From bff3d3478dd41a707711b5f718af6575708c9b3c Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Fri, 21 Oct 2016 10:05:34 -0700 Subject: [PATCH 1/2] Reorgd the registry sectn per Suhas M --- ...rd-enable-virtualization-based-security.md | 149 ++++++++++++++---- 1 file changed, 116 insertions(+), 33 deletions(-) diff --git a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md index f9a6a62792..edb6d77be3 100644 --- a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md +++ b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md @@ -22,21 +22,21 @@ Hardware-based security features, also called virtualization-based security or V 3. **Enable the necessary Windows features**. There are several ways to enable the Windows features required for hardware-based security. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see the following section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security). -4. **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see [Enable virtualization-based security (VBS)](#enable-virtualization-based-security-vbs), later in this topic. +4. **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see [Enable virtualization-based security (VBS)](#enable-virtualization-based-security-vbs-and-device-guard), later in this topic. For information about enabling Credential Guard, see [Protect derived domain credentials with Credential Guard](credential-guard.md). -## Windows feature requirements for virtualization-based security +## Windows feature requirements for virtualization-based security and Device Guard -In addition to the hardware requirements found in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard), you must enable certain operating system features before you can enable VBS: +In addition to the hardware requirements found in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard), you must confirm that certain operating system features are enabled before you can enable VBS: - With Windows 10, version 1607 or Windows Server 2016:
-Hyper-V Hypervisor (shown in Figure 1). +Hyper-V Hypervisor, which is enabled automatically (shown in Figure 1). - With an earlier version of Windows 10, or Windows Server 2016 Technical Preview 5 or earlier:
Hyper-V Hypervisor and Isolated User Mode (not shown). -> **Note**  You can configure these features manually by using Windows PowerShell or Deployment Image Servicing and Management. For specific information about these methods, see [Protect derived domain credentials with Credential Guard](credential-guard.md). +> **Note**  You can configure these features by using Group Policy or Deployment Image Servicing and Management, or manually by using Windows PowerShell or the Windows Features dialog box.   ![Turn Windows features on or off](images/dg-fig1-enableos.png) @@ -44,41 +44,19 @@ Figure 1. Enable operating system feature for VBS After you enable the feature or features, you can enable VBS for Device Guard, as described in the following sections. -## Enable Virtualization Based Security (VBS) +## Enable Virtualization Based Security (VBS) and Device Guard Before you begin this process, verify that the target device meets the hardware and firmware requirements for the features that you want, as described in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). Also, confirm that you have enabled the Windows features discussed in the previous section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security). -There are multiple ways to configure VBS features for Device Guard. You can use the [readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) rather than the procedures in this topic, or you can use the following procedures, either to configure the appropriate registry keys manually or to use Group Policy. +There are multiple ways to configure VBS features for Device Guard: -> **Important**   -> - The settings in the following procedure include **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you simply choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.
In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can still have code integrity policies enabled.
For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
-> - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers. - -**To configure VBS manually** - -1. Navigate to the **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard** registry subkey. - -2. Set the **EnableVirtualizationBasedSecurity DWORD** value to **1**. - -3. Set the **RequirePlatformSecurityFeatures DWORD** value as appropriate: - - | **With Windows 10, version 1607,
or Windows Server 2016** | **With an earlier version of Windows 10,
or Windows Server 2016 Technical Preview 5 or earlier** | - | ---------------- | ---------------- | - | **1** enables the **Secure Boot** option
**3** enables the **Secure Boot and DMA protection** option | **1** enables the **Secure Boot** option
**2** enables the **Secure Boot and DMA protection** option | - -4. With a supported operating system earlier than Windows 10, version 1607, or Windows Server 2016, skip this step, and remain in the same registry subkey. - - With Windows 10, version 1607, or Windows Server 2016, navigate to **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios**. - -5. Set the **HypervisorEnforcedCodeIntegrity DWORD** value to **1**. - -6. Restart the client computer. - -Unfortunately, it would be time consuming to perform these steps manually on every protected computer in your enterprise. Group Policy offers a much simpler way to deploy these features to your organization. This example creates a test organizational unit (OU) called *DG Enabled PCs*. If you want, you can instead link the policy to an existing OU, and then scope the GPO by using appropriately named computer security groups. +- You can use the [readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) rather than the procedures in this topic. +- You can use Group Policy, as described in the procedure that follows. +- You can configure VBS manually, as described in [Use registry keys to enable VBS and Device Guard](#use-registry-keys-to-enable-vbs-and-device-guard), later in this topic. > **Note**  We recommend that you test-enable these features on a group of test computers before you enable them on users' computers. If untested, there is a possibility that this feature can cause system instability and ultimately cause the client operating system to fail. -### Use Group Policy to enable VBS +### Use Group Policy to enable VBS and Device Guard 1. To create a new GPO, right-click the OU to which you want to link the GPO, and then click **Create a GPO in this domain, and Link it here**. @@ -125,6 +103,111 @@ Unfortunately, it would be time consuming to perform these steps manually on eve Processed Device Guard policies are logged in event viewer at **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational**. When the **Turn On Virtualization Based Security** policy is successfully processed, event ID 7000 is logged, which contains the selected settings within the policy. +>**Note**  Events will be logged in this event channel only when Group Policy is used to enable Device Guard features, not through other methods. If other methods such as registry keys are used, Device Guard features will be enabled but the events won’t be logged in this event channel. + +### Use registry keys to enable VBS and Device Guard + +Set the following registry keys to enable VBS and Device Guard. This provides exactly same set of configuration options provided by Group Policy. + +> **Important**   +> - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you simply choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.
In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can still have code integrity policies enabled.
For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
+> - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers. + +#### For Windows 1607 and above + +Recommended settings (to enable virtualization-based protection of Code Integrity policies, without UEFI Lock): + +``` commands +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f + +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f + +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f + +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f + +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f +``` + +If you want to customize the preceding recommended settings, use the following settings. + +**To enable VBS** + +``` command +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f +``` + +**To enable VBS and require Secure boot only (value 1)** + +``` command +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f +``` + +> To enable **VBS with Secure Boot and DMA (value 2)**, in the preceding command, change **/d 1** to **/d 2**. + +**To enable VBS without UEFI lock (value 0)** + +``` command +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f +``` + +> To enable **VBS with UEFI lock (value 1)**, in the preceding command, change **/d 0** to **/d 1**. + +**To enable virtualization-based protection of Code Integrity policies** + +``` command +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f +``` + +**To enable virtualization-based protection of Code Integrity policies without UEFI lock (value 0)** + +``` command +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f +``` + +> To enable **virtualization-based protection of Code Integrity policies with UEFI lock (value 1)**, in the preceding command, change **/d 0** to **/d 1**. + +#### For Windows 1511 and below + +Recommended settings (to enable virtualization-based protection of Code Integrity policies, without UEFI Lock): + +``` command +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f + +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f + +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "HypervisorEnforcedCodeIntegrity" /t REG_DWORD /d 1 /f + +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v " Unlocked" /t REG_DWORD /d 1 /f +``` + +If you want to customize the preceding recommended settings, use the following settings. + +**To enable VBS (it is always locked to UEFI)** + +``` command +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f +``` + +**To enable VBS and require Secure boot only (value 1)** + +``` command +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f +``` + +> To enable **VBS with Secure Boot and DMA (value 2)**, in the preceding command, change **/d 1** to **/d 2**. + +**To enable virtualization-based protection of Code Integrity policies (with the default, UEFI lock)** + +``` command +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "HypervisorEnforcedCodeIntegrity" /t REG_DWORD /d 1 /f +``` + +**To enable virtualization-based protection of Code Integrity policies without UEFI lock** + +``` command +reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v " Unlocked" /t REG_DWORD /d 1 /f +``` ### Validate enabled Device Guard hardware-based security features From bb062c06123ab7b7f4618dbd962de0df8ab2ad90 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Mon, 24 Oct 2016 11:18:39 -0700 Subject: [PATCH 2/2] Folded in more changes from Suhas --- ...rd-enable-virtualization-based-security.md | 13 +++++++++---- .../keep-secure/images/dg-fig1-enableos.png | Bin 22075 -> 17395 bytes 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md index edb6d77be3..fe1db32b1d 100644 --- a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md +++ b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md @@ -31,16 +31,16 @@ For information about enabling Credential Guard, see [Protect derived domain cre In addition to the hardware requirements found in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard), you must confirm that certain operating system features are enabled before you can enable VBS: - With Windows 10, version 1607 or Windows Server 2016:
-Hyper-V Hypervisor, which is enabled automatically (shown in Figure 1). +Hyper-V Hypervisor, which is enabled automatically. No further action is needed. - With an earlier version of Windows 10, or Windows Server 2016 Technical Preview 5 or earlier:
-Hyper-V Hypervisor and Isolated User Mode (not shown). +Hyper-V Hypervisor and Isolated User Mode (shown in Figure 1). > **Note**  You can configure these features by using Group Policy or Deployment Image Servicing and Management, or manually by using Windows PowerShell or the Windows Features dialog box.   ![Turn Windows features on or off](images/dg-fig1-enableos.png) -Figure 1. Enable operating system feature for VBS +**Figure 1. Enable operating system features for VBS, Windows 10, version 1511** After you enable the feature or features, you can enable VBS for Device Guard, as described in the following sections. @@ -107,7 +107,12 @@ There are multiple ways to configure VBS features for Device Guard: ### Use registry keys to enable VBS and Device Guard -Set the following registry keys to enable VBS and Device Guard. This provides exactly same set of configuration options provided by Group Policy. +Set the following registry keys to enable VBS and Device Guard. This provides exactly the same set of configuration options provided by Group Policy. + +> [!WARNING] +> Virtualization-based protection of code integrity (controlled through the registry key **HypervisorEnforcedCodeIntegrity**) may be incompatible with some devices and applications. We strongly recommend testing this configuration in your lab before enabling virtualization-based protection of code integrity on production systems. Failure to do so may result in unexpected failures up to and including data loss or a blue screen error (also called a stop error). + + > **Important**   > - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you simply choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.
In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can still have code integrity policies enabled.
