh{b}<1X7GpD`8eMfGKot8~vXPqF#XuJ>Q=wzxkuT;li$P#hRnetfrqlD9 z_5Dkmq{$1BcglX!qlR)Mlu3I0vf>5QhO8pW+6Jn32PhvJP|4% z#Cb;*sbJg}iJS*&MwhsB`6`S*}jWm?MJ{k~9 zCW39=CYRJZlW8mTO#65iuprb;PgRm|i@K6B9hs$RX`PYT5E|vP@fr1*A~zLf2?5V& z(kU8D(CBUheRV8#49<4+WWCU;7#6A`8dR??s46EXXgx@&2)DVbMP)&LZ#s$v)3w%{ z&cKM$@r9#0F{I28P*tLF1D(56qX_*wbIpu4<$w9v;`(OIsDCbWU`!!z)4vLEPX-tP zd$?9OIg3&sSAdv!5Pp=eN{~7peb%f1x6`i56leEqEKVn>bpSU&$iIWefO@aK7@?Xu zdXKjSyVsX8k8zor+v@Im0!y&#@sN$jH7s{XL6T1#+J@s0)vjh*iS*Fc-10Eh-immW zWLCvuq%IFh>7-5stgxkkY_uSEdS<Es}2=2oH(IW zk?Iz3N|(%o@=>e&;UX0a@oTZW=1$ngfJ$RR&5rhH9XbkY;#|rY9FQ~Wd8PmM@818 zdqicUv-A}$&L~g;=fOjzs>(al^r~cZZvGq%x<=Iw%0clS0HQrY zFllIT1gBWAn>;#nV^u2iz^1ZLf3P82S%Q8yAHcQe2`vYALzYe4lh#g|c>{Be+VgH4 z+ISEFPASUI3Shf4&~@{4l|>9D9*KE`8sst$KL&iOnDAaUCHFSjV7ZBwmw(BJqK(m* z(ly}5ZG`I-s^5;2xb8>)vW>n$?d~?URy~8DakC3^IBs-771d8R4hyCkof)$1rKX6@ zOC^+<2NqUvDQJ@;E<|J4(x2SE>lQE!zHQw0@`lj(>hj!y8VU;5_&-5H((uSSS|)nO<;sEw3$isr{tl~yb*F0M>W&0M%To)3iw zwr=kk*%TrIPw5J}Jj|w~seCMxi)He$G@A&NqKPt#hS{}%jUrLW5z6kUrmN;zpCOs8 z3X5H}c$?ZtwknWqb12%!T~5}jY1xIfJ~x-Ehth*1yF#&nQ|G47UYwp@NWMH( zx@>vbX~qe!ws&1byHHJ~Z&=f!G6{ znJ;>^1IL@zcXHUx(gU?Kn>^3Ser+Cq18Qw(U+;ns0XH<2^sBx6UOkd)(2kkH&BWqc za%&AjL8bzC^`1Sgw#Lu`UHGA#_2%wjBLH`g?N*_4qh(Kcn|kPk&W=4ZO-(_W<=gsd z)#Phnq0MsZ@N6?l3&jN9*0wQS2bda4n&;)hw9R&O6S+5{MNPK0KQ<#;kNkrgymhL< zu#@^&9^?3dZr{pmezavSs?vRQXntU3n~2M9YoQFgLKN8z1`k*^>>vgr@mXrrSpUt!U-qq#71wl~ozV-sN5 z4+7oKI!DPXsQXR;pWw2rW@S-;YznFMCY~$C=%k2RLQRr!=T6qUOHH!uA0Z>uUCnuk zbLLhcdq9;^-ZoEb<7oP)cBk6@&99Cc^Pd`AKDPN9-}|nG>7(}7#`V$1HnMda@-@M_ zcYboiClJ^m1T5db!M7Ss8#6;U*!{YO*Z+@VxrkJBqdJ@w4N{PF-Bg zV?t!e?_vW;JXorNy&P1-juC5(Mb-SklGCN!(sCisZb*f~3Ol2-?Jj4eMA71vN*DXa z5TfTqHTHyJCl^YwIJd4^ByKNRc=mnZ*tH@@7sw{K?8V5=j9j55S#N_$BHQE0a!ILh z)$#?ggq%42)l$hvp^mklX>sM+zizO@4SPo$Z10oXHUfdBm~+P%W55;LNP{2eJwYw* zGf9(b55&K;#S@c5TLQrsgc1$Q2`V)bI6d z8rpjEVmWpE{N(v-Gt07DI}6*y1=RC8WaDv??IgD4NHhbw?3N%wT{g``PYN9OorYDtJ*)S;1{=vy(wE<`lYn4ErANt#v zh-r^^|Ju&_AMwCev7y!qp>ANdza+~{Mit2YxJavAX+)LVL%|yu@qc%>v8(N>DLI9Ey_8V=lUg$a)Utqb%{2$JMqdr(f{M0{wV-LpR-l%-#+~;%hL^BR;z}p zN6_0QCZe^ps8b3~Wr;3FEON#~1f@CH-#^sX!x0VnrIq{=yBC*5{b?<>9`DYv1U0rH zBoKhVtM$g^f$rMwvDBV1%IH@(Bo0MRSU?eCN>_Tig$?&^+5mu9Bs=VyER z`fuI0_m-P>_9UX)w(a=zqhEaVkw@>o>#p9Ou8C`xmKNqx>9lMoDcd*5VQv~x(9&bi z>2Tt#ks`7@kb%{EH@>^n^ja|@D;jY~_1L@V;s(fG6B_Oz?{;tPnM+^=#@C#db>m*e zg=n`WgSoH`f9{;@*Npm_uiy>t?scE>8{Fuf9#b?P^vp`-{FKhIJ-q_l8@D|7D`j3`UNqa7mPkYw7-^aQ-M6ucdErC%sx8~}@ zz1p_s?6N-PYQHu>${*7$#**ui*TywmG-k8*ixqv8h#u6pZYkVc0Ll)LlgJ)k}FcVwR&(>P6LhEYT?s_SAQ8&FmayBVajT zTeer{xIWv7LRLz!4J96Oc4j$#X_CW?w~g(7U~(n-vp0?&J%4?%%-H}O^rB~b5F@bt z4;3J+H`BeWM7P@}No2-*QptU{-ul=hpWCxz%TRCn*4;bqz5QlF^yki9C=^P&cHQ*# zFF)~xM;;j5w7I))U}W=_eS7!Zd;5;DzQNh4iQ{KZ_jdI@_2lQD`oiaK-Lqrsww)te zclGu3?A$)KclRDb^b^;vu$h!7c-=(F%nRE-K`S=2Qb-LWUtoIV?daP{XQg1PZgskT z4MFoUDR?EzCc$iV^7>l0K4W!J*skDhK~YtYvNT_z2_RONS_~%!o;9EfF)S({= z_YJsJ6ug^(Undlhda7DYX}3z$&I&%Di5&#h4rq?ywutRu_T3d@H-OrqQm#$nY*>U@ z$G$jkmBQY*8al|e930_>JNrd${70zZ6-GX4R#)(TMc}WIf;Xa2Kk&xtZ)7D~5YHxK zo&0Pj0I%v*%YD2xV(WfrA)?h3yiI_&#Ee_m>m$%1duKlu$I7g3jWFSX8%c6LW7+@vaNOyMoP=A(FcJmA6 z(u!>RC)-xr_TKFAPOh4S`ig|$y!=dYCt;ekzi?hkcsf92hCFTZ!@I){)&Q^jbc$Szr&jUn1y^{Q0Ih1g==9CuN) zvYnRf8rzjlbNt=Hv-a6Km&d!WauutxNci;A@dw2GxGanp3`OI@K9eC@F`I)($Tej}m zxnpj2`tpSfR2wiF4Rx5>lS5^6DVp1tCaB;&$?hq5L!YPMO}qM6I@8I=s^FV^L9c5W zL~~hxC*iS*x6{dkR}$@@H$Dm@tVixa=XQNyHjiMV4xBmB?aJHd!;LHW#sC63*$Lts zR`5<5G!*=5j?u49!8gs%`{I+6FC|+)G_CXh2xM~OkF3jgH_+s-$b&b%wt;c^alTb= zZjjpQx}=pHH_&m1TLSHSahw}#sAUfRsBS0(vhgn0Q1I5s$FJa>h--q>>H}U?!FMjQ zb24I$kb^YHN-{Z4WjVKU`SSVGr#@VmA0O^d-*L;1O@m$81ZQQUrHR#ZCSr=s?^tlo zVPc#(no7u-UYx0&(zC|crVA;lb@cf7B;V7aXtowk=gZ0K)8)lnVtCUn{e!#CU6?s| zyI{M@#%6f^a$aUc$lDLduhP*cC1bxF479e|SSDtR#e(mR*a^RyQT`Ho zX`O8Q^aEEu4uAZYFozp&a`iCmDn++yFRGI-v>_Xhaf$BW1K9I zBa^V4Tb{grt$(2ZH-7WW|Kq>@*WdfzAK!o9-GlwzU72(ymCB~s(xy6f?dqwcA52`i z#N)lay^HfR^Rp8iJ;+VjOa=?3u()*j>{)KWCP*cc^RqM8$FFiW=8j#v`v(T~)CWCW z(pyKYR<&-u^WW*qX7=Cj{QkkwrkeL-fNw`v*&GDb>lW_}SNLonm!u37?NL`34CEyZ8v&v}J@F8p|59YWu0#adwGTyV$Xr_0yRf8sf)y zlV@3X7?`9)G%M2iB@)Mu#2{@RCbrJeiG^zU()g8wA09q){tUI|H}BcLdmD~sz(9;C;eA2R%2C&t9xL3|& zuE%PX;oh#_{LL@@{_p>@yY9L*8p5A1uq4ks7p>}Nf5KvZVX~HIy&tFFq;c1A>C2^M zY6#MqbR?c&U0l7Gs}+|inD0s_IKQYa2P)SJWj54jodCxqvSdJyNz~1+l_DrLkP|um z-S9s??EQ*bYT3c6^ln5|I(^nDu9=&&wbOwOuhxJ{2W_a!bNsi8 z#|@a6($Fe)NnqK<$Bv(-@r#bp9d_E^>~Ge9>&HHdjWyWO7id!O+#%N#wyu*m zn%=ECvu<2aM??lY#Fbf_#_8YDc)nV@e0}`bnUiNPpUd{7cI+4(+tk(570V_gz1`{l z{+_P>-gsYstg9#4)0^(;N_Tak)a#M%YN)#w=}N>>sYt9RkxfQ3`FwbODO!z>4DWs* zKDhV5v1@O?f9A^dxdQ9zF3* zt~Ul<)s0r|2JNQxLglWWpc5-{V^Xp1HA8lN#7-;Q{`B2(eP-qRPn+afE)klK8M+3H0%g6Fs z0B}Zy|71t9_(+3U59~5R|CE;1pwjS%JC0!^a=PUnY3E~@Pm6-D7s8>UXmmD!ljBp# zqBm)GQ}EU`0$NU)lbvg;DEL}kYvB$%!J_5jdhF(e%SLYdRo~+S z%XPfLg|tmEzjem!8x1Xx54u1NgP|cigL}AI7rtw4qqHM}gL=6&Ub8`H`t5cs)^<*q zC%S_781(#?eqL9*+Y=il!wpX1ALDHs071YK*ocv}{ylCR%GJ@-34`qxo4c|;)SIZG zc~PZb;jw-zH+Dy(Pu1~4ku3+x*;hFOeqB>*9m}eNhTrI5+tKe0rgMm1^t$(qd}utc zaFrEQ98OF$TFyJpheM@kY$X(4tk$kf&mBH~a{r-sr{;d&i4#%+1o#M)0t~?KYih~ zgGWzY7@u0^eA#3sp334O7fTgA1YXW;b@39>r5qI>p@2`$7m$3uq{EYOUa?B0oXeH? zX<%qz8*Ah~{h2%NeK3*frKT^DNCVeGF+V&sc-LKb-g4`$n>KISvTOH4k3QBrIB@>_ zrSb8paw$wCKAleAcH6#t?zv}d%hsO0zT57)^Nzdjnw*|HefGjifi3Oj95~r#R}U2R zRv~Z1a@!~pf93ZH;@6CdHI6UZz}Pkdij4^L8(mSefuVhJi(97@g#RxEC@rOSYuJyX z96amtmok)ps*SD%b6?J{Vb`~+u{C)1zaLgLQTXfo^2g?5&@+8o*1h6NzUk z^%$qUaR@wvu)`;HF_#U>D(7{FmU=BE2iM2gWR@eqQSxJBV|(`OzU_`XZ@J@+UTWgv z$w(}D_S(z`M^E+k^gM9K?#=zFVmO`}+_dH9yY9RHzT5Wgy?Wuyb1%Mn?8LcL*Wg`y zckUhQPlQYHo}sbZ9=PqE2k*J>Q`G&x{>Gah963@f64I9gX=Ix})(uKrUU$1u0NFkS z8(Jo32esH-)_yfDle1ghL+d~5x9nmuO(!^|RW0)xKKB?}hSO@AsoYH^MqH z>UE6eU_TpJbJ*PbMgiEqOs)-Se&6l$+h{LsPgL#?tAYXI{a>7WqQ|^?tMG^hLbC? zmCNe+ng`-J1J4O$G6uU|+NQv~?J_f9|t5hm+7U(D9a?EomJinYj zb?WSkFTHx`$nlkOXt^FedGYEGfA+$Ed*=BMPn^u-eWu- z_oFVs)9LH!>KjpRpWOQi1U`YlClL4q0>1zR*4*W0{dR-)%=&l#L*HR%sYyV7|LK)) zeed5)#t4|NS#v8kftnepSWak@m0)Gr?2ZlKYc&GsXzXxdp)V7^dDpfF?z`hN58SoiYr*cI0Syi5hN0$1tm9hS4f4rKi7we_v<)vIToY=hUmSpe9`^V1z-4CDn z@YI#@>EaTH!o)KnmeI%K9Q0bQ#VQ2DS^Q>YU*aG$97^KVW7a$(=h^9j-*V7Ad(7d% zQ~SoYw^=lKIu%bOmX{WC%S)v5^QCC9RJ-@?+rIPEr@BH5KYQby56)g&uBFJt*NQ9k z+}vU@v{;F5*|G0CzxjoS_HO#{t!ID!#)0Wtca5cek=V-e;@tdFhO)tAQfl>B>4%X) ziJz_CtC5<)b#*40w=N;zIYrdO(%_FwN8M(gQEOp6t03UPdwJO#^WX(+)|dRJRb7p6$&cBCZkUc{3&}tpDdho`)yj^aNm7Qjs>Ta7xt8P>+zFMcT z`W2aOkj~LDo4eT&bWL}1QM_nktM>xS$m!1OxTj|2e;fyOYSfJ>Nl?(nzpAghKH|KQ z-#-%Fu%yToyxeYfXW|V^FW1(8^yhgs`J(h@NdvcY~ zwTa1dS1w<=dhPneRJj)I9vCJckk75iSvy@l;dJ*xzI5gK^%IvaU%Yyis(@_&Ks=i* ziGabzA^(mCPi+AE_JA#kG1%7bPT)1fU=x&mq?vTRF?F{-zHa;uM~)_^SI@$`{SY*M z5`4EO?mG=ZI=MmBe&aLwHGd-L4E#clff{HYd3kG`T4at#S3w!kNnUIutojSUwIg}A zU$iSNM#eAD?I(}^8biPxB(mmKG)==ts$x4gy(Jv&PJ?Z|?$MEBF|}vShiQE`h_0;) z!FD87jT3l(G$Z|&hl)1ajiPVY+s2G2w{%M7IZC}KZwl@82wAi%XT9gb2^O%IBI!ac zHaWNQ)`3I+?T0^o^{w}-^~A0nJ8!?`rn_&y`N6yHeCXZ>@4NlM9eeKBwDY#XE&CFE zJ1@=Do__A&U;NGUZ@zbKdL^|~?OLv;O5tQU)l-jkmFp>%wXKv&oLAe0i|r+fMTH7N zWf{77?40^qC!?=A-*$9hEgv;^@#Ns(NKfBDlDt5sE0)f(pq|a_smo*CT|AwMXS?ex zx=Uud``Ej7AlcPZj>HOO3*PGZ#o&c+t==`u=sT_c0Xn?e9~Mi1bjkV`-3s|8tjeCHIJm_)qVi{8ostUWUeV$ zG0r+M|1IZ~a@Gk7&wrOV{Y2mLYGJ8gIjYrVa=m(1h@GLn@mHP2Y}!nit>S8Fc9=Ke zFM5G9+c;fT-sMn|)7~oazFaMHVPfU=L#Lm4Y5z~3f9<^wj?FGC5YQeR*)lM)Gt<8< zksYf>2d~Xk-+1rrU;Xgq|MrvD-adTh>h#J|AyTTRs*!X(o~6{CK1+2L&_#-DgD+>& z*Y#L>L#7;VtI9zy`%AYKSA564&dcM3AS3lyvKmd2M6W~=OV#=UYu9o5V=)T!OCh$; zi9MHcmcdivqScM}ys;pm^`Ft{tPayCK1pX01AgH)kGvP(@e0=fGj#&VPK{m*L zyR+4QJ>VG(X+BFq`hlB*!)n@7=j&=eEt+OqMV@`^}N#&8_6duU#cw2uYzF$FPbnXSF?e1)$|xH5m!BgFTDVH2$EuL$^lJ*)ZlO zP#2&G;1qi96)Qlty%Q6m9@iuCI437kE^$umKf%|XXvHjeM4~`r=zF4GKo|<_=268g26)}jilVfz{<=IgJ3(dhx>dRNKVs$iZ8q_FAJz+wV>(TW$As!Zsarv?2;57tD zW27{BU+vW9H`ByX&5i#eIe4j*(j5HY zpc{ z=mhab6uc4fCknoqS3Xhj9i+!63cd*_>nnJZb?fN(I!=Wyd}%7OYkw{nwpvR=d{Shm zCP0f`R#&K@*VOs39N&78&X$JS-D^RdFL{4qEw3SAF)mvbeDeg*?k+wbyzd{cf~SNG z?TBYejypv0a7im)}$cATu$GE z$11>mHy>My>{+T#tiE0+0KgNJ)+eIjVs5EiCj3v|m;h$!>mJxpp?OEn~@Q4-atlL}n%OoE8kVYOapadC`njU7$AHvz|oVGv54 zrs=w|^j~ufq75u^Z<`0-#y?&NZB?L3C{9ag%#m_`+XTD-p;a6CI14tu5e46lwT@Nv zt5Sl4wu-j~iLP?HVnu7An+mmqp&z9LrGh5JH8toUYqyzaZ!hRth*S^mMO%Gb(KifC%Q|~OgP!i)^g!k3N_Du_~j@M z^Ed`XHHtAI8GhOPl?~oyzjwuvTH6{$(b_5rubEWSST`@i=-3v-S};OnlR1%H(iG7J z_LP+X073h5DVbr#To;Zz``j$m!tz|hl5TW=C&7(ZUu7af-wsHwmesTO12?oDG-4vizhRXbHzf#E+XUd*^o%EK ze1+hQM%Tq!5N(oM9!kt5j^k`oat`wy zt}C6I>USlQ!JCY1ELI+Px5qEnB|yDl^)*Vt=Y2@Z=}q3dore5z>jy{Rj_n#ewF)x@ zZcw~9&T!hzw3jO+wQ^ErW%ts3wi?{i#K0{Ae+~2mvCQYjWW8#y4M0noLgj{Gr~T#A zs;xU})WtTJkvAC7>C+|}@6c?J(fmhD@2tk8Cg0pkwQaKy=vdsY!aWF7bM7o!>b*NE zQD52x@w4ikfhjhPb5+8&-Z#?T#(1OUu7EMwGJe0y)f@ruez)Qi9rc#v;Q#GZw0q5U z@P<2oHLZs%V+NtmP*OCjxdV8@)VQe`UM*#)eCG$PkmF_!e2s=2RuXehS&JaK$Q%#PMl=F&KXYQ>@iZnf)T|jCZV!$%Lh+#(jywm` zRqIsV<%v3!OYvm9E6%xbEN-vj@pF1T-Ow?^N8!iW?OsO2QMqb%2!^c}H%3`IZi5l) zR8PSPDiWV7e9hWu!1I|~Q>QjFc}YiV>)8eUCZjRuBXGGvD{i{M;F5Li{;cZ3cVg)_ zi%^EtTrdz2dwvVD_?A$I*P|-HcD`s&CAU$$32~=?9McO}WbPi|P0}l*98H)g4(Q#+ zzzmG$co@=rMd97#YdaN44(4)E_G6HIkC%(~y443YWT-D)46p4rJT&1VAO3zvI!s-g z?xDw;3J4LKg&DGq3A-K}AT`>sI*;{Vj(?Sq%pGiYd9@Ke_p8yCehVPciEYPljWPR= zSkp=at+@9^zBTVPC5SO`ATIVa9PgqK~rM(U!*nr#O{eBMK z>#?EW_n*yu>tC|bO}F!qed2HFLzqrZQB$ zj=kcz4JX+7HuN8r3Odz_35nISe>^qmWmGJmGX%b)qKQ=}s2CL|hku=d7j0{sh&bYw zTV%SX^BtK9mQ2ve&-%$sOZ_Ajh8lUOQ7c%YBp{Y4ie$susr5<_p8+xU8cXX*3D9w| zR@K97*oR+bI%5ioZ1&dC`Firjv5Jc90EhSr-e+`=t=){2=bCk<-m0q9iC{Mwn_F|^ zPP8{T%?tpOi2hacM6^|h>7YmEwc!KLJ=ff}_O9FOwuHReh9JGGl67--RL~?13^}c$ zx%n0+r`&A;`c|9AO~gLsdNA0w%3yDD zDyk(==L5?9(k7CEH%K3jTH0k^(>#=5O~E%U;PrS#>E5gmU*R}S(V(*iwYO24Z4P4( z`*RB3<=CN_51mWZNE~z|S7Wwd*tzp$JH$YYp#!b1iY)32z_7#5X{Esa zGwfvdZ#SgiMXy^ZMN8_Wb&F9`8doKdPT*QX*a}E zogr^o&X%DFU$`3(%IWH|2+jEx;_sVhWFL$>ZN^SYdDPi}gJ~jd!G83lq!5a%xC9be;_y2pHYs zhBj(yleWGYu{Kl%C=zK4&{ErMTijxm)VjabdQz#SC7Da>deUYh^EIx))kMF+-y5L= zh~+yROnt@Sfay=UEpBa)H`7GTK8J}WQtzOBZ5&Pe>&c@YkR6)?7B99Dq(E;tK?-k% zgLQBH27%f^Z#AJ)V9;z~JHqs-T>YL_qH?{oaa^Z~w`$);cY%R6c?gC?bpU+=Fc+hB zsPdSb`bK!)%DiL&RzO55Q5lT{$xSXhEfj?4+A>B5p?X2n%qkw-$|xr)+%Rcf)@(be zv*y^_f9$YhU5l5rW`i;XL#Q8nTvfq~qGG}R>t~n0`zQZqCPIilnowz2624ak_V@~X z5rJ1FMZ6+Z)a_hUVmjWSK8>igMA03j1^;;Cc;%X-j&LfAdjGa3pXUMDaK%KBc9Id6 zsF~np9M*-gqHveM(|a`wT`6{J;!y*UN5O9Y0#}r$zc{R8KO|(0pTzgb*2|GGLKzZ7 zkXslo=>vRuQUuc3DsaIxTi{tY@(u*7 z8gg~^QxWg*@8oK8&&~EnpaYwSLCiykH0Csf{nDXhr-4P9G}D@QvzkguzN+9=;b_0k z{FjE^ezl(LHh4M(-)!$W)@qH@b+9c==xFP1*aBn|l?rOlvRKDrG8lP$f7cXu%tasY3G;bz?11**Q(*q8()k2(QeWNk>!8( zMZ4}HrbrD^jS^y;c=8o|3%zyhAqZ6|t&&i*+vSCZv1VK3t$%-zy4J>)2j!qvU2iO% zes`kKQ}D`S2mby4{QNUztn0}6UtI727t2;fB5ConNvQL*)MN;?|h+ls&M@%cX}~XcbDfTc)ptnQ*riux;N1I z{zMz01*D#U+u{aIk~|pd5zaT`c6+g!9 z5l-vB9{akv2YpIsLip;eMX%Wrz6zgqJJ|@`7g#nlf7bTF6nxXO8gVh`n@SVAMu+C$ zC`TkHSp)_n9oe+pc$$=olBqY;pk3vS$m7Yz_f>5gn~|*JT<7Hxflz5D@6AT*{tr-< zui(A*{TVg4>Ca9v`2+R)a`MM(-?#eOc(552K`TcgU?y7YQ=QhN1RHX|^D*t)I3AhF zFHsFHdVzbdiw?$DTL7UMGS+dsC*DG2T5Jye%c>2(1VKmGMvohETpgcjFHXS+>^+CM zjtaivpfrZK4qj}6?9VD&w8|!}{;R>h9z}ZaXqkWW*PtaLc9@fn&BNG`DIRE7i@%(H zp-?Ooe&gT$-yR5t=ye+Sre(H`!GnM8?80~d~_&Y$u?i`#hqg3_)Ad`-d#UC9?+1fo0V+9)Irp@yInNeUgN zA$5G7&{u6@%EK!Naf-v0(RrxxS4@2v8ezsf}1uKI4k)CU4>Abj|DX2X1ZoAPDrR<6V==eLm@|)fy^VX4MosR;_7C zf*@CUcA>6*)R#tGgb>8EanQ3`PKBXq90iBWkYBS_Zk=$)DF}jFL*D^D@&VnZ@S9sR>8r)O z4Q6s73ulsuB*ss2!A4gAt*}wJHQMtCy4}WT;(Cwdgb3W@Di;D}2d)Czd0cLq9&a=u z+R5fsK;&I^RBaR`18-aR*wK1mcv8hJ=nYl}TlRd-m#Pw>3Cp?$rDzNMn_WtdZEIN> zpF&**0BUwIZIpHWRpX^6rL8k6Spw$pC2P+$rEQej6$-ul@BZxmp<&m8O!S zHL0gkt>G)9;Q=6f%9*xTNkUioX?5Q{xP2KF~X!J)b<9O??_kJ|Ogslw5Si?t%dd@}$BGCitP7Mxk-i>f~ z<4FaL(O*N~iXo-rcC*lddQm95EFO3hK^Uv3Vsje6hk^-Dl>^!jdl31eKftbra2<$F z(lY_vMIZkDZ6+gv$uJ`dr_)u_cxuw<&C!6b3;izbLx4WKVFVCnDz<5mP0u$B79-lm zxSjU(MUq7k8XlShf~@nfSvMdnH>t&9_;mzmzuWBHxHaw~U^f3o2kSuNSquLBFd)Q! zbfEGk;Y^U`Sf}*ruojrCjM8Yvms~#O%Vjx=Loi|a;NXKTFb)cp&am~^sYUz9{*pqI zj^h*xE>PSg&)S8S899y4th6KmbD4?C99^4d{)17E#}vv?Rw1mz3N&U>tp?wCpBgCD zXPr>+AJkZXP;F?RKI~+4?q1RJtz_$2dhU8N8N0DJKV;bQOZVL<14$mgiw=ziyI1(g zVk578XDK<@*wbcnHtz7o*+esjL5oJUOt49ETZ?*2&^r$x%I;7*I4C6*r;eDLI%ubn zmi`-nGO#t}hFouUPuqj7^lmq-)1%UziEa~x6p`!dE;%E#ff)xr&rq_jBBniJk&V*S zk@f9t`Bgz6d%*+;+XiBO4Q`WXfeVvCywUD_l!aXyO;3ixFa7&JyKk_Ag4fPe!E;>f zgy!Jg{5|nQ5u8ywJG$$?>VKPu& z?f8@e-1Xb6;SBffIBr~Nz264VW;)r503A&{Y}SU;rUqP5|5BOg1c|k;)`r9lG!dZV zkm@`N3>yUDEJu0H-C`a_a0EbK8j;mk4ge|$OnFGo)!-s!CJj2ZS&J=Vv=yL2GdB!@ zE@LVO-q}&G`iwmrP!;-B{^&r1ybx^H9&3pK>!5=+gGw&dk=BcLDc5wIKDKm-&3!fC z7Wkynb+!9UZM$x~rbWsay?96V+HA#2(|r`2xfFzjKLJ-8s1VfuO@H(-tj!s=B;MHalvTyeIiSd;rz!^3ua1Rj)X);q**!7_A~e zMRn`Ey$SmB6}cHiM+ZPjBgTs@f~ZR_pye60qT1SN@@0k0gw~oaDzP`i!?$5A>euS;2nbZTG*OZwq0M@5(XrL$=Uw+= zhw71v3+@fln~})NmXRBKHlm5Ht)SpsrCWJWmAT4N-8EJC9L?slq1>YWq}QqrODRK? zuHB~!UJ#_NuS2k@50TyhL8)+200o8=M1wa^F*dlXz%FfU;}#AVMCpVxp~y@B4h8R3 z(KkGJF`wmloOjR8fBSp?hoxw@?$ja!Co#`$a?(rVB^Z-g%A6a1PJ4~9OV)aW@?b1t z&ju~}$vaE6sRK(5tLq^L^(erIm`lZ9a2Qro;sJ=gYuHY|6Zy6w&~L|Cl4@Wz8FURc zkTw1C8xaDNy5=}IT`PlhRfvK^-=EePuW1xuMJPu1^==SCL&xy5RB03lo|$tyV+;9 z20Wbw;{(;6(h)TEt1SfkY*S-FEW73eZY_ag-7U*&$D{Q|?;SsJo0%_4fvtv&XJ`uI zJhBTm(=_P-W}CXw?Yvs}$q~7KpYK!J6#}I|yrfybrr@}z#sVFzKT%;)&nuP&M2A@L zyn#FCN3{^QLrl})*8!;e*^^d{i8I9}DJ{Lb@Kvz=w!T^}DD&#e7NMzjP?~bVjn&3y zPZP^v34iO~{lD(_i|ovT@I*b^%ZK)#p8574|4+-2tSNYYYgh1g-NcKa#TQJ? zb8xmwKyE58YNfGf+5j2nL0a0v6Ty3&iUS`BKq?mesjgd4gI+ya~X4M!nU$thCg4j>Zuf{lu z5NK+n@w;eaLg+dsUng4s?yi6bAxrW7MQYAhcO>c5cB5f)u2nAT`8_3fL9GV)A&5m! zkEn&%My_YC3!xQl*M)ERuGOmTu6JNi9%*@U$CG~M%{HsR)(Hw8P53og1}zF+#F~G} zA$xT^SyK+40vZP^os6EXiQI2=7qM`$jV$0t8y`3BYmatVjLN~&{2?d38*u|s@Bp4b zVZUlYxZ4!<660)j{o5e3K@Yy2|Jsq&LPBmV3Q=#`Ym$BYj{)M+83oC~04WHtId;Ig zfBP!GHQ*&E+0fWbWVFmw#t?bu|MLHQaCpQh+P{ZFazQ)3@;fIczVQctyb?+I3cjfP zBp$q1B4q-_l~xDf+iEzf$W=eU(_CJJ&liqCz2OUE9k#hv!g{9TEhy`vtOf%IiXhE- zI$%RUlAF8$wKr7vpoSP6E>*1CdKy(N0$WuA{HH-v_1Zl)6UW^~Z%RTOZt?X+$G1>< zfY0490=muIZU3)L*ST0SNE7&i22&!QK9|cjQcrvtG{pii$)d)KYFjNjb8j&1lke1nyZ!5Oj6&{1)#f-Hatp9QQd9jGT!bgYgT?4baidrm!8 ziNUbptQfg^coEvyT1uZp9GXnbS#gr}tRwO5JvDnYoaDBa(^=`w-WUa%{vcJ^s1ahu zr%{6OzG!p{7$^rg|Jcyybfn@`92M0(PR<)Bm6l9cN^=UXK7>Ms?$*a|)_b^`9h3iL>shB!@>U(RJ9-306B;Zo$^w09v%29>?w1FgshW z(U&LVywI(Ym9cD7D&4?hVD)=7CN+6xG-r#T94?ec40Fc!?&XSWe1pRyJZI8)w|Q;0 zOtST>Zo}U6YO5U!vQgXPf%#Yt-sWfWQ(4=QqPrYWr5^h=+Vo|3t1x#^Xu!^Fccn$} zqUHrfPZ~uEi{9y&ARc1B^Se&#{Hj>(M z54OfF_D$)-i6E6bHfA#i0?Yet`T^1G3FrX6Rfx4PkHAaBcOXcnOVv&2tu0D?|IsnM z%(GR&i#)=si~6G3l#n!VsnqR@vAr{|t$q9CVmPt@^i_hLL+j zt=ZrW3tW;a4Ufh=s5!OdfFqz_LPY^os*^k%p9>^L@s$Ij3iq8 zXuoVk;jpX&_k^RHfPFQC(np@6M)rSn5cAcM2TeIcQ4!c=8G97w!_1hi1PMv( zoq&I%UTRRRgNC1gjM9fq%WL^8NO%ujV z*IKa=`0nmA!tlFrd~FkJOj_-GFGT5=*Uq9R`K*Yc>BwKc~Y1FHZ%?L~QRs%)6bSHJOXN@);$vBA`K)1gL_=YRP>?&@J9+NMc41<%EmQt0y3 zY*EC$^V@{P4VfNn?OC%~e9_-qaNhn`RwvwIq-Qxk3O`ae!)(8qEl}TP>rcvD}{b71XzBm15zp4;$P_nPK1xk~2 z(Xo3#a^W2ZTK9|zo`6uayS?G4)zAQ&Q}8MhohK(G;KflI3SLoXix~A*UtCGnREwe; zz*87_*z+#8aJ7!YfaS>=v%Z=XyiX2p64sax5;K7sa?KxvH-I2LSy05ILuY>ZpzsuY zg8=Q5@P^Tg?p1DZ6~3~8$XEA>chRWNO!rU*~w<2A8 z)DhWu8pHARpYc=kt5wVfFyQy7jXUGhYgj~*V#B)B2v(3ybh4^_^ySlK5Ul~wdl2>p z=aGidhRLQT;3@H#Ot5EsmT~OwP1M&$a=~O(;8yo=OVmt8tFpEgTEQWBziU9JK{m}H zvj&<1_c#O8$ib&WuZc!eP2Ia`HI2Xlxd}1??ABrHrM8Q$v=&e=Ekx3p3?1)_P<2$K zAoi#rAX+_^ma|Kg7k$;zKGL?X4M?);+M{qG#ij?fdnu=Dg@n7U1!xT#)E3*tPLpUb z>J5;enDcIZTtU zm|XFn@^%fdRt!rfhxlx!Y2%C$g>BHh_u(8I>IMkVb=EfaCTZRR0iIzzG25W7NzUt- zn<>N8Q_HKJmRrQD!<|nt-t(rQf}{0T8Z>$cRTfi}>1OCX?)_j(F!ylwn`BIN!yl4dB{8*1t zj8o+$*?GOA2|oIh!cydo#UL6mkVuB_VVL`5vOMtWpc{fe`>0jmG(FfNI@^Sn(Lu-8 zI@IQYqUl*v+s?hTJJh3>Q8jmC+4{i5n(5W6|1m3Bo;Hia`S#YSpjgfq3`!1xu;$5{ z*w)bOzx*ltz%n0@Qx0XYS`jE0w8C5Zbk;{lh1?1}*QSD6*HXKQTgD`aRcX4h|CIkr zJ3ib~?T)qYcy&f$%T=qoXw|05;_l^gT8vo}2Cb~EwAy)`6oCrR8*R z8-6LPtQN~{#297FE!#U9bu_5KdJj^qRi7C%+C+S1(7_44!J!*e8JBHa-T?9{61%DS z4j~G`NrTKBy(ylW_{)nctwv`uOIvg6)#d1&&9ca%Qx4Z2vITPXe-j#m*fD1Eq29?c z@W!>)Z#pS`>%kxvgiy(0aTLD|MW=}ryWWsyE-mR3otGC5&_t6A4Zy42F7&5lk2uFt zWluZp^SIHgD1kON*yd$Zu+~gCH-OfH&CqmtiD617OPrpJt>w9#N=>uNF+%|XGV94#5j0dPcO0TmR*R zjVM#SrcXHZHE#1c$DY$4+!Ky=O~Hqy{Lvv>@vb-wf@0n5pkmzXFHjrjbsLmIMpvz* z72M6jhHL2yS>CD~sxd~N$sC&nC4�W>{&-fls&rJT^ct1Co0vuIP;Z_VBv4<5t?J zU|EM)+Z+DK)NQ6+gJwNw`38gFp@Zr%qH-_qliur*2cXt~XVbpIj?0_quhpa$ShPzq zlZQ%k9-$hExZ!)j<@KqngC6xM%b$@H*m<>$4e+!e)TD0<@Z5ClHxC+0b-^1Q#kvMn z(sr74(0p(3ys}=P`JkFmxvleAUHG_>SiO$OTocz#Yi=|!FKpNtsZWiFMZO9a>4Fvaq8QlaNisrj0a@O65ay<4U)|q5JzZuu{n9N$X2y>4{t6 z6;FJ4^Il&BJ0qhVfbG(wgEDNXGPcQ^UY7D1Z}*&_^}M<)Y^ReAgk?OKJFB*d(-e{& zUlv*u{B)2?O;5DSEg!+FasTSqn>3F~dEXrLA5x#B;kDWI4pjin!{(c8R2GoI-n?3a z2JP@z4fE2N#3=1|<8jeJmR;0fvM&_f@Y}t>fQjHwu?6IEUH4XQmK&{XVqpz#ayd$C zMI^JQ&s`C#Ma~-Ybf5gOsWZwSFMjEbs~s{O2HGsx6)wSg>CU)UvF+-&6qRz4xO%SY zm^hPMzSy3iCeWQI(LJ^_cp`{UpIgsD3(SyT{jEwGVQ%wCrP4_-pwEG`u|a?py$ z7}BurTj9F4jon)+Ek#B)hUN%br|ea`sC}Vrw$foUc{EMXw<(*C%y4p98*_gY%m%{% znYG%5F8=EE=wQ%RHEN9+!rXZL$cecJq7*!oSrE%iM`v#95cp!1(z@cPNl$p&BkN-} z1#jNkWrJ8c(|h2miHMe$joWC*qpOCM$xpKWsEL+z4rWVhgSOeHGJm5D&#rN65fr(; zPzmxf54T8Isrb`6eJ?GdBW$d&QUI8^X`Y;m4Y`YsgbX#oiCYNFkRt4EVAOkbgq~hE zwInGX4c%x%!7hzL){{%E@NO`#hYszuff}2XjZS-Lvz!7=8n4N1S{oRY42F#k7+;M} zq$y7%HQ!@2>PF?Cqvj#Vbzu<=j|V(baxm2@PFMb5ZCjYwe)b;{=cI|Ny>3?3$Go&L*2~7R($Bwo^r7pY=pMZ-zd`= zXWp+qNy+d$%(>-Dj^^}{2HmQ^V|y;HipM5MdT_Sx6(0UP*G^S%N2o9Mau%x#C~X7DN!f~rKtrgmuF9UohalJ*dN0AD7IoS^qG$llHuHrkQL(GV*+{2GMYbMjD!^&Czn>NlQukbS1;n zz=u8MuIti9H*|(4XWhzya>C~v7b`(elPm5C??_drsO9t_k0q4)<$jTaZfa^+YS6WL zMh3#*IJ{x|^09+#H)alk#>o#2Lg_J@YG(wX-XO{VTzr|V%wTt`7L)@5Ssx-~B}=r; zYSD2z=CaR*PA<^xS>_a%rks8GK3EISm3D{ z(*B&?ER{?HIMLf1va=Ny-aNb|{RVmkz6U!;4~7+`|CZPK@NEZYhv)~bLZdh%o<$sX zj)`%T9`>U&1Q)b+***ksUs7+Zp4wUe$snmUo^~{;mUM%&bwoBSui?PsEqy6{8Z?{x z5bfx-pjNmOVxF+@3=ALcZEg5$*upb`e$@C?k!c12PIRpri`xF<0rm`b;!odbxLu<8 z-AQ}y?pC{|jgSMZZN8)_XA|9OCwTxhs0KI~(+`(bE8y)HHGWLnG(jf-hk!}v-{YDM zI#ecq+W5=SoL+aya4i!OpQl;kwMZJ-KD>GA?L^9zCT9kTA|Mb)SABqy*74(#ywjYJyTC4d{b0nJFEMZveuLtS?{ zf38vyFITjh_^Yvct-@H*_wj@r=YvzON5$J##DYkhW02rc4ltd-S5C1O}zusTfn)!l^=xw^9Z{F~NlHx1u0*C)MisbtuljmQx}uCqU^X zn5s$>_-veXBu#>!M*PcW(*#x{p$)uzv?*Z-c69G_UUHnYe)Nl271(-YvA%Tt+OO@x z+|rx1+|KgB+k%-ak4=LcacFF_MTkg~-i{WADO+@}y9sze0CKt>-FzPzp9J~%w`!;6 zs5(`K#a=h*X{C=F7<5Od+OsV(rSs$=M%6yLL9XX$B2+ZJA@!_6ED^UQbfdFQjX7>s zM3}AHER$CwfVQ>*7nGwL>8f>h>Sz_Tijk(~bvtUeK3gIdz#YX)C*nIeE)Y7?f+Qul zCix+TzcY_HPt@I@ph=V!vLa*Lh66yY)PUf`^l=KC3gAig2ho%HglS+wjL zayx)q5hcwaY$HmxDt?_lw}^%^mO{%JoZfMx0-I*Xt^;p*1Mq{Xt0B81 zUj{F>Q`)@$ z^tw9hLOvi2U5Lm=Oq9!P>{Cx9ld1tcb+|gzTjf@pMG+J>PJp&QV`7DE@GJZ$I}0(A zSWK$q_>PQACX%{^h(JL60+j*clB;O~#iQLzWp>aH$Kz~+%Q=A}0jc;G-q1DN5)Q3Z zcrY5bQ}jqrbAuI9sbtr-eZ~<-PPCn^=4?RT0(|RHp|Vap;W+JQBFsz_F<(q5tI|cw zms1%wO{$klB_IG_BS}Q*JBtKOFNt-R_ZOW`sex1Q?M9_J1GFisSNTw+u14-f(~8}| zQsyqFSjioHeP$8@qj&ek0 zpw?B{BItW5VF?JFoV2mI?pk`iQ5>vimIbM(;{=;@jduwPe&s0 zSlnW1u9x<~uPdK|RJty=1*pP|6cOjI~|6z^4y7Yn&nYJCQKkQMwBtC1LZFJ zDWd0Nah@%eim_-UmBbZhrWM*$)&edOl#f5b)|nc`w%fGESE~WSrngFx%o=M*_JIDt z8&D??fsXo=gYnEEW00swW`P)wM&n6TsVGpcbMl^QY|n$2W;;@=G=gZL1yScx?op9Y zhl(cY1%ZrFg?YrcI4|IX`U}#q>S5i6ye1xGID(GPgn{3!QD0vh{i)LD4V|dO zgt}5tg>L#zVDqJ!eV24leG3I{u@ zSsGSeQ2!aT4Ob7;fI#5PBm|l;h!?<6xOhYH{_U*Jf*|xhx9F)REEvv&fEb=ws*pyd zQY;p7#LhCQOf-s<08PbQBdQNLlgYDftuZmYl?&A`Rm;YZ6Bh&FGwuas{-f1Qby&xTkI}&C(x*@n+ zuwI2K8w$Rq@iqFgUOHlD6>NX>%fVqZM!rUSYmU3qkE?s|znFp#jMjn5h3r}ep+6#^ zAv_2OC5q^m9q-hoiy`S$!HartL2v*84WYaqq&*qihzO}9Yko|ma4nzDiE|heSI@jX zWr1oUfhw^BV*EV`EjFba^%2|_l_mNLez9~svKyIQsbVn{un!V(G-bI`DJ4=#p+Z$M zJlYt9y6R12ug!O!TpLoGW3VD+n;w+edHT$syVt%J5IA2s97BB;m~t|e5Ql(ZxR@zo z0LYo0n)p;5FGq@D(_`@Hp+B0LXc?;xQj!rh@LDC?hAePz{yybFqpxBPkmB2KSh(*K2Ql(rf0f%HtazG#P z)sg)>UhLe308kOAY@uEslwK@IU{(Mx$S27n+!zrgi!Q8iT&2XX@Sns7l*c&8G6`y| z?APS5_7_aXuPb3Yf*_cKXxyNoc+AXNIA1KmN^z{WY7zG}fejvs;^Ky)1l|G%ugG9H z=+S37DX@{zYxd2&3EwblUT(r%+C7!lu{zh%H!wGjf;BXv|C14ri^Qnd6pNSeS}2uF z5nN$37|mMFt}QWdCia~Y6{FO9e2eM)T7$wG9B z0#UR0=tXf;MfuC!!~*zBgv-s1RJ5T%q`!0J0~U>W(5<6fPeR(rydlbGufCy!f_HwU zhQTA^rq^rOA821V24=1jud85kCHa{qEt)MdUHv$OfR+NqFry7YPB@6jAJF->X=QZxtPlr%av+6n*p1IbGeJ@U`W_%%)l870zZ%JbQ;Yw zYRs*P>H?R=$MU|a_AqwP7!O{%G)HPgtXu7y_^Kp6>=hJk4KRAhYjo0la}yKlW9@{} zQHvObh=5d!%I>khXmLXHm6D*_3@~$=#BYow<0-NBY9vkI;yV0+4d+pS&DSW;6vFB- zY?)E}S2rZZf!CxPr8FyD)HOseH8j-{^a*iBBk@wH7K$aUnAb&Y#R@5C>9h&}$tFj| zFp)-Fy;_44n@dV;TcovLzW#L@Fo*&Lhy!aoA_7;8cb$;2uzUcSG6Vb0aH@6UUT{|` zoh}sEZ5#|BZuF=EE3eReghl4Pl)lDZMB*4l2@k*|V&_tYBSCnviUnf8kc4TeWN|fg zza(m6G5Yh5VKhze`ykHpUk^%+`K(5wKB_%F_NAaYeF|ok>LQe!f)B!0=Py8P>tH?U z`O%H+jm+A=Cpe6DVz{BEI&%8D3f=+M1DX?XCgzM+jb@Bs4UU09TfP7~aTQE$U==bY z-%}75Ihl${cCT8+sS+J;d23aWjl6?OOlNr*r!>4>9fqkwEA=*kZ8%m5;7cuI9=$&# z#a%(UgJ8fMCa9|_8v9t7Mbq#UW})qjl-2Z+Gn`b~$N(jGC5cG2A+;WaG#GE>cfL@@ zH^o)cbgP`$LeYiU0X~a4M#>ZqL*kGvnQdzzED0v54=Oz+g zD_roMRfYz*QEi++nLDKnB8f!PS8J7Y3f-XbeMx`d&SK+H{w98v1c9Xjj&M#*6RJ8? zP1)#=ghM1tm`J9PKR_7mLS#Fh!2Oa%t(ItaC`Wc_Nd>r3`AsxACO(QDn1rwCgn&U^ zONo@~JkWiFe?5wlf2|#DS^tV)mawW=u|koeErFd(ozRY+Pmhjo^lo8de-ND%yhq6m zg{;6b53Pl^J&b!StSsR1f`u2njI34uQjby)SYw1_yV6Mh<>h5z(irh4aTDXQw46Jo z9z66eu^nMJo&^y?*gn&l5b%3j2d?e+dHiiO?%FakR-TatB|%ovH5=mC>Vac%fE`Vw z#JpBY1nyA|G7aU0RAjVCt%HHQMRS`OrZg#wHB6CM(#@`WTgt38{8okH&&A=AhSSmwLY|ef=w@y$X@^fHG|iV%*tsoJ^!Rww0zoeDseN7U_OP%HmHvW1x6JEf zY|U$G6>C(XRLCz*%$2QYMD(BG?M?$CD@=DVyTP zB++=)8EDRYz9_my?E*87MCaoL>z!`Jzbr_R)SAv-CMA3FYeZa}Bds2FvQk27G^X1V zsFlz#WSSJq?f zO?o1UDU}d>Q(lV9#Qhb5S3;CnkF*GBXxB>2_N4yRw=XQEy{0aG!Zu3Kha1E5KDs$N zVia*H$K(1^SSYfVj7L%_DOP~C$uUt!l1?YHU72imH;TPjtLBKPV7kdsjI1|-bS0=` zPL}K3+cK*GIU)T9)9HNuF?o;KJ@)d%wTbfvF3g@Vu~Vh=GFK_)rQ%Wyz9dy)1Q}|q z{LsLV+{Hay5q5f!*IEZ#%rL*BevEnAN%*94Eb0Z_t5I&mk-fD{nI~Pzj0wz&r>#>__e{%v(-5Z zEqSs=^^b&9J&R4M=d@;8H44P*tr=2W=5nPoXU>d|k9T)EKYP@_ftBM-aH%C&zks*9+TP%paiGV5I%TUp8-`QXF1-hAuQ z<;x5c=g!Y9EM>cTGU=Fzz*1S3 znQ6(fvY@9?o?9R#%2JT8%1kAQ7W0dMP`lM2V&Jk5GDn5E zP1|0E1(9LOnzR~=5hp)+>eRyWBK&*i-1$na-q+v94d~pN>FHA^Pv`T6p5A_%Kr3UD zN&l?V5rE@^$~roOu#TIqZ2ginotv9Osbl&OisvGLy>{)|*>h)^ zR8LQj)RT(~;;QT{Pok6{=^Gy5*QKT9Qzy^l^Cj*Fs#0A=Twbc;#phCx@Q8f1g9{|5 zh_9SXEG@5`K6{Q}=HTFf=JZvmTS8JEQ!~+=cuzdZzdk&Dit}$UIi=*}gV{nZh5~-| zn8enP5!5N1IC1i=x8AxoK2BjB28TLH#3MZBks%q@d#?_ZyshOx6< z*;G2Iyj~-UtL$n{oU0!7l#w#84@P4(TO84(1{!el^qd=};l~Kfl$>)0J%S6Bi}>zP z4T}E6>C>;gx&O@h%hb4Jdb-URhcKe-PaG=Ye0s8o(Tb4K(P&2|XV7R)R!KysA!am$ z*npO9<1fSar{lQTV>4$=TMxnne%Rcc5Lecx{;~5(bb6xE9lHw4>rWnUnSn2wpJf-+ ztBRSvxHNz6+_}Yt!tzpiW@ZV_N~W-DBwZyV62_FYwFO6&)OE3gL|7!~rRfc_bJe+- z`OBBC!0FxD9$1iK5%5ol{>-_v1vUUs_z4n_nP; zI=?VqB5@lh1S-@iCDVc%S+JyBE!s$f;o%GCFaGRjKbxGG+_7^4HHjb@^Y< z@0PykNF69qKhQl|Ik&ug{P>BNUU_w9c7FTLUD-@pArPiERis>%f-k8w7B87)b%drZ zBPNZ|Sn1M*OP4QRx_0I2{<90r=diWyx#Y!Ok$Sln4 zmusGW61UpQ$UOlmL2~K=HQZQ}r9{A-AF;8XfAK|B`{k=w_aAsSna=LqwIhS|?zw4iB9Y=|JUOL)S^l7lZuLAvbbm=wo4QuY_+1TclX|MKE?v6x!V524 zIDcW&=1l_wgWQ}-r@-lf1Mj@~#v9qLuFab^>mox+r6kBIrkJdl*OZNf>%|uV=@&0t zdhw-~7Z#SbZrj?`g-0&q0ZOVcEKw|^04WhvjCL?6YkU9#U`6ziAi>iv>pqkPtVKu8%%BqhO zs^wQ!-hStuzx~_4`_a=sx;B1w)27Y4cJ5MY7X{B+45cY0cljU|m~O5hYm_m6uTM-! zm{e+@bZxqfLHdxnE0`IpRCr2RyAy2|&vF)w#A0N=GD!^`h~=x2Q6MZV#PrmUhdr^j zg)aGu0+5w*O!B?=-uo|q^;bXp`SX{rjt`9tZ`nEq`_IlzUAc0ZaDECWFOJHTc-8dG z+|0~;sa#uJ&hv?+46dQ3y^L!l|D{^bsWt&xgHVl$3BWk}jw2N_MujrU4|rQYQ)|?88mat9vR!XiB$p z@Kv-bckrdPiXuDAG?$_V;XXqgXf^f2EJbXBN(=0%zLY8=Ng?TqL~+E0st_F&EaXuB z)aes1z4-FAYtvV+PMte@v8N|9GBSYT#{#jaf))v>PSwS((lAmBD?;*Pa!xq?vX0~U z(Ub4IeV~{x!G=jVy&g)Xl8cLrue|yi)_-qLFOeE<>+0%q=Y5HSpzv0>pREw2X{9F5 zUS#ynmf|-Y1Cb57paEE_iK1dDLbYsRa&j`C%VX>+;hQKo5huVBt>DajOT6nA2aLU3 zT$rCN7t5?+7Jz$8c^&77^&=bCn_aairv(QB>1qq(PcDf2tiASR31i(Q9j-&XM zD#SGN9iEz+e*Mii`3=c?`SR5*Tesh|XIF}7M5T1)@|CyV-k(UOKKt3vvD_RiNZN%` zCP~~$ZG1G6K$UVaw~|v_$U;Zc>SXOq7BOHtnwp$?_uY3_aw`u!@L+#`pVXB_sn{=m zc=W^f4!(EOO*f&i3FOd+*lnmHG1Q3UOR^CiXxbg=2^qZo)_zp@ZMWUZ>IPGafYSmV zR>;Pf+nMzGgO+yJ7NuT=E0}v9xFjNX25me#;0-`dKhe!Cy)VVH# zkP1P`;%oTCEJ)jsSoE2c?vb2k!vIMDTSbCu1Q9wAF^JH8z`_^Ko%_KLe^e?}9(m-^ z`|iDW-!1!wh6k;>1kHzfMsNuw%M}R|i+wCZVo^g4j~`-QSXkJ$ZJXwq)x$mUMRtbK&e(A#@fR0=K!j*}wn$zrT8Y;xmstcJBiZjcgh_bm;Kx%>1@3 z+psTSQIb5zj~@B2fBo0r|H0Egd+z0De)ileue|#5%dZ?hdct5lWB=Fe0CrsW~~c##5k! z$>#Dax>Jy7dY;9c6&p-EbS7toE7jb}3d$KyW5W%JGE_xQVvrm=cJ#f2hf=8?)@RI2 z&+fTt$Jp42RHu|(y02KslL?HaQspAlF0MIS8X(7zuTtVF4i&ovM2L#L_4YfPMmOJe z*FB5`Od%H;&HnxSiLn8h6DLnXHp3${F8dns7u`&85;l!`T;ex0vaxEC%C@Y!(FJS{ zSePO*2EMaRMl3-#etrC<7hjs1p4z>8x7y-r|7rM5R+LH(f~R;ydUWA61>^X&YcIU` z{P^{WZQHghzZYeNt?beva@cZ$TI*vWPc?|0BY1<_@>g(si#6~I_qc(KgoZuMC4%a5 zx%|2F=Z_sbc75VHwdNNuoPYPgySR53E?!(&UO_pc*AE{)j8;Yujf{)}(50n3^dTS6 z!^_K1Vbvip;B@y+?7seuq#nC$OmSFH_uzdYa)U1F~7Jd z8@2E`$C}+Rd4EI-isZu&KRA8r6w$DI?!N2pyYJd}>%LoVxp@<>(M`K{?apSq0FOv# z%E8r@0X3up@bbAbH@8qOA(tsn6a6HjL{_gBt;5qyl_le2^gEI`bvqWK~!MGt(JC6Owy* zacOCGmcd~&(LRD@eqjNRnftLh5LWd4Dj6^KLN@aR#3gNK0urNJ2iB`h~q|Jr-MX|qERx+uSnBmJSQ1txV z92hO;^D9fsP%2kWoj!ZygQGn?y`TU5=bw1u3tgGaiDSo49zU@-zeqqDbGJ||CsLW+ zyKlPVjyng3hNQ}*P}s3!`)#+~wq?r}LeLBVNG{CJGmNq*LQyf?1NM<%FxnhMqNPHB z6%cX1)FIaD$T5%z-Gf0O0Pv6r+IIu9yY1hMeG69*0*j7l^8hZ7O$F znI9kpIGUECqf#M{$cpy$_5lq>RjZVyCazCSPN)yW4hr$!o^G<7C}nV^<`E)I_!^2r z7ZZ3Zl?wzbAVpw^=!5VJ1yP++cUY$iN+J;wpTpG1tuQ)f$1sp2@FOw@AvQELvUA7I zO`FG{oJ=|e5C97@6BwEd5!tAFffNdPU?S^msW=JMN{TrwMLLJfbvud#p;_jUhxqe( z=DvAs^VY3fG1i$WGrojqJ$NcyH+JFbICXf0MH3Scoe&Xbb>FMcP_w5@S z8$%IZx_A*V4-O6P*}aDk#I!L2?!M<95xYq;i}k~YKR9#h^gHkDfAh`Pr>7^O!d`Je z>jw|M|Mb&8I`sZw4A0}oj?>x$58jUr@Pi-x{j0COc=YHoT(psq%|xJ2pFVr_>b23) zO(6BP*I%ERof#e;f=0QB_(Wv7r;i^ycKXcex88jF;QQ}0Z05zfFFqW4 z|KKyvKJ&&KuOB@0-t~#uU3+f1?T$O<=N53sF;R~kIgB{lv112j435RYLx)ZrKXK;l zS=3@zSGVpCSG#iQ!u9Ldzxc&3e&^fYe&mtQedaTtx$pi5AbmDHT7cXA9cpY84<`hDTTIjW)%0B8t= z6j5>d#qyPLzW3hr%rq(-^W@m^6PUXoZeelxrkifQ>89P{hu6w5H{W>k%{PyJc$B%I^LeSGi+o>( zNVoy74v-!?bO>{4WOPJT*XdjK-MVMbO=LHo{^5^ad;JY&ijmacKZx9c!%13`&Dp>I z9hyZlPEJk_4i4Y4Zyze+m6u;eql}Gho}9dnL-zXXZyY&t1Uq18Xt<}hhoHsbLx+F< z+|S>A?_EL>=vQWU^DTQJ9wZcqrpVyr@nf&N^wR4P!`U;bOm=8=baHCy?fq{PL3#iE z_c0p!`}(oQ80TAr4)*UqdGZw27}|v!7!R_QY>r^(?75#l`^*c^zX)WIV%e@*H5{_@f^&K-3k2IGydnNIiJ)y=R|&=D<7e;ErHfW-{rC>(}@1e;WwCckul~ zhmQcat=o2>5rN5bKYyNN6AJ#?)p26W>^ahv?IHe5D(A$plZ9Lnix!SJ`r$E#jl!nE z^B2y)1oa8|(Nq{y5ixh}+<8b6SP@Wx0Elf68R9w!0xV`|!d9=o_8KJ%{e68SqnnSP zJoSU8e|+fhhX`fZlk&ikk>MoUMHGv$Fay}SWo-M_EjzYvhdn_qT#Vy+-+d44*uDe# zjt36_j~@N-#TQ?IHcp&4fp&yE&YwGf>h!7i55AAo9UUDZq4wh+|M>OSUORL06qYFQ zGh%YnlT&ZM_14QTz4XTGuTM`+5B3jqXS0|}&;IOLa6w87I1CK*PfpML_$SZ&{P`ED z(Ir7aMB)6|bML?V-jz$2b4x3!SbU(brz@N3>+MBeJ@~0lZ`-jOs|8Z{?svZP_@j^A zwC5(uKaU+hjub-FoIG&?q8%L_Md<=M0*(9Mc?WP2#vqbBI5U`EzGs@wfLMIC|_Dc3=PCFubeLy=o>ApB$ff_rTk4y!P_pLx(P2 zyo_WX8tI!~oI7^>SUNS>l^sNF@40DgY)d~ejaW20erI=5m?m!bx$_q>ui+ZH>+OM3 z`rwG4{`4m=zVsp~8*V0gPrMe&LB&eAUba3A<0(`sg;S?aLfapH0GvJqKB(lr-U0N( zv7^V29QokA_uhqCc?_e0rTnvVvmbnL1XT>(as^x;IB)>|g#|zXqUP2!7Vo;-Et=Rbe`)z{y+c=<|qS1&f4uAY_Hg6|<~;PTf`y?@+8 zYCEdDeafofEl!BpgPjQBK$lpQ5H#V{eYf5M;xVZvrzYV>uzSZHcX99j{RfCn6Eb}M z`R7R|k+LOA2Xn0~E&k@0zk+LroO=0{*ZTVgF_E#=dwTkomvRRVy!n%#{3w@SCUCHI z>yBii2gCol=bl5g6TF2YpZ?*~yLa!}d(&P-!`u5MQ-C`{fbH~|v%1weyR4<|xa%%> z7+(sWVc7VTh-MUUUvJM-Pd-s86^ zn9m0f9wNYd?(BJF5JWjYKZmkpua`vPVRXz}Z@r01XXJ$aw{P3ZTCz`l`oRxBI6`<3 z!OAjgK$J-L;Lc)E9(?azsPOvuIBpUyR9gA`XFvP-iBqSBM@P4#@OSSS8XgKIB+1Nx z;s4X8Pjz>9BS&;2mrPf87oz_9&!-JvFH^{%v%+3L*>FEWcr+vK_ zkcM~Oe)Imf_oGcw;rKDwE;KbdGD`8hBu)v^EG^^b!JPOy1Yjm7C-8XSK7tmAX=K~; z&pnR&Or`Gpi$blA)_LWn7ssz$ zA?hG`hj292)s0PtVaF_%78W2sEJbGb^PfNW+H0>$d@>RxV!3(q=JBgn$>8GFedpW1 zO_-j+96WS*dS(XK31=VI?ScF6?dwk0%2*OhGt-kZ(^G^nC|!B$?KhWJmZ4z~L0$$= z>dNKIAo|fqK8IU;>g0)c4jdpYfX{lFj`}c+5QG>Q9-W(8nVwk&Hs{Y@E|p#%8XmpAAx^)3=I&%2%A~q$qA7<{z$Otw8 z@Bzi#441vbzHJ-+{f~e06U-p;co6)x zhp)wAU&acYUs%TefSvch{bq09P$u0yJ2{ch6_0iw9vkc*9qCIY2SbrW@4zU8G%}Lw z?#iI^w`>{1zQ<3cR1GkG_~B6u9gLp2`B|Vr8VG|DPjP->5i=K0-8NK4H)EM$yy7Rq zzuUKO$2!3T#P&jHF3c}sC4kd~#W`4NeEiC{zV(fryS9rMk4C8qdhX{hJp1f(SpQ%d z5O();vt`rM0N+3$zdw5V%9Sgq)rra3xw%Cm4XI4;9k<^>s3w(266Got^Tc(q;izz^ z)l(-6ecFFL$|XtlS|8w96fph z+8!AlLIqCEEWC5zF!8*tTel!uXJ@9bPoU;!iP7`*fd@Yg4PY#uJb41)Pw@(p|AP;Y zy!gV4$VNgzaL2xzZ^5twVpA72Pzw@2_ zm`aF|N>5jsL;@iaggJ8H=+UG1+5IuVDe_3%N`t zwP|F8;DJ!l!V>;xUvK}+%);>#r^sm%Bs!1vQwt-CcWmDxsZZf^N@D-?!5(7dj9+cxC=&N3!b*qUe;>}g=bpQVhX#oN5-%bG`R;-JIHs`cX=KpdcR%sOQ{7!XhYue? zC}YB-=ZN;-d+&W;`N~(ivfT&YI|zq=;R|2*^rs)9`1#n0<7i(J#@tUx;G5t4=FXiv zi4#incV+3vKl%|OiShsQKm5Z@TgHfHkBx0Td-ei$?yg)U&ZYTP$+<;)SPw^dll1ykC6rMf?W*0CWkgH9x=5+uw&cCLYL; zKL7d0$-@2M2j2%8_uX^pNe3 z;>nTW;X{YtCw6%Ez4wwhAQyAjUH6V{-j1Hb45Bd{U+Cmp-}?3!zW4>~a=IpG3`R(= z;yvR{LP-Do5B~X6Pd)|T0%7pWZA3K)Tw`*<;biFl@DKk89Y8*aU<&u66#((q0pd5l z&fF=`BRI6QxPtQg@WT&3{m?^?J^sjh@8h7qNwnjMFMe_7&fQpqTCN{`{<-JI$FF_m ztH1Tne*gDx-ghhQ3=R+7fB*er(2(GmoFbBZ`QpXjc)Wk8Iw&3F1d~y#D%|tiO2ZGoStZ z7oY4K7=%uUFW$EAmfoH&bZ{aTrXG+OX0A|r^zkqJ&hPvl_6^<}mei9^K6UTC_tFd1 zQlrB|1W%yY?c2BAdFP!7&BI4Nh{Tc)efDAEQbbcI4f)15zL`yD&YV88Wo+v$H{XIK zbo$g82nHXB9Mh@Or$6_(&wclIzPo47o~M8OBdCZeK+j<6(xr>IdZ<+l5wz6r{O<2Q z^qJ4Vus7}93u%#;!EnU7{k#A6x44ls^4Q~#6SIQvVu{pkx7}5b#AoN1K(6{Zo9o%7|5^*J@K0G{#Q+W8u;d}16_xFGQ z_x}eNc5E~L9}e;7KTm_d2ao*pr$2q+x#u7L?8ATXd%s6C2-5_ZK+i;O$f11gt6%%f zXC8udF}8m4lb=8*UwZ1PfBpx5fI1}DLqz1(+ivgf>0x&F-gn%#x&gf|zR$S`y7tY;x-+hlg_9%w;y9W-O zIeX^z+iydN!MwNKb_WDc;s&Dx%0c0QK}JP^Fd;6S?9YGU3$QA|Gw7N4!SQ1!fc&?= z{p~$_b`kj-8`}gAN<2SQ2PruBqzV4;kN(9Sx8Hf?>a}y{&ym8y1cx5J{N=Aa_ShHt z`UWQ^rm?OdHq;#uD3^+vRD1{-I?%Uc*N#n_cFfH$7fPg}D%dpfSYN4#QJ%Q}tLHX&LLAN~+-V)ZFX zch}DCzx%tt{m?_7rW)Yj`-iEvLp|fNBX2KVz9Kepp@5+_JTm;XuYK(|zx?H=o_zAA zJ-fBSs>I@Aa_)9`0kpA_TY6{z{&(Lw@ZhID^*i7Fokt#hbY-P*^3-W|2RVEC{LJj^ zz_A?KC_dCCho%Gz#p2tf2)I*NP5?<9Vxaju|+vr57eRj z?HAY3zeo#KQ5b097g6_qJL`Gyy4E1#b|{mA1qxA#BN2+k(8f;1$OX#mdtj@;(e5w| zd_qWvmuzYn4{zJH^K%bB`uO9YUs#wrbNa-ggV%WwS|P~)&2N02XdzbrxpSwT z?dp}u>(~1GyQmn zzWwpXAH#EEc<@^^EwyRsxdn-8tv+w|JE{4b#zxc$KEt@_( z{2t*1l7dqcbLmt!;sC#4*UmkVK3*CecksRUsnZ@B9$)~36R=*96tEM^7Vzpm_~07YxU%<;Al|CqWraUQ1ko61-O@kw;DZmKS;_f_7NES`$5iRsbBRnb%%@?OfkECUVOy`@Z ze)8A}N$)Q$VW3RUF7yu%Q@lr^B@08QXJ+Sd6clVhy z=g?t9OOT9IQXM(;KI_n)dg6=Z4JfdG>7^H^rYWmfzI0`L>(0Go|GT^UHgDO!YxhmJ z-*!hSU(9B@K#lFbl1X=^k{Nu%f&O9i&}TmL+1u{CeMyp)%O_8q#6HK7;`8k6Ec}bX zgjU8=Ja_ior$6(M#3#DD$-(1zv8-caict3qhBC5y>$dF&-hH3y%U520<*s`k+_HT~ zD%*AI?RNlkYEl;FX0b{sIw4z2;l}o{Ei>0AzW@F2lX3gTH@-E{+eg})v@y;B(F;OZ z_@tz||KRukfTWC2S2O~7Fc`qRckf(|lqiB)c z+qP{U-E!Bhw-1bDQED2+(G6_Vr0FtxObey1RPsu?_sp5o#MlY8vHTB&qU;~}+~*i7 zbWV8wz`O6_=UBPfo;|y%$ir-X_;U~QAc-doCQKrXLTJO*jx!^ShI{Y5=fMXbB>9`o z;)2W8jmQ&tmL3rxq~We#7g{3wIksif@W>GC4?u>7$EfQdB0#JQO-!LUb)4B$f*G*9 z2K_odIfdza{=(Jix#5Q&c_5jLvB5;Cm|mD)(c_n7y@@FD3dI3g?A=@U-JZ=x03y~H zS%8s|EfnR2>SU=nJ|H{LKUyhIBok!V(ikGQ-@Xrh3F#hs|JeBWB(gCQj*pCt5p<&_ zgZvJn{)s2P__>Eahmn|=wK>26n`ZltZTH-DC!wrZB0~u9#Hq7n zMv|$n+in|s;>jm&zG>&#v#0T+0N|Z>-hnNSxrW1{$`n>KI7EuaDniAm551QY491Bd`3^>nBW>}%Wf zZJ@uOI4wdD8*ua37!f(B0hK1@ShKSPn7Y_5E0ci%$mrnPVfN$O_4g0-_4U&o;UG%) zsDdH=iHSh6;MUu2!!P;j*S#A2;E48 zOtzY`wF!$!9c{J3)EG7n zfz+PV>!=XK+1QpX7`S)cb?2A9^yGsN-cL4qpucb8`uGP&KR~ZDc>E-S2RIhQ5`ofR z{nx)j9U|88NDwG6B-XkWse0ix#|6v~Ljfht)IbVXd1`QAkfD$i|J%R)TY}^iVGyC+ zbJK3dh5_-rzx&U=^{sDVvi$j9{P}x-l!a?@tak*B`&rO!V6FnH0u z{AK4PC{If9BM~ZwWbs~%QijpJH{T3AsS9JYzxzACgGT&0nSke>BZDBn-n5s>CPF?| zYNVyvRGYK#bE1##jjY9D#SryjB zA>pa^0L9#Y*PVCjzE!2|+qT21KwI(%qG_Za4Tge*HgDMs616lv%)Fr9ZCeTONC6b? zHB*LPQ2ro}iz^m;j&JgMdY%6M0OICg`Tn@K?<$}gJOMd+qUPXoA6M-{FN_5 z41fDKe}f9gE}_sB`qj~5d3OnMB&b7(k-Ud6kUS_JEqUv~G9Z%2e2EJD#b5jdnL8~9 zrdpm-Gj`)4!8Aw;62xKE@d(B!Vhv~#*nofmFJy)o0pmbei)9N_)6+kH;l&?6^X$?} zZg_Nzgx%(`(XQ?u0&mO96zRw&KZre|iB!hvrotft+L-ix{jyyI-+Owx`ucjG!iVbC>JwgmgHhaNa^k( z9!(LbieI3c;h+tYqa<<46G6_gYrjBruxcaR>&8N$p{otu6T=b-2hG+Prf03TZ*y zj9d2I0+~^;Nz4QKLp6Y%UAuNt=pZDdi*AoJCm?Y&>#{gtl(kcN?o^NMgZYWL5Ft_wBnC zDT!B&bKlpG^pQnS=u3)}WBC{yDC=Q#PZa{lIL$kE?7n{e8hp5E(+DEq@|8;zkU#Li zT}0cUbqr60C6&6DE}rLRco?ll5j~yo8ldSfn(u!J>BOl-*Y~8l)qAcmz_O-A57QPfq>j~sSaFF2XQzs!T z7F{6YB$hka|JjE>`>9WVih3^Dsx}sb52^QAqylz!E^3QlFr*Q+6fOZS$c<%JP91aKm)_>es(<+g*3b(ve80E0gNU#_0mg#F7!#lM5HP zg?XZYnFUH08%~yahFLR`I(z!$_y7LD%F5!O{K=o}+OzlMsk49nU;Y}f+p;|%Lmq_E z$6^ulcaHjTJknZ`Rio2Hj!We+8n*&BAJ^YkfL%l_-_WN;Z0_(ihSA@Ba380h%oMl&#xhKYE%1j$^Ew z{l>Sx#ZXDT12JkdQPi}FSr3%q&2)NLJXcY2V#~mlBo?8%7hZhsM?d=hnKLIhZyve( z?mG&h0<;7SDQ6=vdE4!G*b+p98@*3Y3y;tUdpoFJFHjVMjOos#&|Zkg7hidKVRq_Y z{_(%K=l)M!xiaznAACPon3A<)vgDoBbN_$#{xdqV>&Wv(;gJRj@4ZJ^ly`KZ5lK;` zB+84V)YILh+Rt>)bkEG4yZYWWALi@3@2)p%^_rRc=1r?xjxCZBU6Cx7_Z|gP@ZNh5 zBr@UNFJhleBurI-WL2>!A_{_&59DGD}HUqe&TC7DnvP}2@`kxo1! z1&O0_qjX}>LQ=AgL&JlpZ35BKw9sTq1(78$X_CiqkR`)~AlnC_&2Hi+DJkCROzi4v z=NaTwn$;+&d=OCJLiG=h=H}($5n&-PsaW8&+Ja$#gp@G+HJLjOWfB*Ym;jX~5?HmeysWdm9YFvx2{HBLiIePx zC!Tt8Tj@5KQEgDYNXMl3qQ`?6BG}1p<^h1*L^d{IIs9<2td6dBHWMm#lvJDX2@IX) zrY58hXi`Q-8tFZttUMLi1Z+gk$!(#BE?>Fc+}x30P>7Y<)z!xHKuG}nh{2%&HZ3+# zeSITSv}N;F1ca6_BYYqr34S(UU{+=}D5Ytd&O)FF>+9-4IDxI;9|^`=T&%wDA{=RI z)X>F|Zxj1OK|eghAP*iU9Z1ang9kAKFcgRsBGkDx=7Fb?$*HZaDZf!RIyMYh z8ea!4x{|R`e_kTNpdh$7$V%#AojZRHbCCOjT>;k`wX}E7J`@ZC-o9-+lA1Z^Q70k; z6@O@GaNpj2B_$=`r9?xS2ZSf-;LRwdd-Lpr4oX}8|5WFhxh+_p86KW4(qYGr9mqbY25io)TelMafJ;RnmL+IzZ6SZrBnsk@L0fY~+O>T0A{HBT z4KmG|TiXdkY~8vI8>p(P0-cRU^v=u-4-IMR-wY>bPePEx2)uT!j18HRl18BjrUeEG z#XU%m=;5NB)O8SzLO#X$3l}KoL`WW}ladK&DI9lp4uKNx0whdof_S`SWHEjmcld*# zS*)D^4g_4M_W-?)~WoeAO^Nv#5D zf*cB?UTATnV>@^6A;Lv)Xy=|i_>9fXtvs86cA&US1t=6wAyjID(`X715sgw;W6ctf zLg!Hu11bYE2|Wdi3a$Wuvh?hELiJdyiZe-eJ|O^x-QC-R_H?ttjS zx{xyh$_*|;P635G28M>Htbn+{-_|@tfm;yr!-IqDM(nhmyLRDXvf{06Es%lmP;tyr zX@nIpV~8#A2wtM+j~UOz?%mrdNT5boL`O&4?A2yRgV6aTGg@BPImFx5w z0;LRzAQ>JxaycqG23^iaF#b*o>8}?3&O^(9ySlqT&lnO2Em9HHb@Aebvu8;ty4KO& zjvvqN0gplh;xwRDFjn|3UImat&CMFP*Ht%bhDXL-u9#iB_u%~#-K(r9VLAd!KrY$Al*p$8>N^c!myWBB71=`!6Ent!$3d~ zv7-9W#S0ftoffGLAP)wPF63#%lx6^k8YOMf2}FosIaRBo9NIJyBK zfl?%3#Ted&g$1NMVV-06^C%J@A*uo=2s?_*=I*Yp{DS-~n>XWvoIZUDrWgTlIZsj& z&K3)F`2E8?q7);7@`hOkV9Te1V|zUS;5?$>_DF4Lz0BKVk3PmjhYsdphOvybbnMts zoFqO4jsqhl-pM>bsYQ{TK693(WNRWQ0dEf-Jiv07UB5aw(6?tVbypHeg!}mDiA$HS zBH6i-g9i^`3Go%u+qg7D0hsFWE?Hk;kRZRq!k~h_`!0!jXSpJP9+W*|%vgS~skO4x zMO;H*d{ibni8$1@ZQIz%0L5T4tklTJ5QI~Pj-Eg)N2xSlMA!sL)&%z0xV05^ywz{dQ zE-o$_6RoZMpLf`<6Lv7;$bGtP))$C+ULpC#}BuEU)#AvahQF!FY zz*%8>Ayvl3$A5hEg?bF=kX+m z0`v}H)q>t`X_0h{{5eK?T3VVQ#vVO-1hW7J-;+;1!))+CL7v4` z(~x#J_6OEK=5=jd4No*#kwlY7dIFV!tAx>mE052Ey^f3}d4Z%~$d9MboWkzJ_yf;? ztAU1~0ut6RJ~{&i1|wMs=|o;GX`k#m)c=!DKb@18U)NBN&jZv)go`Xnwie=a+xBhZ z7|g&C?i8G9_Z}nwlgtRQvq@=&lZ%7FHf7qkZP|v|M1CxrsFO8ap}9FLhmXLU}frm<_x~2^O#7v_0ke+3d70)YV3%~BXAyZ zUphBXxs2jR7)LX1G)hyh4VD2GB+z5g-;}5yE@mMsO>cbMUCRq(uBzbTEu%CLHGdOPHC?Y=hYZK^kVx@oqPjY-SRmo#RYXuq-(x2|Z254$}+k4W1s;2(tm*aOLV{ zBoX2sL5%(&k|!)eshs5{O%X#|igeA-qmPk#XfJLJm4?N`@7N;vm*C9Mbg=~s3JcJ$ z$W0`EXLk>f32`5+A7q)s7Fm#=12MRw>>BcAd+Byk&ySyme>7-wxY)uh=%E7#a0sql zyF$bQh$bN^3BVr)8819k$=j8}x2^aD_%{e*=nHs)KpnW4n6024L=_Nf2xuM-94|)B zP2q!*y^Y2K#lew9`XJO2lTs=5d-b|VOb$jIb0oErVx#SIv(PN0`UnKl!J+Z+2s?3l zTuLUB<*Tc&!%acK5G;T$gjGep15_iH7=h>{zMGW7nAMnWtG-z|H|x&KN`stF0%vc} zKtz}=H8mqH7D1oNXnABY?8ua3q8J;9H+vYhBxT8hgE7nS6e&){V`W&eyLau*BFBm2 zgQ+<`Eumj8j#nf05cUWZ1JJDEqGBEy5;dVeLE6a4$r5i^s_juh&cpbLOcmzmORXWT z`VKlu0xEk9T08bDh&oYiOe?Su5~8tVP^G9_Vq557wktaaIS$M~8Dp6C6u@SaV^Qtd zy&EZn5yKkcLlZ*~$qu?UKTmcEMk+o!GGyPr{Z#yAn+*?*u(#oz3aW=;gH~1E zq}ohTNimh9Ad0gyb?{)nV<zv#?Ixi3k!@@x;V4HH|Jea^C=ooBP9y$~i#Z!n+ zW1L}WL0&PXU|2GcA$Bi82aF@DEz9h1S%!CMr<%*vptBCCi$)L(37Hxj`R!Y8QGPKu2f6?ia%@H1>CWBZk@m9k8}RS8Y%X@$ zBT1hI8Uc;RZ@~b?=!BeTo;yq*j80G}n6n*Somg7H1A^1WL}#R>#l^<-ba#MckfyF}NZO%`i6r_ZkEhxy=a?Yyg9z4B%SB->aCtKbR-cX$V3f|AK(=v%t_LIkU zb_RLK157M=G2AhuVHFH{o^z?tL=P3^Qt><^$9cjDDnfk0jL3ZY;^Js`qFj=rEXjild`pmMkCd9?o}?nhtR$~XkuHxXCdTERrCKT$ zh7eD*&nC_x1ToRwVDmyhrQ{Q6htkkYcnIi(!(q1oE`b(GaYrE#h1wi;&dJk`n@0Yz z5c7oPAdN({jRaNV!-;Z9wO8%Fs+A|Snx<55rJ&vzc&XO$mZ2jK9I6QA-tA7<#8SIA zB!qw#F%A;~G<;xTEK2n*$nf9|QV$hmm0OnPY&M>ydHfYVMO(14=wnl&Qr6K+SzH`A zDWeTx3LPdFlgfP&NIFrkQn(a6PeOUzBY!evzQw031bc&2G~sQ`AQ~x~6#{h0s$p8$ zBg5R__>-e-%ed$$#Pk^Kun2nur4JWFW=UpOvL`4Zu@8hSwkq?3W1&^>D2ymogCuE+ zCDVqv611dji&(Vt3{QF`uywV-EWb-aNsz>w4cU!1rD>*=GjnSQQK)3>6w0l#A(f;jb36&XRrKBLaHi?(;ym)v}zN9#vJdRScT&76rfz;HK z5~Y+7AzI4K0pU=GmxlvN4MAJ2ZBC&ysVvI~+3@UsBqn;7<&a{u1c}ws;(k#x%14`) zc1jXYVUQA=HCx4mlhwo*YNSy1NP=SZrMRqC0F`WKA#E^zR3={`!ljFdwMtcKwi)(> z3Y8G4VT{f|g>&b^C<_nAjb=P}&w8X36J?Wfx3X`UdF>{^Ei-#uloRs42p?MY$eS`V z{K*NWq>UD(w>dB(WgU4UEJ;qo8`|{2@s?*o^-gf@`t|i^nnA1?2&f1qdg*& zI5}V*_WC!!`7P4fSvTq&Q%wu0K}`_^Wt7e4h@e+Ems6pxPnjWpsnUQBBCJGwLU2cJ zQxh*2m{OLHsS~*xDwRu-p9m|0zob+k)8sMIy7b5*6)-;4Zamj7$Lm%Qy-tR&G{2U^ z6sE2ed1t?9i*DqAb{Uj9h#ZQuMfw>bB5fxlg&0{UsMma#r%42aKEo2<v?BPZE!d zNCw{2W(SOcXTzv{A?lOkEG^j}c7#hKJ!!cZX0yY-wqxf=Eqa=626LpeaFQF5Scf!j zr}VxM9TtSW$XlvtgeNaTUrW{_6XZrU^N>pzMiL{JMG#3P)4?+-I$oDaB>=>cGp`I8w!>JbOx9 z3N@Y3WX8BjY5OVzRXw5Y!Q~~@24%;{9WYVyAG53PBe+H0@PW~gQq5Ddm5?+>CTgu; z*^ul6&cRYL819oh;CSvi+G&pn3n9;y&p0WIKo%Z}&eG3NdS20wHC&AqRFw4o;?8xZ zMMiOt4x62;qG{M~a!xIREz>HJl(;SCoorfDMwF>AAcUwENz$&g=F%#mJUwjwj4 z1;SWjG1TOu3|okqXaaeMU2G&6)5xbBZT{)hK83r4qPl zs4iUwB%4l*bzMoUIt~|eO;$?OgE1UgTw!c!3ji?|H3>y@zvc@F4MS?FvN)oiak5qB znsW5PQPEOe*jNc>{e^Zy>Y8*;qMdFe1J*soV-7Fhm)+-jalI|F!ZdW!GFSa4che2EfdM_VyB;(;L zLSv+YveE`+iPa824YRrE}J9iLc4nXZZ1Li{c?Kb;~?O_If8R;?#Uj1Rbg(xXMo z-r-n@A;Mi_UPunTY&OUQLW9>?5Cc?99CnPHR%933OnX;KD{kqyeuMy7?E4%Le5PJj2vh117>6 zR}qQ*E?rlQT`c=Z_mBujA@hr1R)>#wL=8xNuy~i5H zY%+e?E6fjPhqxNNeNA^pyz^~(aQpfNvDBF0o@190Ptfr(OKS~THJ zmPt4+*5;9Mb7I*)Vv&gEX1u1Dzxs|khf?!f#v@WMhER(bmF{H0X2c|wd}dh`L4$n@WL$7*MT5OgYgHanhNSzJVWUNKkBRxE zccfkWR4w?Uf4Z54s4Hq-tV`LYXnntuGZh!aac9=FwX~c{x(EuE!?olt*hONli<7Ne zP}-g{PL5Q2Kny0iteHba5ya7!GVI!KNqu+b%H-=BE17Q@Aj<4mGAIwIUjHq;0Mx$ zi0iWx_!icN*&D|GGuD-KC(;}c#vq$b|2CizQ>&1GG}TpHM{E?v&zs7$P?SK-^k4vq ztehNYbgUjI&j11rfD8x|0H54Hb1L~R#rEm#;d>tGf?&3#Vpk$+1YXo8UOJ6pjG7bx z|Ku}BWP;QZlX;Y+L)KYfbhJrUJhR8&9$u)senhwgk ztJde`_RQn^iXcW!0ptqGW%X7vjji-4V7D2&+}cu@y=LFbq$`f6Iz|MIwi%!baSJKGq0pIncVvu+2u6;`MnH0jI1AHm9P?}x$qZgZ)(c`S{bNKOqano0VGE)K z(K?7oMX5#mo6e+YB_s41DfXy^I6}a3Qzk|OK5$D-M%d!Npmbfj%lT4tteq=dxohk2wm&sSiq?OX7*j>6((nk(y zg$JiSX=n&b;5m%OLjd3$hRQ;>NC!~yR>caD{iba_wY`e^1Of~=kT0?vVeCVJBA5{M z$wcmO?@X-1A!;*eil9hXaUA7$&dIsCF9n|{6)YZ`h$PK-lyC4cw;(30^hGqy-jUae zRVy~5&zr0$ju+ml)>lw$L(nP3RK1dOtg0Qm2tBC}4(6InIbNpV#dGs)17n=2?h))n z$tY??YL24W019}i!Kxu1dD0dBF+B|haiI&dcUD`W5Cs7Dk{2g2+S)iN zAA~~`75OH6jspYdFi5=$ z*`Ff)Bzz;Cn8bCIVY7z?RZ<}*FJuPu%FfZ|K(da4@5n>sL*~CU+Fc&N|NNi-vw0Nt zk)!UF=#87!6coL}dz=oqZogmwi@+%!hIf>%)Tu!V}d6cA) zvFv84uf(nthZx?FwA+FoB-%n<83iY_otJTk)t!}CgLZP$r%#%1lB0q_!zJMEDIgDJ z0e6<>jnW>QW@BtxNGqq#o};r4WH)SH?er>fH2?-xHlopG7PLPj8=Q2JM*>1ckiM;9+F>@N?5r17Bbdg8~ViosM@fo2YNGWm_Q2;tLqQo_| z%7*~6>b9Cq#qWG1aZozHO^l1bDMD7PAt`A>;5;HyTZYR@QHVxijxgb9!1qRd5+2uz z4g#^LK_=TuL1_cS7;%D6Z#+ebG+BB@d{ZM9iAM1|V>3vDQ7zmSZz{kpfGv^*ZyxJP z;bp5SruaCjcg1AXR+tDl72MQQ!tO-8%CSN;(@=<_HnN2T%@S2@iFk%6+e(luAz-lP zNHlrAm^bP0Bm$i9wnlb@Iv|=}!&%$|2T0!=^H@pMLc!o<)0*(JZe}SOp?&j=rKpx) zIHqdKtLp&qX zZXjIIc^XPLfVLVRvU&BU1)G&Zvyy`@+Lv*%WI7T#N_3)9V+3?jOo(H|a#ihXpmGJh zM4!n+p|{UR41iUT+I9w{5wk-;G(?<~VR4Y4CF-0HHPSDTq%_CsFoNX;ij^L>58`sBw2PQ6j;_N|TGp2G(1XugiC3WmSL(^euCw z29wykDk05WnI}jEp_CNk>jM6p7!BknbgIBO5}xOU;4_$qu@2STmTE{GiD;Aff|{6O z*s0yGGw)L+f)WTuBKD%HdjW(fnI&y6^%2&%twF6=DXlNUU6U2*2gJa!B9~L%?;UD z8BfM1=6Nx}U@^`>W7vRZ;Z&0^cxI;|#2{>uT2xhRZRzUk9j3B+dS*Hb9q&TjBpQbc z0!l?P*hZNLU9wt zOyDV&>KY52Y7t(Twpk^BjoYD(KBdJZDDfBp)4suhfBMzG(CPH$m;QjFk|xri-P|EV zMF`gk_$L1P(D=ras(nG%`+A>zfHGNzf4ux1VQsS&|#q@=aG`F||}B~xmw290$o zz^F%=Z(Cy!>2FS`51=`%>8~s%h5RXgzmKS@-xUdK&f(J>zVV2h^&6AM-QiERfdLPA zJ_Wr{u#^IA!l$rq#Q?w7gUU`rD5xu{wh(Cu(iAgNA%{hDzF;jn1U-|MFw>x{@v)3< zlgTl+q!lo9f9ZT#cdD*~PL3RgfS^gblGo%G)aNkJl3I97ow)BPIh_^_Y@1S23ienl z;WL+w4WS;M*sL5Sa-6Z6k;pCUgd6lq!^U#3exP$Al9cy!N(3m| z=g{1sYI;41@vQ_s*0RLLYf~bG3|N;>_1uzBG#?oRPwrPI!M7jGuF&AEawZI1Y^GBE za(Um}wehX3ySzSoE7x761 zOg3ZFap_daapp*6k}6$Qy2_ec=L4xmWm$xJVrg5VGwCxrnO^Q2D~AvL=!H3}**4~8 zb<%W(&G^j*P{|_mWD=OnD(iz_rq0wTl#}R1Rr&j#0-bO*T%?_@SsP&`3l=GMyV!8L zpN(B^Ug{U=+UfOlK4eJN$AGJW%AJ*K_^nY|)Th`=^7ccSu*wW{0; zk=E8)`0mj^17DtBmOS+}@7X-hCa8vEXEvi0ZllAu7)nx{Nc{}zO;V&xa zVb3!dA(}!B5d%e-975T(o(H}zG;a)j=`pO?bmX~G55#ONqpO%QH9ZkDQdCsUaZ%(L z)ReTR+7C#r<}r!?s^ur4F5~G6lL2dh(K(}Haj*rT(ugL}Uc?QY5oSdyzNs@USh2X# z(mos@#5@ZM?}=+Cn3q1HDopiRHTp>(X7kvHBr^x8;iA|eSb?f(4&Yz&i|8%m&&bQT z7v@i+=j2Z%3>jHw;n3jph?- zkOV*YBFhHr(m{fOj8&jdfJepKLnKMTykvU_xlXE5>-I5&)XC91m78L?O4Shn(15r) z2J0}DNa}7X&qUoIWr%3V2Pa;^d?69CBsQORms5z@q$f1yh;LR!NiNMm;9bk{da!>v z%s6HKty>c9ZYEG?8qZHx#oQW8sX+@fRC7hMYUUS9f2g@*mRQFIOE>@k|MW>jK~$I0 zS`iK~lVIvE`F|{BB;+bNe%VK|G}a93CeSncw~+XHvQ;d%OmbSSZE2lkX*23((@U6- ztQ$AWWOjv4ju6OHG?`KPcen;bbSC6k(EX{CqD!fPH*1)=#De$CSF9PN+wuN+}PJwV(XtClsv4iN;)G)!7;? zWX-p zxZOju^HXg06K5}vjm`h~mDdsz;zoyufDmA&VAgcBlK|Sme(kkbHKA)P+=^q&nQuDU6SLcqK%6xa#QmmZg6}P`)-+sCkS+TFyIn+B|YxTX{ z@$SUA7Oz@=EF@3WvH&>(DTr6EO_F5o*0CE_Uvc&RQLixIZp^k2Tk?*#`1^Xm?G(Jh ztpHnaR|yV@KA!gwO`>W9Ve<1AF7^$N(~s%lM;`sg3*SJ;96Ry>1 zZ~x}sJ@?#mr%#{$r=R_dDi8qFPe1+ipZxSssPXjH?|w%&bb`=v@d-P2?1K10kwuj2 z_rL$0LkISBwY9$e&hM_@xHcaOGbrXOkAL;RLk|xOj5RfO7UUImw70gkHw_K-)Kpi1 z6i^xCJKv#YSs`glYz5rn4?lSS(#5mH+o^_4fex^D8ge}J@S~JiqVqKM(XcJ3y72hp zkJA){lDEJ9)vxGTNqusvXu%YtejLq3D3kL3d+$>~hFhR)3#GsaVeH$#hrTbbzy6z= z+PcX}cR_yftAG3|EqW-RcKPzTiHSb)_)0bx501fEjsD>e|FEv+=0_hKrjiD|=BVX) z`SQh{-fjYo2M+B2!$0~%N`pz%K#g~d1tGEtrAt5$fkOfn-kJ}&J_QOG`ks=&r{z{+ z?o&SmYYMM5WyG3N&%C)LB`gSinfCHad2`s^eWF)S$cn-H5BL;HYlSkn2^|dSFdIP^-H$hT~Y9BC=A~aKdFMhv;JE(X=Vf8qsd&yM!4N- zta&@Pzeg=iFDSj-)S3z&IVJI|Pp07Sywg@Fc=L4K`D>qaGk#HyzhkLdGhf2$60s@F zYDs{WS~TI|>6tlHjvE>tg(3u4dhFwmJ32c{OLr6&7J=PU1s3uxMVF2qKZaXRF*W*G z!L1_KnBISAK8f4R&r(L}-FM%iTs9?#ckSFw9Y-#gmzxVnaO9(p2v^e*gW6`axTcsk zUCSs_3h++ht+BDmD_5?83sL_L#tk|+g|cdi2~jRPiJ=+U6e$ZH92lnB%)r1%eO(i3 zTZ-P_tfVnBoe<%BQg;cfh448&Hx2*x=*LG+oH$NLksYNws8B{tX=-7Tcuk2)Z~|(q zl@xE{PcV77Xr!G`MH2gi`s8$(BSJwbD|%ZIo1hJAS9dop6R5^OC0z>cld45oc%1%C zC7YND<`UXJ`jr~vSFc>o$<3gVBDEg-28SmmJalcTthhl)V&9&<5c=pb4=EkP2<9C@ z3`%an!UKTQG#E|fRme<3aXyW0MBc3gpT2MYTRLVvHnLwEeWFLk_<1XoLEs2)KUDKY z^PCFW7Vu5~nawXNH1Taj_9xOztEX|r;N{9b-LvM+-bTo*bJ~}dDqu7#24;CMW+L>w zw|Cz^(Il)EX}4Lmdm;ZU=vp_eF;C5JpItBB>J00&8`k+OtaG8)dA1cZe4CS-y|Dh% zehPJNJ)nW#)W^Zve*TSO>~4e58wKwlSityhKh!(kh@n@QQ(Fh$@jLfozdjJ>ysd)Q z2ndm8X)Yv8YKgl^^(BXcdX01q8WXN?l@+%KN{0Idpsp3hz z8T~{l&8NTm)gOHS`!s(eD2*3R%}da4BZ6?>Df>+6!9V!PPv{oK`BBxBhM@R4mC0$b z^}X+XA5WUYs9Z=?iG~W>ww1p8^2;zhs4u;5-+||!f5GFPp&8n?ty}Z+vImCxC{!su zgM0evb&;5uf>ALtG@hN6Gc+{dbl6^c=?70gLj#-mrp6}X>lDHylwgXEQJ0iH&@a63 z!neNlO-dr8zo}0Nhkz~!+IU0u4rP$3eM{RFZWERdp@*+N{mcu`zW`^OVw^NzA-YaA zY++f4()%u++G@(>TBxY3pa}mful$%YPn06Re!UFt;Sl}kLW6(!!|y--_@mUPyma~6 z#f#Uvy85Yp`qYz8ZriezF#pk`9}|@N{`bE7%rj3@YMUM&RCj=1s8LACA2lhfZ0IFA z)H-F8U&I>`uu5;;a+7|FN9Gd^Nkq8ykg7QM{chA}pkDW%cEvAij&Q{dej>qln+Mis zE3K3#=I`5UcRuw6s;&E4=iIKIPkBd!#{Qo>%Jp?#>p>7!njp6n2KL|DC*4*@Of?ee>_JWD6J9h7NFC(SL<#*We)ogWb6!ykNf z{^F&kmKH+hVA0eKh0#WF;N5$6WoBhipNQrMQalcJN@!?&Y~0o@ThdbK=^l%NE^!z= zr!Z;Bk@ZlkGKLNTw3x%+rF$STe~QnO3!Rjbw0+0+_{5l$wA7fmxSrmgp^*_n;8gsk zh&OFy3-a;-2GUYfXsh6o9t_hoM1q7*V}r_yn{>OOz9ZESBss)JXO}7H9fYv+a|M zVSxnGD8}TBqAvZ`En9hqevU3@R7p|s=OX(Jwm8@>C#~69yf1V5%J#fIv{a!hez^_=VxO4}182lR3 zxLWS6Ltd=sme+Bbdwz&oQP!;bx5PTP;)+%FZ;V?F+H4H}EAT4ooUS!h;EFfbd8+ly z?5$SbuUpr15_8OYHj)1^4ERL|rb|D{SO#QS{$s^hl##qN#VfA3=1^Blu(fB;r`?zA zzjbbr^-s_j;z(;@?i8yezal&g9fofR3@#<-W@g@f@BN0RCR#lG-QWHDfAiOW{lt?` z&|(PI8-Bc$O!rj{(}ZWqUgLf8RGAeBOT;op&~$MNhNICf-VNE>xBrKICKr;^ersNUbb{X25){`PPG_J99RfB&N& zyi^1jP96~@WwaO^tZRxSYH&!BgHg@!oi(3ZDA`ibky_AXvT50B%I#r;kl4ml(TL@d zM<4yWzx})a^q>9{l>`3EfB7%;t-^xAP3NL?FC`z96UN2G(hQVNsoXfBee4_hPI8MG zSs7Hu?H}qJ8tI?$Ofejc9K*TAHK*_!wLrB%BPB&+cI@0q)2-H)X5a)eQ8twn|Maz2 z|Lx!W4UMY)@gM*3zyG)YMw?`wLON$i6BMfV3vI=x3)bB9{)as9mrp7p%|rO9Uq+Ly z=L~^I242)J1^nkRXEXo$GhF?@tk#`t4&EFV=wsaR9@o4J%g)d*8)L)IL-x5YhUtCh zmw71tqBHRKbs9-`zQ*z+?xLpoq?i6A$6E>FpX4jnu`5>jPGT?M3ionq0yo2YHpVBq z@z40cexhsL^5B)mf-gnKJh{dqU*BuB5WCf5_=$}5^I64i@eDOkQ_Goy27aI9$)bn(K4*4B=?+M24WN)#t#dnxWH zg*&8zH-FaF*3yKS7uUMss;*HE33mYkcPi%&El?o&qV#&dSyOZ7?D=zN&sA2G!ZVO4 z+%R2ATbrA*Gt;+j**w_acjnZ|k3Rf>PQdh0rS;+7eS0ZXCt0>ywqamk@J88&5w_^lV|L)zZnj^|Aa&i3{;nu^lBI6Xa;R>u(8 zic1O?gJ)?BOfT@$r!O=%wGIu9<>wWG`!nX`q=fN_5!it=m?wjJcw`X0j3u#o^A-Z? zmgR>{oWZjJrGZ&>>3i(c|)i4?j41jQ@_pp~F@HJjYn5udky= zHHQJwW7&`kfb{^V4vbF~oXVS3F>x_Fc5jc3i<+DorK2b?`+M)b*VWnc$Rm#x7Llab-n}y;Eybkr^QviqRY9*}*#_MP7M`(KYMvVK*%S~6}(uKT~=tW9*My>zF~ z@BhH>{uOV(A^o4OxbPa^GQ{2$Op&`Z-aFe9cj-c3oYSl#*{zr(6FAh$j?zz4icbh>cjsjW>`*pp8@b?DF`ErSz=cF)ev z1l*?hYe`8l&Mvj6Imyo5JCc&(aG(bUA{zT)h6Ig%|#k5Ljfo% zD#*^tjB?T3jEcv>==+Rx>6HXUfClFf_qf5RXcxWA$z@MZPf19K1JW2Do1kd(p@R>7 z?Q368Ps<{Vk(!zeH;^jbQdT4+EZP-QSXhFE0irGo)sQ&z}Vlx>L>|HavbpJ}8IzJmAL&1>H0>ha&+R`@cglh3pv?%tO- z6ug zh&q4bj!PF4x;scem|19a(B{D5Nu9?gh>nh-b}&W0fU-H4G?#;uZ+8IE596&5kI<|D zosAMj>%(rFnw}XN93-6#1&oG{b~y$IM=AYAXn^28bhELsQTPFzkis`$^$Ce_vvV^e z!^4wP?$8ihj4O_wE>udEqUchNN~$Q+szcgE(6`O&rWuLNPIq{hv_6r-w?Sm;PfSix zpoSZyf*$4#Q2_o#)8o+7JWY$$OMV|Ew8$nf6`oQ2d_O5Mna;4}@k0(EJWnKons!nN zk9dVt!^Ucz9UAJJ7@wqqZ$eyRbaXs5PbVg($Q6u>r&l+ns%dLRL3QECEc1_{t3+D?Yv*rQo5sAz2ocl5Zzh@V*CUDg}t~S5cvmC!?lk=Hw z=avufXFBV~mzT|eHOY5U@Ioz@PE9CdLeV(T(qYmxAq~<-fzl8{8n|&jT5Cu-+Ys#y zubo1GtT{l6vC@Wwo*&ZKTMEV@`he!OFM?Flgk-1X!?g?eJayO6%As1YU0Q%3<+KY0 zHQVXROiw4bDU*pOZN#6JL>7=*s=kNFIVqAzkX;&D3Iah1Ng-L2vq!-k3MUhW$Klpi zo09yeWt^o@xvA=GTzPHaB&wXZwJi$0H^dy#Gsrbz0s<{C6?Ase_=S{Ghx!K%0Fz>N z2CY997GZ~74{1RL7{a7cn%nezgz*<-x6$*)B)Kt6KH`pPS0yb~sUeMq0Hx?{XhDlP<8*Ee$;IA))M|HNQS;CkI&!JAJvjDXu{g9SA_?rO=J(*Bc~#O^k~ojer-V=cDF}NmoPZ2pJhEeXN5hJ`b;r z{4_hXH7O7d!Jg)QTJu~xI!Fg9k!&V&LSx9%-8qQfi;>#iMjO*rOH^LEhlNN_PjtLCb*A5C1ZD5Bd8E}hb?Ik4Ld%CyI718C2om3= zk0E85gJ`v>&7a7`<87`lU8kf?xf%!bAEPZJ33!T&h)Mt>!A6;f$~QgbO^8cjLNIHj zDn3`8o25MaoHUlBx3>+0g~3s6S?8QicVZ%mDq&VvYm3ja7jNTbewNeTqwo6F)mpVn zO-q$^k=Q@o@O+iXmKt@aPjA(Y7n@e9J}-@7%@T6AvQhjNfZn4t;JFnc|2Ajv-&f!< z{C+2*?WdcMFZ{PQ6#N%{2{&#aFt79$vtfEIqjXXBXeRAMWNCM4T!<5?Mea-s8B`?t zTQ#mA@F*d?TbO93L#6ab(T0zRIZDV$Q*-TC2r!P(!0&W$QAj|WA!y$YNl@49I4%JU zfFc8sS6OK_;Nl35$L%#a(59`Hwmp!}p6U=w6GPJLFdFdPA=%-?i`7EwAu%)1prSeP z_)(&&;;{*&^`va1)$NM3l@l5Hm5u<6c=(Q0c`zC!OmUopHWR-)X&& zX(NsMPOoAT0mN<)b*!*~%0}s2X+Q{#m%xbYB}U=oNdfDCxG#j@N1=)K=*U#bD(m;Sd=7^-Qk5U()> z0)GN_k6~F_y2P)aZgKGXcHO->%8bnn%>VNJzBCgn4)YzaT@hH6fHMRh=|Ao2H+>GV z?tFFI1*X>>rutrM{x5^Xt%^53v%s2O^Cu@TBat0xdLsuQ{DHsUYH?TCF}GdZd$ST7 zXWf{AjTv|#X5daScy;nb-k2V}LKnl=wAu-4mvnJUMT_G`iytg6`5i}G`!kxZrs6Sc zOLgAiV99{@HAptofG$V18mHMD>5pPszL$zo%c|D!A+nSsk)FT=Lg*7TpLe9Et-93G zxLtu+PAK0sZQ!v$w40<_Ho*Hdypbq-gvm4G072}-q&+qk4ToSKC_g}|@#D4AV^&+j z3Nt`o_}tQ`(bzzyB^`o263<(pR1c@oD@s^_u5>8(xkZ@}qWKE8f={SEQp1P~$tgkF zIW$tNilA9S`iv7E!wjEC+HJrXe1nPvQUuUD$1x7O(}Z*h?MwSqg$=ApGx{L#Wu_66 zNILe4^`M@o{%5HY8G_|&YQJ-iWD-~ozuxknZ>gI7=ewEBw$OitkfH4|&H8FoNH&$# zOo0yZ^WaAG2o_w*^xjqUMSIelMb&Pi=7a$gV<~KF3kKQ{dheo|Wt(7n3Y3JQX|_7^ zW_GEJB$VDvkrZjyeTiik>pcYqmus2GCojpI}#iMaAgBPFg-uTp4w`7g=f1mm^8(-X*fzNRU?xf(=fmjwhG=ueT zd%sNa4d?OPMf zr)E5&&IOa8#VcJo168ITP zHxV)lAu1Wn;sW_2iWp%RiowLRW4f`yI8sU`YkDvvXWQ8w&N)%!vNY4vQfx7b><{U+ zO$f}5k!a}lS z#jT){2V%$@gV>mX+swe76ujB-#ywJzX9)u9Pvc1VcsfRJ`q4=9#lY8UYuLOK$cpkG z6WBjdE@z6l=x_3?PtxAX!oH2=?GKY$@M(b1_TQ$__ZHUbd(cJr3RbZg5;Qp#M2dd@ z!05yz6>Y;JY~e1KBPr1p7ZYrYfJcXi=(gkch9i8TCd?vM2{NE-M4S?`5Os+wEx;rSFl-_3TloRZ6}a};y0RWAdweK ze|+vTP#2C{(BcX~s7neK!HdL4$L?X|BrY07Yj@gce}LbN(`wO$rZyX_(CMj3XA}tz;Zu`S#Hv`J-rin* zw>j*zAhMyqrT#M2o!KJuG!zaOB5F8mFK~^=>m?HCivOVGx<}xOu?$ z?wL8mEubxLcm%Bd;DuR;fdWRW0uaTlo@=C1D3k`l;87QrK_!*&l`n}d)JTd}F%ld? zCsP0hh8HA73{filDG89;nbv^1OdOr;mhFwtebeit&Ckvg>ybdx!orNlqsE}PvqWK_ zQpzu6MpzpL3yNffaHGGu9qC!1Xomqa(3BVi+`itsFM>lV2M~)f|E#ErR6CI94`C*v zCiC;;b3*2zhcdrV8UgAkhj#aL{_c0btEs8W%E^B2x#u@++0J>?AebdQV~^lMrsI(m zPf&6R#uv1Ua7m&7L?H=PiY{=fMQ9p|D+!gA|EOLpS)*iA2<)#d*W_&pV2LrOp$B2J zY6T0>3)S&TQqh9VmSqE%M1Nmtlz;Ba`gsk&5+JMO$SP5^#sEKed-wC2w2kXNU^B2j z1;1j@w{ec|)$M)qr^*`Ss+6hKXIc$2`0qj-R)yz%$KW@Oj0IKK_f=K5b$5@=E>ICK zDkQ{?%R4tWwYV@*RFJs4G^?a2#ug32Tw6 zIZfQxxSN`D4^1IL^_HaSp{4b9m2T%BfdJG=YJ*-?%X`n#4K|p@dn)2-Mr|40M<4f}euylX{xEg9s33-D_ zi?D@JnfPZv`~O|Ja)mY8vUO|8=B;57&ccF%lA4*010<)cL&<`y1!|tTS-ie(<+C`RA~qKe>W8zUorU zVEN4$Pi0Mi#k}depaP*w-=!vASI=~LWm`wr#LTQc!j=*qnYeaA)VdcwobauPWSe@38#{(7a0l6&cUL|Ek&*gepW106pU(jYZyYj zgAa(Ufr@Ww>H2^EpMN}g;G?vem06^*3&aUz17Aos5gxOLfB9j*uUGAAM65K?4lI$Kd zOP%|KcxSXr810kp;F^Ys)930hTx=+>=xV4R80a4l53^CFPQ$5y#>iM$QK)l@1gPGy zuI*2dQs5jlus~Y>0%6+GQTOpYLQ|nMY01 zr^nUeyL|}fpy1IsjhuH^O zR56I+%AFmZt*u}=T@w?Nv9WRZ?)=_R-_YLC!Q@jM0xjFy*LU{J=?fRm(~ALBO$WmI z#-^&9wKOJhI%0wrXdxJCi=YQV6rTG2y?c|B6QO19*}MPS-}}Mtz55v_J(hZUx@ojX zKc|t=QBzI|Gp@67IZG`Hv7+93y;UR9PufKn2Xb@9_TFZRe-)G$jbJN4k z%Bxi{4CxGMmqJexB2p&ihPv|a(+vfGZywo=v);EE_(CXn^PB}b-E027rmDGxxC(q* z8C6oIMqq2@)%nVm7&e~9EM)|E&|?!p?HwZ>T_dye5jJ~lNQeUp7yLMhj1n*<=sq`T z3!h6(iHVJl^m-O<)()S$P*-*XDLm?)UK|=69~v4SpO|zy?ePiG!C_o*0ryY>0j6-h zgjM~P3IbQd13E&X?BwKFettTazFAcp9`4w&V>jLQ-hA`* zqenlyeECvmXLqzKo&xsg&s{qF{s$K?oj-l%u7*WZ=A%GB(&GtZ@*1{yf_evXcx7LO#xpkLN5q}FZbYc*9rv_uu>7+rK-0 z{3uumjggq%t5>hnFR`w^J}NpU%H=wK;`l%P>>p2@I8KW{d}35J6%#I9y!867UqAf* z`(qS{lkZ^T)8|rI6wbKK;xy`T2Q?32}XW{U3hxA**x#!o`}} zT9^Up>1neIb957Cm&8uSuR4GyABJ=zPv8uq$jm_ty94Nti_(ZiI)pADIuT5N6^ z?CKfDm$p0N;IR>nMbFL6dq|3l2%Vevjz)xeQ<7ZqaZbw4o;}}i?n3SOBnfFT4o3pK zDA?VjqeEn3XJ#cwMG3`?1T@v^m=%h`@~b~*&-hcS@+JBTPcJ-taBvuqxv01}H7&Wj ztJQ7~rjK7;O*7e5J9q3sfsKsxQiPX^L_MBBqoy;%g9UzA3)n`c0(loJ@u8NU9t2d7#bSt?d!o2FDfd`FUZG1 zC;1{VA#pp+7PoGt+cM#Muz$&|^tkc(YwPQQ7V--UF-=&kkB=NdPiJIi)A)FFYz!!Z zn*x5Af@m-?j(x@niOx$p=8Wh3h07I{mD161d;;T)GLhi)41jxgI2{-zSFc^gV&iw% ze@V$H`T6-`x=|j$*q8pNZCz9UdwtM`g8#i<-Y>(=eNhzr9ku(KF65eTE(IMI7bw6- z)Rx+C1YN^W@1otwYLk_hw0783K``EfNv95-4~pOe)W^WUY-dmZjF(Wh-R+s4Bk771 z`}yhcP_Hf68?-PH6&0M79-oxxoSc}sd<6t|-0n=VJL2gP2aS#jcykM+#d`}1G7=J; zT!JJit{lQg!nQNooQSzr>ofWHN{S}<8fl|0P0+~5_>CLo#l?kNww4SIcDJB*Q zv<(FZMeg2n(B+C58}ISXj@WD=-Q5GjLo?Z#Te~_3Q8Tao^ram;H&s+tq^73*^iTdQ zBR!+Jq0tr|UR_;t_S`vFOiXTJJ|+07YpT&PTQ+T``z-)igeQ+auB)vh)K964n?T z8i|gHl~T!C=&-7)GBqvrPyXbmKltuFS}_YDxFhZwlMbbE4Q!uZ%2Ar(Rs9o;>H zBO~z%i9J1isTmnRef72Mw2W(4ukPBh^Cv&~F^g7HQDro^s;ZgV+QqsCZ~x%< z)U<~P>(F4|=y2c2aHo5!*A_k#9!f5BFG0_k=3F z+~Sl}&!e9lNzjDe$wV^+TBHXJ;de9>1SmTCNKqD3zubTq#OU$QsA8w7%(z=rO_|Hg zNG&eP!=pqWkdze_6*o3Iedf%WW5Lo9xaUr=&>6b3Y;Dr8&g?PjxK~wkA{|+ zgt16{p~c{#k+JC+&z3D)iPB>kpkndJQ&Q6M^9wSwbHgHO0U(8hal5x{-Rz8V;DvK; zPL-ULvTe(@nQ70}E7xjkYACS7l@k)#!&vbNjjg3u68YLke67L;$ zEeA>3p=39}wS){$b{;PO?Bd*FXmF&%W?C1*=deYDlJ+MZ3l`=f2VA*+_0*X&eS`gR z3Gp;Jh97X^#EE0aKE8PIJjnkbuc0B2cRoDQo|>MOn^%~cmQj#bfEkw*pA-`v3osQC z9=U)2elU!>x(3kxVG=^5UjwZm1(#X!-PipjeO?RxIbU~Uem>^~*tq<9XW;iq!LRq8 z{l}qADK0WJ;5~8d#y|b+@XvmB_?N#t{?9)@`paJ&|J5%~zW(d8{QTOckPG0M?TPL5Abj73I$7^!ZbM0#R(W4)yrl$U@KlsUOuf6)sZ+#O~ znG>Q|5bnV1cACk%V)z&G7n;TCh;rB*^WM3F{DK#7C|`d0&;Q~t{_a2ghoAhx9}t?I znw&(J!@VNC+YN|9LDX^c#nX?l!8FHg^3{ElyQ7PcP}IR&oDPYWgoaQacw}@Kke`qQkN~Fz z9@w^Z+yD9Z|Hr@itA9h}`se>Fud16>^fG3FSWwUbD(TtnQ8t?sP>3JUbOPjz4UNuW zQ0+*NW0OdgAqFfLqC$d{DV7cl(zB6J{0b!h zw)1I<#03XUPI{Y~IvX20I@|l(+j?7Dx@)Ujt8cbcRy6QaRoQg2vbnN?pO&if*81A6 z-kve96i^9uyQfA*`zNOcXFNl*b7K@ciHQx%%85@+j~3M)97IZbVLsTl-4@|qTo?`u zo!}=j!jqaBm6e%9aWlzA^UnHxcg`s})eEMMU4WY)rCOvaK1!PUvszC!bZW|tpGscb z-hF$ad^a@IkB^TLlBL~jT6)^U4?heg8-LL&O3tI#L6TGNj7Tea;E~X$VT5UMw=lqD zNb>mW#DlkN*|KZbE<(k)`d!^!zy8&)e)-E^5{&0a(hlV};(8K@s-~GF9ed}A%uIS;BVczGZ-Gk;`(b1HTt*fiM ze!UES;?O|f$jIR2)EL#_pq9gWkV%h>Xl`nTwAk3xL{u9JJw^jedt7Fy37`Tc#U)HG zM0#q~ft@rqHgfW&rY5dJm;-7X3yqba^CzRCG!0ltXD1B&0cKCq6SN4Ay!0Rv_Asi9 zRj1jEQiqrY+P`oAj-5LT3JMqi<^qI(qT-?*r91e@4o@#4LMq#UvPd~Us^5Fq53)>D zQj}K1^F$U{N`|^?*KSe=Ip@g8h!p3M1bXd=qi~Ta|FrSin1PKM_@d9i7bOONcjtK- z#5OeOsi)e zrOr%Bsw*QSAtNI$KQE=A0QE}BGR0*P&A|>=w9OGUIyU8YPatxMawa9k96Y#t-=3}1 zwUy#&UeBV|8l%{W<|&!PW+P*j)vW(7g>AKj9CDcWZ+%@IQ2XXho3J7Hu(J~i*GP6& zUTNv};o+X9=BmqA&Jw9DFDDmkv8ZqxIaGvqx0e=>&VB7_8ESsl&RuZpz?O5evo>uh zX=!i0QE}rOWcmx|Z~&*U{O*F{Pzj4;O)acvCSEUYVI2xYHn%0aiapJ zuPSAZ?(6zwzalmnv|7SG&VJ3xWNjsQDG6VgqA>D+HarN3Vt5D=GND|RSfIZ9XH%4<` zX5dSy;Fn^?;x|MrI;+EHAbnVp@Klar8|inNrBJCrEUy91FQ6CWPw zOiE4!AkNFlDJaM-E!~`*<%kFi!OtWjZ@9}!Plsnm;aja(D-MBI#jV83(suGHjI;}dgr z!^2_*D4uGKJy56Le+BR3O={U0DZiV6s4DqR9GMt zaH*#_HkO!#Wm!~EScuJ+5FeM6l$f27Zl||$&_Y&r7Q6wLH9kJRWb-EK>|w!lc6B$_ANu}2vp5wfiUtrNiMY*s6W@cw7e&?P+ ziQC92o24(j2oB2BPsF%FP#m_$%0^lLiYe#C#fyU!5Q>adydhOT3%j2D$n08Z6fYqVk4+#k2P~68yXWY{h z%KAXA7}CST%m91`g(Dd_n?ao}Z&VoriT~ZLvM9$LWDu)=%H8zML zhf5NgqT*7E92OW}wA34whA4QXzzIZ}U1+b-u~GDOL?lSRQsRQBuO2ZqF%#va#u>_Q z3I#?TH+qcl>D0t@oGXUF!1&~(jmmnqNDypkOGli7y7zRoms)(9v`3+JX@3GK4CUfW z-P1z$pRw_%ctOdaIO)SZf|g1jr(W6IMLKT?OCAMY;baNbWV0`v=cXcdQ(Z_?%jE0 zFr7Jfy`gDnF(`R_JfgG9O*J~g&|%^8-kDMF>^PkHl#~pI!$mq1`k8(o1}jDv&UmH= z@zh2p=_3~wVxJd3ijpke*_qCw!o=@?@2P#e3nRiPRqG9+J4`UGTr6Ndfaqk22GIv9 z!FAy9y^Xv_7kLHArxC3boEODpa_BYJj(0>ASbAEr@iZ$>%Jv8qUKEpdo{^&S^q0f& z6|$9dNEJt3D(mP~Py?oJzUddNFN+@VpgmrisxK2_&5xNS-zWpcEWaC_=`*6_Faz-W z4^!pmn`%wNn@3q1drPn4KhkH9DY{`M$aiY95~c>R)!fgNH?aORN1M~i`;5vrcr)R~ z#xvtIhp1K$xP;#t^lcKXJ45F1-JWk$OW%LcR_=iu&xV43AeUuhQ0tt5-!m5dI_`Rz zh?kr%vXh{uQ`|c;!j4$%>F%qzQGfi{rIRNvL!tM2!e+g;mZpi*C+bcdt*EJP9~l_} zWyN#CO+=lC3S63Ck4y*;jj=^0*&|aT!$Is*Bf?T6!!w+YOx}qIj|&fri;PH&3{Q-V zNU+=D!^2=!3um4INKo5UeU-F$Qy6~@hagb9FDVdpqcu7&?w?g8N3_0{=o9szBHw2g z@I|HaDMVnh+_dEkZ(15lnyGLiA2;4=VQU$JR!HB1e_2kNC7dMV?}jE#Hu=Oy?x zr2iwG9ACBKC6zCqtNQoF^fg?fc9CftFMsoAz9TvTu1Rr%;*N%oB!@UC)IB{H7VMy(J4AS}TY~K# zPlVUw2n$VIBp5%xz}~cs*8{? z7Zny7MF13VJtQP5ID|?jV5GL7kjN04l#AF#DM_~v&}9|lqVQEb2aeU3Iw!cR(Gen~ z^;NtFOw{~B{$Fbj^K3pvUSX`twH#{9%%cnxbuxa zH)ddC2EKqZ@TFAnfx=DX;MCm0*oM5}+(93 zlANKT65bcR(tU)zRb z!ORf?Q2DMHzIctMT8$_TRav5PtoHEQMV1J?#)s9BH-4%gkk@Rgr5`h<&)*5WqoLt< zua|2zv1xqTZVA)&A>PK>wO-~Ig*>3;%iL;enP_oiQur@n9CxwY0xyTQ-2JNE8=j0@^bWYUGR9_aNLB6 zz5o}R2H`Nd;KtiR!yFVqgNCdnXryO1UnIwxx-}932mMB4(hZKtcCa+ztsB|p> zj&v0-Oh)AQzbt{f+|Ba6DUp7Gh|Q;*g71oYfz(BtZ^@{ZahPN~(a>6OPCmCH==zKL z^L$&rB8a_$_JZQ-NquccB-_ugY%DEq`L7m4?{jCD{dxbMAOC^|swit>%=GwlnEyz? zY78p#p~4$7Rp#YanJbj~l9CTNOusK(ik1|uEUFq;#uhWGd#%Z^zG59Fj18?`XN|!q za34Rw_kEdnzhR&(fMtUT#Af{0HAb5Ck+C@pDiAP5vKQ9;Sw3(JQL-lP7WcLKJoj%a z+?y+z84vtf`#P(STi4g_&7e2Vx-kRR41CEHyx+OeUl48DI1UX+_j8K5I_c-ap9)ql zkg>#%02V>%zJWc-VuF-SJ$T%2DFzo3F*gSV4G$i86di7UK}ai!n|3v%CxY;<;yeSG^d%vqEg}1D7(>T_AfPnOci;aUN5p?~LGYcYYsUaD^oJLF7JMqFQdFfb>U8N_%hi(g#X!?Rrp~a}{D*2J#s8;KlDcFj4r10b;9F(} z1Eb<{ymlfswT*OWK65}VEnhDJzuxx`K)SL}nI(W;g_9`vUDuEvy`bK4?A|PCe>hd_MjI8JNeFhyT9l)A14r_r+^P4T#zm zDQnPR^}?-KtDx`L2UMz8dqH#AeV@VvBuR{$zyjcX!RDnwtuMZ-&N{k8dfgaxZ|nf& z?5T=U$!=Y2wOGF|+w=|>@jJFg1q(W{+*S2CvSJ3AS=9TnAar8{_%QaRH+{OzcXgk# zQbnwE1?#oipOtf)Giv6WZ&;d?=6@-*QfxORMGE-iQ`+P)%7U6BtvR<0GKCFR^9a`G zhOeH-z^Pjr*z!B}57}JSOxK3yeh_y4#uzqc;I=dHWmoV5jfT?i9cAn`c=r4vrAzFK zA-3t+#VIs!aOhk}7+M|dUQ*aef0jOAvxLjTq-y*EKDd^Tm&`N*oraiBMKD8)C;4nK zh@WuOvO3Oyv7*A2Ij`DYTx)gB48hIF?q$-`D5OP-igS4%`OX}^AaBvHmP$8*%!`RJ zJL~p(r>W#dlKlLfdv4Z^@j*`=Num=Z!Rq+xrJ4$NxJXhT@PoLK#<5ot8J*Z@nxbB? z9&bE9<>fEiO-p_tW`OVKbFcyYqtahiV&f8HVPd4#jTyhP;I%NInd-owHJ_FhaR^m% z##1*hjd3XM3!Z z0d>?x^N1Z{0{6jGXQO7_q}1P;_jrP)r|Es-mHI353z!PXaEt@Mi-iTsxyei700s?M zPOr1xF=2!i0)3sk@2(uC&a{8JG}<7Uels&3O2R3xf_iaco=K5A6OYjUtkA?A75o}^ z?q{Q0{x1Wd_WA@y;$td}dYxHGHPkcr-YIekY_uePro3$I4MT zcz%JtFF;2gFQAds?4c)~^a&Cgycvn?4PzTFLlM+E3}ipv+R*af@@?i{RlBiCWabv; zX=OA$J;`2UM@>&pu;ti~R?>$REi%P;R{faOxuX?zS2n}ONj7F+V+I0d;7g|9mjjZ} z&!y}aea^jeNLVj@*Fe>0<`%qYYnshO&(GNh`h!LWgTliSo%YnA1?S>?1m3V#qzPNV zEe@eXZKV7g0=1qWs@rGDJvJT2Fv7U%3Ci;mz$J9&4Z!SwD7mzpv}?-iVtN-~le zCuQw17sBZFN$J^@bS7)LD1Sy4ACLfA0HrWP4P03Gp>)7;hJ{8>PtQ(HxM?*`hftFE z2sEQj@C?cEgYU;3!XE?*AZ=gGgjqViyJDg-XwdHHLi8Yd$xC9- zA?yM*4*Y(s`1U6K+KNPfu5hiHrfr)j zFyI%Bge<+5a0&lujfLa?*LdIhr|4A0_sx0=mC?WR0Ay=4m$z?!-e}sNzZ!E>Y z^;x0a{Ve(wckM?Gv@(wtNEXwDs(duZBfmsx9{#jK^JNp{@R_Bz@#!~2@Wu>m%)ot_ zfiIbYUp}WwBM)*q;$6dW#<)5+n*fG&m|G2sIzMFdGUV9~wPguhQHF zp4al}g#C%aiU%labCvg{4xwP>1`t+a9V%S7bYo)^=!y7*B&RbPl~0rboh-0DKrg9y z(jS&qGNcJC%;LOzCEcI%V;$hT^Ctc1sA*5gmv2&IRU5=f(19WH7Z;`VsD`VBly8V% z#!IV1LeHZv@jJ2h#{!gda-$vIE&#W-={XXW7HGYFqfL0y)q2lt{>b}m&-~}?` z#2c0bIOVA!z>$ZNg)S61?b(j*mPkIz(y9O#9)j0yUzm-clgQ#6%sQ&y(Y_=c1&@5B zoV~b_lBUIJW^wZt1hQAv5hxI?-??C@X%miL?sPb%;Z1lrnqhXH6u!Bz2om;eFa!al zark7M;^l>S-Gt#6q+eMGiVf_2j?d^-BcA=dXgUqy3yGcDPt_om@fNjOIeTue{1V@bAK8iSAg7<4b+p$3G^HI=EOqy5d%x0 zqFJ<~m>m&-J*as}g1~VXA0M9>2+8A}pP40j11oTjkAYAm3NBZW(<*g9%MJ>7V!`ry z6H2S}PrK0gSBkJD6UE$$?;d@(q3deuA1Lv{cOx_)K;;7z+3iuNc`-R6sK8G>X1*YG z6wHp$Az2qS*#Y{t{JS(1KTfc6a9_^9mrT@ENXwUVLN@ODF3-T1Pr>_zy5Y7hNVMD$ z5gHymyEs3xINv|-?V9)YxF_#TD>iJX-gNfI7`boJGF8mZFKrroS(5p1SP~pMLTWbVWQvh z;MIK;zuCmQee0~h3)m}6F~YG(cvJ!sA1RNPpyG?8|v%9=)=j`kHAKuyPc=Ecd)g!i!?sFgHAM5^uc@qm&c0Xh)AG*=~>>; z+}k&R%V~{9-8)N*@c({!ZkUB4?S-$edMFUAHS*tgLw8Hl2cE}L8_bLh1RbycN1koWsy0btaTdE`)u# zasA7ekO%~1UMO#uD;mAn+1-8O#EIYi_P585AM5Pu!Y0F^XQhDX={$pJg)Zk`vCJgw z;)sZJ@GWWgLqP@A?i#+=+g2FI`hUNjrO^kgUa@ijtyquZ6H7~AsbkF`P~gKFsF(!o zA3`rokwvU96hC?mYgA`e`rJmauPDeUE$?RNq2$Bi1+e$?7Jb9>feL0)t*FLb7GN8v z+n9lk8MyTfe98L38}06sapD^hgZIqQ_mlTrQQ?UR_J~MtO!PupnlnB=JT``otKsqS zF{s$-scB)b%}vfNqDv<{v(r$`Jsvlr%@JjHM%nSlVO1@_vJx*Gq#YfMNS^h$CugQ7 zC|GBU44t2y_Rb8?dWVveB6ja8DlANmj>Z%6!0*$nDBMGoQ@EzoFIzNZrbNW&=V>KJ zD7T}%qko{kr?;=It*fP_jhJXcLOcq9HlwICD(TM9A2uWuaJ99y^}ToBbx%)cWoFuF zLvD`<30)i;nK*au@}*1Vz^tgEnVCt7_o38<_ebo2t}_d>WjD%?d~}j1enCNTI3w~^ zy+b8f*<3#3Q0uhFdzxY=bz=5*E+ki> zd^O2Hy17f(f**r$ORPU6Xn1HuPZ)ge+?n6}=3h>pIMLhJ?{K;xQ~)Z_`40#MC9a8y z0^<{ipK{MMG_|z0b&L*;OixbFdZdLQ=n4xfP2qgbx6$wcr4f8uKXAUqAy)`pO$1Bx z2F(1DE~ayxRdhiN1&J4!!-In+r`&ygef)+&IW#=n)6>hR(a|yB5C%)o3{D~vGL6DT zkc3Rr5L@iDF#0CQosftLpb;nsVh-iL;eP&YFHeGz87}n&Vy?8yhcPydE7LUs}2&oT$C!GitCo(7V+zfYFGOx-D()%pbm= z<%(P}Zr?K86=`NM$5pu)>^w9ax4fsj=dHKi`pp|}4D=6VWo1RjxcI!TzV27Q`qh~; zXD278dir|%`g*govu$>u4jGj}l`X}jePyiskb5x>v8pT67)~o7$tON%UDnUsv>B56 z_ja3|TduFGd*jXDU`#yo%rgfL9%Pg^t81eiQJEP@K=PVhDP{yZesE~y!lg^U_~oyD z``fpVA31vN%-N3i_N1ibjEoFecV<9(3Eyo?ZiZEZ-U7z`ffHZT0zFpmPGO=YEo;`u zoYkCAizK0{NzgDQ6L{SyD?fGWRCriKOiWyTT|;$E4cQ_I*uT_()EPHpvS-w zYfDYFB_~J5#73m1M&)EDCnm-Y4G#8ncSBK&fJ84ID$17dIml`R5O+*WY?L!DEYvQN z3=ddDE<81A-Fbr+Cg;5)bDqJ_;Hi+HDTi%=UbOr67Vh4YTaagS*b%6+B-#{O7BsY)Rz2qARi_PO9p-X6dlB}<_a=9Jf z?_#frU#O0~`fa23L^3m>K@WhFjpyA<>k3RbNz4zbei(58t-MV=*Gw$_FXJu#cEpBaU za%yaB6pDmtAS6Uf2>E0|P(|52&9@i{P}9WZW(W!|^_q60yFpW?|W<2v3E?&A`Rz{#9H#gT%57JUol9CeH zUBDrelamnr@!zpNNwx&bmoZF}xakJ(k~uN_4QXE+VEKKP75{zy?uLT@eO}%Be{Wwt z1s|y6;U>>{h=PX%&qE%^PsIgA-y_c#7d_$OxK?vvp^K3bVWc9Dj*XL_79Abybl?xi z+Z{0uM+{wQ_b02lgNOgFpPk z$DepSEiLuT>C;2QLov}YqoX6X$Ovfh=%lXh?uPohY4>zjXV>81P=8F(-1di2-_AAV3?S&2?cOV1*IzM`V4yuAF%l`Cy+ZBZ^7=!MnS*Im7O z6{Q;$6~!G2+M&_$WdOik+45TRjWbJ18C`fuNLW~$7@w%EtwSZp$H%9qr)Fkk_VjdL zx_GgvsVOZjefRF&35kjD-GDAokf%;=gysLXsE{|>gwugYHq!9^;&uP4OcYl zYpbZJc;}tBPo6y4*w8?vBPk(~%15nDZ6}YPI(+yr`WyA1nwCltf{Pa~9y@yM!i5U} zE%EV*F|jeVbq&A$-EYsHJ>{8kk57ztb#>ghQB`rXv8AnZY+^Dx$`S3d+ihX9Gc#3{ zRi{p#0VsIsrI)|+o$oyQ@PX3p+p@DVva&N>uBiIDMogAtM~^l)HFLjlaq-{~H<6n>TM>x*4CnNG582iR8>{g z*3~j6wY4>|F)@@3em1tp-JF3hpMv*?fdzAwoOJYph9@P?tnx<^)o^wVs)@=4(58_LMaFR9=>G1E z0-TI>xsq*m$W!S1)8zsIAk@uJqyn9|Q*v!7DQ_~Wmq2VCnc~9`;ITGvlS2CX1}Z8l)6=syimm2Kol*BseuSef0RrOP8;7_w>xnxKmTp@c2JC{6SgS z^`@rA_V#v=fRxl!g6nU-`PQXNSKHe=YU^so#zwYm+0@qF^6Ovy`r5VY1lrr$+bJ)Q zl9Dz$HhTHW<>saam(u~&adKjOa@y0@H9QVsBFdSb9G{bw2FGz`di>nE^TWfVk3at8 z!w)}fcSNu{G11PXqY=gAawEh7BGmafQ-qO;-S5WPViHTT#M0rjeJ2o)T$Gl}{XTjX8 ztF6HTzaRC<@OH7(}A;J zSXfkDUH$s&uXBdc(a{?>ZZtGB05GJdr&DtQ?M|NH-CF#+DFQ#|a|If_8`JYSFUIfR z<-dFi-tWPqa3mZl73D}+hktG|pj6F=N^ue4Gt*&)AbCh+L{wN<EnC8y7x!{Iyh z(8H1cwM)^>{SR94+&x?XwZmHqqoXJn>Rw56uH1_%1!frEMZd4`%U_^uIRcaLGG zCll{bN#Iyx@&Xwi92%;utcr_|$9HeRZEtMo@9&R_c42Km0LRE09R-q^jf;&#d)aIe z&pz|)(_j7S!;c(tMZ0d4-<+LaeDT}geg65cqnr-E|9)*v^*6rpjUWE-`_V2}&CO~E zbkN`4efzzngp`+l^zy#Fdy|qAsAPQd{kpvyyw=|miqeoM;>|P`RAX{%ggWV>_qWTPfr6jK(74ui{F0a;fM2c^Qd3LBoed8 z%*>{8-oWrkOk6@yamk!=C%^KQue|WW^Q_*~_*hC(qL@3)O^-hI*w>zWJ}N32YmeH9 z@b9W_Rx!ih|G^K6vFhgM+dA4Y3JVGfKoJyXk;S(%MSlOJ>Bb#x%)kRS17AJ`@3)vm zGpJg%8o}wG@?#26xQ?uR)63DYMJucevS&Vvr?dpJo`|n+OXlIeyp#v8JgT=#H+@) zbf8H~Ggv)HKE-ncDW()idE zuqq+d)RYvcWEmOhPe1+DZQHllosJ8aFHgG{uud=(5)KlrSi@yEs7xQv+W8

5!BW-5qJ2; zx4xB~l|DEyfS;P2ob=KUf3SJ;Ch`ogUA;!k+i7!Nx^NjT^VYK|f$paAPE(q`>+4?zrOwU+vrFfuauNzh74H%^(mo*`31g?Pqw49blbLV=5uJiV7+nmlQ{C>VA33-N8u<~|4>$7FL+-l0!A~6hRnURokhSry1 zWM(o{))gwi_U+p_a&l^tQ4m=`b)i3_Nfk&)2oDdF`JE*W5@u$P@Vs#87Fq6azKiz4 zeqiPy!$Vlh&(Ht+|NZZu``UA5H_HCuAO7KYzxy3$L-jJ@{DObXLW7wT;OB%)yTlH} z0HkC>h{NgNp7{tqBE{w@w6wSYsg2bkY%@w1xY^CLsTU z8Ngn-d9&uf{kQ*q`t%t>`#X2;D%rHz?r>0Uk6er?_jLbYKYlmp5fnNK{!%lEdbK$@ z*_@Lb;a_;B*bvN8N@@z%B0Gcq23N&gmy>`QP=84l-^9o^UK=y8F$4F01~wG@N^v7j zHg(~({x={g*=yQH1o<13oD@{LJ#+W2ocvs8T&y=VY-o12V`09NpV_%i?`%hO^bBnD z-Mf+=I*?IPh??-yq+@>8)B}+uC246Ux!O`R)udBV8Akn1D}~9d_>zZXrCVvyG78*B zkO@td+1Z%b=qH}|${)Y_M}Pk3fBL=eeHWzNJu^8vI@rqaT6<5K=vH>||Ya-O#|$tjEg? zcqwUuO+c2N<~O6@!Dj#95B}h_pT7FqtFM0Jg%@(Ov!uKkVV0wuK1nsFC6$3#h5Tif~v2c52{jLgjKrQ5&${MQd2 zJTNjga`xOgQrE$#A>2VMC*%(?AIJjwrP2eWClLRl_fYU4DndVt`CQfian$iNM$A2(!$G^Y=nsk_8|X` z4397v?w-5@ml8kaG1ze5@4Z;xxWdK^m>Kx;LG&wDUR3Y0{#T~l2UW@;Y~idRw{YNv zpgo5h8s=~W$Hv*9Jx51}kw*tzF3JU;IV>hRBqhm_ogKS*Q{t9Q@foS%QFc%8;^g8y zv33f8gh{EoAkHTKiv**|K$3cC<}VHZYx!?WGnu^P061IghTxS-rcqZ{_x0;nGcz;x z?Ahsxc1WvIEt1>b(NcFvxekpY9cx38BjEOoW@XU?7@DqOmAH!OMb zz~f?^?#WTA>tR6fjn?)~q%e)bV3&x}GSf14m2R_z2gB_uyK#exIz>grz5N5t z%@Fqndi(nbzDmbhua{zZQBM2L((Qjq)3< zEzR9s(APSen_-2w;|*`!vKhaf+v&nq>gZqwc-<(wK?d4^gNJbI-+S-9j?ONU&PGOu zT+vaG?9gs)ZJqu7gN=<1S1wX zqwQglq}{PanEG%#=zUFHLsxe%pEftwU$}U>sks_BJtD$hTPt%;Y~=j;^Drd|{Nt>5 zcXg$Z16fiGAko;=NDO{(Xpk@p>b(3$IZ=@(o_L%bdI|u5{|}E0!^j&P9Nf2WA5a9l zg%CzzL1C1Wc+DtD2ejLxie6`T&&}%UhNi~kl$0Gic1%r-*H+(TQ;m)eH`LXVN4IV3 zHa0TT#J+;wz&Y6gn1 zs0iJbot2rLor4A%9v&iNik$eTo_?A%>5G@(<6nYbT~Sev0~#9}Gd?jEA0M}O&mNQt z10Ee2t|+g-mj&<5FDQ@-aHf8{U$}opDZdKll@dDA@mDeuAa&zDHn%j##l>yfR1zN- zYoju)%?>J#lZ{1!A1~$DVxk{=?6I`e)QXB5r%s=&uC5_m%^8?Zj1nvZ$vJd5U=)Id zU@)CJb+Wg&=c`XW^}_QnkT&+gM<1Oyb)v4Jma+w3efp_K9({ywp@1n111Fzc_-}sm z8|YWow!5nXe|r1&t-$G_;So-!Yj||L?E0npn)1|?#DctR=7sd}gv6A*{32}0vK!Y= zpFMT@%&G3~uEeC|-MjYh+jj`l<>IBwWTkg@bpjiF^IPAdHT&?$5atU(bYd@PZfN%8 z`s3@DSCqq(hZgtrSD((v%pkP^V+-})(%iCX)8-dne34|o_KtR<<8b1D0;r&1R5F(U zgn)oT5Qoslj_uniP789t_GzrIW6=QK;Zg3~wY$5!oAeF#0OjqTc;bm~z4#*2OC5#6 z!h-z#JZ!$+-fnC^I1m{bX()J8GufUmE{ zeYx0!dl4<Y23_8)Y($!o2X{*Y&9wntnmE>+>ilUVb(y#y1YNAqzUYOlVofDR~ zk!+x)+UCPlM&)l!#53;uZC}!hL|}USMR?jc->7sPI6DZij8S;bFuBORrq&o3E%9Su zSUA#@X&W0E!7~M$<-2L=>07pLi;GVf8XloyE2Mn-kVjHnCnUHDec0Rvww#`xmXnu9 z2zFw8D#{g|l9Wu5dK5M6sQMFF(}YXCT8Vsbhr z7T{_#tU6#DhD1D`so>T|Mn+Ki*iujjw38m)jqm#M-|g*m$MbC{_&ZL~#sLq^3~VU) zTP%g?mm;d#`0dNBbWzc_7gd2`!2ex+Q;7Nj9?bf3hD@_Dljn_^Hyu1B@l2^$$W8EF zp@?~DCT_aWN?$c}kA{eZC-Nd1TBInAgMZy02pxTmI0#?{@+sLP*qZ zu)y*r7~G!tHYa4RcASzYq$WInVKkWB2QC4~ z&xs}4A}n!fGsyeW_D9%=VR*^bY>@C~;x9Tm#+Eb_&J>|^X;R1)b#b+1t@gEJNKC(s zUoR&dJ&A_Us+DGdR8=w|9XXG7n_Hm34!noGd-jqtM`Rr)1Vgp>A9`6~en?4qx&TZ2 zLoUI$xLJd&Xt#Rh3cxE23&%7Ri&AHaI*;zNk~}7^vq7*$AM;HkY*&rehLhr2hXhFVP z_o^aWPhzySIfLjPX(A__G<{c^$}3uq(l@yY_wW@kuhvz#Ysny&xQI00Q|j3Y1;coa zWrHJ&U4kMsW{RfMOK*8}w(5RSQP%i<(ITVs-sA`g{t0lLHx@FAD*_826 zg$Ad(u&A)Kv{aTr?}cnYQ~3wIZmc@FQ#IN+Cm(U7@JTgGV(Cs5(&EHehKx`$FPI(% zsbAFIa0*;$&s@`zj+@esIVgKyKBRty(Mpe;dtu()!(H`BPQ9V>Kgn!u9D6@!U_-&* zezyJY;aUpb-*&~XELUr?KxciKviBVtXhqz1EC_L{E0+{aSrDBq8bLbBh$>f^%Zu}B z#a1Zy5mJzk{_yg$WVd&QMmUzf7agEq;BaFf;Ck|}x^z-g7IL)G14K-VkP@tXw#8lC<2taV>VH01LdK)T&qbFj>cDtJ zjrsb*85a{3%fLh}X%?UPS8j@)yxJvC6~Ek(v{S|9HL6VXo1D{tDCR%Zyh*{gRB14c z3SrL6*eso=UnL1bDiYIVojwF!YVugCU@EzqW;}8&eVOGj1CUz31~)Rdql4lS%(=h- zb~}uBNDr*LFbt%-TL_<;4)@%I?h|qMr8{kyKmvxZAa| zz%T*|Ns0s;fOn+Vt=fa;)|e|Z4C%9{Qzw`3zg9H4S^J^5i+ke!o@ztE-{1M(xZ3(> zU_-&*YOa<)wHB;u9jq>_)kJIM_eJ!ZcIcL3@cFNSK)rE=mSgp|Uo@YeiX2q{Ucp|K z!{Q;)bVOUZXlD^|q>TS++$;mqic(TOfnQ|HT}XWxi<>5}JUM27(ng!fx%E1FEB=rL zIJR+%MIDm(q~5%CsaI`ks`BVn)LRuB1T82-GJ58&d-FzH_&U%VwXF;XZT(}~kSp+R zhNshEl&HL6unlc6Ba>s8fJVQXxP!SD?XIT%a?D-$UU>7;&_%Vpxmlm$7gnZk8kKXQ zQ_ZJnTsf@{+wz-@7Y=r!CYP}utTolOHg}=p)IkdAQ%w(G64X963M~zERQ#)<1UZ$i zyQ1a#l7q$YBd{U}jejTTG+;f*OW*``%5|H`63W_{Oio=*v$e!l@UO3)nU7@N^ak}$ zvlV>%z&fF>!n!TmPjKY=1>U_l(tk&OnQ_-Q`MnsnIp^nMY<(^ly?1l?0H1k7!LNI9 z*10KFnfgw;)`M;m^Ol;7u6qFbG#U{vqFt(=nz$^f>I&XUuQ?-Otw&egDbYPXpUi~k zRkkZyyW|V1GB9euXhb0x3fteRrMrxEVByT-ty)@51%azZkY+6;0|6LdGrXCe;1 z4XsUeElW;kL0x=VT-}hW;8Fj^L@>9k^I@zOlP783SYJebX|c?=d>i|2nu+T-IIIn! z|EG7oGz|0m-QC;kd;~trVSYhnMt-mDl3T6d7jE7@%befe?`|mg`#ax0t?`K;CRJCK zjQ070MwQ~RsiHB_**PPE{nFg$xmw<&fWYd9iLY<`Dpff~NvPnm{tJ-m#wWA-h|4c3 z3H&lm^}5spTJqRb;`^)(aU4~#-5VCYU+fwQYlLs$_>8Y9cW8N{#%M8ij8XOyr0~(- zj1n?)E2O(SgmV8lagS(h1Gx}aNDBTW3>&qJX z25&$D`P3}8p22!YZ6r=0E%THvXDm5RZVU_ej2i`ys^+WW!5a>NqWZ>4Fq^@A&FD@O zeV6}N{D$}S7-Mv(vFP*lt+`bbO=B*4uwn^1MV4)6&8i9Z`&$G1b)V59>lEl}&KhPw zpjo!G#GmfjU7?u$x@~=O9j{0(aSNwE$xyH9vn=-nT)-ss^-=86= zG`k-r#a)}bFY1Xl6#N%t<@8aMXV8i(E9`EhwIz)$jqHDljq1{>FN&-N0L!Xvt?yco zx1~@NyH=HB0dVxRHhpH0h4HZo3;29fQ7ee&+-#GB#ie|`%_ zuCMe0pC8lx-J8**F89quu3HK9ImH zy*2q7r7`xL@zj03wG;p}d(2#SX|enoOWw6UHJFeLN?XLy3`uTDm=-bslLe}1{aRXX z{m!EA(ti8$?(7=BV$<9NB^azvw*?s4X5U!*+)NrL@gYfTD6qh3G&6aBUVd$AZO~gQ z@^wzaXBoCkn(sNWB0IiF<$arw&ocfm+IKe;{1;@!0yHSn$Z*+wV5|1H~fX5+0m)e1eTUoi0te!&=HL}Hl%a==B<8MZ99bqtBiQ7TbN@`Z&l zhs;0uih)p#g*51r`r!}DdRVRC*K@^BC!cg$Bp*ccAuY+^TR{Woh#UZg(tU3Jlunj+ z>*e1q#=Ov%K7dPz5f@`oWIr3+>+W6rZr#N1!Fe_m{1;~t0|kWYQVaDpiqn$fOKzW~ zGW78>;(JNoSUhbL*`=1Q(xd#CYTyZ1OwVe0y5{`(hw4}V{^5Nt^KJZ66I=+8BfJCU z%}kl`J}tJI{}^+>fw!~f3p;e#^#4d<$$b=d(^~8B#uL&3wXV8Wf-9FWm8^ zG_%`Wed&~X>A+hsmofwhy;Dt)vtSK#e!~*5kON-?eGLU4u+5~jA{l)evk$zY+@*E( z&mglki_c`7z(%8 zs8Ujb^wF>|Qcf@zczS5chpj*sgE1M!*fFF8A6WGHD0qz=$(^a;s8kFK$1=Ao%3q^4 zCJjd>)<9J2e8z7vKi1o8nOVjUF&q)iztv(1KB~%wg1`NYe!5TB$94I1=id0%U7rCX zI`zj8)~vL&K+o8x%tVSwR9Ld7wadIE;*GL5NHPcTh*1Go9&a_GjiwLOOv`S!+~VID-XU zSa)izi_eDOLT1kON6%|H>!Jw^3to#DD}}2tjqy5+OLNoCnm!^sk zrG#WYMUN_(QZq$$S^e{V>!)e8@#7zW8O*wew8pT5r6rXgs}oz_uqFk(kwjU1X6_=8 zptEH8u5TXhJXdBnF8@*7NY+#yMI~7H&5JvqaQ#P^2Xo`a^snn7*_f%%eFiM|!;<1A zKy19OTLEjr>-NEJ6e~4bUf$92FZ?OVR0NOxna#!y@X01iC9F2*{ZU3^?E4?2K#%G( zcy4!LrqyyTI)2)sjOVc|BEI7Ng&<#UN82*I3{L2)eAeHWKrgzD0)sjbI7iiE! zIu2Nk2Ujh$shzO)vg!#j6ErMh3MMjj0QGXuN;Wky1=&a%C6SU6E8Su<$t#|<6JSxX4s#v?79o$Z`mm} zJa{9>R{Y%UX}%lhQ`QDKvVE2nbvYIsb}Dvc7AS5Z0B3*L{m3A2JM+l`cM|bfpywOcc85 zWI(YzTz0-nHC&IEH$x-BOpRl?mfx20Z-=FQA==&C@G>vZCnZJD%OR3uxrpaE7lghC z370si3A*bS1)z{21-L?fC)c;*7&$=%3Ewh2D=9;O5i3npY$Y>XpA%um5cs;SFy&kx z@9d0}>Jf{SaIF|a;w)=N1OM6ltK(OJ7FMDQt;eaGt$4MRD4rLkCup(o4^~c;Sxf(l zE+4aO8?mb;k3sVar2@177a-5tF4sf#N39QN)>@w?-5$O{EXI`66naU(F#k>Fa2grK{rk7h_r1j9_3 zdJ%WV$MwH%|JJW87ymlW1{57#2dVo|eoBFB7e_UOu_F z%!sk1#xgOWD0P6eSuV1DGG0c+r8PDxFXOlvsi&Hfh6186=#B&ai_YauX^kUZvYg&r z!Z4@wHhj`e6`owv+_BLp{&g|G`{bx>8Z~hw@m(4X%a$_Pebza3Xo5448R&}(DE4lt zD|3FtG=pZwjL|?Cf%~v3I0c@{>{2;pz?l7$7r5Ds?dX5$F;O%jw%fTh*fO&O_F(BD zb9aH~4E(Bg4KOD&I0$2uKnFV5<3XDNSDI(wsp}>Da?>bCfdRBLjqK>mM!z-D z3K0UuqY}i03Ziq}jG*12p^OLL%i$2+2D%_EXMFiY7Ug)E6f_HM;nI53%cs&ziH0gT zEf*af8KngAubrlzLY=c1Kl3Kg|7=7=Tqg$HlxPix3JINw!R9-bF^ zD&k{1olYiya$=Gxr4gdy!@i*T>KR*_LX$Qrkh}Q1!D0)7d<+kb@B!l*8yiEbN5EH% zkgka`Y0CSz*y*Bgb^7EIm~jG&`z&cSwG4=F)=Z~G2Jd%l{R0bJaSjR~y&D`QaIcy? zMw$q_XFMGp9mB&TEH6X)if5d{({ukX3?+r%rj>+&b*i}lxrf?spJRy^wuz?%9jN)viV>d_^I*NofEvyGlu z7K!&iX8JAZM2FozH%s4q6W>>w0nGV0^K>|0T`rpp5&2h)iu%kxO8>3wG|Z=h`hvv1X{>20~&*0 zuA+?mv4pG%@QQ{~7*+(Gp(pA&^(Z4>jNTP9Kx_)MJCGoNdZt)Dt|s;jdrEiDZnQKF;%QoE{Xf;Ayv-n-zL_VByk$dh^l{`z=kw1K{esfZ^v zaDwXV>*;VmH8rU_0c%ebl{J1ztrTRGdy?w-e!a33^--Z2yx8C0d-dw|*48!-p^q#M z8D28*zM3HFT$>auqkvbuOx8x=qqgdIdgGosbEc}QiY~n=$;q77L;pR)64mA4-nk=? zaVA|SK_}jPYGp=0-O<^Zn2kn}&wQ=Ef$T!k8Er3<0zF1|9O*4>AeDSdeyo z9>Z?bScaI^9Ll_z9b%M@|NnJAFU^vwXWg|b2h`+J&sz*EjXbD5X#NIU>F*yreE9JH z{Qv&Xi&&>E9%77{u(K2}y%#v=gVj+Vp%R;h{OgL=$nkpkEXS(+I! zH@#$1D3Qpw(q_4Zc3|p+=--BeZ2TMFze}50O-$*{VQ$m+m1R5f!P5h)o}xRvu|cx) zZ->B{dhiz3GDT&OLqj9)zVl9fLzAgZ%k%lnGtX|`yv1&Z7%b|IFd@&j@1ST_6_X?N_{vGd8No*j4)O@;9v)$%sy&+K!i95X*Di0~wCTyGo)RZMEcD#DOZRH3 zeCM6@dhW#~E?>F!#N$sLI<${A!ZhJi(+G)8S6Qm#A>rrn9W6y?l#o)u5ZIEG$o7-O za!t|;Lw`$z!loU5nb_9W)_2~0ue)#Hl~-QbRk|%?VGiU211JR0o|3&t=Y{!!zP_f0 zy6n7ytn3_d1O*31PjOMKjSxC0M@EERyL##Hd+)}@#=iX0k9&HDe)HyUqg?hEU;I{X zULI$oKoARVvqiE{#zAL05vviMq0tl0X}nvZOo;m}8t3B0%SS%^C_gv%D^EOe>C(m8 z+Ui4x_CEF1C&R)b!AK$_Z0rQnnNW&Jhc43MXLNM9t+jn%U@R}MI3qm+(~b*bp8(}+ z=f(&c6pLf7&zkV~f+a)2-xF`@OU zmzGhhAcqmMp{MAcU&&$g% zE-q05rgWm>YXXbv?JToC@5PgI@6WjrgO_LZ-p}*hxdNMhc6On&qwB*Dj~+jEvbMIN zsj2nKl^Y*@c)Y%@dB!7JMDm?2P^KkYhKCg7 zOk%N`R2ONp6AngKfi@zT3>SA9vF`5N%H2PU`V&f!){?9I+1Jza@sT61|N7Tw&zx;- zX=!Y1ymay6@#DvF9Y6??Q)qW>!5S)I)VaBV{(cMs>>W4?k|&K2QHqyH90_@nPbjf) zydQoL8FX(W_{xzctsK`3?W8j=jAVYD@pv?seSrXENVs@Zh+rhC&EZH-OB){>Z)T2sQUAn}?N7y40k`ia!)6LBdqa#C$b6!FimoHyA zf9}HY$f&vpk`W-4uZ-_*RJayL66`^02SL<@DW{ccOvas-3=*r3XTd{mhE*g|8XmF? zvQ}7VayzjA9nsN%2LnTcS>!#m@xml*$6GfjQmV$LOA% zeFLKRJwDb(_CrzkWV%1WN&OD0Y*G1{o(4@~>&^D}4c@$2yKUR{S6+Gf(MKQ7$;qv% zs$@r|r6&yy57gGxR#aBd7kp~U9UB|R-ma)9KYH||j`p_MS%oJA%i;i|E9w~odGZs1-XYVcXVRPX_J3|_+L5*9_k z&zIe}@xg~5PEAfd@x+tg`~LSIedMwH{KBN9#LSHJ*qCV4d0%fYWoam9=bkI-|y{6<-SUmxB-Cqcn?c6L@*S2r{? z3=9l8oi0a|V|Zk&v!kQCr>mj9Zeh+F?Q#tD^_E>PtE{T-9~cUcw8g~4px4W;UL6}5 z-MV#Ka#9i#-qhTBFQ-h-ZJ6YD{l&fFw&EZ{=W1=MtEs+;E!EW6($_Z>5#g{oYy*RR zEp1Ih1H-k|)lH3cC|l+fauB z7e_{7`4OxE)8;O^yE~EoY$vb;?85qnhL)D*iHS*~*3=H%S z4h}%abVWPICnoCa>KJfqYYQezTtXs7$c2lS-hclv2uCW>ji8Xu_O^=`E;O~YIHIG% zA|m7CV!Aro`g^)J7Z+z{Wf5gKcm6_sbF+8{A)&FcF_YtCRTbq#ulSjmm`F%WM4@tD z*RNlzspj1}s0`6OBfNF#N3ZEI<1HKn2&>R7#cBuR91G=4m@hp*h!)Xa)=6Rzmk z-u{6bgwtl;m*g#P}mM9<%5E_dV6~ZfDOh?ds}-; zb4ycwBeojW1~bD`%#C9>$H&EEpRr6lk8SO32(-k+BIi7 z)K{~z(xF|SJAW=F)|FR~-O}3p{^9p7T(|%(Jv2O$kdVYCy>#)ysguWBni`3ij*U+A z^^cB>Om=j39Xs(cU+n4aPDx9SiHR;NFaP<^f7#yA31*d$5O4Cgq_w#TU-_Mj2W7&R z6uf1BD4WK#Zy~rjH8p+m#EFjf_OE>9u@}DaO>Qb9BO@m}Cp#-UD=UL3_~kEu@xkH4 zX{l+MnHeCLLxY1ugZ)YI34nelPoF|RXXoWP?UB8`eMdh&+R@hTbT}?wzWml(Z{9%Y zmX%FRjOXX)AzwcH@WV4_&t5oxv8$^aNF*jUvAVkUop;{hpr*!pr`^U$&YwH`o8P=~ z;?$Xns+xu1P>|s$dt_f%$Jp>-c1{*Smj1y3oZx#swf9KDPfktX_T=SfLZ2!xzwzM* zA00b(s=B(auXi98SUfiNdcLr`lwiT zcT!ht^VJLIs>;hcdk2Qcr;y5R?afC%{^07htK}6pheu|jqhk{j<6X}1p@Ht!zx>57fq9@Kbai&-=H{lRrVtu9f8qSEe)X%%moK3zQ0Gxm zQK*n3AANY@#PO<|6@7h!u`!7e;ZaRZEx43BcWqr<@b>m};x{KJr8GCU{r0!-96Nr3 zsDFD~XLnccg$rj+oIE->*c**mIWThVT2*2~iqjbjLjK#|y>a^ViL2MHjgF2tH??26 za=oIWvbMGc)e;{cTUA;0=9_PwIC1jYwQE?Pgpg8_Q&5xdA3pr?k&oHly?s3y8L1dL zObRo0?AXzB=guP#a&q#(FFyL{$occdwt~D|k9%sU zzc(c*F+MJ~qT=R9A0Ml4Xaw6p&k?YwuBv$FowqMuyx7*(%Gok9v#@u|E6U$_=Ut`? zWeJo>JPV=3g+BW5qqFDEUA%N@e0&0&;N+=OmoHtyX3ERW!(@5?{r69vJbCu~x$+w~ zu%Ge@@;o@uUCh`V&m)F%V?*OxZ~gXz4?etj@e8yQ}l~(G$Jh z{jJR%$Bu%)0Zde50t}A~1IU$KzfOpaXFnq|qprSzsKn_rr>|eX-q+g)V z9zBXjvUksJ{>A1&?w8*v#{o^x$S5i-!t=pA0@+0FpFVXaAt7#aNl8XpN@GLa#~*(b z<&1j#$*1j6G58_5Ik|~(F_RlrRwZOv~=pUGzoB|VOwjVn5P+D60 zz`#I#ePe7)Tx(l9nvdK#e7mB8{9x9=l~h_xhDKvz;$s~V zBYj;HV z@zHMY42H${*uSP8n#$moR^=Mmz|Z@+S+yL;uW0E($ejPg?ZgwT_`+esi?3xDKQCU zhC>WN^2m{o+uGW0Ev(hF@7c=b(@}+zH8^M z?c27eC#Oz~jZ$1@&%p!RcJ9o}$y%KC_O!RrV<;y(J197;tEZ1b`%gXfbb5LQ-fc^B zQ$~7PPEHm2<}aK(&z4}!TR^n7Z|6>L zR^No~w{ypKtVZ1KlPAwij7^UWPhP)%Bg*C4xuY~UHwU=lgAYDnrHYD+HO9%zB}edwWwwrts&n3$*x z#8AUtT$WOFub<3&cK!_of6u1&Zk^Z!4YWcT(h4KGtE&%d9g-b@*vV5TFJ3&KmX`9w z6OWZ_DkQ>(&(Yi0-`(4XrOy_B_@P6k+qYtCr>AE8_?1`k^Gj}&SA#2l_j})c>ggu| z6>r|GBBZ=)=kDm3nDFq(-MjbX=jRig#*&bnme3F>dSwN(9w@rPN{AjEFOAZ*#3_*s z5O};j1_jx>XHQ~cf@aaox3#ta>$zO6q0teC%eDW& zLE?>|@qnKw0L&er5ulEzpLzQEuYVnWTyJ0RFMj#U=H_PRlhv-RtH&~sXmL<55bHNy z_{Mi${5H-Jp6I)8znhwx`6qw+S9=dU5|@w+`Wod3iws+AZE5f@p4s`+XU`WEmE5f@ zbF1^*BL$zHk#wW{68U#KcI>j-qTAbhI@-G?r^Z@Zo1m4Eh6lAXB{}PrmwxiZS02yK z$*e-d*Hj~y$0x=Q9z68gtAD(A-+rVjgn8BoUvp%5_~n;h{?7NlQ(RQk-P=Frp4+>7 zcYbEt=wKh8PE1V?j!m=uQ<9Pn?%p0wIC$3k_|wmQ?StQxh?Q z?|tuk&%f~eu3fv(qks^g3%JW;<0C!2tqlzwQKH11)XbY0i6OaLN7k{=wmi$);(PY&1+~JA$j!<5-gmzH=wlD1BqaCs z_9UdG{^3u5x@FsD$~Vrsr@IBp?#|CE$jr(co0xV+$NbSB{t=ezFMjb)SFc=3PD%t4 zYi@1<7-0V&IB+m2F|n(YB#&-%XIFPOGr(>pq5<&!qnBRdp};K$75m9gev+7!)YjgP z7-?*7s;sWUNc!Oqe~6gM&&y3rh=VLNJvrG}-$3ku_*dEW8>QPyzyJLoJn_U6=y>m( zx1oWDE@tPh9aI+}%20N_JjxO4u*Z#$Pd)MY6W{*MH?SChIx4HGzV__1-~ZnCva+)Q z*xq>ajnUCj2Ez*0*47eV=emeN9_l~-qd$K7*{3rzGl?!B4YqFE7VU~@ZEb(-(XV{( zd*27VG1Z`@Y=B9B2uNPI*AM2sJO2jB?%vJq-8{2s_t`mHqyXlyltGXtCng97g1@Dw zr@ipP^E-BI!;k;P&wqaX+7-aK!GV4$GdAmmB96Zk+gjB4g zp0+E>1sb24oci)huYB#pK9F63VrQZ^|B z5*}VqkWWm6dHm?Z58rwBorcB+>(P`Y>vYbZg)8M z?c4wDZ+{0$)W7`88%K{GgSbb54_Hc=Whp7i1Y)bIZcdC(-Q794pJ&5^cQ``ECq{_Q z9zOihsgoqORS%Dhpy;Ni#$sZec!Wub=?++FA;CF0*@QNzUBfF8s3|p-)q_Bto12Hg zB~C(YB{L%nM8xK>3%d$qZEkk3zwgLLM-G4R!F6KN)z$6oZBmm?=+nU@S~%N*ZvnJO zBuPq2Vmw4*IgEXU4fpPQ?;SgSyu7@utGj)Cd=zYqdaqPB;50m8f26&*sCe_1 z&CxL~fDayCk|aw?N*D|;hBq`c2oChEZ+#1Bfrtjm>_&MxnhbT7k&#LGi4Z*-pUscP zMfJiSFy~BLYjF4@WzO~Inl?M%itZiJC@*8~?>U$P>5dwUUdc;}1+6J*=gZE^8&s=p(E z8K4p)`Gi~<9-)1kWsfj#xH^2@s&Dvv0nu+L`1>gdKh?F=Q-$v)b;tC@^O=>I`PgHR zVcP%oU;oXY{^?H-9@;lGJ#p;#v1`|^?%%)num8dPfU%D zjeBQ-vf*~w93~eh$7NRn_#%g)%T*0al9W*M!qCSNn8;AENQ5Jl^V(}H^dB8M zxSu_sP0=LBk8_YX;BZF9C&Z49j!lfaSxtZ<_~AAHjp!Kh3`wL26=P9y0fQ;6FI{Ss zgpPeMZSp_Jd=vVi91}b}J;@-^VO$*x)n>E9b>&Yi`=_7&D%cXzv-?*U}s^Tngg{2Xi(Ze>nCGKT??(r`h8s2VJZdQbmG8(82s*{j+0nb1}!J z-EO>RHm{Rxy6xN8@IU<%`S1Vu`@ets>8G0@A{_Y`v-H(hU;B$c|MO>`c@{qW)btb& z9TqU6f~s_Ye^eLX>EWS)C_=_L@=!fHDqyO|zKl}O5e+~fPv_+;Q#6?Fr zseOapL0UjiaCm6AWXH+u&CX7YkKvx!BI#%h&@c@To~MaohG7x5NSgzt4407WV%}+` zU=kd})J{!F`S!P8Wc!gd@OOXr@Bj6`{@37moT5L%9umwB-g6`zqKK9ry%wX_k z_Y?;B2${9iEx|9uAwfp4M|l$PS|%nZ`Ud*D2-bCXPfQYPL~X0qUZ9>O#d45<3$?ZN z|JVQP|9buP-%L$TOTQ2kh4NMNwnlPS?(wdiL@Vp-Q)r5+XcCoz4aE7v!Xsnj;tL82 z;XQr)F)qh3WD2pja~IBExOAznzn>`P>#zUIKm5Z#R905denpFH1jWQgLmsBSTUU4I z;9x(PYG-$^RHOm3rD)m65RN1At8_T;xf|G3UYH?Q4V<46VqxldZ(~yvt1~n_jCRS& z%A_m=acgoCk?c}74)$emP;`_7g#oxVK0X%X!nkr_-d(?PwXT*jH4V7DB_*4HTlo6O z$S~pgy1H6?dXlLitMdS+XQXZ3x+N+qhFVD@qoW=#fgUjfBgxAT3T6`UUD4d_9j&lg z`9O_HQJJhShN3D^UK1!n;?Q{Zj13T;TWoG_70X~^oV;yg?ZIGxNyD3v!m5Dx;$}5E^UQy22@Sza`_yt%9Oadl|Li-0u;Dm70MVHUdB_zhP)v*Ak z-BU`jAjb?NS!4*dh2Q|=6Fhf3Q7jE!eqDWiM^`6s8d3115LlT1SodIA zcsNQAGhscC6#CC@b{Cx7b}V6L#<-tMZZ3a8T! z%mp>1i`?hH64@?T7&aaP~V1C8$p*#g%Kv)>cK#JJd9KgRk z`G|g~xtFh8g|Bex^l4-k8k(DW|NZyS9|sQ}05QhXA(G2!hK2`)C>OLiGB%DWaPq`S z#4B>JxTugq9KU(vjgOCf)X;$cJ%=iSpN}%DtgJeE>^OAXQ>V||tf@gd;O-;Yw{PE) znVCwJfooSUzy9mj;X*gJw$m^rx3F;EzTIibv0=d^^?Bez;yR?HrX?n)eujOsuCLys z7<^$t>deekLtPWlkKvX>PriQrGRbfFtedxN>+Tx3aN%lIW#!qkr|asgqoSg}_O<75 zsZX84;U-(~>V*sE+dJA09X#~)=bnQS(bm#RLRUq388#N6Qe1NSzCC+pJ=3tjPoFvo z#r@a6UUFAI&lKR7zLw19oYG73}vLBg9ZqV0Oesa_Za`> z%NN_*2kf@^+`OW((V?)=x!t=Q=VjhQ@p?AXbZrvdZ7{&iw@J0OA( zQvj6Oy>lm?I;yRsv*UV2WlLKdc4vBOQd~?_L}=(B_HJuiVsZ)v2Cm;IC#uc!9v2fm zJTw4q!5T3SWjD&f17NhEu;I@`R^UG@Dw2B8{Xhat5%w#dHwJNBTztucl zAE`#Wx3u;3jpXE@t>Zu-^7C>sGLx~BIC6Ms2vQ!&7eI7qcj9XoE@H)>KXT*0U8vdxQK|F#$K=`M^4@^Bse_%-#vv^$()`NS{ zhJt^<)+QkND-a~&ZSW;i(p(D91qTs4PD@LY(h<^$WYO-hMaM*;>hNZOnK1B6OLuQ7 z*-GYja&jyHDd8ooU-;fQPjG|N(o?DOg6g7>R!(*X;>Hyf6CD)`I~U!rRcxtDAz5dp z&f^2gvoo-Q)bo?_CU_*kxeS{=C^Q2N4MnI?qKkjgpwzv>+lHbHq7IP|B$ixQ0-Sqx z?~aX)2A-2pqAhX|`BhN?-M65q2sMp;0B`8PzP&q2OYvinUpOlq32_PSzGFuzHiQ)Z z6ig4mISPVz77Y2sq^!)0l9D34BTO$`4qOQ0p{|&i&D*x^JM_@z&BcxgDK6}aa)Kq` z!fxHVJv`EJulM3TQt+EM=TN4NYOT=g^7A)C5y!^L%uFsSDrBk)3W^&W$+YSutspMe zm64IMXYW2}WnjXHV5Su5jJr>`^qb%OR&H)4E~7otHZ;(Wo12!Jvb}W2zK0&!x^=V5 zVFRa{njD8aU$ABSuHAcgm2S^YPl}0lNTucoM|5<;j?(Q3iP002!_;6&PR-b~xpdF2 z-P^Woc0@v_n8$(d>m9y)wE}|uBac10W7iIx@>%a32^VB)?c0Cgv9Ek3B`t~2IYDTt zVkAvvf{TiaU|$pbraUy^2C7YL-L_}fu0xwkwnaH3VdxhYW>5qY8o``5lsx~w-jM?b z_V3%b)9E7C5SEgh344Qx7-jx)bMpxylVZ1N)7G5aT=pr+@$>UiQ85dWSau%UfP?23 zyx7&GsuIX&OR#&P2t51vedqK`{IZP!E zz}M&a|37>G9UkYkrT2o!IY$B@zyRi)b5xd&ay&V8+kM?`_t@8M&&)H|*FDeNXYBdI z&)B}6?)HqYyWM^AQJ^R)k`yU1XA&eq5FiqfbIt`|e(%~*gr^Ygf>#Caz`}*|QCbi( zxY3d&%hs)9qC2v(a}$#imn~nCm>5IRU(5-3-+4lrERsF$o{Y>4t0jfe!h_5KxyV?V zl`{+CGCWnBWK@w+3=cR*jUjwexwR1yJkcbt@_?WmaH7(KzY*5$V5!iS&#Pw0E{*2*eOa(Wmh6c;ZeY!($M2!9N}_ z3kr*fj*i3HPqG-kPMlNS-R)SU5))Ix!(!XpyOE~J8^&>uJizmVgpM83g4cY$gZp9M zd%YMw8mXL@N_kUKL!owbfCYyYsx!*S@pN`}bn%-5@U-C*MG=vubd;<)^+Hp%HOiyL zL<7a=&z<}0zxl75Hg9_1(Z@zrG&Bq^BSG4T49E%?1~5osnS_f$C98@$j_(tr2uE^r z%%BO$sj9I)K1MNAJhai_A%lJ0oo%hqGdeCIGCnCRHX%APEMl}TDs(g?BJ8c#UO#mB zG2=hYp4!f@bVMEEO>G0V|Y&!D4P`E8@cxZq+Zd{WZY6Nok_hF(O&CJL`DFk$>80Hzn08Ut< zB9Ew~)Y;WKIM~CDqM~9F;zw3C7Qqt4L5;8*~V?#zpBS(8v z;v@R{yXc@47L}Y59~TnV-_g_9+cy-SkQo`B7CIJ|iXS9;Fm$YEe5C)(nQL$EKRmB+ z#iLI?mY$W)LiKj_c6W3U_LZ2JY}HIX{D!Jn>G56RyG z(NT$Xql*e321!T9x+$;M)iM0r-@aW`R7Hru_8ptTB1TAxBe5ejHF0dLzq_Xq3X@;w z8II&}BV7<84-U0?M!VV0@o_0pktvZ8sG-Q3p4iwZ)mH0MNT4v@GZq&g&(;OT6u8)> z{fxNJoKIAJRwl=EW7UX0` zhK>&Pc9&f*`Rl*>n+=<`KK$fUP@AxS04|HvlChDN<|eC0tMro?;zbh@%sbx0&QY{P zbTq{wFw(G}SSjdcPMJPp4p5Fc2634fx542d8OeLP5hjQTR)!8N1&J7MT2$08fBl=w zmy4c%@ug+URucCE&C$6D0gj9q>+ERm>TajDPjX5+efwf!<2yTvPwdahh4ON&!=UgD zsBDxy>G;_3ixFOjrNnv}OFl#RP<sK3AYhIn-oqX#J*v5hKFXi8HKPtT4P=Qqmo7^aDtl&pyWH6o?w=h$ z1>hAyWP}sOV|`S;ZdIzZusc;O9UYI3i$=F+vYZM{;5Y=T2?GRF2*>c=!uZRTSbJ92rxbSQJfV z6mlz%v6&xLc&@cqUExCH_^qF({1@l*}T?<>}g~t}ni(n&| zDSVM|q)5O%GHQ_WpJX@0M8MtD21fO?Rj3?qW&gl%QgRBm48{dN<;18+8hB89KLXLG zyQ>3@5PazG?nOk9IcFH5EfQZO#pCEdK!3Z)$aob|9~ve4g6iGGoGEY#IYi}SqYw@O z;E2dD6Z;5}Q%DmK0uxnFQl>iYId|?Ph2FMq+l{u(xmaK0$?OlMLSMyu@4rui`}5B} zOW7aQBp(YQMtPwxTh8AH{+*jUIAcH+c^s_K?)+qO#)4?z*9zC9sh!=qz;Q86Q&!c!F!l|+ju z9yB@^hDQvAhS4B^kT)XZ;tDI*$R{*fNM~<4xWHxMK$MPG2_Zg#Z_aQ7rxbiiy)AI zD3~xx*{fx(ismCzQ!H4u_C=ioCJj{qX>CVB??$PO7)u%p@tQn*ymfbaJ&w%82 zLUP~(s^O!O;T{Ebb2tU~lUVpg>{85UQ!GVzRAEsR>Hi9JKf{=%4^&GvSCq z!krm}YnLZgg{6*S^-cEi)-06f$J{OULTQIq-V5zV?bOuJR8AuLxQtl+06q*&NJt^3 zDK~ExrIyg$85+_jI~2KwNOF9igp6coWiSIVX1el(g{7sZk=d1-my6?>%kVK)amM3f zo}zK;9UMo0O_`Ek)H4FchH*h{CJFn?bHf?KS9aiI7T*hscyj=kCaU!-IWz zZ+JM^#h9+r(z8<1(rCNFDp+&gP_T%#fxKw?7Kf!V`isEp5%U#SuyqfO2*cpb=F($< z63?n&Lc^eM4rA`s7HD zN3K>A1S$9Y;z-S8NV2TT>03ywnn;-nFA{wHGv$IB{QZPgfny0&<+Vy`CSlzw=`qDq z1ovmthEjnWSCmRL@PI`q*8@Jqex{=WarbIbg-t#Rr0<7+lRRo2sKgG)QAS)=n=k8+ z4&OmQ#(FOeUcDX!LdH)iJo;Yn(i#{(KMbCf4y-1z}b#c=5d0vCW3(KHH^){BiAtW`y8 z<=AjFH8(?R0=uzhQo9C%MZ;{wiATmfgMbsf9cT#W$nY3WAL;8!h@-4ttmv+mCqog) zUNVO&SBLdg7%#b1s!be%P+|?(6@;OJ28=+-%qAJil^Euh zVI+JRd@6klG$jcbjnTSkD8|AwhJFe2MVKI-ACCrHo4K%0#8Xkaup5ipb15by;Ys4A zV3iCC%Vy#?Q5!d(3Tnu99%u7w% zP(Wz_13n>0jgKL&hQ!b-0d=e=E_4iNRSVnL3E^mMi2kBCdizz=WDT`;$X z^7J6gpd{1XFJx>4Z9im;-se0!G?p(Te9NFH`96Th8RNIQ4K$6wQBnn}PKxSh9MiQFNJ_#YV-Xy{ywu_s& zYbC^2uC_SN8ujQYjgR=O2k*2d@7lO}2uuex)kb(AyE|1cs6@+yDE-yt zusZckrzpA0GC{={jQ={8ci(LH$p(7q8P@-s(eqrIdaXFvh;Y1dw9r5q#d*n>JkH>U zb)^KjWx@wF!0AZr>DKg&PkHFc1>zIyyDJut!o)i?8?MjgksjcB)yQeI=g3FkI8_fV9WSU428hUzJ31@5^wyprqSVR8M_^n%%{Q5H+UM9@o6 z#sF*>6!-|I2Ub}TgfuZ{F-6D6BVAuFQ}raG!4sY0E|aG06Y748BSzhCwI!@#zo}{{ zO(ye!B_bkl#{J2V5^Sg~nR=9(g+pgqi!S{G(FH*&ilPs#Z=no7v}ChD0S@C7wSa*r z>RV{jVqV*?9$*=_O&+nt?_VC;<(am6z{RS%t=|Dh{F4e1mp1m*W$TaeKi3 zvhoI!jjY@hgOd>Hx~myI5sYLj;v=VOGdF!M;;Z$^rA4zx!@ z>n_X9*ZmdL;P2NJoTS0)fi)S~X#?hWm;ITiK%%!;v&^=7rr~`OOpQ;O&M(dfYv37S za{~aTmPlc>Ht@PKEJ+7zTT9%QVoP6CdyG~4DcZ6A`^I1;CNe2YRns-y!pI~~hO1V4 zwW#RO!GqXKUwrB1F?!%EDrf?plv>`fF_Tr7iIVwp@R(SJmsyZ9C7H9R0P)om1G~m&wm`HN3SsHqc z;{-P&rI;6Ni1VmV0{Wr4q3mG-HDfMug<3`#AI<&)ikXdFNtb4p6cdy!+A<-{4Ztsu z&#`HTaB_AS!a)tIg68X|DZNK%1k1)nYTdqNR~nLJ8H$mEvk**>qEPs_rY>S^S30Oz ztx2V)NgCZRc;`?6UuO#`0TkaPhoD^8j*XAzm=z$9A^!wFWU@V*`*8L%Xf&&v5pF?H;qT8~9;|69k$Z zY*LIY=jOi`xN;CB_Cy(zK@{AmJa$o58$;rS3SyYVkNjkLv$ksF`Ex~{CO8tG%BX1K zv-x@?^k}b{^NZgmyy;v<;>?7E2O%;EQ}qBqZv?yW!T!N0Rp^NlVPhg?kR<$wFxa@5 zz5$i!K%Q{MIr*xP#GRn(HV*=gwmudM?QIJekSM7=rNMZ01FAJhNH)ua?rN**L^@ee z*fu7#-8U@nvx8I+;6FRfZgPAb^Rx`mf;joC#d)(1}BIJ)guXvC($tWE<7QklfXr2xnI^pMd*N0*3`2 z*qyY!&66P{VuRbEle8{32T3Uo_|3*5(^WB{&0mm`iZ@ui(z|AldH<)D1^RJ+v=2K4hkKDh3{CBr|S>%wU0pECx zZvG{h7^;!YcX99Cw4`QPoc!`e7`VB+8Tns<$C}YY1Jnw;tGgEjap?X{cm+-LU#nGg zT*J33y{tq#(*0QZS$*r>*itl%51XQk@Lz4NVc$+Km zXmQ>s6qMSae+;$I=ggbi+S>lnM;}wegj(^G&L+!{&|->?QK}661Ja?IE>$RS9NsUnxs|j9n#}MFOSJZee}RnHzg4DkNOu*xqN(iOE4ZEFzlWD8`!>}C ziuloMvH;=Os6!NSY8$BkCt%-B;AP-W_wGH}0sNEn0h3*JVs>6sHdMEZO-#@U0RcDG zc)T>5IM_=}`)-05ejv3+X$GP>`WU$s+Bh*mBb8e%`*HB^E-yMbi}=LAyw~?XwElZJ zf_R@<-#l#U-j{EEY@0Y)VdAifW4wp?>Fb8)z52w{?Hysj3l}ef+}Mpt1gGTZtFQk4 z%{TV}{K)fk-y$lCI)MA%eCwUJ-#u~s1Z}FLA|ff5QCU&>`fIO!{PD-9PEz{2p9J3n z2M$m;49S2Vm)L`;dB-OQ4<0;u`ZPsH=_6wiV-e;9#)=&_*wc^w;FrJnH6`!p%}s?3 zQiM;RKK16leboD;&N+}zn^cPKQJIHeY_f-5d+m+4_P<5XK{}_ltllM`T3^PqW!vxQ~Mlyw>PqryDc+?E!tPQqF3$n9_2mP@mBw~@ox#c zh?m9NyGa`^012ED?jMGiefw|Xv}75kygSl6YBx~tP~FC!_;W(!(5-#n22RWme(sG7 z{o1_? z0{qu%$$XpA`J9Y>x+mQGd^(Qg-e=zby9WM<^% zZ-E882wCFECSgpL&``RS^i!=GFDy!XXIC#3&TDJys5D2uHNB^Aa2hn}FOyYqQJEl-GtkBX*uCpGPHf6|t_^kykNY)IOsJUHz*o}td>#*dC2KX?8jjY>nqm3oW8o-%e=@1}90gI8W~JIx(5nFCsce85M(w-dG_w`sjs2pG@A{`Em) zz-0o=uy(GSrf&!~exGvZ9g;@qKAVgL69by~&VPig-1@^i1+O5XOF1X*q(^MZ+-0i8(;G_KngnOb0BU-&P+;ZLi@y@X~G;{@*?>;YjC`%%&aSP*9c+-wx4^}9a+TZM-c9QjgC>^Q zJ1*k}etFT|E8s4Zo{cGt(JL6)J^U*&brru(e+L2n>$F-kjCJw@Hst{C#tuXRcZBgk z@AG4QRvi9&U;alT@WHT$>VCp|FO%?3P7OVXW>eI<3#J_>sv66ALw!?AOWUF)OQ=QJ z($Y%2(hJW&w|UFP3+K;KZ=ALKi|52$K3hzDLksSR7Aaz zp*1vc{c6##e*Iejd)3-?3l=SI>+CEkEzQo%pz^u;f6(N-md3x;H00R3cP}=B-~IOY zl~vUnHg2YXc6(?0_2TP9?^8Y9vLRRmuL|Y-)PX?e7B>K-{mVU>t2*@aZJr5T-@iS~ zay@|=PC1_b3cQFzcRxZ*K*h9uGt-ss^c;E-!Vd}l-oU4FV(z|Wos7p*F5-}EQh0&8(Zoom z3PBSq?jO>O1M`3A<02EgW6JS?e}2NcPe04MMW?Rh1U-Dx-UQbQ+ zYf#8*Zr2dLMy2lDoc!f0R%K=7fckXtI(_==kq?hvzET8)6FP?lktRI{-#_#&Ci)X6 zN=r+DUNWw-va={>y=3VUYIIYV17&*IvgI2#Y>cH8Nmw{00gUSO$SS#UgK%g{XCoiL zS=CG4D#?(84uI2M_Vnq~@4f%th4bfYZ`Yt&(eZlQ)@=m^b6$V_jl+izQ~qq(vSlC_ z?bPVEedNf8co2$;in==SDNtruxmKohx$t#oaJO~-1YEfjQ}bi_1Y!jo>V+U5^P3Uf z{fAFs;!_9nNjvegKN5EulAm7(GVZ|11`hj9@H2JDGt+3&;AcD}@Cg3_pL*mJy#Iuo z2VV1TNI7L`CZ_4zMN{tesY~a$$eqyiPUM}DEK{jDc|QJ;`({NNaoL6Q7Y`mj($UqKUobl} zGf6e@sm>M_QeRg?SI|X^mu%j;yj$+_7Wrnl))@sh9^UE6PutI1Z=WyLS&g zgeuA_FJHbw>x*qN1{5MjY}>MxgEKSJN$p{>z8q*vrw$An`-zi5MyN#^j7ENesY@JoAv&d-Q}C~sD8_q z?tYkV5a92JRk-J4_$F};AHZ9XwF|Vi-ZNHdj=yMj(caP1*4~wxoFPg z-_hQ7>sBd0^qelfagEZMadGj@%}wgxaN-~2W8J~ysg6CWF0eY>Wz z`gVC$^~Fn9ic4-1#7B7$I(F~d_d3$U^Upn-m6dh*$`umla%SaV(l5Dj^G3W!gFpcWmjLY86S4Gk?NH*XcpnM)iT`Rgdn0OTW&Je;4GcmDiYV(Ck6 z-e_)W#0I`}*)r7VTV-XJE?uC*Chup@&R@QK88&$Yg87B>aX5B#c9P+Ss!cV(?yhbc zNyo*+0>cOitu1Z2`T2Vvd~n(FrS!){R-nbo>Xpk13g=~KWY*O;Uc7we`i&A`o1U8l z@zIX6w6tX1y0s7N-HUOaK!N7w7ToZQmn`Y->N0s{9Rtb{O^7Lhg1@+s4P!POdx2ELYp-;)opDp zq{mU=5)fUqXd%9KEad3cX{l++DXA3PPD)OsVjWdzh^?dc7TIy6%g@T5g^9kdu0Aa} zjjCbwb#>icJyf&K%*&mXN6*b@`o{P6bcKu!#YBW8Ct-e%uBfi9Z)zJJrGtyAXf0c^ z7|Eoqt$F^uIh4YsYAD6?+uGYndFQ_Mb&a>mD=C6Yn_v2o7v$&9%B35dFMG(rq-&<1QoL6W8)Ik z`g4o}=$bO397Jnv1@{d1S#+>q(BhhKhL5E0siw)@3Wpe zMT0kGULbGwYW38i37Z<5N{crgH!u$Jr@$svVoH~=yl0`k===80|L3CD$icm*8 zI?y0U`09L2%4QA%{Ab-t!SjL?_-0ce2=Je0eS-l1d8qeU&z)|fcLsZlJ_8GB!JG@8nc-m+Uj)wFO^wazrpM6SlTz{9W^c1t}8yJdD zOpS_781m>e_2G3@Y#A;le)?q7rkc)}gF|$q!D2vzI7-yV#zylVO9K)~Ts*zZy+m`W zyqn;+J-=CwpizjYI zfVT#Eyy*4@VuGA%8c84V*jO634GaxOMn#23(j?T{$*Rdc7Wk0C0h+#e5)$J9dvM)# z0UsC`#N$q-8t~qlX@*2bM$wv@-qjo+V5ax3T5E@M5~XZL28XF-%dI^_3iZSPKW4D4 z{-ZJy420`Ft=z{(Xd*Wj#^~q^^o&yVnJWK=X}18%4G zbiLiQm5Ymy@iyl0wJ-Db!U`;87gXi%V*3OS2~yzOLxE2Rcwc{q37Sm6*(cITHqVKw zhzfz4sG#nY4qwDjz-6Wj4*oB{H172Y_ncvb0uiShPT;$1Gpqsn^{K!KetsyOE-N{* z%tVtwlk&TSU0hCD!W8Yj}68x-dg0G@MA8lb(mhf=j9#JgTquAwz@0R6(% z_B&Mnl%3}Z8L*zRxCo*+pOpMD&tP8|SxYhtNP0c(ij<~3oozr%KzncDuvz0=;DzVoNZ=>8M$ z+kNtR_gV1#AO*hm6bJzLX^PPl1Tf}ekTUVb9TjuywW}W)PSx{35NQ5Rr*XimtS$6} z#>)YgzU*z+FokXS8z1^8KGB)V4@h@`b~7F_9TC-hMWctY@`|A9shhS6oZ}cJ;))p& zSLJP`sfaE5J#&n!9x7eZCg|t6UYUq*`QfW+ivBpAy?rP<+imK|-Sm7F z%0FduPM`K<>IDAvsZ9KCrHVU@=~J&Cc-~9^udQZL^wv066x5&AY{L@ftRSzyL%9#V z)WpoSem1lOsd|2DfjzwGuiE{%UH z@yxjt1UF)%jM@L~tu8(x3%DD)+j%>Nc{#$TY_;ImK?(#Z@Rd-&2k?HT86dfjI_412 zKT%#sFWmT1$5?>FlyR{Qi#Jk8vthhAlVb={a1^?10mLDZf-7fK_3|16KjEC=pZm(o zUi`|jm$l4Hsp)-uXJl>D7@~C-40u_k6lGhPD5CyIR#3#D>^Q7`+yhI8$1+qxq7@Y- zM#}6girQ5dNI?F26m4IHSWw*OjzCk9@~5Aait{4^|| znV=IR`gAYvR2qKr6&*3%bOXeoPd&*UFdg8XOy#GMLn&{=X(OA1c1Oa1=4q2`NIn~Y zT}VcNfca0{RB?FD z`f$4JeFxf!E|Ye=OFHnwx!20(IuF@gyo+MgP}HFrGu-Dcr@&ik$4xkxh<}%xHh5T& z0$&9MJ{{nlqTm>)u-7pw$37i?yM`r>^%$eDgeCh zp42gds|m3pP#V4m=S6WNTFNibU~wf=$_Fa$o%k{r2N)&~Ri6j2>G<%uZ}h1b2oS*BviX@emO7iwViV6dzp28;uW}?{3`UMwetCt>`4E7 zoJJe484cTI(Ko@6T_S|Uwm*YIYZ|(L=IPsTyi%?qukAG#<>Gzg-GP&CG2>2f;63qd zIrCJY?VVljeP$7h!f+FW6Hee&-zT2IFK<0RGns-X1}PAvz$6OX5#T4w{f;I2!P*bE z#t4w{6|oG=S-BA<8OsDM_G9Ku_eM-m&e17ash>?uhKNc0*p2uP$F1pS%y12-#dxci z`>Y5iuh`VcyArya?xM1%=0>&H0mJ}Z4wSbHX1layPTg^fIs3&F%6gB!8_{Q``Ira6 z_v6*XJ`1hB;O8QM``ZR^>p2q${oyzEOG-X@Nt?X?xF_92Aa9p6mmZdW!#Uxl;-Uiedv}aqJ#j8he^X2! z8+DLj%+7mLH_toqM`L1+c}+gdO()PuuJ8ej^jzKIr?@+j&laPF<|gfqFm1Y+m|>nj z`IvVhp0H5rqBsy>elhZ@J9mU{Nd6&AtcbpHcjsu|p);81r_C+!T2oZ1K#|E^-fyD! zqt{d${)9d^d2F9ZQg`T-S^3w+2fC9Ek`+WW^HRx{&`5AWnOe+}tEJ%SM1-={#_%wJg9`kJDQxw{H zeRp0#-57`7TPPXFxS(+-^}`FK)=I!1^-xM|ba-%-z+v8xdYs+f)Kt94F*8sz@;kHs9fewoP)Lj?7V5tHv# zh;(b=U8rT$N2X<@Wh1SU?b|2{`&hUL=+tB;+L5SZeZbo?3$o{LdV(i7_A0}h6jh`g;#)vZ$$1eCp>uP8i;wi zgzXbQF}>87Fds~rngyR4{+k#|@V+*yxyX5<$U>`kD3 z-tO)KX2>V>P-BPeL01pJf(d2GQrREB3h!3We_e97Yx~9u&o#uXYZ{2UMv*BT zr#F}i;ssJ4FgS(7`3{V^c|Dhmk;!>RD1oASCa!>q<9*VKKwfhz;C|F(J>)HWZr9bG zzkI2Gcxe8DC5sm?%}7m=+B3?5qmk%x5sb!{?M72_#p8LorIPDBN~Ur+4>$H;AqXWc zn_z`7yco+a8s73YQL9_j8JGvbM$ zC|(G8>VwU#?QI>MscC7mva?l|j(T~{lEsq~N*Jcd?hFLBt;R%o{%o;K82 zSY(7YE9G_B>JVU<6UVi~Rk&AMLInVAf%%W)`v>~l+S>d2dNVV#(o$1N(099wDUvt3^puKsC=AWOM>RD) zFek@ZTU*;&TH1N2qavbs_?sG<4jg!={8mM0SJ&CoXXv3hH-8Sy7ZkOCHL<(?{-Hq% zdPh@JjO1Wo&O;p!u+W^{#IM1J_+*eWU*qG{5gDnuUEkc;8WR%-N8?YJQD0Agds{oq zsHdx^wXK~ZBn*H*8S2pRkeHl#`mMI8!uk1-yK^qJNQo9wyD`AkG*@b&P>hVZ^!E?Y zhnrd=R54>bAg-}y0jE$8bRO}vw6y;Iwby?4>Z@0;T@R0l%FN25%NJG1IFUmlBg02W zhFY2%%S%fe>+0wv*45G7Sl`^#RNvp%!%aOS6dR8MdQ=20JiMRs=tI4*SwL}MfPsaA zAQ6$#2DIapI%h~!J*V9n{~{wI(WS6_Fgfa@TPFS(jY?tZT!u+7NGhN)FRna1GSt-6 z$g+V1Oi<)CQUW^kFK0#+aRYz{`Uk9~N;pdZ#}=(eJSwhE#kDb|ck^*?Uq8$m0mx

