From c023c7d42a21d09c588689b5f91f0f1d7df1c57e Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 10:22:56 +0530 Subject: [PATCH 01/22] Create firewall-settings-lost-on-upgrade.md --- .../firewall-settings-lost-on-upgrade.md | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md new file mode 100644 index 0000000000..77e0fa9ee4 --- /dev/null +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -0,0 +1,44 @@ +--- +title: Firewall Settings Lost on Upgrade +description: Firewall Settings Lost on Upgrade + +ms.reviewer: +ms.author: Benny-54 +ms.prod: w10 +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: Benny-54 +manager: dansimp +ms.collection: +- m365-security-compliance +- m365-initiative-windows-security +ms.topic: troubleshooting +--- + +# Firewall Settings Lost on Upgrade + +This article describes a scenario whereby previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. + +## Rule Groups + +Individual built-in firewall rules are categorized within a group. For example, the following individual rules form part of the ‘Remote Desktop’ group. + +- Remote Desktop – Shadow (TCP-In) + +- Remote Desktop – User Mode (TCP-In) + +- Remote Desktop – User-Mode (UDP-In) + +Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Administrators can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘Inbound’ or ‘Outbound Rules’ and selecting ‘Filter by Group’; or via PowerShell using the Get-NetFirewallRule cmdlet with the -Group switch. + +```Powershell +Get-NetFirewallRule -Group +``` + +> [!NOTE] +> It is recommended to enable an entire group instead of individual rules if the expectation is the ruleset is going to be migrated at some point. + +It is recommended to enable/disable all rules within a group, as opposed to enabling/disabling just one or two of the individual rules to help avoid unexpected behaviors. For example, while rule groups can be used to organize rules by influence and allows batch rule modifications, they are also used as a way to maintain rule state across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the process determines what should be enabled/disabled when the upgrade is complete. + +Take the Remote Desktop group example mentioned above. It consists of three rules. To ensure that the ruleset is properly maintained once the upgrade is complete, all three rules should be enabled. If only one rule is enabled, the upgrade process will see that two of three rules is disabled and subsequently disable the entire group to maintain an as pristine out-of-the-box configuration as possible. Obviously, in this scenario, this brings the unintended consequence of being unable to establish RDP connection to the host. From a9cff113deab0cbfbf190f95468cdf762b2ac3cb Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 10:34:57 +0530 Subject: [PATCH 02/22] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 77e0fa9ee4..f1cf50da2e 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -30,7 +30,7 @@ Individual built-in firewall rules are categorized within a group. For example, - Remote Desktop – User-Mode (UDP-In) -Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Administrators can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘Inbound’ or ‘Outbound Rules’ and selecting ‘Filter by Group’; or via PowerShell using the Get-NetFirewallRule cmdlet with the -Group switch. +Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Admins can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘Inbound’ or ‘Outbound Rules’ and selecting ‘Filter by Group’; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group From 30bc25b178bb4a052c5cf31bc4e6923457d3ab71 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 10:37:28 +0530 Subject: [PATCH 03/22] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index f1cf50da2e..5455669ae8 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -3,7 +3,7 @@ title: Firewall Settings Lost on Upgrade description: Firewall Settings Lost on Upgrade ms.reviewer: -ms.author: Benny-54 +ms.author: v-bshilpa ms.prod: w10 ms.sitesec: library ms.pagetype: security From 3c0d7031ed623dd7a035e58e66f038779e95d424 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 10:39:56 +0530 Subject: [PATCH 04/22] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 5455669ae8..0492170b3a 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: Benny-54 +author: v-bshilpa manager: dansimp ms.collection: - m365-security-compliance From a9a76448a996bb5241765be32a44ade8f3ca0792 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 14:19:00 +0530 Subject: [PATCH 05/22] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 0492170b3a..45fc0886f1 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -1,14 +1,13 @@ --- title: Firewall Settings Lost on Upgrade description: Firewall Settings Lost on Upgrade - ms.reviewer: ms.author: v-bshilpa ms.prod: w10 ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: v-bshilpa +author: Benny-54 manager: dansimp ms.collection: - m365-security-compliance From 70f5d6d5fb1313c59503220e98c293905c0af086 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 14:20:36 +0530 Subject: [PATCH 06/22] Update TOC.md --- windows/security/threat-protection/windows-firewall/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md index 34b7c1beb1..0720ca4cc1 100644 --- a/windows/security/threat-protection/windows-firewall/TOC.md +++ b/windows/security/threat-protection/windows-firewall/TOC.md @@ -165,6 +165,7 @@ ## [Troubleshooting]() ### [Troubleshooting UWP app connectivity issues in Windows Firewall](troubleshooting-uwp-firewall.md) +### [Firewall Settings Lost on Upgrade](firewall-settings-lost-on-upgrade.md) From 0e669df0f18f4ab646c2b08ba5f72b0df4c31e0d Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Wed, 18 Nov 2020 17:58:54 +0530 Subject: [PATCH 07/22] Minor changes --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 45fc0886f1..92a3e08580 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -17,7 +17,7 @@ ms.topic: troubleshooting # Firewall Settings Lost on Upgrade -This article describes a scenario whereby previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. +This article describes a scenario where previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. ## Rule Groups @@ -29,15 +29,15 @@ Individual built-in firewall rules are categorized within a group. For example, - Remote Desktop – User-Mode (UDP-In) -Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Admins can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘Inbound’ or ‘Outbound Rules’ and selecting ‘Filter by Group’; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Admins can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘**Inbound**’ or ‘**Outbound Rules**’ and selecting ‘**Filter by Group**’; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group ``` > [!NOTE] -> It is recommended to enable an entire group instead of individual rules if the expectation is the ruleset is going to be migrated at some point. +> It is recommended to enable an entire group instead of individual rules if the expectation is that the ruleset is going to be migrated at some point. It is recommended to enable/disable all rules within a group, as opposed to enabling/disabling just one or two of the individual rules to help avoid unexpected behaviors. For example, while rule groups can be used to organize rules by influence and allows batch rule modifications, they are also used as a way to maintain rule state across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the process determines what should be enabled/disabled when the upgrade is complete. -Take the Remote Desktop group example mentioned above. It consists of three rules. To ensure that the ruleset is properly maintained once the upgrade is complete, all three rules should be enabled. If only one rule is enabled, the upgrade process will see that two of three rules is disabled and subsequently disable the entire group to maintain an as pristine out-of-the-box configuration as possible. Obviously, in this scenario, this brings the unintended consequence of being unable to establish RDP connection to the host. +Take the Remote Desktop group example mentioned earlier. It consists of three rules. To ensure that the ruleset is properly maintained once the upgrade is complete, all three rules must be enabled. If only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group to maintain an as pristine out-of-the-box configuration as possible. Obviously, in this scenario, this brings the unintended consequence of being unable to establish RDP (Remote Desktop Protocol) connection to the host. From 7033ac7932f5c85d6002061c1f5b00aadeb47277 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Thu, 3 Dec 2020 12:05:46 +0530 Subject: [PATCH 08/22] Update firewall-settings-lost-on-upgrade.md --- .../firewall-settings-lost-on-upgrade.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 92a3e08580..8948b3b3fe 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -1,6 +1,6 @@ --- -title: Firewall Settings Lost on Upgrade -description: Firewall Settings Lost on Upgrade +title: Firewall settings lost on upgrade +description: Firewall settings lost on upgrade ms.reviewer: ms.author: v-bshilpa ms.prod: w10 @@ -15,13 +15,13 @@ ms.collection: ms.topic: troubleshooting --- -# Firewall Settings Lost on Upgrade +# Firewall settings lost on upgrade -This article describes a scenario where previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. +This article describes a scenario where previously enabled Firewall rules revert to a disabled state after performing a Windows upgrade. -## Rule Groups +## Rule groups -Individual built-in firewall rules are categorized within a group. For example, the following individual rules form part of the ‘Remote Desktop’ group. +Individual built-in Firewall rules are categorized within a group. For example, the following individual rules form part of the Remote Desktop group. - Remote Desktop – Shadow (TCP-In) @@ -29,7 +29,7 @@ Individual built-in firewall rules are categorized within a group. For example, - Remote Desktop – User-Mode (UDP-In) -Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Admins can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘**Inbound**’ or ‘**Outbound Rules**’ and selecting ‘**Filter by Group**’; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other examples include the core networking, file and print sharing, and network discovery groups. Admins can filter on individual categories in the Firewall interface (wf.msc) by selecting and right-clicking on **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group From d8a85dd2b752ddf3e0dbffb84600c6af6b7a13c9 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Thu, 3 Dec 2020 12:08:13 +0530 Subject: [PATCH 09/22] Update TOC.md --- windows/security/threat-protection/windows-firewall/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md index 0720ca4cc1..6d788f1ee0 100644 --- a/windows/security/threat-protection/windows-firewall/TOC.md +++ b/windows/security/threat-protection/windows-firewall/TOC.md @@ -165,7 +165,7 @@ ## [Troubleshooting]() ### [Troubleshooting UWP app connectivity issues in Windows Firewall](troubleshooting-uwp-firewall.md) -### [Firewall Settings Lost on Upgrade](firewall-settings-lost-on-upgrade.md) +### [Firewall settings lost on upgrade](firewall-settings-lost-on-upgrade.md) From b67aca1f618e292254193280fa1802c953477255 Mon Sep 17 00:00:00 2001 From: Brian Caton Date: Mon, 7 Dec 2020 13:35:35 -0800 Subject: [PATCH 10/22] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 8948b3b3fe..8a7721f432 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -21,7 +21,7 @@ This article describes a scenario where previously enabled Firewall rules revert ## Rule groups -Individual built-in Firewall rules are categorized within a group. For example, the following individual rules form part of the Remote Desktop group. +For organizational purposes, individual built-in Firewall rules are categorized within a group. For example, the following rules form part of the Remote Desktop group. - Remote Desktop – Shadow (TCP-In) @@ -29,7 +29,7 @@ Individual built-in Firewall rules are categorized within a group. For example, - Remote Desktop – User-Mode (UDP-In) -Other examples include the core networking, file and print sharing, and network discovery groups. Admins can filter on individual categories in the Firewall interface (wf.msc) by selecting and right-clicking on **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other group examples include the core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the Firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group @@ -38,6 +38,6 @@ Get-NetFirewallRule -Group > [!NOTE] > It is recommended to enable an entire group instead of individual rules if the expectation is that the ruleset is going to be migrated at some point. -It is recommended to enable/disable all rules within a group, as opposed to enabling/disabling just one or two of the individual rules to help avoid unexpected behaviors. For example, while rule groups can be used to organize rules by influence and allows batch rule modifications, they are also used as a way to maintain rule state across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the process determines what should be enabled/disabled when the upgrade is complete. +To avoid unexpected behaviors it is recommended to enable/disable all of the rules within a group, as opposed to just one or two of the individual rules. This is because while rule groups are used to organize rules and allow batch rule modification by type, they also represents the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. -Take the Remote Desktop group example mentioned earlier. It consists of three rules. To ensure that the ruleset is properly maintained once the upgrade is complete, all three rules must be enabled. If only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group to maintain an as pristine out-of-the-box configuration as possible. Obviously, in this scenario, this brings the unintended consequence of being unable to establish RDP (Remote Desktop Protocol) connection to the host. +Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the ruleset is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking RDP (Remote Desktop Protocol) connectivity to the host. From 5ca4a3adb87afcc87c1aa3941aefd2b6382ead21 Mon Sep 17 00:00:00 2001 From: Brian Caton Date: Mon, 7 Dec 2020 14:34:19 -0800 Subject: [PATCH 11/22] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 8a7721f432..4d978ad0fe 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -29,7 +29,7 @@ For organizational purposes, individual built-in Firewall rules are categorized - Remote Desktop – User-Mode (UDP-In) -Other group examples include the core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the Firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the Firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group @@ -38,6 +38,6 @@ Get-NetFirewallRule -Group > [!NOTE] > It is recommended to enable an entire group instead of individual rules if the expectation is that the ruleset is going to be migrated at some point. -To avoid unexpected behaviors it is recommended to enable/disable all of the rules within a group, as opposed to just one or two of the individual rules. This is because while rule groups are used to organize rules and allow batch rule modification by type, they also represents the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. +To avoid unexpected behaviors it is recommended to enable/disable all of the rules within a group as opposed to just one or two of the individual rules. This is because while groups are used to organize rules and allow batch rule modification by type, they also represents the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the ruleset is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking RDP (Remote Desktop Protocol) connectivity to the host. From 58799fe56a4dfeba12628766831fc0192babcffb Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Tue, 15 Dec 2020 11:55:49 -0800 Subject: [PATCH 12/22] Update md-app-guard-overview.md Added more content pertaining to Microsoft Office --- .../md-app-guard-overview.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 03930690d8..62c8df613c 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -22,9 +22,12 @@ Microsoft Defender Application Guard (Application Guard) is designed to help pre ## What is Application Guard and how does it work? -Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted. +For Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted. If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container. + +For Microsoft Office, Application Guard helps prevents untrusted Word, Powerpoint and Excel files from accessing trusted resources, by opening these files in an isolated Hyper-V-enabled container. + +The isolated Hyper-V container is separate from the host operating system. This container isolation means that if the untrusted site or file turns out to be malicious, the host PC is protected, and the attacker can't get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials. -If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can't get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials. ![Hardware isolation diagram](images/appguard-hardware-isolation.png) From c141e22df8e2a08ff44272429585002e1d512549 Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Wed, 16 Dec 2020 21:34:10 +0530 Subject: [PATCH 13/22] Minor changes --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 4d978ad0fe..232e9788e4 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -17,11 +17,11 @@ ms.topic: troubleshooting # Firewall settings lost on upgrade -This article describes a scenario where previously enabled Firewall rules revert to a disabled state after performing a Windows upgrade. +This article describes a scenario where previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. ## Rule groups -For organizational purposes, individual built-in Firewall rules are categorized within a group. For example, the following rules form part of the Remote Desktop group. +For organizational purposes, individual built-in firewall rules are categorized within a group. For example, the following rules form part of the Remote Desktop group. - Remote Desktop – Shadow (TCP-In) @@ -29,7 +29,7 @@ For organizational purposes, individual built-in Firewall rules are categorized - Remote Desktop – User-Mode (UDP-In) -Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the Firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group @@ -40,4 +40,4 @@ Get-NetFirewallRule -Group To avoid unexpected behaviors it is recommended to enable/disable all of the rules within a group as opposed to just one or two of the individual rules. This is because while groups are used to organize rules and allow batch rule modification by type, they also represents the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. -Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the ruleset is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking RDP (Remote Desktop Protocol) connectivity to the host. +Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host. From f802ff7f95b75e873ede4499870d7c63fce3d9c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Wed, 16 Dec 2020 22:48:59 +0100 Subject: [PATCH 14/22] rename .PNG -> .png and minor linting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- .../sync-browser-settings-gp.md | 8 ++--- ....PNG => allow-smart-screen-validation.png} | Bin .../{sync-settings.PNG => sync-settings.png} | Bin ...re-windows-defender-smartscreen-include.md | 8 ++--- .../configuration/images/configmgr-assets.PNG | Bin 133738 -> 0 bytes ...{mbr2gpt-volume.PNG => mbr2gpt-volume.png} | Bin windows/deployment/mbr-to-gpt.md | 30 +++++++++--------- .../bitlocker-recovery-guide-plan.md | 14 ++++---- .../{rp-example1.PNG => rp-example1.png} | Bin .../{rp-example2.PNG => rp-example2.png} | Bin .../{rp-example3.PNG => rp-example3.png} | Bin .../{rp-example4.PNG => rp-example4.png} | Bin .../{rp-example5.PNG => rp-example5.png} | Bin 13 files changed, 30 insertions(+), 30 deletions(-) rename browsers/edge/images/{allow-smart-screen-validation.PNG => allow-smart-screen-validation.png} (100%) rename browsers/edge/images/{sync-settings.PNG => sync-settings.png} (100%) delete mode 100644 windows/configuration/images/configmgr-assets.PNG rename windows/deployment/images/{mbr2gpt-volume.PNG => mbr2gpt-volume.png} (100%) rename windows/security/information-protection/bitlocker/images/{rp-example1.PNG => rp-example1.png} (100%) rename windows/security/information-protection/bitlocker/images/{rp-example2.PNG => rp-example2.png} (100%) rename windows/security/information-protection/bitlocker/images/{rp-example3.PNG => rp-example3.png} (100%) rename windows/security/information-protection/bitlocker/images/{rp-example4.PNG => rp-example4.png} (100%) rename windows/security/information-protection/bitlocker/images/{rp-example5.PNG => rp-example5.png} (100%) diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md index cdce19d2e5..d948b2c862 100644 --- a/browsers/edge/group-policies/sync-browser-settings-gp.md +++ b/browsers/edge/group-policies/sync-browser-settings-gp.md @@ -6,17 +6,17 @@ manager: dansimp ms.author: dansimp author: dansimp ms.date: 10/02/2018 -ms.reviewer: +ms.reviewer: ms.localizationpriority: medium ms.topic: reference --- -# Sync browser settings +# Sync browser settings > [!NOTE] > You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). -By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. +By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. ## Relevant policies @@ -38,7 +38,7 @@ You can find the Microsoft Edge Group Policy settings in the following location To verify the settings: 1. In the upper-right corner of Microsoft Edge, click **More** \(**...**\). 2. Click **Settings**. -3. Under Account, see if the setting is toggled on or off.

![Verify configuration](../images/sync-settings.PNG) +3. Under Account, see if the setting is toggled on or off.

![Verify configuration](../images/sync-settings.png) ## Do not sync browser settings diff --git a/browsers/edge/images/allow-smart-screen-validation.PNG b/browsers/edge/images/allow-smart-screen-validation.png similarity index 100% rename from browsers/edge/images/allow-smart-screen-validation.PNG rename to browsers/edge/images/allow-smart-screen-validation.png diff --git a/browsers/edge/images/sync-settings.PNG b/browsers/edge/images/sync-settings.png similarity index 100% rename from browsers/edge/images/sync-settings.PNG rename to browsers/edge/images/sync-settings.png diff --git a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md index c17f639024..375951a25c 100644 --- a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md +++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md @@ -2,7 +2,7 @@ author: eavena ms.author: eravena ms.date: 10/02/2018 -ms.reviewer: +ms.reviewer: audience: itpro manager: dansimp ms.prod: edge @@ -25,9 +25,9 @@ ms.topic: include --- -To verify Windows Defender SmartScreen is turned off (disabled): +To verify Windows Defender SmartScreen is turned off (disabled): 1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**. -2. Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.

![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.PNG) +2. Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.