For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
diff --git a/windows/keep-secure/images/dg-fig1-enableos.png b/windows/keep-secure/images/dg-fig1-enableos.png index a114c520de2c54e0b841126bb0763b39eb4d706b..cefb1243444fed724637dece0434f235e6cbafba 100644 GIT binary patch literal 17395 zcmZU)by%BE&^C$`FK)$3ad(H}?(XiI;99hJad#>1PLN=Q;_ecHyOrWn;P89j?_Ae+ zuJgyUd7fl=6Iw~GAu+2U~GvaTu7!1hjwV2=C7*E^_+rFfbUu|GQw*m@r6SU?ijDrNp&-*3OKT zqezGG>tY(61?eJl(-iycxI=oZMko>oHa-g4XGtCvQ@bG}fB%p?B8XI+gfGpM97>7i z_;XobASBsR4MPCAHcA%T0Ou!d14#(hI3w{-tQ=3J!^Lmfi;Kc9Le2A{T-w~t(8a~> zMN{2wzn7k>`;}`%I+-BEP*s(J*9r>Hr^~B-x&1)!6Ul?HzZ+S?lImxZ@6Z@U#T~or zo$Y~022K15f{ufpC3Q_r62`;49)eL}H9JONW z_$lAtZ*2H5lI~)F3+FS=SJi{loIc@(o5Tw);$yh{K&~gOu@SJRF84;Q#D(9rhF-@P zNO!sH2&A&5p3`m01 z=-kl#YS~OLXnJ&BD9w?+MWOXxI6aLLX1XP6R_eM{m$;RyquZ@z@y1fpDlBInLJE|*W9+I=y^G?q2-yhv~z23fh90xVKR zJ1iRl#s^FK9kdvxan(je4};5Ni)j0a#R&Dd`S`sN`%fFHM3e~)Oh_$X4)y_WiTDK#WuGI|{)dga3IF6v^G0^O6C zSQUKm$tabPKC5yq&Kfd>$#*2C?Xo&J!7@^jT7_65Z)f-R5QnWl$nyBZ7S+)XG9LrJ zL?Luaq*xB=QYqL!;S8ACWi*6PFI_D$)Lgbsj&aA_Fbd-{utUbq%gXgatd}~%du>8i zby!1T7&Hq10_tXO=Hf^S;2rg*du?4kHvFFR9HFKEwR2ESp%y|lgj8?N7B$l0P0&bPD>PdyVrKzRgMu<7X zsdliVv8lbV>?FjAu7srMQF*b^9A!KzR%WA_?yvU8PkRlW-y8u_``o^ztL3bLcsP9F zHRO^#inN1v9Gz;jA#%^Y0h4d?V~Ji7Oj@xIa>{~pZ0R=!QMtb^<8<~yUV_IlbFZDq~u^0uwR<@pFZ56 zGG#~*J?+*QLDMv~l^!k*1qe=#S@8AK&{$}r(;T_oZgp6>4N1~MGX{%m*!8PzXVtk; zlA?{2X;*O4;GYz;%>uR%N?Y-9nnHz}I=+v7Kvx&OXi{KW_TN)cYli2-F=zH?WR(27;`5@ zPb}3j__&@#j7svyfBWLxv2wXcy0=q*dn+k{!Sc4wkvLx#h$|2wSTL}D#Qk9^kr*qh za0;s#`M{|qpc!xK3t@+hT7><`ZG+@UC9~aH`6{z;Moex9TO?cdlSVh~y3t-!m8|J!-?eKri?k(-84kw=#e0c>3V#)T45WW-egAN&c6S zO5-ZvqC;8p%FR}5PC$&fzYNp7a{J+S=<#rb1$6$XA2=W4nMFHIjC64@Nn#rKn1+(8 z46y!wzP2QwM9?mAd{Q5DdwdS5?6dz&I^wZ2gRfqP{I@pojGXbQcUn5|ZG?vd-|RHs zgl}DY++z^7H`E=@i+i|2=W?vyBgMs@^OfqMJilwP_4p87DHoLQ6a>DHbbi^IU#!-3 zifJ}(Md=GyES}daXw=vrkjMV}Y-MzcFTfKxT{7O?Qa}dHij|qeITto#uONTyDtN8^8k0oaZ>-nwk4W0r`!LIOV6jjNbTC z28ZP3F`xPwX-ZF&Mo-`i>)@LG^3AGCu;X{ghg@YOc+wecS}OA?hdFdLWr?ks%P7(^ zPbIg(irtY>Ro2V=t5mDB7g%)y3aSvtLL~!aeGJ07eK|WV)$Ub-tt5hUsZ zEv_5;wGyDzjGx_H=FX6jEbD>s2O`-iq9Q8hNnjSwwSnSOzudf+_Eq;!TZ;a>NlSqM zI64<<)zV4GzCw78Ie>s+AzNGW@f!nRKv8P zx4)T>HOG$#OeiFTqnPK4{A}Nz8m7lm_mD?gs!ih@-NwX&x3wtYLlcNHb#BhwH!+W? zUZ+~k^;p!4;X<7GO^sHfOh?+w?kz@UIGt!13I7}`fV|}t!-Q$1s+{>}(k91wYfqB% z@igWZv1h`(WlxNiw+~%s^mtlhBvR5dJ$m(5(zJGUJhP3iGH+iTLtn{eGKy~fPq@4# zOt^V_{NvGCYe~y0H!>Mx$j(|Bj627Q`+`sDXGKSnmSP3XS!v^Cz;{MR{4HLlKA@ob z7UR?}bv#`e%C>+?TV)}9yv1B1(2)c4tru!oo{&XI4()j<^{4Q=yQRCk&(!(KVAA?A z)oYmbnA8tgT|R$Z*H&A`|5iN@3+1`roA%LS{3);;7F7YSducQ6Rv}H%g43(rw!Yj^ zKO~0(EO*%mQe&esUAJy57IlN(1Q3QlB(xy_+w*(8JoDAjLZ0_7ka9QmyZr#)gbGQK z$x)}io4d00QDBSH|FUIwLe+sK?Zk{Q)lWv1w7J~~b3Cegetu5)EZpgG9eTg<7JZ)S z<D^#Oy-Ak7fivKVPo8`8Mc#-dXX%#V;UGlqS&ouXOM{bz^YQsmX2M%Y!ZC zg6-|`5Q(iRn5#G>R1uyi4F>u#Y6Qmc=n&?bCTi?7*r#DJ@9*Nzenr?iVzM0(qY5gr znaUMqdVaV^UUo}Lxn*QenEO2Pm)W=FpoE@#Ujmn+IwKGpjD<2C+^>F*p4B<7_8wAu*mvlr_;GEdtNcuZAnzfOW`%CKjh!IO{&Rm^ZNE zahud^WHJ=H{OmH5abY8>Q%FtflLl9%%AS~hlxM_#iugo~gB9`VYJmiYoY=(|`NPui zhpAXpnKb=lFUxWzluQji6a;Bn#er^g<1~|%k!H>*3=9H(g=GLEX%j2lI%Rz)n-CH| zEPuBcH9UXzBr`#ZAbdAz+EUgJ%ZzDqmzO|MB>wYBM+a{Nw56RU0s*OIfrhaGArKZn znEF^OnB?9h6FXix66!wglRsCt$Vn*Ahu^N4!5VNMDH^^>+2?9WK^TYG9}*(zmbi<- zXVDs+uTpK(A}c^v73)tS6|CuqohK-DOx-7bR!P~nO)n%r!3?y{O><2ddB;{)^>b9xprc$JrtH@>PW`>b?+8BP{+)Cq;us0lzAmH0~9kW;gbbAy8rwtcyq-o*lIi`DlM zr_T7xdIveI3jYI6$gHm_IM{$B|eCNN-1z(r?Bd41==h`bJwpVQ&# zDaWXTn>&s)0xs6ZO7M4bApH3-7b2?z`V{i*7t#Yv>ZY++W(W6DY9t)k#WhYw^nD%W;U+qqr7Bv0iF3r)F&_YuL0wy=1U z@}t69_!utHx52l&EhT;Qn<3_`jjb*jTxG!0@3T(`C+c&p?1@MrM}*H<;GSD3LZD1H zNlS=O`aBaJQ6RZB@F~eWf+MRHrkzsrORTzf6<9DG6CEQ7PF=B{7cRw*nQagLlWl9& z1bhG=!JhAdBPdpp^Kq@t0V%QyG13TuzgWyoU_c^PmlB3+I z#mkUm*ACPM{V(k6^f@V{EjmhA6?T|LkvnLyt9Zoxb@Z~Dc{*+A^ghJs;++J7B`C)H zztk-8xBRTub8~!cmv{R0oC(@dLg0H8h@7m=z6Kn9q#oZ-o{(^h;Skq%O-e}m=rfI- z+&FANl3qyal0AkawJG*h^y~vF!bj+rB5q{*K|BY7Qnl@GVr~%_F_8h8Oj{awW)SUK zIHPX3T;=jq4Sqw8(V#U1$|O&Wil-C#E)29dQjYL>_P{XWdfqI%q3YW{;Q=ip*m$h6 z%2ayO!a9ePRv29%Y~aHs1#)r8FIe~`CaPL&Hmz`4*}N4VLKg0Ubi-zZOzKYFInE~N zj$9R83!`E^@_qcS7?o4U5}XrKWH>SDkKZDk6V1$RYA0)Ec!l)b1FaT7yWLxPVbaSi z_>A6}wn8{&DoLh}vPEd-hN9zU3&rv;CYqfJ2`2yCObexQv-l6#mVU~lP5rm-sJe>5RV%3Nf6=R1uAWxGBDlr_BD)=A9r&%8s^=~m4S>DXYiNomteAP zb`zg0G9Jvs5AD!Yj~=QXo4F~6t%-?Am;0rQTI+UrGUn!ZeJ7P*MNIg}pX-8$oRq&{ zKO`9;KP?HAON>OLOZ5HPc3t97oJ4U+L1>uiQ+7Geg|U^@Mq8JFwH>%yu_{(v)ml7F zC>sS{b$f44#`9**Z<+K)AQ%NLl8~+uat)(j6asITAb<8ipfE(FrKxEV@b$rDQ2xJN zl;3FK6+dSY+ZevqJ}qpTe$+4WbuQzd2HTG_BZ^wdCwvQ00JEEO+yw9E^1 zM;k)$WBhI+_fdfBULn0DS!XUE^JllH?bJl~{rp5$v->o*&dm_wUVm6zcsM6*SJ-s} z1tw6eO7W{60j-~MNgo~x=c$Ak(K%0wjuvVLhb(O_YjqR-m!5G-PaC3J$>Z?v8dEEt z{jk#?7lXaJu`dP*P5d7xt~%OvOpV_bvuM7ow>pvwWZ9w#P{UqHVo%LU?CazE0vx}a zU!gTMF8wu}RRnzMUtCBs=wKbO^;il|HXuTws~*R`Ak5^zbsi8->tA0d-K0fSCH|zu zk6297-zb^Pp)t(1iHwLF|10d2FjES=teH2{g>&}B{wb=EgeX2p(>wO|_I6x1M^wZ$ z=yf6T)Y+Le-{>sMC2^jNPifA31V0`xH>=?KkCdKB-7akfVy zs#@M%5p}l`)nwA~Q0@K2evr=#)27Mu+C6LD%Ydxu!;_+D(48$j73l?B$nOFx9G`FiS}PCw?;4sH_C=u}BXT^{1t0!