>}85hOI417=J=XXbplgATGswlVDWu zoqIv-f&Ttc>I;mHazIySS6^R$RAdZ?(ZkKqTfpdq4Av1b!Z0+HOZN2-uu9ORwY41@ z@|7STp~sRI5jRcR2&bkEGZn6fs+=w8#7-Vz^#L~aRah8xY`7_i$Q-$dl;yGU-rgQd zb`N7~N;HuOGS=DA$@_@NsB6X7-`KaGojQO1e5k}|xw2)J$xMLa>&o0RW^HTj^%2R6 zqvJdR%B~Cx<1;A39NECEi#={;tLGF*C`EZ}V4#n~z*8O>hRPJ6l9lO0I+RGn2I%YK zf~?CJm+J29>geceT6vKR!mU`kYz0TwisB7`nulF_z!SFAN6CP^jN4f=jND3^(B{@LLgr zY&S@OAO-Fr1*QVL&v@rF2xsuq(+RpukAXdShOLdq7;UP5_3PihvF}Z|>g)1HpFe*d(YJ$x{dCTNJMf!x9~~ zqZO}fda!u=(T_gj% zx$)K(9S@IG`4Q85;D)9?npy&Da_Ge;5*I8!7%?R-j`C%(uz0Q(9~)<-zfp3KGT@j4 zf;7+AZ+`pRGiT23+Oy}WXP;TMW=&~n*|nl;i3v&BSy=+d;laAP+poXz+Uu{s{^8*d z_w9S@jW^yrc@ z5L1V`j36~cNHc~7M@7X*f*AtnK?1&_j~Q4p3KNfsje%BNoN;pQ?c3GwzyE$)Tifi} zd5A0=5E)HhGW9WGEtwaX%2mXKO{<38GjU{yXccpnie}~8zz?Z+NC|i$hDS#Fdi(fO z0H8`PYJ4JgFKG!)RD_L=rucfa>E*I{7!4Uyq#`gu@rZD62s&{95KiG(TWGy_!x6nb zy*fG~vZJ%(%$YOnuIyQ})Lo78>;Q?G7nr827_XACQb|MT)Pjr!A{7-~Ie738b19rZ zpGB7gg$zgSV5}zNh-?Nqm@quLkcK@50Ro` zs6=bFB3Xq9;nVw#?Q%0A&aD1QES7Gq1rmFRsVFw|A`Nze_b4NzyuEvb{lf9y? zM}6I~kYmS=m6eq(UAmM9FfvLHjx&n5j&}S=bQsp7#71M4tuByDCbUP+D()E{xrbaW zc&i`Fv@cz%)YmuW7Zj{qv6ACqulx7!KX~w9T3Y)04I60SotB=Cjg+f( zw0HFMbi?n2F=62V0IaREy|cfs4+vzc=!Ly~^Z^-wH^s)p0$MO5cy3>xpbI>MMaIX) zMMp;gczixQhRXzzrZQ{|im1n-%wlx)uk`WuJE#K!Uol2b3_>*|(XsqUo=6EnmBYAw{T z4~2zbZFg4}!~v7Qn4X>yV-_SMY}4@p18ad9#rW07y0))L?2X4KJ3sqoWH02uRGH5sHL` zAyA$@b0#h>4jghSCYByVH^WqEy^I05O4bYJ>=})TmU*D1xdnXE0hZ#;m_SQRB8(h* zbH}*Y7#h zrAwFLk4u*?X}n5d+)syCr-dXf%fX^>dTiepFVRM6Z))d_;1fU z@4WNooBNNSIF7(EJD;n?H#Ie#IDYcbp~J`}^>q#L@d@c^8BLAN`}XaB=bd-C6FhqE z+<6!$~q9eD&3R$4{I@_nbF>E@q6|w=0euJ#yf!w~rh-e)DE! zOiV&%b`CAhKKl6Rks}|TKY!lA BAK0I;+Ak3d#5E&VB_3E{^-+t%Np@WPNW}BIr zNqbYK43Yv82M-lvLC*WRZ8@d;jd2vki@nkb-__uGbpFK<@;Q&Ye5= z>tFwhk(@h!4$V6!Hy4E1|JHtVL1+j*FIl_<#5;EU_~Ao`&Y!m>b2$#9+Sxf!^G=@1u`DYHVy|^_d`Blxw1DL&Nrt_RQ=oBq1rOQP@a^ zkuT6d&z?E=%U}NT=+UDXV`k0DPEAiQD=$YQuc@m$cKpQq?|*Q!q?F?GSs9rWipRk| zIMCPI(|zjX$+zErn|<5a)zjSCR@cx3h*nfqoIZWJ=d-2B0_~e^rfY@n9ggjy>aDA5fVmbhE@|8cDbk6W6qvA zedWrP^XJbY*YYRdvaGD##ful&sAtcfExvvoXL&(E0Rk4r8!q0}-QCsEg$Q0*QOUN1 zO3aa4v(_mo$u%{#6%`e!si{ayXV0B`gmqTZ@&4~_3Opy>FEeS@4fpjy{p?l z5wzjhTTqq1_iR3R$8ReI0s-C|NoDA63Ej@LW(tKx%_vzMfFJV=R92KuHmfw#)`WX1Hskx25 z04nA0P^=fl- zGu#|S5DBCFRykOLhQ&zG8Z$D|0YVwXqhmcIW0$X7Lswh2bXnnoytvr#TVU2_)D0A)V^>^QW zx3Z$@c1>+$_xeHPdcAAnB=vf7dbJWe7rOu%XgbfYG*#;H>$ zSu_H=foFCjSXEI`+1l3D(9nRT0mMRUJb&TBjT^|(2Te#!I&zx)LY0rgl`gkyFfD~QDfS+=O?8YYvLRyI}l+_`fAY)E(M(nSmqm`MoZICt($ zaw4&=DR@1O9Y28^W}f>rpWrD z?fhoJZ!4<}&O1nfdryJM8oaA?;jMS!m9$;O7q1fy6FrvN(SeeZ;+thK zZNu%F>V*pzVD`LOdJC9O&&+^NrKY4^x_s%{wW~X}Z+YdF?=M}ts3$FusRmz94?hI9H8j>^ z4nYOP9`N&@{}ECJmY6wn3Lkv%VJK2rRfW)iX#osaw{9JG?d>;M)KS(;M>iQg=}2|t@VcW!1@CisCop=O=q#Fmd? zki`55ejGV+1gKcJXkkoDv`crxzKoR~O&u@(^UpmG#?PAvdn|q?^1t()r*`bvwq@(KsSKQb&FtrwfQ zBL%uLY`vtU1Wojvci+L%fbhYPkc3dmFJHO(?z?C{2jQx?70{Ros!C5!S-Nc5?%jKU zTLPGw*QSjdQ<78Au;b$50Uj7Gfl>43&P51FO-+xCAi51&5px%jotafQZ~pqV>y|89 zOc+5=SJ#FO8^MO1J9o^VKezbCb$+nuvhC%>ZE0mN407krom;nT1FszOp?;H`?l=}ThJdc06z$}AQS@bmJGTH$K{5ujWXWO^94oF} zz52oX@4xldTc)Nr;~r+a;++S2dV4y1x;xjcUGu~5e}CtmJ;-zQ4fUwptl;eYf>o>?)I@|ltG0gK`t94dAtAAma3uiJtj?lEi&@9*+qNN2;ibZHLsUmx zY}`{%KfP(wCVUWNz+zEgS98G1l`Dz%;K_aQr5FF~pZ(c}4eK4c`w-owa0XPKa9=t1 zeDD>dK#&4oCIvnP;9ao}dC@E)nLojm=C+RV%9;z8i~isL=|BE2|K|Vp=9{lyxpEn{ zi)QS?q&Y<$*38ULm@XVgIpGS>8^bsWtIf}!(?2kLqqq!^L%rzf#+-|XH56P(Oo$_< ziO`~maI%fVv0K6x*Q{NGJrh>GXyJm~oLOycEiUAW-wHFf2yh&|RyRA0s4&14kU-7F zsOu_qz|ruO#}aL4CG=pp>1pZT`~LU;`Tyyk!vX)xfB7%};XnKbrhsYGp%FBXiHk$F zAgTzo#uEv{wHR`;_y~*Zz-It*Nz{-tJH!H%6nYJb2oZO+Ys^rI#G?V?r`)+~`|dqE zAK1I+XFvVvAN|oEbMg1yJ$UByMG#`oo;_<;uTD!%=3>O_seV9o3@R^B?OXr!Pycksj-BT(od2u8{;Pd&zS-E=LcCgUAGw8`5#86*Lnu^xYil<_Qe$IT znVBnAELVJc$QWj7=s+YOL3ykQ250Q;Xk9qwQ6E`qa0S0OBZq_IG&a^u7QRCN;N~vg zkYIi0gEu`fA(2x6SC$wrby9L7BjtNwDK?g1%0vRWP}<_-2^uHro4_vR;Kj$2q7{Ms z1KzW~v$Bzt@)hJCs#rYM8kx_vTE|DjPQW$*DI_or4dHqD?QegFFBwgA!^RD3*R9RT z&B6adxCRbu#l&05VD=v~0=9ST+=*=T-S2(xFaF{$kdQ2rJY;BuNWd;aGYjVAN3wjx z{lzH86R`RNX-wMjUQBbwm3#Od~J7^wPF%Tfg_cSAP7XAF(z5_4KJT5EePf zzvSad#NeX&olrl2?<;*4UZh+k}7{1uoV*zH!eBAE%cw6*dO z5$_^DI;oqZqXdnTCxWxb0w6@>Et@y}`JesSQ%`>9M)CE({;R*<_r|{K*RDgx1q&7w z78W8~sJwxz`(uSGoF{&&1|J0YFO#hYuN|a-qrfKuyp?2820OJl6yMI{N*S8S+YRj% zwar<%1+#Kzk(;w}#nQt0bBZosBCw8Ql*2vH4}-=BOoAN7d`y&>^=fOYaWbZ+#b;&! zTN%xb9VI1|WEJJ)*B_rF_3e$KzXot!aGWC}ui7*-- z98=tuTF#JIO%yR9Tnt^6_(&Hg41aVia&$aAAvtNo=C#ki_?_opdgg_fUfi>H50PG{ zPhU(<%KWGQ#h1SO-S1*L z!k1)(R5cr(ILOFic}7TRB$tw050XM~QH_zl@#K?Faq*X5ewh=I5y5FBS6+Bt5OeW> zu+NG4z?Q&v#ioTd2sb|u%d%z5$V0&zf3vi-w!RJ{97UYSFqt!NUP5wmXLpx2p2_r_ zxOnm6?>zo^OmyV?@4kKG>XojxmW;HNCmws`;fEdsx3Q*R6+lMk`6B#~00q^VaD2tt z5wkODypd}$Pz5=HO7Pk_5j1!P9hpQ2+TvB={CCeo_0sd?9~JwN!t z_xA4DgI60Khm((Dc9`ujh6C*=*+l&Si`ZG~>S}=b^B2ycj;~#_Zu6EcXpl#a9ED%6 zTDf}ls@3=%FJFNNkyo}HtVLI_O0;2Duay)Rmn>hlZ0XV^*d8(AW@TlN zB@6QNQBsj1h({xs87{+zb+vVR2{)RF{95p^;3wrM)^co(tXz`*2g$wxb(BVUb zya9|Tg8BKgVZnG7VEtT!DCOF^+Qo~PY~Qg1>-Xu?r-&I`zhOP`bm*fPGp}B~%3VM@ zluq=ap}_&vTfmP9EFy~g`g<8S?s<4LPFVs5iM=N;tD&ipXg6R9K1j?RQV5pc>(`0P zzCplRd^|83Nt{3WAMt2Rsjl| z*KgmhT(qbVw{K%(U0Zt#v1r)Ukpbh#9QlJ6L3zZKSy`KLf)I)Dz=coP`KC=9p(oMf1V%6`V!uH+Y~4t5O)X7?4lqI@ zK2lPXm9;O=@E8Li-lDp?f-4kVy-vg&Q4T1ajSbBU7c87JclPj5|K&>;>S}5TF3HQy zWmVYxRBLE!>$-ZixVEkacLTIVIVM1UZb1Q(Uw2n0`&@c+ULM$qvz!P!geL?+R*Df4 z>2~tO2?FJ?g%C%AtBCzpU3I&WebCZE&PY{tRZnkEVqyYfB|jK~w;P$M8O9PCm(*JS>=eR<2l{ zk)Dp%gH2e;UMjj$UVaNPPSJd!A-GtGy!-v{e@`4M2{p`%N7!lbGyC1|LBQReZvCZk z(%^-I6u1v5a2Eh?sqyIL(NU2&PbtPu5K~-S0$S0$d2_IPC&nkh2#B1Dih}Kswxql@ zG(0TBOO`Ceq>TZeU|{fL{rZiMJ^I+}+1Z%AVddC1as6UtMSf^%Y)DQ?Tq{$2vQ<1K zlPjX3p^4O67(F-*f^u;zz?cVMVZ1>UU{s41FXl$@N4O{8U4H8ppog-~*X+=grN`Oh@4Zo&mt}igJ*Nq&w2&;AIZrsgG7$SI2+>cpL$!x#<}hh%Bd0 zk%V;)mVN2+MX+`Cnl&I|(Ul@1{DD#xT1ie^zG5lnam=uI-*IhFJBYae@XQy$1vwxE z8CfS!oh0NCBRMAMRjb!>9n9L?96g^90PH2;3uuA+cKON`P0cMu*RSERW&GHRH>}@) zxdAIQXvcs7TJV5yHo_rGZr((>T)u2M!V^P+2mm2}V*Z6_sD|0IvR1EJf!(65wH4$e zD8Y1b%$>(*2^ge|%Gx!nA#Y=2{n4Wz64}mf!K|`q;UY8X zM-Z$xJAW1#?JOeV3pe3K2z{W#_V!d!B5V(#5p1?h31c@3N>PgTbydGR6PyL~X9$vq017-lyAX!sl z8_P;dK}yOXBOkdUZV-P!p`RCDe1Vt=lUYL< z9x)9(iHJ&wzsr^_Mi6gmY$R2I40wj22c)8cd^xgVF&;2$HXOb%!XT)AA$jO4huC0D z-+c%;!6DsS3Ix`opXtt4VcM#1sxmw1#T#@`xIjU{?9dRo=um5@-%?-K6dfH8o3?^q z7!~_?)RU9rD4Tli`eis8AzE<%yxe>c7uz$89w++z!g&b$=+NcmWw-+tE-D21aK9!d zC6Eu++Di400T>fWZ4Ayzc~Dwz5S0iGp3^b8W8NpR3S9~)T zu8g8X&@yqDL8Tde{2JM)BPj44qQtkqO2V)8f#N3;k8UX{mp(y*x2aAeE|IRM} z_40X73Kz}+E{%!4wW+!I+BM)|#i~_F1WRAKgbjukC7g>qgkyq~Zloop6owEa5r>e$ z*vOaWD{NM2wGlz5hu*xK6M(bUP(FTGiYfJU7eq}8q4w#UXLRNby)GZZc;j8BZA zj$CbB6-5#7k>eB~J``Fped@#F!zN{)vWFJlNSs7UW=1-`4st!JNY)RJfPz3BRvB^@ zl!hJ~qX58p^T}t!N`duTPWrj?=FFYT_GqYULS(^Vfkz)}N^VXL;sRSZ|2^6Zuj6uR7CX?K}*+@1lH_`GuEX2)aWM=Ttvt)?o*;$zwHn8fD=fWd^ zsMpxsOg%-?>ex}p3J6;SY%*&AfI)x0b}|nvlXk}WudIySS1w-MTRtAVTaW@XQsC17 zK7_*E9x|5*rLscksvNE|)Z*q;7#+qYY&9z>fldfLWx{k9_=3d;DRT^$`RM2nDdMhv z4o+Uxu8+doiV~@C91Mooig93@D{}x!;dHE%{m zc?~$D>dV?2upCpi)t`;PicXL`Qi<#Vsw%JYb}C075ssZ%Rn!M{I-^44vAD2U_z}t( zaz6?*v#@(9>kQ4z%5$kOr_}~mSyN;J1P(ydm1a}d85Osu?mb1*2!oQ7Ue_ESqdE#- zalE;yT~ROBBScPCY^s=}iPwXGyeQ$SqP}AghiNKS(K)xR5lARhC4P!4s}S4pNZ&v| zwp_-kqNEr^JtOFmIK4TS>Z5!Dq50i6FoZ}#1fG>pr6fD`cxKn)o}i58L71TbdER$o}#iGLVE2u39A z)M~~ls6<7Asp@Pkc2s9qE_Pi?9old@sH>oE!BBMDJJJ$ARrV!iZfX92W%O>cy(T0r4#3W7zH03&4Z`E~SSEn*dL!y|`!AHLIxW-T+R0~#|DNE)MU5~WcIwsi7mx{IiU_DpG zBdE0pfi6ga01Dj6L~n<9A08nL%t9?C#Ms3Gto*o|R>3C3o2-|V#RMrX59QTc@;#ix z6xr^K{5*fWQI$;{uRihcSlAXpb8rn#cVdA9U<=tI!pP&8jVrDRuW_B<;IJG3f^s~c zGd7r)N_eWBj3SvGBpaJjy&h|lp&B)+sqc6YeP}E;8`g$I09;|8Q1clp53a6g>fV7~ zMNt}swA+UQct+wP?V*EO=ZUjWURT4g!Kh`N9Nbnd4l_94%VKGBM=VicQSn6Azsm#e z!qC+cMmIp*5e9%&Fl8>mrO*ojU`AuvWw3itXGBaHI#}YORi~Gz0kdcND)R3k)>?uF zVF5}vkBtRT03lF~bGZ-q)FQf)u6=#rhN9msK+H=V1+}XJKkE(Ts5?tIYeC5xW&Ih6 z6ch*fYzXQR&e{n`XpX1)?PB!cI&}#_E2Tw@spA=wW`uHPt5O^PF$Ui2E3m}Yk;=6L zND>NZRG$L2it4;VKz{R;3wY#D5)w_W3RS$jW=)M5#Ir%w-j6~C5(O9qa%9A^77LQ2dE;iB=1 zSjRgZqLgoL!PwM?P10(dD(8zr1Y@c?GD3!c&`_UGw8KNy>c%om6|~4^Q+y^PM8Z{l z1qnrlyC&9n7s7H>++%9!&OeD6CW1@G&x^ z{OwF!Jn$|-un*!~kOI?c(a-Q$!Z=_SzzW=4T9iSHQ!b^`TSa%v4uT87(?`iQf?0!F zrk8*({*D^rO-{>4O&82iNlneQU?nO}?yyq;6Dsur9!l<+@K~QI1*Lzu<6$s&l~d$zXIjGns=c!?H1RkQXNm5S~eYg1r+b;iBgh>W|DK zw1^3dQeu_$3q>d6V0CR%Tp`I|jNd}@TtuGV;6Y7o4sR2TDzP@*O=0#h1}sZBVy zk@hD0g7D9cLF%2^GZ+B_pp%ZJM~YU?(W9Pern53a1|UI#-Z?a^lk%ykdkD^Dh3-J| z7~5$8dbl<=QpHEG2MlsYaEFnzC;4p{DG!IW_tj=Wq)?q0gbVde(F>WzwH~| zkYkv-2$)7BHo1S=5^9btd5gQKK(87V%9_FzO!VO|CKbw8-o2`Y(*p=8WIj&LbFo$~U^JHBIr z{5?p4Z#@M*-9&F@L&J|z>ZnA*`mMFO9%(F>U_eYvJbEwenv$+K*LmjS6I^R7bv?J< zuYiy=FmvR~I_=aQ0Klu&0Vjil@Lp>rLhF|?v})Jbo8WL^snxYH{YaKfr|84A&3G7! zeb(&5;*<=Ef3P{>yk`VkzX1c4?LE{L7jtuM=}qHwXwBFFco>ryoMny)z=lV#g>pw+ z@2&?OcL4`2iHvTfWO5I=+O#-9IgBzOa5P}gF-=pb1SM)`H!|$HtuqT;wrF+Chz7W> zoF`3F%xtZTSIqZM=k0Ay+BzGl4jHr!J}_7J(?j6`vH z(9HlC$ITG2c;f6K4aY5c>-0v=2eLxUy_g)3|uF~U;*ox;jn&B(0rCfG=oH0@LL=NKV= zB=oc;ki9|oR;M@xLyXhn&eHCwgNrGf6IIfHae{87bvVBOC}!4i>!M4_W0*SWDS-{E z4<-=e24Z8`GUUyhdabSJ%-vj^D-h)%y%tGMEfcks)n87HS<$xHLuzD0+gSOMERi2) z1?g~5FD4o|SCglRNOg3TC~UJ(bqB+57Q!nJy7Yf@gE^v^%q_&@cs(z&u7%>10oP?h zLq@cRuYiNs=_N4bs-Ne+8s1QHR{8`L{^nTYw^Rhlyu zRC0q4X3#<9Rn;gXC;%Y(7`$1}S)b|8{GBooI1{V#f^->OLsxc9GhK}!VTx?sLR9Mu zE*?!#f>B9;A?vtWhBHd%&Jbs2NOIXyHb-s3&G>1^ZW;`OwQOUF5r6^$3^PS;;!_!q zRc=r=*ibc@g`_g+!~Co$n~bs0NR2_&P}~U&8i_MMXkM;O2!oK9M7O5S3}51?kS)Xv zByOdoy_q!w2vz@314B?GE)M^N-0BhzEVUg;$ea{*#SqQW0f3eNlSS7FaDHF_R~*2& zPxw<7b=g#$x8BI0%1fA_ty{d@$^zhkHPX~jKlQDX4sD+7G&#?;c|-=Ag|`c;vvorm zBq380WtlL@&|$nWueO}rUJcSV17K{e-0=a~q!d}^!V#REtei!B+@ z>kCsed+WAJwPOd*Dhus}g6-;xRWo4@-NB2ZXJ1byxQ?$^I~<-0F`S+@^fH%Ni64+ZW5;N4^Fe;IuE z%2qh0V$ZXC>yGq4;4nHL|FUnTja#QI*A-p=l=tm5+xqWhjcqW%ssSk-)1^(yyeuO& z9L;f0$DItR4A>{Qr^73Ut^!;Ic1?U@Cpktr@!Nr!-^AyiRv^<1TvYeDo1J?FPJA+} zwSj584nN$HUhH>woRJ>}YCk^Os#36UM|!BqSUT60Z=0aM4ifeoaop_)KJfMAw!6FI zog_3d>pQSz1)&)kooeW0FE?ptZ?M+vL?Ot*Vq%PemY*(OP)FyJ;hOy+AZ^U47sj59!FXA}bOxs%J6>$2b?43$lQr$bVY&Hl9fmnp<$w9@6W$Mf zvWTDc*s0#@xceLM`Q?^Lz&{}Y_^@+EfDa_sWDRVBp}TuI>Bl?XKxS;0m<(EkscHJ? ztil*mHAOrxZV6bdu(0X)>ig$~SvyE3afhT+z+-|?_Rdc^T}f)cU%{05#a;ls2yd5F zEWL+tFv8@u(&_G|Hzb+$>paT`lEMO`v&2c zNPKUEjP%uKvbJZ|AWIHSbcOl0FPzDw@gzm=SUYI z4Z8hl&tL$#oooE=NB#*5ch_GmS=h5l!QQf;8h<{sSi7H~@CX*ujCsy8~Zy>Z~~d>?Qr%M>#+1 z*TviylSL$X8{FqQ(eTAW1%VhPSjoJPo!*o&8@1vgh5foE>ZVw>TOgSbCdg(G=N*Z= z=XBKf1FiEbIJbg%zRgXmxGDjmxhXKfP)1K3SqP!`*m%4!;h^2=Rp6M>+Ntk>>!qRF zio4%#GBdv1=l%gt*}Q?o^S^flFweWXz$;)twr^tCAtD}bw~I9o%cJunAGGku&Y?d%(te@nQ9o*0s8!-j=kbPt^DjB}s7FT9uXU(@YaKV=-% zZOYyweRT6mP$G!$JHG_%3_spyXBzbl-KT7v8L)gtn%rSAgC7Se5TwADO@Yr0@G}j} z5BhgNJ0jPF6Ru^6MW_K*LTs-IeX<5=N|lQxb`DgrAmel{GskCWo&t(9A^H^1n944V z-8$Ch=XWy`-XWnALGFY?lg{)WE7iG*z0Z@jw zLqy+!K1B6jRQJ{~fq3A@(SQ@Dj>2KQRzVQ&O!P8Y6N-kUhPa^@5rpda14628fqysM z6>S1m4-CWN_rT0p0Hl9i{2{K*#_ z>GCt#wvs^tly|RO11}*u@8`#gaTtcJrBgkJT<$XxD1nxTZZV7sD-*3PrQF5Pnc;e3I|&W-pK~IF>qsXd$UR|>dB5Bh zC|Y?h@X0b$;4A~582^e)z^zaJcArdrm}VlE|6GfP)sG9L^Tl&WKD7!K$k#3gMSIC& z?k8>2yIQ!31}_k#z_*M7pV;2#4FAUs#-=O=^wC%)+_f4MNUpnt*g$GxVOE%% zN|9J3xkCLh8)HKDM`COCE|kwr);B6=IdHCziPv;$1P)&3dV?FBU)iPLW3pDoVnXXx z5u0g1`wM{AYe{6WQEowFnaj8_m7LofwpxhO^(y z_;Qoo9^7`%MZV3LRmrOA&B-3ak8A34Z8?mj|#HA+BaY_(=;55CmNWhBwNNU!2cMpq_ z6R0aC!37TLLscY%G#2UNyZsF0bzWDMmnFp&oiyGIw^h5f~mLxKWsR4 zSxi&x+sE-7<8)v7_2~e0%1as>k$}eBofA5lLjv!R0?6n-;kO&3y|>sp#UW4uh9+>= zu3rOaogV3iBh5@n?cV825Od+G@e z4A5Qzvi|Tb`$4vwVx|?e_-aY3{jq{V&yZ3wx$MFv1{itswvLF-R()&*# z3y!o>|9lk!BR7h7O`Vvh5DHi7XnBGObgOoMxz~Bc#3Ir+e)leY(FaPo{zkoXj@bT$x-Rq7+V8Z2pOXk4*;`GUei zN~qD&=E}7jw8x+iN@;0HXIBUI;rN(XySb}|s{%N1I4u9vlOb>36&`U(SuS&3wN2C% zTt#NgHi#&t9G)s0Uwd*Kv?wr|Nkftez4j!VNTEX18v2lqgy!`_- zm{*_xV*n#m(#YJ{+z=p95mw^Zt(?AeMZ{iESSlcX2m0>uG zfD)!KNcmn9vuu)NoFk4vG>M@@LkP7Rv4k+I4A00_?0IBV=xPNJ`HHxG6;>P`!DbK@ z7SUGUNS9$~Ln$8B+Up;%9E6ZQwK>1Rj;TRb+9Gtt?WC_(7vnDxzz5vGY1zh5P`@jEh^B2tf!4H4n zy;e}{_yUL;yu>$z0{2vd_f|p;3tPN+F-_2T(bjY6GFoBIrQ6klg$uxYnz++wi%znX z`AkhoRn0gcLG3*-?-&2g-~507-M{;P{qO(ful_%O_1FLTKmYG3oI+L)OD%`1-XQAAE4Iva$l6 zXw^w&!-Ti#T9%*Ytp{R--e9bj*e%7K4s3L{6Qee@Q3X@MdsQtRXlw7_O0?Pi{qKH% z;^aw=0BI;WBbx*@%apH$D;@g;BgH(d>Tq3M6vzXTks-*@QY~JU4^WjAD*?w0>+415 zBnv|UhLRyX*nR|cs<%s%l|C#$tgOMCcY8Al=0=S|!I<*B!)t5m>gyV~X%9EdMc?K$-Pu=N%eYlcLWG_pb3%mO7d7mAlo&PR8-l} zEGVAtuD+oGR###a5pMcLeZ!D3cT1$+tXt*>*!#=qW@TV{<7Pt+7HpJO6Lm;?dYJxVrzGICmX>k*{W1+OG{f> zX?cGiWu8R~CmHnh4_USQ0KRr--TfQF{DRX6QsA3TfiD%{1Jwa9V5lfwsET;Qk-;8; z3hd6hhbhR8nrma@G`sx$tG|Euy?1MBYhXB5z)m((lo}WiF8LQ0pVgNztuAY7?1+U5{v2n2~XJ+Z(%!qTj0#|c^1$@rb z==4gbPi_YnCKQgdsLp{#NF#AV5NI&p*E0Y(Ddh}Y>=C-Ssw3{jjTkkJJLyPf)xU)p z45_z=j^;!r_H}f$1Fm#Sr7640j?%V{4yFTx0F|a`FIn%Yt8XRiQ55CBHdnf8d}13= zj@>At4gKSh4W}329q<7YEan zM<`-vnI)g@>jN4`XD4S7^Ka#1tmJ$D0P_NnsMKpE%~dtlpfLo>w0E=tU}*7GRn;sy z8vqxM%DYB{)AEkubp1U&uHYJnv2oZH42jzLg5mHmLJxVvig0CDiq2}(t07HOb4x=* zGZ)Ot&Q75TtjgVw0fFu9oro+{euW6lNK7p)P7el6DaY&T$+Hg{8ygv3XP2g<4Kp@I z*Em-WnHIWWDfgnDBip;VxwW~ut*@6f2U%9s)5XfTT4}{`Y$1r3T|M2ERh8=ZYCR8S zZDPggDBRP-^*PM7Mr0P%G;O_oo3EI!_0Ca@gDXfNqlG;m+?4k$3QI{-*S7XH?!qSu z(NN8(L6(7z!%&{~xG}Nu7?7YFB58X^M}NO0QLFzmVfmlrulc6)!QlLY6!=C`;7bj% z^HI#_+=WHH`s(jboH+6Q?|*OS&YjMX2`_erZWuHiwx_q}t+(F#=%bHTu3VLn5RcaW z%+t^8-Mt53IDX>n{sSNE*tzYo#~wiGsje>n^{@T`KKjD*FFvsMfy(OY!ykTFRawp5 zu=zj!_~YneXV0F!RaS;Emec9l4s*OxbOrR>vuDq`b?cg&8_%9SedWp(befcu^qo6) zu3WjMrM11G@pj(qY?`v;X$CJF8(V1AotHOf@7@RI&zpnt3qJ)3a1+qU8%(XMtpl@j z^K$p@*^6-k?BSY6j~qp(M`GBzWh=Mi{l0zs-hTT4sIhs|=ES6={MoZNZQh)nmBqoe zb+v2Pt}DpT$Mg*{;kH0O`{3Zg)2C0t`d6=7{lEhc&{O>S_3KxPiY$C#jNa|&c8D@R z{?U)Xp<~BBhK3tAYyehIo;*=iT}`{1#Y>j#+OsD+HxCk{T*AYtnjXQLdqydnK0MH0 zTyo>g`SVqkm6Q)&xMXd}pIu#3i z?uhZ>7&WFFJagt0>4BTKZXX^U|LEh7=;yLy+YV-3TzriV=nEDsxO(;K$H$IWRaRjp z*|B5Cu3fu8>ucAp*VQ#3%*Dqgq^4#thI#YnKmWq>mo8s8fBxK}MT^qX(yFVgd%L?( z*?W7tSFKvRXZK!=E(Z?mU%Phg=FOXL6c-;qaomX`^i$uxdl#{vfGA`+fBt-Ddj|yH zwtf579oui$)PDT&v6|}Ii14UAdv>o`vorWRask8yJ*3J zo!hoAU%HHKdFu3;%U6oJdwXNz;?{56v~$Zg>fQh1@BYWWxArF_C#_w-o<&JZP2I3@ z&4d)77<37b$NL?LdmL?t3c($hYqu97@M-QvmSfwkvVe;u3yKibrWfiMo<|U zS?z6I$RFSR?)O;elc!G(4h?VFynWH)LV7QFBO(F<2qw7ROhI<{15XSF+1(GT5FEq( zNr8LdgP-u~VHJn@-nvz`Y15{;^XAD=tok8l;to-RICPZ#Z|;BpgAelaXFu@3UbrWm zYuU18^X3Ops}g3qT*IXc?CM|oH=vRSBW;Nudl---r3pH(AZ4loVM1E(`N*$ zmoHs{O}8|+H8r(XRNN*SAUQd0PJTf`yxMRftQgv&VQ7-Fh z>pMHUX64Mv&B>BWgG5GD@4gt;%CD@#ihtL$MW)F58JAV8|$xWj35RV}5qQ#3+ zQ&OxRyfPvb!B<<$lu>fq+Bag= zmM>ez$d4R7g3^!l1BtF*yUzW~%PU%2Te7mU7&BIGBum7XM0I#eU|oPpZu;)K@6^=X zhHhuhoI$db);l^vkjJfC-~6V$x(bmCy}z=e0)ow(JEx+e z^2EtgtO8eH>tbw(iHyq1%(`^xqNF;Hho&{`?Q6x?^YdnBWM;nm?z=~h9Az7)rE2g9 ze~6g;e*gXVaX-}8H()VJPtQQ7XB)rw-g~sKW!*9}XAu!VQ>c{Gv~%arBNJm8!Y`JU znNH6mFOza^>?zLdX}<0I#MvG6!QY?I5**e2K!Gn1;6MF&2S{LuVD|j^g=!qv*M}l2 zKdY4j#aj6Gfdim>Qeq-1{+2CU(51?5-CDk4ML|IU7Tnsp##j7y%ojz~RJ^O4*N=i}D6;$L$9(@EudU5gf ztgP&nD_0myhUMhs;ai8pVv)rxTXw57H8n-H^rmKxf9lC+=FeZ)($Wr8FD#r7E0m@= zGJNXvN#GFm`jwYo-nMNUHd}xxB{})@sZ(J8(xppRtXPSjeevQ&AOTg9MqZ%)_8mJo z9th|9U=KF}%Q3yCq^8WypH2K1sRWqB-+T8xX!6sa{`86OJOOASh~SZBItUgIKl1RS zk3NdhiGcy#5j+NjmM&R}mQP&$oBQ6xX#caH{cOvYtvDJGq_AG#>?ZdaQ!d_h(3hI= zbO5+;?(D0ty^6Q~XFvZr29?ar4CW3fa^Lmq)?+@wF>&R}Wsn#5HdX=5(N8}4!f5qWBW7VVJuM|CI}2(dJQR7n(PhEHg}ALQU%pK6-HvVB zc&?D8Hf`GY-S2-dE-|sDuGZwCa5e*DVAW`oh#<%~@dO<@bcjdekN)V7cJJQ9YL?u* zi9e#Dp{c&U@xccldHnJ3V122rtvi3=BJmSQIZSQO-rY-Zezt!;5`gt@`ORCOerh~h}v zxe`l7bQ0i!ZkLjrv}gCOO&d4v+PM>@zrKMKrv}hv;erKQw`^Izb{#MPz+=)ZTu`WJ z>X7l;+FC3M2M->8?X_1=ojL)WqwuM7CsPE;k)E2abTEtC zA{HN`acXkX+&KlCH*H+Kas@x@)~rrXOKodKETI#|Xjy6Lkqq=0a_&`H&L?HmOd;TqToc>yk+yUWy_HjI@&v` zt8X(Mq7e}$R{x?xcaY?LQx2CXg0U`^jhFF_151_s$r=~>5p$b}2 znkY)SsZnWcTnusD$*CAV5*zC4imqG%UzaYyy|5TvlQqIMjzg9bw5h4-sJyK$ZGZvR z@9jHx%`aRqzpyYnCzo}cUpQ~;=1to+Z(hA>1@ad0ZNllWFzW9_M~An!Hl9Cs>g?&0 zhdy}!#PJiw#W(O?XCWV@r%M>Bs{^hUELxN`E87Cc6p@E78e7Y;kB^~};^Qc}aRadc znTEj-RE`HfE;(u5ygB*#d5ujCRn-;HA#ZkW@%8I?D=lQ9p zxO3+&XpUq+yn_XZj1bIt;rs=R1gOGT0@yjoVd&F{bVvgj@DVEu7cPuXOlWWKK-9Q+ z>Eee+4xKphQEO{6h|7!ZJlKbsoE(a9gtKiswj;I7n>&}-QV?4ExVwioD#)ovjvmFv zj?)K`jxdF!#N=7ovu3kx=FVBLsBr1hCDac@lH*=$*R4fOM;766ATAZ-2S$)Bn>RoB zz=J!tZ)Yy}rx17OO}wCR(Sr{@47rk$Q<_`b7~bjAr(SH{iinDh zjzRSY8eyVfB$jYo&gg3B&74el6X*z(S`b_)rc{ji#OS^M{s(z^vmbr*@$K7o%$k*l zvPxL7;*UbYlao_1IrG~_PK1K+xz$P=dK+) zwr|^tGZ?)*JA2kkFTMQJpZyWNYXAG+{@vgI;+I#iT~{ulRl`Nx`6ZuRy-IH6qmMkY zY13w+;i6(_Kd&e`g}V<8<>uxfmjJPN@u5;idS+`|8wMK&gG{3`$QH|Htz8wUXjKhD zNXp1a&rqm24QC@F7x+2`mBBTeNT?0S8!Oo_gx3KlzhCdGxWzmF1|S!~+=f6+#gg zpPHV|iTH6i7ikY60Dxy#^Pc^{kdOo{h*dR_*t8@mknNb7mcdRQ7*HlgbW}`cW)>a_ z1!H!16JE(4W0`z8`}ZH0nlhq5H5~>)GDz?hq(G1YGg08n1o-LqlaCd>FcPI_*X~`U z;o>0w-S71xQV9kJ_gueWJ&=qJEsJe<7-~8v;gTfJ3$>CrFl8m-MO(G$yO?C7H7Np*Jl+W!deX6Cp%GN0Jo*+Sft9&f!`H_(iJov!( zzyJLo{_saHzVytLg{#-DH8nL8NdQ@psPG@7AX?a6EczY# zC60C=L@j45;2#QDQkkN}ksClbkp*dBe6**lqq?$^_b)v6>`#97lNVli4uD60ZER>D zQ0(z1zVqZ$Pe(dMH>;F@GiKtMJdi~HR3&;9&oKPTmS!Gc1rh2TgbKf(nt z+92>bd{t^gLIUBI7>$4MgC9Qs!gJfVZ%WHZ)y_e5utqmrA6l``*#>MOgLx(EW8Hb? znWvwB{`ps4!Hx6s&K;ZC#<*Zw$O!1}#_LZP)STQLgd6-j5P@xzo~B*IF2(wS>At18 znNSbX7FZinFw#=fF>FMHN5;m)ss4>61hRZfmo0nfkw@Ya;_)Tn{bBG3b>>;|S>Wzx zcImSbx@t~QF|-15g{N$Jr|T8>^IU>s3sT_Aq`(*GgP&=blU-uK6(B*d5)tET)~rE` zf^XvGC0U4oeXw+YOP(nDl;n$+ybkJ zr6QJT(c;B(=gmc>CBBK+Z**vo7(27LaAg(8;0Gn=8$`k6i=UN%d3ZWTX}A$#Yu!EF zSl2PF14|fzV+o&Lw~hh;(;Hsd`v=%c13eb^YyFOkUQ}i5u!mVCXOBgDbmu@nGRAHsxv|UtTh{weFZ39FD_>PP#2H; zva$?-3*j>0PogWJ6!Du_8e(IjF$j=zNUbMro25(HicIG6#Y^q2tq7@!35mrwZrm&_ z<@C!}u0UhY&=_`+uC9)2DjIlWcyt7_JPU*opCHNyA9{#jelj?yW=O!q+BItkL}2EW z7i8NoDK3IxpBR1#JZ){%lFGd$7GSYhT^M{H+Z{ont?-y|ZvlRI1jP$% zfH8sSz!*FiK0=<)R{Z2!wxBR!4n?7HiaP**?dr8fiQ&Mp#;&s1p=`zmUWy_a?n#7u6ea+6y#CeQt0h^mwIDhWk zdFa6;fia!cbF8hc<6r^a?{e&@NvM=FcdFe zwj8CFYr@(f8is3fz!4EV?fI!oPO4< z?A0rmyY{kZ_N*f)&VnN=P-rN7R_?-uiwPnlI_%`BQ-rx;qFJ|g?auAnGSX9sS|lZa z@H!xn1AxZjl2R(mprMmAh{Zl!a(35suvOG*&GpdpvV)0s#RyDnkJRByMI`j72*BY|LR}=>7V`S zfBSF$?H~U37ys?Q{U875|Lgw+Iq6^j#lQaB|NgiC{r~s3fB*M?&xTpPeA)do>flI% z6!@wr@CD|<&tx2%tOQVy?7)Gysg(KMSH6ph9D4uL z`0EM02SH(rSZ<@EqHvw^p0GRal9`=_CXKr0Gn<0-i`}>gnyk z0*Hq@HZ~r!dR=WJHtE@US&4D-R$@|xGh)z&`=da>5nVYKXL~1F9*v*!HTY(6D-;yW zCDj|h1GqvJbQ}b`cJAUxkPK5QycLcLPQcSii_gi;RWchWRaOQsrWh)k*~X0=%cT$v*QZ)QPj?p~azri;4h)0SBpF6TMq`Dptg0%ntim%6 z?h*z#dv*@0Irxo{A9r?RZ4ELI3F{#d(W#l)R9DN*E0|l5H{91p=|93R(BQkedzxBW z;}erp($Z*LfPWeb3gC(eh3o>6*$K#VAblYLfeRK8SODqJxotIL5e}Lf8weN3$(e<) z!X7}^Ns5rhVARh<$$b+O@b0sCEc{!P%jd)X)$_)xLoNW`_n}Ut5DLgn+ns;Q~tZ z+^4wi=ZoiBcfs=`K3>-w>z$QRLQuw7)FQssHiI{yjVMMFaSLUG%|*uh$?jg zu`5y)je4x=?xBLM!)ni}5G_imMX4!=DtlTj`XTC@hEP?_F=GA(kA00;2IY>8qUJeQ zS3eb;uH2@NDs%k|#h5)S|cqgHs#20u3^;gu$=g0eddIyRc9Nvf|86B3A2WCNoJ zZiphgL%HU7)VPOn4Gs43S43oNcvKwsrX~zAR){r_Lp|V#yBrumD3L>bEF>Z-f=gNy7JuB07kt42OlTsLmrm5a*nyvk^ zZba6qKqOLqI`94&!ug`QzS^Z^{ki_~I%Q;VnAMGoiB=yO`tM=Q$IcNEp`^mG5CS6P z{*Q?sp}!*Ggkd2gjDa%t9!k-Ls~wEV%ES~f5mtle788z|!iA}%oza$~wJ|tM<6*R; z6eAvmL<#ZnM0Ma`;<*xv6J@Cq$nsjp#YPdjYQ&*Xze*9`?=OE5p1^@lE}MV9Pa!zI zAO-Ff1@0-pQ#X76Tl;_Yt6yU%rj&}>d{J`hC^-sz!g#M-xrFia zpZw`R`_2>3I8+l^1k?1_0DbvmjB@RuyC6no)dgxi?3Rxw&Z)MfRz`;xxM|f$#*~yr zTRO|@RYlv zJ7Aj{WUzm*oO?z_5dQ4}=LoXq00N%5m+GEUt5v9j8$z{P1*JpGJraFHMP5nCr{;(x z2`Y(pb7?@A-|FK+{=FK&jG@6R#!caaiophoToHBDYoNkH-ooM6u7F)jds}03GXf1t z8~OK=r%>WuvvWm?Nk%agq74t_-y^sS<^hV|lYD@LM1@xnh5M?sEnQfKNnZ>>$3;HS zCx(0~48Xv2HDwZ7odDHdRsDIS8Fh;>M5IBBDhI2Ot*Yf)oEj1RtP{3(b;ubS1mI1E z03oA>m_Rr&>Jj6fu_)Ac19*}mtsy`hzpSLL?no?x>a|8hpw2QRnhPT*k@#q1#?D^c>JXpw#kklQzGbM;fH|@>IARoCKQ_i)p|-)Q^;!jj z5if}Wq>L^ziJ+SD5KF_VVkF?Qu6cnHEJjCTSzrPmLdKQY$*xo50M#a-Og|_NHBtA~ z=!ShvS;2@Xi9t&0Fk_L#%~4_yR0H1%*)u?kLY0{4stZe|R4dpKYnQ;_v3($@m<&6v z{l@Qvq(mMr2|zJ1NHbiPz&&C=O=KBEU^QXa_qtzw@b`*02JaK3z}KDvUyu*}?&#ne za8a6#7o}sn;=)U+Qp(48atf&q=pcpca z9tr;il3f(KhG9)gP}s0pD8k=OjmUfxWOR2x#d@0v6s_+W5(=ywIfH`Jj#zW@XpCC+hulx(JNyN?)qOhedu2DvLDCS;NchfSqc$XaVGJX{CUzaqjB z3)s~Nn^={w57|PyySq!f26`-kwveggI@p%e=1XHki0FYPY;qBkZ9^uUdKMu2B6VqI z5MRD9{xAu{wO5#ktqTJD-LbXcQ9%maw-mTn8obYj=3;zMvtW6!6^w_jC9622(ynB& zH#DW#J7R#Giv{^}Bg1Kw373p;X=6hkT8LuTRI5;!8HzF-%u2XWip$QI+9aMBJiTLh zU0oZl9XpL}+iYw*jcwbuoiuFRsA+85wrw`H_I%!NfBSEab*wQnG1eIOysz^_!-I_H zK54{nvQ(`<`AxA9gye!LDsre+K9|uWq@@zlu%%MTm7WC&A&bGvzpWIDN0YjN1O2l{ zviROHPX2isL)e2xy4G6$@4qrYrmoYbS($MfDG5TPFqgA4oY8s|uiVR%q|l&qX%?Qe(?zHThQ=d*#tMLetx7&t#G^h61o>VvfoKGomtj`omSJPAAvvjpz@LZgO%zV8U)Jn{osql_aU=0 zmp0nt`v=()#NNAN|6b@#I z_ATX$ttA3(u&lNc?z#}2eWE{=)-6;JrjYr+^3}j%$sut95TgFvnKU9Ww;>4OB5vX~ zWw?amwu_3Tx(I`8Y1a>AwUmIHA}kZ26oh9t42X$GNYx!>t|8iZWK)g5 zfO)b*|L_}^3jqhJP5!@oI>9`hzQM(kq&Vqw>O6PZcvJpn z-)!%N~qC|Z=eCdxTd#E)r zPLhX+$ClCyBdYc+PBjsqP?Ux+wo#U_p6SWXH8sL!5zzxriZ#L>lUB|1y}v(k8AIOr z!3ARcw&p&DSV9GBvG;K1f+9KdCQ#(noHW{ew&h#uS3xVe2y8h?`DQ2tMwE~7#szFS zdZ>|USwNr)(nv$xz$gIhp*5Z53(I5L_(l4mU)|;2XGydJRr#qg&&e9gWB?3e+%;Oov0hNn| z=uc3wiQU#3Wr~bu1|?iKW&~7R#dFj*SE@GE4>@ZYsdx^1EG($$jwGACM5rP6wj4`y zHRz44yH0Sp13z5Bx$qk?2SiK{8~CC6U!Gs+;p>UdH^zkor(8j=-C53lk|4uw7^a4c z-Z^}`j3?cZOmNe@9-ml_lJgFJAeD6BJFgM$qQo7h=UPY+w62WAj>OAVk=$w@?Ghs5DIHVZL{}q4*G-Yvm zGWq#}J44(gJB@9*BU4{&_#wfEw+K@*0zZx(?) z)y0|Pt=ak8Q4=oW|S3~qtn-Bjr7IK zX{Xb7VtN{aKQR*ai@-?1pwr7W_K!nylDih?Ty`?4I(g1%0V_AlT< z+kW3`S$vI!@|jtz%7TI;1DNL@Q}cA$X6)byN~*=KQ~sxBeO1~a1n-z1@ry3F9{w>d z_{;%0EYOc3aFeDF!pwPP(XuuBs?dSv`Q8hlK@^@vk5H*|UaoD%EL6?!2P>zDSf_AC zys1{YEa;f~pZ!dnQB#(Q(G3fnOnxbM=PEof#m_y(lK0|4{x3Zz8RP?h?eAtHLiT3M zcPb0@%#^TY@I@Dp3i9<(y48TQF{toJ$SU6o=ZeYtaB#{u zl^vJ=PR{!=_UTVmL5q$>EUv`r%hce&n+NT-9dEzRB|7f4{~3*a<>l`M`e+_kp6(XW z*tmoL8}0uN`wt7wcM|l|pTxuw|GyjT{~qdw0s6By*gMs+-nIdHmxCl5#mPq(frX>t z|NBf{7?=TCAQJl^^z27Hz3X-M|NBx0EXaQ$#O>{%7t^>lUzgewJGR~N=rBhiz62T! z+(*C>eFMr(9MA2-Pu1WAAtneaJN2rDN2SEr!mq0|xO{B?osRq-jmq9_iXLc==W6q2 z|HH-g?kp?C&T|AD>%2yV3o6@Z>0f*q=pF&|evatCsm-CeRs(-u&UD`nu7w8O!hESO zd?~$1af}-Ma68?IA$I?HE`jL+)77 zy;(8w3_u$gFhd4|{0H6jl!au%`kxFn7ED;F!=mWh7WMyk!Txs&eI$e4Kz1w|dfqr5 z|L_#O`D}DjmM=`L1T6Ux`EDXY3Ph==h~it2pMEGYKmV%V2;zwROyuV))*U!reGfX` zvU2MF4$=LKiriBUz-0@`4mpKeY|J|kleI}jkmpPwN6i(JBZ zVQggjqS`}W+l`D|GdpzB?eKHu%kgi^wJw)3rnP5$seJAW203h<{_UAAMKF1N5Ogyv zl<5&xt=jp_?)yp7LFP}K1a59Rm+a7$0?jPI$s<4ur>JBC_vA5rSC9hn?z=tvuCRsi zbcr6liAXu=S%}wvZwqgSe^u2^rdN6qM>8z{`=E%W-QlV)UvL*Q z-uU0s&%ICy#H)JLnk5hX(O9%6rV}cMw;u64=V}_HeT(&L58jg8^N=SK zp&nG276Oy3M}`(Khi~xUEpc?A;jwXXVG*EbB5t1uh=>?(m`5?4VPTSyi=++Dt@`;O z`xe3e{$o_SzOH=i8!-rmTG+p9Zye34t_V(ZZtvf9r{lIeOQr{>KQ~t1p{Lo;ahfcM z9UekXev-6~^AtH5yf6{Mbh72T4O1DvCQq{% zhv*xnDpH+lc%pPn@*4`joo8@dvA+aMpXeT2i)53=@W^_&hlR4w=&3i)Zb9?ilqU!) zWxC0M6{r>5%-Ag6xI+cVx@(a3Yp3am+2aRZ^4hCC5qn4!%TyB-&uafo3mcG-U0{J& zj^U7wdo;QZXZfH{%G_5g84>jePE<>WLF2=GpP$YViRP_r{2~p4ZaH*mXGtVhmD>HH zb+nm`^s-;^4_5qc4&>YiY`-qRnxpYvs9>N~N3cETaj^K6Of&EK%KnbZ^o(F1c*KEh#?aG|I{r%gr{IcAEzKE;gM=qDd=mcz0m}gy!V2mI|4n?vE2Mp z4ipiT1LkXRjZrR&qNXN9UKCNd*D=M)V?8QfAn)e*JV5{#+R4hZrlw~GR<SM9dv4i@eNDlusAd`4ZszfT>X2zITW3|8|h!`m2-#CdF<{ev;w zZX&(+VeFVE8Ro|=ALihsfChosB)NTp15Ipbxs2TY?BMg_+~3wa1D9R8tGwYfj{nev zvAYpij4IX+%<{l6I1Oi4l(+C43c_Zfn^5(onXXwse-T7{K3lRwC>mMDw-;ZFU)E#PrSZL& z6GE9oOowum?QtxD^xj)wRg)6QK@8-4eFBJ{Z68!n|BxliaZLYMi6Q#`Z@xA_2dtt! zcfR{_!@s{7CiG+V5#;59o`NTuxGwB3cm#=f0zlwIiv=`1Aha`2fQdDW@;%|uB#w10DLq^r9T zSrn?&0n&q)=g73hT^eZN>WUBoYX1fEkzz-*;WlG)F-Io@1DT`PJB&YB-?OT$oYa9s zNEja-y(gv+7atW2<9mpK|Gs0k?2>Y$CsENJke}y5Mn)znARJSTF*~a~(hm$CLRw10B5OA*y)x)y+p|Vm>2-SMNB7GBBSmaTd0Sk~_V{OJ z#f!WcBVzxF8JF{NgQgVkHY0srOii*0aaOui*JOogX9+rQT9nY664XR0$M%R6mvDk4 z*Ir37wyhHf4S88j%`S=rHZBgzXfbhP6V&)|I{bTcU6R#kEWNftf(XB>;HLKVLV330>#Wpy}*?A}>CTQ4y z(m582(sU7FWAC6TvC-0cTRJAz4h{}IJU)<;4h#-QJ-jU#lnVCE;V)RN#LDQ7;~l}MI|h^;^pJaf*Ex+`wkK~8l#LjuxYHaidl8Xi(&&Lcl&3O4MR!=5jg)Rqy<;>Xx0$s7=I z$ZVIWI0Kp{8H#sx^h!yDjS3*sa(XLsM*DW)CT3Q{6BS^LXJ6JC|Bikyb6mdZ3;$gs z$EAOLO=#$NmY9|44NVC;{`oydAwx`PONe4!3e{`F^FoeE$csZwSQ#6YTqn|@z*?inrI!Csea>ocHK~s{bt&>WMJD2y<;umdBVrH1zoOqlUVXeKd0F3*LQmYSf=XVB zGJ>Ow3hcFV@Xe!@1%%BM~4c?N}9Gu!a&(3r0N(Us@(?J`B06>I5NY!_GNPpK7CQt zH0@9TWaVlaWJ{a3xzJ4?$ZJjNlI|LA-_I7kvVePM1+DZd;H1h_mUOwW;8dZLyul)h37aNVAm9!wG(Ph0S zsO{)9Rc@loSOAw%kSE%8WZc9#B=mc8`vfvspA+gh=^m*q&IRxH=~Y4O47AyI=Rl2_ zUOA|!TG+5~Ypm7Gwd|~5@lxD_`blQLOo2(UA=2OEtZM@(&)Jv438WUIP{=4#`i{SJ z*%9CmU8}&Il1RM3`M-yK^l-F#05i6UA&0!e;+^HdFJ$Ns=UuNDHHpc0A`yI&3%R6=m0*g!_g*2=@Kg;jy9o7Th zMNi*LOB|o@$&-dml%QZsYbzDt(4AL*|L_1zFTV?5nV(U#W!2o83=~c-FL%)nzj3F2y_HE?;Nv3%@WMcm?@h60AKzOT^m8y)@nIb*njgF~U0dF}|`Vk08L z7ZNcp0?PfnzLxi^xnHXG)=_Vxr4_qM6_q3TrnaEB0BFx53!BK|fai=G*hjz<2{S6d zA_|uT($9`--4my3kidxH_u+tdS$F!{J4 zTqhWqtXMm1reHawwrOEQ^ea-#3M7jfxXF%F2iVZXC0DzRPG}3G3NpxrQU@qSEMjZ~ zWE2@WqMp=s+(yOK&DE{N6aoT_Y;0(3piAHEBe*1gjlGlU6W|KZo019BNVrXLw1z%$ zvx2z7BCotpLYWkSAFvZN2T^ddme)8~F44AK8>f3d-qW}*_oKc?7)Q?N3(C$1hX zNxA^7!b2$ljU`RaV%~eqAWv|NJwuHoN%|fsCfb2iSy`#e#}B?%I+`4$11c?!TAX5k zA!V=v?T{0BRAheTlbJ5@`u4`rM?D}P2mLJyZ4araJ^9|)6Crc#eoOC!j1-Q{xZ(d4Y{?o&n=!_6}3B(g^`{@8l^I< zgnop$xFP+yNWDIH#N^~X`vZ)?+biR11CuW5@;VD1iK}KFXOGg*Oh$@J$yc-yyAnuB zQisk?WL9h~YngJB$P>A__3TH)?cq?8MXfTr;clF?UJxkK^$;(vd{j8DU@$C)G6&D& zO^@W{WJ0g!BtQ#&0ii358a2JbxP!693&M(zFru5dD-1&`%M0zORciR1t^K~<37I9j zefOByy7y215h+ech(Wji$KGJfcsj#&o7-O(Q*QC4)x_ek_A!WD6zK27X@B;U1F{W+ ze(t9UL>t2NcEm&XWFKz32WynEF5>H9_DfI~Im!q=hbo7{ApCG^R^u+NE4=MlcL>Q* zL4?kLryO7yUpgs&fI5*(xw;UonGK_=$- z`s(%*Hd}%p&oht4UqdNndnUOYPi<0n)ta6rBjR!Hwe5jWQMB_P$&r2AFF^3oux2+& z!zW8f#mS}@1Ghp@=BBUs`!|L^H!W>wXO)e0H{V6)9S-eaqhOaLs+5!P5!*R17=e_O z#nZDB7BjU^-8c`>MPj~f3?briIjmmfQm!J}4mLI(oZi5a8f3}eu1`*f)FY`FqC)lo zIE}B{+$4xR@0*9cp^_mAwVd1s&Y={XxI-CS#u7_W=v6s=B+) zX`LD1WC+AjQ``JJWb$vlit~#=3h=x?nLS%?o?V<{W6e(0LGU$gsqFj!-0l=yvgT&f zVDc}zi9!%*F(9mIr})#Xc(@Z!PY=CavvGjBaBE{ORsrEEWSU1eAs%zt#S%itRnyEn z)npBgDRWZUG{{KR&-D5m@SI{SFm*ZY-~XB4VC1F4OAO!5BoQ9+`r(aLG$e1@KtMvG z^k{7lnu1|MKoB;~qb!6fY6-I+3dX<5ACpcm5p0yLJHI-rJdRy2PT1p}Gjxa;>kMD1 zlhFb)=2#QA6ow%qmxOP^^kJ9vR~6x9Jc6eH5TWupy^G0MkBwo_ZASbv%xmTi4RZ$z zs#%MD)(@y*`W1M>FUc)Ql$Ssm>g7m1KYKRv%lJ!^vYveejD>S(&XFIhY@~;{0laT* zZ7l>E>GA&FexrefgF!x>`71aKYvgC;17|}o*gm^wWuo6jgX8Ar1jZC7d2j}OnI)8} z8cyIk+Xa*)MHCZmNmUOq4&I&ci4ois)Q<1;l(B;m2qU@bEC`4Iw9RN?kjje~c3fq9 z+LoSf2v<&SckPpIr}x9g%N5X62Eo8|lB%QhpGXsy^5`BCWMiQrJj3WYjE}dM3w{1ZC zC6J`5udh#M)Pu8v1xpp25aZVp@cre~hZZocsdy~`Olx#B%={0>vScAYiRW+Sic?sF z_JVWf-~Ywuv}zi6+Uj~%2$vU-cx}A26cpU7J=mP!13F>AwRm}Xc@=Qo3uqH(2z@)q z(C0mzW$Ie$=fMsg+-3C3==b4jG0!iqu54^vgwg)n5GOKDFS3)JGvV? zWXtS|W5^K02><9iAsCDWcjgeFAMPIw zC$M+)6Jzm6vH}C-vJTCiT9g9}y77-qOg3`PWkG^#4!$|s8xTPc4-K(wKgNG6vw#Zd zMZK4klbRSCgGg~C0gzI+1@t(vMBUHV%-(`bSY}q?wn6ydE()Y2qnA89Jo&#|vZzny zFf~LQrNEj{e)ZN77Bxl`dPs_$j1&|A9(%^owrhqxG#6VN8;>a~tHlD6tn^?$5Zj(P z6LZwo+OT*^E@E2}FRRJboIwLT@iX=d<2_rjRjllyU} zw9$Z#WS0~G*uqMW&KbYNQ@8f^4uyL&MhfrU9?Bk1lVUbdvI3FEq~6`aLK^_%)8>w$ zRYb)o02=hWtKjsx7R|B~6>?|@_x!w_hZl8!Uue*IXl5xlIhlw3;!ow@2vsVIp=J&) z-7eRggV7YgEBbA(Mp14^Mq6KNRMBd+a%_xN6JVa;#QFnjrG8N|F8iPC3mnXcTe(|g z|K*5kO@O#UC_1x~<2-4xPgxsYTI!^P zlPy4>^6-GzLnRP1)zlsGj86UnAX*MKSCR2?{YQ@NO-+zIRA&+$t;)V})S_Z6`7t%&N`tAe=98-&|h*$uu#167Cw@)F7qST#3`2-C)DB#c=#hDQdBcVO(jq$N*+ z4{@?O*17-wki5X~4}E1P_&N&vtUd#+hbu%`$C*amwT3)`vZfdC6 zcz|`fiPUm)b2BqD04`{&nJxD85C;=4v!jLdf#={8{n)$0i9y;r=_=_-$G7%C0@VjH z(Uo0w*VX;Py4y1%zY&-7%AHr+;NrRY7$CGXp=_ zcgRHuG@Fqbp|AFV4!xx5o>d8XR3YS^2+ZWxj7cyrl}cK%fKqi`m-z_+W8i z0lb}pOGaw@>im+X-K)N%fwMxB~*mj*ESLeN(%i zL2AEA3*LV;nU|OGQ>rWnvV2@6judVv))UGG&=9)g3;KicwKyMITTm$@`sH&3DS66} z{wA~kx$(X;Bb-Lg&;QW3S`VR^E#TMI(b3UaSs75%{rfioFX(VK5Pf}pz&mMpfpkf9 zNL+02{@u?o`9KvP0D%pHF+yrth1^>0037KzUx1b&tC6wVn3mQQ9Q-{q)2ia@TInhb z{@DNS*LJReUrEtHNm@zOuJ%pbK9%AoeS2zdW|;KR$t)R{tju+_sKr4!0Jh+wZsvAp zUJu+WE6`xXs--(SKLf3&6W8b|(Wj9lebr3#Eb+^Qv}i~ zHt~%-b4SNsUvbPaWA^#!<<$6i@0Q=u!XMEHK~r}OjK#RgN){*BOs&?mh3PJF$twxp zmq`bIaKvh?ZA;4o{Z^o(6Ie_TR*$DM1~t~-@E;!KLz6YD0lezB9?%OMSxklw-@{u6 z|0iBKba+fg2twfT{$u@RLgMhx=dMQwdWEWaY#j9YB`gf#A6NGWBJZxdyjy?))-9lw zAGvtEq}Kyg&l#6)9)G**XmaXb^^#%=aY@O&;{-*iGmsT1C`?A} z;JRSa)SRT71GEGN&6=H&2qN|ED(yz^$?`>;H|PkN@iFGisT@Hj5&@|9GfSJ*ucKdw z&Gwc0_2$#Ln*d-YBT04k79aujb9dOSKW1ll1ofgAf=@rc_ff1c&)#y`tz7Sb`_x); zE-gVd%Bfc6Dy0rEE^;kV-Lcpo4#9 z+voM*&p}a91d)Ga0G)beV5$i{sJh4HR=w{_^vKA`>rhE-1)!&1tvDKS4A2~L^yL${ zK$fGa@thdCB+%>6RqmtwM#RHT$MsYYK{T18mzbL*jUa4`;P0{54fP+5X*YtXO0&y( z{HPM~p~b|WUa!g8e|N7foN|sJFfJ%aAQZ%QWWYkVTi^Fmdv>lkCY?zKGY@&%FNrUn zKyY<+w$tMZ{1>N#f{a3WRh3xL`T3Q&tLXT4y#*4MB%_tB?EphuwDiIU!0>UL*;$WQ zl+tbY=Z9l~vyrpCk2_xmc?P7cz;(4(xA!+u)$uZO>)jAx*C-@rw!qSBeQw`=hg#HS z*J_2!7&u~K#dN-WRl5)Z#`6a9t7-K5_~4M@DFs`(gz9i?96kur4dq9i3PBqk9Y;e$ zZCPuv3-@$8m&LLb`}+w3@kYPP+sfv-;lnM(1(W)s%_h! zoSgyboXI&e_!L#;;RrHP$(U$HBG2>AvdEUwTwm|;BL+=KS~|Mx>WvPq;H#*eWDc8U zlqMBDfSROX&|)ZTZM`;`{LAHN!tXN-EAh-;w>vjEJ0mSiMc22p~611zs{p&$SC4z8`uK~SkhI-9!s z8lxVEhf2D+x>HbzBRzO5{`krNFi{Vz#UavGUXMxuB-GHrpvmv4(VUNW7bd`F33qjr z)K65X(r=W`sP#A|TYWGwCTs=1KR>6E=efrVDkUr1`?Wqd)8aP11Wo9f zUsHpeZE0;Uk-FXDw0}3<-QvC}p<9<;jc&B1*=9@g@85235H;(_&=Bo7odTht*Wp-W z`5A7H!@rKcme3-ur|vN5BVOW}Cc7RTa|z0+;G0fpK`e1W3#lY=%gpLO=M>;zSS$QY{6Z|FQi&x!yEPyQR*8YKyNAPvQHoez7 zDy7K8(Efd9n|EeABD~A|;f(0(r1X5*{^azZc2{!nxviMhLQ@BB2s zWX;~>9Ny?CY~x~Tgy3`j@6NxCjd$*LqO*kcid7Fr!Ey!*L5Gj6hlWdqPdUcMt2nQODK5W$%x1gy}z)fr$z0c zXJVxxIaRl^ay7k=0ZyCQxw;6NJ>Vu=*+9i1;6K12IXnnE&I4*sKlI#uzCNF-&{N4N zOD?wR@fH*n;_>jPC_n|DxFvqKWep*ob9O%W0e}bw5%Nwgm5IP}Yn$1Q*>Wd$?ilZY zubp@T-dbcs18K!+Vp$3%s%D&KSrNVh3Vyv!7dSXa_mv}@UJzsyjG*NZi{nzkkDD}x zUrCpV*fXa|mPu&U8k_uvsV5^yjD%-` z|3vj%UH;VyE&0Vz+LL}KwxMd0iEt}M(|*sK8vj7jb|f!>gi;!x3 zI(Jxvw7=u)vMtciu+Xs32O0L_ax^eZwTndjxFP<2BXZfloSPi`#0Tl;laHH;rU_v?kE^jL~2+MUW^Tt@Epi zMgTI+@aOyV=V|u)d-LPfS46<`8vuYa7Ee%=t68v6bPz1i+?O65rI(Pkp~E}^9Dvy0 ze+VwcocV=R2`>qo)&J**aSO=OtI-*3_j|qh;Go!cRr$r`dF8^vPi6Qx(@dCZGPnf0jFgn~!WSWRu>0#Q7vUo0V4l^pXe@HMgqhJY zYLHaAl>U;ss2?KnCGYWjSInjRe@S^T?C?PM4mI?RUJ}0@I@Z9oM}~;C39*P7f!zS` zzllWT=aogAOq>e~Qayl?7{LN>tPnT68|#%M?WYgucVzylO_?TDZko05Up=hj8^Kvpbx| zQqkd}W{wzE5by;p_-ycB>=Ns1&mbc{7X&HH$xsvOc;~2PTJI09ZRIsn~$KKPI!e88XhE2hH*Nsn*_|4NRf@usX<~U3*`1`J0P#7@hafT=j)8=b1zjx zKa%r(mn~3 z-%-8T6v!@%(Z$c*qs2v0==%W4dad9%5Cs);f ztHJ-m$OpCzch{`tx!EgOhvNd97doJ&iC;vikS zsETN%KYsjRmNJ!>SXo>gB~5OR26RruOsHbUhsZ#xy56bwp79jK0|oy?ohzCcWkIlo-(B6C;4^LgFQ`uB`xuXFS|9mf}6J zqIaxvY_leqa7w+hx?4_(*YexwuC1!tB$9>efoIQWj#@Ve5ffCZGlXeBGcPY4Sr-FE zEG?Uw0FC0*$fqD->;2Hab!v4H&aItmlfYXf zep$7{GND2qUX!Bfq;yC_zQ^a^F2_fC+&4GSL>)c{C%aEu0nL?_X8$(6hc1Jf4EUuC zJ_4nfkJsgHS{fSlS5H^;dngoI+P~jAKI|7SalcJYjwi&&LsI1nKnHHtL5%WFyx;`{u8~K zQ#nbJ+Z(zvQXGSI?cR=!iy>vA)*JHIbj?OkbS zMXfqenD)!+Uq?^feh+Z~P3?Q? z&*V@`Y%~n%CE`DLY4hA`D>DO>+f9gyAGr6=0KembR6X&Zz@ap4Vsd=U!g@iQ0IUP8 zDMG;tln_UI7`Eu3R8w=vHVkGRP)-g0$89{7{arkpK!$G#w-C}R#8I??ATnN&z?+oL z1x4!Sas6s%$J6FZhyDX#Rs_1o_rmmcGB6P-)A)Y8KK!U71u_2m^#;QmSW|9+9Z$WJ za@dV;W12YmzcyoZ;JG2<+kn6#)@CI%9$WKlSA=TY!f-u?3qBd_CFeyE5A(yoj0(Zb z0V&RIUs(vf!gL3hOTJp4oehTz4y^&mP6*4)Hids`nSteQ>`Rf8(|@nB z;{ESYPE8v*9x{GM85%U3PhMo>yPnTeDembeM8*6^c+WjTO28k?n7B$##%rNEp3cL= zLkm-nln_r`-kG`XqmX4~tCN~C&(6uw`^9NDHaa=T|I)4zAlZgxCTO3UYHS|JpM2!e z9$nFWhxp*OBFKW}(sS_+EZ3fP&kJ5kHa5q=H^wUilKJ4Hv)DBMpMKJJMZVl zU5=(Yz1582oPuEwmW>?B{thP8_`Pu&pC;hHBr=QAS6y|!Z3Q(WB`SgB={2Y2*FG2m z4VE3f4rAR){E-V4ySt$DD=iHEH{%9G+}HmO=`^Hehf}Yg_Z30#@ztLeMZCa#mV-sH$TxI)Q5XF|5>qv;(MH_zCvso z<#jv8^ZoU?+7!S3{>wDK+u^Px&gxHY$q*0w{pC96F$QMaB`0+P;&YN@-b$BA%!21E zt-#LR$_TYlMiK2Ej_@4#m*W-|CdS3)8%!&dfxp-N{Io#7dXVqkhRZanj=rjnD91Kn zhz6j&sPXZj=KCdx*sFMWXHF0otylVBRD!RjfSq1Wb_;g#In1 zrRj@MytNz1w7n=Nr>8bn|D+TrNvSck(v(ym|KlbjLz_DI-k$bOcjw0+0ElaBhHuZL z^lgSAtz$NCz~=z0ukP?@ zHCgOU6jknk=yVROj5xl~0a-dyhe5YJe?k7hoQR#m#u>+7r!L2U(fwurKxxM8BB5k3 zj|eaij2%(Xs6whFgftQmrZxFsJpK6t^KvKo(jLUo+O-Zdv{}szBG^|3COYVy-tVg6 zax#_Tzkf{iwP}h#+PeBWZ67gKYDddwl1gTe|IiF1Lkm|x?52?Y8!635 zPdjuUo#eh+hcQuD!^}m-+u6cQ)XjWzTm-R)+w#>5&05Fi)Yu<qdHoy00tFzM0uj}7~;xCq!KhFEZ z!Gt&5E&TOKoNlR?Hss?bC`Rzd)6|kM!qEqROSf)_UawE(nBJq%cDucCN=yyykQI{3 zM917LrKe$%jWTGF(z+?w3oA?0WTHQp&KjjxYgVbbP*h&IG zOM~%_6_5(t_2BkB4DB{KcbLR(`%UjA*lpvxnyAEg19ausk z?C05)jg-Ffi0G!sO9to~SzsQGnEZ!gTb}!f*)D=_tJ6Cua~rDT@iLW4^NdT}C&k{J zS7LwoLIhrcX$hI3`um1@Gsd4+^9#RMj4tBCMY$L!z6R~(xO`%na3dUYXkFS+w3W$8 zqe7ex3(O2#?en4fySc>))ms5T}40%Tf2NN+)Y%0ocfWzy!# zo(7Z)i^V1~p{6q~PP4D5dsi z2ilRniUCtOf4?~ov@CH9>c$PqTKhkBZ#$^EnAGdji|EKl=ucHdlGB)LgDh86Fg_`0EV@!=qW!n3yyLV z#4ll8!z8Oxy~iT=5Q;2eI26?AY1ky(FqO5WwYC;!a&pC{jsfvKJJ^!az28pBidMAy zSxsKqa)?>8jNolu8NuA#e32mNmX?K>&x7c5TuofXMX^*{;87f@^M>Br6eyoMaonS$ z+iGwdYJpTEX?x5I8mrFJn65B<1JScUT9qEMyK$!Ez4AS^ZRr4t46);WP8PLkZsscn!@kbWM_p(P=8WJqUuf;%czr71%{h?%|4?1NS zbwRGR>=St1y=YAhj~AZ#8Dc2S>RYQY`XIzc&0p=i94(r9ar^G)kCo$T8dlHzLAKh6 z{5Kf&zccLJZZ|#K?c<_nFlMh#@=6FZ&1`BZP3*B`BN7e7{ga)=rI^hzCXS>2ppmMM zuIqBES}Go}c4`h%f)Hxd#o^K<%?zBtL}@NIBC7r6tlFqypkqTUgOdm*oXL(tE3wF$ zpy3>sHNL?5~L1B7uzMB6rj_Tb@WXjSAa=fUf!M!R`dF zj02#k-@rwENq%yQB`ii@IVq0*t;>BdZLQWaei@*gq4O-~9YF4B*sl+_rYs?NiDjJ8`&Ys9%Xp)e6s4E?kU)|p&49~Ue8a#&I*VkN5`4Z$fmXdS>*AS^#ORR)CD z+Y&tfE@<-%O4HRZ3L6p@BV5M>=d+_<02Q>TCnvv05AwO^N8p-y_vb^kGA{CqybH4u zk(mg6qJ&qvrezo-t#^EEKK%PTmSDg|?Jz<+`&o`9?OLg9kdkpJ;yA0VOqZ2W$D+E} z^UoTFPKB&OZH`(VJh z*K->@jK~>AL%sTr)F@YnD#6`9lCpw~b8RWho1jihqiM_8IEk%1xhgh-l`fSe``ODg zAtN<}0&=r|ikRp#b@@=F;<(`Zr9R;*F#Hf7h;n1BZD|Ab2fyD@*R@W%@7C-_yUZ%j zpooKpsLl6$M==jWkjlKoC;KCgyd@rF?u#2sql(svIhoqsKR3mJngbV_bNVv>?}y1x zSn+l`r5hhoRk57j#0EvcL60@#ASdeq^K7kc zO=u+b)x&#=`c^4Tp&el$tW`D7P|lf$?T1l5Sw8_$5HhFtHh7*u+UPstJih;6f>Sht zxa5Q^JwlpA5iE;`H@p7;g6pOIlG3kn;9KfR3_#8 zs?x-fTYAG=12g(n0wqgBqR{pS8Na+0DfDxgqSy0YlUNFt!Sbo8;gMG#DJdV`t{ z1{hp7zN#!Oh{ih zOOMyXivEbF2K%``b2MU(QJ0PIWzkh_ z4{5IN2uuwuOVO{r`aLKnd7YEk|5#zq!4&@5B2q>k7TkZ4p&?bFk2DFs`!7pGVnF~3W*Gie#lFJiGYeY()~r7Kr-n(`fl+QCwYGE={}LI5Ul zV{3)O7@MYHZNkQkaWX+$im@pJ$*LPEf19Ic7%nI*aBgD^!@HF^s-|V>SK0&As6oOO zW9I9axL|mi3^B%R6BiL)I>Yf~QX+*2E02i)mSI5fT$DB$v_P2heK8~(K5Yb$*prY3 z&}}v65TPg#3h*HXZ!A(NwPH{`%OJ0#ocYKCtpwAonYEdwUL1#f{R8fAnUp2|QE^)3 zFf&?1Pko7rH-205ixDrBz(P-LyC(DE(}*OLM?%m9#70o@Ogm_F#!aZ;7C}pwJrHJG z4s}vk;{q#H^+y@CVSMGgIuqAFWmoZ>ENFVe#fEIulEvkask8D#oqigRxkAoU7|EG4W#-t&P@Y@k4!( z@LS^n(9km(v`9kcS7p`mk;SFsT9~Da=`@T8LWy^|ndNH`?*_(hsZlboYo}t^%p7N6 z2_mvOI(hxELcpOaf+C| zmas9zRAAna|47)S(nj}*C6ZaXzL7xwHLsH*Kd0Q-^^_ zu`RHSur%Y)HQXomGVl+-5O;fu#0(Q$O??sqyk|O2#=vQYkIcZWa(u(2c++Sz>bZ|U zLN!a{I9Gix=7XP4d`pa&vE#>v8Xs^1Z&aRbnEFjFW1Oj@XsIf1SgrzqC7#4@D!Q!% zjv2z4mr=^BKL`j{KC9owze)_Yq#H;0A+0}K~4wT-$% z)WMgV5Wg5O0&bGoSbH2bayGGuBt4`vd=5t-h1k9TY)n=g+Bq*J_0eF5<+x}u+ivW1Nm7&!_ z_cXSAHRljhfefP#drpodXQ~l_F!&j>f!=KXeIzQuyk;IVTRhX*&V4IpXu8H!jqo`` zb0L|&lLYw1Y>wnLNebK%3fxtISLMr!#8J)M1TH18SHq4B2Quu(L_Lf0XZd|`Dye(OC z!uct#i;YACB=L+$UmT-gUGHUS+4E>RhgR3Q$pXu9qa8eBda$mH$to(b=$5b)VA0XV zMvaX@=4wT^fp%)rh;1UtWQ#phhcj=uV%IR@!K~}%4s?NqHg1jtFkZ|;Ti3+5rJ>Pm zNk|+F3*C#WEJ4&954`2(Z1Aouv);yJPR3q_WOH6>{Frsg!Yef&;BT~ibFDFIOEAxm zn`M$3{EeuX{5(m4+em@01K{HdlXdtLG^F_eZy`;>l!YTNM1e&iO5A6hc!$OC=G#c~ zMc*n>;gm7P)OR)4E8m=tSh1VOhWCMdHjuDih& z1o+s7ntjY>-)B)PKX2q_-zEWm(T6^H;kS_jH_w_ENu|3B@N>9N9N-gq@q9#&Peo&# zXIR)AjCD5G0N)Arxl*!rYK_ z$qSMc_yeZEf{gt(&G)VY{G4%LYi)y(dxF1U=cT3cp+}I($|~Xyd!i24gMN~yrBfPNRnRvkS>Bk$xD(H z_`{*VB9FrzQSPRqe_ju^HbyLhk?rZMS8)1B+2s`V@ z+)4TWw$dVbvm^z+brhHd@QXO(x0^s;H^ATS`6Ta`q`)_t0`mcW0m#3Gc$AcyzR^pY z99)tD^C)mVfS+^mB28pBN90?|5WBfYB(F|VAW4DSO@SL))Nl6#llMzfAW4C*MgbE< zGcStvtKIba-%bMjouqE^-bo59h5~cZ`i{u*iy27rnj{616u2uCxJzd|X`;U?tC@UA zk^+VT^Udt@b#aqgX1(U6K*T9|msmt{<&qRgQsDQM0!e`XeOVZ{nH11?+GITZH*;~4qe@cX z8$|&a#m)1IB*1^8)-XAkBn6TbNKzn4fg}ZP4+W9{e|zYdyvx@^0VCDkP`16{1z*qT zzfDg~T&bH^M7~XwO3pP&f!jubufqqQ7)WgT$6P-=*z#2Be@t5{={Pn&5NS?;@&XmY zZX4N>H@ZUvLWF1^NQoQ=;1Ho_~4S<9oy!*78*a$kc-*YfL}rhQ z2h6j2#=BhJcmiMh6*r{df+JkaA;0~k|JsRl8wOx7ZV|Lu#3hR!PQoJJMS$0ikyoe1m z;AZ34#T%-F33@DN7`@WKLibyxt=wZams$)zUGy@|y)e#iZ+M3UGRU=a`pVzxbS*TR z^YrUraLtc6pMI%u;Bq`G<0@4F$xxc+vC^T9-Jc$at39etdcSN!L;8`fc$eq8@>%#yoBL5aN%ibTSU0bF-`+;+Pf+x654>^p3Br=5TK zamdT%^`v?{Uc22H3}CRw2Ee5l?fEh6!{R>Z4{9DTioN;8(i)7|5dTqjXTB9CMsz z^&-8swWDIUk4Z*}`{7!IU8Hz&OGovVzBFr~iyB=*c#1XSSgeU4aGaE}({mG}(n}Mr zPuykdw2yz5a8cqIZbF_m`y}BNU%j~qd#h(;&iCdYnVHAW-8qX|hubu+yMCKFguX-M zzU$Nax*n+Bo4ZHE*)0C90(>NjrOpPfI~`!S4a0jN5RjS2)OUg91hcnT^W`-i3WbBg zu-(SDoRJ9TeclszMwwSntKzgkzU7;>RJugMs?SzUg+`W7z`8l0cMBMp_!aBu8-ZmJ z&~?LYcm46q;jH@id>uP#HgMi7U)9C`-uo1m!+)7#h1W5MXZCC z#4S#_IV6h>aW06)hpyHDG5g2dFIH&fLI>un95e=y;Kx%hV&a-&>`4GT)y2$_vi9wq zO>Q>)^R?YdB!YXoyH_Aw9fHk6CarRFXBpYf&s$9Ib0qx0jLxYB{z>VScf1r=Rp>` zxB)=T)`^YzR_%C+sH4B@(#Rko3BN}TzZ4=_BQ(KCj75fMz9ML?_80TT_-$q3to<+@ zir}zO)+P=bp}Vk>MA<w;>`fZkSjp!u%sOfxUtesYHx-ORiC_B^F5@gT%^W#XQRuTjDXnOeejN#F@{HjE`$ z>3t2|EZA5GJ*>?VBiF14#CM2pf|;k!5mI#4=AnkaC2}+QGqz%8oF*v7dg;f>*Efa& zchLvWHi%3Q4G;D8^-cMvfO&J0aI0HK%MM!0_EfNz&+yi}-0rfnvh?(HJ%Q?8jYP$A z@6_*#!sc4ovH>!mEtBn=t{0WoGC8l#fX%BeGtKSjTfYb1V}EyD1(-cul0B!k#V z<=*B7ns_FkS|7!tjpku z&AGtF;0k5<)<(b92}HJFohw;$y|FBo{1qFpwQCUE zCE+&yvdndiBdh}zbzFCo?gKLly_;|$Ln57vwbjj?%pl_nBbE%M9t#>KLod1M_}Ex>cFs#Lzr1tjy}0Frp^(Sz zX6HCvu|#KEN-!kK90_+(NtlP12Q^XN6%M70jZS*K-qbXg23*GCRz+VT2}cQv@t|lnL*XXCk}` zL0K=i+ki(n%=QzLl~6qdrPot#>OJb_r=Jv?_ zZT4y3gXw zOk|BvJ{%T$6EVwXl3ZEnAW};x5b{k;dE6dvnwJS0Z5s08&QoewWKo-t2zK$U#Ur39 zQy`fZ#AVpBbas>nfo(YivaTU^N-!AW%PyB^YRd2T2hbT@E;px7SI5e~H8Ah6J2cxz z_OKjh)j%xyEOwSTGOV&}Je65lPcvr5V-kPl9bpBkv4sm==PxB6sQ^qwtIXMZn)6&xn8zlINxj0>H3_Xmpox?m-q`ef|*w{Fv zgNJio&B0e*F0MgcF5Rn^)T5gt`MNt4hy#2~zHTBR~;HMmHt9N?0rZYiw*edh9qyC_g_BV1RkEtw+a3Po6wgeW^A*J=5XvC~!D@ zzDWb#{L3z9LnD8165)m%#y}t_p#!|>pVIwpV-}o7f#>Nctb+4nPOsRRBT<3~#i}Vl zD0+vy2QqPzMd@J%uxv1osDh9jEf`@q5)6q@A`*ZtMN!}5oy#e8w?>B!WyT=2^0(v zO-5)1ex;U`jZc&7cJv*VmtskzPH<`PJUMUw!qJ=bn3R`;P5f@7c=h zo~`$6F|W;Aw(zU|+;h)8?7WtiwhbFLu3o*`<8h6Sjqls{*@qu~c#wWg!B`~&m2B{l<@nNt5ygniG(~}*Wlp5{sRZ<>YFk%a|Zf{ z2L=ZU^7A>&oClZ-`yS@Z`Qyxp?xhHjn&xGX8x4$eq8M*%kRon#e^Hy{3`IFYLqo&O zjZJ`bW=19~LpXIx3Q`592vdULWpGb(__;k#;bKlXEXi;*qXhG5c2;(OfB!r0yjx#i zw|VoHqM~9Lo$7^xG%gSP6Q&?qDc=Q1l)|S5@SnY0BV^azEY;ilrNk=-__NXmzM`xe17mCQ&_upZB|y6Xgm^A zsT!&RDtCkPiJ3>F8NnW5UNCy6ECeb(!3FSW(czpPzT-#QOF>Zs;R47$sa{V*ecgo% z7coV!D3AuIRBoH%aJd2mZ-#=RD#`5ZZoxDjC0ttx>tdCAd;2a|S0iiY=Hz0|05u`A zj4EnP--t))Y3XL?V5mScX7Qiu^P>GE!Pn#^hxG zsz@Q4l?0!P0OVpwUKfxE8DP6?Fi6L!vNC0N!GC$*EP;R}P)EY4QaHpUWeO?n?QI`@ z^igM5*ZTGA!A`MCshXz(qQJ1oL@{Hp(GJC&YDj4>-9Ubqz_a4i-ZtdEFf&#uJ79$Ot-~yE- zIn-!SoDxSxJOkX1A#OEg)N0d1&Y&RqAnIooKMQv!tsF>2$+WPK$?|%B(XGf16`)uF7&%gNM ziz7$+1_yf^9 zC}#ZBG^3xvvobTXGBUF`r|4kDq|09C2&H9kjcsyroH28Hgh1HT@Ja})8(Wa(*m3xw!)azS}!KbjLaOb zHyuNRnm`37)$WFlJ`oH;A9q?>T3&8;YFZ}dMr`nyNpN$()a(uq%px%5gAb*-U0ydp zkIETAG%yZI{LFUDo&xPGaX8hJ3THv{_DxI(M+ZD4c5Aw;qvP}a`_G&{&4758L2;uT z!;{2}tRjw4df`m)O)ddKAkpaPn6XmJ)I1#pn1R6M*@hlXt;2M2~PO~Q+`R+KuuA0FDkp5VMazqkV5LN*7?M_ zBY;7{C5Ow+H@G1f0Nmzg=Q!OWX7L`g!2Fw;nIR&ej8N1{5w;vQ)|&YmD@9Ld=b-}! z&zwAsby~$E5D0+wAa>Xh$RH(r7xne5YzEUKd)DT_gTSm1^}rtFSKWn>(50Y;h8i9p zADfsQ!@5vgTZ2%ASoz8;ukP9N0M|nbRtkm?2%_v#ddtTSXFM36Wgn_=W=_zhi_^V9$DN9}z|1k< zaClX|1nk+rGJUT%4Vw{19x;kB=j3K*Wu>cmhNa-ds&=j~HWa^OH_gh<<}*gi^wTrE z%xq$OYIJNQ81!LkM2aGZIU_wI)tfFNcRX-`TZmjt5;F#Wbq?DT~4G^SsUZ*)Qw?cy{^<=xp?Uk26_|)w1S4l#;aGZ z?ApEipZ(Dv@7}YAB>Ich)qr|>Mi#in0du=h;R2W?2M0!c6QP#o4$dFCO>;}*$jE@( zV}~Er%bS-r3XLd*y0fOKU6kPq+|<1eBHI$4`9uIcF@(;JXXoZVC~yhN1i0Kz380bV%Krf-HJhnFY+zuZrL`TQyLX@u-T?E1 z-63G1rFmRVjNSb`y;!8PGBPkwx3{*|UA@}g*3sKL)ZN|J-qDqgDZ=e-XlliX2d~Y_ zKy(3qi~?K6?B55DS`H+PixCIH8EpqV>8FYLVsXoK{Kwki`l z`g;4YTeP*eNeqfN61^vjhGxS6)sVLO zQgwG%7jkMwW~Les9R2+RSFT*Ct-Zp4k?#@fdwY8t8icWQb#=1mb8>Q-J{z>Xy_?=HcoHD_ z_LA(b0zBItPQ>xsx@~J!Rh0zV$V;MT6xaUrT_Z3|K*)`-r;V*VL8mJtOT4IpBO)O z?91Q&?yWPY&wcXA#~*$8(WQ&knHd>nr6n-gef##m_1oX>-@ott`SWO+Ma3m!qvIcc z{4reM%9X3|#3sC;Y?d=FpI7)hYdm9=X-hJZ&n{U4N{=1*<`vl5YmRFYK7oR$L_Vw4_+Q0wc@lz+edV7jW3W-`k zqb5o$5)52Cf9~A*ix^Yu8yY|P?9(rg9{cFyj}L$O<)B*K^Yii$SwMFbkiOoYqlZ3! z@4dG_{cQh*3zvF&`{9o)8GNy`tCK*11D_v&4#$okMeM@^iXZxuPd+{H`RA;1^$zAp|PMk2(_ zgCtR1Q~l1{@77$d*|&fH8*jV`?t)Mi73COp-+1Hozx%uYiZ|-mi4y|@gR57s*|vQL zpE4JX%L|`5bNavj?cYMl<42FP=Mh2Jy==ud-h7kQLDVfODMr&he*7pNF~m>=F97?} zrRtL>P9f2P2%R16+zJ8i!}s6iaGXAQ5)>riB|k5p>wot)=jq*j2M!_{rlw_7R93O^ z!oevV=$ve1mA8KTyHE6W_Uu`=2*GJJHCK4b(c{P8dG|dwHYT^q%F40Pk&i$6=&iTj zLVM=QjEoHUMr}uNIls&K>uamX^Q!?)z8(8OaA9y!-CE?;v4tPPsXl_v?T9_22#7-yJ@D zgjJ);7H@K#Kl$|2v**sWwYT^6_aa`El$By`0>bz2+s`acojP^=%cD@Nu%O`dnKN&_ z`PPB``x+Y>Ie^3!VRu0YcdPZXYHDi`juGe&9{l{Z*IxVJgZE)0Xb6>+ zRadXnz4_)_pM3He2Lu6;wPQKndh5;BmNvb~$Xjpy?z2z#9X)!i`qE`K;c(&oRN%r%ysH7!kr!c2-_VaaC_`_j~WZ z^S}Sye`Qx+xNx3rV7#QVe7}2}VVpQ|3fYn2S5}tw_Vw`2Km5Z#e(>Q(r_Y>2Ct102 z_3qufys3mz3Yz195xl z!3m8cRfnJI@>X#&FdlUuX%z1)FXHEW`+5;Ivvcw)DwmCn5`cCAjjg1toRH4$?w*aC zw&dq#^mf)AJM!hwz(`J3@s+DhC~eD@RiTDWPLA~T_h7$5b?fdP$jmIba-~hIRF3HJ z6NiwgS1ez#Y15W9Yu7DZu^cNU3Jt+7hYlTl{q@(eGsB}fLS3C5;?PPQn6agnabLI>Y$w>5vk4T_O zW#tl%I>?9HJ10A*y81GF2R(rImsBnd`mqi~a&z&}3s6Q_mp2TX@X}AAUGCKDv4H=E9;vtnC<0E?u~c7 zp8F99P%%-rSFT#c#i*gEk9m2yFzZh~{scvB<;qos`S~y!4UD&a^znxXMr@w)$}*U5 zZcbizN6(ql7ns+wiw1 zb?aBJTro91Nf;w$ls)%9KoI<~lcx}mmabTVISLi3ysWIeq|ocZvlE^U6N@Ld+`NJ! z)JHrmW8-6J;dS-(sFf@?5Q2dRQHj6^+}K2rA&h2bXW?TOCD`p*y=KkEO`9>E`-X5mVhV20vk?dKu zHEY%o55fI05}Z19lBprbXkdyTPJ-d-qmMqpT3K1X1aU{hjPkgqv$GrU#7Xq|frFUG zDl4k``v);_VqQv3b#-*KV17eNs;NP>Xe!7rTDELOT3W_H{~$sD&IJN3v3?PCz^w-Q zM{wdHb)7za3Izt1xOVO8{QO*&b;*(?JVm6^sld{uE6U5N5Kl+PM+w(Ce(dmxlP6fO z&6~GYlrLqSk$bjn+lmQHob{UCskJr?jwRFNZc<42LjZX3YWo3fpbkNi{Q-NGjCRfa zh*{|I*os37cQp{z+|&#bpnnh#1AYOA#K`dV=GK-&M~*bLG%sJiV)Ld=c;?V4H*VaN zmz5g!4>vV5`6h#znfaYveH%7z`svSqyz9R0IGIkKKEdw8kY#sxOG>InMy863a)*a{ z8tQBAzyJPMzWe3S4RbcmpTCH#`ph%W{q(0lefXgVCniQP>)|3i zeda7eJrGRDKXx`$I?mZ64?hfok-PHvV~>6R2e06a#w=D?SilT1LW=)2Jq=XDq=%Ul z+{PV3=IZGZZcpYGVPbIsZ{MWqE!+~Jb1ran-U7cL21woBC)(GL)=zyJO3Klj`V zD_5*06%Hk)q__kwlb+_rJd5!&J>AQAu3V`@b^hZ&`R98ddwl)o%@~R=oWBHM{QMU` zfBdmWak92HHD#uI*Q{D08REoJ0rL{>G(9plPB=3LmHNgeiC3~aP8>aotnro7MfGHlgCU)7)8#n&+XFnzU;ndkPSWWo-iN~KPDlEEEQ;Q1&ISH@H z-bWt!|E?9_iWkv;~)NL`O>ABlMq0kc=E{~{p2UR zcJE?rCyt+B{m`Vrx$nIEomXCYW&8GRSY;7RSzo}3z54y{eV?dO+^QLFFGgv={>MN4 z$@t{tr~5u5@$C5*Uwro2=U1;@nV*{jsqv790#j_qRBsv)rd{1gB({N}VdOA8!N|i% ziqAgt?5nSSZ_n=C#A;#e>aUAitxTp|EIMO8h9EU$zI4&W?p!CeFp1%Hzmo8^!WpCQFIVZz|RjH+^8Pft( zx^LI+AAJ7@o44GPn_tl0fmf*SsVAR)Mq+Pw;Niy30l?SRT*lt;J!bg5?_uIPcJvr= zvKY)Td+dGm(I5Zl$Gdm$#w&65>=|SfmZQGDarf>$KltGfh}%Wx$j!yQZ9_Lew(RWa zVnJ~tY}>knL7qBw8X@4BXP$of<>wL6Ff5IXA|d&Y9X~;!-@o`5|Kgcvp26aH{yc`6 zlzZ>JkMITjGJ79;?1h(JEGa8N(BV_)f9c`{4(yMA^rM%ae*yQz2OoTJ^vf?1N%3N^ z$#E^J zva*Vdj4YT25|3tcNQv*qAK&}k@4kHBefN!yPU4H1@&(RcI0rEQ#b5r#^UpuKblDO- zARJOG|8Kwj4nkx_MJ1^T>@>`fL=?2PHo>lc_@f`c_`=IuHg8ASKyci$Wm9^F*bdb> zC<#N7EhtvRB*1@D0RAo-QdoD@FA=@*MN7c8rh5{@BI>(ISsUs(ax<~;DXUmz^z%SnzkyAG@vdgH?yj$vam1*!Lw@V zGGgw0J`z`?@U7;!2T|(>26~X+H*eYu#vnMu3rHU&3W|S2Arf;_*R2Brwqa4v$i%~% zCL!WcsfrKZY;JD4aN*q8*znS&OEC4Pr{hESl8X`y2eR@qSFNhruzoF{o;`OuKR=%{ zjDC-Yf>{u84F!dOXB?FbV&{{HD4r2Pzgtb5=IfX8$-fF58R)fm4Oy}_~4GC1b^kqUmIFKS5#%O# z+~`|aYcUwWUU5HjH?-A_8#j^`NpNFT<&x6kl3bLpv^31@8#ip^Q{)49E~+O;{P05$ zRaTbc$~th`@dUcPGe znu^LwiFcDcW?3!_0C=)DZCwA*Ll2;19Xb33?u(utJhDzr;TtgKGHc%YbuUm%;9;XJgMzRN+SFBipfOY2V*}TC z{i>x)nF~%W4BZS8HxSuOzzLwPjQzwh4r(CK@6 zdpPm0sfbWXdcJ&m*{piQ~U7EG)tXz(e5!h&aR?Ksrby z;gCIm84+^AUo^%-YHdMJWO`nJH-i4AjT>_d@)?HYvrYN2?K5{gP@MGgvT{xh;vF;C zv~d$wI?3WonJy|Ugy74U%Yz_0RK-Y+%|IqvT+9R+TR}k{uKJ3~@`A!VG6@K=Mb%!h z0*_@CV?*LW2!jp`LxTT_i5VN4^!bns;4?(?ka`MH$vNg<#5int>`A_Y7y;?H1N;XQ z4%26|aRjhYY51ztPQW|>4Vf(WNAKsn!>KTHGFoF6GI< zt)Dwa3E8!G?FBGM0XwOrAqlc31R6Y+Vj!^wUlOblD|#cSkM^BKGUw6#whWWtBwqMW#|RyyUHsMn z6sagr$w*BVZJ*Tt2_H6U$-pMPiZ9u0!UXMP+0n_@PPzcGM0T5(SZ;Vb>KbI18m|sp zS9|+=AAH=_(f#9}{;Xojvaa6#ciww{$~TVY^rwINr^5sNm#Q!S-9P>#EB$Z(?Z16s z_ipr2o=El@ybM8&L?Gr)JR|G|r!tr!OP>-YB2UT+Y1+5IiPMgooSlG%3ZwbuFMsjM z_g+4B^4NR$hU?m&e&WTjFS>5S#+P4tarN3Nm^pHz+nIss9&k!?!;6vUxQ`8wtj!Tl z^Q6I?5PmXyk^Nc*_4t>^4;(zS=l7thw4s7BnIGXfyt) zsK7TA7{fsDWo3rj})B7KMl9rMA zum0u#8HW_n17Ci5nBg-39zo&0Xe_j{VUU2`Zb_>nT0S)m^x}L;K()tBpcd>N#NaYg z2S}HeQcW7g+Woqz^1v*Ddhe0X=*CvBS{;w zKeTJl{jF^sufOr;S?`35fMmtKD1m%sc8?j92>E`fd?ua=*XN)pI4 z>~mfOs}q9>MrLGWLnKg^ou)#wL-$t6(XWZft@f!M)cvP0pAo} z5_T7;`SOb|0r~7+p5}17@O`k!MTq2tlY_410f?J3#R#OH6{kYFa*!6`mHo*V!y)7$ z4f}Hv5sBoE8G;f}C>}oFI7+!maMuw1Ao-Hy4&cip0`aL0_q_V*4`8%NGlb?~P&{zp zv(C;olU51`lX_RAr39nwjl!Zzro&uVQ)UNEa7e*4o__jSw3_sEs)3Pd5hZf*`0>MJ zWM~CF+tAPeqI_m%mH>x_Lu;a}w)tjrCsF>c0qP%`_4N=D+SJt8(b2hT)tcg>Qqt+t)6xQgsbGLGR7ZY(Hm3#8)|D&G3h=o}n#Ny83F%9%++;urXr*vf{728Rb=E1V>*%*)Re6P1+Fb>W9=YiXp; zRbE~u&Q~}rXCpT^A4wU#A1FrvXACHI1e!H9HsHv_+lI3cZIxSrHC!!ngJjQp)~{dp z_~Vb4mX;8q|JnWz8=J2XMN6dr{d;yVty%&j#*Rmd7Y6_TY4et>>>R@5 z`vwN^g2PMjR&qb!4ZkTNOJE6(YTtxUcMiNgT`Cg*2N!7whz)31_iOz)BW$K;_ zD1zIP;3%j@a)DIt)6y{1Qp?E6A?l0S@kO8ChsZ`cR9Z%sl=hoovjs5DvgjZXgvD*t z-rh+P0h!{+aHu=%6CCy!jS1&wec2W0XT)JhNfV?+Hwk!{6(U3c0``qfjl|pc_4YP3 zGz|3hZM$d7uKVuAHZYDwesq-7FDxSXLCJI?FalLfA~GTog5(KPXDTZ^Onz1so~e6SIjC7S1YQ&~B)&$MDOKB-sZ8O-&6foOpg) zTTy?PFJGFMmm_(1eptWkb5jk*6k9}7=Wzs%OicQKF)|`~E+D2dyo`r{11xm~`MGGk zlj9?hpF}*?m%$T!z#b!NZ0q*zoC`+V$0qI{fD-_4q$ePPa3u!~O%b#E7l*%SX(ZnE zGKByN3i3%dBX*sL2TstHn)=gcPD4p>w70*HQ;Ah$$IhLlWo6v3tE)!~Gf1H~;w2dr zvnKWeNE2(5B&nMWaw!{x6vnIpb+QZ2ou$kMxhGBdxY2ZhFpdIene#$0xn}80i7I3% zZe=Riun;EO6Ad0Kf~n=eg-{8l98(SQJyD8S&T-81DF%NG;FR|vW#jyX^DsunOw|pO z(66-$#91j86RFTgrYryWDX|mF9F9U{;f#pFQvv?Pe!~mRffFQ2{90&F{4!FHi((rA zCI|)4@+HA08qs`~dLmU@39oHxMle!iy9lEsNvb^Lp$Y&a7b8bbE}ka*2$H1GD!hYZ zsA2O~P_L=9WAb+rGM*O!LCH%NNr78RJiMzKyk(KHeT1ib5LBA6xaEh}qFK_MY)r1KBr~mK&CnMdRlar3{P+nd|CUW1v z<*J!z@IX>6NC#d%LW`S@GEd-HGp%irYWW`QPXpHDye?4I2Z zQG&0qp!oQ)lO%t=^6CpHjvOb-;lTF`@(X}@;*!S3MmTkww`>Ns(Z&9!|LOmZdV*^Z zy95RMzWDMG2xLcZ*7koXi6Jh8RD~%F7_j zmCH3`0WGau8k!d69e#{@*VWxgI5$x_g#{(PsUWgBUSUk2m#Z)RhyVER5n_OD29%MN ziCL1Hy!XNT#F0U|{Cp}1WgC+wJQs%stB{$Fsn!nvLQ%9&BOB#YfatS*pa0E&{u^&v zChQFkh<|}p;x7*#1o;5VKxBFoaS$6ekr|Gnvii=L1I{7z$`!{q0reX%! zZUnJQBs+_%6*`Gd=-<^(QWL&XR2I0*cfb2xV$0us@9pzvPi5r@>n|%VyLZRE6dL&a zi%*FVK6K6b zjo8t)GnX%2apvOr4?q57-xr^=B9J#~_o&V-SspC3m@+fc;khJ1^DN?|8rr))*}os= zj`IG{{rB&=Zzs`q1m7L}{NT|qkCOGUY176%d+x{EYQIV$qbaFoAf;3t`DG;)%c_WW z{`Eio6HbUrmurT`$BIfz0qPBFH>_N?k|PoHPhodhQc+2W8KL9<{y+XNE_W)@7*Z6< z8E7;yHg4*VYGolQsDd38$H%9iefn4b>96vL$cs*sb&1hP++I=1IM2?^qK?!cL4O~8 z^zo;kmKGH+U$Fw|felGy$yruEorKRYQ7P-!ts(CLCo5S7$aTtvq#QlC!;WG_cI?&aT?QWvgo09BIa> zb&x0ewW7AY*SS+@IAZ%^f@@2&( z`5%A${{Qx${u7lZ*c}Lh=q+2fZXX?)ICkv#snh3N4(f$WZ@FjVBaiHU@PP+^_x5i& z>AAT@S(!QG6Jtnti8Z-n{W7d9s6}E{^0Kc$fklM&`X*SBIwx*uca@ya*v$xY;CAi;CRXxDb$C?)_pStX|Wc@Vxw- z6)UO=3-hIl*)#@07uwF+H7m2TGu4X+_P951qR8Gh%FOiiwQH3ggaFU#Rclu+Uk#5# zrXL#_#Ed7QQu+C0=&W16dE2&~u3#5l?;Y%VL{Y}FCmB(j{GlT!t6Fzabd|*Pd>F_!#ad^q7GBt z=}$cIR9Sh2FdYu9oh-XCvU*MG!mI zXBZ7S5NkqIHf$HPz*52w_DIAHa>|M9C#-=edI_ZAKTh}X$oSykFg%rl!)pjw*m_T8 zc{vI?K~gBe6-%mi-gh6aeT*J3D3lONv7_ffD45Og$S4?qY(e3|f&#oJh)`m^T)AT9 zx^)|f(jx2#og*VN9k2Fdk3XK9lik+VGBD5w*>m%9iIyV9YVG>f)b$$}>K~gJ;=A~X zmo8bcq+$sOjdw@Pn$zL*^sFVzmuF)HC@z8ZXA}AxB3gdBxT0*;+BFD@DDp&5P}~P@ zN=Y{COKg(0Yu0budEe$O+p;op3iAu9mXQ2iuwrQi5eYbP(7nDqc8nrG*?IZc23Dn?5vnI*8yyjKk!M zVFtC8@P!TQ*5jO}aGSUxq?n8cGNPW51u#53gcOTmY1_6PTkp9Cki)}`PP=aX+81AZ zfz@Y!V!SOXE?luvV!{!^!CxM_e%)I3Gahar8T}hG4EN!2$c31uiHZf5$W{kC5mQja z*REd0aYKBQ;;&H>P$x(o2h^GMJzKXu{=^gPNzx!mGr<6XxPnm)p_$;9H)5wQDySBPH8Kz}vv5e>WVchm8#<5~3PR&`!_vf!iS^0N&0e{3MOi7q0TIk*P^_e+ zARL7)WUpJhzM^so!YWxsT4{comBo=yMhWsXD~K6MEAQH=8n9;d`sFK@FnYW#?23wt zvbF2hZrZqc>(*_UK=9wg2;gkY5t9jNazxr=%orFP#>TpA=?Zu<5u+q1!E&{JiIk>} z=Qt;GGn80)i$vQahkyCYUn0Xwy-6*ns$yxZDVd_6yrL-> zoXIsOxScq5SQ1P`i)*5tQX_gA(;?AxXnwe@COAA(I!z(~}cO%`TjI)M!f25H3W<5ph%$lbxCjBCC=wLpn;D z*NyHXx}3{{XLe|$i+W?ysNU|(%Pw%(@K-rWydEDOB+?~2hm5BTzn^{Yb$N-avcYy4 zBz8**(=a_4Ivz5TlL2yE5Y&A`d;!8Sg~QNO;W{bKpg7q4>6vM+ROh&FaMC}Xn(m2) zY|&r}N<8*kVs=8)q2niye|lj5>g8)+`R=QjE109lYs09H(+vf6auTmD+H)#7^is2q zV4R5wxV_YNQK?>>?%E@V5M>O%NIa-1Vqi+WXkk&qz9f%|T>fG%TP# zG&m&XYeQjB0nlYX@h4xADl}5yvY(Fl?j^>ri|V#GIsiKe7Py7qyEV2a1mtr`hzFV97Ea}$d!?fvrkG~ zqjL+rr!k*Nr7K+cNQn?0Ax4}eQ{vIUQ0Mngrjk-(mosj+c}#ixtZXuYW%VKvzwBx0 zr-gBeA$vwfkWMgnd8Yh6kJpK1lqz9((#TGtSTIj#gc>fOt%4Y)<>`$Zk?*$W_eQAr z2l2VdK)f-g&zkIA1o&yH9!^kHf~4@r9((+uhaO_TO6(5CQq|*45T?4}t%g^WJ;D0- z{qO&P+#%B_1?C8E;49R+q*6EC<2Yj?8c2_{pxErCgro~xBwkEvNh4)T^H7*2sv&wB zb(u@QNg;z;F7JO!qT(-gG{N)r%<{Y^r9M8Lu$z#Jsq#Y7|l z_sW4&AR+I7=!{=#@rytPZKTD81{>PRBEy|6MQz!8POY&Y3}v`Ipt}H+_FShZ4sq;Y zFOhvfFy2{i3n=mws>Mp)ev})EZx_H7=`8~Fq|!Tf2;;|*PB5smQp?pvzyW+pT#OF) z=n&wY0@L)Sxj}5%ImG{^xCwg`(`JNf|C%_6U`I93lxfkISx#R7Z$D+u2y>c3T*6yJ zh#VXZ`!i;H!jafp@?5(g3gg6$L?NU0;S1SP(MPxZ*mM62(}ID61^h=79}1r1S@q3xl18}-#iyqgLT zbw~sobe3Y#+Nefq!HUUGuv{!v996+-yB&R0Bw$!Oa3W4|H#{Enm2EGVP9w5N%!5`* z#*;y&8Okd*VX8w*;~drNc$19^4GGv2Y++TzaOY;R{XtPSIb1|O%9fLY_8eT%xe4fC z1L2O5kif8yXs^jha!tlBS6@AP^yD+ozOa4Aedf`DAdxfFT+5_*9gPS~yIKNAOqV6( z9w-e+v!94_ef_mJ`}>DTPTR9*4`ah*4Vto0j03rd@H?qDNmn=NiGVd*Y#!2S0%3?j zy4?W0^pMmbM`Q;))zY?*#2l&78^R@rM8M=Sb8<9xi1vIGd=$OkjTmi}^ODwWNMNYc z$kwbBrwN+@A5u8dgzF1;lFH2-NioBl{s^Y;9P%`aiLA&O^7%sJ69ZY<%r6s35s_3% z)cK|D7Po=ZkaY{sAqh!)L`aal%Y_($vLQV=WxGihyM%>6GIHmJhDHfc$4g2oowfX|resYn5=(^jwn%kAQrWIP?dBz~974+(m%r0QiHSfBrco zy)gceK`u3@rHZnK&;z;f_*iEx(Hrb`g0R@-fBeUP^6(>%NQDjA;`E7cw3d=|tIJ2eheiGHKHG8~q=I-C{)x|&Qw~!GITT*G^_!7fQ*mjWM&l=<_oJ87+|y#0?gx3;jCuZ*vLggkd7MK zuSJv-1MOyPnx`nXHZ3#_2uftEj$ER&B*Iym2%rVRYTykF8TEoilZzlLOa+4jI0zxY zT#h@c695cgBljTfz!oH9jizuKnnYEU@U+wuC5D%vA1dUNgebme*d?q=Bmil_r~1A4 z8r2F&6E?qS`tnRto*d-)N`@t6+l7CzlfYVJJ}Jh-^|6G@@FapE1k_rjQik5=L)sWe zmre6f4TmyAsVUCXs6FJejRt(wD{!+M=qWB2v6|YXJwi&l$Bo+UkSJ)It*^Vcr>nQJ zYGr;=5on83pR&i$)im|MXkbH;^@NNk{$2cJxt`)0uXT?KedO~mz54+K}Q)k#y6d_-q3?b1a8 z6z`FG@7TUL#S8Ag{{c#mvhQK}*!|e(Sc%CDL8z6UM-qs_PW6hkj1kxl=*vcAhns^f zTTnt#Bwml~F*O#$Q($nCFUL;ixoA>c%%P(eG|C5o(-ftl{EKR?q?CwBO*&#p)EzJ* zqBWLt9s)vRh~&t@e0ii=RZ}8Cm=t;R@CZAM17?kBOpINa9~Gih9~CbnMl}2dSQ8Dp z3yeCZWn!Ed07LX#Dap=vXzc?0BH{pJH10sNhqe30C&Z?i1(d?$M8FYVqY9IlL`2Wi z?psp8PNX8hQd53toa*6m=FFQoSgX{KX0vL}l=vZ}M^*|UgsIvJRd|_5SDLrTB^+{Y zMV1{TrX3B9Cb$b34Wug~`NPRz{;u>?I=54PfQSj|!e^#R0-m%cmAoc!+c`c(F?Lv0 z%J4upTAw#H17?cd7Y#|^Rm=bsDv>1=Wk@>W_yA2Rzf4Y$wU|QiB;9X-U|jErESgto zhg*wP#_PstK^3@YDC$mk5gSF9668DhS%##~<2Z4H`e9TzryZMy2YwrjPT8XqG%F%i z4`7FtqivHhK>7U?qS?n%;kGHl{!qR#J|Ia*RdP394PBtnlPybW$yb1Z7+NLe51CE&stLl@#=BU4Ib;MkxV!@Jq!q}9Pm^9RqTth?hCayB zB^TQ91PSsNvzqi*M2?egxzcb2N0@e$XTyNpqVa{WAF$mp{EEv3K-7v=2yognEyc!S zvcI%biv)gatc`tgbc_T-sC5$FI;imieuaS0%c(5^{%DURI()5Og`pfd!9MAV&W7NKZL2Uuo-0?QRF7l=@oX5T1loFDF0@ zqQv<~#U827iD^wDD3MM{RY*@m;E=L<_z<(PpkM&BW9_3gHav`;I-CsjCCN%QN|Y!K z0`0;l)n0GfVI*H)KLzd#z+WT2PdkAMvylC%nuFR@1r{xUk6GyrlTvG>NXp&$LvTMTu8EgRjeGgV&MqMJzoN23|;L2J$2@ z6}!DQ&NVPnTKEc!0Dg*j0QC&X8XgyK}g*1S^thKO!9Hui0mNBAyi#0@jk)1|Ma zHY{O-k40~QKpyh2G4hKHAw-kzoDzXg%nmX>VMNky z3-vlEsjgftoo6*P7v2gxhKxAZVcOt?sGJU`^f{%mn>Kv`s3Zwm8+J*sgP18DsC9T>>6Axie9D+_3~dH( zPM`*c6g(PJlhhDoqV9C}(C`4JPRhM#Th0_pFJYF)Vu^W{M5Eq;!If*)QdtJe1>qe) z9dv^j+HF&oNMbg%iZJ#5`iJ_r@b?cq<(2aX$mxpsYrg;2oQlkF&3l#i+=_?viwJdZ?Q?t z1X_vHAf z5kW_)PgWnCn27X!g9t)bjmi|!U(@zP6VTR!+L>Akl*B0=|HTy1j6X6y#c%sBmJ{Q; zWVk~D(VdK@S1528DNuNh~Vfr)uox~gKcF|aj3>NJjzM7LL z{inH?c)V~NO3x^aV8ZdE*tQW@rCtPz1%juZRko#+YEh+D-1FKBRxHsdE-)7{dy3N% zet|D)f-AYV_Ljy#M<9%d=`ax3wQy8XV&rfEmVmDW5Qs-#8msePYP#VKMQNe)(uW^^ zOyn))#%OLSUUkWi#b6-11)_lRN7y2e2^dHtXK7)LmW-0hP6~Eb*o4OXHIh`IIx$mBQF4 zUSe^P`lQ{TH%)DxHvBR`uPmcYeg6?4M;r2naYcji_Mw4+qhB7YzuJHWh(cq0Ibxf} z@ri>GmL_bII5O-&*iKQ5NqK@s5*1~WKJmo9dB}911YOu_yuo5XlOP(NCk@Xkjo>iS zpm2{4^&j~3le6b9PjtyxDqg9&OqqDg!qMC}O{iur_aJWL5HkZIdf3Aq=^OKeEo zmYM{}yqq#VS1&FmA+`uY8xf{rBF1{J{$p87zQ*z>qKW4PDI8!>!-H;mwY#e6o^^Cf z`ltk@%ai#EK+a}HXb>Dy=eKx~6=o2;L}WobwArABHj>E2%}kIs{m|&}Co$LxR3a!z z(_tH$dv8}KHE^jLPa=DIPGP1rPG#dU2F|;K-6g$q?VK863@{V{II&x+;y8nyvBoEY z{N^DRBF?Z`eP6)W!u{98Ce~jc1A4q)UhB9WH))cHS#pWM>h6IloiA1FbA+6LM z)j^0jrQ?ZFG0x;IawO4x0T?$#x&F@`5`wLzPhpK73Qlid9Q}$d!TEsgh%xoG!f|20>M%QPj)9{TP8#HqO8F=mK z?xMTYp)U?feJCE7)L&#QzirOniCDTP8!L_MLr=;TrmMk?q@jvr2M zt|G=&MImZh5v4_ZnVLqW01dFMwRy2AcxWSykJfnj#8a-#U8K62VbD?t%uYeB;V%v! zI(hOGniF?44PY3B1UiXH7R64yx(tbOm2~xhS(6^au=$sVY8OcODiepfV{Z(Q#ZL8E zb;*ks!W`4mQ;A087TEJ7cu~R|L=BQKCG`aGMCk}1Y|24{YV9#9DkBBw3DF>->(Bqi zpTF|zt78-6|NS@rz2-_SYz7k!rd^yGWDT%dv;&~#$LPoyw}O747@__|b>Wy4`w(z# zQ@uA5Aa)7kIkjD(A#Lt>K{aGP2~B{EM6XeXQ;NEebocfR)6E?_2SNy`k2s|LK04OW zAvcT0>KSPikY}|(cSONy$*p(cX^DiUY+*lDkAWrX+t7^oO6^tT9m@A?MHdXo$?O*%<5h!->hZ8D^5xF;h!9aj#>2_zCIE)u6E67Yi&oXCCZsbVEE zktiyaO1)STr8oc*_fBXSO22Y`(WG5=BF+f0mOY~J?GoTZhw^kh%E-Wkp`r9kdstrS!$h$)ratG;`wX^N+S)dqO5f1wyks%xN^1r+{MfN zL*sVj00L+oNY!GO)_YU1ie07qUE~9_Pkv0VB~yXP{2RmRxoTyc@7z3JU5q-m&|Me* zz1fA3vrZ#+%zH0^8Vg+zwgwfkXJ{6m;9AuJksICm}86F{BLmaM@;K0=i_DB>@C`6m+Nv+dFUJ5>R zxDV(8cEYXTj9?YY4=Sky4PmeMO~Nb1FqMLn7*n|@0va@g6#{Pz=os}-&6pOByM1DDw)AB856ZjV8w5ddpsJ{=b}WQuzrDjj6MVyPLtnADjnd6=bRj{6e1|ai;QlHB8tl+9Hvk>PPR2lo23 zOp@#+@Y5J}@pk%#N4N$PjT%~{1Ue8c?e4Ygs&SCZ!srXU$9@v^hgd+M7%GU+pfV;# z5t7fx#(m^#2?4w!46)EcG<-VZMF~J%GE+QGBs0>!ag9l#Kjc^3u_CQeMn5&3DtLfB z_5}(7O%Q=0wW<(hLmUu9KvUaQ1!&Roc>&~1hum&zFwmln%}gZ>y324V#BPp6BDp9M zUxLAm6Nj`)Ha~H-ctbkcd&WlP5sKKt3nczU{cvP}UXy*yW2B45^98Xn;dWw3GN$gE zW7aeB#*H+&*(0!2Xi?mWu;pLNu#ljcTW*7EaMGI_=De%#%w50Yppsu-JO%EU4}Ly) zCmymyN!0A2_<`Y1OAZ(H8uXG_Q(TX3$CSx`7Q zG=#l&`?jt3-n%m|H=F8^w7jG&D0%So>wIkQW0e(4yL7lx*L&?cRqUeK;pO)jv6slj(((HaE3ixYRg0>8DQT$WRx0>_d+{ zL{%)L2+W*Ej~=J*1&sNz#~!(F*H+>Q{^`HJ_N!mN0Xpv4{UFu2i2K>OW80e5tLR2^ zweHG_Wy^N%+(D@?y0foax1PQq`}XapC>MZ99ZjfB+YgF;Qh}9BUseZ^3kN)PMjw9U z(IrclU$|6F3HtkXY{#kh#lg?1lp0QPu3WYH$tRy!zHEtjXTx|{Qz&vte;PF1U?`fA zo&WqZPj6bk_S~5h|HnW4<7Wpxr?A?})vNQ13WtVAXv&UW{?LPaUViaKYylsC{Nd&5 zYOg1K%a$FFKKf*Ke(LelU-b632KF|1(cKv9hSFzpdlsu@jf-u1=EuTwHMf&RzHJ*eQME>#p2;|L%&a%50mX zofhRa7pNmdH<2@!F1-KozVI};As(K6)el>?hw}w{F$3V@D4i z`f_M=g!;G-JoFHa!pK}l{FJ~hVjKNaHPzJ=A#P}F#B1>I-n~yg{WRhNZV_7EQ8JIR zbflY71`1<4!WkuiE?&4ub{QoFS$9Iio`3GyO`A94IcaQed+T>^H@CJ@QU>9P!eq3o z!=oLX8Ygv*fRFmdhT|tsH#BwNGg`iK<#W$Jj|4zG1ZzzS8X4h~VWA{nW=3jTd)G%F zen_JuDTqd`ld2`0S1PwqTLu}rtD}R-;&BIzvC5MSMoA?~5K@qb^{2KBH2v$p{u@d& zJ+gN%&3X_S=%=!3&8p(kVnm_OKKd{;HA&00(6s&6zxiGFNbrHZPww8ek;F%rE#g5$ z5BLb*C#qF4KXE81pNU|zQ6<;BX4OMi#$r6!MzK$L#cb}2=a=GbSJBJ5U4jjA@i$rg zl~(&_^Mx2^oW(0uv%kGCoJb<`%v*ll-htinFuuiKysJL=89K)oe$Ebvn}Ce(N4pQA z^{Ly**4Wf?;Na(kl2J^XddN+UP3RnDC8e-4dZ^R#5_2NljmFJ*LkX*<=kym}9HbmQ zc!?TaR#sY6SOB`TwRQ{+P#AQAxV+5F^rq(KFTXsMk)F3|fMYTv|m)8TCL2K>oq0MEAheryt`{#|r0XJW zV374&+FK=J+~w-*?4aT^@vaoiLLm6^$PsE#lMGGjAUZKFZw?Y2(heN_LIRP-#)k$5 z2`3~mm)`R|y#o}C!_-XRF)A6A`*N}~i2lZgPxJ5p{qO&&tGky@Jl(W^X=|mTXIV*E ze_#K>gNO0Bqu#<~Cw=3jGEu#RHlU|YokQiL%R55S*)wM_^FkS#Sks9Wn<}-jE?m5b zwn5N{P1Gt5**lK7zgs-#>En z2p#Y+oX|s?^;)`Q38ojc4}21sD_E=#Kl+FpY75j}mWE+{($eDb$?+2>PY#U`2RJ=AgxVj-$jB?q%_X?aW%CnX-`UaH*+1@1 z%c`qyU{S#4rsl@Fx+`e!CB?;=n{U#o4@H^kav&>x$w=g8|6I6u z;kDoV2IysX;&f>5p!HlY#q2=S-@Nu3g=jIbV~@f2L1;i}NpS|zjfDD#LzgdH_~65j zD5^g&JPI{Xrm1^RE*VgbB*8W&JYr&Uf*Pv?oU-MP9zBY)Oycz%PP(L1_a12gfJdl8 z9zAsE5CZ_+_wV0NK|SI**kjl*kQMUs@(~Tsouvok7%dEdcJ6caN)4v9RV!9dN$JgA zauXN;0Lr^bL_t*7Umxi2-MVcX=a=Gr9lb-|jI55)nqVj-H+_ zfq`IPpl@_p)!G#+D&ZO}tydbGYsn+3t841&9C>W-vp@RLPgks1nwy*1(0FyW}{DkLlc; zo124q9J?s}NdP%IT{7S$6;%U+Lv-7uz~uQ07pd>|z3+eTl~=#JeC0Ai3=bXp{EI_} zDZ9I4=Y9EwrOnN)on0MOOUg@23n(Z;`Zy?Z{P=}kyB_@cFMjdhgS*_)xw#pG^Ur9dw1pJWSu*Irn|d?Mw3zvcQQc5>7V@g=M)z0?&-x5fRCNN9WH5!iz8d@JBz|vwIKG3RHY~1|{^lXX(04|LK}_t6A}m*0$9v>5{pg zYJK?N3rb69$Brby2un(edI$PP#zrcaRAA$-y>x+;zpBde&p!F|Qcc6IJ&$hKv}4*% z`;!Kmoh+*=EicW*ax*nKSX+A$TXI2B1wt5&Iks%xfa{z3Xy5tH%P+t55|xRyhoSwk z$DX8Q6Xp0vh6giJJx9d6bcIU2t5&Zj9D&F(1jaRM*W~Br0`Ry+KKk(eb7xLJxO>mf zfBuVmckk}$?HwE*hD41G4b&R^@sEG}#1oH~mXu1x8w^}_2YzmR+f+{d@sEGVM{NG{ z7tSIrHMO)IJ#i9^8Je$NyRN>jo)uiPYE@x=9#Ndgm*>u%{ouoo%PXtC|C66SviC7c z(*wgFeDFS%4cVfrR_F~7kJR0JcF_c#`m)mUsi_Gw0JUI2eHqQ34?p^t5Oj26^eU7yfDjwN z#q;NIqgGaw8HZ(cO)X*9ufO@`$De+D=G9%q8W(79PNsTFubR0)~vyc zkG_cdCHeglXW-|~XlBrSo0=|PzD#WVnl<3pYQDvowUUR#Jz)RevgICW0bW%FiZr*j5$%?bCaT>6c_?*| z3JVK}U??dq=5e@_acR?C{=fa|S9E8ozI=(6XVf0YHBVJ-x&x3)s|}6&zxd*{vjICJ^0Ap{Nkd)k--a>F1+>D8~^YRe|uox$MsigeB)!1@g@Q5(gYXxC~HCc z011K%g`~lDRwm|zTB-;0Y1GBSCrR|}4chaUUT=FMAZ zr^c4U;X(m(lz8eeu3NYE`4?W;xMAh`4I8i`G&D3J1cOvs71do_R7AD{y#$+@TX@R) z4eRO4LQ}F!7cYMF(TA_S_M4+$epypngMo-v1;{QmW7xE1JyWB(5`h}1%n}Kp(R|#E z+QaPgf`Y#trtbLtc_ z7X6TjEa75mOOr>yL6-auG62c-mcl+-$`#@(l$vnvczAov!9AO`#4u(yx~p_>3$Fw# zqlMaYH0lNKnRv}j{ci3SkK~^lL3ao6bDn|VE1U%M1MIpAFXP$ZSFaE_} zq7J_H+CTos|M)-e+rJNkJgWch-4DF*!i_xvw^`Op64|L`w2Z{E!DBO8rKd&0vp z-H(h;pwUVgUMN6}cy+&vJy8NMs9)1+9>aoXv_Vb_r^v6G;!Te8u z^20y-=YLd~pYyl>`LF-q|NcMVB&N9AwjKBGeeB7{AAcG}_Rs#}&;In!{uI2#4@hfJ zTkQBIP$rS!B+TDCm&&;w6AvG;`+p8Gfd=Ku1eAN>%!>*&a+ z#^R0pgH)Mzl$I4z4)E&L%U}RJ9VXq<(o7r?T{;MABQRTvT}$x|spTOhusdr5VZw%lYN zNTMXa#~C*!XsL?h@nC^R^V0$#QL2)T3=I=uNLB#Lh<$k1?%jLQf}ecqCqMbgpZ?h& zZ``n+WJs@vqOf#Bm$D&j4+$NYSR~Q`q!=F}LUyjiT;iyuEJv!#NxnM*)|nJ1rl=II~&;0OQeU;Uq6df`PZDCFds-eHoK=1Fyu8YiTdTEIBk z`C&sdO-ZhkDuE`hPzt92Sad7|7fBS6(DaBD*TYvq$T6E|MvXz z&k;u=NpVulK$2Xf`K|!vG?&hRLNbxiqsrFJ8mCOYy+=Des52%?ZJ*55x2DgZ)oaC8EioYAuE_w>`xy!hhFbkNGm$|YQ#)*yp}{S%YJ(dhsVdvx@Hfw6)9ahEgg-g|dE z|H4zNR#)}(ww*qGqPKS-D=UBfy3J2N{p|OD@V)PT_l0}!-G(Qa_+zP*C*D9x#Ng%} zp`D^{YC?jb;bc=1nl3p-Qiessf?zi2G$>)uJ@?!zufFo^bI)OBpbspy>o;s%^XMZF zqP~s}57l0&#UVYEB@Ir)NF{^H;XvVj>ggxZ=T4nI zdFs>&aJ{swr=DdX{>r7cORBNnEljSHaH>AFR z6VRbAj?_PpByH*35=!?_U@Z-~fllESSfqdWlb2rlF0I?}=SQVt{!~$ZR!Ko#{pBk) zm+D;Ztc>hJQYDDj@TPn2zklZszxU#gzW361UU>SRO&hYMyc#v;!s9;wI3;~jQZOb_ z0S-$H!~uqpPw+IGG)^>ZX)!m(BS3T8gzZCn2nB&LMSXQ0;w`%D!hv1DA|cp%~#5mu+5}+Fg5asG4%UK zhlV9PJrb#}Z@7H9nkah8KTDWuc{yd;qza9+F(Dl^SW!{>gr8@dy(8Md0CPIUlRrHt`GhuCn*)=NxzX|8&YP0 z(C+;Q_BS^-6XA96i!T}*>M;~!sE1F1B3Li+`PJ55xm0}-jh*(CgqYRV*6`vZxSO=E zn3x2vT3XvKR})usk;H2;B(7dbCr(_19UU!a&z`Bie3|5*^&2)fHMM@WZy%g)d}0_a z85e$OX~jVQF#Rg9?Kd{oS65#g86B!9FGWX}+A?I=d%U0#=J)!#I*I0^xoKOgbYb7N z9RQ<6Iz2|wcWEDqP*D%lZGi1Ez}n$qdTve-=0*ZNy}D7;kZo41TA7odN1R$iQ&W3a z7ne8I*TX~$3-T!HiQ@uma6^5=)%qsdH!feX3I^v=Kg~z>b->3b3y+p`k7@*1NnX_l$uuv6?1eZb2hWdIM zbTUek7szyi?Sje}_i?*o55UubL;8USA0W`0=qp_8h)c%1jL#U0E_cH$jGY#xQg#wY zKt)g+Df);?D1oD+W2euY1j^}mE-Cg-X+F#F2yol7d1Fy&$=J|P?d6*OzQMB6N@-d; z>1*rgs;vRcFIQi>xN6n%T|2jCWv1iDIeGld(BQ;Fk36w?%j!_X-#6IR*wn~YV#74l zHMO^r;^ogr)6b;HXbPPI*in6bV=i~v#NN&rx%0OIlibQGNk9Eltc)Yy(3>O@w-ObPz><_{b5q z6OCUnZ=XMR4jVYLPD{_ggRWhSY~nxC9aT|YPN_%CA$>hPY*BJFmQ*coXl|~qsUdpc zz~`U$_Vi#me_;2noUC-IQxgqeICJXPzj^I)?G+SlA`&n=(GQ-(df~!(NKSlc^`+{% zt5?y;u~LBUgpt-=tz*3q`&bB$WN%+DdyL(9`0ycyL8Dd78;H5s;fo84SV5vyn8iK! zY~@eHZle9iMn~9L% z$!sK$L(4rG4M0NejMH1>=4*w5>9q^lvgf{c2khN(miJZe{Z+nulRWqKUjBPK@Y_p< zukmi*Xn+TjwQh-o#iFFbnqd<#n${Lcn8xXfK^_k=rL93z;+%np`uaKo?9p-v#KnmV zJP=e29^-LbzJj*yS;T~M2e1bu;ES|EfAo=ufSvQ_5d$ucj*S%L=ivt4zHJA9as1e^ zOV#IxhI-4&%l7VleCN)cXoqzG-r3W2bysnR;{w>ab&J;OLT99DdK3==8gNTX3(S`A z^}@oUt=o3cJ{e7p3UQ1*4L z?Km7kK_-5+_G)`;J5KjXg1d6FsP@BUbeZu7A_TjYmsg_t;x|RY*tYeab?a7Bpc{k+ zanGGUPh)i)!|3JWH4jH9X4lx*MDgm1%F5xvVX_h)dE`+H0|XwTC+6o#XKp;-q^Kb? zF;1i(=17NMoVx^nq3EEs1IgF}dU|^>OOUvXm0rrlbaip4@s|VPaC|g27UI!IA4U7e zjskSi_8Z8@tU?5X)_O~Q`st@}Go!SPpaF-&E0(X|&M3juv_Tz2RDy21ckRNuaIyN* znKNg)kncJ>5%{nn18jsYE?>Ts!h7riWQ(%0lC@Gd5O;|Kb1rwF5FTM}xmj7*#(TQO z7qET%y@f@E7ptpDvfu)wN0QRXVBEN29qUV!duvO3W!19Bo_IVbi#95erOPTv^rp>d zT|Fq=Jv2B*e%g{HrJ1<^WN>0~tbd@N+HRGVOX)n6os&^sUcwC-4?7Aao{`hldwg^p zf*=vHnbCu{Y~8eW&1%$gu4!s&0rg1@$1}ZpcXWO7>3)aXyJP3QMftfNm$VQj zHbp`;#c%;)n?QOiEI#fTUx1k|8sP6FBmQbwcOBcpSG(~oPI-}zhFiRQ@@uz^0(T}4 z{-%bPn1f+{myV};3$0{_B~W@BxZKoQA^sc{TngYg?7#rYwfv5uaD03W+oP0z6IY+3 zsJNJdXk0@m*5Du(W_q(a&}(^Tgzpaz;ou|!E-Nz|Bp^}=PI&cdJ!&+8$5^3-w`S!4 zHYk5SAEoHXh09;Hay6afP+vPcy2b22TOtaKa4K+DD$GdRYa3j(qoa+QGt>s* zD||OEw}5+6Q>CL*fEGh5YGP|!D~wf|Rom^AODgknbH_32jt&!r$2$cDMI~jW8QIxG zqhnM+gE?w(GkbAC{>o*Qndx+^lnOEk2XOU*f?_hP;HSV9c8jXY3Tpol8wk@xi;}oD zn|6kL`vtjwzQGFPDCE2TE2n_mtSzAlC}qW;(8}G8|MdvMI-FiK@ufLq#^!w ziqC-YP>J3ukO+G$V`Kd2l>ANggBWOztRpG}vSFR7@g)D|F8*9b|A zECBrX?3050Li%?YH#YJIp%^9ffT!U{Fx=laK;^;G@+G8|lQG!Q*@Zk;RFIDWCNDR$ zqO6#aQ}(XCt=pTKpIcZ=$@Xd6WQxN-*x%RG*g7^Ia7@!NC#SrWNflFiKNKDdhJEPe z;Siw-1r#H~8(vmk%<3R$QqcwVef1gwZ`#L+ji3+0(F^g4FT0|Xq;>O!rTBK`O zfDWV{grt%p`YMSPnmq;4hDS#McnbNAPfS#lR}cuvChsBlfkZuR*K zdc#43fxT0b+H2T$+yr8haF20?{fSgMJR&tEONvX_R-Dgfd@g-`h_e7ZE&~>kDPXAJ zl(8Rphi%3bFqjb~K>kZ(V*?%p#7#C8>H8mk@IG`PvSr)0dzeyFOY8oFhmM^%w{`b} zPd|@Lli{U^GzFRi{tUXx(?rM=XEmAaHi!D;<^NK8eLfb(A@KSp_^$;iZ;DkWFHTb6 zCMj^20e+#wXWomQ%viGok<7JS0*&CJq>%B#LWo)*^{DBjO5V4&!IqM0I4r5|?x5QW zEx@F~45wVWi%N}5X}>64XQY3cv`IDU5pGdbDn3*&Mtf|dhV)PXc^!oUbH(&mifV$@o4Q6d8vIYD{q6P23nL>mFXlDVtR z!L(JEcqOIjBsZOoQd*DaV6McK%ohop;(Z+Z=w1*<0@Nfv%k#mA-j8UkL}3m$bXr zzAe&63xfo!qy=lG7##j`g2Sb4j@D7*R$7CWlKWEGUNe*>JIOQ(b`zj)P^MHxwL8Xr zRCkX$rM2k6F!J638jrBd&J{wCOu>4gTiu~9*H%qk3$ z4FGEMXu{#}9V_K2UnoW6p}DEnE)&f8 zMUrSf4a3xiat>CRMISnBZ#aI|lUp0oA)2A2=F`>wy1c83=$;U^&JYHB*{`8Bl ztlhMMNlC@|NDypKr=b*cFfCzZ)#+>t;9E^qbTiI-E#9?0HwkUAm_O$Ui~ZWd%=)(8 z>?ZLbdHEk01@5GYeo>@~orRdqN8v(CRoGHsVX$^s1BO#mW)%#Ra+Rj^jkbS6?~yv& zR9(^LQRsbeK;nS3jfym3g!}Tl^w!c&*qA7VEvBV$2ZJBNv-BkqUW$jN)1B7kmf=V_ zTX-~qOWN3BVtfq71n-vb5@@DPouw?Ow2+3cN%I_OcoRbMkj^(Cne>m*AS3=Kwe$fH zmm9qY4NJa4({UXqFKU8E!Ap=Bh6frDtk zTGmEJjz^q3NcTKVe3F8xAqgepcPt_jGR>cAO;P1fnv4M<5@zjj3EE0PxU?w)3A9|f z1c6KboS+*aeph z>@2G^1`=nvyZ|7f1ua{&38M6UVa(itQE3*XL|O7UmPUFLOFdU2=}^<9#XDnwm>Bb= zBY<`wmG%VWhSB|$Qp^gy>=x-0sEq?;y(DWC8I(Q?B7w;cK`KNnF=qIlT6 zi@xG0X5a6&-t5-qll<22Ed{DlwlG??1OrPeGb?(R0`D>&K8lY@T12B!Q6^pk!ui)UpN1bYE$PNVEW681d^lRF zzWtkBBy(jxce@w7?mtkHi+C zJUy$;cGCh)CjUbeT%`kzQ$+-%qPs-=ha*_ISvAb{JYDLyt0<|-W`f#mScuLnq%kXx z)^0sUN|SXDA##b3$}iGsMmisglqTI4{C?<+2rFxi4TCng({?iUFp_Xj*&ZTghEeIY zWxNVoXxJ(!80l6h?7@H}QnS&;rP!1JtGr_bVnKHiro<2;t^DNpNZTZ#tpxK6E%}_i z%rBY?Bk~m+UN;Y`DQT0k)m_LdlKLjnT~s7*NjDgqM9$4GEV4P>lYWtGP~1tL$x2U^ zx>t0B;_UMSfwhmRwtbD6=ojS0i&5gg0+QZVrTezt?DrO#k^{dj6!?Y#e0*=4!zO20 zG%~mV%wO7Xt0iBY$|y~6C}NAGIi?(L?UAe@H<}C!(=d!x08$yHBo?D&s3HHNYfs1zkYXf^})Q+o+Ee~2b{DPj*6b1}$kD-?>Gt4UfL+lzrgJSHMk zsY6@4+2YLr-T9HyD>TrfIl0}dcNQfafM*lZ1XwLSWJ`kLTqc$zm5W6B;Yl($HkgbK zS&doA2IXTBUZr<%Du`${s;Z;{=kdKFU4TWbvGxza2RzGIUu3Ijg&A2F=~rwW8J(%N zQROlN7QcRGOmWyVOg0up zC|4?i%C|72D-%}qOPG;5;DwioAOg!2<|%AZvg)<4SFE6y^-U{~L1t?(TMVRHoxl>lD@0H%6srV)sDI%k89uq zMW~1(9mv67BW0Safk)H%P*+IGs4AHh{&kxnVi?*|NnO4skR&3J8LD+FLo7q#*brii zV8NfzN3bt}u4We*62;$7+-C9H>NQq*7@eTGRpQ>8q5PcNnmwYDkV=c7vhEOlqBv9H zM=3t^`1ZDl85^^F&zwIcx~`X%&TfQs1TJd&8Y*cY3dBR?Wbrs)K+>##Gj91;8^Ft< z&_B#>TG$7lK(o2OCeqU^!7aUR(`^zLKR%9I9n&pMB>AO3FbdpdfL{dl5`oPyh->Ze z1+Sccy=wfTdM5Hd!xIxZQG94>j#iF5o0-o4)8cUn7hB9L_C?jSEXceT`?%J8uQPGI zJ!!$HX-3*mmS}L!s=BR{5DPyn*aC9>mKl#SWra8~$ty0J|C#sAE3Q)~E}Gs~J~XU! z&V2P9i+b86NTAWY<{|pRU%%FhTckFUjF}vwSgcHw`Ey1B6IsT>e)&)Q*$U%kPbnZM z&dN)$L-vE-S(_9~^p=?3C4S4276g(2IxWAXFQKi*D(bK3!D2xd(2@6*sDh9nL^ev@HPOi9cXnm)yyDI5!GHve2YH#Ik0S2 zEcr@O;17rbUpK(V&sh9uC32tn_>oBZ1^LuMkTX|GSnyeM7WMl0YCbiZ#vG+G?{A=yHm7#PN`k}7uwl?_9TVWFk_iV|fih0J;>8?`EZTOY(}YsN6^ zE3tVRxnch6I*YX!#yV?P2o%rS2nx)Ke3mW5d^%%gF$R;^_>C+Ch{plmx?XN92yZam zpopl6GdL@Lml*J>rmiizbp}y$mJ%Mi5Ed%*1t(nY|z2<;f;t^O3{TG4V4EHiVlu7)L&s$3@? z6}e8HptrW@l5qcP9kB)9kB>A?#>Je_n;^vvE}gR`*II{bE#2)KNb*j9uoU>Z0si(9 zHjY4ZZX3g6<@&evk?}iU>$W!l?3*3Te4Y?f1Y>tHSf2P=7;+323LaZIPVw%bDliP%OB;gqe4@qy~S737ovWM)Q8-$zVo!9iATN<~PQo zZ~SDhJ-|c_CVrJc=!8XFNME1N_AHW`FD|$TG#g=&0Dm`$YNE8}Z`$h%83`tO1@VNd zt$k(fq3Z*@2nPnG%pENKdjU24S|kyGn=MYw2lxed@uIf&A|d0BuGb9#-q0>#J|-w( z{sa>}FNOoCc#!x?0{k6a%jC^}-zo5W0r1yHce4bG(lmd+S8G9lSA3p5uemI6f!Jcb zmBvKNcctWtEIu;)M73G@P@HeG~&cVC6R9Tc+h=4Jy_RZw&C3N6BD)Z1HBB=odq} zYiTrhom7hy$F48B-pX<$zw@o3!0!>j-*8Rt`T@P+h;IJ{*J4gH(7b?hyCCZ{*UkJh zYpk(v%+uiKsZh6nii^7A4e2oZE(s2J0}L|&G3RmCjj#E6?7Q&+SfpBb^Cb?`Tpr(64!Wz^ZZQCV)Aqf^_^iHFluu4JNr5BWx1FkfcD80=J(6cOb+w z3GlannUZ%*QsB-~;PwOj;$!<49gu!!NszpIk^)Hz+?WDMAN-AJl)NHIfg}YMO@Xgw zqF?l5k{2c^kfgv3DUbyC8) zjySG8{=rZFrlW1XE{go#4D{63$!2=t~Kr3KKj_O<{#UI z=XJ*haECT<^0r9|e0>zSy8wSvoaB~?avct^7>0hW=gw((vEXI59Sm-P2)71xw`}cL zaLV(;L1))ylrP;ftroM0i@*5|@3xo;8tUEbLl=L&x&M5sUVnQmYA4JwcHPjV7w>g@ z!z*uc?=A|sZ-7zp&kizp> z0vb1j?RX>IYt^;6V`N`I##vaZy5WJlDPinZ8U7um!>tY~`Mqx$1@0oiFTnP1M(J5V zhlw}ZoDCKUj5Pti<{(hwI$uYApev<*YAK+0>r&IKlAndx@-3X~1pRgqYMmLB#b9q4 z;LW@ezHZ1F=i3%eM|F4(!Xr!8lB;c)>H*5=bim%N>p{yYiUKZIll64 znaE;a^RG0sHiC;8&CE5{jT3=KXRTMwU$EG%67OS_?1UF@utf1oWz7_pl;S9b2EfcB z>W_Y6zLIzwA-#SOpT2x8@xD40o@NA-gk>>LoFio{o`yG~^^G9Vki^V0abQY;_(Y8u z6qlvg6~-hU)}=D5zzt+_(+b-*A(u17rZ%i+{TAS` zM*HPuet`xeZ-^CP&Jc{!X3VXLFNcDQ^`;_v!Z3{>Bp=3?)w(iv7bE(ZzY^ysmIVDf zenTOwNxw#BZF@?l<~#vvW+&XnGqu32WZdjm1W%c#NPULnh^L4hjNeEy{Hp6`SGkb?BgOI) zwcA2EM`&UIKBW7BeIy&kW^*U33&d26H;=UFX#u?2Xw2q~zsyBu>5X)yt2Rg2U64HU zPw$3AOdDp)C2n`K%K%;|510bC0PxCuEVdn| zOq`9VcBL%c(yI*jM*()gzTrL=+ck`1ApJ12CI~(z`wY) z0S4>Q%HIu=@Em=peyqQvHgXr?v?&hPbkuM?(U~mhL1*Xp8F!~JO&zRg#=`Yf=Mi&( z2pGz7W{leUO>5NZD7ToWGIZn+TnGGOR5&v`ot_8*+**cVtj{9S2r65)ZkbKoMb1~b z-i%hLEnhK)UNZ-k75FZ5l>e&1!oZx~+_I4vRyiX^SOP%I-fa-lx<+TM|C=q4F;1m{ zNM$oyK?W<6(6Ly?bn|E~7P(AeM>Ya0EYnmCUX}*LM=KR$jC_(v*M$44`fg2k=9<{! zb*0RGjTeK52(1*Kj3Gju)-jMZa+6pS%q#9(NO)p=YBTU+#t&6yJRC8TRop6ImR{E+ zPB;}k#ebv+M8qy;t9Tq=4K4@Z8DeDGCXyurD?n|tIigssc%}pMl;19U35qdAgdsF| zBZ0BvMuSHzVE#fzzG$|Z0cvY!$7M2eB4nTu-EO@2h06utWyxe0K_0X1g+SJxkm2iA zPsH4Xh&Hn`lD{P>kfgxfrNE5Y$c48v?y!7yyw7|8|WMD?~i#o#DxIMGTBpEO`0s4xwK6VS%8DfnPvnbFjZEW&dw zfWzc&6i&VvO0j#em%~R<$kEVMln_I{psiix3BA&2y_O|kn4UaREcY^YOGh)0(y6Hl zAO_ws#SBZmVXeya#VBBYGm|$usL|7vl=_K^2P#z<;^+skdX+U~`mkLEcoT16SglY2 zc_C_ZI3nS&@MQs1MOm9I5{dAR@_FcFL0SwfW$=Q9F`>n*lQQ=>6=Zk@C3IC2jS1$@ z1O(K<>5q(oJDb6Xf~kuR>_o#6r_Chr*hQi8{%L$jL=ipS?>K8#C&(a5w@p->Iu{HUu) zsT4;;b3}{<%PwoDexLYGF+0cF{OY)nF>sSWWI7C_>qk7+6`hVa9IRuAf7t^{BNd2& zd9j8tD6VG=VbRxR#*RpeGs13Qf62^bXX{2X$3$g5v&`~QB+5AzVT-Sd#LTS1VV>m_ z`XOKFsZ=7#JZyFZi<|V>-(BvOd|HwMe{d8?6sXPQ5+HZpY;OechVAIThOfo`QeF%@ zP?n{*;xKRzlX0jW+0xeyyW~oF(?Fng55u$#50?AK*{*0tqS1y?Qs640UBP|;45L{H zS_p%k7G(t$2-7A1sxl;sykaj5bvEk}9wuB>e$KU(FieL6 zA@5kT6*g*^AgomWhzS2?wuUXowP%?Hh6-bVSN%pfuOY=e&v+b<_2x!?nu!(@QXA46 z?2)mE)dG!75gH0O?drQXa?xU_2C6caT)WvjAH$~G_XSC{z z){iAFnBglW4ME~aZ_&`~c;mxRSwt)YLaUjuOVwm$3@U5LlTnnAx_{Xw~I+h#WgmbLxUz`6Xtrv2==dRKL{dWo2q2Xd}97@orFlY z2msSICwe)*i&(72c=kT~99cH%6b)Wn^0Hsd38yEKv3WY7*h9>i(TOCkSyeZ~L51CiQ=myK{N5T}+`}FlucevC z=wz%Hu{UF|Vg{hNYT=sbS&Eqg^P(^E5^ie{%iuEeaX3-mMGBBlrz4RtG=hJYJDJtgnObklMvIxn1<`pwMkUz;;Gm9Q z>2B>fk!a$3(`cV6o?3G^QblZsTc^OHjJ3C{H)B`n`Y?3F6xjvXC`4w}VTgrAf00SV z_p=d7M1oW}SN9P1C$w{Gqw4y}w`4j3; z0c#36I3u?iF-B)F66hi;^qFp=23tj(Q3o!DVC zM>6&^=YrS+Z+y*yUrfH4q(G7ai>1IKG_MQ%V@aocSk(fsAfTmes0SFvhWV3skM z+wHjOEv79BXG&O9Kc*wVsADz|YeK>e?uiVcdX+xbve_DTov1>Y>BQcV#~HXX+Por> zUZCOsdab3cGfpfesGhvSN@N9I(cqz{YG1LS0iBMe4fD2;K!zA|tE<*-Lk#!v?Jhc4l|uB9XoUuWtk?w;^rbFx^E@FC55i4iLb}Y$ ziWD>2JTJ9BqmNq9Zq!RfeO|^O1mGF$R|^U<3380FIk4H#K}|%0Mp>#7udWhi`_}c7UAw}cPJ^6sfbQoiN??GK_MN|gKRw~u89y^-s$GST^^JVXbl6=r2moS+B$$KSRew zTr=-Z$v2V|__kAEk>|@I({%w}ZLGr4fHe{4#Re=2nqh{5F+rmepihVb>2QPvB1PVJ zVj@9pqK*+p0B;o8DBn`Bm~2!G zp$cZGxgo>_iD1G28X>3~fN+`MH3tflaq3FsH_9g_dbvuF(zq2OD!VAN7Je@{BPA7KPa472ZxPzf!C>-{By$+WhZmhbsV2?tcOhpXrd|9}++!HDpXot8C zL>-|u)59~WC@DcvcH9bKB_AhlPiO)nmHCC5sK_7jvgaF1Oox5E#h+Nlf!{&4vq*d(8DQri%Sd= zQ72mwnZfBoLUn~xoQwdR#)P6GE)NLXB0)F1Nl;xpSPI|fAhT0KP(u9`_zZ|IF>57m zd_y>$zVVi*46dh{BW42g*aR{bm2lk-nfU>*e)dA_XgIsV5rhMgB~fM zt7zdiM<@g{38;w}z5^2uf~BHON=CV+8DYB&OCGR7J!-VZk%>W=fkwhSTtAg@0a+o* zoHt6RxUbbW>I$LryGpn`h_f_}RbTc}JzB^yhN6Z`@B)C|v4O^lex z7XpXE;zELE8nkS)`$G|KK0Xy392x8E=?(Z1W$b}~9}g}3aBOmtK?cLYiKz*vM_6Vk z5|q1JrrIcoq8?fiM}Wd0@SkG$2Z896y2hr9)t7sE`@-Q!dTJW84+H~>CvI4Ch@a@R zKNKDD`J380CxcPG+tJf!68QlJV>-_y{N<;0XHy z0!K(;>$81HhlK?61mn%U+|fTY89=RaJKB1N_8&PvKItnc%)_uR@~v{UfyF2t~u5)HL3)v2d~z#5Iia?{s*O zYo>fY7(6?KO~8L){F1Qf0e`}gsVTn8z-%sO&}I+Y9sW>A>lxTFW&k<}2e?-JL4QCX z)iypphJYYaoy!^J26mf29G*h_u)71{6r?4U|HM(_53q$*jSw}6=Y|H3$ zKqN|pAq?a4=A_RjTO4r&kGMqrlbFEH(+#GP8j`iIEwhf{*_<~vCfE9 z48@);pt&q!=RhKmAMxLa9Lb&>n+TpfQ`_2w=sQ+(wRzg%%FfFl9-FMIZ=RTx>1*T$ zb`hrI659r%jcnW*qr7q&%VQJ!ZEA>qoS=rgy=@Y)GQ)kcB*4Ke;-i&OU(^cQpeCphVabI9$ zd@3U|v$UeZ;dTe%mnn8YFc3gtB?rfgi4)BXxW!@V1Qa8-OVzd2moBHKrRC=3!D@j< z!B@dn)DfG*mF9GNu@M8Gq8p-fqfolNF1MQ-!uJ7xo69v34vGXJi9Hhg<#M=PF1ILY z4p+~>$bl~o^$ZRclvVbQj2%B$o0gHfZv6_63rl9y!DYxC*pnS1j=&#F>Q#R|g{I7neFcsZ*g)klDH24sUu-KXT7#S!royMMW?I zT!nq%&}1;^^m?EYnkMu11p$;0#&gCeepFx&2`Lb^yHZ_Vk3WP`6>z7yyZc9uo;V41 zZQ8hb+qP{LWo2HEE7b!+r9vF6xS$;}!emgQ0|v(Y^{pN5^sK2+WNc!htfC@6KWEAx zz!IFAnuUkw8Y^4fiwXEkX^3b{ z*2HrFLd>zbrR~_s(|})5Sw($QYioPghE4Yrl@=qYaC`1H<)8BDS|eVF)CES0Q^+mD zKrWGaiM?I_MdKCoyAaLkQKtkhAeVf>=|*J+u(?Sv>}YK5XzA!JDk(20%C(IAw&@^- zoM;%a*yTYq2J$^A4sY1z_C;-&AjHKUk!vvIi{l07f;Y3dYw*~)EB4gX^;@>&pgBBOdgDVc*5eHG_l0S-Dx>^i(h(n1;2&(NHf& zCxT;BkelL7cR@SNgCVi<-&iY-_2enSDg>=Ij~v03)s z!I4wv&re0d#Y?KjL(%50zM_(%($bP}aB6IP5?^Z6?!>YkMV$&wPaukfc>|@^9SEW4 z2quCE5hsuKz!rxmCc$i&EP7^ML19*I0p@Y^_%R59hm6u8Oq7dF0U+y?fa2t zF!PJiA_APC(PHv;dOYxXs4PmUM(YEgzQFXzL||yl4-&i6Qh}VSO|6hLH@|4(rY)t# zg{Wd7{}lg%%9uKaCxaL!@Hb$-uzBobQz=&)TU}|H-t?@o@rkms@}ip3LmB`!h}P@yu-KEn zKzC0sVwTI3s*WC$+KmiGxI?6|rLDH18Hoqn>h2#Jne;DRu?lMw7JI}aL=LydJrxY1 zFi-gXLn9+j+%{>cPF`kK4t6QLKTd2@3f*Gr7gITQZ~J5*Iy4m=@&(7)91b*nJBP%}(uN~$ zw`VLkef)e)O;cwiBw z>h%r##wMmJmQ-cuct=Jj1_p+CGc_Z(sC+3N!nTe+FtV_;3RK2i-#g@UYhGx{3 z?A$CkW=mV!sSB6RR@XGNb)v1hy*Yu1qoJkk?70hFJw0RNknoiAhWv6uvjyHGqfMi#$Hj$}YkX<}H7CL{q@$kuuO)b5_kS#Mk zD=$0W>qch<)WZJYWLtOFx$4WU7$5`T?xC^Hfg!gib#!#B`tqfkt4(A6XhB)I-Ro}c z89RHS?%)G6u%NC(c%%I(M;YvkC?Cc*ob*c8q znF|-{o7)FRfMicvw$C4JZRxA4Yrb07dQ`j(!fC(qY4cU);`NpX1)UK=~Q>Ra1wuC&z5Y{uE$JKWUT zm70|oh&nsEhrc*-yt=lbp}DK2t;gobV7hpzi1cgg?7VdOQb%V8o|o*L%(OIQDeW@x^%Vm`1v|EHa;Upm6erE0phDoP1s{H zvhq^w-uCVRgb9Z?qjzND`1#9+&R#lS-!?Rrl97|=blck72QbxOAQ>DV$Suq&Da+3< z%3HB|X+cR*cXv0YJSD;OAMDB9SEb3d!)RPlWQeeg_ev7oYb$~Z! z1VwlgKP(Apc63Wj$M70&TKeG7FviT(%p4S>w5)uPzJF+#ztLzryZbu2yKsCCkB(0I z{C$1>Qi03q1gM(ZI{Symu?-FkjRiuH^sF4*>zAr84Gj&!ZLt^^7ZvB_h#WM^J73(Gh%&X}N7Zy+@CqZ0+d8*qE1733 zGCXedEuSQ{+aq2512|y2M@KzbInypr&(JXD@zLSofxh1EzTuw1iL~63pgsM}#ishE z&f#%Cstn=<5=nMWc512@o{agowX1*s7sm*8gKv7%(|uFE%QZD<#^aOzOP8-Q<)P8Z zp8nx!yJymD@cqc(uO4HxL}5+bp&U1P=60G{TDVa^JY`)bSH-t*t(vZ(tZIIT;Bq&quLG*kMfnSz9Cm?W?E+MrJCjwr_Z-{ zbdFC=wRd%O^mL--X! zAz%aJ;~j&815;CFWyM)(9yjsd;V9;TuKtns?xC*U@qv-x!0^;W08c_wtCFo<-tcXV|2q-SR5=M_lAqlRg+>*^buo7%gu zfjiQ(FwC^Hw&HJ^n4IYA>*?(3zmNURsTNPi!0_0> z$QbU2th@p??WNi}_I6=OA;yf_x)vPmsTui06M?fAYtCN0I6O8%fZG4Ry*Gc7>&oss zbKkS7vUXGzP}p~nY;K^MY_(c$x7xPk(BhEC{=pOBiSaL^2+1Cg75>2!{wo~e`9YqU zP>dC$b<|R8>6P7NlOREY*taU|weMBAuk$(QyqA@=07w);5@^082vlXhci+9|-n`$l ze9yUe?@z(~;Lp{YW2}5Ql}k&DOG^t&OG{my>F!L5ZoxRgGG16NpuyaoTU*GM@fIwt zEE6R_O~TJ5+*W^JYH{tx-RYGg&Vm?GaH0$OJgk7+)hk!V$8Rkyt&)0@Om)x9FW`12$A3TsqB;bG4Dn&f@P#rvg z-{H3G-R4PPg9LW09)Bu;7j_-KS5l3Ho=%)Q5Gpl-^Gl1%E6aEb?@mqzqOnA0_nmu_ zo!x!74RL~Idi(LbU%z$}rqziTUwHZT*ZO+<$F5(;KY8TH(c#^D0HI`8PdJudSjj^U z+BG!P)8E5BNLc?D-hA_=uY9F9lMx?%y`D^_Vx2wyWOuxGB-%BwTK3JYtzm%XiY4~# zk+3z{vdU;<=A6VVUeZ{!*rQ;K75*#f8Pb-mZax43si44kH14zY|Lf-Ft?9 z;p^Y%8`^zuY932ZqvVw2&}?huN8#vmbqo2Jq6W zZ@l#K>+w_?>$6mofJqQ0 z(wTmY*LxGQs29F)Vs<$fNMsoA{L1Rl6GvZs`L&_p{Zli{d!8Wp*sc4xyubR^na$n0rR|?iw1##{=&n8BHd;dc*0SK-WOHb1+v6trm&9ry>A9L{Bui{NV*IE^W5yx{zC^(zxl?A7hlG+ zJu$TqO?1u7EwlJepFaKS%demmPE1TMFR$zx9O&vu<3|oOs_9g+D9Hw)ldu26iPK-r z<#Uq{?jAjI=#A5_9XWCcm33)(nYDW7-UH0)S6_SW_{pQmMDpUrt9TC%zwpY*m%b8B zq;S>DFRu{SfLYShKiJ#f0~>B)dgb=r=}5eLdLGqh=H!c~PQUrp;nCftviK?@n8*tY zncm)4Uw!4^!F}P7e_?Ju)78=6-!1%kqCMe6s-q{8=&40J)4c;UW-%=}cl4 z*NL46qG{xouSbrYJc+~z@1t*aBs*4?79g0s^wO&@ocao}_Y0S<%`a#BM@IQW3<#Ys z$h4OnOi9ocON*E=*mTU@xq<4@#(vhq&oR4MXr45 z#GxYxdy*;N)WXcQ+hf;m-n@9>;`rDttkwCMscJDF3Dl#3YOq#{HGCO%&yKD=nZbR7 zLrL6`CEs9X;N+qG$M$yb?#~1p@Px}NEAuz5T{(yU{rdHb*DqhWdG*eNJK4fAjJkNF z9&VHx#kH<@_$w!m96P+fmjG)=M^{%Sk%+@(&gNF`-M_QEvV@7VXKz1bf~ncL56--| zv^e*|3&)Qh9qQ~zMndsYzA`sC7xBjq?mxoai+W5 zLb;fa!Sf3-?qYUnab|j|E7N)M#S_5>V9E zuxB()bfZ*{P)=3Il&reI%2NLJ?fX}*Ub%eX(&Fsm^aJL00gJq=E4^p;;GU7LJ$pL$ z?cYo6d2VhI!q>>)uDyF<8pQVP+uhgOQ_AOw$6#01sw5{C60vxONK!1()!Eh873+)! zMtVArj}9K$GkEgQo_(WxNI-z*7VGF992q@$aR10)Z!}oVtxWIgOTF^K;ll@ejvn0` zjRfcC=I9-H9KuFqNJcF_|TF42M%=)4h=?AP&5eMucqR@!+Uof z-rIfjz~F(=(J)jNNbHh{A_?^97K^JZmu_7B=#z7woWF4GI>Cqg^Ye>P4+*|V7Du(* znFx;#W%|;gzK-DG{jrh3bU0XwC(tt+9Ubv~dxwTcQnF~5=kAPOzjgi6?HlKBUO6{; zZ@gZ}^>=g}fZbUx-MxPgXItOkAUewI%8FEP2uJ*p5I%$3cW-_4!P)a?Ke>1F*3$e6 zNfot5G!RN+%Ck`ECtQZRx9^Ilq85N(M|lHw{UanAsX{|e4@FL-{!GIcg9;R4BVM{cF+mVI zh{G`++r4MFQZCHTO_Pi>(A~k_)Rm0%q+;EPP%7w4M?)DLe5tOfnT4Nya4uUcLpvYc zzkm1My`7nE-14N`NGa?J6yka+=8J{=(U315i>$1zoIQJXW@a{>PVC(`di>b&{@y;$ z)rx|Jo$*+p8r4KxC|S{T?C^;r`}Xf19_jzuFMjpg|M*+`_m67sGO6YzcKc)`A_T2m zDGpVtP>D1mz3B|Vp9=WmzG}?h=*^^Hqxbjq96f$?-@$!*5AA*9t<&H9_BZzI83+a{ zF&OUkN{kG*NNBJx6Qd5dq>YgYU7!QUk01N>-~9C>$BtaNeCY>&|NToBZsc-#Vhu^K zI0!X52fMJVEA+Q*Lamxg14)q6eFOza zJSJ5TGqhetQ>i5)LLHP^C-piS71?R$(Rr?3rQ+-Eeftg_IkIbH2(BT(R>-a3C=Z~r zkcmJ^zeu>ZuQ#1e!wyR%Qt%QaH7XFuWV+#oPdu20ht)r@3ok9^IqbQv?hKskLT40Ar28P=ugBXlLKidVhOBKJngYaG#QUWN<&GCMT11D^>d3@W38*3P2YiXJFF|Ku^GQ-7 zR=6{m?16>*K4VWKOU^dd?l2ic+eLOl)`~h zG+d8_d_9>?2CJ?B<}@}kJn+(s$A$*F4(%KIjbHuNo3Fhzm|;Bed~Oxq0$j-cK|)1^ z*~JAiBRaafSJrapKK=+kM}JS(;eDfr_wDC$Nq`K;^Ldg~kaHX&K72^Xhigk*)_da6 z!M=`kG}wrT{3+DO2&pOS7C@W3ns=Ee0Z#&-rvx?w{KjXi9nXdofXFPVW|ZI{6FL#| zb$4M!M#sm-<`);)@}qH~N=-btGc$RQvM51P*s6JW?$t8pRH>Y=my1~vouN(NdocH4 zdTwB3^NCxm)A-A@$IF~Ds%p>*BN$i=Mo12=Mi6@g^|D~^f z;~TFYI=G+RR)8l^iwA1S5LPu+(94~j(cb>f-huSXuO0r{*I)X@Uw-}Yi9;A6YlSQs z)licGw57G|Dx~h!mHcWxj`uT`4%cd#s4r4!gew(@Ls4?=s})#r$Byhdc4Xwm7Z1Jl z*2{0ada}PKN%b*8#34$M5>qARtX!eU3&j0ODK9xzr6PEI;J|^?Z@hl^@DYshvFms4 z-oyjUsDF3!&_ z%;j>`LOx5a7jU{>E&%Yg(i+bqok8otHVPFVw0!*KOKZ8;-~7e5e)*RV9y^}t?TN*r z=t*IJ9jaCbI!L8dgVtWJ&CTLvULg&8WqECFWhD^}4)tde;pjY-UuI^im3*ct`%2i8-;9ywNP4FU7VrZKs%p!#ko0r06ysb4LI#S zsovwqJf)~Y?)J^AON$FMK=gcVWm&Q|i^Y;A@#k~CWlBM;EVCwJ={V56vbMC0_n*^? zBx~N!dRWV@Q0Fm7T{$79`fw)UC8sb09ClEiQg={O8EP~de&fv-zWMDpkDfdbiG@n2 zArv%#n@7qYDJ0ByAzLYA!;LcHi~2$OYM_)4*DL6_w8p?iA)!oO*f%`X^Gk2N{%ha< zrB_cK=3AhKFW(71snkCm`|W>94-_;>+C~9hFi6IY8k@59X__Wq;bYJU-8D z&3l$70Z#%Vfky+pQF}8tzjyia*!1iy`B~TtY_sXE3>8f-T)d2f zoDe&hLD7;J@CcW!RJk!eb@|FPEM-c?!3e__K6 zIe%&V_Wdj{7>xNt3F_$hg7HYav!i=pHCH|Z5Bus3Qng7Wmvd>TkY1sFxpuU#!1a0vrjVkNsgyhjKrMzwSH}U{Oxz% zIe+0Isps8&ecgTii4+E5bl2{oQ!l?1jKw}acj5fSD>uh)QT+yrVJJpCw7;Vp!ghol zC5X#G_+4F@T)F!G*$aRBy`Q}M-Uo0P4<0_6>PTZF1DzV9=1R0DAH@VnSU@t^&!l!= zzj+Jp-aI5b3XIh%Va#3p^KwL5t-H7T=&6&W@4x--`#<^FxwD^~=W%-vl5piOl(Gv; zbLDy|ok?c;5{Zu3c;(RgV5_RXK2`RLs<7eBdljoN=B`}TJaKmno1Yott_SJJgRGq4TGfIolX#^m&Z zSn^WONa_L82QnZf&P3iF1s3r^;Gs@+4GfMz7d`v&`L}uAg-cLIjvhaC=*aQj{=w@v z#((_w&)$3gV{#C{;*Lz`uHB=M;66Hk<@-PW@XSXSm$T(?Jf%hQg0S-_^q@Gn?s!&)GROJ3-q2 z=$_&3?oON=b4!aiZr!_d?bh9?`-N(r(`bEELkQH-;we}}-9b7};2vfmUopx~@Dx-O zXs4uxYPR3jTwZTi^(5d);2Dy@_N8j=cnR~_YvpYS-60Gtc+O;vNxp74#x9dB7IyC& z-MeoD1A=e-yN4oCOt3(ncU5%zvg_?hExp?{7y|G&pl1h|G?LV-m zCzC=e7#`Y1wH?q1PLnT?SXf!TdgD4Y>6zJSe5nJy@PsmCc*7D1hGM};x=;-)tQ2OK zvTKD(yemT#vyV)=Aa!0NbIU9JLxV?;k3fhcZH`iIi*xgf)6>*D?dX6Z-U%BSZ6yzw z2P6H%!<{{8;EFszz+!NCBws9ECrRq|-NmKV&P>nYV@HVxgR_~Q#K@i=bQlt_*c#dQ zuUxr4H@iss5nQwV2lsYo@C67IldT0Oi?lVUTet5{t*ow|JazKLmtKq~eXFa*<>h6_ ziR2bYQIim4da1NSiBnSJKD>B^Y6KY0xI%h*GX20C&gW!;>NRknB(A(?fXs#Q@jIwf z)C@Rs?C8-G2dRKZv-r{}25{u~L5y+`n2K^_?e8AVkY+~x*Ih&XXk#7e^zM;i@Sxs^ z6skVbRTNjPrO)fK%T#OfBxp}2YHeq zBhlSM149Gd@d&o&U?!6Wr1B&wghIP_4GeUri`gRCXo*axKawVk;nv-0i1K6*q%uU@ z_mS^#>Cz?a`-P>2*}293!NJ!~zlu^fcJuC)OP6M5XGjPnCIZp#<(FUS>Wbh@r(6(G z3{Ety1rm$J`pn|$DmilH(okRD;e&hA=?+MUE3grLp>%gYDnxI0h5&pjMr?=@Lg{QJ zaP`)`$*F0;{}7>@MjKWJc^A9fn8{C$(OR z3Ir+vKNR``v82Jlbax6OC+TxNy}k4{)7>*L*pIOJIwn#*IQ;KFn7niQ{@nZmOOZ6T z!Cixt5?)?iCQtIEbo`bR3urVSeBKQK?%Q@TEIb zxFrS#yF0s*E7`T%w{KDrxTm{AN64p+Ex5jnxj zPs$TPP}p~P;3)%!{}zrO1#ni`S*E5}a)r*G-UK#ijbbO^6m{xCz7^_>%uK}tzR}?U z4!0;*i}8-+YT18xrZ7DRc|Y1a&_f9|qOCBYs>Rj5ObXv@AyVx2H2Mg;mtyNys;{R;b;ZS60Sp!vRxs7NFyRNg5nQ!| z0a>TO53UTz^WjK*b*)6s6il>K64NV5(iBB(^Vt=uoFs`$H)?FVGjrK&ji+Q?MOgN zBqO=C+|1+x6=}MAG88&ZCaE=xZHM z_3y%SosRlaK|%{_-5m+K3Fc8&XueSHiH4Hmd@oZ>5KWEp3Da|HD_KlvhLsAzMF<4O zZj52kQ>7I~IvN{8KzGdLR^R{GncPZobl*r{Z-z)wcW0`%D;=mw3Q1#3Ekbr#01{uFV2wAJ}F{Pn?VIE9ajpwCbjR~Hd6ReNvGEngnL6NL{Ejdk~; z0Wjk+n#gDKs1qc2P{Dx7@9Xb@2C%eRm|r0svNks}d+WyaJ-c_k`tpe|PMK&pfp3eW zXet#V2pvhdeh}33I3^10R|0d{+O1j2`PBOdcTwRm5v+B`0%-^zzN(*-0r1?