![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.png) ### ADMX info and settings @@ -40,7 +40,7 @@ To verify Windows Defender SmartScreen is turned off (disabled): #### MDM settings - **MDM name:** Browser/[AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) - **Supported devices:** Desktop and Mobile -- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen - **Data type:** Integer #### Registry settings diff --git a/windows/configuration/images/configmgr-assets.PNG b/windows/configuration/images/configmgr-assets.PNG deleted file mode 100644 index 2cc50f57583ea09b84461c323fb12beaed610afa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 133738 zcmY(q1yCGK*fol4u*JjTi@O8}?ksM>g0pC_1%d?@S==qS6C?=)hXBE4fuI3iSll55 zcZZ*^{`=LvcdDjlx~Hb9tK~UQpL04!M@xkO?=>C@3JQTLSWyoJ1p|nJg8CT;>!l_` zR)F&5f$F8FB9Br%4%~YwU^vKW%AugtCE-6Rr?+8thC*Q|(MftN#0t zt@_@H|u^>p^(9Uj|{=ivsI@jcHIka zjJb>(+z1S7c0Fikt4)(G_eHEX+jx+*ZVd%Brawvc=iK#NlD+V0fXRVrymlgZB0pBE zR3a82=DxKFC`e_Z+TSkyZA~<_J_)jk`?J5_Ods5pA0P;PXi?AS>hlsV!)Gk{F7x?e zxHp=UtoP&?9FQAi`if}HW8hq-^p4}*#Epd;PVGuxnN*K<>b63 zvV^`fGAb(nj+Xx4HhU$9LPVaCfniB?J)vg0reoCyS(pLszwaL=bJTKCN z>Rt3TJLvuk9sL#UF;c zYB{?yB67gBXN<46UBu0L!$SJiYchaWNx9racJ(QlrQf@mkHy*kIok9;?seE;-+p|Z z`f_Cy=tgX*u=!7f^^=16kA6KJQ?9zII;*KXoUzK9v?qM|k(qaK=5kFp<^~+n>cOvR zUN^ZUY#AAy(y8Zd4PDKR=t+n<=npq)Jd zlwqOT-x2UD9!Gzti5TAt$8?zbq7Y8C`|r-&{x9Yh542Xl2TiCP``X5v8EzNozd>$! zE)%+PcH2dgeH0iyg#1QiHv}X*ap?QgH^WWDXVt)!*8Lz<@(R zaeT*LwbAy{5Ixc#a%9h4pRtEJ{PpkpzPwbeSceI`PSNoP`$<$YgoM@!O5cTCZA=pPZjn<77b1$tm?Xl$cGskG zp{|-qaTU@HZFUN`iC(t#fM1Y%i!rYsq*HTYq0P}s>-X?AmtDv1#zlu{nSYCfG>AcF z6o;-DZQlbTxN}f=pdr&%1Ct65pB`^^$`? z2lJ=|g$Sq3uOXduXnBtxl^WF-ibE~~y6gX%amNi0oFUtfl8-%hsQFzZ0xM`R&Yb$X zb*0&taUHUy87AG#aQ=pEd2{gv(E>DrWmG=yC(-Kv466Pd>|lhTv@!@Rj=-PbT4f!sv7PTvcHXOsc|AjMEX?^VOv`90Kf1^6^5^#1=YThK-l~&1* zm`>hdwI5-=XB&=0nl0m3iO4X!JkPN%T3HgJIow_jvlu%hzhm;JKyzZ;gTZI^xZn$K z+0}@MI65GYBq}Dy;KM|MXTWDua6|2>P%kO4t;bwZjI0F@U#dq*<1hY_VkCo$+Q0z; zM;1#~DFui+Z)?M80%VwCsWCS>Y_m=B*e z|4}13qg7rNm3n*G>Q3Gs$){4$k3+H0+Dgohn-T4bJUaiefy*Y&6<=^8sG(!H$Daf@twt0~{^%MyupI#vi$_;BlnrRi<4Y>@Pt_3DX2_puV7YYdMh$=39U!4$K zNIotiOd&5u?M$c1-3XH?VabPGrPTp0qG2E8(x!ItTfPg^Ocfv)_BD1(zJ7iRO zR&*mSV4fc3y?fRe)Fhf$CKT{-<{E-5<=$0Ie#ioF8Ue^RJ5hJtiv zCBhE^;C+nUq`*5IN`YcNC^Bv+ ze0;JsPlcmw74ZkUFLC<=79B`(9MmL0@R#r{ zwWH;ESXB#i(J35CY6teNb>RKf6OC{OLo2V6q6282LTx5%tU_8nnoOYn%5uOWmKXttlWHr)f8yIVln>fm@YE ze3o;ohBTR=Ae@=ASTl@tYJ?!-5b!OnjWJ_>Wdu=ykmhmBXX|z_;6M6Q-$nP!O6-<& z0jDSeQ!)OcnqsGpo{NO7>EwBo)^uskI`WMMfng>b$y5x1ByVA506Hm~l#Jpef+UKE zj(x9bm}SC$B5#v}tQZaTeyDB7tM|)7>P3;Dh>1`0W+Q0`4{tc!+cCF})nnVYrpNwv ze6}SmB=rFAkKMw~I~pJ9!7|3uc9l;P7@%$q=FsvQxn!SvG;)5&Oo$u;b&=qPZTDiB zL!6(kiW0Z%Zk{Op2Hbp;dM>g0nf6md_umbgdz%CfH`YgJ{Y z01Cs-tW(nq|r zKR1PA!k5xz>Z^UOMsj$Y219W}B$B4p>BNcG*A&VS~?yt>Gq0$7MiwDn}xgOET*hFYf5|f(e9J4A6z)NN+a{uO|Q_mEI8Lw>m3*>QpTu?NlnPYkSX+95m zt2Qtd5TjKQKW~(^8&vB~7DY3M+YaK@C8bLb)YG0yM7mB>F0x(9SmJatNG1_a@v4+J z(6jPU=_wPF$Qqd;Wk|WmoiI{t_{4vaC~TPWOV^<|wH`)SB@1o{!K}FROX9tG{qYcK z0u-yIKlo9TE)*8M8(qWm*yS2S>g>8UaZbY~snWsmgz%P)I}|{iIEm?OY?hvk&*w%+ zfNo_h4jBzQ8P%Uqr_nF9-OlCi<4yfhCmSM|=eT%O9=EP|J2iY&O15rnk-sUaVty~x zKB}P@9U@~+rzzI^r^oy127ytVN%yaVt_Qm|4pY)DDScS%LCW%4;P_qFm58^wg73ha z0-t4R^hQK7RBWB37OYGo&9K4Epa1jHU)7SJGB(6Sjaut&bBQWJ8@>x!r{8dpxqo|i zxnFU!P81w|Ul_zZROnXZdbbAlN`tsfeT{WRGK-*|vZ6G*{M6e|{&?eJ?MsEdTa4O|#{1q0zU;r{@-&xfM_P zaq(+;jT^s)RF&pUyv5m`1=hwY^<@-mpYCK!KmZ%-xMkcqZ`-R~OCKrwnuNJ5A;V>> zMQe#qD+<(`zfQvx(`=7pjIf;Z3jNkK_ZiI=L@+XTK}-{!cZ5OD_cDKPJYxyvYKKJ^ z_hZ5(V1jlUrsH?jw~f}B0#`5Lynxm&>4Rgi|0`%okZ@7zgi{~iKxPw|8A zg7QGU2yC`*gh;zK*Raww`M%Fexu@NveE(p(Z_d$NV>HR_Z3BtNeH!C|1jQn***>pk zB8d-lr!zN>D+)#x5ip!>{5`xY-_u^_es0OL=D*0#_$*VOctwyZOtM$1 z1q$6%RJwf}P>yVSYP$U7#>uNZ|M9?|ca2gG=4jQw4ucZbD;9k|Q;Ln@KUhE<@uj#DA% z$a0d+)psz<*2tF0dbP^0!PJ|3r$+(naWxn6-cC&%pO%?IF<+LWfCrZN!VbMVR@=<2 z<*NY({z|!+_Qpa(ctmd6>6%c@W?kmWA0O}8&}2J>>U2l!p;m=gMIlyJ6&@U6z17Y< zu75cPonx^JU9@^Gf69dHV~_#FAaaXMJznT{jjj&VJ43sVC0y0hPpiJR)<%qYcUZQxTi-Sgu!IoB#0u9Sycms`hK$@-j0$J)*P}bpP-CIak7$ z*U&wAB7G@ywwX}k^87jA;dGEl6H0ZnF4F$^hp=71hh_yxA329`={Z-J+ng`nKk1Do z@bjNxeN{-8kRk*T@XUx1@Y*m!xF&H$Qc8aYBk z$Ha`q1a)Un$kMR?iDjuw`=_c;k}ix-fJd%MJ+?hmLCuSSSpn|lco8EufPU_XGUq^ zG5LZVK?vn{{GhkdOT#Hl=rK37s&UZWFm3Cb&)VrAq19xq0vdr58r*bYwiLmwp%A+n z%F~``!iyM~jWm7R@u$B|FoyDE8=UUi;kc89HC#^c*P07CIy(O`NH^tXVSYvUaI!Ee zW~g>^sWVOB5bNH%^`3R+eG-Iag}J`+{W`}~C^Sm#y24PTvb zXBG>k^B89jeHd@u6YH~6Co|>vH(!Wn- zEoonaEVhm4x7%uD;S{Ttx>UDX5P>#p7W!L`!9d`xSEv=1Img`0yZ;(A5B%Su_I&o( znT}*$O%6`nH6W2lXQ-zK)wVkz24zh}vg|i(4<@nhC1HCak{2^0;v!C_xQ&g&_1xE| zZN_84|H^(g($fCC_^+8Xq||w}tiUV&B&V}O1|o12{D7&E^Ak-sn*~Yy(@2%)xTp8O z#X3KAfLrGyomtQ&fjB;oO$7^ge2y^vbf!zg1G&xh#lC_!x4vw^-F9e>a*6W>b;zc4 zYiQ6P%R9vVb1zNUX_U+Z$#G(KY;-)+W7(&L)E`uW*5yIh^}!e;)08iWkdIo=v&)*a z>K^Ka3UOFyJ@~#~=cy8jSPdllZvK`nM#QOcP{d#Owqtv*=H3UUfSAXQ6*`VDD1j7q zCeP4#gkWTBBad^BgD}o#6|MDqgCuXZ)LSmc?}>8_s;{{|W+<>zR}lS+TK2tEx*NU! zqVjDptNyut*UL!d{S~OtJ1=|{x5;kK7Y?(2B(mrG&*O4E&+Z@dB9ap$&!4-m4Xd0k zslD8_Lo`19#`>%&{!ny8?0yg9ag*=1y+$b0eUK&7@(U!5NpQ1;C0~eKtuEWv6zA=* zw?+n$X&T{Qsn+#G?2qLNSzA0SsU>q&!BcwSDx zTepC%R?(9!u47IQww}2%{P4V7XXjS;T3qal2m;yk|ySu4yF{S5e|GJO&7xQ3e2&59 zr}pVX$okFhf1(h(ezzvo!o7;hp*4(=3z8mqZ_gU97#SH^U^Q4)^ z$LODaL;_9S$2~o6vpQAGs0C%2*tj_J5jssBV=>#F_1hk2fs-#_Nohx^l~2Jm%46|} zaDR_1ei;(TE{jcnJbU~zh@75VYcNV(=;Tj*epY)RrC~UIH>rCt=hiAI@KbnP)+A*( z-mBuQPH9s8IXfG~U4B*rBW)iOS6yo@)*{}A2n_v?j>I;1?vd!xM~yDEjClOoo*1%Fqqz9N`HFb^CW(u>OI%BE)V z!5?1_#1}GUk8ekzhj}{SEk9F9Y-*U)|3PL0HWtk+VAvxE7L34ST#ngrE+M{dJR`K7 zMgNvgyQUF?QSw#a*2F@r)LF$L{7lWtR-U znh7UFv*fsOazOVy%~WAaDn);^j6{89owoxnljnC9tg%@@>ce}GYL_7ALbAznjFh+R zCp(%{qzw9AO-XyJ5kIRI$VjI)#qal92g!bl;YZKWkhLZf>iDnS&JDJ3r$x^X#LC5r zHi}{cQ9lOqto0+Zfa*}=Mi2TOcMZhZSY69@fr`ia8(*8@SzDIsK>jraR$S^~oC#G8 z@QG@CD~7_zJkcSDR88d7ZL+hpaoWM^{a>#v{!M*YmT0N=$fCCJWkl}5A zcYa%>nH$bX9DX`*k?+LqOgFlRe<%*Kdky2i)Qq1Ofk5bP^6h3s@9CUizX%-KHR3g2 zkG!sT?k8*(2zC`Npy8K~_yx0lVD&4!)%{=Ymn3e7Zf6#b z2k-wVc=Dt_td7-geNX%qJ@>rB*;?yZ{^2Sc@Ie~GLY zgsomLg5oDYwxHQ_BbR|M6P@L!)^rf_>Dt_x%cuImE=Ek$*ZOP zf21S)T2Y*0e_s)urq^xURG6n40t^wx$6?Fb=hRlOGozAJUVS@Gcp`}|C?n&;nk z%!CCwbrYNUA8H!YbeQ7SQ%i7H*v_+#BCwlyTu;PhOKJVXce2~i^bw8Diiz9SPOr6h zHPEi&m@Y=#2?m5}+J9{HB5q)uf~WUP_S)HZhmGo4LAfm_3$hMXV3Vr}+#vd{iydN? zt+?5vN$0~#SRpxMbC!e4+e|-VP%Bw2d!mL(ts2ZBhXb;qG#LyCXkt`3OuG5zQ37i< zLUeNUeZ1?Ij*KM;Cjsubf~QQ#)HX)h~8GqUUd{%N&sgS62Fl*GXaT1Nk4y_E-`i5ALqU?fO^bmP#~vI_zrT%=4=p{ z-3H~csplkV8jQNFWIp}tM2>tYVF91jXm% zCz1$F3;5azMviIqf4v>1`o)jADWlqVUsyhZuE2W~WS#N<&+M&n34fKkVC}eo`=Y;c zx^UHrypCu8+INIybzUv$!czC6y6+CXOg@n-!ciZ3Qu(#k9DL3?Y{~VUeCUMMd@!nv z47!Cg$x)^bOHsGHgO9v!X%7`50;q{C7U@QWePpctCU2D%UiDGIf8x<-smZ3 z5(hL*u69(8Way|O`L=PqbKzoZ*jyx!VBMc`t0(q~1yJji%T6(W=S+FW0{i}j=>dEq^aHh_ugz)Us6%sl~k zO(kQaQXByd#UsT2Cm`HOO%I~5Qg^~H!Q*Ngi$>oDS3CEW+Y~k$B?ylT&+qolN+Pm^ z)IN}mZ8Mf#36h@LY1)YBl`g{)WE+vuX)Ubahx!j8S+MP)l#Av64u`&OX++tF_LsNg z?~xP4zOsa%u=0?RF~mOPM~`z1tlasKQ&B145i92vtr2IlopOHt^FVdSy{qhpOksYU zH!UeiBB86IdS8N$89fFd!XrE$mO%sUw|%yTRY@mXc#MQ)wfV(K%W|m3&WHU+@{2#{ ziqi~s-OzG;D`!kvoRU}f9_unSuSy$u z7dQK^K5L6&XRs5Czk#WzUb!zdYBvV=$FLQK3Qe@4Y*M=D6@r6Q7i1ocAG(&$3W;t( zhoDon#JA3}<0j)b$7Y^#&te1xrC|+}V)q+om2Q)rS%MmyVgF{df3B6N|9Y^^vkY*+ zI10G9m6f56!`!!NOyn30=)-m)tqf&mTTiXrUU&apfqEL+01<15=z{aD7DNWn`5R)A zNjsj+%?@s(4v$vz`#cBzHpvq6is3!>xKlUt*}lB19k~0~CFw%5nkRz9e!3f#gl|TM zM-VyL--#yW)sNq#xHxMlU__nsb(+yf6P)S**o<4G36mrrIjdXO4LfAWfH%nChCS%-|L3g*& zKT&DHnuc3}afJ9!2r-kiAO%9EH<~OSwZd)njyBpZ{sDsQrokMAsFd{>U7@W*bTpP@qbeer=+}u5n zwj*@5N&l>PETP(kr|GHv4jSErk*7PIf%U*j6`Ub-SX;w75m@1*L0h8mbxl@pVjdp@ z6B`dohAm@39w~9;uQQ4uxiU0kuyRI%+qfAGg3_=1oTGH-2%qUpmR@+Bx@<^B9_8@f#DX zid!KSjvPH8U>VyW9l+h)jXzAxZ<2@f2)fK|k+kzgLK`}>F;9A`$_$^kytI2lAGh8p zS>X|aj>#zV;0gzHjB%;T0WK4PL8D>}Hzpqu&`G3|TpYwbg=oRx=BP_z{EN%<> zZ`XMZoJgbd>|!3FFOkhR$2ndP`eNJlm5SN?)!VYY~8A<7;RtO(jejW4=QrP38-dXz@Ken_U9*8wb7n1?T(UX3LWpQ`H8D2S z6Z{JNfiz*X`~B#70WngFll_NVUuxEzycha~Z9PAQ-nx)@b$OfTy>v&t!pH$nWlzoX zi9_Id%jTcs{Z+*-_aMs3&FK_wSJs=?C#p8$TH?3zAj3Jv;&$bSD!_&ri)|~OHT8Yj z@v2<>%}SFsQ^oT+r9b0uv{+Q@SY;Q|-gcf$j9*$xv0yw=G zn_z0Dkq;z%0vbHd{k$=KjoP9cS8SFl<^7HhcKB1@G1AAt=eShvJ>$Pw4>+6;vC6vy z9N$gK&|xVIYRT&v)-83tC#Ui8z*6#-(Bm>Sur2y3Tii1WkKTxV@H>MpC51G1X_++i2Ve%jQ-h zqr>yXJA9wcezY8an>*d9B|7Qla_7w6LKg_$t00!O>3GAT;vkaja>|(Kk5N%|-cz6- zc8fABokmtaT9SY(ZjeR9ub>=UN|d>S8tck!+)Ch;;id?b{i~{leoY)(dg&ofWP@ZM^cqPP76&cPu&m(HM!Ko@A@$;d@&Q>>w>L z#qIpo&AL?4TKCQJ$GJXE*<`3kyLhJmi^ZWz#YQFg(n2+F-e^S|5e}!>9QRO2)u@+a zQVgCK4I+9)Cn^Q4K}H#vk~R`P784|rAW~Mzb0I$eF1!_nZp>{qMzcmu$cvxSfP%AH zdPB{(^TN^`x@4w{qz!0WalHsQ`QpX-__lI8o4rYxP$X)PTq2PE&L4p08jf=1yi(8e zA?kFkX^-o%^sg*jOWr-YLm$dtnsMWp_@*-SI(+WovJmobR^muM7c_bigORO{;`gp_ z%S(YIs&Fo3Z7pxz3ZJ&>OK&IvIbF1|a}4=o$)uX;febF64Bx1bok^1PWbl=V11k6c z=T05fX=;gF?Q6nwyy!8l%4R)PqxDWop?9JYAQ+Fioygur z_f_m7*MvLJ^2}V#6bMl^vocXY-nzd|IuPw*W}C45=3Nog{(g{I=9hh-S7cu*fvz~> z7WQ=`HrX*XAW`&x@X>*HF)@XHO#j#EeIO@8uJI(@q0G|-{v9)FO{=Q#pd@5;f-=*{ zGk#AhB{+ckeE8h(A8b8q*7@|ZaawC|ucEN{su@H(`II}6pNLP*Wp+lwDGnvVP9(zP z%hT*;5z8}w>)XU4X6&B8Zdmf-Jy?}UlDx-Sp_MR?krw>~3f+xN$vf=MCLjZ$sdL7! zC4)B2#^361=m*?lIw-m%3lMkJ0BYKW05W&O+6K_*rOoMiY={GQPYFRC7-<=iLOl{F?Gq$12hnlUq1m}ELcnWz1%;bcrP-y zTkE~GD`b5EycF~d@ssQPndbGqPWnRyZ(+-Ab(ChT~qDspL?sF|gL=+Hniv*@%V8`OF-mhF=1bk!5 z^BR9!?X7TXf`MH)5miwb^!~aCXAJWC+?Z8(f*^`TO!DE*bLsLoXI{YmJ8t6+qMD?b zz7UU7<3=BPH~%0Z*0CgIMLphBAM*9-gls=24JrgLxQ8wG+8^H6v&O`Ffmw{Ezz(+; z8@fChdXd8Pes#2j5S)NjR7(a-G_HOWXyb7oqNXD->vB$7w?j6DO>MPn^0-1 zQ66d`_Sx$j|L)VDjNy>UR9pq9+i-|a4&rTyCjTXww8MA%fN6Pf>YYYL*XzAGZ11vc z6rq%oE%rF&T=!<~cO3irBGYS<{Ke?vm>_asb2`2%-wzTAgREatxVx)?LbJP{ndOK4 zW0%5)mc;wh6|Oa+Ki>n)brO(yY9O_$*7mL2YgU`dn|W}07RYFZS!pBn{Q{H6htGUZ z|FxXQ7}ZYf4${T=+OupfhX~i@GJ4oP2vwF<;n#zLu=Y0Yue+Yn559j;_7+NR>v}a0 zNNV(qF|gzEnf3XX(g0+a2W8GMeB4wW4_woT@+hq8KRn}?)9vN1Tq{q_TkZ}VPsHKk z#>XK9nc({v>vyX1gW2gn9q}v+pM5^B?rm&UfAu}qsx_r0$w!12sIzsUaiuWq*U~g&)qO(boe!cYJbCpQ`hvY*20)z#g=4t#uha!g-(%GZn5K&*xJ%Fg!D3) zKUeK|2pIg|D5eqBD)Sd7DMO2hJvV8I_B@I4n8~P+GR$I7pFS0Q(Y44$`WeffTa-a; z$zB}Ez$`oNyHr4mTF>QHMlP~E_MBQe`XEj2+mMN<+(_@OMdH^J>It6~Vh^QB25D86nNUG!cq7h(DITCpeU^gla><~6G!q2u-X z1OahnFh$;V;b8;)PNti*Rf8)Yx=Y%1KGF7p5H9l|;BYcY$=Sz|nw0cz_*0|xKOqVb zC7Ez!LVkR@>Bf(Ve%Dzs$fzI4$*vtd^OtBO?Q3!iv2$PAn*>E`Z{rdGF7w~oLQu<# zDQB%apjY!>W0#=FsNat9ng%AoIAdBIAe3qVaE;}Oub|eyn0RP&2A_X-&G74P@r*xx zN|6+djAWnkP2~y_P3w)rTRM){9;13+OV)-06m^i&N=(iFOw0k0?T;g~n6T>@5C?oVTvJ>(7r(v7J{S!+vS4lo%kP!JK67p=Vu8+;3 zA-iM*W4q}Bxa2Ra8XlP-D^lcf{m+Y6s_;=r9w&k&p>pPr;8gI7PCCIbGHFzhi_E?s z8&gTw=z25C^aJ0JD}{yXTt_ZuE}rsSRp;$UKaN1-2(uDaB2N(8G*(x`4QyO|Cn(pB z{b5OL-xK&Xq?S`J6H5oQCS}_$me$Q7Ry*ImbS&(}8*GXNdh+>e zTE3-;y1ht(X%aKF%N1naj7Z4%lD&Ev0fFCk zQMashi0er}Oy^lnoxr^|KO&w|Y1Y}jU327gm3QIGL_7y)}GLT_!45xidP(D_;nR zLB^wZL(P%y(30Kq42?QC?7_gR(7wZV_Otbr&|!=7qor()5hz;B1S?9h4)XbXarfXf`izS=d}VSUHjcQ z*o@_}neABRy&Hj^SEaz+m$#hq+$&^pZ%C-cDGJhpciB_>hrReP6R`&hdj4+?yG670tv)&QYWWaJnQ&%b(u)Sr$= z*Q6cF@Vvjpmk{M8%iWWQU#rdkDhwjI3{@I`0zcosDtu+lw-P!9~6|PY`1~tdo!2jBD8{ zA;6Wt+4S0?Un}7R;rvM=(HnaNGT}c&^Zrvbv(6pG4u0$n@#6X#GrdSZix=&ws^ zipL!CsW+**f8cD`iM?yr4os#tbro%>5?nbc@0nof_o9!REG;Te#UtsR4)-~=6GlTz3eMzilGqAjLKP57XF#%53tis5FyYv^6!e6*-4kAT0%Uqr^mo=lhoZmwX{P?> zk(1zEWrN^W{;_!RM6in0ixC_`GL6471FxU(G+)dqQ0Vx}F$b)L^{`sTJ2TdvC}sfD zIev9EYPU3$<5kUG*h`v9RPad&lNg|s`ayw0M7eCgua5CDUZRIZj8hM%M*yRM=%!s8 z1jK;t!q@}^^o!nPSUZVJ8%J(Mby0|ChEs(`^~VQ@oy>VRYd)*)An8*hT~B8Z0Fbo) zSf5*l5o~J(A9gV@2fW%Om$cKeuJ{_pNlr1GZ#zgESgdQF(+i)>#hnuRvW-k@o~aJG zo_$+p5j;k2qbT1S<*^{#OB6#gNciaR`d-3!ey5wv4nAGHC$lM6(t~YvSF;fb+>1(! zPixO^)8e;KhOWWb7}ty$=WV;@gU8<)1Dn+cMPpK5%s5g4LckmUDNRny2fI8-)^(1L zL7-~g?8vmrIImSaJ3})6d8X-#Oe%LGjga&nr78g?cB*PB1v6nvGJisUE_{YB=yb&G zQK*4c%uw}Uw<><}%AXH6k>Gq@_>eS@1n?nl?Ny{Gb`s%|P$F|`06cg3+obSsMll?J zwsrf!kJ_IrczQxt6F|Rr&in6OGCoXFUzUD*7M>eb@9tWdAgh7_%L{d;Wri76gsk z{lgA$(S7NnCJNQnYoD!!%D8b*&dkJa`?~|I~?e)GM8_3Q~=z-g1`?(Gg zVoubwJ9AjTd^tD+FC9;RGD?2n<8Ad9Jc9Y)V#O1l|1UbpV@B#|;FAEA6%Cj*hSslA zSr6FVdjIN@o^~8x^i{+-fw{jUt{%_qj3-M2n7Ik!6ke!D>_H#|hP(Y=qs?Ndq~ytx zb5{Gu{N!=0##=^z%R$lmN8;x{$M?o{_7brRp;BdUTF%!UPW$Mes8&<%_`1$sANik= z1J9SA*|xh9;;LH-_U_}>ot+fBHV2+WlQJ(h>m+`X1>nQjf4D1kz04E$2if2B_XMwK zB}l?l5)@LB7gIT9Z@AAmA6j;c9qRn%Uq^EdeRovKsG$uA%>U|KX8EXtT+6HjMx>3m zprEV7|7k3I-bykSbLP2H&u5VUKznZ~8NZd_>Y7AQiH*LuhaUWVCY@WlFMaw=Z}KkY zW(%w-v*SFtCt&epeK1$!yf8hJzEAQ(ZDS@xk308HDw;ys&zZ|x-cMEX2Lv!xw_Mq~ z41Mcv8%0w*xMnm692%+|^!8l}3mPDBqnb-EbJfIM9YqXM>zCQcW{>VaG5aB}?aOMwV-%%j1c;}`$uG`xaWzk^5 zOn;RRM;|#Eiqd`Bc%kN_Gg7SwYj#K3IA*b({gInB+j#{OELefjJAK0RNO??b_^z2= zPn3f+e;TpaHB_gUx8L)uq`HjgPQ6sJkw#uEt7#)JprQ`UL5L=`66NpczZBZUnFef z@H#NIu60a~$wmNcrJ6P2{pJ@5YqEu^%IrEiP%G+K_Pljjc)#W1O-Kz$`EKN1?gAtR zmCO=6sK|D*4jQvty2$iw4OVY<`2Gws2s9?hS+5n;fCczoynC_d&{bdeYeM;LVqb8B zs%!$aXT8mIMpSwW5Kj>N$LnZw?M2!czq<=8TsGGc?l`!}W5qCYMOUp`IOE$}m z3c9O+D=bM@KI>(6X{9x0)%6J{zPaICNSF=!Fwf#vN7>rYy;}Y6`f%QgWWQ6d;m$0} z4wFRJ6N&DZDD%Gm%Kur+-ZA$&&Gqd|O04kkU%@SgLo5H-%f|(~@~~X#*C$VA9!i68(V%`S38tn!IYa18TrffHD(e8}9)~Gqseq)@_3J@Q^)^Q49~`4M;ww z0vIErn_qS(6BzsAnAm^-p`gE9U2NW;x;7ie?+1cBIWQMDt_AN0?bI$39%a6+O%75M zVz{0boCyt2bOO{7CjY1ljVIoYgau_IU)qPr6#|Y{(F05o^Gl=viy*>_f=C>~9U)R; zAgG$G9E`X%v3fhZ?YF*y!)aBOG~=AHE-hEp*Y*PNQiAZlRG#4@co@+C_@)(dtJ4#@ znRR#;^hacnFUg()t&15vYm#xDz8UX&CXtLG?b<~QANnYHzv2Ay&&5lB*k7Rz5_YlO zxa6Fti6gFEcj$0BXf~(SpT^4!ZV8st{kYmVC)2*L+J^f9{1!# z+*Sj<#wN^4W9%AbIQZ*dD-3KzqUq9AZ$zzS@`ukB#Aq&0Eo`ZT!6TlhUQ<;^T=KI{?>q!2M+p zM8IZ)+uY4#5tg*~gxjbR$|y1dU0vTZ z^7=~r<+Kdd|DKkC*9_#<^O8=_IsCo++ww`#$d{p{QE9cgR_Z57!&Z-J%)g&qQKhNk z<`gGR#%NDIR}o;IEx~ZDK+rRI*?V;pscR9NdlW=QDq|6O@lTm0*TY~bvzRc~M$hB- zfDr>@4N4dyIDGNgA9x@4&!d~Q?pFSvd#7n9DAQfh$sn%CWZ{vJ^E<-{v$PYN)^RZE znL4M(LMx?B|9x6=x>0=n0@j7Zj#xbKSz7J;`v@y^r6ySqW@s;m1Jj!~1Ow>=NXyyy zM*~`siC{OL8O(C8d8vwVdxG4 z>5x!bQb1tnPNjvRTT(jS@j2%_@!|b8Ke(>_Veh;4z3;WweNR(kC3#(6j+lPJo_R6E zrL!iM&uZXw^&aK%-L{x&`RUsB!Et|(PG@z!lJAEf8%K=C8{-3(-ELN7c^^XBBjX>i z+az8<&UxM!!!Klfj#};Nn(#)b@@Z= zQJvE}_l%m=gzl__e{jDnq0L(@QV}!z<;QGwEC;WWwR!+EOb$8Sj7hs9w}$(*+n+nq zYJcCPc$Mb6i`H|kRB>`Q!>44ghF3af4h=Z|PL%!n<-=pc%oYlVR)#)E$lF@W@&hj6 z(#Sq>_S_d}Pvw|dCU?F{^=meg=Lj@F^qALiN8))+07I=IlxX214E@j9NcCh1arShO z`tHr-5H)^8mnSE~46^WA&=A=Vi%v1}k7A|X3B#fPgp*>XO~Rr!SVCGJQQ>6k_@wtw^TK9OQc8Za70kBT)ilX)b z(F4M%UrfSMz6`IkvBF0YeVulpUrr1REZ;=q#VL*<5SenYa?I$&tao3&gG%dR7p`vq zDFOhlTeUW1qM7J7)rj{*<@Dv@un}c;0E8mybV;nfiGvp+M4Kb!jtHe(%|+&UWD zG35~?i|_6gw!}~osdk-%BIEBuc)%c*=VkJ%JRj2t0fsp2H302s&9{rNZtNvGar+eM z+B1|aSSr!Vy>RX+J~m+jHQ`|*WBjjl!$E~g#&m9nUSerkpiKkB_MI`#{z%3(g<;ZUgKdb6ew`Zc zGPWBp8bt|{6h~q9ql2Zz@a2N&qx{4I7RcqLzT8tOK7~1*4aYD5 zbV+Igy?KdSsKIHxq``?!I{_d9N6cR_z~%Z0MahM2XJoHce+f|b-qU8irk-%2T8x&-6p$att;9lP&9=K3~#W~%;V=Z61 z&i&z($hn&Ff++b8=r^k`=*<3BX5ibneM{HZVxStX-c}|nT%=oW7e6vD-LN)~gvoF0 zm<-oFN3UzlLabWttJtjHs+I+lw;F~L3-U=(25YGYZUm{t;7pKPk+_VN$LaL)qaXDX z4HnEr<-~}XWFbeUv$wE%K9@*@Cw&YtxBHpDwmEvA*ki!x1kr{AI##{mPJssJ;juk( zSWn_SuBEGk)INlS%v_Kc%*y@`vZSe%#E2BDIHV?wD8O^tW=&|#u~jLZX9{h)awtGB z>;TwVM=e9|o`tB1dK<#!N5JWZs)txuJfF*T<)2QGuTs9N#eTp4z;BON6g;h3elT(@ zEpn~R5KO(J2d{wZySR&6&RWf1;dgRA@k)J?M_bjD>z;W2QoBw$&w%5VERjnN)H+BN> z(t9_;_Lk}-G^87ro}W%+mm!ifO#J@yLZ$5iC&*djfBlPB1A;K;EOLf1h%&yMzfFKD z=MHxkm(wMO2gjMWkUn%gOhx?Rv#Y|Puga972o*?x^?Vu#O2pv zXOr<1t}hK>cLd_@>S2g#tomofmM12-UU3B0NteTezV6tI#OKD3L}ooE>uF( zhDKBQsuu}wuzXQ0{R7Zrg6OViqH~mkXoF7-w68vxK0Bv3{pt(s-kA27Qlc!bY-$9m zJKy8}o|A=#u7{D(X-glu37$6##Fy_04z@J67KmF1--C2gh-Cf+(qx9l;5|I-nU*v~$m!g3~M z9ye_{C@d2QJS$UgQ6s%sR2_$8wn^(LVeX{hr1*C1twA-aCl@F{k=r)8O)U~KHQ(;T zV9)@CB-NSbIs?itHOemw%H?boZBL!%waHO4l^MIzrmQ%&Y@q8<|A6qDtz3aMd;(nj zI4mVHa@vUC0(6s%fcb1Q@eEDP7cF{6lOY}9@9UWLb`G%?*TrzEy=GKnghBk!F1eYse6IB05gogXMjgX-Rkwo{s1Pia14Fz=8eQ~$Zl zOxZSgOmv+fI@TW;O)BeeEeyOk4TdPA(W}Pu%L0`l*1(JKBXE$Nw2eJqEuo!lHS+1h z!fRE{*4sdjS_ib8<0QWpclFUjcpV!D^XeV;pZKefL}#=T+NbY#UP{a6UyqdF@?NGO zJBC-&qv-|Olv{vf|N zi2*@7xitoUidTn8uf8A{9!hs**N0Bw&4wouuuri;Y+&>7jkpd^%_Nur=Kbh-efRTw z&3e}u?Td`7m~|*M*>;w6xy5H4rcvhvlv|xMx#XA)v!RMK#yu}wleprTf0j+;_9uTk z-dv?TdinyE5J3osR9NDjMqFMU_wF-+%Zp^YO0lWzGRW zKP&Hgm7DgYB*AphNgTb5PM`we(b=ylvgzPK*w z*z$ol?N}<9{w!yenGc_~B={>`0#1s2f5g!g=EIs_nT~jD^xgNUst+C*`(Cn;S|zNR z4g*JBo9=PDHrh62*t#ER>eU@6@jj34^3jFM_c`IbLkwPA?u-nn&yH|LS5l?{xUgkl z0_B)*1dM^5;vF0ew)CSH>-gAzs{K{NBe|ZPN|4l<)H7HFj29K0X>~rf6Xz4Js}dSz zizWw;*@#m~kn5j3;vsj*kUm?rTx7v18$9%XVL* zW4cw3OprN**3!+c#Sz7z5#cO+deWFx*&CI|rQ)8DiXX*HqBQ{!%^s;vb?k9}z2QO= zB%$Jp;f_l*fLI?=S#6&S!Y6>?jQ!J5H~{*bQ+s-B^7X^#4RY}9DazHUiB{e!hzr9I zH4$xO9FePT`^WFdcQ}SjDIy9t^?sk{{nZ%`IKPPGre`tHBbmtQTS7Ol&A7ZHdSGG| z7vc=+AhT>`eVFy(4J)==KULcto5zT8=vpMH=s1L7Dr9Qq+GD5`?4mPf^b~RzDPvdL z8(mL@&6|6@^I>kIJ+?-d5sKQCl^L|&;~6Lv(uhmAjD3bgCG?T;bvl!URLEq{+?2){ zF0)HR($O4@bT1I3gtvXp9pBcG2nFvj%?@F^I!Ob``$Hh7A#&@o{X$oD*Q>4G+zh*Jo#-7k|1xCzo`1VI>*|LXQ5o{C-@x?i9pY zdt25~0_{PYaMx{@WXF$9XWJ!kJ>G?_u2%18ja7jU&gxqJBxB?uAp9*+NRF25K}4@% zB!WLcfhI!P*w(HvNt$squt)KglLQmj`@t0ZUJ4OJLYv#blGm)==HXV$&5BBGXFCQ) zJZKNpTcyh9(#>-vok(pcy5YNVui>WPn@4}=bwB^MEAa~^gUKP?)%Oiu!)=vdr?42j z@DAm)xyFslyZkP;5z&HAUrF?$sjm+>917J`eRBhezr5MkGgyUPjB>w(?2(tdIw|?u z2n>HY;D6JNMJ0I3T(_F==5)YhmE+SwVj=Uu8XSvW+5a`&epcw$Tf$AFW+q-czQ^GH z1@_NQN~VX;a_$o=bU_^@IHxkYdjmdKQqkWknrzG!QE&6#u|DU@IvF*nvD;=lNCpLM zvL;AyE+$)Gv|rxeQGtD>nM#QCIw%zH7D@DeM2XpOAYZvsYnjXR2fc-xw&rZ_LSMj+ zD|!m%l{KSMBhmW7HK-)tjP#`mp1?brp8z;&d>MXoLQFTf6kdK}NV7wPWj1pj^=rKO%~ zDqPTBO5M?FY^YvYv|(TfDKB>?lJ~bT{|AE{SxLnZvHawjH#bUj=KW@T<&5z6btUtC zO}Qb{c_($4F(Dd45ViE7W`woLA)^8TIU8a-=wZKNY1x{ZtL>~KyQLY;H3MJHZ$K6? z<`_6S&8|G=_10&!n6X$WxE5I8Tm7+DG7p%yK^s`$-}4(D%c75HPp9AM4=UrGojEb4qJeUgi1ou&Uujw|-X8 zwYH}F?K#%0^U`PLSEw0|g7k|hiD!PK3Np8fedwi9x7`xp;BlGEol;E9(t|KB$ zFq|*fBH7keQw7!Dl23ho2+QVneD6{@Q@~?pUc(%ub(r|MX90hiI~6@Y2+|>v>chcw zn)R4^O{|Qtp|*>BrG=Bx8wtB!uW*}fN~^_b`LRuUC!80kfu|-ag9Ug-RXkw1zeo=g zSobV;u%wS*%L_43W1YD+W9BHVnxyjJBTLc16$Q!Iv*Kf5EpC1<_9G{*=+^fcP0p#8 z#z9v@yFx7hcSrh;Ul$Zu->Q*zPf#CYWE7mtDW=#r*$orNQ649LT~@)cHt3_l%a$`5 z=g)Y@G9xE*?@}21lV7uQf*%k&30L9LU+I`_GXoPM1q9P8=o{e92{s89i^Wf%{!+=~ z+!*$0dR(qbBmoV8hW!P^r5=BPGP;HF5VRME5&m3zOSBtZjm?V0sb8h5=HrMkMLYeQ z0l7nt2#-L1iuUdA0)iZVW7OK?9y+@&`CDr=cnNxf&Ni2eek>oBy&^q?nbgXWVXpSs z-6%Mf`z*uT;qH)cfM8=d5ZB_cY(^$%i#@vKJyRBmDwX>R^Z2$M%?Ndo+ixNz!W8ph zzSHFe-f*#WqCc_uEHO9{RKTg>O)u`uEk^W_6R*69j{FdNbNrAC zp}MI?Lt6sTT!3z%wSWKB?*YpnqRyu;lyK6MMKr0$Ju|;Qmpr*u>o`jpA$sOB`plH| zDoZi%M&|ZZ$4436fimen_0ZrY;wx^44Rl0sR{3~p3m>46=U;r_ll8>Xl>g4Bws&~3 z2Y#qlCr|~*ciCQg{>*SU4g(%}ZnAb<<`bm+7<{{s$^VwTX(-6Ffdzv|`ds{3$c=@o zL-zbjV0Kl2aqXcPr6ud?NL?o1Q$#&qSpQhk-GJ{1C?T#-uIqV_;#<8!(Li4~qm+~s zF&SI%&4^WN`r95#GYC5;XLsYAWkpcOMuLQ)HG|){&~{y%`7hnS10N4)^`{{Y-(y$v zo-@?Cqj~h@#)d1tfQFqX28iWcPUy8A3pUEsl1src<1wch?zqy|I9t@@VL_#Klsgc1S5#D}V6^lt z*0@NoTBCx-2jR9%lOT0RSYXz#5oCb(y{gmQT{1GcjFM((ykY)yV?`zQh-Nr@ z$0$i>^vCt&XH!AZ7sA!Y%eMlKC;SaDW6-Z}K)=P`Z*<%-Yi4(vuC@}BWQ4j09kXG_ z#wj@Ykad&!?pu<66Q)xgo{xPj%a4}opunfTK?#0pejMbklvCCtm2Y2Y9q7?4!Mz#H4An&#Hh1cfAv&TB3V-5x3;lQtmPS9P-Mh2ID=yWH>kjdK zg}9I6L{4Vm@(eKSF*DYnwBR|k&WD4&Gu;#3Vdo_eGZuZcM;ZLn4v5nCWOqe;*mu znIfLSS+2_PD#Rc5=T_}mysGTUa+)xD5|Vz)@*nwrHB=)&T{y|JKdywHhD9KRaI|<| z1jdptRy1LQLdZNOj#~j;-I(NUkC1fNfx`DR<|)zOEM_~0DC)b?pf$aMARC}OwrK`G zEQ{!2QAUCl^535xGekTR^>UOeccd?~4p!ED3Mp&;xvxiL|#zgfNc<{8D~k{Hmai@i3=YKe72`Nn+R{dOW?Q1Z_zZ_n-c zCC&qeMVHr%3|c&;>ta45k6m+3lJpy(yfLarinm?%j;4XkmSg`1LFxSf)%G8G?{_ps zg9Y;U0QBDWSR?bUoE{l<*8SudD7Td!)=MrL<6}PMblWoyG1&c>$MKiH5(pC82}gyJ zm}@?&WH%_StJ@BEHTC)J;bU-&*jayuee&`RTYN4b7CJ9Ywaa!4bp6#M+B|bw}1Se4yj04eeL@r7x_KDJ}~S`9G9&)e6y!ZFJX`) ziCo7Tf#DLO_o1ygG%_-9SZUPBb`_^w0PwOLVhNB?yVhCUNp zBBkn2RD#i14uq!l7{h-Wvp{Drf6G4CK?$wLZpnckCe~`nl1>QKAEQ|%4wV32K8I5S zB)`VJo*`w-bh~-=CssqL{*?eB;XNN|o#=hs=8W4NfGxFD24nOPeH}SE4>v`-6 zH(Qr@iDB4n11OjOI}OxfV0A=8RYdWDB8Ofiv?A^+mF`6lb9p#2@@qQg0sr2K{+#-Q zH_oQ64`fz)E--NXPJe0n`F4p*KHSo@3wvX%r+C5;w6govOrM6(hSV8*L)suzrX_7ak|ExgNN_AqIlU@x+?m9!=cO&=0<%*MEOhctu z{$w^n#BS;Ca%ESti~A4wj;>_xB};=^Y1+QfkYs#xos%JaNRYrJlDw20u6Q4lC33&D zDG0f5?qn0`h`v(RGW;qLGDO31MR$KW!B$w*L``j0$>)KHXT_)bak$5Tr-I6?80OGNEM0EJ zcE!NBXdU?K)8*S7pZ%dX$Jg$`L~ExX2R|QnrPH16hHQVleK8*N`e(~Qa@i#EzX!@6 z22?wXe19wC5N}4GQ-1yxJP<_o&~YjSqBLY;8erSFQ|EZ1!@su{>Bh?@hBq5+3ax!_ zVU0@^d(Wd3AH`ECZ`eWP)y#&-c@$-+?oMp^YTTRAz_^s>b6S=<0gxaauuB+F+p&Pf zt>eBj7C{{07znKQEU;HPDr;LdUZ2oI-Pf*bp4gP*Z~mE(eByiqe4)pDy~N?L*5V#$ z@^Ih(HuxW$)Iio5BZ&2APPwa#(McX;0uwpRM$gHTXJqvAor=3 zY_?Q*V=8+13wz?K`{ZNxr(FL|42dopW_<+^*-ycJqIQSm!sL#f4`cE8=yy@%7jgcd9OU z!ZrJa^0<-9d}|xtlCSye-UP-JkO@kP&fP_rw8jzuz%GB{7+9FNy?dcClUwUbwKRU| zIMV>Ebz=Sz!VCs0VKr(<5S}v2k}jlcNJrZ-tfDyNqx#TEOW54+NU;jA!V#V%+VP?q zoTD{Mqb33h)-YlW42tX@oQ^ZSa$R1x!&bAoMUgQ~sHyJ5RPy$V&wc&Jz00Dk&$I$Z zzsc!lU5G-gsDRr`uE6}<4)kdkU_ZSA1vL?xC9rb=%V5@Q?jk;jZSC#soU{2M1NDX! ze-Tj`|2d`CqrT2pdl-6(d>)yk$ydizTQ4DLSby)RXJ#X-wnOr6TpGcUTrky=q(fF} z!yD=$K_*zV96PE&p^m2(>LDy$&{yI72CtJxk$p4A2}uu>lj=-c=8xkz!J$xN z-)+Jp2lC8tDLlu86zp?v#wE+796I33KGEV!5w=Tz+3GrOM>2=M7g;s*e7$dm)?0v` z6&xJrdl%j_p^b<=FyXL{3X`1lQLq>$)g5HDV1&Nz<73+sEyA1`6PwAsK?(3R|AmMO zuOoBpxd!aVlIiO#Y4Yd`M2v9wjlV-;lY>~fr@Ba~P?Ma=aStyVQDd+p}fsp&`5v+8rN*%)Lg-TQ9}JII>eDW~l_a}!L7G7Ocym-W=Ktr^+eu9^}G z!VCYgB~2h%#@@wT6aU^;_K=tf*%SZ4| z_sHq^{NDVRdd}fbN7KB>VtjHy`oHkJ`4$i`DVX-ZK)o2@E3#+5jYR?ZK59yyo?o5C zr_3$c|Aym-A&i#W$GsNBHqpu9(#Xj=;)7q%HBCF%5yLIWh1HU-mBu~6G*VQ#dcf=4qSz}3 z_J7?VhY4a~(=?yRjqDs=18rlnYul6)0=$yV=b$Y?{_IXzzDBbQ!Zm=qPs<%=n1@wv za;3!Xk13Wf<|5GKlj?DueIgW$wJ|tZn9IshZ&-}jE8LXb)Ea+J=z@+;Yg*xn-CsGc zB|<5H(w_}xMx7pi64#fXzb#Nmz`~8uwU{gavrm(Sp;cbvo?;ivJAkm#^N;^=r9sC~ zrZ^51N3JdR@mJnONkJthk7tKq8|pXm+%3a^=<8%7% zt8K>CA`%vT2OSUL=jdwFPnl58Pd|OEw^q>R_4w+@Jn1bbqoUg1Dbkhq1$YpM_t@Bx zSe2P2px04z_-tIJGgr6cc$8>G@ugo!2`)D?zR{76$revGdl}9oR=WM6@TF~DODDFN z{5ExL&ewNAcgn>LADWzHIKMS1KE63HPqH#C^(e1&l8sGsdb1~M;~}=6y+lsnsg>#6 z%^{n)K=ji#7Mx^Nw2qcx4vA1u*XG3q(j;4%)Ce+AS&c^x@>Kl{qW7izv0IvqzWOei z_wpO{YrhUjp)?A{(*7D-w2V^-J(ggP%~XGoc;6Bdh}4B5&kf7y&6pYbmX|gn@_08F zG8+%NsqJgVua&f_5RRSKu95S7xii9yivpDG>ze`qTzba!;9z zKA&5^kL4r6eu+*$C|30mmI7Li!v19))h?Bn^LRRVpC?mzzDU*1B`zy{FBQRK_Y^$`bur{+h~tJ(I}UrnrYfRo|6z% znb<|5P#WXL?yk$TfsB}9Q#FN};RhpRQDi4Hka3_NYsO8qlXgzK4OWk=V;EOpDc%xN zy0bj_1D3>!m0D7zGYMJ^1oBG+;ZAKpT3=1`(p=rlGs(*|6$xckT>-`>ECD$0s@*f2 zv%7ze!bk*QQCRRxW}($2Ux#4g!BOqwB9buPbuLZF>Yc@EmIvl8Ar z@+^Avjp7_bhM zhvNbxV8HdtdTxCU0mvx+{nf-1C0lN=h;(MNID-g(z91FA*S|_bqT#cAG(j5=@NN$6u3y8BbyrHspUlxzz^So7G+g0 zsial(%^|Vq!04n&PR46;VJ-Fwmq`}lZacl1L93~3y%~gxf)^LfLvCxkd<)l?aQ3;g zc7+63&KzDAb_g&lJ9`SrF|MuZt`LNlMUy=_`GeD!=j+QCtI@b?2mtjP^l5x`=NHM$ zK|@zJdWIv0-7bf3Xrx@6kk=3n?R;1(`IV{iG-&!ak53|)%rd^BQNCvXx!XWqxO3X zsh)JSzrU32$Ucdcej@si##N(j;&mE)PCe!*mwZ_Pp7_vVPn$&L@L|^4q)=zwqHJBq zLxGDkTSAxRv?6`pGXhI*brQ-NtrWY=)!C`gvHU`p>(M#T0s&yisefkZoz!Ba7UzAb zK<7;qiRLpl_(9~nuc7h5Z zNfbVWCs$JhPgZo4*j|j-3vg_eO9DgK3oM#1bmxz*(3t@(TO_Qj%WV_5EbE@D{u5$e zUH7(XCpk_aSVV(?BEK|vA^=JvdW+xWk%r(z-Yc3I)-Ypm-1fdRGRT8%@K8W?0CK8; zb39P=KOtK7;^+Q+Ir69zxpP=y9Q4ElE}qU&okPchF3D@U1*kn!sCORN{OfSNFuK)= z7`JZtTDOwvE?1l>BHe+Q7;uYQMm2@^4#1Dj3AkXivgt+7mdy4d=Q_OConpl1J^+x? zGO1Xt8Bcur#)v3(5=H;M^#`LrIG@o2oAvg4ECC#wf)*dD2vZ2{Nz^U>ha^o|rVVM0 zrc6loq?C6S!G*ojewbk-!U>hp{S~_Wg>civmq};vU0%|kK(XyRab0fo z?>X)YN$=1_{WpPJUuePyXPXOKr{(rm z*`|=8$qs)hdgo&>t;{$N8gG>Et^h8T5LD2)YUmn|Na4QFWe2sCx6-k!+xer_dT-c2 zeE8ia^T09u#k_>bb)M~E-khg=uPZN0KAPVW%yi4?PMEZ z;>z|MiFaZZ7)v_{@(h;kYF4C8x~t6xy5DAjnt}myO@%o?8Qit2pSOBOJ1RawT>GFr z0#g2Q7su1L>N%S)*Jlb>Rp+rN7)f$GVaS+Q|52jeTP&23%8F}inz=s0NklrI&-S0=R> zz|+_g&ml3G`8b}P1a+*`o1{4PFQKrwPbvPiWa9$UCf;NKLd-~6$R`pI=z^TE4x!qG ze8qrYr+(U>j+n3BqCgU1&$LszF?AO*7;^I~O0hraTE}8XLf?ZSLc~l+JN<^5r7Ho7CU}3j>Il~$(C74Yv<6!c+3aWN!Au#8N9-}1&_dBDa zBEu<>)&cdeKFp%*q)8KW99%4gT7@QG@KE+G;#zujG^c_ zWtD3_QJSedH>}$N!T^707jR#ZB&YTC^0GKj6tN%Ap$36n7QXg1E>HC{;t{5rl-XV{ zW8+_2qpkRLx>K>gRvBAOP~%F4-3LGw5+NjHx2U4Y@MtIJw`%ylY74oUZH#ElOgAHe zJl(NCViuUFx~i?WQ+AS#%({AZICe9`w|4T+@=P<~y1xO3q=(f2Qp=yA+$o+YL-xKb zNjxw?^Wp95#c&3Lz+KtGG_EhdWuprW2ffX5lLE)N9nk{;wCG0nEEd?FxdnCKw6MP> zS%+{fM$H;Gkhv-X7nhc%R;CKwWu3Onbr-{Rn|%sC8zIFI_KqA5|OnT81r-KY*&1m|59`I{?F8|fXy z$#5JKIfNs#qAr-K6$f2~#zqAbiG*_qCBejJBw`#?pKYeko0t8+Ucq>JT?rwh$>9gB z5IeH$rIbQZMqt?3kueN^-Gve9H*%=(DP?CeyV_|LVMP%zl6pRZlE<}Aq1TY_t@Ax`{pH5B%ct2+8wMc)!fA9py(R2KwlrTVN? zqRPdopzI;$i|hNrkinp~%#dM#8@^(Tck{uA-I>^v^TdNFlvU;nhVWSM5AiN%t}1dL z=2O$o15UdP7n1n6iWol39J&(}jFD4ogm>LUz6}+_-Lz)AwOo z8ShONeimB!8%I*6U)WY**NgMKppIvEB{g?=8g-p5hPQ?hQcw$)twG{Xc+;EWMrZml z>LA_{Rlc-&fU&hhDA8vOa?)l`(546jZyQ;%zbiJ^rQP~CMV#6f+46OVe!_aI z`d1TP?7ht`u)JMi@NiDc6jp100WyBn)^OR~-Bom814zEbCDNXPk9zWJaIu4lLz_*0 zco!73TEG`5ze#uE5&#%RJ#p)Mp{QsMB9I6)_yVCv-)x2Hw+3jc6cex|SKus1i;@2kKiPwRcndDiu|u75KMo+kdYOxL=0YpkkjD5?0r9hR*h_>$Erd= zYn+@Hm?n&cHP=@FT5J=PHC+-W23pRJU8q8S(zL`Zy+_)ggde{PASXA)%ko(m%(S$; zlJG*{vJ$eOsi>VK`)}jAoDIsP%!@V4zO=pF&!r-L`_IgVx`1>Ox`J&Czfh^B)dw-o z4vMf1uG2hgReACVRzo{ed4dR*S?d;SMSTKg)}NfpETqCzEH}&>75q%q`U3j<38Zlp zaU{>hwE0s_4zbN-W^xC(}eo zhQ48UK)w-0RfJ-f8$|(x%~R8{1S>_$=xtFwGy3A15L2Zq)34r{DdHG_5}|QRwb!G1 z8sO(Graa`)u$icy_6RbzYq@w^e&JJ28#&l0e@2~1qUJ;OVfnoPhZYs%z*UMfOATs| zEuMgMA-;hD=V|BFM zDrN7&*uX6~NC}wN-xUTskllP#q#gWEs=RTwt+TeErEpj8&)FiOYV(vp@|<>G5DaB1 zR_gR_`ru@KE7F{#NmsKOcV3rLhMZiaav$R@=WbmdH)F(8Q%{n(D`pNpXAE24aEMUan zhdI&sTNx!0MIxnB`<`4Pbv9aO`q`bR(tQ?Zhqj%}=50@-$9lzee@AVi=Q#629{0e| z^p0A})f5FvqW&?n+FjHGc|NN~rM>HDZ>3gb!BEAF5q2c3Ux7UQ|8`;{)m<*+zKi-n!?LYU%=G?BX@!)aM|Piy6GcX+oMnZGsRt3T zQ&`1t?GvXaCG1{%12Sd{8yZlyO2*i^lArgz)-P4B=F&6XS8$3BCq+}^2b4rynk&L>7y~++fh)NGk~kcm2tLZt8qW+rDoTI3MA9c&5P0X1)6ZgrA)iw>G0MV5>}{ zJU-Y}ZYCk{#+S8!bb)8Ed*0uSO4Oace_}Ne=e!;{Qi$Zri1@poPGL=ssZ9%*OSaiA z+0v7gw~DK~%t0j+7r8-xcAJ=SSv1u_UU>b<(4~yUop`2OCdJICIGvsZn8je#g`I;9 zo$aNO_0gkXYq9+$CIC>m#R^d3sTr;rXj}oPYwlUN4NklBBhT|v(=QEu# zJ+v#>j4J;J6h|%i=m|-kqkpAPcdAzukA84nXzilO91(6}=jnn&QL<_4Y%i6iu{3GA zr4lU1G5!2&trU}GUqZ|S8=r#$@kfI8&67$G4)pU7^6ymu#t96pYzZMLT6cZK*O)!XER9 zUTM0f{i`^J9bCjT;gKrMWEN{Yp3dR1lcry0BRf0o;;4Jh6JS(K;SNi-xz(9I&I-pxFs{xbLWPbm8AF|wxv-7K&dPk;~no_dG2<}xXkoej(-N!UT#4%RHDciM{ zr)j7OIRsFM)LN3BHo4VYU5NB@%Y*G;R&^&4HMe3Gmlv%FKj^MqmRx>=v+~`r{6rPQ z75GJx9pkFjR#!uaJyO+w|B05?abFQ{acX&6#m=EVo>jCb z4!otNfr8o=(k)Q2$gqoEC}?REpM(2zgYFwTAK!={T)dZib%V5K%Hz4UXI1UC0m_lW zZ9VeM9v;NyCsSzP(wsQ}4tAetFG1TW=AK4;B_NL&SWBeT>dJo~UeE#U!CvLFB!|+msTF7T2!kvh!iiZ#!-CUp=?