|kp_pjG0eA91#HLjOx4V?x! zeCGPh`Z@kvzxO5k^kw^pIQ^jyz8T zC(+U&VhSM5R{SyCH57A)`)aKDLoDqqN{$6f#_ufpyk&8f+zWLKU~3v_E(s?V`-pVB zv6xOd1)O-k-#{a$cJ}}V3#*12?TW?z$D)5af^BDUMbb{yH_&k%X&_uJS%Gx;(vERp zC+fA)WtC?fdjF3QoVtp-W;x7$u0(XyBX^G3z*oiB-HN4y$5kdeetbpPx!`J0># z`YKtTzKw0Ksw1`(5W9!7+|w0A+ZF z7gB3x3D+PJARFM>0b)Pw(DFTG8Y}+eFnSnQW$SY0C(BPC%Q?XOeB zLC}~vg_4i2fi+n<#Hi{$aa9e*By(|e-a{l?73j97Mb^g&UwOXovJ;~bwK)Wo{&bWJ z)ACUhHc~>Dw@^XMUqxGRIvQt>C`tX8l--vZ@w(mrXSKPY3E7rOf@(Q?c2I3~c8-2% zEv;i$7@splO*3q!HNE5)S;}iD0r!=J!lrhBdSDJz1j0L4-4a?g!J9c`t1MD7`8lE! zkN5#p=dl{BG^nMxM>b+r%L23p9Rcpk7~X-kf;nu)zWvEkoFAigY{j=?MjU7Ax7BTY z=0go*S1qol0EhmN-xzl=hfaz{AEu`&76$xV_GK>=S0xPL^}$c5f0TPT8fBa5fg1kJ zBAz!zK{7%*vU^FY1joGJ{EIzXu7`6NSaODITM({T5|bB^+fp!63(@inrHz0;Z<82e zrPTfz#rxmG-$>$yZruK?5N#`jA6f^-a%XDF9x_OPxlt($niPcM)C$t>H9;kuR3J^J zhJO4oUqd22cg(vg(sNuh zQQElr#hXglL|s4iAj$D(wIOImQ77fHQ&S7X*j|g9U?-cXiUcN^bcRFvh!YdtQ{~d| zzapwgNwBKh%YWV96Pg`M(u-E#$Hw3pp$?I#1vV$g-u0#0l16I1%_GhX+#ZS@W7mq^ zntaUXX3uny%;WZvbZDDd%Hd7M5rCWjXxvh+boZTwXP-CsFAC;D1a3r-e3_djfkqLt zYZkQtCFrZ(w?zl5_OwiO4ci6WCDGQtnNEp3hM2g#?=QRO%pdbzhUmH^`%C@m%pQ12 zE$5Jj&0>YN*WOf_okiZjA?_>xqyjQs<|X+rlUL$2C_%px(CXNZJMh7CCAe^j3w*N( zrSJmesi};|jG81q4nm`$)pgm01-uD?$x^6t?z1}7yq9w0xo#&G{mSgyTf1JLF}Amo zGN_Fck&^a^=Hlh5RI&7SH2R~ztDB&XH?a(I$!cir;eC)ds5B(R1vWYHZ_=%MU82JE z4xj8&1&ptf?o*`Ep?{=Z--=xL$%dc)cC=pC^d|$QO}MGFzt&+b@{E1~XkLx`);*o+ z*6;a&4d14pBhzJo+Q_u*Q|N#8GVWz%W-)@U#hn)O7AFbmDz5Dz&-|CaCaKHY~fKbL?ysGsX`;)(r{D}pm2 zPZ4>Ywl&;2@iyY86N-U|Yk$xl#C_Up=5hqT>)5mR!4&CH71^L(0`J3d#H{p467Q=L zRq+?Ie)I^J0kqrq$lZuOocWpLJ=u{wmY7GzZ{86reT~!*GztYFyaZhq$E+;1D;s;O z3{VmWNaQZVlHN#!IN*I?7^d+3rIaf{H18B(%$pm2FOkiRW4`i3>Ki)X2nF|pC4{(X zp^2OCcb!cpupfQkZ%*YewA!tplogD8w-ZX<+7+F*(aXFctN_YcFyj*niWmjCU#c`e zh_BB`34S>gQIuETb?CyC+8HQweI8GCyJXwtda=UyLhsKf6n*AU z)&E!@FM`CY$+it{5X8-Y;1Zy6Y~|jZjsgBAYn#-egHV;lY1i?v<0G|bNreK5&K|7U zx4A##oXz}oBvs;FNsn)G{QlRWzyYn>gwn=AcDU?x_tp~bxz3nQjs5oXpES8HTrvKr zO-B(SkAK;>okQR3i_Wsmx`xUbO^%yGHU))vp^078v<-)AlRx$q0}=lTZtV#L3KdJH z8t{OH{!L7P4b1hUfhxlKhBj1%QJJ5 zI!94b%O@1RVE;;Z&wqkh%QJg(j@I@r5y7NF|DgL(bUDe#=a)9ZB3Wpi^efRatiFIWG?aB>vV8D-hgyR@I3hLamg*pQP5F!2%kB%l3&a!A>iV zKMj*;NLdYs-~9RAy|!Oi0d3O&KAJE~_J|L(q@gIopJ*Lg*I1VZ!yshq

w%pY#`% z+FgIyEc^Hc1(Q67O6KH@tC~VSVz4;hedpd@8#g&szd!hC78Ke1Uq5J_tH=8u)auq2 z6l|Md(oGT-_c@W)=-X;F(scG@v90uZvmQg>^hwp^&@VHP{>Zp{mYC;bVO; z3zNeIT4{4_e>x*De@{}e+c@v!2R#$;(S{^+btn@w{HI8ihE64)8)6#p@9*aoug5FX z>cxy>r1(qCRjP^89DrQ=wEx9*_buT1y4P6WHztsP5H}EK0wjxbk)(CKig+u$ztbD^ z#B6O?XB7HJf)#1=He7-vuQl9HSDE<`H6Yg_mI4y&P!@R_0${3tec!vyp_CX<>5VxVl*2^4PwF^2v0x-)TiI2Zj?@_Zk(-VRP-;zt=yeriP|LyBRTxZ$59o@`Nz+ zl3H{K$bC-GJmuL2c?Y8fy&QJT#9bsbls_9`4WC^3utG!RG3zkM;TpoHs81E5$&ekd%*2PFLV&zaRo@A+n4HDAbGrJ?qUdK%}` zfJF|UVrEW`C5R)UpBM4nCT1XxPZPXD4^45pj~p_H|6`~BeGjoY?%l{7h!}F;FUKCQ zr%8qUPC87xo-e@QA&^gC&MV|zqzdAx*AnDq;dimVckTsR@i%|H)e1GK z4cvY84!n9rb9@tgS(AB{4H6Bo=@11$Wrkq5@I;dr&1|%9^!loZ)|{b3l!ICOI}=S5 zxN=pW<3|Qqorbdk4RK^Js3b#MK>F$IA8PzE2Gh*PkyRKv7*Xi-7$i3mTXJBH)W2mk zJ7<-U3Ww^r;92{?uRF{-bc2jORyLlUt9MTOD|~^MZL6WqB6q(X$=9Fn39swd+gmw4 zfd;c#kK;cC4Xa`KMt~y#Qa$z_3XL=x|K85>rejD(@rO@?My%h$bNxs3LTJM%B1w}& zM;Xc+rN1b%a@aTv5IKd`HMy@rk_Y0&Gd@VcJny?swxjf2;hLLN718rsM+^2SZo z?KSCsniZa_;Gt^m!Hg@TSxi_qCfD{30N;%HFMQ47pUTJc<9v<}DyZZH{0lQyuy0mo zb+@J&&To%xf>*(ni!~ATB=bGnptu2e)ZV3-ihlbO+1u;-ygChhzeNiAck}1%q|#Z@ z4p-JF=;`TrqCgUW!T?A$$#p+03Tw1ioM#ahncw%HqT4x|8|E!x``u%Wa#}PQ$W&xx zKN?N9&_<*0rhAQsavv^0y(aQJY#a1=O1D}0dN~dzf4k8Qdi~30^3{*Kd&@J&QNrCH zY+r2ob%*z^JQEJ!G3DvvZ>HMH>2t4sSr$>27be1!`-Q!a=?k%bxF1UQI zBPqM?DPfsPOU?C3o=>M9QE5_z+mDnYAwowJ`3K#7EH4PUdMfA*xVeOaz176bW*}yT z=!ozD_8G*`5Z+IA|1}?5ej%ztoH$MYP6Bh{Y^yVRlj0Wb!hZ;!oVziw`fDG?u(m#| z8pj*hW`H3U#RMI}*N!v1oZEW71(To`IZ;ihLfm9Cv9GP|?$;O=+nUq)H(P*o-Xz_P z2swJ4aAp6>daB2e{#nS@4_Ys#tDrs8r>-FnKIfz!&26(n) zhF2tR@-(4ugf25~xR@wSfQU&v4b|5MxY@1yirj{ekMX?*dIA3W<@jQHx{1*r%uj6; zC!*NfGD+v<{V2yl8jDOmFV_7xb#*tO;Wg{67*xb;azP)nHqSUwP9QQ>B)b2@-{dik z%)MKrzD8Pbz&hSPN8RLCCsPV(GfD*z>^PV&Rwj?J-0ndS2M7$B58X|0>7aLQ*?pIA z1$D0ej@v*7IfB@LuA?B9BD|Mvvt_-T*YZ-3)d`+Or<(Fl;gY$8rE~e43nqn=pT|c1 zYpj@_eoP$%7E9$!8!Ff*RPOu{KD0J6VwvLDH}v40PZ*K!(8Muf)o-08z|b;?|Jo0b z9!