^gNr#| zBOD|-F`Hd07mBGwqEaYwa!_YFEyvPOSHBU?=JSh-OSs?B9*7ad!@*s<`p_HEHZc2p z`g#cMQ*38)W&+JGj$#svFD&Nf7x^0J66uZzf5^#9rASNV%MMF)HMiQCilh@Ea$8uR z{h1V;gedw%D3DhDb?Qzl2)#APO)$%r-^FHoGH`B>rRU z2;%vWz(J`{lXau&%Lvg5gS)YMw<(u?s6p%8pApSTtPeq6dzLxopG0Q%atMp&mlG8 z7H{A#4n|NIx+t4Q%%G6Z!FLlt)|1GJg`5@Vmt)E({7%{ZP^7?7CDc_Fw`rB4w@es` z4N^0|R-*!KjVI(*;kYHDNrs_C>}6y7*dks67D(P)B)6>{16nQ5XMWJzc)MIZ(p40NK-c_3Dc_mDKk#FbF* zz|KaQ*_BEzkOLsAA!k4Fo07j$f*FVFo-%*T4SWRV5v7n4zmU!e>_50SL5Lgj{O;W& zs3~%cx}+F9n3A_vK#svd^~~4NEFgnIo+~y=tD!no zgDJ@xq5@(l(N*yyy()Y`hzIq;D(D!GC6)*Ug<|ALKhWb#os7PBY=fz&<%sSXBk}rYkEC>9sfPA@2L~nOt48YOa3u?SqE^aR$z@Dus=gR354bQw;OArnIkHC20%nC)sw^|YCaF|f zf-+Q?lXr#qiF_cg!lM*fa~O|IH`0+h@+fn9q!EP3IHUv!l7teVqT2C#yvvlYtSr@P zMOclzh|)BwRFTXlBH>fV4!`!5m-@TAQK9spIs8u^tUps*y4M*`0_zfZNG*ChT2oK! z#(0;rW;ilLNN-SutJBjnQ!_-S^90vnsIxJ^_`%F#YZ1ni*!x<&9rq_RF*sOkEOJmO z)kWo47!G%#?l|o3N+A!HLkg2ba3Kwq*u03*Ln3Cc!AecUrAE3O{h|kSNP$;sxvPN) z=3psu2q;C+FiF^wIHao#uCuRED;2=Np$u=C%}P@HFxUuNMmU;9C~DM*)nqQ5^LVo{ z$8l*w$dYq1rH*=~QDLivAyxI)OLUyw94I9cjLE_#DFmZpp6dK^k`0G*lZuC6lTs<&z=UxG4kyC`RCFfNzr-t&wp+PdI>854(}0 z?Z|4@gCO#6p~j3pg(cFlI&|z%sKeLgt+xpwA&?(SD#ighBPF9G*nl0!Qx35sVc` zuyh!i0QeM#K#~%FZ`4pL;o9)kK%b-xFZu(a5aD9WiKSSg0DXXW;Bd<@t7XMDL|vglJLgx_8adThQn>Zp zdFd<2B8SWQ)t!(?h!O^x%W0>A?tr>j@P0pz1k@z@1F?~L!gM7xAVr;2&icdXM0=vTu#Qo3wUI6k z2|;I2oDf5jN`AvKdG};CCgNftA|}*=Fpcq^l7ric zzF>GGQ?el9^%`Cf1_&)t$c>z#EN21Bmq@;i^*YD$Flu5*xWZHsw{zU(ly)hR5BmG% zgkm6GzK#9{i5^;Yj-^$^RltBr2;gFtuABs~WI5J|9LpqXI%oZH04}OI-(S|UNJg>^ z$pb9rlc6BBgXD-=x}_&NdItQnw4Zx@@g%T80*?cD1p}>e!;Y)xfso6rC(`g2Kgb#0 zE?C(~HKrNpx!#&Zua6U>S&kc(v%@u&TP~3!sP!N-IelJmRjAg00S8)$ixr15 z`ygIS<&aZi#777agkX~c!nGT8O#aAuTv~Teb{_$F!DFtpQ~`Mkr<%}X#-hh%>h32- zJliDA^0#biaxG`sh%=SVA8o+SH{)K$D_V^*5=g+(Gg#%kaKMR+1T;FzjC0)|%t$LUqIVQlQr`XC-t}-1C zhKq)V==5}RIci5lBAS{!NQ_T;**uuooi$-U%b_>!#p>|K=)~6{y)u=LPTH!_L28zo z{>?jbo+yz5ba`P$n7F+mX$0#RbRE+(mf_uM`7_P z$dtgg&H_4{^IUOs(^ccG=>L*kq5=`;IHR`Np(zzLZIVkVsq>=!iAm09vOa}^E*Hy+ zm23h9Oq~(pB1z;T6)0r>^ekJ}KLZmTO60>eIxZTMwdziyy+gD1)f1ux8^)|8Q zMF-~tG)P;JqI5B{DtDx+?>Jvuk&!JAlxz2!EJp!~<|lzCJ^av-u=kHA0Z#(YpadQX z@Gbq7eINJ{M3?k1+dIVK(_^!3QxGK49m2MI+u7ZXo86oYArj8SFjHfZjfR*s`y;VK z>4qI$ts5OaQXGb|&$1_iE3`xmm0U83+ye~wLdEcv5Q1W~=mj{J#o_2+94ITyevk?O zzTlAZ1_fzolmBFoWB&}XSpm3gof42l0xh*wm#5EuwF2H2^iy(@sKrWPu{vpsJ;LOHPpBRV$yp|GF$W&ur zpj$wdD-|Im16td_$kx$u0g8p>KgbhxbShPu4$%X2BIGx9L&$+(qL;M3bWZiKdwZ_5 zsg2nFZ&2b)vJ62Q7g$$wnklnY0a|ItFo)$n8K0;Z{BDTXz;qYWQ0W?S6HgI83yVt( zRtAn2hCB7ZHeF4kO-blO=24UxQzKOQ6EV<$9^2|@DIz5SZE+bX{zx-|M&e(WuA)x} zq)IeK1}6fSi`2oO14L)yP4e5p$S!5rT)F)sVJ!m|J=qx zwdpd?k)@XDlMWu2GER9XY{&b-lYl3IFHQmvA=x>Kzxz$bG?Ch8Y-DOBn60X&r(u9&1_?t;e#J;Nbkfbx zb_8|^Hf{{;GG1i8#cVnDa@n2Pq-A3U_|?UY?IgRc1f<1ZAg~~NFn)J&zsv3^_OELbU!)Y8Y8wLTvia!Fh8NK>)0*atz_i#Pa_qOJd#kg66Hb8)91KL(g=Qv@&2!WX zfCtqqW3g!jk+?>9f$GK=OUSl0wm%)P*||1&(^zDfT%(Q1RkF(qIbD8`-CUg(Sl|M! z)UFf2asX8^SB~a%t!?R$zGqS~?|^}?4qhOEN8_u<3qrT`SW|#snzW5xc4bvm_|=R( zn>C#(nMwH%Y2xV>NRufLewLWYqRIeCAS&Nf8D>iy$Mz>~liCxHzB?`&JTJFI_CWwTRftoaqy#jQkMailvh z+Y)r^a&0}wMsP3Se(W#Gc95>EJ0~zK`;=J(23xiP>3QB(B#UbVSHwmFw-jC^$c?Qm z7%WDYqg&|1H0mw|Ma8%?Jd?L&U(?1RjYGnctw}6FF_5H+85X-^dy3gCe}%T`+8Bki!7jjCs;|G-`fzw)WX8_a^YSx`$|jcHRMoJTlg z(c9%{Jt=FbGlm%~{$rhSQ7Py`+Ar zTLZBOIO&bzAJIXn3Zu8GOdQx&s5Q|U@Y)PI|GOe}!X5f(T_7Sry;L9M=8QPM+AtBR z3RzuL?lso18ql)p#2w<8(W+84O=|JQsN~TJ0zvF=job+6iVCcHl3DX&|7-iAP>P7u z`JwR!K9yf3dgXM(R1^2RBcrw!Y^keoOzhHU{bsPfWKwJisTV-Mu)11osc4MBS#^4g zDQh-PoB6sZ!Opka9>L!>?cU3ifG2^^UjnvEyIZ^S{Efid0`PjZ?(}X?EiP_fblp-k z%By>$28oF;YGhMC*1b;5DcKVAiYBPYr+}i`|IU7Dk7(}EvIV;RQ)CqfvF?NFs|L)~ zd2Fs&`B(u}HyAN0#Euraks7hK{cD$0PjLp|`o!&5ryI1?vPH?oHdNj0)F6_9h?Btr z&2&;~-#PZ5JW6kO#H7zP=(7FSS~KCuJEp$goI1ZBCf;gBf0`K-i%4c1PTd z)Lh!l33FR?08Bb!^S3cl>Hv(k>GVe}Lh-V=s(=$8;AV{#*fuZMn`GQk&@mH|^S1sZ z@fW*6_~$O_s6Hos(UCTV=E%g*MgMjl-ISY+-9FVmG}otw!yRe5!r35mdz>R?bHNyz zna0MmAb2#J;~k5n*hs}+rNfX%n*?S2hS@fo?({igbnb16M{lwLs`hJrH?36Hm93Db z_NFtXFs@B#9L5-~a+&Iswz^CgaWn&`QD;QX+Oxjd#Bf2&0&u^tCKm0EId7UPQhpQ1 zl&v@$fjTwBc_x~%>zQks?`~W2%$A?s2W)xEd&84}CxM+xKyX5K*ybj@v7si2*w@>P z9eJ7I>V8Mpq1{XZH7Ok%Or6YJ4Co1~+-@>>(oIaDXX97hu|Jy6(mTYt>0H>_DR*me zc3}+}>K|)g{N~COG7rD(le(4J#%SGfEEGX3iz+m?8tZLyzq6g%db2Jj^O~AZQ)T4X zVUphDnD}OCIhMWNDcv?NhHZ_~uC-}>a>wp~So3lEyBhx1h`l!Llk&bJQb*u|I%$DFrx@07s_~n2}1^xi9FGw z4>|`M6hIfhTL8~mmaChJpiQ%R#n*2)E4k(6LSzegTew<+KC*0_q(1W{= z{5F8OE>{;YVQ&2zUJ@$xIH5Ut%!0N=z@x!ks3?Wa=e)RiiHaBIh~Qz54nX>5cpII7lVT7#JO>q>`qNfYun zZIv4(=$gqtw1ilB+~T=LIb#@f_E>^;*AtRvDT zDX*k~0bLN>s00s9Ru9c~y@+Ph6mC{@WauqYa+{Osaawo(S>G&les!9f9wiMN z@vB8q9wG=ZIuS$w&_9ygkUSSZaq2|7n)!gb#*QYhDWZPa96!}0cc++qU+6@e>=Q@a1 zakK)wc3p1bc(db(g~W+`5~vzT@h4+Wn?HEqrTJDj2697!gjQ zAl8;6=JkfHV;k^DpI}X|`-f~+M8ccibS6VBc)3Sp)e7*+GvDyC32j+4jxySB zOL;x{(XMY|uREGei_cNtOntD4(+P2B*6D|Yz?)wBEuB*VZxF3}n|$I-sWV!4VVIZR zQJ2k$Ae~UDs|KT-Qb&X2Bh7+zHB%LJb5-k?PkP|2PX*%jc$!?i5pi`n$Rk?RG5un; z0DRMx;XKE*c%8}(GIg9o&T`=@Nm1A|gYGJA72I|@z~*`Pe)lBcN#N;7p!t<_zj&Kt z@Xl^+=B9FX3^7E3amO>z|ZcnijD1%CeT6 zT}D`Q%^0lhEY5Cb7Q8+OUOlB%l>umv*4#3;2ePx78qhTU+%3%U7`P%9B6N$mU`MhEigZXA;-FC?0UBsn+-F&PFp2%(Yi9E zP|1eQn?-FA6$hN;K@M$jeVC3jy5))L2Wiy+Ri^f z&7EVxH#@v(_ZOsdn>H|0eaW@XgCdG-mMRsypkLtP9%J%v8T|I&Y{Z z&1{+ndrDLOn-+OXAGQa0cZIm?qD6UeA12ec-gSqQuWoR6mUX^di8_nOSx)YxZW2aw z@yMdxv>x0MwaVUcnYl`~enHHFw>9lr^QM8>)QZGS!LX@tmB-B!W8aXi?{3p&?=4RP zo&+8x0kKG2K+_yxVMfc|&~&D)?_^Fp8)ER3_hL`x;4;c@lNe)_QsnEdkm;CcPJG&S z9J3-Elfsb7@WlDTx9msK8}-1tBQW5!mpYFP1XQ6=Ad$V;-JW!7Hr#Z<&wkKUA;;u! zJn;I4`Szt%1v70&2!N7^=5E+(QkxFY+<_Elx9mrT+uC`tLglY@L(u7fi{siGcU&92 z_D;vt-gO6}%}Rpc#+lu)FWWx5zUR9#6Bo0?53swi7aAjdT{$qJ zu6IGlDuQqzy!nYJclr?Lfg)ggs5-bEOK%$4;^Q5T5Q2lXCpT9?fytxuWr<#R^p+`UCst+Ony0_FVM zI*=cP_oq6r{BD7jrevhsQf)x(cb#>~PIX6M;@tYxc{TvvJXoHd(Yjo`pPx4gH~~^; zi%}o8-{05QXJtA`Y<9M&mc3AFQM(RHAE%hDtgI|7EX>TzMdJ0UPHvEvf-_dy4gK*KDP?U(ZgEa+A4)j z;%n6gpS+_RhHMIw+MM>Xp2|F$e472*5-Qnt1#CNmZLWt6Loq;X{TAr&t(t1Hds|1e z{px(&yN?xovw;oE&5bj(%BxK|Jg!Hd;&XE#J+=YMU2IPLw%5zYn_AjVUwQ1az8n{{ z8W9g2@mBBAw*I7TzB!wnmR}B`DqyegMNO-ByU{nVeBp%`I5Qn{oWnn50dKSv)wI=R zP1Wwj#YM_}%V8tbywDt9E#DyqtC~;_ux&QA)c4xXOVZg}t`ke)F#z9As}EmZX85!| z(X7wSudVykCUd&YZWuy67OHvN=GbPQ;cyX_GChM);PkYi9%8wwv2o&#j>u z-Bz~_So-wH*=d6Cj)c=bjBRRu^KiC%x;6gTMZdMF%~LPSWpgv)R@kymH?atJBogPQ zrzn}H*sD)7BDr^CU~0WJM}u?zdDM2ZbuPAbNPOCkewpq!?~X2TXO(YN$kZ{s0nZ;E z2>UY0PR6>8SX?WmDbGevcMs=o@C5+oH~8w!P3Zudh~8@$Tf+4sf=E4Q)NU)nn6g z!{$CHU3}AP#{=Bjv8_6dRf$`FZ9CxY`tv^AWz7Vgu#s4XzCWZVs5k8OIeRjb;ngFd~Ee<@lr;BLlW zo6($25U|-Max{XLRVtL}#~4NOtR~&*q0-f>9;OVscezOSnD4knxE?)`?Kh=(zImT+ zr54#zSAdrvEL3WuvUqwjnG{F6`>qrGbGj(r-Ugv}?&s7gfn7Prk`vB2$V%JQmtDMd z-Fp_iPV+Nq!K)JYgF=#k43?Dp4%EDe%SRw4q2yt zKIAH02am;O`m8*#M}EiKZc0f)kJ&ET3^r{VmC=%9c{dty&LwXGysIj#>mX2xaMK8?|%~;8h-*5z#SO&9$$3h-*Q zZL5K;TSKj?27|8Fq_ zbVJe8H%u4l=;)NR_04fl*U3$FWfxmG0xE%T7!FID;~gm0Pg|( zmYsG-7Q9mXpS>9TGYasUG1AP{v(!ETbUB5}wQQUuQTvKM+>Y`9{)totwer?sz2S(|Qo6>c+1u6}d{Zdv?> z;C^2!l@=oXHUO{lfCUeW-sVFg-cHJDvQPD!q|I$2!#8L2u`+921nym*ZD4QHqIh^* zeS?$qu>*Pd1#L#|w=ULgbk=sdvBiMd8pW|@+LlB+Pu+0MHbdUZKHm1*`Pud9Qw({> zGq_c7+cvdX5?e3Yo(cLm7vGc2+s*{v)^MJr8&Bg}XHRiPWNaZz8487{qwR-5Btc5o zjCu6zZi4?E@^GHUu%7)kHk*nLkgo&0VGr;Yc8y6ER%+6?DEC*$+F=}F+Tk$`SViW#~M!U?v0P|l3j zebHD%X3cxArzionI5(P`ZeY%-B&N<_b~UsvoWWLu%gQ`7iFbxwI%QgFMJLj#i>^n7 zpJJzn-$D7?@Y~b^Ej;&{Tk_1+C2cg1xQrpX2Cadx$Kq@iF2v6YVI#*T0MY& zii^e2-2?ciC{nMfFO39ryR(<$+SQs!HFh*L3b!TVeQBigxenCvGq-TcEP!G!>xw8_ z?#td4NKv+!*{>)BV!XD{#J>#6nT>txT6OGrr+k^4ST3ON9!0HZJR;FlDz%;_=Sp}z zP0j$`n%lZ4HmGXb=9TSi5?T+kbe_6x-rDE7Oh5OBZ7cJ3a=JeEo_Y`TB=F2hU_FQ{ zI~V3)KuYo%v|u}`*SD>Fx@T@=&s&F@QZ^jnrLGj?f(Z_7!>CjIH$BW=mh@%Le28F= zD^T>j$><^dwOE8HH|o`}i~uLS(_-bS{-_cl2fOSD;5AzHO}$lEo8Qy6jk^^sUaYtj zcPO+#@dCx&-QC^Y-QC?GIK`p32X}W%zWo00v+-pw8_BVfwPt4BGjpA@Vn3=Xx<*K3 za~AF!N%(zcZbQU^tLMnvTvts9*;^Ico;eqt+KK~FCmU<>Df)TF5~j7;%C-EOY`>Xx zbt$;I=CB=J8m;f##Mc*wQ6jexy^WoDXQz^7H!ZKZ> zZ}mq(1kDv`7c<)!q07E|dVd*S1j##LPi#K6d~->+`kTlEB%E}J+>doB5A|D6oVuW+ za?=LCDFNqZa*TYUJ@%8w4}W0DwZM7~_>Q43DR5@|Z2);h_9bfOMcz9$*0)p~AKT}` z4NSsXe68{<%lYgi!=3l4mV;pj`QXFmz983p;f7F?1;SZ5H~B|5&CR5bY}F60dxiM7IrF*a8>VaN;w&7=bI>-1>8oC~qBh;!bT7s@f~!63N8{JC zkN{^aZmbOL_Ub5j^r}v@#D+tpRHBq1ixo&pfy~VpwW9rW0eRFz)~QJO2@bcl?JBU_ z^dJ{dO_()eU8`u%ee`jDZ0Ib$pb#MZw>13LEoHhswCl>hEx*}mv(ue3lJ|Hn5_Qp{ z;cckAoL9uE3Xd8xa5`?;puQi4WL;kqakZQh80! zgveY&a-~y8w^=Oc&2cfo)NT0Ph792=Ivu^73L?6e0G3TzIDdKhlWiQ=RO@+W<|#Qp z9ipTONo`zDN8C-21ytMXKHbQm--J7*a zF7NQQ8xM-sW-0BroJeXTP@2dG1~sQmMviB{qDyaW9Biy#QEb6gTQt3BhwLQCRDJ49 zp{GHuLpy9tnqv-bxDt!B!hZgc|9}0>(GzNWX#=dSd+*dHCVZuF3$^9?15ph(04h2p zD$SA)#lLE(Dr!a!l!YDsmtnGqC^`(S})uHm~(58{~TNMq5HE}K`m zg!|G`oP%T5_K^kEKuOW{)yr>z;P!|pM66vqYADJ?ubC)n8K%IJD|e`U$kz}$)MwF9 zh=%|TFYu;MNl3Ad*1MONmkeW}u-~#sw-n8MmK?`RNA^jnhOBbAXb!2&>qfj~jt-Tl zJG8Dvq9{SCU1>+IUuzC&gLIwg1)rzU)1QlCd|00f9SMpULLY`Z&{1pcFY9Fmw-EIQ zib>2l>cU)Gc4@s)Uitr^TWGWy*X{Xd+PT&P!~3c@db7!2w${<{^74bS*AEOm%`85@ zyTOhyErhn{xS<7|i*hQvno^~n9QO_Qb0!77SNroIO*^CDO8r`U6N?~?Bg6~i81B&#CtTXCj~ z2mn)7UleOqOwG&;=T_8uZ&TbUW7UG*igjm4R^P3mK?YuucORp^99e4Ie}Y>9Z(AWE znAqk{A?_1K>tnXco^cdFU|8tkG1_vTONsg;Y~JuvRn@Pe?##Ad|)J*;!)LomKOBFm@465`SB2q7~4?sHJR zpJvH!u#NHHl+PU$Qv^s*bx9sz+EiUt>{oAU8E5%ib)&%BEpp3kx<75hIP$L?lf?23 zy-|BBSqqS_HF?d~jTsRTpm(==y3*UeZ`lIja z>gw%Hl2ct)MvIHWAy{0Ti`gR?R+6|z$K=A;+w5{2O@DlR z^z`&tN4cN8Xlb7$63%?3M>MBbr+cb8#gq_x$gewQ{1aFpO?u=#u2#(~CqF6J-rCKc zz{uiUDu8jh>89^&N14N*B5hUTNWGv|MLn>SKBI;bB2#j!iH_*^rDPh$d+z7d3rdQN z0ak#!C7X8L62tk7GbTAJ^pQR9u4j-Ag*uw6&lUIAw9I9c>&}9^I^r7wo{pgYV-(S> zEMu0^%929*t-mhLvPSEcb^L#+(&(pE9~vHwTf#``Qo=*;YH5g@)vu?{9}jWIacUy` z!JwWuK?gACV@w6ReZV3hYRf)TA`^v>2m=Pvr9D5dyj-U@W88^|@H+ha$|_l!CbO~3 z+z(xb9QOK@BF&?v3{K3T=!dj!Pf%p#Iz5xXY3R#uXLtGF0^|$Rr>^ffR8Wz2WB~a; zV(gVzgdqWm(z`Eif5Kf=FI%JZaFNU-Fv((p)g*yuLjH{XjF| zj*3r;OLOZkg2?Xw>*taJI;dvD?Q80Ju(sHMIqiEt7k0JP4Z7Jlk9j%Cdb-rn($2+%8$5AV zlVnebb%FP8$QRLOz>h5Hp3RDAc`MYECPkuOrrFTlfq}NzeG0akqv_*7->OVgclcQ& zdt??w@V5A(0sUhdB?&V)?P$S2sb{NWq}96_*|074svUVLwoKPxor0n=O;;2$qmZ8I z*IsRhg^zvCEQ%e9{(V1_g=7g^c}kzZOm$2+^`pDX<(2PNwg7%UQtOicz>GJ^s_N)Ap4LDkVQa^8-h5kzvG zZpXXFja_F-RX&$?ucz9-0|OuH%1;CYs^c%x^{N^=V|XYj=A28{0bdS&FnmJ#$q)#C z4^QSkc2yM`6re&W=dVF}8d!c{S)(1AK8e_^T zMS{i`fe^ddSp(0y*)lJW9ttVm*dW+Mue5(X3;8ZwTkxCjy7VM}wj_T%W;&>gddN~u zgBJrbcp_gcS@d9*(^ONx zJk#RPpX<24SPvQMoko#r*BC;WX6P20whpwpYWXR8JF4J`b2rtaXLkIUQtlY^ z?)c}wL9YunG`MMq%WrF8vkWl^p+w?_u@>jd^i7H13nM!74HaJPkKH@5P6?;@RaR9S zVG}wM3{0K^lJcSY0Z31z&=ZQh-L0*yYyf}uWZADT>XGZ}&Fi@}|7Ni~@7%mHnN%{3 zU12?I%GDA%cTgq2Z{+W*AeDULqKe#Taqo&Aw2*>U$EN4%uGwr73-Z!4vCHF(QNQufn$;H+15}< z)bflD3Bc29=hBjmfcVyhym|z&Y6ou2F^4pUAnws;uLZVDZ>6h@Rd+^i8}KsroPyaH z^+Z{q#0e8CEu8bE@Vw8_TC+z}M^pX%`FvF59fZ04w)!UWI=9|tyBYb@@J5|P5Nk3? zn|;q&;H{;pBWio)h9jz>{0p4_uOe-RgN;8Lb5_P(Jcqdl@N}{ISXE^CDTXOFeOYHK zRKJnupoV(WZs`L>Q=@HHiirH(D_g=UEw0;6f5evRBWAUm7q10TsUwaq&7FT@wB0P^ zf?M$9>1V@mekno@z6_t_b)`Pwwn%Mu{#CD|o?03b9z@L)b1eq-e6-xi7fC6_MS3S3 zPA(pGth6Dun!#_htGYw6l-Y6?SbhpuPb2=_+QloYs<=n=OByQ#mGwHN;L9)U8-*|X zgC(--^w0dDzI;H~dqdYyhG8#ZhFApDHC0?Ia${TGanw2VJ5Izz*Gf`f6J|> zCe~*1UErd$tLd?M4rfE;InCE*#bUO0dK=}@jVi>V0|`2<+dq^#DGQ<$9gJxtnlbk^ z&q~Akf-_tX+LTHpq|rT&-q$tDkARog-a$nEpnwv?9pCh!4#k=sR@_L&tM0pL@DqWb z!{r7a{2TE7{a*%$8LM`?_Xot)9r?`6X+js{N z#-9%0NPs2P1!Lh$-T-^!iqxP7TDG?PjWx8uo!E=-*pT)})L@_RUa>>7vy_^5Ava}i z*GqO<)GFEv#X2)QjUS|`fX?Vhq}6;V>k~PEeMW@d4wt*RjDnh zruM!qZ@&P*bt3LhIeCY7A#AvS&l(Sl?vx?K0lS{TXoU%EerD`Cn;B@oUd_owx%{DL z8$$>0y-F$ z^gMxH^O?(MnJc@E2yHq-aE;PAjr-J|JMRV8mBfBW^%A+ewUT$?g z@%X**_<@f69xuDDwg7&4*<+Z(U!a^Yn92mT5oLSfaAiM*RG|JXC@QKdYGTaz!Im?o z5@wH!n?-@_>Rc=!AP`Ssf?iy#T{DhJN=k|(xiG3&tP=cJWBJ4>8|5pF6F+YQ`iZ5M zUnWAQ1q;4x;%K8Vmy{if>f839OCsr0zJ9Bp*;&ek$aO*F#x&Xa=D{!E1OxO{l`+Rv zrxG4?c)yv`#KeRO(wu)SjHuOjo=wl;6XtyQ=Mksj*A(J5TLsx=!<=4Yg#xl9O3nw* zNx&MOju0pA>Sh#*;!RpZ4fL3Lhi1EvpQkH@*Z#_w4iyzwjL$X+;0^S4l$wT*@Y;z< z_8A`U5I?n64-hsegdHa*FU;$5x?eDe2%)sHXtthJ0qAVXnGl~&!MqDI4DybKKu zy$c>V|LuabO)*bRP9k9s7dj(=nV8-obU0K3R-G;fBS%O6teHVFqjWS+OG`^@>+{P^ zf#mB6)23rA<6WH|*N2f9;`>K#|g4bUzJTwqLM$#ay@vKE+zEu8<-VZ$)T-`t|2S;z3xX80nNqrpX$9x zZiANEd=C~-S)E;rsS*?=B`s}CUT%j`S2moQnnJX{=aR+lJB6H_ScD34`yPRUkgJ{U zNo@^2L7ZzlpX=UMk5`g%k~v#BOi~gK}+<2SS3Hr?~7qV?SO$Cz29eeg+r>BgUSbgnmHYA{FZFWjdPl^2Cf*P7{t7JaUo9)a?au%cPuY-4>s z{jqK`W|!3584tj=H2w%d{HXZX&_n7K`bJrx-h$1dTIAwKtwyg)ny1aoDWC0WV*Zq? zR05Huzd^_hRd{-SdZF&#{Dj10WSW|~U9KN28jqwpCodrxMx${78-7o2es7X~_mX}u zX?`A{q`Mr_93LMa2vE!8Y13_Go__an-fjD(>&mCjE+5cV2QG>e5%vQ?)CK+1u^2a^ zoZk7*h~&8+e&A)I_Z-6LGi)%dB5jDa?n`b`^`4^V;cb8@`AFoQ@9F> zK=gZR^LrZgyM;vSeoTt;!O`5T9IrQ8k(Wz1@aq-espqCaYjCj3Ee;Jn`(*;~ zS_Kdz4i}Y=l9JV1)l|Nt7nE)=koY+W{IdIpRrSWk*#~# zskCu5oCD9sjc_K@JGIeL)ZxFVtleAl0)3ZWM~|B_1a;@6LeBfw0bXu)b+t@ne2&eU zPjN8{mM;ww1?do;*Z%kcqnXG%R{chs9l5SEnsfFrDrywLblxbrJpc1>6hYl~cZ1ck zqNLf;8)VOcppU)LSd2$ZbJ6dp#lPFiRIg4iOBGhdazDuO-cuOWgh9_n`Oe^8AKF-_ z(Ql3ABA{my$IqmsLf)U91){O-FOwiHR)%do%oQCcc)Io=VhO_cLym)~x!895LK69< zA?4uD7KNyYpkSa=C)MWn9-{iG0B2g1%WGmZ>+`t&=*1*G4GjZ^df+;|dp3*A#1N}2 zZPRS0=CypkTGKO6J6bZC`AC&$xh0wC-qg*v<~$v7al4)ed=#wyPr@O^sVAps(t|CA z6x;Lb;(~?gN8wrQGu}^|d7C7}>wZvjkg-e=u9RinaIoY)&X5F8bs4SG{_$K=nf(3Z z!0_Bkz(9g}ft+~43x(e>ZpS@64I zymfAY1t<)B`5qVi%=11~C(;JLeF~tqE0+Xs(w4jadq{<-B;peLzWRsRnLyRqZpE;! z2Cs4k&6yM3_wf0e_#S-s(>r}G&?$nw2@(px2}(#BjOgXWJM~Fw3b~0GSW$V|lD+Jo z9RH|z@p@X`Z3rOH6Wmu|hTdag;+_5K)|8&s>)&CJN*ciqLE2FFe7P`GDG zN!-0KDSCXI{(%DKfic0md7!nrfQpsl14sDt;K3HN89K#a-9%}(&xX^iifXjayA{eh zCl~|3Pa+x*zgj^dB{cfT1eZhiDg`Pil7()U8x)U(h}B-GP~=5MB%FgDjf#q(>Sq~{6_cxTuzL*`9saDyvhDHu_D zU^`-Bd0-VnADrfho{4(vji_xK-`WoOEEz{E2-Te1ERI+o> zV|#NuZ=)BFi2Yq1C`s>asqTHRpdf+9o3*1wi~_=uI0Wi%i+q#;9xv>`<7ah%NYm?O zzXvt9%dHa$jpIqF4JcD#Vbv?5$tblK? zGrCuAW_1rABUxU$g7F$U+P-gQ%Ye7XmF*rd&`zWqoOZSKeDl_(dN(#Vr^X=^_Ukb> zORvje5AKvC0krD-)?Cj5`EdPKlNS%y3jJK9enU!x zlSn(*AAm{1%O=9Z!|j^1A`lhH+4$oTo-7_t3{ zuM^!*n9O2O?Xx!`CMgLS*~n3>jT}}EXckfQY%flj@?V^EK!@M^P(;Cw!S21t>rEVO zSt$}>wy@9ZbHpBF6{FzszY>{r(0xHh_4d#`bNE9uK{)X>*JkyiuZ|mWwbf_Szfp1G zafMIHY>1j9OMD?4VFDnqRfV(kKb-s7G%*Sh-!puExPJG6cd2Ne461|M37M`+Qrkrap10!| zsrpOs%E*wPG`5b}T$@6&mvr1?=KtsyNquH40dnVGWPj9%Q+=C4(QZ;dA4;GSI$1cK z{MeYB(kXZeIyp%AYpiG9%BWP4Y^m(DxN7ZKvel-2mabXBTKg)%QS^ohAW^_%s!6#L zPVeyYGc|BXL3+)5U(MU>^f5Cr!4q(|bd3Da>NrRgoAR|~qyOdoXB>b^ZJ_*{&2Jg_ zMU}Udf~0mUmrQt9&`YWQ)zhmaGiw`j#Yg~rd_fN0&&kUb^tjyyZC!nAU4gbl-Vb@c zQAhkq+L3V4C4tf;oxx1qsf3^WOwRpHBIHNT0je@BmkMd&v;B^4Rb)ATOK!8!}0A>>hD=t25(Wpmj{dO5U@&W#JX^l7Q zUc@t~tGR7qVq~wH|A}tlWkhA#7?Cx=`ez~ebPkhNJ>d>+`r8egU9o=}18z{4zt;NV z{*4{3+$*>>W>Sm^6`&g1QFLs^C#**J2huMr^Ew9ZB#9RxN)>934VL?f?yM~t%hywx*QnYI%( zGgY>G(|eiQlJe&ryk}&Tp7Pwup+i{x_#f?SZZ)octp&SF1q59-$E^=*Uy2F}YH7hU zoV;^tf(`m$dl%mUZhE;1zh6VTotHT_bw*=JX}m>eGsAtO4AzEda%S-pb4I2^E-!|1 z^UMdhv}<^}rWkyxHExGnC!?x%N>)A8&~^Wo|M6&ryK)>+@B}bT!%h z%^vX9oBP$o!6~pdLCEWIsq!IZ@ehy$Q?fy&4^IqR*q(*P|16n^`ludf2j?%Z*W=(x z20hH3Qam>{Bd&CaVM!UJsohXb%}tU&#s~pE$~n+`r+L-N_!W#TMlDYn>B)=HzTm8Qu1aJax3!qD_;P$<>Zn{euNi|FWKk zh4Ty>P^;ol1hjvCdyDev%

2FI+Bqo_K4cWJ0Z|;RlOa_^6?AT@otdyp6s-@NkM4 zc!@}!{j$H&k+4aH)gMbL)LG99?$6**k15mh`+#uBp)eh8oEaW=D+t(j`#GutlBNzX zMcVy#{*`c$d)tF{LmF-ztmo@|E||0LjJ?477j3^VgGNW2kV*(pLlma{#Qp+{;)HkK zwSgoLftH@h#xExd+tAne;Wvoy5Na)Xnq4N~yEUHHWWy7Ia5GTRan$Ax-_ zJ=F6@oL&6IN0J54RhskMhT3{tMK(~i!5;Cc8YcB3>3r$dijERHNMWP~UYS0dPubiJ z2#6p@xq8eZg<*6a5yf(ZO~4qy|MBay0F}>E*%dH2pX2T6LMJ^>a#XBeEY!HGKi)sz z|0(GEcMbnLsbJ9Q;zWw{P0X^MB!J)Pu*Yrds@Y`l_5EnRL)QjeH>6{u5aa|DI2%;i8*@{=AE3$I6ItRsl*&z@yGqt zjj&ei`}KE((`*mF|Et6}Q|G@O^FKB>9&7z_#UHbA$WwX^g|W{z$V`*o4p1+(Qee;2 z%+1os?9ioWlAsDunK@P}xhl#k84DqDIYbRfv3EHL85{(-zwYk@z3qNeG{(z{sk9N= z6k=Nl-`r&m3uW%t^wT$Y=lNl!=)K+BBS-|H+8d3AuLV|f%+Cw;Y;M0UweenOWxEuf zh@J!lA?}3CAzkX%l5cW!`fdAG&i%r}W6a0LAc!2!=+FSdr9pXUv-aNqlVR;eqKG}C zrTt1kKoAcH?W_I@BrIDo?8cY*N!A|%xACipayuvOYlRt`%MK#et)8Z4v4i2Gp4XYx zkDG!|Km`A8Ioa0~HC=!t}J>FZN5%gX+$qBCb;;q!EYfFt64Dqmu#&qIbwez5;+B$SK^5S!gA(3Rv}@6z5? z!Q;JlKaXfvmQIz+Ncx#S>_AoFL&I0EWm$CVTUv$M)ULt+CFp3Z!5clur}x)sfS*ev zKwNrWgO6MGU7I4#6bjAAJW%#?!hMwKjX*rBlrgE)o|@QnGpyx59E`pGML=g~XixZ} z%+DNW2DxrOQ&Xa_CcHw#PPE?_-(jj;L#v4bry8xMT3|Y$113DK`+)(lZ@<6fBMwl< zJDJcYGjav}l*#8%RZr6ZGWD)@5TaS3!1k@QnSI&-5_vWAf;VApvY1{Eah3<~Pz;dB z6`-Ur6=D-5pJz&H^OPvqGbV5UVSnr>tI+(r{|((iiikEix-90`o){l2aXFa0&x(I1 zDh%zO{cSU2%bb(qB!mPWEuk=Q1jk<Uqfq` zgy|+!P93TFTqhZa8wBzWNo-zJT-?rq+JGtXTK0XOQvkhAPfgs^7T90i++h+e)20SR z+~@WTg0IiYdO@#axMqN$Kf)qVb;$GIr4~d3HR2OB$f>Gj&|gC5x=EPfJ~>QlyE&sw z%xXQ630famebK{43@qM5)#M<3-YFUH=?+G~oGh}>7t5%bkm<0%##OEE0=3&LEtA4P>=KlmgR)PJ*Tjzh4p$XKrsiF+R)GIe4_*(ieA zN*MFhibHrtFR{!pvYY?EJjESlz|!Yp1M#NWsm>@}tFq6{RWx;7bt`u!enk>;kBXeC zcMjc%=apDUYl~d7=G3+d)xzmhwRn~d5Q_I)58yq9N8ay1-_NW%l@ZSg-hAo&4EXC# z3Oli?g{eEA$&{hANxjw*H}C)$oGnKg)^2Z#h8XQg7Hxe(<6ojutmSHsQa%Zqo(UW; z{`m+HZ7Mk*7&20Q?f)K(UkLJ&yx$V6qb6Z6thONCcF@|owDr~z0 z)+BDeIy7i5j?g8@O- znba7bV-{~ykzm`@zw=bPj6l~KITRwyLi0Tc;+wz{;L%DI=TnOuXRuX{_T{Fo1dw75 z?v+D{zdgTkp`)EO1+oO12FXGy#F_=LmNlmoLXK$*W%Eh^1lrKYSkdJp5)6;NI76rt z%xh)TUUUK<_HP0LGAbe7&i}@l;qzE4;=t$~vKmDz}cchiYvjrIQp>F4$ zsd=xrp|S&$lWE9vEBrZd z$5_&>)Q)a`orm|I-~DkfY?1g_d|h|z;po4x@3dwO6B4W=c_YycPS8JFf8W90Azedh zX?PFf#ZrGNV^NcSCk8j=VxTtv&8YXp?+QvexC7&PjZZIKeUWduez8Se0rBg2bk6*B_1kd#;N3a}|rzD^KbchpX7V=-{N3lk& z{6rlUCURVC-`89e-ztQ!u=_AymSzLqW4DC zyJQ|A?)l%|#KRdYb0Rr1x=S3lPA7PDRvyz68RG|OH`*9;@hMq?d5 z-C_UJAjaXERbCBS5zNk837_ z4on-H!S_I8_MclsKYh2CdZ})9Za_z{zngt$P%u;v121_ zZu};8DC?kKFx;MG$V-5=*Hlx4jJ#?$KB$Z2ZQSuU1Nc2@Agn?ob-mLq7RTvI(^EFQ%HUp#mQHl*wn>xd^QQZ zJ@afvwc5b`;*=;X&J+2al+(uNo|c;!x)aBD?rz3Fw_*cCxTrw0qh*295Q_lQ%%W@u z?OFzPsg$U25GNe|sgmBUBk~YEn<^k` zu^j@{x!za0)K9XJu279cU~}ZER43hn$cA~HJ|ElNlK(AyYiv)evF1-VqOfU5f1reS zGYcw3=6h&%xl6UR^38;m*&S00YuPYy5*=ZpQq~l-l2(yEejPu%>HC98g z&)jOI|5swJf!pXIJH*wd9H=@U*gY7bVcBqO*dYmPqO4wGg0(P&5%!%nVqW|x;a^5L z9k3cL#@Duk`|g5~V-*Y=wM&4vz5G-CI6#NpEyZovnZ&`9lDodtU<7>zsJ{5O ze7M`7lIbX-;t(r)fVEYBTcxtxvoke-f}t)lr*~-zGKv zg}6!l?w$(uxtW2e6fI&QOU#NKXj88#A|jy)Ey4q>tAegELfn!`+X7s7``XNLu*LO% z;gg9*|9bzutToMMun}CDr^>N~=f5dLcqda^1-%QRBmaH-^&cG%QHW=~CfdUIm&Q5- zl%J;{EVTtH5I=6K3UVsRr8jx_u<+S+_fQ}=@g_weUzsbHAD6mYb=@d3463iP32w}J zBtUcH@brZMYVMm>YnDO6_uG-QDzVSij2r22@lqTtK+%fqQPb4UmDN~AF+2iE`}LJ^ zt-P;)X>+arA%%$04Lf)g2Hz12)5q1#(#gBSx=#g#IY~|C@v-Am{BTsP4RJV5Zw?GO>fG+m!)0Gtj;QCecu$z0fxl49RzRUHTWAN#5 z@&II<42?ggg9F&f|!b zBAgTFml%`giUe!-+AX6~Tvj@S5wAYFBSOu@8B4s+{$o*>-$~;cU^I(D6}VW*>%%I( zC`zJA$M{wI7R=iWu0LCjdb$P?U*=SsW<}= zi>kR-WcleWs<8~Auvb6Ov03c6@*prp32DBa3>cw9RZsS}G}X;o z_HGX_RV-Y1g5GMcSli~a1AKulm_E&9m9v9ONETm)}!TZ zO1G7lbER}VagfTZ+s&iPw-xppGpqV*A0xTqh)K?zuuQaMX%&r`!umJ=Z6&44->3te zJinuZ-8HHT?q|apM8{v$)`D@ruDx2K0w1_FM>fGEK5ad<|LL=XL8_&9=U6hY4JSq_lOH zEuSzUX`}jSa&r=jpm3PWF@tPYS~N^|%V@^~rokMf`S64wa5?b59nR~5)BN@ixuFVk z-hVs3(_WNzGI>tuXQTQP-SVxFOw9HSz%$g()7x8<6Ht=-xxtz2j)n zDz}JBh1RGx+X<8m>3$x@*McvXw)b)0UtF(eGA;L7@S4d)6i1QkXkZNf-L&nQs`aS} zi3&}I`Y^LTY}mP)wxd0|I%jbsG$+ZZP+3DOQQ=#o)S|*WQuS4tz7(^(9vT@}SUv)n zkOm#0U2Y$^bYKQ@st?d3M?2wJJ+3b+de4}-)k3q~nBbjTo$jxGh;9k}pTmBq*2nK& ziL*7(lp%6s$ZcnF*es5Tnl|I|Md5@gKp?!cKYGp)BKD(;aDo!KvBW-LaPjM5*wK&a zolwrc{Tesg6Be!8c!Ud|o0IOV; z`iJph2@gUL`_bGm@2aRzOwIz{Fdgnuqaj2;GzHX_St`# z=t(dC-#wvx+H&)M=Ssv6d&M$|Kf#^nx>w%Tt-pErDu!Esgck}So>*jjywV(lAK9c) zd1A-fGad=b&cRfmc7)mdY2T2`p8$Q&;=8w2sYe#+re%K{^fih|s=8gJij`pdNwAx+ z3)^f)PfdQ2HaBhIKWDwR)weRIjL9Y(0dtsEVqWuvmZFemb4X>Jzn(TLQFZaJnCxM! z<)@stVV4=R6whyEdXNPTKdg0y^t(e<1Vwrd2iDzbRQP3L)s#!f z#>#X#sco4Bv4(KYeTb^{`k5Rr$nNJinF=>uRd0olvBV*|#FR!jV(W+0DAE$qf{EQ( zIqF7wS7dyF_^DXC)$>BP_}&tP8jnCtGN3zSZv0O`M_4RAJy&eDFz@XO(UdvG>hDJu zthMUM4uszLC-2qsHPey4*pNGotz)_sVse9m7Fr*n&C(4agB}8b%SDcrWSf#K?q<>} z2VLchx<%H2YHnT&JOQ1vPM>clDX|(GohRdN6)9N@8_A>{l{`y@X>x;A8VAKE|Msc6 z9HP!zW5_P0&{ujlxe-<*!pL04mZmTD%|4QS-0^L8uw)@uE z1U2+>%++)G^TYmFQg&9`F9g@a+U{T2?RD!g`x#dFsBOBGr4ikK_34wP9QwsLgjNbc$U3(3GO-|MU6|dGvh|TbKWp-}4aVHmgZp@B;lj*KBT1mnwV+f! zp{*K0&u<(O0bR^becox5Vp%m`pR#DOdup}=&0K&A-(>Hdwv(BHWA0WCQ=2dLz2sWJ zIoHMy)QxNBYIfi)IW=3CIlE<*v%P!N24Tpe7~S`eAE}?5d{Sx# zVjCtu)k?W>XUY(d}>>x7J|5r|cSdK?xpX)Kp$|Wu~`<;&9%glU!ckln*rB0-P zFAc!FY4;vg-(2ch>CZNV%T8DhV2@0AJEs5NSKKA^$(u9fDa>@2{XcX3PsIaqBLb;? aU`%7Ubo1s18v-cE>(@{DAGKoof&U*x`n=Hq literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-firewall/images/fw05-rulemerge.png b/windows/security/threat-protection/windows-firewall/images/fw05-rulemerge.png new file mode 100644 index 0000000000000000000000000000000000000000..74c49fab7b245e2f8adfa4eb9e8d96e88ce112df GIT binary patch literal 25314 zcmce-Q+Os{)IFG_la8HEI!4Fo*iOf`ZQDl2wr$()?%1|%+f(^{-^~AJp1GWh_jylM z9aNoDwfEXiC=UVxS_%9np}>GMnIU;Tz#piCya+!?)i}-( zZ~$#9s^$O!g3$Z<15Kntzy<-)4;B;rrRb`C*6CxbIhT0RPNIJrgA|VW;cEEXFUjy5 zJgKU#RG%?js2L_wVxEGGDb0(63+uZNUW{}T*SYRLPdrT6;`1}Te0#EqUxS;KEwJr3} z@3RG~^LRTWQ{8^vCd2b2c<+9Y>Eiv+zEP>!I^7w=uQ5M2XQq|0uJGkep$PCRK*{u>2spB6@1-VK&=MRL8TXq01}n3k>6Wk(R#a+q2}s)gwl zb@i3FSQuA1t1-4vtv+v{C(Be_=_ka*&KH7 z6qa-1%kP-Y?2j$KP`(PYCvr4!tp0>AuPIH#-5a=_l!oD-IHUN9d%rwdG$v!kb<6+H z>PhyOrgk*WHKpL@dHaR;TVwW6g{<-KTQb~H3+a}t&WxuVo=%1Ug_TjEf~f7rE0TBk z>bJk`#=NsAB!s&pg{Ve$>Zr_-vJHoAWoA*@iA!`6==!D=td{vxqE@ooVj=<(+pN>8;5AwU1Yjb&>0g}>BlnLY_|KXsiZSh`y%YbP*V`0#ag|AkClT$ zR4qR2jBBIfieN;6(N+ncq=8+$#W%663b_#ydGa#`7N6&w)zkS`L#V)ygfnF^eZ{Mwf3)8 zx+Pk|S-pz2V|X%$oK(7tQS#t5v$M%>DJq>{OPj>@+EHR{Hpc;bW~gsmJZ+{DIvhoN zaLw`!L_Fm7W zs@q8?FH1hEf^h@Es%=174PPOUq0PW^y?|GQ7J4i*aERj>wjiJ=ABGYNDd!ELfc#J8 z1ZD({9EN8A&1zf3NfS!}X6KZj;9*-}M4?W*YG#@!!U1X|xV zy+5tAeOir1Wd(N&SlR?>0v#>Qwjiw7n9kPAtpk?hs(|^yOFB5Dlo4T;=cRw?r*LT#GgZ_?*@|z7PQxH%j5Wis*J|0!I_eli6Y3PC3boJO~7X0J!b^q^D z%kAIbK}f0-FjGiSq!K#6%WGO91m#6YSwx_=8W?LG*92`?d5(#o5`(yLz zz^BXQA{5c*Bd~h?uCe=-HhRYAHt4;;{}!1!WrXJM;^)mv=B(Pq=xcKEyaCVE+Wk86 zaqaUur^EfY>Ho0mAY);1!rFBeX(M!WNBtavMSzy%hR25sHEINQ*ZnkRGtB;u|G{=Q zM5c3k>|W8@`qXw(C4s}`GV|r*qVgpB<93GX?(QxegW5Wp>vD)}L80DW9YPD3Oovpy zx8!cFZp)qGz3$XhiIat9TJ4UOs;a14@8=^EjE(Ns>|`39_uXM5cdb^>G3JE|bthJ4 zD(^~L8k@%P#?WSj2oYW@G1=Pd4XUsmm=#d8lmlHt8%j3zoyh<+77O z@%lSOUe0f@Of9mgWvyOnC)=}E8?QF3-cM9IPcRUF%T=nq@0UzYR6dqMU2g|_f2it+#KjgjFs43Z7SRFINePuU2RyTcguHVz}!3fJS(k=GVpN*{&u2Kif(*q zvT{x1b`no*X#Z!D&f0liYtR_KJ=N^w%g7__Xhxr?g%?+wA{1PNJZiNm#JlfdKvJUuiO%>2Kq> zBEwzms+E3wUTZdEuEw%#E78eak{lxtjO{tOicB}8uR^WUnpb43rb?1c_v#)ml2aE? zY>d=sH|x0<2ySAnUh14M&kaPt5A=85DN(6jdVhB2@znFL%q+XaVQ8Lsb#K?#o|i84 zM$1Q{1cwi-+YgL%%Ijx>T@X&FL=w{J?5+@P)Fy4}w=)BGR5rUGsZ+Tt8oDDLXW>!m zZ#3>12_BVZ=ln?+5^BOYX84l2psjntQK93`UNLQA^$cB_eSmNja8Nx9}&bOjGznr8&P?ZuT z40rgMV2qb%ZApPvHq!IBHZ|C&gOdr>`}U$*d+j=Aa(1@X`p%&`tp4tfdxHDmEyyN~%Y`0OgokUgEbM@(#&#LuH;m^LT z<&Ly9t{RIQb4nBK6Zb*O+&Qdr=XN=>vQn^5*Snah&>qb7S-a_mt0S)c=5iE6x;vDbSg8WkSCL&3Vx2k&a zdY#=hwQotIa;sVjN`b87F$}XV~SB+0~WaMzA0;sGqk3VKK;$@@J!e6TH0)CCVIVaeg@5 z>??q0JhV=XW%GWtP55NJ=Nr$qxXLfx{iQ~{qFovLf_SCG&x0JDxie#N*M?vx=*H~C z-Do#~2NUq3?Pa~Av*=Q*Zh-R78m4;v<}xiZ9c9Eh6U7}7_rwO>&6KgwiI(ghT4LAT zXlB6~sL%Kz-_$XxFZ3lokY(-XvXuz6jFNnAX1y|Jee##<$ido{ZAxN?c~8a>-5 z=X~3@5Z7^%Y4UB-XbDnw$;9hB%hb*dc;%x+bIOX<24iWS#QO3lW8@7d+Hb!ZuC6&_ zYlE9YXhELQnGm>wmD2vru}U->AGH4c?lkqo#oyj7*zT&w#_G1c6N-a}eGud(?g(zwOy|zk8-~U$)pt%pGT^+u z6mCYgiUny(1N~2BBSficeAVM*&N3Gp_UZ5Ki6-VuAJ%Wnjk+)oleItgk{;O4w^q7e zS6sYrR$SI|En~?1lWBdPm+%k9boiXE8gKTsB(^SZV0k{CCKUdOj+NB1?i|EhzSO8f zrHgfV9!446AB+q5)Lt!a@OVlRi_g>Oo2iY@rYe}=!g+Wpto5IrTBN(YzYQLz##@dV zls}xxVZc09(-f%gg;<^nSCmQF^I&hgmvY$XN2Q9iMHCxV@BF*YV?XG(&Ey7^2Tq&j|vIwm~JGAFl zpWCyQU5`!Mr(8-h`P!BZuQY$%gE*XqxbCzdB_#!mh~s+akI0*s5EHgtuCkO(qj^aN zdobf%g9d757qh){QvH#UCT9?B>Sc6OHFkP5P%>`rt+z%oFk-9Yaf{IOT+2)(uHNox zrE4gR)`}hcz_ui0m8QLEh3BzV+r6V@Gw=`S)CW z37>O^?0o!5Sp?U$-xE5VK0I3NLxv1!;0I$KyjWIRb-V5l%5GC}Rl8l!hZe($sI=hj zG(CodZ*JBEzTK6%_;9QjPq6qt7~AZwv=GlMV~1r|Uzh`gJzSL{O<6nsIak<)_$`{djACf@{#rW8j;VI=q+Qm3}zh5+n z9vK;!d#tOywBUTpyu~wEEPjnJX4b0ysfRpoP(Dmq^<1omfaAx)6P<4J(}kyGNuYUb z3irpYf!P!1uQm=z3}I8L$#(me3PzmaPy86^d*W$p(YLMJNa)WE01#&3KVCRLU9>a} za_DgYFt~~Oh-63iDBTMM)D|bY?0a@PNlGLJ%>+OaAHgPoIKQs?(cuHw%n&TZpX5gX z2++tEm7EO$0Dqm1-$*y}gPuP7mHxBWr!SUU)&23Y+IFV{BgF5Lh_(#zi4^&AEWybQ z97<0v-p?<>BK&E-QvivAfHevNheuN^ zK8=D92A}}QlK_{+m>{t+r~ocHgNujz*BhL{Z_lmsB>ntmTbB)cLaQcS>b!Vg9NQE< z_Ds}9o{R1g_on9fj~Yw#xi|9&FG?=`yS_aD8;8Cf-Tszj{=O3z$XP7P2*V(ZdRm0h zIzF$>>a`Y0;6tUMm6i4QWOdmsL}5p_w1E{ZJ+oe#D)|%Z;wQ^*ik$e+t4l#rMidI? z$+Vsdo3L*~Fln|B%;S3Ua`spn%kqp2tE1BWY8v;|sc5jQwRHnmO@!>s3^QM-dnyrP zTMUcaZ!3%?N$Y*y42`;`VGz@X1k2hvak4A&E_D8`xEy_SjERT%*E5zj z9X`j%A|J2mID+SQy?6*{s!JGXd%&6#kYLP`)I7nyv8Z|%U{)hs-%4$K<7iJT zQd*YdF+Ihd$Rh>m7Bz=Pco5Q^AR8|wj3d|Z&|CbIM&YNTW*)nsn*rpQHOw^u zb>)=IS8*z|VhQRXx40RLrXou1*%0a zId{E;`Cv|>idvx;1Ucl=o`p(RQ*kNuWdo)x-+Qvs?WmvTV=O137xzpmDoLX>n_K)p z;vJ(vq-m(%T%qk^;{GfOO1QT)CW-4p3sfG8lEv@c z-h!N*V(uJ>FtKpY_J=3OuHQ{HT?J$WhT07qHqeubK)P*>3L!?3j>VBJ3>n8HWEv3o)v$xT#KUkmjs4D@_M9xq8~4b)3j+=^Kg?UIZ1z~ z_2bIag$&~?6BrZCw~`*lR6SBNs}=jv9@&^-xI3ixnd{OT!V$*F^}py%{nIBL^H4L2 z7f88`MA5X$T^biNOE+T}y)BiFUK~YDE=n`TxF89^Tu^ybsqj2fwyCp>Ua;%CEE%N01&OP}rUlD1px z#;ivg8HbV87@8cjoF4)@TL{QGx3&l5xe08denit${C{r+U1J8=`j^!W3o9hQp5r?q zT+@C$8pcVF=JH@t@yEuFzH2Mc;~e82qLZalz)fQqthkbS6-u-86^Rfj4{>F2bS&q2 zA?L<+Y3@}JV(%jF8KGHI^%DyUM!Y-6;!jRmwu=fq|E;SqKl9X69!g_UcO&3*`fB2l z%6yGV>XpX&?F5z~nk_R6hV=;YID$wJF2Yt(OPoVwL`gtEfZ`gyx?^a9CWk^8hSBu2 zXeg(3bUxi$vJobsSF-x_IfsVF+)|3)IJ5uc-;Tce$mzoG5e6aqM=imoD`_M9E7Ria zFVhNWx6ix3{jXC~R+8Aw!l#(XtYqZ<~upc?WUHOwMH)b9fF@H^7$4+>JiJ3l!bsn_Nh|4#?ZuAdCTqTdTu)j zH1%y7Lw!$&3qmqt7>T4SRMkB}dD)4=sg@;9M4r(gRMF9kR)%rFbSn%}Wnr@J#Ft%D zIfFI)#0X3e4MiVe$LYi__&jj(U@6CWUGm1%tpnfpd5!l6SN&@C-!KaVg+;z!ymPO^qlCj zMKUuT=P|n$gbai+$rI5_F^ywSy?3X-J{cg0TRo1Dubx4)(OK-0j!PGv-TXSy9kNtv z{5=@C#NqF77v>l+FaXR*tMgp%N8C{E&IqwuXf{kn1x*|m8#xaD#kRlx)-ZL$5-~MI z0HnJWslRcOQYC1DED|Gquh`g1j}!c)fk{xLy(N z=f-GH^yP7}m3YMr0#AhRl}+qdYZ?0yCPU)3veFzTSog?(s5|*rsM~ITy`|G$&@`l5 zPGCT*YSOefAk>GZh&HasAK}>rc+2%jAZe9nIVLnu;l{36jw_^za2c^Au_}TG1oFg5 z{r(vz;F&j>m{f4z|8!a$*sWMxwkBM4a-GVW8G{-{TBDr@aaa};s#;}bpk^Ih%_=Jc9LKMC$_A3w`K?=D zoDwGn)A`*;(T#rdG7iYZC8b`?CZ#hb?fe1U#wF+E;z*}B)xs1NCnJJ_Z?^fx0bI|f z;u>I0qhjqxiQIOHH}m(zjZ-9nOPP-}(l@|6JsmZk4om-r?Si^Lfr=cg+fR8ZAnrHW|j*i_F9*kg<-mgv&q;pK? z^;#-x-yiSBmkl7nkS;Sp?(uJN>Crw3AYMQH6Ma_JFKuQDZvnc5K>DK+m7E3Pc>rQ+ zhPNpO4vauoB5zbEX|WIa8TO-fHBYF^HNb! ziS<{!*l=Ez_p?rMsAcsV>)hsoTfPv{b%6DXozKVq1Tf^_;)9S@-}gHgmd|-?Z#uUx z;Xh9U9Bd+$3gF1yniXsCL+*HNPdc}+o5V)e-uHfdkpkw-A@EO!+YM0T=eLRa!rzJc zZ(f`I9(_jDt1rkY&ShCt2t91ToxBprioA5qSdn;#1WA6*Qi(TMOLf(=7dR|%)sswC zTN*b&3%$=%iMGb02qS<$|E3{l%Mc0`A_g@{=uBm1(M!> zkZhOuQmFUWDAH%wd|DCgKu2@~&U6`7puM)Yj@7XueQVpR<|4_jaDVacdEh zOBOdo#_uggD{lQQO>vfO5*nQEj{w-6md`s0VjrfUQMlUjs2}D2`|fG|>qm$2`N17^ zb^c3yM|6`<#4~9r)2@^d>`JnFh=iSHj`aI!eR`JXP9&MekGHpB?8dtNpgWUv@u#IO zWVPw^z?VSiPcD{HGH3IkrTbysLpdIUTAf%xtl(~lH6gm4tSH%LrPuk~FkO9TDl}6@ zaIqfwS)(9iHmXe60!(B|y(L!tj!^PzzGXr|v>63Gg};;tk-fPalXo5a(8k>rpUBcu(c>dF zQHi|33mZ9cozmJAwHKm1Nc~`TNPjbX?=NP8^vKy!^jLbTj<#Ws(NDhj72F@D%IOKG2dDJ zY{bynTFu*D!=k(*EAkp!qIQL{1I_FZ_;zGF!H-=&Uf&qhFx=_d%(-%Db}5qMe&9Cq zJ`o50!b7o%=Edyp6qwIGb)Fw|s9D0#RD`uEPgTSa$uf#16L#jQKYpYzCfnFs9AvrQ zHI@I#kd>qZC%pC87$p%0(C?tcvKx)(S@x;8?)nGd;my}4#Ocz)F2fQ-ks~Vfv0twF z1{3JMA9)B{edj&5#A9yP8q9|fMKOuRH!nJz7f;r2U}cvd$(+EsKx?w%q#>#nb8RK~ zg$S6AC1}?+9#!X)H(53bq1Kk??O@wMa8M+2Y(M^a$Pr^jC#q@hl9{$h?wMc$)wT8C zP6V42pw$;-SF!DKwCO9A857}jhRZx^q z68yJJPVYerBtD4nf1l%GG?oJp3xR-hY2jz!T1;5;E=sRZqWwvJZi@akoeQ$0K4Zws zN;l9C-v@PTy_DK8uM zB*W_P4~<;L9s!m#^F1jBdc3T`No#~EgDN$C=>FEN%_1pi(wuVs9C!9|g@)g}tMBFWL8Zya>sYtlWlQmO>F+vX&)0 z!K%j$iZ#a!F^*6QvBFNua>UEjgZT9!WF@gu68rGY7#6a`wmyg2VKq zv;_981D{P|XuTfP8GM+`9AS#0;htlFp*19&Uu$+{av#NRzA==S z7nO~to5{WE_w_9P1RkX~g02L~Id!ZiB7qg=D54fs-`aq)t%W!#w6Qm^cAPdIzF=zF zg>vrSQRxF>5R{{NPymWCX^2H@D7*=_nXt~GBqPVHZj%!Nx$@mu3cE?Jk^U45g*NtY zB?zzCW?n|_-mk%!J^~JA)BL0J3Sow%MM-w{>bNGU{Ps;Z7YkcSi{4$CB-xClnriH| zel>mx-eDYhNM9zn+bng;&1W*2)3H}cmtoAqhS_=2h8`2%M;&-B>Z*pA*~_mOb#^w7 zZWUX^mR`g3w*fRS0HAr(W(EGK`8sXIk!9$T&8-dU?edf^Y#|WLL-gW861ci1Q~Yd` z1{Hzu6wi1&7UJj>qvg2dGovBAun0rJ4kj~Jrv@cG27eKs9nm$YT6I(0%t7OC48v$n zY4XC@kAf`sg)@!RZQ9cc+6*3KqoujIxoF6|nZ|Nkc^yemW?yv<&xZYGIUoy^l*ikC zs4XocRZt%OU}rmvgr_u-Dea+`Bql4rRR}SDQS2x#cHrX5`T13Ci_8f%QPTE07Zv6$ zCquaSj`>NeY#w{`bU%oWVw!BeQPJeEmNU~uTA=iO$GiVmk3M82jVux4WE`II1586; zj|-k9W=!aIOa{?ypP*k%c6Qgsy+wYfEk+xT+179PcB*}ChsNccjZ{0I>b3ERUUp{2 zBvGM-2bRF2HA%|V-G-`koiq+EnV5ZJr3RR6u5Wlb(>=1gEdxru6@zPik>tijEx9Ct|rTx zes&IUm}fQD-BBqCPJDxE9hF5D;_%k%^$uZDn|njj2woDbU^SewPWp4u{3|fha7VOp zG4tErPvYdi92OqaattixX-q|eL#sS#HTh#Q5>5sCUC*GGL{i>fvIK?*da@NxZLvja z`c5Tfv)%}ojEn!&gwg34gB02%Lkd;ak={13$|I}XXYt)(56wW%xJq!b^8)= zC1ldr=li7V+k9{4lpD>)53WfO?G)VV|Ke0p{F#Sg;eH}4*QnjzQql2R??k3)z8(G% zQ^j#tld`fgGg;=4=Z~JbrV*MnCzDgd9)pX>5>lbQp`31^`L$exW$H$(>{X~y;>%ob z7cIOp``47>w^e_8mk*V&zwH1=x0wdB=MTXrtndl%$b)=GJZ({Zv~jfout-1`485uv z^=ACqLOq3;>fnl}d-w_cW~()tSFynzh*{iPZho__5`Ly>6~Wf$`k1}2o8b3bS=QxE zu%7+-?ocji5cXT()78$^n_HbUJN4%K&Q|-|XCO3BqM+Sa1qU4l*ftRU5v6{xX*RnE zP;k;JUS#+h0a7F=R}4sI`~8)gC#$Xg_W4W}EV_R#U70JcE*#OnlWapZ(wErrbw>jVRJ_u}OnW580D$xex>HT#={ZQ0CuVoz)V}K1YvvxF(i+Xr&cajA= z9%STVKIoy-b~LUjegrzgrz?$gNr><@Jw5$p8WuNK=HUjz{OhL@YY~-P0*47m zC^>YuITeG1x3Zs0C*!A{`R@TM zwhrjOZi9Xl0O19AGLS2`^@1D$@NEa7FWVu!h$ujpLeT)gWb+vz33xJBKHsbv#cq!W zYeeE-;GZ!Gc+!7Cjc#P{*5~?ff`ZQW;qe7P0f>A@S5OO}$6*-| zyPDV0Tx8&7YlC`3g)|vh#%@sY@Ud_5{iU$s{B+nl+!6P-dhdP3=iC7_*arjk*(Qj! zz)l+vS-9mJv89T(OhmA~KcB6TUnfT0*$S03E|_v+W06RKo%w3Ogv92uyBRCd_T%-! z;rYv^(jK^Hxc_pCKS~}NTlt2x(bW1vC9c<7E|i5y7POL8 z2)*POvLpGq_35a)KS>Q!)8HdT?78Co&#CIf=IkuNgo@kF{k`%Pnc1+hTbg6zAJ!5^ zF{E#uzaTzl`r(2^zQ6EX3>WKeWm>2hYj4F~PRDju8!A_IqRQ2%KI41c#x|Cp{nck) zye-dWwaE(J#t~$0YA7_89zl%H_wTqIl@w9%&*!?7s!d8E&&e;9_9BjmI8~uMF*SFM zsElrkBooXjm~L$Uk*8o}X{M@?AzsKCa2rYoz18P7L4dtU(k|*Mg({u;<3$K z-q{S3yB-bx?QDOvsFr6|h+uj>s~7u)_OWD=oyqI-zTFq@zH=nQA&URRO7wA}Z~gKK z9zs>pZ}U>v*2SQw4HYca1Jaw4?()tmr?Qg0YMAszV~6?+gB*@IDhLrS7ZNEdMVKK6 z5exO(j*#A>c}n&%0jDguwW%!3wuH%qW{0b5^x(%mPM7P|=#m61wzca^Vy6dUmX+#D z3Chne%uNiK<%ofM(7&1JK6W-OY7D$`q0bp@_C(7)7?h zQs~VOexzke-gwG>{ikSRLP>cevNke3J!F&s&QR9hN0gbSM-e|>V7NC_)T?&1{3D5-uYVK_%U__4mC9xdjA7?>?Ty3O{#beq<#Gsf!$rUsgp zV&sqo;q>Ap@5N%1zJ^I!@G6E{*sJJgqzZxIi z!mBz7lLQsBS$Gd;bXr=pR2{!hM_VCUM)BOn$_gn5;E2H&C`2Ah%5da71?;sYDP5 zjyqP82RV%~gkBby7)r8DADmq=&5!!G*st$lmvw3qC&ux^dfuAEAH9(d9t4(hzzk2~c37 zCqsv~P=!HgNE*%5+4DxBXmPIT`*IX9@0Q%Hfr3~5ZJKfT(IRBdJji-=Up_`ltBa(d zMk1KRa}86_vX3~0rs0ax;5Mlx)zJ(rYg>xLK8aRuB-_r7Q6CT2lMm1JP6&2<=wl?v z#!ZqR2@(F{Oibv52{~3_(cM>Hn@#2zXNZ(}hLoK|ns2#9?U=An(EJl)9s)uPWx}kl zg)+tb1avwv8Ok_tYq50af5U9Nt^SfgBB$~L%hKuKv|Hqy!Ah>?@D^_eWAHeBEZd8O z5G}5t>+&2KhwCiLR_o)Ome(h(cNn>jUs2b%Q^~Umbe6fyx)$0h&FPX>Ru4>RK%?Vg z0^XMrX|VP45q$Hmx5)V7L_Ri;=Uwb(R!(h1XzuSuGEtONZV95pM%^oF`GXVQj`GAV z+ic-n^mR9wVKv2>m~jnCJJ42IF|hTwUOT(dyKP(1+pBbDzN*QJQHvq0FnY?=b4SXm z5CA;|;^%(9H3XJ+V1b31s-3lnhFmQby4P@@^uv+6*5P-b##3PUyj8^fBY$j{Ny3-( z?ExVX4*Paf{&L?2s71-x^0`Y?At_ICDytbWb8LpY!Vbr|tN8SQCbmlPIKA0D%qFSW zbKSBjkYRe}^l#KpA)5}si&sV_JL-hODiN*3YHLMOd;HV?7qC!WNaVU+H5O~!T`3^B zz%c<564?8Pca1pT=D>>5HdG2I*qn&&c<JC8XLXe~(WS4}o zKy{(36)HvA-{Y8lC@SbR6Jkh2yR?n%iU(<8BLA5~zJ~ZGd-49(xj0tiO97$}@uy5y zfg^HR{ju|D8QXPCM#U8u67alRQBW3^dd`?zrzxWMrPk=_q>~u=_VF1_{@r#|K5wih zO}*!=qC-XOb-ppviED6)U&45DWm&#UMBTxCW}A;;ooT|H84Fm53CabNZri#V(sNBq z@xx8^@NkdlSs0+`ou{aAMzJgzL+6YI=GE1ML}7&VHsHJY&1u3eO zlRR;OvQ;T&7(>EK{T28|p3)oEsGkpI;(5pwx6x;&m)bq%QW|~lALGoIiuzz5B+MmR zmuy0>4kLTVm<6oYiNAshmL-)|rppNu(uL|RmtCn@uHmwA0NK+@=d~f{-7ihQ#D^K4 zvJo_O#X_ne#a|LG7LMaw!fKJ8sS1yvw(@@{ogPQ^XwxIc=mk{$`+Rgbr-vk&!W7%o z;jnl)c8#3W&LkydY^V|P!^G-H)S=y|p*t-4fzV^F*P~n(5^coh-us&|*2LuXR;=LI z5WQJOuh~peG7-`ZQ@XQ$9ufV-?4DZ|1o`h7SQls>n3D@B6h8_Omt?b3kd8ZGm;;Na ziz(oWf`WqN(V%3C)f~ODh?=P>11}2{JjAx@co2ky8HhTrF3e+D$aTgesjYT0Z}+&C z&>WUQ^Qhah0&eUEs|~D(le(;^r)7-c+w9WGIUxE_uFuS{3vqLcPwUHZyLLyXVe~|(}kw=HpV-Y0sQ+J(GdhR0O;ZoX_ zcUNn08ea{^NxL#ACh}hCSO9W|#+FqetPJALDa~4$@Ocf6s%un@h+amTp&Z`2*WIXf z3b(D3F+8ng%Wv^Ero{8QGYs2_r}S}^8I*R1;G+t~qJ5i0d`FPO0-Beu;-ig{In2zL0S1DTcB$V}@jSAC_H)kh@69 zrr6l-@>mSa{Z&8{&0wI~vw6@^?PAopWsMwEy?JfKWTL78ZEX8)@IEws@_wqS+5NH$ ztNYljaH`t+le$gB(h)~Z6Dsq=!3Cwc#b zb|4j(5J)^#akMTTGe1FG5FH63Ig-kXER;7{uN~vXj!<{5!onF!w7D+y=zpU%{4#_f z?9Z3_KT-F|hG(%P%dh`Zc8X+v&k_{04|~<)zuaxUdCwkmD~N)BT3uVO8hry_eE{Pi zk$*xMirYyHAWlUG0MGny4EnEtZI%bhN&JXjpV=-yzPC1~5eq$>?_WN{ZZrvyC*9iJ zNkpKD@@JDUGI|7{i9R6uN0&f&1FXOKXRnp6C_A4cBmw3BpQ>-NOEqqbMdWw<7sYD_ zP8t)`*zXN@2(I!LL)+2ON&@H)8w?Gyy8GQdrxeN$k>~Nx3Y#iGDx8N!fPaei`Etae zW?h_|ltL-!zI^67DEUDa#3=u7MZa(Mr<7`Pl81##n3Ho}+Gej?iODks$k&2^jSjG- zNEWoU_goFx_jTs^TTbE9`|$DoZ=lYB{$HR@!UqQjY^7(gW`0>SoyeOY?=+7f3FOxv}yj&LasefD?(*~A?NcyLFG&rW@ z=8ng6(>3Vpt%*Mu2{B0bT=)~ajHf6s%Gjniv?vuaa-eeBuNV7DxBn3^Z&;?4fV2N%g72A zSk_e*(m(JO%O6F3haQp)Q0Q5%`vHAnC`ZG^_!-teLdM3vz1rkPH%mq#1d;7#`-c`S z%4)1kHc%vIh&S49c`*yCs?6hGl#C&@uj4Mvwa1D&w|20 zniNqBUd|gOCf4@i?-vuSu6HR+h*G#clG7?JkHoNK{emru-9pXLS#MQp2wm z{9}MM{tSpO@zl^qVALpMkX5M)>n|9)xd__G@u@9MU0)=>LH?WIc{zQ3y1}5O%uj|p z{Et64;LF}72>e@mC7ngwC|_qZ40R;HGK;ZAQh@~msO3s;&0zfhOASE$n=wPz$}S$X z3Ku8jI-1p%Z>fkDKob{q-GNRUTpGk$%C+iwkB^61A0+!YzZwPnnK1_LB^Uc{wi z7NH0Di&QnAVr4nz-smU2Y@5Fg_~BBpuM_3S{7PU;HSwN+v1b5#QSchc&^bzb zZ%A9VJ7O<;mnEx=-;?t`uhY*`cI!R(6F~!-y$VHFiXHG5`F(u>Xbkn?eF03EH=5waE#2(EX)cKcFAr6??gffS zeI$>S(|W$Ea}bU4s@__O0|Y$RJu4VF*3~xqGcU)p0GOpO!F_(G?wL3ofrE_AlV$i~ zNJ8iE&Fg;{nr-Ds34fLoQJn>0)6{90Ld5VWx^FDU3^7$`jUd>1V2z)9?Oh5DQ0*sx z&FBQGJ$^4EK|r#g(`ru=6VzjhR6+qZa=ueoUtJyO zvX1c>wn)Zzce6isBgWJVPzt_$1W-9N2m$H3!~k_24Q`v+E7F3b)dPO%88^(au;TTE z3~YOo`rP(*8SeXXz?4gKKLYu`TlYfze_f%S0<;G}X>8}{7!m?roq!ymO#HVg7NG&k z1Ov49SN9-4uxF1?7Vz9(`xI(W0l^9_K(=_t25JIMJO_x+{?GouuqWI`ohH8j_V~Gq z>rUkfx$Rl4wKZSD8nCZ%_9sB+r#Vr71-2$`#_@rk_^WH3@@zSpfq!20^(6xjgHk97=O#oX z1pMh=Qr|YV#drTZpj`O5n>>?{7#I>f9l#ScZ;&T|w-zVcG{ed8VwukI5qgeyMwhQ2 ztgkOzL4f{@P&XkyF)?Ptaq3aTby`--+hfykAE%%O?LMTT?;lNqO(&dLdRQS2YoDFn zBXPO^p^$eLg}tRW%^T4@8>b?6H-wc0nNBy~fuQz{Yh^(agzP|}JH18`aXZEJK zx{P%yUT6TEx}g6`D=uNuX|$yV%`KKjnfnoik2k@ml*+FTxy9QddX}Uo;o)U$_anE7 zCu58>d#&MYH)&TiUjSzpSsa7uX*drnhKaq1b)E)w>X8MR55CN4N;$N3p1gwd_jRjf zJX#pv9}}==Iwgn+S_Gl2Mf(@mfA_y@h4Vc4J4@n*S|Wt|X(D+90$qU-+4=qq-2Fm7 zIxOP*ZeCPQ!W$RvQ7mH|8-y28g(WlS^ecJ6*}*Y4dNDrV9$v1x@0kCA`oQ;vUJ!tu zM4Ki!hJX+TmzNp)$YcL8zVbC~z?6T2>$Z0s8vOvD$&v$e?P!15I*R6YigAE5u)%7e z-XeiT+Ia(o5gZ`Rq>;$?Im8k#SQ*n#ZKNCx4`HObl3$XZh`0WuF$iRhPW+8b_*MM( zI)7HKEHZkv{?2(xGQtN(1HLmwU*BpcJGB8+OfgCft+*ep7M2gxBOD;)UjTv!$!|H- z{~H)oBk&sek;!(y?6H2~g@XG}`yx&tyK#4*Lz&Cj_TT5a2|arujf3z?KnLtA0MM@A ze>o}WwX-(T7i=tm*?9jANc?Y=-%o0>@>>{6$p3lAE1gF=ZcLji{qlk}*97-ta4But zLNk$J_Yi~pmRlP_BOU)&K(24R+5JBE94}hG@bHD?e;AMHjh2JJLXyD}u!%(7&XX$X zo(AsopwM&{CC{douPVAdb%n64XZAvXRgX{MH8`=Nw~Dqw(8Up8Cla*0L>B}EqqpH#DALez$K%AdV{yK z?dI__{Q>XiHq#i52L);?*B;*3v)enS5BFRz=spqkT&q%U=5KZ7o#gMo)ieW@hW*V2(h@s?lz_R0FaJ4Qz*smr7w1^@X z#2%}$G5l@SRE0G61$vWdtI+eUK>tXrr!?<*c1MAaFke!!*?MlA=l|;LE5o8{+qD5j z2?eBv?v_$YB&55$TR^&pMoMWUB&4NFX{15AyM-a889+jM-}Aih_kMdH$NshXyJqfn zuXV82b)9jYLu+%JYE2&JBWKh@TVEx3cbonH8q7-#%Ll%&yB+J2gf*mE8~I@sR#}Fg z)VZ_|RsD5IQb}awPyUo!7cH$6nSNEy*L!W23J8X4a9{pTKQr#K#G-TLPDW6C?2WJH- zQOFBTl+Q1a$e7T~AYADBPNAj09&`7zaSAw@1fbUroQ$wo&# z$12Tw;N`eXjD(9bm(nAWhM#S;_UpGQ-vb-+zdst0Ns$&U<#Ufdkg}hp7vRI6PSw#+ z_$kKlem#VdpUqF|y+?cKl2IngfKC)1PnLdd^=Q-rx6c_ZOGy0U+~!*W$Mt`;pU$qN z^a=%0pM)*M{c0##CQ(d^m<7SegDEEuH+SM!5zp7dU-!flmFl9Q6WSXV>QNqA)3Noy zzary=7Mz!L!tLdgQPVD($SpPFo6{#_8Ngw`N+0@1G$o`jUChFePV4*P!mDCZ24+6u z1wtMiv@@(DA+IjJKt-Y&oa!%%v`$ru>h?C-&=5=NXhWCjWui*?YOk+Zehp6QSPsAY zvrmB7QM_PDvlI35S>0K|%rB3r8TM21;^C*$c9K%2cK9bM#-MeY7Ny8UIq~II z(1196KL4U3keT%JZGkJx#k+X%#5a^)B#*s#iw>A%iY0wt!X{;{ZNE(o>Cg}u!WQuh zpfx|{Bw}(1(B!uNrH`GDHoF$&z_LH#)~!jThK!9oJx)T7!B z4-faCaCBHKGG2ZpIa=0i7pb11ZI|;Xt$C-wM^uhOP`67`6oFEBGP}W z(qgmomTUtysWHXEp-RFyp(}ogT;kFlPvR#O_Fmct|HI?Q%uhc2ZTg$7V}Nh__Q0HV zLO?7(h$&r>bt=e+?J3a+vAQE*jbMYYNXx zwWqOz52ptYjZ1!vnPop^aYLC?{)>`bT9_?_DTHTQt97K_SFwH*`) zJ@ql)&HNzrZhTr6pE$S9j@%OOg%PAweMl*+O5F^2&n*M+LdUiI?WGx|$NN5};tEg$ zKIJVr7Xkd)rh5`n2Jv|}(`e*y7pvt*>-SQNLtH->z%?COCC1rHn17Y6DB^XhR(do) z-tqR^l^PV!v^4kxi&Hw8weiDhV#;Eu64D|%hr$3B=l9TfwVlHE2NJ`3TEl{PHj%R3 zSqu(np7RBdE+|iNmH92k>8B-n{UM9=Nu5O7PVz`;+Ku#@%O0+N_Z=q_=Q5;i7awfa zXp$cZy+kp?pvu0*2`dRROLoIl`B<EM_m4e@`tLGLy^%+xdI z8Drpg@;SWEq0Ih`5?$^bfbrUHp|?XTn^$Vjh*aw!Dr2T@r6TaRHzVrf#i2C6Id7OH zZ%LYeVr%RNFL@My45DA!A+|$pu<}aRj=ess#4Sy-DcGY?M^ru-y+ebd;k-?UrQ5tA z(v<%E!9zU(8(TXU-EySpsg(XD;{Ec8LtYBYwfgy)1MJh8lzOogyMdO}pz7d1aEEMI z$j_SGkev|^d&jV6{s}QvvLPi4Wql*4a{5qGp*el_RuKgsdo*R;3w-OL$_J970?aym zITcs0lP@rTQDs;7ai4yJ&f(-C&2HySFE^|>5?L5^i{_@zGedWu9wrNOnmdX&o8UZ{dtJY$S}Ukt2zHErTPxi*hL4z zmAt{cz8Tc2?}O14={Ij9N9vqo$eAz}WIGzigQsWtn~k?0A)_ATnmT<9)?aFp;wV2K zL2X-KNrV3_>(D-~yY{&(sbpHEcPz-B-E|{vKJ)ZCwBvB#3cVr24E$Y_5X4ybIb{5d zNp5+`ggq1U(kgC{@GM!40zQ}}U+G?o3M^JL`tz=G`{Zc7K7WNvX!LWu9DhLuqosDO zm+q)Osx3aHtvRpLr#`ZmBI8we+9|T*Dzrz7>P>YYM4$cQ@*}%1nnGi`VLbJTTaebA z5=K%qMOo{}>aAG4s#8PkhhZt|Ll3?_cMlZ|q1h4CS@qY(;_zKFZD_bYA6CUOyF<%o zp)D#J+DhaGp9l7KpR7|k?ZYR!xZx|=`=z-s1<}O-fvf;K zVdw(?Pq$w#_iewkZ!!l~gJ^iYIT@;Xee7R}IxPhLyj8;RNK?`A%NV>4b;w^f3&W){?;ct59mqSX7wFILEEr%%Uiv`wRru7I z5-|6-BCyBGTF;lRg`>ot`{R;R+{+C?Nh}(TMK}i^#o@-qWAH%x0tw0do<74dU5-zD`Sxo30<9Nr3X3zs>RiIL(Ip#`Rx;-7xxoN zI$t|bW0@HRio5{ctYyE8rS4OSta$Y1vl;#6o{p=fCTOx9!NY%HRdg!KCl!B8yiw7u zFIV#AlUb~L4AfhkR>erFE-qIL*29hwJ^lOe_gS-%mt4A_drt^mYTnk><^QsE$6fC$ zZ+uyic9%z5{i`;P<=?Q6A$*v;31u_5^G znE@Ap?0nRUSt56*z4CA;yao330O(G>V=?5-wDnZ4ZX{EJ{Rb~&Gd=i!7qg&rcR1(ar0 zZSGDsHWi;OtRi)1g$-1xB^&F=zM%+!Z!SLN;@|<&!A*KZsawnYHbj0iX8RRne1>C}1el z`Cv3Tu2J~JafUXE=NrOH*43-g;-SvO(`wo4{b;_uMhT02$3oSg?jKIs^E51Ke=7j< zZD#@fKwsY}f=+g`qU?BcDzecL|hKT$wsf)1)N%-)cErx^fKB z=Zr+ej#GW{z|>~Bm4qFGffe_xrC2hfXnTVTnF4)2E`KjE{_JPql611$Ena{-8-HWk zz&KvwsjBR?vfuON+e&I?^#sA)6Z5)nu@^e^8sR~YsJGy7ACsMl$5$4*zWQ6nn8ya$ z<_%37ckJVm;lp<0@%ivf4yT<7D<@5w<-%7orcO4^306FU7x94=c@oNnPHD@)I+T4>__Y1R1L+yw8k>^p!5?DQbTOHnBHEb=1H^*HikB8H;d zJaM7i?tx-saa&Lzth4RxR_nuZ+4lplyBpWcY~=5&F}#%d1T$G8qCRbCdra}jw zs}{|i>`Sx@d--z`bu7Z|NTg3(Ig6jvjWLu31{h%l;SAgtjIv8#mWZFJ^{4#z)_r$g z!nquufMJ>;y2es=ep>`F5j{PKxo|j^^I7}h;l_N{$yZ;yW4!@b;|v@B{fYJYS2-g? zDeC!r(UQ1Wc3nnXB{|$b5u(Aq4}Ad{EQvQu-6fyc6V9C`H+Yq@B|?)lM;0gKxxcfY zH)gJw_k)uK(m*8{BS>RwtjDA=v--14mCiolo%Ut6CG+$~1k;(C%RgRoyBz4TXyq=m zQD_m)yZo2F15CA$(RYd@-8jGzN5@Mi@6wDSZQ|^STHe(kSv_F06dn#gc-8KpzbN~; zB!@R&vI#oc)?0*`8BmKCN4l|0>p5YaMcFl_jN&bo)VxEs+L~D8sV2^< z!*yVKRL7BNLYleg)fk>KL68h%2_reZY%>=@i9(OPLlW*IOij@P^{;CVl#1JIRW^A^ zrlx|?%6hIuQrY~+| zHOi!`>c(s5KoedTW7?|4fs73=%}qQml)r0yZ;VPP9m@WKvZ*tGr<-`IZZ^H)dkid8 zjK?`nKG?zeD><6R)4*=q*%$c{=c5Ifk7Hh(xzq*d1+mP>HqOO_o#oFp$7HDXv@e7cTXjfjDt^3ruKi6T`UNLorGQ{4l5MaTOh81U5d`?# z3hdHYr$6C6t@@W}2wn;>M4ymOI#2?0_|ec%JcVW7G6vOOpU`4y&7>jH%2wzD*MQCW z+g`U(41N_@PNZEP)K8;{5LQq>sSx$^>#PYEC{oFY`k9BW3+ksRqJBzz@2~{xbD*zy zS0-~)+aBVy!!23%Y;PP2s%~<~AHG8VrL5NB_5NCx1&y)p=LtP`Ud)6Sl?c_&N-|Cc`zZ>!1bor=W%e^9 z64w5Ll$%kgOs0~lQs&!tPdG}AMjpN;(QR;uWG4p%t ztSQ!Sf3j~o&~<6abaS;^c&Es}Qg6S=6Q^IeX8BZPYxkqhG~qI#kqh@VS|c9bD5W7T z;V8`Qw$W+jt;feSKb@U8_ziU*>VDyu=ns*z%N=BtZu<*UdiFXn_tB?!QPC8h6d)!= zy1Bo%X81CB@^10%19j&I1H2P2pT{fftbwi}V+-cj{+FoWrsqhyxyjo%{;KcdhQ?n1 zm&biX?g!~U2y-D}({y$0{mS5vzqC<1=*iJ+r$=TOA%es^a7e6{qctRU^WSyPQH65R z_CA~U4#_=(j6EWAk1ob(oMzYNG5*^mYQ3hEE{s1#wGvJO)5^UsKnR#MvK zZz3C-S#O#U$D47wtM%jyD{>b$>WXSAUR0r*v;}1vWG^JRt+C$HOs7b^!)MFoUF7f0 ztYoBJjR^;ZL0D;&<#+mD*O_kDUr;6jj&7Mw7>R=1$%gvI6uW@O^U-WBj2tV%N!r!v zkE8wn=#HKreU*ytZZESA2@Mltw^uW7`aL~$0e>lcn@VYr$jL-$#LD%Pd4`6voI=rk zK*mZ)Ot~Ll`ILZ?5pR8Iw=>AS&;8$@l(SEhGwy8tWV*c-uMia%>?qCZ#Lh ztJv*hg(ppVyx5R*k+uOA3qo5RX6Wy#lP!ushSrPd}zMd{uG1 zjeDGO7O<=5;>IV*lzDp0*mP0unM|QxwqC;EHMQAmXGjUJR1!{IqT9H+J?%Ts$3E?^ z`dg>u&ED)8a~%OCA6%lpn4F9+j>Juyr@2d9M@eSC4a1sdtZv;q=eRN<2epT~`oR5jSar*<1Tt!R+EzEx#;irs`!cZ~5JMlmd9 z9SJG%-SWNfZIAb_ zXC!7S@^){>jY<|JxNNJAxlmncV~x}u)V6AISw?$Yab^WkyMX>|LgkLm%0g_@Ii9hu-(u=mXHr6_y6z->fH7fq{PB!-C zaA4A@lWnO&PK$;%id8N#b!kR^jNso}`2SixmsLqZnN*X!Rik~~`d`O6sl}&gKOxzm zU6BXAR^>=ST#0w-GS$U3WwBnu&m7h+!_UIFla|Q0P!DXD?OZ?n~hX-49e!o;#m%ySa zZZ8+<0nZGGRfR~Qa>0LA%U)$gXvk0_{TDyBSV>=y(Xe8_;!ol7E-Fiw>;gyBP%V-rFq6+PNRrlpkFKhra7?xjx55O z%Jc;e$#Yp~PE4#2z1-RPc*w!n+4;tbf?tM&F5(&SJK%6`FxA7ew{AFc_RzrZX&U{$ z0{P_FbRU?%*1oNJ3_W*WB!`}qLQeEB9V@Q|@t89;!)C(siq}5dvbafTtqJ&hD=_*V z<6?Zz9pJ!v$E;=)*DRQ@ncktJcNdphkz^%i}_24^NdTCE+MMF*q-2hQ2F$;$SbK%oOgGaY@ZT(_DbuEJ224?6LN2wz6jBnGctxQrkjX&K(x zXfs`c5%U;P1VysfKrhkqW9>mGGGa(tFsn;F9Tl_lk1U4N2P{xqT|?gcUmmtxEbG@W z`9Nau5P?r?ulvbTDTo+A6{ZE4R{`OEY5?YSr*ET3QHZ3eJCHbmgo-GjAk{OX!ALOK z%XA+s7D&Z;54(eWOL+KGofFvMvsuu9tCr;#5-p-}kjZucLNM(9?qW$_q`2U^#~Nt1 zNGJq!D<>DhsJ$H+Sm^(3x!o1zFL~|19r2zID};#zvpNuNE=Tk!;}-8}{qRpfUS-o39l*B_fjDeZaf50LF29)(xYiN2FaZ1s5y1Zva|V3GQyFPC zvc(D`{Qt6w0V8@+n+Y4ZITs*&%X<_b7n~>vWX%5WdzpD0yvd=1F!T!{Zv-!Mg#vLf z(BxSW7y&Y>VEusDJk<&t;?PM5H#oHN4D>*mqb9&j{JtL118t(eLu`{4^g#c)4}e1$ z#G3#&H3(1`oSwqL-QXk3xJ7$#IIPjVv|fz*=|dE`m7~>8^`%b!~qlAp(Joc2SCiVHhXTECr7Jy$2Fe3fsf>^>gu&b>5tiH##j=#+%x^Ysf zosaC`?%hWvGs1kax0wpAS=cj_O3eo4=7EUVR4NrL6t|3x7MJZn@ZSP7MlF;dMh4}X z{~X+;QGrcQYqA@TJwS0yY~Q>H;Bi%Gw)A&jt-@G62~8zF;J8}XIsg9N>Ghw^4#y={ zBiPjp7~B%9z8b=AJ1eL3W@K+OJZpl&M_?Fi;Ho1Sj_$rIWthu-EZ2&u8*Xj1W$+L!rPy$cVAg zg70LqMOa$fk9YGo0BAVcy>M0HM#ulb^~NjiwiCPc_Dnxyy584sd%rC}zZH9>^e%JL z_(}FWC-FlRv6YkSWZ}#=##tbwuwrE*-;U~u8H>!m7m@D<=}h}YgdQ_Y;qyzLTnwm6 zd1m*sWo_F$tx3H=#pqFu_Ua!>YRKCv{Pk$8IwnleGu7jDsB%VI^ZT83v-Wv#LYQQZ z?|D1zPQbGl2j!>5=afgZ>uhU%sg(ZpX+ksuI}fV96wq?;Mlx6hjNO>g57>5fyjK=T zF}{5$e5cdI{WH47SNCEoD4&mqhfUve$M^h1_6(aTIaIJ3Z&qo>|DJ9B@KBn!f9-O{ zGVaNVw|4?-&Rd>g|C2R+N56pbAIoAb%ihO~j>&1rYbFih;;>&docHpW5F#4NCXh>t z31P7f#3Vd%@8n?99ax?=l)*yD(QiFQ^EqbxO>+KO)PF}J&*Smk>LE(c@!uaqG?#m@ zHa}ZrA)$8>ueQ;p(2$WCQGgpP_5QHfxP>FWeGqQEGAogk!X7?k?5n;)Lya8*yFbMK zY&}RH@oK4yG9T%;9@mrw`%cDu!C{%_9v1v6P!x#! z#*M{Z!~y{k_r6C{m$4Au#alrsDY12Ti>zT5%^Nn@-Nl30^eaey<}HNxF4z%va;A9S zZiFx0dTq8K+5wJt{FtyV-_I8~SyGQ33sh5l{^QMg8Z!~`>nTp;{c07`5jM}P&;=si z|NInyp#k@6H}H}vdIrD@&zj5=;H}KI23gaHp9q+t3gmAR)(LK9wV>1j29b0mB8@nN z;f1C{^DW=SwJJbI`43F-0k7DAHuguhLRg1=4m>JUD&^q$FP-M9zyzxq0IX%(AR~^* z$Ed|^Z@rn`C7wf!QLv*FMGi`mc!TGnciX_l0v^(^;Qzl&SnwvzQ$z&ev>X`j)DwEp1eP3-d=IZSnQ%Yb)jVG9DDM^s=%N7x;l%jtthN%_4k{$ixK+FeqKx(!;kX=KH|nl ziov!WTd`!96_s)1N#~vqR&(cR3)?&kV{Z&%v7XvSAhLHbNJg!){1EZO<+F|f*NY%} z&#XHlDCCEufwndy=_Kjp*9#EYyx`;apk?l!aycQ8?zsqNJQDbml~j`WCT0@!Uz5uq Az5oCK literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-firewall/images/fw06-block.png b/windows/security/threat-protection/windows-firewall/images/fw06-block.png new file mode 100644 index 0000000000000000000000000000000000000000..2909fa51d3663996e92445eb6b584d9a0b6e7d86 GIT binary patch literal 8080 zcmdU!gSPv0U)H-eysI)kjs8FOLWSZPHNpe;HanV?yNFGn-`Gy5hG3@WENQA z=JTmIH^|TZ>RauTF8)Vlnt$mdpBzIKKS@dsWBu^ao{s zmhIq`?#PSQix%YqP6IhK;yEB%GibqC8j|)fRw14^9v$rg8m^J<1X@yeM_(Iyey-9U zFzk0H-C!R|&|eWRksEFsP~$#wZ$xrCNJ`PS`vliL#-(XjRuy6 z?k_)kEscH|=6=E(F09mYN!&X#zk-Xn5?ML9oQs9yWvbGlj;i*H8op*ix81o9-;bhU z`ikZ-1Zy6?l*1@^(n%G}K2JsJTv$f7hq zvZq;aWK-<^&r?4Rew4sb?VdrkBkm2z_bU69IDL z`b|}&PBCT$p0j71h{57oj*YjV53MPcjpY#Cj2V^Je$}Yd_NVL13_&s(2}qBMHKH2g z7GJnuW~QE?Z+AN&NC0`Js*H6yVYLD>i!P&~r&^TQ#uK}kY;NFe(0}F!yyO>Hw=QlA zsGl;66<`d`(gj@nd0*(MGw>b0ZsbYA#f6G9%u+QCCg*LtIerCx*>*KzYJ)|6AAA&T z5wjim+jsMJ-@9$c`F5Q**montzH!=o)0%zes{e;6UEnE9YvZgkII!Z?jQg16%NN#6 zW6`{==}_;*z>8OG`aw$}Sj{HI+PNEQ#2Y@#VHDv5ygv^+&sXZ;yZc@Ab;>`o$6Yx< zeEDSI8V;2e?+AAU0=l04j^}EacN*DRQZ}hT_nWd!OB$jLBcE4I~wo-~U~_Z@s@gIB@32YFkTGPfu~F^?hE=75BkQ zE+qJN$6}uLHoI6+Kkl%0ObTjo_K9vMT^vi9+=hgDR0jnMJ!#qR%Q@U>GE2;JdqSPJ z2UL^QayDbKnOqTr>@5KMp|@4~`*he|6judhwn6RJrGjXl?RsOrn+dIpdH1my;~m4c zYckt)D-(k7t+Al29LuGGv%%2t z-vSQ_MZEXthwC0}BQ{EFceS^? zh;HaIv)@b8|Me>dS{CTH@bU|^ayK8o6#Sj+x6gzX zX3fvemRSx`VLQ|XTdWVBCeJjFxxDwGWLbzopu^`{cs6gk@r&+w?(J7#1-5(YKaW(d z$RKUuae1*=sjo_+jx<~Z1H;@O+hdN3%qPnIWaQ;6Md~l!K01uL`}s|&KH;|P((ov? z2RGIZV~fXsdbYFmO9*!BFbQL`-1|T7;+6=BFE@}of{c3rayO6&RrBHuJOf!Mu3!Az zltdVwAr|k>zXqKa?xjK3iLIVmiMTY)a}w09iIhw=A7eCL_-C9YOO22w8ATaZI-ZqKU9)9l?L?YCmZPxy~E6&6&zJgKoEo#S@2i z>WenDgRdto?yqOrwX)`nBgt7FWr1>dyVFbKq)-ay)~k)=PSU@~C3QWK*4q7krwmjf zhMZVf(w805NJmIi60cZMMg6yvqV+JPGGP6`;7j>LLCN6#rp;EQZ~iZ=iTLUu@WB7( z>&-wCd(!rvOR#^%&Fw*O@u|wj;OGCOF0&5;io@ceswT?`-fe#u0$%7dj}7l@y7=ju z79yat+t>M?e~w#Uuc_s(W5Eb=<}AY8}5y0YV~yj$clzguIM&Zsd)Q{-)^ zsvhEjma}kR3r3Hy$UAGkbh3}Y1UeYYZ-A}A5RE#!Z>mG!byI;YS#7B+8!DM)xjk}4 zqKY8B-dEO`p*M)po<1E!9Q7nyNVvzgN)fIZ)|!}R29L#?o;$>Hfuc??{ncE+Za(0< z(7b~MWqq=tS3>)_f#JCCkjd{)3790S6!g{LV|^n=deK83N=fpV!wBh{V&izQlU_p*)v}%Bp6CY11g+Cjv|_ruSa9OF_H!oN zKq^3aiU^5)+z{dW`h6qp(ofmm?jin5{DTW^~J83|Uiw4IDtH@<5;&y7KQ zsgsP<*L4NC%oZShBYv5wet_|$P0&Hh#YSk+fRQ|>aV@$1nl|@1-|SIMg7VmF&!U|6 zcYQ^lV)(m{@?O@1^^K^w7n9T{yEUa{~5)s5VsxUhcQfWYK|!ta3mEc z)6jO+LpgGKA{5$>^|!>vzuMTwA=M17gP_}x7Q(S%7$=_s*b4aWR`)qd$sRmW&jh$X zrB2=+e{E}QxkbmM2m7IKrgeNaOQefM&pZZOKN$ zB*6bee}AcL#^M`p#;O07hrV>EWPMrz(xPtsB)T~JND$7yg0JARvZ*#6d*om!elX%Vbds`TIck zQIM^&NiBM!WD?Drv>0PWCly(}JD*R!2qxR!!sEhv$>f-YdNv{;>}R=k9eVu1!IRF|8*Q zVa^y3fjGgJ#f;B?nDpYioA=e#1iZ7C7R_xNR~W#Zo=NmBv4PsWGpRDM^W^&Gl`pL6 zV~Z`177dRhm&MX}$(?wGVOVoYpGoKq1=xNQtR-Qi+H+sY5H6n^B@!Xs=ag-`{{8&+ zXO6jL$9w_%Ce@3+&_kwcpk>vF1oI^>Fcn*gBP(g2NnfS>ZP*Qa;!@iiiW!4X@UUrC ztEE+g*c=$235nC1^`wHN90HX1=CU4vS_5XNo`H9SpuzIxe9dGfhFAzpM`$IB>7O&r z`-Q=9P{jzD2OYks2`R*elK{**>frN~LQZ`gv%g|q`McV!aF4Y(T;N|VMGPLo$u&}R z#}A*jL1gVXmUR$0rP3Qy#LofE{Q(;!p%<&UhvvQpv=Orzgd0(;ynag0dd4#foOYNu zynR~NUXo;6yJOSfdWU5YqpNzvp+{Gua&=k%owAbi(Fv=ChGf0%#$oyp4{Xo@64dnT zi6jI#zMC^Qt!oPiA}UObA23aHJ0h1r(4RHxi9V~;owQMe?-~yGoaf)-8WZW_Pt!oW z21pJZ2Nke6sNtr&N)vT<5EUp^pxlo#3fvei?DVPz*y@YgR2~llKCpqR(7~)mS1mmpxld7){lV;mbgkNmdB?}OXprE|~WU0`hT%dCvzq%FaN9C`YTUB3r zRbCOtdw1rjl@;naF!*1|EZ6+h145`*v#f1%te!5T`PvCz)XeL3Ut#G(AFeL3z2!lk z!70iAcQHeI0#nrtA~d({`aX^nkBj+H_4qToE`R=SPceY|*DN>%-u;i0gn$Xh&48G- zVUM_^-4ElOow9M{Y{~Bo0C_|VGGZHDmAc@rGdblQTXxyhA*0 z238+GeQdA_6G;}hW$LjX`HNB7$9+e$PeuPQ1NTE$s5OfJx@yJ{ZcMm+2pR|BflKK0 zMxtPxM>UPq(DVJRIzR1r9-9}}uv`U!S}Kxi*bq)-w9csd53N->VVIij8Aq2^K3e%c zx;+jE@%bV8fK3WK?r$%oZ%-$=WS~f-GLU%B^_`aOY8|9pk+g@z6>|f5n^NQr?Agnc z#0XtDEwR?;PTxtf%K2na1`W{reD@6}#H~p^q`YWu;=MBFOkFQP|Hr8jwuzIvKN|5}U3rPg6yW!M*(KlzmJy72eZ=1v<^?5dYkjmVB1mJM@ zr|@elk-cbroZQkc=1$e z^+};$ef9Wjx-)^J;ROXzPG3wGgwMM*^&+t4dQwzcJuOJ#t(zWYeb`K|ouJ}+Fvv>Q zSr_u7E|kJd8$M(q32$xyP=}ER5*s;zWMn-Pc1XCPcDhAM3u`TAZ1u5oy~6gX2;p&u zel9ePORXG5=|7;1g}l~_aLRKTa(4gp6Kc}{YfX( z6e5+bPGG6#Ty{Eq(k8t}i)l3dJy(!9i#|g$ab?v|$r_^jLF{Q?K zF6~#AzJ^)B6*R5r_&co=IxG`$zuV5?0jD)OQc|h+IMP2L0#!t4AmV{a;A$J}8J#~! z3PMU!Hn+f}k01~23Rtq8D32vSDxD{f737}g8OFvEQ(w*wnvdffG_?QzW8x_?sL6@q z#C*S3*t%OY^hNZ8tv={s*{&xFVT;17fExprbm+z9Ojx_@Fx4ZGLtvj zc*?&u3Yzq(2m~`6(qkftjIR6ZzES^|#z4g%;pcVY+|8N12o53F|Nd>P-W`-#?Ui(^ z2m<8`fTd(%qb39O!14(Rp+Qgm9+U3_+|)dN?NX-6-4_}%h1c9`iCJy-_UlEv{dM>{ zj(EU4HkkY1o?`;Ba-b4oCELj4RoYMI*mKh3_l6CHGXj0oP_0=hXr=)q8!uMssLZ$l z$RFhZs|7`Vcmmm!IAV(MA~vA4(XlT#AJ2&|gRGqvDK6M|mKeB7On$z{r5aVO@dtr2 zo%ztIc}g<8`S9O4-5qxQ*M`It>$vXmee}Trq`0*zuczI0HWUKNmnIw%jf?HCg{A4{ zHhM#=rQAkY{1S3BD#RDRhErGsd`N7#B4hwJUL|QuHK{b%=LXhui=6;uLO>PXEIVSI z8b@L;94?b`Z@%*gh$?b*0-7emk6~3pn+8CM{Kj&|L`TYQ=zjA~d`6p&Ew%A8Rizfv zk?R;ZH}yQb-xPA1OmZ(zcDS5aILcAJPW>smK_V|AtjkVycR9yH>Na`?%lSmc>X`QV zY;l6~tMTfDUbNm1b%U*FgCAYPZ)|IxXEk;BSZ8GzKs&!D1HdM;R0HHmD$?s~%=A~- z>;XTKKx~qHEhb@nCc1enpwL+DE)N5_^^kEWk!RYUc1++3LCv0pV!WwkuM*Bm6)4PC z*HCzB_^O>{;dxfNDlG}3;hchℜr6DC5M#DmeOg&%Bbq+6c#FfXQ!$**97}qQysc zL#zUmCsUsAFFk}_WM{;K=6eh)%JctG^dvvM552Hvi$Di$iJ-5_dge|$3JFdVKtV9- z8I14y6Hyt;f}e|Gm35Cuu`;Z%d5CV7nQ4w0hqG0kxEbt-EjWeC*w1HgC$R1y*-1Pj zUU4Xd0!~A)oQ47M>UlZ&YmG=)TDru{jkneot32lf0Y!ONZ}zB{t;1QB%}5`Ngw1fg z=KHA5B+$4%TN-mCAl$4;ot{>6lSbS{aKIPp;N(A8;yY{@L_3gQ=0AdepgwDtBbM!o z98VRMZ>ed<%^=?|)u|q#{369rTYSy=u#ON}j{F4VeA6t1a}8+rA5=lDpXdMQty`?X z?x?6OJtiMC$2zKu{^}*MRZ;&`eY+P-m^y-Ev)X~TYY+@5+vIMTmwWZ2F6vmYIQ9f! zHDmCX;ghov@Y+4rLMQx?A*dx_c)@!yws=vOvTSfLw0faEu|H_G@i`$aXY%YjD4Njr zMDu_Kc5?*(iLcf-(~{Kq#zc&MV_N-zG&A3u*yeqO%W&1Wb79afg$ff=6Xn zOneg|$!ai_+2@#lto4H@{HKald4)bC&_T?s&!DFHhDnNKb=ZRgfN5IywKUPY1@G(+ zX(T_(#9gFz0Mi}E@94t)IImnltfMx0BjfUdyJ6&n>o{wT&q16>PQQ(lW={fVYae)7 zE!qXP(S$j`bvatXk7pZjcal3c`Yuk;estF#fp^v|Q#-^TR&()=Wbvvek1Cw_y3gdJ z^OSy9ZKo|6KQlLNIo-2(*K9(<*#1L3ZHDb8Geo12oUw4>314_EbzK=+eu@Tmf53W1 zN8LaIcbAiz4O+MFFXEAGBOxqH3P~t6M3PerJq1E2A@knj#}Es1ssycG-+?vdG);V| zW_ni+v3g06nz9LSWBgfjFtlku!xt=kOi^@$v`^MYs5JbiD5zkk~_Zvx@%)^oTofYzw&Sc`9 zd$!Z{^6kjW%kMdAvH5!WM}}ub;!b2wixzAfqMsW*Z`i3fEB_>>j)DfIz^nTutekhd z{;6BXkl+(gYk+%GW6J4in@nR{N}0xKJC6X=YO!em~wC zg;aILnd-I=chVRl1>Y+Cc*f*`Q)&^7o9*ejmzF=Il~&bcygf}#e)~PJ&N&V==w`(w zYQy#Ipj`H>_ixubuTnQ|K#eg26`7>g@|^q|S}TDw8z z8-tzP`ZxE`b_7m-MOM{u8k;m26670Z#SR%=LLwWj%= zE^pWn)XMF!Q*y>UYi%KLt(Ny7&ZM+Q^B+2N$JtGXT1$qesbRQm{T(51A&tAZ3yFZ* zB)-HYu<(~o%XRxFgUQguH!6H8oqS9EbbVyZkgi;Dw|S?+X|WZqc5HI6$88=TGHIP6 zd@DQ+t_%BL^)2`CPzhG$kUG%E*V2TW$-f(Chuj5R0cDLuu?|ITnwD&2vP^Hl*lO72 zdFY3LF$5_)kvT&vCyN|2&kh-{i)^Vtu?7*BMJ|=@N;>a^vQMFqXxb3*gP$ja!e2Qb zaCv;Y6ro7`2xFn&roUlf!*L5Jumt?(-}r$r2y6})tEW?nm>$JzX+m22p+$xWc8L;O; vjkB{k9%tvnTl{O}(d_^K#idK4%V2Ptdk6#L<}xy?j-sllrBESf`RRWE85qpW literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-firewall/images/fw07-legacy.png b/windows/security/threat-protection/windows-firewall/images/fw07-legacy.png new file mode 100644 index 0000000000000000000000000000000000000000..a8d15e6e3172f758a5f8d3770d98d503cc1393f0 GIT binary patch literal 37359 zcmce;byOTp6emguBoIRI;1-<0HMqOG4DRkaSO^v%xO;Gi;4(-8!QI_m27){6B;{9g;d4i=)5#u1{FIn)q zWMjXbs?|WMrFr)U6j!lC9D?=PR~NE}08*{7w+MrPF|m(i4j%IcEB27qkvpHPo&Dt} zn)P(A;brT}3*cS4>*f3%0an+BV=ywDAk5!`1PDiIT1r~`5|#w!@9_hXp$qN~ z(b}=S`gfrSt-CM(^&G7R3y%%*s;|T3oAzTXjc&yoh~+Q5O^|9@7%{_^C1;?+_ z@#-af7>Q%e3wlShq8G3vs9yzdMUKZVvoM#=USV*8ZtORKhrPuH`^hqnN_#}v70c5& zey&fcm9T^kYY<)1eb>j! z?*^%C&%9tvO{+5if5&wCt>o+HdG-$#{zgp{Rj4rIJQM}l)4b{Z8LTDGax=Gf0a7i< z7Q8vxzpf8zVHzssySJ+>tG|{Zt7PzasNzd|S88;P#;>}iriY^uIn9?hY5H}$*=kON z3@Nu?%dub4L+Q#3rQ-dRiIm<6>z0VpMN$E~;FS32Lr5=JD^7EW+=%qgyHQ3AL*P@03+;z-f5{lX7D!F6jIA+{`s>ege(s z)Djlj2g`P+2QSr~8-Wt>N4EP}N3BaolxDkP$}h@U3y=4M$)U4$j`nRdtsY{cFL#ky z5NCJVokp~@be-tywwb_pct`wYg_uqKps-ng4s@1C@mXV9r!BMMcxy^@n#*B&LJxa#y*1%y=$cR_jXnx=b{c`(_N<#imUpfy zylrr=>fTBC2{5kV;J?dHt+1%!2yeNTf%IE=t<7_f8;_}P?Ub|ODzc~Akyy}t63N+B zVt+IwX5Gi;x0Jp}?)3K6wh%W#KQy=m3X*UNAGeqS54t(|4sYg1LQnKOHOA{bS(Cn> ztYPdQpQg;O7oP^z%&pID?Wa@+MIt(Q-s+r999P>H*NnAbWrtStrWJ;VM5gHnJ5F*) zcELQBYkgD!bWQQ|@(Z``y|S&+4MBy;sM6K{`pS;dhYuOk`T&lNKIFKfrY1tq;kr}h zxDDfUt$0VH$4Z@H)Y~?`yOsg%7hxOqqM8#2sbsDWr5~Hk4VEAF?(T`R$v}4{L+mu6 z&zYwEQiiwLFAYv`nt0BD=VI4~OPD0wuup=saN~HOt_THBUxiVow$ZEB?xR!pfxXL& zE>29ZddS?b+O=xc)a{QKTXT5{KKt`xz^5=oWkglp@LdArO~%+0Tq8utjhKJD{C7ny z5!YOTVHRna!3zDg6T1A+cU^@3cw0>`GK0CUZuz@ywV1%c0>)z_C*76%D)WfK>s{qh zp;BK2vHnCA3`y%MIVE4j+ih+Z~~HmxwjC2*`@n3wtLs?8_tqj>9O?~le{JUkf22#b>@Ci zQ?u1ZN5k^Qj_VzC%JMGqlp1dsC3CA8w$k^c)*%>#He-0&_X74pd|5Le1-vzVUeh5i z^_QYN9?BdB@nLL-Qy}WUDuRK%5g}>KP8zEvmK&H_KEv>NlgK!^$mknZoBcl7b5?~b zb6>x5X!Arht$GhvgZsxsOW79B{0x^zPUDO>w)`l4&y3%WW<;V@VgjVxrpD*CUkP{> zMhU>Fxqq9-+Rh$j57M3@hvC+!k}`H-9mOHPE^E5|h!vOzK5>&~Q$AdpY4E*bK4|=Y zfP8_W8~kr1#e|J0OdMwwT^oepC}s-hVaAB;rLn}W59m}&(A6Vyj_e|ojfxN`M>3S1 zROt&!sE(|8JCPqBkxp+o!%JmX5znD0eW% zK4U}RM&MCB^du-wRO-^kD>tZ0uUwaXOs?EzCRE%MfOKIgR*ooPs|!dikCtg*%l%v| zr%G&T^Z}n3H3Phu$IOjSJ?&lREkS+BX3a^SUXIKak$#WA&Rn25P5q zCbNGafq^iF;BE%$QEsu2Z7ewdK1gfnn9FC`NjN#SF?KzFjgKwr;M9No7e&siKaeC) z8pgRbdtGAVIrj%iz~nA>oN>{;`kO8h{s4%g>#>i|=w%H}aF?DptJCN&p72+MUQ%!v zaYVphyn#ss#V`MdP8H-9u^+k3*%~_Ud6ThycTfm2o@tvZT#k+H*iDU6^=2iX@QLD*#V zcL`peTCp}t%Tx(~jBP_iI(@k>-b#K%5>$3H61-4m<^b$doPMRT8UC#PVlD>_-0y1? zn&k$#zkndros&gR(x%%-4y!e?OgL!pgJ?PBRuQF4IpeS!01^u)m##N11khC@)lN*< z--F0Bm5{!_xG>5IltL~naAg+95R*biTCubt56tT_P}=mDlDS2*l6Vi$KMkK{ zeyXTRxIrn-^6Cri?5D};#JSEl)Jb-^xegFIw@%yDMIGbmKz0tU8*b7DZavuUqdc8g zw{@$-isvs>h|i8-?2{kpjBS~${i*R4DK^>fMJqtnZQF6y} z$m4<}4{)0EVy6o)ma5}> zVUmtoKvi~~r)~VqCffnq4ia$<4fYD~m`%Y3eQ;@s2GikbKq@797{|%?Z@l-rzU*R- zoo9hR&t8R}&7q1m2es6R<;JF;;FmHFLf_7%lbO5Ssp7116xC8@1kBb zt?h~X<&9|q??S}~Et0M%3}`J6rrcg;H0OxCc7SYdADO(14r6FrnmuAS#=0o$Oo;u3 z{ImG@=4!TfWtIdLZd{6_9MSxwtOaCiJV41l=Y8IbYOMpH^7iCzcK7(j=<0BO5xFdG zU82qKgQmoG%zB0zqi>Q3pW8@ti6U&0tuEY#Qvj&aE>7N77aOTPCZt9_GbtixXIPj# zezbR

_cYGqbviA#A|ZH#|ly(P*MwDi{$H{6ghm5u>CPNQv$4GfC$l5$@~b- zmIyi7h53o&#uo2B8FhH66>E6V-EzFZD3!(tIY-Z3^F=Et?73YEcOZge5hr=b)({7~ z$cK-!%xhDkj|A(eb$@|Fl|ASSwvbL^Bv;AN`6LZO>%L6p1qOF~NI1vW6qQ;pzf(Ed|?L&I*z%A;6)NMf;ChtA0BSmq}(3Ho+{`-b6?y z(waJGEu3JA#$w;IQ_iiJip>!Z_A;g3=}h`H=*$2q!Xi9Wn>KfrYwdiE;yJ=s7{M3- zph#6$&w;O`kl~)hYFK`C11ESVk}-k|Fkb$ZJ+}0f$o3kB35$Y$*767#pPUdQbtsu_tL-_l5_~B?tFlz18`BP(H-aN9cs~1>g{E~(qQy&1W8JVIYh>VoYpCwMPNV|MP#IlOSH8VhQjMkTfY9n zvt(qK->yTkhMA~%my1%0&!Hn;=4SR!@sVq< zUt#~Sa@oDD0HYBmKo(EU3!6f8u}w49a;+!H;UiM%38;BBXTwf!`*Wt)0IpSaH{0$J z%2DMe8}1iEc|9346phb5kZ97BHsOP*mIcw;~{%XFiyp?ukSh-~!rGhc_Ee7@ZjU`X_w;wqpiZiqcf zkoY;p@lrvF_y6?K*_<=Hus+Y^`!pSz9y57xwx7B8CLS~c{vYc&dbnNZJZ?CKw-Em9 zUw0WlIHwcM=YO$lYRqfeo6L`T(|S5Io)R9C5)Nj`x##vwTDUQ<|Ujw>jpSOHWj35zT{FsPQ8I`7tV_k#%1b%86KymU!%W-T$%(6%N z6Hns_(#>{MbvrkX{hX$_8GPIE<{Q}Dj$ogq933T0P@XJF4|kzEu`?h3V%RE$ia62> zcqtP6?1l#o;_5l1x|51co%8dj0zb-aw#$sxXzcF)#FZNvXtS#s5#lObiub_3t{FHh2ct-*}yr2Qt^OfWJ@7Z!&>|zJ{&eMxwT_U(c4x}v-KgGC-Z7D@{ z{PLYi$kAcnv8tWQcZrIr|tgU6(>&;uam%e9`FAzXVTH4nl zVAQ)RP$;YSf7?Q!D7skbAD`gJ4O%Vf2dc@;P1_`{*Wc-s9VE2bHHG zNP>Rc&0K5^$ux_-0hw$lmUD!2u(`}UVMjgPO-Wxc+AKEL=c_DNYAKkTZ%nt-<|06J zW|Zi|1!GS)TBF8*5(uEQ(uXHx%NFSAPzUj1S4vXo^iNU2(9_q&puUajb+PqUM*;= zp4*t;0Wq&M=f_RUmg#r!d}n9J3;2mFcNY_OV1s#)%_C!N=jX%sbR}n2UgR1xli{ni z#zfdm_}TF9&+3}q$X=OH-4raF9;R>VOC0jovJcqKE(yY8^%B}bj3a$!jo^<-=LtK@ z5|)-pI0=4Xp-O%dHnTQg&yw``B~J)n=CRySK00fIISr*tn<bGgyuS^eS7!bJ=}swYSQdE~o+b#vg_%I${*OdO1>6>i727 z-9EABTCJ`AquzuP9yI0J;g{$ScPfP8>$i<93_s>(I+$65yGW9s7Hn~U=Z|Z`3=zgl zRfu6@RGZWJ1y=iG)him+BqDYY%CSdIQw*%=I|;(GmB&s6J{mc;|iX+A9bE&VjdZMxp4EjIKHXSX3ttPXbM|gtA5^9J{@qyy0iEjyS2rqPj?{ZL&vo|u(eDOm%p4I z-0`bTEyPF{)w+JI(Fd#!fsMT7Ifv6=RhttbtPIa2W1(OPH-=Qaa%NeG(@k~zjW9D_ zIO4(eGjgd_0M5N&1X%=Zu+$H~YnG|;K2fA_Km(qf3L2Z%N*k(9HV!AO`E`naTs!K` zn%|w;@pl2t{BBfBIhqbsBdR@RxPggf81~1b+nO4Ku2TLPvQqxs``=9Rt@=3=Ld#f^ zx;dr*m4s)mg8H)_ze8ju$&4&z4b~0^tns&40L%imV>&>}0-EhSSw*^LS2v7F=f`e5 zEDpf&)=$Rc_cgrDHu8q1X^%*1^}Z$9oFk75vn z<4$Q;ncGIIEh45B7tHQ}hnozIprX>HU}vkxNQeAIWA- zzIB7;Ovj8DoBI4g5i_c1!t}QSw?tdjB}(M@E>Fz8iu$<}vTNMR1XHWN%WZ3&yYAf$ z>%Ke3c;5SR-9sIKhM3&sUe71+ypvt6faN$ZWtSa5mw6eH1!}nB& zG^sN`$oXKY!pDug4!#j~z|Cf;rQq$w)ow+~QC~`;0JHAfav>5CxN1z0xqR0B_9X>d zk*UOr3323ZX@$iN)&uV?B{Yqy()qZBY1~qi(a&7T=M7bGwL(@?G_o9~Lru(V2j-6g zFeZ5RW>#{+X3bRQ+K;098KYQm)gmM^h~`5$xANpZm0@jZq$?}=7lXAGVcYKQP7N#j zC5OKS0na!AUY3LhaR-|6Vcn=@pM~;XSJ*kkRxRm|JKQ$A&&UY|cJ2cd4bhKVJVPfK zI5?<(;R5#`1o>b5i|B1rb(lB*+y#tO!T0>dF~g%g*;*o=|DEyf1$lZ+CvN#a5b{YF zidJ-A{QpNQ|GPE{3mVj^XfMo{d}wHS&`G7q+Sm6TQAkzD*Rtwg@7;H?PRLCx`1%I+ z5B&P}9ns{&Ir`X~oPhP$c8MnCLBU>GP4?V(!4GV} z)bH9*LGI54M_UwD&qTRpu zv)r6AHMKuxydADewdZsCZuoxVuI#S$wMLq7DrRXPw(9{=m_2Y;dD(aR+rq+K5^*K> ztb^W6BHqJPhVuOB(#~xEYbgv6riDSRNLP9SaqOG3UCDjE-ps^qyygf>b*}B=fDaPm zXZ5N(Qqqa-KT;8f5vSm;?C>MR&%g?u+<%@O$uEMguCBsc6N(=*A0YwV`+Ra#>`fbT zQDIqBcUC2SbLB)wkB>*)4Z9&#-v=In?Iu&;E&&>Kz_z+Z{hCYS0f|_s-^$Yu)vv?+ z^PK2W?tXp>6F?^c<}GWYCEc_B#)KjZRe_`O09I6NU|>C^F}-d6N>en#^WCKNAEZiG z$k_eJdk`*F8J2UxO#C<=RxXkHzHm(`ph`?Q^;+Vk&W3oCqub$yN)M03`*P1umpu}a zp7j=Tid#LFK3c~oXX^AfR>j?J-548I!V9_~m~t)_0I|@bch7y8!KS=x?U@m{KZ@NE zTlQEUq>#-zUs|rSC}##7n9YQqEO*rm?9rjD(cm+>%pTpgO+XC{t)7Xo>;$BK97xuI zw`cmv!>9g{3cpMIr9&tPEAGc@V?HgP6X_X|dUwPPS0A%U;CsczZ0cLfH*Zu_*np*p z^X3_=n?wi(3s-73{?d>cJ1^uo>C@mr@sS|d!D#LF)N%JBF0wK@PE<)K>`BTqoE&g9 zIB$#7fplSu(CYvT>1sYuK-EyA5UqzdsoRl;bIm8EA$t&oj58M1aO3sxP_UD4+RI8`LZv!dB>b_cvDgBSKrd zfByK!>UoAXk)TY^`-J@PnGGeAz&Tl`O!c8CwAEe_zgB2_dhEMGTwOXlu1NN~iYtAz zd$c{HLQp6|{1*=S;hd@V<0R}I7JxmhI`&6&qQkl-I$9XPp0n@Q`0nKZ(@%ZxcneGQI&0f=G z#TBhj6?ZB-z9;KlC<6DtJA#mAD)qB?Jx{;lvf6Dx8ihcML+W#=m7PkN6A4rP zst#K@x*DSg1~qhEqC?<>fo86&euTSswNL$g#QM$0`}tTJ{Eu-8i|Y(x`rH>M*aA(p z_ow-O&Rf!5Q*8>j#UQ8UkFNWe@H1WE*dv*IUj6YjwF*!9KHS20F4NTYIfhBInMK=Z z0mr6XN3kqe10}f+0b%OK=0-NP_6D+#dHVS==<3x@&IlmObW9den(;bg5pYS#6khLGEYOZv`a;*Q-82XREWb)5pi>Tz|fh%q4wTIb}1@yhL3pkIhZ|)k2kjo1`vb zxMjPhnyGroY9@y|n@urbiWuY2^u`&MFBbDHcdHxkk`;{htl-plFeIWS13b3Y3BO$p?PAVZ^ zGS#GMOOpw9l{Zae`nk|3S|Yl{$(%iySc}(2Yv((c(==IPFqLg4(*|?U`Fu+SKzfQ~CUXnbkAj`Bq)Abl&sTgWL(tu z1D$e22gi9y6feOEh`AQ>JY(vLM1O*_3#?)A@&_Wgu7bjhsig2nSShIme-#9xHk>pv=!)k{spIGtk&lsni6Z?hbv z0(a@ss(800mr$*V+hR?XY1JIHoXO+ujU$QuU9;qhz>qC85REmyEtd0_2id+A%5QJ< zUlGJj-Pja$dW=fp=(qnmFQZj3vG%lX?*`yyDq`9htCe&NTmAmdS|SQ0^2+`2W}={i zF=tlW+NWGAO*x-4xGu$jA**S)4wN%GC;Pn#Rqs`Nb1H^R&8jQL zVLzufNShz1<9o3W&P1?eR0 zGvs|C0h=8GlES}D+yoli>$dHb46>em0jG`}D!;8CIkrN|E<|3u-iZ-VI0D4t!FqS% z&b)k1%9?N;Z(GkpFs2W$=X=5hZcLWh`EI$(OUKubklWKvn~XVI+P1JQZ^+&l3Q2&U z0YZ>0$>6BWqGk70mY063j?YC6ZvPH>(r`tdU-!kJ_F{&M;dt#&{HJEhJ}o_a&a85; zqUgI9Hc%EsEePA--m3ITedlu@X~^Ti-?#wWI=QzC2zpJn@!VY}dBo(=?unT<#9w z(D&w?9Fwn_hW4WoIN^ z!Lh-}AClW;>6FT`-(_r&`bGFHR5Xo5{{dle=?UcBPq_CvuqyG8%Ed&G3+W^~HjZ zl`v1Gmla#SFfjiwm05vvqBxiC=V`y8Gflvj*ZWA%o$xsJ?jbMW2J%w#nJ6kM!Z{gL z%m}9^^0hZ!QE*>RmQdAj%(|xE7d2lE2!TXa>>t@BndATH^Zq&{pPH6OTcd%wdZ7Uw z5LSJ^)JIeLBT%D%N6D3d^HS!;d60!GaD_}^{O8t?M8F+)_NlfZusnBY0K=NIF*rDO z&XR&=>K7SQhh4oRiGq#P0HGAu5F)nlwYvGGca=I5CF7wdm+ofgBF= zzSIPrM$$Sn>lqkn?t3v9@Igp+|KuV|eWQ1iIJ z32~H(*QsV{J}|AOHgfZ|sD#B;d3TRc6?EDrIqp*(OzoKUd-0XhOYgd01cjv05soQv zE}P_7HD0)u)1zSHGdPs$HsdAw7LVY2>X>p!s}2}OhKBX!UPk7ErOwJK%H>{9Bv>@x zP7bK>?JkJ1x=jSE{(!nEFLU2$D=to3mYObsHPQeVWsEDefz?21Zf!jpmkg-6I6&^Y zs2C6#hcH1(+X`x+n_Zf%=8L)6SeEOwHf>#&8!2{&l>tZYE2Xvm(P-z)Y?T6L*?XB& zE$qdT=7zbo%icoj!3PFY`qXB8l2dAlOR_N4Y(n?V_$kSlOrBH@V7`%J1~w#zBO;;i zUhZ`EpX^XE32g@<+XusHJi*XPtSPtQNcGvFq%PPJL&tm`>NwC(-Lj-w*+IC*egf)p zy@lCvnu_ww;cUF=ljg=2{bK`fOAV4zDU#gA76@5 zA+})XV!3XKrI!a}@`b%3VXg6x`@g(~=4g32FVRz$>)(TFeYmYrN6<1pN}pX`u;-Oy z*v!|<*4U~map94XTHwYE+HtkspZPLpEEg$-Lt#v{eW3N4P*r+UF@V zpp4jaHSr|gs0QBC3N5+2PBN=aEZ?^_?-DM?{3VvSbK%zyf{O!9U+{VY#=@~s~?-{{r({q zNkPup3;KlQPa}|}fIfSHUGp;C2m=udL|a((($o;=g&XFF=QM0`;L+_ndT4&?5^T~sCsG>Oce;hOnBI2~?R(p4e)ZgA zX}FSA7~wt`1;ov=B;{_7ByR{wmr^WG{3>YIw)s#6~>SqBAHUEH=lJ>rFr$CrY)$OBE(Ci_&? zmthE7H*|vv-W+b@Z+*=Et|=E+r#>8d87F9!th=`yDAyXVL$FKhe8j|id08@+Xk;J$ zrNg@haHs=oc!NLv%*zAip?Amy`~OLAA3ind9q2$C5dUd_$>hHPUZyrU z=wu_zU1r+LwS8txu;iacfuH0<`koPkA-Z4(m+Y+t{$Cy88w@m_gShzcB3|ubOifJ* zg=Ist?O#t56)G9{G`|Q^J08;U`|i^jj0_0~4sbEqX{&ZfIceo_Yi~;$n;e`S#=WmowxaA1NfrOPXv3ziGn8e+Fw#^jBo&c1UTWm36+> zz@-o(IflBll*i+mbla*;wQSQ?Z`$jVjsL?8+El$3n@fwNf4DbHaGcBh`$>?IaQT>8LpUQlK9mzU-)=*B`FOvS2uMYrA?l}j)v$U5dsA^u$eJMjv zuTy)PV`|6X>P|=_@i;3H8J3b^;c_ z`eG1b;8)wMPM&vRTU(k|zTr8sZ*dUJQ6+PitLr6JpQL?Q8k;gjmF!4RK^6G=&NyGz zEWpyEKfbD-VOnLaF%Iv$UGgejxkFCFKRx z+{=<&A!X*0gN8}wr+0K471MoRyGKvd#alBDo!tWq?ILaDa2}eg)@=&a35L$U6EefW zjYEqWW?t`B8Ta^}r9o>FI3*Xc(8YcypefpU_p2cDP+%&Xnw&1kx+gWOO&6(YH^{>o z({@WIh%&5TJIc#e(>9z=7Zvldlgh?4l+;WA$%0d=-<8Tjij>7j%f$lN!`3ma$($uS zV-f5{Q+Dg{Y~wlyXsWqrQ9cm`j}}w={WuYk-4RotdzrM(&oj81$}{OI-E!dEnwTsr zO}hmFfxJ|-TEvRuNz(Q~Uf8aOKPIikZBYWhUeujO0#+*)R z_nWmOC8>sa4E&+ske=?ZF*91&*h+R`;S1}lDaqc8tH|B2-j4Cb$nPsnccQk5Th4G# zZ?k=7lid6%!b|vjXrUVpF?muxzhcR^h7AQ_e>Kiro4`z-xA#;s?T|wn<;`twW*S-S z82$IP)P4T)kEtnPkUkcXR#-A<^xpX07e}??b=->SgF?hhz2nYzI%uXv0hm$xttNpV z|JigOMD!+4K2$?O?U#@1v7V14USmkud)?Tt!d7W-cWQ|bRsiUo6^@f4@iK(V!Wz~| zshyOjIl8)_=(F0-g{2AcFC-`ixL=+#2io0XI!{vQUy7Te19=lX)=qg!5#45ZCF?n( ztqIRvLYUs;C;X-Bs3-f{F3jodL&zUb3ln7^K4rC5OWRb*G+V2yUqoGHdL8)AxzQci zCYCNqHWgpNp_4)fq97x_l4jq=71IdFg@@O-E&GW*(XHLZo0%Dr+fpVe2KpLFbAcTy zPBv|+=hsTJH)MX8PK9!_1X2yH=e-nfeLba@vuJEzoJf(t&Ca3Rx$;Xhja;in*^@|h&NJ!+6bNspDL(8o3Y2E)@d6*TO?k*6e0Vh zWN)z>z%f|p2|+6RJT1=kod0zG-dZ%gNsxWYIrURC$%y=b>EPdLVyK4sClPzDiQ_p;CMCPxH=NghXUcsZfJ8=j#57Pi-GL=%5biLwOHVk?XujZw^J5uOp6zP5w#4dMQ# z%pbp?bN_$sI~dC03M|-VZc)={E_u9$_=;-T&@H zVbp1Kc(}cQE~b%W=8gIVyEJ|u(0(lGf8J*cV&Hp_U!&2*)*11GJb9uylQ`LufN7k` z?!{eEJwRQvBviB!CbFuMuiyBkA`t_yR!YU;^IhH~}dy6Hk zJbNRzuaqNbaZ0F!Mzy=(`a+_HYDMQ2RGrg|5?=b#z|Y7`^lS0m#trZo)uo<&9vDiB zebHKgnO4I&)XJ*Q)Dh`ThC0tuO4iN~l@siVjk-{3*4vG`{I-eQ5pU$a`h;TnWXP2m z$EknM86m`jDo0K0lf^2SI?xH?^}0NyQ7IVZhicV(2#^V_+}W^TT_dlYR0*-Rq?kq- z(l&POhrmA3_P32E=))oZD>8k93{_NPkOYF#k}d-muO zq}07>FFat>I5*lps-x3HWW=~{{C|Y|d_7hyqjcB&TjS5Vc|)}>wW&2My;@vb znd$JRie)CIwt3c-3lj^X-(k3+Tbf|I7V2%06zLwsnjbrBwt{1hT8R00+;{3n=#$-# z^z~+-0{>!ST`QaW!bBIVdFIn`J7(c}5)MzdCOT53@6+AN1WXe8fZe5RDx0OZxA%0J z);6s1OFlAIqDFf(g)bA|@*p+|rdh-UAH7z$lA@NXK;wF}ir!^SH(QyRnf^xkMGVo( z(Iaf`qfMEaHST44C7Vf%1fC&pRO+7In>wv1I^LcSyasjm7mrmf^M#m|X?N=#WQnTH z{RgK~)s1?Vo9A~09rwPHF?YQ$rPS%yBb_m!#Jbzdze{A1v(K(Ki$;5AoVWkOnv63X zw%NNxNRv9>j%mmRS{`gTl+Pgkm}+I#)!0TUUDBSIn9PoQ_W4I^T>y`|Baz>G<=fy^ zuA{Qv5;ahRW5e(=uE~xfO&W4-&PJ4p`tfXfX|i9>79Wqt71>G5i+rk*47uMYvL$lsQ-bD4SOOKH^ju@^5^BbbWD0N1af={mbkn)3w z3S*!B%{pC-0`vO6$gH65W;7yr6KYtrzLeLA^_H&h59B*o)-d82a#DY{9$;-3UpC49 zdq(rC@*~i$p0075@sC%5GqFRGv*hbJRyAv35_u%fcyO5UQ+!U%5DkTWx;it!8LMOI zYctJ7<6mHCeUzW8s|P=Rz}{mg#YI$CL*+`CgN`7J0J|2fM{%V5vDIbwVGYZb<(5G? zhmrWWzmccbXh^J$1OSaTkBx2+yrDzTNAZeg>3-+@;9vHZOSEXHdkn*qvQ?P<=2lY{ zQpI&vxQY*)6hw+;Se$3E2vOnvqLp>^<*s`2V_zEfvO`nn3VMNRKnkPERJME-rN_M0 zN&tqIDKk~MXxntrl>AQ3Pxb~Gj?)>J$sLgGS-F)bn34!pR1qV4vHG3?21}d4U=J(Q z^_6>2pIGixUH6ntu}}s1f3RH8QT^a z#~FYJ$mnW_>dq{$i>!$|FqhdPN3XyHPbG;o0&?KikIfUldGf8aF1*mU>xY3n`TUe= zzjl|{!ji0 zxi+Vw4f__y4VSHS!ZObEHg%KtHuucFk2-6wnzMVKFH_kLA)8~6VwE&=G5z}!;tSeN zbN3(uUBOH&Ufq?kYJjYQ=z1N4k2=qu-L@QK>z|S6kD&gJVNp`ZFo?ufpC7txWFsW+{k)9QzMWoyO;nWdzsrGprNMC07Z9 zXU1E$jG-+3;s@TlTOUd?(*ZQQ%HDk5*G#RVqGxUY+0=HG_mng5t+2TLV-pTaZrvIq z^^pjpmVB9w4F^g-VIXW0`j3jYipI84-1O)Z>rgx@fA;p9VQKf87zZEw)}(c}8CSM| zJeK0BXMNwdZvn0-uCSzre6E9?moH3kpxz)1EJiSNK_opobesXKj!nhO#RT9}(m z#9dx}p}tlBvU_(|fF0%Qb!Pa!P)&HnvxbM>Pt>r(12ODhaRk~Q$LLpd$4(Nl-yv#v z6sx%Y;Pv${n!7u2?Vy!|7-R~gaJaS|6xp@6q*wB}F-?LGwcrna6#R(>jlDA88M6eQ zI6EC&yMz7GWE7r@oL0}Qnx?S5j-|Sx~3olKwIVv-0ugjG6 zs#*+b`yt&&JjHy#OY}VMbdYU1qt<{3E4KrFpE?=&FY=9MgcFwkXpLjKeRBw{7S$Xx zx}fgT)z%O@12>S3q%#t}b9=_Xo6@@pnY-7QE64Vr82-$2^Yw__r=RQR?~eo0GE1Ju z{63dHi&ugq0tlPxyA%Z>+(V?SW-Vc2AV*Tw|Y-dr-X$>k5 z1ILcs{4qb`BK9~)iNDK|V+(8iX^s#sNGZ%X#{%9nk2tx)lW6PW;9K&WG+JyieZ6wm z-R=28PToFRrn2@ErDhneE7KuWFhx^=64Eor@cvU>7iMURJQWcV)oMq49c=&c-w0s* z9S}@7&hc#4JHZzVzRE5mk3^IqAZR(9wboO;_9k?ne$>f{;|K@4Rx9M=2E~en;YJ#f z9nHD`?uM3@)~8JzPSP5mc3Brjdx64q)&x$e+~CP+WDx~gd)r=BS#}|7ZIc;OEYl4) zDR#`83hqNrU}5o^@xbY&FZ+_MH6UFtQ2m)Fp_4?1w(E$-kb!1KJfv?d?iBj3=nX2Ayn%#Fi7d9`Gtq`I!EZy;y($&NotJQvaBH75KYZ?1z( zQCBy^Hg{uhh2NrVc_`km{ZM^#;wQA+ZVSaW%gw|e1&j^KNTsTr_uSWo6=AT_1Uc*dC4VQb6qLvIMm4{MDh}9YZH7mgg-n#mA8l{)N5sQHDPDjg+2AZy;iszS|1k2E_X-! z;Z0SegOj~~NXyg`S!y3@I>vkiJch1SuWal2E`J7zpN;;%^>^|ay9VLYaJoKOB(`-kRnZp+!_KU|fd<}Gx2kdXg*u7t{IfK^{02VQn7W#ufc z-bO9%Cx=c%0SYbz^@u5)&WJqX+1y1gS*JDAWhR6Q14RmVJKXw2=BJ2)s)zAsqkq1A zfL^=QyrZt$d`93d!tOGdztTprv}_HZY$cV?Z zsv4kG7^6zWz0kg9Zkr-YOfRvTd=4_{{peL8+KS0SN7r@Pa#t1=HzINR1r>bYI_Jv} z7qXy$9keCxH&!eSbvayX9F=G;G0tb%-Vm~3K)7u@Px>{rTWTbyj<7gOP)Af*AKU3 z%Vgw^Bkj$)4~sHoH_g}eLx_>@{=W4KFDB&P%+Xt)bRG%o%e&fBkmVy253{rgx+X;u zmonF>e(ItKI0=AYO`Q^z^|s+U3=f zZS^sPp1cJso0Aret*OOo11bB1d&k9ej*?&uI*+U00T=+Y?s0#!-WP2+m|#6`UN4o- z!)@Oe@vIYm0kQN-0KT<$evhZ=E>e=(lZDx%b$!AVzHIERp9alg|F*IJ+#m?l2 z`7gKr%BShgG^O)Z&iZ1=2c(*QcF)*gquN$fTZy2xz&q1roMQ(~%GYhB zw@M6I@?Xe*E6X^xz@;OZPYk#ST*P3M5Ba#qx14{ka(I0;?yf>t+Hi85?zW2VNO3b> z7~X!>m%9;9cb`n9LRog7kf@gsq_%j z%raD&H&V(wN!MGtHzsPYv;Z*RN2G&Ks_*F>22ZZ>;)unAB<2oBsH0RqIh4%f{!MAR zRj6^8@Kf16XYU?u+YNfbi}$eRL0e4J~UP-65u*`1f}oY!)i#vmPR=c zC!&SwsS}}YbWtGBK*m4`)uczy)1UjM=KX8L3(?|u3WXm{-45(7!F#Id9JU7;{%NxS z;Elz~c8A4YD5fkO;&2rtx@Nkku0Ahu)fV$fs=>f?9Z7Ca=Z^of3r?MkUZzE;mpiWC?A z3sHZ9Y9_W^ri4vyD7w@fqyQb9x&Dl)nrpnGCqD`B>_CtrIcy`KJMK&^*;_sy1j3U^ zWpY^8%Yh%Ruxm5DKuW35GzLe@C2L=CfMRQVWEm3r(NNyVE}++jD{SY~T3a`fA+> zi5xpsqD#%2sN-v&N$K&-(j3YsuAX)&a>KHk6c-o_CE0JKI*xye*CNjXKeL2ha~#y+ zqY`TKM#Tw&`-b8VEH9O=7*-NWh7ARAyM3g8Ufq!787eswX$)xGGHZ?f@y)WrE|y1g zQ1%H(l_QxunZZVrOJK2gf7dmwzGpf#7em=fUo!N{_Il91Z0feeAfkBlFzWt`>IkRN zDqN;+tggHUwYQvQR*oDXaQwkXP$Of))p%R@cyd@AkJlj3Pu*bb@d#Sl$exGvyzPg< zUv%lzud-wRwp8ykd7^rxNn1q>T9jQOO*+-N=VGM4M!3Ac)VTB7K}l$$}kZiTyt ziUtg~`ARo$_?@$jcH|_|3ifaV-t#{AlL*ORJC`@5!k`DlqjlFuc3QSG1~S%+MR&Bk zT8tUNZT@{u)Bb4yUk(PIV-8$L0!ZR3p!n2Um1b;vT)5rc*ey;UlI0<5v~wW2XDl}P51c4<&;kcQB7 z%dUQprF?5WrGxlQS?zdirIwWL1A+c6jFw4>4h}G_#-eauz-`VBRs>K(`_&DKV@dL# z^(;SZsR=XYpD%vuh{dlG)$TUpM-O#0lv?#;eCPNpE8O9^T!)L`>&?~@bNkb|lFfUw z7riB;rR5O&z!JG(8p$xi<+Bc(pmAMmZJIdD9d$=zbP;yvXE|*;Y z5i_hqyc|6DKlEF`Iv2-5wE!1BXLP34pkD~6%B`&bEyDY65#E1`@cvtb_unGC|38WF zG_pG3OIjX+2p>&kH+joqHCxUgK9R=RK+aC zBlrbC)obMn!hUV$o{*?XL=Wv0I>Md z<%?#I5x8eHHF5kEkArIqqHn%{peCbYw>5DOvCeX)BGY};Dk5xuffYTYI`m+^Fcwu8 zVj7-+Ba_Gr%^_Z#=*^o!hz<7aN}jn~etc+r>$aEg^Vh!%F~^5uqDp*|x56-0pPjN* zWP_#hw!d1T%q9jnb%1zS*Tf3$N}-I8>sFWQ02ROfdn;*Y$u3@5hfHe()Ik=fx&_x{F>=O^4>Ef0(@Lqdpn$hrFrN zgLIE<;y|D9s4VJVs4V>le~R*S;L>~DA}K-x%^2AhK!oR3N5?#G^jSk)-6Wph`todN zA~rTQ{qb&VNWUA(MZ}=QLX~B@Wy@^JJvi@lR8SNzqWRW=XJTROS3S7Tt1ck8G)>-Y zwT^r3TH-D^KUk>uVp8aPcd0_up?B*{@EC+76A)&C!OaZi9{Dqb(UH#Iu zMqHq;3kveBX$y6*ueRs1RL3=693^!y_N*~2@4b)@c2{DkzInwM_UqjD&lk^r8H#>)Q&siC^a6Xq)<8I@?vucy%BAzwspj5BJRrZioFD zOOI1*nj5IVW`Qi2HU@}(Af~fOC*N0~C`8gDdFN2Rz8|Yr9B90Lk?c|}jOyLEB^nMC zQ{GTs!eXw?C-tQ`QJzu`oEi8~o&?7dbdID{M4nS?R3RdlqHF&3t+6Wd?@)4-R^@DS z8z**Q7SWBDqrZ?i&^8d+JihO=^isO6$S)WM03ySHCh0&&_c9Q2w3t|Ki>8dFC1r3u zc`Wi*1x?GNtT5aJm!X0KuZYSv7QApY6fT_KxydLR5}p@3-9@c$!FnnSS0o#t4IBt4 zV9zsazxG7|+*JQIHrrwUN^?+mofk->v9Kd|)JWe<+mSkvUA|3SVm9RRBuf09rSp1e zNyhz50{scc-YQYQl(n@64i`#vICe|N%s0X&vT-r)ewX(@LF5POJ##4{5m13#PT%t( z+nnbU2wq0d6;9U9TLRFWAJ^?fGWgeEAha5uarC0d4nM!=q^+$GL(^-P&kBqAXrhb? zmE39u1u9>FMbaII$N6L((BQ>q9d-CXZ`_rMrp;0pf8F4KYuh#Qk*|={91--Iq&VI! z2x=%lTr5TugS?a-%aVwa`(z&dJLN(T@WbiOFo(H(w<-Lkv2Ai7Z#$DCSyL>5Xp^S= z$F4StVWr@!n&CGd|55XF-LR(hfu#aT-Qav=y3Zbl%pHeG(0vzBHl;pkhe+MJ**2N) zJ%7RwX=w)2`d8;Qz7&0!v?**2k5w+6zk9`)i-Us`SzrN+Sr(ur3K3?|G>_*Cq}B2f z0YBv4xNqC_bcmG<*-^hHW2HEh`ATpsm?RSpALnf}6kOuij=dTU;3s8ZoFmGvv~?ujt} z0?R&mv)amuJjLb@8a0^Wme`QUR#OW@?>xx&pBlt`Vkom#8q~-}lNwlo$6Osy2Z2JC z%aOc(ipSn@<{nAnD(43)M|sWcL^_Me^q&>x8-dHgZ6>oI0pwSwz52sUMaOl<3?O%< z*A&sZWI3)Xk5%7H{p8KyrU3Oe?C7~r_~#Q`7js*#giG=-UyJ}nF9L%5sQ)!nxx1Ir z=p6aK#ge&m3HYcV(M02I;3Kck8aIYuVn6fZTEIrkPPYK_;TeLHz6F!&VdWWrdw{^7 zw};?af5JR(z=48*S$*{iF6nPS_BF75wOD-!d2R_NumR`(f7iiY3pf6!_|hqNN~gj3 zhzMysXFR`Co6im#C8*k(jtey~21nrMKK|3?RDJ8Wq-}QF@vw=(%l$a!rp%Oz7HLac zbtQ&Qm*za+gPndeS7*3F`}8wkBK1Oo3He{`9)>I0O>gZT?$c57A7apyD#choqN|K~ z465?pnk97cwtra~ueFc$RI9(Dy38NGU+oIU2iSOEgDul;2R}@hj0Ou1^X7nsT}G3E z_!*Ud`^M@uDsY6TQqt!3ki8t(dGe;)DCaicEb5KB`a&$HHF|sRd*NjT-GDke>Q>je zL5;Rs0~zF{(4I9w>)vLw0oSD-)PM?b;PP+sK5^OaPBz+Zp`#tYtY3hdXRQ&D3XPdI zpG^tmO{3C?8V|iK!g_YYivw(Qy-AWG2$`$s@lGg3iOeIS?$l(ow!s zDY+V1SfeFu53HoC%qp)Ivo{-uQ$A}H6jbD9S4rWp5AxmvPLLsBkJs-Ek!2;hqc(LVd+`@<_4=~?DjKazTmmydsfrBZ8T7c6?6 zRq}&S_Af<$z^~5A7_kroZyW^6F`Lg+S00-7eKH{L%cd;ST%(M&Wd)YAVi8czC~0eS zB&Ca{`BLzJ$@?4-hT0f}GLweUC&&d2e9uXqrPzE6&pWwBLBIANLFgoV%Kv!i!yvZV z0Ajr_NG2B#F=N+Y0i)-Mw?DDqVj0CKEY_nxz$h-7G|kK6=hz)jtu9mal&lD@NsJ3q zwpE5=r^;W5uFiN96kAdfYIk7o>XHnD&L@fl!l``%r@LQ zT)1d_eL8$Uu&17;=09Im7r$xY+T^r3c=~uBzp8kLtk?5iLihL7k>{f;){4CD>`6L%oAl59RRMh=BNV z1#3?#np&;+5zFE9ET_*t4yAszm$Kbm2`A^DVd16O2~Uuh5K=E1gie^tMoHP58c(A~`cm_@gJaPnGgmnrMQMN^ zCpO) zNY)~;j>f)HS)4{*SwqaoQmb*i!V+g7ZZI$;$m>uw1TmW&l18M%=YDJ#xbG{`Txla0Bl=w z{hk9uaj!vl`cs|o5PCN_LN)VrbR6i|p@U%4-Rje}R%HSW$#Sf@ zcoA7j`MBlu;P(g8r!-1YC1y;{j)1Y(A>2 zBMCffm1JaTRJJb7pfnDh^(*juBXqF zQaNE3Z=SAX$$yvg@&zK~oNPE9t^!LyuE>&MYi6E2h<28G2oeH;P9yPS&}L2bZ-;o6 zaZ?Wg|D18VA5C#)`~tg~A7Lclfb$7t%#Pk^axk&A=pqPfW9>JEI#L|Eyq1yKZ@d1w z98%*%tP)_w1SK^&5F@F#%aBv)z9@aIYZ%FeXIJZRJX!w!{a_%_5s|!>bX0PJk`Z$| zWzpw1loFaT-plKifcO3*2!g1_hb2udN zBcHd_TSrWw8chyqXA%9+TYN~%kSLWYNNc-@9kqj9E+V(($PM#DtrwuG}zgO;eZ2d6ULa z+xfh=iHxRjM;g7{>8`S8{(&Ag?4(tz=Q4O(0sE{Y)cG_Dc2~^EoAO%b8}ejL90ent z&lUwY!GJ=~PijW6N>1CtDP$=<7E=4x#Xw!62wv(QwuEy-)m zpz;7j{Ji+@MoWMky}d?8)M)u2c6ohHpj3cNw#r6RY56Va*fevka-PnB+Dr}23c{-e z(7qSMe;ThRe!SZADelx3k2pF~-*mJDq-%?o4ihtu`>`sB<*xGR^CPSEZX0duZA68Q zh|5;P&1r9Zz%|~NpI{y6IKH%#hwwpb$+nE@*iZa}5HpwY2fTN}%W&`9J(tf`$1E** z23Kpuw>d2x@;AcCCEwHW%RSeCTtrCfKNH`}U)`Ooh2!cTTX$~3e#{$EhKd z6|}mnP9|Qcj8w9<&PymEIi40k|3n2JOU?#fdtom&PPaT8vM%m2FL#cJ3OuP~A1(Zk zqleQg*zPm4)Fh4`4wC`v!7w$OXvdf5&vYY1+AN5FFOTGYvh{dAkyyX4mp+!h$?Q?y z|K5?V^2(!|C)pVuO=Mvxz76^*cPWDptZxatDTUvh;Hxw0Xi2XgAwM;94*%{UpO)C& z9F0Dht*h9;hx@wvxi53#$JYyMh>$(VmCk+U@tR7#1P@Ri?-dz&Tso{Lp634Q_#4>t z8MbvC1$X)3_Fjr^yeIlWvc>w0S2bm6)!k}B;hgtI#tQ9kBWxYG&)`}+&t$jgINDmT ze+DYl@alE6+~6O4Zn`kN?!Z$1TM)i@*V{NM!6A2&*xgnmxTZ;6B*6OI-s)w9XngN- z`i6e+Idb^L%MV_ERM>vug9$J&2PO+9xB3@9qW_~tp|waCdzfZSX*EP#-Ej2VVd!b57^ThF#`}gC;GN`t&-xOjZ+r)R&lz^V%*f;?!tVLPJ%7_#vWU#l;`j2?vWrevGkaQ) z%lpY8=+9r9k3bS45up`o;B&W|;_54sIA?Dc=UaA0SiM+a4iAOc{<$T#L?FY#t-gmw z{EzB}s=Eg~5&fmVa=bZ*7DJ6-$_|3`eoM~bja@XUu4&8LK%`uAqC(nY@?f@mz3EZ%M>BCpVPvSd5VzBtG?CQV7cbMT+{rvCr*4to$g4;Xc zWiwm=sho{0CzT`l`2OGFKrF?+zD)tE^XOIeml*B=_U)G|CVCo{N7^1OyI+1ex7t%) z6m#ldZ#0io#v(?kj#qn)y+w2N;RdJYz4NhmUwVHNXQpZLK;Y^!^2bF^a-ONO|D8{( z11^^l+e}tLr%oG?an}oE+&Pi~{N^|A7hT{5AmazDqKb-PG9TCdJap((bK=PnFl@(- zqalAM=PvUA8?n2&y}kLECche-c*o3+ZlBtDa*_nmJbTIevF3gF#H{G8$m--mT3-G7 zgVRK|0IRJai#zI~$#cLRTJm$io%D}Tf0Ov4(!k{0(lb{i+fel_H!<>m)YgqKO9%HpY3n-vOIrt|%~k%$4iVI# z5Ert4zEStz^~!G7Vt)h=1^GqRd0fwHG&U0M*g}!#MDc*DRWqINbE;pq;R3ynM1ttGnyGSCSbnx36-EsG953klgl+9MBrqt|hW1+V@q$*=-Qcgp&fFkLh0^q@ zySLr|5to-tm?Wb*nVER&PxAVtP(SEoE>pb~xcq`8x%p+oqmIjycx}2>zWiY9 zW|AUF+a%BAT;jBez({e!b9$c72=&tYpB2OP)lbCMqc`oRE;Y@2tst5E-;-qUWuEd5 zG(3qtnr&TbW3^e>VN#91*Vmovhl`sHhmv;ZZjYLH?YaK1*z8Q}LGE_f9}-m`%uMcF z`tm{OpR;k{>H&;D7XQGyV>1?`pg`)$<~$xtbR!kGt&z7l-dalqdo-@?#qqy#+p!YX zcU&NpZnnDuXqwQuYf_`~&jzS9jX#mLI3TrFka{+_=9Q$#qB$(?T zk^0fZ2?d)hU6jxe3UI^16O?l2-mG3xz$)wfi2zW1LO+1K+GK9a7fz3JZ_BjQtv7)A zH=Tec<}6nM-}5+HVt`KjhE=6Z@$976pSI# zd4)oLRyu^&m=q#oYBOHG+Z!qybiB6Yzq)i?Ca@bZ+7kP3enwi45cRSVu|H za&OWeX3sTvTUoY%7`_ay)2U(=VcvGW_Em-q&H|{7-%MRjb907=l8n{<`?gvx04@5wXoa=V z3sX?!e$K0!F);){Ge%>*l`5t=TyX3bM2ONI7Y#hRbvVgx8ZY~$jx1GVQVCKN%<~jA zRxEi@*>6j@k_`Z6nB`ygVZ&AGo3LK>Uynb_FCxVPi#uE@UqNR4PxFd~W;^ALwGB@_ znv{kkBQT0B)S^bOo{SUS27H8{KTf?56`nqj-~1}ttUK^E%LQl{utRdrv}IEXIIGOn zO?Ii*j_%9l{>w)eBk>R+$*6P4fi|o zqUsD}pcklv0>gYJe&(^J8Pse!{ZMuA;Hm!6-6Lr1a<0~tsanDupgUF_orM51Sdl~w zmQ8!EeX)>a4mP_&beBANdWjOGL0|uz38sRvZF!c|rF;om_QGF3n375|j+V4s0PA+9 z|Fa*AN_5UGW#}MFK@Pa^(c!(6!R*E)C$%EXA7X=s4S_aCyqRygasJ48QSjuMLQwU7 zk`rIXTz>_q>VmfL!5b`c1VWDYN3p37$BSF{mLBF&Fr{l(a!8Y05MW?mUxVe+> zZXj~&4$Lyb)egYu^=6I>5*J(6TNg`1nPHymL|OR{OZQ|i)$|je|3=Iv-@mXW3NpXi zO)9o(Rv>*@&9bj4}1wpD`wi`RfhvipEC<$fjsk`DM*q=G5F9KjB1zk-Ikg zNqTLRa9^kd!u9$mV%?qBC*R{D9gaSrLQToxAPAxyNW^d%?213ZOA0;cXLw1kpNI?_ z=wQFYKdbbDpbeeX@5o+BeFE@ahonI>ms4pS^Hk!0>VPSeGWLZmNc-Z9BQ!tx97d zm!WGbxX=aJVp3UdD2aJ*nDZznlD1V==;@h-sI^zc%Z#t88&jqam>G$=1EWcOFq$0k z=LmsL^*uh9kQ^yG5vq%;zc6jd`VA}mn?*U7a=!!$kuzJoW}}joGV7!H?hR2;Y3(#9 zsg^>?MNbvTOFv26`&@jfHbkH@v`BK>QIY02+KDF6McI{8r}`>;Nk|NEYJL0W#b=a0 z>11=M@VK$4LdR|87o%o1araQ(Iv`pP{csWcj;HDTd$Zj|-Xr@#@+Hs3_zgz1RjymP zN}KlASpY27tT->VeD!ugPRf9LE~|BrVQ7BeZQnn}@kn(+w^=)^t_GsHKCa%8ZOtFv z=JyOdbaNh#M>vj8ft^~v$e*2Bf3B|BhHl6I`j$EU*VnNGX#VcAR)A2tAigHkQml>n zVtT{1te=Z9yrKAdkhbf~?Oje=K*Jy~NsMumX=dx{t7O#c=!zkMQ`43}vg&hs)a?9(k!DNFx z`0m-JfE@C#U&j4VZGffDCK}MgHLk@2<}4vE@9psR`;qD(1L?iyNbh2tTlGh92woD4 z(;7Gh4{Ochu;FFWUr_YcD?*UYE6sD>4Xc;-YQa0%C0|~Amhez3L1=C9H7jiffD5hM zASIrwg_9`0tIYTcW$FU9e-FNkRZ>A_EiKMErcGUajs8VRQOiN#J)j8(B+tSGWCG=b zT=;h#oR5ceX*UaF*m<~3kxL7?o@aPtTVacQ&^xFngML%=IyB&$Vx7(lz?4ychAnv{ zsvF_S=u*&A#UG6VJjOfjHV_BEH9N4fhw=4NrQkYGRBd5gwh85@sh@w%gKl1ucsOj_ zN+aN2ZM|HAmw%%Vel>v*gz9e`A~%VNM&{kvez^ws%{`fkcFCSa0*fa(gWp+6KAlkU z{0*LS)LU9h9;}>N;(pVg=A}61T4}1y9n4HIgVI!Dg`3(GDE(yAj82!b5~K^h*nulj zx7CW`#Mv5ICONS_EnnSfWiN}VKfWLF4n+PWQyhUzmQqIWInqc_&E+~|#P3DGcU6K(|^XCSvh&@^`R7%+T*X68#r$#xgCb%&)|+^B2_1V5}-Q zex)>ScqM--SBPrs-;UZkjuTyCE;jab5(;hk8SXWdS;fQg=aa?!q|Z)nB$ejJ9? z51X7Q^ZD2j^WCxAw3?ECerHo;gr|=>>vTLoglcyUod#7FZ-wh6hf7a#W4Yj>+_v&O z`)!a^4d1HN6&p!Iu+L}x;c=mT^BL*L`Vj3I@Vv8NdOFR`i?p2`HA7q%pjOzliMhkH z<@#h?`?c99D^1`!2b@FZH&h&zM6w2}H;;{@4{DS4_{beFSV zN^EaxIa>^mCwAdu3-Od(d8?+$Xqi@!oAMDlW9MgmWlJfx(_5de3sn1+DH1|^k|aSC zQ{y%bHG^C=j0R2nbNHdTQ(?OfZ9Tap8~gec--wbRj>P_c?2K&3mf}%GuSK_P95Ph& zV&kgme)cgBy^>D15pAAw5T+7*ShTTW=ArGjnhY1&qdolGOT#2QU~ zlo*=^?8}C9qE8~PJ9lt*rebd9E}BbZPQ#!z=es~9<9ktxKn#8|9QUNuw-=?&HN-0@ z1u5CW*YICWmgq2)21Pd;doek@__BbT%l-RU#Dpu50=WY|3)HzGAt(&e)F|8XdwN7mc8_~AoCx;FR|1M zfLEVPX5v=_&y?^A6n-JrHhS+TXSq%L?e8}32PP3K?hs6$cT0e{-iF;8#r;=`UML`O z^4qkY`D^rL0G9Cx+;5xDuZ9Z+5`eVu0AnaWhY&D#Awn0B%REzlLcm9-Tkz>jxiW(A z&6X>41aC8b6X4D^T2k{FV$atrP*HTgD#75h6A*@=+NX^bdjCG*b-%5Mo_mdi56@ek zRX50w(tYm&O=z(h$>Uz+uFy``R26R(SRpIF+WXU?BqD~?%Lyzvea%eh!R$)3G@-Rg z-sLLr{m=E2*eEK>Fk+%Sc^Q8;fh-bmd7|x3Ej@4Ny}Z2OF=%J@RHml8 znjjJE7UwsA8$(!#XW;yf~2bc-&vl^GDmMc{aO z;Fi~z9bjpAq}p2J>)%o;=kU9i^W;+X*1xV=i51^Tgq=;+4V-22c0rQF4^A;<7+&ng zQp60M(?mRJTGo*770mC5{dhXyNetn5yqxE~i!ji}*9JmxtL5VKuFKq$BpJb$9zz()jBcSsY?kxCaoavMh8GB#|! zwNFJp0$RW%q|s60&dq5{ON!{0a+D;!c}+`8!nm9t&y(clAqn-|&AITXNS)YzO0bgE z#Xam#getk>s$2hOCYzvXUla+zRK#f^QcL~QNudddyIgyg$vpV@yz7({R$%%G}IsfSUU!g3> z&VP_(pxsXE==mW?YZVGj>z4tb?#*$vo`@chh=N$fHBQ1< zrQrN}{U36DRl_gb-(=47bm7?d#ka~OcB0FWXf@mon|LoWBSsw{tgAzFFA|1yiEMz| z!taDyn$R`h7)sefhTRoz$h+cGm8#cY!y1UQv#}A$Eg~~~Mr;jxg)?MV&ke&K^U_NQ z{6i+9#x6ILEv1PM`;GWJRIp9|bk$TU(}(99u94GG$w%U4>xthBXN`TgPXcLMio2X* za&Gkrdeq}7WzmGU${q37#*<&pXcXy-=}UheXt<@2*>T}UW(g@n}Ik6Y`p~H^LlB;8NQM zPq@O>*EI8YOtEFV^Bv1ljq}O}hwA zp0rE)(`DI%{!0*C?hGoRUSC4V*bBsKT<1KS+jRPPB=_UTD3D!;jdhcOaB8e|3sIa= zEBE%fAqN7V5hq_DnpT69yPuc1w|c?`lkx9BjTQo6-~Eq>yZ7hPINJOQ&)oyy&!fp0 z7QTOz1)GZ#MhLv$W4582lxMjTW`Tc5ukM^kHYoyI}4 z@|@S2kNnVl-uVe4puzNffam@2k9IrU-TfP0GU9>Smrs{ruC)$n@xPcim_UTe)mKgJ@|fV!hktP#SRy zc6g6WI*Nsx>&gDfhi(q|@$Xq3zZ%4dp7NMI%C;rBP@S76o8|XGihmQmG@( z#lBQxzKK6DDHx5}4Kq@g)#0e$9hAPQZu3&ihV$PQL#k1x=Rf(a$4C=-fiks_r@F!S zMZDvDyv9a3{9*khOto~gWyR(+_bXpHMc3xOlkV#J(>a@D0yE8dxCEKoAtIB#^VpKO80o72?^HAX4LM5~K zaFuNn0O#q2Mk7958e`bza!!e0j{ADl8lc&u(9*@Z@%W~O8tB5FSp4-xC$kJXd6gdB zIXY#fLXf1ekKJT0r{R-p9>bWC2DfyxSw$=OIufJR{2<|ClxEJrF z6<(2ahtbD%{w!X8e7I!#k=t37%pFZCg@uow&TJaj_+y4|q&EcmP@@xNm5JP#Q$v4t z3mSSD&*^$Y&#@$}CLRtIoEF@epKq9K!#gSyT*glkupzqOBB98Y<@0WZ3g`BU+r zT{v-pRWXI<{=_S-(#FKD#Bn4OvpB92bVDYmbn#C)l@~ixSzpG&A^VwQ?UQ6>R}pM{ zl}ayjqF9%Q%T8Oa+%oj?l9ie8~75fb!OSi8+ zBu;U%Y*B75TRV@uUAq6|_LXlZ(8LhMtp#poUaYLWu#Vk9!oguBHMpfZ|FH}*kRXEU z)lZ!Bel<-@qsP$)J@t9F`L*z+*^4Z;f|RTV3BjekEnbfKhoX>X^;lx0@f6yjBNxS- zYDH4mzL3!8d;pif`2Z&F-vC$uZc zMw%{T6QrtBVtuYwlCVjr>=Evm(X(S78s@K-C1E(frH;)Z) zxEfZ-IVh=i3WnB}Y^{9uvtrG*5a*_SDh!iccZ}jyyv|&PDmCQ8L=X1GGy{NA?HXz!{<)ULFlJh6Zkigez_e=aVw7c2 z_tzUyOe(db7{g0(wbw7CtTre{6NW;JvW6?(^vd)}xu?^dk71fKBoZc>Q6 zp1K{L&o2&M)kRo0wL??KX3WUG)cQQVczwLdJ`3k4v4~HB?wmS8s~ouIZ^u8jBl}YI zfBW%@7@&ofPzC@WMq9h4oT!(w&~iN2Y8eYj3b_?{CJ?ttA219EEjjdL)qx49v4FTE zeY9YN98c27f!yaPVqh9ja@qQG5P|fEPmnM0plUMlv^nz3-b#eFjJOC&<(6qysU<xhbB8CE2l23pf;u% zd+a0mg>$&Hv>Er)zBWwb<4%@wbn!_PW>q7ZvEYX+Sx$OM$%2^18n_hbIaL7nW!+h z7fEs&Lo*b8T$)bNH~&iUx9K;%DvtCt_=hFf_I49?fkgUAd636}3e)#S?zuVD*rMuc zQm*}wXY0fFpEVSL(+H>sBZBTkTl@daY7&ZKL>Ru70Xf#}!%d(> zI+aSKPf0f=J5NXeipKUU>bz9x~2`YirmM##lbfwh#8{CJD-9^yn+4lk^uP1;#WA z23k-f3NCzc`C)!)2H^QW?F)b2xAIa!w_SjTlJ2^boZhKA&r4*5RE=@qyEJ|W+ScN5 zO{m(4_&kzy@5cUXme4#^dta@ex}S8$*Nvv4Hr%o`kU)=Kz4oB$OcmwID+p&%0>F_U znPVyTa14T032cucSYECjJX)$bJ8WLw&#OF|p(@AIy3C=jOYgG0?sxBV7nZlhZ~L9% z$c+gFj&J$l3v@le5eI+ng63S+#?mXY{CMXuXU}r(xru_>(1>mx+IG6KmzUfUx{PB- z9hdf{fwY5!k6PYY&&83m5J8PEBYn=F>x~|K&d$}fkTDEK9v35 zMo_pqZs~rJwK;z%Ma?SAyW{yYuLTGO<>=^h2yWI#9{2JYEoXapvU!J0@3dm+54CiU z??c>KPSGht8j|VU5ucLk_`Hx|*w2v90TV{Pm)V%NGp}K~+~({F-n;u8F2+ztGMWU@ zt^zAB4mg86yv-B0pf8-~?eTL=|xRW`oZRh5C>W7kV05Q#ausR!Rio vce#~6?{iCr@Bhh+yZ@J>_5MHkv3HLw<`5G~2e>mYfPZ4b(n4hdU%dYZLc9c? literal 0 HcmV?d00001 From 56a0c2d27b644c706537689f7258b4c9acd47e83 Mon Sep 17 00:00:00 2001 From: schmurky Date: Fri, 18 Sep 2020 19:09:31 +0800 Subject: [PATCH 18/84] Update fwall best practices --- .../best-practices-configuring.md | 177 ++++++++---------- 1 file changed, 81 insertions(+), 96 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index a2dfad0ac9..1d789d07a3 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -1,28 +1,28 @@ --- title: Best practices for configuring Windows Defender Firewall description: Learn about best practices for configuring Windows Defender Firewall -keywords: firewall, best practices -search.product: eADQiWindows 10XVcnh -search.appverid: met150 + +keywords: firewall, best practices, security, network security, network, rules, filters, + ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: maccruz -author: maccruz +ms.author: schmurky +author: schmurky ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 01/22/2020 + --- # Best practices for configuring Windows Defender Firewall **Applies to** -- Windows Operating Systems including Windows 10 +- Windows operating systems including Windows 10 - Windows Server Operating Systems @@ -40,11 +40,11 @@ type **WF.msc**, and then click **OK**. When you open the Windows Defender Firewall for the first time, you can see the default settings applicable to the local computer. The Overview panel displays -security settings for each type of network the device can connect to. +security settings for each type of network to which the device can connect. -![A screenshot of a social media post Description automatically generated](images/fw01-profiles.png) +![Windows Defender Firewall with Advanced Security first time opening](images/fw01-profiles.png) -**Figure 1: Windows Defender Firewall** +*Figure 1: Windows Defender Firewall* 1. **Domain profile**: Security settings in this profile are designed for a network where there is a system of account authentication against a domain @@ -61,108 +61,65 @@ You can view detailed settings for each profile by right-clicking (or selecting and holding) the top-level **Windows Defender Firewall with Advanced Security** node in the left pane and then selecting **Properties**. -**Best practice:** You should maintain the default settings shipped with the Windows Defender +You should maintain the default settings shipped with the Windows Defender Firewall whenever possible. These settings have been designed to safeguard your computer for use in most common network scenarios. -One key example is the default Block behavior for Inbound connections (shown -below). In order to maintain maximum security, changing this setting is highly +One key example is the default Block behavior for Inbound connections. In order to maintain maximum security, changing this setting is highly discouraged. -## Creating new rules - -In many cases, a next step for administrators will be to customize these -profiles so that they can work with user apps or other types of software. For -example, an administrator or user may choose to add a rule to accommodate a -program, open a port or protocol, or allow a predefined type of traffic. - -This can be accomplished by selecting either **Inbound Rules** or **Outbound -Rules** and right clicking to select **New Rule**. The interface for adding a -new rule looks like this: - -![A screenshot of a computer Description automatically generated](images/fw02-createrule.png) - -**Figure 2: Rule Creation Wizard** - -NOTE – It is not the purpose of this document to cover the step-by-step of rule -configuration. See the [Windows Firewall with Advanced Security Deployment -Guide](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide) -for general guidance on policy creation. - -The remainder of this articles deals with best practices when creating these -rules. - ![A screenshot of a cell phone Description automatically generated](images/fw03-defaults.png) -**Figure 3: Default Inbound/Outbound connection behavior** +*Figure 2: Default Inbound/Outbound connection behavior* -### Creating inbound rules +## Creating firewall rules + +In many cases, a next step for administrators will be to customize these +profiles using rules (sometimes called filters) so that they can work with user apps or other types of software. For example, an administrator or user may choose to add a rule to accommodate a +program, open a port or protocol, or allow a predefined type of traffic. + +This can be accomplished by right-clicking (or selecting and holding) either **Inbound Rules** or **Outbound Rules**, and selecting **New Rule**. The interface for adding a new rule looks like this: + +![Rule creation wizard](images/fw02-createrule.png) + +*Figure 3: Rule Creation Wizard* + +> [!NOTE] +This article does not cover step-by-step rule +configuration. See the [Windows Firewall with Advanced Security Deployment +Guide](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide) +for general guidance on policy creation. + + + + + +### Rule precedence in creating inbound rules In many cases, allowing specific types of inbound traffic will be required for -applications to function on the network. - -Administrators should keep the following rule precedence behaviors in mind when +applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when allowing these inbound exceptions. -1. Explicitly defined allow rules will take precedence over the default Block - setting. +1. Explicitly defined allow rules will take precedence over the default block setting. -2. Explicit block rules will take precedence over any conflicting explicating - allow rules. +2. Block rules will take precedence over any conflicting allow rules. 