-mbl#J9jAiffgzE%gNSX9VkbxM?tyq|-14-_8Z$u)c>+Ug%?KW_6Dy)FQY|^zD}# zYhp9Esqlj2qskF5WDl#61eoJrEkb8a+u{w|NfuD!M9$AO<=BQ@YTd3^I&>W%GVkx; z*T2jy3*zV$*yKlA;A2f>??Q5%8jjk1L(L`rrH|Z`L0vd;jQqVzoqTrKVZCM>M=+&?US1Me;RgKutcpcvq-{zMEskA1Ct#1EiM9XbwHX1`>*joGY? z#bN=^;wRT8n`nH423Nu2Q0dQ;4F7gbtjnz(hxRa&h-y!Q|HSF;vv+_y8a;-AlX)RU zMYiJdT2!)W+{qt=jPpm1ZeQl+)S85v>ClgY-kVE7FU_ZDVNKG7Dgjy+(sw1UXsNT@ zH@Iz58(~Aogq=kn9Z#J#vlO~+gE^Ks;m%|YcM_9RD>xzMKxO5*0)1)0@V?io$cY*p zLQ?17baG$IY@wv;-$X$Z($vi4up~!0k8c=WznBjLDtrN&%+x!X_2XgZM06N%JkK7%RyYt|0nLi{6sYc1rCsIO+6I$`zR4n}&r`sJFRBBUj1glA=dp05r)>Z#2;rSWk6 zi~}s^AggJTjHodg>x%CEDd^+dy;}Xzm5y#_)Q*~GL>zUowl{p}jX4IUQ>^P(*IQYu zU9zC!#ETEoGjA_LgKYBWMVqZ@Ia-1~2d(Uq((WUX351OP;Vk4-`7h#22@Ae`P;A2) z3ufHq@%#<58VraH{ZRTE2Epq6M~kvZ2m5B*CspgLZP;us%l>fC->#TAP|V%+;73yf z_c<;9RsecX?Nl)s+4Lp9n1JHq2jlUe&ur~xcvdNTNi1ebOs>4aA*?z&q9Pv&aC3e4 zvBN7-ss~O=>&KV&<8<(V0Rowm9=nwEU#& zHSSX|Iuh%C7>P@GnvUp_%-ue|Hj-|rCaZK$sIGOr*O;P|k$;c|v@9Ipxc#vprg8X} zxcJ%#VY7oD^0#*=YInn4y@1oSkjn~1*ymWm)5!v;1 zB3}Pej6{;XSWp$f9vmFn>HlRn7LP|jyX z2S+;x{5PA|l*e)Db#Dxi~cyE&EFsz4!flE7(?IzDhcojANqf+3v*% zw7xoY=m5Ifn1iuR-O$ufjMNk>Bs-c8Z5k(xi*}c_)GJKdSATW52sG7~6L^2c#2|uB zoTFXWHQcO-iHmhx(Lq8BO0-o#xpE`69rw2KVScm!@PfCwK=XX;84iG@EKy9gR9yHXk@w*?24B_j}aNtcuykhX^ykAGVk- zGEcGeYUv`hW0FnOD);&gHlh6Qz(4GO=OYUQYjqrhWbzUs-znmcA_>RZ5;q5=3pMAKq8{7+HFP6Ih zdBE*@Q`7h>i?Pr)Y`$UGd%kw~P5$96rraL%efi{mg0cK?BZoLTvc8$*4cd1c*o9$k zQjp`4h(HzMSismrB1H=9sPbV8A#yWS-*H9=cxRh{zuV ztzfg%U(8?=k_bd2-GYSzKug=%8@cEa&IU$@Q^$57ROkPb>36Y%f{}%u0%Z#yS_YC} z)$)9O{ug)yp4+niP1De@xv2OTQ92BT>^D>sKF%PmHqt!?$iR@fN+C-j+j}?#yfkU98X}CtD+N74kaOA+cfqzBR2O z{%bGSMk2CqDYhgeTeq$--7tq9sJD^aOZD_>3Qt&Mkg1L6%+`y49&dIrm+y@6_j{{5 z`x0Y+TSZt|i37t}-KNDW4;p+7(IZ3N27W-o#u&eX{MPFBz`84yPz5{SkPn-<3tTR` zqXJ=_9JHM}IPzpf>-ga*EzJnhQc&6?mq`BMr??$b&t>rw!-25y-B0O*lf)bUn{aXF z&=8}ajqKcJOm3=Y^tu=zD;Lww1PzP1w`FM|ji3cgD-AtE&_<@^;8?PbrgdgL%7dm8?o zKmQ+FZyD8Q*KL8e#oax)I}{7W-6_Q>5~NtM;10#zS_-tdOL2Dy?o!-?ySv}K-}jy~ z&basf${5L?C(qb>?X~BeYfg_dSQ73(>v4S;o|b?4Zs3gwMaf>LfErk1fHAZu_Z4Qn zc-StV=6B2gbRSxGHyEOH)<8zM+4%zaVzIsMo~+vYaXdZRhC;u{Rd>$%aLot|T;HGu zJ|9eqY)t==ZJIsA$kYM@udjHpNs>tu`CYbjeOl+M5C3T>rJj+IF%@98v!O?SWupg~ zB%R3yT^K(+SBBTH^Q#%FNpc)z^uzpv?&~d#M_G(B;_vnC+sL0EuJHgttmUnr5kmQ^ zJ(6%tSLdg5%@2xzMbib*LT0b>0 z9sLl>FfG7uHoACyw`;CbR8eYqPz^YoVtg$_$x26Wm zzf_KgR$}RQn+Cy#^*!^t2m#F!7rLs$Xo9;J$o9g;WRfLk#sQD~%bvGExR+*pH@hH@ z;^_+Yw;P;{89DEy&0WoOynUrV=4F}&1t&0q|Cp#zDdz5kCHUY0cQ|FANkEg~p?5)=ms6y}s~wSAW{tl%~}j#mB6F z`1A3(4veyPh7f@Qb2iion0|kLDyp&s7GZc3!tz3H;*S4_^<{{(NML?8I^=32s%344 zM=H2q`V0$QDG`O)?Uc8mU_hWFh_w8b!j{}>nspVeH0%p(d2KpF;r^(o2&tPh2rDQcbV0qhZ0qZ@@O`EO2@E#R+QJQoR`uTu zv$8n;9W3nha?Piw(UpXoEZ%^h+QT|Lt7t3JsIdNVpC$vT#wU-q3#n(0Z`X$jUhv82 z+%O^8KLe#qMJ^)I=vQUI;fD-Brsx52C-#1h0LUj<<00azfO`Tb&i?2}?A*TAxcAii zX)|h?8#QVN-2uxqX^yi^@(RO=7h$Ta82bWQ#A0Bc_q>kw~k$VIYGGZa?sivd`%V^WC|i2A8!FJRwI^ zPiA>a#FT?xu=9y-Xw9i^z$3`;@t(aHno4tpLAVT57l_+BqeOz=E}^yN9`sfYH>3uU?-_xF2rCS4sZAcd2I-T(dbw(0ymvpItv&TUMY|SCDz!Z7yi9xmU0Gcj%$fz4R1*yQZ$U7-cU>?MfDI@UdIB}VM0B11)kL|Q z?$3Nf$t2xWp^XsMwSh`~_>)EaXt9lwG1H4Ma=Qj%vpY|X``!JZalT22OzicZvpK)e z;>-SZL;EA>?ta`aATe45)-%AWeBd{zakt=(S9bzFz-pL%<$q4_>4F4I?)9qx7W6Ya+}9=l_>dZ;O`YA=Fc6xb^NAYTD{5qz47-Ti)l^b$Ri1uL7MltoQLMSH* z<_aD~p#`ehQjHLi${;w8Iw!@%DoxsCqzZqRriF>srV&lbu@IHOR^p%Z%IJaMse!)? z(W6ZD$(jSBgnp_tbnnSorI)!4LoK>W zM!P#Z>z1#V&R;Ak#qCuoV9SII14Bh#S-wk#$PnFMi8YB`KUQE3khLx7Y;ja#vy}G#}z6-fDh|I+#(=>KvsFH zC&H*80q>+7j7iv8dkoZ0{v^NfWd+7x9;KN+J#W>-Csq$H!qQh3Hv?)&e6+5=x8wOg zFBQ-GXT8bfFpK~x!5mD6XR11@EXoB#W#eACtV+3F$NfcQLNZ%heb@|}(Xqr{&@ZA` zzdXqc5n#NX%;tm<3RDv?kGiXF9Dp!Dud#RGzbohNJ?+)~YET#_Ty&>#PiV$p%uxBq zx|Gxg*^QDg3usGWZ2#>?vbf8WjG*v6x*q!DKK5~22#J7QcayvH21Lir__?o0%AdUe zhY&dYjRy<8sR2HOnuS3PT`d6`_$gA%h?msA*$Vx|whvFok+*di_2!HDFf&)tNr4BL%NEckkcZxu zdc$fQ3{H&^&lxr=0(Vx+`ambA%}Hh*Vd`1{IzAv0E>P+{%qu0HHqX)4i~aZFaXup5 z*m1f9jnqf38ZuzbI;Xz~4hBYyy3R##JRUx|{D#=G3%96IrP}c9oPgD;_bCSCYM)0< zS2wukF*9iK_Xj$9JsyCS<-iQ=&=8tLgFr$a%z+SFi02j-)1dm}riRPq&Wg>jio;4+82lRa+rmN= zc=_w5>~-&VLf57zkzs*pP$VjcWDwq%n^z#NKBz1yE>cMw5->-x@bBeT_=y$j6Z_8< z%iZT`5Lfv(F9unC4|E8rV1x0we|=eK*X;6!H_u`V_Ep3BmQ9Z1s}i?v700LHYSp52 z7=||&T5*C)G)BIGO(?s8MdTKNivNzy1nT>AeGvgXzrZ?gU={6&(D4iI0P!hskuVyH z$fW&>`~lAhQc~7Pb2@g>N%2XV`B2LGA1GaaDZYNbfL>i$4Wzk;{SUFiCkg*(ERB4_ z&WjxuIIaW+Ckbg5LDkl=0UH_#`g(Cy*5p>U4$`c1ngg#2(4cTPBx-AsZ#iAQw<~da zH5ROnmg(B*`<)F6wamq!yK_kbvb(wE<-jVlKGX9J`VXvuTOHNasDp#djVH~Abt8>c zn_T<33bU*%wkARTr|m-WmSSr1P*JQM7}G#vnUSCKwii3e^Ll2E_jGp2Ue47OgOn__ z)<`AKi?_fi0ZL2yBf={082n2k-TfL zkCK%Lz{))dFf%g9dKF`4vS{KTDm4v_sEZOW0{G~82k{%@vI%914+WYk^E!h0{+n80Jt%9Akt=6^4T*{Axb4=DSG{*XNW2PYKtk}}@uqU5aYK^Wt$w4hPb zy?euGbdK}lcl{;J2Lk~?NgR0HybpYSfTe?k>H# z%`bZ#{9NPTI(Eo%GSa^1wA-z=>Q(#_bKX%7wnOU1&XpQknka*vz)cz>h70iV4?mKf8@Ri;L{N z)Af^bUm0%f1J$HhOjlP-4Y*Im8JvWQda1<*+^r7*?#71P^`}RHR}G^aUksPkOi?%* zy_q>0ElD_9lXYXGwmcFjU_{gZWn%t+3D`;tiRh{JCWPFIz2Slcd`$TbWLg?*Ujl%# zo>@>9vdINzs4#VNlZ+@n>aTDWWjSd{QcUDu8j$Q796KKsgoqm417k-C>Z6qi!VZvv zunf{pa&q!!q1bcrgR63f8JE=r6((hEUERJqasj3P)7;g-0{YYN;2=cL@>)(x3I@RH z7#Yup_SxynBV{LdKOiauO>9yG$;j(|`&;~3 zzt{^-KZSSNY}3UM>x|`C`+T!2>#E~+H`>3rKMzvdU@z*Oi&fTMy6Fg`PE zInXq(;1qIm2EVoQ6K%-la)8PaX7`j6)J|BFQqfzxs%|138EyD@-qG=b_dtHBawT-5 z?{Sw<=t?L(+b;aHKh8+)JpOiNiQ45TWt2L7AJ!1Zb$a}IJU0bg);Z*^ov;1PXFqKf zc!xkQihzJb`+<0p3i*9sG}SsjgC@+q4}kzr-ku&7v?y#TYN-J~B>(wS@jRHO=SBxX zRiZOu^&og??^hEf5T=ss>9~iFT&niCVMVJ5k?68g0YOSav(w1hVQ z1ydhnDfd}@3r>^nxD+0HVC!a69&)U7d?_0cKjlMh)Bc-*9^d;?$x+;g?1xcM0jAjE zhhRP-1SEaky`#4V8PMCukm(7I&kvv@^bYi7-UECfI&2_c-EwQzO@i zjQN2Uo*c&B2QPO?;wL5M7D|`AK9Sf;QO6f(aU-^~dI1)pl z90|yE+lV|<*(LQP2rxa}E@8|6knF-9cf$YjMYR9uEF>s{4_8qN4FoU>4F#r*C?pb0 zM8}#&aY@E@j}Y{Y8}Hf)SdgDCAu~yp;*-#-n8t(i(Z+*_(Z-#@vc{cayT+4!E`!@6 zH-lH(#*NTjH+V>14f=33=HXvNyUG7ndYWK%@d=`byp5ncdC)$OuO;O?(M`nvRZ~!V z$VeihDgH?W?x3EJGCOq58_HOnSk2Mn(T$~dHT?Ty<1>6>s)iIg&6WX2vWA1-RY|QKikH%QKZ}Z47xs$D+gI`!=eQ*Uh{xIgoLK< zE=qPwQeQ^7c)}$M8Mv%DQ9rQ;Nr$phE(QO|oX?Sj)Q#Kf;H>xU(mGC|eQLb#C0>4T zDy70~Xd{hVGE(R~u0Ra3h7oZ|=H#>a{{r8(thzqXqp^3VoUsA-)$gftX0stYRUryd z%9O{g{}(CxpGBVigT}E>rN-4Cer4d??PRdi98bw5E+py{6re<5085dMb49_J6D2R; z!MFDr!zIx)_MoS5Z%qmp0)6aTaVXe0d28KxTjsJXzy)`UwH)!dTA#K1{r_;%1e87e zOUC+d*Cl-ZkBFe<NGZbWB{R1_bzL5A!#= z2VTb2H}y+v{J6G=g#AERM~T>4us4CUF7bi~3(TFJRpo8qH}lXW8Tzdc&U!mgVK0jk z@(xso-Sicv%|V_N1r9|h7E9fgTn*TSY@K5e%cQxgX;a^@@|9I5IeahrJIeCw^v}*t zl-B1lSLLgB0=SEKX&d4nxy+fHuL!blMqQcGj(rl=XB*nH!X-_Smxstvm-~YM+k2jw zhc5BJ@LY;mVJ{p&&Q%%qa^mD-A!PB*MWA=mA`h81%-Q?HpY?O&s`Ucca=t{HY~0?~ zO|Q$648kE=vhUhuHpdy6ps>p$b)3zx~Z<>n2D?j zmsA_)c;Ji2s84%uU=Cbdc21yuxs`?B1YwNei-({gT_9T=mc6h^7=|y8-ZJHxy%&$_aOCOfF7_#5}@`?GPffiX(lAvRdGr-BL z4Q}d%#DkRasVl;nYN_UwYyP5Ls}KucG-uVq%b4eTWzg;m6DpF%Er0B?Q@#pa?yAmx z*Z#GJ6a42e+xtoR^GDAxRE;^i|1BmK|EHLkjCGk4CmF1-b8*pRUw~rQ2l*mRm;XDMFp;q^-&4pp-19RFyn1Nx>%3%d9B1|5ygI3GWp~0RkY|mDp)MG z#Cn>{WJH9u7V!^g_e9bA=;%L?`8>jC6lpZPn-tIe^MOfD#gqbfgq3b9H>LT=~=p^RLb?CDtgkFV_%@9311>BrrI@Yh;O zt6ZVwhY2#xEXQw>${=X%deW;N_Q4N{kLGFnulC@Fh18BQVLY9$hGW3nU^TKfNTO@a z=D$Uc0D5D)_m6@yDhLhpMyfcBlcMpLiGC_2d6^$|-@6)&clXsGCYwKMv;5Qmb^esB zAK^mA4zX6{>2OR%%Mjxw2l_liil9aG=K3siaxg32+34K@?ef8As2_SccFWs&>vVOa z$>rd&W){JE#Sgc|Z$3YfpVc^!6W$$svI*^jm{_>({f*ZS0JQvNgZHTq`MwI}XYi5| zkYsu0@;qv&Da9KDhU|naqE`>+X6a|puKn7T{%99GdwTu>AJbb7V1JB~=BHoDFGAnQ z%rfQDdVa}Lh4AW-IaSVcqAXyR=&9PWEY>SN1q(BuKr#yol#L(%m&y32>HyvXG{Iol z1qls!j`#%Oqws@e|LkU+Vk zL#{OkA^mioer*Vv`WRL*)=unFn_W|eL0)EO4mTsb@9nhrX?%4PHT90 zwAS|b4f2T~ja($DEOB)YBHEKP8Q%ZCWsr8``CBYG3M2wRv!C7#Ov$cl{h|XI<-`){ zW)B6?>w?;y?4jDBmHyO>lK!7g6{qNt)9i98 z4}o?-?7dX9=AmEBnFJiiDed#m)U~B!_Io9TuKCJ;Ko14rjD{SUSoX5nzhpK|!CLLZ zp%^hgd)jhGKNQ-L9KMw&;R&J{5cpSQqZCuVi--j>{NJY>xpKt~?-O z3KERa(>>`Q*tkYW1GF8{`uf+dKMcA$>EA8qW+@tsv99$NZ=)y;mR1q0buQj1 zu`W|dk2nPFDm(W{Oxe~(#98abFA@> z-VfJba?EqIbtlP!mzVGBhg*N+--DLE88#x1AKu83*!|e`V%Ey3qSETHK{mB@nf>SvwgvNiYPxAq6wYhUtRe5I=NOIm>C3#Gk0ywG zUz;sz-SQVxtR+Ac*6l*1#w**$g?&D)yM6QyO2xpUXm^R<&92~GHg&=WgCUU7CQf3v z)4?u*RWaCLEzHo46E*`LJ&lHAeIYQ+Cs1@KU4xzOMa?xTxtACI^02@x9imaM4~$8D zMOGk1Q8!ac#r|tNDUtmuk5YwOZ5M7_0~&~XksPkq>wp`jGn2FxTxgLASCew)xuF>7 zE4{xwfBI9g5x|(y8ER)zRPG?|t5JhnPIw-aS2EKnK>_z=IzZe%Ca%C1yOg&p9R004 zxtSO-LwXh#zdWjE?O?jh-I0fU>Au)y%GhPW4g>Z5s8!NDDRowM_FJtPEh}5wM5n72 zj>7Z8@QIu`MGghgpVEKZXF_M%d(yf>=1nPHbz}MUbWZahOdqL(>#MR!u3ckDSzqqA zjb;So^_r6OIqDZ2`leC(Dh?Ni8cY?>GW2$}OW|mO49DV+IUreD;R4hzcz@k$n9U9j z<`b(}Jg+z0;d~u#hCT32%PS92m|XUi--O)Ze!J_bB7Rem&b9w{b)5#AsLHIfD(ji| z*Kzdfs(Gjx%l$1;{9beHNfT z438{b>Ev3GHf}a#Z;H>(25*uaWKA)*!);qkQoiYdOU`A<6O2 zqfB?p66@Jwfm3T!Z&(XaGPHCscXhXx3pNoKIhehJgW9Z{NGhbL@)`uM0L}hZE&V z#|diM*)2~MC#%vk6%K824ss6NQoNjk4TE*AFKjb%M{rL44wfc4`z;-NKjuM_83d0Y zG|K79J09w1rJP}%DLsZlJu++IhY#pU`mU_RRwWI0=$gkSxA75@T|9{URu?wCq2Hk$ z6~}_Cd(XmvebfQa;*HPk>u%SUFZ~RAZ~;D>51{SA_kQ&iqSdVkH@&}C#GP1gf~}lG zr3?*o3v6Eb?9)ljaJ^#E6VcvH(VYl8Xmbz6iouZAzA=Vo;X-6{2q|S6_Y_^bUS)-K z*nMC9w1Bap(wEAi^HzyPn=fLv6LC8hT?ZhgHyd%1M?)#oRb(ztrSX0@G~&A4n~n7I zNN{6D2`R%Oxxk)N=-Vd;R-X z&DrLe1GIy-J>)gwf!`13k@8OK>GmwOhZ1@cILr=#=y0<297q~FFmjo2o`K=P zFGo&K=86Pk55z!|0?LlxtC5+}ERr4B^gut%iBmX8rG<~XE!;!f_gKGi^GyNw3UL)y zHQLQ=Rb4MBGX&M=J>9g9z43Vi98UNO%ooHgDO5EVH5xh7+^x_(njg}>ZSfY=p5%6& zv!m;KiDqW{B0k3mR<=bFg%xlFHoIL!M6n}vv}a>wI#8kxQ4}=G@$c2giVO<6_x%l` zx?k34Mq*UhC2L7*4PO%E`H%xj9BluB!aP@*;L|$JF2+eX3&CevNdDXQUvqlsZrhr* z<3@3pEF#EXzkdDNGNk?n_q%O5Tn_q_r11ss8b^ia&N9O1)$6wl?|jvloW?G$`a9>{ z3It7_9+uaSQh5lev*M0G3JNIIHEz@l41@}LpTZS~qzz_`j+UFyiiOM)ngmE%BHaeL zk?0Ww2S!E`o0GVDpGkmbVaLC3?h3v6oNm+pPdDdrH`hI=)gB3s8l3EuKtK}MZMVuw z0b76ef9eQ#ShxJN2H`a8hywNdQ+6ml!K_vuG=x8SmHoGNTxSv*dt-EZzQscgFnRpe zKR2_{j-lcqg5yDl-sq19?q?Be7aR-oqnycJvl7H)>B3^1Ue|Zng{C_E+-$hzkVuF5 ztF1F*NPZ?I`|5aE^5fj^8L83vUI6D4VN6aE3o<3ag(({5(~Pcv9f2gCc(TLOc0*l0 z9&1v$>?aA7n^|+{c{o}8oLY3Cujf3UH`P%0F75pf0q*q(8}NgIe|MzTA6VgK6Aj0} zWujJ}t>`HOzCNKj9+ovY55UxCZ%3aI?{3d><2DHgd0^D%Qs6by2jJ$mtfDCAND4Pz zVVV;QDVbm{HSiQk?2hy5a1M)^xfmI3seG5M#d>Oo;tb(hT1C;2^pkJsz=l~Y!3o^?}celZrrHE$~r z5ky3G4sUxC-9attO98%VVN7ZNt8@I3EP3!Oxrl#jmw<|cpW?Lj*SFo(g$PLQ?<$sN zIHaN9RYLu7S8&JjLx`s8PfToViB;co&W(LnT)t-#otr%u9DDe7QYC6nf3{O3wVbU~ z*|f>^;gD++BZrM9NZfWBzjWp6R(Y8x%|9RA11@V`%^~g2 z3m0v30VB&!c@#`@m(L4G?~L2^MFe1A=lZW?q|JmvB&MXY)uYd2-H`Jst!J+4EAuqM zd)nwVfswiq9Tdm&2oKA%O4>+roKNL;p8xbGnc1z|tmq9X00e*m80>t42JGZ&)#J2i(ji4a_DwFQA_o;8Wr)qq>b0}QI z*ZKNmkAvbuIO!O_vEO|9m!lP%h%9fAQ&!d1ip+TpH%47>^~VySf`#6P>NpB!O%D%< zWtM-L^3E0&I#u*2tlbxD_lX7UTjP&t+ANySBer2aZ-)~Z=X%HL9$DlKFG>%S-}Lq2 zFQY*cqSdii*|mA-lb^VW&sSAjxxWytQfPk@WF=G6TnLVAcEg{0d+&NZpSl(cgX{?a z(cuzg__0H*huqc&wmw|eh)LzTM2QvWPRRT)d3*1i=Rb1~Veu}gm{PL-_>C4#BsF4~ zESE5uqUG!GJ6Ohf;J$s)kMW|^^g6OGtuF(t@uvntcKbsrMMb43EW6nbcY~3B#EGx? ztE|3=$%Pr;kkl(A41ahZb)aU6PYj&;+^g;omloTIYpIC%Xw@;@&Sd4aqRN>6WMVp} zt|$TsBA5@1arV9};~tGN%gzSS91U{x#|_Vx|a`{0y+8U?MT+dz41w>&ywz zhTF{F*UoJv{}`pDjMz1f!!RBFlO9@chraklq;tism3g%blp9S-aiy?$ z;Gb_~GZI=}Vv}!M?aj@yajgu%vebILxVfiX zky%U9;UBgXye%L|ByHePmZk%V-U_+LWNNg`G6?ce)NAwCPI_&Ec(^Q7nX4}r;|&*sM>Yua2XEi$6i*rcz}t!y`bApA}xIj!10mg-F`NWw3{kN$+k1$*WI6QY0X;`-IQ*@ z9(Vf(ejW{b)~yCEShDv7>N z|8seG+lGcosUIjMl}itt)&N`O5Kqwat9|1F((N8Q1w2R+OPTO%@R0p+lxjqjXcJ%i z4sBRXf~8X;KGS^IN}D>fnOsH&T&_DdvR?w8`1cv_IubLXiC3@MRqGd}Ynw^W{=JQh zVOn7D<$6>op4f66*+u|lyAyArlT4;_B~|}ioQ+HMZ(rg&rPKhD?U}nVP0DsryuDjL zo(GI!Nbev2(8(sebG3({#+E%<;WTgVj8$(IieV8-EPPOizS3Ct&wR$sfM!c4Leo1*t&owsNu!mB*-#7KM;mxor&CgR6~#NUXO$wm^6tbYjRc)vala%> z^?lh>L@Ws-QzNTPuD=L7KBEv{4lEG+&!G^Dm$fyTOmI`pHND@8xr1Zqq#6 zQW5WJ@XjwwlfQX`0o!me2~9w&ga6}Fz?J!MlFbJRiO#$!!ep^{AWxk1%9i7P&^>|} zeys`2F;B>@=H-4DgxzSNU;FXAGZALjA2D%bWDkua@sCur?;=c_ncxD3mHhD{U>`F`{z%s`8IE?F_^Gj zTo9F`Fx{;g6}@%mD8lbKcCy)h)ib#OC)v&oSf|wPJciRKkb9N=eEhU0hx!q@)zNS!dR7(+13>(p34(AP&s&uMz`whX|}l zP_fPxNIagJ1kUz&DoplL6kv+-YiH-nvwvb5-$&@Il7{Zr5Een9M{o)8tr`f3&UV2l z&TaN)y2ec*HGrk}`vt8vqZ3yRt7K@I71c|1f`$I2-7g`FCZvax0yUb(LnAT)rz1LR zq$KidIO+ITz7H~;8Euc66Bxa#&kG_2+dJF2CFLB(v_>bJ6Q6zr9fg|S1a1ca+uj?) z53&5=^BoO6CLRBTX90iVjH)J*l1~l>9CGsbHJ4MavU(#{BrQkH4W0DI4_R_g z+)}+HJUQDwzaFI{`2czs`Vi=_apkF~QK$!r{xYGYPf*uRcq2_gT$DLcR*XA|;rjUN z9lP6ZSG`ZQs@e70((GkUAZAMPVPiozVR*#P#tt@7RMs;_L zLpR>6rA;Re=;4Jnvk^w+ugX(a6PS_y@a?2PK;nqdF_m&e0ZHv5V{&JUcLGsyybPXA znmm}Oh;cqn^h&G#sR;CtCBm9rp0_6o{>Yl(pd9a@0=;@r*9;BlZWjW?(HRCz@jqei z+P%=0D}TUguoWY@Jr*Xnn;P%G&3220QXN?Br>%&f=#0HtoriC&oD~!mT?u2{OR7`x(cQot9a7x(KeAmqqI53uy)&CHftW%<(8*DO9FY)S)Xx*6TSIPRNL{1MubQx&3(SbC8b3qEcNB&=|+3&0^`#nI_E@WnK!Ep zfO_W3t=xex8$n5_nQ`sD4>|L@{R7;z*rmv(Pl5R!n=@{E;3<^5ryH^Lx*Jf|ZS71- zn<;CKgL_Z;_ctswKEB3$_RaU0w)2eyr~VTZxw0`o_tA(rV5vd%{b_=iXPs~^Dd`wk zXsB)K!f5bOW|-|x^*`T8AQ`#$5h$i)NfiM+8pJy*IS`9@&6i?0-ZMFh=Qj<1Qqygi z#gSYNggex>9w|K9<6k*;LIV`=m-w-`&51TNnvjzDqW>xgbGICK5xIJ@Z(&a_)5oiF z+Gar~5!O5z7C+C1ff08bOMD)uKdzk$x(9w4u^H$^>kTXB-EsN($paVmxvP}Jyjj4U z$Qe`X1$Uj7SG@hqI`7~@;6CiKj5wXNvXtfyF<%MelQF>;RhF!=t7E%+BQJGwP33i} z5fcDvD~s()(opf*PNgGQPxx`CeCq^%q@>VUV%aGT%b9+q;LqDK>%DnL$5=RUS3LZk z%kLcK_&iESpseG|9}|SxAD5Ge%F}_$`YB@AaoPIoFU)bz6%vPoZpgr?1s!xMQ0ELZ zZst*V=Gc1Z3!r?==+?<@0NedtJ9oVa>vKY4RRj}rdwpiN;4o;>UzQA#M8ynkz9BEL z)K$9dad~D-TAT>88%^o^0#Yl4VzUrpkx0o#_5lOmA%y+za}1T#bO|q*3q4o;a9Lcb zj7Ko1@T=%gDWG?I8~GrlsJ@=IfN56SvyhdZQ6o3cb;y~&)|C^yK^&q zW?3MyL}L-4<8FtzcEwFlb?t)4pzZmzQSkc9a;hs!#t@LmAdpxh*-V7KJ;ryiMvE_r-Z`nm_^Pv;Mg?m#n6OZRZm_*xur{l8gRHe`gHA90e#kz6J(0PRmY*$GXiff;%JWVfGyAOwUAr8&l@6zz}L^E&!vCFI#mTvOt~z5IPqHE zUU~k~Hd2U&Cr#vjKzi7G#2v?h%)I<;LGJbV`Ta7Ti@6m;=)(tjh{spnRzhTG3gRCbi5Yrbj2S%CT@D(1=I010}tSw)!Vi5u5XJXOYwU9aCuCOUik zg<~m1I+VkErtl`|igXi)0(D_GntrJ0At6R26=5sZC!(xZBm}58VfQmlL;BAC_9RRY zNDMAu8LW*ni4fM@rvf=29vX>_+8iP3D?Y3(?&f1NFud;5nvjq6d(XTzKPbW1GY z7IkUE_f+FMR%Aw>PQdNCc;8Qt_xB9=ghH7s&0KZG^f_pl4`QLNI1qNOBLy(mOkG9% zI4FrQVE;jnO_q19Ov@Bj+r?pN>>!UyTDds6qTn&ZL|wRCkd@%5RYt(W*X?cO)5-epG4-Fl>Yu zdpuzDu;29u8~tT&Fo{Vde=g@`WbP#@>z1Z z_Jq!$?M&6>8l$UQ3=kG!tpP}o5FT&>D0OQw5tym7EDqG&nv8j2_d8AAK;S~NnZ$xm z+8$`=IkA2)#`PxBA98#A#6nB5#lh5O5n zXuTjUHL9VQnaQbWSmgjrzF1A|Q2PawLnP8P68D!X#3=kX6zJhBj+5GCzp&#gPJ#H=8vpPRc`Q)i2CKWxnp>ihJ~+5UUy(2UmSm6 z`;nx&y1LSO%A)o5#HaQ8T+-9$F-Xhm^_b9S$`a|r^=ibJ@6=iEEwegUx5mOQtxQ5n zZqBJ1#ZtHjAi>^&3osokOp?|A%RILcE>uwsxojR{nn$dc6MQ+jnZ^a62AeT#TvrN> zPIKlo3kb%BA{I02#Z)%<9i0&Mo!iO?)oXl}c{3l1eeCb_wH`kp zuP7@fiiQDbfOUP zuxz*AH=d)YKdfr_H-n?J!_ut-9E){m`4AROui;M|e(|tub>P!5d~2d3?MvIHa;?HW zQHD|*_N!6{I%S?=6sC29iS516opm843X&)m0s-~iP*;xX2@;jxnaqm0Df$qciF8R9 zlLUPBK{y~8tU$n`m`+d5_pD*Jlk#)WkB|K85%5NH6&GW4ESXFkRsKYia zIPT2Zuc@S=53V4>&$;cgMK`R)JH;>xm9R-dNs1DJE;0gG0cYW)>7@umoM^;5(!C3gl5-YEwPXgk_o@$S@!i#Ruwp>Bqec> zEB`Ei`P*T&f1s=9T7IEUtmcN#CMTzkHMPLT#FQ9Y^kHszujrx#Q;TtODJ%2PO)oYu zsHFQ#Smm0RkP1`(g3qa4JD3FXb_=Yb(;CPVe)ZxUy*&5l<16+15nfa!mJGA}u9L&k zLYyRW(XW93{ZJKOD}c)L-s}KNLS(YtM07tJ>L(KKkG~*n6WooO&Rh9{Et5 z7B)yd9_dU{pJMnVy%LIYdgzbYdz58i7+tN#>|UI9;vooZBrMyU8_&)(ianz)r#?6c zCwMU$jkRDkn5PFU1PoSjPjS~-pDu`*6>20yCsO>Ip~fYD_CIarXF%9SDR22|bq}a^ zI_lJw&8o5HW1!f5jS*AOIe4UyDe*{jK1n!BDlmUAp0+jSNvmVHYzlm+N7{wU$)~a6 zht7BvGe@6(Jh1#O<$9%qe;}p5J3i*VCoitoD?sev9_{I>#q10Z$KPWYp3X&~^Yy~M zH|SS#b{Vv;^v{{eP2HY>2T?ngNNB7~9CSWgZao=95lP!e4^1%%+YEl`hc>p$ZSJD+*67KgyQ?kQ0Ukjem2Y)!@M2jMW>jPSws$#yP)5St361#$UWC?Ok6ydwIoCsy} z=-4ccgOym~H9kjbh<*+s(t#8C9^kA`N5-GfEk947cOsGiCu_F`8SDAp6)K&} zN@(VFbk^aPWHdRD2#(+9TT6k#x3EH^=)yu!XyNV?**IG(Aa1ms7)x0Q%g!PrmXoKw zt8CamD0V-0!hY;NCGq`R5|fI?7a3$Uxr${_Ks9yDNhz zPhlQ!8n+AdE3MW|HFeHM@d$v&nU{J!rO@& zj`!O-K-gsPv;+n!k{0Y7bKV7Ryv@#Kl?kL-2S)k0>}V|#k*BNBYW;SqCfMvl4Kun~ z32@8bEbT4!*msF)&X;08DydC@VviOMwOsDQLRPI@YhrBUs=HfDM1RWlPpj5THB{Vc zER>zj3!nG=a5QtME(F2l9G!hA#t>=h5BR`XLe5SAOWeHzLjptORaB&$oZh<~%~PjK zp|a@L+y3<3(N_X)20t6tc$MLkxfSH~9rXmi8Lf{@9y4jDMK03A8d=(35{=EJ7%lvp zk{P=TTbnUA%hwaJE*!mr=_=-76Ych?@{_b*mEz_Or(gyFXoa`WiYy`p;%XcdX&OrA`~2uEqBi@RvR4Ze6^@dA~HO6>|tN znGHFtjyL+Li)zgFm2)}X<*hyFnRB`M+;%z51+iR71W9Mx;9IH_2V_MsdDHQH^Tla4 z<}P!WP`K&FR=8nPy_L=HZtZ+Ic>Kaau5elC%=IRH!-Gh4w1ccoF_Uojc6~E2_1u2) zrf#!8~~=9H7d-^q5Nc;^Z)Sl z7Jg0t(f7D?cXyXG2#ju!7C~B4K&3{HmhKWM=@3+q7C~Z+8UoVNu`#+wj{ffb`FwuA zzhIBY>v4CV_ndpqx$632^F$kYuM%#a;=C$XA|!E$JhM_Xq6eH+XzpZ@3TaDeQDfL~ zV+HDy!qyu*fOm5RKuC;2XSQvuOb({n;&T(jewMVueU$+SxS>1|cD9e=@F%v-ix5#lA9XpK6VcSwdOAE1ZQTAAD;GpA zd&bGhT8M392nl2ET@K`;9=z(hDUEoHL|u-Eif`N=i#eRX9WCm>FA5=nhO7+2Mkw5n z_X;I%%{hLLot2*Dk$`TBZ1cbh#$#3j!nB6(6ZB->nuqdgJSK0RG929<*S4oBHfR>k zah=w$o~jzg{By%Ez~p&}9nFDOPirPpRkc*bpo1&89dw&#;tV-sad`kj)~yOTgZCo* z(qbNH`{$`JNwB5f^ouj5ISH|gNPb9}NS^1@xflF^^8@AHJS~0za4?#%;AVopaLwG; z%0vwUAGjccXJ-EzOe7KIR^lIs%MDmfcAfTuW?9PU7^|u_s-j(c@ItqZgSgu%kzB_< zkM--#L4$4BqW}7W^99ZnFHRyI;c*mS#@YtrOEY-T5XudBc3$!yO!_x7lVX17`{RqO z$*r7~P!1OK2q&Jv1Wu+&&M%TGJK^1{ItmfVE!R*Xf^u}<9Rad)nN)FO)D7QQHLCM- z!;Jd{COOy(Ln89&EWfbcp>DAYi_ZD({Lwez?(Zs2YO=NAk7kdQj~2cPW7fA3ZI1VA zz>&C!^1p-4NS85x6#pY_XGw(QDn;nW2&V4S<;424BbD4j`4i1CkGCbhL`njkEM9N! z@Wx$VM?rnYAg^~Hdw%|j82q9W(cfN>4qeN=XHIwTz>1*vf0h*M#6+3qp#o@l$)9-1 z$BN|QiTL^%muCjMA4JXr05Cag!GtkHP(Wd=1EGP-=Tf#ywkd*CU2X2~ImYr|L_Y5S zrg=Q*rbw?RMeP1mQ5z>_zEUSw+^%*!y4yu>5on&HR#fgb*nE*SdadvSrsEyEX61>Bf*VtLF8x>`~KZJuF(t`TX^ z1$EVRET3!+s0v5}55ejdNhAXUwe{4QQ$9%cmrs?Hmn)kvU%l$saC?=k*B@PwfUtgQ zy7U?I!8tqvaAZId`{coY`P1wt3rLy61i^+oZY(7;Ag;YV2;J7RC0Y0tfM!^BMZ2vI z-^e<(^TqF9NV|^SCl4LV#K!)10X+M66=4+BN4FN9-bhuQbXLV;r{tTrUcg95YNK10 zOyZGsG)N`y*{?3}2#NkaMj;Ryh+ zxyFR>;QhwT33ROd68QYmZNNZ&k=HpDh=V9c^&t*w>YZ}+N@h)G%@fl%gwR$>wspE0)Rbzzh7mBh-we28>=`H+-MY1H#>KOOR?COl19 zRFP17RHrAJ$*Ye*Jw0x@RN|!oZf06UsNFwzyjW&Y0r~@;N$2~)KV&kW5Ps!0DifJj%4-~VJT^EDVuaNP))?X*-?3(N0tdG!)Ff1Ir zqotFL-yJ7IgVx?_Tl>JP96j&tv}Et`v61zD+$18;#z^G*wYUxwk!;64gM#tYL=rj? zS)A>0If8BdTcWYTJ3fW3bBa5!5#P2780QA{CgW0z%)xl$^n$r0v%bF+4-!H1SnK+3 zEU&(L;3d=acD0lPV^)>xuc*FxbWg2tqAS{j!SHc~Y;xyc5KVHRug8Cy<0PlV79=Oe zcU=@M-CGTxWWkh}h)@DZjyZh-EoE-lqN8G(XIyPjj67Zm%8EdSv@HN9j8>|`-s)fmF8zE!JeD6m6hpmJ#CYH;_ z=H)K&*S9r=MI4i{2`E)B{4@YUEsYDx!x`bH9`&Jz4r46XN!-(l5+b}bj7w~Xic2=)7npo_XCf%(>q5Ep*IH0B&i*U?gMA}C zmg}^EtYC#kN)~<1@M{&VR=h8p|L|jVW2qQbGUv!j=J;@;K2E(yk`tSnVZD17#83Jv z5k-h9$23i(AE$JPZ{}AUxKl_P&uBmpC5%_2Ql_+?SDMVgG99`_S_%sibIcL};jNtf zr-=bc3WQlEj*S+ihUdo*kg;0XGqJF(138D^-)!_$k!W0-0wZNy>2tQAZ z=vRh5vKk2o(bt2Hpe&lM4o8bsV69u<13!IqFd7VeF9Ohj>P4jeeCDM;H{~eqaC6tf zi^hJUUrm4~gi!Z`7&Iew;++!>JiR-Ov%akw0m(&Bnp+8_>u(zyv!(<2?;(Vfd4$*k z(kN^UxGCBht{0vV0U^7ElZ8~mGA0x;0zEpZ!FD%zcVYL(z}eO{*xJ%#LP6GJoV37W zf3y5JM2~?E{`Wxeqz(mtY&$U%0EA`)a;=WEV;sME9X~hF*PHw&TZrozL5$=7}cafkb2=!h;1U5du-+6&mXks6hCC~-eCkqmb!br6W0j&?#$+f z9ZyJY0wf;-h);|WXLe~Yg|uf@xA6{8GbJS(YYcy&Dq)M4bitCTG)I(wv9$sJrraJE z9a!Vbg^6-WoK$!310fkd+QR%K>KHN;rS&2so6Q`?YI)i&S|0!#4aLt*!3&gqXm{;M%3%bdqb3jRDE$u@okQl31l{-9%>~3GW$n7bTBId3a zB9hRPYaJWI8o%DX5rG)j;e##rKlVvkKXQgo7!C9ZxFXtHl22S_U!lBae}Y7BwOZ&x zc~SiPjGb9QIIE+bl=UvQvD=cO15}pVi0+wb@99=BVz`pZ8#1d5Ye@w|65Y}v$2pJ0 zU@H(HTQs?F=d(!HIWv1*9x*Ytof5pxB5Z}smr2KF_3AF{ z2?uwS8!p+7hf(?TG6CXs9Rc)d*Z#`f%u93x5zNssR9lD!gbX}$Zc6OE6%KA%sy&Jt z>7>j;FH5u|Ka@^jlIsAO@-IKa$6RML24);m8G<{HCf)4%-NqX!kT1y-SY<;r2}#$R zH64$`PXV=`_qjIcDh( zE5BOY3Bv{kQB_;6PNZ3S0yCqyNhChUakVvp9Vt1SGcm9VU{G* zm^CV}Q2xFi;579JZ_2N(xZg5IzW;OR$NpFfNHvViE0qt$zzr=t!B`Y89`gN2&08y1xl=?kH;QfI6l>hc2o-d!6d5Vv}X>-H4xC zDrOM{6bFtuIeGtyAzp5jh?9lm&iiDBF$*;N+#uPGoKlEIS&3-~AKEvbDY6S23 z@|}K47>_MnDJ39%`nptU+3<5#UBs-ZQu2UfV~Ymo&=v0HWZ|mcosS>pBJT>ib%;W+ z{^TOcW(1LMxBh_?wv|CszQV;rU|J)spk7}R))BO!d&4GHn!y~_J)`G6mqz4my&lx& z-M7#daIxFwxGT{1=3x!^P)p@K`)Lhv*=~*=i`_t-C?BMP55=J2=Y&H6hQZcnB)47% ze(3Ez4)(+CBxBImpE{LH4<^oj5QwSyw2%GZ$bU~L?$lXzWEvgS zGYy9H`4&Z6ZA{I7H>3k#XXWiOw2g>$JLjrbPTx-SwDhhZ4lJ zqPMDApCmI$C+fs)+dDIyh8kMKRrDDt6BVjY$U(LtNu!)~gwY&SuV!*@r8oa?S zEH%dNN~70X-Fv8>7qM}cTehMtkDP*9f;Oi^I~N3^=#-wSR*P8X$$ALP*6Kwmt5K-f z6gXD@@H@W<@T~>aN#kXYFmL$3icIJYI`KEM%N0lf<=U9xN>4GMDf&H)eN-nz-r?tY*vwLwz&pQXW7K93cHzWsI_lr( znqwZA>fzU!V`pBt6sr*!|Ej7e)-CHX?TjiSJ$H%~daU(;31$j>W|$XB9WJx$3J9Od z1caCO9rHezp5BUUBhvfQ2L}HM^g_0&A0*lv%j{b64+F3MJR>DhQz8dYQ&7-F>yfp2 zMSf@|Op3uO&Sx7`E@4abb-|pgGKFWC<1gw9sPsl`!7{Xet$)IsL*K2~M`|9YfkO5L z@&L}yw*HnxM^@lfsBdec7RHwl^J{_qM&V~Plxf$r1mK_Z>yp(N zc{}~yKCfF~A5}XFHS#x4(VwH$eI=2zTT=sly`2#o1Bp=q;#PWNxFpNF&aVs_H4#aF ziJcLa#MUtn(sG@B?%2#%ULGB%#Kh@hl3GA?Ph{U{A(WGY!vbE$d}NK?snWk-g^B7>p8TRA0KEHKhJya?^B%0?@*c~n@V1>2 z2T5HxEVt}3+x)sDw)uI-*5(Ia^M({EBi5P?A&;}l$$`VHgRdW^k=MOs4WNam8+6{S zmF+AB0}ssdMd)}^sSt=_1%%|01s}rU+1c+K`z5yYbss=K=t`z4;80ZmaA7TP@h4d9 zXZ24f#_BMYl_)G%z;j4ho0i|i<7YOHuSZYx&H+VVVLc2OKjGo{X)xF*GrQlqER7u? zo$!GNTuHAKK_7W1L0yhtwoK?PGS$iXLo7v2RaI5?^sI*bJ8`+%`S#Z`WeDsp{lxJS zd;)9r1#Y)ad-q+Mc)wdu1h|bLK^*tSgUW17Ne302atFL7Nzsl%-I9SDd;7gv8%|ek`|_2%D1o7k$+szP70jlIXU2x z5OctKgXeRAM#cn*^8G(hVZcIYVPGGnO~BPtn-yN1YTItsV}G0UAfjz9Sw$??$uvw^ zTtj&Q06@}A!vb)vtN)Qxy+Pl0P7N6(Kt1=d1miltoSywgwXv*cTgZe!tIZB8mH-+z zDtIY$Y!>CB#JK%&C>!MCI+7;Nsy8#$j&8xi?v99ZbBz)`NQzHg>3LaB@W$sxY=RwTH zBcSJF?ir5ijIfa(pY(K@HI}fcnI!a18@m)}WGO_W2C`vGQePK=Lgz^1XBV+E1955? zEc>B$FH)$AeBp1<3t4j*)jhtc{n0F^-{v5ip zuTY6d`5r;sd9nLm$V#3rKUQ|=6qIRAuYv*9vk?>^*TlioW_DoHg>*6SOK;rvVopAk zuYY~pqsWTlrA(q27(xh2ChJkuk%uLkzP+cp9%z$Dg)4ZySR_qIVfDh_UBEe|PdGxd zUqvMlkSWNi#STm{TQ-GZ*fIxD9qophMZcA~a}k=Cn|nL$C_4|67;rbrRQNnqfJJwF zCuKVyUQ)OKye`iI!VAH$Zl1aIkzSb-3nUn6Kj=)a{O)P%@#wRhHFM^#jlM*rA!l9@ zgrwexfo=K=ch`5T^mSh}Z2PcMzP-LBG6}i-zdj)TKg^-`BHn=+kY3TV35d%Qp8@Dq z?=)eFj`)`L@N+TYIl``#hx0%slY><*Q!aSLCpgRkP|VZIAxz2+MQ9Io=ygvP3l#HF9*kR?U5k1rz28q+v^cq2VnRb(*xOd{VkTET?nS3?Y&@O+umD+_OtLp zvEAwu8Z%C1Fs7{+LufC@<#j*1Ch~^sBnESckSM;DoBuKD2+-*F^_3m*eGWd;MGu9! zO+xYpEhC|3QKiaE!MHe45)yupu9E#$5_aXQKa4|xJ#azfQ@t6A?t3t46dJiZg_rt!ldey? z@9WY_f5Ad@=2*KXH#=-mRUu@=j7p4a7uOhv%KItZ(OT?0l14cf!`{^-NwnpL4kZQ8 z@5hy3pJ%quu0VBPagoUGb}@$ijAPYgTr7fPX10cjn# zf0OW^#H9qa>rWMYB0i3awU7-amabcJADyE_YxMH>v(cIuUs%%&0(mgofjrjagEs~7 z!LR>$oapQl`GDi*WE9dEn&}dhs2N9&^hjssccauz&}6j9YXhA-PLxZlgfDas%_(k!2bdVVQSWODmCF5r$y^V^4(S^yq6HfZAe zjbmb)i$s}^F(>mwCt2lSO`Xcz)faSlg2=N;ZN&baxwrQo0l>A74Y;?5@LoT)gJ0>T z_j={r(WkqEiNFOXRPVSd@}&FlHFAwn_s%Ce!?9Eb)!C%=Adnz!7`b7188uURgWaBj zu8FO_fHXc~KbalIWAAtcyIl*PT@@0q(X>^DebIKKo-!y2^o;BDIVAEn%Cvv+P2)2efVG3?-q}va5$XABQH!%D;TDs$S*?CO z!zq~-ALYo;K885;|9*6s*$Nc%Tnfo+LvYpp+2~2MB+giJpGLwiPw`zJaki5+W z2*j0e9oNtb_O$7aYH`P=9aCRKHCl*!ah#ssd+!R9i~;q=1v37pijvN$CIY5e+5+H~ zC_p32gY^yj(Rp!Ny-QdmkKn9aGX}}#r4-)#gHJG+%hzff3Enlx_7xY8lrZUF(5ZrV z!$CL&^Er}o9F#*F1-GJ<3b|2nd_VWlJ5zk0`d<%o3ehhqnZ<_MD>vXl96tJ8?w+4P z8(jufXUevWOJgwc;@qa*pSGRl|KTfFdJP0>;8i692uUH18#wBxJ7qoWi<~%k#_`%4 z@Ni7lh!?XX=I##xqm3xBM;x0x5VN7}mGxZ^&p@2h$x^KLdaf^7pL$~8dLUIA^)=T} zc>>3Q_ZqImpR+~1;Avp5VAhl9v&f`@d_IscH8XV_nPuS@BDFX4OkmUT z+g+Tql;9fnwozP{%-kn&-2HxmI%Io@iiu$(pcH%44>CQ#RJz+B^4ni95~+Vd7NDSu z!5Lt{2py^K7TJFpdTOcd)Lm5?Qm^#(Y=UdBB@TGd2pxV`b_5Evi%Vq|M4%JBRg4%M=1llCsBCMZvIq<v zJsqkL=#mA#nq@=oZ9$RFm)39T+HnGd#s)KxT#cSGbM_Iy(m_K4(t&jby=@sLa=d|9 z9g~5xSX_j(=PG6V|3Ez+Z^RenCCkq;ac%Q& zrBF?m=~W0Bs_w`2_Eg)GE!k zA*$(YE~*Z-Q$f1EXav2xK0}u>VXYmQ)|yJjX>-^=Pu`UVmxLj59DI;K$^!0zmV_me zDP7Yy(~YSaszx@us!@v+yg1A_bh#yr9-ymRJOpyYE~`#of$=m6pEX z(qvG#3M+jpCcI1FXXz*J;<3*QCfZxe=?t>SSCVG*dGHv{k1lgl?wP8sOM{gzFiM0z zTLtL>`mAi!--)vBe1X|NcY7aTp4%aMwX#-ad}!6;m(A5lKeeZBlCs;)`3_;`&LBk@ zv=$!ME2`WxX1m7ezid$%e#s$ye$C3T^f7glnwoh_$cBa}y+FZ;kWA-KzW4R=a|k@S zc<>p^ulugZg3B+J+r$4;x#~xDNS(`M5VxNI>zX&qpwZ_vmTwD#owr$7QUTO>{LIgI zUjC1KbqB4ad$m6pwA#oF(x3a7cY5Tdf4FFux7hrDyo8Y(^qJvp6gph=eVnQ=h6;5K zXHR%s#FuTmUuW2-Hp?5?upZyR?dzx^;nNZD_uI}*)ZfYy*q7Q?fdBm@z+qSPqyPsk zj`L0H7dMHBDM{B;De(U#kLENqa$FT-*9%RMEc50hmx@Q)T1;8@A1LV^6MnO31XH&b zNJ_NjVzNa1^AwQ{y8jV4`D=~6^Lkbuw3}@{d9*o)Ji=p{=s12dnkPlqygfRw=)d3a z?u?h)gDUN@O4y<+m}|Cn$rzVxwc<0+8ps0zW?HtaZ=}9=$kh#uuNMb zV=Jr3x|N$GJmSgldb=_EQdrgrqJ&d$Exjn8bt6cfd~!$_zqGQJ@pZ^KB>vQ)l78vs z6uAi1MYXG5yrq}96G#WJt{yvWW8NmK#=$W%akX;c>|x4oFB_<|d0x{%KuF3Ku_!K* zCOwY!#BL1#O6=dR7rpp)t0KvXuVW^7PTbiyA;^T0)6lp&5w3|S5d*S zy%u*MOW(HlT4;2Kb7Zd-SG&kbv99bSvb!31VDQf1@6n#m)tAOFYqXU||J_BIz@VSq z$1FCL(qYnb< zPKz&i2`zs}8k0}2I^XIkT5yH8mPf!MMoOS5vP7Br+frLgYiQK6)EyRomnOqgV_q*k z`|neKDqYE$kT6!?&lZc6|Bq4skMD|#B-bKlBS@Fw_i8!K&RFkczcIr|ba!t|G3o8^ zj*Ixg8_c{!;igBu1-ENi*mB~1z!p6Ur3BjrQm2&!J`0yUd(NzQ0c2LZd~p~07L(P& zzW^O^-$`*j8xv~yC`zd;LJ8l{jZrt!P;}Wr&Dk>^RP{8n+5OUPNuFsD?G|-VPYw)S1 zar%zApF5zLlm44V4yfVw=r$aMYBq!wi24vEog53+50=G0Vr$=>Z_~@E0mjM=+++Zx zKR;LfSg+QnGektAIsVIo=5d3ByDTQ zRf62sWN5I3vTIO|Q^5tmdD=rgJ@A(?{3uyoUp`&oMx*w}Q(L+Fk(g;Vk^RaAd(Q}`!7jnIRUnbOKU5Jk=d?z+WYW(|l^QEr2sq9K~ zbFMymsg)oJePc&4)o5!uN}LI-^6J&AlxzkQF*oRkwzi-@eJ6+Iu3}QxCfdLWcM?`w z|FoZgUc8Iqu81Ci>Id~!JvrE93wosXUapT2Mi?nwQ+HktE=kmXW1gOFI(2eB?gAUs z*8etmHTFh*)2Z|6eyiSc*koVrFOzMNrrPh&nVeWXvw`)YbIUWg%~zWQ`!A3!W$`-e zm*;KW6#vlngj|1OMhOY&)~fv}(~aZjeY0NjTt7@gHp2h0%Hy7^2N*_**Be6XZ|yIm z(0`GFtSO}DtyljA`PIr>)}I@WsCfnn&&kuTFmmAv7cFv{`dkz5mis9tHt0H4;G04B z1A>R2LDoK1XXdWz!M^q?s$_mkH#}RSRva>t(wnm6EisL5hC7JO@XMxWcIXbhGyVmS z(4^y%uIlpO|629`!ZJjQ===|u7-*gzL>PVg1M4LkqVZ(I*n81OdFD$iWbbc3y$$=$ z;>rJPW8>B_s*g&*<0L{bB2B$2F&?55gzdh41G|`(GwlhHtZ1JAwl-1-6HY@$#ZQuS>=TN!au?+X$cAf@x0PaG5B4D(}R$Bc_jfW`{3Z z{`U_e`H2AiOs-%37J&!Q#Owpalg5mrLSbvB;9sr z)V3x5JgddQRI8tT`aB(qWn5khk2KVJx}7u_d(Z9o!#5-zxR71;p#95d3{_bQ98P)>QECk%R*^QF7gLArMqGjCw`|uy zkhHt%`#Hm*qe~n!61Fs{3a#F`O%r!U`NcdtZ35EZ<*LeOozo9YlSffjyI!5QIITxR z{k@w^Cx7S^-z?An@!d?p&#oTtX{1*Q_^mKEvLC=O>oJ38#~;l{l}kD+5LO3BuH+yv7k{J)*vOx0=>7K>i-$i+!{>Ct(OC7#cg>a)6Ull#Cqo~4S- zSKg7mKJH_SQO$hCNw-;E&@gMyfiO3(-msdZ-un^O-Y}x$UPWKe-kN0F{t~T6M%Kw~ zkIi?_MFlbpn{ArlH<91ST*S*;saApIt>vu-{(7Av<;XihqFm;o{T-4huL;;HQ6Wc0 zHk*o-A;(Jz-^}6yQD#BIM`8~0Ev4)aeHuZ{d@W10R1 z%;rPya5y#^4Z2_Y9WPjiE`Dd9Q!^zT{*Wa0qTz2cOY@w=*#`lBW@#d~TLTE{2w|Kj zvUt2{Eif$Zyk)a|-@}D(e(hfb|>e1TOKnGhGCo78ZWMqvwT|GQB z=8QaI9)9|@P;(RbbcgwOk(SKwtUCFE7}6@w^aha}V}HtDST*un=(aw$&r`efnr_-s zYg~KJCv@e0Zt3e(N$6fape&jn&vtx&a77enq)AwRZlCx4^2*^qk8i(&ik2@gLWkp& zW^dZ%m5p1o#o(SL?|<29k)eO#YW|Qk3HPWD(vt=W>9uJc=5>nK*Rtl zT)cC=Tn;%}T&HE`r`!o3@c8#H2fYQEp5OIvU)muRM9E%XZJG}U6b9Tdc;C-c75~+F zzI%hy)crs&h)b5ECV`MK$otS+$I|$2;Ioyp-yS71{kSh7@q6j0sB8bm517&N>6Gk# zw?c?9?OWXs^Hj?