&|pX%I8)dIo4yx2&=~U&^8sjha7uf134qH=WSewI@P^WRYA}>BH@(LbVb89XYP^a_v6L8XjtDu!C_z~*t?1%Y&`M7uLD^oX`|UHh zKlcjLOZI5HcrR(3l9GHkc@z8Wac#y5%ZdzdX>J4D0vq|K91BOxxMZ2Ub#^sA75hUv zU-MfnwNo+|dK#6sJPAZUBY4q%$V7hN zxvTb`T(d{R&vKWYYqReuMU`_qIIF3#{A-el9_m94OJ6F;`QxUx3ZGAuPj1J`#J;jZ z<&XI3>PQ9~#+M83LNe}+M`1XOAD;Jp}b^*08Da`e+Llf^H9)p5x{^!an52@DTe`yKFdbvSImKuS{2X} zeo#|6Tl7sFva$l4m3gqMs$u{r5!Rhnot-~*HZn{qqU&obmurU;Km*o>`dQ^5U~lL1 zV%@cum_dj30gQ|;aJ65c7IkW4@T|UuFXB01_OQnnq zsFXehv&yrDg5FS16F}kJ0I@wa!{ieil&dR4&1G#W8Ip-y!1J1%M@g0*Mon;eOlf~? z|J>1=xKezpFda|Ifd)=)D;;gyn0>XDk<+f%SZaxwA!bYCrD8&>-Tc!?kV)$;AR^Od z8=~QDT!y0DoR#_+ZcQ(tI%|>&k2#cbsgqRa0LZWz z3C4BaL2H>{0}Ms~SE4;rfd{FQr?sJO7O>ch(&hLj^`85Vth@G4tomIP?@3{W|3J$z z;bgh%_O<|auAzN#c6RAPMeQ^%&24I7Ez(*K7KjK?x$16N3))ag>nB?gXZ%u)(z`%d z5i?1kKYxagZ<8+O{9hn;!t#3uh4E)VcO_V-f+?QV5upcD!x@s_$>fR3w#Q5B2-w%J z?8z?TlqTe5Ujvn0T(NWExFLjBJ{kB$)B?!c-s=sFRcOQ383hVZZ}D5sQ2_92-sayV zA$}ms6IQ30ci2IIGhSVXm@^>RmSb{9vg?6dTX7OQFzVU_J?EO<@$ADHFtjAm3ce)- zq_P&9TP;r+V7aD;aG{sL)H31abit|?Hzj3A5Yx@)^qB?x1FRQWYe01#0X&bE#`GKMz7Yptce-w6CV>?(`4 zhUiCITV<&jdXY#_r^uA=a2y|c-hyg77tTrj$eG5bR#NhV_;0cT7vJcdf;c2m7UiH! z6Enl~&Z={x^-CQjLfo+IB^|OD=5e%bVQTEO2fJ3-CJqbxp5#E_WdQOD+L~7|C=l*$ zjri8H8$wJU7^yawHv7JX7g{V#8sS>rXq zYZL|YY@Zt1W)IcodCKO4E5-7SE}o_y=(r-W3}9PYjT0!$*z6#&ydTaG0PO#hP@`H3 z0jDhp0w=jYt&K_T^KF&!{F(-JSmSJnSF!1x`|d(OVDCS3*Ks6#b;e*2CxG+~y|7UH2;?NJ9aCK`{B*(ve}{##G&-oC56QZLO8H`7)wKdgVj2CXqPXCri2l z`h>=J(U+Y)K+h&HR)-vD$V}RD&H=D$148|7PZnug(%>MS-w=K25h<>hcp@EL;GFT1 zdRg!=*6wmZ)t_m^+=QIgbTE2h-ktd7f9L>+sTUX;0%EBG%cGpmb}7Vp1w!yb7ny#> z>D(W9&hwh+2D*Flv6!dvce>s{%SzxQOW)vrC0V9@MCii9^?R967TqOm0mzXIF1%bM zY?L1c+Ck)?Ea@&Lq|mQVz%qDQ=;uLmfZMPXy;*@Uzq}p!-DNx98hsh-tjsi|5TNYY z)*2Si-&uMD?!Y*+YZg^*V3L$MG$liAzhfgj%LzM63^|SCjjsVy{Ab_g6V{LaIZX)f z3heQJtj3eCNn`=)t`nuWF1J)4typ#LvVxMhv+H3R>(JaKXza&lFZ98a&scgi$ZDRS zuS-|4(aoqUEW=act+2C6XydnucK^9u_ti~s*cNQ0EaY+#8U@e4(8T8(d%J;GbT^*{tM5UFCsM%yHwdjlgSYY(|!PJot9UQa z`w7^Ve&{AmH`NsPBtTw6RLN0~Sr@dk;UQ3t$Pk3OX?H1PE9w-nm>f*7gfBfuJW#LqH*OpsmF#A9RX&OrBwxldtJ6^u38DNg#z8s&t9#Q39L6mLb5khTYG; zMC=yyCnbfx(bkD5oK69$$>|mv9}ZlpL&_TW{d57vbO}YbRqMCp(i!GFi(fo55$bR< zD23?n0j2yu(7*#4C`{V6>%Q87pNM2hYATvqJ1R+h5l%BeCRAKnvGFE114!r%r=sbPB|LV?Vc+f@J(?toUdA2P|5bksK=&^qN z9PWoIuB|OVZ*{e+m5gEs#$T+xA@YD?}#jnkgsRU$I z8Zxrad%g=({b)lZfa(m9F|@C9CM8^!u-T|D>zBWm{IM_)#v77z&09UIY{n{0A;RzJ z4Op}AT>dbjvU72u?hwP}3Etl+JUt=m5NA#2blc0})SRp3(qO$qV0CaGXC7})Y%CFA zZAae7@%f~UXXf}Y$-U;XUz9~ygoPRQoGT3XtUt zYXN|%X;BC$ukgHjyeSt{&pImxQJJ~(^8DtXa)th02S1rZDv0-Wu>H5YZazx6vqzXnKllM2_r ze-Bx7Lj1+BbFRj%76U+ia&I8XUAFh_;HC^>$2SAQZ3*b85*8I`efu;2hUi`roxPQA%M>A`Tpc?7R6XD&%cDPa`c>JT6ZdM zekt#DM2Yw3)t}j=+0pL9I*qrQxRfNe``77>$3dN>MOS~5f7cPJ#0zu>-*%TkBNE&N;$1X-_~?l4KA;_1I6<@iT9L~(LA!KUR4T}c5tT&0Idx7$ zk3i3C8HR>}BT00L>uvh&{m^!!!`->JAokSbAb0aIkIS~_WirbYsg@}dkd+DWo|DK0 zcx!xUX2ESf_cDljZ+@78tSvxL1vJ<9277{cMvff2%U}k=Z zL1AFj_+Vh{I6QN5yXrRC<6*crC!O_CR2D(iJ(+(yB$k(yNfMqmfnjLzM!NfSQ(skt{G^ zr9r$H2=aMs6891UkGw@Z;&S}1I5;Dt6RJ#fS2n58T zc7L>>6zwyBE)G^jG#JV7N&bnXATFnCvYnV|GF*T2^|UQ#OV96SZ}$i~OZAjuf7c8q zv9mMDvn>*n{O;wo*5dEXXi9OA@8R^f7%<=YDdikNm7#b!5C$euz!M$@rsBQ)|3C1+ zoFKx$j4q;YhQPtJeEJVc3+ON~h41}f{_k#TeD4Da|E|CP@UgJ4_@+9&HS-#i;jCiX z@$K&z6pf1yG4h8H=sq?fE(y+4y>0FZy5#06WKtzbcMe+06;LJ57ECeh5iehW5-S*+dzzXvX+6p*=$K~5PfDi%Vze6&2|jTVOIC%S7@P8Yjt5uX?52FO*Bo~ur-=n@m6{K ze)J(!9Cw0&kvP9zU!LdEs7#$ipW?{lC!r6jLC2x>{?%PK;Yn;Y zpL*EcpW|5SZRMdWg#+>Z{@Qa9W+8#<_dkWx^7@@vRG@oz;Smy>)FNSVh(q$ekS4lT zCBE)qFJ&L;%`h+be_VlE&EAk^%-6pQabA*8ov>+jOPm1gRsxUN3J~Q&tu_%u22#Wi zy4Sne!vayMma}oD1d;ofS>xw=k?V6yQv-n}kHNoVziWj<2d}mV?5jzHmlwrlnLV#n z@GA_L`2vmnfpI!~+q}r3#IEWI3`)RSi=S?^hn~Oj2@khY|KidI7&S%E6QRl;q@LIa zZdHLO1D4{WXQdYmW-4=D-Nc{<8Grx&-PqV@^xhEVeVyeCV!!KOO9>ccGJU(4eJ@(p zEN8nog9><^q;|9#)Pe=3F@SarfmJe%hFG|+?#sRyI8HLvISZ;|7-ZZW1YMfzWYTG_ zTfYAudDKjM1kx z5<^r&KEfxjb4GFjPWR)vm*;!SED0H8m_nYAPT2pygZ$@5!JXpo9u=bpRq&0W(j6Hp z@C4^u59SznR(8JTvh7thC9c3K4^|0>@zCoRyvIEo%6|Kz%J{mC#!D`e4RPCcA@VZoTK zEG_9dKS4iW618Nh-0M_DA{2>msLYz*10(!e2WTqK*VqxJsr)p|bgcX&Hh=%AmmL6q zQIguSv%Gjq-_z-Op1l@(8k;sQ9~lQaUe;2kP%vl5KNZ5qRS~sk!%^-%6UpkFV$478 zzD>GZE_}8Wxl2XO9^JprW*B_HWkk~Dh}SI=kJe1@A)MR%n=9Re4>WKee0)+$2s1~S z{&CJ2pkWkmXZyWhMZIkIj=_z{2lK)Fqa;d@s;9dJ<52Dog`b+HFGnUvi<2%-*3wY1 zb%ZW}%(*Fj^>oYOgX) z|79^Kkv@rXDb&>Ax?}_0+M|D1yUitz!zh6H@ibQatzDz)hY>1*u!dj`(Dj4|1ax}g z6WT#zbx6`o3ZpPK+~0)XLw!$6+KUK7a15kciyxaB>`p&1?5+Mtb{r@fM*PG5;Z6V9 z2>+NAWlBysX+Pd>SbTdF{vseeOLu)Sfdk`;0uNor=!?E#lXsa)@ApT_bCPG;;k}&` z;$)MW_O{?h?vbd@!4VQOx~w7#mHep*B^PIWZuN)~hVS2n(gUHWKVs>TPxYw_?1>9N!!cwDGCxYe-Jv)Kj=>s(32$j!t46 z=Mv@Xi=9JO=3$)i#T1L=wC#rQm1ZcN@nI@(-cO`jMU@f$%Ra&H&h`IELBZ4~yzJ}^ z@A>GKy3PmNc&B1G*4+Ny`3} zLo4d7#jXr%=jZu+Iy(EAXzzhiy)C@s0;D!w2!L78gN{W0ASnh)jeHgkWCrf}yeyoL z-duxP;sRA_ft2x`>N~rC1jCJwn?1*%#S0B{+sj(0)Rlx6t-oeVK#Yi*s>0r{-0bf8^! zEDNm9TC%b^BwOK;fRO9P1Q}sSgey6WnR*>~(9bqo3tE&u`p^cWM)Q9~8^aHB@Q5%c zOHC&P#Y!