3. More specific rules will take precedence over less specific rules, except in the case of explicit block rules as mentioned in 2. (For example, if the parameters of rule 1 includes an IP address range, while the parameters of - rule 2 include a single IP host address; rule 2 will take precedence.) + rule 2 include a single IP host address, rule 2 will take precedence.) Because of 1 and 2, it is important that, when designing a set of policies, you make sure that there are no other active block rules in place that could inadvertently overlap, thus preventing the traffic flow you wish to allow. -**Best practice:** That said, general security best practice dictates that a -rule should be as specific as possible. However, when new rules must be made -that use ports or IP addresses, consider using consecutive ranges or subnets -instead of individual addresses or ports where possible. This avoids creation of -multiple filters under the hood, thus reducing complexity and helping to avoid +A general security best practice in creating inbound rules is to be as specific as possible. However, when new rules must be made that use ports or IP addresses, consider using consecutive ranges or subnets instead of individual addresses or ports where possible. This avoids creation of multiple filters under the hood, thus reducing complexity and helping to avoid performance degradation. -### **NOTE:** +> [!NOTE] +Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above. -The Windows Defender Firewall does not support rule ordering in the traditional -sense whereby a weighting value is administratively assigned to a rule to -determine its order of precedence. That said, an effective policy set with -expected behaviors can be created by keeping in mind the few consistent and -logical rule behaviors described above. - -### Understanding user query behaviors - -When designing a set of firewall policies for your network, it is a best -practice to configure allow rules for any networked applications deployed on the -host. Having these rules in place before the user first launches the application -will help ensure a seamless experience. - -The absence of these staged rules does not necessarily mean that in the end an -application will be unable to communicate on the network. However, the behaviors -involved in the automatic creation of application rules at runtime can sometimes -be problematic due to the need for user interaction. The source of confusion -around this process can typically be boiled down to a few primary causes: - -1. A user with sufficient privileges receives a query notification advising - them that the application needs to make a change to the firewall policy. Not - fully understanding the meaning of the prompt, the user then cancels or - otherwise dismisses the prompt. - -2. A user lacking sufficient privileges and is therefore not prompted to allow - the application to make the appropriate policy changes. - -3. Local Policy Merge is disabled, preventing the application or network - service from plumbing local rules. - -![A screenshot of a cell phone Description automatically generated](images/fw04-userquery.png) - -**Figure 4: User Query Notification** - -### Additional Background +### Creating rules for new applications at first launch When first installed, networked applications and services issue a ‘listen call’ specifying the protocol/port information required for them to function properly. @@ -195,6 +152,34 @@ into the machine. Hence, it is up to the developer of the app, the user (or the admin acting on behalf of the user) to allow appropriate inbound firewall exceptions. +#### Known issues with user query behaviors + +When designing a set of firewall policies for your network, it is a best +practice to configure allow rules for any networked applications deployed on the +host. Having these rules in place before the user first launches the application +will help ensure a seamless experience. + +The absence of these staged rules does not necessarily mean that in the end an +application will be unable to communicate on the network. However, the behaviors +involved in the automatic creation of application rules at runtime can sometimes +be problematic due to the need for user interaction. The source of confusion +around this process can typically be boiled down to a few primary causes: + +1. A user with sufficient privileges receives a query notification advising + them that the application needs to make a change to the firewall policy. Not + fully understanding the meaning of the prompt, the user then cancels or + otherwise dismisses the prompt. + +2. A user lacking sufficient privileges and is therefore not prompted to allow + the application to make the appropriate policy changes. + +3. Local Policy Merge is disabled, preventing the application or network + service from plumbing local rules. + +![A screenshot of a cell phone Description automatically generated](images/fw04-userquery.png) + +*Figure 4: User query notification* + ### Local Policy Merge and Application Rules Firewall rules can be deployed locally using the Firewall snap-in (wf.msc) or @@ -210,7 +195,7 @@ Group Policy. ![A screenshot of a cell phone Description automatically generated](images/fw05-rulemerge.png) -**Figure 5: Rule Merge Setting** +*Figure 5: Rule merge setting* The equivalent setting *AllowLocalPolicyMerge* is used when configuring the firewall using the Firewall CSP and is exposed under each respective profile @@ -235,7 +220,8 @@ be made using network packet capture tools. In any event, to maintain maximum security administrators should only push firewall exceptions for apps and services determined to serve legitimate purposes. -NOTE: Currently the use of wildcard patterns, such as C:\*\\teams.exe is not +> [!NOTE] +Currently the use of wildcard patterns, such as C:\*\\teams.exe is not supported in application rules. Currently we only support created using the full path to an application(s). @@ -252,12 +238,11 @@ exposed in either the Windows Setting App or the legacy firewall.cpl. ![A picture containing flower, bird Description automatically generated](images/fw06-block.png) -**Figure 6: Windows Settings App/ Windows Security / Firewall Protection / -Network Type** +*Figure 6: Windows settings App/Windows Security/Firewall Protection/Network Type* ![A screenshot of a cell phone Description automatically generated](images/fw07-legacy.png) -**Figure 7: Legacy firewall.cpl** +*Figure 7: Legacy firewall.cpl* By default, the Windows Defender Firewall will block everything unless there is an exception rule created. Consider an example involving Remote Desktop. If @@ -278,16 +263,16 @@ One the emergency is over, uncheck the setting to resume normal operations. What follows are a few general guidelines for configuring outbound filters. -- The default configuration of Blocked for Outbound rules should and may be +- The default configuration of Blocked for Outbound rules should and may be considered for certain highly secure environments; however, the Inbound rule configuration should never be changed in a way that Allows traffic by default. -- It is recommended to Allow Outbound by default for most deployments for the +- It is recommended to Allow Outbound by default for most deployments for the sake of simplification around app deployments, and unless the enterprise is one that must have tight security controls. - - In high security environments, an inventory of all enterprise-spanning +- In high security environments, an inventory of all enterprise-spanning apps must be taken and logged by the administrator or administrators. Records must include whether an app used requires network connectivity. Administrators will need to create new rules specific to each app that @@ -295,7 +280,7 @@ What follows are a few general guidelines for configuring outbound filters. policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments). -## Document Your Changes +## Document your changes When creating an Inbound or Outbound rule, you should specify details about the app itself, the port range used, and important notes like the date of creation. From d5634c5a702ac92a1428aa88a5aedf957a49b231 Mon Sep 17 00:00:00 2001 From: schmurky Date: Mon, 21 Sep 2020 16:56:07 +0800 Subject: [PATCH 19/84] Edit best practices doc for fw --- .../best-practices-configuring.md | 100 +++++++----------- 1 file changed, 40 insertions(+), 60 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index 1d789d07a3..e563bd19c3 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -34,13 +34,11 @@ network. These recommendations cover a wide range of deployments including home networks and enterprise desktop/server systems. To open Windows Firewall, go to the **Start** menu, click **Run**, -type **WF.msc**, and then click **OK**. +type **WF.msc**, and then click **OK**. See also [Open Windows Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security). -## Understanding default settings +## Keep default settings -When you open the Windows Defender Firewall for the first time, you can see the -default settings applicable to the local computer. The Overview panel displays -security settings for each type of network to which the device can connect. +When you open the Windows Defender Firewall for the first time, you can see the default settings applicable to the local computer. The Overview panel displays security settings for each type of network to which the device can connect. ![Windows Defender Firewall with Advanced Security first time opening](images/fw01-profiles.png) @@ -57,25 +55,23 @@ security settings for each type of network to which the device can connect. for public networks like Wi-Fi hotspots, coffee shops, airports, hotels, and stores. -You can view detailed settings for each profile by right-clicking (or selecting +View detailed settings for each profile by right-clicking (or selecting and holding) the top-level **Windows Defender Firewall with Advanced Security** node in the left pane and then selecting **Properties**. -You should maintain the default settings shipped with the Windows Defender -Firewall whenever possible. These settings have been designed to safeguard your -computer for use in most common network scenarios. - -One key example is the default Block behavior for Inbound connections. In order to maintain maximum security, changing this setting is highly -discouraged. +Maintain the default settings in Windows Defender +Firewall whenever possible. These settings have been designed to secure your device for use in most network scenarios. One key example is the default Block behavior for Inbound connections. ![A screenshot of a cell phone Description automatically generated](images/fw03-defaults.png) *Figure 2: Default Inbound/Outbound connection behavior* -## Creating firewall rules +> [!IMPORTANT] +> To maintain maximum security, do not change the default Block setting for inbound connections. -In many cases, a next step for administrators will be to customize these -profiles using rules (sometimes called filters) so that they can work with user apps or other types of software. For example, an administrator or user may choose to add a rule to accommodate a +## Understand rule precedence + +In many cases, a next step for administrators will be to customize these profiles using rules (sometimes called filters) so that they can work with user apps or other types of software. For example, an administrator or user may choose to add a rule to accommodate a program, open a port or protocol, or allow a predefined type of traffic. This can be accomplished by right-clicking (or selecting and holding) either **Inbound Rules** or **Outbound Rules**, and selecting **New Rule**. The interface for adding a new rule looks like this: @@ -91,11 +87,6 @@ Guide](https://docs.microsoft.com/windows/security/threat-protection/windows-fir for general guidance on policy creation. - - - -### Rule precedence in creating inbound rules - In many cases, allowing specific types of inbound traffic will be required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when allowing these inbound exceptions. @@ -119,40 +110,29 @@ performance degradation. > [!NOTE] Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above. -### Creating rules for new applications at first launch +## Create rules for new applications before first launch -When first installed, networked applications and services issue a ‘listen call’ -specifying the protocol/port information required for them to function properly. -As there is a default block action in place on the Windows Defender Firewall, it -is necessary to create inbound exception rules to allow this traffic. In such a -scenario it is common for the app or the app-installer itself to add this -firewall rule. Failing that, the responsibility falls to the user (or firewall -admin on behalf of the user) to manually create them. +### Inbound allow rules -Assuming there are no active application or administratively defined allow -rule(s) already present to allow the traffic, creation will have to be dealt -with the first time the application is launched or otherwise tries to -communicate on the network. In such a case a query popup will be triggered -prompting the user to either allow or block the packets. +When first installed, networked applications and services issue a 'listen call' specifying the protocol/port information required for them to function properly. As there is a default block action in place on the Windows Defender Firewall, it +is necessary to create inbound exception rules to allow this traffic. In such a scenario it is common for the app or the app installer itself to add this firewall rule. Failing that, the responsibility falls to the user (or firewall admin on behalf of the user) to manually create a rule. -- If the user has admin level permissions, they will be prompted. If they - respond ‘no’ or otherwise cancel the prompt, block rules will be created - (typically two; one for TCP traffic and one for UDP traffic). +Assuming there are no active application or administrator-defined allow rule(s) already present, creation will have to be dealt with the first time the application is launched or otherwise tries to communicate on the network. In such a case a dialog box will prompt the user to either allow or block the packets. -- If the user is not a local admin they will not be prompted and, in most - cases, block rules will be created. +- If the user has admin permissions, they will be prompted. If they respond ‘no’ or otherwise cancel the prompt, block rules will be created (typically two; one for TCP traffic and one for UDP traffic). -In either of the scenarios above, once these rules are added they must be -deleted in order to generate the prompt again. If not, the traffic will continue -to be blocked. +- If the user is not a local admin they will not be prompted and, in most cases, block rules will be created. -As regards third-party software. Microsoft cannot know in advance [and should +In either of the scenarios above, once these rules are added they must be deleted in order to generate the prompt again. If not, the traffic will continue to be blocked. + +> [!NOTE] +> As regards third-party software. Microsoft cannot know in advance [and should not even assume] whether we should let all packets for the application just come into the machine. Hence, it is up to the developer of the app, the user (or the admin acting on behalf of the user) to allow appropriate inbound firewall exceptions. -#### Known issues with user query behaviors +### Known issues with user query behaviors When designing a set of firewall policies for your network, it is a best practice to configure allow rules for any networked applications deployed on the @@ -180,26 +160,26 @@ around this process can typically be boiled down to a few primary causes: *Figure 4: User query notification* -### Local Policy Merge and Application Rules +## Establish local policy merge and application rules -Firewall rules can be deployed locally using the Firewall snap-in (wf.msc) or -PowerShell, or remotely using Group Policy (if member of an Active Directory -Name, SCCM, or Intune (if Workplace joined). Rule merging settings can be used -to control how rules from these two policy sources can be combined. -Administrators can configure different merge behaviors for Domain, Private, and -Public profiles. +Firewall rules can be deployed: +1. Locally using the Firewall snap-in (**WF.msc**) +2. Locally using PowerShell +3. Remotely using Group Policy if the device is a member of: + 1. an Active Directory Name + 2. SCCM + 3. Intune (using workplace join) -The setting is used if you want to allow/disallow local administrators the -ability to create their own firewall rules in addition to those obtained from -Group Policy. +Rule merging settings control how rules from different policy sources can be combined. Administrators can configure different merge behaviors for Domain, Private, and Public profiles. -![A screenshot of a cell phone Description automatically generated](images/fw05-rulemerge.png) +The rule merging settings either allow or prevent local admins from creating their own firewall rules in addition to those obtained from Group Policy. -*Figure 5: Rule merge setting* +![Customize settings](images/fw05-rulemerge.png) -The equivalent setting *AllowLocalPolicyMerge* is used when configuring the -firewall using the Firewall CSP and is exposed under each respective profile -node, DomainProfile, PrivateProfile, PublicProfile. +*Figure 5: Rule merging setting* + +The equivalent setting *AllowLocalPolicyMerge* is used when configuring using the firewall [configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/firewall-csp) and is exposed under each respective profile +node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*. In a case where the merging of local policies is disabled, centralized deployment of rules will be required for any app that needs inbound @@ -225,7 +205,7 @@ Currently the use of wildcard patterns, such as C:\*\\teams.exe is not supported in application rules. Currently we only support created using the full path to an application(s). -### **Shields Up Mode** +## Know how to use "shields up" mode for active attacks A discussion of inbound connections presents a good time to discuss a firewall option that can be used to help mitigate damage in the face of an active attack. @@ -259,7 +239,7 @@ nature of the setting. One the emergency is over, uncheck the setting to resume normal operations. -### Creating outbound rules +## Create outbound rules What follows are a few general guidelines for configuring outbound filters. From 7ab0f90fa09aa252f78ad28891f44173e804c499 Mon Sep 17 00:00:00 2001 From: schmurky Date: Mon, 21 Sep 2020 17:20:52 +0800 Subject: [PATCH 20/84] Update best practices --- .../best-practices-configuring.md | 83 +++++-------------- 1 file changed, 22 insertions(+), 61 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index e563bd19c3..99f86a92f5 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -181,91 +181,52 @@ The rule merging settings either allow or prevent local admins from creating the The equivalent setting *AllowLocalPolicyMerge* is used when configuring using the firewall [configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/firewall-csp) and is exposed under each respective profile node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*. -In a case where the merging of local policies is disabled, centralized -deployment of rules will be required for any app that needs inbound -connectivity. +If merging of local policies is disabled, centralized deployment of rules is required for any app that needs inbound connectivity. -Admins may disable LocalPolicyMerge in high security environments to maintain -tighter control over their device endpoints. This can impact some apps and -services that automatically generate a local firewall policy upon installation -as discussed above. For these types of apps and services to work network -administrators should push rules centrally via group policy (GP), Mobile Device +Admins may disable *LocalPolicyMerge* in high security environments to maintain tighter control over endpoints. This can impact some apps and services that automatically generate a local firewall policy upon installation as discussed above. For these types of apps and services to work, admins should push rules centrally via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments). -As a best practice, it is important that to list and log such apps, including -the network ports used for communications. Typically, you can find what ports -must be open for a given service on the vendor’s website. For more complex or -customer application deployments however, a more thorough analysis may need to -be made using network packet capture tools. In any event, to maintain maximum -security administrators should only push firewall exceptions for apps and -services determined to serve legitimate purposes. +As a best practice, it is important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex or customer application deployments however, a more thorough analysis may be needed using network packet capture tools. + +In any event, to maintain maximum security administrators should only push firewall exceptions for apps and services determined to serve legitimate purposes. > [!NOTE] -Currently the use of wildcard patterns, such as C:\*\\teams.exe is not -supported in application rules. Currently we only support created using the full -path to an application(s). +The use of wildcard patterns, such as C:\*\\teams.exe is not +supported in application rules. We currently only support rules created using the full path to an application. ## Know how to use "shields up" mode for active attacks -A discussion of inbound connections presents a good time to discuss a firewall -option that can be used to help mitigate damage in the face of an active attack. +An important firewall option you can use to mitigate damage during an active attack is the "shields up" mode. It is an informal term referring to an easy method a firewall administrator can use to achieve a temporarily heightened state of security in the face of an active attack. -‘Shields Up Mode’ is an informal term referring to an easy method a firewall -administrator can use to achieve a temporarily heightened state of security in -the face of an active attack. It can be achieved by checking the ‘Block all -incoming connections, including those in the list of allowed apps’ setting -exposed in either the Windows Setting App or the legacy firewall.cpl. +Shields up can be achieved by checking **Block all +incoming connections, including those in the list of allowed apps** setting found in either the Windows Settings app or the legacy file *firewall.cpl*. -![A picture containing flower, bird Description automatically generated](images/fw06-block.png) +![Incoming connections](images/fw06-block.png) *Figure 6: Windows settings App/Windows Security/Firewall Protection/Network Type* -![A screenshot of a cell phone Description automatically generated](images/fw07-legacy.png) +![Firewall cpl](images/fw07-legacy.png) *Figure 7: Legacy firewall.cpl* -By default, the Windows Defender Firewall will block everything unless there is -an exception rule created. Consider an example involving Remote Desktop. If -Remote Desktop is enabled, but no firewall rules were plumbed, then you cannot -RDP to that machine. This is why the Remote Desktop feature automatically plumbs -the filters when the feature is enabled. With the policy plumbed, RDP works! +By default, the Windows Defender Firewall will block everything unless there is an exception rule created. This setting overrides the exceptions. -Now let us say there is an exploit that is attacking multiple ports and services -on a host. Rather than disable each individual rule, the ‘Block all incoming -connections…’ check box can be used block ALL inbound connections regardless of -these exceptions. In this case, the RDP rules are still present, however RDP -will not work because those rules are being overridden by the block EVERYTHING -nature of the setting. +Consider an example involving Remote Desktop. If Remote Desktop is enabled, but no firewall rules were created beforehand, users cannot remotely access the device. This is why the Remote Desktop feature automatically creates filters when the feature is enabled. Meanwhile, if there is an exploit using multiple ports and services on a host, you can, instead of disabling individual rules, use the shields up mode to block all inbound connections, overriding previous exceptions. The Remote Desktop rules are intact but remote access will not work as long as shields up is activated. -One the emergency is over, uncheck the setting to resume normal operations. +Once the emergency is over, uncheck the setting to restore regular network traffic. ## Create outbound rules -What follows are a few general guidelines for configuring outbound filters. +What follows are a few general guidelines for configuring outbound rules. -- The default configuration of Blocked for Outbound rules should and may be - considered for certain highly secure environments; however, the Inbound rule - configuration should never be changed in a way that Allows traffic by - default. +- The default configuration of Blocked for Outbound rules can be + considered for certain highly secure environments. However, the Inbound rule configuration should never be changed in a way that Allows traffic by default. -- It is recommended to Allow Outbound by default for most deployments for the - sake of simplification around app deployments, and unless the enterprise is - one that must have tight security controls. +- It is recommended to Allow Outbound by default for most deployments for the sake of simplification around app deployments, unless the enterprise prefers tight security controls over ease-of-use. -- In high security environments, an inventory of all enterprise-spanning - apps must be taken and logged by the administrator or administrators. - Records must include whether an app used requires network connectivity. - Administrators will need to create new rules specific to each app that - needs network connectivity and push those rules centrally, via group - policy (GP), Mobile Device Management (MDM), or both (for hybrid or - co-management environments). +- In high security environments, an inventory of all enterprise-spanning apps must be taken and logged by the administrator or administrators. Records must include whether an app used requires network connectivity. Administrators will need to create new rules specific to each app that needs network connectivity and push those rules centrally, via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments). ## Document your changes -When creating an Inbound or Outbound rule, you should specify details about the -app itself, the port range used, and important notes like the date of creation. -The goal of creating any new rule is for it to be tightly secured and explicitly -documented so that its existence is easily grasped by new administrators, or -existing administrators who may not revisit the rule for a quarter year or more. -Take pains to make the work of reviewing your firewall rules at a later date -easier. And *never* create unnecessary holes in your firewall. +When creating an inbound or outbound rule, you should specify details about the app itself, the port range used, and important notes like creation date. The goal of creating any new rule is for it to be tightly secured and explicitly +documented so that its existence is easily grasped by new administrators, or existing administrators who may not revisit the rule for a quarter year or more. We highly encourage taking the time to make the work of reviewing your firewall rules at a later date easier. And *never* create unnecessary holes in your firewall. From 80301cd201c34b9ce93b03ebc123a12650a932fa Mon Sep 17 00:00:00 2001 From: schmurky Date: Mon, 21 Sep 2020 18:47:26 +0800 Subject: [PATCH 21/84] Update best practices doc --- .../best-practices-configuring.md | 56 ++++++++----------- 1 file changed, 24 insertions(+), 32 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index 99f86a92f5..0bec84aa4d 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: schmurky +ms.author: maccruz author: schmurky ms.localizationpriority: medium manager: dansimp @@ -33,8 +33,8 @@ following best practices can help you optimize protection for devices in your network. These recommendations cover a wide range of deployments including home networks and enterprise desktop/server systems. -To open Windows Firewall, go to the **Start** menu, click **Run**, -type **WF.msc**, and then click **OK**. See also [Open Windows Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security). +To open Windows Firewall, go to the **Start** menu, select **Run**, +type **WF.msc**, and then select **OK**. See also [Open Windows Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security). ## Keep default settings @@ -44,20 +44,15 @@ When you open the Windows Defender Firewall for the first time, you can see the *Figure 1: Windows Defender Firewall* -1. **Domain profile**: Security settings in this profile are designed for a - network where there is a system of account authentication against a domain - controller (DC), such as an Azure Active Directory DC. +1. **Domain profile**: Used for networks where there is a system of account authentication against a domain controller (DC), such as an Azure Active Directory DC -2. **Private profile**: This profile’s settings are designed for and best used - in private networks such as a home network. +2. **Private profile**: Designed for and best used + in private networks such as a home network -3. **Public profile**: This profile is designed with higher security in mind - for public networks like Wi-Fi hotspots, coffee shops, airports, hotels, and - stores. +3. **Public profile**: Designed with higher security in mind + for public networks like Wi-Fi hotspots, coffee shops, airports, hotels, or stores -View detailed settings for each profile by right-clicking (or selecting -and holding) the top-level **Windows Defender Firewall with Advanced Security** -node in the left pane and then selecting **Properties**. +View detailed settings for each profile by right-clicking the top-level **Windows Defender Firewall with Advanced Security** node in the left pane and then selecting **Properties**. Maintain the default settings in Windows Defender Firewall whenever possible. These settings have been designed to secure your device for use in most network scenarios. One key example is the default Block behavior for Inbound connections. @@ -69,10 +64,11 @@ Firewall whenever possible. These settings have been designed to secure your dev > [!IMPORTANT] > To maintain maximum security, do not change the default Block setting for inbound connections. +For more on configuring basic firewall settings, see [Turn on Windows Firewall and Configure Default Behavior](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior) and [Checklist: Configuring Basic Firewall Settings](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings). + ## Understand rule precedence -In many cases, a next step for administrators will be to customize these profiles using rules (sometimes called filters) so that they can work with user apps or other types of software. For example, an administrator or user may choose to add a rule to accommodate a -program, open a port or protocol, or allow a predefined type of traffic. +In many cases, a next step for administrators will be to customize these profiles using rules (sometimes called filters) so that they can work with user apps or other types of software. For example, an administrator or user may choose to add a rule to accommodate a program, open a port or protocol, or allow a predefined type of traffic. This can be accomplished by right-clicking (or selecting and holding) either **Inbound Rules** or **Outbound Rules**, and selecting **New Rule**. The interface for adding a new rule looks like this: @@ -81,7 +77,7 @@ This can be accomplished by right-clicking (or selecting and holding) either **I *Figure 3: Rule Creation Wizard* > [!NOTE] -This article does not cover step-by-step rule +>This article does not cover step-by-step rule configuration. See the [Windows Firewall with Advanced Security Deployment Guide](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide) for general guidance on policy creation. @@ -95,14 +91,9 @@ allowing these inbound exceptions. 2. Block rules will take precedence over any conflicting allow rules. -3. More specific rules will take precedence over less specific rules, except in - the case of explicit block rules as mentioned in 2. (For example, if the - parameters of rule 1 includes an IP address range, while the parameters of - rule 2 include a single IP host address, rule 2 will take precedence.) +3. More specific rules will take precedence over less specific rules, except in the case of explicit block rules as mentioned in 2. (For example, if the parameters of rule 1 includes an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 will take precedence.) -Because of 1 and 2, it is important that, when designing a set of policies, you -make sure that there are no other active block rules in place that could -inadvertently overlap, thus preventing the traffic flow you wish to allow. +Because of 1 and 2, it is important that, when designing a set of policies, you make sure that there are no other active block rules in place that could inadvertently overlap, thus preventing the traffic flow you wish to allow. A general security best practice in creating inbound rules is to be as specific as possible. However, when new rules must be made that use ports or IP addresses, consider using consecutive ranges or subnets instead of individual addresses or ports where possible. This avoids creation of multiple filters under the hood, thus reducing complexity and helping to avoid performance degradation. @@ -126,11 +117,8 @@ Assuming there are no active application or administrator-defined allow rule(s) In either of the scenarios above, once these rules are added they must be deleted in order to generate the prompt again. If not, the traffic will continue to be blocked. > [!NOTE] -> As regards third-party software. Microsoft cannot know in advance [and should -not even assume] whether we should let all packets for the application just come -into the machine. Hence, it is up to the developer of the app, the user (or the -admin acting on behalf of the user) to allow appropriate inbound firewall -exceptions. +> The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from third-party software should be determined by trusted app developers, the user, or the admin on behalf of the user. + ### Known issues with user query behaviors @@ -160,6 +148,8 @@ around this process can typically be boiled down to a few primary causes: *Figure 4: User query notification* +See also [Checklist: Creating Inbound Firewwall Rules](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules). + ## Establish local policy merge and application rules Firewall rules can be deployed: @@ -191,12 +181,12 @@ As a best practice, it is important to list and log such apps, including the net In any event, to maintain maximum security administrators should only push firewall exceptions for apps and services determined to serve legitimate purposes. > [!NOTE] -The use of wildcard patterns, such as C:\*\\teams.exe is not -supported in application rules. We currently only support rules created using the full path to an application. +The use of wildcard patterns, such as *C:\*\\teams.exe* is not +supported in application rules. We currently only support rules created using the full path to the application(s). ## Know how to use "shields up" mode for active attacks -An important firewall option you can use to mitigate damage during an active attack is the "shields up" mode. It is an informal term referring to an easy method a firewall administrator can use to achieve a temporarily heightened state of security in the face of an active attack. +An important firewall feature you can use to mitigate damage during an active attack is the "shields up" mode. It is an informal term referring to an easy method a firewall administrator can use to achieve a temporarily heightened state of security in the face of an active attack. Shields up can be achieved by checking **Block all incoming connections, including those in the list of allowed apps** setting found in either the Windows Settings app or the legacy file *firewall.cpl*. @@ -226,6 +216,8 @@ What follows are a few general guidelines for configuring outbound rules. - In high security environments, an inventory of all enterprise-spanning apps must be taken and logged by the administrator or administrators. Records must include whether an app used requires network connectivity. Administrators will need to create new rules specific to each app that needs network connectivity and push those rules centrally, via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments). +For tasks related to creating outbound rules, see [Checklist: Creating Outbound Firewall Rules](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules). + ## Document your changes When creating an inbound or outbound rule, you should specify details about the app itself, the port range used, and important notes like creation date. The goal of creating any new rule is for it to be tightly secured and explicitly From ffe84fe49c07b1cef5cee1ac98cd1b4865866e2a Mon Sep 17 00:00:00 2001 From: schmurky Date: Mon, 21 Sep 2020 19:57:17 +0800 Subject: [PATCH 22/84] Update best practices --- .../best-practices-configuring.md | 71 ++++++++----------- 1 file changed, 28 insertions(+), 43 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index 0bec84aa4d..4c4c622e2f 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -59,18 +59,18 @@ Firewall whenever possible. These settings have been designed to secure your dev ![A screenshot of a cell phone Description automatically generated](images/fw03-defaults.png) -*Figure 2: Default Inbound/Outbound connection behavior* +*Figure 2: Default inbound/outbound settings* > [!IMPORTANT] > To maintain maximum security, do not change the default Block setting for inbound connections. For more on configuring basic firewall settings, see [Turn on Windows Firewall and Configure Default Behavior](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior) and [Checklist: Configuring Basic Firewall Settings](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings). -## Understand rule precedence +## Understand rule precedence for inbound rules In many cases, a next step for administrators will be to customize these profiles using rules (sometimes called filters) so that they can work with user apps or other types of software. For example, an administrator or user may choose to add a rule to accommodate a program, open a port or protocol, or allow a predefined type of traffic. -This can be accomplished by right-clicking (or selecting and holding) either **Inbound Rules** or **Outbound Rules**, and selecting **New Rule**. The interface for adding a new rule looks like this: +This can be accomplished by right-clicking either **Inbound Rules** or **Outbound Rules**, and selecting **New Rule**. The interface for adding a new rule looks like this: ![Rule creation wizard](images/fw02-createrule.png) @@ -89,14 +89,13 @@ allowing these inbound exceptions. 1. Explicitly defined allow rules will take precedence over the default block setting. -2. Block rules will take precedence over any conflicting allow rules. +2. Explicit block rules will take precedence over any conflicting allow rules. 3. More specific rules will take precedence over less specific rules, except in the case of explicit block rules as mentioned in 2. (For example, if the parameters of rule 1 includes an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 will take precedence.) -Because of 1 and 2, it is important that, when designing a set of policies, you make sure that there are no other active block rules in place that could inadvertently overlap, thus preventing the traffic flow you wish to allow. +Because of 1 and 2, it is important that, when designing a set of policies, you make sure that there are no other explicit block rules in place that could inadvertently overlap, thus preventing the traffic flow you wish to allow. -A general security best practice in creating inbound rules is to be as specific as possible. However, when new rules must be made that use ports or IP addresses, consider using consecutive ranges or subnets instead of individual addresses or ports where possible. This avoids creation of multiple filters under the hood, thus reducing complexity and helping to avoid -performance degradation. +A general security best practice when creating inbound rules is to be as specific as possible. However, when new rules must be made that use ports or IP addresses, consider using consecutive ranges or subnets instead of individual addresses or ports where possible. This avoids creation of multiple filters under the hood, reduces complexity, and helps to avoid performance degradation. > [!NOTE] Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above. @@ -105,14 +104,13 @@ Windows Defender Firewall does not support traditional weighted, administrator-a ### Inbound allow rules -When first installed, networked applications and services issue a 'listen call' specifying the protocol/port information required for them to function properly. As there is a default block action in place on the Windows Defender Firewall, it -is necessary to create inbound exception rules to allow this traffic. In such a scenario it is common for the app or the app installer itself to add this firewall rule. Failing that, the responsibility falls to the user (or firewall admin on behalf of the user) to manually create a rule. +When first installed, networked applications and services issue a listen call specifying the protocol/port information required for them to function properly. As there is a default block action in Windows Defender Firewall, it is necessary to create inbound exception rules to allow this traffic. It is common for the app or the app installer itself to add this firewall rule. Otherwise, the user (or firewall admin on behalf of the user) needs to manually create a rule. -Assuming there are no active application or administrator-defined allow rule(s) already present, creation will have to be dealt with the first time the application is launched or otherwise tries to communicate on the network. In such a case a dialog box will prompt the user to either allow or block the packets. +If there are no active application or administrator-defined allow rule(s), a dialog box will prompt the user to either allow or block an application's packets the first time the app is launched or tries to communicate in the network. -- If the user has admin permissions, they will be prompted. If they respond ‘no’ or otherwise cancel the prompt, block rules will be created (typically two; one for TCP traffic and one for UDP traffic). +- If the user has admin permissions, they will be prompted. If they respond *No* or cancel the prompt, block rules will be created. Two rules are typically created, one each for TCP and UDP traffic. -- If the user is not a local admin they will not be prompted and, in most cases, block rules will be created. +- If the user is not a local admin, they will not be prompted. In most cases, block rules will be created. In either of the scenarios above, once these rules are added they must be deleted in order to generate the prompt again. If not, the traffic will continue to be blocked. @@ -120,33 +118,23 @@ In either of the scenarios above, once these rules are added they must be delete > The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from third-party software should be determined by trusted app developers, the user, or the admin on behalf of the user. -### Known issues with user query behaviors +### Known issues with automatic rule creation -When designing a set of firewall policies for your network, it is a best -practice to configure allow rules for any networked applications deployed on the -host. Having these rules in place before the user first launches the application -will help ensure a seamless experience. +When designing a set of firewall policies for your network, it is a best practice to configure allow rules for any networked applications deployed on the host. Having these rules in place before the user first launches the application will help ensure a seamless experience. -The absence of these staged rules does not necessarily mean that in the end an -application will be unable to communicate on the network. However, the behaviors -involved in the automatic creation of application rules at runtime can sometimes -be problematic due to the need for user interaction. The source of confusion -around this process can typically be boiled down to a few primary causes: +The absence of these staged rules does not necessarily mean that in the end an application will be unable to communicate on the network. However, the behaviors involved in the automatic creation of application rules at runtime requires user interaction. -1. A user with sufficient privileges receives a query notification advising - them that the application needs to make a change to the firewall policy. Not - fully understanding the meaning of the prompt, the user then cancels or - otherwise dismisses the prompt. +To determine why some applications are blocked from communicating in the network, check for the following: -2. A user lacking sufficient privileges and is therefore not prompted to allow - the application to make the appropriate policy changes. +1. A user with sufficient privileges receives a query notification advising them that the application needs to make a change to the firewall policy. Not fully understanding the meaning of the prompt, the user then cancels or otherwise dismisses the prompt. -3. Local Policy Merge is disabled, preventing the application or network - service from plumbing local rules. +2. A user lacks sufficient privileges and is therefore not prompted to allow the application to make the appropriate policy changes. + +3. Local Policy Merge is disabled, preventing the application or network service from creating local rules. ![A screenshot of a cell phone Description automatically generated](images/fw04-userquery.png) -*Figure 4: User query notification* +*Figure 4: Dialog box to allow access* See also [Checklist: Creating Inbound Firewwall Rules](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules). @@ -155,10 +143,7 @@ See also [Checklist: Creating Inbound Firewwall Rules](https://docs.microsoft.co Firewall rules can be deployed: 1. Locally using the Firewall snap-in (**WF.msc**) 2. Locally using PowerShell -3. Remotely using Group Policy if the device is a member of: - 1. an Active Directory Name - 2. SCCM - 3. Intune (using workplace join) +3. Remotely using Group Policy if the device is a member of an Active Directory Name, System Center Configuration Manager (SCCM), or Intune (using workplace join) Rule merging settings control how rules from different policy sources can be combined. Administrators can configure different merge behaviors for Domain, Private, and Public profiles. @@ -168,25 +153,26 @@ The rule merging settings either allow or prevent local admins from creating the *Figure 5: Rule merging setting* -The equivalent setting *AllowLocalPolicyMerge* is used when configuring using the firewall [configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/firewall-csp) and is exposed under each respective profile -node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*. +> [!TIP] +> In the firewall [configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/firewall-csp), the +equivalent setting is *AllowLocalPolicyMerge*. This setting can be found under each respective profile node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*. If merging of local policies is disabled, centralized deployment of rules is required for any app that needs inbound connectivity. Admins may disable *LocalPolicyMerge* in high security environments to maintain tighter control over endpoints. This can impact some apps and services that automatically generate a local firewall policy upon installation as discussed above. For these types of apps and services to work, admins should push rules centrally via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments). -As a best practice, it is important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex or customer application deployments however, a more thorough analysis may be needed using network packet capture tools. +As a best practice, it is important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex or customer application deployments, a more thorough analysis may be needed using network packet capture tools. -In any event, to maintain maximum security administrators should only push firewall exceptions for apps and services determined to serve legitimate purposes. +In general, to maintain maximum security, admins should only push firewall exceptions for apps and services determined to serve legitimate purposes. > [!NOTE] -The use of wildcard patterns, such as *C:\*\\teams.exe* is not +> The use of wildcard patterns, such as *C:\*\\teams.exe* is not supported in application rules. We currently only support rules created using the full path to the application(s). ## Know how to use "shields up" mode for active attacks -An important firewall feature you can use to mitigate damage during an active attack is the "shields up" mode. It is an informal term referring to an easy method a firewall administrator can use to achieve a temporarily heightened state of security in the face of an active attack. +An important firewall feature you can use to mitigate damage during an active attack is the "shields up" mode. It is an informal term referring to an easy method a firewall administrator can use to temporarily increase security in the face of an active attack. Shields up can be achieved by checking **Block all incoming connections, including those in the list of allowed apps** setting found in either the Windows Settings app or the legacy file *firewall.cpl*. @@ -220,5 +206,4 @@ For tasks related to creating outbound rules, see [Checklist: Creating Outbound ## Document your changes -When creating an inbound or outbound rule, you should specify details about the app itself, the port range used, and important notes like creation date. The goal of creating any new rule is for it to be tightly secured and explicitly -documented so that its existence is easily grasped by new administrators, or existing administrators who may not revisit the rule for a quarter year or more. We highly encourage taking the time to make the work of reviewing your firewall rules at a later date easier. And *never* create unnecessary holes in your firewall. +When creating an inbound or outbound rule, you should specify details about the app itself, the port range used, and important notes like creation date. Rules must be well-documented for ease of review both by you and other admins. We highly encourage taking the time to make the work of reviewing your firewall rules at a later date easier. And *never* create unnecessary holes in your firewall. From 450beeb281b3962f7a25b23a383e310acfaf06fe Mon Sep 17 00:00:00 2001 From: schmurky Date: Mon, 21 Sep 2020 20:06:55 +0800 Subject: [PATCH 23/84] Updated note --- .../windows-firewall/best-practices-configuring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index 4c4c622e2f..5741ef2646 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -98,7 +98,7 @@ Because of 1 and 2, it is important that, when designing a set of policies, you A general security best practice when creating inbound rules is to be as specific as possible. However, when new rules must be made that use ports or IP addresses, consider using consecutive ranges or subnets instead of individual addresses or ports where possible. This avoids creation of multiple filters under the hood, reduces complexity, and helps to avoid performance degradation. > [!NOTE] -Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above. +> Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above. ## Create rules for new applications before first launch From cffbf7e867a3990ae7e7cc5dc2de5f589b3b86ab Mon Sep 17 00:00:00 2001 From: schmurky Date: Mon, 21 Sep 2020 20:15:38 +0800 Subject: [PATCH 24/84] Update best practices --- .../windows-firewall/best-practices-configuring.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index 5741ef2646..67fbbb67be 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -126,17 +126,17 @@ The absence of these staged rules does not necessarily mean that in the end an a To determine why some applications are blocked from communicating in the network, check for the following: -1. A user with sufficient privileges receives a query notification advising them that the application needs to make a change to the firewall policy. Not fully understanding the meaning of the prompt, the user then cancels or otherwise dismisses the prompt. +1. A user with sufficient privileges receives a query notification advising them that the application needs to make a change to the firewall policy. Not fully understanding the prompt, the user cancels or dismisses the prompt. 2. A user lacks sufficient privileges and is therefore not prompted to allow the application to make the appropriate policy changes. 3. Local Policy Merge is disabled, preventing the application or network service from creating local rules. -![A screenshot of a cell phone Description automatically generated](images/fw04-userquery.png) +![Windows Firewall prompt](images/fw04-userquery.png) *Figure 4: Dialog box to allow access* -See also [Checklist: Creating Inbound Firewwall Rules](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules). +See also [Checklist: Creating Inbound Firewall Rules](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules). ## Establish local policy merge and application rules @@ -187,7 +187,7 @@ incoming connections, including those in the list of allowed apps** setting foun By default, the Windows Defender Firewall will block everything unless there is an exception rule created. This setting overrides the exceptions. -Consider an example involving Remote Desktop. If Remote Desktop is enabled, but no firewall rules were created beforehand, users cannot remotely access the device. This is why the Remote Desktop feature automatically creates filters when the feature is enabled. Meanwhile, if there is an exploit using multiple ports and services on a host, you can, instead of disabling individual rules, use the shields up mode to block all inbound connections, overriding previous exceptions. The Remote Desktop rules are intact but remote access will not work as long as shields up is activated. +For example, the Remote Desktop feature automatically creates firewall rules when enabled. However, if there is an active exploit using multiple ports and services on a host, you can, instead of disabling individual rules, use the shields up mode to block all inbound connections, overriding previous exceptions, including the rules for Remote Desktop. The Remote Desktop rules remain intact but remote access will not work as long as shields up is activated. Once the emergency is over, uncheck the setting to restore regular network traffic. From 5c9a8ec042c458cc2e217df8c6fe2f3330c58126 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Mon, 21 Sep 2020 14:41:27 -0400 Subject: [PATCH 25/84] some queries updated smaller table to left, time window, filters on both sides --- .../advanced-hunting-best-practices.md | 36 ++++++++++--------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 412c20d764..396cb929ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -61,17 +61,17 @@ The [join operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/j - **Smaller table to your left**—The `join` operator matches records in the table on the left side of your join statement to records on the right. By having the smaller table on the left, fewer records will need to be matched, thus speeding up the query. - In the table below, we reduce the left table `DeviceLogonEvents` to cover only three specific devices before joining it with `IdentityLogonEvents` by account SIDs. + In the table below, we reduce the left table `DeviceLogonEvents` to cover only three specific devices before joining it with `DeviceNetworkEvents` by device IDs. ```kusto DeviceLogonEvents | where DeviceName in ("device-1.domain.com", "device-2.domain.com", "device-3.domain.com") | where ActionType == "LogonFailed" | join - (IdentityLogonEvents - | where ActionType == "LogonFailed" - | where Protocol == "Kerberos") - on AccountSid + (DeviceNetworkEvents + | where Protocol == "Kerberos" + | where ActionType == "LogonFailed") + on DeviceId ``` - **Use the inner-join flavor**—The default [join flavor](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-flavors) or the [innerunique-join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#innerunique-join-flavor) deduplicates rows in the left table by the join key before returning a row for each match to the right table. If the left table has multiple rows with the same value for the `join` key, those rows will be deduplicated to leave a single random row for each unique value. @@ -96,29 +96,33 @@ The [join operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/j - **Join records from a time window**—When investigating security events, analysts look for related events that occur around the same time period. Applying the same approach when using `join` also benefits performance by reducing the number of records to check. - The query below checks for logon events within 30 minutes of receiving a malicious file: + The query below checks for logon events within 30 minutes of a credential access alert being raised: ```kusto - EmailEvents + DeviceAlertEvents | where Timestamp > ago(7d) - | where MalwareFilterVerdict == "Malware" - | project EmailReceivedTime = Timestamp, Subject, SenderFromAddress, AccountName = tostring(split(RecipientEmailAddress, "@")[0]) + | where Severity == "High" + | where Category == "CredentialAccess" + | project AlertRaised = Timestamp, DeviceName, AlertId, Title, AttackTechniques | join ( DeviceLogonEvents | where Timestamp > ago(7d) - | project LogonTime = Timestamp, AccountName, DeviceName - ) on AccountName - | where (LogonTime - EmailReceivedTime) between (0min .. 30min) + | project LogonTime = Timestamp, DeviceName, AccountName + ) on DeviceName + | where (LogonTime - AlertRaised) between (0min .. 30min) ``` - **Apply time filters on both sides**—Even if you're not investigating a specific time window, applying time filters on both the left and right tables can reduce the number of records to check and improve `join` performance. The query below applies `Timestamp > ago(1h)` to both tables so that it joins only records from the past hour: ```kusto - EmailAttachmentInfo + DeviceAlertEvents | where Timestamp > ago(1h) - | where Subject == "Document Attachment" and FileName == "Document.pdf" - | join kind=inner (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 - ``` + | where Severity == "High" + | join (DeviceFileEvents + | where Timestamp > ago(1h) + | where ActionType == "FileCreated" + ) on SHA1 + ``` - **Use hints for performance**—Use hints with the `join` operator to instruct the backend to distribute load when running resource-intensive operations. [Learn more about join hints](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-hints) From 5796bfb7ec4f9dfd9667c0058709800e999c432b Mon Sep 17 00:00:00 2001 From: skycommand Date: Thu, 24 Sep 2020 11:50:11 +0330 Subject: [PATCH 26/84] Script improvements - Script: Marked each snippet as "PowerShell" instead of plain text. Both GitHub and Microsoft Docs can highlight PowerShell syntax. - Script: Added `#Requires -RunAsAdministrator` because the `Mount-WindowsImage` cmdlet needs it. - Script: Eliminated the path-concatenating code-spaghetti. A mixture of different string-concatenating features was used alongside `Join-Path`! As a result, reading, interpreting, and adopting the path section of the script was a total nightmare. - Script: Replaced all instances of "Write-Host" with "Write-Output". This is a serious change, as PowerShell scripts do not always run attended. Per PowerShell guidelines, `Write-Host` is a last-resort cmdlet. Where possible, `Write-Output` should be used instead. - Script: Changed `"{0:HH:mm:ss}" -f (Get-Date)` into `return "{0:HH:mm:ss}" -f [DateTime]::Now`. It seems not everyone knows that Get-Date's output can be customized, and not always via its parameters. Hence, the former could have unintended consequences. It is also possible to write `Get-Date -Format "HH:mm:ss"` which is neither superior nor inferior. (Well, maybe it costs a few more CPU ticks.) - Markdown Linter: Replaced inline HTML with Markdown - Markdown Linter: Inserted the missing line breaks before each heading --- .../deployment/update/media-dynamic-update.md | 158 +++++++++--------- 1 file changed, 81 insertions(+), 77 deletions(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 8af36e4df1..15715aaf19 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -18,7 +18,7 @@ ms.topic: article **Applies to**: Windows 10 -This topic explains how to acquire and apply Dynamic Update packages to existing Windows 10 images prior to deployment and includes Windows PowerShell scripts you can use to automate this process. +This topic explains how to acquire and apply Dynamic Update packages to existing Windows 10 images *prior to deployment* and includes Windows PowerShell scripts you can use to automate this process. Volume-licensed media is available for each release of Windows 10 in the Volume Licensing Service Center (VLSC) and other relevant channels such as Windows Update for Business, Windows Server Update Services (WSUS), and Visual Studio Subscriptions. You can use Dynamic Update to ensure that Windows 10 devices have the latest feature update packages as part of an in-place upgrade while preserving language pack and Features on Demand (FODs) that might have been previously installed. Dynamic Update also eliminates the need to install a separate quality update as part of the in-place upgrade process. @@ -42,8 +42,7 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https ![Table with columns labeled Title, Products, Classification, Last Updated, Version, and Size and four rows listing various dynamic updates and associated KB articles](images/update-catalog.png) -The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in bold the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results. - +The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in **bold** the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results. |To find this Dynamic Update packages, search for or check the results here--> |Title |Product |Description (select the **Title** link to see **Details**) | |---------|---------|---------|---------| @@ -96,7 +95,6 @@ Optional Components, along with the .Net feature, can be installed offline, howe These examples are for illustration only, and therefore lack error handling. The script assumes that the following packages is stored locally in this folder structure: - |Folder |Description | |---------|---------| |C:\mediaRefresh | Parent folder that contains the PowerShell script | @@ -107,50 +105,52 @@ These examples are for illustration only, and therefore lack error handling. The The script starts by declaring global variables and creating folders to use for mounting images. Then, make a copy of the original media, from \oldMedia to \newMedia, keeping the original media in case there is a script error and it's necessary to start over from a known state. Also, it will provide a comparison of old versus new media to evaluate changes. To ensure that the new media updates, make sure they are not read-only. -``` -function Get-TS { return "{0:HH:mm:ss}" -f (Get-Date) } +``` PowerShell +#Requires -RunAsAdministrator -Write-Host "$(Get-TS): Starting media refresh" +function Get-TS { return "{0:HH:mm:ss}" -f [DateTime]::Now } -# Declare media for FOD and LPs -$FOD_ISO_PATH = "C:\mediaRefresh\packages\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso" -$LP_ISO_PATH = "C:\mediaRefresh\packages\CLIENTLANGPACKDVD_OEM_MULTI.iso" +Write-Output "$(Get-TS): Starting media refresh" # Declare language for showcasing adding optional localized components -$LANG = "ja-jp" +$LANG = "ja-jp" $LANG_FONT_CAPABILITY = "jpan" +# Declare media for FOD and LPs +$FOD_ISO_PATH = "C:\mediaRefresh\packages\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso" +$LP_ISO_PATH = "C:\mediaRefresh\packages\CLIENTLANGPACKDVD_OEM_MULTI.iso" + # Declare Dynamic Update packages -$LCU_PATH = "C:\mediaRefresh\packages\LCU.msu" -$SSU_PATH = "C:\mediaRefresh\packages\SSU_DU.msu" -$SETUP_DU_PATH = "C:\mediaRefresh\packages\Setup_DU.cab" +$LCU_PATH = "C:\mediaRefresh\packages\LCU.msu" +$SSU_PATH = "C:\mediaRefresh\packages\SSU_DU.msu" +$SETUP_DU_PATH = "C:\mediaRefresh\packages\Setup_DU.cab" $SAFE_OS_DU_PATH = "C:\mediaRefresh\packages\SafeOS_DU.cab" -$DOTNET_CU_PATH = "C:\mediaRefresh\packages\DotNet_CU.msu" +$DOTNET_CU_PATH = "C:\mediaRefresh\packages\DotNet_CU.msu" # Declare folders for mounted images and temp files -$WORKING_PATH = "C:\mediaRefresh\temp" -$MEDIA_OLD_PATH = "C:\mediaRefresh\oldMedia" -$MEDIA_NEW_PATH = "C:\mediaRefresh\newMedia" -$MAIN_OS_MOUNT = $WORKING_PATH + "\MainOSMount" -$WINRE_MOUNT = $WORKING_PATH + "\WinREMount" -$WINPE_MOUNT = $WORKING_PATH + "\WinPEMount" +$MEDIA_OLD_PATH = "C:\mediaRefresh\oldMedia" +$MEDIA_NEW_PATH = "C:\mediaRefresh\newMedia" +$WORKING_PATH = "C:\mediaRefresh\temp" +$MAIN_OS_MOUNT = "C:\mediaRefresh\temp\MainOSMount" +$WINRE_MOUNT = "C:\mediaRefresh\temp\WinREMount" +$WINPE_MOUNT = "C:\mediaRefresh\temp\WinPEMount" # Mount the language pack ISO -Write-Host "$(Get-TS): Mounting LP ISO" +Write-Output "$(Get-TS): Mounting LP ISO" $LP_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter # Declare language related cabs -$WINPE_OC_PATH = Join-Path $LP_ISO_DRIVE_LETTER":" -ChildPath "Windows Preinstallation Environment" | Join-Path -ChildPath "x64" | Join-Path -ChildPath "WinPE_OCs" -$WINPE_OC_LANG_PATH = Join-Path $WINPE_OC_PATH $LANG -$WINPE_OC_LANG_CABS = Get-ChildItem $WINPE_OC_LANG_PATH -name -$WINPE_OC_LP_PATH = Join-Path $WINPE_OC_LANG_PATH "lp.cab" -$WINPE_FONT_SUPPORT_PATH = Join-Path $WINPE_OC_PATH "WinPE-FontSupport-$LANG.cab" -$WINPE_SPEECH_TTS_PATH = Join-Path $WINPE_OC_PATH "WinPE-Speech-TTS.cab" -$WINPE_SPEECH_TTS_LANG_PATH = Join-Path $WINPE_OC_PATH "WinPE-Speech-TTS-$LANG.cab" -$OS_LP_PATH = $LP_ISO_DRIVE_LETTER + ":\x64\langpacks\" + "Microsoft-Windows-Client-Language-Pack_x64_" + $LANG + ".cab" +$WINPE_OC_PATH = "$LP_ISO_DRIVE_LETTER`:\Windows Preinstallation Environment\x64\WinPE_OCs" +$WINPE_OC_LANG_PATH = "$WINPE_OC_PATH\$LANG" +$WINPE_OC_LANG_CABS = Get-ChildItem $WINPE_OC_LANG_PATH -Name +$WINPE_OC_LP_PATH = "$WINPE_OC_LANG_PATH\lp.cab" +$WINPE_FONT_SUPPORT_PATH = "$WINPE_OC_PATH\WinPE-FontSupport-$LANG.cab" +$WINPE_SPEECH_TTS_PATH = "$WINPE_OC_PATH\WinPE-Speech-TTS.cab" +$WINPE_SPEECH_TTS_LANG_PATH = "$WINPE_OC_PATH\WinPE-Speech-TTS-$LANG.cab" +$OS_LP_PATH = "$LP_ISO_DRIVE_LETTER`:\x64\langpacks\Microsoft-Windows-Client-Language-Pack_x64_$LANG.cab" # Mount the Features on Demand ISO -Write-Host "$(Get-TS): Mounting FOD ISO" +Write-Output "$(Get-TS): Mounting FOD ISO" $FOD_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter $FOD_PATH = $FOD_ISO_DRIVE_LETTER + ":\" @@ -161,10 +161,11 @@ New-Item -ItemType directory -Path $WINRE_MOUNT -ErrorAction stop | Out-Null New-Item -ItemType directory -Path $WINPE_MOUNT -ErrorAction stop | Out-Null # Keep the original media, make a copy of it for the new, updateed media. -Write-Host "$(Get-TS): Copying original media to new media path" +Write-Output "$(Get-TS): Copying original media to new media path" Copy-Item -Path $MEDIA_OLD_PATH"\*" -Destination $MEDIA_NEW_PATH -Force -Recurse -ErrorAction stop | Out-Null Get-ChildItem -Path $MEDIA_NEW_PATH -Recurse | Where-Object { -not $_.PSIsContainer -and $_.IsReadOnly } | ForEach-Object { $_.IsReadOnly = $false } ``` + ### Update WinRE The script assumes that only a single edition is being updated, indicated by Index = 1 (Windows 10 Education Edition). Then the script mounts the image, saves Winre.wim to the working folder, and mounts it. It then applies servicing stack Dynamic Update, since its s are used for updating other s. Since the script is optionally adding Japanese, it adds the language pack to the image, and installs the Japanese versions of all optional packages already installed in Winre.wim. Then, it applies the Safe OS Dynamic Update package. @@ -174,27 +175,27 @@ It finishes by cleaning and exporting the image to reduce the image size. > [!NOTE] > Skip adding the latest cumulative update to Winre.wim because it contains unnecessary s in the recovery environment. The s that are updated and applicable are contained in the safe operating system Dynamic Update package. This also helps to keep the image small. -``` +``` PowerShell # Mount the main operating system, used throughout the script -Write-Host "$(Get-TS): Mounting main OS" +Write-Output "$(Get-TS): Mounting main OS" Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" -Index 1 -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null # # update Windows Recovery Environment (WinRE) # Copy-Item -Path $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Destination $WORKING_PATH"\winre.wim" -Force -Recurse -ErrorAction stop | Out-Null -Write-Host "$(Get-TS): Mounting WinRE" +Write-Output "$(Get-TS): Mounting WinRE" Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim" -Index 1 -Path $WINRE_MOUNT -ErrorAction stop | Out-Null # Add servicing stack update -Write-Host "$(Get-TS): Adding package $SSU_PATH" +Write-Output "$(Get-TS): Adding package $SSU_PATH" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null # # Optional: Add the language to recovery environment # # Install lp.cab cab -Write-Host "$(Get-TS): Adding package $WINPE_OC_LP_PATH" +Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null # Install language cabs for each optional package installed @@ -210,7 +211,7 @@ Foreach ($PACKAGE in $WINRE_INSTALLED_OC) { $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab" if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) { $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB - Write-Host "$(Get-TS): Adding package $OC_CAB_PATH" + Write-Output "$(Get-TS): Adding package $OC_CAB_PATH" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null } } @@ -219,7 +220,7 @@ Foreach ($PACKAGE in $WINRE_INSTALLED_OC) { # Add font support for the new language if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) { - Write-Host "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null } @@ -227,35 +228,36 @@ if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) { if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) { if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) { - Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null - Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null } } # Add Safe OS -Write-Host "$(Get-TS): Adding package $SAFE_OS_DU_PATH" -Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction stop | Out-Null +Write-Output "$(Get-TS): Adding package $SAFE_OS_DU_PATH" +Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction stop | Out-Null # Perform image cleanup -Write-Host "$(Get-TS): Performing image cleanup on WinRE" +Write-Output "$(Get-TS): Performing image cleanup on WinRE" DISM /image:$WINRE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null # Dismount Dismount-WindowsImage -Path $WINRE_MOUNT -Save -ErrorAction stop | Out-Null # Export -Write-Host "$(Get-TS): Exporting image to $WORKING_PATH\winre2.wim" +Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\winre2.wim" Export-WindowsImage -SourceImagePath $WORKING_PATH"\winre.wim" -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\winre2.wim" -ErrorAction stop | Out-Null Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim" -Force -ErrorAction stop | Out-Null ``` + ### Update WinPE This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. Finally, it cleans and exports Boot.wim, and copies it back to the new media. -``` +``` PowerShell # # update Windows Preinstallation Environment (WinPE) # @@ -266,15 +268,15 @@ $WINPE_IMAGES = Get-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" Foreach ($IMAGE in $WINPE_IMAGES) { # update WinPE - Write-Host "$(Get-TS): Mounting WinPE" + Write-Output "$(Get-TS): Mounting WinPE" Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -Index $IMAGE.ImageIndex -Path $WINPE_MOUNT -ErrorAction stop | Out-Null # Add SSU - Write-Host "$(Get-TS): Adding package $SSU_PATH" + Write-Output "$(Get-TS): Adding package $SSU_PATH" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null # Install lp.cab cab - Write-Host "$(Get-TS): Adding package $WINPE_OC_LP_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null # Install language cabs for each optional package installed @@ -291,7 +293,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) { $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab" if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) { $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB - Write-Host "$(Get-TS): Adding package $OC_CAB_PATH" + Write-Output "$(Get-TS): Adding package $OC_CAB_PATH" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null } } @@ -300,7 +302,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) { # Add font support for the new language if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) { - Write-Host "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null } @@ -308,39 +310,40 @@ Foreach ($IMAGE in $WINPE_IMAGES) { if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) { if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) { - Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null - Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null } } # Generates a new Lang.ini file which is used to define the language packs inside the image if ( (Test-Path -Path $WINPE_MOUNT"\sources\lang.ini") ) { - Write-Host "$(Get-TS): Updating lang.ini" + Write-Output "$(Get-TS): Updating lang.ini" DISM /image:$WINPE_MOUNT /Gen-LangINI /distribution:$WINPE_MOUNT | Out-Null - } + } # Add latest cumulative update - Write-Host "$(Get-TS): Adding package $LCU_PATH" + Write-Output "$(Get-TS): Adding package $LCU_PATH" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null # Perform image cleanup - Write-Host "$(Get-TS): Performing image cleanup on WinPE" + Write-Output "$(Get-TS): Performing image cleanup on WinPE" DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null # Dismount Dismount-WindowsImage -Path $WINPE_MOUNT -Save -ErrorAction stop | Out-Null #Export WinPE - Write-Host "$(Get-TS): Exporting image to $WORKING_PATH\boot2.wim" + Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\boot2.wim" Export-WindowsImage -SourceImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -SourceIndex $IMAGE.ImageIndex -DestinationImagePath $WORKING_PATH"\boot2.wim" -ErrorAction stop | Out-Null } Move-Item -Path $WORKING_PATH"\boot2.wim" -Destination $MEDIA_NEW_PATH"\sources\boot.wim" -Force -ErrorAction stop | Out-Null ``` + ### Update the main operating system For this next phase, there is no need to mount the main operating system, since it was already mounted in the previous scripts. This script starts by applying the servicing stack Dynamic Update. Then, it adds Japanese language support and then the Japanese language features. Unlike the Dynamic Update packages, it leverages `Add-WindowsCapability` to add these features. For a full list of such features, and their associated capability name, see [Available Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod). @@ -349,42 +352,42 @@ Now is the time to enable other Optional Components or add other Features on Dem You can install Optional Components, along with the .Net feature, offline, but that will require the device to be restarted. This is why the script installs .Net and Optional Components after cleanup and before export. -``` +``` PowerShell # # update Main OS # # Add servicing stack update -Write-Host "$(Get-TS): Adding package $SSU_PATH" +Write-Output "$(Get-TS): Adding package $SSU_PATH" Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null # Optional: Add language to main OS -Write-Host "$(Get-TS): Adding package $OS_LP_PATH" +Write-Output "$(Get-TS): Adding package $OS_LP_PATH" Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null # Optional: Add a Features on Demand to the image -Write-Host "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0" +Write-Output "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0" Add-WindowsCapability -Name "Language.Fonts.