{UL&o~(4}a-H<xGrmSFZx`}yJ6 zZ<{w`Sza}bOcTezZ^Bh!h=-+Iziz0&guM4e+(a{!0XJ#fJW}*Sc7e3h;FL4}u;^fa zH&w%%AtCOx*C|C#xn-cEfJ#!U4=jqV_LG5#j6NRfNU>QD-F|T>OS*lfS`sl2O-FK&GOOuYB#b%jRw>6CRSj~0#{fo-&4NiIybr;X@+Si9Mk}KWnP>Vd$r!u95&pb$3 z$qg%#0{eW_`VVnLDCw%w_Fw69aBujx11 z!x-y(xAnNbJ`~Ru5y!fARZmk4wg3#xt(m&o2DTgMq;Y{Irzx00&%PXv4IWMT?d=h@ zUv*38$@$s}b#}D2-J&hUBbO}}7Vy?@z+dV=^Zl27kFmUiE`Bdx?ll>;R&T-9^+ft^ z{w}5N@=CN;b538lt^z{?vBDWN1B?Ar^nQ+@9$NW;4(N2H(3)>KqaV&rUFDHg)X&&}8^UUJ9~ z+L&a-%y7c}d{)YLKmpxn=0Tp{^Z15csHr)sGYq9<(u7p&fK9%!uiFWDB21T+pLr)h zmZ|C@*Z2~G=ZlxsC_idzgI>Hdo>Waq=e}{u7rbTCvZYQ3?(lrx`8d)v8T{4Mxb~}Y zU3oKod6c?=;&+eUx`tfAv1TIr@h*vBq`}n#s_xkS{9uMkG6a3*J5KlS*-TylR5kw-6Dsq zBGK#a{n#tzqYs!7=!qNz>SV}BVFeUuisWahCozk68i zK_mUsnCzIuvOM)qUp)I^fl=fA{&-{X^`cb}z?Z%KD$qjG`TdV)I5?5{=pyay!b{8M zRM&M;73vB(hBx{RL^-E{dd|eNwg$5&Cl9@z>#KLjD5cfZbD)y-8a+n>{{J?cz$AKc zKpk>9oiT3W!bF=qF!f?RbcnwyR5(@+C;kI)<`b+(k!h!Yn-=9X@^qOr+yp^Ozo$mW z{D!&u$b=r=D8{}t+Qr-&$c`bD1%eo^evozBPmqlB9$$;y)t@R zK`YTMUJy*}9rJ^^RWqfr`YW|{;2REV3<(LshJ*NT7UK4d0s1y+qYV2m#FQyyo2kUX zP(S_aU_f!#mQv{L4c`#uoM3LVX!%^%w9Lwv>CYKJ{P4SJJ9}i3)O@QXm0jR|BKke= zOKTBocSPiZWmUK2*S|WkxGwhvhK;A?7?2yT_ob=lneZbR(vG!B4sFB#dTUg`U+tHt z9aADtgnC;l4!-}UH*z%_2t?iKL6K6Gij$WN*GVdaf%iwZ^X(nBfwH}qHJwk>Heaos zH=zg7s-(d5NY?E-^Pk4?9&=~pflSLmrfAn{TC{xeb7OY7*&8XpZ4)%7i?rHB)TP%C z*Spv3e|N9x?igw7+q;=gd$1HsZDvZstxpRl4~&SA_B{4xWIYHX=>B}JT>0gT!$z+X zD%?doXf@(;P9ilZFW0#e&5D)#*6#66MUI`|^Ie<3@vo9Mr~A%meTkJTK;xp2kQokRa$lQUad%|HT)+W>W!x$(w_Th^h)-+%MG5Q~4G?@hA&`6fH) zM~Hbti6_9>cDgh2w6Y;1(~b+Eadyrs#yd7PdM)UDm#5?V#$wZ1RaIESzZL(UBUm59m$I04AB=%bu&iZng{VLaUMEMs>%WRLBL`;@TpP|%tOHkS%i96sekdwIA*ky)7Xd{ z2g9{b(9qe`>nn_v!tZUqh~2ordb{LPL{X}^`e`a7GE7mdmU`>}9D^tjV74;}c8gDw zyP_8VB85$ee-?}I(sfIF@eJfJgwcYjs(fIK;5bl)o0JIou{bq%$tHO;cMUhEwDE zSElMG_s*Sn>qkFKlHHu&jZSl7>w|i9%#L{@mO`|8PTsdKxoq?bt_tLyPRJ3vDRW!|uyw0@-U)S2^Gy77mN};KBp`R+ua%I{62O2+WXpy`lyG z!L+pgrG|Ad*DF9HyqjNe*fpWaQpiZY1$xupF4@=nE#ALoSKB8*v*m%=flGcZ|Bp{; zW>jAg9lPYXm%i8Ga|lPldZuibl769_^_bW@9Va22_((EDo#*!YrHCsm$ICEl`Rov< z?QuyDc>Ie_$5a6=B^-GUf!H^HLzUiFqw36+ojz~&WE5G)Y!FaoD7T5e>^_VcO|?$F zrq+>{XmGr-akA3uwR;)2=_Wl=A+YjN=6}bD8_CSz2O#Y1`FVRky4)F`kBZM7DJEGx zeB!hkd{fUs?{SQ^#|Oa2OE(NjgYq%UxLRtyevtum8aB7{i-e?7Gk1<{Wx88y1z;rU z)x2TK`Z(?6i1nw^_kg6L$1Z6D9X5nB(l2Z0yK(nZan3wRD3ecdJl=jmMD~`$hG2JS zi?AA?EjKGQ16VWAJBT0AY}EjaYTV5mlf$|RGzT_M>#q-pZa1C5n9f6V_oEbtV?#uM zds5Q`pvAe7jdt$gmWoR&nKi9vZ_}!Y7bp6KGIItDiz1!xpb^XE&XE|W|o?bDW z5j9BQkCafvs6F>J84Ll*qvVaX1*^$lZvj9h;Y>oFC=A-6tml7A#qtP%f-?(wG5Ud1TOY1o9TFYw%&lfa?JXVl;JFVkqY<1oiv?u2vWWd)y z#67&w=*&xaT}Ws9`ui4x;3c%QZCeUW6?|j!1RGIon=no#{;^dTTe-T#3E=_smk|;9 z!=EB(g%ae+Mh0TAgo{Vyn|ub+!EdR~fNQuSU)r|ftdYGVUa$hsuF5B6i+b_$iq-h? zF%^Ye>ql+37^C@M(-{F=wNKSq#rf9UY^zGg%QSY$r`Hb+^xR+GBqx`b2^u6>v0-F}lsTp$%cc>hxJ&ZSxX}{FX3H`?t*tea|CDZeUO+sJ@ze&^1 zX}EJR+x#96%|S_33A7%jBoQadBgPDZ{;P)t$QR2W4AXfnDp7DBA&cKytOmOV7&!5= zL^%V!DqAoo%5cs)VFh%U=3Rb_ajwje#)0iGsR8I?s!N)sB>C$Yb)rpo=8DY*CTUbP`A`hUcCm=GYtmWUMxdPz~$BMcyyTRILy z>Dbt)zh#Y5M?ekfnDycJe;%lq-~actERX**P(5@-3(2P#C&IvSj!kpq`d3|HsukGr zdF(3XyQ>-9(J{%$K|r<+1yE;p4^I(8<(qC_=1Y6Y6i?f}u2HZr zd*8b0#G*ga0o6=c=TCG<6z%ipfQaU8(X9Vcbl7p?V@KB4&3+ht0*AbR7u$VM{#Xi^ zFcdBTU8Ft^PJLpz`ba3E^CD;{?OeeUI;qVjJpM{)w&LJeI7BkwrTs*X@mHWvoVJLo zJ<3)2Hva$%ao)YVdDMN3LCmHoo)hrbU#5Rb!lx*o>Z!q4DLGP^m^ISX4y04{I^a6n zJIFTZ-lM%z?N?vx&TdC@m;5>MI}hONHjKCTZrK%GuUNcxK%=~aXVm`{>qMIYS8QLs zX9n?zGm)_|IyX9j5Kp|^`MFSf1J9aIBNHTYJ<1vglXaCAvt6XVHhO?sq8aLn(3(MQ zmTr}CC9F5y!o38K7sn4VnNEBVx)l4H(V*vmb6~B-Ptx7|cEEjYM41s-b%?4}+G8aW zk@kqyy}!a{YXAhY&c3%h;N`dxvuGv-k`3J%Lm+fH%H>M}Pi*{T(Ps_PDvKBZ$Vw9= zN>X(A3+GvGUBB}9HQkiY>BJ9nw$Rh--161WWEh!}%sKTxXzHsiArQ2S;cfZVqFM4g zeJl2|=dxAfuQ~rKV0)veX!-kJ&_}~0Y-*aF(LKzV#Ya^-=A94ww`x1r{AOQIJu{uW z777}taqtKUJ-t?rGzvzt| zt~hlYQqX-nk(jeo1XJNR6&r1NwJ(kM>{h3#qeH*2Ae$%d#Ov9OW6DO`?vxOuYv>L^0qGb( zO1i=Q_^!3~w~u45?+?F#ndg4)E6?*fFK43>u+!hkF4z@h#1Rt&*ma(O=<44wp1P-z zAtxf%n`r;UAYcreQ0g{SqPR2X&oh!uk8umeq2#P*n#gy{iLo)YMt!-cd7AUrd#48I z@;KPd{7<)UTj+ci=k(CtD`{HE zvs}{OU)sn4AOC6MuIJj~%aq1HZlw(qw4{TwM_Wa-gakDAVA0(bm66t>0&QDMxh7>Y z%O8i_lUxQCYPkY?gw>@0E$ByKw9eRC+Ea(V9WtH(Dz2gRDuOnaqAAelw?DSaCSTv0 zbve9OcLvF|7cyK{BgjJW8*zx^eMOv?XILLht^)wh;&(FI%GIW z(Z&|j-}9;{vUaQmBfVk2=e$lOgTpU;#$h1_&6Eu2T4z!wh=o0|sg8#z{yn=!{T3{+U{;wx71JZ92=$7f|n~A9x z+SuTojPviB;|(G}m};^CLqBQ3C-%3W=m0-kG`j{5j-i05E5m0O1s&u{?xNoSwod9G z?d*{{B!czV)~h`N(I*`meY#wO7D<)fXoz^`?Gyp4p|v&Omv`Csp{fysvrU4!V{c1J zO5|_O8P?NmvU<-m(_njtEHyl$WC{T!Dw$G-x3jd7gHx|_Cn&li{3S7`UXLZXJz_0h z56_QLsPYR6b}=BAU~A3e*AK4xR-ki1S@nCq zQ<4FAaQ&ouDmn_k;F%PuunY3`2pJdu&Ol7OXwSR7+PN6OH$Msfd9m^%1n>jQtc7Hh zB3|`>sl#XuD^CNSnxY|Hr$*2taa~_0J@16erRbELo@e_Jr)y5?0B8GM53V6dmMEw0 z)Y(=bOF>9kWSlgvqbLU?j@p?sA@e52+v}{Dpd*Plf9>K+)ugXd2*>i0#otCZ^&{9o z8+DJWfWtUu$Zj9kIDyw`x}EQ2FP5yhJzfab7kSvw%(813VhUrv?6oAfek)0Fwwsie zN0IqTT>Kj7kpK3QUAlj?VKJ!Xzz18~W~{qD5#L@(MW%~Mae!e!I@^_6YHtF^)a{O* zroN~L4_t#+5cL4}0yBC%eH}Ftc-aWUl}9{`<+W<&r1*o(+3uV%adz)cerMZw_@%t& zwIzu&E&_I!aneiZ{2*ffBp!vcws*qU)rBhGm=~EuD5;!|~n!BuQ$WkO=8xcIr z$?x6u51xeyflNEHHr*_N-l8T`bYT`U#6=^id?!1$;@>16cPMG2I4nveyrpCnKcy>< z88k|e&p`gZHf-?G(IC~8CNh^T#?gJ^rYNQ5rd`;xbziXNN&it*O<{^laFE3l z+1CjSlGb56v48QCqc_Yr&(w89`|+`S3j%r?reJJAByZq=k=WZF0XNT4p;Zn}pnv*0 zk-NR4Rf80NhXfQ3!A{LaHzM6M;DhYk_gQQ=g0o$7kF2zs(2`g2K&}9Jxo$_n=rRSyJPvKNcqX?SRN}*Z!tU zrvtD^TKp$Qa3YacfW}9Tc6KrnjCameVbQG*06buj!7&nNCn-6DwKE`24dJS>(VYf)&}bhp zCb_QM6JPQKbxCT&2P{n_=}FLoxXXiVO_MZHc01(;j$D2Si~5Xf%YBHgfsrEgrAv?5FkN2I}ASwaV5V>Jh_MPToo>#QdEP z;&gDUudWT%n_}8+V3W-y6=XCgZ^k+97Zi0T-@hK|U zJE5^GoDAu5>TE&-=t*!3OUBXy?%z%zmZ*hpz9`Iar194fWsi4+g6I-R}s3rQP{^Bh{8 zwnfg~NC|bz{6M-soX<_M)Q8n0MFP&&BI zs6%4YljSk5BJ6;BYXt~b&#>9E$2zW=n1y6z2)q=^=)tWl)UZ?x&`=@2(O3Gy6bw?lz-7!k%^EdxN71Um4)Y6j&{I=bZB!{I-QH$jh*LEAHEn+ zfMns-Pw1}il-UJ@2y18ddT#PxuC%7$Px5fHX6HSWsvxJtKp{jS2D@{P zKneH*Zc25Zy5YwLO(tGro@ZcSsNs-lM01V^{}oi-L0Myke?X0pEE>&- z+=*m15;%3us6T*ZNZh1Qc6?=U*Y&O`&wILptURWbVRKI^95w(u81lS;uXumInU|oY zkT&13H(*x)al!P%n=d#vKdble$|bMv_|3zYQZ0=5eJI8<2{HunV0KvWzPh&((pGdN z9-H4e?Jz;ZNF^8eCqvGE_0IlDjFS5%9|3;1QG%IgDu`oh3m8x%qCL*fUW*Hsi~lqz zNg7E@{2tY-Y7qGVbF3)#4hz3q@XP;X=4UWNR5d z+}Jl>x5SpFTpRI%0{Y3r%%=um2o;oG<8S~n_BNSuS&w^9fgiE=<`JzQHVN3NNQ+Ou znFO<)Kg;_-7oSq>+0VwkV=e*vX$-G+Y4dr1eNm#B({}884Qk%sK5S~2_t-`YzjYQa z&vY-Fr#h+IX~T`JOJ{XIeS-ox=fd8{sXI}yLs&NIyX(ogxG$;8^sl;d&n~g)FAvE? z-lPh~KuC3rjANuu_&ZwK%6yx{Wr$_xrcz!t0$aCt+_+kl;AVav)B<1ia5&VZXLyrM z`KqpW9D-UT=F7&!J+3NWdJShqELLHd#+n42c(bnW30ON*VTNFJp&&NuJl#|*-7vSO z^!GnI9$cInaV%Hor-HD%hmaevc)H?1pJ0*yCh-&{V zExt!Lb>HD$pRf1jOb)B2*Oul*SU=Y12B-~7J`J9pdF?v8w##}Yx3`-?VK#$iqj^_C>8*ST*VM)p_$JTW3vTfPd zr|H4LUTI;9eJ-TWBk>^gI&MfTVFrk79F6vaqGMI zm0jv)&Cc?bZ>pFZXW3BH1~({7Rwrf4QqPOtJ;^%1nVW@Ec#r7O;H?AA88PjGTFZgN zF51I)X&C6feeZojgGfkpOxhgilE&XfIbuw{)3TpXAeQV{qF_}jX|^>*XGG&6ghKKdfc>c@V5Jg%vSnM1cbC;mS1-vW%DU-{>o7W zN1>KI3>9W{`_&Fh?Vy=-+?6t%PQ2Cvg@XwKf;FoYl*uBik+95{E-@$Pc)KfDtT?s8 zUfW8;JZrZrG;`H#ZbrYj>1ejbj`G^`1u|gV@Yt*J^#Y zU&UGR77uMW_f*D{to4PRe5eCi$)3L$mVp{^><*1^B)UT%N7IX7#!B2rkJP#uaz?gF zS-rMm;+qK?8saplEGv6e&!;e*jyh6`HwSit!M02(I(JE>DX*lC^i%n-Uc@K7qMN05 zvnosw<~ocffUqXB;}-Yo3iHtOGV<9NBlP1hn`}353~Y^^d7Oz-%04&)N8s(o8;L7< zLkL9*BNrEqy3`zb7~Oe(DxGP(X?@|vg)e+ISGr46TAX_8ZWmz?qbv-T+~B9`K+NHC zm}#_{(GGju)f?LX=;>CMiZZ=FCw$!QGcE-KmN03o5InOn)o>-cBk@v~-ja=`6~UAP zhB2#R{z%h0Uuu3CStHv8eh0qPn=;IQ!*6>{%VDLG-u582-WM#gJG0epYgK$sBZ{pgda<x8bTaREF<@Vld| zN8|S<5((FIwwkB8Gbo3@b+)#T>blIEs2TmQi^e7)XUA-YFX1K93sI{-P0CU91Y6u_ zl~?9uOM8;^a{X%E%{@;}Gpe;BiP_zUyGt`?@`pQL9JiNe_+&2PfFY!w?+nvd%&u$R zsiyW7uzn-S*bHOvd3-MZqO#-YwPpLAsxoEEX0VhA0YK|tmI0s;TeZ{!pPN8$Jh0Ih z#tS7P!UhN-WGDBd*Y-k~GIQg`N9DpPY0pba(fj~w$M!pVZo_7yF$5Hxw32E{%VqOO zC6%A}T{Z%jiYm?XS7FLz`OF1&NaX4TCj1v`iuqZY(8qkgBReZAiUD8d#uPd8019n3 zK=g=EGH@Y7LNsBuv|c^maOMCTOBTv`y!tVUuXmd21ekTJa=P+&kjLr`k>L9&aT^Sw zl?d^(%qcLs$2>BnFbO5I6OKgW{SFM4 z^NW7kNGqrKfs_y;-E}!A7~;z?CUGNcgc$q|Jx#F~Tl>zuPb2`QkC#%O^^w7)&A^H0 zra$oQO@b0#H8NSheJNGHuhRW%Dz>T3BZyk&H#i9iX;et3$?C2 zCthm@&0AbZ^RA<=E%lW@T9ZeU5NGJ7H3JvKxmUI7v6v0C3QOJ7>l}l6O;Y~ zJy!B4QNsWHDy1N&8o7Sih^qrxrO%9w3S zVhVCNTj{>D8e-CD8n=>v&((e0F^@%O5c!Z(1(c?JKj#tpi)iZV7^s?el?oUtLmV41hvz_wZrFiY2Y!{l${rT%Bj)@DE&ntHtN_^NAG2y70QhvR!g?^ysTUJ7){!q~GWTv~op^tNAdB|Muhh>4{y@2)uWaL^_bwM0;% zw?E47+5?lg*gHAgK;;*}qPcov#fM48ye}usrTc;h1&?ME#&P;>1cmJvndaNwyI(ei zq0bkd!zXND6-EsTx3Ej=KMa1iwiw;0fkD2H@1)jjIy%*3#GchBtS0RWTb%ZAcy0_9 zhww}~PF5CYd*NuajU$VCbPA#vpbkrvP~QFp%whSo?uq=12UbpV&oKeD0YFU3yy?jD z)yn{*bEkWS6!YWLIqXE8oJI)q;vl<7Y&37FS*jy44%HiLRP5-z(yiW}NTdIFq`?RV z$nL&g?VcL%2qd;-8^o)^0O8{Ag~gCCLSgs}LNZw`-9B8fXevRhq(ZL}PPd-Wq34`s z%!4Jkj&iz#c6B^JUK7_W2yRL6Q}*?WHq! zjSZIQIDITc3T3K{w!WyNsgrF#IG&>Kw!9F}TuPW(85-YGV)~xB85+~!NB4JxgM;MI z2nWOHm5kH-JTx1ak;md$&24k%QzzNp1d}%J!5azDvuW-4#5x}GrDh@Gemakgk$%sA z^6T6}*eGO&uYKcj#o{cY9mHe3_X+RX^H*Sy3dOiyO)CJ2D5CyKy1Y~ZlC03H2W8{V zj0=_ldEMuUDxxj{;zfVA@$q%so7xD!_q^QT4*2$*3ilWf#f>$ll?pQ_$@06Vva$x` zMg_G>*1xvP=Ey3--T}4ylX?zTNf1SbKhsB&1}46778^p8Cp!@hUfTC|~uM)w58N(8Ju$HeuO znG0J$IB5JLMM1SZ6%6tC-&{VIxF2z0ULwq{J{ss&H(%H;%{$!W>f#?^rS z)S@lzp~!4uUaii?zR8b|H+*En3{z(9%8NChY|w&u4hOe|Q-)c9j`C5VsK$uGleZ%e z01c}MJl;0yU!o>}28P9g@7QfmJ`th+hf!4pXtif9uH4ofSOdM z??La=tt{n7+XE*bh=UzVawdQsh&|g8&YKUWIxfq&4*a*Bt|q)zS@rTPw;XGDSmkg@ zmb#b+C*s$GS#I+n%vqk-m<#ipng&^d#M`H}4i4Z!1H8IYGao2S;^dY~U~;|5y$Z)> znPc4DIcN}2&0MAQ4+1gxyy7(&AaWvGWcFgekcHOTa#sa*fOHZItnf5l3*$HJfQ zRu#*2s!M_w>^DmA9PEEJlm4e{IU*DXl-o~XK#noT<=HWplDcE>O)b@(+sT(DtFnChP~kvl8+juk+PJ#pooT9+P5icvM$vE~ zX&CKase&N_Hc~&=MTK`Qah%fTL&}Un zSBm1VgnVH9BQ8bS;b!!}13ekzHZ#E`hCnw+B1-ggk58cQ$i%uZ_XT3Sbc~(VgY)9* zlyA8EZx^})tgqgx&{F~1;|Mr8aQO*)qoOm=sKzBASdZoJna#NrVZWBls6I{|2g@&}ZnfF>_c8(3@Ht%0w$BOrQobgGQalecT=a`3d(w7p-Js_g?JV55OCa#tqc7wbN z+C)6hAc%xnr%fX~p%NHfx_KFmY^-FntvtFJVOBnwGwwU}VEo^$Cu%_gbAWdtSKjUV zzwMaexenwb*tELq%6tzn@L}zddO!z4KO+Ya73KIGeny1{qQf#hlWFYH>&Li#{Wzp+ z1JxuXi5f_jVZqoh6v`C*(!&Dn6Q(4je3U;hiGG@;+Cmt0s0^eyod?{N6z8vMaMBMeEXu{4i@=vcRWyb?IX_-awntTDKCf> zg6)LET>T34MdELS!{Oahu4;=yusrm6MVSycO-iTN(nRc%$)B5in%-0zW>MDOyknZI$^Z-l#R+2?4)vmcASZFD)nCO5ZD7ruHOnSmHPoREg! z29Qt;e1KZk)V*|GE7?~OBG)!f4kDd8bNr{evB=!)v+S=l-(J^cfx&DAkO9j)7bl+> z@0-THEok@!a(ostyJ7gvCoEJXwi|Rq?^-><|986K*Gw;3gn3R_2P%@PaKNr1uugsCbia%yZ|M&z^^ML~Iw$Paa?L<>0r*Va^G_jT@H5M%(Y*;jJ z4Q<{1^`*lGt`coCpZtLcC9GEh*Eu~-N))*+n2uc1U5t{Q?6%FPONTmsj7yVo!c z7!jcjbBrJfu6(MZ=(@~CigkWq(5KZ-mR>AdzUJV7TG~{;WrpM}?(xSEL8!zbDDtXt zIj};xAPoaVa&u&n&XfEy8baLT!2~8VRs5uVzS0(9NR1{9`iFQXQ8BgPxi>3>|1W}w zN0if7v({&OK5uNnPzGe;59;c>ncE)U_oZXkOn}ueeOT&d0t-|-5I@aZQ(=D3xjw{@ z(yyyn5iOgjX%WOLmOA8O5cG39j4lP-F5B}Rc0Qsl$4#h!MMvE48i@&^eS5C5qJ^)i zh9cgo(8D2*ULOJB5(=$_vAo}A4#K(Ut<`_U5|f(KKBd;kCM7j$`~%?2ApYk&7OXJ( z8NSV8+2w$hNF=`wIVMxF{rqs=zxdA$u6E{`+=4h*_R}*s5tO)d|5o|odoLpj*`g+l zpvGJ314)*(A#xav%8xHd@4DmbSd93;U-9HKN%I7e+-$^f`RYdQ+P*#YVE#gez{@_4 zafDVlkz(JjAP+5)>8*Bs_XjAcLI<2&xjbZw08h>#X{JoqfZnk zdM3h!nR}D~6`T6)6?*+2wLceRzsK2Nq-P11y=Oq|6_FIb^unT*<506FI4QPrv5QMqh8b%}bso z8to8Yc-H{XC~jj0T=s7sX)Y7+@UjULwb}DzxB`K}`G4ZY&jdgeu$t6162{&InA&~7 zKc;57&T@dK;`W1Z>)yF~(i16zUo?-54MKY#lf2muJyU2fmqj@-M7&ymM~%S>-3BWg z_uxI?%#saamWmyrpxA;*3psve^!8p%op-3I1HY9I+V%d^v|I~5FHf6IZ;-2kznr`SPZAL7Tn zH5r)|KnE$EG8;`kX6fQbY7s!w#cMholXJ`k2%n1ul}ct?A{7CdDY_o*B!F|JsLwn9{?_UtN~wHae5K* zS2;N-B{#o#^_Tna-shv-{F_s@%QfQU-1Cg%^KC~?Z9{tzLh0@+S9(&BwY_?S*UDuZ zG$xNFCub(e#g^aoX$B7r@O)GZJ@LKns~9O}8s=Ert=H!sO%H_y+=WHQwiHXAe7n)F z5gtr!Xg{Ps*&Ak{ocbj0v;On~n5J;x4*QViFyg_u;;7LgA}vs~Pv9eHlDw&EcR^_X zXZ^0Hs87enuE-=%E_c~r*8rC7=xp(Ng0BC>@_k* z7#Zeg^TBAeWg-f-hm|EB7!)Kp6>y{}PtVR!Y8(rk%+iw{oPrg8v)KZD&$&;ZzZqmn zxHuWLhfXYDf;_U_&iew2R&wM+M-_QZc zMAVaG4h(o8^;lp7sw~DqKS}uAmMm&uBN+{VjcJ&kr>rpchU8UCh^4#th7~drL*?3~ znaAybTAZX6gq>#*!~#p*1=5ax&W>#>J+Ip*+chG}4*MmXKkR}XzzO$wJ}*jF-^E^# zrc-NYeoni_0asFi4`klqq>2GomA2Ve8sCy_RG^3h%2rZZhnUbg0-D8d4T3rI@ravw zk_!pQiVl%q5UCq-tS2s|{XmBxe9Od-X5Ykz;#ZTOr(BYL4KJ~&+is9dH~R`uqbSU8 zne=}9o{lP9XRawn6k%4KvmXE-jIPJhGQ)V#>9>Y#zHCzkM={|was^kto# zcDe#5@*Eh5q6%mlDmTveOGo|Mj#(MlM+?-yD7%>0@?Em&(gN_Px%ue7umv6D#)$x&Nr88m75&7nMR34 zZ^Ed%7^t{?R93tAe2b-H-|)9q+x`0hz$CN(nxy?GAVde9#t1{}KzuJS)-tc5HQKXv ze~5`@9B1Z7_G6e6U^h~33qnu7h&9u-0UchcN3SU$`HUJdy<8%zi|3iuwuV?QE0;sr zvwc)0tYUk|xcRQZ)FH8eQt>SO+>sv-Eac`5Q}VCPFWfLj{Ci}9C!xxE%pri}wBGx<@v_g$B8(&lybqIX-}=bjJE*DAox`|-cB zG70}-W!}Foxu$gA0yvfp{IWL{>B5PZz{Psq3f!3=2Mn|K{WlS+A4cSmF^i+{6?Efb$D97%CQOWml}=YF_|9Q~%hgZ$tGJS2?7!-<^&gIUQSbZpLN}si z5r@BK^qal$UOFoE-DD#|rfC^Cd)lI$vfXz=?VCD+YDWUk7kq>@-e{BnRo=J9Z^B9S zQ%>%d`eWABY?ghiEc_a3)f0InKja0@w{v9kl5cN$`;l$7sZ+4ICQ5oxN$#ml&C!5f zWeYt`e4m4d9(-ZfU|A)8qx3+-R*73fHYA3GYQX||0Prb1=5rq)C3cMF=1Bh8*?*q@7}>D=ht^iqZ-Y!h-jn_Q25FO*VJfkAa+VsC zlY11MHkb`1zF7R{t1Bse@iein(y7gQ`YStM|(4f0==X6S+*_TBU{-;^Ql{eY|x!OY;(G90($q5!yXCv^zfcMHMm-JA zd5UcA{`1iPd53DLKNmig0_!=hZYlY#9(|Ei5U63|8lSgN0G;hfMD=Qk?2G%cGeB?{ zZeiN*kL-k5l^@C!p3(CQS4Oiy5`j@1SuZJ$SE@~X>`f;OP_f^b zv*&fM$WdqhI8aG1$KME9c?SY64#%;5{-MDY)1^{bjU*2tgX=bTmkf{$8h}Fr!fUgG z8h>e84U7@?gyb`PSF`@1WuOF>$?Ok_QHeozI+ZD72QF z#o(ug)4}tze?ACCVv1nPfZtj*xk(a&jOn4qc-N+1;>m#%nt)mcgZ%`0&# z5ttaUmhPG(Kx#eLWFmSP8Cf2ekrn&YGX=r(+B}Drs!6J8My?Y31gkh%tz^cs%m7?7 zNATz^KnJSBU(0wZ=dB&bazOCST%wNF2xALnW7M@rNXxb1#Yf9HAEu6K~ghX|NDjWd7+SlAs6}q`Qu$Fpv4sl zLP&o(MmVeH-g4z4Qvn*^p5R7wNVO4fe6n^hx4K5((Fcf;H`15pOSlmy5(SYFjS5g4 zn|6k;Wj+B}8Usc;_eDCR6L1Nz+T7CDFP@N%A_M9Jg9Cty);kc9bpo=NxcS zufJvRe{B+~HAI?E#KluSaZNOP0*q;eFknTUm|F_CZeSQp0JZu#MUbLOXZ2))fY~xJWHu8_}%(%yCkac>Wk;qC$|6c zv|lX&0k2%Gisfpu-5-v-*kB~$~6b#l;AS`P7l zi81ccfpYQE!4(U#Rwyr?(QuVm1_QLFh~i@Gv^DC&EeIpeymmTw*z{t~@ia*LDwN1( zd_wKxr=%@rsW#EogY2%vhNgt9Oa>20i@R`R_M+c7y6%KC{I9jyU-=PMXZ{ks8X(H{ z${d+(dQR#UK0*_+TG1*C$T4kPu(8bS#_8$oiogEnp#Of)PvHC&B5aKKY}5Cxf$xLG zk%nLiXAfV;=j|Ll-NqVi3#H4kt+Ltg`=O7=VvQmQn=my!c{OdpPS(4f#zlQE?;_?b zZ}RqqQ7#R-j{O07tG@0-srEwRt!q99_apM-nWx@FdiA_d(j&#}zsvUc$cvvuJtx8x zYu7k6DiDYr*v;vBnAT5&jVCT+wRsiy>xhYK+3_~(KUWX>$I4OQU)P=T-|vcD<(IED-GRlCGi11Rz%BOqaV*tVRGGv-4w z_0!0Bn-GaV#;XyWXCFiVh_9~kkt*bOU##Txa5Wr5UW)!I3vtzskO}Q!A9~B5q4x-j z8#|Vd*4M+PX0vm*1R1R;dIot$TWr|Fm4}9IezVa;`5=w$c<6XiCVoF9<^$9d&_3zBfn%kv(Vj>2XMR z_7<0-a}kBD=tHZG8ncL}untXUywMT^Os~LCbD+Evv6_cY&xengO<}VTTG(^fmCO#a zA8|ZbGX#7}MFYx@J*`r&IK1CHUk%#grYO%A1a0S>SRCcy`c&uD37oKZw4qvbs z$0h%kYYr0>$U`|dY0}2xiwknYF0Zu!KrTma%?RcufO@Kc3EJv<7J^mJBTb|*&Cne& zpLKu??QvaQ(81m+QZc&J(o_dzQB%3PMDu>nEn$Db?H(WkYlfE0Gi`K56!RmmMOkDc z!PG))A-rPP>|Egfxo>>!z2DYWYz%O*3FNu@(?vs`-T3}aGYV{tD-;R#@N*L*Ai&ib@xM6#~poU%W0S1+T~e8 z+hn1kG{8RxA*Q|(HbW_)9q*VAF*2;iZzMj?o7@$99Gk6F0%i=6f|Gk73`Bc8*PYL8~|L z(b0>w9h%=re}`6zKTR)smbs6YhHfvSPJ|yH9NRgPU8U-EKE~BdzTINeG=ZO~ddv*! zib$K))ah3yXFC!cWk#$jX)lBPJWemUDqD0B;|Gb$;@WioSg8IdzMUqI|Ke_!NM{x~ z5z@%Bh6RpBnwh8*nqUUc?$3nbCpYr6QwK;lk!4mycMF{Z*}^7m6`A?qC^O;kl3xe6 zqG`f-YmwN6(2xh)CM#J0k@LwNpcwcu(zce|+(nBMjTHs`{J=c|p&J{gV|^qyAo6jB`e1c)R$SktLrgBsjb%(n z;<(>@6e#6YuF7itS3I|BF9Lry#f0-shpTUSgezw#^<0!f=#Lf!zXRRae=->oD6b>Q ze@QZEW|r=sXZ*1T7VzA$4h)^)_KSq)J;i9d#+Q%jAGW$u7rSgJ)6~=rI39YO_)?yT z7cU=1@~ohh7NrXzcF%3}q~I)&?cFUMxBz6aI8`m@M zf-NspU(y(N$l_<02wYqU>l3Gdo*xVH#SQRlyo+~@tMwpaDCX@dC%^??B}k4q`hcyp zN(PPzJC)3_f%%-ir|ww zt8~`UO~GZCj*cuN(Uie1Bx8~viV6`_7oiWA=UnB%A3piyzo%0Oh-c^}<$w8tMkYU7 zM5L*!`yqNnWn%+1xX@DOVV)B1QbMw-BomTjRF^BO#j#hdibCbRD>T=MaygRLiLf+C zdt+KyqI|2@G@P3!h6^&87Vudm*&8`$l$^oaa`XB+vou|i<`j&{3TspdrLGA`cMXn< zr|5ZiArbo2RtRmC)5)9*5HT@Y(Gb1OeS8^+hD&h&SXA&4w-k&u-Z?n6xRFGmS9dM% zD9A9fnsQv@#iMg3pw-NBEUwe_TkG_ufEeN=b0nECz`uTFTt>9q;0!ssVQW|S1Ed~4 z4_MFtO;gF0Px?1Dg#KM#{inom>6+dw3bjDbWid4cA|Hev&Lvr z>@w@ibK!A$UmMU5Q)M_5_gP%R?}QtXIH@~Ot_o#%VsgHYYh`Pz4(zHBS{@G5IUYy@ zXGlMIE0(m@4Q(&K6A< zlq-kzy?KCK*)Bkqt`~iak}yQ#N^*_BG*qGWvhu3;Ze*8FMnF3A~S9T zw2uGQ2AdHF3;P8B>O1|v<+dt;&2bB6$aQBLSb*lIm+y16ak*j{?Py!v>jR0Uy8%3> zc7ffc+Lgm@jYPcP5?U`K;05@raCur~g+}~B2mvRI)iPxvj7g9^oWk^;h*08`B+KjE z_mqL3p0!sON<8KYGvZw_-OW7ymMlNJ@+Gp&cwlHyA$Oc_3ME}x8V8_xC?eKoXdoV! z`@u+OV(E#1_lOai zp;gTqq}S&nLsv#2AL$LxtDQD2fJRgf#n&C^C_1jHc8!hgF$nVT1bQ~b`2Y6#A z81GSr!s~Hzf1Rg;_X4NiZ89M_gWCjEwgZm?EKH0y(X#KMo)WTf?J$rS^j@{u8`kyI!x z_(0GML!7L<(1k-dDJ=%`N7xA|6!yUGhXb-g)K0+i$IB6eMmoHg1)UU?mE1S>5YaaB787SQ+|bG$4tbf72|*dsgW`p#8(+JPGVg_C)6V)hm210ps!)w z3F93Bh=cD$WyG`y=RsW4KL*e>mcy_R!AE_?IgPl(GoQQ0V;LeD7{r0KZjPNvdg#gt zEYC-Hdz1H^5zFN^pQG$*>d0Z%aV*2IU$i=z%4IRNXfGaX~+FvZnLVT4XoN|q>uhJOeNzhM%8(GNEp`VuAuIj{LxhTg)fb07cq08 z1&Q32RMsb}HcKU8D?~)#+J0i1%c978^swOuwZvqxS{hlT#ij2(ur)=tbj(0Sa6q!yov*OHcaSc9cctp}*Vz=!E#nc2e3- zlC^8@A<@q!UIi6?=5UOQ?tJa8rir2c)dw%@!JnNSn6xXRV4H|rpRa696c`QA%f3Qi5Mk+X3V)bj8i2qy^ zlg59{vQcs5sAdSGbJyQTMe2he3=ZQu`{QjA zN7+=wMpFJ1yssW)hzmsvKJ$j3Q!<$Bh-$XuBaL6qA=Y~Td{>7<2l!kwY*yd=;eQhh zsHF`Ryy@wIlcR^+nh#h3w)>;ytT`^ z#mYxXsl3M4?s3fRB>$sZdtSfWUC6?#&iVV@WN!#O@)+oXj6DfMUe2I=aJxrazG5`V=dLvT@HGdcYWq1eRAZb z7Dn&I(JdaIY>I>X4-H>{FZ%oAJ-QrnC8B=32W7Xim~>z7j3V5umG?0~ z;-ya~(Ov`EPLbpe$ZjB1fyw`S)$Z_i`%iOk@O7uN0F4_qc>hMVM`-=7v3lm!ZSk)C z!r`KX(GMFTHR?@dgs;}ojlvDo~mn%ZPWRy1lHGZ*#4Y`0!# z?%7x}<3gr(mUa&u2VB-+&t(GzrVDz;n(osb_f||_Og)wqV3Or4PSDi|l<=oALC8ty zgenytcDcig6tkq&=|$xp@$e9Y-BqxV#29>FxMQL!UNnm4xoW8vS`6E#N}8=ML|gWt z3h6NUf+5o0h@S0xZu>dP(DY^1GABc@sx84PFwrd7Cqf>HHnZ$m>)LmfBBPzv_iX{d zaJfLvFJ+X0%`VxsT~BRKTc5cerf7Ud+1YSe2BM!h#bU9F;nRxY>Y2DCwAwf&yo>}x z9wbb;ptkZ0$E8Z5if$`EVSr>O&A&JEI63iz6t$-ii`@WPJH5si3+%C+?NY$fEgZ~$ zhDAYw4xp-<|Gz&eA_UMeQ(IhlDtGE3zuoDg0hKnq4iU!e(wmsfh=gYthclHg8k_GZ z5mSzd3-aHLP391*qp`c}FbMfHY&E|>qH$a6K_q4dsuM*a4dHqD#ML(f{0S7`EQYDBfOl^Bt<)@Evu;iVdEOcN~PIxsbo`0j7@tHh$i~ zZi1{VFo0%M`G4qo>!>Kdt_@hJA%~D=C{aM9b7&9{m6n#4Mq)_m8d6F`q*EmX1tf-s zVFZ-!8iW~;?r!*Qf6w!L>wUlPeb!2A2zn6l)I< z8ddvo0pwz`s<$RE6>GKqMp@mYo+ZVeFS!u6Gx~iEu8LQ_QHz^9qJ}VQrB)R&En2&Al$b8+fO?FArmN|{_iCN1pTkGV} z5)iuP(X>cx|IU-EDGLmHX-eIv?cU$6Z&bdW`i+FGW{}}7k49bsQm(|e?$@8GN!81t zEeczuSfMXFGLshzETER0ZBg6NAald(#`AK!R}?{#@oSl41Rq|949F}rt!<9B3#x$9 zFce-z;WVcl3(|%_W?jGM(p}N`Yk!tHZC+(1wVKA`1FBi&;cm42HS2`i9RK1^-9Z^v z6OTRpwCyT6*^>@6;Y9H1{j_V7<;8bIA12crDoO3NN&@|x(I3p|4mQ*T)7z@l!7FlngwDU$txNX+HdDjxP zp;=IZ%##8eKi(>EVaZ0s@NrR@!C-@=H|{);sFUsX-f1H9;-FEimv#n;w?mVZ9I*sD0o zh`I@sWR?XbDMjsO{az!sJxF~mhpxu78J$Ea3I zLcn$i;KX>CnLXWppXNmNT)xI{L3Z}$Pg(s+RoXrEklkbnn;B+u*`&1jbHY*vzY)h` z5p&GL4|kP(3^dhY+J*4U-|ZUn+;{ton+=FbZ036IHMpT7rXLE~pBZF4Muv&-`es-8 za?tY5$GCJzekm`1x5N9n1&U-BFo&@@J$@XWXz?^TOy<q{_nrGKeZZ-Qow^cxnBwYgGqyfXofoCODprQDRo75*6 z_UM+xUn0wUv|O#xpBI|?@6&0@_5i9#w-*mH$o-ph^T5LB;vb>zDMj6Qc#qiOI0Od| zkOllE{xXBci0@^aCBkG#(WnF!I^sj$y0k~3(m|Jh7=#MK7DA~g^n!CYfY@3eiTj4E z*}k;0rvg32l<5%|!+&q+>13Mzm@15|r(u#gfSB_9If+<6A;0uFDd@Gdmq}moy3WzM z%haNi}|KcEOt3PQC%4>x+kyoNKN$bxql;!qJP z0~htKOBJ-B<1lS}7J|L&M`YI0bK(cWeP;ZTQO0T#YDIi#&J%CU2(f*Ua;Z!gUi9Z$ zd{FHJ8#`BaVGrWn?PzA0TbAnHrCJ3CUoQts-@dKPfqNj7)2aMB3D8f*F4mp&TJD+( zyKm-^L@cSK41K&YIoLgTEp;pUDwvZh(IlyQ=k~-FH)O5j#!Rt1+>){La?-x|VM$1kOQcBfb0*%cTOYT&Cm?iw$n#q=$1XW%K6v zAE{3ALAix2U-vS;_pH#?Y(@JSSj~9F(Q~Szf741(E6r{_2R8>~&vwL`=QX+3X(d>h zosHFVtK&qnOt`EInjt=-owyqlrdD{Vb8-}l#sAPkzC`Hu2E3`qMwe;d-R4qs=cPIe zIAn<-ms^XFajQD8rr?b>{O~$E7$K;zr$BT|eG>gBy=aB2@d;A&L_OwwrtzpwdN>3l z$e@*l`0Z|3o)}d)S&f+2uhXHUruMpiK&)*!w86pC#t#{4FkFCBQFysOie7Wg@;7Uw zAEx(e3Xqoj(GvfNd=d~<(x%sbdCOiH#+xdbkB2A5(ZNTsiUVk&eeBsdJCxFsybrBx z;VnMt|C^;z|F^5$6^Yz9dgiWp^R;cagCw$TJGK|Wg+%_S%UPCqo~|u^bMi}qj1B@t zh2j33Ci5!#igKP+RL}2l3MQD3u+tHZw=TlbtMb5UOmVSYLPYfEyJC; zIuUswEOWVO;=A};Yxv_ltU)PwGf+ zV@isc=SS@fXsT9FM$$_N#AJ|^30i92Zwwh_n3Na84{5bxl=5PTej@bt-Dat`6%%UC zm8DefXNdfoP5E@XO`opCDs;mF9ErBF%igwps1vHWvkf_G92u(#X<>QPbk2+WyQ-r1 z%t!jBsM$Zz3=G|Z5F*3Y8eM`ugrh$YXPuW9H!U*3&v{q#M1rHa*~WOw@-Z0m=Q{k% zFQ_nR_a1h82~+Q@uT#01WEE|AoypJe)XEl=ab^swi4KkNooK_I(mDVs$y7rDpcziR zF6PC|-oOQGX9R)SsRL<|kTdV!t~|R(W`(zP9JgfxGOO}Oe(w?2&c1x@=cB5dn3Tzm z>AENUH+(g+wF}D_s=k(+_>6ZOfyp0C94f8A&9}0(7!>2h=8K6JqU9BJ*8VO+3Dtw%etC=hq|>nBnim5 zBqhmFbq|>7Y~#MUD*5*Z^NU=VIjkr>+}T5Wt*`OMf7_=%mY;Jd@z?FS9C|B{%-;hD z*U8@oG(K_E&)9?{=ZZw@;8sOzK3+}00QIaR=WWHDjm7@G1?Oa0BCvB(X%h8AbrDuZ z;6|j4*Ve;$5CSu+wdn&UJoI)lqp~XZ0f%o6?dL?T)FSky9RTkVyJF#|7O2{J(p*Ux z`{04cJpS*3V))=rRI6zCK&6Qh8z(Z%otpU2n8?4i(YaJ~;wv7}n>&}A;y#l2jy*eH zo&vloV0c>ONgmah9a0Cs8XZl|*ETdJCiae{f7AHm&H2##MQbWb?nm697NB^D9&C&E zTs~@Ha)`rehm*@Yc>$wRjc@ZKC`LCUqKLuD0@eV&3BpN9nfwpO`#(B&vKU+OkbInP zx6p{i5jBBM00xO)2*d-ufJQT*kYWZ^JTn||KnWpAWr@t z(>b(&t-W8BZ{+tg_Z4#>Xw^I3D;7G)PDF$cK=DDX%nPZn+W-(q=4v*&ekay&cSyvo z=RSqWJI_DDxZCy$(K#Y`genA)FIw5=Ns|HLQP99+?Lyp0f&mXe!tZ^SDi1ds1%DDZ z@lHn%Uxr5mzCEV+A7^+Hc5Su~%76%^- z!g0|q-**POJ%cu(+b6Rp?JW49+=qM0sk)Dd4$>Ex-kf=MT`>SQ8HYvNE7!tRqFgyy zkNtnVPG9N#-1PQ-Yg?yn6Cj#KL^PW|G@U&piw;dJ4mePKv|@1-Tc2jR3M&fde+ii7 zI+q5X+a*)WuTycYtLeJNlqlbB+1k!{?o zkqXSe=kJXAqh1lH!I=|)KM$r<%~fh=eII^Hrw})GYl9*v0Dq8S(9rqY?{_?DTIxoX zPx;F*4}~6(YTLY30e zd!pOo_ZKTfe6TwQp>67*Yv>pHww*d=^1!L$f&Tlc{Q?1`f3sS*2&j8c`IN_-8ucX8 zV}<&#yQpkzrEH7B8Y>RA-_7?h`km{Y2BeU;gl@=pI=nx?kzPYUvz2%kTID~h!U#K^Fyi zmZuojp`(r0yXT;sJ=@{|k3rIbcuPrv8z&|zaZ|d9m+qcG%XXxxCcEpha#!q5N;X!( zCOhN16PsS68cQ5%fIM9O`~xxI=G4vrI_D+$OKpCwXKn@@oc?Ll{hvLnV?%k~aYRR9 zOE1NFoJhbnb0f7-KVLb`Oyh)Vf_sZKt!P*mq6}sht+Og+Sz}t~%%l3gpT8wqTpgB= z+g~~=v%-s~xuXSW?|3+g`)u}g01Bkf6@KnL{*z0F+uhfJa5p<%ejsv4+Gq^=atM} zo8v&PC7d{<&3H!u(2&oqru;-j`chdUQV%QDNuV-D(483cq?aUrg`DHhDLpPE<4h4_S}K{SieB<2lFw<^Kxzs=^cy8iO5=`Sx8?v zuD!&M4xNIqa3z`4-MAgPc|AbQTdkl#(CAHecs{@hJ~xOA{n_2Z;)Mn#cp^oZHtiAs z-gx1^m0hFM;Y!BL;kakM80u`P&(tWcz8_sba>A+qTpV9UyV+J>kbea11YnPGneDgR z1U(1tG89d**^ArwJ4Hm-I6r`Bd;R3&QF-Bd%ffpn36$qcndh~hIG*+Vr5cZyQIvLk zOn+uftLrK*!eAvaw&)0`?ORJKoe(U;#>EZ+N>)7-?WkkkNRK6 zC}(@{geXrHm=V)71*qXCi_maGsV8E{sx$<=3lvrVEOxz{^?G*!v}($5imQdGHu&Ak zDb!{FCj0@(#OZXXJJsVvNF)*-jftyhe8wITU?)i4`?h1@xiktnvi@Kpxi?PqQ@cXP z8y9BRx?659`Pe7Z2y$qLM`n|U|GPlYH^=F^-xlK0d@n~ppJ1u3Y-*S>{5a99CWtcoOz$-C>N`co+iTlJ+$B%b-Sy76-Q@V`A7+ma{9p38OiMxTn_Y8*uCD~^po8c~Vs6U|!hc}KG|zg= zvhZez2`xUs4zfX29>yZV0O5Xp!=GFto9NS zy*|JEfoOB&aYJ}K%m;lU3e4f~r04r0GZ-N$?xV}S{(z99d<3=jsR0?FS4T^)iVWM* zDTGt8r4LMlJs#sRmsSFkYhRfv@&%2yDV}Sa#zedKeZ&Lhs_EP{<#Vf?oev9;PXB+Y z<>8#BmjA0MStxKJJBkP#0R%8XnE0(U!}<&{HzB(LvwKMZ@}9ghYA^6sRX14J{`&bZ zK##?S;X@9>p}};a((>0cKe>=$;yw#grlJjA)9+t6o9j7qmmEX3J8TnWbw2p%%h=mF zYyEm3jx(>P$j+|m0BG|6xG(+#kN7pqZHaM+guB!-uhE;~#UjhT(^7hAs~4nE`m?7` zMQqG7#N9JxR>~fpJsTNbEVlfCN0}?b{IQttZ{rdNS6_?}PnUXhETb@g=IiF3olhEh z)%16Y2k*>RXLL#Z(~eUmYSE=h(}vXu{r@-Qz4~Mo4wvA**&j?`Zuq0HwZ*olg58h1 zn{4q%Owq*keLAJmpO2&bX%B~z=@R9Vs+LH4GAeL?@1@1;_xPxbQux?F{RgbegHyG* zoL(W081}!1n9>%0_`J()A0ERYF*LRzny5l8W?(w;h&X(q#7qVVSjmRek8=fZk}AfK zT0Qs9n!@~y`3>J|0nMJH9IX{M^K$|1-R?Onb2X!_deWMZllrAOXsl<-tWn)39l^BQ-4AOFfcJc8tSM>a-D8|kHU$bcVkB|+y%~O=s;1SP zt+N47pTUJqB(J{-Cg{_Ro4sb1NOd**Ku$*Fj^oj66dPeU8{uNwDScp!Z*2~-?^dtn zu9Gy)?o8TVgkc_+bZ(TAuJvKBXqX%sXwE|cg~UUO(mR``uqUdrZN>61k=Y)yd3B$-!v@K^yu(J6tn9>FzpZNqY%7BuU-^|-j2)U9`qYn4u(TZZMqkW|S)Iv~%~ggwzQHm)kjbo7 z;N_8vdeEIdvvb`q!0nA0$86nV9?5 z6nNN>9@7G(KSBLX3b(Y`BYXn!4S-7l|OW`R} z;8}eiw(gU^bvPfAB(6(Tam7e#?oy0nej%K@yMAEPJqmMp<&q@-Q^=LOL?H)(w~LKd ze~snC%PrYwe8^Ye`ccBiFY6Op7`-=Tj>9uJ3n**)25`2JFKn6ke$a6Ngi;C9`o%9g z-q#L~0+Ym;_2>npa?5ZMrlf_xd;W)pxihSg1FG$7#0S($N~%o{+@X-qm|b^j zh-6s!$Isk)ZB-o{wotFl_!aTL>#0cJwkviCUt+VS{=XKKs}$Ql>A$O=z`Q~cT~X@w z^urvTPZLTdq;7b!E}#s}s(ytn(y0CIecNFR`j9Y%wsqk9qRdd?H;uqax8idR(K?}) zhngwpNC!PXB@P|OPo?^)!xecgm!C6ZrM~yda7!#twV( zT?V{BmfNf>8S%sxE;#14qSus#@@S8dBRRh%a*=ZFS4QfUo~3m`15NI?!J%`$gkbFJCi}X^3n_DejMH-pR}BK;NU1<292IL24mnt$UFgsFw^xI0?( z-h)y5dFI(G7Kf{AZ5jvdun$gX4#GPTzrrg%kiT@5A5KoOZR=E+Q9+a z7g;@{7vrHhN_`<(Q&)zmz2cpj8T2El>p1s|Cg{5X@KO6JqHyoj`@y@aby=nQu{6 zd?#q_sNkVLChY*usRF9tdy!^a>4N1iqTLLzC?s=SA-o!rS(~ijiM>0cFD3t5F-jZ) z9aZED_~)0e!T5g z$YR_-+}Kjv&wt(@Iaa&o(!_7R-gDnYCcD^wBu{pB zm9KEr8FE;~pbW;jCSw~`YajlAJ(2A@;rjc^xT>TeMf!*D7{R0-N1jaOD-gjF@jNMR zLuA0)owlS5@Lp(>KzZnlC1@M|S$=Ce3a(k5K&@-B)Y%_upl~N1V+DY;aEg!~f&B~ht zO9cFNoc@goY*3cB-QkV|C{Z>q3e(8~xGlldo`P{uW0;3UdYvjsCgJ6nTS!a>ek+VA zoXo5wL3HD4+>yrubnSE#FO+}riWF`ntuKb%meBo?s90fS7cRsc|I})~|JcjiIg3V2 zlxaNx&oW#v0|N+^8X%(|FVirqDD@g&JyUOG6!9nN#CPG@O-Yw;V@f>bW29g%EyVV!kIKuh{w0ixdNz;0$|FE9HD%_qV z3&qmo;ts>O^-Mw@c)!jla!l9Hxw!6| zafnA-f2+v+oPqFW5F#o1*Gd(5ymoc)%M9)NNznzb)ENV9QjnF0H52$urTZ}J!Rc&N z-M6@Nnv5L#u*7d9yJhq4zp6(4m*MBE!QN!AoOcw|R`5$USYFJ0Jn;a|VM?qqiNQkc z+JVeL7t_B#0eap`5MhOvB1Kf*rzl*w*>h&6am5Ov7zRE0%dy`21Ejq-n=_6JT3Ilx zTH_JS1%J9_oPo$8cQ@rq{0}vx`!~=8wF&QTJW)N0z0e>|%torY^>yT&$VKJNojkl; z?{tI)jzoXaR%_en!fG7Cs zn(+^9_9|rzQHKrNIWN%kvHk*9c?w<6l0HH|@Fh`c3Rd_dDO&5b{~VZV55`Aa9-8Cb z&CymF8k-Kgid5Y_0EI-lG##&zu!Rh&8Mqyj!ZL#AIR@8-FZ%}g4tXVVCH1!_ujaqY z{uY^!vfT+el)PF?m7k~&Y5pe_5FB!jk(>M_Z9x%%yD3+UOB6NTEZEr zv%wT_ng6gJZ2poKlq{Z8Q5x5gaT`)2USb*An=O_PccKa0Fkzrp=gJmp$7EKMIJgR? z=OJvEd%oNyl*sEYU6*Px)iEoB@57YJu6ZlKkL_to#Gy?2PgSUA#nI9pmo;++o@hz4 zylRGeje+Naw_7y~<|t*kSBkUJGE55lX|{Kc<7GarP%oC!75RT)CYo^3Oghs658_5<0|9gzg^E)XTW!90 zfUx@{!dVY5vxXAswVY;%zbJw?r5WUTC`sjzWT8c|*Yxc!}@)J0*@e<7@^3_5VUpn_z#W9xgFw9-8IWMt*X+zgF)k=y{BDxzHNz z-kU=nYKQNpV=1j`-&*Wujd3CFop2prbKapNzj{V)6LR)PZN|njCxA7W;6(P6-mc%6 zK4&feTm?4_KIhF;w=Q?JT70tZPs);*1GZF|@wvQ277JeezV9z3iZ-k9(3N?+qL3j% zcUqCoiwdiJ1tzQ~X|_4k~3F1r}!NG`X>D14l@df1)occ((#B-Els zRCh&o|4qUL`yYIb5^YU@)@F=^bo4uM?NI z2zvGHdh0ujy*Thif5#3br_4ZXCBGeH{@9>KPghB+6}Pl`BQ&`Jst=BiGX^%;H>!Ez zuRY7Ut1Hx#PCBC|!Hmq!kB_@ynD3LMpr&s*TJ=G?lk~*LQb{yvj&|uw1(@r-zc)_= z^6nsvB4QZG9ozHg=)n<#ck+kZ!(c&7+T}Qgnl#Jp`!