}sDrtAna2GN3=1p+ClTCR72IZjtm_Jc$tJxl9f#Qe zUP?d^ug}{vZx{vIdM#%WD>H=90QvrqdPWXiV^?g!kA2&j7fNsvA+I+L?h6t zHCOY%2a|m(R6!El$>RY@J*!7u`(x$g%^2_X_Q9SZngm>ZG{{vY6g|?F* zB-O`NoOevCwIK#B5N@)-1_cgm%QY-Wa; zi1w+$GgvuGA+MA&xRV8kyw9zeQj8d%HTHu{u2lEF7*Vp~l*>WEwu}5la`PW^Ts0#% zuLw?Zn^9HK0nE?mn+sorJ#Z;j&}oNb3#3i6Pj_}CI+Tdc@9yrNo;q`(71og8?xxoL zN<*c>8;fpg;Y7WW_x+kWZ|rj$W$2g*&-20L4RK2K5I74f+fnt+g0Bw<&IVULt{orS z`<{@Kk&Rx1-z#E*M`F`hICSj=c)gfvxt$nn{e%m4{-KC3->`YXpMkEO%WhKvkzUnh z+WWLWGplV^H%eCvJ)pG@)o_kQv^IW&s@Tu-3@r%TZ?c{bnmOC;5s%*$oJ*7m3I*uVZ?Yv&oJo3HdgmsA&lLW40eTgYRSS#D$Q8ibilE&JY$8yrxh=HBM#+wTR@ z&*qx~Ce;3dF6}$KeI+}K=MbS_*7;O6!R7*Gx#%RZH-X8Fe8)-y35-~g7u6&h%;;L} z0B?ye5=A(-^EfI+w{_o-fs!?|SXX`AT0+_SY_ExT;jHi9f(FCk5n>O88h` zJ&%2CP(cJHtANT~Pq9vt{Ifa17_%SdC%$O>!IsRd1gIs-6n;sIPrKIN7zZljdND4< zLMz@CTLIMjwjtENbiXU>H2{S1=OSaBj0tEUF>52*)Yj9he+xu|uo&9Jc%H3R^G@k_ z3%~yt%%b-AkwHHR(lGq3ZH$d_mfBqq4yv37*@|u z|Aen?fL2*V-?$*yrxuT_LaVvwupC*=MB}H@=0wnJ?#QbZ<&$KH(}2a0jr2sx$(y{_ z@>vx>cX{Lm-G4$-8gu***gAO*fcw#T1$&S7^~<_t6;ocj#%W|t(lhJJmoeTpT0E3z z7pKWV$)&mnlXa&F1cLREw0CL`QfG)O05301+*0(#N23Wxg>`xTv}+?~CJt?enTa*; z<}!yjE1IA`T(6{^O-c=l(#)evG(nLC|LT}Dj{6k zVe4#0O7~_57qGG0lT2s~-VyUtfSyFHNLVQ?A@-?;z0yu75)siqRAZbdX3?$#aJK;1gdtlH>7;Jaxu z_~20pAcp(T;9$607U$ae`T6awr@*QDI0*Jzxv!_7r+bDbs&9CI_b;smZtv!K+ngaN z)NNCNetv!qSyoo|>K`ze+u6MJcFac%On1x}@eQ6~Gx*Q% zp>rr$$`_u=Ce-GA?49Nv#BE~WV>&(bYNokr z+|C#u&~`wCqu91fctmbykc9PAznO|&JM`MT5oum`7H7q1okFY>|+itgRd1LEy zy@B3F9ypXwZYGVzP+cX1wnUyzM8|9ouF@Rb z9%gslZQ8YYJ!#&^0=9A?TzwLBE0)`-hj9sBsT)RB;ZX76PII>&wSPm8nh@;f|CNbf zX1g9k^Pq(O;A69E%NU(1&28JmbnONJFf|6S8vwxUz-|D5-2ecv8vp=y0~noee|k*y z6(0D{>4Mz=Hg>yDkr=xrIdJR-pzZc=ip1D0$$?`x0ByH_QY6N1Ne&#l0cgAZJqA~2 zS@!h&efh)t^QZL>>W$5!UK)WIyKUKYKAP<8O8X%ySwLW4DvV49Xo^F0JPmc zjlrAeS@!&m@x$?}ch&M{@!hNAdhOuE*saIV^w`ueUcE7frAMVlD!%S=;*lcXuHXGY+*dz^4W7|e!HE3+7Nn_h)W1}(uC+&0Z`@8qPA5Qkn zo|!evYi7;tgexmbA;IIp0{{Rd8R?Iz003AP=w|~94*GlU)UyF<0CQB85(89@6C8pn zkQSl}q5wcmEW)!f6sQgdl-6+s0FZm$e_#Xl#byA2#-z+gQFXUZr@!732?m@umsBBB z5`3==w_slcwjPXqmX+`CB?@}3Lb#g)eA2X!`x7iH2(M0|(6&hIY=^|<^c}u$$^^-$ zk^D#`9h6EnCv6n=QZ zKf6bU6x-e0IEYdEhPOBnk=^F73rLW(rY?4XIj%g4v;NZs0c*1n&x;$CnLdTBNZ96% z24U`~MwYZfP;qV-Lj#TM+EpVuYWd;!JS$6gplx%1=PMWFCTc+3M-`m3OfpHof}Le3 zclD7+QF61(B~l{U&dFCU30MRNolAk+riF!?5)!Kq`IoWVhtFG4+*<@Kf(4h-Q9W)v zx-f(kza~6ju{OyUL&f9JY>!vXnP6&Q8C|{Hf`+?bmTrz09zGzoTp%rWQ44yl|7mOp zHf}DwAM$kx4eFod$Fa3laRWC1mtI@sMc6_*qUrQ8H4Q?Wb}mNX!b79OzU(KKF(Lwv z`2`FcJX4)CHjhxu9x;fTs;#)|GkrPHeGa0jT+Q%h@Rv>hrkhwg{L5J${LlANhyC-U z&LzTTRbZ}BPK(i+ib~6!;s#Z&yRu5lQ1H`(up5LEYChu?@?u=&!$o{RH_m2pV{z%K z{!oejQIP+X`iOqnCH< z6H#6r2*GLm-_x!Xlg#?;Bzi3)DI4*qz^wzliS^OFb3qnJ5?K6R@!6%UO(|_N1iQSY zmvJ&D_EFjV}wD5Lu zLJZTvoVt!MHpw#yLgtuH>RL~#xx0ct{aTQIX2PBw>T0_rT^4@29 zZ=pBLeRz!$ITdv@!yfB)_<`vIC- z%m=fQ#IW}ghxq^|MLKQ=ZdZH{~R`t`qU5mM%NDl^mYS z>+x|@FMJgE^40kB*DBWyZ*Iuq3BmQnMbey*K=RFB#n$0yb^O&BXH8a$IYNx2m8(Wu z=S0xMWLiuwrO1oE)sL+`r|jsK!w0U0AqaHFuP{-_`9eUC3~TCx3^7FU-Ftk|R~O*j z1?%%LFskIbVW=xC=!H8Eb!e-E{%$1aY5AZjd%JpRwO)GnIYsMrh5ETPuARStxwi7e z?zh$_0=PI>pN9cl+7Pxg`x)#YjPLeHxQHkAbvOqEQ(ESz7oG{<@&qF%9hAKdPi=Ww zZBRBG>Nob!%`^}Jd965w=SsZjwQ^kjby)g%Sd?DVjDHg+I*s zm-R{Sl5OVRL<@fdo&y_F+lCE14o>%f?CRqK99}u}vBA$SYa*665bl{t;pswqWHAHD zfh`mTU$!&COF@0_v#{-wfamHOXWiVD#LqDBTjWB*!!r^D3#~!yAZwwoT76wN^i@Ij zD9Uq4jNI@#UdnhtzF_P#r94nT^&0<p${i zza}fo4rbr4Em;qeI?6QVrDx8hz+p-&WEk#gB5-}viZz(K_o-@CsO6rK_W-RDE3qQ; zZT{j)E+;+njW2ZTu{{Z%r;m}VG-SrIx>Y;8{I7ma?&A1MyyU@R8JJ z{>$UB2I|o{lPfxELF1E`1m>G;tTs3WR3yUWThM&GNg4J^sqccxt3otT!qJWS+0GV& z9J+k@Qx7usVF*{KSzpWDqgfYG)2`Y{kM{wOK6Y6Bd(m)31tBjF4-?Es>9xRuz$sFB z1O8eml^0E>A8eR7jbp#KHi>^ArA-1|`R`EyRfYU3KdTN^4n;zV2?$jNm^VNn}J`+Vx{b>q!&4JZlcQl<#UmD$Xn4>u2-BWQEK%+K+?3YmB=A^4!u^KjlJ6*_U@ zdI0ccq%jQ3fit{yd;p3KlK+yKPQgw(su}-(99{@ z!SzuwhLipXUqcnXTKQN>8hU(j+DFJ|&U~bqS7nLJK(}tD4aXbzJ^a*NI2tB$G{|m8 zB=ViZey9OarbIDxJi7{hJn!hE?2%u2ec$D5?BO7ne&OkM8WGyl3eJ$s<8QTQm1vP> zWub-gghw+Dj9_vHC3u>MiE04WfP$8n={U?2Fg0NkctxYq`y-Uvo-kv3@`hmRb|}ua z8RT}ueVz|mE~1AXJZ~UBqyu|;NR2xjllOFuakz-$XA7Mtu{)r zJ9t}w!rp{iBr|>piVK-k_wkp?cP1sOt?8!x1;V9lkDd(v%e2gxAXsb;!n>~QSpzq|BQuuPjnHeo8aZmsh{+bNnS z)#B%EsWmSfp*y8r^8F#zH--%q90jJq1l8kq*+R|Q@nn9vk#fwm;gl*EgZ&G_zyo$Q zGb1{ZCt6xP0!p3;HlNw6e8*~VwP%zlvj~I`PLuseMx00Y_?6QP(1-Nm46&5hsY#d0cuql z%s2wg;$caS0QnU)pZ$wMh0h}Wl0*XpoEXvGdG*wc8L~nxF41E^z0-NQu4LB(H;)~2 zMe52tnIGNc(!WRx2I1t5tj~z3Hj&2|5buC~mqtoN6tSqdmX8i=Gi49%CIMe-?Y2pr z4=hXx?bOq>!U$d$Pf?t-$1F ze!S{n=@Z*~XT!sVFgx{Rk0}heuaj!IgJ4~tzEF{R9v~N;+xKN z6jVTo{PtBq=wY)d=A}m%2w5rS>>^cIAmgaa-wi=+ zQ>johw<#WaOE%Pvdf2Y2W3t$ z??aLuFTW2WC*;(ZtsZUX@_Q`I=DZ$p1uFG@LwrJ&E~f*|v@Saz17QwP;opP^f9KAT zAmYBrK5rEr%fd0QPjvjcOYnPk>bTQ<`Z4hg#ag(5;Ji(i+&-$aNOVukZWv_mV*J$Kc;9`7Q4LKs59WxHyPen1)b z!JeZ_*A}mQuJHYFrB|_ceq{}@u0J@J8P1>sEBewYbTIlo#WM8~=3y5XK`)wna1@`# zp@Jh^|wJ-%x|eL)gYie9}&Up*sRMsN2mi)6}yY)~lE_ za?8b(a>GWkpyfIxcqW9T5tI+^t8JSHUUj2(l+K-t~2+qZCC*jqJ*Q|u#z*9YaJv{}l ztPz8TeBG-}s)J{W3jNfE&1Ml_k$1}^PFV;>s}uqomN|kn6Bqn&e*pD@H502038qHf zZ^%OP`3g`CZA8w$4;(5;aNDcdv${^ zY5oz;h}BhiVS)u##LZX%``gMt*aJ9-8%SPz)AW!