$LANG_FONT_CAPABILITY~~~und-$LANG_FONT_CAPABILITY~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null -Write-Host "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0" +Write-Output "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0" Add-WindowsCapability -Name "Language.Basic~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null -Write-Host "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0" +Write-Output "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0" Add-WindowsCapability -Name "Language.OCR~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null -Write-Host "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0" +Write-Output "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0" Add-WindowsCapability -Name "Language.Handwriting~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null -Write-Host "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0" +Write-Output "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0" Add-WindowsCapability -Name "Language.TextToSpeech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null -Write-Host "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0" +Write-Output "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0" Add-WindowsCapability -Name "Language.Speech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null # Note: If I wanted to enable additional Features on Demand, I'd add these here. # Add latest cumulative update -Write-Host "$(Get-TS): Adding package $LCU_PATH" +Write-Output "$(Get-TS): Adding package $LCU_PATH" Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null # Copy our updated recovery image from earlier into the main OS @@ -393,7 +396,7 @@ Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop Copy-Item -Path $WORKING_PATH"\winre.wim" -Destination $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Force -Recurse -ErrorAction stop | Out-Null # Perform image cleanup -Write-Host "$(Get-TS): Performing image cleanup on main OS" +Write-Output "$(Get-TS): Performing image cleanup on main OS" DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null # @@ -402,18 +405,18 @@ DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null # the image to be booted, and thus if we tried to cleanup after installation, it would fail. # -Write-Host "$(Get-TS): Adding NetFX3~~~~" +Write-Output "$(Get-TS): Adding NetFX3~~~~" Add-WindowsCapability -Name "NetFX3~~~~" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null # Add .Net Cumulative Update -Write-Host "$(Get-TS): Adding package $DOTNET_CU_PATH" +Write-Output "$(Get-TS): Adding package $DOTNET_CU_PATH" Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $DOTNET_CU_PATH -ErrorAction stop | Out-Null # Dismount Dismount-WindowsImage -Path $MAIN_OS_MOUNT -Save -ErrorAction stop | Out-Null # Export -Write-Host "$(Get-TS): Exporting image to $WORKING_PATH\install2.wim" +Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\install2.wim" Export-WindowsImage -SourceImagePath $MEDIA_NEW_PATH"\sources\install.wim" -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\install2.wim" -ErrorAction stop | Out-Null Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sources\install.wim" -Force -ErrorAction stop | Out-Null ``` @@ -422,20 +425,21 @@ Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sourc This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings an updated Setup.exe as needed, along with the latest compatibility database, and replacement component manifests. -``` +``` PowerShell # # update remaining files on media # # Add Setup DU by copy the files from the package into the newMedia -Write-Host "$(Get-TS): Adding package $SETUP_DU_PATH" +Write-Output "$(Get-TS): Adding package $SETUP_DU_PATH" cmd.exe /c $env:SystemRoot\System32\expand.exe $SETUP_DU_PATH -F:* $MEDIA_NEW_PATH"\sources" | Out-Null ``` + ### Finish up As a last step, the script removes the working folder of temporary files, and unmounts our language pack and Features on Demand ISOs. -``` +``` PowerShell # # Perform final cleanup # @@ -444,9 +448,9 @@ As a last step, the script removes the working folder of temporary files, and un Remove-Item -Path $WORKING_PATH -Recurse -Force -ErrorAction stop | Out-Null # Dismount ISO images -Write-Host "$(Get-TS): Dismounting ISO images" +Write-Output "$(Get-TS): Dismounting ISO images" Dismount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Out-Null Dismount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Out-Null -Write-Host "$(Get-TS): Media refresh completed!" +Write-Output "$(Get-TS): Media refresh completed!" ``` From a6cde646c77197f683b8eb2d8c8db66497654534 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Tue, 29 Sep 2020 17:22:15 -0400 Subject: [PATCH 27/84] syncing custom-detection-rules with mtp --- .../custom-detection-rules.md | 37 +++++++++++++++---- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 947c8c38b5..831853657b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -40,13 +40,19 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an >[!IMPORTANT] >To prevent the service from returning too many alerts, each rule is limited to generating only 100 alerts whenever it runs. Before creating a rule, tweak your query to avoid alerting for normal, day-to-day activity. - ### Required columns in the query results -To use a query for a custom detection rule, the query must return the `Timestamp`, `DeviceId`, and `ReportId` columns in the results. Simple queries, such as those that don't use the `project` or `summarize` operator to customize or aggregate results, typically return these common columns. -There are various ways to ensure more complex queries return these columns. For example, if you prefer to aggregate and count by `DeviceId`, you can still return `Timestamp` and `ReportId` by getting them from the most recent event involving each device. +To use a query for a custom detection rule, the query must return the following columns: -The sample query below counts the number of unique devices (`DeviceId`) with antivirus detections and uses this count to find only the devices with more than five detections. To return the latest `Timestamp` and the corresponding `ReportId`, it uses the `summarize` operator with the `arg_max` function. +- `Timestamp` +- `DeviceId` +- `ReportId` + +Simple queries, such as those that don't use the `project` or `summarize` operator to customize or aggregate results, typically return these common columns. + +There are various ways to ensure more complex queries return these columns. For example, if you prefer to aggregate and count by `DeviceId`, you can still return `Timestamp` and `ReportId` by getting them from the most recent event involving each device. + +The sample query below counts the number of unique devices (`DeviceId`) with antivirus detections and uses this to find only those devices with more than five detections. To return the latest `Timestamp` and the corresponding `ReportId`, it uses the `summarize` operator with the `arg_max` function. ```kusto DeviceEvents @@ -56,6 +62,9 @@ DeviceEvents | where count_ > 5 ``` +> [!TIP] +> For better query performance, set a time filter that matches your intended run frequency for the rule. Since the least frequent run is every 24 hours, filtering for the past day will cover all new data. + ## 3. Create new rule and provide alert details With the query in the query editor, select **Create detection rule** and specify the following alert details: @@ -67,12 +76,13 @@ With the query in the query editor, select **Create detection rule** and specify - **Category**—type of threat component or activity, if any. [Read about alert categories](alerts-queue.md#understanding-alert-categories) - **MITRE ATT&CK techniques**—one or more attack techniques identified by the rule as documented in the MITRE ATT&CK framework. This section is not available with certain alert categories, such as malware, ransomware, suspicious activity, and unwanted software - **Description**—more information about the component or activity identified by the rule -- **Recommended actions**—additional actions that responders might take in response to an alert +- **Recommended actions**—additional actions that responders might take in response to an alert For more information about how alert details are displayed, [read about the alert queue](alerts-queue.md). ### Rule frequency -When saved, a new or edited custom detection rule immediately runs and checks for matches from the past 30 days of data. The rule then runs again at fixed intervals and lookback durations based on the frequency you choose: + +When saved, a new custom detection rule immediately runs and checks for matches from the past 30 days of data. The rule then runs again at fixed intervals and lookback durations based on the frequency you choose: - **Every 24 hours**—runs every 24 hours, checking data from the past 30 days - **Every 12 hours**—runs every 12 hours, checking data from the past 24 hours @@ -81,22 +91,34 @@ When saved, a new or edited custom detection rule immediately runs and checks fo Select the frequency that matches how closely you want to monitor detections, and consider your organization's capacity to respond to the alerts. +### Choose the impacted entities + +Identify the columns in your query results where you expect to find the main affected or impacted entity. For example, a query might return both device and user IDs. Identifying which of these columns represent the main impacted entity helps the service aggregate relevant alerts, correlate incidents, and target response actions. + +You can select only one column for each entity type. Columns that are not returned by your query can't be selected. + ## 4. Specify actions on files or devices + Your custom detection rule can automatically take actions on files or devices that are returned by the query. ### Actions on devices + These actions are applied to devices in the `DeviceId` column of the query results: + - **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network) - **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices) - **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device - **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device ### Actions on files + These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1` column of the query results: + - **Allow/Block**—automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule. - **Quarantine file**—deletes the file from its current location and places a copy in quarantine ## 5. Set the rule scope + Set the scope to specify which devices are covered by the rule: - All devices @@ -105,10 +127,11 @@ Set the scope to specify which devices are covered by the rule: Only data from devices in scope will be queried. Also, actions will be taken only on those devices. ## 6. Review and turn on the rule + After reviewing the rule, select **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions. - ## Related topics + - [View and manage detection rules](custom-detections-manage.md) - [Custom detections overview](overview-custom-detections.md) - [Advanced hunting overview](advanced-hunting-overview.md) From 893db2910c80f7fb96dfd3aa1212a92b590002db Mon Sep 17 00:00:00 2001 From: skycommand Date: Sun, 4 Oct 2020 09:33:10 +0330 Subject: [PATCH 28/84] Update windows/deployment/update/media-dynamic-update.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/media-dynamic-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 2c0a78e280..ea81420b8b 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -93,7 +93,7 @@ Optional Components, along with the .NET feature, can be installed offline, howe ## Windows PowerShell scripts to apply Dynamic Updates to an existing image -These examples are for illustration only, and therefore lack error handling. The script assumes that the following packages is stored locally in this folder structure: +These examples are for illustration only, and therefore lack error handling. The script assumes that the following packages are stored locally in this folder structure: |Folder |Description | |---------|---------| From 2f41d16e9ec21eccfce9b0e834da8d36f539fd7a Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Tue, 6 Oct 2020 13:10:20 -0400 Subject: [PATCH 29/84] updated custom detection rules page --- .../custom-detection-rules.md | 26 +++++++++++-------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 831853657b..1445c0ac2c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -27,13 +27,12 @@ ms.date: 09/20/2020 Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. -Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md). +Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md). -## 1. Check required permissions +> [!NOTE] +> To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. -To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. - -## 2. Prepare the query +## 1. Prepare the query. In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using a new query, run the query to identify errors and understand possible results. @@ -65,7 +64,7 @@ DeviceEvents > [!TIP] > For better query performance, set a time filter that matches your intended run frequency for the rule. Since the least frequent run is every 24 hours, filtering for the past day will cover all new data. -## 3. Create new rule and provide alert details +## 2. Create a new rule and provide alert details. With the query in the query editor, select **Create detection rule** and specify the following alert details: @@ -89,15 +88,18 @@ When saved, a new custom detection rule immediately runs and checks for matches - **Every 3 hours**—runs every 3 hours, checking data from the past 6 hours - **Every hour**—runs hourly, checking data from the past 2 hours +> [!TIP] +> Match the time filters in your query with the lookback duration. Results outside of the lookback duration are ignored. + Select the frequency that matches how closely you want to monitor detections, and consider your organization's capacity to respond to the alerts. -### Choose the impacted entities +## 3. Choose the impacted entities. Identify the columns in your query results where you expect to find the main affected or impacted entity. For example, a query might return both device and user IDs. Identifying which of these columns represent the main impacted entity helps the service aggregate relevant alerts, correlate incidents, and target response actions. You can select only one column for each entity type. Columns that are not returned by your query can't be selected. -## 4. Specify actions on files or devices +## 4. Specify actions. Your custom detection rule can automatically take actions on files or devices that are returned by the query. @@ -117,7 +119,7 @@ These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1` - **Allow/Block**—automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule. - **Quarantine file**—deletes the file from its current location and places a copy in quarantine -## 5. Set the rule scope +## 5. Set the rule scope. Set the scope to specify which devices are covered by the rule: @@ -126,13 +128,15 @@ Set the scope to specify which devices are covered by the rule: Only data from devices in scope will be queried. Also, actions will be taken only on those devices. -## 6. Review and turn on the rule +## 6. Review and turn on the rule. After reviewing the rule, select **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions. +You can [view and manage custom detection rules](custom-detections-manage.md), check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. + ## Related topics -- [View and manage detection rules](custom-detections-manage.md) +- [View and manage custom detection rules](custom-detections-manage.md) - [Custom detections overview](overview-custom-detections.md) - [Advanced hunting overview](advanced-hunting-overview.md) - [Learn the advanced hunting query language](advanced-hunting-query-language.md) From 46cb950e6744304c0f1049f0a8f0b12a6894ec1b Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 7 Oct 2020 14:09:46 -0400 Subject: [PATCH 30/84] added go hunt page --- .../advanced-hunting-go-hunt.md | 107 ++++++++++++++++++ .../images/go-hunt-device.png | Bin 0 -> 45129 bytes .../images/go-hunt-event.png | Bin 0 -> 85534 bytes .../images/go-hunt-evidence-url.png | Bin 0 -> 66806 bytes 4 files changed, 107 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-device.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-event.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-evidence-url.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md new file mode 100644 index 0000000000..5b0d61b4d3 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md @@ -0,0 +1,107 @@ +--- +title: Get relevant info about an entity with go hunt +description: Learn how to use the "go hunt" tool to quickly query for relevant information about an entity or event using advanced hunting. +keywords: advanced hunting, incident, pivot, entity, go hunt, relevant events, threat hunting, cyber threat hunting, search, query, telemetry, Microsoft Threat Protection +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: +- NOCSH +ms.author: v-maave +author: martyav +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Quickly hunt for entity or event information with go hunt + +[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)] + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +With the *go hunt* action, you can quickly investigate events and various entity types using powerful query-based [advanced hunting](advanced-hunting-overview.md) capabilities. This action automatically runs an advanced hunting query to find relevant information about the selected event or entity. + +The *go hunt* action is available in various sections of the security center whenever event or entity details are displayed. For example, you can use *go hunt* from the following sections: + +- In the [incident page](investigate-incidents.md#incident-overview), you can review details about users, devices, and many other entities associated with an incident. When you select an entity, you get additional information as well as various actions you could take on that entity. In the example below, a device is selected, showing details about the device as well the option to hunt for more information about the device. + + ![Image showing device details with the go hunt option](./images/go-hunt-device.png) + +- In the incident page, you can also access a list of entities under the evidence tab. Selecting one of those entities provides an option to quickly hunt for information about that entity. + + ![Image showing selected url with the go hunt option in the Evidence tab](./images/go-hunt-evidence-url.png) + +- When viewing the timeline for a device, you can select an event in the timeline to view additional information about that event. Once an event is selected, you get the option to hunt for other relevant events in advanced hunting. + + ![Image showing event details with the go hunt option](./images/go-hunt-event.png) + +Selecting **Go hunt** or **Hunt for related events** passes different queries, depending on whether you've selected an entity or an event. + +## Query for entity information + +When using *go hunt* to query for information about a user, device, or any other type of entity, the query checks all relevant schema tables for any events involving that entity. To keep the results manageable, the query is scoped to around the same time period as the earliest activity in the past 30 days that involves the entity and is associated with the incident. + +Here is an example of the go hunt query for a device: + +```kusto +let selectedTimestamp = datetime(2020-06-02T02:06:47.1167157Z); +let deviceName = "fv-az770.example.com"; +let deviceId = "device-guid"; +search in (DeviceLogonEvents, DeviceProcessEvents, DeviceNetworkEvents, DeviceFileEvents, DeviceRegistryEvents, DeviceImageLoadEvents, DeviceEvents, DeviceImageLoadEvents, IdentityLogonEvents, IdentityQueryEvents) +Timestamp between ((selectedTimestamp - 1h) .. (selectedTimestamp + 1h)) +and DeviceName == deviceName +// or RemoteDeviceName == deviceName +// or DeviceId == deviceId +| take 100 +``` + +### Supported entity types + +You can use *go hunt* after selecting any of these entity types: + +- Files +- Users +- Devices +- IP addresses +- URLs + +## Query for event information + +When using *go hunt* to query for information about a timeline event, the query checks all relevant schema tables for other events around the time of the selected event. For example, the following query lists events in various schema tables that occured around the same time period on the same device: + +```kusto +// List relevant events 30 minutes before and after selected RegistryValueSet event +let selectedEventTimestamp = datetime(2020-10-06T21:40:25.3466868Z); +search in (DeviceFileEvents, DeviceProcessEvents, DeviceEvents, DeviceRegistryEvents, DeviceNetworkEvents, DeviceImageLoadEvents, DeviceLogonEvents, ResponseEvents) + Timestamp between ((selectedEventTimestamp - 30m) .. (selectedEventTimestamp + 30m)) + and DeviceId == "a305b52049c4658ec63ae8b55becfe5954c654a4" +| sort by Timestamp desc +| extend Relevance = iff(Timestamp == selectedEventTimestamp, "Selected event", iff(Timestamp < selectedEventTimestamp, "Earlier event", "Later event")) +| project-reorder Relevance +``` + +## Adjust the query + +With some knowledge of the [query language](advanced-hunting-query-language.md), you can adjust the query to your preference. For example, you can adjust this line, which determines the size of the time window: + +```kusto +Timestamp between ((selectedTimestamp - 1h) .. (selectedTimestamp + 1h)) +``` + +In addition to modifying the query to get more relevant results, you can also: + +- [View the results as charts](advanced-hunting-query-results.md#view-query-results-as-a-table-or-chart) +- [Create a custom detection rule](custom-detection-rules.md) + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Work with query results](advanced-hunting-query-results.md) +- [Custom detection rules](custom-detection-rules.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-device.png b/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-device.png new file mode 100644 index 0000000000000000000000000000000000000000..71d8f65d88bcf6095811d75e6e9a03cf025ee05c GIT binary patch literal 45129 zcmeFZcUY6zw>E4+6cHJfq9CB6pi%_^>0qHskt!{y2%#e-v;YwiQRzyD(0dCIdI=&5 z0wHul=!hhQ0HGxTLg34s-;6WojNhF1zxSW_;v!dglD+p@_bPimd)*K3^mWx)PI8?* zbm$O^rpA4PLx&i#hYlTne}a*IWi6fJLjS|n;od!c2OFD1hpxwhV&%1us<_+H0t$z)s-9 zp1czAM3KLIra!Hf*f$WT)g$UpBiS^f=ujfnB%Y3!(IAXWr*0Nr-@*ihI7&M+) zgMWAaM0^i@{_NuC;(~;-XF2bC(`=Y1Og^eEzJg(fK=)%Cz#)6q)!vSij_Y~`~sZ<+% z>JO@$qJHbqJeQdRxeeOjt^2%l+4}1+4c#2RY&X;D)uZ-PFX27!?Uq092zV)sHRc>> zoJpR0$OzEOvgI9j&2+!@t+*N0rFa#+@UHx+8=t=|gfJ+Rn+%*?j-8078-VGBhMDJ~ zL#$7K|2csAZU57`xp%Qloo;^J9MEKBuC@3q0PlEgefpCk} zW_2fh!4E|NcTzn2WDmIHycU(es~kGa@Y}z<1Rr6)4)o-cc&-u5aTj~y(#u0f{@aU+ zCi^xnBQ3*^ypNHp3IlzuQ_TOw=+e6*l?ipHG8BO&51xp=gWh}ebI4(4`Z7NV&p@%>#To!?c0TNkqbQ>C-PYc05Jn!JLqsg|$3z@J~x&t^D*j4xcxz4hn9KTV@Q z%y4CehqElI@|DMfGOOX^KOwl}PG9F;sypMKv-|}0l78lqN^*)&|EsQxKfj)-a_j_> z{kmB4U*P}rfPrI^7d&E*xRZs6ggaM$&cgCp?ljEv^e|>hBF3qhgzi^kU%=OwvZ#cR4H`nq+bD)VomJBcc zTwX<#K5XG^)X+Z%{#5jLOKIGH`N{H%dG3RMn(gl+FC`vfzzn%{v^ah zNNMMB>j61c$sE!ADa7;G0E@iO>f6+^jN8)Zj(ED?(EJJhPviVuwwS_~EZt>hEm|b* z+rtRzN`d)t9;4+~p2`P%a9%EXHRZjvz+vnJ+Lt|bIf1Oc=hTm<3f~j zR;7V~L7Jzbp<%eyi*mc(l*WxEK#H8L$CueOmTt`dGM^^f6TOD3&kWiAuoK%`mE6oU z3w`%fC?0?NmA7rOZu+SFbE2S{@r&bPZ*V3niZt`o4e}jEMDYJYeEnsnV=t+ zzaW#eYws-l+~PtkH$~!y`KXM0oxT_Wo<;Rz7?IYy_AX)g~SLbd-y8>$J?ZXEIng#;96+Ta{1 z=?_Hv>*e60Rr&Q366n|jfuJD-of)eF1?W_=b3#3i@^4YjStX>7BV2Pd#h`pI0ma{?S$wlGn z-WqCUHK%#@B9uq5v8f z@<6SIZmD7r^=v$C!FXo^HGXPz&1!a~ZiYPa zMJE-p8DDNvW{w#Ay&ymg@_6;PAqH1=sBYGHvYzI8yekd`MGQg%Ho6dliW_U~h{2I^ zs|nM_dro{yLQ}i2sj`dD1eN!<=K~k&JVvyv@%|J{!n8- z@<uPB}x`*bXuS zSJVtvu>_Cr*UYQyTo}+R8`Sj#$nR9chd0N;Y)PCSnsP3^@&plv`-+in{(<<7nD@3~ zHfCy_y#5un4+_cj45dKr3td&j1&SCb`@<&?Pm9LS3;NWi1+Mgj&fm41x*Z(2URCC~ zACQXh^{Ewg1|@g~{n(G1IzDG3&=2u({OS|S*6bG=#X{{K1u>5d7I~i2iLNr5LGhUq zustZx@?#bz2WN(Ah9s3dYu(}4D8$zW#&Lj>(JGKKN$7T=zSBu9xtA!kHJr^pPAJOf z$>`GoYbZ8(odR(7>dNUr!CNd1342@GSGzQDw(|9Xl*EKoTkYeP;LvefQaqUNybJ+E zWB=g3IQ=%HKtu{XrZ$Cc4b$~TqHdwLO3ZM3d8P%C22G_-Fi;q;ztoTY7)jVz&Sh`^ zR&4DlFp=x|IAJ>6`Jh@Jma_`oc@v#_H{YanKTec5EPY3pF(UmOHcm2CC3yx^HA<#E&8s_s7>mcL5%Gh;c(59@r}9LuI!;s5zyVLs71|fXpP@ zt|xzbI5I~KKhc-yxD{bK@?)}RB=2jbK;lWc-B0g#!Dw{jezs7xx6gZ2)0U$Y%vAe; zy2he-@V%fa`m@uIr_KwMs)WuA|Hf&v?R5C$lSPk&XqzOHT zwJ`?|^}$tWs+7DV1m~=~yDQ`6S7%X!5njjhg7?RYr1%h}PNMtzb$Ut9$c@^)GGWSf z2YLrSUx&=0yoK)hH=HodVbwNnW{MKIO&5%1qgm~g3vqU0?z|hO$Zs$9QAiDRg^<{g zwv!B4cPxk4YMxW+vo$E_MC>oz=ak)X0W@g%L}&1RaL1-knYUtjSQZ=Z%0#DT_2|M< z-CQEl2K2bVRE@w3=FBb=RRGD=R%0i`GG`49a^MQ9R5eew%~u|TDw!-4JCdnATnhVN zpB%axIONE(I%PV-fi&1OkKd@#d6xuv`fAKH^-0hok85=8UWIDO0VgfwSnx@pBfdJT zv3E#RUKaq_1<*)TNOtWFgXAWke8N;>fzv`5k+9!&4ph~bm8N0QtA6e_c(}~}33=ja zaG~P(la4X-b4i6i6 zINh)9+1HyNr=b;K-Xw>k<1yi#|B+8WadVXiD+;fvuZBQQeL4Ne#7>Jdl z<6NV7aF&HfQqxLLS)n-F%G`bVTUWP+EI<+vq)PJ#WSf-9EuwB2-gYqpx|~4Odcw!@ z!d#n-l`s0f!6L9a2T5uGv`Go4QvNYM+IfTYR&S%h8~LaL=x<3b-Y;4@@_Ea8O;a3= zi!)&fEz1n2%6X*$J^=L4UNbZ~YvU!r->-R3IVw^qX~Pq18JUxc|H6L+9ORb>-x9U) z`*A_U2wh!rDZ02wq}u+gR^)1G3!epzEVFcO6Ru|>Y+~*>+XmjVNzH$lbcQUh_+oS^ zRI=L3${#80tPfJjXw%g%f4CFkg^t5*4ZPQ@p6vpI^min>CqI^l5z{jl8*&{JiZ+{X z$uRa*f{`NbuS7xL1w>o}@FO5V)=SNPuaZsd!4)h%Wka7_?>q#~otC7*_da6ec2ZM}gJSR-@M zb77B@O>7IV*qH!UkIJ;PFUQXy%H-cDull)dBKB)|lVf-;qJnJ0ID`X)raztZYq5_2 zDcgLphF_`coCFP;I&>rR+$A)fFRG!0#r%F)x9$#I`R7qEy_#`9r{VZS7dz*AFd@d0 z9B5MV$dd>1ZGV^4L`)0YBab2G6kE2iGLHTOER70fs(14V9Af=~cu28DtA%GkF+$ZG zSmSb$i>zf$sRhs$kAqgGENX7Xk>ZTi3M~5{g)QloS<+f7g?9AX@aavnj-mN3szP_THa$vy`!2q&^L2M z>-g^Y0j2oU#)+aXp4A6yLt>*-G;s0s)8oaZWc-ZbdE#q zS9{2h4>}B7HU|3M)ks-++9A%Kx>#^=_%Wr=7sYf4QoVOnrxC|!EagJ+ygK+sO02bz z)Mi%BK4SCjY5|fm4ansMPF(2SkNye=GKN4$!Tnz_x_}<#$N8#?6AZ8cl3R1B)ES^3 za4BgNE!VbQ$Dz!AN_v9Jd3Skpb`T!qXvEghnBl*xV?*=_W>qM?E!`IyF=MQqcw-bQ zRq1}dLCvp+|6q3n#`(*m!uN?P28mUrCUwE5yKa>fzar~l)F(y*2?}o&J_XR$Fa_9P z;02KK=54)0pZS)7P9`Z~EyqjDzSuGd;bZO@BK;#Uet}fHA;UcJG&>X0?h<@jD^I7M3kepNIhOU8Safwzdz3#DN4r) zbJy7yam{nev1T9bF{>ToX12clRGXW@K2y4kON$tgg!B0DQB{h>Euo@r%qnc=Yc#Y8 zawh<#f}UPFM0I%#2}3)qq^P{;;T6J87uaEiaFsf#(#hhQJo4F_L1}hm4d;=}gpZGU zcon^V@H5v;@0eD5bl+*ipR4LH8Znnb?wg1$g_RcXHQ0p8Nh{xa_H~jBOrc%kRFZu# z1QhLmHGwLo=MuSxZ~4@l71$_=Cq7Za1qd>s-ct9N4`=$1&r6Vgc!o}6V5tz4}u4;rjl0%^b4 zGbs*=^S8p7!BVdQ%CNOCIK=dAoavQ$adWGU1bW$9!Y4HN^M>=UgN+kx%E7se*zP!? z0?3Z|?gB1Dr`WOBYJy?ltb#Yq_2`LsuP2e841Ct3W*~LZ#S~MD#V-CaoMMriv!R;B zN~6{Cn_#F$4w>tH3JwVhdoZk`qHZ|y>?@LPD>-!N%Wj#)jS&UQ+PT>8?!)?1F)z(7@OZz5;yIKgs}`&64!SYa zbj&&qI&q;PVZ>`|AnZrh;R&g|?sD^(8cwSnnt>7ATxvwVJb1MAAYXc=;xguy^0fa( z>k{8&NJ+CJkGWxuBYG&P6^0JW_{!@JfJ5SIJh`UYk#~hs0|n(O>@LlkZL2@90!^%# zPx!V_EsK`BDfJ_SkNxJc2oKNK;KUoII_e`u`5@T@T{0G+8n4J_bi+cL;@0`qt+dmm z+`3LzIqry zO)>lKHXvV@=CbSE?#*-Nq6LJo*>^-$4eZP3(OF_P6z)2d8*Jq{6(j@UF5DIbJl)ye zMHr_zj(+cwQ|R^xRu0-K1@xTk<^h?o>a@1HJ+X@pG9q#ah;tT*HV_im9zuo<4LN1u z&%5K4wLV%0-Hn9X$)YZd2)RBHMIBYLAii=vmHmWXFLFhtEa5*76oCsu= z>A=smix4~Oc7CqiR1CM1!?dqU(yGIhoef)k$gwCZ3u(dXfLzX-lk$=_sR%RTo7nEc zv_4zezZ_&iCs{@5F{> zcxe2xGWTaV8xFkMwNUt`)7~1c@qHs2ebw^W)UJA}=Q6^O+~&0yo4gL44ixk<>sB#K z-u1QpZo5-7+4^u+jMpP?DXc{O08IM!O{utoUiA5ifQ#-c+txdr6ur)QeXic5tT!DT zJl`&pa0l+TERg_APv?TCEc8BP>k|c}>}*ZgbxKHb+xIvsZj8OUpOVDC!phg2*Eht! zQpq7SQI;Y%$K*luiBDwpHK6P)V0dU%_B z_OlIIuuy z2_6b_NaowFyPGM>gy|<4wyT)(jFm9MyhiOZGY4s{TI8g>6i4kQeqaP+wb_+O|GTrJPoj+*J*{Fxj*ELdxN6 zV_ngV!H171VZjy%*|N=t6FHKIO?M7x3ZK(ejesgKsWf7$& z%@=MW%Aa)1GfF~`gFbpn5)aDu6^%whB-tfM`4}-LEP~}-`BT4;@>S53^A)M2a3lR8@2d<`|x^%Rcl z2R&|W)>Jj{mPSJjlN)gIQ(me)rNs%4A{>8+ne%#Tf0@*9(ub)J?{)y>@QeI4dJT|j zzjmMQ(_f88gC8YK#NRB;GczE+lM$3}%bLPx;CI8v8Jygxy+JCU5D9^C1F|^l%+B8F z_q7pIcau&?z8HcBT$9fqNnbt>DB~)}8zUH`2&- zS?jj8X|3~K?+xc*dOx}t=Ft=Pj^e(iBHc<`b(4y?X-rcr&|Ke9C{P1Y_&-;sZuTj6 zS*m~I6nXcbZs&FJ!w};1F_VDmh!O(%_?x8|4?LHzpCAb@bC;Q;HQ$s&At#GgK2Uld z9(!}dvD{)ey&waPC=5pti`|FP-BC?7rlu^=h6lJBrWvvFT2}--@n&l0K^>?`zb?vG z1C~^kuPkwwr_Z5G-P(+YEG~a5B5oYyRqt1^Ll3y6IUtsRSMQXS)He}6Us7GYd3z() z!Q8n!RdMCAmCvT)xJ65)T(y!?a(%X7ZZnZrOxC$#It$E4Dmh-?N=` zvgK8kXE(U@^=R?KhW6fj+iCOIOf_7QHo?B;ExPJ?>*~zpo8D1Km4=M9d#tWYP`0k~ zuA7x#C%;*+tj$cF8}g7|yNT7X=y!k%J7|ZcC5`pOYrdLPP(OaBbUT2YLgq?21_ zJG?rs+L-C?!pC#=gq#`}u9eF&!d=_Hu)-fow25BPh%X%}gua;>5Wxm!de293VGgd$ zAe6*UUhTr;K!d8Xt3}?(scgg3sPuREf;GAaOUV+1A2dp)_ao{WJ9cJYTX|!MfujE4 z4gTmcb8SxKD8;VBE<%(`=5Ct=IV1I!Cf3YsrdcC$Od~-2_lW;DMF6 z^5lgFu9!Zyx>xXU&`*%(V-3*2589vIgxUm^M?0!%Jfn!GO8Z3Z0>*V~N`ThtH%6QY zX}YFP&rLF`@8&gfNw!B6%^N}+<7Z%vjaxiL6HOWHHM7kWZQs$k`Ho%7Y;~lRpUP^A z^>yHmRN{{BCrt-I{H*y%NO0N)HE(hIqd9*1hUe{E9Ol+h1>0_8bWBlSVFrG}{6_Gs z6RACF06Jf=G$@&UOoH+#@i41n$LptZE8B8r=zFs%#h!bbjimHPa{NCU-z(bD>PF(8 zF3I~YSw`}Cg}~RPoc1P~%Mng#j9<@B#2(k3RT4i4?c|?6zI*xtEIFEG134}lH-{_f zFD?Qm+lHzayDzDt&U?Zr!HO2xD}_lE>UdjchTAmQjg{=9MKZE-C(!)8eD#1PX3hMu z?&n2d^a{d6(E@}o;_vl6-3+n1>QgxsH{My&d!bWqb)+|ruleaCo1OzHgeNesRa5|KiAh$h7y~oVrne_S=QvE0=z6=!5XXdcmRBj`RSqc79*4 z^s^QJ&Sr`e52m;FSDv+`)mS<-A#83p1H;dbs-^r{IA626G$;|U+P6G2O_Y?BghHAi z#3?7TvWzkuG69Q-IECv8Y6bT3;=sfiGF1|FC#PQ{QN&`YWO=1^H+3E|8;k*4cXn?V z^zM6yDs9Ew3m9>mkZyvx@3n6M_U;RW&g2P;HEut%-U-}T??enPPz(}U5B5`G9?|ls z8ArX0GAn{mYZO#&M+@h3L*F_%_QZdMcktcc&PzK#7F9ZBeS$qt<0t3h7qL%ol)i6L ziM8sks&6-d{4d{ZrZZj6v;L}_``fjvs&q!r*_a!@>Sg_{EgS6d+a-N2hT{C%{%m$3 z?R$m}{PY&EK9Zr>aU1!S3xIUg0sWHf^DXj_B-SIRL-ucL{wyp1cJ1o*PZ13aZ5qFD zgE*7m>S~U>VmzJmOy8D~$cNVW?nE)7(3F{j17eV!bYGn>(CZQG3h6)8pG){7bgGz~ z?6F^U{r_4!PVIN9SS8v)^53aZgTGV7plL^bsoqc4lU5F$*)cdqsJ`%Pv;Dz;qRU37 zis|YG|4sG3MEdzI?-AW94$GkNh+jm-U(CH2FS-hvf(0u7>IuPv*XdNT+hjSH|Ai{n zNLL~Eqv550$HRf`x+xd8PUx}W$OheQ1H{&n-Q3$DI-e(rKDZlR{7Wu!h zvu@Jid9S6X&-(8gouxC!{@-+ei%+`KUH?DEPQUzqT~x0khz51sgvgOhv`=mi)^Pi3od{!U^nVFUcKdfRQaQvT6 zq<{8zTK#K4F3X?JukwN6gOnj^BJJ~aNzF92KNB_mW0kHmV{r9W7G6t_@q60z;0Zo* zmd;RAsdyg#Pf7kOY~nbArwsG$(SZ~PV!lpZURU)wIw;@b={{{)>3;U7I4UZc|&f`~qIJLiFX;WAxkcFn7Zmy+siqNWTdxpy_(7u=jJPAKUzoqg_KiP%*SQai- z4GH5T<7#!tV+}T8qWD2G7-Hi+k!x&|wv|OZwJG~F_tyEY%NgM!)ysPTp@y<2fX-H^ zi0Rz0A?VXGX56L2DjSZSq;@I#L`RGEm8Zs557 z<0uD6zgQwwpnYp6nWGZG{|{1+#SNT=2%@weg{17t!AgzxY|&j zx|*_8wUM5BuoUogw+K{{zWc1xdYn9UlBJPs0A1cP^t2kAmkx|Y^gK@}${SiWD2bAB z(pIV-fvjvKcr;0(8trYStGepoM@cv8!6hw>O{Y)q35qqS&(dt@Y&~;n5nTHr@KhaM zS|dY_@;ZBnFDT+jAcsF6+~pl*^*l_h)NpRgc-dsaf5ADU1&3R%>qndpRNM=~BdpoB zq-G2BJW~bgY%bR=nB7yh5i!}J9NTz!sn&ESzt)$i2KB^VwzIW}U4v+^n9%=44 z_`0b#ph>|0I-%J?k{7*z8|`(Gyz?jf^@DJK9WiqE`ByD^s?0z`aOhYb?pN5jcC)o$m!MKkAqts=;(J8>}8V z_%@4Xq`aV~s89-PB=Kf#DKM5w?C%;ATE`3dWD10~(9l;-z1H$dBbkSzOEzCl3}<#L znTz{X*BZMOg9UU373-|ZXZGvvA7#|-7ma@uo=)@H2yz0=t(pN6@;LoajDX*@)p=A zo%JE!=%zRYxZc+OWt=Ug5rMT;oUEW!J&;tt4q)XlvHp=4PX+|_ZNs*b3Ic;?E!0D& zr>=3|UUD036s@%eA3vHfA?4NuGyh;)`+WL*?-IIary{zA@%?8-&-)4XI=S5Dm1g-ujD<#Ct}L6P#dnxnXO^=H&69~DpRLyw~ks6n|k_Xsylh5*kS=g4f?fX(Pd}(*C5QMoS8awx9 z2(srMGq*NDs4M;>ZV*@TvK7-Z>P;aHV`CXsBIhZ<_>5pdSl=ghL2GqSaG<%`2g7g3hz@yOp#t9R*m@%u*{XER8 zkKxMEw|U!5pKnNaH~LxoSTkEYN(|O}_JI;lkVg3j@@`J$@wD{FH@Z+pW%huvs2;-t zKf4~=Br_L_ROwz)X+tAusnC61z<(~3^ObQG9Jego$ShiaNnHxEx2{fFb`Krm^A?W2 zpeUErff%J#X+zQGxzIe;X^8TVfI6{B_h(kkHkbEO+=);5g4TjRX7r*HfQj!wJq?-d zJLauHf$4W->9wy`m`WA{wm6@+$Pqg17PBD}DTk8&HxU`Uq+w z(pzvprO>b4WuOXUKeOFuDzSR9U`hUPQ|@leL*vN9T-Ap%1j6?t||HVCP244(@ymSKJ>g z8B!~<8h1eTO@JB=h~;{$ap{%XeNhM<5nZQr;~<~1ajrW;TVv%uGk~)BK3zjnDQB?> z%oW?wp#ElmTk;;&MDx*3DW8-xsGNxtl5?#GvC(Px#bBY?REi08F|yj(aDr;Z+R%9p30)8LcM6wL`r76tZ=f>81E<`^;|5r?nTPgVFW4CeP7S>u`}EF>bpNry zNRyYNuk~xum9ei8uh;l@x8F;-PFXewF0A1CJ#0jB8dbwNTn&3TFbDWLIA2ch=~E1k zfsBdGry*`9TG6G}tvaA61qnjuSHg70W{c3qHgYG3dlwwp!sUV?-$zLLBgdYk&v!<9+7U2$r&d1rOlKl(qIEu4 z*i~=I>#4y+q(NQ{h_|=m?QM(-Qb5ms6+Ge<*@z-eAG2F5%puEx7@@) z5^gEl!-G2%I-4!!lKx^Ttc<|1^syAJPEqXgs}G=_mBp`AnNA-M@+Lp7F*ypKo?Nc7 zpSb-Mek!Mz@UpaOW#hewd3wo0c%m=wmE*j3)KUi?ZM_-x7BOp9A{=%wu5ku^;1GFN zyPO+XA5{5cy{IY3?i;|(S~TE+2r=DeZ~3ghdXnC@m~`Ot#JGzeN$_HU^S?b#msn%| zVo;;7@$#)OH)2N%6s@I`Bpgtima4k+h_pqL;XaFk*+cao)toLbwXz8Eer0DZoSMb$ z$_?Aa&EzI>i0BubyXi2jBjdD_0NKi59>)`ToJgzc!Tpn~Wf^#AbWp!6RO}>U=VUFd zh2S*hrRmdBZ&&AfUJ2j{)EjjOGnMMG9H&jIIj(IVa|CbF{2lfU<+3*P8e95Q0^JgZ zEZ6rKBK>z=pfhd}0I3BZW!j0AJw@E9I%Gr{R$1L*WV>GNjBM*;ay7j}8lt;8ta{uw z@48|6o1L$%Z$=@TE(1%i7#!zYOpmSV_{g_~ronxiRq3@0zEIjGy{}O%9gQ}_VLojy z2K$th;H1EzV|l04Q&XSP$ia%dlX=!H#vtI;2JQVRCjlP6#MhDDL}rFB88Vw`PWIJi z=3*XeSM_nr1phpE#B;JoNN`F7ky5w{qGXB(d-(X7arYM9dNr{DB|Eo(3a<=!@dO(n#e?@uHkM}ure1>)ZxN?PZ3ksQ z*`hg)oozjY;!tF_m=a}w1v?Z!o%w7zRcDdvVk}}+r8Gv24dSe#E$x>-p8>B>>tuX! zG^-nHO#}58sZDCINAFS6)J{y!YJ=kNtUf-nNT`N{=5g%b`ko{?tNZS{-Je{5C|J-- z@BQ6yPuF>&zDHU|D33qq@RXz>z@J{om z$XDBRQi(#aMssFP#{Iq@QDK^fmDMZ!OL>d$~^3>RxaeuO6t3Dgk718!n~Hk8 zvd77>Ub+V?{igroAx7+WwVnd z?HI4`IH>>Vrlj+fD@u$0yvn#ryiAhK=7wmK-+gm+II$k|pfY{6j| zyJFwbql1sNTQSEeJ-tWu(Br$7Q%x2cmta9uR|L7bTe{3KXvh9y4F&_}-Rl{{uuWeZ zoRo}KsEVph);sec<=wn8B|FZeAU%0E!hp+XFcSgwS_=-t7f-kiwt=Pb@o1C6)no^` zs=XP1N(j4dp0f4sn;`M0umm7qV$K;SK#;D`P*3r}QJaxGQjuI0z|aaZw17Q~r=-Za zXK`73g_ILt6rWaFw%-i5(X-8ml-lwI@O{wByBW6FefeOdsK!&tWNL>d0AIFb*~FKv z#k^-)6-mo1p+*kH0TCnz1zS#i^9B=@ha^- z#?{Ny)Q838xA?BFtsW%t*lS6l^@>@!xL+QKKbKCPN*rM9o#LNv5i_~$3Z0^s>ZFct zE?w;DB=bn#tY@1!W=dKYR=@7TBC2y8`ec9TqKkEnecNuHHh{$;!(!(9xj1*Hi;bOW zQ`&ujV%_`w_fZ#stC-QY)iS*383!uqG?gi#w7qYeo&%;>6(wp}3-wSupy5(Ix6o-T3(!Mqbno8g2D{yw9R z%Ovs?+z(U&E8*`~y%MSd3_c1>t}x(DbONWA@1f~?8<^7Pj;MoCN-eCANt=F8V^00o z!4SRgFw6L0x%4vk<8be>mmxayLEFL#Yft)WU{t1VjD&O&>on$2h);eT3t|kTL9S?v zMsu`c1Kf^!xvud~`#pGh8*O}N?sdn1l0kCd&R0&y=dVso=Xfl1%j#CbyC!oC^3q_q z#?P8})>oT|?yo%7?P~lwp*;N4(oG}PZ3^t3*7_o76vfbC$t*vFLM2e83GEFm(WjmBo<(b&>F{wKw=6N4o&Vt)L^YjO zPSPo6^7j1wv@M9?uCn7SE+RnJhVK-lDmzD#*=eoXsP8EM!7*d^dfAxq<<2bf%kOu`(1qur02uO!BHPVqu5AQk&jwvn%OH1>)H_z z=IQirbt%VIoW)1LV_|;p7@C%sd1ZToqdqG7kdbG07UQLkuB}>pIGXgsKti$>&n=mg ztwxX&u&>o2jP95Arj$sgqF9Q$n6R9&C*!$_4Z}K8>g_9oR>8H?zBHE+S*n6mk#Scp z3yXIdH6U^a)8^>$x$W|f^GpRmnbSSOJ5a^}8%QmF zfa8|>ksrQ5#BL-4E-K$YfRf*!R-`OL%4yML%_`ti4&YHkbn=sS@6F6f?uP(7yHHHB z&>Z?XjZ9X)FM<>vmPILU-iIrcw#f8uFlc7i0h^a!^mzKNzd*AB_z9WA@Ioy-Is^J%{~)SNsT1 zhsH(}mqWa{hb!7xWG;PYBrned*CJq%;)RK#syQ1HzH{eW?qL>Kn0)#2jJNPayA{_+Up-4- zALF5whjsVqH^(JuvYsYJH-V#t$!3l~6b4g@+U_&QN{rI~-4d`jp@h8A^GI(Km7;xt zkDT%Kd?-d`azy`pmHw}cdA<8HwG6zOIMVl;5b61@|5!nR5~Qg>`J3{ z94&Ww=bfl35Xf6bK^{5@T>f2=`~fBrsfK(sfe1nLS(Lo&5ciX|ApDiXZ;WW*4+T-rJ^ylRXg(K`m6$k{Mok zoFhF>pbDZk;FYZ0_AD*)R3WDW8eI9z5;3B=;AVuxCcw$#Kb^l!FQ&0e$$=WHQxiA0 zAuRB;Ozyq6w}nv9(C0wfeK}>zK}Lz}_=WtMo*m4m2*pVWTAHc3e_5#6cs~l&c(701 z8Zot&g+Rz=17_J0Fxr#Eis~?)MCn7={fT{K?SwpP8R5EGs^t@X*Ug^-mXBKYoAzuu z%nx*{D_t;hk*&0g9Y?$Tf9$<^Jd|trKVFt7SxQmL5*67C$f zqSR@IgiYZtHpxkIdkU0OpGQ+XJ+y3ym?5?aLK$Mgm!`k&vVV* z^K|0d1oF_GM#Tdk-rZJZ{lX)%oo9Txo%5M%%qUJ(7@ljqUGpJvW4u>!eAE3)!BBi( zv`r6}_(qeHR_^U8?URT)&2*Q=@cJn2ZqCsKaerYOu~TgL+V>!Zp^_vSV%>pWNtUZ? zIvJ|#VqFGK1D_kLA4$wPfz{>QOKDP4e3!MO6>{eq=O$JkQVRO;4#lL$Xd#BwF0VMU zIyJYyD*K51t$B{YyrpvvT{A~Em%nKG1uP`3_mID$=945RAuZ+bn^p^hU-)6SN>wjN z5hIUlK;1)cZ2HVUAJH;__1wmQdvZb2_N$I~+%VK&`pdIaam`@P%!~6Jvy<2y9EqqX z?cbRoddy@+jpY?_wTP~$F$n{KTQo0KcB$dm_@ok?o zc|#qcq*cB}YA~~d%FLV9K1isTJ20nfN6gwFgcQmabrrv0D!CIi1`>E3K9#s7>=*QL zbzQF)o^ml>`?W3I1l3-BrDu#Yy#sGsvT303dJD4!xRei35%#rS!TNS9ykV>cj{Mr3 zk14UYegvtke>>HxUbe?-*-`F3GpZx15_IcTO7lKvHj#wGOVm8x*B=m#8HJTdHt+I_ zTMXyes{BVs7mf!Z+rcJt8|8(=YarVzY0S~e+|NX1I5*4cpZWaJQZ&fVJF6<*wR&V_ z$}o9h^P=)-d8eUmvlF{ztczTuox~84IA_6}x$geux^}&Pkc+e?z0Z80*L#VBHQqJ1 zJ|2u7EOAOW`Ll+mvrIdZ;QB>Vf5`aiLN|EfV8*vSDVs2VM2asv{++~vlTKqzavIF6 zCMT9rK8$8u|C}Bp=j}A!S%Xj9eE3@0QZA@7#m2TJ z&u3(C&$|n)ovCS;GMrsL7T}S{18=w(p|rXdl=aqP=$GpntFYY|G&vM*!C$Gx*V@0KPT z+}j#7KHO!i_BnC*%*GtSgg=~FSl8#_{)O^`qR;G!dWoEi4e1iBZsf~$xQlfKlEVq7 zoK0+9vy(*ZsF`hg3HcM$*g)RL+V^r5l_asl{o{ z9mfhtuheC6iLhzgKfD)o^{^GLMRNRNU4!t2t}htgmPsK14|z>Hw5Qdd>(l39=)f4^ zXy4pOs_nJ512f*(WAh?%*L(0a`mZRTGlI|2<>?PN>USN{U8xWBB$@|$ZFP=zqT~R` zme4R4>+Sk|Gj8bjhS4A|&C-A&*LBb&lZ3i!@xCJCxoh0V_{s(KKUFtD6Cd{JR!ela ze#_%2diAKICw$SrJu2F~Ln<1cW0KD$H7o0V9$9l2eYP~thitcb-R`&%mI)(F>lk}c zQr#*~)x$Y4-C{iPV4;7+mse$D!VsK=zjuH1sI@4IV3-e{Va{WqPA_DfQ2M$m$00W1 z^(0*SbjkJkNOdkNie7vmw0K23mEt}=Y`foH;ACj$@O#TUo3jVuZKeXP*B;M@j6)0;8(^L(pnZPgT}i@hcaB7)>H z(#@IcV##*_y!c;~p!+u)Zh=djZ%$d2EV(7A|KJk?cNWUt+nt ztE*{wMfh-{hW0kK5GFjTv2Wze-g%UDRw>jsj=Utwe=Lvx4V-IM-Zdpe6Te>0=n6Bh zz;~(yC5!og4y=;3_@n|fQ=`8)IxM}oo+Dm6cPz9b+5W-kD7dDfzz923@i+}%A=bb4 zVmZ;L{YqO;xJ=!os7cbBL3Kyfvb2rDXCh)lWA2f*?SsqS{UfoeOuAXaE_#EFOd&>? zZ+_;Ui%lh#V|?-*`}vc{g+or@-a+BwV3l6rjG$irt*%$v3Y<|0)n^QkwwSmjBG=`H z9teld23^S}D_13}T7c%b+l*ISCOqSTsY<^x37!xaumqhF-z=`UzA<*V; z)Vh^k1Y^MKb>0E_NE6F~)r{u1x!v@6_0et9M&(V6NTsR8wD zWYo9|t)g<+JGiZzo(PINeHNEE{**6`rX=?9frOPPZR0qClixvZO#Ax;(A_y>-{SZ= z>hUq#*bYwHr)sNjGjB4P(s!V9+T1wK&j_w?`oeD5U(jXDr->bI_r2?oXFT++&@#Nc zXH$$~@oWm;M%1*IZ2Wfv(#+%*;+|a zUCJi9_o-}sKbj~3=SE4dwlQHk2WaBY$1$fk*?ERZZxA2EO}0OC`nV00Yc<>}XPsR) z8ZY$Vu2^I|lr|FRmw7~HFVM`cO7!&~-woWE>kp56oO!Ei&jbtwa0(bt8Nj6>`HgDW zuSa|#MIRsBzD;}DiilhPFjx=*bko#GdI+cVXqaZ$i|zdA`!9d|oQC#uMIOEP0sVjN zm-5{w74QX+DjF7P-TyL5N^WrQ5cc|L;3EkoR!|S)9b_Z?c2cE^S zp8me9zYn$hA{Nbu^(QC)?47zhz^~*&PSXSZ$EYr-{fwk{fBmOCe7{n*3P1n1TYvvk zc^h_hW^ckjbocxf^u)p=-g4|$68`efAOGOlzl~mec>U0SOmF-3Eb-O{{|CZfZg+pZ zrkqXxpFqF80O{xV{X5UUlXdkGfblxbqet`mp7{$e0Q?s9|3LWvOEfG%dgwo}=PxT6 z#RD|d+TVI)r(x;8y%{3Y{BMi9L;W>iZQ^L|{)aq&e={If)_)=4cfS2!vHH1eZ5aNB zXZX6Lw82RB-^E7fD=meDO*`qe{Jr(^Jje#fFW|G<+u?1J=(`J2;H0#9DX`sVJkeH= zkB@H_J%vBGv2+k?XP4}DB~tqJqdylrl9nJP?$doP=gU7pd7}j(Mi3ck7CV(WBIKdj zD*7S|cHh_J^yK}uReP%x{8ul1H{ah=u0Mu6V!1cAMED;YE&pZdgCms@o$*3f=Ckwv zq-Ezyx%kMMOQUpC$=Izw8(S*#inj>-!~PGBtpAdyel%m~rv9H>6}m^$_yX7O^7WTZ z0qjeO|I!x9x9R6b->KB7hYEzg(Y%{*l#cP{U~li?!HXPE_E3F11PJ{}I}Me;%(y+e%Zp6QAt0NWlh|wB$@1wziB$`Vh zf$ZITXo4RDDulO-@z%e=;028K+WKL}h_C`^=jO-c7r@vLXxh^Mr_D`8D+ULXhG^lF=3L1cd=e#)F>p?bs`4%>eiW|yO7p8y!Lq~QSKpYOr zj@gmqzbr8TBkHM8^7yKo;qE(c_}VFT>1@!~10!n_+UpLpXuo_9=e`2nQG(jDusC!owML_<``&WamMxjjx6&gjQ(> z^nI|xAW0`iYy*1utg;7-GLPBAEaBs<|40lEi{W^1o@3v}N0iq9d8Gjwa<-^n)3Ksi zVIXNd)qkNMXvy|Lz6C*Pmq4A47JI?U`d|f#?#t8F2v1M$XxcYZEnS#D=;(bq_FSGS zjg!s-nibJSlv}+wY|iL~-GcdWTe<7oP(Rc@a4PI^6mR^2TmeCE+J-b z)9h01a}ah@o$Z@b$u%7xR@2Q+hwd?#XG1Ae)rx4I@O7f0mxKWa6FefIV~2Q@AMV*p zMMKZ>^J4wFRT`YwMkP!-voO%(4dBOfQY&yo*htihSQ|&XDGlaIY^-eUlmzq|7GG*F zYXghRJkEM08#f!KfhsSYX45LHH_h1hb)x*RO3RfYQPR>Y`%!EB)l!6<5`1fdcJPc# zi?!ue#{`$xndahvtxr8xjtuKpWxiK5R}vOA(VxD(V*_aItN1fNP<7&E!>Sy1M--WKfH4ROeq0p zd4QIb<2Vq=qMB?=%0yzmFT$M=rzh_^>kqM9kW&~1uZ8sBI+Clt2u5Hf*q4qQVI*=03AZq%rEL;E(bC;9*pPK0JL6a-%fYeQ)K=n0 zZ4mF~bP2MAK=4$^t8s5OzC9v(nw(a;pau3{8oTs- zGNEomuFt!IYfPdXywrGJyOTZ;_Gn=)xW;Hcn2I^FfBf=L=XJls?H`e-;hRD)Z+*p> z3JDmd`WPdFCGULxOSaGP8yW&!*JDVkD=}^$u}++b(=~3-hVH>$JhA7UU6`QzJ1Ydti#Kyr_H& z*P1(xfVywpf^JNwhWeYDnpV#}i_3n(V7Qg>o*T5aaU`xyr29&0tK*52R8$^8*2ybT zze$-86;aISr3Ip zAV0s>w%>m0u`aHGKXty_QJC2x1|=Fol`nFF0|E^Q2{=R+LElOE5D=37scxaRbQ4rq z>-(~bOcLYt3GheMnqyGvGYdcPz413Zu1KZn;T z=g}m+O$nb7bk&PC7CLs==CX2bfDGc2k$EO}%v$+%UUQ!ynNfT7LiQ%6q@p+qWxTs= zu4+c&60d;I&fvv1kOOkpp# zFJW;@JU7)z*0splLhpC*4Dx89+@n{E950k_lDgwlR?3A?s4W7>Uj3Ejf2=5=*E&fo>O`MDz7A%d})@3;uK&HxeDh6eW?5Uy6r?Tb&H!ZW_) zZKz7^1wJ1$lka7x@{Lg8Ws}x(Z)18PykS+YRs` zILk4`OVxRCyW4*E0)9%|W~R5#R!BegL__G+IM*17^gB~m+S}sK2l^QpU=Dkdgv*M` zU_vUf1ox$C!X8~3oM`p*`y<2x=R>#NR(O?jmtTKFx%ALnu|OOO%?X?f#?qlHL9qcz z(9vp*Zz5a;Y|%CAt7`V8=N!GVf`y%F_TC{cd9>*#9cQE4vflqO-Yda12AW`U)JMvd zbR8ui(Y!&%TYSQR)SjmHb3!9)QC(=G&Jt<6&MZhRljQzh=FQDUAo4b@Q8(c za4HD+kc|BRam(katFMe}Ku=OWo1EK3W}4>Q5zQ6*ov&@m_PI#p!X?Pz~E4nx)#9n z7NWVLL$Is9^Fz3#I@9D-GX$@>=P)ZSOi$ehIB34gjCrDuu&lYIOMQCm&ib@xM~b!~ zW4qdtBklL?+-V>Ze*$x)d|`%?Q?T*v%8yDNSesuhD5@+^4Glb&^x|qa)LDhpJXM@`E=O5!mJR> zB1QujZ;4uxdQ1A3@8U|D-<`tIP7chu6nn*qSx^I=JqR9YD~5a<`3q+@=Hp^5J#{&% zu&MTi9-a31PKcpGw8e$n9m^j(2AsjdRH_o%6rV(&){v6o`Hu!w;O8aza2P>WHferv zkdjV-AHt{jE-lz|BRdJ|as=Z2avN1g8SlGgSZ404+9Iw(B8;+ys%>aAOt`5e7CL5i zYv>;Q5bh1J?j1`Yjl`0o!KxDFo(@G;6s@Fh5{I9Z-L_AH)%aN)rJ!!L>&dq>yq~ln z*5NW|_qThoYG3@jWGmAjoT@jAG*q_HDY%+ytKE}yHt=YB-o<@~%5e7Yvd3B~#5yqs zWvD=XpTdXT8QQRH!+@m)&$e)}t2MO&X5Kfd;G+IKqs89_J*WJouht;$m~~|{2YZh0 zZ*TIS@Q1`_))f_7f|N$2{Ko?>hm?~ZnbU$cIeGptmqD?7&?k%=;vz@i^xOPreB@CD}!g{9|sKdpA9$;bCAtcH7j?q}7& zE}HT)^fs-I>lNb2rrg^6qm=>-kFO|4`+&p3{pb%SKdc|AA1p}tyN{&&P&tlfpKN?j zR`W&W2@~X-RrMaal7(9Ep=3GNxV|_oGCHF3dW(6TIK1#kdJSmn_+~>_nb+lXkx-?Y zzQ@a1Q8=V_m5|&sOQ+dTj@Sxt*Jn>8|HbQKX(RHQ?=Q|<%^ZVR9A=51J#)2bCsO;9 zKW{~Kd=+J`*vBmOdG%#*J(4kZE?o{gcfYrSRnN=`&c_0QanC7c`5e$Yu$PKaM7->^ zDRl84_`5qI$7R4KsO-~_*#G;>cJ6R&+l}HD?b-i&=Ks@itR7fPTmB0<>Cfw^P-{~A~S_!VU9z`>;Re1%?}GFP|nq~D-<+J8+> zGU#`K+P$N!$3WjMweoG|l1BeO8mI9@Zs8Adw1mHnc%ZUeQ@l+QfuLQ|p73>fnlBrUEW-dVhY6d)F9owI^H4(G_PM!k!bP z=wT&`%M{CTn`{|yW0nltUE*IaQW$`h^vKY^Ial1WfGdakdTpFpAl}_rAYpSd>K@$E z4t^Q82cjaVQ>9eB*nDF6%$>T!8*wJ4@|LLxlj>Hq?(xyvQ2i+xZ1O8xR6-9|^u}U@ z7%JG(2fk90K5{N6xf?T+>Nk_;`Avl`yRza?t|6q2=tkk39P`H)4xDvl2SnZ|Jp<3B zKvBmMhKn`(<4d)rO?Vgp$w_5zC91on+hd7v zSfHinTwJ*0u{Ztw{YT`_`zqwPDmH&SiGQL&Z%!=w~W$fr;CHuEezyEj@4}9GDWFqX4KRBeIioJ z-i;9%U1v2`IWfs1p!Tb9vWEU`;Cc_; z>iXL#u8W%9R5be%l*z{9XOf(vINV}8fDf3Zoz+S#YkQvJHRWSa#f=g(t9)GqqEiaXoUA8@U$!^N*l;VpYJN6Xh3S~hzH|X&0>$del1P#rU-(K%o=Zb3s zl$oK`s5>$-0q61qj#pM%g6ichuN1i(!w8t$1e+;dOA;ZWFEKgp6;{mh&6%{mxVT6x zYWSrR*Gf!|h^wo7Tuv!jQ>^yh5tZ~fS_08gF$ors*XFPhLzr0#G_cdk7v^7Oh}j7G zto_y0ZeG}4h>8!7MwRMDoXklq*wQ+)kolAUpsseu)mqK-^ zs9&n`D1CGtxGm0JXiGl4h0mNq5!*V5Z|ipP>ak}$rJVknMzGHR2nnv^jAkP#5(k5N z0E}eH=Gb$0x%Evwi)Q%JRG*~K*5)lo`vnu{@LH1Micj69bA@0-iqA-7xftOH&QX;y zyZIN_@Dmi!Ans!8hc5P-B~&>dISPub;Y$;KH|N7PD$X3Y`mE!t<0ONN~bA>0j%X2RE4Vb&oVkqfmR zsE-R+P2^Xb%P0IdYW3jq2ZQ;<@6k*s>z+KFUtW8&7A!q>FGGJ-2y=<#UsZ~EFv(+t z0KX_Ju4^UUCPAul9sA!J8!z^C4{${9XFZ$wBtkJ!#4f>gvIPp)Ak>jbDEqePb5EM3 zsP2myfj9NLn>XJ;;D5vbXyXXlJ5^<54`NXb-bG1=6Axc&564byTsbMw30vcOi7h^D z%gy|9V*kNA5C^nEFvTLb!ZifXx_E*gq52iAKH;xbj#gUq&m;S5k<$2to}ET<4-|vn zjs%y<5D>mdkufB?m>eaAh@PfjL*Z5C@1MF>w=Y&6E6}L#MnQr2MR`PazzWC`X75vOg6wgN_ zl6riRlvIbB9KTQUc~r@%;zswv-|O*CzKY3a}Ug++^r>zz0BO>I+A4b@smGYez zu^EJiW*B#LN_ka=2c(6VL-5$}%VL>k-iwW&Ww!C!aSztj0l$bn+1l3lsB+~QFF zW|Hpq$%7FI{1{Vt3!!l~x-Y>eFG2faE?K3)&TZMW@75vtJ?_f!tx_v zJLe*O^#F9RCb=^heV@Y8g%y)Nx-)-zmV1JLf5F8Bd8d9_3f--Tx;TLSaBZ{ro%HSPAdA3YTJw7#DHD^jpY z1=?ogo}so#2_w4CQ4_G%X-DYRL)zcH2)Yroks~0zs!0NgwIN|9IJxdYr_zq@yqrLx z%?+(2A(9^-wv8J{n9EAo#!TM--OSaBflnRYM|12CRZ@jvtCfZneHd)teTk zTC9b!Lh8t7X``gVeje4r1e*K*1lbw_s&fr;%(*?TWUljYbk{;| zX@E?7o3Zq$RrHfR5DT{F^+uqv*4pW|GZ}(*#TdFZq+P#(qXCAJM@D}+B>vnF8MKEp z3;%Xl%&#ltrkNAXz5?Z1u}Oslu~R8v?-n~hVD9o3io*zkhu^z(ob+C*O@1B9&f<3s zk$rB?5$|M0nACv@#ttNWR<494sIGQkF{gQL^9b&alCiT*R1vxPV~|U6T3CgeviO$u zWfG2NUE4y7W}ij+7?TTQ?Q^yr$&h8MtZ~AWobs4zHrr6D}} z2RnMt1fF^qtbFqHLR(4k+7BK=5QmJa+%XQc*oY=C(mZf<`Yv&4wxXh9&fBadtGryQ z=EHn!Z0wvj$!lcHp`dU*n@?lc6Pad(RC!=+F&18Z`u6wIdee1w!d{5t(dU?vY6(_^ z_KB?fJ9l?IX9yFJ0K(D!@lzY#V}TGbg2=dN=a*BCXLq0ad13Vl@X;C9rT;<||7_!NyW}zcmE^$HLHoEAG~guVa~BM_jmRi9`?R^=+-RG8xLRV zQ6P?_#EO`X^}O+u+FBW~OdG3hn#!se)yo~J!LR$6yt7gPzEO-=*Uer0;rKy7ho39G z3m{K&Yi=ympwj6(_qVU~Flb8sA`0K71Y&#mn6!(TANH;BAf_~J(`St+f1u2DZ_0+hp zVqh6_pH0U3hN`s9xqQ#L^DUWA7}&GVTQ_IoLBvPP)dO{k+sB)6>8O+OF7TE9xy4Z* zG#{sLudaRy?>xT}>BaIu9r+9cFBk9;y@ITosYJ)_xs1B_J_)yp56fY$$x&mqnApL? z(Mkw1L3q=9*yYv5QO};`(gJWQVrvth<(lfQ5exe8{1C2@d#nIXkw?{bAFOW^XD{Yl2!){td9#1|nih&&PKzmCf}VHGVE`GZ?# z=@$gpRVpi^>81%DWvjIn>w+pkb)s3-@iz^rb?RFZntXPXgo0&3!J8-SUujt+R(!q_ zQntb6pQ$N|xYR~hF|&gOm_>)<{S2!~Q%S=?x`q~RYQR^KTk^NUl_r;6?MmnG*tZJI zZsNhe(XEu-olpAqe2pDTSJ((`Ub{_b>q+5rH_OwKxqn(Sys1 z4{^Bsx4a{O0Pt0I$OyZ5<2M@ zv#g&@)5*dQmu24&2pn_LhkM8RU7tZ)ofaBH< zO0J`-%!-v73FntYY?}h-9W8+w5K53~m4r5-ZaXG<@xaCDjM70+2)o#g(lJu_AJnYQ z@|4G{8c5g9PO9jfI9po8L=5yQpj7-1VB(&C7fZ=E%H-o`Dmpt)8FD3u$hQC$XFhM3 zLz0NiprmRZ-*1|l!unt)FQ>%gLlb6gGF;Pj?9P%T&`iOTV2Fs4nplB?1A{#}Q#>d3 z56TSPsljC@X<#4K6vHEH@D={mfH-vH!CMIl1Q5wfJzjMbFYnY^`Flo}N*{lpZn_FBlM?y)jUad50p3eK&BxK_I)s(7Rs2oi zga4BMoaTnmGO%T8g9xmH7_3sAET`LtNL+IgMY@U9eJ8}&_It8uq|yxsmz$3sTW*$) zw(U)+YV+-_K;M2QJYVa-a7_+hqS^73+pCwoCr4AF=S`|l?dCkLz*0tLJ4Z3t4hs>h zk_0Tq=HR5RI!(=;SaS^9{EM;-jfO@A;NvJMp4~47NmFewAZMe*=|24$_ntwtwQa}- zo6_@5ic&M)TU4`L>ki)QnzQde zoLQFXYGrepss3X!XTy$5$f^mrG`z==BsKD`)3K_j_TXy?)y%jOcAZ&%-E(Mmg06cdLZ17j5ITHQO@oy` z;+o-HvC2?D_nM^B=N=p`3%T#5R^NY(T76bL9UFf_(V_6Bj!VaKiyT|lK!7!sg)BDQ#{NTYvHfzcRCT{z-rrpOUx}nYm|nl9Gya6dfg*rL#gfzW4;uLF zZ=ZVHU$#Zd(0zrjB_+HmPzin^I1#Sqk~TmZlbDI zWUtBRm%X)%bRPBUKNlrDN`ciK)qt%IIkIa=gGSc=z!}7Lo-(@YPeMwI{H%2RzN)|- z<GX7bE4w?kMEa9UVgFfjgRzVD7XzU>6kDT_tppg zo=3C{2DpW+I10~bz>>(Iwc7@gKW*fkdS*z-&pdXn5@aoO4D<|E=#9(G;tZ^4@p&cy zCCgn7@DYG!P>z&6udhE4F!3r)1BM1|)L;B#es>KN*p8(i_fQ3L?2ei0Y@%B11~NHj z6n-Q1r!588a; z%Y$_DUPAUCZ1@U^SMPCa_g2h*qBsSH@V!f}t&a4o#n3MYX;@E>p{nQ#f zVq>UB{iSGkirYGjt`eKiFaC`Rc+_Pz2PR#+$ViPoCbG-P>Eil59q}h(pT@>Ik(bE) z2fVC?JI-c1Dv6%~TB@-Q^`uFFeK{@w8^s`(=0~#kyA|0c6-L85-QShw%KQ8q@Y#w& z6LXs3eA#4o?@Fi>D0<{BMF40N$I*xEx)BC*mOnbBU)n4afxgnxw_EZB?2yh zN&!HF{^YR)P{}~A=NG!{EPSm^p>Tr=J~6R#$R)*d){;HT$FjH2qpMG-${Pq=(@8X| zo2{UNWY)73HB09ZkB%ml3Zs5OQRz+mR#B8Nfzxg6c7d>UUx10<ryw2L zA;sq`Q@7f<2zr(L>Df(kh9dgT#{x3X*j6n@^`l@R}Yd1i#= zeQm$_yrpi+fRb@Jk(D2sGA8c!z#-73>bOVX#=4FyuxAVvnke$ub?R9MjKtY771`f2?h5u1eWQq8z*sR1+oly@8J zxI{g+%qK^~wl?@s{nMS_mV-w5vkwWG_ULKG`D7qVw#Tnm-v6PYV&3P0X&Xv~UDL3$ z&XuApr4Il3c6M6Xq)je~v1)&pN&z_pf3#~1(#EH_DvEV?YXSndK=ZU6C{4I0aTu9=Y*Pp6X4;+eSkm8tUc0<_z0xlHPoS|+Lq z-Xjs{FK(m#Y&jbODft=BYPf2VCj3Hwe?>1F%+#c0Sfo%S?=MDQ!!G4VgaD+P^1mDX zY)ioC=NXmdM)(a?J6$uWm>XPP*E*Y7MW?MjTvYKE0~SiX~kfxobB<2UQ?f=D;C)yi1Xd+WV7eq`cX6Sr@@4~r$na8#j zgEYEA+tQw(C#&7jtC*+x`d9hcePymRWG{0&?NuZp3-~8I{?q(P`5vfRuy=LF~ z@)XL{1}PUE>nzX_<-eX_ce9w5eKyS4e|s7{GAJ`q!s6Z%^i;Z!}IrSA$t{C%p@9Te)HdUc(c7x-SaY6~gts#z+5=V?PIc%9kthuCsc!Uj*gHdbZzrm?Q5tGSztK zYDb^JzY&-Yp>2W9)&N4(H2@xzRh~mjL8C z?fyvR|BWd|T2}8LzpzJdt|Gb8d{7FwU?EVVOBHF#bNY*VCJ+VXqnlEJ?4KtZ2wz{k zI=kXOD!Ah{A2~YRS3gqCnm8MRDzS@Y^NKD~p-r5Z8cuIaAN-ZY_wGSr06oZI8i+XLyXjzrdhnz?m~XFX^m+cjmqV>w&e zIrS+szOV5{inrX52aXxsYcIS1$Hv=BMSX7kqz82#)aCE&RenVudO})s9??SA^GaJW zfdb?zY~Vl@Kc{t* zs!#_=ZaqZZmgob*`*){NmRnZkbHE#AbHxut+u##9O7>t;F1f|WlcgKPQE4SjkFF=| znXC~?MGnSVe?U+CV23jGegKa0$;w{v7s>wquk=*f{v`2Jj$;!|AwY=zEUuHZx}9_5 z1Tt=4HS8xO85SE*}49FCc< zD6EwQcIwVQuNrcGkN3E z`KG8>hFf#_`a|Vd3x69FehH|o8x!BK!!N;IvF6>578^r1b>_8jU!HNhXoJZw_-*Vh zjSjRm9fW_L7;!JJ0NOyFb*>rp#@QsfB-+le6_t77x|yhbsrO~y`LVWEI`qr(0D3xJf_Mba7p2 zz-{A+SaNsjMcXgtZcW-fTGD1|9c}&qfJF95s=Tkef8y=Nr(TH`R6oT^+42B=yH~oL z!}5~lKIdJI>|Ss($Wzv=aV>FM0`LVds2J^3b`Bl)199XxJa|*6hTD{;pH0Lh-ojL) zCuROU10qRu;|p^)dqnCh3qn*}X5Hres+0Zo9c7uW3ur73o6NFTfBGgrL`O%Rs`&I* z#;gR#;>{&)u=W6%jI}4PE#erSam6aEZs&AsfR;*j*{@Zf*)~*d2jr$2gn9e}b(mkt zgT*((=xtaCtG0Y3$ml@#;LZ|IGv2twUxdI^~4|Cuc1+Ew_dYO9$O&p>-;)-!@1Q&3D7^PXG)*d38IJ zzCrQ=4rO@D6-^#)DELK(Y}c`7^0zp4{m4(n-z`0jp}Chn$AOT)v+`G^2tlv|NI`#V zseiC#yB0^>y3_F&>-Be1A1Z_CrTvk(|cw*(rQnkTXuA{k0MbRYH?il2 zoYbf+v7)bg%!@dRBXDn>?ub91p(Atn(6KqHMT_dZ0P5+FCmDA7B0H!|p zb}!HeU}w|N&@aQ4yR1ywvp1G=nBNYjzridAM)WGDQ)nmPo*%Q6a<`s3oZ4A5k)Xsq@Do~`4x+h}J-l64Sd|$YywEpbNt`WPxj1~w znG8UDirai3>$umkze;I39w@pF5}O?WVN>p5_@GkVCK6knKQh5H)_lS_S`@JsHJ3+^ zXxapF)_#Pn!ilOiSYQ{XB$3OQ?zjqGLKe)&UXVRKCK1x9h5#2+!P9}kPf zc*g_$-t@OL9LiS1^J9q}p(1Dihazlaicn(#H!^P3Xk4N8)MnkWA%TK`?#rn?uWt=rGv+|h%8+$J%Hh^)&z>A@v1pgYiKZvr&Xr%D0^6BWu0lr^NR8yW zLaggN&4RP;P4JjGxs4a~Uocu3Wi9-%rGm716dRXB6dMaVf(f?T?sNM5Yu z1oH}`xFgh(?)Z+?BG#<`7>V%yx?)gKx~Oi%{F9%EBY?KmG`9h^C;;DMGO8-+iSifH zvOB83aj2T8xKU;&RL992yY(%c8$l|$7=shU`}8xRe(vZ%Asxzbi^A-Hsq5;HiU&od z?&}ro8vFpBmV0B3|K>IzG4GkkBdbH95fAlA8%k8>zE+~0r>YjOY?(J-V2;M1S0;(d zG>A5^p4mo$W5EJH;h{+~T6XmeX)_=#ijI;&A&5{p`zE$s;5F~%o)=i(;Iln&rEclM z($YMpq2BM<3Fn`hea5u@X6%ZBq6wfJA=zy20`&Emp`F|CgL)p;=hPUc>&zu81EVS; zEXYsI7h;M>A2c$~@2y;$GzXyKY_WAzypJ&8e=(<)z8Ygn)5R-p;5;i_c@#VyGH%vhErjO% zY>4pkrpy=_lwQ#OD&}fuc#2>nUz4cq_hUG#Z-DE?I95F1@yqbvsZoZ}-ib96*0wzU zIryQuF!OQjYb1<*r0HNa{b!6RsHU_YU?kEgmJa)7E>{lCtK2^r73J%X46;{0>Gr^1 zj_-ky#g#I#Au~Wb687Bw3axl-3)8jv8R#ThSUu<=>ikfWe{mlC%z2n|W9Y`;MA1J~ zdpP@;^@dqir;!X_Y&nYB;m{}Gvjv(5%7tdy>^jxP#X6VRB)-0>{ru)F{Yx)NN6|+? zy3O1A-9IIgUkPt6&uxRXY4(UwX{qGK=7;dyc8WxhYki-{@&S2~ZJjHgOS_w%p_BTf zuu}=htE5zKV=sCnBdxw0`=eTAcRxn`agAR)6|n2Thqn&=)FVL6PBhx3DfsA54N|?* zZwmdcM|Q;mxKMW8|GlL0=DU;SO=b%J)5q!_8cH+=@Cm@Csv*m|xR&=B!26c71+mj& zTrn3%?q?`6L^oZpD(#dly)Ryzci-#jPic$%?tGEAov)H;n+O4$-_r%h?m_4iZLrnD zwn-3|;PoAa%z415t()QTUs%4q-T*w7mnBY&KS5f)Q*~gFG{ceqibL~V2OA6tlcFHd)QnOi_F-q_B||7FUm3?E426UkniRca}2yZB{4UaND+ z)aj2uNBzrBcIZh@2VSKj@bRw$?)>)$Im_FpIQabtzW{M}w&5-n0s=s{4i=3If0ycC zM^XTc-Rz6h+P_i%>mxJ=fbDVganuj+#6ME}P+1%BDE;2>i~SI(-$>b}3GxW=Ole=A z-mPwltz0+WvxiCT+GUknyF~wa@rf1iXZ|m%{*9ym`?BXL@pS1w2qX}JQ#RN$T|tv4 zaN%;41OPMEQ@J?VvmGq@ZP9saHa^=TzU)~U_`>g@{dh=3CDrhl83A> z&so3oI9~H|$C?A$b-yNq20Z-NSDwwjT*qExQvK$XcHOP5rsrdTeU*Va%x983O_p!fz32?#s zvd8{5EB8iDJO|t8BC&?)oS`|ERg8>GcLjF5-L?}n2y!m%)KkZuduBu&Gh!+Ot;PQq za3^j{M&hoQ$DY5x4J%xlV}V<#Htc8mG9M++1EnvpHi8z)FRgo;Hhb+f?Q^=~#!tlb zVrJNG2R5LVt-QQ!>100}McEDi-7m%e`}ADzii##QtpaD5Sf0(w_xTE0s(};$7t)zd zPt(m`frc%<>mZ;e4_Sb0JjHD&|ea~ztZdBAMm_A$St#cfkoU+w~%_6Q{iP) zt%gDFuPeUF-C>GwKR}cS7EMe^WE|^XJvUI_;UT zGKa?vSf(7bc=gK%y?gv(*#YgikEcxP{`@GpxAXZD;H~soQ-kV$G<$>hxIBx_*%H1dwncn9+|Hlo+n>jnan%_`} ztppAV$^QS7UUm9^&fIO)ufIi3?)&#>B6!J^t^Dopz=0Lle_4&Y|GjD61q%UYRRsg{ zfKRXBD`{a#*kr{4;Gr8+&)I$71H9)_4`ZrRs-v1 z{n$XR8@6AcOum^6T7Z11Q+@87WxmyQmhhpWgbl#4MBZ(J*W=Oa4F`P=;Hn0zU{lS zES53<45r3*xvCWb`qv_od!1gY`OFAF3|*k~3{gDlAkW<+5vcRPEbGdPxZIPQ&)Y?> z*aMtq+Z?cKQRlq6UoV|JqobmLZ6@Ga&xIxDZ9e-fECF6;sy$_0#@<#gZPl#oZ0#vq zGJXR`q9Rx90WP8x^9tWmo4s~x*uqa;Y_r^fhOgN3^z?LbXkV^NRTsD~zhvY0_rL*J zuB*S#Tw2Tz$1Q^1k6jHU%M?}mtgi9U<4SSo(CKv1I~njTEx4<7MAE&9OMQLg8@f= zxt7j0&yNE|z36ZKzdH&ab5AY59{V5IfWEOIshw-OestK1JyTnQmYM+X_Hoh_*N+R) zi1qf)URcs^|F2?U32=EYFbx@Px$!#x=clKwr)FEFW-To7*R5Oy8-hzabHnK+a7gaP z?~IF!k{*X$Nd-0EZPyVKVFEE40L7p>b*UM$KAw|jJyU$s@HYsD5TJjZ?1f-TM z{d@b2=VbNo`K_^Qa{qq4{yvHCB(O_z;SN*U8Po4SUO{`?Nbvwqs19?1ht*s?>5##O zC$Nh_dy+@ZLCU%)g_Of+_zbo5!vkD3a_-c#cZ)F3#6v2mB`O;KvkT5`mV9Jad6NMM NJYD@<);T3K0RYxHwEh49 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-event.png b/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-event.png new file mode 100644 index 0000000000000000000000000000000000000000..cf3c5d405a93b7138883e96b291e8c1d7369a615 GIT binary patch literal 85534 zcmeFYXIPVK)&@!kMFhLj6)6^^gLIHCU7B>1A`l=-CkPQyP$`k#dkHN;=`92cy%Qi1 zAc)ieA@mlK9A@U*duGqfHRtE~bAFI3Z^HXN>sjkw?S5818X0J@oMk^tMMcG;qpkjg zii(k%ii(DjiQ)83!3myuyVv}*5K7%PN-=ZmU^x(LLd$SV<;NPS}J1xDbt#_U8=F78Tfw~Xfmv$33^IjtP7%#UzX}Yjk{oA9B@F~mb zIp_B>Xfo`1!KeOA$1?|K0<4enEtMcmIzCOJ@_e->F4rEM5%`$*%*ZKCft&UTbNu9N z>o=ZR$$P)W7J=0fe6jasxAvo~65(#8H-=H$ikGt6`5 z#(3qv66-2!8R%BLjb8i+e+J|MIfK_mWD3(>{92EjN;);bnU~s@K2%h!&;IsDU7`$i zqoU%a(ot764YXUIIn$DaI&Ry78e}asGTr2NHov3pl+5(8$E?SwxX-cJ=7v{SAj^%r zCTZXOeEJt5@ek&HkMlpGeUc89*ahbtWY$^-*GJZNR!7brzc$FKJ^-ONLn1>4h%Eq^ zJD*nU^zFjCR~puq0 z;hUdvVt=gk`3H^6?CWaN!MS~uFCCi-74=_V!XDDyqG!NU<(*-`P&$q2Eie4}FIDPq zcpZ}0nbQ9%!r!-1Xw}9|eI4-5VZ~MT?VD08M`Gk3ayprx-sXZRW%;+2PA^Nm!-jt4 zl06tn>p6Z_Mi>7O@{P*I88*5;M2Ke8KbQYQ*03)$c?G0L5^2A3NT9+uxm--|IR1Pz z?*SbX%@S6rp#4A9t1?X^pi;sS!F)2gMw3qE(2)CV`bstRKNn46Vxz0L=zmw^-<3j5 zCobr~NQJj5pr^fYCbf~IrvJy|Rpd?=ELKYr|1W}`V^(M0O)GxKK-%4Vx<klBW%D4{k4wXs)#tUo0 z_g2Sr-GVYWbI8`nX9Xq*ztvIyp5@i}RkEDaKyOVb2?VW(%kDWh)6me6Y!alQ@pCIH zx9i;>_W8U0E|;iOxTz$yJ3k(xSuB|Pb9V;JY^q(j8Lj#M+#a<|*h@Y-JZ~N;w82en z#{K5Ce`>PsRFi$limLK|80}93QH4pKQO~$FN_SGTsvXuQDHZknpN}39QehK~X}BEo z7uo(Upi}u9t`iCBwxKr;uGt=VX8fZ+jWqG(4KJ@2{hzDCkiYn9nW6$@|q2RQZ{TWai5yEg9z)jLH^36kJ5gwss$rKf7pk&^KamrIA75ChyMN$<#Lru&?H0S-uw672bnSA z6V!5&lRxZ``-%R^ zMY>Gs4G;m68*BZVrQw;)l>iZmF^kG!Jvaw3l_{*P?~MubUl8;8%NqtNWTK(FbR5`j z+L-%BRm$`fvewtt&cYvHexKjj`8+?E@6s*0qhdpLk=cidpFJ(F_N5Aid*!5h_Mdeh z1V&L38J81#*VLwZMt#zIJuihOceX;V*1+z_kc)~&Q>$&VNu@tafhfV4$6?_NZwu%@ zWu?a(6(=zl_ok_NB_*BlwEcSZ*Y835lvY93q)8;);LBxcwLfv*bu}zepApldCK5z$ zG#+_4RK4i^!wni3_HB7#qg&)LWISV5r+7zx|N5<*5T)B`w??X9XXvnUyPS<<<#SDR zP==7-Tb)@L3tMT~MZic+sYz=-yI16++Ep)~lF?G@!BXsRcCS|}Jm8aWr7f7+nN`n` zzW$;hlz_ors2I@)`Wi6q^|B{meCV0MQM!zNf6$`ojkJG3URO|9KXuy+#=0a-66wy} zvYVdPqw(!g>fEolbni?~sCunqZ~gXW4Kb9}Pmn7o6hi$Ck|W6y1A5oknio5D!e0I(z?+q;nH5 z#Wgw%6toewY7Kf-W1rleqBmo;w4?-mZaNK0Bb%ggqFPlQkTv_XVPCcA{Jrcgk|{Oj z$)?|owUYkD0Zofk*u&pknUUM7@X=W6OBAV)I!PYPxvOOjE=hG$yJt7+jX-|#qat=2 z+6C<&WXvt~zRAUDyu(W^j zKm*(LwRymej{>5+u)Orul4UXaS@=S!R;M*}eUkWIKVe}y3{f|+x|UPcJv#UzxEj-! zj3z5-YubX5wKD|qmIF_3>qVkP_AT-6>B$n?b?hn%S{VDi0Oa(b5=AAsRaP~Wd6fH@ zytdszzx?;gFqy#DLSQRt+= z9StT<<~4M8=7aa=A%_A z11r-y`>>Pr!!41U2pe9tCjU6v{nt=)vt1}%nHS%oG6 zh<2V_x`2h!DY%{rME_slX2pwFZR>yq#20Tz_EnyvaUX)&=S(eNx=rp;jMDDP4+a}Z zvQ0GjY2h%c3y9Kc;grSg!-?gEiMi#T*k?6&-v$bH5B%sfO_s6V;Ko*qLm8+H;|n@l zE(QWsrU-@hylfBc2iAPj&M~zpo5i}VN$We+aB1;=DPsk!YW*2T{)Xdd6%DG*ANc~$ z4XN4Jt96vpju6pl_qJ0ItB>cGSPF-?Yk&8jXBVrL%e5GCZKIbc4s@iQ>gI;M6=WKt ziN(z-i+Z}2(>CeuR4zSLZG$a@ffa6Fc_tI*$e1mn;j>JSh1B4C=8&Gm0a*ZQfJ&S zKihS!S78-#;c4tt>w-R0tY@bI4dm-_VsKb2;S`^@%e-_EZQk(ZG_or>ARVCo2pjt+JT}M*L=CtaSgavhxYg} z>2cVnJ1Xd|Lu+`7z5heG3y$$sl#GV(l!n%QFK~a!|+dA0>4g&pjT?f<6P(5 zSZO}hKmIkqmClGcSiJ<%M$hq8NYQZgPO2FuQ1pXP960pT^UB`JN4r@EGzEL79w(eL za6$HDDE1k#WKjz57dI`wFw{m=jIdcsQTEKNZ_Pfy{^Eww5+?aBr3_MrgD-w*tT|s{ zG4b>PVo@Am`$OGQ257O-pGT+z*>C$9)BGiay-_JqVZpTq^I6uoCf%R8zEN5IiR#yT zLS-EK!K`)NJ^0cUqX%n``G2RsxgsT*s0NWW!lv%$9grTUZLXMzyH5Q2EJbtA+g%hl z(Y7wt*(>vEy-<4!e$t+C??vVLXKNDel>M<@?-D7%K$b{{iO+(6XIb;JaxZZlk4#qy zHj++Xgk7uthZF3kybMgh{{F7NUg~9GwuZnthRLCt;)6Hdx7>OiiqEuRU10NQ7)8Ub zYft`2PIPQ-sVSc^EPU#+;imbNn4%Ed{gIvB9cjk5%0X(yx-yNwMrrTfn>2{sK$$9~ zZoxdJ_FQE{51hq)%r#1a$9^}8+wbqiru_1|1g5O=rR|6C-2fe5`1tE9%OC17a;9OY zIytEZ_pX|iJB>qgiWS*XV`JeqH-bLWnAle+eA{s?EJ(6@NFd6BwXKosi{e16c#va{ z^L7VqUK0K{a>%i3a(jh#`4AQ9&P#|YB?PIqqAGIp5VjgYTC6jiR5i0%lpg_hFJFD~ z&GrUsJ6}=l?trl-Q6sqHdWoEOn*+an|5$%c=c7sx?n$Fx3EU_&Zd&w`p%A4~c)P~~<_Q|`wtVm~NJ$cbF^s3(Un#u+Sk6=o${ zL^qXZYN7@zO;odAe!C2I@B6gvo7D=)+&62Pa)0TydCwJha#TU}tp-H$=g3WbF>Ktf?Y%r{mRX6qE#9n~;+Jn!6JYcwR7j7K({klNxiGd5`Xu-xCjtg{bR;i>Va*Mw!(E;S`` zJ%DggwZu|6iiJkG;%tFW6_wc_C^>RT%|N*vX-o z!DYX~Mn6ryHTT{yW9-Q)=+xw-FVXPujG4$#a(ivVN6qJHEe2cZ-EJ$yCBZ7L$GDCp z6FS%XuHLu^v!?x!f&K~*!XKRFw!I40y<2yvd(g4{O-t9=&T`@6BQ3h*6j)rdk`>=F z0ewHuU0-ykdeBe5eV&$dEbRIi-KA09o`>Lx{~8v|Q>nYl=Af}TUUAcH!_nqi>bO(` ze6}?mpf9`@gFRVX{;cwnCukXEnS=@(NQ6KKKbIeGEMKcyBQy3^p|ShLbhft%6q7N(KWxTewWLo!y!= z{%!Hq7#lao#>K_}r|s0JyHI|8519*8dVMjlf9BfLcVWBCbc{3Jw5CZmZyOEneK^R*ktq zCw@h1wk}EG5Q6OOED+h`am7!U=J;~^zjC;%UFj0k!)(*f(oz{@aL}>%-jH1~@tPK6 zF+s0*BVvjmWEezU{mGx}cV!k@`7Pvk|B?r!99yBad=FPf8VGx{_G5X; zWaRo&iR`kImbkZR?x+`)MdH8rKZc1z4Vz}ymc>Sd`_eye(S^;Q!MbB-5TCc{?y;SW zKE21*LQ%EL4XipLy}$8{h;^8Pj}Yj9^|J^0U9Tc_dwb&E`Y*xuSA}AbId?^n%dN>y z(?cGA@(qRByf#!rm$Rb6RJf?GKVWlZq~eRYC`mGy^3CmCHcSc)d9Z_C%W#FEq13I6 z51Q>ef(wX!Rw3yDnb)qh)QHcGDLa(dz`cASbUy zAtx#0f-ltx0jC42{c1cBW@l(kyv#4>sg^He>T8Q5M^$nSx^eM!eH@K5VyoxfQgrcN zL1n%Cf!Cen-nP!7J55`VBUGmUJ`FVeZm}KL7Y)Y~ht&eoN$m}(y~b5{k(V-pp9fi6-P=a* zb?V8KeLGDrpYjnk%`#c*63>dEp8TvW`?=>H&OMq$1D$kl?6tLTlP16xUg*ai{U9@j z09oVn4ZV7dP2~!dtxI+TpK4~qw7O|6^y95N6fe6bq)FHOeh*vdI1|v_rE2jZT4B&r zCXV?JzNLgF%#~UN#mPeF-cwYnidV^Hpp(L_w7H_*VNS+0V>ugf#Tj0Y-Ba{90uVOj zw#3ik>Af=v_UD?DXAMyuIy@q54YK%K3ACs%^A;=Pr9R=Fl8OEP+!KLchg!~I{qno< z%Q+nUF^C+s*-MktaN*ghDy|2jrRS)y;MtG|W*~6eJL{p)Ui}P7KkMU`k_c;s2CF?L z@U!=(woorcXy|41OOEK{d5H4EB#Y)cYlMD!W1}RHJrwqFsN?nDn$CTgW%IW?vzBU+ zr%fx?6yp6)mhhBa`6>8C=W)v&e!x|;C}4HPfbG|P>{p#iM2fbcgmpmBq-NuC(tGb- zuyofK?*4_$ftW)5AI}Mdg+ED`=*+q&7{a7_wsL8aq%ToIIxf}%C;jbP)2HH8^e&hf zoVEWLEKNyCN;;Zdqa2%AS*?O`2mJi}u%LOgC z>S{S_YNrz6xP!-rEOgYU`NyUI*E)Vyripv|=Hvd$`HqL;I&n|JrN1v4(P&@{179@qH=wUR=ib~mr|x+nZ46rZB8>zzt!=_3han7x+SIHECO z%4p_bH%LbpZeo9>Y{0HZx5x~#GRRU{&gcfoF**q!D;EX9X09w?fo@=eV0n= zlK1TrTqRRB(K<45H2=QLpJeqvzUZ>0=Atg4Ryl?L%Lg`9v~M)9P4nHi<*7>irT}!B zWwUSyuY>rpN7Nrg-M~r5UCP!=0mI{}o6RMn}!O^rf)iU)t;ca#Q!&iLf>e z=4;38MdDP4&GpF+HEznM-nSH!`1F$Kq+m=K+G$?#l!%PbOa zN=K#NoKH_>yCZs0^h$7=`2W^om1b@z>39S-73KznFwlrx4>iWD=@imv(g@^tNdNDB zFgbmtQf<4Bm6iN2^#8w#8>UW|dS3EE?fr>jji{@ZLub?fOjG|wy-d8HV`!r3`Z^Gg zGXA&lY}$`bj~^}udVKnyCVrzLefE^H{{Nr%2Z#Dc2mJr*@4v$D|4Y2&YF?bGxfU@`8@|A-#brw1BMvh?0b$;po`-9D~R7M-1+*x3nWNPBK0 z*G*woQp1(2V^M`5#O7rbU&;7m<-A0imZ$^k<9Ioz$E)SApnb2JnGnZ*8U z;8MvymFeE1T%BBV)r;uUfYHAkq7= zuCDXMm%P@UH)N92;-@P?s6BNEu}ooUhe7$V)>(0;r{?B&?k4U>)*Y^MO z@boW;6;cQb+F8=cNiaxElX%h76DIF z_>K-LEXnsM#97Kh(uU3He84|u0d^*$qjd!ePDZ%;y>wp4fo_IM2Ss9 zZlfS*K@C}rV5P4W$c-)Q9m7fa!P>^|S!g4USqjbZa%TQEA;;b4piMciw_ibD>!$O>oHcL57FbRSKR3F&aO_#QOQ)7@_44ymE zF*q`Z*{vl4XGyHyJu)jbCRyA65g5WAT??Fhe{CU*apT|yXm8bQg_9md$qB{2HpK0Q z(K;V)MipwtyltxG@V9@lc9cuhMryymBN}q-OHpOf$IJUNJsR5CAJ*zz;@2yjS4!8i zd*oyZJ?nD&7YMlG2WOzdJ8BYhLvH>pe*C+ddEcl!W9lQ4i7Hz1{_E;gUqt=o5$dN& zD*md_hfWP&x?dP6FTUFNtNkj}m=yQ1!pB;4F1Z<||7BEx?o7+xxV893x8OoEp>@X| zUAk{o>(0*yY_)7952C$^_h4)#R?tc>+MNsUzc2JT7!hV9}(|oXbG)ExXhJh;VSRN$8MO4G@Fn;Des>bv^?St zmUF<#UmbapAPA{k$;wkM!0S#p1511>G_y*BSI~;$9xS1jHN9MzD_5+S_8TT6-44bt zc2{bzjl&AK#jMB^T0C(_JIj%tx~28E`%9s_Njafq*Zqq5o@NJoJK5Hcx6=16ID2PY?~YzOitN-!`fs zVP_mS;2WEDz$F{~b&L(6mY5UY`kL?tLx$jxn`}AK$LjpZ4 z;7@NB5IBWhlvipUce92MY-^O7GaW%$Lwgqll@4r%q!gyfXh32J0yXb7_x-*1@(QwB z1bOn?z95oC9<7|BmoDvT<*=L8x<9#Gy*OrJpG4e12)=}I^nt=3dLMIo!^#-$5mkXBAgIqq`t4F2dc_G!6Gfg}{l4f^Ov%Tjw=bqTu zaJqtT8O-e$gk<5+l}H=Ey|GZ~nHP*)6T+fbwnzucyo?}Jnmg!Zt8-y4l6xD89G3_0 zNeEBB0@{av4|-=;DFs;*<5^Q!Ae{|s;W<;XwzBwxscneXocNPHEVJW3oX$vy29)6a zvldO~#SK78eaNN$W)CLmgE&F1Z0!}6)ilbKtxldWs@&ERnPI8^3>m}NHNOg;pQ6+% zA-1&sD5cb^$>zZHHI|@DqbQEL<7$S}BL$geL%A)wBQyt)ZhMtzHJF9%KOmC~t{^S| zpHz_fn{)J!1gKo=7vrNu_M^~ltD4ab4~&wqE#n+(=`Nw$I=oa9CB}TpDn&ZLi#b6{ zY)C_auKdci&|#9)(nhnRw4!YYy3RK68@)G69jJ3jv&eU0PIuSGiXcMXeX5(!nV*QKADuIzsR__OB0vs&8_=T8PUhPTf`{<9FvG zc^E?1{ia_TXLuZ-udh+u3%@Oct(QH@Vm|^94r$3io{S~Vlk$U2mBN~y<^v28tPHl+ zUrHTDukT1_ha`59$v#Ip;)l_yp;Sf*ApPuzBMb>Kv4kRYl;wsr=% z1j;QcW1+g_BZ7CVTNWtG$Y+Nw5(i;lYs_c8sQ#EIsB==|hsZANoAlk|ax^DmK=bjS z0;y(t8=VmjAG7L^u?KV2d|Z=-ap3%n1}9(Sgb1vpj?4p&cOmmt%qd5`BFN~ct>dLR z7EP5VxI$-qJ%t>03w$^i*>+&xm(5jk6}Mci%-V8*mzkw&l>u-Hu>8963)BbAhd;W* zR~i1s*}167#jM@L{3x{sh|&5lrNiez8un;$K5R{np&}_-xyNy}hV{faL<;fCY-g#z zNH+ye9btG6h+SircoBLrFeE2L?wC((cc~V;YiA|v-9JW%)8am#vA39Ff3^iKGYV{( zizv|`AI?L(dxh%{gKUnWp5sbuLJt#sZ>P2v+Yf6}ulB#3hZfYjycS1M!~tgqQpIe2 zf2If^(f|-FDlR&`BX*`GVrV@i|$CQP~XhK#E)46piRbw z)HxNK#?ZOm?8wauacD9dIc;_|y z*TzOh_iYwInK)VZ_}CI@H11^qR!?aLl49rmYINI=$2O>a@zsHBdcxJZ11yoQM{>EQ zb<Q z#=zDAjPn&Vi`&(FTlXXMZ0%i)v6gV670fDUlJz(dI_~UsyQnJLL-^jPG75ixcTKIhC7}_!QU~JV`$%xek=S|-$JO?E zWWbU$A(PcF9zmpt)jc)hIfMOB0lm+0GBc@)^0&K_?~`kvryC@sOS=6Amz#XY)nvPX z#DgCXh_s&E`fRTSO!Y04snS6;6Iw3$@}2CW7>~c*yCgJGztj568lg+v593WgQ-tOdu##Bl%w6mzeVimblI*(z@&Ipgi$ybh#qepf_2VlpD7p!qSCHgt9x0UxpN< zJu#~X4CRIq@|R9+|G~yocH4U{zrRy2tI3aaAT^sEym3bk?^IW)6mm?Lo=;6PLr7o$ zbu5N8eUI7K*3rsJYeSt8%=~58S>|>y6OiIH({wajo)+uFL z2Czu(C}SnR$Hkv9b^kS_goZ{$NBGVde%v4|3m9xeI(G&tQ@>9X+TW{;+L~BxMXkl^ zEag!tjssh80%-W*k(}C;&9p6{;Q++F5{$z@7!D)cvesFO6%~> zPi`qdO2UT(uS%3VK-4gSVWHpkhv8ji`KgVTYDzX}jaIVB(67fpf2Nry(-ir`lXETA zFz9`dodY(OZWJfp+d?Zoo3Jm&1C{STAZb$ARCs0R`t%h@^Fs=?MHD1yV9Ly!53PW^ z4#&J+P{{PbyEVb@-IZSuoIVZ3^AM~=g@?017qfpeeK zaWG-23L(w1>|(Z_^mBE(z}qx!^7wEb)cyI}iw_L&-H1XRMF=c)$s~cHvX8*WV`<{Y z4SL#Mla~`}^|dZbfW^ZWH0d0=`4}~B4HQnXvC|^esaHk& zc{w{c+ZS&o_Q<#%rIL2$3l1PR^1T-PaRui$-um^m$6~q}=)pO5Nl~MPlO8{+J$kOi zfVualQzD9|y(IYn<7FGwcRM)o!}wQw^nY-mz{obXX__k4Pj1;yZO%5IBP*kc5DCJqL4iw}W!hG(Cq{$3nZ zH<<8^RzI8(Xvb&*mNs$ha0KL3gY2e5JGsJs?VNhmiaoP!!kX+=xPcFB>_VkWh#m~x z>W{&H@STw|If(%5jA4JA1D#(3g+Q%X`BMj@0|#+8BwXmqhDjqxFs1GIH3p&$=xPFC zh{l70Gd!43(g?v%Jx?c(Z?|vljFf~{k zWpHE@8w7pZb(yWJm)GIrfqG}eUdHmqzyS#sGN$x*MxReKV8f>IWV@G2=ZVA5)6TWj ze_hb8R@>(ix*{gdNy=k`cat1U=y?{&GiPXFYQ`tVm2O#N8LO}@MCkZ#j5Vpb5|vpG zsE?vlhvInfP*zT%oW2vuRY|VW)i+qZ;ij5_*M`TD1!OT7#$~@xDUZ&LFB4mf!QITM z4mpY}@!9u=i#4hMQd2&m{78|rjdUc%*jYjE9j2jDrAmaqy3wW{S`Sr=HCPFG?GOV8 z*|80_euRBHn^iVK_f1l?0LkHYS6KLr!+I?mJ0QBZie_Dik>2ihaz~&HRGrtPJzE&3 z*B3C#%bLZ!1z5>S;GS8O!fBU56MCoQyT~ou5RtEMf2?{Ii?DdsbE%IXtY5J2-redc zhhO9}bB%}JCp!i-+ zWtfn}H_XT0@zGrr%ZvCS($Z$n`UK@ag)+Etf(yYUnj!ro6TC$RFjj_jjdOtR_*}Y2v%A$`b8Gt(D4=v7Ey#`+z)D7zSmNR(f5(u{irBDt-}D zlP~A@0egE~B{%kGbkZ&T*)ls9@XCR^pLb5e$?x?$-*4fopYFNr5Q`0$1e&--FfX#$ zb#p$95%x+QvwD1f;lQUc6Y7N5=$zdnPoM=;_Y_I9+2*|)&9X~+ZR4XwQJEP{yQ=g= zh!DD}y8mhT1rY3mbo?F6mQzKa7@+Ub;PB9n)vU~7y3edff$|!QfFiK3ww;qumm|yb zNdJdzhNR&w(hxphpX91}H_h>9^uX7(Dq70c5@g&9W!MZKDt(VH6~xD>b=)8QIX#3@ zDo1WGR@*;1cy>!V@9LbAbrqiT>y+c$fMM?ZGg49^=K~P_vg1+^ggt)vRos5gq|E;E z`_`)<1$B7>-e)2cJXfp|v)2ez%6U|Ip*SWEb9q3(hUXFFXb7O&Fh4$;*57GWQ8$S+ ze77%#sU2uFpG3dY?({4J8=gZH!Lc)pAvvI93YbCmHID5Qph5y zl)xCOgk`=Sp?mtPk)W&s(}Ov5dsO(R(b=%jP0gZor{Z*9e2(o?SE}A3JTMSInUu&% zC8%jtC?Bj>SDms%xwmFPYp@TfA)IfnoTqI=l_ShHMSB(>@t!?WuB6^lSvc9aW{(-~ z=_p&b=QV*`f>{&;s5WZROK-wr3mcbK%TM-Q9lU=RE|YLtQV*RWY>4G-F=OiAMsz|(f2ocZnX%aU!uI^OSzcxn39YUl&IBn zo&7!rmswmdMeYi;gcOXgvm(0l7I8J+>7&L#16RA5j%cD1VkANB#P0=*1W)kMfDA$jfQW6z)|8n*HzYr_kWA z-3}VMxr<43RUTE(d0IOtcqvfEa~P1>c-}puKgO^6O-nY!|C1oHS85`Y(!^8a;iHJA z_^s-o{6my$gk5-CxutmI_l=RIE`@Pv26EF~wSk_y4<*pmHmwGw1x=b~%P?qrzpOg#|Ju3!DPjlSjdRSgK z9y{3k>;|L_UD)5R<)2=LE73Vu7A(4d)<5c_<;?T^JG(xM^9|mM@|`X|KKMBV zNH-V@M8(L^DM2eYxxb|C5e830Y%^BAG4e3=!uk9$L41&PoS2~gYp*D`r7E|aNzdUs z3%dc1h`dT0-XvEHD!tVd z%qXs^X$#Tot%ZJ>f;x7pNIf7`PZh37;h3sjbsmvmpmr_2g+` zRgIOS%`UzxNJjT6D2Q{O9@?jGLzFPkvc{fL6yzpAdQGL=;_8IfJtZE;qNgFiiQH$o zAHXN`Qpj0MY$p%+zH5_7Lbq22$Q~clCqWv&BkKnSD656Qo4wuvpC9Lj4MGs}LKn0U z#+3l7SPo@X-vW+Tik0h;kPO^v>uF*#sIvFL8g{9q{{?ZPsq;<(a_gJVio9UZM0mL zk~sn0{9RBTcafNJZbH?m0_n(vIE4Kx<@4+%zE7oGaJmN zl0YWA(!?)Gq2(lV%C!`n<7Jvuw&xwHwF6Pb`c+=|^!x6{E*beDm1fPcrsd|so>u~9 zC{)lY+a2MWtNpR&U(TZii|ieMfCtCBXib*VtGraH?#2h(ef@qrKl8C3k}`Mq81fbG zngE}!uqf`_u3%upyAACIBl4i&=v9$XcA+!%b#EKPfXcA)y_FbQVYPZO=aqg1ge8;$ z7!j}SZ;aoCh)fv~i$j>MT_5Af%qzwO$RpQ;Ea#Wy^ljmR5p_H9x*}UpUv`DSFG!UW zF)X_nsNhio1ARY>6p0UfO6M?movd1krc<)&XJ2LS`~3WHA=Ea-4wOdGiiQW}8Xgws zub1tj9o2znGvavnCBF~Dsh7g2iI8RO0?3a&LSOZO|3+Qo{)+T4T)4PxXh$e6^j)(- zX;RS3@0r#hgA9Tc?{not2RoVNf;y4xlLu%ANB9GBtx1mhKIR7d%FqEGP+Hf{JvQ{i zT98jt`??z=|8vK6k0_g#(+H3);v$)r&Y?A9&u&wlke)FpokDAO5Pm}pu4L7UEfh5e zy-quRj#nn`+}aHsBIV^6?vp=^D>d7LxYHd1YX(D725YnzBLGpj@R0stC3od@fZ3#cU9j@;<+kXzDn!YMf^)2Nmv#%i=GPPip=(@JBM6(4h-3_C3)f*FV${d6}IZyL)!~#arq?%_>ic;o?0`Z>fuMvp7$%{IrnAtqP zQ<4@nv-*P-F;H8JOX0HA8Y>6p-J zgko*#xMOz5h#>WzOO8NDzgIzWDR_P9k+@8cr>WiTW!1+)Mz7 zRs%ScUV7Q*+udR5bmfVD4E6pA5r$AcuRl`jyX&Un7`$t&bqs8mNQx}I=ertjnwaHE zF=@=oezD)hFD#FdYU9!8tkN{PJ9Wt_`An`>bDesba$M-j5y!?-shvFj4tQOzzvPBR zBnovtC;KLtkbpes!T0=*#WDAE;>$z8-#8|INq=fphVrMO6GFfCq z_Bt-$jrLK$pAzO(M$haewMsV^IU~=UUa4LzEBofqn^=LYal+;g)&nhBXP=Q;=q@!s ziybbgMD@In$7;+xb4xBXYyFO@{>u{dt4{jG;nJgx!>N^AWA9S&A+h-Wo5_1792 z*SC8~_qTQpwInppK7V}(rYtj3NrjxAD&!aBN#d-W;YIpg50PCcY;?Zk zHkX^b%e$dkLb@fYx&yF+IhcnKxawv>T%I`kh#y69e8BToDI!m%2IL8^he;Riwa*`( zlKtJkBpA9wZJQ4}E4X$?qyd{2TB*3EWRL=Yo8{`%Hw!ceNie4+2%*%>Dub02H&6Ku zvIpm&Z>X=2qJlpR@#E^)_55|Vyn=_@=fZX2(*7j)a_Z7)Z8rjlv4hys^lUY0_3{kL!jz6x%5}xRnWwY} zKVsGtiXn>>9W+W9Ay^so(sG_{$^sc_YKD)LA>LYHA-0ugxoX&tA++!?J7QX{NQ5Z~n=~|D*S|r@+M??nn-KZb6;kKp#?((N5 za(dRfoARC?!ZK(`^&8;kF)}z9{js~U<*p*)!gc>iJf=25Vo=XZSUqd&SCWPO4mh&R z1Zt2QWVIh7GqVs9tFQ!NLtQqcNCryIl|r5CXZ&~S$1;||N4+@m*Iabs>A5QwY>SkU z0q!kr7cSdxYSm83Ox6y%zwG1!@6->sWh*9CFp%{^_eA-6C5@bmwM>aAEq7dNS@x}B zTqri)-9^R_5p*kn!oAnmH>>6DKG?2T>b538Pw& z7=t7eLZe)|V{hH~{_5AwiFrdhO^3C?{dJ2bk-dlL(xdq!jwKbs1bJ#jo|cU9BFSFK zG0B5#aawMP=F0Amc1q!7^8maN@`CV|?Xou6Rgj)5Vt63(0@`*N@>Xg&C;Jks(q^uS z&jAJiY@F={z?ngPt{n4|B6(MePCaGqO*u?fI)_t6>5F+0cR&*l&p~Ye-Tw0Q6dIQr@r0`fBA#E*UGWzokFrw!KorHCN0kDYL#Skg~6q zP-hH|mEtn2*mvG04Y^h7&E%N?=tE24nFeOW^c5a9fnP7`AbviQ3EXCuDe1HGFv|9b zt_UcqKj&6&ib#qeH+VYOs`__?vG|=VXF=416i+qCwHeJyT9>;8u4pPn1F5bG@VSU= zRA}y0`o8%NfAIZu9P?iKf}AisWI&@SxqUSfUf}GNTw<}}H_|RUtnkq$T;G=c{z#nt z5<8%nRuXL#tlr?|IBx6bR^F&7=$=rHz9V%mYrwK{XQ|qNA_JJdp+%DQ{WSEnV`*oA zj;N9e>sb3^k93+^T*`)=lu+x^@8m7^TKv;)P3v)#E%N*9pvG=z z9r+gO7aDWM4ZvP5R~&KmEjH+n5k3yX-Q@A39jw!tbNU3B&S1R^Hc-vi{i`j1gxW-&Hr8`zDNudfMv%v%et**#~vpO-jw`jKbK9}rO zuiaGJ6hP2}9Q$j*d{w)>{OxktkcYpShAW3Ido^o!`qntkBoa5|33O#lSAwo`1Nr5EBBfL3ZEY$FzNsC zVLK)zPKnmH*_D7J4#&=DbAPRi^20~@-QQ}}Ceu-yNS}TA-X?hU!uEG?XnFj+93a#4%ZVnW=pn(=nuNF?!Np?6X@if0j*n3jnX-Emr3W)Y0xP-lJo50 z9P2)w`+Rtx5ATQPi@$MZ_|J~D_gZ_c>$-MWA(_Oo%lDw0c}(liNn=S z=Yc*NaAD<>u_KZy#&2j2YJ2z1?qeKGEOnRYE=RN?-PG9oc7m zx6v*9*wE?j^W-a2G9bd*jMa$T<_|g3xk9)lFeF)iwNqydyG0?hJ4h;Fr@rZVH`OLK zpUko&iF?;|tGfCb1|wY}fG-d%`PwIej#QGv^!bn^OVT0Cyj7m*yjx27`#>WO`i9%jL@Wmey9&?V>cc`8P?9 zU|CE$Q>mPz7qY$7mqVAZ*P2NuqY#XQy(|^Hp;7y*)%><~ znwPR)QR3jCNPg1UCR+IAa|1WmQjw3(ABRC7BZwzGprcq#&Y6%R|K4K+OL7V}@oPV)@Iu?US1I^>w4{VgIH)94h{)NxLN=wxvG`^Q zJrJ{DPF5e7w``V8ndj@HoIhkcH&G(Z$DJRg+zjpr`p`vw*yT)!`xQpZ<_{EBL+uph z3l~#9j3)H<#@kV>-(d1ym6rEISce^vh6yn_g8b!0dqgg(gEp1(J>WmOgRv5H^d^HQSo2uzJzTNmtQ_!mzQqvejzFBm$i+FMFE%IPQBvNi}a@M-}m#o!OZgi}C?nS7OL)^Jx(94}}m&bl;Yrv8li0ZHh zo-9b+($SMHI<+39>h7Bh18yzlc1yY$UVYixZY|oy=_C7R3{c(7w)gerGb$613zeRxDVKkc7p3SJEDR=B z?rseGyq`@2rMext)BBr7&KwO8iPDsR=9X}FH(2W6es;OHAFYQTGo@`o zJLe+-0{8D3)q2>y<{LQ9TpCdY5e1vIlT>87UDh*4kDV+Bz ztil#}sC7mkl?YJ8&6bEpA{Fp1+lsNuzmDGj!fOS$vB4_TyU97tbVLG>V5KQVOUg)s z!-vxj_Kn0tY=Fc<7w?nkwLKL*G$gD0=uf~-+>T%yWM(O#(&+i?gd7<>8jAMm#CI8!px$vxSIHAi1W=$4pZcjptd z5(8AUJwr~^AXDjhwvlLBruUqUD|vf(g9x2dcr!MpMket->XA9917JBW+z6ziAP%GI zf)P@OcRl9-m3`60 zuNO>PBG{ydW;$ZNU~^aM#kXm(aIq)1BO6}^9gOtpmFN;k(H|`duhVX4$jUMTO$>t6 z03c=>DEK3-V4DK%AOb}Z+1jL&^f+aR-lB1`fpMr=0U5ibd;0ZVe#Kqr#Lw2A*Pt_ax=+b4& zmdp5WZ>tA==(FPe13^H9{VPDs?r_=nq&`(Y=Dj^dm*KSoD^sur_!R{~tKQ5|^}6g9 z4MW3ajm;0w84}j|@(o7VCWcFG64q=73tqDs<>{8jul42W4X_z$n(0VrR7mqiwv*#L5)cDJ627m`FgAR)jeHD1KL0w98B1TIIc;9Km@I!8w>?6 z8tmH3MxX1+biDv9KDhL3a?k;vvdRw(X!=@gX=ZLYeHA%7IH>r zJn80`e&DHLlw`U3g;#gBBy^lhdaG9eZ<8wn$M=I3GyuqcWLVeM|T$^`UY5831wDV0kD{NS=+&;hdl*GO?{F4n%9_*^0sxADi(7St3g8!S zK1ntpg{oLW0z)`TB$Rx9s*z>u!tBG8V|d@&e>m+&qV3|8iSwqi^2zl=PfXV)qo*>G zyw{f5CfIpuzJ&p6Tz{F8dTY(<%c1IDsD!wI~dqy-HAOw83DzkgJ^FQ8aekjNp&nI0@KWr zct6`GBf-_NrTlG>nDA7bSflOyW|hl=Xe5rLpW&4=kn7qqP~l*b;gyzVhv|srci>n7 zpct2Ix9TNbKor2%V&d0qi`xa2wq5N8I@pZ-h&SI(i%o`{RV|lt8@wDNu%PZk^U-rf zIg+RD#nMdDl(4V)OqrNiDas>s;i4VwF`q_xY@8U2)=BLC2gO+7DZNU^H1#^`&;4~b zp3?&-YP|`#O9oZWE-gavokoC2xd}fgG<^yv3$0X3l>>%KQ~T>lC_rqO7`L5Ec3-b^ zV@J6cPb+QD_d8W9K~hZs&&a*dr$xA(k9~?>3#j?xA4bmPgtYX{XO6g`E`KznUFe;JnPT)}QOno2)RB`pk6P(CrO~NuGFz z{=<{un1N3&8Y@2vep#)ZZ;#|Lp~{tF59FC_FR#b=Xi=Jd|FU7Ybl$Ou@c-@~@Y z3CJl)t~zd;nPh33Qw(MI391daFE35Tsv4Flo#gs9c0`;zL_tYhbFz;vjFK?D=ThZ( zp}>z#>(?Q!jR#ki{*tqkXUSEteGuQVX*$Zy<7g6G1c5uG?Q!K^&K zN5{71&3ggD;-T($DJ)DtE>-ELrqCY;6olV3q>z5j{K$go6{qonbiBNP;|N#uTM|e{ z+qT5=0kg>oH?yD84Zo5SVMsE7#ZPbWxa9^;B}qgFw~H=zNtmB*OOi;SlWzE|E9%M} zTB4c=($XygcsZhYmc#XC(62%D&%>WPxbirJ3v-+o`{Q5}oiA`2DMKb6>@1*&dTgqI zu|I+qd>eR=v@09--n}~OD7|ro#}@%kQ*zH^1*iw_9GR>wuU{{>8Cdr^ozN|Smm;7| zfOKoxmKfQN0gU-m_S`1)r&onDuV!|rfBf`kW;5o*Z|<{)RwQ$ zdM>KI&wII}LDnm)DXnRslsD{>T9SJ4llk6;5A`GhZlw5N*ZE$>=U^E!+MJVrV2eSG z2!lj-EHm;WqNBy8IJjLsU)1crCJ~F&uB{qz+H#q%7%Sf1cPmf31K4RmCr@K?tKh-Y zFSVtDwt~TrpY`Jn%uRyra=JJ8^WE~HhA3`>c@4wxON#MpLorp(b0@wzOtU1(q6{0G zDa96N>&q7Mt3@JlhX$^puoLC`3m&5@#hsE$OF5dYwsUFoec52cb4VFEV^PZ38En=X zCDNx??P{ChwZF6J1_V48Jw~gmD$eo%_u=-1`y6+-JJxYr81CBA05 z0@U6YL7sZyV}IUr3+eHB-fyTcsX8O|t#6gF>QT84p6tv9Vi!tAV>fkWSCDT_znyM; zIBb84{jia)3ip_g4 z5$e1u9Ga%`P?RsCbfGsA@MT-l731Rfvj^@$S>oZ(v5^Z|u|kAK6tcf=0zWr~kh4fY zk!m{Uf95=Z)FZ{$n%)A%gtxaq1Ql`)scqyg8!N(X?1W{@09OoaFGmMsu|6Z@`xc7`f z{g#pUc3Ob0bSchXtU+)X%)zRlHwH|2Rgnt?JUdq{u`42WMf_&19N<~Zy>^vM!VcB> z#PM5&^&Jc?NB2E&AFil5OP0BtTT!89s1%*0j@cm*i6xBk2Wemtu|COP?nLRDR2P`+NZc_c9N z$_Hkg%Bp~Do;LuqK1pYhtHl1lKcndw(w7o4&)o~vOZjYGPe3G1|)Qlmpf$4vvG0Bc~q%T@b_n`qT?QyM9~beM*&j)-K7iTzpFm}&xwISx$%7w zS1R~rwX1`a&^nEsI=Z^-W`>tlusl2*>wXUb&42j3aOP{t{hp;9I$C#RJ-yl_5q87p z4}`BDCXEYC=4hbjX*2SPS2uFB;zvRme@rQE!~VxuBX0p(x`s@z-w$j1?O{Kccg%4h zetg=(`iDN_Kc9trKGXzo?fGsf%KZGxKfW@(fm0@r&m#I$qkg`J48)0%pAw+`!-nze zb3;yp(Ts6OKlz6){(Krpzg_|=*CxFh|FK8H%)xA%e~8ijb0>d{WYY_vuo9@M{zHK6 z{|z2+YX9E`&tXVn>N^(TA4d8Atni2J{anibzqi8PrrU~tTyi1d5UEb=IhGN{l<&D8 zBu?_24~-7?Z;5|d?y0)Q0IR7-V^wcnH-K%|c6YDD)XKWM$3%Ee zL`1t|JyDVF*ywqT*_4{DuI_d*#wV-JaK663))S-QhFtr(sCzgYoRh7H(;wir4dmX5 z!4(9-dd{^C;$QcSpI={7LxdvSEA{4RaLxiIN<>PSu3mn*Meu^WNEEq=54ts*?qht; z4jgu5O&PJCJ&&;}2}PJsCY7nxqfX&hZ2K^7Tin0{LYuXr-sXhHa&k|xwfptn%0C@x zlLY>af4fBCx7Bc+7E0QL@B7<(zn)AFKY%6Tw$EZldAFaP_~R>MMOe^}K11I^a*1Bt zxu4DP0KcQsSBel%)(>w+lU{}G#E%g+Yk6FRCTZ#5uAhV1AQ;1I&dV*8}7^M?~ljszK)192?L7BhHC$Z;g2 zZh5n;#9XfF`vBTG&cveMo`#G+VLYj&w3MHFZ!x>Lv!lhe`)`$+wezGejtNbP(ERrO zUz_k(Z)DS8n;Iu?==@@`|Ck!w{HSa~M5Guk`>1;$fACw#TjaO)93PGDuBvTsl~br? zn7`*+UXX7wE6=lOW+o8~$M+O!F?GuPAvoA151gP*rJm)XdHxT}fC(d?85(g;>=&vg zij+o{*chIPkTH^4n0mCfw8AhMb)g(W^}Q#omiXxeT(e`!Gym);a`eQ5b)THH&a)Kd zqL%_7Ikc61Y`Qn2W{2#kuTLLBk0aZ#M3g%u^8DS zCpoE>IKGE|YCOQNZ>C2)0ll7#N08y2AZ@EOxas%H@3G1v%R5F@PwH1c6Lo21V1w=)A=OvHY3w(@y{(12Lse6PJsuf?bx+-G{TcOI z1xM_nBhUjza5kI%+^tqia0h@}iiI|I_x-bzEuB*BnELXCr$Rnz&rM7Si(tmnfx&48 zyOcd8R>i5h)GL+L_6Mo-jUPxgkg!}Q1*ruslrFR9VyT&Q<&s&F4vLhxw`Wiyqs8rt6IpAR&YIby34i+zB>QpWi^h=!>TI}W z!3c51>!RGda{jW|*0DU06^j*kw$JeL(i~<-w@A*u;3SA`_bG+Duscpeyi(sX+XjN4TKL^Ou zQQ^;-z1SMV9Az0LV-r&6m7Dh2Y7Teol$dg(?r)A;Pn2F8&OybRc;x$ZudgI|B~?}~ z3~nUv#QN;qg6G?AV`l8cZZl$p37+2^xnG{Q>Ef+>wVg$ydfDU|9S@~vEu@r|6`m8+ zXiI(XXl3P%Vb^3Ede^TSe+_Li713?7+fTkZ<4VQv0uU5<^Ah+Cw=3BLFK7|AMDkcb zoXgILI?KvOiJu_cGn>LXo*6(S=6kVf*VWi>CS#p!Tk|t)!Z}8Q@@od>u zD0HnnR3y^h6IU-f!EFIYm%#0UBeHG|OcgP=4r3rFIV6`b5W;JK+gb}bKPK&jYa|zXm7dbOLuQFks%Py3%Ee=8Ufbk#eO^0N z{aH(1R%-)WOXqp{Lf|91d4xG<3x^1`d48~8$|81ba z!9--0iAxcxBIWm5J~b&pcHyQ;-3AiINqT)}=t+q;XIto%cV!K;N3vV}bGDkVVD>ou z#z!x*DC#iJwBNq4i{?$+J;IPWrf%aTflu+oD!CDk9yrfMFI$}Ewqi3G9m#RQ_Kmg? zfy#sr79N!RlEQ0<)?Igqxc;ikWWEW3&N4KXSd1XA&1pbnJ-4{+fp4VB(r{(Ph48~H`PX%&^gYkqgpL!{8@eI56-pL z@AL@un`CQT!LOC@bXADV*7WO;M$^xeU!uUXW&_38l>GdAj`d)@U2QbMBfZX=EbX%2 zW{HrHQaH4PnVH*GN07c$O{h+-)THOK3v};Bt@u_66ZOlkovp8l;=#-0TlAD?j#(RW z9dfy>p15nC5wFU#Tc39#?V+xFbhL=|{q6)ceigl{Y$deau*M7BMydO=K86LZrCiub zOXJHLWC9svh2|lw3ggS(4E*BPd!n z^ou?iWFSPF-nQhSg&gwg8v>4mH>fu)(6OmGNv$}-j?mRY)hrc zV&#uP1gCpyZUnT=>sB`qzk1C)7T$Ss%mM{{rsz30E~dOYAOYFOEI%_nBbb-r$^E*+ z4R!sfwvt?)m{e6?(Z5wj+Qiqk1Q_D57@g@1hJY&0f9y&3nt(bcMO1LCL2|s%? zf9$&RHs0vVih$rwPAXbi>e|l6oJk_nK#7&~i|$KcNn|33v350AJPE#n?6iWT<0zJz zE~V$_5#%d2D%P|N;u+^o$^9_(-~~nW|L7`Ef}{~a!Ud^w>`c{i@fy6Lg2sI zi~m%yN_|UL)&Q9O9q2Qy(pA<@niJ7ovx$t$zlU~R(l4>a zSc}5*zx2T}4E90gmA}jDYN-v{dRVd#ssR-kJvCBdXCgl4xi{qgFix-F*|ZdkV#>Ud ze>VQj9;AnNtNP(S0^C@@^V58nY&K@Q9|=F)ThP@$RQ?BITCewPBBDUPha1G|gD9hk zGbYSb4>r<9TplPFj~ey{mS~8iTW^jgcDRFEgzy!Q4Hr0kIg>;3>S;QNjA{cTUT;Ivc!{M-NN=*p#PJ-h zys**nfX|-KL@tEr;VWuqa>M|Ke-rO=`IGn`*A);R&ot!L@vbO+%K6O&#b2>PH@Dfc z;)o&Yo5UPfG@B1w>e-Ea{)&Tu?fV%5rb;I}3;nn@)tc5wtKCAU5Zw$9U!kKQ4`Of& zuAGh&vJXqtHeh2`hzJoH_flW3TIY6OuC#!!_;)7gPndiNj9QlPc(G1m=u^8mSecSp zZ}dV6a)sq16J9S(vd0CgQ%=zV_~%qo3Hcc_mp2DWh9&}fYhr%nrKz~^DF{2}wQdSN zzjsN2L?DV%u~jbS#QUl61qQj|Z04y~It#A^Xm)<22k&Y@U-}_{zvYmKhZ;Vo7ifb6 z@hP*Z&Y|6fn*A+t5$D+u@r|!ER^6}C^zVOq#Ow9#34$(LztXWo(!?)SF|O>2=eg6T zzz9QC@VdY?2Alyaq|<@Foob$p4wc1v@h6|7`7uhNhogj(g)Gyv4_)uHnIgnf4x#1H z`o{e&d%{~FSm3hdv-HKHDNYOY7oZy0e1xY4>f_c?`)LPxNk|f;Bkx{=YT$JRg}{vO z>2uupgNWf@M>#4u@*xFed8}HSyDGDGal!|d2;UOXDVkhAgI^D-f2Wr~S#Y;k$aXa1 z3;FDPJ^0DnKJfY%;3>K3{g6l42XIgopvAgxymf3ETHUVWN z?sI+Fn&CH@64)&g9jcC=>N4`!s?oKp+m3qmHPJYT^xY#EsP#w?;Vqe-2U>-sM}NsM zd_RqTKde9@WThwWw-39Bq>IdVh{@QOje75XJk!Wi_w8t8cPJnX8c%Cb#X5neCR@p?E#{%L(**M_xhif32Je zc*7ra;jg3yDa{?^c}7An+vNqBZ#{f2|4arX&yqzr*fOebn0E#qkw;)OrJH*WYlARD z!T@I~z~YbparFKr)j;I~k)vRc-;Uw?V*fGl)b|m6qLTdJ;bvCQuO0iof_{DP3O6`a zf8e2d`wLk2_d)!tOHehCcnA$pJw!bJ=?j0ohdf1RtlV&_9(MHD_m=!UB;dcS_mG=5 z+H_k~vp=5#y$YUt+*kDvH4Ij3$R>jzx3#)?-S?KmMvsJ0@-Oq8qyG8SKfZ!y;7P;A zkAMHWUwiz^dlz5e&B3S_eR&zdbR=gU;oRRVex=l~_j5u60G3>o1r8zr!LE)IP(8HJ6AB0C`KP)4ZWt$S zfjRIsP)Yx=#17UUYtwUt|zmEvgl=QC=V$FttG-P;gZtg2l z`1CK>a@Z(ou2Hq9-G>&~ccVk@P%tzSLZlmBR2)4DIqVkl6-R-~f|fgwg`EQEwlF`E zWAbV8k*T&LWj&Qn7IO0P>{XZB&iojH1{Nv~qf`gE@6&^Pa01F`DQ>{^;n4R``9V0+ z9u>b*(Wb4k$JCYb5;xL&UfTg$qh>&6yr;-a!F{cn#jGPIsyz$LQ9Nli^nA7n-vFo#toGNhgVdyo5jtYD#Z#>~c{K1c8lEj)w?Lea6nhQTg4 z8mYG{XGJo#PZvFJcT}&=UsDgyFS@@IqF<)^HNy&_OyCVv?~;HdL;JuTdHDb!?%US` z0FyDiW&va;Zm3Z%53>6#kI#rPXPN3`sV~UxhL%LeRSjdy;B#szc3fF{>Z|dp6Gc%Y5VdwR#TNqGUdG%HgVh;((N=P>ukxL1PoETdM_=7q{AO&#BYO zAMeaYcWCQ7$OPdfS5NC$Brt<4W(e?`@^2qgNVJ;`^tTtWXr^lUJ+8wWHPXXI@Xy@i z!52|Zm~=|ZE}fsURQ2K3N34p99x;MnDQ|IN*ALF#)0yyz4 zASRf^2_>7i$I=c9&;IZihl}M2E%Ko(i3i5Ot%Z%HoZslgPP8$qv4x0KkTT&}P;J2n z``us{mJhfP_gzuLO|*UJiTCnNV?5rrk1IXj-t6H|d+2<2JKj{@mA?BV{6nix24$%3 zl!DyT2y(|E3QVh!Rg8Z|BwJD^{C0=Vw@@pO52LV`c=hvek8$>E2kwv6 zGs?uVR+lYZoZ&ND~yeG2Db(F)VQyQL>GWtEQ;>FC-00F;gT>2Q%IX6 z{l=)C=g~%tC!rh|KnkUbhJYQ^556onIPfNqhBNc2a+0KhR-Uezuek@)qIs~*K1_zd zzAD!9L*Qv50gd6`FG-?mN`t-0CA{alx5~Sa730`hv09l*>J>};X}a#<@eD2LcHeeW z=mj9w%@o!TiXPhGC5QV80HI#`I6YdVz~#O^!xWDgx2&9=!?u(ZeldfUi>$p#aBB&A zoG=+$sIB0z-PgP4GOpoXx~39?8Ja1&-+%qIq*>rvhR$jBCYI*hK;=<$R z&(Zl&c}BJ82}qttZ$&Rgqv{{XXP;SK@~5+CjYPp&v#@Tlvcve5_e}^Y3p(7-kKJt9 zJvMQXHYm#w!Pf~#?`|!Hr>3SBP+Tw4)_OW=D)PeP^1GJ$Yio@wK20wJ7hyIX8ZSvq zzf^JEbz5am)M$zBL8pJ?jEUeTIc6psLoSeNJ=OCnXKPEWvsfWa!~VXh=EPYG&Clce z9Yya_cA7=Z3~DQcB!=WjbXS`ODVM@F7q(>IXA7j=9SVEp;>u{(x)pvmw)={GWDjji z)4`Z$!p9=nW?tF^&4+CHm8QWQ)pe7niamqw@DS316Q?$WesbOD`0YV_Si+Nh;&>tZ z#29n~lHgj0V(>yR;YgXSr-p=qYG(OOCOE&gWT9iv%WM8^SQhtfY#IRxrR-c!nu*zL zAi<9v5w}N^vWHM{;Jdgkjg$)cyyMm_VLiuxO2dDX=8wWJ?Ba0 zCf?gz#qyB@RpaqkHz<%=#OR=aeA!R7rot{=#>kW%QBB{M)Nhco@Uus6y0Rt>KvUg>gR%A z8{c*ew-9Ms%zb!&%MKuG}$xNE~!4Hc6VJ!DmL2|a4XKCo~FOd zF{-bdal856y7c0EvR+%ma;<~Gs<$gOi+ITq>^z$Z&M!9^dZSVU35slQZnd=diEYWV zu~bCEb05>R%0?Ra2hXkEnsHx^$eykMIcr1jp-l$)_q=Id`&MJu{Db?lbybTfm)19_ zy?B|^%*S@r(oMt2Cj0DFCg|`=*p!NQ<)W72%By0VBldTDQXf0r+LfO`;lHz0oBDc2 z;gT7+LiHqloA`^+dp&8fWi7*9$rg9n0VR){aFhdLat<$3-EycX4TRqv>xv5`>~V9U zmq@>30fg+MfcWYo4V(mGyCkY?Hv6hU)&bblVxpaCU+r#>Ryw7DB|I%qiv^C!Yvurm zmh_}4&~@*dY^DdJd-&(pyVJlrPY;TwodVbUJQ2T-H6_Em4bM{wn7iY4H1wE(Ny~dZ zU-j>f@h|V1NqX@Xl}f4e)M&`-a{q^D=u5@oEKICCzluY~+r{Cu;*CZ3NL1{u7iK~C z)7(%oe930S13hrhA!)&T>?~#&RrZDZ!0MVy;&S1f3AS=KL)j(Rw)@Q^Rd<3OGT<7) z!Fu0!bg<3=C7Y`ckJ6Qhu3_h=EJ5^2t8Hu-#}bu`0V;rX(k z87%ISNGz&16RGjFR!yE=OFs0dg}~MHd*MuV``6~<9kP3!6IAQH31)^UhbpXsSNh0Z z5@1Gl#0E_>@vg&GIQ-^83zF6(L3Ufdb z7W8srS02c)EM-z;S&gy#@3N_u6{UVFoq}KWpM+V*rbgsVDp=_j>N1C3BY7{t%Vty= zAY%CHo{pRn`!eD2R>rdma%=|K4^4%w)NGsEWHEWJoJN(rS!%ULN3G9?uz*B_-Ec|s zC^-jFrY8g-bjyZX`^VX}a#@pn4l3RAF+2K9QtNGe(}oK(WzMr*ulHuJpM`KDglNR>4Y`0(U4lSH4-4`UV6( zUW|mCyB0(ro6ZK`8nT!Iy4aL)9=ghPQ~e_#D+tceNYTd*CXKR~v)WBWbcQeVC_8>X zF}=DJq9P4bOc*LOX-q~+Q21JfsGvQ)YxfwOcH6g$gj6moX@8n?;L`Q!h^K2evAyQ^ ze9OzA&_bKZT5N^q!Gv4x5)s{w+Tv^_D4T3g>v=UY2wFS$KBDYL5zmg!%$s2GOe@@; zcZ>z;CGbyWat+sc8j2nx2j&$b3sH>a4^@`h*8n&-7Y(Qi0pifawsp!-@hsFCaLy$j zJ01=r_|O=5q6&KALwNk8t)yyuTT*o$pbOOH?P}Yd-?bRsm@qX<~ROCFTMm;J9sxECJvDq6>SrVJB z+}Ou|x@?wdYXEKzN&JAag4tKY3vk!*q)YNnWin-gyHj6dM|lSHN3?ap^%WU{S-&IC zXv$z$iSTLFF@(J($p<;38{nP^Z)1qnGJhNaiJ?8j&F~p9JrEk2V=A#Zmcfg5Es@Z> zr_wV97=bsnUOX6EQT7Y0n)y`Pfx2Vc-AIo(%HL`1)D2DI+RtCG?-;l{;udW2`JJ4h zT;^e1_8j)?Bv%kQVHE+wL%iH2llb*7C*CAh^*1R@zEUERT!c430`voVlJcxvHJt1n5 zP`uB;55Dtg1;}kp1&J+R-c^`up`@UhPD|C`o*|qsA~2U@PDoBDzS^1oro>7d$TLsn zK5kW_jnyxU<*Cg`pE{~l!e!x}U@v1}_~F#f=;D4ByH?&3gZ5TMvHGLwbW5npNTz0K z&En9OzkQmi-SFo#pjLnBqZ0nS62<(|qHkVW&SHrdIN0#ojS8>d#@WjKEXmrye8XCg zOZ%DWn;^$~FfyK_&9glnXMY|2)O(}*rg`bhlN4)n!H)d2ndAIanKFL( z)6Y7g9E%68YVU8O>d=T}ipTD?=2ei+^p0Lc3fHHtRWx4ONeQ7aO)q*=alwWb8j7Pg zP7odytT$fr+)O@;b1TY_WuWY;r_BH^5t<-;wWih&=e_B%G5e{SB4I14X0zeG`<*$- zO8XDjE!-N|d8d)prYk~DrcH2rVUC`n)`_Z($a$&usOiRpi_}I3N_Ot1`J?bYw&~j= z3}+*b8PW4B%qWKQVI6$;)~lX6u9bcGsYU9kWwD+@l6=&hc(_?- z(2~D4$8=twfnG4-zP#`*{>fH7r+9FpK1&E$!at>egjM&TK>Wxao=(_TpWrNzBxyHZ zQwh?b?^Ch88ZTqXHCj(w#Gj)R%@P!#&D>3wI@#Ulqst#zf_1>8J@|+uF$K}3Be+tC zc#P+AZ`#6WS`I(B%xLQAX>>w;d4E%cKU0LBeZ4`ffY|t3+6>$V{49 zduT6fXnX#!lM#d>-JOfR2HoeqToSwNwD0Fg|G=4!f^fbP#G#loq`eJkK4N8xnCu%U zr>`iw%>6x5?rB%?!#V;@34(Z!|7%7T>!u{n?wP0j;r7Kv7h6}hmiR8Du7Ay7=CaAz zkjzVrQ41FoYO%{0KjP*}yX({NUO^+YyVLt(R>wk?r(i3AkP&+aeeqjnosR0eFZN2@ ztF5G5I$ho2JD0N(@7kDR_LunH?l%Rrz84ZULY%z?&N9_gMoa5L@2w0`%E>(MTuS5e z$$R_G#Zq#Yr#-wD&NntAoi(1EXzx=K>yjh);lLojH`c~%B#1!CEiFwy=7iFGm!f~L zt&q*p1c*XkSkY z3)goVJ)g#|(YhJ%MxO!^PQ`i`f;^}#CM-NbT4J&{mytACI$+567VQboXRcR^c3mFT zDYKuj>+zhIm*k4olu?%wvgvOdEtw5~8C(%I`EYby-_IRnOrpTCz7SsM40ZX29ucx{gXK?hX>;3xrf!e!6NzU4=~=xT}3_xRzp593x&+c1;3o z9?(QW{;%aO3;p86cwekO6kh39F?ur72&%f~XfN}L5xivE+LGQYD5gryJpJJ_ZSHmw zSvswinmPA^tjOCJOI|LA)vg$Kl)OSNXt|V5NhvRtE9F_&MJq()ak}iQdCzYzUt!8Z ztvAQeYb*?l47m^O2-0TSwi@tA?OA~{R1oPbxe%A&AYIdkv&AkZ-S(hVxXqi3RuXH^ z-Q&>Ajv$-1>ZbLnA}>&g=B|_EkIYz}!px=w$3`U1#5)B=u!ioVPzSQ6AShGIQezeY zfm^%7n0A@Nmk&3etAbH?b;dS;s8%co0yTacQ0E7h{TUJ zZVD(8SwG7s-Ow$`PqdjaX*B5^NX`gqJv-p;K{1)tH##uUbcIJkDh&2&z+DBGy?(-s z1lOD0rdN6soR&<0AUoDX2nc}rgw7}lgQ+w5me9-B){oPvbsNV5K0r<@2o@~QF4Rf} zr*azAiQjWE=$qjNXw;Ln+tDB+^K2YKyFW4o2x>qTw^V{xp zv%RY)bPDgv1U-IC$uPb5@vh1^L+7<4Vs6V3Ir%kecJ~hy2bj)1U;{Si-Rv{!0!2JTM?5>051!E;sV9g{A4{FAN2Hsg`_8`9dN=8VD#1bS zpj5Ij?GK7EyfQ#P;mc`D?7_a{LS8vBMTfiH6OeETu?Nevy06Y$z0byCN0^U~ud(*v z8_WppS(}!T5f>+^q@chTJcil1jp^ZDd?np5R_!K+J^B1A#Z*PQ;uKJ7=jeLbo+!{N z7ra-&xx1Ew*v~br)#YBkAG)_2^pe-O0Z-XPq|)q2anJT?i}#KxH=eiCg?#s|PZALa z7^Qk|xS~H`zAH7sJ`NU|7>rQLbe1)3q_T+#JZHggIPcUP!wOPY6?ph{Z>nL8qRy-} z9doB~hd`)*gQC#b#Q}XM#dqvgJWPKNlp=-K({OjT*r`TZsn|S1Us^?lnzd-73-moe zC?Hi~Am4Fs)#ur)IQ!rF3b1jaQGA%Kq95`pJ?X7M3HsVQbvkQc z`OT5ZXd~|{E-ti5bz8H&S-cOvE=?Eq@7`Oz>!h#ER43_{@1EPp|0u(!(AJVkcf)YO zdvEppjQ^*ZxW;G$*DT9n6+P_*t7?y1M(8!b9*ixVvuTe#%Oa#N)fIp3?_4`_kNT?- ze&%Z_E_%{llc!pwkm)b9eYHdavom#5ChPov5F4Sf!l#(G3TYcZ$@yS{tiXU9TnZJj zy*{x%RKsVV81K3>2aWFFcv@YXMhAZd7g`*_qMRI*ed z%0$2U@V~q{OrNwjM_U=NVjU)y-qk0~5^lCM6Vd5Inc&}E#=Hg7!ln?