=>vDa_>=su5z(SxM^Fkbef- z-F3|7t{5lJu#p3Gc+ypj_nP?ZOb&8mwuniIw;OldnbSQDa6nt-gDx4t6a#ve6zv%_ z*^cdwlLbYdjWX~6*H>E?0lO(pEMvG%1AV?hU4gScCjxiEPfuRkEqd8%1ZwXvg1bav zqhw5VTjOVC65AtNLs0B_?q;E{nJeN@FZJ3+Q23%n-~TFh#e5QpgRUY2)uFUT6J4O2 z{nFW%(9Ic>lEffB&5OII<8dN;=jb?ZDYEDQ)*yxePqj*cn-X!lWxn4f2f4v#%re)r zUVmsmIO$r=Esz0R{g-}_wQ%2yN&<4(vqp2;h~bD8_I?84km(|pv*4>2eRdIyQrdxs z)S1%!s|*@ZMRf;L)hD-Dd`}&(U{69ymDjU}!PXFWZ4znBy}?Qjql< zxvP;Z|0cj=Y*++U&urf7+eF{HXFxt$L|3OHXoN!ca$A~gR+!Wwyd~T!|9$HKJG-X^ zB&YCz0oQz?_WYbMN&9=iKqgQdA42F4j7dZ}pw?lEqO4v&(QMF*Fh@wuXkb3&+p3$l zEa{^*mQ0B2O?DUIN^st|f^KNnZF`MBY1t#y)KE{$#be$eHGH=M%odd>(-c=-cZkp* z&->fH7>3K$Z>lwC?fZ!N145szheMA+WHIRNpl4aE*=APZLGSvEERBmsjVedUT%{v! zsGi~?Yo4M)*SesVS*G?3nP9t&3x^rDqHiux8)lggmeBIK8jx1&uK2d!>HVDR850s< z3qjS+6Z6?ErfykF;ybgfgS}EPGGlC?YRz(5vLt`j2XX*0AE-ATo)|RsPwN-GlYaqxZz`R| z)*rRnS3WE|G2tNJP2yx;tyuo6QQ!Dup&K4U*Ukm8T|3|hA1anKv!S=Kw z+?%Dhx33crvtQwE1Z|>s9E69UKc)4G+)6Q|_;T}MH$0E;w9m>R8E$FG-9!bCq6+Tl zpJH83ELY~>GlUpt!q#{100~4A{C*-i)^NY<`$#m$oJs5Lli3@>+<-l?D~zffD(s5q z!Pkjp{2TA&C5HOZN{mlGn)y2*alQiGH2`Ja-;}mzf>F4J2guRCgIi6)*pe>SX<7ta zr3$c?2qk(#*sZ)inBbBrD(py|C6CT(os%AXrdmU(fU?@y#`VwWP7b3di<%<^ee)EL z`If@))jA)$8y9V^{^U+XRX9Q)7Dc8Jy<_@XbwLF3QUu}z6nNS3j9})Kp&y{fb-Ck3 zsD8vXsr2Z{;_5G_>@V?_ZrhZmuSd<+8OLLkK8w{aw%S)ctPY8SV<+7PhHuNKosr_q zJwsaNqzh*^{Frae`1M0n02Ky^eOT`bLpC!gyI>e$4T4Ovz_)xAOrq@SlIHT8_WV;* zoDl^ADE8?C+S%_xUzwsj0wVu?QvyiC%{?&)wB+*|Ft?PgQ_0D9F5o&tuZ@($4IH?K zY3n8#Hf>^~`c?n5l+{EqySjg$sHINecw=oUum;^%EivM5~q`~DZEE9%4q+oIg` z)Vm*uJ)3Yre}E#Y!6p30H*6=`(y zyLzlby{YdX(tU8wSd^kg6mA;B&kPeDBe$yw-k^v0X#dwbnXR($wPjjTpn{ysY%$F_ zP`xwaAg%}ELls;>GNlI#63O3webu$F^lERcT7ZMX^|3A*|0;Awmxf*DOZe{BrsJ}C zHOXL~`Gcv3;@7CK$xmi$)8}L~%|T(4atF_AP{ z>!Xd)y{@dCRTEzNRZqblghI2N3un<_cHFcl9d?*2cO3CV=BQ6i3c7;J+;H7@&^F<> z7U1b^MsSub2^&B8Hra(ckB8iX$ln=5ih~-+<%@7$>EF~z2ZwRx2Hz%^+rQ^yzr2dD zAKJyBCZP^X@Oyb7Yu>XL?H{F{V2+_8;RL_PB(CtfwG13M;Dc{4n?wZLr0b4Ouu4r- z#EC{$e(uFmM+Rh5pqGMxba{es!j?(hzD;6ls(2J+4ed*>)(iPA`}cZ+NCk7cLRVMB zf3Oh$(vrLPT|NqzjCd{z>3^)m;TJ%lK~i);n~=Kkx^si1s{0lF(4_^50j#N%w`JfjgZuhg^qp}ciRol6#lsYLoT(Kq)YbYsA)sI;e}tpA@4t7c~)jackb zDp72E_x)Ry*@{rkSyv_IyAWY|vAyaKQj(YE`oC&?8=X?t2#O5HBd{bBYcdBf)a&$_ zSH%@J#nsJH2EI3LxyJ}Wn)jW1{77Ztf{N)7J^U=4rvOAD3~3xt3d-Mjc_<0)*81@A z^CE=NM5C-O@<`s_93zJ1uj|iHQq(XF7{vf4v_M6$zKUW z=rETgopPwZdultnTa3w5m>|O zy~k!IP5;#5!laE2cWfcamZZ_sq_`5yM3GZ;F^psZ$={1Vj)XA*7t@W9skB> zAv3ndlYN1e*p|K{4Q8o9m$b8Tds2Kepp3S4^r+>V~5LznBS9X4cG^E!vdW@3-O z#mz)u>{EE=X_?Y}@#|WUXo&Aa_!TFyl~?5r>@Obq=)LERvx6gRA$Djxho7)xXe|w! zk84g-FS06u5TS4Z|8R925+Q!XL!n*C+fQK4SegBe>7l(KdT3cONX<(eKFW`98QDDd zG5ePFU4609P`2nZ4{2Rb8PmU@mZ2ym4P2aLT55<~SQH?};+;Jng$si8Z#iX%u#9<_ zaM=r$h`K14Dy&GZ4%XFa%JzoQDO9u@(C7U-HA1G7U0w_t6U*B1cu8$MjbWrU_f4b2 zE4Vpygr+kP`B3Z>!e1WDMoy`NbSK1_HusBo$;g7&kF7=SQK=_b4mJ|}j)G5%yKk&r z8kv7VT5hPPzNP?>?I=rJo>%LX$kYB7y1P5lHvbB65chiUI{0(T7Qj&iQH8TNuE669Kf!TGW>jM~Dh%@!svW zuChd)R|w_`>&a>|__bxN%Iwy(Unw5^>;5_|*C|!RugHoz%JKC~it<-o$ajkldboIu z;IDx`O3wMiUkI4L+F|ku7_+A>nZTkg)WT z;kX5$-4Pa7*Fozi6eX`7oA2pdkw#B=(hd6`zdSr6T`!y{B49e#B@-46VuN*{hZ1`}LOA<_t& zsipYaFPXsZ)$CE45}c2PUwZ435tz`7yU5}IkxhLJke^(C4T%xODqyXyUZ}f>XXB4e z-QF^zJKV%4%iGDHKo9V|EW!oRyFm1QT;E4MtfcAU`d12Rl-JU_F@zvh@ zYE`ND&YH0*MMRh|8w$ybo>Fvo^E0nsa`9rgR^z;|>Q{$pM6q~ta!VKTd z8f}^0c0?GSOz?+}_3=kW(p?5H-B@iLd5Mej_7A^W4^8*uz%j2O#EV@Eo|kkjnv4{7 z(;R6n%OFD&igu&rIwjh*+AgJ!ywJL&oHew;TSpNTyFR)Wp9m+x};h|MRUB-8l9 zOyw5W%e)6rPV|f%PSE-@fI@NUYBv+h>9aVHqOKZN&lM<6Z}{0s{}`gT(>Xl&#i9{c#PR*N{{=7hFp9^7>SB||0s2H z(DnX^(B1u@R+svuMw5JI@I(;u!o(yx)#moW6X#cV??$0cU(%C;sQO>SgR*?zT7AAh zG72jJi+z-u#mVbnbsXO4v(J^EC6$+V6knB7UYmB6@L_#U$;z5ehrM&oq}$mpbFNT&ynd?Dtby|G^XjXgBxnY?~5 zan8yqjJuVf`i}ARMJ|YM(Xt=Y>5>mVU&(ObNIX= z$0x$e*1w1}Qv1%I`GXint+7(?BSc{lElq0h`Vqt=TV#D9vvLmU(TH$Qr4k8n_fcWLw>;ME#fn=mb?7+S!7+Jm_C9>)de(R=RQ{qz%8OTH2wvr z$ZovtnhE^lQ0%_WJdwSJV9BDKA^s`bFFQRwgi+0LqQJAyZDiwN;M4G&y&62Kbrtki zy|r>f{m~-%r}%rx4lN$~iK|kr+^OzH@-vUA^#|G;zo<8SF*N@TxrpCNaYffmme1&v zTyg4uD!L!GPEWK}R8Hq=Og5T=)eolLO_>t<1Nc67LW+Ye6U)wW&x>5rwS&fgoIj`0 zfrm4m2Fl^#>c=SKI5@po9SnUz9*w&$MXhM|iMF;@jHiY6h>UV9N~!_1 zD8gLt79Bs%g=bP>3-gzLPEqk}R0BW8lnYj;w3N3v{?#OK0RH42RjhL17){>fkG2)M zae9S{GMaCm>Xu&H&5WSzrV{zmgB5`;$ug>pf&KE1M*eRArAPM9Vm4wi2`<2ZyaK+@ zy&oB5LiH^1uDx^%B4mYOuM4r5x|Eo;GB)+c&B1p#R5vA@uRa{@WFVB+Lfi>ER!$1U z_2SOY{l~^1+&uzlVP$=Nu_CQJuthDonVFe`gM&g#Pm=Pf00X-|f)*49-k3D4rSKN& zoqc`lsGs@VLKs?KPr<}(szi;D^sVk$XU-)Xr>%eB7ENNGn1 zQ`8sCZiC6?YF6=eh)#$s5}K60gx1v5wC|iOj;(pTH#~vS4+nmhU#KgKh3$GHYpicbL z1}z=yBc?p5-+qd10n#GUsEayzQXu z6=z#$8XxdIBtfBAd*W;Ds1r{A$*B>-#V}y-G@d!Wdq8ONTc^u z+JIYrM>c@~g@I>m`wPKCmlaEl=f$y$d^AYTY~G5lxlKr4fSV9Y(4}MZZjW9w!kG_D z4N>_lUwG5`e$aD>JgsKtxZ|I$`Aj2F(d1n8cPQmhO5^fgC3su*lsQZJ{B~V1LINlE>uh?`yMNzK!{#V^aOhyC zRS44PS#J~b+detpVNRPY+EOs)s|n)e&Rh%k!-r}=7t0407G7>nRVl5Y{h|u!0fF{g z(`PDBz3GU|F0g3r>w?x=lCUlxh#a$W!Hl@Qg73JuakH;bZosxASz1dEDOdJy|II0( z!R9cwzq_nX3X;AxLLNP~rc)iZ8}_!=+vN*+|1SP|a!wAME;ocKN%mN9yX8bKa05M$ zoV=M2u|&QbhwAFb@#q(Ec0{X*bJe+E8(b9AZKm2#$u@#fxbrWnT+re&H?s$S9Zd}? zUL<5^L#SzK7gmP>Gt-+GQE_p0NFoNXFPnj3cmXV4a{6NUr+kT+V)m9)^ufv?7b)#r z;DN^F<%)cg$UCW^bJ1M?_0p-#e;rh;ftGYThsyoE56`YAb+gYfsRN=)g+P@H^I868 z)>IjE;bUWGxA5mzid2rB($l9zBcr2Lw!O48i#8`EYEdtt5V=6Yv(Jj}Cw$nZhKNFf zxCSDmV4RR8g<(oPeSQCl+UZIwrSMpqS$Yla#`!Fd)ob-OB{OjYtFUhaq+J5lt_puy$MQj@L5bI-tQ& zKAzMC7Nh+4Q)FcDdx6h0+zJo3b%53*ER>gI}D%@eMcZ92~(YP3gS;19?Xb>T?)l zZ^o2KCaTuF|M<OC5Wvco-QbZelep; z1OkY7TYDbX#ik1ZT_5kF;7%exw=Pg6-^!8LaELhAJJ(Aa7Tp|4 zvay96Tsn6gyBxi5mynKi&&12=jr4j^MEr`M+;P9RT7lKp)x9GD5%sRpQZX}Q?!Z%Dv42)8vv0qK zLT^D*j6iVV`5}8Ui&p67IBa)9As1_z1_f)e0h_bexUc`t3 z)0ewjgyLTL1r4~#oB)t|P8$dB4ua~L{xP16LIms@5DVajIxZWKyd04vxoh0`OQf1} z^E+n(P>+IBifYoljX!nt2!l=!g3~!W&BI&`|F1zx>Ls8Izqhj`$;a^=bbGHjQ)XkE?6 zg8NQVdXu%*^I_p~2)D`veCdR)P~&1D>`@><8>QPekxf*g1qJ&*Ww|ujo}(JeHnxTeGi}fEGDvYg=5O`(6D?Rs};Wt+?EXL2=rxVMfDLM1+RS%R}(&Ju4t`H zh%>!AgF1lZ6_q+Tfc4$c=h9lWERwqE-9Nf*Bg?6VXRY+sD0Zpd0yHEB=suCq);rzM zE-l%gv|hySZJEHP zbqxF{c6oVLCJEQEDAXI8hli-UTG>#n@thzvDr}Kk?uMVjRXdD>EV^Wk!qEv;uvna& zl~vYlZ0?<6WhXt=D_-YkS&Xh`*qkQ*5xx}}YD0#>O(@cQv>TwiGgdyMOZ z@gU!ZEz~!IUc3+ChNvVXuDG5W3>Fj-j+eCB_s`NFM)M{%Mj5yW4>{NGT!Sd|R#FTb zu7?DGuGXDl%MO`Wib&gsKUYb9Cu&TE-<+4$=`-XHQy?8JZgG{BX`4;F3IDwzcoge~ z{d(c59Y{X9bE8%6yP==WQ>q`-a?2v9S}I+?r1X`df{w`~V@Qlm>WpT?x;;J`JQ0g! zQ+H|(PUDC>Cwuq*@b%{LP>0{&aLAHnkdU2}3fYY*dqQO`dv>zLF!r4ojj|?X-xabA ziLq~E$-WzmZOFcdvGaV?_x}BU&wW4l^Lq8_FXeNcbDeWt=Y7umeQ8RhG-%N`$rR)ejUrT?jBdVYkRw2v!vC%jOzJ+EQ|s7nd!n=L*S%hct#&XwL=#hd$l2hLkv2=L84wzzuuFS;uk=+dsSS6bSDR z^+|>QdEQ_X5V!)wI$`LhnH3oVF3$o=`C^tiVZr%Qk&tTpyI7zx-L1^syhr}mRjg&B zLId}lyf(2M?R*zIxn2hgzOX!7)FZDE2;1gkgN$q6M#>>tbpC2Nj><2-Pu!WbR{Ofe z1X9s0Y`qh2lvTA7DslI-@Jh7I`Db;$17%n%z20(dmp~2cxOZ!{zm~cxrFkuGzlPP| zScugxAVk4jOdM<{8bm@wMXK;5P)QBAd_+>U!SY(0ve3?e)cFR#2%fE9t1dY6k@P*7 z6$y9SZCE5RcM`cZ2~q1G>nZV@4wg;tts=eUou}+2|0O08WB>qa2&`iHYr5PmM|*OG znH-D&1pa-m$gffA2%{gbKLmIXr5AmSj}LWU8#UjYta`LKSI{t3{kjC0(2IzRi{p}( zCOSD-njPDjzsJk}L|#59K>F^9_(wg9i8ab|J4pW(AXfpwx>g7@@n%J^qHBm!G1l(x zD~!xnOv7CJo5t^2aNsq3W<`K7RV9eU%#H5bG*LH>*0*1qr%Kejh%1}9|v7cGf zJDWlqiLo+Z9>}Xls>DWkdk9Q#1P@xPAdoMOf(liVApTtfGx^R@)7OW3)1w8n#AqRC zuJ46P0zRip`3-P6bP~5oCJv5iKKwk9+u|~!S zW~u-gZGmBg+*i7C_a#l(97H6XSIBilSL&qTWV=nv6L(}2_)c$ev-Q({xtH%aZEaZ& zje#=SR`ZOyB1MtdsjHtl<~KiS1&6rE>6`Rp;IT8m-d82N8wM04aT21est+yY5}0U$ zg{HTUjX`%iP&jkQAssO7uiGTsVxk16>cU)AxF_YNEsM@nJj3M<$f1L%tFB$;_9f!?1xqzSQuy2%@3)iC@fAuL1DqW;bz|ouj`eLr9IlWr-PM``c~$ z593b)^BiGHeYgax7YmUM7>0mLh6l~3Ha9<(ZkvTNc%+$UAc)#uEG*Ciz{U!=AU|KK zOO1iV5^_6PxY3Pdfk#e4lw&ef=|@Uxd^e1f@>I>hq5_+Ylj{aYJTr3|y2)L~1j5Ud zNIB6lX`$t1m!XwZq->|{WH%3$!t!vlNT{M(rExMujE@Ep~``dnT|OT!#c8k zc>k`DyVbRTeGleAJbO##kjx0`QF#%`NZPnM9j~7|#Mq#q=L+`rER<&Ph=M0_45ioq zal2aQRw7RBH=f*FY7WSrhK4fx zaNF7Kd#Rj#JMplDJ13tc2b;0n`1j}1_cXalr2karkl zWxQm|{6w)Vb8Yfr!ZXm44ja*$>CYU6CqsRAXW!H^gIF~Hl0G#lh_&DH9#SOsnlNh{ zRIQ=!q7V!Ab)Z&%1wML5oit$ocN zZ+W~(r~jfq!rQ>z%YNut?azCRo-)!b_W0j8FCDTkK_y_e2mpPxZAn}uQ;#Fv!`pEt z7;?W)tdonyonTBDHBdJ9#(;tV-Ym{)D^h8tn#LJHS{nc;0AFC2({QuY5?nNn!+que z%#q1MGn}I^Y&%;ZRD>}H*sDFHRFR=RI$(f|JN3qiKLFGUJ`;lPl_>`AA!xv_G)WuFJriwp)xJ! z2ndV>voSM!*(<`qY`0<_oi%a?4BE~*geraE04Zu}(aF7dQ3_@`WDPBLZCos>85kaX zrYGlt70Aa)du!^ms8%sACC`D3A9h%47*VA7MvcN4+HomVL30u zwqlodfrw81+fIr$3{`HQcE*pv+_qZ*#xuR)%@w|mo>I)9$F~4HQ}EadqJ8z|&$~$= zv^iv%^S07~11U3!JJ~3TYtVa(cKW_r5Z&T0Oc+&!$2QwM=>|#zkDyb}OtGHp_95GWqyS zklB6zf$f{k_XANmaUd~1=8+#5Ma|3E&X8evAm+olFY>%s`C{5Lt7^aS`IhQE%eE_# zJy7RWmRJ4#Eeo3>0(kt~dz{cFE!x~qm>(Dni)guGIs2rCWE#sR&gvx@A~+cg>mt@h zU}H>uu5T@UwQTycaJa9cwbQABoF53~XdgnVwik}nz$DMDIgzI6GK4w0Qf`V!4<#Pr(9%mp#sUc-t!~PVCva^K%^6*wP zx665R(%WBB5zegdfK7{v=w@A?E(7@58?D9C24k@?(9A!B2bX=wU?JMs8IOHWS^uqo zvz+{?m2rlFhNDxghDViqV!N;c4_0&kU@>3Jx0|N5$Pz{s8q)|GQ}QvSqeaf&ji3U$ z{XfUem_QQ_Fv`&LIT8WqIfMe6Ul19uA6H6#zM^;JL;zHj`Bjjp&8nset-MuvFwf&W z9ZV7BD6W4;i}(G9#@q=qMDmMlLKYdi;3Il5w)gq-BXy%e@fyO)D==V9glhm_9o}D^e7C$o@8@+peQS2ko%Y5h2G6xW```=Ps#8F2 z)>`esjMw>wO@J?^b@@>{sc-_j@`z_UWhyyJ8W`PGM{R>s%wGd9G5uSjLdmJrcITeW zs&YFeVtK6T0Uud&BU8p@$C@9_#r}FsURkg*NJXa~XdMQZvH1CovB<*ReNJknZ_(H( zCw@U0Y>%Z2N#N=Rv=amz85J|zQ_0qU~t^0IQD5DH7g?#|o; zs?Q}s#bu0E;X=q=6Do>ac0EqkA9U1 ztvq|5L@(^-%Nr^G)BynxP?oiMln32qxF!>x$uk*Y=FfMUsid7>`<$68KhOuE@T8np z7h2HRhP09RS#Tv+ZT}rY!FAYylii;d=t4u8DTx8|A2Z99$!GQ;MjeN@Vh(kf>g}?! zvRs}b(504uEQ-$KCIZD|Fzb!epSI!@n?AhX!=ZvDYHIIu6e!ekC>i2JYv#zMAv3fqX8vM3-%nJ`Z z=g@AG#(y@=X-&PQ=jV+Y5veXAjc5Xo&+vLjZ}49Z1My1d1qwe$mElF?P2q z$1*NQ$nBd{-~l}Yr59_}em@_O2vt*;x5d?DAkXc=4@=r1#bG>gu4I$0v0+H@B>B-*g%n%8HBGW5{g4 zPc#i#nm^Ee^IA&v+@lN~%I%w7SDdZArQ^Q0{30^XbLSKSo0W4=8;<{7n>3c>FoR6# z%g*kArL<#V^1aZ3*P0EKr1cw3Al~bQASgeC0MYhae8upVk0@(*0k{U2d^bzVVo~}`UB%>APCD)_Fq*5$Av1k6+iwifGk$)?#-!J6UtkDjZ0=Y? zv~^dQC~W%DMldM|1PN52U!Uw0OgLY;>%im`9 zzazo=c=Q21uh%k<^-X=dYXr*aEfJ*5w3&IdG!o3iEZBJa?B|hAFg1He8dRBgt|3Fx z?_Kvh`s?pW1~rm>DC8cm{l+-yRErI-Em79pimH!?g6Wal?~-3=Ve$u)_t$vsgr3;k zdXkRT{1*H<>Nuuv5&5}r9bQXdY!WJZd!K0S>KGf%+D^`^-p z1+8B(4!cmJn?%^!GGCX(80BiDx4HI7=SGqw+oXAuXyvMpEJge>{NERdszWvGIHTqL zd17vYZVmj(*8s{eBYtY|8(YdJJwemLsOPq2LFqm`M7tJ9%JKJg$t_CoAa6? zW7`br58o}k-O)w576b7xcA-aPCH|_?$Zx57}B*knj0DW;r<{FnGg!aV$9b@ zsm7|k>3-~b%%4f~!SavA{PG`E(7ylKO2{dnkmAKes?cQ5@?p#xz0C|vBPGnZZ>H2I z*xeCj-7`+EqXf4Bi=&AQ`JXx9ns>^H6=W|)Hu#gPp%~L}0glE$^((-EzYg)~F@fVh8kAiEmM=ztS`wikNsbLTyUF zD5!>}H=TMfd)&{idX!CgI#fi^-SbBAl?RJ1+f{~KB3B8*nmIS+LGyb5$H#y0PI*YOY{?HWuAYiz zt&YHiL|G%4Xe6#`H}*pzEvlrBFINfs@^QAsuA@buE8c4<<-72Q5CV}QK7Q(^J$e;G;ne|0sK?dS4}TQc}}Od zpzY~?4zlMfch#O^NwwqMIkzZb+c!0}y+Gfr2-bW2IYvepaat#H6gyC+2VT%sHzSvh zJI(?%>n^XC=nLe2@tLhAOB;}0f^}Yt*P6Z1U1B#uwG|6iU>Zw^wvI0KIE*tjKY%)M zC8lCUND2O-{x+Oy;OW!ef)7O<__NL387#AWE$blhmqpjnI6UxV)5Y(QE_p{Xed3*9z`U4=ABu{JbYdr9 zQ?a(;Kx%qs{9P8&9j`zPx%NrsF@wMUZKr|^oX~vgL!Z=sp^Tjp4|JSY5~r%RQMOs- z%5)rRT<(qbIqW8AF*AnE*cjpjkcbE2p%klu6iL*V(f7Y?&<@{}6QSEmnl6svJa8Wg z*5G}hIooK+dbq8mAO_PUKv+H+bNad+noLW!>+$|kiU6{WPD47J#pzhMxC&1KjMmP2 z84&Yov!@fu1FbXaIBoYs2hzYN<;dW$uvM3@HXG>jjfhd9llaWthJFpn$>Sz zg++M5b!~^#RO)T=CWXcMsBSH)l)@F`ZZX;k`t2|kxxliRzo9Twok^6cX-JI@>UXQW zgk!&6Yktzwb^E4cH7Yltebo~h0idm+Pb(dNA&5AbpFz+~0Wh<&H+*0I52t>bmpcAr zDUd`7_%q}U8Xz45S zWJh^dd&bjDl40=AroK?6KbfDzSZ#Gf3>vO|i6Qxn8Nt;lCU1|jAm{7b1A`xg|M*yT zhfTKH{?Ykqmx}NL9mV!Zx_Udx5rW9gNpEs>8kw(3+^D=5Az2^${O+6KjDpTrwgvJ0 zy0@!ks}1qEMyzb{Nz?w0A>TSy02mgypL%g-k5ow@HlJ|rAx8-e9ez}ewVr7%ecd|Y zReh7a*>={7hEiex`h6z(SZ&vU|2ELZYH(!+jp)>Kv4Gm6*px9t*96WKsU?*q~0C&3S|GE+&Zql#4YP$N61n%tdQ2 zOxulaCy}iV!8oORNUl?uS>(V?B&^}VWo(C(p(pGpR+X9876Drt*V;M}kVwbgd_ty6uj_FWZ3$2As=rPqUflj#x09|(i9%Cq`6lSc*M)AlKXLKVrkt-f&?KOP4E0VYoR-SX_#hhVVX zt-1>?s8~NMfXf;x+8YLn@_+>dlWo+5TDqrbjf zsGY0O&uN&s-$jLggm!&%`(iQ4vX?dt2z7wrFJ4aNoYePh2xX$mixSJq&!i1!v@)BC z;?}Qrqy<@Tw&lFD-}w^gb&ccrjB)tg7VYUM>Ef(w`tOPhC?L=nX@8e zuk#`{{c7iH`M1ndzS}7&%0U%2lts`u1dG!kkZ-#SiHN$eZ3JpWmNH`qxbWRd2eW!? znqBC^LQrh8?OYNOx4awBRSt>A2^mpGN;zj~54oQc_7)T{0kUd}8g3-<>_?5AG=xpe z{KgeGeGjb6HdBhmYJEl3b+_8nq+5SU>PKYX4R>BXl)1q=6_%}xpY4ue{ms$c4A!YX zw7rI3dY%34jI|f$0Vj7GlLh*bX^FE|%r{ljjB}7o6ct>!cU4naD3M?xqlB41Pp?nu z?!Cf6A!49#fPDt(w*@Bk!|}zg0~E=}r>o!M=f`$l{w(**DlZ~xI5KR2-{&~YU{ATh zA%j@N3)Jo`8v0B%iZ%N&GkDa07oF6^U+L?yk*(aoZdIxrw5y}y)npBN)lD1hT$^Qt zW(t#C99ar2m#%#${jy#=cVM4>S3s(-yQ<9ve`MB6YjF|v{$Xf$m0h~8hc}}q%VMqg znnSXce!91j1ax9yeIrpuRXb1nC?J%Gcl`Xi+@zM(K;gQ;K_N% z!4Fu5t_g3Cy3*k1?{>rNas)Rk-k;P>v`;vMb}bG~BkcNyEz`cMjM->m8o^UCdyJi| zyEzrT0YeiL;Qw}HjvkuprsLof8%QO=yHp@5h-?H?ia{$_URwd%d9Dg0! zjr-`tLT=(7nfbB1g%e<$3B4L?n2)(t{b2ghKn9WZs{x|10Q7@Zo1-{@nQUDu3~%F9xWC88gg5Fm$XvX`!b&xgB2@Rde6|z^X9g zC9d`d*0alHydd3!&EnYV0IQC|mY=AtS4`Fh0fD*sC7lvk8p=s|1Ll61}Li+swCqNd?YP|{OAzx;>*U&XJAEFeGMCwH(T`;?Kq8c>O> z;HYCx1_6_|P;7T(3jlfi@Qwmwab9aRR?clqyd_Td za}=klb|)$g5~lSfKsyvW0)FKtYe()iHEo7wqU4zYbK6pG<6@p&!0?ZB+TM+1Grh z{K7l41(UmjHD$zOQ#7nED%bHNQ+jhI2b2Du&V9-!tnRz(6$wj@*gaSNOu#oHP_LpI zZ;}%u&YYC9RNv|Y~s&CReLPL;I$9^`t%KCtcgI407`lD z5P$9NulJm@D%1 zLl|bvj(>X<=+lkFmo^qSaVx$=H<=nzo0h06SaLqUh#<{^gP^y>vPI-v<-fICKYg;b z6cx8(2N6Rf$)3D=VK{?0BULGJ(_yymF$}@v)I~15shZ$u=5i+h0QI1KmcbI+0l!*F z8&FQ47b!)2;o}|L5SfGxS}n?r!J1;+Uq z3i(-HK3`yZ#vH}|5D~YidphcL4z6$*PlCm4ti^@xyn!SHMKk?|y9Fw zKZJxcd?b-xy<#p!w`5Gn3|Bs15ARmCYY(hzzMHKzf3fw{!>NtmhKci6O5NpTt z5$$h(uT6sORZ+*Zd1xO$KGsPc5$7srmHX0%%u~t$M*x#V+DF`EA=v&gAKIpB&cPVZ0DUL;y$?b9R5~`ApWSM>0Q%T*Eo2p<7$)*ItcdG zk~(1B-z<$ud)$4BAXd7P+k<7Z@%dBfyy;%P=B=6Y>7FW!bQb(ki(gGGlWon?r<%=* zEej_!VkvVf>S5>yy<~p-LEvvX;(sZ56&kqV+FTz{wG@ZdE884(HJ9`-knB^JXpg9D zACh+TNdNGRLnUt~z(lym1T|DwuQx;;;4qqL(}$Y$Rx6PhRFg;KqEmy z`KR)S!L(m;R{!XNOxe6Bl=Dg{&Y$w}YMb)C@d{V2D`S(VQ6fKKo@;%|46^)yc?V|F zHYJjhzj;qPKV6S?77OSHkH9MbRI?jnRV%0*a*Y@e{(Z{&5}@0DFs8p zdyWvdA=Y-P=UI@AtI6f^u$)K1yl0f}t%sky+JiEP;~0iRUhUPK`sZ`_oha&Lm<0aG z{5-;2^m62zoqSo4D9_<)5BUfPyEk3WNrsN}r`mZ;Ny;>PjhpC8=Mwz|{Qz5cIIf>c zJh7N%`1Qn0Y4E4{Nm6vJhbzK(r>Ahe3A z(mQ|BYQHXanZd=jSG)9QM^G^qGzg-|%NbB8*q(F+9<-5O&+H4mUhzKuSV56x6 z4#fn{)L9lCs^9hyGnUG1-C{tF4_E@yl9W`J5euMFDL+OA27-!j z?i}2dp}zY@`L7RvWlrNBFx8*hb5#J7=7jlB#cx@+GL9MYLynW$GD4l_U!5GSk1N7SFmY@xCQL~AF6#{F#%q{=6f{#r%B`KUGV~?>Hc*QhgPOs}6 zCK^oDbFU!3ZQA(Gy&l;x?y7J1y8GmGH?7xYtF>kxm&!oJ;{;8E%ME!yR-6zn)}lIG zC4rT*|6Mr~2+)ZBG#9rbAnYi4(`F?=r4=vNs}(z4dEq$oNo8 z_Gt6n#h$c{z2~`?%~W7J-SUd8BMH_^{vLvnp}L9$D}M|EZnRgj$!{aj4kbI}x<0wI zGHNK?WiE~DgW5W^4h$*pXvA-}kmmlLqdtcOBTdGGP@YCDCsvGm4{oT4_5yAE4X?v0 zzsX}5RhmygVmmmi7VQ4W@fg>0&2HhGthjP6jJ-?XVETeapz8N0NJr;>=yZjs39dAG zrSRpn_)sg&O6d}9yq*ipO+&`E(!uL~TZp2BKkaKf7ydan(=SW|YHKSA6i1-P3}F`Z zM!;o}e&%F{;dEZ&V1AQyI5W>2pGMeIoVxE_+ztW*||hLXBv=KOl4*KORy#*GBo>39} zA%{tsL_FnYeKoYSR&ORGsL66UjhbgljqYVMfLyyYtgj*bjej6rJEA`LvR#Tek!S!- z7eFs7f}zJbOJ0>bAI_`!;&4o`d=n$a)vzoS7R}xilYIx`Tu2rQTI80smlg4JLRS>= zm734L0Zd3zAfad8il<1B4y2p*SyNL@Jti^n!oBnQ_!=F!V{N9I-3a8-}ab@f6l_8qipsl?6oZrGm#%gAbLukwew4ii70QGcEiYhIAttmLj&&4O>B zeG=iz%W~B<#hJbzr&8N04m*wq8gG|IO|hdoL>wP3V$YmQv7CiYouX4ydRlS*VI-8E zUU;>eHy3MM8~7ep(82#&tlPcMh_AAHEwrjQ(cO34NNXJsD7GZpCoxF z`}LTiSkFIS!3xS2{H4(rc84h9$I?%)!;XHJQ@t{8o;Kos?;@Go6d6) zL^(rd&ZsqZ77Hi1zwo{>I#-bH*E##f!gR%gdqi#2_f+sr?l)4FrV6z;1<;vAMMZi5 zs2lXqb#bmn&$x&x^qWfj+>eWz8ysh+xBRxb`L=5=pt9_~*(AH8V2jl-hVEzf?G$Cn zKXD~43(xz&?c|{Mb%Ru_{JUTpC5)D;(RoF z&&d2EA`i(!D{1V{65uKI=(UcL6SS39`)0U-hg$4w1VWf$-LhQ_`?MtT3Oiry(q`Fx zo2Z!YPN?>PyC-S2QK-l>>BNQlOGB%s`A2-(x4UHq*cq5Iii=~Y1rYTF>E!OV?nF^x z|6{k>-Cjxk5;KA*4q2QXC81r!v3e?Pg{7++`}1Ue4&PCDVDrx(=oBKUMf`y|hvDuN^W<*C znu)hZwV$3PTC-tB8@-OKaqLx;>}xfG*Z#S@b_B&fMi8N}gr-nniUoZ2@kZW@vz^dY zO}1hMt4g4JJ~}*CTiYJ!D{6BJuwazg`KEB#TIQ}_A|A4z*qEedoUlJlZnTev9)>zC z%-T?QKUOz+@%ZiQ`SSu)og-;j9dTp_knVGMXv8n7p=REWUHsVnn=KPfd^_azQ?uh& zt4#dW7#zw9rv%Hk9KCCxSpIF^HR2Qd+s_qtm70wc4nO^^24P_bRczgU>$zhc zAo4`=B&FX{Zs^Vi zM{1*|lO!Bzk{lgOG=7YyK!SZ0H`<>H=}-lKsB;X4Q@!Er`H6LEkWN!lH9$!TL#q~4 z&oRTCscWGiwlG2L*clFA1&wtSOs@AfN6A+jJNBt*DE%jJ+COzIN(!x<{;p2ljGO;) z)O+Ng?1T4~KR&4=M|b^o*tF@1-)(Et56{YCT(xOlUO|>(N%Z;xWIe5ZU;pRwtuGHXuGICzRjNGL4tfB z6D~3B*!&YUI=_!GMe`wRBY;5>&^ReM9pP;jlDH1S=aR4k@;NFKK#5761XcWEmUsge$%AIiohA%C&`;VJ$L_DfGg0*=CO@`5j$y%FMB{OF znML!V!l0^x&!vBvvaWQPSg#K zmfloJ=Y^52ImsE*JlTugeEQ18QRv}{e`1p1W?xee_2w|p6BJq*S=0v@m;7F?gSqND z@^zi_BD+0*F!dgGe&e6Ht*07Yd|;a~y&8*&RxCBrD5o4Xl#_La)9TL9S6Z!6s323v zF%Ko>32RAo-NOo1(V4`cHJ-?s)Kr_%sjc|EC0}|(d}ctycanoHnWfrJSbE)`m);G4 z5_B8)eK4BKL**TqZ34FhWoSAcQ@EY{(a`Ir#FP+6`o)~X>8P@`c_#;dYdrE-(-#!| zY%m#WjbmJ=JMc`^R{JSUQB5H5nR9K$t zOkOQ2#x>54fGHey-*!8EZ2k_SX|>g&YooxvgtR#%ToZ-_&19qjOFqd?_<#m1nC#0(dvYCS*$@3|D9XDvN` zz!xE)a2B9NC`?f>YY=&B6?!CN+-!_!{X6UOK5EopDEuDGy3xo6TnDr$_n#729KLIs)d(Y z*?+pMP+%{6Vg1Nfv8yb=7!mz%7ty%f2f)i3_X?k4-`!!snBh~7^o1-57S#h8%VvC7 zkPTq!zWU?mNYo2eHy=^utLBye3H+1~jRs_Xc^F_;&3W$0{mxGH`<+0?Q%$X>u318D zJ1)$7chMZ+tNXNF9pa98ba*B{R_)HW*qd6wL6ey5E0qH~ProK|x?aRyy8GU){inI*1UEnW$7ID++IO3S_EtwU1**?ssCTKlhNHO= zC+rseph4qg?2qry28t8kg=zy2%+yv1YFGXy6XN(RhuP#rCBb?t8&jT({AU57mz^*G zc-97F4Cvj3%jEaf7Dhr0>D9=##S_H|w6(ujVy4}?Ux{%fdq9XT(IHP$d$p0Qf}B>|@>R!RVBG=;`&dv5LDyc7_$^E30C)HL&|Ge^fMevRA)D zRdsurpLyrLm1U&YuS+Z(=M(>$TUrU45I|69>JexJqit*){3_xJys_6J}Kh($LblMeZi z(;9)edRR!Z-{G>ZP)R%zqkGmdP6deAKl68~AhMAe=DT$~lskATcE`;?C)%l^q~bnV z^Dpy%H#cB{a(HBfn>C8_26=XEEnz4%hrIIu7ps*1TcRp&XXlH>+JB=e%a6-~EcdFb9|^Mp|H>Hnp$z@# z&HK3y|8Z5YPzB6Ey)5YYGc@jrBH0Njt)(|5do0aepC-haEHK@Gv*=gxcDoH$SZ|Nd#QoiBj$v<+B$ zSgeV|k?txNF|b?ZkAvo~HCO_(cK--PPqIEBKZ~+L)Ub?i)Mn2^*@q%93-*EAraniJ zDCwgR4T>vh3 z0;h~x$z1{sS;|R09Y0>OO1{i{X!P=JR`A(adhCZiX>2KUji>Nc)nwW9YuvtsjW-~! z3=;-mcheE3^`1$#yL_&U_>C!e%DS5(a3#1=#q`E75m4lSpPo+YtNoSlxcrS`n%}iv2M*>EN?2dKr_Z{n8*&I*CbybtgIFdb=ET`~dpQWpBNL;3KltP2>B&g)HcR?g#Qk*s7RHMz23NgQg=b8#EOPziijgv4 zC!^6`qO3C8*aG1NG!uY~SRQu7F2x{=i2;@yTj*Qps_V|??mdC-wv*)1_WzeX?@)#Q zNy@n@P#q651?p0{yCyw?{{s~@w?o_CPl*TbWX@|Y@}Xp@181S2+o54Z%G1R zhPGa6`ahSY{g$=(wwq-AIkaTrqXW;73^!7*kas+r&3ohF*+hJUaTAT$U$ZERpxziO zCDO`K{a`8Py4W4ESF=@bm>d7)3+_*sAf~HgEb6{xi;pU!n#>NXb02Bv+9d6_w7&)3 z4`gU9h1fzB7AF6b~Jdk-ORkQJ=gUjzuTi#~~`^L0XYIfuyb!sHz=wC^q zA>F{AS>J;+O^>>$URezJIT$7cz)*qv`X1vkY2hjYRZq~e7EBKn(-zv2?2GG~M2%?> z;Q&|l`Sa%`0ceu$1OQ=(x?#36_wEpjENTd|}QoT4c;-Z?)bkFG|{>WF$dCK>7>MnTTPDZMX7mRCCUN{^_|gsZOURu)|u~ z$HblU;iYNp#>qlJqJ5hG)Nk=YFw?p{PkfJizd9qpTpZ~C@(F>qGqpsfK)kashWElW zj9WUz4R`7|oSI|4f)vl7y-3W%HsX`l5}PqxE+ z^Ha*u4nDewYJ%k_R8Q|F|MQ)iZrOCYeF|p(=e6A9LCKaK`>j7~i~T*%h2Xqp>29{S25Yh3VmUG7e`E6UP? zq@A$xAr?S~6#c*4HaIvaWP@2d+(Zht4xmX(efFRG9TiaQj5nl3&m8{pJuK2#Z#i%h zY(?gb&H)$A?cwAHhXdI<_xOJ`4&G6@+@b^bwwWnw;IDlfdo(0Vo?06LR3>jL($|~b zuUq`m0)bw&@Za)wD$RCJYP6tBV4j;&pm)5YiW&Z4}9LDx_w~$_#J(AfDE!bW_ZlOH`U2e?O zA6+f3E@CyU$+<#II#lYllcmo$ugoe{LjY`HkCItX-Ufk}h^73cgHKLN`Z#j5j6D1J zd{eum0`H|MqW@sJnrIU4y{j8$EGc>nEz^}!N2 zj5Pgzv-^SeY)merWp9e7u+zEkuU^@S>^g2MdFbr~cajwqJ*U-}r8rmNrZX0&p3$}T z-jE$&VzIrrj@ZY4I!niEIp%I`MVYq^$ng-#(Tdp!7=xCk)Um~tojlb-e=ft)g$$S# zQiT>4@~fuHuqi+PQ{s!!HF94dG}^CItbFNja+E4wxp`M|d+0>edF{-ga^swJ($BOS z%*ycK)lGY=(+@<}mNaAV*9WG;_a$Y=#`kj&yg^MI zg!9E1g<@t>iZG_9`^h^CHCx^^D!S0H_)I1uASD<=c0kS_(E>}T{Xz7yGllPr z>gm*OPa)RoiDmBPy`BfCn>yB#?k*Kx=IjO_XU{gQV*#Bi=`afFS$w)vWBSF&<5Rq{ z-YlF08|5_Z#oE{R-fT6v;t+ZR*>KKm;=N!cb#dxC_9YRM{Qy06Al1)Z0<<)1KMgYX zElhg_w#z`tV2SRP4l+|NFBE1!uAco+)A*}^@#ods(^m=^fcwDtpRiv%JyhB`Hsw64wIE23Wjd<;J5IYn8c{F z6W5Qiv61WR{t)+7?ZPjmjHGS&*#!99YXm&irbXV%iO5-)l?OSw8{D<%C%h&`yDozF z5kUtn#U|fn_W!#}s!r^GyQ|#*2r$<_D4E>1gKV3w8-o@XW|P+RW-UzWHS=UO_0naJ;{50R)45s&*jo0wXF+~#Y&CS11cx#9M(bX3)0KA0#09~;z zR$>BhJ-57v*xlc&$fQygLsY@P6Ys8EGKdpUv zJk(wPcO|B*l|=R~l{I_ztrRVUHe0qVL$*N%S;iKXt<9D#EfTVuk!37n$*#m0V=#m; zmLX%9!E@Ag-FMy3{XDv=u>=a0TKbI$pmb3X6Sd+}Yr14EmAZj3iSIp^8Lz`!0!^6&d`ZYAuapg%hlN{O2M$Me?;O#;u8KbowdjsJoGEq3 z*#hD2tw{Gpd(4KfS%tSM*iS-L7rR?xkM{kVO!Y4uKXSE?oHLAT)m+g_lPuZ_gH{Q% za)YVZyJt5jc0{{V6`*%F9&+j{uCGHLCnmmc>+b%7y86rS3hbw^vL(T#O;l4n&PeaM~8Cj-oW2Q0&ZSEdw7QLgrK)30)kYFmSidO9gW=?_+mJLSIWFA$t+N+52gm6>p38%cJP4$^s~k0#R%+T7X`mLypxoFoc8)tmodJ*Df<=wx9RDYKW^I%Fcm=U zw!p<+cq3RrWcnJ(JC^T$&arrZqQr&VFN&|#-WX?nUL`h2ioIu7!f;2=#YxnToMk*^ zaP4|YLfFacV(koFxw$5Dr{i*$fapykGN;fd*CS8Y_YM1vuzTq$^SV}-xr2y1?tpss zc=NB3ICLKbw5~Hs37niHjN&@_}04}LB6#v(od8wAX zQ_Y|fiu+)x^v5>`;;-x>3@n$q`N2CjfufghEZng??6;h3UKQI!IlnMUT+7!Ym#Nj4 z=3S{|46D*h&r^w@lk8P)02(4mMCDfcyTP~uf$9?I3S7!OHLA2dbchKb;|_>R2kpU0 z%|WMtrY?*rCy34yvivRJTk`JzsdBla6Q%q0F3)*P7?2LBpR#yoV$TXeRPJxMz_RBU zSLfavqy657_7Gk*3$O9cWAsJDQ0(Y>7i-XWqfP2iqM^U*HSU2U>CLkd)5RWrS3p*m zi8;ocbKoZzLk|?)E+*LU7rbn2(dT1EFwt5SdxYqHYd~ePPQ`BDIrDk{%g5<^ZAwSso3Y@*TyS{O6;SdYRxsE!cj*axnXX8RJxA7JZRy)iW)Y1w5ibA zOfWLJuAyh$>QsY3z1ngC>PU)b=8~FY(?l_T0weu!ehYg(m;>Q>u=f|kE9 zYiwJeV!p!AnlE#^EiZ0q26ymb3y5G9!8r4>pEz;Ctj>E}24%eX9;ZmVHcaS;W428gzJST3AM%1vfJ@ zNZA6#eFdwllGKfcCh-D-*Abr)%lqvwKz@PRAtca(f3n>HnuASybbiy|=KZ*-sHk{{ z^RGki`}EGayIg^dZ*2&yZv$s5?Q?@#ss+-q+#!v4e-iDi+cgGpA1CHhs;Brfvk2j@8Vvxz@E4eJu7vZR3=Ru*M-2iWu5*5d@pzu8{XlkB zDb`-_Q?;(M{9LbyL)$DQyGy-T-J&mSRAuhK8O~#~;3OUif51Bi!ASUHIh@>nDDg!B zF`0GP{?9#*4^r8I(-W)G9OT?hh~*eZMFY26sLX+IZJx%GFY-at8=5K0)hDPCJyGO@ z(S`b$%RP3jZ7XIrd!-2PE_7gutUqBg>R88`ZDfpBtBuY3o)%jz4}G2aC3;Gvi2yc+ z=x14e;n$&;N* zoi7Q}t&USAGC78~X9r9B<~Jxx<}HHMG>wp<;F69(Z`4e?mJ{5(kK>sq(zPAe+CCqX z(dugnPI*S~J3Wp#Q^g!CAA zrlerj6Z(gp_s!uta4IA2QSuxKuc~6&tGg&%eMOx@RRhNAP5WgA)HBYSAW80LZl7`|~C=#QIGg zf6m7O$R%mLGIsRatPm~JhQ+nluRuO{clr$X~-|Y zs{0|Kb?RMu8`Nn$0wF6PM8({oE@Rh-)!M3$JV%4}m=bQr7g=2k4Ud=sFuzGbBKep) zOm_F~K2m*H$H^Y))-Yr;$Rk2lvQ--noOU!D`G%V$g=usQo{16o4#SNI_H|Ve^pUPZ zNSgCIpFnHcBxRHfQOZkf8vP6CN1S zvueb1)srVPO0gf^Hr#|R2ik}UUh}zi{_lwiM9i-|k*8g%IX<2HvvL5jGvMBJdnM^q zZoa3E@b&2S7qSu&Y``2hf|);xv#36@G731o_@_lPhvd6j5@YUWtJpK%i9hnX{JZRx zN%MiN1kVh?%*vhZc1B#m3>l%q zo@2OlDRp<5I_!#4Jv`#1-2quqXc9HxnK*@;)k^`UD3Q@FDLS(zNn4SmU zA_c$hR9l(f{42-(^LLk>TKyr-G0Vq#Tq|($?Q%#ASpWWs(Zph|)z!EmSnd+`mAqL( zUNQ4hYaH?AzR!1G;trhgHS7N{r!(dtj^663pw@3E-yfy+U7{CBs>=pm=2PNgm}9@y zv}`zURvE{M<$gvSjQQdXNTo~|z_(AC8=UT2)Uo<_h=x-%$3Ze6nj+68GD zo7!U`uHpNW=BsW^#qJpyu=|qy;Zh8?1bU=bSZ=0iB;MTVXmy>FkYRCmX~A5D(Hj{| zWGiMNVkQfaK%}d0EoNaUgYT4~oddM_MCf9fIdr>A$q?VEJkNP8!BHrH^q%TfL36`$ z>BSRe`I!?k9$K~B!~UP@;Bg&~lci;TA`15E@?TKLG=o_{BP^CsJj;2>=o4W;GM(C&q=j9CRNaEA*Y|$E_lSq&!>8mwDD7-eI&J8 z$h8J5WpA283?4R@0)J4e>7x-xn*WGLt|{Q;UYoW2=qj9OmsWo2y%sSyT&N1HEE9G+ z3MD(xW(Czh{|&GZMje(ng4Rz@u!MVt`5Vd9|&lnlDM9pkag* zISRURu0>HUfKmcq>vta|nA#oYDFu*wb?mBiH|$eK2PVG={b+cYA8@t=-@a{y(FYGc z=a*<~iJL37ZP1Xis^U4CIx|?O4N+Caed->G23`iu7Dt8T8C;ZYPlquy+xEB?&okXe zra(DraG9FluN*P z&BujW%=m&G-z4uoz$Qq&(@t!d-j8~#Re?M3R)RQ;J~AHE^_2@fgx8dk-S6`D+`+Hz zJ6)dF^Ihv>Lw>DRdQ^lt5^HG1^c^ltLe4OK_ULun zT6mbchd^IE-mg#eS~vTK6+^vNi$`Xy$66|Wf~=sx%}T1qqKBrUWiQ1({mJbLzT8|B zuu|-|XuZ?pf9H4iE~xu#X-LBq?L{jvZTkR;Z>O!bK4Hi&mA1Q#PZ$>3={wH;GA7A>YX{0*F#g+J-xR#IezTBdGv>T(HEiRTW~u* z*4xkCegqbk+_{(v3A3#*=3XHL{h_~BUux1b)35d!XI9h~J0B&V01Lj)CFj-@T7w`+ zqho}&#Io6w=iNWfF(GFXuY4)<4*Zr1A4Zo+(QMmO(N!Hye@`5akZD*NJVBoBgcPYY zE-6?VTn>HVANT^xY?#eUwvy%ZLs31+; zPe2bWo?O3GS^kmHnxjwDI$*ZNz%QjG!cpbxpi?NbpkDf3%o)bCAX|r*H&;bsZQlsG zDmf7I7Q5@YwUq_xHZ5hw80zYF)os76ppvu~G2H0P1VoJliyuKdHTJPaU_nlz5U|5W|!Gy_vKdo?l7@@hC0F10ZvMCd+pxd2DQhkPxdO~OYlTENh@WHFz*V&`??MmQRdxO{J*Hkt;Q1V;>++xW!npA zufUwx+EaE8M^Eh-_J{+B7VMtQI+I@d|&a<#4K_tm=V(2KmDA7lW4+`K5U<+0wvz z;dR&7!9aEeXLi?-B>{9nx^( zLyUexe(4$DsPpx7#jBGqhsI9*73TC6HV}0O1QA}R<$oc#Grx`pz$U}*jqDGCQJ9>r zv>Rg{N7*HK)|xw`zD4P7iq)gfq4@TlZg##2i#p4aM?aWexRhP_O^o6QwWq~rm?a|x zFDHMf9}ZX~_7d&$;?xL9HrlKT15OEBX^M6Q2QYTtJB}!S_uv&v`hgg`(}Smm*el?` z`j84&l?+pKbyoY1R}Vkudqy&j(0pYM*XaL@AM4-~qda~ESp7@m^IcRj$` z{~G-R4?xy~A$4XnR*H!s<*p6NS$q6vFT zDO>5w8=EJ99 z^VfV~Jagf6OCxOQMn=O(C&8;!-p_7yMDtVI6;lUcW&I~t?9hT`ua69wW1u1d|0OcJ3MK6VoTE~eCb=N;n5W*N`Y9!F* zZJ~0-69EdzeRp##0X|5&Oo9emIyyR5(w95zUEBIcz3s&*J*2wotXH}IfF|DMzwL2;vky2h&5vpj zecL~wZ=O^?X^p-3vvY4f(gQP&*cfqAaR#%u*KS{I64ChT)$mooIctec1tYmDhFhj- zG{l!HWO1THZqi^b*V?pWyK!zv!GLHs>o_ERv&g6 z@p9LREEENcfP4uss4~eUw3LHWiO{`XPu^Ig8xsQJQ$Zou_+WQ9@ z)sKMhFbK`hC-+*-2I?kEUb54=J#nRZ*6*!5K z5@=TO*u|TQvcQNendVp+_S}52XR*8X7o_xkS&9GaOKU#%W34b4R8_Xf=#^fx&V}Kq z^Nj_M&M~t*T56Xp8k^0pi^hA<#6#9QY{u_%TlXSVZWi9U4=8`PX-EMO7FLfgaQn8P z{gUkw2%z^ziUK@M9;_b=3*ITxJ%Q29)we45sKOvP=AjJ2_m~z9yF%s@3gD<)eV9Sr zntw~}|7t;Bp4^vtuZ&UqUil@fYx2c++n$<9+RIpXxY>s~?SXuT3)}JSatiJ8O*%bk zRe~l+JEC+;q&rgK0QDgVt_&LWos{!+!_8O+zcc#>^SOA0zY>49`CblNb-_$@n==0N zB*}h~(%d~!b*e1WZPf6ExPGdAeYpcomH)Q(V6;PPx;M?adv|+5;3RGa9{B2W-wwa| z8O}ze>?b3gE1~DY*1*o4PhR3Z(b)AUJ6b1VS_n`6+HjK$8pZ z4$)kaH*I~J(<;^1nE5r+i#(rEKefJ_Fw#=s6rxAWQ0s*X85}f2s(HS8i z|BcHa{)NlH1w>HWg_VZtqXbc;%NllsDY**(XxWu+6x@7rZMTx4DyoQrUheDW6ZhhC z${OB$-6hr@WYu;MM%uz{Js9vl5=;Ovg{C>I1TaGqv9n1Axf~ zeC&iuu$6wUjmvC_@LM{IA+{!rgd1(Pz9X;a*M%C@P%Z{-aA!447jA28ZIV4F@}TJa z^{KScMqi`tUE8bQ3@aBCXU)$7HMc^qRkVN;i*bN^+at^12Tl zajxGCpp!+PPSvh-OZC(|`L;z9dLT3^w6&z4>Btnm-d&khJHL3L3^*Ct;e;4^1QxI$ z`QzTV8ymV8S6b9xyQqK|7`u%hGb&e~MiZ)$<9U+YV|k0G8WU$%+7}BNd_i+NYb5KT z<00=g@k-MX$*r5J;w^;*_g!#P;*tQomJvcq{}y? zOHp<3D}zA51C69Pw0ozzfW{}di|bj_?ljF;`WmP=Exg{TReVtHi_lVgz0}P&)HV&i zvf%3B3+*EufkFn_DNaHR?OM_lw24#3Iwj;_AM$UeNz-O&kE)EJzHNQOu!3Oe*X>@mTVvcmSpnq-is#CHDvM=`NaEe$onpVW)FA>RKZ znLy~{nKX50B?c#DSWXSop!MXiA}Z4ysw!P31zFOA8|wxz0-AhaPWp_tcB&JWD8CXr z>??vY0*fCN?-D(TS7`0~G?H2E9;p3HK;e<2!6-?skmM~Q?x$VZJ^x~&-jT**O!2yi zELtexjEmc$+P)axG(1@}nw(y?(+j1~0yn|?53P4M`k!3X(em)8>jkan)HOp3H+_PZ z+l*YaHZeV89jMJy=vAOA=98gIqRXd>mI$qdEvGqxh3fptf&vfxE2g<*6YkooTEtcm zWe?%gzDHr=l(&+Vj*!fi&^j4crpbrFNCE4A85xcu^o9fwA{4vy-Fu!Sh#}kS8++&O z<5Moggfp%b-<`Sb;E-d#y~Xcq^+^v-*@@zj0DXqXM=#(R9CL6C4x9#+9a7JviXB6p zIcf+>&lsPRSURrmU>YdLqLsdGA6he|v&v-@L>Y<}jfLYK0EyotW{$47nPWCkkmk-? zQV=Xfn)kwWDYVvGD+SAqZ>4A;CnlslWE{alg|fH z@_L9po?B8|%Zunpnc&T$>$Y$a^!g7JY{oK~I152XyCUvoDDhKBSJvEmB*mOUp^#uH z4C1{g9SfbZ37q%c-;m|fD)|XDC*MWy&@S;LjvWquw!nn+$QquZb7)Z?cbC!ZhW;W+ zt^ifwwKW1E3MYDP-ZYR%HDNMGE0TOp1qTx-{x)Xmc%S$+;5Q1bz^ zg(mq*8)a$fV(kM0tEXt>S;-Du*}h9rrq`sa24! zs3ku?LCuo66}~OEDYUe9tu9tCOp8uDQCzz2jyN#rmIwrJF~c>wP86y1OM8 zo*))CIhrH7^o0<4`s+JhihUfO12aLb=IM#DOGe4zrX(@Y|f)@*tcjxe|Yn*-Kc?0W%sgEMhB}$7r7$gHNFssuI9*L zEAtRi_si&5SaT?