`OXj3SUNa3VxYN>%0_+vEa+8+AKYQ%8F<*gTiF~S50|1jyMU~JRj z0B%>WSV_xZ$>-_uds6>wS&w$ZJ6Vq?_Zcp*RALiLghoaiu=j~ zJ2M!6oC6VG?U_Zw0V&#U-K1u(^v5juVO; z5#^&NZ%q&&_YggeqHoYoi$p|dKJ`*}WX@R4nmrPJ1PTfG0@CGuzaAFiZW=Ljh2}(v zn0B10fYtqx6tu9UB|tOgU4~%W5{-G3z>{X3Bb1FqJKn7V)m(-!IS<&=ryf+($9`k1?MLiD+6}2OEY0=rH`bNuaQxL4*Vw1`<`>S?A6b z54}D_+eS!!mnfzLh7x6@!@piqaE67l3{Eo2R7mD0pl)-c7mL3 zOQ&dJ0E#^?{hdRP9NMfPqp+<{_ptrI{B8X=7bK|4-mn}>>=X8Ou#}zRxTm(Oaq!jl z!CU_mQMZ)3_{H#_fsL$kK~CORj1aJ}RZlCn+@vGcO$Q{fFC=}}6;uk)lXZd}hwzG+ zdS+VlyP;HpA=}c6+J1UST&RKScFIvs^sg4Rql6$@@Lg$8LMNrGg!LA^j(6-Vt;gx) z8c9iz3M_Nyl3#a?K)7oPAzk1z{IYBou)(TkU7mKt4~Ye-NVI0YeKp=MB_xloMeP1p zMkH9ZB5X>Shpe{0jfwWvdGVhtQ~dAlkI6yc^5>G@=QA!FBBzG2=@*m#r75?!o1oP_ z#p=Z{&=fOL?{lrNv*5C+;tkEAdzQ{7oXb$<4x`=C;b_uMpAkV-|tPe0RpNf${-*eI4+TJ}>kBu3Nny5(sY zBxb0jH9A>xgj!u4n8=goW4$xfKEX{)aJE1ROp`P&#jfn6wsJ|qTA zWUaw@S(XkiB~Tm$+rXhlK@OQ>HMf=Y-O*loI#(j{eXifwoYdC5NE0EgL7KuvDFZLA zq4C`J{3%w@;df~3+fyX9?{k(^jDN$g>*WYzoX-5s#B3*etX;GtcW3%dcp zY?&0VMsIN!S$az{S;;4ig;sqpAc<;ymc9GH4lFXHhd8DI($mG_;p^D z`843`{4)Z2acgb(^MESBw; z$*Gr)!Y_l^IZ(b_kH7!iZ$3Pz|`3F<*sE99X9bzCmz?kY)OjZZ2ug3xG4LWP*S610)R`j<h7$w0t;8a1%cQRZ!J`vRk5bCkob}rx=z>=p~N~73(6jo%6^v zr$EwIU0ZKYC=AXV`J1fdM$E1U6$|wxFAf-y$NO)ui z*(1Xx*{cc#cP#;#N0OqD#bCczAStn8HN^^2t6iJ}F_XWu&8oNWs~1(h)QgY^R4&nd zn`3wDky@(opfZj}bR|4Rb!#|oF?_lHoF?1v!|y&QNe8u_wiK~=u->YQa6=bk+qJ>6 zSGg(7%9v!da>e4h?n|xdiGC49znJ9q=UjP;N(FsA&hq5->-p6LAn)Tc))2V!2Ahmy z(Z3z0w~SLI%Yq3YRm%xc$N5V$xo`f2a8;2vNX~LzCOjX3JxLvu>pw2z+KR;vF1bc7smW7Rly@($^7q|u%MLe;$5hd$#Mb5JY z2z_w+yqc~PT$z;({wKkyIp3^f(_lGd}jXupb5w(Ixe`- zsYDUx3yYcwUn`&1kAtj6oQ1zq!6^fC7ez1268w5tED8t`)v<)^t$4zywNQ+}AE;2? zJK{}g==VtoT};f=uvUwOopj!Im4H7>NL%j@bn_uq5SD27Y@Kj4SI0!z?}{` za658xlyoEMoNLChfF}^ix|sa#WKu99!K$a?P3PDmK9rZxwq~Z3Spn&i8IR`=-ic!y zV_(OEosH25Ls*Ix2k1l*_a?i=B)=`NY}mjOBzxXk-B5tk5@S+BK0sgG;4uEF&k45c zttX=w=G_-2NV{Cmg}-K?)7x&+n~iaLyD}{4n#=G11|Q1Tvmajr{MSjhp)p~~Ko}K% z2dUG;IzN_<7qMg(3i@MIt75+q>Qe-or)s^GE!WT1(*N}LmSxeztf|7Op_V9XACq*| z`cI`*363(qb((SelJq1XIE8GGlxoB>O+30>4De_r6iIaP?GuUfl{AW!EDFjl4P5QL zzfQT*IzLg=;eXEp8gF9Dk)7sFE5<|7sXpknsnQ**T}vC56qh~fN4+UeH`tlYd0`4u ztN~Hi!q)%oKPa6xA=x-_7Xpp2Rv9~yr&E#tp_eglp5OXcgFwW~O1kbQj@(UH_2B*) za%yA?m9!5#R97*!Jsn%a%->2Qxz2_D^&^6|+-av=AsWt8hK2d8^U_Jbo{O$<5m4GEALYUZFv{VP2EW7DBJt9J*|ZB%Rt`%gK47By`CPaHM~ zp@)8qB>7#@IgC-C&}K^Vx|f*@eFp5&HB3OciB_gfs*w7#rMbQ8--jzo4IN zouyoRC^Ycvw2^zAN)HZcw*qrsjz9@@pU=btJ{#T-YAJ?~-zae8{6TgisDr<_v@`8W zW$*3jaH*FVi6YNLkObN7*=$~EcOtn~pvJvtSOvHM%X;9ki);>ALh&AxZLtLzRAEzN zzEo^?eh;TY2rPamO7kv;Wn0QmO#xU$HyLP;t>KSi!YF-g>_KZpNa{{`rB3$pf4T0R(Eie0 z@rq`A)vv{TvIdz^&{w>R5paV8@lLa-040XPW3W238hg!11e@cKkwpzc$~kW z9*YGB4oJ{@hbw?^+SKceCmHx;f6t#6YWC~-%+J3R7|M2kwy%Te zGyY}BgLwSARMgbnI#eY9q?$bkO-ltEQ11-ksu@3<{yeDx`cIJbQ@ukMu%Dp*sJ zYRtR{y0OCY-w@UZN0)U!{@0*J@^7Sgj*_6Nu>d6wLd<&{dE~+`Fwj_ZF!vTdbPoQQ zq^);IQh~4BN4n%j#dw{wD%*0Y+l&fY5BsU)fkAxx#*U4h*n`)RD<`F^5iX5mK7)zB z7dZ+Y41$F@zh|-EO{GFPugNDp(g;qv{O9us;%JCqDxgmei_8$h@PD|;8^-*n461G$W#VH7h&)feGk<5Goim>2g6V|a32=(i z$(ZU~jwz4kspjHy0s@~0*SiiTzs8h^i(9W)=i&2m=q4%?ncD^$QCath7=SGJ7dfgx zEp&fS@KyGa-@TvC3b^vdvUx#nLqn9#3JHMxz&4SL(A>7a)Cjb;fYHscZM>-tu6jVs zR~wy;%4Shx_aL*js%rPJv)E_-B^p(L+mC3baC)(IF7$f;<(J?EKw+0H87=d+ByKSz zQ^;FatUy@|P6d2$jnMI?;}yZyO5m4s;4J0@mXjJ<*(PpG%Qp&KLe|KVnufLayAM<; zib$!opQ|PGt zFtfCXclHRj;J#p=pf$Gh%WUck|^0(2;xF-4|TuqgVscj$K`b_(c2Mft2sfpB&$dF)5$0!p1CC&YskS@{*x#zwNr5m-4jqDR{L< z`5wy%Q0arYm84Q?39cY(g1hzmUim*&<3jW6p#P_x@!~i%b`5y2HFe(hJXJyL{k+$T zyxv9w7cs72dv{Ue4QIaOd+||4mG{_sfNKDqh(UFTy-3n}fWk@!j358y>`QfB(S*;% z{lq%q%Pj)8&!dox8b1fI6bZPV%4`nXzZ@QLt zmw=cQ+*^x$-@EApIp%hUGh!*%c9zHPKks|61j3|3m(D$K^RB0t%b}@dnQILrRqJI_ zLSXV(!-r~7KSnqT(#-f!aoBS{wLq4QM}{a?GbS(CGg0i`Zln3~NduMe)piJoI6`m= zCTeh2iI!Q~pme}73el#qO|x$2v6*%qhLp()L7htiR5GT$MaTX5*IK;ArGr03K3iHo zN(qF~3ekF8rXLVDy5i7!Hybrk+OIxnFK0{i_Z>-ST4xaR2*7IGNhY+FlhDnFIOA(%QA@DVkbwsgYwn zQ*M~NDCKUl2Ce3&rmGeWx?&65jQr=3S!GPa$h68qjHEmD)a6ImTpR&oct`ZJ+|4P= z#M^vltr>%a?dp+kkBhO5>l_IOb%Uji5VsAC_G@{xUZGy2vKEF_`1bF%$XnxD=4*sM z+aTpkI9*gQC4;TPC}=mF-D?w2kz_YvOT*%kD-%*kT}TmOGJCDKxffhT_qpa{f&p0h zB<5X?t_=>1`UP|x?