#85$IAnn3~H z@lVx8jRRGIV^&=SFOM<`w)Jjrpq1fH%cGUgoaZ-`aV7ALW%zT;DkX!L+G+B%a&mH4 zHUZJ?9H?7wEb?3TCR`eu5rFT=7JmtjM%C^0EDEJAS$4Z_7S?T5@UbXzc&xy~+eJkC zLzTMLKt}rt{`K#n$D|^(_blS+8B(CJRgR&s_=DC5>2BIod_$=B(;e2lCZNFv4siY)0nlt#Y;Z z6dcuN1$}m`9+g-Q@!qU=y`^_B8piYG$kG>D~r6ob^DvYHwZqf{esrl1C0Rs zhlXr^b}dS)RtlivflGIfi?KDtvcz}k*X>WoosqaVT+u9U-!nM~S&T{ltA--$g}h=? zgm$+XRyNqA%N?XeR!Jo%@{P-NGOj#=8rK*}e+b6yXb9L*@~>ttM-6En|2VQ;L^Ob; zz6@r!I8A@s(Q({;CXQz#zbZS!>)UIRSG&ZN^v>ZZC2(idR9duQ*fa=qz>paU+K*qv zN#@*&7j6!hefrkur1eOQPE1d}fv56}j9Qi+#?EmjQ{bwY*O}B zRw4H3Kxs%w8paiSb_3LL_@s-SIwS_PE%qKh4U352!~`;404ZQ<1N^~qd#O%caCGDW z5Z9=KeH7pBF70(H6?DwJw;%W#2e@soD1u8*3*Z~L-GVy|D`DR^gwZ3jSkw(QP{fxT z>CV@?*Y@IyPRjPN0LyALP60)Q6#}FMJ6-B=$%wzPLHgydpZ*#jgDcOGygY*g8{_-H zL!iaWF{e+To-Q0;P{cHM|8x-*KwV&)@4oKOvfq<{hTAiZGVfD*s1tsPxBptJhjaP! zA6PGr$M-xo=$`}jw=Mql!IL0R#hVpIANj-b|M@gLh$^UPo)WMY{mJ0?egFRZXP}~h z7MJqn7SFF8{zC(=D}q8~Z{{57Z;koKBayR!1`!yd5h`4 zCR-IuHcjCi`F~8dC2q1G^TL1W*&j>?3VI7B`&~N6zmMHvcVFR(mGmte{|asT>)|jO zK%4!)I(V`{ca07K$^YIFs;kDB3ui4bLT^Yjewbx$v_!>{$OcelTn$p2+9SwBO_juVcS*~X3D--lU^?-5${79cBq zKxR9|+X{_F14y>vT2lnuc7J(?MN`P@#1ZtBKzb21@GBj+Rj2^q1h+}H)k^&y$gd5HCki|G z>N`4+Oe`#KBqWF$o=0^i*eI2wjJnF6gVUr$qwr=W)&_a$?yeUAWS$oP=886NJ&FC= zezQ?%yKc8FYdBc(!p`nWy#mTmdsppYS@l;44#jz7LE>gT>0~uR3@;NYRcqA^gJwyu zC&Ur|tEqg3;r12)+>2hNzSN{Fl@}7Ov{!xWl$7Mn%PM{k{NgtdW7U`to+$2cb!CY@ zLSo?CO}RTGwe|089qZM2_3R{^b0!|HbRDRiWh6ym#lI%!>Qpaht|z*0iBzVV++45P zf@8)~($G>^HY0Am=>;PK&z%}=lwsm-f*?G$#CAk${K2{+n@&;csMmUZTjlV9qL7)C z_f({I`#ON9$`5cSOm%YUP0m>)3e3=OXx;KKbV;+EpdtKh&>)4E$p+iJ0lhqq;{5VE z{oIj!^zwa#zL#qCnQ{>x@nh7Gn`F4c)w;yQdDFYH#^8kE*wW0^uE^xiv262gV{yn4 z6#5^FrKtoh?A~gm&#sus4SriIwC-8AJ!be4=0Dq8S6)+tB6nQeIZLrAskpJA5>i%@ zAcU*{T1OkGx~k~5By3%Y75avGhnHH1jY~c#+wt6(UTr)ZjaHH}SUx4Hfs1fWK8#=R zr(_H(pGaiE9cR3DmxOrj_6RG}m6>qi@~s!bSI&3mcx**bD+!|HDR4Jap7dZd5Oo8^oC7v4-4bv^4l0yU%=HB#vCODU zUk81i*24Ze{9qn%f1I<9Nr=mIh%RtCb?|j$%L%;L9kwy7N}+^Y;h*&697G+`-rY_`cV$S6Zut2wGQp|$q6azw_#Y0F50 z(JxA>Z0}R4!u&ZZCqUCexE2sXOqPqTK!0;0P-O_v$Z_!|9Pf8SulSKy?SbW0R~g%Bp@n(-;KNfNV#_IUynsyC znU`#9dFgmH)~mWKWnkYS=g_+go^m)_34Vi#2xl^%;E{lH?UC_&#n)Ew)Yv0Ia{rcV zx10qAN-V{tum)%SC7?<#KE(U}&+gtc_+G?6|KQ#u*oj$9i6e5VB#2waa%!MBnUnkQ zRDb&MSYhYfZPW8p*X2rhijV9a#as5Y)(s_%r$f}^H?mT_>pMioj3e(Tb)fJDGDrtT zMfvoz=Bx)tyiRNDz8E;?#Em$gt=CTPE8on$M;%Cmu-6>sw}PqXh}{N&XKpx_!s?3M za43sP?IVOoWs!>UVJfW1dRPTpCw(RL8gEo|U++8wd6ky~A-LrdcTqC!TPZqQ)-iTy zz`VpAH*I}H&ny6jgJ@Zs5d-8!~BYPAYKns&tR%zuv4&D%}^b@DnP z7UjCXryPRZ|4!?d+yB;Q9*fHS%R;jl!mZwauDn?+=wdskK16r|#_v{dM~6U;_3@7& zJ1*+XN}!(+MX}bhG??}HZ9oG< z*uHmrD9q&Si(>|i+IloUdL<Bjye-})|>uN z5hYOHvfWB7MlzeK@*bO+7i(qbg_L5x8iKV!ZkkvVEL*7AJV0gDjmBQM415Ueu?E!) z&o9G*p^3riM1NudBzo{eZgCB5AmOGri^k#scsYcEo6ij1+VnrpxrLxmx0h;F zKUVT8Yx@hnvx7)wZ$i-PX&)+_+;!3$&d#_ZLAa+s?)S3C+o~#xLtRH!V7}Ah4TUZQ zy7^3Sp{G2_4QvYr_@M5o>DdL&(IK4c-L(ohV~%>6GDf`&aa^+ z?kGAPS6Ef%{s4Ud zv~bJoB3uVi4K#BWXa#n>l*iHwH)zeqAn;t~kuL!s7zft*o@G|$jaz}9vgijvtxrdN z@bgS!@g176npIY*$^*`|!fiUl%!cdvD48iW0TwNtz6#_T`DSaeuM1X^i`dBY61wK-E; z&u?xFbQ=9Rq~HpB48inWb5W|&8yVo9-eK*(6bao$DY0VjX&$GB8}P9Lje;M=@v zH=WizYk+(xq<%&utY3Q&Hr&dtjFR}e(&``K5VYN=<^%- zkQxpYTwh+nFj@KhV)>A}UqHXsZIiW=xlG-D&5ynh3fH#;n3AUszMG@9hbLuDOa04n z*f{OVar9LDwjbXMyM)`rkk2_94$6W#jbZDj3Sj(85|=*9`((o`_J)$0ZyTfITmcPe zj9W8;lInhIzHe``YJ^{MEs~R)4Aj&d_Y)Ke5)$16aW3N~iN;v8G#c})LjtJp!S6!C zU+JPl#Y4Ck8nYVfErVLCKZa1{H(|Uwa`j8s{VE{W?NIZwr-gM8OAXi>XYY&W9{SU; ze9tTxb>WS`UO!NPy3;dh`FRy%6WFk->-J-_AJ&BG!&it@){lFK+cC z)p_DALzUd7gjnkg<99As-DuO7Z?3{0%~zk!5u4oDa=y0e`hM|LT8MbMDz@J}YrzdA zA)$G`>b^;7Q#n4lei&L|u*Mi}fDSfr4`;ANWhRU#5pZC7l1{SpM$2=e*fcqG^oNQ6 z-|0noI68>lc-YXz4a%gS7ak8{1|8J&;yb^na~moc=M`KoE;zlI*n9lQt8F1`=H7vg zj$%1_x3+1fCC{c674mhRumyRi_n|i`TJ*^K+-aVS>c)^n#9Rv&`r(Yj6)FAMEY}nd zqc@x#dHVySR$I|#>C2giJhqv_`bJ+)aLVybN$vFfzolC*gb`gpH^HtF)q1r%81hCOKcd6;;>R zAJE?aglW7NW(Rt+L$Txi)v;AJH17C1`b&8}77p6;LH_8u5fzI1m>CQth*gP9|EN?S zz0I@KZ~E?`AHk^a?qv75=v2jFvVT~r0rZ4y=N~O$-qj#VOE_8Ug1t|Q_Un$}=vBh< zn)4J3+E1!Tqr0y~uMq1C0Slo+A4F~PHv>5qZbgOgfR>ZEzD2=X;864_YNwVu32P+~!}Z~?>C#7-Kc<78B)viwz80pnqQyEnA>!viEl}Ew zMZfhb-^QTo>F>2#ltbo-p?ls0D0B!GqX=r#b6eU2d-Q*z#$R!ShT(Ko(ZiFu4VQ2o zN*;^5Ky>(xXCd;mK@7nQR1LF}yw)rmg{p}!sx992Q*dW@k37zn1HkLWp>B@-t5Zc# z;*+gud(#S(zlVpVB&)lL_-QQbb1cboS-tFc%zO~R)}Jz?tNke9G+<@m6aj1Y6`s8TVx1bV-D zNZsmlmtUh*4nLv%1Yd=yJ3WXiVXsqijE9^9KCrC_1cY!7RDRA=wQZ6Yb#(=8s{_-jF9_92gG7NNXVq#@*~dLhIYd#P!f^JWGkiPn3(^2=-C1#JT%N}$ zges&#fX;sg{{|Je+0!vFdde9p2LGiS(-zSLI`7V+Q+N6}Z*mW*Eyd-JI?rOW{9O=M z;sV#i)Rbm4+y^+cFwi^fb%v%!M7#j~)H#=ak%rX;kR9z$_>_d{R^Hx;7S{}Y4tjRt zm@btG*i|i`EPKNmEin9BNG57stwZfx6S+7)seO`%l$R;{Pc2Xrq&5(F^Kay=8#k}aZh!by zsQs@0l0MCy&Fb%q^;fX*XN3@pRRu_~Q*R>0IS2amKWG-|@apIfDqq37!I|b}N%k+* zvcD?M_)oy+VQ9XjkNbTGA6*0LPI5ag|HM}N^CN>R zNl4-`k!!S8{M)ZBJ~!-75fxNYR8%}1(I_?gDl*EZUt5vm1z|HaGx5kzh)LPXOBt8f z*49qR2NM>C)Elz0n3NC8${vc2DkvkC)#|@gAF@K=$Z-QdPf7#8PZb&M?m6I_ze>Cv z2uu>X7Ab%EIUt}2y8JAB|M&3_Tqe<UVT_+7w9q1R&8eMcy&a&iafe12W2W z(7>60M1?^EsK5R>=KV3`%k}i1)YZHdqnt13Q@P<^XZR>I;a{g1M~qrCQ!BY=eVQ(tM74F2;JGhPl}Sy zM$7Q}SW{Em+eq}IbiX*igC97J;u^<+pPD!@2p>NIy#!%r%%SNjOZJ6tvyqvgxLVh} z+m2$FXMAVJ|N3P6iHo_s{U48(WF4InZ3M-aPOowU^T6Knd|DUvjiZO|hz!emIaosV zQkW~MM9ld=r6mFRG^aUd3cX5?=k68Ilm7C#0tvw})b#8nkDeFX)QD8wGRS$nJ|B6k_M+mCn^qY>2MAk(DTqV*w*4){JO|b+|0bh~ z7JAWi1?f35;c}ukSeF^e;xTZ33M5BaY-&IS%76OH&KR4HyM1bXw0rV01H#YQ_M_D+=7 z2wSBS$BO@1fyRlW$Vf7d{`zqHiC!kxFI6(IK|9>9%pztkMAQ7-EvyCz*T>;2kGc6g z?%@#A9;hku*-U)TgZ$b81zM#UIbJx#)H@oS+-%+I4WMi5nXg&vVyS%i@#9Be;T>`a zjgqJFWhrZ*;s<`==hp`Pu%S=g9#-}M*_N{ANn`NN8n$al80&t-0KCNhDTeL^?U4&b zE@*<10={4fNyysom1_%liK2y^wg+596iV`*FZ=*mY!4mDdom6l7^@4aOhtWT!YI(; zC~V^_F44C9MW(Fa(8)@i&57-3ex~nc2c76ix-wM_Y21Ss^&-bje%?7T!e=<1c2n=# zosCZBBRvjGdj5Du;m|AYByH#J3R}91Pce-Q(k6G?6JZN@=-)0Xjb7olWrFsNN4-_Z zFSG_4IC4)Pm+7CF53g8MCfYa3Y;?i20``eT+J+`>DGXk_#k`P$^vg~tkT79G=Qaf(mdoSmMiLqnoh*s{SDzYSF`ivH zXVg}ATw@ik%llINEm7z&A~&>E!Mv8$VN9L7LE{qqMF4<`azd~$Cu8=CJJt`K_H zAzDMy)42eUMvlba2#5%DQi^)H1UwD0{Iwddu4w`KSh0VC09*CL|90M`cXmJ#IfKot z73-U^?M%pTGNeBsIcAbc<;{P~)f9dNW7S7ODUH(V*s{}f3 z(m=hZe_sZm-(XFNeRzCFr3BK@p%m=232*?iHIHjA>*ISIO(`!u`LiyEK>c4AG?J%( z5%3a*YLwi%^-$|#a@VNlIK$0JCd}?3{570eRJ38BiJbF71N&&31@r@$m5nDFpw*V} zK&)*XTl1kdJhQn!ab5p*oolygRxW!tFWk>`-?1=vJ`*j8(E+SZ0Ik2l!F?zI%2UIZRTQAA4u^};Hm%IPm}6p zSzzWAo@%DXa=t+KSdl|eP&@y5(H-4tyI#kQh#}t=1$dxKBAItL;6R!QIFPdV~`py&b$Al26}Ld;=zs=AbV7bh(crF)ngy~ z$rJ!(*b)X3>4!d33ynOfoUnt88SxW{;Ngh+(qMabCy*PX&%;pk!)!1TaQES!HmDAbx5*4+7fq^3Sv_lX)GNGwHs;j)debRa z{NOuA*;@6y38>9<7AU2us9RUrc$Ou3sJTfvE??(v!^Vl_IDgc5{Bu87k5^GN|6KIA z>Dhegc@S|gJ7o@afy6dwI0H9om8Pnm> z#HNCxB1c$IkOFzMfsQY4J%ATMl; zm}vLf_UrEH;kgv*h^L^)=pRl-h8$ciSA19FezB#jtjvwDJQYyf9yT(`zWN`&Flf;J z6$>%J+idmqnR5#;%tZv%*T(zj6vBU{49xyZ-LY`5+P?sAYY{%roM*MJq{xwcMsu{h z)DHda!062|XZ*#5@1oGs8n=irPXk^CVZ5ZEPCe zRkA5Gnd3uz4L8Z3e*n#Y2OVTs(O;BtD18$~{>?4^ak(@LAn0*lXFPH8AAFkQJ%`q& zD^9yIn@%%4>+1Jo01&&o>Ee75xZn1lJ4RklbCPD%W~xDM+gH7NwBh+Iw8~Z-a;jBf zp&IIZSW|aQN9@{z(kog|aZX$CCu#Z6iAqxO@oTRhK zqxqv*2B?che}1cp+$NS?AnVyt(6_my2_cw@^}B2>bu9NLngaL^mRO_osze~Kew|Cq zWoA&kIX%wLPKevEjj0ar@#Naj;QdnWb;w#{K6Cui^?drXPc4#QtP=zd^dK|;MqLH( z^*JZBocNsXDQ2>>X_UGy;4)JMQ-NDSb;kRqVVf$EMB~NC85N(2?}^C<0v5W;a4--R zcV2{?U2lbZfRD#x>?nW$G;+os^VYcaQmz6ddXx3dEuk8?5z=xZSGCF4rhThs^-IOX z`rO9x!V*X#F-7JTUJ4|Uw}ZUIA85}q8@^Z@=KqI!%u93sGShB(AZOvjfBqAe)?EU- zV6AiC#Gm}&mwb9i)q(1TY8HRl%MYN1v{aNdGXaZJ>cf6jUmW@#(*)!zim8xy!k+x4&GY#*rjcZWV58?bDuBdeJ8#4nOXcD_s9(c0kHT3_<@SsQuWBXTLC zAyI#sQ;xH>fBBts{kQF21|fem?v+~`kJdS1apOF;7UO-f@m}Y}n~Xq7m#?G*&{6A; zX3G0JvhWsqjf)U~(U`E15O5F~MjqepWdlOS$8T}+ji)PDVIBHvZ9_;*^fh9MibdD?$Nqd#$;QM zyzB)U6FvA94w6!~QtMvYShsM`K@YYKJKgnDMzM!8xqJ8k${SI`_j08;)7COEB8GaC zR>>gW_SJf8^3X6$Igx{VK~_4|2M+*hmF$g>&p&KgT9R7^}jOT#`XUKf`z6XVsDkG;pv_=d2TR0Rs~Z%e?Fe#D{m){>99%YdLI zI#R5)FH7xlFEl&1z)~ehN%GUoRC+*`4g)_Jy{o~9qPN+&qM%#5)NR_` zQ&USkugvybu3*2PzuzEfKcE7Z8>sgab8c;CpM`ne1p=bHeqd}pOj#rG+b>m3`@*v_)J1v_}N%!3N&XgyR!Oy=(Nba+_J}PzG7# zj9}H)*i`B$)2@=g65hM$FSfR)bg1-~K)G!=7Znt61EvN?LgTYA#Uz1yi|?KiE>2$X z1m|S?qx<_8M;_%h3ql*QsarQ^%`x71m8?o&U^zHvdAJrkAHfKV7#n(iiEV;ZPB2@x z)$kt^KHS@e2+RZVnbjeMrD9daB|j9hvoK{i+Mh;9&j#JIHh=5%tI2dQPPr7k@EQ_l~mk6w&p-5Z1}HHet~)beb5k*X(07mk!^ zUF&Q26PLNvbO}Q&QIJ6EEm1Z`(eXZh(6F-|pM`uD<9Rt=sbKE7jUu<8_R_;}T3e;N zKWv@f%%`tN&JmssNHRItH)mZj^jWCxx{MF+TG2nycrek;yAH>MyUtC8hRO^NsDaz_ z_aFzz-)+tC-GAUu$mmI^TUi-y?lUU@J$X9CaJkfVMT`J|HeqS-(vOsSqIq~;$_!o7 zFT7cYGdXMgOL(2ZG>{iah_u|7smJHugCW1^9k8 z^uMov`r6YL=%4Hz43`7dgAJb4AM#F4M_o0MYpGvDx)K@IxUAkwsQ*BHdqDR zg-<7v%hdaww?C}FV$&eX)1iF|?ZzdEb;>@9=Nm~yerfAj&VypJ3l3rYCH7v(i=pVZ zmw`GxDW(=)9Ij@B;6DTwG7^6@|DH6)^H~h2D2bnkwEBng?VZkygBo4}pl^fxX-4dL zKI5L4c~2aNI$iv2)2^rp1D_vG8Pkm>Ezi?0%`}URIL9p;x;!iiEF2zi0|`xGs(>f` zGbtwJ4n^O(rDb2Q=S=DFrxQLm%188MST3gV*%ZAchHAb&Tx9K0bo&{Em(efaL4?o< zKi9&$MPu#tA414qQN$k5?j{-FgMcdGU?Q1fDn;%MPKe&YGSg6$nvzZr4bXe->#UX> zB0+a#GE_5Lev#T75NCBiG>?AyN#d_Nz+wq^fTCM%S@uRN{=)_Se)Of~;xmoNOVl|Q zFWdeh$462l;rQg9`q&Ax%ai>A3*@>bi}}YVkx?;TDnuLeobeI-JrsXisK1+`ga+0% zR$Kv~FO@;nd{JffOoMdw>ZPBezrd2uii!r2Uho~osn3ULX9&N#rD@w$Gb7jhY&irh zI&z^PI`Z8oh3;k_=wef|)ULRt*}oK&@Yup1NJ`A!)eQ6ldK1bd4_?d{KfS!n-CO=q zWjC{2R&Pum!y&8O=9%6V%)-ZT4n#eRT9K@_XMwq`V1bv+6Zt7ND1zp0+?7Gre+Wr0 zi#_3w{a@js69Ld$4+x$IqtgCJlI!uAVmY=k(G)sk#qA@N`fVbL7?fseO;eN32Pi$u zltowlyan$?#&aNvvphH7d0mE!dbr+ayDVjP=Uz40?j_+1J|G|cBzb=7ba4W|*;Nnm zS~VTs2DC8MyXP!UIaGW$;lAUC{OWo;7iVeet_Fd~JIXQ7K?Vz`wgoDdQCSgQ5EI0DSp~`e=lPd1hLcD()os_R1A$aBkYzAPHcfcib6t{Q=!q~t zehMi^cNmTleSz`v@tsHxjFd@wMLTPzqU3|LJRCPUS%zK>*j4A)_0z-dYRCY1AHW%yB{9amY(g1s6DDGP#>Rjv$mgbG)U9^eD5HT zSnPmz{X%W{9INg*m<~-~GBJ>TC1_jRt;l40&nbCkfzb8*tUc@e%lfqAtB2!_k9t3a zi?O;;`8TDALQVG0Q4##}aa2cz1xeqhmy+wcI$5ft_Gn>uiKi_Xo^_O@DKij?&(|gI z|9t=RaDLo-TSPAKghFK)O+EL!S;g`V>+==Zek#Ys2mAw~EiZLp$Pb*G)`31ZDA$aqC9`FX^Ai$dGUZ;0EL4Uwh_8PKsH6i?j{b z2wR5vZtl1>OcH;5-FuwY@&2W9Puz!>Sz)m& zPJ5kE7H#?Pwr*|j6q7ii;3HNI*6l2;S>4Z}wS@&*3uG=kpEqU^a|AbPUaoxLwH`ml zSKeB|+2odMBc!EYlM=Db$++1lML)8=gW+rK7cqs7u?A+NRxv6*;;D0+mh(wdj!Gj2 zBhbHDK92U@Y4&TqO+%k@A~R6vdb{lGRi(wgNf?%IW@=_qN0D5F(9wj3#E7T(a-8uc zV_?^&gjDji7uVs{Z&U<~F z;k%D?RL=WG(qw$xR>d!W@dlIsN3|*&ipkHGVIoVVIBA;wiYUk6ihQ5%2<}8an@D9o zQ-#&CrBBk5wW}|vj6P~g$KpRaX7c#PbnVt4KKL6JQ^L)2CZ==W7Ba2DV5S!C1*X>hHAjcub z0zpE#@A-Cb;I@+_>^@q&zok!7yqWQcr&zIQJ@lIl6}5BqYeie*R4MTz$8*UmV|<~| zS*c25q=?vh1A(!m-`xoB(b5{9CP&jW*O~bS@16B-+B)`u>8qpe2(AxC--!7}aA>H! z1GkUd5i`^GZD=9ZZPrgAHau$-_v9<>r|l78BsNqKah0ZtP2L}0u`Z^pH9S}KEUBg& zXYH9}Ka<*S9G$B9HJmkbol7cKtT***9%l^B1sjexG8Rcfy>*Q4~Bbw!8{ zWm&54)2vEr%e}BUx|N#^pOrnUI*JSA7Y|)NAni@K#JpGVAv3xecTD zueOfdbZ?Su3Vp^(EG3&R7OQyu!NTY4U|49r*hY9uK0**7$U**4JuPrvDdW3d6xU%sGhibxEkx}c=H#;C;ti3@sj3MEf z?T_~BB#XN==;CX2jHbNI=~F{4?IfL!>`ewUK@YGM+45ag+ZC=lAxS>a*%)56()2m_ znE~Cm)IY|CIiT7P3);EtN{nye6q_H@DhtV-6@6A`SZG{3WV|L`46%8j97op^d78D* zBs}J?&vUBVKZ%}_SV@jCG8i@S`Ncfq?070-%OVh_46&?yF>NjO?A5U2i^5t?V=4+r6c8gvCD6XSS(3*7EiauYgb|z3c$U2 z?;4>|;(2)Q`V}tPw4eUjVk_^XD6dJqXT~4+fKJT2OTwc=2f^JR<{OGy950q7usrx^ zVBjW=OWRT_qwxV<(!{*tAj6}HihZxyI_2O+O;sg=`D&TXV2N(UD9+gt21F#-b)3K` z)%6|!m6`6DK`03YkJBw;B-CY__FDXG2Ik5SNOt?+^VilhIJQ^1$+E$~X7W45(ur6f zWQW#q4@)m>8HgS&`Y){ah$^o?x-|$bn^i6p^EfAwl2PL)KM3+24Z;|#Tki?ua!{NW zKid%^`|vn?{}`EZF7fK%bl0D5Jk4e!S0MTNVQ&hwkW^nC(um}0IvqjsosD}QED(G< z@@hNXK|(iqQ?=?yswylh>YNVtS*BdSSCXB*nzV4XM$xoZTB2~DHlsU4KI)FR6N@lU`}eSIqtF@JqPR2v{?N$R!!*rfDs=u1n{ zbAFNB1u@~}#QH24^V9dn-A@xk#2en7nXleiJ^Yz{3qcez8z^0+qT1mrL9NU~NBdm% zdS3n6SS~iMa%s$2#fOpDSpCSpfwx|`YBR13hV&UynQ=D4Zu%qsDrVb1a#DG9t`n;? zw5d&u1*IfZ4HOiQi!_UiSd1P~c9L4sOyrTBdk?KBP7LCV?1-w#57T>V!@pmjsIsjC z;J!|AlxM(=`sT;fQSsv1so(ADVk^w$oh95^gNLLTA1d{CT0uw?*I zeY6WW69)+`IzgX*&gl+!SIvvIu$_+D6Dv>K-4}Zq5gYevy_fTJOnIkWz(IVdLHkh5 zly3i;uJIC~KdxUO$vKv4e}6XlIK7RFfv)W~S)}pq_IW*{|Kfn}00t?~{-|8t=ii2hrxS#*Dw5WiZewJ=!ME z)1AE#?Sa(nbf%hY^-m7v9Fmr$*-OQ{$eL>J3}Rct8PF~WZ4tt5_z~Q+xw5BA!nF7c z{%r4(_Z~vXH(k6-CsYQz**?X^(kPO@b1tnK-Id+vd|p>23KJtaH_mC;-bg6 z*rDJlqFB2<)TVUuPOM?MlMFt>c}&Iblb>wV&lzx?_?Y*c*1I`SKW2n}AiLKex0v-= zeq2=Q{&E8Y(9Mk;%#=+a7hAa1mmd1o!*!}n_j7jX@_|r`yPiEsIK5$}1WB9M`>3J8 zS#g^QO96&~FNi{oE1liN4dj%V0-XLh#zApcBCuMR@wWycc_in@6JinrcvE#g zI|~_Sw`ap<1|2CGwr+Ce7^^|IkYSqQagWak14PA3JHra5-t&lmFGkPJ?yNfhyj`g! zESb@Bo67+u>X0K{HJ&#%n(NF@ce8G0|1B&q!HUe5=c}_w#KBa~yiQZngb!AOuWf2G z{TNhyxmn4PP~2g&&59)#Rv3E=9kgtL+AON;Rm81=ibsFjEGk-}Jv>5#$|2Avo+qzxW=Wz|ZdZQAP^*54 zg$me^BJV5~_1Qfjy(eld$xeufTZqp&JI=OT+mR5MlN&rc=&!cClY#DWm(@rcfCl3)9bH%qX1EVNSKn$Wrr8ZzI5ox> z_F-IWW)Uu82xU+sX@7S7h8=f}QZc9HlPp$d!zSD5jy%rB(G}N$uy=k{7OO{+nJ%+F z{_mk1w=hB%yeiw#5+Us~k$K~FeX+Vv4->s{g}<01Wpun8zjDD&{6!sPP{)b>{kMph zTYc!hi4M-yaj8YclLyKLl+ziUN4)9n+};kH_ckh;7?%ML>d5=}^t3W!7Lizb_qR=ieUZ8ING+RfH;Iq)yB(y)Tu zEJh4*eplHRcbo z@+5KIAV00!&-CPMwf9FVgv5*uYHuwQo>VvGHlB#4jqh7s_g#_tX<_>VmfSaF%LYm1 zk;zSdPDD)G+}Uk_OwZX2vu&q&okJX7Nqm#QMf7DkK32r3OKSNvv^Nr;Qb;)hs1q!N zaZTP+bgi#yB6ZPc{wb99A%JlQ=0Ng(j0WP zkm6{OYYG%2boqVWeK#bXsD@TYPHjDiA7}`z_uN+YJVNeYNBerRFIWdvyjLf#>vp3I z4flD1Sbr#4lcReD-YYuys9@PI6QnG@$i~%183^f(V8gdJUaTA`W?r2k6@?%jPb$CO znvKA%+PPVxymd&PM?6w_zW;7V@WEr(*4zFLJ?tUarGaiFPk6m>=4XuzvOFK9x{2>f z+a2qt#`*Oag!4dg)+x!Gp$8`E= z&jaHNfxPGEcX-9o>n2&aYHq@)WkQglh|-%a3;aygpQ^B9A19=JMEU?%dhB-w^eg6J zVr-IYVoD^bmAbS)tS6TvVOL{{Rb=utSUFRDt7U}5Y8b*uRt6u@I;*`tveuD2+M2rq z^(FR`Qw!gZy%T(t8(>Oo_K1tqgWvmOm!#vuC+7@O_9|(r;*H6i3dF1bOnYuu zju3yE*IM(VplE0~w^ek6xbOV4`&beV5|~=PM-(CEDH)YdWK%OvdiF2>PWU^_9gGN* z(+D}B2N?(4oAex{LS?JIbuy?H;^S$uX6(q=={A%cO2PXmRCG&V)kkLj%jV}7MtC6& zOJ?!>_K*$>z~wfXDO$Kb{p5;n>n)XQtB89nsW+An;qeLt9yfS?$1CCZnDW^z^a9ww zj@~QRz@+$wI`<9$h*%0vh&CAv|5mpA2K(VBeZrbORDQzvgj-PeI6pNb>}noo&iH+1 z*!I-c2F5Yex7I}Wk3VtwXf7jC0lfR#^;!u$wydB&6SE|KMl#VAM0cUdu|3z@X;u2I z;u1mB=}_uuyyNo~!~Muy#yz#Piqr1!*-Ajur;>~&G+)qx5L#qygGuAP{7iu4Y&eq- z?$mdmzdmN5YA8+j_SZh2mR`fHX;n`N|+|mR*C)=R)bUv%^!43JAjrk>vg+SCii*Iocr2k zT9mwY)D|WMpqB)72leNJBy@~ax@ zsG8!El4Q7_pB_p{0k0sVN<(yh=hx!gH9-%-yl?V-BlK79Mjwy2*fl3AY>KqkU94tL zG+AH%fCK4++rn(4XK$cIdhV@I{p~}7B!A}uxlPbk7pWwqtt7h16OS58^prgZYRGc) zY+ee;{VBN|qRl1HvkiZH-7YdG)oW;k#^ISb#RQ6VpTgBask>x-y!(>wE1VRVjPf~m zU8x`Q^FHNK&ryJfK7@~IigZE`-)dxkzQUkRAhym`(F_L|3WaTmXfIq60|)o4%!k^0 zlir!=96)2DZj0}e)Hb5F>O|1f#+yiPn!`4P1R8;k;Ftc^7+d693hov?i3DY2z3ghb z+W32p8@TazEpqNj?#^yT`Y0g}_Nji-O-w|*sZ#&EbTmv8zjCBIU4Rn0Gfng@quthT z*7iI9yZPPQFabfd%V&J|C+1yrvR%9^i?%PDy zN5oEdq$qfezKrBQQ`o9SLMTL+o91lBg-Ffx>mW8_%C!qh@dB1kv?juC8{z9gdT?n1 zyNIhS$&6Esf*ls-^Ad^-?_^Qu-^JAc(zXWCcn{2Q()V2a5o7{dF`gTqhn}Yt=3o-k zr=@dHR2nt-V(3rpd;DY159MyPGI7wJ-PNI*Y1-DIx;LzB%`9qLD3~L*ytv#|vC3`I z^wNKCYNn>~k%_7{Ipro{b%i|lph`NUe zYU8goMiBZdA(o|T`{KFHmnhJs%U(#?<0`;U7T(?Td?hRn8^G}{llf+mw6PEIT@Z{v`9?`}y~-zTDWD z*PAZBzaZ_%U$FOIK2)u5N=Vdt!WpbKOq?k%u9jq^o0L+~Lg3ryol@Xad zoyvS_w}}^?_0atfo@HQi76tF=olDr=Q)uw($;nBjwja9bV5kZ$qbSGrJ;E?SS&oK^ zM8S*A>iNY|_$bSnt*f2&$#?N>syYuz4KO)PK?|AAKWA}jKe?v2IpIZ8Eu$Nn{inrV2PDO`hhyoa%g^3=cf7VyvBRqOX zT6RMcuh|AjF}y&Y)eOg+l0xB|GO}MPhCN$Kun15()fQBp_Q#l|q%G91}<&if!^cRj}YgSCdYYm^RdiNO~a1)vbP&~}a4wl%KmCxz&b)NtpAvHZyuDR--9 zg*bW?gDrw_Uo{=IBIbo#<|pq=ag1dQ`X12+0@YMLGoXb+{ZMoI?bNUuYpAb~+XfTC zGK|^4yHw+7Yu5Uh-`b77R`vbS`|Vrg@=8iog)T?D(vtZqbwEl_eC)@aXFiIa6rJ~Q zpSJVZ#O2_>lEl@l>LBa?Zb%n!Tbi#92)RqH(fL%6(l6X2VPH6$V(##0I1P{sN)+RI z`6m{D-20XC;1PDnjTfs+nl8Y+{WI8m2pe@j`YF_o-Rql%%HQ-@)`ci<$6 zT+{uLl`kH*q`vTwIw|p_>i@iX^96>l*Q5)Q{E5xMz5=|3tuk+F+*ywIT`W6hMkvxl zWM<;c@8g~eGmeOdi`w$_ueZOWxW9i-dx=YLMbx4NWvMjpjwyOn!gdO=%(z$A=(2r-v@{!ddCBEV8kXW0uX09!H+i!!qx*-n)8(kma3A!%E9%GXd-u zPlxrb5}rc+9vug}K`spS+-H51Y^!dGDZP)Hbq@*;8v$M08KDYev+pg~6nV6Y<+tid|dHqCb zOf2tt=JOdo{LCL?y;KC5R7aA3OS&b{aiU*totO*%sANgo!U;ymLD9|3;c=o@%FD}= zMAw{{*n}0Fl5QkvYxi}Z%%mI7SyTq%rvB|LjFj+x(fSh!Sk1{+p$1ku=S{v3_0>)1ED6^=-Oz*Z@gIMu0}m^k=*y zk$&xa%FEa95|jU)2K~|Q_;sxtn&@;s2kB21YJkjE@-@~lp$E^6TYL+;B~kZkr(!L^SPT_ zRR}G}N`(K+O4_Cze!iMsY;ce5NZcp?HpP>Es9CIck67%1j2Ia8kO#y>HfCznF92e` z+chvK&YkSi#O2J;N3BNW%@F?;`l8`6y#g3m<6 z=i&>BhbEs-`q2pfwAVk)|L+$1$7_kbYjPB%mp*B4(mYit0_u|m=e`$;t~A{%ddlk6HflR;2?|O%~G|b&kOLIs1eq`F>7{TSAZDdauY`*x4SzDpbba z(howlI+ET{f4EE)a3e`s{4gs|_(jTsfzX)|w-2??8HJwL z`Zio`bPKl}{^b1FbEWxSJLq!_+p2*0CP*b>Vf!Y8ba;{vHbN{@Ee}9jC zv9f#XA2#pb9p|st-ndyIxW}h6f=*+Ty*&>Slbu61<{GA@v8_&4T8T|Zf`6zLJZG<2 z--3chd}42&bqUq||IPq3K;(FL{=V)V-6|U{IM8n3ITCi;x=*rJOy`umC{S~dqnOHo zfqgY7nB5n%--!6nqwS=1T)T;!RnK?_|Y3bNH;|IQ?Yic^7` zo5p|F|8woU_x^|ahj89iM^EMc(x!1sb-HNap%cXFAl`3xC-u$xeU-qJ>`3_WZhLAt ze1dlz!UjaJSUFk$B_#j*+2YT{9DeOK{SgWYrYcgYc%T9 zEK!v@Jz6(kE7W&3oi@o&?37xPkdo~`-pymA!7@$O^EQ!O0U+aE_@rxdZO-sJbqN~wl`O& z5Hf+YYy0W{VeBiwqRRfi0YOS(XrzXaR6?b5XcVPH>5y)uyHUDC3F!t!LOO;Jq@|@x zy1Vl|xVx_Iy1)PXJUl#?3*0+%?wNDG@rj}&$_F63ZFo5FUTLx@$YH{L6wQy6^OOld zxVPyzUaT|w@5b>hJfV3#;ku)26_0JIR3m~S%LiC& z`~0DW`D$e{%Yz3LhPPc+qW@$6`+4$G79s~$qxl!dLgv1gbh-;4`*#M;wWGLvbDK&Z z@qO-~2zL&J9BPd1zU8oFk>wX0PhV%xf$@F)RJM%~?H6f0uHoEH7u7PUQ)9*=1Is)vLf9@3d(9!dN= z9equxRc4`-Qpa|hK&9RF=yTKW7nEP)bQIA`R0c>g`T-p=p+6Cz7%}8UFuHhTW=CBm z553Wb2JUAZwKQP2K1!2pofB|rEj1sFhi{d}y-vgh&N^H<3oZv*69*IFctyd9F^wRSx<5 zE5$pvnv^DM@4`%Q$(EI%!?)8b14J?M4q^FQk7WZb%2Ks$@Hspakja$aLmJxtv z6^9ibz@$6&!Ma~w@&)hd(L$0NUvp6bQ#09;>57*%MJ8)UJGeKNT6#KF+;Z zR7T$UR9rYvi;m4<6i}*=@6ZD~foqDaMj60u9p&9f`u#}Qo^rtVIRr~@*+2)YTLm5S z!jfV94bCL)m%B-qixn_j4rd`!XBfnypccwIlz(|0uDM=m^AQ#-YV6^TdK9-4=HHwp zYolP$xus5Yn0Auyk-&0Unv+T3^IHbUdx2QT6TPgk5bHG#CF!pAD!|e_R|@6c_UE_n z?&^``dXC(Hs<&x3*kXKf9KAsz=5a8=^%>24lgM7n^&3j_dIZkk2bbGl-znY8f%O3U z_%Fjs1s_hU4hWpg)LpkeZvz?aS)Pfp08iU!U~Q?%Qn^X3DfFK+D_jogQn@{X=4Csx zZlB)PD~B(bNmkbu{_3TAB75Wgh=Cn32Og>*=~`9{i?M0;WQBpm7RWfr3hbo=i|^p_ zeWiygj%38>_&7+hv9VSzBL&YyTU$ryL4*-FdX@B#y2pRcGz93Pv)8D@k&~E77U#Aq?z7|1x5`5&3=>8Vk=Bf zVwBKtWXlCVMgf^dZuS5e89f}p5J9L-b*>v8-Gm=Zyb)HyeoZc;xq%_m*1x(+23WSi zyGx@=61+%M%Y{Gw`+!+p;v49dbHodA3A- ziTkpDYcwJIV{suDpLa@;etYpZ6we15AP0f(EP^A@`uK7*pE6iTjfm@v;>%05%rJY~funtm*#2TzS!X_<3bMDya5dO3v<4I=AHgdFf;$ zoMbfR;`#U8@DE^Gq#U$j{pO}%v8QA}T-8?w+NVGeqFDwwqlRq{rG>>Po$Pc)pI^y~ z0+fW9ow6}@y3}FdRf4(}wFjCch0Wyjq?{Jd=byjO)^e_z0ge4C`gybdZsZ*f>04yHX65QGYucAq!n1SHny={| zy?x+w6%{$7aOp;Gx%`X|H-=HX|2hh*nk?ar!adw2w zDjm;qw)4CT2YteVhJ#F$fD7EHZAGMYUCV@FQvL(WI?NS-}X9U$msRIuJ)h|0w)W@_OMeEiIk&_4cL? z>RtanR$kPylt5Z({f@TK%lKS30P+1$ZeBq3Yy1P#L8J8kqOnUnvDQ^lQ88atql+!z z+Qg^npZDqSBq)xW(x)R|n-R)=adu3lSY#TGma$FYH9EZc6l$KJ{_Pf;UJ$Qq zAwsTUSt(RvLGSe9U_cqLq_`#ioCPghh=HC*5>i)wvy%N4O&n2ee)GF{v(srx^i>R) zz_9w^3N+4HQt{o`&u=yJ%xo&Fqu z<`I;P=<(Lu_jPI$WA4yAbKeIF*Bzz%cxB=ti%rq9~(Vo33|4&&A6S<+)hVE z%AofPOxMqJTsZ!G5sf6LStF%qz3utLcuKoVcm(TwmaG^h;#Hvb4>=6>c5rRB8fqps z`^Kc8RxGJOUN&lfvpIFRWK?2Vw{`k6)#SGeK%Bezis5RL25V(^9|w7vHHE{9<0O@K zO*JxXcf9t(6SAR8!g(!DN#oXKl`0#nmtLG{zgjld+9L)s1fYkpynFIp^TNo}*+G5; z7zv(go7habL@(1y*))jHoc2SK8kqS5GABZeM%~=_t8bGW@;QMrCc0N)ttO_a^smoP^TLE zx2`a9SFH+b@gZZEnpHf=wR)e7MI1Q*jd)&dO52+~L(o~^{-n-+l=WdD>I(0TwCm5I zUX~WmD4N%xPUW>kyBJ?K#-9dnDr?LyA-rMtO7JGUHZ`j+#G#0W>P1S(ECg)$`aId`_LE zhA-l2O8rD=uI|*(c{ChXVT^KA0?H}8)V<Y;Fp*CFA}ZTct%SeX#S55hwzYb)LD+AFjJh5=%T(3y+3P+ zJAM*6GUzv6%U5EVZtwo^tL%>MReBT5L05*6k%|TH*z=Z|qXk1hH>Fy$`8Kfym9C1% zHY2NJHO9Q!2V;xymW>OYt#jxX(=S6iS@vrjCS5-8%xdMuksdd-amL~`xF*eqwB(th z13$Zy;F_<%tM>T;Z;_LuMw$Cyg#hQ!X4O2rd~Sh6=bsIAZ>sRS)X9^YJU#mqOvJgx z5B^+@QIk9a9qfiJ(zbMw^IMd2)rNXF0wX@r zE$bxIM^z=bVeP|DzoPM+kaW9=^`JK8hzK4_2u1AQzizG7b0--JPprSDQz;-=l5s$j zZ?D=Mlyg_19%_?@(^HOhhwv<-IV0L0^CYwuRXg+~dOzr-nDFr3!sc+kM}OHM(z17s ziv_h+>4DY@)&iXL!w)yigSLha_%+h@`4`^?HX@m#3R!qEpKXa6t;hEdOeOhmEmb~F zdN!yTv>%`Bk^g$KXCQXaZp9&C)F$~N`spM)lK^fRrA-U(-|Nu#ed&cHC9PPUl*^ph zs7v;yToL_W8=4Rzf8AHV5zT?{8XOVqOSIrbBF7iq+_f!)$Kot%zPm+fOCnZ+1EstZ zMuJTygQW{!QJeIG$a{_*lFItLrt1ZKar6DEdR9&FF;<-dZkIAFPTcEmFBM!3!KcOG zJFcU^j(!sCKYy!>o*t1;m3W0@MgAbF@%Ynmv(=au`=@KER0E!H!}L6%;xOAJ>&MUY zdz2raR-V0ZgKtb#wiShC({wyj-<1C>izZ2uLb`I>D+qpIXjH4PI}=}Y@VKOzBq!l` zs#)=cic79=S^&r0$IV!zBZM_0tBMczD#Jz(NQ?W7#NxErJ2}IWPdY!jr*r6bp_~rx z`IbzDrUx}5?X5w%VxU5&M`@@-zSsf8(1C<6z0BMrHafnNVQxm_rmgVK>O8gDm9a#j zj-0`2v1!7Uy@um|j4z6GvTglaRBD*VdNh=)Xa z&`K$LbIzkB8p0;w7wtxzTL>gLlA6Z%ef;x#R!R?>h8Xio5uk3>DLgJ_g!0*GK@1>{)r~g~G(}7>v1Mp7 zu)m_+b*sbhpfq{Qkj7wcr_OuzLzto?!`5;733 zw7ETw)Y4W^&ssW>&f{-a@@~PSL=LVk@UQc%!&Vd{)FBr=^An3`ng} zAEoxF*!Q!f^7wRytP_xIIF=-waiO`bz`27%uno_urb}`9v!qO$Wb{`wWfzIY*n2q$ z36+(~DYPd;!*^9B3xm57GH>Vx?Fo{bCmemao)4zcm4itp0V2$@WSchUe@-J&N?K|} z%&XTw{56QyxZQp+Qga4G2drmymJEEVVtwgUs>o|wo4uBkT>LFhy*eL>pxhD?v6$3G zl_!2H^4P6+rj)$4H2Vta+n12ZttmBVY12xi%e9DOn8s+WV_K@Mg_+ux#FMFSc_)bZ zos6mRlt?B*0l}`l_?ep6=aD;YDN63ht1iBI#_CECeluY#o6w#8%DpO&A-DRg$D67i z>nqpoyv2%gxSvg`jh%l&jc=atc$$_4Br+KW*MGSyRVzFY z?AFz{H>+8u>G3$Vuuk==2f1mw9lot=x$KPO?PV=?Xf^TY%Ff-&y~wDI-i>M|`wI)en?q~!asPe^Ny&6+{mUF-*yD8+Cpj%;8X1Ws4Aa$B5LQefAf8r1 zKLug1AJ!rw!_Ww~2*=bY?P;0Jji_A%9c~Ahq1H1^Kv|IY(%6pCmN8c%U>|XZYCSwC z27k(d7G`H-x*VHt@$rrRTBvCa^mhNbf9MElX=w?64OCi2Tw0K(qDO+?`~DeWNm245 zp8C_pBEuZxg9XLuTS>qi3!qLmrp44@eRw*Fh@?yXpn6FLug5{Y5J%c%F7+41Pb-m_b=X0wvSk20;giT-&hDLW)aTBPGM`nX!UM|=7mTR)G{f2CMM$O`VVFd432 z@BC{H_Tzu?xsVtM(3QvN!e&6o`{&#K`M_&hL|gmfz229%U!OIs?QKl-&TJ=IQ5|-9 zOhjiT#!y{$D*z+gWhCZo?DkPzj>7@`KzgayHJFfSk(hLC7_OG+aqi@_R#I{I9EZ6>j#OTM;lMbmS@p+##w*|2gz9e&kDBmD|Z4CWk=fd5_nZYfw(b zWiok5;6Q6Ja$0SXkgHXzd5P?)u^j#=ez(^mqNvk?Zk%Ps0^qBwBseX`7=YqV8X9qo z?Ku-r3aU`|Xt>_%Q3s2?JLj%@E$Nmb11tBz_O1N+d>`cE%tHr+X*J6lM$q4hR%^;^ zZHb_nO`=a^up!^F?@e#DZl1m0Te{}do9A|d3=t})dl0Nir*+MO;Uf3(`4lg%?uN(d zmftnIJfQ6?eIK-g(+z_o2R^8^r-}#79u0T30>&?mtiVzFm|K?sK=}?6e<Bb!3we{#0iQb{V{Px%mE5@-tBN-BXqT?%&$jEi_ZSdzf8$H?iWJuP)6V-^f*fZm~ zNN&p08L<0ab&o9vh>fLZWVGAJ%-){ZB5$@zq`g3Xny<-B;zrU>B3A2umiHQyrCRQ) zhCoY2{u~J+1ZCqebcQ?3IlBuG8^Yg$yft&a+FJ1+o70~^%9){ELMDoZ@o8k0Ksd=Ne++1_As_g$(&f`>t^q0qOY>`Jx3qicuWr2mPUL(plg`8lh2T zPZH^NywAak58m`8)ozOk0=kt)H+QUq)SSsS0G$@cB-HsZ&z!Pysz_s1H`_GmuCvTq zmHCQQS@_IC*m(YNhTR^S+39L(n9FI*@4ymG%^WitY*^d^{Z`qSw_Q|9| z06R{!VlJw1o*bpwYNFp}8F*I?FPZkMks=!lkWQBH=T@F5M`sPZ97+D5p)I!GA6AKR4aLaUGqf z0OFJGhOIcVo^NLKZdp+(_mbY6WbrfPSD(J>h&!n4a5>{x>Mo4r-&wuA0F{?tc||Dd$#GYIz%;yT_N*sFq^6` zvnw3XJb0WC(W^Nf@@UqtN8an=l?FYs zc`-u@TD64T+#)c-zLY{ z5R(of2T-mQz|r;vkKYCmA;d?!%>WTACa>W#9_cS0JPrdszJnTE++F^Z2=?$r5vQd& zC6Q7^WM9Z&=_56-mY3ceCV1YYs~SC7vJ_e+cteF}3R^f!Qd=L_sO*?ryWLNZ_u_Da z$!olV)}pHfefNOLZ+AteLEF10?`Ic<(yS(3HZ%Z{%pt>RXWqJ#=ZpTSdD)9jK<1SM zMy(!+uPY&q5}f%|Wo3K?4kXA$?Xvue&Yha{kSX>vy8UBmzOtyCH0qJ_fabRwrQv0+ zJ6=*+@uDth4kmbebnvR-_&y}W^}~ktI6=6p@I^M1k(^<*rrJ!hg{7upAl?J2ui*a) zbx7$Bq*Ufz$QrRztCYKcL+rG2Spdajf^b3VZACdF6355y_tOgiFE67wu%JO_3ZeCxWX6HB}Ss}$5H36RHRDNVS z$aU9A-QQ4&UX=zuEFIrlWpY^}p98%)HRnz?YB0&4B4SSyiV2*BVn8aRZflag8wGVf zHXBIKgp-T>;t(ha1{*E1Fk!um@!x^$Q(}E0A~Z{X z3m_U6!sfeG=SO*V{3r_J(I%!2rCCM0WGI62UbiSM7nc%nRME?e1Of`uPxF)+fuM!? z_mz}lukAGpjnTrBn(=a0TVkCX4;E^bB2=^}{F8lRP_3{RHl5bX_(JM3#ZkmuEfv$u zq!fKTQTenkoVB}T(d@cx-;>TGA-62l9^X>vY9|tU>P%+;B)Rd<;T5QSKPs9Jgi~vA ztE}M8a81L@wIHophzHeG5yyS$nd8sB8P;30(cD6g<((bq`vUN-rf>5_HJjuo$?l)Pn5Srwn%dsn3W=S7JHLztW#O8m z#6+w2V|Sch?JkW=Pc?th?F&Zxgqu(|b1#wYQ;%ViJCjddg#;msvXL+PoL?9B04SF` zxgOgNS34CYhg88DMT(O$xBHE9zREO`AoDl`c7dwqAunqE^*yRen3$M`+G5{Je}1ud z5)Sf+U&iShrSONo_GfTs_IQ_)9|mW$vW{+|%)H1(gKA^bs@C=xh@O?CQLk|ta+%Uy z%4ABjRwySrZZpy(UTijCZ?~j{y)~KQd|rnrymv6^5xpL5cMm82(OX~4eQxYKvX5Ov z>Q0^wd9CQH$EjMkb|eKSU%dm-A#c0jT)iiv#g8H~ZB^3n*+UFbq%mk#y0}K02nnib z-y?6UcL&mVKm?_-!vc#XmYcJboeIF+$pwI(|_Hca3X?XVp)2$TrqDCi0 zn&qKuB()M@T(CrG>eqe#%*27XI^zzw;q|Bp41MWN)zvH)2a#;U|x*bmykET@E1#`{@NlG z+(0OhwwJQ=emW@$M%swA0%je)5Yj_b)zkTSnm^bf|BRBosP7}VXfSJ@$}H{y897u6 z)YL13+^MZx?NO~tT5hpf8aWE6?zb*JM2g_M7@eK&bUm}XH0s8CcDU(-{no8mZobQ- zT`VSLjF&~j-F|6UXlK;4XsA*L1^k4jKDY6k{91T7@1YZ*Yj zZVVn^YND+Ig9~?ATiOmh8oXmx2l=qM+cwOIsbgkO&CwfNA zf$}CM*XWv4t=*b$Wr-6%2l;8IHHKlU zLxl}!xkF$DKUt5i=u}Uhy0?E#y~_RrPGTvqOKb{QG#>h}WuoK=Kf(8D(N7Wu^yFnO zRLD7H-m_Y`6rhz>Y4uC$L8(_MaYqDml8v%3_Hd`dRUaQL^zD=MpndCsw!0SN`e{_U5sl#JqZ*axDlnIRdU+vY^$y%W>DuI^{CpH!qc}IC0JUl$} z_a?SJUD5ujwlJI|qNG!uMSzP&?}^rh$+AdI&&~J*7;q5XmzIsrd~`wabg62i=FPQ* zLmWx6Z~nzv?eFtDaaM6!6%LUp+z+Xo2Jc6jB;w7^wynwNC0AYA96xx&#CR*-HscHV z9Regg>2Elmo9Y?X1VxfGf;0(*%<)|yB&A`?XGh{n<#JdbF&4D6OTAj6XtR&2*D8(R zf#-9n%Z!}U#CuaN8TszryS@>gD1k9ezegl|4~D66JY&k9f1`e^AHP%g@gt39a);xo z)y_ngrIyX=hR1~;-se{Bmp<^fl#Aa=I`4a&9PTbPk^8&dGZb7&zXu=l_aV6Tls!ic zc(Aw>j59}_>AD~9uhH0D>~jgL4!1_q`vrIcmG6(hDN^LpUuA=vF$(J8Dp5GwC>#m1 zqP%3uG~Bic{;&1^rW`Vww&mUQx_Dq%7AavJ=k)C!K&t=_0JP)OHLMt|%)C{$yKC>W?rbthPh>G| z!Wm&{T||AZ5{8W=t>T_8NOXg)-K3Z64}%=i7+wKvtC#ziSBOsnNRP@!*~2)0pT@s` z`KMAcqzQj)BmQES#yrTsQfe4wDTS!D!GxZA15neNfOZ9-K|q2z#euBB;b-K#CvqSK zV&)ZQXB&yIKV}X!q;7uZ?^gQdvkG5E-ljnkS>3@yEM&!RtOZ=J7ZY2tKi~~uawRX~ zFsSURXa472{*PxKfhLDMd;HHW@JD3*^8xsLgVc_ZGllF|3MY7KKfds3kpM0ZZPwxq zlOOUsr4*4D07=&xhoEp3l@U=Ysvl6w<$fQnI{=qYeC77j-&d@@ zzXYk9h3AKc31ze}u?r0|WzDX3jo3@0p}tuB={2Gyr!zRd=p*AMj6o;Rb>y550t? zuQm`vo2u>C-Xhr<0vf|wN!Q4k$q}PRPKp1K zrhi|k0?EBVK-}``b5PKDIgd8D>n9qBnM41l9s2dezp7*0`k)XFT_ud(qEdJX_$iM1#( zj=9QyO~-xZQ_Qu0@Nj+^S~)#5AWNxr$)%;9VI>C>5Cp>jw7)A-Yc+HA5}BVK2B)=k z9_n7nkloPqM&o>BR{^SBOXKge?z`|9O(7iFogK@$xl#z4Wf%JFxaBW0U)WHO6<6=} z2K8Q6n#d+tR)RVcv{plbUNbo2Nccwa9 zQ~e;;T|tMXF?kB-=MRzv7rw;NHtGl++KHCG#n}~u9U5m>56Dp@z7s)88Z4Z8V zM}MJu{y6#B3qcHqzmBO)W)P=))5}McQeUi&!}O`&8v0?lvXw?6B&s(9NQdyA73SRS<>AzsWjI>ODtVR2InV(N;rQYeqX%0-iSg#lz?Svk z_`!n!T^~QONHuKT#IiNTmp)_Aj2biYDzIA{ft&q3s z@aAEhpeU1KE@hfzD4Vx_F>cNpNWR}%fuic?7_UjdB900LP}!!K$T-tuGB)kx%Q_7# zKKN;(-RasI+M9K2Ac*KojcKkTp*uj z`3jV&KlcL~^GBSy`P#jwF(DWPw@9cqcKf>gja85NQsXdQ6&VQLx@1g3)pa80~M4x)yO zk|HZ?G~Yay<$DAK8e#a)x)tEgc8>|%gw@sAE|_;dN|(+^r{jKLKDF#k&%wE%yjydy zj!UyI+^ANu4Xcz-7cIG@EYa*&fSe;oD?ibYyugZRw`95*>Z9{a;P;U~5ZMw*?xd=x zkf%@;ROW9u_Z(}BwpVaRVQ?w(QMvsBUkCBQQwug1f;MDQ%cWQK$K$m^%C(Y;=$z0K zBx}YSX2iJN0y*-GF&=Z?ot956JXP>=%=M#!`jbUswRaFnFX7Ihw0Ctm>CNTvQBok) zug7dD%cOEXP7qkW2Kd1Nt~ z>ty3Jy|qL~`wnnJb0Q0elZCI)UL+$8%SJU^>U=N14+Y1WS*_&mr?E9W%g7GkAzI^n zW67ARa2=RwzmC>&mM^s&rSpSo((7%21dKg(dNhde!Tdr}yNA#rEYYE{*=UYTGFz?q zdCG7D1jTz6Pqric<6N7#DO1l#sg3V_F%rR@{>OAoax^4eAcMY_=m&L`E9IGi#crUz zg*>Er1L|5Wc?oq{VkxV?{9E0W)scNxhGH4Ut&D^^nCmT zdnSSXu(`qP@IqGEFf3C?J#MVrS9^@OEHIdX86ln@wJ0q>8jRTm3tXlweLSIb2>CW zbPz^1z?Ss=8+7}d2*qn!CRs9U-5Nj|Uz{Kk9=xgBiiFkw;IV$tcDb*xf=54Qpzy4Q z$K%;6=a?}Is*eShlY*Tq4~)N|<+$sQ6gTUAh~%{evL=x(u-#DPK*USQp>oOL{{ztP zIXI!|d~IWYVQfr&M`N;3AN`UrczQv>>e|`Xb~kCw!PSCrs`*pEjT;~EC6Qc^)>}&# z!n9q=P)3hrZVn#+`4@D~S7ICJ$~k5QvsS34vURK4?J!(8y>>-!eYxWrIAiuo-`>tsp`V^c1)3eAPB1iY1_!7Jf8n)ASs(%EZ#2~XP#BokU|QXM z83WLxTdA4=5G%UL6b#6TxHnwdy_m1Qf&+H=$of6HE%QXa`l(Hld^ce_tCD4ZVF7+Y5EtSw477CsZ4JR{ zB&}!`q8K8Dm#6!qmIgu+e*%!bX{X#5U&4_=!$;wS8hArZx z4!^lowmZgZg95m4CA!qU9jq;cpl&%xUtn>7M&vG8=!|RX`Spn8l%8v#1A2!>uJB<2 z_lx8`+>rbS6=G`X@N{aq6h(y!QN!;$LIkq+*^5VdVa0EHktxv>5FRcu&QF2gyz)e# zI21PXg88629;+5S7oIZ0awA^kB15}hYVI$?AWQ+N+1XE(Q!DnN%$Xo7>@v|->MWn|ImxW?1e0D#_AqAg~AhIw^0hQrkuynJu^*ZoTpyNMG9lcfUSBH zY*DXq5ac&QH@G`Ni&U-{ZRn)5%xJjx^h1x%g@7Mr%g>5%mzm{1ny8Eq5o!+)0vCJH z3XG^_`Hd)&1i$RwNFVC4fV`*FW>%>lV*kun^WOi3UpS;i@np`Dx(RK3z%a+~>; zMwLdfAiF9Su%s`fL`l8TWJVM$d}GS-QUZiJPixBs7KB>8FFH|bKGN3q#zSECh1@Wp zwo?_wh@zzmV$ z-vMSymS4(d?B9tvEQ_OUyDwp^DZX4+jIyti5^^js&-P!FnKAZIx-dK8L^$DYbYWh9 z9qe4&$DkoLWx^{_m8TUb!&=Mn3e#;Fo1oZZG@sG~dV0FY7wTRovCwwrgHU^CxS1v+ zt&yjSMR4?Nm{DwI>rQWc6;U~niv#)GhD`lZnE?m+`_TIf*mh|r8pr3HYPj7B@SY8E4;|fFEWr>w5pUA1_ z%n)Tyy8SZjlcqwXs*U6cA=l)(-j|D)OTEX~d6x=3^^!9_36u&?#tAl9XQmQ8c@d5# zKg6<#xkGFoA5cqebf*W|pevC%33w64+xFfEi90zc7juVxY*WDl{Jv_SULrf;vLVpg z))qL5!naH~NHCC37~gQ#ajWeK3XOoDvvUXe*|LL2w{4C6O}p^3#VMLz2a}sN;qFxZ zrb3W`z2kapuIC}sk|>8MNO?4TCO2lRF-_dv)8N|;*y8NYYJDLl7xwQA@&o#cYgM84 z?2ig2xx25rjoRo>62Y5hLou4+W4BOBM!Y8Nk-0-x$QZh$Y9zPsEFxi58q~Fi?!G*e zG9_HFTP4OjC!De@+HMp8&Y+{5>l?>u`2A%b_&QqBZ#hR+Hn@kTEK{q@b8YZn)2#dh z7=q6N7X26PaqvIS!)nl`Qq+X%V9Tbsn}A<8%6hUX1t&4Ndj3SzHe7njnKu_ zFJdKzOv%` z^lV2%q2OTpx7gSjR4kuW*_lLX6m*P}l1d|vw?4k_VJh%23k__i(OZ(&-MnJSM`da?2TrdT~{ISYHB<9>bHs6JW|F4 zotsJ2;)TMFUJU-G$TLmw`h3R>XZyjuZBo0_Ci1Sc(RQI)tHX>}ilmylOsfK7X-CAi z@T0=PeF!Ng6E$ybsa5UE@K6r_lGKP0cMq3p>Utk*oquFRUb9p{uVpqC)A_GuTONI? zUL)P_i@oZ7zBzrx20;S$ZOVat$8!J0g5(Hedv?iO^Rr%~O1IFjdEe7dYlF?Z$VUSxD#gd_!{ zB$<_%6oR5G*nCYI>y?8ro|Z1oYgU!Y`9e7sc^meOHmLlZE1|R#Yxd>XP6R{Gvr5DT z4)wD->^4%2vxu&bW&27mr*J`h8#q#xfy)wiG-!?ZF6pVf@goJYg{kMl?(yG*d)HA)1=so=$908Zc zNfUcxb5p6W`&&xd5pC_xCg+4V>QrH-Q{xpeF%id%`rU1G>=+I=EkJCkTbY=|JVyzr z^w%3agYZlUn(;AFmmf^_Wk2Xh3QXVXcocre1-%JEsYAdHKkdW!avXwMrW^6k7{vKV zPNfF1yjmMAYmeu#Ne6WNrU-q|P6RGUbJIbrQGg{zX|PaGmblL4*JO_&mQLUQI))q7 zO7^q$m>N4XZRfYd?4@f~offEZnkOce=5?XxMu=|4V!44qyximY%u(*&d_w!ou|Lsu zek;#3v6q|~!EtwYUpWul#PqnL2(h&(R&jbne4baQHHsQCzfX!fGNqYozUs95F$<^3 zUWnME7|I}~rXArLHk&rlbvh5sqjaJBT#ZMhAzQ-$1JBg^HiVN!09y!dwsP!wvA$^2 z5yZS~qL>|6wLi&lFwzZ87*gNnlN4_L7e+YX@2=4F?OxpP87!<9x22;ac$7=b`G;<) z&viV}x?8k2Z_iM%QOLbNG{~yy_w$9AZ&H$PII;oYG%x?@&I1pFtQSR+88t^4Nks>Y zzOtKFQb{QkB~9P!Hj3H=*I!DJzK%S;#^>%fq-%GuP^vpi19-jb^siC*68#}xniMsvuV~bW@R3(4Q=;>XSgjOMah8yGM@o8(k-RD+u(6= z2uZ)v-mf*b)9k-i z_Xg8Zf25ONeASaB77}7FMfn7sa=S}La*@D}Y-I@NgJIBo0DjF4bmA4W0znX#3*%|u z)E36e{6l)_kCc7{8Gz zkZ;H0Cw8O%o$&o54EyCrFJHhdj$wPv{%a%Wm-XbQwWU>RMJ%dBe zwVt%9DFRE7JAR=$S)>;#o!;~MRi^uo%lzxRLL}@#pr`+NyGEJJJNQwiQy4u-!Tr9> z%U(lb5fGKcJvy)2z%8W)*`TCBXZ#yBm;bMkk*h{ePe=1#tZg$kHZa%%v=T}&K{PMO z>6ku1Gi8YSVSRR)d%pW$!}|02`_hziVz3aT-0n0#uh0X>G{lnwC?(`{)mt%z;X|i+ zf}ui0FP^d3mPn;+73Ex3qD|JhZ?_RtRA3F2v$}I8W~8q;I%q@#-o|$i3C@0u$zUt)J-%&qK0FF8esw4KT>QU zM4(b1o&N;Y3iqsfcl#EdIis)88Yxb2#QwbwrDn5-zivsty?yvDvcdyoTS-Kwvs1Av zB14y&h)wvZJCqa8u!X9oxO@FZnyGe;`OrKM^H8RB-1`DR+S?QJUaPj|z8bKp@Dbhr zwgV7SuiUqKg#SOLyO%eWT%~pg1=)Lh{N&LqAy;!JKI%X06dn?NtpNy`t)TBC@R{$? z_>xQmx)l}*5>;cRHxm#kWY`N6tW56c`v;-sr#|4{)kzo*%_WUa3qQFNH5Ji8Uk`2h zO^7_2*lTiRSo*lw@gs*GqiUe0=_Di62t#{O3h}p1xlY1+y6z{NR0`NGhsO03KK@v{w;#1E zUqi|uhbJAe9}SOfbI$ii#hp8Bzc=lssVkI!y z+z7CWe=0R~F3s*y@sd2rw&vDHKB zkJ&@)-FNAXVAu2HeU0#~L~b|BvnSUFXX8jV%Rhq^wzHo4I zLqQ%XgWXUoL0dy9cmF2Rms^`j);35xvJ&>UeerMI$-Pq172P1=`T{}r4|<`O-fEX# zW5508HIJcqW}W;6g;MB09KSsO^mrG?%RY|v6eooo`&^#s=J$H?{wYU3g7r@>igGAO zK%ij1dcAd8}+)C*^DuS{cj_^VmHA;NxYF6&`^BY}6k&gzW(rk08jiWWOKSA2&?a2Ii!goXNI7 zy`dk!{Q0$dd&Xb+?M?o6lEZ)KNvU0b_4WGSr+#|`gM{1seCgjjeJ}4z=jb8NUh?1k z^5@rwhGdQP+nf9~G0-UG*bu!vQAp(~zt4=n&;RR47}ojorGGakG3a2B0_`gg9Deu9 zpUzRDwebAw`oBI^SpB8Zt{H3z>(}!?Kj`lRj*Q5I`qQO<_dpq95QOWzuQQDQA0JvU zxfcF){eL{w-%T!d$*B)z699vBJnRQ`C%zca{kNBGwjdbhuUrPj#D5Q>7c+H%Q4h6R z`STR`{)p+*$B*&A{|a=;n|U>0^A(HpId<|Gj=F5X2h;Cv)NTj@;b`)?(!vT(n}yDj zoo%+tlKrd-w^8bZRJot$gV7zYededQC{%w8HS9gcP0O+C)7Ng(0rbo5u}4F-DhKQ1GtDYo8b!x=nb^(Aj5CVwCM#7u zn(F#UclmPLo0+@R?RGaNCrz3|Z*g3!o{&IUFQ37Re_hpGG=KXGF8xA-B47QZ7x=BNp<~XOwCXVo+wiA2GI6eD~!Eo-V`i3P0F#xXIp@^ z#y6y5n4rIKjYMzMtmqM<^L?W4(?h+^hojXq9!W&D%YB5xbu;CaGKMX)%17>d%8|Dl zR&FmC%s>;}G6h@akN6QXn=v5Ax+S7(`^Vec?;bx`Ig^Rfc-LoK4=?7oZpE-a&W)<3 z)KSjNdOV&c5t6%Mc()eG%wgQl&__Eb8gE~vi?MqE(3@t8=Yk)DLe6n7QljAc3G_M4 zfKSb4UnZw;eyGzdZ&VLTZN@^Xjx8mY@)^#Hb zy8zYW9^CzA6swkn=v6JfE-@~N9jrNdo{iet;#mexTJzRV*0|XMTmvCp4+|Z)bokDS z5laD12dwUuUt&+X6UG?S7#j?YF=Qu;*6s}%HZqo{-|(YQZ*PCk{$K?$M{n54{ITZ) zLh=9VQ<=iX+R)+~-rt zHaKHsAffo?_@c{nKYgT0ejEviU=?LZM>n;5E_YiB4D9fln3_Jiu>7D4;ILnob30{G zO7`$r46|#`oUmC|&hkASW190xE9ae@Gqz|xkiny(CZbam-QN&IrSYFvYd$_N-ajlE z)Y>_Yw0n2WvZ~kDt>3hDj{FTLj|=w)>{i=n!zzR-R~GdvOb;t?Refg&OBpNp^*>e@ zXy(&cs#;zpH2bs(g0k01%0XX4NcPgaj@7!bFS9zo2ORR$t(6=PSKj-d3<#q zgJb$ZNzw*Jx+6p#(MV(FwWJre5VqZQwCK?%YTIo+X0ydBu_H5c*_sK1&RXwoeq}K^G!a5zK@boT z=}llMp(FtV0wIvBvJ@8rt4I+9!eS_bpb!Y5Bq|CbQlteE2~9!?p(K=00`KTK?{D4T zyYttanKSp?IWzaU_xrg|Nu&{NSC_PiH^FPe>B}BmT(#j&?(>L=hWXo01%!H4$Y|1( z9o)+@$=F>gdap$p_R^K`t#t3#@pkptEG@2D_b2-trSV8Q3=+4sbKaai$Z|2jW56hY z^iC;xQ>#W7R#Xe1N5?fsk~=ccLB4GRx`!59fKB3cARC%{&#jipXOXEwMU5l_pjax( zudP_q73BZT?n8wIM~6Fs(&=&(QNrA^T-OBFW7J^)Yc4tTs5Z*oK0r{#GGgjNL5K8$ zh|5{`a88!Hg;QggZL43H34cZQ1af<96N?#qAQRY?CtTKiqBzXlt_H+NVy4<>#ltUG zuqTT02GFge@rM{mm9oEgDM)gN1-}Z#04qk~L~9ZqVAjyL$wyYEEHhL_=$}ZGU*3tL zX7ZyZ4+J@l14-{-N%DwftRkqf13OT6#zVqISnbfsMf@D~Vt$C#k|0L-0N<^2{C6R+ zkN3F>`TSy66BW?X4B;MXWmDd>sfN7&NPQ_f01?r}tslb3p3+c_J(&=cXl=cPrz?y)cpEJ3i2VuTbk|);ksiTLwO^^-2PUku>GYsdNkYm&ufF#;JHvM85|Fx^ z_4MLU)9f@_@crJ$>D@1YrTj<~xwgp@2albm+#C=u>~7o@iW@{mU~Sl z>zr?)Np@Sz0^=_h-zJA9Aw?-s2%1~ zXHF}WK6Q@XclmU*Y&Sz3a*-C6`){l6&fbM_>-YEldU=ORH+A7%;C7>thVk?9JB`b6x@$+Le0$LFwuHAgdt!OKbo_AA5G~T?*oZ zTBZujyda=%?nD(;>dUo~4jR$nj(Q8Z@~|Qhg{C%G|AiGpVYxA>*Sywi2V?~L$mbvE zmDs?X_2;bXUOu__NTr9-d37t>y}pWK5|V`A){)6ap>F_^0*#QgZ4yC`jyB z&CSnv;*;SNz^_5y=bzB2H5Y8DJOwMiF*v7%GxWkwJ#wmU`-rKzmmzv1FbgNq1@B;) zs{7ummJrlD*toser02F34%h(r&_iyc(QGVt;{l^b6zzzJ_O^PBuS7@*h(orrp0!td zkwd+5j6R?2&z`bD^~`Qb4?Vudsy)6&UVoJ{Kd9qDJtXP2)t9HyGluC{ugK3;E)^gj zoXrh>*64^n{i!2WIbs(na-4dgJ(IRD6~ul#Li{xBCVsB&6K1V?F5OlvhEDsP4Ip@Lm&4h$Mgg2y6JI@1j~=N`RnZByS?}{RWw;G}>gRWFrXb zl3y4J=ho!n(~=Z-u=%|kZ!e9P`YtP*LLCVEO9RG&kbSc0hVsHQx6=A|RyJp*Tz?5czd;fK&}a}F4%pk9j01} zV_uB}2fb*8uet+=72{nDCtvfZAx#vZ8jI#SM;vLI!qK@GL(JD^Ri46sF4fe@9a0&U zUvGKB;Urq;$6yAG2J7(Y&ECNbP9>g}>A|da*s7$SmMyhn-8Ay*zM)s`9(>@JaGEJY z^W6Ec@mIV(S4daxF}49nsp^K8Rlk)q;DK1u0@Sazftw+Q%0-vsCf`u4*cS7hUK*5h zk8>Q;?nPKlO($s`ti6nToB&vT4dLM(x5}2qofKKu+5%wFrfADTP0s0e@qWnGaSZdM zCVvs1ByeI$pTY{S2p7bP1PIlA^Zm1XZwv2 zWZE*kLoOX5Z}~TQ{O$MD9=j(-oTy(DzKd;Zg$&j)E`B=Y{!t^7{&7j7ajc z7|Kc_f2Raf2YjD@OEi1xZ5^OTjm6p2?n&*i`tT{R)Bq;vJpXkxsh7~&&p>W4Lp4H3 zp9oVlmPPyBw-r_L!3GO2;;{-|GUp_pc^B;#l`C85Or1wYu!ca3wiI$Z{bl=F{e$8v z*dJd$$!b9X3Lm+MoY9HCrI&E0RgYwrQ-GPmQnfaW%b6>sY(ValUsY6--O!U}R+{^W zKBFgC&7D=pvQ65ujx4wAKD5@ESE+{om{{Abz5Q>JD$eLsgl{weUd!(`zQ~;D^PAw3 z&HOoSr9@3uNgSf^=epKVMD~Y@tycW`41fPRb!e2E0(rHJ=nCWXd}^jXWQ+8xK$got zE;E}s0c(0A=ddQ1hJrfp24FKbTIA_BgJNZkC9g(fTJb9%K-F%{d}HM!7RS<{PJQ|T$MX75&aC*D*S~t zWT{ph0<=Q?`EyYyjZkjazoXBW*c$>#fY!$VkJ;qCp-_I{u~YonP*3h!6we*Q()#r; zAcu?D-Gjh4!^YUon}psqx4p#mF3m=y4OQ`Im7;5Okg}x6(yCLiK>%nF?l; z%lqg1J%5Z7+mHcMI;v83eZXh8B7>cjdbJ|hG|lVW;;D3Ecn^qT5+}MdH+$#v?a00A zr8*>cw*jf%Yk&QIA=OAjR7hi-$d9B`XZQh4ktE2?^fJjP2GXKf$=j)9Z>L`@a`ghZ zte`d{>tA2Byq_qKgPf?8P`(e6f zLdYoxc;RWw(iJK%Xhc74QcUeVl@vb1+w*M4%E?p*UkL2Q)nsjJlDo6!imFUA7s?y` z-Av2>A1oPEyV0P8J23IYWQJDT^ReEN`1uziKiI1Hwye9muZ*Ym@MW{RP5Dua1A(@$ zK*f1-G_kOqVOn&XH$wUr&G@98@MghdkU_3pL!koli`{yMYT(?4hVRsvXKOl#A?I4mPw1`lj8C6OGH2Igf1a=2k}FIj8@~ z)a|^Yg{jGcas~VuIRCoxC(Rmq&qt9kQTjtCiy9E}tSH&P>w`$Adg(c(F~At7nKUoLhfVa49<03qNStaxJJ#{$~X8(N}GcUaN~ zrMYQ^JFCGVGQwlp21`R78I$}&w)|j<)U8I$-j$}9VV$)rLDCc0qwtzM)!jE$ zycIB&SPqfxgr+vGyEP$ZkFEEbQtA|-2Hh$q(MiJ7&*%Iiv47sdK~T>9Ky~CB=wx{1>B6!xsLK~uZXuIvgCkdAVui? zhle>rz!THha>4H~+R$Nd+gC$3O8$?!;bMeENvhs!5*GfNU`|;vl=-n8`r(m!Wb5oF zChBmN%gZwK*uyQtrMdpYni6?M%HAZ<7sCa zP_PWzt`G$^zwh@ApZpVk{C2G@;4A+#j8TUz9cP2y|1aqIe&{T(N%NT0rtMY5f9TA2 zf5_d*uN;_>(|78>;^MEHxG*8r4RFW$0^|AXo=55w4G-{O5fC|1k5(-R1mbpl0`?Zk z+i(MJ>fL&PTt3t7Js#|lea7|XARo8#tuuqFFK*H+95-hI)z?A?1_q!SnaR}eAlyH` dD_}x*Pg=!J&GX)k;{<@i^2&9ys-L~@{Rg|@=#u~d literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-evidence-url.png b/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-evidence-url.png new file mode 100644 index 0000000000000000000000000000000000000000..a489b3c7b98d79b27da2782e14538a86270490d1 GIT binary patch literal 66806 zcmeFYc|6qX8$aBFqNIhK$Wn?Bk}bPR*_Z4~W0ZZJgc-Y3R0>7*ecuhn&I~167`tJZ zQMO?ilVxTw#yrl_`JV6hoZor=e4amkfB1L}bKjrqeqYOd-S>69-x%s^u(EKm96EG} zRZCOd=+Gf1!l6TlvyU?!{KbJ|2Xyek)8+16Ll--{Lx-+?@cp2ubM!WQceuTGs|-&wR((8&Pg(_zu_KI{&isJQ zy0;M{)9oK${9IC)Q2sbKvOmp^nZgXQ-pR34iD}aEZn~i;P;2bSDb6hTCi{`0eXys3Bu;tOyHT^W|kOLqFU`e7>mKmp88G%dXk9b$X* z>(AjL)k2p;hxiX^soys7vsuM3r}dA~yVfDqdjdM!_wKR2FgotgVt+p$enA+}VPhlYG}WLzKr+ zm1c;L3L-9JK%TgR%cL8yGn`gCbogH$-8aJ0>J|VV^3ohRcPk zZqlbhh;$Af9x+gN57d%>OPsfBunA zN5EJGxYYXI3%@F-rTm&;vc{j&cV9fhK)Bg;Yw*P1hqeiQ<15=_T77)%$79e@zTc%h z5LIpbJil{dZC4Cd;HT`rE#TnMCNFq8P_JcsUvF^jBDdeEV}D>&4L@|d**%oy(EkoN zbYxlhw0n8eHrn8tZDK}nf!LpNgw=2!yoTIa^Y<~w^ECOhYY9dsl8XNk!Jg{?gk;BS zOUM6|^d~^}ki*2jCfnNzZgcbiaQ*D|nLqR#=B@WE3)3i@bCK=ugH9YCujxJC-go=* z?-HoVo;?sKiYfK(y+85$IZv7J>6yOfGJokUu0PF!Kk3kIMdUvK%m0G0#YMsnB0wIn zD;#(SYCWlPG37rx(Tq3%%RZ~>#NR~v(^h`NyI5FlP+Uf)_{5)Y{9mzt`$w4l@zXUr zOkB1haO|h_XjAvR1Js4`kok|XCuK6X>t}9y5%H!J9mx`BJfSfY- ze^BaQW_xdRn7cAn)}h+7H8)vY%1tRi;d2;|tQi-So+x%M$v5s!hesR@rbqvPnS z_uhK^ROmlL5qtd`>qM>F%e`xoL4uAHu^!m@Ma zv=AQF{2ubd-48!14By$cz>HO!YTkwosJtEKJ9aARn{8>HY<$5~9Iup~fAPgXCHg0M z`NbHY;*bP})dIcb>!}4dvmYM?bGKr$7RA=Iy%P6~A2V6ci5IgT7-z{ZQ~&YfznH+MG#q3a%V z(%aH8vcgxLjAR|H|E}%-g5@UcncNe~c!QUM_hJn!0^pkWrKT%ry@PXQombg3OYM^% zvpe;T$2oT=N3_EtED~|)&-MQkCRZ%mn2@~q;d_Y>pSqMVuC}CW9)!@39*_Chr3kS~ zeXIXEn*aU7Fdgwmb$CXQLSyr*mQ2=ZwZlj`L94nTe|4K+Ut?9lpM-0o?bfAyVL%WB?6I9hW>370sO!yE8-gFBk=L0(>55 zPC1O;54||SXEai%pULdfd?%cxqZxn*+PPEmBI^H~jCP+o(pS@aDz{JakJRM<;9K^t zzotY1eoGhsE&M-I1D`(dDxUkvcIy8Xu>Mzo?$KY9MbeMKpBvymyMEXz|9ir7u&C2X zvvRI8DTt?m;9r2zXAbrXP1CSAje7id$NHtF64dg3mj-??dC8FNy9QR@U6idJj6@W9 zMy;5@z;^IfSB>iEu=M|xTkTL-nfUutx0?a3bAd_o!9^w=N*^1wAhn)QbD{o`usI=E zlN}eC4vGp|eRPj->tlq6q0EtFQ+}}lx-)HKPMdXk(o~OYdOq;=!}9wcwKpgQa!wk{ zCXNn0Z6U$RPAO(|SE9zy?*7}3UC)84ldG(H0?*X&$1e^k&J`{Xsupqt?-nKW0m`=E z)uBTTL&TLY%g*WhPMIneKm73*&)5FNoqq;xOI?1R=imy>PrcBg^!`*T0*|@|wWHR% zY0s<4z<12xRkpz?!6j3ny7(GGA=FG`8LQw>-E9acIu%ntJW;`RrlI$;zq!-nfvGbH)DGEQ>1Qy4Y4$46vw8!K_LD zAEVDQW(IT8T|Zub9FlMsHR@6J^-=iEo)76`#3{tcJPJ5W6I&a>^`v=x)H)^D-|R&m zWe%7{A8af-=KITyz{6Hoj5H~}o`sh==Z&HtGL98F80Qn?gBzQ+8m#@j z7Yr*-M3#>6kcRzMbA7idJiE5TD*+96z4hLr<2wltl>ctKr&H9BgR(k1W*s8q=Jb6Y zJ5%=ZOq7IKEB3B*b|?h!9+ab?{xEr?6IsO-`BKAqI@O5tT*F8zNci%!%8f$)_sR@L z)V&xLZ%qjwd{&Gcv6uH*&#kY}8SZ?W4=2);du7Vc7~aizZjL9hsp{P?cY*gp@sqnD zw0UV`X@Ckt?6}6q1QKz_H9=u3Xl$&h#KlTBJ|B-niksh`h8iGRR9|$8zPgN7E|usr z-~DLEg()pP?5mCx~ez(V?m;dUt_&l%U~0x7Z{C7evG`Y5{)C$w}F4|j2z zytnIo_k)rLFvpTQJ`Rq28|A=l{KNW?7n^XJf2$J}-Eu+dZK1L;jDMvKS)ku0c@ z&uZ2ugFjh%7x|0{rflt}ilnaq;mYP#{{TM z46BjxrKLm0*b&ZB#0Q!I${ZL}zzjWUSUXH_=lkz0kN@rQcf88lg$9}9s`Nd(=dbt* zt)X2pe7G8ysSGKIep9W^-9L8qC!Q>MQ@YJBw>Q|!ijFCcj=(_WgN34yY8 ze1!u{XsQ2=cTI0zW$y=3sK{93-2rm2NⅇsVSae<9_0>xyEN1?`7*IB`4d98{HKg zu9%#{uaJv*=1nsNMOw793s*22{W64?JHEZhU8)JRMZtzUWO})*G`3#t3}$-Gg*B)$ z8`M1aDr9^rSHo>Ba!kQ-Jfz1utHBdA1Bj_{%L@we$W&@FAGr)1FEcP-`B8OF5Mz8e z9y+QifL*d%e0BwT#i4U(rVH~Wq#3eyyts-lWSVOj97tI^h}f<4Q({%N87IV#7b64? z0{bwSqe7f-82t4Ny113pMZ8-=Y`K`-(MsQ4A-=~`Ta_B`qAM)cb?&0qzRYMGJc*%q ztbrR7LxcEIi(;b|LPTP8Bl7O@Ln9=88?T56jS?KNnhR|73!jqlo!u0fg%B2d%+*Xi zTSkHy$Di&EN~9?Jr!9)x6f0-=q%cN)G$h4b0C8epjVg&aigE5-uCpFj--*K zYMijQSVJ9}$Vt@OVV57_$$L6Y&E$B&o;+(o3aGrBaZRb}sUF{mA}!T!1sFU)7!F;%Hc)T62a=?wrXh3}~&sS$U_O_}Cr&GDKP zcnzUFkfBf(Q)n=}MLF+MSjbCN%)g!L8Boy6v#X5sXSXAOoSeS)r$|mDB7gjlSdqbZ zNFKI(xLV!oW0$%XP~hPLL%Mqpyi<=EPhczoj?vU>=)}&vv`y?x?ONlUym@rRa2w8M z{6387@rPJc3GT$vu_d&q&&HBxl;lik&C^_OPoOnXoYilQ8SvnS!Sj8usib_J5bNwu z?K6XH1*~qU79Ef>R`Bw;zeJ;8E@^U?FQ|2a34TXhNKGDV z8t_xbRHuy0w1oi5BsZN(_1_#JzZ-d}QcmiOB`i|uBT{oJhP|$9%8FM}J*zU%m3Ay# z+O6Y$yvMll2Z9cRucH5!A_i6YB1D$x{ z34J@ok7LHlnQ}OKCVn0N5Mz$pU>G3grJd{HiJRcjj9HQW^kVVe@1fMlGD{;S1Cb1d zOb=a;cZ+FlLZ&xwJECh{Cq*#m{7Zjih_~bz@4S7O*ItEkp0Eg?u`0-{BYq6J-5i&q z@Z$lT++$EOnH8>pF?m3(FCPjVQ8lCn);T{<&W1RAy6hUD!6O#)umFmf%2&U71weaxV9t5}vL324|9Ro1h4kGD&r(ArO<1UF zrPg=(nZ(ahR?V_vruF)TGTvlOj!lMe_mY7ywrNh$F`NrQ(rqJZZS(!O$6D?q_*w$@ zk?6*O#+V=Qg_`2PeA!f)Z(m>L+xz9#hJ0EHXrWJ4jUSPA(;&=b3wQ1wG+`t$vwVp8T#b(Yr0bF3bltXFmE$95 z`joiGo>zVG%^F*O?SUNvP}h_`6c0&4=r)5=&&TgPA5V@>+i2WUr1yxPYc zr&S?%%s$K?dRfl7KA6DOszy2NeQMA3IT)2>e#&(dLQVI0IxmvHQZnJDoR89~!OFqH zJ=&1xQ=bd_$rrmwuu>RTH_jKAJ!;QBC)mnY zG>ru=FY37Foy!}lF4cN!@5u*1=oWQMw01M*oc^FEEmk-(?Hf}jydy9e;)<{laOxk8 zx&-}{Tm!p3cf+9OiJsI)1IZ%y)tjrn9?$XhWe=34OYljImvHsEVq(2%4I3=@sODz*>=`jvSU`IaG;#_Cv zR{NCU)-rIcwf)8I0Rj*eQc^4UrwsZscI~J%ePp0!JgwIaRW>~MDpkSmd~iT! zLBGZPH2t!|DOp?_i%g@)qJRlFqF9-p=;v5g;FAUx2WI(J9obmt@zI`Q@zA|<$>3nS z`502k`oBk!No)QQ2Ey#A_DlV;Y!+W-JW83&&!6yX)ZAt*0TON!9@b-n5Efs}%W_=J z#Vhy{LbxggvDsp7wVsp*W1fbpVFrnOLuJc+!jMlT0U>IEP6ZDupE~z)TD6enYL}-i zJNAaZO^$-(rY9dJCTD$*h>|>f*t!eYMQCYCiiK)^@LMrhbNPi{xEg0IK)v+dm%-@i zKJLcbxJ=H^*`8LnG-h~cD42td?=L@^&K<8}dkN$o9PK(!WT^og-@L71&RCrGG zGZzITws-*6Uz%UBZ+=r9=PmRuUiks(dx7&!QP?{JlM>R@!1fr0r0<{@qf2(b|R3=lROFZ1~8F{?TMO69c<4by91K1Q#9 z5KEV7mz%n#Q8A0BEM70%mnrSbS>*wd7!|?Sfkk@9UgQtxH5ngo$H7uy-xOySQPa~8 z-ljd9QVXG^-}Av zT687kZ_;>|a7OLafWTeYZPD}n!|AASS#EJpfl!y2ophYo&IYHExKsrWhjbf;W6KZ6 z)SrBFT?V-`T)Q@A1k<-)_1+)M4jm>)pP*XGXL+sCTI}sm^|V->Fg+m2F_<2)@4T${kb?|_0nHY7q zc+OgSN$+_l`a&Ww4dEY!zc)Sq%Y@1+tJS*P`_a;T{H-0RXj;g6&b`B?U+U8_a&;Oe zCMIf`9``asc8lHVdtIIT)6pMz%!$9ST~N9ecJfR%FUQpHXXp393^xzzmLHj)Opet& zO*yt)mv(C#R+sWB#=6f+drS$`*#i1nQEFuk(>+9})XHBD8CK3r!HikZd1;@tJ}ip? zB>;J?PveKuAtq4}bpsx{-V8{-Xjm})_A2Se9t6FU9z1cbygLKJ*z%z2;O?dp79zzR z=){~*>|MHP8`3%0H3pf#LTgbS?NZN9_j?6aFV;bsla^9J%Lx{T`v+ZZMH#9q)B-Z; zsd62A$2Lj|(zi5W+#kCb?mV6E%T4KDGk*!Hi(nmRu;#w03(shrVJ=#bk_uk)0H9v+ zc^FMGrtW|{^vcK965MpNL|;`jE{Knj7>=$+W7QV;QsopWJl6ZlO*Z|dKwPsNW=3^U zwStWBaUWnqubxn~08 z#;dAAZp*BUTP{5H55?>i^rx~h6pJ5Zd>I}4X7W$tQJWIVC2#fG`a_mxXNTpM!s;a5 zocxc9GmpV3h0sx`wc=R0SGwyMTr0{Ge%EfXjAGqU@Us_Si!iHdr(~hLg8I_OA`v_i z9Du+nXY41{u1Cfj*W0jNNwJagql=qyY=)f&B};9b83PSI%oY6gmM^>9+=ZgIBcBQM z;AZOg-SIG{+`U}R8RGdp?Y4TvwNnfvk1T~8 zPev!o3u^=l)Mc=Y6H`sP(JXe)6mB(ni>8J3H8R9d$%78aoj^n+$J_LK{OG(@-nBk* zeMiOAWW9Bqx)DMUJTD0qB4Ov@*ww~wSgGccF}+8ZVvTq!u zEx$tR^cjx2%<#GNg`|zTI~U@Ot(Pjh zyyeo|RFl?9XywCiWks-YpMUZV%tH!Xb1A=ff)jsmz3pW~{r-w?G@C{fW;sM7QGojJ zQgbMobjh`YMR|m}Y!cqOkYF7|3MP%29}eDkBv{S3ncMiruO^Dg-WcCQI_l4~-0zC! z@jmIE=}{?BRUI%UBI7b_F;dui?(`Dua1#`*J@1c8RyF4%$&Px8M4{nS00ChsPom7|pN4AZQpcJy z0NjEWjf3?n4<}z+vuC(P#$ATRTcX5Yomv{X%574zrYvGNuJ8t$wmtU@hMbm3Ow=@7 z1#NaBRR*0Y_6C5>)}-W{`-%XI>2#M5h2P>MgCHq3+`G>gbwf=L(!ZvsD49X2qtqp| z&WQ-wo9pfie3h?XJJHJ6W!jL(?H~VorrQyhmb#&|@GZd?-9&G2efj?KNVCE6@S`f; z5Kbe%hGc*pFSZN#bmdNK;NT8UC}gVN`%%b%f=}J}rcVfq(4W^f@EUn(+hDL>6}MC?TJ^2q8F;%?1} z_~U|j0e+AAhyc2`%998;8;<5Ld8=Ff_IkQVI;l;zg>PF+n^kK@7FvQTTMcsV?#oB9 zIYzb3K1IQrbIe%Bph>{Etw!cAL@Bn9r||OwYwvpZ5^c&$)7y+}cL(MHLLDY5VLmfA zFO}4~!5@jlC2Xd!G+hg)#2g}B!KTjIfEwdxh|`+xC-*n0ws*h(*bq5m@T0dmp;FEw z`QR21@UgX0#EfkO<((Lz)Glrj8Y`vWA@VSHJFdDbbhO7sloSHY>+(&Vc)h9cYlhd> zC}Mk5sW(w5ZRqiM8N{^M=&FqCsw3+KY3KK+7?S~xp>_5>vG&G#p*S9(T3>7IfC^Rj z7#pw2P>!T)*KEey-sm3_}$P{53>)cMsf=*zvBJjdksWm$BvNsWZtsE0*CANm>Cw_-af8VNu z(cAc#qid;ZKN=!!Y-F(e)3%NkemaQD`J}Dx9;>>oyS}aUVPp@h68-)umni15SL*Ym zZ9hzdC)vXK_}_Ek=)N+pJB%2z%k%^#jqTV=D>4lsG2Yi8usHHclC670=*j8&db-mv z6)CeUhpELKX`PnA?7dCD#2(-p4_ohJ((QJKdTmGyIh|T@$}~Q;$yZymKX$Gh=7ec9 ztLmL;rB~Qh8C_bNzOcz`L?pia)&;r4r<=OKJi%c?*V?T08M@P-vR7a=Uiu5(g}o9p zP7HnL6xI5&l-eHj?TUr)SsRTwoW#%7S|gPywg_P+`QC91u>UEP$m8-cY>5B`vR-)Fg9wP_Gns#*7%kx z-e16vk9XWwNRvfrJ*brvz6>{?KwH{veL^RlWa#nI=~3~5*3Y4-*0V6K7q$L=U1kK< zr~7CRIkCMqx#l08;G=zoqpD+jG1w6p#_DUue3FIMwXvt@cg8<>^PQ~UB>(u$QV$&| z7QW$&X9xPCk|??-IK{x&#L0ue40pgP$*I}DaN56(NCj0uq2}e|co{d+^s~dlYv^~$ zLlGykt zx|5872iEU7G47_;AaJ}+fo?8S8|M`_J@GY=G+Dlzy}f>KSs$)V#(5ESj1@9ge{T~| z3t-73#f`j=c5oZ@fqRT|mkgJcm-sot*{_|ch!yl0hq|>&dN1A)ZuDL8(DV5kcX_jS zK_`A?7~eG6*Q8VAH#LcHjj|*O?;Guwl=e3X5A8a>Q0!10jfHkE;0IT(!d3E0pJwix zzExq)C{?c7H4?D>V8PuIt>(y~S-z=SrhgQGt1p=A9~+{&Snx$L5dSjdAxyo!v)^|gkoAQ_1g~S@Z<3oqfXYmTK%(0{n;mBJ%qZ?7;Dcg}|LG;vf-;@IJMOdDl$dHY^hB$Hac#)2~ z@?Y59y(fZfA4hoy)v=2Ku|Ze9h>agql9Cm`UoYIFk!eq(GOIqL#^c8-%=?1+CIGjJ zhzJ^n(jM9;WI~YS-FJwx;Zaqc-;ao|D?W>1~ zU=HkU!3A}ylM<$jvFTXCjCX?-CEa&#O1rY4~61Ai8)lzM#$@>mo@}N zHN{zG@KucTy0ZAST~(m%hz$tTB012AT~+q(dC4h5nQF@lxg)bXgUc}hp}rMrIIj?2 zrLU~bueV#>SoU?=tJ^!hiCyh$721L}W@ak;T7X)mI}`8U$_A?d>vX$pK5?wJR_DS^DioKK_93;kN}lAd-c`)OuD!|6X*hTN(&{Sey!HJr3U<*7=&Q zSTChhY6(+3`uvd=VG~Zl6pBK9=riNlcfTFGXps8M$~9q%*nly|h{V+mpI4kirtVfh zT@dMPqh)@r=O$RqdtQ)y?AKO(9UOHFq;>5FiG%`D>tJ2}G0bI_a@N|3;^j!kbY*K< z5A@Phh091mba5?dH(d8WV{CypeKZ!D&Q$Z-4C)v0U^Rb2ttHN}|o z_d5>UbF~O2Le9WNRF2l&v091+zz{D;3azf4DQlQ@9W097M>iWm^{jZ^z&bSux=#k; zO)Zn2Mfz@ud$oZ$ef6jqpv7`5MfTM0GPy0R*+k50YR7#Byj6)a zFFAAv>1I_WaHGX3#tvIEnL#4CD^%b0!V4SioptJLXQU@?kphiGZN0?PDlgt8pVRE$ zRMkM94RBR6-w|rS?2?pxU4xrl{l{OHat|5Cs7UFihC+-dO+BB!(hfXgGgQdtVjn{_ z!St0>xd|%E&jJR@MB^eVtc=G>PrIw=q2F0%SK>>6{j|J1R&v?ylQK^!H~C3l*-}(l zIkib87es03dN1IVgr0`vLIqxdL&`nNQ*U)Wswa#)l|^s&t59b;B)is$L;bEZS<%Jy zVL7wRo)c~AaK)6~)IG|V?DBwWj0Z9xZ_Mq!^L&{^5aow!`BYKR5#hISPzNJ18+`iF zt6~@E@4SON`gTKhB26C%08a~8i8{f{0%V|aT|Vh+&L|yg<(1HdZc`%<>y9!IXT8LZ z=>`jgc0F$7frKg=E#Jum0S_5;P5a8<5tgfQCMXv6u~h8xSGRJFmM?D=-X4)nsb6y{ zOvy0^3Q)Wv6g!DAL4EQC0a1$1sN^IASZB@7+g;_YcPezxS3);@&8T47tfGd);zim( z9ClK*^07*98N!209*3MS0wj~u*g9mNq+V=Vh*k_nH7iSGuAn=;%YlUf_0ttYBZ>aw z>E0CG?hZ^&k%$?Xuk0e#x0!rvWisC6Dh}PMX77ZZ|<(h%;zs_rI@DqtRyLmS3G%90{9N+R$qzJdXcu$kCmb#5SlouirRZW z(eTf%%d#`Iq8_x};93u>nZ`BOv2rNxGEQL*(&K;)%+`{V34G}(P1(fDthnJhRXboA zKpVir>yD?e6dkM&xv|zm_1p~us8@AYW`@Vrwe(>zvwoi3h}zOpM}oC<09kt`m_9$m zgZDMC!|_5OiI)`Sslndb-d#$BGBzu@S#Up~Su`JD8~W=-dDwOS(~c@ZOTfo;Me?PO zr`TfRjMiu0+NmVPkKRRshJyojtemvpynemY8qTVTuK5UrMlzSlkn@h{;U&M+!|B&s zB020-f>I1=`8r(yk*s%;24(Y7d^b)mE`d_4itnFWIRX8>SMo^(bDs5}CmqtOtG~e+ z1cW!$n$uG8#lZPvB9@!ta2c)BOOpw<#&VaVN$`s>3OM@MCEc(n&YX? z8P8KP%i{ynxU)9RBh9VN_nn7Bl-WxM)nDw^upWQixn}U@Yrjk$3bU@HZcvQwa2=Hv zr0Lpv_>b=Fd@nH;**7gXsM9!)2XSZPnJc{fK5$`d;%h36zIV%0kPv#x$2+pNCc|Y;xbz->-|#l+;>2X1 zl>9yHR36GV7HZ*33fcnCG&XsCV(5Q|PVs58Cp=J3=LPX?*%-EbCb(h-0d%>V$52f6 zBHZ@#%3&Zx$BrY$TX|uO7Nc?nhIf7+Yfa*oeND0XXftQ8n2_NS?wB!M9_{>THO6-- zb3}nQa7iqqd4lq&E|^=zeAECO;ZOsv2nO=)ID&~|fyN2=m&tE}XD4{!a;lEw-cJKR zh5WYhB?H?kniqkqx=NsR1K1L6QY8+n0@m&(C_WyZa#|Fq3oB3cZ0bRE)ViVY=UPeI zTyidFYp4bXS)-B*M($b_e_{P+zRu*kasYU*xkNtjIX3N<#)ozf z?TCva56eDUsen^K?VkDENp?99k zJXzFr?n)I+OvPWWI(r$WzwgF(Tgc|AzmfZux&?pv*z?o4ox13jipF*MnEK0`*9UH9s)Mc^a?c z+du&y^pAu*?l0I~0n@6rhy&w&%utuL*?6>fH$b#R?ZerU5Mu$~<@4tzswj>7=Vr`l zY)(t%7rcYIR_fA%L;9k^NvA2e4lhXEFFkJvq1>j>< z@D8&{zX_zq&`QsmqsC6OAHxq^6^NBakSRT{yi46auYi)+-(tPL*1D3^bOss|tvxb% z@?ki((fNC#Q8-IrV0cK%xjgs@Q-Pd_{avqSa$vLsijmO-VZ>S+TvUoT7b8%b>t1JM z-q7FKg=ck?hTg!1iUX{PycnArIaUFrJI+JYq> zJPn#&N4SoaP=nDYDMA!QmR8@zg7Wy&l+x^MI0mOSAbSTH#f5wju!3Kl|22_ zHP>pNS{1B2-@Eid>!Zg?@5eKXWX@AAX_>d)%*n+jn-~dbv=+#uf|twID<;3$kOC{- zo@aGU&0`@1ev-q57BP+pI->*M2B9k817n_}R;D`ahGA)P$seokZhdZ(MAx`w?nBj> zeerS@^@;LjF&f7}YxqvUR^-l@@?QKh+HP&xzh8w-d3X+n)Ah>y<)qouz@s3mHj0Fe`5gJcX!XJbaK)I zJC|~6-DC1XglVanuj2(?l^}~aAw8qF&1>2>oN>Uek3DgE+I>&PO3eqfJ~SRwD9SAm z(^?<=YkQWeY(E_-G~f%_&UQ`4@ya$hzsMyHWbk~m&ex8w5zGnsqgej>>J#kdL0M$x znTbU==VYJo6TH3ir#z`4^1AQr)n-P*0jZ|-%Y(l2420)WSJ`WN9ribG|6YXu*@26^ z7iN2q{OtG}f0{ zw|?4@MaJue0y-%5c8-b9KJHNaJKR+D2^ zX1G4vL2{k9fF*c0AZA)DDKj(TScMk5r+o}}xKqlG+O%(jiyT$T$cqhL$li6Hz{g!g z;tC=3G4AjmInVoaMy692lkQu7t%iwoMgK$F^S9$ZE96SghEM7DIDyMUxrGw8PWAq) z>q5^xU5{$9a?9!(PfDoJr zr<7^Oi^xw+9Ws7<9+GV7@Im3pw-{;Vwc~L{)d%;E`rPEe)LE&k9R=N668$MM-i~V> z;s%tp^6o0AeAg;#(XSUk<>?S*MQS}EQLHZ07t}Ij9`BpBvv$2}Y&U@5&I7?!8O8K+Szb=!Xhq2l&pl@py-e~g@6xCu5j4~l8WS8H|w4vql{NWvH2aP5N zb5>lW{u9F`ue9wsBOmn$7<}GpK}6DRINwdf`Q*QO`E-q9;{7<@xiaM#cwR8dq1NKhEBNApd(SxLPDb1=LJ0 zPS8N>0ndNfP4@Q=TKg@%Mq>wY)BYPTYkb$<*TrrmT)QxvP~2>ZOv_F$@xP;l9VMjO zbGGUC$108<*6P2n2auO&xe@P{r|?r1Kf}#mlz99ezs5E0s=qZm{FhhL^;f{sWixFN;;79Kq+V7arE6<*K(Tu2k$1~a7}X39)Rgwi&yPQ)_@4>vD-SJ8O8Fgf=KZ^tx}%SP zqnf+B%}Jlq8YkC($p2}#{Lu$QU452+T8PiN%9V-9rwgX$J)yzPJ}ZY<|Fq&{lLI>x zg)$TGv8|rA7uO~6@M<{u&Aw5%m@>cN8nGU`Yi~<*O#x{ zP{?$zQ_j?Ao^{^&!E6bIWl4_|-9Mw;vuEmq(XjtGIzPa1Vn?d5>zzsj#~&~a8+=>b zt^dN@HfiZor>?HfK+v?XNNR$F>IPHETCLH;XaCgQn_r1~v!Alv{;mo&v(uGfjURIF zuT-4xcR-cFfSK26>Qat2{geW6Ebr_Yv!T~jVlr!_uIs8ldjWgNI0N-L#fBeHor()kl+5vl(*M7e88>jdVov%_aJjKUQLh%&GUd>$GSJnC;clK zDVasI+1C*=dPR!&Q|F^ZGy}~)fO(Rv7x1nKaG14ojX1wwK3340s;XMbKIKGb=Ox51D_XH7zT7K8V|8B(y5)6TKYNTa5x#8iGB`F~a57;>iYX?eCfsre{vjgvx(t zHlh#|u669uX*bo)cN*8)@nrc$i)rFH)reooQ&r>T(ji0j>#}oLjk8eEk0Aw%vIpfc zmo{3xOIzMTq$~$CjU06GMN(CQJ};*HJ6xftpsLuCDoEm$w-)LT8UGf>wMcwij!(6n>XwIbe0aW+ZD^q^W|`SEmo)fk z%5A%&+k>k$Bw-Kwn7WyKA|$p#WM$QpDibm)?z={<78&^EVx>pPT!sJ#+IFcSvt7p9 zP$TmZKB^qfrVs4GXCQp*InYeS9Bn9~Pf#Bh-mO)>gjqk$rrVD#aIM%trxAw;(3@qaiFP5PfLvWxAq+=MSwCv0zzb zxm&4C&Kbf~vQMIew6i-ODJUy)kq9@VBz#av$((vT;*6bf&gTWGiri3MoJFMImy4S9 zlCR{Ubu$I>{$MKo*LEqzY#*5n)&LVmAH^Fhw;nSi-`-D8-Z*UL$c3m`>HPrUuDSa? z;M=F>TEUHeU71|x#UsVWWwtYGMU9K!Ls-4f?4Gllua_}-Umao zy+8wcy^cokHGfcRF@7*hKW;Yes&~dK0`W*NrC3v+Qrs}3S4&ex6U;Z)41{MR_pH{3?(j%K6QdgL%19{Z2}@NYX&7o)+(g)dsP3S=JfE#r zW|(rmglfi;Wu|9y9RUk{8~L!*ileu9$ss-nwj^R>W^zxWpD#}bOiowime}_g#%Ve; z{@s(hS&k%Mb~e9O_K{^psQh*O+TaOir+9_}c^~5f{}C;JV2qahLIER8l~TaBY0&7P zI_7D-*}n;2D|ohLV1B*~o@C-E>C)BW8%55OsR^#8{QwQ{YINo&>R?^A36TygAVc7z zN2VsUlJ@oJDCx(v@=U3j5Z--kRMVl#yN@#66W#{9^gM4b z0YbIgvM0!nYu8Gf@vpiRzTCjzIiG1^EmOS$JK)Dm*D*(1D97pSg<-01XV7|q7m`j5 zM|(lL8FyVil_F{VJg^446;*w5%1I@;$Ato5qKju>e?MkBE1bj4wpp1IY6#$X9&@M>;{WecM^$h^%*&aTR@v;J)TNVy=?aBvauX zvY+Lm=-ApOfQ5l;!5Ii$IjnPmlmAy}Gem@*-{E`vbXsQpURG#-OM4`Tj-QQKj++Sk zNLarr-T)_bZ*(hK!K&Hz!>O0isgJCiq~6Vie7gdE^&DRKnx;5T57_i<9g@JfR=VN4 zE3UN$YT@(rF);sRsSzYq#x*C<<_o)`6!B7ds{G)jW5*&;sxLF*@7rNm+2!}b&%uJn z3b09bMj0gcj8$L1)uZlXe2zx?9)=L9H-+K;4Gp@a^w5C|q$K9kjL7qf4Gv-B{xk=W{NoHWTspDkE0+zXWF2zpFYGDm zPmcbAy&#ZGpTCvkpabzcBL1e|492!(tsSD`0PZ_(0a_E0?%DSZXX>|b z?JP=j=hCD&h3l$)((_-IsQ}`0vUHn6umv~s+mG0IQwZGBzIoiIRm##WgP6>}d2Q#% z`69KXdT%@}@BC^H31j2&2xPf*S;D1nRVGBn z12uI{&SkI$vSpvjO~ORF1O%=r;7B~8g{8rTPNadWG9>&*igbuNo0OoFJ*tq~)p0na zX8B_TT*|;$AkZaql05l=sJJrLA+A^tGW}j!G32mwB<33wo>^Mu)Zb+DLTDvP$YPs{ zozdk8H>p-X3^XP4eg|qN!i~Bp`#Gx7nP0aALPqnXYlXv3L=28h5QYCA_TD?HsjYh# zK2k(PMMXh6M@6KoH0dacB2DQvpa@9sL5P5WiiM)md+$|3=nxbEDG9w3ij+V|KuQuw z2>G_>9Mp5(bKmx40C z;+v&WL2W-hs^n|gQj`@!lB|Qmoo4xaYVM+K&xN&+T0>u*8!DPgyjaehIs=& zcdKhUrFC!BQN#48M1>F2dgsB7#jf^|Js{Vhf(LI%{>Gmu+}xx_LNu~|$yA4< zJ9V5gW^AWb=PD3!Ndg^#ao53gsq29@>Ap!X5v}R**yw5m$ve;U{O&L5DgkwdenR`R|@3-AI0PFSmHxJX@Iv5tNJ;c&Jv6LT~<)dG6v;i*vqaIBnBQfvXl38L}Ep(lP2Hc(`u_c zTaVd+?Xc^DBZIlg#b~CPn_iMoEksy{n60hZq{oek>iCX=0}`{7CD)usvV&Sugu3wq9pD(s&6Fy@$UszX{)A-+Bl6p<|J-BeZ@ zLRy`e_EvAH_j+Z=Ew`qj>^k8FL` zILX@ScOOGkHL0arx*;?FsLdTnz*qrStp}#z_)3pv(io9{ykeBm91=1}Ac8`#xd^Sf zD+^3cWSf_*LJ|iBvq*%O)tLq7NDdBfjc(!n&oAb^32}{*Ys_NZKV|<63d~HheDS&_ zA2-Uf)p@>P1KU!;ol~D^mC5OLXyHJTgghd5Uh>*&{tEF{zPffUzXcVtV^q)LDGwSKuz<3;YC2!@Jgmr~cuXUvImj`wY z{Q7Vo!(y56+^+zHw9%a_^pNM{M1mzlHCGtRqhd>MZ{L9RE(^4Zcs)sbSYd=%{HEYIEdYNcd}{ijoXIVJtc&w^b)+H!;)D#l?Rf+#=W&36 zi{!l+a5XCn`U14VdZE!pAxNIej`%nZ6RH0Re3sucQ(-@mVuO*hLorean6xHA|t;TljG;!3iex%GgN0$hF?ON z(OA`hwH70CIU$e!4QygyEni*SF@y29Y#n!AaC`PcFLJE$hoEq2Tjxe4XL39&t*$NU z`lSzk{bc;Mu5X(~To*2ZGwf1O+|zXphqA~=UetR{?B~G^bHaPeYd{Sip%}kV+F?5a z-YjihI67Kea45^Vq$GB5&t{$gMgSaFB2un$*X3ESI9}BzWLt)#3kG@W<2{&A$ zJhuJ4E@=HrYNP*1Oye=H_e6x$1h=50mf4&u2A2=4 z-{iRRpfF&Pkd+&Lrtq}9_2QgCzL`#|CvJ#ST&Fkn95oR|9Wvt88D>-Fau2pIU4N}4xM6G2WV+*<-Mo&n8<=+gszwRYdQqg5&jKqv!S6CG zPKeuuRBI5b;5eM%>&Y?Znr&E2(Vi}`D7_ZxGt!T)E4>5`pOV8 zjF3A=D1E*RaM%o5y9^LOIYxYlD(i`?UleXXE_&$mq3^K;!be=WTr=5tf2MK7P83YF&Dj2+iM$_4-2e_`A!sKjhb(t0(wz5WZ`9)_&z z6bn#fK!Xn^J+Qq5J|cMBVZevgW&C2c^T2gUS#L4Pg5zu?3#MU@yDFrHOO5w8n5tZ6 z6$Mb6S1usZIr%WBYY|u5(jxi~D&8tgvvkm_J|-V1)I<_aN{Er5jKfCkznPr7yi#*> zdpJb%c8gLxGK0iy8{^2oe9o~4#fBKIx;)1&p(;B2Vb`_&h=5J8#3$|X(Fi0Fe6-e` zkSOudjA+V))d{^eSJ{$1v<1=wFJ@Z|xP(GY9uOsc!f(i14qW=bITjQ zi^jushZ2>n4d=T!T2pek9^+~htKpjm+dYrJvM5_^ob9n`^tR|pn;dr%LcLwBcTZ}_ zFmxUh{~0|0c@$7-JCsb^-Rz;tST#Qlv!`&m4rvM2p3BCMA>Ci=D=N4amXEHiv^sxA z>N*yDL%Ke%Ts18OzwcBiV4fa)%<{DH>JJ~`x_apu z)_BZ7ptZeGqi5@hfwP>?YXQakuQ|U|o%T8-sX2iN%h~Q%^}Bz8xRwb7KN&}DdJ`Vl z#cVBu3{w!KXO}xj!Osk}5?heAY6iSeq}edY_fkl@>Z4&TL33k##i&T-%LtvqumtCL zW4UXbHRTc-mK^iQ8`%%lg18*|OVS(`cZaiEKrXhs{P1LjIs@@z3HcLg*til}a0lB% zo&CZ7bWwf_>K1C&td~5)F3%$3@lj_(XFcH{;x0b`O&r&6M#`<6Uharoa+=Le)^ch) zmkiM2!oK57u(mf-f7HZ06#pLlFI!)Hv>)vV8a!SufxFV02rh8Hlu!_HEX1~;CB1v_ z90}ML$JCokjcSlj?j2W|nPe?@+!K3swL0=$mg+Af`YTvh5v3A=^(yBQ-bYD(ShT-e zxrBQFWMs>An)KhX%eN%}hG45# z^y}5zx4%i?t}6c;$o?_TpOX4w1qgs$;Wx?u&Qlx`XKXfh#%c>!ehv!ADL(R@^ztLE%I3d6;>W{|SI%+$dgHI-`Rmia)6b6oN6^!MDksJ50BuKbttAH93q zf7a}JX8ud*XZc&yTa=p*5%2pm&uUcOi_SjP(cd(XisDnx_+1F`H88*~*?qANARdp$ zA)lm! zK;eJ;0N`&GCV=uur~UQ|sr0|<#nW`|k)Qk9zh8}s0C^8dI{yu`=^rb zU#U#7mOn))_b8`TpQv!#;?LFT`853K@Ly7^_?}$@#tcaRr&&9mL37ik;qr9|4?F6@ zB@TADesmY3nX9@WKZku8~yo5L7GR$xn-6@ zvp@2lF;%>!+FSdD?V@3^an-S}P#vYtVS@cX2$T8j4spqOE#*gSPj7-Ipv2p^Z@Yms z7#Y{^xPi`pmhVAA){&mcjS)I`&CMrg(^Ak^A<9VqGWWSQS?ifCnjd4DiKn|F^~gt4 zG3ye|i3@If^lUecBbUYg{=F);hq6yqZU%b|mo{o28Rqt_;!9yG_M`=C-$gPFx3;y_ zl~H;Ki9ffdxAJrw3laA({aa$hk5>aze%9z|0{9(dbxHQ`FZ`}gZ|CS1pFoWw11imw zR~7Oz=~>|7dp=IV$b5ZcYGZzK-Jod997!{DU(7+te1N(MB-4|AShb&8GEWmEKRud( zuiqPDN-10#Y?8YO^l$jHN5IDO_u*fr;0r@I(t33W$56!su`{BoKeYae;nRi762npB z`!D+W0YM7F<&RMT-U>zY_YTO@e&Cx5$7`%CxDpplcn|(aG0Z;StSMj0{BK^#5tjH( zJm}~XNS;`}seUUHe}Ls~Gn|q1aAmsCOM&;M%^Atle`SrRl(Nid3y!4d9{efhA0PTK zt@%CA(5WQ1+i>2OBlVnwmB#{ZBl!-O4KAimTgYvWk4^NWYU4nD>MT55X~nyWRL=aB z(t0rqZ}1uzsumugVo<2BZsdFTM~Vu&VDm;idx5&e{zCb=#8r6M9$k?#ou>NT9lFCd zD2k4~hlXm@mf;$kn84X)dDkd@K!72t$rL8HyiWQgGfDJtAZWNo{iGLJ zOWcL z`R0v)jX3nCf9&WSKT_LF>^GOC-=C%+uCstXgeD)V3;H?s{j2$dL50ZTy3>uBmHZbB z0nSLhg0nkOFYpD>G7HlIApN%3Xb};GC}a{CdmlF)KrTtb1Np$i-6lP`rroydz8$t3 zz8zCUs*?oTu-N?Fsf$~&BMlY)^;w`!E-9!CwASR~~t@i^{CN~!H9Nqrdt459~q z*~aZZbji($hLQAjXx(ANGq}I1d~Q0ix2UlVPI`VaqJ;K@f!{bfaH*h3TmM7wEhP`k zRC?uuy;mbsfhV_iF=tW&Jw8Z=7j$+A2#ESDpRTk@Mu0XMx*OPi?F*BCSbCLX-(AiS z?SmFSQYL>WNb&`@yTa3;%vOnmMb4u^@=T)^8Dv|LVfi;k7%Oc~-3tV}meoK5;^(us zV0RH?=+#L0oVRVxS--Xf_qf=HT@S`L;-%}wVDmVeI8&vFAMTp$cVAswLHJ*sYmb*I z_fQi4@7gB&jd`D)uGypk^X9LMGA|+QiTRI?v8x+;Wwi>n;=f`VI}%@qD`%HgQL`k3 zSYr`&!tvA^NgtcRB?igakL!Y~GIo$Q6Sp3?Kngv{DYD*;(84ra&}=n3prfPiIW73Z zHarssrrlg{7z#}9}bFTutNy^|yj?g!l{Q%(!mP*3c9zn?z2k*X5ZAoEb|Kh?N^ad&s_ z3T3V8Kq7HU=C$V)pF{VocB1zjhI}e8mVFjb9*2VKa_J+fPh>RWo=w87W9lqCp#UXp zmLTnTj&!9LkIs=vb!Vwj+ez6nRxM&rrpA%cqsW#6@*yRUpB(TfrX|+-tZN@N-YU`t z$F_30+uyX%ZHzZnhTdcfBn?>bNGL*a#Q{v6Ik6%&Y%Yh3dxAsuhz(Zv^GUkGt_%JB zX>MdKrN1_UFDc)b1=`m}|DVf(E2azitZhP%gpZjjdzeZ~IrQBb{IsqFH_ z34o=wv=1rLV5t4g#kVY9ay;sXZ}^2mBNCZF?zw#KM^@cmi-ZqBgFC3%N8S`Dx{vn| zj1@H~4BH!R(1n61*FUP-209{Z0tyXF=Vx;y#QP?ccR4bV(VMFiJ6R;}h8z5EPI;|3 z^t!(_l*UHfp)P@Kqw8*B%4=$fvAex_m=3!!ENEA`ue}F@ULF}QF_F{K5^K6`gg;X-Z^o&? z+i*!YT->FMxoY%X31)SEMG3Pb`8GRM>UWoFo~EKuHRVn1m(;gcMFYPz3`D-!`ou6> z{58!li9Nx(aiCgwf;dF-XTYNgkwbmUdH5m7wgt;qf;}OGI$(p~C{l-Nc$3owDg}^x zoZ!3SVVEM$wUqZc8mSMnX}$lkytwLBs%LfbRZ&;!))F`MDanS3#J$KSs<6Nk%-!F6 zAl+`r`;+<2GO9jX>|`NQ)U{X5E)qH~xX{2r^e+SBIhMzCh>lp#H(PTuT|@Ah(4>8#>?UL0 zg5tjn>;ebg7XQ?;YjkJbe7lVstDR~c21|-8;XC@4#S21fx7sZUKTc$LWERcac*@ss}?u{Ic- z!#Pxv8+cq0?Og6%I5mAwMMB9>OHr(Nk(J9IY)zE4Y^`uX-MkZRu+S-RwQM+V)CHFY z8YG3}NRgkL)MchFlx5{vS1mOpwJjbu_{CRv%SL}zaB4m^jTY`-lEb@~OQ_!J8xv@A zT;Aw`?lznj0jcVUJTcNag2@avnIe6V+Wt7nw$;vfbg0Qhv^rCjkL@*?gUSa@BviaTlK;9at_ET6ZnUbuD;ds46CJ^z5)!ClCx ztOU-*zL?qeh~Y#kOY%)w^`9zpC|if`YcN>3sahAJky6TpNh?ufOD!~T717O)`KBkJ z-b)k)4Iagr)oZANrkaXapL`e-BvkWIdZZl22*)f@uhuO3Y|2^E<^0AF&eNg>(<|fk zcynJ1UjK@Y;T~dMh#&F!tGYTwj&^EW-8kbj{|ed5k=5Dg%$})%6c_GrAks>%95ZR^ z*I*#rSn0dwkFpWMJ&wGlcZ_}bQ(5h5uoodS^+!kM81ipuRqe)G-tq)B;U%n;%<2(>_m*xa(?Dbl^c2^o<_N}6{SWh!@cMar^Hw!kk?7Ksi z^A4;KazBTG`%tqZ;o}*(-16t?8yeJ@cL_OrKIq#N-SpfxMM|+6!LfwDtZ8{gFL)~O zez2OBuSOi|vgsx$u~e?r$6+*3?NNQba&nIHR`>k#x}BhQDH1%T(hhM)@rw03$azBZ zg`?PEJy*)NY8UQ}x1h%aMyW#6{vFVRt9YK}7r55yk0#oc$OOBCk8vZkjb$FeL0aCb zY1c>r?MlRLSNN)%>BX!lA>N&;`!I*0s2I_OUGt0?%kc_lqdMe)=l?JWXHBfCNj?qN zi4lKHAxEVwRjhV$z> z5i_fB1|a#Zv?SLd`LvRLc~9Qq<`0`KS5E{TsD~u;tBCFpYdDLA{Vvam9nq}#>ATY% zx}o3e(o<(Z@|#F=@Cs1%DIvYKlhH5H?VosKM3SyOM&zOv7^Map@b|csK}eM&j0;6e zxqHDr6N1h~G^^Am4zQLB_ z`x*oCidn6ta9G}|TG?UO&_@@V4HY?`OSzj9OWLZv7D^}{X0UWpPA+>}H@RmimCv4Y zVPrC&$uYWbc&#Z8VMksCoJCum0Mt(NRSVSDCk90(MvY{!0VA68MZpLpn={abI#y7Y zTxj6kdo0fb#^Lz+3j==Cnz_)jdYEL53&jMkP>@ID?F9R2$t}$y1%*RhOV!f}_G|}P zP5w54LFO0k8V?Dv^r2Q433PS*nhUQ5PXiytw`XJohq+V|krwUXmZB z4KyQ~E`{q9E*9^cjMqh)ZOkv4?k!)Jl3UgR7?kRYts=wZ;s9;eYSNIk6rs#w0i}w=`h!UbjS`J=v_N23+jq~{bN&bJXv)mnV;LoA;{FS zfzKoj^SM=)3`@xcJNFES*$8hz(sKO*7upN^vcr)D#*-aMPnNqxlVs%940`SJ#sY7j z)LVZLD}EV=sxX1eJL15$c?yHP|VaoDJoEX=p?QGMD;{*+Y_Og z70XUhw^KhO6W_0ZGqi(+Z`m>KI+@SMBSr#KAGi8GX=2x&LHd#r_ESy`x0?%Ja4T3dUwLWxz} zM9ng{!YKfTsT$r3HARa!n+&m?(JYx#345?0oL|G@Hd*0a#=*O4=T`nX-5gNkWM5zE z5}9|TNR`5pQp`AB6AgVd+@%@0 z(!^4eWNT(?{!YZr=zM5Igv(EtaGopZCF3}yf}~f1BA3ZkH?}3P8_KI+ntjjVN6z6l zB@9p032I%dKUtT(<7>M6dBP8TO$+5V)QXI*!6j0$SG>8#rcM0%cMe*%_VCv1oB&Lyd`%KYa#aKGCR1n ztElr;yJJhPmhN2PYEX3=#5@pa_~GdgH)13_)e98|*rN_|dsVSS3zr^r7*BrM!g$!q9+&c@$z5aN2{6|=woLBP$V$*1XyH@uW97 zZ%+Go(59ffP0#;Sra!lyw`97Fg4rQjeA|#ccLMz?>xI*D6^9;~u5{GyP<{7yk|$*S zUhIdvZlpK6w}dh)OFE5~Yc7-AL!88`K6_c^<092MU4lZ$0s1|{)GWhu0xK`t^0@ST z9xyxIg=_m8)T50l)h)H{`bKJ}#0*7}k3UkYyutm8TlmLVp0Qq?pUCU!T4=QE*&AVG zWL)i;@_h27fjpjyJHf_=R>FEaITe$~sZM2_GA_wEdFPbmOasGtQgWOZhuU5rWzXEb zchA>*JB;%W0~Vyff9b*JLv|Icf;x<+#C%_@^7=-trhY3&mXY(dMH8lO${oWjykd4- z6GZZa$nsgmuPT%YMqmcpWH8=ncc+4K zmou2|Vfm^%|Ma(ko7yjyOO21!r~Zt&9$yEJ?PvE+UHQ*;b6>h>46+>N7iJ~E`_3KT z$f5ZzsdM-F{wcGc{=*+vH}U~I_K>2x*PkNzyCMH2EJ_3#a&{@A-@p6E{r~v&|2}Si z0{-8~P9>-tOU(FSXKRZe{KpY&Uyt^uQ>FB{Rjx(p)$k)fA(fx6{CNfJ#fQdkZj5EE z?cce-H2*$xwbudt{2x8;inmVv?H3vU`n&=rr|_w0zY88e9$tGp-9bNGll|zmdd>Se zy8j{_*Fz77Lk)dZBk%oy`ft%0^F$T>3%vO2F$qBCfB-8(;OXLj&o}`3#I;NPQ+)pr zf{HW~px%ot{}Z^HRhEp$ii^O z0?D1e9yD-eX)?e$uQm94!LW)c-C2B-)o^!01p^~+Fbg8G5}CQ*iyDJd76DRIXyllO z?xUZ67O=d50ZZk*58`_(LkA!prc>vHgzgZ^(+1vSRbRvi8|CI4@;z}oPGtt4Xv%L< z4|b>Ri=`=ZrhXX2%wGMz4XO|rZ}j`CoySX&k&loLV}Y*s6`|yi!S^V$XHnw%ir{H1 zbHDe>l*PGQ;o2o*nzB4D6SIq5(b~F#zwDyz0QR+d=G(>B|CA{Bkns#QI#FupiYa(z z;KDDrBmm&CSd>)(D**bcHB%AyT}=ed`q^- z8kr*RuGb^ zG0_!0iBtm0b%Tmo5A7y7;wGl`A=A{gDw#QvQTXy6B&0bdRdv9 zJV5e{N7PelONCX}1MS4E$Ne4&1m3Lx%4)P|spI} zQNPJJ4|g9;91T4WQf^?TYaldO6YjST7U(cIi_4^Nws};lp_q-W zK9S8Z{_LOjw1_;53)JeV4fElRD`V4-#C^SeiR^^xC*NkSspI{+j*KflhpoYNJ_Jf& z(ajIN{U{Y1J>BuEQ&FRh&t+K4G|M5p!YtST{!zty<>d4RkCgcr?xeMIP6}YHF_`tp zD~r%67zbu*xN|#@Ss^M^Kg|ZoHC{On0RCQ)hv7B z3s1*M^~;h>2Nqoiq^bvdReijNRx|NiTiqYzY9HM=CP6f}38M=-a_Y9|rCDmZaG{?! zF@ynfj5VEUxWp9ZSkIfeqx^KD+&znodk|Q`Jew)w3Z5qNIszO9y3%VQ2OTF!*E%6I z8KooEjnX1O>1)#%LkHo0F}1D>(i!%>d;4vZW^$4vk(NO0XF5X{P~#fJC~ji)ku2}H zwgZ1QOF75%-z32r98Nzz6Gd_R=Fe%K9|K%%32S zrmVieM8!bG<$Vi$*36<1a$Cd^%(rnEUls*)m3r;VjzApGPvxGM4SE@7d-|eZ!-hcg zFhxguxYgheCUYauafW&@zX4o;Yi6w5>mL|e{W^{r2z(bIU=@cJb2u3GRA9zm0@YOD zcn#X@n#B-R!F;5_rWhMSzt$3LWn(8x9b-=J2vwpn`Q3_FZY&fw<)lM?8uo|B^j4OJ zRpHwzZG(v;fjGkZM5DllN_iI7qnsoM1DQ1=gHM1h=Ma<7E8xfn%qwa5*46vLD6;XC z+nUjJ6hqGNtq8lcr-+)$l@^VUO_xq#{g}Y65V%AV()N|woeDl1tKTl^lC+h7*?A7} zAI~Vd6??DoV7nt;W@6GkC16?0Z)R#@kT~_Bt`Bgx#|a1r?&s`ZjOywKbu=MdG;nW^e>rx5d>2t_PmY!4HMVJI zPuHS5{>7PQ&;KKK+TTYyf+ZO`Pf5XVJXX%DO3Pn>l3z8azcQMFqn-01hXbw7jy8s| zWv^Gy!inlDlshy2cU|OrYV8%KJl;;dKFQjkg-fhl53Q?)LEdZ?ADeX@AfwdZK=JMH z>69Thq!3MP`*aokrC;N++w{k{uBO-2)V#d@Dm@)_Abhz`4Pja}@SB}_`Ocd2@E!%i zY|Unv@&a9OzeP^y$#zO3nJ7$ZH1eLFsrRz!y5KM|cYyn4zMiVx36&XR`i4eFEa%di zh`)e6ReX(>k$Qm$GK(F7Jnq^VWw2yDv(5|MB^-D~PfJ-ND?ib2rQ&$sTLJ+$!^wb% z%0R1r`MpVfv67J&{whuyDLcwF8wxa$V|Y8>ZzQ-yS`zlm_s;ZhxoM`RogF7)m!QAJ z(jVMigHS3=>1?P0kMMMULmBd-Ia3S?RsZa>g=p0z%5 zy>lFXV%V@8k`}#cM6>oP7{y@I?wgM2rP=d*h(^JC%x9#QQ7eAe9tb;**w+xNK)&@a zM7Et4XlZ+coc-YP_OhWtln-Qr6&X!GZ11}Z4_Um{2?`P(2Z=%Ga+`@ow+y1F?w}S= zJYm9B;ItXWoEAKpIuLaoe@@YxKK6qW%pPSb58nOC!*MAcK4G-aaWSuOfGh%YomRs1 zWkGKEm-3IH)+=b8FgAs_8 z%Ju{!A5(m%ka@GeQCj0=oqCOtyDfDwTQdls!q!oC2aEd2%Mns)s`a3v>S64i!n`NA zDnDPsqZp;O#B+I%E9(Z=(hXTG^{R7oqI~I0i<6f{G_Edx0a;NduiSh63Y3B5ZhzFf z>+8S~<1>F2%{4H9J+(a-sfc_JCqA10(#N5M4LHgrd7Gsza-@bqARpk28XJ=uN8YC) z%$him6&B0I2EJ!&@ZCB*8pkj4^z>d7!e-sZAnhUdC#?lLp^I;CP2-rh?}nbD;hIo)_J+L zhE4BHgiQSokN?(*5=%H}bFneglT+F&#JdrK?;o@u7`(#$ar7?b(7~+^e&+J0aNnCMcY1XNYCK)?9Q9!j=~E_ZO60hYjpC-ZGh7}G-0@NRmVH6F zSEppcYv>lIkGyqf-sXh&@Ip9e;q{Kfx?ErZiNE$qz6)wQ&!jZQkV9C~^=y>$;m(W? zE0Aj+x#GB_lG5**$@yfWVnb>Ot0wUIr4Y4BAJ+>iWconfvEy@3PY!hjm9mh zfx%Z6Qs8f@zHOrIX~uH#)^wfGf<>V`0XK-#$~Wr46zyiQ_T+@*p?7X^5uGNDxib6b z3YEn}qs8^Ph(sIhg~7yG8UyXp%&wG#Zo=cQ9eI-^`1Zz|Bd!9l!$kQa$?r`xwD}~Z zVa2QNOxO~O>Zzln@BRw2@Yx*(FbmdvXlTyu1b4RIuhj?Y&u_o>TX}UN5%w_VE3+jN zqr37-lM>6|a)uoqQ!MD`FzlF!@AdY}@3EqAp`W9_!W=p@!yi9*C&Xi^Pks2wd(e6C zaf}5NH1!}Qq4!2aLBH)6g!=^~9-F$Imf@gPU;j~F+`?Of7iUsAdbC?MLlz}f7}$U0 zvx8RBvZS5T{NmE*Z@Cn6Fv5;R`qm?B`__vth>Ook0wdz)<1tj&UEXy7eJ;=YquGX3 za!!_q>GU%5zQgjQFY^F`xbl6)2Np5e4>{{KoRV?&?w-Y7vxZEKHTu6Rw zwY8LW@EgFuw~|;SU)N=v>b=OW?(3vx`DXD|nzO=EvD1Tg8RzkASNP5aL3pFjLJaOS zOVqY(+kA%({{oZK7t#Zq8Rx3gb-OX0q>fwH|2zW*6|)>VGCI~R2f3j;BX&I)-0C%y zVhwXc(vlu-C<3ji42dGtIv~O>U-Vq84Dyij&B0sTXcJ0Ujv9j3`Bnv7HKP>>%#hAL|K-n1Fe?2Pj~n|_*ib()L0q8 zRlRW4>_QA41N{_aV_OmiUO9qq;?|goM23bqfrRw5EnLbPEG&^=ac#wDUKQ4Vr83Vn8fePvyS45`K}&7i>N%u) zvfN~inS#7|*l2;FOLh8=dA^2)Ac6IWRX|M=W$ zJ;PFVl(sG!Ig(Sm(U)~gme?v@s59NI%A$vd>3^4OstpPl1PWP;?HQdWm%N?(d zvkd4cAvcj<)Yv4+xQhKcJ0}jYmT#IyWH(zpqr+7!X6IJN&`adf(NzG<6S-Gb1NnfO z{?&t>2Q^L0c0%J`?K%uOj$bN(?_R6=OhFlP?dgO<=d&jgK2tUaJ-*Enjh3Rrq0Dh_ z`dUKT^ELXfq?8F_+!AKi1P)@`#0>g9Vwj2Y21K4?LVg;c3wwEX&rS8kS)$MR4fv(# zp8JrKr5Bc~lTxy2T6H_o0?o`PrpGkWl9uU^TzE7ob3jAqKbxq(y!5@5RySibYEg+p zT0y5Pw(Rx@kA$afk71Iuv)70P#XwZ(&Rm;vew2=qth)77gYT+SbzU;N2e<)1XX?Iv zV#2?M27+ckJvS(Q;w$62KKG^wAfa>N72$K*!P-HTHoGNYU__!MW1N`9IPMMofqgIJ z?GB9~J+@)^9KYLlD-q)7xp5q}=8-10B!A69OuJ!OHe>3!&<^EFBOdYYXkhh|&DhvL zOI@}>`Hu)a{MS;BX(G+hWsm1Cv;*`QB$i0=gK*V;Y&E|F_wg{HGBej@x0;+YqGqH7 zk`~umQVMI185uV8-sTk)C$i)Nf`9C=P51VUO$&PkD(M-C)-rwFADe_7t9R6u6|Q&R zTx`MJkewC@yTgI%TN5B;X{@EHAAseeAa~R?Ogh;VgmHu3+P4c5hl&_vW6xMk-h~#a zaf9Rru8d82YaC+`HhYv{y_kj)Fen4*L8M(CTGk(_6Dv6QkAOo^^7-Rzyk)`kO#Cal z?L}qaD&%P90oqltU1uY84`RQ%5i4r8wFajaBFF3mgjXzWJrRj%lh$k?x1jomIf_6A zk9BL?9%n`4BeZ8Mbq}pARh#{xelRC+5p*Y|G9lQa9#l5l61t3)v!k~tlt6@J?;rG^ z@mo>%Oe<_IiC$$B0+23HLOI8mPnsE!wC5?e8w-NRsqM!s0@^QmI~phpLYim{wwj|M zUPf@UttYK|`s(tq+3K$x(hHXj1ZP^$Z59O-t#VYM*|es2^A6`u85_%zWF;ndA+^uN zPGucMvQ?Pgh|!L1J!&WlvoZ*icA3md6pc9cY)m(*zEYbz#YUJ?0JtRD1^paSkW|i# zjx*ik@+G*GP}Qsm1 zCf7sv)OKh>gBB9Oyd?oia*lOS$$aJVI8zGOt)C&azYJ@#=-t{4^$P#5VC?oyfmGu$ zTybNSiGz&K3Tx%2&(=yFU>6L1CIjk~$h%BqM__JIq6PN$EiaC$-^7{`;JX`dgp9PE z;9%SU3hfgoI;GU~ZZ>2nL6F(pU!-I3W_Xt%@rhhDBDAF8iD}60}=>VXFO` zvq^tNVwKl|gQ)u9e3Pdx1!R!0sP?#WkL^4+r3s%^#iMN+Eb###i4@gJoV5#*hq&I= zDDWKl{dYS!cS37iO&|yzp(i;c$ObyTxnvn~gJIv%{SjC^bfZuuuG9imY6(F|`K^xG zp+XzQ^z+}k)GaT*ZK?C=foXco9sW3J5%1!B_ zRb+tA`J$|wZ&+Q(Kr_BU-axE-BqEJk$a%3cS~)O)=nLCSc!6jpuhzSw#vrk;Pl*=<=lDg_i7(66%nXr(**77BnPcw~LI92h?fa1p#Y#q%q5JFq$4o4rcr;v` z0QH$Xb=o`FqU8l@O-cLeEFB_s^S#4h{)vh^^21O&aZ&T_I>X|t8#|%&UmN__uw#T= zCQa+M2v6HKSbvSX_0U4y${;dfXc18XZ7{5c!TrfS4g+;Cj+8ZQ8k%kxAWvR2wCNeH zLLA4Uit_Xb=ZR?Ilv#lWhh;Ge0ip9z`6!-HrOY}k%*`R+TG z34dWx-3fKP_V!cTAQHZqT4-rj?<y)z;M2G1zRK(N*L+mfvMDGytqYRN;nFpd+`SJX2zFJI=yuE0AL2@3Gn3Wlk_rB-( zd4zFlxne?7$ zdB9(Mt$S;;-q?~{*c#u_QG8|l**)%kS8_jyZ6f5h)SHntzBvW8qpm!AMn|+;lbsr) zMFRC0icTH3AfqdzqsBxSbqplqGI>>_{g(B*k~0Rpz6sUP)qU+m&La zy1L4Z@>+nSm%V{J=Eg=yNl%SSE%jFpOjn|?EqBz;>0g+`ZFq&V=1&-B^;}-lunX#( z(v!)xr#2`Y?V0%{4DvlVe)c<-a3lGG+^cudttpV?q@( z{4ZC0GKX(`)2yF-EO&;5W|?gix>CKxmV5s1U#^n-y*}q+0cZ`T$e?r*I0qBIrl6l~ zKOXCGM|wUnZ`kCD+vZ|JD?C7=_#9X(ge3=B++SY|4;{L zg-7UbUDk^cn_n*emrwkzJ>RPk>CzPH{-s>u7uf-oK8MB^{=ar7%+S zZxgQK@*S*mx%wvTzhhc_ncu;>t>vu$P1R)WH9$oFe?5*b6X5KaEjjxVoVcA!N*~SONz8paba<1zv8>cT>8;L>puIBvEP zs1;AyN^NxYZJ6(IZ5Juyr;uhL#ybXRY>5>s zv8Xo$T8(IT!U3*+3*Uv9`*A&;VeQ;L$-`HzO99G%Lun1OUsUR0El?X=k(_++kI*TW z7M!HW5|35&bUmn5J_iaQ1BHc~ZBxvIRCoZ@y)3+$T^1DJIMHS8e^_Q`1vWAp4GW-; z7_!v4b8J{V(6YqbDu67TBd6f$O1M{Jjd-(TSOzL#(NVYu(5^HB3qS`q`azYRiFNSv zE0#ZEWak-6SVrilgU{502^O+yN)s?+WLhvQ4OFh_R|e4PGe^;XDU{1KQcM; zu6oK(qk1|3qK)P7|H~-`OzD>!-|NI*Y77CUdYy(fyRObUG)t(8Z!%jwvR>j5_CC~c zS7Xwb9veaid_jIh!+Iu;y9cO!*N$D(H}e%0-K|6Z15m( z3Dq3G${OfDJlw*B|Q2bR${W}$Rq+^1!6x5vGN7#SX%c?6A~ufS?4ZQ5 zkNu`CaV>PZOWsz3U6<*T>v-k8dqYL_H+OM4EA#h&O7<&S&9+h#?>`GF78;f$+T-*t z)35`_I_VfuGqo6@lo`XF{$$y@VH2>tsC{qxH5VXyx!Opas?@*sHwx`9bl;`>^iB*Q zU0Ir`P$KKY!B$JR_XS>rCy2RIMM zQ%dO$woxb*bF`%C82z{yV(B?~>BryFvq@N@%%$}Ihq(6+Ycl(yMiq?(R4fz$DHf!I zfP!=!6hx}@9uVnGdI^MLK~X?KdKIL1Lg)k#1tCDBL+HH*qy`8H-@(ywW`1+O``3N$ zKRzMCn>Xh@=j^@LT6-OPR~Qi~Iq15`BW&gGnA6arql=*EX{wXl@y$q~JU&yMTvg#g zEF87rGqztL9El@Idlj-&Zw~Ly?bjg2gb^xTuxYh3{$I}*#&l&#fJ*X9Oik48Bv^Nv zw?m_&FFs%IM_7b@@>~Lz=Hud@=HsS|(h?gyKhDfBhURizvGKA&EO`w%y&jAvigjl` zyoyI%9(pX;4~n34D#W1TP5rP=rqcMbsHNAkTZMSCP)|f(wbRH0G9%rBH;kaoXuZtL zbr4h9x1y|-xg~A}9fk3^Y5A?L z%^cGk5=Ad$n+Z(6Dx|O?+ReD{)pgw>W`%zF zO@kmtTyTK)NYfj-3(NCt%ztGr(r0Kvk>3gW%e13rTb#;svsV*9Vt#+dESP#$u z_+m@HBif=lz&Ns6KxlAfz#_@@X;7&^Jt(QdT)PGXG0QpC0$Nd07tOh7`uVw}9({h9 z`hrf!_qMB7gwB4o8|Zk6>-P1%s+F|Kartt+k2gT?ITFJ`+hxP)PedYqbXjd)+raTT zY{eWOlpyBb3p_rD*V^J?wEEBM7s@0=_X(r>*62u{tV9Qa-znVPNFY7?Dhk~IS#QXl zI*PG0nvd(k@AT*>ct6tIrYJ*`>SPPkB#4_jV+{dx^aggbyPyWP(BvsNHfFB9WIfD>u2svP<+l!ViWh9R6^q^i^gs`Ar_TIye{NC9$M-Ed z$qi(uNoK2^YGqOdJ>!%*{ij&?p3vUD3bs!-83=QY^c&hY@^&g>`?;Kp>V+(K$KKo_ zXu0e0blHS6v<#G`cG^%JT-8~VCcBs%9Uv6+>?;Eu@gQ;Hls1Z$s?A}@rp3~_mI#X%2s=`Hnaw9r{; z>1BaP0F)^NQBni|3OtK!YenzFACLstv%Os~?S}2OGF9shkGVDq3f}bDJvHm`L8Hn6 ze~rXqkPQ)Fe=01~1}im=fb>)!GCp=IJgY~iu03vgmQr<>LCNmAsqt|YG2Bge2UCTS zwdfep6P&*>zONl*5GR+Fxl3S&dh&*hMA?ozLMUkuI;qu2c6@|nIPQHTskdgq_UlNP zpFa`l7XUf>i7^l&W@~k4U+sne$I>YiYkxV0jJC+)Egnk~X8JU(nTslh`JDF5bq4UA z>1C$}rI=8hqlLmH03LlIerrX~ev2)&inCB*k`S}W` zAptmSF`kDV$Ldg;04b`$6JhtUo8!0y3$rD?)qI$kd0(_Ioici{_Bu{)Evig3_YKnG zuxL(0A+2mzdpt${L58;|ZOYvd^cPL(n;E^?}%#kh?wXKFUKeHsF+Mhb@tJYmHQ2 z=|~MEKnlPe4@j8%W`HK9o{dv60>6`Lk%PMPjHHOm>BC1q(Vp0QGBPNKCX9)v4G4bF z0}oy@w`@Rmr1hHbKwXT4n{686aj-9C(RaBi@8k(@_H)s;%pwkSO8fj2A9bX!2p)mZ z+@urtcw42IB4r#N$v-_^UE{Usbi}>XHvuQJ2H5?@ZgrKOukWsg>&&#p&2l?$Mpq>b z=Nnc9EH|7F`LMrR;ukGdw?Mi50{fb$o8V7)uzSQ|3%idn3@1q}2N2u02TyW4Om5%@ z;~W=)rQ&_2Y=tu0GS~T#bh*qQw$P_+yKDyI=opp^`d7RQ>Ac6|h1Y=SuaV+2$cB7j zAOv64=j4ljeE6Ah{qrX+VaNSjsVqlH4+bXdS0{V+Dre@&`#p&Wzj(u0A?H>FqcL=d zt~5r>{BT)a&2*=zGMB@qu3uZ2wuP~NDW^YVtGZ6xc#!4>qAm(Vp2t!duBCwdAMc)r zh)G1L`YRIjO(zRAFH{#{QEozR`mx=SN05By`WwPxFo!CWT&oX zfV-dCnzCH=Nqx&lklP6}w3*{P?vUv#W6WoDit%=%1;&UGZs|GS(E!ttmClIgScw8PB#u&H7wVT4-77S@c7;KIgBh_IYNq z7#hR(F(jYwxp{R-c3=EK2-Bz8UYo_&o)MoZ5G)K}xfUq&6GFKcUheoVNXE?TO28*&!e%% zCwH;j+qgWFhH9g4()~nP$on3zlf}q&zCZ=y6l#U=5RA21P z>tajt4kNW7iazdFuJiH71RFZVow1NLlHKI*ZmoWko#X{nA2_mG39N3o6+1nAHrKB%buXTdsZMw5Hxdx1`1NcMp-IaR+ zIaXi;JSZZi{h{z3)*kGmN2L1)XpmN}ht3W-HH!)WK~b%U7>V&~4q3I`YhHq{)X=o{ zEInJ>S6IpWxvRJa%lhcrX?;420~z51SI^o;CgBr((-VAOBnWr4!$X&l5->sBl6#}k z@%9o#63&E6@_7Wi#_MG<(jiV4Q_Dc&r@^oCcp|ad(AL|Ep+mQ1$!7b=UeP`M= zJuO}hzgK&MkV;SMY=@6u`!m-By^o(?o_myTcnx$<0{qS7RJ$OZF z@Qr)@5pfR+pcq54`2i@Wgjr{g$S;2x>CfaE`353AsK9Wxo(EqK0NAM~{?~!bqeJfc z!eprA1DX=T7zn<}(uak0B0HMRH)?L;BMP%6o*38m7C=|H`CukGJI(J6>d0IotNjvc zO6lBUM9?A5e`2}PM$})Uw2!x!{}(nDVpvD!Ol#y)gxXzDa5qngvgJS@JKgRY)j9;g zuw`biBrMWyQgR7drm?(43ssHN;@MotDY%WUGrA12{jh`Vksr;x!u@JqWeXM6H?j{D zRPuHnW|A)E`@>i+M~BtfBv@~r&0;T4ljNMZ##7pO!t7?>(-3TA(MDwEhCshstPz}I zcR*2MWxQr30%5TNa4fXN=5{zEzR#>F0J(xOEg&|-x5(aY!Hva8LS%y&nT&)FKg67m z!$H1o8<3&~|R77CB_*1&2{6T}hkw3D0{ZeQd*I-(1S;X_qup zk=VIgJkAH*%AaY2X+AwRn$bsFJ#%b;7q$IJDT!Yl;1io*uYWOBY-}>B5391IsN(UJ2SkiMa5&ypbn8v)GHF!0M|_&9$Kjha51&n1+6uS4mMg}nMlkPZuYpYzPtjL z`A++aN6Pyx5qvAW1M&~z{Mt$p(vgr+Zg!g62wo(1B0f1OY7cEoQ?uImn9!^Hb}6aC zIW)W7yiwN=Q|oJ3NL=Qg(<(HonQ|2+Onk{VO0ab^d_Y82*YCz+FN*w$ze~%WxI1Oo zf`XztzLD??2s^c^MKLSyQG&}K^H=hlr1)#C2Ri$1*VmI-B)Dn_aoM`T z*37vMUq--(MH9UAJnWwJoD+ahvv+2NPrZ5b(sbc^Y{woXu&BkJ@DAJ>cTpDI^9 zO?#WTku12$?VIUmY;0&`+-Z&{E_cg~@h){K${tKf|5ImQW=`|FI~XheQ2Ak7p?5;0 zNB#m14x)sCwcR7Oq_mqg0!Hgv?F;xYTpTS(v*U2)i0M67$RMGe%)YmDKN^pX;5&7kzu#wqrr9Hcd;m>1a1i>IXx8>)sYiJTZEX+S=74Ny4GFhF8X7x8)ipiIlJF zyTE8KT%-)3Tf@Mwi_?)2g5e|h5H?BoUUz%w(_ju_P0GJmxq~<(;Sc1Z~Bt7Cs+V45t=ib4!K9jX3&-VN%P%qfGquiscUI{uE)T*cFB3#U$Qf-yw=oE!r zm)tFHiR8&S-W1y9yWge4&+l8lnKV_>mG1-d*_o!L=YOO#BF52l`w@lFKxbrWR06&* z#%-iCnuZ-=##dw78}G}3E(Z-4qUQCI``lt&v|UJ>&eij#O)a&v3AKwt`h11?#xjU$ zF(MHuR1*V_tOa;zbI71mv{CV)k8SzujgOj6j4)0@?*720{BNGTB<#KYU8W&k$;jCY zyE}i$m0=^_oF^eY+h5^Pdgsow^1Mpqw30RdmWW|r<^unjo`A2CL#7#2|}oMZnD?Pzk=F& zrqrQ1gy*468(oit<)*(GOl3GT$|5wnJ$)&>6DaLDSZJ zIF^vFa1#>M)7A&yxx{Hp?C6Re47`ORsBL z{;(KfCtH8l5|i=;d;VieDq2W=;8xQ7VygMs^j?bJc3!_Loxi=hlq2ntqsU~#)nouK z=*=6>S#OunU)?9A)sljHNInGW0}s9gpJh+%tgU$!KAI3lO?{2mbDqak#APNZIT&8^ zD5j;<&d1~WXov0=_C*^~MKg;fjkYy9Wqo&ZH6mCor_>B-`(+{bB8%N`u?I>v=jm~uH8KiW z2fYGy>yi@>p>GiN>$VAfPTwD*4ZRRc>G==hKg_0O(q~x9A8S9V=$ica?~LSMb0C~- zB+H8`AA8+}eB|9h3wS0f&wRU#u9)qMdF=ugc{q&BjR$5qPvb@r)>&b{GBLxFf ze?*9Ls;t^p9_r1S9H(^pv(zUoNtPJ1<=cb26sLd~@MW2fflR8=a#Gu1j%yNMar>R=h0?mE4u8c}u+gl^7aJoEjjcC;vUJDB1#MzAB zY=dqV3-0srzuYQBv`%L>5HM-o!S<;}kuTibBAdJorftf4&uZv~Tw@yMbh?KNKWXJNL{8k~QF!~SbX@1K7eojh!Xd@#SxSKEU;&6T6m{Mis2 zMD^g39E$AV04jRg=-EL&DeY!Gi(|v1Ja&CDRtakQK_PB4sjL*=zF0QI8j_=Q%&bmd z6zo5l9^BDlzWFKE&ceUSKJ{aSU|{Bf9PEfYgRn!S`UkORpZ$iZlnjxgQo&?$AsDJ)^gcYh ziHu36Mx@W-yReytso7SXbezsz%c+}BYSqKHa%{$y^vmw%-LlZYQ!P4RiS`K@m~QvE z){oxdyY5dS>vN+vqLBi!X7S=YXKMS3_8%#oJ~t(np-TZI^E&$8d8k`izQwz_%eq{t z;ZAqKa@FFAh0I$3rDkgeO}nD>@4NefwEycL>0a`mk>tf`G*+u?0J|KFc2(~)S=g?l za;@EHyIT|t~JhoXb7;{IB6FoSSAs=ia;uV0gXapKKI{wr_FwO`zf;E#Bp zGhm>iR3o>(QgyH4I$yVc`8Vg~^Al(0f}8OaJ=n4gU>{AeZBvhopdZ`FT=2mbXLep+^t!pH9dCU20Etsb=9PYmVuU53k8Jw&m;J*&x97PQS%vz z=Xw+Nhkz>T0bBf8EmU-Lbm7{UFO4rE_@L3VSBKWMitoNE#10pl$mr~}yysy6s9BSK zu|{*@LJnwP584TOu|v41W%^6Y{MTT!P*Oa@pVVYJ_Gs?UZ~ypX-ADOwmyUb1^Fdts z-+J@(k)};&h(MgQ3s5N_q~Yz!H`E752D!=#{g;vO!JwZ#d|;T0deAcne#fnhlrW!I}0q{c(#l^fN;d=~7c}~Mh@khduxalIv=W%@}K4W_~@dF``7~9A95Y+Yr1+lh<;1`}ld~pE%UJT9M+754Dyj3s|16$@;5z9gEEw99jIM4LI=TPT_EKXS5 zvgvK5;np#>Nb)I-xNgu%3H!M#Wg3$0!XC{GyAKX|uG`hs-RaHIb{G^H?`#U|48Gg4 z%*V%9;86|ecgWNJDt8Bpr!VPe?;K}*U$**X5ToDVX**YcoVi4Sx8hnTPbbyyty>8g zJ!oIZKW_>;{>cwRvb^F)d??OA#;+^K8}n6fhryO=N8ubttjT#fSUOQYu)Y^YTsmp^ z&WP`qAX&>vx2jT-rn$5<$n&kd7Y0LROoNV}P~V(66iDhPusp~H?O~uT8esfrCR4qp<&*1ujnkOpP(fTKGE1h>v zHF7w=3f>fZYp{BMwv|qB>5U+!)ruq&c*eE9vhWn0z_kpa%zx~fI|sT5Uv)k3ovhD) z*R>-T_<{zYpEZ#H)mzYehZDPqB02Vbdk3s7J|*~DGL z$D!QbA19Cjz6*o2!SbdGY68KRdv?0gm5bDsMbbJiL$3Nrs~uOKa|y^ZsJJ4J&u{;l zx0IpqMM|QWj%PtQP18gkD4uN}yw}Ge+)`;A_cut1$JEalV(Zw3uDR(LMJYM`!MmA%!WMRi{NJ} zzT6(6&fiFKTro>8a8kr%GrQN??rOzz%| zn3n?MpI9E1Qfg#7vfs!O`5fBJ8dZweG;D3!gao5p4mO%#CJ8L>87L^Joryzr%9;nBjJ0;YK;L5ucQY)WLk_|#jO z&ffKUp<0)jn1?jbi+)|BJc21pl1W*##~P_D*JnAt&pg%G75kc$I+>l3!V(=MB{u*E zy=?Ax?(uLj?d#vifgvXjPhlSFo7}MN&DC9wZtsKFuby|1l8-~34#wbfY6thW8zj3E z8-b+lI^JXaIjw+EIMB*eunf^cy-fg_gWxr+EN7Tpu3lFbTg*k|e*E}3Vf6B@`{b;wPx>P4G-5|3KS}~^I4fXlxetXz|fs!rhn$LDKu5iaI!JI*l|*} z>e07Daqz(s&R_={Oo3WP{I41cd7v=QD{oZp)yeSoKK4y8WojP zP+H;GcEL#C`y;fCVq9BM0kzE>L!-)*F%mGVja=DZS^&3u4DhAlN>^v1IhQ>4)Zlk# z)$alksf{W8tUR%=$y_Qwa2e{Nyem#KiT9gfcbvfGu@^cxuRPa65r&7Cf-cJpPx>7> zQzB-cWKS`J;VLn~zBtXWl;A#6L@Bj*qobd+8oG~6oQ-wXJSw#{4Of_tJ%LB4(eDir;k_7v1SC-`-}X{dZc?GE>E=qiI>7kyEq`n>@!7=wJRH5>Qa$HW_6`wLAXhs zJdJQm9@D+}4DIztBIow0Tl=}Sp;Q_aN1k{tWMg9=*0o#gJU`r0*kBv;X0@KtW6XbR zItp4@MqG>T5%RbDRygzRGWnIoRYHM-z+UY>q1Nu3v%R5Zyx>X&hPU?0fKiCUJ#_ej zds~zN24m;a{b!%gA%845W+Yz->N67}&2#p|5qaLA!?v9eJ&@*@D+?pKS zC*g5GqO2gUG@Rx$r2Ib5NBX|X4Cbxc*h{%R+rF#Qgb?ED(m9C5L738yrw@2J#uxfP=>Fmdy zqP_BJ{BrcdO6Lh1cVu}QVzSu>JNWkLn4)qhH?nw!lc^)`JUvz+0l?dYs(T2+O0BO; zLQ|y=&O7FYNkG-f+_$fbJ2XB?&>{`eBip(KB531B2S>bY*5lvTr{mwp;Hz@rlW@tE zA;j?N@tM|Ad&8>!tc-YDVWQQeG>!}#l?WHb*(@HUE{$2ni+d|J&5F?OQs%gJ^;*vC zRL3lX?y^uTI@O5n9p>tNl%eDkKZcB?(VT}f*?cIJ){Tb=g`t0-Lf!!3#*civG*6mn zH^^9X5O{m8Cf7v=$V=XzJ)%HD1}Kq>POGUUr1~WsJfa}l%`{^z9h!Rzz1tEiPV@S% z>JUOnXgpL_&=zz2oU`t(VBf0cekE7IC3+v-!cS(q51lT23zH=h@MRf^UM=)DE#Iy_ z#;K#Gx8(+L+`^<>#!6v%W$e%DfQAyd0(kwjQ4GpnaHisN>}00t9c@p zP_Z^cg>Y*TRh(gNU=V3$5%flX@dgR4jhUHQZ-ukP;s7FpVoG9XD%_rLYBF@+TxyZQ zzPx_x6)B&KhbNCj2|XiW2}J>!#8ATOcNt3EhB=281V*H(M(eCneE}(o6iOUB9w;Zw zNg8=^2K9;L)F%w%A8{Y8=}=3SNi~}ildCUoYoe6gK3lb1$*`0jN3vW`NjA?=W{V|l zwRI;(PH8|HQ{%?kCGg^~?eSV{4Sp!W@%l;)A<>W!xY`SZu)?MK_NZn(xmt?aAQBES z=w54sAN5TNCN`8?BHz@MSy-L-1CyG7LA`x5dM#7?r)ve*TUHgasBqGHlj1?ArI{LBr;qyZi9|GS2J-gQpSm;@;A#bbeU@k@r^bWH-u#5ZpNI zI-H@BWVw^gVRgivm6dflwpm2~NdbMJLf6kKQPq!(m6f^Nr#yD4+PR(1ZFQdgcDh`4 z81H@B0%p`1e7$5Z7mFcfwaFbcUH1 zfiU1}esJ*}%`*}u5pB_)p;l0f2s-y+E4Fx#FjvX6*RbIX2dOHjuf{M*z2HX}8dxPB zTee~>$L#!uu=Bk^e-Jz*izrH_i2xIDELCK%2hLq<&EypY*35e4og7msP)=!c`(`nm zMSf1hDro1^Nu(d-Y<&h2okSGJSnurx==9(ysnlmyY;+*yRUnhW*j5H=7oR%RuOS;+ z)9ba*O@5KISh(RQ`yjIWJJtaAiGM-~DElhz%FWs5y(i>VxcQM(fL)^MtR;(YYF6Opl3c*Ph!dfigDy5OjlsM#{nR{XFAOe|5ta}I!%mBj34!Lu2px--Rx)8oat9zu*1S z*4TdnbpB|I_l3o*{EJKz4QPoc*sTa=v4I;Pdd zzrn>+n;^<&2oBV~qAn)iMBn=w!x|x>>s~=zuzID)(|pru>i%M1L6Vp*ngwY)&}lYq zWyQ(UEc2I>@*kk)Xp42NWuzbO4@Wb(v0o{aI0~mXYdsJd@jT38y-q1IrCLTgxtfqt zv(Ub%X?0(3YwzjYdV<2kE&cSZSmDtIEgzrtbceF3ryD*)l0>00?-|WnhUG~81A`KS zZ~RuPXejUNnWZD{%(8U;oGoD={{my=Awqn`$_FDr? zxles#S)2{_QHE|s3EpG|PP#fDGpg)be>2G){mq$6pUr~q2G5VC` z>1~!09X|z^KH71@?=4sDKgii>W{X3NZ&F9-t|VITbWG!-a7Y;i;h8MU;Jvi8`SYrtg<_$?0$l!5C_Q)I|;sBDY13# z++V270s6+Sc$mi~3wJob*1me!ceG|}@$gf{`U3fI`=VD5&nm%&U4ysya;=-YjS5C) zm*BQ@`tOA>waH?U?_>b(1H{?469(++1vctabv+`d3 zLi-B44r{oUZE!RKsC07fBG~!(R5bYJSL9L}vp=YH?u2EjpWeQC0M2>yyj|GmAW29B zN-eG&uGzwX@VIOtvG}33Y~vdyEiG+%_PefBnN8oBU(g2tU+H-d+HXxgTj}BF=p_F_ zFMie+zrej8KT5ZO;$M5c;IiO<@h`vM%N!?b?#<2~4}ZM<^Y06FSw_*jtcF_xS-wTw zuoxGV>*5Tal!Yx_GEnr0w$Aopk#JV@Lg+W6MEFI>DF3=TgpXXb7Fd!_dMnQXq#o^yXIcbxo# ziOKYzN8efp*YzI7QN=6JmVo1DP!!5QiC8e9E9J0~QrFLyLR?H&MD=*Z!($VMDiE9V zT^Ps;yn9AYXp3^v_WShHT)EKw(&Y?%p&^QB2QzNBEgKy!9Jj-PmYSkh7wk)j_S z@Gr&$bb{bgb>i&Z7*Dx@0=R1y$ooH&c7~(`m7VMNJcS&V4XU=opacAJ%%)xG95>1% zlZUrRPrgb0+z_U&sS0OcHGUSF|D01S*T3OPmfhAr>gR2qlPe$7ElAodDI3w7CvzVS z32@;IcE>iy!tqt!SmNoJTR!S6YGb1B8PCP3K_rwqT zR!sB465R7$7qMTo^1NU`+4LYvJ+JE|TmO`NS-EX(9O)*=JPP*4FZPrQClWL-TV`sd5g%u+)nYW=8*-;o!$Qp|c({%=?89 ziW&W;$q?t78l+Pik+`CwU7e42t-}TPLCa{N9`(7(j8U&LIzfShC%uI>%zuTfHL`earB# z{SP3#UA+70B`^PXkL{-SH;h}hW@WB+=nE!1H54;1;fa>QDC4j_a0%nLf|eaA&tXK+ zS3U6ZTthC%>y|eszVHp~)cBf%Sv_*4D_><4zBK|{!H#hq8+gGdtOEq~I9l5MPD#?# z1ws!i?O>SjXo+cvNa-h!zPasf$3Cp51g2=-HxZO{J%b@)DD}LGV~W3Qhl6B(N7hRS z6Po`RMmHJ|FGn98{Sg&GziIQ|!s45o5*yA|R#^lQ?_LZJiyUkhO#fSC%%i>th?aL& zWyqlT|Chsz>$J$h#CagC{JUf4KQ_d((#AHRpWZHyW%mC{!Ga7Yf^4&F&HG=Mvrec3 z`Pun4U6=|hhuCttX_&QrQqHw|Fz7S__}Slh=nVDQ)J*XLW38;=0FbN)8leyVF(%Ud zC*E3VpVEH!3(fl9XZ&LxbXx){=+^EUzsIko@oQ86M}YQ!bU<GrVHUxU{Z$&Zl7V>z%+kWmq=?aQac_=<) zv47B^#_WJK%1On$Eag|3YtVlI&F@RePbuA2f~$A&yx-kP7~jN@#82P_}l@!dfPIBf#vy^uxwkESc2F{S|KRq!U2=IUf9Gr|O8*8%HQ!c&#T_qQ=GtvD3pHW(j&=G?*L9)S~Z zL2sf8dCXAT-1JH3!n66znzvgSe8qcU;}zqMqjKWoFgoS>Fazd`_;wQ`_t_>UD9~O!QJd|TYw}r+XVaSrk0g(g_gnU*n>?=+hjU*BI z@@@_TrpfH}eh5|N@kyCvA&S-nu|5F1TTsyQwr-biPrM%XP2xB~Rapn%T-$$AgDdf5 zZl;ZI91mBmt*r$$F*sB|ywTM=DoZK;UHXg1&35l&OA|QS*3VD<#ka?vx&exXYT_I4 zNBOl7rEh_~B1hIBR`!tp9tHdTp2>}6{hPTg@d76Ac~S$5Z9Yw}?18gD;q?I!>KI|K zJmZKF1?^AHR3FvSLsl$yf~X?`Y!=jg2$S^c;?mLC%*-2Wv-2YQG@;De{fWEuzQdc; z#6_LbF{lpIRE7GZg7ERS&@e^gwW;QGK4?BLC~#-1BJ%+J69QOjM592R;|8#d7g-}< z$Ii9s%io$y4ZUt7uBDJP|D;)taqBSl`|bn%?vB$XTgA627%8 z##$|_F-7vzsA_vEs^5|lWI2(f~fW%Xad=myyHmX{Q)PyCI98 z1Rj5VYY?0Kk0Y5io`QvLEuAKR^lT>6;r;2F0L9f5K1_q+MYFz-qWonDj2<&&bQ(7Fi8?2w_>FzU)ztl`9fndR>(DoV~~woZvn#x z$;3w}l{ifYeWtyOCe6Q2)p=rIgIgn4nAl%V0etD^SZLj&1sBB zLrI7Xmyuz6EV<5Ev*kbL^yy5(+SR zlF(frbz=j&xl0LLRW7D)LODocX``;hcC<`wRaWuB&Cu`eI;K&E)pG{H!C<38YD?>O z$uj}(y%lyCA7Sz-rDWl?P>^rxhcyAh$XcF>*>|sq)$#VR8~tD~%a^&Z-5S8~E`r;p^(A1WoKNr=Io`fw9fxZ?71q3oc6&2j3T zT&1;_mK5p$RE*>`TrgUoUoM{vSr!FS?NOqbY>wa%qnWx8VDz=_`a0(tRCMZ<+Rh7{ zIbibU8|#3{C2P%I_wP)b{RxO?5V-$ECQv0`{Y9u!6q|26uS6AwTD*KtCzzdj=uS4@ za)V^2*;HmoWZ$~3$O4xET&3w&x}vT(DoGKou*;oR7_zHYCtd$e@m|amlS5YqXE}Oq zQw@E)G|@B_rZ70L%R4iPZBix_8hFj8xdFe2%B+Q*^f>!sAXXU_bz8EOA`D=L!t6MA zb)iFw38KgrZj!s%=!y>pqD`C?Z@tomS#8zy$)_q`({+>-Q%c&rVa#M6uz)zX^`Wka zGI~B5`yH2s^C(oXTNIpGoO51$+D0C|!@uk2Qps=rsdGi~qPWJ}8?7`OG4OHU3sjdB zX@_#wo{!)CbIUIM0}!?u3{OTp)=yXMF1%ajcb;j@&9k9X9KQBGf7>_?D!Sgv{+jPp z9fyL7FwKr)&5axB(s5EM{=&>3fq~zDaJ6}g-zQ%4Y0;;T2CDdK?>KjBT|Ctl1QAVN zmwR)u=*!JX9Gg{_aLVcqTrQN!ke^g|0hz%MB6zce5g=^e^gRX!oV+LSUudD_(r&;} zb7)j^SAR7Z(Ow)DcHSKxI5$eI_xujdCbS*RTh$6c$B0cY_1~^V$>s<3yl&s?jw^n3 zS|_#-8I`ga_TK~4tHD=5y^2oVD12vag(+l&NUE9bXDXN58Xu6Z_CHA1(#W5rYgU;L zgsQ*G;uqkDA*+ym(ISj%Ju91PQKlx6S ze$yGo;o`vqmR5@ivLt|m;#;^1%IjkI$Tc_)&AtxMg!_s>Ha?Y7v9I6r7l!m{l#~^0 zeOuSH_EM?OfGthJnRnP&@D-OsGLa+BDkk`&d11S3B+Ssq_d2_Foa{5ZM=2P{x<%vmx$)Rt>UMK3ur5 znW&uq83_HSY4-4vnCuYji6b;E*Vg>2JY0%O*ku7c@;LNsX09s-N_%wl&|xLA4;GQJa&I(@n9 zUWdiKFDtV&$1HvJ$(0u?3FqPY8#^cP!Ww5=`9iZWR@sV5$Vq&Sx{z@t@tmgIVNq&k zZmk!_+59iG;FMzfi2*_5+sLInjA%Du6;rccvtAnoryDNsDJ_@W0Oy_WocpE*d_?iJ zf|686Kd`7~lI{B19MHG5=N2kh?`ygZ+6kAPTIjY?w`+Ny)v@|QH?W{q{u7Hq?}asu zdW*~*3rG%?#`@tpaaZ-cHg@A##NMYvX8l&BijCWc4q|>;Sy2#_38BY!=Vu4cK?V)s z0Rx)MNBI=khvZTJgNlX9sz4_K6^^Fc2=~=2bcYnrsqy4wNxvfVlHb)7qc^QIe#u-A zDZb(V$^{+T@^C(H6`HPk|w9aLDXn-eU1E?`XWq2H2KrU3l*JcEiWiWu+ z9Hd9fA$C4Rxn7cW+J;QzFLziukfHJU2+1S6Z+7sTxhaczEK$Bvm%`iEVYBn)0mCHc z0#oo`HB&C)O!u`0$9J+*M+G67JsDV4^LVn>Vg=#G^6U0RvXhXV`I{4nIEi{LYOK_De_;%d=)yVzh7X@hO2V{WLLjZnFnFMbYs90_-H~J= zEl((-8oC#khpQ|Y{=iPk4{rGEvZO|iD{8*S%|-2>3PtxE-|g<5`0|=7LDKRYOIhIX zP=#}ur4~9Xlu@h~XETd_cJji|X!vs-CYZ~I1n);|gnPB9S1*LUx^LyfE7vxcS7ha>i)7&x zbTQNulHkOV)!rec_C8_~VfSfkB1S@##(aIMvuq)qe2e4TTkBVn5PGU)wAnnypeZ%^ z)z;B2fmh^(s!kW?2FnU4hOG8QL5Kb~8Onjf$1fRQl?%zWoC7ISaAZYg2hIWy2(OHx zKvwyJ@mcl5MK|i`kD06UsAp|;)i9503!GwFoc)fJ3@5G63Cd5JQW9Pz6;zIw`^>~S zTphmHAo>1u_8W1jSr@{i^j)8jP)%Z>4`*f~@7IJW`iI94A1w`*KB$l#Rx%%^Dk@B~ za*(sI-~YgR7$nDG(tY{EilH{CV@gd3F)a?`+1XUqYnvk4Gtqo-4h2SaX$-S^9S^F^ zAfHzhisPtDpBQ|DPt!cPQ8oL2<$m{jEt&Lg)nhaXSgU2dSPis46MTDo`9q2X&TC`t zA%7AORO;#K#t$STT1{kwL|Rz5{m;VlUYGV zi?K>i9Llnfb{jMYz<4Zqqz(wyXvsdMl-zFyf=d%uzgdV6&x#wqW?X)nftn~l zPDp2mW%EH$pLWMFtEMJ#|7KWcuF(>MX=xxtsyFJZ3eOfShCinPf^{TaDUP#EU)XW} z63=kXp#%Zk20qn@V1ayxM)~dRTuXPDZlF|H+L=v4JTz^@x^_tVyrz-3^DV!!!;1MQ zXc+VWD5V}6DqnvpjiWvh)fXN>rYZSkCaMC>O2N}5LVl+4HO5Ij3Eq6C2k2yuQqOFrk5U~!8^ zu1c{tn=ywhA^zeNinVr?NQrEm*72n^aqd`|ZLexx-g($9)`P-cUsARJa9TWz#_VguKVtw|4(~Y9uDRD z_fgYA%Q={o5*3oQ2t^o&l0&u`$ucuZV;M_?QN~{Clq{!&$nvwBgfRBC4zgt5hlnhL zA~%A7${M_@%STDaO)0n-)Mi`$a*)3~_%I8OA zOUzB|9L`_ifo8x9S0q-VEuntz;`Fb2+)~+zHucQ6PGkU^!x!-olv{QBL|9xPNE(*d zS>S95s}rJ&7WF=Z_Jm|78$mzcctug zI&rJ{Jf@Vrbqz!my5#-AFBJ}6Gv3D!H1dw+o4?i{dZ~GTDemRO%j2s-L+6M9rRrRm z9z>RDVF2bM=}xvUhj3ksyX1e{#(!-6n5T1igWYWq>i=S4-I;OQT+cR4$x+me85}@? zhBEIQ9CvgS$QWHyJ^g=z-KPb2{?1&{zVfDIw))%GM!EVXzfN{qc2y)Z_y zxNqdn2%)~Hzsj`q+YR;X3DlxyQvA~TL(mDA8a(=z;-y;8vxYC~J7(v`?q{#88l+D< zyYnhGa;=hjJwt#-_k^HiukV)_;3JzvLpfk^pp^x> zN4z!wT%y`_pmEeZ+Z9h`m%bzb!lD>22*~=VEL&imcGS=+_$!^36jztyEbc|CC+O?) zO?LiXby#hRK2tCMswZ&gkvrEb@Smo?s7C*qL;#6_h9DWs%y-q-jgH&#Y(V`xo}FrEx&S+)5+H(Su8#srE&+_)lqA&F1-=D z%(dev)ySKO5FouA99h6s6G#UPq7)h9KEMuEq)ErKuJ0)Q=GmQufGJB+q&mjveJH< zo;wwRbcJz(V?m8wOJ=BI?T4LpXHgiIr9A+Q*tIQiT26h~B+@a?mJxb-cb_Pm2_ude zNx`>(hu{y4w*uc3iyv3%=S;GeVt$tMXycm!hgAqyLClN!H2C?k(Ky>SLM|l`uvyUB z(83Xyz7>OtJKZ@7H7gfzb(SFAVMpwcBySdeD(Z!Ekx%%QzgFFC?J*C~z8E_$%7~zKoQMPpw$8r>|Yxt$D&3Yn!z7&9iswX6Gkp7$F z1JHcmvgLe7qt%c?4e)b_02k+ZnL*;9*Puq*&{X%M_vize6sDb8!_T)W9&WP}WHdN7R$ z5_uNVJlkL8)@I@d9#z3h8iqcI$2=iUcOY*mXicGX4K?6PD?M|mb#jn*h+yxeLDF$j z{mwn_#3at5s8dygRiHkGR8CmxM|jZbBZb4yZ0oz)l0gs!o(3lAEe8tcO7P0qT+8fk z-OOaVNp!pyS|es1zD7m8iw2cpKBMSsv}{%swXyk`>*z>xvmVWHAvKyrw620G$HYK_ zi`#+f4C-C%b5sHU4A!kyuH14)KUIZi`aM6bSuPOA)aB`ble!EBdb6;Rw$x} zzjb<9`>u=&!|kIEKLCWAD+aL(EU`Y7$yLLw-Y5so^?CRnXl4Vncm4E>c747GqnG;P zYlaeZxxdMLVnV=|n2Y5%YI3X}Xx1n3-w2Wzd%*NSCyAyvx6T9*8UF28qN>->8S83a z^YE>I2vYI};PSHcC5=ZAkdy3Lo;dUeGnaR`Ac!v$k!LD5gy3tRCLz80n{cJu_x#ux zAvxxdD$xRsn)^R*>&Aa$!vU5Wj;lEMvt$yREr&Jj23^pE)DuJ)LjbRWHcqN9`muRF z?3amC37*;wpBg~XmD}m>ELKdeUL8IPTm?@1S4@nIjHXj*b4L5u=^4;?m;<0*MFPg( zi~f=UkdnB+^^^`1i!nzw++G~nnC7vvB<^L9jw*g^v7-51eD#aaKE_k7-C=V|{^Saq z0iKfEZTg_x-^XI>2yAW8Pj0f=k^g_YAG+<^Ua>it|2O-tRU*LZG~2fw02@$-pDMNh zVRbgBo>ZWmjx1~kXtI_2(%hR8ce)Yd6ctqmB1n$NS#U_=C*)eUBt9CGW)QB$fH=IM zTf9Ua6CiY0R`GDOkupBjs#3?=ui$v$D@%LXi8Nr{5Fi*xd~%b0{#*c??lf4bO2u_y zLRG0?>(`ETm8WFGV_mH~Qm-J=L3WZyW3N%ga=OL-2?>wJ+OFJDc#6u6j5w>_ItB1M zjy8IITA?5z)Tso-1CFutfI5i=x6@p}zeql_Da%!Y1{9ToF9f5#ti(WBK>~v z8rN3AV~y)|VQ1z6>rcwW)J}jTg2WwrORBrE?3mAtog4^&48b$DOb|OzB5Bo9hc`Cf zh%yG*zmMXHMQT$9j`GN710I$xnlv9OYIwsLYftEgsWRWdSa&9G<(X6Z#TF`5_(+6`N!|{OhX?c(1C#4Bm!@M(R7KA zA;=$RUp3e1S-K+Z<8E3wW~>}MPaze;!g=r28%)Wf_sX2W^-|^AQ@e&&lq~AQfKvLdxz;SNoKrGeyD#Q_(6RGGWz704 zSlb`omonJ;h-Tp4L)spt+%OR(=1vN7mSf z1~rFtx!%tX`LNOR`b~%wk{MNEtMmY&;gN_{BJ2H&8=V(#DW^&`&b33*&VkJA zNNI(K8g64#Zxb{^3(N{00JTS4VZiK2gUeSzGH^Te0{ROJeE@Chqly@$WdqMw!4s9< ze&|PpEGTjFS4Z^Y%_Zy0z@jtK_s0P&dJl`3@g&#Ep!3B9Zq|&*M)Lh&i&O8RJIE&U zCYZNILg~mzZ{3b%C67V&#t%> zj8B_$>g)^T0ifPI;Evh_1&24PbsKIUFvJ;|4*cLJ#3o}-1Lbs3Hq|ZTgGA(A^WX}u z9sP4IwNHc!8!X0rz0W|pm+!I`E%H5I-8VBbnm3jrv@3C-K{uxlr0z%R=+-{2`g%YQ zZ`2O=l>Np~MMztR$S2Mc(e_1uk+ho=Z>bD|lrU2=N~;gC2oMNXY^7;*Vy6*&z!^MZWr)ZjmnR65oWw=W`ljwBd`>rVMH%Rq9MQ4Xy37~|WL z`zE&CG366ajazMo)ZZ??w!~f;DBXs-Yl`2tbGiGHKX+s%8>Z}3&}i0P$3tob6ABRd zcSAB+`JbCDYzZU)wlHGtR8TEo(r)~jmRvQE3ya`sy)M06I-lNje|~GSen#Va0Sm+A zGTe;QmAhpu8;9E8sHhp|*u04JSRxx9)+-ZlS#?e?nt9CjaxoV6oW;IG=-Lo16b_TH z(eRc;bKZg5Ul{@^zi)evFNjJPC-t|0@);arXirT089M8#V3NJ3yuZc#L>JU{;f>39 z`v+>oYkn&!n|BS$<+X?aZokUlY)f(0M)HF+C(Po^5XfGCJ=AKX7Tgl6ttu<3w|Te% zp?nO|0jX_%57xvgWSLmpksTPh-^SO_F+7h&{S$k*tG2gDsrJi|6ip)9SnzD*GjX#k zgN+9X>__})hXPuro{wyE2`~IO>#b6p?g59eLt7DiXG{*9B|ZF&8Fq_MkW%lzW(FkO zoWUH{cyqKP^vtT3L+_soKs=Or^I^QgTRk^B@UX_ZCX&F#L2uGob39IjLot3gan%pA=YH7|Ig z43UQR)FmXB?6*l|oA<@<5cX0EZMQtF!76v@!h)RSZ;b6;1Pfh1c??n=4B?toOQNl?hdt!M zT}v1`?F`q=QTUQs4M%wR8mdmxkn7_=bY7hv z4`d98(*HugsHF(-L!ZEZpkHjQX@1$5K9Xe&0 z9wDN&UE6#-=kU z`9r+&ZXevEb1heoTjn}@s5fYF|J99BE{vbOY$QQ;+ubbyO*qQpdqPKV#v7?HgB|Ck zScF(VKz^!