@gRc1x1-N0PI4KqLQdt;M_KBtdZ z#r<8diRJCLS8+oi__pTj&~ZIBE2Cs`vQ|Wo&GLyLB4Ue6%WvIg+$UMWdh4$(BDrV` zq2<3{D}!Pl6f$cwzLBbIx6%@JlpW}ZpIJNAH`ljEP0qi3+>mT)Jj*5gLZ_>x9J5@@ zICHXo68Vvhk};3Rqt<|=Fb!IiMln#6^PLxdHnUKLC9gvNxsSn!O#O9XdxfB;RzQs2jJ)oZh9q{l-fI?JU6~2wm2d^vvjRT>#7%SyhBY) z2|^<9GRcB<6DIQfX7HX&O|R~B)z^I>I_Xtgk9KH5fq@|$o`g<3dwe$GUmTEGE6x_! zV5JiSdaG|cBEfoPe-O1fVf>jkm0!!3FioDBLx=XOy?P9vtcVMtkU zAY$14Bkj%ruCTh+fkrG06wqc!xLjI8RN}9R&nGCa1(svy9XTDUN8eQ&=zW37c1X=p zp1I@8bPcpC)7^f(!A~t;tSa*OjTmO*J=fJtiy&D z7&KJ`ZZP!K>7~zgTZ&txMXiVg#AFZo{q|}=5P7sNvaWKrh|G0zzr8V^AKs)Nh4Dd-m=rRizFujy(3%v|M1nj>39$41 z#a#O9bL2pz96va~BS2ICn5!ofp!wZ@+mS?kYiiv>SR+KtA?|Xb$wJ#vhz)I<)@|yn z>5?g8O?#=W2f^;A?Jon=qw(H0Z}bCMKk?WeCB5vdf7$U3-;itia)IeK+={cZB=(}h zOwOriQ(TV^F@1#7NOb}ShIYRroMdQsXb?*_eCbjQ1f`dKFiN@xnOHB8+KP_gk`>ZR ztVfTv-wG+XnARrWMo9>uTX#|b{GKE3%6AF;ST@KS&8P0QLo1<0({B)M)jeNE(C$~ zLPG=Lif&yuPG>mc7)$paRe1MZo{bVgM|L5o425cxpL(Z*OvUrq}Lz*S?wQ2%J-d{`jo7HAG{J#}8k`e*Bc?CnH!x z<})jG*x!AfNuvX}lxY19BT_G!V;Y7pkz;IzBWMeBxsmnBHSz+>+K$b6&vF!P5wXiv z+3n(mG&Nt|kpSq;vqLZ<%U2>0_hNSPymkr^jSk!!=;U~`Hr*s)GP`k;)I(vkdjlfx z{)Y38zo1^S!ZdtL98dDxWUvlc);fITa6poBYz}Z`2|XE6TkDwr^Ai=G4jRBo3&!< z6LX*SY@#qvxm+hu+Jg;h9hIo_*Ee)`Xd-t(lTp)mMfDx-fwX{52bP?WuP? zu-2l(P^=lTM0R~a30%DtLL@IBkTUxi&iow)w^Ln@OTJ}=tnGfHUA^J0fta_M_-M1m zy67(1@M_aHCGBW^hb#NUTfdvLrVdr^Ag*mGfJK|yu-dNp*TG%8n6F$scjmgLN5B&E zR~(ZeBh!d=naIWqE1j|irQ>EJ1$bXzPOw4b6>OT1u*&jv$AkueTR{$R>SQj`!QW}-OifKTD@V^z zn2V3;D=N$-K?zvv8=(2FD|FHG(P5K;EcG7#tPQp{lT|8%38%C}Y`x6{!w%8L$FP)WFC`$=21{Z8-()((G zzVKggH91i}N;kmwfaF?|-Q3ofNOLx$?v8qqGWdA^YU{n)#Kx%I<-wNWsi$q7PNdvb z|Ah2}$~FWe!abNab29Nc1P;9H1t*mQMIo{oOi>q=gG<+xnLJJR;Tkp>?>Ex2AGR%p*96Nif7qDX9P- z_LP$=mpQ&}i-q9N__Fca*({dd7lehly-IrCBirs-0(G^K)qvoCsLzj4);I8Uh^i}O zB&C{}F}g!zZvO;F(XQ($x4!%QzOc_qItpeZ*x}h}~E6|EK=~0Cwv$K)}oe zRD-|6`8!*?Y#tb5=d#~_U*pb)U*E~^{B1wu2Y%O05#e5)|99bCrYzE*F}v~Gu@LFs zr_LE{&r93r3a&bGHfzul=AGA!-;gY{kI_xK^1*5VcZq)&d(XYb!Evrg=4a8={}?}T zX4Ki#?yn<1>`GZ~I~zpKa+UMzSAG6`w`g8yg^Q);+@+iX}Ovw}wyR$xA-#m8(Qvja7Q7p!<%o(N7bj zWGlF8>B^(P=W{ZFrR-ymBny{1`B*{Vqk!?K1Or>;0t7qfO(`|Sg&8j-u&xjK6S+c} zpT$tu|6CW|QM#TeRU z+E(;V4HaM1r{nL_LW-1^#yG05zBB*KXT3XD_Tz)BKQ=v!i4mAA%J_#bU-N9&4YQKX zJx)ENk*JY-oY&r=!$8VKwtiqCuuM@K4BIl39n=Ez^@f+c(tv>h6`(3e)3)x~TpLZ$ z7YsPJ9pBg2_ZvC;s)4wj$`7FFK}{tS@B3Mh=UiNi-Jxpni8tO0SE2O-t)n9N-0&!? z9d9SKZIDftEX&eZKEccAVU^&nVRYiZiDDxkZt+k-_vdKNSu*1 zIy{7+M;=o+U%8OUtg-y#HgHaXtZ>&vhd<@i99m%}&Fc`lrrkj*77vV%0hqb)u}e*K zUxhLFVPDFo%va7drLdhG2InyHI=UDL=PHeJvDV6Mu)(7q~fy zg`#uCw>!)?Pcr-PHQxY9APDMB_7FR$y8m;h9-qGd?*#;kA~0Fr zYm3bY`m{z6)yTS4DCGNTdV^4HM8Y;okv@-A`0-Pj1N7TJz}I0h+)YzrP=Bl>tD>|H z?_J<3sNRjV!lpo^?7xui%8)iZ9s`79<8ddWV5RXboquG7} zA|hJoGaGiza)$rm}X@D_x%WX7~-k;n^ZT|Tlkyn1-?stx}XwVuL5rql? z9!Pw7d4*Y(+r=-YHp~;;|MmIL<@h5XhJgWm!(LI5y_?vt_n({S9Tk5@V41N`w^`|B z)bCp|^=CQq<~Z;w{c+ylpWE`GI3u<}u zIlH+5J2D=w-v;XHwFr6sI}zFYFU#^6)aS>70x0_5Giq`t4-fO_*w%g`ACY<8|GU*L P@bBXJE9VN&+J^rxj}NS2 diff --git a/windows/deployment/images/mbr2gpt-volume.PNG b/windows/deployment/images/mbr2gpt-volume.png similarity index 100% rename from windows/deployment/images/mbr2gpt-volume.PNG rename to windows/deployment/images/mbr2gpt-volume.png diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index 4551b08e4a..c5312c0bd7 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -10,7 +10,7 @@ audience: itpro author: greg-lindsay ms.author: greglin ms.date: 02/13/2018 -ms.reviewer: +ms.reviewer: manager: laurawi ms.audience: itpro ms.localizationpriority: medium @@ -23,7 +23,7 @@ ms.custom: seo-marvel-apr2020 **Applies to** - Windows 10 -**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option. +**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option. >MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later. >The tool is available in both the full OS environment and Windows PE. To use this tool in a deployment task sequence with Configuration Manager or Microsoft Deployment Toolkit (MDT), you must first update the Windows PE image (winpe.wim, boot.wim) with the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) 1703, or a later version. @@ -32,7 +32,7 @@ See the following video for a detailed description and demonstration of MBR2GPT. -You can use MBR2GPT to: +You can use MBR2GPT to: - Convert any attached MBR-formatted system disk to the GPT partition format. You cannot use the tool to convert non-system disks from MBR to GPT. - Convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them. @@ -96,11 +96,11 @@ MBR2GPT: Validation completed successfully In the following example: 1. Using DiskPart, the current disk partition layout is displayed prior to conversion - three partitions are present on the MBR disk (disk 0): a system reserved partition, a Windows partition, and a recovery partition. A DVD-ROM is also present as volume 0. -2. The OS volume is selected, partitions are listed, and partition details are displayed for the OS partition. The [MBR partition type](https://msdn.microsoft.com/library/windows/desktop/aa363990.aspx) is **07** corresponding to the installable file system (IFS) type. +2. The OS volume is selected, partitions are listed, and partition details are displayed for the OS partition. The [MBR partition type](https://msdn.microsoft.com/library/windows/desktop/aa363990.aspx) is **07** corresponding to the installable file system (IFS) type. 2. The MBR2GPT tool is used to convert disk 0. 3. The DiskPart tool displays that disk 0 is now using the GPT format. 4. The new disk layout is displayed - four partitions are present on the GPT disk: three are identical to the previous partitions and one is the new EFI system partition (volume 3). -5. The OS volume is selected again, and detail displays that it has been converted to the [GPT partition type](https://msdn.microsoft.com/library/windows/desktop/aa365449.aspx) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type. +5. The OS volume is selected again, and detail displays that it has been converted to the [GPT partition type](https://msdn.microsoft.com/library/windows/desktop/aa365449.aspx) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type. >As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition will boot properly. @@ -272,7 +272,7 @@ For more information about partition types, see: ### Persisting drive letter assignments -The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. **Important**: this code runs after the layout conversion has taken place, so the operation cannot be undone at this stage. +The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. **Important**: this code runs after the layout conversion has taken place, so the operation cannot be undone at this stage. The conversion tool will obtain volume unique ID data before and after the layout conversion, organizing this information into a lookup table. It will then iterate through all the entries in **HKLM\SYSTEM\MountedDevices**, and for each entry do the following: @@ -299,7 +299,7 @@ The default location for all these log files in Windows PE is **%windir%**. ### Interactive help -To view a list of options available when using the tool, type **mbr2gpt /?** +To view a list of options available when using the tool, type **mbr2gpt /?** The following text is displayed: @@ -376,7 +376,7 @@ Number Friendly Name Serial Number HealthStatus OperationalStatus To You can also view the partition type of a disk by opening the Disk Management tool, right-clicking the disk number, clicking **Properties**, and then clicking the **Volumes** tab. See the following example: -![Volumes](images/mbr2gpt-volume.PNG) +![Volumes](images/mbr2gpt-volume.png) If Windows PowerShell and Disk Management are not available, such as when you are using Windows PE, you can determine the partition type at a command prompt with the DiskPart tool. To determine the partition style from a command line, type **diskpart** and then type **list disk**. See the following example: @@ -400,7 +400,7 @@ DISKPART> list disk In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is formatted using GPT. -## Known issue +## Known issue ### MBR2GPT.exe cannot run in Windows PE @@ -425,10 +425,10 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from 2. Copy the ReAgent files and the ReAgent localization files from the Window 10, version 1903 ADK source folder to the mounted WIM. For example, if the ADK is installed to the default location of C:\Program Files (x86)\Windows Kits\10 and the Windows PE image is mounted to C:\WinPE_Mount, run the following commands from an elevated Command Prompt window: - + > [!NOTE] > You can access the ReAgent files if you have installed the User State Migration Tool (USMT) as a feature while installing Windows Assessment and Deployment Kit. - + **Command 1:** ```cmd copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgent*.*" "C:\WinPE_Mount\Windows\System32" @@ -438,20 +438,20 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from * ReAgent.admx * ReAgent.dll * ReAgent.xml - + **Command 2:** ```cmd copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\En-Us\ReAgent*.*" "C:\WinPE_Mount\Windows\System32\En-Us" - ``` + ``` This command copies two files: * ReAgent.adml * ReAgent.dll.mui > [!NOTE] > If you aren't using an English version of Windows, replace "En-Us" in the path with the appropriate string that represents the system language. - + 3. After you copy all the files, commit the changes and unmount the Windows PE WIM. MBR2GPT.exe now functions as expected in Windows PE. For information about how to unmount WIM files while committing changes, see [Unmounting an image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image). - + ## Related topics diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md index 4f3681db63..eaccfb9c9f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md @@ -2,7 +2,7 @@ title: BitLocker recovery guide (Windows 10) description: This article for IT professionals describes how to recover BitLocker keys from AD DS. ms.assetid: d0f722e9-1773-40bf-8456-63ee7a95ea14 -ms.reviewer: +ms.reviewer: ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -339,7 +339,7 @@ There are rules governing which hint is shown during the recovery (in order of p **Result:** The hint for the Microsoft Account and the custom URL are displayed. -![Example 1 of Customized BitLocker recovery screen](./images/rp-example1.PNG) +![Example 1 of Customized BitLocker recovery screen](./images/rp-example1.png) #### Example 2 (single recovery key with single backup) @@ -354,7 +354,7 @@ There are rules governing which hint is shown during the recovery (in order of p **Result:** Only the custom URL is displayed. -![Example 2 of customized BitLocker recovery screen](./images/rp-example2.PNG) +![Example 2 of customized BitLocker recovery screen](./images/rp-example2.png) #### Example 3 (single recovery key with multiple backups) @@ -369,7 +369,7 @@ There are rules governing which hint is shown during the recovery (in order of p **Result:** Only the Microsoft Account hint is displayed. -![Example 3 of customized BitLocker recovery screen](./images/rp-example3.PNG) +![Example 3 of customized BitLocker recovery screen](./images/rp-example3.png) #### Example 4 (multiple recovery passwords) @@ -399,7 +399,7 @@ There are rules governing which hint is shown during the recovery (in order of p **Result:** Only the hint for a successfully backed up key is displayed, even if it isn't the most recent key. -![Example 4 of customized BitLocker recovery screen](./images/rp-example4.PNG) +![Example 4 of customized BitLocker recovery screen](./images/rp-example4.png) #### Example 5 (multiple recovery passwords) @@ -429,7 +429,7 @@ There are rules governing which hint is shown during the recovery (in order of p **Result:** The hint for the most recent key is displayed. -![Example 5 of customized BitLocker recovery screen](./images/rp-example5.PNG) +![Example 5 of customized BitLocker recovery screen](./images/rp-example5.png) ## Using additional recovery information @@ -484,7 +484,7 @@ You can reset the recovery password in two ways: > [!WARNING] > You must include the braces in the ID string. - + **To run the sample recovery password script:** 1. Save the following sample script in a VBScript file. For example: ResetPassword.vbs. diff --git a/windows/security/information-protection/bitlocker/images/rp-example1.PNG b/windows/security/information-protection/bitlocker/images/rp-example1.png similarity index 100% rename from windows/security/information-protection/bitlocker/images/rp-example1.PNG rename to windows/security/information-protection/bitlocker/images/rp-example1.png diff --git a/windows/security/information-protection/bitlocker/images/rp-example2.PNG b/windows/security/information-protection/bitlocker/images/rp-example2.png similarity index 100% rename from windows/security/information-protection/bitlocker/images/rp-example2.PNG rename to windows/security/information-protection/bitlocker/images/rp-example2.png diff --git a/windows/security/information-protection/bitlocker/images/rp-example3.PNG b/windows/security/information-protection/bitlocker/images/rp-example3.png similarity index 100% rename from windows/security/information-protection/bitlocker/images/rp-example3.PNG rename to windows/security/information-protection/bitlocker/images/rp-example3.png diff --git a/windows/security/information-protection/bitlocker/images/rp-example4.PNG b/windows/security/information-protection/bitlocker/images/rp-example4.png similarity index 100% rename from windows/security/information-protection/bitlocker/images/rp-example4.PNG rename to windows/security/information-protection/bitlocker/images/rp-example4.png diff --git a/windows/security/information-protection/bitlocker/images/rp-example5.PNG b/windows/security/information-protection/bitlocker/images/rp-example5.png similarity index 100% rename from windows/security/information-protection/bitlocker/images/rp-example5.PNG rename to windows/security/information-protection/bitlocker/images/rp-example5.png From 092152b7dc69556812578742ff03e547865d2cfc Mon Sep 17 00:00:00 2001 From: Shari Kjerland <30906736+SKjerland@users.noreply.github.com> Date: Wed, 16 Dec 2020 17:37:07 -0800 Subject: [PATCH 15/22] Replaced hello-faq.md with .yml file As part of the FAQ-content-type pilot, I replaced the .md file with a .yml file that uses Google-defined schema. --- browsers/edge/microsoft-edge-faq.yml | 15 +- .../hello-for-business/hello-faq.md | 173 --------------- .../hello-for-business/hello-faq.yml | 209 ++++++++++++++++++ .../hello-for-business/toc.md | 2 +- 4 files changed, 220 insertions(+), 179 deletions(-) delete mode 100644 windows/security/identity-protection/hello-for-business/hello-faq.md create mode 100644 windows/security/identity-protection/hello-for-business/hello-faq.yml diff --git a/browsers/edge/microsoft-edge-faq.yml b/browsers/edge/microsoft-edge-faq.yml index 830ca09109..e6f27046bd 100644 --- a/browsers/edge/microsoft-edge-faq.yml +++ b/browsers/edge/microsoft-edge-faq.yml @@ -49,21 +49,26 @@ sections: To learn more about Microsoft's plan for phasing Flash out of Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash](https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article). - question: Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java? - answer: No, Microsoft Edge doesn't support ActiveX controls and BHOs like Silverlight or Java. If you're running web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in Internet Explorer 11. Internet Explorer 11 offers additional security, manageability, performance, backward compatibility, and standards support. + answer: | + No, Microsoft Edge doesn't support ActiveX controls and Browser Helper Objects (BHOs) like Silverlight or Java. If you're running web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in Internet Explorer 11. Internet Explorer 11 offers additional security, manageability, performance, backward compatibility, and standards support. - question: How often will Microsoft Edge be updated? - answer: In Windows 10, we're delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, while bigger feature updates are included in the Windows 10 releases on a semi-annual cadence. + answer: | + In Windows 10, we're delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, while bigger feature updates are included in the Windows 10 releases on a semi-annual cadence. - question: How can I provide feedback on Microsoft Edge? - answer: Microsoft Edge is an evergreen browser - we'll continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar. + answer: | + Microsoft Edge is an evergreen browser - we'll continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar. - question: Will Internet Explorer 11 continue to receive updates? answer: | We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge. - question: How do I find out which version of Microsoft Edge I have? - answer: In the upper-right corner of Microsoft Edge, select the ellipses icon (**...**), and then select **Settings**. Look in the **About Microsoft Edge** section to find your version. + answer: | + In the upper-right corner of Microsoft Edge, select the ellipses icon (**...**), and then select **Settings**. Look in the **About Microsoft Edge** section to find your version. - question: What is Microsoft EdgeHTML? - answer: Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform (as opposed to *Microsoft Edge, based on Chromium*). + answer: | + Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform (as opposed to *Microsoft Edge, based on Chromium*). diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md deleted file mode 100644 index 8d7088b7b7..0000000000 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ /dev/null @@ -1,173 +0,0 @@ ---- -title: Windows Hello for Business Frequently Asked Questions -description: Use these frequently asked questions (FAQ) to learn important details about Windows Hello for Business. -keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -audience: ITPro -author: mapalko -ms.author: mapalko -manager: dansimp -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium -ms.date: 08/19/2018 -ms.reviewer: ---- -# Windows Hello for Business Frequently Asked Questions - -**Applies to** -- Windows 10 - -## What about virtual smart cards? -Windows Hello for Business is the modern, two-factor credential for Windows 10. Microsoft will be deprecating virtual smart cards in the future, but no date is set at this time. Customers using Windows 10 and virtual smart cards should move to Windows Hello for Business. Microsoft will publish the date early to ensure customers have adequate lead time to move to Windows Hello for Business. Microsoft recommends new Windows 10 deployments to use Windows Hello for Business. Virtual smart card remain supported for Windows 7 and Windows 8. - -## What about convenience PIN? -Microsoft is committed to its vision of a world without passwords. We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. - -## Can I use Windows Hello for Business key trust and RDP? -RDP currently does not support using key based authentication and self signed certificates as supplied credentials. RDP with supplied credentials Windows Hello for Business is currently only supported with certificate based deployments. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard). - -## Can I deploy Windows Hello for Business using Microsoft Endpoint Configuration Manager? -Windows Hello for Business deployments using Configuration Manager should use the hybrid deployment model that uses Active Directory Federation Services. Starting in Configuration Manager version 1910, certificate-based authentication with Windows Hello for Business settings isn't supported. Key-based authentication is still valid with Configuration Manager. For more information, see [Windows Hello for Business settings in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-hello-for-business-settings). - -## How many users can enroll for Windows Hello for Business on a single Windows 10 computer? -The maximum number of supported enrollments on a single Windows 10 computer is 10. That enables 10 users to each enroll their face and up to 10 fingerprints. While we support 10 enrollments, we will strongly encourage the use of Windows Hello security keys for the shared computer scenario when they become available. - -## How can a PIN be more secure than a password? -When using Windows Hello for Business, the PIN is not a symmetric key where is the password is a symmetric key. With passwords, there is a server that has some representation of the password. With Windows Hello for Business, the PIN is user provided entropy used to load the private key in the TPM. The server does not have a copy of the PIN. For that matter, the Windows client does not have a copy of the current PIN either. The user must provide the entropy, the TPM protected key, and the TPM that generated that key to successfully have access to the private key. - -The statement "PIN is stronger than Password" is not directed at the strength of the entropy used by the PIN. It is about the difference of providing entropy vs continuing the use of a symmetric key (the password). The TPM has anti-hammering features which thwart brute-force PIN attacks (an attackers continuous attempt to try all combination of PINs). Some organizations may worry about shoulder surfing. For those organizations, rather than increased the complexity of the PIN, implement the [Multifactor Unlock](feature-multifactor-unlock.md) feature. - -## Why is the Key Admins group missing, I have Windows Server 2016 domain controller(s)? -The **Key Admins** and **Enterprise Key Admins** groups are created when you install the first Windows Server 2016 domain controller into a domain. Domain controllers running previous versions of Windows Server cannot translate the security identifier (SID) to a name. To resolve this, transfer the PDC emulator domain role to a domain controller running Windows Server 2016. - -## Can I use a convenience PIN with Azure AD? -It is currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN is not supported for Azure Active Directory user accounts (synchronized identities included). It is only supported for on-premises Domain Joined users and local account users. - -## Can I use an external camera when my laptop is closed or docked? -No. Windows 10 currently only supports one Windows Hello for Business camera and does not fluidly switch to an external camera when the computer is docked with the lid closed. The product group is aware of this and is investigating this topic further. - -## Why does authentication fail immediately after provisioning Hybrid Key Trust? -In a hybrid deployment, a user's public key must sync from Azure AD to AD before it can be used to authenticate against a domain controller. This sync is handled by Azure AD Connect and will occur during a normal sync cycle. - -## What is the password-less strategy? -Watch Principal Program Manager Karanbir Singh's Ignite 2017 presentation **Microsoft's guide for going password-less**. - -[Microsoft's password-less strategy](hello-videos.md#microsofts-passwordless-strategy) - -## What is the user experience for Windows Hello for Business? -The user experience for Windows Hello for Business occurs after user sign-in, after you deploy Windows Hello for Business policy settings to your environment. - -[Windows Hello for Business user enrollment experience](hello-videos.md#windows-hello-for-business-user-enrollment-experience) - -## What happens when my user forgets their PIN? -If the user can sign-in with a password, they can reset their PIN by clicking the "I forgot my PIN" link in settings. Beginning with Windows 10 1709, users can reset their PIN above the lock screen by clicking the "I forgot my PIN" link on the PIN credential provider. - -[Windows Hello for Business forgotten PIN user experience](hello-videos.md#windows-hello-for-business-forgotten-pin-user-experience) - -For on-premises deployments, devices must be well-connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs. Hybrid customers can on-board their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs without access to their corporate network. - -## What URLs do I need to allow for a hybrid deployment? -Communicating with Azure Active Directory uses the following URLs: -- enterpriseregistration.windows.net -- login.microsoftonline.com -- login.windows.net -- account.live.com -- accountalt.azureedge.net -- secure.aadcdn.microsoftonline-p.com - -If your environment uses Microsoft Intune, you need these additional URLs: -- enrollment.manage.microsoft.com -- portal.manage.microsoft.com - -## What is the difference between non-destructive and destructive PIN reset? -Windows Hello for Business has two types of PIN reset: non-destructive and destructive. Organizations running Windows 10 Enterprise and Azure Active Directory can take advantage of the Microsoft PIN Reset service. Once on-boarded to a tenant and deployed to computers, users who have forgotten their PINs can authenticate to Azure, provided a second factor of authentication, and reset their PIN without re-provisioning a new Windows Hello for Business enrollment. This is a non-destructive PIN reset because the user does not delete the current credential and obtain a new one. Read [PIN Reset](hello-feature-pin-reset.md) page for more information. - -Organizations that have the on-premises deployment of Windows Hello for Business, or those not using Windows 10 Enterprise can use destructive PIN reset. with destructive PIN reset, users that have forgotten their PIN can authenticate using their password, perform a second factor of authentication to re-provision their Windows Hello for Business credential. Re-provisioning deletes the old credential and requests a new credential and certificate. On-premises deployments need network connectivity to their domain controllers, Active Directory Federation Services, and their issuing certificate authority to perform a destructive PIN reset. Also, for hybrid deployments, destructive PIN reset is only supported with the certificate trust model and the latest updates to Active Directory Federation Services. - -## Which is better or more secure: Key trust or Certificate trust? -The trust models of your deployment determine how you authenticate to Active Directory (on-premises). Both key trust and certificate trust use the same hardware-backed, two-factor credential. The difference between the two trust types are: -- Required domain controllers -- Issuing end entity certificates - -The **key trust** model authenticates to Active Directory using a raw key. Windows Server 2016 domain controllers enables this authentication. Key trust authenticate does not require an enterprise issued certificate, therefore you do not need to issue certificates to your end users (domain controller certificates are still needed). - -The **certificate trust** model authenticates to Active Directory using a certificate. Because this authentication uses a certificate, domain controllers running previous versions of Windows Server can authenticate the user. Therefore, you need to issue certificates to your end users, but you do not need Windows Server 2016 domain controllers. The certificate used in certificate trust uses the TPM protected private key to request a certificate from your enterprise's issuing certificate authority. - -## Do I need Windows Server 2016 domain controllers? -There are many deployment options from which to choose. Some of those options require an adequate number of Windows Server 2016 domain controllers in the site where you have deployed Windows Hello for Business. There are other deployment options that use existing Windows Server 2008 R2 or later domain controllers. Choose the deployment option that best suits your environment. - -## What attributes are synchronized by Azure AD Connect with Windows Hello for Business? -Review [Azure AD Connect sync: Attributes synchronized to Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized) for a list of attributes that are sync based on scenarios. The base scenarios that include Windows Hello for Business are [Windows 10](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized#windows-10) scenario and the [Device writeback](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized#device-writeback) scenario. Your environment may include additional attributes. - -## Is Windows Hello for Business multifactor authentication? -Windows Hello for Business is two-factor authentication based on the observed authentication factors of: something you have, something you know, and something part of you. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. Using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor". - -## What are the biometric requirements for Windows Hello for Business? -Read [Windows Hello biometric requirements](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-biometric-requirements) for more information. - -## Can I use both a PIN and biometrics to unlock my device? -Starting in Windows 10, version 1709, you can use multi-factor unlock to require the user to provide an additional factor to unlock the device. Authentication remains two-factor, but another factor is required before Windows allows the user to reach the desktop. Read more about [multifactor unlock](feature-multifactor-unlock.md). - -## What is the difference between Windows Hello and Windows Hello for Business? -Windows Hello represents the biometric framework provided in Windows 10. Windows Hello enables users to use biometrics to sign into their devices by securely storing their user name and password and releasing it for authentication when the user successfully identifies themselves using biometrics. Windows Hello for Business uses asymmetric keys protected by the device's security module that requires a user gesture (PIN or biometrics) to authenticate. - -## Why can't I enroll biometrics for my local built-in Administrator? -Windows 10 does not allow the local administrator to enroll biometric gestures (face or fingerprint). - -## I have extended Active Directory to Azure Active Directory. Can I use the on-premises deployment model? -No. If your organization is federated or using on-line services, such as Azure AD Connect, Office 365, or OneDrive, then you must use a hybrid deployment model. On-premises deployments are exclusive to organization who need more time before moving to the cloud and exclusively use Active Directory. - -## Does Windows Hello for Business prevent the use of simple PINs? -Yes. Our simple PIN algorithm looks for and disallows any PIN that has a constant delta from one digit to the next. The algorithm counts the number of steps required to reach the next digit, overflowing at ten ('zero'). -So, for example: -* The PIN 1111 has a constant delta of (0,0,0), so it is not allowed -* The PIN 1234 has a constant delta of (1,1,1), so it is not allowed -* The PIN 1357 has a constant delta of (2,2,2), so it is not allowed -* The PIN 9630 has a constant delta of (7,7,7), so it is not allowed -* The PIN 1593 has a constant delta of (4,4,4), so it is not allowed -* The PIN 7036 has a constant delta of (3,3,3), so it is not allowed -* The PIN 1231 does not have a constant delta (1,1,8), so it is allowed -* The PIN 1872 does not have a constant delta (7,9,5), so it is allowed - -This prevents repeating numbers, sequential numbers, and simple patterns. -It always results in a list of 100 disallowed PINs (independent of the PIN length). -This algorithm does not apply to alphanumeric PINs. - -## How does PIN caching work with Windows Hello for Business? - -Windows Hello for Business provides a PIN caching user experience using a ticketing system. Rather than caching a PIN, processes cache a ticket they can use to request private key operations. Azure AD and Active Directory sign-in keys are cached under lock. This means the keys remain available for use without prompting as long as the user is interactively signed-in. Microsoft Account sign-in keys are considered transactional keys, which means the user is always prompted when accessing the key. - -Beginning with Windows 10, version 1709, Windows Hello for Business used as a smart card (smart card emulation that is enabled by default) provides the same user experience of default smart card PIN caching. Each process requesting a private key operation will prompt the user for the PIN on first use. Subsequent private key operations will not prompt the user for the PIN. - -The smart card emulation feature of Windows Hello for Business verifies the PIN and then discards the PIN in exchange for a ticket. The process does not receive the PIN, but rather the ticket that grants them private key operations. Windows 10 does not provide any Group Policy settings to adjust this caching. - -## Can I disable the PIN while using Windows Hello for Business? -No. The movement away from passwords is accomplished by gradually reducing the use of the password. In the occurrence where you cannot authenticate with biometrics, you need a fallback mechanism that is not a password. The PIN is the fallback mechanism. Disabling or hiding the PIN credential provider will disable the use of biometrics. - -## How are keys protected? -Wherever possible, Windows Hello for Business takes advantage of trusted platform module (TPM) 2.0 hardware to generate and protect keys. However, Windows Hello and Windows Hello for Business does not require a TPM. Administrators can choose to allow key operations in software. - -Whenever possible, Microsoft strongly recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. The TPM provides an additional layer of protection after an account lockout, too. When the TPM has locked the key material, the user will have to reset the PIN (which means he or she will have to use MFA to re-authenticate to the IDP before the IDP allows him or her to re-register). - -## Can Windows Hello for Business work in air-gapped environments? -Yes. You can use the on-premises Windows Hello for Business deployment and combine it with a third-party MFA provider that does not require Internet connectivity to achieve an air-gapped Windows Hello for Business deployment. - -## Can I use third-party authentication providers with Windows Hello for Business? -Yes, if you are federated hybrid deployment, you can use any third-party that provides an Active Directory Federation Services (AD FS) multi-factor authentication adapter. A list of third-party MFA adapters can be found [here](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods). - -## Does Windows Hello for Business work with third party federation servers? -Windows Hello for Business can work with any third-party federation servers that support the protocols used during provisioning experience. Interested third-parties can inquiry at [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration). - -| Protocol | Description | -| :---: | :--- | -| [[MS-KPP]: Key Provisioning Protocol](https://msdn.microsoft.com/library/mt739755.aspx) | Specifies the Key Provisioning Protocol, which defines a mechanism for a client to register a set of cryptographic keys on a user and device pair. | -| [[MS-OAPX]: OAuth 2.0 Protocol Extensions](https://msdn.microsoft.com/library/dn392779.aspx)| Specifies the OAuth 2.0 Protocol Extensions, which are used to extend the OAuth 2.0 Authorization Framework. These extensions enable authorization features such as resource specification, request identifiers, and login hints. | -| [[MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients](https://msdn.microsoft.com/library/mt590278.aspx) | Specifies the OAuth 2.0 Protocol Extensions for Broker Clients, extensions to RFC6749 (The OAuth 2.0 Authorization Framework) that allow a broker client to obtain access tokens on behalf of calling clients. | -| [[MS-OIDCE]: OpenID Connect 1.0 Protocol Extensions](https://msdn.microsoft.com/library/mt766592.aspx) | Specifies the OpenID Connect 1.0 Protocol Extensions. These extensions define additional claims to carry information about the end user, including the user principal name, a locally unique identifier, a time for password expiration, and a URL for password change. These extensions also define additional provider meta-data that enable the discovery of the issuer of access tokens and give additional information about provider capabilities. | - -## Does Windows Hello for Business work with Mac and Linux clients? -Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third parties who are interested in moving these platforms away from passwords. Interested third parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration). diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml new file mode 100644 index 0000000000..d4db9fb009 --- /dev/null +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -0,0 +1,209 @@ +### YamlMime:FAQ +metadata: + title: Windows Hello for Business Frequently Asked Questions + description: Use these frequently asked questions (FAQ) to learn important details about Windows Hello for Business. + keywords: identity, PIN, biometric, Hello, passport + ms.prod: w10 + ms.mktglfcycl: deploy + ms.sitesec: library + ms.pagetype: security, mobile + audience: ITPro + author: mapalko + ms.author: mapalko + manager: dansimp + ms.collection: M365-identity-device-management + ms.topic: article + localizationpriority: medium + ms.date: 08/19/2018 + ms.reviewer: + +title: Windows Hello for Business Frequently Asked Questions +summary: | + **Applies to** + - Windows 10 + + +sections: + - name: Ignored + questions: + - question: What about virtual smart cards? + answer: | + Windows Hello for Business is the modern, two-factor credential for Windows 10. Microsoft will be deprecating virtual smart cards in the future, but no date is set at this time. Customers using Windows 10 and virtual smart cards should move to Windows Hello for Business. Microsoft will publish the date early to ensure customers have adequate lead time to move to Windows Hello for Business. Microsoft recommends that new Windows 10 deployments use Windows Hello for Business. Virtual smart card remain supported for Windows 7 and Windows 8. + + - question: What about convenience PIN? + answer: | + Microsoft is committed to its vision of a world without passwords. We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends that customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. + + - question: Can I use Windows Hello for Business key trust and RDP? + answer: | + Remote Desktop Protocol (RDP) does not currently support using key-based authentication and self-signed certificates as supplied credentials. RDP with supplied credentials is currently only supported with certificate-based deployments. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard). + + - question: Can I deploy Windows Hello for Business by using Microsoft Endpoint Configuration Manager? + answer: | + Windows Hello for Business deployments using Configuration Manager should follow the hybrid deployment model that uses Active Directory Federation Services. Starting in Configuration Manager version 1910, certificate-based authentication with Windows Hello for Business settings isn't supported. Key-based authentication is still valid with Configuration Manager. For more information, see [Windows Hello for Business settings in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-hello-for-business-settings). + + - question: How many users can enroll for Windows Hello for Business on a single Windows 10 computer? + answer: | + The maximum number of supported enrollments on a single Windows 10 computer is 10. This lets 10 users each enroll their face and up to 10 fingerprints. While we support 10 enrollments, we will strongly encourage the use of Windows Hello security keys for the shared computer scenario when they become available. + + - question: How can a PIN be more secure than a password? + answer: | + When using Windows Hello for Business, the PIN is not a symmetric key, whereas the password is a symmetric key. With passwords, there's a server that has some representation of the password. With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). The server does not have a copy of the PIN. For that matter, the Windows client does not have a copy of the current PIN either. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key. + + The statement "PIN is stronger than Password" is not directed at the strength of the entropy used by the PIN. It's about the difference between providing entropy versus continuing the use of a symmetric key (the password). The TPM has anti-hammering features that thwart brute-force PIN attacks (an attacker's continuous attempt to try all combination of PINs). Some organizations may worry about shoulder surfing. For those organizations, rather than increase the complexity of the PIN, implement the [Multifactor Unlock](feature-multifactor-unlock.md) feature. + + - question: I have Windows Server 2016 domain controller(s), so why is the Key Admins group missing? + answer: | + The **Key Admins** and **Enterprise Key Admins** groups are created when you install the first Windows Server 2016 domain controller into a domain. Domain controllers running previous versions of Windows Server cannot translate the security identifier (SID) to a name. To resolve this, transfer the PDC emulator domain role to a domain controller running Windows Server 2016. + + - question: Can I use a convenience PIN with Azure Active Directory? + answer: | + It's currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN is not supported for Azure Active Directory user accounts (synchronized identities included). It's only supported for on-premises Domain Joined users and local account users. + + - question: Can I use an external camera when my laptop is closed or docked? + answer: | + No. Windows 10 currently only supports one Windows Hello for Business camera and does not fluidly switch to an external camera when the computer is docked with the lid closed. The product group is aware of this and is investigating this topic further. + + - question: Why does authentication fail immediately after provisioning Hybrid Key Trust? + answer: | + In a hybrid deployment, a user's public key must sync from Azure AD to AD before it can be used to authenticate against a domain controller. This sync is handled by Azure AD Connect and will occur during a normal sync cycle. + + - question: What is the password-less strategy? + answer: | + Watch Principal Program Manager Karanbir Singh's **Microsoft's guide for going password-less** Ignite 2017 presentation. + + [Microsoft's password-less strategy](hello-videos.md#microsofts-passwordless-strategy) + + - question: What is the user experience for Windows Hello for Business? + answer: | + The user experience for Windows Hello for Business occurs after user sign-in, after you deploy Windows Hello for Business policy settings to your environment. + + [Windows Hello for Business user enrollment experience](hello-videos.md#windows-hello-for-business-user-enrollment-experience) + + - question: What happens when a user forgets their PIN? + answer: | + If the user can sign-in with a password, they can reset their PIN by selecting the "I forgot my PIN" link under Settings. Beginning with Windows 10 1709, users can reset their PIN above the lock screen by selecting the "I forgot my PIN" link on the PIN credential provider. + + [Windows Hello for Business forgotten PIN user experience](hello-videos.md#windows-hello-for-business-forgotten-pin-user-experience) + + For on-premises deployments, devices must be well-connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs. Hybrid customers can on-board their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs without access to their corporate network. + + - question: What URLs do I need to allow for a hybrid deployment? + answer: | + Communicating with Azure Active Directory uses the following URLs: + - enterpriseregistration.windows.net + - login.microsoftonline.com + - login.windows.net + - account.live.com + - accountalt.azureedge.net + - secure.aadcdn.microsoftonline-p.com + + If your environment uses Microsoft Intune, you need these additional URLs: + - enrollment.manage.microsoft.com + - portal.manage.microsoft.com + + - question: What is the difference between non-destructive and destructive PIN reset? + answer: | + Windows Hello for Business has two types of PIN reset: non-destructive and destructive. Organizations running Windows 10 Enterprise and Azure Active Directory can take advantage of the Microsoft PIN Reset service. Once onboarded to a tenant and deployed to computers, users who have forgotten their PINs can authenticate to Azure, provide a second factor of authentication, and reset their PIN without re-provisioning a new Windows Hello for Business enrollment. This is a non-destructive PIN reset because the user doesn't delete the current credential and obtain a new one. For more information, see [PIN Reset](hello-feature-pin-reset.md). + + Organizations that have the on-premises deployment of Windows Hello for Business, or those not using Windows 10 Enterprise can use destructive PIN reset. With destructive PIN reset, users that have forgotten their PIN can authenticate by using their password and then performing a second factor of authentication to re-provision their Windows Hello for Business credential. Re-provisioning deletes the old credential and requests a new credential and certificate. On-premises deployments need network connectivity to their domain controllers, Active Directory Federation Services, and their issuing certificate authority to perform a destructive PIN reset. Also, for hybrid deployments, destructive PIN reset is only supported with the certificate trust model and the latest updates to Active Directory Federation Services. + + - question: | + Which is better or more secure: key trust or certificate trust? + answer: | + The trust models of your deployment determine how you authenticate to Active Directory (on-premises). Both key trust and certificate trust use the same hardware-backed, two-factor credential. The difference between the two trust types are: + - Required domain controllers + - Issuing end entity certificates + + The **key trust** model authenticates to Active Directory by using a raw key. Windows Server 2016 domain controllers enable this authentication. Key trust authenticate does not require an enterprise issued certificate, therefore you don't need to issue certificates to users (domain controller certificates are still needed). + + The **certificate trust** model authenticates to Active Directory by using a certificate. Because this authentication uses a certificate, domain controllers running previous versions of Windows Server can authenticate the user. Therefore, you need to issue certificates to users, but you don't need Windows Server 2016 domain controllers. The certificate used in certificate trust uses the TPM-protected private key to request a certificate from your enterprise's issuing certificate authority. + + - question: Do I need Windows Server 2016 domain controllers? + answer: | + There are many deployment options from which to choose. Some of those options require an adequate number of Windows Server 2016 domain controllers in the site where you've deployed Windows Hello for Business. There are other deployment options that use existing Windows Server 2008 R2 or later domain controllers. Choose the deployment option that best suits your environment. + + - question: What attributes are synchronized by Azure AD Connect with Windows Hello for Business? + answer: | + Review [Azure AD Connect sync: Attributes synchronized to Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized) for a list of attributes that sync based on scenarios. The base scenarios that include Windows Hello for Business are the [Windows 10](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized#windows-10) scenario and the [Device writeback](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized#device-writeback) scenario. Your environment may include additional attributes. + + - question: Is Windows Hello for Business multifactor authentication? + answer: | + Windows Hello for Business is two-factor authentication based on the observed authentication factors of: something you have, something you know, and something that's part of you. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. By using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor". + + - question: What are the biometric requirements for Windows Hello for Business? + answer: | + Read [Windows Hello biometric requirements](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-biometric-requirements) for more information. + + - question: Can I use both a PIN and biometrics to unlock my device? + answer: | + Starting in Windows 10, version 1709, you can use multi-factor unlock to require users to provide an additional factor to unlock their device. Authentication remains two-factor, but another factor is required before Windows allows the user to reach the desktop. To learn more, see [Multifactor Unlock](feature-multifactor-unlock.md). + + - question: What's the difference between Windows Hello and Windows Hello for Business? + answer: | + Windows Hello represents the biometric framework provided in Windows 10. Windows Hello lets users use biometrics to sign in to their devices by securely storing their user name and password and releasing it for authentication when the user successfully identifies themselves using biometrics. Windows Hello for Business uses asymmetric keys protected by the device's security module that requires a user gesture (PIN or biometrics) to authenticate. + + - question: Why can't I enroll biometrics for my local, built-in administrator? + answer: | + Windows 10 does not allow the local administrator to enroll biometric gestures (face or fingerprint). + + - question: I have extended Active Directory to Azure Active Directory. Can I use the on-premises deployment model? + answer: | + No. If your organization is federated or using online services, such as Azure AD Connect, Office 365, or OneDrive, then you must use a hybrid deployment model. On-premises deployments are exclusive to organizations who need more time before moving to the cloud and exclusively use Active Directory. + + - question: Does Windows Hello for Business prevent the use of simple PINs? + answer: | + Yes. Our simple PIN algorithm looks for and disallows any PIN that has a constant delta from one digit to the next. The algorithm counts the number of steps required to reach the next digit, overflowing at ten ('zero'). + So, for example: + + - The PIN 1111 has a constant delta of (0,0,0), so it is not allowed + - The PIN 1234 has a constant delta of (1,1,1), so it is not allowed + - The PIN 1357 has a constant delta of (2,2,2), so it is not allowed + - The PIN 9630 has a constant delta of (7,7,7), so it is not allowed + - The PIN 1593 has a constant delta of (4,4,4), so it is not allowed + - The PIN 7036 has a constant delta of (3,3,3), so it is not allowed + - The PIN 1231 does not have a constant delta (1,1,8), so it is allowed + - The PIN 1872 does not have a constant delta (7,9,5), so it is allowed + + This prevents repeating numbers, sequential numbers, and simple patterns. It always results in a list of 100 disallowed PINs (independent of the PIN length). This algorithm does not apply to alphanumeric PINs. + + - question: How does PIN caching work with Windows Hello for Business? + answer: | + Windows Hello for Business provides a PIN caching user experience by using a ticketing system. Rather than caching a PIN, processes cache a ticket they can use to request private key operations. Azure AD and Active Directory sign-in keys are cached under lock. This means the keys remain available for use without prompting, as long as the user is interactively signed-in. Microsoft Account sign-in keys are considered transactional keys, which means the user is always prompted when accessing the key. + + Beginning with Windows 10, version 1709, Windows Hello for Business used as a smart card (smart card emulation that is enabled by default) provides the same user experience of default smart card PIN caching. Each process requesting a private key operation will prompt the user for the PIN on first use. Subsequent private key operations will not prompt the user for the PIN. + + The smart card emulation feature of Windows Hello for Business verifies the PIN and then discards the PIN in exchange for a ticket. The process does not receive the PIN, but rather the ticket that grants them private key operations. Windows 10 does not provide any Group Policy settings to adjust this caching. + + - question: Can I disable the PIN while using Windows Hello for Business? + answer: | + No. The movement away from passwords is accomplished by gradually reducing the use of the password. In situations where you can't authenticate by using biometrics, you need a fallback mechanism that is not a password. The PIN is the fallback mechanism. Disabling or hiding the PIN credential provider will disable the use of biometrics. + + - question: How are keys protected? + answer: | + Wherever possible, Windows Hello for Business takes advantage of Trusted Platform Module (TPM) 2.0 hardware to generate and protect keys. However, Windows Hello and Windows Hello for Business do not require a TPM. Administrators can choose to allow key operations in software. + + Whenever possible, Microsoft strongly recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. The TPM provides an additional layer of protection after an account lockout, too. When the TPM has locked the key material, the user will need to reset the PIN (which means they'll need to use MFA to re-authenticate to the IDP before the IDP allows them to re-register). + + - question: Can Windows Hello for Business work in air-gapped environments? + answer: | + Yes. You can use the on-premises Windows Hello for Business deployment and combine it with a third-party MFA provider that does not require internet connectivity to achieve an air-gapped Windows Hello for Business deployment. + + - question: Can I use third-party authentication providers with Windows Hello for Business? + answer: | + Yes, if you're using federated hybrid deployment, you can use any third-party that provides an Active Directory Federation Services (AD FS) multi-factor authentication adapter. A list of third-party MFA adapters can be found [here](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods). + + - question: Does Windows Hello for Business work with third party federation servers? + answer: | + Windows Hello for Business works with any third-party federation servers that support the protocols used during the provisioning experience. Interested third-parties can inquiry at [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration). + + | Protocol | Description | + | :---: | :--- | + | [[MS-KPP]: Key Provisioning Protocol](https://msdn.microsoft.com/library/mt739755.aspx) | Specifies the Key Provisioning Protocol, which defines a mechanism for a client to register a set of cryptographic keys on a user and device pair. | + | [[MS-OAPX]: OAuth 2.0 Protocol Extensions](https://msdn.microsoft.com/library/dn392779.aspx)| Specifies the OAuth 2.0 Protocol Extensions, which are used to extend the OAuth 2.0 Authorization Framework. These extensions enable authorization features such as resource specification, request identifiers, and login hints. | + | [[MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients](https://msdn.microsoft.com/library/mt590278.aspx) | Specifies the OAuth 2.0 Protocol Extensions for Broker Clients, extensions to RFC6749 (the OAuth 2.0 Authorization Framework) that allow a broker client to obtain access tokens on behalf of calling clients. | + | [[MS-OIDCE]: OpenID Connect 1.0 Protocol Extensions](https://msdn.microsoft.com/library/mt766592.aspx) | Specifies the OpenID Connect 1.0 Protocol Extensions. These extensions define additional claims to carry information about the user, including the user principal name, a locally unique identifier, a time for password expiration, and a URL for password change. These extensions also define additional provider meta-data that enables the discovery of the issuer of access tokens and gives additional information about provider capabilities. | + + - question: Does Windows Hello for Business work with Mac and Linux clients? + answer: | + Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third-parties who are interested in moving these platforms away from passwords. Interested third-parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration). \ No newline at end of file diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md index 8ec19c126f..3913ea8734 100644 --- a/windows/security/identity-protection/hello-for-business/toc.md +++ b/windows/security/identity-protection/hello-for-business/toc.md @@ -63,7 +63,7 @@ ## [Windows Hello and password changes](hello-and-password-changes.md) ## [Prepare people to use Windows Hello](hello-prepare-people-to-use.md) -## [Windows Hello for Business Frequently Asked Questions (FAQ)](hello-faq.md) +## [Windows Hello for Business Frequently Asked Questions (FAQ)](hello-faq.yml) ### [Windows Hello for Business Videos](hello-videos.md) ## [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md) From 6d992ebbf491e2b1b06dd6996f090bd2820d1971 Mon Sep 17 00:00:00 2001 From: Shari Kjerland <30906736+SKjerland@users.noreply.github.com> Date: Wed, 16 Dec 2020 17:54:44 -0800 Subject: [PATCH 16/22] Minor fixes --- browsers/edge/microsoft-edge-faq.yml | 2 +- .../hello-for-business/hello-faq.yml | 13 ++++++------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/browsers/edge/microsoft-edge-faq.yml b/browsers/edge/microsoft-edge-faq.yml index e6f27046bd..2cf801b44d 100644 --- a/browsers/edge/microsoft-edge-faq.yml +++ b/browsers/edge/microsoft-edge-faq.yml @@ -15,7 +15,7 @@ metadata: title: Frequently Asked Questions (FAQs) for IT Pros summary: | - >Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile + Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile > [!NOTE] > You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index d4db9fb009..92e87082b1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -19,8 +19,7 @@ metadata: title: Windows Hello for Business Frequently Asked Questions summary: | - **Applies to** - - Windows 10 + Applies to: Windows 10 sections: @@ -64,7 +63,7 @@ sections: answer: | No. Windows 10 currently only supports one Windows Hello for Business camera and does not fluidly switch to an external camera when the computer is docked with the lid closed. The product group is aware of this and is investigating this topic further. - - question: Why does authentication fail immediately after provisioning Hybrid Key Trust? + - question: Why does authentication fail immediately after provisioning hybrid key trust? answer: | In a hybrid deployment, a user's public key must sync from Azure AD to AD before it can be used to authenticate against a domain controller. This sync is handled by Azure AD Connect and will occur during a normal sync cycle. @@ -82,7 +81,7 @@ sections: - question: What happens when a user forgets their PIN? answer: | - If the user can sign-in with a password, they can reset their PIN by selecting the "I forgot my PIN" link under Settings. Beginning with Windows 10 1709, users can reset their PIN above the lock screen by selecting the "I forgot my PIN" link on the PIN credential provider. + If the user can sign-in with a password, they can reset their PIN by selecting the "I forgot my PIN" link in Settings. Beginning with Windows 10 1709, users can reset their PIN above the lock screen by selecting the "I forgot my PIN" link on the PIN credential provider. [Windows Hello for Business forgotten PIN user experience](hello-videos.md#windows-hello-for-business-forgotten-pin-user-experience) @@ -102,7 +101,7 @@ sections: - enrollment.manage.microsoft.com - portal.manage.microsoft.com - - question: What is the difference between non-destructive and destructive PIN reset? + - question: What's the difference between non-destructive and destructive PIN reset? answer: | Windows Hello for Business has two types of PIN reset: non-destructive and destructive. Organizations running Windows 10 Enterprise and Azure Active Directory can take advantage of the Microsoft PIN Reset service. Once onboarded to a tenant and deployed to computers, users who have forgotten their PINs can authenticate to Azure, provide a second factor of authentication, and reset their PIN without re-provisioning a new Windows Hello for Business enrollment. This is a non-destructive PIN reset because the user doesn't delete the current credential and obtain a new one. For more information, see [PIN Reset](hello-feature-pin-reset.md). @@ -193,9 +192,9 @@ sections: answer: | Yes, if you're using federated hybrid deployment, you can use any third-party that provides an Active Directory Federation Services (AD FS) multi-factor authentication adapter. A list of third-party MFA adapters can be found [here](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods). - - question: Does Windows Hello for Business work with third party federation servers? + - question: Does Windows Hello for Business work with third-party federation servers? answer: | - Windows Hello for Business works with any third-party federation servers that support the protocols used during the provisioning experience. Interested third-parties can inquiry at [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration). + Windows Hello for Business works with any third-party federation servers that support the protocols used during the provisioning experience. Interested third-parties can inquiry at [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration).

| Protocol | Description | | :---: | :--- | From fc5ce1e0f586ff8ef5e46eff8bc639a509c51de6 Mon Sep 17 00:00:00 2001 From: Shari Kjerland <30906736+SKjerland@users.noreply.github.com> Date: Wed, 16 Dec 2020 18:03:55 -0800 Subject: [PATCH 17/22] Minor fixes --- browsers/edge/TOC.md | 2 +- browsers/edge/microsoft-edge-faq.yml | 4 ++-- .../identity-protection/hello-for-business/hello-faq.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md index 0f0c4989e5..bae1f59877 100644 --- a/browsers/edge/TOC.md +++ b/browsers/edge/TOC.md @@ -28,6 +28,6 @@ ## [Change history for Microsoft Edge](change-history-for-microsoft-edge.md) -## [Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.yml) +## [Microsoft Edge Frequently Asked Questions (FAQ)](microsoft-edge-faq.yml) diff --git a/browsers/edge/microsoft-edge-faq.yml b/browsers/edge/microsoft-edge-faq.yml index 2cf801b44d..751f40f4ea 100644 --- a/browsers/edge/microsoft-edge-faq.yml +++ b/browsers/edge/microsoft-edge-faq.yml @@ -1,6 +1,6 @@ ### YamlMime:FAQ metadata: - title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros + title: Microsoft Edge - Frequently Asked Questions (FAQ) for IT Pros ms.reviewer: audience: itpro manager: dansimp @@ -13,7 +13,7 @@ metadata: ms.sitesec: library ms.localizationpriority: medium -title: Frequently Asked Questions (FAQs) for IT Pros +title: Frequently Asked Questions (FAQ) for IT Pros summary: | Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 92e87082b1..aae7b07f4a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -1,6 +1,6 @@ ### YamlMime:FAQ metadata: - title: Windows Hello for Business Frequently Asked Questions + title: Windows Hello for Business Frequently Asked Questions (FAQ) description: Use these frequently asked questions (FAQ) to learn important details about Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 @@ -17,7 +17,7 @@ metadata: ms.date: 08/19/2018 ms.reviewer: -title: Windows Hello for Business Frequently Asked Questions +title: Windows Hello for Business Frequently Asked Questions (FAQ) summary: | Applies to: Windows 10 From 502d130ba44ff4fa7a87339f3eac1acfc3bc4e44 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Thu, 17 Dec 2020 11:04:09 +0530 Subject: [PATCH 18/22] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 232e9788e4..3bb0a16e42 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -29,7 +29,7 @@ For organizational purposes, individual built-in firewall rules are categorized - Remote Desktop – User-Mode (UDP-In) -Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the firewall interface (wf.msc). This is achieved by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group @@ -38,6 +38,6 @@ Get-NetFirewallRule -Group > [!NOTE] > It is recommended to enable an entire group instead of individual rules if the expectation is that the ruleset is going to be migrated at some point. -To avoid unexpected behaviors it is recommended to enable/disable all of the rules within a group as opposed to just one or two of the individual rules. This is because while groups are used to organize rules and allow batch rule modification by type, they also represents the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. +To avoid unexpected behaviors, it is recommended to enable/disable all of the rules within a group as opposed to just one or two of the individual rules. This is because while groups are used to organize rules and allow batch rule modification by type, they also represent the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host. From fbc556f129b74778145c53443ad905fae3d8648e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 17 Dec 2020 06:26:27 -0800 Subject: [PATCH 19/22] Update md-app-guard-overview.md --- .../md-app-guard-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 62c8df613c..a8678eba15 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 12/10/2020 +ms.date: 12/17/2020 ms.reviewer: manager: dansimp ms.custom: asr From 926e4e9fa9eb38b2eedfa6801645652caceac40b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 17 Dec 2020 06:28:18 -0800 Subject: [PATCH 20/22] Update md-app-guard-overview.md --- .../md-app-guard-overview.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index a8678eba15..2a63557e33 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -24,16 +24,14 @@ Microsoft Defender Application Guard (Application Guard) is designed to help pre For Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted. If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container. -For Microsoft Office, Application Guard helps prevents untrusted Word, Powerpoint and Excel files from accessing trusted resources, by opening these files in an isolated Hyper-V-enabled container. - -The isolated Hyper-V container is separate from the host operating system. This container isolation means that if the untrusted site or file turns out to be malicious, the host PC is protected, and the attacker can't get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials. +For Microsoft Office, Application Guard helps prevents untrusted Word, PowerPoint and Excel files from accessing trusted resources. Application Guard opens untrusted files in an isolated Hyper-V-enabled container. The isolated Hyper-V container is separate from the host operating system. This container isolation means that if the untrusted site or file turns out to be malicious, the host device is protected, and the attacker can't get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials. ![Hardware isolation diagram](images/appguard-hardware-isolation.png) ### What types of devices should use Application Guard? -Application Guard has been created to target several types of systems: +Application Guard has been created to target several types of devices: - **Enterprise desktops**. These desktops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network. From e68dbc8f3b979714c559bd4cc7855d2fd8ea3da9 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 17 Dec 2020 10:02:35 -0800 Subject: [PATCH 21/22] Update firewall-settings-lost-on-upgrade.md --- .../firewall-settings-lost-on-upgrade.md | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 3bb0a16e42..c793caf0f3 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -15,29 +15,27 @@ ms.collection: ms.topic: troubleshooting --- -# Firewall settings lost on upgrade +# Troubleshooting Windows Firewall settings that are missing after an upgrade -This article describes a scenario where previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. +This article describes a scenario where previously enabled firewall rules revert to disabled after upgrading to a new version of Windows. ## Rule groups -For organizational purposes, individual built-in firewall rules are categorized within a group. For example, the following rules form part of the Remote Desktop group. +To help you organize your list, individual built-in firewall rules are categorized within a group. For example, the following rules form part of the Remote Desktop group. - Remote Desktop – Shadow (TCP-In) - - Remote Desktop – User Mode (TCP-In) - - Remote Desktop – User-Mode (UDP-In) -Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the firewall interface (wf.msc). This is achieved by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other group examples include **core networking**, **file and print sharing**, and **network discovery**. Grouping allows admins to manage sets of similar rules by filtering on categories in the firewall interface (wf.msc). Do this by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**. Optionally, you can use PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group ``` > [!NOTE] -> It is recommended to enable an entire group instead of individual rules if the expectation is that the ruleset is going to be migrated at some point. +> We recommend to enable or disable an entire group instead of individual rules. -To avoid unexpected behaviors, it is recommended to enable/disable all of the rules within a group as opposed to just one or two of the individual rules. This is because while groups are used to organize rules and allow batch rule modification by type, they also represent the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. +We recommended that you enable/disable all of the rules within a group instead of one or two individual rules. This is because groups are not only used to organize rules and allow batch rule modification by type, but they also represent a 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. -Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host. +For example, using the Remote Desktop group consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain a clean out-of-the-box configuration. This scenario brings with it the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host. From 474f267b8a7342e5525745125fd67885650ab5ab Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 17 Dec 2020 11:25:07 -0800 Subject: [PATCH 22/22] acrolinx --- .../firewall-settings-lost-on-upgrade.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index c793caf0f3..c5ebe7fbf7 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -1,5 +1,5 @@ --- -title: Firewall settings lost on upgrade +title: Troubleshooting Windows Firewall settings after a Windows upgrade description: Firewall settings lost on upgrade ms.reviewer: ms.author: v-bshilpa @@ -15,9 +15,9 @@ ms.collection: ms.topic: troubleshooting --- -# Troubleshooting Windows Firewall settings that are missing after an upgrade +# Troubleshooting Windows Firewall settings after a Windows upgrade -This article describes a scenario where previously enabled firewall rules revert to disabled after upgrading to a new version of Windows. +Use this article to troubleshoot firewall settings that are turned off after upgrading to a new version of Windows. ## Rule groups @@ -34,8 +34,8 @@ Get-NetFirewallRule -Group ``` > [!NOTE] -> We recommend to enable or disable an entire group instead of individual rules. +> Microsoft recommends to enable or disable an entire group instead of individual rules. -We recommended that you enable/disable all of the rules within a group instead of one or two individual rules. This is because groups are not only used to organize rules and allow batch rule modification by type, but they also represent a 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. +Microsoft recommends that you enable/disable all of the rules within a group instead of one or two individual rules. This is because groups are not only used to organize rules and allow batch rule modification by type, but they also represent a 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. -For example, using the Remote Desktop group consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain a clean out-of-the-box configuration. This scenario brings with it the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host. +For example, the Remote Desktop group consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group to maintain a clean, out-of-the-box configuration. This scenario has the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host.