|X5_1*Gnvnb7$$EPtykI@CCHgJg4z&v5|{`rhnQ4alC(3AIwi z=@fx5SbH9~r1p|_+j19D|OP~N=7 zNp(>+^_r!V_{l#mu+WKxDRvaY20-ngo@pY_N~tr$A9>)U(_8#=IJOca#4K8%Oj@t|Y@!tdT>*(N zw{!;2A-?e;70-Hn#_+4ELg}|MI>*Og_>BG()vu~>3cCnHoDCQ10o)%1VXt&V+k9yL z7{_D01;sz74xxPZ_nvM2b%r0N1aVie0n?rT!(&qlrqk+S=vxrC@eKGTH3{Oxah{i! z@ZD4=&ThY7pq$eZxqB%QaY*8ota8Y;r&a~sP$-R3bXt|Hgb9{LX#G{~T?+K;vDUF9M*NZyvfmSrFon z_LC#v^I{S0q=-efUFLeaUAet6wMkB1bd>#0_%UEaI4=xEB`ITz6X9if5cJ`FIeGfE z*cdUS)k#~NFQi4=KePC`+HzsjkB%T!Tt ztD}1EE`m-Ehr3;-Nb9g$ooP9`Hd3b7m-S7vTW8P`GOVjjdq_T)vNWy$x%~=u;6B+u zgs@`Uh+9mb@@= zGO5HrOJQ9|sO36q=>0hVd4A_NM1m0mzX>0lK^oqD-QYNAI}_CD7Pzikz7ai&5xnAO z7)!8-7wz?NPjCnyUysk^DE&U_IblERvu{pms-hT#8o$T&fip}HWh3BzHR^pwlYrV; zrl{4FTp|iE+>c>)l!6Er=j*@Qt_`2W-%#;WV+~o~SEvDUtS>L)$myI_*jii$ubC*u zDgL~No%!zJH7H9GeI9*@Wwte4eZ`-OvVD2;8$;?!yKqFhM5Tp6ggST*QbbTrj1~ZS z9~H0+B`Uu^oTMOzoSwcsXT2bFImF!4K0W*0xA62NXJhfTsEk-TT?E-2Q9);6_JVjR zJq5+{ryBrLLXT8R>{hA|N-N@fG@TlPCkOQGs3#W>opsc$Xs9|~f3>b5mIzhA zd@dW`_?h378z{?S1F76YO(ywc+_L7A+(dGZOFvMaU9HvYfsloBQ7au!2*%CV<@MNJ z(39OJVUG!)o1~r}^7>{F$r12te2I{`>ekd(kc*4P0fAY7ADs>S^9MzAQZ-W~RP>HM zC{l|qHf=auET7Um+Bnk{U<;f3ue)hnumk~wAM{|d;7==?%iW~#Mg@H2B&C0o!VUO31a88z;Vg2C*!eZ1wj|ihcy{C&#f%&L|1)UZ2j+sO8K$( z9Rm7KHctF*PzK|FmKughS4RP~B(bJ_)qcKS^dUL$BeV%{mq|A&JA1zezwV}LX9Zwc z-rrF}IeoU$5O22fQxBmT;0gOEuHaEHi)2c6mT&=p402cJ8obz~UL*sA3V1<*q0W>4 zxM#+Jf$G*icC&~whBY!TMv1nqMhw!|!E6aIFU1Tk!PCo(q{#b#ZL3a@nG*G;LJru1 zc3fhomYBooy{OXG6w@ly6biyeitA7A)k4ll2$`(z)2FWk>?M9}0RB?xNAdaTCKMFn zl0NnEemFb|;XqV3VnA>|pn&z$eO49{r?P%h6kRL<^pkja$CdERkT7p<7Uy;Pk#U?O$t1e;I8 zec9Is)`&2klYYWhNr;S-=1Yv*c~Nut?N%(AQG><@$IVxF}lGRd8_sXYimuO zyl_MV<_Z`Y`j;H8Hd6hA1~=ct;8va=E~!0EEmq*ePtKARq<`@NW$6BPGZ%0EKP64p zAi0TCk*U-Ij~I3=#G3M;O8E*eSZ)uid{Giyv^d-fwoS$_lPji=hCau6L&-5UlD&7ppt=3;p8MZ zL~^uqE?rF4rufMVhvO*qw^NN4wBlF`#r_NVU4&TdOhj-dc0>Cp$Iwh7`LPKG z%q9vda8iyBozVyA6p0UnZRKfxGHG!2pk$X**k?+RI`4`%pH1i8MGSoDAr)^7mV`*z zP-6Y@w*0Xd;fhq0ZHW>aD8``VpPWZqE8P#uguOG}mNW#2Ks~wVdKIPn4+;cvH)FO) zq%f-kp^z!wKW>g*e?65Ecw1>|*h}93Eow)Vcm8gtqpK z`WCD_K?t#)v*JZ8NG`zA96hFT2t(*dbJHTMy^gm?c>aNI_|pgA zAj3B=oS)ZiUZ366P0YFgFf6KFrUQbw8(3Vq5#^hm?QWDS&;zAAB$& zR>}h1ecNXI14*YT36%dus*iXQBw_dxQOlMIjRgg6l?{dThcA#lBpeiOK*nzmn*!l8 zrS(7ucOnygoJT=;wTM$8V~q$(uYjm_dAQNUyFEe3RbNmhqeMc@k$bgGhkKN&irv(WMw@DHI=HAM85ISL1AG{=#8|cM!z{)h}JyuExf%4x&J`qz`XPre&#H4wRk|vo73|ay3pYMpsjF z;o|kJB68R+`wcNQs}DQnrQ2rWHYPo-1Auf3VGO)-g49a?qe=x^?X#R%AxctS7N=5q zYa`;Lo_3o_2NbY0G7WX;AuuZPS4}1WkvcCw7JK%dtSKx!0mUF?h0vb;1J~?92%cX3qn?V_ zv5At$|7N7zwlXshi#@b}T{u-CjsETrV9tqzDV9a5Nhmd2oVNt=u{%?~B9>G?=p?3h za9%o>TNHQgLcHAFGoSUZ7knf~A)X9Waur ztXE^8vk#K$=VShd4n!N+1xvJlN>kGYLIrVrR#wwUo1g38v>x9==PRfmw1pKVJ&PIB z=_D6BrzA)@X$o&2kE?_)dq1Gk==g&%?Ps&|5EnNHQu+&G^R#Cmjkc$iyyFze!dYF% zf8LhZ0~+7CJ6q`TYydCJ$qR|~=NoMKsmUfRoHXJ{U_38>ph5=T%Epetr~_a{h)B$@ z?)(=Q?I$xMEjWasdfO3`AC-hlXCZ`SPm1qV zI;@*Dz!7amULhK?GwS2MwMkWGJf*Yf_YdGC5b>yfV!Zij@7!RqsDhp^JVks*zKY(^ z99sl}Oie`Vjs9)!O49|krpX}?hs8Tas2$sXs!P+Q{||5dta&dK z=zcE$tJ3M@2_JYeE`=NWs05Z2VLA=I|q&*)o_PT^#hBq45rFVDIyGp4Hi zk#Oo63AzsY6&)g$;C_8a{dSS-rtsr~c5o7^`N#i-2B+Rf*QtL%aUAk%^P5wl zPMHb1g|?A#*&E(@35tAp(Y=kL)ncaY|K_-nGSTanx25@4>mPpi)JY{vsAt37$#pF) zX>cGsxPn@1t9Si^-FXV>)sB5&x${MdSgcixK4w=@E+B2gL0P*uP1Ks%q-9rcFURWUeWV{diNR=XQ0~ z0AUA;g`kM^ekBa?N%rqVS`Z)e1P===l^XYUb$IolaHPVnGuQm@3rw^*Xl9ngDZ465 z+Wv;Xv=W2%XXI486MBV;C(>0hBueX*0D5pW<*Q->L1m7`NKZe9Eo{TI2>*+D=w%MV zX>QZ7DvH|Sd8)!hkQ02*T>sysqc{7{<2fO2+PSZjCFC1_i|zDf zY4}BMX?yd<%qlu6l|>Do3rXH~!cexJ_rl)9y#e&v+FFW&;ya~iE^0tRF7k zn(K2?UqKilk8~G?&8~*eHzse(m7cEKDjko^-q6kpN{WLs`Q~JNJ3^&DfTErL-?>&n zR*zGeyJd|YmZ%?{&*{cEBOwo*JuJ!5x<02%7AV8q@$85_H~>ta(>bjP!Hdpjht~b< z4uH&%DNYEhR_T*|f^Tx8b8^in4UmY*rKwGj39Q(r`XTZ7I>W>&jTg#rD z3(*mEO#m9i@~ht({lnnN%(+1c1x!5NkJm`tK8Uvt@;j3A1*27$E&hfpFOkGiIgd)r z?bp-m>+5eVPu@VYwl(j&HA)|(wPZ&e)YWBwVJtN`=fmzQh1}{JE1dpSoESsXHu67U zGM0+LhM)`Fpc_`#y)UunuMe>~K98Hk$V{Kw?yo`Rohd2e*FEk}Pxj~jhJi0Fj)`6! zl6HRjOKy>E{%`wy4(kdcos4EtT{Z^{OkM;Ol-&LO@VNlL9TGGMAzFl^%Q)Cxpyo6= zX+Je>+A|B}H!RFv)Q>w_{o0JZC-A7bXSB3s6IPas`C|vOe()W)J;Y~3Z(ZalnfDtm zZ_mPOF2@zZ_g!aquh*@HPs_jV)?GKWe48PBkg{do&dy&u$U6GhKbP}cE!vJa!^jl4 z6;h}^K=0FNf6IbNW{tU0r8-A~G9W{?KNDG8BO`&nrHS@182KbO5L<(u{CE0J` z3rmw|W~gXuZ-C$dDpb4Y}!B8A;vh7VSn`w>Ak{$zqf$cqs=v0HIyI$YLoN-zip#c zxFIz*sfO%`rb{dx<~aR+IKp=`V^sp6PqQ8Z4eygS0+GOhu<;4{DDNOga{{@UU$6Gt zT|gJl-pCF4I3L$iq&gs01ltAE|cGYffc7o9_Zp(Y~!n7y%X4ULVSpFTCiRzw^5 zxjoxXfM%gsQAM~yFoO2A+Iyg8YKt9pIKHauHITY+kdx7ZtL}!okbEX#zIp`UG$7>j z$M|%LDsgDWLfCCL+PAlJqeJ-TAE-s4s|O1qpBV$^N4w}J>w}Mj8BQ|u+PRZA{E8p# zoV*+)tCq_Q#XG!AJeSRn7obow%tgfXS+c{vH0^aaS@naN~T1-lkK6B>co?)&)eTWc_X2$a2^jK4mf=%YQMWJj6l zkC}GNw{*9P^?k+w?h|FLWb?i@2P}#&z3amr}|&!