=#XaF~`wCyi15cXzsKtuHFNz|TNwm4thpQi(Rg^?7Cq;uexCdm^?q;qP z-3XW&nC{-?YCF8djqQmKm{_FMVCBcq124>KU~n%nQC9m?ozRfeo$;`6$x63E(+Jk! zl=yC0@u=!VS4GPNzE~FHk}JF!pwp~VY=}+*FQY4;+wHES+^yiuXqAi)ChQ)qpMJz~ zvKvr`{ZZO-mR%o0&?xPeg2Zu zj$QBU4)6OjjRkz|!nw_cd=`c!BGYcPsxf){aOw<)N|piV>RD5Q`#7Qdq2zoHPCK74 z|KYCh$;Q}=Y!PRzp5k>j-YDMuEFZ$9b1kA)ES?fJykctyS8r}%08mQLy**>I{g;JH zF>*epi+eg9UT=JIGx*rJdM~IWYYh2^2MT1+4OTXw0J|na$*K?>Tx+fIeM{}RGu^1z z${e!ibEC$SP_>Xp`Ody`vZl+8s6^!k;dO Date: Wed, 7 Oct 2020 14:33:04 -0400 Subject: [PATCH 31/84] build warnings --- .../microsoft-defender-atp/advanced-hunting-go-hunt.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md index 5b0d61b4d3..31a266ff9c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md @@ -21,7 +21,7 @@ ms.topic: article # Quickly hunt for entity or event information with go hunt -[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)] +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -29,7 +29,7 @@ With the *go hunt* action, you can quickly investigate events and various entity The *go hunt* action is available in various sections of the security center whenever event or entity details are displayed. For example, you can use *go hunt* from the following sections: -- In the [incident page](investigate-incidents.md#incident-overview), you can review details about users, devices, and many other entities associated with an incident. When you select an entity, you get additional information as well as various actions you could take on that entity. In the example below, a device is selected, showing details about the device as well the option to hunt for more information about the device. +- In the [incident page](investigate-incidents.md), you can review details about users, devices, and many other entities associated with an incident. When you select an entity, you get additional information as well as various actions you could take on that entity. In the example below, a device is selected, showing details about the device as well the option to hunt for more information about the device. ![Image showing device details with the go hunt option](./images/go-hunt-device.png) From a6b6ad342809fcddfd797a723633dfede5186b93 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 7 Oct 2020 17:48:05 -0400 Subject: [PATCH 32/84] edit pass after submitting draft --- .../advanced-hunting-assignedipaddress-function.md | 4 +++- .../microsoft-defender-atp/advanced-hunting-best-practices.md | 1 - .../microsoft-defender-atp/advanced-hunting-extend-data.md | 2 +- .../microsoft-defender-atp/advanced-hunting-query-results.md | 2 +- .../advanced-hunting-schema-reference.md | 4 +--- 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md index 18be1be4a0..b1576974be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md @@ -20,11 +20,13 @@ ms.date: 09/20/2020 # AssignedIPAddresses() +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Use the `AssignedIPAddresses()` function to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time. +Use the `AssignedIPAddresses()` function in your advanced hunting queries to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time. This function returns a table with the following columns: diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index a4ab079ca9..f82f5473a7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -21,7 +21,6 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md index 9da7deaf78..5a8a4ad77b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md @@ -20,7 +20,7 @@ ms.date: 09/20/2020 # Extend advanced hunting coverage with the right settings -## Create custom detection rules +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md index 7b15790500..b06237a57a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md @@ -134,7 +134,7 @@ Right-click a value in the result set to quickly enhance your query. You can use ## Filter the query results The filters displayed in the right pane provide a summary of the result set. Every column has its own section in the pane, each of which lists the values found in that column, and the number of instances. -Refine your query by selecting the `+` or `-` buttons on the values that you want to include or exclude. Then selecting **Run query**. +Refine your query by selecting the `+` or `-` buttons on the values that you want to include or exclude. Then select **Run query**. ![Image of advanced hunting filter](images/advanced-hunting-filter.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index 3bb2a7ef3e..c41443181f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -64,13 +64,11 @@ Table and column names are also listed within the Microsoft Defender Security Ce | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events | | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Microsoft Defender Antivirus and exploit protection | | **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints | -| **[DynamicEventCollection]()** | | -| **[DeviceInventory]()** | | | **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products | | **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available | | **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices | | **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks | -| **[DeviceInternetFacing]()** | | + ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) From 67acc71d0da74638200937bc9c6a118c59e7dd65 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 7 Oct 2020 14:55:13 -0700 Subject: [PATCH 33/84] update sections --- windows/security/threat-protection/TOC.md | 2 +- .../configure-server-endpoints.md | 61 ++++++++++++------- 2 files changed, 40 insertions(+), 23 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index f69cdfadb5..c7f7335c43 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -448,7 +448,7 @@ ##### [Onboard devices using a local script](microsoft-defender-atp/configure-endpoints-script.md) ##### [Onboard non-persistent virtual desktop infrastructure (VDI) devices](microsoft-defender-atp/configure-endpoints-vdi.md) -#### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md) +#### [Onboard Windows servers](microsoft-defender-atp/configure-server-endpoints.md) #### [Onboard non-Windows devices](microsoft-defender-atp/configure-endpoints-non-windows.md) #### [Onboard devices without Internet access](microsoft-defender-atp/onboard-offline-machines.md) #### [Run a detection test on a newly onboarded device](microsoft-defender-atp/run-detection-test.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 38b47a18f9..d1a8195e28 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -54,16 +54,36 @@ For guidance on how to download and use Windows Security Baselines for Windows s You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Microsoft Defender ATP by using any of the following options: -- **Option 1**: [Onboard through Microsoft Defender Security Center](#option-1-onboard-windows-servers-through-microsoft-defender-security-center) +- **Option 1**: Onboard by installing and configuring Microsoft Monitoring Agent (MMA) - **Option 2**: [Onboard through Azure Security Center](#option-2-onboard-windows-servers-through-azure-security-center) - **Option 3**: [Onboard through Microsoft Endpoint Configuration Manager version 2002 and later (only for Windows Server 2012 R2 and Windows Server 2016)](#option-3-onboard-windows-servers-through-microsoft-endpoint-configuration-manager-version-2002-and-later) + +After completing the onboarding steps using any of the provided options, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). + + > [!NOTE] > Microsoft defender ATP standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services). -### Option 1: Onboard Windows servers through Microsoft Defender Security Center -Perform the following steps to onboard Windows servers through Microsoft Defender Security Center: +### Option 1: Onboard by installing and configuring Microsoft Monitoring Agent (MMA) +You'll need to install and configure MMA for Windows servers to report sensor data to Microsoft Defender ATP. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). + +If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. + +In general, you'll need to take the following steps: +1. Fulfill the onboarding requirements outlined in **Before you begin section**. +2. Turn on server monitoring from Microsoft Defender Security center. +3. Install and configure MMA for the server to report sensor data to Microsoft Defender ATP. +4. Configure and update System Center Endpoint Protection clients. + + +> [!TIP] +> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md). + + +#### Before you begin +Perform the following steps to fulfill the onboarding requirements: - For Windows Server 2008 R2 SP1 or Windows Server 2012 R2, ensure that you install the following hotfix: - [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry) @@ -77,26 +97,8 @@ Perform the following steps to onboard Windows servers through Microsoft Defende > [!NOTE] > This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2. - - [Turn on server monitoring from Microsoft Defender Security Center](#turn-on-server-monitoring-from-the-microsoft-defender-security-center-portal). - - If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. - - Otherwise, [install and configure MMA to report sensor data to Microsoft Defender ATP](#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp). For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). - -> [!TIP] -> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md). - -### Configure and update System Center Endpoint Protection clients - -Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. - -The following steps are required to enable this integration: -- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie). - -- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting. - - -### Turn on Server monitoring from the Microsoft Defender Security Center portal +### Turn on Server monitoring from the Microsoft Defender Security Center portal -MICHAEL TO VERIFY 1. In the navigation pane, select **Settings** > **Device management** > **Onboarding**. @@ -135,9 +137,24 @@ Once completed, you should see onboarded Windows servers in the portal within an 4. Follow the onboarding instructions in [Microsoft Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp). +After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). + ### Option 3: Onboard Windows servers through Microsoft Endpoint Configuration Manager version 2002 and later You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender Advanced Threat Protection in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection). +After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). + +## Configure and update System Center Endpoint Protection clients + +Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. + +The following steps are required to enable this integration: +- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie). + +- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting. + + + ## Windows Server (SAC) version 1803, Windows Server 2019, and Windows Server 2019 Core edition You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windows Server 2019 Core edition by using the following deployment methods: From a84b75dab2eef7e2cedfe87eca78142937593cf0 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 7 Oct 2020 15:09:39 -0700 Subject: [PATCH 34/84] update anchor --- .../microsoft-defender-atp/configure-server-endpoints.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index d1a8195e28..85b7f737b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -54,7 +54,7 @@ For guidance on how to download and use Windows Security Baselines for Windows s You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Microsoft Defender ATP by using any of the following options: -- **Option 1**: Onboard by installing and configuring Microsoft Monitoring Agent (MMA) +- **Option 1**: [Onboard by installing and configuring Microsoft Monitoring Agent (MMA)](#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma) - **Option 2**: [Onboard through Azure Security Center](#option-2-onboard-windows-servers-through-azure-security-center) - **Option 3**: [Onboard through Microsoft Endpoint Configuration Manager version 2002 and later (only for Windows Server 2012 R2 and Windows Server 2016)](#option-3-onboard-windows-servers-through-microsoft-endpoint-configuration-manager-version-2002-and-later) @@ -72,7 +72,7 @@ You'll need to install and configure MMA for Windows servers to report sensor da If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. In general, you'll need to take the following steps: -1. Fulfill the onboarding requirements outlined in **Before you begin section**. +1. Fulfill the onboarding requirements outlined in **Before you begin** section. 2. Turn on server monitoring from Microsoft Defender Security center. 3. Install and configure MMA for the server to report sensor data to Microsoft Defender ATP. 4. Configure and update System Center Endpoint Protection clients. From 2f6d859736821e089e3addc72bbc07391fc9b1e4 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 8 Oct 2020 15:12:16 -0400 Subject: [PATCH 35/84] second pass adding pages --- .../microsoft-defender-atp/advanced-hunting-extend-data.md | 4 ++-- .../microsoft-defender-atp/advanced-hunting-go-hunt.md | 4 ++-- .../microsoft-defender-atp/advanced-hunting-overview.md | 3 +++ .../microsoft-defender-atp/advanced-hunting-query-language.md | 2 +- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md index 5a8a4ad77b..371cfbed8c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/20/2020 +ms.date: 10/10/2020 --- # Extend advanced hunting coverage with the right settings @@ -26,7 +26,7 @@ ms.date: 09/20/2020 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -[Advanced hunting](advanced-hunting-overview.md) relies on data coming from various sources, including your devices, your Office 365 workspaces, Azure AD, and Azure ATP. To get the most comprehensive data possible, ensure that you have the correct settings in the corresponding data sources. +[Advanced hunting](advanced-hunting-overview.md) relies on data coming from across your organization. To get the most comprehensive data possible, ensure that you have the correct settings in the corresponding data sources. ## Advanced security auditing on Windows devices diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md index 31a266ff9c..cab2d3160b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md @@ -73,12 +73,12 @@ You can use *go hunt* after selecting any of these entity types: ## Query for event information -When using *go hunt* to query for information about a timeline event, the query checks all relevant schema tables for other events around the time of the selected event. For example, the following query lists events in various schema tables that occured around the same time period on the same device: +When using *go hunt* to query for information about a timeline event, the query checks all relevant schema tables for other events around the time of the selected event. For example, the following query lists events in various schema tables that occurred around the same time period on the same device: ```kusto // List relevant events 30 minutes before and after selected RegistryValueSet event let selectedEventTimestamp = datetime(2020-10-06T21:40:25.3466868Z); -search in (DeviceFileEvents, DeviceProcessEvents, DeviceEvents, DeviceRegistryEvents, DeviceNetworkEvents, DeviceImageLoadEvents, DeviceLogonEvents, ResponseEvents) +search in (DeviceFileEvents, DeviceProcessEvents, DeviceEvents, DeviceRegistryEvents, DeviceNetworkEvents, DeviceImageLoadEvents, DeviceLogonEvents) Timestamp between ((selectedEventTimestamp - 30m) .. (selectedEventTimestamp + 30m)) and DeviceId == "a305b52049c4658ec63ae8b55becfe5954c654a4" | sort by Timestamp desc diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md index dafbbe5cfa..19ef98383c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md @@ -52,6 +52,9 @@ We recommend going through several steps to quickly get up and running with adva | **Understand the schema** | Get a good, high-level understanding of the tables in the schema and their columns. Learn where to look for data when constructing your queries. | [Schema reference](advanced-hunting-schema-reference.md) | | **Use predefined queries** | Explore collections of predefined queries covering different threat hunting scenarios. | [Shared queries](advanced-hunting-shared-queries.md) | | **Optimize queries and handle errors** | Understand how to create efficient and error-free queries. | - [Query best practices](advanced-hunting-best-practices.md)
- [Handle errors](advanced-hunting-errors.md) | +| **Get the most complete coverage** | Use audit settings to provide better data coverage for your organization. | - [Extend advanced hunting coverage](advanced-hunting-extend-data.md) | +| **Run a quick investigation** | Quickly run an advanced hunting query to investigate suspicious activity. | - [Quickly hunt for entity or event information with *go hunt*](advanced-hunting-go-hunt.md) | +| **Contain threats and address compromises** | Respond to attacks by quarantining files, restricting app execution, and other actions | - [Take action on advanced hunting query results](advanced-hunting-take-action.md) | | **Create custom detection rules** | Understand how you can use advanced hunting queries to trigger alerts and take response actions automatically. | - [Custom detections overview](overview-custom-detections.md)
- [Custom detection rules](custom-detection-rules.md) | ## Data freshness and update frequency diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md index e11d004596..db801d3730 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md @@ -180,6 +180,6 @@ For detailed information about the query language, see [Kusto query language doc ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) - [Work with query results](advanced-hunting-query-results.md) -- [Use shared queries](advanced-hunting-shared-queries) +- [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-schema-reference.md) - [Apply query best practices](advanced-hunting-best-practices.md) From db33b71b9c8a914c06ea4780e1b8fde25b9a19d2 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 8 Oct 2020 16:34:25 -0700 Subject: [PATCH 36/84] Update configure-server-endpoints.md --- .../configure-server-endpoints.md | 54 ++++++++----------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 85b7f737b9..1544d16c1a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -37,14 +37,6 @@ ms.topic: article Microsoft Defender ATP extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender Security Center console. -The service supports the onboarding of the following Windows servers: -- Windows Server 2008 R2 SP1 -- Windows Server 2012 R2 -- Windows Server 2016 -- Windows Server (SAC) version 1803 and later -- Windows Server 2019 and later -- Windows Server 2019 core edition - For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128). For guidance on how to download and use Windows Security Baselines for Windows servers, see [Windows Security Baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines). @@ -56,7 +48,7 @@ You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows - **Option 1**: [Onboard by installing and configuring Microsoft Monitoring Agent (MMA)](#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma) - **Option 2**: [Onboard through Azure Security Center](#option-2-onboard-windows-servers-through-azure-security-center) -- **Option 3**: [Onboard through Microsoft Endpoint Configuration Manager version 2002 and later (only for Windows Server 2012 R2 and Windows Server 2016)](#option-3-onboard-windows-servers-through-microsoft-endpoint-configuration-manager-version-2002-and-later) +- **Option 3**: [Onboard through Microsoft Endpoint Configuration Manager version 2002 and later](#option-3-onboard-windows-servers-through-microsoft-endpoint-configuration-manager-version-2002-and-later) After completing the onboarding steps using any of the provided options, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). @@ -98,14 +90,6 @@ Perform the following steps to fulfill the onboarding requirements: > This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2. -### Turn on Server monitoring from the Microsoft Defender Security Center portal -MICHAEL TO VERIFY - -1. In the navigation pane, select **Settings** > **Device management** > **Onboarding**. - -2. Select **Windows Server 2008 R2 SP1, 2012 R2 and 2016** as the operating system. - -3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment setup. When the setup completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent. - ### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP @@ -117,16 +101,22 @@ Perform the following steps to fulfill the onboarding requirements: On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**. - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script). -3. You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](configure-proxy-internet.md). -Once completed, you should see onboarded Windows servers in the portal within an hour. -### Configure Windows server proxy and Internet connectivity settings +### Configure Windows server proxy and Internet connectivity settings if needed +If your servers need to use a proxy to communicate with Microsoft Defender ATP, use one of the following methods to configure the MMA to use the proxy server: -- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the OMS Gateway. -- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Microsoft Defender ATP service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). + +- [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard). + +- [Configure the Windows to use a proxy server for all connections](configure-proxy-internet.md) + +If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Microsoft Defender ATP service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). + + +Once completed, you should see onboarded Windows servers in the portal within an hour. ### Option 2: Onboard Windows servers through Azure Security Center 1. In the Microsoft Defender Security Center navigation pane, select **Settings** > **Device management** > **Onboarding**. @@ -144,15 +134,6 @@ You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsof After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). -## Configure and update System Center Endpoint Protection clients - -Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. - -The following steps are required to enable this integration: -- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie). - -- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting. - ## Windows Server (SAC) version 1803, Windows Server 2019, and Windows Server 2019 Core edition @@ -218,6 +199,17 @@ Data collected by Microsoft Defender ATP is stored in the geo-location of the te Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers. +## Configure and update System Center Endpoint Protection clients + +Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. + +The following steps are required to enable this integration: +- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie). + +- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting. + + + ## Offboard Windows servers You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2019 Core edition in the same method available for Windows 10 client devices. From 3e341922b4d1dd26c283a7720564b818edca9bfe Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 8 Oct 2020 16:51:49 -0700 Subject: [PATCH 37/84] Added content --- .../mdm/policy-csp-localusersandgroups.md | 214 ++++++++++++++++++ 1 file changed, 214 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-localusersandgroups.md diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md new file mode 100644 index 0000000000..4b24a8b44c --- /dev/null +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -0,0 +1,214 @@ +--- +title: Policy CSP - LocalUsersAndGroups +description: Policy CSP - LocalUsersAndGroups +ms.author: dansimp +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.localizationpriority: medium +ms.date: 10/08/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - LocalUsersAndGroups + + +

+ + +## LocalUsersAndGroups policies + +
+
+ LocalUsersAndGroups/Configure +
+
+ + +
+ + +**LocalUsersAndGroups/Configure** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark4
Businesscheck mark4
Enterprisecheck mark4
Educationcheck mark4
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +The RestrictedGroups/ConfigureGroupMembership policy setting allows administrators to configure members (users or AAD groups) to a Windows 10 local group. However, RG policy has a limitation that it only allows for a full replace of the existing groups with the new members and does not allow selective add/remove. This limitation causes scalability issues for Intune to implement the policy in its current format. In addition, it restricts customers from enabling scenarios and attain parity with on-premises group management. As a result, this policy limitation delays the GA of the local admin rights scenario for AAD Joined devices. + +On-premises AD offers more flexibility in managing local groups using the Local Users and Groups (LUG) GPP. RG GPO is not meant to provide granularity in selectively removing existing members or adding new ones. Enabling capabilities in LUG GPP into RG MDM policy would create confusion for customers who’re accustomed to the on-premises polices and preferences, and how they’re used. So, it’s beneficial in the long-term to build a new MDM policy that provides customers granularity for managing local users and groups from the cloud, instead of overriding the RG policy. In addition, this new policy allows for further improvements without altering the meaning of the RG policy. + +This policy setting allows administrators to manage local groups on a device. + + +```xml + + + + + + + + + + + + Group Configuration Action + + + + + + + + Group Member to Add + + + + + + + + Group Member to Remove + + + + + + + + Group property to configure + + + + + + + + + + + + + + + + Local Group Configuration + + + + + + +``` + + +This policy setting has two top level actions: + +- Update represented by U +- Replace represented R +We can have 2 verbs - Add Member, Remove Member for specific local group - to modify local group setting + +Add member and Remove member can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using Graph API for Groups. The SID is present in the attribute "securityIdentifier". + + + +Example to add and remove group members + +```xml + + + + + + + + + +Example to replace group membership + +```xml + + + + + + + + +``` +Action Consequences + +U: Update Group: Add/Remove specified members. + +o Add Member = contains name or SID + +o Remove Member = contains name or SID (remove wins if a sid is specified in both due to order of processing + +o MemberOf / group nesting can be achieved by specifying the group in Add Member of another group + +§ ‘R’ : Replace group membership provides the same functionality as Restricted Groups. + +§ Replace operation takes precedence over Update. Thus, if a group appears twice in the XML, once with ‘U’ and once with ‘R’ , Replace wins. This is behaviour in parity with on prem. + +§ Remove member is not valid for ‘R’ Replace operation and will be ignored if present. + +§ The list given in the XML is processed in the order given with the exception of ‘R’ actions which get processed last to ensure they win. That also means that if a group is present multiple times with different add/remove values, all of them will processed in the order of presence. + + + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + From 5411d76ba7c0f5e424a77389ac6c438244bb59f3 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 8 Oct 2020 16:58:56 -0700 Subject: [PATCH 38/84] period --- .../microsoft-defender-atp/configure-server-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 1544d16c1a..59eabd5750 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -109,7 +109,7 @@ Perform the following steps to fulfill the onboarding requirements: If your servers need to use a proxy to communicate with Microsoft Defender ATP, use one of the following methods to configure the MMA to use the proxy server: -- [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard). +- [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard) - [Configure the Windows to use a proxy server for all connections](configure-proxy-internet.md) From 9c0263424bcffc148283206e95143847950b99ff Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 9 Oct 2020 16:25:41 -0700 Subject: [PATCH 39/84] Added new policy --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policy-csp-localusersandgroups.md | 131 ++++++------------ 2 files changed, 40 insertions(+), 92 deletions(-) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 201773d50c..731994549a 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -267,6 +267,7 @@ #### [LanmanWorkstation](policy-csp-lanmanworkstation.md) #### [Licensing](policy-csp-licensing.md) #### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md) +#### [LocalUsersAndGroups](policy-csp-localusersandgroups.md) #### [LockDown](policy-csp-lockdown.md) #### [Maps](policy-csp-maps.md) #### [Messaging](policy-csp-messaging.md) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 4b24a8b44c..ad23d974f1 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -44,19 +44,19 @@ manager: dansimp Pro - check mark4 + check mark9 Business - check mark4 + check mark9 Enterprise - check mark4 + check mark9 Education - check mark4 + check mark9 @@ -73,86 +73,48 @@ manager: dansimp -The RestrictedGroups/ConfigureGroupMembership policy setting allows administrators to configure members (users or AAD groups) to a Windows 10 local group. However, RG policy has a limitation that it only allows for a full replace of the existing groups with the new members and does not allow selective add/remove. This limitation causes scalability issues for Intune to implement the policy in its current format. In addition, it restricts customers from enabling scenarios and attain parity with on-premises group management. As a result, this policy limitation delays the GA of the local admin rights scenario for AAD Joined devices. +This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device. -On-premises AD offers more flexibility in managing local groups using the Local Users and Groups (LUG) GPP. RG GPO is not meant to provide granularity in selectively removing existing members or adding new ones. Enabling capabilities in LUG GPP into RG MDM policy would create confusion for customers who’re accustomed to the on-premises polices and preferences, and how they’re used. So, it’s beneficial in the long-term to build a new MDM policy that provides customers granularity for managing local users and groups from the cloud, instead of overriding the RG policy. In addition, this new policy allows for further improvements without altering the meaning of the RG policy. - -This policy setting allows administrators to manage local groups on a device. +> [!NOTE] +> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove. +Here's an example of the policy definition XML for group configuration: ```xml - - - - - - - - - - - - Group Configuration Action - - - - - - - - Group Member to Add - - - - - - - - Group Member to Remove - - - - - - - - Group property to configure - - - - - - - - - - - - - - - - Local Group Configuration - - - - - - + + + + + + + + + ``` + +where: + +- ``: Specifies the name or SID of the local group to configure. +- ``: Specifies the action to take on the local group, which can be Update and Replace, represented by U and R: + - Update. This action must be used to keep the current group membership intact and add or remove members of the specific group. + - Replace. This action must be used to replace current membership with the newly specified groups. This action provides the same functionality as that of the [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting. +- ``: Specifies the SID or name of the member to configure. +- ``: Specifies the SID or name of the member to remove from the specified group. +- ``: (Optional and not supported currently). This element is reserved for the future use to update group properties, such as group name as part of an update action. + +> [!IMPORTANT] +> - `` and `` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using Graph API for Groups. The SID is present in the `securityIdentifier` attribute. +> - This policy setting does not support the MemberOf functionality. However, you can add a domain group as a member to a local group by specifying the group in `` of another group. +> - The R (Replace) action takes precedence over U (Update). Therefore, if a group appears twice in the XML, once with U and again with R, the R action wins. +> - Remove member is not valid for the R (Replace) action and will be ignored if present. +> - The list in the XML is processed in the given order with the exception of R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order of presence. + -This policy setting has two top level actions: - -- Update represented by U -- Replace represented R -We can have 2 verbs - Add Member, Remove Member for specific local group - to modify local group setting - -Add member and Remove member can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using Graph API for Groups. The SID is present in the attribute "securityIdentifier". -Example to add and remove group members +**Example: Add and remove group members** ```xml @@ -163,8 +125,9 @@ Example to add and remove group members +``` -Example to replace group membership +**Example: Replace group membership** ```xml @@ -176,23 +139,6 @@ Example to replace group membership ``` -Action Consequences - -U: Update Group: Add/Remove specified members. - -o Add Member = contains name or SID - -o Remove Member = contains name or SID (remove wins if a sid is specified in both due to order of processing - -o MemberOf / group nesting can be achieved by specifying the group in Add Member of another group - -§ ‘R’ : Replace group membership provides the same functionality as Restricted Groups. - -§ Replace operation takes precedence over Update. Thus, if a group appears twice in the XML, once with ‘U’ and once with ‘R’ , Replace wins. This is behaviour in parity with on prem. - -§ Remove member is not valid for ‘R’ Replace operation and will be ignored if present. - -§ The list given in the XML is processed in the order given with the exception of ‘R’ actions which get processed last to ensure they win. That also means that if a group is present multiple times with different add/remove values, all of them will processed in the order of presence. @@ -210,5 +156,6 @@ Footnotes: - 6 - Available in Windows 10, version 1903. - 7 - Available in Windows 10, version 1909. - 8 - Available in Windows 10, version 2004. +- 10 - Available in Windows 10, version 2010. From 445dfb7769cec7febbe060cd176780ceb9a6a71c Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 9 Oct 2020 16:34:41 -0700 Subject: [PATCH 40/84] minor update --- .../client-management/mdm/policy-csp-localusersandgroups.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index ad23d974f1..a35238bce5 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -114,7 +114,8 @@ where: -**Example: Add and remove group members** +**Examples** +The following is an example of the Update action for adding and removing group members: ```xml @@ -127,7 +128,7 @@ where: ``` -**Example: Replace group membership** +The following is an example of the Replace action for replacing the group membership: ```xml From 2a24a63919219209e1afe32f2daad4dfba66de07 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 9 Oct 2020 16:35:21 -0700 Subject: [PATCH 41/84] minor update --- windows/client-management/mdm/policy-csp-localusersandgroups.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index a35238bce5..d7592b04d9 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -115,6 +115,7 @@ where: **Examples** + The following is an example of the Update action for adding and removing group members: ```xml From 8e7fb0a6d6e7654fed297b1938e5244b4b03cea4 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 9 Oct 2020 16:42:48 -0700 Subject: [PATCH 42/84] minor update --- .../client-management/mdm/policy-csp-localusersandgroups.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index d7592b04d9..16f2270f38 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -116,7 +116,7 @@ where: **Examples** -The following is an example of the Update action for adding and removing group members: +The following is an example XML for the Update action to add and remove group members: ```xml @@ -129,7 +129,7 @@ The following is an example of the Update action for adding and removing group m ``` -The following is an example of the Replace action for replacing the group membership: +The following is an example XML for the Replace action to replace the group membership: ```xml From 2114878464c89ec5e8b83686815e7c7ef02505b3 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 9 Oct 2020 16:52:19 -0700 Subject: [PATCH 43/84] Updated footnote --- windows/client-management/mdm/policy-csp-localusersandgroups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 16f2270f38..6071b02812 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -158,6 +158,6 @@ Footnotes: - 6 - Available in Windows 10, version 1903. - 7 - Available in Windows 10, version 1909. - 8 - Available in Windows 10, version 2004. -- 10 - Available in Windows 10, version 2010. +- 9 - Available in Windows 10, version 2010. From c2f95f39581eb21f50676ed330bf486ceeba8fe7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 9 Oct 2020 17:00:35 -0700 Subject: [PATCH 44/84] Minor update --- .../client-management/mdm/policy-csp-localusersandgroups.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 6071b02812..cf1c048025 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -116,7 +116,7 @@ where: **Examples** -The following is an example XML for the Update action to add and remove group members: +Update action for adding and removing group members: ```xml @@ -129,7 +129,7 @@ The following is an example XML for the Update action to add and remove group me ``` -The following is an example XML for the Replace action to replace the group membership: +Replace action for replacing the group membership: ```xml From 9019f40b5cd2e0f9ce6ff75a1bcf7a877290cc3f Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 12 Oct 2020 14:36:15 -0700 Subject: [PATCH 45/84] Added feedback --- .../mdm/policy-csp-localusersandgroups.md | 106 ++++++++++++++---- .../mdm/policy-csp-restrictedgroups.md | 2 + 2 files changed, 86 insertions(+), 22 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index cf1c048025..1a6f501761 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -81,33 +81,31 @@ This policy setting allows IT admins to add, remove, or replace members of local Here's an example of the policy definition XML for group configuration: ```xml - - - - - - - - - + + + + + + + ``` where: -- ``: Specifies the name or SID of the local group to configure. -- ``: Specifies the action to take on the local group, which can be Update and Replace, represented by U and R: +- ``: Specifies the name or SID of the local group to configure. If you specify a SID, the [LookupAccountSid](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API is used to translate the SID to a valid group name. If you specify a name, the [LookupAccountName](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API is used to look up the group and validate the name. If name/SID lookup fails, the group is skipped and the next group in the XML file is processed. If there are multiple errors, the last error is returned at the end of the policy processing. +- ``: Specifies the action to take on the local group, which can be Update and Restrict, represented by U and R: - Update. This action must be used to keep the current group membership intact and add or remove members of the specific group. - - Replace. This action must be used to replace current membership with the newly specified groups. This action provides the same functionality as that of the [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting. + - Restrict. This action must be used to replace current membership with the newly specified groups. This action provides the same functionality as the [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting. - ``: Specifies the SID or name of the member to configure. - ``: Specifies the SID or name of the member to remove from the specified group. -- ``: (Optional and not supported currently). This element is reserved for the future use to update group properties, such as group name as part of an update action. + +See [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles. > [!IMPORTANT] -> - `` and `` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using Graph API for Groups. The SID is present in the `securityIdentifier` attribute. -> - This policy setting does not support the MemberOf functionality. However, you can add a domain group as a member to a local group by specifying the group in `` of another group. -> - The R (Replace) action takes precedence over U (Update). Therefore, if a group appears twice in the XML, once with U and again with R, the R action wins. -> - Remove member is not valid for the R (Replace) action and will be ignored if present. -> - The list in the XML is processed in the given order with the exception of R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order of presence. +> - `` and `` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using [Graph](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0#json-representation) API for Groups. The SID is present in the `securityIdentifier` attribute. +> - When specifying a SID in the `` or ``, member SIDs are added without attempting to resolve them. Therefore, be very careful when specifying a SID to ensure it is correct. +> - Remove member is not valid for the R (Restrict) action and will be ignored if present. +> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order of presence. @@ -116,10 +114,9 @@ where: **Examples** -Update action for adding and removing group members: +Example: Update action for adding and removing group members: ```xml - @@ -129,10 +126,9 @@ Update action for adding and removing group members: ``` -Replace action for replacing the group membership: +Example: Restrict action for replacing the group membership: ```xml - @@ -148,6 +144,72 @@ Replace action for replacing the group membership:
+## FAQs + +### What happens if I accidentally remove the built-in Administrator SID from the Administrators group? + +Removing the built-in Administrator account from the built-in Administrators group is blocked at SAM/OS level for security reasons. Attempting to do so will result in failure with the following error: + +| Error Code | Symbolic Name | Error Description | Header | +|----------|----------|----------|----------| +| 0x55b (Hex)
1371 (Dec) |ERROR_SPECIAL_ACCOUNT|Cannot perform this operation on built-in accounts.| winerror.h | + +When configuring the built-in Administrators group with the R (Restrict) action, specify the built-in Administrator account SID/Name in `` to avoid this error. + +### Can I add a member that already exists? + +Yes, you can add a member that is already a member of a group. + +### Can I remove a member if it isn't a member of the group? + +Yes, you can remove a member even if it isn't a member of the group. + +### How can I add a domain group as a member to a local group? + +To add a domain group as a member to a local group, specify the domain group in `` of the local group. + +### Can I apply more than one LocalUserAndGroups policy/XML to the same device? + +No, this is not allowed. Attempting to do so will result in a conflict in Intune. + +### What happens if I specify a group name that doesn't exist? + +Invalid group names or SIDs will be skipped. Valid parts of the policy will apply, and error will be returned at the end of the processing. This behavior aligns with the on-prem AD GPP (Group Policy Preferences) LocalUsersAndGroups policy. Similarly, invalid member names will be skipped, and error will be returned at the end to notify that not all settings were applied successfully. + +### What happens if I specify R and U in the same XML? + +If you specify both R and U in the same XML, the R (Restrict) action takes precedence over U (Update). Therefore, if a group appears twice in the XML, once with U and again with R, the R action wins. + +### How do I check the result of a policy that is applied on the client device? + +After a policy is applied on the client device, you can investigate the event log to review the result: + +1. Open Event Viewer (**eventvwr.exe**). +2. Navigate to **Applications and Services Logs** > **Microsoft** > **Windows** > **DeviceManagement-Enterprise- +Diagnostics-Provider** > **Admin**. +3. Search for the `LocalUsersAndGroups` string to review the relevant details. + +### How can I troubleshoot Name/SID lookup APIs? + +To troubleshoot Name/SID lookup APIs: + +1. Enable **lsp.log** on the client device by running the following commands: + + ```cmd + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgInfoLevel -Value 0x800 -Type dword -Force + + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgTraceOptions -Value 0x1 -Type dword -Force + ``` + + The **lsp.log** file (**C:\windows\debug\lsp.log**) will be displayed. This log file tracks the SID-Name resolution. + +2. Turn the logging off by running the following command: + + ```cmd + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgInfoLevel -Value 0x0 -Type dword -Force + ``` + + Footnotes: - 1 - Available in Windows 10, version 1607. diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 67cb225555..c3abcd5e81 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -14,6 +14,8 @@ manager: dansimp # Policy CSP - RestrictedGroups +> [!IMPORTANT] +> It is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group.
From 332fd77e726cb1243f4002d8a68d00fb31077633 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 12 Oct 2020 14:54:26 -0700 Subject: [PATCH 46/84] Added minor updates --- .../mdm/policy-csp-localusersandgroups.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 1a6f501761..8ecc007352 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -14,6 +14,8 @@ manager: dansimp # Policy CSP - LocalUsersAndGroups +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
@@ -92,7 +94,7 @@ Here's an example of the policy definition XML for group configuration: where: -- ``: Specifies the name or SID of the local group to configure. If you specify a SID, the [LookupAccountSid](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API is used to translate the SID to a valid group name. If you specify a name, the [LookupAccountName](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API is used to look up the group and validate the name. If name/SID lookup fails, the group is skipped and the next group in the XML file is processed. If there are multiple errors, the last error is returned at the end of the policy processing. +- ``: Specifies the name or SID of the local group to configure. If you specify a SID, the [LookupAccountSid](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API is used to translate the SID to a valid group name. If you specify a name, the [LookupAccountName](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API is used to lookup the group and validate the name. If name/SID lookup fails, the group is skipped and the next group in the XML file is processed. If there are multiple errors, the last error is returned at the end of the policy processing. - ``: Specifies the action to take on the local group, which can be Update and Restrict, represented by U and R: - Update. This action must be used to keep the current group membership intact and add or remove members of the specific group. - Restrict. This action must be used to replace current membership with the newly specified groups. This action provides the same functionality as the [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting. @@ -104,8 +106,8 @@ See [Use custom settings for Windows 10 devices in Intune](https://docs.microsof > [!IMPORTANT] > - `` and `` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using [Graph](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0#json-representation) API for Groups. The SID is present in the `securityIdentifier` attribute. > - When specifying a SID in the `` or ``, member SIDs are added without attempting to resolve them. Therefore, be very careful when specifying a SID to ensure it is correct. -> - Remove member is not valid for the R (Restrict) action and will be ignored if present. -> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order of presence. +> - `` is not valid for the R (Restrict) action and will be ignored if present. +> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present. From 79f9bf062a38e82512203b520b02af2345ef096b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 13 Oct 2020 10:26:19 -0700 Subject: [PATCH 47/84] More dev feedback --- .../mdm/policy-csp-localusersandgroups.md | 35 ++++++++++--------- .../mdm/policy-csp-restrictedgroups.md | 3 +- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 8ecc007352..b4c718472b 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -75,16 +75,18 @@ manager: dansimp -This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device. +Available in Windows 10, version 2010. This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device. > [!NOTE] > The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove. +> +> Starting from Windows 10, version 2010, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results. Here's an example of the policy definition XML for group configuration: ```xml - + @@ -101,6 +103,9 @@ where: - ``: Specifies the SID or name of the member to configure. - ``: Specifies the SID or name of the member to remove from the specified group. + > [!NOTE] + > When specifying member names of domain accounts, use fully qualified account names where possible (for example, domain_name\user_name) instead of isolated names (for example, group_name). Doing so prevents getting ambiguous results when users or groups with the same name exist in multiple domains and locally. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. + See [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles. > [!IMPORTANT] @@ -116,19 +121,25 @@ See [Use custom settings for Windows 10 devices in Intune](https://docs.microsof **Examples** -Example: Update action for adding and removing group members: +Example: Update action for adding and removing group members. + +The following example shows how you can update a local group (**Backup Operators**), add a domain group as a member using its name (**Contoso\ITAdmins**), add the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids), add a AAD group by its SID (**S-1-5-32-678909-99338456-74654332**), and remove a local account (**Guest**). ```xml - + + + ``` -Example: Restrict action for replacing the group membership: +Example: Restrict action for replacing the group membership. + +The following example shows how you can restrict a local group (**Backup Operators**), add the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids), and add a local account (**Guest**). ```xml @@ -160,15 +171,15 @@ When configuring the built-in Administrators group with the R (Restrict) action, ### Can I add a member that already exists? -Yes, you can add a member that is already a member of a group. +Yes, you can add a member that is already a member of a group. This will result in no changes to the group and no error. ### Can I remove a member if it isn't a member of the group? -Yes, you can remove a member even if it isn't a member of the group. +Yes, you can remove a member even if it isn't a member of the group. This will result in no changes to the group and no error. ### How can I add a domain group as a member to a local group? -To add a domain group as a member to a local group, specify the domain group in `` of the local group. +To add a domain group as a member to a local group, specify the domain group in `` of the local group. Use fully qualified account names (for example, domain_name\group_name) instead of isolated names (for example, group_name) for the best results. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. ### Can I apply more than one LocalUserAndGroups policy/XML to the same device? @@ -214,14 +225,6 @@ To troubleshoot Name/SID lookup APIs: Footnotes: -- 1 - Available in Windows 10, version 1607. -- 2 - Available in Windows 10, version 1703. -- 3 - Available in Windows 10, version 1709. -- 4 - Available in Windows 10, version 1803. -- 5 - Available in Windows 10, version 1809. -- 6 - Available in Windows 10, version 1903. -- 7 - Available in Windows 10, version 1909. -- 8 - Available in Windows 10, version 2004. - 9 - Available in Windows 10, version 2010. diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index c3abcd5e81..b840169332 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -15,7 +15,8 @@ manager: dansimp # Policy CSP - RestrictedGroups > [!IMPORTANT] -> It is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. +> Starting from Windows 10, version 2010, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results. +
From 4b35add1f5f430df9e2c7fa9663b8fd42e5b4672 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 13 Oct 2020 10:41:40 -0700 Subject: [PATCH 48/84] more updates --- .../client-management/mdm/policy-csp-localusersandgroups.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index b4c718472b..df63868bf6 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -80,7 +80,7 @@ Available in Windows 10, version 2010. This policy setting allows IT admins to a > [!NOTE] > The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove. > -> Starting from Windows 10, version 2010, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results. +> Starting from Windows 10, version 2010, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results. Here's an example of the policy definition XML for group configuration: @@ -145,7 +145,7 @@ The following example shows how you can restrict a local group (**Backup Operato - + From 79c126b57deb5c5f19d07abf5627561fffe3a59e Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 13 Oct 2020 10:48:39 -0700 Subject: [PATCH 49/84] minor update --- windows/client-management/mdm/policy-csp-localusersandgroups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index df63868bf6..23c7e11095 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -104,7 +104,7 @@ where: - ``: Specifies the SID or name of the member to remove from the specified group. > [!NOTE] - > When specifying member names of domain accounts, use fully qualified account names where possible (for example, domain_name\user_name) instead of isolated names (for example, group_name). Doing so prevents getting ambiguous results when users or groups with the same name exist in multiple domains and locally. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. + > When specifying member names of domain accounts, use fully qualified account names where possible (for example, domain_name\user_name) instead of isolated names (for example, group_name). This way, you can avoid getting ambiguous results when users or groups with the same name exist in multiple domains and locally. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. See [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles. From de9da5d2a587e3943ec3856a16d62fe127706dfa Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 13 Oct 2020 11:03:30 -0700 Subject: [PATCH 50/84] minor update --- windows/client-management/mdm/policy-csp-localusersandgroups.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 23c7e11095..9c6fbf6968 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -159,6 +159,8 @@ The following example shows how you can restrict a local group (**Backup Operato ## FAQs +This section provides answers to some common questions you might have about the LocalUsersAndGroups policy CSP. + ### What happens if I accidentally remove the built-in Administrator SID from the Administrators group? Removing the built-in Administrator account from the built-in Administrators group is blocked at SAM/OS level for security reasons. Attempting to do so will result in failure with the following error: From 430c7f3203447987b329f261c9d0eae814a1161e Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 14 Oct 2020 12:06:02 -0700 Subject: [PATCH 51/84] Added final review comments --- .../mdm/policy-csp-localusersandgroups.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 9c6fbf6968..c3d3514c3d 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 10/08/2020 +ms.date: 10/14/2020 ms.reviewer: manager: dansimp --- @@ -123,7 +123,7 @@ See [Use custom settings for Windows 10 devices in Intune](https://docs.microsof Example: Update action for adding and removing group members. -The following example shows how you can update a local group (**Backup Operators**), add a domain group as a member using its name (**Contoso\ITAdmins**), add the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids), add a AAD group by its SID (**S-1-5-32-678909-99338456-74654332**), and remove a local account (**Guest**). +The following example shows how you can update a local group (**Backup Operators**)—add a domain group as a member using its name (**Contoso\ITAdmins**), add the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**). ```xml @@ -131,7 +131,7 @@ The following example shows how you can update a local group (**Backup Operators - + @@ -139,7 +139,7 @@ The following example shows how you can update a local group (**Backup Operators Example: Restrict action for replacing the group membership. -The following example shows how you can restrict a local group (**Backup Operators**), add the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids), and add a local account (**Guest**). +The following example shows how you can restrict a local group (**Backup Operators**)—replace its membership with the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids) and add a local account (**Guest**). ```xml @@ -173,7 +173,7 @@ When configuring the built-in Administrators group with the R (Restrict) action, ### Can I add a member that already exists? -Yes, you can add a member that is already a member of a group. This will result in no changes to the group and no error. +Yes, you can add a member that is already a member of a group. This will result in no changes to the group and no error. ### Can I remove a member if it isn't a member of the group? From bd26603880a30247ebbfe0cfa104910eef271670 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 14 Oct 2020 12:25:28 -0700 Subject: [PATCH 52/84] minor change to trigger build --- windows/client-management/mdm/policy-csp-localusersandgroups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index c3d3514c3d..77a2e774dc 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 10/14/2020 +ms.date: 10/13/2020 ms.reviewer: manager: dansimp --- From a2556154620fb0bd1510b24758d7cfa0387587d6 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 14 Oct 2020 12:44:12 -0700 Subject: [PATCH 53/84] Minor update --- .../client-management/mdm/policy-csp-localusersandgroups.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 77a2e774dc..c39ea8c4a3 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -121,7 +121,7 @@ See [Use custom settings for Windows 10 devices in Intune](https://docs.microsof **Examples** -Example: Update action for adding and removing group members. +Example 1: Update action for adding and removing group members. The following example shows how you can update a local group (**Backup Operators**)—add a domain group as a member using its name (**Contoso\ITAdmins**), add the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**). @@ -137,7 +137,7 @@ The following example shows how you can update a local group (**Backup Operators ``` -Example: Restrict action for replacing the group membership. +Example 2: Restrict action for replacing the group membership. The following example shows how you can restrict a local group (**Backup Operators**)—replace its membership with the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids) and add a local account (**Guest**). From f8f4e9a5c2b818167d0ae9da94016b110152aca9 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 14 Oct 2020 16:49:00 -0700 Subject: [PATCH 54/84] Minor update to trigger build --- windows/client-management/mdm/policy-csp-localusersandgroups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index c39ea8c4a3..a192f2c35f 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 10/13/2020 +ms.date: 10/14/2020 ms.reviewer: manager: dansimp --- From ef09359031f4c3f9ef87b3f6ddd48462974e803c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Oct 2020 17:40:12 -0700 Subject: [PATCH 55/84] api calls --- .../microsoft-defender-atp/run-advanced-query-api.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index a902dc094d..1d8c035b5c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -29,7 +29,9 @@ ms.topic: article ## Limitations 1. You can only run a query on data from the last 30 days. 2. The results will include a maximum of 100,000 rows. -3. The number of executions is limited per tenant: up to 10 calls per minute, 10 minutes of running time every hour and 4 hours of running time a day. +3. The number of executions is limited per tenant: + - API calls: Up to 15 calls per minute + - Execution time: 10 minutes of running time every hour and 4 hours of running time a day 4. The maximal execution time of a single request is 10 minutes. 5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed. From 5e356ef169bcb2f932a1f1e914f33f3ae326dd66 Mon Sep 17 00:00:00 2001 From: schmurky Date: Thu, 15 Oct 2020 19:57:46 +0800 Subject: [PATCH 56/84] Best practices for firewall config --- .../security/threat-protection/windows-firewall/TOC.md | 1 + .../windows-firewall/best-practices-configuring.md | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md index e5edff503e..edcd94c099 100644 --- a/windows/security/threat-protection/windows-firewall/TOC.md +++ b/windows/security/threat-protection/windows-firewall/TOC.md @@ -96,6 +96,7 @@ ## [Best practices]() +### [Configuring your firewall](best-practices-configuring.md) ### [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md) ### [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md) ### [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md) diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index 67fbbb67be..666896704f 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -82,7 +82,6 @@ configuration. See the [Windows Firewall with Advanced Security Deployment Guide](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide) for general guidance on policy creation. - In many cases, allowing specific types of inbound traffic will be required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when allowing these inbound exceptions. @@ -98,7 +97,7 @@ Because of 1 and 2, it is important that, when designing a set of policies, you A general security best practice when creating inbound rules is to be as specific as possible. However, when new rules must be made that use ports or IP addresses, consider using consecutive ranges or subnets instead of individual addresses or ports where possible. This avoids creation of multiple filters under the hood, reduces complexity, and helps to avoid performance degradation. > [!NOTE] -> Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above. +> Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above. ## Create rules for new applications before first launch @@ -155,17 +154,21 @@ The rule merging settings either allow or prevent local admins from creating the > [!TIP] > In the firewall [configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/firewall-csp), the -equivalent setting is *AllowLocalPolicyMerge*. This setting can be found under each respective profile node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*. +equivalent setting is *AllowLocalPolicyMerge*. This setting can be found under each respective profile node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*. If merging of local policies is disabled, centralized deployment of rules is required for any app that needs inbound connectivity. Admins may disable *LocalPolicyMerge* in high security environments to maintain tighter control over endpoints. This can impact some apps and services that automatically generate a local firewall policy upon installation as discussed above. For these types of apps and services to work, admins should push rules centrally via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments). +[Firewall CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/firewall-csp) and [Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider) also have settings that can affect rule merging. + As a best practice, it is important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex or customer application deployments, a more thorough analysis may be needed using network packet capture tools. In general, to maintain maximum security, admins should only push firewall exceptions for apps and services determined to serve legitimate purposes. + + > [!NOTE] > The use of wildcard patterns, such as *C:\*\\teams.exe* is not supported in application rules. We currently only support rules created using the full path to the application(s). From 82d08c8e960b4f8a448b055812f6a724c94ab621 Mon Sep 17 00:00:00 2001 From: schmurky Date: Thu, 15 Oct 2020 20:06:24 +0800 Subject: [PATCH 57/84] Removed en-us --- .../windows-firewall/best-practices-configuring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index 666896704f..274baf82d2 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -161,7 +161,7 @@ If merging of local policies is disabled, centralized deployment of rules is req Admins may disable *LocalPolicyMerge* in high security environments to maintain tighter control over endpoints. This can impact some apps and services that automatically generate a local firewall policy upon installation as discussed above. For these types of apps and services to work, admins should push rules centrally via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments). -[Firewall CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/firewall-csp) and [Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider) also have settings that can affect rule merging. +[Firewall CSP](https://docs.microsoft.com/windows/client-management/mdm/firewall-csp) and [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) also have settings that can affect rule merging. As a best practice, it is important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex or customer application deployments, a more thorough analysis may be needed using network packet capture tools. From e3fb028d26338db5f10ded2df038597ee5e59b10 Mon Sep 17 00:00:00 2001 From: schmurky Date: Thu, 15 Oct 2020 20:09:36 +0800 Subject: [PATCH 58/84] Update TOC --- windows/security/threat-protection/windows-firewall/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md index edcd94c099..34b7c1beb1 100644 --- a/windows/security/threat-protection/windows-firewall/TOC.md +++ b/windows/security/threat-protection/windows-firewall/TOC.md @@ -96,7 +96,7 @@ ## [Best practices]() -### [Configuring your firewall](best-practices-configuring.md) +### [Configuring the firewall](best-practices-configuring.md) ### [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md) ### [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md) ### [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md) From 281a3d2c2589984f9c245deed896da24c7723fd9 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 15 Oct 2020 15:33:46 -0400 Subject: [PATCH 59/84] reverted best ahq practices page attempted rebase was complicated by hundreds of commits applied after the removed commits --- .../advanced-hunting-best-practices.md | 234 ++---------------- 1 file changed, 27 insertions(+), 207 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index f82f5473a7..194abff0c8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -25,204 +25,54 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink) -Apply these recommendations to get results faster and avoid timeouts while running complex queries. For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/azure/kusto/query/best-practices). +## Optimize query performance -## General guidance +Apply these recommendations to get results faster and avoid timeouts while running complex queries. -- **Size new queries**—If you suspect that a query will return a large result set, assess it first using the [count operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/countoperator). Use [limit](https://docs.microsoft.com/azure/data-explorer/kusto/query/limitoperator) or its synonym `take` to avoid large result sets. +- When trying new queries, always use `limit` to avoid extremely large result sets. You can also initially assess the size of the result set using `count`. +- Use time filters first. Ideally, limit your queries to seven days. +- Put filters that are expected to remove most of the data in the beginning of the query, right after the time filter. +- Use the `has` operator over `contains` when looking for full tokens. +- Look in a specific column rather than running full text searches across all columns. +- When joining tables, specify the table with fewer rows first. +- `project` only the necessary columns from tables you've joined. -- **Apply filters early**—Apply time filters and other filters to reduce the data set, especially before using transformation and parsing functions, such as [substring()](https://docs.microsoft.com/azure/data-explorer/kusto/query/substringfunction), [replace()](https://docs.microsoft.com/azure/data-explorer/kusto/query/replacefunction), [trim()](https://docs.microsoft.com/azure/data-explorer/kusto/query/trimfunction), [toupper()](https://docs.microsoft.com/azure/data-explorer/kusto/query/toupperfunction), or [parse_json()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsejsonfunction). In the example below, the parsing function [extractjson()](https://docs.microsoft.com/azure/data-explorer/kusto/query/extractjsonfunction) is used after filtering operators have reduced the number of records. +>[!TIP] +>For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/azure/kusto/query/best-practices). - ```kusto - DeviceEvents - | where Timestamp > ago(1d) - | where ActionType == "UsbDriveMount" - | where DeviceName == "user-desktop.domain.com" - | extend DriveLetter = extractjson("$.DriveLetter", AdditionalFields) - ``` +## Query tips and pitfalls -- ***Has* beats *contains*** —To avoid searching substrings within words unnecessarily, use the `has` operator instead of `contains`. [Learn about string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators) +### Queries with process IDs -- **Look in specific columns**—Look in a specific column rather than running full text searches across all columns. Don't use `*` to check all columns. - -- **Case-sensitive for speed**—Case-sensitive searches are more specific and generally more performant. Names of case-sensitive [string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators), such as `has_cs` and `contains_cs`, generally end with `_cs`. You can also use the case-sensitive equals operator `==` instead of `~=`. - -- **Parse, don't extract**—Whenever possible, use the [parse operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/parseoperator) or a parsing function like [parse_json()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsejsonfunction). Avoid the `matches regex` string operator or the [extract() function](https://docs.microsoft.com/azure/data-explorer/kusto/query/extractfunction), both of which use regular expression. Reserve the use of regular expression for more complex scenarios. [Read more about parsing functions](#parse-strings) - -- **Filter tables not expressions**—Don't filter on a calculated column if you can filter on a table column. - -- **No three-character terms**—Avoid comparing or filtering using terms with three characters or fewer. These terms are not indexed and matching them will require more resources. - -- **Project selectively**—Make your results easier to understand by projecting only the columns you need. Projecting specific columns prior to running [join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator) or similar operations also helps improve performance. - -## Optimize the `join` operator - -The [join operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator) merges rows from two tables by matching values in specified columns. Apply these tips to optimize queries that use this operator. - -- **Smaller table to your left**—The `join` operator matches records in the table on the left side of your join statement to records on the right. By having the smaller table on the left, fewer records will need to be matched, thus speeding up the query. - - In the table below, we reduce the left table `DeviceLogonEvents` to cover only three specific devices before joining it with `DeviceNetworkEvents` by device IDs. - - ```kusto - DeviceLogonEvents - | where DeviceName in ("device-1.domain.com", "device-2.domain.com", "device-3.domain.com") - | where ActionType == "LogonFailed" - | join - (DeviceNetworkEvents - | where Protocol == "Kerberos" - | where ActionType == "LogonFailed") - on DeviceId - ``` - -- **Use the inner-join flavor**—The default [join flavor](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-flavors) or the [innerunique-join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#innerunique-join-flavor) deduplicates rows in the left table by the join key before returning a row for each match to the right table. If the left table has multiple rows with the same value for the `join` key, those rows will be deduplicated to leave a single random row for each unique value. - - This default behavior can leave out important information from the left table that can provide useful insight. For example, the query below will only show one email containing a particular attachment, even if that same attachment was sent using multiple emails messages: - - ```kusto - EmailAttachmentInfo - | where Timestamp > ago(1h) - | where Subject == "Document Attachment" and FileName == "Document.pdf" - | join (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 - ``` - - To address this limitation, we apply the [inner-join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#inner-join-flavor) flavor by specifying `kind=inner` to show all rows in the left table with matching values in the right: - - ```kusto - EmailAttachmentInfo - | where Timestamp > ago(1h) - | where Subject == "Document Attachment" and FileName == "Document.pdf" - | join kind=inner (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 - ``` - -- **Join records from a time window**—When investigating security events, analysts look for related events that occur around the same time period. Applying the same approach when using `join` also benefits performance by reducing the number of records to check. - - The query below checks for logon events within 30 minutes of a credential access alert being raised: - - ```kusto - DeviceAlertEvents - | where Timestamp > ago(7d) - | where Severity == "High" - | where Category == "CredentialAccess" - | project AlertRaised = Timestamp, DeviceName, AlertId, Title, AttackTechniques - | join ( - DeviceLogonEvents - | where Timestamp > ago(7d) - | project LogonTime = Timestamp, DeviceName, AccountName - ) on DeviceName - | where (LogonTime - AlertRaised) between (0min .. 