{nhQ0yE{bN|b$7m5cQh3B__h@ebyj zqZaBva;QkU4-s6ShW5p`Eqi6D*oLL(_KhtTbVZJo7CUNW>~Pl>s*5*fr%y-iEhHy^ z#O}~z@jC0t;d6BD&2c_u)VgIT4B4Gfk?QiC-sr#>mu_F77m!pTNq@N8D?AeN$C zEZhRdg1vy0NETefvZ_wqI8Zdd`*E>CxnPbGG!_zzSyko_^ z@c24vrMaV3N#;@AB72kC+CDEAHTc5bIk%SA5VzrXmiZMH_RkHTqVjCtribtG*1t>> z@_0cjG-7u2fBsy7CHzw@Yt9Er=BVU)la#t-{e!qnny1XrWbTL_FqX23I4j-elSVOw zIz!W*>J~H-^3FGnqVYak)#X7n2|S16658QZ+o1yE=)T>}vB=HFcU9tEz08VzU19aC zkF|@*jfIYnQ~xuf{JjQb96dNZ|7_|1*h{Uk&lpS8=br!9>HqYxb#?q^?A>an`#Bak z7NVM=>8F-{>IM3)+G3i;8A_II+)EX?eKXzVdK`JdhNNLC>5FDfTGed%-U7J7ll9Gn z``&zs#Ej}=$y^jisaeZ~(>}j5eUe$Gt_9i+X5%L(CIz{}dQII20{Zzw-elHD!@vv6 zM8|!%gD5k+{u3swo;-xWJWkPLW2Y$ibGv>Ap%M`xbY)%j$w+jXMF&>Y&ba>Kb-m*sS;EudN11{nMOj@1VP&S-@qlD zCp~Zo^Sd3{C76Ho(0=iBf4CC+C0{CNDBgEtlZ5+>$0c3-Mb(xvjkpp67!*K)LH%W` zSx8#3e^^Wo)8jYApg4@gu%if+O$_gk=C&`Y;lQBS(ZUc1K}^03P4oKp?2qKSMI*S@ z061O|PIo@CZ{1{q0Ze?{`m~#{P@*)7)7@Xa<1(X?f|Kd4du8H6kt4oQ?^wEAeNheb zS5_VJ0|CnmIHF$xuM-S);EcasRmRv#jDz4=9p&H8W7&?-*;r*@r6QRP9T^*V39dkq4u3W{c7crcu=5OP}8&itS5j1Nfq(H@J7TZ0SblFXDfZ}rv|-LC{jO~R8?JkU7nP1X0{49+Anfx zK!YO+uRM-3{r~53YeDiuP?|!b9pY&i2L~yMV~7|I4gG1#6Z~ws4Bh-K?X`d9pIPel zuo&HvcHKCJmd7+8p#x^}r25;elYz25^|YU)4`USB^iBSsC1>*R*HJcAUX^xIlDL{+ z*(`>bfdt+8QWD88XB`0%R5TJ=v>&8Pt4!vbni7B0Zp#;;egPQga4Kb}!(G9W23Sco zN6BzenEhBRb}}?67fzIj7gQi=qQXc^L+k$P0GRwLp}<4tMNXk?d+5UI-sG2jhYQc)DsI~mf~heU zywecRM-1tJVWvMZo^D*PDA1W%10BAjY}r6SlCzMc7FovGYelHWlXB=mTg~Ckzb9c;S9>(#n!4wdANx-Cfyi?)q{D_raw*Bv+`oFw|=`1%E!HI^E_oK6I+J?c;$><4_hHa9|fnyKo42#U0T)M zo?^N&NwXbO)|^zsQ)R}a26bbRNYd~0$u_#mc*uFkQO1JBtck^{8vYXL?CvXF?c6MT zDB4Y{&}as@ziO^QaeEKedl8$D`Hyw~xBn-K|Nrw!Rvj+S_m|Z;Y>Y4J2k(itAGr)k8pc8&z*bkfD zE+E~UD2uD($8RA!>%IE_I=S*dD7&`*DEl5UmXyH=$=G*kY!O02mW;7yqKIT^l4Y!U z3|U9^U5tHavX*@bBSi>M_bCY5e;=uuT+iqv#l z9+)+eUZ%B8p0%U?rb*03ghX~ur{bJPvoht&otzHph@Ca#3|JO#!MxDY0`iuYgIvSa zkIzplr)b%-@$6RvAB33N!9LBC3j>mm=7aC~5z3SEhlEc`NB5_FW(m_rUw(y$&>23` zF>RFDkxgt7ZVQ*_i>TXpKFHR>hBbmETSOne z^;{whC}iLTGanKie;^a#O)`XR{prKc-Pj*ihj_QxCydk4m9=E%IlzVO%zNzDxNvq8 zqp)H2t?E=%x&`y2WabuKajpD)D~md-%iV?kWZIbBCdH20Leu^X-rlQR<>i&xIod{s zb6evs%rK7w5i$peB-l?#r5FaHvM-v z+8Co7{3zfDV3GpB&=J3Paex>T?eNQ$1Ce#-&W_O$1HUA>p0i_*P zX>+3iVzjZae~y$5n=+8l91M>m_KDn{SX|)hDgpx_RNp|dh;;S#U4eqAe7-P!o1=Dj z)N5cw2yjyG<&Tc@`O2pj6x`%fr7MY-nOGb%!LBF;gHzkqcXe1Npyfe54q+(QE}wcE zSsNJui{~8i$#x9RucT1MvVQSNdA=SCAByzQ`wpF$_Pf*3T#gH8{x)IS(Ou2(;LL$z z9jx8fohB=1UC&r%%Nl^tzrIep!ytmjDk>JIXTB+4U?PiGD9*3AUMdDN6b`njDLP*g zx*<{UEX1fdLT@CVg}MOP(XqpDD7i@1evKV7`Hj+N+2+a;)K^d&yxvCb2s3Ap7 z{&ykf@jWdc!`>889Y7u#*3%E;`o*E3SG=b=L-4|m_P=$hHjfTFJX6C6$XBoa3bJ>5Vtd&au6k zN=s`0c8u7p0SQa_Ug2@8epK2nT7*11i2Kfs4!g0SBNn9sEA$c}FD;SVoHcWmoP{Df z#!h)??`?1uMY+BN#(^Rv^HacMR}0tDv$I?_d;3OgpsTzh_;Fc*QkWzS4>c=eZ@O zz6BhJ{(SaltoEr#m%IE&pBsKb$;5@COv0m3ZNqYg1`e%*|NMEPY@We;pSYL5716gZ z(fpnbwqIRHTwq6qhJ1Qk_-)uctVNAD5tH_X;Ge_zV)63J^t&8dl)qbp_p3P<7udH5 zbIwG>3vOBj8>ffQ)8vbb?Fu1C33AP*P#OAm@cH8NtBDh^1xXFOY`bqgxe`;CUp#a2 zZniuXRWNYr$J^Jqq_2Gqu_U%cYCs9QwB%Ih{+C;>2+-?RR|H3G|DNS!ZC$l;(}SAuD+!8$SCb>SMnyHV zD@O;fXu{AEyuY`Sa+#0^hsr(l%eU^Pn^z1JU^zSANCzp*o4JnQ*aD}kszw?-iaFm( zxTEWze8BWKb}`Hgha zdc&>@56)rEX+*aPt=f+TR@Gy!=(4JyhxvcQ>S(W8v8=4W*OkK4l;O$fS#x@Te*d?T z_-We}Yb7^ndv=Cu=dr6$6Qy9Ia1SqcnGyYIJ!F-~;u|P;1u=u6Ri^ zg@I@^`SIhuO&@DWG{EJPNG$UJLEuT>olk^#9w~N224^M1kx#8lBZvy+%(KdAbiT<| z!~}b$0s%7H)UO$Z+WC)~!TenjkJDtsJ_{Al&(J=&D;Ct_0=xnJQQuW@3keXGjcanh z^zJiDHNwAmSi1%AJbOqL(2J!dI(TZP^&7sZseeW4XcO@Ss$05 zAKM;Av~x(4LO~{6i5T!RC3xT^b_(Yu4o&0M(6mUSLJ~Vyo)Ak9qBbtvrIQJyihC}NP&_3@HUUsU9}Mwsi@^M-p1I{L$10qAlT<}13Fbx!kta;c=mpAAuk4Q?DmF2 zC+Veik_Z`QfGMHG<HSS92)*Yd36}`KWr2%QP>?MUjZ6A_HPz@3c)x|)A_&_a zzt{?IFf4OZ<)RUK&rTZK3%cpm!!Nb=_Q^u!KHFq*$QxSI#nsfLJn&uL z7su%B1W&}SdA#XSh|E1Sh;Nsq&xW4-IL>oo_&}UAS0*t;#{n{OjWADEP0LilN!w&PI|KX>aI)nN@jv0 z2U>d0=GL&UC5YW^FT{GUM0I75)YG~L;I5+TYZ?2be&zucPedILNC44N-zLE1h3{9) zG`kfdfHBpizCwAbG%~a`sz*EO-K}qf`L;1?Ir_p0^D&LQx;3Y+i|Psr&xd2BJk(}TedM$%Tu zkKhC zKnTGm(vfdl;AiYSZwjuyxVF8;!eKfrX1yR4g<=Ng0`JRMI-6CQ_Vtd{y)}%%VG_({ z>#oOK1>ThjL9{O&pA53#amjTO3#bxuXl2x77OCd@R*Csk@ z3grMcQVZy4N;oma&S2|rgdM@S&yB-8*siK-9v@eaGMsH%ik`J`=#eR9?NoPb)qX#Y zlM7h71fG2ZC`o?u=)Fw3RsnFlOAdKSLrNfg7ivCCDLBx7;?33y!Epj$dr0lg@8EYj zSPcT`PG9Sin9O$9TSxX^+;YJu1eR)eA|@ak>^!y?F0iK>zr46pLQS&lL5K$s?aDktP6{MRF*wO5w$) z=?o+?2?x~`3}4sk%;GoBG`j^AMeWJ(AFFp1Cu0i?UwxS3+KJthQ75@h5);OuNWx{- zKc3OjnIOIxc`_jBTfB(6OVF_+%}44|H+5Cw+dI$68ymUcBm3&Xr(CK8l?s@-eV-*toeC4U3b5+G!M}c))?Ns?W|{pVz8RUv@x*`tL@<47-hndh=CkHR5~R zUI_xw0J4Zi-?d3s{GO9M6#A$P|=*P9hztu!3?uF24XQJgIauoD5e&9hXYqQ2AXOKO_^-77w1x zv&5sFq!c}^qG#5_m}=Yg80>(!(6E7gObq2t4-jfGTh3D%N!H~DGA)IC!HkPe0#h%A zGjAjw@__^2Qv>5laBprP-@r1|-^haSdFQZ-#tPR!H!7*}wQRBgYe;&2W_* z!IR*Y$B(