30min) - ``` - -- **Apply time filters on both sides**—Even if you're not investigating a specific time window, applying time filters on both the left and right tables can reduce the number of records to check and improve `join` performance. The query below applies `Timestamp > ago(1h)` to both tables so that it joins only records from the past hour: - - ```kusto - DeviceAlertEvents - | where Timestamp > ago(1h) - | where Severity == "High" - | join (DeviceFileEvents - | where Timestamp > ago(1h) - | where ActionType == "FileCreated" - ) on SHA1 - ``` - -- **Use hints for performance**—Use hints with the `join` operator to instruct the backend to distribute load when running resource-intensive operations. [Learn more about join hints](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-hints) - - For example, the **[shuffle hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/shufflequery)** helps improve query performance when joining tables using a key with high cardinality—a key with many unique values—such as the `AccountObjectId` in the query below: - - ```kusto - IdentityInfo - | where JobTitle == "CONSULTANT" - | join hint.shufflekey = AccountObjectId - (IdentityDirectoryEvents - | where Application == "Active Directory" - | where ActionType == "Private data retrieval") - on AccountObjectId - ``` - - The **[broadcast hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/broadcastjoin)** helps when the left table is small (up to 100,000 records) and the right table is extremely large. For example, the query below is trying to join a few emails that have specific subjects with _all_ messages containing links in the `EmailUrlInfo` table: - - ```kusto - EmailEvents - | where Subject in ("Warning: Update your credentials now", "Action required: Update your credentials now") - | join hint.strategy = broadcast EmailUrlInfo on NetworkMessageId - ``` - -## Optimize the `summarize` operator - -The [summarize operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/summarizeoperator) aggregates the contents of a table. Apply these tips to optimize queries that use this operator. - -- **Find distinct values**—In general, use `summarize` to find distinct values that can be repetitive. It can be unnecessary to use it to aggregate columns that don't have repetitive values. - - While a single email can be part of multiple events, the example below is _not_ an efficient use of `summarize` because a network message ID for an individual email always comes with a unique sender address. - - ```kusto - EmailEvents - | where Timestamp > ago(1h) - | summarize by NetworkMessageId, SenderFromAddress - ``` - - The `summarize` operator can be easily replaced with `project`, yielding potentially the same results while consuming fewer resources: - - ```kusto - EmailEvents - | where Timestamp > ago(1h) - | project NetworkMessageId, SenderFromAddress - ``` - - The following example is a more efficient use of `summarize` because there can be multiple distinct instances of a sender address sending email to the same recipient address. Such combinations are less distinct and are likely to have duplicates. - - ```kusto - EmailEvents - | where Timestamp > ago(1h) - | summarize by SenderFromAddress, RecipientEmailAddress - ``` - -- **Shuffle the query**—While `summarize` is best used in columns with repetitive values, the same columns can also have _high cardinality_ or large numbers of unique values. Like the `join` operator, you can also apply the [shuffle hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/shufflequery) with `summarize` to distribute processing load and potentially improve performance when operating on columns with high cardinality. - - The query below uses `summarize` to count distinct recipient email address, which can run in the hundreds of thousands in large organizations. To improve performance, it incorporates `hint.shufflekey`: - - ```kusto - EmailEvents - | where Timestamp > ago(1h) - | summarize hint.shufflekey = RecipientEmailAddress count() by Subject, RecipientEmailAddress - ``` - -## Query scenarios - -### Identify unique processes with process IDs - -Process IDs (PIDs) are recycled in Windows and reused for new processes. On their own, they can't serve as unique identifiers for specific processes. - -To get a unique identifier for a process on a specific machine, use the process ID together with the process creation time. When you join or summarize data around processes, include columns for the machine identifier (either `DeviceId` or `DeviceName`), the process ID (`ProcessId` or `InitiatingProcessId`), and the process creation time (`ProcessCreationTime` or `InitiatingProcessCreationTime`) +Process IDs (PIDs) are recycled in Windows and reused for new processes. On their own, they can't serve as unique identifiers for specific processes. To get a unique identifier for a process on a specific device, use the process ID together with the process creation time. When you join or summarize data around processes, include columns for the device identifier (either `DeviceId` or `DeviceName`), the process ID (`ProcessId` or `InitiatingProcessId`), and the process creation time (`ProcessCreationTime` or `InitiatingProcessCreationTime`). The following example query finds processes that access more than 10 IP addresses over port 445 (SMB), possibly scanning for file shares. -Example query: - ```kusto DeviceNetworkEvents | where RemotePort == 445 and Timestamp > ago(12h) and InitiatingProcessId !in (0, 4) -| summarize RemoteIPCount=dcount(RemoteIP) by DeviceName, InitiatingProcessId -InitiatingProcessCreationTime, InitiatingProcessFileName +| summarize RemoteIPCount=dcount(RemoteIP) by DeviceName, InitiatingProcessId, InitiatingProcessCreationTime, InitiatingProcessFileName | where RemoteIPCount > 10 ``` The query summarizes by both `InitiatingProcessId` and `InitiatingProcessCreationTime` so that it looks at a single process, without mixing multiple processes with the same process ID. -### Query command lines +### Queries with command lines -There are numerous ways to construct a command line to accomplish a task. For example, an attacker could reference an image file without a path, without a file extension, using environment variables, or with quotes. The attacker could also change the order of parameters or add multiple quotes and spaces. +Command lines can vary. When applicable, filter on file names and do fuzzy matching. -To create more durable queries around command lines, apply the following practices: +There are numerous ways to construct a command line to accomplish a task. For example, an attacker could reference an image file with or without a path, without a file extension, using environment variables, or with quotes. In addition, the attacker could also change the order of parameters or add multiple quotes and spaces. -- Identify the known processes (such as *net.exe* or *psexec.exe*) by matching on the file name fields, instead of filtering on the command-line itself. -- Parse command-line sections using the [parse_command_line() function](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-command-line) +To create more durable queries using command lines, apply the following practices: + +- Identify the known processes (such as *net.exe* or *psexec.exe*) by matching on the filename fields, instead of filtering on the command-line field. - When querying for command-line arguments, don't look for an exact match on multiple unrelated arguments in a certain order. Instead, use regular expressions or use multiple separate contains operators. -- Use case insensitive matches. For example, use `=~`, `in~`, and `contains` instead of `==`, `in`, and `contains_cs`. -- To mitigate command-line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. There are more complex obfuscation techniques that require other approaches, but these tweaks can help address common ones. +- Use case insensitive matches. For example, use `=~`, `in~`, and `contains` instead of `==`, `in` and `contains_cs` +- To mitigate DOS command-line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. Note that there are more complex DOS obfuscation techniques that require other approaches, but these can help address the most common ones. -The following examples show various ways to construct a query that looks for the file *net.exe* to stop the firewall service "MpsSvc": +The following examples show various ways to construct a query that looks for the file *net.exe* to stop the Windows Defender Firewall service: ```kusto // Non-durable query - do not use @@ -230,7 +80,7 @@ DeviceProcessEvents | where ProcessCommandLine == "net stop MpsSvc" | limit 10 -// Better query - filters on file name, does case-insensitive matches +// Better query - filters on filename, does case-insensitive matches DeviceProcessEvents | where Timestamp > ago(7d) and FileName in~ ("net.exe", "net1.exe") and ProcessCommandLine contains "stop" and ProcessCommandLine contains "MpsSvc" @@ -241,37 +91,7 @@ DeviceProcessEvents | where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" ``` -### Ingest data from external sources - -To incorporate long lists or large tables into your query, use the [externaldata operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/externaldata-operator) to ingest data from a specified URI. You can get data from files in TXT, CSV, JSON, or [other formats](https://docs.microsoft.com/azure/data-explorer/ingestion-supported-formats). The example below shows how you can utilize the extensive list of malware SHA-256 hashes provided by MalwareBazaar (abuse.ch) to check attachments on emails: - -```kusto -let abuse_sha256 = (externaldata(sha256_hash: string ) -[@"https://bazaar.abuse.ch/export/txt/sha256/recent/"] -with (format="txt")) -| where sha256_hash !startswith "#" -| project sha256_hash; -abuse_sha256 -| join (EmailAttachmentInfo -| where Timestamp > ago(1d) -) on $left.sha256_hash == $right.SHA256 -| project Timestamp,SenderFromAddress,RecipientEmailAddress,FileName,FileType, -SHA256,MalwareFilterVerdict,MalwareDetectionMethod -``` - -### Parse strings - -There are various functions you can use to efficiently handle strings that need parsing or conversion. - -| String | Function | Usage example | -|--|--|--| -| Command-lines | [parse_command_line()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-command-line) | Extract the command and all arguments. | -| Paths | [parse_path()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsepathfunction) | Extract the sections of a file or folder path. | -| Version numbers | [parse_version()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-versionfunction) | Deconstruct a version number with up to four sections and up to eight characters per section. Use the parsed data to compare version age. | -| IPv4 addresses | [parse_ipv4()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-ipv4function) | Convert an IPv4 address to a long integer. To compare IPv4 addresses without converting them, use [ipv4_compare()](https://docs.microsoft.com/azure/data-explorer/kusto/query/ipv4-comparefunction). | -| IPv6 addresses | [parse_ipv6()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-ipv6function) | Convert an IPv4 or IPv6 address to the canonical IPv6 notation. To compare IPv6 addresses, use [ipv6_compare()](https://docs.microsoft.com/azure/data-explorer/kusto/query/ipv6-comparefunction). | - -To learn about all supported parsing functions, [read about Kusto string functions](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalarfunctions#string-functions). +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) ## Related topics From f1cb8d1c4460f1469feaa4c5cfe2eedd4242ab23 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 15 Oct 2020 15:41:46 -0700 Subject: [PATCH 60/84] Acrolinx grammar --- .../microsoft-defender-atp/advanced-hunting-shared-queries.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index 4bc9a7c98f..46610a6772 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -43,7 +43,7 @@ You can save a new or existing query so that it is only accessible to you or sha ![Image of saving a query](images/advanced-hunting-save-query.png) 4. Select the folder where you'd like to save the query. - - **Shared queries** — shared to all users in the your organization + - **Shared queries** — shared to all users in your organization - **My queries** — accessible only to you 5. Select **Save**. From e240e6213ee07fe525c7fabd46a5460ef0c9385b Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 15 Oct 2020 15:42:54 -0700 Subject: [PATCH 61/84] Acrolinx grammar --- .../microsoft-defender-atp/advanced-hunting-take-action.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md index 9f5671b224..b06baf7444 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md @@ -38,7 +38,7 @@ To be able to take action through advanced hunting, you need a role in Microsoft ## Take various actions on devices -You can take the following actions on devices identified by the `DeviceId` column in you query results: +You can take the following actions on devices identified by the `DeviceId` column in your query results: - Isolate affected devices to contain an infection or prevent attacks from moving laterally - Collect investigation package to obtain more forensic information From 19fe418cbb0427db7819ab1d98b91b65516e5add Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 16 Oct 2020 08:58:02 +0530 Subject: [PATCH 62/84] removed broken link added new correct link as per the user report #8473 , so i replaced the broken link to correct link. --- windows/security/threat-protection/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index b4f683756c..3763417926 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -17,7 +17,7 @@ ms.topic: conceptual --- # Threat Protection -[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture. +[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture. >[!TIP] > Enable your users to access cloud services and on-premises applications with ease and enable modern management capabilities for all devices. For more information, see [Secure your remote workforce](https://docs.microsoft.com/enterprise-mobility-security/remote-work/). From d2fe6ae9a12873962509b3ec309e06f48740a9eb Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 16 Oct 2020 10:19:37 -0700 Subject: [PATCH 63/84] minor updates --- .../microsoft-defender-atp/configure-server-endpoints.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 59eabd5750..0ddcd8c630 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -111,10 +111,9 @@ If your servers need to use a proxy to communicate with Microsoft Defender ATP, - [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard) -- [Configure the Windows to use a proxy server for all connections](configure-proxy-internet.md) - -If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Microsoft Defender ATP service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). +- [Configure Windows to use a proxy server for all connections](configure-proxy-internet.md) +If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Microsoft Defender ATP service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service. Once completed, you should see onboarded Windows servers in the portal within an hour. From 5bd71e4a71d3a64f6e34485f6c7c69e659d5cb27 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 16 Oct 2020 13:13:53 -0700 Subject: [PATCH 64/84] Add note on panics on Big Sur --- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index ca4617cc28..98c20cb71d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -46,6 +46,10 @@ ms.topic: conceptual ## 101.09.50 - This product version has been validated on macOS Big Sur 11 beta 9 + + > [!IMPORTANT] + > Extensive testing of MDE (Microsoft Defender for Endpoint) with new macOS system extensions revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. + - The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender ATP for Mac](mac-resources.md#configuring-from-the-command-line) > [!NOTE] From 28095ad20f41c4cfc2dc299f76b29523f9a5d7a9 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 16 Oct 2020 15:04:41 -0700 Subject: [PATCH 65/84] article reorganization --- windows/security/threat-protection/TOC.md | 33 ++++-- .../next-gen-threat-and-vuln-mgt.md | 20 ---- .../tvm-assign-device-value.md | 67 +++++++++++ .../tvm-end-of-support-software.md | 70 ++++++++++++ .../microsoft-defender-atp/tvm-exception.md | 105 ++++++++++++++++++ ...enarios.md => tvm-hunt-exposed-devices.md} | 0 .../tvm-prerequisites.md | 71 ++++++++++++ .../microsoft-defender-atp/tvm-remediation.md | 67 +++++------ .../tvm-security-recommendation.md | 88 +-------------- .../tvm-software-inventory.md | 11 +- .../tvm-supported-os.md | 15 +-- .../microsoft-defender-atp/tvm-weaknesses.md | 18 +-- 12 files changed, 372 insertions(+), 193 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md rename windows/security/threat-protection/microsoft-defender-atp/{threat-and-vuln-mgt-scenarios.md => tvm-hunt-exposed-devices.md} (100%) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index c7f7335c43..ef6ee02b8e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -49,18 +49,27 @@ #### [PowerShell, WMI, and MPCmdRun.exe](microsoft-defender-atp/manage-atp-post-migration-other-tools.md) ## [Security administration]() -### [Threat & Vulnerability Management]() -#### [Overview of Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) -#### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md) -#### [Dashboard insights](microsoft-defender-atp/tvm-dashboard-insights.md) -#### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md) -#### [Microsoft Secure Score for Devices](microsoft-defender-atp/tvm-microsoft-secure-score-devices.md) -#### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md) -#### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md) -#### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md) -#### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md) -#### [Event timeline](microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md) -#### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md) +### [Threat & vulnerability management]() +#### [Overview](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) +#### [Get started]() +##### [Permissions & prerequisites](microsoft-defender-atp/tvm-prerequisites.md) +##### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md) +##### [Assign device values](microsoft-defender-atp/tvm-assign-device-value.md) +#### [Assess your security posture]() +##### [Dashboard insights](microsoft-defender-atp/tvm-dashboard-insights.md) +##### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md) +##### [Microsoft Secure Score for Devices](microsoft-defender-atp/tvm-microsoft-secure-score-devices.md) +#### [Improve your security posture & reduce risk]() +##### [Address security recommendations](microsoft-defender-atp/tvm-security-recommendation.md) +##### [Remediate vulnerabilities](microsoft-defender-atp/tvm-remediation.md) +##### [File an exception](microsoft-defender-atp/tvm-exception.md) +##### [Plan for end-of-support software](microsoft-defender-atp/tvm-end-of-support-software.md) +#### [Understand vulnerabilities on your devices]() +##### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md) +##### [List of vulnerabilities](microsoft-defender-atp/tvm-weaknesses.md) +##### [Event timeline](microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md) +##### [Hunt for exposed devices](microsoft-defender-atp/tvm-hunt-exposed-devices.md) + ### [Attack surface reduction]() #### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index a0f4515971..7499f4de13 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -81,25 +81,6 @@ Watch this video for a comprehensive walk-through of threat and vulnerability ma >[!VIDEO https://aka.ms/MDATP-TVM-Interactive-Guide] -## Before you begin - -Ensure that your devices: - -- Are onboarded to Microsoft Defender Advanced Threat Protection -- Run [supported operating systems and platforms](tvm-supported-os.md) -- Have the following mandatory updates installed and deployed in your network to boost your vulnerability assessment detection rates: - -> Release | Security update KB number and link -> :---|:--- -> Windows 10 Version 1709 | [KB4493441](https://support.microsoft.com/help/4493441/windows-10-update-kb4493441) and [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071) -> Windows 10 Version 1803 | [KB4493464](https://support.microsoft.com/help/4493464) and [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045) -> Windows 10 Version 1809 | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077) -> Windows 10 Version 1903 | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941) - -- Are onboarded to [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure). If you're using Configuration Manager, update your console to the latest version. -- Have at least one security recommendation that can be viewed in the device page -- Are tagged or marked as co-managed - ## APIs Run threat and vulnerability management-related API calls to automate vulnerability management workflows. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615). @@ -126,6 +107,5 @@ See the following articles for related APIs: - [Weaknesses](tvm-weaknesses.md) - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [BLOG: Microsoft's Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time](https://www.microsoft.com/security/blog/2019/07/02/microsofts-threat-vulnerability-management-now-helps-thousands-of-customers-to-discover-prioritize-and-remediate-vulnerabilities-in-real-time/) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md new file mode 100644 index 0000000000..3206f14e30 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md @@ -0,0 +1,67 @@ +--- +title: Scenarios - threat and vulnerability management +description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate. +keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: ellevin +author: levinec +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint +ms.topic: article +--- + +# Define a device's value to the organization + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Defining a device’s value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation. Devices marked as “high value” will receive more weight. + +You can also use the [set device value API](set-device-value.md). + +Device value options: + +- Low +- Normal (Default) +- High + +Examples of devices that should be marked as high value: + +- Domain controllers, Active Directory +- Internet facing devices +- VIP devices +- Devices hosting internal/external production services + +## Set device value + +1. Navigate to any device page, the easiest place is from the device inventory. + +2. Select **Device Value** from three dots next to the actions bar at the top of the page. + ![Example of the device value dropdown.](images/tvm-device-value-dropdown.png) + +

+ +3. A flyout will appear with the current device value and what it means. Review the value of the device and choose the one that best fits your device. +![Example of the device value flyout.](images/tvm-device-value-flyout.png) + +## Related topics + +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) +- [APIs](next-gen-threat-and-vuln-mgt.md#apis) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md new file mode 100644 index 0000000000..714e8a1e93 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md @@ -0,0 +1,70 @@ +--- +title: Plan for end-of-support software and software versions +description: Get actionable security recommendations prioritized by threat, likelihood to be breached, and value, in threat and vulnerability management. +keywords: threat and vulnerability management, mdatp tvm security recommendation, cybersecurity recommendation, actionable security recommendation +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: ellevin +author: levinec +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint +ms.topic: conceptual +--- +# Plan for end-of-support software and software versions with threat and vulnerability management + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) + +End-of-support (EOS), otherwise known as end-of-life (EOL), for software or software versions means that they will no longer be supported or serviced, and will not receive security updates. When you use software or software versions with ended support, you're exposing your organization to security vulnerabilities, legal, and financial risks. + +It's crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. They should examine the options to remove or replace apps that have reached end-of-support and update versions that are no longer supported. It's best to create and implement a plan **before** the end of support dates. + +## Find software or software versions that are no longer supported + +1. From the threat and vulnerability management menu, navigate to [**Security recommendations**](tvm-security-recommendation.md). +2. Go to the **Filters** panel and look for the tags section. Select one or more of the EOS tag options. Then **Apply**. + + ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tag.png) + +3. You'll see a list of recommendations related to software with ended support, software versions that are end of support, or versions with upcoming end of support. These tags are also visible in the [software inventory](tvm-software-inventory.md) page. + + ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tags-column.png) + +## List of versions and dates + +To view a list of versions that have reached end of support, or end or support soon, and those dates, follow the below steps: + +1. A message will appear in the security recommendation flyout for software with versions that have reached end of support, or will reach end of support soon. + + ![Screenshot of version distribution link](images/eos-upcoming-eos.png) + +2. Select the **version distribution** link to go to the software drill-down page. There, you can see a filtered list of versions with tags identifying them as end of support, or upcoming end of support. + + ![Screenshot of version distribution link](images/software-drilldown-eos.png) + +3. Select one of the versions in the table to open. For example, version 10.0.18362.1. A flyout will appear with the end of support date. + + ![Screenshot of version distribution link](images/version-eos-date.png) + +Once you identify which software and software versions are vulnerable due to their end-of-support status, you must decide whether to update or remove them from your organization. Doing so will lower your organizations exposure to vulnerabilities and advanced persistent threats. + +## Related topics + +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) +- [Security recommendations](tvm-security-recommendation.md) +- [Software inventory](tvm-software-inventory.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md new file mode 100644 index 0000000000..ec2d78b08b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md @@ -0,0 +1,105 @@ +--- +title: File an exception for a security recommendation - threat and vulnerability management +description: Create and monitor exceptions for security recommendations in threat and vulnerability management. +keywords: microsoft defender atp tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: ellevin +author: levinec +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint +ms.topic: conceptual +--- +# File an exception for a security recommendation - threat and vulnerability management + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + + +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) + +As an alternative to a remediation request, you can create exceptions for recommendations. + +There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons. + +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list. + +1. Select a security recommendation you would like to create an exception for, and then **Exception options**. +![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) + +2. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. + + The following list details the justifications behind the exception options: + + - **Third party control** - A third party product or software already addresses this recommendation + - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced + - **Alternate mitigation** - An internal tool already addresses this recommendation + - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced + - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive + - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization + +3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. + +## View your exceptions + +When you file for an exception from the [Security recommendations page](tvm-security-recommendation.md), you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). + +The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status. + +![Example of the exception page and filter options.](images/tvm-exception-filters.png) + +### Exception actions and statuses + +You can take the following actions on an exception: + +- Cancel - You can cancel the exceptions you've filed anytime +- Resurface - Your exception automatically becomes void and resurfaces in the security recommendation list when dynamic environmental factors change. It adversely affects the exposure impact associated with a recommendation that had previously been excluded. + +The following statuses will be a part of an exception: + +- **Canceled** - The exception has been canceled and is no longer in effect +- **Expired** - The exception that you've filed is no longer in effect +- **In effect** - The exception that you've filed is in progress + +### Exception impact on scores + +Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Microsoft Secure Score for Devices of your organization in the following manner: + +- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores. +- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control. +- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Microsoft Secure Score for Devices results out of the exception option that you made. + +The exception impact shows on both the Security recommendations page column and in the flyout pane. + +![Screenshot identifying the impact sections which list score impacts in the full page security recommendations table, and the flyout.](images/tvm-exception-impact.png) + +### View exceptions in other places + +Select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard. It will open a filtered view in the **Security recommendations** page of recommendations with an "Exception" status. + +![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard.](images/tvm-exception-dashboard.png) + +## Related topics + +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) +- [Supported operating systems and platforms](tvm-supported-os.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) +- [Exposure score](tvm-exposure-score.md) +- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) +- [Security recommendations](tvm-security-recommendation.md) +- [Software inventory](tvm-software-inventory.md) +- [Weaknesses](tvm-weaknesses.md) +- [Event timeline](threat-and-vuln-mgt-event-timeline.md) +- [Scenarios](threat-and-vuln-mgt-scenarios.md) +- [APIs](next-gen-threat-and-vuln-mgt.md#apis) +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md rename to windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md new file mode 100644 index 0000000000..04ab0e13f8 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md @@ -0,0 +1,71 @@ +--- +title: Threat and vulnerability management +description: This new capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. +keywords: threat & vulnerability management, threat and vulnerability management, MDATP TVM, MDATP-TVM, vulnerability management, vulnerability assessment, threat and vulnerability scanning, secure configuration assessment, microsoft defender atp, microsoft defender atp, endpoint vulnerabilities, next generation +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: ellevin +author: levinec +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Prerequisites & permissions - threat and vulnerability management + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) + +Ensure that your devices: + +- Are onboarded to Microsoft Defender Advanced Threat Protection +- Run [supported operating systems and platforms](tvm-supported-os.md) +- Have the following mandatory updates installed and deployed in your network to boost your vulnerability assessment detection rates: + +> Release | Security update KB number and link +> :---|:--- +> Windows 10 Version 1709 | [KB4493441](https://support.microsoft.com/help/4493441/windows-10-update-kb4493441) and [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071) +> Windows 10 Version 1803 | [KB4493464](https://support.microsoft.com/help/4493464) and [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045) +> Windows 10 Version 1809 | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077) +> Windows 10 Version 1903 | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941) + +- Are onboarded to [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure). If you're using Configuration Manager, update your console to the latest version. +- Have at least one security recommendation that can be viewed in the device page +- Are tagged or marked as co-managed + +## Relevant permission options + +1. Log in to Microsoft Defender Security Center using account with a Security administrator or Global administrator role assigned. +2. In the navigation pane, select **Settings > Roles**. + +For more information, see [Create and manage roles for role-based access control](user-roles.md) + +### View data + +- **Security operations** - View all security operations data in the portal +- **Threat and vulnerability management** - View threat and vulnerability management data in the portal + +### Active remediation actions + +- **Security operations** - Take response actions, approve or dismiss pending remediation actions, manage allowed/blocked lists for automation and indicators +- **Threat and vulnerability management - Exception handling** - Create new exceptions and manage active exceptions +- **Threat and vulnerability management - Remediation handling** - Submit new remediation requests, create tickets, and manage existing remediation activities + +For more information, see [RBAC permission options](user-roles.md##permission-options) + +## See also + +- [Supported operating systems and platforms](tvm-supported-os.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) +- [Exposure score](tvm-exposure-score.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 96e22571c0..784f4d7a44 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -1,5 +1,5 @@ --- -title: Remediation activities and exceptions - threat and vulnerability management +title: Remediate vulnerabilities with threat and vulnerability management description: Remediate security weaknesses discovered through security recommendations, and create exceptions if needed, in threat and vulnerability management. keywords: microsoft defender atp tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm search.product: eADQiWindows 10XVcnh @@ -18,7 +18,7 @@ ms.collection: - m365initiative-defender-endpoint ms.topic: conceptual --- -# Remediation activities and exceptions - threat and vulnerability management +# Remediate vulnerabilities with threat and vulnerability management [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] @@ -31,6 +31,31 @@ ms.topic: conceptual >[!NOTE] >To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on. +## Request remediation + +The threat and vulnerability management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune. + +### Enable Microsoft Intune connection + +To use this capability, enable your Microsoft Intune connections. In the Microsoft Defender Security Center, navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle **On**. + +See [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details. + +### Remediation request steps + +1. Select a security recommendation you would like to request remediation for, and then select **Remediation options**. + +2. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices. + +3. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment. + +4. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request. + +If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details. + +>[!NOTE] +>If your request involves remediating more than 10,000 devices, we can only send 10,000 devices for remediation to Intune. + After your organization's cybersecurity weaknesses are identified and mapped to actionable [security recommendations](tvm-security-recommendation.md), start creating security tasks. You can create tasks through the integration with Microsoft Intune where remediation tickets are created. Lower your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations. @@ -59,44 +84,6 @@ When you [submit a remediation request](tvm-security-recommendation.md#request-r Once you are in the Remediation page, select the remediation activity that you want to view. You can follow the remediation steps, track progress, view the related recommendation, export to CSV, or mark as complete. ![Example of the Remediation page, with a selected remediation activity, and that activity's flyout listing the description, IT service and device management tools, and device remediation progress.](images/remediation_flyouteolsw.png) -## Exceptions - -When you [file for an exception](tvm-security-recommendation.md#file-for-exception) from the [Security recommendations page](tvm-security-recommendation.md), you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). - -The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status. - -![Example of the exception page and filter options.](images/tvm-exception-filters.png) - -### Exception actions and statuses - -You can take the following actions on an exception: - -- Cancel - You can cancel the exceptions you've filed anytime -- Resurface - Your exception automatically becomes void and resurfaces in the security recommendation list when dynamic environmental factors change. It adversely affects the exposure impact associated with a recommendation that had previously been excluded. - -The following statuses will be a part of an exception: - -- **Canceled** - The exception has been canceled and is no longer in effect -- **Expired** - The exception that you've filed is no longer in effect -- **In effect** - The exception that you've filed is in progress - -### Exception impact on scores - -Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Microsoft Secure Score for Devices of your organization in the following manner: - -- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores. -- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control. -- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Microsoft Secure Score for Devices results out of the exception option that you made. - -The exception impact shows on both the Security recommendations page column and in the flyout pane. - -![Screenshot identifying the impact sections which list score impacts in the full page security recommendations table, and the flyout.](images/tvm-exception-impact.png) - -### View exceptions in other places - -Select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard. It will open a filtered view in the **Security recommendations** page of recommendations with an "Exception" status. - -![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard.](images/tvm-exception-dashboard.png) ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 723a90bded..4fa0f5695a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -107,58 +107,7 @@ If there is a large jump in the number of exposed machines, or a sharp increase 1. Select the recommendation and **Open software page** 2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md) -3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request - -## Request remediation - -The threat and vulnerability management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune. - -### Enable Microsoft Intune connection - -To use this capability, enable your Microsoft Intune connections. In the Microsoft Defender Security Center, navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle **On**. - -See [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details. - -### Remediation request steps - -1. Select a security recommendation you would like to request remediation for, and then select **Remediation options**. - -2. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices. - -3. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment. - -4. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request. - -If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details. - ->[!NOTE] ->If your request involves remediating more than 10,000 devices, we can only send 10,000 devices for remediation to Intune. - -## File for exception - -As an alternative to a remediation request, you can create exceptions for recommendations. - -There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons. - -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list. - -1. Select a security recommendation you would like to create an exception for, and then **Exception options**. -![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) - -2. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. - - The following list details the justifications behind the exception options: - - - **Third party control** - A third party product or software already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - - **Alternate mitigation** - An internal tool already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization - -3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. - -4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat and vulnerability management** menu and select the **Exceptions** tab to view all your exceptions (current and past). +3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request. ## Report inaccuracy @@ -174,41 +123,6 @@ You can report a false positive when you see any vague, inaccurate, incomplete, 4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts. -## Find and remediate software or software versions which have reached end-of-support (EOS) - -End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced, and will not receive security updates. When you use software or software versions with ended support, you're exposing your organization to security vulnerabilities, legal, and financial risks. - -It's crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. They should examine the options to remove or replace apps that have reached end-of-support and update versions that are no longer supported. It's best to create and implement a plan **before** the end of support dates. - -To find software or software versions that are no longer supported: - -1. From the threat and vulnerability management menu, navigate to **Security recommendations**. -2. Go to the **Filters** panel and look for the tags section. Select one or more of the EOS tag options. Then **Apply**. - - ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tag.png) - -3. You'll see a list of recommendations related to software with ended support, software versions that are end of support, or versions with upcoming end of support. These tags are also visible in the [software inventory](tvm-software-inventory.md) page. - - ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tags-column.png) - -### List of versions and dates - -To view a list of versions that have reached end of support, or end or support soon, and those dates, follow the below steps: - -1. A message will appear in the security recommendation flyout for software with versions that have reached end of support, or will reach end of support soon. - - ![Screenshot of version distribution link](images/eos-upcoming-eos.png) - -2. Select the **version distribution** link to go to the software drill-down page. There, you can see a filtered list of versions with tags identifying them as end of support, or upcoming end of support. - - ![Screenshot of version distribution link](images/software-drilldown-eos.png) - -3. Select one of the versions in the table to open. For example, version 10.0.18362.1. A flyout will appear with the end of support date. - - ![Screenshot of version distribution link](images/version-eos-date.png) - -Once you identify which software and software versions are vulnerable due to their end-of-support status, you must decide whether to update or remove them from your organization. Doing so will lower your organizations exposure to vulnerabilities and advanced persistent threats. - ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 13d0634456..03f4ad48e6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -25,6 +25,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) @@ -88,14 +89,6 @@ Report a false positive when you see any vague, inaccurate, or incomplete inform ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) -- [Exposure score](tvm-exposure-score.md) -- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) -- [Remediation and exception](tvm-remediation.md) -- [Weaknesses](tvm-weaknesses.md) - [Event timeline](threat-and-vuln-mgt-event-timeline.md) -- [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [View and organize the Microsoft Defender ATP Devices list](machines-view-overview.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index 4de1a79a1e..e533863d57 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -1,7 +1,7 @@ --- title: Supported operating systems and platforms for threat and vulnerability management description: Before you begin, ensure that you meet the operating system or platform requisites for threat and vulnerability management so the activities in your all devices are properly accounted for. -keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score +keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, search.appverid: met150 search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -26,6 +26,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) @@ -50,14 +51,4 @@ Linux | Not supported (planned) ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) -- [Exposure score](tvm-exposure-score.md) -- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) -- [Security recommendations](tvm-security-recommendation.md) -- [Remediation and exception](tvm-remediation.md) -- [Software inventory](tvm-software-inventory.md) -- [Weaknesses](tvm-weaknesses.md) -- [Event timeline](threat-and-vuln-mgt-event-timeline.md) -- [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for threat and vulnerability management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Prerequisites & permissions](tvm-prerequisites.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 523a9d850b..b2b0021f69 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -1,5 +1,5 @@ --- -title: Weaknesses found by threat and vulnerability management +title: Vulnerabilities in my organization - threat and vulnerability management description: Lists the common vulnerabilities and exposures (CVE) ID of weaknesses found in the software running in your organization. Discovered by the Microsoft Defender ATP threat and vulnerability management capability. keywords: mdatp threat & vulnerability management, threat and vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm search.product: eADQiWindows 10XVcnh @@ -18,19 +18,19 @@ ms.collection: - m365initiative-defender-endpoint ms.topic: conceptual --- -# Weaknesses found by threat and vulnerability management +# Vulnerabilities in my organization - threat and vulnerability management [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) Threat and vulnerability management uses the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities. -The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization by listing the Common Vulnerabilities and Exposures (CVE) ID. You can also view the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more. +The **Weaknesses** page lists the software vulnerabilities your devices are exposed to by listing the Common Vulnerabilities and Exposures (CVE) ID. You can also view the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more. >[!NOTE] >If there is no official CVE-ID assigned to a vulnerability, the vulnerability name is assigned by threat and vulnerability management. @@ -140,14 +140,6 @@ Report a false positive when you see any vague, inaccurate, or incomplete inform ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) -- [Exposure score](tvm-exposure-score.md) -- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) -- [Remediation and exception](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) -- [Event timeline](threat-and-vuln-mgt-event-timeline.md) -- [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [View and organize the Microsoft Defender ATP Devices list](machines-view-overview.md) From fbb41b10fc40b32454a6159cf83f1859dda5a19c Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 16 Oct 2020 17:34:41 -0700 Subject: [PATCH 66/84] updated topics --- .../next-gen-threat-and-vuln-mgt.md | 10 --- .../tvm-dashboard-insights.md | 7 +-- .../tvm-end-of-support-software.md | 2 +- .../microsoft-defender-atp/tvm-exception.md | 38 +++++------- .../tvm-exposure-score.md | 8 --- .../tvm-hunt-exposed-devices.md | 61 +++++-------------- .../tvm-microsoft-secure-score-devices.md | 11 +--- .../tvm-prerequisites.md | 14 +++-- .../microsoft-defender-atp/tvm-remediation.md | 49 ++++----------- .../tvm-security-recommendation.md | 25 +++----- .../tvm-software-inventory.md | 3 +- .../tvm-supported-os.md | 4 +- .../microsoft-defender-atp/tvm-weaknesses.md | 8 +-- 13 files changed, 73 insertions(+), 167 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index 7499f4de13..37b42afa50 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -21,7 +21,6 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -99,13 +98,4 @@ See the following articles for related APIs: - [Supported operating systems and platforms](tvm-supported-os.md) - [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) -- [Exposure score](tvm-exposure-score.md) -- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) -- [Security recommendations](tvm-security-recommendation.md) -- [Remediation and exception](tvm-remediation.md) -- [Software inventory](tvm-software-inventory.md) -- [Weaknesses](tvm-weaknesses.md) -- [Event timeline](threat-and-vuln-mgt-event-timeline.md) -- [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [BLOG: Microsoft's Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time](https://www.microsoft.com/security/blog/2019/07/02/microsofts-threat-vulnerability-management-now-helps-thousands-of-customers-to-discover-prioritize-and-remediate-vulnerabilities-in-real-time/) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index eca2eff41e..f5a4c36323 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -83,14 +83,9 @@ For more information on the icons used throughout the portal, see [Microsoft Def ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [Supported operating systems and platforms](tvm-supported-os.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) -- [Remediation and exception](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) -- [Weaknesses](tvm-weaknesses.md) - [Event timeline](threat-and-vuln-mgt-event-timeline.md) -- [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for threat and vulnerability management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) + diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md index 714e8a1e93..133be4654e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md @@ -1,6 +1,6 @@ --- title: Plan for end-of-support software and software versions -description: Get actionable security recommendations prioritized by threat, likelihood to be breached, and value, in threat and vulnerability management. +description: Discover and plan for software and software versions that are no longer supported and won't receive security updates. keywords: threat and vulnerability management, mdatp tvm security recommendation, cybersecurity recommendation, actionable security recommendation search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md index ec2d78b08b..8b0dad82a1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md @@ -1,5 +1,5 @@ --- -title: File an exception for a security recommendation - threat and vulnerability management +title: Create and view exceptions for security recommendations - threat and vulnerability management description: Create and monitor exceptions for security recommendations in threat and vulnerability management. keywords: microsoft defender atp tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm search.product: eADQiWindows 10XVcnh @@ -18,26 +18,28 @@ ms.collection: - m365initiative-defender-endpoint ms.topic: conceptual --- -# File an exception for a security recommendation - threat and vulnerability management +# Create and view exceptions for security recommendations - threat and vulnerability management [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -As an alternative to a remediation request, you can create exceptions for recommendations. +Sometimes, you may not be able to take the remediation steps suggested by a security recommendation. If that is the case, threat and vulnerability management gives you an avenue to create an exception. -There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons. +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and no longer shows up in the security recommendations list. -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list. +## Create an exception -1. Select a security recommendation you would like to create an exception for, and then **Exception options**. +1. Go to the threat and vulnerability management navigation menu in the Microsoft Defender Security Center, and select [**Security recommendations**](tvm-security-recommendation.md). + +2. Select a security recommendation you would like to create an exception for, and then **Exception options**. ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) -2. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. +3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. The following list details the justifications behind the exception options: @@ -48,11 +50,11 @@ When an exception is created for a recommendation, the recommendation is no long - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization -3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. +4. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. ## View your exceptions -When you file for an exception from the [Security recommendations page](tvm-security-recommendation.md), you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). +When you file for an exception from the security recommendations page, you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status. @@ -60,10 +62,7 @@ The exceptions you've filed will show up in the **Remediation** page, in the **E ### Exception actions and statuses -You can take the following actions on an exception: - -- Cancel - You can cancel the exceptions you've filed anytime -- Resurface - Your exception automatically becomes void and resurfaces in the security recommendation list when dynamic environmental factors change. It adversely affects the exposure impact associated with a recommendation that had previously been excluded. +Once an exception exists, you can cancel it at any time by going to the exception in the **Remediation** page and selecting **Cancel exception**. The following statuses will be a part of an exception: @@ -92,14 +91,7 @@ Select **Show exceptions** at the bottom of the **Top security recommendations** ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) +- [Remediate vulnerabilities](tvm-remediation.md) +- [Security recommendations](tvm-security-recommendation.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) -- [Security recommendations](tvm-security-recommendation.md) -- [Software inventory](tvm-software-inventory.md) -- [Weaknesses](tvm-weaknesses.md) -- [Event timeline](threat-and-vuln-mgt-event-timeline.md) -- [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index 1773f17654..f4e3899906 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -65,14 +65,6 @@ Lower your threat and vulnerability exposure by remediating [security recommenda ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) -- [Remediation and exception](tvm-remediation.md) -- [Software inventory](tvm-software-inventory.md) -- [Weaknesses](tvm-weaknesses.md) - [Event timeline](threat-and-vuln-mgt-event-timeline.md) -- [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md index 77b4642f92..9ed8b6cbca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md @@ -1,5 +1,5 @@ --- -title: Scenarios - threat and vulnerability management +title: Hunt for exposed devices description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate. keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls search.product: eADQiWindows 10XVcnh @@ -19,20 +19,31 @@ ms.collection: ms.topic: article --- -# Scenarios - threat and vulnerability management +# Hunt for exposed devices - threat and vulnerability management [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -[!include[Prerelease information](../../includes/prerelease.md)] +## Use advanced hunting to find devices with vulnerabilities -## Use advanced hunting query to search for devices with High active alerts or critical CVE public exploit +Advanced hunting is a query-based threat-hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities. The flexible access to data enables unconstrained hunting for both known and potential threats. [Learn more about advanced hunting](advanced-hunting-overview.md) + +### Schema tables + +- [DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md) - Inventory of software on devices as well as any known vulnerabilities in these software products + +- [DeviceTvmSoftwareVulnerabilitiesKB](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md) - Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available + +- [DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md) - Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices + +- [DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md) - Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks + +## Check which devices are involved in high severity alerts 1. Go to **Advanced hunting** from the left-hand navigation pane of the Microsoft Defender Security Center. @@ -55,50 +66,10 @@ DeviceName=any(DeviceName) by DeviceId, AlertId ``` -## Define a device's value to the organization - -Defining a device’s value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation. Devices marked as “high value” will receive more weight. - -You can also use the [set device value API](set-device-value.md). - -Device value options: - -- Low -- Normal (Default) -- High - -Examples of devices that should be marked as high value: - -- Domain controllers, Active Directory -- Internet facing devices -- VIP devices -- Devices hosting internal/external production services - -### Set device value - -1. Navigate to any device page, the easiest place is from the device inventory. - -2. Select **Device Value** from three dots next to the actions bar at the top of the page. - ![Example of the device value dropdown.](images/tvm-device-value-dropdown.png) - -

- -3. A flyout will appear with the current device value and what it means. Review the value of the device and choose the one that best fits your device. -![Example of the device value flyout.](images/tvm-device-value-flyout.png) - - ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) -- [Exposure score](tvm-exposure-score.md) -- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) -- [Remediation and exception](tvm-remediation.md) -- [Software inventory](tvm-software-inventory.md) -- [Weaknesses](tvm-weaknesses.md) -- [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [Advanced hunting overview](overview-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md index 59c5598a86..f388e2ec91 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md @@ -1,5 +1,5 @@ --- -title: Overview of Microsoft Secure Score for Devices in Microsoft Defender Security Center +title: Microsoft Secure Score for Devices description: Your score for devices shows the collective security configuration state of your devices across application, operating system, network, accounts, and security controls. keywords: Microsoft Secure Score for Devices, mdatp Microsoft Secure Score for Devices, secure score, configuration score, threat and vulnerability management, security controls, improvement opportunities, security configuration score over time, security posture, baseline search.product: eADQiWindows 10XVcnh @@ -100,13 +100,6 @@ Improve your security configuration by remediating issues from the security reco ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) +- [Dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Security recommendations](tvm-security-recommendation.md) -- [Remediation and exception](tvm-remediation.md) -- [Software inventory](tvm-software-inventory.md) -- [Weaknesses](tvm-weaknesses.md) -- [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for threat and vulnerability management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md index 04ab0e13f8..437ee5c49d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md @@ -1,7 +1,7 @@ --- -title: Threat and vulnerability management -description: This new capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. -keywords: threat & vulnerability management, threat and vulnerability management, MDATP TVM, MDATP-TVM, vulnerability management, vulnerability assessment, threat and vulnerability scanning, secure configuration assessment, microsoft defender atp, microsoft defender atp, endpoint vulnerabilities, next generation +title: Prerequisites & permissions - threat and vulnerability management +description: Before you begin using threat and vulnerability management, make sure you have the relevant configurations and permissions. +keywords: threat & vulnerability management permissions prerequisites, threat and vulnerability management permissions prerequisites, MDATP TVM permissions prerequisites, vulnerability management search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -62,10 +62,12 @@ For more information, see [Create and manage roles for role-based access control - **Threat and vulnerability management - Exception handling** - Create new exceptions and manage active exceptions - **Threat and vulnerability management - Remediation handling** - Submit new remediation requests, create tickets, and manage existing remediation activities -For more information, see [RBAC permission options](user-roles.md##permission-options) +For more information, see [RBAC permission options](user-roles.md#permission-options) -## See also +## Related articles +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) +- [Assign device value](tvm-assign-device-value.md) - [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) -- [Exposure score](tvm-exposure-score.md) + diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 784f4d7a44..328a47fcfc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -22,15 +22,11 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) ->[!NOTE] ->To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on. - ## Request remediation The threat and vulnerability management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune. @@ -43,13 +39,15 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender AT ### Remediation request steps -1. Select a security recommendation you would like to request remediation for, and then select **Remediation options**. +1. Go to the threat and vulnerability management navigation menu in the Microsoft Defender Security Center, and select [**Security recommendations**](tvm-security-recommendation.md). -2. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices. +2. Select a security recommendation you would like to request remediation for, and then select **Remediation options**. -3. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment. +3. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices. -4. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request. +4. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment. + +5. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request. If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details. @@ -60,16 +58,12 @@ After your organization's cybersecurity weaknesses are identified and mapped to Lower your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations. -## Navigate to the Remediation page +## View your remediation activities -You can access the Remediation page a few different ways: +When you submit a remediation request from the Security recommendations page, it kicks-off a remediation activity. A security task is created that can be tracked in the threat and vulnerability management **Remediation** page, and a remediation ticket is created in Microsoft Intune. -- Threat and vulnerability management navigation menu in the [Microsoft Defender Security Center](portal-overview.md) -- Top remediation activities card in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) - -### Navigation menu - -Go to the threat and vulnerability management navigation menu and select **Remediation**. It will open the list of remediation activities and exceptions found in your organization. +Once you are in the Remediation page, select the remediation activity that you want to view. You can follow the remediation steps, track progress, view the related recommendation, export to CSV, or mark as complete. +![Example of the Remediation page, with a selected remediation activity, and that activity's flyout listing the description, IT service and device management tools, and device remediation progress.](images/remediation_flyouteolsw.png) ### Top remediation activities in the dashboard @@ -77,25 +71,8 @@ View **Top remediation activities** in the [threat and vulnerability management ![Example of Top remediation activities card with a table that lists top activities that were generated from security recommendations.](images/tvm-remediation-activities-card.png) -## Remediation activities - -When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created that can be tracked in the threat and vulnerability management **Remediation** page, and a remediation ticket is created in Microsoft Intune. - -Once you are in the Remediation page, select the remediation activity that you want to view. You can follow the remediation steps, track progress, view the related recommendation, export to CSV, or mark as complete. -![Example of the Remediation page, with a selected remediation activity, and that activity's flyout listing the description, IT service and device management tools, and device remediation progress.](images/remediation_flyouteolsw.png) - - -## Related topics +## Related articles - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) -- [Exposure score](tvm-exposure-score.md) -- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) -- [Security recommendations](tvm-security-recommendation.md) -- [Software inventory](tvm-software-inventory.md) -- [Weaknesses](tvm-weaknesses.md) -- [Event timeline](threat-and-vuln-mgt-event-timeline.md) -- [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Dashboard](tvm-dashboard-insights.md) +- [Security recommendations](tvm-security-recommendation.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 4fa0f5695a..a59b92154b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -22,10 +22,10 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) @@ -79,7 +79,7 @@ The color of the **Exposed devices** graph changes as the trend changes. If the ### Icons -Useful icons also quickly call your attention to: +Useful icons also quickly call your attention to: - ![arrow hitting a target](images/tvm_alert_icon.png) possible active alerts - ![red bug](images/tvm_bug_icon.png) associated public exploits - ![light bulb](images/tvm_insight_icon.png) recommendation insights @@ -94,16 +94,16 @@ From the flyout, you can choose any of the following options: - **Open software page** - Open the software page to get more context on the software and how it's distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution. -- [**Remediation options**](tvm-security-recommendation.md#request-remediation) - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address. +- [**Remediation options**](tvm-remediation.md) - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address. -- [**Exception options**](tvm-security-recommendation.md#file-for-exception) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue yet. +- [**Exception options**](tvm-exception.md) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue yet. >[!NOTE] >When a change is made on a device, it typically takes two hours for the data to be reflected in the Microsoft Defender Security Center. However, it may sometimes take longer. -### Investigate changes in machine exposure or impact +### Investigate changes in device exposure or impact -If there is a large jump in the number of exposed machines, or a sharp increase in the impact on your organization exposure score and configuration score, then that security recommendation is worth investigating. +If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and configuration score, then that security recommendation is worth investigating. 1. Select the recommendation and **Open software page** 2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md) @@ -123,17 +123,12 @@ You can report a false positive when you see any vague, inaccurate, incomplete, 4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts. -## Related topics +## Related articles - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) +- [Dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) -- [Remediation and exception](tvm-remediation.md) -- [Software inventory](tvm-software-inventory.md) -- [Weaknesses](tvm-weaknesses.md) +- [Remediate vulnerabilities](tvm-remediation.md) +- [Create and view exceptions for security recommendations](tvm-exceptions.md) - [Event timeline](threat-and-vuln-mgt-event-timeline.md) -- [Scenarios](threat-and-vuln-mgt-scenarios.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 03f4ad48e6..d34335654a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -22,7 +22,6 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) @@ -86,7 +85,7 @@ Report a false positive when you see any vague, inaccurate, or incomplete inform 3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details about the inaccuracy. 4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts. -## Related topics +## Related articles - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Security recommendations](tvm-security-recommendation.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index e533863d57..8802d9cf10 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -1,6 +1,6 @@ --- title: Supported operating systems and platforms for threat and vulnerability management -description: Before you begin, ensure that you meet the operating system or platform requisites for threat and vulnerability management so the activities in your all devices are properly accounted for. +description: Ensure that you meet the operating system or platform requisites for threat and vulnerability management, so the activities in your all devices are properly accounted for. keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, search.appverid: met150 search.product: eADQiWindows 10XVcnh @@ -48,7 +48,7 @@ Windows Server 2019 | Operating System (OS) vulnerabilities
Software product macOS 10.13 "High Sierra" and above | Operating System (OS) vulnerabilities
Software product vulnerabilities Linux | Not supported (planned) -## Related topics +## Related articles - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Prerequisites & permissions](tvm-prerequisites.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index b2b0021f69..ae152f9f21 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -70,7 +70,7 @@ Remediate the vulnerabilities in exposed devices to reduce the risk to your asse ### Breach and threat insights -View related breach and threat insights in the **Threat** column when the icons are colored red. +View any related breach and threat insights in the **Threat** column when the icons are colored red. >[!NOTE] > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight icon ![Simple drawing of a red bug.](images/tvm_bug_icon.png) and breach insight icon ![Simple drawing of an arrow hitting a target.](images/tvm_alert_icon.png). @@ -78,13 +78,13 @@ View related breach and threat insights in the **Threat** column when the icons The breach insights icon is highlighted if there's a vulnerability found in your organization. ![Example of a breach insights text that could show up when hovering over icon. This one says "possible active alert is associated with this recommendation.](images/tvm-breach-insights.png) -The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. Hovering over the icon shows whether the threat is a part of an exploit kit, or connected to specific advanced persistent campaigns or activity groups. When available, there is a link to a Threat Analytics report with zero-day exploitation news, disclosures, or related security advisories. +The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. Hovering over the icon shows whether the threat is a part of an exploit kit, or connected to specific advanced persistent campaigns or activity groups. When available, there's a link to a Threat Analytics report with zero-day exploitation news, disclosures, or related security advisories. ![Threat insights text that that could show up when hovering over icon. This one has multiple bullet points and linked text.](images/tvm-threat-insights.png) ### Gain vulnerability insights -If you select a CVE, a flyout panel will open with more information, including the vulnerability description, details, threat insights, and exposed devices. +If you select a CVE, a flyout panel will open with more information such as the vulnerability description, details, threat insights, and exposed devices. The "OS Feature" category is shown in relevant scenarios. @@ -137,7 +137,7 @@ Report a false positive when you see any vague, inaccurate, or incomplete inform 3. Select the inaccuracy category from the drop-down menu and fill in your email address and inaccuracy details. 4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts. -## Related topics +## Related articles - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Security recommendations](tvm-security-recommendation.md) From 470c7b461c81f52a684493ae589c090f9a3193d9 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 17 Oct 2020 16:54:30 +0530 Subject: [PATCH 67/84] Update windows/security/threat-protection/index.md accepted Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/security/threat-protection/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 3763417926..5873b326d0 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -19,7 +19,7 @@ ms.topic: conceptual # Threat Protection [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture. ->[!TIP] +> [!TIP] > Enable your users to access cloud services and on-premises applications with ease and enable modern management capabilities for all devices. For more information, see [Secure your remote workforce](https://docs.microsoft.com/enterprise-mobility-security/remote-work/).

Microsoft Defender ATP

From d73e0a401052b2abd11f49532e9a37d76f33dbc5 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 17 Oct 2020 19:59:34 +0530 Subject: [PATCH 68/84] added simplifying deployment of SSU link as per the user feedback #8478, so i added a simplifying-on-premises-deployment-of-SSU link. --- windows/deployment/update/servicing-stack-updates.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index 49d29f4d8a..3ad8432738 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -28,6 +28,8 @@ Servicing stack updates provide fixes to the servicing stack, the component that Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. +See this [Simplifing Deployment of Servicing Stack Updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-on-premises-deployment-of-servicing-stack-updates/ba-p/1646039) + ## When are they released? Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical." From 6c90d2ae9c752f696655ced332343b29b4f42b18 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 19 Oct 2020 17:18:02 +0500 Subject: [PATCH 69/84] Correction in Syntax As mentioned by the user, * was missing the statement. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8211 --- windows/client-management/mdm/firewall-csp.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 1fae08c646..64c5a2f5d7 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -248,9 +248,9 @@ Sample syncxml to provision the firewall settings to evaluate

Value type is string. Supported operations are Add, Get, Replace, and Delete.

**FirewallRules/*FirewallRuleName*/LocalAddressRanges** -

Comma separated list of local addresses covered by the rule. The default value is "". Valid tokens include:

+

Comma separated list of local addresses covered by the rule. The default value is "*". Valid tokens include: